From: Pierangelo Masarati Date: Sat, 1 Nov 2008 16:55:45 +0000 (+0000) Subject: allow to override (more than one \!) specs requirements on control criticality (for... X-Git-Tag: ACLCHECK_0~1171 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=308b24a3274c5c25a3472037b88da854877f40f3;p=openldap allow to override (more than one \!) specs requirements on control criticality (for testing purposes; do not advertise) --- diff --git a/clients/tools/common.c b/clients/tools/common.c index cda39c9f8c..406dec793f 100644 --- a/clients/tools/common.c +++ b/clients/tools/common.c @@ -95,6 +95,7 @@ int assertctl; char *assertion = NULL; struct berval assertionvalue = BER_BVNULL; char *authzid = NULL; +int authzcrit = 1; /* support deprecated early version of proxyAuthz */ #define LDAP_CONTROL_OBSOLETE_PROXY_AUTHZ "2.16.840.1.113730.3.4.12" #ifdef LDAP_CONTROL_OBSOLETE_PROXY_AUTHZ @@ -387,8 +388,8 @@ tool_args( int argc, char **argv ) crit = 0; cvalue = NULL; - if( optarg[0] == '!' ) { - crit = 1; + while ( optarg[0] == '!' ) { + crit++; optarg++; } @@ -430,6 +431,10 @@ tool_args( int argc, char **argv ) if( !crit ) { fprintf( stderr, "authzid: must be marked critical\n" ); usage(); + } else if ( crit > 1 ) { + /* purposely flag proxied authorization + * as non-critical, to test DSA */ + authzcrit = 0; } assert( authzid == NULL ); @@ -452,6 +457,10 @@ tool_args( int argc, char **argv ) if( !crit ) { fprintf( stderr, "proxydn: must be marked critical\n" ); usage(); + } else if ( crit > 1 ) { + /* purposely flag proxied authorization + * as non-critical, to test DSA */ + authzcrit = 0; } assert( proxydn == NULL ); @@ -538,6 +547,11 @@ tool_args( int argc, char **argv ) #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR } else if ( strcasecmp( control, "chaining" ) == 0 ) { + if ( chaining ) { + fprintf( stderr, "chaining control previously specified\n"); + exit( EXIT_FAILURE ); + } + chaining = 1 + crit; if ( cvalue != NULL ) { @@ -613,6 +627,16 @@ tool_args( int argc, char **argv ) } else if ( tool_is_oid( control ) ) { LDAPControl *tmpctrls, ctrl; + if ( unknown_ctrls != NULL ) { + int i; + for ( i = 0; unknown_ctrls[ i ].ldctl_oid != NULL; i++ ) { + if ( strcmp( control, unknown_ctrls[ i ].ldctl_oid ) == 0 ) { + fprintf( stderr, "%s control previously specified\n", control ); + exit( EXIT_FAILURE ); + } + } + } + tmpctrls = (LDAPControl *)realloc( unknown_ctrls, (unknown_ctrls_num + 1)*sizeof( LDAPControl ) ); if ( tmpctrls == NULL ) { @@ -1525,7 +1549,7 @@ tool_server_controls( LDAP *ld, LDAPControl *extra_c, int count ) c[i].ldctl_value.bv_val = authzid; c[i].ldctl_value.bv_len = strlen( authzid ); c[i].ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ; - c[i].ldctl_iscritical = 1; + c[i].ldctl_iscritical = authzcrit; ctrls[i] = &c[i]; i++; } @@ -1548,7 +1572,7 @@ tool_server_controls( LDAP *ld, LDAPControl *extra_c, int count ) } c[i].ldctl_oid = LDAP_CONTROL_OBSOLETE_PROXY_AUTHZ; - c[i].ldctl_iscritical = 1; + c[i].ldctl_iscritical = authzcrit; ctrls[i] = &c[i]; i++; } diff --git a/clients/tools/ldapsearch.c b/clients/tools/ldapsearch.c index 8a60f7d804..23d57bc8ce 100644 --- a/clients/tools/ldapsearch.c +++ b/clients/tools/ldapsearch.c @@ -307,8 +307,8 @@ handle_private_option( int i ) crit = 0; cvalue = NULL; - if( optarg[0] == '!' ) { - crit = 1; + while ( optarg[0] == '!' ) { + crit++; optarg++; } @@ -538,6 +538,16 @@ handle_private_option( int i ) #endif /* LDAP_CONTROL_X_DEREF */ } else if ( tool_is_oid( control ) ) { + if ( c != NULL ) { + int i; + for ( i = 0; c[ i ].ldctl_oid != NULL; i++ ) { + if ( strcmp( control, c[ i ].ldctl_oid ) == 0 ) { + fprintf( stderr, "%s control previously specified\n", control ); + exit( EXIT_FAILURE ); + } + } + } + if ( ctrl_add() ) { exit( EXIT_FAILURE ); } @@ -847,7 +857,7 @@ getNextPage: c[i].ldctl_oid = LDAP_CONTROL_DONTUSECOPY; c[i].ldctl_value.bv_val = NULL; c[i].ldctl_value.bv_len = 0; - c[i].ldctl_iscritical = dontUseCopy > 1; + c[i].ldctl_iscritical = dontUseCopy == 2; i++; } #endif