From c04e9ac9932961ff54fe59f352919d417c49ab7c Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Sun, 9 Feb 2003 05:39:21 +0000 Subject: [PATCH] rename "permit modify" control to "permissive modify" rename "no referrals" controls to "domain scope" misc cleanup --- include/ldap.h | 4 +- servers/slapd/back-bdb/modify.c | 8 ++-- servers/slapd/back-bdb/search.c | 6 ++- servers/slapd/back-ldbm/modify.c | 12 ++++-- servers/slapd/back-ldbm/search.c | 2 +- servers/slapd/controls.c | 70 ++++++++++++++++---------------- servers/slapd/extended.c | 4 +- servers/slapd/result.c | 12 +++--- servers/slapd/schema_prep.c | 6 +++ servers/slapd/slap.h | 15 ++++--- 10 files changed, 77 insertions(+), 62 deletions(-) diff --git a/include/ldap.h b/include/ldap.h index f30a60ee1a..caff392517 100644 --- a/include/ldap.h +++ b/include/ldap.h @@ -230,8 +230,8 @@ typedef struct ldapcontrol { #define LDAP_CONTROL_VLVRESPONSE "2.16.840.1.113730.3.4.10" #ifdef LDAP_DEVEL -#define LDAP_CONTROL_PERMITMODIFY "1.2.840.113556.1.4.1413" -#define LDAP_CONTROL_NOREFERRALS "1.2.840.113556.1.4.1339" +#define LDAP_CONTROL_X_PERMISSIVE_MODIFY "1.2.840.113556.1.4.1413" +#define LDAP_CONTROL_X_DOMAIN_SCOPE "1.2.840.113556.1.4.1339" #endif /* LDAP Unsolicited Notifications */ diff --git a/servers/slapd/back-bdb/modify.c b/servers/slapd/back-bdb/modify.c index 3d9e86dceb..b2ffc7a178 100644 --- a/servers/slapd/back-bdb/modify.c +++ b/servers/slapd/back-bdb/modify.c @@ -56,7 +56,7 @@ int bdb_modify_internal( #else Debug(LDAP_DEBUG_ARGS, "bdb_modify_internal: add\n", 0, 0, 0); #endif - err = modify_add_values( e, mod, get_permitmodify(op), + err = modify_add_values( e, mod, get_permissiveModify(op), text, textbuf, textlen ); if( err != LDAP_SUCCESS ) { #ifdef NEW_LOGGING @@ -76,7 +76,7 @@ int bdb_modify_internal( #else Debug(LDAP_DEBUG_ARGS, "bdb_modify_internal: delete\n", 0, 0, 0); #endif - err = modify_delete_values( e, mod, get_permitmodify(op), + err = modify_delete_values( e, mod, get_permissiveModify(op), text, textbuf, textlen ); assert( err != LDAP_TYPE_OR_VALUE_EXISTS ); if( err != LDAP_SUCCESS ) { @@ -97,7 +97,7 @@ int bdb_modify_internal( #else Debug(LDAP_DEBUG_ARGS, "bdb_modify_internal: replace\n", 0, 0, 0); #endif - err = modify_replace_values( e, mod, get_permitmodify(op), + err = modify_replace_values( e, mod, get_permissiveModify(op), text, textbuf, textlen ); if( err != LDAP_SUCCESS ) { #ifdef NEW_LOGGING @@ -122,7 +122,7 @@ int bdb_modify_internal( */ mod->sm_op = LDAP_MOD_ADD; - err = modify_add_values( e, mod, get_permitmodify(op), + err = modify_add_values( e, mod, get_permissiveModify(op), text, textbuf, textlen ); if ( err == LDAP_TYPE_OR_VALUE_EXISTS ) { err = LDAP_SUCCESS; diff --git a/servers/slapd/back-bdb/search.c b/servers/slapd/back-bdb/search.c index 7f83a341fe..f72f0c6ea2 100644 --- a/servers/slapd/back-bdb/search.c +++ b/servers/slapd/back-bdb/search.c @@ -1049,7 +1049,8 @@ static int search_candidates( * these clauses are redundant. */ if (!oc_filter(filter, 1, &depth) && !get_subentries_visibility(op) ) { - if( !get_manageDSAit(op) ) { /* match referrals */ + if( !get_manageDSAit(op) && !get_domainScope(op) ) { + /* match referral objects */ struct berval bv_ref = { sizeof("referral")-1, "referral" }; rf.f_choice = LDAP_FILTER_EQUALITY; rf.f_ava = &aa_ref; @@ -1060,7 +1061,8 @@ static int search_candidates( } #ifdef BDB_ALIASES - if( deref & LDAP_DEREF_SEARCHING ) { /* match aliases */ + if( deref & LDAP_DEREF_SEARCHING ) { + /* match alias objects */ struct berval bv_alias = { sizeof("alias")-1, "alias" }; af.f_choice = LDAP_FILTER_EQUALITY; af.f_ava = &aa_alias; diff --git a/servers/slapd/back-ldbm/modify.c b/servers/slapd/back-ldbm/modify.c index 7daf460d78..b7bd5c55e7 100644 --- a/servers/slapd/back-ldbm/modify.c +++ b/servers/slapd/back-ldbm/modify.c @@ -65,7 +65,8 @@ int ldbm_modify_internal( Debug(LDAP_DEBUG_ARGS, "ldbm_modify_internal: add\n", 0, 0, 0); #endif - rc = modify_add_values( e, mod, op->o_permitmodify, text, textbuf, textlen ); + rc = modify_add_values( e, mod, get_permissiveModify(op), + text, textbuf, textlen ); if( rc != LDAP_SUCCESS ) { #ifdef NEW_LOGGING LDAP_LOG( BACK_LDBM, INFO, @@ -84,7 +85,8 @@ int ldbm_modify_internal( Debug(LDAP_DEBUG_ARGS, "ldbm_modify_internal: delete\n", 0, 0, 0); #endif - rc = modify_delete_values( e, mod, op->o_permitmodify, text, textbuf, textlen ); + rc = modify_delete_values( e, mod, get_permissiveModify(op), + text, textbuf, textlen ); assert( rc != LDAP_TYPE_OR_VALUE_EXISTS ); if( rc != LDAP_SUCCESS ) { #ifdef NEW_LOGGING @@ -104,7 +106,8 @@ int ldbm_modify_internal( Debug(LDAP_DEBUG_ARGS, "ldbm_modify_internal: replace\n", 0, 0, 0); #endif - rc = modify_replace_values( e, mod, op->o_permitmodify, text, textbuf, textlen ); + rc = modify_replace_values( e, mod, get_permissiveModify(op), + text, textbuf, textlen ); if( rc != LDAP_SUCCESS ) { #ifdef NEW_LOGGING LDAP_LOG( BACK_LDBM, INFO, @@ -129,7 +132,8 @@ int ldbm_modify_internal( */ mod->sm_op = LDAP_MOD_ADD; - rc = modify_add_values( e, mod, op->o_permitmodify, text, textbuf, textlen ); + rc = modify_add_values( e, mod, get_permissiveModify(op), + text, textbuf, textlen ); if ( rc == LDAP_TYPE_OR_VALUE_EXISTS ) { rc = LDAP_SUCCESS; } diff --git a/servers/slapd/back-ldbm/search.c b/servers/slapd/back-ldbm/search.c index 79c0d412bb..12ec9a6c01 100644 --- a/servers/slapd/back-ldbm/search.c +++ b/servers/slapd/back-ldbm/search.c @@ -74,7 +74,7 @@ ldbm_back_search( ber_dupbv( &realbase, &e->e_nname ); candidates = search_candidates( be, e, filter, - scope, deref, manageDSAit ); + scope, deref, manageDSAit || get_domainScope(op) ); goto searchit; diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c index 56187c587a..da6f2291a5 100644 --- a/servers/slapd/controls.c +++ b/servers/slapd/controls.c @@ -49,8 +49,8 @@ static SLAP_CTRL_PARSE_FN parseManageDSAit; static SLAP_CTRL_PARSE_FN parseNoOp; static SLAP_CTRL_PARSE_FN parsePagedResults; static SLAP_CTRL_PARSE_FN parseValuesReturnFilter; -static SLAP_CTRL_PARSE_FN parsePermitModify; -static SLAP_CTRL_PARSE_FN parseNoReferrals; +static SLAP_CTRL_PARSE_FN parsePermissiveModify; +static SLAP_CTRL_PARSE_FN parseDomainScope; #ifdef LDAP_CONTROL_SUBENTRIES static SLAP_CTRL_PARSE_FN parseSubentries; @@ -113,35 +113,29 @@ static struct slap_control { { LDAP_CONTROL_VALUESRETURNFILTER, SLAP_CTRL_SEARCH, NULL, parseValuesReturnFilter }, -#ifdef LDAP_CONTROL_SUBENTRIES - { LDAP_CONTROL_SUBENTRIES, - SLAP_CTRL_SEARCH, NULL, - parseSubentries }, -#endif - { LDAP_CONTROL_NOOP, - SLAP_CTRL_ACCESS, NULL, - parseNoOp }, #ifdef LDAP_CONTROL_PAGEDRESULTS { LDAP_CONTROL_PAGEDRESULTS, SLAP_CTRL_SEARCH, NULL, parsePagedResults }, #endif - { LDAP_CONTROL_MANAGEDSAIT, - SLAP_CTRL_ACCESS, NULL, - parseManageDSAit }, - { LDAP_CONTROL_PROXY_AUTHZ, - SLAP_CTRL_FRONTEND|SLAP_CTRL_ACCESS, proxy_authz_extops, - parseProxyAuthz }, -#ifdef LDAP_CONTROL_PERMITMODIFY - { LDAP_CONTROL_PERMITMODIFY, - SLAP_CTRL_UPDATE, NULL, - parsePermitModify }, +#ifdef LDAP_CONTROL_X_DOMAIN_SCOPE + { LDAP_CONTROL_X_DOMAIN_SCOPE, + SLAP_CTRL_FRONTEND|SLAP_CTRL_SEARCH, NULL, + parseDomainScope }, #endif -#ifdef LDAP_CONTROL_NOREFERRALS - { LDAP_CONTROL_NOREFERRALS, +#ifdef LDAP_CONTROL_X_PERMISSIVE_MODIFY + { LDAP_CONTROL_X_PERMISSIVE_MODIFY, + SLAP_CTRL_MODIFY, NULL, + parsePermissiveModify }, +#endif +#ifdef LDAP_CONTROL_SUBENTRIES + { LDAP_CONTROL_SUBENTRIES, SLAP_CTRL_SEARCH, NULL, - parseNoReferrals }, + parseSubentries }, #endif + { LDAP_CONTROL_NOOP, + SLAP_CTRL_ACCESS, NULL, + parseNoOp }, #ifdef LDAP_CLIENT_UPDATE { LDAP_CONTROL_CLIENT_UPDATE, SLAP_CTRL_SEARCH, NULL, @@ -152,6 +146,12 @@ static struct slap_control { SLAP_CTRL_SEARCH, NULL, parseLdupSync }, #endif + { LDAP_CONTROL_MANAGEDSAIT, + SLAP_CTRL_ACCESS, NULL, + parseManageDSAit }, + { LDAP_CONTROL_PROXY_AUTHZ, + SLAP_CTRL_FRONTEND|SLAP_CTRL_ACCESS, proxy_authz_extops, + parseProxyAuthz }, { NULL, 0, NULL, 0 } }; @@ -813,24 +813,24 @@ static int parseSubentries ( } #endif -#ifdef LDAP_CONTROL_PERMITMODIFY -static int parsePermitModify ( +#ifdef LDAP_CONTROL_X_PERMISSIVE_MODIFY +static int parsePermissiveModify ( Connection *conn, Operation *op, LDAPControl *ctrl, const char **text ) { - if ( op->o_permitmodify != SLAP_NO_CONTROL ) { - *text = "permitmodify control specified multiple times"; + if ( op->o_permissive_modify != SLAP_NO_CONTROL ) { + *text = "permissiveModify control specified multiple times"; return LDAP_PROTOCOL_ERROR; } if ( ctrl->ldctl_value.bv_len ) { - *text = "permitmodify control value not empty"; + *text = "permissiveModify control value not empty"; return LDAP_PROTOCOL_ERROR; } - op->o_permitmodify = ctrl->ldctl_iscritical + op->o_permissive_modify = ctrl->ldctl_iscritical ? SLAP_CRITICAL_CONTROL : SLAP_NONCRITICAL_CONTROL; @@ -838,24 +838,24 @@ static int parsePermitModify ( } #endif -#ifdef LDAP_CONTROL_NOREFERRALS -static int parseNoReferrals ( +#ifdef LDAP_CONTROL_X_DOMAIN_SCOPE +static int parseDomainScope ( Connection *conn, Operation *op, LDAPControl *ctrl, const char **text ) { - if ( op->o_noreferrals != SLAP_NO_CONTROL ) { - *text = "noreferrals control specified multiple times"; + if ( op->o_domain_scope != SLAP_NO_CONTROL ) { + *text = "domainScope control specified multiple times"; return LDAP_PROTOCOL_ERROR; } if ( ctrl->ldctl_value.bv_len ) { - *text = "noreferrals control value not empty"; + *text = "domainScope control value not empty"; return LDAP_PROTOCOL_ERROR; } - op->o_noreferrals = ctrl->ldctl_iscritical + op->o_domain_scope = ctrl->ldctl_iscritical ? SLAP_CRITICAL_CONTROL : SLAP_NONCRITICAL_CONTROL; diff --git a/servers/slapd/extended.c b/servers/slapd/extended.c index 41eb8e32e8..8801a55984 100644 --- a/servers/slapd/extended.c +++ b/servers/slapd/extended.c @@ -59,11 +59,11 @@ static struct { struct berval oid; SLAP_EXTOP_MAIN_FN *ext_main; } builtin_extops[] = { - { BVC(LDAP_EXOP_X_WHO_AM_I), whoami_extop }, - { BVC(LDAP_EXOP_MODIFY_PASSWD), passwd_extop }, #ifdef LDAP_EXOP_X_CANCEL { BVC(LDAP_EXOP_X_CANCEL), cancel_extop }, #endif + { BVC(LDAP_EXOP_X_WHO_AM_I), whoami_extop }, + { BVC(LDAP_EXOP_MODIFY_PASSWD), passwd_extop }, #ifdef HAVE_TLS { BVC(LDAP_EXOP_START_TLS), starttls_extop }, #endif diff --git a/servers/slapd/result.c b/servers/slapd/result.c index 749407f5ca..77ab2c0607 100644 --- a/servers/slapd/result.c +++ b/servers/slapd/result.c @@ -480,8 +480,8 @@ slap_send_ldap_result( assert( err != LDAP_PARTIAL_RESULTS ); if ( err == LDAP_REFERRAL ) { -#ifdef LDAP_CONTROL_NOREFERRALS - if( op->o_noreferrals ) { +#ifdef LDAP_CONTROL_X_DOMAIN_SCOPE + if( op->o_domain_scope ) { ref = NULL; } #endif @@ -1383,15 +1383,15 @@ slap_send_search_reference( return( 1 ); } -#ifdef LDAP_CONTROL_NOREFERRALS - if( op->o_noreferrals ) { +#ifdef LDAP_CONTROL_X_DOMAIN_SCOPE + if( op->o_domain_scope ) { #ifdef NEW_LOGGING LDAP_LOG( OPERATION, ERR, - "send_search_reference: conn %lu noreferrals control in (%s).\n", + "send_search_reference: conn %lu domainScope control in (%s).