From: Kurt Zeilenga Date: Wed, 15 Dec 1999 23:22:47 +0000 (+0000) Subject: Updated sasl response to support returning of referrals. X-Git-Tag: UCDATA_2_4~81 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=6253e7c278ab9bac233968bd2e1e40748ff3bd02;p=openldap Updated sasl response to support returning of referrals. Updates to extended operation framework to support arbitrary referrals and extended results without OIDs. Updated passwd extended operation to support returning update_refs as needed. Needs replog support. --- diff --git a/servers/slapd/back-ldbm/extended.c b/servers/slapd/back-ldbm/extended.c index bc172df0d8..18aa0ac70b 100644 --- a/servers/slapd/back-ldbm/extended.c +++ b/servers/slapd/back-ldbm/extended.c @@ -29,20 +29,23 @@ ldbm_back_extended( Backend *be, Connection *conn, Operation *op, - char *oid, + char *reqoid, struct berval *reqdata, + char **rspoid, struct berval **rspdata, LDAPControl *** rspctrls, - char** text + char** text, + struct berval *** refs ) { int i; for( i=0; exop_table[i].oid != NULL; i++ ) { - if( strcmp( exop_table[i].oid, oid ) == 0 ) { + if( strcmp( exop_table[i].oid, reqoid ) == 0 ) { return (exop_table[i].extended)( - be, conn, op, oid, - reqdata, rspdata, rspctrls, text ); + be, conn, op, + reqoid, reqdata, + rspoid, rspdata, rspctrls, text, refs ); } } diff --git a/servers/slapd/back-ldbm/external.h b/servers/slapd/back-ldbm/external.h index aeac346579..5cba7ebb3f 100644 --- a/servers/slapd/back-ldbm/external.h +++ b/servers/slapd/back-ldbm/external.h @@ -26,9 +26,11 @@ extern int ldbm_back_extended LDAP_P(( BackendDB *bd, Connection *conn, Operation *op, char *reqoid, struct berval *reqdata, + char **rspoid, struct berval **rspdata, LDAPControl *** rspctrls, - char **text )); + char **text, + struct berval *** refs )); extern int ldbm_back_bind LDAP_P(( BackendDB *bd, Connection *conn, Operation *op, diff --git a/servers/slapd/back-ldbm/passwd.c b/servers/slapd/back-ldbm/passwd.c index 85bbed01b4..6915b59cad 100644 --- a/servers/slapd/back-ldbm/passwd.c +++ b/servers/slapd/back-ldbm/passwd.c @@ -21,11 +21,13 @@ ldbm_back_exop_passwd( Backend *be, Connection *conn, Operation *op, - char *oid, + char *reqoid, struct berval *reqdata, + char **rspoid, struct berval **rspdata, LDAPControl *** rspctrls, - char** text + char** text, + struct berval *** refs ) { struct ldbminfo *li = (struct ldbminfo *) be->be_private; @@ -38,8 +40,8 @@ ldbm_back_exop_passwd( char *dn; - assert( oid != NULL ); - assert( strcmp( LDAP_EXOP_X_MODIFY_PASSWD, oid ) == 0 ); + assert( reqoid != NULL ); + assert( strcmp( LDAP_EXOP_X_MODIFY_PASSWD, reqoid ) == 0 ); rc = slap_passwd_parse( reqdata, &id, NULL, &new, text ); diff --git a/servers/slapd/back-ldbm/proto-back-ldbm.h b/servers/slapd/back-ldbm/proto-back-ldbm.h index 89aae2a432..c9ebbae66e 100644 --- a/servers/slapd/back-ldbm/proto-back-ldbm.h +++ b/servers/slapd/back-ldbm/proto-back-ldbm.h @@ -148,11 +148,13 @@ int index_change_values LDAP_P(( Backend *be, */ extern int ldbm_back_exop_passwd LDAP_P(( BackendDB *bd, Connection *conn, Operation *op, - char *oid, + char *reqoid, struct berval *reqdata, + char **rspoid, struct berval **rspdata, LDAPControl ***rspctrls, - char **text )); + char **text, + struct berval *** refs )); /* diff --git a/servers/slapd/extended.c b/servers/slapd/extended.c index d3db89e29b..a1c5c8a293 100644 --- a/servers/slapd/extended.c +++ b/servers/slapd/extended.c @@ -86,19 +86,20 @@ do_extended( ) { int rc = LDAP_SUCCESS; - char* oid; + char* reqoid; struct berval *reqdata; ber_tag_t tag; ber_len_t len; extop_list_t *ext; char *text; struct berval **refs; + char *rspoid; struct berval *rspdata; LDAPControl **rspctrls; Debug( LDAP_DEBUG_TRACE, "do_extended\n", 0, 0, 0 ); - oid = NULL; + reqoid = NULL; reqdata = NULL; if( op->o_protocol < LDAP_VERSION3 ) { @@ -110,7 +111,7 @@ do_extended( goto done; } - if ( ber_scanf( op->o_ber, "{a" /*}*/, &oid ) == LBER_ERROR ) { + if ( ber_scanf( op->o_ber, "{a" /*}*/, &reqoid ) == LBER_ERROR ) { Debug( LDAP_DEBUG_ANY, "do_extended: ber_scanf failed\n", 0, 0 ,0 ); send_ldap_disconnect( conn, op, LDAP_PROTOCOL_ERROR, "decoding error" ); @@ -118,9 +119,9 @@ do_extended( goto done; } - if( !