From 64d457cee656100c10d9670d1635189219f7972d6c5295ae802c7493efac422a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Str=C3=B6der?= Date: Fri, 18 Aug 2017 16:59:51 +0000 Subject: [PATCH 1/6] OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=185 --- ...DED-operation-message-from-back-sock.patch | 227 ++++++++++++++++++ 1 file changed, 227 insertions(+) create mode 100644 0001-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch diff --git a/0001-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch b/0001-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch new file mode 100644 index 0000000..6c4f21c --- /dev/null +++ b/0001-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch @@ -0,0 +1,227 @@ +From 732c5646e0a03be8b58e52527b25742f0495807e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Michael=20Str=C3=B6der?= +Date: Fri, 18 Aug 2017 18:47:41 +0200 +Subject: [PATCH] ITS#8714 Send out EXTENDED operation message from back-sock + to external program + +--- + doc/man/man5/slapd-sock.5 | 19 +++++++++++- + servers/slapd/back-sock/Makefile.in | 4 +-- + servers/slapd/back-sock/config.c | 12 ++++++-- + servers/slapd/back-sock/extended.c | 58 ++++++++++++++++++++++++++++++++++++ + servers/slapd/back-sock/init.c | 2 +- + servers/slapd/back-sock/proto-sock.h | 2 ++ + 6 files changed, 91 insertions(+), 6 deletions(-) + create mode 100644 servers/slapd/back-sock/extended.c + +diff --git a/doc/man/man5/slapd-sock.5 b/doc/man/man5/slapd-sock.5 +index 1ac4f7fdd..0c4fc3fdd 100644 +--- a/doc/man/man5/slapd-sock.5 ++++ b/doc/man/man5/slapd-sock.5 +@@ -49,7 +49,7 @@ be sent and from which replies are received. + + When used as an overlay, these additional directives are defined: + .TP +-.B sockops [ bind | unbind | search | compare | modify | modrdn | add | delete ]* ++.B sockops [ bind | unbind | search | compare | modify | modrdn | add | delete | extended ]* + Specify which request types to send to the external program. The default is + empty (no requests are sent). + .TP +@@ -115,6 +115,18 @@ dn: + .PP + .RS + .nf ++EXTENDED ++msgid: ++ }> ++oid: ++valuelen: > ++value: ++ ++.fi ++.RE ++.PP ++.RS ++.nf + MODIFY + msgid: + }> +@@ -292,6 +304,11 @@ access to the + pseudo_attribute of the searchBase; + .B search (=s) + access to the attributes and values used in the filter is not checked. ++.LP ++The ++.B extended ++operation does not require any access special rights. ++The external program has to implement any sort of access control. + + .SH EXAMPLE + There is an example script in the slapd/back\-sock/ directory +diff --git a/servers/slapd/back-sock/Makefile.in b/servers/slapd/back-sock/Makefile.in +index 3e527e545..efb916246 100644 +--- a/servers/slapd/back-sock/Makefile.in ++++ b/servers/slapd/back-sock/Makefile.in +@@ -18,9 +18,9 @@ + ## in OpenLDAP Software. + + SRCS = init.c config.c opensock.c search.c bind.c unbind.c add.c \ +- delete.c modify.c modrdn.c compare.c result.c ++ delete.c modify.c modrdn.c compare.c result.c extended.c + OBJS = init.lo config.lo opensock.lo search.lo bind.lo unbind.lo add.lo \ +- delete.lo modify.lo modrdn.lo compare.lo result.lo ++ delete.lo modify.lo modrdn.lo compare.lo result.lo extended.lo + + LDAP_INCDIR= ../../../include + LDAP_LIBDIR= ../../../libraries +diff --git a/servers/slapd/back-sock/config.c b/servers/slapd/back-sock/config.c +index dc3f1365c..2dcf68bf6 100644 +--- a/servers/slapd/back-sock/config.c ++++ b/servers/slapd/back-sock/config.c +@@ -106,6 +106,7 @@ static ConfigOCs osocs[] = { + #define SOCK_OP_MODRDN 0x020 + #define SOCK_OP_ADD 0x040 + #define SOCK_OP_DELETE 0x080 ++#define SOCK_OP_EXTENDED 0x100 + + #define SOCK_REP_RESULT 0x001 + #define SOCK_REP_SEARCH 0x002 +@@ -127,6 +128,7 @@ static slap_verbmasks ov_ops[] = { + { BER_BVC("modrdn"), SOCK_OP_MODRDN }, + { BER_BVC("add"), SOCK_OP_ADD }, + { BER_BVC("delete"), SOCK_OP_DELETE }, ++ { BER_BVC("extended"), SOCK_OP_EXTENDED }, + { BER_BVNULL, 0 } + }; + +@@ -249,7 +251,9 @@ static BI_op_bind *sockfuncs[] = { + sock_back_modify, + sock_back_modrdn, + sock_back_add, +- sock_back_delete ++ sock_back_delete, ++ 0, /* abandon not supported */ ++ sock_back_extended + }; + + static const int sockopflags[] = { +@@ -260,7 +264,9 @@ static const int sockopflags[] = { + SOCK_OP_MODIFY, + SOCK_OP_MODRDN, + SOCK_OP_ADD, +- SOCK_OP_DELETE ++ SOCK_OP_DELETE, ++ 0, /* abandon not supported */ ++ SOCK_OP_EXTENDED + }; + + static int sock_over_op( +@@ -283,6 +289,7 @@ static int sock_over_op( + case LDAP_REQ_MODRDN: which = op_modrdn; break; + case LDAP_REQ_ADD: which = op_add; break; + case LDAP_REQ_DELETE: which = op_delete; break; ++ case LDAP_REQ_EXTENDED: which = op_extended; break; + default: + return SLAP_CB_CONTINUE; + } +@@ -365,6 +372,7 @@ sock_over_setup() + sockover.on_bi.bi_op_modrdn = sock_over_op; + sockover.on_bi.bi_op_add = sock_over_op; + sockover.on_bi.bi_op_delete = sock_over_op; ++ sockover.on_bi.bi_extended = sock_over_op; + sockover.on_response = sock_over_response; + + sockover.on_bi.bi_cf_ocs = osocs; +diff --git a/servers/slapd/back-sock/extended.c b/servers/slapd/back-sock/extended.c +new file mode 100644 +index 000000000..15493ea98 +--- /dev/null ++++ b/servers/slapd/back-sock/extended.c +@@ -0,0 +1,58 @@ ++/* extended.c - sock backend extended routines */ ++/* $OpenLDAP$ */ ++/* This work is part of OpenLDAP Software . ++ * ++ * Copyright 2000-2017 The OpenLDAP Foundation. ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted only as authorized by the OpenLDAP ++ * Public License. ++ * ++ * A copy of this license is available in the file LICENSE in the ++ * top-level directory of the distribution or, alternatively, at ++ * . ++ */ ++ ++#include "portable.h" ++ ++#include ++#include ++ ++#include "slap.h" ++#include "back-sock.h" ++ ++int ++sock_back_extended( Operation *op, SlapReply *rs ) ++{ ++ int rc; ++ struct sockinfo *si = (struct sockinfo *) op->o_bd->be_private; ++ FILE *fp; ++ ++ Debug( LDAP_DEBUG_ARGS, "==> sock_back_extended(%s)\n", ++ op->ore_reqoid.bv_val, op->o_req_dn.bv_val, 0 ); ++ ++ if ( (fp = opensock( si->si_sockpath )) == NULL ) { ++ send_ldap_error( op, rs, LDAP_OTHER, ++ "could not open socket" ); ++ return( -1 ); ++ } ++ ++ /* write out the request to the extended process */ ++ fprintf( fp, "EXTENDED\n" ); ++ fprintf( fp, "msgid: %ld\n", (long) op->o_msgid ); ++ sock_print_conn( fp, op->o_conn, si ); ++ sock_print_suffixes( fp, op->o_bd ); ++ fprintf( fp, "oid: %s\n", op->ore_reqoid.bv_val ); ++ if (op->ore_reqdata) { ++ fprintf( fp, "valuelen: %lu\n", op->ore_reqdata->bv_len ); ++ fprintf( fp, "value: %s\n", op->ore_reqdata->bv_val ); ++ } ++ fprintf( fp, "\n" ); ++ ++ /* read in the results and send them along */ ++ rc = sock_read_and_send_results( op, rs, fp ); ++ fclose( fp ); ++ ++ return( rc ); ++} +diff --git a/servers/slapd/back-sock/init.c b/servers/slapd/back-sock/init.c +index dcfe61a44..92e68782f 100644 +--- a/servers/slapd/back-sock/init.c ++++ b/servers/slapd/back-sock/init.c +@@ -53,7 +53,7 @@ sock_back_initialize( + bi->bi_op_delete = sock_back_delete; + bi->bi_op_abandon = 0; + +- bi->bi_extended = 0; ++ bi->bi_extended = sock_back_extended; + + bi->bi_chk_referrals = 0; + +diff --git a/servers/slapd/back-sock/proto-sock.h b/servers/slapd/back-sock/proto-sock.h +index fa02ab896..8b3b5f3ef 100644 +--- a/servers/slapd/back-sock/proto-sock.h ++++ b/servers/slapd/back-sock/proto-sock.h +@@ -40,6 +40,8 @@ extern BI_op_modrdn sock_back_modrdn; + extern BI_op_add sock_back_add; + extern BI_op_delete sock_back_delete; + ++extern BI_op_extended sock_back_extended; ++ + extern int sock_back_init_cf( BackendInfo *bi ); + + LDAP_END_DECL +-- +2.14.0 + From a9775cbf0c9af57a55e3c4188732999052cc6845dd5791fc784a76d35ac54686 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Str=C3=B6der?= Date: Fri, 18 Aug 2017 17:01:29 +0000 Subject: [PATCH 2/6] OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=186 --- openldap2.changes | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/openldap2.changes b/openldap2.changes index 14496ba..b2c77a8 100644 --- a/openldap2.changes +++ b/openldap2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Aug 18 17:00:54 UTC 2017 - michael@stroeder.com + +- Added OpenLDAP new feature implementing OpenLDAP ITS#8714 + 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch + ------------------------------------------------------------------- Thu Jul 20 14:19:47 UTC 2017 - michael@stroeder.com From 693c9daab4066584eb4a5fd87d086a70a4bb8c1f92fd65ac531049b423a6f4e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Str=C3=B6der?= Date: Fri, 18 Aug 2017 17:02:55 +0000 Subject: [PATCH 3/6] OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=187 --- openldap2.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/openldap2.spec b/openldap2.spec index 0f9c263..0349fc1 100644 --- a/openldap2.spec +++ b/openldap2.spec @@ -58,6 +58,7 @@ Patch8: 0008-In-monitor-backend-do-not-return-Connection0-entries.patch Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch Patch11: 0011-openldap-re24-its7796.patch Patch13: 0013-ITS-8692-let-back-sock-generate-increment-line.patch +Patch14: 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch Source200: %{name_ppolicy_check_module}-%{version_ppolicy_check_module}.tar.gz Source201: %{name_ppolicy_check_module}.Makefile Source202: %{name_ppolicy_check_module}.conf @@ -251,6 +252,7 @@ gzip -k %{S:203} %patch9 -p1 %patch11 -p1 %patch13 -p1 +%patch14 -p1 cp %{SOURCE5} . # Move ppolicy check module and its Makefile into openldap-2.4/contrib/slapd-modules/ From d3245c20a24007a876d3fb3e0ac555a353beafe2543e0a0d58ba694fca166f2f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Str=C3=B6der?= Date: Fri, 18 Aug 2017 17:03:04 +0000 Subject: [PATCH 4/6] OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=188 --- ...DED-operation-message-from-back-sock.patch | 227 ------------------ 1 file changed, 227 deletions(-) delete mode 100644 0001-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch diff --git a/0001-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch b/0001-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch deleted file mode 100644 index 6c4f21c..0000000 --- a/0001-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch +++ /dev/null @@ -1,227 +0,0 @@ -From 732c5646e0a03be8b58e52527b25742f0495807e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Michael=20Str=C3=B6der?= -Date: Fri, 18 Aug 2017 18:47:41 +0200 -Subject: [PATCH] ITS#8714 Send out EXTENDED operation message from back-sock - to external program - ---- - doc/man/man5/slapd-sock.5 | 19 +++++++++++- - servers/slapd/back-sock/Makefile.in | 4 +-- - servers/slapd/back-sock/config.c | 12 ++++++-- - servers/slapd/back-sock/extended.c | 58 ++++++++++++++++++++++++++++++++++++ - servers/slapd/back-sock/init.c | 2 +- - servers/slapd/back-sock/proto-sock.h | 2 ++ - 6 files changed, 91 insertions(+), 6 deletions(-) - create mode 100644 servers/slapd/back-sock/extended.c - -diff --git a/doc/man/man5/slapd-sock.5 b/doc/man/man5/slapd-sock.5 -index 1ac4f7fdd..0c4fc3fdd 100644 ---- a/doc/man/man5/slapd-sock.5 -+++ b/doc/man/man5/slapd-sock.5 -@@ -49,7 +49,7 @@ be sent and from which replies are received. - - When used as an overlay, these additional directives are defined: - .TP --.B sockops [ bind | unbind | search | compare | modify | modrdn | add | delete ]* -+.B sockops [ bind | unbind | search | compare | modify | modrdn | add | delete | extended ]* - Specify which request types to send to the external program. The default is - empty (no requests are sent). - .TP -@@ -115,6 +115,18 @@ dn: - .PP - .RS - .nf -+EXTENDED -+msgid: -+ }> -+oid: -+valuelen: > -+value: -+ -+.fi -+.RE -+.PP -+.RS -+.nf - MODIFY - msgid: - }> -@@ -292,6 +304,11 @@ access to the - pseudo_attribute of the searchBase; - .B search (=s) - access to the attributes and values used in the filter is not checked. -+.LP -+The -+.B extended -+operation does not require any access special rights. -+The external program has to implement any sort of access control. - - .SH EXAMPLE - There is an example script in the slapd/back\-sock/ directory -diff --git a/servers/slapd/back-sock/Makefile.in b/servers/slapd/back-sock/Makefile.in -index 3e527e545..efb916246 100644 ---- a/servers/slapd/back-sock/Makefile.in -+++ b/servers/slapd/back-sock/Makefile.in -@@ -18,9 +18,9 @@ - ## in OpenLDAP Software. - - SRCS = init.c config.c opensock.c search.c bind.c unbind.c add.c \ -- delete.c modify.c modrdn.c compare.c result.c -+ delete.c modify.c modrdn.c compare.c result.c extended.c - OBJS = init.lo config.lo opensock.lo search.lo bind.lo unbind.lo add.lo \ -- delete.lo modify.lo modrdn.lo compare.lo result.lo -+ delete.lo modify.lo modrdn.lo compare.lo result.lo extended.lo - - LDAP_INCDIR= ../../../include - LDAP_LIBDIR= ../../../libraries -diff --git a/servers/slapd/back-sock/config.c b/servers/slapd/back-sock/config.c -index dc3f1365c..2dcf68bf6 100644 ---- a/servers/slapd/back-sock/config.c -+++ b/servers/slapd/back-sock/config.c -@@ -106,6 +106,7 @@ static ConfigOCs osocs[] = { - #define SOCK_OP_MODRDN 0x020 - #define SOCK_OP_ADD 0x040 - #define SOCK_OP_DELETE 0x080 -+#define SOCK_OP_EXTENDED 0x100 - - #define SOCK_REP_RESULT 0x001 - #define SOCK_REP_SEARCH 0x002 -@@ -127,6 +128,7 @@ static slap_verbmasks ov_ops[] = { - { BER_BVC("modrdn"), SOCK_OP_MODRDN }, - { BER_BVC("add"), SOCK_OP_ADD }, - { BER_BVC("delete"), SOCK_OP_DELETE }, -+ { BER_BVC("extended"), SOCK_OP_EXTENDED }, - { BER_BVNULL, 0 } - }; - -@@ -249,7 +251,9 @@ static BI_op_bind *sockfuncs[] = { - sock_back_modify, - sock_back_modrdn, - sock_back_add, -- sock_back_delete -+ sock_back_delete, -+ 0, /* abandon not supported */ -+ sock_back_extended - }; - - static const int sockopflags[] = { -@@ -260,7 +264,9 @@ static const int sockopflags[] = { - SOCK_OP_MODIFY, - SOCK_OP_MODRDN, - SOCK_OP_ADD, -- SOCK_OP_DELETE -+ SOCK_OP_DELETE, -+ 0, /* abandon not supported */ -+ SOCK_OP_EXTENDED - }; - - static int sock_over_op( -@@ -283,6 +289,7 @@ static int sock_over_op( - case LDAP_REQ_MODRDN: which = op_modrdn; break; - case LDAP_REQ_ADD: which = op_add; break; - case LDAP_REQ_DELETE: which = op_delete; break; -+ case LDAP_REQ_EXTENDED: which = op_extended; break; - default: - return SLAP_CB_CONTINUE; - } -@@ -365,6 +372,7 @@ sock_over_setup() - sockover.on_bi.bi_op_modrdn = sock_over_op; - sockover.on_bi.bi_op_add = sock_over_op; - sockover.on_bi.bi_op_delete = sock_over_op; -+ sockover.on_bi.bi_extended = sock_over_op; - sockover.on_response = sock_over_response; - - sockover.on_bi.bi_cf_ocs = osocs; -diff --git a/servers/slapd/back-sock/extended.c b/servers/slapd/back-sock/extended.c -new file mode 100644 -index 000000000..15493ea98 ---- /dev/null -+++ b/servers/slapd/back-sock/extended.c -@@ -0,0 +1,58 @@ -+/* extended.c - sock backend extended routines */ -+/* $OpenLDAP$ */ -+/* This work is part of OpenLDAP Software . -+ * -+ * Copyright 2000-2017 The OpenLDAP Foundation. -+ * All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted only as authorized by the OpenLDAP -+ * Public License. -+ * -+ * A copy of this license is available in the file LICENSE in the -+ * top-level directory of the distribution or, alternatively, at -+ * . -+ */ -+ -+#include "portable.h" -+ -+#include -+#include -+ -+#include "slap.h" -+#include "back-sock.h" -+ -+int -+sock_back_extended( Operation *op, SlapReply *rs ) -+{ -+ int rc; -+ struct sockinfo *si = (struct sockinfo *) op->o_bd->be_private; -+ FILE *fp; -+ -+ Debug( LDAP_DEBUG_ARGS, "==> sock_back_extended(%s)\n", -+ op->ore_reqoid.bv_val, op->o_req_dn.bv_val, 0 ); -+ -+ if ( (fp = opensock( si->si_sockpath )) == NULL ) { -+ send_ldap_error( op, rs, LDAP_OTHER, -+ "could not open socket" ); -+ return( -1 ); -+ } -+ -+ /* write out the request to the extended process */ -+ fprintf( fp, "EXTENDED\n" ); -+ fprintf( fp, "msgid: %ld\n", (long) op->o_msgid ); -+ sock_print_conn( fp, op->o_conn, si ); -+ sock_print_suffixes( fp, op->o_bd ); -+ fprintf( fp, "oid: %s\n", op->ore_reqoid.bv_val ); -+ if (op->ore_reqdata) { -+ fprintf( fp, "valuelen: %lu\n", op->ore_reqdata->bv_len ); -+ fprintf( fp, "value: %s\n", op->ore_reqdata->bv_val ); -+ } -+ fprintf( fp, "\n" ); -+ -+ /* read in the results and send them along */ -+ rc = sock_read_and_send_results( op, rs, fp ); -+ fclose( fp ); -+ -+ return( rc ); -+} -diff --git a/servers/slapd/back-sock/init.c b/servers/slapd/back-sock/init.c -index dcfe61a44..92e68782f 100644 ---- a/servers/slapd/back-sock/init.c -+++ b/servers/slapd/back-sock/init.c -@@ -53,7 +53,7 @@ sock_back_initialize( - bi->bi_op_delete = sock_back_delete; - bi->bi_op_abandon = 0; - -- bi->bi_extended = 0; -+ bi->bi_extended = sock_back_extended; - - bi->bi_chk_referrals = 0; - -diff --git a/servers/slapd/back-sock/proto-sock.h b/servers/slapd/back-sock/proto-sock.h -index fa02ab896..8b3b5f3ef 100644 ---- a/servers/slapd/back-sock/proto-sock.h -+++ b/servers/slapd/back-sock/proto-sock.h -@@ -40,6 +40,8 @@ extern BI_op_modrdn sock_back_modrdn; - extern BI_op_add sock_back_add; - extern BI_op_delete sock_back_delete; - -+extern BI_op_extended sock_back_extended; -+ - extern int sock_back_init_cf( BackendInfo *bi ); - - LDAP_END_DECL --- -2.14.0 - From b40ad9719122cc2f2eea71fce6e7825578cc667ae2c73b125aa8de289a1caebe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Str=C3=B6der?= Date: Fri, 18 Aug 2017 17:03:17 +0000 Subject: [PATCH 5/6] OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=189 --- ...DED-operation-message-from-back-sock.patch | 227 ++++++++++++++++++ 1 file changed, 227 insertions(+) create mode 100644 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch diff --git a/0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch b/0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch new file mode 100644 index 0000000..6c4f21c --- /dev/null +++ b/0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch @@ -0,0 +1,227 @@ +From 732c5646e0a03be8b58e52527b25742f0495807e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Michael=20Str=C3=B6der?= +Date: Fri, 18 Aug 2017 18:47:41 +0200 +Subject: [PATCH] ITS#8714 Send out EXTENDED operation message from back-sock + to external program + +--- + doc/man/man5/slapd-sock.5 | 19 +++++++++++- + servers/slapd/back-sock/Makefile.in | 4 +-- + servers/slapd/back-sock/config.c | 12 ++++++-- + servers/slapd/back-sock/extended.c | 58 ++++++++++++++++++++++++++++++++++++ + servers/slapd/back-sock/init.c | 2 +- + servers/slapd/back-sock/proto-sock.h | 2 ++ + 6 files changed, 91 insertions(+), 6 deletions(-) + create mode 100644 servers/slapd/back-sock/extended.c + +diff --git a/doc/man/man5/slapd-sock.5 b/doc/man/man5/slapd-sock.5 +index 1ac4f7fdd..0c4fc3fdd 100644 +--- a/doc/man/man5/slapd-sock.5 ++++ b/doc/man/man5/slapd-sock.5 +@@ -49,7 +49,7 @@ be sent and from which replies are received. + + When used as an overlay, these additional directives are defined: + .TP +-.B sockops [ bind | unbind | search | compare | modify | modrdn | add | delete ]* ++.B sockops [ bind | unbind | search | compare | modify | modrdn | add | delete | extended ]* + Specify which request types to send to the external program. The default is + empty (no requests are sent). + .TP +@@ -115,6 +115,18 @@ dn: + .PP + .RS + .nf ++EXTENDED ++msgid: ++ }> ++oid: ++valuelen: > ++value: ++ ++.fi ++.RE ++.PP ++.RS ++.nf + MODIFY + msgid: + }> +@@ -292,6 +304,11 @@ access to the + pseudo_attribute of the searchBase; + .B search (=s) + access to the attributes and values used in the filter is not checked. ++.LP ++The ++.B extended ++operation does not require any access special rights. ++The external program has to implement any sort of access control. + + .SH EXAMPLE + There is an example script in the slapd/back\-sock/ directory +diff --git a/servers/slapd/back-sock/Makefile.in b/servers/slapd/back-sock/Makefile.in +index 3e527e545..efb916246 100644 +--- a/servers/slapd/back-sock/Makefile.in ++++ b/servers/slapd/back-sock/Makefile.in +@@ -18,9 +18,9 @@ + ## in OpenLDAP Software. + + SRCS = init.c config.c opensock.c search.c bind.c unbind.c add.c \ +- delete.c modify.c modrdn.c compare.c result.c ++ delete.c modify.c modrdn.c compare.c result.c extended.c + OBJS = init.lo config.lo opensock.lo search.lo bind.lo unbind.lo add.lo \ +- delete.lo modify.lo modrdn.lo compare.lo result.lo ++ delete.lo modify.lo modrdn.lo compare.lo result.lo extended.lo + + LDAP_INCDIR= ../../../include + LDAP_LIBDIR= ../../../libraries +diff --git a/servers/slapd/back-sock/config.c b/servers/slapd/back-sock/config.c +index dc3f1365c..2dcf68bf6 100644 +--- a/servers/slapd/back-sock/config.c ++++ b/servers/slapd/back-sock/config.c +@@ -106,6 +106,7 @@ static ConfigOCs osocs[] = { + #define SOCK_OP_MODRDN 0x020 + #define SOCK_OP_ADD 0x040 + #define SOCK_OP_DELETE 0x080 ++#define SOCK_OP_EXTENDED 0x100 + + #define SOCK_REP_RESULT 0x001 + #define SOCK_REP_SEARCH 0x002 +@@ -127,6 +128,7 @@ static slap_verbmasks ov_ops[] = { + { BER_BVC("modrdn"), SOCK_OP_MODRDN }, + { BER_BVC("add"), SOCK_OP_ADD }, + { BER_BVC("delete"), SOCK_OP_DELETE }, ++ { BER_BVC("extended"), SOCK_OP_EXTENDED }, + { BER_BVNULL, 0 } + }; + +@@ -249,7 +251,9 @@ static BI_op_bind *sockfuncs[] = { + sock_back_modify, + sock_back_modrdn, + sock_back_add, +- sock_back_delete ++ sock_back_delete, ++ 0, /* abandon not supported */ ++ sock_back_extended + }; + + static const int sockopflags[] = { +@@ -260,7 +264,9 @@ static const int sockopflags[] = { + SOCK_OP_MODIFY, + SOCK_OP_MODRDN, + SOCK_OP_ADD, +- SOCK_OP_DELETE ++ SOCK_OP_DELETE, ++ 0, /* abandon not supported */ ++ SOCK_OP_EXTENDED + }; + + static int sock_over_op( +@@ -283,6 +289,7 @@ static int sock_over_op( + case LDAP_REQ_MODRDN: which = op_modrdn; break; + case LDAP_REQ_ADD: which = op_add; break; + case LDAP_REQ_DELETE: which = op_delete; break; ++ case LDAP_REQ_EXTENDED: which = op_extended; break; + default: + return SLAP_CB_CONTINUE; + } +@@ -365,6 +372,7 @@ sock_over_setup() + sockover.on_bi.bi_op_modrdn = sock_over_op; + sockover.on_bi.bi_op_add = sock_over_op; + sockover.on_bi.bi_op_delete = sock_over_op; ++ sockover.on_bi.bi_extended = sock_over_op; + sockover.on_response = sock_over_response; + + sockover.on_bi.bi_cf_ocs = osocs; +diff --git a/servers/slapd/back-sock/extended.c b/servers/slapd/back-sock/extended.c +new file mode 100644 +index 000000000..15493ea98 +--- /dev/null ++++ b/servers/slapd/back-sock/extended.c +@@ -0,0 +1,58 @@ ++/* extended.c - sock backend extended routines */ ++/* $OpenLDAP$ */ ++/* This work is part of OpenLDAP Software . ++ * ++ * Copyright 2000-2017 The OpenLDAP Foundation. ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted only as authorized by the OpenLDAP ++ * Public License. ++ * ++ * A copy of this license is available in the file LICENSE in the ++ * top-level directory of the distribution or, alternatively, at ++ * . ++ */ ++ ++#include "portable.h" ++ ++#include ++#include ++ ++#include "slap.h" ++#include "back-sock.h" ++ ++int ++sock_back_extended( Operation *op, SlapReply *rs ) ++{ ++ int rc; ++ struct sockinfo *si = (struct sockinfo *) op->o_bd->be_private; ++ FILE *fp; ++ ++ Debug( LDAP_DEBUG_ARGS, "==> sock_back_extended(%s)\n", ++ op->ore_reqoid.bv_val, op->o_req_dn.bv_val, 0 ); ++ ++ if ( (fp = opensock( si->si_sockpath )) == NULL ) { ++ send_ldap_error( op, rs, LDAP_OTHER, ++ "could not open socket" ); ++ return( -1 ); ++ } ++ ++ /* write out the request to the extended process */ ++ fprintf( fp, "EXTENDED\n" ); ++ fprintf( fp, "msgid: %ld\n", (long) op->o_msgid ); ++ sock_print_conn( fp, op->o_conn, si ); ++ sock_print_suffixes( fp, op->o_bd ); ++ fprintf( fp, "oid: %s\n", op->ore_reqoid.bv_val ); ++ if (op->ore_reqdata) { ++ fprintf( fp, "valuelen: %lu\n", op->ore_reqdata->bv_len ); ++ fprintf( fp, "value: %s\n", op->ore_reqdata->bv_val ); ++ } ++ fprintf( fp, "\n" ); ++ ++ /* read in the results and send them along */ ++ rc = sock_read_and_send_results( op, rs, fp ); ++ fclose( fp ); ++ ++ return( rc ); ++} +diff --git a/servers/slapd/back-sock/init.c b/servers/slapd/back-sock/init.c +index dcfe61a44..92e68782f 100644 +--- a/servers/slapd/back-sock/init.c ++++ b/servers/slapd/back-sock/init.c +@@ -53,7 +53,7 @@ sock_back_initialize( + bi->bi_op_delete = sock_back_delete; + bi->bi_op_abandon = 0; + +- bi->bi_extended = 0; ++ bi->bi_extended = sock_back_extended; + + bi->bi_chk_referrals = 0; + +diff --git a/servers/slapd/back-sock/proto-sock.h b/servers/slapd/back-sock/proto-sock.h +index fa02ab896..8b3b5f3ef 100644 +--- a/servers/slapd/back-sock/proto-sock.h ++++ b/servers/slapd/back-sock/proto-sock.h +@@ -40,6 +40,8 @@ extern BI_op_modrdn sock_back_modrdn; + extern BI_op_add sock_back_add; + extern BI_op_delete sock_back_delete; + ++extern BI_op_extended sock_back_extended; ++ + extern int sock_back_init_cf( BackendInfo *bi ); + + LDAP_END_DECL +-- +2.14.0 + From 5e1d6e7359f810f9df27cc4d782ddfc37dc1da035c13c1c973a6781edeb3ed22 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Str=C3=B6der?= Date: Wed, 6 Sep 2017 08:08:24 +0000 Subject: [PATCH 6/6] Accepting request 521624 from home:stroeder:branches:network:ldap - updated 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch OBS-URL: https://build.opensuse.org/request/show/521624 OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=190 --- ...DED-operation-message-from-back-sock.patch | 70 +++++++++++-------- openldap2.changes | 5 ++ 2 files changed, 47 insertions(+), 28 deletions(-) diff --git a/0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch b/0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch index 6c4f21c..ceea7ad 100644 --- a/0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch +++ b/0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch @@ -1,21 +1,5 @@ -From 732c5646e0a03be8b58e52527b25742f0495807e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Michael=20Str=C3=B6der?= -Date: Fri, 18 Aug 2017 18:47:41 +0200 -Subject: [PATCH] ITS#8714 Send out EXTENDED operation message from back-sock - to external program - ---- - doc/man/man5/slapd-sock.5 | 19 +++++++++++- - servers/slapd/back-sock/Makefile.in | 4 +-- - servers/slapd/back-sock/config.c | 12 ++++++-- - servers/slapd/back-sock/extended.c | 58 ++++++++++++++++++++++++++++++++++++ - servers/slapd/back-sock/init.c | 2 +- - servers/slapd/back-sock/proto-sock.h | 2 ++ - 6 files changed, 91 insertions(+), 6 deletions(-) - create mode 100644 servers/slapd/back-sock/extended.c - diff --git a/doc/man/man5/slapd-sock.5 b/doc/man/man5/slapd-sock.5 -index 1ac4f7fdd..0c4fc3fdd 100644 +index 1ac4f7fdd..903155fa4 100644 --- a/doc/man/man5/slapd-sock.5 +++ b/doc/man/man5/slapd-sock.5 @@ -49,7 +49,7 @@ be sent and from which replies are received. @@ -27,7 +11,7 @@ index 1ac4f7fdd..0c4fc3fdd 100644 Specify which request types to send to the external program. The default is empty (no requests are sent). .TP -@@ -115,6 +115,18 @@ dn: +@@ -115,6 +115,17 @@ dn: .PP .RS .nf @@ -35,8 +19,7 @@ index 1ac4f7fdd..0c4fc3fdd 100644 +msgid: + }> +oid: -+valuelen: > -+value: ++value: + +.fi +.RE @@ -46,7 +29,19 @@ index 1ac4f7fdd..0c4fc3fdd 100644 MODIFY msgid: }> -@@ -292,6 +304,11 @@ access to the +@@ -213,6 +224,11 @@ msgid: + .fi + .RE + ++.SH KNOWN LIMITATIONS ++The ++.B sock ++backend does not process extended operation results from an external program. ++ + .SH ACCESS CONTROL + The + .B sock +@@ -292,6 +308,11 @@ access to the pseudo_attribute of the searchBase; .B search (=s) access to the attributes and values used in the filter is not checked. @@ -134,10 +129,10 @@ index dc3f1365c..2dcf68bf6 100644 sockover.on_bi.bi_cf_ocs = osocs; diff --git a/servers/slapd/back-sock/extended.c b/servers/slapd/back-sock/extended.c new file mode 100644 -index 000000000..15493ea98 +index 000000000..dfe56b32b --- /dev/null +++ b/servers/slapd/back-sock/extended.c -@@ -0,0 +1,58 @@ +@@ -0,0 +1,80 @@ +/* extended.c - sock backend extended routines */ +/* $OpenLDAP$ */ +/* This work is part of OpenLDAP Software . @@ -162,12 +157,15 @@ index 000000000..15493ea98 +#include "slap.h" +#include "back-sock.h" + ++#include "lutil.h" ++ +int +sock_back_extended( Operation *op, SlapReply *rs ) +{ + int rc; + struct sockinfo *si = (struct sockinfo *) op->o_bd->be_private; + FILE *fp; ++ struct berval b64; + + Debug( LDAP_DEBUG_ARGS, "==> sock_back_extended(%s)\n", + op->ore_reqoid.bv_val, op->o_req_dn.bv_val, 0 ); @@ -184,10 +182,29 @@ index 000000000..15493ea98 + sock_print_conn( fp, op->o_conn, si ); + sock_print_suffixes( fp, op->o_bd ); + fprintf( fp, "oid: %s\n", op->ore_reqoid.bv_val ); ++ + if (op->ore_reqdata) { -+ fprintf( fp, "valuelen: %lu\n", op->ore_reqdata->bv_len ); -+ fprintf( fp, "value: %s\n", op->ore_reqdata->bv_val ); ++ ++ b64.bv_len = LUTIL_BASE64_ENCODE_LEN( op->ore_reqdata->bv_len ) + 1; ++ b64.bv_val = ber_memalloc( b64.bv_len + 1 ); ++ ++ if( b64.bv_val == NULL ) { ++ return LUTIL_PASSWD_ERR; ++ } ++ ++ rc = lutil_b64_ntop( ++ (unsigned char *) op->ore_reqdata->bv_val, op->ore_reqdata->bv_len, ++ b64.bv_val, b64.bv_len ); ++ ++ b64.bv_len = rc; ++ assert( strlen(b64.bv_val) == b64.bv_len ); ++ ++ fprintf( fp, "value: %s\n", b64.bv_val ); ++ ++ ber_memfree( b64.bv_val ); ++ + } ++ + fprintf( fp, "\n" ); + + /* read in the results and send them along */ @@ -222,6 +239,3 @@ index fa02ab896..8b3b5f3ef 100644 extern int sock_back_init_cf( BackendInfo *bi ); LDAP_END_DECL --- -2.14.0 - diff --git a/openldap2.changes b/openldap2.changes index b2c77a8..e6be3c6 100644 --- a/openldap2.changes +++ b/openldap2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Sep 6 07:58:06 UTC 2017 - michael@stroeder.com + +- updated 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch + ------------------------------------------------------------------- Fri Aug 18 17:00:54 UTC 2017 - michael@stroeder.com