From 6253e7c278ab9bac233968bd2e1e40748ff3bd02 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Wed, 15 Dec 1999 23:22:47 +0000 Subject: [PATCH] Updated sasl response to support returning of referrals. Updates to extended operation framework to support arbitrary referrals and extended results without OIDs. Updated passwd extended operation to support returning update_refs as needed. Needs replog support. --- servers/slapd/back-ldbm/extended.c | 13 +++++---- servers/slapd/back-ldbm/external.h | 4 ++- servers/slapd/back-ldbm/passwd.c | 10 ++++--- servers/slapd/back-ldbm/proto-back-ldbm.h | 6 ++-- servers/slapd/extended.c | 34 ++++++++++++++--------- servers/slapd/passwd.c | 33 ++++++++++++++++------ servers/slapd/proto-slap.h | 24 ++++++++++++---- servers/slapd/result.c | 3 +- servers/slapd/slap.h | 8 ++++-- servers/slapd/starttls.c | 6 ++-- servers/slapd/tools/mimic.c | 1 + 11 files changed, 96 insertions(+), 46 deletions(-) diff --git a/servers/slapd/back-ldbm/extended.c b/servers/slapd/back-ldbm/extended.c index bc172df0d8..18aa0ac70b 100644 --- a/servers/slapd/back-ldbm/extended.c +++ b/servers/slapd/back-ldbm/extended.c @@ -29,20 +29,23 @@ ldbm_back_extended( Backend *be, Connection *conn, Operation *op, - char *oid, + char *reqoid, struct berval *reqdata, + char **rspoid, struct berval **rspdata, LDAPControl *** rspctrls, - char** text + char** text, + struct berval *** refs ) { int i; for( i=0; exop_table[i].oid != NULL; i++ ) { - if( strcmp( exop_table[i].oid, oid ) == 0 ) { + if( strcmp( exop_table[i].oid, reqoid ) == 0 ) { return (exop_table[i].extended)( - be, conn, op, oid, - reqdata, rspdata, rspctrls, text ); + be, conn, op, + reqoid, reqdata, + rspoid, rspdata, rspctrls, text, refs ); } } diff --git a/servers/slapd/back-ldbm/external.h b/servers/slapd/back-ldbm/external.h index aeac346579..5cba7ebb3f 100644 --- a/servers/slapd/back-ldbm/external.h +++ b/servers/slapd/back-ldbm/external.h @@ -26,9 +26,11 @@ extern int ldbm_back_extended LDAP_P(( BackendDB *bd, Connection *conn, Operation *op, char *reqoid, struct berval *reqdata, + char **rspoid, struct berval **rspdata, LDAPControl *** rspctrls, - char **text )); + char **text, + struct berval *** refs )); extern int ldbm_back_bind LDAP_P(( BackendDB *bd, Connection *conn, Operation *op, diff --git a/servers/slapd/back-ldbm/passwd.c b/servers/slapd/back-ldbm/passwd.c index 85bbed01b4..6915b59cad 100644 --- a/servers/slapd/back-ldbm/passwd.c +++ b/servers/slapd/back-ldbm/passwd.c @@ -21,11 +21,13 @@ ldbm_back_exop_passwd( Backend *be, Connection *conn, Operation *op, - char *oid, + char *reqoid, struct berval *reqdata, + char **rspoid, struct berval **rspdata, LDAPControl *** rspctrls, - char** text + char** text, + struct berval *** refs ) { struct ldbminfo *li = (struct ldbminfo *) be->be_private; @@ -38,8 +40,8 @@ ldbm_back_exop_passwd( char *dn; - assert( oid != NULL ); - assert( strcmp( LDAP_EXOP_X_MODIFY_PASSWD, oid ) == 0 ); + assert( reqoid != NULL ); + assert( strcmp( LDAP_EXOP_X_MODIFY_PASSWD, reqoid ) == 0 ); rc = slap_passwd_parse( reqdata, &id, NULL, &new, text ); diff --git a/servers/slapd/back-ldbm/proto-back-ldbm.h b/servers/slapd/back-ldbm/proto-back-ldbm.h index 89aae2a432..c9ebbae66e 100644 --- a/servers/slapd/back-ldbm/proto-back-ldbm.h +++ b/servers/slapd/back-ldbm/proto-back-ldbm.h @@ -148,11 +148,13 @@ int index_change_values LDAP_P(( Backend *be, */ extern int ldbm_back_exop_passwd LDAP_P(( BackendDB *bd, Connection *conn, Operation *op, - char *oid, + char *reqoid, struct berval *reqdata, + char **rspoid, struct berval **rspdata, LDAPControl ***rspctrls, - char **text )); + char **text, + struct berval *** refs )); /* diff --git a/servers/slapd/extended.c b/servers/slapd/extended.c index d3db89e29b..a1c5c8a293 100644 --- a/servers/slapd/extended.c +++ b/servers/slapd/extended.c @@ -86,19 +86,20 @@ do_extended( ) { int rc = LDAP_SUCCESS; - char* oid; + char* reqoid; struct berval *reqdata; ber_tag_t tag; ber_len_t len; extop_list_t *ext; char *text; struct berval **refs; + char *rspoid; struct berval *rspdata; LDAPControl **rspctrls; Debug( LDAP_DEBUG_TRACE, "do_extended\n", 0, 0, 0 ); - oid = NULL; + reqoid = NULL; reqdata = NULL; if( op->o_protocol < LDAP_VERSION3 ) { @@ -110,7 +111,7 @@ do_extended( goto done; } - if ( ber_scanf( op->o_ber, "{a" /*}*/, &oid ) == LBER_ERROR ) { + if ( ber_scanf( op->o_ber, "{a" /*}*/, &reqoid ) == LBER_ERROR ) { Debug( LDAP_DEBUG_ANY, "do_extended: ber_scanf failed\n", 0, 0 ,0 ); send_ldap_disconnect( conn, op, LDAP_PROTOCOL_ERROR, "decoding error" ); @@ -118,9 +119,9 @@ do_extended( goto done; } - if( !(ext = find_extop(supp_ext_list, oid)) ) { + if( !(ext = find_extop(supp_ext_list, reqoid)) ) { Debug( LDAP_DEBUG_ANY, "do_extended: unsupported operation \"%s\"\n", - oid, 0 ,0 ); + reqoid, 0 ,0 ); send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR, NULL, "unsupported extended operation", NULL, NULL ); goto done; @@ -143,22 +144,29 @@ do_extended( return rc; } - Debug( LDAP_DEBUG_ARGS, "do_extended: oid=%s\n", oid, 0 ,0 ); + Debug( LDAP_DEBUG_ARGS, "do_extended: oid=%s\n", reqoid, 0 ,0 ); + rspoid = NULL; rspdata = NULL; rspctrls = NULL; text = NULL; + refs = NULL; rc = (ext->ext_main)( extop_callback, conn, op, - oid, reqdata, &rspdata, &rspctrls, &text ); + reqoid, reqdata, + &rspoid, &rspdata, &rspctrls, &text, &refs ); if( rc != SLAPD_ABANDON ) { - refs = NULL; - if (rc == LDAP_REFERRAL) + if (rc == LDAP_REFERRAL) { refs = default_referral; + } + + send_ldap_extended( conn, op, rc, NULL, text, refs, + rspoid, rspdata, rspctrls ); + } - send_ldap_extended( conn, op, rc, NULL, text, - refs, oid, rspdata, rspctrls ); + if ( rspoid != NULL ) { + free( rspoid ); } if ( rspdata != NULL ) @@ -171,8 +179,8 @@ done: if ( reqdata != NULL ) { ber_bvfree( reqdata ); } - if ( oid != NULL ) { - free( oid ); + if ( reqoid != NULL ) { + free( reqoid ); } return rc; diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c index d75926d1d1..124d674dbb 100644 --- a/servers/slapd/passwd.c +++ b/servers/slapd/passwd.c @@ -20,28 +20,43 @@ int passwd_extop( SLAP_EXTOP_CALLBACK_FN ext_callback, - Connection *conn, Operation *op, char *oid, + Connection *conn, Operation *op, + char *reqoid, struct berval *reqdata, + char **rspoid, struct berval **rspdata, LDAPControl ***rspctrls, - char **text ) + char **text, + struct berval ***refs ) { int rc; - assert( oid != NULL ); - assert( strcmp( LDAP_EXOP_X_MODIFY_PASSWD, oid ) == 0 ); + assert( reqoid != NULL ); + assert( strcmp( LDAP_EXOP_X_MODIFY_PASSWD, reqoid ) == 0 ); if( op->o_dn == NULL || op->o_dn[0] == '\0' ) { *text = ch_strdup("only authenicated users may change passwords"); return LDAP_STRONG_AUTH_REQUIRED; } - if( conn->c_authz_backend != NULL && - conn->c_authz_backend->be_extended ) + if( conn->c_authz_backend != NULL && conn->c_authz_backend->be_extended ) { - rc = conn->c_authz_backend->be_extended( - conn->c_authz_backend, - conn, op, oid, reqdata, rspdata, rspctrls, text ); + if( global_readonly || conn->c_authz_backend->be_readonly ) { + *text = ch_strdup("authorization database is read only"); + rc = LDAP_UNWILLING_TO_PERFORM; + + } else if( conn->c_authz_backend->be_update_ndn != NULL ) { + /* we SHOULD return a referral in this case */ + *refs = conn->c_authz_backend->be_update_refs; + rc = LDAP_REFERRAL; + + } else { + rc = conn->c_authz_backend->be_extended( + conn->c_authz_backend, conn, op, + reqoid, reqdata, + rspoid, rspdata, rspctrls, + text, refs ); + } } else { *text = ch_strdup("operation not supported for current user"); diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index b786933a0e..c56f87ba99 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -256,11 +256,13 @@ typedef int (*SLAP_EXTOP_CALLBACK_FN) LDAP_P(( typedef int (*SLAP_EXTOP_MAIN_FN) LDAP_P(( SLAP_EXTOP_CALLBACK_FN, Connection *conn, Operation *op, - char * oid, + char * reqoid, struct berval * reqdata, + char ** rspoid, struct berval ** rspdata, LDAPControl *** rspctrls, - char ** text )); + char ** text, + struct berval *** refs )); typedef int (*SLAP_EXTOP_GETOID_FN) LDAP_P(( int index, char *oid, int blen )); @@ -377,6 +379,7 @@ LIBSLAPD_F (void) send_ldap_sasl LDAP_P(( Connection *conn, Operation *op, ber_int_t err, const char *matched, const char *text, + struct berval **refs, LDAPControl **ctrls, struct berval *cred )); @@ -391,6 +394,11 @@ LIBSLAPD_F (void) send_ldap_extended LDAP_P(( char *rspoid, struct berval *rspdata, LDAPControl **ctrls )); +LIBSLAPD_F (void) send_ldap_partial LDAP_P(( + Connection *conn, Operation *op, + char *rspoid, struct berval *rspdata, + LDAPControl **ctrls )); + LIBSLAPD_F (void) send_search_result LDAP_P(( Connection *conn, Operation *op, ber_int_t err, const char *matched, const char *text, @@ -465,11 +473,13 @@ LIBSLAPD_F (int) dscompare LDAP_P(( const char *s1, const char *s2del, char deli LIBSLAPD_F (int) starttls_extop LDAP_P(( SLAP_EXTOP_CALLBACK_FN, Connection *conn, Operation *op, - char * oid, + char * reqoid, struct berval * reqdata, + char ** rspoid, struct berval ** rspdata, LDAPControl ***rspctrls, - char ** text )); + char ** text, + struct berval *** refs )); /* @@ -506,11 +516,13 @@ LIBSLAPD_F (void) slap_init_user LDAP_P(( char *username, char *groupname )); LIBSLAPD_F (int) passwd_extop LDAP_P(( SLAP_EXTOP_CALLBACK_FN, Connection *conn, Operation *op, - char * oid, + char * reqoid, struct berval * reqdata, + char ** rspoid, struct berval ** rspdata, LDAPControl *** rspctrls, - char ** text )); + char ** text, + struct berval *** refs )); LIBSLAPD_F (int) slap_passwd_check( Attribute *attr, diff --git a/servers/slapd/result.c b/servers/slapd/result.c index ad3c065ddf..cd7c59e598 100644 --- a/servers/slapd/result.c +++ b/servers/slapd/result.c @@ -457,6 +457,7 @@ send_ldap_sasl( ber_int_t err, const char *matched, const char *text, + struct berval **ref, LDAPControl **ctrls, struct berval *cred ) @@ -482,7 +483,7 @@ send_ldap_sasl( #endif send_ldap_response( conn, op, tag, msgid, - err, matched, text, NULL, + err, matched, text, ref, NULL, NULL, cred, ctrls ); } diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index 7d0fd55dfa..b0e67a32ea 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -535,11 +535,13 @@ typedef int (*SLAP_EXTENDED_FN) LDAP_P(( Backend *be, struct slap_conn *conn, struct slap_op *op, - char *oid, + char *reqoid, struct berval * reqdata, + char **rspoid, struct berval ** rspdata, - LDAPControl ***rspctrls, - char** text )); + LDAPControl *** rspctrls, + char ** text, + struct berval *** refs )); struct slap_backend_info { char *bi_type; /* type of backend */ diff --git a/servers/slapd/starttls.c b/servers/slapd/starttls.c index 35767fae39..6228b5be69 100644 --- a/servers/slapd/starttls.c +++ b/servers/slapd/starttls.c @@ -23,11 +23,13 @@ starttls_extop ( SLAP_EXTOP_CALLBACK_FN cb, Connection *conn, Operation *op, - char * oid, + char * reqoid, struct berval * reqdata, + char ** rspoid, struct berval ** rspdata, LDAPControl ***rspctrls, - char ** text ) + char ** text, + struct berval *** refs ) { void *ctx; diff --git a/servers/slapd/tools/mimic.c b/servers/slapd/tools/mimic.c index f1e1a51521..03d91a25a9 100644 --- a/servers/slapd/tools/mimic.c +++ b/servers/slapd/tools/mimic.c @@ -62,6 +62,7 @@ send_ldap_sasl( ber_int_t err, const char *matched, const char *text, + struct berval **refs, LDAPControl **ctrls, struct berval *cred ) -- 2.39.5