From 51e619d424b43446dab1090162de241ddc968edf Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Mon, 5 Jun 2000 03:10:46 +0000 Subject: [PATCH] Add ManageDSAit support to back-dnssrv Fix backend critical controls crash Move 'associatedDomain' to core.schema --- clients/tools/ldapsearch.c | 5 +- servers/slapd/back-dnssrv/add.c | 3 +- servers/slapd/back-dnssrv/back-dnssrv.h | 4 +- servers/slapd/back-dnssrv/compare.c | 3 +- servers/slapd/back-dnssrv/delete.c | 3 +- servers/slapd/back-dnssrv/init.c | 7 ++ servers/slapd/back-dnssrv/modify.c | 3 +- servers/slapd/back-dnssrv/modrdn.c | 3 +- servers/slapd/back-dnssrv/request.c | 123 +++++++++++++++++++++++- servers/slapd/back-dnssrv/search.c | 3 +- servers/slapd/charray.c | 2 + servers/slapd/schema/core.schema | 8 ++ servers/slapd/schema/cosine.schema | 8 +- servers/slapd/schema/pilot.schema | 4 - 14 files changed, 156 insertions(+), 23 deletions(-) diff --git a/clients/tools/ldapsearch.c b/clients/tools/ldapsearch.c index 460b199f1f..319b31b886 100644 --- a/clients/tools/ldapsearch.c +++ b/clients/tools/ldapsearch.c @@ -671,7 +671,7 @@ static int dosearch( char *value) { char filter[ BUFSIZ ]; - int rc, first, matches, err; + int rc, first, matches; LDAPMessage *res, *e; if( filtpatt != NULL ) { @@ -721,8 +721,7 @@ static int dosearch( ldap_perror( ld, "ldap_result" ); return( rc ); } - rc = ldap_parse_result( ld, res, &err, NULL, NULL, NULL, NULL, 0 ); - if ( rc != LDAP_SUCCESS || rc != LDAP_SUCCESS ) { + if (( rc = ldap_result2error( ld, res, 0 )) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_search" ); } if ( sortattr != NULL ) { diff --git a/servers/slapd/back-dnssrv/add.c b/servers/slapd/back-dnssrv/add.c index aed74a3e6a..67292e7bb7 100644 --- a/servers/slapd/back-dnssrv/add.c +++ b/servers/slapd/back-dnssrv/add.c @@ -23,5 +23,6 @@ dnssrv_back_add( Entry *e ) { - return dnssrv_back_request( be, conn, op, e->e_dn, e->e_ndn ); + return dnssrv_back_request( be, conn, op, e->e_dn, e->e_ndn, + 0, NULL, NULL, 0 ); } diff --git a/servers/slapd/back-dnssrv/back-dnssrv.h b/servers/slapd/back-dnssrv/back-dnssrv.h index 878e85f71a..e4a401d8c8 100644 --- a/servers/slapd/back-dnssrv/back-dnssrv.h +++ b/servers/slapd/back-dnssrv/back-dnssrv.h @@ -20,7 +20,9 @@ int dnssrv_result(); extern int dnssrv_back_request LDAP_P(( BackendDB *bd, Connection *conn, Operation *op, - const char *dn, const char *ndn )); + const char *dn, const char *ndn, + int scope, Filter *filter, + char **attrs, int attrsonly )); LDAP_END_DECL diff --git a/servers/slapd/back-dnssrv/compare.c b/servers/slapd/back-dnssrv/compare.c index 2ec14988ad..140121e3c7 100644 --- a/servers/slapd/back-dnssrv/compare.c +++ b/servers/slapd/back-dnssrv/compare.c @@ -29,5 +29,6 @@ dnssrv_back_compare( #endif ) { - return dnssrv_back_request( be, conn, op, dn, ndn ); + return dnssrv_back_request( be, conn, op, dn, ndn, + 0, NULL, NULL, 0 ); } diff --git a/servers/slapd/back-dnssrv/delete.c b/servers/slapd/back-dnssrv/delete.c index 4ab5049e78..abcbf3fe67 100644 --- a/servers/slapd/back-dnssrv/delete.c +++ b/servers/slapd/back-dnssrv/delete.c @@ -25,5 +25,6 @@ dnssrv_back_delete( const char *ndn ) { - return dnssrv_back_request( be, conn, op, dn, ndn ); + return dnssrv_back_request( be, conn, op, dn, ndn, + 0, NULL, NULL, 0 ); } diff --git a/servers/slapd/back-dnssrv/init.c b/servers/slapd/back-dnssrv/init.c index 743c17114e..7e7679f8cd 100644 --- a/servers/slapd/back-dnssrv/init.c +++ b/servers/slapd/back-dnssrv/init.c @@ -34,6 +34,13 @@ dnssrv_back_initialize( BackendInfo *bi ) { + static char *controls[] = { + LDAP_CONTROL_MANAGEDSAIT, + NULL + }; + + bi->bi_controls = controls; + bi->bi_open = 0; bi->bi_config = 0; bi->bi_close = 0; diff --git a/servers/slapd/back-dnssrv/modify.c b/servers/slapd/back-dnssrv/modify.c index 4da2f55093..53d7c23a52 100644 --- a/servers/slapd/back-dnssrv/modify.c +++ b/servers/slapd/back-dnssrv/modify.c @@ -26,5 +26,6 @@ dnssrv_back_modify( Modifications *ml ) { - return dnssrv_back_request( be, conn, op, dn, ndn ); + return dnssrv_back_request( be, conn, op, dn, ndn, + 0, NULL, NULL, 0 ); } diff --git a/servers/slapd/back-dnssrv/modrdn.c b/servers/slapd/back-dnssrv/modrdn.c index c461cdf4fb..c595dcbc4f 100644 --- a/servers/slapd/back-dnssrv/modrdn.c +++ b/servers/slapd/back-dnssrv/modrdn.c @@ -27,5 +27,6 @@ dnssrv_back_modrdn( const char *newSuperior ) { - return dnssrv_back_request( be, conn, op, dn, ndn ); + return dnssrv_back_request( be, conn, op, dn, ndn, + 0, NULL, NULL, 0 ); } diff --git a/servers/slapd/back-dnssrv/request.c b/servers/slapd/back-dnssrv/request.c index 3e68d5db67..a781ef94aa 100644 --- a/servers/slapd/back-dnssrv/request.c +++ b/servers/slapd/back-dnssrv/request.c @@ -21,7 +21,9 @@ dnssrv_back_request( Connection *conn, Operation *op, const char *dn, - const char *ndn ) + const char *ndn, + int scope, Filter *filter, + char **attrs, int attrsonly ) { int i; int rc; @@ -29,6 +31,7 @@ dnssrv_back_request( char *hostlist = NULL; char **hosts = NULL; struct berval **urls = NULL; + int manageDSAit = get_manageDSAit( op ); if( ndn == NULL || *ndn == '\0' ) { send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM, @@ -87,12 +90,122 @@ dnssrv_back_request( "conn=%ld op=%d DNSSRV p=%d dn=\"%s\" url=\"%s\"\n", op->o_connid, op->o_opid, op->o_protocol, dn, urls[0]->bv_val ); - Debug( LDAP_DEBUG_TRACE, "DNSSRV: dn=\"%s\" -> url=\"%s\"\n", + Debug( LDAP_DEBUG_TRACE, "DNSSRV: %sdn=\"%s\" -> url=\"%s\"\n", + manageDSAit ? "ManageDSAit " : "", dn == NULL ? "" : dn, - urls[0]->bv_val, 0 ); + urls[0]->bv_val ); - send_ldap_result( conn, op, LDAP_REFERRAL, - NULL, "DNS SRV generated referrals", urls, NULL ); + if( manageDSAit ) { + if( op->o_tag != LDAP_REQ_SEARCH ) { + send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM, + dn, "DNS SRV ManageDSAIT control disallowed", + NULL, NULL ); + + } else if ( scope != LDAP_SCOPE_ONELEVEL ) { + struct berval val; + struct berval *vals[2]; + Entry *e = ch_calloc( 1, sizeof(Entry) ); +#ifdef SLAPD_SCHEMA_NOT_COMPAT + AttributeDescription *ad_objectClass + = slap_schema.si_ad_objectClass; + AttributeDescription *ad_ref = slap_schema.si_ad_ref; +#else + const char ad_objectClass = "objectClass"; + const char ad_ref = "ref"; +#endif + e->e_dn = strdup( dn ); + e->e_ndn = strdup( ndn ); + + e->e_attrs = NULL; + e->e_private = NULL; + + vals[0] = &val; + vals[1] = NULL; + + val.bv_val = "top"; + val.bv_len = sizeof("top")-1; + attr_merge( e, ad_objectClass, vals ); + + val.bv_val = "referral"; + val.bv_len = sizeof("referral")-1; + attr_merge( e, ad_objectClass, vals ); + + val.bv_val = "extensibleObject"; + val.bv_len = sizeof("extensibleObject")-1; + attr_merge( e, ad_objectClass, vals ); + + { +#ifdef SLAPD_SCHEMA_NOT_COMPAT + AttributeDescription *ad = NULL; + const char *text; + + rc = slap_str2ad( "dc", &ad, &text ); +#else + rc = LDAP_SUCCESS; + const char *ad = "dc"; +#endif + + if( rc == LDAP_SUCCESS ) { + char *p; + val.bv_val = ch_strdup( domain ); + + p = strchr( val.bv_val, '.' ); + + if( p == val.bv_val ) { + val.bv_val[1] = '\0'; + } else if ( p != NULL ) { + *p = '\0'; + } + + val.bv_len = strlen(val.bv_val); + attr_merge( e, ad, vals ); + + ad_free( ad, 1 ); + } + } + + { +#ifdef SLAPD_SCHEMA_NOT_COMPAT + AttributeDescription *ad = NULL; + const char *text; + + rc = slap_str2ad( "associatedDomain", &ad, &text ); +#else + rc = LDAP_SUCCESS; + const char *ad = "associatedDomain"; +#endif + + if( rc == LDAP_SUCCESS ) { + val.bv_val = domain; + val.bv_len = strlen(domain); + attr_merge( e, ad, vals ); + + ad_free( ad, 1 ); + } + } + + attr_merge( e, ad_ref, urls ); + + rc = test_filter( be, conn, op, e, filter ); + + if( rc == LDAP_COMPARE_TRUE ) { + send_search_entry( be, conn, op, + e, attrs, attrsonly, NULL ); + } + + entry_free( e ); + + send_ldap_result( conn, op, LDAP_SUCCESS, + NULL, NULL, NULL, NULL ); + + } else { + send_ldap_result( conn, op, LDAP_SUCCESS, + NULL, NULL, NULL, NULL ); + } + } else { + send_ldap_result( conn, op, LDAP_REFERRAL, + NULL, "DNS SRV generated referrals", urls, NULL ); + } done: if( domain != NULL ) ch_free( domain ); diff --git a/servers/slapd/back-dnssrv/search.c b/servers/slapd/back-dnssrv/search.c index 93f26d3a38..d9dea2e3ed 100644 --- a/servers/slapd/back-dnssrv/search.c +++ b/servers/slapd/back-dnssrv/search.c @@ -34,5 +34,6 @@ dnssrv_back_search( int attrsonly ) { - return dnssrv_back_request( be, conn, op, dn, ndn ); + return dnssrv_back_request( be, conn, op, dn, ndn, + scope, filter, attrs, attrsonly ); } diff --git a/servers/slapd/charray.c b/servers/slapd/charray.c index b67ec5a4db..b51659141a 100644 --- a/servers/slapd/charray.c +++ b/servers/slapd/charray.c @@ -86,6 +86,8 @@ charray_inlist( { int i; + if( a == NULL ) return 0; + for ( i = 0; a[i] != NULL; i++ ) { if ( strcasecmp( s, a[i] ) == 0 ) { return( 1 ); diff --git a/servers/slapd/schema/core.schema b/servers/slapd/schema/core.schema index 880c668fc3..bbf2dd593f 100644 --- a/servers/slapd/schema/core.schema +++ b/servers/slapd/schema/core.schema @@ -582,6 +582,14 @@ objectclass ( 1.3.6.1.4.1.4203.666.3.2 SUP top STRUCTURAL MAY cn ) +# +# From Cosine Pilot +# +attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + # # From U-Mich # diff --git a/servers/slapd/schema/cosine.schema b/servers/slapd/schema/cosine.schema index 3e23f587f8..ff2d9f9811 100644 --- a/servers/slapd/schema/cosine.schema +++ b/servers/slapd/schema/cosine.schema @@ -527,10 +527,10 @@ attributetype ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' # caseIgnoreIA5StringSyntax # ::= {pilotAttributeType 37} # -attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +#attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' +# EQUALITY caseIgnoreIA5Match +# SUBSTR caseIgnoreIA5SubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) # 9.3.28. Associated Name # diff --git a/servers/slapd/schema/pilot.schema b/servers/slapd/schema/pilot.schema index 0feb3a6981..05e9552af7 100644 --- a/servers/slapd/schema/pilot.schema +++ b/servers/slapd/schema/pilot.schema @@ -122,14 +122,10 @@ attributetype ( 0.9.2342.19200300.100.1.26 NAME 'dNSRecord' # 0.9.2342.19200300.100.1.30 was sOARecord in RFC1274 # 0.9.2342.19200300.100.1.31 was cNAMERecord in RFC1274 -# Terrific, we don't know about caseIgnoreIA5SubstringsMatch #attribute ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' # EQUALITY caseIgnoreIA5Match # SUBSTR caseIgnoreIA5SubstringsMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' EQUALITY distinguishedNameMatch -- 2.39.5