mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-12-29 11:09:34 -05:00
Less kludgy willing-to-perform check for recognized and appropriate
global controls
This commit is contained in:
Kurt Zeilenga
parent
82d3c103e9
commit
e826914a88
6 changed files with 64 additions and 18 deletions
|
|
@ -712,7 +712,7 @@ chain_init( void )
|
|||
int rc;
|
||||
|
||||
rc = register_supported_control( LDAP_CONTROL_X_CHAINING_BEHAVIOR,
|
||||
/* SLAP_CTRL_FRONTEND| */ SLAP_CTRL_ACCESS|SLAP_CTRL_HIDE, NULL,
|
||||
/* SLAP_CTRL_GLOBAL| */ SLAP_CTRL_ACCESS|SLAP_CTRL_HIDE, NULL,
|
||||
ldap_chain_parse_ctrl, &sc_chainingBehavior );
|
||||
if ( rc != LDAP_SUCCESS ) {
|
||||
fprintf( stderr, "Failed to register chaining behavior control: %d\n", rc );
|
||||
|
|
|
|||
|
|
@ -74,7 +74,7 @@ int backend_init(void)
|
|||
if((nBackendInfo != 0) || (backendInfo != NULL)) {
|
||||
/* already initialized */
|
||||
Debug( LDAP_DEBUG_ANY,
|
||||
"backend_init: already initialized.\n", 0, 0, 0 );
|
||||
"backend_init: already initialized\n", 0, 0, 0 );
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
|
@ -846,14 +846,29 @@ backend_check_controls(
|
|||
|
||||
if( ctrls ) {
|
||||
for( ; *ctrls != NULL ; ctrls++ ) {
|
||||
if(
|
||||
int cid;
|
||||
if( slap_find_control_id( (*ctrls)->ldctl_oid, &cid ) ==
|
||||
LDAP_CONTROL_NOT_FOUND )
|
||||
{
|
||||
/* unrecognized control */
|
||||
if ( (*ctrls)->ldctl_iscritical ) {
|
||||
/* should not be reachable */
|
||||
Debug( LDAP_DEBUG_ANY,
|
||||
"backend_check_controls: unrecognized control: %s\n",
|
||||
(*ctrls)->ldctl_oid, 0, 0 );
|
||||
assert( 0 );
|
||||
}
|
||||
|
||||
} else if (
|
||||
#ifdef SLAP_CONTROL_AVAILABILITY_KLUDGE
|
||||
/* KLUDGE: ldctl_iscritical munged by controls.c:get_ctrls()
|
||||
* to ensure this check is enabled/disabled appropriately.
|
||||
*/
|
||||
(*ctrls)->ldctl_iscritical &&
|
||||
#else
|
||||
!slap_global_control( op, (*ctrls)->ldctl_oid )
|
||||
#endif
|
||||
!ldap_charray_inlist( op->o_bd->be_controls,
|
||||
&& !ldap_charray_inlist( op->o_bd->be_controls,
|
||||
(*ctrls)->ldctl_oid ) )
|
||||
{
|
||||
/* Per RFC 2251 (and LDAPBIS discussions), if the control
|
||||
|
|
|
|||
|
|
@ -115,7 +115,7 @@ static struct slap_control control_defs[] = {
|
|||
#ifdef LDAP_CONTROL_X_DOMAIN_SCOPE
|
||||
{ LDAP_CONTROL_X_DOMAIN_SCOPE,
|
||||
(int)offsetof(struct slap_control_ids, sc_domainScope),
|
||||
SLAP_CTRL_FRONTEND|SLAP_CTRL_SEARCH, NULL,
|
||||
SLAP_CTRL_GLOBAL|SLAP_CTRL_SEARCH, NULL,
|
||||
parseDomainScope, LDAP_SLIST_ENTRY_INITIALIZER(next) },
|
||||
#endif
|
||||
#ifdef LDAP_CONTROL_X_PERMISSIVE_MODIFY
|
||||
|
|
@ -133,7 +133,7 @@ static struct slap_control control_defs[] = {
|
|||
#ifdef LDAP_CONTORL_X_SEARCH_OPTIONS
|
||||
{ LDAP_CONTORL_X_SEARCH_OPTIONS,
|
||||
(int)offsetof(struct slap_control_ids, sc_searchOptions),
|
||||
SLAP_CTRL_FRONTEND|SLAP_CTRL_SEARCH, NULL,
|
||||
SLAP_CTRL_GLOBAL|SLAP_CTRL_SEARCH, NULL,
|
||||
parseSearchOptions, LDAP_SLIST_ENTRY_INITIALIZER(next) },
|
||||
#endif
|
||||
#ifdef LDAP_CONTROL_SUBENTRIES
|
||||
|
|
@ -158,7 +158,7 @@ static struct slap_control control_defs[] = {
|
|||
parseManageDSAit, LDAP_SLIST_ENTRY_INITIALIZER(next) },
|
||||
{ LDAP_CONTROL_PROXY_AUTHZ,
|
||||
(int)offsetof(struct slap_control_ids, sc_proxyAuthz),
|
||||
SLAP_CTRL_FRONTEND|SLAP_CTRL_ACCESS, proxy_authz_extops,
|
||||
SLAP_CTRL_GLOBAL|SLAP_CTRL_ACCESS, proxy_authz_extops,
|
||||
parseProxyAuthz, LDAP_SLIST_ENTRY_INITIALIZER(next) },
|
||||
{ NULL, 0, 0, NULL, 0, LDAP_SLIST_ENTRY_INITIALIZER(next) }
|
||||
};
|
||||
|
|
@ -380,6 +380,34 @@ slap_find_control_id(
|
|||
return LDAP_CONTROL_NOT_FOUND;
|
||||
}
|
||||
|
||||
int
|
||||
slap_global_control( Operation *op, const char *oid )
|
||||
{
|
||||
struct slap_control *ctrl = find_ctrl( oid );
|
||||
|
||||
if ( ctrl == NULL ) {
|
||||
/* should not be reachable */
|
||||
Debug( LDAP_DEBUG_ANY,
|
||||
"slap_global_control: unrecognized control: %s\n",
|
||||
oid, 0, 0 );
|
||||
assert( 0 );
|
||||
return 0;
|
||||
}
|
||||
|
||||
if ( ctrl->sc_mask & SLAP_CTRL_GLOBAL ) return 1;
|
||||
|
||||
if (( op->o_tag & LDAP_REQ_SEARCH ) &&
|
||||
( ctrl->sc_mask & SLAP_CTRL_GLOBAL_SEARCH ))
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
|
||||
Debug( LDAP_DEBUG_ANY,
|
||||
"slap_global_control: unavailable control: %s\n",
|
||||
oid, 0, 0 );
|
||||
return 0;
|
||||
}
|
||||
|
||||
void slap_free_ctrls(
|
||||
Operation *op,
|
||||
LDAPControl **ctrls )
|
||||
|
|
@ -613,12 +641,13 @@ int get_ctrls(
|
|||
}
|
||||
|
||||
#ifdef SLAP_CONTROL_AVAILABILITY_KLUDGE
|
||||
if ( sc->sc_mask & SLAP_CTRL_FRONTEND ) {
|
||||
/* backend_check_controls() kludge */
|
||||
if ( sc->sc_mask & SLAP_CTRL_GLOBAL ) {
|
||||
/* KLUDGE: disable backend_control() check */
|
||||
c->ldctl_iscritical = 0;
|
||||
|
||||
} else if ( tagmask == SLAP_CTRL_SEARCH &&
|
||||
sc->sc_mask & SLAP_CTRL_FRONTEND_SEARCH )
|
||||
sc->sc_mask & SLAP_CTRL_GLOBAL_SEARCH )
|
||||
{
|
||||
/* KLUDGE: disable backend_control() check */
|
||||
c->ldctl_iscritical = 0;
|
||||
|
|
|
|||
|
|
@ -425,8 +425,12 @@ LDAP_SLAPD_F (int) register_supported_control LDAP_P((
|
|||
LDAP_SLAPD_F (int) slap_controls_init LDAP_P ((void));
|
||||
LDAP_SLAPD_F (void) controls_destroy LDAP_P ((void));
|
||||
LDAP_SLAPD_F (int) controls_root_dse_info LDAP_P ((Entry *e));
|
||||
LDAP_SLAPD_F (int) get_supported_controls LDAP_P (( char ***ctrloidsp, slap_mask_t **ctrlmasks ));
|
||||
LDAP_SLAPD_F (int) slap_find_control_id LDAP_P (( const char *oid, int *cid ));
|
||||
LDAP_SLAPD_F (int) get_supported_controls LDAP_P ((
|
||||
char ***ctrloidsp, slap_mask_t **ctrlmasks ));
|
||||
LDAP_SLAPD_F (int) slap_find_control_id LDAP_P ((
|
||||
const char *oid, int *cid ));
|
||||
LDAP_SLAPD_F (int) slap_global_control LDAP_P ((
|
||||
Operation *op, const char *oid ));
|
||||
|
||||
/*
|
||||
* config.c
|
||||
|
|
@ -434,9 +438,7 @@ LDAP_SLAPD_F (int) slap_find_control_id LDAP_P (( const char *oid, int *cid ));
|
|||
LDAP_SLAPD_F (int) read_config LDAP_P(( const char *fname, int depth ));
|
||||
LDAP_SLAPD_F (void) config_destroy LDAP_P ((void));
|
||||
LDAP_SLAPD_F (char **) slap_str2clist LDAP_P((
|
||||
char ***,
|
||||
char *,
|
||||
const char * ));
|
||||
char ***, char *, const char * ));
|
||||
#ifdef LDAP_SLAPI
|
||||
LDAP_SLAPD_V (int) slapi_plugins_used;
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -58,7 +58,7 @@
|
|||
|
||||
LDAP_BEGIN_DECL
|
||||
|
||||
#define SLAP_CONTROL_AVAILABILITY_KLUDGE
|
||||
/* #define SLAP_CONTROL_AVAILABILITY_KLUDGE */
|
||||
|
||||
#ifdef LDAP_DEVEL
|
||||
#define SLAP_ACL_HONOR_DISCLOSE /* partially implemented */
|
||||
|
|
@ -2565,8 +2565,8 @@ typedef struct slap_counters_t {
|
|||
#define SLAP_CTRL_HIDE 0x80000000U
|
||||
#endif
|
||||
|
||||
#define SLAP_CTRL_FRONTEND 0x00800000U
|
||||
#define SLAP_CTRL_FRONTEND_SEARCH 0x00010000U /* for NOOP */
|
||||
#define SLAP_CTRL_GLOBAL 0x00800000U
|
||||
#define SLAP_CTRL_GLOBAL_SEARCH 0x00010000U /* for NOOP */
|
||||
|
||||
#define SLAP_CTRL_OPFLAGS 0x0000FFFFU
|
||||
#define SLAP_CTRL_ABANDON 0x00000001U
|
||||
|
|
|
|||
|
|
@ -1397,7 +1397,7 @@ slapiControlOp2SlapControlMask(unsigned long slapi_mask,
|
|||
if ( slapi_mask & SLAPI_OPERATION_ABANDON )
|
||||
*slap_mask |= SLAP_CTRL_ABANDON;
|
||||
|
||||
*slap_mask |= SLAP_CTRL_FRONTEND;
|
||||
*slap_mask |= SLAP_CTRL_GLOBAL;
|
||||
}
|
||||
|
||||
static int
|
||||
|
|
|
|||
Loading…
Reference in a new issue