Commit 317d04a5 authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Modify backend_attribute to return bervals and adjust ACLs

(actually, ACL here might be dangerous)
parent c5c94426
......@@ -17,7 +17,7 @@
#include "proto-back-ldbm.h"
/* return 0 IFF we can retrieve the attributes
/* return LDAP_SUCCESS IFF we can retrieve the attributes
* of entry with e_ndn
*/
int
......@@ -28,15 +28,15 @@ ldbm_back_attribute(
Entry *target,
const char *e_ndn,
AttributeDescription *entry_at,
const char ***vals
struct berval ***vals
)
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
Entry *e;
int i, j, rc = 1;
int i, j, rc;
Attribute *attr;
struct berval **abv;
char *s, **v;
struct berval **v;
char *s;
const char *entry_at_name = entry_at->ad_cname->bv_val;
Debug( LDAP_DEBUG_ARGS,
......@@ -63,7 +63,7 @@ ldbm_back_attribute(
Debug( LDAP_DEBUG_ACL,
"=> ldbm_back_attribute: cannot find entry: \"%s\"\n",
e_ndn, 0, 0 );
return( 1 );
return LDAP_NO_SUCH_OBJECT;
}
Debug( LDAP_DEBUG_ACL,
......@@ -71,26 +71,27 @@ ldbm_back_attribute(
e_ndn, 0, 0 );
}
rc = 1;
/* find attribute values
*/
/* find attribute values */
if( is_entry_alias( e ) ) {
Debug( LDAP_DEBUG_ACL,
"<= ldbm_back_attribute: entry is an alias\n", 0, 0, 0 );
rc = LDAP_ALIAS_PROBLEM;
goto return_results;
}
if( is_entry_referral( e ) ) {
Debug( LDAP_DEBUG_ACL,
"<= ldbm_back_attribute: entry is an referral\n", 0, 0, 0 );
rc = LDAP_REFERRAL;
goto return_results;
}
if (conn != NULL && op != NULL
&& access_allowed(be, conn, op, e, slap_schema.si_ad_entry, NULL, ACL_SEARCH) == 0)
&& access_allowed(be, conn, op, e, slap_schema.si_ad_entry,
NULL, ACL_READ) == 0)
{
rc = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
......@@ -98,41 +99,53 @@ ldbm_back_attribute(
Debug( LDAP_DEBUG_ACL,
"<= ldbm_back_attribute: failed to find %s\n",
entry_at_name, 0, 0 );
rc = LDAP_NO_SUCH_ATTRIBUTE;
goto return_results;
}
if (conn != NULL && op != NULL
&& access_allowed(be, conn, op, e, entry_at, NULL, ACL_SEARCH) == 0)
&& access_allowed(be, conn, op, e, entry_at, NULL, ACL_READ) == 0)
{
rc = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
for ( i = 0; attr->a_vals[i] != NULL; i++ ) { }
v = (char **) ch_calloc( (i + 1), sizeof(char *) );
if (v != NULL) {
for ( j = 0, abv = attr->a_vals; --i >= 0; abv++ ) {
if ( (*abv)->bv_len > 0 ) {
s = ch_malloc( (*abv)->bv_len + 1 );
if( s == NULL )
break;
memcpy(s, (*abv)->bv_val, (*abv)->bv_len);
s[(*abv)->bv_len] = 0;
v[j++] = s;
}
for ( i = 0; attr->a_vals[i] != NULL; i++ ) {
/* count them */
}
v = (struct berval **) ch_malloc( sizeof(struct berval *) * (i+1) );
for ( i=0, j=0; attr->a_vals[i] != NULL; i++ ) {
if( access_allowed(be, conn, op, e, entry_at,
attr->a_vals[i], ACL_READ) == 0)
{
continue;
}
v[j] = ber_bvdup( attr->a_vals[i] );
if( v[j] != NULL ) j++;
}
if( j == 0 ) {
ch_free( v );
*vals = NULL;
rc = LDAP_INSUFFICIENT_ACCESS;
} else {
v[j] = NULL;
*vals = v;
rc = LDAP_SUCCESS;
}
rc = 0;
return_results:
if( target != e ) {
/* free entry and reader lock */
cache_return_entry_r( &li->li_cache, e );
}
Debug( LDAP_DEBUG_TRACE, "ldbm_back_attribute: rc=%d\n", rc, 0, 0 );
Debug( LDAP_DEBUG_TRACE,
"ldbm_back_attribute: rc=%d nvals=%d\n",
rc, j, 0 );
return(rc);
}
......@@ -85,7 +85,7 @@ extern int ldbm_back_attribute LDAP_P(( BackendDB *bd,
Entry *target,
const char* e_ndn,
AttributeDescription* entry_at,
const char ***vals));
struct berval ***vals));
/* hooks for slap tools */
......
......@@ -675,7 +675,7 @@ backend_attribute(
Entry *target,
const char *e_ndn,
AttributeDescription *entry_at,
const char ***vals
struct berval ***vals
)
{
if( target == NULL || strcmp( target->e_ndn, e_ndn ) != 0 ) {
......
......@@ -179,7 +179,7 @@ LDAP_SLAPD_F (int) backend_attribute LDAP_P((Backend *be,
Entry *target,
const char *e_ndn,
AttributeDescription *entry_at,
const char ***vals
struct berval ***vals
));
LDAP_SLAPD_F (Attribute *) backend_operational( Backend *, Entry * );
......
......@@ -444,7 +444,6 @@ typedef struct slap_mr_assertion {
/*
* represents a search filter
*/
typedef struct slap_filter {
ber_tag_t f_choice; /* values taken from ldap.h, plus: */
#define SLAPD_FILTER_COMPUTED ((ber_tag_t) -1)
......@@ -567,7 +566,6 @@ typedef struct slap_ldap_modlist {
/*
* represents an access control list
*/
typedef enum slap_access_e {
ACL_INVALID_ACCESS = -1,
ACL_NONE = 0,
......@@ -586,7 +584,7 @@ typedef enum slap_control_e {
} slap_control_t;
typedef enum slap_style_e {
ACL_STYLE_REGEX,
ACL_STYLE_REGEX = 0,
ACL_STYLE_BASE,
ACL_STYLE_ONE,
ACL_STYLE_SUBTREE,
......@@ -934,7 +932,7 @@ struct slap_backend_info {
struct slap_conn *c, struct slap_op *o,
Entry *e, const char *edn,
AttributeDescription *entry_at,
const char ***vals ));
struct berval ***vals ));
int (*bi_connection_init) LDAP_P((BackendDB *bd,
struct slap_conn *c));
......@@ -979,7 +977,6 @@ struct slap_backend_info {
/*
* represents an operation pending from an ldap client
*/
typedef struct slap_op {
ber_int_t o_opid; /* id of this operation */
ber_int_t o_msgid; /* msgid of the request */
......@@ -1030,7 +1027,6 @@ typedef struct slap_op {
/*
* represents a connection from an ldap client
*/
typedef struct slap_conn {
int c_struct_state; /* structure management state */
int c_conn_state; /* connection state */
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment