(ITS#8714) - openldap-bugs

5 Sep 2017

This is a multi-part message in MIME format.
--------------E329EF3D834E0A798BAC2EBC
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Find attached a new patch which base64-encoded the extended
operation request value before sending it to the socket.
You can also download patch file here:
https://www.stroeder.com/temp/0001-ITS-8714-Send-out-EXTENDED-operation-mess...
Ciao, Michael.
--------------E329EF3D834E0A798BAC2EBC
Content-Type: text/x-patch;
 name="0001-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock_rev2.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename*0="0001-ITS-8714-Send-out-EXTENDED-operation-message-from-back-";
 filename*1="sock_rev2.patch"
...
From 7e584ffc4235f7e120b69acbd0b41cac9fe47ba3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20Str=C3=B6der?= michael@stroeder.com
Date: Tue, 5 Sep 2017 15:30:28 +0200
Subject: [PATCH] ITS#8714 Send out EXTENDED operation message from back-sock
---
 doc/man/man5/slapd-sock.5            | 19 ++++++++++++++++++-
 servers/slapd/back-sock/Makefile.in  |  4 ++--
 servers/slapd/back-sock/config.c     | 12 ++++++++++--
 servers/slapd/back-sock/init.c       |  2 +-
 servers/slapd/back-sock/proto-sock.h |  2 ++
 5 files changed, 33 insertions(+), 6 deletions(-)

diff --git a/doc/man/man5/slapd-sock.5 b/doc/man/man5/slapd-sock.5
index 1ac4f7fdd..b2fb21cc1 100644
--- a/doc/man/man5/slapd-sock.5
+++ b/doc/man/man5/slapd-sock.5
@@ -49,7 +49,7 @@ be sent and from which replies are received.
When used as an overlay, these additional directives are defined:
 .TP
-.B sockops	[ bind | unbind | search | compare | modify | modrdn | add | delete ]*
+.B sockops	[ bind | unbind | search | compare | modify | modrdn | add | delete | extended ]*
 Specify which request types to send to the external program. The default is
 empty (no requests are sent).
 .TP
@@ -115,6 +115,18 @@ dn: <DN>
 .PP
 .RS
 .nf
+EXTENDED
+msgid: <message id>
+<repeat { "suffix:" <database suffix DN> }>
+oid: <OID>
+valuelen: <length of <value>>
+value: <value>
+<blank line>
+.fi
+.RE
+.PP
+.RS
+.nf
 MODIFY
 msgid: <message id>
 <repeat { "suffix:" <database suffix DN> }>
@@ -292,6 +304,11 @@ access to the
 pseudo_attribute of the searchBase;
 .B search (=s)
 access to the attributes and values used in the filter is not checked.
+.LP
+The
+.B extended
+operation does not require any access special rights.
+The external program has to implement any sort of access control.
.SH EXAMPLE
 There is an example script in the slapd/back-sock/ directory
diff --git a/servers/slapd/back-sock/Makefile.in b/servers/slapd/back-sock/Makefile.in
index 3e527e545..efb916246 100644
--- a/servers/slapd/back-sock/Makefile.in
+++ b/servers/slapd/back-sock/Makefile.in
@@ -18,9 +18,9 @@
 ## in OpenLDAP Software.
SRCS	= init.c config.c opensock.c search.c bind.c unbind.c add.c \
-		delete.c modify.c modrdn.c compare.c result.c
+		delete.c modify.c modrdn.c compare.c result.c extended.c
 OBJS	= init.lo config.lo opensock.lo search.lo bind.lo unbind.lo add.lo \
-		delete.lo modify.lo modrdn.lo compare.lo result.lo
+		delete.lo modify.lo modrdn.lo compare.lo result.lo extended.lo
LDAP_INCDIR= ../../../include       
 LDAP_LIBDIR= ../../../libraries
diff --git a/servers/slapd/back-sock/config.c b/servers/slapd/back-sock/config.c
index dc3f1365c..2dcf68bf6 100644
--- a/servers/slapd/back-sock/config.c
+++ b/servers/slapd/back-sock/config.c
@@ -106,6 +106,7 @@ static ConfigOCs osocs[] = {
 #define SOCK_OP_MODRDN	0x020
 #define SOCK_OP_ADD		0x040
 #define SOCK_OP_DELETE	0x080
+#define SOCK_OP_EXTENDED	0x100
#define SOCK_REP_RESULT	0x001
 #define SOCK_REP_SEARCH	0x002
@@ -127,6 +128,7 @@ static slap_verbmasks ov_ops[] = {
    { BER_BVC("modrdn"), SOCK_OP_MODRDN },
    { BER_BVC("add"), SOCK_OP_ADD },
    { BER_BVC("delete"), SOCK_OP_DELETE },
+	{ BER_BVC("extended"), SOCK_OP_EXTENDED },
    { BER_BVNULL, 0 }
 };
@@ -249,7 +251,9 @@ static BI_op_bind *sockfuncs[] = {
    sock_back_modify,
    sock_back_modrdn,
    sock_back_add,
-	sock_back_delete
+	sock_back_delete,
+	0,                    /* abandon not supported */
+	sock_back_extended
 };
static const int sockopflags[] = {
@@ -260,7 +264,9 @@ static const int sockopflags[] = {
    SOCK_OP_MODIFY,
    SOCK_OP_MODRDN,
    SOCK_OP_ADD,
-	SOCK_OP_DELETE
+	SOCK_OP_DELETE,
+	0,                    /* abandon not supported */
+	SOCK_OP_EXTENDED
 };
static int sock_over_op(
@@ -283,6 +289,7 @@ static int sock_over_op(
    case LDAP_REQ_MODRDN:	which = op_modrdn; break;
    case LDAP_REQ_ADD:	which = op_add; break;
    case LDAP_REQ_DELETE:	which = op_delete; break;
+	case LDAP_REQ_EXTENDED:	which = op_extended; break;
    default:
    	return SLAP_CB_CONTINUE;
    }
@@ -365,6 +372,7 @@ sock_over_setup()
    sockover.on_bi.bi_op_modrdn = sock_over_op;
    sockover.on_bi.bi_op_add = sock_over_op;
    sockover.on_bi.bi_op_delete = sock_over_op;
+	sockover.on_bi.bi_extended = sock_over_op;
    sockover.on_response = sock_over_response;
sockover.on_bi.bi_cf_ocs = osocs;
diff --git a/servers/slapd/back-sock/init.c b/servers/slapd/back-sock/init.c
index dcfe61a44..92e68782f 100644
--- a/servers/slapd/back-sock/init.c
+++ b/servers/slapd/back-sock/init.c
@@ -53,7 +53,7 @@ sock_back_initialize(
    bi->bi_op_delete = sock_back_delete;
    bi->bi_op_abandon = 0;
-	bi->bi_extended = 0;
+	bi->bi_extended = sock_back_extended;
bi->bi_chk_referrals = 0;
diff --git a/servers/slapd/back-sock/proto-sock.h b/servers/slapd/back-sock/proto-sock.h
index fa02ab896..8b3b5f3ef 100644
--- a/servers/slapd/back-sock/proto-sock.h
+++ b/servers/slapd/back-sock/proto-sock.h
@@ -40,6 +40,8 @@ extern BI_op_modrdn	sock_back_modrdn;
 extern BI_op_add	sock_back_add;
 extern BI_op_delete	sock_back_delete;
+extern BI_op_extended	sock_back_extended;
+
 extern int sock_back_init_cf( BackendInfo *bi );
LDAP_END_DECL
-- 
2.14.1




--------------E329EF3D834E0A798BAC2EBC--




    