ITS#8714 Send out EXTENDED operation message from back-sock

This commit is contained in:
Michael Ströder 2017-09-05 15:52:34 +02:00 committed by Howard Chu
parent bb62d9cb73
commit b65e0b5731
6 changed files with 113 additions and 6 deletions

View File

@ -49,7 +49,7 @@ be sent and from which replies are received.
When used as an overlay, these additional directives are defined: When used as an overlay, these additional directives are defined:
.TP .TP
.B sockops [ bind | unbind | search | compare | modify | modrdn | add | delete ]* .B sockops [ bind | unbind | search | compare | modify | modrdn | add | delete | extended ]*
Specify which request types to send to the external program. The default is Specify which request types to send to the external program. The default is
empty (no requests are sent). empty (no requests are sent).
.TP .TP
@ -115,6 +115,17 @@ dn: <DN>
.PP .PP
.RS .RS
.nf .nf
EXTENDED
msgid: <message id>
<repeat { "suffix:" <database suffix DN> }>
oid: <OID>
value: <base64-value>
<blank line>
.fi
.RE
.PP
.RS
.nf
MODIFY MODIFY
msgid: <message id> msgid: <message id>
<repeat { "suffix:" <database suffix DN> }> <repeat { "suffix:" <database suffix DN> }>
@ -213,6 +224,11 @@ msgid: <message id>
.fi .fi
.RE .RE
.SH KNOWN LIMITATIONS
The
.B sock
backend does not process extended operation results from an external program.
.SH ACCESS CONTROL .SH ACCESS CONTROL
The The
.B sock .B sock
@ -292,6 +308,11 @@ access to the
pseudo_attribute of the searchBase; pseudo_attribute of the searchBase;
.B search (=s) .B search (=s)
access to the attributes and values used in the filter is not checked. access to the attributes and values used in the filter is not checked.
.LP
The
.B extended
operation does not require any access special rights.
The external program has to implement any sort of access control.
.SH EXAMPLE .SH EXAMPLE
There is an example script in the slapd/back\-sock/ directory There is an example script in the slapd/back\-sock/ directory

View File

@ -18,9 +18,9 @@
## in OpenLDAP Software. ## in OpenLDAP Software.
SRCS = init.c config.c opensock.c search.c bind.c unbind.c add.c \ SRCS = init.c config.c opensock.c search.c bind.c unbind.c add.c \
delete.c modify.c modrdn.c compare.c result.c delete.c modify.c modrdn.c compare.c result.c extended.c
OBJS = init.lo config.lo opensock.lo search.lo bind.lo unbind.lo add.lo \ OBJS = init.lo config.lo opensock.lo search.lo bind.lo unbind.lo add.lo \
delete.lo modify.lo modrdn.lo compare.lo result.lo delete.lo modify.lo modrdn.lo compare.lo result.lo extended.lo
LDAP_INCDIR= ../../../include LDAP_INCDIR= ../../../include
LDAP_LIBDIR= ../../../libraries LDAP_LIBDIR= ../../../libraries

