From: Pierangelo Masarati Date: Tue, 20 Jul 2004 00:22:05 +0000 (+0000) Subject: rework passwd_extop to comply with rwm requirements... X-Git-Tag: OPENDLAP_REL_ENG_2_2_MP~43 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=dbb4593d756a3a6d54739a1945da59198d5af5cc;p=openldap rework passwd_extop to comply with rwm requirements... --- diff --git a/servers/slapd/overlays/rwm.c b/servers/slapd/overlays/rwm.c index fa65900f31..3ecd2d527a 100644 --- a/servers/slapd/overlays/rwm.c +++ b/servers/slapd/overlays/rwm.c @@ -77,9 +77,9 @@ rwm_add( Operation *op, SlapReply *rs ) (struct ldaprwmap *)on->on_bi.bi_private; int rc, - i, - isupdate; + i; Attribute **ap = NULL; + char *olddn = op->o_req_dn.bv_val; #ifdef ENABLE_REWRITE rc = rwm_op_dn_massage( op, rs, "addDn" ); @@ -93,14 +93,21 @@ rwm_add( Operation *op, SlapReply *rs ) return -1; } + if ( olddn != op->o_req_dn.bv_val ) { + ber_memfree( op->ora_e->e_name.bv_val ); + ber_memfree( op->ora_e->e_nname.bv_val ); + + ber_dupbv( &op->ora_e->e_name, &op->o_req_dn ); + ber_dupbv( &op->ora_e->e_nname, &op->o_req_ndn ); + } + /* Count number of attributes in entry */ - isupdate = be_shadow_update( op ); for ( i = 0, ap = &op->oq_add.rs_e->e_attrs; *ap; ) { struct berval mapped; Attribute *a; - if ( !isupdate && (*ap)->a_desc->ad_type->sat_no_user_mod ) { - goto cleanup_attr; + if ( (*ap)->a_desc->ad_type->sat_no_user_mod ) { + goto next_attr; } rwm_map( &rwmap->rwm_at, &(*ap)->a_desc->ad_cname, @@ -117,16 +124,20 @@ rwm_add( Operation *op, SlapReply *rs ) * the operation should give up, right? */ #ifdef ENABLE_REWRITE - rc = rwm_dnattr_rewrite( op, rs, "addDn", (*ap)->a_vals, NULL ); + rc = rwm_dnattr_rewrite( op, rs, "addAttrDn", + (*ap)->a_vals, + (*ap)->a_nvals ? &(*ap)->a_nvals : NULL ); #else rc = 1; - rc = rwm_dnattr_rewrite( op, rs, &rc, (*ap)->a_vals, NULL ); + rc = rwm_dnattr_rewrite( op, rs, &rc, (*ap)->a_vals, + (*ap)->a_nvals ? &(*ap)->a_nvals : NULL ); #endif if ( rc ) { goto cleanup_attr; } } +next_attr:; ap = &(*ap)->a_next; continue; @@ -287,7 +298,6 @@ rwm_modify( Operation *op, SlapReply *rs ) struct ldaprwmap *rwmap = (struct ldaprwmap *)on->on_bi.bi_private; - int isupdate; Modifications **mlp; int rc; @@ -303,19 +313,12 @@ rwm_modify( Operation *op, SlapReply *rs ) return -1; } - isupdate = be_shadow_update( op ); for ( mlp = &op->oq_modify.rs_modlist; *mlp; ) { int is_oc = 0; + Modifications *ml; - if ( !isupdate && (*mlp)->sml_desc->ad_type->sat_no_user_mod ) { - Modifications *ml; - - ml = *mlp; - *mlp = (*mlp)->sml_next; - slap_mod_free( &ml->sml_mod, 0 ); - free( ml ); - - continue; + if ( (*mlp)->sml_desc->ad_type->sat_no_user_mod ) { + goto next_mod; } if ( (*mlp)->sml_desc == slap_schema.si_ad_objectClass @@ -329,14 +332,7 @@ rwm_modify( Operation *op, SlapReply *rs ) drop_missing = rwm_mapping( &rwmap->rwm_at, &(*mlp)->sml_desc->ad_cname, &m, RWM_MAP ); if ( drop_missing || ( m != NULL && BER_BVISNULL( &m->m_dst ) ) ) { - Modifications *ml; - - ml = *mlp; - *mlp = (*mlp)->sml_next; - slap_mod_free( &ml->sml_mod, 0 ); - free( ml ); - - continue; + goto cleanup_mod; } if ( m ) { @@ -366,14 +362,7 @@ rwm_modify( Operation *op, SlapReply *rs ) * the