Skip to content
GitLab
Commit 439c0c79 authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

SLAPD_SCHEMA_NOT_COMPAT: Mostly work modify

parent 5904e001
Hide whitespace changes
Inline Side-by-side
servers/slapd/acl.c
View file @ 439c0c79
......@@ -448,38 +448,34 @@ acl_mask(
bv.bv_val = op->o_ndn;
bv.bv_len = strlen( bv.bv_val );
/* see if asker is listed in dnattr */
if ( (at = attr_find( e->e_attrs, b->a_dn_at )) != NULL
/* see if asker is listed in dnattr */
#ifdef SLAPD_SCHEMA_NOT_COMPAT
/* not yet implemented */
#else
&& value_find( at->a_vals, &bv, at->a_syntax, 3 ) == 0
#endif
)
for( at = attrs_find( e->e_attrs, b->a_dn_at );
at == NULL;
at = attrs_find( e->e_attrs->a_next, b->a_dn_at ) )
{
if ( b->a_dn_self &&
(val == NULL
#ifdef SLAPD_SCHEMA_NOT_COMPAT
/* not yet implemented */
if( value_find( b->a_dn_at, at->a_vals, &bv ) == 0 ) {
}
}
#else
|| value_cmp( &bv, val, at->a_syntax, 2 )
#endif
) )
/* see if asker is listed in dnattr */
if ( (at = attr_find( e->e_attrs, b->a_dn_at )) != NULL &&
value_find( at->a_vals, &bv, at->a_syntax, 3 ) == 0 )
{
if ( b->a_dn_self && (val == NULL
|| value_cmp( &bv, val, at->a_syntax, 2 ) ) )
{
continue;
}
/* asker not listed in dnattr - check for self access */
} else if ( ! b->a_dn_self || val == NULL
#ifdef SLAPD_SCHEMA_NOT_COMPAT
/* not yet implemented */
#else
|| value_cmp( &bv, val, at->a_syntax, 2 ) != 0
#endif
)
|| value_cmp( &bv, val, at->a_syntax, 2 ) != 0 )
{
continue;
}
#endif
}
if ( b->a_group_pat != NULL && op->o_ndn != NULL ) {
......@@ -695,10 +691,15 @@ acl_check_modlist(
* by the user
*/
#ifdef SLAPD_SCHEMA_NOT_COMPAT
/* not yet implemented */
if ( is_at_no_user_mod( mlist->sml_desc->ad_type ) ) {
Debug( LDAP_DEBUG_ACL, "acl: no-user-mod %s:"
" modify access granted\n",
mlist->sml_desc->ad_cname->bv_val, 0, 0 );
continue;
}
#else
if ( oc_check_op_no_usermod_attr( mlist->sml_type ) ) {
Debug( LDAP_DEBUG_ACL, "NoUserMod Operational attribute:"
Debug( LDAP_DEBUG_ACL, "acl: no-user-mod %s:"
" modify access granted\n",
mlist->sml_type, 0, 0 );
continue;
......@@ -984,10 +985,12 @@ aci_group_member (
char *grpoc;
char *grpat;
#ifdef SLAPD_SCHEMA_NOT_COMPAT
AttributeDescription *grpad = NULL;
ObjectClass *grp_oc = NULL;
AttributeDescription *grp_ad = NULL;
char *text;
#else
char *grpad;
char *grp_oc;
char *grp_ad;
#endif
int rc;
......@@ -1014,28 +1017,28 @@ aci_group_member (
}
#ifdef SLAPD_SCHEMA_NOT_COMPAT
rc = slap_str2ad( grpat, &grpad, &text );
rc = slap_str2ad( grpat, &grp_ad, &text );
if( rc != LDAP_SUCCESS ) {
rc = 0;
goto done;
}
#else
grpad = grpat;
grp_ad = grpat;
#endif
rc = 0;
grpdn = (char *)ch_malloc(1024);
if (grpoc != NULL && grpad != NULL && grpdn != NULL) {
if (grp_oc != NULL && grp_ad != NULL && grpdn != NULL) {
string_expand(grpdn, 1024, subjdn, e->e_ndn, matches);
if ( dn_normalize(grpdn) != NULL ) {
rc = (backend_group(be, e, grpdn, op->o_ndn, grpoc, grpad) == 0);
rc = (backend_group(be, e, grpdn, op->o_ndn, grp_oc, grp_ad) == 0);
}
}
done:
#ifdef SLAPD_SCHEMA_NOT_COMPAT
if( grpad != NULL ) ad_free( grpad, 1 );
done:
if( grp_ad != NULL ) ad_free( grp_ad, 1 );
#endif
ch_free(grpdn);
ch_free(grpat);
......@@ -1130,41 +1133,51 @@ aci_mask(
return(1);
} else if (aci_strbvcmp( "dnattr", &bv ) == 0) {
Attribute *at;
char *dnattr = aci_bvstrdup(&sdn);
#ifdef SLAPD_SCHEMA_NOT_COMPAT
AttributeDescription *dnad = NULL;
char *text;
rc = slap_str2ad( dnattr, &dnad, &text );
Attribute *at;
AttributeDescription *ad = NULL;
const char *text;
rc = slap_str2ad( dnattr, &ad, &text );
ch_free( dnattr );
if ( rc == LDAP_SUCCESS ) {
#else
char *dnad = dnattr;
#endif
at = attr_find( e->e_attrs, dnad );
#ifdef SLAPD_SCHEMA_NOT_COMAT
ad_free( dnad, 1 );
#else
ch_free( dnad );
#endif
if (at != NULL) {
bv.bv_val = op->o_ndn;
bv.bv_len = strlen( bv.bv_val );
if( rc != LDAP_SUCCESS ) {
return 0;
}
#ifdef SLAPD_SCHEMA_NOT_COMPAT
/* not yet implemented */
#else
if (value_find( at->a_vals, &bv, at->a_syntax, 3 ) == 0 )
return(1);
#endif
rc = 0;
bv.bv_val = op->o_ndn;
bv.bv_len = strlen( bv.bv_val );
for(at = attrs_find( e->e_attrs, ad );
at != NULL;
at = attrs_find( at->a_next, ad ) )
{
if (value_find( ad, at->a_vals, &bv) == 0 ) {
rc = 1;
break;
}
#ifdef SLAPD_SCHEMA_NOT_COMPAT
} else {
ad_free( dnad, 1 );
#endif
}
ad_free( ad, 1 );
return rc;
#else
Attribute *at;
at = attr_find( e->e_attrs, dnattr );
ch_free( dnattr );
if (at != NULL) {
bv.bv_val = op->o_ndn;
bv.bv_len = strlen( bv.bv_val );
if (value_find( at->a_vals, &bv, at->a_syntax, 3 ) == 0 )
return(1);
}
#endif
} else if (aci_strbvcmp( "group", &bv ) == 0) {
if (aci_group_member(&sdn, "groupOfNames", "member", be, e, op, matches))
return(1);
......
servers/slapd/aclparse.c
View file @ 439c0c79
......@@ -384,12 +384,49 @@ parse_acl(
b->a_group_pat = ch_strdup( right );
if (value && *value) {
#ifdef SLAPD_SCHEMA_NOT_COMPAT
b->a_group_oc = oc_find( value );
#else
b->a_group_oc = ch_strdup(value);
#endif
if( b->a_group_oc == NULL ) {
fprintf( stderr,
"%s: line %d: group objectclass \"%s\" unknown\n",
fname, lineno, value );
acl_usage();
}
#ifdef SLAPD_SCHEMA_NOT_COMPAT
if( is_object_subclass( b->a_group_oc,
slap_schema.si_oc_referral ) )
{
fprintf( stderr,
"%s: line %d: group objectclass \"%s\" is subclass of referral\n",
fname, lineno, value );
acl_usage();
}
if( is_object_subclass( b->a_group_oc,
slap_schema.si_oc_alias ) )
{
fprintf( stderr,
"%s: line %d: group objectclass \"%s\" is subclass of alias\n",
fname, lineno, value );
acl_usage();
}
#endif
*--value = '/';
} else {
#ifdef SLAPD_SCHEMA_NOT_COMPAT
b->a_group_oc = slap_schema.si_oc_groupOfNames;
#else
b->a_group_oc = ch_strdup("groupOfNames");
#endif
}
if (name && *name) {
#ifdef SLAPD_SCHEMA_NOT_COMPAT
rc = slap_str2ad( right, &b->a_group_at, &text );
......@@ -430,6 +467,31 @@ parse_acl(
fname, lineno );
acl_usage();
}
{
int rc;
struct berval val;
struct berval *vals[2];
val.bv_val = b->a_group_oc->soc_oid;
val.bv_len = strlen(val.bv_val);
vals[0] = &val;
vals[1] = NULL;
rc = oc_check_allowed( b->a_group_at->ad_type, vals );
if( rc != 0 ) {
fprintf( stderr,
"%s: line %d: group: \"%s\" not allowed by \"%s\"\n",
fname, lineno,
b->a_group_at->ad_type,
b->a_group_oc->soc_oid );
acl_usage();
}
}
#endif /* SLAPD_SCHEMA_NOT_COMPAT */
continue;
}
......
servers/slapd/back-ldbm/compare.c
View file @ 439c0c79
......@@ -107,7 +107,7 @@ ldbm_back_compare(
rc = LDAP_COMPARE_FALSE;
#ifdef SLAPD_SCHEMA_NOT_COMPAT
/* not yet implemented */
if ( value_find( ava->aa_desc, a->a_vals, ava->aa_value ) == 0 )
#else
if ( value_find( a->a_vals, &ava->ava_value, a->a_syntax, 1 ) == 0 )
#endif
......
servers/slapd/back-ldbm/external.h
View file @ 439c0c79
......@@ -83,14 +83,15 @@ extern int ldbm_back_abandon LDAP_P(( BackendDB *bd,
#ifdef SLAPD_SCHEMA_NOT_COMPAT
extern int ldbm_back_group LDAP_P(( BackendDB *bd,
Entry *target,
const char* gr_ndn, const char* op_ndn,
const char* objectclassValue,
const char* gr_ndn,
const char* op_ndn,
ObjectClass* group_oc,
AttributeDescription* group_at));
#else
extern int ldbm_back_group LDAP_P(( BackendDB *bd,
Entry *target,
const char* gr_ndn, const char* op_ndn,
const char* objectclassValue,
const char* group_oc,
const char* group_at));
#endif
......
servers/slapd/back-ldbm/group.c
View file @ 439c0c79
......@@ -27,10 +27,11 @@ ldbm_back_group(
Entry *target,
const char *gr_ndn,
const char *op_ndn,
const char *objectclassValue,
#ifdef SLAPD_SCHEMA_NOT_COMPAT
ObjectClass *group_oc,
AttributeDescription *group_at
#else
const char *group_oc,
const char *group_at
#endif
)
......@@ -41,12 +42,20 @@ ldbm_back_group(
Attribute *attr;
#ifdef SLAPD_SCHEMA_NOT_COMPAT
AttributeDescription *objectClass = slap_schema.si_ad_objectClass;
const char *groupattrName = group_at->ad_cname->bv_val;
AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass;
const char *group_oc_name = NULL;
const char *group_at_name = group_at->ad_cname->bv_val;
if( group_oc->soc_names && group_oc->soc_names[0] ) {
group_oc_name = group_oc->soc_names[0];
} else {
group_oc_name = group_oc->soc_oid;
}
#else
struct berval bv;
const char *objectClass = "objectclass";
const char *groupattrName = group_at;
const char *ad_objectClass = "objectclass";
const char *group_oc_name = group_oc;
const char *group_at_name = group_at;
#endif
Debug( LDAP_DEBUG_ARGS,
......@@ -56,8 +65,8 @@ ldbm_back_group(
"=> ldbm_back_group: op dn: \"%s\"\n",
op_ndn, 0, 0 );
Debug( LDAP_DEBUG_ARGS,
"=> ldbm_back_group: objectClass: \"%s\" attrName: \"%s\"\n",
objectclassValue, groupattrName, 0 );
"=> ldbm_back_group: oc: \"%s\" at: \"%s\"\n",
group_oc_name, group_at_name, 0 );
Debug( LDAP_DEBUG_ARGS,
"=> ldbm_back_group: tr dn: \"%s\"\n",
......@@ -91,7 +100,7 @@ ldbm_back_group(
rc = 1;
if ((attr = attr_find(e->e_attrs, objectClass)) == NULL) {
if ((attr = attr_find(e->e_attrs, ad_objectClass)) == NULL) {
Debug( LDAP_DEBUG_ACL,
"<= ldbm_back_group: failed to find objectClass\n", 0, 0, 0 );
goto return_results;
......@@ -120,26 +129,26 @@ ldbm_back_group(
goto return_results;
}
bv.bv_val = (char *) objectclassValue;
bv.bv_val = (char *) group_oc_name;
bv.bv_len = strlen( bv.bv_val );
if (value_find(attr->a_vals, &bv, attr->a_syntax, 1) != 0) {
Debug( LDAP_DEBUG_ACL,
"<= ldbm_back_group: failed to find %s in objectClass\n",
objectclassValue, 0, 0 );
group_oc_name, 0, 0 );
goto return_results;
}
if ((attr = attr_find(e->e_attrs, group_at)) == NULL) {
Debug( LDAP_DEBUG_ACL,
"<= ldbm_back_group: failed to find %s\n",
groupattrName, 0, 0 );
group_at_name, 0, 0 );
goto return_results;
}
Debug( LDAP_DEBUG_ACL,
"<= ldbm_back_group: found objectClass %s and %s\n",
objectclassValue, groupattrName, 0 );
group_oc_name, group_at_name, 0 );
bv.bv_val = (char *) op_ndn;
bv.bv_len = strlen( op_ndn );
......@@ -148,14 +157,14 @@ ldbm_back_group(
{
Debug( LDAP_DEBUG_ACL,
"<= ldbm_back_group: \"%s\" not in \"%s\": %s\n",
op_ndn, gr_ndn, groupattrName );
op_ndn, gr_ndn, group_at_name );
goto return_results;
}
#endif
Debug( LDAP_DEBUG_ACL,
"<= ldbm_back_group: \"%s\" is in \"%s\": %s\n",
op_ndn, gr_ndn, groupattrName );
op_ndn, gr_ndn, group_at_name );
rc = 0;
......
servers/slapd/back-ldbm/modify.c
View file @ 439c0c79
......@@ -123,13 +123,13 @@ int ldbm_modify_internal(
switch ( mod->sm_op ) {
case LDAP_MOD_REPLACE: {
/* Need to remove all values from indexes */
#ifdef SLAPD_SCHEMA_NOT_COMPAT
/* not yet implemented */
#else
Attribute *a = save_attrs
? attr_find( save_attrs, mod->sm_desc )
: NULL;
#ifdef SLAPD_SCHEMA_NOT_COMPAT
/* not yet implemented */
#else
if( a != NULL ) {
(void) index_change_values( be,
mod->mod_type,
......@@ -177,13 +177,13 @@ int ldbm_modify_internal(
case LDAP_MOD_DELETE: {
/* Need to add all remaining values */
#ifdef SLAPD_SCHEMA_NOT_COMPAT
/* not yet implemented */
#else
Attribute *a = e->e_attrs
? attr_find( e->e_attrs, mod->sm_desc )
: NULL;
#ifdef SLAPD_SCHEMA_NOT_COMPAT
/* not yet implemented */
#else
if( a != NULL ) {
(void) index_change_values( be,
mod->mod_type,
......@@ -313,14 +313,14 @@ add_values(
if ( a != NULL ) {
for ( i = 0; mod->sm_bvalues[i] != NULL; i++ ) {
#ifdef SLAPD_SCHEMA_NOT_COMPAT
/* not yet implemented */
if ( value_find( desc, a->a_vals, mod->sm_bvalues[i] ) == 0 )
#else
if ( value_find( a->a_vals, mod->sm_bvalues[i],
a->a_syntax, 3 ) == 0 )
#endif
{
return( LDAP_TYPE_OR_VALUE_EXISTS );
}
#endif
}
}
......@@ -339,33 +339,45 @@ delete_values(
char *dn
)
{
#ifdef SLAPD_SCHEMA_NOT_COMPAT
/* not yet implemented */
#else
int i, j, k, found;
Attribute *a;
#ifdef SLAPD_SCHEMA_NOT_COMPAT
char *desc = mod->sm_desc->ad_cname->bv_val;
#else
char *desc = mod->mod_type;
#endif
/* delete the entire attribute */
if ( mod->mod_bvalues == NULL ) {
if ( mod->sm_bvalues == NULL ) {
Debug( LDAP_DEBUG_ARGS, "removing entire attribute %s\n",
mod->mod_type, 0, 0 );
return( attr_delete( &e->e_attrs, mod->mod_type ) ?
desc, 0, 0 );
return( attr_delete( &e->e_attrs, mod->sm_desc ) ?
LDAP_NO_SUCH_ATTRIBUTE : LDAP_SUCCESS );
}
/* delete specific values - find the attribute first */
if ( (a = attr_find( e->e_attrs, mod->mod_type )) == NULL ) {
if ( (a = attr_find( e->e_attrs, mod->sm_desc )) == NULL ) {
Debug( LDAP_DEBUG_ARGS, "could not find attribute %s\n",
mod->mod_type, 0, 0 );
desc, 0, 0 );
return( LDAP_NO_SUCH_ATTRIBUTE );
}
/* find each value to delete */
for ( i = 0; mod->mod_bvalues[i] != NULL; i++ ) {
for ( i = 0; mod->sm_bvalues[i] != NULL; i++ ) {
found = 0;
for ( j = 0; a->a_vals[j] != NULL; j++ ) {
#ifdef SLAPD_SCHEMA_NOT_COMPAT
int match;
const char *text;
int rc = value_match( &match, mod->sm_desc, NULL,
mod->sm_bvalues[i], a->a_vals[j], &text );
if( rc == LDAP_SUCCESS && match == 0 )
#else
if ( value_cmp( mod->mod_bvalues[i], a->a_vals[j],
a->a_syntax, 3 ) != 0 ) {
a->a_syntax, 3 ) != 0 )
#endif
{
continue;
}
found = 1;
......@@ -381,8 +393,8 @@ delete_values(
if ( a->a_vals[0] == NULL) {
Debug( LDAP_DEBUG_ARGS,
"removing entire attribute %s\n",
mod->mod_type, 0, 0 );
if ( attr_delete( &e->e_attrs, mod->mod_type ) ) {
desc, 0, 0 );
if ( attr_delete( &e->e_attrs, mod->sm_desc ) ) {
return LDAP_NO_SUCH_ATTRIBUTE;
}
}
......@@ -394,11 +406,10 @@ delete_values(
if ( ! found ) {
Debug( LDAP_DEBUG_ARGS,
"could not find value for attr %s\n",
mod->mod_type, 0, 0 );
desc, 0, 0 );
return LDAP_NO_SUCH_ATTRIBUTE;
}
}
#endif
return( LDAP_SUCCESS );
}
......
servers/slapd/back-ldbm/modrdn.c
View file @ 439c0c79
......@@ -320,34 +320,28 @@ ldbm_back_modrdn(
/* Retrieve the old rdn from the entry's dn */
if ( (old_rdn = dn_rdn( be, dn )) == NULL ) {
Debug( LDAP_DEBUG_TRACE,
"ldbm_back_modrdn: can't figure out old_rdn from dn\n",
0, 0, 0 );
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "could not parse old DN", NULL, NULL );
goto return_results;
}
if ( (old_rdn_type = rdn_attr_type( old_rdn )) == NULL ) {
Debug( LDAP_DEBUG_TRACE,
"ldbm_back_modrdn: can't figure out the old_rdn type\n",
0, 0, 0 );
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "count parse RDN from old DN", NULL, NULL );
goto return_results;
}
if ( strcasecmp( old_rdn_type, new_rdn_type ) != 0 ) {
/* Not a big deal but we may say something */
Debug( LDAP_DEBUG_TRACE,
"ldbm_back_modrdn: old_rdn_type=%s, new_rdn_type=%s!\n",
old_rdn_type, new_rdn_type, 0 );
}
Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: DN_X500\n",
......@@ -363,13 +357,28 @@ ldbm_back_modrdn(
add_bv.bv_len = strlen(new_rdn_val);
#ifdef SLAPD_SCHEMA_NOT_COMPAT
/* not yet implemented */
{
int rc;
const char *text;
mod[0].sml_desc = NULL;
rc = slap_str2ad( new_rdn_type, &mod[0].sml_desc, &text );
if( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
"ldbm_back_modrdn: %s: %s (new)\n",
text, new_rdn_type, 0 );
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
goto return_results;
}
}
#else
mod[0].ml_type = new_rdn_type;
mod[0].ml_bvalues = add_bvals;
mod[0].ml_op = SLAP_MOD_SOFTADD;
mod[0].ml_next = NULL;
mod[0].sml_type = new_rdn_type;
#endif
mod[0].sml_bvalues = add_bvals;
mod[0].sml_op = SLAP_MOD_SOFTADD;
mod[0].sml_next = NULL;