View File

@ -106,6 +106,7 @@ static ConfigOCs osocs[] = {
#define SOCK_OP_MODRDN 0x020 #define SOCK_OP_MODRDN 0x020
#define SOCK_OP_ADD 0x040 #define SOCK_OP_ADD 0x040
#define SOCK_OP_DELETE 0x080 #define SOCK_OP_DELETE 0x080
#define SOCK_OP_EXTENDED 0x100
#define SOCK_REP_RESULT 0x001 #define SOCK_REP_RESULT 0x001
#define SOCK_REP_SEARCH 0x002 #define SOCK_REP_SEARCH 0x002
@ -127,6 +128,7 @@ static slap_verbmasks ov_ops[] = {
{ BER_BVC("modrdn"), SOCK_OP_MODRDN }, { BER_BVC("modrdn"), SOCK_OP_MODRDN },
{ BER_BVC("add"), SOCK_OP_ADD }, { BER_BVC("add"), SOCK_OP_ADD },
{ BER_BVC("delete"), SOCK_OP_DELETE }, { BER_BVC("delete"), SOCK_OP_DELETE },
{ BER_BVC("extended"), SOCK_OP_EXTENDED },
{ BER_BVNULL, 0 } { BER_BVNULL, 0 }
}; };
@ -249,7 +251,9 @@ static BI_op_bind *sockfuncs[] = {
sock_back_modify, sock_back_modify,
sock_back_modrdn, sock_back_modrdn,
sock_back_add, sock_back_add,
sock_back_delete sock_back_delete,
0, /* abandon not supported */
sock_back_extended
}; };
static const int sockopflags[] = { static const int sockopflags[] = {
@ -260,7 +264,9 @@ static const int sockopflags[] = {
SOCK_OP_MODIFY, SOCK_OP_MODIFY,
SOCK_OP_MODRDN, SOCK_OP_MODRDN,
SOCK_OP_ADD, SOCK_OP_ADD,
SOCK_OP_DELETE SOCK_OP_DELETE,
0, /* abandon not supported */
SOCK_OP_EXTENDED
}; };
static int sock_over_op( static int sock_over_op(
@ -283,6 +289,7 @@ static int sock_over_op(
case LDAP_REQ_MODRDN: which = op_modrdn; break; case LDAP_REQ_MODRDN: which = op_modrdn; break;
case LDAP_REQ_ADD: which = op_add; break; case LDAP_REQ_ADD: which = op_add; break;
case LDAP_REQ_DELETE: which = op_delete; break; case LDAP_REQ_DELETE: which = op_delete; break;
case LDAP_REQ_EXTENDED: which = op_extended; break;
default: default:
return SLAP_CB_CONTINUE; return SLAP_CB_CONTINUE;
} }
@ -365,6 +372,7 @@ sock_over_setup()
sockover.on_bi.bi_op_modrdn = sock_over_op; sockover.on_bi.bi_op_modrdn = sock_over_op;
sockover.on_bi.bi_op_add = sock_over_op; sockover.on_bi.bi_op_add = sock_over_op;
sockover.on_bi.bi_op_delete = sock_over_op; sockover.on_bi.bi_op_delete = sock_over_op;
sockover.on_bi.bi_extended = sock_over_op;
sockover.on_response = sock_over_response; sockover.on_response = sock_over_response;
sockover.on_bi.bi_cf_ocs = osocs; sockover.on_bi.bi_cf_ocs = osocs;

View File

@ -0,0 +1,76 @@
/* extended.c - sock backend extended routines */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2000-2017 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
#include "portable.h"
#include <stdio.h>
#include <ac/string.h>
#include "slap.h"
#include "back-sock.h"
#include "lutil.h"
int
sock_back_extended( Operation *op, SlapReply *rs )
{
int rc;
struct sockinfo *si = (struct sockinfo *) op->o_bd->be_private;
FILE *fp;
struct berval b64;
Debug( LDAP_DEBUG_ARGS, "==> sock_back_extended(%s)\n",
op->ore_reqoid.bv_val, op->o_req_dn.bv_val, 0 );
if ( (fp = opensock( si->si_sockpath )) == NULL ) {
send_ldap_error( op, rs, LDAP_OTHER,
"could not open socket" );
return( -1 );
}
/* write out the request to the extended process */
fprintf( fp, "EXTENDED\n" );
fprintf( fp, "msgid: %ld\n", (long) op->o_msgid );
sock_print_conn( fp, op->o_conn, si );
sock_print_suffixes( fp, op->o_bd );
fprintf( fp, "oid: %s\n", op->ore_reqoid.bv_val );
if (op->ore_reqdata) {
b64.bv_len = LUTIL_BASE64_ENCODE_LEN( op->ore_reqdata->bv_len ) + 1;
b64.bv_val = op->o_tmpalloc( b64.bv_len + 1, op->o_tmpmemctx );
rc = lutil_b64_ntop(
(unsigned char *) op->ore_reqdata->bv_val, op->ore_reqdata->bv_len,
b64.bv_val, b64.bv_len );
b64.bv_len = rc;
assert( strlen(b64.bv_val) == b64.bv_len );
fprintf( fp, "value: %s\n", b64.bv_val );
op->o_tmpfree( b64.bv_val, op->o_tmpmemctx );
}
fprintf( fp, "\n" );
/* read in the results and send them along */
rc = sock_read_and_send_results( op, rs, fp );
fclose( fp );
return( rc );
}

View File

@ -53,7 +53,7 @@ sock_back_initialize(
bi->bi_op_delete = sock_back_delete; bi->bi_op_delete = sock_back_delete;
bi->bi_op_abandon = 0; bi->bi_op_abandon = 0;
bi->bi_extended = 0; bi->bi_extended = sock_back_extended;
bi->bi_chk_referrals = 0; bi->bi_chk_referrals = 0;

View File

@ -40,6 +40,8 @@ extern BI_op_modrdn sock_back_modrdn;
extern BI_op_add sock_back_add; extern BI_op_add sock_back_add;
extern BI_op_delete sock_back_delete; extern BI_op_delete sock_back_delete;
extern BI_op_extended sock_back_extended;
extern int sock_back_init_cf( BackendInfo *bi ); extern int sock_back_init_cf( BackendInfo *bi );
LDAP_END_DECL LDAP_END_DECL