From e826914a883bfb5dfaa91445fa61b5c08dc59dca Mon Sep 17 00:00:00 2001
From: Kurt Zeilenga <kurt@openldap.org>
Date: Thu, 27 Jan 2005 06:45:20 +0000
Subject: [PATCH] Less kludgy willing-to-perform check for recognized and
 appropriate global controls

---
 servers/slapd/back-ldap/chain.c   |  2 +-
 servers/slapd/backend.c           | 21 ++++++++++++++---
 servers/slapd/controls.c          | 39 +++++++++++++++++++++++++++----
 servers/slapd/proto-slap.h        | 12 ++++++----
 servers/slapd/slap.h              |  6 ++---
 servers/slapd/slapi/slapi_utils.c |  2 +-
 6 files changed, 64 insertions(+), 18 deletions(-)

diff --git a/servers/slapd/back-ldap/chain.c b/servers/slapd/back-ldap/chain.c
index a772b5209c..74722acbb9 100644
--- a/servers/slapd/back-ldap/chain.c
+++ b/servers/slapd/back-ldap/chain.c
@@ -712,7 +712,7 @@ chain_init( void )
 	int	rc;
 
 	rc = register_supported_control( LDAP_CONTROL_X_CHAINING_BEHAVIOR,
-			/* SLAP_CTRL_FRONTEND| */ SLAP_CTRL_ACCESS|SLAP_CTRL_HIDE, NULL,
+			/* SLAP_CTRL_GLOBAL| */ SLAP_CTRL_ACCESS|SLAP_CTRL_HIDE, NULL,
 			ldap_chain_parse_ctrl, &sc_chainingBehavior );
 	if ( rc != LDAP_SUCCESS ) {
 		fprintf( stderr, "Failed to register chaining behavior control: %d\n", rc );
diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c
index 96d51dcf8d..d146c6805f 100644
--- a/servers/slapd/backend.c
+++ b/servers/slapd/backend.c
@@ -74,7 +74,7 @@ int backend_init(void)
 	if((nBackendInfo != 0) || (backendInfo != NULL)) {
 		/* already initialized */
 		Debug( LDAP_DEBUG_ANY,
-			"backend_init: already initialized.\n", 0, 0, 0 );
+			"backend_init: already initialized\n", 0, 0, 0 );
 		return -1;
 	}
 
@@ -846,14 +846,29 @@ backend_check_controls(
 
 	if( ctrls ) {
 		for( ; *ctrls != NULL ; ctrls++ ) {
-			if(
+			int cid;
+			if( slap_find_control_id( (*ctrls)->ldctl_oid, &cid ) ==
+				LDAP_CONTROL_NOT_FOUND )
+			{
+				/* unrecognized control */ 
+				if ( (*ctrls)->ldctl_iscritical ) {
+					/* should not be reachable */ 
+					Debug( LDAP_DEBUG_ANY,
+						"backend_check_controls: unrecognized control: %s\n",
+						(*ctrls)->ldctl_oid, 0, 0 );
+					assert( 0 );
+				}
+
+			} else if (
 #ifdef SLAP_CONTROL_AVAILABILITY_KLUDGE
 				/* KLUDGE: ldctl_iscritical munged by controls.c:get_ctrls()
 				 * to ensure this check is enabled/disabled appropriately.
 				 */
 				(*ctrls)->ldctl_iscritical &&
+#else
+				!slap_global_control( op, (*ctrls)->ldctl_oid )
 #endif
-				!ldap_charray_inlist( op->o_bd->be_controls,
+				&& !ldap_charray_inlist( op->o_bd->be_controls,
 				(*ctrls)->ldctl_oid ) )
 			{
 				/* Per RFC 2251 (and LDAPBIS discussions), if the control
diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c
index 88c968ce74..075cff8c1b 100644
--- a/servers/slapd/controls.c
+++ b/servers/slapd/controls.c
@@ -115,7 +115,7 @@ static struct slap_control control_defs[] = {
 #ifdef LDAP_CONTROL_X_DOMAIN_SCOPE
 	{ LDAP_CONTROL_X_DOMAIN_SCOPE,
  		(int)offsetof(struct slap_control_ids, sc_domainScope),
-		SLAP_CTRL_FRONTEND|SLAP_CTRL_SEARCH, NULL,
+		SLAP_CTRL_GLOBAL|SLAP_CTRL_SEARCH, NULL,
 		parseDomainScope, LDAP_SLIST_ENTRY_INITIALIZER(next) },
 #endif
 #ifdef LDAP_CONTROL_X_PERMISSIVE_MODIFY
@@ -133,7 +133,7 @@ static struct slap_control control_defs[] = {
 #ifdef LDAP_CONTORL_X_SEARCH_OPTIONS
 	{ LDAP_CONTORL_X_SEARCH_OPTIONS,
  		(int)offsetof(struct slap_control_ids, sc_searchOptions),
-		SLAP_CTRL_FRONTEND|SLAP_CTRL_SEARCH, NULL,
+		SLAP_CTRL_GLOBAL|SLAP_CTRL_SEARCH, NULL,
 		parseSearchOptions, LDAP_SLIST_ENTRY_INITIALIZER(next) },
 #endif
 #ifdef LDAP_CONTROL_SUBENTRIES
@@ -158,7 +158,7 @@ static struct slap_control control_defs[] = {
 		parseManageDSAit, LDAP_SLIST_ENTRY_INITIALIZER(next) },
 	{ LDAP_CONTROL_PROXY_AUTHZ,
  		(int)offsetof(struct slap_control_ids, sc_proxyAuthz),
-		SLAP_CTRL_FRONTEND|SLAP_CTRL_ACCESS, proxy_authz_extops,
+		SLAP_CTRL_GLOBAL|SLAP_CTRL_ACCESS, proxy_authz_extops,
 		parseProxyAuthz, LDAP_SLIST_ENTRY_INITIALIZER(next) },
 	{ NULL, 0, 0, NULL, 0, LDAP_SLIST_ENTRY_INITIALIZER(next) }
 };
@@ -380,6 +380,34 @@ slap_find_control_id(
 	return LDAP_CONTROL_NOT_FOUND;
 }
 
+int
+slap_global_control( Operation *op, const char *oid )
+{
+	struct slap_control *ctrl = find_ctrl( oid );
+
+	if ( ctrl == NULL ) {
+		/* should not be reachable */
+		Debug( LDAP_DEBUG_ANY,
+			"slap_global_control: unrecognized control: %s\n",      
+			oid, 0, 0 );
+		assert( 0 );
+		return 0;
+	}
+
+	if ( ctrl->sc_mask & SLAP_CTRL_GLOBAL ) return 1;
+
+	if (( op->o_tag & LDAP_REQ_SEARCH ) &&
+		( ctrl->sc_mask & SLAP_CTRL_GLOBAL_SEARCH ))
+	{
+		return 1;
+	}
+
+	Debug( LDAP_DEBUG_ANY,
+		"slap_global_control: unavailable control: %s\n",      
+		oid, 0, 0 );
+	return 0;
+}
+
 void slap_free_ctrls(
 	Operation *op,
 	LDAPControl **ctrls )
@@ -613,12 +641,13 @@ int get_ctrls(
 				}
 
 #ifdef SLAP_CONTROL_AVAILABILITY_KLUDGE
-				if ( sc->sc_mask & SLAP_CTRL_FRONTEND ) {
+				/* backend_check_controls() kludge */
+				if ( sc->sc_mask & SLAP_CTRL_GLOBAL ) {
 					/* KLUDGE: disable backend_control() check */
 					c->ldctl_iscritical = 0;
 
 				} else if ( tagmask == SLAP_CTRL_SEARCH &&
-					sc->sc_mask & SLAP_CTRL_FRONTEND_SEARCH )
+					sc->sc_mask & SLAP_CTRL_GLOBAL_SEARCH )
 				{
 					/* KLUDGE: disable backend_control() check */
 					c->ldctl_iscritical = 0;
diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h
index 32bbaff676..133ecb8d00 100644
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@@ -425,8 +425,12 @@ LDAP_SLAPD_F (int) register_supported_control LDAP_P((
 LDAP_SLAPD_F (int) slap_controls_init LDAP_P ((void));
 LDAP_SLAPD_F (void) controls_destroy LDAP_P ((void));
 LDAP_SLAPD_F (int) controls_root_dse_info LDAP_P ((Entry *e));
-LDAP_SLAPD_F (int) get_supported_controls LDAP_P (( char ***ctrloidsp, slap_mask_t **ctrlmasks ));
-LDAP_SLAPD_F (int) slap_find_control_id LDAP_P (( const char *oid, int *cid ));
+LDAP_SLAPD_F (int) get_supported_controls LDAP_P ((
+	char ***ctrloidsp, slap_mask_t **ctrlmasks ));
+LDAP_SLAPD_F (int) slap_find_control_id LDAP_P ((
+	const char *oid, int *cid ));
+LDAP_SLAPD_F (int) slap_global_control LDAP_P ((
+	Operation *op, const char *oid ));
 
 /*
  * config.c
@@ -434,9 +438,7 @@ LDAP_SLAPD_F (int) slap_find_control_id LDAP_P (( const char *oid, int *cid ));
 LDAP_SLAPD_F (int) read_config LDAP_P(( const char *fname, int depth ));
 LDAP_SLAPD_F (void) config_destroy LDAP_P ((void));
 LDAP_SLAPD_F (char **) slap_str2clist LDAP_P((
-						char ***,
-						char *,
-						const char * ));
+	char ***, char *, const char * ));
 #ifdef LDAP_SLAPI
 LDAP_SLAPD_V (int) slapi_plugins_used;
 #endif
diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h
index eaf80b2885..5fbe69baa5 100644
--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@@ -58,7 +58,7 @@
 
 LDAP_BEGIN_DECL
 
-#define SLAP_CONTROL_AVAILABILITY_KLUDGE
+/* #define SLAP_CONTROL_AVAILABILITY_KLUDGE */
 
 #ifdef LDAP_DEVEL
 #define SLAP_ACL_HONOR_DISCLOSE	/* partially implemented */
@@ -2565,8 +2565,8 @@ typedef struct slap_counters_t {
 #define SLAP_CTRL_HIDE				0x80000000U
 #endif
 
-#define SLAP_CTRL_FRONTEND			0x00800000U
-#define SLAP_CTRL_FRONTEND_SEARCH	0x00010000U	/* for NOOP */
+#define SLAP_CTRL_GLOBAL			0x00800000U
+#define SLAP_CTRL_GLOBAL_SEARCH		0x00010000U	/* for NOOP */
 
 #define SLAP_CTRL_OPFLAGS			0x0000FFFFU
 #define SLAP_CTRL_ABANDON			0x00000001U
diff --git a/servers/slapd/slapi/slapi_utils.c b/servers/slapd/slapi/slapi_utils.c
index 3a69cc4a55..8d469801d2 100644
--- a/servers/slapd/slapi/slapi_utils.c
+++ b/servers/slapd/slapi/slapi_utils.c
@@ -1397,7 +1397,7 @@ slapiControlOp2SlapControlMask(unsigned long slapi_mask,
 	if ( slapi_mask & SLAPI_OPERATION_ABANDON )
 		*slap_mask |= SLAP_CTRL_ABANDON;
 
-	*slap_mask |= SLAP_CTRL_FRONTEND;
+	*slap_mask |= SLAP_CTRL_GLOBAL;
 }
 
 static int
-- 
2.39.5