Misc changes from HEAD

configure.in

@@ -2077,6 +2077,10 @@ dnl ----------------------------------------------------------------
 dnl SQL
 ol_link_sql=no
 if test $ol_enable_sql != no ; then
+	AC_CHECK_HEADERS(sql.h sqlext.h,[],[
+		AC_MSG_ERROR([could not locate SQL headers])
+	])
+
 	AC_CHECK_LIB(iodbc,SQLDriverConnect,[have_iodbc=yes],[have_iodbc=no])
 	if test $have_iodbc = yes ; then
 		ol_link_sql="-liodbc"

include/portable.h.in

@@ -482,6 +482,12 @@
 /* Define if you have the <slp.h> header file.  */
 #undef HAVE_SLP_H
 
+/* Define if you have the <sql.h> header file.  */
+#undef HAVE_SQL_H
+
+/* Define if you have the <sqlext.h> header file.  */
+#undef HAVE_SQLEXT_H
+
 /* Define if you have the <ssl.h> header file.  */
 #undef HAVE_SSL_H
 

libraries/libldbm/ldbm.c

@@ -91,6 +91,12 @@ static ldap_pvt_thread_mutex_t ldbm_big_mutex;
 DB_ENV *ldbm_Env = NULL;	/* real or fake, depending on db and version */
 #endif
 
+/* Let's make the version comparisons a little easier... */
+#undef DB_VERSION_X
+#ifdef HAVE_BERKELEY_DB
+#define	DB_VERSION_X	((DB_VERSION_MAJOR<<16)|(DB_VERSION_MINOR<<8)|DB_VERSION_PATCH)
+#endif
+
 /*******************************************************************
  *                                                                 *
  *  Create some special functions to initialize Berkeley DB for    *
@@ -231,7 +237,7 @@ DB_ENV *ldbm_initialize_env(const char *home, int dbcachesize, int *envdirok)
 		return NULL;
 	}
 
-#if DB_VERSION_MAJOR > 3 || DB_VERSION_MINOR >= 3
+#if DB_VERSION_X >= 0x030300
 	/* This interface appeared in 3.3 */
 	env->set_alloc( env, ldbm_malloc, NULL, NULL );
 #endif
@@ -253,7 +259,7 @@ DB_ENV *ldbm_initialize_env(const char *home, int dbcachesize, int *envdirok)
 	envFlags |= DB_THREAD;
 #endif
 
-#if DB_VERSION_MAJOR > 3 || DB_VERSION_MINOR > 0
+#if DB_VERSION_X >= 0x030100
 	err = env->open( env, home, envFlags, 0 );
 #else
 	/* 3.0.x requires an extra argument */
@@ -321,7 +327,7 @@ ldbm_open( DB_ENV *env, char *name, int rw, int mode, int dbcachesize )
 		return NULL;
 	}
 
-#if DB_VERSION_MAJOR == 3 && DB_VERSION_MINOR < 3
+#if DB_VERSION_X < 0x030300
 	ret->set_malloc( ret, ldbm_malloc );
 #endif
 
@@ -335,7 +341,7 @@ ldbm_open( DB_ENV *env, char *name, int rw, int mode, int dbcachesize )
 	__atoe(n2);
 	name = n2;
 #endif
-#if DB_VERSION_MAJOR >= 4 && DB_VERSION_MINOR > 0 && DB_VERSION_PATCH >= 17
+#if DB_VERSION_X >= 0x040111
 	err = ret->open( ret, NULL, name, NULL, DB_TYPE, rw, mode);
 #else
 	err = ret->open( ret, name, NULL, DB_TYPE, rw, mode);
@@ -514,7 +520,7 @@ ldbm_firstkey( LDBM ldbm, LDBMCursor **dbch )
 	LDBM_RLOCK;
 
 	/* acquire a cursor for the DB */
-# if DB_VERSION_MAJOR >= 3 || (DB_VERSION_MAJOR == 2 && DB_VERSION_MINOR > 5)
+# if DB_VERSION_X >= 0x020600
 	rc = ldbm->cursor( ldbm, NULL, &dbci, 0 );
 # else
 	rc = ldbm->cursor( ldbm, NULL, &dbci );

servers/slapd/ad.c

@@ -601,8 +601,16 @@ an_find(
 	return( 0 );
 }
 
-/* Convert a delimited string into a list of AttributeNames; Add on
- * to an existing list if it was given.
+/*
+ * Convert a delimited string into a list of AttributeNames; 
+ * add on to an existing list if it was given.  If the string
+ * is not a valid attribute name, if a '-' is prepended it is 
+ * skipped and the remaining name is tried again; if a '+' is
+ * prepended, an objectclass name is searched instead.
+ * 
+ * NOTE: currently, if a valid attribute name is not found,
+ * the same string is also checked as valid objectclass name;
+ * however, this behavior is deprecated.
  */
 AttributeName *
 str2anlist( AttributeName *an, char *in, const char *brkstr )
@@ -647,11 +655,15 @@ str2anlist( AttributeName *an, char *in, const char *brkstr )
 					slap_bv2ad(&adname, &anew->an_desc, &text);
 					if ( !anew->an_desc ) {
 						free( an );
-						/* overwrites input string on error! */
+						/*
+						 * overwrites input string
+						 * on error!
+						 */
 						strcpy( in, s );
 						return NULL;
 					}
 				} break;
+
 			case '+': {
 					struct berval ocname;
 					ocname.bv_len = anew->an_name.bv_len - 1;
@@ -659,11 +671,15 @@ str2anlist( AttributeName *an, char *in, const char *brkstr )
 					anew->an_oc = oc_bvfind( &ocname );
 					if ( !anew->an_oc ) {
 						free( an );
-						/* overwrites input string on error! */
+						/*
+						 * overwrites input string
+						 * on error!
+						 */
 						strcpy( in, s );
 						return NULL;
 					}
 				} break;
+
 			default:
 				/* old (deprecated) way */
 				anew->an_oc = oc_bvfind( &anew->an_name );

servers/slapd/at.c

@@ -605,7 +605,8 @@ at_schema_info( Entry *e )
 			return -1;
 		}
 
-		attr_merge( e, ad_attributeTypes, vals );
+		if( attr_merge( e, ad_attributeTypes, vals ) )
+			return -1;
 		ldap_memfree( vals[0].bv_val );
 	}
 	return 0;

servers/slapd/back-bdb/cache.c

@@ -45,6 +45,7 @@ static int	bdb_cache_delete_entry_internal(Cache *cache, Entry *e);
 static void	bdb_lru_print(Cache *cache);
 #endif
 
+#if 0	/* unused */
 static int
 bdb_cache_entry_rdwr_lock(Entry *e, int rw)
 {
@@ -98,6 +99,7 @@ bdb_cache_entry_rdwr_unlock(Entry *e, int rw)
 	else
 		return ldap_pvt_thread_rdwr_runlock(&BEI(e)->bei_rdwr);
 }
+#endif	/* unused */
 
 static int
 bdb_cache_entry_rdwr_init(Entry *e)

servers/slapd/back-bdb/config.c

@@ -126,7 +126,7 @@ bdb_db_config(
 		if( rc != LDAP_SUCCESS ) return 1;
 
 	/* size of the cache in entries */
-         } else if ( strcasecmp( argv[0], "cachesize" ) == 0 ) {
+        } else if ( strcasecmp( argv[0], "cachesize" ) == 0 ) {
                  if ( argc < 2 ) {
                          fprintf( stderr,
                  "%s: line %d: missing size in \"cachesize <size>\" line\n",

servers/slapd/back-bdb/idl.c

@@ -185,6 +185,7 @@ int bdb_idl_insert( ID *ids, ID id )
 	return 0;
 }
 
+#if 0	/* unused */
 static int idl_delete( ID *ids, ID id )
 {
 	unsigned x = bdb_idl_search( ids, id );
@@ -228,6 +229,7 @@ static int idl_delete( ID *ids, ID id )
 
 	return 0;
 }
+#endif	/* unused */
 
 static char *
 bdb_show_key(

servers/slapd/back-bdb/init.c

@@ -37,13 +37,13 @@ struct berval bdb_uuid = { 0, NULL };
 typedef void * db_malloc(size_t);
 typedef void * db_realloc(void *, size_t);
 
+#if 0
 static int
 bdb_open( BackendInfo *bi )
 {
 	return 0;
 }
 
-#if 0
 static int
 bdb_destroy( BackendInfo *bi )
 {
@@ -516,7 +516,7 @@ bdb_initialize(
 #ifdef NEW_LOGGING
 	LDAP_LOG( BACK_BDB, ENTRY, "bdb_db_initialize\n", 0, 0, 0 );
 #else
-	Debug( LDAP_DEBUG_TRACE, "bdb_open: initialize BDB backend\n",
+	Debug( LDAP_DEBUG_TRACE, "bdb_initialize: initialize BDB backend\n",
 		0, 0, 0 );
 #endif
 
@@ -545,7 +545,7 @@ bdb_initialize(
 				"\texpected: %s \tgot: %s\n", DB_VERSION_STRING, version, 0 );
 #else
 			Debug( LDAP_DEBUG_ANY,
-				"bdb_open: version mismatch\n"
+				"bdb_initialize: version mismatch\n"
 				"\texpected: " DB_VERSION_STRING "\n"
 				"\tgot: %s \n", version, 0, 0 );
 #endif
@@ -553,9 +553,9 @@ bdb_initialize(
 
 #ifdef NEW_LOGGING
 		LDAP_LOG( BACK_BDB, DETAIL1, 
-			"bdb_db_initialize: bdb_open: %s\n", version, 0, 0 );
+			"bdb_db_initialize: %s\n", version, 0, 0 );
 #else
-		Debug( LDAP_DEBUG_ANY, "bdb_open: %s\n",
+		Debug( LDAP_DEBUG_ANY, "bdb_initialize: %s\n",
 			version, 0, 0 );
 #endif
 	}

servers/slapd/back-ldap/add.c

@@ -95,12 +95,12 @@ ldap_back_add(
  		
  	case REWRITE_REGEXEC_UNWILLING:
  		send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
- 				NULL, "Unwilling to perform", NULL, NULL );
+ 				NULL, "Operation not allowed", NULL, NULL );
 		return( -1 );
 	       	
 	case REWRITE_REGEXEC_ERR:
  		send_ldap_result( conn, op, LDAP_OTHER,
- 				NULL, "Operations error", NULL, NULL );
+ 				NULL, "Rewrite error", NULL, NULL );
 		return( -1 );
 	}
 #else /* !ENABLE_REWRITE */
@@ -154,12 +154,15 @@ ldap_back_add(
 #ifdef ENABLE_REWRITE
 		/*
 		 * FIXME: dn-valued attrs should be rewritten
-		 * to allow their use in ACLs at the back-ldap
-		 * level.
+		 * to allow their use in ACLs at back-ldap level.
 		 */
 		if ( strcmp( a->a_desc->ad_type->sat_syntax->ssyn_oid,
 					SLAPD_DN_SYNTAX ) == 0 ) {
-			ldap_dnattr_rewrite( li->rwinfo, a->a_vals, conn );
+			/*
+			 * FIXME: rewrite could fail; in this case
+			 * the operation should give up, right?
+			 */
+			(void)ldap_dnattr_rewrite( li->rwinfo, a->a_vals, conn );
 		}
 #endif /* ENABLE_REWRITE */
 

servers/slapd/back-ldap/bind.c

@@ -102,12 +102,12 @@ ldap_back_bind(
 		
 	case REWRITE_REGEXEC_UNWILLING:
 		send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
-				NULL, "Unwilling to perform", NULL, NULL );
+				NULL, "Operation not allowed", NULL, NULL );
 		return( -1 );
 
 	case REWRITE_REGEXEC_ERR:
 		send_ldap_result( conn, op, LDAP_OTHER,
-				NULL, "Operations error", NULL, NULL );
+				NULL, "Rewrite error", NULL, NULL );
 		return( -1 );
 	}
 #else /* !ENABLE_REWRITE */
@@ -228,7 +228,7 @@ ldap_back_getconn(struct ldapinfo *li, Connection *conn, Operation *op)
 		if (err != LDAP_SUCCESS) {
 			err = ldap_back_map_result(err);
 			send_ldap_result( conn, op, err,
-				NULL, "ldap_init failed", NULL, NULL );
+				NULL, "ldap_initialize() failed", NULL, NULL );
 			return( NULL );
 		}
 		/* Set LDAP version. This will always succeed: If the client
@@ -263,7 +263,8 @@ ldap_back_getconn(struct ldapinfo *li, Connection *conn, Operation *op)
 						&lc->bound_dn.bv_val ) ) {
 			case REWRITE_REGEXEC_OK:
 				if ( lc->bound_dn.bv_val == NULL ) {
-					ber_dupbv( &lc->bound_dn, &lc->conn->c_dn );
+					ber_dupbv( &lc->bound_dn,
+							&lc->conn->c_dn );
 				}
 #ifdef NEW_LOGGING
 				LDAP_LOG( BACK_LDAP, DETAIL1, 
@@ -283,25 +284,28 @@ ldap_back_getconn(struct ldapinfo *li, Connection *conn, Operation *op)
 			case REWRITE_REGEXEC_UNWILLING:
 				send_ldap_result( conn, op,
 						LDAP_UNWILLING_TO_PERFORM,
-						NULL, "Unwilling to perform",
+						NULL, "Operation not allowed",
 						NULL, NULL );
 				return( NULL );
 				
 			case REWRITE_REGEXEC_ERR:
 				send_ldap_result( conn, op,
 						LDAP_OTHER,
-						NULL, "Operations error",
+						NULL, "Rewrite error",
 						NULL, NULL );
 				return( NULL );
 			}
+
 #else /* !ENABLE_REWRITE */
 			struct berval bv;
 			ldap_back_dn_massage( li, &lc->conn->c_dn, &bv, 0, 1 );
-			if ( bv.bv_val == lc->conn->c_dn.bv_val )
+			if ( bv.bv_val == lc->conn->c_dn.bv_val ) {
 				ber_dupbv( &lc->bound_dn, &bv );
-			else
+			} else {
 				lc->bound_dn = bv;
+			}
 #endif /* !ENABLE_REWRITE */
+
 		} else {
 			lc->bound_dn.bv_val = NULL;
 			lc->bound_dn.bv_len = 0;

servers/slapd/back-ldap/compare.c

@@ -85,12 +85,12 @@ ldap_back_compare(
 		
 	case REWRITE_REGEXEC_UNWILLING:
 		send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
-				NULL, "Unwilling to perform", NULL, NULL );
+				NULL, "Operation not allowed", NULL, NULL );
 		return( -1 );
 		
 	case REWRITE_REGEXEC_ERR:
 		send_ldap_result( conn, op, LDAP_OTHER,
-				NULL, "Operations error", NULL, NULL );
+				NULL, "Rewrite error", NULL, NULL );
 		return( -1 );
 	}
 #else /* !ENABLE_REWRITE */

servers/slapd/back-ldap/delete.c

@@ -85,12 +85,12 @@ ldap_back_delete(
 		
 	case REWRITE_REGEXEC_UNWILLING:
 		send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
-				NULL, "Unwilling to perform", NULL, NULL );
+				NULL, "Operation not allowed", NULL, NULL );
 		return( -1 );
 
 	case REWRITE_REGEXEC_ERR:
 		send_ldap_result( conn, op, LDAP_OTHER,
-				NULL, "Operations error", NULL, NULL );
+				NULL, "Rewrite error", NULL, NULL );
 		return( -1 );
 	}
 #else /* !ENABLE_REWRITE */

servers/slapd/back-ldap/modify.c

@@ -89,12 +89,12 @@ ldap_back_modify(
 		
 	case REWRITE_REGEXEC_UNWILLING:
 		send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
-				NULL, "Unwilling to perform", NULL, NULL );
+				NULL, "Operation not allowed", NULL, NULL );
 		return( -1 );
 
 	case REWRITE_REGEXEC_ERR:
 		send_ldap_result( conn, op, LDAP_OTHER,
-				NULL, "Operations error", NULL, NULL );
+				NULL, "Rewrite error", NULL, NULL );
 		return( -1 );
 	}
 #else /* !ENABLE_REWRITE */
@@ -139,13 +139,18 @@ ldap_back_modify(
 					ml->sml_bvalues, conn );
 		}
 #endif /* ENABLE_REWRITE */
-	
-		for (j = 0; ml->sml_bvalues[j].bv_val; j++);
-		mods[i].mod_bvalues = (struct berval **)ch_malloc((j+1) *
-			sizeof(struct berval *));
-		for (j = 0; ml->sml_bvalues[j].bv_val; j++)
-			mods[i].mod_bvalues[j] = &ml->sml_bvalues[j];
-		mods[i].mod_bvalues[j] = NULL;
+
+		if ( ml->sml_bvalues != NULL ) {	
+			for (j = 0; ml->sml_bvalues[j].bv_val; j++);
+			mods[i].mod_bvalues = (struct berval **)ch_malloc((j+1) *
+				sizeof(struct berval *));
+			for (j = 0; ml->sml_bvalues[j].bv_val; j++)
+				mods[i].mod_bvalues[j] = &ml->sml_bvalues[j];
+			mods[i].mod_bvalues[j] = NULL;
+		} else {
+			mods[i].mod_bvalues = NULL;
+		}
+
 		i++;
 	}
 	modv[i] = 0;

servers/slapd/back-ldap/modrdn.c

@@ -96,13 +96,13 @@ ldap_back_modrdn(
 
 		case REWRITE_REGEXEC_UNWILLING:
 			send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
-					NULL, "Unwilling to perform",
+					NULL, "Operation not allowed",
 					NULL, NULL );
 			return( -1 );
 
 		case REWRITE_REGEXEC_ERR:
 			send_ldap_result( conn, op, LDAP_OTHER,
-					NULL, "Operations error",
+					NULL, "Rewrite error",
 					NULL, NULL );
 			return( -1 );
 		}
@@ -134,12 +134,12 @@ ldap_back_modrdn(
 		
 	case REWRITE_REGEXEC_UNWILLING:
 		send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
-				NULL, "Unwilling to perform", NULL, NULL );
+				NULL, "Operation not allowed", NULL, NULL );
 		return( -1 );
 
 	case REWRITE_REGEXEC_ERR:
 		send_ldap_result( conn, op, LDAP_OTHER,
-				NULL, "Operations error", NULL, NULL );
+				NULL, "Rewrite error", NULL, NULL );
 		return( -1 );
 	}
 #else /* !ENABLE_REWRITE */

servers/slapd/back-ldap/search.c

@@ -172,13 +172,13 @@ ldap_back_search(
 		
 	case REWRITE_REGEXEC_UNWILLING:
 		send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
-				NULL, "Unwilling to perform", NULL, NULL );
+				NULL, "Operation not allowed", NULL, NULL );
 		rc = -1;
 		goto finish;
 
 	case REWRITE_REGEXEC_ERR:
 		send_ldap_result( conn, op, LDAP_OTHER,
-				NULL, "Operations error", NULL, NULL );
+				NULL, "Rewrite error", NULL, NULL );
 		rc = -1;
 		goto finish;
 	}
@@ -211,8 +211,13 @@ ldap_back_search(
 		
 	case REWRITE_REGEXEC_UNWILLING:
 		send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
-				NULL, "Unwilling to perform", NULL, NULL );
+				NULL, "Operation not allowed", NULL, NULL );
+		rc = -1;
+		goto finish;
+
 	case REWRITE_REGEXEC_ERR:
+		send_ldap_result( conn, op, LDAP_OTHER,
+				NULL, "Rewrite error", NULL, NULL );
 		rc = -1;
 		goto finish;
 	}
@@ -251,9 +256,9 @@ ldap_back_search(
 		mapped_attrs[count] = NULL;
 	}
 
-	if ((msgid = ldap_search(lc->ld, mbase.bv_val, scope, mapped_filter, mapped_attrs,
-		attrsonly)) == -1)
-	{
+	msgid = ldap_search(lc->ld, mbase.bv_val, scope, mapped_filter,
+			mapped_attrs, attrsonly);
+	if ( msgid == -1 ) {
 fail:;
 		rc = ldap_back_op_result(lc, op);
 		goto finish;
@@ -364,19 +369,18 @@ fail:;
 			break;
 			
 		case REWRITE_REGEXEC_UNWILLING:
-			send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
-					NULL, "Unwilling to perform",
-				       	NULL, NULL );
 			
 		case REWRITE_REGEXEC_ERR:
-			rc = -1;
-			goto finish;
+			/* FIXME: no error, but no matched ... */
+			mmatch = NULL;
+			break;
 		}
 	}
 
 	if ( v2refs ) {
 		sres = LDAP_REFERRAL;
 	}
+
 	send_search_result( conn, op, sres,
 		mmatch, err, v2refs, NULL, count );
 

servers/slapd/back-meta/add.c

@@ -131,12 +131,12 @@ meta_back_add(
  		
  	case REWRITE_REGEXEC_UNWILLING:
  		send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
- 				NULL, NULL, NULL, NULL );
+ 				NULL, "Operation not allowed", NULL, NULL );
 		return -1;
 	       	
 	case REWRITE_REGEXEC_ERR:
  		send_ldap_result( conn, op, LDAP_OTHER,
- 				NULL, NULL, NULL, NULL );
+ 				NULL, "Rewrite error", NULL, NULL );
 		return -1;
 	}
 

servers/slapd/back-meta/compare.c

@@ -138,7 +138,7 @@ meta_back_compare(
 		
 		case REWRITE_REGEXEC_UNWILLING:
 			send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
-					NULL, "Unwilling to perform",
+					NULL, "Operation not allowed",
 					NULL, NULL );
 			return -1;
 			
@@ -324,7 +324,7 @@ finish:;
 		
 		case REWRITE_REGEXEC_UNWILLING:
 			send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
-					NULL, "Unwilling to perform",
+					NULL, "Operation not allowed",
 					NULL, NULL );
 			rc = -1;
 			goto cleanup;

servers/slapd/back-meta/conn.c

@@ -286,7 +286,7 @@ init_one_conn(
 		case REWRITE_REGEXEC_UNWILLING:
 			send_ldap_result( conn, op,
 					LDAP_UNWILLING_TO_PERFORM,
-					NULL, "Unwilling to perform",
+					NULL, "Operation not allowed",
 					NULL, NULL );
 			return LDAP_UNWILLING_TO_PERFORM;
 			

servers/slapd/back-meta/delete.c

@@ -118,12 +118,12 @@ meta_back_delete(
 		
 	case REWRITE_REGEXEC_UNWILLING:
 		send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
-				NULL, NULL, NULL, NULL );
+				NULL, "Operation not allowed", NULL, NULL );
 		return -1;
 
 	case REWRITE_REGEXEC_ERR:
 		send_ldap_result( conn, op, LDAP_OTHER,
-				NULL, NULL, NULL, NULL );
+				NULL, "Rewrite error", NULL, NULL );
 		return -1;
 	}
 	

servers/slapd/back-meta/modify.c

@@ -122,12 +122,12 @@ meta_back_modify(
 		
 	case REWRITE_REGEXEC_UNWILLING:
 		send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
-				NULL, NULL, NULL, NULL );
+				NULL, "Operation not allowed", NULL, NULL );
 		return -1;
 
 	case REWRITE_REGEXEC_ERR:
 		send_ldap_result( conn, op, LDAP_OTHER,
-				NULL, NULL, NULL, NULL );
+				NULL, "Rewrite error", NULL, NULL );
 		return -1;
 	}
 
@@ -179,12 +179,18 @@ meta_back_modify(
 				ml->sml_bvalues, conn );
 		}
 
-		for (j = 0; ml->sml_bvalues[ j ].bv_val; j++);
-		mods[ i ].mod_bvalues = (struct berval **)ch_malloc((j+1) *
-			sizeof(struct berval *));
-		for (j = 0; ml->sml_bvalues[ j ].bv_val; j++)
-			mods[ i ].mod_bvalues[ j ] = &ml->sml_bvalues[j];
-		mods[ i ].mod_bvalues[ j ] = NULL;
+		if ( ml->sml_bvalues != NULL ){
+			for (j = 0; ml->sml_bvalues[ j ].bv_val; j++);
+			mods[ i ].mod_bvalues = (struct berval **)ch_malloc((j+1) *
+				sizeof(struct berval *));
+			for (j = 0; ml->sml_bvalues[ j ].bv_val; j++)
+				mods[ i ].mod_bvalues[ j ] = &ml->sml_bvalues[j];
+			mods[ i ].mod_bvalues[ j ] = NULL;
+
+		} else {
+			mods[ i ].mod_bvalues = NULL;
+		}
+
 		i++;
 	}
 	modv[ i ] = 0;

servers/slapd/back-meta/modrdn.c

@@ -155,12 +155,13 @@ meta_back_modrdn(
 
 		case REWRITE_REGEXEC_UNWILLING:
 			send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
-					NULL, NULL, NULL, NULL );
+					NULL, "Operation not allowed", 
+					NULL, NULL );
 			return -1;
 
 		case REWRITE_REGEXEC_ERR:
 			send_ldap_result( conn, op, LDAP_OTHER,
-					NULL, NULL, NULL, NULL );
+					NULL, "Rewrite error", NULL, NULL );
 			return -1;
 		}
 	}
@@ -185,12 +186,12 @@ meta_back_modrdn(
 		
 	case REWRITE_REGEXEC_UNWILLING:
 		send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
-				NULL, NULL, NULL, NULL );
+				NULL, "Operation not allowed", NULL, NULL );
 		return -1;
 
 	case REWRITE_REGEXEC_ERR:
 		send_ldap_result( conn, op, LDAP_OTHER,
-				NULL, NULL, NULL, NULL );
+				NULL, "Rewrite error", NULL, NULL );
 		return -1;
 	}
 

servers/slapd/back-meta/search.c

@@ -296,13 +296,14 @@ meta_back_search(
 		
 		case REWRITE_REGEXEC_UNWILLING:
 			send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
-					NULL, NULL, NULL, NULL );
+					NULL, "Operation not allowed",
+					NULL, NULL );
 			rc = -1;
 			goto finish;
 
 		case REWRITE_REGEXEC_ERR:
 			send_ldap_result( conn, op, LDAP_OTHER,
-					NULL, NULL, NULL, NULL );
+					NULL, "rewrite error", NULL, NULL );
 			rc = -1;
 			goto finish;
 		}
@@ -335,13 +336,14 @@ meta_back_search(
 		
 		case REWRITE_REGEXEC_UNWILLING:
 			send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
-					NULL, NULL, NULL, NULL );
+					NULL, "Operation not allowed",
+					NULL, NULL );
 			rc = -1;
 			goto finish;
 
 		case REWRITE_REGEXEC_ERR:
 			send_ldap_result( conn, op, LDAP_OTHER,
-					NULL, NULL, NULL, NULL );
+					NULL, "Rewrite error", NULL, NULL );
 			rc = -1;
 			goto finish;
 		}
@@ -601,16 +603,11 @@ meta_back_search(
 			break;
 			
 		case REWRITE_REGEXEC_UNWILLING:
-			send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
-					NULL, NULL, NULL, NULL );
-			rc = -1;
-			goto finish;
 			
 		case REWRITE_REGEXEC_ERR:
-			send_ldap_result( conn, op, LDAP_OTHER,
-					NULL, NULL, NULL, NULL );
-			rc = -1;
-			goto finish;
+			/* FIXME: no error, but no matched ... */
+			mmatch = NULL;
+			break;
 		}
 	}
 
@@ -691,8 +688,10 @@ meta_send_entry(
 		}
 		break;
 		
-	case REWRITE_REGEXEC_ERR:
 	case REWRITE_REGEXEC_UNWILLING:
+		return LDAP_UNWILLING_TO_PERFORM;
+
+	case REWRITE_REGEXEC_ERR:
 		return LDAP_OTHER;
 	}
 

servers/slapd/back-sql/config.c

@@ -12,7 +12,7 @@
 #ifdef SLAPD_SQL
 
 #include <stdio.h>
-#include <string.h>
+#include "ac/string.h"
 #include <sys/types.h>
 #include "slap.h"
 #include "back-sql.h"

servers/slapd/back-sql/modify.c

@@ -13,7 +13,7 @@
 
 #include <stdio.h>
 #include <sys/types.h>
-#include <string.h>
+#include "ac/string.h"
 #include "slap.h"
 #include "ldap_pvt.h"
 #include "back-sql.h"

servers/slapd/back-sql/other.c

@@ -70,10 +70,7 @@ backsql_operational(
 
 
 	if ( ( opattrs || ad_inlist( slap_schema.si_ad_hasSubordinates, attrs ) ) 
-#ifdef SLAP_X_FILTER_HASSUBORDINATES
-			&& attr_find( e->e_attrs, slap_schema.si_ad_hasSubordinates ) == NULL
-#endif /* SLAP_X_FILTER_HASSUBORDINATES */
-			) {
+			&& attr_find( e->e_attrs, slap_schema.si_ad_hasSubordinates ) == NULL ) {
 		
 		rc = backsql_get_db_conn( be, conn, &dbh );
 		if ( rc != LDAP_SUCCESS ) {

servers/slapd/back-sql/schema-map.c

@@ -13,7 +13,7 @@
 
 #include <stdio.h>
 #include <sys/types.h>
-#include <string.h>
+#include "ac/string.h"
 #include "slap.h"
 #include "lber_pvt.h"
 #include "ldap_pvt.h"

servers/slapd/back-sql/search.c

@@ -386,7 +386,6 @@ backsql_process_filter( backsql_srch_info *bsi, Filter *f )
 				&bsi->oc->oc->soc_cname, 
 				'\'' );
 
-#if defined(SLAP_X_FILTER_HASSUBORDINATES) || defined(SLAP_X_MRA_MATCH_DNATTRS)
 	} else if ( ad == slap_schema.si_ad_hasSubordinates || ad == NULL ) {
 		/*
 		 * FIXME: this is not robust; e.g. a filter
@@ -416,7 +415,6 @@ backsql_process_filter( backsql_srch_info *bsi, Filter *f )
 			backsql_attrlist_add( bsi, NULL );
 		}
 		goto done;
-#endif /* SLAP_X_FILTER_HASSUBORDINATES || SLAP_X_MRA_MATCH_DNATTRS */
 		
 	} else {
 		at = backsql_ad2at( bsi->oc, ad );
@@ -1145,10 +1143,8 @@ backsql_search(
 	 */
 	for ( eid = srch_info.id_list; eid != NULL; 
 			eid = backsql_free_entryID( eid, 1 ) ) {
-#ifdef SLAP_X_FILTER_HASSUBORDINATES
 		Attribute	*hasSubordinate = NULL,
 				*a = NULL;
-#endif /* SLAP_X_FILTER_HASSUBORDINATES */
 
 		/* check for abandon */
 		if ( op->o_abandon ) {
@@ -1186,7 +1182,6 @@ backsql_search(
 			continue;
 		}
 
-#ifdef SLAP_X_FILTER_HASSUBORDINATES
 		/*
 		 * We use this flag since we need to parse the filter
 		 * anyway; we should have used the frontend API function
@@ -1224,18 +1219,15 @@ backsql_search(
 				continue;
 			}
 		}
-#endif /* SLAP_X_FILTER_HASSUBORDINATES */
 
 		if ( test_filter( be, conn, op, entry, filter ) 
 				== LDAP_COMPARE_TRUE ) {
-#ifdef SLAP_X_FILTER_HASSUBORDINATES
 			if ( hasSubordinate && !( srch_info.bsi_flags & BSQL_SF_ALL_OPER ) 
 					&& !ad_inlist( slap_schema.si_ad_hasSubordinates, attrs ) ) {
 				a->a_next = NULL;
 				attr_free( hasSubordinate );
 				hasSubordinate = NULL;
 			}
-#endif /* SLAP_X_FILTER_HASSUBORDINATES */
 
 #if 0	/* noop is masked SLAP_CTRL_UPDATE */
 			if ( op->o_noop ) {

servers/slapd/config.c

@@ -1605,7 +1605,8 @@ read_config( const char *fname, int depth )
 
 			vals[0].bv_val = cargv[1];
 			vals[0].bv_len = strlen( vals[0].bv_val );
-			value_add( &default_referral, vals );
+			if( value_add( &default_referral, vals ) )
+				return LDAP_OTHER;
 
 #ifdef NEW_LOGGING
                 } else if ( strcasecmp( cargv[0], "logfile" ) == 0 ) {
@@ -1989,7 +1990,8 @@ read_config( const char *fname, int depth )
 
 			vals[0].bv_val = cargv[1];
 			vals[0].bv_len = strlen( vals[0].bv_val );
-			value_add( &be->be_update_refs, vals );
+			if( value_add( &be->be_update_refs, vals ) )
+				return LDAP_OTHER;
 
 		/* replication log file to which changes are appended */
 		} else if ( strcasecmp( cargv[0], "replogfile" ) == 0 ) {

servers/slapd/cr.c

@@ -409,7 +409,8 @@ cr_schema_info( Entry *e )
 		Debug( LDAP_DEBUG_TRACE, "Merging cr [%ld] %s\n",
 	       (long) vals[0].bv_len, vals[0].bv_val, 0 );
 #endif
-		attr_merge( e, ad_ditContentRules, vals );
+		if( attr_merge( e, ad_ditContentRules, vals ) )
+			return -1;
 		ldap_memfree( vals[0].bv_val );
 	}
 #endif

servers/slapd/filter.c

@@ -1531,92 +1531,3 @@ return_error:
 	return( LDAP_SUCCESS );
 }
 
-#ifdef SLAP_X_FILTER_HASSUBORDINATES
-static int filter_has_subordinates_list(
-	Filter		*filter );
-
-/*
- * FIXME: we could detect the need to filter
- * for hasSubordinates when parsing the filter ...
- */
-
-static int
-filter_has_subordinates_list(
-	Filter		*fl )
-{
-	Filter			*f;
-
-	for ( f = fl; f != NULL; f = f->f_next ) {
-		int	rc;
-
-		rc = filter_has_subordinates( f );
-
-		if ( rc ) {
-			return rc;
-		}
-	}
-
-	return 0;
-}
-
-int
-filter_has_subordinates(
-	Filter		*f )
-{
-	AttributeDescription	*ad = NULL;
-
-	switch ( f->f_choice ) {
-	case LDAP_FILTER_PRESENT:
-		ad = f->f_desc;
-		break;
-
-	case LDAP_FILTER_EQUALITY:
-	case LDAP_FILTER_APPROX:
-	case LDAP_FILTER_GE:
-	case LDAP_FILTER_LE:
-		ad = f->f_ava->aa_desc;
-		break;
-
-	case LDAP_FILTER_SUBSTRINGS:
-		ad = f->f_sub_desc;
-		break;
-
-	case LDAP_FILTER_EXT:
-		/* could be null; however here it is harmless */
-		ad = f->f_mra->ma_desc;
-		break;
-
-	case LDAP_FILTER_NOT:
-		return filter_has_subordinates( f->f_not );
-
-	case LDAP_FILTER_AND:
-		return filter_has_subordinates_list( f->f_and );
-
-	case LDAP_FILTER_OR:
-		return filter_has_subordinates_list( f->f_or );
-
-	case SLAPD_FILTER_COMPUTED:
-		/*
-		 * something wrong?
-		 */
-		return 0;
-
-	default:
-		/*
-		 * this means a new type of filter has been implemented,
-		 * which is not handled yet in this function; we should
-		 * issue a developer's warning, e.g. an assertion
-		 */
-		assert( 0 );
-		return -1;
-	}
-
-	if ( ad == slap_schema.si_ad_hasSubordinates ) {
-		return 1;
-	}
-
-	return 0;
-}
-
-#endif /* SLAP_X_FILTER_HASSUBORDINATES */
-

servers/slapd/main.c

@@ -467,7 +467,7 @@ int main( int argc, char **argv )
 #else
 		Debug( LDAP_DEBUG_ANY,
 		    "main: TLS init def ctx failed: %d\n",
-		    0, 0, 0 );
+		    rc, 0, 0 );
 #endif
 		rc = 1;
 		SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 20 );

servers/slapd/module.c

@@ -171,7 +171,7 @@ int module_load(const char* file_name, int argc, char *argv[])
 #ifdef NEW_LOGGING
 		LDAP_LOG( SLAPD, ERR, 
 			"module_load: module %s: unknown registration type (%d).\n", 
-			file_name, 0);
+			file_name, rc, 0);
 #else
 		Debug(LDAP_DEBUG_CONFIG, "module %s: unknown registration type (%d)\n",
 			file_name, rc, 0);

servers/slapd/mr.c

@@ -473,7 +473,8 @@ int mr_schema_info( Entry *e )
 		Debug( LDAP_DEBUG_TRACE, "Merging mr [%lu] %s\n",
 			mr->smr_str.bv_len, mr->smr_str.bv_val, 0 );
 #endif
-		attr_merge_one( e, ad_matchingRules, &mr->smr_str );
+		if( attr_merge_one( e, ad_matchingRules, &mr->smr_str ) )
+			return -1;
 	}
 	return 0;
 }
@@ -500,7 +501,8 @@ int mru_schema_info( Entry *e )
 		Debug( LDAP_DEBUG_TRACE, "Merging mru [%lu] %s\n",
 			mru->smru_str.bv_len, mru->smru_str.bv_val, 0 );
 #endif
-		attr_merge_one( e, ad_matchingRuleUse, &mru->smru_str );
+		if( attr_merge_one( e, ad_matchingRuleUse, &mru->smru_str ) )
+			return -1;
 	}
 	return 0;
 }

servers/slapd/oc.c

@@ -491,7 +491,8 @@ oc_schema_info( Entry *e )
 		Debug( LDAP_DEBUG_TRACE, "Merging oc [%ld] %s\n",
 	       (long) vals[0].bv_len, vals[0].bv_val, 0 );
 #endif
-		attr_merge( e, ad_objectClasses, vals );
+		if( attr_merge( e, ad_objectClasses, vals ) )
+			return -1;
 		ldap_memfree( vals[0].bv_val );
 	}
 	return 0;

servers/slapd/result.c

@@ -38,7 +38,16 @@ static char *v2ref( BerVarray ref, const char *text )
 		}
 	}
 
-	v2 = ch_malloc( len+i+sizeof("Referral:") );
+	v2 = SLAP_MALLOC( len+i+sizeof("Referral:") );
+	if( v2 == NULL ) {
+#ifdef NEW_LOGGING
+		LDAP_LOG( OPERATION, ERR, "v2ref: SLAP_MALLOC failed", 0, 0, 0 );
+#else
+		Debug( LDAP_DEBUG_ANY, "v2ref: SLAP_MALLOC failed", 0, 0, 0 );
+#endif
+		return NULL;
+	}
+
 	if( text != NULL ) {
 		strcpy(v2, text);
 		if( i ) {
@@ -49,7 +58,15 @@ static char *v2ref( BerVarray ref, const char *text )
 	len += sizeof("Referral:");
 
 	for( i=0; ref[i].bv_val != NULL; i++ ) {
-		v2 = ch_realloc( v2, len + ref[i].bv_len + 1 );
+		v2 = SLAP_REALLOC( v2, len + ref[i].bv_len + 1 );
+		if( v2 == NULL ) {
+#ifdef NEW_LOGGING
+			LDAP_LOG( OPERATION, ERR, "v2ref: SLAP_MALLOC failed", 0, 0, 0 );
+#else
+			Debug( LDAP_DEBUG_ANY, "v2ref: SLAP_MALLOC failed", 0, 0, 0 );
+#endif
+			return NULL;
+		}
 		v2[len-1] = '\n';
 		AC_MEMCPY(&v2[len], ref[i].bv_val, ref[i].bv_len );
 		len += ref[i].bv_len;
@@ -772,7 +789,23 @@ send_search_entry(
 		size = i * sizeof(char *) + k;
 		if ( size > 0 ) {
 			char	*a_flags;
-			e_flags = ch_calloc ( 1, i * sizeof(char *) + k );
+			e_flags = SLAP_CALLOC ( 1, i * sizeof(char *) + k );
+			if( e_flags == NULL ) {
+#ifdef NEW_LOGGING
+				LDAP_LOG( OPERATION, ERR, 
+					"send_search_entry: conn %lu SLAP_CALLOC failed\n",
+					conn ? conn->c_connid : 0, 0, 0 );
+#else
+		    	Debug( LDAP_DEBUG_ANY, 
+					"send_search_entry: SLAP_CALLOC failed\n", 0, 0, 0 );
+#endif
+				ber_free( ber, 1 );
+	
+				send_ldap_result( conn, op, LDAP_OTHER,
+					NULL, "memory error", 
+					NULL, NULL );
+				goto error_return;
+			}
 			a_flags = (char *)(e_flags + i);
 			memset( a_flags, 0, k );
 			for ( a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
@@ -935,7 +968,7 @@ send_search_entry(
 			 * Reuse previous memory - we likely need less space
 			 * for operational attributes
 			 */
-			tmp = ch_realloc ( e_flags, i * sizeof(char *) + k );
+			tmp = SLAP_REALLOC ( e_flags, i * sizeof(char *) + k );
 			if ( tmp == NULL ) {
 #ifdef NEW_LOGGING
 				LDAP_LOG( OPERATION, ERR, 
@@ -1267,7 +1300,8 @@ send_search_reference(
 	if( op->o_protocol < LDAP_VERSION3 ) {
 		/* save the references for the result */
 		if( refs[0].bv_val != NULL ) {
-			value_add( v2refs, refs );
+			if( value_add( v2refs, refs ) )
+				return LDAP_OTHER;
 		}
 		return 0;
 	}

servers/slapd/root_dse.c

@@ -64,7 +64,18 @@ root_dse_info(
 
 	vals[1].bv_val = NULL;
 
-	e = (Entry *) ch_calloc( 1, sizeof(Entry) );
+	e = (Entry *) SLAP_CALLOC( 1, sizeof(Entry) );
+
+	if( e == NULL ) {
+#ifdef NEW_LOGGING
+		LDAP_LOG( OPERATION, ERR,
+			"root_dse_info: SLAP_CALLOC failed", 0, 0, 0 );
+#else
+		Debug( LDAP_DEBUG_ANY,
+			"root_dse_info: SLAP_CALLOC failed", 0, 0, 0 );
+#endif
+		return LDAP_OTHER;
+	}
 
 	e->e_attrs = NULL;
 	e->e_name.bv_val = ch_strdup( LDAP_ROOT_DSE );
@@ -80,17 +91,21 @@ root_dse_info(
 
 	vals[0].bv_val = "top";
 	vals[0].bv_len = sizeof("top")-1;
-	attr_merge( e, ad_objectClass, vals );
+	if( attr_merge( e, ad_objectClass, vals ) )
+		return LDAP_OTHER;
 
 	vals[0].bv_val = "OpenLDAProotDSE";
 	vals[0].bv_len = sizeof("OpenLDAProotDSE")-1;
-	attr_merge( e, ad_objectClass, vals );
-	attr_merge( e, ad_structuralObjectClass, vals );
+	if( attr_merge( e, ad_objectClass, vals ) )
+		return LDAP_OTHER;
+	if( attr_merge( e, ad_structuralObjectClass, vals ) )
+		return LDAP_OTHER;
 
 	for ( i = 0; i < nbackends; i++ ) {
 		if ( backends[i].be_flags & SLAP_BFLAG_MONITOR ) {
 			vals[0] = backends[i].be_suffix[0];
-			attr_merge( e, ad_monitorContext, vals );
+			if( attr_merge( e, ad_monitorContext, vals ) )
+				return LDAP_OTHER;
 			continue;
 		}
 		if ( backends[i].be_flags & SLAP_BFLAG_GLUE_SUBORDINATE ) {
@@ -98,7 +113,8 @@ root_dse_info(
 		}
 		for ( j = 0; backends[i].be_suffix[j].bv_val != NULL; j++ ) {
 			vals[0] = backends[i].be_suffix[j];
-			attr_merge( e, ad_namingContexts, vals );
+			if( attr_merge( e, ad_namingContexts, vals ) )
+				return LDAP_OTHER;
 		}
 	}
 
@@ -107,17 +123,20 @@ root_dse_info(
 	/* supportedControl */
 	for ( i=0; (vals[0].bv_val = get_supported_ctrl(i)) != NULL; i++ ) {
 		vals[0].bv_len = strlen( vals[0].bv_val );
-		attr_merge( e, ad_supportedControl, vals );
+		if( attr_merge( e, ad_supportedControl, vals ) )
+			return LDAP_OTHER;
 	}
 
 	/* supportedExtension */
 	for ( i=0; (bv = get_supported_extop(i)) != NULL; i++ ) {
 		vals[0] = *bv;
-		attr_merge( e, ad_supportedExtension, vals );
+		if( attr_merge( e, ad_supportedExtension, vals ) )
+			return LDAP_OTHER;
 	}
 
 	/* supportedFeatures */
-	attr_merge( e, ad_supportedFeatures, supportedFeatures );
+	if( attr_merge( e, ad_supportedFeatures, supportedFeatures ) )
+		return LDAP_OTHER;
 
 	/* supportedLDAPVersion */
 	for ( i=LDAP_VERSION_MIN; i<=LDAP_VERSION_MAX; i++ ) {
@@ -131,7 +150,8 @@ root_dse_info(
 		snprintf(buf, sizeof buf, "%d", i);
 		vals[0].bv_val = buf;
 		vals[0].bv_len = strlen( vals[0].bv_val );
-		attr_merge( e, ad_supportedLDAPVersion, vals );
+		if( attr_merge( e, ad_supportedLDAPVersion, vals ) )
+			return LDAP_OTHER;
 	}
 
 	/* supportedSASLMechanism */
@@ -141,19 +161,22 @@ root_dse_info(
 		for ( i=0; supportedSASLMechanisms[i] != NULL; i++ ) {
 			vals[0].bv_val = supportedSASLMechanisms[i];
 			vals[0].bv_len = strlen( vals[0].bv_val );
-			attr_merge( e, ad_supportedSASLMechanisms, vals );
+			if( attr_merge( e, ad_supportedSASLMechanisms, vals ) )
+				return LDAP_OTHER;
 		}
 		ldap_charray_free( supportedSASLMechanisms );
 	}
 
 	if ( default_referral != NULL ) {
-		attr_merge( e, ad_ref, default_referral );
+		if( attr_merge( e, ad_ref, default_referral ) )
+			return LDAP_OTHER;
 	}
 
 	if( usr_attr != NULL) {
 		Attribute *a;
 		for( a = usr_attr->e_attrs; a != NULL; a = a->a_next ) {
-			attr_merge( e, a->a_desc, a->a_vals );
+			if( attr_merge( e, a->a_desc, a->a_vals ) )
+				return LDAP_OTHER;
 		}
 	}
 
@@ -181,7 +204,17 @@ int read_root_dse_file( const char *fname )
 		return EXIT_FAILURE;
 	}
 
-	usr_attr = (Entry *) ch_calloc( 1, sizeof(Entry) );
+	usr_attr = (Entry *) SLAP_CALLOC( 1, sizeof(Entry) );
+	if( usr_attr == NULL ) {
+#ifdef NEW_LOGGING
+		LDAP_LOG( OPERATION, ERR,
+			"read_root_dse_file: SLAP_CALLOC failed", 0, 0, 0 );
+#else
+		Debug( LDAP_DEBUG_ANY,
+			"read_root_dse_file: SLAP_CALLOC failed", 0, 0, 0 );
+#endif
+		return LDAP_OTHER;
+	}
 	usr_attr->e_attrs = NULL;
 
 	while( ldif_read_record( fp, &lineno, &buf, &lmax ) ) {
@@ -191,7 +224,6 @@ int read_root_dse_file( const char *fname )
 		if( e == NULL ) {
 			fprintf( stderr, "root_dse: could not parse entry (line=%d)\n",
 				lineno );
-			entry_free( e );
 			entry_free( usr_attr );
 			usr_attr = NULL;
 			return EXIT_FAILURE;
@@ -215,7 +247,8 @@ int read_root_dse_file( const char *fname )
 		 */
 
 		for(a = e->e_attrs; a != NULL; a = a->a_next) {
-			attr_merge( usr_attr, a->a_desc, a->a_vals );
+			if( attr_merge( usr_attr, a->a_desc, a->a_vals ) )
+				return LDAP_OTHER;
 		}
 
 		entry_free( e );

servers/slapd/schema.c

@@ -33,7 +33,19 @@ schema_info( Entry **entry, const char **text )
 	Entry		*e;
 	struct berval	vals[5];
 
-	e = (Entry *) ch_calloc( 1, sizeof(Entry) );
+	e = (Entry *) SLAP_CALLOC( 1, sizeof(Entry) );
+	if( e == NULL ) {
+		/* Out of memory, do something about it */
+#ifdef NEW_LOGGING
+		LDAP_LOG( OPERATION, ERR, 
+			"schema_info: SLAP_CALLOC failed - out of memory.\n", 0, 0,0 );
+#else
+		Debug( LDAP_DEBUG_ANY, 
+			"schema_info: SLAP_CALLOC failed - out of memory.\n", 0, 0, 0 );
+#endif
+		*text = "out of memory";
+		return LDAP_OTHER;
+	}
 
 	e->e_attrs = NULL;
 	/* backend-specific schema info should be created by the
@@ -45,7 +57,12 @@ schema_info( Entry **entry, const char **text )
 
 	vals[0].bv_val = "subentry";
 	vals[0].bv_len = sizeof("subentry")-1;
-	attr_merge_one( e, ad_structuralObjectClass, vals );
+	if( attr_merge_one( e, ad_structuralObjectClass, vals ) ) {
+		/* Out of memory, do something about it */
+		entry_free( e );
+		*text = "out of memory";
+		return LDAP_OTHER;
+	}
 
 	vals[0].bv_val = "top";
 	vals[0].bv_len = sizeof("top")-1;
@@ -56,7 +73,12 @@ schema_info( Entry **entry, const char **text )
 	vals[3].bv_val = "extensibleObject";
 	vals[3].bv_len = sizeof("extensibleObject")-1;
 	vals[4].bv_val = NULL;
-	attr_merge( e, ad_objectClass, vals );
+	if( attr_merge( e, ad_objectClass, vals ) ) {
+		/* Out of memory, do something about it */
+		entry_free( e );
+		*text = "out of memory";
+		return LDAP_OTHER;
+	}
 
 	{
 		int rc;
@@ -81,7 +103,12 @@ schema_info( Entry **entry, const char **text )
 			return LDAP_OTHER;
 		}
 
-		attr_merge_one( e, desc, vals );
+		if( attr_merge_one( e, desc, vals ) ) {
+			/* Out of memory, do something about it */
+			entry_free( e );
+			*text = "out of memory";
+			return LDAP_OTHER;
+		}
 	}
 
 	{
@@ -107,8 +134,18 @@ schema_info( Entry **entry, const char **text )
 		vals[0].bv_val = timebuf;
 		vals[0].bv_len = strlen( timebuf );
 
-		attr_merge_one( e, ad_createTimestamp, vals );
-		attr_merge_one( e, ad_modifyTimestamp, vals );
+		if( attr_merge_one( e, ad_createTimestamp, vals ) ) {
+			/* Out of memory, do something about it */
+			entry_free( e );
+			*text = "out of memory";
+			return LDAP_OTHER;
+		}
+		if( attr_merge_one( e, ad_modifyTimestamp, vals ) ) {
+			/* Out of memory, do something about it */
+			entry_free( e );
+			*text = "out of memory";
+			return LDAP_OTHER;
+		}
 	}
 
 	if ( syn_schema_info( e ) 

servers/slapd/syntax.c

@@ -94,7 +94,16 @@ syn_insert(
 
 	if ( ssyn->ssyn_oid ) {
 		sir = (struct sindexrec *)
-			ch_calloc( 1, sizeof(struct sindexrec) );
+			SLAP_CALLOC( 1, sizeof(struct sindexrec) );
+		if( sir == NULL ) {
+#ifdef NEW_LOGGING
+			LDAP_LOG( OPERATION, ERR, 
+				"syn_insert: SLAP_CALLOC Error\n", 0, 0, 0 );
+#else
+			Debug( LDAP_DEBUG_ANY, "SLAP_CALLOC Error\n", 0, 0, 0 );
+#endif
+			return LDAP_OTHER;
+		}
 		sir->sir_name = ssyn->ssyn_oid;
 		sir->sir_syn = ssyn;
 		if ( avl_insert( &syn_index, (caddr_t) sir,
@@ -120,7 +129,16 @@ syn_add(
 	Syntax		*ssyn;
 	int		code;
 
-	ssyn = (Syntax *) ch_calloc( 1, sizeof(Syntax) );
+	ssyn = (Syntax *) SLAP_CALLOC( 1, sizeof(Syntax) );
+	if( ssyn == NULL ) {
+#ifdef NEW_LOGGING
+		LDAP_LOG( OPERATION, ERR, 
+			"syn_add: SLAP_CALLOC Error\n", 0, 0, 0 );
+#else
+		Debug( LDAP_DEBUG_ANY, "SLAP_CALLOC Error\n", 0, 0, 0 );
+#endif
+		return LDAP_OTHER;
+	}
 
 	AC_MEMCPY( &ssyn->ssyn_syn, syn, sizeof(LDAPSyntax) );
 
@@ -222,7 +240,8 @@ syn_schema_info( Entry *e )
 #endif
 
 #endif
-		attr_merge( e, ad_ldapSyntaxes, vals );
+		if( attr_merge( e, ad_ldapSyntaxes, vals ) )
+			return -1;
 		ldap_memfree( vals[0].bv_val );
 	}
 	return 0;

servers/slapd/value.c

@@ -31,15 +31,35 @@ value_add(
 		;	/* NULL */
 
 	if ( *vals == NULL ) {
-		*vals = (BerVarray) ch_malloc( (nn + 1)
+		*vals = (BerVarray) SLAP_MALLOC( (nn + 1)
 		    * sizeof(struct berval) );
+		if( *vals == NULL ) {
+#ifdef NEW_LOGGING
+			 LDAP_LOG( OPERATION, ERR,
+		      "value_add: SLAP_MALLOC failed.\n", 0, 0, 0 );
+#else
+			Debug(LDAP_DEBUG_TRACE,
+		      "value_add: SLAP_MALLOC failed.\n", 0, 0, 0 );
+#endif
+			return LBER_ERROR_MEMORY;
+		}
 		n = 0;
 	} else {
 		for ( n = 0; (*vals)[n].bv_val != NULL; n++ ) {
 			;	/* Empty */
 		}
-		*vals = (BerVarray) ch_realloc( (char *) *vals,
+		*vals = (BerVarray) SLAP_REALLOC( (char *) *vals,
 		    (n + nn + 1) * sizeof(struct berval) );
+		if( *vals == NULL ) {
+#ifdef NEW_LOGGING
+			 LDAP_LOG( OPERATION, ERR,
+		      "value_add: SLAP_MALLOC failed.\n", 0, 0, 0 );
+#else
+			Debug(LDAP_DEBUG_TRACE,
+		      "value_add: SLAP_MALLOC failed.\n", 0, 0, 0 );
+#endif
+			return LBER_ERROR_MEMORY;
+		}
 	}
 
 	v2 = *vals + n;
@@ -63,14 +83,34 @@ value_add_one(
 	BerVarray v2;
 
 	if ( *vals == NULL ) {
-		*vals = (BerVarray) ch_malloc( 2 * sizeof(struct berval) );
+		*vals = (BerVarray) SLAP_MALLOC( 2 * sizeof(struct berval) );
+		if( *vals == NULL ) {
+#ifdef NEW_LOGGING
+			 LDAP_LOG( OPERATION, ERR,
+		      "value_add_one: SLAP_MALLOC failed.\n", 0, 0, 0 );
+#else
+			Debug(LDAP_DEBUG_TRACE,
+		      "value_add_one: SLAP_MALLOC failed.\n", 0, 0, 0 );
+#endif
+			return LBER_ERROR_MEMORY;
+		}
 		n = 0;
 	} else {
 		for ( n = 0; (*vals)[n].bv_val != NULL; n++ ) {
 			;	/* Empty */
 		}
-		*vals = (BerVarray) ch_realloc( (char *) *vals,
+		*vals = (BerVarray) SLAP_REALLOC( (char *) *vals,
 		    (n + 2) * sizeof(struct berval) );
+		if( *vals == NULL ) {
+#ifdef NEW_LOGGING
+			 LDAP_LOG( OPERATION, ERR,
+		      "value_add_one: SLAP_MALLOC failed.\n", 0, 0, 0 );
+#else
+			Debug(LDAP_DEBUG_TRACE,
+		      "value_add_one: SLAP_MALLOC failed.\n", 0, 0, 0 );
+#endif
+			return LBER_ERROR_MEMORY;
+		}
 	}
 
 	v2 = *vals + n;

tests/data/rootdse.ldif

@@ -0,0 +1,2 @@
+dn:
+vendorName: The OpenLDAP Project <http://www.openldap.org/>

tests/data/slapd-schema.conf

@@ -18,6 +18,9 @@ include ./schema/openldap.schema
 pidfile     ./test-db/slapd.pid
 argsfile    ./test-db/slapd.args
 
+#
+rootdse 	./data/rootdse.ldif
+
 #######################################################################
 # ldbm database definitions
 #######################################################################

tests/scripts/test007-replication

@@ -40,7 +40,7 @@ fi
 echo "Cleaning up in $DBDIR..."
 rm -f $DBDIR/[!C]*
 echo "Cleaning up in $REPLDIR..."
-rm -f $REPLDIR/[!C]*
+rm -rf $REPLDIR/[!C]*
 
 echo "Starting master slapd on TCP/IP port $PORT..."
 . $CONFFILTER $BACKEND $MONITORDB < $MASTERCONF > $DBCONF
@@ -65,12 +65,12 @@ for i in 0 1 2 3 4 5; do
 	$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT \
 		'objectclass=*' > /dev/null 2>&1
 	RC=$?
-done
 	if test $RC = 0 ; then
 		break
 	fi
 	echo "Waiting 5 seconds for slapd to start..."
 	sleep 5
+done
 
 echo "Using ldapsearch to check that slave slapd is running..."
 for i in 0 1 2 3 4 5; do