Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
Joe Martin
OpenLDAP
Commits
8f4621a4
Commit
8f4621a4
authored
Jan 21, 2009
by
Quanah Gibson-Mount
Browse files
ITS
#5804
parent
a2464cc3
Changes
10
Expand all
Hide whitespace changes
Inline
Side-by-side
CHANGES
View file @
8f4621a4
...
...
@@ -5,6 +5,7 @@ OpenLDAP 2.4.14 Engineering
Fixed libldap peer cert memory leak (ITS#5849)
Fixed libldap_r deref building (ITS#5768)
Fixed libldap_r slapd lockup when paused during shutdown (ITS#5841)
Added slapd val.regex expansion (ITS#5804)
Fixed slapd syncrepl rename handling (ITS#5809)
Fixed slapd syncrepl MMR when adding new server (ITS#5850)
Fixed slapd-ldif numerous bugs (ITS#5408)
...
...
doc/man/man5/slapd.access.5
View file @
8f4621a4
...
...
@@ -369,6 +369,10 @@ ranging from 0 to 9 (where 0 matches the entire string),
or the form
.BR ${<digit>+} ,
for submatches higher than 9.
Substring substitution from attribute value can
be done in
using the form
.BR ${v<digit>+} .
Since the dollar character is used to indicate a substring replacement,
the dollar character that is used to indicate match up to the end of
the string must be escaped by a second dollar character, e.g.
...
...
servers/slapd/aci.c
View file @
8f4621a4
...
...
@@ -400,11 +400,15 @@ aci_group_member (
if
(
grp_oc
!=
NULL
&&
grp_ad
!=
NULL
)
{
char
buf
[
ACI_BUF_SIZE
];
struct
berval
bv
,
ndn
;
AclRegexMatches
amatches
=
{
0
};
amatches
.
dn_count
=
nmatch
;
AC_MEMCPY
(
amatches
.
dn_data
,
matches
,
sizeof
(
amatches
.
dn_data
)
);
bv
.
bv_len
=
sizeof
(
buf
)
-
1
;
bv
.
bv_val
=
(
char
*
)
&
buf
;
if
(
acl_string_expand
(
&
bv
,
&
subjdn
,
e
->
e_n
dn
,
nmatch
,
matches
)
)
&
e
->
e_n
name
,
NULL
,
&
a
matches
)
)
{
rc
=
LDAP_OTHER
;
goto
done
;
...
...
servers/slapd/acl.c
View file @
8f4621a4
This diff is collapsed.
Click to expand it.
servers/slapd/aclparse.c
View file @
8f4621a4
...
...
@@ -528,7 +528,7 @@ parse_acl(
if
(
style
!=
NULL
)
{
if
(
strcasecmp
(
style
,
"regex"
)
==
0
)
{
int
e
=
regcomp
(
&
a
->
acl_attrval_re
,
bv
.
bv_val
,
REG_EXTENDED
|
REG_ICASE
|
REG_NOSUB
);
REG_EXTENDED
|
REG_ICASE
);
if
(
e
)
{
char
err
[
SLAP_TEXT_BUFLEN
],
buf
[
SLAP_TEXT_BUFLEN
];
...
...
@@ -1004,7 +1004,8 @@ parse_acl(
<
bdn
->
a_pat
.
bv_len
;
exp
=
strchr
(
exp
,
'$'
)
)
{
if
(
isdigit
(
(
unsigned
char
)
exp
[
1
]
)
)
{
if
(
(
isdigit
(
(
unsigned
char
)
exp
[
1
]
)
||
exp
[
1
]
==
'{'
)
)
{
gotit
=
1
;
break
;
}
...
...
servers/slapd/proto-slap.h
View file @
8f4621a4
...
...
@@ -93,7 +93,7 @@ LDAP_SLAPD_F (int) acl_match_set LDAP_P((
struct
berval
*
default_set_attribute
));
LDAP_SLAPD_F
(
int
)
acl_string_expand
LDAP_P
((
struct
berval
*
newbuf
,
struct
berval
*
pattern
,
char
*
match
,
int
nmatch
,
regm
atch
_t
*
matches
));
struct
berval
*
dnmatch
,
struct
berval
*
valmatch
,
AclRegexM
atch
es
*
matches
));
/*
* aclparse.c
...
...
servers/slapd/slap.h
View file @
8f4621a4
...
...
@@ -1547,6 +1547,13 @@ typedef struct AccessControlState {
#define ACL_STATE_INIT { NULL, NULL, NULL, \
ACL_STATE_NOT_RECORDED, 0, 0, 0 }
typedef
struct
AclRegexMatches
{
int
dn_count
;
regmatch_t
dn_data
[
MAXREMATCHES
];
int
val_count
;
regmatch_t
val_data
[
MAXREMATCHES
];
}
AclRegexMatches
;
/*
* Backend-info
* represents a backend
...
...
tests/data/slapd-valregex.conf
0 → 100644
View file @
8f4621a4
# master slapd config -- for testing
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2008 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
include
@
SCHEMADIR
@/
core
.
schema
include
@
SCHEMADIR
@/
cosine
.
schema
include
@
SCHEMADIR
@/
inetorgperson
.
schema
include
@
SCHEMADIR
@/
openldap
.
schema
include
@
SCHEMADIR
@/
nis
.
schema
pidfile
@
TESTDIR
@/
slapd
.
1
.
pid
argsfile
@
TESTDIR
@/
slapd
.
