summaryrefslogtreecommitdiffstats
path: root/contrib/slapd-modules/dupent
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 11:11:40 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 11:11:40 +0000
commit7731832751ab9f3c6ddeb66f186d3d7fa1934a6d (patch)
treee91015872543a59be2aad26c2fea02e41b57005d /contrib/slapd-modules/dupent
parentInitial commit. (diff)
downloadopenldap-upstream/2.4.57+dfsg.tar.xz
openldap-upstream/2.4.57+dfsg.zip
Adding upstream version 2.4.57+dfsg.upstream/2.4.57+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'contrib/slapd-modules/dupent')
-rw-r--r--contrib/slapd-modules/dupent/Makefile58
-rw-r--r--contrib/slapd-modules/dupent/dupent.c557
2 files changed, 615 insertions, 0 deletions
diff --git a/contrib/slapd-modules/dupent/Makefile b/contrib/slapd-modules/dupent/Makefile
new file mode 100644
index 0000000..b771015
--- /dev/null
+++ b/contrib/slapd-modules/dupent/Makefile
@@ -0,0 +1,58 @@
+# $OpenLDAP$
+# This work is part of OpenLDAP Software <http://www.openldap.org/>.
+#
+# Copyright 1998-2021 The OpenLDAP Foundation.
+# Copyright 2004 Howard Chu, Symas Corp. All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted only as authorized by the OpenLDAP
+# Public License.
+#
+# A copy of this license is available in the file LICENSE in the
+# top-level directory of the distribution or, alternatively, at
+# <http://www.OpenLDAP.org/license.html>.
+
+LDAP_SRC = ../../..
+LDAP_BUILD = $(LDAP_SRC)
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap_r/libldap_r.la \
+ $(LDAP_BUILD)/libraries/liblber/liblber.la
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+CC = gcc
+OPT = -g -O2 -Wall
+DEFS = -DSLAPD_OVER_DUPENT=SLAPD_MOD_DYNAMIC
+INCS = $(LDAP_INC)
+LIBS = $(LDAP_LIB)
+
+PROGRAMS = dupent.la
+LTVER = 0:0:0
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+ $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $<
+
+all: $(PROGRAMS)
+
+dupent.la: dupent.lo
+ $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \
+ -rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+clean:
+ rm -rf *.o *.lo *.la .libs
+
+install: $(PROGRAMS)
+ mkdir -p $(DESTDIR)$(moduledir)
+ for p in $(PROGRAMS) ; do \
+ $(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+ done
+
diff --git a/contrib/slapd-modules/dupent/dupent.c b/contrib/slapd-modules/dupent/dupent.c
new file mode 100644
index 0000000..3c53c21
--- /dev/null
+++ b/contrib/slapd-modules/dupent/dupent.c
@@ -0,0 +1,557 @@
+/* dupent.c - LDAP Control for a Duplicate Entry Representation of Search Results */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2006-2021 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+/*
+ * LDAP Control for a Duplicate Entry Representation of Search Results
+ * <draft-ietf-ldapext-ldapv3-dupent-08.txt> (EXPIRED)
+ * <http://tools.ietf.org/id/draft-ietf-ldapext-ldapv3-dupent-08.txt>
+ */
+
+#include "portable.h"
+
+/* define SLAPD_OVER_DUPENT=2 to build as run-time loadable module */
+#ifdef SLAPD_OVER_DUPENT
+
+/*
+ * The macros
+ *
+ * LDAP_CONTROL_DUPENT_REQUEST "2.16.840.1.113719.1.27.101.1"
+ * LDAP_CONTROL_DUPENT_RESPONSE "2.16.840.1.113719.1.27.101.2"
+ * LDAP_CONTROL_DUPENT_ENTRY "2.16.840.1.113719.1.27.101.3"
+ *
+ * are already defined in <ldap.h>
+ */
+
+/*
+ * support for no attrs and "*" in AttributeDescriptionList is missing
+ */
+
+#include "slap.h"
+#include "ac/string.h"
+
+#define o_dupent o_ctrlflag[dupent_cid]
+#define o_ctrldupent o_controls[dupent_cid]
+
+static int dupent_cid;
+static slap_overinst dupent;
+
+typedef struct dupent_t {
+ AttributeName *ds_an;
+ ber_len_t ds_nattrs;
+ slap_mask_t ds_flags;
+ ber_int_t ds_paa;
+} dupent_t;
+
+static int
+dupent_parseCtrl (
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl *ctrl )
+{
+ ber_tag_t tag;
+ BerElementBuffer berbuf;
+ BerElement *ber = (BerElement *)&berbuf;
+ ber_len_t len;
+ BerVarray AttributeDescriptionList = NULL;
+ ber_len_t cnt = sizeof(struct berval);
+ ber_len_t off = 0;
+ ber_int_t PartialApplicationAllowed = 1;
+ dupent_t *ds = NULL;
+ int i;
+
+ if ( op->o_dupent != SLAP_CONTROL_NONE ) {
+ rs->sr_text = "Dupent control specified multiple times";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if ( BER_BVISNULL( &ctrl->ldctl_value ) ) {
+ rs->sr_text = "Dupent control value is absent";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ if ( BER_BVISEMPTY( &ctrl->ldctl_value ) ) {
+ rs->sr_text = "Dupent control value is empty";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+ ber_init2( ber, &ctrl->ldctl_value, 0 );
+
+ /*
+
+ DuplicateEntryRequest ::= SEQUENCE {
+ AttributeDescriptionList, -- from [RFC2251]
+ PartialApplicationAllowed BOOLEAN DEFAULT TRUE }
+
+ AttributeDescriptionList ::= SEQUENCE OF
+ AttributeDescription
+
+ AttributeDescription ::= LDAPString
+
+ attributeDescription = AttributeType [ ";" <options> ]
+
+ */
+
+ tag = ber_skip_tag( ber, &len );
+ if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
+ if ( ber_scanf( ber, "{M}", &AttributeDescriptionList, &cnt, off )
+ == LBER_ERROR )
+ {
+ rs->sr_text = "Dupent control: dupentSpec decoding error";
+ rs->sr_err = LDAP_PROTOCOL_ERROR;
+ goto done;
+ }
+ tag = ber_skip_tag( ber, &len );
+ if ( tag == LBER_BOOLEAN ) {
+ /* NOTE: PartialApplicationAllowed is ignored, since the control
+ * can always be honored
+ */
+ if ( ber_scanf( ber, "b", &PartialApplicationAllowed ) == LBER_ERROR )
+ {
+ rs->sr_text = "Dupent control: dupentSpec decoding error";
+ rs->sr_err = LDAP_PROTOCOL_ERROR;
+ goto done;
+ }
+ tag = ber_skip_tag( ber, &len );
+ }
+ if ( len || tag != LBER_DEFAULT ) {
+ rs->sr_text = "Dupent control: dupentSpec decoding error";
+ rs->sr_err = LDAP_PROTOCOL_ERROR;
+ goto done;
+ }
+
+ ds = (dupent_t *)op->o_tmpcalloc( 1,
+ sizeof(dupent_t) + sizeof(AttributeName)*cnt,
+ op->o_tmpmemctx );
+
+ ds->ds_paa = PartialApplicationAllowed;
+
+ if ( cnt == 0 ) {
+ ds->ds_flags |= SLAP_USERATTRS_YES;
+
+ } else {
+ int c;
+
+ ds->ds_an = (AttributeName *)&ds[ 1 ];
+
+ for ( i = 0, c = 0; i < cnt; i++ ) {
+ const char *text;
+ int j;
+ int rc;
+ AttributeDescription *ad = NULL;
+
+ if ( bvmatch( &AttributeDescriptionList[i],
+ slap_bv_all_user_attrs ) )
+ {
+ if ( ds->ds_flags & SLAP_USERATTRS_YES ) {
+ rs->sr_text = "Dupent control: AttributeDescription decoding error";
+ rs->sr_err = LDAP_PROTOCOL_ERROR;
+ goto done;
+ }
+
+ ds->ds_flags |= SLAP_USERATTRS_YES;
+ continue;
+ }
+
+ rc = slap_bv2ad( &AttributeDescriptionList[i], &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ continue;
+ }
+
+ ds->ds_an[c].an_desc = ad;
+ ds->ds_an[c].an_name = ad->ad_cname;
+
+ /* FIXME: not specified; consider this an error, just in case */
+ for ( j = 0; j < c; j++ ) {
+ if ( ds->ds_an[c].an_desc == ds->ds_an[j].an_desc ) {
+ rs->sr_text = "Dupent control: AttributeDescription must be unique within AttributeDescriptionList";
+ rs->sr_err = LDAP_PROTOCOL_ERROR;
+ goto done;
+ }
+ }
+
+ c++;
+ }
+
+ ds->ds_nattrs = c;
+
+ if ( ds->ds_flags & SLAP_USERATTRS_YES ) {
+ /* purge user attrs */
+ for ( i = 0; i < ds->ds_nattrs; ) {
+ if ( is_at_operational( ds->ds_an[i].an_desc->ad_type ) ) {
+ i++;
+ continue;
+ }
+
+ ds->ds_nattrs--;
+ if ( i < ds->ds_nattrs ) {
+ ds->ds_an[i] = ds->ds_an[ds->ds_nattrs];
+ }
+ }
+ }
+ }
+
+ op->o_ctrldupent = (void *)ds;
+
+ op->o_dupent = ctrl->ldctl_iscritical
+ ? SLAP_CONTROL_CRITICAL
+ : SLAP_CONTROL_NONCRITICAL;
+
+ rs->sr_err = LDAP_SUCCESS;
+
+done:;
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ op->o_tmpfree( ds, op->o_tmpmemctx );
+ }
+
+ if ( AttributeDescriptionList != NULL ) {
+ ber_memfree_x( AttributeDescriptionList, op->o_tmpmemctx );
+ }
+
+ return rs->sr_err;
+}
+
+typedef struct dupent_cb_t {
+ slap_overinst *dc_on;
+ dupent_t *dc_ds;
+ int dc_skip;
+} dupent_cb_t;
+
+typedef struct valnum_t {
+ Attribute *ap;
+ Attribute a;
+ struct berval vals[2];
+ struct berval nvals[2];
+ int cnt;
+} valnum_t;
+
+static int
+dupent_response_done( Operation *op, SlapReply *rs )
+{
+ BerElementBuffer berbuf;
+ BerElement *ber = (BerElement *) &berbuf;
+ struct berval ctrlval;
+ LDAPControl *ctrl, *ctrlsp[2];
+
+ ber_init2( ber, NULL, LBER_USE_DER );
+
+ /*
+
+ DuplicateEntryResponseDone ::= SEQUENCE {
+ resultCode, -- From [RFC2251]
+ errorMessage [0] LDAPString OPTIONAL,
+ attribute [1] AttributeDescription OPTIONAL }
+
+ */
+
+ ber_printf( ber, "{i}", rs->sr_err );
+ if ( ber_flatten2( ber, &ctrlval, 0 ) == -1 ) {
+ ber_free_buf( ber );
+ if ( op->o_dupent == SLAP_CONTROL_CRITICAL ) {
+ return LDAP_CONSTRAINT_VIOLATION;
+ }
+ return SLAP_CB_CONTINUE;
+ }
+
+ ctrl = op->o_tmpcalloc( 1,
+ sizeof( LDAPControl ) + ctrlval.bv_len + 1,
+ op->o_tmpmemctx );
+ ctrl->ldctl_value.bv_val = (char *)&ctrl[ 1 ];
+ ctrl->ldctl_oid = LDAP_CONTROL_DUPENT_RESPONSE;
+ ctrl->ldctl_iscritical = 0;
+ ctrl->ldctl_value.bv_len = ctrlval.bv_len;
+ AC_MEMCPY( ctrl->ldctl_value.bv_val, ctrlval.bv_val, ctrlval.bv_len );
+ ctrl->ldctl_value.bv_val[ ctrl->ldctl_value.bv_len ] = '\0';
+
+ ber_free_buf( ber );
+
+ ctrlsp[0] = ctrl;
+ ctrlsp[1] = NULL;
+ slap_add_ctrls( op, rs, ctrlsp );
+
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+dupent_response_entry_1level(
+ Operation *op,
+ SlapReply *rs,
+ Entry *e,
