--- servers/slapd/root_dse.c 2003/09/18 15:43:35 1.81.2.2
+++ servers/slapd/root_dse.c 2010/04/13 20:18:08 1.130
@@ -1,13 +1,17 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/root_dse.c,v 1.81.2.1 2003/05/31 19:01:40 kurt Exp $ */
-/* root_dse.c - Provides the ROOT DSA-Specific Entry
+/* root_dse.c - Provides the Root DSA-Specific Entry */
+/* $OpenLDAP: pkg/ldap/servers/slapd/root_dse.c,v 1.129 2009/07/07 20:30:55 hyc Exp $ */
+/* This work is part of OpenLDAP Software .
*
- * Copyright 1999-2003 The OpenLDAP Foundation.
+ * Copyright 1999-2010 The OpenLDAP Foundation.
* All rights reserved.
*
- * Redistribution and use in source and binary forms are permitted only
- * as authorized by the OpenLDAP Public License. A copy of this
- * license is available at http://www.OpenLDAP.org/license.html or
- * in file LICENSE in the top-level directory of the distribution.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * .
*/
#include "portable.h"
@@ -21,21 +25,156 @@
#include "lber_pvt.h"
#ifdef LDAP_SLAPI
-#include "slapi.h"
+#include "slapi/slapi.h"
#endif
-static struct berval supportedFeatures[] = {
- BER_BVC(LDAP_FEATURE_ALL_OPERATIONAL_ATTRS), /* All Op Attrs (+) */
- BER_BVC(LDAP_FEATURE_OBJECTCLASS_ATTRS), /* OCs in Attrs List (+person) */
- BER_BVC(LDAP_FEATURE_ABSOLUTE_FILTERS), /* (&) and (|) search filters */
- BER_BVC(LDAP_FEATURE_LANGUAGE_TAG_OPTIONS), /* Language Tag Options */
- BER_BVC(LDAP_FEATURE_LANGUAGE_RANGE_OPTIONS), /* Language Range Options */
- BER_BVC(LDAP_FEATURE_MODIFY_INCREMENT), /* Modify/increment */
- {0,NULL}
+static struct berval builtin_supportedFeatures[] = {
+ BER_BVC(LDAP_FEATURE_MODIFY_INCREMENT), /* Modify/increment */
+ BER_BVC(LDAP_FEATURE_ALL_OP_ATTRS), /* All Op Attrs (+) */
+ BER_BVC(LDAP_FEATURE_OBJECTCLASS_ATTRS), /* OCs in Attrs List (@class) */
+ BER_BVC(LDAP_FEATURE_ABSOLUTE_FILTERS), /* (&) and (|) search filters */
+ BER_BVC(LDAP_FEATURE_LANGUAGE_TAG_OPTIONS), /* Language Tag Options */
+ BER_BVC(LDAP_FEATURE_LANGUAGE_RANGE_OPTIONS), /* Language Range Options */
+#ifdef LDAP_DEVEL
+ BER_BVC(LDAP_FEATURE_SUBORDINATE_SCOPE), /* "children" search scope */
+#endif
+ BER_BVNULL
};
+static struct berval *supportedFeatures;
static Entry *usr_attr = NULL;
+/*
+ * allow modules to register functions that muck with the root DSE entry
+ */
+
+typedef struct entry_info_t {
+ SLAP_ENTRY_INFO_FN func;
+ void *arg;
+ struct entry_info_t *next;
+} entry_info_t;
+
+static entry_info_t *extra_info;
+
+int
+entry_info_register( SLAP_ENTRY_INFO_FN func, void *arg )
+{
+ entry_info_t *ei = ch_calloc( 1, sizeof( entry_info_t ) );
+
+ ei->func = func;
+ ei->arg = arg;
+
+ ei->next = extra_info;
+ extra_info = ei;
+
+ return 0;
+}
+
+int
+entry_info_unregister( SLAP_ENTRY_INFO_FN func, void *arg )
+{
+ entry_info_t **eip;
+
+ for ( eip = &extra_info; *eip != NULL; eip = &(*eip)->next ) {
+ if ( (*eip)->func == func && (*eip)->arg == arg ) {
+ entry_info_t *ei = *eip;
+
+ *eip = ei->next;
+
+ ch_free( ei );
+
+ return 0;
+ }
+ }
+
+ return -1;
+}
+
+void
+entry_info_destroy( void )
+{
+ entry_info_t **eip;
+
+ for ( eip = &extra_info; *eip != NULL; ) {
+ entry_info_t *ei = *eip;
+
+ eip = &(*eip)->next;
+
+ ch_free( ei );
+ }
+}
+
+/*
+ * Allow modules to register supported features
+ */
+
+static int
+supported_feature_init( void )
+{
+ int i;
+
+ if ( supportedFeatures != NULL ) {
+ return 0;
+ }
+
+ for ( i = 0; !BER_BVISNULL( &builtin_supportedFeatures[ i ] ); i++ )
+ ;
+
+ supportedFeatures = ch_calloc( sizeof( struct berval ), i + 1 );
+ if ( supportedFeatures == NULL ) {
+ return -1;
+ }
+
+ for ( i = 0; !BER_BVISNULL( &builtin_supportedFeatures[ i ] ); i++ ) {
+ ber_dupbv( &supportedFeatures[ i ], &builtin_supportedFeatures[ i ] );
+ }
+ BER_BVZERO( &supportedFeatures[ i ] );
+
+ return 0;
+}
+
+int
+supported_feature_destroy( void )
+{
+ int i;
+
+ if ( supportedFeatures == NULL ) {
+ return 0;
+ }
+
+ for ( i = 0; !BER_BVISNULL( &supportedFeatures[ i ] ); i++ ) {
+ ch_free( supportedFeatures[ i ].bv_val );
+ }
+
+ ch_free( supportedFeatures );
+ supportedFeatures = NULL;
+
+ return 0;
+}
+
+int
+supported_feature_load( struct berval *f )
+{
+ struct berval *tmp;
+ int i;
+
+ supported_feature_init();
+
+ for ( i = 0; !BER_BVISNULL( &supportedFeatures[ i ] ); i++ )
+ ;
+
+ tmp = ch_realloc( supportedFeatures, sizeof( struct berval ) * ( i + 2 ) );
+ if ( tmp == NULL ) {
+ return -1;
+ }
+ supportedFeatures = tmp;
+
+ ber_dupbv( &supportedFeatures[ i ], f );
+ BER_BVZERO( &supportedFeatures[ i + 1 ] );
+
+ return 0;
+}
+
int
root_dse_info(
Connection *conn,
@@ -43,10 +182,13 @@ root_dse_info(
const char **text )
{
Entry *e;
- struct berval vals[2], *bv;
- struct berval nvals[2];
+ struct berval val;
+#ifdef LDAP_SLAPI
+ struct berval *bv;
+#endif
int i, j;
char ** supportedSASLMechanisms;
+ BackendDB *be;
AttributeDescription *ad_structuralObjectClass
= slap_schema.si_ad_structuralObjectClass;
@@ -54,8 +196,10 @@ root_dse_info(
= slap_schema.si_ad_objectClass;
AttributeDescription *ad_namingContexts
= slap_schema.si_ad_namingContexts;
+#ifdef LDAP_SLAPI
AttributeDescription *ad_supportedExtension
= slap_schema.si_ad_supportedExtension;
+#endif
AttributeDescription *ad_supportedLDAPVersion
= slap_schema.si_ad_supportedLDAPVersion;
AttributeDescription *ad_supportedSASLMechanisms
@@ -64,22 +208,15 @@ root_dse_info(
= slap_schema.si_ad_supportedFeatures;
AttributeDescription *ad_monitorContext
= slap_schema.si_ad_monitorContext;
+ AttributeDescription *ad_configContext
+ = slap_schema.si_ad_configContext;
AttributeDescription *ad_ref
= slap_schema.si_ad_ref;
- vals[1].bv_val = NULL;
- nvals[1].bv_val = NULL;
-
- e = (Entry *) SLAP_CALLOC( 1, sizeof(Entry) );
-
+ e = entry_alloc();
if( e == NULL ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( OPERATION, ERR,
- "root_dse_info: SLAP_CALLOC failed", 0, 0, 0 );
-#else
Debug( LDAP_DEBUG_ANY,
- "root_dse_info: SLAP_CALLOC failed", 0, 0, 0 );
-#endif
+ "root_dse_info: entry_alloc failed", 0, 0, 0 );
return LDAP_OTHER;
}
@@ -95,38 +232,54 @@ root_dse_info(
e->e_private = NULL;
- vals[0].bv_val = "top";
- vals[0].bv_len = sizeof("top")-1;
- if( attr_merge( e, ad_objectClass, vals, NULL ) ) {
