rename "permit modify" control to "permissive modify"

rename "no referrals" controls to "domain scope"
misc cleanup

include/ldap.h

@@ -230,8 +230,8 @@ typedef struct ldapcontrol {
 #define LDAP_CONTROL_VLVRESPONSE    "2.16.840.1.113730.3.4.10"
 
 #ifdef LDAP_DEVEL
-#define LDAP_CONTROL_PERMITMODIFY "1.2.840.113556.1.4.1413"
+#define LDAP_CONTROL_X_PERMISSIVE_MODIFY "1.2.840.113556.1.4.1413"
-#define LDAP_CONTROL_NOREFERRALS "1.2.840.113556.1.4.1339"
+#define LDAP_CONTROL_X_DOMAIN_SCOPE "1.2.840.113556.1.4.1339"
 #endif
 
 /* LDAP Unsolicited Notifications */

servers/slapd/back-bdb/modify.c

@@ -56,7 +56,7 @@ int bdb_modify_internal(
 #else
 			Debug(LDAP_DEBUG_ARGS, "bdb_modify_internal: add\n", 0, 0, 0);
 #endif
-			err = modify_add_values( e, mod, get_permitmodify(op),
+			err = modify_add_values( e, mod, get_permissiveModify(op),
 				text, textbuf, textlen );
 			if( err != LDAP_SUCCESS ) {
 #ifdef NEW_LOGGING
@@ -76,7 +76,7 @@ int bdb_modify_internal(
 #else
 			Debug(LDAP_DEBUG_ARGS, "bdb_modify_internal: delete\n", 0, 0, 0);
 #endif
-			err = modify_delete_values( e, mod, get_permitmodify(op),
+			err = modify_delete_values( e, mod, get_permissiveModify(op),
 				text, textbuf, textlen );
 			assert( err != LDAP_TYPE_OR_VALUE_EXISTS );
 			if( err != LDAP_SUCCESS ) {
@@ -97,7 +97,7 @@ int bdb_modify_internal(
 #else
 			Debug(LDAP_DEBUG_ARGS, "bdb_modify_internal: replace\n", 0, 0, 0);
 #endif
-			err = modify_replace_values( e, mod, get_permitmodify(op),
+			err = modify_replace_values( e, mod, get_permissiveModify(op),
 				text, textbuf, textlen );
 			if( err != LDAP_SUCCESS ) {
 #ifdef NEW_LOGGING
@@ -122,7 +122,7 @@ int bdb_modify_internal(
  			 */
  			mod->sm_op = LDAP_MOD_ADD;
 
-			err = modify_add_values( e, mod, get_permitmodify(op),
+			err = modify_add_values( e, mod, get_permissiveModify(op),
 				text, textbuf, textlen );
  			if ( err == LDAP_TYPE_OR_VALUE_EXISTS ) {
  				err = LDAP_SUCCESS;

servers/slapd/back-bdb/search.c

@@ -1049,7 +1049,8 @@ static int search_candidates(
 	 * these clauses are redundant.
 	 */
 	if (!oc_filter(filter, 1, &depth) && !get_subentries_visibility(op) ) {
-		if( !get_manageDSAit(op) ) { /* match referrals */
+		if( !get_manageDSAit(op) && !get_domainScope(op) ) {
+			/* match referral objects */
 			struct berval bv_ref = { sizeof("referral")-1, "referral" };
 			rf.f_choice = LDAP_FILTER_EQUALITY;
 			rf.f_ava = &aa_ref;
@@ -1060,7 +1061,8 @@ static int search_candidates(
 		}
 
 #ifdef BDB_ALIASES
-		if( deref & LDAP_DEREF_SEARCHING ) { /* match aliases */
+		if( deref & LDAP_DEREF_SEARCHING ) {
+			/* match alias objects */
 			struct berval bv_alias = { sizeof("alias")-1, "alias" };
 			af.f_choice = LDAP_FILTER_EQUALITY;
 			af.f_ava = &aa_alias;

servers/slapd/back-ldbm/modify.c

@@ -65,7 +65,8 @@ int ldbm_modify_internal(
 			Debug(LDAP_DEBUG_ARGS, "ldbm_modify_internal: add\n", 0, 0, 0);
 #endif
 
-			rc = modify_add_values( e, mod, op->o_permitmodify, text, textbuf, textlen );
+			rc = modify_add_values( e, mod, get_permissiveModify(op),
+				text, textbuf, textlen );
 			if( rc != LDAP_SUCCESS ) {
 #ifdef NEW_LOGGING
 				LDAP_LOG( BACK_LDBM, INFO, 
@@ -84,7 +85,8 @@ int ldbm_modify_internal(
 			Debug(LDAP_DEBUG_ARGS, "ldbm_modify_internal: delete\n", 0, 0, 0);
 #endif
 
-			rc = modify_delete_values( e, mod, op->o_permitmodify, text, textbuf, textlen );
+			rc = modify_delete_values( e, mod, get_permissiveModify(op),
+				text, textbuf, textlen );
 			assert( rc != LDAP_TYPE_OR_VALUE_EXISTS );
 			if( rc != LDAP_SUCCESS ) {
 #ifdef NEW_LOGGING
@@ -104,7 +106,8 @@ int ldbm_modify_internal(
 			Debug(LDAP_DEBUG_ARGS, "ldbm_modify_internal: replace\n", 0, 0, 0);
 #endif
 
-			rc = modify_replace_values( e, mod, op->o_permitmodify, text, textbuf, textlen );
+			rc = modify_replace_values( e, mod, get_permissiveModify(op),
+				text, textbuf, textlen );
 			if( rc != LDAP_SUCCESS ) {
 #ifdef NEW_LOGGING
 				LDAP_LOG( BACK_LDBM, INFO, 
@@ -129,7 +132,8 @@ int ldbm_modify_internal(
 			 */
 			mod->sm_op = LDAP_MOD_ADD;
 
-			rc = modify_add_values( e, mod, op->o_permitmodify, text, textbuf, textlen );
+			rc = modify_add_values( e, mod, get_permissiveModify(op),
+				text, textbuf, textlen );
 			if ( rc == LDAP_TYPE_OR_VALUE_EXISTS ) {
 				rc = LDAP_SUCCESS;
 			}

servers/slapd/back-ldbm/search.c

@@ -74,7 +74,7 @@ ldbm_back_search(
 		ber_dupbv( &realbase, &e->e_nname );
 
 		candidates = search_candidates( be, e, filter,
-		    scope, deref, manageDSAit );
+		    scope, deref, manageDSAit || get_domainScope(op) );
 
 		goto searchit;
 		

servers/slapd/controls.c

@@ -49,8 +49,8 @@ static SLAP_CTRL_PARSE_FN parseManageDSAit;
 static SLAP_CTRL_PARSE_FN parseNoOp;
 static SLAP_CTRL_PARSE_FN parsePagedResults;
 static SLAP_CTRL_PARSE_FN parseValuesReturnFilter;
-static SLAP_CTRL_PARSE_FN parsePermitModify;
+static SLAP_CTRL_PARSE_FN parsePermissiveModify;
-static SLAP_CTRL_PARSE_FN parseNoReferrals;
+static SLAP_CTRL_PARSE_FN parseDomainScope;
 
 #ifdef LDAP_CONTROL_SUBENTRIES
 static SLAP_CTRL_PARSE_FN parseSubentries;
@@ -113,6 +113,21 @@ static struct slap_control {
  	{ LDAP_CONTROL_VALUESRETURNFILTER,
  		SLAP_CTRL_SEARCH, NULL,
 		parseValuesReturnFilter },
+#ifdef LDAP_CONTROL_PAGEDRESULTS
+	{ LDAP_CONTROL_PAGEDRESULTS,
+		SLAP_CTRL_SEARCH, NULL,
+		parsePagedResults },
+#endif
+#ifdef LDAP_CONTROL_X_DOMAIN_SCOPE
+	{ LDAP_CONTROL_X_DOMAIN_SCOPE,
+		SLAP_CTRL_FRONTEND|SLAP_CTRL_SEARCH, NULL,
+		parseDomainScope },
+#endif
+#ifdef LDAP_CONTROL_X_PERMISSIVE_MODIFY
+	{ LDAP_CONTROL_X_PERMISSIVE_MODIFY,
+		SLAP_CTRL_MODIFY, NULL,
+		parsePermissiveModify },
+#endif
 #ifdef LDAP_CONTROL_SUBENTRIES
 	{ LDAP_CONTROL_SUBENTRIES,
 		SLAP_CTRL_SEARCH, NULL,
@@ -121,27 +136,6 @@ static struct slap_control {
 	{ LDAP_CONTROL_NOOP,
 		SLAP_CTRL_ACCESS, NULL,
 		parseNoOp },
-#ifdef LDAP_CONTROL_PAGEDRESULTS
-	{ LDAP_CONTROL_PAGEDRESULTS,
-		SLAP_CTRL_SEARCH, NULL,
-		parsePagedResults },
-#endif
-	{ LDAP_CONTROL_MANAGEDSAIT,
-		SLAP_CTRL_ACCESS, NULL,
-		parseManageDSAit },
-	{ LDAP_CONTROL_PROXY_AUTHZ,
-		SLAP_CTRL_FRONTEND|SLAP_CTRL_ACCESS, proxy_authz_extops,
-		parseProxyAuthz },
-#ifdef LDAP_CONTROL_PERMITMODIFY
-	{ LDAP_CONTROL_PERMITMODIFY,
-		SLAP_CTRL_UPDATE, NULL,
-		parsePermitModify },
-#endif
-#ifdef LDAP_CONTROL_NOREFERRALS
-	{ LDAP_CONTROL_NOREFERRALS,
-		SLAP_CTRL_SEARCH, NULL,
-		parseNoReferrals },
-#endif
 #ifdef LDAP_CLIENT_UPDATE
 	{ LDAP_CONTROL_CLIENT_UPDATE,
 		SLAP_CTRL_SEARCH, NULL,
@@ -152,6 +146,12 @@ static struct slap_control {
 		SLAP_CTRL_SEARCH, NULL,
 		parseLdupSync },
 #endif
+	{ LDAP_CONTROL_MANAGEDSAIT,
+		SLAP_CTRL_ACCESS, NULL,
+		parseManageDSAit },
+	{ LDAP_CONTROL_PROXY_AUTHZ,
+		SLAP_CTRL_FRONTEND|SLAP_CTRL_ACCESS, proxy_authz_extops,
+		parseProxyAuthz },
 	{ NULL, 0, NULL, 0 }
 };
 
@@ -813,24 +813,24 @@ static int parseSubentries (
 }
 #endif
 
-#ifdef LDAP_CONTROL_PERMITMODIFY
+#ifdef LDAP_CONTROL_X_PERMISSIVE_MODIFY
-static int parsePermitModify (
+static int parsePermissiveModify (
 	Connection *conn,
 	Operation *op,
 	LDAPControl *ctrl,
 	const char **text )
 {
-	if ( op->o_permitmodify != SLAP_NO_CONTROL ) {
+	if ( op->o_permissive_modify != SLAP_NO_CONTROL ) {
-		*text = "permitmodify control specified multiple times";
+		*text = "permissiveModify control specified multiple times";
 		return LDAP_PROTOCOL_ERROR;
 	}
 
 	if ( ctrl->ldctl_value.bv_len ) {
-		*text = "permitmodify control value not empty";
+		*text = "permissiveModify control value not empty";
 		return LDAP_PROTOCOL_ERROR;
 	}
 
-	op->o_permitmodify = ctrl->ldctl_iscritical
+	op->o_permissive_modify = ctrl->ldctl_iscritical
 		? SLAP_CRITICAL_CONTROL
 		: SLAP_NONCRITICAL_CONTROL;
 
@@ -838,24 +838,24 @@ static int parsePermitModify (
 }
 #endif
 
-#ifdef LDAP_CONTROL_NOREFERRALS
+#ifdef LDAP_CONTROL_X_DOMAIN_SCOPE
-static int parseNoReferrals (
+static int parseDomainScope (
 	Connection *conn,
 	Operation *op,
 	LDAPControl *ctrl,
 	const char **text )
 {
-	if ( op->o_noreferrals != SLAP_NO_CONTROL ) {
+	if ( op->o_domain_scope != SLAP_NO_CONTROL ) {
-		*text = "noreferrals control specified multiple times";
+		*text = "domainScope control specified multiple times";
 		return LDAP_PROTOCOL_ERROR;
 	}
 
 	if ( ctrl->ldctl_value.bv_len ) {
-		*text = "noreferrals control value not empty";
+		*text = "domainScope control value not empty";
 		return LDAP_PROTOCOL_ERROR;
 	}
 
-	op->o_noreferrals = ctrl->ldctl_iscritical
+	op->o_domain_scope = ctrl->ldctl_iscritical
 		? SLAP_CRITICAL_CONTROL
 		: SLAP_NONCRITICAL_CONTROL;
 

servers/slapd/extended.c

@@ -59,11 +59,11 @@ static struct {
 	struct berval oid;
 	SLAP_EXTOP_MAIN_FN *ext_main;
 } builtin_extops[] = {
-	{ BVC(LDAP_EXOP_X_WHO_AM_I), whoami_extop },
-	{ BVC(LDAP_EXOP_MODIFY_PASSWD), passwd_extop },
 #ifdef LDAP_EXOP_X_CANCEL
 	{ BVC(LDAP_EXOP_X_CANCEL), cancel_extop },
 #endif
+	{ BVC(LDAP_EXOP_X_WHO_AM_I), whoami_extop },
+	{ BVC(LDAP_EXOP_MODIFY_PASSWD), passwd_extop },
 #ifdef HAVE_TLS
 	{ BVC(LDAP_EXOP_START_TLS), starttls_extop },
 #endif

servers/slapd/result.c

@@ -480,8 +480,8 @@ slap_send_ldap_result(
 	assert( err != LDAP_PARTIAL_RESULTS );
 
 	if ( err == LDAP_REFERRAL ) {
-#ifdef LDAP_CONTROL_NOREFERRALS
+#ifdef LDAP_CONTROL_X_DOMAIN_SCOPE
-		if( op->o_noreferrals ) {
+		if( op->o_domain_scope ) {
 			ref = NULL;
 		}
 #endif
@@ -1383,15 +1383,15 @@ slap_send_search_reference(
 		return( 1 );
 	}
 
-#ifdef LDAP_CONTROL_NOREFERRALS
+#ifdef LDAP_CONTROL_X_DOMAIN_SCOPE
-	if( op->o_noreferrals ) {
+	if( op->o_domain_scope ) {
 #ifdef NEW_LOGGING
 		LDAP_LOG( OPERATION, ERR, 
-			"send_search_reference: conn %lu noreferrals control in (%s).\n",
+			"send_search_reference: conn %lu domainScope control in (%s).\n",
 			op->o_connid, e->e_dn, 0 );
 #else
 		Debug( LDAP_DEBUG_ANY,
-			"send_search_reference: noreferrals control in (%s)\n", 
+			"send_search_reference: domainScope control in (%s)\n", 
 			e->e_dn, 0, 0 );
 #endif
 

servers/slapd/schema_prep.c

@@ -320,6 +320,7 @@ static struct slap_schema_oc_map {
 		"MUST cn )",
 		0, SLAP_OC_OPERATIONAL,
 		offsetof(struct slap_internal_schema, si_oc_monitor) },
+#ifdef LDAP_DEVEL
 	{ "collectiveAttributeSubentry", "( 2.5.17.2 "
 			"NAME 'collectiveAttributeSubentry' "
 			"AUXILIARY )",
@@ -332,6 +333,7 @@ static struct slap_schema_oc_map {
 			"SUP top AUXILIARY )",
 		dynamicObjectClass, SLAP_OC_DYNAMICOBJECT,
 		offsetof(struct slap_internal_schema, si_oc_dynamicObject) },
+#endif
 	{ NULL, NULL, NULL, 0, 0 }
 };
 
@@ -423,6 +425,7 @@ static struct slap_schema_ad_map {
 		NULL, 0,
 		NULL, NULL, NULL, NULL, NULL,
 		offsetof(struct slap_internal_schema, si_ad_subschemaSubentry) },
+#ifdef LDAP_DEVEL
 	{ "collectiveAttributeSubentries", "( 2.5.18.12 "
 			"NAME 'collectiveAttributeSubentries' "
 			"EQUALITY distinguishedNameMatch "
@@ -438,6 +441,7 @@ static struct slap_schema_ad_map {
 		NULL, SLAP_AT_HIDE,
 		NULL, NULL, NULL, NULL, NULL,
 		offsetof(struct slap_internal_schema, si_ad_collectiveExclusions) },
+#endif
 
 	{ "entryUUID", "( 1.3.6.1.4.1.4203.666.1.6 NAME 'entryUUID' "   
 			"DESC 'LCUP/LDUP: UUID of the entry' "
@@ -687,6 +691,7 @@ static struct slap_schema_ad_map {
 		offsetof(struct slap_internal_schema, si_ad_aci) },
 #endif
 
+#ifdef LDAP_DEVEL
 	{ "entryTtl", "( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTtl' "
 			"DESC 'RFC2589: entry time-to-live' "
 			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE "
@@ -702,6 +707,7 @@ static struct slap_schema_ad_map {
 		rootDseAttribute, 0,
 		NULL, NULL, NULL, NULL, NULL,
 		offsetof(struct slap_internal_schema, si_ad_dynamicSubtrees) },
+#endif
 
 	/* userApplication attributes (which system schema depends upon) */
 	{ "distinguishedName", "( 2.5.4.49 NAME 'distinguishedName' "

servers/slapd/slap.h

@@ -1683,15 +1683,18 @@ typedef struct slap_op {
 
 	char o_valuesreturnfilter;
 
-#ifdef LDAP_CONTROL_PERMITMODIFY
+#ifdef LDAP_CONTROL_X_PERMISSIVE_MODIFY
-	char o_permitmodify;
+	char o_permissive_modify;
-#define get_permitmodify(op)			((int)(op)->o_permitmodify)
+#define get_permissiveModify(op)		((int)(op)->o_permissive_modify)
 #else
-#define get_permitmodify(op)			(0)
+#define get_permissiveModify(op)		(0)
 #endif
 
-#ifdef LDAP_CONTROL_NOREFERRALS
+#ifdef LDAP_CONTROL_X_DOMAIN_SCOPE
-	char o_noreferrals;
+	char o_domain_scope;
+#define get_domainScope(op)				((int)(op)->o_domain_scope)
+#else
+#define get_domainScope(op)				(0)
 #endif
 
 #ifdef LDAP_CONTROL_PAGEDRESULTS