Add whoami extended operation.

Add no-op control (needs backend implementation) Updated modify password extended option API Kludged control infrastructure to support frontend only controls
2025-02-17 14:00:30 +08:00 · 2002-01-28 20:25:30 +00:00 · 2002-01-28 20:25:30 +00:00 · 14662be692
commit 14662be692
parent 97e29c023e
15 changed files with 133 additions and 47 deletions
--- a/clients/tools/ldappasswd.c
+++ b/clients/tools/ldappasswd.c
@ -662,19 +662,19 @@ main( int argc, char *argv[] )

 		if( user != NULL ) {
 			ber_printf( ber, "ts",
-				LDAP_TAG_EXOP_X_MODIFY_PASSWD_ID, user );
+				LDAP_TAG_EXOP_MODIFY_PASSWD_ID, user );
 			free(user);
 		}

 		if( oldpw != NULL ) {
 			ber_printf( ber, "ts",
-				LDAP_TAG_EXOP_X_MODIFY_PASSWD_OLD, oldpw );
+				LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, oldpw );
 			free(oldpw);
 		}

 		if( newpw != NULL ) {
 			ber_printf( ber, "ts",
-				LDAP_TAG_EXOP_X_MODIFY_PASSWD_NEW, newpw );
+				LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, newpw );
 			free(newpw);
 		}

@ -697,7 +697,7 @@ main( int argc, char *argv[] )
 	}

 	rc = ldap_extended_operation( ld,
-		LDAP_EXOP_X_MODIFY_PASSWD, bv, 
+		LDAP_EXOP_MODIFY_PASSWD, bv, 
 		NULL, NULL, &id );

 	ber_bvfree( bv );
--- a/include/ldap.h
+++ b/include/ldap.h
@ -180,23 +180,22 @@ typedef struct ldapcontrol {

 /* LDAP Controls */

-#ifdef undef
+#if 0
 	/* chase referrals client control (not yet implemented)  */
 #define LDAP_CONTROL_REFERRALS	"1.2.840.113666.1.4.616"
 #define LDAP_CHASE_SUBORDINATE_REFERRALS	0x0020U
 #define LDAP_CHASE_EXTERNAL_REFERRALS	0x0040U
 #endif

-#define LDAP_CONTROL_SUBENTRIES "1.3.6.1.4.1.4203.666.5.1"
-#define LDAP_CONTROL_MANAGEDSAIT "2.16.840.1.113730.3.4.2"
+#define LDAP_CONTROL_MANAGEDSAIT	"2.16.840.1.113730.3.4.2"
+#define LDAP_CONTROL_SUBENTRIES		"1.3.6.1.4.1.4203.666.5.1"
+#define LDAP_CONTROL_NOOP			"1.3.6.1.4.1.4203.666.5.2"

 #define LDAP_CONTROL_DUPENT_REQUEST		"2.16.840.1.113719.1.27.101.1"
 #define LDAP_CONTROL_DUPENT_RESPONSE	"2.16.840.1.113719.1.27.101.2"
 #define LDAP_CONTROL_DUPENT_ENTRY		"2.16.840.1.113719.1.27.101.3"
 #define LDAP_CONTROL_DUPENT	LDAP_CONTROL_DUPENT_REQUEST

-/* Experimental Controls */
-
 #define LDAP_CONTROL_SORTREQUEST    "1.2.840.113556.1.4.473"
 #define LDAP_CONTROL_SORTRESPONSE	"1.2.840.113556.1.4.474"
 #define LDAP_CONTROL_VLVREQUEST    	"2.16.840.1.113730.3.4.9"
@ -207,13 +206,15 @@ typedef struct ldapcontrol {
 #define LDAP_NOTICE_DISCONNECT LDAP_NOTICE_OF_DISCONNECTION

 /* LDAP Extended Operations */
-#define LDAP_EXOP_START_TLS "1.3.6.1.4.1.1466.20037"
+#define LDAP_EXOP_START_TLS	"1.3.6.1.4.1.1466.20037"

-#define LDAP_EXOP_X_MODIFY_PASSWD "1.3.6.1.4.1.4203.1.11.1"
-#define LDAP_TAG_EXOP_X_MODIFY_PASSWD_ID	((ber_tag_t) 0x80U)
-#define LDAP_TAG_EXOP_X_MODIFY_PASSWD_OLD	((ber_tag_t) 0x81U)
-#define LDAP_TAG_EXOP_X_MODIFY_PASSWD_NEW	((ber_tag_t) 0x82U)
-#define LDAP_TAG_EXOP_X_MODIFY_PASSWD_GEN	((ber_tag_t) 0x80U)
+#define LDAP_EXOP_MODIFY_PASSWD	"1.3.6.1.4.1.4203.1.11.1"
+#define LDAP_TAG_EXOP_MODIFY_PASSWD_ID	((ber_tag_t) 0x80U)
+#define LDAP_TAG_EXOP_MODIFY_PASSWD_OLD	((ber_tag_t) 0x81U)
+#define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW	((ber_tag_t) 0x82U)
+#define LDAP_TAG_EXOP_MODIFY_PASSWD_GEN	((ber_tag_t) 0x80U)
+
+#define LDAP_EXOP_X_WHO_AM_I	"1.3.6.1.4.1.4203.666.6.2"

 /*
 * specific LDAP instantiations of BER types we know about
--- a/servers/slapd/ad.c
+++ b/servers/slapd/ad.c
@ -102,7 +102,6 @@ int slap_bv2ad(
 	AttributeDescription desc, *d2;
 	char *name, *options;
 	char *opt, *next;
-	char *s, *ptr;
 	int nlang;
 	int langlen;

@ -201,14 +200,15 @@ int slap_bv2ad(
 				int rc;

 				rc = strncasecmp( opt, langs[i].bv_val,
-					optlen < langs[i].bv_len ? optlen : langs[i].bv_len );
+					(unsigned) optlen < langs[i].bv_len
+						? optlen : langs[i].bv_len );

-				if( rc == 0 && optlen == langs[i].bv_len ) {
+				if( rc == 0 && (unsigned)optlen == langs[i].bv_len ) {
 					/* duplicate (ignore) */
 					goto done;

 				} else if ( rc > 0 ||
-					( rc == 0 && optlen > langs[i].bv_len ))
+					( rc == 0 && (unsigned)optlen > langs[i].bv_len ))
 				{
 					AC_MEMCPY( &langs[i+1], &langs[i],
 						(nlang-i)*sizeof(struct berval) );
--- a/servers/slapd/back-bdb/add.c
+++ b/servers/slapd/back-bdb/add.c
@ -64,8 +64,8 @@ bdb_add(
 	}

 	if( 0 ) {
-retry:          /* transaction retry */
-                rc = txn_abort( ltid );
+retry:	/* transaction retry */
+		rc = txn_abort( ltid );
 		ltid = NULL;
 		op->o_private = NULL;
 		if( rc != 0 ) {
--- a/servers/slapd/back-bdb/back-bdb.h
+++ b/servers/slapd/back-bdb/back-bdb.h
@ -122,7 +122,7 @@ struct bdb_info {
 	int		bi_nrdns;
 #endif

-	int		bi_txn;
+	int			bi_txn;
 	int			bi_txn_cp;
 	u_int32_t	bi_txn_cp_min;
 	u_int32_t	bi_txn_cp_kbyte;
--- a/servers/slapd/back-bdb/extended.c
+++ b/servers/slapd/back-bdb/extended.c
@ -17,7 +17,7 @@ static struct exop {
 	char *oid;
 	BI_op_extended	*extended;
 } exop_table[] = {
-	{ LDAP_EXOP_X_MODIFY_PASSWD, bdb_exop_passwd },
+	{ LDAP_EXOP_MODIFY_PASSWD, bdb_exop_passwd },
 	{ NULL, NULL }
 };

--- a/servers/slapd/back-bdb/init.c
+++ b/servers/slapd/back-bdb/init.c
@ -411,6 +411,9 @@ bdb_initialize(
 	static char *controls[] = {
 		LDAP_CONTROL_MANAGEDSAIT,
 		LDAP_CONTROL_SUBENTRIES,
+#if 0
+		LDAP_CONTROL_NOOP,
+#endif
 		NULL
 	};

--- a/servers/slapd/back-bdb/passwd.c
+++ b/servers/slapd/back-bdb/passwd.c
@ -41,7 +41,7 @@ bdb_exop_passwd(
 	struct berval *dn;

 	assert( reqoid != NULL );
-	assert( strcmp( LDAP_EXOP_X_MODIFY_PASSWD, reqoid ) == 0 );
+	assert( strcmp( LDAP_EXOP_MODIFY_PASSWD, reqoid ) == 0 );

 	rc = slap_passwd_parse( reqdata,
 		&id, NULL, &new, text );
--- a/servers/slapd/back-ldbm/extended.c
+++ b/servers/slapd/back-ldbm/extended.c
@ -20,7 +20,7 @@ struct exop {
 	char *oid;
 	BI_op_extended	*extended;
 } exop_table[] = {
-	{ LDAP_EXOP_X_MODIFY_PASSWD, ldbm_back_exop_passwd },
+	{ LDAP_EXOP_MODIFY_PASSWD, ldbm_back_exop_passwd },
 	{ NULL, NULL }
 };

--- a/servers/slapd/back-ldbm/passwd.c
+++ b/servers/slapd/back-ldbm/passwd.c
@ -42,7 +42,7 @@ ldbm_back_exop_passwd(
 	struct berval ndn;

 	assert( reqoid != NULL );
-	assert( strcmp( LDAP_EXOP_X_MODIFY_PASSWD, reqoid ) == 0 );
+	assert( strcmp( LDAP_EXOP_MODIFY_PASSWD, reqoid ) == 0 );

 	rc = slap_passwd_parse( reqdata,
 		&id, NULL, &new, text );
--- a/servers/slapd/controls.c
+++ b/servers/slapd/controls.c
@ -19,15 +19,18 @@

 #include "../../libraries/liblber/lber-int.h"

-#define SLAP_CTRL_ABANDON	0x0001
-#define SLAP_CTRL_ADD		0x2002
-#define SLAP_CTRL_BIND		0x0004
-#define SLAP_CTRL_COMPARE	0x1008
-#define SLAP_CTRL_DELETE	0x2010
-#define SLAP_CTRL_MODIFY	0x2020
-#define SLAP_CTRL_RENAME	0x2040
-#define SLAP_CTRL_SEARCH	0x1080
-#define SLAP_CTRL_UNBIND	0x0100
+#define SLAP_CTRL_FRONTEND	0x80000000U
+
+#define SLAP_CTRL_OPFLAGS	0x0000FFFFU
+#define SLAP_CTRL_ABANDON	0x00000001U
+#define SLAP_CTRL_ADD		0x00002002U
+#define SLAP_CTRL_BIND		0x00000004U
+#define SLAP_CTRL_COMPARE	0x00001008U
+#define SLAP_CTRL_DELETE	0x00002010U
+#define SLAP_CTRL_MODIFY	0x00002020U
+#define SLAP_CTRL_RENAME	0x00002040U
+#define SLAP_CTRL_SEARCH	0x00001080U
+#define SLAP_CTRL_UNBIND	0x00000100U

 #define SLAP_CTRL_INTROGATE	(SLAP_CTRL_COMPARE|SLAP_CTRL_SEARCH)
 #define SLAP_CTRL_UPDATE \
@ -42,10 +45,11 @@ typedef int (SLAP_CTRL_PARSE_FN) LDAP_P((

 static SLAP_CTRL_PARSE_FN parseManageDSAit;
 static SLAP_CTRL_PARSE_FN parseSubentries;
+static SLAP_CTRL_PARSE_FN parseNoOp;

 static struct slap_control {
 	char *sc_oid;
-	int sc_ops_mask;
+	slap_mask_t sc_mask;
 	char **sc_extendedops;
 	SLAP_CTRL_PARSE_FN *sc_parse;

@ -56,6 +60,11 @@ static struct slap_control {
 	{ LDAP_CONTROL_SUBENTRIES,
 		SLAP_CTRL_SEARCH, NULL,
 		parseSubentries },
+#ifdef LDAP_CONTROL_NOOP
+	{ LDAP_CONTROL_NOOP,
+		SLAP_CTRL_UPDATE, NULL,
+		parseNoOp },
+#endif
 	{ NULL }
 };

@ -248,7 +257,7 @@ int get_ctrls(
 		c = find_ctrl( tctrl->ldctl_oid );
 		if( c != NULL ) {
 			/* recongized control */
-			int tagmask = -1;
+			slap_mask_t tagmask;
 			switch( op->o_tag ) {
 			case LDAP_REQ_ADD:
 				tagmask = SLAP_CTRL_ADD;
@ -276,7 +285,7 @@ int get_ctrls(
 				break;
 			case LDAP_REQ_EXTENDED:
 				/* FIXME: check list of extended operations */
-				tagmask = -1;
+				tagmask = ~0U;
 				break;
 			default:
 				rc = LDAP_OTHER;
@ -284,7 +293,7 @@ int get_ctrls(
 				goto return_results;
 			}

-			if (( c->sc_ops_mask & tagmask ) == tagmask ) {
+			if (( c->sc_mask & tagmask ) == tagmask ) {
 				/* available extension */

 				if( !c->sc_parse ) {
@ -297,6 +306,11 @@ int get_ctrls(

 				if( rc != LDAP_SUCCESS ) goto return_results;

+				if( c->sc_mask & SLAP_CTRL_FRONTEND ) {
+					/* kludge to disable backend_control() check */
+					tctrl->ldctl_iscritical = 0;
+				}
+
 			} else if( tctrl->ldctl_iscritical ) {
 				/* unavailable CRITICAL control */
 				rc = LDAP_UNAVAILABLE_CRITICAL_EXTENSION;
@ -387,3 +401,27 @@ static int parseSubentries (

 	return LDAP_SUCCESS;
 }
+
+static int parseNoOp (
+	Connection *conn,
+	Operation *op,
+	LDAPControl *ctrl,
+	const char **text )
+{
+	if ( op->o_noop != SLAP_NO_CONTROL ) {
+		*text = "noop control specified multiple times";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	if ( ctrl->ldctl_value.bv_len ) {
+		*text = "noop control value not empty";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	op->o_noop = ctrl->ldctl_iscritical
+		? SLAP_CRITICAL_CONTROL
+		: SLAP_NONCRITICAL_CONTROL;
+
+	return LDAP_SUCCESS;
+}
+
--- a/servers/slapd/extended.c
+++ b/servers/slapd/extended.c
@ -29,6 +29,7 @@

 #include <stdio.h>
 #include <ac/socket.h>
+#include <ac/string.h>

 #include "slap.h"

@ -38,6 +39,8 @@ static struct extop_list {
 	SLAP_EXTOP_MAIN_FN *ext_main;
 } *supp_ext_list = NULL;

+static SLAP_EXTOP_MAIN_FN whoami_extop;
+
 /* this list of built-in extops is for extops that are not part
 * of backends or in external modules.	essentially, this is
 * just a way to get built-in extops onto the extop list without
@ -50,7 +53,8 @@ static struct {
 #ifdef HAVE_TLS
 	{ LDAP_EXOP_START_TLS, starttls_extop },
 #endif
-	{ LDAP_EXOP_X_MODIFY_PASSWD, passwd_extop },
+	{ LDAP_EXOP_MODIFY_PASSWD, passwd_extop },
+	{ LDAP_EXOP_X_WHO_AM_I, whoami_extop },
 	{ NULL, NULL }
 };

@ -214,8 +218,9 @@ do_extended(
 		free( rspoid );
 	}

-	if ( rspdata != NULL )
+	if ( rspdata != NULL ) {
 		ber_bvfree( rspdata );
+	}

 done:
 	if ( reqdata != NULL ) {
@ -293,3 +298,42 @@ find_extop( struct extop_list *list, char *oid )
 	}
 	return(NULL);
 }
+
+
+int
+whoami_extop (
+	Connection *conn,
+	Operation *op,
+	const char * reqoid,
+	struct berval * reqdata,
+	char ** rspoid,
+	struct berval ** rspdata,
+	LDAPControl ***rspctrls,
+	const char ** text,
+	BerVarray * refs )
+{
+	struct berval *bv;
+
+	if ( reqdata != NULL ) {
+		/* no request data should be provided */
+		*text = "no request data expected";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	bv = (struct berval *) ch_malloc( sizeof(struct berval) );
+	if( op->o_dn.bv_len ) {
+		bv->bv_len = op->o_dn.bv_len + sizeof("dn:")-1;
+		bv->bv_val = ch_malloc( bv->bv_len + 1 );
+		AC_MEMCPY( bv->bv_val, "dn:", sizeof("dn:")-1 );
+		AC_MEMCPY( &bv->bv_val[sizeof("dn:")-1], op->o_dn.bv_val,
+			op->o_dn.bv_len );
+		bv->bv_val[bv->bv_len] = '\0';
+
+	} else {
+		bv->bv_len = 0;
+		bv->bv_val = NULL;
+	}
+
+	*rspdata = bv;
+	return LDAP_SUCCESS;
+}
--- a/servers/slapd/passwd.c
+++ b/servers/slapd/passwd.c
@ -31,7 +31,7 @@ int passwd_extop(
 	int rc;

 	assert( reqoid != NULL );
-	assert( strcmp( LDAP_EXOP_X_MODIFY_PASSWD, reqoid ) == 0 );
+	assert( strcmp( LDAP_EXOP_MODIFY_PASSWD, reqoid ) == 0 );

 	if( op->o_dn.bv_len == 0 ) {
 		*text = "only authenticated users may change passwords";
@ -101,7 +101,7 @@ int slap_passwd_parse( struct berval *reqdata,
 		tag = ber_peek_tag( ber, &len );
 	}

-	if( tag == LDAP_TAG_EXOP_X_MODIFY_PASSWD_ID ) {
+	if( tag == LDAP_TAG_EXOP_MODIFY_PASSWD_ID ) {
 		if( id == NULL ) {
 #ifdef NEW_LOGGING
 			LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
@ -133,7 +133,7 @@ int slap_passwd_parse( struct berval *reqdata,
 		tag = ber_peek_tag( ber, &len);
 	}

-	if( tag == LDAP_TAG_EXOP_X_MODIFY_PASSWD_OLD ) {
+	if( tag == LDAP_TAG_EXOP_MODIFY_PASSWD_OLD ) {
 		if( oldpass == NULL ) {
 #ifdef NEW_LOGGING
 			LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
@ -165,7 +165,7 @@ int slap_passwd_parse( struct berval *reqdata,
 		tag = ber_peek_tag( ber, &len);
 	}

-	if( tag == LDAP_TAG_EXOP_X_MODIFY_PASSWD_NEW ) {
+	if( tag == LDAP_TAG_EXOP_MODIFY_PASSWD_NEW ) {
 		if( newpass == NULL ) {
 #ifdef NEW_LOGGING
 			LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
@ -257,7 +257,7 @@ struct berval * slap_passwd_return(
 	ber_init_w_nullc( ber, LBER_USE_DER );

 	rc = ber_printf( ber, "{tON}",
-		LDAP_TAG_EXOP_X_MODIFY_PASSWD_GEN, cred );
+		LDAP_TAG_EXOP_MODIFY_PASSWD_GEN, cred );

 	if( rc >= 0 ) {
 		(void) ber_flatten( ber, &bv );
--- a/servers/slapd/sasl.c
+++ b/servers/slapd/sasl.c
@ -704,7 +704,6 @@ int slap_sasl_bind(
 			rc = slap_sasl_getdn( conn, username, edn, FLAG_GETDN_FINAL );

 			if( rc == LDAP_SUCCESS ) {
-				int i;
 				sasl_ssf_t *ssf = NULL;
 				(void) sasl_getprop( ctx, SASL_SSF, (void *)&ssf );
 				*ssfp = ssf ? *ssf : 0;
--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@ -1409,6 +1409,7 @@ typedef struct slap_op {
 	char o_managedsait;
 	char o_subentries;
 	char o_subentries_visibility;
+	char o_noop;

 	int		o_abandon;	/* abandon flag */
 	ldap_pvt_thread_mutex_t	o_abandonmutex; /* protects o_abandon  */