From 14662be6923878e17b2092e754a0bbc06c634a20 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Mon, 28 Jan 2002 20:25:30 +0000 Subject: [PATCH] Add whoami extended operation. Add no-op control (needs backend implementation) Updated modify password extended option API Kludged control infrastructure to support frontend only controls --- clients/tools/ldappasswd.c | 8 ++-- include/ldap.h | 23 ++++++----- servers/slapd/ad.c | 8 ++-- servers/slapd/back-bdb/add.c | 4 +- servers/slapd/back-bdb/back-bdb.h | 2 +- servers/slapd/back-bdb/extended.c | 2 +- servers/slapd/back-bdb/init.c | 3 ++ servers/slapd/back-bdb/passwd.c | 2 +- servers/slapd/back-ldbm/extended.c | 2 +- servers/slapd/back-ldbm/passwd.c | 2 +- servers/slapd/controls.c | 64 ++++++++++++++++++++++++------ servers/slapd/extended.c | 48 +++++++++++++++++++++- servers/slapd/passwd.c | 10 ++--- servers/slapd/sasl.c | 1 - servers/slapd/slap.h | 1 + 15 files changed, 133 insertions(+), 47 deletions(-) diff --git a/clients/tools/ldappasswd.c b/clients/tools/ldappasswd.c index a5cfa4aa38..5819b412fa 100644 --- a/clients/tools/ldappasswd.c +++ b/clients/tools/ldappasswd.c @@ -662,19 +662,19 @@ main( int argc, char *argv[] ) if( user != NULL ) { ber_printf( ber, "ts", - LDAP_TAG_EXOP_X_MODIFY_PASSWD_ID, user ); + LDAP_TAG_EXOP_MODIFY_PASSWD_ID, user ); free(user); } if( oldpw != NULL ) { ber_printf( ber, "ts", - LDAP_TAG_EXOP_X_MODIFY_PASSWD_OLD, oldpw ); + LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, oldpw ); free(oldpw); } if( newpw != NULL ) { ber_printf( ber, "ts", - LDAP_TAG_EXOP_X_MODIFY_PASSWD_NEW, newpw ); + LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, newpw ); free(newpw); } @@ -697,7 +697,7 @@ main( int argc, char *argv[] ) } rc = ldap_extended_operation( ld, - LDAP_EXOP_X_MODIFY_PASSWD, bv, + LDAP_EXOP_MODIFY_PASSWD, bv, NULL, NULL, &id ); ber_bvfree( bv ); diff --git a/include/ldap.h b/include/ldap.h index f7a10c5c29..396e32ad7b 100644 --- a/include/ldap.h +++ b/include/ldap.h @@ -180,23 +180,22 @@ typedef struct ldapcontrol { /* LDAP Controls */ -#ifdef undef +#if 0 /* chase referrals client control (not yet implemented) */ #define LDAP_CONTROL_REFERRALS "1.2.840.113666.1.4.616" #define LDAP_CHASE_SUBORDINATE_REFERRALS 0x0020U #define LDAP_CHASE_EXTERNAL_REFERRALS 0x0040U #endif -#define LDAP_CONTROL_SUBENTRIES "1.3.6.1.4.1.4203.666.5.1" -#define LDAP_CONTROL_MANAGEDSAIT "2.16.840.1.113730.3.4.2" +#define LDAP_CONTROL_MANAGEDSAIT "2.16.840.1.113730.3.4.2" +#define LDAP_CONTROL_SUBENTRIES "1.3.6.1.4.1.4203.666.5.1" +#define LDAP_CONTROL_NOOP "1.3.6.1.4.1.4203.666.5.2" #define LDAP_CONTROL_DUPENT_REQUEST "2.16.840.1.113719.1.27.101.1" #define LDAP_CONTROL_DUPENT_RESPONSE "2.16.840.1.113719.1.27.101.2" #define LDAP_CONTROL_DUPENT_ENTRY "2.16.840.1.113719.1.27.101.3" #define LDAP_CONTROL_DUPENT LDAP_CONTROL_DUPENT_REQUEST -/* Experimental Controls */ - #define LDAP_CONTROL_SORTREQUEST "1.2.840.113556.1.4.473" #define LDAP_CONTROL_SORTRESPONSE "1.2.840.113556.1.4.474" #define