From: Ondřej Kuzník Date: Mon, 2 Jul 2018 14:43:23 +0000 (+0100) Subject: ITS#8663 Improve memberof cn=config handling X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=b06f5b0493937fc28f2cc86df1d7f464aa4504d8;p=openldap ITS#8663 Improve memberof cn=config handling --- diff --git a/servers/slapd/overlays/memberof.c b/servers/slapd/overlays/memberof.c index 40ad6e274a..54c24682ab 100644 --- a/servers/slapd/overlays/memberof.c +++ b/servers/slapd/overlays/memberof.c @@ -130,6 +130,11 @@ #define SLAPD_MEMBEROF_ATTR "memberOf" +static AttributeDescription *ad_member; +static AttributeDescription *ad_memberOf; + +static ObjectClass *oc_group; + static slap_overinst memberof; typedef struct memberof_t { @@ -1610,12 +1615,45 @@ memberof_db_init( { slap_overinst *on = (slap_overinst *)be->bd_info; memberof_t *mo; + const char *text = NULL; + int rc; mo = (memberof_t *)ch_calloc( 1, sizeof( memberof_t ) ); /* safe default */ mo->mo_dangling_err = LDAP_CONSTRAINT_VIOLATION; + if ( !ad_memberOf ) { + rc = slap_str2ad( SLAPD_MEMBEROF_ATTR, &ad_memberOf, &text ); + if ( rc != LDAP_SUCCESS ) { + Debug( LDAP_DEBUG_ANY, "memberof_db_init: " + "unable to find attribute=\"%s\": %s (%d)\n", + SLAPD_MEMBEROF_ATTR, text, rc ); + return rc; + } + } + + if ( !ad_member ) { + rc = slap_str2ad( SLAPD_GROUP_ATTR, &ad_member, &text ); + if ( rc != LDAP_SUCCESS ) { + Debug( LDAP_DEBUG_ANY, "memberof_db_init: " + "unable to find attribute=\"%s\": %s (%d)\n", + SLAPD_GROUP_ATTR, text, rc ); + return rc; + } + } + + if ( !oc_group ) { + oc_group = oc_find( SLAPD_GROUP_CLASS ); + if ( oc_group == NULL ) { + Debug( LDAP_DEBUG_ANY, + "memberof_db_init: " + "unable to find objectClass=\"%s\"\n", + SLAPD_GROUP_CLASS, 0, 0 ); + return 1; + } + } + on->on_bi.bi_private = (void *)mo; return 0; @@ -1677,14 +1715,14 @@ static ConfigTable mo_cfg[] = { NULL, NULL }, { "memberof-member-ad", "member attribute", - 2, 2, 0, ARG_MAGIC|MO_MEMBER_AD, mo_cf_gen, + 2, 2, 0, ARG_MAGIC|ARG_ATDESC|MO_MEMBER_AD, mo_cf_gen, "( OLcfgOvAt:18.4 NAME 'olcMemberOfMemberAD' " "DESC 'member attribute' " "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL }, { "memberof-memberof-ad", "memberOf attribute", - 2, 2, 0, ARG_MAGIC|MO_MEMBER_OF_AD, mo_cf_gen, + 2, 2, 0, ARG_MAGIC|ARG_ATDESC|MO_MEMBER_OF_AD, mo_cf_gen, "( OLcfgOvAt:18.5 NAME 'olcMemberOfMemberOfAD' " "DESC 'memberOf attribute' " "SYNTAX OMsDirectoryString SINGLE-VALUE )", @@ -1876,7 +1914,52 @@ mo_cf_gen( ConfigArgs *c ) return rc; } else if ( c->op == LDAP_MOD_DELETE ) { - return 1; /* FIXME */ + switch( c->type ) { + case MO_DN: + if ( !BER_BVISNULL( &mo->mo_dn ) ) { + ber_memfree( mo->mo_dn.bv_val ); + ber_memfree( mo->mo_ndn.bv_val ); + BER_BVZERO( &mo->mo_dn ); + BER_BVZERO( &mo->mo_ndn ); + } + break; + + case MO_DANGLING: + mo->mo_flags &= ~MEMBEROF_FDANGLING_MASK; + break; + + case MO_DANGLING_ERROR: + mo->mo_dangling_err = LDAP_CONSTRAINT_VIOLATION; + break; + + case MO_REFINT: + mo->mo_flags &= ~MEMBEROF_FREFINT; + break; + +#if 0 + case MO_REVERSE: + mo->mo_flags &= ~MEMBEROF_FREVERSE; + break; +#endif + + case MO_GROUP_OC: + mo->mo_oc_group = oc_group; + memberof_make_group_filter( mo ); + break; + + case MO_MEMBER_AD: + mo->mo_ad_member = ad_member; + break; + + case MO_MEMBER_OF_AD: + mo->mo_ad_memberof = ad_memberOf; + memberof_make_member_filter( mo ); + break; + + default: + assert( 0 ); + return 1; + } } else { switch( c->type ) { @@ -1946,19 +2029,7 @@ mo_cf_gen( ConfigArgs *c ) } break; case MO_MEMBER_AD: { - AttributeDescription *ad = NULL; - const char *text = NULL; - - - rc = slap_str2ad( c->argv[ 1 ], &ad, &text ); - if ( rc != LDAP_SUCCESS ) { - snprintf( c->cr_msg, sizeof( c->cr_msg ), - "unable to find member attribute=\"%s\": %s (%d)", - c->argv[ 1 ], text, rc ); - Debug( LDAP_DEBUG_CONFIG, "%s: %s.\n", - c->log, c->cr_msg, 0 ); - return 1; - } + AttributeDescription *ad = c->value_ad; if ( !is_at_syntax( ad->ad_type, SLAPD_DN_SYNTAX ) /* e.g. "member" */ && !is_at_syntax( ad->ad_type, SLAPD_NAMEUID_SYNTAX ) ) /* e.g. "uniqueMember" */ @@ -1976,19 +2047,7 @@ mo_cf_gen( ConfigArgs *c ) } break; case MO_MEMBER_OF_AD: { - AttributeDescription *ad = NULL; - const char *text = NULL; - - - rc = slap_str2ad( c->argv[ 1 ], &ad, &text ); - if ( rc != LDAP_SUCCESS ) { - snprintf( c->cr_msg, sizeof( c->cr_msg ), - "unable to find memberof attribute=\"%s\": %s (%d)", - c->argv[ 1 ], text, rc ); - Debug( LDAP_DEBUG_CONFIG, "%s: %s.\n", - c->log, c->cr_msg, 0 ); - return 1; - } + AttributeDescription *ad = c->value_ad; if ( !is_at_syntax( ad->ad_type, SLAPD_DN_SYNTAX ) /* e.g. "member" */ && !is_at_syntax( ad->ad_type, SLAPD_NAMEUID_SYNTAX ) ) /* e.g. "uniqueMember" */ @@ -2024,37 +2083,17 @@ memberof_db_open( memberof_t *mo = (memberof_t *)on->on_bi.bi_private; int rc; - const char *text = NULL; - if( ! mo->mo_ad_memberof ){ - rc = slap_str2ad( SLAPD_MEMBEROF_ATTR, &mo->mo_ad_memberof, &text ); - if ( rc != LDAP_SUCCESS ) { - Debug( LDAP_DEBUG_ANY, "memberof_db_open: " - "unable to find attribute=\"%s\": %s (%d)\n", - SLAPD_MEMBEROF_ATTR, text, rc ); - return rc; - } + if ( !mo->mo_ad_memberof ) { + mo->mo_ad_memberof = ad_memberOf; } - if( ! mo->mo_ad_member ){ - rc = slap_str2ad( SLAPD_GROUP_ATTR, &mo->mo_ad_member, &text ); - if ( rc != LDAP_SUCCESS ) { - Debug( LDAP_DEBUG_ANY, "memberof_db_open: " - "unable to find attribute=\"%s\": %s (%d)\n", - SLAPD_GROUP_ATTR, text, rc ); - return rc; - } + if ( ! mo->mo_ad_member ) { + mo->mo_ad_member = ad_member; } - if( ! mo->mo_oc_group ){ - mo->mo_oc_group = oc_find( SLAPD_GROUP_CLASS ); - if ( mo->mo_oc_group == NULL ) { - Debug( LDAP_DEBUG_ANY, - "memberof_db_open: " - "unable to find objectClass=\"%s\"\n", - SLAPD_GROUP_CLASS, 0, 0 ); - return 1; - } + if ( ! mo->mo_oc_group ) { + mo->mo_oc_group = oc_group; } if ( BER_BVISNULL( &mo->mo_dn ) && !BER_BVISNULL( &be->be_rootdn ) ) { @@ -2101,9 +2140,6 @@ memberof_db_destroy( return 0; } -/* unused */ -static AttributeDescription *ad_memberOf; - static struct { char *desc; AttributeDescription **adp;