Updated sasl response to support returning of referrals.

Updates to extended operation framework to support arbitrary
referrals and extended results without OIDs.
Updated passwd extended operation to support returning update_refs
as needed.  Needs replog support.

servers/slapd/back-ldbm/extended.c

@@ -29,20 +29,23 @@ ldbm_back_extended(
     Backend		*be,
     Connection		*conn,
     Operation		*op,
-	char		*oid,
+	char		*reqoid,
     struct berval	*reqdata,
+	char		**rspoid,
     struct berval	**rspdata,
 	LDAPControl *** rspctrls,
-	char**	text
+	char**	text,
+    struct berval *** refs 
 )
 {
 	int i;
 
 	for( i=0; exop_table[i].oid != NULL; i++ ) {
-		if( strcmp( exop_table[i].oid, oid ) == 0 ) {
+		if( strcmp( exop_table[i].oid, reqoid ) == 0 ) {
 			return (exop_table[i].extended)(
-				be, conn, op, oid,
+				be, conn, op,
-				reqdata, rspdata, rspctrls, text );
+				reqoid, reqdata,
+				rspoid, rspdata, rspctrls, text, refs );
 		}
 	}
 

servers/slapd/back-ldbm/external.h

@@ -26,9 +26,11 @@ extern int ldbm_back_extended LDAP_P(( BackendDB *bd,
 	Connection *conn, Operation *op,
 	char *reqoid,
 	struct berval *reqdata,
+	char **rspoid,
 	struct berval **rspdata,
 	LDAPControl *** rspctrls,
-	char **text ));
+	char **text,
+	struct berval *** refs ));
 
 extern int ldbm_back_bind LDAP_P(( BackendDB *bd,
 	Connection *conn, Operation *op,

servers/slapd/back-ldbm/passwd.c

@@ -21,11 +21,13 @@ ldbm_back_exop_passwd(
     Backend		*be,
     Connection		*conn,
     Operation		*op,
-	char		*oid,
+	char		*reqoid,
     struct berval	*reqdata,
+	char		**rspoid,
     struct berval	**rspdata,
 	LDAPControl *** rspctrls,
-	char**	text
+	char**	text,
+    struct berval	*** refs
 )
 {
 	struct ldbminfo *li = (struct ldbminfo *) be->be_private;
@@ -38,8 +40,8 @@ ldbm_back_exop_passwd(
 
 	char *dn;
 
-	assert( oid != NULL );
+	assert( reqoid != NULL );
-	assert( strcmp( LDAP_EXOP_X_MODIFY_PASSWD, oid ) == 0 );
+	assert( strcmp( LDAP_EXOP_X_MODIFY_PASSWD, reqoid ) == 0 );
 
 	rc = slap_passwd_parse( reqdata,
 		&id, NULL, &new, text );

servers/slapd/back-ldbm/proto-back-ldbm.h

@@ -148,11 +148,13 @@ int index_change_values LDAP_P(( Backend *be,
  */
 extern int ldbm_back_exop_passwd LDAP_P(( BackendDB *bd,
 	Connection *conn, Operation *op,
-	char *oid,
+	char *reqoid,
 	struct berval *reqdata,
+	char **rspoid,
 	struct berval **rspdata,
 	LDAPControl ***rspctrls,
-	char **text ));
+	char **text,
+	struct berval *** refs ));
  
 
 /*

servers/slapd/extended.c

@@ -86,19 +86,20 @@ do_extended(
 )
 {
 	int rc = LDAP_SUCCESS;
-	char* oid;
+	char* reqoid;
 	struct berval *reqdata;
 	ber_tag_t tag;
 	ber_len_t len;
 	extop_list_t *ext;
 	char *text;
 	struct berval **refs;
+	char *rspoid;
 	struct berval *rspdata;
 	LDAPControl **rspctrls;
 
 	Debug( LDAP_DEBUG_TRACE, "do_extended\n", 0, 0, 0 );
 
-	oid = NULL;
+	reqoid = NULL;
 	reqdata = NULL;
 
 	if( op->o_protocol < LDAP_VERSION3 ) {
@@ -110,7 +111,7 @@ do_extended(
 		goto done;
 	}
 
-	if ( ber_scanf( op->o_ber, "{a" /*}*/, &oid ) == LBER_ERROR ) {
+	if ( ber_scanf( op->o_ber, "{a" /*}*/, &reqoid ) == LBER_ERROR ) {
 		Debug( LDAP_DEBUG_ANY, "do_extended: ber_scanf failed\n", 0, 0 ,0 );
 		send_ldap_disconnect( conn, op,
 			LDAP_PROTOCOL_ERROR, "decoding error" );
@@ -118,9 +119,9 @@ do_extended(
 		goto done;
 	}
 
-	if( !(ext = find_extop(supp_ext_list, oid)) ) {
+	if( !(ext = find_extop(supp_ext_list, reqoid)) ) {
 		Debug( LDAP_DEBUG_ANY, "do_extended: unsupported operation \"%s\"\n",
-			oid, 0 ,0 );
+			reqoid, 0 ,0 );
 		send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
 			NULL, "unsupported extended operation", NULL, NULL );
 		goto done;
@@ -143,22 +144,29 @@ do_extended(
 		return rc;
 	} 
 
-	Debug( LDAP_DEBUG_ARGS, "do_extended: oid=%s\n", oid, 0 ,0 );
+	Debug( LDAP_DEBUG_ARGS, "do_extended: oid=%s\n", reqoid, 0 ,0 );
 
+	rspoid = NULL;
 	rspdata = NULL;
 	rspctrls = NULL;
 	text = NULL;
+	refs = NULL;
 
 	rc = (ext->ext_main)( extop_callback, conn, op,
-		oid, reqdata, &rspdata, &rspctrls, &text );
+		reqoid, reqdata,
+		&rspoid, &rspdata, &rspctrls, &text, &refs );
 
 	if( rc != SLAPD_ABANDON ) {
-		refs = NULL;
+		if (rc == LDAP_REFERRAL) {
-		if (rc == LDAP_REFERRAL)
 			refs = default_referral;
+		}
 
-		send_ldap_extended( conn, op, rc, NULL, text,
+		send_ldap_extended( conn, op, rc, NULL, text, refs,
-			refs, oid, rspdata, rspctrls );
+			rspoid, rspdata, rspctrls );
+	}
+
+	if ( rspoid != NULL ) {
+		free( rspoid );
 	}
 
 	if ( rspdata != NULL )
@@ -171,8 +179,8 @@ done:
 	if ( reqdata != NULL ) {
 		ber_bvfree( reqdata );
 	}
-	if ( oid != NULL ) {
+	if ( reqoid != NULL ) {
-		free( oid );
+		free( reqoid );
 	}
 
 	return rc;

servers/slapd/passwd.c

@@ -20,28 +20,43 @@
 
 int passwd_extop(
 	SLAP_EXTOP_CALLBACK_FN ext_callback,
-	Connection *conn, Operation *op, char *oid,
+	Connection *conn, Operation *op,
+	char *reqoid,
 	struct berval *reqdata,
+	char **rspoid,
 	struct berval **rspdata,
 	LDAPControl ***rspctrls,
-	char **text )
+	char **text,
+	struct berval ***refs )
 {
 	int rc;
 
-	assert( oid != NULL );
+	assert( reqoid != NULL );
-	assert( strcmp( LDAP_EXOP_X_MODIFY_PASSWD, oid ) == 0 );
+	assert( strcmp( LDAP_EXOP_X_MODIFY_PASSWD, reqoid ) == 0 );
 
 	if( op->o_dn == NULL || op->o_dn[0] == '\0' ) {
 		*text = ch_strdup("only authenicated users may change passwords");
 		return LDAP_STRONG_AUTH_REQUIRED;
 	}
 
-	if( conn->c_authz_backend != NULL &&
+	if( conn->c_authz_backend != NULL && conn->c_authz_backend->be_extended )
-		conn->c_authz_backend->be_extended )
 	{
-		rc = conn->c_authz_backend->be_extended(
+		if( global_readonly || conn->c_authz_backend->be_readonly ) {
-			conn->c_authz_backend,
+			*text = ch_strdup("authorization database is read only");
-			conn, op, oid, reqdata, rspdata, rspctrls, text );
+			rc = LDAP_UNWILLING_TO_PERFORM;
+
+		} else if( conn->c_authz_backend->be_update_ndn != NULL ) {
+			/* we SHOULD return a referral in this case */
+			*refs = conn->c_authz_backend->be_update_refs;
+			rc = LDAP_REFERRAL;
+
+		} else {
+			rc = conn->c_authz_backend->be_extended(
+				conn->c_authz_backend, conn, op,
+				reqoid, reqdata,
+				rspoid, rspdata, rspctrls,
+				text, refs );
+		}
 
 	} else {
 		*text = ch_strdup("operation not supported for current user");

servers/slapd/proto-slap.h

@@ -256,11 +256,13 @@ typedef int (*SLAP_EXTOP_CALLBACK_FN) LDAP_P((
 typedef int (*SLAP_EXTOP_MAIN_FN) LDAP_P((
 	SLAP_EXTOP_CALLBACK_FN,
 	Connection *conn, Operation *op,
-	char * oid,
+	char * reqoid,
 	struct berval * reqdata,
+	char ** rspoid,
 	struct berval ** rspdata,
 	LDAPControl *** rspctrls,
-	char ** text ));
+	char ** text,
+	struct berval *** refs ));
 
 typedef int (*SLAP_EXTOP_GETOID_FN) LDAP_P((
 	int index, char *oid, int blen ));
@@ -377,6 +379,7 @@ LIBSLAPD_F (void) send_ldap_sasl LDAP_P((
 	Connection *conn, Operation *op,
 	ber_int_t err, const char *matched,
 	const char *text,
+	struct berval **refs,
 	LDAPControl **ctrls,
 	struct berval *cred ));
 
@@ -391,6 +394,11 @@ LIBSLAPD_F (void) send_ldap_extended LDAP_P((
 	char *rspoid, struct berval *rspdata,
 	LDAPControl **ctrls ));
 
+LIBSLAPD_F (void) send_ldap_partial LDAP_P((
+	Connection *conn, Operation *op,
+	char *rspoid, struct berval *rspdata,
+	LDAPControl **ctrls ));
+
 LIBSLAPD_F (void) send_search_result LDAP_P((
 	Connection *conn, Operation *op,
 	ber_int_t err, const char *matched, const char *text,
@@ -465,11 +473,13 @@ LIBSLAPD_F (int) dscompare LDAP_P(( const char *s1, const char *s2del, char deli
 LIBSLAPD_F (int) starttls_extop LDAP_P((
 	SLAP_EXTOP_CALLBACK_FN,
 	Connection *conn, Operation *op,
-	char * oid,
+	char * reqoid,
 	struct berval * reqdata,
+	char ** rspoid,
 	struct berval ** rspdata,
 	LDAPControl ***rspctrls,
-	char ** text ));
+	char ** text,
+	struct berval *** refs ));
 
 
 /*
@@ -506,11 +516,13 @@ LIBSLAPD_F (void) slap_init_user LDAP_P(( char *username, char *groupname ));
 LIBSLAPD_F (int) passwd_extop LDAP_P((
 	SLAP_EXTOP_CALLBACK_FN,
 	Connection *conn, Operation *op,
-	char * oid,
+	char * reqoid,
 	struct berval * reqdata,
+	char ** rspoid,
 	struct berval ** rspdata,
 	LDAPControl *** rspctrls,
-	char ** text ));
+	char ** text,
+	struct berval *** refs ));
 
 LIBSLAPD_F (int) slap_passwd_check(
 	Attribute			*attr,

servers/slapd/result.c

@@ -457,6 +457,7 @@ send_ldap_sasl(
     ber_int_t	err,
     const char	*matched,
     const char	*text,
+	struct berval **ref,
 	LDAPControl **ctrls,
 	struct berval *cred
 )
@@ -482,7 +483,7 @@ send_ldap_sasl(
 #endif
 
 	send_ldap_response( conn, op, tag, msgid,
-		err, matched, text, NULL,
+		err, matched, text, ref,
 		NULL, NULL, cred, ctrls  );
 }
 

servers/slapd/slap.h

@@ -535,11 +535,13 @@ typedef int (*SLAP_EXTENDED_FN) LDAP_P((
     Backend		*be,
     struct slap_conn		*conn,
     struct slap_op		*op,
-	char		*oid,
+	char		*reqoid,
     struct berval * reqdata,
+	char		**rspoid,
     struct berval ** rspdata,
-	LDAPControl ***rspctrls,
+	LDAPControl *** rspctrls,
-	char**	text ));
+	char **	text,
+	struct berval *** refs ));
 
 struct slap_backend_info {
 	char	*bi_type;	/* type of backend */

servers/slapd/starttls.c

@@ -23,11 +23,13 @@ starttls_extop (
 	SLAP_EXTOP_CALLBACK_FN cb,
 	Connection *conn,
 	Operation *op,
-	char * oid,
+	char * reqoid,
 	struct berval * reqdata,
+	char ** rspoid,
 	struct berval ** rspdata,
 	LDAPControl ***rspctrls,
-	char ** text )
+	char ** text,
+	struct berval *** refs )
 {
 	void *ctx;
 

servers/slapd/tools/mimic.c

@@ -62,6 +62,7 @@ send_ldap_sasl(
     ber_int_t	err,
     const char	*matched,
     const char	*text,
+	struct berval **refs,
 	LDAPControl **ctrls,
 	struct berval *cred
 )