+ valnum_t *valnum,
+ int nattrs,
+ int level )
+{
+ int i, rc = LDAP_SUCCESS;
+
+ for ( i = 0; i < valnum[level].ap->a_numvals; i++ ) {
+ LDAPControl *ctrl = NULL, *ctrlsp[2];
+
+ valnum[level].a.a_vals[0] = valnum[level].ap->a_vals[i];
+ if ( valnum[level].ap->a_nvals != valnum[level].ap->a_vals ) {
+ valnum[level].a.a_nvals[0] = valnum[level].ap->a_nvals[i];
+ }
+
+ if ( level < nattrs - 1 ) {
+ rc = dupent_response_entry_1level( op, rs,
+ e, valnum, nattrs, level + 1 );
+ if ( rc != LDAP_SUCCESS ) {
+ break;
+ }
+
+ continue;
+ }
+
+ /* NOTE: add the control all times, under the assumption
+ * send_search_entry() honors the REP_CTRLS_MUSTBEFREED
+ * set by slap_add_ctrls(); this is not true (ITS#6629)
+ */
+ ctrl = op->o_tmpcalloc( 1, sizeof( LDAPControl ), op->o_tmpmemctx );
+ ctrl->ldctl_oid = LDAP_CONTROL_DUPENT_ENTRY;
+ ctrl->ldctl_iscritical = 0;
+
+ ctrlsp[0] = ctrl;
+ ctrlsp[1] = NULL;
+ slap_add_ctrls( op, rs, ctrlsp );
+
+ /* do the real send */
+ rs->sr_entry = e;
+ rc = send_search_entry( op, rs );
+ if ( rc != LDAP_SUCCESS ) {
+ break;
+ }
+ }
+
+ return rc;
+}
+
+static void
+dupent_attr_prepare( dupent_t *ds, Entry *e, valnum_t *valnum, int nattrs, int c, Attribute **app, Attribute **ap_listp )
+{
+ valnum[c].ap = *app;
+ *app = (*app)->a_next;
+
+ valnum[c].ap->a_next = *ap_listp;
+ *ap_listp = valnum[c].ap;
+
+ valnum[c].a = *valnum[c].ap;
+ if ( c < nattrs - 1 ) {
+ valnum[c].a.a_next = &valnum[c + 1].a;
+ } else {
+ valnum[c].a.a_next = NULL;
+ }
+ valnum[c].a.a_numvals = 1;
+ valnum[c].a.a_vals = valnum[c].vals;
+ BER_BVZERO( &valnum[c].vals[1] );
+ if ( valnum[c].ap->a_nvals != valnum[c].ap->a_vals ) {
+ valnum[c].a.a_nvals = valnum[c].nvals;
+ BER_BVZERO( &valnum[c].nvals[1] );
+ } else {
+ valnum[c].a.a_nvals = valnum[c].a.a_vals;
+ }
+}
+
+static int
+dupent_response_entry( Operation *op, SlapReply *rs )
+{
+ dupent_cb_t *dc = (dupent_cb_t *)op->o_callback->sc_private;
+ int nattrs = 0;
+ valnum_t *valnum = NULL;
+ Attribute **app, *ap_list = NULL;
+ int i, c;
+ Entry *e = NULL;
+ int rc;
+
+ assert( rs->sr_type == REP_SEARCH );
+
+ for ( i = 0; i < dc->dc_ds->ds_nattrs; i++ ) {
+ Attribute *ap;
+
+ ap = attr_find( rs->sr_entry->e_attrs,
+ dc->dc_ds->ds_an[ i ].an_desc );
+ if ( ap && ap->a_numvals > 1 ) {
+ nattrs++;
+ }
+ }
+
+ if ( dc->dc_ds->ds_flags & SLAP_USERATTRS_YES ) {
+ Attribute *ap;
+
+ for ( ap = rs->sr_entry->e_attrs; ap != NULL; ap = ap->a_next ) {
+ if ( !is_at_operational( ap->a_desc->ad_type ) && ap->a_numvals > 1 ) {
+ nattrs++;
+ }
+ }
+ }
+
+ if ( !nattrs ) {
+ return SLAP_CB_CONTINUE;
+ }
+
+ rs_entry2modifiable( op, rs, dc->dc_on );
+ rs->sr_flags &= ~(REP_ENTRY_MODIFIABLE | REP_ENTRY_MUSTBEFREED);
+ e = rs->sr_entry;
+
+ valnum = op->o_tmpcalloc( sizeof(valnum_t), nattrs, op->o_tmpmemctx );
+
+ for ( c = 0, i = 0; i < dc->dc_ds->ds_nattrs; i++ ) {
+ for ( app = &e->e_attrs; *app != NULL; app = &(*app)->a_next ) {
+ if ( (*app)->a_desc == dc->dc_ds->ds_an[ i ].an_desc ) {
+ break;
+ }
+ }
+
+ if ( *app != NULL && (*app)->a_numvals > 1 ) {
+ assert( c < nattrs );
+ dupent_attr_prepare( dc->dc_ds, e, valnum, nattrs, c, app, &ap_list );
+ c++;
+ }
+ }
+
+ if ( dc->dc_ds->ds_flags & SLAP_USERATTRS_YES ) {
+ for ( app = &e->e_attrs; *app != NULL; app = &(*app)->a_next ) {
+ if ( !is_at_operational( (*app)->a_desc->ad_type ) && (*app)->a_numvals > 1 ) {
+ assert( c < nattrs );
+ dupent_attr_prepare( dc->dc_ds, e, valnum, nattrs, c, app, &ap_list );
+ c++;
+ }
+ }
+ }
+
+ for ( app = &e->e_attrs; *app != NULL; app = &(*app)->a_next )
+ /* goto tail */ ;
+
+ *app = &valnum[0].a;
+
+ /* NOTE: since send_search_entry() does not honor the
+ * REP_CTRLS_MUSTBEFREED flag set by slap_add_ctrls(),
+ * the control could be added here once for all (ITS#6629)
+ */
+
+ dc->dc_skip = 1;
+ rc = dupent_response_entry_1level( op, rs, e, valnum, nattrs, 0 );
+ dc->dc_skip = 0;
+
+ *app = ap_list;
+
+ entry_free( e );
+
+ op->o_tmpfree( valnum, op->o_tmpmemctx );
+
+ return rc;
+}
+
+static int
+dupent_response( Operation *op, SlapReply *rs )
+{
+ dupent_cb_t *dc = (dupent_cb_t *)op->o_callback->sc_private;
+
+ if ( dc->dc_skip ) {
+ return SLAP_CB_CONTINUE;
+ }
+
+ switch ( rs->sr_type ) {
+ case REP_RESULT:
+ return dupent_response_done( op, rs );
+
+ case REP_SEARCH:
+ return dupent_response_entry( op, rs );
+
+ case REP_SEARCHREF:
+ break;
+
+ default:
+ assert( 0 );
+ }
+
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+dupent_cleanup( Operation *op, SlapReply *rs )
+{
+ if ( rs->sr_type == REP_RESULT || rs->sr_err == SLAPD_ABANDON ) {
+ op->o_tmpfree( op->o_callback, op->o_tmpmemctx );
+ op->o_callback = NULL;
+
+ op->o_tmpfree( op->o_ctrldupent, op->o_tmpmemctx );
+ op->o_ctrldupent = NULL;
+ }
+
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+dupent_op_search( Operation *op, SlapReply *rs )
+{
+ if ( op->o_dupent != SLAP_CONTROL_NONE ) {
+ slap_callback *sc;
+ dupent_cb_t *dc;
+
+ sc = op->o_tmpcalloc( 1, sizeof( slap_callback ) + sizeof( dupent_cb_t ), op->o_tmpmemctx );
+
+ dc = (dupent_cb_t *)&sc[ 1 ];
+ dc->dc_on = (slap_overinst *)op->o_bd->bd_info;
+ dc->dc_ds = (dupent_t *)op->o_ctrldupent;
+ dc->dc_skip = 0;
+
+ sc->sc_response = dupent_response;
+ sc->sc_cleanup = dupent_cleanup;
+ sc->sc_private = (void *)dc;
+
+ sc->sc_next = op->o_callback->sc_next;
+ op->o_callback->sc_next = sc;
+ }
+
+ return SLAP_CB_CONTINUE;
+}
+
+#if SLAPD_OVER_DUPENT == SLAPD_MOD_DYNAMIC
+static
+#endif /* SLAPD_OVER_DUPENT == SLAPD_MOD_DYNAMIC */
+int
+dupent_initialize( void )
+{
+ int rc;
+
+ rc = register_supported_control( LDAP_CONTROL_DUPENT,
+ SLAP_CTRL_SEARCH, NULL,
+ dupent_parseCtrl, &dupent_cid );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "dupent_initialize: Failed to register control (%d)\n",
+ rc, 0, 0 );
+ return -1;
+ }
+
+ dupent.on_bi.bi_type = "dupent";
+
+ dupent.on_bi.bi_op_search = dupent_op_search;
+
+ return overlay_register( &dupent );
+}
+
+#if SLAPD_OVER_DUPENT == SLAPD_MOD_DYNAMIC
+int
+init_module( int argc, char *argv[] )
+{
+ return dupent_initialize();
+}
+#endif /* SLAPD_OVER_DUPENT == SLAPD_MOD_DYNAMIC */
+
+#endif /* SLAPD_OVER_DUPENT */