From c106f4902964ed4d73e8de754d1be8a973bb6827 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Sat, 26 Nov 2005 07:09:59 +0000 Subject: [PATCH] Primitive handling of dontUseCopy (always error). --- servers/slapd/backend.c | 2 -- servers/slapd/connection.c | 2 -- servers/slapd/controls.c | 65 +++++++++++++++++++++++--------------- servers/slapd/result.c | 9 ++---- servers/slapd/slap.h | 41 ++++++++---------------- 5 files changed, 56 insertions(+), 63 deletions(-) diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c index 97cd302a34..35f4f2336d 100644 --- a/servers/slapd/backend.c +++ b/servers/slapd/backend.c @@ -1311,14 +1311,12 @@ fe_acl_group( goto loopit; } break; -#ifdef LDAP_SCOPE_SUBORDINATE case LDAP_SCOPE_SUBORDINATE: if ( dn_match( &nbase, op_ndn ) || !dnIsSuffix( op_ndn, &nbase ) ) { goto loopit; } -#endif } filter = str2filter_x( op, ludp->lud_filter ); if ( filter ) { diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c index c2be214f59..a83739966d 100644 --- a/servers/slapd/connection.c +++ b/servers/slapd/connection.c @@ -606,9 +606,7 @@ long connection_init( c->c_send_search_entry = slap_send_search_entry; c->c_send_search_reference = slap_send_search_reference; c->c_send_ldap_extended = slap_send_ldap_extended; -#ifdef LDAP_RES_INTERMEDIATE c->c_send_ldap_intermediate = slap_send_ldap_intermediate; -#endif BER_BVZERO( &c->c_authmech ); BER_BVZERO( &c->c_dn ); diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c index 942749519c..63b6b31dc4 100644 --- a/servers/slapd/controls.c +++ b/servers/slapd/controls.c @@ -29,6 +29,7 @@ static SLAP_CTRL_PARSE_FN parsePreRead; static SLAP_CTRL_PARSE_FN parsePostRead; static SLAP_CTRL_PARSE_FN parseProxyAuthz; #ifdef LDAP_DEVEL +static SLAP_CTRL_PARSE_FN parseDontUseCopy; static SLAP_CTRL_PARSE_FN parseManageDIT; #endif static SLAP_CTRL_PARSE_FN parseManageDSAit; @@ -125,41 +126,37 @@ static struct slap_control control_defs[] = { SLAP_CTRL_GLOBAL|SLAP_CTRL_SEARCH|SLAP_CTRL_HIDE, NULL, parseSortedResults, LDAP_SLIST_ENTRY_INITIALIZER(next) }, #endif -#ifdef LDAP_CONTROL_X_DOMAIN_SCOPE { LDAP_CONTROL_X_DOMAIN_SCOPE, (int)offsetof(struct slap_control_ids, sc_domainScope), - SLAP_CTRL_GLOBAL|SLAP_CTRL_SEARCH, NULL, + SLAP_CTRL_GLOBAL|SLAP_CTRL_SEARCH|SLAP_CTRL_HIDE, NULL, parseDomainScope, LDAP_SLIST_ENTRY_INITIALIZER(next) }, -#endif -#ifdef LDAP_CONTROL_X_PERMISSIVE_MODIFY { LDAP_CONTROL_X_PERMISSIVE_MODIFY, (int)offsetof(struct slap_control_ids, sc_permissiveModify), - SLAP_CTRL_MODIFY, NULL, + SLAP_CTRL_MODIFY|SLAP_CTRL_HIDE, NULL, parsePermissiveModify, LDAP_SLIST_ENTRY_INITIALIZER(next) }, -#endif #ifdef SLAP_CONTROL_X_TREE_DELETE { LDAP_CONTROL_X_TREE_DELETE, (int)offsetof(struct slap_control_ids, sc_treeDelete), - SLAP_CTRL_HIDE|SLAP_CTRL_DELETE, NULL, + SLAP_CTRL_DELETE|SLAP_CTRL_HIDE, NULL, parseTreeDelete, LDAP_SLIST_ENTRY_INITIALIZER(next) }, #endif -#ifdef LDAP_CONTROL_X_SEARCH_OPTIONS { LDAP_CONTROL_X_SEARCH_OPTIONS, (int)offsetof(struct slap_control_ids, sc_searchOptions), - SLAP_CTRL_GLOBAL|SLAP_CTRL_SEARCH, NULL, + SLAP_CTRL_GLOBAL|SLAP_CTRL_SEARCH|SLAP_CTRL_HIDE, NULL, parseSearchOptions, LDAP_SLIST_ENTRY_INITIALIZER(next) }, -#endif -#ifdef LDAP_CONTROL_SUBENTRIES { LDAP_CONTROL_SUBENTRIES, (int)offsetof(struct slap_control_ids, sc_subentries), SLAP_CTRL_SEARCH, NULL, parseSubentries, LDAP_SLIST_ENTRY_INITIALIZER(next) }, -#endif { LDAP_CONTROL_NOOP, (int)offsetof(struct slap_control_ids, sc_noOp), - SLAP_CTRL_HIDE|SLAP_CTRL_ACCESS, NULL, + SLAP_CTRL_ACCESS|SLAP_CTRL_HIDE, NULL, parseNoOp, LDAP_SLIST_ENTRY_INITIALIZER(next) }, #ifdef LDAP_DEVEL + { LDAP_CONTROL_DONTUSECOPY, + (int)offsetof(struct slap_control_ids, sc_dontUseCopy), + SLAP_CTRL_INTROGATE|SLAP_CTRL_HIDE, NULL, + parseDontUseCopy, LDAP_SLIST_ENTRY_INITIALIZER(next) }, { LDAP_CONTROL_MANAGEDIT, (int)offsetof(struct slap_control_ids, sc_manageDIT), SLAP_CTRL_GLOBAL|SLAP_CTRL_UPDATE|SLAP_CTRL_HIDE, NULL, @@ -706,7 +703,8 @@ slap_remove_control( switch ( op->o_ctrlflag[ ctrl ] ) { case SLAP_CONTROL_NONCRITICAL: for ( i = 0, j = -1; op->o_ctrls[ i ] != NULL; i++ ) { - if ( strcmp( op->o_ctrls[ i ]->ldctl_oid, slap_known_controls[ ctrl - 1 ] ) == 0 ) + if ( strcmp( op->o_ctrls[ i ]->ldctl_oid, + slap_known_controls[ ctrl - 1 ] ) == 0 ) { j = i; } @@ -763,6 +761,30 @@ slap_remove_control( } #ifdef LDAP_DEVEL +static int parseDontUseCopy ( + Operation *op, + SlapReply *rs, + LDAPControl *ctrl ) +{ + if ( op->o_dontUseCopy != SLAP_CONTROL_NONE ) { + rs->sr_text = "dontUseCopy control specified multiple times"; + return LDAP_PROTOCOL_ERROR; + } + + if ( ctrl->ldctl_value.bv_len ) { + rs->sr_text = "dontUseCopy control value not empty"; + return LDAP_PROTOCOL_ERROR; + } + + if ( ctrl->ldctl_iscritical != SLAP_CONTROL_CRITICAL ) { + rs->sr_text = "dontUseCopy criticality of FALSE not allowed"; + return LDAP_PROTOCOL_ERROR; + } + + op->o_dontUseCopy = SLAP_CONTROL_CRITICAL; + return LDAP_SUCCESS; +} + static int parseManageDIT ( Operation *op, SlapReply *rs, @@ -1042,8 +1064,8 @@ static int parseAssert ( return LDAP_OTHER; } - rs->sr_err = get_filter( op, ber, (Filter **)&(op->o_assertion), &rs->sr_text); - + rs->sr_err = get_filter( op, ber, (Filter **)&(op->o_assertion), + &rs->sr_text); if( rs->sr_err != LDAP_SUCCESS ) { if( rs->sr_err == SLAPD_DISCONNECT ) { rs->sr_err = LDAP_PROTOCOL_ERROR; @@ -1214,7 +1236,8 @@ static int parseValuesReturnFilter ( return LDAP_OTHER; } - rs->sr_err = get_vrFilter( op, ber, (ValuesReturnFilter **)&(op->o_vrFilter), &rs->sr_text); + rs->sr_err = get_vrFilter( op, ber, + (ValuesReturnFilter **)&(op->o_vrFilter), &rs->sr_text); if( rs->sr_err != LDAP_SUCCESS ) { if( rs->sr_err == SLAPD_DISCONNECT ) { @@ -1244,7 +1267,6 @@ static int parseValuesReturnFilter ( return LDAP_SUCCESS; } -#ifdef LDAP_CONTROL_SUBENTRIES static int parseSubentries ( Operation *op, SlapReply *rs, @@ -1274,9 +1296,7 @@ static int parseSubentries ( return LDAP_SUCCESS; } -#endif -#ifdef LDAP_CONTROL_X_PERMISSIVE_MODIFY static int parsePermissiveModify ( Operation *op, SlapReply *rs, @@ -1298,9 +1318,7 @@ static int parsePermissiveModify ( return LDAP_SUCCESS; } -#endif -#ifdef LDAP_CONTROL_X_DOMAIN_SCOPE static int parseDomainScope ( Operation *op, SlapReply *rs, @@ -1322,7 +1340,6 @@ static int parseDomainScope ( return LDAP_SUCCESS; } -#endif #ifdef SLAP_CONTROL_X_TREE_DELETE static int parseTreeDelete ( @@ -1348,7 +1365,6 @@ static int parseTreeDelete ( } #endif -#ifdef LDAP_CONTROL_X_SEARCH_OPTIONS static int parseSearchOptions ( Operation *op, SlapReply *rs, @@ -1399,5 +1415,4 @@ static int parseSearchOptions ( return LDAP_SUCCESS; } -#endif diff --git a/servers/slapd/result.c b/servers/slapd/result.c index 177273af8e..29bdb2ff7e 100644 --- a/servers/slapd/result.c +++ b/servers/slapd/result.c @@ -557,11 +557,8 @@ slap_send_ldap_result( Operation *op, SlapReply *rs ) assert( rs->sr_err != LDAP_PARTIAL_RESULTS ); if ( rs->sr_err == LDAP_REFERRAL ) { -#ifdef LDAP_CONTROL_X_DOMAIN_SCOPE - if( op->o_domain_scope ) { - rs->sr_ref = NULL; - } -#endif + if( op->o_domain_scope ) rs->sr_ref = NULL; + if( rs->sr_ref == NULL ) { rs->sr_err = LDAP_NO_SUCH_OBJECT; } else if ( op->o_protocol < LDAP_VERSION3 ) { @@ -1271,7 +1268,6 @@ slap_send_search_reference( Operation *op, SlapReply *rs ) goto rel; } -#ifdef LDAP_CONTROL_X_DOMAIN_SCOPE if( op->o_domain_scope ) { Debug( LDAP_DEBUG_ANY, "send_search_reference: domainScope control in (%s)\n", @@ -1279,7 +1275,6 @@ slap_send_search_reference( Operation *op, SlapReply *rs ) rc = 0; goto rel; } -#endif if( rs->sr_ref == NULL ) { Debug( LDAP_DEBUG_ANY, diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index 23ff59b9d6..c338db5c84 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -74,8 +74,8 @@ LDAP_BEGIN_DECL #define LDAP_DYNAMIC_OBJECTS #define LDAP_SYNC_TIMESTAMP #define LDAP_COLLECTIVE_ATTRIBUTES -#define SLAP_CONTROL_X_TREE_DELETE LDAP_CONTROL_X_TREE_DELETE #define SLAPD_CONF_UNKNOWN_BAILOUT +#define SLAP_CONTROL_X_TREE_DELETE LDAP_CONTROL_X_TREE_DELETE #define SLAP_ORDERED_PRETTYNORM #define SLAP_AUTHZ_SYNTAX @@ -1005,9 +1005,7 @@ typedef struct slap_filter { #define SLAPD_FILTER_COMPUTED ((ber_tag_t) -1) #define SLAPD_FILTER_DN_ONE ((ber_tag_t) -2) #define SLAPD_FILTER_DN_SUBTREE ((ber_tag_t) -3) -#ifdef LDAP_SCOPE_SUBORDINATE #define SLAPD_FILTER_DN_CHILDREN ((ber_tag_t) -4) -#endif union f_un_u { /* precomputed result */ @@ -2290,25 +2288,26 @@ typedef struct slap_gacl { } GroupAssertion; struct slap_control_ids { + int sc_LDAPsync; int sc_assert; - int sc_preRead; - int sc_postRead; - int sc_proxyAuthz; + int sc_domainScope; + int sc_dontUseCopy; int sc_manageDIT; int sc_manageDSAit; int sc_modifyIncrement; int sc_noOp; int sc_pagedResults; + int sc_permissiveModify; + int sc_postRead; + int sc_preRead; + int sc_proxyAuthz; + int sc_searchOptions; #ifdef LDAP_DEVEL int sc_sortedResults; #endif - int sc_valuesReturnFilter; - int sc_permissiveModify; - int sc_domainScope; - int sc_treeDelete; - int sc_searchOptions; int sc_subentries; - int sc_LDAPsync; + int sc_treeDelete; + int sc_valuesReturnFilter; }; /* @@ -2456,6 +2455,9 @@ typedef struct slap_op { char o_ctrlflag[SLAP_MAX_CIDS]; /* per-control flags */ void **o_controls; /* per-control state */ +#define o_dontUseCopy o_ctrlflag[slap_cids.sc_dontUseCopy] +#define get_dontUseCopy(op) _SCM((op)->o_dontUseCopy) + #define o_managedit o_ctrlflag[slap_cids.sc_manageDIT] #define get_manageDIT(op) _SCM((op)->o_managedit) @@ -2480,26 +2482,14 @@ typedef struct slap_op { #define o_valuesreturnfilter o_ctrlflag[slap_cids.sc_valuesReturnFilter] #define o_vrFilter o_controls[slap_cids.sc_valuesReturnFilter] -#ifdef LDAP_CONTROL_X_PERMISSIVE_MODIFY #define o_permissive_modify o_ctrlflag[slap_cids.sc_permissiveModify] #define get_permissiveModify(op) ((int)(op)->o_permissive_modify) -#else -#define get_permissiveModify(op) (0) -#endif -#ifdef LDAP_CONTROL_X_DOMAIN_SCOPE #define o_domain_scope o_ctrlflag[slap_cids.sc_domainScope] #define get_domainScope(op) ((int)(op)->o_domain_scope) -#else -#define get_domainScope(op) (0) -#endif -#ifdef SLAP_CONTROL_X_TREE_DELETE #define o_tree_delete o_ctrlflag[slap_cids.sc_treeDelete] #define get_treeDelete(op) ((int)(op)->o_tree_delete) -#else -#define get_treeDelete(op) (0) -#endif #define o_preread o_ctrlflag[slap_cids.sc_preRead] #define o_postread o_ctrlflag[slap_cids.sc_postRead] @@ -2669,10 +2659,7 @@ typedef struct slap_conn { SEND_SEARCH_ENTRY *c_send_search_entry; SEND_SEARCH_REFERENCE *c_send_search_reference; SEND_LDAP_EXTENDED *c_send_ldap_extended; -#ifdef LDAP_RES_INTERMEDIATE SEND_LDAP_INTERMEDIATE *c_send_ldap_intermediate; -#endif - } Connection; #if defined(LDAP_SYSLOG) && defined(LDAP_DEBUG) -- 2.39.5