upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-24 00:29:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Changed sai_dn, sai_ndn to struct berval. (Affects op->o_dn,o_ndn,

Browse source 
conn->c_dn,c_ndn, Access->a_dn_pat)
This commit is contained in:
Howard Chu 2001-12-24 15:11:01 +00:00
parent 9969058a06
commit 2f3399265c
28 changed files with 152 additions and 135 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

61
servers/slapd/acl.c
View file

@ -117,7 +117,7 @@ access_allowed(
assert( be != NULL );
/* grant database root access */
if ( be != NULL && be_isroot( be, op->o_ndn ) ) {
if ( be != NULL && be_isroot( be, op->o_ndn.bv_val ) ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "acl", LDAP_LEVEL_INFO,
"access_allowed: conn %d root access granted\n",
@ -480,7 +480,7 @@ acl_mask(
Debug( LDAP_DEBUG_ACL,
"=> acl_mask: to %s by \"%s\", (%s) \n",
val ? "value" : "all values",
op->o_ndn ? op->o_ndn : "",
op->o_ndn.bv_val ? op->o_ndn.bv_val : "",
accessmask2str( *mask, accessmaskbuf ) );
#endif
@ -490,43 +490,47 @@ acl_mask(
ACL_INVALIDATE( modmask );
/* AND <who> clauses */
if ( b->a_dn_pat != NULL ) {
if ( b->a_dn_pat.bv_len != 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "acl", LDAP_LEVEL_DETAIL1,
"acl_mask: conn %d check a_dn_pat: %s\n",
conn->c_connid, b->a_dn_pat ));
conn->c_connid, b->a_dn_pat.bv_val ));
#else
Debug( LDAP_DEBUG_ACL, "<= check a_dn_pat: %s\n",
b->a_dn_pat, 0, 0);
b->a_dn_pat.bv_val, 0, 0);
#endif
/*
* if access applies to the entry itself, and the
* user is bound as somebody in the same namespace as
* the entry, OR the given dn matches the dn pattern
*/
if ( strcmp( b->a_dn_pat, "anonymous" ) == 0 ) {
if (op->o_ndn != NULL && op->o_ndn[0] != '\0' ) {
if ( b->a_dn_pat.bv_len == sizeof("anonymous") -1 &&
strcmp( b->a_dn_pat.bv_val, "anonymous" ) == 0 ) {
if (op->o_ndn.bv_len != 0 ) {
continue;
}
} else if ( strcmp( b->a_dn_pat, "users" ) == 0 ) {
if (op->o_ndn == NULL || op->o_ndn[0] == '\0' ) {
} else if ( b->a_dn_pat.bv_len == sizeof("users") - 1 &&
strcmp( b->a_dn_pat.bv_val, "users" ) == 0 ) {
if (op->o_ndn.bv_len == 0 ) {
continue;
}
} else if ( strcmp( b->a_dn_pat, "self" ) == 0 ) {
if( op->o_ndn == NULL || op->o_ndn[0] == '\0' ) {
} else if ( b->a_dn_pat.bv_len == sizeof("self") - 1 &&
strcmp( b->a_dn_pat.bv_val, "self" ) == 0 ) {
if( op->o_ndn.bv_len == 0 ) {
continue;
}
if ( e->e_dn == NULL || strcmp( e->e_ndn, op->o_ndn ) != 0 ) {
if ( e->e_dn == NULL || strcmp( e->e_ndn, op->o_ndn.bv_val ) != 0 ) {
continue;
}
} else if ( b->a_dn_style == ACL_STYLE_REGEX ) {
if ( strcmp( b->a_dn_pat, "*" ) != 0 ) {
int ret = regex_matches( b->a_dn_pat,
op->o_ndn, e->e_ndn, matches );
if ( b->a_dn_pat.bv_len != 1 ||
strcmp( b->a_dn_pat.bv_val, "*" ) != 0 ) {
int ret = regex_matches( b->a_dn_pat.bv_val,
op->o_ndn.bv_val, e->e_ndn, matches );
if( ret == 0 ) {
continue;
@ -537,8 +541,8 @@ acl_mask(
if ( e->e_dn == NULL )
continue;
patlen = strlen( b->a_dn_pat );
odnlen = strlen( op->o_ndn );
patlen = b->a_dn_pat.bv_len;
odnlen = op->o_ndn.bv_len;
if ( odnlen < patlen )
continue;
@ -553,25 +557,25 @@ acl_mask(
if ( odnlen <= patlen )
continue;
if ( !DN_SEPARATOR( op->o_ndn[odnlen - patlen - 1] ) || DN_ESCAPE( op->o_ndn[odnlen - patlen - 2] ) )
if ( !DN_SEPARATOR( op->o_ndn.bv_val[odnlen - patlen - 1] ) || DN_ESCAPE( op->o_ndn.bv_val[odnlen - patlen - 2] ) )
continue;
rdnlen = dn_rdnlen( NULL, op->o_ndn );
rdnlen = dn_rdnlen( NULL, op->o_ndn.bv_val );
if ( rdnlen != odnlen - patlen - 1 )
continue;
} else if ( b->a_dn_style == ACL_STYLE_SUBTREE ) {
if ( odnlen > patlen && ( !DN_SEPARATOR( op->o_ndn[odnlen - patlen - 1] ) || DN_ESCAPE( op->o_ndn[odnlen - patlen - 2] ) ) )
if ( odnlen > patlen && ( !DN_SEPARATOR( op->o_ndn.bv_val[odnlen - patlen - 1] ) || DN_ESCAPE( op->o_ndn.bv_val[odnlen - patlen - 2] ) ) )
continue;
} else if ( b->a_dn_style == ACL_STYLE_CHILDREN ) {
if ( odnlen <= patlen )
continue;
if ( !DN_SEPARATOR( op->o_ndn[odnlen - patlen - 1] ) || DN_ESCAPE( op->o_ndn[odnlen - patlen - 2] ) )
if ( !DN_SEPARATOR( op->o_ndn.bv_val[odnlen - patlen - 1] ) || DN_ESCAPE( op->o_ndn.bv_val[odnlen - patlen - 2] ) )
continue;
}
if ( strcmp( b->a_dn_pat, op->o_ndn + odnlen - patlen ) != 0 )
if ( strcmp( b->a_dn_pat.bv_val, op->o_ndn.bv_val + odnlen - patlen ) != 0 )
continue;
}
@ -670,7 +674,7 @@ acl_mask(
}
}
if ( b->a_dn_at != NULL && op->o_ndn != NULL ) {
if ( b->a_dn_at != NULL && op->o_ndn.bv_len != 0 ) {
Attribute *at;
struct berval bv;
int rc, match = 0;
@ -687,8 +691,7 @@ acl_mask(
Debug( LDAP_DEBUG_ACL, "<= check a_dn_at: %s\n",
attr, 0, 0);
#endif
bv.bv_val = op->o_ndn;
bv.bv_len = strlen( bv.bv_val );
bv = op->o_ndn;
/* see if asker is listed in dnattr */
for( at = attrs_find( e->e_attrs, b->a_dn_at );
@ -742,7 +745,7 @@ acl_mask(
}
}
if ( b->a_group_pat != NULL && op->o_ndn != NULL ) {
if ( b->a_group_pat != NULL && op->o_ndn.bv_len != 0 ) {
char buf[1024];
/* b->a_group is an unexpanded entry name, expanded it should be an
@ -761,7 +764,7 @@ acl_mask(
buf[sizeof(buf) - 1] = 0;
}
if (backend_group(be, conn, op, e, buf, op->o_ndn,
if (backend_group(be, conn, op, e, buf, op->o_ndn.bv_val,
b->a_group_oc, b->a_group_at) != 0)
{
continue;
@ -1014,7 +1017,7 @@ acl_check_modlist(
assert( be != NULL );
/* short circuit root database access */
if ( be_isroot( be, op->o_ndn ) ) {
if ( be_isroot( be, op->o_ndn.bv_val ) ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "acl", LDAP_LEVEL_DETAIL1,
"acl_check_modlist: conn %d access granted to root user\n",
@ -1301,7 +1304,7 @@ aci_match_set (
cookie.e = e;
cookie.conn = conn;
cookie.op = op;
rc = (set_filter(aci_set_gather, &cookie, set, op->o_ndn, e->e_ndn, NULL) > 0);
rc = (set_filter(aci_set_gather, &cookie, set, op->o_ndn.bv_val, e->e_ndn, NULL) > 0);
ch_free(set);
}
return(rc);

23
servers/slapd/aclparse.c
View file

@ -362,14 +362,15 @@ parse_acl(
}
if( pat != NULL ) {
if( b->a_dn_pat != NULL ) {
if( b->a_dn_pat.bv_len != 0 ) {
fprintf( stderr,
"%s: line %d: dn pattern already specified.\n",
fname, lineno );
acl_usage();
}
b->a_dn_pat = pat;
b->a_dn_pat.bv_val = pat;
b->a_dn_pat.bv_len = strlen( pat );
b->a_dn_style = sty;
if ( sty != ACL_STYLE_REGEX )
dn_normalize(pat);
@ -1220,8 +1221,8 @@ acl_append( AccessControl **l, AccessControl *a )
static void
access_free( Access *a )
{
if ( a->a_dn_pat )
free ( a->a_dn_pat );
if ( a->a_dn_pat.bv_val )
free ( a->a_dn_pat.bv_val );
if ( a->a_peername_pat )
free ( a->a_peername_pat );
if ( a->a_sockname_pat )
@ -1341,16 +1342,16 @@ print_access( Access *b )
fprintf( stderr, "\tby" );
if ( b->a_dn_pat != NULL ) {
if( strcmp(b->a_dn_pat, "*") == 0
|| strcmp(b->a_dn_pat, "users") == 0
|| strcmp(b->a_dn_pat, "anonymous") == 0
|| strcmp(b->a_dn_pat, "self") == 0 )
if ( b->a_dn_pat.bv_len != 0 ) {
if( strcmp(b->a_dn_pat.bv_val, "*") == 0
|| strcmp(b->a_dn_pat.bv_val, "users") == 0
|| strcmp(b->a_dn_pat.bv_val, "anonymous") == 0
|| strcmp(b->a_dn_pat.bv_val, "self") == 0 )
{
fprintf( stderr, " %s", b->a_dn_pat );
fprintf( stderr, " %s", b->a_dn_pat.bv_val );
} else {
fprintf( stderr, " dn.%s=%s", style_strings[b->a_dn_style], b->a_dn_pat );
fprintf( stderr, " dn.%s=%s", style_strings[b->a_dn_style], b->a_dn_pat.bv_val );
}
}

2
servers/slapd/add.c
View file

@ -266,7 +266,7 @@ do_add( Connection *conn, Operation *op )
*/
if ( be->be_add ) {
/* do the update here */
int repl_user = be_isupdate(be, op->o_ndn );
int repl_user = be_isupdate(be, op->o_ndn.bv_val );
#ifndef SLAPD_MULTIMASTER
if ( be->be_update_ndn == NULL || repl_user )
#endif

4
servers/slapd/back-bdb/add.c
View file

@ -192,8 +192,8 @@ retry: rc = txn_abort( ltid );
* must be adding entry to at suffix
* or with parent ""
*/
if ( !be_isroot( be, op->o_ndn )) {
if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn ) ) {
if ( !be_isroot( be, op->o_ndn.bv_val )) {
if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn.bv_val ) ) {
p = (Entry *)&slap_entry_root;

4
servers/slapd/back-bdb/delete.c
View file

@ -161,8 +161,8 @@ retry: /* transaction retry */
} else {
/* no parent, must be root to delete */
if( ! be_isroot( be, op->o_ndn ) ) {
if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn ) ) {
if( ! be_isroot( be, op->o_ndn.bv_val ) ) {
if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn.bv_val ) ) {
p = (Entry *)&slap_entry_root;
/* check parent for "children" acl */

8
servers/slapd/back-bdb/modify.c
View file

@ -50,7 +50,7 @@ int bdb_modify_internal(
switch ( mod->sm_op ) {
case LDAP_MOD_ADD:
Debug(LDAP_DEBUG_ARGS, "bdb_modify_internal: add\n", 0, 0, 0);
err = add_values( e, mod, op->o_ndn );
err = add_values( e, mod, op->o_ndn.bv_val );
if( err != LDAP_SUCCESS ) {
*text = "modify: add values failed";
@ -61,7 +61,7 @@ int bdb_modify_internal(
case LDAP_MOD_DELETE:
Debug(LDAP_DEBUG_ARGS, "bdb_modify_internal: delete\n", 0, 0, 0);
err = delete_values( e, mod, op->o_ndn );
err = delete_values( e, mod, op->o_ndn.bv_val );
assert( err != LDAP_TYPE_OR_VALUE_EXISTS );
if( err != LDAP_SUCCESS ) {
*text = "modify: delete values failed";
@ -72,7 +72,7 @@ int bdb_modify_internal(
case LDAP_MOD_REPLACE:
Debug(LDAP_DEBUG_ARGS, "bdb_modify_internal: replace\n", 0, 0, 0);
err = replace_values( e, mod, op->o_ndn );
err = replace_values( e, mod, op->o_ndn.bv_val );
assert( err != LDAP_TYPE_OR_VALUE_EXISTS );
if( err != LDAP_SUCCESS ) {
*text = "modify: replace values failed";
@ -87,7 +87,7 @@ int bdb_modify_internal(
* We need to add index if necessary.
*/
mod->sm_op = LDAP_MOD_ADD;
err = add_values( e, mod, op->o_ndn );
err = add_values( e, mod, op->o_ndn.bv_val );
if ( err == LDAP_TYPE_OR_VALUE_EXISTS ) {
err = LDAP_SUCCESS;

8
servers/slapd/back-bdb/modrdn.c
View file

@ -212,9 +212,9 @@ retry: /* transaction retry */
} else {
/* no parent, modrdn entry directly under root */
isroot = be_isroot( be, op->o_ndn );
isroot = be_isroot( be, op->o_ndn.bv_val );
if ( ! isroot ) {
if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn ) ) {
if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn.bv_val ) ) {
p = (Entry *)&slap_entry_root;
@ -328,14 +328,14 @@ retry: /* transaction retry */
} else {
if ( isroot == -1 ) {
isroot = be_isroot( be, op->o_ndn );
isroot = be_isroot( be, op->o_ndn.bv_val );
}
np_dn = ch_strdup( "" );
/* no parent, modrdn entry directly under root */
if ( ! isroot ) {
if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn ) ) {
if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn.bv_val ) ) {
np = (Entry *)&slap_entry_root;

2
servers/slapd/back-bdb/passwd.c
View file

@ -73,7 +73,7 @@ bdb_exop_passwd(
goto done;
}
dn = id ? id->bv_val : op->o_dn;
dn = id ? id->bv_val : op->o_dn.bv_val;
Debug( LDAP_DEBUG_TRACE, "bdb_exop_passwd: \"%s\"%s\n",
dn, id ? " (proxy)" : "", 0 );

4
servers/slapd/back-bdb/search.c
View file

@ -157,10 +157,10 @@ bdb_search(
}
/* if not root, get appropriate limits */
if ( be_isroot( be, op->o_ndn ) ) {
if ( be_isroot( be, op->o_ndn.bv_val ) ) {
isroot = 1;
} else {
( void ) get_limits( be, op->o_ndn, &limit );
( void ) get_limits( be, op->o_ndn.bv_val, &limit );
}
/* The time/size limits come first because they require very little

4
servers/slapd/back-ldap/search.c
View file

@ -85,10 +85,10 @@ ldap_back_search(
}
/* if not root, get appropriate limits */
if ( be_isroot( be, op->o_ndn ) ) {
if ( be_isroot( be, op->o_ndn.bv_val ) ) {
isroot = 1;
} else {
( void ) get_limits( be, op->o_ndn, &limit );
( void ) get_limits( be, op->o_ndn.bv_val, &limit );
}
/* if no time limit requested, rely on remote server limits */

4
servers/slapd/back-ldbm/add.c
View file

@ -205,9 +205,9 @@ ldbm_back_add(
}
/* no parent, must be adding entry to root */
if ( !be_isroot( be, op->o_ndn ) ) {
if ( !be_isroot( be, op->o_ndn.bv_val ) ) {
if ( be_issuffix( be, "" )
|| be_isupdate( be, op->o_ndn ) ) {
|| be_isupdate( be, op->o_ndn.bv_val ) ) {
p = (Entry *)&slap_entry_root;
rc = access_allowed( be, conn, op, p,

4
servers/slapd/back-ldbm/delete.c
View file

@ -153,9 +153,9 @@ ldbm_back_delete(
} else {
/* no parent, must be root to delete */
if( ! be_isroot( be, op->o_ndn ) ) {
if( ! be_isroot( be, op->o_ndn.bv_val ) ) {
if ( be_issuffix( be, "" )
|| be_isupdate( be, op->o_ndn ) ) {
|| be_isupdate( be, op->o_ndn.bv_val ) ) {
p = (Entry *)&slap_entry_root;
rc = access_allowed( be, conn, op, p,

8
servers/slapd/back-ldbm/modify.c
View file

@ -71,7 +71,7 @@ int ldbm_modify_internal(
Debug(LDAP_DEBUG_ARGS, "ldbm_modify_internal: add\n", 0, 0, 0);
#endif
err = add_values( e, mod, op->o_ndn );
err = add_values( e, mod, op->o_ndn.bv_val );
if( err != LDAP_SUCCESS ) {
*text = "modify: add values failed";
@ -94,7 +94,7 @@ int ldbm_modify_internal(
Debug(LDAP_DEBUG_ARGS, "ldbm_modify_internal: delete\n", 0, 0, 0);
#endif
err = delete_values( e, mod, op->o_ndn );
err = delete_values( e, mod, op->o_ndn.bv_val );
assert( err != LDAP_TYPE_OR_VALUE_EXISTS );
if( err != LDAP_SUCCESS ) {
*text = "modify: delete values failed";
@ -116,7 +116,7 @@ int ldbm_modify_internal(
Debug(LDAP_DEBUG_ARGS, "ldbm_modify_internal: replace\n", 0, 0, 0);
#endif
err = replace_values( e, mod, op->o_ndn );
err = replace_values( e, mod, op->o_ndn.bv_val );
assert( err != LDAP_TYPE_OR_VALUE_EXISTS );
if( err != LDAP_SUCCESS ) {
*text = "modify: replace values failed";
@ -143,7 +143,7 @@ int ldbm_modify_internal(
* We need to add index if necessary.
*/
mod->sm_op = LDAP_MOD_ADD;
err = add_values( e, mod, op->o_ndn );
err = add_values( e, mod, op->o_ndn.bv_val );
if ( err == LDAP_TYPE_OR_VALUE_EXISTS ) {
err = LDAP_SUCCESS;

8
servers/slapd/back-ldbm/modrdn.c
View file

@ -206,10 +206,10 @@ ldbm_back_modrdn(
} else {
/* no parent, must be root to modify rdn */
isroot = be_isroot( be, op->o_ndn );
isroot = be_isroot( be, op->o_ndn.bv_val );
if ( ! be_isroot ) {
if ( be_issuffix( be, "" )
|| be_isupdate( be, op->o_ndn ) ) {
|| be_isupdate( be, op->o_ndn.bv_val ) ) {
p = (Entry *)&slap_entry_root;
rc = access_allowed( be, conn, op, p,
@ -383,12 +383,12 @@ ldbm_back_modrdn(
/* no parent, must be root to modify newSuperior */
if ( isroot == -1 ) {
isroot = be_isroot( be, op->o_ndn );
isroot = be_isroot( be, op->o_ndn.bv_val );
}
if ( ! be_isroot ) {
if ( be_issuffix( be, "" )
|| be_isupdate( be, op->o_ndn ) ) {
|| be_isupdate( be, op->o_ndn.bv_val ) ) {
np = (Entry *)&slap_entry_root;
rc = access_allowed( be, conn, op, np,

4
servers/slapd/back-ldbm/passwd.c
View file

@ -80,7 +80,7 @@ ldbm_back_exop_passwd(
goto done;
}
dn = id ? id->bv_val : op->o_dn;
dn = id ? id->bv_val : op->o_dn.bv_val;
#ifdef NEW_LOGGING
LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
@ -141,7 +141,7 @@ ldbm_back_exop_passwd(
ml.sml_next = NULL;
rc = ldbm_modify_internal( be,
conn, op, op->o_ndn, &ml, e, text, textbuf,
conn, op, op->o_ndn.bv_val, &ml, e, text, textbuf,
sizeof( textbuf ) );
/* FIXME: ldbm_modify_internal may set *tex = textbuf,

4
servers/slapd/back-ldbm/search.c
View file

@ -206,10 +206,10 @@ searchit:
}
/* if not root, get appropriate limits */
if ( be_isroot( be, op->o_ndn ) ) {
if ( be_isroot( be, op->o_ndn.bv_val ) ) {
isroot = 1;
} else {
( void ) get_limits( be, op->o_ndn, &limit );
( void ) get_limits( be, op->o_ndn.bv_val, &limit );
}
/* if candidates exceed to-be-checked entries, abort */

4
servers/slapd/back-meta/search.c
View file

@ -149,10 +149,10 @@ meta_back_search(
nbaselen = strlen( nbase );
/* if not root, get appropriate limits */
if ( be_isroot( be, op->o_ndn ) ) {
if ( be_isroot( be, op->o_ndn.bv_val ) ) {
isroot = 1;
} else {
( void ) get_limits( be, op->o_ndn, &limit );
( void ) get_limits( be, op->o_ndn.bv_val, &limit );
}
/* if no time limit requested, rely on remote server limits */

