mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-12-23 16:19:35 -05:00
Use struct berval DNs for root DN and update DN
This commit is contained in:
Kurt Zeilenga
parent
f443af5a57
commit
5ee89d6167
16 changed files with 106 additions and 86 deletions
|
|
@ -268,12 +268,12 @@ do_add( Connection *conn, Operation *op )
|
|||
*/
|
||||
if ( be->be_add ) {
|
||||
/* do the update here */
|
||||
int repl_user = be_isupdate(be, op->o_ndn.bv_val );
|
||||
int repl_user = be_isupdate(be, &op->o_ndn );
|
||||
#ifndef SLAPD_MULTIMASTER
|
||||
if ( be->be_update_ndn == NULL || repl_user )
|
||||
if ( !be->be_update_ndn.bv_len || repl_user )
|
||||
#endif
|
||||
{
|
||||
int update = be->be_update_ndn != NULL;
|
||||
int update = be->be_update_ndn.bv_len;
|
||||
char textbuf[SLAP_TEXT_BUFLEN];
|
||||
size_t textlen = sizeof textbuf;
|
||||
|
||||
|
|
|
|||
|
|
@ -193,8 +193,7 @@ retry: rc = txn_abort( ltid );
|
|||
* or with parent ""
|
||||
*/
|
||||
if ( !be_isroot( be, op->o_ndn.bv_val )) {
|
||||
if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn.bv_val ) ) {
|
||||
|
||||
if ( be_issuffix( be, "" ) || be_isupdate( be, &op->o_ndn ) ) {
|
||||
p = (Entry *)&slap_entry_root;
|
||||
|
||||
/* check parent for "children" acl */
|
||||
|
|
|
|||
|
|
@ -162,7 +162,7 @@ retry: /* transaction retry */
|
|||
} else {
|
||||
/* no parent, must be root to delete */
|
||||
if( ! be_isroot( be, op->o_ndn.bv_val ) ) {
|
||||
if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn.bv_val ) ) {
|
||||
if ( be_issuffix( be, "" ) || be_isupdate( be, &op->o_ndn ) ) {
|
||||
p = (Entry *)&slap_entry_root;
|
||||
|
||||
/* check parent for "children" acl */
|
||||
|
|
|
|||
|
|
@ -214,7 +214,7 @@ retry: /* transaction retry */
|
|||
/* no parent, modrdn entry directly under root */
|
||||
isroot = be_isroot( be, op->o_ndn.bv_val );
|
||||
if ( ! isroot ) {
|
||||
if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn.bv_val ) ) {
|
||||
if ( be_issuffix( be, "" ) || be_isupdate( be, &op->o_ndn ) ) {
|
||||
|
||||
p = (Entry *)&slap_entry_root;
|
||||
|
||||
|
|
@ -335,8 +335,7 @@ retry: /* transaction retry */
|
|||
|
||||
/* no parent, modrdn entry directly under root */
|
||||
if ( ! isroot ) {
|
||||
if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn.bv_val ) ) {
|
||||
|
||||
if ( be_issuffix( be, "" ) || be_isupdate( be, &op->o_ndn ) ) {
|
||||
np = (Entry *)&slap_entry_root;
|
||||
|
||||
/* check parent for "children" acl */
|
||||
|
|
|
|||
|
|
@ -206,8 +206,7 @@ ldbm_back_add(
|
|||
|
||||
/* no parent, must be adding entry to root */
|
||||
if ( !be_isroot( be, op->o_ndn.bv_val ) ) {
|
||||
if ( be_issuffix( be, "" )
|
||||
|| be_isupdate( be, op->o_ndn.bv_val ) ) {
|
||||
if ( be_issuffix( be, "" ) || be_isupdate( be, &op->o_ndn ) ) {
|
||||
p = (Entry *)&slap_entry_root;
|
||||
|
||||
rc = access_allowed( be, conn, op, p,
|
||||
|
|
|
