From: Pierangelo Masarati Date: Sat, 20 Aug 2005 11:48:13 +0000 (+0000) Subject: all-operational overlay: allows to configure part of te DIT so that requests X-Git-Tag: OPENLDAP_REL_ENG_2_2_MP~647 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=95f65ff3521809de5b4a049afcb491f6a18b98e7;p=openldap all-operational overlay: allows to configure part of te DIT so that requests with requested attribute lists empty or containing "*" are expanded to contain "+" as well, so that all operational attributes are returned. This may be required to work around dumb clients that interrogate the rootDSE requesting "*" and expecting operational attributes to be returned as well. To make it a bit more generic, it can be configured to do the same for an arbitrary search described by an URI. For example, overlay allop allop-URI ldap:///??sub before any database instantiation causes all searches to return "*","+" when ors_attrs is NULL or countains "*". --- diff --git a/servers/slapd/overlays/allop.c b/servers/slapd/overlays/allop.c new file mode 100644 index 0000000000..f0397aadfe --- /dev/null +++ b/servers/slapd/overlays/allop.c @@ -0,0 +1,254 @@ +/* allop.c - returns all operational attributes when appropriate */ +/* $OpenLDAP$ */ +/* This work is part of OpenLDAP Software . + * + * Copyright 2005 The OpenLDAP Foundation. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in the file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * . + */ +/* ACKNOWLEDGEMENTS: + * This work was initially developed by Pierangelo Masarati for inclusion in + * OpenLDAP Software. + */ + +/* + * The intended usage is as a global overlay for use with those clients + * that do not make use of the RFC3673 allOp ("+") in the requested + * attribute list, but expect all operational attributes to be returned. + * Usage: add + * + +overlay allop +allop-URI + + * + * if the allop-URI is not given, the rootDSE, i.e. "ldap:///??base", + * is assumed. + */ + +#include "portable.h" + +#ifdef SLAPD_OVER_ALLOP + +#include +#include + +#include "slap.h" + +typedef struct allop_t { + struct berval ao_ndn; + int ao_scope; +} allop_t; + +static int +allop_db_config( + BackendDB *be, + const char *fname, + int lineno, + int argc, + char **argv ) +{ + slap_overinst *on = (slap_overinst *)be->bd_info; + allop_t *ao = (allop_t *)on->on_bi.bi_private; + + if ( strcasecmp( argv[ 0 ], "allop-uri" ) == 0 ) { + LDAPURLDesc *lud; + struct berval dn, + ndn; + int scope, + rc = LDAP_SUCCESS; + + if ( argc != 2 ) { + fprintf( stderr, "%s line %d: " + "need exactly 1 arg " + "in \"allop-uri \" " + "directive.