Commit 093d040c authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

more for ITS#5903

parent f32c8b4d
...@@ -188,6 +188,7 @@ typedef struct memberof_cbinfo_t { ...@@ -188,6 +188,7 @@ typedef struct memberof_cbinfo_t {
slap_overinst *on; slap_overinst *on;
BerVarray member; BerVarray member;
BerVarray memberof; BerVarray memberof;
memberof_is_t what;
} memberof_cbinfo_t; } memberof_cbinfo_t;
static int static int
...@@ -244,7 +245,7 @@ memberof_saveMember_cb( Operation *op, SlapReply *rs ) ...@@ -244,7 +245,7 @@ memberof_saveMember_cb( Operation *op, SlapReply *rs )
* attribute values of groups being deleted. * attribute values of groups being deleted.
*/ */
static int static int
memberof_isGroupOrMember( Operation *op, memberof_is_t *iswhatp, memberof_cbinfo_t *mci ) memberof_isGroupOrMember( Operation *op, memberof_cbinfo_t *mci )
{ {
slap_overinst *on = mci->on; slap_overinst *on = mci->on;
memberof_t *mo = (memberof_t *)on->on_bi.bi_private; memberof_t *mo = (memberof_t *)on->on_bi.bi_private;
...@@ -258,8 +259,7 @@ memberof_isGroupOrMember( Operation *op, memberof_is_t *iswhatp, memberof_cbinfo ...@@ -258,8 +259,7 @@ memberof_isGroupOrMember( Operation *op, memberof_is_t *iswhatp, memberof_cbinfo
memberof_is_t iswhat = MEMBEROF_IS_NONE; memberof_is_t iswhat = MEMBEROF_IS_NONE;
memberof_cookie_t mc; memberof_cookie_t mc;
assert( iswhatp != NULL ); assert( mci->what != MEMBEROF_IS_NONE );
assert( *iswhatp != MEMBEROF_IS_NONE );
cb.sc_private = &mc; cb.sc_private = &mc;
if ( op->o_tag == LDAP_REQ_DELETE ) { if ( op->o_tag == LDAP_REQ_DELETE ) {
...@@ -283,7 +283,7 @@ memberof_isGroupOrMember( Operation *op, memberof_is_t *iswhatp, memberof_cbinfo ...@@ -283,7 +283,7 @@ memberof_isGroupOrMember( Operation *op, memberof_is_t *iswhatp, memberof_cbinfo
op2.ors_slimit = 1; op2.ors_slimit = 1;
op2.ors_tlimit = SLAP_NO_LIMIT; op2.ors_tlimit = SLAP_NO_LIMIT;
if ( *iswhatp & MEMBEROF_IS_GROUP ) { if ( mci->what & MEMBEROF_IS_GROUP ) {
mc.ad = mo->mo_ad_member; mc.ad = mo->mo_ad_member;
mc.foundit = 0; mc.foundit = 0;
mc.vals = NULL; mc.vals = NULL;
...@@ -298,12 +298,12 @@ memberof_isGroupOrMember( Operation *op, memberof_is_t *iswhatp, memberof_cbinfo ...@@ -298,12 +298,12 @@ memberof_isGroupOrMember( Operation *op, memberof_is_t *iswhatp, memberof_cbinfo
if ( mc.foundit ) { if ( mc.foundit ) {
iswhat |= MEMBEROF_IS_GROUP; iswhat |= MEMBEROF_IS_GROUP;
mci->member = mc.vals; if ( mc.vals ) mci->member = mc.vals;
} }
} }
if ( *iswhatp & MEMBEROF_IS_MEMBER ) { if ( mci->what & MEMBEROF_IS_MEMBER ) {
mc.ad = mo->mo_ad_memberof; mc.ad = mo->mo_ad_memberof;
