[Fedora-directory-commits] ldapserver/ldap/servers/slapd filter.c, 1.11, 1.12 plugin_internal_op.c, 1.11, 1.12 slapi-private.h, 1.29, 1.30 str2filter.c, 1.6, 1.7

Nathan Kinder nkinder at fedoraproject.org
Wed Nov 26 22:42:15 UTC 2008


Author: nkinder

Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7639/ldap/servers/slapd

Modified Files:
	filter.c plugin_internal_op.c slapi-private.h str2filter.c 
Log Message:
Resolves: 220532
Summary: Add access to RUV by users other than "cn=Directory Manager".



Index: filter.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/filter.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- filter.c	15 Oct 2008 06:30:04 -0000	1.11
+++ filter.c	26 Nov 2008 22:42:12 -0000	1.12
@@ -54,14 +54,15 @@
 static int
 get_filter_list( Connection *conn, BerElement *ber,
 		struct slapi_filter **f, char **fstr, int maxdepth, int curdepth,
-		int *subentry_dont_rewrite, int *has_tombstone_filter);
+		int *subentry_dont_rewrite, int *has_tombstone_filter, int *has_ruv_filter);
 static int	get_substring_filter();
 static int	get_extensible_filter( BerElement *ber, mr_filter_t* );
 
 static int get_filter_internal( Connection *conn, BerElement *ber,
 		struct slapi_filter **filt, char **fstr, int maxdepth, int curdepth,
-		int *subentry_dont_rewrite, int *has_tombstone_filter);
+		int *subentry_dont_rewrite, int *has_tombstone_filter, int *has_ruv_filter);
 static int tombstone_check_filter(Slapi_Filter *f);
+static int ruv_check_filter(Slapi_Filter *f);
 static void filter_optimize(Slapi_Filter *f);
 
 
@@ -83,20 +84,23 @@
 {
 	int subentry_dont_rewrite = 0; /* Re-write unless we're told not to */
 	int has_tombstone_filter = 0; /* Check if nsTombstone appears */
+	int has_ruv_filter = 0;       /* Check if searching for RUV */
 	int return_value = 0;
 	char 	*logbuf = NULL;
 	size_t	logbufsize = 0;
 
 	return_value = get_filter_internal(conn, ber, filt, fstr,
 			config_get_max_filter_nest_level(),	/* maximum depth */
-			0, /* current depth */
-			&subentry_dont_rewrite, &has_tombstone_filter);
+			0, /* current depth */ &subentry_dont_rewrite,
+			&has_tombstone_filter, &has_ruv_filter);
 
 	if (0 == return_value) { /* Don't try to re-write if there was an error */
 		if (subentry_dont_rewrite || scope == LDAP_SCOPE_BASE)
 		  (*filt)->f_flags |= SLAPI_FILTER_LDAPSUBENTRY;
 		if (has_tombstone_filter)
 			(*filt)->f_flags |= SLAPI_FILTER_TOMBSTONE;
+		if (has_ruv_filter)
+			(*filt)->f_flags |= SLAPI_FILTER_RUV;
 	}
 
 	if (LDAPDebugLevelIsSet( LDAP_DEBUG_FILTER ) && *filt != NULL
@@ -175,7 +179,7 @@
 static int
 get_filter_internal( Connection *conn, BerElement *ber, 
 	struct slapi_filter **filt, char **fstr, int maxdepth, int curdepth,
-	int *subentry_dont_rewrite, int *has_tombstone_filter )
+	int *subentry_dont_rewrite, int *has_tombstone_filter, int *has_ruv_filter )
 {
     ber_len_t	len;
     int		err;
@@ -272,6 +276,18 @@
 					*has_tombstone_filter = tombstone_check_filter(f);
 				}
 			} 
+
+			if ( 0 == strcasecmp ( f->f_avtype, "nsuniqueid")) {
+				/*
+				 * Check if it's a RUV filter.
+				 * We need to do it once per filter, so if flag is already set,
+				 * don't bother doing it
+				 */
+				if (!(*has_ruv_filter)) {
+					*has_ruv_filter = ruv_check_filter(f);
+				}
+			}
+
 			*fstr=filter_escape_filter_value(f, FILTER_EQ_FMT, FILTER_EQ_LEN);
 		}
 		break;
@@ -342,7 +358,8 @@
 	case LDAP_FILTER_AND:
 		LDAPDebug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 );
 		if ( (err = get_filter_list( conn, ber, &f->f_and, &ftmp, maxdepth,
-					curdepth, subentry_dont_rewrite, has_tombstone_filter ))
+					curdepth, subentry_dont_rewrite,
+					has_tombstone_filter, has_ruv_filter ))
 					== 0 ) {
 			filter_compute_hash(f);
 			*fstr = slapi_ch_smprintf( "(&%s)", ftmp );
@@ -353,7 +370,8 @@
 	case LDAP_FILTER_OR:
 		LDAPDebug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 );
 		if ( (err = get_filter_list( conn, ber, &f->f_or, &ftmp, maxdepth,
-					curdepth, subentry_dont_rewrite, has_tombstone_filter ))
+					curdepth, subentry_dont_rewrite,
+					has_tombstone_filter, has_ruv_filter ))
 					== 0 ) {
 			filter_compute_hash(f);
 			*fstr = slapi_ch_smprintf( "(|%s)", ftmp );
@@ -365,7 +383,8 @@
 		LDAPDebug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 );
 		(void) ber_skip_tag( ber, &len );
 		if ( (err = get_filter_internal( conn, ber, &f->f_not, &ftmp, maxdepth,
-					curdepth, subentry_dont_rewrite, has_tombstone_filter ))
+					curdepth, subentry_dont_rewrite,
+					has_tombstone_filter, has_ruv_filter ))
 					== 0 ) {
 			filter_compute_hash(f);
 			*fstr = slapi_ch_smprintf( "(!%s)", ftmp );
@@ -394,7 +413,7 @@
 get_filter_list( Connection *conn, BerElement *ber,
 				struct slapi_filter **f, char **fstr, int maxdepth,
 				int curdepth, int *subentry_dont_rewrite,
-				int *has_tombstone_filter)
+				int *has_tombstone_filter, int* has_ruv_filter)
 {
 	struct slapi_filter	**new;
 	int		err;
@@ -411,7 +430,8 @@
 	    tag = ber_next_element( ber, &len, last ) ) {
 		char *ftmp;
 		if ( (err = get_filter_internal( conn, ber, new, &ftmp, maxdepth,
-					curdepth, subentry_dont_rewrite, has_tombstone_filter))
+					curdepth, subentry_dont_rewrite,
+					has_tombstone_filter, has_ruv_filter))
 					!= 0 ) {
 		    if ( *fstr != NULL ) {
 			slapi_ch_free((void**)fstr );
@@ -1450,6 +1470,17 @@
 	return 0; /* Not nsTombstone filter */
 }
 
+
+static int
+ruv_check_filter(Slapi_Filter *f)
+{
+	if ( 0 == strcasecmp ( f->f_avvalue.bv_val, "ffffffff-ffffffff-ffffffff-ffffffff")) {
+		return 1; /* Contains a RUV filter */
+	}
+	return 0; /* Not a RUV filter */
+}
+
+
 /* filter_optimize
  * ---------------
  * takes a filter and optimizes it for fast evaluation


Index: plugin_internal_op.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/plugin_internal_op.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- plugin_internal_op.c	17 Oct 2008 22:12:47 -0000	1.11
+++ plugin_internal_op.c	26 Nov 2008 22:42:12 -0000	1.12
@@ -720,7 +720,11 @@
     op->o_search_referral_handler = internal_ref_entry_callback;
 	
     filter = slapi_str2filter(ifstr ? (fstr = slapi_ch_strdup(ifstr)) : NULL);
-    if(scope == LDAP_SCOPE_BASE) filter->f_flags |= (SLAPI_FILTER_LDAPSUBENTRY | SLAPI_FILTER_TOMBSTONE);
+    if(scope == LDAP_SCOPE_BASE) {
+        filter->f_flags |= (SLAPI_FILTER_LDAPSUBENTRY |
+                            SLAPI_FILTER_TOMBSTONE | SLAPI_FILTER_RUV);
+    }
+
     if (NULL == filter) 
 	{
     	send_ldap_result(pb, LDAP_FILTER_ERROR, NULL, NULL, 0, NULL);


Index: slapi-private.h
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/slapi-private.h,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -r1.29 -r1.30
--- slapi-private.h	5 Nov 2008 18:21:06 -0000	1.29
+++ slapi-private.h	26 Nov 2008 22:42:12 -0000	1.30
@@ -68,6 +68,7 @@
 /* filter */
 #define SLAPI_FILTER_LDAPSUBENTRY 1
 #define SLAPI_FILTER_TOMBSTONE 2
+#define SLAPI_FILTER_RUV 4
 #define SLAPI_ENTRY_LDAPSUBENTRY 2
 
 /*


Index: str2filter.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/str2filter.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- str2filter.c	10 Nov 2006 23:45:40 -0000	1.6
+++ str2filter.c	26 Nov 2008 22:42:12 -0000	1.7
@@ -162,6 +162,7 @@
 		str = next;
 		f->f_flags |= ((*fp)->f_flags & SLAPI_FILTER_LDAPSUBENTRY);
 		f->f_flags |= ((*fp)->f_flags & SLAPI_FILTER_TOMBSTONE);
+		f->f_flags |= ((*fp)->f_flags & SLAPI_FILTER_RUV);
 		fp = &(*fp)->f_next;
 	}
 	*fp = NULL;
@@ -331,6 +332,13 @@
 			if (0 == strcasecmp (unqstr,SLAPI_ATTR_VALUE_TOMBSTONE))
 				f->f_flags |= SLAPI_FILTER_TOMBSTONE;
 		}
+
+		if((f->f_choice == LDAP_FILTER_EQUALITY) &&
+		   (0 == strncasecmp (str,"nsuniqueid",strlen("nsuniqueid")))) {
+			if (0 == strcasecmp (unqstr, "ffffffff-ffffffff-ffffffff-ffffffff"))
+				f->f_flags |= SLAPI_FILTER_RUV;
+		}
+
 	} if ( !unescape_filter ) {
 		f->f_avtype = slapi_ch_strdup( str );
 		f->f_avvalue.bv_val = slapi_ch_strdup ( value );




More information about the Fedora-directory-commits mailing list