upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-02-18 18:18:06 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

First rounded of changes in prep for 2.2.beta3

Browse source
This commit is contained in:
Kurt Zeilenga 2003-11-30 23:20:22 +00:00
parent 05f8a1357b
commit c350b558d7
180 changed files with 7583 additions and 5311 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
clients/tools/common.c
View file

@ -20,6 +20,7 @@
#include "lutil_ldap.h"
#include "ldap_defaults.h"
#include "ldap_pvt.h"
#include "lber_pvt.h"
#include "common.h"
@ -762,8 +763,8 @@ tool_server_controls( LDAP *ld, LDAPControl *extra_c, int count )
}
if ( assertctl ) {
char berbuf[LBER_ELEMENT_SIZEOF];
BerElement *ber = (BerElement *)berbuf;
BerElementBuffer berbuf;
BerElement *ber = (BerElement *)&berbuf;
if( assertion == NULL || *assertion == '\0' ) {
fprintf( stderr, "Assertion=<empty>\n" );
@ -820,7 +821,7 @@ tool_server_controls( LDAP *ld, LDAPControl *extra_c, int count )
if ( preread ) {
char berbuf[LBER_ELEMENT_SIZEOF];
BerElement *ber = (BerElement *)berbuf;
char **attrs;
char **attrs = NULL;
if( preread_attrs ) {
attrs = ldap_str2charray( preread_attrs, "," );
@ -850,7 +851,7 @@ tool_server_controls( LDAP *ld, LDAPControl *extra_c, int count )
if ( postread ) {
char berbuf[LBER_ELEMENT_SIZEOF];
BerElement *ber = (BerElement *)berbuf;
char **attrs;
char **attrs = NULL;
if( postread_attrs ) {
attrs = ldap_str2charray( postread_attrs, "," );

4
clients/tools/ldapsearch.c
View file

@ -1131,10 +1131,10 @@ print_entry(
}
write_ldif( LDIF_PUT_VALUE, "dn", bv.bv_val, bv.bv_len );
rc = ldap_pvt_get_controls( ber, &ctrls );
rc = ldap_get_entry_controls( ld, entry, &ctrls );
if( rc != LDAP_SUCCESS ) {
fprintf(stderr, _("print_entry: %d\n"), rc );
ldap_perror( ld, "ldap_pvt_get_controls" );
ldap_perror( ld, "ldap_get_entry_controls" );
exit( EXIT_FAILURE );
}

16
configure.in
View file

@ -173,7 +173,8 @@ OL_ARG_ENABLE(slapd,[ --enable-slapd enable building slapd], yes)dnl
OL_ARG_ENABLE(aci,[ --enable-aci enable per-object ACIs (experimental)], no)dnl
OL_ARG_ENABLE(cleartext,[ --enable-cleartext enable cleartext passwords], yes)dnl
OL_ARG_ENABLE(crypt,[ --enable-crypt enable crypt(3) passwords], no)dnl
OL_ARG_ENABLE(kpasswd,[ --enable-kpasswd enable Kerberos password verification], no)dnl
dnl OL_ARG_ENABLE(kpasswd,[ --enable-kpasswd enable Kerberos password verification], no)dnl
ol_enable_kpasswd=${ol_enable_kpasswd-no}
OL_ARG_ENABLE(lmpasswd,[ --enable-lmpasswd enable LAN Manager passwords], no)dnl
OL_ARG_ENABLE(spasswd,[ --enable-spasswd enable (Cyrus) SASL password verification], no)dnl
OL_ARG_ENABLE(modules,[ --enable-modules enable dynamic module support], no)dnl
@ -209,7 +210,7 @@ OL_ARG_WITH(ldbm_type,[ --with-ldbm-type use LDBM type auto|btree|hash], au
OL_ARG_ENABLE(meta,[ --enable-meta enable metadirectory backend], no)dnl
OL_ARG_WITH(meta_module,[ --with-meta-module module type static|dynamic], static,
[static dynamic])
OL_ARG_ENABLE(monitor,[ --enable-monitor enable monitor backend], no)dnl
OL_ARG_ENABLE(monitor,[ --enable-monitor enable monitor backend], yes)dnl
OL_ARG_WITH(monitor_module,[ --with-monitor-module module type static|dynamic], static,
[static dynamic])
OL_ARG_ENABLE(null,[ --enable-null enable null backend], no)dnl
@ -666,10 +667,12 @@ if test $ol_enable_perl != no ; then
else
PERL_CPPFLAGS="`$PERLBIN -MExtUtils::Embed -e ccopts`"
PERL_LDFLAGS="`$PERLBIN -MExtUtils::Embed -e ldopts|sed -e 's/ -lc / /'`"
if test x"$ol_with_perl_module" = "xstatic" ; then
SLAPD_PERL_LDFLAGS="`$PERLBIN -MExtUtils::Embed -e ldopts|sed -e s/-lc//`"
SLAPD_PERL_LDFLAGS="$PERL_LDFLAGS"
else
MOD_PERL_LDFLAGS="`$PERLBIN -MExtUtils::Embed -e ldopts|sed -e s/-lc//`"
MOD_PERL_LDFLAGS="$PERL_LDFLAGS"
fi
dnl should check perl version
ol_link_perl=yes
@ -1293,8 +1296,10 @@ else
AC_WARN([TLS data protection not supported!])
fi
WITH_TLS=no
if test $ol_link_tls = yes ; then
AC_DEFINE(HAVE_TLS, 1, [define if you have TLS])
WITH_TLS=yes
elif test $ol_with_tls = auto ; then
AC_WARN([Could not locate TLS/SSL package])
@ -2769,6 +2774,7 @@ fi
AC_SUBST(LIBSRCS)
AC_SUBST(PLAT)
AC_SUBST(WITH_TLS)
AC_SUBST(BUILD_LIBS_DYNAMIC)
AC_SUBST(BUILD_SLAPD)
@ -2887,8 +2893,10 @@ servers/slapd/slapi/Makefile:build/top.mk:servers/slapd/slapi/Makefile.in:build/
servers/slapd/tools/Makefile:build/top.mk:servers/slapd/tools/Makefile.in \
servers/slurpd/Makefile:build/top.mk:servers/slurpd/Makefile.in:build/srv.mk \
tests/Makefile:build/top.mk:tests/Makefile.in:build/dir.mk \
tests/run \
tests/progs/Makefile:build/top.mk:tests/progs/Makefile.in:build/rules.mk \
,[
chmod +x tests/run
date > stamp-h
echo Please run \"make depend\" to build dependencies
])

6
doc/devel/todo
View file

@ -38,17 +38,21 @@ Implement LDAP sorted search results control
Medium projects
---------------
Add DSML capabilities to command line tools
Implement authPassword (RFC 3112)
Implement DIT Structure Rules and Name Forms
Implement LDAP Transactions extension
Implement native support for simple SASL mechanisms (e.g. EXTERNAL and PLAIN)
Implement LDAPprep
Redesign slapd memory allocation fault handling
Localize tools
Small projects
--------------
Add DSML capabilities to command line tools
Add dumpasn1 logging support
Implement SASLprep
Redesign test suite to use configure generated run script
Add tests to test suite
Convert utfconv.txt into man page(s).
Recode linked-list structs to use <ldap_queue.h> macros

6
doc/man/man3/ldap_add.3
View file

@ -10,16 +10,16 @@ OpenLDAP LDAP (libldap, -lldap)
.nf
.B #include <ldap.h>
.sp
.BI "int ldap_add(LDAP *" ld ", const char *" dn ", LDAPMOD *" attrs "[]);"
.BI "int ldap_add(LDAP *" ld ", const char *" dn ", LDAPMod *" attrs "[]);"
.sp
.BI "int ldap_add_s(LDAP *" ld ", const char *" dn ", LDAPMod *" attrs "[]);"
.sp
.BI "int ldap_add_ext(LDAP *" ld ", const char *" dn ", LDAPMOD *" attrs "[],"
.BI "int ldap_add_ext(LDAP *" ld ", const char *" dn ", LDAPMod *" attrs "[],"
.RS
.BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[], int *" msgidp ");"
.RE
.sp
.BI "int ldap_add_ext_s(LDAP *" ld ", const char *" dn ", LDAPMOD *" attrs "[],"
.BI "int ldap_add_ext_s(LDAP *" ld ", const char *" dn ", LDAPMod *" attrs "[],"
.RS
.BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[]);"
.RE

2
doc/man/man3/ldap_bind.3
View file

@ -53,7 +53,7 @@ OpenLDAP LDAP (libldap, -lldap)
.LP
.BI "int ldap_sasl_interactive_bind_s(LDAP *" ld ", const char *" dn ","
.RS
.BI "const char *" mechs ", struct berval *" cred ","
.BI "const char *" mechs ","
.BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[],"
.BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact ","
.BI "void *" defaults ");"

29
doc/man/man5/slapd.access.5
View file

@ -216,6 +216,16 @@ dn.regex clause by using the form
with
.B digit
ranging from 1 to 9.
The style qualifier
allows an optional
.BR modifier .
At present, the only type allowed is
.BR expand ,
which causes substring substitution of submatches to take place
even if
.B dnstyle
is not
.BR regex .
.LP
The statement
.B dnattr=<attrname>
@ -240,7 +250,8 @@ can be
.BR regex ,
which means that
.B <group>
will be expanded according to regex (7), and
will be expanded as a replacement string (but not as a regular expression)
according to regex (7), and
.B base
or
.B exact
@ -298,6 +309,22 @@ of the contacting host is determined by performing a DNS reverse lookup.
As this lookup can easily be spoofed, use of the
.B domain
statement is strongly discouraged. By default, reverse lookups are disabled.
The optional
.B domainstyle
qualifier of the
.B domain
clause allows a
.B modifier
option; the only value currently supported is
.BR expand ,
which causes substring substitution of submatches to take place even if
the
.B domainstyle
is not
.BR regex ,
much like the analogous usage in
.B dn
clause.
.LP
The statement
.B set=<pattern>

9
doc/man/man5/slapd.conf.5
View file

@ -45,9 +45,12 @@ As many backend-specific sections as desired may be included. Global
options can be overridden in a backend (for options that appear more
than once, the last appearance in the
.B slapd.conf
file is used). Blank lines and comment lines beginning with a `#'
character are ignored. If a line begins with white space, it is
considered a continuation of the previous line.
file is used).
.LP
If a line begins with white space, it is considered a continuation
of the previous line. Blank lines and comment lines beginning with
a `#' character are ignored. (Note: continuation lines are unwrapped
before comment processing is applied.)
.LP
Arguments on configuration lines are separated by white space. If an
argument contains white space, the argument should be enclosed in

12
include/lber.h
View file

@ -157,18 +157,6 @@ extern char ber_pvt_opt_on;
#define LBER_OPT_SUCCESS (0)
#define LBER_OPT_ERROR (-1)
#define LBER_ELEMENT_SIZEOF (256) /* must be >= sizeof(BerElement) */
typedef union ber_buffer_u {
char charbuf[LBER_ELEMENT_SIZEOF];
/* force alignment */
int intbuf;
long longbuf;
float floatbuf;
double doublebuf;
char* ptrbuf;
} BerElementBuffer;
typedef struct berelement BerElement;
typedef struct sockbuf Sockbuf;
typedef struct seqorset Seqorset;

16
include/lber_pvt.h
View file

@ -21,6 +21,22 @@
LDAP_BEGIN_DECL
/* for allocating aligned buffers (on the stack) */
#define LBER_ALIGNED_BUFFER(uname,size) \
union uname { \
char buffer[size]; \
/* force alignment */ \
int ialign; \
long lalign; \
float falign; \
double dalign; \
char* palign; \
}
#define LBER_ELEMENT_SIZEOF (256) /* must be >= sizeof(BerElement) */
typedef LBER_ALIGNED_BUFFER(lber_berelement_u,LBER_ELEMENT_SIZEOF)
BerElementBuffer;
typedef struct sockbuf_buf {
ber_len_t buf_size;
ber_len_t buf_ptr;

21
include/ldap.h
View file

@ -206,14 +206,18 @@ typedef struct ldapcontrol {
#define LDAP_CONTROL_SYNC_DONE "1.3.6.1.4.1.4203.666.5.8"
#define LDAP_SYNC_INFO "1.3.6.1.4.1.4203.666.10.2"
#define LDAP_SYNC_NEW_COOKIE 0
#define LDAP_SYNC_STATE_MODE_DONE 1
#define LDAP_SYNC_LOG_MODE_DONE 2
#define LDAP_SYNC_REFRESH_DONE 3
#define LDAP_SYNC_REFRESH_PRESENTS 0
#define LDAP_SYNC_REFRESH_DELETES 1
#define LDAP_SYNC_STATE_MODE 0
#define LDAP_SYNC_LOG_MODE 1
#define LDAP_SYNC_PERSIST_MODE 2
#define LDAP_TAG_SYNC_NEW_COOKIE ((ber_tag_t) 0x80U)
#define LDAP_TAG_SYNC_REFRESH_DELETE ((ber_tag_t) 0xa1U)
#define LDAP_TAG_SYNC_REFRESH_PRESENT ((ber_tag_t) 0xa2U)
#define LDAP_TAG_SYNC_ID_SET ((ber_tag_t) 0xa3U)
#define LDAP_TAG_SYNC_COOKIE ((ber_tag_t) 0x04U)
#define LDAP_TAG_REFRESHDELETES ((ber_tag_t) 0x01U)
#define LDAP_TAG_REFRESHDONE ((ber_tag_t) 0x01U)
#define LDAP_TAG_RELOAD_HINT ((ber_tag_t) 0x01U)
#define LDAP_SYNC_PRESENT 0
#define LDAP_SYNC_ADD 1
@ -293,9 +297,6 @@ typedef struct ldapcontrol {
#define LDAP_TAG_SASL_RES_CREDS ((ber_tag_t) 0x87U) /* context specific + primitive */
#define LDAP_SYNC_TAG_COOKIE ((ber_tag_t) 0x04U) /* octet string */
/* possible operations a client can invoke */
#define LDAP_REQ_BIND ((ber_tag_t) 0x60U) /* application + constructed */
#define LDAP_REQ_UNBIND ((ber_tag_t) 0x42U) /* application + primitive */

2
include/ldap_pvt.h
View file

@ -155,7 +155,7 @@ LDAP_F (struct ldapcontrol *) ldap_control_dup LDAP_P((
LDAP_F (struct ldapcontrol **) ldap_controls_dup LDAP_P((
struct ldapcontrol *const *ctrls ));
LDAP_F (int) ldap_int_get_controls LDAP_P((
LDAP_F (int) ldap_pvt_get_controls LDAP_P((
BerElement *be,
struct ldapcontrol ***ctrlsp));

3
include/ldap_rq.h
View file

@ -73,7 +73,8 @@ ldap_pvt_runqueue_isrunning(
LDAP_F( void )
ldap_pvt_runqueue_resched(
struct runqueue_s* rq,
struct re_s* entry
struct re_s* entry,
int defer
);
LDAP_F( int )

2
include/ldbm.h
View file

@ -15,7 +15,7 @@
#define _LDBM_H_
#include <ldap_cdefs.h>
#include <string.h>
#include <ac/string.h>
/* dummy DB_ENV for non Berkeley DB */
#if !defined( LDBM_USE_DBBTREE ) && !defined( LDBM_USE_DBHASH )

2
include/rewrite.h
View file

@ -96,7 +96,7 @@ rewrite_info_init(
*/
LDAP_REWRITE_F (int)
rewrite_info_delete(
struct rewrite_info *info
struct rewrite_info **info
);

9
include/slapi-plugin.h
View file

@ -3,11 +3,10 @@
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
/*
* (C) Copyright IBM Corp. 1997,2002
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and that due credit is
* given to IBM Corporation. This software is provided ``as is''
* without express or implied warranty.
* Copyright IBM Corp. 1997,2002,2003
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*/
#ifndef _SLAPI_PLUGIN_H

18
libraries/libldap/cyrus.c
View file

@ -185,7 +185,7 @@ sb_sasl_remove( Sockbuf_IO_Desc *sbiod )
}
static ber_len_t
sb_sasl_pkt_length( const unsigned char *buf, unsigned max, int debuglevel )
sb_sasl_pkt_length( const unsigned char *buf, int debuglevel )
{
ber_len_t size;
@ -209,7 +209,7 @@ sb_sasl_pkt_length( const unsigned char *buf, unsigned max, int debuglevel )
/* Drop a processed packet from the input buffer */
static void
sb_sasl_drop_packet ( Sockbuf_Buf *sec_buf_in, unsigned max, int debuglevel )
sb_sasl_drop_packet ( Sockbuf_Buf *sec_buf_in, int debuglevel )
{
ber_slen_t len;
@ -220,7 +220,7 @@ sb_sasl_drop_packet ( Sockbuf_Buf *sec_buf_in, unsigned max, int debuglevel )
if ( len >= 4 ) {
sec_buf_in->buf_end = sb_sasl_pkt_length(
(unsigned char *) sec_buf_in->buf_base, max, debuglevel);
(unsigned char *) sec_buf_in->buf_base, debuglevel);
}
else {
sec_buf_in->buf_end = 0;
@ -269,7 +269,7 @@ sb_sasl_read( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
/* The new packet always starts at p->sec_buf_in.buf_base */
ret = sb_sasl_pkt_length( (unsigned char *) p->sec_buf_in.buf_base,
*p->sasl_maxbuf, sbiod->sbiod_sb->sb_debug );
sbiod->sbiod_sb->sb_debug );
/* Grow the packet buffer if neccessary */
if ( ( p->sec_buf_in.buf_size < (ber_len_t) ret ) &&
@ -304,8 +304,7 @@ sb_sasl_read( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
(unsigned *)&p->buf_in.buf_end );
/* Drop the packet from the input buffer */
sb_sasl_drop_packet( &p->sec_buf_in,
*p->sasl_maxbuf, sbiod->sbiod_sb->sb_debug );
sb_sasl_drop_packet( &p->sec_buf_in, sbiod->sbiod_sb->sb_debug );
if ( ret != SASL_OK ) {
ber_log_printf( LDAP_DEBUG_ANY, sbiod->sbiod_sb->sb_debug,
@ -599,9 +598,10 @@ ldap_int_sasl_bind(
ld->ld_defconn->lconn_sasl_authctx = NULL;
}
rc = ldap_int_sasl_open( ld, ld->ld_defconn,
ld->ld_defconn->lconn_server->lud_host ?
ld->ld_defconn->lconn_server->lud_host : "localhost" );
{ char *saslhost = ldap_host_connected_to( ld->ld_sb, "localhost" );
rc = ldap_int_sasl_open( ld, ld->ld_defconn, saslhost );
LDAP_FREE( saslhost );
}
if ( rc != LDAP_SUCCESS ) return rc;

22
libraries/libldap/dnssrv.c
View file

@ -28,11 +28,6 @@
#include <resolv.h>
#endif
/* Sometimes this is not defined. */
#ifndef T_SRV
#define T_SRV 33
#endif /* T_SRV */
int ldap_dn2domain(
LDAP_CONST char *dn_in,
char **domainp)
@ -203,7 +198,16 @@ int ldap_domain2hostlist(
#endif
rc = LDAP_UNAVAILABLE;
#ifdef NS_HFIXEDSZ
/* Bind 8/9 interface */
len = res_query(request, ns_c_in, ns_t_srv, reply, sizeof(reply));
#else
/* Bind 4 interface */
# ifndef T_SRV
# define T_SRV 33
# endif
len = res_query(request, C_IN, T_SRV, reply, sizeof(reply));
#endif
if (len >= 0) {
unsigned char *p;
char host[DNSBUFSIZ];
@ -213,7 +217,13 @@ int ldap_domain2hostlist(
/* Parse out query */
p = reply;
p += sizeof(HEADER);
#ifdef NS_HFIXEDSZ
/* Bind 8/9 interface */
p += NS_HFIXEDSZ;
#else
/* Bind 4 interface */
p += HFIXEDSZ;
#endif
status = dn_expand(reply, reply + len, p, host, sizeof(host));
if (status < 0) {
goto out;

2
libraries/libldap/init.c
View file

@ -398,6 +398,8 @@ ldap_int_destroy_global_options(void)
{
struct ldapoptions *gopts = LDAP_INT_GLOBAL_OPT();
gopts->ldo_valid = LDAP_UNINITIALIZED;
if ( gopts->ldo_defludp ) {
ldap_free_urllist( gopts->ldo_defludp );
gopts->ldo_defludp = NULL;

3
libraries/libldap/os-ip.c
View file

@ -371,6 +371,9 @@ ldap_connect_to_host(LDAP *ld, Sockbuf *sb,
#if defined( HAVE_GETADDRINFO ) && defined( HAVE_INET_NTOP )
memset( &hints, '\0', sizeof(hints) );
#ifdef AI_ADDRCONFIG
hints.ai_flags = AI_ADDRCONFIG;
#endif
hints.ai_family = ldap_int_inet4or6;
hints.ai_socktype = socktype;
snprintf(serv, sizeof serv, "%d", port );

88
libraries/libldap/tls.c
View file

@ -858,45 +858,6 @@ ldap_pvt_tls_inplace ( Sockbuf *sb )
return HAS_TLS( sb ) ? 1 : 0;
}
void *
ldap_pvt_tls_sb_ctx( Sockbuf *sb )
{
void *p;
if (HAS_TLS( sb )) {
ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&p );
return p;
}
return NULL;
}
int
ldap_pvt_tls_get_strength( void *s )
{
SSL_CIPHER *c;
c = SSL_get_current_cipher((SSL *)s);
return SSL_CIPHER_get_bits(c, NULL);
}
int
ldap_pvt_tls_get_my_dn( void *s, struct berval *dn, LDAPDN_rewrite_dummy *func, unsigned flags )
{
X509 *x;
X509_NAME *xn;
int rc;
x = SSL_get_certificate((SSL *)s);
if (!x) return LDAP_INVALID_CREDENTIALS;
xn = X509_get_subject_name(x);
rc = ldap_X509dn2bv(xn, dn, (LDAPDN_rewrite_func *)func, flags );
return rc;
}
static X509 *
tls_get_cert( SSL *s )
{
@ -1692,6 +1653,55 @@ tls_tmp_dh_cb( SSL *ssl, int is_export, int key_length )
#endif
#endif
void *
ldap_pvt_tls_sb_ctx( Sockbuf *sb )
{
#ifdef HAVE_TLS
void *p;
if (HAS_TLS( sb )) {
ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&p );
return p;
}
#endif
return NULL;
}
int
ldap_pvt_tls_get_strength( void *s )
{
#ifdef HAVE_TLS
SSL_CIPHER *c;
c = SSL_get_current_cipher((SSL *)s);
return SSL_CIPHER_get_bits(c, NULL);
#else
return 0;
#endif
}
int
ldap_pvt_tls_get_my_dn( void *s, struct berval *dn, LDAPDN_rewrite_dummy *func, unsigned flags )
{
#ifdef HAVE_TLS
X509 *x;
X509_NAME *xn;
int rc;
x = SSL_get_certificate((SSL *)s);
if (!x) return LDAP_INVALID_CREDENTIALS;
xn = X509_get_subject_name(x);
rc = ldap_X509dn2bv(xn, dn, (LDAPDN_rewrite_func *)func, flags );
return rc;
#else
return LDAP_NOT_SUPPORTED;
#endif
}
int
ldap_start_tls_s ( LDAP *ld,
LDAPControl **serverctrls,

23
libraries/libldap_r/rq.c
View file

@ -3,6 +3,24 @@
* Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
/* Copyright (c) 2003 by International Business Machines, Inc.
*
* International Business Machines, Inc. (hereinafter called IBM) grants
* permission under its copyrights to use, copy, modify, and distribute this
* Software with or without fee, provided that the above copyright notice and
* all paragraphs of this notice appear in all copies, and that the name of IBM
* not be used in connection with the marketing of any product incorporating
* the Software or modifications thereof, without specific, written prior
* permission.
*
* THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES,
* INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
* PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL,
* DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN
* IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES.
*/
#include "portable.h"
#include <stdio.h>
@ -118,7 +136,8 @@ ldap_pvt_runqueue_isrunning(
void
ldap_pvt_runqueue_resched(
struct runqueue_s* rq,
struct re_s* entry
struct re_s* entry,
int defer
)
{
struct re_s* prev;
@ -133,7 +152,7 @@ ldap_pvt_runqueue_resched(
LDAP_STAILQ_REMOVE( &rq->task_list, entry, re_s, tnext );
if ( entry->interval.tv_sec ) {
if ( entry->interval.tv_sec && !defer ) {
entry->next_sched.tv_sec = time( NULL ) + entry->interval.tv_sec;
} else {
entry->next_sched.tv_sec = 0;

5
libraries/libldap_r/thr_posix.c
View file

@ -121,7 +121,12 @@ ldap_pvt_thread_create( ldap_pvt_thread_t * thread,
pthread_attr_setdetachstate(&attr, detach);
#endif
#endif
#if HAVE_PTHREADS < 5
rtn = pthread_create( thread, attr, start_routine, arg );
#else
rtn = pthread_create( thread, &attr, start_routine, arg );
#endif
#if HAVE_PTHREADS > 5
pthread_attr_destroy(&attr);
#else

21
libraries/libldif/line64.c
View file

@ -571,7 +571,7 @@ ldif_read_record(
{
char linebuf[BUFSIZ], *line, *nbufp;
ber_len_t lcur = 0, len, linesize;
int last_ch = '\n', found_entry = 0, stop;
int last_ch = '\n', found_entry = 0, stop, top_comment = 0;
line = linebuf;
linesize = sizeof( linebuf );
@ -588,18 +588,25 @@ ldif_read_record(
(*lno)++;
if ( line[0] == '\n' ) {
if ( !found_entry )
if ( !found_entry ) {
lcur = 0;
top_comment = 0;
continue;
}
break;
}
if ( !found_entry ) {
/* Found a new entry */
found_entry = 1;
if ( line[0] == '#' ) {
top_comment = 1;
} else if ( ! ( top_comment && line[0] == ' ' ) ) {
/* Found a new entry */
found_entry = 1;
if ( isdigit( (unsigned char) line[0] ) ) {
/* skip index */
continue;
if ( isdigit( (unsigned char) line[0] ) ) {
/* skip index */
continue;
}
}
}
}

4
libraries/liblunicode/ucstr.c
View file

@ -252,8 +252,8 @@ struct berval * UTF8bvnormalize(
last = i;
/* Allocate more space in out if necessary */
if (len - i > outsize - outpos) {
outsize = outsize + ((len - i) - (outsize - outpos));
if (len - i >= outsize - outpos) {
outsize += 1 + ((len - i) - (outsize - outpos));
outtmp = (char *) realloc(out, outsize);
if (outtmp == NULL) {
free(out);

19
libraries/liblutil/csn.c
View file

@ -13,16 +13,18 @@
/*
* This file contains routines to generate a change sequence number. Every
* add delete, and modification is given a unique identifier for use in
* add, delete, and modification is given a unique identifier for use in
* resolving conflicts during replication operations.
*
* These routines are based upon draft-ietf-ldup-model-03.txt, and will
* need to be revisited once standardized.
* These routines are (loosly) based upon draft-ietf-ldup-model-03.txt,
* A WORK IN PROGRESS. The format will likely change.
*
* The format of a CSN string is: yyyymmddhh:mm:ssz#0xSSSS#d#0xssss
* where SSSS is a counter of operations within a timeslice, d is an
* offset into a list of replica records, and ssss is a counter of
* modifications within this operation.
* The format of a CSN string is: yyyymmddhhmmssz#s#r#c
* where s is a counter of operations within a timeslice, r is
* the replica id (normally zero), and c is a counter of
* modifications within this operation. s, r, and c are
* represented in hex and zero padded to lengths of 6, 2, and
* 6, respectively.
*
* Calls to this routine MUST be serialized with other calls
* to gmtime().
@ -53,7 +55,8 @@ lutil_csnstr(char *buf, size_t len, unsigned int replica, unsigned int mod)
op = ++csnop;
ltm = gmtime( &t );
n = snprintf( buf, len, "%4d%02d%02d%02d:%02d:%02dZ#0x%04x#%d#%04x",
n = snprintf( buf, len,
"%4d%02d%02d%02d%02d%02dZ#%06x#%02x#%06x",
ltm->tm_year + 1900, ltm->tm_mon + 1, ltm->tm_mday, ltm->tm_hour,
ltm->tm_min, ltm->tm_sec, op, replica, mod );

6
libraries/liblutil/passwd.c
View file

@ -485,7 +485,7 @@ static int chk_ssha1(
rc = lutil_b64_pton(passwd->bv_val, orig_pass, passwd->bv_len);
if (rc <= sizeof(SHA1digest)) {
if (rc < 0 || (unsigned)rc <= sizeof(SHA1digest)) {
ber_memfree(orig_pass);
return -1;
}
@ -566,7 +566,7 @@ static int chk_smd5(
rc = lutil_b64_pton(passwd->bv_val, orig_pass, passwd->bv_len);
if (rc <= sizeof(MD5digest)) {
if (rc < 0 || (unsigned)rc <= sizeof(MD5digest)) {
ber_memfree(orig_pass);
return -1;
}
@ -762,7 +762,7 @@ static int chk_ns_mta_md5(
char buffer[LUTIL_MD5_BYTES*2];
int i;
if( passwd.bv_len != LUTIL_MD5_BYTES*2 ) {
if( passwd->bv_len != LUTIL_MD5_BYTES*2 ) {
return 1;
}

4
libraries/librewrite/Makefile.in
View file

@ -8,11 +8,11 @@
##
SRCS = config.c context.c info.c ldapmap.c map.c params.c rule.c \
session.c subst.c var.c \
session.c subst.c var.c xmap.c \
parse.c rewrite.c
XSRCS = version.c
OBJS = config.o context.o info.o ldapmap.o map.o params.o rule.o \
session.o subst.o var.o
session.o subst.o var.o xmap.o
LDAP_INCDIR= ../../include
LDAP_LIBDIR= ../../libraries

26
libraries/librewrite/config.c
View file

@ -75,6 +75,7 @@ rewrite_parse(
"[%s:%d] rewriteEngine needs 'state'\n%s",
fname, lineno, "" );
return -1;
} else if ( argc > 2 ) {
Debug( LDAP_DEBUG_ANY,
"[%s:%d] extra fields in rewriteEngine"
@ -84,8 +85,10 @@ rewrite_parse(
if ( strcasecmp( argv[ 1 ], "on" ) == 0 ) {
info->li_state = REWRITE_ON;
} else if ( strcasecmp( argv[ 1 ], "off" ) == 0 ) {
info->li_state = REWRITE_OFF;
} else {
Debug( LDAP_DEBUG_ANY,
"[%s:%d] unknown 'state' in rewriteEngine;"
@ -123,12 +126,12 @@ rewrite_parse(
* Checks for existence (lots of contexts should be
* available by default ...)
*/
__curr_context = rewrite_context_find( info, argv[ 1 ] );
if ( __curr_context == NULL ) {
__curr_context = rewrite_context_create( info,
rewrite_int_curr_context = rewrite_context_find( info, argv[ 1 ] );
if ( rewrite_int_curr_context == NULL ) {
rewrite_int_curr_context = rewrite_context_create( info,
argv[ 1 ] );
}
if ( __curr_context == NULL ) {
if ( rewrite_int_curr_context == NULL ) {
return -1;
}
@ -151,6 +154,7 @@ rewrite_parse(
" 'alias'\n%s",
fname, lineno, "" );
return -1;
} else if ( argc > 4 ) {
Debug( LDAP_DEBUG_ANY,
"[%s:%d] extra fields in"
@ -173,8 +177,9 @@ rewrite_parse(
return -1;
}
__curr_context->lc_alias = aliased;
__curr_context = aliased;
rewrite_int_curr_context->lc_alias = aliased;
rewrite_int_curr_context = aliased;
} else {
Debug( LDAP_DEBUG_ANY,
"[%s:%d] extra fields"
@ -195,6 +200,7 @@ rewrite_parse(
" 'subst' ['flags']\n%s",
fname, lineno, "" );
return -1;
} else if ( argc > 4 ) {
Debug( LDAP_DEBUG_ANY,
"[%s:%d] extra fields in rewriteRule"
@ -202,22 +208,22 @@ rewrite_parse(
fname, lineno, "" );
}
if ( __curr_context == NULL ) {
if ( rewrite_int_curr_context == NULL ) {
Debug( LDAP_DEBUG_ANY,
"[%s:%d] rewriteRule outside a"
" context; will add to default\n%s",
fname, lineno, "" );
__curr_context = rewrite_context_find( info,
rewrite_int_curr_context = rewrite_context_find( info,
REWRITE_DEFAULT_CONTEXT );
/*
* Default context MUST exist in a properly initialized
* struct rewrite_info
*/
assert( __curr_context != NULL );
assert( rewrite_int_curr_context != NULL );
}
rc = rewrite_rule_compile( info, __curr_context, argv[ 1 ],
rc = rewrite_rule_compile( info, rewrite_int_curr_context, argv[ 1 ],
argv[ 2 ], ( argc == 4 ? argv[ 3 ] : "" ) );
/*

52
libraries/librewrite/context.c
View file

@ -144,6 +144,7 @@ rewrite_context_create(
free( context );
return NULL;
}
memset( context->lc_rule, 0, sizeof( struct rewrite_rule ) );
/*
* Add context to tree
@ -250,7 +251,7 @@ rewrite_context_apply(
case REWRITE_REGEXEC_ERR:
Debug( LDAP_DEBUG_ANY, "==> rewrite_context_apply"
" error ...\n%s%s%s", "", "", "");
" error ...\n", 0, 0, 0);
/*
* Checks for special actions to be taken
@ -272,8 +273,7 @@ rewrite_context_apply(
case REWRITE_ACTION_IGNORE_ERR:
Debug( LDAP_DEBUG_ANY,
"==> rewrite_context_apply"
" ignoring error ...\n%s%s%s",
"", "", "" );
" ignoring error ...\n", 0, 0, 0 );
do_continue = 1;
break;
@ -413,3 +413,49 @@ rc_end_of_context:;
return return_code;
}
void
rewrite_context_free(
void *tmp
)
{
struct rewrite_context *context = (struct rewrite_context *)tmp;
assert( tmp );
rewrite_context_destroy( &context );
}
int
rewrite_context_destroy(
struct rewrite_context **pcontext
)
{
struct rewrite_context *context;
struct rewrite_rule *r;
assert( pcontext );
assert( *pcontext );
context = *pcontext;
assert( context->lc_rule );
for ( r = context->lc_rule->lr_next; r; ) {
struct rewrite_rule *cr = r;
r = r->lr_next;
rewrite_rule_destroy( &cr );
}
free( context->lc_rule );
context->lc_rule = NULL;
assert( context->lc_name );
free( context->lc_name );
context->lc_name = NULL;
free( context );
*pcontext = NULL;
return 0;
}

45
libraries/librewrite/info.c
View file

@ -35,7 +35,7 @@
* rewrite_parse; it can be altered only by a
* rewriteContext config line or by a change in info.
*/
struct rewrite_context *__curr_context = NULL;
struct rewrite_context *rewrite_int_curr_context = NULL;
/*
* Inits the info
@ -63,7 +63,7 @@ rewrite_info_init(
/*
* Resets the running context for parsing ...
*/
__curr_context = NULL;
rewrite_int_curr_context = NULL;
info = calloc( sizeof( struct rewrite_info ), 1 );
if ( info == NULL ) {
@ -102,20 +102,41 @@ rewrite_info_init(
*/
int
rewrite_info_delete(
struct rewrite_info *info
struct rewrite_info **pinfo
)
{
assert( info != NULL );
struct rewrite_info *info;
assert( pinfo != NULL );
assert( *pinfo != NULL );
info = *pinfo;
if ( info->li_context ) {
avl_free( info->li_context, rewrite_context_free );
}
info->li_context = NULL;
if ( info->li_maps ) {
avl_free( info->li_maps, rewrite_builtin_map_free );
}
info->li_context = NULL;
rewrite_session_destroy( info );
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_rdwr_destroy( &info->li_cookies_mutex );
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
rewrite_param_destroy( info );
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_rdwr_destroy( &info->li_cookies_mutex );
ldap_pvt_thread_rdwr_destroy( &info->li_params_mutex );
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
free( info );
*pinfo = NULL;
return REWRITE_SUCCESS;
}
@ -156,7 +177,7 @@ rewrite_session(
)
{
struct rewrite_context *context;
struct rewrite_op op = { 0, 0, NULL, NULL, NULL, NULL };
struct rewrite_op op = { 0, 0, NULL, NULL, NULL };
int rc;
assert( info != NULL );
@ -189,34 +210,40 @@ rewrite_session(
case REWRITE_MODE_ERR:
rc = REWRITE_REGEXEC_ERR;
goto rc_return;
case REWRITE_MODE_OK:
rc = REWRITE_REGEXEC_OK;
goto rc_return;
case REWRITE_MODE_COPY_INPUT:
*result = strdup( string );
rc = REWRITE_REGEXEC_OK;
goto rc_return;
case REWRITE_MODE_USE_DEFAULT:
context = rewrite_context_find( info,
REWRITE_DEFAULT_CONTEXT );
break;
}
}
#if 0 /* FIXME: not used anywhere! (debug? then, why strdup?) */
op.lo_string = strdup( string );
if ( op.lo_string == NULL ) {
rc = REWRITE_REGEXEC_ERR;
goto rc_return;
}
#endif
/*
* Applies rewrite context
*/
rc = rewrite_context_apply(info, &op, context, string, result );
rc = rewrite_context_apply( info, &op, context, string, result );
assert( op.lo_depth == 0 );
/* ?!? */
#if 0 /* FIXME: not used anywhere! (debug? then, why strdup?) */
free( op.lo_string );
#endif
switch ( rc ) {
/*

18
libraries/librewrite/ldapmap.c
View file

@ -331,3 +331,21 @@ rc_return:;
return rc;
}
int
map_ldap_destroy(
struct rewrite_builtin_map **pmap
)
{
struct ldap_map_data *data;
assert( pmap );
assert( *pmap );
data = ( struct ldap_map_data * )(*pmap)->lb_private;
free( data );
*pmap = NULL;
return 0;
}

546
libraries/librewrite/map.c
View file

@ -33,195 +33,6 @@
#include "rewrite-int.h"
#include "rewrite-map.h"
/*
* Global data
*/
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_mutex_t xpasswd_mutex;
static int xpasswd_mutex_init = 0;
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
/*
* Map parsing
* NOTE: these are old-fashion maps; new maps will be parsed on separate
* config lines, and referred by name.
*/
struct rewrite_map *
rewrite_xmap_parse(
struct rewrite_info *info,
const char *s,
const char **currpos
)
{
struct rewrite_map *map;
assert( info != NULL );
assert( s != NULL );
assert( currpos != NULL );
Debug( LDAP_DEBUG_ARGS, "rewrite_xmap_parse: %s\n%s%s",
s, "", "" );
*currpos = NULL;
map = calloc( sizeof( struct rewrite_map ), 1 );
if ( map == NULL ) {
Debug( LDAP_DEBUG_ANY, "rewrite_xmap_parse:"
" calloc failed\n%s%s%s", "", "", "" );
return NULL;
}
/*
* Experimental passwd map:
* replaces the uid with the matching gecos from /etc/passwd file
*/
if ( strncasecmp(s, "xpasswd", 7 ) == 0 ) {
map->lm_type = REWRITE_MAP_XPWDMAP;
map->lm_name = strdup( "xpasswd" );
assert( s[7] == '}' );
*currpos = s + 8;
#ifdef USE_REWRITE_LDAP_PVT_THREADS
if ( !xpasswd_mutex_init ) {
xpasswd_mutex_init = 1;
if ( ldap_pvt_thread_mutex_init( &xpasswd_mutex ) ) {
free( map );
return NULL;
}
}
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
/* Don't really care if fails */
return map;
/*
* Experimental file map:
* looks up key in a `key value' ascii file
*/
} else if ( strncasecmp(s, "xfile", 5 ) == 0 ) {
char *filename;
const char *p;
int l;
int c = 5;
map->lm_type = REWRITE_MAP_XFILEMAP;
if ( s[ c ] != '(' ) {
free( map );
return NULL;
}
/* Must start with '/' for security concerns */
c++;
if ( s[ c ] != '/' ) {
free( map );
return NULL;
}
for ( p = s + c; p[ 0 ] != '\0' && p[ 0 ] != ')'; p++ );
if ( p[ 0 ] != ')' ) {
free( map );
return NULL;
}
l = p - s - c;
filename = calloc( sizeof( char ), l + 1 );
AC_MEMCPY( filename, s + c, l );
filename[ l ] = '\0';
map->lm_args = ( void * )fopen( filename, "r" );
free( filename );
if ( map->lm_args == NULL ) {
free( map );
return NULL;
}
*currpos = p + 1;
#ifdef USE_REWRITE_LDAP_PVT_THREADS
if ( ldap_pvt_thread_mutex_init( &map->lm_mutex ) ) {
fclose( ( FILE * )map->lm_args );
free( map );
return NULL;
}
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
return map;
/*
* Experimental ldap map:
* looks up key on the fly (not implemented!)
*/
} else if ( strncasecmp(s, "xldap", 5 ) == 0 ) {
char *p;
char *url;
int l, rc;
int c = 5;
LDAPURLDesc *lud;
if ( s[ c ] != '(' ) {
free( map );
return NULL;
}
c++;
p = strchr( s, '}' );
if ( p == NULL ) {
free( map );
return NULL;
}
p--;
*currpos = p + 2;
/*
* Add two bytes for urlencoding of '%s'
*/
l = p - s - c;
url = calloc( sizeof( char ), l + 3 );
AC_MEMCPY( url, s + c, l );
url[ l ] = '\0';
/*
* Urlencodes the '%s' for ldap_url_parse
*/
p = strchr( url, '%' );
if ( p != NULL ) {
AC_MEMCPY( p + 3, p + 1, strlen( p + 1 ) + 1 );
p[ 1 ] = '2';
p[ 2 ] = '5';
}
rc = ldap_url_parse( url, &lud );
free( url );
if ( rc != LDAP_SUCCESS ) {
free( map );
return NULL;
}
assert( lud != NULL );
map->lm_args = ( void * )lud;
map->lm_type = REWRITE_MAP_XLDAPMAP;
#ifdef USE_REWRITE_LDAP_PVT_THREADS
if ( ldap_pvt_thread_mutex_init( &map->lm_mutex ) ) {
ldap_free_urldesc( lud );
free( map );
return NULL;
}
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
return map;
/* Unhandled map */
}
return NULL;
}
struct rewrite_map *
rewrite_map_parse(
struct rewrite_info *info,
@ -233,7 +44,7 @@ rewrite_map_parse(
struct rewrite_subst *subst = NULL;
char *s, *begin = NULL, *end;
const char *p;
int l, cnt;
int l, cnt, mtx = 0, rc = 0;
assert( info != NULL );
assert( string != NULL );
@ -259,8 +70,11 @@ rewrite_map_parse(
cnt++;
p++;
}
if ( p[ 1 ] != '\0' )
if ( p[ 1 ] != '\0' ) {
p++;
}
} else if ( p[ 0 ] == '}' ) {
cnt--;
}
@ -285,11 +99,12 @@ rewrite_map_parse(
case REWRITE_OPERATOR_VARIABLE_GET:
case REWRITE_OPERATOR_PARAM_GET:
break;
default:
begin = strchr( s, '(' );
if ( begin == NULL ) {
free( s );
return NULL;
rc = -1;
goto cleanup;
}
begin[ 0 ] = '\0';
begin++;
@ -333,13 +148,13 @@ rewrite_map_parse(
* Check the syntax of the variable name
*/
if ( !isalpha( (unsigned char) p[ 0 ] ) ) {
free( s );
return NULL;
rc = -1;
goto cleanup;
}
for ( p++; p[ 0 ] != '\0'; p++ ) {
if ( !isalnum( (unsigned char) p[ 0 ] ) ) {
free( s );
return NULL;
rc = -1;
goto cleanup;
}
}
@ -350,11 +165,12 @@ rewrite_map_parse(
case REWRITE_OPERATOR_VARIABLE_GET:
case REWRITE_OPERATOR_PARAM_GET:
break;
default:
end = strrchr( begin, ')' );
if ( end == NULL ) {
free( s );
return NULL;
rc = -1;
goto cleanup;
}
end[ 0 ] = '\0';
@ -363,8 +179,8 @@ rewrite_map_parse(
*/
subst = rewrite_subst_compile( info, begin );
if ( subst == NULL ) {
free( s );
return NULL;
rc = -1;
goto cleanup;
}
break;
}
@ -374,22 +190,17 @@ rewrite_map_parse(
*/
map = calloc( sizeof( struct rewrite_map ), 1 );
if ( map == NULL ) {
if ( subst != NULL ) {
free( subst );
}
free( s );
return NULL;
rc = -1;
goto cleanup;
}
memset( map, 0, sizeof( struct rewrite_map ) );
#ifdef USE_REWRITE_LDAP_PVT_THREADS
if ( ldap_pvt_thread_mutex_init( &map->lm_mutex ) ) {
if ( subst != NULL ) {
free( subst );
}
free( s );
free( map );
return NULL;
rc = -1;
goto cleanup;
}
++mtx;
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
/*
@ -399,6 +210,7 @@ rewrite_map_parse(
case REWRITE_OPERATOR_VARIABLE_GET:
case REWRITE_OPERATOR_PARAM_GET:
break;
default:
map->lm_subst = subst;
break;
@ -422,19 +234,17 @@ rewrite_map_parse(
map->lm_name = strdup( s + 1 );
map->lm_data = rewrite_context_find( info, s + 1 );
if ( map->lm_data == NULL ) {
free( s );
free( map );
return NULL;
rc = -1;
goto cleanup;
}
break;
/*
* External command
* External command (not implemented yet)
*/
case REWRITE_OPERATOR_COMMAND: /* '|' */
free( map );
map = NULL;
break;
rc = -1;
goto cleanup;
/*
* Variable set
@ -488,228 +298,38 @@ rewrite_map_parse(
map->lm_name = strdup( s );
map->lm_data = rewrite_builtin_map_find( info, s );
if ( map->lm_data == NULL ) {
return NULL;
rc = -1;
goto cleanup;
}
break;
}
cleanup:
free( s );
if ( rc ) {
if ( subst != NULL ) {
free( subst );
}
if ( map ) {
#ifdef USE_REWRITE_LDAP_PVT_THREADS
if ( mtx ) {
ldap_pvt_thread_mutex_destroy( &map->lm_mutex );
}
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
if ( map->lm_name ) {
free( map->lm_name );
map->lm_name = NULL;
}
free( map );
map = NULL;
}
}
return map;
}
/*
* Map key -> value resolution
* NOTE: these are old-fashion maps; new maps will be parsed on separate
* config lines, and referred by name.
*/
int
rewrite_xmap_apply(
struct rewrite_info *info,
struct rewrite_op *op,
struct rewrite_map *map,
struct berval *key,
struct berval *val
)
{
int rc = REWRITE_SUCCESS;
assert( info != NULL );
assert( op != NULL );
assert( map != NULL );
assert( key != NULL );
assert( val != NULL );
val->bv_val = NULL;
val->bv_len = 0;
switch ( map->lm_type ) {
#ifdef HAVE_GETPWNAM
case REWRITE_MAP_XPWDMAP: {
struct passwd *pwd;
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_mutex_lock( &xpasswd_mutex );
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
pwd = getpwnam( key->bv_val );
if ( pwd == NULL ) {
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_mutex_unlock( &xpasswd_mutex );
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
rc = REWRITE_NO_SUCH_OBJECT;
break;
}
#ifdef HAVE_PW_GECOS
if ( pwd->pw_gecos != NULL && pwd->pw_gecos[0] != '\0' ) {
int l = strlen( pwd->pw_gecos );
val->bv_val = strdup( pwd->pw_gecos );
if ( val->bv_val == NULL ) {
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_mutex_unlock( &xpasswd_mutex );
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
rc = REWRITE_ERR;
break;
}
val->bv_len = l;
} else
#endif /* HAVE_PW_GECOS */
{
val->bv_val = strdup( key->bv_val );
val->bv_len = key->bv_len;
}
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_mutex_unlock( &xpasswd_mutex );
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
break;
}
#endif /* HAVE_GETPWNAM*/
case REWRITE_MAP_XFILEMAP: {
char buf[1024];
if ( map->lm_args == NULL ) {
rc = REWRITE_ERR;
break;
}
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_mutex_lock( &map->lm_mutex );
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
rewind( ( FILE * )map->lm_args );
while ( fgets( buf, sizeof( buf ), ( FILE * )map->lm_args ) ) {
char *p;
int blen;
blen = strlen( buf );
if ( buf[ blen - 1 ] == '\n' ) {
buf[ blen - 1 ] = '\0';
}
p = strtok( buf, " " );
if ( p == NULL ) {
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_mutex_unlock( &map->lm_mutex );
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
rc = REWRITE_ERR;
goto rc_return;
}
if ( strcasecmp( p, key->bv_val ) == 0
&& ( p = strtok( NULL, "" ) ) ) {
val->bv_val = strdup( p );
if ( val->bv_val == NULL ) {
return REWRITE_ERR;
}
val->bv_len = strlen( p );
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_mutex_unlock( &map->lm_mutex );
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
goto rc_return;
}
}
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_mutex_unlock( &map->lm_mutex );
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
rc = REWRITE_ERR;
break;
}
case REWRITE_MAP_XLDAPMAP: {
LDAP *ld;
char filter[1024];
LDAPMessage *res = NULL, *entry;
LDAPURLDesc *lud = ( LDAPURLDesc * )map->lm_args;
int attrsonly = 0;
char **values;
assert( lud != NULL );
/*
* No mutex because there is no write on the map data
*/
ld = ldap_init( lud->lud_host, lud->lud_port );
if ( ld == NULL ) {
rc = REWRITE_ERR;
goto rc_return;
}
snprintf( filter, sizeof( filter ), lud->lud_filter,
key->bv_val );
if ( strcasecmp( lud->lud_attrs[ 0 ], "dn" ) == 0 ) {
attrsonly = 1;
}
rc = ldap_search_s( ld, lud->lud_dn, lud->lud_scope,
filter, lud->lud_attrs, attrsonly, &res );
if ( rc != LDAP_SUCCESS ) {
ldap_unbind( ld );
rc = REWRITE_ERR;
goto rc_return;
}
if ( ldap_count_entries( ld, res ) != 1 ) {
ldap_unbind( ld );
rc = REWRITE_ERR;
goto rc_return;
}
entry = ldap_first_entry( ld, res );
if ( entry == NULL ) {
ldap_msgfree( res );
ldap_unbind( ld );
rc = REWRITE_ERR;
goto rc_return;
}
if ( attrsonly == 1 ) {
val->bv_val = ldap_get_dn( ld, entry );
if ( val->bv_val == NULL ) {
ldap_msgfree( res );
ldap_unbind( ld );
rc = REWRITE_ERR;
goto rc_return;
}
} else {
values = ldap_get_values( ld, entry,
lud->lud_attrs[0] );
if ( values == NULL ) {
ldap_msgfree( res );
ldap_unbind( ld );
rc = REWRITE_ERR;
goto rc_return;
}
val->bv_val = strdup( values[ 0 ] );
ldap_value_free( values );
}
val->bv_len = strlen( val->bv_val );
ldap_msgfree( res );
ldap_unbind( ld );
rc = REWRITE_SUCCESS;
}
}
rc_return:;
return rc;
}
/*
* Applies the new map type
*/
@ -796,6 +416,7 @@ rewrite_map_apply(
case REWRITE_MAP_BUILTIN: {
struct rewrite_builtin_map *bmap = map->lm_data;
switch ( bmap->lb_type ) {
case REWRITE_BUILTIN_MAP_LDAP:
rc = map_ldap_apply( bmap, key->bv_val, val );
@ -815,3 +436,62 @@ rewrite_map_apply(
return rc;
}
void
rewrite_builtin_map_free(
void *tmp
)
{
struct rewrite_builtin_map *map = ( struct rewrite_builtin_map * )tmp;
assert( map );
switch ( map->lb_type ) {
case REWRITE_BUILTIN_MAP_LDAP:
map_ldap_destroy( &map );
break;
default:
assert(0);
break;
}
free( map->lb_name );
free( map );
}
int
rewrite_map_destroy(
struct rewrite_map **pmap
)
{
struct rewrite_map *map;
assert( pmap );
assert( *pmap );
map = *pmap;
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_mutex_lock( &map->lm_mutex );
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
if ( map->lm_name ) {
free( map->lm_name );
map->lm_name = NULL;
}
if ( map->lm_subst ) {
rewrite_subst_destroy( &map->lm_subst );
}
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_mutex_unlock( &map->lm_mutex );
ldap_pvt_thread_mutex_destroy( &map->lm_mutex );
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
free( map );
*pmap = NULL;
return 0;
}

20
libraries/librewrite/params.c
View file

@ -60,7 +60,7 @@ rewrite_param_set(
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
return REWRITE_ERR;
}
}
}
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_rdwr_wunlock( &info->li_params_mutex );
@ -112,6 +112,22 @@ rewrite_param_get(
return REWRITE_SUCCESS;
}
static void
rewrite_param_free(
void *tmp
)
{
struct rewrite_var *var = ( struct rewrite_var * )tmp;
assert( var != NULL );
assert( var->lv_name != NULL );
assert( var->lv_value.bv_val != NULL );
free( var->lv_name );
free( var->lv_value.bv_val );
free( var );
}
/*
* Destroys the parameter tree
*/
@ -128,7 +144,7 @@ rewrite_param_destroy(
ldap_pvt_thread_rdwr_wlock( &info->li_params_mutex );
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
count = avl_free( info->li_params, NULL );
count = avl_free( info->li_params, rewrite_param_free );
info->li_params = NULL;
#ifdef USE_REWRITE_LDAP_PVT_THREADS

41
libraries/librewrite/rewrite-int.h
View file

@ -189,10 +189,10 @@ struct rewrite_submatch {
*/
struct rewrite_subst {
size_t lt_subs_len;
struct berval **lt_subs;
struct berval *lt_subs;
int lt_num_submatch;
struct rewrite_submatch **lt_submatch;
struct rewrite_submatch *lt_submatch;
};
/*
@ -262,7 +262,9 @@ struct rewrite_var {
struct rewrite_op {
int lo_num_passes;
int lo_depth;
#if 0 /* FIXME: not used anywhere! (debug? then, why strdup?) */
char *lo_string;
#endif
char *lo_result;
Avlnode *lo_vars;
const void *lo_cookie;
@ -315,7 +317,7 @@ struct rewrite_info {
* PRIVATE *
***********/
LDAP_REWRITE_V (struct rewrite_context*) __curr_context;
LDAP_REWRITE_V (struct rewrite_context*) rewrite_int_curr_context;
/*
* Maps
@ -359,7 +361,20 @@ rewrite_xmap_apply(
struct berval *val
);
LDAP_REWRITE_F (int)
rewrite_map_destroy(
struct rewrite_map **map
);
LDAP_REWRITE_F (int)
rewrite_xmap_destroy(
struct rewrite_map **map
);
LDAP_REWRITE_F (void)
rewrite_builtin_map_free(
void *map
);
/*
* Submatch substitution
*/
@ -387,6 +402,11 @@ rewrite_subst_apply(
struct berval *val
);
LDAP_REWRITE_F (int)
rewrite_subst_destroy(
struct rewrite_subst **subst
);
/*
* Rules
@ -422,6 +442,11 @@ rewrite_rule_apply(
char **result
);
LDAP_REWRITE_F (int)
rewrite_rule_destroy(
struct rewrite_rule **rule
);
/*
* Sessions
*/
@ -555,5 +580,15 @@ rewrite_context_apply(
char **result
);
LDAP_REWRITE_F (int)
rewrite_context_destroy(
struct rewrite_context **context
);
LDAP_REWRITE_F (void)
rewrite_context_free(
void *tmp
);
#endif /* REWRITE_INT_H */

3
libraries/librewrite/rewrite-map.h
View file

@ -53,4 +53,7 @@ map_ldap_apply( struct rewrite_builtin_map *map,
struct berval *val
);
LDAP_REWRITE_F (int)
map_ldap_destroy( struct rewrite_builtin_map **map );
#endif /* MAP_H */

12
libraries/librewrite/rewrite.c
View file

@ -52,7 +52,7 @@ apply(
int rc;
void *cookie = &info;
info = rewrite_info_init(REWRITE_MODE_ERR);
info = rewrite_info_init( REWRITE_MODE_ERR );
if ( rewrite_read( fin, info ) != 0 ) {
exit( EXIT_FAILURE );
@ -84,8 +84,12 @@ apply(
string = result;
}
free( string );
rewrite_session_delete( info, cookie );
rewrite_info_delete( &info );
return result;
}
@ -128,7 +132,7 @@ main( int argc, char *argv[] )
exit( EXIT_SUCCESS );
case 'r':
rewriteContext = strdup( optarg );
rewriteContext = optarg;
break;
}
}
@ -139,6 +143,10 @@ main( int argc, char *argv[] )
apply( ( fin ? fin : stdin ), rewriteContext, argv[ optind ] );
if ( fin ) {
fclose( fin );
}
return 0;
}

103
libraries/librewrite/rule.c
View file

@ -70,6 +70,39 @@ append_action(
return REWRITE_SUCCESS;
}
static int
destroy_action(
struct rewrite_action **paction
)
{
struct rewrite_action *action;
assert( paction );
assert( *paction );
action = *paction;
/* do something */
switch ( action->la_type ) {
case REWRITE_FLAG_GOTO: {
int *pi = (int *)action->la_args;
if ( pi ) {
free( pi );
}
break;
}
default:
break;
}
free( action );
*paction = NULL;
return 0;
}
/*
* In case of error it returns NULL and does not free all the memory
* it allocated; as this is a once only phase, and an error at this stage
@ -336,7 +369,8 @@ rewrite_rule_apply(
int rc = REWRITE_SUCCESS;
char *string;
struct berval val;
int strcnt = 0;
struct berval val = { 0, NULL };
assert( info != NULL );
assert( op != NULL );
@ -346,10 +380,7 @@ rewrite_rule_apply(
*result = NULL;
string = strdup( arg );
if ( string == NULL ) {
return REWRITE_REGEXEC_ERR;
}
string = (char *)arg;
/*
* In case recursive match is required (default)
@ -357,13 +388,14 @@ rewrite_rule_apply(
recurse:;
Debug( LDAP_DEBUG_TRACE, "==> rewrite_rule_apply"
" rule='%s' string='%s'\n%s",
rule->lr_pattern, string, "" );
" rule='%s' string='%s'\n",
rule->lr_pattern, string, 0 );
op->lo_num_passes++;
if ( regexec( &rule->lr_regex, string, nmatch, match, 0 ) != 0 ) {
if ( *result == NULL ) {
if ( *result == NULL && strcnt > 0 ) {
free( string );
string = NULL;
}
/*
@ -376,7 +408,11 @@ recurse:;
match, &val );
*result = val.bv_val;
free( string );
val.bv_val = NULL;
if ( strcnt > 0 ) {
free( string );
string = NULL;
}
if ( rc != REWRITE_REGEXEC_OK ) {
return rc;
@ -385,9 +421,58 @@ recurse:;
if ( ( rule->lr_mode & REWRITE_RECURSE ) == REWRITE_RECURSE
&& op->lo_num_passes <= info->li_max_passes ) {
string = *result;
strcnt++;
goto recurse;
}
return REWRITE_REGEXEC_OK;
}
int
rewrite_rule_destroy(
struct rewrite_rule **prule
)
{
struct rewrite_rule *rule;
struct rewrite_action *action;
assert( prule );
assert( *prule );
rule = *prule;
if ( rule->lr_pattern ) {
free( rule->lr_pattern );
rule->lr_pattern = NULL;
}
if ( rule->lr_subststring ) {
free( rule->lr_subststring );
rule->lr_subststring = NULL;
}
if ( rule->lr_flagstring ) {
free( rule->lr_flagstring );
rule->lr_flagstring = NULL;
}
if ( rule->lr_subst ) {
rewrite_subst_destroy( &rule->lr_subst );
}
regfree( &rule->lr_regex );
for ( action = rule->lr_action; action; ) {
struct rewrite_action *curraction = action;
action = action->la_next;
destroy_action( &curraction );
}
free( rule );
*prule = NULL;
return 0;
}

36
libraries/librewrite/session.c
View file

@ -317,24 +317,28 @@ rewrite_session_delete(
session = rewrite_session_find( info, cookie );
if ( session != NULL ) {
if ( --session->ls_count > 0 ) {
rewrite_session_return( info, session );
return REWRITE_SUCCESS;
}
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_rdwr_wlock( &session->ls_vars_mutex );
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
rewrite_var_delete( session->ls_vars );
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_rdwr_destroy( &session->ls_vars_mutex );
ldap_pvt_thread_mutex_destroy( &session->ls_mutex );
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
if ( session == NULL ) {
return REWRITE_SUCCESS;
}
if ( --session->ls_count > 0 ) {
rewrite_session_return( info, session );
return REWRITE_SUCCESS;
}
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_rdwr_wlock( &session->ls_vars_mutex );
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
rewrite_var_delete( session->ls_vars );
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_rdwr_wunlock( &session->ls_vars_mutex );
ldap_pvt_thread_rdwr_destroy( &session->ls_vars_mutex );
ldap_pvt_thread_mutex_unlock( &session->ls_mutex );
ldap_pvt_thread_mutex_destroy( &session->ls_mutex );
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_rdwr_wlock( &info->li_cookies_mutex );
#endif /* USE_REWRITE_LDAP_PVT_THREADS */

240
libraries/librewrite/subst.c
View file

@ -36,8 +36,8 @@ rewrite_subst_compile(
)
{
size_t subs_len;
struct berval **subs = NULL, **tmps;
struct rewrite_submatch **submatch = NULL;
struct berval *subs = NULL, *tmps;
struct rewrite_submatch *submatch = NULL;
struct rewrite_subst *s = NULL;
@ -51,28 +51,27 @@ rewrite_subst_compile(
* Take care of substitution string
*/
for ( p = begin = result, subs_len = 0; p[ 0 ] != '\0'; p++ ) {
/*
* Keep only single escapes '%'
*/
if ( p[ 0 ] != REWRITE_SUBMATCH_ESCAPE ) {
continue;
}
if ( p[ 1 ] == REWRITE_SUBMATCH_ESCAPE ) {
AC_MEMCPY((char *)p, p + 1, strlen( p ) );
/* Pull &p[1] over p, including the trailing '\0' */
AC_MEMCPY((char *)p, &p[ 1 ], strlen( p ) );
continue;
}
nsub++;
tmps = (struct berval **)realloc( subs,
sizeof( struct berval * )*( nsub + 1 ) );
tmps = ( struct berval * )realloc( subs,
sizeof( struct berval )*( nsub + 1 ) );
if ( tmps == NULL ) {
/* cleanup */
/* FIXME: cleanup */
return NULL;
}
subs = tmps;
subs[ nsub ] = NULL;
/*
* I think an `if l > 0' at runtime is better outside than
@ -81,62 +80,52 @@ rewrite_subst_compile(
l = p - begin;
if ( l > 0 ) {
subs_len += l;
subs[ nsub - 1 ] =
calloc( sizeof( struct berval ), 1 );
if ( subs[ nsub - 1 ] == NULL ) {
/* cleanup */
subs[ nsub ].bv_len = l;
subs[ nsub ].bv_val = malloc( l + 1 );
if ( subs[ nsub ].bv_val == NULL ) {
return NULL;
}
subs[ nsub - 1 ]->bv_len = l;
subs[ nsub - 1 ]->bv_val = malloc( l + 1 );
if ( subs[ nsub - 1 ]->bv_val == NULL ) {
return NULL;
}
AC_MEMCPY( subs[ nsub - 1 ]->bv_val, begin, l );
subs[ nsub - 1 ]->bv_val[ l ] = '\0';
AC_MEMCPY( subs[ nsub ].bv_val, begin, l );
subs[ nsub ].bv_val[ l ] = '\0';
} else {
subs[ nsub - 1 ] = NULL;
subs[ nsub ].bv_val = NULL;
subs[ nsub ].bv_len = 0;
}
/*
* Substitution pattern
*/
if ( isdigit( (unsigned char) p[ 1 ] ) ) {
struct rewrite_submatch *tmpsm;
int d = p[ 1 ] - '0';
struct rewrite_submatch **tmpsm;
/*
* Add a new value substitution scheme
*/
tmpsm = realloc( submatch,
sizeof( struct rewrite_submatch * )*( nsub + 1 ) );
tmpsm = ( struct rewrite_submatch * )realloc( submatch,
sizeof( struct rewrite_submatch )*( nsub + 1 ) );
if ( tmpsm == NULL ) {
/* cleanup */
return NULL;
}
submatch = tmpsm;
submatch[ nsub ] = NULL;
submatch[ nsub - 1 ] =
calloc( sizeof( struct rewrite_submatch ), 1 );
if ( submatch[ nsub - 1 ] == NULL ) {
/* cleanup */
return NULL;
}
submatch[ nsub - 1 ]->ls_submatch = d;
submatch[ nsub ].ls_submatch = d;
/*
* If there is no argument, use default
* (substitute substring as is)
*/
if ( p[ 2 ] != '{' ) {
submatch[ nsub - 1 ]->ls_type =
submatch[ nsub ].ls_type =
REWRITE_SUBMATCH_ASIS;
submatch[ nsub ].ls_map = NULL;
begin = ++p + 1;
} else {
struct rewrite_map *map;
submatch[ nsub - 1 ]->ls_type =
submatch[ nsub ].ls_type =
REWRITE_SUBMATCH_XMAP;
map = rewrite_xmap_parse( info,
@ -145,9 +134,8 @@ rewrite_subst_compile(
/* cleanup */
return NULL;
}
submatch[ nsub ].ls_map = map;
p = begin - 1;
submatch[ nsub - 1 ]->ls_map = map;
}
/*
@ -155,7 +143,7 @@ rewrite_subst_compile(
*/
} else if ( p[ 1 ] == '{' ) {
struct rewrite_map *map;
struct rewrite_submatch **tmpsm;
struct rewrite_submatch *tmpsm;
map = rewrite_map_parse( info, p + 2, &begin );
if ( map == NULL ) {
@ -167,52 +155,43 @@ rewrite_subst_compile(
/*
* Add a new value substitution scheme
*/
tmpsm = realloc( submatch,
sizeof( struct rewrite_submatch * )*( nsub + 1 ) );
tmpsm = ( struct rewrite_submatch * )realloc( submatch,
sizeof( struct rewrite_submatch )*( nsub + 1 ) );
if ( tmpsm == NULL ) {
/* cleanup */
return NULL;
}
submatch = tmpsm;
submatch[ nsub ] = NULL;
submatch[ nsub - 1 ] =
calloc( sizeof( struct rewrite_submatch ), 1 );
if ( submatch[ nsub - 1 ] == NULL ) {
/* cleanup */
return NULL;
}
submatch[ nsub - 1 ]->ls_type =
submatch[ nsub ].ls_type =
REWRITE_SUBMATCH_MAP_W_ARG;
submatch[ nsub - 1 ]->ls_map = map;
submatch[ nsub ].ls_map = map;
}
nsub++;
}
/*
* Last part of string
*/
tmps = realloc( subs, sizeof( struct berval *)*( nsub + 2 ) );
tmps = (struct berval * )realloc( subs, sizeof( struct berval )*( nsub + 1 ) );
if ( tmps == NULL ) {
/*
* XXX need to free the value subst stuff!
*/
free( submatch );
free( subs );
return NULL;
}
subs = tmps;
subs[ nsub + 1 ] = NULL;
l = p - begin;
if ( l > 0 ) {
subs[ nsub ] = calloc( sizeof( struct berval ), 1 );
subs_len += l;
subs[ nsub ]->bv_len = l;
subs[ nsub ]->bv_val = malloc( l + 1 );
AC_MEMCPY( subs[ nsub ]->bv_val, begin, l );
subs[ nsub ]->bv_val[ l ] = '\0';
subs[ nsub ].bv_len = l;
subs[ nsub ].bv_val = malloc( l + 1 );
AC_MEMCPY( subs[ nsub ].bv_val, begin, l );
subs[ nsub ].bv_val[ l ] = '\0';
} else {
subs[ nsub ] = NULL;
subs[ nsub ].bv_val = NULL;
subs[ nsub ].bv_len = 0;
}
s = calloc( sizeof( struct rewrite_subst ), 1 );
@ -241,8 +220,8 @@ submatch_copy(
struct berval *val
)
{
int c, l;
const char *s;
int c, l;
const char *s;
assert( submatch != NULL );
assert( submatch->ls_type == REWRITE_SUBMATCH_ASIS
@ -250,14 +229,14 @@ submatch_copy(
assert( string != NULL );
assert( match != NULL );
assert( val != NULL );
assert( val->bv_val == NULL );
c = submatch->ls_submatch;
s = string + match[ c ].rm_so;
l = match[ c ].rm_eo - match[ c ].rm_so;
val->bv_val = NULL;
val->bv_len = l;
val->bv_val = calloc( sizeof( char ), l + 1 );
val->bv_val = malloc( l + 1 );
if ( val->bv_val == NULL ) {
return REWRITE_ERR;
}
@ -284,7 +263,7 @@ rewrite_subst_apply(
{
struct berval *submatch = NULL;
char *res = NULL;
int n, l, cl;
int n = 0, l, cl;
int rc = REWRITE_REGEXEC_OK;
assert( info != NULL );
@ -294,6 +273,8 @@ rewrite_subst_apply(
assert( match != NULL );
assert( val != NULL );
assert( val->bv_val == NULL );
val->bv_val = NULL;
val->bv_len = 0;
@ -312,58 +293,59 @@ rewrite_subst_apply(
* Resolve submatches (simple subst, map expansion and so).
*/
for ( n = 0, l = 0; n < subst->lt_num_submatch; n++ ) {
struct berval key;
int rc;
struct berval key = { 0, NULL };
submatch[ n ].bv_val = NULL;
/*
* Get key
*/
switch( subst->lt_submatch[ n ]->ls_type ) {
switch ( subst->lt_submatch[ n ].ls_type ) {
case REWRITE_SUBMATCH_ASIS:
case REWRITE_SUBMATCH_XMAP:
rc = submatch_copy( subst->lt_submatch[ n ],
rc = submatch_copy( &subst->lt_submatch[ n ],
string, match, &key );
if ( rc != REWRITE_SUCCESS ) {
free( submatch );
return REWRITE_REGEXEC_ERR;
rc = REWRITE_REGEXEC_ERR;
goto cleanup;
}
break;
case REWRITE_SUBMATCH_MAP_W_ARG:
switch ( subst->lt_submatch[ n ]->ls_map->lm_type ) {
switch ( subst->lt_submatch[ n ].ls_map->lm_type ) {
case REWRITE_MAP_GET_OP_VAR:
case REWRITE_MAP_GET_SESN_VAR:
case REWRITE_MAP_GET_PARAM:
rc = REWRITE_SUCCESS;
break;
default:
rc = rewrite_subst_apply( info, op,
subst->lt_submatch[ n ]->ls_map->lm_subst,
subst->lt_submatch[ n ].ls_map->lm_subst,
string, match, &key);
}
if ( rc != REWRITE_SUCCESS ) {
free( submatch );
return REWRITE_REGEXEC_ERR;
rc = REWRITE_REGEXEC_ERR;
goto cleanup;
}
break;
default:
Debug( LDAP_DEBUG_ANY, "Not Implemented\n%s%s%s",
"", "", "" );
Debug( LDAP_DEBUG_ANY, "Not Implemented\n", 0, 0, 0 );
rc = REWRITE_ERR;
break;
}
if ( rc != REWRITE_SUCCESS ) {
free( submatch );
return REWRITE_REGEXEC_ERR;
rc = REWRITE_REGEXEC_ERR;
goto cleanup;
}
/*
* Resolve key
*/
switch ( subst->lt_submatch[ n ]->ls_type ) {
switch ( subst->lt_submatch[ n ].ls_type ) {
case REWRITE_SUBMATCH_ASIS:
submatch[ n ] = key;
rc = REWRITE_SUCCESS;
@ -371,16 +353,20 @@ rewrite_subst_apply(
case REWRITE_SUBMATCH_XMAP:
rc = rewrite_xmap_apply( info, op,
subst->lt_submatch[ n ]->ls_map,
subst->lt_submatch[ n ].ls_map,
&key, &submatch[ n ] );
free( key.bv_val );
key.bv_val = NULL;
break;
case REWRITE_SUBMATCH_MAP_W_ARG:
rc = rewrite_map_apply( info, op,
subst->lt_submatch[ n ]->ls_map,
subst->lt_submatch[ n ].ls_map,
&key, &submatch[ n ] );
free( key.bv_val );
key.bv_val = NULL;
break;
default:
/*
* When implemented, this might return the
@ -393,8 +379,7 @@ rewrite_subst_apply(
}
if ( rc != REWRITE_SUCCESS ) {
free( submatch );
return REWRITE_REGEXEC_ERR;
rc = REWRITE_REGEXEC_ERR;
}
/*
@ -408,7 +393,7 @@ rewrite_subst_apply(
* of the subst pattern and initialize it
*/
l += subst->lt_subs_len;
res = calloc( sizeof( char ), l + 1 );
res = malloc( l + 1 );
if ( res == NULL ) {
rc = REWRITE_REGEXEC_ERR;
goto cleanup;
@ -418,29 +403,92 @@ rewrite_subst_apply(
* Apply submatches (possibly resolved thru maps
*/
for ( n = 0, cl = 0; n < subst->lt_num_submatch; n++ ) {
if ( subst->lt_subs[ n ] != NULL ) {
AC_MEMCPY( res + cl, subst->lt_subs[ n ]->bv_val,
subst->lt_subs[ n ]->bv_len );
cl += subst->lt_subs[ n ]->bv_len;
if ( subst->lt_subs[ n ].bv_val != NULL ) {
AC_MEMCPY( res + cl, subst->lt_subs[ n ].bv_val,
subst->lt_subs[ n ].bv_len );
cl += subst->lt_subs[ n ].bv_len;
}
AC_MEMCPY( res + cl, submatch[ n ].bv_val,
submatch[ n ].bv_len );
cl += submatch[ n ].bv_len;
free( submatch[ n ].bv_val );
}
if ( subst->lt_subs[ n ] != NULL ) {
AC_MEMCPY( res + cl, subst->lt_subs[ n ]->bv_val,
subst->lt_subs[ n ]->bv_len );
if ( subst->lt_subs[ n ].bv_val != NULL ) {
AC_MEMCPY( res + cl, subst->lt_subs[ n ].bv_val,
subst->lt_subs[ n ].bv_len );
cl += subst->lt_subs[ n ].bv_len;
}
res[ cl ] = '\0';
val->bv_val = res;
val->bv_len = l;
cleanup:;
if ( submatch ) {
for ( ; --n >= 0; ) {
if ( submatch[ n ].bv_val ) {
free( submatch[ n ].bv_val );
}
}
free( submatch );
}
return rc;
}
/*
* frees data
*/
int
rewrite_subst_destroy(
struct rewrite_subst **psubst
)
{
int n;
struct rewrite_subst *subst;
assert( psubst );
assert( *psubst );
subst = *psubst;
for ( n = 0; n < subst->lt_num_submatch; n++ ) {
if ( subst->lt_subs[ n ].bv_val ) {
free( subst->lt_subs[ n ].bv_val );
subst->lt_subs[ n ].bv_val = NULL;
}
switch ( subst->lt_submatch[ n ].ls_type ) {
case REWRITE_SUBMATCH_ASIS:
break;
case REWRITE_SUBMATCH_XMAP:
rewrite_xmap_destroy( &subst->lt_submatch[ n ].ls_map );
break;
case REWRITE_SUBMATCH_MAP_W_ARG:
rewrite_map_destroy( &subst->lt_submatch[ n ].ls_map );
break;
default:
break;
}
}
free( subst->lt_submatch );
subst->lt_submatch = NULL;
/* last one */
if ( subst->lt_subs[ n ].bv_val ) {
free( subst->lt_subs[ n ].bv_val );
subst->lt_subs[ n ].bv_val = NULL;
}
free( subst->lt_subs );
subst->lt_subs = NULL;
free( subst );
*psubst = NULL;
return 0;
}

23
libraries/librewrite/var.c
View file

@ -109,25 +109,31 @@ rewrite_var_insert(
if ( var == NULL ) {
return NULL;
}
var->lv_name = ( char * )strdup( name );
memset( var, 0, sizeof( struct rewrite_var ) );
var->lv_name = strdup( name );
if ( var->lv_name == NULL ) {
free( var );
return NULL;
rc = -1;
goto cleanup;
}
var->lv_value.bv_val = strdup( value );
if ( var->lv_value.bv_val == NULL ) {
free( var );
free( var->lv_name );
return NULL;
rc = -1;
goto cleanup;
}
var->lv_value.bv_len = strlen( value );
rc = avl_insert( tree, ( caddr_t )var,
rewrite_var_cmp, rewrite_var_dup );
if ( rc != 0 ) {
free( var );
rc = -1;
goto cleanup;
}
cleanup:;
if ( rc != 0 ) {
free( var->lv_name );
free( var->lv_value.bv_val );
return NULL;
free( var );
var = NULL;
}
return var;
@ -184,6 +190,7 @@ rewrite_var_free(
free( var->lv_name );
free( var->lv_value.bv_val );
free( var );
}
/*

503
libraries/librewrite/xmap.c Normal file
View file

@ -0,0 +1,503 @@
/******************************************************************************
*
* Copyright (C) 2000 Pierangelo Masarati, <ando@sys-net.it>
* All rights reserved.
*
* Permission is granted to anyone to use this software for any purpose
* on any computer system, and to alter it and redistribute it, subject
* to the following restrictions:
*
* 1. The author is not responsible for the consequences of use of this
* software, no matter how awful, even if they arise from flaws in it.
*
* 2. The origin of this software must not be misrepresented, either by
* explicit claim or by omission. Since few users ever read sources,
* credits should appear in the documentation.
*
* 3. Altered versions must be plainly marked as such, and must not be
* misrepresented as being the original software. Since few users
* ever read sources, credits should appear in the documentation.
*
* 4. This notice may not be removed or altered.
*
******************************************************************************/
#include <portable.h>
#include <stdio.h>
#ifdef HAVE_PWD_H
#include <pwd.h>
#endif
#include "rewrite-int.h"
#include "rewrite-map.h"
/*
* Global data
*/
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_mutex_t xpasswd_mutex;
static int xpasswd_mutex_init = 0;
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
/*
* Map parsing
* NOTE: these are old-fashion maps; new maps will be parsed on separate
* config lines, and referred by name.
*/
struct rewrite_map *
rewrite_xmap_parse(
struct rewrite_info *info,
const char *s,
const char **currpos
)
{
struct rewrite_map *map;
assert( info != NULL );
assert( s != NULL );
assert( currpos != NULL );
Debug( LDAP_DEBUG_ARGS, "rewrite_xmap_parse: %s\n%s%s",
s, "", "" );
*currpos = NULL;
map = calloc( sizeof( struct rewrite_map ), 1 );
if ( map == NULL ) {
Debug( LDAP_DEBUG_ANY, "rewrite_xmap_parse:"
" calloc failed\n%s%s%s", "", "", "" );
return NULL;
}
/*
* Experimental passwd map:
* replaces the uid with the matching gecos from /etc/passwd file
*/
if ( strncasecmp(s, "xpasswd", 7 ) == 0 ) {
map->lm_type = REWRITE_MAP_XPWDMAP;
map->lm_name = strdup( "xpasswd" );
assert( s[7] == '}' );
*currpos = s + 8;
#ifdef USE_REWRITE_LDAP_PVT_THREADS
if ( !xpasswd_mutex_init ) {
if ( ldap_pvt_thread_mutex_init( &xpasswd_mutex ) ) {
free( map );
return NULL;
}
}
++xpasswd_mutex_init;
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
/* Don't really care if fails */
return map;
/*
* Experimental file map:
* looks up key in a `key value' ascii file
*/
} else if ( strncasecmp(s, "xfile", 5 ) == 0 ) {
char *filename;
const char *p;
int l;
int c = 5;
map->lm_type = REWRITE_MAP_XFILEMAP;
if ( s[ c ] != '(' ) {
free( map );
return NULL;
}
/* Must start with '/' for security concerns */
c++;
if ( s[ c ] != '/' ) {
free( map );
return NULL;
}
for ( p = s + c; p[ 0 ] != '\0' && p[ 0 ] != ')'; p++ );
if ( p[ 0 ] != ')' ) {
free( map );
return NULL;
}
l = p - s - c;
filename = calloc( sizeof( char ), l + 1 );
AC_MEMCPY( filename, s + c, l );
filename[ l ] = '\0';
map->lm_args = ( void * )fopen( filename, "r" );
free( filename );
if ( map->lm_args == NULL ) {
free( map );
return NULL;
}
*currpos = p + 1;
#ifdef USE_REWRITE_LDAP_PVT_THREADS
if ( ldap_pvt_thread_mutex_init( &map->lm_mutex ) ) {
fclose( ( FILE * )map->lm_args );
free( map );
return NULL;
}
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
return map;
/*
* Experimental ldap map:
* looks up key on the fly (not implemented!)
*/
} else if ( strncasecmp(s, "xldap", 5 ) == 0 ) {
char *p;
char *url;
int l, rc;
int c = 5;
LDAPURLDesc *lud;
if ( s[ c ] != '(' ) {
free( map );
return NULL;
}
c++;
p = strchr( s, '}' );
if ( p == NULL ) {
free( map );
return NULL;
}
p--;
*currpos = p + 2;
/*
* Add two bytes for urlencoding of '%s'
*/
l = p - s - c;
url = calloc( sizeof( char ), l + 3 );
AC_MEMCPY( url, s + c, l );
url[ l ] = '\0';
/*
* Urlencodes the '%s' for ldap_url_parse
*/
p = strchr( url, '%' );
if ( p != NULL ) {
AC_MEMCPY( p + 3, p + 1, strlen( p + 1 ) + 1 );
p[ 1 ] = '2';
p[ 2 ] = '5';
}
rc = ldap_url_parse( url, &lud );
free( url );
if ( rc != LDAP_SUCCESS ) {
free( map );
return NULL;
}
assert( lud != NULL );
map->lm_args = ( void * )lud;
map->lm_type = REWRITE_MAP_XLDAPMAP;
#ifdef USE_REWRITE_LDAP_PVT_THREADS
if ( ldap_pvt_thread_mutex_init( &map->lm_mutex ) ) {
ldap_free_urldesc( lud );
free( map );
return NULL;
}
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
return map;
/* Unhandled map */
}
return NULL;
}
/*
* Map key -> value resolution
* NOTE: these are old-fashion maps; new maps will be parsed on separate
* config lines, and referred by name.
*/
int
rewrite_xmap_apply(
struct rewrite_info *info,
struct rewrite_op *op,
struct rewrite_map *map,
struct berval *key,
struct berval *val
)
{
int rc = REWRITE_SUCCESS;
assert( info != NULL );
assert( op != NULL );
assert( map != NULL );
assert( key != NULL );
assert( val != NULL );
val->bv_val = NULL;
val->bv_len = 0;
switch ( map->lm_type ) {
#ifdef HAVE_GETPWNAM
case REWRITE_MAP_XPWDMAP: {
struct passwd *pwd;
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_mutex_lock( &xpasswd_mutex );
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
pwd = getpwnam( key->bv_val );
if ( pwd == NULL ) {
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_mutex_unlock( &xpasswd_mutex );
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
rc = REWRITE_NO_SUCH_OBJECT;
break;
}
#ifdef HAVE_PW_GECOS
if ( pwd->pw_gecos != NULL && pwd->pw_gecos[0] != '\0' ) {
int l = strlen( pwd->pw_gecos );
val->bv_val = strdup( pwd->pw_gecos );
if ( val->bv_val == NULL ) {
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_mutex_unlock( &xpasswd_mutex );
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
rc = REWRITE_ERR;
break;
}
val->bv_len = l;
} else
#endif /* HAVE_PW_GECOS */
{
val->bv_val = strdup( key->bv_val );
val->bv_len = key->bv_len;
}
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_mutex_unlock( &xpasswd_mutex );
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
break;
}
#endif /* HAVE_GETPWNAM*/
case REWRITE_MAP_XFILEMAP: {
char buf[1024];
if ( map->lm_args == NULL ) {
rc = REWRITE_ERR;
break;
}
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_mutex_lock( &map->lm_mutex );
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
rewind( ( FILE * )map->lm_args );
while ( fgets( buf, sizeof( buf ), ( FILE * )map->lm_args ) ) {
char *p;
int blen;
blen = strlen( buf );
if ( buf[ blen - 1 ] == '\n' ) {
buf[ blen - 1 ] = '\0';
}
p = strtok( buf, " " );
if ( p == NULL ) {
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_mutex_unlock( &map->lm_mutex );
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
rc = REWRITE_ERR;
goto rc_return;
}
if ( strcasecmp( p, key->bv_val ) == 0
&& ( p = strtok( NULL, "" ) ) ) {
val->bv_val = strdup( p );
if ( val->bv_val == NULL ) {
return REWRITE_ERR;
}
val->bv_len = strlen( p );
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_mutex_unlock( &map->lm_mutex );
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
goto rc_return;
}
}
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_mutex_unlock( &map->lm_mutex );
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
rc = REWRITE_ERR;
break;
}
case REWRITE_MAP_XLDAPMAP: {
LDAP *ld;
char filter[1024];
LDAPMessage *res = NULL, *entry;
LDAPURLDesc *lud = ( LDAPURLDesc * )map->lm_args;
int attrsonly = 0;
char **values;
assert( lud != NULL );
/*
* No mutex because there is no write on the map data
*/
ld = ldap_init( lud->lud_host, lud->lud_port );
if ( ld == NULL ) {
rc = REWRITE_ERR;
goto rc_return;
}
snprintf( filter, sizeof( filter ), lud->lud_filter,
key->bv_val );
if ( strcasecmp( lud->lud_attrs[ 0 ], "dn" ) == 0 ) {
attrsonly = 1;
}
rc = ldap_search_s( ld, lud->lud_dn, lud->lud_scope,
filter, lud->lud_attrs, attrsonly, &res );
if ( rc != LDAP_SUCCESS ) {
ldap_unbind( ld );
rc = REWRITE_ERR;
goto rc_return;
}
if ( ldap_count_entries( ld, res ) != 1 ) {
ldap_unbind( ld );
rc = REWRITE_ERR;
goto rc_return;
}
entry = ldap_first_entry( ld, res );
if ( entry == NULL ) {
ldap_msgfree( res );
ldap_unbind( ld );
rc = REWRITE_ERR;
goto rc_return;
}
if ( attrsonly == 1 ) {
val->bv_val = ldap_get_dn( ld, entry );
if ( val->bv_val == NULL ) {
ldap_msgfree( res );
ldap_unbind( ld );
rc = REWRITE_ERR;
goto rc_return;
}
} else {
values = ldap_get_values( ld, entry,
lud->lud_attrs[0] );
if ( values == NULL ) {
ldap_msgfree( res );
ldap_unbind( ld );
rc = REWRITE_ERR;
goto rc_return;
}
val->bv_val = strdup( values[ 0 ] );
ldap_value_free( values );
}
val->bv_len = strlen( val->bv_val );
ldap_msgfree( res );
ldap_unbind( ld );
rc = REWRITE_SUCCESS;
}
}
rc_return:;
return rc;
}
int
rewrite_xmap_destroy(
struct rewrite_map **pmap
)
{
struct rewrite_map *map;
assert( pmap );
assert( *pmap );
map = *pmap;
switch ( map->lm_type ) {
case REWRITE_MAP_XPWDMAP:
#ifdef USE_REWRITE_LDAP_PVT_THREADS
--xpasswd_mutex_init;
if ( !xpasswd_mutex_init ) {
ldap_pvt_thread_mutex_destroy( &xpasswd_mutex );
}
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
break;
case REWRITE_MAP_XFILEMAP:
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_mutex_lock( &map->lm_mutex );
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
if ( map->lm_args ) {
fclose( ( FILE * )map->lm_args );
map->lm_args = NULL;
}
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_mutex_unlock( &map->lm_mutex );
ldap_pvt_thread_mutex_destroy( &map->lm_mutex );
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
break;
case REWRITE_MAP_XLDAPMAP:
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_mutex_lock( &map->lm_mutex );
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
if ( map->lm_args ) {
ldap_free_urldesc( ( LDAPURLDesc * )map->lm_args );
map->lm_args = NULL;
}
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_mutex_unlock( &map->lm_mutex );
ldap_pvt_thread_mutex_destroy( &map->lm_mutex );
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
break;
default:
break;
}
free( map->lm_name );
free( map );
*pmap = NULL;
return 0;
}

4
servers/slapd/Makefile.in
View file

@ -23,7 +23,7 @@ SRCS = main.c globals.c config.c daemon.c \
oidm.c starttls.c index.c sets.c referral.c root_dse.c \
sasl.c module.c mra.c mods.c sl_malloc.c limits.c \
backglue.c operational.c matchedValues.c cancel.c syncrepl.c \
backover.c ctxcsn.c $(@PLAT@_SRCS)
backover.c ctxcsn.c ldapsync.c sessionlog.c $(@PLAT@_SRCS)
OBJS = main.o globals.o config.o daemon.o \
connection.o search.o filter.o add.o cr.o \
@ -37,7 +37,7 @@ OBJS = main.o globals.o config.o daemon.o \
oidm.o starttls.o index.o sets.o referral.o root_dse.o \
sasl.o module.o mra.o mods.o sl_malloc.o limits.o \
backglue.o operational.o matchedValues.o cancel.o syncrepl.o \
backover.o ctxcsn.o $(@PLAT@_OBJS)
backover.o ctxcsn.o ldapsync.o sessionlog.o $(@PLAT@_OBJS)
LDAP_INCDIR= ../../include -I$(srcdir)/slapi
LDAP_LIBDIR= ../../libraries

4
servers/slapd/acl.c
View file

@ -178,8 +178,8 @@ access_allowed(
}
#ifdef LDAP_SLAPI
ret = slapi_x_access_allowed( op, e, desc, val, access, state );
if ( ret == 0 ) {
if ( op->o_pb &&
!slapi_x_access_allowed( op, e, desc, val, access, state )) {
/* ACL plugin denied access */
goto done;
}

28
servers/slapd/aclparse.c
View file

@ -1565,7 +1565,7 @@ print_access( Access *b )
fprintf( stderr, " %s", b->a_dn_pat.bv_val );
} else {
fprintf( stderr, " dn.%s=%s",
fprintf( stderr, " dn.%s=\"%s\"",
style_strings[b->a_dn_style], b->a_dn_pat.bv_val );
}
}
@ -1575,25 +1575,19 @@ print_access( Access *b )
}
if ( b->a_group_pat.bv_len ) {
fprintf( stderr, " group=%s", b->a_group_pat.bv_val );
if ( b->a_group_oc ) {
fprintf( stderr, " objectClass: %s",
b->a_group_oc->soc_oclass.oc_oid );
if ( b->a_group_at ) {
fprintf( stderr, " attributeType: %s",
b->a_group_at->ad_cname.bv_val );
}
}
fprintf( stderr, " group/%s/%s.%s=\"%s\"",
b->a_group_oc ? b->a_group_oc->soc_cname.bv_val : "groupOfNames",
b->a_group_at ? b->a_group_at->ad_cname.bv_val : "member",
style_strings[b->a_group_style],
b->a_group_pat.bv_val );
}
if ( b->a_peername_pat.bv_len != 0 ) {
fprintf( stderr, " peername=%s", b->a_peername_pat.bv_val );
fprintf( stderr, " peername=\"%s\"", b->a_peername_pat.bv_val );
}
if ( b->a_sockname_pat.bv_len != 0 ) {
fprintf( stderr, " sockname=%s", b->a_sockname_pat.bv_val );
fprintf( stderr, " sockname=\"%s\"", b->a_sockname_pat.bv_val );
}
if ( b->a_domain_pat.bv_len != 0 ) {
@ -1601,7 +1595,7 @@ print_access( Access *b )
}
if ( b->a_sockurl_pat.bv_len != 0 ) {
fprintf( stderr, " sockurl=%s", b->a_sockurl_pat.bv_val );
fprintf( stderr, " sockurl=\"%s\"", b->a_sockurl_pat.bv_val );
}
#ifdef SLAPD_ACI_ENABLED
@ -1657,7 +1651,7 @@ print_acl( Backend *be, AccessControl *a )
if ( a->acl_dn_pat.bv_len != 0 ) {
to++;
fprintf( stderr, " dn.%s=%s\n",
fprintf( stderr, " dn.%s=\"%s\"\n",
style_strings[a->acl_dn_style], a->acl_dn_pat.bv_val );
}
@ -1687,7 +1681,7 @@ print_acl( Backend *be, AccessControl *a )
if ( a->acl_attrval.bv_len != 0 ) {
to++;
fprintf( stderr, " val.%s=%s\n",
fprintf( stderr, " val.%s=\"%s\"\n",
style_strings[a->acl_attrval_style], a->acl_attrval.bv_val );
}

46
servers/slapd/add.c
View file

@ -231,7 +231,7 @@ do_add( Operation *op, SlapReply *rs )
}
#ifdef LDAP_SLAPI
initAddPlugin( op, &dn, e, manageDSAit );
if ( op->o_pb ) initAddPlugin( op, &dn, e, manageDSAit );
#endif /* LDAP_SLAPI */
/*
@ -244,10 +244,10 @@ do_add( Operation *op, SlapReply *rs )
/* do the update here */
int repl_user = be_isupdate(op->o_bd, &op->o_ndn );
#ifndef SLAPD_MULTIMASTER
if ( !op->o_bd->syncinfo &&
( !op->o_bd->be_update_ndn.bv_len || repl_user ))
if ( !op->o_bd->be_syncinfo &&
( !op->o_bd->be_update_ndn.bv_len || repl_user ))
#else
if ( !op->o_bd->syncinfo )
if ( !op->o_bd->be_syncinfo )
#endif
{
int update = op->o_bd->be_update_ndn.bv_len;
@ -290,10 +290,12 @@ do_add( Operation *op, SlapReply *rs )
* Call the preoperation plugin here, because the entry
* will actually contain something.
*/
rs->sr_err = doPreAddPluginFNs( op );
if ( rs->sr_err != LDAP_SUCCESS ) {
/* plugin will have sent result */
goto done;
if ( op->o_pb ) {
rs->sr_err = doPreAddPluginFNs( op );
if ( rs->sr_err != LDAP_SUCCESS ) {
/* plugin will have sent result */
goto done;
}
}
#endif /* LDAP_SLAPI */
@ -317,18 +319,20 @@ do_add( Operation *op, SlapReply *rs )
* SLAPI_ADD_ENTRY will be empty, but this may be acceptable
* on replicas (for now, it involves the minimum code intrusion).
*/
rs->sr_err = doPreAddPluginFNs( op );
if ( rs->sr_err != LDAP_SUCCESS ) {
/* plugin will have sent result */
goto done;
if ( op->o_pb ) {
rs->sr_err = doPreAddPluginFNs( op );
if ( rs->sr_err != LDAP_SUCCESS ) {
/* plugin will have sent result */
goto done;
}
}
#endif /* LDAP_SLAPI */
if ( op->o_bd->syncinfo ) {
defref = op->o_bd->syncinfo->provideruri_bv;
if ( op->o_bd->be_syncinfo ) {
defref = op->o_bd->be_syncinfo->si_provideruri_bv;
} else {
defref = op->o_bd->be_update_refs
? op->o_bd->be_update_refs : default_referral;
? op->o_bd->be_update_refs : default_referral;
}
if ( defref != NULL ) {
@ -349,10 +353,12 @@ do_add( Operation *op, SlapReply *rs )
}
} else {
#ifdef LDAP_SLAPI
rs->sr_err = doPreAddPluginFNs( op );
if ( rs->sr_err != LDAP_SUCCESS ) {
/* plugin will have sent result */
goto done;
if ( op->o_pb ) {
rs->sr_err = doPreAddPluginFNs( op );
if ( rs->sr_err != LDAP_SUCCESS ) {
/* plugin will have sent result */
goto done;
}
}
#endif
#ifdef NEW_LOGGING
@ -366,7 +372,7 @@ do_add( Operation *op, SlapReply *rs )
}
#ifdef LDAP_SLAPI
doPostAddPluginFNs( op );
if ( op->o_pb ) doPostAddPluginFNs( op );
#endif /* LDAP_SLAPI */
done:

12
servers/slapd/attr.c
View file

@ -162,7 +162,9 @@ attr_merge_normalize(
BerVarray nvals = NULL;
int rc;
if ( desc->ad_type->sat_equality && desc->ad_type->sat_equality->smr_normalize ) {
if ( desc->ad_type->sat_equality &&
desc->ad_type->sat_equality->smr_normalize )
{
int i;
for ( i = 0; vals[i].bv_val; i++ );
@ -170,7 +172,7 @@ attr_merge_normalize(
nvals = sl_calloc( sizeof(struct berval), i + 1, memctx );
for ( i = 0; vals[i].bv_val; i++ ) {
rc = (*desc->ad_type->sat_equality->smr_normalize)(
0,
SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
desc->ad_type->sat_syntax,
desc->ad_type->sat_equality,
&vals[i], &nvals[i], memctx );
@ -235,9 +237,11 @@ attr_merge_normalize_one(
struct berval *nvalp;
int rc;
if ( desc->ad_type->sat_equality && desc->ad_type->sat_equality->smr_normalize ) {
if ( desc->ad_type->sat_equality &&
desc->ad_type->sat_equality->smr_normalize )
{
rc = (*desc->ad_type->sat_equality->smr_normalize)(
0,
SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
desc->ad_type->sat_syntax,
desc->ad_type->sat_equality,
val, &nval, memctx );

6
servers/slapd/back-bdb/add.c
View file

@ -436,7 +436,7 @@ retry: /* transaction retry */
goto return_results;
}
if ( !op->o_bd->syncinfo ) {
if ( !op->o_bd->be_syncinfo ) {
rc = bdb_csn_commit( op, rs, ltid, ei, &suffix_ei,
&ctxcsn_e, &ctxcsn_added, locker );
switch ( rc ) {
@ -481,7 +481,7 @@ retry: /* transaction retry */
suffix_ei = op->oq_add.rs_e->e_private;
}
if ( !op->o_bd->syncinfo ) {
if ( !op->o_bd->be_syncinfo ) {
if ( ctxcsn_added ) {
bdb_cache_add( bdb, suffix_ei, ctxcsn_e, (struct berval *)&slap_ldapsync_cn_bv, locker );
}
@ -528,7 +528,7 @@ retry: /* transaction retry */
return_results:
send_ldap_result( op, rs );
if ( rs->sr_err == LDAP_SUCCESS && !noop ) {
if ( rs->sr_err == LDAP_SUCCESS && !noop && !op->o_no_psearch ) {
LDAP_LIST_FOREACH ( ps_list, &bdb->bi_psearch_list, o_ps_link ) {
bdb_psearch( op, rs, ps_list, op->oq_add.rs_e, LDAP_PSEARCH_BY_ADD );
}

2
servers/slapd/back-bdb/back-bdb.h
View file

@ -162,6 +162,8 @@ struct bdb_info {
ID bi_lastid;
ldap_pvt_thread_mutex_t bi_lastid_mutex;
LDAP_LIST_HEAD(pl, slap_op) bi_psearch_list;
ldap_pvt_thread_mutex_t bi_pslist_mutex;
LDAP_LIST_HEAD(se, slap_session_entry) bi_session_list;
#ifdef SLAP_IDL_CACHE
int bi_idl_cache_max_size;
int bi_idl_cache_size;

2
servers/slapd/back-bdb/cache.c
View file

@ -744,6 +744,8 @@ bdb_cache_add(
if ( eip->bei_dkids ) eip->bei_dkids++;
#endif
rc = bdb_entryinfo_add_internal( bdb, &ei, &new );
/* bdb_csn_commit can cause this when adding the database root entry */
if ( new->bei_e ) bdb_entry_return( new->bei_e );
new->bei_e = e;
e->e_private = new;
new->bei_state = CACHE_ENTRY_NO_KIDS | CACHE_ENTRY_NO_GRANDKIDS;

129
servers/slapd/back-bdb/config.c
View file

@ -127,31 +127,31 @@ bdb_db_config(
if( rc != LDAP_SUCCESS ) return 1;
/* unique key for shared memory regions */
} else if ( strcasecmp( argv[0], "shm_key" ) == 0 ) {
if ( argc < 2 ) {
fprintf( stderr,
"%s: line %d: missing key in \"shm_key <key>\" line\n",
fname, lineno );
return( 1 );
}
bdb->bi_shm_key = atoi( argv[1] );
/* size of the cache in entries */
} else if ( strcasecmp( argv[0], "cachesize" ) == 0 ) {
if ( argc < 2 ) {
fprintf( stderr,
"%s: line %d: missing size in \"cachesize <size>\" line\n",
fname, lineno );
return( 1 );
}
bdb->bi_cache.c_maxsize = atoi( argv[1] );
/* depth of search stack cache in units of (IDL)s */
} else if ( strcasecmp( argv[0], "searchstack" ) == 0 ) {
} else if ( strcasecmp( argv[0], "shm_key" ) == 0 ) {
if ( argc < 2 ) {
fprintf( stderr,
"%s: line %d: missing depth in \"searchstack <depth>\" line\n",
fname, lineno );
"%s: line %d: missing key in \"shm_key <key>\" line\n",
fname, lineno );
return( 1 );
}
bdb->bi_shm_key = atoi( argv[1] );
/* size of the cache in entries */
} else if ( strcasecmp( argv[0], "cachesize" ) == 0 ) {
if ( argc < 2 ) {
fprintf( stderr,
"%s: line %d: missing size in \"cachesize <size>\" line\n",
fname, lineno );
return( 1 );
}
bdb->bi_cache.c_maxsize = atoi( argv[1] );
/* depth of search stack cache in units of (IDL)s */
} else if ( strcasecmp( argv[0], "searchstack" ) == 0 ) {
if ( argc < 2 ) {
fprintf( stderr,
"%s: line %d: missing depth in \"searchstack <depth>\" line\n",
fname, lineno );
return( 1 );
}
bdb->bi_search_stack_depth = atoi( argv[1] );
@ -165,17 +165,82 @@ bdb_db_config(
#ifdef SLAP_IDL_CACHE
/* size of the IDL cache in entries */
} else if ( strcasecmp( argv[0], "idlcachesize" ) == 0 ) {
if ( argc < 2 ) {
fprintf( stderr,
"%s: line %d: missing size in \"idlcachesize <size>\" line\n",
fname, lineno );
return( 1 );
}
if ( !( slapMode & SLAP_TOOL_MODE ) )
bdb->bi_idl_cache_max_size = atoi( argv[1] );
} else if ( strcasecmp( argv[0], "idlcachesize" ) == 0 ) {
if ( argc < 2 ) {
fprintf( stderr,
"%s: line %d: missing size in \"idlcachesize <size>\" line\n",
fname, lineno );
return( 1 );
}
if ( !( slapMode & SLAP_TOOL_MODE ) )
bdb->bi_idl_cache_max_size = atoi( argv[1] );
#endif
} else if ( strcasecmp( argv[0], "sessionlog" ) == 0 ) {
int se_id = 0, se_size = 0;
struct slap_session_entry *sent;
if ( argc < 3 ) {
#ifdef NEW_LOGGING
LDAP_LOG( CONFIG, CRIT,
"%s: line %d: missing arguments in \"sessionlog <id> <size>\""
" line.\n", fname, lineno , 0 );
#else
Debug( LDAP_DEBUG_ANY,
"%s: line %d: missing arguments in \"sessionlog <id> <size>\""
" line\n", fname, lineno, 0 );
#endif
return( 1 );
}
se_id = atoi( argv[1] );
se_size = atoi( argv[2] );
if ( se_id < 0 || se_id > 999 ) {
#ifdef NEW_LOGGING
LDAP_LOG( CONFIG, CRIT,
"%s: line %d: session log id %d is out of range [0..999]\n",
fname, lineno , se_id );
#else
Debug( LDAP_DEBUG_ANY,
"%s: line %d: session log id %d is out of range [0..999]\n",
fname, lineno , se_id );
#endif
return( 1 );
}
if ( se_size < 0 || se_size > 999 ) {
#ifdef NEW_LOGGING
LDAP_LOG( CONFIG, CRIT,
"%s: line %d: session log size %d is negative\n",
fname, lineno , se_size );
#else
Debug( LDAP_DEBUG_ANY,
"%s: line %d: session log size %d is negative\n",
fname, lineno , se_size );
#endif
return( 1 );
}
LDAP_LIST_FOREACH( sent, &bdb->bi_session_list, se_link ) {
if ( sent->se_id == se_id ) {
#ifdef NEW_LOGGING
LDAP_LOG( CONFIG, CRIT,
"%s: line %d: session %d already exists\n",
fname, lineno , se_id );
#else
Debug( LDAP_DEBUG_ANY,
"%s: line %d: session %d already exists\n",
fname, lineno , se_id );
#endif
return( 1 );
}
}
sent = (struct slap_session_entry *) ch_calloc( 1,
sizeof( struct slap_session_entry ));
sent->se_id = se_id;
sent->se_size = se_size;
LDAP_LIST_INSERT_HEAD( &bdb->bi_session_list, sent, se_link );
/* anything else */
} else {
fprintf( stderr, "%s: line %d: "

43
servers/slapd/back-bdb/ctxcsn.c
View file

@ -262,16 +262,18 @@ bdb_get_commit_csn(
int num_retries = 0;
int ctxcsn_added = 0;
int rc;
struct sync_cookie syncCookie = { NULL, -1, NULL};
if ( op->o_sync_mode != SLAP_SYNC_NONE ) {
if ( op->o_bd->syncinfo ) {
if ( op->o_bd->be_syncinfo ) {
char substr[67];
struct berval bv;
sprintf( substr, "cn=syncrepl%d", op->o_bd->syncinfo->id );
sprintf( substr, "cn=syncrepl%d", op->o_bd->be_syncinfo->si_id );
ber_str2bv( substr, 0, 0, &bv );
build_new_dn( &ctxcsn_ndn, &op->o_bd->be_nsuffix[0], &bv, NULL );
} else {
build_new_dn( &ctxcsn_ndn, &op->o_bd->be_nsuffix[0], (struct berval *)&slap_ldapsync_cn_bv, NULL );
build_new_dn( &ctxcsn_ndn, &op->o_bd->be_nsuffix[0],
(struct berval *)&slap_ldapsync_cn_bv, NULL );
}
ctxcsn_retry :
@ -292,9 +294,9 @@ ctxcsn_retry :
case DB_LOCK_NOTGRANTED:
goto ctxcsn_retry;
case DB_NOTFOUND:
if ( !op->o_bd->syncinfo ) {
if ( !op->o_bd->be_syncinfo ) {
snprintf( gid, sizeof( gid ), "%s-%08lx-%08lx",
bdb_uuid.bv_val, (long) op->o_connid, (long) op->o_opid );
bdb_uuid.bv_val, (long) op->o_connid, (long) op->o_opid );
slap_get_csn( op, csnbuf, sizeof(csnbuf), &csn, 1 );
@ -330,7 +332,8 @@ txn_retry:
return rs->sr_err;
}
bdb_cache_add( bdb, suffix_ei, ctxcsn_e, (struct berval *)&slap_ldapsync_cn_bv, locker );
bdb_cache_add( bdb, suffix_ei, ctxcsn_e,
(struct berval *)&slap_ldapsync_cn_bv, locker );
rs->sr_err = TXN_COMMIT( ltid, 0 );
if ( rs->sr_err != 0 ) {
@ -358,15 +361,27 @@ txn_retry:
}
if ( ctxcsn_e ) {
if ( op->o_bd->syncinfo ) {
csn_a = attr_find( ctxcsn_e->e_attrs, slap_schema.si_ad_syncreplCookie );
if ( op->o_bd->be_syncinfo ) {
csn_a = attr_find( ctxcsn_e->e_attrs,
slap_schema.si_ad_syncreplCookie );
if ( csn_a ) {
struct berval cookie;
ber_dupbv( &cookie, &csn_a->a_vals[0] );
ber_bvarray_add( &syncCookie.octet_str, &cookie );
slap_parse_sync_cookie( &syncCookie );
*search_context_csn = ber_dupbv( NULL, syncCookie.ctxcsn );
slap_sync_cookie_free( &syncCookie, 0 );
} else {
*search_context_csn = NULL;
}
} else {
csn_a = attr_find( ctxcsn_e->e_attrs, slap_schema.si_ad_contextCSN );
}
if ( csn_a ) {
*search_context_csn = ber_dupbv( NULL, &csn_a->a_vals[0] );
} else {
*search_context_csn = NULL;
csn_a = attr_find( ctxcsn_e->e_attrs,
slap_schema.si_ad_contextCSN );
if ( csn_a ) {
*search_context_csn = ber_dupbv( NULL, &csn_a->a_vals[0] );
} else {
*search_context_csn = NULL;
}
}
} else {
*search_context_csn = NULL;

19
servers/slapd/back-bdb/delete.c
View file

@ -251,9 +251,10 @@ retry: /* transaction retry */
matched = NULL;
} else {
BerVarray deref = op->o_bd->syncinfo ?
op->o_bd->syncinfo->provideruri_bv : default_referral;
rs->sr_ref = referral_rewrite( deref, NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
BerVarray deref = op->o_bd->be_syncinfo ?
op->o_bd->be_syncinfo->si_provideruri_bv : default_referral;
rs->sr_ref = referral_rewrite( deref, NULL, &op->o_req_dn,
LDAP_SCOPE_DEFAULT );
}
rs->sr_err = LDAP_REFERRAL;
@ -471,8 +472,9 @@ retry: /* transaction retry */
ldap_pvt_thread_mutex_unlock( &bdb->bi_lastid_mutex );
#endif
if ( !op->o_bd->syncinfo ) {
rc = bdb_csn_commit( op, rs, ltid, ei, &suffix_ei, &ctxcsn_e, &ctxcsn_added, locker );
if ( !op->o_bd->be_syncinfo ) {
rc = bdb_csn_commit( op, rs, ltid, ei, &suffix_ei,
&ctxcsn_e, &ctxcsn_added, locker );
switch ( rc ) {
case BDB_CSN_ABORT :
goto return_results;
@ -492,9 +494,10 @@ retry: /* transaction retry */
bdb_cache_delete( &bdb->bi_cache, e, bdb->bi_dbenv,
locker, &lock );
if ( !op->o_bd->syncinfo ) {
if ( !op->o_bd->be_syncinfo ) {
if ( ctxcsn_added ) {
bdb_cache_add( bdb, suffix_ei, ctxcsn_e, (struct berval *)&slap_ldapsync_cn_bv, locker );
bdb_cache_add( bdb, suffix_ei,
ctxcsn_e, (struct berval *)&slap_ldapsync_cn_bv, locker );
}
}
@ -537,7 +540,7 @@ retry: /* transaction retry */
return_results:
send_ldap_result( op, rs );
if ( rs->sr_err == LDAP_SUCCESS && !noop ) {
if ( rs->sr_err == LDAP_SUCCESS && !noop && !op->o_no_psearch ) {
LDAP_LIST_FOREACH( ps_list, &bdb->bi_psearch_list, o_ps_link ) {
bdb_psearch( op, rs, ps_list, e, LDAP_PSEARCH_BY_DELETE );
}

7
servers/slapd/back-bdb/init.c
View file

@ -554,12 +554,17 @@ bdb_db_destroy( BackendDB *be )
return 0;
}
#ifdef SLAPD_BDB_DYNAMIC
#if (defined(SLAPD_BDB_DYNAMIC) && !defined(BDB_HIER)) || \
(defined(SLAPD_HDB_DYNAMIC) && defined(BDB_HIER))
int init_module( int argc, char *argv[] ) {
BackendInfo bi;
memset( &bi, '\0', sizeof(bi) );
#ifdef BDB_HIER
bi.bi_type = "hdb";
#else
bi.bi_type = "bdb";
#endif
bi.bi_init = bdb_initialize;
backend_add( &bi );

16
servers/slapd/back-bdb/modify.c
View file

@ -421,9 +421,10 @@ retry: /* transaction retry */
e = NULL;
} else {
BerVarray deref = op->o_bd->syncinfo ?
op->o_bd->syncinfo->provideruri_bv : default_referral;
rs->sr_ref = referral_rewrite( deref, NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
BerVarray deref = op->o_bd->be_syncinfo ?
op->o_bd->be_syncinfo->si_provideruri_bv : default_referral;
rs->sr_ref = referral_rewrite( deref, NULL, &op->o_req_dn,
LDAP_SCOPE_DEFAULT );
}
rs->sr_err = LDAP_REFERRAL;
@ -466,7 +467,7 @@ retry: /* transaction retry */
goto return_results;
}
if ( rs->sr_err == LDAP_SUCCESS && !op->o_noop ) {
if ( rs->sr_err == LDAP_SUCCESS && !op->o_noop && !op->o_no_psearch ) {
LDAP_LIST_FOREACH ( ps_list, &bdb->bi_psearch_list, o_ps_link ) {
bdb_psearch(op, rs, ps_list, e, LDAP_PSEARCH_BY_PREMODIFY );
}
@ -575,7 +576,7 @@ retry: /* transaction retry */
goto return_results;
}
if ( !op->o_bd->syncinfo ) {
if ( !op->o_bd->be_syncinfo ) {
rc = bdb_csn_commit( op, rs, ltid, ei, &suffix_ei,
&ctxcsn_e, &ctxcsn_added, locker );
switch ( rc ) {
@ -598,9 +599,10 @@ retry: /* transaction retry */
bdb_cache_modify( e, dummy.e_attrs, bdb->bi_dbenv, locker, &lock );
if ( !op->o_bd->syncinfo ) {
if ( !op->o_bd->be_syncinfo ) {
if ( ctxcsn_added ) {
bdb_cache_add( bdb, suffix_ei, ctxcsn_e, (struct berval *)&slap_ldapsync_cn_bv, locker );
bdb_cache_add( bdb, suffix_ei, ctxcsn_e,
(struct berval *)&slap_ldapsync_cn_bv, locker );
}
}

19
servers/slapd/back-bdb/modrdn.c
View file

@ -173,9 +173,10 @@ retry: /* transaction retry */
e = NULL;
} else {
BerVarray deref = op->o_bd->syncinfo ?
op->o_bd->syncinfo->provideruri_bv : default_referral;
rs->sr_ref = referral_rewrite( deref, NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
BerVarray deref = op->o_bd->be_syncinfo ?
op->o_bd->be_syncinfo->si_provideruri_bv : default_referral;
rs->sr_ref = referral_rewrite( deref, NULL, &op->o_req_dn,
LDAP_SCOPE_DEFAULT );
}
rs->sr_err = LDAP_REFERRAL;
@ -863,7 +864,7 @@ retry: /* transaction retry */
goto return_results;
}
if ( rs->sr_err == LDAP_SUCCESS && !op->o_noop ) {
if ( rs->sr_err == LDAP_SUCCESS && !op->o_noop && !op->o_no_psearch ) {
LDAP_LIST_FOREACH ( ps_list, &bdb->bi_psearch_list, o_ps_link ) {
bdb_psearch( op, rs, ps_list, e, LDAP_PSEARCH_BY_PREMODIFY );
}
@ -939,8 +940,9 @@ retry: /* transaction retry */
goto return_results;
}
if ( !op->o_bd->syncinfo ) {
rc = bdb_csn_commit( op, rs, ltid, ei, &suffix_ei, &ctxcsn_e, &ctxcsn_added, locker );
if ( !op->o_bd->be_syncinfo ) {
rc = bdb_csn_commit( op, rs, ltid, ei, &suffix_ei,
&ctxcsn_e, &ctxcsn_added, locker );
switch ( rc ) {
case BDB_CSN_ABORT :
goto return_results;
@ -970,9 +972,10 @@ retry: /* transaction retry */
bdb_cache_modrdn( save, &op->orr_nnewrdn, e, neip,
bdb->bi_dbenv, locker, &lock );
if ( !op->o_bd->syncinfo ) {
if ( !op->o_bd->be_syncinfo ) {
if ( ctxcsn_added ) {
bdb_cache_add( bdb, suffix_ei, ctxcsn_e, (struct berval *)&slap_ldapsync_cn_bv, locker );
bdb_cache_add( bdb, suffix_ei, ctxcsn_e,
(struct berval *)&slap_ldapsync_cn_bv, locker );
}
}

31
servers/slapd/back-bdb/proto-bdb.h
View file

@ -548,37 +548,6 @@ int bdb_do_search(
);
#define bdb_psearch(op, rs, sop, e, ps_type) bdb_do_search(op, rs, sop, e, ps_type)
#define bdb_build_sync_state_ctrl BDB_SYMBOL(build_sync_state_ctrl)
#define bdb_build_sync_done_ctrl BDB_SYMBOL(build_sync_done_ctrl)
#define bdb_send_ldap_intermediate BDB_SYMBOL(send_ldap_intermediate)
int
bdb_build_sync_state_ctrl(
Operation *op,
SlapReply *rs,
Entry *e,
int entry_sync_state,
LDAPControl **ctrls,
int num_ctrls,
int send_cookie,
struct berval *csn );
int
bdb_build_sync_done_ctrl(
Operation *op,
SlapReply *rs,
LDAPControl **ctrls,
int num_ctrls,
int send_cookie,
struct berval *latest_entrycsn_bv );
int
bdb_send_ldap_intermediate(
Operation *op,
SlapReply *rs,
int state,
struct berval *cookie );
/*
* trans.c
*/

534
servers/slapd/back-bdb/search.c
View file

@ -291,48 +291,62 @@ int is_sync_protocol( Operation *op )
( type == LDAP_PSEARCH_BY_SCOPEOUT ))
#define IS_PSEARCH (op != sop)
int
bdb_abandon( Operation *op, SlapReply *rs )
static Operation *
bdb_drop_psearch( Operation *op, ber_int_t msgid )
{
Operation *ps_list;
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
LDAP_LIST_FOREACH ( ps_list, &bdb->bi_psearch_list, o_ps_link ) {
if ( ps_list->o_connid == op->o_connid ) {
if ( ps_list->o_msgid == op->oq_abandon.rs_msgid ) {
if ( ps_list->o_msgid == msgid ) {
ps_list->o_abandon = 1;
LDAP_LIST_REMOVE( ps_list, o_ps_link );
slap_op_free ( ps_list );
return LDAP_SUCCESS;
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
LDAP_STAILQ_REMOVE( &op->o_conn->c_ops, ps_list,
slap_op, o_next );
LDAP_STAILQ_NEXT( ps_list, o_next ) = NULL;
op->o_conn->c_n_ops_executing--;
op->o_conn->c_n_ops_completed++;
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
return ps_list;
}
}
}
return NULL;
}
int
bdb_abandon( Operation *op, SlapReply *rs )
{
Operation *ps;
ps = bdb_drop_psearch( op, op->oq_abandon.rs_msgid );
if ( ps ) {
if ( ps->o_tmpmemctx ) {
sl_mem_destroy( NULL, ps->o_tmpmemctx );
}
slap_op_free ( ps );
return LDAP_SUCCESS;
}
return LDAP_UNAVAILABLE;
}
int
bdb_cancel( Operation *op, SlapReply *rs )
{
Operation *ps_list;
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
Operation *ps;
LDAP_LIST_FOREACH ( ps_list, &bdb->bi_psearch_list, o_ps_link ) {
if ( ps_list->o_connid == op->o_connid ) {
if ( ps_list->o_msgid == op->oq_cancel.rs_msgid ) {
ps_list->o_cancel = SLAP_CANCEL_DONE;
LDAP_LIST_REMOVE( ps_list, o_ps_link );
rs->sr_err = LDAP_CANCELLED;
send_ldap_result( ps_list, rs );
if ( ps_list->o_tmpmemctx ) {
sl_mem_destroy( NULL, ps_list->o_tmpmemctx );
}
slap_op_free ( ps_list );
return LDAP_SUCCESS;
}
ps = bdb_drop_psearch( op, op->oq_cancel.rs_msgid );
if ( ps ) {
rs->sr_err = LDAP_CANCELLED;
send_ldap_result( ps, rs );
if ( ps->o_tmpmemctx ) {
sl_mem_destroy( NULL, ps->o_tmpmemctx );
}
slap_op_free ( ps );
return LDAP_SUCCESS;
}
return LDAP_UNAVAILABLE;
}
@ -364,7 +378,6 @@ bdb_do_search( Operation *op, SlapReply *rs, Operation *sop,
AttributeName *attrs;
Filter contextcsnand, contextcsnle, cookief, csnfnot, csnfeq, csnfand, csnfge;
Filter omitcsnf, omitcsnfle;
AttributeAssertion aa_ge, aa_eq, aa_le;
int entry_count = 0;
struct berval *search_context_csn = NULL;
@ -382,19 +395,81 @@ bdb_do_search( Operation *op, SlapReply *rs, Operation *sop,
u_int32_t locker = 0;
DB_LOCK lock;
Operation *ps_list;
int sync_send_present_mode = 1;
int match;
MatchingRule *mr;
const char *text;
int slog_found = 0;
BerVarray syncUUID_set = NULL;
int syncUUID_set_cnt = 0;
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ENTRY, "bdb_back_search\n", 0, 0, 0 );
LDAP_LOG( OPERATION, ENTRY, "bdb_search\n", 0, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE, "=> bdb_back_search\n",
Debug( LDAP_DEBUG_TRACE, "=> bdb_search\n",
0, 0, 0);
#endif
attrs = sop->oq_search.rs_attrs;
if ( !IS_PSEARCH && sop->o_sync_mode & SLAP_SYNC_REFRESH_AND_PERSIST ) {
struct slap_session_entry *sent;
if ( sop->o_sync_state.sid >= 0 ) {
LDAP_LIST_FOREACH( sent, &bdb->bi_session_list, se_link ) {
if ( sent->se_id == sop->o_sync_state.sid ) {
sop->o_sync_slog_size = sent->se_size;
break;
}
}
}
}
/* psearch needs to be registered before refresh begins */
/* psearch and refresh transmission is serialized in send_ldap_ber() */
if ( !IS_PSEARCH && sop->o_sync_mode & SLAP_SYNC_PERSIST ) {
ldap_pvt_thread_mutex_lock( &bdb->bi_pslist_mutex );
LDAP_LIST_INSERT_HEAD( &bdb->bi_psearch_list, sop, o_ps_link );
ldap_pvt_thread_mutex_unlock( &bdb->bi_pslist_mutex );
} else if ( !IS_PSEARCH && sop->o_sync_mode & SLAP_SYNC_REFRESH_AND_PERSIST
&& sop->o_sync_slog_size >= 0 ) {
ldap_pvt_thread_mutex_lock( &bdb->bi_pslist_mutex );
LDAP_LIST_FOREACH( ps_list, &bdb->bi_psearch_list, o_ps_link ) {
if ( ps_list->o_sync_slog_size >= 0 ) {
if ( ps_list->o_sync_state.sid == sop->o_sync_state.sid ) {
slog_found = 1;
break;
}
}
}
if ( slog_found ) {
if ( ps_list->o_sync_slog_omitcsn.bv_len != 0 ) {
mr = slap_schema.si_ad_entryCSN->ad_type->sat_ordering;
if ( sop->o_sync_state.ctxcsn &&
sop->o_sync_state.ctxcsn->bv_val != NULL ) {
value_match( &match, slap_schema.si_ad_entryCSN, mr,
SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
sop->o_sync_state.ctxcsn,
&ps_list->o_sync_slog_omitcsn,
&text );
} else {
match = -1;
}
if ( match >= 0 ) {
sync_send_present_mode = 0;
}
} else {
sync_send_present_mode = 0;
}
} else if ( sop->o_sync_slog_size >= 0 ) {
LDAP_LIST_INSERT_HEAD( &bdb->bi_psearch_list, sop, o_ps_link );
} else {
sop->o_sync_state.sid = -1;
}
ldap_pvt_thread_mutex_unlock( &bdb->bi_pslist_mutex );
}
null_attr.an_desc = NULL;
null_attr.an_oc = NULL;
null_attr.an_name.bv_len = 0;
@ -656,6 +731,14 @@ dn2entry_retry:
goto done;
}
if ( sop->o_sync_mode != SLAP_SYNC_NONE && sop->o_sync_state.ctxcsn &&
sop->o_sync_state.ctxcsn->bv_val &&
ber_bvcmp( &sop->o_sync_state.ctxcsn[0], search_context_csn ) == 0 )
{
bdb_cache_entry_db_unlock( bdb->bi_dbenv, &ctxcsn_lock );
goto nochange;
}
/* select candidates */
if ( sop->oq_search.rs_scope == LDAP_SCOPE_BASE ) {
rs->sr_err = base_candidate( op->o_bd, &base, candidates );
@ -756,8 +839,6 @@ dn2entry_retry:
if ( (sop->o_sync_mode & SLAP_SYNC_REFRESH) || IS_PSEARCH )
{
MatchingRule *mr;
const char *text;
int match;
cookief.f_choice = LDAP_FILTER_AND;
@ -771,7 +852,11 @@ dn2entry_retry:
csnfeq.f_choice = LDAP_FILTER_EQUALITY;
csnfeq.f_ava = &aa_eq;
csnfeq.f_av_desc = slap_schema.si_ad_entryCSN;
csnfeq.f_av_value = sop->o_sync_state;
if ( sop->o_sync_state.ctxcsn != NULL ) {
csnfeq.f_av_value = *sop->o_sync_state.ctxcsn;
} else {
csnfeq.f_av_value = slap_empty_bv;
}
csnfand.f_choice = LDAP_FILTER_AND;
csnfand.f_and = &csnfge;
@ -780,7 +865,11 @@ dn2entry_retry:
csnfge.f_choice = LDAP_FILTER_GE;
csnfge.f_ava = &aa_ge;
csnfge.f_av_desc = slap_schema.si_ad_entryCSN;
csnfge.f_av_value = sop->o_sync_state;
if ( sop->o_sync_state.ctxcsn != NULL ) {
csnfge.f_av_value = *sop->o_sync_state.ctxcsn;
} else {
csnfge.f_av_value = slap_empty_bv;
}
if ( search_context_csn && !IS_PSEARCH ) {
csnfge.f_next = &contextcsnand;
@ -796,21 +885,23 @@ dn2entry_retry:
contextcsnle.f_next = sop->oq_search.rs_filter;
mr = slap_schema.si_ad_entryCSN->ad_type->sat_ordering;
if ( sop->o_sync_state.bv_len != 0 ) {
if ( sop->o_sync_state.ctxcsn &&
sop->o_sync_state.ctxcsn->bv_val != NULL ) {
value_match( &match, slap_schema.si_ad_entryCSN, mr,
SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
&sop->o_sync_state, search_context_csn, &text );
SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
&sop->o_sync_state.ctxcsn[0], search_context_csn,
&text );
} else {
match = -1;
}
no_sync_state_change = !match;
no_sync_state_change = ( match >= 0 );
} else {
csnfge.f_next = sop->oq_search.rs_filter;
}
}
for ( id = bdb_idl_first( candidates, &cursor );
id != NOID;
id != NOID && !no_sync_state_change;
id = bdb_idl_next( candidates, &cursor ) )
{
int scopeok = 0;
@ -818,6 +909,9 @@ dn2entry_retry:
loop_begin:
/* check for abandon */
if ( sop->o_abandon ) {
if ( sop != op ) {
bdb_drop_psearch( sop, sop->o_msgid );
}
rs->sr_err = LDAP_SUCCESS;
goto done;
}
@ -1036,8 +1130,7 @@ id2entry_retry:
} else {
if ( sop->o_sync_mode & SLAP_SYNC_REFRESH ) {
rc_sync = test_filter( sop, rs->sr_entry, &cookief );
rs->sr_err = test_filter( sop,
rs->sr_entry, &contextcsnand );
rs->sr_err = test_filter( sop, rs->sr_entry, &contextcsnand );
if ( rs->sr_err == LDAP_COMPARE_TRUE ) {
if ( rc_sync == LDAP_COMPARE_TRUE ) {
if ( no_sync_state_change ) {
@ -1067,7 +1160,8 @@ id2entry_retry:
if ( rs->sr_err == LDAP_COMPARE_TRUE ) {
/* check size limit */
if ( --sop->oq_search.rs_slimit == -1 ) {
if ( --sop->oq_search.rs_slimit == -1 &&
sop->o_sync_slog_size == -1 ) {
if (!IS_PSEARCH) {
bdb_cache_return_entry_r( bdb->bi_dbenv,
&bdb->bi_cache, e, &lock );
@ -1133,53 +1227,100 @@ id2entry_retry:
} else {
entry_sync_state = LDAP_SYNC_ADD;
}
} else if ( ps_type == LDAP_PSEARCH_BY_SCOPEOUT )
} else if ( ps_type == LDAP_PSEARCH_BY_SCOPEOUT ) {
entry_sync_state = LDAP_SYNC_DELETE;
else {
} else {
rs->sr_err = LDAP_OTHER;
goto done;
}
rs->sr_err = bdb_build_sync_state_ctrl( sop,
rs, e, entry_sync_state, ctrls,
num_ctrls++, 1, search_context_csn );
if ( rs->sr_err != LDAP_SUCCESS ) goto done;
rs->sr_attrs = attrs;
rs->sr_ctrls = ctrls;
result = send_search_entry( sop, rs );
ch_free( ctrls[num_ctrls-1]->ldctl_value.bv_val );
ch_free( ctrls[--num_ctrls] );
ctrls[num_ctrls] = NULL;
rs->sr_ctrls = NULL;
if ( sop->o_sync_slog_size != -1 ) {
if ( entry_sync_state == LDAP_SYNC_DELETE ) {
result = slap_add_session_log( op, sop, e );
} else {
result = 1;
}
} else {
struct berval cookie;
slap_compose_sync_cookie( sop, &cookie,
search_context_csn,
sop->o_sync_state.sid );
rs->sr_err = slap_build_sync_state_ctrl( sop,
rs, e, entry_sync_state, ctrls,
num_ctrls++, 1, &cookie );
if ( rs->sr_err != LDAP_SUCCESS ) goto done;
rs->sr_attrs = attrs;
rs->sr_ctrls = ctrls;
result = send_search_entry( sop, rs );
if ( cookie.bv_val )
ch_free( cookie.bv_val );
sl_free( ctrls[num_ctrls-1]->ldctl_value.bv_val,
sop->o_tmpmemctx );
sl_free( ctrls[--num_ctrls], sop->o_tmpmemctx );
ctrls[num_ctrls] = NULL;
rs->sr_ctrls = NULL;
}
} else if ( ps_type == LDAP_PSEARCH_BY_PREMODIFY ) {
struct psid_entry* psid_e;
psid_e = (struct psid_entry *) calloc (1,
psid_e = (struct psid_entry *) ch_calloc (1,
sizeof(struct psid_entry));
psid_e->ps_op = sop;
LDAP_LIST_INSERT_HEAD( &op->o_pm_list,
psid_e, ps_link );
} else {
printf("Error !\n");
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, RESULTS,
"bdb_search: invalid ps_type (%d) \n",
ps_type, 0, 0);
#else
Debug( LDAP_DEBUG_TRACE,
"bdb_search: invalid ps_type (%d) \n",
ps_type, 0, 0);
#endif
}
} else {
if ( sop->o_sync_mode & SLAP_SYNC_REFRESH ) {
rs->sr_err = bdb_build_sync_state_ctrl( sop,
rs, e, entry_sync_state, ctrls,
num_ctrls++, 0, search_context_csn );
if ( rs->sr_err != LDAP_SUCCESS ) goto done;
rs->sr_ctrls = ctrls;
if ( rc_sync == LDAP_COMPARE_TRUE ) { /* ADD */
rs->sr_err = slap_build_sync_state_ctrl( sop,
rs, e, entry_sync_state, ctrls,
num_ctrls++, 0, NULL );
if ( rs->sr_err != LDAP_SUCCESS ) goto done;
rs->sr_ctrls = ctrls;
rs->sr_attrs = sop->oq_search.rs_attrs;
result = send_search_entry( sop, rs );
sl_free( ctrls[num_ctrls-1]->ldctl_value.bv_val,
sop->o_tmpmemctx );
sl_free( ctrls[--num_ctrls], sop->o_tmpmemctx );
ctrls[num_ctrls] = NULL;
rs->sr_ctrls = NULL;
} else { /* PRESENT */
rs->sr_attrs = &null_attr;
if ( sync_send_present_mode ) {
result = slap_build_syncUUID_set( sop,
&syncUUID_set, e );
if ( result <= 0 ) {
result = -1;
} else {
syncUUID_set_cnt++;
if ( syncUUID_set_cnt == SLAP_SYNCUUID_SET_SIZE ) {
rs->sr_err = LDAP_SUCCESS;
rs->sr_rspoid = LDAP_SYNC_INFO;
rs->sr_ctrls = NULL;
result = slap_send_syncinfo( sop, rs,
LDAP_TAG_SYNC_ID_SET,
NULL, 0, syncUUID_set, 0 );
if ( result != LDAP_SUCCESS )
result = -1;
ber_bvarray_free_x( syncUUID_set,
sop->o_tmpmemctx );
syncUUID_set = NULL;
syncUUID_set_cnt = 0;
}
}
} else {
result = 1;
}
}
result = send_search_entry( sop, rs );
ch_free( ctrls[num_ctrls-1]->ldctl_value.bv_val );
ch_free( ctrls[--num_ctrls] );
ctrls[num_ctrls] = NULL;
rs->sr_ctrls = NULL;
} else {
rs->sr_attrs = sop->oq_search.rs_attrs;
rs->sr_ctrls = NULL;
@ -1230,38 +1371,114 @@ loop_continue:
ldap_pvt_thread_yield();
}
if ( syncUUID_set_cnt > 0 ) {
rs->sr_err = LDAP_SUCCESS;
rs->sr_rspoid = LDAP_SYNC_INFO;
rs->sr_ctrls = NULL;
slap_send_syncinfo( sop, rs, LDAP_TAG_SYNC_ID_SET,
NULL, 0, syncUUID_set, 0 );
ber_bvarray_free_x( syncUUID_set, sop->o_tmpmemctx );
syncUUID_set_cnt = 0;
}
nochange:
if (!IS_PSEARCH) {
if ( sop->o_sync_mode & SLAP_SYNC_REFRESH ) {
rs->sr_err = LDAP_SUCCESS;
rs->sr_rspoid = LDAP_SYNC_INFO;
rs->sr_ctrls = NULL;
bdb_send_ldap_intermediate( sop, rs,
LDAP_SYNC_STATE_MODE_DONE, search_context_csn );
/* If changelog is supported, this is where to process it */
if ( sop->o_sync_mode & SLAP_SYNC_PERSIST ) {
/* refreshAndPersist mode */
bdb_send_ldap_intermediate( sop, rs,
LDAP_SYNC_LOG_MODE_DONE, search_context_csn );
struct berval cookie;
slap_compose_sync_cookie( sop, &cookie,
search_context_csn,
sop->o_sync_state.sid );
if ( sync_send_present_mode ) {
rs->sr_err = LDAP_SUCCESS;
rs->sr_rspoid = LDAP_SYNC_INFO;
rs->sr_ctrls = NULL;
slap_send_syncinfo( sop, rs,
LDAP_TAG_SYNC_REFRESH_PRESENT, &cookie, 1, NULL, 0 );
} else {
if ( !no_sync_state_change ) {
int slog_found = 0;
ldap_pvt_thread_mutex_lock( &bdb->bi_pslist_mutex );
LDAP_LIST_FOREACH( ps_list, &bdb->bi_psearch_list, o_ps_link ) {
if ( ps_list->o_sync_slog_size > 0 ) {
if ( ps_list->o_sync_state.sid == sop->o_sync_state.sid ) {
slog_found = 1;
break;
}
}
}
if ( slog_found ) {
rs->sr_err = LDAP_SUCCESS;
rs->sr_rspoid = NULL;
rs->sr_ctrls = NULL;
slap_send_session_log( op, ps_list, rs );
}
ldap_pvt_thread_mutex_unlock( &bdb->bi_pslist_mutex );
}
rs->sr_err = LDAP_SUCCESS;
rs->sr_rspoid = LDAP_SYNC_INFO;
rs->sr_ctrls = NULL;
slap_send_syncinfo( sop, rs,
LDAP_TAG_SYNC_REFRESH_DELETE, &cookie, 1, NULL, 0 );
}
if ( cookie.bv_val ) {
ch_free( cookie.bv_val );
}
} else {
/* refreshOnly mode */
bdb_build_sync_done_ctrl( sop, rs, ctrls,
num_ctrls++, 1, search_context_csn );
struct berval cookie;
slap_compose_sync_cookie( sop, &cookie,
search_context_csn,
sop->o_sync_state.sid );
if ( sync_send_present_mode ) {
slap_build_sync_done_ctrl( sop, rs, ctrls,
num_ctrls++, 1, &cookie, LDAP_SYNC_REFRESH_PRESENTS );
} else {
if ( !no_sync_state_change ) {
int slog_found = 0;
ldap_pvt_thread_mutex_lock( &bdb->bi_pslist_mutex );
LDAP_LIST_FOREACH( ps_list, &bdb->bi_psearch_list,
o_ps_link ) {
if ( ps_list->o_sync_slog_size > 0 ) {
if ( ps_list->o_sync_state.sid ==
sop->o_sync_state.sid ) {
slog_found = 1;
break;
}
}
}
if ( slog_found ) {
slap_send_session_log( op, ps_list, rs );
}
ldap_pvt_thread_mutex_unlock( &bdb->bi_pslist_mutex );
}
slap_build_sync_done_ctrl( sop, rs, ctrls,
num_ctrls++, 1, &cookie, LDAP_SYNC_REFRESH_DELETES );
}
rs->sr_ctrls = ctrls;
rs->sr_ref = rs->sr_v2ref;
rs->sr_err = (rs->sr_v2ref == NULL) ? LDAP_SUCCESS : LDAP_REFERRAL;
rs->sr_rspoid = NULL;
send_ldap_result( sop, rs );
if ( ctrls[num_ctrls-1]->ldctl_value.bv_val != NULL ) {
ch_free( ctrls[num_ctrls-1]->ldctl_value.bv_val );
sl_free( ctrls[num_ctrls-1]->ldctl_value.bv_val, sop->o_tmpmemctx );
}
ch_free( ctrls[--num_ctrls] );
sl_free( ctrls[--num_ctrls], sop->o_tmpmemctx );
ctrls[num_ctrls] = NULL;
if ( cookie.bv_val )
ch_free( cookie.bv_val );
}
} else {
rs->sr_ctrls = NULL;
rs->sr_ref = rs->sr_v2ref;
rs->sr_err = (rs->sr_v2ref == NULL) ? LDAP_SUCCESS : LDAP_REFERRAL;
rs->sr_rspoid = NULL;
send_ldap_result( sop, rs );
}
}
@ -1562,160 +1779,3 @@ done:
(void) ber_free_buf( ber );
}
#endif
int
bdb_build_sync_state_ctrl(
Operation *op,
SlapReply *rs,
Entry *e,
int entry_sync_state,
LDAPControl **ctrls,
int num_ctrls,
int send_cookie,
struct berval *csn)
{
Attribute* a;
int ret;
int res;
const char *text = NULL;
BerElementBuffer berbuf;
BerElement *ber = (BerElement *)&berbuf;
struct berval entryuuid_bv = { 0, NULL };
ber_init2( ber, 0, LBER_USE_DER );
ctrls[num_ctrls] = ch_malloc ( sizeof ( LDAPControl ) );
for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
AttributeDescription *desc = a->a_desc;
if ( desc == slap_schema.si_ad_entryUUID ) {
ber_dupbv( &entryuuid_bv, &a->a_vals[0] );
}
}
if ( send_cookie && csn ) {
ber_printf( ber, "{eOON}",
entry_sync_state, &entryuuid_bv, csn );
} else {
ber_printf( ber, "{eON}",
entry_sync_state, &entryuuid_bv );
}
ch_free( entryuuid_bv.bv_val );
entryuuid_bv.bv_val = NULL;
ctrls[num_ctrls]->ldctl_oid = LDAP_CONTROL_SYNC_STATE;
ctrls[num_ctrls]->ldctl_iscritical = op->o_sync;
ret = ber_flatten2( ber, &ctrls[num_ctrls]->ldctl_value, 1 );
ber_free_buf( ber );
if ( ret < 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, RESULTS,
"bdb_build_sync_ctrl: ber_flatten2 failed\n",
0, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"bdb_build_sync_ctrl: ber_flatten2 failed\n",
0, 0, 0 );
#endif
send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
return ret;
}
return LDAP_SUCCESS;
}
int
bdb_build_sync_done_ctrl(
Operation *op,
SlapReply *rs,
LDAPControl **ctrls,
int num_ctrls,
int send_cookie,
struct berval *csn )
{
int ret;
BerElementBuffer berbuf;
BerElement *ber = (BerElement *)&berbuf;
ber_init2( ber, NULL, LBER_USE_DER );
ctrls[num_ctrls] = ch_malloc ( sizeof ( LDAPControl ) );
if ( send_cookie && csn ) {
ber_printf( ber, "{ON}", csn );
} else {
ber_printf( ber, "{N}" );
}
ctrls[num_ctrls]->ldctl_oid = LDAP_CONTROL_SYNC_DONE;
ctrls[num_ctrls]->ldctl_iscritical = op->o_sync;
ret = ber_flatten2( ber, &ctrls[num_ctrls]->ldctl_value, 1 );
ber_free_buf( ber );
if ( ret < 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, RESULTS,
"bdb_build_sync_done_ctrl: ber_flatten2 failed\n",
0, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"bdb_build_sync_done_ctrl: ber_flatten2 failed\n",
0, 0, 0 );
#endif
send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
return ret;
}
return LDAP_SUCCESS;
}
int
bdb_send_ldap_intermediate(
Operation *op,
SlapReply *rs,
int state,
struct berval *cookie )
{
BerElementBuffer berbuf;
BerElement *ber = (BerElement *)&berbuf;
struct berval rspdata;
int ret;
ber_init2( ber, NULL, LBER_USE_DER );
if ( cookie == NULL ) {
ber_printf( ber, "{eN}", state );
} else {
ber_printf( ber, "{eON}", state, cookie );
}
ret = ber_flatten2( ber, &rspdata, 0 );
if ( ret < 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, RESULTS,
"bdb_send_ldap_intermediate: ber_flatten2 failed\n",
0, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"bdb_send_ldap_intermediate: ber_flatten2 failed\n",
0, 0, 0 );
#endif
send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
return ret;
}
rs->sr_rspdata = &rspdata;
send_ldap_intermediate( op, rs );
rs->sr_rspdata = NULL;
ber_free_buf( ber );
return LDAP_SUCCESS;
}

2
servers/slapd/back-ldap/init.c
View file

@ -198,7 +198,7 @@ ldap_back_db_destroy(
}
#ifdef ENABLE_REWRITE
if (li->rwmap.rwm_rw) {
rewrite_info_delete( li->rwmap.rwm_rw );
rewrite_info_delete( &li->rwmap.rwm_rw );
}
#else /* !ENABLE_REWRITE */
if (li->rwmap.rwm_suffix_massage) {

7
servers/slapd/back-ldbm/delete.c
View file

@ -60,9 +60,10 @@ ldbm_back_delete(
cache_return_entry_r( &li->li_cache, matched );
} else {
BerVarray deref = op->o_bd->syncinfo ?
op->o_bd->syncinfo->provideruri_bv : default_referral;
rs->sr_ref = referral_rewrite( deref, NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
BerVarray deref = op->o_bd->be_syncinfo ?
op->o_bd->be_syncinfo->si_provideruri_bv : default_referral;
rs->sr_ref = referral_rewrite( deref, NULL, &op->o_req_dn,
LDAP_SCOPE_DEFAULT );
}
ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);

7
servers/slapd/back-ldbm/modify.c
View file

@ -324,9 +324,10 @@ ldbm_back_modify(
: NULL;
cache_return_entry_r( &li->li_cache, matched );
} else {
BerVarray deref = op->o_bd->syncinfo ?
op->o_bd->syncinfo->provideruri_bv : default_referral;
rs->sr_ref = referral_rewrite( deref, NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
BerVarray deref = op->o_bd->be_syncinfo ?
op->o_bd->be_syncinfo->si_provideruri_bv : default_referral;
rs->sr_ref = referral_rewrite( deref, NULL, &op->o_req_dn,
LDAP_SCOPE_DEFAULT );
}
ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);

7
servers/slapd/back-ldbm/modrdn.c
View file

@ -92,9 +92,10 @@ ldbm_back_modrdn(
: NULL;
cache_return_entry_r( &li->li_cache, matched );
} else {
BerVarray deref = op->o_bd->syncinfo ?
op->o_bd->syncinfo->provideruri_bv : default_referral;
rs->sr_ref = referral_rewrite( deref, NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
BerVarray deref = op->o_bd->be_syncinfo ?
op->o_bd->be_syncinfo->si_provideruri_bv : default_referral;
rs->sr_ref = referral_rewrite( deref, NULL, &op->o_req_dn,
LDAP_SCOPE_DEFAULT );
}
ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);

16
servers/slapd/back-meta/cache-merge.c
View file

@ -120,7 +120,14 @@ merge_entry(
sreply.sr_nentries = 0;
e = ( Entry * ) ch_calloc( 1, sizeof( Entry ));
dnPrettyNormal(0, &rs->sr_entry->e_name, &e->e_name, &e->e_nname, op->o_tmpmemctx);
dnPrettyNormal(0, &rs->sr_entry->e_name, &op_tmp.o_req_dn, &op_tmp.o_req_ndn, op->o_tmpmemctx);
ber_dupbv( &e->e_name, &op_tmp.o_req_dn );
ber_dupbv( &e->e_nname, &op_tmp.o_req_ndn );
sl_free( op_tmp.o_req_ndn.bv_val, op->o_tmpmemctx );
sl_free( op_tmp.o_req_dn.bv_val, op->o_tmpmemctx );
op_tmp.o_req_dn = e->e_name;
op_tmp.o_req_ndn = e->e_nname;
e->e_private = NULL;
e->e_attrs = NULL;
@ -163,8 +170,6 @@ merge_entry(
op_tmp.o_do_not_cache = 1;
op_tmp.ora_e = e;
op_tmp.o_req_dn = e->e_name;
op_tmp.o_req_ndn = e->e_nname;
rc = op->o_bd->be_add( &op_tmp, &sreply );
if ( rc != LDAP_SUCCESS ) {
@ -178,8 +183,7 @@ merge_entry(
result->rc = info.added;
} else if ( rc == LDAP_REFERRAL ||
rc == LDAP_NO_SUCH_OBJECT ) {
slap_entry2mods( e, &modlist, &text );
syncrepl_add_glue( NULL, NULL, &op_tmp, e, modlist, 0, NULL, NULL );
syncrepl_add_glue( &op_tmp, e );
result->rc = info.added;
} else {
result->rc = 0;
@ -256,7 +260,7 @@ normalize_values( Attribute* attr )
{
for ( i = 0; i < nvals; i++ ) {
rc = attr->a_desc->ad_type->sat_equality->smr_normalize(
0,
SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
attr->a_desc->ad_type->sat_syntax,
attr->a_desc->ad_type->sat_equality,
&attr->a_vals[i], &attr->a_nvals[i], NULL );

2
servers/slapd/back-meta/cache-search.c
View file

@ -849,7 +849,7 @@ meta_create_entry (
struct berval *bv, bdn;
const char *text;
char* ename = NULL;
struct berval sc;
struct berval sc = { 0, NULL };
char* textbuf;
size_t textlen;

18
servers/slapd/back-meta/cache.h
View file

@ -1,24 +1,18 @@
/* Copyright (c) 2003 by International Business Machines, Inc.
*
* International Business Machines, Inc. (hereinafter called IBM) grants
* permission under its copyrights to use, copy, modify, and distribute
this
* Software with or without fee, provided that the above copyright notice
and
* all paragraphs of this notice appear in all copies, and that the name
of IBM
* not be used in connection with the marketing of any product
incorporating
* permission under its copyrights to use, copy, modify, and distribute this
* Software with or without fee, provided that the above copyright notice and
* all paragraphs of this notice appear in all copies, and that the name of IBM
* not be used in connection with the marketing of any product incorporating
* the Software or modifications thereof, without specific, written prior
* permission.
*
* THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES,
* INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
* PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL,
* DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER
ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE,
EVEN
* DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN
* IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES.
*/

6
servers/slapd/back-meta/init.c
View file

@ -147,13 +147,13 @@ meta_back_db_init(
cm = (cache_manager *)ch_malloc(sizeof(cache_manager));
if ( cm == NULL ) {
rewrite_info_delete( rwinfo );
rewrite_info_delete( &rwinfo );
return -1;
}
qm = (query_manager*)ch_malloc(sizeof(query_manager));
if ( qm == NULL ) {
rewrite_info_delete( rwinfo );
rewrite_info_delete( &rwinfo );
ch_free( cm );
return -1;
}
@ -259,7 +259,7 @@ target_free(
free( lt->pseudorootpw.bv_val );
}
if ( lt->rwmap.rwm_rw ) {
rewrite_info_delete( lt->rwmap.rwm_rw );
rewrite_info_delete( &lt->rwmap.rwm_rw );
}
avl_free( lt->rwmap.rwm_oc.remap, NULL );
avl_free( lt->rwmap.rwm_oc.map, mapping_free );

2
servers/slapd/back-monitor/log.c
View file

@ -122,7 +122,7 @@ monitor_subsys_log_init(
int rc;
rc = (*mi->mi_ad_managedInfo->ad_type->sat_equality->smr_normalize)(
0,
SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
mi->mi_ad_managedInfo->ad_type->sat_syntax,
mi->mi_ad_managedInfo->ad_type->sat_equality,
&int_2_level[ i ].s,

76
servers/slapd/backend.c
View file

@ -244,8 +244,6 @@ int backend_startup(Backend *be)
int i;
int rc = 0;
init_syncrepl();
if( ! ( nBackendDB > 0 ) ) {
/* no databases */
#ifdef NEW_LOGGING
@ -336,10 +334,12 @@ int backend_startup(Backend *be)
/* open each backend database */
for( i = 0; i < nBackendDB; i++ ) {
#ifndef SLAPD_MULTIMASTER
if ( backendDB[i].be_update_ndn.bv_val && (
!backendDB[i].be_update_refs &&
!backendDB[i].syncinfo &&
!default_referral ) ) {
!backendDB[i].be_syncinfo &&
!default_referral ) )
{
#ifdef NEW_LOGGING
LDAP_LOG( BACKEND, CRIT,
"backend_startup: slave \"%s\" updateref missing\n",
@ -352,6 +352,7 @@ int backend_startup(Backend *be)
#endif
return -1;
}
#endif
/* append global access controls */
acl_append( &backendDB[i].be_acl, global_acl );
@ -374,12 +375,13 @@ int backend_startup(Backend *be)
}
}
if ( backendDB[i].syncinfo != NULL ) {
syncinfo_t *si = ( syncinfo_t * ) backendDB[i].syncinfo;
si->be = &backendDB[i];
if ( backendDB[i].be_syncinfo != NULL ) {
syncinfo_t *si = ( syncinfo_t * ) backendDB[i].be_syncinfo;
si->si_be = &backendDB[i];
init_syncrepl(si);
ldap_pvt_thread_mutex_lock( &syncrepl_rq.rq_mutex );
ldap_pvt_runqueue_insert( &syncrepl_rq, si->interval,
do_syncrepl, (void *) backendDB[i].syncinfo );
ldap_pvt_runqueue_insert( &syncrepl_rq, si->si_interval,
do_syncrepl, (void *) backendDB[i].be_syncinfo );
ldap_pvt_thread_mutex_unlock( &syncrepl_rq.rq_mutex );
}
}
@ -550,7 +552,7 @@ backend_db_init(
ldap_pvt_thread_mutex_init( &be->be_pcl_mutex );
ldap_pvt_thread_mutex_init( &be->be_context_csn_mutex );
be->syncinfo = NULL;
be->be_syncinfo = NULL;
/* assign a default depth limit for alias deref */
be->be_max_deref_depth = SLAPD_DEFAULT_MAXDEREFDEPTH;
@ -743,31 +745,29 @@ int
backend_unbind( Operation *op, SlapReply *rs )
{
int i;
#if defined( LDAP_SLAPI )
Slapi_PBlock *pb = op->o_pb;
int rc;
slapi_x_pblock_set_operation( pb, op );
#endif /* defined( LDAP_SLAPI ) */
for ( i = 0; i < nbackends; i++ ) {
#if defined( LDAP_SLAPI )
slapi_pblock_set( pb, SLAPI_BACKEND, (void *)&backends[i] );
rc = doPluginFNs( &backends[i], SLAPI_PLUGIN_PRE_UNBIND_FN,
(Slapi_PBlock *)pb );
if ( rc < 0 ) {
/*
* A preoperation plugin failure will abort the
* entire operation.
*/
if ( op->o_pb ) {
int rc;
if ( i == 0 ) slapi_x_pblock_set_operation( op->o_pb, op );
slapi_pblock_set( op->o_pb, SLAPI_BACKEND, (void *)&backends[i] );
rc = doPluginFNs( &backends[i], SLAPI_PLUGIN_PRE_UNBIND_FN,
(Slapi_PBlock *)op->o_pb );
if ( rc < 0 ) {
/*
* A preoperation plugin failure will abort the
* entire operation.
*/
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO, "do_bind: Unbind preoperation plugin "
"failed\n", 0, 0, 0);
LDAP_LOG( OPERATION, INFO, "do_bind: Unbind preoperation plugin "
"failed\n", 0, 0, 0);
#else
Debug(LDAP_DEBUG_TRACE, "do_bind: Unbind preoperation plugin "
"failed.\n", 0, 0, 0);
Debug(LDAP_DEBUG_TRACE, "do_bind: Unbind preoperation plugin "
"failed.\n", 0, 0, 0);
#endif
return 0;
return 0;
}
}
#endif /* defined( LDAP_SLAPI ) */
@ -777,8 +777,8 @@ backend_unbind( Operation *op, SlapReply *rs )
}
#if defined( LDAP_SLAPI )
if ( doPluginFNs( &backends[i], SLAPI_PLUGIN_POST_UNBIND_FN,
(Slapi_PBlock *)pb ) < 0 ) {
if ( op->o_pb && doPluginFNs( &backends[i], SLAPI_PLUGIN_POST_UNBIND_FN,
(Slapi_PBlock *)op->o_pb ) < 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO, "do_unbind: Unbind postoperation plugins "
"failed\n", 0, 0, 0);
@ -1176,9 +1176,7 @@ backend_group(
op->o_bd = select_backend( gr_ndn, 0, 0 );
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
for (g = op->o_conn->c_groups; g; g=g->ga_next) {
for (g = op->o_groups; g; g=g->ga_next) {
if (g->ga_be != op->o_bd || g->ga_oc != group_oc ||
g->ga_at != group_at || g->ga_len != gr_ndn->bv_len)
continue;
@ -1186,8 +1184,6 @@ backend_group(
break;
}
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
if (g) {
rc = g->ga_res;
goto done;
@ -1283,17 +1279,15 @@ backend_group(
}
if ( op->o_tag != LDAP_REQ_BIND && !op->o_do_not_cache ) {
g = ch_malloc(sizeof(GroupAssertion) + gr_ndn->bv_len);
g = sl_malloc(sizeof(GroupAssertion) + gr_ndn->bv_len, op->o_tmpmemctx);
g->ga_be = op->o_bd;
g->ga_oc = group_oc;
g->ga_at = group_at;
g->ga_res = rc;
g->ga_len = gr_ndn->bv_len;
strcpy(g->ga_ndn, gr_ndn->bv_val);
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
g->ga_next = op->o_conn->c_groups;
op->o_conn->c_groups = g;
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
g->ga_next = op->o_groups;
op->o_groups = g;
}
done:
op->o_bd = be;

159
servers/slapd/bind.c
View file

@ -45,11 +45,6 @@ do_bind(
ber_tag_t tag;
Backend *be = NULL;
#ifdef LDAP_SLAPI
Slapi_PBlock *pb = op->o_pb;
int rc;
#endif
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ENTRY, "do_bind: conn %d\n", op->o_connid, 0, 0 );
#else
@ -357,6 +352,7 @@ do_bind(
}
#ifdef LDAP_SLAPI
#define pb op->o_pb
/*
* Normally post-operation plugins are called only after the
* backend operation. Because the front-end performs SASL
@ -364,12 +360,14 @@ do_bind(
* exception to call the post-operation plugins after a
* SASL bind.
*/
slapi_x_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void *)dn.bv_val );
slapi_pblock_set( pb, SLAPI_BIND_METHOD, (void *)method );
slapi_pblock_set( pb, SLAPI_BIND_CREDENTIALS, (void *)&op->orb_cred );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)(0) );
(void) doPluginFNs( op->o_bd, SLAPI_PLUGIN_POST_BIND_FN, pb );
if ( pb ) {
slapi_x_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void *)dn.bv_val );
slapi_pblock_set( pb, SLAPI_BIND_METHOD, (void *)method );
slapi_pblock_set( pb, SLAPI_BIND_CREDENTIALS, (void *)&op->orb_cred );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)(0) );
(void) doPluginFNs( op->o_bd, SLAPI_PLUGIN_POST_BIND_FN, pb );
}
#endif /* LDAP_SLAPI */
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
@ -522,84 +520,87 @@ do_bind(
}
#if defined( LDAP_SLAPI )
slapi_x_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void *)dn.bv_val );
slapi_pblock_set( pb, SLAPI_BIND_METHOD, (void *)method );
slapi_pblock_set( pb, SLAPI_BIND_CREDENTIALS, (void *)&op->orb_cred );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)(0) );
slapi_pblock_set( pb, SLAPI_CONN_DN, (void *)(0) );
if ( pb ) {
int rc;
slapi_x_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void *)dn.bv_val );
slapi_pblock_set( pb, SLAPI_BIND_METHOD, (void *)method );
slapi_pblock_set( pb, SLAPI_BIND_CREDENTIALS, (void *)&op->orb_cred );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)(0) );
slapi_pblock_set( pb, SLAPI_CONN_DN, (void *)(0) );
rc = doPluginFNs( op->o_bd, SLAPI_PLUGIN_PRE_BIND_FN, pb );
rc = doPluginFNs( op->o_bd, SLAPI_PLUGIN_PRE_BIND_FN, pb );
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
"do_bind: Bind preoperation plugin returned %d\n",
rs->sr_err, 0, 0);
LDAP_LOG( OPERATION, INFO,
"do_bind: Bind preoperation plugin returned %d\n",
rs->sr_err, 0, 0);
#else
Debug(LDAP_DEBUG_TRACE,
"do_bind: Bind preoperation plugin returned %d.\n",
rs->sr_err, 0, 0);
Debug(LDAP_DEBUG_TRACE,
"do_bind: Bind preoperation plugin returned %d.\n",
rs->sr_err, 0, 0);
#endif
switch ( rc ) {
case SLAPI_BIND_SUCCESS:
/* Continue with backend processing */
break;
case SLAPI_BIND_FAIL:
/* Failure, server sends result */
rs->sr_err = LDAP_INVALID_CREDENTIALS;
send_ldap_result( op, rs );
goto cleanup;
break;
case SLAPI_BIND_ANONYMOUS:
/* SLAPI_BIND_ANONYMOUS is undocumented XXX */
default:
/* Authoritative, plugin sent result, or no plugins called. */
if ( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE,
(void *)&rs->sr_err) != 0 )
{
rs->sr_err = LDAP_OTHER;
}
switch ( rc ) {
case SLAPI_BIND_SUCCESS:
/* Continue with backend processing */
break;
case SLAPI_BIND_FAIL:
/* Failure, server sends result */
rs->sr_err = LDAP_INVALID_CREDENTIALS;
send_ldap_result( op, rs );
goto cleanup;
break;
case SLAPI_BIND_ANONYMOUS:
/* SLAPI_BIND_ANONYMOUS is undocumented XXX */
default:
/* Authoritative, plugin sent result, or no plugins called. */
if ( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE,
(void *)&rs->sr_err) != 0 )
{
rs->sr_err = LDAP_OTHER;
}
op->orb_edn.bv_val = NULL;
op->orb_edn.bv_len = 0;
op->orb_edn.bv_val = NULL;
op->orb_edn.bv_len = 0;
if ( rs->sr_err == LDAP_SUCCESS ) {
slapi_pblock_get( pb, SLAPI_CONN_DN, (void *)&op->orb_edn.bv_val );
if ( op->orb_edn.bv_val == NULL ) {
if ( rc == 1 ) {
/* No plugins were called; continue. */
break;
if ( rs->sr_err == LDAP_SUCCESS ) {
slapi_pblock_get( pb, SLAPI_CONN_DN, (void *)&op->orb_edn.bv_val );
if ( op->orb_edn.bv_val == NULL ) {
if ( rc == 1 ) {
/* No plugins were called; continue. */
break;
}
} else {
op->orb_edn.bv_len = strlen( op->orb_edn.bv_val );
}
} else {
op->orb_edn.bv_len = strlen( op->orb_edn.bv_val );
rs->sr_err = dnPrettyNormal( NULL, &op->orb_edn,
&op->o_req_dn, &op->o_req_ndn, op->o_tmpmemctx );
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
ber_dupbv(&op->o_conn->c_dn, &op->o_req_dn);
ber_dupbv(&op->o_conn->c_ndn, &op->o_req_ndn);
op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
op->o_req_dn.bv_val = NULL;
op->o_req_dn.bv_len = 0;
op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
op->o_req_ndn.bv_val = NULL;
op->o_req_ndn.bv_len = 0;
if ( op->o_conn->c_dn.bv_len != 0 ) {
ber_len_t max = sockbuf_max_incoming_auth;
ber_sockbuf_ctrl( op->o_conn->c_sb,
LBER_SB_OPT_SET_MAX_INCOMING, &max );
}
/* log authorization identity */
Statslog( LDAP_DEBUG_STATS,
"conn=%lu op=%lu BIND dn=\"%s\" mech=simple (SLAPI) ssf=0\n",
op->o_connid, op->o_opid,
op->o_conn->c_dn.bv_val ? op->o_conn->c_dn.bv_val : "<empty>",
0, 0 );
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
}
rs->sr_err = dnPrettyNormal( NULL, &op->orb_edn,
&op->o_req_dn, &op->o_req_ndn, op->o_tmpmemctx );
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
ber_dupbv(&op->o_conn->c_dn, &op->o_req_dn);
ber_dupbv(&op->o_conn->c_ndn, &op->o_req_ndn);
op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
op->o_req_dn.bv_val = NULL;
op->o_req_dn.bv_len = 0;
op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
op->o_req_ndn.bv_val = NULL;
op->o_req_ndn.bv_len = 0;
if ( op->o_conn->c_dn.bv_len != 0 ) {
ber_len_t max = sockbuf_max_incoming_auth;
ber_sockbuf_ctrl( op->o_conn->c_sb,
LBER_SB_OPT_SET_MAX_INCOMING, &max );
}
/* log authorization identity */
Statslog( LDAP_DEBUG_STATS,
"conn=%lu op=%lu BIND dn=\"%s\" mech=simple (SLAPI) ssf=0\n",
op->o_connid, op->o_opid,
op->o_conn->c_dn.bv_val ? op->o_conn->c_dn.bv_val : "<empty>",
0, 0 );
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
goto cleanup;
break;
}
goto cleanup;
break;
}
#endif /* defined( LDAP_SLAPI ) */
@ -660,7 +661,7 @@ do_bind(
}
#if defined( LDAP_SLAPI )
if ( doPluginFNs( op->o_bd, SLAPI_PLUGIN_POST_BIND_FN, pb ) < 0 ) {
if ( pb && doPluginFNs( op->o_bd, SLAPI_PLUGIN_POST_BIND_FN, pb ) < 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
"do_bind: Bind postoperation plugins failed\n",

47
servers/slapd/compare.c
View file

@ -45,10 +45,6 @@ do_compare(
AttributeAssertion ava = { NULL, { 0, NULL } };
int manageDSAit;
#ifdef LDAP_SLAPI
Slapi_PBlock *pb = op->o_pb;
#endif
ava.aa_desc = NULL;
#ifdef NEW_LOGGING
@ -254,30 +250,33 @@ do_compare(
ava.aa_desc->ad_cname.bv_val, 0 );
#if defined( LDAP_SLAPI )
slapi_x_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_COMPARE_TARGET, (void *)dn.bv_val );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit );
slapi_pblock_set( pb, SLAPI_COMPARE_TYPE, (void *)desc.bv_val );
slapi_pblock_set( pb, SLAPI_COMPARE_VALUE, (void *)&value );
#define pb op->o_pb
if ( pb ) {
slapi_x_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_COMPARE_TARGET, (void *)dn.bv_val );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit );
slapi_pblock_set( pb, SLAPI_COMPARE_TYPE, (void *)desc.bv_val );
slapi_pblock_set( pb, SLAPI_COMPARE_VALUE, (void *)&value );
rs->sr_err = doPluginFNs( op->o_bd, SLAPI_PLUGIN_PRE_COMPARE_FN, pb );
if ( rs->sr_err < 0 ) {
/*
* A preoperation plugin failure will abort the
* entire operation.
*/
rs->sr_err = doPluginFNs( op->o_bd, SLAPI_PLUGIN_PRE_COMPARE_FN, pb );
if ( rs->sr_err < 0 ) {
/*
* A preoperation plugin failure will abort the
* entire operation.
*/
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO, "do_compare: compare preoperation plugin "
"failed\n", 0, 0, 0);
LDAP_LOG( OPERATION, INFO, "do_compare: compare preoperation plugin "
"failed\n", 0, 0, 0);
#else
Debug(LDAP_DEBUG_TRACE, "do_compare: compare preoperation plugin "
"failed.\n", 0, 0, 0);
Debug(LDAP_DEBUG_TRACE, "do_compare: compare preoperation plugin "
"failed.\n", 0, 0, 0);
#endif
if ( ( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE, (void *)&rs->sr_err ) != 0 ) ||
rs->sr_err == LDAP_SUCCESS ) {
rs->sr_err = LDAP_OTHER;
if ( ( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE, (void *)&rs->sr_err ) != 0 ) ||
rs->sr_err == LDAP_SUCCESS ) {
rs->sr_err = LDAP_OTHER;
}
goto cleanup;
}
goto cleanup;
}
#endif /* defined( LDAP_SLAPI ) */
@ -290,7 +289,7 @@ do_compare(
}
#if defined( LDAP_SLAPI )
if ( doPluginFNs( op->o_bd, SLAPI_PLUGIN_POST_COMPARE_FN, pb ) < 0 ) {
if ( pb && doPluginFNs( op->o_bd, SLAPI_PLUGIN_POST_COMPARE_FN, pb ) < 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO, "do_compare: compare postoperation plugins "
"failed\n", 0, 0, 0 );

281
servers/slapd/config.c
View file

@ -73,6 +73,10 @@ char *strtok_quote_ptr;
int use_reverse_lookup = 0;
#ifdef LDAP_SLAPI
int slapi_plugins_used = 0;
#endif
static char *fp_getline(FILE *fp, int *lineno);
static void fp_getline_init(int *lineno);
static int fp_parse_line(int lineno, char *line);
@ -1639,13 +1643,11 @@ read_config( const char *fname, int depth )
#endif
}
#ifdef SLAP_EXTENDED_SCHEMA
} else if ( strcasecmp( cargv[0], "ditcontentrule" ) == 0 ) {
char * p;
p = strchr(saveline,'(' /*')'*/);
rc = parse_cr( fname, lineno, p, cargv );
if( rc ) return rc;
#endif
/* specify an attribute type */
} else if (( strcasecmp( cargv[0], "attributetype" ) == 0 )
@ -1937,7 +1939,7 @@ read_config( const char *fname, int depth )
}
}
/* dn of master entity allowed to write to replica */
/* dn of slave entity allowed to write to replica */
} else if ( strcasecmp( cargv[0], "updatedn" ) == 0 ) {
if ( cargc < 2 ) {
#ifdef NEW_LOGGING
@ -2406,6 +2408,7 @@ read_config( const char *fname, int depth )
!= LDAP_SUCCESS ) {
return( 1 );
}
slapi_plugins_used++;
#else /* !defined( LDAP_SLAPI ) */
#ifdef NEW_LOGGING
@ -2753,7 +2756,7 @@ add_syncrepl(
{
syncinfo_t *si;
if ( be->syncinfo ) {
if ( be->be_syncinfo ) {
#ifdef NEW_LOGGING
LDAP_LOG( CONFIG, INFO,
"add_syncrepl: multiple syncrepl lines in a database "
@ -2766,7 +2769,7 @@ add_syncrepl(
return 1;
}
si = be->syncinfo = (syncinfo_t *) ch_calloc( 1, sizeof( syncinfo_t ) );
si = be->be_syncinfo = (syncinfo_t *) ch_calloc( 1, sizeof( syncinfo_t ) );
if ( si == NULL ) {
#ifdef NEW_LOGGING
@ -2777,30 +2780,32 @@ add_syncrepl(
return 1;
}
si->tls = TLS_OFF;
if ( be->be_rootndn.bv_val )
ber_dupbv( &si->updatedn, &be->be_rootndn );
si->bindmethod = LDAP_AUTH_SIMPLE;
si->schemachecking = 0;
si->filterstr = "(objectclass=*)";
if ( be->be_suffix && be->be_suffix[0].bv_val )
si->base = ch_strdup( be->be_suffix[0].bv_val );
si->scope = LDAP_SCOPE_SUBTREE;
si->attrsonly = 0;
si->attrs = (char **) ch_calloc( 1, sizeof( char * ));
si->attrs[0] = NULL;
si->type = LDAP_SYNC_REFRESH_ONLY;
si->interval = 86400;
si->syncCookie = NULL;
si->manageDSAit = 0;
si->tlimit = -1;
si->slimit = -1;
si->syncUUID = NULL;
si->syncUUID_ndn = NULL;
si->sync_mode = LDAP_SYNC_STATE_MODE;
si->si_tls = SYNCINFO_TLS_OFF;
if ( be->be_rootndn.bv_val ) {
ber_dupbv( &si->si_updatedn, &be->be_rootndn );
}
si->si_bindmethod = LDAP_AUTH_SIMPLE;
si->si_schemachecking = 0;
ber_str2bv( "(objectclass=*)", sizeof("(objectclass=*)")-1, 0,
&si->si_filterstr );
si->si_base.bv_val = NULL;
si->si_scope = LDAP_SCOPE_SUBTREE;
si->si_attrsonly = 0;
si->si_attrs = (char **) ch_calloc( 1, sizeof( char * ));
si->si_attrs[0] = NULL;
si->si_type = LDAP_SYNC_REFRESH_ONLY;
si->si_interval = 86400;
si->si_syncCookie.ctxcsn = NULL;
si->si_syncCookie.octet_str = NULL;
si->si_syncCookie.sid = -1;
si->si_manageDSAit = 0;
si->si_tlimit = -1;
si->si_slimit = -1;
si->si_syncUUID_ndn.bv_val = NULL;
si->si_syncUUID_ndn.bv_len = 0;
si->presentlist = NULL;
LDAP_LIST_INIT( &si->nonpresentlist );
si->si_presentlist = NULL;
LDAP_LIST_INIT( &si->si_nonpresentlist );
if ( parse_syncrepl_line( cargv, cargc, si ) < 0 ) {
/* Something bad happened - back out */
@ -2810,22 +2815,22 @@ add_syncrepl(
Debug( LDAP_DEBUG_ANY, "failed to add syncinfo\n", 0, 0, 0 );
#endif
free( si );
be->syncinfo = NULL;
be->be_syncinfo = NULL;
return 1;
} else {
#ifdef NEW_LOGGING
LDAP_LOG ( CONFIG, RESULTS,
"add_syncrepl: Config: ** successfully added syncrepl \"%s\"\n",
si->provideruri == NULL ? "(null)" : si->provideruri, 0, 0 );
si->si_provideruri == NULL ? "(null)" : si->si_provideruri, 0, 0 );
#else
Debug( LDAP_DEBUG_CONFIG,
"Config: ** successfully added syncrepl \"%s\"\n",
si->provideruri == NULL ? "(null)" : si->provideruri, 0, 0 );
si->si_provideruri == NULL ? "(null)" : si->si_provideruri, 0, 0 );
#endif
if ( !si->schemachecking ) {
if ( !si->si_schemachecking ) {
be->be_flags |= SLAP_BFLAG_NO_SCHEMA_CHECK;
}
si->be = be;
si->si_be = be;
return 0;
}
}
@ -2857,7 +2862,6 @@ add_syncrepl(
#define ATTRSONLYSTR "attrsonly"
#define TYPESTR "type"
#define INTERVALSTR "interval"
#define COOKIESTR "cookie"
#define LASTMODSTR "lastmod"
#define LMREQSTR "req"
#define LMGENSTR "gen"
@ -2885,205 +2889,244 @@ parse_syncrepl_line(
for ( i = 1; i < cargc; i++ ) {
if ( !strncasecmp( cargv[ i ], IDSTR, sizeof( IDSTR ) - 1 )) {
int tmp;
/* '\0' string terminator accounts for '=' */
val = cargv[ i ] + sizeof( IDSTR );
si->id = atoi( val );
if ( si->id >= 1000 ) {
tmp= atoi( val );
if ( tmp >= 1000 || tmp < 0 ) {
fprintf( stderr, "Error: parse_syncrepl_line: "
"syncrepl id %d is out of range [0..999]\n", si->id );
"syncrepl id %d is out of range [0..999]\n", tmp );
return -1;
}
si->si_id = tmp;
gots |= GOT_ID;
} else if ( !strncasecmp( cargv[ i ], PROVIDERSTR,
sizeof( PROVIDERSTR ) - 1 )) {
val = cargv[ i ] + sizeof( PROVIDERSTR );
si->provideruri = ch_strdup( val );
si->provideruri_bv = (BerVarray) ch_calloc( 2, sizeof( struct berval ));
ber_str2bv( si->provideruri, strlen( si->provideruri ), 0, &si->provideruri_bv[0] );
si->provideruri_bv[1].bv_len = 0;
si->provideruri_bv[1].bv_val = NULL;
si->si_provideruri = ch_strdup( val );
si->si_provideruri_bv = (BerVarray)
ch_calloc( 2, sizeof( struct berval ));
ber_str2bv( si->si_provideruri, strlen( si->si_provideruri ),
0, &si->si_provideruri_bv[0] );
si->si_provideruri_bv[1].bv_len = 0;
si->si_provideruri_bv[1].bv_val = NULL;
gots |= GOT_PROVIDER;
} else if ( !strncasecmp( cargv[ i ], STARTTLSSTR,
sizeof(STARTTLSSTR) - 1 ) )
{
val = cargv[ i ] + sizeof( STARTTLSSTR );
if( !strcasecmp( val, CRITICALSTR ) ) {
si->tls = TLS_CRITICAL;
si->si_tls = SYNCINFO_TLS_CRITICAL;
} else {
si->tls = TLS_ON;
si->si_tls = SYNCINFO_TLS_ON;
}
} else if ( !strncasecmp( cargv[ i ],
UPDATEDNSTR, sizeof( UPDATEDNSTR ) - 1 ) ) {
char *str;
UPDATEDNSTR, sizeof( UPDATEDNSTR ) - 1 ) )
{
struct berval updatedn = {0, NULL};
val = cargv[ i ] + sizeof( UPDATEDNSTR );
str = ch_strdup( val );
ber_str2bv( str, strlen(str), 1, &updatedn );
dnNormalize( 0, NULL, NULL, &updatedn, &si->updatedn, NULL );
ch_free( str );
ch_free( updatedn.bv_val );
ber_str2bv( val, 0, 0, &updatedn );
ch_free( si->si_updatedn.bv_val );
dnNormalize( 0, NULL, NULL, &updatedn, &si->si_updatedn, NULL );
} else if ( !strncasecmp( cargv[ i ], BINDMETHSTR,
sizeof( BINDMETHSTR ) - 1 ) ) {
sizeof( BINDMETHSTR ) - 1 ) )
{
val = cargv[ i ] + sizeof( BINDMETHSTR );
if ( !strcasecmp( val, SIMPLESTR )) {
si->bindmethod = LDAP_AUTH_SIMPLE;
si->si_bindmethod = LDAP_AUTH_SIMPLE;
gots |= GOT_METHOD;
} else if ( !strcasecmp( val, SASLSTR )) {
si->bindmethod = LDAP_AUTH_SASL;
#ifdef HAVE_CYRUS_SASL
si->si_bindmethod = LDAP_AUTH_SASL;
gots |= GOT_METHOD;
#else /* HAVE_CYRUS_SASL */
fprintf( stderr, "Error: parse_syncrepl_line: "
"not compiled with SASL support\n" );
return 1;
#endif /* HAVE_CYRUS_SASL */
} else {
si->bindmethod = -1;
si->si_bindmethod = -1;
}
} else if ( !strncasecmp( cargv[ i ],
BINDDNSTR, sizeof( BINDDNSTR ) - 1 ) ) {
val = cargv[ i ] + sizeof( BINDDNSTR );
si->binddn = ch_strdup( val );
si->si_binddn = ch_strdup( val );
} else if ( !strncasecmp( cargv[ i ],
CREDSTR, sizeof( CREDSTR ) - 1 ) ) {
val = cargv[ i ] + sizeof( CREDSTR );
si->passwd = ch_strdup( val );
si->si_passwd = ch_strdup( val );
} else if ( !strncasecmp( cargv[ i ],
SASLMECHSTR, sizeof( SASLMECHSTR ) - 1 ) ) {
val = cargv[ i ] + sizeof( SASLMECHSTR );
si->saslmech = ch_strdup( val );
si->si_saslmech = ch_strdup( val );
} else if ( !strncasecmp( cargv[ i ],
SECPROPSSTR, sizeof( SECPROPSSTR ) - 1 ) ) {
val = cargv[ i ] + sizeof( SECPROPSSTR );
si->secprops = ch_strdup( val );
si->si_secprops = ch_strdup( val );
} else if ( !strncasecmp( cargv[ i ],
REALMSTR, sizeof( REALMSTR ) - 1 ) ) {
val = cargv[ i ] + sizeof( REALMSTR );
si->realm = ch_strdup( val );
si->si_realm = ch_strdup( val );
} else if ( !strncasecmp( cargv[ i ],
AUTHCSTR, sizeof( AUTHCSTR ) - 1 ) ) {
val = cargv[ i ] + sizeof( AUTHCSTR );
si->authcId = ch_strdup( val );
si->si_authcId = ch_strdup( val );
} else if ( !strncasecmp( cargv[ i ],
OLDAUTHCSTR, sizeof( OLDAUTHCSTR ) - 1 ) ) {
/* Old authcID is provided for some backwards compatibility */
val = cargv[ i ] + sizeof( OLDAUTHCSTR );
si->authcId = ch_strdup( val );
si->si_authcId = ch_strdup( val );
} else if ( !strncasecmp( cargv[ i ],
AUTHZSTR, sizeof( AUTHZSTR ) - 1 ) ) {
val = cargv[ i ] + sizeof( AUTHZSTR );
si->authzId = ch_strdup( val );
si->si_authzId = ch_strdup( val );
} else if ( !strncasecmp( cargv[ i ],
SRVTABSTR, sizeof( SRVTABSTR ) - 1 ) ) {
val = cargv[ i ] + sizeof( SRVTABSTR );
if ( si->srvtab != NULL ) {
free( si->srvtab );
}
si->srvtab = ch_strdup( val );
} else if ( !strncasecmp( cargv[ i ],
SCHEMASTR, sizeof( SCHEMASTR ) - 1 ) ) {
SCHEMASTR, sizeof( SCHEMASTR ) - 1 ) )
{
val = cargv[ i ] + sizeof( SCHEMASTR );
if ( !strncasecmp( val, "on", sizeof( "on" ) - 1 )) {
si->schemachecking = 1;
si->si_schemachecking = 1;
} else if ( !strncasecmp( val, "off", sizeof( "off" ) - 1 ) ) {
si->schemachecking = 0;
si->si_schemachecking = 0;
} else {
si->schemachecking = 1;
si->si_schemachecking = 1;
}
} else if ( !strncasecmp( cargv[ i ],
FILTERSTR, sizeof( FILTERSTR ) - 1 ) ) {
FILTERSTR, sizeof( FILTERSTR ) - 1 ) )
{
val = cargv[ i ] + sizeof( FILTERSTR );
si->filterstr = ch_strdup( val );
ber_str2bv( val, 0, 1, &si->si_filterstr );
} else if ( !strncasecmp( cargv[ i ],
SEARCHBASESTR, sizeof( SEARCHBASESTR ) - 1 ) ) {
SEARCHBASESTR, sizeof( SEARCHBASESTR ) - 1 ) )
{
struct berval bv;
val = cargv[ i ] + sizeof( SEARCHBASESTR );
si->base = ch_strdup( val );
if ( si->si_base.bv_val ) {
ch_free( si->si_base.bv_val );
}
ber_str2bv( val, 0, 0, &bv );
if ( dnNormalize( 0, NULL, NULL, &bv, &si->si_base, NULL )) {
fprintf( stderr, "Invalid base DN \"%s\"\n", val );
return 1;
}
} else if ( !strncasecmp( cargv[ i ],
SCOPESTR, sizeof( SCOPESTR ) - 1 ) ) {
SCOPESTR, sizeof( SCOPESTR ) - 1 ) )
{
val = cargv[ i ] + sizeof( SCOPESTR );
if ( !strncasecmp( val, "base", sizeof( "base" ) - 1 )) {
si->scope = LDAP_SCOPE_BASE;
si->si_scope = LDAP_SCOPE_BASE;
} else if ( !strncasecmp( val, "one", sizeof( "one" ) - 1 )) {
si->scope = LDAP_SCOPE_ONELEVEL;
si->si_scope = LDAP_SCOPE_ONELEVEL;
} else if ( !strncasecmp( val, "sub", sizeof( "sub" ) - 1 )) {
si->scope = LDAP_SCOPE_SUBTREE;
si->si_scope = LDAP_SCOPE_SUBTREE;
} else {
fprintf( stderr, "Error: parse_syncrepl_line: "
"unknown scope \"%s\"\n", val);
"unknown scope \"%s\"\n", val);
return 1;
}
} else if ( !strncasecmp( cargv[ i ],
ATTRSONLYSTR, sizeof( ATTRSONLYSTR ) - 1 ) ) {
si->attrsonly = 1;
ATTRSONLYSTR, sizeof( ATTRSONLYSTR ) - 1 ) )
{
si->si_attrsonly = 1;
} else if ( !strncasecmp( cargv[ i ],
ATTRSSTR, sizeof( ATTRSSTR ) - 1 ) ) {
ATTRSSTR, sizeof( ATTRSSTR ) - 1 ) )
{
val = cargv[ i ] + sizeof( ATTRSSTR );
str2clist( &si->attrs, val, "," );
str2clist( &si->si_attrs, val, "," );
} else if ( !strncasecmp( cargv[ i ],
TYPESTR, sizeof( TYPESTR ) - 1 ) ) {
TYPESTR, sizeof( TYPESTR ) - 1 ) )
{
val = cargv[ i ] + sizeof( TYPESTR );
if ( !strncasecmp( val, "refreshOnly", sizeof( "refreshOnly" ) - 1 )) {
si->type = LDAP_SYNC_REFRESH_ONLY;
} else if ( !strncasecmp( val, "refreshAndPersist", sizeof( "refreshAndPersist" ) - 1 )) {
si->type = LDAP_SYNC_REFRESH_AND_PERSIST;
si->interval = 0;
if ( !strncasecmp( val, "refreshOnly", sizeof("refreshOnly")-1 )) {
si->si_type = LDAP_SYNC_REFRESH_ONLY;
} else if ( !strncasecmp( val, "refreshAndPersist",
sizeof("refreshAndPersist")-1 ))
{
si->si_type = LDAP_SYNC_REFRESH_AND_PERSIST;
si->si_interval = 60;
} else {
fprintf( stderr, "Error: parse_syncrepl_line: "
"unknown sync type \"%s\"\n", val);
"unknown sync type \"%s\"\n", val);
return 1;
}
} else if ( !strncasecmp( cargv[ i ],
INTERVALSTR, sizeof( INTERVALSTR ) - 1 ) ) {
INTERVALSTR, sizeof( INTERVALSTR ) - 1 ) )
{
val = cargv[ i ] + sizeof( INTERVALSTR );
if ( si->type == LDAP_SYNC_REFRESH_AND_PERSIST ) {
si->interval = 0;
if ( si->si_type == LDAP_SYNC_REFRESH_AND_PERSIST ) {
si->si_interval = 0;
} else {
char *dstr;
char *hstr;
char *mstr;
char *dstr;
char *sstr;
int dd, hh, mm, ss;
dstr = val;
hstr = strchr( dstr, ':' );
if ( hstr == NULL ) {
fprintf( stderr, "Error: parse_syncrepl_line: "
"invalid interval \"%s\"\n", val );
"invalid interval \"%s\"\n", val );
return 1;
}
*hstr++ = '\0';
mstr = strchr( hstr, ':' );
if ( mstr == NULL ) {
fprintf( stderr, "Error: parse_syncrepl_line: "
"invalid interval \"%s\"\n", val );
"invalid interval \"%s\"\n", val );
return 1;
}
*mstr++ = '\0';
si->interval = (( atoi( dstr ) * 24 + atoi( hstr )) * 60
+ atoi( mstr )) * 60;
sstr = strchr( mstr, ':' );
if ( sstr == NULL ) {
fprintf( stderr, "Error: parse_syncrepl_line: "
"invalid interval \"%s\"\n", val );
return 1;
}
*sstr++ = '\0';
dd = atoi( dstr );
hh = atoi( hstr );
mm = atoi( mstr );
ss = atoi( sstr );
if (( hh > 24 ) || ( hh < 0 ) ||
( mm > 60 ) || ( mm < 0 ) ||
( ss > 60 ) || ( ss < 0 ) || ( dd < 0 )) {
fprintf( stderr, "Error: parse_syncrepl_line: "
"invalid interval \"%s\"\n", val );
return 1;
}
si->si_interval = (( dd * 24 + hh ) * 60 + mm ) * 60 + ss;
}
if ( si->interval < 0 ) {
if ( si->si_interval < 0 ) {
fprintf( stderr, "Error: parse_syncrepl_line: "
"invalid interval \"%ld\"\n",
(long) si->interval);
"invalid interval \"%ld\"\n",
(long) si->si_interval);
return 1;
}
} else if ( !strncasecmp( cargv[ i ],
COOKIESTR, sizeof( COOKIESTR ) - 1 ) ) {
val = cargv[ i ] + sizeof( COOKIESTR );
si->syncCookie = ber_str2bv( val, strlen( val ), 1, NULL );
MANAGEDSAITSTR, sizeof( MANAGEDSAITSTR ) - 1 ) )
{
val = cargv[ i ] + sizeof( MANAGEDSAITSTR );
si->si_manageDSAit = atoi( val );
} else if ( !strncasecmp( cargv[ i ],
MANAGEDSAITSTR, sizeof( MANAGEDSAITSTR ) - 1 ) ) {
val = cargv[ i ] + sizeof( COOKIESTR );
si->manageDSAit = atoi( val );
} else if ( !strncasecmp( cargv[ i ],
SLIMITSTR, sizeof( SLIMITSTR ) - 1 ) ) {
SLIMITSTR, sizeof( SLIMITSTR ) - 1 ) )
{
val = cargv[ i ] + sizeof( SLIMITSTR );
si->slimit = atoi( val );
si->si_slimit = atoi( val );
} else if ( !strncasecmp( cargv[ i ],
TLIMITSTR, sizeof( TLIMITSTR ) - 1 ) ) {
TLIMITSTR, sizeof( TLIMITSTR ) - 1 ) )
{
val = cargv[ i ] + sizeof( TLIMITSTR );
si->tlimit = atoi( val );
si->si_tlimit = atoi( val );
} else {
fprintf( stderr, "Error: parse_syncrepl_line: "
"unknown keyword \"%s\"\n", cargv[ i ] );
"unknown keyword \"%s\"\n", cargv[ i ] );
}
}
if ( gots != GOT_ALL ) {
fprintf( stderr, "Error: Malformed \"syncrepl\" line in slapd config file"
);
fprintf( stderr,
"Error: Malformed \"syncrepl\" line in slapd config file" );
return -1;
}

448
servers/slapd/connection.c
View file

@ -39,16 +39,18 @@ static unsigned long conn_nextid = 0;
#define SLAP_C_ACTIVE 0x02 /* one or more threads */
#define SLAP_C_BINDING 0x03 /* binding */
#define SLAP_C_CLOSING 0x04 /* closing */
#define SLAP_C_CLIENT 0x05 /* outbound client conn */
const char *
connection_state2str( int state )
{
switch( state ) {
case SLAP_C_INVALID: return "!";
case SLAP_C_INACTIVE: return "|";
case SLAP_C_ACTIVE: return "";
case SLAP_C_INVALID: return "!";
case SLAP_C_INACTIVE: return "|";
case SLAP_C_ACTIVE: return "";
case SLAP_C_BINDING: return "B";
case SLAP_C_CLOSING: return "C";
case SLAP_C_CLOSING: return "C";
case SLAP_C_CLIENT: return "L";
}
return "?";
@ -76,7 +78,7 @@ int connections_init(void)
if( connections != NULL) {
#ifdef NEW_LOGGING
LDAP_LOG( CONNECTION, INFO,
"connections_init: already initialized.\n", 0, 0, 0 );
"connections_init: already initialized.\n", 0, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY, "connections_init: already initialized.\n",
0, 0, 0 );
@ -92,8 +94,8 @@ int connections_init(void)
if( connections == NULL ) {
#ifdef NEW_LOGGING
LDAP_LOG( CONNECTION, ERR,
"connections_init: allocation (%d * %ld) of connection "
"array failed\n", dtblsize, (long) sizeof(Connection), 0 );
"connections_init: allocation (%d * %ld) of connection "
"array failed\n", dtblsize, (long) sizeof(Connection), 0 );
#else
Debug( LDAP_DEBUG_ANY,
"connections_init: allocation (%d*%ld) of connection array failed\n",
@ -102,8 +104,8 @@ int connections_init(void)
return -1;
}
assert( connections[0].c_struct_state == SLAP_C_UNINITIALIZED );
assert( connections[dtblsize-1].c_struct_state == SLAP_C_UNINITIALIZED );
assert( connections[0].c_struct_state == SLAP_C_UNINITIALIZED );
assert( connections[dtblsize-1].c_struct_state == SLAP_C_UNINITIALIZED );
/*
* per entry initialization of the Connection array initialization
@ -125,7 +127,7 @@ int connections_destroy(void)
if( connections == NULL) {
#ifdef NEW_LOGGING
LDAP_LOG( CONNECTION, INFO,
"connections_destroy: nothing to destroy.\n", 0, 0, 0 );
"connections_destroy: nothing to destroy.\n", 0, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY, "connections_destroy: nothing to destroy.\n",
0, 0, 0 );
@ -140,7 +142,9 @@ int connections_destroy(void)
ldap_pvt_thread_mutex_destroy( &connections[i].c_write_mutex );
ldap_pvt_thread_cond_destroy( &connections[i].c_write_cv );
#ifdef LDAP_SLAPI
slapi_x_free_object_extensions( SLAPI_X_EXT_CONNECTION, &connections[i] );
if ( slapi_plugins_used ) {
slapi_x_free_object_extensions( SLAPI_X_EXT_CONNECTION, &connections[i] );
}
#endif
}
}
@ -165,6 +169,12 @@ int connections_shutdown(void)
if( connections[i].c_struct_state != SLAP_C_USED ) {
continue;
}
/* give persistent clients a chance to cleanup */
if( connections[i].c_conn_state == SLAP_C_CLIENT ) {
ldap_pvt_thread_pool_submit( &connection_pool,
connections[i].c_clientfunc, connections[i].c_clientarg );
continue;
}
ldap_pvt_thread_mutex_lock( &connections[i].c_mutex );
@ -193,8 +203,10 @@ int connections_timeout_idle(time_t now)
c != NULL;
c = connection_next( c, &connindex ) )
{
/* Don't timeout a slow-running request */
if( c->c_n_ops_executing ) continue;
/* Don't timeout a slow-running request or a persistent
* outbound connection */
if( c->c_n_ops_executing ||
c->c_conn_state == SLAP_C_CLIENT ) continue;
if( difftime( c->c_activitytime+global_idletimeout, now) < 0 ) {
/* close it */
@ -280,7 +292,7 @@ static Connection* connection_get( ber_socket_t s )
#ifdef NEW_LOGGING
LDAP_LOG( CONNECTION, ARGS,
"connection_get: connection %d not used\n", s, 0, 0 );
"connection_get: connection %d not used\n", s, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"connection_get(%d): connection not used\n",
@ -290,6 +302,7 @@ static Connection* connection_get( ber_socket_t s )
ldap_pvt_thread_mutex_unlock( &c->c_mutex );
return NULL;
}
if( c->c_conn_state == SLAP_C_CLIENT ) sd = 0;
#ifdef NEW_LOGGING
LDAP_LOG( CONNECTION, RESULTS,
@ -328,7 +341,7 @@ long connection_init(
Listener *listener,
const char* dnsname,
const char* peername,
int tls_udp_option,
int flags,
slap_ssf_t ssf,
const char *authid )
{
@ -342,17 +355,16 @@ long connection_init(
assert( peername != NULL );
#ifndef HAVE_TLS
assert( tls_udp_option != 1 );
assert( flags != CONN_IS_TLS );
#endif
if( s == AC_SOCKET_INVALID ) {
#ifdef NEW_LOGGING
LDAP_LOG( CONNECTION, INFO,
"connection_init: init of socket %ld invalid.\n", (long)s, 0, 0 );
"connection_init: init of socket %ld invalid.\n", (long)s, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY,
"connection_init(%ld): invalid.\n",
(long) s, 0, 0 );
"connection_init: init of socket %ld invalid.\n", (long)s, 0, 0 );
#endif
return -1;
}
@ -369,48 +381,49 @@ long connection_init(
#else
{
ber_socket_t i;
ber_socket_t i;
c = NULL;
for( i=0; i < dtblsize; i++) {
ber_socket_t sd;
for( i=0; i < dtblsize; i++) {
ber_socket_t sd;
if( connections[i].c_struct_state == SLAP_C_UNINITIALIZED ) {
assert( connections[i].c_sb == 0 );
c = &connections[i];
break;
}
if( connections[i].c_struct_state == SLAP_C_UNINITIALIZED ) {
assert( connections[i].c_sb == 0 );
c = &connections[i];
break;
}
sd = AC_SOCKET_INVALID;
if (connections[i].c_sb != NULL)
ber_sockbuf_ctrl( connections[i].c_sb, LBER_SB_OPT_GET_FD, &sd );
if( connections[i].c_struct_state == SLAP_C_UNUSED ) {
assert( sd == AC_SOCKET_INVALID );
c = &connections[i];
break;
}
if (connections[i].c_sb != NULL) {
ber_sockbuf_ctrl( connections[i].c_sb,
LBER_SB_OPT_GET_FD, &sd );
}
assert( connections[i].c_struct_state == SLAP_C_USED );
assert( connections[i].c_conn_state != SLAP_C_INVALID );
assert( sd != AC_SOCKET_INVALID );
}
if( connections[i].c_struct_state == SLAP_C_UNUSED ) {
assert( sd == AC_SOCKET_INVALID );
c = &connections[i];
break;
}
if( c == NULL ) {
assert( connections[i].c_struct_state == SLAP_C_USED );
assert( connections[i].c_conn_state != SLAP_C_INVALID );
assert( sd != AC_SOCKET_INVALID );
}
if( c == NULL ) {
#ifdef NEW_LOGGING
LDAP_LOG( CONNECTION, INFO,
"connection_init: skt %d connection table full "
"(%d/%d)\n", s, i, dtblsize );
LDAP_LOG( CONNECTION, INFO,
"connection_init(%d): connection table full "
"(%d/%d)\n", s, i, dtblsize );
#else
Debug( LDAP_DEBUG_ANY,
Debug( LDAP_DEBUG_ANY,
"connection_init(%d): connection table full "
"(%d/%d)\n", s, i, dtblsize);
#endif
ldap_pvt_thread_mutex_unlock( &connections_mutex );
return -1;
ldap_pvt_thread_mutex_unlock( &connections_mutex );
return -1;
}
}
}
#endif
assert( c != NULL );
@ -430,7 +443,6 @@ long connection_init(
c->c_dn.bv_len = 0;
c->c_ndn.bv_val = NULL;
c->c_ndn.bv_len = 0;
c->c_groups = NULL;
c->c_listener = NULL;
c->c_peer_domain.bv_val = NULL;
@ -464,24 +476,25 @@ long connection_init(
ldap_pvt_thread_cond_init( &c->c_write_cv );
#ifdef LDAP_SLAPI
slapi_x_create_object_extensions( SLAPI_X_EXT_CONNECTION, c );
if ( slapi_plugins_used ) {
slapi_x_create_object_extensions( SLAPI_X_EXT_CONNECTION, c );
}
#endif
c->c_struct_state = SLAP_C_UNUSED;
}
ldap_pvt_thread_mutex_lock( &c->c_mutex );
ldap_pvt_thread_mutex_lock( &c->c_mutex );
assert( c->c_struct_state == SLAP_C_UNUSED );
assert( c->c_authmech.bv_val == NULL );
assert( c->c_dn.bv_val == NULL );
assert( c->c_ndn.bv_val == NULL );
assert( c->c_groups == NULL );
assert( c->c_listener == NULL );
assert( c->c_peer_domain.bv_val == NULL );
assert( c->c_peer_name.bv_val == NULL );
assert( LDAP_STAILQ_EMPTY(&c->c_ops) );
assert( LDAP_STAILQ_EMPTY(&c->c_pending_ops) );
assert( c->c_struct_state == SLAP_C_UNUSED );
assert( c->c_authmech.bv_val == NULL );
assert( c->c_dn.bv_val == NULL );
assert( c->c_ndn.bv_val == NULL );
assert( c->c_listener == NULL );
assert( c->c_peer_domain.bv_val == NULL );
assert( c->c_peer_name.bv_val == NULL );
assert( LDAP_STAILQ_EMPTY(&c->c_ops) );
assert( LDAP_STAILQ_EMPTY(&c->c_pending_ops) );
assert( c->c_sasl_bind_mech.bv_val == NULL );
assert( c->c_sasl_done == 0 );
assert( c->c_sasl_authctx == NULL );
@ -489,15 +502,26 @@ long connection_init(
assert( c->c_sasl_extra == NULL );
assert( c->c_sasl_bindop == NULL );
assert( c->c_currentber == NULL );
assert( c->c_writewaiter == 0);
c->c_listener = listener;
if ( flags == CONN_IS_CLIENT ) {
c->c_conn_state = SLAP_C_CLIENT;
c->c_struct_state = SLAP_C_USED;
ldap_pvt_thread_mutex_unlock( &c->c_mutex );
ldap_pvt_thread_mutex_unlock( &connections_mutex );
return 0;
}
ber_str2bv( dnsname, 0, 1, &c->c_peer_domain );
ber_str2bv( peername, 0, 1, &c->c_peer_name );
c->c_n_ops_received = 0;
c->c_n_ops_executing = 0;
c->c_n_ops_pending = 0;
c->c_n_ops_completed = 0;
c->c_n_ops_received = 0;
c->c_n_ops_executing = 0;
c->c_n_ops_pending = 0;
c->c_n_ops_completed = 0;
c->c_n_get = 0;
c->c_n_read = 0;
@ -516,7 +540,7 @@ long connection_init(
#ifdef LDAP_CONNECTIONLESS
c->c_is_udp = 0;
if( tls_udp_option == 2 ) {
if( flags == CONN_IS_UDP ) {
c->c_is_udp = 1;
#ifdef LDAP_DEBUG
ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_debug,
@ -547,8 +571,8 @@ long connection_init(
{
#ifdef NEW_LOGGING
LDAP_LOG( CONNECTION, INFO,
"connection_init: conn %lu set nonblocking failed\n",
c->c_connid, 0, 0 );
"connection_init: conn %lu set nonblocking failed\n",
c->c_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY,
"connection_init(%d, %s): set nonblocking failed\n",
@ -556,33 +580,33 @@ long connection_init(
#endif
}
id = c->c_connid = conn_nextid++;
id = c->c_connid = conn_nextid++;
c->c_conn_state = SLAP_C_INACTIVE;
c->c_struct_state = SLAP_C_USED;
c->c_conn_state = SLAP_C_INACTIVE;
c->c_struct_state = SLAP_C_USED;
c->c_ssf = c->c_transport_ssf = ssf;
c->c_tls_ssf = 0;
#ifdef HAVE_TLS
if ( tls_udp_option == 1 ) {
c->c_is_tls = 1;
c->c_needs_tls_accept = 1;
} else {
c->c_is_tls = 0;
c->c_needs_tls_accept = 0;
}
if ( flags == CONN_IS_TLS ) {
c->c_is_tls = 1;
c->c_needs_tls_accept = 1;
} else {
c->c_is_tls = 0;
c->c_needs_tls_accept = 0;
}
#endif
slap_sasl_open( c, 0 );
slap_sasl_external( c, ssf, authid );
ldap_pvt_thread_mutex_unlock( &c->c_mutex );
ldap_pvt_thread_mutex_unlock( &connections_mutex );
ldap_pvt_thread_mutex_unlock( &c->c_mutex );
ldap_pvt_thread_mutex_unlock( &connections_mutex );
backend_connection_init(c);
backend_connection_init(c);
return id;
return id;
}
void connection2anonymous( Connection *c )
@ -613,39 +637,31 @@ void connection2anonymous( Connection *c )
c->c_ndn.bv_len = 0;
c->c_authz_backend = NULL;
{
GroupAssertion *g, *n;
for (g = c->c_groups; g; g=n) {
n = g->ga_next;
free(g);
}
c->c_groups = NULL;
}
}
static void
connection_destroy( Connection *c )
{
/* note: connections_mutex should be locked by caller */
ber_socket_t sd;
unsigned long connid;
ber_socket_t sd;
unsigned long connid;
assert( connections != NULL );
assert( c != NULL );
assert( c->c_struct_state != SLAP_C_UNUSED );
assert( c->c_conn_state != SLAP_C_INVALID );
assert( LDAP_STAILQ_EMPTY(&c->c_ops) );
assert( connections != NULL );
assert( c != NULL );
assert( c->c_struct_state != SLAP_C_UNUSED );
assert( c->c_conn_state != SLAP_C_INVALID );
assert( LDAP_STAILQ_EMPTY(&c->c_ops) );
assert( c->c_writewaiter == 0);
/* only for stats (print -1 as "%lu" may give unexpected results ;) */
connid = c->c_connid;
/* only for stats (print -1 as "%lu" may give unexpected results ;) */
connid = c->c_connid;
backend_connection_destroy(c);
backend_connection_destroy(c);
c->c_protocol = 0;
c->c_connid = -1;
c->c_protocol = 0;
c->c_connid = -1;
c->c_activitytime = c->c_starttime = 0;
c->c_activitytime = c->c_starttime = 0;
connection2anonymous( c );
c->c_listener = NULL;
@ -677,10 +693,10 @@ connection_destroy( Connection *c )
ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_GET_FD, &sd );
if ( sd != AC_SOCKET_INVALID ) {
slapd_remove( sd, 0 );
slapd_remove( sd, 1, 0 );
Statslog( LDAP_DEBUG_STATS,
"conn=%lu fd=%ld closed\n",
"conn=%lu fd=%ld closed\n",
connid, (long) sd, 0, 0, 0 );
}
@ -693,12 +709,14 @@ connection_destroy( Connection *c )
ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max );
}
c->c_conn_state = SLAP_C_INVALID;
c->c_struct_state = SLAP_C_UNUSED;
c->c_conn_state = SLAP_C_INVALID;
c->c_struct_state = SLAP_C_UNUSED;
#ifdef LDAP_SLAPI
/* call destructors, then constructors; avoids unnecessary allocation */
slapi_x_clear_object_extensions( SLAPI_X_EXT_CONNECTION, c );
if ( slapi_plugins_used ) {
slapi_x_clear_object_extensions( SLAPI_X_EXT_CONNECTION, c );
}
#endif
}
@ -750,8 +768,8 @@ void connection_closing( Connection *c )
ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_GET_FD, &sd );
#ifdef NEW_LOGGING
LDAP_LOG( CONNECTION, DETAIL1,
"connection_closing: conn %lu readying socket %d for close.\n",
c->c_connid, sd, 0 );
"connection_closing: conn %lu readying socket %d for close.\n",
c->c_connid, sd, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"connection_closing: readying conn=%lu sd=%d for close\n",
@ -787,8 +805,8 @@ static void connection_close( Connection *c )
if( !LDAP_STAILQ_EMPTY(&c->c_ops) ) {
#ifdef NEW_LOGGING
LDAP_LOG( CONNECTION, DETAIL1,
"connection_close: conn %lu deferring sd %d\n",
c->c_connid, sd, 0 );
"connection_close: conn %lu deferring sd %d\n",
c->c_connid, sd, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"connection_close: deferring conn=%lu sd=%d\n",
@ -799,7 +817,7 @@ static void connection_close( Connection *c )
#ifdef NEW_LOGGING
LDAP_LOG( CONNECTION, RESULTS,
"connection_close: conn %lu sd %d\n", c->c_connid, sd, 0 );
"connection_close: conn %lu sd %d\n", c->c_connid, sd, 0 );
#else
Debug( LDAP_DEBUG_TRACE, "connection_close: conn=%lu sd=%d\n",
c->c_connid, sd, 0 );
@ -912,6 +930,7 @@ connection_operation( void *ctx, void *arg_v )
#endif /* SLAPD_MONITOR */
Connection *conn = op->o_conn;
void *memctx = NULL;
void *memctx_null = NULL;
ber_len_t memsiz;
ldap_pvt_thread_mutex_lock( &num_ops_mutex );
@ -1010,11 +1029,11 @@ connection_operation( void *ctx, void *arg_v )
default:
#ifdef NEW_LOGGING
LDAP_LOG( CONNECTION, INFO,
"connection_operation: conn %lu unknown LDAP request 0x%lx\n",
conn->c_connid, tag, 0 );
"connection_operation: conn %lu unknown LDAP request 0x%lx\n",
conn->c_connid, tag, 0 );
#else
Debug( LDAP_DEBUG_ANY, "unknown LDAP request 0x%lx\n",
tag, 0, 0 );
tag, 0, 0 );
#endif
op->o_tag = LBER_ERROR;
rs.sr_err = LDAP_PROTOCOL_ERROR;
@ -1082,24 +1101,25 @@ operations_error:
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
LDAP_STAILQ_REMOVE( &conn->c_ops, op, slap_op, o_next);
LDAP_STAILQ_NEXT(op, o_next) = NULL;
ber_set_option( op->o_ber, LBER_OPT_BER_MEMCTX, &memctx_null );
if ( op->o_cancel == SLAP_CANCEL_ACK )
goto co_op_free;
if ( ( op->o_sync_mode & SLAP_SYNC_PERSIST ) ) {
if ( op->o_cancel != SLAP_CANCEL_ACK &&
( op->o_sync_mode & SLAP_SYNC_PERSIST ) ) {
sl_mem_detach( ctx, memctx );
goto no_co_op_free;
} else if (( op->o_sync_slog_size != -1 )) {
sl_mem_detach( ctx, memctx );
LDAP_STAILQ_REMOVE( &conn->c_ops, op, slap_op, o_next);
LDAP_STAILQ_NEXT(op, o_next) = NULL;
conn->c_n_ops_executing--;
conn->c_n_ops_completed++;
} else {
LDAP_STAILQ_REMOVE( &conn->c_ops, op, slap_op, o_next);
LDAP_STAILQ_NEXT(op, o_next) = NULL;
slap_op_free( op );
conn->c_n_ops_executing--;
conn->c_n_ops_completed++;
}
co_op_free:
conn->c_n_ops_executing--;
conn->c_n_ops_completed++;
memctx = NULL;
ber_set_option( op->o_ber, LBER_OPT_BER_MEMCTX, &memctx );
slap_op_free( op );
no_co_op_free:
switch( tag ) {
@ -1125,6 +1145,52 @@ no_co_op_free:
return NULL;
}
int connection_client_setup(
ber_socket_t s,
Listener *l,
ldap_pvt_thread_start_t *func,
void *arg )
{
Connection *c;
if ( connection_init( s, l, "", "", CONN_IS_CLIENT, 0, "" ) < 0 ) {
return -1;
}
c = connection_get( s );
c->c_clientfunc = func;
c->c_clientarg = arg;
connection_return( c );
slapd_add_internal( s, 0 );
slapd_set_read( s, 1 );
return 0;
}
void connection_client_enable(
ber_socket_t s
)
{
slapd_set_read( s, 1 );
}
void connection_client_stop(
ber_socket_t s
)
{
Connection *c;
/* get (locked) connection */
c = connection_get( s );
assert( c->c_conn_state == SLAP_C_CLIENT );
c->c_listener = NULL;
c->c_conn_state = SLAP_C_INVALID;
c->c_struct_state = SLAP_C_UNUSED;
connection_return( c );
slapd_remove( s, 0, 1 );
}
int connection_read(ber_socket_t s)
{
int rc = 0;
@ -1146,7 +1212,7 @@ int connection_read(ber_socket_t s)
"connection_read(%ld): no connection!\n",
(long) s, 0, 0 );
#endif
slapd_remove(s, 0);
slapd_remove(s, 1, 0);
ldap_pvt_thread_mutex_unlock( &connections_mutex );
return -1;
@ -1169,10 +1235,19 @@ int connection_read(ber_socket_t s)
return 0;
}
if ( c->c_conn_state == SLAP_C_CLIENT ) {
slapd_clr_read( s, 0 );
ldap_pvt_thread_pool_submit( &connection_pool,
c->c_clientfunc, c->c_clientarg );
connection_return( c );
ldap_pvt_thread_mutex_unlock( &connections_mutex );
return 0;
}
#ifdef NEW_LOGGING
LDAP_LOG( CONNECTION, DETAIL1,
"connection_read: conn %lu checking for input.\n",
c->c_connid, 0, 0 );
"connection_read: conn %lu checking for input.\n",
c->c_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"connection_read(%d): checking for input on id=%lu\n",
@ -1190,8 +1265,8 @@ int connection_read(ber_socket_t s)
#ifdef NEW_LOGGING
LDAP_LOG( CONNECTION, ERR,
"connection_read: conn %lu TLS accept error, error %d\n",
c->c_connid, rc, 0 );
"connection_read: conn %lu TLS accept error, error %d\n",
c->c_connid, rc, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"connection_read(%d): TLS accept error "
@ -1208,10 +1283,10 @@ int connection_read(ber_socket_t s)
FD_ZERO(&rfd);
FD_SET(s, &rfd);
for (rc=1; rc>0;) {
tv.tv_sec = 1;
tv.tv_usec = 0;
rc = select(s+1, &rfd, NULL, NULL, &tv);
if (rc == 1) {
tv.tv_sec = 1;
tv.tv_usec = 0;
rc = select(s+1, &rfd, NULL, NULL, &tv);
if (rc == 1) {
ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_DRAIN, NULL);
}
}
@ -1271,7 +1346,7 @@ int connection_read(ber_socket_t s)
c->c_sasl_layers = 0;
rc = ldap_pvt_sasl_install( c->c_sb, c->c_sasl_sockctx );
rc = ldap_pvt_sasl_install( c->c_sb, c->c_sasl_sockctx );
if( rc != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
@ -1313,7 +1388,7 @@ int connection_read(ber_socket_t s)
if( rc < 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG( CONNECTION, ERR,
"connection_read: conn %lu input error %d, closing.\n",
"connection_read: conn %lu input error %d, closing.\n",
c->c_connid, rc, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
@ -1343,7 +1418,7 @@ int connection_read(ber_socket_t s)
static int
connection_input(
Connection *conn
Connection *conn
)
{
Operation *op;
@ -1362,7 +1437,7 @@ connection_input(
{
#ifdef NEW_LOGGING
LDAP_LOG( CONNECTION, ERR,
"connection_input: conn %lu ber_alloc failed.\n",
"connection_input: conn %lu ber_alloc failed.\n",
conn->c_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
@ -1396,7 +1471,7 @@ connection_input(
#ifdef NEW_LOGGING
LDAP_LOG( CONNECTION, ERR,
"connection_input: conn %lu ber_get_next failed, errno %d (%s).\n",
"connection_input: conn %lu ber_get_next failed, errno %d (%s).\n",
conn->c_connid, err, sock_errstr(err) );
#else
Debug( LDAP_DEBUG_TRACE,
@ -1420,11 +1495,11 @@ connection_input(
/* log, close and send error */
#ifdef NEW_LOGGING
LDAP_LOG( CONNECTION, ERR,
"connection_input: conn %lu ber_get_int returns 0x%lx.\n",
"connection_input: conn %lu ber_get_int returns 0x%lx.\n",
conn->c_connid, tag, 0 );
#else
Debug( LDAP_DEBUG_ANY, "ber_get_int returns 0x%lx\n", tag, 0,
0 );
Debug( LDAP_DEBUG_ANY, "ber_get_int returns 0x%lx\n",
tag, 0, 0 );
#endif
ber_free( ber, 1 );
return -1;
@ -1434,11 +1509,11 @@ connection_input(
/* log, close and send error */
#ifdef NEW_LOGGING
LDAP_LOG( CONNECTION, ERR,
"connection_input: conn %lu ber_peek_tag returns 0x%lx.\n",
conn->c_connid, tag, 0 );
"connection_input: conn %lu ber_peek_tag returns 0x%lx.\n",
conn->c_connid, tag, 0 );
#else
Debug( LDAP_DEBUG_ANY, "ber_peek_tag returns 0x%lx\n", tag, 0,
0 );
Debug( LDAP_DEBUG_ANY, "ber_peek_tag returns 0x%lx\n",
tag, 0, 0 );
#endif
ber_free( ber, 1 );
@ -1453,15 +1528,14 @@ connection_input(
}
if( tag != LDAP_REQ_ABANDON && tag != LDAP_REQ_SEARCH ) {
#ifdef NEW_LOGGING
LDAP_LOG( CONNECTION, ERR,
"connection_input: conn %lu invalid req for UDP 0x%lx.\n",
conn->c_connid, tag, 0 );
LDAP_LOG( CONNECTION, ERR,
"connection_input: conn %lu invalid req for UDP 0x%lx.\n",
conn->c_connid, tag, 0 );
#else
Debug( LDAP_DEBUG_ANY, "invalid req for UDP 0x%lx\n", tag, 0,
0 );
Debug( LDAP_DEBUG_ANY, "invalid req for UDP 0x%lx\n", tag, 0, 0 );
#endif
ber_free( ber, 1 );
return 0;
ber_free( ber, 1 );
return 0;
}
}
#endif
@ -1487,8 +1561,8 @@ connection_input(
#ifdef LDAP_CONNECTIONLESS
if (conn->c_is_udp) {
if ( cdn ) {
ber_str2bv( cdn, 0, 1, &op->o_dn );
op->o_protocol = LDAP_VERSION2;
ber_str2bv( cdn, 0, 1, &op->o_dn );
op->o_protocol = LDAP_VERSION2;
}
op->o_res_ber = ber_alloc_t( LBER_USE_DER );
if (op->o_res_ber == NULL) return 1;
@ -1499,7 +1573,7 @@ connection_input(
if (rc != sizeof(struct sockaddr)) {
#ifdef NEW_LOGGING
LDAP_LOG( CONNECTION, INFO,
"connection_input: conn %lu ber_write failed\n",
"connection_input: conn %lu ber_write failed\n",
conn->c_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY, "ber_write failed\n", 0, 0, 0 );
@ -1512,7 +1586,7 @@ connection_input(
if (rc == -1) {
#ifdef NEW_LOGGING
LDAP_LOG( CONNECTION, INFO,
"connection_input: conn %lu put outer sequence failed\n",
"connection_input: conn %lu put outer sequence failed\n",
conn->c_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY, "ber_write failed\n", 0, 0, 0 );
@ -1539,14 +1613,18 @@ connection_input(
|| conn->c_n_ops_pending
|| conn->c_writewaiter))
{
int max = conn->c_dn.bv_len ? slap_conn_max_pending_auth
: slap_conn_max_pending;
int max = conn->c_dn.bv_len
? slap_conn_max_pending_auth
: slap_conn_max_pending;
#ifdef NEW_LOGGING
LDAP_LOG( CONNECTION, INFO,
"connection_input: conn %lu deferring operation\n",
"connection_input: conn %lu deferring operation\n",
conn->c_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY, "deferring operation\n", 0, 0, 0 );
Debug( LDAP_DEBUG_ANY,
"connection_input: conn=%lu deferring operation\n",
conn->c_connid, 0, 0 );
#endif
conn->c_n_ops_pending++;
LDAP_STAILQ_INSERT_TAIL( &conn->c_pending_ops, op, o_next );
@ -1587,7 +1665,7 @@ connection_resched( Connection *conn )
if( rc ) {
#ifdef NEW_LOGGING
LDAP_LOG( CONNECTION, DETAIL1,
"connection_resched: conn %lu reaquiring locks.\n",
"connection_resched: conn %lu reaquiring locks.\n",
conn->c_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
@ -1607,7 +1685,7 @@ connection_resched( Connection *conn )
if( conn->c_conn_state != SLAP_C_CLOSING ) {
#ifdef NEW_LOGGING
LDAP_LOG( CONNECTION, INFO,
"connection_resched: conn %lu closed by other thread.\n",
"connection_resched: conn %lu closed by other thread.\n",
conn->c_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE, "connection_resched: "
@ -1617,7 +1695,7 @@ connection_resched( Connection *conn )
} else {
#ifdef NEW_LOGGING
LDAP_LOG( CONNECTION, DETAIL1,
"connection_resched: conn %lu attempting closing.\n",
"connection_resched: conn %lu attempting closing.\n",
conn->c_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE, "connection_resched: "
@ -1667,19 +1745,20 @@ static int connection_op_activate( Operation *op )
}
if (!op->o_dn.bv_len) {
op->o_authz = op->o_conn->c_authz;
ber_dupbv( &op->o_dn, &op->o_conn->c_dn );
ber_dupbv( &op->o_ndn, &op->o_conn->c_ndn );
op->o_authz = op->o_conn->c_authz;
ber_dupbv( &op->o_dn, &op->o_conn->c_dn );
ber_dupbv( &op->o_ndn, &op->o_conn->c_ndn );
}
op->o_authtype = op->o_conn->c_authtype;
ber_dupbv( &op->o_authmech, &op->o_conn->c_authmech );
if (!op->o_protocol) {
op->o_protocol = op->o_conn->c_protocol
? op->o_conn->c_protocol : LDAP_VERSION3;
op->o_protocol = op->o_conn->c_protocol
? op->o_conn->c_protocol : LDAP_VERSION3;
}
if (op->o_conn->c_conn_state == SLAP_C_INACTIVE
&& op->o_protocol > LDAP_VERSION2) {
&& op->o_protocol > LDAP_VERSION2)
{
op->o_conn->c_conn_state = SLAP_C_ACTIVE;
}
@ -1697,7 +1776,8 @@ static int connection_op_activate( Operation *op )
op->o_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY,
"ldap_pvt_thread_pool_submit failed (%d)\n", status, 0, 0 );
"ldap_pvt_thread_pool_submit: failed (%d) for conn=%lu\n",
status, op->o_connid, 0 );
#endif
/* should move op to pending list */
}
@ -1720,13 +1800,13 @@ int connection_write(ber_socket_t s)
if( c == NULL ) {
#ifdef NEW_LOGGING
LDAP_LOG( CONNECTION, ERR,
"connection_write: sock %ld no connection!\n", (long)s, 0, 0);
"connection_write: sock %ld no connection!\n", (long)s, 0, 0);
#else
Debug( LDAP_DEBUG_ANY,
"connection_write(%ld): no connection!\n",
(long) s, 0, 0 );
(long)s, 0, 0 );
#endif
slapd_remove(s, 0);
slapd_remove(s, 1, 0);
ldap_pvt_thread_mutex_unlock( &connections_mutex );
return -1;
}
@ -1735,7 +1815,7 @@ int connection_write(ber_socket_t s)
#ifdef NEW_LOGGING
LDAP_LOG( CONNECTION, DETAIL1,
"connection_write conn %lu waking output.\n", c->c_connid, 0, 0 );
"connection_write conn %lu waking output.\n", c->c_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"connection_write(%d): waking output for id=%lu\n",
@ -1743,10 +1823,12 @@ int connection_write(ber_socket_t s)
#endif
ldap_pvt_thread_cond_signal( &c->c_write_cv );
if ( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_NEEDS_READ, NULL ) )
if ( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_NEEDS_READ, NULL ) ) {
slapd_set_read( s, 1 );
if ( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_NEEDS_WRITE, NULL ) )
}
if ( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_NEEDS_WRITE, NULL ) ) {
slapd_set_write( s, 1 );
}
connection_return( c );
ldap_pvt_thread_mutex_unlock( &connections_mutex );
return 0;

29
servers/slapd/controls.c
View file

@ -986,7 +986,7 @@ static int parsePreRead (
}
siz = sizeof( AttributeName );
off = 0;
off = offsetof( AttributeName, an_name );
if ( ber_scanf( ber, "{M}", &an, &siz, off ) == LBER_ERROR ) {
rs->sr_text = "preread control: decoding error";
return LDAP_PROTOCOL_ERROR;
@ -1035,7 +1035,7 @@ static int parsePostRead (
}
siz = sizeof( AttributeName );
off = 0;
off = offsetof( AttributeName, an_name );
if ( ber_scanf( ber, "{M}", &an, &siz, off ) == LBER_ERROR ) {
rs->sr_text = "postread control: decoding error";
return LDAP_PROTOCOL_ERROR;
@ -1206,7 +1206,7 @@ static int parseLDAPsync (
BerElement *ber;
ber_int_t mode;
ber_len_t len;
struct berval cookie = { 0, NULL };
struct slap_session_entry *se;
if ( op->o_sync != SLAP_NO_CONTROL ) {
rs->sr_text = "LDAP Sync control specified multiple times";
@ -1255,22 +1255,25 @@ static int parseLDAPsync (
tag = ber_peek_tag( ber, &len );
if ( tag == LDAP_SYNC_TAG_COOKIE ) {
if (( ber_scanf( ber, /*{*/ "m}",
&cookie )) == LBER_ERROR ) {
if ( tag == LDAP_TAG_SYNC_COOKIE ) {
struct berval tmp_bv;
if (( ber_scanf( ber, /*{*/ "o", &tmp_bv )) == LBER_ERROR ) {
rs->sr_text = "LDAP Sync control : cookie decoding error";
return LDAP_PROTOCOL_ERROR;
}
} else {
if (( ber_scanf( ber, /*{*/ "}")) == LBER_ERROR ) {
rs->sr_text = "LDAP Sync control : decoding error";
ber_bvarray_add( &op->o_sync_state.octet_str, &tmp_bv );
slap_parse_sync_cookie( &op->o_sync_state );
}
if ( tag == LDAP_TAG_RELOAD_HINT ) {
if (( ber_scanf( ber, /*{*/ "b", &op->o_sync_rhint )) == LBER_ERROR ) {
rs->sr_text = "LDAP Sync control : rhint decoding error";
return LDAP_PROTOCOL_ERROR;
}
cookie.bv_len = 0;
cookie.bv_val = NULL;
}
ber_dupbv( &op->o_sync_state, &cookie );
if (( ber_scanf( ber, /*{*/ "}")) == LBER_ERROR ) {
rs->sr_text = "LDAP Sync control : decoding error";
return LDAP_PROTOCOL_ERROR;
}
(void) ber_free( ber, 1 );

23
servers/slapd/cr.c
View file

@ -16,8 +16,6 @@
#include "slap.h"
#include "ldap_pvt.h"
#ifdef SLAP_EXTENDED_SCHEMA
struct cindexrec {
struct berval cir_name;
ContentRule *cir_cr;
@ -35,8 +33,7 @@ cr_index_cmp(
const struct cindexrec *cir1 = v_cir1;
const struct cindexrec *cir2 = v_cir2;
int i = cir1->cir_name.bv_len - cir2->cir_name.bv_len;
if (i)
return i;
if (i) return i;
return strcasecmp( cir1->cir_name.bv_val, cir2->cir_name.bv_val );
}
@ -48,8 +45,7 @@ cr_index_name_cmp(
const struct berval *name = v_name;
const struct cindexrec *cir = v_cir;
int i = name->bv_len - cir->cir_name.bv_len;
if (i)
return i;
if (i) return i;
return strncasecmp( name->bv_val, cir->cir_name.bv_val, name->bv_len );
}
@ -194,7 +190,11 @@ cr_add_auxiliaries(
return SLAP_SCHERR_CLASS_NOT_FOUND;
}
if( soc->soc_flags & SLAP_OC_OPERATIONAL ) (*op)++;
if( soc->soc_flags & SLAP_OC_OPERATIONAL &&
soc != slap_schema.si_oc_extensibleObject )
{
(*op)++;
}
if( soc->soc_kind != LDAP_SCHEMA_AUXILIARY ) {
*err = scr->scr_oc_oids_aux[naux];
@ -203,7 +203,6 @@ cr_add_auxiliaries(
}
scr->scr_auxiliaries[naux] = NULL;
return 0;
}
@ -387,18 +386,17 @@ cr_add(
code = cr_create_precluded( scr, &op, err );
if ( code != 0 ) return code;
if( user && op ) return SLAP_SCHERR_CR_BAD_AUX;
if( user && op ) {
return SLAP_SCHERR_CR_BAD_AUX;
}
code = cr_insert(scr,err);
return code;
}
#endif
int
cr_schema_info( Entry *e )
{
#ifdef SLAP_EXTENDED_SCHEMA
AttributeDescription *ad_ditContentRules
= slap_schema.si_ad_ditContentRules;
ContentRule *cr;
@ -428,6 +426,5 @@ cr_schema_info( Entry *e )
}
ldap_memfree( val.bv_val );
}
#endif
return 0;
}

7
servers/slapd/ctxcsn.c
View file

@ -26,7 +26,6 @@
#include <ac/string.h>
#include <ac/socket.h>
#include <db.h>
#include "ldap_pvt.h"
#include "lutil.h"
@ -188,15 +187,13 @@ slap_get_csn(
if ( csn == NULL )
return LDAP_OTHER;
if ( manage_ctxcsn ) {
pending = (struct slap_csn_entry *) ch_calloc( 1, sizeof( struct slap_csn_entry ));
}
csn->bv_len = lutil_csnstr( csnbuf, len, 0, 0 );
csn->bv_val = csnbuf;
if ( manage_ctxcsn ) {
pending = (struct slap_csn_entry *) ch_calloc( 1, sizeof( struct slap_csn_entry ));
ldap_pvt_thread_mutex_lock( &op->o_bd->be_pcl_mutex );
ber_dupbv( &op->o_sync_csn, csn );
pending->csn = ber_dupbv( NULL, csn );
pending->connid = op->o_connid;
pending->opid = op->o_opid;

54
servers/slapd/daemon.c
View file

@ -195,8 +195,13 @@ void slapd_slp_dereg() {
/*
* Add a descriptor to daemon control
*
* If isactive, the descriptor is a live server session and is subject
* to idletimeout control. Otherwise, the descriptor is a passive
* listener or an outbound client session, and not subject to
* idletimeout.
*/
static void slapd_add(ber_socket_t s) {
static void slapd_add(ber_socket_t s, int isactive) {
ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );
assert( !FD_ISSET( s, &slap_daemon.sd_actives ));
@ -209,7 +214,9 @@ static void slapd_add(ber_socket_t s) {
}
#endif
slap_daemon.sd_nactives++;
if ( isactive ) {
slap_daemon.sd_nactives++;
}
FD_SET( s, &slap_daemon.sd_actives );
FD_SET( s, &slap_daemon.sd_readers );
@ -231,10 +238,12 @@ static void slapd_add(ber_socket_t s) {
/*
* Remove the descriptor from daemon control
*/
void slapd_remove(ber_socket_t s, int wake) {
void slapd_remove(ber_socket_t s, int wasactive, int wake) {
ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );
slap_daemon.sd_nactives--;
if ( wasactive ) {
slap_daemon.sd_nactives--;
}
#ifdef NEW_LOGGING
LDAP_LOG( CONNECTION, DETAIL1,
@ -1119,7 +1128,7 @@ close_listeners(
for ( l = 0; slap_listeners[l] != NULL; l++ ) {
if ( slap_listeners[l]->sl_sd != AC_SOCKET_INVALID ) {
if ( remove )
slapd_remove( slap_listeners[l]->sl_sd, 0 );
slapd_remove( slap_listeners[l]->sl_sd, 0, 0 );
#ifdef LDAP_PF_LOCAL
if ( slap_listeners[l]->sl_sa.sa_addr.sa_family == AF_LOCAL ) {
unlink( slap_listeners[l]->sl_sa.sa_un_addr.sun_path );
@ -1171,7 +1180,7 @@ slapd_daemon_task(
* are unnecessary.
*/
if ( slap_listeners[l]->sl_is_udp ) {
slapd_add( slap_listeners[l]->sl_sd );
slapd_add( slap_listeners[l]->sl_sd, 1 );
continue;
}
#endif
@ -1228,7 +1237,7 @@ slapd_daemon_task(
return( (void*)-1 );
}
slapd_add( slap_listeners[l]->sl_sd );
slapd_add( slap_listeners[l]->sl_sd, 0 );
}
#ifdef HAVE_NT_SERVICE_MANAGER
@ -1332,11 +1341,6 @@ slapd_daemon_task(
ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
if ( !at ) {
at = ldap_pvt_thread_pool_backload(&connection_pool) -
ldap_pvt_runqueue_persistent_backload( &syncrepl_rq );
}
if ( at
#if defined(HAVE_YIELDING_SELECT) || defined(NO_THREADS)
&& ( tv.tv_sec || tv.tv_usec )
@ -1350,15 +1354,15 @@ slapd_daemon_task(
rtask = ldap_pvt_runqueue_next_sched( &syncrepl_rq, &cat );
while ( cat && cat->tv_sec && cat->tv_sec <= now ) {
if ( ldap_pvt_runqueue_isrunning( &syncrepl_rq, rtask )) {
ldap_pvt_runqueue_resched( &syncrepl_rq, rtask );
ldap_pvt_runqueue_resched( &syncrepl_rq, rtask, 0 );
} else {
ldap_pvt_runqueue_runtask( &syncrepl_rq, rtask );
ldap_pvt_runqueue_resched( &syncrepl_rq, rtask );
ldap_pvt_runqueue_resched( &syncrepl_rq, rtask, 0 );
ldap_pvt_thread_mutex_unlock( &syncrepl_rq.rq_mutex );
ldap_pvt_thread_pool_submit( &connection_pool,
rtask->routine, (void *) rtask );
ldap_pvt_thread_mutex_lock( &syncrepl_rq.rq_mutex );
}
ldap_pvt_thread_mutex_lock( &syncrepl_rq.rq_mutex );
rtask = ldap_pvt_runqueue_next_sched( &syncrepl_rq, &cat );
}
ldap_pvt_thread_mutex_unlock( &syncrepl_rq.rq_mutex );
@ -1503,7 +1507,7 @@ slapd_daemon_task(
id = connection_init(
slap_listeners[l]->sl_sd,
slap_listeners[l], "", "",
2, ssf, authid );
CONN_IS_UDP, ssf, authid );
slap_listeners[l]->sl_is_udp++;
}
continue;
@ -1733,7 +1737,7 @@ slapd_daemon_task(
dnsname != NULL ? dnsname : SLAP_STRING_UNKNOWN,
peername,
#ifdef HAVE_TLS
slap_listeners[l]->sl_is_tls,
slap_listeners[l]->sl_is_tls ? CONN_IS_TLS : 0,
#else
0,
#endif
@ -1769,7 +1773,7 @@ slapd_daemon_task(
slap_listeners[l]->sl_name.bv_val,
0 );
slapd_add( s );
slapd_add( s, 1 );
continue;
}
@ -2077,19 +2081,11 @@ slap_sig_shutdown( int sig )
* SIGBREAK is generated when a user logs out.
*/
#if 0
#if HAVE_NT_SERVICE_MANAGER && SIGBREAK
if (is_NT_Service && sig == SIGBREAK)
#ifdef NEW_LOGGING
LDAP_LOG( CONNECTION, CRIT,
"slap_sig_shutdown: SIGBREAK ignored.\n", 0, 0, 0 );
#else
Debug(LDAP_DEBUG_TRACE, "slap_sig_shutdown: SIGBREAK ignored.\n",
0, 0, 0);
#endif
;
else
#endif
#endif
#ifdef SIGHUP
if (sig == SIGHUP && global_gentlehup && slapd_gentle_shutdown == 0)
slapd_gentle_shutdown = 1;
@ -2113,8 +2109,8 @@ slap_sig_wake( int sig )
}
void slapd_add_internal(ber_socket_t s) {
slapd_add(s);
void slapd_add_internal(ber_socket_t s, int isactive) {
slapd_add(s, isactive);
}
Listener ** slapd_get_listeners(void) {

54
servers/slapd/delete.c
View file

@ -40,10 +40,6 @@ do_delete(
struct berval dn = { 0, NULL };
int manageDSAit;
#ifdef LDAP_SLAPI
Slapi_PBlock *pb = op->o_pb;
#endif
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ENTRY,
"do_delete: conn %d\n", op->o_connid, 0, 0 );
@ -158,28 +154,31 @@ do_delete(
}
#if defined( LDAP_SLAPI )
slapi_x_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_DELETE_TARGET, (void *)dn.bv_val );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit );
#define pb op->o_pb
if ( pb ) {
slapi_x_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_DELETE_TARGET, (void *)dn.bv_val );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit );
rs->sr_err = doPluginFNs( op->o_bd, SLAPI_PLUGIN_PRE_DELETE_FN, pb );
if ( rs->sr_err < 0 ) {
/*
* A preoperation plugin failure will abort the
* entire operation.
*/
rs->sr_err = doPluginFNs( op->o_bd, SLAPI_PLUGIN_PRE_DELETE_FN, pb );
if ( rs->sr_err < 0 ) {
/*
* A preoperation plugin failure will abort the
* entire operation.
*/
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO, "do_delete: delete preoperation plugin "
"failed\n", 0, 0, 0 );
LDAP_LOG( OPERATION, INFO, "do_delete: delete preoperation plugin "
"failed\n", 0, 0, 0 );
#else
Debug (LDAP_DEBUG_TRACE, "do_delete: delete preoperation plugin failed.\n",
0, 0, 0);
Debug (LDAP_DEBUG_TRACE, "do_delete: delete preoperation plugin failed.\n",
0, 0, 0);
#endif
if ( ( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE, (void *)&rs->sr_err ) != 0 ) ||
rs->sr_err == LDAP_SUCCESS ) {
rs->sr_err = LDAP_OTHER;
if ( ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void *)&rs->sr_err ) != 0 ) ||
rs->sr_err == LDAP_SUCCESS ) {
rs->sr_err = LDAP_OTHER;
}
goto cleanup;
}
goto cleanup;
}
#endif /* defined( LDAP_SLAPI ) */
@ -193,9 +192,10 @@ do_delete(
/* do the update here */
int repl_user = be_isupdate( op->o_bd, &op->o_ndn );
#ifndef SLAPD_MULTIMASTER
if ( !op->o_bd->syncinfo && ( !op->o_bd->be_update_ndn.bv_len || repl_user ))
if ( !op->o_bd->be_syncinfo &&
( !op->o_bd->be_update_ndn.bv_len || repl_user ))
#else
if ( !op->o_bd->syncinfo )
if ( !op->o_bd->be_syncinfo )
#endif
{
@ -216,11 +216,11 @@ do_delete(
#ifndef SLAPD_MULTIMASTER
} else {
BerVarray defref = NULL;
if ( op->o_bd->syncinfo ) {
defref = op->o_bd->syncinfo->provideruri_bv;
if ( op->o_bd->be_syncinfo ) {
defref = op->o_bd->be_syncinfo->si_provideruri_bv;
} else {
defref = op->o_bd->be_update_refs
? op->o_bd->be_update_refs : default_referral;
? op->o_bd->be_update_refs : default_referral;
}
if ( defref != NULL ) {
rs->sr_ref = referral_rewrite( defref,
@ -244,7 +244,7 @@ do_delete(
}
#if defined( LDAP_SLAPI )
if ( doPluginFNs( op->o_bd, SLAPI_PLUGIN_POST_DELETE_FN, pb ) < 0) {
if ( pb && doPluginFNs( op->o_bd, SLAPI_PLUGIN_POST_DELETE_FN, pb ) < 0) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO, "do_delete: delete postoperation plugins "
"failed\n", 0, 0, 0 );

13
servers/slapd/dn.c
View file

@ -314,7 +314,7 @@ LDAPDN_rewrite( LDAPDN dn, unsigned flags, void *ctx )
* if value is empty, use empty_bv
*/
rc = ( *normf )(
0,
SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
ad->ad_type->sat_syntax,
mr,
ava->la_value.bv_len
@ -329,8 +329,10 @@ LDAPDN_rewrite( LDAPDN dn, unsigned flags, void *ctx )
if( bv.bv_val ) {
ber_memfree_x( ava->la_value.bv_val, ctx );
if ( ava->la_flags & LDAP_AVA_FREE_VALUE )
ber_memfree_x( ava->la_value.bv_val, ctx );
ava->la_value = bv;
ava->la_flags |= LDAP_AVA_FREE_VALUE;
}
if( do_sort ) AVA_Sort( rdn, iAVA );
@ -882,7 +884,12 @@ int
dnX509normalize( void *x509_name, struct berval *out )
{
/* Invoke the LDAP library's converter with our schema-rewriter */
return ldap_X509dn2bv( x509_name, out, LDAPDN_rewrite, 0 );
int rc = ldap_X509dn2bv( x509_name, out, LDAPDN_rewrite, 0 );
Debug( LDAP_DEBUG_TRACE,
"dnX509Normalize: <%s>\n", out->bv_val, 0, 0 );
return rc;
}
/*

5
servers/slapd/entry.c
View file

@ -66,9 +66,10 @@ str2entry( char *s )
*/
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, DETAIL1, "str2entry: \"%s\"\n", s ? s : "NULL", 0, 0 );
LDAP_LOG( OPERATION, DETAIL1, "str2entry: \"%s\"\n",
s ? s : "NULL", 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE, "=> str2entry\n",
Debug( LDAP_DEBUG_TRACE, "=> str2entry: \"%s\"\n",
s ? s : "NULL", 0, 0 );
#endif

9
servers/slapd/filterentry.c
View file

@ -218,12 +218,13 @@ static int test_mra_filter(
/* If ma_rule is not the same as the attribute's
* normal rule, then we can't use the a_nvals.
*/
if (mra->ma_rule == a->a_desc->ad_type->sat_equality)
if (mra->ma_rule == a->a_desc->ad_type->sat_equality) {
bv = a->a_nvals;
else
} else {
bv = a->a_vals;
for ( ; bv->bv_val != NULL; bv++ )
{
}
for ( ; bv->bv_val != NULL; bv++ ) {
int ret;
int rc;
const char *text;

2
servers/slapd/globals.c
View file

@ -25,3 +25,5 @@ const struct berval slap_unknown_bv = BER_BVC("unknown");
/* normalized boolean values */
const struct berval slap_true_bv = BER_BVC("TRUE");
const struct berval slap_false_bv = BER_BVC("FALSE");
struct sync_cookie *slap_sync_cookie = NULL;

500
servers/slapd/ldapsync.c Normal file
View file

@ -0,0 +1,500 @@
/* $OpenLDAP$ */
/*
* LDAP Content Sync Routines
*/
/*
* Copyright 2003 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
/* Copyright (c) 2003 by International Business Machines, Inc.
*
* International Business Machines, Inc. (hereinafter called IBM) grants
* permission under its copyrights to use, copy, modify, and distribute this
* Software with or without fee, provided that the above copyright notice and
* all paragraphs of this notice appear in all copies, and that the name of IBM
* not be used in connection with the marketing of any product incorporating
* the Software or modifications thereof, without specific, written prior
* permission.
*
* THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES,
* INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
* PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL,
* DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN
* IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES.
*/
#include "portable.h"
#include <stdio.h>
#include <ac/string.h>
#include <ac/socket.h>
#include "ldap_pvt.h"
#include "lutil.h"
#include "slap.h"
#include "lutil_ldap.h"
int
slap_build_sync_state_ctrl(
Operation *op,
SlapReply *rs,
Entry *e,
int entry_sync_state,
LDAPControl **ctrls,
int num_ctrls,
int send_cookie,
struct berval *cookie)
{
Attribute* a;
int ret;
int res;
const char *text = NULL;
BerElementBuffer berbuf;
BerElement *ber = (BerElement *)&berbuf;
struct berval entryuuid_bv = { 0, NULL };
ber_init2( ber, 0, LBER_USE_DER );
ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
ctrls[num_ctrls] = sl_malloc ( sizeof ( LDAPControl ), op->o_tmpmemctx );
for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
AttributeDescription *desc = a->a_desc;
if ( desc == slap_schema.si_ad_entryUUID ) {
ber_dupbv( &entryuuid_bv, &a->a_nvals[0] );
}
}
if ( send_cookie && cookie ) {
ber_printf( ber, "{eOON}",
entry_sync_state, &entryuuid_bv, cookie );
} else {
ber_printf( ber, "{eON}",
entry_sync_state, &entryuuid_bv );
}
ch_free( entryuuid_bv.bv_val );
entryuuid_bv.bv_val = NULL;
ctrls[num_ctrls]->ldctl_oid = LDAP_CONTROL_SYNC_STATE;
ctrls[num_ctrls]->ldctl_iscritical = op->o_sync;
ret = ber_flatten2( ber, &ctrls[num_ctrls]->ldctl_value, 1 );
ber_free_buf( ber );
if ( ret < 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, RESULTS,
"slap_build_sync_ctrl: ber_flatten2 failed\n",
0, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"slap_build_sync_ctrl: ber_flatten2 failed\n",
0, 0, 0 );
#endif
send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
return ret;
}
return LDAP_SUCCESS;
}
int
slap_build_sync_done_ctrl(
Operation *op,
SlapReply *rs,
LDAPControl **ctrls,
int num_ctrls,
int send_cookie,
struct berval *cookie,
int refreshDeletes )
{
int ret;
BerElementBuffer berbuf;
BerElement *ber = (BerElement *)&berbuf;
ber_init2( ber, NULL, LBER_USE_DER );
ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
ctrls[num_ctrls] = ch_malloc ( sizeof ( LDAPControl ) );
ber_printf( ber, "{" );
if ( send_cookie && cookie ) {
ber_printf( ber, "O", cookie );
}
if ( refreshDeletes == LDAP_SYNC_REFRESH_DELETES ) {
ber_printf( ber, "b", refreshDeletes );
}
ber_printf( ber, "N}" );
ctrls[num_ctrls]->ldctl_oid = LDAP_CONTROL_SYNC_DONE;
ctrls[num_ctrls]->ldctl_iscritical = op->o_sync;
ret = ber_flatten2( ber, &ctrls[num_ctrls]->ldctl_value, 1 );
ber_free_buf( ber );
if ( ret < 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, RESULTS,
"slap_build_sync_done_ctrl: ber_flatten2 failed\n",
0, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"slap_build_sync_done_ctrl: ber_flatten2 failed\n",
0, 0, 0 );
#endif
send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
return ret;
}
return LDAP_SUCCESS;
}
int
slap_build_sync_state_ctrl_from_slog(
Operation *op,
SlapReply *rs,
struct slog_entry *slog_e,
int entry_sync_state,
LDAPControl **ctrls,
int num_ctrls,
int send_cookie,
struct berval *cookie)
{
Attribute* a;
int ret;
int res;
const char *text = NULL;
BerElementBuffer berbuf;
BerElement *ber = (BerElement *)&berbuf;
struct berval entryuuid_bv = { 0, NULL };
ber_init2( ber, NULL, LBER_USE_DER );
ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
ctrls[num_ctrls] = ch_malloc ( sizeof ( LDAPControl ) );
ber_dupbv( &entryuuid_bv, &slog_e->sl_uuid );
if ( send_cookie && cookie ) {
ber_printf( ber, "{eOON}",
entry_sync_state, &entryuuid_bv, cookie );
} else {
ber_printf( ber, "{eON}",
entry_sync_state, &entryuuid_bv );
}
ch_free( entryuuid_bv.bv_val );
entryuuid_bv.bv_val = NULL;
ctrls[num_ctrls]->ldctl_oid = LDAP_CONTROL_SYNC_STATE;
ctrls[num_ctrls]->ldctl_iscritical = op->o_sync;
ret = ber_flatten2( ber, &ctrls[num_ctrls]->ldctl_value, 1 );
ber_free_buf( ber );
if ( ret < 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, RESULTS,
"slap_build_sync_ctrl: ber_flatten2 failed\n",
0, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"slap_build_sync_ctrl: ber_flatten2 failed\n",
0, 0, 0 );
#endif
send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
return ret;
}
return LDAP_SUCCESS;
}
int
slap_send_syncinfo(
Operation *op,
SlapReply *rs,
int type,
struct berval *cookie,
int refreshDone,
BerVarray syncUUIDs,
int refreshDeletes )
{
BerElementBuffer berbuf;
BerElement *ber = (BerElement *)&berbuf;
struct berval rspdata;
int ret;
ber_init2( ber, NULL, LBER_USE_DER );
ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
if ( type ) {
switch ( type ) {
case LDAP_TAG_SYNC_NEW_COOKIE:
ber_printf( ber, "tO", type, cookie );
break;
case LDAP_TAG_SYNC_REFRESH_DELETE:
case LDAP_TAG_SYNC_REFRESH_PRESENT:
ber_printf( ber, "t{", type );
if ( cookie ) {
ber_printf( ber, "O", cookie );
}
if ( refreshDone == 0 ) {
ber_printf( ber, "b", refreshDone );
}
ber_printf( ber, "N}" );
break;
case LDAP_TAG_SYNC_ID_SET:
ber_printf( ber, "t{", type );
if ( cookie ) {
ber_printf( ber, "O", cookie );
}
if ( refreshDeletes == 1 ) {
ber_printf( ber, "b", refreshDeletes );
}
ber_printf( ber, "[W]", syncUUIDs );
ber_printf( ber, "N}" );
break;
default:
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, RESULTS,
"slap_send_syncinfo: invalid syncinfo type (%d)\n",
type, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"slap_send_syncinfo: invalid syncinfo type (%d)\n",
type, 0, 0 );
#endif
return LDAP_OTHER;
}
}
ret = ber_flatten2( ber, &rspdata, 0 );
if ( ret < 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, RESULTS,
"slap_send_syncinfo: ber_flatten2 failed\n",
0, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"slap_send_syncinfo: ber_flatten2 failed\n",
0, 0, 0 );
#endif
send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
return ret;
}
rs->sr_rspdata = &rspdata;
send_ldap_intermediate( op, rs );
rs->sr_rspdata = NULL;
ber_free_buf( ber );
return LDAP_SUCCESS;
}
void
slap_compose_sync_cookie(
Operation *op,
struct berval *cookie,
struct berval *csn,
int sid )
{
char cookiestr[ LDAP_LUTIL_CSNSTR_BUFSIZE + 10 ];
if ( csn->bv_val == NULL ) {
if ( sid == -1 ) {
cookiestr[0] = '\0';
} else {
snprintf( cookiestr, LDAP_LUTIL_CSNSTR_BUFSIZE + 10,
"sid=%03d", sid );
}
} else if ( sid == -1 ) {
snprintf( cookiestr, LDAP_LUTIL_CSNSTR_BUFSIZE + 10,
"csn=%s", csn->bv_val );
} else {
snprintf( cookiestr, LDAP_LUTIL_CSNSTR_BUFSIZE + 10,
"csn=%s,sid=%03d", csn->bv_val, sid );
}
ber_str2bv( cookiestr, strlen(cookiestr), 1, cookie );
}
void
slap_sync_cookie_free(
struct sync_cookie *cookie,
int free_cookie
)
{
if ( cookie == NULL )
return;
if ( cookie->ctxcsn ) {
ber_bvarray_free( cookie->ctxcsn );
cookie->ctxcsn = NULL;
}
if ( cookie->octet_str ) {
ber_bvarray_free( cookie->octet_str );
cookie->octet_str = NULL;
}
if ( free_cookie ) {
ch_free( cookie );
}
return;
}
int
slap_parse_sync_cookie(
struct sync_cookie *cookie
)
{
char *csn_ptr;
char *csn_str;
int csn_str_len;
char *sid_ptr;
char *sid_str;
char *cval;
struct berval *ctxcsn;
if ( cookie == NULL )
return -1;
if (( csn_ptr = strstr( cookie->octet_str[0].bv_val, "csn=" )) != NULL ) {
csn_str = (char *) SLAP_STRNDUP( csn_ptr, LDAP_LUTIL_CSNSTR_BUFSIZE );
if ( cval = strchr( csn_str, ',' )) {
*cval = '\0';
csn_str_len = cval - csn_str - (sizeof("csn=") - 1);
} else {
csn_str_len = cookie->octet_str[0].bv_len -
(csn_ptr - cookie->octet_str[0].bv_val) -
(sizeof("csn=") - 1);
}
ctxcsn = ber_str2bv( csn_str + (sizeof("csn=")-1),
csn_str_len, 1, NULL );
ch_free( csn_str );
ber_bvarray_add( &cookie->ctxcsn, ctxcsn );
ch_free( ctxcsn );
} else {
cookie->ctxcsn = NULL;
}
if (( sid_ptr = strstr( cookie->octet_str->bv_val, "sid=" )) != NULL ) {
sid_str = (char *) SLAP_STRNDUP( sid_ptr,
SLAP_SYNC_SID_SIZE + sizeof("sid=") - 1 );
if ( cval = strchr( sid_str, ',' )) {
*cval = '\0';
}
cookie->sid = atoi( sid_str + sizeof("sid=") - 1 );
ch_free( sid_str );
} else {
cookie->sid = -1;
}
}
int
slap_init_sync_cookie_ctxcsn(
struct sync_cookie *cookie
)
{
char csnbuf[ LDAP_LUTIL_CSNSTR_BUFSIZE + 4 ];
struct berval octet_str = { 0, NULL };
struct berval ctxcsn = { 0, NULL };
struct berval ctxcsn_dup = { 0, NULL };
struct berval slap_syncCookie;
if ( cookie == NULL )
return -1;
octet_str.bv_len = snprintf( csnbuf, LDAP_LUTIL_CSNSTR_BUFSIZE + 4,
"csn=%4d%02d%02d%02d%02d%02dZ#%06x#%02x#%06x",
1900, 1, 1, 0, 0, 0, 0, 0, 0 );
octet_str.bv_val = csnbuf;
build_new_dn( &slap_syncCookie, &cookie->octet_str[0], &octet_str, NULL );
ber_bvarray_free( cookie->octet_str );
cookie->octet_str = NULL;
ber_bvarray_add( &cookie->octet_str, &slap_syncCookie );
ber_dupbv( &ctxcsn, &octet_str );
ctxcsn.bv_val += 4;
ctxcsn.bv_len -= 4;
ber_dupbv( &ctxcsn_dup, &ctxcsn );
ch_free( ctxcsn.bv_val );
ber_bvarray_add( &cookie->ctxcsn, &ctxcsn_dup );
return 0;
}
struct sync_cookie *
slap_dup_sync_cookie(
struct sync_cookie *dst,
struct sync_cookie *src
)
{
int i;
struct sync_cookie *new;
struct berval tmp_bv;
if ( src == NULL )
return NULL;
if ( dst ) {
ber_bvarray_free( dst->ctxcsn );
ber_bvarray_free( dst->octet_str );
new = dst;
} else {
new = ( struct sync_cookie * )
ch_calloc( 1, sizeof( struct sync_cookie ));
}
new->sid = src->sid;
if ( src->ctxcsn ) {
for ( i=0; src->ctxcsn[i].bv_val; i++ ) {
ber_dupbv( &tmp_bv, &src->ctxcsn[i] );
ber_bvarray_add( &new->ctxcsn, &tmp_bv );
}
}
if ( src->octet_str ) {
for ( i=0; src->octet_str[i].bv_val; i++ ) {
ber_dupbv( &tmp_bv, &src->octet_str[i] );
ber_bvarray_add( &new->octet_str, &tmp_bv );
}
}
return new;
}
int
slap_build_syncUUID_set(
Operation *op,
BerVarray *set,
Entry *e
)
{
int ret;
Attribute* a;
struct berval entryuuid_bv = { 0, NULL };
for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
AttributeDescription *desc = a->a_desc;
if ( desc == slap_schema.si_ad_entryUUID ) {
ber_dupbv_x( &entryuuid_bv, &a->a_nvals[0], op->o_tmpmemctx );
}
}
ret = ber_bvarray_add_x( set, &entryuuid_bv, op->o_tmpmemctx );
return ret;
}

15
servers/slapd/main.c
View file

@ -92,6 +92,7 @@ usage( char *name )
fprintf( stderr,
"\t-4\t\tIPv4 only\n"
"\t-6\t\tIPv6 only\n"
"\t-c cookie\tSync cookie of consumer\n"
"\t-d level\tDebug level" "\n"
"\t-f filename\tConfiguration file\n"
#if defined(HAVE_SETUID) && defined(HAVE_SETGID)
@ -144,6 +145,8 @@ int main( int argc, char **argv )
char *serverName = NULL;
int serverMode = SLAP_SERVER_MODE;
struct berval cookie = { 0, NULL };
#ifdef CSRIMALLOC
FILE *leakfile;
if( ( leakfile = fopen( "slapd.leak", "w" )) == NULL ) {
@ -214,7 +217,7 @@ int main( int argc, char **argv )
#endif
while ( (i = getopt( argc, argv,
"d:f:h:s:n:t"
"c:d:f:h:s:n:t"
#if LDAP_PF_INET6
"46"
#endif
@ -243,6 +246,16 @@ int main( int argc, char **argv )
urls = ch_strdup( optarg );
break;
case 'c': /* provide sync cookie, override if exist in replica */
if ( slap_sync_cookie ) {
slap_sync_cookie_free( slap_sync_cookie, 1 );
}
slap_sync_cookie = (struct sync_cookie *) ch_calloc( 1,
sizeof( struct sync_cookie ));
ber_str2bv( optarg, strlen( optarg ), 1, &cookie );
ber_bvarray_add( &slap_sync_cookie->octet_str, &cookie );
break;
case 'd': /* set debug level and 'do not detach' flag */
no_detach = 1;
#ifdef LDAP_DEBUG

107
servers/slapd/modify.c
View file

@ -47,7 +47,6 @@ do_modify(
#endif
#ifdef LDAP_SLAPI
LDAPMod **modv = NULL;
Slapi_PBlock *pb = op->o_pb;
#endif
int manageDSAit;
int increment = 0;
@ -316,8 +315,15 @@ do_modify(
if (len + 1 + tmp->sml_type.bv_len > sizeof(abuf)) {
Statslog( LDAP_DEBUG_STATS, "conn=%lu op=%lu MOD attr=%s\n",
op->o_connid, op->o_opid, abuf, 0, 0 );
len = 0;
len = 0;
ptr = abuf;
if( 1 + tmp->sml_type.bv_len > sizeof(abuf)) {
Statslog( LDAP_DEBUG_STATS, "conn=%lu op=%lu MOD attr=%s\n",
op->o_connid, op->o_opid, tmp->sml_type.bv_val, 0, 0 );
continue;
}
}
if (len) {
*ptr++ = ' ';
@ -376,44 +382,47 @@ do_modify(
}
#if defined( LDAP_SLAPI )
slapi_x_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_MODIFY_TARGET, (void *)dn.bv_val );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit );
modv = slapi_x_modifications2ldapmods( &modlist );
slapi_pblock_set( pb, SLAPI_MODIFY_MODS, (void *)modv );
#define pb op->o_pb
if ( pb ) {
slapi_x_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_MODIFY_TARGET, (void *)dn.bv_val );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit );
modv = slapi_x_modifications2ldapmods( &modlist );
slapi_pblock_set( pb, SLAPI_MODIFY_MODS, (void *)modv );
rs->sr_err = doPluginFNs( op->o_bd, SLAPI_PLUGIN_PRE_MODIFY_FN, pb );
if ( rs->sr_err < 0 ) {
/*
* A preoperation plugin failure will abort the
* entire operation.
*/
rs->sr_err = doPluginFNs( op->o_bd, SLAPI_PLUGIN_PRE_MODIFY_FN, pb );
if ( rs->sr_err < 0 ) {
/*
* A preoperation plugin failure will abort the
* entire operation.
*/
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO, "do_modify: modify preoperation plugin "
"failed\n", 0, 0, 0 );
LDAP_LOG( OPERATION, INFO, "do_modify: modify preoperation plugin "
"failed\n", 0, 0, 0 );
#else
Debug(LDAP_DEBUG_TRACE, "do_modify: modify preoperation plugin failed.\n",
0, 0, 0);
Debug(LDAP_DEBUG_TRACE, "do_modify: modify preoperation plugin failed.\n",
0, 0, 0);
#endif
if ( ( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE, (void *)&rs->sr_err ) != 0 ) ||
rs->sr_err == LDAP_SUCCESS ) {
rs->sr_err = LDAP_OTHER;
if ( ( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE, (void *)&rs->sr_err ) != 0 ) ||
rs->sr_err == LDAP_SUCCESS ) {
rs->sr_err = LDAP_OTHER;
}
slapi_x_free_ldapmods( modv );
modv = NULL;
goto cleanup;
}
slapi_x_free_ldapmods( modv );
modv = NULL;
goto cleanup;
}
/*
* It's possible that the preoperation plugin changed the
* modification array, so we need to convert it back to
* a Modification list.
*
* Calling slapi_x_modifications2ldapmods() destroyed modlist so
* we don't need to free it.
*/
slapi_pblock_get( pb, SLAPI_MODIFY_MODS, (void **)&modv );
modlist = slapi_x_ldapmods2modifications( modv );
/*
* It's possible that the preoperation plugin changed the
* modification array, so we need to convert it back to
* a Modification list.
*
* Calling slapi_x_modifications2ldapmods() destroyed modlist so
* we don't need to free it.
*/
slapi_pblock_get( pb, SLAPI_MODIFY_MODS, (void **)&modv );
modlist = slapi_x_ldapmods2modifications( modv );
}
/*
* NB: it is valid for the plugin to return no modifications
@ -446,10 +455,10 @@ do_modify(
* because it accepts each modify request
*/
#ifndef SLAPD_MULTIMASTER
if ( !op->o_bd->syncinfo &&
if ( !op->o_bd->be_syncinfo &&
( !op->o_bd->be_update_ndn.bv_len || repl_user ))
#else
if ( !op->o_bd->syncinfo )
if ( !op->o_bd->be_syncinfo )
#endif
{
int update = op->o_bd->be_update_ndn.bv_len;
@ -494,8 +503,8 @@ do_modify(
/* send a referral */
} else {
BerVarray defref = NULL;
if ( op->o_bd->syncinfo ) {
defref = op->o_bd->syncinfo->provideruri_bv;
if ( op->o_bd->be_syncinfo ) {
defref = op->o_bd->be_syncinfo->si_provideruri_bv;
} else {
defref = op->o_bd->be_update_refs
? op->o_bd->be_update_refs : default_referral;
@ -525,7 +534,7 @@ do_modify(
#if defined( LDAP_SLAPI )
} /* modlist != NULL */
if ( doPluginFNs( op->o_bd, SLAPI_PLUGIN_POST_MODIFY_FN, pb ) < 0 ) {
if ( pb && doPluginFNs( op->o_bd, SLAPI_PLUGIN_POST_MODIFY_FN, pb ) < 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO, "do_modify: modify postoperation plugins "
"failed\n", 0, 0, 0 );
@ -727,7 +736,7 @@ int slap_mods_check(
for( nvals = 0; ml->sml_values[nvals].bv_val; nvals++ ) {
rc = ad->ad_type->sat_equality->smr_normalize(
0,
SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
ad->ad_type->sat_syntax,
ad->ad_type->sat_equality,
&ml->sml_values[nvals], &ml->sml_nvalues[nvals], ctx );
@ -841,12 +850,20 @@ int slap_mods_opattrs(
mod->sml_type.bv_val = NULL;
mod->sml_desc = slap_schema.si_ad_entryUUID;
mod->sml_values =
(BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
(BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
ber_dupbv( &mod->sml_values[0], &tmpval );
mod->sml_values[1].bv_len = 0;
mod->sml_values[1].bv_val = NULL;
assert( mod->sml_values[0].bv_val );
mod->sml_nvalues = NULL;
mod->sml_nvalues =
(BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
(*mod->sml_desc->ad_type->sat_equality->smr_normalize)(
SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
mod->sml_desc->ad_type->sat_syntax,
mod->sml_desc->ad_type->sat_equality,
mod->sml_values, mod->sml_nvalues, NULL );
mod->sml_nvalues[1].bv_len = 0;
mod->sml_nvalues[1].bv_val = NULL;
*modtail = mod;
modtail = &mod->sml_next;
@ -854,7 +871,8 @@ int slap_mods_opattrs(
mod->sml_op = mop;
mod->sml_type.bv_val = NULL;
mod->sml_desc = slap_schema.si_ad_creatorsName;
mod->sml_values = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
mod->sml_values =
(BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
ber_dupbv( &mod->sml_values[0], &name );
mod->sml_values[1].bv_len = 0;
mod->sml_values[1].bv_val = NULL;
@ -872,7 +890,8 @@ int slap_mods_opattrs(
mod->sml_op = mop;
mod->sml_type.bv_val = NULL;
mod->sml_desc = slap_schema.si_ad_createTimestamp;
mod->sml_values = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
mod->sml_values =
(BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
ber_dupbv( &mod->sml_values[0], &timestamp );
mod->sml_values[1].bv_len = 0;
mod->sml_values[1].bv_val = NULL;

67
servers/slapd/modrdn.c
View file

@ -60,10 +60,6 @@ do_modrdn(
ber_len_t length;
int manageDSAit;
#ifdef LDAP_SLAPI
Slapi_PBlock *pb = op->o_pb;
#endif
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ENTRY, "do_modrdn: begin\n", 0, 0, 0 );
#else
@ -315,32 +311,35 @@ do_modrdn(
}
#if defined( LDAP_SLAPI )
slapi_x_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_MODRDN_TARGET, (void *)dn.bv_val );
slapi_pblock_set( pb, SLAPI_MODRDN_NEWRDN, (void *)newrdn.bv_val );
slapi_pblock_set( pb, SLAPI_MODRDN_NEWSUPERIOR,
(void *)newSuperior.bv_val );
slapi_pblock_set( pb, SLAPI_MODRDN_DELOLDRDN, (void *)deloldrdn );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit );
#define pb op->o_pb
if ( pb ) {
slapi_x_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_MODRDN_TARGET, (void *)dn.bv_val );
slapi_pblock_set( pb, SLAPI_MODRDN_NEWRDN, (void *)newrdn.bv_val );
slapi_pblock_set( pb, SLAPI_MODRDN_NEWSUPERIOR,
(void *)newSuperior.bv_val );
slapi_pblock_set( pb, SLAPI_MODRDN_DELOLDRDN, (void *)deloldrdn );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit );
rs->sr_err = doPluginFNs( op->o_bd, SLAPI_PLUGIN_PRE_MODRDN_FN, pb );
if ( rs->sr_err < 0 ) {
/*
* A preoperation plugin failure will abort the
* entire operation.
*/
rs->sr_err = doPluginFNs( op->o_bd, SLAPI_PLUGIN_PRE_MODRDN_FN, pb );
if ( rs->sr_err < 0 ) {
/*
* A preoperation plugin failure will abort the
* entire operation.
*/
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO, "do_modrdn: modrdn preoperation plugin "
"failed\n", 0, 0, 0 );
LDAP_LOG( OPERATION, INFO, "do_modrdn: modrdn preoperation plugin "
"failed\n", 0, 0, 0 );
#else
Debug(LDAP_DEBUG_TRACE, "do_modrdn: modrdn preoperation plugin "
"failed.\n", 0, 0, 0);
Debug(LDAP_DEBUG_TRACE, "do_modrdn: modrdn preoperation plugin "
"failed.\n", 0, 0, 0);
#endif
if ( ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void *)&rs->sr_err ) != 0 ) ||
rs->sr_err == LDAP_SUCCESS ) {
rs->sr_err = LDAP_OTHER;
if ( ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void *)&rs->sr_err ) != 0 ) ||
rs->sr_err == LDAP_SUCCESS ) {
rs->sr_err = LDAP_OTHER;
}
goto cleanup;
}
goto cleanup;
}
#endif /* defined( LDAP_SLAPI ) */
@ -354,10 +353,10 @@ do_modrdn(
/* do the update here */
int repl_user = be_isupdate( op->o_bd, &op->o_ndn );
#ifndef SLAPD_MULTIMASTER
if ( !op->o_bd->syncinfo &&
( !op->o_bd->be_update_ndn.bv_len || repl_user ))
if ( !op->o_bd->be_syncinfo &&
( !op->o_bd->be_update_ndn.bv_len || repl_user ))
#else
if ( !op->o_bd->syncinfo )
if ( !op->o_bd->be_syncinfo )
#endif
{
op->orr_deleteoldrdn = deloldrdn;
@ -371,11 +370,11 @@ do_modrdn(
#ifndef SLAPD_MULTIMASTER
} else {
BerVarray defref = NULL;
if ( op->o_bd->syncinfo ) {
defref = op->o_bd->syncinfo->provideruri_bv;
if ( op->o_bd->be_syncinfo ) {
defref = op->o_bd->be_syncinfo->si_provideruri_bv;
} else {
defref = op->o_bd->be_update_refs
? op->o_bd->be_update_refs : default_referral;
? op->o_bd->be_update_refs : default_referral;
}
if ( defref != NULL ) {
rs->sr_ref = referral_rewrite( defref,
@ -399,7 +398,7 @@ do_modrdn(
}
#if defined( LDAP_SLAPI )
if ( doPluginFNs( op->o_bd, SLAPI_PLUGIN_POST_MODRDN_FN, pb ) < 0 ) {
if ( pb && doPluginFNs( op->o_bd, SLAPI_PLUGIN_POST_MODRDN_FN, pb ) < 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO, "do_modrdn: modrdn postoperation plugins "
"failed\n", 0, 0, 0 );
@ -495,7 +494,7 @@ slap_modrdn2mods(
if( desc->ad_type->sat_equality->smr_normalize) {
mod_tmp->sml_nvalues = &mod_tmp->sml_values[2];
(void) (*desc->ad_type->sat_equality->smr_normalize)(
SLAP_MR_EQUALITY,
SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
desc->ad_type->sat_syntax,
desc->ad_type->sat_equality,
&mod_tmp->sml_values[0],
@ -564,7 +563,7 @@ slap_modrdn2mods(
if( desc->ad_type->sat_equality->smr_normalize) {
mod_tmp->sml_nvalues = &mod_tmp->sml_values[2];
(void) (*desc->ad_type->sat_equality->smr_normalize)(
SLAP_MR_EQUALITY,
SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
desc->ad_type->sat_syntax,
desc->ad_type->sat_equality,
&mod_tmp->sml_values[0],

10
servers/slapd/mods.c
View file

@ -216,6 +216,7 @@ modify_delete_values(
Attribute *a;
MatchingRule *mr = mod->sm_desc->ad_type->sat_equality;
char dummy = '\0';
int match = 0;
/*
* If permissive is set, then the non-existence of an
@ -264,7 +265,6 @@ modify_delete_values(
for ( i = 0; mod->sm_values[i].bv_val != NULL; i++ ) {
int found = 0;
for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ) {
int match;
if( mod->sm_nvalues ) {
assert( a->a_nvals );
@ -291,7 +291,7 @@ modify_delete_values(
snprintf( textbuf, textlen,
"%s: matching rule failed",
mod->sm_desc->ad_cname.bv_val );
goto return_results;
break;
}
if ( match != 0 ) {
@ -317,7 +317,11 @@ modify_delete_values(
"modify/delete: %s: no such value",
mod->sm_desc->ad_cname.bv_val );
rc = LDAP_NO_SUCH_ATTRIBUTE;
goto return_results;
if ( i > 0 ) {
break;
} else {
goto return_results;
}
}
}

13
servers/slapd/mr.c
View file

@ -326,14 +326,14 @@ mru_destroy( void )
if ( m->smru_str.bv_val ) {
ch_free( m->smru_str.bv_val );
m->smru_str.bv_val = NULL;
}
/* memory borrowed from m->smru_mr */
m->smru_oid = NULL;
m->smru_names = NULL;
m->smru_desc = NULL;
/* free what's left (basically
* smru_mruleuse.mru_applies_oids) */
/* free what's left (basically smru_mruleuse.mru_applies_oids) */
ldap_matchingruleuse_free((LDAPMatchingRuleUse *)m);
}
}
@ -494,10 +494,10 @@ int mr_schema_info( Entry *e )
Debug( LDAP_DEBUG_TRACE, "Merging mr [%lu] %s\n",
mr->smr_str.bv_len, mr->smr_str.bv_val, 0 );
#endif
nval.bv_val = mr->smr_oid;
nval.bv_len = strlen(mr->smr_oid);
if( attr_merge_one( e, ad_matchingRules, &mr->smr_str, &nval ) )
{
if( attr_merge_one( e, ad_matchingRules, &mr->smr_str, &nval ) ) {
return -1;
}
}
@ -512,7 +512,6 @@ int mru_schema_info( Entry *e )
struct berval nval;
LDAP_SLIST_FOREACH( mru, &mru_list, smru_next ) {
assert( !( mru->smru_usage & SLAP_MR_HIDE ) );
if ( mru->smru_str.bv_val == NULL ) {
@ -526,10 +525,10 @@ int mru_schema_info( Entry *e )
Debug( LDAP_DEBUG_TRACE, "Merging mru [%lu] %s\n",
mru->smru_str.bv_len, mru->smru_str.bv_val, 0 );
#endif
nval.bv_val = mru->smru_oid;
nval.bv_len = strlen(mru->smru_oid);
if( attr_merge_one( e, ad_matchingRuleUse, &mru->smru_str, &nval ) )
{
if( attr_merge_one( e, ad_matchingRuleUse, &mru->smru_str, &nval ) ) {
return -1;
}
}

38
servers/slapd/operation.c
View file

@ -42,6 +42,8 @@ void slap_op_destroy(void)
void
slap_op_free( Operation *op )
{
struct berval slap_empty_bv_dup;
assert( LDAP_STAILQ_NEXT(op, o_next) == NULL );
if ( op->o_ber != NULL ) {
@ -65,18 +67,33 @@ slap_op_free( Operation *op )
ber_free( op->o_res_ber, 1 );
}
#endif
if ( op->o_sync_state.bv_val != NULL ) {
free( op->o_sync_state.bv_val );
slap_sync_cookie_free( &op->o_sync_state, 0 );
{
GroupAssertion *g, *n;
for (g = op->o_groups; g; g=n) {
n = g->ga_next;
sl_free(g, op->o_tmpmemctx);
}
op->o_groups = NULL;
}
#if defined( LDAP_SLAPI )
if ( op->o_pb != NULL ) {
slapi_pblock_destroy( (Slapi_PBlock *)op->o_pb );
slapi_x_free_object_extensions( SLAPI_X_EXT_OPERATION, op );
}
slapi_x_free_object_extensions( SLAPI_X_EXT_OPERATION, op );
#endif /* defined( LDAP_SLAPI ) */
if ( op->o_sync_csn.bv_val != NULL ) {
ch_free( op->o_sync_csn.bv_val );
}
memset( op, 0, sizeof(Operation) );
op->o_sync_state.sid = -1;
op->o_sync_slog_size = -1;
ldap_pvt_thread_mutex_lock( &slap_op_mutex );
LDAP_STAILQ_INSERT_HEAD( &slap_free_ops, op, o_next );
ldap_pvt_thread_mutex_unlock( &slap_op_mutex );
@ -91,6 +108,7 @@ slap_op_alloc(
)
{
Operation *op;
struct berval slap_empty_bv_dup;
ldap_pvt_thread_mutex_lock( &slap_op_mutex );
if ((op = LDAP_STAILQ_FIRST( &slap_free_ops ))) {
@ -98,8 +116,9 @@ slap_op_alloc(
}
ldap_pvt_thread_mutex_unlock( &slap_op_mutex );
if (!op)
if (!op) {
op = (Operation *) ch_calloc( 1, sizeof(Operation) );
}
op->o_ber = ber;
op->o_msgid = msgid;
@ -109,9 +128,16 @@ slap_op_alloc(
op->o_opid = id;
op->o_res_ber = NULL;
op->o_sync_state.sid = -1;
op->o_sync_slog_size = -1;
LDAP_STAILQ_FIRST( &op->o_sync_slog_list ) = NULL;
op->o_sync_slog_list.stqh_last = &LDAP_STAILQ_FIRST( &op->o_sync_slog_list );
#if defined( LDAP_SLAPI )
op->o_pb = slapi_pblock_new();
slapi_x_create_object_extensions( SLAPI_X_EXT_OPERATION, op );
if ( slapi_plugins_used ) {
op->o_pb = slapi_pblock_new();
slapi_x_create_object_extensions( SLAPI_X_EXT_OPERATION, op );
}
#endif /* defined( LDAP_SLAPI ) */
return( op );

4
servers/slapd/passwd.c
View file

@ -57,8 +57,8 @@ int passwd_extop(
} else if( op->o_bd->be_update_ndn.bv_len ) {
/* we SHOULD return a referral in this case */
BerVarray defref = NULL;
if ( op->o_bd->syncinfo ) {
defref = op->o_bd->syncinfo->provideruri_bv;
if ( op->o_bd->be_syncinfo ) {
defref = op->o_bd->be_syncinfo->si_provideruri_bv;
} else {
defref = referral_rewrite( op->o_bd->be_update_refs,
NULL, NULL, LDAP_SCOPE_DEFAULT );

109
servers/slapd/proto-slap.h
View file

@ -304,6 +304,9 @@ LDAP_SLAPD_F (int) get_supported_controls LDAP_P (( char ***ctrloidsp, slap_mask
LDAP_SLAPD_F (int) read_config LDAP_P(( const char *fname, int depth ));
LDAP_SLAPD_F (void) config_destroy LDAP_P ((void));
LDAP_SLAPD_F (char **) str2clist LDAP_P(( char ***, char *, const char * ));
#ifdef LDAP_SLAPI
LDAP_SLAPD_V (int) slapi_plugins_used;
#endif
/*
* connection.c
@ -313,6 +316,15 @@ LDAP_SLAPD_F (int) connections_shutdown LDAP_P((void));
LDAP_SLAPD_F (int) connections_destroy LDAP_P((void));
LDAP_SLAPD_F (int) connections_timeout_idle LDAP_P((time_t));
LDAP_SLAPD_F (int) connection_client_setup LDAP_P((
ber_socket_t s,
Listener *l,
ldap_pvt_thread_start_t *func,
void *arg ));
LDAP_SLAPD_F (void) connection_client_enable LDAP_P(( ber_socket_t s ));
LDAP_SLAPD_F (void) connection_client_stop LDAP_P(( ber_socket_t s ));
LDAP_SLAPD_F (long) connection_init LDAP_P((
ber_socket_t s,
Listener* url,
@ -370,12 +382,12 @@ LDAP_SLAPD_F (int) slap_get_csn LDAP_P(( Operation *, char *, int, struct berval
/*
* daemon.c
*/
LDAP_SLAPD_F (void) slapd_add_internal(ber_socket_t s);
LDAP_SLAPD_F (void) slapd_add_internal(ber_socket_t s, int isactive);
LDAP_SLAPD_F (int) slapd_daemon_init( const char *urls );
LDAP_SLAPD_F (int) slapd_daemon_destroy(void);
LDAP_SLAPD_F (int) slapd_daemon(void);
LDAP_SLAPD_F (Listener **) slapd_get_listeners LDAP_P((void));
LDAP_SLAPD_F (void) slapd_remove LDAP_P((ber_socket_t s, int wake));
LDAP_SLAPD_F (void) slapd_remove LDAP_P((ber_socket_t s, int wasactive, int wake));
LDAP_SLAPD_F (RETSIGTYPE) slap_sig_shutdown LDAP_P((int sig));
LDAP_SLAPD_F (RETSIGTYPE) slap_sig_wake LDAP_P((int sig));
@ -539,6 +551,7 @@ LDAP_SLAPD_V( const struct berval ) slap_empty_bv;
LDAP_SLAPD_V( const struct berval ) slap_unknown_bv;
LDAP_SLAPD_V( const struct berval ) slap_true_bv;
LDAP_SLAPD_V( const struct berval ) slap_false_bv;
LDAP_SLAPD_V( struct sync_cookie * ) slap_sync_cookie;
/*
* index.c
@ -563,6 +576,34 @@ LDAP_SLAPD_V (char *) ldap_srvtab;
LDAP_SLAPD_V (int) krbv4_ldap_auth();
#endif
/*
* ldapsync.c
*/
LDAP_SLAPD_F (int) slap_build_sync_state_ctrl LDAP_P((
Operation *, SlapReply *, Entry *, int, LDAPControl **,
int, int, struct berval * ));
LDAP_SLAPD_F (int) slap_build_sync_done_ctrl LDAP_P((
Operation *, SlapReply *, LDAPControl **,
int, int, struct berval *, int ));
LDAP_SLAPD_F (int) slap_build_sync_state_ctrl_from_slog LDAP_P((
Operation *, SlapReply *, struct slog_entry *, int,
LDAPControl **, int, int, struct berval * ));
LDAP_SLAPD_F (int) slap_send_syncinfo LDAP_P((
Operation *, SlapReply *, int,
struct berval *, int, BerVarray, int ));
LDAP_SLAPD_F (void) slap_compose_sync_cookie LDAP_P((
Operation *, struct berval *, struct berval *, int ));
LDAP_SLAPD_F (void) slap_sync_cookie_free LDAP_P((
struct sync_cookie *, int free_cookie ));
LDAP_SLAPD_F (int) slap_parse_sync_cookie LDAP_P((
struct sync_cookie * ));
LDAP_SLAPD_F (int) slap_init_sync_cookie_ctxcsn LDAP_P((
struct sync_cookie * ));
LDAP_SLAPD_F (struct sync_cookie *) slap_dup_sync_cookie LDAP_P((
struct sync_cookie *, struct sync_cookie * ));
LDAP_SLAPD_F (int) slap_build_syncUUID_set LDAP_P((
Operation *, BerVarray *, Entry * ));
/*
* limits.c
*/
@ -992,6 +1033,14 @@ LDAP_SLAPD_F (char *) scherr2str LDAP_P((int code)) LDAP_GCCATTR((const));
LDAP_SLAPD_F (int) dscompare LDAP_P(( const char *s1, const char *s2del,
char delim ));
/*
* sessionlog.c
*/
LDAP_SLAPD_F (int) slap_send_session_log LDAP_P((
Operation *, Operation *, SlapReply *));
LDAP_SLAPD_F (int) slap_add_session_log LDAP_P((
Operation *, Operation *, Entry * ));
/*
* sl_malloc.c
*/
@ -1019,6 +1068,32 @@ LDAP_SLAPD_F (SLAP_EXTOP_MAIN_FN) starttls_extop;
LDAP_SLAPD_F (Filter *) str2filter LDAP_P(( const char *str ));
LDAP_SLAPD_F (Filter *) str2filter_x LDAP_P(( Operation *op, const char *str ));
/*
* syncrepl.c
*/
LDAP_SLAPD_V (struct runqueue_s) syncrepl_rq;
LDAP_SLAPD_F (void) init_syncrepl LDAP_P((syncinfo_t *));
LDAP_SLAPD_F (void*) do_syncrepl LDAP_P((void *, void *));
LDAP_SLAPD_F (Entry*) syncrepl_message_to_entry LDAP_P((
syncinfo_t *, Operation *, LDAPMessage *,
Modifications **, int ));
LDAP_SLAPD_F (int) syncrepl_entry LDAP_P((
syncinfo_t *, Operation*, Entry*,
Modifications*,int, struct berval*,
struct sync_cookie * ));
LDAP_SLAPD_F (void) syncrepl_updateCookie LDAP_P((
syncinfo_t *, Operation *, struct berval *,
struct sync_cookie * ));
LDAP_SLAPD_F (void) syncrepl_add_glue LDAP_P((
Operation*, Entry* ));
LDAP_SLAPD_F (Entry*) slap_create_syncrepl_entry LDAP_P((
Backend *, struct berval *,
struct berval *, struct berval * ));
LDAP_SLAPD_F (struct berval *) slap_uuidstr_from_normalized LDAP_P((
struct berval *, struct berval *, void * ));
/* syntax.c */
LDAP_SLAPD_F (Syntax *) syn_find LDAP_P((
const char *synname ));
@ -1171,36 +1246,6 @@ LDAP_SLAPD_F (int) do_search LDAP_P((Operation *op, SlapReply *rs));
LDAP_SLAPD_F (int) do_unbind LDAP_P((Operation *op, SlapReply *rs));
LDAP_SLAPD_F (int) do_extended LDAP_P((Operation *op, SlapReply *rs));
/*
* syncrepl.c
*/
LDAP_SLAPD_V( const struct berval ) slap_syncrepl_bvc;
LDAP_SLAPD_V( const struct berval ) slap_syncrepl_cn_bvc;
LDAP_SLAPD_V (struct runqueue_s) syncrepl_rq;
LDAP_SLAPD_F (void) init_syncrepl LDAP_P(());
LDAP_SLAPD_F (void*) do_syncrepl LDAP_P((void *, void *));
LDAP_SLAPD_F (int) ldap_sync_search LDAP_P((
syncinfo_t *, LDAP *, LDAPControl **,
LDAPControl **, int *));
LDAP_SLAPD_F (Entry*) syncrepl_message_to_entry LDAP_P((
syncinfo_t *, LDAP *, Operation *, LDAPMessage *,
Modifications **, int*, struct berval *, struct berval * ));
LDAP_SLAPD_F (int) syncrepl_entry LDAP_P((
syncinfo_t *, LDAP *, Operation*, Entry*,
Modifications*,int, struct berval*, struct berval*, int ));
LDAP_SLAPD_F (void) syncrepl_updateCookie LDAP_P((
syncinfo_t *, LDAP *, Operation *, struct berval *,
struct berval * ));
LDAP_SLAPD_F (void) syncrepl_add_glue LDAP_P(( syncinfo_t *, LDAP *,
Operation*, Entry*, Modifications*, int,
struct berval*, struct berval* ));
LDAP_SLAPD_F (Entry*) slap_create_syncrepl_entry LDAP_P((
Backend *, struct berval *,
struct berval *, struct berval * ));
LDAP_END_DECL
#endif /* PROTO_SLAP_H */

80
servers/slapd/result.c
View file

@ -371,9 +371,11 @@ send_ldap_response(
}
#ifdef LDAP_SLAPI
slapi_pblock_set( op->o_pb, SLAPI_RESULT_CODE, (void *)rs->sr_err );
slapi_pblock_set( op->o_pb, SLAPI_RESULT_MATCHED, (void *)rs->sr_matched );
slapi_pblock_set( op->o_pb, SLAPI_RESULT_TEXT, (void *)rs->sr_text );
if ( op->o_pb ) {
slapi_pblock_set( op->o_pb, SLAPI_RESULT_CODE, (void *)rs->sr_err );
slapi_pblock_set( op->o_pb, SLAPI_RESULT_MATCHED, (void *)rs->sr_matched );
slapi_pblock_set( op->o_pb, SLAPI_RESULT_TEXT, (void *)rs->sr_text );
}
#endif /* LDAP_SLAPI */
ldap_pvt_thread_mutex_lock( &num_sent_mutex );
@ -493,12 +495,14 @@ slap_send_ldap_result( Operation *op, SlapReply *rs )
* should just set SLAPI_RESULT_CODE rather than sending a
* result if they wish to change the result.
*/
slapi_x_pblock_set_operation( op->o_pb, op );
slapi_pblock_set( op->o_pb, SLAPI_RESULT_CODE, (void *)rs->sr_err );
slapi_pblock_set( op->o_pb, SLAPI_RESULT_TEXT, (void *)rs->sr_text );
slapi_pblock_set( op->o_pb, SLAPI_RESULT_MATCHED, (void *)rs->sr_matched );
if ( op->o_pb ) {
slapi_x_pblock_set_operation( op->o_pb, op );
slapi_pblock_set( op->o_pb, SLAPI_RESULT_CODE, (void *)rs->sr_err );
slapi_pblock_set( op->o_pb, SLAPI_RESULT_TEXT, (void *)rs->sr_text );
slapi_pblock_set( op->o_pb, SLAPI_RESULT_MATCHED, (void *)rs->sr_matched );
(void) doPluginFNs( op->o_bd, SLAPI_PLUGIN_PRE_RESULT_FN, op->o_pb );
(void) doPluginFNs( op->o_bd, SLAPI_PLUGIN_PRE_RESULT_FN, op->o_pb );
}
#endif /* LDAP_SLAPI */
if ( op->o_protocol < LDAP_VERSION3 ) {
@ -1069,38 +1073,40 @@ slap_send_search_entry( Operation *op, SlapReply *rs )
* First, setup the computed attribute context that is
* passed to all plugins.
*/
ctx.cac_pb = op->o_pb;
ctx.cac_attrs = rs->sr_attrs;
ctx.cac_attrsonly = op->ors_attrsonly;
ctx.cac_userattrs = userattrs;
ctx.cac_opattrs = opattrs;
ctx.cac_acl_state = acl_state;
ctx.cac_private = (void *)ber;
if ( op->o_pb ) {
ctx.cac_pb = op->o_pb;
ctx.cac_attrs = rs->sr_attrs;
ctx.cac_attrsonly = op->ors_attrsonly;
ctx.cac_userattrs = userattrs;
ctx.cac_opattrs = opattrs;
ctx.cac_acl_state = acl_state;
ctx.cac_private = (void *)ber;
/*
* For each client requested attribute, call the plugins.
*/
if ( rs->sr_attrs != NULL ) {
for ( anp = rs->sr_attrs; anp->an_name.bv_val != NULL; anp++ ) {
rc = compute_evaluator( &ctx, anp->an_name.bv_val,
rs->sr_entry, slapi_x_compute_output_ber );
if ( rc == 1 ) {
break;
}
}
} else {
/*
* Technically we shouldn't be returning operational attributes
* when the user requested only user attributes. We'll let the
* plugin decide whether to be naughty or not.
* For each client requested attribute, call the plugins.
*/
rc = compute_evaluator( &ctx, "*",
rs->sr_entry, slapi_x_compute_output_ber );
}
if ( rc == 1 ) {
if ( op->o_res_ber == NULL ) ber_free_buf( ber );
send_ldap_error( op, rs, LDAP_OTHER, "computed attribute error" );
goto error_return;
if ( rs->sr_attrs != NULL ) {
for ( anp = rs->sr_attrs; anp->an_name.bv_val != NULL; anp++ ) {
rc = compute_evaluator( &ctx, anp->an_name.bv_val,
rs->sr_entry, slapi_x_compute_output_ber );
if ( rc == 1 ) {
break;
}
}
} else {
/*
* Technically we shouldn't be returning operational attributes
* when the user requested only user attributes. We'll let the
* plugin decide whether to be naughty or not.
*/
rc = compute_evaluator( &ctx, "*",
rs->sr_entry, slapi_x_compute_output_ber );
}
if ( rc == 1 ) {
if ( op->o_res_ber == NULL ) ber_free_buf( ber );
send_ldap_error( op, rs, LDAP_OTHER, "computed attribute error" );
goto error_return;
}
}
#endif /* LDAP_SLAPI */

2
servers/slapd/root_dse.c
View file

@ -1,5 +1,5 @@
/* $OpenLDAP$ */
/* root_dse.c - Provides the ROOT DSA-Specific Entry
/* root_dse.c - Provides the Root DSA-Specific Entry
*
* Copyright 1999-2003 The OpenLDAP Foundation.
* All rights reserved.

5
servers/slapd/sasl.c
View file

@ -297,6 +297,7 @@ static const char *slap_propnames[] = {
"*slapConn", "*authcDN", "*authzDN", NULL };
static Filter generic_filter = { LDAP_FILTER_PRESENT };
static struct berval generic_filterstr = BER_BVC("(objectclass=*)");
#define PROP_CONN 0
#define PROP_AUTHC 1
@ -449,10 +450,12 @@ slap_auxprop_lookup(
#endif
op.o_conn = conn;
op.o_connid = conn->c_connid;
op.o_req_dn = op.o_req_ndn;
op.ors_scope = LDAP_SCOPE_BASE;
op.ors_deref = LDAP_DEREF_NEVER;
op.ors_slimit = 1;
op.ors_filter = &generic_filter;
op.ors_filterstr = generic_filterstr;
op.o_bd->be_search( &op, &rs );
}
@ -577,10 +580,12 @@ slap_sasl_checkpass(
#endif
op.o_conn = conn;
op.o_connid = conn->c_connid;
op.o_req_dn = op.o_req_ndn;
op.ors_scope = LDAP_SCOPE_BASE;
op.ors_deref = LDAP_DEREF_NEVER;
op.ors_slimit = 1;
op.ors_filter = &generic_filter;
op.ors_filterstr = generic_filterstr;
op.o_bd->be_search( &op, &rs );
}

45
servers/slapd/saslauthz.c
View file

@ -66,15 +66,20 @@ int slap_sasl_setpolicy( const char *arg )
}
static int slap_parseURI( Operation *op, struct berval *uri,
struct berval *searchbase, int *scope, Filter **filter )
struct berval *base, struct berval *nbase,
int *scope, Filter **filter, struct berval *fstr )
{
struct berval bv;
int rc;
LDAPURLDesc *ludp;
assert( uri != NULL && uri->bv_val != NULL );
searchbase->bv_val = NULL;
searchbase->bv_len = 0;
base->bv_val = NULL;
base->bv_len = 0;
nbase->bv_val = NULL;
nbase->bv_len = 0;
fstr->bv_val = NULL;
fstr->bv_len = 0;
*scope = -1;
*filter = NULL;
@ -93,7 +98,7 @@ static int slap_parseURI( Operation *op, struct berval *uri,
is_dn: bv.bv_len = uri->bv_len - (bv.bv_val - uri->bv_val);
rc = dnNormalize( 0, NULL, NULL, &bv, searchbase, op->o_tmpmemctx );
rc = dnNormalize( 0, NULL, NULL, &bv, nbase, op->o_tmpmemctx );
if( rc == LDAP_SUCCESS ) {
*scope = LDAP_SCOPE_BASE;
}
@ -129,16 +134,24 @@ is_dn: bv.bv_len = uri->bv_len - (bv.bv_val - uri->bv_val);
rc = LDAP_PROTOCOL_ERROR;
goto done;
}
ber_str2bv( ludp->lud_filter, 0, 0, fstr );
}
/* Grab the searchbase */
bv.bv_val = ludp->lud_dn;
bv.bv_len = strlen( bv.bv_val );
rc = dnNormalize( 0, NULL, NULL, &bv, searchbase, op->o_tmpmemctx );
ber_str2bv( ludp->lud_dn, 0, 0, base );
rc = dnNormalize( 0, NULL, NULL, base, nbase, op->o_tmpmemctx );
done:
if( rc != LDAP_SUCCESS ) {
if( *filter ) filter_free_x( op, *filter );
base->bv_val = NULL;
base->bv_len = 0;
fstr->bv_val = NULL;
fstr->bv_len = 0;
} else {
/* Don't free these, return them to caller */
ludp->lud_filter = NULL;
ludp->lud_dn= NULL;
}
ldap_free_urldesc( ludp );
@ -405,8 +418,9 @@ int slap_sasl_match( Operation *opx, struct berval *rule,
assertDN->bv_val, rule->bv_val, 0 );
#endif
rc = slap_parseURI( opx, rule,
&op.o_req_ndn, &op.oq_search.rs_scope, &op.oq_search.rs_filter );
rc = slap_parseURI( opx, rule, &op.o_req_dn,
&op.o_req_ndn, &op.oq_search.rs_scope, &op.oq_search.rs_filter,
&op.ors_filterstr );
if( rc != LDAP_SUCCESS ) goto CONCLUDED;
/* Massive shortcut: search scope == base */
@ -462,6 +476,7 @@ int slap_sasl_match( Operation *opx, struct berval *rule,
#endif
op.o_conn = opx->o_conn;
op.o_connid = opx->o_connid;
op.o_req_dn = op.o_req_ndn;
op.o_bd->be_search( &op, &rs );
@ -472,8 +487,10 @@ int slap_sasl_match( Operation *opx, struct berval *rule,
}
CONCLUDED:
if( op.o_req_dn.bv_len ) ch_free( op.o_req_dn.bv_val );
if( op.o_req_ndn.bv_len ) sl_free( op.o_req_ndn.bv_val, opx->o_tmpmemctx );
if( op.oq_search.rs_filter ) filter_free_x( opx, op.oq_search.rs_filter );
if( op.ors_filterstr.bv_len ) ch_free( op.ors_filterstr.bv_val );
#ifdef NEW_LOGGING
LDAP_LOG( TRANSPORT, ENTRY,
@ -580,8 +597,9 @@ void slap_sasl2dn( Operation *opx,
goto FINISHED;
}
rc = slap_parseURI( opx, &regout,
&op.o_req_ndn, &op.oq_search.rs_scope, &op.oq_search.rs_filter );
rc = slap_parseURI( opx, &regout, &op.o_req_dn,
&op.o_req_ndn, &op.oq_search.rs_scope, &op.oq_search.rs_filter,
&op.ors_filterstr );
if( regout.bv_val ) sl_free( regout.bv_val, opx->o_tmpmemctx );
if( rc != LDAP_SUCCESS ) {
goto FINISHED;
@ -630,6 +648,7 @@ void slap_sasl2dn( Operation *opx,
op.oq_search.rs_deref = LDAP_DEREF_NEVER;
op.oq_search.rs_slimit = 1;
op.oq_search.rs_attrsonly = 1;
op.o_req_dn = op.o_req_ndn;
op.o_bd->be_search( &op, &rs );
@ -637,8 +656,10 @@ FINISHED:
if( sasldn->bv_len ) {
opx->o_conn->c_authz_backend = op.o_bd;
}
if( op.o_req_ndn.bv_len ) ch_free( op.o_req_ndn.bv_val );
if( op.o_req_dn.bv_len ) ch_free( op.o_req_dn.bv_val );
if( op.o_req_ndn.bv_len ) sl_free( op.o_req_ndn.bv_val, opx->o_tmpmemctx );
if( op.oq_search.rs_filter ) filter_free_x( opx, op.oq_search.rs_filter );
if( op.ors_filterstr.bv_len ) ch_free( op.ors_filterstr.bv_val );
#ifdef NEW_LOGGING
LDAP_LOG( TRANSPORT, ENTRY,

4
servers/slapd/schema/core.schema
View file

@ -202,13 +202,17 @@ attributetype ( 2.5.4.34 NAME 'seeAlso'
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
# Must be transferred using ;binary
# with certificateExactMatch rule (per X.509)
attributetype ( 2.5.4.36 NAME 'userCertificate'
DESC 'RFC2256: X.509 user certificate, use ;binary'
EQUALITY certificateExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
# Must be transferred using ;binary
# with certificateExactMatch rule (per X.509)
attributetype ( 2.5.4.37 NAME 'cACertificate'
DESC 'RFC2256: X.509 CA certificate, use ;binary'
EQUALITY certificateExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
# Must be transferred using ;binary

112
servers/slapd/schema_check.c
View file

@ -42,10 +42,8 @@ entry_schema_check(
{
Attribute *a, *asc, *aoc;
ObjectClass *sc, *oc;
#ifdef SLAP_EXTENDED_SCHEMA
AttributeType *at;
ContentRule *cr;
#endif
int rc, i;
struct berval nsc;
AttributeDescription *ad_structuralObjectClass
@ -229,16 +227,15 @@ entry_schema_check(
}
/* naming check */
if ( !is_entry_objectclass ( e, slap_schema.si_oc_glue, 0 ) ) {
rc = entry_naming_check( e, text, textbuf, textlen );
if( rc != LDAP_SUCCESS ) {
return rc;
}
} else {
/* Glue Entry */
}
if ( !is_entry_objectclass ( e, slap_schema.si_oc_glue, 0 ) ) {
rc = entry_naming_check( e, text, textbuf, textlen );
if( rc != LDAP_SUCCESS ) {
return rc;
}
} else {
/* Glue Entry */
}
#ifdef SLAP_EXTENDED_SCHEMA
/* find the content rule for the structural class */
cr = cr_find( sc->soc_oid );
@ -322,7 +319,6 @@ entry_schema_check(
}
}
}
#endif /* SLAP_EXTENDED_SCHEMA */
/* check that the entry has required attrs for each oc */
for ( i = 0; aoc->a_vals[i].bv_val != NULL; i++ ) {
@ -434,7 +430,6 @@ entry_schema_check(
} else if ( oc->soc_kind != LDAP_SCHEMA_STRUCTURAL || oc == sc ) {
char *s;
#ifdef SLAP_EXTENDED_SCHEMA
if( oc->soc_kind == LDAP_SCHEMA_AUXILIARY ) {
int k;
@ -475,7 +470,6 @@ entry_schema_check(
return LDAP_OBJECT_CLASS_VIOLATION;
}
}
#endif /* SLAP_EXTENDED_SCHEMA */
s = oc_check_required( e, oc, &aoc->a_vals[i] );
if (s != NULL) {
@ -509,7 +503,6 @@ entry_schema_check(
for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
int ret;
#ifdef SLAP_EXTENDED_SCHEMA
ret = LDAP_OBJECT_CLASS_VIOLATION;
if( cr && cr->scr_required ) {
@ -531,7 +524,6 @@ entry_schema_check(
}
if( ret != LDAP_SUCCESS )
#endif /* SLAP_EXTENDED_SCHEMA */
{
ret = oc_check_allowed( a->a_desc->ad_type, aoc->a_vals, sc );
}
@ -727,7 +719,7 @@ int structural_class(
if( xc == NULL ) {
snprintf( textbuf, textlen,
"unrecognized objectClass '%s'",
ocs[i].bv_val );
ocs[j].bv_val );
*text = textbuf;
return LDAP_OBJECT_CLASS_VIOLATION;
}
@ -849,12 +841,59 @@ entry_naming_check(
Attribute *attr;
const char *errtext;
if( ava->la_flags & LDAP_AVA_BINARY ) {
snprintf( textbuf, textlen,
"value of naming attribute '%s' in unsupported BER form",
ava->la_attr.bv_val );
rc = LDAP_NAMING_VIOLATION;
}
rc = slap_bv2ad( &ava->la_attr, &desc, &errtext );
if ( rc != LDAP_SUCCESS ) {
snprintf( textbuf, textlen, "%s (in RDN)", errtext );
break;
}
if( desc->ad_type->sat_usage ) {
snprintf( textbuf, textlen,
"naming attribute '%s' is operational",
ava->la_attr.bv_val );
rc = LDAP_NAMING_VIOLATION;
break;
}
if( desc->ad_type->sat_collective ) {
snprintf( textbuf, textlen,
"naming attribute '%s' is collective",
ava->la_attr.bv_val );
rc = LDAP_NAMING_VIOLATION;
break;
}
if( desc->ad_type->sat_obsolete ) {
snprintf( textbuf, textlen,
"naming attribute '%s' is collective",
ava->la_attr.bv_val );
rc = LDAP_NAMING_VIOLATION;
break;
}
if( !desc->ad_type->sat_equality ) {
snprintf( textbuf, textlen,
"naming attribute '%s' has no equality matching rule",
ava->la_attr.bv_val );
rc = LDAP_NAMING_VIOLATION;
break;
}
if( !desc->ad_type->sat_equality->smr_match ) {
snprintf( textbuf, textlen,
"naming attribute '%s' has unsupported equality matching rule",
ava->la_attr.bv_val );
rc = LDAP_NAMING_VIOLATION;
break;
}
/* find the naming attribute */
attr = attr_find( e->e_attrs, desc );
if ( attr == NULL ) {
@ -865,21 +904,32 @@ entry_naming_check(
break;
}
if( ava->la_flags & LDAP_AVA_BINARY ) {
snprintf( textbuf, textlen,
"value of naming attribute '%s' in unsupported BER form",
ava->la_attr.bv_val );
rc = LDAP_NAMING_VIOLATION;
}
if ( value_find_ex( desc,
rc = value_find_ex( desc, SLAP_MR_VALUE_OF_ASSERTION_SYNTAX|
SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH,
attr->a_nvals,
&ava->la_value, NULL ) != 0 )
{
snprintf( textbuf, textlen,
"value of naming attribute '%s' is not present in entry",
ava->la_attr.bv_val );
attr->a_nvals, &ava->la_value, NULL );
if( rc != 0 ) {
switch( rc ) {
case LDAP_INAPPROPRIATE_MATCHING:
snprintf( textbuf, textlen,
"inappropriate matching for naming attribute '%s'",
ava->la_attr.bv_val );
break;
case LDAP_INVALID_SYNTAX:
snprintf( textbuf, textlen,
"value of naming attribute '%s' is invalid",
ava->la_attr.bv_val );
break;
case LDAP_NO_SUCH_ATTRIBUTE:
snprintf( textbuf, textlen,
"value of naming attribute '%s' is not present in entry",
ava->la_attr.bv_val );
break;
default:
snprintf( textbuf, textlen,
"naming attribute '%s' is inappropriate",
ava->la_attr.bv_val );
}
rc = LDAP_NAMING_VIOLATION;
break;
}

585
servers/slapd/schema_init.c
View file

@ -21,6 +21,18 @@
#include "ldap_utf8.h"
#ifdef HAVE_TLS
#include <openssl/x509.h>
#include <openssl/err.h>
#include <openssl/rsa.h>
#include <openssl/crypto.h>
#include <openssl/pem.h>
#include <openssl/bio.h>
#include <openssl/asn1.h>
#include <openssl/x509v3.h>
#include <openssl/ssl.h>
#endif
#include "lutil_hash.h"
#define HASH_BYTES LUTIL_HASH_BYTES
#define HASH_CONTEXT lutil_HASH_CTX
@ -60,6 +72,33 @@ blobValidate(
#define berValidate blobValidate
static int
sequenceValidate(
Syntax *syntax,
struct berval *in )
{
if ( in->bv_len < 2 ) return LDAP_INVALID_SYNTAX;
if ( in->bv_val[0] != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
return LDAP_SUCCESS;
}
#ifdef HAVE_TLS
static int certificateValidate( Syntax *syntax, struct berval *in )
{
X509 *xcert=NULL;
unsigned char *p = in->bv_val;
xcert = d2i_X509(NULL, &p, in->bv_len);
if ( !xcert ) return LDAP_INVALID_SYNTAX;
X509_free(xcert);
return LDAP_SUCCESS;
}
#else
#define certificateValidate sequenceValidate
#endif
static int
octetStringMatch(
int *matchp,
@ -822,6 +861,8 @@ uniqueMemberNormalize(
struct berval out;
int rc;
assert( SLAP_MR_IS_VALUE_OF_SYNTAX( usage ));
ber_dupbv( &out, val );
if( out.bv_len != 0 ) {
struct berval uid = { 0, NULL };
@ -1131,6 +1172,8 @@ UTF8StringNormalize(
int flags;
int i, wasspace;
assert( SLAP_MR_IS_VALUE_OF_SYNTAX( use ));
if( val->bv_val == NULL ) {
/* assume we're dealing with a syntax (e.g., UTF8String)
* which allows empty strings
@ -1424,6 +1467,8 @@ telephoneNumberNormalize(
{
char *p, *q;
assert( SLAP_MR_IS_VALUE_OF_SYNTAX( usage ));
/* validator should have refused an empty string */
assert( val->bv_len );
@ -1669,10 +1714,12 @@ IA5StringNormalize(
void *ctx )
{
char *p, *q;
int casefold = SLAP_MR_ASSOCIATED(mr, slap_schema.si_mr_caseExactIA5Match);
int casefold = !SLAP_MR_ASSOCIATED(mr, slap_schema.si_mr_caseExactIA5Match);
assert( val->bv_len );
assert( SLAP_MR_IS_VALUE_OF_SYNTAX( use ));
p = val->bv_val;
/* Ignore initial whitespace */
@ -1723,6 +1770,86 @@ IA5StringNormalize(
return LDAP_SUCCESS;
}
static int
UUIDValidate(
Syntax *syntax,
struct berval *in )
{
int i;
if( in->bv_len != 36 ) {
assert(0);
return LDAP_INVALID_SYNTAX;
}
for( i=0; i<36; i++ ) {
switch(i) {
case 8:
case 13:
case 18:
case 23:
if( in->bv_val[i] != '-' ) {
return LDAP_INVALID_SYNTAX;
}
break;
default:
if( !ASCII_HEX( in->bv_val[i]) ) {
return LDAP_INVALID_SYNTAX;
}
}
}
return LDAP_SUCCESS;
}
static int
UUIDNormalize(
slap_mask_t usage,
Syntax *syntax,
MatchingRule *mr,
struct berval *val,
struct berval *normalized,
void *ctx )
{
unsigned char octet;
int i;
int j;
normalized->bv_len = 16;
normalized->bv_val = sl_malloc( normalized->bv_len+1, ctx );
for( i=0, j=0; i<36; i++ ) {
unsigned char nibble;
if( val->bv_val[i] == '-' ) {
continue;
} else if( ASCII_DIGIT( val->bv_val[i] ) ) {
nibble = val->bv_val[i] - '0';
} else if( ASCII_HEXLOWER( val->bv_val[i] ) ) {
nibble = val->bv_val[i] - ('a'-10);
} else if( ASCII_HEXUPPER( val->bv_val[i] ) ) {
nibble = val->bv_val[i] - ('A'-10);
} else {
sl_free( normalized->bv_val, ctx );
return LDAP_INVALID_SYNTAX;
}
if( j & 1 ) {
octet |= nibble;
normalized->bv_val[j>>1] = octet;
} else {
octet = nibble << 4;
}
j++;
}
normalized->bv_val[normalized->bv_len] = 0;
return LDAP_SUCCESS;
}
static int
numericStringValidate(
Syntax *syntax,
@ -1864,211 +1991,202 @@ serialNumberAndIssuerValidate(
Syntax *syntax,
struct berval *in )
{
int rc = LDAP_INVALID_SYNTAX;
struct berval serialNumber, issuer;
int rc;
int state;
ber_len_t n;
struct berval sn, i;
if( in->bv_len < 3 ) return LDAP_INVALID_SYNTAX;
serialNumber.bv_val = in->bv_val;
for( serialNumber.bv_len = 0;
serialNumber.bv_len < in->bv_len;
serialNumber.bv_len++ )
{
if ( serialNumber.bv_val[serialNumber.bv_len] == '$' ) {
issuer.bv_val = &serialNumber.bv_val[serialNumber.bv_len+1];
issuer.bv_len = in->bv_len - (serialNumber.bv_len+1);
i.bv_val = strchr( in->bv_val, '$' );
if( i.bv_val == NULL ) return LDAP_INVALID_SYNTAX;
if( serialNumber.bv_len == 0 || issuer.bv_len == 0 ) break;
sn.bv_val = in->bv_val;
sn.bv_len = i.bv_val - in->bv_val;
rc = integerValidate( NULL, &serialNumber );
if( rc ) break;
i.bv_val++;
i.bv_len = in->bv_len - (sn.bv_len + 1);
rc = dnValidate( NULL, &issuer );
break;
/* validate serial number (strict for now) */
for( n=0; n < sn.bv_len; n++ ) {
if( !ASCII_DIGIT(sn.bv_val[n]) ) {
return LDAP_INVALID_SYNTAX;
}
}
return rc;
/* validate DN */
rc = dnValidate( NULL, &i );
if( rc ) return LDAP_INVALID_SYNTAX;
return LDAP_SUCCESS;
}
int
serialNumberAndIssuerPretty(
Syntax *syntax,
struct berval *val,
struct berval *out,
void *ctx )
{
int rc;
int state;
ber_len_t n;
struct berval sn, i, newi;
assert( val );
assert( out );
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ARGS, ">>> serialNumberAndIssuerPretty: <%s>\n",
val->bv_val, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE, ">>> serialNumberAndIssuerPretty: <%s>\n",
val->bv_val, 0, 0 );
#endif
if( val->bv_len < 3 ) return LDAP_INVALID_SYNTAX;
i.bv_val = strchr( val->bv_val, '$' );
if( i.bv_val == NULL ) return LDAP_INVALID_SYNTAX;
sn.bv_val = val->bv_val;
sn.bv_len = i.bv_val - val->bv_val;
i.bv_val++;
i.bv_len = val->bv_len - (sn.bv_len + 1);
/* eat leading zeros */
for( n=0; n < (sn.bv_len-1); n++ ) {
if( sn.bv_val[n] != '0' ) break;
}
sn.bv_val += n;
sn.bv_len -= n;
for( n=0; n < sn.bv_len; n++ ) {
if( !ASCII_DIGIT(sn.bv_val[n]) ) {
return LDAP_INVALID_SYNTAX;
}
}
/* pretty DN */
rc = dnPretty( syntax, &i, &newi, ctx );
if( rc ) return LDAP_INVALID_SYNTAX;
/* make room from sn + "$" */
out->bv_len = sn.bv_len + newi.bv_len + 1;
out->bv_val = sl_realloc( newi.bv_val, out->bv_len + 1, ctx );
if( out->bv_val == NULL ) {
sl_free( newi.bv_val, ctx );
return LDAP_OTHER;
}
/* push issuer over */
AC_MEMCPY( &out->bv_val[sn.bv_len+1], newi.bv_val, newi.bv_len );
/* insert sn and "$" */
AC_MEMCPY( out->bv_val, sn.bv_val, sn.bv_len );
out->bv_val[sn.bv_len] = '$';
/* terminate */
out->bv_val[out->bv_len] = '\0';
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ARGS, "<<< serialNumberAndIssuerPretty: <%s>\n",
out->bv_val, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE, "<<< serialNumberAndIssuerPretty: <%s>\n",
out->bv_val, 0, 0 );
#endif
return LDAP_SUCCESS;
}
/*
* This routine is called by certificateExactNormalize when
* certificateExactNormalize receives a search string instead of
* a certificate. This routine checks if the search value is valid
* and then returns the normalized value
*/
static int
serialNumberAndIssuerNormalize(
slap_mask_t usage,
Syntax *syntax,
MatchingRule *mr,
struct berval *val,
struct berval *normalized,
struct berval *out,
void *ctx )
{
int rc = LDAP_INVALID_SYNTAX;
struct berval serialNumber, issuer, nissuer;
int rc;
int state;
ber_len_t n;
struct berval sn, i, newi;
serialNumber.bv_val = val->bv_val;
for( serialNumber.bv_len = 0;
serialNumber.bv_len < val->bv_len;
serialNumber.bv_len++ )
{
if ( serialNumber.bv_val[serialNumber.bv_len] == '$' ) {
issuer.bv_val = &serialNumber.bv_val[serialNumber.bv_len+1];
issuer.bv_len = val->bv_len - (serialNumber.bv_len+1);
assert( val );
assert( out );
if( serialNumber.bv_len == 0 || issuer.bv_len == 0 ) break;
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ARGS, ">>> serialNumberAndIssuerNormalize: <%s>\n",
val->bv_val, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE, ">>> serialNumberAndIssuerNormalize: <%s>\n",
val->bv_val, 0, 0 );
#endif
rc = dnNormalize( usage, syntax, mr, &issuer, &nissuer, ctx );
if( rc ) break;
if( val->bv_len < 3 ) return LDAP_INVALID_SYNTAX;
normalized->bv_len = serialNumber.bv_len + 1 + nissuer.bv_len;
normalized->bv_val = ch_malloc( normalized->bv_len + 1);
i.bv_val = strchr( val->bv_val, '$' );
if( i.bv_val == NULL ) return LDAP_INVALID_SYNTAX;
AC_MEMCPY( normalized->bv_val,
serialNumber.bv_val, serialNumber.bv_len );
normalized->bv_val[serialNumber.bv_len] = '$';
AC_MEMCPY( &normalized->bv_val[serialNumber.bv_len+1],
nissuer.bv_val, nissuer.bv_len );
normalized->bv_val[normalized->bv_len] = '\0';
break;
sn.bv_val = val->bv_val;
sn.bv_len = i.bv_val - val->bv_val;
i.bv_val++;
i.bv_len = val->bv_len - (sn.bv_len + 1);
/* eat leading zeros */
for( n=0; n < (sn.bv_len-1); n++ ) {
if( sn.bv_val[n] != '0' ) break;
}
sn.bv_val += n;
sn.bv_len -= n;
for( n=0; n < sn.bv_len; n++ ) {
if( !ASCII_DIGIT(sn.bv_val[n]) ) {
return LDAP_INVALID_SYNTAX;
}
}
/* pretty DN */
rc = dnNormalize( usage, syntax, mr, &i, &newi, ctx );
if( rc ) return LDAP_INVALID_SYNTAX;
/* make room from sn + "$" */
out->bv_len = sn.bv_len + newi.bv_len + 1;
out->bv_val = sl_realloc( newi.bv_val, out->bv_len + 1, ctx );
if( out->bv_val == NULL ) {
sl_free( newi.bv_val, ctx );
return LDAP_OTHER;
}
/* push issuer over */
AC_MEMCPY( &out->bv_val[sn.bv_len+1], newi.bv_val, newi.bv_len );
/* insert sn and "$" */
AC_MEMCPY( out->bv_val, sn.bv_val, sn.bv_len );
out->bv_val[sn.bv_len] = '$';
/* terminate */
out->bv_val[out->bv_len] = '\0';
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ARGS, "<<< serialNumberAndIssuerNormalize: <%s>\n",
out->bv_val, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE, "<<< serialNumberAndIssuerNormalize: <%s>\n",
out->bv_val, 0, 0 );
#endif
return rc;
}
#ifdef HAVE_TLS
#include <openssl/x509.h>
#include <openssl/err.h>
/*
* Next function returns a string representation of a ASN1_INTEGER.
* It works for unlimited lengths.
*/
static struct berval *
asn1_integer2str(ASN1_INTEGER *a, struct berval *bv)
{
char buf[256];
char *p;
static char digit[] = "0123456789";
/* We work backwards, make it fill from the end of buf */
p = buf + sizeof(buf) - 1;
*p = '\0';
if ( a == NULL || a->length == 0 ) {
*--p = '0';
} else {
int i;
int n = a->length;
int base = 0;
unsigned int *copy;
/* We want to preserve the original */
copy = ch_malloc(n*sizeof(unsigned int));
for (i = 0; i<n; i++) {
copy[i] = a->data[i];
}
/*
* base indicates the index of the most significant
* byte that might be nonzero. When it goes off the
* end, we now there is nothing left to do.
*/
while (base < n) {
unsigned int carry;
carry = 0;
for (i = base; i<n; i++ ) {
copy[i] += carry*256;
carry = copy[i] % 10;
copy[i] /= 10;
}
if (p <= buf+1) {
/*
* Way too large, we need to leave
* room for sign if negative
*/
free(copy);
return NULL;
}
*--p = digit[carry];
if (copy[base] == 0) base++;
}
free(copy);
}
if ( a->type == V_ASN1_NEG_INTEGER ) {
*--p = '-';
}
return ber_str2bv( p, 0, 1, bv );
}
/*
* Given a certificate in DER format, extract the corresponding
* assertion value for certificateExactMatch
*/
static int
certificateExactConvert(
struct berval * in,
struct berval * out )
{
int rc;
X509 *xcert;
unsigned char *p = in->bv_val;
struct berval serial;
struct berval issuer_dn;
xcert = d2i_X509(NULL, &p, in->bv_len);
if ( !xcert ) {
#ifdef NEW_LOGGING
LDAP_LOG( CONFIG, ENTRY,
"certificateExactConvert: error parsing cert: %s\n",
ERR_error_string(ERR_get_error(),NULL), 0, 0 );
#else
Debug( LDAP_DEBUG_ARGS, "certificateExactConvert: "
"error parsing cert: %s\n",
ERR_error_string(ERR_get_error(),NULL), NULL, NULL );
#endif
return LDAP_INVALID_SYNTAX;
}
if ( !asn1_integer2str(xcert->cert_info->serialNumber, &serial) ) {
X509_free(xcert);
return LDAP_INVALID_SYNTAX;
}
rc = dnX509normalize( X509_get_issuer_name(xcert), &issuer_dn );
if( rc != LDAP_SUCCESS ) {
X509_free(xcert);
ber_memfree(serial.bv_val);
return LDAP_INVALID_SYNTAX;
}
X509_free(xcert);
out->bv_len = serial.bv_len + issuer_dn.bv_len + sizeof(" $ ");
out->bv_val = ch_malloc(out->bv_len);
p = out->bv_val;
AC_MEMCPY(p, serial.bv_val, serial.bv_len);
p += serial.bv_len;
AC_MEMCPY(p, " $ ", sizeof(" $ ")-1);
p += 3;
AC_MEMCPY(p, issuer_dn.bv_val, issuer_dn.bv_len);
p += issuer_dn.bv_len;
*p++ = '\0';
#ifdef NEW_LOGGING
LDAP_LOG( CONFIG, ARGS, "certificateExactConvert: %s\n",
out->bv_val, 0, 0 );
#else
Debug( LDAP_DEBUG_ARGS, "certificateExactConvert: %s\n",
out->bv_val, NULL, NULL );
#endif
ber_memfree(serial.bv_val);
ber_memfree(issuer_dn.bv_val);
return LDAP_SUCCESS;
}
static int
certificateExactNormalize(
slap_mask_t usage,
@ -2078,16 +2196,60 @@ certificateExactNormalize(
struct berval *normalized,
void *ctx )
{
int rc;
int rc = LDAP_INVALID_SYNTAX;
unsigned char *p;
char *serial = NULL;
ber_len_t seriallen;
struct berval issuer_dn = { 0, NULL };
X509_NAME *name = NULL;
ASN1_INTEGER *sn = NULL;
X509 *xcert = NULL;
if( SLAP_MR_IS_VALUE_OF_ASSERTION_SYNTAX( usage ) ) {
rc = serialNumberAndIssuerNormalize( usage, syntax, mr,
val, normalized, ctx );
if( val->bv_len == 0 ) goto done;
} else {
rc = certificateExactConvert( val, normalized );
if( SLAP_MR_IS_VALUE_OF_ASSERTION_SYNTAX(usage) ) {
return serialNumberAndIssuerNormalize(0,NULL,NULL,val,normalized,ctx);
}
assert( SLAP_MR_IS_VALUE_OF_ATTRIBUTE_SYNTAX(usage) );
p = val->bv_val;
xcert = d2i_X509( NULL, &p, val->bv_len);
if( xcert == NULL ) goto done;
sn=X509_get_serialNumber(xcert);
if ( sn == NULL ) goto done;
serial=i2s_ASN1_INTEGER(0, sn );
if( serial == NULL ) goto done;
seriallen=strlen(serial);
name=X509_get_issuer_name(xcert);
if( name == NULL ) goto done;
rc = dnX509normalize( name, &issuer_dn );
if( rc != LDAP_SUCCESS ) goto done;
normalized->bv_len = seriallen + issuer_dn.bv_len + 1;
p = normalized->bv_val = ch_malloc(normalized->bv_len+1);
AC_MEMCPY(p, serial, seriallen);
p += seriallen;
*p++ = '$';
AC_MEMCPY(p, issuer_dn.bv_val, issuer_dn.bv_len);
p += issuer_dn.bv_len;
*p = '\0';
#ifdef NEW_LOGGING
LDAP_LOG( CONFIG, ARGS, "certificateExactNormalize: %s\n",
normalized->bv_val, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE, "certificateExactNormalize: %s\n",
normalized->bv_val, NULL, NULL );
#endif
done:
if (xcert) X509_free(xcert);
if (serial) ch_free(serial);
if (issuer_dn.bv_val) ber_memfree(issuer_dn.bv_val);
return rc;
}
#endif /* HAVE_TLS */
@ -2553,13 +2715,13 @@ static slap_syntax_defs_rec syntax_defs[] = {
0, booleanValidate, NULL},
{"( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' "
X_BINARY X_NOT_H_R ")",
SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, berValidate, NULL},
SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, certificateValidate, NULL},
{"( 1.3.6.1.4.1.1466.115.121.1.9 DESC 'Certificate List' "
X_BINARY X_NOT_H_R ")",
SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, berValidate, NULL},
SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, sequenceValidate, NULL},
{"( 1.3.6.1.4.1.1466.115.121.1.10 DESC 'Certificate Pair' "
X_BINARY X_NOT_H_R ")",
SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, berValidate, NULL},
SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, sequenceValidate, NULL},
{"( 1.3.6.1.4.1.1466.115.121.1.11 DESC 'Country String' )",
0, countryStringValidate, NULL},
{"( 1.3.6.1.4.1.1466.115.121.1.12 DESC 'Distinguished Name' )",
@ -2659,16 +2821,14 @@ static slap_syntax_defs_rec syntax_defs[] = {
{"( 1.3.6.1.1.1.0.1 DESC 'RFC2307 Boot Parameter' )",
0, bootParameterValidate, NULL},
/* From PKIX */
/* These OIDs are not published yet, but will be in the next
* I-D for PKIX LDAPv3 schema as have been advanced by David
* Chadwick in private mail.
*/
{"( 1.2.826.0.1.3344810.7.1 DESC 'Serial Number and Issuer' )",
0, serialNumberAndIssuerValidate, NULL},
/* From PKIX *//* This OID is not published yet. */
{"( 1.2.826.0.1.3344810.7.1 DESC 'Certificate Serial Number and Issuer' )",
SLAP_SYNTAX_HIDE,
serialNumberAndIssuerValidate,
serialNumberAndIssuerPretty},
/* OpenLDAP Experimental Syntaxes */
#ifdef SLAPD_ACI_ENABLED
/* OpenLDAP Experimental Syntaxes */
{"( 1.3.6.1.4.1.4203.666.2.1 DESC 'OpenLDAP Experimental ACI' )",
SLAP_SYNTAX_HIDE,
UTF8StringValidate /* THIS WILL CHANGE FOR NEW ACI SYNTAX */,
@ -2681,18 +2841,19 @@ static slap_syntax_defs_rec syntax_defs[] = {
SLAP_SYNTAX_HIDE, NULL, NULL},
#endif
{"( 1.3.6.1.4.1.4203.666.2.6 DESC 'UUID' )",
SLAP_SYNTAX_HIDE, UUIDValidate, NULL},
/* OpenLDAP Void Syntax */
{"( 1.3.6.1.4.1.4203.1.1.1 DESC 'OpenLDAP void' )" ,
SLAP_SYNTAX_HIDE, inValidate, NULL},
{NULL, 0, NULL, NULL}
};
#ifdef HAVE_TLS
char *certificateExactMatchSyntaxes[] = {
"1.3.6.1.4.1.1466.115.121.1.8" /* certificate */,
NULL
};
#endif
char *directoryStringSyntaxes[] = {
"1.3.6.1.4.1.1466.115.121.1.44" /* printableString */,
NULL
@ -2723,7 +2884,6 @@ char *objectIdentifierFirstComponentMatchSyntaxes[] = {
* 2.5.13.31 directoryStringFirstComponentMatch
* 2.5.13.32 wordMatch
* 2.5.13.33 keywordMatch
* 2.5.13.35 certificateMatch
* 2.5.13.36 certificatePairExactMatch
* 2.5.13.37 certificatePairMatch
* 2.5.13.38 certificateListExactMatch
@ -2949,14 +3109,27 @@ static slap_mrule_defs_rec mrule_defs[] = {
octetStringIndexer, octetStringFilter,
NULL },
#ifdef HAVE_TLS
{"( 2.5.13.34 NAME 'certificateExactMatch' "
"SYNTAX 1.2.826.0.1.3344810.7.1 )",
SLAP_MR_EQUALITY | SLAP_MR_EXT, certificateExactMatchSyntaxes,
#ifdef HAVE_TLS
NULL, certificateExactNormalize, octetStringMatch,
octetStringIndexer, octetStringFilter,
NULL },
#else
NULL, NULL, NULL, NULL, NULL,
#endif
NULL },
{"( 2.5.13.35 NAME 'certificateMatch' "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )",
SLAP_MR_EQUALITY | SLAP_MR_EXT, NULL,
#ifdef HAVE_TLS
NULL, NULL, octetStringMatch,
octetStringIndexer, octetStringFilter,
#else
NULL, NULL, NULL, NULL, NULL,
#endif
NULL },
{"( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )",
@ -3019,6 +3192,20 @@ static slap_mrule_defs_rec mrule_defs[] = {
NULL, NULL,
"integerMatch" },
{"( 1.3.6.1.4.1.4203.666.4.6 NAME 'UUIDMatch' "
"SYNTAX 1.3.6.1.4.1.4203.666.2.6 )",
SLAP_MR_HIDE | SLAP_MR_EQUALITY, NULL,
NULL, UUIDNormalize, octetStringMatch,
octetStringIndexer, octetStringFilter,
NULL},
{"( 1.3.6.1.4.1.4203.666.4.7 NAME 'UUIDOrderingMatch' "
"SYNTAX 1.3.6.1.4.1.4203.666.2.6 )",
SLAP_MR_HIDE | SLAP_MR_ORDERING, NULL,
NULL, UUIDNormalize, octetStringOrderingMatch,
octetStringIndexer, octetStringFilter,
"UUIDMatch"},
{NULL, SLAP_MR_NONE, NULL,
NULL, NULL, NULL, NULL, NULL,
NULL }

13
servers/slapd/schema_prep.c
View file

@ -1,4 +1,4 @@
/* schema_init.c - init builtin schema */
/* schema_prep.c - load builtin schema */
/* $OpenLDAP$ */
/*
* Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
@ -368,8 +368,9 @@ static struct slap_schema_ad_map {
{ "entryUUID", "( 1.3.6.1.4.1.4203.666.1.6 NAME 'entryUUID' "
"DESC 'UUID of the entry' "
"EQUALITY octetStringMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64} "
"EQUALITY UUIDMatch "
"ORDERING UUIDOrderingMatch "
"SYNTAX 1.3.6.1.4.1.4203.666.2.6 "
"SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
NULL, SLAP_AT_HIDE,
NULL, NULL,
@ -422,7 +423,7 @@ static struct slap_schema_ad_map {
"DESC 'syncrepl Cookie for shadow copy' "
"EQUALITY octetStringMatch "
"ORDERING octetStringOrderingMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64} "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 "
"SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
NULL, SLAP_AT_HIDE,
NULL, NULL,
@ -434,7 +435,7 @@ static struct slap_schema_ad_map {
"DESC 'the largest committed CSN of a context' "
"EQUALITY octetStringMatch "
"ORDERING octetStringOrderingMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64} "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 "
"SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
NULL, SLAP_AT_HIDE,
NULL, NULL,
@ -682,7 +683,7 @@ static struct slap_schema_ad_map {
"EQUALITY OpenLDAPaciMatch "
"SYNTAX 1.3.6.1.4.1.4203.666.2.1 "
"USAGE directoryOperation )",
NULL, 0,
NULL, SLAP_AT_HIDE,
NULL, NULL,
NULL, NULL, NULL, NULL, NULL,
offsetof(struct slap_internal_schema, si_ad_aci) },

6
servers/slapd/schemaparse.c
View file

@ -45,7 +45,7 @@ static char *const err2text[] = {
"OID could not be expanded",
"Duplicate Content Rule",
"Content Rule not for STRUCTURAL object class",
"Content Rule AUX contains non-AUXILIARY object class"
"Content Rule AUX contains inappropriate object class",
"Content Rule attribute type list contains duplicate"
};
@ -96,8 +96,6 @@ dscompare(const char *s1, const char *s2, char delim)
return 0;
}
#ifdef SLAP_EXTENDED_SCHEMA
static void
cr_usage( void )
{
@ -153,8 +151,6 @@ parse_cr(
return 0;
}
#endif
int
parse_oc(
const char *fname,

57
servers/slapd/search.c
View file

@ -159,7 +159,7 @@ do_search(
/* attributes */
siz = sizeof(AttributeName);
off = 0;
off = offsetof(AttributeName,an_name);
if ( ber_scanf( op->o_ber, "{M}}", &op->ors_attrs, &siz, off ) == LBER_ERROR ) {
send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding attrs error" );
rs->sr_err = SLAPD_DISCONNECT;
@ -245,7 +245,8 @@ do_search(
manageDSAit = get_manageDSAit( op );
if ( op->ors_scope == LDAP_SCOPE_BASE ) {
/* fake while loop to allow breaking out */
while ( op->ors_scope == LDAP_SCOPE_BASE ) {
Entry *entry = NULL;
if ( op->o_req_ndn.bv_len == 0 ) {
@ -262,16 +263,15 @@ do_search(
}
#ifdef LDAP_SLAPI
attrs = anlist2charray( op, op->ors_attrs );
initSearchPlugin( op, attrs, manageDSAit );
rs->sr_err = doPreSearchPluginFNs( op );
if ( rs->sr_err == LDAP_SUCCESS ) {
if ( op->o_pb ) {
attrs = anlist2charray( op, op->ors_attrs );
initSearchPlugin( op, attrs, manageDSAit );
rs->sr_err = doPreSearchPluginFNs( op );
if ( rs->sr_err ) break;
doSearchRewriteFNs( op );
#endif /* LDAP_SLAPI */
rs->sr_err = root_dse_info( op->o_conn, &entry, &rs->sr_text );
#ifdef LDAP_SLAPI
}
#endif /* LDAP_SLAPI */
rs->sr_err = root_dse_info( op->o_conn, &entry, &rs->sr_text );
} else if ( bvmatch( &op->o_req_ndn, &global_schemandn ) ) {
/* check restrictions */
@ -281,22 +281,21 @@ do_search(
}
#ifdef LDAP_SLAPI
attrs = anlist2charray( op, op->ors_attrs );
initSearchPlugin( op, attrs, manageDSAit );
rs->sr_err = doPreSearchPluginFNs( op );
if ( rs->sr_err == LDAP_SUCCESS ) {
if ( op->o_pb ) {
attrs = anlist2charray( op, op->ors_attrs );
initSearchPlugin( op, attrs, manageDSAit );
rs->sr_err = doPreSearchPluginFNs( op );
if ( rs->sr_err ) break;
doSearchRewriteFNs( op );
#endif /* LDAP_SLAPI */
rs->sr_err = schema_info( &entry, &rs->sr_text );
#ifdef LDAP_SLAPI
}
#endif /* LDAP_SLAPI */
rs->sr_err = schema_info( &entry, &rs->sr_text );
}
if( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
#ifdef LDAP_SLAPI
doPostSearchPluginFNs( op );
if ( op->o_pb ) doPostSearchPluginFNs( op );
#endif /* LDAP_SLAPI */
goto return_results;
@ -314,10 +313,11 @@ do_search(
rs->sr_err = LDAP_SUCCESS;
send_ldap_result( op, rs );
#ifdef LDAP_SLAPI
doPostSearchPluginFNs( op );
if ( op->o_pb ) doPostSearchPluginFNs( op );
#endif /* LDAP_SLAPI */
goto return_results;
}
break;
}
if( !op->o_req_ndn.bv_len && default_search_nbase.bv_len ) {
@ -372,14 +372,16 @@ do_search(
}
#ifdef LDAP_SLAPI
attrs = anlist2charray( op, op->ors_attrs );
initSearchPlugin( op, attrs, manageDSAit );
rs->sr_err = doPreSearchPluginFNs( op );
if ( rs->sr_err != LDAP_SUCCESS ) {
goto return_results;
}
if ( op->o_pb ) {
attrs = anlist2charray( op, op->ors_attrs );
initSearchPlugin( op, attrs, manageDSAit );
rs->sr_err = doPreSearchPluginFNs( op );
if ( rs->sr_err != LDAP_SUCCESS ) {
goto return_results;
}
doSearchRewriteFNs( op );
doSearchRewriteFNs( op );
}
#endif /* LDAP_SLAPI */
/* actually do the search and send the result(s) */
@ -391,7 +393,7 @@ do_search(
}
#ifdef LDAP_SLAPI
doPostSearchPluginFNs( op );
if ( op->o_pb ) doPostSearchPluginFNs( op );
#endif /* LDAP_SLAPI */
return_results:;
@ -399,6 +401,9 @@ return_results:;
if ( ( op->o_sync_mode & SLAP_SYNC_PERSIST ) )
return rs->sr_err;
if ( ( op->o_sync_slog_size != -1 ) )
return rs->sr_err;
if( op->o_req_dn.bv_val != NULL) sl_free( op->o_req_dn.bv_val, op->o_tmpmemctx );
if( op->o_req_ndn.bv_val != NULL) sl_free( op->o_req_ndn.bv_val, op->o_tmpmemctx );

Some files were not shown because too many files have changed in this diff Show more