Commit bc51bd51 authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Yet another round of SLAPD_SCHEMA_NOT_COMPAT changes...

Changes outside of #ifdef include three value filter processing.
parent f9195f9b
......@@ -16,7 +16,7 @@ SRCS = main.c daemon.c connection.c search.c filter.c add.c charray.c \
phonetic.c acl.c str2filter.c aclparse.c init.c user.c \
repl.c lock.c controls.c extended.c kerberos.c passwd.c \
schema.c schema_check.c schema_init.c schemaparse.c \
at.c mr.c syntax.c oc.c \
ad.c at.c mr.c syntax.c oc.c \
monitor.c configinfo.c starttls.c \
root_dse.c sasl.c module.c suffixalias.c $(@PLAT@_SRCS)
......@@ -27,7 +27,7 @@ OBJS = main.o daemon.o connection.o search.o filter.o add.o charray.o \
phonetic.o acl.o str2filter.o aclparse.o init.o user.o \
repl.o lock.o controls.o extended.o kerberos.o passwd.o \
schema.o schema_check.o schema_init.o schemaparse.o \
at.o mr.o syntax.o oc.o \
ad.o at.o mr.o syntax.o oc.o \
monitor.o configinfo.o starttls.o \
root_dse.o sasl.o module.o suffixalias.o $(@PLAT@_OBJS)
......
......@@ -35,7 +35,7 @@ static int aci_mask(
regmatch_t *matches, slap_access_t *grant, slap_access_t *deny );
char *supportedACIMechs[] = {
"1.3.6.1.4.1.4203.666.7.1", /* experimental draft aci family */
"1.3.6.1.4.1.4203.666.7.1", /* experimental IETF aci family */
"1.3.6.1.4.1.4203.666.7.2", /* experimental OpenLDAP aci family */
NULL
};
......@@ -74,7 +74,9 @@ access_allowed(
{
int count;
AccessControl *a;
#ifdef LDAP_DEBUG
char accessmaskbuf[ACCESSMASK_MAXLEN];
#endif
slap_access_mask_t mask;
slap_control_t control;
......@@ -238,7 +240,8 @@ acl_get(
}
if ( a->acl_filter != NULL ) {
if ( test_filter( NULL, NULL, NULL, e, a->acl_filter ) != 0 ) {
ber_int_t rc = test_filter( NULL, NULL, NULL, e, a->acl_filter );
if ( rc != LDAP_COMPARE_TRUE ) {
continue;
}
}
......@@ -286,7 +289,9 @@ acl_mask(
{
int i;
Access *b;
#ifdef LDAP_DEBUG
char accessmaskbuf[ACCESSMASK_MAXLEN];
#endif
assert( a != NULL );
assert( mask != NULL );
......
/* $OpenLDAP$ */
/*
* Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
/* ad.c - routines for dealing with attribute descriptions */
#include "portable.h"
#include <stdio.h>
#include <ac/ctype.h>
#include <ac/errno.h>
#include <ac/socket.h>
#include <ac/string.h>
#include <ac/time.h>
#include "ldap_pvt.h"
#include "slap.h"
#ifdef SLAPD_SCHEMA_NOT_COMPAT
int slap_bv2ad(
struct berval *bv,
AttributeDescription **ad,
char **text )
{
int rtn = LDAP_UNDEFINED_TYPE;
int i;
AttributeDescription desc;
char **tokens;
assert( *ad != NULL );
assert( *text != NULL );
if( bv == NULL || bv->bv_len == 0 ) {
*text = "empty attribute description";
return LDAP_UNDEFINED_TYPE;
}
/* make sure description is IA5 */
if( IA5StringValidate( NULL, bv ) != 0 ) {
*text = "attribute description contains non-IA5 characters";
return LDAP_UNDEFINED_TYPE;
}
tokens = str2charray( bv->bv_val, ";");
if( tokens == NULL || *tokens == NULL ) {
*text = "no attribute type";
goto done;
}
desc.ad_type = at_find( *tokens );
if( desc.ad_type == NULL ) {
*text = "attribute type undefined";
goto done;
}
desc.ad_flags = SLAP_DESC_NONE;
desc.ad_lang = NULL;
for( i=1; tokens[i] != NULL; i++ ) {
if( strcasecmp( tokens[i], "binary" ) == 0 ) {
if( desc.ad_flags & SLAP_DESC_BINARY ) {
*text = "option \"binary\" specified multiple times";
goto done;
}
if(!( desc.ad_type->sat_syntax->ssyn_flags
& SLAP_SYNTAX_BINARY ))
{
/* not stored in binary, disallow option */
*text = "option \"binary\" with type not supported";
goto done;
}
desc.ad_flags |= SLAP_DESC_BINARY;
} else if ( strncasecmp( tokens[i], "lang-",
sizeof("lang-")-1 ) == 0 && tokens[i][sizeof("lang-")-1] )
{
if( desc.ad_lang != NULL ) {
*text = "multiple language tag options specified";
goto done;
}
desc.ad_lang = tokens[i];
/* normalize to all lower case, it's easy */
ldap_pvt_str2lower( desc.ad_lang );
} else {
*text = "unrecognized option";
goto done;
}
}
desc.ad_cname = ch_malloc( sizeof( struct berval ) );
desc.ad_cname->bv_len = strlen( desc.ad_type->sat_cname );
if( desc.ad_flags & SLAP_DESC_BINARY ) {
desc.ad_cname->bv_len += sizeof("binary");
}
if( desc.ad_lang != NULL ) {
desc.ad_cname->bv_len += strlen( desc.ad_lang );
}
desc.ad_cname = ch_malloc( desc.ad_cname->bv_len + 1 );
strcpy( desc.ad_cname->bv_val, desc.ad_type->sat_cname );
strcat( desc.ad_cname->bv_val, ";binary" );
if( desc.ad_flags & SLAP_DESC_BINARY ) {
strcat( desc.ad_cname->bv_val, ";binary" );
}
if( desc.ad_lang != NULL ) {
strcat( desc.ad_cname->bv_val, ";" );
strcat( desc.ad_cname->bv_val, desc.ad_lang );
}
*ad = ch_malloc( sizeof( AttributeDescription ) );
**ad = desc;
rtn = LDAP_SUCCESS;
done:
charray_free( tokens );
return rtn;
}
void
ad_free( AttributeDescription *ad, int freeit )
{
if( ad == NULL ) return;
ber_bvfree( ad->ad_cname );
free( ad->ad_lang );
if( freeit ) free( ad );
}
#endif
......@@ -3,7 +3,7 @@
* Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
/* at.c - routines for dealing with attributes */
/* at.c - routines for dealing with attribute types */
#include "portable.h"
......
......@@ -26,19 +26,6 @@
static void at_index_print( void );
#endif
#ifdef SLAPD_SCHEMA_NOT_COMPAT
void
ad_free( AttributeDescription *ad, int freeit )
{
if( ad == NULL ) return;
ber_bvfree( ad->ad_cname );
free( ad->ad_lang );
if( freeit ) free( ad );
}
#endif
void
attr_free( Attribute *a )
{
......
......@@ -14,6 +14,23 @@
#include "slap.h"
#ifdef SLAPD_SCHEMA_NOT_COMPAT
void
ava_free(
AttributeAssertion *ava,
int freeit
)
{
ad_free( ava->aa_desc, 1 );
ber_bvfree( ava->aa_value );
if ( freeit ) {
ch_free( (char *) ava );
}
}
#else
int
get_ava(
BerElement *ber,
......@@ -23,14 +40,11 @@ get_ava(
if ( ber_scanf( ber, "{ao}", &ava->ava_type, &ava->ava_value )
== LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, " get_ava ber_scanf\n", 0, 0, 0 );
return( -1 );
return -1;
}
attr_normalize( ava->ava_type );
#ifndef SLAPD_SCHEMA_NOT_COMPAT
value_normalize( ava->ava_value.bv_val, attr_syntax( ava->ava_type ) );
#endif
return( LDAP_SUCCESS );
}
......@@ -41,10 +55,11 @@ ava_free(
int freeit
)
{
free( (char *) ava->ava_type );
free( (char *) ava->ava_value.bv_val );
ch_free( (char *) ava->ava_type );
ch_free( (char *) ava->ava_value.bv_val );
if ( freeit ) {
free( (char *) ava );
ch_free( (char *) ava );
}
}
#endif
......@@ -240,7 +240,7 @@ bdb2i_back_search_internal(
}
/* if it matches the filter and scope, send it */
if ( test_filter( be, conn, op, e, filter ) == 0 ) {
if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) {
char *dn;
/* check scope */
......
......@@ -23,7 +23,11 @@ ldbm_back_compare(
Operation *op,
char *dn,
char *ndn,
#ifdef SLAPD_SCHEMA_NOT_COMPAT
AttributeAssertion *ava
#else
Ava *ava
#endif
)
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
......@@ -76,8 +80,13 @@ ldbm_back_compare(
goto return_results;
}
#ifdef SLAPD_SCHEMA_NOT_COMPAT
if ( ! access_allowed( be, conn, op, e,
ava->aa_desc->ad_type->sat_cname, ava->aa_value, ACL_COMPARE ) )
#else
if ( ! access_allowed( be, conn, op, e,
ava->ava_type, &ava->ava_value, ACL_COMPARE ) )
#endif
{
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
NULL, NULL, NULL, NULL );
......@@ -85,7 +94,12 @@ ldbm_back_compare(
goto return_results;
}
if ( (a = attr_find( e->e_attrs, ava->ava_type )) == NULL ) {
#ifdef SLAPD_SCHEMA_NOT_COMPAT
if ( (a = attr_find( e->e_attrs, ava->aa_desc->ad_cname->bv_val )) == NULL )
#else
if ( (a = attr_find( e->e_attrs, ava->ava_type )) == NULL )
#endif
{
send_ldap_result( conn, op, LDAP_NO_SUCH_ATTRIBUTE,
NULL, NULL, NULL, NULL );
rc = 1;
......
......@@ -45,9 +45,15 @@ extern int ldbm_back_search LDAP_P(( BackendDB *bd,
char *nbase, int scope, int deref, int sizelimit, int timelimit,
Filter *filter, char *filterstr, char **attrs, int attrsonly ));
#ifdef SLAPD_SCHEMA_NOT_COMPAT
extern int ldbm_back_compare LDAP_P(( BackendDB *bd,
Connection *conn, Operation *op,
char *dn, char *ndn, AttributeAssertion *ava ));
#else
extern int ldbm_back_compare LDAP_P((BackendDB *bd,
Connection *conn, Operation *op,
char *dn, char *ndn, Ava *ava ));
#endif
extern int ldbm_back_modify LDAP_P(( BackendDB *bd,
Connection *conn, Operation *op,
......
......@@ -15,6 +15,16 @@
#include "slap.h"
#include "back-ldbm.h"
#ifdef SLAPD_SCHEMA_NOT_COMPAT
ID_BLOCK *
filter_candidates(
Backend *be,
Filter *f )
{
return NULL;
}
#else
static ID_BLOCK *ava_candidates( Backend *be, Ava *ava, int type );
static ID_BLOCK *presence_candidates( Backend *be, char *type );
static ID_BLOCK *approx_candidates( Backend *be, Ava *ava );
......@@ -384,3 +394,4 @@ substring_comp_candidates(
idl ? ID_BLOCK_NIDS(idl) : 0, 0, 0 );
return( idl );
}
#endif
......@@ -318,7 +318,9 @@ index_change_values(
}
#ifndef SLAPD_SCHEMA_NOT_COMPAT
attr_normalize(type);
#endif
attr_mask( be->be_private, type, &indexmask );
if ( indexmask == 0 ) {
......
......@@ -245,7 +245,7 @@ ldbm_back_search(
}
/* if it matches the filter and scope, send it */
if ( test_filter( be, conn, op, e, filter ) == 0 ) {
if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) {
char *dn;
/* check scope */
......@@ -412,12 +412,14 @@ search_candidates(
rf = (Filter *) ch_malloc( sizeof(Filter) );
rf->f_next = NULL;
rf->f_choice = LDAP_FILTER_OR;
#ifndef SLAPD_SCHEMA_NOT_COMPAT
rf->f_or = (Filter *) ch_malloc( sizeof(Filter) );
rf->f_or->f_choice = LDAP_FILTER_EQUALITY;
rf->f_or->f_avtype = ch_strdup( "objectclass" );
rf->f_or->f_avvalue.bv_val = ch_strdup( "REFERRAL" );
rf->f_or->f_avvalue.bv_len = sizeof("REFERRAL")-1;
rf->f_or->f_next = filter;
#endif
f = rf;
} else {
rf = NULL;
......@@ -429,12 +431,14 @@ search_candidates(
af = (Filter *) ch_malloc( sizeof(Filter) );
af->f_next = NULL;
af->f_choice = LDAP_FILTER_OR;
#ifndef SLAPD_SCHEMA_NOT_COMPAT
af->f_or = (Filter *) ch_malloc( sizeof(Filter) );
af->f_or->f_choice = LDAP_FILTER_EQUALITY;
af->f_or->f_avtype = ch_strdup( "objectclass" );
af->f_or->f_avvalue.bv_val = ch_strdup( "ALIAS" );
af->f_or->f_avvalue.bv_len = sizeof("ALIAS")-1;
af->f_or->f_next = f;
#endif
f = af;
} else {
af = NULL;
......@@ -444,24 +448,28 @@ search_candidates(
lf = (Filter *) ch_malloc( sizeof(Filter) );
lf->f_next = NULL;
lf->f_choice = LDAP_FILTER_AND;
#ifndef SLAPD_SCHEMA_NOT_COMPAT
lf->f_and = (Filter *) ch_malloc( sizeof(Filter) );
lf->f_and->f_choice = SLAPD_FILTER_DN_SUBTREE;
lf->f_and->f_dn = e->e_ndn;
lf->f_and->f_next = f;
#endif
f = lf;
} else if ( scope == LDAP_SCOPE_ONELEVEL ) {
lf = (Filter *) ch_malloc( sizeof(Filter) );
lf->f_next = NULL;
lf->f_choice = LDAP_FILTER_AND;
#ifndef SLAPD_SCHEMA_NOT_COMPAT
lf->f_and = (Filter *) ch_malloc( sizeof(Filter) );
lf->f_and->f_choice = SLAPD_FILTER_DN_ONE;
lf->f_and->f_dn = e->e_ndn;
lf->f_and->f_next = f;
#endif
f = lf;
} else {
......@@ -472,17 +480,23 @@ search_candidates(
/* free up filter additions we allocated above */
if( lf != NULL ) {
#ifndef SLAPD_SCHEMA_NOT_COMPAT
free( lf->f_and );
#endif
free( lf );
}
if( af != NULL ) {
#ifndef SLAPD_SCHEMA_NOT_COMPAT
af->f_or->f_next = NULL;
#endif
filter_free( af );
}
if( rf != NULL ) {
#ifndef SLAPD_SCHEMA_NOT_COMPAT
rf->f_or->f_next = NULL;
#endif
filter_free( rf );
}
......
......@@ -108,7 +108,7 @@ passwd_back_search(
val.bv_len = strlen( val.bv_val );
attr_merge( e, "objectClass", vals );
if ( test_filter( be, conn, op, e, filter ) == 0 ) {
if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) {
send_search_entry( be, conn, op,
e, attrs, attrsonly, NULL );
sent++;
......@@ -138,7 +138,7 @@ passwd_back_search(
e = pw2entry( be, pw, NULL );
if ( test_filter( be, conn, op, e, filter ) == 0 ) {
if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) {
/* check size limit */
if ( --slimit == -1 ) {
send_ldap_result( conn, op, LDAP_SIZELIMIT_EXCEEDED,
......@@ -195,7 +195,7 @@ passwd_back_search(
e = pw2entry( be, pw, rdn );
if ( test_filter( be, conn, op, e, filter ) == 0 ) {
if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) {
send_search_entry( be, conn, op,
e, attrs, attrsonly, NULL );
sent++;
......
......@@ -31,9 +31,21 @@ do_compare(
)
{
char *dn = NULL, *ndn=NULL;
Ava ava;
struct berval desc;
struct berval value;
Backend *be;
int rc = LDAP_SUCCESS;
#ifdef SLAPD_SCHEMA_NOT_COMPAT
char *text = NULL;
AttributeAssertion ava;
ava.aa_desc = NULL;
#else
Ava ava;
#endif
desc.bv_val = NULL;
value.bv_val = NULL;
Debug( LDAP_DEBUG_TRACE, "do_compare\n", 0, 0, 0 );
......@@ -73,18 +85,20 @@ do_compare(
goto cleanup;
}
if ( get_ava( op->o_ber, &ava ) != LDAP_SUCCESS ) {
if ( ber_scanf( op->o_ber, "{oo}", &desc, &value ) == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, "do_compare: get ava failed\n", 0, 0, 0 );
send_ldap_disconnect( conn, op,
LDAP_PROTOCOL_ERROR, "decoding error" );
return -1;
rc = -1;
goto cleanup;
}
if ( ber_scanf( op->o_ber, /*{*/ "}" ) == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
send_ldap_disconnect( conn, op,
LDAP_PROTOCOL_ERROR, "decoding error" );
return -1;
rc = -1;
goto cleanup;
}
if( ( rc = get_ctrls( conn, op, 1 )) != LDAP_SUCCESS ) {
......@@ -92,11 +106,34 @@ do_compare(
goto cleanup;
}
#ifdef SLAPD_SCHEMA_NOT_COMPAT
rc = slap_bv2ad( &desc, &ava.aa_desc, &text );
if( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc, NULL,
text, NULL, NULL );
goto cleanup;
}
ava.aa_value = &value;
Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n",
dn, ava.aa_desc->ad_cname, ava.aa_value->bv_val );
Statslog( LDAP_DEBUG_STATS, "conn=%ld op=%d CMP dn=\"%s\" attr=\"%s\"\n",
op->o_connid, op->o_opid, dn, ava.aa_desc->ad_cname, 0 );
#else
ava.ava_type = desc.bv_val;
ava.ava_value = value;
attr_normalize( ava.ava_type );
value_normalize( ava.ava_value.bv_val, attr_syntax( ava.ava_type ) );
Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n",
dn, ava.ava_type, ava.ava_value.bv_val );
Statslog( LDAP_DEBUG_STATS, "conn=%ld op=%d CMP dn=\"%s\" attr=\"%s\"\n",
op->o_connid, op->o_opid, dn, ava.ava_type, 0 );
#endif
/*
* We could be serving multiple database backends. Select the
......@@ -132,7 +169,13 @@ do_compare(
cleanup:
free( dn );
free( ndn );
ava_free( &ava, 0 );
free( desc.bv_val );
free( value.bv_val );
#ifdef SLAPD_SCHEMA_NOT_COMPAT
if( ava.aa_desc != NULL ) {
ad_free( ava.aa_desc, 1 );
}
#endif
return rc;
}
......@@ -120,6 +120,9 @@ str2entry( char *s )
bval.bv_val = value;
bval.bv_len = vlen;
#ifdef SLAPD_SCHEMA_NOT_COMPAT
/* not yet implemented */
#else
if ( attr_merge_fast( e, type, vals, nvals, 1, &maxvals, &a )
!= 0 ) {
Debug( LDAP_DEBUG_TRACE,
......@@ -129,6 +132,7 @@ str2entry( char *s )
free( type );
return( NULL );
}
#endif
free( value );
free( type );
......
......@@ -68,6 +68,7 @@ get_filter( Connection *conn, BerElement *ber, Filter **filt, char **fstr )
f->f_ch