(ext = find_extop(supp_ext_list, oid)) ) { + if( !(ext = find_extop(supp_ext_list, reqoid)) ) { Debug( LDAP_DEBUG_ANY, "do_extended: unsupported operation \"%s\"\n", - oid, 0 ,0 ); + reqoid, 0 ,0 ); send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR, NULL, "unsupported extended operation", NULL, NULL ); goto done; @@ -143,22 +144,29 @@ do_extended( return rc; } - Debug( LDAP_DEBUG_ARGS, "do_extended: oid=%s\n", oid, 0 ,0 ); + Debug( LDAP_DEBUG_ARGS, "do_extended: oid=%s\n", reqoid, 0 ,0 ); + rspoid = NULL; rspdata = NULL; rspctrls = NULL; text = NULL; + refs = NULL; rc = (ext->ext_main)( extop_callback, conn, op, - oid, reqdata, &rspdata, &rspctrls, &text ); + reqoid, reqdata, + &rspoid, &rspdata, &rspctrls, &text, &refs ); if( rc != SLAPD_ABANDON ) { - refs = NULL; - if (rc == LDAP_REFERRAL) + if (rc == LDAP_REFERRAL) { refs = default_referral; + } + + send_ldap_extended( conn, op, rc, NULL, text, refs, + rspoid, rspdata, rspctrls ); + } - send_ldap_extended( conn, op, rc, NULL, text, - refs, oid, rspdata, rspctrls ); + if ( rspoid != NULL ) { + free( rspoid ); } if ( rspdata != NULL ) @@ -171,8 +179,8 @@ done: if ( reqdata != NULL ) { ber_bvfree( reqdata ); } - if ( oid != NULL ) { - free( oid ); + if ( reqoid != NULL ) { + free( reqoid ); } return rc; diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c index d75926d1d1..124d674dbb 100644 --- a/servers/slapd/passwd.c +++ b/servers/slapd/passwd.c @@ -20,28 +20,43 @@ int passwd_extop( SLAP_EXTOP_CALLBACK_FN ext_callback, - Connection *conn, Operation *op, char *oid, + Connection *conn, Operation *op, + char *reqoid, struct berval *reqdata, + char **rspoid, struct berval **rspdata, LDAPControl ***rspctrls, - char **text ) + char **text, + struct berval ***refs ) { int rc; - assert( oid != NULL ); - assert( strcmp( LDAP_EXOP_X_MODIFY_PASSWD, oid ) == 0 ); + assert( reqoid != NULL ); + assert( strcmp( LDAP_EXOP_X_MODIFY_PASSWD, reqoid ) == 0 ); if( op->o_dn == NULL || op->o_dn[0] == '\0' ) { *text = ch_strdup("only authenicated users may change passwords"); return LDAP_STRONG_AUTH_REQUIRED; } - if( conn->c_authz_backend != NULL && - conn->c_authz_backend->be_extended ) + if( conn->c_authz_backend != NULL && conn->c_authz_backend->be_extended ) { - rc = conn->c_authz_backend->be_extended( - conn->c_authz_backend, - conn, op, oid, reqdata, rspdata, rspctrls, text ); + if( global_readonly || conn->c_authz_backend->be_readonly ) { + *text = ch_strdup("authorization database is read only"); + rc = LDAP_UNWILLING_TO_PERFORM; + + } else if( conn->c_authz_backend->be_update_ndn != NULL ) { + /* we SHOULD return a referral in this case */ + *refs = conn->c_authz_backend->be_update_refs; + rc = LDAP_REFERRAL; + + } else { + rc = conn->c_authz_backend->be_extended( + conn->c_authz_backend, conn, op, + reqoid, reqdata, + rspoid, rspdata, rspctrls, + text, refs ); + } } else { *text = ch_strdup("operation not supported for current user"); diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index b786933a0e..c56f87ba99 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -256,11 +256,13 @@ typedef int (*SLAP_EXTOP_CALLBACK_FN) LDAP_P(( typedef int (*SLAP_EXTOP_MAIN_FN) LDAP_P(( SLAP_EXTOP_CALLBACK_FN, Connection *conn, Operation *op, - char * oid, + char * reqoid, struct berval * reqdata, + char ** rspoid, struct berval ** rspdata, LDAPControl *** rspctrls, - char ** text )); + char ** text, + struct berval *** refs )); typedef int (*SLAP_EXTOP_GETOID_FN) LDAP_P(( int index, char *oid, int blen )); @@ -377,6 +379,7 @@ LIBSLAPD_F (void) send_ldap_sasl LDAP_P(( Connection *conn, Operation *op, ber_int_t err, const char *matched, const char *text, + struct berval **refs, LDAPControl **ctrls, struct berval *cred )); @@ -391,6 +394,11 @@ LIBSLAPD_F (void) send_ldap_extended LDAP_P(( char *rspoid, struct berval *rspdata, LDAPControl **ctrls )); +LIBSLAPD_F (void) send_ldap_partial LDAP_P(( + Connection *conn, Operation *op, + char *rspoid, struct berval *rspdata, + LDAPControl **ctrls )); + LIBSLAPD_F (void) send_search_result LDAP_P(( Connection *conn, Operation *op, ber_int_t err, const char *matched, const char *text, @@ -465,11 +473,13 @@ LIBSLAPD_F (int) dscompare LDAP_P(( const char *s1, const char *s2del, char deli LIBSLAPD_F (int) starttls_extop LDAP_P(( SLAP_EXTOP_CALLBACK_FN, Connection *conn, Operation *op, - char * oid, + char * reqoid, struct berval * reqdata, + char ** rspoid, struct berval ** rspdata, LDAPControl ***rspctrls, - char ** text )); + char ** text, + struct berval *** refs )); /* @@ -506,11 +516,13 @@ LIBSLAPD_F (void) slap_init_user LDAP_P(( char *username, char *groupname )); LIBSLAPD_F (int) passwd_extop LDAP_P(( SLAP_EXTOP_CALLBACK_FN, Connection *conn, Operation *op, - char * oid, + char * reqoid, struct berval * reqdata, + char ** rspoid, struct berval ** rspdata, LDAPControl *** rspctrls, - char ** text )); + char ** text, + struct berval *** refs )); LIBSLAPD_F (int) slap_passwd_check( Attribute *attr, diff --git a/servers/slapd/result.c b/servers/slapd/result.c index ad3c065ddf..cd7c59e598 100644 --- a/servers/slapd/result.c +++ b/servers/slapd/result.c @@ -457,6 +457,7 @@ send_ldap_sasl( ber_int_t err, const char *matched, const char *text, + struct berval **ref, LDAPControl **ctrls, struct berval *cred ) @@ -482,7 +483,7 @@ send_ldap_sasl( #endif send_ldap_response( conn, op, tag, msgid, - err, matched, text, NULL, + err, matched, text, ref, NULL, NULL, cred, ctrls ); } diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index 7d0fd55dfa..b0e67a32ea 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -535,11 +535,13 @@ typedef int (*SLAP_EXTENDED_FN) LDAP_P(( Backend *be, struct slap_conn *conn, struct slap_op *op, - char *oid, + char *reqoid, struct berval * reqdata, + char **rspoid, struct berval ** rspdata, - LDAPControl ***rspctrls, - char** text )); + LDAPControl *** rspctrls, + char ** text, + struct berval *** refs )); struct slap_backend_info { char *bi_type; /* type of backend */ diff --git a/servers/slapd/starttls.c b/servers/slapd/starttls.c index 35767fae39..6228b5be69 100644 --- a/servers/slapd/starttls.c +++ b/servers/slapd/starttls.c @@ -23,11 +23,13 @@ starttls_extop ( SLAP_EXTOP_CALLBACK_FN cb, Connection *conn, Operation *op, - char * oid, + char * reqoid, struct berval * reqdata, + char ** rspoid, struct berval ** rspdata, LDAPControl ***rspctrls, - char ** text ) + char ** text, + struct berval *** refs ) { void *ctx; diff --git a/servers/slapd/tools/mimic.c b/servers/slapd/tools/mimic.c index f1e1a51521..03d91a25a9 100644 --- a/servers/slapd/tools/mimic.c +++ b/servers/slapd/tools/mimic.c @@ -62,6 +62,7 @@ send_ldap_sasl( ber_int_t err, const char *matched, const char *text, + struct berval **refs, LDAPControl **ctrls, struct berval *cred )