\n", + fname, lineno ); + return 1; + } + + if ( ldap_url_parse( argv[ 1 ], &lud ) != LDAP_URL_SUCCESS ) { + return -1; + } + + scope = lud->lud_scope; + if ( scope == LDAP_SCOPE_DEFAULT ) { + scope = LDAP_SCOPE_BASE; + } + + if ( lud->lud_dn == NULL || lud->lud_dn[ 0 ] == '\0' ) { + if ( scope == LDAP_SCOPE_BASE ) { + BER_BVZERO( &ndn ); + + } else { + ber_str2bv( "", 0, 1, &ndn ); + } + + } else { + + ber_str2bv( lud->lud_dn, 0, 0, &dn ); + rc = dnNormalize( 0, NULL, NULL, &dn, &ndn, NULL ); + } + + ldap_free_urldesc( lud ); + if ( rc != LDAP_SUCCESS ) { + return -1; + } + + if ( BER_BVISNULL( &ndn ) ) { + /* rootDSE */ + if ( ao != NULL ) { + ch_free( ao->ao_ndn.bv_val ); + ch_free( ao ); + on->on_bi.bi_private = NULL; + } + + } else { + if ( ao == NULL ) { + ao = ch_calloc( 1, sizeof( allop_t ) ); + on->on_bi.bi_private = (void *)ao; + + } else { + ch_free( ao->ao_ndn.bv_val ); + } + + ao->ao_ndn = ndn; + ao->ao_scope = scope; + } + + } else { + return SLAP_CONF_UNKNOWN; + } + + return 0; +} + +static int +allop_db_destroy( BackendDB *be ) +{ + slap_overinst *on = (slap_overinst *)be->bd_info; + allop_t *ao = (allop_t *)on->on_bi.bi_private; + + if ( ao != NULL ) { + assert( !BER_BVISNULL( &ao->ao_ndn ) ); + + ch_free( ao->ao_ndn.bv_val ); + ch_free( ao ); + on->on_bi.bi_private = NULL; + } + + return 0; +} + +static int +allop_op_search( Operation *op, SlapReply *rs ) +{ + slap_overinst *on = (slap_overinst *)op->o_bd->bd_info; + allop_t *ao = (allop_t *)on->on_bi.bi_private; + + slap_mask_t mask; + int i, + add_allUser = 0; + + if ( ao == NULL ) { + if ( !BER_BVISEMPTY( &op->o_req_ndn ) + || op->ors_scope != LDAP_SCOPE_BASE ) + { + return SLAP_CB_CONTINUE; + } + + } else { + if ( !dnIsSuffix( &op->o_req_ndn, &ao->ao_ndn ) ) { + return SLAP_CB_CONTINUE; + } + + switch ( ao->ao_scope ) { + case LDAP_SCOPE_BASE: + if ( op->o_req_ndn.bv_len != ao->ao_ndn.bv_len ) { + return SLAP_CB_CONTINUE; + } + break; + + case LDAP_SCOPE_ONELEVEL: + if ( op->ors_scope == LDAP_SCOPE_BASE ) { + struct berval rdn = op->o_req_ndn; + + rdn.bv_len -= ao->ao_ndn.bv_len + STRLENOF( "," ); + if ( !dnIsOneLevelRDN( &rdn ) ) { + return SLAP_CB_CONTINUE; + } + + break; + } + return SLAP_CB_CONTINUE; + + case LDAP_SCOPE_SUBTREE: + break; + } + } + + mask = slap_attr_flags( op->ors_attrs ); + if ( SLAP_OPATTRS( mask ) ) { + return SLAP_CB_CONTINUE; + } + + if ( !SLAP_USERATTRS( mask ) ) { + return SLAP_CB_CONTINUE; + } + + i = 0; + if ( op->ors_attrs == NULL ) { + add_allUser = 1; + + } else { + for ( ; !BER_BVISNULL( &op->ors_attrs[ i ].an_name ); i++ ) + ; + } + + op->ors_attrs = op->o_tmprealloc( op->ors_attrs, + sizeof( AttributeName ) * ( i + add_allUser + 2 ), + op->o_tmpmemctx ); + + if ( add_allUser ) { + op->ors_attrs[ i ] = slap_anlist_all_user_attributes[ 0 ]; + i++; + } + + op->ors_attrs[ i ] = slap_anlist_all_operational_attributes[ 0 ]; + + BER_BVZERO( &op->ors_attrs[ i + 1 ].an_name ); + + return SLAP_CB_CONTINUE; +} + +static slap_overinst allop; + +int +allop_init() +{ + allop.on_bi.bi_type = "allop"; + + allop.on_bi.bi_db_config = allop_db_config; + allop.on_bi.bi_db_destroy = allop_db_destroy; + + allop.on_bi.bi_op_search = allop_op_search; + + return overlay_register( &allop ); +} + +#if SLAPD_OVER_ALLOP == SLAPD_MOD_DYNAMIC +int +init_module( int argc, char *argv[] ) +{ + return allop_init(); +} +#endif /* SLAPD_OVER_ALLOP == SLAPD_MOD_DYNAMIC */ + +#endif /* defined(SLAPD_OVER_ALLOP) */