mc.foundit = 0; mc.foundit = 0;
mc.vals = NULL; mc.vals = NULL;
...@@ -318,12 +318,12 @@ memberof_isGroupOrMember( Operation *op, memberof_is_t *iswhatp, memberof_cbinfo ...@@ -318,12 +318,12 @@ memberof_isGroupOrMember( Operation *op, memberof_is_t *iswhatp, memberof_cbinfo
if ( mc.foundit ) { if ( mc.foundit ) {
iswhat |= MEMBEROF_IS_MEMBER; iswhat |= MEMBEROF_IS_MEMBER;
mci->memberof = mc.vals; if ( mc.vals ) mci->memberof = mc.vals;
} }
} }
*iswhatp = iswhat; mci->what = iswhat;
return LDAP_SUCCESS; return LDAP_SUCCESS;
} }
...@@ -718,13 +718,9 @@ memberof_op_delete( Operation *op, SlapReply *rs ) ...@@ -718,13 +718,9 @@ memberof_op_delete( Operation *op, SlapReply *rs )
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info; slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
memberof_t *mo = (memberof_t *)on->on_bi.bi_private; memberof_t *mo = (memberof_t *)on->on_bi.bi_private;
memberof_is_t iswhat = MEMBEROF_IS_GROUP;
slap_callback *sc; slap_callback *sc;
memberof_cbinfo_t *mci; memberof_cbinfo_t *mci;
if ( MEMBEROF_REFINT( mo ) ) {
iswhat = MEMBEROF_IS_BOTH;
}
sc = op->o_tmpalloc( sizeof(slap_callback)+sizeof(*mci), op->o_tmpmemctx ); sc = op->o_tmpalloc( sizeof(slap_callback)+sizeof(*mci), op->o_tmpmemctx );
sc->sc_private = sc+1; sc->sc_private = sc+1;
...@@ -734,8 +730,12 @@ memberof_op_delete( Operation *op, SlapReply *rs ) ...@@ -734,8 +730,12 @@ memberof_op_delete( Operation *op, SlapReply *rs )
mci->on = on; mci->on = on;
mci->member = NULL; mci->member = NULL;
mci->memberof = NULL; mci->memberof = NULL;
mci->what = MEMBEROF_IS_GROUP;
if ( MEMBEROF_REFINT( mo ) ) {
mci->what = MEMBEROF_IS_BOTH;
}
memberof_isGroupOrMember( op, &iswhat, mci ); memberof_isGroupOrMember( op, mci );
sc->sc_next = op->o_callback; sc->sc_next = op->o_callback;
op->o_callback = sc; op->o_callback = sc;
...@@ -752,7 +752,6 @@ memberof_op_modify( Operation *op, SlapReply *rs ) ...@@ -752,7 +752,6 @@ memberof_op_modify( Operation *op, SlapReply *rs )
Modifications **mlp, **mmlp = NULL; Modifications **mlp, **mmlp = NULL;
int rc = SLAP_CB_CONTINUE, save_member = 0; int rc = SLAP_CB_CONTINUE, save_member = 0;
struct berval save_dn, save_ndn; struct berval save_dn, save_ndn;
memberof_is_t iswhat = MEMBEROF_IS_GROUP;
slap_callback *sc; slap_callback *sc;
memberof_cbinfo_t *mci, mcis; memberof_cbinfo_t *mci, mcis;
...@@ -770,9 +769,10 @@ memberof_op_modify( Operation *op, SlapReply *rs ) ...@@ -770,9 +769,10 @@ memberof_op_modify( Operation *op, SlapReply *rs )
save_dn = op->o_dn; save_dn = op->o_dn;
save_ndn = op->o_ndn; save_ndn = op->o_ndn;
mcis.on = on; mcis.on = on;
mcis.what = MEMBEROF_IS_GROUP;
if ( memberof_isGroupOrMember( op, &iswhat, &mcis ) == LDAP_SUCCESS if ( memberof_isGroupOrMember( op, &mcis ) == LDAP_SUCCESS
&& ( iswhat & MEMBEROF_IS_GROUP ) ) && ( mcis.what & MEMBEROF_IS_GROUP ) )
{ {
Modifications *ml; Modifications *ml;
...@@ -1127,6 +1127,7 @@ done2:; ...@@ -1127,6 +1127,7 @@ done2:;
mci->on = on; mci->on = on;
mci->member = NULL; mci->member = NULL;
mci->memberof = NULL; mci->memberof = NULL;
mci->what = mcis.what;
if ( save_member ) { if ( save_member ) {
op->o_dn = op->o_bd->be_rootdn; op->o_dn = op->o_bd->be_rootdn;
...@@ -1287,7 +1288,6 @@ memberof_res_modify( Operation *op, SlapReply *rs ) ...@@ -1287,7 +1288,6 @@ memberof_res_modify( Operation *op, SlapReply *rs )
int i, rc; int i, rc;
Modifications *ml, *mml = NULL; Modifications *ml, *mml = NULL;
BerVarray vals; BerVarray vals;
memberof_is_t iswhat = MEMBEROF_IS_GROUP;
if ( rs->sr_err != LDAP_SUCCESS ) { if ( rs->sr_err != LDAP_SUCCESS ) {
return SLAP_CB_CONTINUE; return SLAP_CB_CONTINUE;
...@@ -1355,8 +1355,7 @@ memberof_res_modify( Operation *op, SlapReply *rs ) ...@@ -1355,8 +1355,7 @@ memberof_res_modify( Operation *op, SlapReply *rs )
} }
} }
if ( memberof_isGroupOrMember( op, &iswhat, mci ) == LDAP_SUCCESS if ( mci->what & MEMBEROF_IS_GROUP )
&& ( iswhat & MEMBEROF_IS_GROUP ) )
{ {
for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) { for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
if ( ml->sml_desc != mo->mo_ad_member ) { if ( ml->sml_desc != mo->mo_ad_member ) {
...@@ -1431,14 +1430,14 @@ memberof_res_modrdn( Operation *op, SlapReply *rs ) ...@@ -1431,14 +1430,14 @@ memberof_res_modrdn( Operation *op, SlapReply *rs )
BerVarray vals; BerVarray vals;
struct berval save_dn, save_ndn; struct berval save_dn, save_ndn;
memberof_is_t iswhat = MEMBEROF_IS_GROUP;
if ( rs->sr_err != LDAP_SUCCESS ) { if ( rs->sr_err != LDAP_SUCCESS ) {
return SLAP_CB_CONTINUE; return SLAP_CB_CONTINUE;
} }
mci->what = MEMBEROF_IS_GROUP;
if ( MEMBEROF_REFINT( mo ) ) { if ( MEMBEROF_REFINT( mo ) ) {
iswhat |= MEMBEROF_IS_MEMBER; mci->what |= MEMBEROF_IS_MEMBER;
} }
if ( op->orr_nnewSup ) { if ( op->orr_nnewSup ) {
...@@ -1455,11 +1454,11 @@ memberof_res_modrdn( Operation *op, SlapReply *rs ) ...@@ -1455,11 +1454,11 @@ memberof_res_modrdn( Operation *op, SlapReply *rs )
op->o_req_dn = newNDN; op->o_req_dn = newNDN;
op->o_req_ndn = newNDN; op->o_req_ndn = newNDN;
rc = memberof_isGroupOrMember( op, &iswhat, mci ); rc = memberof_isGroupOrMember( op, mci );
op->o_req_dn = save_dn; op->o_req_dn = save_dn;
op->o_req_ndn = save_ndn; op->o_req_ndn = save_ndn;
if ( rc != LDAP_SUCCESS || iswhat == MEMBEROF_IS_NONE ) { if ( rc != LDAP_SUCCESS || mci->what == MEMBEROF_IS_NONE ) {
goto done; goto done;
} }
...@@ -1472,7 +1471,7 @@ memberof_res_modrdn( Operation *op, SlapReply *rs ) ...@@ -1472,7 +1471,7 @@ memberof_res_modrdn( Operation *op, SlapReply *rs )
build_new_dn( &newDN, &newPDN, &op->orr_newrdn, op->o_tmpmemctx ); build_new_dn( &newDN, &newPDN, &op->orr_newrdn, op->o_tmpmemctx );
if ( iswhat & MEMBEROF_IS_GROUP ) { if ( mci->what & MEMBEROF_IS_GROUP ) {
op->o_bd->bd_info = (BackendInfo *)on->on_info; op->o_bd->bd_info = (BackendInfo *)on->on_info;
rc = backend_attribute( op, NULL, &newNDN, rc = backend_attribute( op, NULL, &newNDN,
mo->mo_ad_member, &vals, ACL_READ ); mo->mo_ad_member, &vals, ACL_READ );
...@@ -1489,7 +1488,7 @@ memberof_res_modrdn( Operation *op, SlapReply *rs ) ...@@ -1489,7 +1488,7 @@ memberof_res_modrdn( Operation *op, SlapReply *rs )
} }
} }
if ( MEMBEROF_REFINT( mo ) && ( iswhat & MEMBEROF_IS_MEMBER ) ) { if ( MEMBEROF_REFINT( mo ) && ( mci->what & MEMBEROF_IS_MEMBER ) ) {
op->o_bd->bd_info = (BackendInfo *)on->on_info; op->o_bd->bd_info = (BackendInfo *)on->on_info;
rc = backend_attribute( op, NULL, &newNDN, rc = backend_attribute( op, NULL, &newNDN,
mo->mo_ad_memberof, &vals, ACL_READ ); mo->mo_ad_memberof, &vals, ACL_READ );
......
...@@ -148,3 +148,44 @@ cn: Roger Rabbit ...@@ -148,3 +148,44 @@ cn: Roger Rabbit
sn: Rabbit sn: Rabbit
memberOf: cn=Cartoonia,ou=Groups,dc=example,dc=com memberOf: cn=Cartoonia,ou=Groups,dc=example,dc=com
# Re-search the entire database...
dn: dc=example,dc=com
objectClass: organization
objectClass: dcObject
o: Example, Inc.
dc: example
dn: cn=group1,ou=Groups,dc=example,dc=com
objectClass: groupA
cn: group1
dn: cn=group2,ou=Groups,dc=example,dc=com
objectClass: groupB
cn: group2
memberB: cn=person1,ou=People,dc=example,dc=com
memberB: cn=person2,ou=People,dc=example,dc=com
dn: ou=Groups,dc=example,dc=com
objectClass: organizationalUnit
ou: Groups
dn: ou=People,dc=example,dc=com
objectClass: organizationalUnit
ou: People
dn: cn=person1,ou=People,dc=example,dc=com
objectClass: person
objectClass: groupMemberA
objectClass: groupMemberB
cn: person1
sn: person1
memberOfB: cn=group2,ou=Groups,dc=example,dc=com
dn: cn=person2,ou=People,dc=example,dc=com
objectClass: person
objectClass: groupMemberA
objectClass: groupMemberB
cn: person2
sn: person2
memberOfB: cn=group2,ou=Groups,dc=example,dc=com
...@@ -75,6 +75,26 @@ fi ...@@ -75,6 +75,26 @@ fi
echo "Running ldapadd to build slapd config database..." echo "Running ldapadd to build slapd config database..."
$LDAPADD -h $LOCALHOST -p $PORT1 -D 'cn=config' -w `cat $CONFIGPWF` \ $LDAPADD -h $LOCALHOST -p $PORT1 -D 'cn=config' -w `cat $CONFIGPWF` \
>> $TESTOUT 2>&1 <<EOF >> $TESTOUT 2>&1 <<EOF
dn: cn=symas group example,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: symas group example
olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.1
NAME 'memberA' SUP distinguishedName )
olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.2
NAME 'memberOfA' SUP distinguishedName )
olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.3
NAME 'memberB' SUP distinguishedName )
olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.4
NAME 'memberOfB' SUP distinguishedName )
olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.1
NAME 'groupA' SUP top STRUCTURAL MUST cn MAY memberA )
olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.2
NAME 'groupMemberA' SUP top AUXILIARY MAY memberOfA )
olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.3
NAME 'groupB' SUP top STRUCTURAL MUST cn MAY memberB )
olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.4
NAME 'groupMemberB' SUP top AUXILIARY MAY memberOfB )
dn: olcDatabase={1}$BACKEND,cn=config dn: olcDatabase={1}$BACKEND,cn=config
objectClass: olcDatabaseConfig objectClass: olcDatabaseConfig
objectClass: olc${BACKEND}Config objectClass: olc${BACKEND}Config
...@@ -91,7 +111,6 @@ olcDbIndex: uid pres,eq,sub ...@@ -91,7 +111,6 @@ olcDbIndex: uid pres,eq,sub
olcDbIndex: sn pres,eq,sub olcDbIndex: sn pres,eq,sub
olcDbMode: 384 olcDbMode: 384
# {0}memberof, {1}$BACKEND, config
dn: olcOverlay={0}memberof,olcDatabase={1}$BACKEND,cn=config dn: olcOverlay={0}memberof,olcDatabase={1}$BACKEND,cn=config
objectClass: olcOverlayConfig objectClass: olcOverlayConfig
objectClass: olcMemberOf objectClass: olcMemberOf
...@@ -100,6 +119,25 @@ olcMemberOfRefInt: TRUE ...@@ -100,6 +119,25 @@ olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupOfNames olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member olcMemberOfMemberAD: member
olcMemberOfMemberOfAD: memberOf olcMemberOfMemberOfAD: memberOf
dn: olcOverlay={1}memberof,olcDatabase={1}$BACKEND,cn=config
objectClass: olcOverlayConfig
objectClass: olcMemberOf
olcOverlay: {1}memberof
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupA
olcMemberOfMemberAD: memberA
olcMemberOfMemberOfAD: memberOfA
dn: olcOverlay={2}memberof,olcDatabase={1}$BACKEND,cn=config
objectClass: olcOverlayConfig
objectClass: olcMemberOf
olcOverlay: {2}memberof
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupB
olcMemberOfMemberAD: memberB
olcMemberOfMemberOfAD: memberOfB
EOF EOF
RC=$? RC=$?
if test $RC != 0 ; then if test $RC != 0 ; then
...@@ -227,6 +265,66 @@ if test $RC != 0 ; then ...@@ -227,6 +265,66 @@ if test $RC != 0 ; then
exit $RC exit $RC
fi fi
echo "Adding groups with MAY member type schemas..."
$LDAPMODIFY -h $LOCALHOST -p $PORT1 \
-D "cn=Manager,$BASEDN" -w secret \
>> $TESTOUT 2>&1 <<EOF
dn: cn=Roger Rabbit,ou=People,$BASEDN
changetype: delete
dn: cn=Jessica Rabbit,ou=People,$BASEDN
changetype: delete
dn: cn=Cartoonia,ou=Groups,$BASEDN
changetype: delete
dn: cn=person1,ou=People,$BASEDN
changetype: add
objectClass: person
objectClass: groupMemberA
objectClass: groupMemberB
cn: person1
sn: person1
dn: cn=person2,ou=People,$BASEDN
changetype: add
objectClass: person
objectClass: groupMemberA
objectClass: groupMemberB
cn: person2
sn: person2
dn: cn=group1,ou=Groups,$BASEDN
changetype: add
objectclass: groupA
cn: group1
memberA: cn=person1,ou=People,$BASEDN
memberA: cn=person2,ou=People,$BASEDN
dn: cn=group2,ou=Groups,$BASEDN
changetype: add
objectclass: groupB
cn: group2
memberB: cn=person1,ou=People,$BASEDN
memberB: cn=person2,ou=People,$BASEDN
dn: cn=group1,ou=Groups,$BASEDN
changetype: modify
delete: memberA
EOF
echo "Re-search the entire database..."
echo "# Re-search the entire database..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
'(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapsearch failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
test $KILLSERVERS != no && kill -HUP $KILLPIDS test $KILLSERVERS != no && kill -HUP $KILLPIDS
LDIF=$MEMBEROFOUT LDIF=$MEMBEROFOUT
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment