From: Pierangelo Masarati Date: Sat, 1 May 2004 18:55:52 +0000 (+0000) Subject: add restrictedOperation to databases; modification to come soon X-Git-Tag: OPENDLAP_REL_ENG_2_2_MP~408 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=05fbf1cc976d81a37d4418e29f2dd9e0c2a51b9e;p=openldap add restrictedOperation to databases; modification to come soon --- diff --git a/servers/slapd/back-monitor/back-monitor.h b/servers/slapd/back-monitor/back-monitor.h index e9e8df1006..16115d098a 100644 --- a/servers/slapd/back-monitor/back-monitor.h +++ b/servers/slapd/back-monitor/back-monitor.h @@ -104,6 +104,7 @@ struct monitorinfo { AttributeDescription *mi_ad_l; AttributeDescription *mi_ad_labeledURI; AttributeDescription *mi_ad_readOnly; + AttributeDescription *mi_ad_restrictedOperation; }; /* diff --git a/servers/slapd/back-monitor/database.c b/servers/slapd/back-monitor/database.c index 50b93dca19..9ea8d1394b 100644 --- a/servers/slapd/back-monitor/database.c +++ b/servers/slapd/back-monitor/database.c @@ -36,6 +36,64 @@ static int monitor_back_add_plugin( Backend *be, Entry *e ); #include "../back-ldap/back-ldap.h" #endif /* defined(SLAPD_LDAP) */ +static struct restrict_ops_t { + struct berval op; + unsigned int tag; +} restrict_ops[] = { + { BER_BVC( "add" ), SLAP_RESTRICT_OP_ADD }, + { BER_BVC( "bind" ), SLAP_RESTRICT_OP_BIND }, + { BER_BVC( "compare" ), SLAP_RESTRICT_OP_COMPARE }, + { BER_BVC( "delete" ), SLAP_RESTRICT_OP_DELETE }, + { BER_BVC( "extended" ), SLAP_RESTRICT_OP_EXTENDED }, + { BER_BVC( "modify" ), SLAP_RESTRICT_OP_MODIFY }, + { BER_BVC( "rename" ), SLAP_RESTRICT_OP_RENAME }, + { BER_BVC( "search" ), SLAP_RESTRICT_OP_SEARCH }, + { BER_BVNULL, 0 } +}, restrict_exops[] = { + { BER_BVC( LDAP_EXOP_START_TLS ), SLAP_RESTRICT_EXOP_START_TLS }, + { BER_BVC( LDAP_EXOP_MODIFY_PASSWD ), SLAP_RESTRICT_EXOP_MODIFY_PASSWD }, + { BER_BVC( LDAP_EXOP_X_WHO_AM_I ), SLAP_RESTRICT_EXOP_WHOAMI }, + { BER_BVC( LDAP_EXOP_X_CANCEL ), SLAP_RESTRICT_EXOP_CANCEL }, + { BER_BVNULL, 0 } +}; + +static int +init_readOnly( struct monitorinfo *mi, Entry *e, slap_mask_t restrictops ) +{ + struct berval *tf = ( ( restrictops & SLAP_RESTRICT_OP_MASK ) == SLAP_RESTRICT_OP_WRITES ) ? + (struct berval *)&slap_true_bv : (struct berval *)&slap_false_bv; + + return attr_merge_one( e, mi->mi_ad_readOnly, tf, tf ); +} + +static int +init_restrictedOperation( struct monitorinfo *mi, Entry *e, slap_mask_t restrictops ) +{ + int i, rc; + + for ( i = 0; restrict_ops[ i ].op.bv_val; i++ ) { + if ( restrictops & restrict_ops[ i ].tag ) { + rc = attr_merge_one( e, mi->mi_ad_restrictedOperation, + &restrict_ops[ i ].op, &restrict_ops[ i ].op ); + if ( rc ) { + return rc; + } + } + } + + for ( i = 0; restrict_exops[ i ].op.bv_val; i++ ) { + if ( restrictops & restrict_exops[ i ].tag ) { + rc = attr_merge_one( e, mi->mi_ad_restrictedOperation, + &restrict_exops[ i ].op, &restrict_exops[ i ].op ); + if ( rc ) { + return rc; + } + } + } + + return LDAP_SUCCESS; +} + int monitor_subsys_database_init( BackendDB *be @@ -45,7 +103,6 @@ monitor_subsys_database_init( Entry *e, *e_database, *e_tmp; int i; struct monitorentrypriv *mp; - struct berval *tf; assert( be != NULL ); @@ -68,9 +125,9 @@ monitor_subsys_database_init( #endif return( -1 ); } - tf = (global_restrictops & SLAP_RESTRICT_OP_WRITES) ? - (struct berval *)&slap_true_bv : (struct berval *)&slap_false_bv ; - attr_merge_one( e_database, mi->mi_ad_readOnly, tf, tf ); + + (void)init_readOnly( mi, e_database, global_restrictops ); + (void)init_restrictedOperation( mi, e_database, global_restrictops ); e_tmp = NULL; for ( i = nBackendDB; i--; ) { @@ -141,9 +198,9 @@ monitor_subsys_database_init( attr_merge( e_database, slap_schema.si_ad_namingContexts, be->be_suffix, be->be_nsuffix ); } - tf = (be->be_restrictops & SLAP_RESTRICT_OP_WRITES) ? - (struct berval *)&slap_true_bv : (struct berval *)&slap_false_bv ; - attr_merge_one( e, mi->mi_ad_readOnly, tf, tf ); + + (void)init_readOnly( mi, e, be->be_restrictops ); + (void)init_restrictedOperation( mi, e, be->be_restrictops ); if ( oi != NULL ) { slap_overinst *on = oi->oi_list; @@ -319,6 +376,10 @@ monitor_subsys_database_modify( if ( rc ) { break; } + + } else if ( mod->sm_desc == mi->mi_ad_restrictedOperation ) { + /* TODO */ + } else if ( is_at_operational( mod->sm_desc->ad_type )) { /* accept all operational attributes */ attr_delete( &e->e_attrs, mod->sm_desc ); @@ -328,11 +389,13 @@ monitor_subsys_database_modify( rc = LDAP_OTHER; break; } + } else { rc = LDAP_UNWILLING_TO_PERFORM; break; } } + if ( gotval == 1 && cur >= 0 ) { struct berval *tf; tf = cur ? (struct berval *)&slap_true_bv : (struct berval *)&slap_false_bv; diff --git a/servers/slapd/back-monitor/init.c b/servers/slapd/back-monitor/init.c index 5d54dc0d98..7f5718d218 100644 --- a/servers/slapd/back-monitor/init.c +++ b/servers/slapd/back-monitor/init.c @@ -393,6 +393,11 @@ monitor_back_db_init( "SINGLE-VALUE " "USAGE directoryOperation )", SLAP_AT_HIDE, offsetof(struct monitorinfo, mi_ad_readOnly) }, + { "restrictedOperation", "( 1.3.6.1.4.1.4203.666.1.32 " + "NAME 'restrictedOperation' " + "DESC 'name of restricted operation for a given database' " + "SUP managedInfo )", SLAP_AT_HIDE, + offsetof(struct monitorinfo, mi_ad_restrictedOperation ) }, #ifdef INTEGRATE_CORE_SCHEMA { NULL, NULL, 0, -1 }, /* description */ { NULL, NULL, 0, -1 }, /* seeAlso */