#include "lutil_ldap.h"
#include "ldap_defaults.h"
+#include "ldap_pvt.h"
#include "common.h"
#endif
int use_tls = 0;
+int assertctl;
char *assertion = NULL;
char *authzid = NULL;
int manageDSAit = 0;
int noop = 0;
+int preread = 0;
+char *preread_attrs = NULL;
+int postread = 0;
+char *postread_attrs = NULL;
int not = 0;
int want_bindpw = 0;
N_(" -d level set LDAP debugging level to `level'\n"),
N_(" -D binddn bind DN\n"),
N_(" -e [!]<ctrl>[=<ctrlparam>] general controls (! indicates criticality)\n")
-N_(" [!]assert=<filter> (an RFC 2254 Filter)\n")
-N_(" [!]authzid=<authzid> (\"dn:<dn>\" or \"u:<user>\")\n")
-N_(" [!]manageDSAit (alternate form, see -M)\n")
+N_(" [!]assert=<filter> (an RFC 2254 Filter)\n")
+N_(" [!]authzid=<authzid> (\"dn:<dn>\" or \"u:<user>\")\n")
+N_(" [!]manageDSAit\n")
N_(" [!]noop\n"),
+N_(" [!]postread[=<attrs>] (a comma-separated attribute list)\n"),
+N_(" [!]preread[=<attrs>] (a comma-separated attribute list)\n"),
N_(" -f file read operations from `file'\n"),
N_(" -h host LDAP server\n"),
N_(" -H URI LDAP Uniform Resource Indentifier(s)\n"),
}
if ( strcasecmp( control, "assert" ) == 0 ) {
- if( assertion != NULL ) {
+ if( assertctl ) {
fprintf( stderr, "assert control previously specified\n");
exit( EXIT_FAILURE );
}
usage();
}
+ assertctl = 1 + crit;
+
assert( assertion == NULL );
assertion = cvalue;
noop = 1 + crit;
+ } else if ( strcasecmp( control, "preread" ) == 0 ) {
+ if( preread ) {
+ fprintf( stderr, "preread control previously specified\n");
+ exit( EXIT_FAILURE );
+ }
+
+ preread = 1 + crit;
+ preread_attrs = cvalue;
+
+ } else if ( strcasecmp( control, "postread" ) == 0 ) {
+ if( postread ) {
+ fprintf( stderr, "postread control previously specified\n");
+ exit( EXIT_FAILURE );
+ }
+
+ postread = 1 + crit;
+ postread_attrs = cvalue;
+
} else {
fprintf( stderr, "Invalid general control name: %s\n",
control );
tool_server_controls( LDAP *ld, LDAPControl *extra_c, int count )
{
int i = 0, j, crit = 0, err;
- LDAPControl c[4], **ctrls;
+ LDAPControl c[6], **ctrls;
ctrls = (LDAPControl**) malloc(sizeof(c) + (count+1)*sizeof(LDAPControl*));
if ( ctrls == NULL ) {
exit( EXIT_FAILURE );
}
- if ( assertion ) {
+ if ( assertctl ) {
char berbuf[LBER_ELEMENT_SIZEOF];
BerElement *ber = (BerElement *)berbuf;
- if( *assertion == '\0' ) {
+ if( assertion == NULL || *assertion == '\0' ) {
fprintf( stderr, "Assertion=<empty>\n" );
exit( EXIT_FAILURE );
}
}
c[i].ldctl_oid = LDAP_CONTROL_ASSERT;
- c[i].ldctl_iscritical = 1;
+ c[i].ldctl_iscritical = assertctl > 1;
ctrls[i] = &c[i];
i++;
}
i++;
}
+ if ( preread ) {
+ char berbuf[LBER_ELEMENT_SIZEOF];
+ BerElement *ber = (BerElement *)berbuf;
+ char **attrs;
+
+ if( preread_attrs ) {
+ attrs = ldap_str2charray( preread_attrs, "," );
+ }
+
+ ber_init2( ber, NULL, LBER_USE_DER );
+
+ if( ber_printf( ber, "{v}", attrs ) == -1 ) {
+ fprintf( stderr, "preread attrs encode failed.\n" );
+ exit( EXIT_FAILURE );
+ }
+
+ err = ber_flatten2( ber, &c[i].ldctl_value, 0 );
+ if( err < 0 ) {
+ fprintf( stderr, "preread flatten failed (%d)\n", err );
+ exit( EXIT_FAILURE );
+ }
+
+ c[i].ldctl_oid = LDAP_CONTROL_PRE_READ;
+ c[i].ldctl_iscritical = preread > 1;
+ ctrls[i] = &c[i];
+ i++;
+
+ if( attrs ) ldap_charray_free( attrs );
+ }
+
+ if ( postread ) {
+ char berbuf[LBER_ELEMENT_SIZEOF];
+ BerElement *ber = (BerElement *)berbuf;
+ char **attrs;
+
+ if( postread_attrs ) {
+ attrs = ldap_str2charray( postread_attrs, "," );
+ }
+
+ ber_init2( ber, NULL, LBER_USE_DER );
+
+ if( ber_printf( ber, "{v}", attrs ) == -1 ) {
+ fprintf( stderr, "postread attrs encode failed.\n" );
+ exit( EXIT_FAILURE );
+ }
+
+ err = ber_flatten2( ber, &c[i].ldctl_value, 0 );
+ if( err < 0 ) {
+ fprintf( stderr, "postread flatten failed (%d)\n", err );
+ exit( EXIT_FAILURE );
+ }
+
+ c[i].ldctl_oid = LDAP_CONTROL_POST_READ;
+ c[i].ldctl_iscritical = postread > 1;
+ ctrls[i] = &c[i];
+ i++;
+
+ if( attrs ) ldap_charray_free( attrs );
+ }
+
while ( count-- ) {
ctrls[i++] = extra_c++;
}
extern char *authzid;
extern int manageDSAit;
extern int noop;
+extern int preread, postread;
extern int not;
extern int want_bindpw;
rc = 0;
- if ( assertion || authzid || manageDSAit || noop ) {
+ if ( assertion || authzid || manageDSAit || noop || preread || postread ) {
tool_server_controls( ld, NULL, 0 );
}
LBER_V( Sockbuf_IO ) ber_sockbuf_io_readahead;
LBER_V( Sockbuf_IO ) ber_sockbuf_io_fd;
LBER_V( Sockbuf_IO ) ber_sockbuf_io_debug;
-#ifdef LDAP_CONNECTIONLESS
LBER_V( Sockbuf_IO ) ber_sockbuf_io_udp;
-#endif
/*
* LBER memory.c
/* LDAP Controls */
#define LDAP_CONTROL_ASSERT "1.3.6.1.4.1.4203.666.5.9"
-#define LDAP_CONTROL_PRE_READ_BACK "1.3.6.1.4.1.4203.666.5.10.1"
-#define LDAP_CONTROL_POST_READ_BACK "1.3.6.1.4.1.4203.666.5.10.2"
+#define LDAP_CONTROL_PRE_READ "1.3.6.1.4.1.4203.666.5.10.1"
+#define LDAP_CONTROL_POST_READ "1.3.6.1.4.1.4203.666.5.10.2"
#define LDAP_CONTROL_MODIFY_INCREMENT "1.3.6.1.4.1.4203.666.5.11"
#define LDAP_CONTROL_VALUESRETURNFILTER "1.2.826.0.1.334810.2.3"
Entry *ctxcsn_e;
int ctxcsn_added = 0;
+ LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
+ int num_ctrls = 0;
+
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ARGS, "==> bdb_add: %s\n", op->oq_add.rs_e->e_name.bv_val, 0, 0 );
#else
goto return_results;;
}
+ /* post-read */
+ if( op->o_postread ) {
+ if ( slap_read_controls( op, rs, op->oq_add.rs_e,
+ &slap_post_read_bv, &ctrls[num_ctrls] ) )
+ {
+#ifdef NEW_LOGGING
+ LDAP_LOG ( OPERATION, DETAIL1,
+ "<=- bdb_add: post-read failed!\n", 0, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- bdb_add: post-read failed!\n", 0, 0, 0 );
+#endif
+ goto return_results;
+ }
+ ctrls[++num_ctrls] = NULL;
+ }
+
/* nested transaction */
rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, ltid, <2,
bdb->bi_db_opflags );
}
if ( !op->o_bd->syncinfo ) {
- rc = bdb_csn_commit( op, rs, ltid, ei, &suffix_ei, &ctxcsn_e, &ctxcsn_added, locker );
+ rc = bdb_csn_commit( op, rs, ltid, ei, &suffix_ei,
+ &ctxcsn_e, &ctxcsn_added, locker );
switch ( rc ) {
case BDB_CSN_ABORT :
goto return_results;
ltid = NULL;
op->o_private = NULL;
- if (rs->sr_err == LDAP_SUCCESS) {
-#ifdef NEW_LOGGING
- LDAP_LOG ( OPERATION, RESULTS,
- "bdb_add: added%s id=%08lx dn=\"%s\"\n",
- op->o_noop ? " (no-op)" : "", op->oq_add.rs_e->e_id, op->oq_add.rs_e->e_dn );
-#else
- Debug(LDAP_DEBUG_TRACE, "bdb_add: added%s id=%08lx dn=\"%s\"\n",
- op->o_noop ? " (no-op)" : "", op->oq_add.rs_e->e_id, op->oq_add.rs_e->e_dn );
-#endif
- rs->sr_text = NULL;
- }
- else {
+ if (rs->sr_err != LDAP_SUCCESS) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
- "bdb_add: %s : %s (%d)\n", rs->sr_text, db_strerror(rs->sr_err), rs->sr_err );
+ "bdb_add: %s : %s (%d)\n", rs->sr_text,
+ db_strerror(rs->sr_err), rs->sr_err );
#else
Debug( LDAP_DEBUG_TRACE, "bdb_add: %s : %s (%d)\n",
rs->sr_text, db_strerror(rs->sr_err), rs->sr_err );
#endif
rs->sr_err = LDAP_OTHER;
+ goto return_results;
}
+#ifdef NEW_LOGGING
+ LDAP_LOG ( OPERATION, RESULTS,
+ "bdb_add: added%s id=%08lx dn=\"%s\"\n",
+ op->o_noop ? " (no-op)" : "",
+ op->oq_add.rs_e->e_id, op->oq_add.rs_e->e_dn );
+#else
+ Debug(LDAP_DEBUG_TRACE, "bdb_add: added%s id=%08lx dn=\"%s\"\n",
+ op->o_noop ? " (no-op)" : "",
+ op->oq_add.rs_e->e_id, op->oq_add.rs_e->e_dn );
+#endif
+
+ rs->sr_text = NULL;
+ if( num_ctrls ) rs->sr_ctrls = ctrls;
+
return_results:
send_ldap_result( op, rs );
}
done:
-
if( ltid != NULL ) {
TXN_ABORT( ltid );
op->o_private = NULL;
Entry *ctxcsn_e;
int ctxcsn_added = 0;
+ LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
+ int num_ctrls = 0;
+
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ARGS, "==> bdb_delete: %s\n", op->o_req_dn.bv_val, 0, 0 );
#else
goto done;
}
+ /* pre-read */
+ if( op->o_preread ) {
+ if( slap_read_controls( op, rs, e,
+ &slap_pre_read_bv, &ctrls[num_ctrls] ) )
+ {
+#ifdef NEW_LOGGING
+ LDAP_LOG ( OPERATION, DETAIL1,
+ "<=- bdb_delete: pre-read failed!\n", 0, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- bdb_delete: pre-read failed!\n", 0, 0, 0 );
+#endif
+ goto return_results;
+ }
+ ctrls[++num_ctrls] = NULL;
+ }
+
/* nested transaction */
rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, ltid, <2,
bdb->bi_db_opflags );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "commit failed";
- } else {
+ goto return_results;
+ }
+
#ifdef NEW_LOGGING
- LDAP_LOG ( OPERATION, RESULTS,
- "bdb_delete: deleted%s id=%08lx db=\"%s\"\n",
- op->o_noop ? " (no-op)" : "", e->e_id, e->e_dn );
+ LDAP_LOG ( OPERATION, RESULTS,
+ "bdb_delete: deleted%s id=%08lx db=\"%s\"\n",
+ op->o_noop ? " (no-op)" : "", e->e_id, e->e_dn );
#else
- Debug( LDAP_DEBUG_TRACE,
- "bdb_delete: deleted%s id=%08lx dn=\"%s\"\n",
- op->o_noop ? " (no-op)" : "",
- e->e_id, e->e_dn );
+ Debug( LDAP_DEBUG_TRACE,
+ "bdb_delete: deleted%s id=%08lx dn=\"%s\"\n",
+ op->o_noop ? " (no-op)" : "",
+ e->e_id, e->e_dn );
#endif
- rs->sr_err = LDAP_SUCCESS;
- rs->sr_text = NULL;
- }
+ rs->sr_err = LDAP_SUCCESS;
+ rs->sr_text = NULL;
+ if( num_ctrls ) rs->sr_ctrls = ctrls;
return_results:
send_ldap_result( op, rs );
int num_retries = 0;
+ LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
+ int num_ctrls = 0;
+
Operation* ps_list;
struct psid_entry *pm_list, *pm_prev;
int rc;
}
}
+ if( op->o_preread ) {
+ if ( slap_read_controls( op, rs, e,
+ &slap_pre_read_bv, &ctrls[num_ctrls] ) )
+ {
+#ifdef NEW_LOGGING
+ LDAP_LOG ( OPERATION, DETAIL1,
+ "<=- bdb_modify: pre-read failed!\n", 0, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- bdb_modify: pre-read failed!\n", 0, 0, 0 );
+#endif
+ goto return_results;
+ }
+ ctrls[++num_ctrls] = NULL;
+ op->o_preread = 0; /* prevent redo on retry */
+ }
+
/* nested transaction */
rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, ltid, <2,
bdb->bi_db_opflags );
goto return_results;
}
+ if( op->o_postread ) {
+ if( slap_read_controls( op, rs, e,
+ &slap_post_read_bv, &ctrls[num_ctrls] ) )
+ {
+#ifdef NEW_LOGGING
+ LDAP_LOG ( OPERATION, DETAIL1,
+ "<=- bdb_modify: post-read failed!\n", 0, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- bdb_modify: post-read failed!\n", 0, 0, 0 );
+#endif
+ goto return_results;
+ }
+ ctrls[++num_ctrls] = NULL;
+ op->o_postread = 0; /* prevent redo on retry */
+ /* FIXME: should read entry on the last retry */
+ }
+
/* change the entry itself */
rs->sr_err = bdb_id2entry_update( op->o_bd, lt2, &dummy );
if ( rs->sr_err != 0 ) {
rs->sr_text = "entry update failed";
goto return_results;
}
+
if ( TXN_COMMIT( lt2, 0 ) != 0 ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "txn_commit(2) failed";
}
if ( !op->o_bd->syncinfo ) {
- rc = bdb_csn_commit( op, rs, ltid, ei, &suffix_ei, &ctxcsn_e, &ctxcsn_added, locker );
+ rc = bdb_csn_commit( op, rs, ltid, ei, &suffix_ei,
+ &ctxcsn_e, &ctxcsn_added, locker );
switch ( rc ) {
case BDB_CSN_ABORT :
goto return_results;
ltid = NULL;
op->o_private = NULL;
-
if( rs->sr_err != 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
"bdb_modify: txn_%s failed %s (%d)\n",
- op->o_noop ? "abort (no_op)" : "commit", db_strerror(rs->sr_err), rs->sr_err );
+ op->o_noop ? "abort (no_op)" : "commit",
+ db_strerror(rs->sr_err), rs->sr_err );
#else
Debug( LDAP_DEBUG_TRACE,
"bdb_modify: txn_%s failed: %s (%d)\n",
rs->sr_err = LDAP_OTHER;
rs->sr_text = "commit failed";
- } else {
+ goto return_results;
+ }
+
#ifdef NEW_LOGGING
- LDAP_LOG ( OPERATION, DETAIL1,
- "bdb_modify: updated%s id=%08lx dn=\"%s\"\n",
- op->o_noop ? " (no_op)" : "", e->e_id, e->e_dn );
+ LDAP_LOG ( OPERATION, DETAIL1,
+ "bdb_modify: updated%s id=%08lx dn=\"%s\"\n",
+ op->o_noop ? " (no_op)" : "", e->e_id, e->e_dn );
#else
- Debug( LDAP_DEBUG_TRACE,
- "bdb_modify: updated%s id=%08lx dn=\"%s\"\n",
- op->o_noop ? " (no-op)" : "",
- e->e_id, e->e_dn );
+ Debug( LDAP_DEBUG_TRACE,
+ "bdb_modify: updated%s id=%08lx dn=\"%s\"\n",
+ op->o_noop ? " (no-op)" : "",
+ e->e_id, e->e_dn );
#endif
- rs->sr_err = LDAP_SUCCESS;
- rs->sr_text = NULL;
- }
+
+ rs->sr_err = LDAP_SUCCESS;
+ rs->sr_text = NULL;
+ if( num_ctrls ) rs->sr_ctrls = ctrls;
return_results:
send_ldap_result( op, rs );
int num_retries = 0;
+ LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
+ int num_ctrls = 0;
+
Operation *ps_list;
struct psid_entry *pm_list, *pm_prev;
int rc;
}
}
+ if( op->o_preread ) {
+ if( slap_read_controls( op, rs, e,
+ &slap_pre_read_bv, &ctrls[num_ctrls] ) )
+ {
+#ifdef NEW_LOGGING
+ LDAP_LOG ( OPERATION, DETAIL1,
+ "<=- bdb_modrdn: post-read failed!\n", 0, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- bdb_modrdn: post-read failed!\n", 0, 0, 0 );
+#endif
+ goto return_results;
+ }
+ ctrls[++num_ctrls] = NULL;
+ op->o_preread = 0; /* prevent redo on retry */
+ }
+
/* nested transaction */
rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, ltid, <2,
bdb->bi_db_opflags );
}
goto return_results;
}
-
+
+ if( op->o_postread ) {
+ if( slap_read_controls( op, rs, e,
+ &slap_post_read_bv, &ctrls[num_ctrls] ) )
+ {
+#ifdef NEW_LOGGING
+ LDAP_LOG ( OPERATION, DETAIL1,
+ "<=- bdb_modrdn: post-read failed!\n", 0, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "<=- bdb_modrdn: post-read failed!\n", 0, 0, 0 );
+#endif
+ goto return_results;
+ }
+ ctrls[++num_ctrls] = NULL;
+ op->o_postread = 0; /* prevent redo on retry */
+ /* FIXME: should read entry on the last retry */
+ }
+
/* id2entry index */
rs->sr_err = bdb_id2entry_update( op->o_bd, lt2, e );
if ( rs->sr_err != 0 ) {
ltid = NULL;
op->o_private = NULL;
- if( rs->sr_err == LDAP_SUCCESS ) {
-#ifdef NEW_LOGGING
- LDAP_LOG ( OPERATION, RESULTS,
- "bdb_modrdn: rdn modified%s id=%08lx dn=\"%s\"\n",
- op->o_noop ? " (no-op)" : "", e->e_id, e->e_dn );
-#else
- Debug(LDAP_DEBUG_TRACE,
- "bdb_modrdn: rdn modified%s id=%08lx dn=\"%s\"\n",
- op->o_noop ? " (no-op)" : "", e->e_id, e->e_dn );
-#endif
- rs->sr_text = NULL;
- } else {
+ if( rs->sr_err != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, RESULTS, "bdb_modrdn: %s : %s (%d)\n",
rs->sr_text, db_strerror(rs->sr_err), rs->sr_err );
rs->sr_text, db_strerror(rs->sr_err), rs->sr_err );
#endif
rs->sr_err = LDAP_OTHER;
+
+ goto return_results;
}
+#ifdef NEW_LOGGING
+ LDAP_LOG ( OPERATION, RESULTS,
+ "bdb_modrdn: rdn modified%s id=%08lx dn=\"%s\"\n",
+ op->o_noop ? " (no-op)" : "", e->e_id, e->e_dn );
+#else
+ Debug(LDAP_DEBUG_TRACE,
+ "bdb_modrdn: rdn modified%s id=%08lx dn=\"%s\"\n",
+ op->o_noop ? " (no-op)" : "", e->e_id, e->e_dn );
+#endif
+ rs->sr_text = NULL;
+ if( num_ctrls ) rs->sr_ctrls = ctrls;
+
return_results:
send_ldap_result( op, rs );
BackendDB *be,
Entry *e,
ID *ids );
+
static int search_candidates(
Operation *stackop, /* op with the current threadctx/slab cache */
Operation *sop, /* search op */
u_int32_t locker,
ID *ids,
ID *scopes );
+
static void send_pagerequest_response(
Operation *op,
SlapReply *rs,
int entry_count = 0;
struct berval *search_context_csn = NULL;
DB_LOCK ctxcsn_lock;
- LDAPControl *ctrls[SLAP_SEARCH_MAX_CTRLS];
+ LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
int num_ctrls = 0;
AttributeName uuid_attr[2];
int rc_sync = 0;
null_attr.an_name.bv_len = 0;
null_attr.an_name.bv_val = NULL;
- for ( num_ctrls = 0; num_ctrls < SLAP_SEARCH_MAX_CTRLS; num_ctrls++ ) {
+ for( num_ctrls = 0; num_ctrls < SLAP_MAX_RESPONSE_CONTROLS; num_ctrls++ ) {
ctrls[num_ctrls] = NULL;
}
num_ctrls = 0;
op->o_conn = conn;
op->o_assertion = NULL;
+ op->o_preread_attrs = NULL;
+ op->o_postread_attrs = NULL;
op->o_vrFilter = NULL;
+
#ifdef LDAP_CONTROL_PAGEDRESULTS
op->o_pagedresults_state = conn->c_pagedresults_state;
#endif
+
+ op->o_res_ber = NULL;
+
#ifdef LDAP_CONNECTIONLESS
if (conn->c_is_udp) {
-
if ( cdn ) {
ber_str2bv( cdn, 0, 1, &op->o_dn );
op->o_protocol = LDAP_VERSION2;
}
op->o_res_ber = ber_alloc_t( LBER_USE_DER );
- if (op->o_res_ber == NULL)
- return 1;
+ if (op->o_res_ber == NULL) return 1;
+
+ rc = ber_write( op->o_res_ber, (char *)&peeraddr,
+ sizeof(struct sockaddr), 0 );
- rc = ber_write(op->o_res_ber, (char *)&peeraddr, sizeof(struct sockaddr), 0);
if (rc != sizeof(struct sockaddr)) {
#ifdef NEW_LOGGING
LDAP_LOG( CONNECTION, INFO,
#include "../../libraries/liblber/lber-int.h"
static SLAP_CTRL_PARSE_FN parseAssert;
+static SLAP_CTRL_PARSE_FN parsePreRead;
+static SLAP_CTRL_PARSE_FN parsePostRead;
static SLAP_CTRL_PARSE_FN parseProxyAuthz;
static SLAP_CTRL_PARSE_FN parseManageDSAit;
static SLAP_CTRL_PARSE_FN parseModifyIncrement;
#ifdef LDAP_CONTROL_SUBENTRIES
static SLAP_CTRL_PARSE_FN parseSubentries;
#endif
-static SLAP_CTRL_PARSE_FN parseLdupSync;
+static SLAP_CTRL_PARSE_FN parseLDAPsync;
#undef sc_mask /* avoid conflict with Irix 6.5 <sys/signal.h> */
+const struct berval slap_pre_read_bv = BER_BVC(LDAP_CONTROL_PRE_READ);
+const struct berval slap_post_read_bv = BER_BVC(LDAP_CONTROL_POST_READ);
+
struct slap_control {
/* Control OID */
char *sc_oid;
{ LDAP_CONTROL_ASSERT,
SLAP_CTRL_ACCESS, NULL,
parseAssert, LDAP_SLIST_ENTRY_INITIALIZER(next) },
+ { LDAP_CONTROL_PRE_READ,
+ SLAP_CTRL_DELETE|SLAP_CTRL_MODIFY|SLAP_CTRL_RENAME, NULL,
+ parsePreRead, LDAP_SLIST_ENTRY_INITIALIZER(next) },
+ { LDAP_CONTROL_POST_READ,
+ SLAP_CTRL_ADD|SLAP_CTRL_MODIFY|SLAP_CTRL_RENAME, NULL,
+ parsePostRead, LDAP_SLIST_ENTRY_INITIALIZER(next) },
{ LDAP_CONTROL_VALUESRETURNFILTER,
SLAP_CTRL_SEARCH, NULL,
parseValuesReturnFilter, LDAP_SLIST_ENTRY_INITIALIZER(next) },
parseNoOp, LDAP_SLIST_ENTRY_INITIALIZER(next) },
{ LDAP_CONTROL_SYNC,
SLAP_CTRL_HIDE|SLAP_CTRL_SEARCH, NULL,
- parseLdupSync, LDAP_SLIST_ENTRY_INITIALIZER(next) },
+ parseLDAPsync, LDAP_SLIST_ENTRY_INITIALIZER(next) },
{ LDAP_CONTROL_MODIFY_INCREMENT,
SLAP_CTRL_MODIFY, NULL,
parseModifyIncrement, LDAP_SLIST_ENTRY_INITIALIZER(next) },
ber = ber_init( &(ctrl->ldctl_value) );
if (ber == NULL) {
- rs->sr_text = "internal error";
+ rs->sr_text = "assert control: internal error";
return LDAP_OTHER;
}
} else {
send_ldap_result( op, rs );
}
- if( op->o_assertion != NULL) {
- filter_free_x( op, op->o_assertion );
+ if( op->o_assertion != NULL ) {
+ filter_free_x( op, op->o_assertion );
}
+ return rs->sr_err;
}
+
#ifdef LDAP_DEBUG
- else {
- filter2bv_x( op, op->o_assertion, &fstr );
- }
+ filter2bv_x( op, op->o_assertion, &fstr );
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ARGS,
return LDAP_SUCCESS;
}
+static int parsePreRead (
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl *ctrl )
+{
+ ber_len_t siz, off, i;
+ AttributeName *an = NULL;
+ BerElement *ber;
+
+ if ( op->o_preread != SLAP_NO_CONTROL ) {
+ rs->sr_text = "preread control specified multiple times";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if ( ctrl->ldctl_value.bv_len == 0 ) {
+ rs->sr_text = "preread control value is empty (or absent)";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ ber = ber_init( &(ctrl->ldctl_value) );
+ if (ber == NULL) {
+ rs->sr_text = "preread control: internal error";
+ return LDAP_OTHER;
+ }
+
+ siz = sizeof( AttributeName );
+ off = 0;
+ if ( ber_scanf( ber, "{M}", &an, &siz, off ) == LBER_ERROR ) {
+ rs->sr_text = "preread control: decoding error";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ for( i=0; i<siz; i++ ) {
+ const char *dummy;
+ an[i].an_desc = NULL;
+ an[i].an_oc = NULL;
+ slap_bv2ad( &an[i].an_name, &an[i].an_desc, &dummy );
+ }
+
+ op->o_preread = ctrl->ldctl_iscritical
+ ? SLAP_CRITICAL_CONTROL
+ : SLAP_NONCRITICAL_CONTROL;
+
+ op->o_preread_attrs = an;
+
+ rs->sr_err = LDAP_SUCCESS;
+ return LDAP_SUCCESS;
+}
+
+static int parsePostRead (
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl *ctrl )
+{
+ ber_len_t siz, off, i;
+ AttributeName *an = NULL;
+ BerElement *ber;
+
+ if ( op->o_postread != SLAP_NO_CONTROL ) {
+ rs->sr_text = "postread control specified multiple times";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if ( ctrl->ldctl_value.bv_len == 0 ) {
+ rs->sr_text = "postread control value is empty (or absent)";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ ber = ber_init( &(ctrl->ldctl_value) );
+ if (ber == NULL) {
+ rs->sr_text = "postread control: internal error";
+ return LDAP_OTHER;
+ }
+
+ siz = sizeof( AttributeName );
+ off = 0;
+ if ( ber_scanf( ber, "{M}", &an, &siz, off ) == LBER_ERROR ) {
+ rs->sr_text = "postread control: decoding error";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ for( i=0; i<siz; i++ ) {
+ const char *dummy;
+ an[i].an_desc = NULL;
+ an[i].an_oc = NULL;
+ slap_bv2ad( &an[i].an_name, &an[i].an_desc, &dummy );
+ }
+
+ op->o_postread = ctrl->ldctl_iscritical
+ ? SLAP_CRITICAL_CONTROL
+ : SLAP_NONCRITICAL_CONTROL;
+
+ op->o_postread_attrs = an;
+
+ rs->sr_err = LDAP_SUCCESS;
+ return LDAP_SUCCESS;
+}
+
int parseValuesReturnFilter (
Operation *op,
SlapReply *rs,
send_ldap_result( op, rs );
}
if( op->o_vrFilter != NULL) vrFilter_free( op, op->o_vrFilter );
-
}
#ifdef LDAP_DEBUG
else {
}
#endif
-static int parseLdupSync (
+static int parseLDAPsync (
Operation *op,
SlapReply *rs,
LDAPControl *ctrl )
}
}
+#ifdef NEW_LOGGING
+ LDAP_LOG( OPERATION, ARGS, "<<< dnPretty: <%s>\n", out->bv_val, 0, 0 );
+#else
Debug( LDAP_DEBUG_TRACE, "<<< dnPretty: <%s>\n", out->bv_val, 0, 0 );
+#endif
return LDAP_SUCCESS;
}
op->o_time = slap_get_time();
op->o_opid = id;
-#ifdef LDAP_CONNECTIONLESS
op->o_res_ber = NULL;
-#endif
#if defined( LDAP_SLAPI )
op->o_pb = slapi_pblock_new();
LDAP_SLAPD_F (int) slap_send_search_reference LDAP_P(( Operation *op, SlapReply *rs ));
LDAP_SLAPD_F (int) slap_send_search_entry LDAP_P(( Operation *op, SlapReply *rs ));
+LDAP_SLAPD_V( const struct berval ) slap_pre_read_bv;
+LDAP_SLAPD_V( const struct berval ) slap_post_read_bv;
+LDAP_SLAPD_F (int) slap_read_controls LDAP_P(( Operation *op, SlapReply *rs,
+ Entry *e, const struct berval *oid, LDAPControl **ctrl ));
+
LDAP_SLAPD_F (int) str2result LDAP_P(( char *s,
int *code, char **matched, char **info ));
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ARGS,
"send_ldap_result: err=%d matched=\"%s\" text=\"%s\"\n",
- rs->sr_err, rs->sr_matched ? rs->sr_matched : "", rs->sr_text ? rs->sr_text : "" );
+ rs->sr_err, rs->sr_matched ? rs->sr_matched : "",
+ rs->sr_text ? rs->sr_text : "" );
#else
Debug( LDAP_DEBUG_ARGS,
"send_ldap_result: err=%d matched=\"%s\" text=\"%s\"\n",
- rs->sr_err, rs->sr_matched ? rs->sr_matched : "", rs->sr_text ? rs->sr_text : "" );
+ rs->sr_err, rs->sr_matched ? rs->sr_matched : "",
+ rs->sr_text ? rs->sr_text : "" );
#endif
if ( op->o_tag == LDAP_REQ_SEARCH ) {
char nbuf[64];
- snprintf( nbuf, sizeof nbuf, "%d nentries=%d", rs->sr_err, rs->sr_nentries );
+ snprintf( nbuf, sizeof nbuf, "%d nentries=%d",
+ rs->sr_err, rs->sr_nentries );
Statslog( LDAP_DEBUG_STATS,
- "conn=%lu op=%lu SEARCH RESULT tag=%lu err=%s text=%s\n",
- op->o_connid, op->o_opid, rs->sr_tag, nbuf, rs->sr_text ? rs->sr_text : "" );
+ "conn=%lu op=%lu SEARCH RESULT tag=%lu err=%s text=%s\n",
+ op->o_connid, op->o_opid, rs->sr_tag, nbuf,
+ rs->sr_text ? rs->sr_text : "" );
} else {
Statslog( LDAP_DEBUG_STATS,
"conn=%lu op=%lu RESULT tag=%lu err=%d text=%s\n",
- op->o_connid, op->o_opid, rs->sr_tag, rs->sr_err, rs->sr_text ? rs->sr_text : "" );
+ op->o_connid, op->o_opid, rs->sr_tag, rs->sr_err,
+ rs->sr_text ? rs->sr_text : "" );
}
- if( tmp != NULL ) {
- ch_free(tmp);
- }
+ if( tmp != NULL ) ch_free(tmp);
rs->sr_text = otext;
rs->sr_ref = oref;
}
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ENTRY,
"send_ldap_sasl: conn %lu err=%d len=%lu\n",
- op->o_connid, rs->sr_err, rs->sr_sasldata ? rs->sr_sasldata->bv_len : -1 );
+ op->o_connid, rs->sr_err,
+ rs->sr_sasldata ? rs->sr_sasldata->bv_len : -1 );
#else
Debug( LDAP_DEBUG_TRACE, "send_ldap_sasl: err=%d len=%ld\n",
- rs->sr_err, rs->sr_sasldata ? (long) rs->sr_sasldata->bv_len : -1, NULL );
+ rs->sr_err,
+ rs->sr_sasldata ? (long) rs->sr_sasldata->bv_len : -1, NULL );
#endif
rs->sr_tag = req2res( op->o_tag );
edn = rs->sr_entry->e_nname.bv_val;
-#ifdef LDAP_CONNECTIONLESS
- if (op->o_conn && op->o_conn->c_is_udp) {
+ if ( op->o_res_ber ) {
+ /* read back control or LDAP_CONNECTIONLESS */
ber = op->o_res_ber;
- } else
-#endif
- {
+ } else {
ber_len_t siz, len;
struct berval bv;
}
#ifdef LDAP_CONNECTIONLESS
- if (op->o_conn && op->o_conn->c_is_udp && op->o_protocol == LDAP_VERSION2) {
- rc = ber_printf(ber, "t{O{" /*}}*/,
- LDAP_RES_SEARCH_ENTRY, &rs->sr_entry->e_name);
+ if ( op->o_conn && op->o_conn->c_is_udp ) {
+ /* CONNECTIONLESS */
+ if ( op->o_protocol == LDAP_VERSION2 ) {
+ rc = ber_printf(ber, "t{O{" /*}}*/,
+ LDAP_RES_SEARCH_ENTRY, &rs->sr_entry->e_name );
+ } else {
+ rc = ber_printf( ber, "{it{O{" /*}}}*/, op->o_msgid,
+ LDAP_RES_SEARCH_ENTRY, &rs->sr_entry->e_name );
+ }
} else
#endif
- {
+ if ( op->o_res_ber ) {
+ /* read back control */
+ rc = ber_printf( ber, "{O{" /*}}*/, &rs->sr_entry->e_name );
+ } else {
rc = ber_printf( ber, "{it{O{" /*}}}*/, op->o_msgid,
- LDAP_RES_SEARCH_ENTRY, &rs->sr_entry->e_name );
+ LDAP_RES_SEARCH_ENTRY, &rs->sr_entry->e_name );
}
if ( rc == -1 ) {
Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
#endif
-#ifdef LDAP_CONNECTIONLESS
- if (!op->o_conn || op->o_conn->c_is_udp == 0)
-#endif
- ber_free_buf( ber );
+ if ( op->o_res_ber == NULL ) ber_free_buf( ber );
send_ldap_error( op, rs, LDAP_OTHER, "encoding DN error" );
goto error_return;
}
Debug( LDAP_DEBUG_ANY,
"matched values filtering failed\n", 0, 0, 0 );
#endif
-#ifdef LDAP_CONNECTIONLESS
- if (!op->o_conn || op->o_conn->c_is_udp == 0)
-#endif
- {
- ber_free( ber, 1 );
- }
-
+ if ( op->o_res_ber == NULL ) ber_free_buf( ber );
send_ldap_error( op, rs, LDAP_OTHER,
"matched values filtering error" );
goto error_return;
Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
#endif
-#ifdef LDAP_CONNECTIONLESS
- if (!op->o_conn || op->o_conn->c_is_udp == 0)
-#endif
- ber_free_buf( ber );
+ if ( op->o_res_ber == NULL ) ber_free_buf( ber );
send_ldap_error( op, rs, LDAP_OTHER, "encoding description error");
goto error_return;
}
"ber_printf failed\n", 0, 0, 0 );
#endif
-#ifdef LDAP_CONNECTIONLESS
- if (!op->o_conn || op->o_conn->c_is_udp == 0)
-#endif
- ber_free_buf( ber );
+ if ( op->o_res_ber == NULL ) ber_free_buf( ber );
send_ldap_error( op, rs, LDAP_OTHER,
"encoding values error" );
goto error_return;
Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
#endif
-#ifdef LDAP_CONNECTIONLESS
- if (!op->o_conn || op->o_conn->c_is_udp == 0)
-#endif
- ber_free_buf( ber );
+ if ( op->o_res_ber == NULL ) ber_free_buf( ber );
send_ldap_error( op, rs, LDAP_OTHER, "encode end error" );
goto error_return;
}
}
/* eventually will loop through generated operational attributes */
- /* only have subschemaSubentry implemented */
+ /* only have subschemaSubentry and numSubordinates are implemented */
aa = backend_operational( op, rs, opattrs );
if ( aa != NULL && op->o_vrFilter != NULL ) {
"for matched values filtering\n",
op->o_connid, 0, 0 );
#endif
- ber_free( ber, 1 );
-
+ if ( op->o_res_ber == NULL ) ber_free_buf( ber );
send_ldap_error( op, rs, LDAP_OTHER,
"not enough memory for matched values filtering" );
goto error_return;
Debug( LDAP_DEBUG_ANY,
"matched values filtering failed\n", 0, 0, 0 );
#endif
-#ifdef LDAP_CONNECTIONLESS
- if (!op->o_conn || op->o_conn->c_is_udp == 0)
-#endif
- {
- ber_free( ber, 1 );
- }
-
+ if ( op->o_res_ber == NULL ) ber_free_buf( ber );
send_ldap_error( op, rs, LDAP_OTHER,
"matched values filtering error" );
goto error_return;
Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
#endif
-#ifdef LDAP_CONNECTIONLESS
- if (!op->o_conn || op->o_conn->c_is_udp == 0)
-#endif
- {
- ber_free_buf( ber );
- }
+ if ( op->o_res_ber == NULL ) ber_free_buf( ber );
send_ldap_error( op, rs, LDAP_OTHER, "encoding description error" );
-
attrs_free( aa );
goto error_return;
}
"ber_printf failed\n", 0, 0, 0 );
#endif
-#ifdef LDAP_CONNECTIONLESS
- if (!op->o_conn || op->o_conn->c_is_udp == 0)
-#endif
- {
- ber_free_buf( ber );
- }
+ if ( op->o_res_ber == NULL ) ber_free_buf( ber );
send_ldap_error( op, rs, LDAP_OTHER,
"encoding values error" );
attrs_free( aa );
Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
#endif
-#ifdef LDAP_CONNECTIONLESS
- if (!op->o_conn || op->o_conn->c_is_udp == 0)
-#endif
- {
- ber_free_buf( ber );
- }
+ if ( op->o_res_ber == NULL ) ber_free_buf( ber );
send_ldap_error( op, rs, LDAP_OTHER, "encode end error" );
-
attrs_free( aa );
goto error_return;
}
rs->sr_entry, slapi_x_compute_output_ber );
}
if ( rc == 1 ) {
- ber_free_buf( ber );
+ if ( op->o_res_ber == NULL ) ber_free_buf( ber );
send_ldap_error( op, rs, LDAP_OTHER, "computed attribute error" );
goto error_return;
}
rc = send_ldap_controls( ber, rs->sr_ctrls );
}
+ if( rc != -1 ) {
#ifdef LDAP_CONNECTIONLESS
- if( op->o_conn && op->o_conn->c_is_udp &&
- op->o_protocol == LDAP_VERSION2 )
- {
- ; /* empty, skip following if */
- } else
+ if( op->o_conn && op->o_conn->c_is_udp ) {
+ if ( op->o_protocol != LDAP_VERSION2 ) {
+ rc = ber_printf( ber, /*{*/ "N}" );
+ }
+ } else
#endif
- if( rc != -1 ) {
- rc = ber_printf( ber, /*{*/ "N}" );
+ if ( op->o_res_ber == NULL ) {
+ rc = ber_printf( ber, /*{*/ "N}" );
+ }
}
if ( rc == -1 ) {
Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
#endif
-#ifdef LDAP_CONNECTIONLESS
- if (!op->o_conn || op->o_conn->c_is_udp == 0)
-#endif
- {
- ber_free_buf( ber );
- }
+ if ( op->o_res_ber == NULL ) ber_free_buf( ber );
send_ldap_error( op, rs, LDAP_OTHER, "encode entry end error" );
sl_release( mark, op->o_tmpmemctx );
return( 1 );
}
-#ifdef LDAP_CONNECTIONLESS
- if (!op->o_conn || op->o_conn->c_is_udp == 0)
-#endif
- {
+ if ( op->o_res_ber == NULL ) {
bytes = op->o_noop ? 0 : send_ldap_ber( op->o_conn, ber );
ber_free_buf( ber );
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ENTRY,
"send_search_reference: conn %lu dn=\"%s\"\n",
- op->o_connid, rs->sr_entry ? rs->sr_entry->e_name.bv_val : "(null)", 0 );
+ op->o_connid,
+ rs->sr_entry ? rs->sr_entry->e_name.bv_val : "(null)", 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"=> send_search_reference: dn=\"%s\"\n",
}
#ifdef LDAP_CONNECTIONLESS
- if (op->o_conn && op->o_conn->c_is_udp)
+ if( op->o_conn && op->o_conn->c_is_udp ) {
ber = op->o_res_ber;
- else
+ } else
#endif
{
ber_init_w_nullc( ber, LBER_USE_DER );
return( rc );
}
+
+int slap_read_controls(
+ Operation *op,
+ SlapReply *rs,
+ Entry *e,
+ const struct berval *oid,
+ LDAPControl **ctrl )
+{
+ int rc;
+ struct berval bv;
+ char berbuf[LBER_ELEMENT_SIZEOF];
+ BerElement *ber = (BerElement *) berbuf;
+ LDAPControl c;
+ ber_len_t siz, len;
+ Operation myop;
+
+#ifdef NEW_LOGGING
+ LDAP_LOG( OPERATION, INFO, "slap_read_controls: (%s) %s\n",
+ oid->bv_val, e->e_dn, 0 );
+#else
+ Debug( LDAP_DEBUG_ANY, "slap_read_controls: (%s) %s\n",
+ oid->bv_val, e->e_dn, 0 );
+#endif
+
+ rs->sr_entry = e;
+ rs->sr_attrs = ( oid == &slap_pre_read_bv ) ?
+ op->o_preread_attrs : op->o_postread_attrs;
+
+ entry_flatsize( rs->sr_entry, &siz, &len, 0 );
+ bv.bv_len = siz + len;
+ bv.bv_val = op->o_tmpalloc(bv.bv_len, op->o_tmpmemctx );
+
+ ber_init2( ber, &bv, LBER_USE_DER );
+ ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
+
+ /* create new operation */
+ myop = *op;
+ myop.o_bd = NULL;
+ myop.o_res_ber = ber;
+
+ rc = slap_send_search_entry( &myop, rs );
+ if( rc ) return rc;
+
+ rc = ber_flatten2( ber, &c.ldctl_value, 0 );
+
+ if( rc == LBER_ERROR ) return LDAP_OTHER;
+
+ c.ldctl_oid = oid->bv_val;
+ c.ldctl_iscritical = 0;
+
+ *ctrl = sl_calloc( 1, sizeof(LDAPControl), NULL );
+ **ctrl = c;
+ return LDAP_SUCCESS;
+}
#define SLAP_DISALLOW_BIND_ANON 0x0001U /* no anonymous */
#define SLAP_DISALLOW_BIND_SIMPLE 0x0002U /* simple authentication */
-#define SLAP_DISALLOW_BIND_SIMPLE_UNPROTECTED \
- 0x0004U /* unprotected simple auth */
-#define SLAP_DISALLOW_BIND_KRBV4 0x0008U /* Kerberos V4 authentication */
+#define SLAP_DISALLOW_BIND_KRBV4 0x0004U /* Kerberos V4 authentication */
#define SLAP_DISALLOW_TLS_2_ANON 0x0010U /* StartTLS -> Anonymous */
#define SLAP_DISALLOW_TLS_AUTHC 0x0020U /* TLS while authenticated */
#define get_domainScope(op) (0)
#endif
+ char o_preread;
+ char o_postread;
+ AttributeName *o_preread_attrs;
+ AttributeName *o_postread_attrs;
+
#ifdef LDAP_CONTROL_PAGEDRESULTS
char o_pagedresults;
#define get_pagedresults(op) ((int)(op)->o_pagedresults)
AuthorizationInformation o_authz;
- BerElement *o_ber; /* ber of the request */
-#ifdef LDAP_CONNECTIONLESS
- BerElement *o_res_ber; /* ber of the reply */
-#endif
- slap_callback *o_callback; /* callback pointers */
+ BerElement *o_ber; /* ber of the request */
+ BerElement *o_res_ber; /* ber of the CLDAP reply or readback control */
+ slap_callback *o_callback; /* callback pointers */
LDAPControl **o_ctrls; /* controls */
void *o_threadctx; /* thread pool thread context */
Filter *o_assertion; /* Assert control filter */
#define get_assertion(op) ((op)->o_assertion)
+
ValuesReturnFilter *o_vrFilter; /* ValuesReturnFilter */
syncinfo_t* o_si;
#define SLAP_LDAPDN_PRETTY 0x1
#define SLAP_LDAPDN_MAXLEN 8192
-#define SLAP_SEARCH_MAX_CTRLS 10
+/* number of response controls supported */
+#define SLAP_MAX_RESPONSE_CONTROLS 6
#ifdef LDAP_DEVEL
#define SLAP_CTRL_HIDE 0x00000000U
return -1;
}
+int slap_read_controls(
+ Operation *op,
+ SlapReply *rs,
+ Entry *e,
+ const struct berval *oid,
+ LDAPControl **c )
+{
+ assert(0);
+ return -1;
+}
+
int slap_sasl_init(void)
{
return LDAP_SUCCESS;
projects / openldap / commitdiff