Commit c76fb698 authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

ITS#5408

parent eb53400b
......@@ -30,6 +30,7 @@ OpenLDAP 2.4.9 Engineering
Fixed slapd-bdb referral rewrite (ITS#5339)
Fixed slapd-config attribute publishing (ITS#5383)
Fixed slapd-ldap connection handler (ITS#5404)
Fixed slapd-ldif file name handling (ITS#5408)
Fixed slapd-meta connections on error (ITS#5440)
Fixed slapd-meta crash on search (ITS#5481)
Fixed slapo-auditlog unnecessary syscall (ITS#5441)
......
......@@ -50,8 +50,55 @@ struct ldif_info {
#define mkdir(a,b) mkdir(a)
#endif
#define LDIF ".ldif"
#define LDIF_FILETYPE_SEP '.' /* LDIF[0] */
/*
* Unsafe/translated characters in the filesystem.
*
* LDIF_UNSAFE_CHAR(c) returns true if the character c is not to be used
* in relative filenames, except it should accept '\\' even if unsafe and
* need not reject '{' and '}'. The value should be a constant expression.
*
* If '\\' is unsafe, #define LDIF_ESCAPE_CHAR as a safe character.
*
* If '{' and '}' are unsafe, #define IX_FSL/IX_FSR as safe characters.
* (Not digits, '-' or '+'. IX_FSL == IX_FSR is allowed.)
*
* Characters are escaped as LDIF_ESCAPE_CHAR followed by two hex digits,
* except '\\' is replaced with LDIF_ESCAPE_CHAR and {} with IX_FS[LR].
* Also some LDIF special chars are hex-escaped.
*
* Thus an LDIF filename is a valid normalized RDN (or suffix DN)
* followed by ".ldif", except with '\\' replaced with LDIF_ESCAPE_CHAR.
*/
#ifndef _WIN32
/*
* Unix/MacOSX version. ':' vs '/' can cause confusion on MacOSX so we
* escape both. We escape them on Unix so both OS variants get the same
* filenames.
*/
#define LDIF_ESCAPE_CHAR '\\'
#define LDIF_UNSAFE_CHAR(c) ((c) == '/' || (c) == ':')
#else /* _WIN32 */
/* Windows version - Microsoft's list of unsafe characters, except '\\' */
#define LDIF_ESCAPE_CHAR '^'
#define LDIF_UNSAFE_CHAR(c) \
((c) == '/' || (c) == ':' || \
(c) == '<' || (c) == '>' || (c) == '"' || \
(c) == '|' || (c) == '?' || (c) == '*')
#endif /* !_WIN32 */
/*
* Left and Right "{num}" prefix to ordered RDNs ("olcDatabase={1}bdb").
* IX_DN* are for LDAP RDNs, IX_FS* for their .ldif filenames.
*/
#define IX_DNL '{'
#define IX_DNR '}'
#ifndef IX_FSL
......@@ -59,6 +106,33 @@ struct ldif_info {
#define IX_FSR IX_DNR
#endif
/*
* Test for unsafe chars, as well as chars handled specially by back-ldif:
* - If the escape char is not '\\', it must itself be escaped. Otherwise
* '\\' and the escape char would map to the same character.
* - Escape the '.' in ".ldif", so the directory for an RDN that actually
* ends with ".ldif" can not conflict with a file of the same name. And
* since some OSes/programs choke on multiple '.'s, escape all of them.
* - If '{' and '}' are translated to some other characters, those
* characters must in turn be escaped when they occur in an RDN.
*/
#ifndef LDIF_NEED_ESCAPE
#define LDIF_NEED_ESCAPE(c) \
((LDIF_UNSAFE_CHAR(c)) || \
LDIF_MAYBE_UNSAFE(c, LDIF_ESCAPE_CHAR) || \
LDIF_MAYBE_UNSAFE(c, LDIF_FILETYPE_SEP) || \
LDIF_MAYBE_UNSAFE(c, IX_FSL) || \
(IX_FSR != IX_FSL && LDIF_MAYBE_UNSAFE(c, IX_FSR)))
#endif
/*
* Helper macro for LDIF_NEED_ESCAPE(): Treat character x as unsafe if
* back-ldif does not already treat is specially.
*/
#define LDIF_MAYBE_UNSAFE(c, x) \
(!(LDIF_UNSAFE_CHAR(x) || (x) == '\\' || (x) == IX_DNL || (x) == IX_DNR) \
&& (c) == (x))
#define ENTRY_BUFF_INCREMENT 500
static ConfigTable ldifcfg[] = {
......@@ -67,7 +141,7 @@ static ConfigTable ldifcfg[] = {
"( OLcfgDbAt:0.1 NAME 'olcDbDirectory' "
"DESC 'Directory for database content' "
"EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString )", NULL, NULL },
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
{ NULL, NULL, 0, 0, 0, ARG_IGNORED,
NULL, NULL, NULL, NULL }
};
......@@ -81,94 +155,64 @@ static ConfigOCs ldifocs[] = {
{ NULL, 0, NULL }
};
/* Set *res = LDIF filename path for the normalized DN */
static void
dn2path(struct berval * orig_dn, struct berval * suffixdn, struct berval * base_path,
struct berval *res)
dn2path( BackendDB *be, struct berval *dn, struct berval *res )
{
char *ptr, *sep, *end;
int nsep = 0;
struct berval dn;
assert( orig_dn != NULL );
assert( !BER_BVISNULL( orig_dn ) );
struct ldif_info *li = (struct ldif_info *) be->be_private;
struct berval *suffixdn = &be->be_nsuffix[0];
const char *start, *end, *next, *p;
char ch, *ptr;
ber_len_t len;
static const char hex[] = "0123456789ABCDEF";
assert( dn != NULL );
assert( !BER_BVISNULL( dn ) );
assert( suffixdn != NULL );
assert( !BER_BVISNULL( suffixdn ) );
assert( dnIsSuffix( orig_dn, suffixdn ) );
dn = *orig_dn;
/* escape dirsep's
* use "\" + hexpair, so the escaped DN remains formally valid */
for ( ptr = dn.bv_val, end = &dn.bv_val[dn.bv_len]; ptr < end; ptr++ ) {
if ( ptr[0] == LDAP_DIRSEP[0] ) {
nsep++;
}
}
if ( nsep ) {
char *p;
assert( dnIsSuffix( dn, suffixdn ) );
dn.bv_len += 2*nsep;
dn.bv_val = ch_malloc( dn.bv_len + 1 );
start = dn->bv_val;
end = start + dn->bv_len;
for ( ptr = orig_dn->bv_val, end = &orig_dn->bv_val[orig_dn->bv_len], p = dn.bv_val;
ptr < end; ptr++, p++)
{
static const char hex[] = "0123456789ABCDEF";
if ( ptr[0] == LDAP_DIRSEP[0] ) {
*p++ = '\\';
*p++ = hex[(LDAP_DIRSEP[0] & 0xF0U) >> 4];
*p = hex[LDAP_DIRSEP[0] & 0x0FU];
} else {
p[0] = ptr[0];
}
}
p[0] = '\0';
}
res->bv_len = dn.bv_len + base_path->bv_len + 1 + STRLENOF( LDIF );
res->bv_val = ch_malloc( res->bv_len + 1 );
ptr = lutil_strcopy( res->bv_val, base_path->bv_val );
end = dn.bv_val + dn.bv_len;
if ( !BER_BVISEMPTY( suffixdn ) ) {
*ptr++ = LDAP_DIRSEP[0];
ptr = lutil_strcopy( ptr, suffixdn->bv_val );
end -= suffixdn->bv_len + 1;
} else if ( BER_BVISEMPTY( &dn ) ) {
*ptr++ = LDAP_DIRSEP[0];
/* Room for dir, dirsep, dn, LDIF, "\hexpair"-escaping of unsafe chars */
len = li->li_base_path.bv_len + dn->bv_len + (1 + STRLENOF( LDIF ));
for ( p = start; p < end; ) {
ch = *p++;
if ( LDIF_NEED_ESCAPE( ch ) )
len += 2;
}
while ( end > dn.bv_val ) {
for (sep = end-1; sep >= dn.bv_val && !DN_SEPARATOR( *sep ); sep--);
*ptr++ = LDAP_DIRSEP[0];
ptr = lutil_strncopy( ptr, sep+1, end-sep-1 );
end = sep;
}
strcpy(ptr, LDIF);
#if IX_FSL != IX_DNL
{
struct berval bv;
bv = *res;
while ( ptr = ber_bvchr( &bv, IX_DNL ) ) {
*ptr++ = IX_FSL;
assert( ( ptr - bv.bv_val ) <= bv.bv_len );
bv.bv_len -= ( ptr - bv.bv_val );
bv.bv_val = ptr;
ptr = ber_bvchr( &bv, IX_DNR );
if ( !ptr )
res->bv_val = ch_malloc( len + 1 );
ptr = lutil_strcopy( res->bv_val, li->li_base_path.bv_val );
for ( next = end - suffixdn->bv_len; end > start; end = next ) {
/* Set p = start of DN component, next = &',' or start of DN */
while ( (p = next) > start ) {
--next;
if ( DN_SEPARATOR( *next ) )
break;
*ptr++ = IX_FSR;
assert( ( ptr - bv.bv_val ) <= bv.bv_len );
bv.bv_len -= ( ptr - bv.bv_val );
bv.bv_val = ptr;
}
/* Append <dirsep> <p..end-1: RDN or database-suffix> */
for ( *ptr++ = LDAP_DIRSEP[0]; p < end; *ptr++ = ch ) {
ch = *p++;
if ( LDIF_ESCAPE_CHAR != '\\' && ch == '\\' ) {
ch = LDIF_ESCAPE_CHAR;
} else if ( IX_FSL != IX_DNL && ch == IX_DNL ) {
ch = IX_FSL;
} else if ( IX_FSR != IX_DNR && ch == IX_DNR ) {
ch = IX_FSR;
} else if ( LDIF_NEED_ESCAPE( ch ) ) {
*ptr++ = LDIF_ESCAPE_CHAR;
*ptr++ = hex[(ch & 0xFFU) >> 4];
ch = hex[ch & 0x0FU];
}
}
}
#endif
if ( dn.bv_val != orig_dn->bv_val ) {
ch_free( dn.bv_val );
}
ptr = lutil_strcopy( ptr, LDIF );
res->bv_len = ptr - res->bv_val;
assert( strlen( res->bv_val ) == res->bv_len );
assert( res->bv_len <= len );
}
static char * slurp_file(int fd) {
......@@ -358,28 +402,34 @@ static Entry * get_entry_for_fd(int fd,
return ldentry;
}
static Entry * get_entry(Operation *op, struct berval *base_path) {
static int
get_entry(
Operation *op,
Entry **entryp,
struct berval *pathp )
{
int rc;
struct berval path, pdn, pndn;
int fd;
dnParent(&op->o_req_dn, &pdn);
dnParent(&op->o_req_ndn, &pndn);
dn2path(&op->o_req_ndn, op->o_bd->be_nsuffix, base_path, &path);
dn2path( op->o_bd, &op->o_req_ndn, &path );
fd = open(path.bv_val, O_RDONLY);
/* error opening file (mebbe should log error) */
if ( fd == -1 && ( errno != ENOENT || op->o_tag != LDAP_REQ_ADD ) ) {
Debug( LDAP_DEBUG_ANY, "failed to open file \"%s\": %s\n",
path.bv_val, STRERROR(errno), 0 );
}
*entryp = fd < 0 ? NULL : get_entry_for_fd( fd, &pdn, &pndn );
rc = *entryp ? LDAP_SUCCESS : LDAP_NO_SUCH_OBJECT;
if(path.bv_val != NULL)
if ( rc == LDAP_SUCCESS && pathp != NULL ) {
*pathp = path;
} else {
SLAP_FREE(path.bv_val);
if ( fd != -1 ) {
return get_entry_for_fd(fd, &pdn, &pndn);
}
return NULL;
return rc;
}
static void fullpath(struct berval *base, struct berval *name, struct berval *res) {
......@@ -582,21 +632,23 @@ enum_tree(
enumCookie *ck
)
{
struct ldif_info *li = (struct ldif_info *) ck->op->o_bd->be_private;
struct berval path;
struct berval pdn, pndn;
int rc;
dnParent( &ck->op->o_req_dn, &pdn );
dnParent( &ck->op->o_req_ndn, &pndn );
dn2path( &ck->op->o_req_ndn, &ck->op->o_bd->be_nsuffix[0], &li->li_base_path, &path);
dn2path( ck->op->o_bd, &ck->op->o_req_ndn, &path );
rc = r_enum_tree(ck, &path, BER_BVISEMPTY( &ck->op->o_req_ndn ) ? 1 : 0, &pdn, &pndn);
ch_free( path.bv_val );
return rc;
}
/* Get the parent path plus the LDIF suffix */
static void get_parent_path(struct berval * dnpath, struct berval *res) {
/* Get the parent directory path, plus the LDIF suffix overwritten by a \0 */
static void
get_parent_path( struct berval *dnpath, struct berval *res )
{
int dnpathlen = dnpath->bv_len;
int i;
......@@ -618,7 +670,7 @@ static int apply_modify_to_entry(Entry * entry,
char textbuf[SLAP_TEXT_BUFLEN];
int rc = modlist ? LDAP_UNWILLING_TO_PERFORM : LDAP_SUCCESS;
int is_oc = 0;
Modification *mods = NULL;
Modification *mods;
if (!acl_check_modlist(op, entry, modlist)) {
return LDAP_INSUFFICIENT_ACCESS;
......@@ -659,8 +711,6 @@ static int apply_modify_to_entry(Entry * entry,
sizeof( textbuf ) );
break;
break;
case SLAP_MOD_SOFTADD:
mods->sm_op = LDAP_MOD_ADD;
rc = modify_add_values(entry, mods,
......@@ -672,12 +722,10 @@ static int apply_modify_to_entry(Entry * entry,
rc = LDAP_SUCCESS;
}
break;
default:
break;
}
if(rc != LDAP_SUCCESS) break;
}
if(rc == LDAP_SUCCESS) {
if ( is_oc ) {
entry->e_ocflags = 0;
......@@ -716,28 +764,28 @@ ldif_back_referrals( Operation *op, SlapReply *rs )
li = (struct ldif_info *)op->o_bd->be_private;
ldap_pvt_thread_rdwr_rlock( &li->li_rdwr );
entry = get_entry( op, &li->li_base_path );
get_entry( op, &entry, NULL );
/* no object is found for them */
if ( entry == NULL ) {
struct berval odn = op->o_req_dn;
struct berval ondn = op->o_req_ndn;
struct berval pndn = ondn;
ber_len_t min_dnlen = op->o_bd->be_nsuffix[0].bv_len;
struct berval pndn = op->o_req_ndn;
if ( min_dnlen == 0 )
min_dnlen = 1; /* catch empty DN */
for ( ; entry == NULL; ) {
dnParent( &pndn, &pndn );
if ( BER_BVISEMPTY( &pndn )
|| !dnIsSuffix( &pndn, &op->o_bd->be_nsuffix[0] ) )
{
if ( pndn.bv_len < min_dnlen ) {
break;
}
op->o_req_dn = pndn;
op->o_req_ndn = pndn;
entry = get_entry( op, &li->li_base_path );
get_entry( op, &entry, NULL );
}
ldap_pvt_thread_rdwr_runlock( &li->li_rdwr );
......@@ -821,14 +869,17 @@ ldif_back_referrals( Operation *op, SlapReply *rs )
return rc;
}
/* LDAP operations */
static int
ldif_back_bind( Operation *op, SlapReply *rs )
{
struct ldif_info *li = NULL;
Attribute * a = NULL;
struct ldif_info *li;
Attribute *a;
AttributeDescription *password = slap_schema.si_ad_userPassword;
int return_val = 0;
Entry * entry = NULL;
int return_val;
Entry *entry;
switch ( be_rootdn_bind( op, rs ) ) {
case SLAP_CB_CONTINUE:
......@@ -842,10 +893,10 @@ ldif_back_bind( Operation *op, SlapReply *rs )
li = (struct ldif_info *) op->o_bd->be_private;
ldap_pvt_thread_rdwr_rlock(&li->li_rdwr);
entry = get_entry(op, &li->li_base_path);
return_val = get_entry(op, &entry, NULL);
/* no object is found for them */
if(entry == NULL) {
if(return_val != LDAP_SUCCESS) {
rs->sr_err = return_val = LDAP_INVALID_CREDENTIALS;
goto return_result;
}