relayed database's business... */ #if 0 - Modifications *ml; - - ml = *mlp; - *mlp = (*mlp)->sml_next; - slap_mod_free( &ml->sml_mod, 0 ); - free( ml ); - - continue; + goto cleanup_mod; #endif if ( last > j ) { (*mlp)->sml_values[j] = (*mlp)->sml_values[last]; @@ -393,28 +382,31 @@ rwm_modify( Operation *op, SlapReply *rs ) { #ifdef ENABLE_REWRITE rc = rwm_dnattr_rewrite( op, rs, "modifyDn", - (*mlp)->sml_values, &(*mlp)->sml_nvalues ); + (*mlp)->sml_values, + (*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL ); #else rc = 1; rc = rwm_dnattr_rewrite( op, rs, &rc, - (*mlp)->sml_values, &(*mlp)->sml_nvalues ); + (*mlp)->sml_values, + (*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL ); #endif } if ( rc != LDAP_SUCCESS ) { - Modifications *ml; - - ml = *mlp; - *mlp = (*mlp)->sml_next; - slap_mod_free( &ml->sml_mod, 0 ); - free( ml ); - - continue; + goto cleanup_mod; } } } +next_mod:; mlp = &(*mlp)->sml_next; + continue; + +cleanup_mod:; + ml = *mlp; + *mlp = (*mlp)->sml_next; + slap_mod_free( &ml->sml_mod, 0 ); + free( ml ); } /* TODO: rewrite attribute types, values of DN-valued attributes ... */ @@ -630,7 +622,7 @@ rwm_extended( Operation *op, SlapReply *rs ) } /* TODO: rewrite/map extended data ? ... */ - return 0; + return SLAP_CB_CONTINUE; } static int @@ -718,6 +710,7 @@ rwm_attrs( Operation *op, SlapReply *rs, Attribute** a_first ) struct ldapmapping *m; int drop_missing; int last; + Attribute *a; if ( rs->sr_opattrs == SLAP_OPATTRS && is_at_operational( (*ap)->a_desc->ad_type ) ) { @@ -725,25 +718,17 @@ rwm_attrs( Operation *op, SlapReply *rs, Attribute** a_first ) } else if ( op->ors_attrs != NULL && !ad_inlist( (*ap)->a_desc, op->ors_attrs ) ) { - Attribute *a; - - a = *ap; - *ap = (*ap)->a_next; + goto cleanup_attr; + } - attr_free( a ); - continue; + if ( (*ap)->a_desc->ad_type->sat_no_user_mod ) { + goto next_attr; } drop_missing = rwm_mapping( &rwmap->rwm_at, &(*ap)->a_desc->ad_cname, &m, RWM_REMAP ); if ( drop_missing || ( m != NULL && BER_BVISEMPTY( &m->m_dst ) ) ) { - Attribute *a; - - a = *ap; - *ap = (*ap)->a_next; - - attr_free( a ); - continue; + goto cleanup_attr; } for ( last = 0; !BER_BVISNULL( &(*ap)->a_vals[last] ); last++ ) @@ -802,13 +787,7 @@ rwm_attrs( Operation *op, SlapReply *rs, Attribute** a_first ) { rc = rwm_dnattr_result_rewrite( &dc, (*ap)->a_vals ); if ( rc != LDAP_SUCCESS ) { - Attribute *a; - - a = *ap; - *ap = (*ap)->a_next; - - attr_free( a ); - continue; + goto cleanup_attr; } } @@ -820,6 +799,13 @@ rwm_attrs( Operation *op, SlapReply *rs, Attribute** a_first ) next_attr:; ap = &(*ap)->a_next; + continue; + +cleanup_attr:; + a = *ap; + *ap = (*ap)->a_next; + + attr_free( a ); } return 0; diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c index 25d541d895..f0e97b6b9b 100644 --- a/servers/slapd/passwd.c +++ b/servers/slapd/passwd.c @@ -49,6 +49,7 @@ int passwd_extop( slap_callback cb2 = { NULL, slap_replog_cb, NULL, NULL }; int i, nhash; char **hashes; + int rc; cb2.sc_next = &cb; @@ -72,17 +73,19 @@ int passwd_extop( } if ( id.bv_len ) { - op->o_req_dn = id; + ber_dupbv_x( &op->o_req_dn, &id, op->o_tmpmemctx ); /* ndn is in tmpmem, so we don't need to