1
.
args
# global ACLs
#
# normal installations should protect root dse, cn=monitor, cn=subschema
#
access
to
dn
.
exact
=
""
attrs
=
objectClass
by
users
read
access
to
*
by
*
read
#mod#modulepath ../servers/slapd/back-@BACKEND@/
#mod#moduleload back_@BACKEND@.la
#monitormod#modulepath ../servers/slapd/back-monitor/
#monitormod#moduleload back_monitor.la
#######################################################################
# database definitions
#######################################################################
database
@
BACKEND
@
suffix
"dc=example,dc=com"
directory
@
TESTDIR
@/
db
.
1
.
a
rootdn
"cn=Manager,dc=example,dc=com"
rootpw
secret
#bdb#index objectClass eq
#bdb#index cn,sn,uid pres,eq,sub
#hdb#index objectClass eq
#hdb#index cn,sn,uid pres,eq,sub
#ndb#dbname db_1
#ndb#include @DATADIR@/ndb.conf
access
to
attrs
=
userPassword
by
anonymous
auth
by
*
none
stop
access
to
attrs
=
sn
val
.
regex
=
"^(.*)$"
by
dn
.
exact
,
expand
=
"cn=${v1},ou=Alumni Association,ou=People,dc=example,dc=com"
write
by
*
read
stop
access
to
attrs
=
sn
val
.
regex
=
"."
by
*
read
stop
access
to
attrs
=
sn
by
dn
.
exact
=
"cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com"
write
by
*
read
stop
# fall into global ACLs
#monitor#database monitor
tests/scripts/defines.sh
View file @
8f4621a4
...
...
@@ -131,6 +131,7 @@ DDSCONF=$DATADIR/slapd-dds.conf
PASSWDCONF
=
$DATADIR
/slapd-passwd.conf
UNDOCONF
=
$DATADIR
/slapd-config-undo.conf
NAKEDCONF
=
$DATADIR
/slapd-config-naked.conf
VALREGEXCONF
=
$DATADIR
/slapd-valregex.conf
DYNAMICCONF
=
$DATADIR
/slapd-dynamic.ldif
...
...
tests/scripts/test055-valregex
0 → 100755
View file @
8f4621a4
#! /bin/sh
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2008 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
case
"
$BACKEND
"
in
bdb|hdb
)
;;
*
)
echo
"Test does not support
$BACKEND
backend"
exit
0
esac
echo
"running defines.sh"
.
$SRCDIR
/scripts/defines.sh
LVL
=
acl
mkdir
-p
$TESTDIR
$DBDIR1
echo
"Running slapadd to build slapd database..."
.
$CONFFILTER
$BACKEND
$MONITORDB
<
$VALREGEXCONF
>
$CONF1
$SLAPADD
-f
$CONF1
-l
$LDIFORDERED
RC
=
$?
if
test
$RC
!=
0
;
then
echo
"slapadd failed (
$RC
)!"
exit
$RC
fi
echo
"Starting slapd on TCP/IP port
$PORT1
..."
$SLAPD
-f
$CONF1
-h
$URI1
-d
$LVL
$TIMING
>
$LOG1
2>&1 &
PID
=
$!
if
test
$WAIT
!=
0
;
then
echo
PID
$PID
read
foo
fi
KILLPIDS
=
"
$PID
"
sleep
1
echo
"Testing attribute value regex subsitution..."
for
i
in
0 1 2 3 4 5
;
do
$LDAPSEARCH
-s
base
-b
"
$MONITOR
"
-h
$LOCALHOST
-p
$PORT1
\
'objectclass=*'
>
/dev/null 2>&1
RC
=
$?
if
test
$RC
=
0
;
then
break
fi
echo
"Waiting 5 seconds for slapd to start..."
sleep
5
done
if
test
$RC
!=
0
;
then
echo
"ldapsearch failed (
$RC
)!"
test
$KILLSERVERS
!=
no
&&
kill
-HUP
$KILLPIDS
exit
$RC
fi
cat
/dev/null
>
$SEARCHOUT
echo
"# Try an attribute vale regex that match, but substitute does not"
echo
"# this should fail"
$LDAPMODIFY
-D
"
$JAJDN
"
-h
$LOCALHOST
-p
$PORT1
-w
jaj
>>
\
$TESTOUT
2>&1
<<
EOMODS
dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
changetype: modify
replace: sn
sn: foobarbuz
EOMODS
RC
=
$?
case
$RC
in
50
)
echo
"ldapmodify failed as expected"
;;
0
)
echo
"ldapmodify should have failed (
$RC
)!"
test
$KILLSERVERS
!=
no
&&
kill
-HUP
$KILLPIDS
exit
-1
;;
*
)
echo
"ldapmodify failed (
$RC
)!"
test
$KILLSERVERS
!=
no
&&
kill
-HUP
$KILLPIDS
exit
$RC
;;
esac
echo
"# Try an attribute vale regex that match and substitute does"
echo
"# this should succeed"
$LDAPMODIFY
-D
"
$JAJDN
"
-h
$LOCALHOST
-p
$PORT1
-w
jaj
>>
\
$TESTOUT
2>&1
<<
EOMODS
dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
changetype: modify
replace: sn
sn: James A Jones 1
EOMODS
RC
=
$?
test
$KILLSERVERS
!=
no
&&
kill
-HUP
$KILLPIDS
case
$RC
in
0
)
echo
"ldapmodify succeed as expected"
;;
*
)
echo
"ldapmodify failed (
$RC
)!"
exit
$RC
;;
esac
echo
">>>>> Test succeeded"
test
$KILLSERVERS
!=
no
&&
wait
exit
0
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment