From fcd1ce0e28b4dbffe0bc4cf277a82fd9daded883 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Tue, 23 Oct 2001 23:29:41 +0000 Subject: [PATCH] Use defined Root DSE attributes. Developed by Julius Enarusai/IBM Copyright IBM Corp. 2001 Use of this source code is subject to the terms of The OpenLDAP Public License Version 2.7, 7 September 2001. No trademarks of the IBM Corporation are to be used to identify, endorse or promote any products derived from this code without the prior written consent of IBM. --- doc/man/man5/slapd.conf.5 | 5 ++ servers/slapd/config.c | 28 ++++++++++ servers/slapd/proto-slap.h | 3 ++ servers/slapd/root_dse.c | 86 ++++++++++++++++++++++++++++++ servers/slapd/schema/README | 25 ++++----- servers/slapd/schema/vendor.schema | 46 ++++++++++++++++ servers/slapd/schema_check.c | 1 - servers/slapd/tools/mimic.c | 4 ++ tests/data/slapd-schema.conf | 1 + 9 files changed, 186 insertions(+), 13 deletions(-) create mode 100644 servers/slapd/schema/vendor.schema diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5 index 48355ce8f6..0b6c3cb8a2 100644 --- a/doc/man/man5/slapd.conf.5 +++ b/doc/man/man5/slapd.conf.5 @@ -366,6 +366,11 @@ conditions are currently same. may be used to require no conditions (useful for clearly globally set conditions within a particular database). .TP +.B rootDSEfile +Specify the name of an LDIF(5) file containing user defined attributes +for the root DSE. These attributes are returned in addition to the +attributes normally produced by slapd. +.TP .B sasl-host Used to specify the fully qualified domain name used for SASL processing. .TP diff --git a/servers/slapd/config.c b/servers/slapd/config.c index fc71756e2a..6c0c130378 100644 --- a/servers/slapd/config.c +++ b/servers/slapd/config.c @@ -1833,6 +1833,34 @@ read_config( const char *fname ) replogfile = ch_strdup( cargv[1] ); } + /* file from which to read additional rootdse attrs */ + } else if ( strcasecmp( cargv[0], "rootdse" ) == 0) { + if ( cargc < 2 ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: " + "missing filename in \"rootDSEfile \" line.\n", + fname, lineno )); +#else + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "missing filename in \"rootDSEfile \" line.\n", + fname, lineno, 0 ); +#endif + return 1; + } + + if( read_root_dse_file( cargv[1] ) ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: " + "could not read \"rootDSEfile \" line.\n", + fname, lineno )); +#else + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "could not read \"rootDSEfile \" line\n", + fname, lineno, 0 ); +#endif + return 1; + } + /* maintain lastmodified{by,time} attributes */ } else if ( strcasecmp( cargv[0], "lastmod" ) == 0 ) { if ( cargc < 2 ) { diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index 88cc5e64a8..6933ab6259 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -907,6 +907,9 @@ LDAP_SLAPD_F (int) root_dse_info LDAP_P(( Entry **e, const char **text )); +LDAP_SLAPD_F (int) read_root_dse_file LDAP_P(( + const char *file)); + LDAP_SLAPD_F (int) do_abandon LDAP_P((Connection *conn, Operation *op)); LDAP_SLAPD_F (int) do_add LDAP_P((Connection *conn, Operation *op)); LDAP_SLAPD_F (int) do_bind LDAP_P((Connection *conn, Operation *op)); diff --git a/servers/slapd/root_dse.c b/servers/slapd/root_dse.c index c208c82e06..19c6291015 100644 --- a/servers/slapd/root_dse.c +++ b/servers/slapd/root_dse.c @@ -22,6 +22,7 @@ static char *supportedFeatures[] = { NULL }; +static Entry *usr_attr = NULL; int root_dse_info( @@ -45,6 +46,8 @@ root_dse_info( AttributeDescription *ad_supportedFeatures = slap_schema.si_ad_supportedFeatures; AttributeDescription *ad_ref = slap_schema.si_ad_ref; + Attribute *a; + vals[0] = &val; vals[1] = NULL; @@ -123,7 +126,90 @@ root_dse_info( attr_merge( e, ad_ref, default_referral ); } + if( usr_attr != NULL) { + for(a = usr_attr->e_attrs; a != NULL; a = a->a_next) { + attr_merge( e, a->a_desc, a->a_vals ); + } + } + *entry = e; return LDAP_SUCCESS; } +/* + * Read the entries specified in fname and merge the attributes + * to the user defined rootDSE. Note thaat if we find any errors + * what so ever, we will discard the entire entries, print an + * error message and return. + */ +int read_root_dse_file( const char *fname ) +{ + FILE *fp; + char *line, *savefname, *saveline; + int rc = 0, lineno = 0, lmax = 0; + char *buf = NULL; + + Attribute *a; + + if ( (fp = fopen( fname, "r" )) == NULL ) { + Debug( LDAP_DEBUG_ANY, + "could not open rootdse attr file \"%s\" - absolute path?\n", + fname, 0, 0 ); + perror( fname ); + return EXIT_FAILURE; + } + + usr_attr = (Entry *) ch_calloc( 1, sizeof(Entry) ); + usr_attr->e_attrs = NULL; + + while( ldif_read_record( fp, &lineno, &buf, &lmax ) ) { + ID id; + Entry *e = str2entry( buf ); + + if( e == NULL ) { + fprintf( stderr, "root_dse: could not parse entry (line=%d)\n", + lineno ); + entry_free( e ); + entry_free( usr_attr ); + usr_attr = NULL; + return EXIT_FAILURE; + } + + if( dn_normalize( e->e_ndn ) == NULL ) { + fprintf( stderr, "root_dse: invalid dn=\"%s\" (line=%d)\n", + e->e_dn, lineno ); + entry_free( e ); + entry_free( usr_attr ); + usr_attr = NULL; + return EXIT_FAILURE; + } + + /* make sure the DN is a valid rootdse(rootdse is a null string) */ + if( strcmp(e->e_ndn, "") != 0 ) { + fprintf( stderr, + "root_dse: invalid rootDSE - dn=\"%s\" (line=%d)\n", + e->e_dn, lineno ); + entry_free( e ); + entry_free( usr_attr ); + usr_attr = NULL; + return EXIT_FAILURE; + } + + /* + * we found a valid entry, so walk thru all the attributes in the + * entry, and add each attribute type and description to the + * usr_attr entry + */ + + for(a = e->e_attrs; a != NULL; a = a->a_next) { + attr_merge( usr_attr, a->a_desc, a->a_vals ); + } + + entry_free( e ); + } + + ch_free( buf ); + + Debug(LDAP_DEBUG_CONFIG,"rootDSE file %s read.\n", fname, 0, 0); + return rc; +} diff --git a/servers/slapd/schema/README b/servers/slapd/schema/README index 8b710e1111..caa2ab75da 100644 --- a/servers/slapd/schema/README +++ b/servers/slapd/schema/README @@ -2,19 +2,20 @@ This directory contains schema definitions for use with slapd(5). File Description ---- ----------- -corba.schema Corba Object (RFC 2714) schema +corba.schema Corba Object (RFC 2714) core.schema OpenLDAP "core" -cosine.schema COSINE Pilot schema -inetorgperson.schema InetOrgPerson schema -java.schema Java Object (RFC 2713) schema -krb5-kdc.schema Kerberos V KDC schema -microsoft.ext.schema Microsoft schema -microsoft.schema Microsoft schema -microsoft.std.schema Microsoft schema -misc.schema misc. experimental schema -nadf.schema North America Directory Forum schema -nis.schema Network Information Service schema -openldap.schema OpenLDAP Project schema +cosine.schema COSINE Pilot +inetorgperson.schema InetOrgPerson +java.schema Java Object (RFC 2713) +krb5-kdc.schema Kerberos V KDC +microsoft.ext.schema Microsoft +microsoft.schema Microsoft +microsoft.std.schema Microsoft +misc.schema misc/experimental +nadf.schema North America Directory Forum +nis.schema Network Information Service +openldap.schema OpenLDAP Project +vendor.schema Vendor Information (RFC 3045) schema Additional schema definitions can be submitted using the OpenLDAP Issue Tracking System . Such diff --git a/servers/slapd/schema/vendor.schema b/servers/slapd/schema/vendor.schema new file mode 100644 index 0000000000..0c4f765d24 --- /dev/null +++ b/servers/slapd/schema/vendor.schema @@ -0,0 +1,46 @@ +# +# RFC 3045: Storing Vendor Information in the LDAP root DSE +# + +# 2.1 vendorName +# +# This attribute contains a single string, which represents the name of +# the LDAP server implementer. +# +# All LDAP server implementations SHOULD maintain a vendorName, which +# is generally the name of the company that wrote the LDAP Server code +# like "Novell, Inc." + +attributetype ( 1.3.6.1.1.4 NAME 'vendorName' + EQUALITY 1.3.6.1.4.1.1466.109.114.1 + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) + +# 2.2 vendorVersion +# +# This attribute contains a string which represents the version of the +# LDAP server implementation. +# +# All LDAP server implementations SHOULD maintain a vendorVersion. +# Note that this value is typically a release value--comprised of a +# string and/or a string of numbers--used by the developer of the LDAP +# server product (as opposed to the supportedLDAPVersion, which +# specifies the version of the LDAP protocol supported by this server). +# This is single-valued so that it will only have one version value. +# This string MUST be unique between two versions, but there are no +# other syntactic restrictions on the value or the way it is formatted. + +attributetype ( 1.3.6.1.1.5 NAME 'vendorVersion' + EQUALITY 1.3.6.1.4.1.1466.109.114.1 + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE NO-USER-MODIFICATION + USAGE dSAOperation ) + +# The intent behind the equality match on vendorVersion is to not allow +# a less than or greater than type of query. Say release "LDAPv3 8.0" +# has a problem that is fixed in the next release "LDAPv3 8.5", but in +# the mean time there is also an update release say version "LDAPv3 +# 8.01" that fixes the problem. This will hopefully stop the client +# from saying it will not work with a version less than "LDAPv3 8.5" +# when it would also work with "LDAPv3 8.01". With the equality match +# the client would have to exactly match what it is looking for. diff --git a/servers/slapd/schema_check.c b/servers/slapd/schema_check.c index 4fcc00fbf9..c2812d0c9e 100644 --- a/servers/slapd/schema_check.c +++ b/servers/slapd/schema_check.c @@ -230,7 +230,6 @@ int oc_check_allowed( return LDAP_SUCCESS; } - /* * All operational attributions are allowed by schema rules. */ diff --git a/servers/slapd/tools/mimic.c b/servers/slapd/tools/mimic.c index fb3a1f24c3..2b373f7db6 100644 --- a/servers/slapd/tools/mimic.c +++ b/servers/slapd/tools/mimic.c @@ -219,3 +219,7 @@ int get_limits( Backend *be, const char *ndn, struct slap_limits_set **limit ) return 0; } +int read_root_dse_file ( const char *file ) +{ + return 0; +} diff --git a/tests/data/slapd-schema.conf b/tests/data/slapd-schema.conf index ef8df1a562..43c134d690 100644 --- a/tests/data/slapd-schema.conf +++ b/tests/data/slapd-schema.conf @@ -16,6 +16,7 @@ include ./schema/misc.schema include ./schema/nadf.schema include ./schema/nis.schema include ./schema/openldap.schema +include ./schema/vendor.schema # schemacheck on pidfile ./test-db/slapd.pid -- 2.39.5