Commit 8224c1bf authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

Issue#9236 - Delete back-shell

parent f30f42f7
Pipeline #391 canceled with stage
in 9 seconds
......@@ -299,7 +299,6 @@ Backends="dnssrv \
passwd \
perl \
relay \
shell \
sock \
sql \
wt"
......@@ -331,8 +330,6 @@ OL_ARG_ENABLE(perl, [AS_HELP_STRING([--enable-perl], [enable perl backend])],
no, [no yes mod], ol_enable_backends)dnl
OL_ARG_ENABLE(relay, [AS_HELP_STRING([--enable-relay], [enable relay backend])],
yes, [no yes mod], ol_enable_backends)dnl
OL_ARG_ENABLE(shell, [AS_HELP_STRING([--enable-shell], [enable shell backend])],
no, [no yes mod])dnl
OL_ARG_ENABLE(sock, [AS_HELP_STRING([--enable-sock], [enable sock backend])],
no, [no yes mod], ol_enable_backends)dnl
OL_ARG_ENABLE(sql, [AS_HELP_STRING([--enable-sql], [enable sql backend])],
......@@ -2628,22 +2625,6 @@ if test "$ol_enable_relay" != no ; then
AC_DEFINE_UNQUOTED(SLAPD_RELAY,$MFLAG,[define to support relay backend])
fi
if test "$ol_enable_shell" != no ; then
if test "$ol_link_threads" != no ; then
AC_MSG_WARN([Use of --without-threads is recommended with back-shell])
fi
BUILD_SLAPD=yes
BUILD_SHELL=$ol_enable_shell
if test "$ol_enable_shell" = mod ; then
SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-shell"
MFLAG=SLAPD_MOD_DYNAMIC
else
SLAPD_STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS back-shell"
MFLAG=SLAPD_MOD_STATIC
fi
AC_DEFINE_UNQUOTED(SLAPD_SHELL,$MFLAG,[define to support SHELL backend])
fi
if test "$ol_enable_sock" != no ; then
BUILD_SLAPD=yes
BUILD_SOCK=$ol_enable_sock
......@@ -3095,11 +3076,9 @@ AC_CONFIG_FILES([Makefile:build/top.mk:Makefile.in:build/dir.mk]
[servers/slapd/back-passwd/Makefile:build/top.mk:servers/slapd/back-passwd/Makefile.in:build/mod.mk]
[servers/slapd/back-perl/Makefile:build/top.mk:servers/slapd/back-perl/Makefile.in:build/mod.mk]
[servers/slapd/back-relay/Makefile:build/top.mk:servers/slapd/back-relay/Makefile.in:build/mod.mk]
[servers/slapd/back-shell/Makefile:build/top.mk:servers/slapd/back-shell/Makefile.in:build/mod.mk]
[servers/slapd/back-sock/Makefile:build/top.mk:servers/slapd/back-sock/Makefile.in:build/mod.mk]
[servers/slapd/back-sql/Makefile:build/top.mk:servers/slapd/back-sql/Makefile.in:build/mod.mk]
[servers/slapd/back-wt/Makefile:build/top.mk:servers/slapd/back-wt/Makefile.in:build/mod.mk]
[servers/slapd/shell-backends/Makefile:build/top.mk:servers/slapd/shell-backends/Makefile.in:build/srv.mk]
[servers/slapd/slapi/Makefile:build/top.mk:servers/slapd/slapi/Makefile.in:build/lib.mk:build/lib-shared.mk]
[servers/slapd/overlays/Makefile:build/top.mk:servers/slapd/overlays/Makefile.in:build/lib.mk]
[tests/Makefile:build/top.mk:tests/Makefile.in:build/dir.mk]
......
......@@ -18,7 +18,7 @@ PROGRAMS=slapd $(SLAPTOOLS)
XPROGRAMS=sslapd libbackends.a .backend liboverlays.a
XSRCS=version.c
SUBDIRS=back-* shell-backends slapi overlays
SUBDIRS=back-* slapi overlays
NT_SRCS = nt_svc.c
NT_OBJS = nt_svc.o ../../libraries/liblutil/slapdmsg.res
......
# Makefile.in for back-shell
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2020 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
SRCS = init.c config.c fork.c search.c bind.c unbind.c add.c \
delete.c modify.c modrdn.c compare.c result.c
OBJS = init.lo config.lo fork.lo search.lo bind.lo unbind.lo add.lo \
delete.lo modify.lo modrdn.lo compare.lo result.lo
LDAP_INCDIR= ../../../include
LDAP_LIBDIR= ../../../libraries
BUILD_OPT = "--enable-shell"
BUILD_MOD = @BUILD_SHELL@
mod_DEFS = -DSLAPD_IMPORT
MOD_DEFS = $(@BUILD_SHELL@_DEFS)
shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
LIBBASE = back_shell
XINCPATH = -I.. -I$(srcdir)/..
XDEFS = $(MODULES_CPPFLAGS)
all-local-lib: ../.backend
../.backend: lib$(LIBBASE).a
@touch $@
/* add.c - shell backend add function */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2020 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
/* Portions Copyright (c) 1995 Regents of the University of Michigan.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and that due credit is given
* to the University of Michigan at Ann Arbor. The name of the University
* may not be used to endorse or promote products derived from this
* software without specific prior written permission. This software
* is provided ``as is'' without express or implied warranty.
*/
/* ACKNOWLEDGEMENTS:
* This work was originally developed by the University of Michigan
* (as part of U-MICH LDAP).
*/
#include "portable.h"
#include <stdio.h>
#include <ac/string.h>
#include <ac/socket.h>
#include "slap.h"
#include "shell.h"
int
shell_back_add(
Operation *op,
SlapReply *rs )
{
struct shellinfo *si = (struct shellinfo *) op->o_bd->be_private;
AttributeDescription *entry = slap_schema.si_ad_entry;
FILE *rfp, *wfp;
int len;
if ( si->si_add == NULL ) {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"add not implemented" );
return( -1 );
}
if ( ! access_allowed( op, op->oq_add.rs_e,
entry, NULL, ACL_WADD, NULL ) )
{
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
return -1;
}
if ( forkandexec( si->si_add, &rfp, &wfp ) == (pid_t)-1 ) {
send_ldap_error( op, rs, LDAP_OTHER,
"could not fork/exec" );
return( -1 );
}
/* write out the request to the add process */
fprintf( wfp, "ADD\n" );
fprintf( wfp, "msgid: %ld\n", (long) op->o_msgid );
print_suffixes( wfp, op->o_bd );
ldap_pvt_thread_mutex_lock( &entry2str_mutex );
fprintf( wfp, "%s", entry2str( op->oq_add.rs_e, &len ) );
ldap_pvt_thread_mutex_unlock( &entry2str_mutex );
fclose( wfp );
/* read in the result and send it along */
read_and_send_results( op, rs, rfp );
fclose( rfp );
return( 0 );
}
/* bind.c - shell backend bind function */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2020 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
/* Portions Copyright (c) 1995 Regents of the University of Michigan.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and that due credit is given
* to the University of Michigan at Ann Arbor. The name of the University
* may not be used to endorse or promote products derived from this
* software without specific prior written permission. This software
* is provided ``as is'' without express or implied warranty.
*/
/* ACKNOWLEDGEMENTS:
* This work was originally developed by the University of Michigan
* (as part of U-MICH LDAP).
*/
#include "portable.h"
#include <stdio.h>
#include <ac/socket.h>
#include <ac/string.h>
#include "slap.h"
#include "shell.h"
int
shell_back_bind(
Operation *op,
SlapReply *rs )
{
struct shellinfo *si = (struct shellinfo *) op->o_bd->be_private;
AttributeDescription *entry = slap_schema.si_ad_entry;
Entry e;
FILE *rfp, *wfp;
int rc;
/* allow rootdn as a means to auth without the need to actually
* contact the proxied DSA */
switch ( be_rootdn_bind( op, rs ) ) {
case SLAP_CB_CONTINUE:
break;
default:
return rs->sr_err;
}
if ( si->si_bind == NULL ) {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"bind not implemented" );
return( -1 );
}
e.e_id = NOID;
e.e_name = op->o_req_dn;
e.e_nname = op->o_req_ndn;
e.e_attrs = NULL;
e.e_ocflags = 0;
e.e_bv.bv_len = 0;
e.e_bv.bv_val = NULL;
e.e_private = NULL;
if ( ! access_allowed( op, &e,
entry, NULL, ACL_AUTH, NULL ) )
{
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
return -1;
}
if ( forkandexec( si->si_bind, &rfp, &wfp ) == (pid_t)-1 ) {
send_ldap_error( op, rs, LDAP_OTHER,
"could not fork/exec" );
return( -1 );
}
/* write out the request to the bind process */
fprintf( wfp, "BIND\n" );
fprintf( wfp, "msgid: %ld\n", (long) op->o_msgid );
print_suffixes( wfp, op->o_bd );
fprintf( wfp, "dn: %s\n", op->o_req_dn.bv_val );
fprintf( wfp, "method: %d\n", op->oq_bind.rb_method );
fprintf( wfp, "credlen: %lu\n", op->oq_bind.rb_cred.bv_len );
fprintf( wfp, "cred: %s\n", op->oq_bind.rb_cred.bv_val ); /* XXX */
fclose( wfp );
/* read in the results and send them along */
rc = read_and_send_results( op, rs, rfp );
fclose( rfp );
return( rc );
}
/* compare.c - shell backend compare function */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2020 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
/* Portions Copyright (c) 1995 Regents of the University of Michigan.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and that due credit is given
* to the University of Michigan at Ann Arbor. The name of the University
* may not be used to endorse or promote products derived from this
* software without specific prior written permission. This software
* is provided ``as is'' without express or implied warranty.
*/
/* ACKNOWLEDGEMENTS:
* This work was originally developed by the University of Michigan
* (as part of U-MICH LDAP).
*/
#include "portable.h"
#include <stdio.h>
#include <ac/string.h>
#include <ac/socket.h>
#include "slap.h"
#include "shell.h"
int
shell_back_compare(
Operation *op,
SlapReply *rs )
{
struct shellinfo *si = (struct shellinfo *) op->o_bd->be_private;
AttributeDescription *entry = slap_schema.si_ad_entry;
Entry e;
FILE *rfp, *wfp;
if ( si->si_compare == NULL ) {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"compare not implemented" );
return( -1 );
}
e.e_id = NOID;
e.e_name = op->o_req_dn;
e.e_nname = op->o_req_ndn;
e.e_attrs = NULL;
e.e_ocflags = 0;
e.e_bv.bv_len = 0;
e.e_bv.bv_val = NULL;
e.e_private = NULL;
if ( ! access_allowed( op, &e,
entry, NULL, ACL_READ, NULL ) )
{
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
return -1;
}
if ( forkandexec( si->si_compare, &rfp, &wfp ) == (pid_t)-1 ) {
send_ldap_error( op, rs, LDAP_OTHER,
"could not fork/exec" );
return( -1 );
}
/*
* FIX ME: This should use LDIF routines so that binary
* values are properly dealt with
*/
/* write out the request to the compare process */
fprintf( wfp, "COMPARE\n" );
fprintf( wfp, "msgid: %ld\n", (long) op->o_msgid );
print_suffixes( wfp, op->o_bd );
fprintf( wfp, "dn: %s\n", op->o_req_dn.bv_val );
fprintf( wfp, "%s: %s\n",
op->oq_compare.rs_ava->aa_desc->ad_cname.bv_val,
op->oq_compare.rs_ava->aa_value.bv_val /* could be binary! */ );
fclose( wfp );
/* read in the result and send it along */
read_and_send_results( op, rs, rfp );
fclose( rfp );
return( 0 );
}
/* config.c - shell backend configuration file routine */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2020 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
/* Portions Copyright (c) 1995 Regents of the University of Michigan.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and that due credit is given
* to the University of Michigan at Ann Arbor. The name of the University
* may not be used to endorse or promote products derived from this
* software without specific prior written permission. This software
* is provided ``as is'' without express or implied warranty.
*/
/* ACKNOWLEDGEMENTS:
* This work was originally developed by the University of Michigan
* (as part of U-MICH LDAP).
*/
#include "portable.h"
#include <stdio.h>
#include <ac/string.h>
#include <ac/socket.h>
#include "slap.h"
#include "shell.h"
#include "config.h"
static ConfigDriver shell_cf;
enum {
SHELL_BIND = 0,
SHELL_UNBIND = 1,
SHELL_SEARCH,
SHELL_COMPARE,
SHELL_MODIFY,
SHELL_MODRDN,
SHELL_ADD,
SHELL_DELETE
};
static ConfigTable shellcfg[] = {
{ "bind", "args", 2, 0, 0, ARG_MAGIC|SHELL_BIND, shell_cf,
"( OLcfgDbAt:10.1 NAME 'olcShellBind' "
"DESC 'Bind command and arguments' "
"EQUALITY caseExactMatch "
"SYNTAX OMsDirectoryString SINGLE-VALUE ) ", NULL, NULL },
{ "unbind", "args", 2, 0, 0, ARG_MAGIC|SHELL_UNBIND, shell_cf,
"( OLcfgDbAt:10.2 NAME 'olcShellUnbind' "
"DESC 'Unbind command and arguments' "
"EQUALITY caseExactMatch "
"SYNTAX OMsDirectoryString SINGLE-VALUE ) ", NULL, NULL },
{ "search", "args", 2, 0, 0, ARG_MAGIC|SHELL_SEARCH, shell_cf,
"( OLcfgDbAt:10.3 NAME 'olcShellSearch' "
"DESC 'Search command and arguments' "
"EQUALITY caseExactMatch "
"SYNTAX OMsDirectoryString SINGLE-VALUE ) ", NULL, NULL },
{ "compare", "args", 2, 0, 0, ARG_MAGIC|SHELL_COMPARE, shell_cf,
"( OLcfgDbAt:10.4 NAME 'olcShellCompare' "
"DESC 'Compare command and arguments' "
"EQUALITY caseExactMatch "
"SYNTAX OMsDirectoryString SINGLE-VALUE ) ", NULL, NULL },
{ "modify", "args", 2, 0, 0, ARG_MAGIC|SHELL_MODIFY, shell_cf,
"( OLcfgDbAt:10.5 NAME 'olcShellModify' "
"DESC 'Modify command and arguments' "
"EQUALITY caseExactMatch "
"SYNTAX OMsDirectoryString SINGLE-VALUE ) ", NULL, NULL },
{ "modrdn", "args", 2, 0, 0, ARG_MAGIC|SHELL_MODRDN, shell_cf,
"( OLcfgDbAt:10.6 NAME 'olcShellModRDN' "
"DESC 'ModRDN command and arguments' "
"EQUALITY caseExactMatch "
"SYNTAX OMsDirectoryString SINGLE-VALUE ) ", NULL, NULL },
{ "add", "args", 2, 0, 0, ARG_MAGIC|SHELL_ADD, shell_cf,
"( OLcfgDbAt:10.7 NAME 'olcShellAdd' "
"DESC 'Add command and arguments' "
"EQUALITY caseExactMatch "
"SYNTAX OMsDirectoryString SINGLE-VALUE ) ", NULL, NULL },
{ "delete", "args", 2, 0, 0, ARG_MAGIC|SHELL_DELETE, shell_cf,
"( OLcfgDbAt:10.8 NAME 'olcShellDelete' "
"DESC 'Delete command and arguments' "
"EQUALITY caseExactMatch "
"SYNTAX OMsDirectoryString SINGLE-VALUE ) ", NULL, NULL },
{ NULL }
};
static ConfigOCs shellocs[] = {
{ "( OLcfgDbOc:10.1 "
"NAME 'olcShellConfig' "
"DESC 'Shell backend configuration' "
"SUP olcDatabaseConfig "
"MAY ( olcShellBind $ olcShellUnbind $ olcShellSearch $ "
"olcShellCompare $ olcShellModify $ olcShellModRDN $ "
"olcShellAdd $ olcShellDelete ) )",
Cft_Database, shellcfg },
{ NULL }
};
static int
shell_cf( ConfigArgs *c )
{
struct shellinfo *si = (struct shellinfo *) c->be->be_private;
char ***arr = &si->si_bind;
if ( c->op == SLAP_CONFIG_EMIT ) {
struct berval bv;
if ( !arr[c->type] ) return 1;
bv.bv_val = ldap_charray2str( arr[c->type], " " );
bv.bv_len = strlen( bv.bv_val );
ber_bvarray_add( &c->rvalue_vals, &bv );
} else if ( c->op == LDAP_MOD_DELETE ) {
ldap_charray_free( arr[c->type] );
arr[c->type] = NULL;
} else {
arr[c->type] = ldap_charray_dup( &c->argv[1] );
}
return 0;
}
int
shell_back_init_cf( BackendInfo *bi )
{
bi->bi_cf_ocs = shellocs;
return config_register_schema( shellcfg, shellocs );
}
/* delete.c - shell backend delete function */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2020 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
/* Portions Copyright (c) 1995 Regents of the University of Michigan.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and that due credit is given
* to the University of Michigan at Ann Arbor. The name of the University
* may not be used to endorse or promote products derived from this
* software without specific prior written permission. This software
* is provided ``as is'' without express or implied warranty.
*/
/* ACKNOWLEDGEMENTS:
* This work was originally developed by the University of Michigan
* (as part of U-MICH LDAP).
*/
#include "portable.h"
#include <stdio.h>
#include <ac/string.h>
#include <ac/socket.h>
#include "slap.h"
#include "shell.h"
int
shell_back_delete(
Operation *op,
SlapReply *rs )
{
struct shellinfo *si = (struct shellinfo *) op->o_bd->be_private;
AttributeDescription *entry = slap_schema.si_ad_entry;
Entry e;
FILE *rfp, *wfp;
if ( si->si_delete == NULL ) {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"delete not implemented" );
return( -1 );
}
e.e_id = NOID;
e.e_name = op->o_req_dn;
e.e_nname = op->o_req_ndn;
e.e_attrs = NULL;
e.e_ocflags = 0;
e.e_bv.bv_len = 0;
e.e_bv.bv_val = NULL;
e.e_private = NULL;
if ( ! access_allowed( op, &e,
entry, NULL, ACL_WDEL, NULL ) )
{
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
return -1;
}
if ( forkandexec( si->si_delete, &rfp, &wfp ) == (pid_t)-1 ) {
send_ldap_error( op, rs, LDAP_OTHER,
"could not fork/exec" );
return( -1 );
}
/* write out the request to the delete process */
fprintf( wfp, "DELETE\n" );
fprintf( wfp, "msgid: %ld\n", (long) op->o_msgid );
print_suffixes( wfp, op->o_bd );