Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7639/ldap/servers/slapd
Modified Files:
filter.c plugin_internal_op.c slapi-private.h str2filter.c
Log Message:
Resolves: 220532
Summary: Add access to RUV by users other than "cn=Directory Manager".
Index: filter.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/filter.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- filter.c 15 Oct 2008 06:30:04 -0000 1.11
+++ filter.c 26 Nov 2008 22:42:12 -0000 1.12
@@ -54,14 +54,15 @@
static int
get_filter_list( Connection *conn, BerElement *ber,
struct slapi_filter **f, char **fstr, int maxdepth, int curdepth,
- int *subentry_dont_rewrite, int *has_tombstone_filter);
+ int *subentry_dont_rewrite, int *has_tombstone_filter, int *has_ruv_filter);
static int get_substring_filter();
static int get_extensible_filter( BerElement *ber, mr_filter_t* );
static int get_filter_internal( Connection *conn, BerElement *ber,
struct slapi_filter **filt, char **fstr, int maxdepth, int curdepth,
- int *subentry_dont_rewrite, int *has_tombstone_filter);
+ int *subentry_dont_rewrite, int *has_tombstone_filter, int *has_ruv_filter);
static int tombstone_check_filter(Slapi_Filter *f);
+static int ruv_check_filter(Slapi_Filter *f);
static void filter_optimize(Slapi_Filter *f);
@@ -83,20 +84,23 @@
{
int subentry_dont_rewrite = 0; /* Re-write unless we're told not to */
int has_tombstone_filter = 0; /* Check if nsTombstone appears */
+ int has_ruv_filter = 0; /* Check if searching for RUV */
int return_value = 0;
char *logbuf = NULL;
size_t logbufsize = 0;
return_value = get_filter_internal(conn, ber, filt, fstr,
config_get_max_filter_nest_level(), /* maximum depth */
- 0, /* current depth */
- &subentry_dont_rewrite, &has_tombstone_filter);
+ 0, /* current depth */ &subentry_dont_rewrite,
+ &has_tombstone_filter, &has_ruv_filter);
if (0 == return_value) { /* Don't try to re-write if there was an error */
if (subentry_dont_rewrite || scope == LDAP_SCOPE_BASE)
(*filt)->f_flags |= SLAPI_FILTER_LDAPSUBENTRY;
if (has_tombstone_filter)
(*filt)->f_flags |= SLAPI_FILTER_TOMBSTONE;
+ if (has_ruv_filter)
+ (*filt)->f_flags |= SLAPI_FILTER_RUV;
}
if (LDAPDebugLevelIsSet( LDAP_DEBUG_FILTER ) && *filt != NULL
@@ -175,7 +179,7 @@
static int
get_filter_internal( Connection *conn, BerElement *ber,
struct slapi_filter **filt, char **fstr, int maxdepth, int curdepth,
- int *subentry_dont_rewrite, int *has_tombstone_filter )
+ int *subentry_dont_rewrite, int *has_tombstone_filter, int *has_ruv_filter )
{
ber_len_t len;
int err;
@@ -272,6 +276,18 @@
*has_tombstone_filter = tombstone_check_filter(f);
}
}
+
+ if ( 0 == strcasecmp ( f->f_avtype, "nsuniqueid")) {
+ /*
+ * Check if it's a RUV filter.
+ * We need to do it once per filter, so if flag is already set,
+ * don't bother doing it
+ */
+ if (!(*has_ruv_filter)) {
+ *has_ruv_filter = ruv_check_filter(f);
+ }
+ }
+
*fstr=filter_escape_filter_value(f, FILTER_EQ_FMT, FILTER_EQ_LEN);
}
break;
@@ -342,7 +358,8 @@
case LDAP_FILTER_AND:
LDAPDebug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 );
if ( (err = get_filter_list( conn, ber, &f->f_and, &ftmp, maxdepth,
- curdepth, subentry_dont_rewrite, has_tombstone_filter ))
+ curdepth, subentry_dont_rewrite,
+ has_tombstone_filter, has_ruv_filter ))
== 0 ) {
filter_compute_hash(f);
*fstr = slapi_ch_smprintf( "(&%s)", ftmp );
@@ -353,7 +370,8 @@
case LDAP_FILTER_OR:
LDAPDebug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 );
if ( (err = get_filter_list( conn, ber, &f->f_or, &ftmp, maxdepth,
- curdepth, subentry_dont_rewrite, has_tombstone_filter ))
+ curdepth, subentry_dont_rewrite,
+ has_tombstone_filter, has_ruv_filter ))
== 0 ) {
filter_compute_hash(f);
*fstr = slapi_ch_smprintf( "(|%s)", ftmp );
@@ -365,7 +383,8 @@
LDAPDebug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 );
(void) ber_skip_tag( ber, &len );
if ( (err = get_filter_internal( conn, ber, &f->f_not, &ftmp, maxdepth,
- curdepth, subentry_dont_rewrite, has_tombstone_filter ))
+ curdepth, subentry_dont_rewrite,
+ has_tombstone_filter, has_ruv_filter ))
== 0 ) {
filter_compute_hash(f);
*fstr = slapi_ch_smprintf( "(!%s)", ftmp );
@@ -394,7 +413,7 @@
get_filter_list( Connection *conn, BerElement *ber,
struct slapi_filter **f, char **fstr, int maxdepth,
int curdepth, int *subentry_dont_rewrite,
- int *has_tombstone_filter)
+ int *has_tombstone_filter, int* has_ruv_filter)
{
struct slapi_filter **new;
int err;
@@ -411,7 +430,8 @@
tag = ber_next_element( ber, &len, last ) ) {
char *ftmp;
if ( (err = get_filter_internal( conn, ber, new, &ftmp, maxdepth,
- curdepth, subentry_dont_rewrite, has_tombstone_filter))
+ curdepth, subentry_dont_rewrite,
+ has_tombstone_filter, has_ruv_filter))
!= 0 ) {
if ( *fstr != NULL ) {
slapi_ch_free((void**)fstr );
@@ -1450,6 +1470,17 @@
return 0; /* Not nsTombstone filter */
}
+
+static int
+ruv_check_filter(Slapi_Filter *f)
+{
+ if ( 0 == strcasecmp ( f->f_avvalue.bv_val,
"ffffffff-ffffffff-ffffffff-ffffffff")) {
+ return 1; /* Contains a RUV filter */
+ }
+ return 0; /* Not a RUV filter */
+}
+
+
/* filter_optimize
* ---------------
* takes a filter and optimizes it for fast evaluation
Index: plugin_internal_op.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/plugin_internal_op.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- plugin_internal_op.c 17 Oct 2008 22:12:47 -0000 1.11
+++ plugin_internal_op.c 26 Nov 2008 22:42:12 -0000 1.12
@@ -720,7 +720,11 @@
op->o_search_referral_handler = internal_ref_entry_callback;
filter = slapi_str2filter(ifstr ? (fstr = slapi_ch_strdup(ifstr)) : NULL);
- if(scope == LDAP_SCOPE_BASE) filter->f_flags |= (SLAPI_FILTER_LDAPSUBENTRY |
SLAPI_FILTER_TOMBSTONE);
+ if(scope == LDAP_SCOPE_BASE) {
+ filter->f_flags |= (SLAPI_FILTER_LDAPSUBENTRY |
+ SLAPI_FILTER_TOMBSTONE | SLAPI_FILTER_RUV);
+ }
+
if (NULL == filter)
{
send_ldap_result(pb, LDAP_FILTER_ERROR, NULL, NULL, 0, NULL);
Index: slapi-private.h
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/slapi-private.h,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -r1.29 -r1.30
--- slapi-private.h 5 Nov 2008 18:21:06 -0000 1.29
+++ slapi-private.h 26 Nov 2008 22:42:12 -0000 1.30
@@ -68,6 +68,7 @@
/* filter */
#define SLAPI_FILTER_LDAPSUBENTRY 1
#define SLAPI_FILTER_TOMBSTONE 2
+#define SLAPI_FILTER_RUV 4
#define SLAPI_ENTRY_LDAPSUBENTRY 2
/*
Index: str2filter.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/str2filter.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- str2filter.c 10 Nov 2006 23:45:40 -0000 1.6
+++ str2filter.c 26 Nov 2008 22:42:12 -0000 1.7
@@ -162,6 +162,7 @@
str = next;
f->f_flags |= ((*fp)->f_flags & SLAPI_FILTER_LDAPSUBENTRY);
f->f_flags |= ((*fp)->f_flags & SLAPI_FILTER_TOMBSTONE);
+ f->f_flags |= ((*fp)->f_flags & SLAPI_FILTER_RUV);
fp = &(*fp)->f_next;
}
*fp = NULL;
@@ -331,6 +332,13 @@
if (0 == strcasecmp (unqstr,SLAPI_ATTR_VALUE_TOMBSTONE))
f->f_flags |= SLAPI_FILTER_TOMBSTONE;
}
+
+ if((f->f_choice == LDAP_FILTER_EQUALITY) &&
+ (0 == strncasecmp (str,"nsuniqueid",strlen("nsuniqueid")))) {
+ if (0 == strcasecmp (unqstr, "ffffffff-ffffffff-ffffffff-ffffffff"))
+ f->f_flags |= SLAPI_FILTER_RUV;
+ }
+
} if ( !unescape_filter ) {
f->f_avtype = slapi_ch_strdup( str );
f->f_avvalue.bv_val = slapi_ch_strdup ( value );