Commit 093d040c authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

more for ITS#5903

parent f32c8b4d
......@@ -188,6 +188,7 @@ typedef struct memberof_cbinfo_t {
slap_overinst *on;
BerVarray member;
BerVarray memberof;
memberof_is_t what;
} memberof_cbinfo_t;
static int
......@@ -244,7 +245,7 @@ memberof_saveMember_cb( Operation *op, SlapReply *rs )
* attribute values of groups being deleted.
*/
static int
memberof_isGroupOrMember( Operation *op, memberof_is_t *iswhatp, memberof_cbinfo_t *mci )
memberof_isGroupOrMember( Operation *op, memberof_cbinfo_t *mci )
{
slap_overinst *on = mci->on;
memberof_t *mo = (memberof_t *)on->on_bi.bi_private;
......@@ -258,8 +259,7 @@ memberof_isGroupOrMember( Operation *op, memberof_is_t *iswhatp, memberof_cbinfo
memberof_is_t iswhat = MEMBEROF_IS_NONE;
memberof_cookie_t mc;
assert( iswhatp != NULL );
assert( *iswhatp != MEMBEROF_IS_NONE );
assert( mci->what != MEMBEROF_IS_NONE );
cb.sc_private = &mc;
if ( op->o_tag == LDAP_REQ_DELETE ) {
......@@ -283,7 +283,7 @@ memberof_isGroupOrMember( Operation *op, memberof_is_t *iswhatp, memberof_cbinfo
op2.ors_slimit = 1;
op2.ors_tlimit = SLAP_NO_LIMIT;
if ( *iswhatp & MEMBEROF_IS_GROUP ) {
if ( mci->what & MEMBEROF_IS_GROUP ) {
mc.ad = mo->mo_ad_member;
mc.foundit = 0;
mc.vals = NULL;
......@@ -298,12 +298,12 @@ memberof_isGroupOrMember( Operation *op, memberof_is_t *iswhatp, memberof_cbinfo
if ( mc.foundit ) {
iswhat |= MEMBEROF_IS_GROUP;
mci->member = mc.vals;
if ( mc.vals ) mci->member = mc.vals;
}
}
if ( *iswhatp & MEMBEROF_IS_MEMBER ) {
if ( mci->what & MEMBEROF_IS_MEMBER ) {
mc.ad = mo->mo_ad_memberof;
mc.foundit = 0;
mc.vals = NULL;
......@@ -318,12 +318,12 @@ memberof_isGroupOrMember( Operation *op, memberof_is_t *iswhatp, memberof_cbinfo
if ( mc.foundit ) {
iswhat |= MEMBEROF_IS_MEMBER;
mci->memberof = mc.vals;
if ( mc.vals ) mci->memberof = mc.vals;
}
}
*iswhatp = iswhat;
mci->what = iswhat;
return LDAP_SUCCESS;
}
......@@ -718,13 +718,9 @@ memberof_op_delete( Operation *op, SlapReply *rs )
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
memberof_t *mo = (memberof_t *)on->on_bi.bi_private;
memberof_is_t iswhat = MEMBEROF_IS_GROUP;
slap_callback *sc;
memberof_cbinfo_t *mci;
if ( MEMBEROF_REFINT( mo ) ) {
iswhat = MEMBEROF_IS_BOTH;
}
sc = op->o_tmpalloc( sizeof(slap_callback)+sizeof(*mci), op->o_tmpmemctx );
sc->sc_private = sc+1;
......@@ -734,8 +730,12 @@ memberof_op_delete( Operation *op, SlapReply *rs )
mci->on = on;
mci->member = NULL;
mci->memberof = NULL;
mci->what = MEMBEROF_IS_GROUP;
if ( MEMBEROF_REFINT( mo ) ) {
mci->what = MEMBEROF_IS_BOTH;
}
memberof_isGroupOrMember( op, &iswhat, mci );
memberof_isGroupOrMember( op, mci );
sc->sc_next = op->o_callback;
op->o_callback = sc;
......@@ -752,7 +752,6 @@ memberof_op_modify( Operation *op, SlapReply *rs )
Modifications **mlp, **mmlp = NULL;
int rc = SLAP_CB_CONTINUE, save_member = 0;
struct berval save_dn, save_ndn;
memberof_is_t iswhat = MEMBEROF_IS_GROUP;
slap_callback *sc;
memberof_cbinfo_t *mci, mcis;
......@@ -770,9 +769,10 @@ memberof_op_modify( Operation *op, SlapReply *rs )
save_dn = op->o_dn;
save_ndn = op->o_ndn;
mcis.on = on;
mcis.what = MEMBEROF_IS_GROUP;
if ( memberof_isGroupOrMember( op, &iswhat, &mcis ) == LDAP_SUCCESS
&& ( iswhat & MEMBEROF_IS_GROUP ) )
if ( memberof_isGroupOrMember( op, &mcis ) == LDAP_SUCCESS
&& ( mcis.what & MEMBEROF_IS_GROUP ) )
{
Modifications *ml;
......@@ -1127,6 +1127,7 @@ done2:;
mci->on = on;
mci->member = NULL;
mci->memberof = NULL;
mci->what = mcis.what;
if ( save_member ) {
op->o_dn = op->o_bd->be_rootdn;
......@@ -1287,7 +1288,6 @@ memberof_res_modify( Operation *op, SlapReply *rs )
int i, rc;
Modifications *ml, *mml = NULL;
BerVarray vals;
memberof_is_t iswhat = MEMBEROF_IS_GROUP;
if ( rs->sr_err != LDAP_SUCCESS ) {
return SLAP_CB_CONTINUE;
......@@ -1355,8 +1355,7 @@ memberof_res_modify( Operation *op, SlapReply *rs )
}
}
if ( memberof_isGroupOrMember( op, &iswhat, mci ) == LDAP_SUCCESS
&& ( iswhat & MEMBEROF_IS_GROUP ) )
if ( mci->what & MEMBEROF_IS_GROUP )
{
for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
if ( ml->sml_desc != mo->mo_ad_member ) {
......@@ -1431,14 +1430,14 @@ memberof_res_modrdn( Operation *op, SlapReply *rs )
BerVarray vals;
struct berval save_dn, save_ndn;
memberof_is_t iswhat = MEMBEROF_IS_GROUP;
if ( rs->sr_err != LDAP_SUCCESS ) {
return SLAP_CB_CONTINUE;
}
mci->what = MEMBEROF_IS_GROUP;
if ( MEMBEROF_REFINT( mo ) ) {
iswhat |= MEMBEROF_IS_MEMBER;
mci->what |= MEMBEROF_IS_MEMBER;
}
if ( op->orr_nnewSup ) {
......@@ -1455,11 +1454,11 @@ memberof_res_modrdn( Operation *op, SlapReply *rs )
op->o_req_dn = newNDN;
op->o_req_ndn = newNDN;
rc = memberof_isGroupOrMember( op, &iswhat, mci );
rc = memberof_isGroupOrMember( op, mci );
op->o_req_dn = save_dn;
op->o_req_ndn = save_ndn;
if ( rc != LDAP_SUCCESS || iswhat == MEMBEROF_IS_NONE ) {
if ( rc != LDAP_SUCCESS || mci->what == MEMBEROF_IS_NONE ) {
goto done;
}
......@@ -1472,7 +1471,7 @@ memberof_res_modrdn( Operation *op, SlapReply *rs )
build_new_dn( &newDN, &newPDN, &op->orr_newrdn, op->o_tmpmemctx );
if ( iswhat & MEMBEROF_IS_GROUP ) {
if ( mci->what & MEMBEROF_IS_GROUP ) {
op->o_bd->bd_info = (BackendInfo *)on->on_info;
rc = backend_attribute( op, NULL, &newNDN,
mo->mo_ad_member, &vals, ACL_READ );
......@@ -1489,7 +1488,7 @@ memberof_res_modrdn( Operation *op, SlapReply *rs )
}
}
if ( MEMBEROF_REFINT( mo ) && ( iswhat & MEMBEROF_IS_MEMBER ) ) {
if ( MEMBEROF_REFINT( mo ) && ( mci->what & MEMBEROF_IS_MEMBER ) ) {
op->o_bd->bd_info = (BackendInfo *)on->on_info;
rc = backend_attribute( op, NULL, &newNDN,
mo->mo_ad_memberof, &vals, ACL_READ );
......
......@@ -148,3 +148,44 @@ cn: Roger Rabbit
sn: Rabbit
memberOf: cn=Cartoonia,ou=Groups,dc=example,dc=com
# Re-search the entire database...
dn: dc=example,dc=com
objectClass: organization
objectClass: dcObject
o: Example, Inc.
dc: example
dn: cn=group1,ou=Groups,dc=example,dc=com
objectClass: groupA
cn: group1
dn: cn=group2,ou=Groups,dc=example,dc=com
objectClass: groupB
cn: group2
memberB: cn=person1,ou=People,dc=example,dc=com
memberB: cn=person2,ou=People,dc=example,dc=com
dn: ou=Groups,dc=example,dc=com
objectClass: organizationalUnit
ou: Groups
dn: ou=People,dc=example,dc=com
objectClass: organizationalUnit
ou: People
dn: cn=person1,ou=People,dc=example,dc=com
objectClass: person
objectClass: groupMemberA
objectClass: groupMemberB
cn: person1
sn: person1
memberOfB: cn=group2,ou=Groups,dc=example,dc=com
dn: cn=person2,ou=People,dc=example,dc=com
objectClass: person
objectClass: groupMemberA
objectClass: groupMemberB
cn: person2
sn: person2
memberOfB: cn=group2,ou=Groups,dc=example,dc=com
......@@ -75,6 +75,26 @@ fi
echo "Running ldapadd to build slapd config database..."
$LDAPADD -h $LOCALHOST -p $PORT1 -D 'cn=config' -w `cat $CONFIGPWF` \
>> $TESTOUT 2>&1 <<EOF
dn: cn=symas group example,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: symas group example
olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.1
NAME 'memberA' SUP distinguishedName )
olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.2
NAME 'memberOfA' SUP distinguishedName )
olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.3
NAME 'memberB' SUP distinguishedName )
olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.4
NAME 'memberOfB' SUP distinguishedName )
olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.1
NAME 'groupA' SUP top STRUCTURAL MUST cn MAY memberA )
olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.2
NAME 'groupMemberA' SUP top AUXILIARY MAY memberOfA )
olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.3
NAME 'groupB' SUP top STRUCTURAL MUST cn MAY memberB )
olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.4
NAME 'groupMemberB' SUP top AUXILIARY MAY memberOfB )
dn: olcDatabase={1}$BACKEND,cn=config
objectClass: olcDatabaseConfig
objectClass: olc${BACKEND}Config
......@@ -91,7 +111,6 @@ olcDbIndex: uid pres,eq,sub
olcDbIndex: sn pres,eq,sub
olcDbMode: 384
# {0}memberof, {1}$BACKEND, config
dn: olcOverlay={0}memberof,olcDatabase={1}$BACKEND,cn=config
objectClass: olcOverlayConfig
objectClass: olcMemberOf
......@@ -100,6 +119,25 @@ olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member
olcMemberOfMemberOfAD: memberOf
dn: olcOverlay={1}memberof,olcDatabase={1}$BACKEND,cn=config
objectClass: olcOverlayConfig
objectClass: olcMemberOf
olcOverlay: {1}memberof
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupA
olcMemberOfMemberAD: memberA
olcMemberOfMemberOfAD: memberOfA
dn: olcOverlay={2}memberof,olcDatabase={1}$BACKEND,cn=config
objectClass: olcOverlayConfig
objectClass: olcMemberOf
olcOverlay: {2}memberof
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupB
olcMemberOfMemberAD: memberB
olcMemberOfMemberOfAD: memberOfB
EOF
RC=$?
if test $RC != 0 ; then
......@@ -227,6 +265,66 @@ if test $RC != 0 ; then
exit $RC
fi
echo "Adding groups with MAY member type schemas..."
$LDAPMODIFY -h $LOCALHOST -p $PORT1 \
-D "cn=Manager,$BASEDN" -w secret \
>> $TESTOUT 2>&1 <<EOF
dn: cn=Roger Rabbit,ou=People,$BASEDN
changetype: delete
dn: cn=Jessica Rabbit,ou=People,$BASEDN
changetype: delete
dn: cn=Cartoonia,ou=Groups,$BASEDN
changetype: delete
dn: cn=person1,ou=People,$BASEDN
changetype: add
objectClass: person
objectClass: groupMemberA
objectClass: groupMemberB
cn: person1
sn: person1
dn: cn=person2,ou=People,$BASEDN
changetype: add
objectClass: person
objectClass: groupMemberA
objectClass: groupMemberB
cn: person2
sn: person2
dn: cn=group1,ou=Groups,$BASEDN
changetype: add
objectclass: groupA
cn: group1
memberA: cn=person1,ou=People,$BASEDN
memberA: cn=person2,ou=People,$BASEDN
dn: cn=group2,ou=Groups,$BASEDN
changetype: add
objectclass: groupB
cn: group2
memberB: cn=person1,ou=People,$BASEDN
memberB: cn=person2,ou=People,$BASEDN
dn: cn=group1,ou=Groups,$BASEDN
changetype: modify
delete: memberA
EOF
echo "Re-search the entire database..."
echo "# Re-search the entire database..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
'(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapsearch failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
test $KILLSERVERS != no && kill -HUP $KILLPIDS
LDIF=$MEMBEROFOUT
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment