1 /* $NetBSD: collect.c,v 1.3 2021/08/14 16:15:02 christos Exp $ */ 2 3 /* collect.c - Demonstration of overlay code */ 4 /* $OpenLDAP$ */ 5 /* This work is part of OpenLDAP Software <http://www.openldap.org/>. 6 * 7 * Copyright 2003-2021 The OpenLDAP Foundation. 8 * Portions Copyright 2003 Howard Chu. 9 * All rights reserved. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted only as authorized by the OpenLDAP 13 * Public License. 14 * 15 * A copy of this license is available in the file LICENSE in the 16 * top-level directory of the distribution or, alternatively, at 17 * <http://www.OpenLDAP.org/license.html>. 18 */ 19 /* ACKNOWLEDGEMENTS: 20 * This work was initially developed by the Howard Chu for inclusion 21 * in OpenLDAP Software. 22 */ 23 24 #include <sys/cdefs.h> 25 __RCSID("$NetBSD: collect.c,v 1.3 2021/08/14 16:15:02 christos Exp $"); 26 27 #include "portable.h" 28 29 #ifdef SLAPD_OVER_COLLECT 30 31 #include <stdio.h> 32 33 #include <ac/string.h> 34 #include <ac/socket.h> 35 36 #include "slap.h" 37 #include "slap-config.h" 38 39 #include "lutil.h" 40 41 /* This is a cheap hack to implement a collective attribute. 42 * 43 * This demonstration overlay looks for a specified attribute in an 44 * ancestor of a given entry and adds that attribute to the given 45 * entry when it is returned in a search response. It takes no effect 46 * for any other operations. If the ancestor does not exist, there 47 * is no effect. If no attribute was configured, there is no effect. 48 */ 49 50 typedef struct collect_info { 51 struct collect_info *ci_next; 52 struct berval ci_dn; 53 int ci_ad_num; 54 AttributeDescription *ci_ad[1]; 55 } collect_info; 56 57 static int collect_cf( ConfigArgs *c ); 58 59 static ConfigTable collectcfg[] = { 60 { "collectinfo", "dn> <attribute", 3, 3, 0, 61 ARG_MAGIC, collect_cf, 62 "( OLcfgOvAt:19.1 NAME 'olcCollectInfo' " 63 "DESC 'DN of entry and attribute to distribute' " 64 "EQUALITY caseIgnoreMatch " 65 "SYNTAX OMsDirectoryString )", NULL, NULL }, 66 { NULL, NULL, 0, 0, 0, ARG_IGNORED } 67 }; 68 69 static ConfigOCs collectocs[] = { 70 { "( OLcfgOvOc:19.1 " 71 "NAME 'olcCollectConfig' " 72 "DESC 'Collective Attribute configuration' " 73 "SUP olcOverlayConfig " 74 "MAY olcCollectInfo )", 75 Cft_Overlay, collectcfg }, 76 { NULL, 0, NULL } 77 }; 78 79 /* 80 * inserts a collect_info into on->on_bi.bi_private taking into account 81 * order. this means longer dn's (i.e. more specific dn's) will be found 82 * first when searching, allowing some limited overlap of dn's 83 */ 84 static void 85 insert_ordered( slap_overinst *on, collect_info *ci ) { 86 collect_info *find = on->on_bi.bi_private; 87 collect_info *prev = NULL; 88 int found = 0; 89 90 while (!found) { 91 if (find == NULL) { 92 if (prev == NULL) { 93 /* base case - empty list */ 94 on->on_bi.bi_private = ci; 95 ci->ci_next = NULL; 96 } else { 97 /* final case - end of list */ 98 prev->ci_next = ci; 99 ci->ci_next = NULL; 100 } 101 found = 1; 102 } else if (find->ci_dn.bv_len < ci->ci_dn.bv_len) { 103 /* insert into list here */ 104 if (prev == NULL) { 105 /* entry is head of list */ 106 ci->ci_next = on->on_bi.bi_private; 107 on->on_bi.bi_private = ci; 108 } else { 109 /* entry is not head of list */ 110 prev->ci_next = ci; 111 ci->ci_next = find; 112 } 113 found = 1; 114 } else { 115 /* keep looking */ 116 prev = find; 117 find = find->ci_next; 118 } 119 } 120 } 121 122 static int 123 collect_cf( ConfigArgs *c ) 124 { 125 slap_overinst *on = (slap_overinst *)c->bi; 126 int rc = 1, idx; 127 128 switch( c->op ) { 129 case SLAP_CONFIG_EMIT: 130 { 131 collect_info *ci; 132 for ( ci = on->on_bi.bi_private; ci; ci = ci->ci_next ) { 133 struct berval bv; 134 char *ptr; 135 int len; 136 137 /* calculate the length & malloc memory */ 138 bv.bv_len = ci->ci_dn.bv_len + STRLENOF("\"\" "); 139 for (idx=0; idx<ci->ci_ad_num; idx++) { 140 bv.bv_len += ci->ci_ad[idx]->ad_cname.bv_len; 141 if (idx<(ci->ci_ad_num-1)) { 142 bv.bv_len++; 143 } 144 } 145 bv.bv_val = ch_malloc( bv.bv_len + 1 ); 146 147 /* copy the value and update len */ 148 len = snprintf( bv.bv_val, bv.bv_len + 1, "\"%s\" ", 149 ci->ci_dn.bv_val); 150 ptr = bv.bv_val + len; 151 for (idx=0; idx<ci->ci_ad_num; idx++) { 152 ptr = lutil_strncopy( ptr, 153 ci->ci_ad[idx]->ad_cname.bv_val, 154 ci->ci_ad[idx]->ad_cname.bv_len); 155 if (idx<(ci->ci_ad_num-1)) { 156 *ptr++ = ','; 157 } 158 } 159 *ptr = '\0'; 160 bv.bv_len = ptr - bv.bv_val; 161 162 ber_bvarray_add( &c->rvalue_vals, &bv ); 163 rc = 0; 164 } 165 } 166 break; 167 case LDAP_MOD_DELETE: 168 if ( c->valx == -1 ) { 169 /* Delete entire attribute */ 170 collect_info *ci; 171 while (( ci = on->on_bi.bi_private )) { 172 on->on_bi.bi_private = ci->ci_next; 173 ch_free( ci->ci_dn.bv_val ); 174 ch_free( ci ); 175 } 176 } else { 177 /* Delete just one value */ 178 collect_info **cip, *ci; 179 int i; 180 cip = (collect_info **)&on->on_bi.bi_private; 181 ci = *cip; 182 for ( i=0; i < c->valx; i++ ) { 183 cip = &ci->ci_next; 184 ci = *cip; 185 } 186 *cip = ci->ci_next; 187 ch_free( ci->ci_dn.bv_val ); 188 ch_free( ci ); 189 } 190 rc = 0; 191 break; 192 case SLAP_CONFIG_ADD: 193 case LDAP_MOD_ADD: 194 { 195 collect_info *ci; 196 struct berval bv, dn; 197 const char *text; 198 int idx, count=0; 199 char *arg; 200 201 /* count delimiters in attribute argument */ 202 arg = strtok(c->argv[2], ","); 203 while (arg!=NULL) { 204 count++; 205 arg = strtok(NULL, ","); 206 } 207 208 /* validate and normalize dn */ 209 ber_str2bv( c->argv[1], 0, 0, &bv ); 210 if ( dnNormalize( 0, NULL, NULL, &bv, &dn, NULL ) ) { 211 snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s invalid DN: \"%s\"", 212 c->argv[0], c->argv[1] ); 213 Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, 214 "%s: %s\n", c->log, c->cr_msg ); 215 return ARG_BAD_CONF; 216 } 217 218 /* check for duplicate DNs */ 219 for ( ci = (collect_info *)on->on_bi.bi_private; ci; 220 ci = ci->ci_next ) { 221 /* If new DN is longest, there are no possible matches */ 222 if ( dn.bv_len > ci->ci_dn.bv_len ) { 223 ci = NULL; 224 break; 225 } 226 if ( bvmatch( &dn, &ci->ci_dn )) { 227 break; 228 } 229 } 230 if ( ci ) { 231 snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s DN already configured: \"%s\"", 232 c->argv[0], c->argv[1] ); 233 Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, 234 "%s: %s\n", c->log, c->cr_msg ); 235 return ARG_BAD_CONF; 236 } 237 238 /* allocate config info with room for attribute array */ 239 ci = ch_malloc( sizeof( collect_info ) + 240 sizeof( AttributeDescription * ) * count ); 241 242 /* load attribute description for attribute list */ 243 arg = c->argv[2]; 244 for( idx=0; idx<count; idx++) { 245 ci->ci_ad[idx] = NULL; 246 247 if ( slap_str2ad( arg, &ci->ci_ad[idx], &text ) ) { 248 snprintf( c->cr_msg, sizeof( c->cr_msg ), 249 "%s attribute description unknown: \"%s\"", 250 c->argv[0], arg); 251 Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, 252 "%s: %s\n", c->log, c->cr_msg ); 253 ch_free( ci ); 254 return ARG_BAD_CONF; 255 } 256 while(*arg!='\0') { 257 arg++; /* skip to end of argument */ 258 } 259 if (idx<count-1) { 260 arg++; /* skip inner delimiters */ 261 } 262 } 263 264 /* The on->on_bi.bi_private pointer can be used for 265 * anything this instance of the overlay needs. 266 */ 267 ci->ci_ad[count] = NULL; 268 ci->ci_ad_num = count; 269 ci->ci_dn = dn; 270 271 /* creates list of ci's ordered by dn length */ 272 insert_ordered ( on, ci ); 273 274 /* New ci wasn't simply appended to end, adjust its 275 * position in the config entry's a_vals 276 */ 277 if ( c->ca_entry && ci->ci_next ) { 278 Attribute *a = attr_find( c->ca_entry->e_attrs, 279 collectcfg[0].ad ); 280 if ( a ) { 281 struct berval bv, nbv; 282 collect_info *c2 = (collect_info *)on->on_bi.bi_private; 283 int i, j; 284 for ( i=0; c2 != ci; i++, c2 = c2->ci_next ); 285 bv = a->a_vals[a->a_numvals-1]; 286 nbv = a->a_nvals[a->a_numvals-1]; 287 for ( j=a->a_numvals-1; j>i; j-- ) { 288 a->a_vals[j] = a->a_vals[j-1]; 289 a->a_nvals[j] = a->a_nvals[j-1]; 290 } 291 a->a_vals[j] = bv; 292 a->a_nvals[j] = nbv; 293 } 294 } 295 296 rc = 0; 297 } 298 } 299 return rc; 300 } 301 302 static int 303 collect_destroy( 304 BackendDB *be, 305 ConfigReply *cr 306 ) 307 { 308 slap_overinst *on = (slap_overinst *)be->bd_info; 309 collect_info *ci; 310 311 while (( ci = on->on_bi.bi_private )) { 312 on->on_bi.bi_private = ci->ci_next; 313 ch_free( ci->ci_dn.bv_val ); 314 ch_free( ci ); 315 } 316 return 0; 317 } 318 319 static int 320 collect_modify( Operation *op, SlapReply *rs) 321 { 322 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; 323 collect_info *ci = on->on_bi.bi_private; 324 Modifications *ml; 325 char errMsg[100]; 326 int idx; 327 328 for ( ml = op->orm_modlist; ml != NULL; ml = ml->sml_next) { 329 for (; ci; ci=ci->ci_next ) { 330 /* Is this entry an ancestor of this collectinfo ? */ 331 if (!dnIsSuffix(&op->o_req_ndn, &ci->ci_dn)) { 332 /* this collectinfo does not match */ 333 continue; 334 } 335 336 /* Is this entry the same as the template DN ? */ 337 if ( dn_match(&op->o_req_ndn, &ci->ci_dn)) { 338 /* all changes in this ci are allowed */ 339 continue; 340 } 341 342 /* check for collect attributes - disallow modify if present */ 343 for(idx=0; idx<ci->ci_ad_num; idx++) { 344 if (ml->sml_desc == ci->ci_ad[idx]) { 345 rs->sr_err = LDAP_UNWILLING_TO_PERFORM; 346 snprintf( errMsg, sizeof( errMsg ), 347 "cannot change virtual attribute '%s'", 348 ci->ci_ad[idx]->ad_cname.bv_val); 349 rs->sr_text = errMsg; 350 send_ldap_result( op, rs ); 351 return rs->sr_err; 352 } 353 } 354 } 355 356 } 357 358 return SLAP_CB_CONTINUE; 359 } 360 361 static int 362 collect_response( Operation *op, SlapReply *rs ) 363 { 364 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; 365 collect_info *ci = on->on_bi.bi_private; 366 367 /* If we've been configured and the current response is 368 * a search entry 369 */ 370 if ( ci && rs->sr_type == REP_SEARCH ) { 371 int rc; 372 373 op->o_bd->bd_info = (BackendInfo *)on->on_info; 374 375 for (; ci; ci=ci->ci_next ) { 376 int idx=0; 377 378 /* Is this entry an ancestor of this collectinfo ? */ 379 if (!dnIsSuffix(&rs->sr_entry->e_nname, &ci->ci_dn)) { 380 /* collectinfo does not match */ 381 continue; 382 } 383 384 /* Is this entry the same as the template DN ? */ 385 if ( dn_match(&rs->sr_entry->e_nname, &ci->ci_dn)) { 386 /* dont apply change to parent */ 387 continue; 388 } 389 390 /* The current entry may live in a cache, so 391 * don't modify it directly. Make a copy and 392 * work with that instead. 393 */ 394 rs_entry2modifiable( op, rs, on ); 395 396 /* Loop for each attribute in this collectinfo */ 397 for(idx=0; idx<ci->ci_ad_num; idx++) { 398 BerVarray vals = NULL; 399 400 /* Extract the values of the desired attribute from 401 * the ancestor entry */ 402 rc = backend_attribute( op, NULL, &ci->ci_dn, 403 ci->ci_ad[idx], &vals, ACL_READ ); 404 405 /* If there are any values, merge them into the 406 * current search result 407 */ 408 if ( vals ) { 409 attr_merge_normalize( rs->sr_entry, ci->ci_ad[idx], 410 vals, op->o_tmpmemctx ); 411 ber_bvarray_free_x( vals, op->o_tmpmemctx ); 412 } 413 } 414 } 415 } 416 417 /* Default is to just fall through to the normal processing */ 418 return SLAP_CB_CONTINUE; 419 } 420 421 static slap_overinst collect; 422 423 int collect_initialize() { 424 int code; 425 426 collect.on_bi.bi_type = "collect"; 427 collect.on_bi.bi_flags = SLAPO_BFLAG_SINGLE; 428 collect.on_bi.bi_db_destroy = collect_destroy; 429 collect.on_bi.bi_op_modify = collect_modify; 430 collect.on_response = collect_response; 431 432 collect.on_bi.bi_cf_ocs = collectocs; 433 code = config_register_schema( collectcfg, collectocs ); 434 if ( code ) return code; 435 436 return overlay_register( &collect ); 437 } 438 439 #if SLAPD_OVER_COLLECT == SLAPD_MOD_DYNAMIC 440 int init_module(int argc, char *argv[]) { 441 return collect_initialize(); 442 } 443 #endif 444 445 #endif /* SLAPD_OVER_COLLECT */ 446