Commit 154a2040 authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

ITS#6752

parent 4813e6fc
......@@ -54,6 +54,8 @@ OpenLDAP 2.4.24 Engineering
Fixed slapd-monitor hasSubordinates generation (ITS#6712)
Fixed slapd-sql with null objectClass (ITS#6616)
Fixed slapd-sql hasSubordinates generation (ITS#6712)
Fixed slapo-dynlist callbacks (ITS#6752)
Fixed slapo-dynlist entry handling (ITS#6752)
Fixed slapo-memberof log messages (ITS#6748)
Fixed slapo-pcache callback freeing (ITS#6640)
Fixed slapo-pcache to ignore undefined attrs (ITS#6600)
......
......@@ -24,41 +24,18 @@
#ifdef SLAPD_OVER_DYNLIST
#if LDAP_VENDOR_VERSION_MINOR == X || LDAP_VENDOR_VERSION_MINOR > 3
#if SLAPD_OVER_DYNGROUP != SLAPD_MOD_STATIC
#define TAKEOVER_DYNGROUP
#endif
#else
#if LDAP_VENDOR_VERSION_MINOR < 3
#define OL_2_2_COMPAT
#endif
#endif
#include <stdio.h>
#include <ac/string.h>
#include "slap.h"
#ifndef OL_2_2_COMPAT
#include "config.h"
#endif
#include "lutil.h"
/* FIXME: the code differs if SLAP_OPATTRS is defined or not;
* SLAP_OPATTRS is not defined in 2.2 yet, while this overlay
* expects HEAD code at least later than August 6, 2004. */
/* FIXME: slap_anlist_no_attrs was introduced in 2.3; here it
* is anticipated to allow using this overlay with 2.2. */
#ifdef OL_2_2_COMPAT
static AttributeName anlist_no_attrs[] = {
{ BER_BVC( LDAP_NO_ATTRS ), NULL, 0, NULL },
{ BER_BVNULL, NULL, 0, NULL }
};
static AttributeName *slap_anlist_no_attrs = anlist_no_attrs;
#endif
static AttributeDescription *ad_dgIdentity, *ad_dgAuthz;
typedef struct dynlist_map_t {
......@@ -173,6 +150,7 @@ dynlist_make_filter( Operation *op, Entry *e, const char *url, struct berval *ol
return 0;
}
/* dynlist_sc_update() callback info set by dynlist_prepare_entry() */
typedef struct dynlist_sc_t {
dynlist_info_t *dlc_dli;
Entry *dlc_e;
......@@ -240,13 +218,8 @@ dynlist_sc_update( Operation *op, SlapReply *rs )
goto done;
}
#ifndef SLAP_OPATTRS
opattrs = ( rs->sr_attrs == NULL ) ? 0 : an_find( rs->sr_attrs, slap_bv_operational_attrs );
userattrs = ( rs->sr_attrs == NULL ) ? 1 : an_find( rs->sr_attrs, slap_bv_user_attrs );
#else /* SLAP_OPATTRS */
opattrs = SLAP_OPATTRS( rs->sr_attr_flags );
userattrs = SLAP_USERATTRS( rs->sr_attr_flags );
#endif /* SLAP_OPATTRS */
for ( a = rs->sr_entry->e_attrs; a != NULL; a = a->a_next ) {
BerVarray vals, nvals = NULL;
......@@ -363,7 +336,7 @@ done:;
if ( rs->sr_flags & REP_ENTRY_MUSTBEFREED ) {
entry_free( rs->sr_entry );
rs->sr_entry = NULL;
rs->sr_flags ^= REP_ENTRY_MUSTBEFREED;
rs->sr_flags &= ~REP_ENTRY_MASK;
}
return 0;
......@@ -378,7 +351,6 @@ dynlist_prepare_entry( Operation *op, SlapReply *rs, dynlist_info_t *dli )
SlapReply r = { REP_SEARCH };
struct berval *url;
Entry *e;
slap_mask_t e_flags;
int opattrs,
userattrs;
dynlist_sc_t dlc = { 0 };
......@@ -390,13 +362,8 @@ dynlist_prepare_entry( Operation *op, SlapReply *rs, dynlist_info_t *dli )
return SLAP_CB_CONTINUE;
}
#ifndef SLAP_OPATTRS
opattrs = ( rs->sr_attrs == NULL ) ? 0 : an_find( rs->sr_attrs, slap_bv_operational_attrs );
userattrs = ( rs->sr_attrs == NULL ) ? 1 : an_find( rs->sr_attrs, slap_bv_user_attrs );
#else /* SLAP_OPATTRS */
opattrs = SLAP_OPATTRS( rs->sr_attr_flags );
userattrs = SLAP_USERATTRS( rs->sr_attr_flags );
#endif /* SLAP_OPATTRS */
/* Don't generate member list if it wasn't requested */
for ( dlm = dli->dli_dlm; dlm; dlm = dlm->dlm_next ) {
......@@ -427,13 +394,11 @@ dynlist_prepare_entry( Operation *op, SlapReply *rs, dynlist_info_t *dli )
o.o_groups = NULL;
}
e_flags = rs->sr_flags;
e = rs->sr_entry;
/* ensure e is modifiable, but do not replace
* sr_entry yet since we have pointers into it */
if ( !( rs->sr_flags & REP_ENTRY_MODIFIABLE ) ) {
e = entry_dup( rs->sr_entry );
e_flags |= ( REP_ENTRY_MODIFIABLE | REP_ENTRY_MUSTBEFREED );
e_flags &= ~REP_ENTRY_MUSTRELEASE;
} else {
e = rs->sr_entry;
}
dlc.dlc_e = e;
......@@ -599,9 +564,7 @@ dynlist_prepare_entry( Operation *op, SlapReply *rs, dynlist_info_t *dli )
o.o_bd = select_backend( &o.o_req_ndn, 1 );
if ( o.o_bd && o.o_bd->be_search ) {
#ifdef SLAP_OPATTRS
r.sr_attr_flags = slap_attr_flags( o.ors_attrs );
#endif /* SLAP_OPATTRS */
(void)o.o_bd->be_search( &o, &r );
}
......@@ -629,21 +592,38 @@ cleanup:;
ldap_free_urldesc( lud );
}
rs->sr_entry = e;
rs->sr_flags = e_flags;
if ( e != rs->sr_entry ) {
rs_replace_entry( op, rs, (slap_overinst *)op->o_bd->bd_info, e );
rs->sr_flags |= REP_ENTRY_MODIFIABLE | REP_ENTRY_MUSTBEFREED;
}
return SLAP_CB_CONTINUE;
}
/* dynlist_sc_compare_entry() callback set by dynlist_compare() */
typedef struct dynlist_cc_t {
slap_callback dc_cb;
# define dc_ava dc_cb.sc_private /* attr:val to compare with */
int *dc_res;
} dynlist_cc_t;
static int
dynlist_sc_save_entry( Operation *op, SlapReply *rs )
dynlist_sc_compare_entry( Operation *op, SlapReply *rs )
{
/* save the entry in the private field of the callback,
* so it doesn't get freed (it's temporary!) */
if ( rs->sr_entry != NULL ) {
dynlist_sc_t *dlc = (dynlist_sc_t *)op->o_callback->sc_private;
dlc->dlc_e = rs->sr_entry;
rs->sr_entry = NULL;
if ( rs->sr_type == REP_SEARCH && rs->sr_entry != NULL ) {
dynlist_cc_t *dc = (dynlist_cc_t *)op->o_callback;
AttributeAssertion *ava = dc->dc_ava;
Attribute *a = attrs_find( rs->sr_entry->e_attrs, ava->aa_desc );
if ( a != NULL ) {
while ( LDAP_SUCCESS != attr_valfind( a,
SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
&ava->aa_value, NULL, op->o_tmpmemctx )
&& (a = attrs_find( a->a_next, ava->aa_desc )) != NULL )
;
*dc->dc_res = a ? LDAP_COMPARE_TRUE : LDAP_COMPARE_FALSE;
}
}
return 0;
......@@ -657,13 +637,14 @@ dynlist_compare( Operation *op, SlapReply *rs )
Operation o = *op;
Entry *e = NULL;
dynlist_map_t *dlm;
BackendDB *be;
for ( ; dli != NULL; dli = dli->dli_next ) {
for ( dlm = dli->dli_dlm; dlm; dlm = dlm->dlm_next )
if ( op->oq_compare.rs_ava->aa_desc == dlm->dlm_member_ad )
break;
if ( dli->dli_dlm && dlm ) {
if ( dlm ) {
/* This compare is for one of the attributes we're
* interested in. We'll use slapd's existing dyngroup
* evaluator to get the answer we want.
......@@ -721,12 +702,26 @@ done:;
}
}
be = select_backend( &o.o_req_ndn, 1 );
if ( !be || !be->be_search ) {
return SLAP_CB_CONTINUE;
}
if ( overlay_entry_get_ov( &o, &o.o_req_ndn, NULL, NULL, 0, &e, on ) !=
LDAP_SUCCESS || e == NULL )
{
return SLAP_CB_CONTINUE;
}
/* check for dynlist objectClass; done if not found */
dli = (dynlist_info_t *)on->on_bi.bi_private;
while ( dli != NULL && !is_entry_objectclass_or_sub( e, dli->dli_oc ) ) {
dli = dli->dli_next;
}
if ( dli == NULL ) {
goto release;
}
if ( ad_dgIdentity ) {
Attribute *id = attrs_find( e->e_attrs, ad_dgIdentity );
if ( id ) {
......@@ -750,37 +745,21 @@ done:;
}
}
dli = (dynlist_info_t *)on->on_bi.bi_private;
for ( ; dli != NULL && rs->sr_err != LDAP_COMPARE_TRUE; dli = dli->dli_next ) {
Attribute *a;
slap_callback cb;
/* generate dynamic list with dynlist_response() and compare */
{
SlapReply r = { REP_SEARCH };
dynlist_cc_t dc = { { 0, dynlist_sc_compare_entry, 0, 0 }, 0 };
AttributeName an[2];
int rc;
dynlist_sc_t dlc = { 0 };
if ( !is_entry_objectclass_or_sub( e, dli->dli_oc ))
continue;
/* if the entry has the right objectClass, generate
* the dynamic list and compare */
dlc.dlc_dli = dli;
cb.sc_private = &dlc;
cb.sc_response = dynlist_sc_save_entry;
cb.sc_cleanup = NULL;
cb.sc_next = NULL;
o.o_callback = &cb;
dc.dc_ava = op->orc_ava;
dc.dc_res = &rs->sr_err;
o.o_callback = (slap_callback *) &dc;
o.o_tag = LDAP_REQ_SEARCH;
o.ors_limit = NULL;
o.ors_tlimit = SLAP_NO_LIMIT;
o.ors_slimit = SLAP_NO_LIMIT;
o.o_bd = select_backend( &o.o_req_ndn, 1 );
if ( !o.o_bd || !o.o_bd->be_search ) {
goto release;
}
o.ors_filterstr = *slap_filterstr_objectClass_pres;
o.ors_filter = (Filter *) slap_filter_objectClass_pres;
......@@ -794,47 +773,12 @@ done:;
o.o_acl_priv = ACL_COMPARE;
rc = o.o_bd->be_search( &o, &r );
o.o_bd = be;
(void)be->be_search( &o, &r );
if ( o.o_dn.bv_val != op->o_dn.bv_val ) {
slap_op_groups_free( &o );
}
if ( rc != 0 ) {
goto release;
}
if ( dlc.dlc_e != NULL ) {
r.sr_entry = dlc.dlc_e;
}
if ( r.sr_err != LDAP_SUCCESS || r.sr_entry == NULL ) {
/* error? */
goto release;
}
for ( a = attrs_find( r.sr_entry->e_attrs, op->orc_ava->aa_desc );
a != NULL;
a = attrs_find( a->a_next, op->orc_ava->aa_desc ) )
{
/* if we're here, we got a match... */
rs->sr_err = LDAP_COMPARE_FALSE;
if ( attr_valfind( a,
SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
&op->orc_ava->aa_value, NULL, op->o_tmpmemctx ) == 0 )
{
rs->sr_err = LDAP_COMPARE_TRUE;
break;
}
}
if ( r.sr_flags & REP_ENTRY_MUSTBEFREED ) {
entry_free( r.sr_entry );
r.sr_entry = NULL;
r.sr_flags ^= REP_ENTRY_MUSTBEFREED;
}
}
release:;
......@@ -848,24 +792,18 @@ release:;
static int
dynlist_response( Operation *op, SlapReply *rs )
{
dynlist_info_t *dli;
switch ( op->o_tag ) {
case LDAP_REQ_SEARCH:
if ( rs->sr_type == REP_SEARCH && !get_manageDSAit( op ) )
{
int rc = LDAP_OTHER;
int rc = SLAP_CB_CONTINUE;
dynlist_info_t *dli = NULL;
for ( dli = dynlist_is_dynlist_next( op, rs, NULL );
dli;
dli = dynlist_is_dynlist_next( op, rs, dli ) )
{
while ( (dli = dynlist_is_dynlist_next( op, rs, dli )) != NULL ) {
rc = dynlist_prepare_entry( op, rs, dli );
}
if ( rc != LDAP_OTHER ) {
return rc;
}
return rc;
}
break;
......@@ -884,9 +822,6 @@ dynlist_response( Operation *op, SlapReply *rs )
return dynlist_compare( op, rs );
}
break;
default:
break;
}
return SLAP_CB_CONTINUE;
......@@ -915,254 +850,6 @@ dynlist_build_def_filter( dynlist_info_t *dli )
return 0;
}
#ifdef OL_2_2_COMPAT
static int
dynlist_db_config(
BackendDB *be,
const char *fname,
int lineno,
int argc,
char **argv )
{
slap_overinst *on = (slap_overinst *)be->bd_info;
int rc = 0;
if ( strcasecmp( argv[0], "dynlist-attrset" ) == 0 ) {
dynlist_info_t **dlip;
ObjectClass *oc;
AttributeDescription *ad = NULL,
*member_ad = NULL;
dynlist_map_t *dlm = NULL, *dlml = NULL;
const char *text;
if ( argc < 3 ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: " DYNLIST_USAGE
"invalid arg number #%d.\n",
fname, lineno, argc );
return 1;
}
oc = oc_find( argv[1] );
if ( oc == NULL ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: " DYNLIST_USAGE
"unable to find ObjectClass \"%s\"\n",
fname, lineno, argv[ 1 ] );
return 1;
}
rc = slap_str2ad( argv[2], &ad, &text );
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: " DYNLIST_USAGE
"unable to find AttributeDescription \"%s\"\n",
fname, lineno, argv[2] );
return 1;
}
if ( !is_at_subtype( ad->ad_type, slap_schema.si_ad_labeledURI->ad_type ) ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: " DYNLIST_USAGE
"AttributeDescription \"%s\" "
"must be a subtype of \"labeledURI\"\n",
fname, lineno, argv[2] );
return 1;
}
for ( i = 3; i < argc; i++ ) {
char *arg;
char *cp;
AttributeDescription *member_ad = NULL;
AttributeDescription *mapped_ad = NULL;
dynlist_map_t *dlmp;
/*
* If no mapped attribute is given, dn is used
* for backward compatibility.
*/
arg = argv[i];
if ( cp = strchr( arg, (int)':' ) != NULL ) {
struct berval bv;
ber_str2bv( arg, cp - arg, 0, &bv );
rc = slap_bv2ad( &bv, &mapped_ad, &text );
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
DYNLIST_USAGE
"unable to find mapped AttributeDescription \"%s\"\n",
fname, lineno, arg );
return 1;
}
arg = cp + 1;
}
rc = slap_str2ad( arg, &member_ad, &text );
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
DYNLIST_USAGE
"unable to find AttributeDescription \"%s\"\n",
fname, lineno, arg );
return 1;
}
dlmp = (dynlist_map_t *)ch_calloc( 1, sizeof( dynlist_map_t ) );
if ( dlm == NULL ) {
dlm = dlmp;
}
dlmp->dlm_member_ad = member_ad;
dlmp->dlm_mapped_ad = mapped_ad;
dlmp->dlm_next = NULL;
if ( dlml != NULL )
dlml->dlm_next = dlmp;
dlml = dlmp;
}
for ( dlip = (dynlist_info_t **)&on->on_bi.bi_private;
*dlip; dlip = &(*dlip)->dli_next )
{
/*
* The same URL attribute / member attribute pair
* cannot be repeated, but we enforce this only
* when the member attribute is unique. Performing
* the check for multiple values would require
* sorting and comparing the lists, which is left
* as a future improvement
*/
if ( (*dlip)->dli_ad == ad &&
(*dlip)->dli_dlm->dlm_next == NULL &&
dlm->dlm_next == NULL &&
dlm->dlm_member_ad == (*dlip)->dli_dlm->dlm_member_ad &&
dlm->dlm_mapped_ad == (*dlip)->dli_dlm->dlm_mapped_ad ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
DYNLIST_USAGE
"URL attributeDescription \"%s\" already mapped.\n",
fname, lineno, ad->ad_cname.bv_val );
#if 0
/* make it a warning... */
return 1;
#endif
}
}
*dlip = (dynlist_info_t *)ch_calloc( 1, sizeof( dynlist_info_t ) );
(*dlip)->dli_oc = oc;
(*dlip)->dli_ad = ad;
(*dlip)->dli_dlm = dlm;
if ( dynlist_build_def_filter( *dlip ) ) {
dynlist_map_t *dlm = (*dlip)->ldi_dlm;
dynlist_map_t *dlm_next;
while ( dlm != NULL ) {
dlm_next = dlm->dlm_next;
ch_free( dlm );
dlm = dlm_next;
}
ch_free( *dlip );
*dlip = NULL;
return 1;
}
/* allow dyngroup syntax */
} else if ( strcasecmp( argv[0], "dynlist-attrpair" ) == 0 ) {
dynlist_info_t **dlip;
ObjectClass *oc;
AttributeDescription *ad = NULL,
*member_ad = NULL;
const char *text;
if ( argc != 3 ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"\"dynlist-attrpair <member-ad> <URL-ad>\": "
"invalid arg number #%d.\n",
fname, lineno, argc );
return 1;
}
oc = oc_find( "groupOfURLs" );
if ( oc == NULL ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"\"dynlist-attrpair <member-ad> <URL-ad>\": "
"unable to find default ObjectClass \"groupOfURLs\"\n",
fname, lineno, 0 );
return 1;
}
rc = slap_str2ad( argv[1], &member_ad, &text );
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"\"dynlist-attrpair <member-ad> <URL-ad>\": "
"unable to find AttributeDescription \"%s\"\n",
fname, lineno, argv[1] );
return 1;
}
rc = slap_str2ad( argv[2], &ad, &text );
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"\"dynlist-attrpair <member-ad> <URL-ad>\": "
"unable to find AttributeDescription \"%s\"\n",
fname, lineno, argv[2] );
return 1;
}
if ( !is_at_subtype( ad->ad_type, slap_schema.si_ad_labeledURI->ad_type ) ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"\"dynlist-attrpair <member-ad> <URL-ad>\": "
"AttributeDescription \"%s\" "
"must be a subtype of \"labeledURI\"\n",
fname, lineno, argv[2] );
return 1;
}
for ( dlip = (dynlist_info_t **)&on->on_bi.bi_private;
*dlip; dlip = &(*dlip)->dli_next )
{
/*
* The same URL attribute / member attribute pair
* cannot be repeated, but we enforce this only
* when the member attribute is unique. Performing
* the check for multiple values would require
* sorting and comparing the lists, which is left
* as a future improvement
*/
if ( (*dlip)->dli_ad == ad &&
(*dlip)->dli_dlm->dlm_next == NULL &&
member_ad == (*dlip)->dli_dlm->dlm_member_ad ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"\"dynlist-attrpair <member-ad> <URL-ad>\": "
"URL attributeDescription \"%s\" already mapped.\n",
fname, lineno, ad->ad_cname.bv_val );
#if 0
/* make it a warning... */
return 1;
#endif
}
}
*dlip = (dynlist_info_t *)ch_calloc( 1, sizeof( dynlist_info_t ) );
(*dlip)->dli_oc = oc;
(*dlip)->dli_ad = ad;
(*dlip)->dli_dlm = (dynlist_map_t *)ch_calloc( 1, sizeof( dynlist_map_t ) );
(*dlip)->dli_dlm->dlm_member_ad = member_ad;
(*dlip)->dli_dlm->dlm_mapped_ad = NULL;
if ( dynlist_build_def_filter( *dlip ) ) {
ch_free( (*dlip)->dli_dlm );
ch_free( *dlip );
*dlip = NULL;
return 1;
}
} else {
rc = SLAP_CONF_UNKNOWN;
}
return rc;
}
#else
enum {
DL_ATTRSET = 1,
DL_ATTRPAIR,
......@@ -1699,7 +1386,6 @@ done_uri:;
return rc;
}
#endif
static int
dynlist_db_open(
......@@ -1843,9 +1529,7 @@ static
int
dynlist_initialize(void)
{
#ifndef OL_2_2_COMPAT
<