|||
|
|
@ -154,8 +154,7 @@ ldbm_back_delete(
|
|||
} else {
|
||||
/* no parent, must be root to delete */
|
||||
if( ! be_isroot( be, op->o_ndn.bv_val ) ) {
|
||||
if ( be_issuffix( be, "" )
|
||||
|| be_isupdate( be, op->o_ndn.bv_val ) ) {
|
||||
if ( be_issuffix( be, "" ) || be_isupdate( be, &op->o_ndn ) ) {
|
||||
p = (Entry *)&slap_entry_root;
|
||||
|
||||
rc = access_allowed( be, conn, op, p,
|
||||
|
|
|
|||
|
|
@ -208,8 +208,7 @@ ldbm_back_modrdn(
|
|||
/* no parent, must be root to modify rdn */
|
||||
isroot = be_isroot( be, op->o_ndn.bv_val );
|
||||
if ( ! be_isroot ) {
|
||||
if ( be_issuffix( be, "" )
|
||||
|| be_isupdate( be, op->o_ndn.bv_val ) ) {
|
||||
if ( be_issuffix( be, "" ) || be_isupdate( be, &op->o_ndn ) ) {
|
||||
p = (Entry *)&slap_entry_root;
|
||||
|
||||
rc = access_allowed( be, conn, op, p,
|
||||
|
|
@ -387,8 +386,7 @@ ldbm_back_modrdn(
|
|||
}
|
||||
|
||||
if ( ! be_isroot ) {
|
||||
if ( be_issuffix( be, "" )
|
||||
|| be_isupdate( be, op->o_ndn.bv_val ) ) {
|
||||
if ( be_issuffix( be, "" ) || be_isupdate( be, &op->o_ndn ) ) {
|
||||
np = (Entry *)&slap_entry_root;
|
||||
|
||||
rc = access_allowed( be, conn, op, np,
|
||||
|
|
|
|||
|
|
@ -419,9 +419,9 @@ int backend_destroy(void)
|
|||
}
|
||||
charray_free( backendDB[i].be_suffix );
|
||||
ber_bvecfree( backendDB[i].be_nsuffix );
|
||||
free( backendDB[i].be_root_dn );
|
||||
free( backendDB[i].be_root_ndn );
|
||||
free( backendDB[i].be_root_pw.bv_val );
|
||||
free( backendDB[i].be_rootdn.bv_val );
|
||||
free( backendDB[i].be_rootndn.bv_val );
|
||||
free( backendDB[i].be_rootpw.bv_val );
|
||||
acl_destroy( backendDB[i].be_acl, global_acl );
|
||||
}
|
||||
free( backendDB );
|
||||
|
|
@ -599,41 +599,37 @@ be_isroot( Backend *be, const char *ndn )
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
if ( be->be_root_ndn == NULL || *be->be_root_ndn == '\0' ) {
|
||||
if ( !be->be_rootndn.bv_len ) {
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
rc = strcmp( be->be_root_ndn, ndn ) ? 0 : 1;
|
||||
rc = strcmp( be->be_rootndn.bv_val, ndn ) ? 0 : 1;
|
||||
|
||||
return(rc);
|
||||
}
|
||||
|
||||
int
|
||||
be_isupdate( Backend *be, const char *ndn )
|
||||
be_isupdate( Backend *be, struct berval *ndn )
|
||||
{
|
||||
int rc;
|
||||
|
||||
if ( ndn == NULL || *ndn == '\0' ) {
|
||||
if ( !ndn->bv_len ) {
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
if ( be->be_update_ndn == NULL || *be->be_update_ndn == '\0' ) {
|
||||
if ( !be->be_update_ndn.bv_len ) {
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
rc = strcmp( be->be_update_ndn, ndn ) ? 0 : 1;
|
||||
|
||||
return(rc);
|
||||
return strcmp( be->be_update_ndn.bv_val, ndn->bv_val ) ? 0 : 1;
|
||||
}
|
||||
|
||||
char *
|
||||
be_root_dn( Backend *be )
|
||||
{
|
||||
if ( be->be_root_dn == NULL ) {
|
||||
if ( !be->be_rootdn.bv_len ) {
|
||||
return( "" );
|
||||
}
|
||||
|
||||
return be->be_root_dn;
|
||||
return be->be_rootdn.bv_val;
|
||||
}
|
||||
|
||||
int
|
||||
|
|
@ -648,7 +644,7 @@ be_isroot_pw( Backend *be,
|
|||
return 0;
|
||||
}
|
||||
|
||||
if( be->be_root_pw.bv_len == 0 ) {
|
||||
if( be->be_rootpw.bv_len == 0 ) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
@ -659,7 +655,7 @@ be_isroot_pw( Backend *be,
|
|||
#endif
|
||||
#endif
|
||||
|
||||
result = lutil_passwd( &be->be_root_pw, cred, NULL );
|
||||
result = lutil_passwd( &be->be_rootpw, cred, NULL );
|
||||
|
||||
#if defined( SLAPD_CRYPT ) || defined( SLAPD_SPASSWD )
|
||||
#ifdef SLAPD_SPASSWD
|
||||
|
|
|
|||
|
|
@ -1142,27 +1142,49 @@ read_config( const char *fname )
|
|||
#endif
|
||||
|
||||
} else {
|
||||
be->be_root_dn = ch_strdup( cargv[1] );
|
||||
be->be_root_ndn = ch_strdup( cargv[1] );
|
||||
|
||||
struct berval dn, *pdn = NULL, *ndn = NULL;
|
||||
|
||||
if ( load_ucdata( NULL ) < 0 ) {
|
||||
return( 1 );
|
||||
}
|
||||
if( dn_normalize( be->be_root_ndn ) == NULL ) {
|
||||
free( be->be_root_dn );
|
||||
free( be->be_root_ndn );
|
||||
|
||||
dn.bv_val = cargv[1];
|
||||
dn.bv_len = strlen( cargv[1] );
|
||||
|
||||
rc = dnPretty( NULL, &dn, &pdn );
|
||||
if( rc != LDAP_SUCCESS ) {
|
||||
#ifdef NEW_LOGGING
|
||||
LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
|
||||
"%s: line %d: rootdn DN is invalid.\n",
|
||||
fname, lineno ));
|
||||
"%s: line %d: rootdn DN is invalid.\n",
|
||||
fname, lineno ));
|
||||
#else
|
||||
Debug( LDAP_DEBUG_ANY,
|
||||
"%s: line %d: rootdn DN is invalid\n",
|
||||
"%s: line %d: rootdn DN is invalid\n",
|
||||
fname, lineno, 0 );
|
||||
#endif
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
rc = dnNormalize( NULL, &dn, &ndn );
|
||||
if( rc != LDAP_SUCCESS ) {
|
||||
#ifdef NEW_LOGGING
|
||||
LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
|
||||
"%s: line %d: rootdn DN is invalid.\n",
|
||||
fname, lineno ));
|
||||
#else
|
||||
Debug( LDAP_DEBUG_ANY,
|
||||
"%s: line %d: rootdn DN is invalid\n",
|
||||
fname, lineno, 0 );
|
||||
#endif
|
||||
ber_bvfree( ndn );
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
be->be_rootdn = *pdn;
|
||||
be->be_rootndn = *ndn;
|
||||
|
||||
free( pdn );
|
||||
free( ndn );
|
||||
}
|
||||
|
||||
/* set super-secret magic database password */
|
||||
|
|
@ -1192,8 +1214,8 @@ read_config( const char *fname )
|
|||
#endif
|
||||
|
||||
} else {
|
||||
be->be_root_pw.bv_val = ch_strdup( cargv[1] );
|
||||
be->be_root_pw.bv_len = strlen( be->be_root_pw.bv_val );
|
||||
be->be_rootpw.bv_val = ch_strdup( cargv[1] );
|
||||
be->be_rootpw.bv_len = strlen( be->be_rootpw.bv_val );
|
||||
}
|
||||
|
||||
/* make this database read-only */
|
||||
|
|
@ -1798,23 +1820,31 @@ read_config( const char *fname )
|
|||
#endif
|
||||
|
||||
} else {
|
||||
be->be_update_ndn = ch_strdup( cargv[1] );
|
||||
struct berval dn, *ndn = NULL;