free it */ rs->sr_err = dnNormalize( 0, NULL, NULL, &id, &op->o_req_ndn, op->o_tmpmemctx ); if ( rs->sr_err != LDAP_SUCCESS ) { rs->sr_text = "Invalid DN"; - return rs->sr_err; + rc = rs->sr_err; + goto error_return; } op->o_bd = select_backend( &op->o_req_ndn, 0, 0 ); + } else { - op->o_req_dn = op->o_dn; - op->o_req_ndn = op->o_ndn; + ber_dupbv_x( &op->o_req_dn, &op->o_dn, op->o_tmpmemctx ); + ber_dupbv_x( &op->o_req_ndn, &op->o_ndn, op->o_tmpmemctx ); ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex ); op->o_bd = op->o_conn->c_authz_backend; ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex ); @@ -90,21 +93,24 @@ int passwd_extop( if( op->o_bd == NULL ) { #ifdef HAVE_CYRUS_SASL - return slap_sasl_setpass( op, rs ); + rc = slap_sasl_setpass( op, rs ); #else rs->sr_text = "no authz backend"; - return LDAP_OTHER; + rc = LDAP_OTHER; #endif + goto error_return; } if ( op->o_req_ndn.bv_len == 0 ) { rs->sr_text = "no password is associated with the Root DSE"; - return LDAP_UNWILLING_TO_PERFORM; + rc = LDAP_UNWILLING_TO_PERFORM; + goto error_return; } if (backend_check_restrictions( op, rs, (struct berval *)&slap_EXOP_MODIFY_PASSWD ) != LDAP_SUCCESS) { - return rs->sr_err; + rc = rs->sr_err; + goto error_return; } @@ -123,12 +129,14 @@ int passwd_extop( } else { rs->sr_ref = defref; } - return LDAP_REFERRAL; + rc = LDAP_REFERRAL; + goto error_return; } rs->sr_text = "shadow context; no update referral"; - return LDAP_UNWILLING_TO_PERFORM; + rc = LDAP_UNWILLING_TO_PERFORM; + goto error_return; } #endif /* !SLAPD_MULTIMASTER */ @@ -141,7 +149,8 @@ int passwd_extop( } if ( qpw->rs_new.bv_len == 0 ) { rs->sr_text = "password generation failed"; - return LDAP_OTHER; + rc = LDAP_OTHER; + goto error_return; } /* Give the backend a chance to handle this itself */ @@ -149,14 +158,16 @@ int passwd_extop( rs->sr_err = op->o_bd->be_extended( op, rs ); if ( rs->sr_err != LDAP_UNWILLING_TO_PERFORM && rs->sr_err != SLAP_CB_CONTINUE ) { - return rs->sr_err; + rc = rs->sr_err; + goto error_return; } } /* The backend didn't handle it, so try it here */ if( op->o_bd && !op->o_bd->be_modify ) { rs->sr_text = "operation not supported for current user"; - return LDAP_UNWILLING_TO_PERFORM; + rc = LDAP_UNWILLING_TO_PERFORM; + goto error_return; } ml = ch_malloc( sizeof(Modifications) ); @@ -189,8 +200,8 @@ int passwd_extop( if ( hashes[i] ) { rs->sr_err = LDAP_OTHER; - } else { + } else { op2 = *op; op2.o_tag = LDAP_REQ_MODIFY; op2.o_callback = &cb2; @@ -203,6 +214,9 @@ int passwd_extop( if ( rs->sr_err == LDAP_SUCCESS ) { rs->sr_err = op2.o_bd->be_modify( &op2, rs ); + /* FIXME: in case it got rewritten... */ + op->o_req_dn = op2.o_req_dn; + op->o_req_ndn = op2.o_req_ndn; } if ( rs->sr_err == LDAP_SUCCESS ) { rs->sr_rspdata = rsp; @@ -215,7 +229,17 @@ int passwd_extop( free( qpw->rs_new.bv_val ); } - return rs->sr_err; + rc = rs->sr_err; + +error_return:; + if ( !BER_BVISNULL( &op->o_req_dn ) ) { + op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx ); + } + if ( !BER_BVISNULL( &op->o_req_ndn ) ) { + op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx ); + } + + return rc; } int slap_passwd_parse( struct berval *reqdata,