upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-02-20 00:10:59 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Sync with HEAD (need to update CHANGES)

Browse source
This commit is contained in:
Kurt Zeilenga 2005-08-25 07:01:14 +00:00
parent 8a8991ed72
commit 863b6a6be1
47 changed files with 1197 additions and 585 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
configure.in
View file

@ -243,8 +243,21 @@ OL_ARG_ENABLE(sql,[ --enable-sql enable sql backend no|yes|mod],
dnl ----------------------------------------------------------------
dnl SLAPD Overlay Options
Overlays="accesslog denyop dyngroup dynlist glue lastmod ppolicy proxycache \
refint retcode rwm syncprov translucent unique"
Overlays="accesslog \
denyop \
dyngroup \
dynlist \
glue \
lastmod \
ppolicy \
proxycache \
refint \
retcode \
rwm \
syncprov \
translucent \
unique \
valsort"
AC_ARG_WITH(xxslapoverlays,[
SLAPD Overlay Options:])
@ -280,6 +293,8 @@ OL_ARG_ENABLE(translucent,[ --enable-translucent Translucent Proxy overlay n
${ol_dflt_overlays-no}, [no yes mod])
OL_ARG_ENABLE(unique,[ --enable-unique Attribute Uniqueness overlay no|yes|mod],
${ol_dflt_overlays-no}, [no yes mod])
OL_ARG_ENABLE(valsort,[ --enable-valsort Value Sorting overlay no|yes|mod],
${ol_dflt_overlays-no}, [no yes mod])
dnl ----------------------------------------------------------------
@ -521,6 +536,7 @@ BUILD_RWM=no
BUILD_SYNCPROV=no
BUILD_TRANSLUCENT=no
BUILD_UNIQUE=no
BUILD_VALSORT=no
SLAPD_STATIC_OVERLAYS=
SLAPD_DYNAMIC_OVERLAYS=
@ -2726,7 +2742,7 @@ if test "$ol_enable_relay" != no ; then
fi
if test "$ol_enable_shell" != no ; then
if test "$ol_link_thread" != no ; then
if test "$ol_link_threads" != no ; then
AC_MSG_WARN([Use of --without-threads is recommended with back-shell])
fi
BUILD_SLAPD=yes
@ -2923,6 +2939,18 @@ if test "$ol_enable_unique" != no ; then
AC_DEFINE_UNQUOTED(SLAPD_OVER_UNIQUE,$MFLAG,[define for Attribute Uniqueness overlay])
fi
if test "$ol_enable_valsort" != no ; then
BUILD_VALSORT=$ol_enable_valsort
if test "$ol_enable_valsort" = mod ; then
MFLAG=SLAPD_MOD_DYNAMIC
SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS valsort.la"
else
MFLAG=SLAPD_MOD_STATIC
SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS valsort.o"
fi
AC_DEFINE_UNQUOTED(SLAPD_OVER_VALSORT,$MFLAG,[define for Value Sorting overlay])
fi
if test "$ol_enable_slurpd" != no -a "$ol_link_threads" != no -a \
$BUILD_SLAPD = yes ; then
BUILD_SLURPD=yes
@ -2993,6 +3021,7 @@ dnl overlays
AC_SUBST(BUILD_SYNCPROV)
AC_SUBST(BUILD_TRANSLUCENT)
AC_SUBST(BUILD_UNIQUE)
AC_SUBST(BUILD_VALSORT)
AC_SUBST(BUILD_SLURPD)
AC_SUBST(LDAP_LIBS)

3
contrib/slapd-modules/acl/posixgroup.c
View file

@ -38,6 +38,7 @@ static int
pg_dynacl_parse(
const char *fname,
int lineno,
const char *opts,
slap_style_t style,
const char *pattern,
void **privp )
@ -75,6 +76,8 @@ pg_dynacl_parse(
goto cleanup;
}
/* TODO: use opts to allow the use of different
* group objects and member attributes */
if ( pg_posixGroup == NULL ) {
pg_posixGroup = oc_find( "posixGroup" );
if ( pg_posixGroup == NULL ) {

891
doc/drafts/draft-behera-ldap-password-policy-xx.txt
View file

File diff suppressed because it is too large Load diff

5
doc/man/man5/slapd.access.5
View file

@ -255,7 +255,7 @@ It can have the forms
sasl_ssf=<n>
aci[=<attrname>]
dynacl/name[.<dynstyle>][=<pattern>]
dynacl/name[/<options>][.<dynstyle>][=<pattern>]
.fi
.LP
with
@ -633,7 +633,7 @@ operational attribute is used.
ACIs are experimental; they must be enabled at compile time.
.LP
The statement
.B dynacl/<name>[.<dynstyle>][=<pattern>]
.B dynacl/<name>[/<options>][.<dynstyle>][=<pattern>]
means that access checking is delegated to the admin-defined method
indicated by
.BR <name> ,
@ -641,6 +641,7 @@ which can be registered at run-time by means of the
.B moduleload
statement.
The fields
.BR <options> ,
.B <dynstyle>
and
.B <pattern>

5
doc/man/man5/slapo-dynlist.5
View file

@ -106,5 +106,6 @@ default slapd configuration file
.SH SEE ALSO
.BR slapd.conf (5),
.BR slapd (8).
.SH AUTHOR
Originally implemented by Pierangelo Masarati.
.SH ACKNOWLEDGEMENTS
.P
This module was written in 2004 by Pierangelo Masarati for SysNet s.n.c.

12
doc/man/man5/slapo-ppolicy.5
View file

@ -517,6 +517,7 @@ policy rules will be enforced.
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
SINGLE-VALUE
NO-USER-MODIFICATION
USAGE directoryOperation)
.RE
@ -537,6 +538,7 @@ does not exist, the user's password will not expire.
EQUALITY generalizedTimeMatch
ORDERING generalizedTimeOrderingMatch
SINGLE-VALUE
NO-USER-MODIFICATION
USAGE directoryOperation)
.RE
@ -557,6 +559,7 @@ and may only be unlocked by an administrator.
EQUALITY generalizedTimeMatch
ORDERING generalizedTimeOrderingMatch
SINGLE-VALUE
NO-USER-MODIFICATION
USAGE directoryOperation)
.RE
@ -590,6 +593,7 @@ will be cleansed of entries.
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
EQUALITY generalizedTimeMatch
ORDERING generalizedTimeOrderingMatch
NO-USER-MODIFICATION
USAGE directoryOperation )
.RE
@ -643,6 +647,7 @@ field is in GMT format.
DESC 'The history of user passwords'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
EQUALITY octetStringMatch
NO-USER-MODIFICATION
USAGE directoryOperation)
.RE
@ -667,6 +672,7 @@ attribute.
DESC 'The timestamps of the grace login once the password has expired'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
EQUALITY generalizedTimeMatch
NO-USER-MODIFICATION
USAGE directoryOperation)
.RE
@ -712,7 +718,7 @@ ppolicy_default "cn=Standard,ou=Policies,dc=example,dc=com"
.LP
IETF LDAP password policy proposal by P. Behera, L. Poitou and J.
Sermersheim: documented in IETF document
"draft-behera-ldap-password-policy-08.txt".
"draft-behera-ldap-password-policy-09.txt".
.SH BUGS
The LDAP Password Policy specification is not yet an approved standard,
@ -731,8 +737,8 @@ IETF LDAP password policy proposal by P. Behera, L.
Poitou and J. Sermersheim.
The proposal is fully documented in
the
IETF document named draft-behera-ldap-password-policy-08.txt,
written in October of 2004.
IETF document named draft-behera-ldap-password-policy-09.txt,
written in July of 2005.
.P
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).

42
doc/man/man5/slapo-retcode.5
View file

@ -28,13 +28,14 @@ Well-known response codes from standard track documents are provided
in \fBretcode.conf\fP, which can be included after instantiating
the overlay.
.LP
In the second case, objects of the \fBerrObject\fP class, when returned
as intermediate responses of a search request, are changed into
the response dictated by their content.
In the second case, objects of classes inherited from
the \fBerrAbsObject\fP, like \fBerrObject\fP or \fBerrAuxObject\fP,
when returned as intermediate responses of a search request, are changed
into the response dictated by their content.
.LP
A third mode causes objects to be looked up from the underlying database
to discover if their class is \fBerrObject\fP; in that case, their content
is used to compute the corresponding response.
to discover if their class inherits from \fBerrABsObject\fP;
in that case, their content is used to compute the corresponding response.
.LP
The behavior is disabled by using the \fBmanageDSAit\fP control (RFC 3296);
in that case, the resulting object, either present in the directory
@ -68,8 +69,8 @@ response code.
.RE
.TP
.B retcode\-indir
Enables exploitation of in-directory stored errObjects. May result
in lots of unnecessary overhead.
Enables exploitation of in-directory stored errAbsObject.
May result in a lot of unnecessary overhead.
.SH SCHEMA
The following schema items are created and used by the overlay:
@ -116,13 +117,27 @@ The sleep time before the response is actually returned to the client:
SINGLE-VALUE )
.RE
.LP
The objectclass:
The abstract class that triggers the overlay:
.RS 4
( 1.3.6.1.4.1.4203.666.11.4.3.0
NAME ( 'errAbsObject' )
SUP top ABSTRACT
MUST ( errCode )
MAY ( cn $ description $ errOp $ errText $ errSleepTime ) )
.RE
.LP
The standalone structural objectclass for specifically created data:
.RS 4
( 1.3.6.1.4.1.4203.666.11.4.3.1
NAME ( 'errObject' )
SUP top STRUCTURAL
MUST ( errCode )
MAY ( cn $ description $ errOp $ errText $ errSleepTime ) )
SUP errAbsObject STRUCTURAL )
.RE
.LP
The auxiliary objectclass to alter the behavior of existing objects:
.RS 4
( 1.3.6.1.4.1.4203.666.11.4.3.2
NAME ( 'errAuxObject' )
SUP errAbsObject AUXILIARY )
.RE
.SH EXAMPLE
@ -149,5 +164,6 @@ default slapd configuration file
.SH SEE ALSO
.BR slapd.conf (5),
.BR slapd (8),
.SH AUTHOR
Pierangelo Masarati
.SH ACKNOWLEDGEMENTS
.P
This module was written in 2005 by Pierangelo Masarati for SysNet s.n.c.

3
include/ldap.h
View file

@ -223,6 +223,7 @@ typedef struct ldapcontrol {
#define LDAP_CONTROL_NO_SUBORDINATES "1.3.6.1.4.1.4203.666.5.11"
#define LDAP_CONTROL_MANAGEDIT "1.3.6.1.4.1.4203.666.5.12"
#define LDAP_CONTROL_SLURP "1.3.6.1.4.1.4203.666.5.13"
#define LDAP_CONTROL_VALSORT "1.3.6.1.4.1.4203.666.5.14"
/* LDAP Duplicated Entry Control Extension *//* not implemented in slapd(8) */
#define LDAP_CONTROL_DUPENT_REQUEST "2.16.840.1.113719.1.27.101.1"
@ -244,7 +245,7 @@ typedef struct ldapcontrol {
#define LDAP_CONTROL_VLVRESPONSE "2.16.840.1.113730.3.4.10"
/* Password policy Controls *//* work in progress */
/* ITS#3458: released, but not to latest draft; disabled by default */
/* ITS#3458: released; disabled by default */
#define LDAP_CONTROL_PASSWORDPOLICYREQUEST "1.3.6.1.4.1.42.2.27.8.5.1"
#define LDAP_CONTROL_PASSWORDPOLICYRESPONSE "1.3.6.1.4.1.42.2.27.8.5.1"

3
include/ldap_pvt_thread.h
View file

@ -208,6 +208,9 @@ ldap_pvt_thread_pool_purgekey LDAP_P(( void *key ));
LDAP_F( void *)
ldap_pvt_thread_pool_context LDAP_P(( void ));
LDAP_F( void )
ldap_pvt_thread_pool_context_reset LDAP_P(( void *key ));
LDAP_END_DECL
#endif /* _LDAP_THREAD_H */

7
libraries/libldap/cyrus.c
View file

@ -983,9 +983,10 @@ int ldap_pvt_sasl_secprops(
sprops[j].key.bv_len )) continue;
if ( sprops[j].ival ) {
int v;
if ( props[i][sprops[j].key.bv_len] != '=' ) continue;
if ( !isdigit( props[i][sprops[j].key.bv_len+1] )) continue;
v = atoi( props[i]+sprops[j].key.bv_len+1 );
char *next = NULL;
if ( !isdigit( props[i][sprops[j].key.bv_len] )) continue;
v = strtoul( &props[i][sprops[j].key.bv_len], &next, 10 );
if ( next == NULL || next[ 0 ] != '\0' ) continue;
switch( sprops[j].ival ) {
case GOT_MINSSF:
min_ssf = v; got_min_ssf++; break;

63
libraries/libldap/result.c
View file

@ -407,7 +407,11 @@ try_read1msg(
* v3ref = flag for V3 referral / search reference
* 0 = not a ref, 1 = sucessfully chased ref, -1 = pass ref to application
*/
int v3ref;
enum {
V3REF_NOREF = 0,
V3REF_SUCCESS = 1,
V3REF_TOAPP = -1
} v3ref;
assert( ld != NULL );
assert( lcp != NULL );
@ -519,15 +523,16 @@ nextresp2:
* This code figures out if we are going to chase a
* referral / search reference, or pass it back to the application
*/
v3ref = 0; /* Assume not a V3 search reference or referral */
v3ref = V3REF_NOREF; /* Assume not a V3 search reference/referral */
if( (tag != LDAP_RES_SEARCH_ENTRY) && (ld->ld_version > LDAP_VERSION2) ) {
BerElement tmpber = *ber; /* struct copy */
char **refs = NULL;
if( tag == LDAP_RES_SEARCH_REFERENCE) {
if( tag == LDAP_RES_SEARCH_REFERENCE ) {
/* This is a V3 search reference */
/* Assume we do not chase the reference, but pass it to application */
v3ref = -1;
/* Assume we do not chase the reference,
* but pass it to application */
v3ref = V3REF_TOAPP;
if( LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_REFERRALS) ||
(lr->lr_parent != NULL) )
{
@ -535,18 +540,23 @@ nextresp2:
if ( ber_scanf( &tmpber, "{v}", &refs ) == LBER_ERROR ) {
rc = LDAP_DECODING_ERROR;
} else {
/* Note: refs arrary is freed by ldap_chase_v3referrals */
/* Note: refs array is freed by ldap_chase_v3referrals */
refer_cnt = ldap_chase_v3referrals( ld, lr, refs,
1, &lr->lr_res_error, &hadref );
if ( refer_cnt > 0 ) { /* sucessfully chased reference */
if ( refer_cnt > 0 ) {
/* sucessfully chased reference */
/* If haven't got end search, set chasing referrals */
if( lr->lr_status != LDAP_REQST_COMPLETED) {
lr->lr_status = LDAP_REQST_CHASINGREFS;
Debug( LDAP_DEBUG_TRACE,
"read1msg: search ref chased, mark request chasing refs, id = %d\n",
lr->lr_msgid, 0, 0);
"read1msg: search ref chased, "
"mark request chasing refs, "
"id = %d\n",
lr->lr_msgid, 0, 0);
}
v3ref = 1; /* We sucessfully chased the reference */
/* We sucessfully chased the reference */
v3ref = V3REF_SUCCESS;
}
}
}
@ -572,11 +582,13 @@ nextresp2:
/* Check if V3 referral */
if ( ber_peek_tag( &tmpber, &len ) == LDAP_TAG_REFERRAL ) {
/* We have a V3 referral, assume we cannot chase it */
v3ref = -1;
v3ref = V3REF_TOAPP;
if( LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_REFERRALS)
|| (lr->lr_parent != NULL) )
{
v3ref = -1; /* Assume referral not chased and return it to app */
/* Assume referral not chased and return it to app */
v3ref = V3REF_TOAPP;
/* Get the referral list */
if( ber_scanf( &tmpber, "{v}", &refs) == LBER_ERROR) {
rc = LDAP_DECODING_ERROR;
@ -595,7 +607,8 @@ nextresp2:
"read1msg: referral chased, mark request completed, id = %d\n",
lr->lr_msgid, 0, 0);
if( refer_cnt > 0) {
v3ref = 1; /* Referral successfully chased */
/* Referral successfully chased */
v3ref = V3REF_SUCCESS;
}
}
}
@ -617,7 +630,7 @@ nextresp2:
* go through the following code. This code also chases V2 referrals
* and checks if all referrals have been chased.
*/
if ( (tag != LDAP_RES_SEARCH_ENTRY) && (v3ref > -1) &&
if ( (tag != LDAP_RES_SEARCH_ENTRY) && (v3ref != V3REF_TOAPP) &&
(tag != LDAP_RES_INTERMEDIATE ))
{
/* For a v3 search referral/reference, only come here if already chased it */
@ -628,7 +641,7 @@ nextresp2:
char *lr_res_error = NULL;
tmpber = *ber; /* struct copy */
if ( v3ref == 1 ) {
if ( v3ref == V3REF_SUCCESS ) {
/* V3 search reference or V3 referral
* sucessfully chased. If this message
* is a search result, then it has no more
@ -647,15 +660,31 @@ nextresp2:
} else {
lr->lr_res_error = lr_res_error;
}
lr_res_error = NULL;
}
if ( lderr != LDAP_SUCCESS ) {
switch ( lderr ) {
case LDAP_SUCCESS:
case LDAP_COMPARE_TRUE:
case LDAP_COMPARE_FALSE:
break;
default:
if ( lr->lr_res_error == NULL
|| lr->lr_res_error[ 0 ] == '\0' )
{
break;
}
/* referrals are in error string */
refer_cnt = ldap_chase_referrals( ld, lr,
&lr->lr_res_error, -1, &hadref );
lr->lr_status = LDAP_REQST_COMPLETED;
Debug( LDAP_DEBUG_TRACE,
"read1msg: V2 referral chased, mark request completed, id = %d\n", lr->lr_msgid, 0, 0);
"read1msg: V2 referral chased, "
"mark request completed, id = %d\n",
lr->lr_msgid, 0, 0 );
break;
}
/* save errno, message, and matched string */

19
libraries/libldap_r/tpool.c
View file

@ -96,9 +96,15 @@ static ldap_pvt_thread_mutex_t ldap_pvt_thread_pool_mutex;
static void *ldap_int_thread_pool_wrapper( void *pool );
static ldap_pvt_thread_t ldap_int_main_tid;
static ldap_int_thread_key_t ldap_int_main_thrctx[LDAP_MAXTHR];
int
ldap_int_thread_pool_startup ( void )
{
ldap_int_main_tid = ldap_pvt_thread_self();
return ldap_pvt_thread_mutex_init(&ldap_pvt_thread_pool_mutex);
}
@ -652,6 +658,8 @@ void *ldap_pvt_thread_pool_context( )
int i, hash;
tid = ldap_pvt_thread_self();
if ( TID_EQ( tid, ldap_int_main_tid ))
return ldap_int_main_thrctx;
TID_HASH( tid, hash );
for (i = hash & (LDAP_MAXTHR-1); !TID_EQ(thread_keys[i].id, tid_zero) &&
@ -660,4 +668,15 @@ void *ldap_pvt_thread_pool_context( )
return thread_keys[i].ctx;
}
void ldap_pvt_thread_pool_context_reset( void *vctx )
{
ldap_int_thread_key_t *ctx = vctx;
int i;
for ( i=0; i<MAXKEYS && ctx[i].ltk_key; i++) {
if ( ctx[i].ltk_free )
ctx[i].ltk_free( ctx[i].ltk_key, ctx[i].ltk_data );
ctx[i].ltk_key = NULL;
}
}
#endif /* LDAP_THREAD_HAVE_TPOOL */

11
libraries/liblutil/passwd.c
View file

@ -303,10 +303,15 @@ lutil_passwd(
}
#ifdef SLAPD_CLEARTEXT
/* Do we think there is a scheme specifier here that we
* didn't recognize? Assume a scheme name is at least 1 character.
*/
if (( passwd->bv_val[0] == '{' ) &&
( strchr( passwd->bv_val, '}' ) > passwd->bv_val+1 ))
return 1;
if( is_allowed_scheme("{CLEARTEXT}", schemes ) ) {
return (( passwd->bv_len == cred->bv_len ) &&
( passwd->bv_val[0] != '{' /*'}'*/ ))
? memcmp( passwd->bv_val, cred->bv_val, passwd->bv_len )
return ( passwd->bv_len == cred->bv_len ) ?
memcmp( passwd->bv_val, cred->bv_val, passwd->bv_len )
: 1;
}
#endif

232
servers/slapd/aci.c
View file

@ -42,6 +42,34 @@
#define ACI_BUF_SIZE 1024 /* use most appropriate size */
#ifdef SLAP_DYNACL
static
#endif /* SLAP_DYNACL */
AttributeDescription *slap_ad_aci;
static int
OpenLDAPaciValidate(
Syntax *syntax,
struct berval *val );
static int
OpenLDAPaciPretty(
Syntax *syntax,
struct berval *val,
struct berval *out,
void *ctx );
static int
OpenLDAPaciNormalize(
slap_mask_t use,
Syntax *syntax,
MatchingRule *mr,
struct berval *val,
struct berval *out,
void *ctx );
#define OpenLDAPaciMatch octetStringMatch
static int
aci_list_map_rights(
struct berval *list )
@ -57,6 +85,20 @@ aci_list_map_rights(
}
switch ( *bv.bv_val ) {
case 'x':
/* **** NOTE: draft-ietf-ldapext-aci-model-0.3.txt does not
* define any equivalent to the AUTH right, so I've just used
* 'x' for now.
*/
ACL_PRIV_SET(mask, ACL_PRIV_AUTH);
break;
case 'd':
/* **** NOTE: draft-ietf-ldapext-aci-model-0.3.txt defines
* the right 'd' to mean "delete"; we hijack it to mean
* "disclose" for consistency wuith the rest of slapd.
*/
ACL_PRIV_SET(mask, ACL_PRIV_DISCLOSE);
break;
case 'c':
ACL_PRIV_SET(mask, ACL_PRIV_COMPARE);
break;
@ -74,13 +116,6 @@ aci_list_map_rights(
case 'w':
ACL_PRIV_SET(mask, ACL_PRIV_WRITE);
break;
case 'x':
/* **** NOTE: draft-ietf-ldapext-aci-model-0.3.txt does not
* define any equivalent to the AUTH right, so I've just used
* 'x' for now.
*/
ACL_PRIV_SET(mask, ACL_PRIV_AUTH);
break;
default:
break;
}
@ -239,7 +274,7 @@ aci_group_member (
const char *text;
int rc;
/* format of string is "group/objectClassValue/groupAttrName" */
/* format of string is "{group|role}/objectClassValue/groupAttrName" */
if ( acl_get_part( subj, 0, '/', &subjdn ) < 0 ) {
return 0;
}
@ -299,7 +334,12 @@ aci_mask(
slap_access_t *deny,
slap_aci_scope_t asserted_scope )
{
struct berval bv, scope, perms, type, sdn;
struct berval bv,
scope,
perms,
type,
opts,
sdn;
int rc;
@ -413,6 +453,15 @@ aci_mask(
sdn.bv_val = type.bv_val + type.bv_len + STRLENOF( "#" );
sdn.bv_len = aci->bv_len - ( sdn.bv_val - aci->bv_val );
/* get the type options, if any */
if ( acl_get_part( &type, 1, '/', &opts ) > 0 ) {
opts.bv_len = type.bv_len - ( opts.bv_val - type.bv_val );
type.bv_len = opts.bv_val - type.bv_val - 1;
} else {
BER_BVZERO( &opts );
}
if ( ber_bvcmp( &aci_bv[ ACI_BV_ACCESS_ID ], &type ) == 0 ) {
return dn_match( &op->o_ndn, &sdn );
@ -459,15 +508,47 @@ aci_mask(
return rc;
} else if ( ber_bvcmp( &aci_bv[ ACI_BV_GROUP ], &type ) == 0 ) {
if ( aci_group_member( &sdn, &aci_bv[ ACI_BV_GROUP_CLASS ],
&aci_bv[ ACI_BV_GROUP_ATTR ], op, e, nmatch, matches ) )
struct berval oc,
at;
if ( BER_BVISNULL( &opts ) ) {
oc = aci_bv[ ACI_BV_GROUP_CLASS ];
at = aci_bv[ ACI_BV_GROUP_ATTR ];
} else {
if ( acl_get_part( &opts, 0, '/', &oc ) < 0 ) {
assert( 0 );
}
if ( acl_get_part( &opts, 1, '/', &at ) < 0 ) {
at = aci_bv[ ACI_BV_GROUP_ATTR ];
}
}
if ( aci_group_member( &sdn, &oc, &at, op, e, nmatch, matches ) )
{
return 1;
}
} else if ( ber_bvcmp( &aci_bv[ ACI_BV_ROLE ], &type ) == 0 ) {
if ( aci_group_member( &sdn, &aci_bv[ ACI_BV_ROLE_CLASS ],
&aci_bv[ ACI_BV_ROLE_ATTR ], op, e, nmatch, matches ) )
struct berval oc,
at;
if ( BER_BVISNULL( &opts ) ) {
oc = aci_bv[ ACI_BV_ROLE_CLASS ];
at = aci_bv[ ACI_BV_ROLE_ATTR ];
} else {
if ( acl_get_part( &opts, 0, '/', &oc ) < 0 ) {
assert( 0 );
}
if ( acl_get_part( &opts, 1, '/', &at ) < 0 ) {
at = aci_bv[ ACI_BV_ROLE_ATTR ];
}
}
if ( aci_group_member( &sdn, &oc, &at, op, e, nmatch, matches ) )
{
return 1;
}
@ -481,11 +562,102 @@ aci_mask(
if ( acl_match_set( &sdn, op, e, 1 ) ) {
return 1;
}
} else {
/* it passed normalization! */
assert( 0 );
}
return 0;
}
int
aci_init( void )
{
/* OpenLDAP Experimental Syntax */
static slap_syntax_defs_rec aci_syntax_def = {
"( 1.3.6.1.4.1.4203.666.2.1 DESC 'OpenLDAP Experimental ACI' )",
SLAP_SYNTAX_HIDE,
OpenLDAPaciValidate,
OpenLDAPaciPretty
};
static slap_mrule_defs_rec aci_mr_def = {
"( 1.3.6.1.4.1.4203.666.4.2 NAME 'OpenLDAPaciMatch' "
"SYNTAX 1.3.6.1.4.1.4203.666.2.1 )",
SLAP_MR_HIDE | SLAP_MR_EQUALITY, NULL,
NULL, OpenLDAPaciNormalize, OpenLDAPaciMatch,
NULL, NULL,
NULL
};
static struct {
char *name;
char *desc;
slap_mask_t flags;
AttributeDescription **ad;
} aci_at = {
"OpenLDAPaci", "( 1.3.6.1.4.1.4203.666.1.5 "
"NAME 'OpenLDAPaci' "
"DESC 'OpenLDAP access control information (experimental)' "
"EQUALITY OpenLDAPaciMatch "
"SYNTAX 1.3.6.1.4.1.4203.666.2.1 "
"USAGE directoryOperation )",
SLAP_AT_HIDE,
&slap_ad_aci
};
LDAPAttributeType *at;
AttributeType *sat;
int rc;
const char *text;
/* ACI syntax */
rc = register_syntax( &aci_syntax_def );
if ( rc != 0 ) {
return rc;
}
/* ACI equality rule */
rc = register_matching_rule( &aci_mr_def );
if ( rc != 0 ) {
return rc;
}
/* ACI attribute */
at = ldap_str2attributetype( aci_at.desc,
&rc, &text, LDAP_SCHEMA_ALLOW_ALL );
if ( !at ) {
Debug( LDAP_DEBUG_ANY,
"%s AttributeType load failed: %s %s\n",
aci_at.name, ldap_scherr2str( rc ), text );
return rc;
}
rc = at_add( at, 0, &sat, &text );
if ( rc != LDAP_SUCCESS ) {
ldap_attributetype_free( at );
fprintf( stderr, "iMUX_monitor_schema_init: "
"AttributeType load failed: %s %s\n",
scherr2str( rc ), text );
return rc;
}
ldap_memfree( at );
rc = slap_str2ad( aci_at.name,
aci_at.ad, &text );
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY,
"unable to find AttributeDescription "
"\"%s\": %d (%s)\n",
aci_at.name, rc, text );
return 1;
}
/* install flags */
sat->sat_flags |= aci_at.flags;
return rc;
}
#ifdef SLAP_DYNACL
/*
* FIXME: there is a silly dependence that makes it difficult
@ -493,7 +665,13 @@ aci_mask(
* umbrella, because sets share some helpers with ACIs.
*/
static int
dynacl_aci_parse( const char *fname, int lineno, slap_style_t sty, const char *right, void **privp )
dynacl_aci_parse(
const char *fname,
int lineno,
const char *opts,
slap_style_t sty,
const char *right,
void **privp )
{
AttributeDescription *ad = NULL;
const char *text = NULL;
@ -514,7 +692,7 @@ dynacl_aci_parse( const char *fname, int lineno, slap_style_t sty, const char *r
}
} else {
ad = slap_schema.si_ad_aci;
ad = slap_ad_aci;
}
if ( !is_at_syntax( ad->ad_type, SLAPD_ACI_SYNTAX) ) {
@ -706,7 +884,15 @@ static slap_dynacl_t dynacl_aci = {
int
dynacl_aci_init( void )
{
return slap_dynacl_register( &dynacl_aci );
int rc;
rc = aci_init();
if ( rc == 0 ) {
rc = slap_dynacl_register( &dynacl_aci );
}
return rc;
}
#endif /* SLAP_DYNACL */
@ -778,11 +964,12 @@ OpenLDAPaciValidatePerms(
for ( i = 0; i < perms->bv_len; ) {
switch ( perms->bv_val[ i ] ) {
case 'x':
case 'd':
case 'c':
case 's':
case 'r':
case 'w':
case 'x':
break;
default:
@ -1040,7 +1227,7 @@ static const struct berval *OpenLDAPacitypes[] = {
NULL
};
int
static int
OpenLDAPaciValidate(
Syntax *syntax,
struct berval *val )
@ -1191,7 +1378,7 @@ OpenLDAPaciPrettyNormal(
subject = BER_BVNULL,
nsubject = BER_BVNULL;
int idx,
rc,
rc = LDAP_SUCCESS,
freesubject = 0,
freetype = 0;
char *ptr;
@ -1315,7 +1502,8 @@ OpenLDAPaciPrettyNormal(
- ( ocbv.bv_val - type.bv_val );
}
if ( oc_bvfind( &ocbv ) == NULL ) {
oc = oc_bvfind( &ocbv );
if ( oc == NULL ) {
rc = LDAP_INVALID_SYNTAX;
goto cleanup;
}
@ -1406,7 +1594,7 @@ cleanup:;
return rc;
}
int
static int
OpenLDAPaciPretty(
Syntax *syntax,
struct berval *val,
@ -1416,7 +1604,7 @@ OpenLDAPaciPretty(
return OpenLDAPaciPrettyNormal( val, out, ctx, 0 );
}
int
static int
OpenLDAPaciNormalize(
slap_mask_t use,
Syntax *syntax,

11
servers/slapd/acl.c
View file

@ -2794,19 +2794,20 @@ slap_dynacl_get( const char *name )
int
acl_init( void )
{
#ifdef SLAP_DYNACL
int rc;
int rc = 0;
#ifdef SLAPD_ACI_ENABLED
#ifdef SLAP_DYNACL
rc = dynacl_aci_init();
#else /* !SLAP_DYNACL */
rc = aci_init();
#endif /* !SLAP_DYNACL */
if ( rc != 0 ) {
return rc;
}
#endif /* SLAPD_ACI_ENABLED */
#endif /* SLAP_DYNACL */
return 0;
return rc;
}
int

25
servers/slapd/aclparse.c
View file

@ -70,7 +70,14 @@ static int check_scope( BackendDB *be, AccessControl *a );
#ifdef SLAP_DYNACL
static int
slap_dynacl_config( const char *fname, int lineno, Access *b, const char *name, slap_style_t sty, const char *right )
slap_dynacl_config(
const char *fname,
int lineno,
Access *b,
const char *name,
const char *opts,
slap_style_t sty,
const char *right )
{
slap_dynacl_t *da, *tmp;
int rc = 0;
@ -93,7 +100,7 @@ slap_dynacl_config( const char *fname, int lineno, Access *b, const char *name,
*tmp = *da;
if ( tmp->da_parse ) {
rc = ( *tmp->da_parse )( fname, lineno, sty, right, &tmp->da_private );
rc = ( *tmp->da_parse )( fname, lineno, opts, sty, right, &tmp->da_private );
if ( rc ) {
ch_free( tmp );
return rc;
@ -1490,17 +1497,23 @@ parse_acl(
#ifdef SLAP_DYNACL
{
char *name = NULL;
char *name = NULL,
*opts = NULL;
if ( strcasecmp( left, "aci" ) == 0 ) {
name = "aci";
} else if ( strncasecmp( left, "dynacl/", STRLENOF( "dynacl/" ) ) == 0 ) {
name = &left[ STRLENOF( "dynacl/" ) ];
opts = strchr( name, '/' );
if ( opts ) {
opts[ 0 ] = '\0';
opts++;
}
}
if ( name ) {
if ( slap_dynacl_config( fname, lineno, b, name, sty, right ) ) {
if ( slap_dynacl_config( fname, lineno, b, name, opts, sty, right ) ) {
fprintf( stderr, "%s: line %d: "
"unable to configure dynacl \"%s\"\n",
fname, lineno, name );
@ -1539,7 +1552,7 @@ parse_acl(
}
} else {
b->a_aci_at = slap_schema.si_ad_aci;
b->a_aci_at = slap_ad_aci;
}
if( !is_at_syntax( b->a_aci_at->ad_type,
@ -2122,7 +2135,7 @@ acl_usage( void )
"\t[aci[=<attrname>]]\n"
#endif
#ifdef SLAP_DYNACL
"\t[dynacl/<name>[.<dynstyle>][=<pattern>]]\n"
"\t[dynacl/<name>[/<options>][.<dynstyle>][=<pattern>]]\n"
#endif /* SLAP_DYNACL */
"\t[ssf=<n>] [transport_ssf=<n>] [tls_ssf=<n>] [sasl_ssf=<n>]\n",
"<style> ::= exact | regex | base(Object)\n"

3
servers/slapd/ad.c
View file

@ -737,9 +737,12 @@ int slap_bv2undef_ad(
/* canonical to upper case */
ldap_pvt_str2upper( desc->ad_cname.bv_val );
/* shouldn't we protect this for concurrency? */
desc->ad_type = slap_schema.si_at_undefined;
ldap_pvt_thread_mutex_lock( &ad_undef_mutex );
desc->ad_next = desc->ad_type->sat_ad;
desc->ad_type->sat_ad = desc;
ldap_pvt_thread_mutex_unlock( &ad_undef_mutex );
}
if( !*ad ) {

14
servers/slapd/attr.c
View file

@ -111,7 +111,7 @@ attr_dup( Attribute *a )
tmp = attr_alloc( a->a_desc );
if ( a->a_vals != NULL ) {
int i;
int i;
for ( i = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ ) {
/* EMPTY */ ;
@ -129,13 +129,17 @@ attr_dup( Attribute *a )
assert( a->a_nvals != NULL );
if ( a->a_nvals != a->a_vals ) {
int j;
tmp->a_nvals = ch_malloc( (i + 1) * sizeof(struct berval) );
for ( i = 0; !BER_BVISNULL( &a->a_nvals[i] ); i++ ) {
ber_dupbv( &tmp->a_nvals[i], &a->a_nvals[i] );
if ( BER_BVISNULL( &tmp->a_nvals[i] ) ) break;
for ( j = 0; !BER_BVISNULL( &a->a_nvals[j] ); j++ ) {
assert( j < i );
ber_dupbv( &tmp->a_nvals[j], &a->a_nvals[j] );
if ( BER_BVISNULL( &tmp->a_nvals[j] ) ) break;
/* FIXME: error? */
}
BER_BVZERO( &tmp->a_nvals[i] );
assert( j == i );
BER_BVZERO( &tmp->a_nvals[j] );
} else {
tmp->a_nvals = tmp->a_vals;

9
servers/slapd/back-bdb/init.c
View file

@ -278,6 +278,15 @@ bdb_db_open( BackendDB *be )
}
/* Prev environment had TXN support, get rid of it */
if ( !flags_ok ) {
bdb->bi_dbenv->close( bdb->bi_dbenv, 0 );
bdb->bi_dbenv = NULL;
rc = db_env_create( &bdb->bi_dbenv, 0 );
if( rc != 0 ) {
Debug( LDAP_DEBUG_ANY,
"bdb_db_open: db_env_create failed: %s (%d)\n",
db_strerror(rc), rc, 0 );
return rc;
}
bdb->bi_dbenv->remove( bdb->bi_dbenv, dbhome, 0 );
bdb->bi_dbenv = NULL;
}

2
servers/slapd/back-bdb/search.c
View file

@ -477,7 +477,7 @@ dn2entry_retry:
bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
}
send_ldap_result( op, rs );
return 1;
return rs->sr_err;
}
#endif /* SLAP_ACL_HONOR_DISCLOSE */

18
servers/slapd/back-ldap/bind.c
View file

@ -105,19 +105,11 @@ done:;
/* wait for all other ops to release the connection */
retry_lock:;
switch ( ldap_pvt_thread_mutex_trylock( &li->conn_mutex ) ) {
case LDAP_PVT_THREAD_EBUSY:
default:
ldap_pvt_thread_mutex_lock( &li->conn_mutex );
if ( lc->lc_refcnt > 1 ) {
ldap_pvt_thread_mutex_unlock( &li->conn_mutex );
ldap_pvt_thread_yield();
goto retry_lock;
case 0:
if ( lc->lc_refcnt > 1 ) {
ldap_pvt_thread_mutex_unlock( &li->conn_mutex );
ldap_pvt_thread_yield();
goto retry_lock;
}
break;
}
assert( lc->lc_refcnt == 1 );
@ -294,7 +286,7 @@ ldap_back_start_tls(
if ( rc == LDAP_SUCCESS ) {
LDAPMessage *res = NULL;
int retries = 1;
struct timeval tv = { 0, 0 };
struct timeval tv = { 0, 100000 };
retry:;
rc = ldap_result( ld, msgid, LDAP_MSG_ALL, &tv, &res );
@ -819,7 +811,7 @@ ldap_back_op_result(
* remote server response */
if ( ERR_OK( rs->sr_err ) ) {
int rc;
struct timeval tv = { 0, 0 };
struct timeval tv = { 0, 100000 };
retry:;
/* if result parsing fails, note the failure reason */

1
servers/slapd/back-ldap/search.c
View file

@ -179,6 +179,7 @@ ldap_back_search(
} else {
tv.tv_sec = 0;
tv.tv_usec = 100000;
}
if ( op->ors_attrs ) {

8
servers/slapd/back-meta/bind.c
View file

@ -211,7 +211,7 @@ rebind:;
op->o_ctrls, NULL, &msgid );
if ( rs->sr_err == LDAP_SUCCESS ) {
LDAPMessage *res;
struct timeval tv;
struct timeval tv = { 0, 100000 };
int rc;
int nretries = mt->mt_nretries;
@ -234,6 +234,8 @@ retry:;
if ( nretries > 0 ) {
nretries--;
}
tv.tv_sec = 0;
tv.tv_usec = 100000;
goto retry;
}
rs->sr_err = LDAP_BUSY;
@ -380,7 +382,7 @@ rebind:;
NULL, NULL, &msgid );
if ( rc == LDAP_SUCCESS ) {
LDAPMessage *res;
struct timeval tv;
struct timeval tv = { 0, 100000 };
/*
* handle response!!!
@ -401,6 +403,8 @@ retry:;
if ( nretries > 0 ) {
nretries--;
}
tv.tv_sec = 0;
tv.tv_usec = 100000;
goto retry;
}

2
servers/slapd/back-meta/compare.c
View file

@ -179,7 +179,7 @@ meta_back_compare( Operation *op, SlapReply *rs )
struct timeval tv = { 0 };
tv.tv_sec = 0;
tv.tv_usec = 0;
tv.tv_usec = 100000; /* 0.1 s */
if ( msgid[ i ] == -1 ) {
continue;

48
servers/slapd/back-meta/search.c
View file

@ -902,7 +902,9 @@ meta_send_entry(
dc.ctx = "searchAttrDN";
while ( ber_scanf( &ber, "{m", &a ) != LBER_ERROR ) {
int last = 0;
int last = 0;
slap_syntax_validate_func *validate;
slap_syntax_transform_func *pretty;
ldap_back_map( &mi->mi_targets[ target ].mt_rwmap.rwm_at,
&a, &mapped, BACKLDAP_REMAP );
@ -962,11 +964,23 @@ meta_send_entry(
{
attr->a_vals = (struct berval *)&slap_dummy_bv;
} else if ( attr->a_desc == slap_schema.si_ad_objectClass
} else {
for ( last = 0; !BER_BVISNULL( &attr->a_vals[ last ] ); ++last )
;
}
validate = attr->a_desc->ad_type->sat_syntax->ssyn_validate;
pretty = attr->a_desc->ad_type->sat_syntax->ssyn_pretty;
if ( !validate && !pretty ) {
attr->a_nvals = NULL;
attr_free( attr );
goto next_attr;
}
if ( attr->a_desc == slap_schema.si_ad_objectClass
|| attr->a_desc == slap_schema.si_ad_structuralObjectClass )
{
for ( last = 0; !BER_BVISNULL( &attr->a_vals[ last ] ); ++last );
for ( bv = attr->a_vals; !BER_BVISNULL( bv ); bv++ ) {
ldap_back_map( &mi->mi_targets[ target ].mt_rwmap.rwm_oc,
bv, &mapped, BACKLDAP_REMAP );
@ -1003,10 +1017,33 @@ meta_send_entry(
} else if ( attr->a_desc == slap_schema.si_ad_ref ) {
ldap_back_referral_result_rewrite( &dc, attr->a_vals );
} else {
int i;
for ( i = 0; i < last; i++ ) {
struct berval pval;
int rc;
if ( pretty ) {
rc = pretty( attr->a_desc->ad_type->sat_syntax,
&attr->a_vals[i], &pval, NULL );
} else {
rc = validate( attr->a_desc->ad_type->sat_syntax,
&attr->a_vals[i] );
}
if ( pretty ) {
LBER_FREE( attr->a_vals[i].bv_val );
attr->a_vals[i] = pval;
}
}
}
if ( last && attr->a_desc->ad_type->sat_equality &&
attr->a_desc->ad_type->sat_equality->smr_normalize ) {
attr->a_desc->ad_type->sat_equality->smr_normalize )
{
int i;
attr->a_nvals = ch_malloc( ( last + 1 ) * sizeof( struct berval ) );
@ -1026,6 +1063,7 @@ meta_send_entry(
*attrp = attr;
attrp = &attr->a_next;
next_attr:;
}
rs->sr_entry = &ent;
rs->sr_attrs = op->ors_attrs;

14
servers/slapd/bconfig.c
View file

@ -2600,8 +2600,10 @@ config_setup_ldif( BackendDB *be, const char *dir, int readit ) {
return 1;
if ( readit ) {
void *thrctx = ldap_pvt_thread_pool_context();
op = (Operation *)opbuf;
connection_fake_init( &conn, op, cfb );
connection_fake_init( &conn, op, thrctx );
filter.f_desc = slap_schema.si_ad_objectClass;
@ -2631,7 +2633,7 @@ config_setup_ldif( BackendDB *be, const char *dir, int readit ) {
op->o_bd = &cfb->cb_db;
rc = op->o_bd->be_search( op, &rs );
slap_sl_mem_destroy( NULL, op->o_tmpmemctx );
ldap_pvt_thread_pool_context_reset( thrctx );
}
cfb->cb_use_ldif = 1;
@ -3980,14 +3982,16 @@ config_back_db_open( BackendDB *be )
Operation *op;
slap_callback cb = { NULL, slap_null_cb, NULL, NULL };
SlapReply rs = {REP_RESULT};
void *thrctx = NULL;
/* If we read the config from back-ldif, nothing to do here */
if ( cfb->cb_got_ldif )
return 0;
if ( cfb->cb_use_ldif ) {
thrctx = ldap_pvt_thread_pool_context();
op = (Operation *)opbuf;
connection_fake_init( &conn, op, cfb );
connection_fake_init( &conn, op, thrctx );
op->o_dn = be->be_rootdn;
op->o_ndn = be->be_rootndn;
@ -4098,8 +4102,8 @@ config_back_db_open( BackendDB *be )
}
}
}
if ( op )
slap_sl_mem_destroy( NULL, op->o_tmpmemctx );
if ( thrctx )
ldap_pvt_thread_pool_context_reset( thrctx );
return 0;
}

36
servers/slapd/oc.c
View file

@ -57,7 +57,7 @@ int is_object_subclass(
int is_entry_objectclass(
Entry* e,
ObjectClass *oc,
int set_flags )
unsigned flags )
{
/*
* set_flags should only be true if oc is one of operational
@ -67,15 +67,16 @@ int is_entry_objectclass(
Attribute *attr;
struct berval *bv;
AttributeDescription *objectClass = slap_schema.si_ad_objectClass;
assert(!( e == NULL || oc == NULL ));
assert( !( e == NULL || oc == NULL ) );
assert( ( flags & SLAP_OCF_MASK ) != SLAP_OCF_MASK );
if( e == NULL || oc == NULL ) {
return 0;
}
if( set_flags && ( e->e_ocflags & SLAP_OC__END )) {
if( flags == SLAP_OCF_SET_FLAGS && ( e->e_ocflags & SLAP_OC__END ) )
{
/* flags are set, use them */
return (e->e_ocflags & oc->soc_flags & SLAP_OC__MASK) != 0;
}
@ -83,7 +84,7 @@ int is_entry_objectclass(
/*
* find objectClass attribute
*/
attr = attr_find(e->e_attrs, objectClass);
attr = attr_find( e->e_attrs, slap_schema.si_ad_objectClass );
if( attr == NULL ) {
/* no objectClass attribute */
Debug( LDAP_DEBUG_ANY, "is_entry_objectclass(\"%s\", \"%s\") "
@ -97,19 +98,30 @@ int is_entry_objectclass(
for( bv=attr->a_vals; bv->bv_val; bv++ ) {
ObjectClass *objectClass = oc_bvfind( bv );
if ( !set_flags && objectClass == oc ) {
return 1;
if ( objectClass == NULL ) {
/* FIXME: is this acceptable? */
continue;
}
if ( !( flags & SLAP_OCF_SET_FLAGS ) ) {
if ( objectClass == oc ) {
return 1;
}
if ( ( flags & SLAP_OCF_CHECK_SUP )
&& is_object_subclass( oc, objectClass ) )
{
return 1;
}
}
if ( objectClass != NULL ) {
e->e_ocflags |= objectClass->soc_flags;
}
e->e_ocflags |= objectClass->soc_flags;
}
/* mark flags as set */
e->e_ocflags |= SLAP_OC__END;
return (e->e_ocflags & oc->soc_flags & SLAP_OC__MASK) != 0;
return ( e->e_ocflags & oc->soc_flags & SLAP_OC__MASK ) != 0;
}
@ -215,7 +227,9 @@ oc_bvfind_undef( struct berval *ocname )
AC_MEMCPY( oc->soc_cname.bv_val, ocname->bv_val, ocname->bv_len );
LDAP_STAILQ_NEXT( oc, soc_next ) = NULL;
ldap_pvt_thread_mutex_lock( &oc_undef_mutex );
LDAP_STAILQ_INSERT_HEAD( &oc_undef_list, oc, soc_next );
ldap_pvt_thread_mutex_unlock( &oc_undef_mutex );
return oc;
}

12
servers/slapd/overlays/Makefile.in
View file

@ -27,10 +27,15 @@ SRCS = overlays.c \
rwm.c rwmconf.c rwmdn.c rwmmap.c \
syncprov.c \
translucent.c \
unique.c
unique.c \
valsort.c
OBJS = overlays.o \
@SLAPD_STATIC_OVERLAYS@
# Add here the objs that are needed by overlays, but do not make it
# into SLAPD_STATIC_OVERLAYS...
OBJDEP=rwm.o rwmconf.o rwmdn.o rwmmap.o
LTONLY_MOD = $(LTONLY_mod)
LDAP_INCDIR= ../../../include
LDAP_LIBDIR= ../../../libraries
@ -97,6 +102,9 @@ translucent.la : translucent.lo
unique.la : unique.lo
$(LTLINK_MOD) -module -o $@ unique.lo version.lo $(LINK_LIBS)
valsort.la : valsort.lo
$(LTLINK_MOD) -module -o $@ valsort.lo version.lo $(LINK_LIBS)
install-local: $(PROGRAMS)
@if test -n "$?" ; then \
$(MKDIR) $(DESTDIR)$(moduledir); \
@ -116,7 +124,7 @@ $(LIBRARY): $(OBJS) version.lo
# Must fixup depends for non-libtool objects
depend-local:
@if test -n "$(OBJS)"; then \
OBJ2=`echo $(OBJS) | $(SED) -e 's/\.o//g'`; \
OBJ2=`echo $(OBJS) $(OBJDEP) | $(SED) -e 's/\.o//g'`; \
SCR=''; for i in $$OBJ2; do SCR="$$SCR -e s/^$$i.lo:/$$i.o:/"; done; \
mv Makefile Makefile.bak; $(SED) $$SCR Makefile.bak > Makefile && \
$(RM) Makefile.bak; fi

6
servers/slapd/overlays/overlays.c
View file

@ -65,6 +65,9 @@ extern int translucent_init();
#if SLAPD_OVER_UNIQUE == SLAPD_MOD_STATIC
extern int unique_init();
#endif
#if SLAPD_OVER_VALSORT == SLAPD_MOD_STATIC
extern int valsort_init();
#endif
static struct {
char *name;
@ -111,6 +114,9 @@ static struct {
#endif
#if SLAPD_OVER_UNIQUE == SLAPD_MOD_STATIC
{ "Attribute Uniqueness", unique_init },
#endif
#if SLAPD_OVER_VALSORT == SLAPD_MOD_STATIC
{ "Value Sorting", valsort_init },
#endif
{ NULL, NULL }
};

21
servers/slapd/overlays/ppolicy.c
View file

@ -2,7 +2,7 @@
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2004-2005 The OpenLDAP Foundation.
* Portions Copyright 2004 Howard Chu, Symas Corporation.
* Portions Copyright 2004-2005 Howard Chu, Symas Corporation.
* Portions Copyright 2004 Hewlett-Packard Company.
* All rights reserved.
*
@ -23,7 +23,7 @@
#include "portable.h"
/* This file implements "Password Policy for LDAP Directories",
* based on draft behera-ldap-password-policy-08
* based on draft behera-ldap-password-policy-09
*/
#ifdef SLAPD_OVER_PPOLICY
@ -111,7 +111,7 @@ static struct schema_info {
"EQUALITY generalizedTimeMatch "
"ORDERING generalizedTimeOrderingMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
"SINGLE-VALUE USAGE directoryOperation NO-USER-MODIFICATION )",
"SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
&ad_pwdChangedTime },
{ "( 1.3.6.1.4.1.42.2.27.8.1.17 "
"NAME ( 'pwdAccountLockedTime' ) "
@ -119,7 +119,7 @@ static struct schema_info {
"EQUALITY generalizedTimeMatch "
"ORDERING generalizedTimeOrderingMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
"SINGLE-VALUE USAGE directoryOperation )",
"SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
&ad_pwdAccountLockedTime },
{ "( 1.3.6.1.4.1.42.2.27.8.1.19 "
"NAME ( 'pwdFailureTime' ) "
@ -127,21 +127,21 @@ static struct schema_info {
"EQUALITY generalizedTimeMatch "
"ORDERING generalizedTimeOrderingMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
"USAGE directoryOperation )",
"NO-USER-MODIFICATION USAGE directoryOperation )",
&ad_pwdFailureTime },
{ "( 1.3.6.1.4.1.42.2.27.8.1.20 "
"NAME ( 'pwdHistory' ) "
"DESC 'The history of users passwords' "
"EQUALITY octetStringMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 "
"USAGE directoryOperation NO-USER-MODIFICATION )",
"NO-USER-MODIFICATION USAGE directoryOperation )",
&ad_pwdHistory },
{ "( 1.3.6.1.4.1.42.2.27.8.1.21 "
"NAME ( 'pwdGraceUseTime' ) "
"DESC 'The timestamps of the grace login once the password has expired' "
"EQUALITY generalizedTimeMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
"USAGE directoryOperation NO-USER-MODIFICATION )",
"NO-USER-MODIFICATION USAGE directoryOperation )",
&ad_pwdGraceUseTime },
{ "( 1.3.6.1.4.1.42.2.27.8.1.22 "
"NAME ( 'pwdReset' ) "
@ -155,7 +155,7 @@ static struct schema_info {
"DESC 'The pwdPolicy subentry in effect for this object' "
"EQUALITY distinguishedNameMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 "
"SINGLE-VALUE USAGE directoryOperation )",
"SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
&ad_pwdPolicySubentry },
{ NULL, NULL }
};
@ -1768,6 +1768,11 @@ int ppolicy_init()
scherr2str(code), err );
return code;
}
/* Allow Manager to set these as needed */
if ( is_at_no_user_mod( (*pwd_OpSchema[i].ad)->ad_type )) {
(*pwd_OpSchema[i].ad)->ad_type->sat_flags |=
SLAP_AT_MANAGEABLE;
}
}
code = register_supported_control( LDAP_CONTROL_PASSWORDPOLICYREQUEST,

31
servers/slapd/overlays/retcode.c
View file

@ -39,7 +39,9 @@ static AttributeDescription *ad_errCode;
static AttributeDescription *ad_errText;
static AttributeDescription *ad_errOp;
static AttributeDescription *ad_errSleepTime;
static ObjectClass *oc_errAbsObject;
static ObjectClass *oc_errObject;
static ObjectClass *oc_errAuxObject;
typedef enum retcode_op_e {
SN_DG_OP_NONE = 0x0000,
@ -163,6 +165,7 @@ retcode_op_add( Operation *op, SlapReply *rs )
typedef struct retcode_cb_t {
unsigned rdc_flags;
ber_tag_t rdc_tag;
AttributeName *rdc_attrs;
} retcode_cb_t;
static int
@ -175,6 +178,9 @@ retcode_cb_response( Operation *op, SlapReply *rs )
int rc;
op->o_tag = rdc->rdc_tag;
if ( op->o_tag == LDAP_REQ_SEARCH ) {
rs->sr_attrs = rdc->rdc_attrs;
}
rc = retcode_entry_response( op, rs, rs->sr_entry );
op->o_tag = o_tag;
@ -211,7 +217,8 @@ retcode_op_internal( Operation *op, SlapReply *rs )
op2.ors_attrsonly = 0;
op2.ors_attrs = slap_anlist_all_attributes;
ber_str2bv_x( "(objectClass=errObject)", STRLENOF( "(objectClass=errObject)" ),
ber_str2bv_x( "(objectClass=errAbsObject)",
STRLENOF( "(objectClass=errAbsObject)" ),
1, &op2.ors_filterstr, op2.o_tmpmemctx );
op2.ors_filter = str2filter_x( &op2, op2.ors_filterstr.bv_val );
@ -219,6 +226,9 @@ retcode_op_internal( Operation *op, SlapReply *rs )
op2.o_bd = &db;
rdc.rdc_flags = RETCODE_FINDIR;
if ( op->o_tag == LDAP_REQ_SEARCH ) {
rdc.rdc_attrs = op->ors_attrs;
}
rdc.rdc_tag = op->o_tag;
sc.sc_response = retcode_cb_response;
sc.sc_private = &rdc;
@ -394,6 +404,7 @@ retcode_op_func( Operation *op, SlapReply *rs )
send_ldap_result( op, rs );
if ( rs->sr_ref != NULL ) {
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
}
rs->sr_matched = NULL;
rs->sr_text = NULL;
@ -448,7 +459,7 @@ retcode_entry_response( Operation *op, SlapReply *rs, Entry *e )
return SLAP_CB_CONTINUE;
}
if ( !is_entry_objectclass( e, oc_errObject, 0 ) ) {
if ( !is_entry_objectclass_or_sub( e, oc_errAbsObject ) ) {
return SLAP_CB_CONTINUE;
}
@ -1025,9 +1036,9 @@ retcode_init( void )
char *desc;
ObjectClass **oc;
} retcode_oc[] = {
{ "errObject", "( 1.3.6.1.4.1.4203.666.11.4.3.1 "
"NAME ( 'errObject' ) "
"SUP top STRUCTURAL "
{ "errAbsObject", "( 1.3.6.1.4.1.4203.666.11.4.3.0 "
"NAME ( 'errAbsObject' ) "
"SUP top ABSTRACT "
"MUST ( errCode ) "
"MAY ( "
"cn "
@ -1036,7 +1047,17 @@ retcode_init( void )
"$ errText "
"$ errSleepTime "
") )",
&oc_errAbsObject },
{ "errObject", "( 1.3.6.1.4.1.4203.666.11.4.3.1 "
"NAME ( 'errObject' ) "
"SUP errAbsObject STRUCTURAL "
")",
&oc_errObject },
{ "errAuxObject", "( 1.3.6.1.4.1.4203.666.11.4.3.2 "
"NAME ( 'errAuxObject' ) "
"SUP errAbsObject AUXILIARY "
")",
&oc_errAuxObject },
{ NULL }
};

2
servers/slapd/overlays/rwmconf.c
View file

@ -206,7 +206,7 @@ rwm_map_config(
if ( rc != LDAP_SUCCESS ) {
fprintf( stderr,
"%s: line %d: destination attributeType '%s': %d (%s)\n",
fname, lineno, src, rc, text ? text : "null" );
fname, lineno, dst, rc, text ? text : "null" );
return 1;
}
}

24
servers/slapd/overlays/syncprov.c
View file

@ -2111,19 +2111,6 @@ sp_cf_gen(ConfigArgs *c)
return rc;
}
/* Cheating - we have no thread pool context for these functions,
* so make one.
*/
typedef struct thread_keys {
void *key;
void *data;
ldap_pvt_thread_pool_keyfree_t *xfree;
} thread_keys;
#define MAXKEYS 32
/* A fake thread context */
static thread_keys thrctx[MAXKEYS];
/* ITS#3456 we cannot run this search on the main thread, must use a
* child thread in order to insure we have a big enough stack.
*/
@ -2155,6 +2142,7 @@ syncprov_db_open(
Entry *e;
Attribute *a;
int rc;
void *thrctx = NULL;
if ( slapMode & SLAP_TOOL_MODE ) {
return 0;
@ -2165,6 +2153,7 @@ syncprov_db_open(
return rc;
}
thrctx = ldap_pvt_thread_pool_context();
connection_fake_init( &conn, op, thrctx );
op->o_bd = be;
op->o_dn = be->be_rootdn;
@ -2218,6 +2207,7 @@ syncprov_db_open(
out:
op->o_bd->bd_info = (BackendInfo *)on;
ldap_pvt_thread_pool_context_reset( thrctx );
return 0;
}
@ -2240,17 +2230,15 @@ syncprov_db_close(
char opbuf[OPERATION_BUFFER_SIZE];
Operation *op = (Operation *)opbuf;
SlapReply rs = {REP_RESULT};
void *thrctx;
thrctx = ldap_pvt_thread_pool_context();
connection_fake_init( &conn, op, thrctx );
op->o_bd = be;
op->o_dn = be->be_rootdn;
op->o_ndn = be->be_rootndn;
syncprov_checkpoint( op, &rs, on );
}
for ( i=0; thrctx[i].key; i++) {
if ( thrctx[i].xfree )
thrctx[i].xfree( thrctx[i].key, thrctx[i].data );
thrctx[i].key = NULL;
ldap_pvt_thread_pool_context_reset( thrctx );
}
return 0;

41
servers/slapd/proto-slap.h
View file

@ -45,14 +45,12 @@ LDAP_SLAPD_F (int) aci_mask LDAP_P((
slap_access_t *grant,
slap_access_t *deny,
slap_aci_scope_t scope));
LDAP_SLAPD_F (int) OpenLDAPaciValidate LDAP_P((
Syntax *syn, struct berval *in ));
LDAP_SLAPD_F (int) OpenLDAPaciPretty LDAP_P((
Syntax *syn, struct berval *val, struct berval *out, void *ctx ));
LDAP_SLAPD_F (slap_mr_normalize_func) OpenLDAPaciNormalize;
#ifdef SLAP_DYNACL
LDAP_SLAPD_F (int) dynacl_aci_init LDAP_P(( void ));
#endif /* SLAP_DYNACL */
#else /* !SLAP_DYNACL */
LDAP_SLAPD_F (int) aci_init LDAP_P(( void ));
LDAP_SLAPD_V (AttributeDescription *) slap_ad_aci;
#endif /* !SLAP_DYNACL */
#endif /* SLAPD_ACI_ENABLED */
/*
@ -1131,39 +1129,41 @@ LDAP_SLAPD_F (int) is_object_subclass LDAP_P((
ObjectClass *sub ));
LDAP_SLAPD_F (int) is_entry_objectclass LDAP_P((
Entry *, ObjectClass *oc, int set_flags ));
Entry *, ObjectClass *oc, unsigned flags ));
#define is_entry_objectclass_or_sub(e,oc) \
(is_entry_objectclass((e),(oc),SLAP_OCF_CHECK_SUP))
#define is_entry_alias(e) \
(((e)->e_ocflags & SLAP_OC__END) \
? (((e)->e_ocflags & SLAP_OC_ALIAS) != 0) \
: is_entry_objectclass((e), slap_schema.si_oc_alias, 1))
: is_entry_objectclass((e), slap_schema.si_oc_alias, SLAP_OCF_SET_FLAGS))
#define is_entry_referral(e) \
(((e)->e_ocflags & SLAP_OC__END) \
? (((e)->e_ocflags & SLAP_OC_REFERRAL) != 0) \
: is_entry_objectclass((e), slap_schema.si_oc_referral, 1))
: is_entry_objectclass((e), slap_schema.si_oc_referral, SLAP_OCF_SET_FLAGS))
#define is_entry_subentry(e) \
(((e)->e_ocflags & SLAP_OC__END) \
? (((e)->e_ocflags & SLAP_OC_SUBENTRY) != 0) \
: is_entry_objectclass((e), slap_schema.si_oc_subentry, 1))
: is_entry_objectclass((e), slap_schema.si_oc_subentry, SLAP_OCF_SET_FLAGS))
#define is_entry_collectiveAttributeSubentry(e) \
(((e)->e_ocflags & SLAP_OC__END) \
? (((e)->e_ocflags & SLAP_OC_COLLECTIVEATTRIBUTESUBENTRY) != 0) \
: is_entry_objectclass((e), slap_schema.si_oc_collectiveAttributeSubentry, 1))
: is_entry_objectclass((e), slap_schema.si_oc_collectiveAttributeSubentry, SLAP_OCF_SET_FLAGS))
#define is_entry_dynamicObject(e) \
(((e)->e_ocflags & SLAP_OC__END) \
? (((e)->e_ocflags & SLAP_OC_DYNAMICOBJECT) != 0) \
: is_entry_objectclass((e), slap_schema.si_oc_dynamicObject, 1))
: is_entry_objectclass((e), slap_schema.si_oc_dynamicObject, SLAP_OCF_SET_FLAGS))
#define is_entry_glue(e) \
(((e)->e_ocflags & SLAP_OC__END) \
? (((e)->e_ocflags & SLAP_OC_GLUE) != 0) \
: is_entry_objectclass((e), slap_schema.si_oc_glue, 1))
: is_entry_objectclass((e), slap_schema.si_oc_glue, SLAP_OCF_SET_FLAGS))
#define is_entry_syncProviderSubentry(e) \
(((e)->e_ocflags & SLAP_OC__END) \
? (((e)->e_ocflags & SLAP_OC_SYNCPROVIDERSUBENTRY) != 0) \
: is_entry_objectclass((e), slap_schema.si_oc_syncProviderSubentry, 1))
: is_entry_objectclass((e), slap_schema.si_oc_syncProviderSubentry, SLAP_OCF_SET_FLAGS))
#define is_entry_syncConsumerSubentry(e) \
(((e)->e_ocflags & SLAP_OC__END) \
? (((e)->e_ocflags & SLAP_OC_SYNCCONSUMERSUBENTRY) != 0) \
: is_entry_objectclass((e), slap_schema.si_oc_syncConsumerSubentry, 1))
: is_entry_objectclass((e), slap_schema.si_oc_syncConsumerSubentry, SLAP_OCF_SET_FLAGS))
LDAP_SLAPD_F (int) oc_schema_info( Entry *e );
LDAP_SLAPD_F (void) oc_unparse LDAP_P((
@ -1451,9 +1451,17 @@ LDAP_SLAPD_F (void) schema_destroy LDAP_P(( void ));
LDAP_SLAPD_F( slap_mr_indexer_func ) octetStringIndexer;
LDAP_SLAPD_F( slap_mr_filter_func ) octetStringFilter;
LDAP_SLAPD_F( int ) numericoidValidate LDAP_P((
struct slap_syntax *syntax,
struct berval *in ));
LDAP_SLAPD_F( int ) octetStringMatch LDAP_P((
int *matchp,
slap_mask_t flags,
Syntax *syntax,
MatchingRule *mr,
struct berval *value,
void *assertedValue ));
/*
* schema_prep.c
@ -1702,6 +1710,9 @@ LDAP_SLAPD_V (ldap_pvt_thread_mutex_t) replog_mutex;
LDAP_SLAPD_V (ldap_pvt_thread_mutex_t) gmtime_mutex;
#endif
LDAP_SLAPD_V (ldap_pvt_thread_mutex_t) ad_undef_mutex;
LDAP_SLAPD_V (ldap_pvt_thread_mutex_t) oc_undef_mutex;
LDAP_SLAPD_V (ber_socket_t) dtblsize;
LDAP_SLAPD_V (int) use_reverse_lookup;

26
servers/slapd/result.c
View file

@ -836,7 +836,7 @@ slap_send_search_entry( Operation *op, SlapReply *rs )
int finish = 0;
if ( rs->sr_attrs == NULL ) {
/* all attrs request, skip operational attributes */
/* all user attrs request, skip operational attributes */
if( is_at_operational( desc->ad_type ) ) {
continue;
}
@ -845,14 +845,13 @@ slap_send_search_entry( Operation *op, SlapReply *rs )
/* specific attrs requested */
if ( is_at_operational( desc->ad_type ) ) {
if ( !SLAP_OPATTRS( rs->sr_attr_flags ) &&
!ad_inlist( desc, rs->sr_attrs ) )
!ad_inlist( desc, rs->sr_attrs ) )
{
continue;
}
} else {
if ( !userattrs && !ad_inlist( desc, rs->sr_attrs ) )
{
if ( !userattrs && !ad_inlist( desc, rs->sr_attrs ) ) {
continue;
}
}
@ -994,7 +993,7 @@ slap_send_search_entry( Operation *op, SlapReply *rs )
AttributeDescription *desc = a->a_desc;
if ( rs->sr_attrs == NULL ) {
/* all attrs request, skip operational attributes */
/* all user attrs request, skip operational attributes */
if( is_at_operational( desc->ad_type ) ) {
continue;
}
@ -1003,7 +1002,7 @@ slap_send_search_entry( Operation *op, SlapReply *rs )
/* specific attrs requested */
if( is_at_operational( desc->ad_type ) ) {
if ( !SLAP_OPATTRS( rs->sr_attr_flags ) &&
!ad_inlist( desc, rs->sr_attrs ) )
!ad_inlist( desc, rs->sr_attrs ) )
{
continue;
}
@ -1334,10 +1333,19 @@ slap_send_search_reference( Operation *op, SlapReply *rs )
#ifdef LDAP_CONNECTIONLESS
}
#endif
if ( rs->sr_ref != NULL ) {
int r;
Statslog( LDAP_DEBUG_STATS2, "%s REF dn=\"%s\"\n",
op->o_log_prefix, rs->sr_entry ? rs->sr_entry->e_dn : "(null)",
0, 0, 0 );
for ( r = 0; !BER_BVISNULL( &rs->sr_ref[ r ] ); r++ ) {
Statslog( LDAP_DEBUG_STATS2, "%s REF #%d \"%s\"\n",
op->o_log_prefix, r, rs->sr_ref[0].bv_val,
0, 0 );
}
} else {
Statslog( LDAP_DEBUG_STATS2, "%s REF \"(null)\"\n",
op->o_log_prefix, 0, 0, 0, 0 );
}
Debug( LDAP_DEBUG_TRACE, "<= send_search_reference\n", 0, 0, 0 );

27
servers/slapd/schema_init.c
View file

@ -50,8 +50,6 @@
#define HASH_Update(c,buf,len) lutil_HASHUpdate(c,buf,len)
#define HASH_Final(d,c) lutil_HASHFinal(d,c)
#define OpenLDAPaciMatch octetStringMatch
/* approx matching rules */
#define directoryStringApproxMatchOID "1.3.6.1.4.1.4203.666.4.4"
#define directoryStringApproxMatch approxMatch
@ -79,6 +77,9 @@ unsigned int index_substr_if_maxlen = SLAP_INDEX_SUBSTR_IF_MAXLEN_DEFAULT;
unsigned int index_substr_any_len = SLAP_INDEX_SUBSTR_ANY_LEN_DEFAULT;
unsigned int index_substr_any_step = SLAP_INDEX_SUBSTR_ANY_STEP_DEFAULT;
ldap_pvt_thread_mutex_t ad_undef_mutex;
ldap_pvt_thread_mutex_t oc_undef_mutex;
static int
inValidate(
Syntax *syntax,
@ -126,7 +127,7 @@ static int certificateValidate( Syntax *syntax, struct berval *in )
#define certificateValidate sequenceValidate
#endif
static int
int
octetStringMatch(
int *matchp,
slap_mask_t flags,
@ -3423,14 +3424,6 @@ static slap_syntax_defs_rec syntax_defs[] = {
serialNumberAndIssuerValidate,
serialNumberAndIssuerPretty},
#ifdef SLAPD_ACI_ENABLED
/* OpenLDAP Experimental Syntaxes */
{"( 1.3.6.1.4.1.4203.666.2.1 DESC 'OpenLDAP Experimental ACI' )",
SLAP_SYNTAX_HIDE,
OpenLDAPaciValidate,
OpenLDAPaciPretty},
#endif
#ifdef SLAPD_AUTHPASSWD
/* needs updating */
{"( 1.3.6.1.4.1.4203.666.2.2 DESC 'OpenLDAP authPassword' )",
@ -3847,15 +3840,6 @@ static slap_mrule_defs_rec mrule_defs[] = {
NULL},
#endif
#ifdef SLAPD_ACI_ENABLED
{"( 1.3.6.1.4.1.4203.666.4.2 NAME 'OpenLDAPaciMatch' "
"SYNTAX 1.3.6.1.4.1.4203.666.2.1 )",
SLAP_MR_HIDE | SLAP_MR_EQUALITY, NULL,
NULL, OpenLDAPaciNormalize, OpenLDAPaciMatch,
NULL, NULL,
NULL},
#endif
{"( 1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )",
SLAP_MR_EXT, NULL,
@ -3966,4 +3950,7 @@ schema_destroy( void )
mr_destroy();
mru_destroy();
syn_destroy();
ldap_pvt_thread_mutex_destroy( &ad_undef_mutex );
ldap_pvt_thread_mutex_destroy( &oc_undef_mutex );
}

20
servers/slapd/slap.h
View file

@ -743,6 +743,10 @@ typedef struct slap_object_class {
LDAP_STAILQ_ENTRY(slap_object_class) soc_next;
} ObjectClass;
#define SLAP_OCF_SET_FLAGS 0x1
#define SLAP_OCF_CHECK_SUP 0x2
#define SLAP_OCF_MASK (SLAP_OCF_SET_FLAGS|SLAP_OCF_CHECK_SUP)
#define SLAP_OC_ALIAS 0x0001
#define SLAP_OC_REFERRAL 0x0002
#define SLAP_OC_SUBENTRY 0x0004
@ -890,9 +894,6 @@ struct slap_internal_schema {
AttributeDescription *si_ad_children;
AttributeDescription *si_ad_saslAuthzTo;
AttributeDescription *si_ad_saslAuthzFrom;
#ifdef SLAPD_ACI_ENABLED
AttributeDescription *si_ad_aci;
#endif /* SLAPD_ACI_ENABLED */
/* dynamic entries */
AttributeDescription *si_ad_entryTtl;
@ -1258,9 +1259,10 @@ struct slap_op;
/*
* "dynamic" ACL infrastructure (for ACIs and more)
*/
typedef int (slap_dynacl_parse)( const char *fname, int lineno, slap_style_t, const char *, void **privp );
typedef int (slap_dynacl_unparse)( void *priv, struct berval *bv );
typedef int (slap_dynacl_mask)(
typedef int (slap_dynacl_parse) LDAP_P(( const char *fname, int lineno,
const char *opts, slap_style_t, const char *, void **privp ));
typedef int (slap_dynacl_unparse) LDAP_P(( void *priv, struct berval *bv ));
typedef int (slap_dynacl_mask) LDAP_P((
void *priv,
struct slap_op *op,
Entry *e,
@ -1269,8 +1271,8 @@ typedef int (slap_dynacl_mask)(
int nmatch,
regmatch_t *matches,
slap_access_t *grant,
slap_access_t *deny );
typedef int (slap_dynacl_destroy)( void *priv );
slap_access_t *deny ));
typedef int (slap_dynacl_destroy) LDAP_P(( void *priv ));
typedef struct slap_dynacl_t {
char *da_name;
@ -2715,7 +2717,6 @@ struct slap_listener {
#define sl_addr sl_sa.sa_in_addr
};
#ifdef SLAPD_MONITOR
/*
* Operation indices
*/
@ -2732,7 +2733,6 @@ enum {
SLAP_OP_EXTENDED,
SLAP_OP_LAST
};
#endif /* SLAPD_MONITOR */
typedef struct slap_counters_t {
ldap_pvt_thread_mutex_t sc_sent_mutex;

10
servers/slapd/slapi/slapi_dn.c
View file

@ -215,9 +215,13 @@ void slapi_sdn_get_parent( const Slapi_DN *sdn, Slapi_DN *sdn_parent )
{
struct berval parent_dn;
dnParent( (struct berval *)&sdn->dn, &parent_dn );
slapi_sdn_set_dn_byval( sdn_parent, parent_dn.bv_val );
if ( !(sdn->flag & FLAG_DN) ) {
dnParent( (struct berval *)&sdn->ndn, &parent_dn );
slapi_sdn_set_ndn_byval( sdn_parent, parent_dn.bv_val );
} else {
dnParent( (struct berval *)&sdn->dn, &parent_dn );
slapi_sdn_set_dn_byval( sdn_parent, parent_dn.bv_val );
}
}
void slapi_sdn_get_backend_parent( const Slapi_DN *sdn,

5
servers/slapd/syntax.c
View file

@ -178,15 +178,16 @@ register_syntax(
code = syn_add( syn, def, &err );
ldap_memfree( syn );
if ( code ) {
Debug( LDAP_DEBUG_ANY, "Error in register_syntax: %s %s in %s\n",
scherr2str(code), err, def->sd_desc );
ldap_syntax_free( syn );
return( -1 );
}
ldap_memfree( syn );
return( 0 );
}

2
tests/data/retcode.conf
View file

@ -31,7 +31,7 @@ retcode-item "cn=strongAuthRequired" 0x08
retcode-item "cn=strongerAuthRequired" 0x08 text="same as strongAuthRequired"
#retcode-item "cn=partialResults" 0x09 "LDAPv2+ (not LDAPv3)"
retcode-item "cn=referral" 0x0a text="LDAPv3" ref="ldap://:9010"
retcode-item "cn=referral" 0x0a text="LDAPv3" ref="ldap://:9019"
retcode-item "cn=adminLimitExceeded" 0x0b text="LDAPv3"
retcode-item "cn=unavailableCriticalExtension" 0x0c text="LDAPv3"
retcode-item "cn=confidentialityRequired" 0x0d text="LDAPv3"

5
tests/run.in
View file

@ -42,15 +42,18 @@ AC_translucent=translucent@BUILD_TRANSLUCENT@
AC_unique=unique@BUILD_UNIQUE@
AC_rwm=rwm@BUILD_RWM@
AC_syncprov=syncprov@BUILD_SYNCPROV@
AC_valsort=valsort@BUILD_VALSORT@
# misc
AC_WITH_SASL=@WITH_SASL@
AC_WITH_TLS=@WITH_TLS@
AC_WITH_MODULES_ENABLED=@WITH_MODULES_ENABLED@
AC_ACI_ENABLED=aci@SLAPD_ACI_ENABLED@
export AC_bdb AC_hdb AC_ldap AC_ldbm AC_meta AC_monitor AC_relay AC_sql
export AC_glue AC_pcache AC_ppolicy AC_refint AC_retcode AC_rwm AC_unique AC_syncprov
export AC_translucent AC_WITH_SASL AC_WITH_TLS AC_WITH_MODULES_ENABLED
export AC_translucent AC_WITH_SASL AC_WITH_TLS AC_WITH_MODULES_ENABLED AC_ACI_ENABLED
export AC_valsort
if test ! -x ../servers/slapd/slapd ; then
echo "Could not locate slapd(8)"

5
tests/scripts/conf.sh
View file

@ -12,12 +12,11 @@
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
MONMOD=nomod
if [ x"$MONITORDB" = xyes -o x"$MONITORDB" = xmod ] ; then
MON=monitor
if [ $MONITORDB = mod ] ; then
MONMOD=monitormod
else
MONMOD=nomod
fi
else
MON=nomonitor
@ -51,9 +50,11 @@ sed -e "s/@BACKEND@/${BACKEND}/" \
-e "s/^#${AC_syncprov}#//" \
-e "s/^#${AC_translucent}#//" \
-e "s/^#${AC_unique}#//" \
-e "s/^#${AC_valsort}#//" \
-e "s/^#${MON}#//" \
-e "s/^#${MONMOD}#//" \
-e "s/^#${SASL}#//" \
-e "s/^#${ACI}#//" \
-e "s;@URI1@;${URI1};" \
-e "s;@URI2@;${URI2};" \
-e "s;@URI3@;${URI3};" \

11
tests/scripts/defines.sh
View file

@ -32,6 +32,8 @@ SYNCPROV=${AC_syncprov-syncprovno}
WITH_SASL=${AC_WITH_SASL-no}
USE_SASL=${SLAPD_USE_SASL-no}
WITHTLS=${AC_WITHTLS-yes}
ACI=${AC_ACI_ENABLED-acino}
VALSORT=${AC_valsort-valsortno}
DATADIR=./testdata
PROGDIR=./progs
@ -95,6 +97,8 @@ TRANSLUCENTREMOTECONF=$DATADIR/slapd-translucent-remote.conf
METACONF=$DATADIR/slapd-meta.conf
METACONF2=$DATADIR/slapd-meta2.conf
GLUELDAPCONF=$DATADIR/slapd-glue-ldap.conf
ACICONF=$DATADIR/slapd-aci.conf
VALSORTCONF=$DATADIR/slapd-valsort.conf
CONF1=$TESTDIR/slapd.1.conf
CONF2=$TESTDIR/slapd.2.conf
@ -184,6 +188,7 @@ LDIFTRANSLUCENTCONFIG=$DATADIR/test-translucent-config.ldif
LDIFTRANSLUCENTADD=$DATADIR/test-translucent-add.ldif
LDIFTRANSLUCENTMERGED=$DATADIR/test-translucent-merged.ldif
LDIFMETA=$DATADIR/test-meta.ldif
LDIFVALSORT=$DATADIR/test-valsort.ldif
SQLADD=$DATADIR/sql-add.ldif
MONITOR=""
REFDN="c=US"
@ -204,6 +209,8 @@ TRANSLUCENTDN="uid=binder,o=translucent"
TRANSLUCENTPASSWD="bindtest"
METABASEDN="ou=Meta,dc=example,dc=com"
METAMANAGERDN="cn=Manager,$METABASEDN"
VALSORTDN="cn=Manager,o=valsort"
VALSORTBASEDN="o=valsort"
LOG1=$TESTDIR/slapd.1.log
LOG2=$TESTDIR/slapd.2.log
@ -221,6 +228,9 @@ SEARCHFLT2=$TESTDIR/ldapsearch2.flt
LDIFFLT=$TESTDIR/ldif.flt
TESTOUT=$TESTDIR/test.out
INITOUT=$TESTDIR/init.out
VALSORTOUT1=$DATADIR/valsort1.out
VALSORTOUT2=$DATADIR/valsort2.out
VALSORTOUT3=$DATADIR/valsort3.out
SERVER1OUT=$TESTDIR/server1.out
SERVER1FLT=$TESTDIR/server1.flt
@ -274,6 +284,7 @@ METAOUT=$DATADIR/meta.out
METACONCURRENCYOUT=$DATADIR/metaconcurrency.out
MANAGEOUT=$DATADIR/manage.out
SUBTREERENAMEOUT=$DATADIR/subtree-rename.out
ACIOUT=$DATADIR/aci.out
# Just in case we linked the binaries dynamically
LD_LIBRARY_PATH=`pwd`/../libraries:${LD_LIBRARY_PATH} export LD_LIBRARY_PATH

2
tests/scripts/sql-test000-read
View file

@ -71,7 +71,7 @@ fi
echo -n "Testing incorrect bind (should fail)... "
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w "XXX"
RC=$?
if test $RC == 0 ; then
if test $RC = 0 ; then
echo "ldapwhoami should have failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC

6
tests/scripts/test000-rootdse
View file

@ -49,8 +49,10 @@ if test $RC = 0 ; then
fi
count=2
if test $RC = 0 ; then
if test $MONITORDB = yes -o $MONITORDB = mod ; then
count=3
echo "Using ldapsearch to retrieve the cn=Monitor..."
$LDAPSEARCH -b "cn=Monitor" -s base -h $LOCALHOST -p $PORT1 \
'+extensibleObject' >> $SEARCHOUT 2>&1
@ -67,8 +69,8 @@ if test $RC != 0 ; then
echo ">>>>> Test failed"
else
RC=`grep '^dn:' $SEARCHOUT | wc -l`
if test $RC != 3 ; then
echo ">>>>> Test failed: expected 3 entries, got" $RC
if test $RC != $count ; then
echo ">>>>> Test failed: expected $count entries, got" $RC
RC=1
else
echo ">>>>> Test succeeded"

2
tests/scripts/test022-ppolicy
View file

@ -54,7 +54,7 @@ if test $RC != 0 ; then
fi
echo "Using ldapadd to populate the database..."
$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \
$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD -e manageDIT < \
$LDIFPPOLICY > $TESTOUT 2>&1
RC=$?
if test $RC != 0 ; then

2
tests/scripts/test027-emptydn
View file

@ -28,7 +28,7 @@ if test $RC != 0 ; then
fi
echo "Running slapadd to build empty DN slapd database..."
$SLAPADD -f $CONF1 -n 3 -l $LDIFEMPTYDN2
$SLAPADD -f $CONF1 -b "" -l $LDIFEMPTYDN2
RC=$?
if test $RC != 0 ; then
echo "slapadd failed ($RC)!"