4
servers/slapd/back-sql/search.c
View file

@ -547,7 +547,7 @@ int backsql_search(BackendDB *be,Connection *conn,Operation *op,
/* TimesTen : Pass it along to the lower level routines */
srch_info.isTimesTen = bi->isTimesTen;
if (tlimit == 0 && be_isroot(be,op->o_dn))
if (tlimit == 0 && be_isroot(be,op->o_ndn.bv_val))
{
tlimit = -1; /* allow root to set no limit */
}
@ -558,7 +558,7 @@ int backsql_search(BackendDB *be,Connection *conn,Operation *op,
stoptime = op->o_time + tlimit;
}
if (slimit == 0 && be_isroot(be,op->o_dn))
if (slimit == 0 && be_isroot(be,op->o_ndn.bv_val))
{
slimit = -1; /* allow root to set no limit */
}

10
servers/slapd/backend.c
View file

@ -887,7 +887,7 @@ backend_check_restrictions(
return LDAP_CONFIDENTIALITY_REQUIRED;
}
if( op->o_ndn == NULL ) {
if( op->o_ndn.bv_len == 0 ) {
*text = "modifications require authentication";
return LDAP_OPERATIONS_ERROR;
}
@ -901,8 +901,7 @@ backend_check_restrictions(
if( requires & SLAP_REQUIRE_STRONG ) {
/* should check mechanism */
if( op->o_authmech == NULL ||
op->o_dn == NULL || *op->o_dn == '\0' )
if( op->o_authmech == NULL || op->o_dn.bv_len == 0 )
{
*text = "strong authentication required";
return LDAP_STRONG_AUTH_REQUIRED;
@ -910,8 +909,7 @@ backend_check_restrictions(
}
if( requires & SLAP_REQUIRE_SASL ) {
if( op->o_authmech == NULL ||
op->o_dn == NULL || *op->o_dn == '\0' )
if( op->o_authmech == NULL || op->o_dn.bv_len == 0 )
{
*text = "SASL authentication required";
return LDAP_STRONG_AUTH_REQUIRED;
@ -919,7 +917,7 @@ backend_check_restrictions(
}
if( requires & SLAP_REQUIRE_AUTHC ) {
if( op->o_dn == NULL || *op->o_dn == '\0' ) {
if( op->o_dn.bv_len == 0 ) {
*text = "authentication required";
return LDAP_UNWILLING_TO_PERFORM;
}

45
servers/slapd/bind.c
View file

@ -60,14 +60,16 @@ do_bind(
connection2anonymous( conn );
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
if ( op->o_dn != NULL ) {
free( op->o_dn );
op->o_dn = ch_strdup( "" );
if ( op->o_dn.bv_val != NULL ) {
free( op->o_dn.bv_val );
op->o_dn.bv_val = ch_strdup( "" );
op->o_dn.bv_len = 0;
}
if ( op->o_ndn != NULL ) {
free( op->o_ndn );
op->o_ndn = ch_strdup( "" );
if ( op->o_ndn.bv_val != NULL ) {
free( op->o_ndn.bv_val );
op->o_ndn.bv_val = ch_strdup( "" );
op->o_ndn.bv_len = 0;
}
/*
@ -295,10 +297,13 @@ do_bind(
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
if( rc == LDAP_SUCCESS ) {
conn->c_dn = edn;
conn->c_dn.bv_val = edn;
if( edn != NULL ) {
conn->c_ndn = ch_strdup( edn );
dn_normalize( conn->c_ndn );
struct berval *cndn;
conn->c_dn.bv_len = strlen( edn );
dnNormalize( NULL, &conn->c_dn, &cndn );
conn->c_ndn = *cndn;
free( cndn );
}
conn->c_authmech = conn->c_sasl_bind_mech;
conn->c_sasl_bind_mech = NULL;
@ -309,7 +314,7 @@ do_bind(
conn->c_ssf = ssf;
}
if( conn->c_dn != NULL ) {
if( conn->c_dn.bv_len != 0 ) {
ber_len_t max = sockbuf_max_incoming;
ber_sockbuf_ctrl( conn->c_sb,
LBER_SB_OPT_SET_MAX_INCOMING, &max );
@ -496,20 +501,22 @@ do_bind(
if ( ret == 0 ) {
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
if(edn != NULL) {
conn->c_dn.bv_val = edn;
conn->c_dn.bv_len = strlen( edn );
} else {
conn->c_dn.bv_val = ch_strdup( pdn->bv_val );
conn->c_dn.bv_len = pdn->bv_len;
}
conn->c_cdn = pdn->bv_val;
pdn->bv_val = NULL;
pdn->bv_len = 0;
if(edn != NULL) {
conn->c_dn = edn;
} else {
conn->c_dn = ch_strdup( conn->c_cdn );
}
conn->c_ndn = ndn->bv_val;
conn->c_ndn = *ndn;
ndn->bv_val = NULL;
ndn->bv_len = 0;
if( conn->c_dn != NULL ) {
if( conn->c_dn.bv_len != 0 ) {
ber_len_t max = sockbuf_max_incoming;
ber_sockbuf_ctrl( conn->c_sb,
LBER_SB_OPT_SET_MAX_INCOMING, &max );
@ -518,11 +525,11 @@ do_bind(
#ifdef NEW_LOGGING
LDAP_LOG(( "operation", LDAP_LEVEL_DETAIL1,
"do_bind: conn %d v%d bind: \"%s\" to \"%s\" \n",
conn->c_connid, version, conn->c_cdn, conn->c_dn ));
conn->c_connid, version, conn->c_cdn, conn->c_dn.bv_val ));
#else
Debug( LDAP_DEBUG_TRACE,
"do_bind: v%d bind: \"%s\" to \"%s\"\n",
version, conn->c_cdn, conn->c_dn );
version, conn->c_cdn, conn->c_dn.bv_val );
#endif
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );

35
servers/slapd/connection.c
View file

@ -413,8 +413,10 @@ long connection_init(
if( c->c_struct_state == SLAP_C_UNINITIALIZED ) {
c->c_authmech = NULL;
c->c_dn = NULL;
c->c_ndn = NULL;
c->c_dn.bv_val = NULL;
c->c_dn.bv_len = 0;
c->c_ndn.bv_val = NULL;
c->c_ndn.bv_len = 0;
c->c_cdn = NULL;
c->c_groups = NULL;
@ -451,8 +453,8 @@ long connection_init(
assert( c->c_struct_state == SLAP_C_UNUSED );
assert( c->c_authmech == NULL );
assert( c->c_dn == NULL );
assert( c->c_ndn == NULL );
assert( c->c_dn.bv_val == NULL );
assert( c->c_ndn.bv_val == NULL );
assert( c->c_cdn == NULL );
assert( c->c_groups == NULL );
assert( c->c_listener_url == NULL );
@ -578,14 +580,16 @@ void connection2anonymous( Connection *c )
c->c_authmech = NULL;
}
if(c->c_dn != NULL) {
free(c->c_dn);
c->c_dn = NULL;
if(c->c_dn.bv_val != NULL) {
free(c->c_dn.bv_val);
c->c_dn.bv_val = NULL;
}
if(c->c_ndn != NULL) {
free(c->c_ndn);
c->c_ndn = NULL;
c->c_dn.bv_len = 0;
if(c->c_ndn.bv_val != NULL) {
free(c->c_ndn.bv_val);
c->c_ndn.bv_val = NULL;
}
c->c_ndn.bv_len = 0;
if(c->c_cdn != NULL) {
free(c->c_cdn);
@ -1463,10 +1467,12 @@ static int connection_op_activate( Connection *conn, Operation *op )
arg->co_conn = conn;
arg->co_op = op;
if (!arg->co_op->o_dn) {
if (!arg->co_op->o_dn.bv_len) {
arg->co_op->o_authz = conn->c_authz;
arg->co_op->o_dn = ch_strdup( conn->c_dn != NULL ? conn->c_dn : "" );
arg->co_op->o_ndn = ch_strdup( conn->c_ndn != NULL ? conn->c_ndn : "" );
arg->co_op->o_dn.bv_val = ch_strdup( conn->c_dn.bv_val ?
conn->c_dn.bv_val : "" );
arg->co_op->o_ndn.bv_val = ch_strdup( conn->c_ndn.bv_val ?
conn->c_ndn.bv_val : "" );
}
arg->co_op->o_authtype = conn->c_authtype;
arg->co_op->o_authmech = conn->c_authmech != NULL
@ -1576,7 +1582,8 @@ int connection_internal_open( Connection **conn, LDAP **ldp, const char *id )
/* A search operation, number 0 */
op = slap_op_alloc( NULL, 0, LDAP_REQ_SEARCH, 0);
op->o_ndn = ch_strdup( id );
op->o_ndn.bv_val = ch_strdup( id );
op->o_ndn.bv_len = strlen( id );
op->o_protocol = LDAP_VERSION3;
(*conn) = connection_get( fd[1] );

2
servers/slapd/delete.c
View file

@ -180,7 +180,7 @@ do_delete(
*/
if ( be->be_delete ) {
/* do the update here */
int repl_user = be_isupdate( be, op->o_ndn );
int repl_user = be_isupdate( be, op->o_ndn.bv_val );
#ifndef SLAPD_MULTIMASTER
if ( be->be_update_ndn == NULL || repl_user )
#endif

7
servers/slapd/modify.c
View file

@ -334,7 +334,7 @@ do_modify(
*/
if ( be->be_modify ) {
/* do the update here */
int repl_user = be_isupdate( be, op->o_ndn );
int repl_user = be_isupdate( be, op->o_ndn.bv_val );
#ifndef SLAPD_MULTIMASTER
/* Multimaster slapd does not have to check for replicator dn
* because it accepts each modify request
@ -613,12 +613,11 @@ int slap_mods_opattrs(
timestamp.bv_val = timebuf;
timestamp.bv_len = strlen(timebuf);
if( op->o_dn == NULL || op->o_dn[0] == '\0' ) {
if( op->o_dn.bv_len == 0 ) {
name.bv_val = SLAPD_ANONYMOUS;
name.bv_len = sizeof(SLAPD_ANONYMOUS)-1;
} else {
name.bv_val = op->o_dn;
name.bv_len = strlen( op->o_dn );
name = op->o_dn;
}
if( op->o_tag == LDAP_REQ_ADD ) {

2
servers/slapd/modrdn.c
View file

@ -313,7 +313,7 @@ do_modrdn(
*/
if ( be->be_modrdn ) {
/* do the update here */
int repl_user = be_isupdate( be, op->o_ndn );
int repl_user = be_isupdate( be, op->o_ndn.bv_val );
#ifndef SLAPD_MULTIMASTER
if ( be->be_update_ndn == NULL || repl_user )
#endif

14
servers/slapd/operation.c
View file

@ -23,11 +23,11 @@ slap_op_free( Operation *op )
if ( op->o_ber != NULL ) {
ber_free( op->o_ber, 1 );
}
if ( op->o_dn != NULL ) {
free( op->o_dn );
if ( op->o_dn.bv_val != NULL ) {
free( op->o_dn.bv_val );
}
if ( op->o_ndn != NULL ) {
free( op->o_ndn );
if ( op->o_ndn.bv_val != NULL ) {
free( op->o_ndn.bv_val );
}
if ( op->o_authmech != NULL ) {
free( op->o_authmech );
@ -60,8 +60,10 @@ slap_op_alloc(
op->o_msgid = msgid;
op->o_tag = tag;
op->o_dn = NULL;
op->o_ndn = NULL;
op->o_dn.bv_val = NULL;
op->o_dn.bv_len = 0;
op->o_ndn.bv_val = NULL;
op->o_ndn.bv_len = 0;
op->o_authmech = NULL;
op->o_ctrls = NULL;

4
servers/slapd/passwd.c
View file

@ -33,8 +33,8 @@ int passwd_extop(
assert( reqoid != NULL );
assert( strcmp( LDAP_EXOP_X_MODIFY_PASSWD, reqoid ) == 0 );
if( op->o_dn == NULL || op->o_dn[0] == '\0' ) {
*text = "only authenicated users may change passwords";
if( op->o_dn.bv_len == 0 ) {
*text = "only authenticated users may change passwords";
return LDAP_STRONG_AUTH_REQUIRED;
}

4
servers/slapd/slap.h
View file

@ -706,8 +706,8 @@ typedef enum slap_style_e {
typedef struct slap_authz_info {
ber_tag_t sai_method; /* LDAP_AUTH_* from <ldap.h> */
char * sai_mech; /* SASL Mechanism */
char * sai_dn; /* DN for reporting purposes */
char * sai_ndn; /* Normalized DN */
struct berval sai_dn; /* DN for reporting purposes */
struct berval sai_ndn; /* Normalized DN */
/* Security Strength Factors */
slap_ssf_t sai_ssf; /* Overall SSF */

4
servers/slapd/starttls.c
View file

@ -62,14 +62,14 @@ starttls_extop (
}
if ( !( global_disallows & SLAP_DISALLOW_TLS_2_ANON ) &&
( conn->c_dn != NULL ) )
( conn->c_dn.bv_len != 0 ) )
{
/* force to anonymous */
connection2anonymous( conn );
}
if ( ( global_disallows & SLAP_DISALLOW_TLS_AUTHC ) &&
( conn->c_dn != NULL ) )
( conn->c_dn.bv_len != 0 ) )
{
*text = "cannot start TLS after authentication";
rc = LDAP_OPERATIONS_ERROR;