LDAP_CONTROL_VLVREQUEST "2.16.840.1.113730.3.4.9" @@ -207,13 +206,15 @@ typedef struct ldapcontrol { #define LDAP_NOTICE_DISCONNECT LDAP_NOTICE_OF_DISCONNECTION /* LDAP Extended Operations */ -#define LDAP_EXOP_START_TLS "1.3.6.1.4.1.1466.20037" +#define LDAP_EXOP_START_TLS "1.3.6.1.4.1.1466.20037" + +#define LDAP_EXOP_MODIFY_PASSWD "1.3.6.1.4.1.4203.1.11.1" +#define LDAP_TAG_EXOP_MODIFY_PASSWD_ID ((ber_tag_t) 0x80U) +#define LDAP_TAG_EXOP_MODIFY_PASSWD_OLD ((ber_tag_t) 0x81U) +#define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW ((ber_tag_t) 0x82U) +#define LDAP_TAG_EXOP_MODIFY_PASSWD_GEN ((ber_tag_t) 0x80U) -#define LDAP_EXOP_X_MODIFY_PASSWD "1.3.6.1.4.1.4203.1.11.1" -#define LDAP_TAG_EXOP_X_MODIFY_PASSWD_ID ((ber_tag_t) 0x80U) -#define LDAP_TAG_EXOP_X_MODIFY_PASSWD_OLD ((ber_tag_t) 0x81U) -#define LDAP_TAG_EXOP_X_MODIFY_PASSWD_NEW ((ber_tag_t) 0x82U) -#define LDAP_TAG_EXOP_X_MODIFY_PASSWD_GEN ((ber_tag_t) 0x80U) +#define LDAP_EXOP_X_WHO_AM_I "1.3.6.1.4.1.4203.666.6.2" /* * specific LDAP instantiations of BER types we know about diff --git a/servers/slapd/ad.c b/servers/slapd/ad.c index 49f5f734a7..41c6dcb5a9 100644 --- a/servers/slapd/ad.c +++ b/servers/slapd/ad.c @@ -102,7 +102,6 @@ int slap_bv2ad( AttributeDescription desc, *d2; char *name, *options; char *opt, *next; - char *s, *ptr; int nlang; int langlen; @@ -201,14 +200,15 @@ int slap_bv2ad( int rc; rc = strncasecmp( opt, langs[i].bv_val, - optlen < langs[i].bv_len ? optlen : langs[i].bv_len ); + (unsigned) optlen < langs[i].bv_len + ? optlen : langs[i].bv_len ); - if( rc == 0 && optlen == langs[i].bv_len ) { + if( rc == 0 && (unsigned)optlen == langs[i].bv_len ) { /* duplicate (ignore) */ goto done; } else if ( rc > 0 || - ( rc == 0 && optlen > langs[i].bv_len )) + ( rc == 0 && (unsigned)optlen > langs[i].bv_len )) { AC_MEMCPY( &langs[i+1], &langs[i], (nlang-i)*sizeof(struct berval) ); diff --git a/servers/slapd/back-bdb/add.c b/servers/slapd/back-bdb/add.c index 1a8a66acc5..bb621f845b 100644 --- a/servers/slapd/back-bdb/add.c +++ b/servers/slapd/back-bdb/add.c @@ -64,8 +64,8 @@ bdb_add( } if( 0 ) { -retry: /* transaction retry */ - rc = txn_abort( ltid ); +retry: /* transaction retry */ + rc = txn_abort( ltid ); ltid = NULL; op->o_private = NULL; if( rc != 0 ) { diff --git a/servers/slapd/back-bdb/back-bdb.h b/servers/slapd/back-bdb/back-bdb.h index 6de08bc2ad..4b26842f12 100644 --- a/servers/slapd/back-bdb/back-bdb.h +++ b/servers/slapd/back-bdb/back-bdb.h @@ -122,7 +122,7 @@ struct bdb_info { int bi_nrdns; #endif - int bi_txn; + int bi_txn; int bi_txn_cp; u_int32_t bi_txn_cp_min; u_int32_t bi_txn_cp_kbyte; diff --git a/servers/slapd/back-bdb/extended.c b/servers/slapd/back-bdb/extended.c index f06d8ed6d4..057acc8f1d 100644 --- a/servers/slapd/back-bdb/extended.c +++ b/servers/slapd/back-bdb/extended.c @@ -17,7 +17,7 @@ static struct exop { char *oid; BI_op_extended *extended; } exop_table[] = { - { LDAP_EXOP_X_MODIFY_PASSWD, bdb_exop_passwd }, + { LDAP_EXOP_MODIFY_PASSWD, bdb_exop_passwd }, { NULL, NULL } }; diff --git a/servers/slapd/back-bdb/init.c b/servers/slapd/back-bdb/init.c index 36638ed27d..447eaa5f44 100644 --- a/servers/slapd/back-bdb/init.c +++ b/servers/slapd/back-bdb/init.c @@ -411,6 +411,9 @@ bdb_initialize( static char *controls[] = { LDAP_CONTROL_MANAGEDSAIT, LDAP_CONTROL_SUBENTRIES, +#if 0 + LDAP_CONTROL_NOOP, +#endif NULL }; diff --git a/servers/slapd/back-bdb/passwd.c b/servers/slapd/back-bdb/passwd.c index c0a38fe920..cb9b51aa62 100644 --- a/servers/slapd/back-bdb/passwd.c +++ b/servers/slapd/back-bdb/passwd.c @@ -41,7 +41,7 @@ bdb_exop_passwd( struct berval *dn; assert( reqoid != NULL ); - assert( strcmp( LDAP_EXOP_X_MODIFY_PASSWD, reqoid ) == 0 ); + assert( strcmp( LDAP_EXOP_MODIFY_PASSWD, reqoid ) == 0 ); rc = slap_passwd_parse( reqdata, &id, NULL, &new, text ); diff --git a/servers/slapd/back-ldbm/extended.c b/servers/slapd/back-ldbm/extended.c index edef7ca491..8a56d65164 100644 --- a/servers/slapd/back-ldbm/extended.c +++ b/servers/slapd/back-ldbm/extended.c @@ -20,7 +20,7 @@ struct exop { char *oid; BI_op_extended *extended; } exop_table[] = { - { LDAP_EXOP_X_MODIFY_PASSWD, ldbm_back_exop_passwd }, + { LDAP_EXOP_MODIFY_PASSWD, ldbm_back_exop_passwd }, { NULL, NULL } }; diff --git a/servers/slapd/back-ldbm/passwd.c b/servers/slapd/back-ldbm/passwd.c index 58d5452832..1f04c48555 100644 --- a/servers/slapd/back-ldbm/passwd.c +++ b/servers/slapd/back-ldbm/passwd.c @@ -42,7 +42,7 @@ ldbm_back_exop_passwd( struct berval ndn; assert( reqoid != NULL ); - assert( strcmp( LDAP_EXOP_X_MODIFY_PASSWD, reqoid ) == 0 ); + assert( strcmp( LDAP_EXOP_MODIFY_PASSWD, reqoid ) == 0 ); rc = slap_passwd_parse( reqdata, &id, NULL, &new, text ); diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c index f0338dc974..c977f312a1 100644 --- a/servers/slapd/controls.c +++ b/servers/slapd/controls.c @@ -19,15 +19,18 @@ #include "../../libraries/liblber/lber-int.h" -#define SLAP_CTRL_ABANDON 0x0001 -#define SLAP_CTRL_ADD 0x2002 -#define SLAP_CTRL_BIND 0x0004 -#define SLAP_CTRL_COMPARE 0x1008 -#define SLAP_CTRL_DELETE 0x2010 -#define SLAP_CTRL_MODIFY 0x2020 -#define SLAP_CTRL_RENAME 0x2040 -#define SLAP_CTRL_SEARCH 0x1080 -#define SLAP_CTRL_UNBIND 0x0100 +#define SLAP_CTRL_FRONTEND 0x80000000U + +#define SLAP_CTRL_OPFLAGS 0x0000FFFFU +#define SLAP_CTRL_ABANDON 0x00000001U +#define SLAP_CTRL_ADD 0x00002002U +#define SLAP_CTRL_BIND 0x00000004U +#define SLAP_CTRL_COMPARE 0x00001008U +#define SLAP_CTRL_DELETE 0x00002010U +#define SLAP_CTRL_MODIFY 0x00002020U +#define SLAP_CTRL_RENAME 0x00002040U +#define SLAP_CTRL_SEARCH 0x00001080U +#define SLAP_CTRL_UNBIND 0x00000100U #define SLAP_CTRL_INTROGATE (SLAP_CTRL_COMPARE|SLAP_CTRL_SEARCH) #define SLAP_CTRL_UPDATE \ @@ -42,10 +45,11 @@ typedef int (SLAP_CTRL_PARSE_FN) LDAP_P(( static SLAP_CTRL_PARSE_FN parseManageDSAit; static SLAP_CTRL_PARSE_FN parseSubentries; +static SLAP_CTRL_PARSE_FN parseNoOp; static struct slap_control { char *sc_oid; - int sc_ops_mask; + slap_mask_t