--- servers/slapd/root_dse.c	1999/09/08 17:06:34	1.18
+++ servers/slapd/root_dse.c	2004/01/17 18:36:42	1.81.2.10
@@ -1,13 +1,17 @@
-/* $OpenLDAP$ */
-/* root_dse.c - Provides the ROOT DSA-Specific Entry
+/* root_dse.c - Provides the Root DSA-Specific Entry */
+/* $OpenLDAP: pkg/ldap/servers/slapd/root_dse.c,v 1.81.2.9 2004/01/01 18:16:34 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999 The OpenLDAP Foundation.
+ * Copyright 1999-2004 The OpenLDAP Foundation.
  * All rights reserved.
  *
- * Redistribution and use in source and binary forms are permitted only
- * as authorized by the OpenLDAP Public License.  A copy of this
- * license is available at http://www.OpenLDAP.org/license.html or
- * in file LICENSE in the top-level directory of the distribution.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
  */
 
 #include "portable.h"
@@ -17,108 +21,291 @@
 #include <ac/string.h>
 
 #include "slap.h"
+#include <ldif.h>
+#include "lber_pvt.h"
+
+#ifdef LDAP_SLAPI
+#include "slapi/slapi.h"
+#endif
 
-void
-root_dse_info( Connection *conn, Operation *op, char **attrs, int attrsonly )
+static struct berval supportedFeatures[] = {
+	BER_BVC(LDAP_FEATURE_ALL_OP_ATTRS),			/* All Op Attrs (+) */
+	BER_BVC(LDAP_FEATURE_OBJECTCLASS_ATTRS),	/* OCs in Attrs List (@class) */
+	BER_BVC(LDAP_FEATURE_ABSOLUTE_FILTERS),		/* (&) and (|) search filters */
+	BER_BVC(LDAP_FEATURE_LANGUAGE_TAG_OPTIONS), /* Language Tag Options */
+	BER_BVC(LDAP_FEATURE_LANGUAGE_RANGE_OPTIONS),/* Language Range Options */
+
+#ifdef LDAP_DEVEL
+	BER_BVC(LDAP_FEATURE_SUBORDINATE_SCOPE),	/* "children" search scope */
+	BER_BVC(LDAP_FEATURE_MODIFY_INCREMENT),		/* Modify/increment */
+#endif
+	{0,NULL}
+};
+
+static Entry	*usr_attr = NULL;
+
+int
+root_dse_info(
+	Connection *conn,
+	Entry **entry,
+	const char **text )
 {
-	char buf[BUFSIZ];
 	Entry		*e;
-	struct berval	val;
-	struct berval	*vals[2];
+	struct berval vals[2], *bv;
+	struct berval nvals[2];
 	int		i, j;
+	char ** supportedSASLMechanisms;
 
-	vals[0] = &val;
-	vals[1] = NULL;
-
-	e = (Entry *) ch_calloc( 1, sizeof(Entry) );
+	AttributeDescription *ad_structuralObjectClass
+		= slap_schema.si_ad_structuralObjectClass;
+	AttributeDescription *ad_objectClass
+		= slap_schema.si_ad_objectClass;
+	AttributeDescription *ad_namingContexts
+		= slap_schema.si_ad_namingContexts;
+	AttributeDescription *ad_supportedExtension
+		= slap_schema.si_ad_supportedExtension;
+	AttributeDescription *ad_supportedLDAPVersion
+		= slap_schema.si_ad_supportedLDAPVersion;
+	AttributeDescription *ad_supportedSASLMechanisms
+		= slap_schema.si_ad_supportedSASLMechanisms;
+	AttributeDescription *ad_supportedFeatures
+		= slap_schema.si_ad_supportedFeatures;
+	AttributeDescription *ad_monitorContext
+		= slap_schema.si_ad_monitorContext;
+	AttributeDescription *ad_ref
+		= slap_schema.si_ad_ref;
+
+	vals[1].bv_val = NULL;
+	nvals[1].bv_val = NULL;
+
+	e = (Entry *) SLAP_CALLOC( 1, sizeof(Entry) );
+
+	if( e == NULL ) {
+#ifdef NEW_LOGGING
+		LDAP_LOG( OPERATION, ERR,
+			"root_dse_info: SLAP_CALLOC failed", 0, 0, 0 );
+#else
+		Debug( LDAP_DEBUG_ANY,
+			"root_dse_info: SLAP_CALLOC failed", 0, 0, 0 );
+#endif
+		return LDAP_OTHER;
+	}
 
 	e->e_attrs = NULL;
-	e->e_dn = ch_strdup( LDAP_ROOT_DSE );
-	e->e_ndn = ch_strdup( LDAP_ROOT_DSE );
-	(void) dn_normalize_case( e->e_ndn );
+	e->e_name.bv_val = ch_strdup( LDAP_ROOT_DSE );
+	e->e_name.bv_len = sizeof( LDAP_ROOT_DSE )-1;
+	e->e_nname.bv_val = ch_strdup( LDAP_ROOT_DSE );
+	e->e_nname.bv_len = sizeof( LDAP_ROOT_DSE )-1;
+
+	/* the DN is an empty string so no pretty/normalization is needed */
+	assert( !e->e_name.bv_len );
+	assert( !e->e_nname.bv_len );
+
 	e->e_private = NULL;
 
-	for ( i = 0; i < nbackends; i++ ) {
-		for ( j = 0; backends[i].be_suffix[j] != NULL; j++ ) {
-			val.bv_val = backends[i].be_suffix[j];
-			val.bv_len = strlen( val.bv_val );
-			attr_merge( e, "namingContexts", vals );
-		}
+	vals[0].bv_val = "top";
+	vals[0].bv_len = sizeof("top")-1;
+	if( attr_merge( e, ad_objectClass, vals, NULL ) ) {
+		return LDAP_OTHER;
 	}
 
-#if defined( SLAPD_MONITOR_DN )
-	val.bv_val = SLAPD_MONITOR_DN;
-	val.bv_len = strlen( val.bv_val );
-	attr_merge( e, "namingContexts", vals );
-	/* subschemasubentry is added by send_search_entry() */
-#endif
-
-#if defined( SLAPD_CONFIG_DN )
-	val.bv_val = SLAPD_CONFIG_DN;
-	val.bv_len = strlen( val.bv_val );
-	attr_merge( e, "namingContexts", vals );
-#endif
+	vals[0].bv_val = "OpenLDAProotDSE";
+	vals[0].bv_len = sizeof("OpenLDAProotDSE")-1;
+	if( attr_merge( e, ad_objectClass, vals, NULL ) ) {
+		return LDAP_OTHER;
+	}
+	if( attr_merge( e, ad_structuralObjectClass, vals, NULL ) ) {
+		return LDAP_OTHER;
+	}
 
-#if defined( SLAPD_SCHEMA_DN )
-	val.bv_val = SLAPD_SCHEMA_DN;
-	val.bv_len = strlen( val.bv_val );
-	attr_merge( e, "namingContexts", vals );
-#endif
+	for ( i = 0; i < nbackends; i++ ) {
+		if ( backends[i].be_suffix == NULL
+				|| backends[i].be_nsuffix == NULL ) {
+			/* no suffix! */
+			continue;
+		}
+		if ( backends[i].be_flags & SLAP_BFLAG_MONITOR ) {
+			vals[0] = backends[i].be_suffix[0];
+			nvals[0] = backends[i].be_nsuffix[0];
+			if( attr_merge( e, ad_monitorContext, vals, nvals ) ) {
+				return LDAP_OTHER;
+			}
+			continue;
+		}
+		if ( SLAP_GLUE_SUBORDINATE( &backends[i] ) ) {
+			continue;
+		}
+		for ( j = 0; backends[i].be_suffix[j].bv_val != NULL; j++ ) {
+			vals[0] = backends[i].be_suffix[j];
+			nvals[0] = backends[i].be_nsuffix[0];
+			if( attr_merge( e, ad_namingContexts, vals, nvals ) ) {
+				return LDAP_OTHER;
+			}
+		}
+	}
 
 	/* altServer unsupported */
 
 	/* supportedControl */
-	for ( i=0; supportedControls[i] != NULL; i++ ) {
-		val.bv_val = supportedControls[i];
-		val.bv_len = strlen( val.bv_val );
-		attr_merge( e, "supportedControl", vals );
+	if ( controls_root_dse_info( e ) != 0 ) {
+		return LDAP_OTHER;
 	}
 
 	/* supportedExtension */
-	for ( i=0; supportedExtensions[i] != NULL; i++ ) {
-		val.bv_val = supportedExtensions[i];
-		val.bv_len = strlen( val.bv_val );
-		attr_merge( e, "supportedExtension", vals );
+	if ( exop_root_dse_info( e ) != 0 ) {
+		return LDAP_OTHER;
+	}
+
+#ifdef LDAP_SLAPI
+	/* netscape supportedExtension */
+	for ( i = 0; (bv = slapi_int_get_supported_extop(i)) != NULL; i++ ) {
+		vals[0] = *bv;
+		if( attr_merge( e, ad_supportedExtension, vals, NULL )) {
+			return LDAP_OTHER;
+		}
+	}
+#endif /* LDAP_SLAPI */
+
+	/* supportedFeatures */
+	if( attr_merge( e, ad_supportedFeatures, supportedFeatures, NULL ) ) {
+		return LDAP_OTHER;
 	}
 
 	/* supportedLDAPVersion */
 	for ( i=LDAP_VERSION_MIN; i<=LDAP_VERSION_MAX; i++ ) {
-		sprintf(buf,"%d",i);
-		val.bv_val = buf;
-		val.bv_len = strlen( val.bv_val );
-		attr_merge( e, "supportedLDAPVersion", vals );
+		char buf[BUFSIZ];
+		if (!( global_allows & SLAP_ALLOW_BIND_V2 ) &&
+			( i < LDAP_VERSION3 ) )
+		{
+			/* version 2 and lower are disallowed */
+			continue;
+		}
+		snprintf(buf, sizeof buf, "%d", i);
+		vals[0].bv_val = buf;
+		vals[0].bv_len = strlen( vals[0].bv_val );
+		if( attr_merge( e, ad_supportedLDAPVersion, vals, NULL ) ) {
+			return LDAP_OTHER;
+		}
 	}
 
 	/* supportedSASLMechanism */
+	supportedSASLMechanisms = slap_sasl_mechs( conn );
+
 	if( supportedSASLMechanisms != NULL ) {
 		for ( i=0; supportedSASLMechanisms[i] != NULL; i++ ) {
-			val.bv_val = supportedSASLMechanisms[i];
-			val.bv_len = strlen( val.bv_val );
-			attr_merge( e, "supportedSASLMechanisms", vals );
+			vals[0].bv_val = supportedSASLMechanisms[i];
+			vals[0].bv_len = strlen( vals[0].bv_val );
+			if( attr_merge( e, ad_supportedSASLMechanisms, vals, NULL ) ) {
+				return LDAP_OTHER;
+			}
 		}
+		ldap_charray_free( supportedSASLMechanisms );
 	}
 
 	if ( default_referral != NULL ) {
-		attr_merge( e, "ref", default_referral );
+		if( attr_merge( e, ad_ref, default_referral, NULL /* FIXME */ ) ) {
+			return LDAP_OTHER;
+		}
 	}
 
-	val.bv_val = "top";
-	val.bv_len = sizeof("top")-1;
-	attr_merge( e, "objectClass", vals );
+	if( usr_attr != NULL) {
+		Attribute *a;
+		for( a = usr_attr->e_attrs; a != NULL; a = a->a_next ) {
+			if( attr_merge( e, a->a_desc, a->a_vals,
+				(a->a_nvals == a->a_vals) ? NULL : a->a_nvals ) )
+			{
+				return LDAP_OTHER;
+			}
+		}
+	}
 
-	val.bv_val = "LDAPsubentry";
-	val.bv_len = sizeof("LDAPsubentry")-1;
-	attr_merge( e, "objectClass", vals );
+	*entry = e;
+	return LDAP_SUCCESS;
+}
 
-	val.bv_val = "extensibleObject";
-	val.bv_len = sizeof("extensibleObject")-1;
-	attr_merge( e, "objectClass", vals );
+/*
+ * Read the entries specified in fname and merge the attributes
+ * to the user defined rootDSE. Note thaat if we find any errors
+ * what so ever, we will discard the entire entries, print an
+ * error message and return.
+ */
+int read_root_dse_file( const char *fname )
+{
+	FILE	*fp;
+	int rc = 0, lineno = 0, lmax = 0;
+	char	*buf = NULL;
+
+	if ( (fp = fopen( fname, "r" )) == NULL ) {
+		Debug( LDAP_DEBUG_ANY,
+			"could not open rootdse attr file \"%s\" - absolute path?\n",
+			fname, 0, 0 );
+		perror( fname );
+		return EXIT_FAILURE;
+	}
 
-	send_search_entry( &backends[0], conn, op,
-		e, attrs, attrsonly, NULL );
-	send_search_result( conn, op, LDAP_SUCCESS,
-		NULL, NULL, NULL, NULL, 1 );
+	usr_attr = (Entry *) SLAP_CALLOC( 1, sizeof(Entry) );
+	if( usr_attr == NULL ) {
+#ifdef NEW_LOGGING
+		LDAP_LOG( OPERATION, ERR,
+			"read_root_dse_file: SLAP_CALLOC failed", 0, 0, 0 );
+#else
+		Debug( LDAP_DEBUG_ANY,
+			"read_root_dse_file: SLAP_CALLOC failed", 0, 0, 0 );
+#endif
+		fclose( fp );
+		return LDAP_OTHER;
+	}
+	usr_attr->e_attrs = NULL;
 
-	entry_free( e );
-}
+	while( ldif_read_record( fp, &lineno, &buf, &lmax ) ) {
+		Entry *e = str2entry( buf );
+		Attribute *a;
+
+		if( e == NULL ) {
+			fprintf( stderr, "root_dse: could not parse entry (line=%d)\n",
+				lineno );
+			rc = EXIT_FAILURE;
+			break;
+		}
+
+		/* make sure the DN is the empty DN */
+		if( e->e_nname.bv_len ) {
+			fprintf( stderr,
+				"root_dse: invalid rootDSE - dn=\"%s\" (line=%d)\n",
+				e->e_dn, lineno );
+			entry_free( e );
+			rc = EXIT_FAILURE;
+			break;
+		}
 
+		/*
+		 * we found a valid entry, so walk thru all the attributes in the
+		 * entry, and add each attribute type and description to the
+		 * usr_attr entry
+		 */
+
+		for(a = e->e_attrs; a != NULL; a = a->a_next) {
+			if( attr_merge( usr_attr, a->a_desc, a->a_vals,
+				(a->a_nvals == a->a_vals) ? NULL : a->a_nvals ) )
+			{
+				rc = LDAP_OTHER;
+				break;
+			}
+		}
+
+		entry_free( e );
+		if (rc) break;
+	}
+
+	if (rc) {
+		entry_free( usr_attr );
+		usr_attr = NULL;
+	}
+
+	ch_free( buf );
+
+	fclose( fp );
+
+	Debug(LDAP_DEBUG_CONFIG, "rootDSE file %s read.\n", fname, 0, 0);
+	return rc;
+}