int dnssrv_back_search( Operation *op, SlapReply *rs ) { int i; int rc; char *domain = NULL; char *hostlist = NULL; char **hosts = NULL; char *refdn; struct berval nrefdn = BER_BVNULL; BerVarray urls = NULL; int manageDSAit; rs->sr_ref = NULL; if ( BER_BVISEMPTY( &op->o_req_ndn ) ) { /* FIXME: need some means to determine whether the database * is a glue instance; if we got here with empty DN, then * we passed this same test in dnssrv_back_referrals() */ if ( !SLAP_GLUE_INSTANCE( op->o_bd ) ) { rs->sr_err = LDAP_UNWILLING_TO_PERFORM; rs->sr_text = "DNS SRV operation upon null (empty) DN disallowed"; } else { rs->sr_err = LDAP_SUCCESS; } goto done; } manageDSAit = get_manageDSAit( op ); /* * FIXME: we may return a referral if manageDSAit is not set */ if ( !manageDSAit ) { send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, "manageDSAit must be set" ); goto done; } if( ldap_dn2domain( op->o_req_dn.bv_val, &domain ) || domain == NULL ) { rs->sr_err = LDAP_REFERRAL; rs->sr_ref = default_referral; send_ldap_result( op, rs ); rs->sr_ref = NULL; goto done; } Debug( LDAP_DEBUG_TRACE, "DNSSRV: dn=\"%s\" -> domain=\"%s\"\n", op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "", domain, 0 ); if( ( rc = ldap_domain2hostlist( domain, &hostlist ) ) ) { Debug( LDAP_DEBUG_TRACE, "DNSSRV: domain2hostlist returned %d\n", rc, 0, 0 ); send_ldap_error( op, rs, LDAP_NO_SUCH_OBJECT, "no DNS SRV RR available for DN" ); goto done; } hosts = ldap_str2charray( hostlist, " " ); if( hosts == NULL ) { Debug( LDAP_DEBUG_TRACE, "DNSSRV: str2charrary error\n", 0, 0, 0 ); send_ldap_error( op, rs, LDAP_OTHER, "problem processing DNS SRV records for DN" ); goto done; } for( i=0; hosts[i] != NULL; i++) { struct berval url; url.bv_len = STRLENOF( "ldap://" ) + strlen(hosts[i]); url.bv_val = ch_malloc( url.bv_len + 1 ); strcpy( url.bv_val, "ldap://" ); strcpy( &url.bv_val[STRLENOF( "ldap://" )], hosts[i] ); if( ber_bvarray_add( &urls, &url ) < 0 ) { free( url.bv_val ); send_ldap_error( op, rs, LDAP_OTHER, "problem processing DNS SRV records for DN" ); goto done; } } Statslog( LDAP_DEBUG_STATS, "%s DNSSRV p=%d dn=\"%s\" url=\"%s\"\n", op->o_log_prefix, op->o_protocol, op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "", urls[0].bv_val, 0 ); Debug( LDAP_DEBUG_TRACE, "DNSSRV: ManageDSAit scope=%d dn=\"%s\" -> url=\"%s\"\n", op->oq_search.rs_scope, op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "", urls[0].bv_val ); rc = ldap_domain2dn(domain, &refdn); if( rc != LDAP_SUCCESS ) { send_ldap_error( op, rs, LDAP_OTHER, "DNS SRV problem processing manageDSAit control" ); goto done; } else { struct berval bv; bv.bv_val = refdn; bv.bv_len = strlen( refdn ); rc = dnNormalize( 0, NULL, NULL, &bv, &nrefdn, op->o_tmpmemctx ); if( rc != LDAP_SUCCESS ) { send_ldap_error( op, rs, LDAP_OTHER, "DNS SRV problem processing manageDSAit control" ); goto done; } } if( !dn_match( &nrefdn, &op->o_req_ndn ) ) { /* requested dn is subordinate */ Debug( LDAP_DEBUG_TRACE, "DNSSRV: dn=\"%s\" subordinate to refdn=\"%s\"\n", op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "", refdn == NULL ? "" : refdn, NULL ); rs->sr_matched = refdn; rs->sr_err = LDAP_NO_SUCH_OBJECT; send_ldap_result( op, rs ); rs->sr_matched = NULL; } else if ( op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL ) { send_ldap_error( op, rs, LDAP_SUCCESS, NULL ); } else { Entry e = { 0 }; AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass; AttributeDescription *ad_ref = slap_schema.si_ad_ref; e.e_name.bv_val = ch_strdup( op->o_req_dn.bv_val ); e.e_name.bv_len = op->o_req_dn.bv_len; e.e_nname.bv_val = ch_strdup( op->o_req_ndn.bv_val ); e.e_nname.bv_len = op->o_req_ndn.bv_len; e.e_attrs = NULL; e.e_private = NULL; attr_merge_one( &e, ad_objectClass, &slap_schema.si_oc_referral->soc_cname, NULL ); attr_merge_one( &e, ad_objectClass, &slap_schema.si_oc_extensibleObject->soc_cname, NULL ); if ( ad_dc ) { char *p; struct berval bv; bv.bv_val = domain; p = strchr( bv.bv_val, '.' ); if ( p == bv.bv_val ) { bv.bv_len = 1; } else if ( p != NULL ) { bv.bv_len = p - bv.bv_val; } else { bv.bv_len = strlen( bv.bv_val ); } attr_merge_normalize_one( &e, ad_dc, &bv, NULL ); } if ( ad_associatedDomain ) { struct berval bv; ber_str2bv( domain, 0, 0, &bv ); attr_merge_normalize_one( &e, ad_associatedDomain, &bv, NULL ); } attr_merge_normalize_one( &e, ad_ref, urls, NULL ); rc = test_filter( op, &e, op->oq_search.rs_filter ); if( rc == LDAP_COMPARE_TRUE ) { rs->sr_entry = &e; rs->sr_attrs = op->oq_search.rs_attrs; rs->sr_flags = REP_ENTRY_MODIFIABLE; send_search_entry( op, rs ); rs->sr_entry = NULL; rs->sr_attrs = NULL; } entry_clean( &e ); rs->sr_err = LDAP_SUCCESS; send_ldap_result( op, rs ); } if ( refdn ) free( refdn ); if ( nrefdn.bv_val ) free( nrefdn.bv_val ); done: if( domain != NULL ) ch_free( domain ); if( hostlist != NULL ) ch_free( hostlist ); if( hosts != NULL ) ldap_charray_free( hosts ); if( urls != NULL ) ber_bvarray_free( urls ); return 0; }
int limits_parse( Backend *be, const char *fname, int lineno, int argc, char **argv ) { int flags = SLAP_LIMITS_UNDEFINED; char *pattern; struct slap_limits_set limit; int i, rc = 0; ObjectClass *group_oc = NULL; AttributeDescription *group_ad = NULL; assert( be != NULL ); if ( argc < 3 ) { Debug( LDAP_DEBUG_ANY, "%s : line %d: missing arg(s) in " "\"limits <pattern> <limits>\" line.\n%s", fname, lineno, "" ); return( -1 ); } limit = be->be_def_limit; /* * syntax: * * "limits" <pattern> <limit> [ ... ] * * * <pattern>: * * "anonymous" * "users" * [ "dn" [ "." { "this" | "self" } ] [ "." { "exact" | "base" | * "onelevel" | "subtree" | "children" | "regex" | "anonymous" } ] * "=" ] <dn pattern> * * Note: * "this" is the baseobject, "self" (the default) is the bound DN * "exact" and "base" are the same (exact match); * "onelevel" means exactly one rdn below, NOT including pattern * "subtree" means any rdn below, including pattern * "children" means any rdn below, NOT including pattern * * "anonymous" may be deprecated in favour * of the pattern = "anonymous" form * * "group[/objectClass[/attributeType]]" "=" "<dn pattern>" * * <limit>: * * "time" [ "." { "soft" | "hard" } ] "=" <integer> * * "size" [ "." { "soft" | "hard" | "unchecked" } ] "=" <integer> */ pattern = argv[1]; if ( strcmp( pattern, "*" ) == 0) { flags = SLAP_LIMITS_ANY; } else if ( strcasecmp( pattern, "anonymous" ) == 0 ) { flags = SLAP_LIMITS_ANONYMOUS; } else if ( strcasecmp( pattern, "users" ) == 0 ) { flags = SLAP_LIMITS_USERS; } else if ( STRSTART( pattern, "dn" ) ) { pattern += STRLENOF( "dn" ); flags = SLAP_LIMITS_TYPE_SELF; if ( pattern[0] == '.' ) { pattern++; if ( STRSTART( pattern, "this" ) ) { flags = SLAP_LIMITS_TYPE_THIS; pattern += STRLENOF( "this" ); } else if ( STRSTART( pattern, "self" ) ) { pattern += STRLENOF( "self" ); } else { goto got_dn_dot; } } if ( pattern[0] == '.' ) { pattern++; got_dn_dot: if ( STRSTART( pattern, "exact" ) ) { flags |= SLAP_LIMITS_EXACT; pattern += STRLENOF( "exact" ); } else if ( STRSTART( pattern, "base" ) ) { flags |= SLAP_LIMITS_BASE; pattern += STRLENOF( "base" ); } else if ( STRSTART( pattern, "one" ) ) { flags |= SLAP_LIMITS_ONE; pattern += STRLENOF( "one" ); if ( STRSTART( pattern, "level" ) ) { pattern += STRLENOF( "level" ); } else { Debug( LDAP_DEBUG_ANY, "%s : line %d: deprecated \"one\" style " "\"limits <pattern> <limits>\" line; " "use \"onelevel\" instead.\n", fname, lineno, 0 ); } } else if ( STRSTART( pattern, "sub" ) ) { flags |= SLAP_LIMITS_SUBTREE; pattern += STRLENOF( "sub" ); if ( STRSTART( pattern, "tree" ) ) { pattern += STRLENOF( "tree" ); } else { Debug( LDAP_DEBUG_ANY, "%s : line %d: deprecated \"sub\" style " "\"limits <pattern> <limits>\" line; " "use \"subtree\" instead.\n", fname, lineno, 0 ); } } else if ( STRSTART( pattern, "children" ) ) { flags |= SLAP_LIMITS_CHILDREN; pattern += STRLENOF( "children" ); } else if ( STRSTART( pattern, "regex" ) ) { flags |= SLAP_LIMITS_REGEX; pattern += STRLENOF( "regex" ); /* * this could be deprecated in favour * of the pattern = "anonymous" form */ } else if ( STRSTART( pattern, "anonymous" ) && flags == SLAP_LIMITS_TYPE_SELF ) { flags = SLAP_LIMITS_ANONYMOUS; pattern = NULL; } else { /* force error below */ if ( *pattern == '=' ) --pattern; } } /* pre-check the data */ if ( pattern != NULL ) { if ( pattern[0] != '=' ) { Debug( LDAP_DEBUG_ANY, "%s : line %d: %s in " "\"dn[.{this|self}][.{exact|base" "|onelevel|subtree|children|regex" "|anonymous}]=<pattern>\" in " "\"limits <pattern> <limits>\" line.\n", fname, lineno, isalnum( (unsigned char)pattern[0] ) ? "unknown DN modifier" : "missing '='" ); return( -1 ); } /* skip '=' (required) */ pattern++; /* trim obvious cases */ if ( strcmp( pattern, "*" ) == 0 ) { flags = SLAP_LIMITS_ANY; pattern = NULL; } else if ( (flags & SLAP_LIMITS_MASK) == SLAP_LIMITS_REGEX && strcmp( pattern, ".*" ) == 0 ) { flags = SLAP_LIMITS_ANY; pattern = NULL; } } } else if (STRSTART( pattern, "group" ) ) { pattern += STRLENOF( "group" ); if ( pattern[0] == '/' ) { struct berval oc, ad; oc.bv_val = pattern + 1; pattern = strchr( pattern, '=' ); if ( pattern == NULL ) { return -1; } ad.bv_val = strchr( oc.bv_val, '/' ); if ( ad.bv_val != NULL ) { const char *text = NULL; oc.bv_len = ad.bv_val - oc.bv_val; ad.bv_val++; ad.bv_len = pattern - ad.bv_val; rc = slap_bv2ad( &ad, &group_ad, &text ); if ( rc != LDAP_SUCCESS ) { goto no_ad; } } else { oc.bv_len = pattern - oc.bv_val; } group_oc = oc_bvfind( &oc ); if ( group_oc == NULL ) { goto no_oc; } } if ( group_oc == NULL ) { group_oc = oc_find( SLAPD_GROUP_CLASS ); if ( group_oc == NULL ) { no_oc:; return( -1 ); } } if ( group_ad == NULL ) { const char *text = NULL; rc = slap_str2ad( SLAPD_GROUP_ATTR, &group_ad, &text ); if ( rc != LDAP_SUCCESS ) { no_ad:; return( -1 ); } } flags = SLAP_LIMITS_TYPE_GROUP | SLAP_LIMITS_EXACT; if ( pattern[0] != '=' ) { Debug( LDAP_DEBUG_ANY, "%s : line %d: missing '=' in " "\"group[/objectClass[/attributeType]]" "=<pattern>\" in " "\"limits <pattern> <limits>\" line.\n", fname, lineno, 0 ); return( -1 ); } /* skip '=' (required) */ pattern++; } /* get the limits */ for ( i = 2; i < argc; i++ ) { if ( limits_parse_one( argv[i], &limit ) ) { Debug( LDAP_DEBUG_ANY, "%s : line %d: unknown limit values \"%s\" in " "\"limits <pattern> <limits>\" line.\n", fname, lineno, argv[i] ); return( 1 ); } } /* * sanity checks ... * * FIXME: add warnings? */ if ( limit.lms_t_hard > 0 && ( limit.lms_t_hard < limit.lms_t_soft || limit.lms_t_soft == -1 ) ) { limit.lms_t_hard = limit.lms_t_soft; } if ( limit.lms_s_hard > 0 && ( limit.lms_s_hard < limit.lms_s_soft || limit.lms_s_soft == -1 ) ) { limit.lms_s_hard = limit.lms_s_soft; } /* * defaults ... * * lms_t_hard: * -1 => no limits * 0 => same as soft * > 0 => limit (in seconds) * * lms_s_hard: * -1 => no limits * 0 0> same as soft * > 0 => limit (in entries) * * lms_s_pr_total: * -2 => disable the control * -1 => no limits * 0 => same as soft * > 0 => limit (in entries) * * lms_s_pr: * -1 => no limits * 0 => no limits? * > 0 => limit size (in entries) */ if ( limit.lms_s_pr_total > 0 && limit.lms_s_pr > limit.lms_s_pr_total ) { limit.lms_s_pr = limit.lms_s_pr_total; } rc = limits_add( be, flags, pattern, group_oc, group_ad, &limit ); if ( rc ) { Debug( LDAP_DEBUG_ANY, "%s : line %d: unable to add limit in " "\"limits <pattern> <limits>\" line.\n", fname, lineno, 0 ); } return( rc ); }
/* * call from within bdb_db_open() */ int bdb_monitor_db_open( BackendDB *be ) { struct bdb_info *bdb = (struct bdb_info *) be->be_private; Attribute *a, *next; monitor_callback_t *cb = NULL; int rc = 0; BackendInfo *mi; monitor_extra_t *mbe; struct berval dummy = BER_BVC(""); if ( !SLAP_DBMONITORING( be ) ) { return 0; } if ( SLAP_GLUE_SUBORDINATE( be ) ) { return 0; } mi = backend_info( "monitor" ); if ( !mi || !mi->bi_extra ) { SLAP_DBFLAGS( be ) ^= SLAP_DBFLAG_MONITORING; return 0; } mbe = mi->bi_extra; /* don't bother if monitor is not configured */ if ( !mbe->is_configured() ) { static int warning = 0; if ( warning++ == 0 ) { Debug( LDAP_DEBUG_ANY, LDAP_XSTRING(bdb_monitor_db_open) ": monitoring disabled; " "configure monitor database to enable\n", 0, 0, 0 ); } return 0; } /* alloc as many as required (plus 1 for objectClass) */ a = attrs_alloc( 1 + 4 ); if ( a == NULL ) { rc = 1; goto cleanup; } a->a_desc = slap_schema.si_ad_objectClass; attr_valadd( a, &oc_olmBDBDatabase->soc_cname, NULL, 1 ); next = a->a_next; { struct berval bv = BER_BVC( "0" ); next->a_desc = ad_olmBDBEntryCache; attr_valadd( next, &bv, NULL, 1 ); next = next->a_next; next->a_desc = ad_olmBDBDNCache; attr_valadd( next, &bv, NULL, 1 ); next = next->a_next; next->a_desc = ad_olmBDBIDLCache; attr_valadd( next, &bv, NULL, 1 ); next = next->a_next; } { struct berval bv, nbv; ber_len_t pathlen = 0, len = 0; char path[ MAXPATHLEN ] = { '\0' }; char *fname = bdb->bi_dbenv_home, *ptr; len = strlen( fname ); if ( fname[ 0 ] != '/' ) { /* get full path name */ getcwd( path, sizeof( path ) ); pathlen = strlen( path ); if ( fname[ 0 ] == '.' && fname[ 1 ] == '/' ) { fname += 2; len -= 2; } } bv.bv_len = pathlen + STRLENOF( "/" ) + len; ptr = bv.bv_val = ch_malloc( bv.bv_len + STRLENOF( "/" ) + 1 ); if ( pathlen ) { ptr = lutil_strncopy( ptr, path, pathlen ); ptr[ 0 ] = '/'; ptr++; } ptr = lutil_strncopy( ptr, fname, len ); if ( ptr[ -1 ] != '/' ) { ptr[ 0 ] = '/'; ptr++; } ptr[ 0 ] = '\0'; attr_normalize_one( ad_olmDbDirectory, &bv, &nbv, NULL ); next->a_desc = ad_olmDbDirectory; next->a_vals = ch_calloc( sizeof( struct berval ), 2 ); next->a_vals[ 0 ] = bv; next->a_numvals = 1; if ( BER_BVISNULL( &nbv ) ) { next->a_nvals = next->a_vals; } else { next->a_nvals = ch_calloc( sizeof( struct berval ), 2 ); next->a_nvals[ 0 ] = nbv; } next = next->a_next; } cb = ch_calloc( sizeof( monitor_callback_t ), 1 ); cb->mc_update = bdb_monitor_update; #if 0 /* uncomment if required */ cb->mc_modify = bdb_monitor_modify; #endif cb->mc_free = bdb_monitor_free; cb->mc_private = (void *)bdb; /* make sure the database is registered; then add monitor attributes */ rc = mbe->register_database( be, &bdb->bi_monitor.bdm_ndn ); if ( rc == 0 ) { rc = mbe->register_entry_attrs( &bdb->bi_monitor.bdm_ndn, a, cb, &dummy, 0, &dummy ); } cleanup:; if ( rc != 0 ) { if ( cb != NULL ) { ch_free( cb ); cb = NULL; } if ( a != NULL ) { attrs_free( a ); a = NULL; } } /* store for cleanup */ bdb->bi_monitor.bdm_cb = (void *)cb; /* we don't need to keep track of the attributes, because * bdb_monitor_free() takes care of everything */ if ( a != NULL ) { attrs_free( a ); } return rc; }
static int dl_cfgen( ConfigArgs *c ) { slap_overinst *on = (slap_overinst *)c->bi; dynlist_info_t *dli = (dynlist_info_t *)on->on_bi.bi_private; int rc = 0, i; if ( c->op == SLAP_CONFIG_EMIT ) { switch( c->type ) { case DL_ATTRSET: for ( i = 0; dli; i++, dli = dli->dli_next ) { struct berval bv; char *ptr = c->cr_msg; dynlist_map_t *dlm; assert( dli->dli_oc != NULL ); assert( dli->dli_ad != NULL ); /* FIXME: check buffer overflow! */ ptr += snprintf( c->cr_msg, sizeof( c->cr_msg ), SLAP_X_ORDERED_FMT "%s", i, dli->dli_oc->soc_cname.bv_val ); if ( !BER_BVISNULL( &dli->dli_uri ) ) { *ptr++ = ' '; *ptr++ = '"'; ptr = lutil_strncopy( ptr, dli->dli_uri.bv_val, dli->dli_uri.bv_len ); *ptr++ = '"'; } *ptr++ = ' '; ptr = lutil_strncopy( ptr, dli->dli_ad->ad_cname.bv_val, dli->dli_ad->ad_cname.bv_len ); for ( dlm = dli->dli_dlm; dlm; dlm = dlm->dlm_next ) { ptr[ 0 ] = ' '; ptr++; if ( dlm->dlm_mapped_ad ) { ptr = lutil_strcopy( ptr, dlm->dlm_mapped_ad->ad_cname.bv_val ); ptr[ 0 ] = ':'; ptr++; } ptr = lutil_strcopy( ptr, dlm->dlm_member_ad->ad_cname.bv_val ); } bv.bv_val = c->cr_msg; bv.bv_len = ptr - bv.bv_val; value_add_one( &c->rvalue_vals, &bv ); } break; case DL_ATTRPAIR_COMPAT: case DL_ATTRPAIR: rc = 1; break; default: rc = 1; break; } return rc; } else if ( c->op == LDAP_MOD_DELETE ) { switch( c->type ) { case DL_ATTRSET: if ( c->valx < 0 ) { dynlist_info_t *dli_next; for ( dli_next = dli; dli_next; dli = dli_next ) { dynlist_map_t *dlm = dli->dli_dlm; dynlist_map_t *dlm_next; dli_next = dli->dli_next; if ( !BER_BVISNULL( &dli->dli_uri ) ) { ch_free( dli->dli_uri.bv_val ); } if ( dli->dli_lud != NULL ) { ldap_free_urldesc( dli->dli_lud ); } if ( !BER_BVISNULL( &dli->dli_uri_nbase ) ) { ber_memfree( dli->dli_uri_nbase.bv_val ); } if ( dli->dli_uri_filter != NULL ) { filter_free( dli->dli_uri_filter ); } ch_free( dli->dli_default_filter.bv_val ); while ( dlm != NULL ) { dlm_next = dlm->dlm_next; ch_free( dlm ); dlm = dlm_next; } ch_free( dli ); } on->on_bi.bi_private = NULL; } else { dynlist_info_t **dlip; dynlist_map_t *dlm; dynlist_map_t *dlm_next; for ( i = 0, dlip = (dynlist_info_t **)&on->on_bi.bi_private; i < c->valx; i++ ) { if ( *dlip == NULL ) { return 1; } dlip = &(*dlip)->dli_next; } dli = *dlip; *dlip = dli->dli_next; if ( !BER_BVISNULL( &dli->dli_uri ) ) { ch_free( dli->dli_uri.bv_val ); } if ( dli->dli_lud != NULL ) { ldap_free_urldesc( dli->dli_lud ); } if ( !BER_BVISNULL( &dli->dli_uri_nbase ) ) { ber_memfree( dli->dli_uri_nbase.bv_val ); } if ( dli->dli_uri_filter != NULL ) { filter_free( dli->dli_uri_filter ); } ch_free( dli->dli_default_filter.bv_val ); dlm = dli->dli_dlm; while ( dlm != NULL ) { dlm_next = dlm->dlm_next; ch_free( dlm ); dlm = dlm_next; } ch_free( dli ); dli = (dynlist_info_t *)on->on_bi.bi_private; } break; case DL_ATTRPAIR_COMPAT: case DL_ATTRPAIR: rc = 1; break; default: rc = 1; break; } return rc; } switch( c->type ) { case DL_ATTRSET: { dynlist_info_t **dlip, *dli_next = NULL; ObjectClass *oc = NULL; AttributeDescription *ad = NULL; int attridx = 2; LDAPURLDesc *lud = NULL; struct berval nbase = BER_BVNULL; Filter *filter = NULL; struct berval uri = BER_BVNULL; dynlist_map_t *dlm = NULL, *dlml = NULL; const char *text; oc = oc_find( c->argv[ 1 ] ); if ( oc == NULL ) { snprintf( c->cr_msg, sizeof( c->cr_msg ), DYNLIST_USAGE "unable to find ObjectClass \"%s\"", c->argv[ 1 ] ); Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 ); return 1; } if ( strncasecmp( c->argv[ attridx ], "ldap://", STRLENOF("ldap://") ) == 0 ) { if ( ldap_url_parse( c->argv[ attridx ], &lud ) != LDAP_URL_SUCCESS ) { snprintf( c->cr_msg, sizeof( c->cr_msg ), DYNLIST_USAGE "unable to parse URI \"%s\"", c->argv[ attridx ] ); rc = 1; goto done_uri; } if ( lud->lud_host != NULL ) { if ( lud->lud_host[0] == '\0' ) { ch_free( lud->lud_host ); lud->lud_host = NULL; } else { snprintf( c->cr_msg, sizeof( c->cr_msg ), DYNLIST_USAGE "host not allowed in URI \"%s\"", c->argv[ attridx ] ); rc = 1; goto done_uri; } } if ( lud->lud_attrs != NULL ) { snprintf( c->cr_msg, sizeof( c->cr_msg ), DYNLIST_USAGE "attrs not allowed in URI \"%s\"", c->argv[ attridx ] ); rc = 1; goto done_uri; } if ( lud->lud_exts != NULL ) { snprintf( c->cr_msg, sizeof( c->cr_msg ), DYNLIST_USAGE "extensions not allowed in URI \"%s\"", c->argv[ attridx ] ); rc = 1; goto done_uri; } if ( lud->lud_dn != NULL && lud->lud_dn[ 0 ] != '\0' ) { struct berval dn; ber_str2bv( lud->lud_dn, 0, 0, &dn ); rc = dnNormalize( 0, NULL, NULL, &dn, &nbase, NULL ); if ( rc != LDAP_SUCCESS ) { snprintf( c->cr_msg, sizeof( c->cr_msg ), DYNLIST_USAGE "DN normalization failed in URI \"%s\"", c->argv[ attridx ] ); goto done_uri; } } if ( lud->lud_filter != NULL && lud->lud_filter[ 0 ] != '\0' ) { filter = str2filter( lud->lud_filter ); if ( filter == NULL ) { snprintf( c->cr_msg, sizeof( c->cr_msg ), DYNLIST_USAGE "filter parsing failed in URI \"%s\"", c->argv[ attridx ] ); rc = 1; goto done_uri; } } ber_str2bv( c->argv[ attridx ], 0, 1, &uri ); done_uri:; if ( rc ) { if ( lud ) { ldap_free_urldesc( lud ); } if ( !BER_BVISNULL( &nbase ) ) { ber_memfree( nbase.bv_val ); } if ( filter != NULL ) { filter_free( filter ); } while ( dlm != NULL ) { dlml = dlm; dlm = dlm->dlm_next; ch_free( dlml ); } Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 ); return rc; } attridx++; } rc = slap_str2ad( c->argv[ attridx ], &ad, &text ); if ( rc != LDAP_SUCCESS ) { snprintf( c->cr_msg, sizeof( c->cr_msg ), DYNLIST_USAGE "unable to find AttributeDescription \"%s\"", c->argv[ attridx ] ); Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 ); rc = 1; goto done_uri; } if ( !is_at_subtype( ad->ad_type, slap_schema.si_ad_labeledURI->ad_type ) ) { snprintf( c->cr_msg, sizeof( c->cr_msg ), DYNLIST_USAGE "AttributeDescription \"%s\" " "must be a subtype of \"labeledURI\"", c->argv[ attridx ] ); Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 ); rc = 1; goto done_uri; } attridx++; for ( i = attridx; i < c->argc; i++ ) { char *arg; char *cp; AttributeDescription *member_ad = NULL; AttributeDescription *mapped_ad = NULL; dynlist_map_t *dlmp; /* * If no mapped attribute is given, dn is used * for backward compatibility. */ arg = c->argv[i]; if ( ( cp = strchr( arg, ':' ) ) != NULL ) { struct berval bv; ber_str2bv( arg, cp - arg, 0, &bv ); rc = slap_bv2ad( &bv, &mapped_ad, &text ); if ( rc != LDAP_SUCCESS ) { snprintf( c->cr_msg, sizeof( c->cr_msg ), DYNLIST_USAGE "unable to find mapped AttributeDescription #%d \"%s\"\n", i - 3, c->argv[ i ] ); Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 ); rc = 1; goto done_uri; } arg = cp + 1; } rc = slap_str2ad( arg, &member_ad, &text ); if ( rc != LDAP_SUCCESS ) { snprintf( c->cr_msg, sizeof( c->cr_msg ), DYNLIST_USAGE "unable to find AttributeDescription #%d \"%s\"\n", i - 3, c->argv[ i ] ); Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 ); rc = 1; goto done_uri; } dlmp = (dynlist_map_t *)ch_calloc( 1, sizeof( dynlist_map_t ) ); if ( dlm == NULL ) { dlm = dlmp; } dlmp->dlm_member_ad = member_ad; dlmp->dlm_mapped_ad = mapped_ad; dlmp->dlm_next = NULL; if ( dlml != NULL ) dlml->dlm_next = dlmp; dlml = dlmp; } if ( c->valx > 0 ) { int i; for ( i = 0, dlip = (dynlist_info_t **)&on->on_bi.bi_private; i < c->valx; i++ ) { if ( *dlip == NULL ) { snprintf( c->cr_msg, sizeof( c->cr_msg ), DYNLIST_USAGE "invalid index {%d}\n", c->valx ); Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 ); rc = 1; goto done_uri; } dlip = &(*dlip)->dli_next; } dli_next = *dlip; } else { for ( dlip = (dynlist_info_t **)&on->on_bi.bi_private; *dlip; dlip = &(*dlip)->dli_next ) /* goto last */; } *dlip = (dynlist_info_t *)ch_calloc( 1, sizeof( dynlist_info_t ) ); (*dlip)->dli_oc = oc; (*dlip)->dli_ad = ad; (*dlip)->dli_dlm = dlm; (*dlip)->dli_next = dli_next; (*dlip)->dli_lud = lud; (*dlip)->dli_uri_nbase = nbase; (*dlip)->dli_uri_filter = filter; (*dlip)->dli_uri = uri; rc = dynlist_build_def_filter( *dlip ); } break; case DL_ATTRPAIR_COMPAT: snprintf( c->cr_msg, sizeof( c->cr_msg ), "warning: \"attrpair\" only supported for limited " "backward compatibility with overlay \"dyngroup\"" ); Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 ); /* fallthru */ case DL_ATTRPAIR: { dynlist_info_t **dlip; ObjectClass *oc = NULL; AttributeDescription *ad = NULL, *member_ad = NULL; const char *text; oc = oc_find( "groupOfURLs" ); if ( oc == NULL ) { snprintf( c->cr_msg, sizeof( c->cr_msg ), "\"dynlist-attrpair <member-ad> <URL-ad>\": " "unable to find default ObjectClass \"groupOfURLs\"" ); Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 ); return 1; } rc = slap_str2ad( c->argv[ 1 ], &member_ad, &text ); if ( rc != LDAP_SUCCESS ) { snprintf( c->cr_msg, sizeof( c->cr_msg ), "\"dynlist-attrpair <member-ad> <URL-ad>\": " "unable to find AttributeDescription \"%s\"", c->argv[ 1 ] ); Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 ); return 1; } rc = slap_str2ad( c->argv[ 2 ], &ad, &text ); if ( rc != LDAP_SUCCESS ) { snprintf( c->cr_msg, sizeof( c->cr_msg ), "\"dynlist-attrpair <member-ad> <URL-ad>\": " "unable to find AttributeDescription \"%s\"\n", c->argv[ 2 ] ); Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 ); return 1; } if ( !is_at_subtype( ad->ad_type, slap_schema.si_ad_labeledURI->ad_type ) ) { snprintf( c->cr_msg, sizeof( c->cr_msg ), DYNLIST_USAGE "AttributeDescription \"%s\" " "must be a subtype of \"labeledURI\"", c->argv[ 2 ] ); Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 ); return 1; } for ( dlip = (dynlist_info_t **)&on->on_bi.bi_private; *dlip; dlip = &(*dlip)->dli_next ) { /* * The same URL attribute / member attribute pair * cannot be repeated, but we enforce this only * when the member attribute is unique. Performing * the check for multiple values would require * sorting and comparing the lists, which is left * as a future improvement */ if ( (*dlip)->dli_ad == ad && (*dlip)->dli_dlm->dlm_next == NULL && member_ad == (*dlip)->dli_dlm->dlm_member_ad ) { snprintf( c->cr_msg, sizeof( c->cr_msg ), "\"dynlist-attrpair <member-ad> <URL-ad>\": " "URL attributeDescription \"%s\" already mapped.\n", ad->ad_cname.bv_val ); Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 ); #if 0 /* make it a warning... */ return 1; #endif } } *dlip = (dynlist_info_t *)ch_calloc( 1, sizeof( dynlist_info_t ) ); (*dlip)->dli_oc = oc; (*dlip)->dli_ad = ad; (*dlip)->dli_dlm = (dynlist_map_t *)ch_calloc( 1, sizeof( dynlist_map_t ) ); (*dlip)->dli_dlm->dlm_member_ad = member_ad; (*dlip)->dli_dlm->dlm_mapped_ad = NULL; rc = dynlist_build_def_filter( *dlip ); } break; default: rc = 1; break; } return rc; }
static int get_search_filters( char *filename, char *filters[], char *attrs[], char *bases[], LDAPURLDesc *luds[] ) { FILE *fp; int filter = 0; if ( (fp = fopen( filename, "r" )) != NULL ) { char line[BUFSIZ]; while (( filter < MAXREQS ) && ( fgets( line, BUFSIZ, fp ))) { char *nl; int got_URL = 0; if (( nl = strchr( line, '\r' )) || ( nl = strchr( line, '\n' ))) *nl = '\0'; if ( luds ) luds[filter] = NULL; if ( luds && strncmp( line, "ldap:///", STRLENOF( "ldap:///" ) ) == 0 ) { LDAPURLDesc *lud; got_URL = 1; bases[filter] = NULL; if ( ldap_url_parse( line, &lud ) != LDAP_URL_SUCCESS ) { filter = -filter - 1; break; } if ( lud->lud_dn == NULL || lud->lud_exts != NULL ) { filter = -filter - 1; ldap_free_urldesc( lud ); break; } luds[filter] = lud; } else { bases[filter] = ArgDup( line ); } if ( fgets( line, BUFSIZ, fp ) == NULL ) *line = '\0'; if (( nl = strchr( line, '\r' )) || ( nl = strchr( line, '\n' ))) *nl = '\0'; filters[filter] = ArgDup( line ); if ( attrs ) { if ( filters[filter][0] == '+') { char *sep = strchr( filters[filter], ':' ); attrs[ filter ] = &filters[ filter ][ 1 ]; if ( sep != NULL ) { sep[ 0 ] = '\0'; /* NOTE: don't free this! */ filters[ filter ] = &sep[ 1 ]; } } else { attrs[ filter ] = NULL; } } filter++; } fclose( fp ); } return filter; }
static int vernum_repair( BackendDB *be ) { slap_overinst *on = (slap_overinst *)be->bd_info; vernum_t *vn = (vernum_t *)on->on_bi.bi_private; void *ctx = ldap_pvt_thread_pool_context(); Connection conn = { 0 }; OperationBuffer opbuf; Operation *op; BackendDB db; slap_callback sc = { 0 }; vernum_repair_cb_t rcb = { 0 }; SlapReply rs = { REP_RESULT }; vernum_mod_t *rmod; int nrepaired = 0; connection_fake_init2( &conn, &opbuf, ctx, 0 ); op = &opbuf.ob_op; op->o_tag = LDAP_REQ_SEARCH; memset( &op->oq_search, 0, sizeof( op->oq_search ) ); assert( !BER_BVISNULL( &be->be_nsuffix[ 0 ] ) ); op->o_bd = select_backend( &be->be_nsuffix[ 0 ], 0 ); assert( op->o_bd != NULL ); assert( op->o_bd->be_nsuffix != NULL ); op->o_req_dn = op->o_bd->be_suffix[ 0 ]; op->o_req_ndn = op->o_bd->be_nsuffix[ 0 ]; op->o_dn = op->o_bd->be_rootdn; op->o_ndn = op->o_bd->be_rootndn; op->ors_scope = LDAP_SCOPE_SUBTREE; op->ors_tlimit = SLAP_NO_LIMIT; op->ors_slimit = SLAP_NO_LIMIT; op->ors_attrs = slap_anlist_no_attrs; op->ors_filterstr.bv_len = STRLENOF( "(&(=*)(!(=*)))" ) + vn->vn_attr->ad_cname.bv_len + vn->vn_vernum->ad_cname.bv_len; op->ors_filterstr.bv_val = op->o_tmpalloc( op->ors_filterstr.bv_len + 1, op->o_tmpmemctx ); snprintf( op->ors_filterstr.bv_val, op->ors_filterstr.bv_len + 1, "(&(%s=*)(!(%s=*)))", vn->vn_attr->ad_cname.bv_val, vn->vn_vernum->ad_cname.bv_val ); op->ors_filter = str2filter_x( op, op->ors_filterstr.bv_val ); if ( op->ors_filter == NULL ) { rs.sr_err = LDAP_OTHER; goto done_search; } op->o_callback = ≻ sc.sc_response = vernum_repair_cb; sc.sc_private = &rcb; rcb.bd = &db; db = *be; db.bd_info = (BackendInfo *)on; (void)op->o_bd->bd_info->bi_op_search( op, &rs ); op->o_tag = LDAP_REQ_MODIFY; sc.sc_response = slap_null_cb; sc.sc_private = NULL; memset( &op->oq_modify, 0, sizeof( req_modify_s ) ); for ( rmod = rcb.mods; rmod != NULL; ) { vernum_mod_t *rnext; Modifications mod; struct berval vals[2] = { BER_BVNULL }; SlapReply rs2 = { REP_RESULT }; mod.sml_flags = SLAP_MOD_INTERNAL; mod.sml_op = LDAP_MOD_REPLACE; mod.sml_desc = vn->vn_vernum; mod.sml_type = vn->vn_vernum->ad_cname; mod.sml_values = vals; mod.sml_values[0] = val_init; mod.sml_nvalues = NULL; mod.sml_numvals = 1; mod.sml_next = NULL; op->o_req_dn = rmod->ndn; op->o_req_ndn = rmod->ndn; op->orm_modlist = &mod; op->o_bd->be_modify( op, &rs2 ); slap_mods_free( op->orm_modlist->sml_next, 1 ); if ( rs2.sr_err == LDAP_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, "%s: vernum_repair: entry DN=\"%s\" repaired\n", op->o_log_prefix, rmod->ndn.bv_val ); nrepaired++; } else { Debug( LDAP_DEBUG_ANY, "%s: vernum_repair: entry DN=\"%s\" repair failed (%d)\n", op->o_log_prefix, rmod->ndn.bv_val, rs2.sr_err ); } rnext = rmod->next; op->o_tmpfree( rmod, op->o_tmpmemctx ); rmod = rnext; } done_search:; op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx ); filter_free_x( op, op->ors_filter, 1 ); Log( LDAP_DEBUG_STATS, LDAP_LEVEL_INFO, "vernum: repaired=%d\n", nrepaired ); return 0; }
static int readline(MDB_val *out, MDB_val *buf) { unsigned char *c1, *c2, *end; size_t len, l2; int c; if (!(mode & NOHDR)) { c = fgetc(stdin); if (c == EOF) { Eof = 1; return EOF; } if (c != ' ') { lineno++; if (fgets(buf->mv_data, buf->mv_size, stdin) == NULL) { badend: Eof = 1; badend(); return EOF; } if (c == 'D' && !strncmp(buf->mv_data, "ATA=END", STRLENOF("ATA=END"))) return EOF; goto badend; } } if (fgets(buf->mv_data, buf->mv_size, stdin) == NULL) { Eof = 1; return EOF; } lineno++; c1 = buf->mv_data; len = strlen((char *)c1); l2 = len; /* Is buffer too short? */ while (c1[len-1] != '\n') { buf->mv_data = realloc(buf->mv_data, buf->mv_size*2); if (!buf->mv_data) { Eof = 1; fprintf(stderr, "%s: line %" Z "d: out of memory, line too long\n", prog, lineno); return EOF; } c1 = buf->mv_data; c1 += l2; if (fgets((char *)c1, buf->mv_size+1, stdin) == NULL) { Eof = 1; badend(); return EOF; } buf->mv_size *= 2; len = strlen((char *)c1); l2 += len; } c1 = c2 = buf->mv_data; len = l2; c1[--len] = '\0'; end = c1 + len; if (mode & PRINT) { while (c2 < end) { if (*c2 == '\\') { if (c2[1] == '\\') { c1++; c2 += 2; } else { if (c2+3 > end || !isxdigit(c2[1]) || !isxdigit(c2[2])) { Eof = 1; badend(); return EOF; } *c1++ = unhex(++c2); c2 += 2; } } else { c1++; c2++; } } } else { /* odd length not allowed */ if (len & 1) { Eof = 1; badend(); return EOF; } while (c2 < end) { if (!isxdigit(*c2) || !isxdigit(c2[1])) { Eof = 1; badend(); return EOF; } *c1++ = unhex(c2); c2 += 2; } } c2 = out->mv_data = buf->mv_data; out->mv_size = c1 - c2; return 0; }
RETCODE backsql_Prepare( SQLHDBC dbh, SQLHSTMT *sth, const char *query, int timeout ) { RETCODE rc; rc = SQLAllocStmt( dbh, sth ); if ( rc != SQL_SUCCESS ) { return rc; } #ifdef BACKSQL_TRACE Debug( LDAP_DEBUG_TRACE, "==>backsql_Prepare()\n", 0, 0, 0 ); #endif /* BACKSQL_TRACE */ #ifdef BACKSQL_MSSQL_WORKAROUND { char drv_name[ 30 ]; SWORD len; SQLGetInfo( dbh, SQL_DRIVER_NAME, drv_name, sizeof( drv_name ), &len ); #ifdef BACKSQL_TRACE Debug( LDAP_DEBUG_TRACE, "backsql_Prepare(): driver name=\"%s\"\n", drv_name, 0, 0 ); #endif /* BACKSQL_TRACE */ ldap_pvt_str2upper( drv_name ); if ( !strncmp( drv_name, "SQLSRV32.DLL", STRLENOF( "SQLSRV32.DLL" ) ) ) { /* * stupid default result set in MS SQL Server * does not support multiple active statements * on the same connection -- so we are trying * to make it not to use default result set... */ Debug( LDAP_DEBUG_TRACE, "_SQLprepare(): " "enabling MS SQL Server default result " "set workaround\n", 0, 0, 0 ); rc = SQLSetStmtOption( *sth, SQL_CONCURRENCY, SQL_CONCUR_ROWVER ); if ( rc != SQL_SUCCESS && rc != SQL_SUCCESS_WITH_INFO ) { Debug( LDAP_DEBUG_TRACE, "backsql_Prepare(): " "SQLSetStmtOption(SQL_CONCURRENCY," "SQL_CONCUR_ROWVER) failed:\n", 0, 0, 0 ); backsql_PrintErrors( SQL_NULL_HENV, dbh, *sth, rc ); SQLFreeStmt( *sth, SQL_DROP ); return rc; } } } #endif /* BACKSQL_MSSQL_WORKAROUND */ if ( timeout > 0 ) { Debug( LDAP_DEBUG_TRACE, "_SQLprepare(): " "setting query timeout to %d sec.\n", timeout, 0, 0 ); rc = SQLSetStmtOption( *sth, SQL_QUERY_TIMEOUT, timeout ); if ( rc != SQL_SUCCESS ) { backsql_PrintErrors( SQL_NULL_HENV, dbh, *sth, rc ); SQLFreeStmt( *sth, SQL_DROP ); return rc; } } #ifdef BACKSQL_TRACE Debug( LDAP_DEBUG_TRACE, "<==backsql_Prepare() calling SQLPrepare()\n", 0, 0, 0 ); #endif /* BACKSQL_TRACE */ return SQLPrepare( *sth, (SQLCHAR *)query, SQL_NTS ); }
/* Called for all modify and modrdn ops. If the current op was replicated * from elsewhere, all of the attrs should already be present. */ void slap_mods_opattrs( Operation *op, Modifications **modsp, int manage_ctxcsn ) { struct berval name, timestamp, csn = BER_BVNULL; struct berval nname; char timebuf[ LDAP_LUTIL_GENTIME_BUFSIZE ]; char csnbuf[ LDAP_LUTIL_CSNSTR_BUFSIZE ]; Modifications *mod, **modtail, *modlast; int gotcsn = 0, gotmname = 0, gotmtime = 0; if ( SLAP_LASTMOD( op->o_bd ) && !op->orm_no_opattrs ) { char *ptr; timestamp.bv_val = timebuf; for ( modtail = modsp; *modtail; modtail = &(*modtail)->sml_next ) { if ( (*modtail)->sml_op != LDAP_MOD_ADD && (*modtail)->sml_op != SLAP_MOD_SOFTADD && (*modtail)->sml_op != LDAP_MOD_REPLACE ) { continue; } if ( (*modtail)->sml_desc == slap_schema.si_ad_entryCSN ) { csn = (*modtail)->sml_values[0]; gotcsn = 1; } else if ( (*modtail)->sml_desc == slap_schema.si_ad_modifiersName ) { gotmname = 1; } else if ( (*modtail)->sml_desc == slap_schema.si_ad_modifyTimestamp ) { gotmtime = 1; } } if ( BER_BVISEMPTY( &op->o_csn )) { if ( !gotcsn ) { csn.bv_val = csnbuf; csn.bv_len = sizeof( csnbuf ); slap_get_csn( op, &csn, manage_ctxcsn ); } else { if ( manage_ctxcsn ) { slap_queue_csn( op, &csn ); } } } else { csn = op->o_csn; } ptr = ber_bvchr( &csn, '#' ); if ( ptr ) { timestamp.bv_len = STRLENOF("YYYYMMDDHHMMSSZ"); AC_MEMCPY( timebuf, csn.bv_val, timestamp.bv_len ); timebuf[timestamp.bv_len-1] = 'Z'; timebuf[timestamp.bv_len] = '\0'; } else { time_t now = slap_get_time(); timestamp.bv_len = sizeof(timebuf); slap_timestamp( &now, ×tamp ); } if ( BER_BVISEMPTY( &op->o_dn ) ) { BER_BVSTR( &name, SLAPD_ANONYMOUS ); nname = name; } else { name = op->o_dn; nname = op->o_ndn; } if ( !gotcsn ) { mod = (Modifications *) ch_malloc( sizeof( Modifications ) ); mod->sml_op = LDAP_MOD_REPLACE; mod->sml_flags = SLAP_MOD_INTERNAL; mod->sml_next = NULL; BER_BVZERO( &mod->sml_type ); mod->sml_desc = slap_schema.si_ad_entryCSN; mod->sml_numvals = 1; mod->sml_values = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) ); ber_dupbv( &mod->sml_values[0], &csn ); BER_BVZERO( &mod->sml_values[1] ); assert( !BER_BVISNULL( &mod->sml_values[0] ) ); mod->sml_nvalues = NULL; *modtail = mod; modlast = mod; modtail = &mod->sml_next; } if ( !gotmname ) { mod = (Modifications *) ch_malloc( sizeof( Modifications ) ); mod->sml_op = LDAP_MOD_REPLACE; mod->sml_flags = SLAP_MOD_INTERNAL; mod->sml_next = NULL; BER_BVZERO( &mod->sml_type ); mod->sml_desc = slap_schema.si_ad_modifiersName; mod->sml_numvals = 1; mod->sml_values = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) ); ber_dupbv( &mod->sml_values[0], &name ); BER_BVZERO( &mod->sml_values[1] ); assert( !BER_BVISNULL( &mod->sml_values[0] ) ); mod->sml_nvalues = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) ); ber_dupbv( &mod->sml_nvalues[0], &nname ); BER_BVZERO( &mod->sml_nvalues[1] ); assert( !BER_BVISNULL( &mod->sml_nvalues[0] ) ); *modtail = mod; modtail = &mod->sml_next; } if ( !gotmtime ) { mod = (Modifications *) ch_malloc( sizeof( Modifications ) ); mod->sml_op = LDAP_MOD_REPLACE; mod->sml_flags = SLAP_MOD_INTERNAL; mod->sml_next = NULL; BER_BVZERO( &mod->sml_type ); mod->sml_desc = slap_schema.si_ad_modifyTimestamp; mod->sml_numvals = 1; mod->sml_values = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) ); ber_dupbv( &mod->sml_values[0], ×tamp ); BER_BVZERO( &mod->sml_values[1] ); assert( !BER_BVISNULL( &mod->sml_values[0] ) ); mod->sml_nvalues = NULL; *modtail = mod; modtail = &mod->sml_next; } } }
/* * meta_back_proxy_authz_cred() * * prepares credentials & method for meta_back_proxy_authz_bind(); * or, if method is SASL, performs the SASL bind directly. */ int meta_back_proxy_authz_cred( metaconn_t *mc, int candidate, Operation *op, SlapReply *rs, ldap_back_send_t sendok, struct berval *binddn, struct berval *bindcred, int *method ) { metainfo_t *mi = (metainfo_t *)op->o_bd->be_private; metatarget_t *mt = mi->mi_targets[ candidate ]; metasingleconn_t *msc = &mc->mc_conns[ candidate ]; struct berval ndn; int dobind = 0; /* don't proxyAuthz if protocol is not LDAPv3 */ switch ( mt->mt_version ) { case LDAP_VERSION3: break; case 0: if ( op->o_protocol == 0 || op->o_protocol == LDAP_VERSION3 ) { break; } /* fall thru */ default: rs->sr_err = LDAP_UNWILLING_TO_PERFORM; if ( sendok & LDAP_BACK_SENDERR ) { send_ldap_result( op, rs ); } LDAP_BACK_CONN_ISBOUND_CLEAR( msc ); goto done; } if ( op->o_tag == LDAP_REQ_BIND ) { ndn = op->o_req_ndn; } else if ( !BER_BVISNULL( &op->o_conn->c_ndn ) ) { ndn = op->o_conn->c_ndn; } else { ndn = op->o_ndn; } rs->sr_err = LDAP_SUCCESS; /* * FIXME: we need to let clients use proxyAuthz * otherwise we cannot do symmetric pools of servers; * we have to live with the fact that a user can * authorize itself as any ID that is allowed * by the authzTo directive of the "proxyauthzdn". */ /* * NOTE: current Proxy Authorization specification * and implementation do not allow proxy authorization * control to be provided with Bind requests */ /* * if no bind took place yet, but the connection is bound * and the "proxyauthzdn" is set, then bind as * "proxyauthzdn" and explicitly add the proxyAuthz * control to every operation with the dn bound * to the connection as control value. */ /* bind as proxyauthzdn only if no idassert mode * is requested, or if the client's identity * is authorized */ switch ( mt->mt_idassert_mode ) { case LDAP_BACK_IDASSERT_LEGACY: if ( !BER_BVISNULL( &ndn ) && !BER_BVISEMPTY( &ndn ) ) { if ( !BER_BVISNULL( &mt->mt_idassert_authcDN ) && !BER_BVISEMPTY( &mt->mt_idassert_authcDN ) ) { *binddn = mt->mt_idassert_authcDN; *bindcred = mt->mt_idassert_passwd; dobind = 1; } } break; default: /* NOTE: rootdn can always idassert */ if ( BER_BVISNULL( &ndn ) && mt->mt_idassert_authz == NULL && !( mt->mt_idassert_flags & LDAP_BACK_AUTH_AUTHZ_ALL ) ) { if ( mt->mt_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) { rs->sr_err = LDAP_INAPPROPRIATE_AUTH; if ( sendok & LDAP_BACK_SENDERR ) { send_ldap_result( op, rs ); } LDAP_BACK_CONN_ISBOUND_CLEAR( msc ); goto done; } rs->sr_err = LDAP_SUCCESS; *binddn = slap_empty_bv; *bindcred = slap_empty_bv; break; } else if ( mt->mt_idassert_authz && !be_isroot( op ) ) { struct berval authcDN; if ( BER_BVISNULL( &ndn ) ) { authcDN = slap_empty_bv; } else { authcDN = ndn; } rs->sr_err = slap_sasl_matches( op, mt->mt_idassert_authz, &authcDN, &authcDN ); if ( rs->sr_err != LDAP_SUCCESS ) { if ( mt->mt_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) { if ( sendok & LDAP_BACK_SENDERR ) { send_ldap_result( op, rs ); } LDAP_BACK_CONN_ISBOUND_CLEAR( msc ); goto done; } rs->sr_err = LDAP_SUCCESS; *binddn = slap_empty_bv; *bindcred = slap_empty_bv; break; } } *binddn = mt->mt_idassert_authcDN; *bindcred = mt->mt_idassert_passwd; dobind = 1; break; } if ( dobind && mt->mt_idassert_authmethod == LDAP_AUTH_SASL ) { #ifdef HAVE_CYRUS_SASL void *defaults = NULL; struct berval authzID = BER_BVNULL; int freeauthz = 0; /* if SASL supports native authz, prepare for it */ if ( ( !op->o_do_not_cache || !op->o_is_auth_check ) && ( mt->mt_idassert_flags & LDAP_BACK_AUTH_NATIVE_AUTHZ ) ) { switch ( mt->mt_idassert_mode ) { case LDAP_BACK_IDASSERT_OTHERID: case LDAP_BACK_IDASSERT_OTHERDN: authzID = mt->mt_idassert_authzID; break; case LDAP_BACK_IDASSERT_ANONYMOUS: BER_BVSTR( &authzID, "dn:" ); break; case LDAP_BACK_IDASSERT_SELF: if ( BER_BVISNULL( &ndn ) ) { /* connection is not authc'd, so don't idassert */ BER_BVSTR( &authzID, "dn:" ); break; } authzID.bv_len = STRLENOF( "dn:" ) + ndn.bv_len; authzID.bv_val = slap_sl_malloc( authzID.bv_len + 1, op->o_tmpmemctx ); memcpy( authzID.bv_val, "dn:", STRLENOF( "dn:" ) ); memcpy( authzID.bv_val + STRLENOF( "dn:" ), ndn.bv_val, ndn.bv_len + 1 ); freeauthz = 1; break; default: break; } } if ( mt->mt_idassert_secprops != NULL ) { rs->sr_err = ldap_set_option( msc->msc_ld, LDAP_OPT_X_SASL_SECPROPS, (void *)mt->mt_idassert_secprops ); if ( rs->sr_err != LDAP_OPT_SUCCESS ) { rs->sr_err = LDAP_OTHER; if ( sendok & LDAP_BACK_SENDERR ) { send_ldap_result( op, rs ); } LDAP_BACK_CONN_ISBOUND_CLEAR( msc ); goto done; } } defaults = lutil_sasl_defaults( msc->msc_ld, mt->mt_idassert_sasl_mech.bv_val, mt->mt_idassert_sasl_realm.bv_val, mt->mt_idassert_authcID.bv_val, mt->mt_idassert_passwd.bv_val, authzID.bv_val ); if ( defaults == NULL ) { rs->sr_err = LDAP_OTHER; LDAP_BACK_CONN_ISBOUND_CLEAR( msc ); if ( sendok & LDAP_BACK_SENDERR ) { send_ldap_result( op, rs ); } goto done; } rs->sr_err = ldap_sasl_interactive_bind_s( msc->msc_ld, binddn->bv_val, mt->mt_idassert_sasl_mech.bv_val, NULL, NULL, LDAP_SASL_QUIET, lutil_sasl_interact, defaults ); rs->sr_err = slap_map_api2result( rs ); if ( rs->sr_err != LDAP_SUCCESS ) { LDAP_BACK_CONN_ISBOUND_CLEAR( msc ); if ( sendok & LDAP_BACK_SENDERR ) { send_ldap_result( op, rs ); } } else { LDAP_BACK_CONN_ISBOUND_SET( msc ); } lutil_sasl_freedefs( defaults ); if ( freeauthz ) { slap_sl_free( authzID.bv_val, op->o_tmpmemctx ); } goto done; #endif /* HAVE_CYRUS_SASL */ } *method = mt->mt_idassert_authmethod; switch ( mt->mt_idassert_authmethod ) { case LDAP_AUTH_NONE: BER_BVSTR( binddn, "" ); BER_BVSTR( bindcred, "" ); /* fallthru */ case LDAP_AUTH_SIMPLE: break; default: /* unsupported! */ LDAP_BACK_CONN_ISBOUND_CLEAR( msc ); rs->sr_err = LDAP_AUTH_METHOD_NOT_SUPPORTED; if ( sendok & LDAP_BACK_SENDERR ) { send_ldap_result( op, rs ); } break; } done:; if ( !BER_BVISEMPTY( binddn ) ) { LDAP_BACK_CONN_ISIDASSERT_SET( msc ); } return rs->sr_err; }
/* * meta_back_dobind */ int meta_back_dobind( Operation *op, SlapReply *rs, metaconn_t *mc, ldap_back_send_t sendok ) { metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private; int bound = 0, i, isroot = 0; SlapReply *candidates; if ( be_isroot( op ) ) { isroot = 1; } if ( LogTest( LDAP_DEBUG_TRACE ) ) { char buf[STRLENOF("4294967295U") + 1] = { 0 }; mi->mi_ldap_extra->connid2str( &mc->mc_base, buf, sizeof(buf) ); Debug( LDAP_DEBUG_TRACE, "%s meta_back_dobind: conn=%s%s\n", op->o_log_prefix, buf, isroot ? " (isroot)" : "" ); } /* * all the targets are bound as pseudoroot */ if ( mc->mc_authz_target == META_BOUND_ALL ) { bound = 1; goto done; } candidates = meta_back_candidates_get( op ); for ( i = 0; i < mi->mi_ntargets; i++ ) { metatarget_t *mt = mi->mi_targets[ i ]; metasingleconn_t *msc = &mc->mc_conns[ i ]; int rc; /* * Not a candidate */ if ( !META_IS_CANDIDATE( &candidates[ i ] ) ) { continue; } assert( msc->msc_ld != NULL ); /* * If the target is already bound it is skipped */ retry_binding:; ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex ); if ( LDAP_BACK_CONN_ISBOUND( msc ) || ( LDAP_BACK_CONN_ISANON( msc ) && mt->mt_idassert_authmethod == LDAP_AUTH_NONE ) ) { ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex ); ++bound; continue; } else if ( META_BACK_CONN_CREATING( msc ) || LDAP_BACK_CONN_BINDING( msc ) ) { ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex ); ldap_pvt_thread_yield(); goto retry_binding; } LDAP_BACK_CONN_BINDING_SET( msc ); ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex ); rc = meta_back_single_dobind( op, rs, &mc, i, LDAP_BACK_DONTSEND, mt->mt_nretries, 1 ); /* * NOTE: meta_back_single_dobind() already retries; * in case of failure, it resets mc... */ if ( rc != LDAP_SUCCESS ) { char buf[ SLAP_TEXT_BUFLEN ]; if ( mc == NULL ) { /* meta_back_single_dobind() already sent * response and released connection */ goto send_err; } if ( rc == LDAP_UNAVAILABLE ) { /* FIXME: meta_back_retry() already re-calls * meta_back_single_dobind() */ if ( meta_back_retry( op, rs, &mc, i, sendok ) ) { goto retry_ok; } if ( mc != NULL ) { ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex ); LDAP_BACK_CONN_BINDING_CLEAR( msc ); meta_back_release_conn_lock( mi, mc, 0 ); ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex ); } return 0; } ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex ); LDAP_BACK_CONN_BINDING_CLEAR( msc ); ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex ); snprintf( buf, sizeof( buf ), "meta_back_dobind[%d]: (%s) err=%d (%s).", i, isroot ? op->o_bd->be_rootdn.bv_val : "anonymous", rc, ldap_err2string( rc ) ); Debug( LDAP_DEBUG_ANY, "%s %s\n", op->o_log_prefix, buf ); /* * null cred bind should always succeed * as anonymous, so a failure means * the target is no longer candidate possibly * due to technical reasons (remote host down?) * so better clear the handle */ /* leave the target candidate, but record the error for later use */ candidates[ i ].sr_err = rc; if ( META_BACK_ONERR_STOP( mi ) ) { bound = 0; goto done; } continue; } /* else */ retry_ok:; Debug( LDAP_DEBUG_TRACE, "%s meta_back_dobind[%d]: " "(%s)\n", op->o_log_prefix, i, isroot ? op->o_bd->be_rootdn.bv_val : "anonymous" ); ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex ); LDAP_BACK_CONN_BINDING_CLEAR( msc ); if ( isroot ) { LDAP_BACK_CONN_ISBOUND_SET( msc ); } else { LDAP_BACK_CONN_ISANON_SET( msc ); } ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex ); ++bound; } done:; if ( LogTest( LDAP_DEBUG_TRACE ) ) { char buf[STRLENOF("4294967295U") + 1] = { 0 }; mi->mi_ldap_extra->connid2str( &mc->mc_base, buf, sizeof(buf) ); Debug( LDAP_DEBUG_TRACE, "%s meta_back_dobind: conn=%s bound=%d\n", op->o_log_prefix, buf, bound ); } if ( bound == 0 ) { meta_back_release_conn( mi, mc ); send_err:; if ( sendok & LDAP_BACK_SENDERR ) { if ( rs->sr_err == LDAP_SUCCESS ) { rs->sr_err = LDAP_BUSY; } send_ldap_result( op, rs ); } return 0; } return ( bound > 0 ); }
static int pguid_repair( BackendDB *be ) { slap_overinst *on = (slap_overinst *)be->bd_info; void *ctx = ldap_pvt_thread_pool_context(); Connection conn = { 0 }; OperationBuffer opbuf; Operation *op; slap_callback sc = { 0 }; pguid_repair_cb_t pcb = { 0 }; SlapReply rs = { REP_RESULT }; pguid_mod_t *pmod; int nrepaired = 0; connection_fake_init2( &conn, &opbuf, ctx, 0 ); op = &opbuf.ob_op; op->o_tag = LDAP_REQ_SEARCH; memset( &op->oq_search, 0, sizeof( op->oq_search ) ); op->o_bd = select_backend( &be->be_nsuffix[ 0 ], 0 ); op->o_req_dn = op->o_bd->be_suffix[ 0 ]; op->o_req_ndn = op->o_bd->be_nsuffix[ 0 ]; op->o_dn = op->o_bd->be_rootdn; op->o_ndn = op->o_bd->be_rootndn; op->ors_scope = LDAP_SCOPE_SUBORDINATE; op->ors_tlimit = SLAP_NO_LIMIT; op->ors_slimit = SLAP_NO_LIMIT; op->ors_attrs = slap_anlist_no_attrs; op->ors_filterstr.bv_len = STRLENOF( "(!(=*))" ) + ad_parentUUID->ad_cname.bv_len; op->ors_filterstr.bv_val = op->o_tmpalloc( op->ors_filterstr.bv_len + 1, op->o_tmpmemctx ); snprintf( op->ors_filterstr.bv_val, op->ors_filterstr.bv_len + 1, "(!(%s=*))", ad_parentUUID->ad_cname.bv_val ); op->ors_filter = str2filter_x( op, op->ors_filterstr.bv_val ); if ( op->ors_filter == NULL ) { rs.sr_err = LDAP_OTHER; goto done_search; } op->o_callback = ≻ sc.sc_response = pguid_repair_cb; sc.sc_private = &pcb; pcb.on = on; (void)op->o_bd->bd_info->bi_op_search( op, &rs ); op->o_tag = LDAP_REQ_MODIFY; sc.sc_response = slap_null_cb; sc.sc_private = NULL; memset( &op->oq_modify, 0, sizeof( req_modify_s ) ); for ( pmod = pcb.mods; pmod != NULL; ) { pguid_mod_t *pnext; Modifications *mod; SlapReply rs2 = { REP_RESULT }; mod = (Modifications *) ch_malloc( sizeof( Modifications ) ); mod->sml_flags = SLAP_MOD_INTERNAL; mod->sml_op = LDAP_MOD_REPLACE; mod->sml_desc = ad_parentUUID; mod->sml_type = ad_parentUUID->ad_cname; mod->sml_values = ch_malloc( sizeof( struct berval ) * 2 ); mod->sml_nvalues = NULL; mod->sml_numvals = 1; mod->sml_next = NULL; ber_dupbv( &mod->sml_values[0], &pmod->pguid ); BER_BVZERO( &mod->sml_values[1] ); op->o_req_dn = pmod->ndn; op->o_req_ndn = pmod->ndn; op->orm_modlist = mod; op->o_bd->be_modify( op, &rs2 ); slap_mods_free( op->orm_modlist, 1 ); if ( rs2.sr_err == LDAP_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, "%s: pguid_repair: entry DN=\"%s\" repaired\n", op->o_log_prefix, pmod->ndn.bv_val, 0 ); nrepaired++; } else { Debug( LDAP_DEBUG_ANY, "%s: pguid_repair: entry DN=\"%s\" repair failed (%d)\n", op->o_log_prefix, pmod->ndn.bv_val, rs2.sr_err ); } pnext = pmod->next; op->o_tmpfree( pmod, op->o_tmpmemctx ); pmod = pnext; } done_search:; op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx ); filter_free_x( op, op->ors_filter, 1 ); Log1( LDAP_DEBUG_STATS, LDAP_LEVEL_INFO, "pguid: repaired=%d\n", nrepaired ); return rs.sr_err; }
/* * Lookup and return LDAP servers for domain (using the DNS * SRV record _ldap._tcp.domain). */ int ldap_domain2hostlist( LDAP_CONST char *domain, char **list ) { #ifdef HAVE_RES_QUERY #define DNSBUFSIZ (64*1024) char *request; char *hostlist = NULL; int rc, len, cur = 0; unsigned char reply[DNSBUFSIZ]; assert( domain != NULL ); assert( list != NULL ); if( *domain == '\0' ) { return LDAP_PARAM_ERROR; } request = LDAP_MALLOC(strlen(domain) + sizeof("_ldap._tcp.")); if (request == NULL) { return LDAP_NO_MEMORY; } sprintf(request, "_ldap._tcp.%s", domain); #ifdef LDAP_R_COMPILE ldap_pvt_thread_mutex_lock(&ldap_int_resolv_mutex); #endif rc = LDAP_UNAVAILABLE; #ifdef NS_HFIXEDSZ /* Bind 8/9 interface */ len = res_query(request, ns_c_in, ns_t_srv, reply, sizeof(reply)); # ifndef T_SRV # define T_SRV ns_t_srv # endif #else /* Bind 4 interface */ # ifndef T_SRV # define T_SRV 33 # endif len = res_query(request, C_IN, T_SRV, reply, sizeof(reply)); #endif if (len >= 0) { unsigned char *p; char host[DNSBUFSIZ]; int status; u_short port; /* int priority, weight; */ /* Parse out query */ p = reply; #ifdef NS_HFIXEDSZ /* Bind 8/9 interface */ p += NS_HFIXEDSZ; #elif defined(HFIXEDSZ) /* Bind 4 interface w/ HFIXEDSZ */ p += HFIXEDSZ; #else /* Bind 4 interface w/o HFIXEDSZ */ p += sizeof(HEADER); #endif status = dn_expand(reply, reply + len, p, host, sizeof(host)); if (status < 0) { goto out; } p += status; p += 4; while (p < reply + len) { int type, class, ttl, size; status = dn_expand(reply, reply + len, p, host, sizeof(host)); if (status < 0) { goto out; } p += status; type = (p[0] << 8) | p[1]; p += 2; class = (p[0] << 8) | p[1]; p += 2; ttl = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; p += 4; size = (p[0] << 8) | p[1]; p += 2; if (type == T_SRV) { int buflen; status = dn_expand(reply, reply + len, p + 6, host, sizeof(host)); if (status < 0) { goto out; } /* ignore priority and weight for now */ /* priority = (p[0] << 8) | p[1]; */ /* weight = (p[2] << 8) | p[3]; */ port = (p[4] << 8) | p[5]; if ( port == 0 || host[ 0 ] == '\0' ) { goto add_size; } buflen = strlen(host) + STRLENOF(":65355 "); hostlist = (char *) LDAP_REALLOC(hostlist, cur + buflen + 1); if (hostlist == NULL) { rc = LDAP_NO_MEMORY; goto out; } if (cur > 0) { /* not first time around */ hostlist[cur++] = ' '; } cur += sprintf(&hostlist[cur], "%s:%hd", host, port); } add_size:; p += size; } }
static void * slapd_rw_config( const char *fname, int lineno, int argc, char **argv ) { slapd_map_data *ret = NULL; LDAPURLDesc *lud = NULL; char *uri; AttributeDescription *ad = NULL; int rc, flen = 0; struct berval dn, ndn; if ( argc != 1 ) { Debug( LDAP_DEBUG_ANY, "[%s:%d] slapd map needs URI\n", fname, lineno, 0 ); return NULL; } uri = argv[0]; if ( strncasecmp( uri, "uri=", STRLENOF( "uri=" ) ) == 0 ) { uri += STRLENOF( "uri=" ); } if ( ldap_url_parse( uri, &lud ) != LDAP_URL_SUCCESS ) { Debug( LDAP_DEBUG_ANY, "[%s:%d] illegal URI '%s'\n", fname, lineno, uri ); return NULL; } if ( strcasecmp( lud->lud_scheme, "ldap" )) { Debug( LDAP_DEBUG_ANY, "[%s:%d] illegal URI scheme '%s'\n", fname, lineno, lud->lud_scheme ); goto done; } if (( lud->lud_host && lud->lud_host[0] ) || lud->lud_exts || !lud->lud_dn ) { Debug( LDAP_DEBUG_ANY, "[%s:%d] illegal URI '%s'\n", fname, lineno, uri ); goto done; } if ( lud->lud_attrs ) { if ( lud->lud_attrs[1] ) { Debug( LDAP_DEBUG_ANY, "[%s:%d] only one attribute allowed in URI\n", fname, lineno, 0 ); goto done; } if ( strcasecmp( lud->lud_attrs[0], "dn" ) && strcasecmp( lud->lud_attrs[0], "entryDN" )) { const char *text; rc = slap_str2ad( lud->lud_attrs[0], &ad, &text ); if ( rc ) goto done; } } ber_str2bv( lud->lud_dn, 0, 0, &dn ); if ( dnNormalize( 0, NULL, NULL, &dn, &ndn, NULL )) goto done; if ( lud->lud_filter ) { flen = strlen( lud->lud_filter ) + 1; } ret = ch_malloc( sizeof( slapd_map_data ) + flen ); ret->base = ndn; if ( flen ) { ret->filter.bv_val = (char *)(ret+1); ret->filter.bv_len = flen - 1; strcpy( ret->filter.bv_val, lud->lud_filter ); } else { BER_BVZERO( &ret->filter ); } ret->scope = lud->lud_scope; if ( ad ) { ret->attrs[0].an_name = ad->ad_cname; } else { BER_BVZERO( &ret->attrs[0].an_name ); } ret->attrs[0].an_desc = ad; BER_BVZERO( &ret->attrs[1].an_name ); done: ldap_free_urldesc( lud ); return ret; }
int dnssrv_back_referrals( Operation *op, SlapReply *rs ) { int i; int rc = LDAP_OTHER; char *domain = NULL; char *hostlist = NULL; char **hosts = NULL; BerVarray urls = NULL; if ( BER_BVISEMPTY( &op->o_req_dn ) ) { /* FIXME: need some means to determine whether the database * is a glue instance */ if ( SLAP_GLUE_INSTANCE( op->o_bd ) ) { return LDAP_SUCCESS; } rs->sr_text = "DNS SRV operation upon null (empty) DN disallowed"; return LDAP_UNWILLING_TO_PERFORM; } if( get_manageDSAit( op ) ) { if( op->o_tag == LDAP_REQ_SEARCH ) { return LDAP_SUCCESS; } rs->sr_text = "DNS SRV problem processing manageDSAit control"; return LDAP_OTHER; } if( ldap_dn2domain( op->o_req_dn.bv_val, &domain ) || domain == NULL ) { rs->sr_err = LDAP_REFERRAL; rs->sr_ref = default_referral; send_ldap_result( op, rs ); rs->sr_ref = NULL; return LDAP_REFERRAL; } Debug( LDAP_DEBUG_TRACE, "DNSSRV: dn=\"%s\" -> domain=\"%s\"\n", op->o_req_dn.bv_val, domain, 0 ); i = ldap_domain2hostlist( domain, &hostlist ); if ( i ) { Debug( LDAP_DEBUG_TRACE, "DNSSRV: domain2hostlist(%s) returned %d\n", domain, i, 0 ); rs->sr_text = "no DNS SRV RR available for DN"; rc = LDAP_NO_SUCH_OBJECT; goto done; } hosts = ldap_str2charray( hostlist, " " ); if( hosts == NULL ) { Debug( LDAP_DEBUG_TRACE, "DNSSRV: str2charrary error\n", 0, 0, 0 ); rs->sr_text = "problem processing DNS SRV records for DN"; goto done; } for( i=0; hosts[i] != NULL; i++) { struct berval url; url.bv_len = STRLENOF( "ldap://" ) + strlen( hosts[i] ); url.bv_val = ch_malloc( url.bv_len + 1 ); strcpy( url.bv_val, "ldap://" ); strcpy( &url.bv_val[STRLENOF( "ldap://" )], hosts[i] ); if ( ber_bvarray_add( &urls, &url ) < 0 ) { free( url.bv_val ); rs->sr_text = "problem processing DNS SRV records for DN"; goto done; } } Statslog( LDAP_DEBUG_STATS, "%s DNSSRV p=%d dn=\"%s\" url=\"%s\"\n", op->o_log_prefix, op->o_protocol, op->o_req_dn.bv_val, urls[0].bv_val, 0 ); Debug( LDAP_DEBUG_TRACE, "DNSSRV: dn=\"%s\" -> url=\"%s\"\n", op->o_req_dn.bv_val, urls[0].bv_val, 0 ); rs->sr_ref = urls; send_ldap_error( op, rs, LDAP_REFERRAL, "DNS SRV generated referrals" ); rs->sr_ref = NULL; rc = LDAP_REFERRAL; done: if( domain != NULL ) ch_free( domain ); if( hostlist != NULL ) ch_free( hostlist ); if( hosts != NULL ) ldap_charray_free( hosts ); ber_bvarray_free( urls ); return rc; }
int slap_bv2ad( struct berval *bv, AttributeDescription **ad, const char **text ) { int rtn = LDAP_UNDEFINED_TYPE; AttributeDescription desc, *d2; char *name, *options, *optn; char *opt, *next; int ntags; int tagslen; /* hardcoded limits for speed */ #define MAX_TAGGING_OPTIONS 128 struct berval tags[MAX_TAGGING_OPTIONS+1]; #define MAX_TAGS_LEN 1024 char tagbuf[MAX_TAGS_LEN]; assert( ad != NULL ); assert( *ad == NULL ); /* temporary */ if( bv == NULL || BER_BVISNULL( bv ) || BER_BVISEMPTY( bv ) ) { *text = "empty AttributeDescription"; return rtn; } /* make sure description is IA5 */ if( ad_keystring( bv ) ) { *text = "AttributeDescription contains inappropriate characters"; return rtn; } /* find valid base attribute type; parse in place */ desc.ad_cname = *bv; desc.ad_flags = 0; BER_BVZERO( &desc.ad_tags ); name = bv->bv_val; options = ber_bvchr( bv, ';' ); if ( options != NULL && (unsigned) ( options - name ) < bv->bv_len ) { /* don't go past the end of the berval! */ desc.ad_cname.bv_len = options - name; } else { options = NULL; } desc.ad_type = at_bvfind( &desc.ad_cname ); if( desc.ad_type == NULL ) { *text = "attribute type undefined"; return rtn; } if( is_at_operational( desc.ad_type ) && options != NULL ) { *text = "operational attribute with options undefined"; return rtn; } /* * parse options in place */ ntags = 0; tagslen = 0; optn = bv->bv_val + bv->bv_len; for( opt=options; opt != NULL; opt=next ) { int optlen; opt++; next = strchrlen( opt, optn, ';', &optlen ); if( optlen == 0 ) { *text = "zero length option is invalid"; return rtn; } else if ( optlen == STRLENOF("binary") && strncasecmp( opt, "binary", STRLENOF("binary") ) == 0 ) { /* binary option */ if( slap_ad_is_binary( &desc ) ) { *text = "option \"binary\" specified multiple times"; return rtn; } if( !slap_syntax_is_binary( desc.ad_type->sat_syntax )) { /* not stored in binary, disallow option */ *text = "option \"binary\" not supported with type"; return rtn; } desc.ad_flags |= SLAP_DESC_BINARY; continue; } else if ( ad_find_option_definition( opt, optlen ) ) { int i; if( opt[optlen-1] == '-' || ( opt[optlen-1] == '=' && msad_range_hack )) { desc.ad_flags |= SLAP_DESC_TAG_RANGE; } if( ntags >= MAX_TAGGING_OPTIONS ) { *text = "too many tagging options"; return rtn; } /* * tags should be presented in sorted order, * so run the array in reverse. */ for( i=ntags-1; i>=0; i-- ) { int rc; rc = strncasecmp( opt, tags[i].bv_val, (unsigned) optlen < tags[i].bv_len ? (unsigned) optlen : tags[i].bv_len ); if( rc == 0 && (unsigned)optlen == tags[i].bv_len ) { /* duplicate (ignore) */ ntags--; goto done; } else if ( rc > 0 || ( rc == 0 && (unsigned)optlen > tags[i].bv_len )) { AC_MEMCPY( &tags[i+2], &tags[i+1], (ntags-i-1)*sizeof(struct berval) ); tags[i+1].bv_val = opt; tags[i+1].bv_len = optlen; goto done; } } if( ntags ) { AC_MEMCPY( &tags[1], &tags[0], ntags*sizeof(struct berval) ); } tags[0].bv_val = opt; tags[0].bv_len = optlen; done:; tagslen += optlen + 1; ntags++; } else { *text = "unrecognized option"; return rtn; } } if( ntags > 0 ) { int i; if( tagslen > MAX_TAGS_LEN ) { *text = "tagging options too long"; return rtn; } desc.ad_tags.bv_val = tagbuf; tagslen = 0; for( i=0; i<ntags; i++ ) { AC_MEMCPY( &desc.ad_tags.bv_val[tagslen], tags[i].bv_val, tags[i].bv_len ); tagslen += tags[i].bv_len; desc.ad_tags.bv_val[tagslen++] = ';'; } desc.ad_tags.bv_val[--tagslen] = '\0'; desc.ad_tags.bv_len = tagslen; } /* see if a matching description is already cached */ for (d2 = desc.ad_type->sat_ad; d2; d2=d2->ad_next) { if( d2->ad_flags != desc.ad_flags ) { continue; } if( d2->ad_tags.bv_len != desc.ad_tags.bv_len ) { continue; } if( d2->ad_tags.bv_len == 0 ) { break; } if( strncasecmp( d2->ad_tags.bv_val, desc.ad_tags.bv_val, desc.ad_tags.bv_len ) == 0 ) { break; } } /* Not found, add new one */ while (d2 == NULL) { size_t dlen = 0; ldap_pvt_thread_mutex_lock( &desc.ad_type->sat_ad_mutex ); /* check again now that we've locked */ for (d2 = desc.ad_type->sat_ad; d2; d2=d2->ad_next) { if (d2->ad_flags != desc.ad_flags) continue; if (d2->ad_tags.bv_len != desc.ad_tags.bv_len) continue; if (d2->ad_tags.bv_len == 0) break; if (strncasecmp(d2->ad_tags.bv_val, desc.ad_tags.bv_val, desc.ad_tags.bv_len) == 0) break; } if (d2) { ldap_pvt_thread_mutex_unlock( &desc.ad_type->sat_ad_mutex ); break; } /* Allocate a single contiguous block. If there are no * options, we just need space for the AttrDesc structure. * Otherwise, we need to tack on the full name length + * options length, + maybe tagging options length again. */ if (desc.ad_tags.bv_len || desc.ad_flags != SLAP_DESC_NONE) { dlen = desc.ad_type->sat_cname.bv_len + 1; if (desc.ad_tags.bv_len) { dlen += 1 + desc.ad_tags.bv_len; } if ( slap_ad_is_binary( &desc ) ) { dlen += 1 + STRLENOF(";binary") + desc.ad_tags.bv_len; } } d2 = ch_malloc(sizeof(AttributeDescription) + dlen); d2->ad_next = NULL; d2->ad_type = desc.ad_type; d2->ad_flags = desc.ad_flags; d2->ad_cname.bv_len = desc.ad_type->sat_cname.bv_len; d2->ad_tags.bv_len = desc.ad_tags.bv_len; ldap_pvt_thread_mutex_lock( &ad_index_mutex ); d2->ad_index = ++ad_count; ldap_pvt_thread_mutex_unlock( &ad_index_mutex ); if (dlen == 0) { d2->ad_cname.bv_val = d2->ad_type->sat_cname.bv_val; d2->ad_tags.bv_val = NULL; } else { char *cp, *op, *lp; int j; d2->ad_cname.bv_val = (char *)(d2+1); strcpy(d2->ad_cname.bv_val, d2->ad_type->sat_cname.bv_val); cp = d2->ad_cname.bv_val + d2->ad_cname.bv_len; if( slap_ad_is_binary( &desc ) ) { op = cp; lp = NULL; if( desc.ad_tags.bv_len ) { lp = desc.ad_tags.bv_val; while( strncasecmp(lp, "binary", STRLENOF("binary")) < 0 && (lp = strchr( lp, ';' )) != NULL ) ++lp; if( lp != desc.ad_tags.bv_val ) { *cp++ = ';'; j = (lp ? (unsigned) (lp - desc.ad_tags.bv_val - 1) : strlen( desc.ad_tags.bv_val )); cp = lutil_strncopy(cp, desc.ad_tags.bv_val, j); } } cp = lutil_strcopy(cp, ";binary"); if( lp != NULL ) { *cp++ = ';'; cp = lutil_strcopy(cp, lp); } d2->ad_cname.bv_len = cp - d2->ad_cname.bv_val; if( desc.ad_tags.bv_len ) ldap_pvt_str2lower(op); j = 1; } else { j = 0; } if( desc.ad_tags.bv_len ) { lp = d2->ad_cname.bv_val + d2->ad_cname.bv_len + j; if ( j == 0 ) *lp++ = ';'; d2->ad_tags.bv_val = lp; strcpy(lp, desc.ad_tags.bv_val); ldap_pvt_str2lower(lp); if( j == 0 ) d2->ad_cname.bv_len += 1 + desc.ad_tags.bv_len; } } /* Add new desc to list. We always want the bare Desc with * no options to stay at the head of the list, assuming * that one will be used most frequently. */ if (desc.ad_type->sat_ad == NULL || dlen == 0) { d2->ad_next = desc.ad_type->sat_ad; desc.ad_type->sat_ad = d2; } else { d2->ad_next = desc.ad_type->sat_ad->ad_next; desc.ad_type->sat_ad->ad_next = d2; } ldap_pvt_thread_mutex_unlock( &desc.ad_type->sat_ad_mutex ); } if( *ad == NULL ) { *ad = d2; } else { **ad = *d2; } return LDAP_SUCCESS; }
/* * Lookup and return LDAP servers for domain (using the DNS * SRV record _ldap._tcp.domain). */ int ldap_domain2hostlist( LDAP_CONST char *domain, char **list ) { #ifdef HAVE_RES_QUERY char *request; char *hostlist = NULL; srv_record *hostent_head=NULL; int i, j; int rc, len, cur = 0; unsigned char reply[DNSBUFSIZ]; int hostent_count=0; assert( domain != NULL ); assert( list != NULL ); if( *domain == '\0' ) { return LDAP_PARAM_ERROR; } request = LDAP_MALLOC(strlen(domain) + sizeof("_ldap._tcp.")); if (request == NULL) { return LDAP_NO_MEMORY; } sprintf(request, "_ldap._tcp.%s", domain); LDAP_MUTEX_LOCK(&ldap_int_resolv_mutex); rc = LDAP_UNAVAILABLE; #ifdef NS_HFIXEDSZ /* Bind 8/9 interface */ len = res_query(request, ns_c_in, ns_t_srv, reply, sizeof(reply)); # ifndef T_SRV # define T_SRV ns_t_srv # endif #else /* Bind 4 interface */ # ifndef T_SRV # define T_SRV 33 # endif len = res_query(request, C_IN, T_SRV, reply, sizeof(reply)); #endif if (len >= 0) { unsigned char *p; char host[DNSBUFSIZ]; int status; u_short port, priority, weight; /* Parse out query */ p = reply; #ifdef NS_HFIXEDSZ /* Bind 8/9 interface */ p += NS_HFIXEDSZ; #elif defined(HFIXEDSZ) /* Bind 4 interface w/ HFIXEDSZ */ p += HFIXEDSZ; #else /* Bind 4 interface w/o HFIXEDSZ */ p += sizeof(HEADER); #endif status = dn_expand(reply, reply + len, p, host, sizeof(host)); if (status < 0) { goto out; } p += status; p += 4; while (p < reply + len) { int type, size; int class ALLOW_UNUSED, ttl ALLOW_UNUSED; status = dn_expand(reply, reply + len, p, host, sizeof(host)); if (status < 0) { goto out; } p += status; type = (p[0] << 8) | p[1]; p += 2; class = (p[0] << 8) | p[1]; p += 2; ttl = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; p += 4; size = (p[0] << 8) | p[1]; p += 2; if (type == T_SRV) { status = dn_expand(reply, reply + len, p + 6, host, sizeof(host)); if (status < 0) { goto out; } /* Get priority weight and port */ priority = (p[0] << 8) | p[1]; weight = (p[2] << 8) | p[3]; port = (p[4] << 8) | p[5]; if ( port == 0 || host[ 0 ] == '\0' ) { goto add_size; } hostent_head = (srv_record *) LDAP_REALLOC(hostent_head, (hostent_count+1)*(sizeof(srv_record))); if(hostent_head==NULL){ rc=LDAP_NO_MEMORY; goto out; } hostent_head[hostent_count].priority=priority; hostent_head[hostent_count].weight=weight; hostent_head[hostent_count].port=port; strncpy(hostent_head[hostent_count].hostname, host, MAXHOST-1); hostent_head[hostent_count].hostname[MAXHOST-1] = '\0'; hostent_count++; } add_size:; p += size; } if (!hostent_head) goto out; qsort(hostent_head, hostent_count, sizeof(srv_record), srv_cmp); if (!srv_seed) srv_srand(time(0L)); /* shuffle records of same priority */ j = 0; priority = hostent_head[0].priority; for (i=1; i<hostent_count; i++) { if (hostent_head[i].priority != priority) { priority = hostent_head[i].priority; if (i-j > 1) srv_shuffle(hostent_head+j, i-j); j = i; } } if (i-j > 1) srv_shuffle(hostent_head+j, i-j); for(i=0; i<hostent_count; i++){ int buflen; buflen = strlen(hostent_head[i].hostname) + STRLENOF(":65535 "); hostlist = (char *) LDAP_REALLOC(hostlist, cur+buflen+1); if (hostlist == NULL) { rc = LDAP_NO_MEMORY; goto out; } if(cur>0){ hostlist[cur++]=' '; } cur += sprintf(&hostlist[cur], "%s:%hu", hostent_head[i].hostname, hostent_head[i].port); } }
static int constraint_cf_gen( ConfigArgs *c ) { slap_overinst *on = (slap_overinst *)(c->bi); constraint *cn = on->on_bi.bi_private, *cp; struct berval bv; int i, rc = 0; constraint ap = { NULL }; const char *text = NULL; switch ( c->op ) { case SLAP_CONFIG_EMIT: switch (c->type) { case CONSTRAINT_ATTRIBUTE: for (cp=cn; cp; cp=cp->ap_next) { char *s; char *tstr = NULL; int quotes = 0; int j; bv.bv_len = STRLENOF(" "); for (j = 0; cp->ap[j]; j++) { bv.bv_len += cp->ap[j]->ad_cname.bv_len; } /* room for commas */ bv.bv_len += j - 1; if (cp->re) { tstr = REGEX_STR; } else if (cp->lud) { tstr = URI_STR; quotes = 1; } else if (cp->set) { tstr = SET_STR; quotes = 1; } else if (cp->size) { tstr = SIZE_STR; } else if (cp->count) { tstr = COUNT_STR; } bv.bv_len += strlen(tstr); bv.bv_len += cp->val.bv_len + 2*quotes; if (cp->restrict_lud != NULL) { bv.bv_len += cp->restrict_val.bv_len + STRLENOF(" restrict=\"\""); } s = bv.bv_val = ch_malloc(bv.bv_len + 1); s = lutil_strncopy( s, cp->ap[0]->ad_cname.bv_val, cp->ap[0]->ad_cname.bv_len ); for (j = 1; cp->ap[j]; j++) { *s++ = ','; s = lutil_strncopy( s, cp->ap[j]->ad_cname.bv_val, cp->ap[j]->ad_cname.bv_len ); } *s++ = ' '; s = lutil_strcopy( s, tstr ); *s++ = ' '; if ( quotes ) *s++ = '"'; s = lutil_strncopy( s, cp->val.bv_val, cp->val.bv_len ); if ( quotes ) *s++ = '"'; if (cp->restrict_lud != NULL) { s = lutil_strcopy( s, " restrict=\"" ); s = lutil_strncopy( s, cp->restrict_val.bv_val, cp->restrict_val.bv_len ); *s++ = '"'; } *s = '\0'; rc = value_add_one( &c->rvalue_vals, &bv ); if (rc == LDAP_SUCCESS) rc = value_add_one( &c->rvalue_nvals, &bv ); ch_free(bv.bv_val); if (rc) return rc; } break; default: abort(); break; } break; case LDAP_MOD_DELETE: switch (c->type) { case CONSTRAINT_ATTRIBUTE: if (!cn) break; /* nothing to do */ if (c->valx < 0) { /* zap all constraints */ while (cn) { cp = cn->ap_next; constraint_free( cn, 1 ); cn = cp; } on->on_bi.bi_private = NULL; } else { constraint **cpp; /* zap constraint numbered 'valx' */ for(i=0, cp = cn, cpp = &cn; (cp) && (i<c->valx); i++, cpp = &cp->ap_next, cp = *cpp); if (cp) { /* zap cp, and join cpp to cp->ap_next */ *cpp = cp->ap_next; constraint_free( cp, 1 ); } on->on_bi.bi_private = cn; } break; default: abort(); break; } break; case SLAP_CONFIG_ADD: case LDAP_MOD_ADD: switch (c->type) { case CONSTRAINT_ATTRIBUTE: { int j; char **attrs = ldap_str2charray( c->argv[1], "," ); for ( j = 0; attrs[j]; j++) /* just count */ ; ap.ap = ch_calloc( sizeof(AttributeDescription*), j + 1 ); for ( j = 0; attrs[j]; j++) { if ( slap_str2ad( attrs[j], &ap.ap[j], &text ) ) { snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s <%s>: %s\n", c->argv[0], attrs[j], text ); rc = ARG_BAD_CONF; goto done; } } if ( strcasecmp( c->argv[2], REGEX_STR ) == 0) { int err; ap.re = ch_malloc( sizeof(regex_t) ); if ((err = regcomp( ap.re, c->argv[3], REG_EXTENDED )) != 0) { char errmsg[1024]; regerror( err, ap.re, errmsg, sizeof(errmsg) ); ch_free(ap.re); snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s %s: Illegal regular expression \"%s\": Error %s", c->argv[0], c->argv[1], c->argv[3], errmsg); ap.re = NULL; rc = ARG_BAD_CONF; goto done; } ber_str2bv( c->argv[3], 0, 1, &ap.val ); } else if ( strcasecmp( c->argv[2], SIZE_STR ) == 0 ) { size_t size; if ( ( size = atoi(c->argv[3]) ) != 0 ) ap.size = size; } else if ( strcasecmp( c->argv[2], COUNT_STR ) == 0 ) { size_t count; if ( ( count = atoi(c->argv[3]) ) != 0 ) ap.count = count; } else if ( strcasecmp( c->argv[2], URI_STR ) == 0 ) { int err; err = ldap_url_parse(c->argv[3], &ap.lud); if ( err != LDAP_URL_SUCCESS ) { snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s %s: Invalid URI \"%s\"", c->argv[0], c->argv[1], c->argv[3]); rc = ARG_BAD_CONF; goto done; } if (ap.lud->lud_host != NULL) { snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s %s: unsupported hostname in URI \"%s\"", c->argv[0], c->argv[1], c->argv[3]); ldap_free_urldesc(ap.lud); rc = ARG_BAD_CONF; goto done; } for ( i=0; ap.lud->lud_attrs[i]; i++); /* FIXME: This is worthless without at least one attr */ if ( i ) { ap.attrs = ch_malloc( (i+1)*sizeof(AttributeDescription *)); for ( i=0; ap.lud->lud_attrs[i]; i++) { ap.attrs[i] = NULL; if ( slap_str2ad( ap.lud->lud_attrs[i], &ap.attrs[i], &text ) ) { ch_free( ap.attrs ); snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s <%s>: %s\n", c->argv[0], ap.lud->lud_attrs[i], text ); rc = ARG_BAD_CONF; goto done; } } ap.attrs[i] = NULL; } if (ap.lud->lud_dn == NULL) { ap.lud->lud_dn = ch_strdup(""); } else { struct berval dn, ndn; ber_str2bv( ap.lud->lud_dn, 0, 0, &dn ); if (dnNormalize( 0, NULL, NULL, &dn, &ndn, NULL ) ) { /* cleanup */ snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s %s: URI %s DN normalization failed", c->argv[0], c->argv[1], c->argv[3] ); Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n", c->log, c->cr_msg, 0 ); rc = ARG_BAD_CONF; goto done; } ldap_memfree( ap.lud->lud_dn ); ap.lud->lud_dn = ndn.bv_val; } if (ap.lud->lud_filter == NULL) { ap.lud->lud_filter = ch_strdup("objectClass=*"); } else if ( ap.lud->lud_filter[0] == '(' ) { ber_len_t len = strlen( ap.lud->lud_filter ); if ( ap.lud->lud_filter[len - 1] != ')' ) { snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s %s: invalid URI filter: %s", c->argv[0], c->argv[1], ap.lud->lud_filter ); rc = ARG_BAD_CONF; goto done; } AC_MEMCPY( &ap.lud->lud_filter[0], &ap.lud->lud_filter[1], len - 2 ); ap.lud->lud_filter[len - 2] = '\0'; } ber_str2bv( c->argv[3], 0, 1, &ap.val ); } else if ( strcasecmp( c->argv[2], SET_STR ) == 0 ) { ap.set = 1; ber_str2bv( c->argv[3], 0, 1, &ap.val ); } else { snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s %s: Unknown constraint type: %s", c->argv[0], c->argv[1], c->argv[2] ); rc = ARG_BAD_CONF; goto done; } if ( c->argc > 4 ) { int argidx; for ( argidx = 4; argidx < c->argc; argidx++ ) { if ( strncasecmp( c->argv[argidx], "restrict=", STRLENOF("restrict=") ) == 0 ) { int err; char *arg = c->argv[argidx] + STRLENOF("restrict="); err = ldap_url_parse(arg, &ap.restrict_lud); if ( err != LDAP_URL_SUCCESS ) { snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s %s: Invalid restrict URI \"%s\"", c->argv[0], c->argv[1], arg); rc = ARG_BAD_CONF; goto done; } if (ap.restrict_lud->lud_host != NULL) { snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s %s: unsupported hostname in restrict URI \"%s\"", c->argv[0], c->argv[1], arg); rc = ARG_BAD_CONF; goto done; } if ( ap.restrict_lud->lud_attrs != NULL ) { if ( ap.restrict_lud->lud_attrs[0] != '\0' ) { snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s %s: attrs not allowed in restrict URI %s\n", c->argv[0], c->argv[1], arg); rc = ARG_BAD_CONF; goto done; } ldap_memvfree((void *)ap.restrict_lud->lud_attrs); ap.restrict_lud->lud_attrs = NULL; } if (ap.restrict_lud->lud_dn != NULL) { if (ap.restrict_lud->lud_dn[0] == '\0') { ldap_memfree(ap.restrict_lud->lud_dn); ap.restrict_lud->lud_dn = NULL; } else { struct berval dn, ndn; int j; ber_str2bv(ap.restrict_lud->lud_dn, 0, 0, &dn); if (dnNormalize(0, NULL, NULL, &dn, &ndn, NULL)) { /* cleanup */ snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s %s: restrict URI %s DN normalization failed", c->argv[0], c->argv[1], arg ); rc = ARG_BAD_CONF; goto done; } assert(c->be != NULL); if (c->be->be_nsuffix == NULL) { snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s %s: restrict URI requires suffix", c->argv[0], c->argv[1] ); rc = ARG_BAD_CONF; goto done; } for ( j = 0; !BER_BVISNULL(&c->be->be_nsuffix[j]); j++) { if (dnIsSuffix(&ndn, &c->be->be_nsuffix[j])) break; } if (BER_BVISNULL(&c->be->be_nsuffix[j])) { /* error */ snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s %s: restrict URI DN %s not within database naming context(s)", c->argv[0], c->argv[1], dn.bv_val ); rc = ARG_BAD_CONF; goto done; } ap.restrict_ndn = ndn; } } if (ap.restrict_lud->lud_filter != NULL) { ap.restrict_filter = str2filter(ap.restrict_lud->lud_filter); if (ap.restrict_filter == NULL) { /* error */ snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s %s: restrict URI filter %s invalid", c->argv[0], c->argv[1], ap.restrict_lud->lud_filter ); rc = ARG_BAD_CONF; goto done; } } ber_str2bv(c->argv[argidx], 0, 1, &ap.restrict_val); } else { /* cleanup */ snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s %s: unrecognized arg #%d (%s)", c->argv[0], c->argv[1], argidx, c->argv[argidx] ); rc = ARG_BAD_CONF; goto done; } } } done:; if ( rc == LDAP_SUCCESS ) { constraint *a2 = ch_calloc( sizeof(constraint), 1 ); a2->ap_next = on->on_bi.bi_private; a2->ap = ap.ap; a2->re = ap.re; a2->val = ap.val; a2->lud = ap.lud; a2->set = ap.set; a2->size = ap.size; a2->count = ap.count; if ( a2->lud ) { ber_str2bv(a2->lud->lud_dn, 0, 0, &a2->dn); ber_str2bv(a2->lud->lud_filter, 0, 0, &a2->filter); } a2->attrs = ap.attrs; a2->restrict_lud = ap.restrict_lud; a2->restrict_ndn = ap.restrict_ndn; a2->restrict_filter = ap.restrict_filter; a2->restrict_val = ap.restrict_val; on->on_bi.bi_private = a2; } else { Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n", c->log, c->cr_msg, 0 ); constraint_free( &ap, 0 ); } ldap_memvfree((void**)attrs); } break; default: abort(); break; } break; default: abort(); } return rc; }
static int collect_cf( ConfigArgs *c ) { slap_overinst *on = (slap_overinst *)c->bi; int rc = 1, idx; switch( c->op ) { case SLAP_CONFIG_EMIT: { collect_info *ci; for ( ci = on->on_bi.bi_private; ci; ci = ci->ci_next ) { struct berval bv; char *ptr; int len; /* calculate the length & malloc memory */ bv.bv_len = ci->ci_dn.bv_len + STRLENOF("\"\" "); for (idx=0; idx<ci->ci_ad_num; idx++) { bv.bv_len += ci->ci_ad[idx]->ad_cname.bv_len; if (idx<(ci->ci_ad_num-1)) { bv.bv_len++; } } bv.bv_val = ch_malloc( bv.bv_len + 1 ); /* copy the value and update len */ len = snprintf( bv.bv_val, bv.bv_len + 1, "\"%s\" ", ci->ci_dn.bv_val); ptr = bv.bv_val + len; for (idx=0; idx<ci->ci_ad_num; idx++) { ptr = lutil_strncopy( ptr, ci->ci_ad[idx]->ad_cname.bv_val, ci->ci_ad[idx]->ad_cname.bv_len); if (idx<(ci->ci_ad_num-1)) { *ptr++ = ','; } } *ptr = '\0'; bv.bv_len = ptr - bv.bv_val; ber_bvarray_add( &c->rvalue_vals, &bv ); rc = 0; } } break; case LDAP_MOD_DELETE: if ( c->valx == -1 ) { /* Delete entire attribute */ collect_info *ci; while (( ci = on->on_bi.bi_private )) { on->on_bi.bi_private = ci->ci_next; ch_free( ci->ci_dn.bv_val ); ch_free( ci ); } } else { /* Delete just one value */ collect_info **cip, *ci; int i; cip = (collect_info **)&on->on_bi.bi_private; ci = *cip; for ( i=0; i < c->valx; i++ ) { cip = &ci->ci_next; ci = *cip; } *cip = ci->ci_next; ch_free( ci->ci_dn.bv_val ); ch_free( ci ); } rc = 0; break; case SLAP_CONFIG_ADD: case LDAP_MOD_ADD: { collect_info *ci; struct berval bv, dn; const char *text; int idx, count=0; char *arg; /* count delimiters in attribute argument */ arg = strtok(c->argv[2], ","); while (arg!=NULL) { count++; arg = strtok(NULL, ","); } /* validate and normalize dn */ ber_str2bv( c->argv[1], 0, 0, &bv ); if ( dnNormalize( 0, NULL, NULL, &bv, &dn, NULL ) ) { snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s invalid DN: \"%s\"", c->argv[0], c->argv[1] ); Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n", c->log, c->cr_msg, 0 ); return ARG_BAD_CONF; } /* check for duplicate DNs */ for ( ci = (collect_info *)on->on_bi.bi_private; ci; ci = ci->ci_next ) { /* If new DN is longest, there are no possible matches */ if ( dn.bv_len > ci->ci_dn.bv_len ) { ci = NULL; break; } if ( bvmatch( &dn, &ci->ci_dn )) { break; } } if ( ci ) { snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s DN already configured: \"%s\"", c->argv[0], c->argv[1] ); Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n", c->log, c->cr_msg, 0 ); return ARG_BAD_CONF; } /* allocate config info with room for attribute array */ ci = ch_malloc( sizeof( collect_info ) + sizeof( AttributeDescription * ) * count ); /* load attribute description for attribute list */ arg = c->argv[2]; for( idx=0; idx<count; idx++) { ci->ci_ad[idx] = NULL; if ( slap_str2ad( arg, &ci->ci_ad[idx], &text ) ) { snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s attribute description unknown: \"%s\"", c->argv[0], arg); Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n", c->log, c->cr_msg, 0 ); ch_free( ci ); return ARG_BAD_CONF; } while(*arg!='\0') { arg++; /* skip to end of argument */ } if (idx<count-1) { arg++; /* skip inner delimiters */ } } /* The on->on_bi.bi_private pointer can be used for * anything this instance of the overlay needs. */ ci->ci_ad[count] = NULL; ci->ci_ad_num = count; ci->ci_dn = dn; /* creates list of ci's ordered by dn length */ insert_ordered ( on, ci ); /* New ci wasn't simply appended to end, adjust its * position in the config entry's a_vals */ if ( c->ca_entry && ci->ci_next ) { Attribute *a = attr_find( c->ca_entry->e_attrs, collectcfg[0].ad ); if ( a ) { struct berval bv, nbv; collect_info *c2 = (collect_info *)on->on_bi.bi_private; int i, j; for ( i=0; c2 != ci; i++, c2 = c2->ci_next ); bv = a->a_vals[a->a_numvals-1]; nbv = a->a_nvals[a->a_numvals-1]; for ( j=a->a_numvals-1; j>i; j-- ) { a->a_vals[j] = a->a_vals[j-1]; a->a_nvals[j] = a->a_nvals[j-1]; } a->a_vals[j] = bv; a->a_nvals[j] = nbv; } } rc = 0; } } return rc; }
static int constraint_violation( constraint *c, struct berval *bv, Operation *op, SlapReply *rs) { if ((!c) || (!bv)) return LDAP_SUCCESS; if ((c->re) && (regexec(c->re, bv->bv_val, 0, NULL, 0) == REG_NOMATCH)) return LDAP_CONSTRAINT_VIOLATION; /* regular expression violation */ if ((c->size) && (bv->bv_len > c->size)) return LDAP_CONSTRAINT_VIOLATION; /* size violation */ if (c->lud) { Operation nop = *op; slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; slap_callback cb; SlapReply nrs = { REP_RESULT }; int i; int found; int rc; size_t len; struct berval filterstr; char *ptr; found = 0; nrs.sr_entry = NULL; nrs.sr_nentries = 0; cb.sc_next = NULL; cb.sc_response = constraint_uri_cb; cb.sc_cleanup = NULL; cb.sc_private = &found; nop.o_protocol = LDAP_VERSION3; nop.o_tag = LDAP_REQ_SEARCH; nop.o_time = slap_get_time(); if (c->lud->lud_dn) { struct berval dn; ber_str2bv(c->lud->lud_dn, 0, 0, &dn); nop.o_req_dn = dn; nop.o_req_ndn = dn; nop.o_bd = select_backend(&nop.o_req_ndn, 1 ); if (!nop.o_bd) { return LDAP_NO_SUCH_OBJECT; /* unexpected error */ } if (!nop.o_bd->be_search) { return LDAP_OTHER; /* unexpected error */ } } else { nop.o_req_dn = nop.o_bd->be_nsuffix[0]; nop.o_req_ndn = nop.o_bd->be_nsuffix[0]; nop.o_bd = on->on_info->oi_origdb; } nop.o_do_not_cache = 1; nop.o_callback = &cb; nop.ors_scope = c->lud->lud_scope; nop.ors_deref = LDAP_DEREF_NEVER; nop.ors_slimit = SLAP_NO_LIMIT; nop.ors_tlimit = SLAP_NO_LIMIT; nop.ors_limit = NULL; nop.ors_attrsonly = 0; nop.ors_attrs = slap_anlist_no_attrs; len = STRLENOF("(&(") + c->filter.bv_len + STRLENOF(")(|"); for (i = 0; c->attrs[i]; i++) { len += STRLENOF("(") + c->attrs[i]->ad_cname.bv_len + STRLENOF("=") + bv->bv_len + STRLENOF(")"); } len += STRLENOF("))"); filterstr.bv_len = len; filterstr.bv_val = op->o_tmpalloc(len + 1, op->o_tmpmemctx); ptr = filterstr.bv_val + snprintf(filterstr.bv_val, len, "(&(%s)(|", c->lud->lud_filter); for (i = 0; c->attrs[i]; i++) { *ptr++ = '('; ptr = lutil_strcopy( ptr, c->attrs[i]->ad_cname.bv_val ); *ptr++ = '='; ptr = lutil_strcopy( ptr, bv->bv_val ); *ptr++ = ')'; } *ptr++ = ')'; *ptr++ = ')'; *ptr++ = '\0'; nop.ors_filterstr = filterstr; nop.ors_filter = str2filter_x(&nop, filterstr.bv_val); if ( nop.ors_filter == NULL ) { Debug( LDAP_DEBUG_ANY, "%s constraint_violation uri filter=\"%s\" invalid\n", op->o_log_prefix, filterstr.bv_val, 0 ); rc = LDAP_OTHER; } else { Debug(LDAP_DEBUG_TRACE, "==> constraint_violation uri filter = %s\n", filterstr.bv_val, 0, 0); rc = nop.o_bd->be_search( &nop, &nrs ); Debug(LDAP_DEBUG_TRACE, "==> constraint_violation uri rc = %d, found = %d\n", rc, found, 0); } op->o_tmpfree(filterstr.bv_val, op->o_tmpmemctx); if ((rc != LDAP_SUCCESS) && (rc != LDAP_NO_SUCH_OBJECT)) { return rc; /* unexpected error */ } if (!found) return LDAP_CONSTRAINT_VIOLATION; /* constraint violation */ } return LDAP_SUCCESS; }
static void readhdr(void) { char *ptr; while (fgets(dbuf.mv_data, dbuf.mv_size, stdin) != NULL) { lineno++; if (!strncmp(dbuf.mv_data, "VERSION=", STRLENOF("VERSION="))) { version=atoi((char *)dbuf.mv_data+STRLENOF("VERSION=")); if (version > 3) { fprintf(stderr, "%s: line %" Z "d: unsupported VERSION %d\n", prog, lineno, version); exit(EXIT_FAILURE); } } else if (!strncmp(dbuf.mv_data, "HEADER=END", STRLENOF("HEADER=END"))) { break; } else if (!strncmp(dbuf.mv_data, "format=", STRLENOF("format="))) { if (!strncmp((char *)dbuf.mv_data+STRLENOF("FORMAT="), "print", STRLENOF("print"))) mode |= PRINT; else if (strncmp((char *)dbuf.mv_data+STRLENOF("FORMAT="), "bytevalue", STRLENOF("bytevalue"))) { fprintf(stderr, "%s: line %" Z "d: unsupported FORMAT %s\n", prog, lineno, (char *)dbuf.mv_data+STRLENOF("FORMAT=")); exit(EXIT_FAILURE); } } else if (!strncmp(dbuf.mv_data, "database=", STRLENOF("database="))) { ptr = memchr(dbuf.mv_data, '\n', dbuf.mv_size); if (ptr) *ptr = '\0'; if (subname) free(subname); subname = strdup((char *)dbuf.mv_data+STRLENOF("database=")); } else if (!strncmp(dbuf.mv_data, "type=", STRLENOF("type="))) { if (strncmp((char *)dbuf.mv_data+STRLENOF("type="), "btree", STRLENOF("btree"))) { fprintf(stderr, "%s: line %" Z "d: unsupported type %s\n", prog, lineno, (char *)dbuf.mv_data+STRLENOF("type=")); exit(EXIT_FAILURE); } } else if (!strncmp(dbuf.mv_data, "mapaddr=", STRLENOF("mapaddr="))) { int i; ptr = memchr(dbuf.mv_data, '\n', dbuf.mv_size); if (ptr) *ptr = '\0'; i = sscanf((char *)dbuf.mv_data+STRLENOF("mapaddr="), "%p", &info.me_mapaddr); if (i != 1) { fprintf(stderr, "%s: line %" Z "d: invalid mapaddr %s\n", prog, lineno, (char *)dbuf.mv_data+STRLENOF("mapaddr=")); exit(EXIT_FAILURE); } } else if (!strncmp(dbuf.mv_data, "mapsize=", STRLENOF("mapsize="))) { int i; ptr = memchr(dbuf.mv_data, '\n', dbuf.mv_size); if (ptr) *ptr = '\0'; i = sscanf((char *)dbuf.mv_data+STRLENOF("mapsize="), "%" Z "u", &info.me_mapsize); if (i != 1) { fprintf(stderr, "%s: line %" Z "d: invalid mapsize %s\n", prog, lineno, (char *)dbuf.mv_data+STRLENOF("mapsize=")); exit(EXIT_FAILURE); } } else if (!strncmp(dbuf.mv_data, "maxreaders=", STRLENOF("maxreaders="))) { int i; ptr = memchr(dbuf.mv_data, '\n', dbuf.mv_size); if (ptr) *ptr = '\0'; i = sscanf((char *)dbuf.mv_data+STRLENOF("maxreaders="), "%u", &info.me_maxreaders); if (i != 1) { fprintf(stderr, "%s: line %" Z "d: invalid maxreaders %s\n", prog, lineno, (char *)dbuf.mv_data+STRLENOF("maxreaders=")); exit(EXIT_FAILURE); } } else { int i; for (i=0; dbflags[i].bit; i++) { if (!strncmp(dbuf.mv_data, dbflags[i].name, dbflags[i].len) && ((char *)dbuf.mv_data)[dbflags[i].len] == '=') { flags |= dbflags[i].bit; break; } } if (!dbflags[i].bit) { ptr = memchr(dbuf.mv_data, '=', dbuf.mv_size); if (!ptr) { fprintf(stderr, "%s: line %" Z "d: unexpected format\n", prog, lineno); exit(EXIT_FAILURE); } else { *ptr = '\0'; fprintf(stderr, "%s: line %" Z "d: unrecognized keyword ignored: %s\n", prog, lineno, (char *)dbuf.mv_data); } } } } }
/* * returns 1 if suffix is candidate for dn, otherwise 0 * * Note: this function should never be called if dn is the <suffix>. */ int meta_back_is_candidate( metatarget_t *mt, struct berval *ndn, int scope ) { struct berval rdn; int d = ndn->bv_len - mt->mt_nsuffix.bv_len; if ( d >= 0 ) { if ( !dnIsSuffix( ndn, &mt->mt_nsuffix ) ) { return META_NOT_CANDIDATE; } /* * | match | exclude | * +---------+---------+-------------------+ * | T | T | not candidate | * | F | T | continue checking | * +---------+---------+-------------------+ * | T | F | candidate | * | F | F | not candidate | * +---------+---------+-------------------+ */ if ( mt->mt_subtree ) { int match = ( meta_subtree_match( mt, ndn, scope ) != NULL ); if ( !mt->mt_subtree_exclude ) { return match ? META_CANDIDATE : META_NOT_CANDIDATE; } if ( match /* && mt->mt_subtree_exclude */ ) { return META_NOT_CANDIDATE; } } switch ( mt->mt_scope ) { case LDAP_SCOPE_SUBTREE: default: return META_CANDIDATE; case LDAP_SCOPE_SUBORDINATE: if ( d > 0 ) { return META_CANDIDATE; } break; /* nearly useless; not allowed by config */ case LDAP_SCOPE_ONELEVEL: if ( d > 0 ) { rdn.bv_val = ndn->bv_val; rdn.bv_len = (ber_len_t)d - STRLENOF( "," ); if ( dnIsOneLevelRDN( &rdn ) ) { return META_CANDIDATE; } } break; /* nearly useless; not allowed by config */ case LDAP_SCOPE_BASE: if ( d == 0 ) { return META_CANDIDATE; } break; } } else /* if ( d < 0 ) */ { if ( !dnIsSuffix( &mt->mt_nsuffix, ndn ) ) { return META_NOT_CANDIDATE; } switch ( scope ) { case LDAP_SCOPE_SUBTREE: case LDAP_SCOPE_SUBORDINATE: /* * suffix longer than dn, but common part matches */ return META_CANDIDATE; case LDAP_SCOPE_ONELEVEL: rdn.bv_val = mt->mt_nsuffix.bv_val; rdn.bv_len = (ber_len_t)(-d) - STRLENOF( "," ); if ( dnIsOneLevelRDN( &rdn ) ) { return META_CANDIDATE; } break; } } return META_NOT_CANDIDATE; }
static int ldap_back_int_filter_map_rewrite( dncookie *dc, Filter *f, struct berval *fstr, int remap, void *memctx ) { int i; Filter *p; struct berval atmp, vtmp, *tmp; static struct berval /* better than nothing... */ ber_bvfalse = BER_BVC( "(!(objectClass=*))" ), ber_bvtf_false = BER_BVC( "(|)" ), /* better than nothing... */ ber_bvtrue = BER_BVC( "(objectClass=*)" ), ber_bvtf_true = BER_BVC( "(&)" ), #if 0 /* no longer needed; preserved for completeness */ ber_bvundefined = BER_BVC( "(?=undefined)" ), #endif ber_bverror = BER_BVC( "(?=error)" ), ber_bvunknown = BER_BVC( "(?=unknown)" ), ber_bvnone = BER_BVC( "(?=none)" ); ber_len_t len; assert( fstr != NULL ); BER_BVZERO( fstr ); if ( f == NULL ) { ber_dupbv_x( fstr, &ber_bvnone, memctx ); return LDAP_OTHER; } switch ( ( f->f_choice & SLAPD_FILTER_MASK ) ) { case LDAP_FILTER_EQUALITY: if ( map_attr_value( dc, f->f_av_desc, &atmp, &f->f_av_value, &vtmp, remap, memctx ) ) { goto computed; } fstr->bv_len = atmp.bv_len + vtmp.bv_len + ( sizeof("(=)") - 1 ); fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx ); snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)", atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" ); ber_memfree_x( vtmp.bv_val, memctx ); break; case LDAP_FILTER_GE: if ( map_attr_value( dc, f->f_av_desc, &atmp, &f->f_av_value, &vtmp, remap, memctx ) ) { goto computed; } fstr->bv_len = atmp.bv_len + vtmp.bv_len + ( sizeof("(>=)") - 1 ); fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx ); snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)", atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" ); ber_memfree_x( vtmp.bv_val, memctx ); break; case LDAP_FILTER_LE: if ( map_attr_value( dc, f->f_av_desc, &atmp, &f->f_av_value, &vtmp, remap, memctx ) ) { goto computed; } fstr->bv_len = atmp.bv_len + vtmp.bv_len + ( sizeof("(<=)") - 1 ); fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx ); snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)", atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" ); ber_memfree_x( vtmp.bv_val, memctx ); break; case LDAP_FILTER_APPROX: if ( map_attr_value( dc, f->f_av_desc, &atmp, &f->f_av_value, &vtmp, remap, memctx ) ) { goto computed; } fstr->bv_len = atmp.bv_len + vtmp.bv_len + ( sizeof("(~=)") - 1 ); fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx ); snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)", atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" ); ber_memfree_x( vtmp.bv_val, memctx ); break; case LDAP_FILTER_SUBSTRINGS: if ( map_attr_value( dc, f->f_sub_desc, &atmp, NULL, NULL, remap, memctx ) ) { goto computed; } /* cannot be a DN ... */ fstr->bv_len = atmp.bv_len + ( STRLENOF( "(=*)" ) ); fstr->bv_val = ber_memalloc_x( fstr->bv_len + 128, memctx ); /* FIXME: why 128 ? */ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)", atmp.bv_val ); if ( !BER_BVISNULL( &f->f_sub_initial ) ) { len = fstr->bv_len; filter_escape_value_x( &f->f_sub_initial, &vtmp, memctx ); fstr->bv_len += vtmp.bv_len; fstr->bv_val = ber_memrealloc_x( fstr->bv_val, fstr->bv_len + 1, memctx ); snprintf( &fstr->bv_val[len - 2], vtmp.bv_len + 3, /* "(attr=" */ "%s*)", vtmp.bv_len ? vtmp.bv_val : "" ); ber_memfree_x( vtmp.bv_val, memctx ); } if ( f->f_sub_any != NULL ) { for ( i = 0; !BER_BVISNULL( &f->f_sub_any[i] ); i++ ) { len = fstr->bv_len; filter_escape_value_x( &f->f_sub_any[i], &vtmp, memctx ); fstr->bv_len += vtmp.bv_len + 1; fstr->bv_val = ber_memrealloc_x( fstr->bv_val, fstr->bv_len + 1, memctx ); snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3, /* "(attr=[init]*[any*]" */ "%s*)", vtmp.bv_len ? vtmp.bv_val : "" ); ber_memfree_x( vtmp.bv_val, memctx ); } } if ( !BER_BVISNULL( &f->f_sub_final ) ) { len = fstr->bv_len; filter_escape_value_x( &f->f_sub_final, &vtmp, memctx ); fstr->bv_len += vtmp.bv_len; fstr->bv_val = ber_memrealloc_x( fstr->bv_val, fstr->bv_len + 1, memctx ); snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3, /* "(attr=[init*][any*]" */ "%s)", vtmp.bv_len ? vtmp.bv_val : "" ); ber_memfree_x( vtmp.bv_val, memctx ); } break; case LDAP_FILTER_PRESENT: if ( map_attr_value( dc, f->f_desc, &atmp, NULL, NULL, remap, memctx ) ) { goto computed; } fstr->bv_len = atmp.bv_len + ( STRLENOF( "(=*)" ) ); fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx ); snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)", atmp.bv_val ); break; case LDAP_FILTER_AND: case LDAP_FILTER_OR: case LDAP_FILTER_NOT: fstr->bv_len = STRLENOF( "(%)" ); fstr->bv_val = ber_memalloc_x( fstr->bv_len + 128, memctx ); /* FIXME: why 128? */ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%c)", f->f_choice == LDAP_FILTER_AND ? '&' : f->f_choice == LDAP_FILTER_OR ? '|' : '!' ); for ( p = f->f_list; p != NULL; p = p->f_next ) { int rc; len = fstr->bv_len; rc = ldap_back_int_filter_map_rewrite( dc, p, &vtmp, remap, memctx ); if ( rc != LDAP_SUCCESS ) { return rc; } fstr->bv_len += vtmp.bv_len; fstr->bv_val = ber_memrealloc_x( fstr->bv_val, fstr->bv_len + 1, memctx ); snprintf( &fstr->bv_val[len-1], vtmp.bv_len + 2, /*"("*/ "%s)", vtmp.bv_len ? vtmp.bv_val : "" ); ber_memfree_x( vtmp.bv_val, memctx ); } break; case LDAP_FILTER_EXT: if ( f->f_mr_desc ) { if ( map_attr_value( dc, f->f_mr_desc, &atmp, &f->f_mr_value, &vtmp, remap, memctx ) ) { goto computed; } } else { BER_BVSTR( &atmp, "" ); filter_escape_value_x( &f->f_mr_value, &vtmp, memctx ); } /* FIXME: cleanup (less ?: operators...) */ fstr->bv_len = atmp.bv_len + ( f->f_mr_dnattrs ? STRLENOF( ":dn" ) : 0 ) + ( !BER_BVISEMPTY( &f->f_mr_rule_text ) ? f->f_mr_rule_text.bv_len + 1 : 0 ) + vtmp.bv_len + ( STRLENOF( "(:=)" ) ); fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx ); snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)", atmp.bv_val, f->f_mr_dnattrs ? ":dn" : "", !BER_BVISEMPTY( &f->f_mr_rule_text ) ? ":" : "", !BER_BVISEMPTY( &f->f_mr_rule_text ) ? f->f_mr_rule_text.bv_val : "", vtmp.bv_len ? vtmp.bv_val : "" ); ber_memfree_x( vtmp.bv_val, memctx ); break; case SLAPD_FILTER_COMPUTED: switch ( f->f_result ) { /* FIXME: treat UNDEFINED as FALSE */ case SLAPD_COMPARE_UNDEFINED: computed:; if ( META_BACK_TGT_NOUNDEFFILTER( dc->target ) ) { return LDAP_COMPARE_FALSE; } /* fallthru */ case LDAP_COMPARE_FALSE: if ( META_BACK_TGT_T_F( dc->target ) ) { tmp = &ber_bvtf_false; break; } tmp = &ber_bvfalse; break; case LDAP_COMPARE_TRUE: if ( META_BACK_TGT_T_F( dc->target ) ) { tmp = &ber_bvtf_true; break; } tmp = &ber_bvtrue; break; default: tmp = &ber_bverror; break; } ber_dupbv_x( fstr, tmp, memctx ); break; default: ber_dupbv_x( fstr, &ber_bvunknown, memctx ); break; } return 0; }
static int allop_op_search( Operation *op, SlapReply *rs ) { slap_overinst *on = (slap_overinst *)op->o_bd->bd_info; allop_t *ao = (allop_t *)on->on_bi.bi_private; slap_mask_t mask; int i, add_allUser = 0; if ( ao == NULL ) { if ( !BER_BVISEMPTY( &op->o_req_ndn ) || op->ors_scope != LDAP_SCOPE_BASE ) { return SLAP_CB_CONTINUE; } } else { if ( !dnIsSuffix( &op->o_req_ndn, &ao->ao_ndn ) ) { return SLAP_CB_CONTINUE; } switch ( ao->ao_scope ) { case LDAP_SCOPE_BASE: if ( op->o_req_ndn.bv_len != ao->ao_ndn.bv_len ) { return SLAP_CB_CONTINUE; } break; case LDAP_SCOPE_ONELEVEL: if ( op->ors_scope == LDAP_SCOPE_BASE ) { struct berval rdn = op->o_req_ndn; rdn.bv_len -= ao->ao_ndn.bv_len + STRLENOF( "," ); if ( !dnIsOneLevelRDN( &rdn ) ) { return SLAP_CB_CONTINUE; } break; } return SLAP_CB_CONTINUE; case LDAP_SCOPE_SUBTREE: break; } } mask = slap_attr_flags( op->ors_attrs ); if ( SLAP_OPATTRS( mask ) ) { return SLAP_CB_CONTINUE; } if ( !SLAP_USERATTRS( mask ) ) { return SLAP_CB_CONTINUE; } i = 0; if ( op->ors_attrs == NULL ) { add_allUser = 1; } else { for ( ; !BER_BVISNULL( &op->ors_attrs[ i ].an_name ); i++ ) ; } op->ors_attrs = op->o_tmprealloc( op->ors_attrs, sizeof( AttributeName ) * ( i + add_allUser + 2 ), op->o_tmpmemctx ); if ( add_allUser ) { op->ors_attrs[ i ] = slap_anlist_all_user_attributes[ 0 ]; i++; } op->ors_attrs[ i ] = slap_anlist_all_operational_attributes[ 0 ]; BER_BVZERO( &op->ors_attrs[ i + 1 ].an_name ); return SLAP_CB_CONTINUE; }
BerElement * ldap_build_search_req( LDAP *ld, LDAP_CONST char *base, ber_int_t scope, LDAP_CONST char *filter, char **attrs, ber_int_t attrsonly, LDAPControl **sctrls, LDAPControl **cctrls, ber_int_t timelimit, ber_int_t sizelimit, ber_int_t deref, ber_int_t *idp) { BerElement *ber; int err; /* * Create the search request. It looks like this: * SearchRequest := [APPLICATION 3] SEQUENCE { * baseObject DistinguishedName, * scope ENUMERATED { * baseObject (0), * singleLevel (1), * wholeSubtree (2) * }, * derefAliases ENUMERATED { * neverDerefaliases (0), * derefInSearching (1), * derefFindingBaseObj (2), * alwaysDerefAliases (3) * }, * sizelimit INTEGER (0 .. 65535), * timelimit INTEGER (0 .. 65535), * attrsOnly BOOLEAN, * filter Filter, * attributes SEQUENCE OF AttributeType * } * wrapped in an ldap message. */ /* create a message to send */ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) { return( NULL ); } if ( base == NULL ) { /* no base provided, use session default base */ base = ld->ld_options.ldo_defbase; if ( base == NULL ) { /* no session default base, use top */ base = ""; } } LDAP_NEXT_MSGID( ld, *idp ); #ifdef LDAP_CONNECTIONLESS if ( LDAP_IS_UDP(ld) ) { struct sockaddr_storage sa = {0}; /* dummy, filled with ldo_peer in request.c */ err = ber_write( ber, (char *) &sa, sizeof( sa ), 0 ); } if ( LDAP_IS_UDP(ld) && ld->ld_options.ldo_version == LDAP_VERSION2) { char *dn = ld->ld_options.ldo_cldapdn; if (!dn) dn = ""; err = ber_printf( ber, "{ist{seeiib", *idp, dn, LDAP_REQ_SEARCH, base, (ber_int_t) scope, (deref < 0) ? ld->ld_deref : deref, (sizelimit < 0) ? ld->ld_sizelimit : sizelimit, (timelimit < 0) ? ld->ld_timelimit : timelimit, attrsonly ); } else #endif { err = ber_printf( ber, "{it{seeiib", *idp, LDAP_REQ_SEARCH, base, (ber_int_t) scope, (deref < 0) ? ld->ld_deref : deref, (sizelimit < 0) ? ld->ld_sizelimit : sizelimit, (timelimit < 0) ? ld->ld_timelimit : timelimit, attrsonly ); } if ( err == -1 ) { ld->ld_errno = LDAP_ENCODING_ERROR; ber_free( ber, 1 ); return( NULL ); } if( filter == NULL ) { filter = "(objectclass=*)"; } err = ldap_pvt_put_filter( ber, filter ); if ( err == -1 ) { ld->ld_errno = LDAP_FILTER_ERROR; ber_free( ber, 1 ); return( NULL ); } #ifdef LDAP_DEBUG if ( ldap_debug & LDAP_DEBUG_ARGS ) { char buf[ BUFSIZ ], *ptr = " *"; if ( attrs != NULL ) { int i, len, rest = sizeof( buf ); for ( i = 0; attrs[ i ] != NULL && rest > 0; i++ ) { ptr = &buf[ sizeof( buf ) - rest ]; len = snprintf( ptr, rest, " %s", attrs[ i ] ); rest -= (len >= 0 ? len : (int) sizeof( buf )); } if ( rest <= 0 ) { AC_MEMCPY( &buf[ sizeof( buf ) - STRLENOF( "...(truncated)" ) - 1 ], "...(truncated)", STRLENOF( "...(truncated)" ) + 1 ); } ptr = buf; } Debug( LDAP_DEBUG_ARGS, "ldap_build_search_req ATTRS:%s\n", ptr, 0,0 ); } #endif /* LDAP_DEBUG */ if ( ber_printf( ber, /*{*/ "{v}N}", attrs ) == -1 ) { ld->ld_errno = LDAP_ENCODING_ERROR; ber_free( ber, 1 ); return( NULL ); } /* Put Server Controls */ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) { ber_free( ber, 1 ); return( NULL ); } if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) { ld->ld_errno = LDAP_ENCODING_ERROR; ber_free( ber, 1 ); return( NULL ); } return( ber ); }
static int readline(MDBX_val *out, MDBX_val *buf) { unsigned char *c1, *c2, *end; size_t len, l2; int c; if (!(mode & NOHDR)) { c = fgetc(stdin); if (c == EOF) { Eof = 1; return EOF; } if (c != ' ') { lineno++; if (fgets(buf->iov_base, (int)buf->iov_len, stdin) == NULL) { badend: Eof = 1; badend(); return EOF; } if (c == 'D' && !strncmp(buf->iov_base, "ATA=END", STRLENOF("ATA=END"))) return EOF; goto badend; } } if (fgets(buf->iov_base, (int)buf->iov_len, stdin) == NULL) { Eof = 1; return EOF; } lineno++; c1 = buf->iov_base; len = strlen((char *)c1); l2 = len; /* Is buffer too short? */ while (c1[len - 1] != '\n') { buf->iov_base = mdbx_realloc(buf->iov_base, buf->iov_len * 2); if (!buf->iov_base) { Eof = 1; fprintf(stderr, "%s: line %" PRIiSIZE ": out of memory, line too long\n", prog, lineno); return EOF; } c1 = buf->iov_base; c1 += l2; if (fgets((char *)c1, (int)buf->iov_len + 1, stdin) == NULL) { Eof = 1; badend(); return EOF; } buf->iov_len *= 2; len = strlen((char *)c1); l2 += len; } c1 = c2 = buf->iov_base; len = l2; c1[--len] = '\0'; end = c1 + len; if (mode & PRINT) { while (c2 < end) { if (*c2 == '\\') { if (c2[1] == '\\') { c1++; c2 += 2; } else { if (c2 + 3 > end || !isxdigit(c2[1]) || !isxdigit(c2[2])) { Eof = 1; badend(); return EOF; } *c1++ = (char)unhex(++c2); c2 += 2; } } else { /* copies are redundant when no escapes were used */ *c1++ = *c2++; } } } else { /* odd length not allowed */ if (len & 1) { Eof = 1; badend(); return EOF; } while (c2 < end) { if (!isxdigit(*c2) || !isxdigit(c2[1])) { Eof = 1; badend(); return EOF; } *c1++ = (char)unhex(c2); c2 += 2; } } c2 = out->iov_base = buf->iov_base; out->iov_len = c1 - c2; return 0; }
int limits_parse_one( const char *arg, struct slap_limits_set *limit ) { assert( arg != NULL ); assert( limit != NULL ); if ( STRSTART( arg, "time" ) ) { arg += STRLENOF( "time" ); if ( arg[0] == '.' ) { arg++; if ( STRSTART( arg, "soft=" ) ) { arg += STRLENOF( "soft=" ); if ( strcasecmp( arg, "unlimited" ) == 0 || strcasecmp( arg, "none" ) == 0 ) { limit->lms_t_soft = -1; } else { int soft; if ( lutil_atoi( &soft, arg ) != 0 || soft < -1 ) { return( 1 ); } if ( soft == -1 ) { /* FIXME: use "unlimited" instead; issue warning? */ } limit->lms_t_soft = soft; } } else if ( STRSTART( arg, "hard=" ) ) { arg += STRLENOF( "hard=" ); if ( strcasecmp( arg, "soft" ) == 0 ) { limit->lms_t_hard = 0; } else if ( strcasecmp( arg, "unlimited" ) == 0 || strcasecmp( arg, "none" ) == 0 ) { limit->lms_t_hard = -1; } else { int hard; if ( lutil_atoi( &hard, arg ) != 0 || hard < -1 ) { return( 1 ); } if ( hard == -1 ) { /* FIXME: use "unlimited" instead */ } if ( hard == 0 ) { /* FIXME: use "soft" instead */ } limit->lms_t_hard = hard; } } else { return( 1 ); } } else if ( arg[0] == '=' ) { arg++; if ( strcasecmp( arg, "unlimited" ) == 0 || strcasecmp( arg, "none" ) == 0 ) { limit->lms_t_soft = -1; } else { if ( lutil_atoi( &limit->lms_t_soft, arg ) != 0 || limit->lms_t_soft < -1 ) { return( 1 ); } } limit->lms_t_hard = 0; } else { return( 1 ); } } else if ( STRSTART( arg, "size" ) ) { arg += STRLENOF( "size" ); if ( arg[0] == '.' ) { arg++; if ( STRSTART( arg, "soft=" ) ) { arg += STRLENOF( "soft=" ); if ( strcasecmp( arg, "unlimited" ) == 0 || strcasecmp( arg, "none" ) == 0 ) { limit->lms_s_soft = -1; } else { int soft; if ( lutil_atoi( &soft, arg ) != 0 || soft < -1 ) { return( 1 ); } if ( soft == -1 ) { /* FIXME: use "unlimited" instead */ } limit->lms_s_soft = soft; } } else if ( STRSTART( arg, "hard=" ) ) { arg += STRLENOF( "hard=" ); if ( strcasecmp( arg, "soft" ) == 0 ) { limit->lms_s_hard = 0; } else if ( strcasecmp( arg, "unlimited" ) == 0 || strcasecmp( arg, "none" ) == 0 ) { limit->lms_s_hard = -1; } else { int hard; if ( lutil_atoi( &hard, arg ) != 0 || hard < -1 ) { return( 1 ); } if ( hard == -1 ) { /* FIXME: use "unlimited" instead */ } if ( hard == 0 ) { /* FIXME: use "soft" instead */ } limit->lms_s_hard = hard; } } else if ( STRSTART( arg, "unchecked=" ) ) { arg += STRLENOF( "unchecked=" ); if ( strcasecmp( arg, "unlimited" ) == 0 || strcasecmp( arg, "none" ) == 0 ) { limit->lms_s_unchecked = -1; } else if ( strcasecmp( arg, "disabled" ) == 0 ) { limit->lms_s_unchecked = 0; } else { int unchecked; if ( lutil_atoi( &unchecked, arg ) != 0 || unchecked < -1 ) { return( 1 ); } if ( unchecked == -1 ) { /* FIXME: use "unlimited" instead */ } limit->lms_s_unchecked = unchecked; } } else if ( STRSTART( arg, "pr=" ) ) { arg += STRLENOF( "pr=" ); if ( strcasecmp( arg, "noEstimate" ) == 0 ) { limit->lms_s_pr_hide = 1; } else if ( strcasecmp( arg, "unlimited" ) == 0 || strcasecmp( arg, "none" ) == 0 ) { limit->lms_s_pr = -1; } else { int pr; if ( lutil_atoi( &pr, arg ) != 0 || pr < -1 ) { return( 1 ); } if ( pr == -1 ) { /* FIXME: use "unlimited" instead */ } limit->lms_s_pr = pr; } } else if ( STRSTART( arg, "prtotal=" ) ) { arg += STRLENOF( "prtotal=" ); if ( strcasecmp( arg, "unlimited" ) == 0 || strcasecmp( arg, "none" ) == 0 ) { limit->lms_s_pr_total = -1; } else if ( strcasecmp( arg, "disabled" ) == 0 ) { limit->lms_s_pr_total = -2; } else if ( strcasecmp( arg, "hard" ) == 0 ) { limit->lms_s_pr_total = 0; } else { int total; if ( lutil_atoi( &total, arg ) != 0 || total < -1 ) { return( 1 ); } if ( total == -1 ) { /* FIXME: use "unlimited" instead */ } if ( total == 0 ) { /* FIXME: use "pr=disable" instead */ } limit->lms_s_pr_total = total; } } else { return( 1 ); } } else if ( arg[0] == '=' ) { arg++; if ( strcasecmp( arg, "unlimited" ) == 0 || strcasecmp( arg, "none" ) == 0 ) { limit->lms_s_soft = -1; } else { if ( lutil_atoi( &limit->lms_s_soft, arg ) != 0 || limit->lms_s_soft < -1 ) { return( 1 ); } } limit->lms_s_hard = 0; } else { return( 1 ); } } return 0; }
static void readhdr(void) { char *ptr; dbi_flags = 0; while (fgets(dbuf.iov_base, (int)dbuf.iov_len, stdin) != NULL) { lineno++; if (!strncmp(dbuf.iov_base, "db_pagesize=", STRLENOF("db_pagesize=")) || !strncmp(dbuf.iov_base, "duplicates=", STRLENOF("duplicates="))) { /* LY: silently ignore information fields. */ continue; } else if (!strncmp(dbuf.iov_base, "VERSION=", STRLENOF("VERSION="))) { version = atoi((char *)dbuf.iov_base + STRLENOF("VERSION=")); if (version > 3) { fprintf(stderr, "%s: line %" PRIiSIZE ": unsupported VERSION %d\n", prog, lineno, version); exit(EXIT_FAILURE); } } else if (!strncmp(dbuf.iov_base, "HEADER=END", STRLENOF("HEADER=END"))) { break; } else if (!strncmp(dbuf.iov_base, "format=", STRLENOF("format="))) { if (!strncmp((char *)dbuf.iov_base + STRLENOF("FORMAT="), "print", STRLENOF("print"))) mode |= PRINT; else if (strncmp((char *)dbuf.iov_base + STRLENOF("FORMAT="), "bytevalue", STRLENOF("bytevalue"))) { fprintf(stderr, "%s: line %" PRIiSIZE ": unsupported FORMAT %s\n", prog, lineno, (char *)dbuf.iov_base + STRLENOF("FORMAT=")); exit(EXIT_FAILURE); } } else if (!strncmp(dbuf.iov_base, "database=", STRLENOF("database="))) { ptr = memchr(dbuf.iov_base, '\n', dbuf.iov_len); if (ptr) *ptr = '\0'; if (subname) mdbx_free(subname); subname = mdbx_strdup((char *)dbuf.iov_base + STRLENOF("database=")); } else if (!strncmp(dbuf.iov_base, "type=", STRLENOF("type="))) { if (strncmp((char *)dbuf.iov_base + STRLENOF("type="), "btree", STRLENOF("btree"))) { fprintf(stderr, "%s: line %" PRIiSIZE ": unsupported type %s\n", prog, lineno, (char *)dbuf.iov_base + STRLENOF("type=")); exit(EXIT_FAILURE); } } else if (!strncmp(dbuf.iov_base, "mapaddr=", STRLENOF("mapaddr="))) { int i; ptr = memchr(dbuf.iov_base, '\n', dbuf.iov_len); if (ptr) *ptr = '\0'; void *unused; i = sscanf((char *)dbuf.iov_base + STRLENOF("mapaddr="), "%p", &unused); if (i != 1) { fprintf(stderr, "%s: line %" PRIiSIZE ": invalid mapaddr %s\n", prog, lineno, (char *)dbuf.iov_base + STRLENOF("mapaddr=")); exit(EXIT_FAILURE); } } else if (!strncmp(dbuf.iov_base, "mapsize=", STRLENOF("mapsize="))) { int i; ptr = memchr(dbuf.iov_base, '\n', dbuf.iov_len); if (ptr) *ptr = '\0'; i = sscanf((char *)dbuf.iov_base + STRLENOF("mapsize="), "%" PRIu64, &envinfo.mi_mapsize); if (i != 1) { fprintf(stderr, "%s: line %" PRIiSIZE ": invalid mapsize %s\n", prog, lineno, (char *)dbuf.iov_base + STRLENOF("mapsize=")); exit(EXIT_FAILURE); } } else if (!strncmp(dbuf.iov_base, "maxreaders=", STRLENOF("maxreaders="))) { int i; ptr = memchr(dbuf.iov_base, '\n', dbuf.iov_len); if (ptr) *ptr = '\0'; i = sscanf((char *)dbuf.iov_base + STRLENOF("maxreaders="), "%u", &envinfo.mi_maxreaders); if (i != 1) { fprintf(stderr, "%s: line %" PRIiSIZE ": invalid maxreaders %s\n", prog, lineno, (char *)dbuf.iov_base + STRLENOF("maxreaders=")); exit(EXIT_FAILURE); } } else { int i; for (i = 0; dbflags[i].bit; i++) { if (!strncmp(dbuf.iov_base, dbflags[i].name, dbflags[i].len) && ((char *)dbuf.iov_base)[dbflags[i].len] == '=') { if (((char *)dbuf.iov_base)[dbflags[i].len + 1] == '1') dbi_flags |= dbflags[i].bit; break; } } if (!dbflags[i].bit) { ptr = memchr(dbuf.iov_base, '=', dbuf.iov_len); if (!ptr) { fprintf(stderr, "%s: line %" PRIiSIZE ": unexpected format\n", prog, lineno); exit(EXIT_FAILURE); } else { *ptr = '\0'; fprintf(stderr, "%s: line %" PRIiSIZE ": unrecognized keyword ignored: %s\n", prog, lineno, (char *)dbuf.iov_base); } } } } }
static int rwm_int_filter_map_rewrite( Operation *op, dncookie *dc, Filter *f, struct berval *fstr ) { int i; Filter *p; AttributeDescription *ad; struct berval atmp, vtmp, *tmp; static struct berval /* better than nothing... */ ber_bvfalse = BER_BVC( "(!(objectClass=*))" ), ber_bvtf_false = BER_BVC( "(|)" ), /* better than nothing... */ ber_bvtrue = BER_BVC( "(objectClass=*)" ), ber_bvtf_true = BER_BVC( "(&)" ), #if 0 /* no longer needed; preserved for completeness */ ber_bvundefined = BER_BVC( "(?=undefined)" ), #endif ber_bverror = BER_BVC( "(?=error)" ), ber_bvunknown = BER_BVC( "(?=unknown)" ), ber_bvnone = BER_BVC( "(?=none)" ); ber_len_t len; assert( fstr != NULL ); BER_BVZERO( fstr ); if ( f == NULL ) { ber_dupbv_x( fstr, &ber_bvnone, op->o_tmpmemctx ); return LDAP_OTHER; } #if 0 /* ITS#6814: give the caller a chance to use undefined filters */ if ( f->f_choice & SLAPD_FILTER_UNDEFINED ) { goto computed; } #endif switch ( f->f_choice & SLAPD_FILTER_MASK ) { case LDAP_FILTER_EQUALITY: ad = f->f_av_desc; if ( map_attr_value( dc, &ad, &atmp, &f->f_av_value, &vtmp, RWM_MAP, op->o_tmpmemctx ) ) { goto computed; } fstr->bv_len = atmp.bv_len + vtmp.bv_len + STRLENOF( "(=)" ); fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx ); snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)", atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" ); op->o_tmpfree( vtmp.bv_val, op->o_tmpmemctx ); break; case LDAP_FILTER_GE: ad = f->f_av_desc; if ( map_attr_value( dc, &ad, &atmp, &f->f_av_value, &vtmp, RWM_MAP, op->o_tmpmemctx ) ) { goto computed; } fstr->bv_len = atmp.bv_len + vtmp.bv_len + STRLENOF( "(>=)" ); fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx ); snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)", atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" ); op->o_tmpfree( vtmp.bv_val, op->o_tmpmemctx ); break; case LDAP_FILTER_LE: ad = f->f_av_desc; if ( map_attr_value( dc, &ad, &atmp, &f->f_av_value, &vtmp, RWM_MAP, op->o_tmpmemctx ) ) { goto computed; } fstr->bv_len = atmp.bv_len + vtmp.bv_len + STRLENOF( "(<=)" ); fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx ); snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)", atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" ); op->o_tmpfree( vtmp.bv_val, op->o_tmpmemctx ); break; case LDAP_FILTER_APPROX: ad = f->f_av_desc; if ( map_attr_value( dc, &ad, &atmp, &f->f_av_value, &vtmp, RWM_MAP, op->o_tmpmemctx ) ) { goto computed; } fstr->bv_len = atmp.bv_len + vtmp.bv_len + STRLENOF( "(~=)" ); fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx ); snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)", atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" ); op->o_tmpfree( vtmp.bv_val, op->o_tmpmemctx ); break; case LDAP_FILTER_SUBSTRINGS: ad = f->f_sub_desc; if ( map_attr_value( dc, &ad, &atmp, NULL, NULL, RWM_MAP, op->o_tmpmemctx ) ) { goto computed; } /* cannot be a DN ... */ fstr->bv_len = atmp.bv_len + STRLENOF( "(=*)" ); fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx ); snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)", atmp.bv_val ); if ( !BER_BVISNULL( &f->f_sub_initial ) ) { len = fstr->bv_len; filter_escape_value_x( &f->f_sub_initial, &vtmp, op->o_tmpmemctx ); fstr->bv_len += vtmp.bv_len; fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, op->o_tmpmemctx ); snprintf( &fstr->bv_val[len - 2], vtmp.bv_len + 3, /* "(attr=" */ "%s*)", vtmp.bv_len ? vtmp.bv_val : "" ); op->o_tmpfree( vtmp.bv_val, op->o_tmpmemctx ); } if ( f->f_sub_any != NULL ) { for ( i = 0; !BER_BVISNULL( &f->f_sub_any[i] ); i++ ) { len = fstr->bv_len; filter_escape_value_x( &f->f_sub_any[i], &vtmp, op->o_tmpmemctx ); fstr->bv_len += vtmp.bv_len + 1; fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, op->o_tmpmemctx ); snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3, /* "(attr=[init]*[any*]" */ "%s*)", vtmp.bv_len ? vtmp.bv_val : "" ); op->o_tmpfree( vtmp.bv_val, op->o_tmpmemctx ); } } if ( !BER_BVISNULL( &f->f_sub_final ) ) { len = fstr->bv_len; filter_escape_value_x( &f->f_sub_final, &vtmp, op->o_tmpmemctx ); fstr->bv_len += vtmp.bv_len; fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, op->o_tmpmemctx ); snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3, /* "(attr=[init*][any*]" */ "%s)", vtmp.bv_len ? vtmp.bv_val : "" ); op->o_tmpfree( vtmp.bv_val, op->o_tmpmemctx ); } break; case LDAP_FILTER_PRESENT: ad = f->f_desc; if ( map_attr_value( dc, &ad, &atmp, NULL, NULL, RWM_MAP, op->o_tmpmemctx ) ) { goto computed; } fstr->bv_len = atmp.bv_len + STRLENOF( "(=*)" ); fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx ); snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)", atmp.bv_val ); break; case LDAP_FILTER_AND: case LDAP_FILTER_OR: case LDAP_FILTER_NOT: fstr->bv_len = STRLENOF( "(%)" ); fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx ); snprintf( fstr->bv_val, fstr->bv_len + 1, "(%c)", f->f_choice == LDAP_FILTER_AND ? '&' : f->f_choice == LDAP_FILTER_OR ? '|' : '!' ); for ( p = f->f_list; p != NULL; p = p->f_next ) { int rc; len = fstr->bv_len; rc = rwm_int_filter_map_rewrite( op, dc, p, &vtmp ); if ( rc != LDAP_SUCCESS ) { return rc; } fstr->bv_len += vtmp.bv_len; fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, op->o_tmpmemctx ); snprintf( &fstr->bv_val[len-1], vtmp.bv_len + 2, /*"("*/ "%s)", vtmp.bv_len ? vtmp.bv_val : "" ); op->o_tmpfree( vtmp.bv_val, op->o_tmpmemctx ); } break; case LDAP_FILTER_EXT: { if ( f->f_mr_desc ) { ad = f->f_mr_desc; if ( map_attr_value( dc, &ad, &atmp, &f->f_mr_value, &vtmp, RWM_MAP, op->o_tmpmemctx ) ) { goto computed; } } else { BER_BVSTR( &atmp, "" ); filter_escape_value_x( &f->f_mr_value, &vtmp, op->o_tmpmemctx ); } fstr->bv_len = atmp.bv_len + ( f->f_mr_dnattrs ? STRLENOF( ":dn" ) : 0 ) + ( f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_len + 1 : 0 ) + vtmp.bv_len + STRLENOF( "(:=)" ); fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx ); snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)", atmp.bv_val, f->f_mr_dnattrs ? ":dn" : "", !BER_BVISEMPTY( &f->f_mr_rule_text ) ? ":" : "", !BER_BVISEMPTY( &f->f_mr_rule_text ) ? f->f_mr_rule_text.bv_val : "", vtmp.bv_len ? vtmp.bv_val : "" ); op->o_tmpfree( vtmp.bv_val, op->o_tmpmemctx ); break; } case -1: computed:; filter_free_x( op, f, 0 ); f->f_choice = SLAPD_FILTER_COMPUTED; f->f_result = SLAPD_COMPARE_UNDEFINED; /* fallthru */ case SLAPD_FILTER_COMPUTED: switch ( f->f_result ) { case LDAP_COMPARE_FALSE: /* FIXME: treat UNDEFINED as FALSE */ case SLAPD_COMPARE_UNDEFINED: if ( dc->rwmap->rwm_flags & RWM_F_SUPPORT_T_F ) { tmp = &ber_bvtf_false; break; } tmp = &ber_bvfalse; break; case LDAP_COMPARE_TRUE: if ( dc->rwmap->rwm_flags & RWM_F_SUPPORT_T_F ) { tmp = &ber_bvtf_true; break; } tmp = &ber_bvtrue; break; default: tmp = &ber_bverror; break; } ber_dupbv_x( fstr, tmp, op->o_tmpmemctx ); break; default: ber_dupbv_x( fstr, &ber_bvunknown, op->o_tmpmemctx ); break; } return LDAP_SUCCESS; }
int str2result( char *s, int *code, char **matched, char **info ) { int rc; char *c; *code = LDAP_SUCCESS; *matched = NULL; *info = NULL; if ( strncasecmp( s, "RESULT", STRLENOF( "RESULT" ) ) != 0 ) { Debug( LDAP_DEBUG_ANY, "str2result (%s) expecting \"RESULT\"\n", s ); return( -1 ); } rc = 0; while ( (s = strchr( s, '\n' )) != NULL ) { *s++ = '\0'; if ( *s == '\0' ) { break; } if ( (c = strchr( s, ':' )) != NULL ) { c++; } if ( strncasecmp( s, "code", STRLENOF( "code" ) ) == 0 ) { char *next = NULL; long retcode; if ( c == NULL ) { Debug( LDAP_DEBUG_ANY, "str2result (%s) missing value\n", s ); rc = -1; continue; } while ( isspace( (unsigned char) c[ 0 ] ) ) c++; if ( c[ 0 ] == '\0' ) { Debug( LDAP_DEBUG_ANY, "str2result (%s) missing or empty value\n", s ); rc = -1; continue; } retcode = strtol( c, &next, 10 ); if ( next == NULL || next == c ) { Debug( LDAP_DEBUG_ANY, "str2result (%s) unable to parse value\n", s ); rc = -1; continue; } while ( isspace( (unsigned char) next[ 0 ] ) && next[ 0 ] != '\n' ) next++; if ( next[ 0 ] != '\0' && next[ 0 ] != '\n' ) { Debug( LDAP_DEBUG_ANY, "str2result (%s) extra cruft after value\n", s ); rc = -1; continue; } /* FIXME: what if it's larger than max int? */ *code = (int)retcode; } else if ( strncasecmp( s, "matched", STRLENOF( "matched" ) ) == 0 ) { if ( c != NULL ) { *matched = c; } } else if ( strncasecmp( s, "info", STRLENOF( "info" ) ) == 0 ) { if ( c != NULL ) { *info = c; } } else { Debug( LDAP_DEBUG_ANY, "str2result (%s) unknown\n", s ); rc = -1; } } return( rc ); }