sc_mask; char **sc_extendedops; SLAP_CTRL_PARSE_FN *sc_parse; @@ -56,6 +60,11 @@ static struct slap_control { { LDAP_CONTROL_SUBENTRIES, SLAP_CTRL_SEARCH, NULL, parseSubentries }, +#ifdef LDAP_CONTROL_NOOP + { LDAP_CONTROL_NOOP, + SLAP_CTRL_UPDATE, NULL, + parseNoOp }, +#endif { NULL } }; @@ -248,7 +257,7 @@ int get_ctrls( c = find_ctrl( tctrl->ldctl_oid ); if( c != NULL ) { /* recongized control */ - int tagmask = -1; + slap_mask_t tagmask; switch( op->o_tag ) { case LDAP_REQ_ADD: tagmask = SLAP_CTRL_ADD; @@ -276,7 +285,7 @@ int get_ctrls( break; case LDAP_REQ_EXTENDED: /* FIXME: check list of extended operations */ - tagmask = -1; + tagmask = ~0U; break; default: rc = LDAP_OTHER; @@ -284,7 +293,7 @@ int get_ctrls( goto return_results; } - if (( c->sc_ops_mask & tagmask ) == tagmask ) { + if (( c->sc_mask & tagmask ) == tagmask ) { /* available extension */ if( !c->sc_parse ) { @@ -297,6 +306,11 @@ int get_ctrls( if( rc != LDAP_SUCCESS ) goto return_results; + if( c->sc_mask & SLAP_CTRL_FRONTEND ) { + /* kludge to disable backend_control() check */ + tctrl->ldctl_iscritical = 0; + } + } else if( tctrl->ldctl_iscritical ) { /* unavailable CRITICAL control */ rc = LDAP_UNAVAILABLE_CRITICAL_EXTENSION; @@ -387,3 +401,27 @@ static int parseSubentries ( return LDAP_SUCCESS; } + +static int parseNoOp ( + Connection *conn, + Operation *op, + LDAPControl *ctrl, + const char **text ) +{ + if ( op->o_noop != SLAP_NO_CONTROL ) { + *text = "noop control specified multiple times"; + return LDAP_PROTOCOL_ERROR; + } + + if ( ctrl->ldctl_value.bv_len ) { + *text = "noop control value not empty"; + return LDAP_PROTOCOL_ERROR; + } + + op->o_noop = ctrl->ldctl_iscritical + ? SLAP_CRITICAL_CONTROL + : SLAP_NONCRITICAL_CONTROL; + + return LDAP_SUCCESS; +} + diff --git a/servers/slapd/extended.c b/servers/slapd/extended.c index 4a34d2ed4f..acf9b70aad 100644 --- a/servers/slapd/extended.c +++ b/servers/slapd/extended.c @@ -29,6 +29,7 @@ #include #include +#include #include "slap.h" @@ -38,6 +39,8 @@ static struct extop_list { SLAP_EXTOP_MAIN_FN *ext_main; } *supp_ext_list = NULL; +static SLAP_EXTOP_MAIN_FN whoami_extop; + /* this list of built-in extops is for extops that are not part * of backends or in external modules. essentially, this is * just a way to get built-in extops onto the extop list without @@ -50,7 +53,8 @@ static struct { #ifdef HAVE_TLS { LDAP_EXOP_START_TLS, starttls_extop }, #endif - { LDAP_EXOP_X_MODIFY_PASSWD, passwd_extop }, + { LDAP_EXOP_MODIFY_PASSWD, passwd_extop }, + { LDAP_EXOP_X_WHO_AM_I, whoami_extop }, { NULL, NULL } }; @@ -214,8 +218,9 @@ do_extended( free( rspoid ); } - if ( rspdata != NULL ) + if ( rspdata != NULL ) { ber_bvfree( rspdata ); + } done: if ( reqdata != NULL ) { @@ -293,3 +298,42 @@ find_extop( struct extop_list *list, char *oid ) } return(NULL); } + + +int +whoami_extop ( + Connection *conn, + Operation *op, + const char * reqoid, + struct berval * reqdata, + char ** rspoid, + struct berval ** rspdata, + LDAPControl ***rspctrls, + const char ** text, + BerVarray * refs ) +{ + struct berval *bv; + + if ( reqdata != NULL ) { + /* no request data should be provided */ + *text = "no request data expected"; + return LDAP_PROTOCOL_ERROR; + } + + bv = (struct berval *) ch_malloc( sizeof(struct berval) ); + if( op->o_dn.bv_len ) { + bv->bv_len = op->o_dn.bv_len + sizeof("dn:")-1; + bv->bv_val = ch_malloc( bv->bv_len + 1 ); + AC_MEMCPY( bv->bv_val, "dn:", sizeof("dn:")-1 ); + AC_MEMCPY( &bv->bv_val[sizeof("dn:")-1], op->o_dn.bv_val, + op->o_dn.bv_len ); + bv->bv_val[bv->bv_len] = '\0'; + + } else { + bv->bv_len = 0; + bv->bv_val = NULL; + } + + *rspdata = bv; + return LDAP_SUCCESS; +} \ No newline at end of file diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c index 75814602a8..ab04da8d2a 100644 --- a/servers/slapd/passwd.c +++ b/servers/slapd/passwd.c @@ -31,7 +31,7 @@ int passwd_extop( int rc; assert( reqoid != NULL ); - assert( strcmp( LDAP_EXOP_X_MODIFY_PASSWD, reqoid ) == 0 ); + assert( strcmp( LDAP_EXOP_MODIFY_PASSWD, reqoid ) == 0 ); if( op->o_dn.bv_len == 0 ) { *text = "only authenticated users may change passwords"; @@ -101,7 +101,7 @@ int slap_passwd_parse( struct berval *reqdata, tag = ber_peek_tag( ber, &len ); } - if( tag == LDAP_TAG_EXOP_X_MODIFY_PASSWD_ID ) { + if( tag == LDAP_TAG_EXOP_MODIFY_PASSWD_ID ) { if( id == NULL ) { #ifdef NEW_LOGGING LDAP_LOG(( "operation", LDAP_LEVEL_ERR, @@ -133,7 +133,7 @@ int slap_passwd_parse( struct berval *reqdata, tag = ber_peek_tag( ber, &len); } - if( tag == LDAP_TAG_EXOP_X_MODIFY_PASSWD_OLD ) { + if( tag == LDAP_TAG_EXOP_MODIFY_PASSWD_OLD ) { if( oldpass == NULL ) { #ifdef NEW_LOGGING LDAP_LOG(( "operation", LDAP_LEVEL_ERR, @@ -165,7 +165,7 @@ int slap_passwd_parse( struct berval *reqdata, tag = ber_peek_tag( ber, &len); } - if( tag == LDAP_TAG_EXOP_X_MODIFY_PASSWD_NEW ) { + if( tag == LDAP_TAG_EXOP_MODIFY_PASSWD_NEW ) { if( newpass == NULL ) { #ifdef NEW_LOGGING LDAP_LOG(( "operation", LDAP_LEVEL_ERR, @@ -257,7 +257,7 @@ struct berval * slap_passwd_return( ber_init_w_nullc( ber, LBER_USE_DER ); rc = ber_printf( ber, "{tON}", - LDAP_TAG_EXOP_X_MODIFY_PASSWD_GEN, cred ); + LDAP_TAG_EXOP_MODIFY_PASSWD_GEN, cred ); if( rc >= 0 ) { (void) ber_flatten( ber, &bv ); diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c index 251098fb98..282b51b6c3 100644 --- a/servers/slapd/sasl.c +++ b/servers/slapd/sasl.c @@ -704,7 +704,6 @@ int slap_sasl_bind( rc = slap_sasl_getdn( conn, username, edn, FLAG_GETDN_FINAL ); if( rc == LDAP_SUCCESS ) { - int i; sasl_ssf_t *ssf = NULL; (void) sasl_getprop( ctx, SASL_SSF, (void *)&ssf ); *ssfp = ssf ? *ssf : 0; diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index b6d8acca30..b821ecc38e 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -1409,6 +1409,7 @@ typedef struct slap_op { char o_managedsait; char o_subentries; char o_subentries_visibility; + char o_noop; int o_abandon; /* abandon flag */ ldap_pvt_thread_mutex_t o_abandonmutex; /* protects o_abandon */ -- 2.39.5