+ /* FIXME: is this really needed? */
+ BER_BVSTR( &val, "top" );
+ if( attr_merge_one( e, ad_objectClass, &val, NULL ) ) {
+fail:
+ entry_free( e );
return LDAP_OTHER;
}
- vals[0].bv_val = "OpenLDAProotDSE";
- vals[0].bv_len = sizeof("OpenLDAProotDSE")-1;
- if( attr_merge( e, ad_objectClass, vals, NULL ) ) {
- return LDAP_OTHER;
- }
- if( attr_merge( e, ad_structuralObjectClass, vals, NULL ) ) {
- return LDAP_OTHER;
+ BER_BVSTR( &val, "OpenLDAProotDSE" );
+ if( attr_merge_one( e, ad_objectClass, &val, NULL ) ) {
+ goto fail;
+ }
+ if( attr_merge_one( e, ad_structuralObjectClass, &val, NULL ) ) {
+ goto fail;
}
- for ( i = 0; i < nbackends; i++ ) {
- if ( backends[i].be_flags & SLAP_BFLAG_MONITOR ) {
- vals[0] = backends[i].be_suffix[0];
- nvals[0] = backends[i].be_nsuffix[0];
- if( attr_merge( e, ad_monitorContext, vals, nvals ) ) {
- return LDAP_OTHER;
+ LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) {
+ if ( be->be_suffix == NULL
+ || be->be_nsuffix == NULL ) {
+ /* no suffix! */
+ continue;
+ }
+ if ( SLAP_MONITOR( be )) {
+ if( attr_merge_one( e, ad_monitorContext,
+ &be->be_suffix[0],
+ &be->be_nsuffix[0] ) )
+ {
+ goto fail;
+ }
+ continue;
+ }
+ if ( SLAP_CONFIG( be )) {
+ if( attr_merge_one( e, ad_configContext,
+ &be->be_suffix[0],
+ & be->be_nsuffix[0] ) )
+ {
+ goto fail;
}
continue;
}
- if ( SLAP_GLUE_SUBORDINATE( &backends[i] ) ) {
+ if ( SLAP_GLUE_SUBORDINATE( be ) && !SLAP_GLUE_ADVERTISE( be ) ) {
continue;
}
- for ( j = 0; backends[i].be_suffix[j].bv_val != NULL; j++ ) {
- vals[0] = backends[i].be_suffix[j];
- nvals[0] = backends[i].be_nsuffix[0];
- if( attr_merge( e, ad_namingContexts, vals, nvals ) ) {
- return LDAP_OTHER;
+ for ( j = 0; be->be_suffix[j].bv_val != NULL; j++ ) {
+ if( attr_merge_one( e, ad_namingContexts,
+ &be->be_suffix[j], NULL ) )
+ {
+ goto fail;
}
}
}
@@ -135,43 +288,45 @@ root_dse_info(
/* supportedControl */
if ( controls_root_dse_info( e ) != 0 ) {
- return LDAP_OTHER;
+ goto fail;
}
/* supportedExtension */
if ( exop_root_dse_info( e ) != 0 ) {
- return LDAP_OTHER;
+ goto fail;
}
#ifdef LDAP_SLAPI
/* netscape supportedExtension */
- for ( i = 0; (bv = ns_get_supported_extop(i)) != NULL; i++ ) {
- vals[0] = *bv;
- if( attr_merge( e, ad_supportedExtension, vals, NULL )) {
- return LDAP_OTHER;
+ for ( i = 0; (bv = slapi_int_get_supported_extop(i)) != NULL; i++ ) {
+ if( attr_merge_one( e, ad_supportedExtension, bv, NULL ) ) {
+ goto fail;
}
}
#endif /* LDAP_SLAPI */
/* supportedFeatures */
+ if ( supportedFeatures == NULL ) {
+ supported_feature_init();
+ }
+
if( attr_merge( e, ad_supportedFeatures, supportedFeatures, NULL ) ) {
- return LDAP_OTHER;
+ goto fail;
}
/* supportedLDAPVersion */
- for ( i=LDAP_VERSION_MIN; i<=LDAP_VERSION_MAX; i++ ) {
- char buf[BUFSIZ];
- if (!( global_allows & SLAP_ALLOW_BIND_V2 ) &&
- ( i < LDAP_VERSION3 ) )
- {
- /* version 2 and lower are disallowed */
- continue;
- }
+ /* don't publish version 2 as we don't really support it
+ * (even when configured to accept version 2 Bind requests)
+ * and the value would never be used by true LDAPv2 (or LDAPv3)
+ * clients.
+ */
+ for ( i=LDAP_VERSION3; i<=LDAP_VERSION_MAX; i++ ) {
+ char buf[sizeof("255")];
snprintf(buf, sizeof buf, "%d", i);
- vals[0].bv_val = buf;
- vals[0].bv_len = strlen( vals[0].bv_val );
- if( attr_merge( e, ad_supportedLDAPVersion, vals, NULL ) ) {
- return LDAP_OTHER;
+ val.bv_val = buf;
+ val.bv_len = strlen( val.bv_val );
+ if( attr_merge_one( e, ad_supportedLDAPVersion, &val, NULL ) ) {
+ goto fail;
}
}
@@ -180,10 +335,11 @@ root_dse_info(
if( supportedSASLMechanisms != NULL ) {
for ( i=0; supportedSASLMechanisms[i] != NULL; i++ ) {
- vals[0].bv_val = supportedSASLMechanisms[i];
- vals[0].bv_len = strlen( vals[0].bv_val );
- if( attr_merge( e, ad_supportedSASLMechanisms, vals, NULL ) ) {
- return LDAP_OTHER;
+ val.bv_val = supportedSASLMechanisms[i];
+ val.bv_len = strlen( val.bv_val );
+ if( attr_merge_one( e, ad_supportedSASLMechanisms, &val, NULL ) ) {
+ ldap_charray_free( supportedSASLMechanisms );
+ goto fail;
}
}
ldap_charray_free( supportedSASLMechanisms );
@@ -191,7 +347,7 @@ root_dse_info(
if ( default_referral != NULL ) {
if( attr_merge( e, ad_ref, default_referral, NULL /* FIXME */ ) ) {
- return LDAP_OTHER;
+ goto fail;
}
}
@@ -201,67 +357,90 @@ root_dse_info(
if( attr_merge( e, a->a_desc, a->a_vals,
(a->a_nvals == a->a_vals) ? NULL : a->a_nvals ) )
{
- return LDAP_OTHER;
+ goto fail;
}
}
}
+ if ( extra_info ) {
+ entry_info_t *ei = extra_info;
+
+ for ( ; ei; ei = ei->next ) {
+ ei->func( ei->arg, e );
+ }
+ }
+
*entry = e;
return LDAP_SUCCESS;
}
+int
+root_dse_init( void )
+{
+ return 0;
+}
+
+int
+root_dse_destroy( void )
+{
+ if ( usr_attr ) {
+ entry_free( usr_attr );
+ usr_attr = NULL;
+ }
+
+ return 0;
+}
+
/*
* Read the entries specified in fname and merge the attributes
* to the user defined rootDSE. Note thaat if we find any errors
* what so ever, we will discard the entire entries, print an
* error message and return.
*/
-int read_root_dse_file( const char *fname )
+int
+root_dse_read_file( const char *fname )
{
- FILE *fp;
- int rc = 0, lineno = 0, lmax = 0;
+ struct LDIFFP *fp;
+ int rc = 0, lineno = 0, lmax = 0, ldifrc;
char *buf = NULL;
- if ( (fp = fopen( fname, "r" )) == NULL ) {
+ if ( (fp = ldif_open( fname, "r" )) == NULL ) {
Debug( LDAP_DEBUG_ANY,
- "could not open rootdse attr file \"%s\" - absolute path?\n",
+ "root_dse_read_file: could not open rootdse attr file \"%s\" - absolute path?\n",
fname, 0, 0 );
perror( fname );
return EXIT_FAILURE;
}
- usr_attr = (Entry *) SLAP_CALLOC( 1, sizeof(Entry) );
+ usr_attr = entry_alloc();
if( usr_attr == NULL ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( OPERATION, ERR,
- "read_root_dse_file: SLAP_CALLOC failed", 0, 0, 0 );
-#else
Debug( LDAP_DEBUG_ANY,
- "read_root_dse_file: SLAP_CALLOC failed", 0, 0, 0 );
-#endif
- fclose( fp );
+ "root_dse_read_file: entry_alloc failed", 0, 0, 0 );
+ ldif_close( fp );
return LDAP_OTHER;
}
usr_attr->e_attrs = NULL;
- while( ldif_read_record( fp, &lineno, &buf, &lmax ) ) {
+ while(( ldifrc = ldif_read_record( fp, &lineno, &buf, &lmax )) > 0 ) {
Entry *e = str2entry( buf );
Attribute *a;
if( e == NULL ) {
- fprintf( stderr, "root_dse: could not parse entry (line=%d)\n",
- lineno );
- rc = EXIT_FAILURE;
+ Debug( LDAP_DEBUG_ANY, "root_dse_read_file: "
+ "could not parse entry (file=\"%s\" line=%d)\n",
+ fname, lineno, 0 );
+ rc = LDAP_OTHER;
break;
}
/* make sure the DN is the empty DN */
if( e->e_nname.bv_len ) {
- fprintf( stderr,
- "root_dse: invalid rootDSE - dn=\"%s\" (line=%d)\n",
- e->e_dn, lineno );
+ Debug( LDAP_DEBUG_ANY,
+ "root_dse_read_file: invalid rootDSE "
+ "- dn=\"%s\" (file=\"%s\" line=%d)\n",
+ e->e_dn, fname, lineno );
entry_free( e );
- rc = EXIT_FAILURE;
+ rc = LDAP_OTHER;
break;
}
@@ -284,6 +463,9 @@ int read_root_dse_file( const char *fnam
if (rc) break;
}
+ if ( ldifrc < 0 )
+ rc = LDAP_OTHER;
+
if (rc) {
entry_free( usr_attr );
usr_attr = NULL;
@@ -291,8 +473,69 @@ int read_root_dse_file( const char *fnam
ch_free( buf );
- fclose( fp );
+ ldif_close( fp );
- Debug(LDAP_DEBUG_CONFIG, "rootDSE file %s read.\n", fname, 0, 0);
+ Debug(LDAP_DEBUG_CONFIG, "rootDSE file=\"%s\" read.\n", fname, 0, 0);
return rc;
}
+
+int
+slap_discover_feature(
+ slap_bindconf *sb,
+ const char *attr,
+ const char *val )
+{
+ LDAP *ld = NULL;
+ LDAPMessage *res = NULL, *entry;
+ int rc, i;
+ struct berval bv_val,
+ **values = NULL;
+ char *attrs[ 2 ] = { NULL, NULL };
+
+ rc = slap_client_connect( &ld, sb );
+ if ( rc != LDAP_SUCCESS ) {
+ goto done;
+ }
+
+ attrs[ 0 ] = (char *) attr;
+ rc = ldap_search_ext_s( ld, "", LDAP_SCOPE_BASE, "(objectClass=*)",
+ attrs, 0, NULL, NULL, NULL, 0, &res );
+ if ( rc != LDAP_SUCCESS ) {
+ goto done;
+ }
+
+ entry = ldap_first_entry( ld, res );
+ if ( entry == NULL ) {
+ goto done;
+ }
+
+ values = ldap_get_values_len( ld, entry, attrs[ 0 ] );
+ if ( values == NULL ) {
+ rc = LDAP_NO_SUCH_ATTRIBUTE;
+ goto done;
+ }
+
+ ber_str2bv( val, 0, 0, &bv_val );
+ for ( i = 0; values[ i ] != NULL; i++ ) {
+ if ( bvmatch( &bv_val, values[ i ] ) ) {
+ rc = LDAP_COMPARE_TRUE;
+ goto done;
+ }
+ }
+
+ rc = LDAP_COMPARE_FALSE;
+
+done:;
+ if ( values != NULL ) {
+ ldap_value_free_len( values );
+ }
+
+ if ( res != NULL ) {
+ ldap_msgfree( res );
+ }
+
+ ldap_unbind_ext( ld, NULL, NULL );
+
+ return rc;
+}
+