|
||||
|
||||
if ( load_ucdata( NULL ) < 0 ) {
|
||||
return( 1 );
|
||||
}
|
||||
if( dn_normalize( be->be_update_ndn ) == NULL ) {
|
||||
|
||||
dn.bv_val = cargv[1];
|
||||
dn.bv_len = strlen( cargv[1] );
|
||||
|
||||
rc = dnNormalize( NULL, &dn, &ndn );
|
||||
if( rc != LDAP_SUCCESS ) {
|
||||
#ifdef NEW_LOGGING
|
||||
LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
|
||||
"%s: line %d: updatedn DN is invalid.\n",
|
||||
fname, lineno ));
|
||||
"%s: line %d: updatedn DN is invalid.\n",
|
||||
fname, lineno ));
|
||||
#else
|
||||
Debug( LDAP_DEBUG_ANY,
|
||||
"%s: line %d: updatedn DN is invalid\n",
|
||||
"%s: line %d: updatedn DN is invalid\n",
|
||||
fname, lineno, 0 );
|
||||
#endif
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
be->be_update_ndn = *ndn;
|
||||
free( ndn );
|
||||
}
|
||||
|
||||
} else if ( strcasecmp( cargv[0], "updateref" ) == 0 ) {
|
||||
|
|
@ -1833,24 +1863,24 @@ read_config( const char *fname )
|
|||
}
|
||||
if ( be == NULL ) {
|
||||
#ifdef NEW_LOGGING
|
||||
LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: "
|
||||
"updateref line must appear inside a database definition "
|
||||
"(ignored)\n", fname, lineno ));
|
||||
LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: updateref"
|
||||
" line must appear inside a database definition\n",
|
||||
fname, lineno ));
|
||||
#else
|
||||
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
|
||||
"updateref line must appear inside a database definition "
|
||||
"(ignored)\n", fname, lineno, 0 );
|
||||
Debug( LDAP_DEBUG_ANY, "%s: line %d: updateref"
|
||||
" line must appear inside a database definition\n",
|
||||
fname, lineno, 0 );
|
||||
#endif
|
||||
return 1;
|
||||
|
||||
} else if ( be->be_update_ndn == NULL ) {
|
||||
} else if ( !be->be_update_ndn.bv_len ) {
|
||||
#ifdef NEW_LOGGING
|
||||
LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: "
|
||||
"updateref line must come after updatedn (ignored).\n",
|
||||
"updateref line must come after updatedn.\n",
|
||||
fname, lineno ));
|
||||
#else
|
||||
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
|
||||
"updateref line must after updatedn (ignored)\n",
|
||||
"updateref line must after updatedn.\n",
|
||||
fname, lineno, 0 );
|
||||
#endif
|
||||
return 1;
|
||||
|
|
|
|||
|
|
@ -179,14 +179,14 @@ do_delete(
|
|||
*/
|
||||
if ( be->be_delete ) {
|
||||
/* do the update here */
|
||||
int repl_user = be_isupdate( be, op->o_ndn.bv_val );
|
||||
int repl_user = be_isupdate( be, &op->o_ndn );
|
||||
#ifndef SLAPD_MULTIMASTER
|
||||
if ( be->be_update_ndn == NULL || repl_user )
|
||||
if ( !be->be_update_ndn.bv_len || repl_user )
|
||||
#endif
|
||||
{
|
||||
if ( (*be->be_delete)( be, conn, op, pdn->bv_val, ndn->bv_val ) == 0 ) {
|
||||
#ifdef SLAPD_MULTIMASTER
|
||||
if (be->be_update_ndn == NULL || !repl_user )
|
||||
if ( !be->be_update_ndn.bv_len || !repl_user )
