Commit fc7df4cf authored by Ondřej Kuzník's avatar Ondřej Kuzník Committed by Quanah Gibson-Mount
Browse files

ITS#8663 Improve memberof cn=config handling

parent c4c4eb40
......@@ -130,6 +130,11 @@
#define SLAPD_MEMBEROF_ATTR "memberOf"
static AttributeDescription *ad_member;
static AttributeDescription *ad_memberOf;
static ObjectClass *oc_group;
static slap_overinst memberof;
typedef struct memberof_t {
......@@ -1610,12 +1615,45 @@ memberof_db_init(
{
slap_overinst *on = (slap_overinst *)be->bd_info;
memberof_t *mo;
const char *text = NULL;
int rc;
mo = (memberof_t *)ch_calloc( 1, sizeof( memberof_t ) );
/* safe default */
mo->mo_dangling_err = LDAP_CONSTRAINT_VIOLATION;
if ( !ad_memberOf ) {
rc = slap_str2ad( SLAPD_MEMBEROF_ATTR, &ad_memberOf, &text );
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "memberof_db_init: "
"unable to find attribute=\"%s\": %s (%d)\n",
SLAPD_MEMBEROF_ATTR, text, rc );
return rc;
}
}
if ( !ad_member ) {
rc = slap_str2ad( SLAPD_GROUP_ATTR, &ad_member, &text );
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "memberof_db_init: "
"unable to find attribute=\"%s\": %s (%d)\n",
SLAPD_GROUP_ATTR, text, rc );
return rc;
}
}
if ( !oc_group ) {
oc_group = oc_find( SLAPD_GROUP_CLASS );
if ( oc_group == NULL ) {
Debug( LDAP_DEBUG_ANY,
"memberof_db_init: "
"unable to find objectClass=\"%s\"\n",
SLAPD_GROUP_CLASS, 0, 0 );
return 1;
}
}
on->on_bi.bi_private = (void *)mo;
return 0;
......@@ -1677,14 +1715,14 @@ static ConfigTable mo_cfg[] = {
NULL, NULL },
{ "memberof-member-ad", "member attribute",
2, 2, 0, ARG_MAGIC|MO_MEMBER_AD, mo_cf_gen,
2, 2, 0, ARG_MAGIC|ARG_ATDESC|MO_MEMBER_AD, mo_cf_gen,
"( OLcfgOvAt:18.4 NAME 'olcMemberOfMemberAD' "
"DESC 'member attribute' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )",
NULL, NULL },
{ "memberof-memberof-ad", "memberOf attribute",
2, 2, 0, ARG_MAGIC|MO_MEMBER_OF_AD, mo_cf_gen,
2, 2, 0, ARG_MAGIC|ARG_ATDESC|MO_MEMBER_OF_AD, mo_cf_gen,
"( OLcfgOvAt:18.5 NAME 'olcMemberOfMemberOfAD' "
"DESC 'memberOf attribute' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )",
......@@ -1876,7 +1914,52 @@ mo_cf_gen( ConfigArgs *c )
return rc;
} else if ( c->op == LDAP_MOD_DELETE ) {
return 1; /* FIXME */
switch( c->type ) {
case MO_DN:
if ( !BER_BVISNULL( &mo->mo_dn ) ) {
ber_memfree( mo->mo_dn.bv_val );
ber_memfree( mo->mo_ndn.bv_val );
BER_BVZERO( &mo->mo_dn );
BER_BVZERO( &mo->mo_ndn );
}
break;
case MO_DANGLING:
mo->mo_flags &= ~MEMBEROF_FDANGLING_MASK;
break;
case MO_DANGLING_ERROR:
mo->mo_dangling_err = LDAP_CONSTRAINT_VIOLATION;
break;
case MO_REFINT:
mo->mo_flags &= ~MEMBEROF_FREFINT;
break;
#if 0
case MO_REVERSE:
mo->mo_flags &= ~MEMBEROF_FREVERSE;
break;
#endif
case MO_GROUP_OC:
mo->mo_oc_group = oc_group;
memberof_make_group_filter( mo );
break;
case MO_MEMBER_AD:
mo->mo_ad_member = ad_member;
break;
case MO_MEMBER_OF_AD:
mo->mo_ad_memberof = ad_memberOf;
memberof_make_member_filter( mo );
break;
default:
assert( 0 );
return 1;
}
} else {
switch( c->type ) {
......@@ -1946,19 +2029,7 @@ mo_cf_gen( ConfigArgs *c )
} break;
case MO_MEMBER_AD: {
AttributeDescription *ad = NULL;
const char *text = NULL;
rc = slap_str2ad( c->argv[ 1 ], &ad, &text );
if ( rc != LDAP_SUCCESS ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"unable to find member attribute=\"%s\": %s (%d)",
c->argv[ 1 ], text, rc );
Debug( LDAP_DEBUG_CONFIG, "%s: %s.\n",
c->log, c->cr_msg, 0 );
return 1;
}
AttributeDescription *ad = c->value_ad;
if ( !is_at_syntax( ad->ad_type, SLAPD_DN_SYNTAX ) /* e.g. "member" */
&& !is_at_syntax( ad->ad_type, SLAPD_NAMEUID_SYNTAX ) ) /* e.g. "uniqueMember" */
......@@ -1976,19 +2047,7 @@ mo_cf_gen( ConfigArgs *c )
} break;
case MO_MEMBER_OF_AD: {
AttributeDescription *ad = NULL;
const char *text = NULL;
rc = slap_str2ad( c->argv[ 1 ], &ad, &text );
if ( rc != LDAP_SUCCESS ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"unable to find memberof attribute=\"%s\": %s (%d)",
c->argv[ 1 ], text, rc );
Debug( LDAP_DEBUG_CONFIG, "%s: %s.\n",
c->log, c->cr_msg, 0 );
return 1;
}
AttributeDescription *ad = c->value_ad;
if ( !is_at_syntax( ad->ad_type, SLAPD_DN_SYNTAX ) /* e.g. "member" */
&& !is_at_syntax( ad->ad_type, SLAPD_NAMEUID_SYNTAX ) ) /* e.g. "uniqueMember" */
......@@ -2024,37 +2083,17 @@ memberof_db_open(
memberof_t *mo = (memberof_t *)on->on_bi.bi_private;
int rc;
const char *text = NULL;
if( ! mo->mo_ad_memberof ){
rc = slap_str2ad( SLAPD_MEMBEROF_ATTR, &mo->mo_ad_memberof, &text );
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "memberof_db_open: "
"unable to find attribute=\"%s\": %s (%d)\n",
SLAPD_MEMBEROF_ATTR, text, rc );
return rc;
}
if ( !mo->mo_ad_memberof ) {
mo->mo_ad_memberof = ad_memberOf;
}
if( ! mo->mo_ad_member ){
rc = slap_str2ad( SLAPD_GROUP_ATTR, &mo->mo_ad_member, &text );
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "memberof_db_open: "
"unable to find attribute=\"%s\": %s (%d)\n",
SLAPD_GROUP_ATTR, text, rc );
return rc;
}
if ( ! mo->mo_ad_member ) {
mo->mo_ad_member = ad_member;
}
if( ! mo->mo_oc_group ){
mo->mo_oc_group = oc_find( SLAPD_GROUP_CLASS );
if ( mo->mo_oc_group == NULL ) {
Debug( LDAP_DEBUG_ANY,
"memberof_db_open: "
"unable to find objectClass=\"%s\"\n",
SLAPD_GROUP_CLASS, 0, 0 );
return 1;
}
if ( ! mo->mo_oc_group ) {
mo->mo_oc_group = oc_group;
}
if ( BER_BVISNULL( &mo->mo_dn ) && !BER_BVISNULL( &be->be_rootdn ) ) {
......@@ -2101,9 +2140,6 @@ memberof_db_destroy(
return 0;
}
/* unused */
static AttributeDescription *ad_memberOf;
static struct {
char *desc;
AttributeDescription **adp;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment