From 094bc99b83a418e0a686f22d52795f4d020259f9 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Tue, 7 Sep 2004 05:00:33 +0000 Subject: [PATCH] Initial entryDN implementation. Need to implement filter support (for entryDN and subschemaSubentry). Fixed hasSubordinate assert() bug in entry filters --- servers/slapd/backend.c | 31 ++++++++++++----- servers/slapd/compare.c | 21 ++++++++---- servers/slapd/filterentry.c | 67 ++++++++++++++++++------------------- servers/slapd/operational.c | 31 +++++++++++++---- servers/slapd/proto-slap.h | 1 + servers/slapd/result.c | 5 +-- servers/slapd/schema_prep.c | 11 ++++++ servers/slapd/slap.h | 2 +- 8 files changed, 109 insertions(+), 60 deletions(-) diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c index 50478f33e8..e01cc20ac8 100644 --- a/servers/slapd/backend.c +++ b/servers/slapd/backend.c @@ -1573,14 +1573,21 @@ int backend_operational( * add them to the attribute list */ if ( SLAP_OPATTRS( rs->sr_attr_flags ) || ( op->ors_attrs && - ad_inlist( slap_schema.si_ad_subschemaSubentry, op->ors_attrs )) ) { - *ap = slap_operational_subschemaSubentry( op->o_bd ); + ad_inlist( slap_schema.si_ad_entryDN, op->ors_attrs ))) + { + *ap = slap_operational_entryDN( rs->sr_entry ); + ap = &(*ap)->a_next; + } + if ( SLAP_OPATTRS( rs->sr_attr_flags ) || ( op->ors_attrs && + ad_inlist( slap_schema.si_ad_subschemaSubentry, op->ors_attrs ))) + { + *ap = slap_operational_subschemaSubentry( op->o_bd ); ap = &(*ap)->a_next; } - if ( ( SLAP_OPATTRS( rs->sr_attr_flags ) || op->ors_attrs ) && op->o_bd && - op->o_bd->be_operational != NULL ) + if (( SLAP_OPATTRS( rs->sr_attr_flags ) || op->ors_attrs ) && + op->o_bd && op->o_bd->be_operational != NULL ) { Attribute *a; @@ -1604,17 +1611,23 @@ static void init_group_pblock( Operation *op, Entry *target, Entry *e, struct berval *op_ndn, AttributeDescription *group_at ) { slapi_int_pblock_set_operation( op->o_pb, op ); - slapi_pblock_set( op->o_pb, SLAPI_X_GROUP_ENTRY, (void *)e ); - slapi_pblock_set( op->o_pb, SLAPI_X_GROUP_OPERATION_DN, (void *)op_ndn->bv_val ); - slapi_pblock_set( op->o_pb, SLAPI_X_GROUP_ATTRIBUTE, (void *)group_at->ad_cname.bv_val ); - slapi_pblock_set( op->o_pb, SLAPI_X_GROUP_TARGET_ENTRY, (void *)target ); + + slapi_pblock_set( op->o_pb, + SLAPI_X_GROUP_ENTRY, (void *)e ); + slapi_pblock_set( op->o_pb, + SLAPI_X_GROUP_OPERATION_DN, (void *)op_ndn->bv_val ); + slapi_pblock_set( op->o_pb, + SLAPI_X_GROUP_ATTRIBUTE, (void *)group_at->ad_cname.bv_val ); + slapi_pblock_set( op->o_pb, + SLAPI_X_GROUP_TARGET_ENTRY, (void *)target ); } static int call_group_preop_plugins( Operation *op ) { int rc; - rc = slapi_int_call_plugins( op->o_bd, SLAPI_X_PLUGIN_PRE_GROUP_FN, op->o_pb ); + rc = slapi_int_call_plugins( op->o_bd, + SLAPI_X_PLUGIN_PRE_GROUP_FN, op->o_pb ); if ( rc < 0 ) { if (( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE, (void *)&rc ) != 0 ) || rc == LDAP_SUCCESS ) diff --git a/servers/slapd/compare.c b/servers/slapd/compare.c index 47fff95598..7a47daff6d 100644 --- a/servers/slapd/compare.c +++ b/servers/slapd/compare.c @@ -265,16 +265,23 @@ fe_op_compare( Operation *op, SlapReply *rs ) #endif /* defined( LDAP_SLAPI ) */ op->orc_ava = &ava; - if ( ava.aa_desc == slap_schema.si_ad_hasSubordinates - && op->o_bd->be_has_subordinates ) + if ( ava.aa_desc == slap_schema.si_ad_entryDN ) { + send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, + "entryDN compare not supported" ); + + } else if ( ava.aa_desc == slap_schema.si_ad_subschemaSubentry ) { + send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, + "subschemaSubentry compare not supported" ); + + } else if ( ava.aa_desc == slap_schema.si_ad_hasSubordinates + && op->o_bd->be_has_subordinates ) { int rc, hasSubordinates = LDAP_SUCCESS; - rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, - 0, &entry ); + rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &entry ); if ( rc == 0 && entry ) { rc = op->o_bd->be_has_subordinates( op, entry, - &hasSubordinates ); + &hasSubordinates ); be_entry_release_r( op, entry ); } @@ -292,11 +299,11 @@ fe_op_compare( Operation *op, SlapReply *rs ) send_ldap_result( op, rs ); if ( rs->sr_err == LDAP_COMPARE_TRUE || - rs->sr_err == LDAP_COMPARE_FALSE ) + rs->sr_err == LDAP_COMPARE_FALSE ) { rs->sr_err = LDAP_SUCCESS; } - + } else if ( op->o_bd->be_compare ) { op->o_bd->be_compare( op, rs ); diff --git a/servers/slapd/filterentry.c b/servers/slapd/filterentry.c index d881e28c1f..bd4b195ca4 100644 --- a/servers/slapd/filterentry.c +++ b/servers/slapd/filterentry.c @@ -352,6 +352,36 @@ test_ava_filter( return LDAP_INSUFFICIENT_ACCESS; } + if ( ava->aa_desc == slap_schema.si_ad_hasSubordinates + && op && op->o_bd && op->o_bd->be_has_subordinates ) + { + int hasSubordinates; + struct berval hs; + + /* No other match is allowed */ + if( type != LDAP_FILTER_EQUALITY ) return LDAP_OTHER; + + if ( op->o_bd->be_has_subordinates( op, e, &hasSubordinates ) != + LDAP_SUCCESS ) + { + return LDAP_OTHER; + } + + if ( hasSubordinates == LDAP_COMPARE_TRUE ) { + hs = slap_true_bv; + + } else if ( hasSubordinates == LDAP_COMPARE_FALSE ) { + hs = slap_false_bv; + + } else { + return LDAP_OTHER; + } + + if ( bvmatch( &ava->aa_value, &hs ) ) return LDAP_COMPARE_TRUE; + return LDAP_COMPARE_FALSE; + } + + for(a = attrs_find( e->e_attrs, ava->aa_desc ); a != NULL; a = attrs_find( a->a_next, ava->aa_desc ) ) @@ -379,9 +409,7 @@ test_ava_filter( mr = NULL; } - if( mr == NULL ) { - continue; - } + if( mr == NULL ) continue; for ( bv = a->a_nvals; bv->bv_val != NULL; bv++ ) { int ret; @@ -410,38 +438,7 @@ test_ava_filter( } } - if ( ava->aa_desc == slap_schema.si_ad_hasSubordinates - && op && op->o_bd && op->o_bd->be_has_subordinates ) - { - int hasSubordinates; - struct berval hs; - - /* - * No other match should be allowed ... - */ - assert( type == LDAP_FILTER_EQUALITY ); - - if ( op->o_bd->be_has_subordinates( op, e, &hasSubordinates ) != - LDAP_SUCCESS ) - { - return LDAP_OTHER; - } - - if ( hasSubordinates == LDAP_COMPARE_TRUE ) { - hs = slap_true_bv; - - } else if ( hasSubordinates == LDAP_COMPARE_FALSE ) { - hs = slap_false_bv; - - } else { - return LDAP_OTHER; - } - - if ( bvmatch( &ava->aa_value, &hs ) ) return LDAP_COMPARE_TRUE; - return LDAP_COMPARE_FALSE; - } - - return( LDAP_COMPARE_FALSE ); + return LDAP_COMPARE_FALSE; } diff --git a/servers/slapd/operational.c b/servers/slapd/operational.c index d66d54b093..4838b11739 100644 --- a/servers/slapd/operational.c +++ b/servers/slapd/operational.c @@ -48,18 +48,37 @@ slap_operational_subschemaSubentry( Backend *be ) return a; } +Attribute * +slap_operational_entryDN( Entry *e ) +{ + Attribute *a; + + a = ch_malloc( sizeof( Attribute ) ); + a->a_desc = slap_schema.si_ad_entryDN; + + a->a_vals = ch_malloc( 2 * sizeof( struct berval ) ); + ber_dupbv( a->a_vals, &e->e_name ); + a->a_vals[1].bv_len = 0; + a->a_vals[1].bv_val = NULL; + + a->a_nvals = ch_malloc( 2 * sizeof( struct berval ) ); + ber_dupbv( a->a_nvals, &e->e_nname ); + a->a_nvals[1].bv_len = 0; + a->a_nvals[1].bv_val = NULL; + + a->a_next = NULL; + a->a_flags = 0; + + return a; +} + Attribute * slap_operational_hasSubordinate( int hs ) { Attribute *a; struct berval val; - if ( hs ) { - val = slap_true_bv; - - } else { - val = slap_false_bv; - } + val = hs ? slap_true_bv : slap_false_bv; a = ch_malloc( sizeof( Attribute ) ); a->a_desc = slap_schema.si_ad_hasSubordinates; diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index d9684e4d15..f05259524b 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -907,6 +907,7 @@ LDAP_SLAPD_F (Operation *) slap_op_pop LDAP_P(( Operation **olist )); * operational.c */ LDAP_SLAPD_F (Attribute *) slap_operational_subschemaSubentry( Backend *be ); +LDAP_SLAPD_F (Attribute *) slap_operational_entryDN( Entry *e ); LDAP_SLAPD_F (Attribute *) slap_operational_hasSubordinate( int has ); /* diff --git a/servers/slapd/result.c b/servers/slapd/result.c index 69ec2f4740..b80743871e 100644 --- a/servers/slapd/result.c +++ b/servers/slapd/result.c @@ -693,8 +693,9 @@ slap_send_search_entry( Operation *op, SlapReply *rs ) rs->sr_type = REP_SEARCH; - /* eventually will loop through generated operational attributes */ - /* only subschemaSubentry and numSubordinates are implemented */ + /* eventually will loop through generated operational attribute types + * currently implemented types include: + * entryDN, subschemaSubentry, and hasSubordinates */ /* NOTE: moved before overlays callback circling because * they may modify entry and other stuff in rs */ /* check for special all operational attributes ("+") type */ diff --git a/servers/slapd/schema_prep.c b/servers/slapd/schema_prep.c index e1c09e1daa..8ac8f3ae80 100644 --- a/servers/slapd/schema_prep.c +++ b/servers/slapd/schema_prep.c @@ -528,6 +528,15 @@ static struct slap_schema_ad_map { offsetof(struct slap_internal_schema, si_ad_collectiveExclusions) }, #endif + { "entryDN", "( 1.3.6.1.4.1.4203.666.1.33 NAME 'entryDN' " + "DESC 'DN of the entry' " + "EQUALITY distinguishedNameMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 " + "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", + NULL, SLAP_AT_HIDE, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_entryDN) }, { "entryUUID", "( 1.3.6.1.4.1.4203.666.1.6 NAME 'entryUUID' " "DESC 'UUID of the entry' " "EQUALITY UUIDMatch " @@ -559,6 +568,7 @@ static struct slap_schema_ad_map { NULL, NULL, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_namingCSN) }, +#if 0 { "superiorUUID", "( 1.3.6.1.4.1.4203.666.1.11 NAME 'superiorUUID' " "DESC 'UUID of the superior entry' " "EQUALITY octetStringMatch " @@ -568,6 +578,7 @@ static struct slap_schema_ad_map { NULL, NULL, NULL, NULL, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_superiorUUID) }, +#endif { "syncreplCookie", "( 1.3.6.1.4.1.4203.666.1.23 " "NAME 'syncreplCookie' " diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index cab135a846..8cc963126a 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -797,10 +797,10 @@ struct slap_internal_schema { AttributeDescription *si_ad_subschemaSubentry; AttributeDescription *si_ad_collectiveSubentries; AttributeDescription *si_ad_collectiveExclusions; + AttributeDescription *si_ad_entryDN; AttributeDescription *si_ad_entryUUID; AttributeDescription *si_ad_entryCSN; AttributeDescription *si_ad_namingCSN; - AttributeDescription *si_ad_superiorUUID; AttributeDescription *si_ad_dseType; AttributeDescription *si_ad_syncreplCookie; -- 2.39.5