|
||||
#endif
|
||||
{
|
||||
replog( be, op, pdn->bv_val, ndn->bv_val, NULL );
|
||||
|
|
|
|||
|
|
@ -333,15 +333,15 @@ do_modify(
|
|||
*/
|
||||
if ( be->be_modify ) {
|
||||
/* do the update here */
|
||||
int repl_user = be_isupdate( be, op->o_ndn.bv_val );
|
||||
int repl_user = be_isupdate( be, &op->o_ndn );
|
||||
#ifndef SLAPD_MULTIMASTER
|
||||
/* Multimaster slapd does not have to check for replicator dn
|
||||
* because it accepts each modify request
|
||||
*/
|
||||
if ( be->be_update_ndn == NULL || repl_user )
|
||||
if ( !be->be_update_ndn.bv_len || repl_user )
|
||||
#endif
|
||||
{
|
||||
int update = be->be_update_ndn != NULL;
|
||||
int update = be->be_update_ndn.bv_len;
|
||||
const char *text;
|
||||
char textbuf[SLAP_TEXT_BUFLEN];
|
||||
size_t textlen = sizeof textbuf;
|
||||
|
|
|
|||
|
|
@ -376,21 +376,21 @@ do_modrdn(
|
|||
*/
|
||||
if ( be->be_modrdn ) {
|
||||
/* do the update here */
|
||||
int repl_user = be_isupdate( be, op->o_ndn.bv_val );
|
||||
int repl_user = be_isupdate( be, &op->o_ndn );
|
||||
#ifndef SLAPD_MULTIMASTER
|
||||
if ( be->be_update_ndn == NULL || repl_user )
|
||||
if ( !be->be_update_ndn.bv_len || repl_user )
|
||||
#endif
|
||||
{
|
||||
if ( (*be->be_modrdn)( be, conn, op, pdn->bv_val, ndn->bv_val,
|
||||
pnewrdn->bv_val, deloldrdn, pnewSuperior ? pnewSuperior->bv_val : NULL ) == 0
|
||||
#ifdef SLAPD_MULTIMASTER
|
||||
&& ( be->be_update_ndn == NULL || !repl_user )
|
||||
&& ( !be->be_update_ndn.bv_len || !repl_user )
|
||||
#endif
|
||||
) {
|
||||
struct replog_moddn moddn;
|
||||
moddn.newrdn = pnewrdn->bv_val;
|
||||
struct slap_replog_moddn moddn;
|
||||
moddn.newrdn = pnewrdn;
|
||||
moddn.deloldrdn = deloldrdn;
|
||||
moddn.newsup = pnewSuperior ? pnewSuperior->bv_val : NULL;
|
||||
moddn.newsup = pnewSuperior;
|
||||
|
||||
replog( be, op, pdn->bv_val, ndn->bv_val, &moddn );
|
||||
}
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@ int passwd_extop(
|
|||
*text = "authorization database is read only";
|
||||
rc = LDAP_UNWILLING_TO_PERFORM;
|
||||
|
||||
} else if( conn->c_authz_backend->be_update_ndn != NULL ) {
|
||||
} else if( conn->c_authz_backend->be_update_ndn.bv_len ) {
|
||||
/* we SHOULD return a referral in this case */
|
||||
*refs = referral_rewrite( conn->c_authz_backend->be_update_refs,
|
||||
NULL, NULL, LDAP_SCOPE_DEFAULT );
|
||||
|
|
|
|||
|
|
@ -161,7 +161,7 @@ LDAP_SLAPD_F (int) be_issuffix LDAP_P(( Backend *be, const char *suffix ));
|
|||
LDAP_SLAPD_F (int) be_isroot LDAP_P(( Backend *be, const char *ndn ));
|
||||
LDAP_SLAPD_F (int) be_isroot_pw LDAP_P(( Backend *be,
|
||||
Connection *conn, const char *ndn, struct berval *cred ));
|
||||
LDAP_SLAPD_F (int) be_isupdate LDAP_P(( Backend *be, const char *ndn ));
|
||||
LDAP_SLAPD_F (int) be_isupdate LDAP_P(( Backend *be, struct berval *ndn ));
|
||||
LDAP_SLAPD_F (char *) be_root_dn LDAP_P(( Backend *be ));
|
||||
LDAP_SLAPD_F (int) be_entry_release_rw LDAP_P((
|
||||
BackendDB *be, Connection *c, Operation *o, Entry *e, int rw ));
|
||||
|
|
|
|||
|
|
@ -81,7 +81,7 @@ replog(
|
|||
{
|
||||
Modifications *ml;
|
||||
Entry *e;
|
||||
struct replog_moddn *moddn;
|
||||
struct slap_replog_moddn *moddn;
|
||||
char *tmp;
|
||||
FILE *fp, *lfp;
|
||||
int len, i;
|
||||
|
|
@ -213,7 +213,7 @@ replog(
|
|||
fprintf( fp, "newrdn: %s\n", moddn->newrdn );
|
||||
fprintf( fp, "deleteoldrdn: %d\n", moddn->deloldrdn ? 1 : 0 );
|
||||
if( moddn->newsup != NULL ) {
|
||||
fprintf( fp, "newsuperior: %s\n", moddn->newsup );
|
||||
fprintf( fp, "newsuperior: %s\n", moddn->newsup->bv_val );
|
||||
}
|
||||
}
|
||||
fprintf( fp, "\n" );
|
||||
|
|
|
|||
|
|
@ -834,10 +834,10 @@ typedef struct slap_acl {
|
|||
/*
|
||||
* replog moddn param structure
|
||||
*/
|
||||
struct replog_moddn {
|
||||
char *newrdn;
|
||||
struct slap_replog_moddn {
|
||||
struct berval *newrdn;
|
||||
int deloldrdn;
|
||||
char *newsup;
|
||||
struct berval *newsup;
|
||||
};
|
||||
|
||||
/*
|
||||
|
|
@ -982,11 +982,11 @@ struct slap_backend_db {
|
|||
|
||||
/* these should be renamed from be_ to bd_ */
|
||||
char **be_suffix; /* the DN suffixes of data in this backend */
|
||||
struct berval **be_nsuffix; /* the normalized DN suffixes in this backend */
|
||||
struct berval **be_suffixAlias; /* pairs of DN suffix aliases and deref values */
|
||||
char *be_root_dn; /* the magic "root" dn for this db */
|
||||
char *be_root_ndn; /* the magic "root" normalized dn for this db */
|
||||
struct berval be_root_pw; /* the magic "root" password for this db */
|
||||
struct berval **be_nsuffix; /* the normalized DN suffixes in this backend */
|
||||
struct berval **be_suffixAlias; /* pairs of DN suffix aliases and deref values */
|
||||
struct berval be_rootdn; /* the magic "root" name (DN) for this db */
|
||||
struct berval be_rootndn; /* the magic "root" normalized name (DN) for this db */
|
||||
struct berval be_rootpw; /* the magic "root" password for this db */
|
||||
unsigned int be_max_deref_depth; /* limit for depth of an alias deref */
|
||||
#define be_sizelimit be_def_limit.lms_s_soft
|
||||
#define be_timelimit be_def_limit.lms_t_soft
|
||||
|
|
@ -996,7 +996,7 @@ struct slap_backend_db {
|
|||
slap_access_t be_dfltaccess; /* access given if no acl matches */
|
||||
struct slap_replica_info **be_replica; /* replicas of this backend (in master) */
|
||||
char *be_replogfile; /* replication log file (in master) */
|
||||
char *be_update_ndn; /* allowed to make changes (in replicas) */
|
||||
struct berval be_update_ndn; /* allowed to make changes (in replicas) */
|
||||
struct berval **be_update_refs; /* where to refer modifying clients to */
|
||||
int be_lastmod; /* keep track of lastmodified{by,time} */
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue