From 18c3f9e0938553bc3255ade72118860c03e380e3 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Fri, 13 May 2005 23:51:43 +0000 Subject: [PATCH] Add manage obsolete attributes capability. --- servers/slapd/add.c | 17 ++++++--- servers/slapd/modify.c | 68 ++++++++++++++++++++++++--------- servers/slapd/proto-slap.h | 9 ++++- servers/slapd/sasl.c | 4 +- servers/slapd/slapi/slapi_ops.c | 20 +++++----- 5 files changed, 82 insertions(+), 36 deletions(-) diff --git a/servers/slapd/add.c b/servers/slapd/add.c index ada140c384..77e3dea9db 100644 --- a/servers/slapd/add.c +++ b/servers/slapd/add.c @@ -214,6 +214,8 @@ fe_op_add( Operation *op, SlapReply *rs ) Modifications **modtail = &modlist; int rc = 0; BackendDB *op_be; + char textbuf[ SLAP_TEXT_BUFLEN ]; + size_t textlen = sizeof( textbuf ); manageDSAit = get_manageDSAit( op ); @@ -262,6 +264,14 @@ fe_op_add( Operation *op, SlapReply *rs ) goto done; } + rs->sr_err = slap_mods_no_user_mod_check( op, modlist, + &rs->sr_text, textbuf, textlen ); + + if ( rs->sr_err != LDAP_SUCCESS ) { + send_ldap_result( op, rs ); + goto done; + } + #ifdef LDAP_SLAPI if ( op->o_pb ) init_add_pblock( op, &op->o_req_dn, op->ora_e, manageDSAit ); #endif /* LDAP_SLAPI */ @@ -280,16 +290,13 @@ fe_op_add( Operation *op, SlapReply *rs ) #endif { int update = !BER_BVISEMPTY( &op->o_bd->be_update_ndn ); - char textbuf[ SLAP_TEXT_BUFLEN ]; - size_t textlen = sizeof( textbuf ); slap_callback cb = { NULL, slap_replog_cb, NULL, NULL }; op->o_bd = op_be; if ( !update ) { - rs->sr_err = slap_mods_no_update_check( modlist, - &rs->sr_text, - textbuf, textlen ); + rs->sr_err = slap_mods_no_user_mod_check( op, modlist, + &rs->sr_text, textbuf, textlen ); if ( rs->sr_err != LDAP_SUCCESS ) { send_ldap_result( op, rs ); diff --git a/servers/slapd/modify.c b/servers/slapd/modify.c index f33d3e44b8..f468efd38d 100644 --- a/servers/slapd/modify.c +++ b/servers/slapd/modify.c @@ -226,6 +226,8 @@ fe_op_modify( Operation *op, SlapReply *rs ) int increment = op->orm_increment; int rc = 0; BackendDB *op_be; + char textbuf[ SLAP_TEXT_BUFLEN ]; + size_t textlen = sizeof( textbuf ); if( op->o_req_ndn.bv_len == 0 ) { Debug( LDAP_DEBUG_ANY, "do_modify: root dse!\n", 0, 0, 0 ); @@ -348,6 +350,15 @@ fe_op_modify( Operation *op, SlapReply *rs ) goto cleanup; } + { + rs->sr_err = slap_mods_obsolete_check( op, modlist, + &rs->sr_text, textbuf, textlen ); + if ( rs->sr_err != LDAP_SUCCESS ) { + send_ldap_result( op, rs ); + goto cleanup; + } + } + /* check for modify/increment support */ if( increment && !SLAP_INCREMENT( op->o_bd ) ) { send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, @@ -427,15 +438,13 @@ fe_op_modify( Operation *op, SlapReply *rs ) #endif { int update = !BER_BVISEMPTY( &op->o_bd->be_update_ndn ); - char textbuf[ SLAP_TEXT_BUFLEN ]; - size_t textlen = sizeof( textbuf ); slap_callback cb = { NULL, slap_replog_cb, NULL, NULL }; op->o_bd = op_be; if ( !update ) { - rs->sr_err = slap_mods_no_update_check( modlist, - &rs->sr_text, textbuf, textlen ); + rs->sr_err = slap_mods_no_user_mod_check( op, modlist, + &rs->sr_text, textbuf, textlen ); if ( rs->sr_err != LDAP_SUCCESS ) { send_ldap_result( op, rs ); goto cleanup; @@ -519,10 +528,45 @@ cleanup:; } /* - * Do non-update constraint checking. + * Obsolete constraint checking. */ int -slap_mods_no_update_check( +slap_mods_obsolete_check( + Operation *op, + Modifications *ml, + const char **text, + char *textbuf, + size_t textlen ) +{ + if( get_manageDIT( op ) ) return LDAP_SUCCESS; + + for ( ; ml != NULL; ml = ml->sml_next ) { + if ( is_at_obsolete( ml->sml_desc->ad_type ) && + (( ml->sml_op != LDAP_MOD_REPLACE && + ml->sml_op != LDAP_MOD_DELETE ) || + ml->sml_values != NULL )) + { + /* + * attribute is obsolete, + * only allow replace/delete with no values + */ + snprintf( textbuf, textlen, + "%s: attribute is obsolete", + ml->sml_type.bv_val ); + *text = textbuf; + return LDAP_CONSTRAINT_VIOLATION; + } + } + + return LDAP_SUCCESS; +} + +/* + * No-user-modification constraint checking. + */ +int +slap_mods_no_user_mod_check( + Operation *op, Modifications *ml, const char **text, char *textbuf, @@ -601,17 +645,6 @@ int slap_mods_check( } #if 0 - /* moved to slap_mods_no_update_check() */ - if (!update && is_at_no_user_mod( ad->ad_type )) { - /* user modification disallowed */ - snprintf( textbuf, textlen, - "%s: no user modification allowed", - ml->sml_type.bv_val ); - *text = textbuf; - return LDAP_CONSTRAINT_VIOLATION; - } -#endif - if ( is_at_obsolete( ad->ad_type ) && (( ml->sml_op != LDAP_MOD_REPLACE && ml->sml_op != LDAP_MOD_DELETE ) || @@ -627,6 +660,7 @@ int slap_mods_check( *text = textbuf; return LDAP_CONSTRAINT_VIOLATION; } +#endif if ( ml->sml_op == LDAP_MOD_INCREMENT && #ifdef SLAPD_REAL_SYNTAX diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index c8c2095d2f..cb7bf9fa90 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -878,7 +878,14 @@ LDAP_SLAPD_F (int) slap_modrdn2mods( /* * modify.c */ -LDAP_SLAPD_F( int ) slap_mods_no_update_check( +LDAP_SLAPD_F( int ) slap_mods_obsolete_check( + Operation *op, + Modifications *ml, + const char **text, + char *textbuf, size_t textlen ); + +LDAP_SLAPD_F( int ) slap_mods_no_user_mod_check( + Operation *op, Modifications *ml, const char **text, char *textbuf, size_t textlen ); diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c index 091a7d2139..87fce497a5 100644 --- a/servers/slapd/sasl.c +++ b/servers/slapd/sasl.c @@ -386,8 +386,8 @@ slap_auxprop_store( rc = slap_mods_check( modlist, &text, textbuf, textlen, NULL ); if ( rc == LDAP_SUCCESS ) { - rc = slap_mods_no_update_check( modlist, &text, - textbuf, textlen ); + rc = slap_mods_no_user_mod_check( &op, modlist, + &text, textbuf, textlen ); if ( rc == LDAP_SUCCESS ) { rc = slap_mods_opattrs( &op, modlist, modtail, diff --git a/servers/slapd/slapi/slapi_ops.c b/servers/slapd/slapi/slapi_ops.c index 3e32409ecf..5a95c62fc3 100644 --- a/servers/slapd/slapi/slapi_ops.c +++ b/servers/slapd/slapi/slapi_ops.c @@ -455,23 +455,22 @@ slapi_int_ldapmod_to_entry( size_t textlen = sizeof( textbuf ); rc = slap_mods_check( modlist, &text, - textbuf, textlen, NULL ); + textbuf, textlen, NULL ); if ( rc != LDAP_SUCCESS) { goto cleanup; } if ( !update ) { - rc = slap_mods_no_update_check( modlist, - &text, textbuf, textlen ); + rc = slap_mods_no_user_mod_check( op, modlist, + &text, textbuf, textlen ); if ( rc != LDAP_SUCCESS) { goto cleanup; } } if ( !repl_user ) { - rc = slap_mods_opattrs( op, - modlist, modtail, &text, - textbuf, textlen, 1 ); + rc = slap_mods_opattrs( op, modlist, modtail, + &text, textbuf, textlen, 1 ); if ( rc != LDAP_SUCCESS) { goto cleanup; } @@ -488,8 +487,7 @@ slapi_int_ldapmod_to_entry( } } -cleanup: - +cleanup:; if ( dn.bv_val ) slapi_ch_free( (void **)&dn.bv_val ); if ( modlist != NULL ) @@ -1030,14 +1028,14 @@ slapi_modify_internal( slap_callback cb = { NULL, slap_replog_cb, NULL, NULL }; rs.sr_err = slap_mods_check( modlist, - &text, textbuf, textlen, NULL ); + &text, textbuf, textlen, NULL ); if ( rs.sr_err != LDAP_SUCCESS ) { goto cleanup; } if ( !update ) { - rs.sr_err = slap_mods_no_update_check( modlist, - &text, textbuf, textlen ); + rs.sr_err = slap_mods_no_user_mod_check( op, modlist, + &text, textbuf, textlen ); if ( rs.sr_err != LDAP_SUCCESS ) { goto cleanup; } -- 2.39.5