......@@ -914,7 +965,7 @@ static int ldif_back_add(Operation *op, SlapReply *rs) {
ldap_pvt_thread_rdwr_wlock(&li->li_rdwr);
dn2path(&dn, &op->o_bd->be_nsuffix[0], &li->li_base_path, &leaf_path);
dn2path( op->o_bd, &dn, &leaf_path );
if(leaf_path.bv_val != NULL) {
struct berval base = BER_BVNULL;
......@@ -923,7 +974,7 @@ static int ldif_back_add(Operation *op, SlapReply *rs) {
statres = stat(base.bv_val, &stats); /* check if container exists */
if(statres == -1 && errno == ENOENT) { /* container missing */
base.bv_val[base.bv_len] = '.';
base.bv_val[base.bv_len] = LDIF_FILETYPE_SEP;
statres = stat(base.bv_val, &stats); /* check for leaf node */
base.bv_val[base.bv_len] = '\0';
if(statres == -1 && errno == ENOENT) {
......@@ -973,17 +1024,15 @@ send_res:
static int ldif_back_modify(Operation *op, SlapReply *rs) {
struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
Modifications * modlst = op->orm_modlist;
struct berval path = BER_BVNULL;
Entry * entry = NULL;
struct berval path;
Entry *entry;
int spew_res;
slap_mods_opattrs( op, &op->orm_modlist, 1 );
ldap_pvt_thread_rdwr_wlock(&li->li_rdwr);
dn2path(&op->o_req_ndn, &op->o_bd->be_nsuffix[0], &li->li_base_path,
&path);
entry = get_entry(op, &li->li_base_path);
rs->sr_err = get_entry( op, &entry, &path );
if(entry != NULL) {
rs->sr_err = apply_modify_to_entry(entry, modlst, op, rs);
if(rs->sr_err == LDAP_SUCCESS) {
......@@ -996,15 +1045,11 @@ static int ldif_back_modify(Operation *op, SlapReply *rs) {
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
}
}
entry_free( entry );
SLAP_FREE( path.bv_val );
}
else {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
}
if(entry != NULL)
entry_free(entry);
if(path.bv_val != NULL)
SLAP_FREE(path.bv_val);
rs->sr_text = NULL;
ldap_pvt_thread_rdwr_wunlock(&li->li_rdwr);
send_ldap_result(op, rs);
......@@ -1014,7 +1059,7 @@ static int ldif_back_modify(Operation *op, SlapReply *rs) {
static int ldif_back_delete(Operation *op, SlapReply *rs) {
struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
struct berval path = BER_BVNULL;
struct berval path;
int res = 0;
if ( BER_BVISEMPTY( &op->o_csn )) {
......@@ -1027,11 +1072,11 @@ static int ldif_back_delete(Operation *op, SlapReply *rs) {
}
ldap_pvt_thread_rdwr_wlock(&li->li_rdwr);
dn2path(&op->o_req_ndn, &op->o_bd->be_nsuffix[0], &li->li_base_path, &path);
dn2path( op->o_bd, &op->o_req_ndn, &path );
path.bv_val[path.bv_len - STRLENOF(LDIF)] = '\0';
res = rmdir(path.bv_val);
path.bv_val[path.bv_len - STRLENOF(LDIF)] = '.';
path.bv_val[path.bv_len - STRLENOF(LDIF)] = LDIF_FILETYPE_SEP;
rs->sr_err = LDAP_SUCCESS;
if ( res ) {
switch ( errno ) {
......@@ -1073,18 +1118,19 @@ static int ldif_back_delete(Operation *op, SlapReply *rs) {
}
static int move_entry(Entry * entry, struct berval * ndn,
struct berval * newndn, struct berval * suffixdn,
struct berval * base_path) {
static int
ldif_move_entry(
Operation *op,
Entry *entry,
struct berval *oldpath )
{
int res;
int exists_res;
struct berval path;
struct berval newpath;
dn2path(ndn, suffixdn, base_path, &path);
dn2path(newndn, suffixdn, base_path, &newpath);
dn2path( op->o_bd, &entry->e_nname, &newpath );
if((entry == NULL || path.bv_val == NULL) || newpath.bv_val == NULL) {
if((entry == NULL || oldpath->bv_val == NULL) || newpath.bv_val == NULL) {
/* some object doesn't exist */
res = LDAP_NO_SUCH_OBJECT;
}
......@@ -1095,10 +1141,10 @@ static int move_entry(Entry * entry, struct berval * ndn,
res = spew_entry(entry, &newpath, 0, NULL);
if(res != -1) {
/* if this fails we should log something bad */
res = unlink(path.bv_val);
path.bv_val[path.bv_len - STRLENOF(".ldif")] = '\0';
res = unlink( oldpath->bv_val );
oldpath->bv_val[oldpath->bv_len - STRLENOF(".ldif")] = '\0';
newpath.bv_val[newpath.bv_len - STRLENOF(".ldif")] = '\0';
res = rename(path.bv_val, newpath.bv_val);
res = rename( oldpath->bv_val, newpath.bv_val );
res = LDAP_SUCCESS;
}
else {
......@@ -1124,8 +1170,6 @@ static int move_entry(Entry * entry, struct berval * ndn,
if(newpath.bv_val != NULL)
SLAP_FREE(newpath.bv_val);
if(path.bv_val != NULL)
SLAP_FREE(path.bv_val);
return res;
}
......@@ -1134,17 +1178,16 @@ ldif_back_modrdn(Operation *op, SlapReply *rs)
{
struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
struct berval new_dn = BER_BVNULL, new_ndn = BER_BVNULL;
struct berval p_dn;
Entry * entry = NULL;
int res;
struct berval p_dn, old_path;
Entry *entry;
int rc;
slap_mods_opattrs( op, &op->orr_modlist, 1 );
ldap_pvt_thread_rdwr_wlock( &li->li_rdwr );
entry = get_entry( op, &li->li_base_path );
/* build the mods to the entry */
if ( entry != NULL ) {
rc = get_entry( op, &entry, &old_path );
if ( rc == LDAP_SUCCESS ) {
/* build new dn, and new ndn for the entry */
if ( op->oq_modrdn.rs_newSup != NULL ) {
struct berval op_dn = op->o_req_dn,
......@@ -1155,10 +1198,10 @@ ldif_back_modrdn(Operation *op, SlapReply *rs)
p_dn = *op->oq_modrdn.rs_newSup;
op->o_req_dn = *op->oq_modrdn.rs_newSup;
op->o_req_ndn = *op->oq_modrdn.rs_nnewSup;
np = get_entry( op, &li->li_base_path );
rc = get_entry( op, &np, NULL );
op->o_req_dn = op_dn;
op->o_req_ndn = op_ndn;
if ( np == NULL ) {
if ( rc != LDAP_SUCCESS ) {
goto no_such_object;
}
entry_free( np );
......@@ -1173,44 +1216,37 @@ ldif_back_modrdn(Operation *op, SlapReply *rs)
entry->e_nname = new_ndn;
/* perform the modifications */
res = apply_modify_to_entry( entry, op->orr_modlist, op, rs );
if ( res == LDAP_SUCCESS ) {
rs->sr_err = move_entry( entry, &op->o_req_ndn,
&new_ndn,
&op->o_bd->be_nsuffix[0],
&li->li_base_path );
} else {
rs->sr_err = res;
}
} else {
no_such_object:;
/* entry was null */
rs->sr_err = LDAP_NO_SUCH_OBJECT;
}
rc = apply_modify_to_entry( entry, op->orr_modlist, op, rs );
if ( rc == LDAP_SUCCESS )
rc = ldif_move_entry( op, entry, &old_path );
if ( entry != NULL ) {
no_such_object:;
entry_free( entry );