upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-02-18 18:18:06 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge in Normalized DN bug fixes and optimizations from devel.

Browse source
This commit is contained in:
Kurt Zeilenga 1999-01-20 05:52:11 +00:00
parent 13b342e654
commit 03fcd92fe8
40 changed files with 493 additions and 380 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
include/ldapconfig.h.edit
View file

@ -219,11 +219,15 @@ Please try again later.\r\n"
#define SLAPD_PIDEXT ".pid"
/* extension of the slapd args file */
#define SLAPD_ARGSEXT ".args"
/* dn of the special "monitor" entry */
#define SLAPD_MONITOR_DN "cn=monitor"
/* dn of the special "config" entry */
#define SLAPD_CONFIG_DN "cn=config"
/* minimum max ids that a single index entry can map to in ldbm */
#define SLAPD_LDBM_MIN_MAXIDS 4000
/* the following DNs must be normalized and in uppercase! */
/* dn of the special "monitor" entry */
#define SLAPD_MONITOR_DN "CN=MONITOR"
/* dn of the special "config" entry */
#define SLAPD_CONFIG_DN "CN=CONFIG"
/* dn of the special "schema" entry */
/* #define SLAPD_SCHEMA_DN "CN=SCHEMA" */
#endif /* _LDAP_CONFIG_H */

56
servers/slapd/acl.c
View file

@ -16,7 +16,7 @@ static void string_expand(char *newbuf, int bufsiz, char *pattern,
/*
* access_allowed - check whether dn is allowed the requested access
* access_allowed - check whether op->o_ndn is allowed the requested access
* to entry e, attribute attr, value val. if val is null, access to
* the whole attribute is assumed (all values). this routine finds
* the applicable acl and calls acl_access_allowed() to make the
@ -34,7 +34,6 @@ access_allowed(
Entry *e,
char *attr,
struct berval *val,
char *dn,
int access
)
{
@ -50,7 +49,8 @@ access_allowed(
return( 0 );
}
edn = dn_normalize_case( ch_strdup( e->e_dn ) );
edn = e->e_ndn;
Debug( LDAP_DEBUG_ACL, "\n=> access_allowed: entry (%s) attr (%s)\n",
e->e_dn, attr, 0 );
@ -62,13 +62,12 @@ access_allowed(
{
Debug( LDAP_DEBUG_ACL, "LASTMOD attribute: %s access allowed\n",
attr, 0, 0 );
free( edn );
return(1);
}
memset(matches, 0, sizeof(matches));
a = acl_get_applicable( be, op, e, attr, edn, MAXREMATCHES, matches );
a = acl_get_applicable( be, op, e, attr, MAXREMATCHES, matches );
if (a) {
for (i = 0; i < MAXREMATCHES && matches[i].rm_so > 0; i++) {
@ -85,7 +84,6 @@ access_allowed(
}
rc = acl_access_allowed( a, be, conn, e, val, op, access, edn, matches );
free( edn );
Debug( LDAP_DEBUG_ACL, "\n=> access_allowed: exit (%s) attr (%s)\n",
e->e_dn, attr, 0);
@ -105,24 +103,26 @@ acl_get_applicable(
Operation *op,
Entry *e,
char *attr,
char *edn,
int nmatch,
regmatch_t *matches
)
{
int i, j;
struct acl *a;
char *edn;
Debug( LDAP_DEBUG_ACL, "\n=> acl_get: entry (%s) attr (%s)\n",
e->e_dn, attr, 0 );
if ( be_isroot( be, op->o_dn ) ) {
if ( be_isroot( be, op->o_ndn ) ) {
Debug( LDAP_DEBUG_ACL,
"<= acl_get: no acl applicable to database root\n", 0, 0,
0 );
return( NULL );
}
edn = e->e_ndn;
Debug( LDAP_DEBUG_ARGS, "=> acl_get: edn %s\n", edn, 0, 0 );
/* check for a backend-specific acl that matches the entry */
@ -230,9 +230,9 @@ acl_access_allowed(
"\n=> acl_access_allowed: %s access to value \"%s\" by \"%s\"\n",
access2str( access ),
val ? val->bv_val : "any",
op->o_dn ? op->o_dn : "" );
op->o_ndn ? op->o_ndn : "" );
if ( be_isroot( be, op->o_dn ) ) {
if ( be_isroot( be, op->o_ndn ) ) {
Debug( LDAP_DEBUG_ACL,
"<= acl_access_allowed: granted to database root\n",
0, 0, 0 );
@ -248,12 +248,13 @@ acl_access_allowed(
return( default_access >= access );
}
odn = NULL;
if ( op->o_dn != NULL ) {
odn = dn_normalize_case( ch_strdup( op->o_dn ) );
odn = op->o_ndn;
if ( odn != NULL ) {
bv.bv_val = odn;
bv.bv_len = strlen( odn );
}
for ( i = 1, b = a->acl_access; b != NULL; b = b->a_next, i++ ) {
if ( b->a_dnpat != NULL ) {
Debug( LDAP_DEBUG_TRACE, "<= check a_dnpat: %s\n",
@ -264,15 +265,14 @@ acl_access_allowed(
* the entry, OR the given dn matches the dn pattern
*/
if ( strcasecmp( b->a_dnpat, "self" ) == 0 &&
op->o_dn != NULL && *(op->o_dn) && e->e_dn != NULL )
op->o_ndn != NULL && *(op->o_ndn) && e->e_dn != NULL )
{
if ( strcasecmp( edn, op->o_dn ) == 0 ) {
if ( strcmp( edn, op->o_ndn ) == 0 ) {
Debug( LDAP_DEBUG_ACL,
"<= acl_access_allowed: matched by clause #%d access %s\n",
i, (b->a_access & ~ACL_SELF) >=
access ? "granted" : "denied", 0 );
if ( odn ) free( odn );
return( (b->a_access & ~ACL_SELF) >= access );
}
} else {
@ -282,7 +282,6 @@ acl_access_allowed(
i, (b->a_access & ~ACL_SELF) >= access ?
"granted" : "denied", 0 );
if ( odn ) free( odn );
return( (b->a_access & ~ACL_SELF) >= access );
}
}
@ -294,7 +293,6 @@ acl_access_allowed(
i, (b->a_access & ~ACL_SELF) >= access ?
"granted" : "denied", 0 );
if ( odn ) free( odn );
return( (b->a_access & ~ACL_SELF) >= access );
}
}
@ -308,11 +306,10 @@ acl_access_allowed(
i, (b->a_access & ~ACL_SELF) >= access ?
"granted" : "denied", 0 );
if ( odn ) free( odn );
return( (b->a_access & ~ACL_SELF) >= access );
}
}
if ( b->a_dnattr != NULL && op->o_dn != NULL ) {
if ( b->a_dnattr != NULL && op->o_ndn != NULL ) {
Debug( LDAP_DEBUG_ARGS, "<= check a_dnattr: %s\n",
b->a_dnattr, 0, 0);
/* see if asker is listed in dnattr */
@ -325,7 +322,6 @@ acl_access_allowed(
continue;
}
if ( odn ) free( odn );
Debug( LDAP_DEBUG_ACL,
"<= acl_acces_allowed: matched by clause #%d access %s\n",
i, (b->a_access & ~ACL_SELF) >= access ?
@ -341,7 +337,6 @@ acl_access_allowed(
continue;
}
if ( odn ) free( odn );
Debug( LDAP_DEBUG_ACL,
"<= acl_access_allowed: matched by clause #%d (self) access %s\n",
i, (b->a_access & ~ACL_SELF) >= access ? "granted"
@ -350,8 +345,8 @@ acl_access_allowed(
return( (b->a_access & ~ACL_SELF) >= access );
}
#ifdef SLAPD_ACLGROUPS
if ( b->a_group != NULL && op->o_dn != NULL ) {
char buf[512];
if ( b->a_group != NULL && op->o_ndn != NULL ) {
char buf[1024];
/* b->a_group is an unexpanded entry name, expanded it should be an
* entry with objectclass group* and we test to see if odn is one of
@ -359,6 +354,7 @@ acl_access_allowed(
*/
/* see if asker is listed in dnattr */
string_expand(buf, sizeof(buf), b->a_group, edn, matches);
(void) dn_normalize_case(buf);
if (be_group(be, e, buf, odn,
b->a_objectclassvalue, b->a_groupattrname) == 0)
@ -366,14 +362,12 @@ acl_access_allowed(
Debug( LDAP_DEBUG_ACL,
"<= acl_access_allowed: matched by clause #%d (group) access granted\n",
i, 0, 0 );
if ( odn ) free( odn );
return( (b->a_access & ~ACL_SELF) >= access );
}
}
#endif /* SLAPD_ACLGROUPS */
}
if ( odn ) free( odn );
Debug( LDAP_DEBUG_ACL,
"<= acl_access_allowed: %s by default (no matching by)\n",
default_access >= access ? "granted" : "denied", 0, 0 );
@ -400,9 +394,7 @@ acl_check_mods(
{
int i;
struct acl *a;
char *edn;
edn = dn_normalize_case( ch_strdup( e->e_dn ) );
char *edn = e->e_ndn;
for ( ; mods != NULL; mods = mods->mod_next ) {
regmatch_t matches[MAXREMATCHES];
@ -418,7 +410,7 @@ acl_check_mods(
continue;
}
a = acl_get_applicable( be, op, e, mods->mod_type, edn,
a = acl_get_applicable( be, op, e, mods->mod_type,
MAXREMATCHES, matches );
switch ( mods->mod_op & ~LDAP_MOD_BVALUES ) {
@ -431,7 +423,6 @@ acl_check_mods(
if ( ! acl_access_allowed( a, be, conn, e, mods->mod_bvalues[i],
op, ACL_WRITE, edn, matches) )
{
free(edn);
return( LDAP_INSUFFICIENT_ACCESS );
}
}
@ -442,7 +433,6 @@ acl_check_mods(
if ( ! acl_access_allowed( a, be, conn, e,
NULL, op, ACL_WRITE, edn, matches) )
{
free(edn);
return( LDAP_INSUFFICIENT_ACCESS );
}
break;
@ -451,7 +441,6 @@ acl_check_mods(
if ( ! acl_access_allowed( a, be, conn, e, mods->mod_bvalues[i],
op, ACL_WRITE, edn, matches) )
{
free(edn);
return( LDAP_INSUFFICIENT_ACCESS );
}
}
@ -459,7 +448,6 @@ acl_check_mods(
}
}
free(edn);
return( LDAP_SUCCESS );
}

10
servers/slapd/add.c
View file

@ -58,7 +58,7 @@ do_add( Connection *conn, Operation *op )
entry_rdwr_init(e);
e->e_dn = dn;
e->e_ndn = dn_normalize( ch_strdup( dn ) );
e->e_ndn = dn_normalize_case( ch_strdup( dn ) );
dn = NULL;
Debug( LDAP_DEBUG_ARGS, " do_add: ndn (%s)\n", e->e_ndn, 0, 0 );
@ -117,11 +117,11 @@ do_add( Connection *conn, Operation *op )
*/
if ( be->be_add != NULL ) {
/* do the update here */
if ( be->be_updatedn == NULL ||
strcasecmp( be->be_updatedn, op->o_dn ) == 0 ) {
if ( be->be_update_ndn == NULL ||
strcmp( be->be_update_ndn, op->o_ndn ) == 0 )
{
if ( (be->be_lastmod == ON || (be->be_lastmod == UNDEFINED &&
global_lastmod == ON)) && be->be_updatedn == NULL ) {
global_lastmod == ON)) && be->be_update_ndn == NULL ) {
add_created_attrs( op, e );
}

19
servers/slapd/back-ldbm/add.c
View file

@ -20,12 +20,12 @@ ldbm_back_add(
)
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
char *dn = NULL, *pdn;
char *dn, *pdn;
Entry *p = NULL;
int rootlock = 0;
int rc = -1;
dn = dn_normalize( ch_strdup( e->e_dn ) );
dn = e->e_ndn;
Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_add: %s\n", dn, 0, 0);
@ -35,7 +35,6 @@ ldbm_back_add(
if ( ( dn2id( be, dn ) ) != NOID ) {
pthread_mutex_unlock(&li->li_add_mutex);
entry_free( e );
free( dn );
send_ldap_result( conn, op, LDAP_ALREADY_EXISTS, "", "" );
return( -1 );
}
@ -47,7 +46,6 @@ ldbm_back_add(
0, 0, 0 );
entry_free( e );
free( dn );
send_ldap_result( conn, op, LDAP_OBJECT_CLASS_VIOLATION, "",
"" );
return( -1 );
@ -75,7 +73,6 @@ ldbm_back_add(
}
entry_free( e );
free( dn );
free( pdn );
return -1;
}
@ -89,8 +86,8 @@ ldbm_back_add(
free( matched );
}
if ( ! access_allowed( be, conn, op, p, "children", NULL,
op->o_dn, ACL_WRITE ) )
if ( ! access_allowed( be, conn, op, p,
"children", NULL, ACL_WRITE ) )
{
Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
0, 0 );
@ -101,13 +98,12 @@ ldbm_back_add(
cache_return_entry_w( &li->li_cache, p );
entry_free( e );
free( dn );
return -1;
}
} else {
/* no parent, must be adding entry to root */
if ( ! be_isroot( be, op->o_dn ) ) {
if ( ! be_isroot( be, op->o_ndn ) ) {
pthread_mutex_unlock(&li->li_add_mutex);
Debug( LDAP_DEBUG_TRACE, "no parent & not root\n", 0,
0, 0 );
@ -115,7 +111,6 @@ ldbm_back_add(
"", "" );
entry_free( e );
free( dn );
return -1;
}
@ -152,7 +147,6 @@ ldbm_back_add(
* because e hasn't been added to the cache yet
*/
entry_free( e );
free( dn );
send_ldap_result( conn, op, LDAP_ALREADY_EXISTS, "", "" );
return( -1 );
}
@ -209,9 +203,6 @@ ldbm_back_add(
rc = 0;
return_results:;
if ( dn != NULL )
free( dn );
cache_set_state( &li->li_cache, e, 0 );
if (p != NULL) {

15
servers/slapd/back-ldbm/bind.c
View file

@ -64,7 +64,8 @@ ldbm_back_bind(
Operation *op,
char *dn,
int method,
struct berval *cred
struct berval *cred,
char** edn
)
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
@ -79,6 +80,8 @@ ldbm_back_bind(
Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_bind: dn: %s\n", dn, 0, 0);
*edn = NULL;
/* get entry with reader lock */
if ( (e = dn2entry_r( be, dn, &matched )) == NULL ) {
/* allow noauth binds */
@ -91,6 +94,7 @@ ldbm_back_bind(
rc = 1;
} else if ( be_isroot_pw( be, dn, cred ) ) {
/* front end will send result */
*edn = ch_strdup( be_root_dn( be ) );
rc = 0;
} else {
send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT, matched, NULL );
@ -102,6 +106,8 @@ ldbm_back_bind(
return( rc );
}
*edn = ch_strdup( e->e_dn );
/* check for deleted */
switch ( method ) {
@ -114,6 +120,7 @@ ldbm_back_bind(
goto return_results;
} else if ( be_isroot_pw( be, dn, cred ) ) {
/* front end will send result */
*edn = ch_strdup( be_root_dn( be ) );
rc = 0;
goto return_results;
}
@ -121,6 +128,7 @@ ldbm_back_bind(
if ( (a = attr_find( e->e_attrs, "userpassword" )) == NULL ) {
if ( be_isroot_pw( be, dn, cred ) ) {
/* front end will send result */
*edn = ch_strdup( be_root_dn( be ) );
rc = 0;
goto return_results;
}
@ -130,14 +138,11 @@ ldbm_back_bind(
goto return_results;
}
#ifdef SLAPD_CRYPT
if ( crypted_value_find( a->a_vals, cred, a->a_syntax, 0, cred ) != 0 )
#else
if ( value_find( a->a_vals, cred, a->a_syntax, 0 ) != 0 )
#endif
{
if ( be_isroot_pw( be, dn, cred ) ) {
/* front end will send result */
*edn = ch_strdup( be_root_dn( be ) );
rc = 0;
goto return_results;
}

9
servers/slapd/back-ldbm/cache.c
View file

@ -3,9 +3,10 @@
#include "portable.h"
#include <stdio.h>
int strcasecmp( const char *, const char *);
#include <ac/string.h>
#include <ac/socket.h>
#include "slap.h"
#include "back-ldbm.h"
@ -35,8 +36,8 @@ cache_entry_cmp( Entry *e1, Entry *e2 )
static int
cache_entrydn_cmp( Entry *e1, Entry *e2 )
{
/* compare their normalized dn's */
return( strcasecmp( e1->e_ndn, e2->e_ndn ) );
/* compare their normalized UPPERCASED dn's */
return( strcmp( e1->e_ndn, e2->e_ndn ) );
}
static int
@ -235,7 +236,7 @@ cache_find_entry_dn2id(
pthread_mutex_lock( &cache->c_mutex );
e.e_dn = dn;
e.e_ndn = dn_normalize( ch_strdup( dn ) );
e.e_ndn = dn_normalize_case( ch_strdup( dn ) );
if ( (ep = (Entry *) avl_find( cache->c_dntree, (caddr_t) &e,
cache_entrydn_cmp )) != NULL )

5
servers/slapd/back-ldbm/compare.c
View file

@ -35,8 +35,9 @@ ldbm_back_compare(
}
/* check for deleted */
if ( ! access_allowed( be, conn, op, e, ava->ava_type, &ava->ava_value,
op->o_dn, ACL_COMPARE ) ) {
if ( ! access_allowed( be, conn, op, e,
ava->ava_type, &ava->ava_value, ACL_COMPARE ) )
{
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS, "", "" );
rc = 1;
goto return_results;

11
servers/slapd/back-ldbm/delete.c
View file

@ -54,8 +54,9 @@ ldbm_back_delete(
}
#ifdef SLAPD_CHILD_MODIFICATION_WITH_ENTRY_ACL
if ( ! access_allowed( be, conn, op, e, "entry", NULL, op->o_dn,
ACL_WRITE ) ) {
if ( ! access_allowed( be, conn, op, e,
"entry", NULL, ACL_WRITE ) )
{
Debug(LDAP_DEBUG_ARGS,
"<=- ldbm_back_delete: insufficient access %s\n",
dn, 0, 0);
@ -80,8 +81,8 @@ ldbm_back_delete(
#ifndef SLAPD_CHILD_MODIFICATION_WITH_ENTRY_ACL
/* check parent for "children" acl */
if ( ! access_allowed( be, conn, op, p, "children", NULL,
op->o_dn, ACL_WRITE ) )
if ( ! access_allowed( be, conn, op, p,
"children", NULL, ACL_WRITE ) )
{
Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
0, 0 );
@ -93,7 +94,7 @@ ldbm_back_delete(
} else {
/* no parent, must be root to delete */
if( ! be_isroot( be, op->o_dn ) ) {
if( ! be_isroot( be, op->o_ndn ) ) {
Debug( LDAP_DEBUG_TRACE, "no parent & not root\n",
0, 0, 0);
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,

80
servers/slapd/back-ldbm/group.c
View file

@ -13,67 +13,68 @@
#ifdef SLAPD_ACLGROUPS
/* return 0 IFF edn is a value in member attribute
* of entry with bdn AND that entry has an objectClass
/* return 0 IFF op_dn is a value in member attribute
* of entry with gr_dn AND that entry has an objectClass
* value of groupOfNames
*/
int
ldbm_back_group(
Backend *be,
Backend *be,
Entry *target,
char *bdn,
char *edn,
char *objectclassValue,
char *groupattrName
char *gr_ndn,
char *op_ndn,
char *objectclassValue,
char *groupattrName
)
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
Entry *e;
char *tdn, *xdn;
char *matched;
Attribute *objectClass;
Attribute *member;
int rc;
Debug( LDAP_DEBUG_TRACE, "=> ldbm_back_group: bdn: %s\n", bdn, 0, 0 );
Debug( LDAP_DEBUG_TRACE, "=> ldbm_back_group: edn: %s\n", edn, 0, 0 );
Debug( LDAP_DEBUG_TRACE, "=> ldbm_back_group: objectClass: %s attrName: %s\n",
objectclassValue, groupattrName, 0 );
Debug( LDAP_DEBUG_TRACE,
"=> ldbm_back_group: gr dn: \"%s\"\n",
gr_ndn, 0, 0 );
Debug( LDAP_DEBUG_TRACE,
"=> ldbm_back_group: op dn: \"%s\"\n",
op_ndn, 0, 0 );
Debug( LDAP_DEBUG_TRACE,
"=> ldbm_back_group: objectClass: \"%s\" attrName: \"%s\"\n",
objectclassValue, groupattrName, 0 );
tdn = dn_normalize_case( ch_strdup( target->e_dn ) );
xdn = dn_normalize_case( ch_strdup( bdn ) );
Debug( LDAP_DEBUG_TRACE, "=> ldbm_back_group: tdn: %s\n", tdn, 0, 0 );
if (strcmp(tdn, xdn) == 0) {
Debug( LDAP_DEBUG_TRACE,
"=> ldbm_back_group: tr dn: \"%s\"\n",
target->e_ndn, 0, 0 );
if (strcmp(target->e_ndn, gr_ndn) == 0) {
/* we already have a LOCKED copy of the entry */
e = target;
Debug( LDAP_DEBUG_ARGS,
"=> ldbm_back_group: target is bdn: %s\n",
bdn, 0, 0 );
"=> ldbm_back_group: target is group: \"%s\"\n",
gr_ndn, 0, 0 );
} else {
/* can we find bdn entry with reader lock */
if ((e = dn2entry_r(be, bdn, &matched )) == NULL) {
/* can we find group entry with reader lock */
if ((e = dn2entry_r(be, gr_ndn, &matched )) == NULL) {
Debug( LDAP_DEBUG_TRACE,
"=> ldbm_back_group: cannot find bdn: %s matched: %s\n",
bdn, (matched ? matched : ""), 0 );
"=> ldbm_back_group: cannot find group: \"%s\" matched: \"%s\"\n",
gr_ndn, (matched ? matched : ""), 0 );
if (matched != NULL)
free(matched);
free(tdn);
free(xdn);
return( 1 );
}
Debug( LDAP_DEBUG_ARGS,
"=> ldbm_back_group: found bdn: %s\n",
bdn, 0, 0 );
Debug( LDAP_DEBUG_ARGS,
"=> ldbm_back_group: found group: \"%s\"\n",
gr_ndn, 0, 0 );
}
free(tdn);
free(xdn);
/* check for deleted */
/* find it's objectClass and member attribute values
* make sure this is a group entry
* finally test if we can find edn in the member attribute value list *
* finally test if we can find op_dn in the member attribute value list *
*/
rc = 1;
@ -92,8 +93,8 @@ ldbm_back_group(
bvObjectClass.bv_val = objectclassValue;
bvObjectClass.bv_len = strlen( bvObjectClass.bv_val );
bvMembers.bv_val = edn;
bvMembers.bv_len = strlen( edn );
bvMembers.bv_val = op_ndn;
bvMembers.bv_len = strlen( op_ndn );
if (value_find(objectClass->a_vals, &bvObjectClass, SYNTAX_CIS, 1) != 0) {
Debug( LDAP_DEBUG_TRACE,
@ -101,12 +102,14 @@ ldbm_back_group(
objectclassValue, 0, 0 );
}
else if (value_find(member->a_vals, &bvMembers, SYNTAX_CIS, 1) != 0) {
Debug( LDAP_DEBUG_ACL, "<= ldbm_back_group: %s not in %s: %s\n",
edn, bdn, groupattrName );
Debug( LDAP_DEBUG_ACL,
"<= ldbm_back_group: \"%s\" not in \"%s\": %s\n",
op_ndn, gr_ndn, groupattrName );
}
else {
Debug( LDAP_DEBUG_ACL, "<= ldbm_back_group: %s is in %s: %s\n",
edn, bdn, groupattrName );
Debug( LDAP_DEBUG_ACL,
"<= ldbm_back_group: \"%s\" is in \"%s\": %s\n",
op_ndn, gr_ndn, groupattrName );
rc = 0;
}
}
@ -115,8 +118,9 @@ ldbm_back_group(
/* free entry and reader lock */
cache_return_entry_r( &li->li_cache, e );
}
Debug( LDAP_DEBUG_ARGS, "ldbm_back_group: rc: %d\n", rc, 0, 0 );
return(rc);
Debug( LDAP_DEBUG_ARGS, "ldbm_back_group: rc: %d\n", rc, 0, 0 );
return(rc);
}
#endif /* SLAPD_ACLGROUPS */

6
servers/slapd/back-ldbm/modify.c
View file

@ -53,15 +53,15 @@ ldbm_back_modify(
for ( mod = mods; mod != NULL; mod = mod->mod_next ) {
switch ( mod->mod_op & ~LDAP_MOD_BVALUES ) {
case LDAP_MOD_ADD:
err = add_values( e, mod, op->o_dn );
err = add_values( e, mod, op->o_ndn );
break;
case LDAP_MOD_DELETE:
err = delete_values( e, mod, op->o_dn );
err = delete_values( e, mod, op->o_ndn );
break;
case LDAP_MOD_REPLACE:
err = replace_values( e, mod, op->o_dn );
err = replace_values( e, mod, op->o_ndn );
break;
}

56
servers/slapd/back-ldbm/modrdn.c
View file

@ -23,7 +23,8 @@ ldbm_back_modrdn(
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
char *matched = NULL;
char *pdn = NULL, *newdn = NULL;
char *p_dn = NULL, *p_ndn = NULL;
char *new_dn = NULL, *new_ndn = NULL;
char sep[2];
Entry *e, *p = NULL;
int rootlock = 0;
@ -40,8 +41,8 @@ ldbm_back_modrdn(
#ifdef SLAPD_CHILD_MODIFICATION_WITH_ENTRY_ACL
/* check parent for "children" acl */
if ( ! access_allowed( be, conn, op, e, "entry", NULL,
op->o_dn, ACL_WRITE ) )
if ( ! access_allowed( be, conn, op, e,
"entry", NULL, ACL_WRITE ) )
{
Debug( LDAP_DEBUG_TRACE, "no access to entry\n", 0,
0, 0 );
@ -51,9 +52,9 @@ ldbm_back_modrdn(
}
#endif
if ( (pdn = dn_parent( be, dn )) != NULL ) {
if ( (p_ndn = dn_parent( be, e->e_ndn )) != NULL ) {
/* parent + rdn + separator(s) + null */
if( (p = dn2entry_w( be, pdn, &matched )) == NULL) {
if( (p = dn2entry_w( be, p_ndn, &matched )) == NULL) {
Debug( LDAP_DEBUG_TRACE, "parent does not exist\n",
0, 0, 0);
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
@ -63,8 +64,8 @@ ldbm_back_modrdn(
#ifndef SLAPD_CHILD_MODIFICATION_WITH_ENTRY_ACL
/* check parent for "children" acl */
if ( ! access_allowed( be, conn, op, p, "children", NULL,
op->o_dn, ACL_WRITE ) )
if ( ! access_allowed( be, conn, op, p,
"children", NULL, ACL_WRITE ) )
{
Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
0, 0 );
@ -74,29 +75,31 @@ ldbm_back_modrdn(
}
#endif
newdn = (char *) ch_malloc( strlen( pdn ) + strlen( newrdn )
p_dn = dn_parent( be, e->e_dn );
new_dn = (char *) ch_malloc( strlen( p_dn ) + strlen( newrdn )
+ 3 );
if ( dn_type( dn ) == DN_X500 ) {
strcpy( newdn, newrdn );
strcat( newdn, ", " );
strcat( newdn, pdn );
if ( dn_type( e->e_dn ) == DN_X500 ) {
strcpy( new_dn, newrdn );
strcat( new_dn, ", " );
strcat( new_dn, p_dn );
} else {
char *s;
strcpy( newdn, newrdn );
strcpy( new_dn, newrdn );
s = strchr( newrdn, '\0' );
s--;
if ( *s != '.' && *s != '@' ) {
if ( (s = strpbrk( dn, ".@" )) != NULL ) {
sep[0] = *s;
sep[1] = '\0';
strcat( newdn, sep );
strcat( new_dn, sep );
}
}
strcat( newdn, pdn );
strcat( new_dn, p_dn );
}
} else {
/* no parent, modrdn entry directly under root */
if( ! be_isroot( be, op->o_dn ) ) {
if( ! be_isroot( be, op->o_ndn ) ) {
Debug( LDAP_DEBUG_TRACE, "no parent & not root\n",
0, 0, 0);
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
@ -107,12 +110,12 @@ ldbm_back_modrdn(
pthread_mutex_lock(&li->li_root_mutex);
rootlock = 1;
newdn = ch_strdup( newrdn );
new_dn = ch_strdup( newrdn );
}
(void) dn_normalize( newdn );
new_ndn = dn_normalize_case( ch_strdup( new_dn ) );
if ( (dn2id ( be, newdn ) ) != NOID ) {
if ( (dn2id ( be, new_ndn ) ) != NOID ) {
send_ldap_result( conn, op, LDAP_ALREADY_EXISTS, NULL, NULL );
goto return_results;
}
@ -126,20 +129,22 @@ ldbm_back_modrdn(
pthread_mutex_unlock( &op->o_abandonmutex );
/* add new one */
if ( dn2id_add( be, newdn, e->e_id ) != 0 ) {
if ( dn2id_add( be, new_ndn, e->e_id ) != 0 ) {
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL, NULL );
goto return_results;
}
/* delete old one */
if ( dn2id_delete( be, dn ) != 0 ) {
if ( dn2id_delete( be, e->e_ndn ) != 0 ) {
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL, NULL );
goto return_results;
}
(void) cache_delete_entry( &li->li_cache, e );
free( e->e_dn );
e->e_dn = newdn;
free( e->e_ndn );
e->e_dn = new_dn;
e->e_ndn = new_ndn;
/* XXX
* At some point here we need to update the attribute values in
@ -161,8 +166,11 @@ ldbm_back_modrdn(
rc = 0;
return_results:
if( newdn != NULL ) free( newdn );
if( pdn != NULL ) free( pdn );
if( new_dn != NULL ) free( new_dn );
if( new_ndn != NULL ) free( new_ndn );
if( p_dn != NULL ) free( p_dn );
if( p_ndn != NULL ) free( p_ndn );
if( matched != NULL ) free( matched );
if( p != NULL ) {

25
servers/slapd/back-ldbm/search.c
View file

@ -57,14 +57,14 @@ ldbm_back_search(
Debug(LDAP_DEBUG_ARGS, "=> ldbm_back_search\n", 0, 0, 0);
if ( tlimit == 0 && be_isroot( be, op->o_dn ) ) {
if ( tlimit == 0 && be_isroot( be, op->o_ndn ) ) {
tlimit = -1; /* allow root to set no limit */
} else {
tlimit = (tlimit > be->be_timelimit || tlimit < 1) ?
be->be_timelimit : tlimit;
stoptime = op->o_time + tlimit;
}
if ( slimit == 0 && be_isroot( be, op->o_dn ) ) {
if ( slimit == 0 && be_isroot( be, op->o_ndn ) ) {
slimit = -1; /* allow root to set no limit */
} else {
slimit = (slimit > be->be_sizelimit || slimit < 1) ?
@ -89,7 +89,7 @@ ldbm_back_search(
realBase = ch_strdup(base);
#endif
(void) dn_normalize (realBase);
(void) dn_normalize_case( realBase );
Debug( LDAP_DEBUG_TRACE, "using base \"%s\"\n",
realBase, 0, 0 );
@ -185,10 +185,10 @@ ldbm_back_search(
* this for subtree searches, and don't check the filter explicitly
* here since it's only a candidate anyway.
*/
if ( e->e_dn != NULL &&
strncasecmp( e->e_dn, "ref=", 4 ) == 0 &&
(ref = attr_find( e->e_attrs, "ref" )) != NULL &&
scope == LDAP_SCOPE_SUBTREE )
if ( scope == LDAP_SCOPE_SUBTREE &&
e->e_ndn != NULL &&
strncmp( e->e_ndn, "REF=", 4 ) == 0 &&
(ref = attr_find( e->e_attrs, "ref" )) != NULL )
{
int i, len;
@ -219,15 +219,16 @@ ldbm_back_search(
scopeok = 1;
if ( scope == LDAP_SCOPE_ONELEVEL ) {
if ( (dn = dn_parent( be, e->e_dn )) != NULL ) {
(void) dn_normalize( dn );
scopeok = (dn == realBase) ? 1 : (! strcasecmp( dn, realBase ));
(void) dn_normalize_case( dn );
scopeok = (dn == realBase)
? 1
: (strcmp( dn, realBase ) ? 0 : 1 );
free( dn );
} else {
scopeok = (realBase == NULL || *realBase == '\0');
}
free( dn );
} else if ( scope == LDAP_SCOPE_SUBTREE ) {
dn = ch_strdup( e->e_dn );
(void) dn_normalize( dn );
dn = ch_strdup( e->e_ndn );
scopeok = dn_issuffix( dn, realBase );
free( dn );
}

2
servers/slapd/back-passwd/search.c
View file

@ -136,7 +136,7 @@ pw2entry( Backend *be, struct passwd *pw )
sprintf( buf, "%s@%s", pw->pw_name, be->be_suffix[0] );
e->e_dn = ch_strdup( buf );
e->e_ndn = ch_strdup( buf );
e->e_ndn = dn_normalize_case( ch_strdup( buf ) );
val.bv_val = pw->pw_name;
val.bv_len = strlen( pw->pw_name );

5
servers/slapd/back-shell/bind.c
View file

@ -17,13 +17,16 @@ shell_back_bind(
Operation *op,
char *dn,
int method,
struct berval *cred
struct berval *cred,
char **edn
)
{
struct shellinfo *si = (struct shellinfo *) be->be_private;
FILE *rfp, *wfp;
int rc;
*edn = NULL;
if ( si->si_bind == NULL ) {
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM, NULL,
"bind not implemented" );

51
servers/slapd/backend.c
View file

@ -134,7 +134,7 @@ select_backend( char * dn )
continue;
}
if ( strcasecmp( backends[i].be_suffix[j],
if ( strcmp( backends[i].be_suffix[j],
dn + (dnlen - len) ) == 0 ) {
return( &backends[i] );
}
@ -154,7 +154,7 @@ select_backend( char * dn )
continue;
}
if ( strcasecmp( backends[i].be_suffixAlias[j],
if ( strcmp( backends[i].be_suffixAlias[j],
dn + (dnlen - len) ) == 0 ) {
return( &backends[i] );
}
@ -187,7 +187,7 @@ be_issuffix(
int i;
for ( i = 0; be->be_suffix != NULL && be->be_suffix[i] != NULL; i++ ) {
if ( strcasecmp( be->be_suffix[i], suffix ) == 0 ) {
if ( strcmp( be->be_suffix[i], suffix ) == 0 ) {
return( 1 );
}
}
@ -196,22 +196,37 @@ be_issuffix(
}
int
be_isroot( Backend *be, char *dn )
be_isroot( Backend *be, char *ndn )
{
if ( dn == NULL ) {
int rc;
if ( ndn == NULL || be->be_root_ndn == NULL ) {
return( 0 );
}
return( be->be_rootdn ? strcasecmp( be->be_rootdn, dn ) == 0
: 0 );
rc = strcmp( be->be_root_ndn, ndn ) ? 0 : 1;
return(rc);
}
char *
be_root_dn( Backend *be )
{
int rc;
if ( be->be_root_dn == NULL ) {
return( "" );
}
return be->be_root_dn;
}
int
be_isroot_pw( Backend *be, char *dn, struct berval *cred )
be_isroot_pw( Backend *be, char *ndn, struct berval *cred )
{
int result;
if ( ! be_isroot( be, dn ) ) {
if ( ! be_isroot( be, ndn ) ) {
return( 0 );
}
@ -219,7 +234,7 @@ be_isroot_pw( Backend *be, char *dn, struct berval *cred )
pthread_mutex_lock( &crypt_mutex );
#endif
result = lutil_passwd( cred->bv_val, be->be_rootpw );
result = lutil_passwd( cred->bv_val, be->be_root_pw );
#ifdef SLAPD_CRYPT
pthread_mutex_unlock( &crypt_mutex );
@ -260,17 +275,17 @@ be_unbind(
int
be_group(
Backend *be,
Entry *e,
char *bdn,
char *edn,
Entry *target,
char *gr_ndn,
char *op_ndn,
char *objectclassValue,
char *groupattrName
)
{
if (be->be_group)
return(be->be_group(be, e, bdn, edn,
objectclassValue, groupattrName));
else
return(1);
if (be->be_group)
return( be->be_group(be, target, gr_ndn, op_ndn,
objectclassValue, groupattrName) );
else
return(1);
}
#endif

84
servers/slapd/bind.c
View file

@ -29,8 +29,8 @@ do_bind(
{
BerElement *ber = op->o_ber;
int version, method, len;
char *cdn, *ndn;
unsigned long rc;
char *dn;
struct berval cred;
Backend *be;
@ -65,14 +65,15 @@ do_bind(
if ( ber_peek_tag( &tber, &tlen ) == LBER_SEQUENCE ) {
Debug( LDAP_DEBUG_ANY, "version 3.0 detected\n", 0, 0, 0 );
conn->c_version = 30;
rc = ber_scanf(ber, "{{iato}}", &version, &dn, &method, &cred);
rc = ber_scanf(ber, "{{iato}}", &version, &cdn, &method, &cred);
} else {
rc = ber_scanf( ber, "{iato}", &version, &dn, &method, &cred );
rc = ber_scanf( ber, "{iato}", &version, &cdn, &method, &cred );
}
}
#else
rc = ber_scanf( ber, "{iato}", &version, &dn, &method, &cred );
rc = ber_scanf( ber, "{iato}", &version, &cdn, &method, &cred );
#endif
if ( rc == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, NULL,
@ -96,14 +97,21 @@ do_bind(
}
}
#endif /* compat30 */
dn_normalize( dn );
Debug( LDAP_DEBUG_TRACE, "do_bind: version %d dn (%s) method %d\n",
version, cdn, method );
ndn = dn_normalize_case( ch_strdup( cdn ) );
Statslog( LDAP_DEBUG_STATS, "conn=%d op=%d BIND dn=\"%s\" method=%d\n",
conn->c_connid, op->o_opid, dn, method, 0 );
conn->c_connid, op->o_opid, ndn, method, 0 );
if ( version != LDAP_VERSION2 ) {
if ( dn != NULL ) {
free( dn );
if ( cdn != NULL ) {
free( cdn );
}
if ( ndn != NULL ) {
free( ndn );
}
if ( cred.bv_val != NULL ) {
free( cred.bv_val );
@ -115,13 +123,13 @@ do_bind(
return;
}
Debug( LDAP_DEBUG_TRACE, "do_bind: version %d dn (%s) method %d\n",
version, dn, method );
/* accept null binds */
if ( dn == NULL || *dn == '\0' ) {
if ( dn != NULL ) {
free( dn );
if ( ndn == NULL || *ndn == '\0' ) {
if ( cdn != NULL ) {
free( cdn );
}
if ( ndn != NULL ) {
free( ndn );
}
if ( cred.bv_val != NULL ) {
free( cred.bv_val );
@ -137,8 +145,9 @@ do_bind(
* if we don't hold it.
*/
if ( (be = select_backend( dn )) == NULL ) {
free( dn );
if ( (be = select_backend( ndn )) == NULL ) {
free( cdn );
free( ndn );
if ( cred.bv_val != NULL ) {
free( cred.bv_val );
}
@ -155,27 +164,56 @@ do_bind(
return;
}
/* alias suffix */
dn = suffixAlias ( dn, op, be );
if ( be->be_bind != NULL ) {
if ( (*be->be_bind)( be, conn, op, dn, method, &cred ) == 0 ) {
/* alias suffix */
char *edn;
ndn = suffixAlias( ndn, op, be );
if ( (*be->be_bind)( be, conn, op, ndn, method, &cred, &edn ) == 0 ) {
pthread_mutex_lock( &conn->c_dnmutex );
if ( conn->c_dn != NULL ) {
if ( conn->c_cdn != NULL ) {
free( conn->c_cdn );
}
conn->c_cdn = cdn;
cdn = NULL;
if ( conn->c_cdn != NULL ) {
free( conn->c_dn );
}
conn->c_dn = ch_strdup( dn );
if(edn != NULL) {
conn->c_dn = edn;
} else {
conn->c_dn = ndn;
ndn = NULL;
}
Debug( LDAP_DEBUG_TRACE, "do_bind: bound \"%s\" to \"%s\"\n",
conn->c_cdn, conn->c_dn, method );
pthread_mutex_unlock( &conn->c_dnmutex );
/* send this here to avoid a race condition */
send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL );
} else if (edn != NULL) {
free( edn );
}
} else {
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM, NULL,
"Function not implemented" );
}
free( dn );
if( cdn != NULL ) {
free( cdn );
}
if( ndn != NULL ) {
free( ndn );
}
if ( cred.bv_val != NULL ) {
free( cred.bv_val );
}

22
servers/slapd/compare.c
View file

@ -24,7 +24,7 @@ do_compare(
Operation *op
)
{
char *dn;
char *ndn;
Ava ava;
int rc;
Backend *be;
@ -43,28 +43,29 @@ do_compare(
* }
*/
if ( ber_scanf( op->o_ber, "{a{ao}}", &dn, &ava.ava_type,
if ( ber_scanf( op->o_ber, "{a{ao}}", &ndn, &ava.ava_type,
&ava.ava_value ) == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, NULL, "" );
return;
}
value_normalize( ava.ava_value.bv_val, attr_syntax( ava.ava_type ) );
dn_normalize( dn );
Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n",
dn, ava.ava_type, ava.ava_value.bv_val );
ndn, ava.ava_type, ava.ava_value.bv_val );
ndn = dn_normalize_case( ndn );
Statslog( LDAP_DEBUG_STATS, "conn=%d op=%d CMP dn=\"%s\" attr=\"%s\"\n",
conn->c_connid, op->o_opid, dn, ava.ava_type, 0 );
conn->c_connid, op->o_opid, ndn, ava.ava_type, 0 );
/*
* We could be serving multiple database backends. Select the
* appropriate one, or send a referral to our "referral server"
* if we don't hold it.
*/
if ( (be = select_backend( dn )) == NULL ) {
free( dn );
if ( (be = select_backend( ndn )) == NULL ) {
free( ndn );
ava_free( &ava, 0 );
send_ldap_result( conn, op, LDAP_PARTIAL_RESULTS, NULL,
@ -72,13 +73,16 @@ do_compare(
return;
}
/* alias suffix if approp */
ndn = suffixAlias( ndn, op, be );
if ( be->be_compare != NULL ) {
(*be->be_compare)( be, conn, op, dn, &ava );
(*be->be_compare)( be, conn, op, ndn, &ava );
} else {
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM, NULL,
"Function not implemented" );
}
free( dn );
free( ndn );
ava_free( &ava, 0 );
}

44
servers/slapd/config.c
View file

@ -34,7 +34,7 @@ void
read_config( char *fname, Backend **bep, FILE *pfp )
{
FILE *fp;
char *line, *savefname, *dn;
char *line, *savefname;
int cargc, savelineno;
char *cargv[MAXARGS];
int lineno, i;
@ -128,8 +128,8 @@ read_config( char *fname, Backend **bep, FILE *pfp )
"%s: line %d: suffix line must appear inside a database definition (ignored)\n",
fname, lineno, 0 );
} else {
dn = ch_strdup( cargv[1] );
(void) dn_normalize( dn );
char *dn = ch_strdup( cargv[1] );
(void) dn_normalize_case( dn );
charray_add( &be->be_suffix, dn );
}
@ -155,13 +155,28 @@ read_config( char *fname, Backend **bep, FILE *pfp )
"%s: line %d: suffixAlias line must appear inside a database definition (ignored)\n",
fname, lineno, 0 );
} else {
dn = ch_strdup( cargv[1] );
(void) dn_normalize( dn );
charray_add( &be->be_suffixAlias, dn );
char *alias, *aliased_dn;
dn = ch_strdup( cargv[2] );
(void) dn_normalize( dn );
charray_add( &be->be_suffixAlias, dn );
alias = ch_strdup( cargv[1] );
(void) dn_normalize( alias );
aliased_dn = ch_strdup( cargv[2] );
(void) dn_normalize( aliased_dn );
if ( strcasecmp( alias, aliased_dn) ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: suffixAlias %s is not different from aliased dn (ignored)\n",
fname, lineno, alias );
} else {
(void) dn_normalize_case( alias );
(void) dn_normalize_case( aliased_dn );
charray_add( &be->be_suffixAlias, alias );
charray_add( &be->be_suffixAlias, aliased_dn );
}
free(alias);
free(aliased_dn);
}
/* set max deref depth */
@ -194,9 +209,8 @@ read_config( char *fname, Backend **bep, FILE *pfp )
"%s: line %d: rootdn line must appear inside a database definition (ignored)\n",
fname, lineno, 0 );
} else {
dn = ch_strdup( cargv[1] );
(void) dn_normalize( dn );
be->be_rootdn = dn;
be->be_root_dn = ch_strdup( cargv[1] );
be->be_root_ndn = dn_normalize_case( ch_strdup( cargv[1] ) );
}
/* set super-secret magic database password */
@ -212,7 +226,7 @@ read_config( char *fname, Backend **bep, FILE *pfp )
"%s: line %d: rootpw line must appear inside a database definition (ignored)\n",
fname, lineno, 0 );
} else {
be->be_rootpw = ch_strdup( cargv[1] );
be->be_root_pw = ch_strdup( cargv[1] );
}
/* make this database read-only */
@ -352,8 +366,8 @@ read_config( char *fname, Backend **bep, FILE *pfp )
"%s: line %d: updatedn line must appear inside a database definition (ignored)\n",
fname, lineno, 0 );
} else {
be->be_updatedn = ch_strdup( cargv[1] );
(void) dn_normalize( be->be_updatedn );
be->be_update_ndn = ch_strdup( cargv[1] );
(void) dn_normalize_case( be->be_update_ndn );
}
/* replication log file to which changes are appended */

5
servers/slapd/daemon.c
View file

@ -87,6 +87,7 @@ slapd_daemon(
for ( i = 0; i < dtblsize; i++ ) {
c[i].c_dn = NULL;
c[i].c_cdn = NULL;
c[i].c_addr = NULL;
c[i].c_domain = NULL;
c[i].c_ops = NULL;
@ -344,6 +345,10 @@ slapd_daemon(
free( c[ns].c_dn );
c[ns].c_dn = NULL;
}
if ( c[ns].c_cdn != NULL ) {
free( c[ns].c_cdn );
c[ns].c_cdn = NULL;
}
pthread_mutex_unlock( &c[ns].c_dnmutex );
c[ns].c_starttime = currenttime;
c[ns].c_opsinitiated = 0;

35
servers/slapd/delete.c
View file

@ -25,7 +25,7 @@ do_delete(
Operation *op
)
{
char *dn, *odn;
char *ndn;
Backend *be;
Debug( LDAP_DEBUG_TRACE, "do_delete\n", 0, 0, 0 );
@ -36,46 +36,46 @@ do_delete(
* DelRequest := DistinguishedName
*/
if ( ber_scanf( op->o_ber, "a", &dn ) == LBER_ERROR ) {
if ( ber_scanf( op->o_ber, "a", &ndn ) == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, NULL, "" );
return;
}
odn = ch_strdup( dn );
dn_normalize( dn );
Debug( LDAP_DEBUG_ARGS, "do_delete: dn (%s)\n", dn, 0, 0 );
Debug( LDAP_DEBUG_ARGS, "do_delete: dn (%s)\n", ndn, 0, 0 );
Debug( LDAP_DEBUG_STATS, "DEL dn=\"%s\"\n", dn, 0, 0 );
dn_normalize_case( ndn );
Debug( LDAP_DEBUG_STATS, "DEL dn=\"%s\"\n", ndn, 0, 0 );
/*
* We could be serving multiple database backends. Select the
* appropriate one, or send a referral to our "referral server"
* if we don't hold it.
*/
if ( (be = select_backend( dn )) == NULL ) {
free( dn );
free( odn );
if ( (be = select_backend( ndn )) == NULL ) {
free( ndn );
send_ldap_result( conn, op, LDAP_PARTIAL_RESULTS, NULL,
default_referral );
return;
}
/* alias suffix if approp */
dn = suffixAlias ( dn, op, be );
/* alias suffix if approp */
ndn = suffixAlias( ndn, op, be );
/*
* do the delete if 1 && (2 || 3)
* 1) there is a delete function implemented in this backend;
* 2) this backend is master for what it holds;
* 3) it's a replica and the dn supplied is the updatedn.
* 3) it's a replica and the dn supplied is the update_ndn.
*/
if ( be->be_delete != NULL ) {
/* do the update here */
if ( be->be_updatedn == NULL || strcasecmp( be->be_updatedn,
op->o_dn ) == 0 ) {
if ( (*be->be_delete)( be, conn, op, dn ) == 0 ) {
replog( be, LDAP_REQ_DELETE, odn, NULL, 0 );
if ( be->be_update_ndn == NULL ||
strcmp( be->be_update_ndn, op->o_ndn ) == 0 )
{
if ( (*be->be_delete)( be, conn, op, ndn ) == 0 ) {
replog( be, LDAP_REQ_DELETE, ndn, NULL, 0 );
}
} else {
send_ldap_result( conn, op, LDAP_PARTIAL_RESULTS, NULL,
@ -86,6 +86,5 @@ do_delete(
"Function not implemented" );
}
free( dn );
free( odn );
free( ndn );
}

6
servers/slapd/dn.c
View file

@ -11,10 +11,6 @@
#include "slap.h"
#define DNSEPARATOR(c) (c == ',' || c == ';')
#define SEPARATOR(c) (c == ',' || c == ';' || c == '+')
#define SPACE(c) (c == ' ' || c == '\n')
#define NEEDSESCAPE(c) (c == '\\' || c == '"')
#define B4TYPE 0
#define INTYPE 1
#define B4EQUAL 2
@ -233,7 +229,7 @@ dn_issuffix(
return( 0 );
}
return( strcasecmp( dn + dnlen - suffixlen, suffix ) == 0 );
return( strcmp( dn + dnlen - suffixlen, suffix ) == 0 );
}
/*

2
servers/slapd/entry.c
View file

@ -109,7 +109,7 @@ str2entry( char *s )
e->e_id, e->e_ndn, value );
free( e->e_ndn );
}
e->e_ndn = dn_normalize( ch_strdup( value ) );
e->e_ndn = dn_normalize_case( ch_strdup( value ) );
continue;
}

20
servers/slapd/filterentry.c
View file

@ -110,8 +110,9 @@ test_ava_filter(
int i, rc;
Attribute *a;
if ( be != NULL && ! access_allowed( be, conn, op, e, ava->ava_type,
&ava->ava_value, op->o_dn, ACL_SEARCH ) ) {
if ( be != NULL && ! access_allowed( be, conn, op, e,
ava->ava_type, &ava->ava_value, ACL_SEARCH ) )
{
return( -2 );
}
@ -159,8 +160,9 @@ test_presence_filter(
char *type
)
{
if ( be != NULL && ! access_allowed( be, conn, op, e, type, NULL,
op->o_dn, ACL_SEARCH ) ) {
if ( be != NULL && ! access_allowed( be, conn, op, e,
type, NULL, ACL_SEARCH ) )
{
return( -2 );
}
@ -180,8 +182,9 @@ test_approx_filter(
int i, rc, match;
Attribute *a;
if ( be != NULL && ! access_allowed( be, conn, op, e, ava->ava_type,
NULL, op->o_dn, ACL_SEARCH ) ) {
if ( be != NULL && ! access_allowed( be, conn, op, e,
ava->ava_type, NULL, ACL_SEARCH ) )
{
return( -2 );
}
@ -316,8 +319,9 @@ test_substring_filter(
Debug( LDAP_DEBUG_FILTER, "begin test_substring_filter\n", 0, 0, 0 );
if ( be != NULL && ! access_allowed( be, conn, op, e, f->f_sub_type,
NULL, op->o_dn, ACL_SEARCH ) ) {
if ( be != NULL && ! access_allowed( be, conn, op, e,
f->f_sub_type, NULL, ACL_SEARCH ) )
{
return( -2 );
}

1
servers/slapd/main.c
View file

@ -222,6 +222,7 @@ main( int argc, char **argv )
struct hostent *hp;
c.c_dn = NULL;
c.c_cdn = NULL;
c.c_ops = NULL;
c.c_sb.sb_sd = 0;
c.c_sb.sb_options = 0;

47
servers/slapd/modify.c
View file

@ -30,7 +30,7 @@ do_modify(
Operation *op
)
{
char *dn, *odn;
char *ndn;
char *last;
unsigned long tag, len;
LDAPMod *mods, *tmp;
@ -58,15 +58,15 @@ do_modify(
* }
*/
if ( ber_scanf( op->o_ber, "{a", &dn ) == LBER_ERROR ) {
if ( ber_scanf( op->o_ber, "{a" /*}*/, &ndn ) == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, NULL, "" );
return;
}
odn = ch_strdup( dn );
dn_normalize( dn );
Debug( LDAP_DEBUG_ARGS, "do_modify: dn (%s)\n", dn, 0, 0 );
Debug( LDAP_DEBUG_ARGS, "do_modify: dn (%s)\n", ndn, 0, 0 );
(void) dn_normalize_case( ndn );
/* collect modifications & save for later */
mods = NULL;
@ -83,8 +83,7 @@ do_modify(
{
send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, NULL,
"decoding error" );
free( dn );
free( odn );
free( ndn );
free( *modtail );
*modtail = NULL;
modlist_free( mods );
@ -97,8 +96,7 @@ do_modify(
{
send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, NULL,
"unrecognized modify operation" );
free( dn );
free( odn );
free( ndn );
modlist_free( mods );
return;
}
@ -107,8 +105,7 @@ do_modify(
!= LDAP_MOD_DELETE ) {
send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, NULL,
"no values given" );
free( dn );
free( odn );
free( ndn );
modlist_free( mods );
return;
}
@ -128,42 +125,41 @@ do_modify(
#endif
Statslog( LDAP_DEBUG_STATS, "conn=%d op=%d MOD dn=\"%s\"\n",
conn->c_connid, op->o_opid, dn, 0, 0 );
conn->c_connid, op->o_opid, ndn, 0, 0 );
/*
* We could be serving multiple database backends. Select the
* appropriate one, or send a referral to our "referral server"
* if we don't hold it.
*/
if ( (be = select_backend( dn )) == NULL ) {
free( dn );
free( odn );
if ( (be = select_backend( ndn )) == NULL ) {
free( ndn );
modlist_free( mods );
send_ldap_result( conn, op, LDAP_PARTIAL_RESULTS, NULL,
default_referral );
return;
}
/* alias suffix if approp */
dn = suffixAlias ( dn, op, be );
/* alias suffix if approp */
ndn = suffixAlias ( ndn, op, be );
/*
* do the modify if 1 && (2 || 3)
* 1) there is a modify function implemented in this backend;
* 2) this backend is master for what it holds;
* 3) it's a replica and the dn supplied is the updatedn.
* 3) it's a replica and the dn supplied is the update_ndn.
*/
if ( be->be_modify != NULL ) {
/* do the update here */
if ( be->be_updatedn == NULL ||
strcasecmp( be->be_updatedn, op->o_dn ) == 0 ) {
if ( be->be_update_ndn == NULL ||
strcmp( be->be_update_ndn, op->o_ndn ) == 0 )
{
if ( (be->be_lastmod == ON || ( be->be_lastmod == UNDEFINED &&
global_lastmod == ON ) ) && be->be_updatedn == NULL ) {
global_lastmod == ON ) ) && be->be_update_ndn == NULL ) {
add_lastmods( op, &mods );
}
if ( (*be->be_modify)( be, conn, op, odn, mods ) == 0 ) {
replog( be, LDAP_REQ_MODIFY, dn, mods, 0 );
if ( (*be->be_modify)( be, conn, op, ndn, mods ) == 0 ) {
replog( be, LDAP_REQ_MODIFY, ndn, mods, 0 );
}
/* send a referral */
@ -176,8 +172,7 @@ do_modify(
"Function not implemented" );
}
free( dn );
free( odn );
free( ndn );
modlist_free( mods );
}

34
servers/slapd/modrdn.c
View file

@ -25,7 +25,7 @@ do_modrdn(
Operation *op
)
{
char *dn, *odn, *newrdn;
char *ndn, *newrdn;
int deloldrdn;
Backend *be;
@ -40,21 +40,21 @@ do_modrdn(
* }
*/
if ( ber_scanf( op->o_ber, "{aab}", &dn, &newrdn, &deloldrdn )
if ( ber_scanf( op->o_ber, "{aab}", &ndn, &newrdn, &deloldrdn )
== LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, NULL, "" );
return;
}
odn = ch_strdup( dn );
dn_normalize( dn );
Debug( LDAP_DEBUG_ARGS,
"do_modrdn: dn (%s) newrdn (%s) deloldrdn (%d)\n", dn, newrdn,
"do_modrdn: dn (%s) newrdn (%s) deloldrdn (%d)\n", ndn, newrdn,
deloldrdn );
dn_normalize_case( ndn );
Statslog( LDAP_DEBUG_STATS, "conn=%d op=%d MODRDN dn=\"%s\"\n",
conn->c_connid, op->o_opid, dn, 0, 0 );
conn->c_connid, op->o_opid, ndn, 0, 0 );
/*
* We could be serving multiple database backends. Select the
@ -62,28 +62,31 @@ do_modrdn(
* if we don't hold it.
*/
if ( (be = select_backend( dn )) == NULL ) {
free( dn );
free( odn );
if ( (be = select_backend( ndn )) == NULL ) {
free( ndn );
free( newrdn );
send_ldap_result( conn, op, LDAP_PARTIAL_RESULTS, NULL,
default_referral );
return;
}
/* alias suffix if approp */
ndn = suffixAlias( ndn, op, be );
/*
* do the add if 1 && (2 || 3)
* 1) there is an add function implemented in this backend;
* 2) this backend is master for what it holds;
* 3) it's a replica and the dn supplied is the updatedn.
* 3) it's a replica and the dn supplied is the update_ndn.
*/
if ( be->be_modrdn != NULL ) {
/* do the update here */
if ( be->be_updatedn == NULL || strcasecmp( be->be_updatedn,
op->o_dn ) == 0 ) {
if ( (*be->be_modrdn)( be, conn, op, dn, newrdn,
if ( be->be_update_ndn == NULL ||
strcmp( be->be_update_ndn, op->o_ndn ) == 0 )
{
if ( (*be->be_modrdn)( be, conn, op, ndn, newrdn,
deloldrdn ) == 0 ) {
replog( be, LDAP_REQ_MODRDN, odn, newrdn,
replog( be, LDAP_REQ_MODRDN, ndn, newrdn,
deloldrdn );
}
} else {
@ -95,7 +98,6 @@ do_modrdn(
"Function not implemented" );
}
free( dn );
free( odn );
free( ndn );
free( newrdn );
}

4
servers/slapd/monitor.c
View file

@ -49,7 +49,7 @@ monitor_info( Connection *conn, Operation *op )
entry_rdwr_init(e);
e->e_attrs = NULL;
e->e_dn = ch_strdup( SLAPD_MONITOR_DN );
e->e_ndn = NULL;
e->e_ndn = dn_normalize_case( ch_strdup(SLAPD_MONITOR_DN) );
val.bv_val = Versionstr;
if (( p = strchr( Versionstr, '\n' )) == NULL ) {
@ -91,7 +91,7 @@ monitor_info( Connection *conn, Operation *op )
pthread_mutex_lock( &c[i].c_dnmutex );
sprintf( buf, "%d : %s : %d : %d : %s : %s%s", i,
buf2, c[i].c_opsinitiated, c[i].c_opscompleted,
c[i].c_dn ? c[i].c_dn : "NULLDN",
c[i].c_cdn ? c[i].c_cdn : "NULLDN",
c[i].c_gettingber ? "r" : "",
c[i].c_writewaiter ? "w" : "" );
pthread_mutex_unlock( &c[i].c_dnmutex );

6
servers/slapd/operation.c
View file

@ -18,6 +18,9 @@ slap_op_free( Operation *op )
if ( op->o_dn != NULL ) {
free( op->o_dn );
}
if ( op->o_ndn != NULL ) {
free( op->o_ndn );
}
/* pthread_mutex_destroy( &op->o_abandonmutex ); */
free( (char *) op );
}
@ -45,7 +48,10 @@ slap_op_add(
(*tmp)->o_msgid = msgid;
(*tmp)->o_tag = tag;
(*tmp)->o_abandon = 0;
(*tmp)->o_dn = ch_strdup( dn != NULL ? dn : "" );
(*tmp)->o_ndn = dn_normalize_case( ch_strdup( (*tmp)->o_dn ) );
pthread_mutex_lock( &currenttime_mutex );
(*tmp)->o_time = currenttime;
pthread_mutex_unlock( &currenttime_mutex );

32
servers/slapd/proto-slap.h
View file

@ -7,11 +7,14 @@
* acl.c
*/
int access_allowed LDAP_P(( Backend *be, Connection *conn, Operation *op, Entry *e,
char *attr, struct berval *val, char *dn, int access ));
int access_allowed LDAP_P(( Backend *be, Connection *conn,
Operation *op, Entry *e,
char *attr, struct berval *val, int access ));
struct acl * acl_get_applicable LDAP_P(( Backend *be,
Operation *op, Entry *e,
char *attr, int nmatches, regmatch_t *matches ));
struct acl * acl_get_applicable LDAP_P(( Backend *be, Operation *op, Entry *e,
char *attr, char *edn, int nmatches, regmatch_t *matches ));
int acl_access_allowed LDAP_P(( struct acl *a, Backend *be, Connection *conn, Entry *e,
struct berval *val, Operation *op, int access, char *edn,
regmatch_t *matches ));
@ -55,8 +58,9 @@ void ava_free LDAP_P(( Ava *ava, int freeit ));
Backend * new_backend LDAP_P(( char *type ));
Backend * select_backend LDAP_P(( char * dn ));
int be_issuffix LDAP_P(( Backend *be, char *suffix ));
int be_isroot LDAP_P(( Backend *be, char *dn ));
int be_isroot_pw LDAP_P(( Backend *be, char *dn, struct berval *cred ));
int be_isroot LDAP_P(( Backend *be, char *ndn ));
int be_isroot_pw LDAP_P(( Backend *be, char *ndn, struct berval *cred ));
char* be_root_dn LDAP_P(( Backend *be ));
void be_close LDAP_P(( void ));
/*
@ -259,8 +263,9 @@ extern struct acl *global_acl;
extern struct objclass *global_oc;
extern time_t currenttime;
extern int be_group LDAP_P((Backend *be, Entry *e,
char *bdn, char *edn, char *objectclassValue, char *groupattrName));
extern int be_group LDAP_P((Backend *be, Entry *target,
char *gr_ndn, char *op_ndn,
char *objectclassValue, char *groupattrName));
extern void init LDAP_P((void));
extern void be_unbind LDAP_P((Connection *conn, Operation *op));
extern void config_info LDAP_P((Connection *conn, Operation *op));
@ -287,7 +292,9 @@ extern time_t starttime;
#endif
#ifdef SLAPD_LDBM
extern int ldbm_back_bind LDAP_P((Backend *be, Connection *c, Operation *o, char *dn, int method, struct berval *cred ));
extern int ldbm_back_bind LDAP_P((Backend *be,
Connection *c, Operation *o,
char *dn, int method, struct berval *cred, char** edn ));
extern void ldbm_back_unbind LDAP_P((Backend *be, Connection *c, Operation *o ));
extern int ldbm_back_search LDAP_P((Backend *be, Connection *c, Operation *o, char *base, int scope, int deref, int slimit, int tlimit, Filter *f, char *filterstr, char **attrs, int attrsonly));
extern int ldbm_back_compare LDAP_P((Backend *be, Connection *c, Operation *o, char *dn, Ava *ava));
@ -300,7 +307,8 @@ extern void ldbm_back_config LDAP_P((Backend *be, char *fname, int lineno, int a
extern void ldbm_back_init LDAP_P((Backend *be));
extern void ldbm_back_close LDAP_P((Backend *be));
extern int ldbm_back_group LDAP_P((Backend *be, Entry *target,
char *bdn, char *edn, char *objectclassValue, char *groupattrName ));
char *gr_ndn, char *op_ndn,
char *objectclassValue, char *groupattrName ));
#endif
#ifdef SLAPD_PASSWD
@ -309,7 +317,9 @@ extern void passwd_back_config LDAP_P((Backend *be, char *fname, int lineno, int
#endif
#ifdef SLAPD_SHELL
extern int shell_back_bind LDAP_P((Backend *be, Connection *c, Operation *o, char *dn, int method, struct berval *cred ));
extern int shell_back_bind LDAP_P((Backend *be,
Connection *c, Operation *o,
char *dn, int method, struct berval *cred, char** edn ));
extern void shell_back_unbind LDAP_P((Backend *be, Connection *c, Operation *o ));
extern int shell_back_search LDAP_P((Backend *be, Connection *c, Operation *o, char *base, int scope, int deref, int slimit, int tlimit, Filter *f, char *filterstr, char **attrs, int attrsonly));
extern int shell_back_compare LDAP_P((Backend *be, Connection *c, Operation *o, char *dn, Ava *ava));

16
servers/slapd/result.c
View file

@ -193,14 +193,15 @@ send_search_entry(
Debug( LDAP_DEBUG_TRACE, "=> send_search_entry (%s)\n", e->e_dn, 0, 0 );
if ( ! access_allowed( be, conn, op, e, "entry", NULL, op->o_dn,
ACL_READ ) ) {
if ( ! access_allowed( be, conn, op, e,
"entry", NULL, ACL_READ ) )
{
Debug( LDAP_DEBUG_ACL, "acl: access to entry not allowed\n",
0, 0, 0 );
return( 1 );
}
edn = dn_normalize_case( ch_strdup( e->e_dn ) );
edn = e->e_ndn;
#ifdef LDAP_COMPAT30
if ( (ber = ber_alloc_t( conn->c_version == 30 ? 0 : LBER_USE_DER ))
@ -251,12 +252,12 @@ send_search_entry(
a->a_type, 0, 0 );
acl = NULL;
} else {
acl = acl_get_applicable( be, op, e, a->a_type, edn,
acl = acl_get_applicable( be, op, e, a->a_type,
MAXREMATCHES, matches );
}
if ( ! acl_access_allowed( acl, be, conn, e, NULL, op, ACL_READ,
edn, matches ) )
if ( ! acl_access_allowed( acl, be, conn, e,
NULL, op, ACL_READ, edn, matches ) )
{
continue;
}
@ -302,8 +303,6 @@ send_search_entry(
}
}
free(edn);
#ifdef LDAP_COMPAT30
if ( conn->c_version == 30 ) {
rc = ber_printf( ber, "}}}}" );
@ -382,7 +381,6 @@ send_search_entry(
return( rc );
error_return:;
free(edn);
return( 1 );
}

9
servers/slapd/search.c
View file

@ -73,7 +73,8 @@ do_search(
"Unknown search scope" );
goto return_results;
}
(void) dn_normalize( base );
(void) dn_normalize_case( base );
Debug( LDAP_DEBUG_ARGS, "SRCH \"%s\" %d %d", base, scope, deref );
Debug( LDAP_DEBUG_ARGS, " %d %d %d\n", sizelimit, timelimit,
@ -108,19 +109,19 @@ do_search(
#if defined( SLAPD_MONITOR_DN ) || defined( SLAPD_CONFIG_DN ) || defined( SLAPD_SCHEMA_DN )
if ( scope == LDAP_SCOPE_BASE ) {
#if defined( SLAPD_MONITOR_DN )
if ( strcasecmp( base, SLAPD_MONITOR_DN ) == 0 ) {
if ( strcmp( base, SLAPD_MONITOR_DN ) == 0 ) {
monitor_info( conn, op );
goto return_results;
}
#endif
#if defined( SLAPD_CONFIG_DN )
if ( strcasecmp( base, SLAPD_CONFIG_DN ) == 0 ) {
if ( strcmp( base, SLAPD_CONFIG_DN ) == 0 ) {
config_info( conn, op );
goto return_results;
}
#endif
#if defined( SLAPD_SCHEMA_DN )
if ( strcasecmp( base, SLAPD_SCHEMA_DN ) == 0 ) {
if ( strcmp( base, SLAPD_SCHEMA_DN ) == 0 ) {
schema_info( conn, op );
goto return_results;
}

20
servers/slapd/slap.h
View file

@ -35,6 +35,11 @@
#define MAXREMATCHES 10
#define DNSEPARATOR(c) ((c) == ',' || (c) == ';')
#define SEPARATOR(c) ((c) == ',' || (c) == ';' || (c) == '+')
#define SPACE(c) ((c) == ' ' || (c) == '\n')
#define NEEDSESCAPE(c) ((c) == '\\' || (c) == '"')
LDAP_BEGIN_DECL
struct slap_op;
@ -196,8 +201,9 @@ typedef struct backend Backend;
struct backend {
char **be_suffix; /* the DN suffixes of data in this backend */
char **be_suffixAlias; /* the DN suffix aliases of data in this backend */
char *be_rootdn; /* the magic "root" dn for this db */
char *be_rootpw; /* the magic "root" password for this db */
char *be_root_dn; /* the magic "root" dn for this db */
char *be_root_ndn; /* the magic "root" normalized dn for this db */
char *be_root_pw; /* the magic "root" password for this db */
int be_readonly; /* 1 => db is in "read only" mode */
int be_maxDerefDepth; /* limit for depth of an alias deref */
int be_sizelimit; /* size limit for this backend */
@ -206,7 +212,7 @@ struct backend {
int be_dfltaccess; /* access given if no acl matches */
char **be_replica; /* replicas of this backend (in master) */
char *be_replogfile; /* replication log file (in master) */
char *be_updatedn; /* allowed to make changes (in replicas) */
char *be_update_ndn; /* allowed to make changes (in replicas) */
int be_lastmod; /* keep track of lastmodified{by,time} */
char *be_type; /* type of database */
@ -215,7 +221,7 @@ struct backend {
/* backend routines */
int (*be_bind) LDAP_P((Backend *be,
struct slap_conn *c, struct slap_op *o,
char *dn, int method, struct berval *cred ));
char *dn, int method, struct berval *cred, char** edn ));
void (*be_unbind) LDAP_P((Backend *be,
struct slap_conn *c, struct slap_op *o ));
int (*be_search) LDAP_P((Backend *be,
@ -263,8 +269,7 @@ typedef struct slap_op {
unsigned long o_tag; /* tag of the request */
time_t o_time; /* time op was initiated */
char *o_dn; /* dn bound when op was initiated */
char *o_suffix; /* suffix if aliased */
char *o_suffixAliased; /* pending suffix translation */
char *o_ndn; /* normalized dn bound when op was initiated */
int o_authtype; /* auth method used to bind dn */
/* values taken from ldap.h */
/* LDAP_AUTH_* */
@ -289,7 +294,8 @@ typedef struct slap_op {
typedef struct slap_conn {
Sockbuf c_sb; /* ber connection stuff */
char *c_dn; /* current DN bound to this conn */
char *c_cdn; /* DN provided by the client */
char *c_dn; /* DN bound to this conn */
pthread_mutex_t c_dnmutex; /* mutex for c_dn field */
int c_authtype; /* auth method used to bind c_dn */
#ifdef LDAP_COMPAT

41
servers/slapd/suffixalias.c
View file

@ -1,4 +1,10 @@
/*
* Copyright 1999 The OpenLDAP Foundation, All Rights Reserved.
*
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file in the top level
* directory of this package.
*/
/* Portions
* Copyright (c) 1998 Will Ballantyne, ITSD, Government of BC
* All rights reserved.
*
@ -18,7 +24,7 @@
#include "slap.h"
/*
* given a dn (or root part), return an aliased dn if any of the
* given a normalized uppercased dn (or root part), return an aliased dn if any of the
* alias suffixes match
*/
char *suffixAlias (char *dn, Operation *op, Backend *be)
@ -28,26 +34,31 @@ char *suffixAlias (char *dn, Operation *op, Backend *be)
if(dn == NULL) return NULL;
dnLength = strlen ( dn );
op->o_suffix = NULL;
op->o_suffixAliased = NULL;
for ( i = 0;
be->be_suffixAlias != NULL && be->be_suffixAlias[i] != NULL;
i += 2) {
int aliasLength = strlen (be->be_suffixAlias[i]);
if (aliasLength > dnLength) {
continue;
}
int diff = dnLength - aliasLength;
if (!strcasecmp(be->be_suffixAlias[i],
dn + (dnLength - aliasLength))) {
if ( diff < 0 ) {
/* alias is longer than dn */
continue;
} else if ( diff > 0 ) {
if ( ! DNSEPARATOR(dn[diff-1]) ) {
/* boundary is not at a DN separator */
continue;
}
/* At a DN Separator */
/* XXX or an escaped separator... oh well */
}
if (!strcmp(be->be_suffixAlias[i], &dn[diff])) {
char *oldDN = dn;
op->o_suffixAliased = ch_strdup ( be->be_suffixAlias[i] );
dn = ch_malloc ( (dnLength - aliasLength) +
strlen (be->be_suffixAlias[ i+1 ]) + 1);
strncpy (dn, oldDN, dnLength - aliasLength);
strcpy (dn + (dnLength - aliasLength), be->be_suffixAlias[ i+1 ]);
op->o_suffix = ch_strdup (dn);
Debug( LDAP_DEBUG_ARGS, "ALIAS: converted %s to %s", oldDN, dn, 0);
dn = ch_malloc( diff + strlen(be->be_suffixAlias[i+1]) + 1 );
strncpy( dn, oldDN, diff );
strcpy( &dn[diff], be->be_suffixAlias[i+1] );
Debug( LDAP_DEBUG_ARGS, "SuffixAlias: converted \"%s\" to \"%s\"",
oldDN, dn, 0);
free (oldDN);
break;
}

2
servers/slapd/tools/ldbmtest.c
View file

@ -289,7 +289,7 @@ main( int argc, char **argv )
} else {
buf[strlen( buf ) - 1] = '\0';
}
(void) dn_normalize( buf );
(void) dn_normalize_case( buf );
if ( (tbe = select_backend( buf )) == NULL ) {
fprintf( stderr, "unknown suffix \"%s\"\n",
buf );

2
servers/slapd/tools/ldif2id2children.c
View file

@ -270,7 +270,7 @@ main( int argc, char **argv )
key );
free( dn );
if ( data.dptr == NULL ) {
dn_normalize( val );
dn_normalize_case( val );
if ( ! be_issuffix( be,
val ) ) {
Debug( LDAP_DEBUG_PARSE, "no parent \"%s\" of \"%s\"\n", dn, val, 0 );

24
tests/data/modify.out.master
View file

@ -7,7 +7,7 @@ cn: All Staff
joinable: FALSE
multilinedescription: Everyone in the sample data
objectclass: rfc822mailgroup
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
dn: cn=Alumni Assoc Staff,ou=Groups,o=University of Michigan,c=US
member: cn=Manager, o=University of Michigan, c=US
@ -67,7 +67,7 @@ drink: water
lastmodifiedtime: 960404035839Z
lastmodifiedby: cn=Barbara Jensen, ou=Information Technology Division, ou=Peop
le, o=University of Michigan, c=US
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 2333
pager: +1 313 555 3233
facsimiletelephonenumber: +1 313 555 2274
@ -97,7 +97,7 @@ homephone: +1 313 555 5444
pager: +1 313 555 4474
facsimiletelephonenumber: +1 313 555 2177
telephonenumber: +1 313 555 0355
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
multilinedescription: The replaced multiLineDescription $ Blah Woof.
drink: Iced Tea
drink: Mad Dog 20/20
@ -125,7 +125,7 @@ multilinedescription: Very tall
facsimiletelephonenumber: +1 313 555 3223
telephonenumber: +1 313 555 3664
mail: dots@mail.alumni.umich.edu
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 0454
dn: cn=Gern Jensen, ou=Information Technology Division, ou=People, o=Universit
@ -150,7 +150,7 @@ facsimiletelephonenumber: +1 313 555 7557
telephonenumber: +1 313 555 8343
mail: gjensen@mailgw.umich.edu
homephone: +1 313 555 8844
creatorsname: cn=Manager,o=University of Michigan,c=US
creatorsname: cn=Manager, o=University of Michigan, c=US
dn: ou=Groups, o=University of Michigan, c=US
objectclass: top
@ -186,7 +186,7 @@ member: cn=Dorothy Stevens, ou=Alumni Association, ou=People, o=University of
member: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of
Michigan, c=US
labeledurl: http://www.itd.umich.edu ITD Home Page
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
dn: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of Mich
igan, c=US
@ -214,7 +214,7 @@ pager: +1 313 555 3923
mail: jaj@mail.alumni.umich.edu
facsimiletelephonenumber: +1 313 555 4332
telephonenumber: +1 313 555 0895
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
drink: Orange Juice
dn: cn=Jane Doe, ou=Alumni Association, ou=People, o=University of Michigan, c
@ -238,7 +238,7 @@ onvacation: FALSE
drink: diet coke
multilinedescription: Enthusiastic
mail: jdoe@woof.net
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 5445
pager: +1 313 555 1220
facsimiletelephonenumber: +1 313 555 2311
@ -264,7 +264,7 @@ drink: Sam Adams
homepostaladdress: 1000 Maple #44 $ Ann Arbor, MI 48103
title: Telemarketer, UM Alumni Association
mail: jen@mail.alumni.umich.edu
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 2333
pager: +1 313 555 6442
facsimiletelephonenumber: +1 313 555 2756
@ -290,7 +290,7 @@ homepostaladdress: 912 East Bllvd $ Ann Arbor, MI 48104
title: System Administrator, Information Technology Division
multilinedescription: overworked!
mail: johnd@mailgw.umich.edu
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 3774
pager: +1 313 555 6573
facsimiletelephonenumber: +1 313 555 4544
@ -332,7 +332,7 @@ homephone: +1 313 555 0388
drink: Gasoline
title: Director, UM Alumni Association
mail: melliot@mail.alumni.umich.edu
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
pager: +1 313 555 7671
facsimiletelephonenumber: +1 313 555 7762
telephonenumber: +1 313 555 4177
@ -384,7 +384,7 @@ krbname: jdoe@umich.edu
nobatchupdates: TRUE
onvacation: FALSE
mail: uham@mail.alumni.umich.edu
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 8421
pager: +1 313 555 2844
facsimiletelephonenumber: +1 313 555 9700

10
tests/data/search.out.master
View file

@ -27,7 +27,7 @@ lastmodifiedtime: 960404035839Z
lastmodifiedby: cn=Barbara Jensen, ou=Information Technology Division, ou=Peop
le, o=University of Michigan, c=US
modifytimestamp: 960404171405Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 2333
pager: +1 313 555 3233
facsimiletelephonenumber: +1 313 555 2274
@ -56,7 +56,7 @@ title: Director, Embedded Systems
postaladdress: Info Tech Division $ 535 W. William St. $ Ann Arbor, MI 48103
mail: bjorn@mailgw.umich.edu
modifytimestamp: 960404171424Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 5444
pager: +1 313 555 4474
facsimiletelephonenumber: +1 313 555 2177
@ -132,7 +132,7 @@ member: cn=James A Jones 2, ou=Information Technology Division, ou=People, o=U
member: cn=John Doe, ou=Information Technology Division, ou=People, o=Universi
ty of Michigan, c=US
modifytimestamp: 960404171730Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
labeledurl: http://www.itd.umich.edu ITD Home Page
dn: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of Mich
@ -160,7 +160,7 @@ title: Mad Cow Researcher, UM Alumni Association
pager: +1 313 555 3923
mail: jaj@mail.alumni.umich.edu
modifytimestamp: 960404171231Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
facsimiletelephonenumber: +1 313 555 4332
telephonenumber: +1 313 555 0895
dn: cn=All Staff,ou=Groups,o=University of Michigan,c=US
@ -310,7 +310,7 @@ member: cn=James A Jones 2, ou=Information Technology Division, ou=People, o=U
niversity of Michigan, c=US
member: cn=John Doe, ou=Information Technology Division, ou=People, o=Universi
ty of Michigan, c=US
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
labeledurl: http://www.itd.umich.edu ITD Home Page
dn: ou=People, o=University of Michigan, c=US

1
tests/data/slapd-repl-slave.conf
View file

@ -18,3 +18,4 @@ updatedn "cn=Manager, o=University of Michigan, c=US"
index cn,sn,uid pres,eq,approx
index default none
lastmod on
dbcachenowsync

22
tests/data/test-ordered.ldif
View file

@ -134,7 +134,7 @@ lastmodifiedtime: 960404035839Z
lastmodifiedby: cn=Barbara Jensen, ou=Information Technology Division, ou=Peop
le, o=University of Michigan, c=US
modifytimestamp: 960404171405Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 2333
pager: +1 313 555 3233
facsimiletelephonenumber: +1 313 555 2274
@ -163,7 +163,7 @@ title: Director, Embedded Systems
postaladdress: Info Tech Division $ 535 W. William St. $ Ann Arbor, MI 48103
mail: bjorn@mailgw.umich.edu
modifytimestamp: 960404171424Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 5444
pager: +1 313 555 4474
facsimiletelephonenumber: +1 313 555 2177
@ -193,7 +193,7 @@ facsimiletelephonenumber: +1 313 555 3223
telephonenumber: +1 313 555 3664
mail: dots@mail.alumni.umich.edu
modifytimestamp: 960404171218Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 0454
dn: cn=ITD Staff,ou=Groups,o=University of Michigan,c=US
@ -213,7 +213,7 @@ member: cn=James A Jones 2, ou=Information Technology Division, ou=People, o=U
member: cn=John Doe, ou=Information Technology Division, ou=People, o=Universi
ty of Michigan, c=US
modifytimestamp: 960404171730Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
labeledurl: http://www.itd.umich.edu ITD Home Page
dn: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of Mich
@ -241,7 +241,7 @@ title: Mad Cow Researcher, UM Alumni Association
pager: +1 313 555 3923
mail: jaj@mail.alumni.umich.edu
modifytimestamp: 960404171231Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
facsimiletelephonenumber: +1 313 555 4332
telephonenumber: +1 313 555 0895
@ -268,7 +268,7 @@ multilinedescription: Not around very much
mail: jjones@mailgw.umich.edu
postaladdress: Info Tech Division $ 535 W William $ Ann Arbor, MI 48103
modifytimestamp: 960404171442Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
pager: +1 313 555 2833
facsimiletelephonenumber: +1 313 555 8688
telephonenumber: +1 313 555 7334
@ -295,7 +295,7 @@ drink: diet coke
multilinedescription: Enthusiastic
mail: jdoe@woof.net
modifytimestamp: 960404171249Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 5445
pager: +1 313 555 1220
facsimiletelephonenumber: +1 313 555 2311
@ -322,7 +322,7 @@ homepostaladdress: 1000 Maple #44 $ Ann Arbor, MI 48103
title: Telemarketer, UM Alumni Association
mail: jen@mail.alumni.umich.edu
modifytimestamp: 960404171309Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 2333
pager: +1 313 555 6442
facsimiletelephonenumber: +1 313 555 2756
@ -349,7 +349,7 @@ title: System Administrator, Information Technology Division
multilinedescription: overworked!
mail: johnd@mailgw.umich.edu
modifytimestamp: 960404171509Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 3774
pager: +1 313 555 6573
facsimiletelephonenumber: +1 313 555 4544
@ -392,7 +392,7 @@ drink: Gasoline
title: Director, UM Alumni Association
mail: melliot@mail.alumni.umich.edu
modifytimestamp: 960404171327Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
pager: +1 313 555 7671
facsimiletelephonenumber: +1 313 555 7762
telephonenumber: +1 313 555 4177
@ -416,7 +416,7 @@ nobatchupdates: TRUE
onvacation: FALSE
mail: uham@mail.alumni.umich.edu
modifytimestamp: 960404171346Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 8421
pager: +1 313 555 2844
facsimiletelephonenumber: +1 313 555 9700

22
tests/data/test.ldif
View file

@ -88,7 +88,7 @@ lastmodifiedtime: 960404035839Z
lastmodifiedby: cn=Barbara Jensen, ou=Information Technology Division, ou=Peop
le, o=University of Michigan, c=US
modifytimestamp: 960404171405Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 2333
pager: +1 313 555 3233
facsimiletelephonenumber: +1 313 555 2274
@ -117,7 +117,7 @@ title: Director, Embedded Systems
postaladdress: Info Tech Division $ 535 W. William St. $ Ann Arbor, MI 48103
mail: bjorn@mailgw.umich.edu
modifytimestamp: 960404171424Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 5444
pager: +1 313 555 4474
facsimiletelephonenumber: +1 313 555 2177
@ -147,7 +147,7 @@ facsimiletelephonenumber: +1 313 555 3223
telephonenumber: +1 313 555 3664
mail: dots@mail.alumni.umich.edu
modifytimestamp: 960404171218Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 0454
dn: ou=Groups, o=University of Michigan, c=US
@ -184,7 +184,7 @@ member: cn=James A Jones 2, ou=Information Technology Division, ou=People, o=U
member: cn=John Doe, ou=Information Technology Division, ou=People, o=Universi
ty of Michigan, c=US
modifytimestamp: 960404171730Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
labeledurl: http://www.itd.umich.edu ITD Home Page
dn: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of Mich
@ -212,7 +212,7 @@ title: Mad Cow Researcher, UM Alumni Association
pager: +1 313 555 3923
mail: jaj@mail.alumni.umich.edu
modifytimestamp: 960404171231Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
facsimiletelephonenumber: +1 313 555 4332
telephonenumber: +1 313 555 0895
@ -239,7 +239,7 @@ multilinedescription: Not around very much
mail: jjones@mailgw.umich.edu
postaladdress: Info Tech Division $ 535 W William $ Ann Arbor, MI 48103
modifytimestamp: 960404171442Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
pager: +1 313 555 2833
facsimiletelephonenumber: +1 313 555 8688
telephonenumber: +1 313 555 7334
@ -266,7 +266,7 @@ drink: diet coke
multilinedescription: Enthusiastic
mail: jdoe@woof.net
modifytimestamp: 960404171249Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 5445
pager: +1 313 555 1220
facsimiletelephonenumber: +1 313 555 2311
@ -293,7 +293,7 @@ homepostaladdress: 1000 Maple #44 $ Ann Arbor, MI 48103
title: Telemarketer, UM Alumni Association
mail: jen@mail.alumni.umich.edu
modifytimestamp: 960404171309Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 2333
pager: +1 313 555 6442
facsimiletelephonenumber: +1 313 555 2756
@ -320,7 +320,7 @@ title: System Administrator, Information Technology Division
multilinedescription: overworked!
mail: johnd@mailgw.umich.edu
modifytimestamp: 960404171509Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 3774
pager: +1 313 555 6573
facsimiletelephonenumber: +1 313 555 4544
@ -363,7 +363,7 @@ drink: Gasoline
title: Director, UM Alumni Association
mail: melliot@mail.alumni.umich.edu
modifytimestamp: 960404171327Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
pager: +1 313 555 7671
facsimiletelephonenumber: +1 313 555 7762
telephonenumber: +1 313 555 4177
@ -416,7 +416,7 @@ nobatchupdates: TRUE
onvacation: FALSE
mail: uham@mail.alumni.umich.edu
modifytimestamp: 960404171346Z
modifiersname: cn=Manager,o=University of Michigan,c=US
modifiersname: cn=Manager, o=University of Michigan, c=US
homephone: +1 313 555 8421
pager: +1 313 555 2844
facsimiletelephonenumber: +1 313 555 9700