Hide experimental controls and extended operations

servers/slapd/back-ldap/config.c

@@ -132,7 +132,8 @@ ldap_back_db_config(
 			    fname, lineno );
 			return( 1 );
 		}
-		load_extop( (struct berval *)&slap_EXOP_WHOAMI, ldap_back_exop_whoami );
+		load_extop( (struct berval *)&slap_EXOP_WHOAMI,
+			0, ldap_back_exop_whoami );
 	
 	/* dn massaging */
 	} else if ( strcasecmp( argv[0], "suffixmassage" ) == 0 ) {

servers/slapd/controls.c

@@ -106,12 +106,12 @@ static struct slap_control control_defs[] = {
 		parseNoOp, LDAP_SLIST_ENTRY_INITIALIZER(next) },
 #ifdef LDAP_CLIENT_UPDATE
 	{ LDAP_CONTROL_CLIENT_UPDATE,
-		SLAP_CTRL_SEARCH, NULL,
+		SLAP_CTRL_HIDE|SLAP_CTRL_SEARCH, NULL,
 		parseClientUpdate, LDAP_SLIST_ENTRY_INITIALIZER(next) },
 #endif
 #ifdef LDAP_SYNC
 	{ LDAP_CONTROL_SYNC,
-		SLAP_CTRL_SEARCH, NULL,
+		SLAP_CTRL_HIDE|SLAP_CTRL_SEARCH, NULL,
 		parseLdupSync, LDAP_SLIST_ENTRY_INITIALIZER(next) },
 #endif
 	{ LDAP_CONTROL_MANAGEDSAIT,
@@ -248,10 +248,14 @@ controls_root_dse_info( Entry *e )
 	vals[1].bv_len = 0;
 
 	LDAP_SLIST_FOREACH( sc, &controls_list, sc_next ) {
+		if( sc->sc_mask & SLAP_CTRL_HIDE ) continue;
+
 		vals[0].bv_val = sc->sc_oid;
 		vals[0].bv_len = strlen( sc->sc_oid );
-		if ( attr_merge( e, ad_supportedControl, vals, NULL ) )
+
+		if ( attr_merge( e, ad_supportedControl, vals, NULL ) ) {
 			return -1;
+		}
 	}
 
 	return 0;

servers/slapd/extended.c

@@ -41,9 +41,12 @@
 
 #define UNSUPPORTED_EXTENDEDOP "unsupported extended operation"
 
+#define SLAP_EXOP_HIDE 0x8000
+
 static struct extop_list {
 	struct extop_list *next;
 	struct berval oid;
+	slap_mask_t flags;
 	SLAP_EXTOP_MAIN_FN *ext_main;
 } *supp_ext_list = NULL;
 
@@ -63,15 +66,16 @@ const struct berval slap_EXOP_START_TLS = BER_BVC(LDAP_EXOP_START_TLS);
 
 static struct {
 	const struct berval *oid;
+	slap_mask_t flags;
 	SLAP_EXTOP_MAIN_FN *ext_main;
 } builtin_extops[] = {
 #ifdef LDAP_EXOP_X_CANCEL
-	{ &slap_EXOP_CANCEL, cancel_extop },
+	{ &slap_EXOP_CANCEL, SLAP_EXOP_HIDE, cancel_extop },
 #endif
-	{ &slap_EXOP_WHOAMI, whoami_extop },
-	{ &slap_EXOP_MODIFY_PASSWD, passwd_extop },
+	{ &slap_EXOP_WHOAMI, 0, whoami_extop },
+	{ &slap_EXOP_MODIFY_PASSWD, 0, passwd_extop },
 #ifdef HAVE_TLS
-	{ &slap_EXOP_START_TLS, starttls_extop },
+	{ &slap_EXOP_START_TLS, 0, starttls_extop },
 #endif
 	{ NULL, NULL }
 };
@@ -80,21 +84,27 @@ static struct {
 static struct extop_list *find_extop(
 	struct extop_list *list, struct berval *oid );
 
-struct berval *
-get_supported_extop (int index)
+int exop_root_dse_info( Entry *e )
 {
+	AttributeDescription *ad_supportedExtension
+		= slap_schema.si_ad_supportedExtension;
+	struct berval vals[2];
 	struct extop_list *ext;
 
-	/* linear scan is slow, but this way doesn't force a
-	 * big change on root_dse.c, where this routine is used.
-	 */
-	for (ext = supp_ext_list; ext != NULL && --index >= 0; ext = ext->next) {
-		; /* empty */
+	vals[1].bv_val = NULL;
+	vals[1].bv_len = 0;
+
+	for (ext = supp_ext_list; ext != NULL; ext = ext->next) {
+		if( ext->flags & SLAP_EXOP_HIDE ) continue;
+
+		vals[0] = ext->oid;
+
+		if( attr_merge( e, ad_supportedExtension, vals, NULL ) ) {
+			return LDAP_OTHER;
+		}
 	}
 
