Commit eb70b602 authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Rework ACI codes to use OpenLDAPaci. Add needed schema elements.

Needs work.  Volunteers welcomed.
parent 773d8399
......@@ -53,12 +53,6 @@ static int aci_mask(
regmatch_t *matches,
slap_access_t *grant,
slap_access_t *deny );
char *supportedACIMechs[] = {
"1.3.6.1.4.1.4203.666.7.1", /* experimental IETF aci family */
"1.3.6.1.4.1.4203.666.7.2", /* experimental OpenLDAP aci family */
NULL
};
#endif
static int regex_matches(
......@@ -1128,12 +1122,6 @@ aci_mask(
/* check that the aci family is supported */
if (aci_get_part(aci, 0, '#', &bv) < 0)
return(0);
for (i = 0; supportedACIMechs[i] != NULL; i++) {
if (aci_strbvcmp( supportedACIMechs[i], &bv ) == 0)
break;
}
if (supportedACIMechs[i] == NULL)
return(0);
/* check that the scope is "entry" */
if (aci_get_part(aci, 1, '#', &bv) < 0
......@@ -1231,15 +1219,6 @@ aci_mask(
return(0);
}
char *
get_supported_acimech(
int index )
{
if (index < 0 || index >= (sizeof(supportedACIMechs) / sizeof(char *)))
return(NULL);
return(supportedACIMechs[index]);
}
#endif /* SLAPD_ACI_ENABLED */
static void
......
......@@ -116,7 +116,7 @@ static char *oc_op_usermod_attrs[] = {
* which slapd supports modification of.
*
* Currently none.
* Likely candidate, "aci"
* Likely candidate, "OpenLDAPaci"
*/
NULL
};
......@@ -139,7 +139,6 @@ static char *oc_op_attrs[] = {
"supportedControl",
"supportedSASLMechanisms",
"supportedLDAPversion",
"supportedACIMechanisms",
"subschemaSubentry", /* NO USER MOD */
NULL
......
......@@ -66,8 +66,6 @@ LIBSLAPD_F (int) acl_check_modlist LDAP_P((
LIBSLAPD_F (void) acl_append( AccessControl **l, AccessControl *a );
LIBSLAPD_F (char *) get_supported_acimech LDAP_P((int index));
/*
* aclparse.c
*/
......
......@@ -33,9 +33,6 @@ root_dse_info( Entry **entry, const char **text )
AttributeDescription *ad_supportedExtension = slap_schema.si_ad_supportedExtension;
AttributeDescription *ad_supportedLDAPVersion = slap_schema.si_ad_supportedLDAPVersion;
AttributeDescription *ad_supportedSASLMechanisms = slap_schema.si_ad_supportedSASLMechanisms;
# ifdef SLAPD_ACI_ENABLED
AttributeDescription *ad_supportedACIMechanisms = slap_schema.si_ad_supportedACIMechanisms;
# endif
AttributeDescription *ad_ref = slap_schema.si_ad_ref;
#else
char *ad_objectClass = "objectClass";
......@@ -44,9 +41,6 @@ root_dse_info( Entry **entry, const char **text )
char *ad_supportedExtension = "supportedExtension";
char *ad_supportedLDAPVersion = "supportedLDAPVersion";
char *ad_supportedSASLMechanisms = "supportedSASLMechanisms";
# ifdef SLAPD_ACI_ENABLED
char *ad_supportedACIMechanisms = "supportedACIMechanisms";
# endif
char *ad_ref = "ref";
#endif
......@@ -109,14 +103,6 @@ root_dse_info( Entry **entry, const char **text )
}
}
#ifdef SLAPD_ACI_ENABLED
/* supportedACIMechanisms */
for ( i=0; (val.bv_val = get_supported_acimech(i)) != NULL; i++ ) {
val.bv_len = strlen( val.bv_val );
attr_merge( e, ad_supportedACIMechanisms, vals );
}
#endif
if ( default_referral != NULL ) {
attr_merge( e, ad_ref, default_referral );
}
......
......@@ -581,19 +581,3 @@ objectclass ( 1.3.6.1.4.1.4203.666.3.2
DESC 'OpenLDAP Root DSE object'
SUP top STRUCTURAL MAY cn )
#
# IETF LDAPext WG Access Control Model
# likely to change!
attributetype ( supportedACIMechanismsOID NAME 'supportedACIMechanisms'
DESC 'list of access control mechanisms supported by this directory server'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
attributetype ( aCIMechanismOID NAME 'aCIMechanism'
DESC 'list of access control mechanism supported in this subtree'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
attributetype ( ldapACIOID NAME 'ldapACI'
DESC 'LDAP access control information'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
USAGE directoryOperation )
......@@ -33,6 +33,12 @@ attributetype ( 1.3.6.1.4.1.4203.666.1.4 NAME 'children'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5
SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
attributetype ( 1.3.6.1.4.1.4203.666.1.5 NAME 'OpenLDAPaci'
DESC 'OpenLDAP access control information'
EQUALITY OpenLDAPaciMatch
SYNTAX 1.3.6.1.4.1.4203.666.2.1
USAGE directoryOperation )
#
# From U-Mich
#
......
......@@ -852,10 +852,12 @@ struct syntax_defs_rec syntax_defs[] = {
/* OpenLDAP Experimental Syntaxes */
{"( 1.3.6.1.4.1.4203.666.2.1 DESC 'OpenLDAP Experimental ACI' )",
0, NULL, NULL, NULL},
{"( 1.3.6.1.4.1.4203.666.2.2 DESC 'OpenLDAP void' " X_HIDE ")" ,
SLAP_SYNTAX_HIDE, NULL, NULL, NULL},
{"( 1.3.6.1.4.1.4203.666.2.3 DESC 'OpenLDAP DN' " X_HIDE ")" ,
SLAP_SYNTAX_HIDE, NULL, NULL, NULL},
{"( 1.3.6.1.4.1.4203.666.2.2 DESC 'OpenLDAP authPassword' )",
0, NULL, NULL, NULL},
{"( 1.3.6.1.4.1.4203.666.2.3 DESC 'OpenLDAP void' " X_HIDE ")" ,
SLAP_SYNTAX_HIDE, inValidate, NULL, NULL},
{"( 1.3.6.1.4.1.4203.666.2.4 DESC 'OpenLDAP DN' " X_HIDE ")" ,
SLAP_SYNTAX_HIDE, inValidate, NULL, NULL},
{NULL, 0, NULL, NULL, NULL}
};
......@@ -926,6 +928,9 @@ struct mrule_defs_rec {
#define integerFirstComponentMatch NULL
#define objectIdentifierFirstComponentMatch NULL
#define OpenLDAPaciMatch NULL
#define authPasswordMatch NULL
struct mrule_defs_rec mrule_defs[] = {
{"( 2.5.13.0 NAME 'objectIdentifierMatch' "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )",
......@@ -1063,6 +1068,16 @@ struct mrule_defs_rec mrule_defs[] = {
SLAP_MR_SUBSTR,
NULL, NULL, caseIgnoreIA5SubstringsMatch, NULL, NULL},
{"( 1.3.6.1.4.1.4203.666.4.1 NAME 'authPasswordMatch' "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )",
SLAP_MR_EQUALITY,
NULL, NULL, authPasswordMatch, NULL, NULL},
{"( 1.3.6.1.4.1.4203.666.4.2 NAME 'OpenLDAPaciMatch' "
"SYNTAX 1.3.6.1.4.1.4203.666.2.1 )",
SLAP_MR_EQUALITY,
NULL, NULL, OpenLDAPaciMatch, NULL, NULL},
{NULL, SLAP_MR_NONE, NULL, NULL, NULL}
};
......
......@@ -79,10 +79,6 @@ struct slap_schema_ad_map {
offsetof(struct slap_internal_schema, si_ad_supportedExtension) },
{ "supportedLDAPVersion", NULL,
offsetof(struct slap_internal_schema, si_ad_supportedLDAPVersion) },
#ifdef SLAPD_ACI_ENABLED
{ "supportedACIMechanisms", NULL,
offsetof(struct slap_internal_schema, si_ad_supportedACIMechanisms) },
#endif
{ "supportedSASLMechanisms", NULL,
offsetof(struct slap_internal_schema, si_ad_supportedSASLMechanisms) },
......@@ -107,6 +103,10 @@ struct slap_schema_ad_map {
offsetof(struct slap_internal_schema, si_ad_entry) },
{ "children", NULL,
offsetof(struct slap_internal_schema, si_ad_children) },
#ifdef SLAPD_ACI_ENABLED
{ "OpenLDAPaci", NULL,
offsetof(struct slap_internal_schema, si_ad_aci) },
#endif
{ "userPassword", NULL,
offsetof(struct slap_internal_schema, si_ad_userPassword) },
......
......@@ -101,7 +101,7 @@ LDAP_BEGIN_DECL
#define SLAPD_ROLE_CLASS "organizationalRole"
#define SLAPD_ACI_SYNTAX "1.3.6.1.4.1.4203.666.2.1"
#define SLAPD_ACI_ATTR "aci"
#define SLAPD_ACI_ATTR "OpenLDAPaci"
LIBSLAPD_F (int) slap_debug;
......@@ -355,9 +355,6 @@ struct slap_internal_schema {
AttributeDescription *si_ad_supportedControl;
AttributeDescription *si_ad_supportedExtension;
AttributeDescription *si_ad_supportedLDAPVersion;
#ifdef SLAPD_ACI_ENABLED
AttributeDescription *si_ad_supportedACIMechanisms;
#endif
AttributeDescription *si_ad_supportedSASLMechanisms;
/* subschema subentry attributes */
......@@ -374,6 +371,9 @@ struct slap_internal_schema {
/* Access Control Internals */
AttributeDescription *si_ad_entry;
AttributeDescription *si_ad_children;
#ifdef SLAPD_ACI_ENABLED
AttributeDescription *si_ad_aci;
#endif
/* Other */
AttributeDescription *si_ad_userPassword;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment