From 55691807364623beebd9270c27517ace628b38ee Mon Sep 17 00:00:00 2001 From: Pierangelo Masarati Date: Sat, 15 Sep 2007 17:26:09 +0000 Subject: [PATCH] draft-wahl-ldap-session: append further instances of the control --- servers/slapd/back-ldap/bind.c | 69 +++++++++++++++++++++-------- servers/slapd/back-meta/back-meta.h | 8 ++++ servers/slapd/back-meta/bind.c | 45 ++++++++++++------- servers/slapd/controls.c | 3 ++ 4 files changed, 92 insertions(+), 33 deletions(-) diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c index eb3d49703b..b4f78560a7 100644 --- a/servers/slapd/back-ldap/bind.c +++ b/servers/slapd/back-ldap/bind.c @@ -2519,7 +2519,7 @@ ldap_back_controls_add( LDAPControl **ctrls = NULL; /* set to the maximum number of controls this backend can add */ LDAPControl c[ 2 ] = { 0 }; - int i = 0, j = 0; + int n = 0, i, j1 = 0, j2 = 0; *pctrls = NULL; @@ -2542,13 +2542,13 @@ ldap_back_controls_add( /* proxyAuthz for identity assertion */ switch ( ldap_back_proxy_authz_ctrl( op, rs, &lc->lc_bound_ndn, - li->li_version, &li->li_idassert, &c[ j ] ) ) + li->li_version, &li->li_idassert, &c[ j1 ] ) ) { case SLAP_CB_CONTINUE: break; case LDAP_SUCCESS: - j++; + j1++; break; default: @@ -2556,14 +2556,18 @@ ldap_back_controls_add( } #ifdef SLAP_CONTROL_X_SESSION_TRACKING + /* FIXME: according to , + * the server should check if the control can be added + * based on the identity of the client and so */ + /* session tracking */ if ( LDAP_BACK_ST_REQUEST( li ) ) { - switch ( slap_ctrl_session_tracking_request_add( op, rs, &c[ j ] ) ) { + switch ( slap_ctrl_session_tracking_request_add( op, rs, &c[ j1 + j2 ] ) ) { case SLAP_CB_CONTINUE: break; case LDAP_SUCCESS: - j++; + j2++; break; default: @@ -2576,31 +2580,46 @@ ldap_back_controls_add( rs->sr_err = LDAP_SUCCESS; } - if ( j == 0 ) { + assert( j1 + j1 <= sizeof( c )/sizeof(LDAPControl) ); + + if ( j1 == 0 && j2 == 0 ) { goto done; } if ( op->o_ctrls ) { - for ( i = 0; op->o_ctrls[ i ]; i++ ) + for ( n = 0; op->o_ctrls[ n ]; n++ ) /* just count ctrls */ ; } - ctrls = op->o_tmpalloc( sizeof( LDAPControl * ) * (i + j + 1) + j * sizeof( LDAPControl ), + ctrls = op->o_tmpalloc( (n + j1 + j2 + 1) * sizeof( LDAPControl * ) + ( j1 + j2 ) * sizeof( LDAPControl ), op->o_tmpmemctx ); - ctrls[ 0 ] = (LDAPControl *)&ctrls[ i + j + 1 ]; - *ctrls[ 0 ] = c[ 0 ]; - for ( i = 1; i < j; i++ ) { - ctrls[ i ] = &ctrls[ 0 ][ i ]; - *ctrls[ i ] = c[ i ]; + if ( j1 ) { + ctrls[ 0 ] = (LDAPControl *)&ctrls[ n + j1 + j2 + 1 ]; + *ctrls[ 0 ] = c[ 0 ]; + for ( i = 1; i < j1; i++ ) { + ctrls[ i ] = &ctrls[ 0 ][ i ]; + *ctrls[ i ] = c[ i ]; + } } i = 0; if ( op->o_ctrls ) { for ( i = 0; op->o_ctrls[ i ]; i++ ) { - ctrls[ i + j ] = op->o_ctrls[ i ]; + ctrls[ i + j1 ] = op->o_ctrls[ i ]; + } + } + + if ( j2 ) { + n += j1; + ctrls[ n ] = (LDAPControl *)&ctrls[ n + j2 + 1 ] + j1; + *ctrls[ n ] = c[ j1 ]; + for ( i = 1; i < j2; i++ ) { + ctrls[ n + i ] = &ctrls[ n ][ i ]; + *ctrls[ n + i ] = c[ i ]; } } - ctrls[ i + j ] = NULL; + + ctrls[ n + j2 ] = NULL; done:; if ( ctrls == NULL ) { @@ -2620,13 +2639,27 @@ ldap_back_controls_free( Operation *op, SlapReply *rs, LDAPControl ***pctrls ) /* we assume that the controls added by the proxy come first, * so as soon as we find op->o_ctrls[ 0 ] we can stop */ if ( ctrls && ctrls != op->o_ctrls ) { - int i; + int i, n = 0, n_added; + void *lower, *upper; assert( ctrls[ 0 ] != NULL ); + for ( n = 0; ctrls[ n ] != NULL; n++ ) + /* count 'em */ ; + + if ( op->o_ctrls ) { + for ( i = 0; op->o_ctrls[ i ] != NULL; i++ ) + /* count 'em */ ; + } + + n_added = n - i; + lower = ctrls + n; + upper = lower + sizeof( LDAPControl ) * n_added; + for ( i = 0; ctrls[ i ] != NULL; i++ ) { - if ( op->o_ctrls && ctrls[ i ] == op->o_ctrls[ 0 ] ) { - break; + if ( ctrls[ i ] < lower || ctrls[ i ] >= upper ) { + /* original; don't touch */ + continue; } if ( !BER_BVISNULL( &ctrls[ i ]->ldctl_value ) ) { diff --git a/servers/slapd/back-meta/back-meta.h b/servers/slapd/back-meta/back-meta.h index 2f7b080e8b..00f15521e2 100644 --- a/servers/slapd/back-meta/back-meta.h +++ b/servers/slapd/back-meta/back-meta.h @@ -504,6 +504,14 @@ meta_back_op_result( time_t timeout, ldap_back_send_t sendok ); +extern int +meta_back_controls_add( + Operation *op, + SlapReply *rs, + metaconn_t *mc, + int candidate, + LDAPControl ***pctrls ); + extern int back_meta_LTX_init_module( int argc, diff --git a/servers/slapd/back-meta/bind.c b/servers/slapd/back-meta/bind.c index bae5a47782..340d312861 100644 --- a/servers/slapd/back-meta/bind.c +++ b/servers/slapd/back-meta/bind.c @@ -1581,7 +1581,7 @@ meta_back_controls_add( LDAPControl **ctrls = NULL; /* set to the maximum number of controls this backend can add */ LDAPControl c[ 2 ] = { 0 }; - int i = 0, j = 0; + int n = 0, i, j1 = 0, j2 = 0; *pctrls = NULL; @@ -1604,13 +1604,13 @@ meta_back_controls_add( /* proxyAuthz for identity assertion */ switch ( ldap_back_proxy_authz_ctrl( op, rs, &msc->msc_bound_ndn, - mt->mt_version, &mt->mt_idassert, &c[ j ] ) ) + mt->mt_version, &mt->mt_idassert, &c[ j1 ] ) ) { case SLAP_CB_CONTINUE: break; case LDAP_SUCCESS: - j++; + j1++; break; default: @@ -1620,12 +1620,12 @@ meta_back_controls_add( #ifdef SLAP_CONTROL_X_SESSION_TRACKING /* session tracking */ if ( META_BACK_TGT_ST_REQUEST( mt ) ) { - switch ( slap_ctrl_session_tracking_request_add( op, rs, &c[ j ] ) ) { + switch ( slap_ctrl_session_tracking_request_add( op, rs, &c[ j1 + j2 ] ) ) { case SLAP_CB_CONTINUE: break; case LDAP_SUCCESS: - j++; + j2++; break; default: @@ -1638,31 +1638,46 @@ meta_back_controls_add( rs->sr_err = LDAP_SUCCESS; } - if ( j == 0 ) { + assert( j1 + j1 <= sizeof( c )/sizeof(LDAPControl) ); + + if ( j1 == 0 && j2 == 0 ) { goto done; } if ( op->o_ctrls ) { - for ( i = 0; op->o_ctrls[ i ]; i++ ) + for ( n = 0; op->o_ctrls[ n ]; n++ ) /* just count ctrls */ ; } - ctrls = op->o_tmpalloc( sizeof( LDAPControl * ) * (i + j + 1) + j * sizeof( LDAPControl ), + ctrls = op->o_tmpalloc( (n + j1 + j2 + 1) * sizeof( LDAPControl * ) + ( j1 + j2 ) * sizeof( LDAPControl ), op->o_tmpmemctx ); - ctrls[ 0 ] = (LDAPControl *)&ctrls[ i + j + 1 ]; - *ctrls[ 0 ] = c[ 0 ]; - for ( i = 1; i < j; i++ ) { - ctrls[ i ] = &ctrls[ 0 ][ i ]; - *ctrls[ i ] = c[ i ]; + if ( j1 ) { + ctrls[ 0 ] = (LDAPControl *)&ctrls[ n + j1 + j2 + 1 ]; + *ctrls[ 0 ] = c[ 0 ]; + for ( i = 1; i < j1; i++ ) { + ctrls[ i ] = &ctrls[ 0 ][ i ]; + *ctrls[ i ] = c[ i ]; + } } i = 0; if ( op->o_ctrls ) { for ( i = 0; op->o_ctrls[ i ]; i++ ) { - ctrls[ i + j ] = op->o_ctrls[ i ]; + ctrls[ i + j1 ] = op->o_ctrls[ i ]; + } + } + + if ( j2 ) { + n += j1; + ctrls[ n ] = (LDAPControl *)&ctrls[ n + j2 + 1 ] + j1; + *ctrls[ n ] = c[ j1 ]; + for ( i = 1; i < j2; i++ ) { + ctrls[ n + i ] = &ctrls[ n ][ i ]; + *ctrls[ n + i ] = c[ i ]; } } - ctrls[ i + j ] = NULL; + + ctrls[ n + j2 ] = NULL; done:; if ( ctrls == NULL ) { diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c index ed887e5f1a..665e320955 100644 --- a/servers/slapd/controls.c +++ b/servers/slapd/controls.c @@ -1650,6 +1650,9 @@ static int parseSessionTracking( return LDAP_PROTOCOL_ERROR; } + /* TODO: add the capability to determine if a client is allowed + * to use this control, based on identity, ip and so */ + ber = ber_init( &ctrl->ldctl_value ); if ( ber == NULL ) { rs->sr_text = "internal error"; -- 2.39.5