-	if (ext == NULL) return NULL;
-
-	return &ext->oid ;
+	return LDAP_SUCCESS;
 }
 
 int
@@ -308,6 +318,7 @@ done:
 int
 load_extop(
 	struct berval *ext_oid,
+	slap_mask_t ext_flags,
 	SLAP_EXTOP_MAIN_FN *ext_main )
 {
 	struct extop_list *ext;
@@ -320,6 +331,8 @@ load_extop(
 	if (ext == NULL)
 		return(-1);
 
+	ext->flags = ext_flags;
+
 	ext->oid.bv_val = (char *)(ext + 1);
 	AC_MEMCPY( ext->oid.bv_val, ext_oid->bv_val, ext_oid->bv_len );
 	ext->oid.bv_len = ext_oid->bv_len;
@@ -339,7 +352,9 @@ extops_init (void)
 	int i;
 
 	for (i = 0; builtin_extops[i].oid != NULL; i++) {
-		load_extop((struct berval *)builtin_extops[i].oid, builtin_extops[i].ext_main);
+		load_extop((struct berval *)builtin_extops[i].oid,
+			builtin_extops[i].flags,
+			builtin_extops[i].ext_main);
 	}
 	return(0);
 }

servers/slapd/proto-slap.h

@@ -443,6 +443,8 @@ LDAP_SLAPD_F (int) entry_id_cmp LDAP_P(( const void *v_a, const void *v_b ));
 /*
  * extended.c
  */
+LDAP_SLAPD_F (int) exop_root_dse_info LDAP_P ((Entry *e));
+
 #ifdef LDAP_EXOP_X_CANCEL
 LDAP_SLAPD_V( const struct berval ) slap_EXOP_CANCEL;
 #endif
@@ -457,14 +459,13 @@ typedef int (SLAP_EXTOP_GETOID_FN) LDAP_P((
 
 LDAP_SLAPD_F (int) load_extop LDAP_P((
 	struct berval *ext_oid,
+	slap_mask_t flags,
 	SLAP_EXTOP_MAIN_FN *ext_main ));
 
 LDAP_SLAPD_F (int) extops_init LDAP_P(( void ));
 
 LDAP_SLAPD_F (int) extops_kill LDAP_P(( void ));
 
-LDAP_SLAPD_F (struct berval *) get_supported_extop LDAP_P((int index));
-
 /*
  *  * cancel.c
  *   */

servers/slapd/root_dse.c

@@ -139,29 +139,22 @@ root_dse_info(
 	}
 
 	/* supportedExtension */
-	for ( i=0; (bv = get_supported_extop(i)) != NULL; i++ ) {
-		vals[0] = *bv;
-		if( attr_merge( e, ad_supportedExtension, vals, NULL ) )
-		{
-			return LDAP_OTHER;
-		}
+	if ( exop_root_dse_info( e ) != 0 ) {
+		return LDAP_OTHER;
 	}
 
 #ifdef LDAP_SLAPI
 	/* netscape supportedExtension */
 	for ( i = 0; (bv = ns_get_supported_extop(i)) != NULL; i++ ) {
 		vals[0] = *bv;
-		if( attr_merge( e, ad_supportedExtension, vals, NULL ))
-		{
+		if( attr_merge( e, ad_supportedExtension, vals, NULL )) {
 			return LDAP_OTHER;
 		}
 	}
 #endif /* LDAP_SLAPI */
 
 	/* supportedFeatures */
-	if( attr_merge( e, ad_supportedFeatures,
-		supportedFeatures, NULL ) )
-	{
+	if( attr_merge( e, ad_supportedFeatures, supportedFeatures, NULL ) ) {
 		return LDAP_OTHER;
 	}
 

servers/slapd/slap.h

@@ -2193,8 +2193,10 @@ enum {
 #define SLAP_SEARCH_MAX_CTRLS   10
 #endif
 
-#define SLAP_CTRL_FRONTEND			0x80000000U
-#define SLAP_CTRL_FRONTEND_SEARCH	0x01000000U	/* for NOOP */
+#define SLAP_CTRL_HIDE				0x80000000U
+
+#define SLAP_CTRL_FRONTEND			0x00800000U
+#define SLAP_CTRL_FRONTEND_SEARCH	0x00010000U	/* for NOOP */
 
 #define SLAP_CTRL_OPFLAGS			0x0000FFFFU
 #define SLAP_CTRL_ABANDON			0x00000001U