/**
* generic acl checking for different methods (basic set of methods supported)
* returns null if no err
*/
static dav_error *check_methods(request_rec *r, const dav_resource *resource,
davacl_dir_cfg *conf)
{
const dav_hooks_repository *repos = REPOS(conf);
if (repos == NULL || resource == NULL)
return dav_acl_privilege_error(r, "unknown", NULL);
switch (r->method_number) {
default:
if (r->method_number == iM_ACL) {
return check_acl(r, resource, conf, repos);
}
else if (r->method_number == iM_HEAD) {
return check_get(r, resource, conf, repos);
}
else {
TRACE(r, "Unknown methdod:%d", r->method_number);
return NULL;
}
break;
case M_PUT:
return check_put(r, resource, conf, repos);
case M_PROPPATCH:
return check_proppatch(r, resource, conf, repos);
case M_MKCOL:
return check_mkcol(r, resource, conf, repos);
case M_PROPFIND:
/* done with individual properties within dav_get_props() and
* dav_get_allprops */
return NULL;
case M_DELETE:
return check_delete(r, resource, conf, repos);
case M_OPTIONS:
case M_GET:
return check_get(r, resource, conf, repos);
case M_COPY:
return check_copy(r, resource, conf, repos);
case M_MOVE:
return check_move(r, resource, conf, repos);
case M_LOCK:
return check_lock(r, resource, conf, repos);
case M_UNLOCK:
return check_unlock(r, resource, conf, repos);
}
}
int
acl_is_capable(int cmd, int node, struct Creds *cred)
{
// root always capable
if (cred->uid == 0)
return 1;
if (cmd == CMD_CALL) {
if (check_acl(node, cred) == 1)
return 1;
}
return 0;
}
static
attribute_not_cached (Entry ptr, DN dn, OID at, DN target, int level, int dfltacl)
{
struct acl_attr * aa;
struct oid_seq * oidptr;
/* see if more than cached data is required */
if (ptr->e_acl->ac_attributes == NULLACL_ATTR)
return (dfltacl);
for ( aa = ptr->e_acl->ac_attributes; aa!=NULLACL_ATTR; aa=aa->aa_next)
for ( oidptr=aa->aa_types; oidptr != NULLOIDSEQ; oidptr=oidptr->oid_next)
if (oid_cmp (oidptr->oid_oid,at) == 0) {
/* The attribute is in the attribute ACL list */
/* Would a referral help the DUA ? */
if (check_acl (NULLDN,level,aa->aa_acl,target) == NOTOK)
if (check_acl (dn,level,aa->aa_acl,target) == OK)
return TRUE;
return FALSE;
}
return (dfltacl);
}
static
cant_use_cache (Entry ptr, DN dn, EntryInfoSelection eis, DN target)
{
Attr_Sequence as;
char dfltacl = FALSE;
if (dn == NULLDN)
return FALSE;
if ((ptr->e_data == E_DATA_MASTER) || (ptr->e_data == E_TYPE_SLAVE))
return FALSE;
/* see if more than cached data is required */
if (eis.eis_allattributes) {
struct acl_attr * aa;
struct oid_seq * oidptr;
/* look for attr acl */
/* see if any attributes use can see */
if (check_acl (NULLDN,ACL_READ,ptr->e_acl->ac_default,target) == NOTOK)
if (check_acl (dn,ACL_READ,ptr->e_acl->ac_default,target) == OK)
return TRUE;
if (ptr->e_acl->ac_attributes == NULLACL_ATTR)
return FALSE;
for ( aa = ptr->e_acl->ac_attributes; aa!=NULLACL_ATTR; aa=aa->aa_next)
for ( oidptr=aa->aa_types; oidptr != NULLOIDSEQ; oidptr=oidptr->oid_next)
/* The attribute is in the attribute ACL list */
/* Would a referral help the DUA ? */
if (check_acl (NULLDN,ACL_READ,aa->aa_acl,target) == NOTOK)
if (check_acl (dn,ACL_READ,aa->aa_acl,target) == OK)
return TRUE;
} else {
/* for each attribute in eis.eis_select, see is user
entitled to it. */
if (check_acl (NULLDN,ACL_READ,ptr->e_acl->ac_default,target) == NOTOK)
if (check_acl (dn,ACL_READ,ptr->e_acl->ac_default,target) == OK)
dfltacl = TRUE;
for(as=eis.eis_select; as != NULLATTR; as=as->attr_link) {
if (entry_find_type (ptr, as->attr_type) == NULLATTR)
if (attribute_not_cached (ptr,dn,grab_oid(as->attr_type),target,ACL_READ,dfltacl))
return TRUE;
}
}
return FALSE;
}
static void
add_slave (krb5_context context, krb5_keytab keytab, slave **root, int fd)
{
krb5_principal server;
krb5_error_code ret;
slave *s;
socklen_t addr_len;
krb5_ticket *ticket = NULL;
char hostname[128];
s = malloc(sizeof(*s));
if (s == NULL) {
krb5_warnx (context, "add_slave: no memory");
return;
}
s->name = NULL;
s->ac = NULL;
addr_len = sizeof(s->addr);
s->fd = accept (fd, (struct sockaddr *)&s->addr, &addr_len);
if (s->fd < 0) {
krb5_warn (context, errno, "accept");
goto error;
}
gethostname(hostname, sizeof(hostname));
ret = krb5_sname_to_principal (context, hostname, IPROP_NAME,
KRB5_NT_SRV_HST, &server);
if (ret) {
krb5_warn (context, ret, "krb5_sname_to_principal");
goto error;
}
ret = krb5_recvauth (context, &s->ac, &s->fd,
IPROP_VERSION, server, 0, keytab, &ticket);
krb5_free_principal (context, server);
if (ret) {
krb5_warn (context, ret, "krb5_recvauth");
goto error;
}
ret = krb5_unparse_name (context, ticket->client, &s->name);
if (ret) {
krb5_warn (context, ret, "krb5_unparse_name");
goto error;
}
if (check_acl (context, s->name)) {
krb5_warnx (context, "%s not in acl", s->name);
goto error;
}
krb5_free_ticket (context, ticket);
ticket = NULL;
{
slave *l = *root;
while (l) {
if (strcmp(l->name, s->name) == 0)
break;
l = l->next;
}
if (l) {
if (l->flags & SLAVE_F_DEAD) {
remove_slave(context, l, root);
} else {
krb5_warnx (context, "second connection from %s", s->name);
goto error;
}
}
}
krb5_warnx (context, "connection from %s", s->name);
s->version = 0;
s->flags = 0;
slave_seen(s);
s->next = *root;
*root = s;
return;
error:
remove_slave(context, s, root);
}
/*
* This is the main drive for each connection. As you can tell, for the
* first few steps we are using a blocking socket. If you remember the
* older tinyproxy code, this use to be a very confusing state machine.
* Well, no more! :) The sockets are only switched into nonblocking mode
* when we start the relay portion. This makes most of the original
* tinyproxy code, which was confusing, redundant. Hail progress.
* - rjkaes
*/
void
handle_connection(int fd)
{
struct conn_s *connptr;
struct request_s *request = NULL;
hashmap_t hashofheaders = NULL;
char peer_ipaddr[PEER_IP_LENGTH];
char peer_string[PEER_STRING_LENGTH];
getpeer_information(fd, peer_ipaddr, peer_string);
log_message(LOG_CONN, "Connect (file descriptor %d): %s [%s]",
fd, peer_string, peer_ipaddr);
connptr = initialize_conn(fd, peer_ipaddr, peer_string);
if (!connptr) {
close(fd);
return;
}
if (check_acl(fd, peer_ipaddr, peer_string) <= 0) {
update_stats(STAT_DENIED);
indicate_http_error(connptr, 403, "Access denied",
"detail", "The administrator of this proxy has not configured it to service requests from your host.",
NULL);
send_http_error_message(connptr);
destroy_conn(connptr);
return;
}
if (read_request_line(connptr) < 0) {
update_stats(STAT_BADCONN);
indicate_http_error(connptr, 408, "Timeout",
"detail", "Server timeout waiting for the HTTP request from the client.",
NULL);
send_http_error_message(connptr);
destroy_conn(connptr);
return;
}
/*
* The "hashofheaders" store the client's headers.
*/
if (!(hashofheaders = hashmap_create(HEADER_BUCKETS))) {
update_stats(STAT_BADCONN);
indicate_http_error(connptr, 503, "Internal error",
"detail", "An internal server error occurred while processing your request. Please contact the administrator.",
NULL);
send_http_error_message(connptr);
destroy_conn(connptr);
return;
}
/*
* Get all the headers from the client in a big hash.
*/
if (get_all_headers(connptr->client_fd, hashofheaders) < 0) {
log_message(LOG_WARNING, "Could not retrieve all the headers from the client");
hashmap_delete(hashofheaders);
update_stats(STAT_BADCONN);
destroy_conn(connptr);
return;
}
request = process_request(connptr, hashofheaders);
if (!request) {
if (!connptr->error_variables && !connptr->show_stats) {
update_stats(STAT_BADCONN);
destroy_conn(connptr);
hashmap_delete(hashofheaders);
return;
}
goto send_error;
}
connptr->upstream_proxy = UPSTREAM_HOST(request->host);
if (connptr->upstream_proxy != NULL) {
if (connect_to_upstream(connptr, request) < 0) {
goto send_error;
}
} else {
connptr->server_fd = opensock(request->host, request->port);
if (connptr->server_fd < 0) {
indicate_http_error(connptr, 500, "Unable to connect",
"detail", PACKAGE " was unable to connect to the remote web server.",
"error", strerror(errno),
NULL);
goto send_error;
}
log_message(LOG_CONN,
"Established connection to host \"%s\" using file descriptor %d.",
request->host, connptr->server_fd);
if (!connptr->connect_method)
establish_http_connection(connptr, request);
}
send_error:
free_request_struct(request);
if (process_client_headers(connptr, hashofheaders) < 0) {
update_stats(STAT_BADCONN);
if (!connptr->error_variables) {
hashmap_delete(hashofheaders);
destroy_conn(connptr);
return;
}
}
hashmap_delete(hashofheaders);
if (connptr->error_variables) {
send_http_error_message(connptr);
destroy_conn(connptr);
return;
} else if (connptr->show_stats) {
showstats(connptr);
destroy_conn(connptr);
return;
}
if (!connptr->connect_method || (connptr->upstream_proxy != NULL)) {
if (process_server_headers(connptr) < 0) {
if (connptr->error_variables)
send_http_error_message(connptr);
update_stats(STAT_BADCONN);
destroy_conn(connptr);
return;
}
} else {
if (send_ssl_response(connptr) < 0) {
log_message(LOG_ERR,
"handle_connection: Could not send SSL greeting to client.");
update_stats(STAT_BADCONN);
destroy_conn(connptr);
return;
}
}
relay_connection(connptr);
log_message(LOG_INFO, "Closed connection between local client (fd:%d) and remote client (fd:%d)",
connptr->client_fd, connptr->server_fd);
/*
* All done... close everything and go home... :)
*/
destroy_conn(connptr);
return;
}
int
find_entry (DN object, common_args *ca, DN acl_who, struct dn_seq *dn_stack, int master, Entry *ent_p, struct DSError *err, struct di_block **di_p, int optype)
{
int deref = FALSE;
extern time_t cache_timeout;
DN dn_found;
int res;
DLOG (log_dsap,LLOG_TRACE,("find_entry"));
err->dse_type = DSE_NOERROR;
if ((ca->ca_servicecontrol.svc_options & SVC_OPT_DONTDEREFERENCEALIAS) == 0)
deref = TRUE;
if ((ca->ca_servicecontrol.svc_options & SVC_OPT_DONTUSECOPY) != 0)
master = TRUE;
switch(really_find_entry(object,deref,dn_stack,master,ent_p,err,di_p)) {
case DS_OK:
DLOG(log_dsap, LLOG_DEBUG, ("find_entry - rfe: OK"));
/* Have set up ent_p continue processing */
break;
case DS_CONTINUE:
DLOG(log_dsap, LLOG_DEBUG, ("find_entry - rfe: CONT"));
#ifdef DEBUG
di_list_log((*di_p));
#endif
/* Have set up di_blocks of DSAs to be questioned */
return(DS_CONTINUE);
case DS_X500_ERROR:
DLOG(log_dsap, LLOG_DEBUG, ("find_entry - rfe: X500_ERROR"));
/* Have set up an error */
return(DS_X500_ERROR);
default:
/* Scream */
LLOG(log_dsap, LLOG_EXCEPTIONS, ("really_find_entry failed in find_entry 1"));
return(DS_ERROR_LOCAL);
}
dn_found = get_copy_dn (*ent_p);
/* if the returned entry is a CONSTRUCTOR, return a referral */
if ((*ent_p)->e_data == E_TYPE_CONSTRUCTOR) {
DLOG(log_dsap, LLOG_DEBUG, ("find_entry - constructor"));
res = constructor_dsa_info(dn_found,dn_stack,FALSE,(*ent_p),err,di_p);
dn_free (dn_found);
return (res);
}
/* if the returned entry is a COPY, - check service controls */
if (((*ent_p)->e_data != E_DATA_MASTER) && (master)) {
/* DSAs are special for read/modify */
if ((optype == OP_READ) ||
(optype == OP_MODIFYRDN) ||
(optype == OP_MODIFYENTRY)) {
if ((quipu_ctx_supported (*ent_p) > 2) && (quipu_version_7 (*ent_p))) {
if (dn_cmp (dn_found, mydsadn) == 0)
goto out;
mk_ref:
;
(*di_p) = di_alloc();
(*di_p)->di_type = DI_TASK;
(*di_p)->di_dn = dn_found;
(*di_p)->di_target = dn_cpy(dn_found);
(*di_p)->di_reftype = RT_UNDEFINED;
(*di_p)->di_rdn_resolved = CR_RDNRESOLVED_NOTDEFINED;
(*di_p)->di_aliasedRDNs = CR_NOALIASEDRDNS;
(*di_p)->di_entry = *ent_p;
(*ent_p)->e_refcount++;
(*di_p)->di_state = DI_COMPLETE;
return DS_CONTINUE;
}
}
DLOG(log_dsap, LLOG_DEBUG, ("find_entry - slave master needed"));
res = constructor_dsa_info(dn_found,dn_stack,TRUE,(*ent_p),err,di_p);
dn_free (dn_found);
return (res);
} else if ( ((optype == OP_MODIFYRDN) || (optype == OP_MODIFYENTRY)) &&
(quipu_ctx_supported (*ent_p) > 2) &&
quipu_version_7 (*ent_p) &&
(dn_cmp (dn_found, mydsadn) != 0))
goto mk_ref;
#ifdef WRONG_BEHAVIOUR
/* if this is right, we need to make sure that dsa_info */
/* pick ups the correct external reference */
if ((*ent_p)->e_external &&
((*ent_p)->e_reftype != RT_NONSPECIFICSUBORDINATE)) {
res = constructor_dsa_info(dn_found,dn_stack,TRUE,(*ent_p),err,di_p);
dn_free (dn_found);
return (res);
}
#endif
if (((*ent_p)->e_data == E_TYPE_CACHE_FROM_MASTER) &&
(timenow - (*ent_p)->e_age > cache_timeout)) {
DLOG(log_dsap, LLOG_DEBUG, ("find_entry - cache timed out"));
res = constructor_dsa_info(dn_found,dn_stack,TRUE,(*ent_p),err,di_p);
delete_cache (dn_found);
dn_free (dn_found);
return (res);
}
out:
;
dn_free (dn_found);
if ((*ent_p)->e_parent == NULLENTRY) {
DLOG(log_dsap, LLOG_DEBUG, ("find_entry: (*ent_p)->e_parent is NULLENTRY"));
return (DS_OK); /* no acl for root entry */
}
if (check_acl (acl_who,ACL_DETECT, (*ent_p)->e_parent->e_acl->ac_child, object) == NOTOK) {
err->dse_type = DSE_SECURITYERROR;
err->ERR_SECURITY.DSE_sc_problem = DSE_SC_ACCESSRIGHTS;
return (DS_X500_ERROR);
}
if (check_acl (acl_who,ACL_DETECT, (*ent_p)->e_acl->ac_entry, object) == NOTOK) {
err->dse_type = DSE_SECURITYERROR;
err->ERR_SECURITY.DSE_sc_problem = DSE_SC_ACCESSRIGHTS;
return (DS_X500_ERROR);
}
return (DS_OK);
}
int
find_child_entry (DN object, common_args *ca, DN acl_who, struct dn_seq *dn_stack, int master, Entry *ent_p, struct DSError *err, struct di_block **di_p)
{
/* this is very similar to find_entry(), except a top level */
/* constructor is allowed */
int deref = FALSE;
int res;
DN dn_found;
Entry akid;
DLOG (log_dsap,LLOG_DEBUG,("find_child_entry"));
err->dse_type = DSE_NOERROR;
if ((ca->ca_servicecontrol.svc_options & SVC_OPT_DONTDEREFERENCEALIAS) == 0)
deref = TRUE;
if ((ca->ca_servicecontrol.svc_options & SVC_OPT_DONTUSECOPY) != 0)
master = TRUE;
switch(really_find_entry(object,deref,dn_stack,master,ent_p,err,di_p)) {
case DS_OK:
DLOG(log_dsap, LLOG_DEBUG, ("find_child_entry - rfe: OK"));
/* Have set up ent_p continue processing */
break;
case DS_CONTINUE:
DLOG(log_dsap, LLOG_DEBUG, ("find_child_entry - rfe: CONTINUE"));
#ifdef DEBUG
di_list_log((*di_p));
#endif
/* Have set up di_blocks of DSAs to be questioned */
return(DS_CONTINUE);
case DS_X500_ERROR:
/* Have set up an error */
DLOG(log_dsap, LLOG_DEBUG, ("find_child_entry - rfe: X500_ERROR"));
return(DS_X500_ERROR);
default:
/* Scream */
LLOG(log_dsap, LLOG_EXCEPTIONS, ("really_find_entry failed in find_entry 1"));
return(DS_ERROR_LOCAL);
}
/* check to see if children OK */
if ((*ent_p)->e_children != NULLAVL && (*ent_p)->e_allchildrenpresent
!= FALSE) {
DLOG(log_dsap, LLOG_DEBUG, ("find_child_entry - children OK"));
akid = (Entry) avl_getone((*ent_p)->e_children);
switch (akid->e_data) {
case E_DATA_MASTER:
DLOG(log_dsap, LLOG_DEBUG, ("find_child_entry - children masters"));
break;
case E_TYPE_SLAVE:
/* see if we can use a copy ... */
DLOG(log_dsap, LLOG_DEBUG, ("find_child_entry - children slaves"));
if (master) {
dn_found = get_copy_dn (*ent_p);
res = constructor_dsa_info_aux(dn_found,dn_stack,master,(*ent_p),err,di_p);
dn_free (dn_found);
return (res);
}
break;
default:
DLOG(log_dsap, LLOG_DEBUG, ("find_child_entry - default"));
dn_found = get_copy_dn (*ent_p);
res = constructor_dsa_info_aux(dn_found,dn_stack,master,(*ent_p),err,di_p);
dn_free (dn_found);
return (res);
}
} else if ( (! isleaf(*ent_p)) || (*ent_p)->e_external) {
DLOG(log_dsap, LLOG_DEBUG, ("find_child_entry - children NOTOK"));
dn_found = get_copy_dn (*ent_p);
res = constructor_dsa_info_aux(dn_found,dn_stack,master,(*ent_p),err,di_p);
dn_free (dn_found);
return (res);
}
if (check_acl (acl_who,ACL_DETECT, (*ent_p)->e_acl->ac_child, object) == NOTOK) {
err->dse_type = DSE_SECURITYERROR;
err->ERR_SECURITY.DSE_sc_problem = DSE_SC_ACCESSRIGHTS;
return (DS_X500_ERROR);
}
return (DS_OK);
}
int
do_ds_read (struct ds_read_arg *arg, struct DSError *error, struct ds_read_result *result, DN binddn, DN target, struct di_block **di_p, int dsp, int quipu_ctx, int authtype)
{
Entry entryptr;
int retval;
#ifdef NOTUSED
int authenticated;
#endif
DN realtarget;
char authp;
DLOG (log_dsap,LLOG_TRACE,("ds_read"));
if (!dsp)
target = arg->rda_object;
if (!dsp && dsa_read_control(arg,result))
return (DS_OK);
if (target == NULLDN) {
/* can't read from the root */
error->dse_type = DSE_NAMEERROR;
error->ERR_NAME.DSE_na_problem = DSE_NA_NOSUCHOBJECT;
error->ERR_NAME.DSE_na_matched = NULLDN;
return (DS_ERROR_REMOTE);
}
switch(find_entry(target,&(arg->rda_common),binddn,NULLDNSEQ,FALSE,&(entryptr), error, di_p, OP_READ)) {
case DS_OK:
/* Filled out entryptr - carry on */
break;
case DS_CONTINUE:
/* Filled out di_p - what do we do with it ?? */
return(DS_CONTINUE);
case DS_X500_ERROR:
/* Filled out error - what do we do with it ?? */
return(DS_X500_ERROR);
default:
/* SCREAM */
LLOG(log_dsap, LLOG_EXCEPTIONS, ("do_ds_read() - find_entry failed"));
return(DS_ERROR_LOCAL);
}
realtarget = get_copy_dn (entryptr);
/* User can be authenticated by using strong authentication for this
* operation, or by using the credntials from the bind.
*/
if (!manager(binddn))
authp = entryptr->e_authp ? entryptr->e_authp->ap_readandcompare
: AP_SIMPLE;
else
authp = AP_SIMPLE;
#ifdef NOTUSED
authenticated = 0;
/* Credentials provided in the ds_bind */
if ((bind_policy & POLICY_ACCESS_READ) && (!dsp) && (binddn != NULLDN))
authenticated = 1;
#endif
/* Strong authentication */
/* If it's there, check it, even if you won't believe it anyway */
if ((retval = check_security_parms((caddr_t) arg,
_ZReadArgumentDataDAS,
&_ZDAS_mod,
arg->rda_common.ca_security,
arg->rda_common.ca_sig, &binddn)) != 0) {
error->dse_type = DSE_SECURITYERROR;
error->ERR_SECURITY.DSE_sc_problem = retval;
dn_free (realtarget);
return (DS_ERROR_REMOTE);
}
#ifdef NOTUSED
if ((strong_policy & POLICY_ACCESS_READ) &&
(arg->rda_common.ca_sig != (struct signature *) 0))
authenticated = 1;
#endif
/* entry has got a full list of attributes, eventually
select one required */
if (check_acl ((authtype % 3) >= authp ? binddn : NULLDN, ACL_READ,
entryptr->e_acl->ac_entry, realtarget) == NOTOK) {
if (dsp && (check_acl (binddn,ACL_READ,entryptr->e_acl->ac_entry, realtarget) == OK)) {
error->dse_type = DSE_SECURITYERROR;
error->ERR_SECURITY.DSE_sc_problem = DSE_SC_AUTHENTICATION;
dn_free (realtarget);
return (DS_ERROR_REMOTE);
} else {
error->dse_type = DSE_SECURITYERROR;
error->ERR_SECURITY.DSE_sc_problem = DSE_SC_ACCESSRIGHTS;
dn_free (realtarget);
return (DS_ERROR_REMOTE);
}
}
if (entryptr->e_dsainfo && need_pseudo_dsa(entryptr,arg)) {
/* Its a 7.0 or better DSA.
* pseudo attributes asked for.
* special routing req'd
*/
if (dn_cmp (realtarget, mydsadn) == 0) {
/* Its me - generate result */
if ((result->rdr_entry.ent_attr = dsa_eis_select (
arg->rda_eis,entryptr, dsp ? NULLDN : binddn,
quipu_ctx, realtarget)) != NULLATTR)
goto out;
if ( arg->rda_eis.eis_allattributes || arg->rda_eis.eis_select == NULLATTR)
goto out;
error->dse_type = DSE_ATTRIBUTEERROR;
error->ERR_ATTRIBUTE.DSE_at_name = get_copy_dn (entryptr);
error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_what =DSE_AT_NOSUCHATTRIBUTE;
error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_type = AttrT_cpy(arg->rda_eis.eis_select->attr_type);
error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_value = NULLAttrV;
error->ERR_ATTRIBUTE.DSE_at_plist.dse_at_next = DSE_AT_NOPROBLEM;
dn_free (realtarget);
return (DS_ERROR_REMOTE);
} else {
/* make referral to DSA in this entry */
(*di_p) = di_alloc();
(*di_p)->di_type = DI_TASK;
(*di_p)->di_dn = realtarget;
(*di_p)->di_target = dn_cpy(realtarget);
(*di_p)->di_reftype = RT_UNDEFINED;
(*di_p)->di_rdn_resolved = CR_RDNRESOLVED_NOTDEFINED;
(*di_p)->di_aliasedRDNs = CR_NOALIASEDRDNS;
(*di_p)->di_entry = entryptr;
entryptr->e_refcount++;
(*di_p)->di_state = DI_COMPLETE;
return DS_CONTINUE;
}
}
if (cant_use_cache (entryptr,binddn,arg->rda_eis,realtarget)) {
int res = referral_dsa_info(realtarget,NULLDNSEQ,FALSE,entryptr,error,di_p,
arg->rda_common.ca_servicecontrol.svc_options & SVC_OPT_PREFERCHAIN);
dn_free (realtarget);
return res;
}
if (dsp && (eis_check (arg->rda_eis,entryptr, binddn) != OK)) {
/* Can only send public things over DSP - but user is entitled to more */
error->dse_type = DSE_SECURITYERROR;
error->ERR_SECURITY.DSE_sc_problem = DSE_SC_AUTHENTICATION;
dn_free (realtarget);
return (DS_ERROR_REMOTE);
}
if ((result->rdr_entry.ent_attr = eis_select (arg->rda_eis,entryptr, dsp ? NULLDN : binddn, quipu_ctx, realtarget)) == NULLATTR)
if ( !arg->rda_eis.eis_allattributes && arg->rda_eis.eis_select != NULLATTR) {
error->dse_type = DSE_ATTRIBUTEERROR;
error->ERR_ATTRIBUTE.DSE_at_name = get_copy_dn (entryptr);
error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_what =DSE_AT_NOSUCHATTRIBUTE;
error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_type = AttrT_cpy(arg->rda_eis.eis_select->attr_type);
error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_value = NULLAttrV;
error->ERR_ATTRIBUTE.DSE_at_plist.dse_at_next = DSE_AT_NOPROBLEM;
dn_free (realtarget);
return (DS_ERROR_REMOTE);
}
out:
;
result->rdr_entry.ent_dn = realtarget;
result->rdr_entry.ent_iscopy = entryptr->e_data;
result->rdr_entry.ent_age = (time_t) 0;
result->rdr_entry.ent_next = NULLENTRYINFO;
result->rdr_common.cr_requestor = NULLDN;
/* if no error and NOT SVC_OPT_DONTDEREFERENCEALIASES then */
/* the alias will have been derefeferenced -signified by */
/* NO_ERROR !!! */
result->rdr_common.cr_aliasdereferenced = (error->dse_type == DSE_NOERROR) ? FALSE : TRUE;
return (DS_OK);
}
static int doline(struct PCP *pcp, char *p, int acl_flags)
{
char *q=strtok(p, " ");
if (!q)
{
printf("500 Syntax error\n");
return (0);
}
if (strcasecmp(q, "QUIT") == 0)
{
printf("200 Bye.\n");
return (-1);
}
if (strcasecmp(q, "NOOP") == 0)
{
printf("200 Ok.\n");
return (0);
}
if (strcasecmp(q, "CAPABILITY") == 0)
{
printf("100-ACL\n");
printf("100 PCP1\n");
return (0);
}
if (strcasecmp(q, "LIST") == 0)
{
if (check_acl(acl_flags, PCP_ACL_LIST))
return (0);
if (list(pcp))
printf("500 Syntax error\n");
return (0);
}
if (strcasecmp(q, "RETR") == 0)
{
if (check_acl(acl_flags, PCP_ACL_RETR))
return (0);
if (retr(pcp))
printf("500 Syntax error\n");
return (0);
}
if (strcasecmp(q, "ACL") == 0 && pcp_has_acl(pcp) && !proxy_userid)
{
q=strtok(NULL, " ");
if (q && strcasecmp(q, "SET") == 0)
{
const char *who=strtok(NULL, " ");
if (who)
{
int flags=0;
while ((q=strtok(NULL, " ")) != 0)
flags |= pcp_acl_num(q);
if (pcp_acl(pcp, who, flags))
{
error(0);
return (0);
}
printf("200 Ok\n");
return (0);
}
}
else if (q && strcasecmp(q, "LIST") == 0)
{
listacls(pcp);
return (0);
}
}
if (strcasecmp(q, "RSET") == 0)
{
conflict_flag=0;
force_flag=0;
need_rset=0;
rset(pcp);
printf("200 Ok.\n");
return (0);
}
if (need_rset)
{
printf("500 RSET required - calendar in an unknown state.\n");
return (0);
}
if (strcasecmp(q, "DELETE") == 0)
{
struct PCP_retr r;
const char *event_id_list[2];
char *e=strtok(NULL, " ");
if (check_acl(acl_flags, PCP_ACL_MODIFY))
return (0);
if (e && deleted_eventid == NULL && new_eventid == NULL)
{
if ((deleted_eventid=strdup(e)) == NULL)
{
perror("strdup");
exit(1);
}
proxy_list_rset();
memset(&r, 0, sizeof(r));
r.callback_retr_participants=open_event_participant;
event_id_list[0]=deleted_eventid;
event_id_list[1]=NULL;
r.event_id_list=event_id_list;
if (pcp_retr(pcp, &r))
{
error(r.errcode);
proxy_list_rset();
}
else
printf("200 Ok.\n");
return (0);
}
}
if (strcasecmp(q, "NEW") == 0 && new_eventid == NULL)
{
if (check_acl(acl_flags, PCP_ACL_MODIFY))
return (0);
new_eventid=readnewevent(pcp);
if (new_eventid == NULL)
{
printf("500 %s\n", strerror(errno));
}
else
printf("109 %s ready to be commited.\n",
new_eventid->eventid);
return (0);
}
if (strcasecmp(q, "BOOK") == 0 && new_eventid)
{
dobook(pcp);
return (0);
}
if (strcasecmp(q, "CONFLICT") == 0)
{
q=strtok(NULL, " ");
if (q && strcasecmp(q, "ON") == 0)
{
if (check_acl(acl_flags, PCP_ACL_CONFLICT))
return (0);
conflict_flag=1;
}
else
conflict_flag=0;
printf("200 Ok.\n");
return (0);
}
if (strcasecmp(q, "FORCE") == 0)
{
q=strtok(NULL, " ");
if (q && strcasecmp(q, "ON") == 0)
{
force_flag=1;
}
else
force_flag=0;
printf("200 Ok.\n");
return (0);
}
if (strcasecmp(q, "COMMIT") == 0)
{
if (notbooked)
{
printf("500 BOOK required.\n");
}
else if (new_eventid && new_commit_times)
{
struct proxy_list *pl;
new_commit.add_conflict_callback=NULL;
new_commit.add_conflict_callback_ptr=NULL;
new_commit.flags=
(conflict_flag ? PCP_OK_CONFLICT:0) |
(force_flag ? PCP_OK_PROXY_ERRORS:0);
for (pl=proxy_list; pl; pl=pl->next)
{
if (pl->flags & PROXY_IGNORE)
continue;
if (pl->flags & PROXY_NEW)
{
if (pcp_commit(pl->proxy,
pl->newevent,
&new_commit))
{
syslog(LOG_CRIT,
"COMMIT failed for PROXY %s",
pl->userid);
if (!force_flag)
{
pl->flags &=
~PROXY_NEW;
error(new_commit
.errcode);
return (0);
}
}
}
else if (pl->old_event_id)
{
struct PCP_delete del;
memset(&del, 0, sizeof(del));
del.id=pl->old_event_id;
if (pcp_delete(pl->proxy, &del))
{
syslog(LOG_CRIT,
"DELETE failed for PROXY %s",
pl->userid);
if (!force_flag)
{
error(del.errcode);
return (0);
}
pl->flags |= PROXY_IGNORE;
}
}
}
if (proxy_userid)
new_commit.flags |= PCP_BYPROXY;
if (pcp_commit(pcp, new_eventid, &new_commit))
error(new_commit.errcode);
else
{
const char *proxy_name=NULL;
const char *proxy_action=NULL;
for (pl=proxy_list; pl; pl=pl->next)
{
if (proxy_name)
printf("111-%s %s\n",
proxy_action,
proxy_name);
proxy_action=
!(pl->flags & PROXY_IGNORE)
&& (pl->flags & PROXY_NEW)
? "NEW":"DELETE";
proxy_name=pl->userid;
}
if (proxy_name)
printf("111 %s %s\n",
proxy_action,
proxy_name);
else
printf("200 Ok.\n");
}
rset(pcp);
return (0);
}
else if (!new_eventid && deleted_eventid)
{
struct proxy_list *pl;
struct PCP_delete del;
const char *proxy_userid;
for (pl=proxy_list; pl; pl=pl->next)
{
if (pl->flags & PROXY_IGNORE)
continue;
if (pl->old_event_id)
{
memset(&del, 0, sizeof(del));
del.id=pl->old_event_id;
if (pcp_delete(pl->proxy, &del))
{
syslog(LOG_CRIT,
"DELETE failed for PROXY %s",
pl->userid);
}
}
}
memset(&del, 0, sizeof(del));
del.id=deleted_eventid;
if (pcp_delete(pcp, &del))
{
if (del.errcode != PCP_ERR_EVENTNOTFOUND)
{
error(del.errcode);
return (0);
}
}
proxy_userid=NULL;
for (pl=proxy_list; pl; pl=pl->next)
{
if (proxy_userid)
printf("111-DELETE %s\n",
proxy_userid);
proxy_userid=pl->userid;
}
if (proxy_userid)
printf("111 DELETE %s\n", proxy_userid);
else
printf("200 Ok\n");
rset(pcp);
return (0);
}
printf("500 There's nothing to commit.\n");
return (0);
}
if (strcasecmp(q, "CANCEL") == 0)
{
int errcode;
if (check_acl(acl_flags, PCP_ACL_MODIFY))
return (0);
q=strtok(NULL, " ");
if (!q)
printf("500 Syntax error\n");
else if (pcp_cancel(pcp, q, &errcode))
error(errcode);
else
printf("200 Cancelled\n");
return (0);
}
if (strcasecmp(q, "UNCANCEL") == 0)
{
struct PCP_uncancel unc;
struct uncancel_list *list=NULL, **tail= &list;
struct uncancel_list *p;
if (check_acl(acl_flags, PCP_ACL_MODIFY))
return (0);
memset(&unc, 0, sizeof(unc));
unc.uncancel_conflict_callback=uncancel_callback;
unc.uncancel_conflict_callback_ptr=&tail;
q=strtok(NULL, " ");
if (!q)
printf("500 Syntax error\n");
else if (pcp_uncancel(pcp, q,
(conflict_flag ? PCP_OK_CONFLICT:0)|
(force_flag ? PCP_OK_PROXY_ERRORS:0),
&unc))
{
if (unc.errcode == PCP_ERR_CONFLICT && list)
{
for (p=list; p; p=p->next)
{
char from_buf[15];
char to_buf[15];
pcp_gmtimestr(p->from, from_buf);
pcp_gmtimestr(p->to, to_buf);
printf("403%c%s %s %s %s conflicts.\n",
p->next ? '-':' ',
p->addr,
from_buf,
to_buf,
p->id);
}
}
else
error(unc.errcode);
}
else
printf("200 Uncancelled\n");
while((p=list) != NULL)
{
list=p->next;
free(p->addr);
free(p->id);
free(p);
}
return (0);
}
printf("500 Syntax error\n");
return (0);
}
