upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-02-18 18:18:06 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Last(?) set of changes before 2.2beta

Browse source
This commit is contained in:
Kurt Zeilenga 2003-09-22 06:09:35 +00:00
parent 72c91a4bd7
commit 6fac7db840
26 changed files with 463 additions and 399 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
build/openldap.m4
View file

@ -1207,10 +1207,10 @@ AC_DEFUN([OL_SASL_COMPAT],
/* require 2.1.3 or later */
#if SASL_VERSION_MAJOR == 2 && SASL_VERSION_MINOR > 1
__sasl_compat "2.2+ or better okay (we guess)";
char *__sasl_compat = "2.2+ or better okay (we guess)";
#elif SASL_VERSION_MAJOR == 2 && SASL_VERSION_MINOR == 1 \
&& SASL_VERSION_STEP >=3
__sasl_compat = "2.1.3+ or better okay";
char *__sasl_compat = "2.1.3+ or better okay";
#endif
], [ol_cv_sasl_compat=yes], [ol_cv_sasl_compat=no])])
])

51
configure vendored
View file

@ -1,6 +1,6 @@
#! /bin/sh
# $OpenLDAP$
# from OpenLDAP: pkg/ldap/configure.in,v 1.478.2.3 2003/05/31 19:06:55 kurt Exp
# from OpenLDAP: pkg/ldap/configure.in,v 1.478.2.4 2003/09/18 15:43:27 kurt Exp
# Copyright 1998-2003 The OpenLDAP Foundation. All Rights Reserved.
#
@ -20365,10 +20365,10 @@ else
/* require 2.1.3 or later */
#if SASL_VERSION_MAJOR == 2 && SASL_VERSION_MINOR > 1
__sasl_compat "2.2+ or better okay (we guess)";
char *__sasl_compat = "2.2+ or better okay (we guess)";
#elif SASL_VERSION_MAJOR == 2 && SASL_VERSION_MINOR == 1 \
&& SASL_VERSION_STEP >=3
__sasl_compat = "2.1.3+ or better okay";
char *__sasl_compat = "2.1.3+ or better okay";
#endif
EOF
@ -22542,6 +22542,9 @@ for ac_func in \
strstr \
strtol \
strtoul \
strtoq \
strtouq \
strtoll \
strspn \
sysconf \
usleep \
@ -22554,12 +22557,12 @@ for ac_func in \
do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
echo "configure:22558: checking for $ac_func" >&5
echo "configure:22561: checking for $ac_func" >&5
if eval "test \"\${ac_cv_func_$ac_func+set}\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
#line 22563 "configure"
#line 22566 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char $ac_func(); below. */
@ -22583,7 +22586,7 @@ f = $ac_func;
; return 0; }
EOF
if { (eval echo configure:22587: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
if { (eval echo configure:22590: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_func_$ac_func=yes"
else
@ -22611,12 +22614,12 @@ done
for ac_func in getopt getpeereid
do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
echo "configure:22615: checking for $ac_func" >&5
echo "configure:22618: checking for $ac_func" >&5
if eval "test \"\${ac_cv_func_$ac_func+set}\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
#line 22620 "configure"
#line 22623 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char $ac_func(); below. */
@ -22640,7 +22643,7 @@ f = $ac_func;
; return 0; }
EOF
if { (eval echo configure:22644: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
if { (eval echo configure:22647: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_func_$ac_func=yes"
else
@ -22672,19 +22675,19 @@ if test "$ac_cv_func_getopt" != yes; then
fi
if test "$ac_cv_func_getpeereid" != yes; then
echo $ac_n "checking for msg_accrights in msghdr""... $ac_c" 1>&6
echo "configure:22676: checking for msg_accrights in msghdr" >&5
echo "configure:22679: checking for msg_accrights in msghdr" >&5
if eval "test \"\${ol_cv_msghdr_msg_accrights+set}\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
#line 22681 "configure"
#line 22684 "configure"
#include "confdefs.h"
#include <sys/socket.h>
int main() {
struct msghdr m; m.msg_accrightslen=0
; return 0; }
EOF
if { (eval echo configure:22688: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
if { (eval echo configure:22691: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
rm -rf conftest*
ol_cv_msghdr_msg_accrights=yes
else
@ -22724,13 +22727,13 @@ fi
# Check Configuration
echo $ac_n "checking declaration of sys_errlist""... $ac_c" 1>&6
echo "configure:22728: checking declaration of sys_errlist" >&5
echo "configure:22731: checking declaration of sys_errlist" >&5
if eval "test \"\${ol_cv_dcl_sys_errlist+set}\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
#line 22734 "configure"
#line 22737 "configure"
#include "confdefs.h"
#include <stdio.h>
@ -22743,7 +22746,7 @@ int main() {
char *c = (char *) *sys_errlist
; return 0; }
EOF
if { (eval echo configure:22747: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
if { (eval echo configure:22750: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
rm -rf conftest*
ol_cv_dcl_sys_errlist=yes
ol_cv_have_sys_errlist=yes
@ -22766,20 +22769,20 @@ EOF
echo $ac_n "checking existence of sys_errlist""... $ac_c" 1>&6
echo "configure:22770: checking existence of sys_errlist" >&5
echo "configure:22773: checking existence of sys_errlist" >&5
if eval "test \"\${ol_cv_have_sys_errlist+set}\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
#line 22776 "configure"
#line 22779 "configure"
#include "confdefs.h"
#include <errno.h>
int main() {
char *c = (char *) *sys_errlist
; return 0; }
EOF
if { (eval echo configure:22783: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
if { (eval echo configure:22786: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
ol_cv_have_sys_errlist=yes
else
@ -22807,17 +22810,17 @@ if test "$ol_enable_slapi" != no ; then
do
ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
echo "configure:22811: checking for $ac_hdr" >&5
echo "configure:22814: checking for $ac_hdr" >&5
if eval "test \"\${ac_cv_header_$ac_safe+set}\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
#line 22816 "configure"
#line 22819 "configure"
#include "confdefs.h"
#include <$ac_hdr>
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
{ (eval echo configure:22821: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
{ (eval echo configure:22824: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
rm -rf conftest*
@ -22848,7 +22851,7 @@ done
{ echo "configure: error: could not locate <ltdl.h>" 1>&2; exit 1; }
fi
echo $ac_n "checking for lt_dlinit in -lltdl""... $ac_c" 1>&6
echo "configure:22852: checking for lt_dlinit in -lltdl" >&5
echo "configure:22855: checking for lt_dlinit in -lltdl" >&5
ac_lib_var=`echo ltdl'_'lt_dlinit | sed 'y%./+-:%__p__%'`
if eval "test \"\${ac_cv_lib_$ac_lib_var+set}\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@ -22856,7 +22859,7 @@ else
ac_save_LIBS="$LIBS"
LIBS="-lltdl $LIBS"
cat > conftest.$ac_ext <<EOF
#line 22860 "configure"
#line 22863 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@ -22867,7 +22870,7 @@ int main() {
lt_dlinit()
; return 0; }
EOF
if { (eval echo configure:22871: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
if { (eval echo configure:22874: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else

5
configure.in
View file

@ -2303,7 +2303,7 @@ AC_CACHE_CHECK([long long], ol_cv_type_long_long, [
[ol_cv_type_long_long=yes],
[ol_cv_type_long_long=no])])
if test $ol_cv_type_long_long = yes; then
AC_DEFINE(HAVE_LONG_LONG, 1, [define if you have `long long'])
AC_DEFINE(HAVE_LONG_LONG, 1, [define if you have 'long long'])
fi
AC_TYPE_MODE_T
@ -2426,6 +2426,9 @@ AC_CHECK_FUNCS( \
strstr \
strtol \
strtoul \
strtoq \
strtouq \
strtoll \
strspn \
sysconf \
usleep \

41
doc/man/man5/slapd.access.5
View file

@ -123,7 +123,21 @@ indicating access to the entry's children. ObjectClass names may also
be specified in this list, which will affect all the attributes that
are required and/or allowed by that objectClass.
.LP
The last three statements are additive; they can be used in sequence
Using the form
.B attrs=<attr> val[.<style>]=<value>
specifies access to a particular value of a single attribute.
In this case, only a single attribute type may be given. A value
.B <style>
of
.B exact
(the default) uses the attribute's equality matching rule to compare the
value. If the
.B <style>
is
.BR regex ,
the provided value is used as a regular expression pattern.
.LP
The dn, filter, and attrs statements are additive; they can be used in sequence
to select entities the access rule applies to based on naming context,
value and attribute type simultaneously.
.LP
@ -207,26 +221,26 @@ The statement
.B dnattr=<attrname>
means that access is granted to requests whose DN is listed in the
entry being accessed under the
.B attrname
.B <attrname>
attribute.
.LP
The statement
.B group=<group>
means that access is granted to requests whose DN is listed
in the group entry whose DN is given by
.BR group .
.BR <group> .
The optional parameters
.B objectclass
.B <objectclass>
and
.B attrname
.B <attrname>
define the objectClass and the member attributeType of the group entry.
The optional style qualifier
.B style
.B <style>
can be
.BR regex ,
which means that
.B pattern
will be expanded accorging to regex (7), and
.B <group>
will be expanded according to regex (7), and
.B base
or
.B exact
@ -234,6 +248,17 @@ or
.BR base ),
which means that exact match will be used.
.LP
For static groups, the specified attributeType must have
.B DistinguishedName
or
.B NameAndOptionalUID
syntax. For dynamic groups the attributeType must
be a subtype of the
.B labeledURI
attributeType. Only LDAP URIs of the form
.B ldap:///<base>??<scope>?<filter>
will be evaluated in a dynamic group.
.LP
The statements
.BR peername=<peername> ,
.BR sockname=<sockname> ,

11
include/portable.h.in
View file

@ -299,9 +299,18 @@
/* Define if you have the strtol function. */
#undef HAVE_STRTOL
/* Define if you have the strtoll function. */
#undef HAVE_STRTOLL
/* Define if you have the strtoq function. */
#undef HAVE_STRTOQ
/* Define if you have the strtoul function. */
#undef HAVE_STRTOUL
/* Define if you have the strtouq function. */
#undef HAVE_STRTOUQ
/* Define if you have the sysconf function. */
#undef HAVE_SYSCONF
@ -815,7 +824,7 @@
/* define if you have -lslp */
#undef HAVE_SLP
/* define if you have `long long' */
/* define if you have 'long long' */
#undef HAVE_LONG_LONG
/* Define to `int' if <sys/types.h> does not define. */

3
libraries/libldap/cyrus.c
View file

@ -154,9 +154,6 @@ sb_sasl_setup( Sockbuf_IO_Desc *sbiod, void *arg )
sasl_getprop( p->sasl_context, SASL_MAXOUTBUF,
(SASL_CONST void **) &p->sasl_maxbuf );
if ( p->sasl_maxbuf == 0 )
p->sasl_maxbuf = SASL_MAX_BUFF_SIZE;
sbiod->sbiod_pvt = p;
return 0;

53
servers/slapd/acl.c
View file

@ -50,6 +50,7 @@ static AccessControl * acl_get(
AccessControl *ac, int *count,
Operation *op, Entry *e,
AttributeDescription *desc,
struct berval *val,
int nmatches, regmatch_t *matches );
static slap_control_t acl_mask(
@ -286,7 +287,7 @@ access_allowed(
memset(matches, '\0', sizeof(matches));
}
while((a = acl_get( a, &count, op, e, desc,
while((a = acl_get( a, &count, op, e, desc, val,
MAXREMATCHES, matches )) != NULL)
{
int i;
@ -379,10 +380,11 @@ vd_access:
done:
if( state != NULL ) {
/* If not value-dependent, save ACL in case of more attrs */
if ( !(state->as_recorded & ACL_STATE_RECORDED_VD) )
if ( !(state->as_recorded & ACL_STATE_RECORDED_VD) ) {
state->as_vi_acl = a;
state->as_result = ret;
}
state->as_recorded |= ACL_STATE_RECORDED;
state->as_result = ret;
}
if (be_null) op->o_bd = NULL;
return ret;
@ -401,6 +403,7 @@ acl_get(
Operation *op,
Entry *e,
AttributeDescription *desc,
struct berval *val,
int nmatch,
regmatch_t *matches )
{
@ -515,7 +518,7 @@ acl_get(
Debug( LDAP_DEBUG_ACL, "=> acl_get: [%d] check attr %s\n",
*count, attr, 0);
#endif
if ( attr == NULL || a->acl_attrs == NULL ||
if ( a->acl_attrs == NULL ||
ad_inlist( desc, a->acl_attrs ) )
{
#ifdef NEW_LOGGING
@ -612,6 +615,48 @@ acl_mask(
accessmask2str( *mask, accessmaskbuf ) );
#endif
/* Is this ACL only for a specific value? */
if ( a->acl_attrval.bv_len ) {
if ( state && !state->as_vd_acl ) {
state->as_vd_acl = a;
state->as_vd_access = a->acl_access;
state->as_vd_access_count = 1;
}
if ( val == NULL ) {
return ACL_BREAK;
}
if ( a->acl_attrval_style == ACL_STYLE_REGEX ) {
#ifdef NEW_LOGGING
LDAP_LOG( ACL, DETAIL1,
"acl_get: valpat %s\n",
a->acl_attrval.bv_val, 0, 0 );
#else
Debug( LDAP_DEBUG_ACL,
"acl_get: valpat %s\n",
a->acl_attrval.bv_val, 0, 0 );
#endif
if (regexec(&a->acl_attrval_re, val->bv_val, 0, NULL, 0))
return ACL_BREAK;
} else {
int match = 0;
const char *text;
#ifdef NEW_LOGGING
LDAP_LOG( ACL, DETAIL1,
"acl_get: val %s\n",
a->acl_attrval.bv_val, 0, 0 );
#else
Debug( LDAP_DEBUG_ACL,
"acl_get: val %s\n",
a->acl_attrval.bv_val, 0, 0 );
#endif
if (value_match( &match, desc,
desc->ad_type->sat_equality, 0,
val, &a->acl_attrval, &text ) != LDAP_SUCCESS ||
match )
return ACL_BREAK;
}
}
if( state && ( state->as_recorded & ACL_STATE_RECORDED_VD )
&& state->as_vd_acl == a )
{

42
servers/slapd/aclparse.c
View file

@ -233,6 +233,36 @@ parse_acl(
acl_usage();
}
} else if ( strncasecmp( left, "val", 3 ) == 0 ) {
if ( a->acl_attrval.bv_len ) {
fprintf( stderr,
"%s: line %d: attr val already specified in to clause.\n",
fname, lineno );
acl_usage();
}
if ( a->acl_attrs == NULL || a->acl_attrs[1].an_name.bv_val ) {
fprintf( stderr,
"%s: line %d: attr val requires a single attribute.\n",
fname, lineno );
acl_usage();
}
ber_str2bv( right, 0, 1, &a->acl_attrval );
if ( style && strcasecmp( style, "regex" ) == 0 ) {
int e = regcomp( &a->acl_attrval_re, a->acl_attrval.bv_val,
REG_EXTENDED | REG_ICASE | REG_NOSUB );
if ( e ) {
char buf[512];
regerror( e, &a->acl_attrval_re, buf, sizeof(buf) );
fprintf( stderr, "%s: line %d: "
"regular expression \"%s\" bad because of %s\n",
fname, lineno, right, buf );
acl_usage();
}
a->acl_attrval_style = ACL_STYLE_REGEX;
} else {
a->acl_attrval_style = ACL_STYLE_BASE;
}
} else {
fprintf( stderr,
"%s: line %d: expecting <what> got \"%s\"\n",
@ -620,7 +650,8 @@ parse_acl(
if( !is_at_syntax( b->a_group_at->ad_type,
SLAPD_DN_SYNTAX ) &&
!is_at_syntax( b->a_group_at->ad_type,
SLAPD_NAMEUID_SYNTAX ) )
SLAPD_NAMEUID_SYNTAX ) &&
!is_at_subtype( b->a_group_at->ad_type, slap_schema.si_ad_labeledURI->ad_type ))
{
fprintf( stderr,
"%s: line %d: group \"%s\": inappropriate syntax: %s\n",
@ -1298,7 +1329,7 @@ acl_usage( void )
"<access clause> ::= access to <what> "
"[ by <who> <access> [ <control> ] ]+ \n"
"<what> ::= * | [dn[.<dnstyle>]=<DN>] [filter=<filter>] [attrs=<attrlist>]\n"
"<attrlist> ::= <attr> | <attr> , <attrlist>\n"
"<attrlist> ::= <attr> [val[.<style>]=<value>] | <attr> , <attrlist>\n"
"<attr> ::= <attrname> | entry | children\n"
"<who> ::= [ * | anonymous | users | self | dn[.<dnstyle>]=<DN> ]\n"
"\t[dnattr=<attrname>]\n"
@ -1654,6 +1685,13 @@ print_acl( Backend *be, AccessControl *a )
fprintf( stderr, "\n" );
}
if ( a->acl_attrval.bv_len != 0 ) {
to++;
fprintf( stderr, " val.%s=%s\n",
style_strings[a->acl_attrval_style], a->acl_attrval.bv_val );
}
if( !to ) {
fprintf( stderr, " *\n" );
}

29
servers/slapd/add.c
View file

@ -597,23 +597,20 @@ slap_entry2mods(
mod->sml_bvalues = (struct berval*) malloc(
(count+1) * sizeof( struct berval) );
mod->sml_nvalues = (struct berval*) malloc(
/* see slap_mods_check() comments...
* if a_vals == a_nvals, there is no normalizer.
* in this case, mod->sml_nvalues must be left NULL.
*/
if ( a_new->a_vals != a_new->a_nvals ) {
mod->sml_nvalues = (struct berval*) malloc(
(count+1) * sizeof( struct berval) );
} else {
mod->sml_nvalues = NULL;
}
for ( i = 0; i < count; i++ ) {
ber_dupbv(mod->sml_bvalues+i, a_new->a_vals+i);
if ( a_new->a_desc->ad_type->sat_equality &&
a_new->a_desc->ad_type->sat_equality->smr_normalize ) {
rc = a_new->a_desc->ad_type->sat_equality->smr_normalize(
0,
a_new->a_desc->ad_type->sat_syntax,
a_new->a_desc->ad_type->sat_equality,
a_new->a_vals+i, mod->sml_nvalues+i, NULL );
if (rc) {
return rc;
}
}
else {
if ( mod->sml_nvalues ) {
ber_dupbv( mod->sml_nvalues+i, a_new->a_vals+i );
}
}
@ -621,8 +618,10 @@ slap_entry2mods(
mod->sml_bvalues[count].bv_val = 0;
mod->sml_bvalues[count].bv_len = 0;
mod->sml_nvalues[count].bv_val = 0;
mod->sml_nvalues[count].bv_len = 0;
if ( mod->sml_nvalues ) {
mod->sml_nvalues[count].bv_val = 0;
mod->sml_nvalues[count].bv_len = 0;
}
mod->sml_desc = a_new_desc;
mod->sml_next =NULL;

5
servers/slapd/back-bdb/add.c
View file

@ -514,7 +514,6 @@ retry: /* transaction retry */
} else {
struct berval nrdn;
struct berval ctx_nrdn;
if (pdn.bv_len) {
nrdn.bv_val = op->ora_e->e_nname.bv_val;
@ -531,9 +530,7 @@ retry: /* transaction retry */
if ( !op->o_bd->syncinfo ) {
if ( ctxcsn_added ) {
ctx_nrdn.bv_val = "cn=ldapsync";
ctx_nrdn.bv_len = strlen( ctx_nrdn.bv_val );
bdb_cache_add( bdb, suffix_ei, ctxcsn_e, &ctx_nrdn, locker );
bdb_cache_add( bdb, suffix_ei, ctxcsn_e, (struct berval *)&slap_ldapsync_cn_bv, locker );
}
}

183
servers/slapd/back-bdb/cache.c
View file

@ -197,93 +197,15 @@ bdb_entryinfo_add_internal(
u_int32_t locker
)
{
Cache *cache = &bdb->bi_cache;
DB_ENV *env = bdb->bi_dbenv;
EntryInfo *ei2 = NULL;
int incr = 1;
int addkid = 1;
int rc;
DB_LOCK lock;
*res = NULL;
ei2 = bdb_cache_entryinfo_new();
ldap_pvt_thread_rdwr_wlock( &bdb->bi_cache.c_rwlock );
bdb_cache_entryinfo_lock( ei->bei_parent );
/* if parent was previously considered a leaf node,
* it was on the LRU list. Now it's going to have
* kids, take it off the LRU list.
*/
ldap_pvt_thread_mutex_lock( &cache->lru_mutex );
if ( ei->bei_parent->bei_id && !ei->bei_parent->bei_kids ) {
LRU_DELETE( cache, ei->bei_parent );
incr = 0;
}
cache->c_cursize += incr;
/* See if we're above the cache size limit */
if ( cache->c_cursize > cache->c_maxsize ) {
EntryInfo *elru, *elprev;
int i = 0;
/* Look for an unused entry to remove */
for (elru = cache->c_lrutail; elru; elru = elprev, i++ ) {
elprev = elru->bei_lruprev;
/* Too many probes, not enough idle, give up */
if (i > 10) break;
/* If we can successfully writelock it, then
* the object is idle.
*/
if ( bdb_cache_entry_db_lock( env, locker, elru, 1, 1,
&lock ) == 0 ) {
/* If there's no entry, or this node is in
* the process of linking into the cache,
* skip it.
*/
if ( !elru->bei_e || (elru->bei_state & CACHE_ENTRY_NOT_LINKED) ) {
bdb_cache_entry_db_unlock( env, &lock );
continue;
}
/* Need to lock parent to delete child */
if ( ldap_pvt_thread_mutex_trylock(
&elru->bei_parent->bei_kids_mutex )) {
bdb_cache_entry_db_unlock( env, &lock );
continue;
}
bdb_cache_delete_internal( cache, elru );
bdb_cache_entryinfo_unlock( elru->bei_parent );
elru->bei_e->e_private = NULL;
bdb_entry_return( elru->bei_e );
bdb_cache_entry_db_unlock( env, &lock );
if (ei2) {
bdb_cache_entryinfo_destroy( elru );
} else {
/* re-use this one */
ch_free(elru->bei_nrdn.bv_val);
elru->bei_nrdn.bv_val = NULL;
elru->bei_e = NULL;
elru->bei_kids = NULL;
elru->bei_lrunext = NULL;
elru->bei_lruprev = NULL;
elru->bei_state = 0;
#ifdef BDB_HIER
ch_free(elru->bei_rdn.bv_val);
elru->bei_rdn.bv_val = NULL;
elru->bei_modrdns = 0;
#endif
ei2 = elru;
}
if (cache->c_cursize < cache->c_maxsize)
break;
}
}
}
if (!ei2) {
ei2 = bdb_cache_entryinfo_new();
}
ei2->bei_id = ei->bei_id;
ei2->bei_parent = ei->bei_parent;
#ifdef BDB_HIER
@ -291,13 +213,11 @@ bdb_entryinfo_add_internal(
#endif
/* Add to cache ID tree */
if (avl_insert( &cache->c_idtree, ei2, bdb_id_cmp, avl_dup_error )) {
if (avl_insert( &bdb->bi_cache.c_idtree, ei2, bdb_id_cmp, avl_dup_error )) {
EntryInfo *eix;
eix = avl_find( cache->c_idtree, ei2, bdb_id_cmp );
eix = avl_find( bdb->bi_cache.c_idtree, ei2, bdb_id_cmp );
bdb_cache_entryinfo_destroy( ei2 );
ei2 = eix;
addkid = 0;
cache->c_cursize -= incr;
#ifdef BDB_HIER
/* It got freed above because its value was
* assigned to ei2.
@ -305,17 +225,11 @@ bdb_entryinfo_add_internal(
ei->bei_rdn.bv_val = NULL;
#endif
} else {
LRU_ADD( cache, ei2 );
ber_dupbv( &ei2->bei_nrdn, &ei->bei_nrdn );
}
if ( addkid ) {
avl_insert( &ei->bei_parent->bei_kids, ei2, bdb_rdn_cmp,
avl_dup_error );
}
ldap_pvt_thread_mutex_unlock( &cache->lru_mutex );
*res = ei2;
return 0;
}
@ -517,6 +431,58 @@ hdb_cache_find_parent(
}
#endif
/* caller must have lru_mutex locked. mutex
* will be unlocked on return.
*/
static void
bdb_cache_lru_add(
struct bdb_info *bdb,
u_int32_t locker,
EntryInfo *ei
)
{
DB_LOCK lock;
/* See if we're above the cache size limit */
if ( bdb->bi_cache.c_cursize > bdb->bi_cache.c_maxsize ) {
EntryInfo *elru, *elprev;
int i = 0;
/* Look for an unused entry to remove */
for (elru = bdb->bi_cache.c_lrutail; elru; elru = elprev, i++ ) {
elprev = elru->bei_lruprev;
/* Too many probes, not enough idle, give up */
if (i > 10) break;
/* If we can successfully writelock it, then
* the object is idle.
*/
if ( bdb_cache_entry_db_lock( bdb->bi_dbenv, locker, elru, 1, 1,
&lock ) == 0 ) {
/* If there's no entry, or this node is in
* the process of linking into the cache,
* skip it.
*/
if ( !elru->bei_e || (elru->bei_state & CACHE_ENTRY_NOT_LINKED) ) {
bdb_cache_entry_db_unlock( bdb->bi_dbenv, &lock );
continue;
}
LRU_DELETE( &bdb->bi_cache, elru );
elru->bei_e->e_private = NULL;
bdb_entry_return( elru->bei_e );
elru->bei_e = NULL;
bdb_cache_entry_db_unlock( bdb->bi_dbenv, &lock );
--bdb->bi_cache.c_cursize;
if (bdb->bi_cache.c_cursize < bdb->bi_cache.c_maxsize)
break;
}
}
}
LRU_ADD( &bdb->bi_cache, ei );
ldap_pvt_thread_mutex_unlock( &bdb->bi_cache.lru_mutex );
}
/*
* cache_find_id - find an entry in the cache, given id.
* The entry is locked for Read upon return. Call with islocked TRUE if
@ -538,6 +504,7 @@ bdb_cache_find_id(
Entry *ep = NULL;
int rc = 0;
EntryInfo ei;
int lru_del = 0;
ei.bei_id = id;
@ -624,9 +591,12 @@ again: ldap_pvt_thread_rdwr_rlock( &bdb->bi_cache.c_rwlock );
bdb_cache_entry_db_relock( bdb->bi_dbenv, locker,
*eip, 0, 0, lock );
}
}
} else {
/* If we had the entry already, this item
* is on the LRU list.
*/
lru_del = 1;
#ifdef BDB_HIER
else {
rc = bdb_fix_dn( (*eip)->bei_e, 1 );
if ( rc ) {
bdb_cache_entry_db_relock( bdb->bi_dbenv,
@ -637,16 +607,22 @@ again: ldap_pvt_thread_rdwr_rlock( &bdb->bi_cache.c_rwlock );
bdb_cache_entry_db_relock( bdb->bi_dbenv,
locker, *eip, 0, 0, lock );
}
}
#endif
}
}
}
if ( rc == 0 && (*eip)->bei_kids == NULL ) {
if ( rc == 0 ) {
/* set lru mutex */
ldap_pvt_thread_mutex_lock( &bdb->bi_cache.lru_mutex );
LRU_DELETE( &bdb->bi_cache, *eip );
LRU_ADD( &bdb->bi_cache, *eip );
ldap_pvt_thread_mutex_unlock( &bdb->bi_cache.lru_mutex );
/* if entry is old, remove from old spot on LRU list */
if ( lru_del ) {
LRU_DELETE( &bdb->bi_cache, *eip );
} else {
/* if entry is new, bump cache size */
bdb->bi_cache.c_cursize++;
}
/* lru_mutex is unlocked for us */
bdb_cache_lru_add( bdb, locker, *eip );
}
if ( islocked ) {
@ -706,6 +682,13 @@ bdb_cache_add(
e->e_private = new;
new->bei_state = CACHE_ENTRY_NO_KIDS;
eip->bei_state &= ~CACHE_ENTRY_NO_KIDS;
/* set lru mutex */
ldap_pvt_thread_mutex_lock( &bdb->bi_cache.lru_mutex );
++bdb->bi_cache.c_cursize;
/* lru_mutex is unlocked for us */
bdb_cache_lru_add( bdb, locker, new );
bdb_cache_entryinfo_unlock( eip );
ldap_pvt_thread_rdwr_wunlock( &bdb->bi_cache.c_rwlock );
return rc;
@ -894,12 +877,6 @@ bdb_cache_delete_internal(
rc = -1;
}
/* If parent has no more kids, put in on LRU list */
if ( e->bei_parent->bei_kids == NULL ) {
LRU_ADD( cache, e->bei_parent );
cache->c_cursize++;
}
/* id tree */
if ( avl_delete( &cache->c_idtree, (caddr_t) e, bdb_id_cmp ) == NULL )
{

14
servers/slapd/back-bdb/ctxcsn.c
View file

@ -247,16 +247,13 @@ bdb_get_commit_csn(
)
{
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
struct berval ctxcsn_rdn = BER_BVNULL;
struct berval ctxcsn_ndn = BER_BVNULL;
struct berval csn = BER_BVNULL;
struct berval ctx_nrdn = BER_BVC( "cn=ldapsync" );
EntryInfo *ctxcsn_ei = NULL;
EntryInfo *suffix_ei = NULL;
Entry *ctxcsn_e = NULL;
DB_TXN *ltid = NULL;
Attribute *csn_a;
char substr[67];
char gid[DB_XIDDATASIZE];
char csnbuf[ LDAP_LUTIL_CSNSTR_BUFSIZE ];
int num_retries = 0;
@ -265,12 +262,13 @@ bdb_get_commit_csn(
if ( op->o_sync_mode != SLAP_SYNC_NONE ) {
if ( op->o_bd->syncinfo ) {
char substr[67];
struct berval bv;
sprintf( substr, "cn=syncrepl%d", op->o_bd->syncinfo->id );
ber_str2bv( substr, strlen( substr ), 0, &ctxcsn_rdn );
build_new_dn( &ctxcsn_ndn, &op->o_bd->be_nsuffix[0], &ctxcsn_rdn );
ber_str2bv( substr, 0, 0, &bv );
build_new_dn( &ctxcsn_ndn, &op->o_bd->be_nsuffix[0], &bv );
} else {
ber_str2bv( "cn=ldapsync", strlen("cn=ldapsync"), 0, &ctxcsn_rdn );
build_new_dn( &ctxcsn_ndn, &op->o_bd->be_nsuffix[0], &ctxcsn_rdn );
build_new_dn( &ctxcsn_ndn, &op->o_bd->be_nsuffix[0], (struct berval *)&slap_ldapsync_cn_bv );
}
ctxcsn_retry :
@ -330,7 +328,7 @@ txn_retry:
return rs->sr_err;
}
bdb_cache_add( bdb, suffix_ei, ctxcsn_e, &ctx_nrdn, locker );
bdb_cache_add( bdb, suffix_ei, ctxcsn_e, (struct berval *)&slap_ldapsync_cn_bv, locker );
rs->sr_err = TXN_COMMIT( ltid, 0 );
if ( rs->sr_err != 0 ) {

6
servers/slapd/back-bdb/delete.c
View file

@ -489,16 +489,12 @@ retry: /* transaction retry */
rs->sr_err = LDAP_SUCCESS;
}
} else {
struct berval ctx_nrdn;
bdb_cache_delete( &bdb->bi_cache, e, bdb->bi_dbenv,
locker, &lock );
if ( !op->o_bd->syncinfo ) {
if ( ctxcsn_added ) {
ctx_nrdn.bv_val = "cn=ldapsync";
ctx_nrdn.bv_len = strlen( ctx_nrdn.bv_val );
bdb_cache_add( bdb, suffix_ei, ctxcsn_e, &ctx_nrdn, locker );
bdb_cache_add( bdb, suffix_ei, ctxcsn_e, (struct berval *)&slap_ldapsync_cn_bv, locker );
}
}

2
servers/slapd/back-bdb/id2entry.c
View file

@ -231,7 +231,7 @@ int bdb_entry_get(
Entry *e = NULL;
EntryInfo *ei;
int rc;
const char *at_name = at->ad_cname.bv_val;
const char *at_name = at ? at->ad_cname.bv_val : "(null)";
u_int32_t locker = 0;
DB_LOCK lock;

138
servers/slapd/back-bdb/index.c
View file

@ -147,15 +147,14 @@ static int indexer(
AttributeDescription *ad,
struct berval *atname,
BerVarray vals,
BerVarray xvals,
ID id,
int opid,
slap_mask_t mask )
{
int rc, i, j;
int rc, i;
const char *text;
DB *db;
struct berval *keys, *xkeys = NULL;
struct berval *keys;
void *mark;
assert( mask );
@ -175,13 +174,11 @@ static int indexer(
return LDAP_OTHER;
}
#if 0 /* No longer needed, our frees are in order so nothing accumulates */
mark = sl_mark(op->o_tmpmemctx);
#endif
/* For a delete op, make sure we're deleting the entire
* attribute (xvals == NULL) before changing the presence
* index. xvals is only non-NULL when deleting part of an attribute.
*/
if( IS_SLAP_INDEX( mask, SLAP_INDEX_PRESENT ) && xvals == NULL ) {
if( IS_SLAP_INDEX( mask, SLAP_INDEX_PRESENT ) ) {
rc = bdb_key_change( op->o_bd, db, txn, &presence_key, id, opid );
if( rc ) {
goto done;
@ -197,39 +194,14 @@ static int indexer(
atname, vals, &keys, op->o_tmpmemctx );
if( rc == LDAP_SUCCESS && keys != NULL ) {
/* xvals is only provided on deletes. Generate the keys for
* xvals, representing all of the keys that will exist in
* the index when we're done. If we find a delete key that
* is in the xkeys, nullify the delete on that key.
*/
if( xvals ) {
rc = ad->ad_type->sat_equality->smr_indexer(
LDAP_FILTER_EQUALITY, mask,
ad->ad_type->sat_syntax,
ad->ad_type->sat_equality,
atname, xvals, &xkeys,
op->o_tmpmemctx );
for( i=0; keys[i].bv_val; i++ ) {
for( j=0; xkeys[j].bv_val != NULL; j++ ) {
if( bvmatch( &keys[i], &xkeys[j] ) ) {
keys[i].bv_len = 0;
}
}
for( i=0; keys[i].bv_val != NULL; i++ ) {
rc = bdb_key_change( op->o_bd, db, txn, &keys[i], id, opid );
if( rc ) {
ber_bvarray_free_x( keys, op->o_tmpmemctx );
goto done;
}
}
for( i=0; keys[i].bv_val != NULL; i++ ) {
/* ignore nullified keys */
if( keys[i].bv_len == 0 ) continue;
rc = bdb_key_change( op->o_bd, db, txn, &keys[i], id, opid );
if( rc ) break;
}
if( xkeys ) {
ber_bvarray_free_x( xkeys, op->o_tmpmemctx );
xkeys = NULL;
}
ber_bvarray_free_x( keys, op->o_tmpmemctx );
if( rc ) goto done;
}
rc = LDAP_SUCCESS;
}
@ -243,44 +215,14 @@ static int indexer(
atname, vals, &keys, op->o_tmpmemctx );
if( rc == LDAP_SUCCESS && keys != NULL ) {
/* nullify duplicate keys */
for( i=0; keys[i].bv_val; i++ ) {
if( !keys[i].bv_len ) continue;
for( j=i+1; keys[j].bv_val; j++ ) {
if( bvmatch( &keys[i], &keys[j] ) ) {
keys[j].bv_len = 0;
break;
}
}
}
if( xvals ) {
rc = ad->ad_type->sat_equality->smr_indexer(
LDAP_FILTER_APPROX, mask,
ad->ad_type->sat_syntax,
ad->ad_type->sat_approx,
atname, xvals, &xkeys,
op->o_tmpmemctx );
for( i=0; keys[i].bv_val; i++ ) {
for( j=0; xkeys[j].bv_val != NULL; j++ ) {
if( bvmatch( &keys[i], &xkeys[j] ) ) {
keys[i].bv_len = 0;
}
}
}
}
for( i=0; keys[i].bv_val != NULL; i++ ) {
/* ignore nullified keys */
if( keys[i].bv_len == 0 ) continue;
rc = bdb_key_change( op->o_bd, db, txn, &keys[i], id, opid );
if( rc ) break;
}
if( xkeys ) {
ber_bvarray_free_x( xkeys, op->o_tmpmemctx );
xkeys = NULL;
if( rc ) {
ber_bvarray_free_x( keys, op->o_tmpmemctx );
goto done;
}
}
ber_bvarray_free_x( keys, op->o_tmpmemctx );
if( rc ) goto done;
}
rc = LDAP_SUCCESS;
@ -295,51 +237,23 @@ static int indexer(
atname, vals, &keys, op->o_tmpmemctx );
if( rc == LDAP_SUCCESS && keys != NULL ) {
/* nullify duplicate keys */
for( i=0; keys[i].bv_val; i++ ) {
if( !keys[i].bv_len ) continue;
for( j=i+1; keys[j].bv_val; j++ ) {
if( bvmatch( &keys[i], &keys[j] ) ) {
keys[j].bv_len = 0;
break;
}
}
}
if( xvals ) {
rc = ad->ad_type->sat_equality->smr_indexer(
LDAP_FILTER_SUBSTRINGS, mask,
ad->ad_type->sat_syntax,
ad->ad_type->sat_substr,
atname, xvals, &xkeys,
op->o_tmpmemctx );
for( i=0; keys[i].bv_val; i++ ) {
for( j=0; xkeys[j].bv_val != NULL; j++ ) {
if( bvmatch( &keys[i], &xkeys[j] ) ) {
keys[i].bv_len = 0;
}
}
}
}
for( i=0; keys[i].bv_val != NULL; i++ ) {
/* ignore nullified keys */
if ( keys[i].bv_len == 0 ) continue;
bdb_key_change( op->o_bd, db, txn, &keys[i], id, opid );
if( rc ) break;
}
if( xkeys ) {
ber_bvarray_free_x( xkeys, op->o_tmpmemctx );
xkeys = NULL;
if( rc ) {
ber_bvarray_free_x( keys, op->o_tmpmemctx );
goto done;
}
}
ber_bvarray_free_x( keys, op->o_tmpmemctx );
if( rc ) goto done;
}
rc = LDAP_SUCCESS;
}
done:
#if 0
sl_release( mark, op->o_tmpmemctx );
#endif
return rc;
}
@ -350,7 +264,6 @@ static int index_at_values(
AttributeType *type,
struct berval *tags,
BerVarray vals,
BerVarray xvals,
ID id,
int opid )
{
@ -361,7 +274,7 @@ static int index_at_values(
/* recurse */
rc = index_at_values( op, txn, NULL,
type->sat_sup, tags,
vals, xvals, id, opid );
vals, id, opid );
if( rc ) return rc;
}
@ -374,7 +287,7 @@ static int index_at_values(
if( mask ) {
rc = indexer( op, txn, ad, &type->sat_cname,
vals, xvals, id, opid,
vals, id, opid,
mask );
if( rc ) return rc;
@ -392,7 +305,7 @@ static int index_at_values(
if( mask ) {
rc = indexer( op, txn, desc, &desc->ad_cname,
vals, xvals, id, opid,
vals, id, opid,
mask );
if( rc ) {
@ -409,7 +322,6 @@ int bdb_index_values(
DB_TXN *txn,
AttributeDescription *desc,
BerVarray vals,
BerVarray xvals,
ID id,
int opid )
{
@ -417,7 +329,7 @@ int bdb_index_values(
rc = index_at_values( op, txn, desc,
desc->ad_type, &desc->ad_tags,
vals, xvals, id, opid );
vals, id, opid );
return rc;
}
@ -444,7 +356,7 @@ bdb_index_entry(
/* add each attribute to the indexes */
for ( ; ap != NULL; ap = ap->a_next ) {
rc = bdb_index_values( op, txn, ap->a_desc,
ap->a_nvals, NULL, e->e_id, opid );
ap->a_nvals, e->e_id, opid );
if( rc != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING

121
servers/slapd/back-bdb/modify.c
View file

@ -14,9 +14,6 @@
#include "back-bdb.h"
#include "external.h"
#define INDEXED 0x2000
#define NULLIFIED 0x4000
int bdb_modify_internal(
Operation *op,
DB_TXN *tid,
@ -196,6 +193,17 @@ int bdb_modify_internal(
if ( mod->sm_desc == slap_schema.si_ad_objectClass ) {
e->e_ocflags = 0;
}
/* check if modified attribute was indexed
* but not in case of NOOP... */
err = bdb_index_is_indexed( op->o_bd, mod->sm_desc );
if ( err == LDAP_SUCCESS && !op->o_noop ) {
ap = attr_find( save_attrs, mod->sm_desc );
if ( ap ) ap->a_flags |= SLAP_ATTR_IXDEL;
ap = attr_find( e->e_attrs, mod->sm_desc );
if ( ap ) ap->a_flags |= SLAP_ATTR_IXADD;
}
}
/* check that the entry still obeys the schema */
@ -221,86 +229,52 @@ int bdb_modify_internal(
}
/* update the indices of the modified attributes */
if ( !op->o_noop ) {
Modifications *m2;
/* First look for any deletes that would nullify any adds
* in this request. I.e., deleting an entire attribute after
* assigning some values to it.
*/
for ( ml = modlist; ml != NULL; ml = ml->sml_next ) {
if (bdb_index_is_indexed( op->o_bd, ml->sml_desc ))
continue;
switch ( ml->sml_op ) {
case LDAP_MOD_DELETE:
/* If just deleting specific values, ignore */
if ( ml->sml_bvalues ) break;
case LDAP_MOD_REPLACE:
for ( m2 = modlist; m2 != ml; m2 = m2->sml_next ) {
if ( m2->sml_desc == ml->sml_desc &&
m2->sml_op != LDAP_MOD_DELETE )
m2->sml_op |= NULLIFIED;
}
break;
}
ml->sml_op |= INDEXED;
}
/* Now index the modifications */
for ( ml = modlist; ml != NULL; ml = ml->sml_next ) {
if ( ! (ml->sml_op & INDEXED) ) continue;
ml->sml_op ^= INDEXED;
switch ( ml->sml_op ) {
case LDAP_MOD_DELETE:
if ( ml->sml_bvalues ) {
ap = attr_find( e->e_attrs, ml->sml_desc );
rc = bdb_index_values( op, tid, ml->sml_desc,
ml->sml_nvalues ? ml->sml_nvalues : ml->sml_bvalues,
ap ? ap->a_nvals : NULL,
e->e_id, SLAP_INDEX_DELETE_OP );
break;
}
/* FALLTHRU */
case LDAP_MOD_REPLACE:
/* A nullified replace still does its delete action */
case LDAP_MOD_REPLACE | NULLIFIED:
ap = attr_find( save_attrs, ml->sml_desc );
if ( ap != NULL ) {
rc = bdb_index_values( op, tid, ap->a_desc,
ap->a_nvals, NULL,
e->e_id, SLAP_INDEX_DELETE_OP );
} else {
rc = LDAP_SUCCESS;
}
if ( rc || ml->sml_op == LDAP_MOD_DELETE ||
(ml->sml_op & NULLIFIED))
break;
/* FALLTHRU */
case LDAP_MOD_ADD:
case SLAP_MOD_SOFTADD:
rc = bdb_index_values( op, tid, ml->sml_desc,
ml->sml_nvalues ? ml->sml_nvalues : ml->sml_bvalues,
NULL, e->e_id, SLAP_INDEX_ADD_OP );
break;
}
ml->sml_op &= ~NULLIFIED;
/* start with deleting the old index entries */
for ( ap = save_attrs; ap != NULL; ap = ap->a_next ) {
if ( ap->a_flags & SLAP_ATTR_IXDEL ) {
rc = bdb_index_values( op, tid, ap->a_desc,
ap->a_nvals,
e->e_id, SLAP_INDEX_DELETE_OP );
if ( rc != LDAP_SUCCESS ) {
attrs_free( e->e_attrs );
e->e_attrs = save_attrs;
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
"bdb_modify_internal: attribute index update failure\n",
"bdb_modify_internal: attribute index delete failure\n",
0, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY,
"Attribute index update failure",
"Attribute index delete failure",
0, 0, 0 );
#endif
/* reset our flags */
for (; ml; ml=ml->sml_next ) {
ml->sml_op &= ~(INDEXED | NULLIFIED);
}
break;
return rc;
}
ap->a_flags &= ~SLAP_ATTR_IXDEL;
}
}
/* add the new index entries */
for ( ap = e->e_attrs; ap != NULL; ap = ap->a_next ) {
if (ap->a_flags & SLAP_ATTR_IXADD) {
rc = bdb_index_values( op, tid, ap->a_desc,
ap->a_nvals,
e->e_id, SLAP_INDEX_ADD_OP );
if ( rc != LDAP_SUCCESS ) {
attrs_free( e->e_attrs );
e->e_attrs = save_attrs;
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
"bdb_modify_internal: attribute index add failure\n",
0, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY,
"Attribute index add failure",
0, 0, 0 );
#endif
return rc;
}
ap->a_flags &= ~SLAP_ATTR_IXADD;
}
}
@ -620,16 +594,13 @@ retry: /* transaction retry */
rs->sr_err = LDAP_SUCCESS;
}
} else {
struct berval ctx_nrdn;
EntryInfo *ctx_ei;
bdb_cache_modify( e, dummy.e_attrs, bdb->bi_dbenv, locker, &lock );
if ( !op->o_bd->syncinfo ) {
if ( ctxcsn_added ) {
ctx_nrdn.bv_val = "cn=ldapsync";
ctx_nrdn.bv_len = strlen( ctx_nrdn.bv_val );
bdb_cache_add( bdb, suffix_ei, ctxcsn_e, &ctx_nrdn, locker );
bdb_cache_add( bdb, suffix_ei, ctxcsn_e, (struct berval *)&slap_ldapsync_cn_bv, locker );
}
}

6
servers/slapd/back-bdb/modrdn.c
View file

@ -967,16 +967,12 @@ retry: /* transaction retry */
if(( rs->sr_err=TXN_PREPARE( ltid, gid )) != 0 ) {
rs->sr_text = "txn_prepare failed";
} else {
struct berval ctx_nrdn;
bdb_cache_modrdn( save, &op->orr_nnewrdn, e, neip,
bdb->bi_dbenv, locker, &lock );
if ( !op->o_bd->syncinfo ) {
if ( ctxcsn_added ) {
ctx_nrdn.bv_val = "cn=ldapsync";
ctx_nrdn.bv_len = strlen( ctx_nrdn.bv_val );
bdb_cache_add( bdb, suffix_ei, ctxcsn_e, &ctx_nrdn, locker );
bdb_cache_add( bdb, suffix_ei, ctxcsn_e, (struct berval *)&slap_ldapsync_cn_bv, locker );
}
}

1
servers/slapd/back-bdb/proto-bdb.h
View file

@ -308,7 +308,6 @@ bdb_index_values LDAP_P((
DB_TXN *txn,
AttributeDescription *desc,
BerVarray vals,
BerVarray xvals,
ID id,
int opid ));

10
servers/slapd/back-ldap/search.c
View file

@ -605,10 +605,12 @@ ldap_back_entry_get(
return 1;
}
ldap_back_map(&li->rwmap.rwm_at, &at->ad_cname, &mapped, BACKLDAP_MAP);
if (mapped.bv_val == NULL || mapped.bv_val[0] == '\0') {
rc = 1;
goto cleanup;
if ( at ) {
ldap_back_map(&li->rwmap.rwm_at, &at->ad_cname, &mapped, BACKLDAP_MAP);
if (mapped.bv_val == NULL || mapped.bv_val[0] == '\0') {
rc = 1;
goto cleanup;
}
}
is_oc = (strcasecmp("objectclass", mapped.bv_val) == 0);

2
servers/slapd/back-ldbm/entry.c
View file

@ -62,7 +62,7 @@ int ldbm_back_entry_get(
struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
Entry *e;
int rc;
const char *at_name = at->ad_cname.bv_val;
const char *at_name = at ? at->ad_cname.bv_val : "(null)";
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ARGS,

68
servers/slapd/backend.c
View file

@ -1183,10 +1183,76 @@ backend_group(
if ( e ) {
a = attr_find( e->e_attrs, group_at );
if ( a ) {
rc = value_find_ex( group_at,
/* If the attribute is a subtype of labeledURI, treat this as
* a dynamic group ala groupOfURLs
*/
if (is_at_subtype( group_at->ad_type, slap_schema.si_ad_labeledURI->ad_type ) ) {
int i;
LDAPURLDesc *ludp;
struct berval bv, nbase;
Filter *filter;
Entry *user;
Backend *b2 = op->o_bd;
if ( target && dn_match( &target->e_nname, op_ndn ) ) {
user = target;
} else {
op->o_bd = select_backend( op_ndn, 0, 0 );
rc = be_entry_get_rw(op, op_ndn, NULL, NULL, 0, &user );
}
if ( rc == 0 ) {
rc = 1;
for (i=0; a->a_vals[i].bv_val; i++) {
if ( ldap_url_parse( a->a_vals[i].bv_val, &ludp ) != LDAP_SUCCESS )
continue;
nbase.bv_val = NULL;
/* host part must be empty */
/* attrs and extensions parts must be empty */
if (( ludp->lud_host && *ludp->lud_host )
|| ludp->lud_attrs || ludp->lud_exts )
goto loopit;
ber_str2bv( ludp->lud_dn, 0, 0, &bv );
if ( dnNormalize( 0, NULL, NULL, &bv, &nbase, op->o_tmpmemctx ) != LDAP_SUCCESS )
goto loopit;
switch(ludp->lud_scope) {
case LDAP_SCOPE_BASE:
if ( !dn_match(&nbase, op_ndn)) goto loopit;
break;
case LDAP_SCOPE_ONELEVEL:
dnParent(op_ndn, &bv );
if ( !dn_match(&nbase, &bv)) goto loopit;
break;
case LDAP_SCOPE_SUBTREE:
if ( !dnIsSuffix(op_ndn, &nbase)) goto loopit;
break;
}
filter = str2filter_x( op, ludp->lud_filter );
if ( filter ) {
if ( test_filter( NULL, user, filter ) == LDAP_COMPARE_TRUE )
{
rc = 0;
}
filter_free_x( op, filter );
}
loopit:
ldap_free_urldesc( ludp );
if ( nbase.bv_val ) {
op->o_tmpfree( nbase.bv_val, op->o_tmpmemctx );
}
if ( rc == 0 ) break;
}
if ( user != target ) {
be_entry_release_r( op, user );
}
}
op->o_bd = b2;
} else {
rc = value_find_ex( group_at,
SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
a->a_nvals, op_ndn, op->o_tmpmemctx );
}
} else {
rc = LDAP_NO_SUCH_ATTRIBUTE;
}

15
servers/slapd/filterentry.c
View file

@ -196,6 +196,7 @@ static int test_mra_filter(
MatchingRuleAssertion *mra )
{
Attribute *a;
void *memctx = op ? op->o_tmpmemctx : NULL;
if ( mra->ma_desc ) {
/*
@ -257,7 +258,7 @@ static int test_mra_filter(
/* normalize for equality */
rc = asserted_value_validate_normalize( a->a_desc, mra->ma_rule,
SLAP_MR_EXT|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
&mra->ma_value, &value, &text, op->o_tmpmemctx );
&mra->ma_value, &value, &text, memctx );
if ( rc != LDAP_SUCCESS ) {
continue;
}
@ -299,7 +300,7 @@ static int test_mra_filter(
int rc;
/* parse and pretty the dn */
rc = dnPrettyDN( NULL, &e->e_name, &dn, op->o_tmpmemctx );
rc = dnPrettyDN( NULL, &e->e_name, &dn, memctx );
if ( rc != LDAP_SUCCESS ) {
return LDAP_INVALID_SYNTAX;
}
@ -337,7 +338,7 @@ static int test_mra_filter(
rc = asserted_value_validate_normalize( ad,
mra->ma_rule,
SLAP_MR_EXT|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
&mra->ma_value, &value, &text, op->o_tmpmemctx );
&mra->ma_value, &value, &text, memctx );
if ( rc != LDAP_SUCCESS ) {
continue;
}
@ -354,12 +355,12 @@ static int test_mra_filter(
bv, &value, &text );
if( rc != LDAP_SUCCESS ) {
ldap_dnfree_x( dn, op->o_tmpmemctx );
ldap_dnfree_x( dn, memctx );
return rc;
}
if ( ret == 0 ) {
ldap_dnfree_x( dn, op->o_tmpmemctx );
ldap_dnfree_x( dn, memctx );
return LDAP_COMPARE_TRUE;
}
}
@ -453,7 +454,7 @@ test_ava_filter(
}
if ( ava->aa_desc == slap_schema.si_ad_hasSubordinates
&& op->o_bd && op->o_bd->be_has_subordinates ) {
&& op && op->o_bd && op->o_bd->be_has_subordinates ) {
int hasSubordinates;
struct berval hs;
@ -511,7 +512,7 @@ test_presence_filter(
* is boolean-valued; I think we may live with this
* simplification by now
*/
if ( op->o_bd && op->o_bd->be_has_subordinates ) {
if ( op && op->o_bd && op->o_bd->be_has_subordinates ) {
return LDAP_COMPARE_TRUE;
}

3
servers/slapd/saslauthz.c
View file

@ -115,7 +115,8 @@ is_dn: bv.bv_len = uri->bv_len - (bv.bv_val - uri->bv_val);
{
/* host part must be empty */
/* attrs and extensions parts must be empty */
return LDAP_PROTOCOL_ERROR;
rc = LDAP_PROTOCOL_ERROR;
goto done;
}
/* Grab the scope */

36
servers/slapd/schema_init.c
View file

@ -1787,6 +1787,22 @@ numericStringNormalize(
return LDAP_SUCCESS;
}
/*
* Integer conversion macros that will use the largest available
* type.
*/
#if defined(HAVE_STRTOLL) && defined(LLONG_MAX) && defined(LLONG_MIN)
# define SLAP_STRTOL(n,e,b) strtoll(n,e,b)
# define SLAP_LONG_MAX LLONG_MAX
# define SLAP_LONG_MIN LLONG_MIN
# define SLAP_LONG long long
#else
# define SLAP_STRTOL(n,e,b) strtol(n,e,b)
# define SLAP_LONG_MAX LONG_MAX
# define SLAP_LONG_MIN LONG_MIN
# define SLAP_LONG long
#endif /* HAVE_STRTOLL ... */
static int
integerBitAndMatch(
int *matchp,
@ -1796,16 +1812,16 @@ integerBitAndMatch(
struct berval *value,
void *assertedValue )
{
long lValue, lAssertedValue;
SLAP_LONG lValue, lAssertedValue;
/* safe to assume integers are NUL terminated? */
lValue = strtol(value->bv_val, NULL, 10);
if(( lValue == LONG_MIN || lValue == LONG_MAX) && errno == ERANGE ) {
lValue = SLAP_STRTOL(value->bv_val, NULL, 10);
if(( lValue == SLAP_LONG_MIN || lValue == SLAP_LONG_MAX) && errno == ERANGE ) {
return LDAP_CONSTRAINT_VIOLATION;
}
lAssertedValue = strtol(((struct berval *)assertedValue)->bv_val, NULL, 10);
if(( lAssertedValue == LONG_MIN || lAssertedValue == LONG_MAX)
lAssertedValue = SLAP_STRTOL(((struct berval *)assertedValue)->bv_val, NULL, 10);
if(( lAssertedValue == SLAP_LONG_MIN || lAssertedValue == SLAP_LONG_MAX )
&& errno == ERANGE )
{
return LDAP_CONSTRAINT_VIOLATION;
@ -1824,16 +1840,16 @@ integerBitOrMatch(
struct berval *value,
void *assertedValue )
{
long lValue, lAssertedValue;
SLAP_LONG lValue, lAssertedValue;
/* safe to assume integers are NUL terminated? */
lValue = strtol(value->bv_val, NULL, 10);
if(( lValue == LONG_MIN || lValue == LONG_MAX) && errno == ERANGE ) {
lValue = SLAP_STRTOL(value->bv_val, NULL, 10);
if(( lValue == SLAP_LONG_MIN || lValue == SLAP_LONG_MAX ) && errno == ERANGE ) {
return LDAP_CONSTRAINT_VIOLATION;
}
lAssertedValue = strtol(((struct berval *)assertedValue)->bv_val, NULL, 10);
if(( lAssertedValue == LONG_MIN || lAssertedValue == LONG_MAX)
lAssertedValue = SLAP_STRTOL(((struct berval *)assertedValue)->bv_val, NULL, 10);
if(( lAssertedValue == SLAP_LONG_MIN || lAssertedValue == SLAP_LONG_MAX )
&& errno == ERANGE )
{
return LDAP_CONSTRAINT_VIOLATION;

9
servers/slapd/schema_prep.c
View file

@ -742,6 +742,15 @@ static struct slap_schema_ad_map {
NULL, NULL, NULL, NULL, NULL,
offsetof(struct slap_internal_schema, si_ad_userPassword) },
{ "labeledURI", "( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' "
"DESC 'RFC2079: Uniform Resource Identifier with optional label' "
"EQUALITY caseExactMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
NULL, 0,
NULL, NULL,
NULL, NULL, NULL, NULL, NULL,
offsetof(struct slap_internal_schema, si_ad_labeledURI) },
#ifdef SLAPD_AUTHPASSWD
{ "authPassword", "( 1.3.6.1.4.1.4203.1.3.4 "
"NAME 'authPassword' "

4
servers/slapd/slap.h
View file

@ -791,6 +791,7 @@ struct slap_internal_schema {
AttributeDescription *si_ad_name;
AttributeDescription *si_ad_cn;
AttributeDescription *si_ad_userPassword;
AttributeDescription *si_ad_labeledURI;
#ifdef SLAPD_AUTHPASSWD
AttributeDescription *si_ad_authPassword;
#endif
@ -1173,6 +1174,9 @@ typedef struct slap_acl {
regex_t acl_dn_re;
struct berval acl_dn_pat;
AttributeName *acl_attrs;
slap_style_t acl_attrval_style;
regex_t acl_attrval_re;
struct berval acl_attrval;
/* "by" part: list of who has what access to the entries */
Access *acl_access;