\n", op->o_connid, e->e_dn, 0 ); #else Debug( LDAP_DEBUG_ANY, - "send_search_reference: noreferrals control in (%s)\n", + "send_search_reference: domainScope control in (%s)\n", e->e_dn, 0, 0 ); #endif diff --git a/servers/slapd/schema_prep.c b/servers/slapd/schema_prep.c index cea3be76f3..85c4f80a09 100644 --- a/servers/slapd/schema_prep.c +++ b/servers/slapd/schema_prep.c @@ -320,6 +320,7 @@ static struct slap_schema_oc_map { "MUST cn )", 0, SLAP_OC_OPERATIONAL, offsetof(struct slap_internal_schema, si_oc_monitor) }, +#ifdef LDAP_DEVEL { "collectiveAttributeSubentry", "( 2.5.17.2 " "NAME 'collectiveAttributeSubentry' " "AUXILIARY )", @@ -332,6 +333,7 @@ static struct slap_schema_oc_map { "SUP top AUXILIARY )", dynamicObjectClass, SLAP_OC_DYNAMICOBJECT, offsetof(struct slap_internal_schema, si_oc_dynamicObject) }, +#endif { NULL, NULL, NULL, 0, 0 } }; @@ -423,6 +425,7 @@ static struct slap_schema_ad_map { NULL, 0, NULL, NULL, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_subschemaSubentry) }, +#ifdef LDAP_DEVEL { "collectiveAttributeSubentries", "( 2.5.18.12 " "NAME 'collectiveAttributeSubentries' " "EQUALITY distinguishedNameMatch " @@ -438,6 +441,7 @@ static struct slap_schema_ad_map { NULL, SLAP_AT_HIDE, NULL, NULL, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_collectiveExclusions) }, +#endif { "entryUUID", "( 1.3.6.1.4.1.4203.666.1.6 NAME 'entryUUID' " "DESC 'LCUP/LDUP: UUID of the entry' " @@ -687,6 +691,7 @@ static struct slap_schema_ad_map { offsetof(struct slap_internal_schema, si_ad_aci) }, #endif +#ifdef LDAP_DEVEL { "entryTtl", "( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTtl' " "DESC 'RFC2589: entry time-to-live' " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE " @@ -702,6 +707,7 @@ static struct slap_schema_ad_map { rootDseAttribute, 0, NULL, NULL, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_dynamicSubtrees) }, +#endif /* userApplication attributes (which system schema depends upon) */ { "distinguishedName", "( 2.5.4.49 NAME 'distinguishedName' " diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index b0801608cc..13ee8ece45 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -1683,15 +1683,18 @@ typedef struct slap_op { char o_valuesreturnfilter; -#ifdef LDAP_CONTROL_PERMITMODIFY - char o_permitmodify; -#define get_permitmodify(op) ((int)(op)->o_permitmodify) +#ifdef LDAP_CONTROL_X_PERMISSIVE_MODIFY + char o_permissive_modify; +#define get_permissiveModify(op) ((int)(op)->o_permissive_modify) #else -#define get_permitmodify(op) (0) +#define get_permissiveModify(op) (0) #endif -#ifdef LDAP_CONTROL_NOREFERRALS - char o_noreferrals; +#ifdef LDAP_CONTROL_X_DOMAIN_SCOPE + char o_domain_scope; +#define get_domainScope(op) ((int)(op)->o_domain_scope) +#else +#define get_domainScope(op) (0) #endif #ifdef LDAP_CONTROL_PAGEDRESULTS -- 2.39.5