upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-05-28 04:35:57 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Sync with HEAD

Browse source
This commit is contained in:
Kurt Zeilenga 2005-11-03 19:02:53 +00:00
parent 29fb43d839
commit c7686180b5
117 changed files with 4968 additions and 2553 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
CHANGES
View file

@ -1,6 +1,13 @@
OpenLDAP 2.3 Change Log
OpenLDAP 2.3.12 Engineering
Fixed libldap ldapi:// authdn construction
Added libldap ldap_bv2escaped_filter_value
Updated contrib smbk5pwd module
Build environment
Added slapd-bind test program
Added inet_ntoa_b support for VxWorks
Dropped SSLeay support
OpenLDAP 2.3.11 Release
Fixed libldap reentrancy issue (ITS#3988)

172
aclocal.m4 vendored
View file

@ -621,7 +621,7 @@ rm="rm -f"
default_ofile=libtool
can_build_shared=yes
# All known linkers require a `.a' archive for static linking (except M$VC,
# All known linkers require a `.a' archive for static linking (except MSVC,
# which needs '.lib').
libext=a
ltmain="$ac_aux_dir/ltmain.sh"
@ -837,8 +837,8 @@ if test "X${echo_test_string+set}" != Xset; then
# find a string as large as possible, as long as the shell can cope with it
for cmd in 'sed 50q "[$]0"' 'sed 20q "[$]0"' 'sed 10q "[$]0"' 'sed 2q "[$]0"' 'echo test'; do
# expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ...
if (echo_test_string="`eval $cmd`") 2>/dev/null &&
echo_test_string="`eval $cmd`" &&
if (echo_test_string=`eval $cmd`) 2>/dev/null &&
echo_test_string=`eval $cmd` &&
(test "X$echo_test_string" = "X$echo_test_string") 2>/dev/null
then
break
@ -1007,7 +1007,7 @@ x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*|s390*-*linux*|sparc*-*linux*)
# Find out which ABI we are using.
echo 'int i;' > conftest.$ac_ext
if AC_TRY_EVAL(ac_compile); then
case "`/usr/bin/file conftest.o`" in
case `/usr/bin/file conftest.o` in
*32-bit*)
case $host in
x86_64-*linux*)
@ -1089,7 +1089,7 @@ AC_CACHE_CHECK([$1], [$2],
# with a dollar sign (not a hyphen), so the echo should work correctly.
# The option is referenced via a variable to avoid confusing sed.
lt_compile=`echo "$ac_compile" | $SED \
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
@ -1128,7 +1128,7 @@ AC_DEFUN([AC_LIBTOOL_LINKER_OPTION],
LDFLAGS="$LDFLAGS $3"
printf "$lt_simple_link_test_code" > conftest.$ac_ext
if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
# The compiler can only warn and ignore the option if not recognized
# The linker can only warn and ignore the option if not recognized
# So say no if there are warnings
if test -s conftest.err; then
# Append any errors to the config.log.
@ -1203,7 +1203,7 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
elif test -x /usr/sbin/sysctl; then
lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
else
lt_cv_sys_max_cmd_len=65536 # usable default for *BSD
lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs
fi
# And add a safety zone
lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
@ -1215,7 +1215,7 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
# nice to cause kernel panics so lets avoid the loop below.
# First set a reasonable default.
lt_cv_sys_max_cmd_len=16384
#
#
if test -x /sbin/sysconfig; then
case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
*1*) lt_cv_sys_max_cmd_len=-1 ;;
@ -1332,7 +1332,7 @@ int main ()
}]
EOF
if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext} 2>/dev/null; then
(./conftest; exit; ) 2>/dev/null
(./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null
lt_status=$?
case x$lt_status in
x$lt_dlno_uscore) $1 ;;
@ -1481,7 +1481,7 @@ AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext],
# Note that $ac_compile itself does not contain backslashes and begins
# with a dollar sign (not a hyphen), so the echo should work correctly.
lt_compile=`echo "$ac_compile" | $SED \
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
@ -1499,7 +1499,7 @@ AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext],
_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
fi
fi
chmod u+w .
chmod u+w . 2>&AS_MESSAGE_LOG_FD
$rm conftest*
# SGI C++ compiler will create directory out/ii_files/ for
# template instantiation
@ -1759,7 +1759,8 @@ cygwin* | mingw* | pw32*)
dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~
dldir=$destdir/`dirname \$dlpath`~
test -d \$dldir || mkdir -p \$dldir~
$install_prog $dir/$dlname \$dldir/$dlname'
$install_prog $dir/$dlname \$dldir/$dlname~
chmod a+x \$dldir/$dlname'
postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
dlpath=$dir/\$dldll~
$rm \$dlpath'
@ -1812,7 +1813,7 @@ darwin* | rhapsody*)
soname_spec='${libname}${release}${major}$shared_ext'
shlibpath_overrides_runpath=yes
shlibpath_var=DYLD_LIBRARY_PATH
shrext_cmds='$(test .$module = .yes && echo .so || echo .dylib)'
shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
# Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same.
if test "$GCC" = yes; then
sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"`
@ -1850,7 +1851,14 @@ kfreebsd*-gnu)
freebsd* | dragonfly*)
# DragonFly does not have aout. When/if they implement a new
# versioning mechanism, adjust this.
objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout`
if test -x /usr/bin/objformat; then
objformat=`/usr/bin/objformat`
else
case $host_os in
freebsd[[123]]*) objformat=aout ;;
*) objformat=elf ;;
esac
fi
version_type=freebsd-$objformat
case $version_type in
freebsd-elf*)
@ -1895,7 +1903,7 @@ hpux9* | hpux10* | hpux11*)
version_type=sunos
need_lib_prefix=no
need_version=no
case "$host_cpu" in
case $host_cpu in
ia64*)
shrext_cmds='.so'
hardcode_into_libs=yes
@ -2291,7 +2299,7 @@ AC_DEFUN([AC_LIBTOOL_DLOPEN],
# AC_LIBTOOL_WIN32_DLL
# --------------------
# declare package support for building win32 dll's
# declare package support for building win32 DLLs
AC_DEFUN([AC_LIBTOOL_WIN32_DLL],
[AC_BEFORE([$0], [AC_LIBTOOL_SETUP])
])# AC_LIBTOOL_WIN32_DLL
@ -2465,7 +2473,7 @@ dnl not every word. This closes a longstanding sh security hole.
if test -n "$file_magic_test_file"; then
case $deplibs_check_method in
"file_magic "*)
file_magic_regex="`expr \"$deplibs_check_method\" : \"file_magic \(.*\)\"`"
file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
$EGREP "$file_magic_regex" > /dev/null; then
@ -2575,7 +2583,7 @@ AC_CACHE_VAL(lt_cv_path_LD,
if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
lt_cv_path_LD="$ac_dir/$ac_prog"
# Check to see if the program is GNU ld. I'd rather use --version,
# but apparently some GNU ld's only accept -v.
# but apparently some variants of GNU ld only accept -v.
# Break only if it was the GNU/non-GNU ld that we prefer.
case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
*GNU* | *'with BFD'*)
@ -2607,7 +2615,7 @@ AC_PROG_LD_GNU
AC_DEFUN([AC_PROG_LD_GNU],
[AC_REQUIRE([AC_PROG_EGREP])dnl
AC_CACHE_CHECK([if the linker ($LD) is GNU ld], lt_cv_prog_gnu_ld,
[# I'd rather use --version here, but apparently some GNU ld's only accept -v.
[# I'd rather use --version here, but apparently some GNU lds only accept -v.
case `$LD -v 2>&1 </dev/null` in
*GNU* | *'with BFD'*)
lt_cv_prog_gnu_ld=yes
@ -2721,7 +2729,7 @@ gnu*)
hpux10.20* | hpux11*)
lt_cv_file_magic_cmd=/usr/bin/file
case "$host_cpu" in
case $host_cpu in
ia64*)
lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64'
lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
@ -2895,13 +2903,13 @@ esac
# -----------------------------------
# sets LIBLTDL to the link flags for the libltdl convenience library and
# LTDLINCL to the include flags for the libltdl header and adds
# --enable-ltdl-convenience to the configure arguments. Note that LIBLTDL
# and LTDLINCL are not AC_SUBSTed, nor is AC_CONFIG_SUBDIRS called. If
# DIRECTORY is not provided, it is assumed to be `libltdl'. LIBLTDL will
# be prefixed with '${top_builddir}/' and LTDLINCL will be prefixed with
# '${top_srcdir}/' (note the single quotes!). If your package is not
# flat and you're not using automake, define top_builddir and
# top_srcdir appropriately in the Makefiles.
# --enable-ltdl-convenience to the configure arguments. Note that
# AC_CONFIG_SUBDIRS is not called here. If DIRECTORY is not provided,
# it is assumed to be `libltdl'. LIBLTDL will be prefixed with
# '${top_builddir}/' and LTDLINCL will be prefixed with '${top_srcdir}/'
# (note the single quotes!). If your package is not flat and you're not
# using automake, define top_builddir and top_srcdir appropriately in
# the Makefiles.
AC_DEFUN([AC_LIBLTDL_CONVENIENCE],
[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
case $enable_ltdl_convenience in
@ -2920,13 +2928,13 @@ AC_DEFUN([AC_LIBLTDL_CONVENIENCE],
# -----------------------------------
# sets LIBLTDL to the link flags for the libltdl installable library and
# LTDLINCL to the include flags for the libltdl header and adds
# --enable-ltdl-install to the configure arguments. Note that LIBLTDL
# and LTDLINCL are not AC_SUBSTed, nor is AC_CONFIG_SUBDIRS called. If
# DIRECTORY is not provided and an installed libltdl is not found, it is
# assumed to be `libltdl'. LIBLTDL will be prefixed with '${top_builddir}/'
# and LTDLINCL will be prefixed with '${top_srcdir}/' (note the single
# quotes!). If your package is not flat and you're not using automake,
# define top_builddir and top_srcdir appropriately in the Makefiles.
# --enable-ltdl-install to the configure arguments. Note that
# AC_CONFIG_SUBDIRS is not called here. If DIRECTORY is not provided,
# and an installed libltdl is not found, it is assumed to be `libltdl'.
# LIBLTDL will be prefixed with '${top_builddir}/'# and LTDLINCL with
# '${top_srcdir}/' (note the single quotes!). If your package is not
# flat and you're not using automake, define top_builddir and top_srcdir
# appropriately in the Makefiles.
# In the future, this macro may have to be called after AC_PROG_LIBTOOL.
AC_DEFUN([AC_LIBLTDL_INSTALLABLE],
[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
@ -3105,7 +3113,7 @@ test "$can_build_shared" = "no" && enable_shared=no
# On AIX, shared libraries and static libraries use the same namespace, and
# are all built from PIC.
case "$host_os" in
case $host_os in
aix3*)
test "$enable_shared" = yes && enable_static=no
if test -n "$RANLIB"; then
@ -3172,7 +3180,7 @@ _LT_AC_TAGVAR(postdeps, $1)=
_LT_AC_TAGVAR(compiler_lib_search_path, $1)=
# Source file extension for C++ test sources.
ac_ext=cc
ac_ext=cpp
# Object file extension for compiled C++ test sources.
objext=o
@ -3388,7 +3396,7 @@ case $host_os in
# Exported symbols can be pulled into shared objects from archives
_LT_AC_TAGVAR(whole_archive_flag_spec, $1)=' '
_LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes
# This is similar to how AIX traditionally builds it's shared libraries.
# This is similar to how AIX traditionally builds its shared libraries.
_LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags ${wl}-bE:$export_symbols ${wl}-bnoentry${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
fi
fi
@ -3427,7 +3435,7 @@ case $host_os in
fi
;;
darwin* | rhapsody*)
case "$host_os" in
case $host_os in
rhapsody* | darwin1.[[012]])
_LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}suppress'
;;
@ -3465,7 +3473,7 @@ case $host_os in
_LT_AC_TAGVAR(archive_cmds, $1)='$CC -r -keep_private_externs -nostdlib -o ${lib}-master.o $libobjs~$CC -dynamiclib $allow_undefined_flag -o $lib ${lib}-master.o $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
fi
_LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
# Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin ld's
# Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
if test "X$lt_int_apple_cc_single_mod" = Xyes ; then
_LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib -single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
else
@ -3478,7 +3486,7 @@ case $host_os in
output_verbose_link_cmd='echo'
_LT_AC_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring'
_LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
# Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin ld's
# Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
_LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
_LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
;;
@ -3558,7 +3566,7 @@ case $host_os in
;;
hpux10*|hpux11*)
if test $with_gnu_ld = no; then
case "$host_cpu" in
case $host_cpu in
hppa*64*)
_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
_LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir'
@ -3574,7 +3582,7 @@ case $host_os in
;;
esac
fi
case "$host_cpu" in
case $host_cpu in
hppa*64*)
_LT_AC_TAGVAR(hardcode_direct, $1)=no
_LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
@ -3600,7 +3608,7 @@ case $host_os in
_LT_AC_TAGVAR(ld_shlibs, $1)=no
;;
aCC*)
case "$host_cpu" in
case $host_cpu in
hppa*64*|ia64*)
_LT_AC_TAGVAR(archive_cmds, $1)='$LD -b +h $soname -o $lib $linker_flags $libobjs $deplibs'
;;
@ -3621,7 +3629,7 @@ case $host_os in
*)
if test "$GXX" = yes; then
if test $with_gnu_ld = no; then
case "$host_cpu" in
case $host_cpu in
ia64*|hppa*64*)
_LT_AC_TAGVAR(archive_cmds, $1)='$LD -b +h $soname -o $lib $linker_flags $libobjs $deplibs'
;;
@ -3722,7 +3730,7 @@ case $host_os in
_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir'
_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
_LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive,`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
_LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
;;
cxx*)
# Compaq C++
@ -3954,10 +3962,11 @@ case $host_os in
case $cc_basename in
CC*)
# Sun C++ 4.2, 5.x and Centerline C++
_LT_AC_TAGVAR(archive_cmds_need_lc,$1)=yes
_LT_AC_TAGVAR(no_undefined_flag, $1)=' -zdefs'
_LT_AC_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -nolib -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
_LT_AC_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
$CC -G${allow_undefined_flag} -nolib ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp'
$CC -G${allow_undefined_flag} ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp'
_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
_LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
@ -3977,15 +3986,7 @@ case $host_os in
esac
_LT_AC_TAGVAR(link_all_deplibs, $1)=yes
# Commands to make compiler produce verbose output that lists
# what "hidden" libraries, object files and flags are used when
# linking a shared library.
#
# There doesn't appear to be a way to prevent this compiler from
# explicitly linking system object files so we need to strip them
# from the output so that they don't get included in the library
# dependencies.
output_verbose_link_cmd='templist=`$CC -G $CFLAGS -v conftest.$objext 2>&1 | grep "\-[[LR]]"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
output_verbose_link_cmd='echo'
# Archives containing C++ object files must be created using
# "CC -xar", where "CC" is the Sun C++ compiler. This is
@ -4142,7 +4143,7 @@ if AC_TRY_EVAL(ac_compile); then
# The `*' in the case matches for architectures that use `case' in
# $output_verbose_cmd can trigger glob expansion during the loop
# eval without this substitution.
output_verbose_link_cmd="`$echo \"X$output_verbose_link_cmd\" | $Xsed -e \"$no_glob_subst\"`"
output_verbose_link_cmd=`$echo "X$output_verbose_link_cmd" | $Xsed -e "$no_glob_subst"`
for p in `eval $output_verbose_link_cmd`; do
case $p in
@ -4218,6 +4219,21 @@ fi
$rm -f confest.$objext
# PORTME: override above test on systems where it is broken
ifelse([$1],[CXX],
[case $host_os in
solaris*)
case $cc_basename in
CC*)
# Adding this requires a known-good setup of shared libraries for
# Sun compiler versions before 5.6, else PIC objects from an old
# archive will be linked into the output, leading to subtle bugs.
_LT_AC_TAGVAR(postdeps,$1)='-lCstd -lCrun'
;;
esac
esac
])
case " $_LT_AC_TAGVAR(postdeps, $1) " in
*" -lc "*) _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no ;;
esac
@ -4287,7 +4303,7 @@ test "$can_build_shared" = "no" && enable_shared=no
# On AIX, shared libraries and static libraries use the same namespace, and
# are all built from PIC.
case "$host_os" in
case $host_os in
aix3*)
test "$enable_shared" = yes && enable_static=no
if test -n "$RANLIB"; then
@ -5186,7 +5202,7 @@ AC_MSG_CHECKING([for $compiler option to produce PIC])
hpux*)
# PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
# not for PA HP-UX.
case "$host_cpu" in
case $host_cpu in
hppa*64*|ia64*)
;;
*)
@ -5255,7 +5271,7 @@ AC_MSG_CHECKING([for $compiler option to produce PIC])
aCC*)
_LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
_LT_AC_TAGVAR(lt_prog_compiler_static, $1)="${ac_cv_prog_cc_wl}-a ${ac_cv_prog_cc_wl}archive"
case "$host_cpu" in
case $host_cpu in
hppa*64*|ia64*)
# +Z the default
;;
@ -5296,7 +5312,7 @@ AC_MSG_CHECKING([for $compiler option to produce PIC])
# Portland Group C++ compiler.
_LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
_LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static'
_LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
;;
cxx*)
# Compaq C++
@ -5460,7 +5476,7 @@ AC_MSG_CHECKING([for $compiler option to produce PIC])
hpux*)
# PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
# not for PA HP-UX.
case "$host_cpu" in
case $host_cpu in
hppa*64*|ia64*)
# +Z the default
;;
@ -5507,7 +5523,7 @@ AC_MSG_CHECKING([for $compiler option to produce PIC])
_LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
# PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
# not for PA HP-UX.
case "$host_cpu" in
case $host_cpu in
hppa*64*|ia64*)
# +Z the default
;;
@ -5537,12 +5553,12 @@ AC_MSG_CHECKING([for $compiler option to produce PIC])
_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
_LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static'
;;
pgcc* | pgf77* | pgf90*)
pgcc* | pgf77* | pgf90* | pgf95*)
# Portland Group compilers (*not* the Pentium gcc compiler,
# which looks to be a dead project)
_LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
_LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static'
_LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
;;
ccc*)
_LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
@ -5625,7 +5641,7 @@ if test -n "$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)"; then
[_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=
_LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no])
fi
case "$host_os" in
case $host_os in
# For platforms which do not support PIC, -DPIC is meaningless:
*djgpp*)
_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=
@ -5721,7 +5737,7 @@ ifelse([$1],[CXX],[
if test "$with_gnu_ld" = yes; then
# If archive_cmds runs LD, not CC, wlarc should be empty
wlarc='${wl}'
# Set some defaults for GNU ld with shared library support. These
# are reset later if shared libraries are not supported. Putting them
# here allows them to be overridden if necessary.
@ -5742,7 +5758,7 @@ ifelse([$1],[CXX],[
*\ 2.11.*) ;; # other 2.11 versions
*) supports_anon_versioning=yes ;;
esac
# See if GNU ld supports shared libraries.
case $host_os in
aix3* | aix4* | aix5*)
@ -5816,11 +5832,11 @@ EOF
tmp_addflag=
case $cc_basename,$host_cpu in
pgcc*) # Portland Group C compiler
_LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive,`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
_LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
tmp_addflag=' $pic_flag'
;;
pgf77* | pgf90* ) # Portland Group f77 and f90 compilers
_LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive,`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers
_LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
tmp_addflag=' $pic_flag -Mnomain' ;;
ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64
tmp_addflag=' -i_dynamic' ;;
@ -6026,7 +6042,7 @@ EOF
# Exported symbols can be pulled into shared objects from archives
_LT_AC_TAGVAR(whole_archive_flag_spec, $1)=' '
_LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes
# This is similar to how AIX traditionally builds it's shared libraries.
# This is similar to how AIX traditionally builds its shared libraries.
_LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags ${wl}-bE:$export_symbols ${wl}-bnoentry${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
fi
fi
@ -6066,7 +6082,7 @@ EOF
;;
darwin* | rhapsody*)
case "$host_os" in
case $host_os in
rhapsody* | darwin1.[[012]])
_LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}suppress'
;;
@ -6095,7 +6111,7 @@ EOF
output_verbose_link_cmd='echo'
_LT_AC_TAGVAR(archive_cmds, $1)='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
_LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
# Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin ld's
# Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
_LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
_LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
else
@ -6104,7 +6120,7 @@ EOF
output_verbose_link_cmd='echo'
_LT_AC_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring'
_LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
# Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin ld's
# Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
_LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
_LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
;;
@ -6170,7 +6186,7 @@ EOF
hpux10* | hpux11*)
if test "$GCC" = yes -a "$with_gnu_ld" = no; then
case "$host_cpu" in
case $host_cpu in
hppa*64*|ia64*)
_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
;;
@ -6179,7 +6195,7 @@ EOF
;;
esac
else
case "$host_cpu" in
case $host_cpu in
hppa*64*|ia64*)
_LT_AC_TAGVAR(archive_cmds, $1)='$LD -b +h $soname -o $lib $libobjs $deplibs $linker_flags'
;;
@ -6189,7 +6205,7 @@ EOF
esac
fi
if test "$with_gnu_ld" = no; then
case "$host_cpu" in
case $host_cpu in
hppa*64*)
_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
_LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir'

68
build/BerkeleyDB42.patch
View file

@ -1,68 +0,0 @@
This patch is intended to be applied to Berkeley DB 4.2.52 and,
if applied, will automatically be used by slapd(8) back-bdb/hdb.
Without this patch the BDB DB_LOG_AUTOREMOVE option will not work,
nor will db_archive allow any transaction log files to be removed
while slapd is running.
The patch can be applied to the BDB source using patch(1) as follows
cd db-4.2.52
patch -p0 < openldap-src/build/BerkeleyDB42.patch
(modify directory paths as necessary), then recompile and reinstall
the BerkeleyDB 4.2 library, and then build and install OpenLDAP
Software.
The patch should not be applied to Berkeley DB 4.3.
Index: dbinc/db.in
===================================================================
RCS file: /var/CVSROOT/bdb42/dbinc/db.in,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- dbinc/db.in 25 Nov 2003 21:58:02 -0000 1.1.1.1
+++ dbinc/db.in 17 Jul 2004 16:07:23 -0000 1.2
@@ -839,6 +839,7 @@
#define TXN_NOWAIT 0x040 /* Do not wait on locks. */
#define TXN_RESTORED 0x080 /* Transaction has been restored. */
#define TXN_SYNC 0x100 /* Sync on prepare and commit. */
+#define TXN_NOLOG 0x200 /* Do not log this transaction. */
u_int32_t flags;
};
Index: txn/txn.c
===================================================================
RCS file: /var/CVSROOT/bdb42/txn/txn.c,v
retrieving revision 1.1.1.2
retrieving revision 1.2
diff -u -r1.1.1.2 -r1.2
--- txn/txn.c 17 Dec 2003 21:43:53 -0000 1.1.1.2
+++ txn/txn.c 17 Jul 2004 16:07:27 -0000 1.2
@@ -127,7 +127,7 @@
if ((ret = __db_fchk(dbenv,
"txn_begin", flags,
DB_DIRTY_READ | DB_TXN_NOWAIT |
- DB_TXN_NOSYNC | DB_TXN_SYNC)) != 0)
+ DB_TXN_NOSYNC | DB_TXN_SYNC | DB_TXN_NOT_DURABLE)) != 0)
return (ret);
if ((ret = __db_fcchk(dbenv,
"txn_begin", flags, DB_TXN_NOSYNC, DB_TXN_SYNC)) != 0)
@@ -193,6 +193,8 @@
F_SET(txn, TXN_SYNC);
if (LF_ISSET(DB_TXN_NOWAIT))
F_SET(txn, TXN_NOWAIT);
+ if (LF_ISSET(DB_TXN_NOT_DURABLE))
+ F_SET(txn, TXN_NOLOG);
if ((ret = __txn_begin_int(txn, 0)) != 0)
goto err;
@@ -328,7 +330,7 @@
* We should set this value when we write the first log record, not
* here.
*/
- if (DBENV_LOGGING(dbenv))
+ if (DBENV_LOGGING(dbenv) && !F_ISSET(txn, TXN_NOLOG))
__log_txn_lsn(dbenv, &begin_lsn, NULL, NULL);
else
ZERO_LSN(begin_lsn);

205
build/ltmain.sh
View file

@ -58,8 +58,8 @@ EXIT_FAILURE=1
PROGRAM=ltmain.sh
PACKAGE=libtool
VERSION=1.5.18-OpenLDAP
TIMESTAMP=" (1.1220.2.245 2005/05/16 08:55:27)"
VERSION=1.5.20-OpenLDAP
TIMESTAMP=" (1.1220.2.287 2005/08/31 18:54:15)"
# See if we are running on zsh, and set the options which allow our
# commands through without removal of \ escapes.
@ -103,14 +103,15 @@ rm="rm -f"
Xsed="${SED}"' -e 1s/^X//'
sed_quote_subst='s/\([\\`\\"$\\\\]\)/\\\1/g'
# test EBCDIC or ASCII
case `echo A|tr A '\301'` in
A) # EBCDIC based system
SP2NL="tr '\100' '\n'"
NL2SP="tr '\r\n' '\100\100'"
case `echo X|tr X '\101'` in
A) # ASCII based system
# \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
SP2NL='tr \040 \012'
NL2SP='tr \015\012 \040\040'
;;
*) # Assume ASCII based system
SP2NL="tr '\040' '\012'"
NL2SP="tr '\015\012' '\040\040'"
*) # EBCDIC based system
SP2NL='tr \100 \n'
NL2SP='tr \r\n \100\100'
;;
esac
@ -148,7 +149,6 @@ show_help=
execute_dlfiles=
lo2o="s/\\.lo\$/.${objext}/"
o2lo="s/\\.${objext}\$/.lo/"
quote_scanset='[[~#^*{};<>?'"'"' ]'
#####################################
# Shell function definitions:
@ -207,7 +207,7 @@ func_infer_tag ()
CC_quoted=
for arg in $CC; do
case $arg in
*$quote_scanset* | *]* | *\|* | *\&* | *\(* | *\)* | "")
*[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
arg="\"$arg\""
;;
esac
@ -228,7 +228,7 @@ func_infer_tag ()
for arg in $CC; do
# Double-quote args containing other shell metacharacters.
case $arg in
*$quote_scanset* | *]* | *\|* | *\&* | *\(* | *\)* | "")
*[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
arg="\"$arg\""
;;
esac
@ -352,7 +352,7 @@ func_extract_archives ()
func_extract_an_archive "$my_xdir" "$my_xabs"
fi # $darwin_arches
fi # $run
;;
;;
*)
func_extract_an_archive "$my_xdir" "$my_xabs"
;;
@ -591,7 +591,7 @@ if test -z "$show_help"; then
for arg
do
case "$arg_mode" in
case $arg_mode in
arg )
# do not "continue". Instead, add this to base_compile
lastarg="$arg"
@ -642,7 +642,7 @@ if test -z "$show_help"; then
# Many Bourne shells cannot handle close brackets correctly
# in scan sets, so we specify it separately.
case $arg in
*$quote_scanset* | *]* | *\|* | *\&* | *\(* | *\)* | "")
*[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
arg="\"$arg\""
;;
esac
@ -677,7 +677,7 @@ if test -z "$show_help"; then
# in scan sets (worked around with variable expansion),
# and furthermore cannot handle '|' '&' '(' ')' in scan sets
# at all, so we specify them separately.
*$quote_scanset* | *]* | *\|* | *\&* | *\(* | *\)* | "")
*[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
lastarg="\"$lastarg\""
;;
esac
@ -752,13 +752,12 @@ if test -z "$show_help"; then
qlibobj=`$echo "X$libobj" | $Xsed -e "$sed_quote_subst"`
case $qlibobj in
*$quote_scanset* | *]* | *\|* | *\&* | *\(* | *\)* | "")
*[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
qlibobj="\"$qlibobj\"" ;;
esac
if test "X$libobj" != "X$qlibobj"; then
$echo "$modename: libobj name \`$libobj' may not contain shell special characters."
exit $EXIT_FAILURE
fi
test "X$libobj" != "X$qlibobj" \
&& $echo "X$libobj" | grep '[]~#^*{};<>?"'"'"' &()|`$[]' \
&& $echo "$modename: libobj name \`$libobj' may not contain shell special characters."
objname=`$echo "X$obj" | $Xsed -e 's%^.*/%%'`
xdir=`$echo "X$obj" | $Xsed -e 's%/[^/]*$%%'`
if test "X$xdir" = "X$obj"; then
@ -839,7 +838,7 @@ compiler."
fi
qsrcfile=`$echo "X$srcfile" | $Xsed -e "$sed_quote_subst"`
case $qsrcfile in
*$quote_scanset* | *]* | *\|* | *\&* | *\(* | *\)* | "")
*[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
qsrcfile="\"$qsrcfile\"" ;;
esac
@ -1105,15 +1104,14 @@ EOF
if test -n "$link_static_flag"; then
dlopen_self=$dlopen_self_static
fi
prefer_static_libs=yes
else
if test -z "$pic_flag" && test -n "$link_static_flag"; then
dlopen_self=$dlopen_self_static
fi
prefer_static_libs=built
fi
build_libtool_libs=no
build_old_libs=yes
prefer_static_libs=yes
break
;;
esac
@ -1127,7 +1125,7 @@ EOF
arg="$1"
shift
case $arg in
*$quote_scanset* | *]* | *\|* | *\&* | *\(* | *\)* | "")
*[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
qarg=\"`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`\" ### testsuite: skip nested quoting test
;;
*) qarg=$arg ;;
@ -1436,7 +1434,7 @@ EOF
continue
;;
-framework)
-framework|-arch)
prev=darwin_framework
compiler_flags="$compiler_flags $arg"
compile_command="$compile_command $arg"
@ -1566,7 +1564,7 @@ EOF
# to be aesthetically quoted because they are evaled later.
arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
case $arg in
*$quote_scanset* | *]* | *\|* | *\&* | *\(* | *\)* | "")
*[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
arg="\"$arg\""
;;
esac
@ -1682,7 +1680,7 @@ EOF
for flag in $args; do
IFS="$save_ifs"
case $flag in
*$quote_scanset* | *]* | *\|* | *\&* | *\(* | *\)* | "")
*[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
flag="\"$flag\""
;;
esac
@ -1700,7 +1698,7 @@ EOF
for flag in $args; do
IFS="$save_ifs"
case $flag in
*$quote_scanset* | *]* | *\|* | *\&* | *\(* | *\)* | "")
*[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
flag="\"$flag\""
;;
esac
@ -1733,7 +1731,7 @@ EOF
# to be aesthetically quoted because they are evaled later.
arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
case $arg in
*$quote_scanset* | *]* | *\|* | *\&* | *\(* | *\)* | "")
*[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
arg="\"$arg\""
;;
esac
@ -1867,7 +1865,7 @@ EOF
# to be aesthetically quoted because they are evaled later.
arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
case $arg in
*$quote_scanset* | *]* | *\|* | *\&* | *\(* | *\)* | "")
*[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
arg="\"$arg\""
;;
esac
@ -2455,7 +2453,7 @@ EOF
case "$temp_rpath " in
*" $dir "*) ;;
*" $absdir "*) ;;
*) temp_rpath="$temp_rpath $dir" ;;
*) temp_rpath="$temp_rpath $absdir" ;;
esac
fi
@ -2492,12 +2490,8 @@ EOF
fi
link_static=no # Whether the deplib will be linked statically
use_static_libs="$prefer_static_libs"
if test "$use_static_libs" = built && test "$installed" = yes ; then
use_static_libs=no
fi
if test -n "$library_names" &&
{ test "$use_static_libs" = no || test -z "$old_library"; }; then
{ test "$prefer_static_libs" = no || test -z "$old_library"; }; then
if test "$installed" = no; then
notinst_deplibs="$notinst_deplibs $lib"
need_relink=yes
@ -2645,7 +2639,7 @@ EOF
add_dir="-L$dir"
# Try looking first in the location we're being installed to.
if test -n "$inst_prefix_dir"; then
case "$libdir" in
case $libdir in
[\\/]*)
add_dir="$add_dir -L$inst_prefix_dir$libdir"
;;
@ -2718,7 +2712,7 @@ EOF
add_dir="-L$libdir"
# Try looking first in the location we're being installed to.
if test -n "$inst_prefix_dir"; then
case "$libdir" in
case $libdir in
[\\/]*)
add_dir="$add_dir -L$inst_prefix_dir$libdir"
;;
@ -2779,8 +2773,6 @@ EOF
fi
fi
else
convenience="$convenience $dir/$old_library"
old_convenience="$old_convenience $dir/$old_library"
deplibs="$dir/$old_library $deplibs"
link_static=yes
fi
@ -3470,7 +3462,7 @@ EOF
if test "$?" -eq 0 ; then
ldd_output=`ldd conftest`
for i in $deplibs; do
name="`expr $i : '-l\(.*\)'`"
name=`expr $i : '-l\(.*\)'`
# If $name is empty we are operating on a -L argument.
if test "$name" != "" && test "$name" -ne "0"; then
if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
@ -3507,7 +3499,7 @@ EOF
# Error occurred in the first compile. Let's try to salvage
# the situation: Compile a separate program for each library.
for i in $deplibs; do
name="`expr $i : '-l\(.*\)'`"
name=`expr $i : '-l\(.*\)'`
# If $name is empty we are operating on a -L argument.
if test "$name" != "" && test "$name" != "0"; then
$rm conftest
@ -3559,7 +3551,7 @@ EOF
set dummy $deplibs_check_method
file_magic_regex=`expr "$deplibs_check_method" : "$2 \(.*\)"`
for a_deplib in $deplibs; do
name="`expr $a_deplib : '-l\(.*\)'`"
name=`expr $a_deplib : '-l\(.*\)'`
# If $name is empty we are operating on a -L argument.
if test "$name" != "" && test "$name" != "0"; then
if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
@ -3628,7 +3620,7 @@ EOF
set dummy $deplibs_check_method
match_pattern_regex=`expr "$deplibs_check_method" : "$2 \(.*\)"`
for a_deplib in $deplibs; do
name="`expr $a_deplib : '-l\(.*\)'`"
name=`expr $a_deplib : '-l\(.*\)'`
# If $name is empty we are operating on a -L argument.
if test -n "$name" && test "$name" != "0"; then
if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
@ -3869,6 +3861,9 @@ EOF
# The command line is too long to execute in one step.
$show "using reloadable object file for export list..."
skipped_export=:
# Break out early, otherwise skipped_export may be
# set to false by a later but shorter cmd.
break
fi
done
IFS="$save_ifs"
@ -3938,7 +3933,8 @@ EOF
fi
fi
if test "X$skipped_export" != "X:" && len=`expr "X$test_cmds" : ".*"` &&
if test "X$skipped_export" != "X:" &&
len=`expr "X$test_cmds" : ".*" 2>/dev/null` &&
test "$len" -le "$max_cmd_len" || test "$max_cmd_len" -le -1; then
:
else
@ -3973,7 +3969,7 @@ EOF
do
eval test_cmds=\"$reload_cmds $objlist $last_robj\"
if test "X$objlist" = X ||
{ len=`expr "X$test_cmds" : ".*"` &&
{ len=`expr "X$test_cmds" : ".*" 2>/dev/null` &&
test "$len" -le "$max_cmd_len"; }; then
objlist="$objlist $obj"
else
@ -4063,13 +4059,30 @@ EOF
IFS="$save_ifs"
eval cmd=\"$cmd\"
$show "$cmd"
$run eval "$cmd" || exit $?
$run eval "$cmd" || {
lt_exit=$?
# Restore the uninstalled library and exit
if test "$mode" = relink; then
$run eval '(cd $output_objdir && $rm ${realname}T && $mv ${realname}U $realname)'
fi
exit $lt_exit
}
done
IFS="$save_ifs"
# Restore the uninstalled library and exit
if test "$mode" = relink; then
$run eval '(cd $output_objdir && $rm ${realname}T && $mv $realname ${realname}T && $mv "$realname"U $realname)' || exit $?
if test -n "$convenience"; then
if test -z "$whole_archive_flag_spec"; then
$show "${rm}r $gentop"
$run ${rm}r "$gentop"
fi
fi
exit $EXIT_SUCCESS
fi
@ -4414,7 +4427,7 @@ extern \"C\" {
if test -z "$export_symbols"; then
export_symbols="$output_objdir/$outputname.exp"
$run $rm $export_symbols
$run eval "${SED} -n -e '/^: @PROGRAM@$/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"'
$run eval "${SED} -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"'
else
$run eval "${SED} -e 's/\([ ][.*^$]\)/\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"'
$run eval 'grep -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T'
@ -4819,6 +4832,7 @@ EOF
EOF
cat >> $cwrappersource <<"EOF"
return 127;
}
void *
@ -5082,13 +5096,13 @@ else
# Backslashes separate directories on plain windows
*-*-mingw | *-*-os2*)
$echo >> $output "\
exec \$progdir\\\\\$program \${1+\"\$@\"}
exec \"\$progdir\\\\\$program\" \${1+\"\$@\"}
"
;;
*)
$echo >> $output "\
exec \$progdir/\$program \${1+\"\$@\"}
exec \"\$progdir/\$program\" \${1+\"\$@\"}
"
;;
esac
@ -5098,7 +5112,7 @@ else
fi
else
# The program doesn't exist.
\$echo \"\$0: error: \$progdir/\$program does not exist\" 1>&2
\$echo \"\$0: error: \\\`\$progdir/\$program' does not exist\" 1>&2
\$echo \"This script is just a wrapper for \$program.\" 1>&2
$echo \"See the $PACKAGE documentation for more information.\" 1>&2
exit $EXIT_FAILURE
@ -5221,7 +5235,7 @@ fi\
oldobjs="$objlist $obj"
objlist="$objlist $obj"
eval test_cmds=\"$old_archive_cmds\"
if len=`expr "X$test_cmds" : ".*"` &&
if len=`expr "X$test_cmds" : ".*" 2>/dev/null` &&
test "$len" -le "$max_cmd_len"; then
:
else
@ -5418,11 +5432,11 @@ relink_command=\"$relink_command\""
# install_prog (especially on Windows NT).
if test "$nonopt" = "$SHELL" || test "$nonopt" = /bin/sh ||
# Allow the use of GNU shtool's install command.
$echo "X$nonopt" | $Xsed | grep shtool > /dev/null; then
$echo "X$nonopt" | grep shtool > /dev/null; then
# Aesthetically quote it.
arg=`$echo "X$nonopt" | $Xsed -e "$sed_quote_subst"`
case $arg in
*$quote_scanset* | *]* | *\|* | *\&* | *\(* | *\)* | "")
*[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
arg="\"$arg\""
;;
esac
@ -5431,14 +5445,14 @@ relink_command=\"$relink_command\""
shift
else
install_prog=
arg="$nonopt"
arg=$nonopt
fi
# The real first argument should be the name of the installation program.
# Aesthetically quote it.
arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
case $arg in
*$quote_scanset* | *]* | *\|* | *\&* | *\(* | *\)* | "")
*[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
arg="\"$arg\""
;;
esac
@ -5456,28 +5470,31 @@ relink_command=\"$relink_command\""
do
if test -n "$dest"; then
files="$files $dest"
dest="$arg"
dest=$arg
continue
fi
case $arg in
-d) isdir=yes ;;
-f) prev="-f" ;;
-g) prev="-g" ;;
-m) prev="-m" ;;
-o) prev="-o" ;;
-f)
case " $install_prog " in
*[\\\ /]cp\ *) ;;
*) prev=$arg ;;
esac
;;
-g | -m | -o) prev=$arg ;;
-s)
stripme=" -s"
continue
;;
-*) ;;
-*)
;;
*)
# If the previous option needed an argument, then skip it.
if test -n "$prev"; then
prev=
else
dest="$arg"
dest=$arg
continue
fi
;;
@ -5486,7 +5503,7 @@ relink_command=\"$relink_command\""
# Aesthetically quote the argument.
arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
case $arg in
*$quote_scanset* | *]* | *\|* | *\&* | *\(* | *\)* | "")
*[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
arg="\"$arg\""
;;
esac
@ -5655,11 +5672,14 @@ relink_command=\"$relink_command\""
if test "$#" -gt 0; then
# Delete the old symlinks, and create new ones.
# Try `ln -sf' first, because the `ln' binary might depend on
# the symlink we replace! Solaris /bin/ln does not understand -f,
# so we also need to try rm && ln -s.
for linkname
do
if test "$linkname" != "$realname"; then
$show "(cd $destdir && $rm $linkname && $LN_S $realname $linkname)"
$run eval "(cd $destdir && $rm $linkname && $LN_S $realname $linkname)"
$show "(cd $destdir && { $LN_S -f $realname $linkname || { $rm $linkname && $LN_S $realname $linkname; }; })"
$run eval "(cd $destdir && { $LN_S -f $realname $linkname || { $rm $linkname && $LN_S $realname $linkname; }; })"
fi
done
fi
@ -5672,7 +5692,16 @@ relink_command=\"$relink_command\""
IFS="$save_ifs"
eval cmd=\"$cmd\"
$show "$cmd"
$run eval "$cmd" || exit $?
$run eval "$cmd" || {
lt_exit=$?
# Restore the uninstalled library and exit
if test "$mode" = relink; then
$run eval '(cd $output_objdir && $rm ${realname}T && $mv ${realname}U $realname)'
fi
exit $lt_exit
}
done
IFS="$save_ifs"
fi
@ -5773,17 +5802,15 @@ relink_command=\"$relink_command\""
notinst_deplibs=
relink_command=
# To insure that "foo" is sourced, and not "foo.exe",
# finese the cygwin/MSYS system by explicitly sourcing "foo."
# which disallows the automatic-append-.exe behavior.
case $build in
*cygwin* | *mingw*) wrapperdot=${wrapper}. ;;
*) wrapperdot=${wrapper} ;;
esac
# Note that it is not necessary on cygwin/mingw to append a dot to
# foo even if both foo and FILE.exe exist: automatic-append-.exe
# behavior happens only for exec(3), not for open(2)! Also, sourcing
# `FILE.' does not work on cygwin managed mounts.
#
# If there is no directory component, then add one.
case $file in
*/* | *\\*) . ${wrapperdot} ;;
*) . ./${wrapperdot} ;;
case $wrapper in
*/* | *\\*) . ${wrapper} ;;
*) . ./${wrapper} ;;
esac
# Check the variables that should have been set.
@ -5811,17 +5838,15 @@ relink_command=\"$relink_command\""
done
relink_command=
# To insure that "foo" is sourced, and not "foo.exe",
# finese the cygwin/MSYS system by explicitly sourcing "foo."
# which disallows the automatic-append-.exe behavior.
case $build in
*cygwin* | *mingw*) wrapperdot=${wrapper}. ;;
*) wrapperdot=${wrapper} ;;
esac
# Note that it is not necessary on cygwin/mingw to append a dot to
# foo even if both foo and FILE.exe exist: automatic-append-.exe
# behavior happens only for exec(3), not for open(2)! Also, sourcing
# `FILE.' does not work on cygwin managed mounts.
#
# If there is no directory component, then add one.
case $file in
*/* | *\\*) . ${wrapperdot} ;;
*) . ./${wrapperdot} ;;
case $wrapper in
*/* | *\\*) . ${wrapper} ;;
*) . ./${wrapper} ;;
esac
outputname=
@ -5862,7 +5887,7 @@ relink_command=\"$relink_command\""
fi
# remove .exe since cygwin /usr/bin/install will append another
# one anyways
# one anyway
case $install_prog,$host in
*/usr/bin/install*,*cygwin*)
case $file:$destfile in

2
clients/tools/ldapmodrdn.c
View file

@ -206,7 +206,7 @@ main(int argc, char **argv)
if (havedn)
retval = domodrdn( ld, entrydn, rdn, newSuperior, remove_old_RDN );
else while ((rc == 0 || contoper) && fgets(buf, sizeof(buf), fp) != NULL) {
if ( *buf != '\0' ) { /* blank lines optional, skip */
if ( *buf != '\n' ) { /* blank lines optional, skip */
buf[ strlen( buf ) - 1 ] = '\0'; /* remove nl */
if ( havedn ) { /* have DN, get RDN */

4
clients/tools/ldappasswd.c
View file

@ -345,7 +345,6 @@ main( int argc, char *argv[] )
rc = ldap_parse_result( ld, res,
&code, &matcheddn, &text, &refs, NULL, 0 );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_parse_result" );
rc = EXIT_FAILURE;
@ -353,9 +352,8 @@ main( int argc, char *argv[] )
}
rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 1 );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_parse_result" );
ldap_perror( ld, "ldap_parse_extended_result" );
rc = EXIT_FAILURE;
goto done;
}

38
configure.in
View file

@ -245,7 +245,7 @@ ol_with_kerberos=${ol_with_kerberos-auto}
OL_ARG_WITH(threads,[ --with-threads with threads],
auto, [auto nt posix mach pth lwp yes no manual] )
OL_ARG_WITH(tls,[ --with-tls with TLS/SSL support],
auto, [auto ssleay openssl yes no] )
auto, [auto openssl yes no] )
OL_ARG_WITH(yielding_select,[ --with-yielding-select with implicitly yielding select],
auto, [auto yes no manual] )
OL_ARG_WITH(multiple_precision,[ --with-multiple-precision
@ -1312,40 +1312,31 @@ dnl TLS/SSL
ol_link_tls=no
if test $ol_with_tls != no ; then
AC_CHECK_HEADERS(openssl/ssl.h ssl.h)
AC_CHECK_HEADERS(openssl/ssl.h)
if test $ac_cv_header_openssl_ssl_h = yes ||
test $ac_cv_header_ssl_h = yes ; then
AC_CHECK_LIB(ssl, SSLeay_add_ssl_algorithms,
[have_ssleay=yes
need_rsaref=no],
[have_ssleay=no],
if test $ac_cv_header_openssl_ssl_h = yes ; then
AC_CHECK_LIB(ssl, SSL_library_init,
[have_openssl=yes
need_rsaref=no], [have_openssl=no],
[-lcrypto])
if test $have_ssleay = no ; then
AC_CHECK_LIB(ssl, SSL_library_init,
[have_ssleay=yes
need_rsaref=no], [have_ssleay=no],
[-lcrypto])
fi
if test $have_ssleay = no ; then
if test $have_openssl = no ; then
AC_CHECK_LIB(ssl, ssl3_accept,
[have_ssleay=yes
need_rsaref=yes], [have_ssleay=no],
[have_openssl=yes
need_rsaref=yes], [have_openssl=no],
[-lcrypto -lRSAglue -lrsaref])
fi
if test $have_ssleay = yes ; then
if test $have_openssl = yes ; then
ol_with_tls=found
ol_link_tls=yes
AC_DEFINE(HAVE_SSLEAY, 1,
[define if you have SSLeay or OpenSSL])
AC_DEFINE(HAVE_OPENSSL, 1,
[define if you have OpenSSL])
if test $need_rsaref = yes; then
AC_DEFINE(HAVE_RSAREF, 1,
[define if you have RSAref])
[define if OpenSSL needs RSAref])
TLS_LIBS="-lssl -lcrypto -lRSAglue -lrsaref"
else
@ -2408,7 +2399,7 @@ if test "$ol_with_multiple_precision" != "no" ; then
case "$ol_mp_support" in
bignum)
AC_DEFINE(HAVE_BIGNUM, 1,
[define if you have SSLeay or OpenSSL's BIGNUM])
[define if you have OpenSSL's BIGNUM])
;;
gmp)
AC_DEFINE(HAVE_GMP, 1, [define if you have -lgmp])
@ -2540,6 +2531,7 @@ AC_CHECK_FUNCS( \
getspnam \
gettimeofday \
initgroups \
inet_ntoa_b \
lockf \
memcpy \
memmove \

32
contrib/slapd-modules/smbk5pwd/smbk5pwd.c
View file

@ -23,9 +23,9 @@
#include <slap.h>
#include <ac/errno.h>
#include <ac/string.h>
#ifdef DO_KRB5
#include <ac/string.h>
#include <lber.h>
#include <lber_pvt.h>
#include <lutil.h>
@ -57,6 +57,7 @@ static ObjectClass *oc_krb5KDCEntry;
#ifdef DO_SAMBA
#include <openssl/des.h>
#include <openssl/md4.h>
#include "ldap_utf8.h"
static AttributeDescription *ad_sambaLMPassword;
static AttributeDescription *ad_sambaNTPassword;
@ -155,7 +156,6 @@ static void nthash(
* 256 UCS2 characters, not 256 bytes...
*/
char hbuf[HASHLEN];
int i;
MD4_CTX ctx;
if (passwd->bv_len > MAX_PWLEN*2)
@ -307,10 +307,9 @@ static int smbk5pwd_exop_passwd(
Operation *op,
SlapReply *rs )
{
int i, rc;
int rc;
req_pwdexop_s *qpw = &op->oq_pwdexop;
Entry *e;
Attribute *a;
Modifications *ml;
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
@ -329,7 +328,8 @@ static int smbk5pwd_exop_passwd(
krb5_error_code ret;
hdb_entry ent;
struct berval *keys;
int kvno;
int kvno, i;
Attribute *a;
if ( !is_entry_objectclass(e, oc_krb5KDCEntry, 0 ) ) break;
@ -365,8 +365,7 @@ static int smbk5pwd_exop_passwd(
keys[i].bv_val = (char *)buf;
keys[i].bv_len = len;
}
keys[i].bv_val = NULL;
keys[i].bv_len = 0;
BER_BVZERO( &keys[i] );
_kadm5_free_keys(kadm_context, ent.keys.len, ent.keys.val);
@ -401,8 +400,7 @@ static int smbk5pwd_exop_passwd(
ml->sml_values[0].bv_val = ch_malloc( 64 );
ml->sml_values[0].bv_len = sprintf(ml->sml_values[0].bv_val,
"%d", kvno+1 );
ml->sml_values[1].bv_val = NULL;
ml->sml_values[1].bv_len = 0;
BER_BVZERO( &ml->sml_values[1] );
ml->sml_nvalues = NULL;
} while(0);
#endif /* DO_KRB5 */
@ -439,8 +437,7 @@ static int smbk5pwd_exop_passwd(
qpw->rs_mods = ml;
keys = ch_malloc( 2 * sizeof(struct berval) );
keys[1].bv_val = NULL;
keys[1].bv_len = 0;
BER_BVZERO( &keys[1] );
nthash( &pwd, keys );
ml->sml_desc = ad_sambaNTPassword;
@ -466,8 +463,7 @@ static int smbk5pwd_exop_passwd(
qpw->rs_mods = ml;
keys = ch_malloc( 2 * sizeof(struct berval) );
keys[1].bv_val = NULL;
keys[1].bv_len = 0;
BER_BVZERO( &keys[1] );
lmhash( &pwd, keys );
ml->sml_desc = ad_sambaLMPassword;
@ -485,11 +481,11 @@ static int smbk5pwd_exop_passwd(
qpw->rs_mods = ml;
keys = ch_malloc( 2 * sizeof(struct berval) );
keys[1].bv_val = NULL;
keys[1].bv_len = 0;
keys[0].bv_val = ch_malloc(16);
keys[0].bv_len = sprintf(keys[0].bv_val, "%d",
slap_get_time());
keys[0].bv_val = ch_malloc( STRLENOF( "9223372036854775807L" ) + 1 );
keys[0].bv_len = snprintf(keys[0].bv_val,
STRLENOF( "9223372036854775807L" ) + 1,
"%ld", slap_get_time());
BER_BVZERO( &keys[1] );
ml->sml_desc = ad_sambaPwdLastSet;
ml->sml_op = LDAP_MOD_REPLACE;

1
doc/devel/todo
View file

@ -48,6 +48,7 @@ Localize tools
Small projects
--------------
Add BSD kqueue(2) support to slapd(8)
Add DSML capabilities to command line tools
Add LDIFv2 (XML) support to command line tools
Implement authPassword (RFC 3112)

12
doc/guide/admin/tls.sdf
View file

@ -1,4 +1,4 @@
# Copyright 1999-2003, The OpenLDAP Foundation, All Rights Reserved.
# Copyright 1999-2005, The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
H1: Using TLS
@ -132,6 +132,16 @@ bytes of arbitrary data into the file. The file is only used to
provide a seed for the pseudo-random number generator, and it doesn't
need very much data to work.
H4: TLSEphemeralDHParamFile <filename>
This directive specifies the file that contains parameters for Diffie-Hellman
ephemeral key exchange. This is required in order to use a DSA certificate on
the server side (i.e. {{EX:TLSCertificateKeyFile}} points to a DSA key).
Multiple sets of parameters can be included in the file; all of them will
be processed. Parameters can be generated using the following command
> openssl dhparam [-dsaparam] -out <filename> <numbits>
H4: TLSVerifyClient { never | allow | try | demand }
This directive specifies what checks to perform on client certificates

17
doc/man/man3/ldap.3
View file

@ -76,16 +76,15 @@ All character string input/output is expected to be/is UTF\-8
encoded Unicode (version 3.2).
.LP
Distinguished names (DN) (and relative distinguished names (RDN) to
be passed to the LDAP routines should conform to RFC 2253. The
.BR ldap_explode_dn (3)
routines can be used to work with DNs.
be passed to the LDAP routines should conform to RFC 2253 UTF\-8
string representation.
.LP
Search filters to be passed to the search routines are to be
constructed by hand and should conform to RFC 2254.
constructed by hand and should conform to RFC 2254 UTF\-8
string representation.
.LP
LDAP URL are to be passed to routines are expected to conform
to RFC 2255.
The
to RFC 2255 syntax. The
.BR ldap_url (3)
routines can be used to work with LDAP URLs.
.SH DISPLAYING RESULTS
@ -194,12 +193,6 @@ return number of entries in a search result
.SM ldap_get_dn(3)
extract the DN from an entry
.TP
.SM ldap_explode_dn(3)
convert a DN into its component parts (deprecated)
.TP
.SM ldap_explode_rdn(3)
convert an RDN into its component parts (deprecated)
.TP
.SM ldap_get_values_len(3)
return an attribute's values with lengths
.TP

46
doc/man/man5/slapd.conf.5
View file

@ -859,9 +859,15 @@ See
.BR limits
for an explanation of the different flags.
.TP
.B ucdata-path <path>
Specify the path to the directory containing the Unicode character
tables. The default path is DATADIR/ucdata.
.B tool-threads <integer>
Specify the maximum number of threads to use in tool mode.
This should not be greater than the number of CPUs in the system.
The default is 1.
.\"ucdata-path is obsolete / ignored...
.\".TP
.\".B ucdata-path <path>
.\"Specify the path to the directory containing the Unicode character
.\"tables. The default path is DATADIR/ucdata.
.SH TLS OPTIONS
If
.B slapd
@ -902,6 +908,12 @@ server private key that matches the certificate stored in the
file. Currently, the private key must not be protected with a password, so
it is of critical importance that it is protected carefully.
.TP
.B TLSDHParamFile <filename>
This directive specifies the file that contains parameters for Diffie-Hellman
ephemeral key exchange. This is required in order to use a DSA certificate on
the server. If multiple sets of parameters are present in the file, all of
them will be processed.
.TP
.B TLSRandFile <filename>
Specifies the file to obtain random bits from when /dev/[u]random
is not available. Generally set to the name of the EGD/PRNGD socket.
@ -1464,6 +1476,9 @@ in order to work over all of the glued databases. E.g.
.B [credentials=<passwd>]
.B [realm=<realm>]
.B [secprops=<properties>]
.B [logbase=<base DN>]
.B [logfilter=<filter str>]
.B [syncdata=default|accesslog|changelog]
.RS
Specify the current database as a replica which is kept up-to-date with the
master content by establishing the current
@ -1568,6 +1583,22 @@ keyword above) for a SASL bind can be set with the
option. A non default SASL realm can be set with the
.B realm
option.
Rather than replicating whole entries, the consumer can query logs of
data modifications. This mode of operation is referred to as \fIdelta
syncrepl\fP. In addition to the above parameters, the
.B logbase
and
.B logfilter
parameters must be set appropriately for the log that will be used. The
.B syncdata
parameter must be set to either "accesslog" if the log conforms to the
.BR slapo-accesslog (5)
log format, or "changelog" if the log conforms
to the obsolete \fIchangelog\fP format. If the
.B syncdata
parameter is omitted or set to "default" then the log parameters are
ignored.
.RE
.TP
.B updatedn <dn>
@ -1629,14 +1660,12 @@ It uses Berkeley DB or GDBM to store data.
.B ldif
This database uses the filesystem to build the tree structure
of the database, using plain ascii files to store data.
Its usage should be limited to very simple databases, where performances
are not a requirement.
Its usage should be limited to very simple databases, where performance
is not a requirement.
.TP
.B meta
This backend performs basic LDAP proxying with respect to a set of
remote LDAP servers. It is an enhancement of the ldap backend. The
proxy cache extension of meta backend provides answering of search
requests from the proxy using results of previously cached requests.
remote LDAP servers. It is an enhancement of the ldap backend.
.TP
.B monitor
This backend provides information about the running status of the slapd
@ -1722,6 +1751,7 @@ operation performed on that database.
.B pcache
Proxycache.
This overlay allows caching of LDAP search requests in a local database.
It is most often used with the ldap or meta backends.
.TP
.B ppolicy
Password Policy.

123
doc/man/man5/slapo-accesslog.5
View file

@ -12,9 +12,9 @@ backend database on another database. This allows all of the activity on
a given database to be reviewed using arbitrary LDAP queries, instead of
just logging to local flat text files. Configuration options are available
for selecting a subset of operation types to log, and to automatically
prune older log records from the logging database. Log records are stored
with a custom schema to assure their readability whether viewed as LDIF
or in raw form.
prune older log records from the logging database. Log records are stored
with audit schema (see below) to assure their readability whether viewed
as LDIF or in raw form.
.SH CONFIGURATION
These
.B slapd.conf
@ -58,14 +58,14 @@ and how often to scan the database for old entries. Both the
and
.B interval
are specified as a time span in days, hours, minutes, and seconds. The
time format is [dd+]hh:mm[:ss] i.e., the days and seconds components are
optional but hours and minutes are required. Each numeric field must be
exactly two digits. For example
time format is [ddd+]hh:mm[:ss] i.e., the days and seconds components are
optional but hours and minutes are required. Except for days, which can
be up to 5 digits, each numeric field must be exactly two digits. For example
.RS
.RS
.PD 0
.TP
logpurge 02+00:00 01+00:00
logpurge 2+00:00 1+00:00
.RE
.PD
would specify that the log database should be scanned every day for old
@ -74,6 +74,13 @@ log database that supports ordered indexing on generalizedTime attributes,
specifying an eq index on the
.B reqStart
attribute will greatly benefit the performance of the purge operation.
.RE
.TP
.B logsuccess TRUE | FALSE
If set to TRUE then log records will only be generated for successful
requests, i.e., requests that produce a result code of 0 (LDAP_SUCCESS).
If FALSE, log records are generated for all requests whether they
succeed or not. The default is FALSE.
.SH EXAMPLES
.LP
@ -91,10 +98,23 @@ attribute will greatly benefit the performance of the purge operation.
logops writes reads
.fi
.SH OBJECT CLASSES
.SH SCHEMA
The
.B accesslog
overlay defines a number of object classes for use in the logs. There is
overlay utilizes the "audit" schema described herein.
This schema is specifically designed for
.B accesslog
auditing and is not intended to be used otherwise. It is also
noted that the schema describe here is
.I a work in
.IR progress ,
and hence subject to change without notice.
The schema is loaded automatically by the overlay.
The schema includes a number of object classes and associated
attribute types as described below.
There is
a basic
.B auditObject
class from which two additional classes,
@ -116,7 +136,7 @@ class is as follows:
SUP top STRUCTURAL
MUST ( reqStart $ reqType $ reqSession )
MAY ( reqDN $ reqAuthzID $ reqControls $ reqRespControls $
reqEnd $ reqResult $ reqMessage ) )
reqEnd $ reqResult $ reqMessage $ reqReferral ) )
.RE
.P
Note that all of the OIDs used in the logging schema currently reside
@ -141,7 +161,7 @@ being logged, e.g.
.BR search ,
etc. For extended operations, the type also includes the OID of the
extended operation, e.g.
.B extended(1.2.3.4.1)
.B extended(1.1.1.1)
The
.B reqSession
@ -179,6 +199,11 @@ accompanied by a text error message which will be recorded in the
.B reqMessage
attribute.
The
.B reqReferral
attribute carries any referrals that were returned with the result of the
request.
Operation-specific classes are defined with additional attributes to carry
all of the relevant parameters associated with the operation:
@ -210,36 +235,37 @@ The
.B Add
class inherits from the
.B auditWriteObject
class. The Add and Modify classes are essentially the same. The
class. The Add and Modify classes are very similar. The
.B reqMod
attribute carries all of the attributes of the original entry being added.
(Or in the case of a Modify operation, all of the modifications being
performed.) The values are formatted as
.RS
.RS
.PD 0
.TP
attribute:<+|-|=|#> [ value]
.RE
.RE
.PD
Where '+' indicates an Add of a value, '-' for Delete, '=' for Replace,
and '#' for Increment. In an Add operation, all of the reqMod values will
have the '+' designator.
.RE
.P
.LP
.RS 4
( 1.3.6.1.4.1.4203.666.11.5.2.6
NAME 'auditBind'
DESC 'Bind operation'
SUP auditObject STRUCTURAL
MUST reqMethod )
MUST ( reqVersion $ reqMethod ) )
.RE
.P
The
.B Bind
class just adds the
class includes the
.B reqVersion
attribute which contains the LDAP protocol version specified in the Bind
as well as the
.B reqMethod
attribute which contains the Bind Method used in the Bind. This will be
the string
@ -268,19 +294,48 @@ attribute carries the Attribute Value Assertion used in the compare request.
.LP
.RS 4
( 1.3.6.1.4.1.4203.666.11.5.2.8
NAME 'auditModify'
DESC 'Modify operation'
NAME 'auditDelete'
DESC 'Delete operation'
SUP auditWriteObject STRUCTURAL
MUST reqMod )
MAY reqOld )
.RE
.P
The
.B Modify
operation has already been described.
.B Delete
operation needs no further parameters. However, the
.B reqOld
attribute may optionally be used to record the contents of the entry prior
to its deletion. The values are formatted as
.RS
.PD 0
.TP
attribute: value
.RE
.PD
This option is not yet implemented.
.LP
.RS 4
( 1.3.6.1.4.1.4203.666.11.5.2.9
NAME 'auditModify'
DESC 'Modify operation'
SUP auditWriteObject STRUCTURAL
MAY reqOld MUST reqMod )
.RE
.P
The
.B Modify
operation contains a description of modifications in the
.B reqMod
attribute, which was already described above in the Add operation. It may
optionally contain the previous contents of any modified attributes in the
.B reqOld
attribute, using the same format as described above for the Delete operation.
This option is not yet implemented.
.LP
.RS 4
( 1.3.6.1.4.1.4203.666.11.5.2.10
NAME 'auditModRDN'
DESC 'ModRDN operation'
SUP auditWriteObject STRUCTURAL
@ -307,11 +362,11 @@ the new parent.
.LP
.RS 4
( 1.3.6.1.4.1.4203.666.11.5.2.10
( 1.3.6.1.4.1.4203.666.11.5.2.11
NAME 'auditSearch'
DESC 'Search operation'
SUP auditReadObject STRUCTURAL
MUST ( reqScope $ reqAttrsOnly )
MUST ( reqScope $ reqDerefAliases $ reqAttrsOnly )
MAY ( reqFilter $ reqAttr $ reqEntries $ reqSizeLimit $
reqTimeLimit ) )
.RE
@ -320,12 +375,22 @@ For the
.B Search
class the
.B reqScope
attribute contains the scope of the original search request, i.e.
attribute contains the scope of the original search request, using the
values specified for the LDAP URL format. I.e.
.BR base ,
.BR onelevel ,
.BR subtree ,
.BR one ,
.BR sub ,
or
.BR subordinate .
.BR subord .
The
.B reqDerefAliases
attribute is one of
.BR never ,
.BR finding ,
.BR searching ,
or
.BR always ,
denoting how aliases will be processed during the search.
The
.B reqAttrsOnly
attribute is a Boolean value showing
@ -352,7 +417,7 @@ attributes indicate what limits were requested on the search operation.
.LP
.RS 4
( 1.3.6.1.4.1.4203.666.11.5.2.11
( 1.3.6.1.4.1.4203.666.11.5.2.12
NAME 'auditExtended'
DESC 'Extended operation'
SUP auditObject STRUCTURAL

15
doc/man/man5/slapo-retcode.5
View file

@ -73,7 +73,20 @@ Enables exploitation of in-directory stored errAbsObject.
May result in a lot of unnecessary overhead.
.SH SCHEMA
The following schema items are created and used by the overlay:
The
.B retcode
overlay utilizes the "return code" schema described herein.
This schema is specifically designed for use with this
overlay and is not intended to be used otherwise.
It is also noted that the schema describe here is
.I a work in
.IR progress ,
and hence subject to change without notice.
The schema is loaded automatically by the overlay.
The schema includes a number of object classes and associated
attribute types as described below.
.LP
The error code:
.RS 4

17
doc/man/man5/slapo-syncprov.5
View file

@ -52,10 +52,25 @@ specifies the number of operations that are recorded in the log. All write
operations (except Adds) are recorded in the log.
When using the session log, it is helpful to set an eq index on the
entryUUID attribute in the underlying database.
.TP
.B syncprov-nopresent TRUE | FALSE
Specify that the Present phase of refreshing should be skipped. This value
should only be set TRUE for a syncprov instance on top of a log database
(such as one managed by the accesslog overlay).
The default is FALSE.
.TP
.B syncprov-reloadhint TRUE | FALSE
Specify that the overlay should honor the reloadHint flag in the Syncrepl
Control. In OpenLDAP releases 2.3.11 and earlier the Syncrepl consumer did
not properly set this flag, so the overlay must ignore it. This option
should be set TRUE when working with newer releases that properly support
this flag. It must be set TRUE when using the accesslog overlay for
delta-based Syncrepl support. The default is FALSE.
.SH FILES
.TP
ETCDIR/slapd.conf
default slapd configuration file
.SH SEE ALSO
.BR slapd.conf (5).
.BR slapd.conf (5),
.BR slapo-accesslog (5).
OpenLDAP Administrator's Guide.

7
doc/man/man8/slapadd.8
View file

@ -8,6 +8,7 @@ slapadd \- Add entries to a SLAPD database
.B SBINDIR/slapadd
.B [\-v]
.B [\-c]
.B [\-g]
.B [\-u]
.B [\-q]
.B [\-w]
@ -29,7 +30,7 @@ suffix and adds entries corresponding to the provided LDIF to
the database.
Databases configured as
.B subordinate
of this one are also updated.
of this one are also updated, unless \fB-g\fP is specified.
The LDIF input is read from standard input or the specified file.
.LP
As
@ -48,6 +49,10 @@ enable verbose mode.
.B \-c
enable continue (ignore errors) mode.
.TP
.B \-g
disable subordinate gluing. Only the specified database will be
processed, and not its glued subordinates (if any).
.TP
.B \-u
enable dry-run (don't write to backend) mode.
.TP

14
doc/man/man8/slapauth.8
View file

@ -8,6 +8,7 @@ slapauth \- Check a list of string-represented IDs for authc/authz.
.B [\-v]
.B [\-d level]
.B [\-f slapd.conf]
.B [\-F confdir]
.B [\-M mech]
.B [\-R realm]
.B [\-U authcID]
@ -44,6 +45,19 @@ specify an alternative
.BR slapd.conf (5)
file.
.TP
.BI \-F " confdir"
specify a config directory.
If both
.B -f
and
.B -F
are specified, the config file will be read and converted to
config directory format and written to the specified directory.
If neither option is specified, an attempt to read the
default config directory wll be made before trying to use the default
config file. If a valid config directory exists then the
default config file is ignored.
.TP
.BI \-M " mech"
specify a mechanism.
.TP

21
doc/man/man8/slapcat.8
View file

@ -8,12 +8,14 @@ slapcat \- SLAPD database to LDIF utility
.B SBINDIR/slapcat
.B [\-v]
.B [\-c]
.B [\-g]
.B [\-d level]
.B [\-b suffix]
.B [\-n dbnum]
.B [\-a filter]
.B [\-s subtree-dn]
.B [\-f slapd.conf]
.B [\-F confdir]
.B [\-l ldif-file]
.B
.LP
@ -29,7 +31,7 @@ suffix and writes the corresponding LDIF to standard output or
the specified file.
Databases configured as
.B subordinate
of this one are also output.
of this one are also output, unless \fB-g\fP is specified.
.LP
The LDIF generated by this tool is suitable for use with
.BR slapadd (8).
@ -45,6 +47,10 @@ Enable verbose mode.
.B \-c
Enable continue (ignore errors) mode.
.TP
.B \-g
disable subordinate gluing. Only the specified database will be
processed, and not its glued subordinates (if any).
.TP
.BI \-d " level"
Enable debugging messages as defined by the specified
.IR level .
@ -87,6 +93,19 @@ Specify an alternative
.BR slapd.conf (5)
file.
.TP
.BI \-F " confdir"
specify a config directory.
If both
.B -f
and
.B -F
are specified, the config file will be read and converted to
config directory format and written to the specified directory.
If neither option is specified, an attempt to read the
default config directory wll be made before trying to use the default
config file. If a valid config directory exists then the
default config file is ignored.
.TP
.BI \-l " ldif-file"
Write LDIF to specified file instead of standard output.
.SH LIMITATIONS

13
doc/man/man8/slapdn.8
View file

@ -41,6 +41,19 @@ specify an alternative
.BR slapd.conf (5)
file.
.TP
.BI \-F " confdir"
specify a config directory.
If both
.B -f
and
.B -F
are specified, the config file will be read and converted to
config directory format and written to the specified directory.
If neither option is specified, an attempt to read the
default config directory wll be made before trying to use the default
config file. If a valid config directory exists then the
default config file is ignored.
.TP
.BI \-N
only output a normalized form of the DN, suitable to be used
in a normalization tool; incompatible with

7
doc/man/man8/slapindex.8
View file

@ -8,6 +8,7 @@ slapindex \- SLAPD index to LDIF utility
.B SBINDIR/slapindex
.B [\-v]
.B [\-c]
.B [\-g]
.B [\-q]
.B [\-d level]
.B [\-b suffix]
@ -27,7 +28,7 @@ suffix and updates the indices for all values of all attributes
of all entries.
Databases configured as
.B subordinate
of this one are also re-indexed.
of this one are also re-indexed, unless \fB-g\fP is specified.
.SH OPTIONS
.TP
.B \-v
@ -36,6 +37,10 @@ enable verbose mode.
.B \-c
enable continue (ignore errors) mode.
.TP
.B \-g
disable subordinate gluing. Only the specified database will be
processed, and not its glued subordinates (if any).
.TP
.B \-q
enable quick (fewer integrity checks) mode. Performs no consistency checks
when writing the database. Improves indexing time, but if any errors or

120
include/ldap.h
View file

@ -136,6 +136,7 @@ LDAP_BEGIN_DECL
#define LDAP_OPT_X_TLS_CRLCHECK 0x600b
#define LDAP_OPT_X_TLS_CONNECT_CB 0x600c
#define LDAP_OPT_X_TLS_CONNECT_ARG 0x600d
#define LDAP_OPT_X_TLS_DHFILE 0x600e
#define LDAP_OPT_X_TLS_NEVER 0
#define LDAP_OPT_X_TLS_HARD 1
@ -203,20 +204,26 @@ typedef struct ldapcontrol {
/* LDAP Controls */
/* standard track controls */
#define LDAP_CONTROL_MANAGEDSAIT "2.16.840.1.113730.3.4.2" /* RFC 3296 */
#define LDAP_CONTROL_SUBENTRIES "1.3.6.1.4.1.4203.1.10.1" /* RFC 3672 */
#define LDAP_CONTROL_PAGEDRESULTS "1.2.840.113556.1.4.319" /* RFC 2696 */
#define LDAP_CONTROL_VALUESRETURNFILTER "1.2.826.0.1.334810.2.3" /* RFC 3876 */
#define LDAP_CONTROL_ASSERT "1.3.6.1.1.12"
#define LDAP_CONTROL_PRE_READ "1.3.6.1.1.13.1"
#define LDAP_CONTROL_POST_READ "1.3.6.1.1.13.2"
#define LDAP_CONTROL_MANAGEDSAIT "2.16.840.1.113730.3.4.2" /* RFC 3296 */
#define LDAP_CONTROL_PROXY_AUTHZ "2.16.840.1.113730.3.4.18" /* RFC TBD */
#define LDAP_CONTROL_SUBENTRIES "1.3.6.1.4.1.4203.1.10.1" /* RFC 3672 */
#define LDAP_CONTROL_VALUESRETURNFILTER "1.2.826.0.1.334810.2.3"/* RFC 3876 */
#define LDAP_CONTROL_ASSERT "1.3.6.1.1.12" /* RFC TBD */
#define LDAP_CONTROL_PRE_READ "1.3.6.1.1.13.1" /* RFC TBD */
#define LDAP_CONTROL_POST_READ "1.3.6.1.1.13.2" /* RFC TBD */
/* standard track - not implemented in slapd(8) */
#define LDAP_CONTROL_SORTREQUEST "1.2.840.113556.1.4.473" /* RFC 2891 */
#define LDAP_CONTROL_SORTRESPONSE "1.2.840.113556.1.4.474" /* RFC 2891 */
/* but not yet formalized controls */
#define LDAP_CONTROL_PROXY_AUTHZ "2.16.840.1.113730.3.4.18"
/* non-standard track controls */
#define LDAP_CONTROL_PAGEDRESULTS "1.2.840.113556.1.4.319" /* RFC 2696 */
/* Password policy Controls *//* work in progress */
/* ITS#3458: released; disabled by default */
#define LDAP_CONTROL_PASSWORDPOLICYREQUEST "1.3.6.1.4.1.42.2.27.8.5.1"
#define LDAP_CONTROL_PASSWORDPOLICYRESPONSE "1.3.6.1.4.1.42.2.27.8.5.1"
/* various works in progress */
#define LDAP_CONTROL_NOOP "1.3.6.1.4.1.4203.666.5.2"
@ -225,30 +232,6 @@ typedef struct ldapcontrol {
#define LDAP_CONTROL_SLURP "1.3.6.1.4.1.4203.666.5.13"
#define LDAP_CONTROL_VALSORT "1.3.6.1.4.1.4203.666.5.14"
/* LDAP Duplicated Entry Control Extension *//* not implemented in slapd(8) */
#define LDAP_CONTROL_DUPENT_REQUEST "2.16.840.1.113719.1.27.101.1"
#define LDAP_CONTROL_DUPENT_RESPONSE "2.16.840.1.113719.1.27.101.2"
#define LDAP_CONTROL_DUPENT_ENTRY "2.16.840.1.113719.1.27.101.3"
#define LDAP_CONTROL_DUPENT LDAP_CONTROL_DUPENT_REQUEST
/* LDAP Persistent Search Control *//* not implemented in slapd(8) */
/* draft-ietf-ldapext-psearch-03.txt (expired) */
#define LDAP_CONTROL_PERSIST_REQUEST "2.16.840.1.113730.3.4.3"
#define LDAP_CONTROL_PERSIST_ENTRY_CHANGE_NOTICE "2.16.840.1.113730.3.4.7"
#define LDAP_CONTROL_PERSSIT_ENTRY_CHANGE_ADD 0x1
#define LDAP_CONTROL_PERSSIT_ENTRY_CHANGE_DELETE 0x2
#define LDAP_CONTROL_PERSSIT_ENTRY_CHANGE_MODIFY 0x4
#define LDAP_CONTROL_PERSSIT_ENTRY_CHANGE_RENAME 0x8
/* LDAP VLV *//* not implemented in slapd(8) */
#define LDAP_CONTROL_VLVREQUEST "2.16.840.1.113730.3.4.9"
#define LDAP_CONTROL_VLVRESPONSE "2.16.840.1.113730.3.4.10"
/* Password policy Controls *//* work in progress */
/* ITS#3458: released; disabled by default */
#define LDAP_CONTROL_PASSWORDPOLICYREQUEST "1.3.6.1.4.1.42.2.27.8.5.1"
#define LDAP_CONTROL_PASSWORDPOLICYRESPONSE "1.3.6.1.4.1.42.2.27.8.5.1"
/* LDAP Sync -- draft-zeilenga-ldup-sync *//* submitted for publication */
#define LDAP_SYNC_OID "1.3.6.1.4.1.4203.1.9.1"
#define LDAP_CONTROL_SYNC LDAP_SYNC_OID ".1"
@ -291,16 +274,38 @@ typedef struct ldapcontrol {
#define LDAP_REFERRALS_REQUIRED 3
#endif
/* MS ActiveDirectory controls (for compatibility) */
#define LDAP_CONTROL_X_DOMAIN_SCOPE "1.2.840.113556.1.4.1339"
#define LDAP_CONTROL_X_PERMISSIVE_MODIFY "1.2.840.113556.1.4.1413"
/* MS Active Directory controls (for compatibility) */
#define LDAP_CONTROL_X_INCREMENTAL_VALUES "1.2.840.113556.1.4.802"
#define LDAP_CONTROL_X_TREE_DELETE "1.2.840.113556.1.4.805"
#define LDAP_CONTROL_X_DOMAIN_SCOPE "1.2.840.113556.1.4.1339"
#define LDAP_CONTROL_X_PERMISSIVE_MODIFY "1.2.840.113556.1.4.1413"
#define LDAP_CONTROL_X_SEARCH_OPTIONS "1.2.840.113556.1.4.1340"
#define LDAP_SEARCH_FLAG_DOMAIN_SCOPE 1 /* do not generate referrals */
#define LDAP_SEARCH_FLAG_PHANTOM_ROOT 2 /* search all NCs subordinate to base */
#define LDAP_SEARCH_FLAG_DOMAIN_SCOPE 1 /* do not generate referrals */
#define LDAP_SEARCH_FLAG_PHANTOM_ROOT 2 /* search all subordinate NCs */
/* MS Active Directory controls - not implemented in slapd(8) */
#define LDAP_CONTROL_X_TREE_DELETE "1.2.840.113556.1.4.805"
#define LDAP_CONTROL_X_EXTENDED_DN "1.2.840.113556.1.4.529"
/* various expired works */
/* LDAP Duplicated Entry Control Extension *//* not implemented in slapd(8) */
#define LDAP_CONTROL_DUPENT_REQUEST "2.16.840.1.113719.1.27.101.1"
#define LDAP_CONTROL_DUPENT_RESPONSE "2.16.840.1.113719.1.27.101.2"
#define LDAP_CONTROL_DUPENT_ENTRY "2.16.840.1.113719.1.27.101.3"
#define LDAP_CONTROL_DUPENT LDAP_CONTROL_DUPENT_REQUEST
/* LDAP Persistent Search Control *//* not implemented in slapd(8) */
#define LDAP_CONTROL_PERSIST_REQUEST "2.16.840.1.113730.3.4.3"
#define LDAP_CONTROL_PERSIST_ENTRY_CHANGE_NOTICE "2.16.840.1.113730.3.4.7"
#define LDAP_CONTROL_PERSSIT_ENTRY_CHANGE_ADD 0x1
#define LDAP_CONTROL_PERSSIT_ENTRY_CHANGE_DELETE 0x2
#define LDAP_CONTROL_PERSSIT_ENTRY_CHANGE_MODIFY 0x4
#define LDAP_CONTROL_PERSSIT_ENTRY_CHANGE_RENAME 0x8
/* LDAP VLV *//* not implemented in slapd(8) */
#define LDAP_CONTROL_VLVREQUEST "2.16.840.1.113730.3.4.9"
#define LDAP_CONTROL_VLVRESPONSE "2.16.840.1.113730.3.4.10"
/* LDAP Unsolicited Notifications */
#define LDAP_NOTICE_OF_DISCONNECTION "1.3.6.1.4.1.1466.20036" /* RFC 2251 */
#define LDAP_NOTICE_DISCONNECT LDAP_NOTICE_OF_DISCONNECTION
@ -318,7 +323,6 @@ typedef struct ldapcontrol {
#define LDAP_EXOP_X_CANCEL LDAP_EXOP_CANCEL
/* various works in progress */
#define LDAP_EXOP_WHO_AM_I "1.3.6.1.4.1.4203.1.11.3"
#define LDAP_EXOP_X_WHO_AM_I LDAP_EXOP_WHO_AM_I
@ -470,7 +474,6 @@ typedef struct ldapcontrol {
#define LDAP_SUBSTRING_FINAL ((ber_tag_t) 0x82U) /* context specific */
/* search scopes */
#define LDAP_SCOPE_DEFAULT ((ber_int_t) -1) /* OpenLDAP extension */
#define LDAP_SCOPE_BASE ((ber_int_t) 0x0000)
#define LDAP_SCOPE_BASEOBJECT LDAP_SCOPE_BASE
#define LDAP_SCOPE_ONELEVEL ((ber_int_t) 0x0001)
@ -479,6 +482,7 @@ typedef struct ldapcontrol {
#define LDAP_SCOPE_SUB LDAP_SCOPE_SUBTREE
#define LDAP_SCOPE_SUBORDINATE ((ber_int_t) 0x0003) /* OpenLDAP extension */
#define LDAP_SCOPE_CHILDREN LDAP_SCOPE_SUBORDINATE
#define LDAP_SCOPE_DEFAULT ((ber_int_t) -1) /* OpenLDAP extension */
/* substring filter component types */
#define LDAP_SUBSTRING_INITIAL ((ber_tag_t) 0x80U) /* context specific */
@ -550,7 +554,7 @@ typedef struct ldapcontrol {
#define LDAP_ALREADY_EXISTS 0x44
#define LDAP_NO_OBJECT_CLASS_MODS 0x45
#define LDAP_RESULTS_TOO_LARGE 0x46 /* CLDAP */
#define LDAP_AFFECTS_MULTIPLE_DSAS 0x47 /* LDAPv3 */
#define LDAP_AFFECTS_MULTIPLE_DSAS 0x47
#define LDAP_OTHER 0x50
@ -567,27 +571,34 @@ typedef struct ldapcontrol {
#define LDAP_TOO_LATE 0x78
#define LDAP_CANNOT_CANCEL 0x79
/* Assertion control (122) */
#define LDAP_ASSERTION_FAILED 0x7A
/* Experimental result codes */
#define LDAP_E_ERROR(n) LDAP_RANGE((n),0x1000,0x3FFF) /* experimental */
#define LDAP_X_ERROR(n) LDAP_RANGE((n),0x4000,0xFFFF) /* private use */
#define LDAP_E_ERROR(n) LDAP_RANGE((n),0x1000,0x3FFF)
/* for the LDAP Sync operation */
#define LDAP_SYNC_REFRESH_REQUIRED 0x4100
/* LDAP Sync (4096) */
#define LDAP_SYNC_REFRESH_REQUIRED 0x1000
/* Private Use result codes */
#define LDAP_X_ERROR(n) LDAP_RANGE((n),0x4000,0xFFFF)
#define LDAP_X_SYNC_REFRESH_REQUIRED 0x4100 /* defunct */
#define LDAP_X_ASSERTION_FAILED 0x410f /* defunct */
/* for the LDAP No-Op control */
#define LDAP_NO_OPERATION 0x410e
/* for the Assertion control */
#define LDAP_ASSERTION_FAILED 0x410f
#define LDAP_X_NO_OPERATION 0x410e
/* for the Chaining Behavior control (consecutive result codes requested;
* see <draft-sermersheim-ldap-chaining> ) */
#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
#define LDAP_NO_REFERRALS_FOUND 0x4110
#define LDAP_CANNOT_CHAIN 0x4111
#define LDAP_X_NO_REFERRALS_FOUND 0x4110
#define LDAP_X_CANNOT_CHAIN 0x4111
#endif
/* API Error Codes
*
* Based on draft-ietf-ldap-c-api-xx
@ -1664,6 +1675,11 @@ ldap_msgdelete LDAP_P((
* in search.c:
*/
LDAP_F( int )
ldap_bv2escaped_filter_value LDAP_P((
struct berval *in,
struct berval *out ));
LDAP_F( int )
ldap_search_ext LDAP_P((
LDAP *ld,
LDAP_CONST char *base,

16
include/portable.hin
View file

@ -102,7 +102,7 @@
/* define if Berkeley DB has DB_THREAD support */
#undef HAVE_BERKELEY_DB_THREAD
/* define if you have SSLeay or OpenSSL's BIGNUM */
/* define if you have OpenSSL's BIGNUM */
#undef HAVE_BIGNUM
/* Define to 1 if you have the <bits/types.h> header file. */
@ -277,6 +277,9 @@
/* define to you inet_aton(3) is available */
#undef HAVE_INET_ATON
/* Define to 1 if you have the `inet_ntoa_b' function. */
#undef HAVE_INET_NTOA_B
/* Define to 1 if you have the `inet_ntop' function. */
#undef HAVE_INET_NTOP
@ -427,6 +430,9 @@
/* if you have NT Threads */
#undef HAVE_NT_THREADS
/* define if you have OpenSSL */
#undef HAVE_OPENSSL
/* Define to 1 if you have the <openssl/bn.h> header file. */
#undef HAVE_OPENSSL_BN_H
@ -508,7 +514,7 @@
/* define if you have res_query() */
#undef HAVE_RES_QUERY
/* define if you have RSAref */
/* define if OpenSSL needs RSAref */
#undef HAVE_RSAREF
/* Define to 1 if you have the <sasl.h> header file. */
@ -589,12 +595,6 @@
/* Define to 1 if you have the <sql.h> header file. */
#undef HAVE_SQL_H
/* define if you have SSLeay or OpenSSL */
#undef HAVE_SSLEAY
/* Define to 1 if you have the <ssl.h> header file. */
#undef HAVE_SSL_H
/* Define to 1 if you have the <stddef.h> header file. */
#undef HAVE_STDDEF_H

62
libraries/libldap/cyrus.c
View file

@ -594,7 +594,8 @@ ldap_int_sasl_bind(
rc = ldap_open_defconn( ld );
if( rc < 0 ) return ld->ld_errno;
ber_sockbuf_ctrl( ld->ld_defconn->lconn_sb, LBER_SB_OPT_GET_FD, &sd );
ber_sockbuf_ctrl( ld->ld_defconn->lconn_sb,
LBER_SB_OPT_GET_FD, &sd );
if( sd == AC_SOCKET_INVALID ) {
ld->ld_errno = LDAP_LOCAL_ERROR;
@ -612,9 +613,11 @@ ldap_int_sasl_bind(
ld->ld_defconn->lconn_sasl_authctx = NULL;
}
{ char *saslhost = ldap_host_connected_to( ld->ld_defconn->lconn_sb, "localhost" );
rc = ldap_int_sasl_open( ld, ld->ld_defconn, saslhost );
LDAP_FREE( saslhost );
{
char *saslhost = ldap_host_connected_to( ld->ld_defconn->lconn_sb,
"localhost" );
rc = ldap_int_sasl_open( ld, ld->ld_defconn, saslhost );
LDAP_FREE( saslhost );
}
if ( rc != LDAP_SUCCESS ) return rc;
@ -637,13 +640,16 @@ ldap_int_sasl_bind(
#if !defined(_WIN32)
/* Check for local */
if ( ldap_pvt_url_scheme2proto( ld->ld_defconn->lconn_server->lud_scheme ) == LDAP_PROTO_IPC ) {
char authid[sizeof("uidNumber=4294967295+gidNumber=4294967295,"
if ( ldap_pvt_url_scheme2proto(
ld->ld_defconn->lconn_server->lud_scheme ) == LDAP_PROTO_IPC )
{
char authid[sizeof("gidNumber=4294967295+uidNumber=4294967295,"
"cn=peercred,cn=external,cn=auth")];
sprintf( authid, "uidNumber=%d+gidNumber=%d,"
sprintf( authid, "gidNumber=%d+uidNumber=%d,"
"cn=peercred,cn=external,cn=auth",
(int) geteuid(), (int) getegid() );
(void) ldap_int_sasl_external( ld, ld->ld_defconn, authid, LDAP_PVT_SASL_LOCAL_SSF );
(int) getegid(), (int) geteuid() );
(void) ldap_int_sasl_external( ld, ld->ld_defconn, authid,
LDAP_PVT_SASL_LOCAL_SSF );
}
#endif
@ -703,7 +709,8 @@ ldap_int_sasl_bind(
scred = NULL;
rc = ldap_sasl_bind_s( ld, dn, mech, &ccred, sctrls, cctrls, &scred );
rc = ldap_sasl_bind_s( ld, dn, mech, &ccred, sctrls, cctrls,
&scred );
if ( ccred.bv_val != NULL ) {
#if SASL_VERSION_MAJOR < 2
@ -714,13 +721,12 @@ ldap_int_sasl_bind(
if ( rc != LDAP_SUCCESS && rc != LDAP_SASL_BIND_IN_PROGRESS ) {
if( scred ) {
if ( scred->bv_len ) {
/* and server provided us with data? */
Debug( LDAP_DEBUG_TRACE,
"ldap_int_sasl_bind: rc=%d sasl=%d len=%ld\n",
rc, saslrc, scred->bv_len );
}
/* and server provided us with data? */
Debug( LDAP_DEBUG_TRACE,
"ldap_int_sasl_bind: rc=%d sasl=%d len=%ld\n",
rc, saslrc, scred ? scred->bv_len : -1 );
ber_bvfree( scred );
scred = NULL;
}
rc = ld->ld_errno;
goto done;
@ -729,12 +735,11 @@ ldap_int_sasl_bind(
if( rc == LDAP_SUCCESS && saslrc == SASL_OK ) {
/* we're done, no need to step */
if( scred ) {
if ( scred->bv_len ) {
/* but server provided us with data! */
Debug( LDAP_DEBUG_TRACE,
"ldap_int_sasl_bind: rc=%d sasl=%d len=%ld\n",
rc, saslrc, scred->bv_len );
}
/* but we got additional data? */
Debug( LDAP_DEBUG_TRACE,
"ldap_int_sasl_bind: rc=%d sasl=%d len=%ld\n",
rc, saslrc, scred ? scred->bv_len : -1 );
ber_bvfree( scred );
rc = ld->ld_errno = LDAP_LOCAL_ERROR;
goto done;
@ -743,6 +748,13 @@ ldap_int_sasl_bind(
}
do {
if( ! scred ) {
/* no data! */
Debug( LDAP_DEBUG_TRACE,
"ldap_int_sasl_bind: no data in step!\n",
0, 0, 0 );
}
saslrc = sasl_client_step( ctx,
(scred == NULL) ? NULL : scred->bv_val,
(scred == NULL) ? 0 : scred->bv_len,
@ -791,13 +803,15 @@ ldap_int_sasl_bind(
}
if( flags != LDAP_SASL_QUIET ) {
saslrc = sasl_getprop( ctx, SASL_USERNAME, (SASL_CONST void **) &data );
saslrc = sasl_getprop( ctx, SASL_USERNAME,
(SASL_CONST void **) &data );
if( saslrc == SASL_OK && data && *data ) {
fprintf( stderr, "SASL username: %s\n", data );
}
#if SASL_VERSION_MAJOR < 2
saslrc = sasl_getprop( ctx, SASL_REALM, (SASL_CONST void **) &data );
saslrc = sasl_getprop( ctx, SASL_REALM,
(SASL_CONST void **) &data );
if( saslrc == SASL_OK && data && *data ) {
fprintf( stderr, "SASL realm: %s\n", data );
}

23
libraries/libldap/error.c
View file

@ -85,6 +85,19 @@ static struct ldaperror ldap_builtin_errlist[] = {
{LDAP_OTHER, N_("Internal (implementation specific) error")},
{LDAP_CANCELLED, N_("Cancelled")},
{LDAP_NO_SUCH_OPERATION, N_("No Operation to Cancel")},
{LDAP_TOO_LATE, N_("Too Late to Cancel")},
{LDAP_CANNOT_CANCEL, N_("Cannot Cancel")},
{LDAP_ASSERTION_FAILED, N_("Assertion Failed")},
{LDAP_X_ASSERTION_FAILED, N_("Assertion Failed (X)")},
{LDAP_SYNC_REFRESH_REQUIRED, N_("Content Sync Refresh Required")},
{LDAP_X_SYNC_REFRESH_REQUIRED, N_("Content Sync Refresh Required (X)")},
{LDAP_X_NO_OPERATION, N_("No Operation (X)")},
/* API ResultCodes */
{LDAP_SERVER_DOWN, N_("Can't contact LDAP server")},
{LDAP_LOCAL_ERROR, N_("Local error")},
@ -105,22 +118,12 @@ static struct ldaperror ldap_builtin_errlist[] = {
{LDAP_CLIENT_LOOP, N_("Client Loop")},
{LDAP_REFERRAL_LIMIT_EXCEEDED, N_("Referral Limit Exceeded")},
{LDAP_SYNC_REFRESH_REQUIRED, N_("Content Sync Refresh Required")},
{LDAP_NO_OPERATION, N_("No Operation")},
{LDAP_ASSERTION_FAILED, N_("Assertion Failed")},
{LDAP_CUP_RESOURCES_EXHAUSTED, N_("LCUP Resources Exhausted")},
{LDAP_CUP_SECURITY_VIOLATION, N_("LCUP Security Violation")},
{LDAP_CUP_INVALID_DATA, N_("LCUP Invalid Data")},
{LDAP_CUP_UNSUPPORTED_SCHEME, N_("LCUP Unsupported Scheme")},
{LDAP_CUP_RELOAD_REQUIRED, N_("LCUP Reload Required")},
{LDAP_CANCELLED, N_("Cancelled")},
{LDAP_NO_SUCH_OPERATION, N_("No Operation to Cancel")},
{LDAP_TOO_LATE, N_("Too Late to Cancel")},
{LDAP_CANNOT_CANCEL, N_("Cannot Cancel")},
{0, NULL}
};

17
libraries/libldap/init.c
View file

@ -110,7 +110,7 @@ static const struct ol_attribute {
{0, ATTR_NONE, NULL, NULL, 0}
};
#define MAX_LDAP_ATTR_LEN sizeof("TLS_CACERTDIR")
#define MAX_LDAP_ATTR_LEN sizeof("TLS_CIPHER_SUITE")
#define MAX_LDAP_ENV_PREFIX_LEN 8
static void openldap_ldap_init_w_conf(
@ -409,6 +409,11 @@ ldap_int_destroy_global_options(void)
#if defined(HAVE_WINSOCK) || defined(HAVE_WINSOCK2)
WSACleanup( );
#endif
if ( ldap_int_hostname ) {
LDAP_FREE( ldap_int_hostname );
ldap_int_hostname = NULL;
}
}
/*
@ -529,7 +534,15 @@ void ldap_int_initialize( struct ldapoptions *gopts, int *dbglvl )
#if defined(LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND) \
|| defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL)
ldap_int_hostname = ldap_pvt_get_fqdn( ldap_int_hostname );
{
char *name = ldap_int_hostname;
ldap_int_hostname = ldap_pvt_get_fqdn( name );
if ( name != NULL && name != ldap_int_hostname ) {
LDAP_FREE( name );
}
}
#endif
#ifndef HAVE_POLL

10
libraries/libldap/os-ip.c
View file

@ -529,8 +529,18 @@ ldap_connect_to_host(LDAP *ld, Sockbuf *sb,
sizeof(sin.sin_addr) );
}
#ifdef HAVE_INET_NTOA_B
{
/* for VxWorks */
char address[INET_ADDR_LEN];
inet_ntoa_b(sin.sin_address, address);
osip_debug(ld, "ldap_connect_to_host: Trying %s:%d\n",
address, port, 0);
}
#else
osip_debug(ld, "ldap_connect_to_host: Trying %s:%d\n",
inet_ntoa(sin.sin_addr), port, 0);
#endif
rc = ldap_pvt_connect(ld, s,
(struct sockaddr *)&sin, sizeof(sin),

50
libraries/libldap/search.c
View file

@ -365,3 +365,53 @@ ldap_search_s(
return( ldap_result2error( ld, *res, 0 ) );
}
int
ldap_bv2escaped_filter_value( struct berval *in, struct berval *out )
{
char c;
ber_len_t i;
static char escape[128] = {
1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 1, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 1
};
out->bv_len = 0;
out->bv_val = NULL;
if( in->bv_len == 0 ) return 0;
/* assume we'll escape everything */
out->bv_val = LDAP_MALLOC( 3 * in->bv_len + 1 );
if( out->bv_val == NULL ) return -1;
for( i=0; i<in->bv_len; i++ ) {
if (c & 0x80 || escape[in->bv_val[i]]) {
out->bv_val[out->bv_len++] = '\\';
out->bv_val[out->bv_len++] = "0123456789ABCDEF"[0x0f & (c>>4)];
out->bv_val[out->bv_len++] = "0123456789ABCDEF"[0x0f & c];
} else {
out->bv_val[out->bv_len++] = c;
}
}
out->bv_val[out->bv_len] = '\0';
return 0;
}

167
libraries/libldap/tls.c
View file

@ -50,6 +50,7 @@
static int tls_opt_trace = 1;
static char *tls_opt_certfile = NULL;
static char *tls_opt_keyfile = NULL;
static char *tls_opt_dhfile = NULL;
static char *tls_opt_cacertfile = NULL;
static char *tls_opt_cacertdir = NULL;
static int tls_opt_require_cert = LDAP_OPT_X_TLS_DEMAND;
@ -70,12 +71,18 @@ static int tls_verify_ok( int ok, X509_STORE_CTX *ctx );
static RSA * tls_tmp_rsa_cb( SSL *ssl, int is_export, int key_length );
static STACK_OF(X509_NAME) * get_ca_list( char * bundle, char * dir );
#if 0 /* Currently this is not used by anyone */
static DH * tls_tmp_dh_cb( SSL *ssl, int is_export, int key_length );
#endif
static SSL_CTX *tls_def_ctx = NULL;
typedef struct dhplist {
struct dhplist *next;
int keylength;
DH *param;
} dhplist;
static dhplist *dhparams;
static int tls_seed_PRNG( const char *randfile );
#ifdef LDAP_R_COMPILE
@ -134,6 +141,10 @@ ldap_pvt_tls_destroy( void )
LDAP_FREE( tls_opt_keyfile );
tls_opt_keyfile = NULL;
}
if ( tls_opt_dhfile ) {
LDAP_FREE( tls_opt_dhfile );
tls_opt_dhfile = NULL;
}
if ( tls_opt_cacertfile ) {
LDAP_FREE( tls_opt_cacertfile );
tls_opt_cacertfile = NULL;
@ -198,6 +209,7 @@ ldap_pvt_tls_init_def_ctx( void )
char *cacertdir = tls_opt_cacertdir;
char *certfile = tls_opt_certfile;
char *keyfile = tls_opt_keyfile;
char *dhfile = tls_opt_dhfile;
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_lock( &tls_def_ctx_mutex );
@ -205,6 +217,9 @@ ldap_pvt_tls_init_def_ctx( void )
if ( !certfile && !keyfile && !cacertfile && !cacertdir ) {
/* minimum configuration not provided */
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_unlock( &tls_def_ctx_mutex );
#endif
return LDAP_NOT_SUPPORTED;
}
@ -230,6 +245,10 @@ ldap_pvt_tls_init_def_ctx( void )
keyfile = LDAP_STRDUP( keyfile );
__atoe( keyfile );
}
if ( dhfile ) {
dhfile = LDAP_STRDUP( dhfile );
__atoe( dhfile );
}
#endif
if ( tls_def_ctx == NULL ) {
int i;
@ -321,6 +340,31 @@ ldap_pvt_tls_init_def_ctx( void )
goto error_exit;
}
if ( tls_opt_dhfile ) {
DH *dh = NULL;
BIO *bio;
dhplist *p;
if (( bio=BIO_new_file( dhfile,"r" )) == NULL ) {
Debug( LDAP_DEBUG_ANY,
"TLS: could not use DH parameters file `%s'.\n",
tls_opt_dhfile,0,0);
tls_report_error();
rc = -1;
goto error_exit;
}
while (( dh=PEM_read_bio_DHparams( bio, NULL, NULL, NULL ))) {
p = LDAP_MALLOC( sizeof(dhplist) );
if ( p != NULL ) {
p->keylength = DH_size( dh ) * 8;
p->param = dh;
p->next = dhparams;
dhparams = p;
}
}
BIO_free( bio );
}
if ( tls_opt_trace ) {
SSL_CTX_set_info_callback( tls_def_ctx, tls_info_cb );
}
@ -338,7 +382,7 @@ ldap_pvt_tls_init_def_ctx( void )
tls_opt_require_cert == LDAP_OPT_X_TLS_ALLOW ?
tls_verify_ok : tls_verify_cb );
SSL_CTX_set_tmp_rsa_callback( tls_def_ctx, tls_tmp_rsa_cb );
/* SSL_CTX_set_tmp_dh_callback( tls_def_ctx, tls_tmp_dh_cb ); */
SSL_CTX_set_tmp_dh_callback( tls_def_ctx, tls_tmp_dh_cb );
#ifdef HAVE_OPENSSL_CRL
if ( tls_opt_crlcheck ) {
X509_STORE *x509_s = SSL_CTX_get_cert_store( tls_def_ctx );
@ -362,6 +406,7 @@ error_exit:
LDAP_FREE( cacertdir );
LDAP_FREE( certfile );
LDAP_FREE( keyfile );
LDAP_FREE( dhfile );
#endif
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_unlock( &tls_def_ctx_mutex );
@ -1121,6 +1166,7 @@ ldap_int_tls_config( LDAP *ld, int option, const char *arg )
case LDAP_OPT_X_TLS_KEYFILE:
case LDAP_OPT_X_TLS_RANDOM_FILE:
case LDAP_OPT_X_TLS_CIPHER_SUITE:
case LDAP_OPT_X_TLS_DHFILE:
return ldap_pvt_tls_set_option( ld, option, (void *) arg );
case LDAP_OPT_X_TLS_REQUIRE_CERT:
@ -1218,6 +1264,10 @@ ldap_pvt_tls_get_option( LDAP *ld, int option, void *arg )
*(char **)arg = tls_opt_keyfile ?
LDAP_STRDUP( tls_opt_keyfile ) : NULL;
break;
case LDAP_OPT_X_TLS_DHFILE:
*(char **)arg = tls_opt_dhfile ?
LDAP_STRDUP( tls_opt_dhfile ) : NULL;
break;
case LDAP_OPT_X_TLS_REQUIRE_CERT:
*(int *)arg = tls_opt_require_cert;
break;
@ -1329,6 +1379,10 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg )
if ( tls_opt_keyfile ) LDAP_FREE( tls_opt_keyfile );
tls_opt_keyfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
break;
case LDAP_OPT_X_TLS_DHFILE:
if ( tls_opt_dhfile ) LDAP_FREE( tls_opt_dhfile );
tls_opt_dhfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
break;
case LDAP_OPT_X_TLS_REQUIRE_CERT:
switch( *(int *) arg ) {
case LDAP_OPT_X_TLS_NEVER:
@ -1626,13 +1680,114 @@ tls_seed_PRNG( const char *randfile )
return 0;
}
#if 0
struct dhinfo {
int keylength;
const char *pem;
size_t size;
};
/* From the OpenSSL 0.9.7 distro */
static const char dhpem512[] =
"-----BEGIN DH PARAMETERS-----\n\
MEYCQQDaWDwW2YUiidDkr3VvTMqS3UvlM7gE+w/tlO+cikQD7VdGUNNpmdsp13Yn\n\
a6LT1BLiGPTdHghM9tgAPnxHdOgzAgEC\n\
-----END DH PARAMETERS-----\n";
static const char dhpem1024[] =
"-----BEGIN DH PARAMETERS-----\n\
MIGHAoGBAJf2QmHKtQXdKCjhPx1ottPb0PMTBH9A6FbaWMsTuKG/K3g6TG1Z1fkq\n\
/Gz/PWk/eLI9TzFgqVAuPvr3q14a1aZeVUMTgo2oO5/y2UHe6VaJ+trqCTat3xlx\n\
/mNbIK9HA2RgPC3gWfVLZQrY+gz3ASHHR5nXWHEyvpuZm7m3h+irAgEC\n\
-----END DH PARAMETERS-----\n";
static const char dhpem2048[] =
"-----BEGIN DH PARAMETERS-----\n\
MIIBCAKCAQEA7ZKJNYJFVcs7+6J2WmkEYb8h86tT0s0h2v94GRFS8Q7B4lW9aG9o\n\
AFO5Imov5Jo0H2XMWTKKvbHbSe3fpxJmw/0hBHAY8H/W91hRGXKCeyKpNBgdL8sh\n\
z22SrkO2qCnHJ6PLAMXy5fsKpFmFor2tRfCzrfnggTXu2YOzzK7q62bmqVdmufEo\n\
pT8igNcLpvZxk5uBDvhakObMym9mX3rAEBoe8PwttggMYiiw7NuJKO4MqD1llGkW\n\
aVM8U2ATsCun1IKHrRxynkE1/MJ86VHeYYX8GZt2YA8z+GuzylIOKcMH6JAWzMwA\n\
Gbatw6QwizOhr9iMjZ0B26TE3X8LvW84wwIBAg==\n\
-----END DH PARAMETERS-----\n";
static const char dhpem4096[] =
"-----BEGIN DH PARAMETERS-----\n\
MIICCAKCAgEA/urRnb6vkPYc/KEGXWnbCIOaKitq7ySIq9dTH7s+Ri59zs77zty7\n\
vfVlSe6VFTBWgYjD2XKUFmtqq6CqXMhVX5ElUDoYDpAyTH85xqNFLzFC7nKrff/H\n\
TFKNttp22cZE9V0IPpzedPfnQkE7aUdmF9JnDyv21Z/818O93u1B4r0szdnmEvEF\n\
bKuIxEHX+bp0ZR7RqE1AeifXGJX3d6tsd2PMAObxwwsv55RGkn50vHO4QxtTARr1\n\
rRUV5j3B3oPMgC7Offxx+98Xn45B1/G0Prp11anDsR1PGwtaCYipqsvMwQUSJtyE\n\
EOQWk+yFkeMe4vWv367eEi0Sd/wnC+TSXBE3pYvpYerJ8n1MceI5GQTdarJ77OW9\n\
bGTHmxRsLSCM1jpLdPja5jjb4siAa6EHc4qN9c/iFKS3PQPJEnX7pXKBRs5f7AF3\n\
W3RIGt+G9IVNZfXaS7Z/iCpgzgvKCs0VeqN38QsJGtC1aIkwOeyjPNy2G6jJ4yqH\n\
ovXYt/0mc00vCWeSNS1wren0pR2EiLxX0ypjjgsU1mk/Z3b/+zVf7fZSIB+nDLjb\n\
NPtUlJCVGnAeBK1J1nG3TQicqowOXoM6ISkdaXj5GPJdXHab2+S7cqhKGv5qC7rR\n\
jT6sx7RUr0CNTxzLI7muV2/a4tGmj0PSdXQdsZ7tw7gbXlaWT1+MM2MCAQI=\n\
-----END DH PARAMETERS-----\n";
static const struct dhinfo dhpem[] = {
{ 512, dhpem512, sizeof(dhpem512) },
{ 1024, dhpem1024, sizeof(dhpem1024) },
{ 2048, dhpem2048, sizeof(dhpem2048) },
{ 4096, dhpem4096, sizeof(dhpem4096) },
{ 0, NULL, 0 }
};
static DH *
tls_tmp_dh_cb( SSL *ssl, int is_export, int key_length )
{
return NULL;
}
struct dhplist *p = NULL;
BIO *b = NULL;
DH *dh = NULL;
int i;
/* Do we have params of this length already? */
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_lock( &tls_def_ctx_mutex );
#endif
for ( p = dhparams; p; p=p->next ) {
if ( p->keylength == key_length ) {
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_unlock( &tls_def_ctx_mutex );
#endif
return p->param;
}
}
/* No - check for hardcoded params */
for (i=0; dhpem[i].keylength; i++) {
if ( dhpem[i].keylength == key_length ) {
b = BIO_new_mem_buf( (char *)dhpem[i].pem, dhpem[i].size );
break;
}
}
if ( b ) {
dh = PEM_read_bio_DHparams( b, NULL, NULL, NULL );
BIO_free( b );
}
/* Generating on the fly is expensive/slow... */
if ( !dh ) {
dh = DH_generate_parameters( key_length, DH_GENERATOR_2, NULL, NULL );
}
if ( dh ) {
p = LDAP_MALLOC( sizeof(struct dhplist) );
if ( p != NULL ) {
p->keylength = key_length;
p->param = dh;
p->next = dhparams;
dhparams = p;
}
}
done:
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_unlock( &tls_def_ctx_mutex );
#endif
return dh;
}
#endif
void *

45
libraries/libldap/utf-8-conv.c
View file

@ -79,8 +79,8 @@ ASCII chars 7 bits
Unicode address space (0 - 0x10FFFF) 21 bits
ISO-10646 address space (0 - 0x7FFFFFFF) 31 bits
Note: This code does not prevent UTF-8 sequences which are longer than
necessary from being decoded.
Note: This code does not prevent UTF-8 sequences which are longer than
necessary from being decoded.
*/
/*-----------------------------------------------------------------------------
@ -93,31 +93,25 @@ ldap_x_utf8_to_wc ( wchar_t *wchar, const char *utf8char )
int utflen, i;
wchar_t ch;
/* If input ptr is NULL, treat it as empty string. */
if (utf8char == NULL)
utf8char = "";
if (utf8char == NULL) return -1;
/* Get UTF-8 sequence length from 1st byte */
utflen = LDAP_UTF8_CHARLEN2(utf8char, utflen);
if( utflen==0 || utflen > (int)LDAP_MAX_UTF8_LEN )
return -1; /* Invalid input */
if( utflen==0 || utflen > (int)LDAP_MAX_UTF8_LEN ) return -1;
/* First byte minus length tag */
ch = (wchar_t)(utf8char[0] & mask[utflen]);
for(i=1; i < utflen; i++)
{
for(i=1; i < utflen; i++) {
/* Subsequent bytes must start with 10 */
if ((utf8char[i] & 0xc0) != 0x80)
return -1;
if ((utf8char[i] & 0xc0) != 0x80) return -1;
ch <<= 6; /* 6 bits of data in each subsequent byte */
ch |= (wchar_t)(utf8char[i] & 0x3f);
}
if (wchar)
*wchar = ch;
if (wchar) *wchar = ch;
return utflen;
}
@ -136,41 +130,34 @@ ldap_x_utf8s_to_wcs ( wchar_t *wcstr, const char *utf8str, size_t count )
/* If input ptr is NULL, treat it as empty string. */
if (utf8str == NULL)
utf8str = "";
if (utf8str == NULL) utf8str = "";
/* Examine next UTF-8 character. If output buffer is NULL, ignore count */
while ( *utf8str && (wcstr==NULL || wclen<count) )
{
while ( *utf8str && (wcstr==NULL || wclen<count) ) {
/* Get UTF-8 sequence length from 1st byte */
utflen = LDAP_UTF8_CHARLEN2(utf8str, utflen);
if( utflen==0 || utflen > (int)LDAP_MAX_UTF8_LEN )
return -1; /* Invalid input */
if( utflen==0 || utflen > (int)LDAP_MAX_UTF8_LEN ) return -1;
/* First byte minus length tag */
ch = (wchar_t)(utf8str[0] & mask[utflen]);
for(i=1; i < utflen; i++)
{
for(i=1; i < utflen; i++) {
/* Subsequent bytes must start with 10 */
if ((utf8str[i] & 0xc0) != 0x80)
return -1;
if ((utf8str[i] & 0xc0) != 0x80) return -1;
ch <<= 6; /* 6 bits of data in each subsequent byte */
ch |= (wchar_t)(utf8str[i] & 0x3f);
}
if (wcstr)
wcstr[wclen] = ch;
if (wcstr) wcstr[wclen] = ch;
utf8str += utflen; /* Move to next UTF-8 character */
wclen++; /* Count number of wide chars stored/required */
utf8str += utflen; /* Move to next UTF-8 character */
wclen++; /* Count number of wide chars stored/required */
}
/* Add null terminator if there's room in the buffer. */
if (wcstr && wclen < count)
wcstr[wclen] = 0;
if (wcstr && wclen < count) wcstr[wclen] = 0;
return wclen;
}

2
libraries/libldap/util-int.c
View file

@ -303,7 +303,7 @@ int ldap_pvt_get_hname(
rc = 0;
} else {
rc = h_errno;
*err = (char *)hp_strerror( h_errno );
*err = (char *)HSTRERROR( h_errno );
}
#if defined( LDAP_R_COMPILE )
ldap_pvt_thread_mutex_unlock( &ldap_int_resolv_mutex );

10
libraries/libldap_r/tpool.c
View file

@ -243,13 +243,9 @@ ldap_pvt_thread_pool_submit (
return(0);
}
ldap_pvt_thread_cond_signal(&pool->ltp_cond);
if ((pool->ltp_open_count <= 0
#if 0
|| pool->ltp_pending_count > 1
#endif
|| pool->ltp_open_count == pool->ltp_active_count)
&& (pool->ltp_max_count <= 0
|| pool->ltp_open_count < pool->ltp_max_count))
if (pool->ltp_open_count < pool->ltp_active_count + pool->ltp_pending_count
&& (pool->ltp_open_count < pool->ltp_max_count ||
pool->ltp_max_count <= 0 ))
{
pool->ltp_open_count++;
pool->ltp_starting++;

5
libraries/librewrite/info.c
View file

@ -81,10 +81,13 @@ rewrite_info_init(
#ifdef USE_REWRITE_LDAP_PVT_THREADS
if ( ldap_pvt_thread_rdwr_init( &info->li_cookies_mutex ) ) {
avl_free( info->li_context, rewrite_context_free );
free( info );
return NULL;
}
if ( ldap_pvt_thread_rdwr_init( &info->li_params_mutex ) ) {
ldap_pvt_thread_rdwr_destroy( &info->li_cookies_mutex );
avl_free( info->li_context, rewrite_context_free );
free( info );
return NULL;
}
@ -116,7 +119,7 @@ rewrite_info_delete(
if ( info->li_maps ) {
avl_free( info->li_maps, rewrite_builtin_map_free );
}
info->li_context = NULL;
info->li_maps = NULL;
rewrite_session_destroy( info );

67
libraries/librewrite/session.c
View file

@ -302,32 +302,10 @@ rewrite_session_var_get(
return REWRITE_SUCCESS;
}
/*
* Deletes a session
*/
int
rewrite_session_delete(
struct rewrite_info *info,
const void *cookie
)
static void
rewrite_session_clean( void *v_session )
{
struct rewrite_session *session, tmp;
assert( info != NULL );
assert( cookie != NULL );
tmp.ls_cookie = ( void * )cookie;
session = rewrite_session_find( info, cookie );
if ( session == NULL ) {
return REWRITE_SUCCESS;
}
if ( --session->ls_count > 0 ) {
rewrite_session_return( info, session );
return REWRITE_SUCCESS;
}
struct rewrite_session *session = (struct rewrite_session *)v_session;
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_rdwr_wlock( &session->ls_vars_mutex );
@ -341,6 +319,41 @@ rewrite_session_delete(
ldap_pvt_thread_mutex_unlock( &session->ls_mutex );
ldap_pvt_thread_mutex_destroy( &session->ls_mutex );
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
}
static void
rewrite_session_free( void *v_session )
{
rewrite_session_clean( v_session );
free( v_session );
}
/*
* Deletes a session
*/
int
rewrite_session_delete(
struct rewrite_info *info,
const void *cookie
)
{
struct rewrite_session *session, tmp = { 0 };
assert( info != NULL );
assert( cookie != NULL );
session = rewrite_session_find( info, cookie );
if ( session == NULL ) {
return REWRITE_SUCCESS;
}
if ( --session->ls_count > 0 ) {
rewrite_session_return( info, session );
return REWRITE_SUCCESS;
}
rewrite_session_clean( session );
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_rdwr_wlock( &info->li_cookies_mutex );
@ -352,7 +365,9 @@ rewrite_session_delete(
/*
* There is nothing to delete in the return value
*/
tmp.ls_cookie = ( void * )cookie;
avl_delete( &info->li_cookies, ( caddr_t )&tmp, rewrite_cookie_cmp );
free( session );
#ifdef USE_REWRITE_LDAP_PVT_THREADS
@ -382,7 +397,7 @@ rewrite_session_destroy(
* Should call per-session destruction routine ...
*/
count = avl_free( info->li_cookies, NULL );
count = avl_free( info->li_cookies, rewrite_session_free );
info->li_cookies = NULL;
#if 0

28
servers/slapd/aci.c
View file

@ -1320,11 +1320,15 @@ OpenLDAPaciValidate(
atbv = BER_BVNULL;
ocbv.bv_val = strchr( type.bv_val, '/' );
if ( ocbv.bv_val != NULL ) {
if ( ocbv.bv_val != NULL
&& ( ocbv.bv_val - type.bv_val ) < type.bv_len )
{
ocbv.bv_val++;
atbv.bv_val = strchr( ocbv.bv_val, '/' );
if ( atbv.bv_val != NULL ) {
if ( atbv.bv_val != NULL
&& ( atbv.bv_val - ocbv.bv_val ) < ocbv.bv_len )
{
AttributeDescription *ad = NULL;
const char *text = NULL;
int rc;
@ -1471,7 +1475,9 @@ OpenLDAPaciPrettyNormal(
atbv = BER_BVNULL;
ocbv.bv_val = strchr( type.bv_val, '/' );
if ( ocbv.bv_val != NULL ) {
if ( ocbv.bv_val != NULL
&& ( ocbv.bv_val - type.bv_val ) < type.bv_len )
{
ObjectClass *oc = NULL;
AttributeDescription *ad = NULL;
const char *text = NULL;
@ -1483,7 +1489,9 @@ OpenLDAPaciPrettyNormal(
ocbv.bv_val++;
atbv.bv_val = strchr( ocbv.bv_val, '/' );
if ( atbv.bv_val != NULL ) {
if ( atbv.bv_val != NULL
&& ( atbv.bv_val - ocbv.bv_val ) < ocbv.bv_len )
{
atbv.bv_val++;
atbv.bv_len = type.bv_len
- ( atbv.bv_val - type.bv_val );
@ -1616,5 +1624,17 @@ OpenLDAPaciNormalize(
return OpenLDAPaciPrettyNormal( val, out, ctx, 1 );
}
#if SLAPD_ACI_ENABLED == SLAPD_MOD_DYNAMIC
/*
* FIXME: need config and Makefile.am code to ease building
* as dynamic module
*/
int
init_module( int argc, char *argv[] )
{
return slap_dynacl_register();
}
#endif /* SLAPD_ACI_ENABLED == SLAPD_MOD_DYNAMIC */
#endif /* SLAPD_ACI_ENABLED */

2
servers/slapd/acl.c
View file

@ -2603,7 +2603,7 @@ acl_set_gather( SetCookie *cookie, struct berval *name, AttributeDescription *de
op2.o_tag = LDAP_REQ_SEARCH;
op2.o_ndn = op2.o_bd->be_rootndn;
op2.o_callback = &cb;
op2.o_time = slap_get_time();
slap_op_time( &op2.o_time, &op2.o_tincr );
op2.o_do_not_cache = 1;
op2.o_is_auth_check = 0;
ber_dupbv_x( &op2.o_req_dn, &op2.o_req_ndn, cp->asc_op->o_tmpmemctx );

233
servers/slapd/aclparse.c
View file

@ -58,7 +58,7 @@ char *style_strings[] = {
static void split(char *line, int splitchar, char **left, char **right);
static void access_append(Access **l, Access *a);
static void acl_usage(void) LDAP_GCCATTR((noreturn));
static int acl_usage(void);
static void acl_regex_normalized_dn(const char *src, struct berval *pat);
@ -87,7 +87,7 @@ slap_dynacl_config(
Debug( LDAP_DEBUG_ANY,
"%s: line %d: dynacl \"%s\" already specified.\n",
fname, lineno, name );
acl_usage();
return acl_usage();
}
}
@ -154,7 +154,8 @@ regtest(const char *fname, int lineno, char *pat) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: regular expression \"%s\" too large\n",
fname, lineno, pat );
acl_usage();
(void)acl_usage();
exit( EXIT_FAILURE );
}
if ((e = regcomp(&re, buf, REG_EXTENDED|REG_ICASE))) {
@ -169,6 +170,7 @@ regtest(const char *fname, int lineno, char *pat) {
"%s: line %d: %s\n",
fname, lineno, buf );
acl_usage();
exit( EXIT_FAILURE );
}
regfree(&re);
}
@ -313,13 +315,13 @@ regex_done:;
return ACL_SCOPE_UNKNOWN;
}
void
int
parse_acl(
Backend *be,
const char *fname,
int lineno,
int argc,
char **argv,
Backend *be,
const char *fname,
int lineno,
int argc,
char **argv,
int pos )
{
int i;
@ -338,7 +340,7 @@ parse_acl(
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"only one to clause allowed in access line\n",
fname, lineno, 0 );
acl_usage();
return acl_usage();
}
a = (AccessControl *) ch_calloc( 1, sizeof(AccessControl) );
for ( ++i; i < argc; i++ ) {
@ -355,7 +357,7 @@ parse_acl(
"%s: line %d: dn pattern"
" already specified in to clause.\n",
fname, lineno, 0 );
acl_usage();
return acl_usage();
}
ber_str2bv( "*", STRLENOF( "*" ), 1, &a->acl_dn_pat );
@ -369,7 +371,7 @@ parse_acl(
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"missing \"=\" in \"%s\" in to clause\n",
fname, lineno, left );
acl_usage();
return acl_usage();
}
if ( strcasecmp( left, "dn" ) == 0 ) {
@ -380,7 +382,7 @@ parse_acl(
"%s: line %d: dn pattern"
" already specified in to clause.\n",
fname, lineno, 0 );
acl_usage();
return acl_usage();
}
if ( style == NULL || *style == '\0' ||
@ -438,7 +440,7 @@ parse_acl(
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"unknown dn style \"%s\" in to clause\n",
fname, lineno, style );
acl_usage();
return acl_usage();
}
continue;
@ -449,7 +451,7 @@ parse_acl(
Debug( LDAP_DEBUG_ANY,
"%s: line %d: bad filter \"%s\" in to clause\n",
fname, lineno, right );
acl_usage();
return acl_usage();
}
} else if ( strcasecmp( left, "attr" ) == 0 /* TOLERATED */
@ -469,7 +471,7 @@ parse_acl(
Debug( LDAP_DEBUG_ANY,
"%s: line %d: unknown attr \"%s\" in to clause\n",
fname, lineno, right );
acl_usage();
return acl_usage();
}
} else if ( strncasecmp( left, "val", 3 ) == 0 ) {
@ -479,14 +481,14 @@ parse_acl(
Debug( LDAP_DEBUG_ANY,
"%s: line %d: attr val already specified in to clause.\n",
fname, lineno, 0 );
acl_usage();
return acl_usage();
}
if ( a->acl_attrs == NULL || !BER_BVISEMPTY( &a->acl_attrs[1].an_name ) )
{
Debug( LDAP_DEBUG_ANY,
"%s: line %d: attr val requires a single attribute.\n",
fname, lineno, 0 );
acl_usage();
return acl_usage();
}
ber_str2bv( right, 0, 1, &a->acl_attrval );
@ -502,7 +504,7 @@ parse_acl(
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"invalid matching rule \"%s\".\n",
fname, lineno, mr );
acl_usage();
return acl_usage();
}
if( !mr_usable_with_at( a->acl_attrval_mr, a->acl_attrs[ 0 ].an_desc->ad_type ) )
@ -517,7 +519,7 @@ parse_acl(
Debug( LDAP_DEBUG_ANY, "%s: line %d: %s\n",
fname, lineno, buf );
acl_usage();
return acl_usage();
}
}
@ -537,7 +539,7 @@ parse_acl(
Debug( LDAP_DEBUG_ANY, "%s: line %d: %s\n",
fname, lineno, buf );
acl_usage();
return acl_usage();
}
a->acl_attrval_style = ACL_STYLE_REGEX;
@ -584,7 +586,7 @@ parse_acl(
"%s: line %d: %s\n",
fname, lineno, buf );
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
acl_usage();
return acl_usage();
#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
a->acl_attrval_style = ACL_STYLE_BASE;
}
@ -603,7 +605,7 @@ parse_acl(
Debug( LDAP_DEBUG_ANY,
"%s: line %d: %s\n",
fname, lineno, buf );
acl_usage();
return acl_usage();
}
ber_memfree( bv.bv_val );
@ -621,7 +623,7 @@ parse_acl(
"%s: line %d: %s\n",
fname, lineno, buf );
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
acl_usage();
return acl_usage();
#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
a->acl_attrval_style = ACL_STYLE_BASE;
}
@ -638,7 +640,7 @@ parse_acl(
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"attr \"%s\" must have an EQUALITY matching rule.\n",
fname, lineno, a->acl_attrs[ 0 ].an_name.bv_val );
acl_usage();
return acl_usage();
}
}
@ -646,7 +648,7 @@ parse_acl(
Debug( LDAP_DEBUG_ANY,
"%s: line %d: expecting <what> got \"%s\"\n",
fname, lineno, left );
acl_usage();
return acl_usage();
}
}
@ -668,7 +670,7 @@ parse_acl(
Debug( LDAP_DEBUG_ANY,
"%s: line %d: bad DN \"%s\" in to DN clause\n",
fname, lineno, a->acl_dn_pat.bv_val );
acl_usage();
return acl_usage();
}
free( a->acl_dn_pat.bv_val );
a->acl_dn_pat = bv;
@ -686,7 +688,7 @@ parse_acl(
right, err );
Debug( LDAP_DEBUG_ANY, "%s: line %d: %s\n",
fname, lineno, buf );
acl_usage();
return acl_usage();
}
}
}
@ -697,7 +699,7 @@ parse_acl(
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"to clause required before by clause in access line\n",
fname, lineno, 0 );
acl_usage();
return acl_usage();
}
/*
@ -712,7 +714,7 @@ parse_acl(
Debug( LDAP_DEBUG_ANY,
"%s: line %d: premature EOL: expecting <who>\n",
fname, lineno, 0 );
acl_usage();
return acl_usage();
}
/* get <who> */
@ -739,13 +741,13 @@ parse_acl(
"%s: line %d: premature eol: "
"expecting closing '}' in \"level{n}\"\n",
fname, lineno, 0 );
acl_usage();
return acl_usage();
} else if ( p == style_level ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: empty level "
"in \"level{n}\"\n",
fname, lineno, 0 );
acl_usage();
return acl_usage();
}
p[0] = '\0';
}
@ -782,7 +784,7 @@ parse_acl(
"%s: line %d: unable to parse level "
"in \"level{n}\"\n",
fname, lineno, 0 );
acl_usage();
return acl_usage();
}
sty = ACL_STYLE_LEVEL;
@ -805,7 +807,7 @@ parse_acl(
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
fname, lineno, 0 );
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
acl_usage();
return acl_usage();
#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
#endif /* LDAP_PF_LOCAL */
@ -813,7 +815,7 @@ parse_acl(
Debug( LDAP_DEBUG_ANY,
"%s: line %d: unknown style \"%s\" in by clause\n",
fname, lineno, style );
acl_usage();
return acl_usage();
}
if ( style_modifier &&
@ -827,7 +829,7 @@ parse_acl(
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
fname, lineno, 0 );
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
acl_usage();
return acl_usage();
#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
break;
@ -852,7 +854,7 @@ parse_acl(
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
fname, lineno, 0 );
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
acl_usage();
return acl_usage();
#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
}
@ -864,7 +866,7 @@ parse_acl(
if ( strcasecmp( left, "*" ) == 0 ) {
if ( is_realdn ) {
acl_usage();
return acl_usage();
}
ber_str2bv( "*", STRLENOF( "*" ), 1, &bv );
@ -942,7 +944,7 @@ parse_acl(
"missing \"=\" in (or value after) \"%s\" "
"in by clause\n",
fname, lineno, left );
acl_usage();
return acl_usage();
} else {
ber_str2bv( right, 0, 1, &bv );
@ -957,7 +959,7 @@ parse_acl(
Debug( LDAP_DEBUG_ANY,
"%s: line %d: dn pattern already specified.\n",
fname, lineno, 0 );
acl_usage();
return acl_usage();
}
if ( sty != ACL_STYLE_REGEX &&
@ -972,7 +974,7 @@ parse_acl(
Debug( LDAP_DEBUG_ANY,
"%s: line %d: bad DN \"%s\" in by DN clause\n",
fname, lineno, bv.bv_val );
acl_usage();
return acl_usage();
}
free( bv.bv_val );
if ( sty == ACL_STYLE_BASE
@ -1015,7 +1017,7 @@ parse_acl(
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
fname, lineno, 0 );
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
acl_usage();
return acl_usage();
#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
}
}
@ -1028,7 +1030,7 @@ parse_acl(
"%s: line %d: bad negative level \"%d\" "
"in by DN clause\n",
fname, lineno, level );
acl_usage();
return acl_usage();
} else if ( level == 1 ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: \"onelevel\" should be used "
@ -1052,14 +1054,14 @@ parse_acl(
"missing \"=\" in (or value after) \"%s\" "
"in by clause\n",
fname, lineno, left );
acl_usage();
return acl_usage();
}
if( bdn->a_at != NULL ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: dnattr already specified.\n",
fname, lineno, 0 );
acl_usage();
return acl_usage();
}
rc = slap_str2ad( right, &bdn->a_at, &text );
@ -1073,7 +1075,7 @@ parse_acl(
Debug( LDAP_DEBUG_ANY,
"%s: line %d: %s\n",
fname, lineno, buf );
acl_usage();
return acl_usage();
}
@ -1092,7 +1094,7 @@ parse_acl(
Debug( LDAP_DEBUG_ANY,
"%s: line %d: %s\n",
fname, lineno, buf );
acl_usage();
return acl_usage();
}
if( bdn->a_at->ad_type->sat_equality == NULL ) {
@ -1100,7 +1102,7 @@ parse_acl(
"%s: line %d: dnattr \"%s\": "
"inappropriate matching (no EQUALITY)\n",
fname, lineno, right );
acl_usage();
return acl_usage();
}
continue;
@ -1133,7 +1135,7 @@ parse_acl(
"%s: line %d: "
"inappropriate style \"%s\" in by clause.\n",
fname, lineno, style );
acl_usage();
return acl_usage();
}
if ( right == NULL || right[0] == '\0' ) {
@ -1142,14 +1144,14 @@ parse_acl(
"missing \"=\" in (or value after) \"%s\" "
"in by clause.\n",
fname, lineno, left );
acl_usage();
return acl_usage();
}
if ( !BER_BVISEMPTY( &b->a_group_pat ) ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: group pattern already specified.\n",
fname, lineno, 0 );
acl_usage();
return acl_usage();
}
/* format of string is
@ -1177,7 +1179,7 @@ parse_acl(
Debug( LDAP_DEBUG_ANY,
"%s: line %d: bad DN \"%s\".\n",
fname, lineno, right );
acl_usage();
return acl_usage();
}
}
@ -1190,7 +1192,7 @@ parse_acl(
"%s: line %d: group objectclass "
"\"%s\" unknown.\n",
fname, lineno, value );
acl_usage();
return acl_usage();
}
} else {
@ -1201,7 +1203,7 @@ parse_acl(
"%s: line %d: group default objectclass "
"\"%s\" unknown.\n",
fname, lineno, SLAPD_GROUP_CLASS );
acl_usage();
return acl_usage();
}
}
@ -1212,7 +1214,7 @@ parse_acl(
"%s: line %d: group objectclass \"%s\" "
"is subclass of referral.\n",
fname, lineno, value );
acl_usage();
return acl_usage();
}
if ( is_object_subclass( slap_schema.si_oc_alias,
@ -1222,7 +1224,7 @@ parse_acl(
"%s: line %d: group objectclass \"%s\" "
"is subclass of alias.\n",
fname, lineno, value );
acl_usage();
return acl_usage();
}
if ( name && *name ) {
@ -1237,7 +1239,7 @@ parse_acl(
Debug( LDAP_DEBUG_ANY,
"%s: line %d: %s\n",
fname, lineno, buf );
acl_usage();
return acl_usage();
}
*--name = '/';
@ -1253,7 +1255,7 @@ parse_acl(
Debug( LDAP_DEBUG_ANY,
"%s: line %d: %s\n",
fname, lineno, buf );
acl_usage();
return acl_usage();
}
}
@ -1272,7 +1274,7 @@ parse_acl(
Debug( LDAP_DEBUG_ANY,
"%s: line %d: %s\n",
fname, lineno, buf );
acl_usage();
return acl_usage();
}
@ -1295,7 +1297,7 @@ parse_acl(
b->a_group_oc->soc_oid );
Debug( LDAP_DEBUG_ANY, "%s: line %d: %s\n",
fname, lineno, buf );
acl_usage();
return acl_usage();
}
}
continue;
@ -1317,7 +1319,7 @@ parse_acl(
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"inappropriate style \"%s\" in by clause.\n",
fname, lineno, style );
acl_usage();
return acl_usage();
}
if ( right == NULL || right[0] == '\0' ) {
@ -1325,14 +1327,14 @@ parse_acl(
"missing \"=\" in (or value after) \"%s\" "
"in by clause.\n",
fname, lineno, left );
acl_usage();
return acl_usage();
}
if ( !BER_BVISEMPTY( &b->a_peername_pat ) ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"peername pattern already specified.\n",
fname, lineno, 0 );
acl_usage();
return acl_usage();
}
b->a_peername_style = sty;
@ -1360,7 +1362,7 @@ parse_acl(
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"illegal peername address \"%s\".\n",
fname, lineno, addr );
acl_usage();
return acl_usage();
}
b->a_peername_mask = (unsigned long)(-1);
@ -1374,7 +1376,7 @@ parse_acl(
"illegal peername address mask "
"\"%s\".\n",
fname, lineno, mask );
acl_usage();
return acl_usage();
}
}
@ -1389,7 +1391,7 @@ parse_acl(
"illegal peername port specification "
"\"{%s}\".\n",
fname, lineno, port );
acl_usage();
return acl_usage();
}
}
}
@ -1411,7 +1413,7 @@ parse_acl(
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"inappropriate style \"%s\" in by clause\n",
fname, lineno, style );
acl_usage();
return acl_usage();
}
if ( right == NULL || right[0] == '\0' ) {
@ -1419,14 +1421,14 @@ parse_acl(
"missing \"=\" in (or value after) \"%s\" "
"in by clause\n",
fname, lineno, left );
acl_usage();
return acl_usage();
}
if ( !BER_BVISNULL( &b->a_sockname_pat ) ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"sockname pattern already specified.\n",
fname, lineno, 0 );
acl_usage();
return acl_usage();
}
b->a_sockname_style = sty;
@ -1469,7 +1471,7 @@ parse_acl(
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"inappropriate style \"%s\" in by clause.\n",
fname, lineno, style );
acl_usage();
return acl_usage();
}
if ( right == NULL || right[0] == '\0' ) {
@ -1477,14 +1479,14 @@ parse_acl(
"missing \"=\" in (or value after) \"%s\" "
"in by clause.\n",
fname, lineno, left );
acl_usage();
return acl_usage();
}
if ( !BER_BVISEMPTY( &b->a_domain_pat ) ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: domain pattern already specified.\n",
fname, lineno, 0 );
acl_usage();
return acl_usage();
}
b->a_domain_style = sty;
@ -1516,7 +1518,7 @@ parse_acl(
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"inappropriate style \"%s\" in by clause.\n",
fname, lineno, style );
acl_usage();
return acl_usage();
}
if ( right == NULL || right[0] == '\0' ) {
@ -1524,14 +1526,14 @@ parse_acl(
"missing \"=\" in (or value after) \"%s\" "
"in by clause.\n",
fname, lineno, left );
acl_usage();
return acl_usage();
}
if ( !BER_BVISEMPTY( &b->a_sockurl_pat ) ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: sockurl pattern already specified.\n",
fname, lineno, 0 );
acl_usage();
return acl_usage();
}
b->a_sockurl_style = sty;
@ -1569,21 +1571,21 @@ parse_acl(
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"inappropriate style \"%s\" in by clause.\n",
fname, lineno, style );
acl_usage();
return acl_usage();
}
if ( !BER_BVISEMPTY( &b->a_set_pat ) ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: set attribute already specified.\n",
fname, lineno, 0 );
acl_usage();
return acl_usage();
}
if ( right == NULL || *right == '\0' ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: no set is defined.\n",
fname, lineno, 0 );
acl_usage();
return acl_usage();
}
b->a_set_style = sty;
@ -1614,7 +1616,7 @@ parse_acl(
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"unable to configure dynacl \"%s\".\n",
fname, lineno, name );
acl_usage();
return acl_usage();
}
continue;
@ -1628,14 +1630,14 @@ parse_acl(
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"inappropriate style \"%s\" in by clause.\n",
fname, lineno, style );
acl_usage();
return acl_usage();
}
if( b->a_aci_at != NULL ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: ACI attribute already specified.\n",
fname, lineno, 0 );
acl_usage();
return acl_usage();
}
if ( right != NULL && *right != '\0' ) {
@ -1650,7 +1652,7 @@ parse_acl(
Debug( LDAP_DEBUG_ANY,
"%s: line %d: %s\n",
fname, lineno, buf );
acl_usage();
return acl_usage();
}
} else {
@ -1668,7 +1670,7 @@ parse_acl(
b->a_aci_at->ad_type->sat_syntax_oid );
Debug( LDAP_DEBUG_ANY, "%s: line %d: %s\n",
fname, lineno, buf );
acl_usage();
return acl_usage();
}
continue;
@ -1681,21 +1683,21 @@ parse_acl(
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"inappropriate style \"%s\" in by clause.\n",
fname, lineno, style );
acl_usage();
return acl_usage();
}
if ( b->a_authz.sai_ssf ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: ssf attribute already specified.\n",
fname, lineno, 0 );
acl_usage();
return acl_usage();
}
if ( right == NULL || *right == '\0' ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: no ssf is defined.\n",
fname, lineno, 0 );
acl_usage();
return acl_usage();
}
b->a_authz.sai_ssf = strtol( right, &next, 10 );
@ -1703,14 +1705,14 @@ parse_acl(
Debug( LDAP_DEBUG_ANY,
"%s: line %d: unable to parse ssf value (%s).\n",
fname, lineno, right );
acl_usage();
return acl_usage();
}
if ( !b->a_authz.sai_ssf ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: invalid ssf value (%s).\n",
fname, lineno, right );
acl_usage();
return acl_usage();
}
continue;
}
@ -1720,21 +1722,21 @@ parse_acl(
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"inappropriate style \"%s\" in by clause.\n",
fname, lineno, style );
acl_usage();
return acl_usage();
}
if ( b->a_authz.sai_transport_ssf ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"transport_ssf attribute already specified.\n",
fname, lineno, 0 );
acl_usage();
return acl_usage();
}
if ( right == NULL || *right == '\0' ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: no transport_ssf is defined.\n",
fname, lineno, 0 );
acl_usage();
return acl_usage();
}
b->a_authz.sai_transport_ssf = strtol( right, &next, 10 );
@ -1742,14 +1744,14 @@ parse_acl(
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"unable to parse transport_ssf value (%s).\n",
fname, lineno, right );
acl_usage();
return acl_usage();
}
if ( !b->a_authz.sai_transport_ssf ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: invalid transport_ssf value (%s).\n",
fname, lineno, right );
acl_usage();
return acl_usage();
}
continue;
}
@ -1759,21 +1761,21 @@ parse_acl(
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"inappropriate style \"%s\" in by clause.\n",
fname, lineno, style );
acl_usage();
return acl_usage();
}
if ( b->a_authz.sai_tls_ssf ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"tls_ssf attribute already specified.\n",
fname, lineno, 0 );
acl_usage();
return acl_usage();
}
if ( right == NULL || *right == '\0' ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: no tls_ssf is defined\n",
fname, lineno, 0 );
acl_usage();
return acl_usage();
}
b->a_authz.sai_tls_ssf = strtol( right, &next, 10 );
@ -1781,14 +1783,14 @@ parse_acl(
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"unable to parse tls_ssf value (%s).\n",
fname, lineno, right );
acl_usage();
return acl_usage();
}
if ( !b->a_authz.sai_tls_ssf ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: invalid tls_ssf value (%s).\n",
fname, lineno, right );
acl_usage();
return acl_usage();
}
continue;
}
@ -1798,21 +1800,21 @@ parse_acl(
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"inappropriate style \"%s\" in by clause.\n",
fname, lineno, style );
acl_usage();
return acl_usage();
}
if ( b->a_authz.sai_sasl_ssf ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"sasl_ssf attribute already specified.\n",
fname, lineno, 0 );
acl_usage();
return acl_usage();
}
if ( right == NULL || *right == '\0' ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: no sasl_ssf is defined.\n",
fname, lineno, 0 );
acl_usage();
return acl_usage();
}
b->a_authz.sai_sasl_ssf = strtol( right, &next, 10 );
@ -1820,14 +1822,14 @@ parse_acl(
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"unable to parse sasl_ssf value (%s).\n",
fname, lineno, right );
acl_usage();
return acl_usage();
}
if ( !b->a_authz.sai_sasl_ssf ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: invalid sasl_ssf value (%s).\n",
fname, lineno, right );
acl_usage();
return acl_usage();
}
continue;
}
@ -1896,7 +1898,7 @@ parse_acl(
Debug( LDAP_DEBUG_ANY,
"%s: line %d: expecting <access> got \"%s\".\n",
fname, lineno, left );
acl_usage();
return acl_usage();
}
b->a_type = ACL_STOP;
@ -1927,7 +1929,7 @@ parse_acl(
"%s: line %d: expecting \"to\" "
"or \"by\" got \"%s\"\n",
fname, lineno, argv[i] );
acl_usage();
return acl_usage();
}
}
@ -1939,7 +1941,7 @@ parse_acl(
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
fname, lineno, 0 );
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
acl_usage();
return acl_usage();
#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
} else {
@ -1956,7 +1958,7 @@ parse_acl(
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
fname, lineno, 0 );
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
acl_usage();
return acl_usage();
#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
}
@ -2006,6 +2008,8 @@ parse_acl(
acl_append( &frontendDB->be_acl, a, pos );
}
}
return 0;
}
char *
@ -2231,17 +2235,17 @@ str2accessmask( const char *str )
return mask;
}
static void
static int
acl_usage( void )
{
char *access =
"<access clause> ::= access to <what> "
"[ by <who> <access> [ <control> ] ]+ \n";
char *what =
"<what> ::= * | [dn[.<dnstyle>]=<DN>] [filter=<filter>] [attrs=<attrlist>]\n"
"<attrlist> ::= <attr> [val[/matchingRule][.<attrstyle>]=<value>] | <attr> , <attrlist>\n"
"<attr> ::= <attrname> | entry | children\n";
"<what> ::= * | [dn[.<dnstyle>]=<DN>] [filter=<filter>] [attrs=<attrspec>]\n"
"<attrspec> ::= <attrname> [val[/<matchingRule>][.<attrstyle>]=<value>] | <attrlist>\n"
"<attrlist> ::= <attr> [ , <attrlist> ]\n"
"<attr> ::= <attrname> | @<objectClass> | !<objectClass> | entry | children\n";
char *who =
"<who> ::= [ * | anonymous | users | self | dn[.<dnstyle>]=<DN> ]\n"
@ -2278,8 +2282,9 @@ acl_usage( void )
#endif /* ! SLAP_DYNACL */
"";
Debug( LDAP_DEBUG_ANY, "%s%s%s\n", access, who, what );
exit( EXIT_FAILURE );
Debug( LDAP_DEBUG_ANY, "%s%s%s\n", access, what, who );
return 1;
}
/*

127
servers/slapd/add.c
View file

@ -30,6 +30,7 @@
#include <ac/time.h>
#include <ac/socket.h>
#include "lutil.h"
#include "slap.h"
int
@ -192,8 +193,6 @@ do_add( Operation *op, SlapReply *rs )
}
done:;
slap_graduate_commit_csn( op );
if ( modlist != NULL ) {
slap_mods_free( modlist, 0 );
}
@ -312,14 +311,6 @@ fe_op_add( Operation *op, SlapReply *rs )
}
rs->sr_err = slap_mods_opattrs( op, modlist,
modtail, &rs->sr_text,
textbuf, textlen, 1 );
if ( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto done;
}
/* check for duplicate values */
rs->sr_err = slap_mods_no_repl_user_mod_check( op,
modlist, &rs->sr_text, textbuf, textlen );
@ -626,3 +617,119 @@ slap_entry2mods(
return LDAP_SUCCESS;
}
int slap_add_opattrs(
Operation *op,
const char **text,
char *textbuf,
size_t textlen,
int manage_ctxcsn )
{
struct berval name, timestamp, csn = BER_BVNULL;
struct berval nname, tmp;
char timebuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
char csnbuf[ LDAP_LUTIL_CSNSTR_BUFSIZE ];
Attribute *a;
a = attr_find( op->ora_e->e_attrs,
slap_schema.si_ad_structuralObjectClass );
if ( !a ) {
Attribute *oc;
int rc;
oc = attr_find( op->ora_e->e_attrs, slap_schema.si_ad_objectClass );
if ( oc ) {
rc = structural_class( oc->a_vals, &tmp, NULL, text,
textbuf, textlen );
if( rc != LDAP_SUCCESS ) return rc;
attr_merge_one( op->ora_e, slap_schema.si_ad_structuralObjectClass,
&tmp, NULL );
}
}
if ( SLAP_LASTMOD( op->o_bd ) ) {
char *ptr;
timestamp.bv_val = timebuf;
if ( BER_BVISEMPTY( &op->o_csn )) {
if ( SLAP_SHADOW( op->o_bd ))
manage_ctxcsn = 0;
csn.bv_val = csnbuf;
csn.bv_len = sizeof(csnbuf);
slap_get_csn( op, &csn, manage_ctxcsn );
} else {
csn = op->o_csn;
}
ptr = strchr( csn.bv_val, '#' );
if ( ptr ) {
timestamp.bv_len = ptr - csn.bv_val;
if ( timestamp.bv_len >= sizeof(timebuf) )
timestamp.bv_len = sizeof(timebuf) - 1;
strncpy( timebuf, csn.bv_val, timestamp.bv_len );
timebuf[timestamp.bv_len] = '\0';
} else {
time_t now = slap_get_time();
timestamp.bv_len = sizeof(timebuf);
slap_timestamp( &now, &timestamp );
}
if ( BER_BVISEMPTY( &op->o_dn ) ) {
BER_BVSTR( &name, SLAPD_ANONYMOUS );
nname = name;
} else {
name = op->o_dn;
nname = op->o_ndn;
}
a = attr_find( op->ora_e->e_attrs,
slap_schema.si_ad_entryUUID );
if ( !a ) {
char uuidbuf[ LDAP_LUTIL_UUIDSTR_BUFSIZE ];
tmp.bv_len = lutil_uuidstr( uuidbuf, sizeof( uuidbuf ) );
tmp.bv_val = uuidbuf;
attr_merge_normalize_one( op->ora_e,
slap_schema.si_ad_entryUUID, &tmp, op->o_tmpmemctx );
}
a = attr_find( op->ora_e->e_attrs,
slap_schema.si_ad_creatorsName );
if ( !a ) {
attr_merge_one( op->ora_e,
slap_schema.si_ad_creatorsName, &name, &nname );
}
a = attr_find( op->ora_e->e_attrs,
slap_schema.si_ad_createTimestamp );
if ( !a ) {
attr_merge_one( op->ora_e,
slap_schema.si_ad_createTimestamp, &timestamp, NULL );
}
a = attr_find( op->ora_e->e_attrs,
slap_schema.si_ad_entryCSN );
if ( !a ) {
attr_merge_one( op->ora_e,
slap_schema.si_ad_entryCSN, &csn, NULL );
}
a = attr_find( op->ora_e->e_attrs,
slap_schema.si_ad_modifiersName );
if ( !a ) {
attr_merge_one( op->ora_e,
slap_schema.si_ad_modifiersName, &name, &nname );
}
a = attr_find( op->ora_e->e_attrs,
slap_schema.si_ad_modifyTimestamp );
if ( !a ) {
attr_merge_one( op->ora_e,
slap_schema.si_ad_modifyTimestamp, &timestamp, NULL );
}
}
return LDAP_SUCCESS;
}

54
servers/slapd/back-bdb/add.c
View file

@ -51,6 +51,8 @@ bdb_add(Operation *op, SlapReply *rs )
ctrls[num_ctrls] = 0;
slap_add_opattrs( op, &rs->sr_text, textbuf, textlen, 1 );
/* check entry's schema */
rs->sr_err = entry_schema_check( op, op->oq_add.rs_e, NULL,
get_manageDIT(op), &rs->sr_text, textbuf, textlen );
@ -170,14 +172,8 @@ retry: /* transaction retry */
"does not exist\n", 0, 0, 0 );
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
ber_bvarray_free( rs->sr_ref );
op->o_tmpfree( (char *)rs->sr_matched, op->o_tmpmemctx );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
goto done;
rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
goto return_results;
}
rs->sr_err = access_allowed( op, p,
@ -221,22 +217,18 @@ retry: /* transaction retry */
if ( is_entry_referral( p ) ) {
/* parent is a referral, don't allow add */
rs->sr_matched = p->e_name.bv_val;
rs->sr_matched = ber_strdup_x( p->e_name.bv_val,
op->o_tmpmemctx );
rs->sr_ref = get_entry_referrals( op, p );
bdb_unlocked_cache_return_entry_r( &bdb->bi_cache, p );
p = NULL;
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": parent is referral\n",
0, 0, 0 );
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
ber_bvarray_free( rs->sr_ref );
bdb_unlocked_cache_return_entry_r( &bdb->bi_cache, p );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
p = NULL;
goto done;
rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
goto return_results;
}
#ifdef BDB_SUBENTRIES
@ -385,7 +377,8 @@ retry: /* transaction retry */
if (( rs->sr_err=TXN_ABORT( ltid )) != 0 ) {
rs->sr_text = "txn_abort (no-op) failed";
} else {
rs->sr_err = LDAP_NO_OPERATION;
rs->sr_err = LDAP_X_NO_OPERATION;
ltid = NULL;
goto return_results;
}
@ -430,22 +423,23 @@ retry: /* transaction retry */
return_results:
send_ldap_result( op, rs );
if ( !SLAP_SHADOW( op->o_bd ))
slap_graduate_commit_csn( op );
if( ltid != NULL ) {
TXN_ABORT( ltid );
}
op->o_private = NULL;
if( postread_ctrl != NULL ) {
slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
slap_sl_free( *postread_ctrl, op->o_tmpmemctx );
}
if( rs->sr_err == LDAP_SUCCESS && bdb->bi_txn_cp ) {
ldap_pvt_thread_yield();
TXN_CHECKPOINT( bdb->bi_dbenv,
bdb->bi_txn_cp_kbyte, bdb->bi_txn_cp_min, 0 );
}
done:
if( ltid != NULL ) {
TXN_ABORT( ltid );
op->o_private = NULL;
}
if( postread_ctrl != NULL ) {
slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
slap_sl_free( *postread_ctrl, op->o_tmpmemctx );
}
return rs->sr_err;
}

141
servers/slapd/back-bdb/attr.c
View file

@ -25,26 +25,56 @@
#include "back-bdb.h"
#include "lutil.h"
static int
ainfo_type_cmp(
const void *v_desc,
const void *v_a
)
/* Find the ad, return -1 if not found,
* set point for insertion if ins is non-NULL
*/
int
bdb_attr_slot( struct bdb_info *bdb, AttributeDescription *ad, unsigned *ins )
{
const AttributeDescription *desc = v_desc;
const AttrInfo *a = v_a;
return SLAP_PTRCMP(desc, a->ai_desc);
unsigned base = 0, cursor = 0;
unsigned n = bdb->bi_nattrs;
int val = 0;
while ( 0 < n ) {
int pivot = n >> 1;
cursor = base + pivot;
val = SLAP_PTRCMP( ad, bdb->bi_attrs[cursor]->ai_desc );
if ( val < 0 ) {
n = pivot;
} else if ( val > 0 ) {
base = cursor + 1;
n -= pivot + 1;
} else {
return cursor;
}
}
if ( ins ) {
if ( val > 0 )
++cursor;
*ins = cursor;
}
return -1;
}
static int
ainfo_cmp(
const void *v_a,
const void *v_b
)
ainfo_insert( struct bdb_info *bdb, AttrInfo *a )
{
const AttrInfo *a = v_a, *b = v_b;
return SLAP_PTRCMP(a->ai_desc, b->ai_desc);
unsigned x;
int i = bdb_attr_slot( bdb, a->ai_desc, &x );
/* Is it a dup? */
if ( i >= 0 )
return -1;
bdb->bi_attrs = ch_realloc( bdb->bi_attrs, ( bdb->bi_nattrs+1 ) *
sizeof( AttrInfo * ));
if ( x < bdb->bi_nattrs )
AC_MEMCPY( &bdb->bi_attrs[x+1], &bdb->bi_attrs[x],
( bdb->bi_nattrs - x ) * sizeof( AttrInfo *));
bdb->bi_attrs[x] = a;
bdb->bi_nattrs++;
return 0;
}
AttrInfo *
@ -52,8 +82,8 @@ bdb_attr_mask(
struct bdb_info *bdb,
AttributeDescription *desc )
{
return avl_find( bdb->bi_attrs, desc, ainfo_type_cmp );
int i = bdb_attr_slot( bdb, desc, NULL );
return i < 0 ? NULL : bdb->bi_attrs[i];
}
int
@ -220,7 +250,7 @@ bdb_attr_index_config(
#ifdef LDAP_COMP_MATCH
if ( cr ) {
a_cr = avl_find( bdb->bi_attrs, ad, ainfo_type_cmp );
a_cr = bdb_attr_mask( bdb, ad );
if ( a_cr ) {
/*
* AttrInfo is already in AVL
@ -242,12 +272,10 @@ bdb_attr_index_config(
}
}
#endif
rc = avl_insert( &bdb->bi_attrs, (caddr_t) a,
ainfo_cmp, avl_dup_error );
rc = ainfo_insert( bdb, a );
if( rc ) {
if ( bdb->bi_flags & BDB_IS_OPEN ) {
AttrInfo *b = avl_find( bdb->bi_attrs, ad, ainfo_type_cmp );
AttrInfo *b = bdb_attr_mask( bdb, ad );
/* If we were editing this attr, reset it */
b->ai_indexmask &= ~BDB_INDEX_DELETING;
/* If this is leftover from a previous add, commit it */
@ -298,17 +326,19 @@ static AttrInfo aidef = { &addef };
void
bdb_attr_index_unparse( struct bdb_info *bdb, BerVarray *bva )
{
int i;
if ( bdb->bi_defaultmask ) {
aidef.ai_indexmask = bdb->bi_defaultmask;
bdb_attr_index_unparser( &aidef, bva );
}
avl_apply( bdb->bi_attrs, bdb_attr_index_unparser, bva, -1, AVL_INORDER );
for ( i=0; i<bdb->bi_nattrs; i++ )
bdb_attr_index_unparser( bdb->bi_attrs[i], bva );
}
static void
bdb_attrinfo_free( void *v )
void
bdb_attr_info_free( AttrInfo *ai )
{
AttrInfo *ai = v;
#ifdef LDAP_COMP_MATCH
free( ai->ai_cr );
#endif
@ -316,52 +346,41 @@ bdb_attrinfo_free( void *v )
}
void
bdb_attr_index_destroy( Avlnode *tree )
bdb_attr_index_destroy( struct bdb_info *bdb )
{
avl_free( tree, bdb_attrinfo_free );
int i;
for ( i=0; i<bdb->bi_nattrs; i++ )
bdb_attr_info_free( bdb->bi_attrs[i] );
free( bdb->bi_attrs );
}
void bdb_attr_index_free( struct bdb_info *bdb, AttributeDescription *ad )
{
AttrInfo *ai;
int i;
ai = avl_delete( &bdb->bi_attrs, ad, ainfo_type_cmp );
if ( ai )
bdb_attrinfo_free( ai );
}
/* Get a list of AttrInfo's to delete */
typedef struct Alist {
struct Alist *next;
AttrInfo *ptr;
} Alist;
static int
bdb_attrinfo_flush( void *v1, void *arg )
{
AttrInfo *ai = v1;
if ( ai->ai_indexmask & BDB_INDEX_DELETING ) {
Alist **al = arg;
Alist *a = ch_malloc( sizeof( Alist ));
a->ptr = ai;
a->next = *al;
*al = a;
i = bdb_attr_slot( bdb, ad, NULL );
if ( i >= 0 ) {
bdb_attr_info_free( bdb->bi_attrs[i] );
bdb->bi_nattrs--;
for (; i<bdb->bi_nattrs; i++)
bdb->bi_attrs[i] = bdb->bi_attrs[i+1];
}
return 0;
}
void bdb_attr_flush( struct bdb_info *bdb )
{
Alist *al = NULL, *a2;
int i;
avl_apply( bdb->bi_attrs, bdb_attrinfo_flush, &al, -1, AVL_INORDER );
while (( a2 = al )) {
al = al->next;
avl_delete( &bdb->bi_attrs, a2->ptr, ainfo_cmp );
bdb_attrinfo_free( a2->ptr );
ch_free( a2 );
for ( i=0; i<bdb->bi_nattrs; i++ ) {
if ( bdb->bi_attrs[i]->ai_indexmask & BDB_INDEX_DELETING ) {
int j;
bdb_attr_info_free( bdb->bi_attrs[i] );
bdb->bi_nattrs--;
for (j=i; j<bdb->bi_nattrs; j++)
bdb->bi_attrs[j] = bdb->bi_attrs[j+1];
i--;
}
}
}

16
servers/slapd/back-bdb/back-bdb.h
View file

@ -166,7 +166,8 @@ struct bdb_info {
slap_mask_t bi_defaultmask;
Cache bi_cache;
Avlnode *bi_attrs;
struct bdb_attrinfo **bi_attrs;
int bi_nattrs;
void *bi_search_stack;
int bi_search_stack_depth;
int bi_linear_index;
@ -299,6 +300,19 @@ typedef struct bdb_attrinfo {
#define BDB_INDEX_DELETING 0x8000U /* index is being modified */
#define BDB_INDEX_UPDATE_OP 0x03 /* performing an index update */
/* For slapindex to record which attrs in an entry belong to which
* index database
*/
typedef struct AttrList {
struct AttrList *next;
Attribute *attr;
} AttrList;
typedef struct IndexRec {
AttrInfo *ai;
AttrList *attrs;
} IndexRec;
#include "proto-bdb.h"
#endif /* _BACK_BDB_H_ */

129
servers/slapd/back-bdb/cache.c
View file

@ -35,16 +35,6 @@ static int bdb_cache_delete_internal(Cache *cache, EntryInfo *e, int decr);
static void bdb_lru_print(Cache *cache);
#endif
static int bdb_txn_get( Operation *op, DB_ENV *env, DB_TXN **txn, int reset );
/* 4.2.52 */
#if DB_VERSION_FULL == 0x04020034
#define READ_TXN_FLAG ReadFlag
static int ReadFlag = DB_TXN_NOT_DURABLE;
#else
#define READ_TXN_FLAG 0
#endif
static EntryInfo *
bdb_cache_entryinfo_new( Cache *cache )
{
@ -384,10 +374,11 @@ bdb_cache_find_ndn(
/* Walk up the tree from a child node, looking for an ID that's already
* been linked into the cache.
*/
static int
int
hdb_cache_find_parent(
Operation *op,
DB_TXN *txn,
u_int32_t locker,
ID id,
EntryInfo **res )
{
@ -401,7 +392,7 @@ hdb_cache_find_parent(
ei.bei_ckids = 0;
for (;;) {
rc = hdb_dn2id_parent( op, txn, &ei, &eip.bei_id );
rc = hdb_dn2id_parent( op, txn, locker, &ei, &eip.bei_id );
if ( rc ) break;
/* Save the previous node, if any */
@ -703,7 +694,7 @@ again: ldap_pvt_thread_rdwr_rlock( &bdb->bi_cache.c_rwlock );
/* See if the ID exists in the database; add it to the cache if so */
if ( !*eip ) {
#ifndef BDB_HIER
rc = bdb_id2entry( op->o_bd, tid, id, &ep );
rc = bdb_id2entry( op->o_bd, tid, locker, id, &ep );
if ( rc == 0 ) {
rc = bdb_cache_find_ndn( op, tid,
&ep->e_nname, eip );
@ -718,7 +709,7 @@ again: ldap_pvt_thread_rdwr_rlock( &bdb->bi_cache.c_rwlock );
}
}
#else
rc = hdb_cache_find_parent(op, tid, id, eip );
rc = hdb_cache_find_parent(op, tid, locker, id, eip );
if ( rc == 0 && *eip ) islocked = 1;
#endif
}
@ -751,31 +742,14 @@ load1:
bdb_cache_entry_db_unlock( bdb->bi_dbenv, lock );
} else if ( rc == 0 ) {
if ( load ) {
DB_TXN *ltid;
u_int32_t locker2 = locker;
/* We don't wrap entire read operations in txn's, but
* we need our cache entry lock and any DB page locks
* to be associated, in order for deadlock detection
* to work properly. So if we need to read from the DB,
* we use a long-lived per-thread txn for this step.
*/
if ( !ep && !tid ) {
rc = bdb_txn_get( op, bdb->bi_dbenv, &ltid, 0 );
if ( ltid )
locker2 = TXN_ID( ltid );
} else {
ltid = tid;
}
/* Give up original read lock, obtain write lock with
* (possibly) new locker ID.
/* Give up original read lock, obtain write lock
*/
if ( rc == 0 ) {
rc = bdb_cache_entry_db_relock( bdb->bi_dbenv, locker2,
rc = bdb_cache_entry_db_relock( bdb->bi_dbenv, locker,
*eip, 1, 0, lock );
}
if ( rc == 0 && !ep) {
rc = bdb_id2entry( op->o_bd, ltid, id, &ep );
rc = bdb_id2entry( op->o_bd, tid, locker, id, &ep );
}
if ( rc == 0 ) {
ep->e_private = *eip;
@ -797,22 +771,6 @@ load1:
/* Otherwise, release the lock. */
bdb_cache_entry_db_unlock( bdb->bi_dbenv, lock );
}
if ( locker2 != locker ) {
/* If we're using the per-thread txn, release all
* of its page locks now.
*/
DB_LOCKREQ list;
list.op = DB_LOCK_PUT_ALL;
list.obj = NULL;
bdb->bi_dbenv->lock_vec( bdb->bi_dbenv, locker2,
0, &list, 1, NULL );
/* If this txn was deadlocked, we must abort it
* and invalidate this per-thread txn.
*/
if ( rc == DB_LOCK_DEADLOCK ) {
bdb_txn_get( op, bdb->bi_dbenv, &ltid, 1 );
}
}
} else if ( !(*eip)->bei_e ) {
/* Some other thread is trying to load the entry,
* give it a chance to finish.
@ -1281,77 +1239,6 @@ bdb_lru_print( Cache *cache )
}
#endif
static void
bdb_txn_free( void *key, void *data )
{
DB_TXN *txn = data;
TXN_ABORT( txn );
}
/* Obtain a long-lived transaction for the current thread.
* If reset == 1, remove the current transaction. */
static int
bdb_txn_get( Operation *op, DB_ENV *env, DB_TXN **txn, int reset )
{
int i, rc;
void *ctx, *data = NULL;
if ( slapMode & SLAP_TOOL_MODE ) {
*txn = NULL;
return 0;
}
/* If no op was provided, try to find the ctx anyway... */
if ( op ) {
ctx = op->o_threadctx;
} else {
ctx = ldap_pvt_thread_pool_context();
}
/* Shouldn't happen unless we're single-threaded */
if ( !ctx ) {
*txn = NULL;
return 0;
}
if ( reset ) {
TXN_ABORT( *txn );
return ldap_pvt_thread_pool_setkey( ctx, ((char *)env)+1, NULL, NULL );
}
if ( ldap_pvt_thread_pool_getkey( ctx, ((char *)env)+1, &data, NULL ) ||
data == NULL ) {
for ( i=0, rc=1; rc != 0 && i<4; i++ ) {
rc = TXN_BEGIN( env, NULL, txn, READ_TXN_FLAG );
#if DB_VERSION_FULL == 0x04020034
if ( rc == EINVAL && READ_TXN_FLAG ) {
READ_TXN_FLAG = 0;
Debug( LDAP_DEBUG_ANY,
"bdb_txn_get: BerkeleyDB 4.2.52 library needs TXN patch!\n",
0, 0, 0 );
i--;
continue;
}
#endif
if (rc) ldap_pvt_thread_yield();
}
if ( rc != 0) {
return rc;
}
if ( ( rc = ldap_pvt_thread_pool_setkey( ctx, ((char *)env)+1,
*txn, bdb_txn_free ) ) ) {
TXN_ABORT( *txn );
Debug( LDAP_DEBUG_ANY, "bdb_txn_get: err %s(%d)\n",
db_strerror(rc), rc, 0 );
return rc;
}
} else {
*txn = data;
}
return 0;
}
#ifdef BDB_REUSE_LOCKERS
static void
bdb_locker_id_free( void *key, void *data )

63
servers/slapd/back-bdb/delete.c
View file

@ -19,6 +19,7 @@
#include <stdio.h>
#include <ac/string.h>
#include "lutil.h"
#include "back-bdb.h"
int
@ -51,15 +52,20 @@ bdb_delete( Operation *op, SlapReply *rs )
int parent_is_glue = 0;
int parent_is_leaf = 0;
struct berval ctxcsn_ndn = BER_BVNULL;
ctrls[num_ctrls] = 0;
Debug( LDAP_DEBUG_ARGS, "==> " LDAP_XSTRING(bdb_delete) ": %s\n",
op->o_req_dn.bv_val, 0, 0 );
build_new_dn( &ctxcsn_ndn, &op->o_bd->be_nsuffix[0],
(struct berval *)&slap_ldapsync_cn_bv, op->o_tmpmemctx );
/* allocate CSN */
if ( !SLAP_SHADOW( op->o_bd )) {
struct berval csn;
char csnbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
csn.bv_val = csnbuf;
csn.bv_len = sizeof(csnbuf);
slap_get_csn( op, &csn, 1 );
}
if( 0 ) {
retry: /* transaction retry */
@ -166,17 +172,8 @@ retry: /* transaction retry */
}
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
if ( rs->sr_ref != default_referral ) {
ber_bvarray_free( rs->sr_ref );
}
free( (char *)rs->sr_matched );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
rs->sr_err = -1;
goto done;
rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
goto return_results;
}
rc = bdb_cache_find_id( op, ltid, eip->bei_id, &eip, 0, locker, &plock );
@ -296,15 +293,9 @@ retry: /* transaction retry */
0, 0, 0 );
rs->sr_err = LDAP_REFERRAL;
rs->sr_matched = e->e_name.bv_val;
send_ldap_result( op, rs );
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
rs->sr_err = 1;
goto done;
rs->sr_matched = ch_strdup( e->e_name.bv_val );
rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
goto return_results;
}
/* pre-read */
@ -455,7 +446,8 @@ retry: /* transaction retry */
if ( ( rs->sr_err = TXN_ABORT( ltid ) ) != 0 ) {
rs->sr_text = "txn_abort (no-op) failed";
} else {
rs->sr_err = LDAP_NO_OPERATION;
rs->sr_err = LDAP_X_NO_OPERATION;
ltid = NULL;
goto return_results;
}
} else {
@ -492,19 +484,10 @@ retry: /* transaction retry */
if( num_ctrls ) rs->sr_ctrls = ctrls;
return_results:
send_ldap_result( op, rs );
if( rs->sr_err == LDAP_SUCCESS && bdb->bi_txn_cp ) {
ldap_pvt_thread_yield();
TXN_CHECKPOINT( bdb->bi_dbenv,
bdb->bi_txn_cp_kbyte, bdb->bi_txn_cp_min, 0 );
}
if ( rs->sr_err == LDAP_SUCCESS && parent_is_glue && parent_is_leaf ) {
op->o_delete_glue_parent = 1;
}
done:
if ( p )
bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, p);
@ -520,14 +503,22 @@ done:
if( ltid != NULL ) {
TXN_ABORT( ltid );
op->o_private = NULL;
}
op->o_private = NULL;
slap_sl_free( ctxcsn_ndn.bv_val, op->o_tmpmemctx );
send_ldap_result( op, rs );
if ( !SLAP_SHADOW( op->o_bd ))
slap_graduate_commit_csn( op );
if( preread_ctrl != NULL ) {
slap_sl_free( (*preread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
slap_sl_free( *preread_ctrl, op->o_tmpmemctx );
}
if( rs->sr_err == LDAP_SUCCESS && bdb->bi_txn_cp ) {
ldap_pvt_thread_yield();
TXN_CHECKPOINT( bdb->bi_dbenv,
bdb->bi_txn_cp_kbyte, bdb->bi_txn_cp_min, 0 );
}
return rs->sr_err;
}

16
servers/slapd/back-bdb/dn2id.c
View file

@ -709,6 +709,7 @@ int
hdb_dn2id_parent(
Operation *op,
DB_TXN *txn,
u_int32_t locker,
EntryInfo *ei,
ID *idp )
{
@ -733,6 +734,9 @@ hdb_dn2id_parent(
rc = db->cursor( db, txn, &cursor, bdb->bi_db_opflags );
if ( rc ) return rc;
if ( !txn && locker ) {
cursor->locker = locker;
}
data.ulen = sizeof(diskNode) + (SLAP_LDAPDN_MAXLEN * 2);
d = op->o_tmpalloc( data.ulen, op->o_tmpmemctx );
@ -915,7 +919,8 @@ hdb_dn2idl_internal(
cx->rc = cx->db->cursor( cx->db, NULL, &cx->dbc,
cx->bdb->bi_db_opflags );
if ( cx->rc ) return cx->rc;
if ( cx->rc )
goto done_one;
cx->data.data = &cx->dbuf;
cx->data.ulen = sizeof(ID);
@ -928,7 +933,7 @@ hdb_dn2idl_internal(
cx->rc = cx->dbc->c_get( cx->dbc, &cx->key, &cx->data, DB_SET );
if ( cx->rc ) {
cx->dbc->c_close( cx->dbc );
return cx->rc;
goto done_one;
}
/* If the on-disk count is zero we've never checked it.
@ -973,6 +978,13 @@ hdb_dn2idl_internal(
}
}
cx->rc = cx->dbc->c_close( cx->dbc );
done_one:
bdb_cache_entryinfo_lock( cx->ei );
cx->ei->bei_state ^= CACHE_ENTRY_ONELEVEL;
bdb_cache_entryinfo_unlock( cx->ei );
if ( cx->rc )
return cx->rc;
} else {
/* The in-memory cache is in sync with the on-disk data.
* do we have any kids?

16
servers/slapd/back-bdb/id2entry.c
View file

@ -92,12 +92,14 @@ int bdb_id2entry_update(
int bdb_id2entry(
BackendDB *be,
DB_TXN *tid,
u_int32_t locker,
ID id,
Entry **e )
{
struct bdb_info *bdb = (struct bdb_info *) be->be_private;
DB *db = bdb->bi_id2entry->bdi_db;
DBT key, data;
DBC *cursor;
struct berval bv;
int rc = 0;
ID nid;
@ -113,7 +115,15 @@ int bdb_id2entry(
data.flags = DB_DBT_MALLOC;
/* fetch it */
rc = db->get( db, tid, &key, &data, bdb->bi_db_opflags );
rc = db->cursor( db, tid, &cursor, bdb->bi_db_opflags );
if ( rc ) return rc;
/* Use our own locker if needed */
if ( !tid && locker )
cursor->locker = locker;
rc = cursor->c_get( cursor, &key, &data, DB_SET );
cursor->c_close( cursor );
if( rc != 0 ) {
return rc;
@ -212,14 +222,10 @@ int bdb_entry_return(
e->e_nname.bv_val = NULL;
}
#ifndef SLAP_ZONE_ALLOC
#ifndef BDB_HIER
/* In tool mode the e_bv buffer is realloc'd, leave it alone */
if( !(slapMode & SLAP_TOOL_MODE) ) {
free( e->e_bv.bv_val );
}
#else
free( e->e_bv.bv_val );
#endif /* BDB_HIER */
#endif /* !SLAP_ZONE_ALLOC */
#ifdef SLAP_ZONE_ALLOC

78
servers/slapd/back-bdb/index.c
View file

@ -48,7 +48,7 @@ static AttrInfo *index_mask(
/* has tagging option */
ai = bdb_attr_mask( be->be_private, desc->ad_type->sat_ad );
if ( ai && ( ai->ai_indexmask ^ SLAP_INDEX_NOTAGS ) ) {
if ( ai && !( ai->ai_indexmask & SLAP_INDEX_NOTAGS ) ) {
*atname = desc->ad_type->sat_cname;
return ai;
}
@ -61,7 +61,7 @@ static AttrInfo *index_mask(
ai = bdb_attr_mask( be->be_private, at->sat_ad );
if ( ai && ( ai->ai_indexmask ^ SLAP_INDEX_NOSUBTYPES ) ) {
if ( ai && !( ai->ai_indexmask & SLAP_INDEX_NOSUBTYPES ) ) {
*atname = at->sat_cname;
return ai;
}
@ -377,6 +377,80 @@ int bdb_index_values(
return rc;
}
/* Get the list of which indices apply to this attr */
int
bdb_index_recset(
struct bdb_info *bdb,
Attribute *a,
AttributeType *type,
struct berval *tags,
IndexRec *ir )
{
int rc, slot;
AttrList *al;
if( type->sat_sup ) {
/* recurse */
rc = bdb_index_recset( bdb, a, type->sat_sup, tags, ir );
if( rc ) return rc;
}
/* If this type has no AD, we've never used it before */
if( type->sat_ad ) {
slot = bdb_attr_slot( bdb, type->sat_ad, NULL );
if ( slot >= 0 ) {
ir[slot].ai = bdb->bi_attrs[slot];
al = ch_malloc( sizeof( AttrList ));
al->attr = a;
al->next = ir[slot].attrs;
ir[slot].attrs = al;
}
}
if( tags->bv_len ) {
AttributeDescription *desc;
desc = ad_find_tags( type, tags );
if( desc ) {
slot = bdb_attr_slot( bdb, desc, NULL );
if ( slot >= 0 ) {
ir[slot].ai = bdb->bi_attrs[slot];
al = ch_malloc( sizeof( AttrList ));
al->attr = a;
al->next = ir[slot].attrs;
ir[slot].attrs = al;
}
}
}
return LDAP_SUCCESS;
}
/* Apply the indices for the recset */
int bdb_index_recrun(
Operation *op,
struct bdb_info *bdb,
IndexRec *ir0,
ID id,
int base )
{
IndexRec *ir;
AttrList *al;
int i, rc = 0;
for (i=base; i<bdb->bi_nattrs; i+=slap_tool_thread_max) {
ir = ir0 + i;
if ( !ir->ai ) continue;
while (( al = ir->attrs )) {
ir->attrs = al->next;
rc = indexer( op, NULL, ir->ai->ai_desc,
&ir->ai->ai_desc->ad_type->sat_cname,
al->attr->a_nvals, id, SLAP_INDEX_ADD_OP,
ir->ai->ai_indexmask );
free( al );
if ( rc ) break;
}
}
return rc;
}
int
bdb_index_entry(
Operation *op,

13
servers/slapd/back-bdb/init.c
View file

@ -426,6 +426,10 @@ bdb_db_open( BackendDB *be )
}
if( i == BDB_ID2ENTRY ) {
if ( slapMode & SLAP_TOOL_MODE )
db->bdi_db->mpf->set_priority( db->bdi_db->mpf,
DB_PRIORITY_VERY_LOW );
rc = db->bdi_db->set_pagesize( db->bdi_db,
BDB_ID2ENTRY_PAGESIZE );
if ( slapMode & SLAP_TOOL_READMAIN ) {
@ -482,13 +486,6 @@ bdb_db_open( BackendDB *be )
return rc;
}
#if 0
if( i == BDB_ID2ENTRY && ( slapMode & SLAP_TOOL_MODE )) {
db->bdi_db->mpf->set_priority( db->bdi_db->mpf,
DB_PRIORITY_VERY_LOW );
}
#endif
flags &= ~(DB_CREATE | DB_RDONLY);
db->bdi_name = bdbi_databases[i].name;
bdb->bi_databases[i] = db;
@ -609,7 +606,7 @@ bdb_db_destroy( BackendDB *be )
if( bdb->bi_dbenv_home ) ch_free( bdb->bi_dbenv_home );
if( bdb->bi_db_config_path ) ch_free( bdb->bi_db_config_path );
bdb_attr_index_destroy( bdb->bi_attrs );
bdb_attr_index_destroy( bdb );
ldap_pvt_thread_rdwr_destroy ( &bdb->bi_cache.c_rwlock );
ldap_pvt_thread_mutex_destroy( &bdb->bi_cache.lru_mutex );

8
servers/slapd/back-bdb/key.c
View file

@ -84,7 +84,13 @@ bdb_key_change(
if (op == SLAP_INDEX_ADD_OP) {
/* Add values */
rc = bdb_idl_insert_key( be, db, txn, &key, id );
#ifdef BDB_TOOL_IDL_CACHING
if ( slapMode & SLAP_TOOL_QUICK )
rc = bdb_tool_idl_add( be, db, txn, &key, id );
else
#endif
rc = bdb_idl_insert_key( be, db, txn, &key, id );
if ( rc == DB_KEYEXIST ) rc = 0;
} else {
/* Delete values */

10
servers/slapd/back-bdb/modify.c
View file

@ -289,6 +289,9 @@ bdb_modify( Operation *op, SlapReply *rs )
ctrls[num_ctrls] = NULL;
if ( !SLAP_SHADOW( op->o_bd ))
slap_mods_opattrs( op, op->orm_modlist, 1 );
if( 0 ) {
retry: /* transaction retry */
if ( dummy.e_attrs ) {
@ -524,7 +527,8 @@ retry: /* transaction retry */
if ( ( rs->sr_err = TXN_ABORT( ltid ) ) != 0 ) {
rs->sr_text = "txn_abort (no-op) failed";
} else {
rs->sr_err = LDAP_NO_OPERATION;
rs->sr_err = LDAP_X_NO_OPERATION;
ltid = NULL;
goto return_results;
}
} else {
@ -573,6 +577,8 @@ return_results:
attrs_free( dummy.e_attrs );
}
send_ldap_result( op, rs );
if ( !SLAP_SHADOW( op->o_bd ))
slap_graduate_commit_csn( op );
if( rs->sr_err == LDAP_SUCCESS && bdb->bi_txn_cp ) {
ldap_pvt_thread_yield();
@ -583,8 +589,8 @@ return_results:
done:
if( ltid != NULL ) {
TXN_ABORT( ltid );
op->o_private = NULL;
}
op->o_private = NULL;
if( e != NULL ) {
bdb_unlocked_cache_return_entry_w (&bdb->bi_cache, e);

5
servers/slapd/back-bdb/modrdn.c
View file

@ -728,7 +728,8 @@ retry: /* transaction retry */
if(( rs->sr_err=TXN_ABORT( ltid )) != 0 ) {
rs->sr_text = "txn_abort (no-op) failed";
} else {
rs->sr_err = LDAP_SUCCESS;
rs->sr_err = LDAP_X_NO_OPERATION;
ltid = NULL;
goto return_results;
}
@ -831,8 +832,8 @@ done:
if( ltid != NULL ) {
TXN_ABORT( ltid );
op->o_private = NULL;
}
op->o_private = NULL;
if( preread_ctrl != NULL ) {
slap_sl_free( (*preread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );

41
servers/slapd/back-bdb/proto-bdb.h
View file

@ -32,25 +32,32 @@ LDAP_BEGIN_DECL
#define bdb_attr_mask BDB_SYMBOL(attr_mask)
#define bdb_attr_flush BDB_SYMBOL(attr_flush)
#define bdb_attr_slot BDB_SYMBOL(attr_slot)
#define bdb_attr_index_config BDB_SYMBOL(attr_index_config)
#define bdb_attr_index_destroy BDB_SYMBOL(attr_index_destroy)
#define bdb_attr_index_free BDB_SYMBOL(attr_index_free)
#define bdb_attr_index_unparse BDB_SYMBOL(attr_index_unparse)
#define bdb_attr_info_free BDB_SYMBOL(attr_info_free)
AttrInfo *bdb_attr_mask( struct bdb_info *bdb,
AttributeDescription *desc );
void bdb_attr_flush( struct bdb_info *bdb );
int bdb_attr_slot( struct bdb_info *bdb,
AttributeDescription *desc, unsigned *insert );
int bdb_attr_index_config LDAP_P(( struct bdb_info *bdb,
const char *fname, int lineno,
int argc, char **argv ));
void bdb_attr_index_unparse LDAP_P(( struct bdb_info *bdb, BerVarray *bva ));
void bdb_attr_index_destroy LDAP_P(( Avlnode *tree ));
void bdb_attr_index_destroy LDAP_P(( struct bdb_info *bdb ));
void bdb_attr_index_free LDAP_P(( struct bdb_info *bdb,
AttributeDescription *ad ));
void bdb_attr_info_free( AttrInfo *ai );
/*
* config.c
*/
@ -124,6 +131,7 @@ int bdb_dn2idl(
int bdb_dn2id_parent(
Operation *op,
DB_TXN *txn,
u_int32_t locker,
EntryInfo *ei,
ID *idp );
@ -191,6 +199,7 @@ int bdb_id2entry_delete(
int bdb_id2entry(
BackendDB *be,
DB_TXN *tid,
u_int32_t locker,
ID id,
Entry **e);
#endif
@ -320,6 +329,8 @@ int bdb_idl_append_one( ID *ids, ID id );
#define bdb_index_param BDB_SYMBOL(index_param)
#define bdb_index_values BDB_SYMBOL(index_values)
#define bdb_index_entry BDB_SYMBOL(index_entry)
#define bdb_index_recset BDB_SYMBOL(index_recset)
#define bdb_index_recrun BDB_SYMBOL(index_recrun)
extern int
bdb_index_is_indexed LDAP_P((
@ -344,6 +355,22 @@ bdb_index_values LDAP_P((
ID id,
int opid ));
extern int
bdb_index_recset LDAP_P((
struct bdb_info *bdb,
Attribute *a,
AttributeType *type,
struct berval *tags,
IndexRec *ir ));
extern int
bdb_index_recrun LDAP_P((
Operation *op,
struct bdb_info *bdb,
IndexRec *ir,
ID id,
int base ));
int bdb_index_entry LDAP_P(( Operation *op, DB_TXN *t, int r, Entry *e ));
#define bdb_index_entry_add(op,t,e) \
@ -443,6 +470,7 @@ void bdb_unlocked_cache_return_entry_rw( Cache *cache, Entry *e, int rw );
#define bdb_cache_find_id BDB_SYMBOL(cache_find_id)
#define bdb_cache_find_info BDB_SYMBOL(cache_find_info)
#define bdb_cache_find_ndn BDB_SYMBOL(cache_find_ndn)
#define bdb_cache_find_parent BDB_SYMBOL(cache_find_parent)
#define bdb_cache_modify BDB_SYMBOL(cache_modify)
#define bdb_cache_modrdn BDB_SYMBOL(cache_modrdn)
#define bdb_cache_release_all BDB_SYMBOL(cache_release_all)
@ -495,6 +523,14 @@ int bdb_cache_find_id(
u_int32_t locker,
DB_LOCK *lock
);
int
bdb_cache_find_parent(
Operation *op,
DB_TXN *txn,
u_int32_t locker,
ID id,
EntryInfo **res
);
int bdb_cache_delete(
Cache *cache,
Entry *e,
@ -584,6 +620,7 @@ bdb_trans_backoff( int num_retries );
#define bdb_tool_dn2id_get BDB_SYMBOL(tool_dn2id_get)
#define bdb_tool_id2entry_get BDB_SYMBOL(tool_id2entry_get)
#define bdb_tool_entry_modify BDB_SYMBOL(tool_entry_modify)
#define bdb_tool_idl_add BDB_SYMBOL(tool_idl_add)
extern BI_init bdb_back_initialize;
@ -615,6 +652,8 @@ extern BI_tool_dn2id_get bdb_tool_dn2id_get;
extern BI_tool_id2entry_get bdb_tool_id2entry_get;
extern BI_tool_entry_modify bdb_tool_entry_modify;
int bdb_tool_idl_add( BackendDB *be, DB *db, DB_TXN *txn, DBT *key, ID id );
LDAP_END_DECL
#endif /* _PROTO_BDB_H */

493
servers/slapd/back-bdb/tools.c
View file

@ -21,6 +21,7 @@
#define AVL_INTERNAL
#include "back-bdb.h"
#include "idl.h"
static DBC *cursor = NULL;
static DBT key, data;
@ -35,24 +36,96 @@ static dn_id hbuf[HOLE_SIZE], *holes = hbuf;
static unsigned nhmax = HOLE_SIZE;
static unsigned nholes;
static Avlnode *index_attrs, index_dummy;
static int index_nattrs;
#ifdef BDB_TOOL_IDL_CACHING
#define bdb_tool_idl_cmp BDB_SYMBOL(tool_idl_cmp)
#define bdb_tool_idl_flush_one BDB_SYMBOL(tool_idl_flush_one)
#define bdb_tool_idl_flush BDB_SYMBOL(tool_idl_flush)
static int bdb_tool_idl_flush( BackendDB *be );
#define IDBLOCK 1024
typedef struct bdb_tool_idl_cache_entry {
struct bdb_tool_idl_cache_entry *next;
ID ids[IDBLOCK];
} bdb_tool_idl_cache_entry;
typedef struct bdb_tool_idl_cache {
struct berval kstr;
bdb_tool_idl_cache_entry *head, *tail;
ID first, last;
int count;
} bdb_tool_idl_cache;
static bdb_tool_idl_cache_entry *bdb_tool_idl_free_list;
#endif /* BDB_TOOL_IDL_CACHING */
static ID bdb_tool_ix_id;
static Operation *bdb_tool_ix_op;
static volatile int *bdb_tool_index_threads;
static void *bdb_tool_index_rec;
static struct bdb_info *bdb_tool_info;
static ldap_pvt_thread_mutex_t bdb_tool_index_mutex;
static ldap_pvt_thread_cond_t bdb_tool_index_cond;
static int bdb_tool_ix_rec( int base );
static void * bdb_tool_index_task( void *ctx, void *ptr );
int bdb_tool_entry_open(
BackendDB *be, int mode )
{
struct bdb_info *bdb = (struct bdb_info *) be->be_private;
/* initialize key and data thangs */
DBTzero( &key );
DBTzero( &data );
key.flags = DB_DBT_REALLOC;
data.flags = DB_DBT_REALLOC;
if (cursor == NULL) {
int rc = bdb->bi_id2entry->bdi_db->cursor(
bdb->bi_id2entry->bdi_db, NULL, &cursor,
bdb->bi_db_opflags );
if( rc != 0 ) {
return -1;
}
}
/* Set up for slapindex */
if ( !(slapMode & SLAP_TOOL_READONLY )) {
int i;
if ( !bdb_tool_info && ( slapMode & SLAP_TOOL_QUICK )) {
ldap_pvt_thread_mutex_init( &bdb_tool_index_mutex );
ldap_pvt_thread_cond_init( &bdb_tool_index_cond );
bdb_tool_index_threads = ch_malloc( slap_tool_thread_max * sizeof( int ));
bdb_tool_index_rec = ch_malloc( bdb->bi_nattrs * sizeof( IndexRec ));
for (i=1; i<slap_tool_thread_max; i++) {
int *ptr = ch_malloc( sizeof( int ));
*ptr = i;
ldap_pvt_thread_pool_submit( &connection_pool,
bdb_tool_index_task, ptr );
ldap_pvt_thread_yield();
}
}
bdb_tool_info = bdb;
}
return 0;
}
int bdb_tool_entry_close(
BackendDB *be )
{
assert( be != NULL );
struct bdb_info *bdb = (struct bdb_info *) be->be_private;
if ( bdb_tool_info ) {
slapd_shutdown = 1;
ldap_pvt_thread_mutex_lock( &bdb_tool_index_mutex );
ldap_pvt_thread_cond_broadcast( &bdb_tool_index_cond );
ldap_pvt_thread_mutex_unlock( &bdb_tool_index_mutex );
}
if( key.data ) {
ch_free( key.data );
@ -68,6 +141,10 @@ int bdb_tool_entry_close(
cursor = NULL;
}
#ifdef BDB_TOOL_IDL_CACHING
bdb_tool_idl_flush( be );
#endif
if( nholes ) {
unsigned i;
fprintf( stderr, "Error, entries missing!\n");
@ -81,8 +158,6 @@ int bdb_tool_entry_close(
return 0;
}
static int bdb_reindex_cmp(const void *a, const void *b) { return 0; }
ID bdb_tool_entry_next(
BackendDB *be )
{
@ -94,30 +169,19 @@ ID bdb_tool_entry_next(
assert( slapMode & SLAP_TOOL_MODE );
assert( bdb != NULL );
/* Initialization */
if (cursor == NULL) {
rc = bdb->bi_id2entry->bdi_db->cursor(
bdb->bi_id2entry->bdi_db, NULL, &cursor,
bdb->bi_db_opflags );
if( rc != 0 ) {
return NOID;
}
}
rc = cursor->c_get( cursor, &key, &data, DB_NEXT );
if( rc != 0 ) {
/* If we're doing linear indexing and there are more attrs to
* index, and we're at the end of the database, start over.
*/
if ( bdb->bi_attrs == &index_dummy ) {
if ( index_attrs && rc == DB_NOTFOUND ) {
/* optional - do a checkpoint here? */
index_dummy.avl_data = avl_delete(&index_attrs, NULL, bdb_reindex_cmp);
rc = cursor->c_get( cursor, &key, &data, DB_FIRST );
}
if ( index_nattrs && rc == DB_NOTFOUND ) {
/* optional - do a checkpoint here? */
bdb_attr_info_free( bdb->bi_attrs[0] );
bdb->bi_attrs[0] = bdb->bi_attrs[index_nattrs];
index_nattrs--;
rc = cursor->c_get( cursor, &key, &data, DB_FIRST );
if ( rc ) {
bdb->bi_attrs = NULL;
return NOID;
}
} else {
@ -165,7 +229,7 @@ int bdb_tool_id2entry_get(
Entry **e
)
{
int rc = bdb_id2entry( be, NULL, id, e );
int rc = bdb_id2entry( be, NULL, 0, id, e );
if ( rc == DB_NOTFOUND && id == 0 ) {
Entry *dummy = ch_calloc( 1, sizeof(Entry) );
@ -185,15 +249,12 @@ Entry* bdb_tool_entry_get( BackendDB *be, ID id )
{
int rc;
Entry *e = NULL;
#ifndef BDB_HIER
struct berval bv;
#endif
assert( be != NULL );
assert( slapMode & SLAP_TOOL_MODE );
assert( data.data != NULL );
#ifndef BDB_HIER
DBT2bv( &data, &bv );
#ifdef SLAP_ZONE_ALLOC
@ -206,8 +267,8 @@ Entry* bdb_tool_entry_get( BackendDB *be, ID id )
if( rc == LDAP_SUCCESS ) {
e->e_id = id;
}
#else
{
#ifdef BDB_HIER
if ( slapMode & SLAP_TOOL_READONLY ) {
EntryInfo *ei = NULL;
Operation op = {0};
Opheader ohdr = {0};
@ -217,9 +278,15 @@ Entry* bdb_tool_entry_get( BackendDB *be, ID id )
op.o_tmpmemctx = NULL;
op.o_tmpmfuncs = &ch_mfuncs;
rc = bdb_cache_find_id( &op, NULL, id, &ei, 0, 0, NULL );
if ( rc == LDAP_SUCCESS )
e = ei->bei_e;
rc = bdb_cache_find_parent( &op, NULL, cursor->locker, id, &ei );
if ( rc == LDAP_SUCCESS ) {
bdb_cache_entryinfo_unlock( ei );
e->e_private = ei;
ei->bei_e = e;
bdb_fix_dn( e, 0 );
ei->bei_e = NULL;
e->e_private = NULL;
}
}
#endif
return e;
@ -317,6 +384,53 @@ static int bdb_tool_next_id(
return rc;
}
static int
bdb_tool_index_add(
Operation *op,
DB_TXN *txn,
Entry *e )
{
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
if ( slapMode & SLAP_TOOL_QUICK ) {
IndexRec *ir;
int i, rc;
Attribute *a;
ir = bdb_tool_index_rec;
memset(ir, 0, bdb->bi_nattrs * sizeof( IndexRec ));
for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
rc = bdb_index_recset( bdb, a, a->a_desc->ad_type,
&a->a_desc->ad_tags, ir );
if ( rc )
return rc;
}
bdb_tool_ix_id = e->e_id;
bdb_tool_ix_op = op;
ldap_pvt_thread_mutex_lock( &bdb_tool_index_mutex );
for ( i=1; i<slap_tool_thread_max; i++ )
bdb_tool_index_threads[i] = LDAP_BUSY;
ldap_pvt_thread_cond_broadcast( &bdb_tool_index_cond );
ldap_pvt_thread_mutex_unlock( &bdb_tool_index_mutex );
rc = bdb_index_recrun( op, bdb, ir, e->e_id, 0 );
if ( rc )
return rc;
for ( i=1; i<slap_tool_thread_max; i++ ) {
if ( bdb_tool_index_threads[i] == LDAP_BUSY ) {
ldap_pvt_thread_yield();
i--;
continue;
}
if ( bdb_tool_index_threads[i] )
return bdb_tool_index_threads[i];
}
return 0;
} else {
return bdb_index_entry_add( op, txn, e );
}
}
ID bdb_tool_entry_put(
BackendDB *be,
Entry *e,
@ -376,7 +490,7 @@ ID bdb_tool_entry_put(
}
if ( !bdb->bi_linear_index )
rc = bdb_index_entry_add( &op, tid, e );
rc = bdb_tool_index_add( &op, tid, e );
if( rc != 0 ) {
snprintf( text->bv_val, text->bv_len,
"index_entry_add failed: %s (%d)",
@ -441,10 +555,9 @@ int bdb_tool_entry_reindex(
}
/* Get the first attribute to index */
if (bi->bi_linear_index && !index_attrs && bi->bi_attrs != &index_dummy) {
index_attrs = bi->bi_attrs;
bi->bi_attrs = &index_dummy;
index_dummy.avl_data = avl_delete(&index_attrs, NULL, bdb_reindex_cmp);
if (bi->bi_linear_index && !index_nattrs) {
index_nattrs = bi->bi_nattrs - 1;
bi->bi_nattrs = 1;
}
e = bdb_tool_entry_get( be, id );
@ -484,7 +597,7 @@ int bdb_tool_entry_reindex(
op.o_tmpmemctx = NULL;
op.o_tmpmfuncs = &ch_mfuncs;
rc = bdb_index_entry_add( &op, tid, e );
rc = bdb_tool_index_add( &op, tid, e );
done:
if( rc == 0 ) {
@ -626,3 +739,311 @@ done:
return e->e_id;
}
#ifdef BDB_TOOL_IDL_CACHING
static int
bdb_tool_idl_cmp( const void *v1, const void *v2 )
{
const bdb_tool_idl_cache *c1 = v1, *c2 = v2;
int rc;
if (( rc = c1->kstr.bv_len - c2->kstr.bv_len )) return rc;
return memcmp( c1->kstr.bv_val, c2->kstr.bv_val, c1->kstr.bv_len );
}
static int
bdb_tool_idl_flush_one( void *v1, void *arg )
{
bdb_tool_idl_cache *ic = v1;
DB *db = arg;
struct bdb_info *bdb = bdb_tool_info;
bdb_tool_idl_cache_entry *ice;
DBC *curs;
DBT key, data;
int i, rc;
ID id, nid;
/* Freshly allocated, ignore it */
if ( !ic->head && ic->count <= BDB_IDL_DB_SIZE ) {
return 0;
}
rc = db->cursor( db, NULL, &curs, 0 );
if ( rc )
return -1;
DBTzero( &key );
DBTzero( &data );
bv2DBT( &ic->kstr, &key );
data.size = data.ulen = sizeof( ID );
data.flags = DB_DBT_USERMEM;
data.data = &nid;
rc = curs->c_get( curs, &key, &data, DB_SET );
/* If key already exists and we're writing a range... */
if ( rc == 0 && ic->count > BDB_IDL_DB_SIZE ) {
/* If it's not currently a range, must delete old info */
if ( nid ) {
/* Skip lo */
while ( curs->c_get( curs, &key, &data, DB_NEXT_DUP ) == 0 )
curs->c_del( curs, 0 );
nid = 0;
/* Store range marker */
curs->c_put( curs, &key, &data, DB_KEYFIRST );
} else {
/* Skip lo */
rc = curs->c_get( curs, &key, &data, DB_NEXT_DUP );
/* Get hi */
rc = curs->c_get( curs, &key, &data, DB_NEXT_DUP );
/* Delete hi */
curs->c_del( curs, 0 );
}
BDB_ID2DISK( ic->last, &nid );
curs->c_put( curs, &key, &data, DB_KEYLAST );
rc = 0;
} else if ( rc && rc != DB_NOTFOUND ) {
rc = -1;
} else if ( ic->count > BDB_IDL_DB_SIZE ) {
/* range, didn't exist before */
nid = 0;
rc = curs->c_put( curs, &key, &data, DB_KEYLAST );
if ( rc == 0 ) {
BDB_ID2DISK( ic->first, &nid );
rc = curs->c_put( curs, &key, &data, DB_KEYLAST );
if ( rc == 0 ) {
BDB_ID2DISK( ic->last, &nid );
rc = curs->c_put( curs, &key, &data, DB_KEYLAST );
}
}
if ( rc ) {
rc = -1;
}
} else {
int n;
/* Just a normal write */
rc = 0;
for ( ice = ic->head, n=0; ice; ice = ice->next, n++ ) {
int end;
if ( ice->next ) {
end = IDBLOCK;
} else {
end = ic->count & (IDBLOCK-1);
if ( !end )
end = IDBLOCK;
}
for ( i=0; i<end; i++ ) {
if ( !ice->ids[i] ) continue;
BDB_ID2DISK( ice->ids[i], &nid );
rc = curs->c_put( curs, &key, &data, DB_NODUPDATA );
if ( rc ) {
if ( rc == DB_KEYEXIST ) {
rc = 0;
continue;
}
rc = -1;
break;
}
}
if ( rc ) {
rc = -1;
break;
}
}
if ( ic->head ) {
ldap_pvt_thread_mutex_lock( &bdb->bi_idl_tree_lrulock );
ic->tail->next = bdb_tool_idl_free_list;
bdb_tool_idl_free_list = ic->head;
bdb->bi_idl_cache_size -= n;
ldap_pvt_thread_mutex_unlock( &bdb->bi_idl_tree_lrulock );
}
}
if ( ic != db->app_private ) {
ch_free( ic );
} else {
ic->head = ic->tail = NULL;
}
curs->c_close( curs );
return rc;
}
static int
bdb_tool_idl_flush_db( DB *db, bdb_tool_idl_cache *ic )
{
Avlnode *root = db->app_private;
int rc;
db->app_private = ic;
rc = avl_apply( root, bdb_tool_idl_flush_one, db, -1, AVL_INORDER );
avl_free( root, NULL );
db->app_private = NULL;
if ( rc != -1 )
rc = 0;
return rc;
}
static int
bdb_tool_idl_flush( BackendDB *be )
{
struct bdb_info *bdb = (struct bdb_info *) be->be_private;
DB *db;
Avlnode *root;
int i, rc = 0;
for ( i=BDB_NDB; i < bdb->bi_ndatabases; i++ ) {
db = bdb->bi_databases[i]->bdi_db;
if ( !db->app_private ) continue;
rc = bdb_tool_idl_flush_db( db, NULL );
if ( rc )
break;
}
if ( !rc ) {
bdb->bi_idl_cache_size = 0;
}
return rc;
}
int bdb_tool_idl_add(
BackendDB *be,
DB *db,
DB_TXN *txn,
DBT *key,
ID id )
{
struct bdb_info *bdb = (struct bdb_info *) be->be_private;
bdb_tool_idl_cache *ic, itmp;
bdb_tool_idl_cache_entry *ice;
int rc;
if ( !bdb->bi_idl_cache_max_size )
return bdb_idl_insert_key( be, db, txn, key, id );
DBT2bv( key, &itmp.kstr );
ic = avl_find( (Avlnode *)db->app_private, &itmp, bdb_tool_idl_cmp );
/* No entry yet, create one */
if ( !ic ) {
DBC *curs;
DBT data;
ID nid;
int rc;
ic = ch_malloc( sizeof( bdb_tool_idl_cache ) + itmp.kstr.bv_len );
ic->kstr.bv_len = itmp.kstr.bv_len;
ic->kstr.bv_val = (char *)(ic+1);
AC_MEMCPY( ic->kstr.bv_val, itmp.kstr.bv_val, ic->kstr.bv_len );
ic->head = ic->tail = NULL;
ic->last = 0;
ic->count = 0;
avl_insert( (Avlnode **)&db->app_private, ic, bdb_tool_idl_cmp,
avl_dup_error );
/* load existing key count here */
rc = db->cursor( db, NULL, &curs, 0 );
if ( rc ) return rc;
data.ulen = sizeof( ID );
data.flags = DB_DBT_USERMEM;
data.data = &nid;
rc = curs->c_get( curs, key, &data, DB_SET );
if ( rc == 0 ) {
if ( nid == 0 ) {
ic->count = BDB_IDL_DB_SIZE+1;
} else {
db_recno_t count;
curs->c_count( curs, &count, 0 );
ic->count = count;
BDB_DISK2ID( &nid, &ic->first );
}
}
curs->c_close( curs );
}
/* are we a range already? */
if ( ic->count > BDB_IDL_DB_SIZE ) {
ic->last = id;
return 0;
/* Are we at the limit, and converting to a range? */
} else if ( ic->count == BDB_IDL_DB_SIZE ) {
int n;
for ( ice = ic->head, n=0; ice; ice = ice->next, n++ )
/* counting */ ;
if ( n ) {
ldap_pvt_thread_mutex_lock( &bdb->bi_idl_tree_lrulock );
ic->tail->next = bdb_tool_idl_free_list;
bdb_tool_idl_free_list = ic->head;
bdb->bi_idl_cache_size -= n;
ldap_pvt_thread_mutex_unlock( &bdb->bi_idl_tree_lrulock );
}
ic->head = ic->tail = NULL;
ic->last = id;
ic->count++;
return 0;
}
/* No free block, create that too */
if ( !ic->tail || ( ic->count & (IDBLOCK-1)) == 0) {
ice = NULL;
ldap_pvt_thread_mutex_lock( &bdb->bi_idl_tree_lrulock );
if ( bdb->bi_idl_cache_size >= bdb->bi_idl_cache_max_size ) {
ldap_pvt_thread_mutex_unlock( &bdb->bi_idl_tree_lrulock );
rc = bdb_tool_idl_flush_db( db, ic );
if ( rc )
return rc;
avl_insert( (Avlnode **)&db->app_private, ic, bdb_tool_idl_cmp,
avl_dup_error );
ldap_pvt_thread_mutex_lock( &bdb->bi_idl_tree_lrulock );
}
bdb->bi_idl_cache_size++;
if ( bdb_tool_idl_free_list ) {
ice = bdb_tool_idl_free_list;
bdb_tool_idl_free_list = ice->next;
}
ldap_pvt_thread_mutex_unlock( &bdb->bi_idl_tree_lrulock );
if ( !ice ) {
ice = ch_malloc( sizeof( bdb_tool_idl_cache_entry ));
}
memset( ice, 0, sizeof( *ice ));
if ( !ic->head ) {
ic->head = ice;
} else {
ic->tail->next = ice;
}
ic->tail = ice;
if ( !ic->count )
ic->first = id;
}
ice = ic->tail;
ice->ids[ ic->count & (IDBLOCK-1) ] = id;
ic->count++;
return 0;
}
#endif
static void *
bdb_tool_index_task( void *ctx, void *ptr )
{
int base = *(int *)ptr;
free( ptr );
while ( 1 ) {
ldap_pvt_thread_mutex_lock( &bdb_tool_index_mutex );
ldap_pvt_thread_cond_wait( &bdb_tool_index_cond,
&bdb_tool_index_mutex );
ldap_pvt_thread_mutex_unlock( &bdb_tool_index_mutex );
if ( slapd_shutdown )
break;
bdb_tool_index_threads[base] = bdb_index_recrun( bdb_tool_ix_op,
bdb_tool_info, bdb_tool_index_rec, bdb_tool_ix_id, base );
}
return NULL;
}

4
servers/slapd/back-ldap/bind.c
View file

@ -503,11 +503,15 @@ ldap_back_getconn( Operation *op, SlapReply *rs, ldap_back_send_t sendok )
} else {
BER_BVZERO( &lc->lc_cred );
BER_BVZERO( &lc->lc_bound_ndn );
#if 0
/* FIXME: if we set lc_bound_ndn = o_ndn
* we end up with a bind with DN but no password! */
if ( !BER_BVISEMPTY( &op->o_ndn )
&& SLAP_IS_AUTHZ_BACKEND( op ) )
{
ber_dupbv( &lc->lc_bound_ndn, &op->o_ndn );
}
#endif
}
#ifdef HAVE_TLS

5
servers/slapd/back-ldap/chain.c
View file

@ -576,7 +576,7 @@ ldap_chain_response( Operation *op, SlapReply *rs )
#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
if ( rc != LDAP_SUCCESS || sc2.sc_private == LDAP_CH_ERR ) {
if ( rs->sr_err == LDAP_CANNOT_CHAIN ) {
if ( rs->sr_err == LDAP_X_CANNOT_CHAIN ) {
goto cannot_chain;
}
@ -584,7 +584,8 @@ ldap_chain_response( Operation *op, SlapReply *rs )
case LDAP_CHAINING_REQUIRED:
cannot_chain:;
op->o_callback = NULL;
send_ldap_error( op, rs, LDAP_CANNOT_CHAIN, "operation cannot be completed without chaining" );
send_ldap_error( op, rs, LDAP_X_CANNOT_CHAIN,
"operation cannot be completed without chaining" );
break;
default:

24
servers/slapd/back-ldap/extended.c
View file

@ -135,6 +135,12 @@ retry:
(char **)&rs->sr_matched,
(char **)&rs->sr_text,
NULL, NULL, 0 );
if ( rs->sr_matched && rs->sr_matched[ 0 ] == '\0' ) {
free( (char *)rs->sr_matched );
}
if ( rs->sr_text && rs->sr_text[ 0 ] == '\0' ) {
free( (char *)rs->sr_text );
}
if ( rc == LDAP_SUCCESS ) {
if ( rs->sr_err == LDAP_SUCCESS ) {
struct berval newpw;
@ -165,17 +171,19 @@ retry:
}
}
send_ldap_result( op, rs );
if ( rs->sr_matched ) {
free( (char *)rs->sr_matched );
}
if ( rs->sr_text ) {
free( (char *)rs->sr_text );
}
rs->sr_matched = NULL;
rs->sr_text = NULL;
rc = -1;
}
/* these have to be freed anyway... */
if ( rs->sr_matched ) {
free( (char *)rs->sr_matched );
}
if ( rs->sr_text ) {
free( (char *)rs->sr_text );
}
rs->sr_matched = NULL;
rs->sr_text = NULL;
if ( lc != NULL ) {
ldap_back_release_conn( op, rs, lc );
}

1
servers/slapd/back-ldap/search.c
View file

@ -431,6 +431,7 @@ fail:;
if ( dnPretty( NULL, &match, &pmatch, op->o_tmpmemctx ) == LDAP_SUCCESS ) {
rs->sr_matched = pmatch.bv_val;
LDAP_FREE( match.bv_val );
} else {
rs->sr_matched = match.bv_val;

17
servers/slapd/back-ldbm/add.c
View file

@ -25,6 +25,16 @@
#include "back-ldbm.h"
#include "proto-back-ldbm.h"
static int
ldbm_csn_cb(
Operation *op,
SlapReply *rs )
{
op->o_callback = op->o_callback->sc_next;
slap_graduate_commit_csn( op );
return SLAP_CB_CONTINUE;
}
int
ldbm_back_add(
Operation *op,
@ -38,6 +48,7 @@ ldbm_back_add(
AttributeDescription *entry = slap_schema.si_ad_entry;
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof textbuf;
slap_callback cb = { NULL };
#ifdef LDBM_SUBENTRIES
int subentry;
#endif
@ -45,6 +56,12 @@ ldbm_back_add(
Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_add: %s\n",
op->o_req_dn.bv_val, 0, 0);
slap_add_opattrs( op, &rs->sr_text, textbuf, textlen, 1 );
cb.sc_cleanup = ldbm_csn_cb;
cb.sc_next = op->o_callback;
op->o_callback = &cb;
rs->sr_err = entry_schema_check( op, op->oq_add.rs_e, NULL,
get_manageDIT(op), &rs->sr_text, textbuf, textlen );

79
servers/slapd/back-ldbm/delete.c
View file

@ -24,6 +24,7 @@
#include "slap.h"
#include "back-ldbm.h"
#include "proto-back-ldbm.h"
#include "lutil.h"
int
ldbm_back_delete(
@ -44,6 +45,16 @@ ldbm_back_delete(
/* grab giant lock for writing */
ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock);
/* allocate CSN */
if ( !SLAP_SHADOW( op->o_bd )) {
struct berval csn;
char csnbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
csn.bv_val = csnbuf;
csn.bv_len = sizeof(csnbuf);
slap_get_csn( op, &csn, 1 );
}
/* get entry with writer lock */
e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched );
@ -64,16 +75,9 @@ ldbm_back_delete(
&op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
free( (char *)rs->sr_matched );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
return( -1 );
rs->sr_flags |= REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
goto return_results;
}
/* check entry for "entry" acl */
@ -83,10 +87,8 @@ ldbm_back_delete(
"<=- ldbm_back_delete: no write access to entry\n", 0,
0, 0 );
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
"no write access to entry" );
rc = LDAP_INSUFFICIENT_ACCESS;
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to entry";
goto return_results;
}
@ -99,13 +101,8 @@ ldbm_back_delete(
0, 0 );
rs->sr_err = LDAP_REFERRAL;
rs->sr_matched = e->e_name.bv_val;
send_ldap_result( op, rs );
if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
rc = LDAP_REFERRAL;
rs->sr_matched = ch_strdup( e->e_name.bv_val );
rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
goto return_results;
}
@ -113,8 +110,8 @@ ldbm_back_delete(
Debug(LDAP_DEBUG_ARGS, "<=- ldbm_back_delete: non leaf %s\n",
op->o_req_dn.bv_val, 0, 0);
send_ldap_error( op, rs, LDAP_NOT_ALLOWED_ON_NONLEAF,
"subordinate objects must be deleted first");
rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF;
rs->sr_text = "subordinate objects must be deleted first";
goto return_results;
}
@ -126,8 +123,8 @@ ldbm_back_delete(
"<=- ldbm_back_delete: parent does not exist\n",
0, 0, 0);
send_ldap_error( op, rs, LDAP_OTHER,
"could not locate parent of entry" );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "could not locate parent of entry";
goto return_results;
}
@ -139,8 +136,8 @@ ldbm_back_delete(
"<=- ldbm_back_delete: no access to parent\n", 0,
0, 0 );
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
"no write access to parent" );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to parent";
goto return_results;
}
@ -161,8 +158,8 @@ ldbm_back_delete(
"<=- ldbm_back_delete: no "
"access to parent\n", 0, 0, 0 );
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
"no write access to parent" );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to parent";
goto return_results;
}
@ -171,9 +168,7 @@ ldbm_back_delete(
"<=- ldbm_back_delete: no parent & "
"not root\n", 0, 0, 0);
send_ldap_error( op, rs,
LDAP_INSUFFICIENT_ACCESS,
NULL );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
}
@ -185,8 +180,8 @@ ldbm_back_delete(
"<=- ldbm_back_delete: operations error %s\n",
op->o_req_dn.bv_val, 0, 0);
send_ldap_error( op, rs, LDAP_OTHER,
"DN index delete failed" );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "DN index delete failed";
goto return_results;
}
@ -196,8 +191,8 @@ ldbm_back_delete(
"<=- ldbm_back_delete: operations error %s\n",
op->o_req_dn.bv_val, 0, 0);
send_ldap_error( op, rs, LDAP_OTHER,
"entry delete failed" );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "entry delete failed";
goto return_results;
}
@ -205,19 +200,25 @@ ldbm_back_delete(
(void) index_entry_del( op, e );
rs->sr_err = LDAP_SUCCESS;
send_ldap_result( op, rs );
rc = LDAP_SUCCESS;
return_results:;
rc = rs->sr_err;
if( p != NULL ) {
/* free parent and writer lock */
cache_return_entry_w( &li->li_cache, p );
}
/* free entry and writer lock */
cache_return_entry_w( &li->li_cache, e );
if ( e != NULL ) {
/* free entry and writer lock */
cache_return_entry_w( &li->li_cache, e );
}
ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
send_ldap_result( op, rs );
if ( !SLAP_SHADOW( op->o_bd ))
slap_graduate_commit_csn( op );
return rc;
}

56
servers/slapd/back-ldbm/modify.c
View file

@ -241,6 +241,9 @@ ldbm_back_modify(
Debug(LDAP_DEBUG_ARGS, "ldbm_back_modify:\n", 0, 0, 0);
if ( !SLAP_SHADOW( op->o_bd ))
slap_mods_opattrs( op, op->orm_modlist, 1 );
/* grab giant lock for writing */
ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock);
@ -250,7 +253,7 @@ ldbm_back_modify(
/* FIXME: dn2entry() should return non-glue entry */
if (( e == NULL ) || ( !manageDSAit && e && is_entry_glue( e ))) {
if ( matched != NULL ) {
rs->sr_matched = ch_strdup( matched->e_dn );
rs->sr_matched = ber_strdup_x( matched->e_dn, op->o_tmpmemctx );
rs->sr_ref = is_entry_referral( matched )
? get_entry_referrals( op, matched )
: NULL;
@ -260,16 +263,9 @@ ldbm_back_modify(
&op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
free( (char *)rs->sr_matched );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
return rs->sr_err;
rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
goto return_results;
}
if ( !manageDSAit && is_entry_referral( e ) )
@ -282,47 +278,31 @@ ldbm_back_modify(
0, 0 );
rs->sr_err = LDAP_REFERRAL;
rs->sr_matched = e->e_name.bv_val;
send_ldap_result( op, rs );
if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
goto error_return;
rs->sr_matched = ber_strdup_x( e->e_name.bv_val, op->o_tmpmemctx );
rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
goto return_results;
}
/* Modify the entry */
rs->sr_err = ldbm_modify_internal( op, op->oq_modify.rs_modlist, e,
&rs->sr_text, textbuf, textlen );
if( rs->sr_err != LDAP_SUCCESS ) {
if( rs->sr_err != SLAPD_ABANDON ) {
send_ldap_result( op, rs );
}
goto error_return;
}
/* change the entry itself */
if ( id2entry_add( op->o_bd, e ) != 0 ) {
send_ldap_error( op, rs, LDAP_OTHER,
"id2entry failure" );
rs->sr_err = LDAP_OTHER;
goto error_return;
if( rs->sr_err == LDAP_SUCCESS ) {
if ( id2entry_add( op->o_bd, e ) != 0 ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "id2entry failure";
}
}
rs->sr_text = NULL;
send_ldap_error( op, rs, LDAP_SUCCESS,
NULL );
return_results:;
cache_return_entry_w( &li->li_cache, e );
ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
return LDAP_SUCCESS;
send_ldap_result( op, rs );
if ( !SLAP_SHADOW( op->o_bd ))
slap_graduate_commit_csn( op );
error_return:;
cache_return_entry_w( &li->li_cache, e );
ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
rs->sr_text = NULL;
return rs->sr_err;
}

22
servers/slapd/back-ldif/ldif.c
View file

@ -767,6 +767,9 @@ static int ldif_back_add(Operation *op, SlapReply *rs) {
int statres;
char textbuf[SLAP_TEXT_BUFLEN];
slap_add_opattrs( op, &rs->sr_text, textbuf, sizeof( textbuf ),
op->o_bd->be_pcl_mutexp != NULL ? 1 : 0 );
rs->sr_err = entry_schema_check(op, e, NULL, 0,
&rs->sr_text, textbuf, sizeof( textbuf ) );
if ( rs->sr_err != LDAP_SUCCESS ) goto send_res;
@ -815,6 +818,8 @@ static int ldif_back_add(Operation *op, SlapReply *rs) {
send_res:
send_ldap_result(op, rs);
if ( !SLAP_SHADOW( op->o_bd ))
slap_graduate_commit_csn( op );
return 0;
}
@ -825,6 +830,10 @@ static int ldif_back_modify(Operation *op, SlapReply *rs) {
Entry * entry = NULL;
int spew_res;
if ( !SLAP_SHADOW( op->o_bd ))
slap_mods_opattrs( op, op->orm_modlist,
op->o_bd->be_pcl_mutexp != NULL ? 1 : 0 );
ldap_pvt_thread_mutex_lock(&ni->li_mutex);
dn2path(&op->o_req_ndn, &op->o_bd->be_nsuffix[0], &ni->li_base_path,
&path);
@ -853,6 +862,8 @@ static int ldif_back_modify(Operation *op, SlapReply *rs) {
rs->sr_text = NULL;
ldap_pvt_thread_mutex_unlock(&ni->li_mutex);
send_ldap_result(op, rs);
if ( !SLAP_SHADOW( op->o_bd ))
slap_graduate_commit_csn( op );
return 0;
}
@ -861,6 +872,15 @@ static int ldif_back_delete(Operation *op, SlapReply *rs) {
struct berval path = BER_BVNULL;
int res = 0;
if ( !SLAP_SHADOW( op->o_bd )) {
struct berval csn;
char csnbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
csn.bv_val = csnbuf;
csn.bv_len = sizeof( csnbuf );
slap_get_csn( op, &csn, 1 );
}
ldap_pvt_thread_mutex_lock(&ni->li_mutex);
dn2path(&op->o_req_ndn, &op->o_bd->be_nsuffix[0], &ni->li_base_path, &path);
@ -885,6 +905,8 @@ static int ldif_back_delete(Operation *op, SlapReply *rs) {
SLAP_FREE(path.bv_val);
ldap_pvt_thread_mutex_unlock(&ni->li_mutex);
send_ldap_result(op, rs);
if ( !SLAP_SHADOW( op->o_bd ))
slap_graduate_commit_csn( op );
return 0;
}

14
servers/slapd/back-meta/bind.c
View file

@ -80,7 +80,7 @@ meta_back_bind( Operation *op, SlapReply *rs )
if ( META_BACK_DEFER_ROOTDN_BIND( mi ) ) {
rs->sr_err = LDAP_SUCCESS;
rs->sr_text = NULL;
send_ldap_result( op, rs );
/* frontend will return success */
return rs->sr_err;
}
@ -184,10 +184,8 @@ meta_back_bind( Operation *op, SlapReply *rs )
rs->sr_err = lerr;
candidates[ i ].sr_tag = META_NOT_CANDIDATE;
if ( META_BACK_ONERR_STOP( mi ) ) {
rc = rs->sr_err;
break;
}
rc = rs->sr_err;
break;
}
}
@ -382,8 +380,7 @@ retry:;
if ( rs->sr_err == LDAP_UNAVAILABLE && nretries != META_RETRY_NEVER ) {
ldap_pvt_thread_mutex_lock( &mi->mi_conn_mutex );
if ( mc->mc_refcnt == 1 ) {
ldap_unbind_ext_s( msc->msc_ld, NULL, NULL );
msc->msc_ld = NULL;
meta_clear_one_candidate( msc );
LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
( void )rewrite_session_delete( mt->mt_rwmap.rwm_rw, op->o_conn );
@ -560,8 +557,7 @@ retry:;
}
if ( mc->mc_refcnt == 1 ) {
ldap_unbind_ext_s( msc->msc_ld, NULL, NULL );
msc->msc_ld = NULL;
meta_clear_one_candidate( msc );
LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
( void )rewrite_session_delete( mt->mt_rwmap.rwm_rw, op->o_conn );

6
servers/slapd/back-meta/candidates.c
View file

@ -178,18 +178,18 @@ meta_clear_one_candidate(
metasingleconn_t *msc )
{
if ( msc->msc_ld ) {
ldap_unbind_ext_s( msc->msc_ld, NULL, NULL );
ldap_unbind_ext( msc->msc_ld, NULL, NULL );
msc->msc_ld = NULL;
}
if ( !BER_BVISNULL( &msc->msc_bound_ndn ) ) {
ber_memfree( msc->msc_bound_ndn.bv_val );
ber_memfree_x( msc->msc_bound_ndn.bv_val, NULL );
BER_BVZERO( &msc->msc_bound_ndn );
}
if ( !BER_BVISNULL( &msc->msc_cred ) ) {
memset( msc->msc_cred.bv_val, 0, msc->msc_cred.bv_len );
ber_memfree( msc->msc_cred.bv_val );
ber_memfree_x( msc->msc_cred.bv_val, NULL );
BER_BVZERO( &msc->msc_cred );
}

45
servers/slapd/back-meta/config.c
View file

@ -113,10 +113,21 @@ meta_back_db_config(
int rc;
int c;
if ( argc != 2 ) {
switch ( argc ) {
case 1:
fprintf( stderr,
"%s: line %d: missing address"
" in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
"%s: line %d: missing URI "
"in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
fname, lineno );
return 1;
case 2:
break;
default:
fprintf( stderr,
"%s: line %d: too many args "
"in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
fname, lineno );
return 1;
}
@ -928,17 +939,17 @@ ldap_back_map_config(
fname, lineno );
return 1;
}
ber_str2bv( src, 0, 1, &mapping->src );
ber_str2bv( dst, 0, 1, &mapping->dst );
mapping[ 1 ].src = mapping->dst;
mapping[ 1 ].dst = mapping->src;
ber_str2bv( src, 0, 1, &mapping[ 0 ].src );
ber_str2bv( dst, 0, 1, &mapping[ 0 ].dst );
mapping[ 1 ].src = mapping[ 0 ].dst;
mapping[ 1 ].dst = mapping[ 0 ].src;
/*
* schema check
*/
if ( is_oc ) {
if ( src[ 0 ] != '\0' ) {
if ( oc_bvfind( &mapping->src ) == NULL ) {
if ( oc_bvfind( &mapping[ 0 ].src ) == NULL ) {
fprintf( stderr,
"%s: line %d: warning, source objectClass '%s' "
"should be defined in schema\n",
@ -951,7 +962,7 @@ ldap_back_map_config(
}
}
if ( oc_bvfind( &mapping->dst ) == NULL ) {
if ( oc_bvfind( &mapping[ 0 ].dst ) == NULL ) {
fprintf( stderr,
"%s: line %d: warning, destination objectClass '%s' "
"is not defined in schema\n",
@ -963,7 +974,7 @@ ldap_back_map_config(
AttributeDescription *ad = NULL;
if ( src[ 0 ] != '\0' ) {
rc = slap_bv2ad( &mapping->src, &ad, &text );
rc = slap_bv2ad( &mapping[ 0 ].src, &ad, &text );
if ( rc != LDAP_SUCCESS ) {
fprintf( stderr,
"%s: line %d: warning, source attributeType '%s' "
@ -978,7 +989,7 @@ ldap_back_map_config(
* and add it here.
*/
rc = slap_bv2undef_ad( &mapping->src,
rc = slap_bv2undef_ad( &mapping[ 0 ].src,
&ad, &text, SLAP_AD_PROXIED );
if ( rc != LDAP_SUCCESS ) {
fprintf( stderr,
@ -992,7 +1003,7 @@ ldap_back_map_config(
ad = NULL;
}
rc = slap_bv2ad( &mapping->dst, &ad, &text );
rc = slap_bv2ad( &mapping[ 0 ].dst, &ad, &text );
if ( rc != LDAP_SUCCESS ) {
fprintf( stderr,
"%s: line %d: warning, destination attributeType '%s' "
@ -1004,7 +1015,7 @@ ldap_back_map_config(
* and add it here.
*/
rc = slap_bv2undef_ad( &mapping->dst,
rc = slap_bv2undef_ad( &mapping[ 0 ].dst,
&ad, &text, SLAP_AD_PROXIED );
if ( rc != LDAP_SUCCESS ) {
fprintf( stderr,
@ -1016,7 +1027,7 @@ ldap_back_map_config(
}
}
if ( (src[ 0 ] != '\0' && avl_find( map->map, (caddr_t)mapping, mapping_cmp ) != NULL)
if ( (src[ 0 ] != '\0' && avl_find( map->map, (caddr_t)&mapping[ 0 ], mapping_cmp ) != NULL)
|| avl_find( map->remap, (caddr_t)&mapping[ 1 ], mapping_cmp ) != NULL)
{
fprintf( stderr,
@ -1026,7 +1037,7 @@ ldap_back_map_config(
}
if ( src[ 0 ] != '\0' ) {
avl_insert( &map->map, (caddr_t)mapping,
avl_insert( &map->map, (caddr_t)&mapping[ 0 ],
mapping_cmp, mapping_dup );
}
avl_insert( &map->remap, (caddr_t)&mapping[ 1 ],
@ -1036,8 +1047,8 @@ ldap_back_map_config(
error_return:;
if ( mapping ) {
ch_free( mapping->src.bv_val );
ch_free( mapping->dst.bv_val );
ch_free( mapping[ 0 ].src.bv_val );
ch_free( mapping[ 0 ].dst.bv_val );
ch_free( mapping );
}

3
servers/slapd/back-meta/conn.c
View file

@ -447,8 +447,7 @@ retry_lock:;
goto retry_lock;
}
ldap_unbind_ext_s( msc->msc_ld, NULL, NULL );
msc->msc_ld = NULL;
meta_clear_one_candidate( msc );
LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
( void )rewrite_session_delete( mt->mt_rwmap.rwm_rw, op->o_conn );

41
servers/slapd/back-meta/init.c
View file

@ -146,21 +146,7 @@ meta_back_conn_free(
ntargets = mc->mc_conns[ 0 ].msc_info->mi_ntargets;
for ( i = 0; i < ntargets; i++ ) {
metasingleconn_t *msc = &mc->mc_conns[ i ];
if ( msc->msc_ld != NULL ) {
ldap_unbind_ext_s( msc->msc_ld, NULL, NULL );
}
if ( !BER_BVISNULL( &msc->msc_bound_ndn ) ) {
ber_memfree( msc->msc_bound_ndn.bv_val );
}
if ( !BER_BVISNULL( &msc->msc_cred ) ) {
/* destroy sensitive data */
memset( msc->msc_cred.bv_val, 0, msc->msc_cred.bv_len );
ber_memfree( msc->msc_cred.bv_val );
}
(void)meta_clear_one_candidate( &mc->mc_conns[ i ] );
}
ldap_pvt_thread_mutex_destroy( &mc->mc_mutex );
@ -177,6 +163,17 @@ mapping_free(
ch_free( mapping );
}
static void
mapping_dst_free(
void *v_mapping )
{
struct ldapmapping *mapping = v_mapping;
if ( BER_BVISEMPTY( &mapping->dst ) ) {
mapping_free( &mapping[ -1 ] );
}
}
static void
target_free(
metatarget_t *mt )
@ -205,9 +202,9 @@ target_free(
if ( mt->mt_rwmap.rwm_rw ) {
rewrite_info_delete( &mt->mt_rwmap.rwm_rw );
}
avl_free( mt->mt_rwmap.rwm_oc.remap, NULL );
avl_free( mt->mt_rwmap.rwm_oc.remap, mapping_dst_free );
avl_free( mt->mt_rwmap.rwm_oc.map, mapping_free );
avl_free( mt->mt_rwmap.rwm_at.remap, NULL );
avl_free( mt->mt_rwmap.rwm_at.remap, mapping_dst_free );
avl_free( mt->mt_rwmap.rwm_at.map, mapping_free );
}
@ -235,11 +232,13 @@ meta_back_db_destroy(
* Destroy the per-target stuff (assuming there's at
* least one ...)
*/
for ( i = 0; i < mi->mi_ntargets; i++ ) {
target_free( &mi->mi_targets[ i ] );
}
if ( mi->mi_targets != NULL ) {
for ( i = 0; i < mi->mi_ntargets; i++ ) {
target_free( &mi->mi_targets[ i ] );
}
free( mi->mi_targets );
free( mi->mi_targets );
}
ldap_pvt_thread_mutex_lock( &mi->mi_cache.mutex );
if ( mi->mi_cache.tree ) {

84
servers/slapd/back-meta/map.c
View file

@ -208,6 +208,7 @@ map_attr_value(
ldap_back_map( &dc->target->mt_rwmap.rwm_at, &ad->ad_cname, mapped_attr, remap );
if ( BER_BVISNULL( mapped_attr ) || BER_BVISEMPTY( mapped_attr ) ) {
#if 0
/*
* FIXME: are we sure we need to search oc_map if at_map fails?
*/
@ -215,6 +216,12 @@ map_attr_value(
if ( BER_BVISNULL( mapped_attr ) || BER_BVISEMPTY( mapped_attr ) ) {
*mapped_attr = ad->ad_cname;
}
#endif
if ( dc->target->mt_rwmap.rwm_at.drop_missing ) {
return -1;
}
*mapped_attr = ad->ad_cname;
}
if ( value == NULL ) {
@ -271,13 +278,28 @@ ldap_back_int_filter_map_rewrite(
{
int i;
Filter *p;
struct berval atmp;
struct berval vtmp;
struct berval atmp,
vtmp,
*tmp;
static struct berval
/* better than nothing... */
ber_bvfalse = BER_BVC( "(!(objectClass=*))" ),
ber_bvtf_false = BER_BVC( "(|)" ),
/* better than nothing... */
ber_bvtrue = BER_BVC( "(objectClass=*)" ),
ber_bvtf_true = BER_BVC( "(&)" ),
#if 0
/* no longer needed; preserved for completeness */
ber_bvundefined = BER_BVC( "(?=undefined)" ),
#endif
ber_bverror = BER_BVC( "(?=error)" ),
ber_bvunknown = BER_BVC( "(?=unknown)" ),
ber_bvnone = BER_BVC( "(?=none)" );
ber_len_t len;
if ( f == NULL ) {
ber_str2bv( "No filter!", STRLENOF( "No filter!" ), 1, fstr );
return -1;
ber_dupbv( fstr, &ber_bvnone );
return LDAP_OTHER;
}
switch ( f->f_choice ) {
@ -285,7 +307,7 @@ ldap_back_int_filter_map_rewrite(
if ( map_attr_value( dc, f->f_av_desc, &atmp,
&f->f_av_value, &vtmp, remap ) )
{
return -1;
goto computed;
}
fstr->bv_len = atmp.bv_len + vtmp.bv_len
@ -302,7 +324,7 @@ ldap_back_int_filter_map_rewrite(
if ( map_attr_value( dc, f->f_av_desc, &atmp,
&f->f_av_value, &vtmp, remap ) )
{
return -1;
goto computed;
}
fstr->bv_len = atmp.bv_len + vtmp.bv_len
@ -319,7 +341,7 @@ ldap_back_int_filter_map_rewrite(
if ( map_attr_value( dc, f->f_av_desc, &atmp,
&f->f_av_value, &vtmp, remap ) )
{
return -1;
goto computed;
}
fstr->bv_len = atmp.bv_len + vtmp.bv_len
@ -336,7 +358,7 @@ ldap_back_int_filter_map_rewrite(
if ( map_attr_value( dc, f->f_av_desc, &atmp,
&f->f_av_value, &vtmp, remap ) )
{
return -1;
goto computed;
}
fstr->bv_len = atmp.bv_len + vtmp.bv_len
@ -353,7 +375,7 @@ ldap_back_int_filter_map_rewrite(
if ( map_attr_value( dc, f->f_sub_desc, &atmp,
NULL, NULL, remap ) )
{
return -1;
goto computed;
}
/* cannot be a DN ... */
@ -415,7 +437,7 @@ ldap_back_int_filter_map_rewrite(
if ( map_attr_value( dc, f->f_desc, &atmp,
NULL, NULL, remap ) )
{
return -1;
goto computed;
}
fstr->bv_len = atmp.bv_len + ( STRLENOF( "(=*)" ) );
@ -436,11 +458,13 @@ ldap_back_int_filter_map_rewrite(
f->f_choice == LDAP_FILTER_OR ? '|' : '!' );
for ( p = f->f_list; p != NULL; p = p->f_next ) {
int rc;
len = fstr->bv_len;
if ( ldap_back_int_filter_map_rewrite( dc, p, &vtmp, remap ) )
{
return -1;
rc = ldap_back_int_filter_map_rewrite( dc, p, &vtmp, remap );
if ( rc != LDAP_SUCCESS ) {
return rc;
}
fstr->bv_len += vtmp.bv_len;
@ -459,7 +483,7 @@ ldap_back_int_filter_map_rewrite(
if ( map_attr_value( dc, f->f_mr_desc, &atmp,
&f->f_mr_value, &vtmp, remap ) )
{
return -1;
goto computed;
}
} else {
@ -483,43 +507,38 @@ ldap_back_int_filter_map_rewrite(
ber_memfree( vtmp.bv_val );
break;
case SLAPD_FILTER_COMPUTED: {
struct berval bv;
case SLAPD_FILTER_COMPUTED:
switch ( f->f_result ) {
case LDAP_COMPARE_FALSE:
if ( dc->target->mt_flags & LDAP_BACK_F_SUPPORT_T_F ) {
BER_BVSTR( &bv, "(|)" );
break;
}
/* fallthru */
/* FIXME: treat UNDEFINED as FALSE */
case SLAPD_COMPARE_UNDEFINED:
/* better than nothing... */
BER_BVSTR( &bv, "(!(objectClass=*))" );
computed:;
if ( dc->target->mt_flags & LDAP_BACK_F_SUPPORT_T_F ) {
tmp = &ber_bvtf_false;
break;
}
tmp = &ber_bvfalse;
break;
case LDAP_COMPARE_TRUE:
if ( dc->target->mt_flags & LDAP_BACK_F_SUPPORT_T_F ) {
BER_BVSTR( &bv, "(&)" );
tmp = &ber_bvtf_true;
break;
}
/* better than nothing... */
BER_BVSTR( &bv, "(objectClass=*)" );
tmp = &ber_bvtrue;
break;
default:
BER_BVSTR( &bv, "(?=error)" );
tmp = &ber_bverror;
break;
}
ber_dupbv( fstr, &bv );
} break;
ber_dupbv( fstr, tmp );
break;
default:
ber_str2bv( "(?=unknown)", STRLENOF( "(?=unknown)" ), 1, fstr );
ber_dupbv( fstr, &ber_bvunknown );
break;
}
@ -655,6 +674,7 @@ ldap_back_referral_result_rewrite(
ludp->lud_dn = dn.bv_val;
newurl = ldap_url_desc2str( ludp );
free( dn.bv_val );
if ( newurl == NULL ) {
/* FIXME: leave attr untouched
* even if ldap_url_desc2str failed...

25
servers/slapd/back-meta/search.c
View file

@ -926,15 +926,13 @@ meta_send_entry(
ldap_back_map( &mi->mi_targets[ target ].mt_rwmap.rwm_at,
&a, &mapped, BACKLDAP_REMAP );
if ( BER_BVISNULL( &mapped ) || mapped.bv_val[0] == '\0' ) {
( void )ber_scanf( &ber, "x" /* [W] */ );
continue;
}
attr = ( Attribute * )ch_malloc( sizeof( Attribute ) );
attr = ( Attribute * )ch_calloc( 1, sizeof( Attribute ) );
if ( attr == NULL ) {
continue;
}
attr->a_flags = 0;
attr->a_next = 0;
attr->a_desc = NULL;
if ( slap_bv2ad( &mapped, &attr->a_desc, &text )
!= LDAP_SUCCESS) {
if ( slap_bv2undef_ad( &mapped, &attr->a_desc, &text,
@ -990,7 +988,6 @@ meta_send_entry(
pretty = attr->a_desc->ad_type->sat_syntax->ssyn_pretty;
if ( !validate && !pretty ) {
attr->a_nvals = NULL;
attr_free( attr );
goto next_attr;
}
@ -1029,17 +1026,19 @@ meta_send_entry(
* ACLs to the target directory server, and letting
* everything pass thru the ldap backend.
*/
} else if ( attr->a_desc->ad_type->sat_syntax ==
slap_schema.si_syn_distinguishedName )
{
ldap_dnattr_result_rewrite( &dc, attr->a_vals );
} else if ( attr->a_desc == slap_schema.si_ad_ref ) {
ldap_back_referral_result_rewrite( &dc, attr->a_vals );
} else {
int i;
if ( attr->a_desc->ad_type->sat_syntax ==
slap_schema.si_syn_distinguishedName )
{
ldap_dnattr_result_rewrite( &dc, attr->a_vals );
} else if ( attr->a_desc == slap_schema.si_ad_ref ) {
ldap_back_referral_result_rewrite( &dc, attr->a_vals );
}
for ( i = 0; i < last; i++ ) {
struct berval pval;
int rc;

7
servers/slapd/back-meta/unbind.c
View file

@ -48,6 +48,7 @@ meta_back_conn_destroy(
conn->c_connid, 0, 0 );
mc_curr.mc_conn = conn;
mc_curr.mc_local_ndn = conn->c_ndn;
ldap_pvt_thread_mutex_lock( &mi->mi_conn_mutex );
mc = avl_delete( &mi->mi_conntree, ( caddr_t )&mc_curr,
@ -61,12 +62,6 @@ meta_back_conn_destroy(
assert( mc->mc_refcnt == 0 );
for ( i = 0; i < mi->mi_ntargets; ++i ) {
if ( mc->mc_conns[ i ].msc_ld != NULL ) {
meta_clear_one_candidate( &mc->mc_conns[ i ] );
}
}
meta_back_conn_free( mc );
}

8
servers/slapd/back-monitor/init.c
View file

@ -1855,6 +1855,14 @@ monitor_back_db_destroy(
if ( !BER_BVISNULL( &monitor_subsys[ i ]->mss_rdn ) ) {
ch_free( monitor_subsys[ i ]->mss_rdn.bv_val );
}
if ( !BER_BVISNULL( &monitor_subsys[ i ]->mss_dn ) ) {
ch_free( monitor_subsys[ i ]->mss_dn.bv_val );
}
if ( !BER_BVISNULL( &monitor_subsys[ i ]->mss_ndn ) ) {
ch_free( monitor_subsys[ i ]->mss_ndn.bv_val );
}
}
ch_free( monitor_subsys );

238
servers/slapd/back-monitor/log.c
View file

@ -31,8 +31,8 @@
#include "ldif.h"
#include "back-monitor.h"
static int
monitor_subsys_log_destroy(
static int
monitor_subsys_log_open(
BackendDB *be,
monitor_subsys_t *ms );
@ -47,34 +47,9 @@ monitor_subsys_log_modify(
*/
ldap_pvt_thread_mutex_t monitor_log_mutex;
static struct {
int i;
struct berval s;
struct berval n;
} int_2_level[] = {
{ LDAP_DEBUG_TRACE, BER_BVC("Trace"), BER_BVNULL },
{ LDAP_DEBUG_PACKETS, BER_BVC("Packets"), BER_BVNULL },
{ LDAP_DEBUG_ARGS, BER_BVC("Args"), BER_BVNULL },
{ LDAP_DEBUG_CONNS, BER_BVC("Conns"), BER_BVNULL },
{ LDAP_DEBUG_BER, BER_BVC("BER"), BER_BVNULL },
{ LDAP_DEBUG_FILTER, BER_BVC("Filter"), BER_BVNULL },
{ LDAP_DEBUG_CONFIG, BER_BVC("Config"), BER_BVNULL }, /* useless */
{ LDAP_DEBUG_ACL, BER_BVC("ACL"), BER_BVNULL },
{ LDAP_DEBUG_STATS, BER_BVC("Stats"), BER_BVNULL },
{ LDAP_DEBUG_STATS2, BER_BVC("Stats2"), BER_BVNULL },
{ LDAP_DEBUG_SHELL, BER_BVC("Shell"), BER_BVNULL },
{ LDAP_DEBUG_PARSE, BER_BVC("Parse"), BER_BVNULL },
{ LDAP_DEBUG_CACHE, BER_BVC("Cache"), BER_BVNULL },
{ LDAP_DEBUG_INDEX, BER_BVC("Index"), BER_BVNULL },
{ 0, BER_BVNULL, BER_BVNULL }
};
static int loglevel2int( struct berval *l );
static int int2loglevel( int n );
static int add_values( Entry *e, Modification *mod, int *newlevel );
static int delete_values( Entry *e, Modification *mod, int *newlevel );
static int replace_values( Entry *e, Modification *mod, int *newlevel );
static int add_values( Operation *op, Entry *e, Modification *mod, int *newlevel );
static int delete_values( Operation *op, Entry *e, Modification *mod, int *newlevel );
static int replace_values( Operation *op, Entry *e, Modification *mod, int *newlevel );
/*
* initializes log subentry
@ -84,68 +59,46 @@ monitor_subsys_log_init(
BackendDB *be,
monitor_subsys_t *ms )
{
monitor_info_t *mi;
Entry *e;
int i;
ms->mss_destroy = monitor_subsys_log_destroy;
ms->mss_open = monitor_subsys_log_open;
ms->mss_modify = monitor_subsys_log_modify;
ldap_pvt_thread_mutex_init( &monitor_log_mutex );
mi = ( monitor_info_t * )be->be_private;
if ( monitor_cache_get( mi, &ms->mss_ndn,
&e ) ) {
Debug( LDAP_DEBUG_ANY,
"monitor_subsys_log_init: "
"unable to get entry \"%s\"\n",
ms->mss_ndn.bv_val, 0, 0 );
return( -1 );
}
/* initialize the debug level(s) */
for ( i = 0; int_2_level[ i ].i != 0; i++ ) {
if ( mi->mi_ad_managedInfo->ad_type->sat_equality->smr_normalize ) {
int rc;
rc = (*mi->mi_ad_managedInfo->ad_type->sat_equality->smr_normalize)(
SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
mi->mi_ad_managedInfo->ad_type->sat_syntax,
mi->mi_ad_managedInfo->ad_type->sat_equality,
&int_2_level[ i ].s,
&int_2_level[ i ].n, NULL );
if ( rc ) {
return( -1 );
}
}
if ( int_2_level[ i ].i & ldap_syslog ) {
attr_merge_one( e, mi->mi_ad_managedInfo,
&int_2_level[ i ].s,
&int_2_level[ i ].n );
}
}
monitor_cache_release( mi, e );
return( 0 );
}
static int
monitor_subsys_log_destroy(
/*
* opens log subentry
*/
int
monitor_subsys_log_open(
BackendDB *be,
monitor_subsys_t *ms )
{
int i;
BerVarray bva = NULL;
for ( i = 0; int_2_level[ i ].i != 0; i++ ) {
if ( !BER_BVISNULL( &int_2_level[ i ].n ) ) {
ch_free( int_2_level[ i ].n.bv_val );
if ( loglevel2bvarray( ldap_syslog, &bva ) == 0 && bva != NULL ) {
monitor_info_t *mi;
Entry *e;
mi = ( monitor_info_t * )be->be_private;
if ( monitor_cache_get( mi, &ms->mss_ndn, &e ) ) {
Debug( LDAP_DEBUG_ANY,
"monitor_subsys_log_init: "
"unable to get entry \"%s\"\n",
ms->mss_ndn.bv_val, 0, 0 );
ber_bvarray_free( bva );
return( -1 );
}
attr_merge_normalize( e, mi->mi_ad_managedInfo, bva, NULL );
ber_bvarray_free( bva );
monitor_cache_release( mi, e );
}
return 0;
return( 0 );
}
static int
@ -176,7 +129,8 @@ monitor_subsys_log_modify(
*/
if ( is_at_operational( mod->sm_desc->ad_type ) ) {
( void ) attr_delete( &e->e_attrs, mod->sm_desc );
rc = rs->sr_err = attr_merge( e, mod->sm_desc, mod->sm_values, mod->sm_nvalues );
rc = rs->sr_err = attr_merge( e, mod->sm_desc,
mod->sm_values, mod->sm_nvalues );
if ( rc != LDAP_SUCCESS ) {
break;
}
@ -192,15 +146,15 @@ monitor_subsys_log_modify(
switch ( mod->sm_op ) {
case LDAP_MOD_ADD:
rc = add_values( e, mod, &newlevel );
rc = add_values( op, e, mod, &newlevel );
break;
case LDAP_MOD_DELETE:
rc = delete_values( e, mod, &newlevel );
rc = delete_values( op, e, mod, &newlevel );
break;
case LDAP_MOD_REPLACE:
rc = replace_values( e, mod, &newlevel );
rc = replace_values( op, e, mod, &newlevel );
break;
default:
@ -266,65 +220,32 @@ cleanup:;
return rc;
}
static int
loglevel2int( struct berval *l )
{
int i;
for ( i = 0; int_2_level[ i ].i != 0; i++ ) {
if ( l->bv_len != int_2_level[ i ].s.bv_len ) {
continue;
}
if ( strcasecmp( l->bv_val, int_2_level[ i ].s.bv_val ) == 0 ) {
return int_2_level[ i ].i;
}
}
return 0;
}
static int
int2loglevel( int n )
{
int i;
for ( i = 0; int_2_level[ i ].i != 0; i++ ) {
if ( int_2_level[ i ].i == n ) {
return i;
}
}
return -1;
}
static int
check_constraints( Modification *mod, int *newlevel )
{
int i;
for ( i = 0; mod->sm_values && !BER_BVISNULL( &mod->sm_values[ i ] ); i++ ) {
if ( mod->sm_nvalues != NULL ) {
ber_bvarray_free( mod->sm_nvalues );
mod->sm_nvalues = NULL;
}
for ( i = 0; !BER_BVISNULL( &mod->sm_values[ i ] ); i++ ) {
int l;
l = loglevel2int( &mod->sm_values[ i ] );
if ( !l ) {
struct berval bv;
if ( str2loglevel( mod->sm_values[ i ].bv_val, &l ) ) {
return LDAP_CONSTRAINT_VIOLATION;
}
if ( ( l = int2loglevel( l ) ) == -1 ) {
return LDAP_OTHER;
if ( loglevel2bv( l, &bv ) ) {
return LDAP_CONSTRAINT_VIOLATION;
}
assert( int_2_level[ l ].s.bv_len
== mod->sm_values[ i ].bv_len );
assert( bv.bv_len == mod->sm_values[ i ].bv_len );
AC_MEMCPY( mod->sm_values[ i ].bv_val,
int_2_level[ l ].s.bv_val,
int_2_level[ l ].s.bv_len );
AC_MEMCPY( mod->sm_nvalues[ i ].bv_val,
int_2_level[ l ].n.bv_val,
int_2_level[ l ].n.bv_len );
bv.bv_val, bv.bv_len );
*newlevel |= l;
}
@ -333,12 +254,14 @@ check_constraints( Modification *mod, int *newlevel )
}
static int
add_values( Entry *e, Modification *mod, int *newlevel )
add_values( Operation *op, Entry *e, Modification *mod, int *newlevel )
{
Attribute *a;
int i, rc;
MatchingRule *mr = mod->sm_desc->ad_type->sat_equality;
assert( mod->sm_values != NULL );
rc = check_constraints( mod, newlevel );
if ( rc != LDAP_SUCCESS ) {
return rc;
@ -360,7 +283,8 @@ add_values( Entry *e, Modification *mod, int *newlevel )
rc = asserted_value_validate_normalize(
mod->sm_desc, mr, SLAP_MR_EQUALITY,
&mod->sm_values[ i ], &asserted, &text, NULL );
&mod->sm_values[ i ], &asserted, &text,
op->o_tmpmemctx );
if ( rc != LDAP_SUCCESS ) {
return rc;
@ -369,7 +293,7 @@ add_values( Entry *e, Modification *mod, int *newlevel )
for ( j = 0; !BER_BVISNULL( &a->a_vals[ j ] ); j++ ) {
int match;
int rc = value_match( &match, mod->sm_desc, mr,
0, &a->a_vals[ j ], &asserted, &text );
0, &a->a_nvals[ j ], &asserted, &text );
if ( rc == LDAP_SUCCESS && match == 0 ) {
free( asserted.bv_val );
@ -382,9 +306,9 @@ add_values( Entry *e, Modification *mod, int *newlevel )
}
/* no - add them */
rc = attr_merge( e, mod->sm_desc, mod->sm_values, mod->sm_nvalues );
rc = attr_merge_normalize( e, mod->sm_desc, mod->sm_values,
op->o_tmpmemctx );
if ( rc != LDAP_SUCCESS ) {
/* this should return result of attr_mergeit */
return rc;
}
@ -392,25 +316,19 @@ add_values( Entry *e, Modification *mod, int *newlevel )
}
static int
delete_values( Entry *e, Modification *mod, int *newlevel )
delete_values( Operation *op, Entry *e, Modification *mod, int *newlevel )
{
int i, j, k, found, rc, nl = 0;
Attribute *a;
MatchingRule *mr = mod->sm_desc->ad_type->sat_equality;
rc = check_constraints( mod, &nl );
if ( rc != LDAP_SUCCESS ) {
return rc;
}
*newlevel &= ~nl;
/* delete the entire attribute */
if ( mod->sm_values == NULL ) {
int rc = attr_delete( &e->e_attrs, mod->sm_desc );
if ( rc ) {
rc = LDAP_NO_SUCH_ATTRIBUTE;
} else {
*newlevel = 0;
rc = LDAP_SUCCESS;
@ -418,6 +336,13 @@ delete_values( Entry *e, Modification *mod, int *newlevel )
return rc;
}
rc = check_constraints( mod, &nl );
if ( rc != LDAP_SUCCESS ) {
return rc;
}
*newlevel &= ~nl;
if ( mr == NULL || !mr->smr_match ) {
/* disallow specific attributes from being deleted if
* no equality rule */
@ -438,7 +363,8 @@ delete_values( Entry *e, Modification *mod, int *newlevel )
rc = asserted_value_validate_normalize(
mod->sm_desc, mr, SLAP_MR_EQUALITY,
&mod->sm_values[ i ], &asserted, &text, NULL );
&mod->sm_values[ i ], &asserted, &text,
op->o_tmpmemctx );
if( rc != LDAP_SUCCESS ) return rc;
@ -446,8 +372,7 @@ delete_values( Entry *e, Modification *mod, int *newlevel )
for ( j = 0; !BER_BVISNULL( &a->a_vals[ j ] ); j++ ) {
int match;
int rc = value_match( &match, mod->sm_desc, mr,
0,
&a->a_vals[ j ], &asserted, &text );
0, &a->a_nvals[ j ], &asserted, &text );
if( rc == LDAP_SUCCESS && match != 0 ) {
continue;
@ -457,6 +382,14 @@ delete_values( Entry *e, Modification *mod, int *newlevel )
found = 1;
/* delete it */
if ( a->a_nvals != a->a_vals ) {
free( a->a_nvals[ j ].bv_val );
for ( k = j + 1; !BER_BVISNULL( &a->a_nvals[ k ] ); k++ ) {
a->a_nvals[ k - 1 ] = a->a_nvals[ k ];
}
BER_BVZERO( &a->a_nvals[ k - 1 ] );
}
free( a->a_vals[ j ].bv_val );
for ( k = j + 1; !BER_BVISNULL( &a->a_vals[ k ] ); k++ ) {
a->a_vals[ k - 1 ] = a->a_vals[ k ];
@ -488,14 +421,16 @@ delete_values( Entry *e, Modification *mod, int *newlevel )
}
static int
replace_values( Entry *e, Modification *mod, int *newlevel )
replace_values( Operation *op, Entry *e, Modification *mod, int *newlevel )
{
int rc;
*newlevel = 0;
rc = check_constraints( mod, newlevel );
if ( rc != LDAP_SUCCESS ) {
return rc;
if ( mod->sm_values != NULL ) {
*newlevel = 0;
rc = check_constraints( mod, newlevel );
if ( rc != LDAP_SUCCESS ) {
return rc;
}
}
rc = attr_delete( &e->e_attrs, mod->sm_desc );
@ -505,7 +440,8 @@ replace_values( Entry *e, Modification *mod, int *newlevel )
}
if ( mod->sm_values != NULL ) {
rc = attr_merge( e, mod->sm_desc, mod->sm_values, mod->sm_nvalues );
rc = attr_merge_normalize( e, mod->sm_desc, mod->sm_values,
op->o_tmpmemctx );
if ( rc != LDAP_SUCCESS ) {
return rc;
}

3
servers/slapd/back-monitor/modify.c
View file

@ -69,6 +69,9 @@ monitor_back_modify( Operation *op, SlapReply *rs )
rc = LDAP_INSUFFICIENT_ACCESS;
} else {
assert( !SLAP_SHADOW( op->o_bd ) );
slap_mods_opattrs( op, op->orm_modlist, 0 );
rc = monitor_entry_modify( op, rs, e );
}

25
servers/slapd/back-monitor/rww.c
View file

@ -28,6 +28,11 @@
#include "lutil.h"
#include "back-monitor.h"
static int
monitor_subsys_rww_destroy(
BackendDB *be,
monitor_subsys_t *ms );
static int
monitor_subsys_rww_update(
Operation *op,
@ -41,7 +46,7 @@ enum {
MONITOR_RWW_LAST
};
struct monitor_rww_t {
static struct monitor_rww_t {
struct berval rdn;
struct berval nrdn;
} monitor_rww[] = {
@ -53,8 +58,7 @@ struct monitor_rww_t {
int
monitor_subsys_rww_init(
BackendDB *be,
monitor_subsys_t *ms
)
monitor_subsys_t *ms )
{
monitor_info_t *mi;
@ -64,6 +68,7 @@ monitor_subsys_rww_init(
assert( be != NULL );
ms->mss_destroy = monitor_subsys_rww_destroy;
ms->mss_update = monitor_subsys_rww_update;
mi = ( monitor_info_t * )be->be_private;
@ -147,6 +152,20 @@ monitor_subsys_rww_init(
return( 0 );
}
static int
monitor_subsys_rww_destroy(
BackendDB *be,
monitor_subsys_t *ms )
{
int i;
for ( i = 0; i < MONITOR_RWW_LAST; i++ ) {
ber_memfree_x( monitor_rww[ i ].nrdn.bv_val, NULL );
}
return 0;
}
static int
monitor_subsys_rww_update(
Operation *op,

6
servers/slapd/back-sql/add.c
View file

@ -936,9 +936,11 @@ backsql_add( Operation *op, SlapReply *rs )
*/
if ( op->o_sync ) {
char buf[ LDAP_LUTIL_CSNSTR_BUFSIZE ];
struct berval csn = BER_BVNULL;
struct berval csn;
slap_get_csn( op, buf, sizeof( buf ), &csn, 1 );
csn.bv_val = buf;
csn.bv_len = sizeof( buf );
slap_get_csn( op, &csn, 1 );
rs->sr_err = LDAP_SUCCESS;
send_ldap_result( op, rs );

1
servers/slapd/back-sql/modrdn.c
View file

@ -438,6 +438,7 @@ backsql_modrdn( Operation *op, SlapReply *rs )
oc = backsql_id2oc( bi, e_id.eid_oc_id );
rs->sr_err = backsql_modify_internal( op, rs, dbh, oc, &e_id, mod );
slap_graduate_commit_csn( op );
if ( rs->sr_err != LDAP_SUCCESS ) {
e = &r;
goto done;

4
servers/slapd/back-sql/operational.c
View file

@ -91,7 +91,9 @@ backsql_operational_entryCSN( Operation *op )
} else
#endif /* BACKSQL_SYNCPROV */
{
slap_get_csn( op, csnbuf, sizeof(csnbuf), &entryCSN, 0 );
entryCSN.bv_val = csnbuf;
entryCSN.bv_len = sizeof( csnbuf );
slap_get_csn( op, &entryCSN, 0 );
}
ber_dupbv( &a->a_vals[ 0 ], &entryCSN );

2
servers/slapd/backglue.c
View file

@ -369,7 +369,7 @@ glue_op_search ( Operation *op, SlapReply *rs )
case LDAP_ADMINLIMIT_EXCEEDED:
case LDAP_NO_SUCH_OBJECT:
#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
case LDAP_CANNOT_CHAIN:
case LDAP_X_CANNOT_CHAIN:
#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
goto end_of_loop;

291
servers/slapd/bconfig.c
View file

@ -40,7 +40,7 @@
static struct berval config_rdn = BER_BVC("cn=config");
static struct berval schema_rdn = BER_BVC("cn=schema");
#define IFMT "{%d}"
#define SLAP_X_ORDERED_FMT "{%d}"
#ifdef SLAPD_MODULES
typedef struct modpath_s {
@ -136,6 +136,7 @@ enum {
CFG_TLS_CERT_KEY,
CFG_TLS_CA_PATH,
CFG_TLS_CA_FILE,
CFG_TLS_DH_FILE,
CFG_TLS_VERIFY,
CFG_TLS_CRLCHECK,
CFG_CONCUR,
@ -162,6 +163,7 @@ enum {
CFG_SASLSECP,
CFG_SSTR_IF_MAX,
CFG_SSTR_IF_MIN,
CFG_TTHREADS,
CFG_LAST
};
@ -561,6 +563,17 @@ static ConfigTable config_back_cf_table[] = {
#endif
"( OLcfgGlAt:75 NAME 'olcTLSVerifyClient' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
{ "TLSDHParamFile", NULL, 0, 0, 0,
#ifdef HAVE_TLS
CFG_TLS_DH_FILE|ARG_STRING|ARG_MAGIC, &config_tls_option,
#else
ARG_IGNORED, NULL,
#endif
"( OLcfgGlAt:77 NAME 'olcTLSDHParamFile' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
{ "tool-threads", "count", 2, 2, 0, ARG_INT|ARG_MAGIC|CFG_TTHREADS,
&config_generic, "( OLcfgGlAt:80 NAME 'olcToolThreads' "
"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
{ "ucdata-path", "path", 2, 2, 0, ARG_IGNORED,
NULL, NULL, NULL, NULL },
{ "updatedn", "dn", 2, 2, 0, ARG_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
@ -618,7 +631,8 @@ static ConfigOCs cf_ocs[] = {
"olcThreads $ olcTimeLimit $ olcTLSCACertificateFile $ "
"olcTLSCACertificatePath $ olcTLSCertificateFile $ "
"olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ "
"olcTLSRandFile $ olcTLSVerifyClient $ "
"olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ "
"olcToolThreads $ "
"olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $ "
"olcDitContentRules ) )", Cft_Global },
{ "( OLcfgGlOc:2 "
@ -691,6 +705,9 @@ config_generic(ConfigArgs *c) {
case CFG_THREADS:
c->value_int = connection_pool_max;
break;
case CFG_TTHREADS:
c->value_int = slap_tool_thread_max;
break;
case CFG_SALT:
if ( passwd_salt )
c->value_string = ch_strdup( passwd_salt );
@ -704,8 +721,14 @@ config_generic(ConfigArgs *c) {
int i;
for ( i=0; c->be->be_limits[i]; i++ ) {
bv.bv_len = sprintf( buf, IFMT, i );
bv.bv_val = buf+bv.bv_len;
bv.bv_len = snprintf( buf, sizeof( buf ), SLAP_X_ORDERED_FMT, i );
if ( bv.bv_len >= sizeof( buf ) ) {
ber_bvarray_free_x( c->rvalue_vals, NULL );
c->rvalue_vals = NULL;
rc = 1;
break;
}
bv.bv_val = buf + bv.bv_len;
limits_unparse( c->be->be_limits[i], &bv );
bv.bv_len += bv.bv_val - buf;
bv.bv_val = buf;
@ -790,7 +813,13 @@ config_generic(ConfigArgs *c) {
char *src, *dst, ibuf[11];
struct berval bv, abv;
for (i=0, a=c->be->be_acl; a; i++,a=a->acl_next) {
abv.bv_len = sprintf( ibuf, IFMT, i );
abv.bv_len = snprintf( ibuf, sizeof( ibuf ), SLAP_X_ORDERED_FMT, i );
if ( abv.bv_len >= sizeof( ibuf ) ) {
ber_bvarray_free_x( c->rvalue_vals, NULL );
c->rvalue_vals = NULL;
i = 0;
break;
}
acl_unparse( a, &bv );
abv.bv_val = ch_malloc( abv.bv_len + bv.bv_len + 1 );
AC_MEMCPY( abv.bv_val, ibuf, abv.bv_len );
@ -846,8 +875,14 @@ config_generic(ConfigArgs *c) {
for (i=0; !BER_BVISNULL(&mp->mp_loads[i]); i++) {
struct berval bv;
bv.bv_val = c->log;
bv.bv_len = sprintf( bv.bv_val, IFMT "%s", i,
bv.bv_len = snprintf( bv.bv_val, sizeof( c->log ),
SLAP_X_ORDERED_FMT "%s", i,
mp->mp_loads[i].bv_val );
if ( bv.bv_len >= sizeof( c->log ) ) {
ber_bvarray_free_x( c->rvalue_vals, NULL );
c->rvalue_vals = NULL;
break;
}
value_add_one( &c->rvalue_vals, &bv );
}
}
@ -879,11 +914,18 @@ config_generic(ConfigArgs *c) {
idx.bv_val = ibuf;
for ( i=0; !BER_BVISNULL( &authz_rewrites[i] ); i++ ) {
idx.bv_len = sprintf( idx.bv_val, IFMT, i );
idx.bv_len = snprintf( idx.bv_val, sizeof( ibuf ), SLAP_X_ORDERED_FMT, i );
if ( idx.bv_len >= sizeof( ibuf ) ) {
ber_bvarray_free_x( c->rvalue_vals, NULL );
c->rvalue_vals = NULL;
break;
}
bv.bv_len = idx.bv_len + authz_rewrites[i].bv_len;
bv.bv_val = ch_malloc( bv.bv_len + 1 );
strcpy( bv.bv_val, idx.bv_val );
strcpy( bv.bv_val+idx.bv_len, authz_rewrites[i].bv_val );
AC_MEMCPY( bv.bv_val, idx.bv_val, idx.bv_len );
AC_MEMCPY( &bv.bv_val[ idx.bv_len ],
authz_rewrites[i].bv_val,
authz_rewrites[i].bv_len + 1 );
ber_bvarray_add( &c->rvalue_vals, &bv );
}
}
@ -900,6 +942,7 @@ config_generic(ConfigArgs *c) {
/* single-valued attrs, no-ops */
case CFG_CONCUR:
case CFG_THREADS:
case CFG_TTHREADS:
case CFG_RO:
case CFG_AZPOLICY:
case CFG_DEPTH:
@ -914,7 +957,7 @@ config_generic(ConfigArgs *c) {
case CFG_MODLOAD:
case CFG_AZREGEXP:
case CFG_REWRITE:
sprintf(c->log, "change requires slapd restart");
snprintf(c->log, sizeof( c->log ), "change requires slapd restart");
break;
case CFG_SALT:
@ -940,6 +983,8 @@ config_generic(ConfigArgs *c) {
else
end = frontendDB->be_acl;
acl_destroy( c->be->be_acl, end );
c->be->be_acl = end;
} else {
AccessControl **prev, *a;
int i;
@ -978,7 +1023,7 @@ config_generic(ConfigArgs *c) {
switch(c->type) {
case CFG_BACKEND:
if(!(c->bi = backend_info(c->argv[1]))) {
sprintf( c->msg, "<%s> failed init", c->argv[0] );
snprintf( c->msg, sizeof( c->msg ), "<%s> failed init", c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s (%s)!\n",
c->log, c->msg, c->argv[1] );
return(1);
@ -996,7 +1041,7 @@ config_generic(ConfigArgs *c) {
} else {
c->be = backend_db_init(c->argv[1]);
if ( !c->be ) {
sprintf( c->msg, "<%s> failed init", c->argv[0] );
snprintf( c->msg, sizeof( c->msg ), "<%s> failed init", c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s (%s)!\n",
c->log, c->msg, c->argv[1] );
return(1);
@ -1013,6 +1058,11 @@ config_generic(ConfigArgs *c) {
connection_pool_max = c->value_int; /* save for reference */
break;
case CFG_TTHREADS:
ldap_pvt_thread_pool_maxthreads(&connection_pool, c->value_int);
slap_tool_thread_max = c->value_int; /* save for reference */
break;
case CFG_SALT:
if ( passwd_salt ) ch_free( passwd_salt );
passwd_salt = c->value_string;
@ -1034,7 +1084,7 @@ config_generic(ConfigArgs *c) {
case CFG_AZPOLICY:
ch_free(c->value_string);
if (slap_sasl_setpolicy( c->argv[1] )) {
sprintf( c->msg, "<%s> unable to parse value", c->argv[0] );
snprintf( c->msg, sizeof( c->msg ), "<%s> unable to parse value", c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
c->log, c->msg, c->argv[1] );
return(1);
@ -1109,7 +1159,9 @@ config_generic(ConfigArgs *c) {
break;
case CFG_ACL:
parse_acl(c->be, c->fname, c->lineno, c->argc, c->argv, c->valx);
if ( parse_acl(c->be, c->fname, c->lineno, c->argc, c->argv, c->valx) ) {
return 1;
}
break;
case CFG_REPLOG:
@ -1126,7 +1178,7 @@ config_generic(ConfigArgs *c) {
case CFG_ROOTDSE:
if(read_root_dse_file(c->argv[1])) {
sprintf( c->msg, "<%s> could not read file", c->argv[0] );
snprintf( c->msg, sizeof( c->msg ), "<%s> could not read file", c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
c->log, c->msg, c->argv[1] );
return(1);
@ -1148,7 +1200,7 @@ config_generic(ConfigArgs *c) {
case CFG_LASTMOD:
if(SLAP_NOLASTMODCMD(c->be)) {
sprintf( c->msg, "<%s> not available for %s database",
snprintf( c->msg, sizeof( c->msg ), "<%s> not available for %s database",
c->argv[0], c->be->bd_info->bi_type );
Debug(LDAP_DEBUG_ANY, "%s: %s\n",
c->log, c->msg, 0 );
@ -1162,7 +1214,7 @@ config_generic(ConfigArgs *c) {
case CFG_SSTR_IF_MAX:
if (c->value_int < index_substr_if_minlen) {
sprintf( c->msg, "<%s> invalid value", c->argv[0] );
snprintf( c->msg, sizeof( c->msg ), "<%s> invalid value", c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s (%d)\n",
c->log, c->msg, c->value_int );
return(1);
@ -1172,7 +1224,7 @@ config_generic(ConfigArgs *c) {
case CFG_SSTR_IF_MIN:
if (c->value_int > index_substr_if_maxlen) {
sprintf( c->msg, "<%s> invalid value", c->argv[0] );
snprintf( c->msg, sizeof( c->msg ), "<%s> invalid value", c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s (%d)\n",
c->log, c->msg, c->value_int );
return(1);
@ -1189,7 +1241,7 @@ config_generic(ConfigArgs *c) {
modcur = c->private;
/* This should never fail */
if ( module_path( modcur->mp_path.bv_val )) {
sprintf( c->msg, "<%s> module path no longer valid",
snprintf( c->msg, sizeof( c->msg ), "<%s> module path no longer valid",
c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s (%s)\n",
c->log, c->msg, modcur->mp_path.bv_val );
@ -1379,14 +1431,14 @@ config_passwd_hash(ConfigArgs *c) {
}
for(i = 1; i < c->argc; i++) {
if(!lutil_passwd_scheme(c->argv[i])) {
sprintf( c->msg, "<%s> scheme not available", c->argv[0] );
snprintf( c->msg, sizeof( c->msg ), "<%s> scheme not available", c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s (%s)\n",
c->log, c->msg, c->argv[i]);
} else {
ldap_charray_add(&default_passwd_hash, c->argv[i]);
}
if(!default_passwd_hash) {
sprintf( c->msg, "<%s> no valid hashes found", c->argv[0] );
snprintf( c->msg, sizeof( c->msg ), "<%s> no valid hashes found", c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s\n",
c->log, c->msg, 0 );
return(1);
@ -1449,7 +1501,7 @@ config_sizelimit(ConfigArgs *c) {
if(!strncasecmp(c->argv[i], "size", 4)) {
rc = limits_parse_one(c->argv[i], lim);
if ( rc ) {
sprintf( c->msg, "<%s> unable to parse value", c->argv[0] );
snprintf( c->msg, sizeof( c->msg ), "<%s> unable to parse value", c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
c->log, c->msg, c->argv[i]);
return(1);
@ -1460,7 +1512,7 @@ config_sizelimit(ConfigArgs *c) {
} else {
lim->lms_s_soft = strtol(c->argv[i], &next, 0);
if(next == c->argv[i]) {
sprintf( c->msg, "<%s> unable to parse limit", c->argv[0]);
snprintf( c->msg, sizeof( c->msg ), "<%s> unable to parse limit", c->argv[0]);
Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
c->log, c->msg, c->argv[i]);
return(1);
@ -1506,7 +1558,7 @@ config_timelimit(ConfigArgs *c) {
if(!strncasecmp(c->argv[i], "time", 4)) {
rc = limits_parse_one(c->argv[i], lim);
if ( rc ) {
sprintf( c->msg, "<%s> unable to parse value", c->argv[0] );
snprintf( c->msg, sizeof( c->msg ), "<%s> unable to parse value", c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
c->log, c->msg, c->argv[i]);
return(1);
@ -1517,7 +1569,7 @@ config_timelimit(ConfigArgs *c) {
} else {
lim->lms_t_soft = strtol(c->argv[i], &next, 0);
if(next == c->argv[i]) {
sprintf( c->msg, "<%s> unable to parse limit", c->argv[0]);
snprintf( c->msg, sizeof( c->msg ), "<%s> unable to parse limit", c->argv[0]);
Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
c->log, c->msg, c->argv[i]);
return(1);
@ -1681,7 +1733,7 @@ config_suffix(ConfigArgs *c)
#ifdef SLAPD_MONITOR_DN
if(!strcasecmp(c->argv[1], SLAPD_MONITOR_DN)) {
sprintf( c->msg, "<%s> DN is reserved for monitoring slapd",
snprintf( c->msg, sizeof( c->msg ), "<%s> DN is reserved for monitoring slapd",
c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s (%s)\n",
c->log, c->msg, SLAPD_MONITOR_DN);
@ -1710,7 +1762,7 @@ config_suffix(ConfigArgs *c)
type = oi->oi_orig->bi_type;
}
sprintf( c->msg, "<%s> namingContext \"%s\" already served by "
snprintf( c->msg, sizeof( c->msg ), "<%s> namingContext \"%s\" already served by "
"a preceding %s database serving namingContext",
c->argv[0], pdn.bv_val, type );
Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
@ -1774,7 +1826,7 @@ config_rootpw(ConfigArgs *c) {
tbe = select_backend(&c->be->be_rootndn, 0, 0);
if(tbe != c->be) {
sprintf( c->msg, "<%s> can only be set when rootdn is under suffix",
snprintf( c->msg, sizeof( c->msg ), "<%s> can only be set when rootdn is under suffix",
c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s\n",
c->log, c->msg, 0);
@ -1823,7 +1875,7 @@ config_restrict(ConfigArgs *c) {
}
i = verbs_to_mask( c->argc, c->argv, restrictable_ops, &restrictops );
if ( i ) {
sprintf( c->msg, "<%s> unknown operation", c->argv[0] );
snprintf( c->msg, sizeof( c->msg ), "<%s> unknown operation", c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
c->log, c->msg, c->argv[i]);
return(1);
@ -1858,7 +1910,7 @@ config_allows(ConfigArgs *c) {
}
i = verbs_to_mask(c->argc, c->argv, allowable_ops, &allows);
if ( i ) {
sprintf( c->msg, "<%s> unknown feature", c->argv[0] );
snprintf( c->msg, sizeof( c->msg ), "<%s> unknown feature", c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
c->log, c->msg, c->argv[i]);
return(1);
@ -1892,7 +1944,7 @@ config_disallows(ConfigArgs *c) {
}
i = verbs_to_mask(c->argc, c->argv, disallowable_ops, &disallows);
if ( i ) {
sprintf( c->msg, "<%s> unknown feature", c->argv[0] );
snprintf( c->msg, sizeof( c->msg ), "<%s> unknown feature", c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
c->log, c->msg, c->argv[i]);
return(1);
@ -1926,7 +1978,7 @@ config_requires(ConfigArgs *c) {
}
i = verbs_to_mask(c->argc, c->argv, requires_ops, &requires);
if ( i ) {
sprintf( c->msg, "<%s> unknown feature", c->argv[0] );
snprintf( c->msg, sizeof( c->msg ), "<%s> unknown feature", c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
c->log, c->msg, c->argv[i]);
return(1);
@ -1957,7 +2009,8 @@ loglevel_init( void )
{ BER_BVC("Cache"), LDAP_DEBUG_CACHE },
{ BER_BVC("Index"), LDAP_DEBUG_INDEX },
{ BER_BVC("Sync"), LDAP_DEBUG_SYNC },
{ BER_BVNULL, 0 }
{ BER_BVC("None"), LDAP_DEBUG_NONE },
{ BER_BVNULL, 0 }
};
return slap_verbmasks_init( &loglevel_ops, lo );
@ -1993,6 +2046,43 @@ slap_loglevel_register( slap_mask_t m, struct berval *s )
return rc;
}
int
slap_loglevel_get( struct berval *s, int *l )
{
int rc;
unsigned long i;
slap_mask_t m;
if ( loglevel_ops == NULL ) {
loglevel_init();
}
for ( m = 0, i = 1; !BER_BVISNULL( &loglevel_ops[ i ].word ); i++ ) {
m |= loglevel_ops[ i ].mask;
}
m = ~m;
for ( i = 1; i <= ( 1 << ( sizeof( int ) * 8 - 1 ) ) && !( m & i ); i <<= 1 )
;
if ( !( m & i ) ) {
return -1;
}
rc = slap_verbmasks_append( &loglevel_ops, i, s, loglevel_ignore );
if ( rc != 0 ) {
Debug( LDAP_DEBUG_ANY, "slap_loglevel_register(%lu, \"%s\") failed\n",
i, s->bv_val, 0 );
} else {
*l = i;
}
return rc;
}
int
str2loglevel( const char *s, int *l )
{
@ -2004,7 +2094,7 @@ str2loglevel( const char *s, int *l )
i = verb_to_mask( s, loglevel_ops );
if ( BER_BVISNULL( &loglevel_ops[ i ].word) ) {
if ( BER_BVISNULL( &loglevel_ops[ i ].word ) ) {
return -1;
}
@ -2013,6 +2103,38 @@ str2loglevel( const char *s, int *l )
return 0;
}
const char *
loglevel2str( int l )
{
struct berval bv = BER_BVNULL;
loglevel2bv( l, &bv );
return bv.bv_val;
}
int
loglevel2bv( int l, struct berval *bv )
{
if ( loglevel_ops == NULL ) {
loglevel_init();
}
BER_BVZERO( bv );
return enum_to_verb( loglevel_ops, l, bv ) == -1;
}
int
loglevel2bvarray( int l, BerVarray *bva )
{
if ( loglevel_ops == NULL ) {
loglevel_init();
}
return mask_to_verbs( loglevel_ops, l, bva );
}
static int config_syslog;
static int
@ -2028,7 +2150,8 @@ config_loglevel(ConfigArgs *c) {
/* Get default or commandline slapd setting */
if ( ldap_syslog && !config_syslog )
config_syslog = ldap_syslog;
return mask_to_verbs( loglevel_ops, config_syslog, &c->rvalue_vals );
return loglevel2bvarray( config_syslog, &c->rvalue_vals );
} else if ( c->op == LDAP_MOD_DELETE ) {
if ( !c->line ) {
config_syslog = 0;
@ -2050,14 +2173,14 @@ config_loglevel(ConfigArgs *c) {
if ( isdigit( c->argv[i][0] ) || c->argv[i][0] == '-' ) {
level = strtol( c->argv[i], &next, 10 );
if ( next == NULL || next[0] != '\0' ) {
sprintf( c->msg, "<%s> unable to parse level", c->argv[0] );
snprintf( c->msg, sizeof( c->msg ), "<%s> unable to parse level", c->argv[0] );
Debug( LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
c->log, c->msg, c->argv[i]);
return( 1 );
}
} else {
if ( str2loglevel( c->argv[i], &level ) ) {
sprintf( c->msg, "<%s> unknown level", c->argv[0] );
snprintf( c->msg, sizeof( c->msg ), "<%s> unknown level", c->argv[0] );
Debug( LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
c->log, c->msg, c->argv[i]);
return( 1 );
@ -2094,7 +2217,7 @@ config_referral(ConfigArgs *c) {
return 0;
}
if(validate_global_referral(c->argv[1])) {
sprintf( c->msg, "<%s> invalid URL", c->argv[0] );
snprintf( c->msg, sizeof( c->msg ), "<%s> invalid URL", c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s (%s)\n",
c->log, c->msg, c->argv[1]);
return(1);
@ -2136,7 +2259,13 @@ config_security(ConfigArgs *c) {
tgt = (slap_ssf_t *)((char *)set + sec_keys[i].off);
if ( *tgt ) {
rc = 0;
bv.bv_len = sprintf( numbuf, "%u", *tgt );
bv.bv_len = snprintf( numbuf, sizeof( numbuf ), "%u", *tgt );
if ( bv.bv_len >= sizeof( numbuf ) ) {
ber_bvarray_free_x( c->rvalue_vals, NULL );
c->rvalue_vals = NULL;
rc = 1;
break;
}
bv.bv_len += sec_keys[i].key.bv_len;
bv.bv_val = ch_malloc( bv.bv_len + 1);
next = lutil_strcopy( bv.bv_val, sec_keys[i].key.bv_val );
@ -2158,7 +2287,7 @@ config_security(ConfigArgs *c) {
}
}
if ( !tgt ) {
sprintf( c->msg, "<%s> unknown factor", c->argv[0] );
snprintf( c->msg, sizeof( c->msg ), "<%s> unknown factor", c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
c->log, c->msg, c->argv[i]);
return(1);
@ -2166,7 +2295,7 @@ config_security(ConfigArgs *c) {
*tgt = strtol(src, &next, 10);
if(next == NULL || next[0] != '\0' ) {
sprintf( c->msg, "<%s> unable to parse factor", c->argv[0] );
snprintf( c->msg, sizeof( c->msg ), "<%s> unable to parse factor", c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
c->log, c->msg, c->argv[i]);
return(1);
@ -2195,7 +2324,13 @@ replica_unparse( struct slap_replica_info *ri, int i, struct berval *bv )
struct berval bc = BER_BVNULL;
char numbuf[32];
len = sprintf(numbuf, IFMT, i );
BER_BVZERO( bv );
len = snprintf(numbuf, sizeof( numbuf ), SLAP_X_ORDERED_FMT, i );
if ( len >= sizeof( numbuf ) ) {
/* FIXME: how can indicate error? */
return;
}
len += strlen( ri->ri_uri ) + STRLENOF("uri=");
if ( ri->ri_nsuffix ) {
@ -2241,7 +2376,7 @@ replica_unparse( struct slap_replica_info *ri, int i, struct berval *bv )
static int
config_replica(ConfigArgs *c) {
int i, nr = -1, len;
int i, nr = -1;
char *replicahost, *replicauri;
LDAPURLDesc *ludp;
@ -2270,22 +2405,24 @@ config_replica(ConfigArgs *c) {
for(i = 1; i < c->argc; i++) {
if(!strncasecmp(c->argv[i], "host=", STRLENOF("host="))) {
ber_len_t len;
replicahost = c->argv[i] + STRLENOF("host=");
len = strlen( replicahost );
replicauri = ch_malloc( len + STRLENOF("ldap://") + 1 );
sprintf( replicauri, "ldap://%s", replicahost );
len = strlen( replicahost ) + STRLENOF("ldap://");
replicauri = ch_malloc( len + 1 );
snprintf( replicauri, len + 1, "ldap://%s", replicahost );
replicahost = replicauri + STRLENOF( "ldap://");
nr = add_replica_info(c->be, replicauri, replicahost);
break;
} else if(!strncasecmp(c->argv[i], "uri=", STRLENOF("uri="))) {
if(ldap_url_parse(c->argv[i] + STRLENOF("uri="), &ludp) != LDAP_SUCCESS) {
sprintf( c->msg, "<%s> invalid uri", c->argv[0] );
snprintf( c->msg, sizeof( c->msg ), "<%s> invalid uri", c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
return(1);
}
if(!ludp->lud_host) {
ldap_free_urldesc(ludp);
sprintf( c->msg, "<%s> invalid uri - missing hostname",
snprintf( c->msg, sizeof( c->msg ), "<%s> invalid uri - missing hostname",
c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
return(1);
@ -2300,11 +2437,11 @@ config_replica(ConfigArgs *c) {
}
}
if(i == c->argc) {
sprintf( c->msg, "<%s> missing host or uri", c->argv[0] );
snprintf( c->msg, sizeof( c->msg ), "<%s> missing host or uri", c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
return(1);
} else if(nr == -1) {
sprintf( c->msg, "<%s> unable to add replica", c->argv[0] );
snprintf( c->msg, sizeof( c->msg ), "<%s> unable to add replica", c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n", c->log, c->msg, replicauri );
return(1);
} else {
@ -2342,7 +2479,7 @@ config_replica(ConfigArgs *c) {
continue;
}
if(add_replica_attrs(c->be, nr, arg + 1, exclude)) {
sprintf( c->msg, "<%s> unknown attribute", c->argv[0] );
snprintf( c->msg, sizeof( c->msg ), "<%s> unknown attribute", c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
c->log, c->msg, arg + 1);
return(1);
@ -2372,7 +2509,7 @@ config_updatedn(ConfigArgs *c) {
return 0;
}
if(SLAP_SHADOW(c->be)) {
sprintf( c->msg, "<%s> database already shadowed", c->argv[0] );
snprintf( c->msg, sizeof( c->msg ), "<%s> database already shadowed", c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s\n",
c->log, c->msg, 0);
return(1);
@ -2413,7 +2550,7 @@ config_updateref(ConfigArgs *c) {
return 0;
}
if(!SLAP_SHADOW(c->be)) {
sprintf( c->msg, "<%s> must appear after syncrepl or updatedn",
snprintf( c->msg, sizeof( c->msg ), "<%s> must appear after syncrepl or updatedn",
c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s\n",
c->log, c->msg, 0);
@ -2421,7 +2558,7 @@ config_updateref(ConfigArgs *c) {
}
if(validate_global_referral(c->argv[1])) {
sprintf( c->msg, "<%s> invalid URL", c->argv[0] );
snprintf( c->msg, sizeof( c->msg ), "<%s> invalid URL", c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s (%s)\n",
c->log, c->msg, c->argv[1]);
return(1);
@ -2481,6 +2618,7 @@ config_tls_option(ConfigArgs *c) {
case CFG_TLS_CERT_KEY: flag = LDAP_OPT_X_TLS_KEYFILE; break;
case CFG_TLS_CA_PATH: flag = LDAP_OPT_X_TLS_CACERTDIR; break;
case CFG_TLS_CA_FILE: flag = LDAP_OPT_X_TLS_CACERTFILE; break;
case CFG_TLS_DH_FILE: flag = LDAP_OPT_X_TLS_DHFILE; break;
default: Debug(LDAP_DEBUG_ANY, "%s: "
"unknown tls_option <0x%x>\n",
c->log, c->type, 0);
@ -2958,7 +3096,7 @@ check_vals( ConfigTable *ct, ConfigArgs *ca, void *ptr, int isAttr )
sort = 1;
rc = ordered_value_sort( a, 1 );
if ( rc ) {
sprintf(ca->msg, "ordered_value_sort failed on attr %s\n",
snprintf(ca->msg, sizeof( ca->msg ), "ordered_value_sort failed on attr %s\n",
ad->ad_cname.bv_val );
return rc;
}
@ -3048,7 +3186,10 @@ check_name_index( CfEntryInfo *parent, ConfigType ce_type, Entry *e,
if (!a ) return LDAP_NAMING_VIOLATION;
ival.bv_val = ibuf;
ival.bv_len = sprintf( ibuf, IFMT, nsibs );
ival.bv_len = snprintf( ibuf, sizeof( ibuf ), SLAP_X_ORDERED_FMT, nsibs );
if ( ival.bv_len >= sizeof( ibuf ) ) {
return LDAP_NAMING_VIOLATION;
}
newrdn.bv_len = rdn.bv_len + ival.bv_len;
newrdn.bv_val = ch_malloc( newrdn.bv_len+1 );
@ -3351,7 +3492,7 @@ ok:
}
}
if ( rc ) {
sprintf( ca->msg, "<%s> failed startup", ca->argv[0] );
snprintf( ca->msg, sizeof( ca->msg ), "<%s> failed startup", ca->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s (%s)!\n",
ca->log, ca->msg, ca->argv[1] );
rc = LDAP_OTHER;
@ -3984,7 +4125,11 @@ config_build_schema_inc( ConfigArgs *c, CfEntryInfo *ceparent,
ptr = strchr( bv.bv_val, '.' );
if ( ptr )
bv.bv_len = ptr - bv.bv_val;
c->value_dn.bv_len = sprintf(c->value_dn.bv_val, "cn=" IFMT, c->depth);
c->value_dn.bv_len = snprintf(c->value_dn.bv_val, sizeof( c->log ), "cn=" SLAP_X_ORDERED_FMT, c->depth);
if ( c->value_dn.bv_len >= sizeof( c->log ) ) {
/* FIXME: how can indicate error? */
return;
}
strncpy( c->value_dn.bv_val + c->value_dn.bv_len, bv.bv_val,
bv.bv_len );
c->value_dn.bv_len += bv.bv_len;
@ -4010,7 +4155,11 @@ config_build_includes( ConfigArgs *c, CfEntryInfo *ceparent,
for (i=0; cf; cf=cf->c_sibs, i++) {
c->value_dn.bv_val = c->log;
c->value_dn.bv_len = sprintf(c->value_dn.bv_val, "cn=include" IFMT, i);
c->value_dn.bv_len = snprintf(c->value_dn.bv_val, sizeof( c->log ), "cn=include" SLAP_X_ORDERED_FMT, i);
if ( c->value_dn.bv_len >= sizeof( c->log ) ) {
/* FIXME: how can indicate error? */
return;
}
c->private = cf;
e = config_build_entry( op, rs, ceparent, c, &c->value_dn,
&CFOC_INCLUDE, NULL );
@ -4034,7 +4183,11 @@ config_build_modules( ConfigArgs *c, CfEntryInfo *ceparent,
if ( BER_BVISNULL( &mp->mp_path ) && !mp->mp_loads )
continue;
c->value_dn.bv_val = c->log;
c->value_dn.bv_len = sprintf(c->value_dn.bv_val, "cn=module" IFMT, i);
c->value_dn.bv_len = snprintf(c->value_dn.bv_val, sizeof( c->log ), "cn=module" SLAP_X_ORDERED_FMT, i);
if ( c->value_dn.bv_len >= sizeof( c->log ) ) {
/* FIXME: how can indicate error? */
return;
}
c->private = mp;
config_build_entry( op, rs, ceparent, c, &c->value_dn,
&CFOC_MODULE, NULL );
@ -4129,7 +4282,11 @@ config_back_db_open( BackendDB *be )
if (!bi->bi_private) continue;
rdn.bv_val = c.log;
rdn.bv_len = sprintf(rdn.bv_val, "%s=%s", cfAd_backend->ad_cname.bv_val, bi->bi_type);
rdn.bv_len = snprintf(rdn.bv_val, sizeof( c.log ),
"%s=%s", cfAd_backend->ad_cname.bv_val, bi->bi_type);
if ( rdn.bv_len >= sizeof( c.log ) ) {
/* FIXME: holler ... */ ;
}
c.bi = bi;
e = config_build_entry( op, &rs, ceparent, &c, &rdn, &CFOC_BACKEND,
bi->bi_cf_ocs );
@ -4149,8 +4306,12 @@ config_back_db_open( BackendDB *be )
bi = be->bd_info;
}
rdn.bv_val = c.log;
rdn.bv_len = sprintf(rdn.bv_val, "%s=" IFMT "%s", cfAd_database->ad_cname.bv_val,
rdn.bv_len = snprintf(rdn.bv_val, sizeof( c.log ),
"%s=" SLAP_X_ORDERED_FMT "%s", cfAd_database->ad_cname.bv_val,
i, bi->bi_type);
if ( rdn.bv_len >= sizeof( c.log ) ) {
/* FIXME: holler ... */ ;
}
c.be = be;
c.bi = bi;
e = config_build_entry( op, &rs, ceparent, &c, &rdn, &CFOC_DATABASE,
@ -4166,8 +4327,12 @@ config_back_db_open( BackendDB *be )
for (j=0,on=oi->oi_list; on; j++,on=on->on_next) {
rdn.bv_val = c.log;
rdn.bv_len = sprintf(rdn.bv_val, "%s=" IFMT "%s",
rdn.bv_len = snprintf(rdn.bv_val, sizeof( c.log ),
"%s=" SLAP_X_ORDERED_FMT "%s",
cfAd_overlay->ad_cname.bv_val, j, on->on_bi.bi_type );
if ( rdn.bv_len >= sizeof( c.log ) ) {
/* FIXME: holler ... */ ;
}
c.be = be;
c.bi = &on->on_bi;
oe = config_build_entry( op, &rs, ce, &c, &rdn,

57
servers/slapd/config.c
View file

@ -131,7 +131,7 @@ int config_check_vals(ConfigTable *Conf, ConfigArgs *c, int check_only ) {
c->argv[1] = "";
}
if(Conf->min_args && (c->argc < Conf->min_args)) {
sprintf( c->msg, "<%s> missing <%s> argument",
snprintf( c->msg, sizeof( c->msg ), "<%s> missing <%s> argument",
c->argv[0], Conf->what );
Debug(LDAP_DEBUG_CONFIG, "%s: keyword %s\n", c->log, c->msg, 0 );
return(ARG_BAD_CONF);
@ -139,7 +139,7 @@ int config_check_vals(ConfigTable *Conf, ConfigArgs *c, int check_only ) {
if(Conf->max_args && (c->argc > Conf->max_args)) {
char *ignored = " ignored";
sprintf( c->msg, "<%s> extra cruft after <%s>",
snprintf( c->msg, sizeof( c->msg ), "<%s> extra cruft after <%s>",
c->argv[0], Conf->what );
#ifdef LDAP_DEVEL
@ -152,34 +152,34 @@ int config_check_vals(ConfigTable *Conf, ConfigArgs *c, int check_only ) {
#endif /* LDAP_DEVEL */
}
if((arg_type & ARG_DB) && !c->be) {
sprintf( c->msg, "<%s> only allowed within database declaration",
snprintf( c->msg, sizeof( c->msg ), "<%s> only allowed within database declaration",
c->argv[0] );
Debug(LDAP_DEBUG_CONFIG, "%s: keyword %s\n",
c->log, c->msg, 0);
return(ARG_BAD_CONF);
}
if((arg_type & ARG_PRE_BI) && c->bi) {
sprintf( c->msg, "<%s> must occur before any backend %sdeclaration",
snprintf( c->msg, sizeof( c->msg ), "<%s> must occur before any backend %sdeclaration",
c->argv[0], (arg_type & ARG_PRE_DB) ? "or database " : "" );
Debug(LDAP_DEBUG_CONFIG, "%s: keyword %s\n",
c->log, c->msg, 0 );
return(ARG_BAD_CONF);
}
if((arg_type & ARG_PRE_DB) && c->be && c->be != frontendDB) {
sprintf( c->msg, "<%s> must occur before any database declaration",
snprintf( c->msg, sizeof( c->msg ), "<%s> must occur before any database declaration",
c->argv[0] );
Debug(LDAP_DEBUG_CONFIG, "%s: keyword %s\n",
c->log, c->msg, 0);
return(ARG_BAD_CONF);
}
if((arg_type & ARG_PAREN) && *c->argv[1] != '(' /*')'*/) {
sprintf( c->msg, "<%s> old format not supported", c->argv[0] );
snprintf( c->msg, sizeof( c->msg ), "<%s> old format not supported", c->argv[0] );
Debug(LDAP_DEBUG_CONFIG, "%s: %s\n",
c->log, c->msg, 0);
return(ARG_BAD_CONF);
}
if((arg_type & ARGS_POINTER) && !Conf->arg_item && !(arg_type & ARG_OFFSET)) {
sprintf( c->msg, "<%s> invalid config_table, arg_item is NULL",
snprintf( c->msg, sizeof( c->msg ), "<%s> invalid config_table, arg_item is NULL",
c->argv[0] );
Debug(LDAP_DEBUG_CONFIG, "%s: %s\n",
c->log, c->msg, 0);
@ -204,7 +204,7 @@ int config_check_vals(ConfigTable *Conf, ConfigArgs *c, int check_only ) {
!strcasecmp(c->argv[1], "false")) {
iarg = 0;
} else {
sprintf( c->msg, "<%s> invalid value, ignored",
snprintf( c->msg, sizeof( c->msg ), "<%s> invalid value, ignored",
c->argv[0] );
Debug(LDAP_DEBUG_CONFIG, "%s: %s\n",
c->log, c->msg, 0 );
@ -215,7 +215,7 @@ int config_check_vals(ConfigTable *Conf, ConfigArgs *c, int check_only ) {
j = (arg_type & ARG_NONZERO) ? 1 : 0;
if(iarg < j && larg < j && barg < j ) {
larg = larg ? larg : (barg ? barg : iarg);
sprintf( c->msg, "<%s> invalid value, ignored",
snprintf( c->msg, sizeof( c->msg ), "<%s> invalid value, ignored",
c->argv[0] );
Debug(LDAP_DEBUG_CONFIG, "%s: %s\n",
c->log, c->msg, 0 );
@ -238,7 +238,7 @@ int config_check_vals(ConfigTable *Conf, ConfigArgs *c, int check_only ) {
ber_str2bv( c->argv[1], 0, 0, &bv );
rc = dnPrettyNormal( NULL, &bv, &c->value_dn, &c->value_ndn, NULL );
if ( rc != LDAP_SUCCESS ) {
sprintf( c->msg, "<%s> invalid DN %d (%s)",
snprintf( c->msg, sizeof( c->msg ), "<%s> invalid DN %d (%s)",
c->argv[0], rc, ldap_err2string( rc ));
Debug(LDAP_DEBUG_CONFIG, "%s: %s\n" , c->log, c->msg, 0);
return(ARG_BAD_CONF);
@ -265,7 +265,7 @@ int config_set_vals(ConfigTable *Conf, ConfigArgs *c) {
#endif
if(rc) {
if ( !c->msg[0] ) {
sprintf( c->msg, "<%s> handler exited with %d",
snprintf( c->msg, sizeof( c->msg ), "<%s> handler exited with %d",
c->argv[0], rc );
Debug(LDAP_DEBUG_CONFIG, "%s: %s!\n",
c->log, c->msg, 0 );
@ -280,7 +280,7 @@ int config_set_vals(ConfigTable *Conf, ConfigArgs *c) {
else if (c->bi)
ptr = c->bi->bi_private;
else {
sprintf( c->msg, "<%s> offset is missing base pointer",
snprintf( c->msg, sizeof( c->msg ), "<%s> offset is missing base pointer",
c->argv[0] );
Debug(LDAP_DEBUG_CONFIG, "%s: %s!\n",
c->log, c->msg, 0);
@ -393,10 +393,10 @@ config_get_vals(ConfigTable *cf, ConfigArgs *c)
if ( cf->arg_type & ARGS_POINTER) {
bv.bv_val = c->log;
switch(cf->arg_type & ARGS_POINTER) {
case ARG_INT: bv.bv_len = sprintf(bv.bv_val, "%d", c->value_int); break;
case ARG_LONG: bv.bv_len = sprintf(bv.bv_val, "%ld", c->value_long); break;
case ARG_BER_LEN_T: bv.bv_len = sprintf(bv.bv_val, "%ld", c->value_ber_t); break;
case ARG_ON_OFF: bv.bv_len = sprintf(bv.bv_val, "%s",
case ARG_INT: bv.bv_len = snprintf(bv.bv_val, sizeof( c->log ), "%d", c->value_int); break;
case ARG_LONG: bv.bv_len = snprintf(bv.bv_val, sizeof( c->log ), "%ld", c->value_long); break;
case ARG_BER_LEN_T: bv.bv_len = snprintf(bv.bv_val, sizeof( c->log ), "%ld", c->value_ber_t); break;
case ARG_ON_OFF: bv.bv_len = snprintf(bv.bv_val, sizeof( c->log ), "%s",
c->value_int ? "TRUE" : "FALSE"); break;
case ARG_STRING:
if ( c->value_string && c->value_string[0]) {
@ -413,6 +413,9 @@ config_get_vals(ConfigTable *cf, ConfigArgs *c)
}
break;
}
if (bv.bv_val == c->log && bv.bv_len >= sizeof( c->log ) ) {
return 1;
}
if (( cf->arg_type & ARGS_POINTER ) == ARG_STRING )
ber_bvarray_add(&c->rvalue_vals, &bv);
else
@ -853,18 +856,20 @@ verbs_to_mask(int argc, char *argv[], slap_verbmasks *v, slap_mask_t *m) {
*/
int
mask_to_verbs(slap_verbmasks *v, slap_mask_t m, BerVarray *bva) {
int i;
int i, rc = 1;
if (!m) return 1;
for (i=0; !BER_BVISNULL(&v[i].word); i++) {
if (!v[i].mask) continue;
if (( m & v[i].mask ) == v[i].mask ) {
value_add_one( bva, &v[i].word );
m ^= v[i].mask;
if ( !m ) break;
if (m) {
for (i=0; !BER_BVISNULL(&v[i].word); i++) {
if (!v[i].mask) continue;
if (( m & v[i].mask ) == v[i].mask ) {
value_add_one( bva, &v[i].word );
rc = 0;
m ^= v[i].mask;
if ( !m ) break;
}
}
}
return 0;
return rc;
}
int
@ -1383,7 +1388,7 @@ int config_generic_wrapper( Backend *be, const char *fname, int lineno,
c.argc = argc;
c.argv = argv;
c.valx = -1;
sprintf( c.log, "%s: line %d", fname, lineno );
snprintf( c.log, sizeof( c.log ), "%s: line %d", fname, lineno );
rc = SLAP_CONF_UNKNOWN;
ct = config_find_keyword( be->be_cf_ocs->co_table, &c );

667
servers/slapd/connection.c
View file

File diff suppressed because it is too large Load diff

9
servers/slapd/ctxcsn.c
View file

@ -100,6 +100,9 @@ slap_graduate_commit_csn( Operation *op )
if ( csne->ce_opid == op->o_opid && csne->ce_connid == op->o_connid ) {
LDAP_TAILQ_REMOVE( op->o_bd->be_pending_csn_list,
csne, ce_csn_link );
if ( op->o_csn.bv_val == csne->ce_csn.bv_val ) {
BER_BVZERO( &op->o_csn );
}
ch_free( csne->ce_csn.bv_val );
ch_free( csne );
break;
@ -163,6 +166,7 @@ slap_queue_csn(
ldap_pvt_thread_mutex_lock( op->o_bd->be_pcl_mutexp );
ber_dupbv( &pending->ce_csn, csn );
op->o_csn = pending->ce_csn;
pending->ce_connid = op->o_connid;
pending->ce_opid = op->o_opid;
pending->ce_state = SLAP_CSN_PENDING;
@ -174,8 +178,6 @@ slap_queue_csn(
int
slap_get_csn(
Operation *op,
char *csnbuf,
int len,
struct berval *csn,
int manage_ctxcsn )
{
@ -184,11 +186,10 @@ slap_get_csn(
#ifndef HAVE_GMTIME_R
ldap_pvt_thread_mutex_lock( &gmtime_mutex );
#endif
csn->bv_len = lutil_csnstr( csnbuf, len, 0, 0 );
csn->bv_len = lutil_csnstr( csn->bv_val, csn->bv_len, 0, 0 );
#ifndef HAVE_GMTIME_R
ldap_pvt_thread_mutex_unlock( &gmtime_mutex );
#endif
csn->bv_val = csnbuf;
if ( manage_ctxcsn )
slap_queue_csn( op, csn );

1080
servers/slapd/daemon.c
View file

File diff suppressed because it is too large Load diff

8
servers/slapd/delete.c
View file

@ -91,8 +91,6 @@ do_delete(
rs->sr_err = frontendDB->be_delete( op, rs );
cleanup:;
slap_graduate_commit_csn( op );
op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
return rs->sr_err;
@ -174,12 +172,6 @@ fe_op_delete( Operation *op, SlapReply *rs )
op->o_bd = op_be;
if ( !repl_user ) {
struct berval csn = BER_BVNULL;
char csnbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
slap_get_csn( op, csnbuf, sizeof(csnbuf), &csn, 1 );
}
#ifdef SLAPD_MULTIMASTER
if ( !op->o_bd->be_update_ndn.bv_len || !repl_user )
#endif

2
servers/slapd/extended.c
View file

@ -248,7 +248,7 @@ done:;
int
load_extop(
struct berval *ext_oid,
const struct berval *ext_oid,
slap_mask_t ext_flags,
SLAP_EXTOP_MAIN_FN *ext_main )
{

6
servers/slapd/init.c
View file

@ -67,6 +67,7 @@ struct berval NoAttrs = BER_BVC( LDAP_NO_ATTRS );
*/
ldap_pvt_thread_pool_t connection_pool;
int connection_pool_max = SLAP_MAX_WORKER_THREADS;
int slap_tool_thread_max = 1;
#ifndef HAVE_GMTIME_R
ldap_pvt_thread_mutex_t gmtime_mutex;
#endif
@ -124,8 +125,6 @@ slap_init( int mode, const char *name )
switch ( slapMode & SLAP_MODE ) {
case SLAP_SERVER_MODE:
ldap_pvt_thread_pool_init( &connection_pool,
connection_pool_max, 0);
/* FALLTHRU */
case SLAP_TOOL_MODE:
@ -136,6 +135,9 @@ slap_init( int mode, const char *name )
slap_name = name;
ldap_pvt_thread_pool_init( &connection_pool,
connection_pool_max, 0);
ldap_pvt_thread_mutex_init( &entry2str_mutex );
ldap_pvt_thread_mutex_init( &replog_mutex );

52
servers/slapd/main.c
View file

@ -332,7 +332,7 @@ int main( int argc, char **argv )
#endif
while ( (i = getopt( argc, argv,
"c:d:f:F:h:n:o:s:StT:V"
"c:d:f:F:h:n:o:s:tT:V"
#if LDAP_PF_INET6
"46"
#endif
@ -669,7 +669,7 @@ unhandled_option:;
ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_CTX, NULL );
rc = ldap_pvt_tls_init_def_ctx();
if( rc == 0) {
if( rc == 0 ) {
ldap_pvt_tls_get_option( NULL, LDAP_OPT_X_TLS_CTX, &slap_tls_ctx );
/* Restore previous ctx */
ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_CTX, def_ctx );
@ -721,7 +721,7 @@ unhandled_option:;
*/
time( &starttime );
if ( slap_startup( NULL ) != 0 ) {
if ( slap_startup( NULL ) != 0 ) {
rc = 1;
SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 21 );
goto shutdown;
@ -729,33 +729,51 @@ unhandled_option:;
Debug( LDAP_DEBUG_ANY, "slapd starting\n", 0, 0, 0 );
if ( slapd_pid_file != NULL ) {
FILE *fp = fopen( slapd_pid_file, "w" );
if( fp != NULL ) {
fprintf( fp, "%d\n", (int) getpid() );
fclose( fp );
if ( fp == NULL ) {
int save_errno = errno;
} else {
free(slapd_pid_file);
Debug( LDAP_DEBUG_ANY, "unable to open pid file "
"\"%s\": %d (%s)\n",
slapd_pid_file,
save_errno, strerror( save_errno ) );
free( slapd_pid_file );
slapd_pid_file = NULL;
rc = 1;
goto shutdown;
}
fprintf( fp, "%d\n", (int) getpid() );
fclose( fp );
}
if ( slapd_args_file != NULL ) {
FILE *fp = fopen( slapd_args_file, "w" );
if( fp != NULL ) {
for ( i = 0; i < g_argc; i++ ) {
fprintf( fp, "%s ", g_argv[i] );
}
fprintf( fp, "\n" );
fclose( fp );
} else {
free(slapd_args_file);
if ( fp == NULL ) {
int save_errno = errno;
Debug( LDAP_DEBUG_ANY, "unable to open args file "
"\"%s\": %d (%s)\n",
slapd_args_file,
save_errno, strerror( save_errno ) );
free( slapd_args_file );
slapd_args_file = NULL;
rc = 1;
goto shutdown;
}
for ( i = 0; i < g_argc; i++ ) {
fprintf( fp, "%s ", g_argv[i] );
}
fprintf( fp, "\n" );
fclose( fp );
}
#ifdef HAVE_NT_EVENT_LOG

222
servers/slapd/modify.c
View file

@ -200,8 +200,6 @@ do_modify(
rs->sr_err = frontendDB->be_modify( op, rs );
cleanup:
slap_graduate_commit_csn( op );
op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
if ( op->orm_modlist != NULL ) slap_mods_free( op->orm_modlist, 1 );
@ -217,7 +215,6 @@ fe_op_modify( Operation *op, SlapReply *rs )
#endif
int manageDSAit;
Modifications *modlist = op->orm_modlist;
Modifications **modtail = &modlist;
int increment = op->orm_increment;
BackendDB *op_be;
char textbuf[ SLAP_TEXT_BUFLEN ];
@ -388,22 +385,6 @@ fe_op_modify( Operation *op, SlapReply *rs )
}
}
if ( !repl_user ) {
for( modtail = &modlist;
*modtail != NULL;
modtail = &(*modtail)->sml_next )
{
/* empty */
}
rs->sr_err = slap_mods_opattrs( op, modlist, modtail,
&rs->sr_text, textbuf, textlen, 1 );
if( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
}
op->orm_modlist = modlist;
#ifdef SLAPD_MULTIMASTER
if ( !repl_user )
@ -825,35 +806,43 @@ void slap_timestamp( time_t *tm, struct berval *bv )
#endif
}
int slap_mods_opattrs(
/* modify only calls this for non-replicas. modrdn always calls.
*/
void slap_mods_opattrs(
Operation *op,
Modifications *mods,
Modifications **modtail,
const char **text,
char *textbuf, size_t textlen,
int manage_ctxcsn )
{
struct berval name, timestamp, csn;
struct berval name, timestamp, csn = BER_BVNULL;
struct berval nname;
char timebuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
char csnbuf[ LDAP_LUTIL_CSNSTR_BUFSIZE ];
Modifications *mod;
int mop = op->o_tag == LDAP_REQ_ADD
? LDAP_MOD_ADD : LDAP_MOD_REPLACE;
assert( modtail != NULL );
assert( *modtail == NULL );
Modifications *mod, **modtail, *modlast;
if ( SLAP_LASTMOD( op->o_bd ) ) {
time_t now = slap_get_time();
slap_get_csn( op, csnbuf, sizeof(csnbuf), &csn, manage_ctxcsn );
char *ptr;
timestamp.bv_val = timebuf;
timestamp.bv_len = sizeof(timebuf);
if ( BER_BVISEMPTY( &op->o_csn )) {
csn.bv_val = csnbuf;
csn.bv_len = sizeof( csnbuf );
slap_get_csn( op, &csn, manage_ctxcsn );
} else {
csn = op->o_csn;
}
ptr = strchr( csn.bv_val, '#' );
if ( ptr ) {
timestamp.bv_len = ptr - csn.bv_val;
if ( timestamp.bv_len >= sizeof( timebuf ))
timestamp.bv_len = sizeof( timebuf ) - 1;
strncpy( timebuf, csn.bv_val, timestamp.bv_len );
timebuf[timestamp.bv_len] = '\0';
} else {
time_t now = slap_get_time();
slap_timestamp( &now, &timestamp );
timestamp.bv_len = sizeof(timebuf);
slap_timestamp( &now, &timestamp );
}
if ( BER_BVISEMPTY( &op->o_dn ) ) {
BER_BVSTR( &name, SLAPD_ANONYMOUS );
@ -862,146 +851,13 @@ int slap_mods_opattrs(
name = op->o_dn;
nname = op->o_ndn;
}
}
if ( op->o_tag == LDAP_REQ_ADD ) {
struct berval tmpval;
for ( mod = mods; mod->sml_next; mod = mod->sml_next )
;
modtail = &mod->sml_next;
mod = *modtail;
if ( get_manageDIT( op ) ) {
for ( mod = mods; mod != *modtail; mod = mod->sml_next ) {
if ( mod->sml_desc == slap_schema.si_ad_structuralObjectClass ) {
break;
}
}
}
if ( mod == *modtail ) {
int rc = mods_structural_class( mods, &tmpval,
text, textbuf, textlen );
if( rc != LDAP_SUCCESS ) return rc;
mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
mod->sml_op = mop;
mod->sml_flags = SLAP_MOD_INTERNAL;
mod->sml_next = NULL;
BER_BVZERO( &mod->sml_type );
mod->sml_desc = slap_schema.si_ad_structuralObjectClass;
mod->sml_values =
(BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
ber_dupbv( &mod->sml_values[0], &tmpval );
BER_BVZERO( &mod->sml_values[1] );
assert( !BER_BVISNULL( &mod->sml_values[0] ) );
mod->sml_nvalues =
(BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
ber_dupbv( &mod->sml_nvalues[0], &tmpval );
BER_BVZERO( &mod->sml_nvalues[1] );
assert( !BER_BVISNULL( &mod->sml_nvalues[0] ) );
*modtail = mod;
modtail = &mod->sml_next;
}
if ( SLAP_LASTMOD( op->o_bd ) ) {
mod = *modtail;
if ( get_manageDIT( op ) ) {
for ( mod = mods; mod != *modtail; mod = mod->sml_next ) {
if ( mod->sml_desc == slap_schema.si_ad_entryUUID ) {
break;
}
}
}
if ( mod == *modtail ) {
char uuidbuf[ LDAP_LUTIL_UUIDSTR_BUFSIZE ];
tmpval.bv_len = lutil_uuidstr( uuidbuf, sizeof( uuidbuf ) );
tmpval.bv_val = uuidbuf;
mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
mod->sml_op = mop;
mod->sml_flags = SLAP_MOD_INTERNAL;
mod->sml_next = NULL;
BER_BVZERO( &mod->sml_type );
mod->sml_desc = slap_schema.si_ad_entryUUID;
mod->sml_values =
(BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
ber_dupbv( &mod->sml_values[0], &tmpval );
BER_BVZERO( &mod->sml_values[1] );
assert( !BER_BVISNULL( &mod->sml_values[0] ) );
mod->sml_nvalues =
(BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
(*mod->sml_desc->ad_type->sat_equality->smr_normalize)(
SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
mod->sml_desc->ad_type->sat_syntax,
mod->sml_desc->ad_type->sat_equality,
mod->sml_values, mod->sml_nvalues, NULL );
BER_BVZERO( &mod->sml_nvalues[1] );
*modtail = mod;
modtail = &mod->sml_next;
}
mod = *modtail;
if ( get_manageDIT( op ) ) {
for ( mod = mods; mod != *modtail; mod = mod->sml_next ) {
if ( mod->sml_desc == slap_schema.si_ad_creatorsName ) {
break;
}
}
}
if ( mod == *modtail ) {
mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
mod->sml_op = mop;
mod->sml_flags = SLAP_MOD_INTERNAL;
mod->sml_next = NULL;
BER_BVZERO( &mod->sml_type );
mod->sml_desc = slap_schema.si_ad_creatorsName;
mod->sml_values =
(BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
ber_dupbv( &mod->sml_values[0], &name );
BER_BVZERO( &mod->sml_values[1] );
assert( !BER_BVISNULL( &mod->sml_values[0] ) );
mod->sml_nvalues =
(BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
ber_dupbv( &mod->sml_nvalues[0], &nname );
BER_BVZERO( &mod->sml_nvalues[1] );
assert( !BER_BVISNULL( &mod->sml_nvalues[0] ) );
*modtail = mod;
modtail = &mod->sml_next;
}
mod = *modtail;
if ( get_manageDIT( op ) ) {
for ( mod = mods; mod != *modtail; mod = mod->sml_next ) {
if ( mod->sml_desc == slap_schema.si_ad_createTimestamp ) {
break;
}
}
}
if ( mod == *modtail ) {
mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
mod->sml_op = mop;
mod->sml_flags = SLAP_MOD_INTERNAL;
mod->sml_next = NULL;
BER_BVZERO( &mod->sml_type );
mod->sml_desc = slap_schema.si_ad_createTimestamp;
mod->sml_values =
(BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
ber_dupbv( &mod->sml_values[0], &timestamp );
BER_BVZERO( &mod->sml_values[1] );
assert( !BER_BVISNULL( &mod->sml_values[0] ) );
mod->sml_nvalues = NULL;
*modtail = mod;
modtail = &mod->sml_next;
}
}
}
if ( SLAP_LASTMOD( op->o_bd ) ) {
mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
mod->sml_op = mop;
mod->sml_op = LDAP_MOD_REPLACE;
mod->sml_flags = SLAP_MOD_INTERNAL;
mod->sml_next = NULL;
BER_BVZERO( &mod->sml_type );
@ -1012,20 +868,20 @@ int slap_mods_opattrs(
assert( !BER_BVISNULL( &mod->sml_values[0] ) );
mod->sml_nvalues = NULL;
*modtail = mod;
modlast = mod;
modtail = &mod->sml_next;
mod = *modtail;
if ( get_manageDIT( op ) ) {
for ( mod = mods; mod != *modtail; mod = mod->sml_next ) {
for ( mod = mods; mod != modlast; mod = mod->sml_next ) {
if ( mod->sml_desc == slap_schema.si_ad_modifiersName ) {
break;
}
}
}
if ( mod == *modtail ) {
if ( mod->sml_desc != slap_schema.si_ad_modifiersName ) {
mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
mod->sml_op = mop;
mod->sml_op = LDAP_MOD_REPLACE;
mod->sml_flags = SLAP_MOD_INTERNAL;
mod->sml_next = NULL;
BER_BVZERO( &mod->sml_type );
@ -1043,18 +899,17 @@ int slap_mods_opattrs(
modtail = &mod->sml_next;
}
mod = *modtail;
if ( get_manageDIT( op ) ) {
for ( mod = mods; mod != *modtail; mod = mod->sml_next ) {
for ( mod = mods; mod != modlast; mod = mod->sml_next ) {
if ( mod->sml_desc == slap_schema.si_ad_modifyTimestamp ) {
break;
}
}
}
if ( mod == *modtail ) {
if ( mod->sml_desc != slap_schema.si_ad_modifyTimestamp ) {
mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
mod->sml_op = mop;
mod->sml_op = LDAP_MOD_REPLACE;
mod->sml_flags = SLAP_MOD_INTERNAL;
mod->sml_next = NULL;
BER_BVZERO( &mod->sml_type );
@ -1068,8 +923,5 @@ int slap_mods_opattrs(
modtail = &mod->sml_next;
}
}
*modtail = NULL;
return LDAP_SUCCESS;
}

16
servers/slapd/modrdn.c
View file

@ -178,8 +178,6 @@ do_modrdn(
rs->sr_err = frontendDB->be_modrdn( op, rs );
cleanup:
slap_graduate_commit_csn( op );
op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
@ -386,7 +384,6 @@ slap_modrdn2mods(
Modifications **pmod )
{
Modifications *mod = NULL;
Modifications **modtail = &mod;
int a_cnt, d_cnt;
int repl_user;
@ -506,18 +503,7 @@ slap_modrdn2mods(
done:
if ( rs->sr_err == LDAP_SUCCESS && !repl_user ) {
char textbuf[ SLAP_TEXT_BUFLEN ];
size_t textlen = sizeof textbuf;
for( modtail = &mod;
*modtail != NULL;
modtail = &(*modtail)->sml_next )
{
/* empty */
}
rs->sr_err = slap_mods_opattrs( op, mod, modtail,
&rs->sr_text, textbuf, textlen, 1 );
slap_mods_opattrs( op, mod, 1 );
}
/* LDAP v2 supporting correct attribute handling. */

10
servers/slapd/mods.c
View file

@ -73,11 +73,15 @@ modify_add_values(
}
if ( permissive ) {
for ( i = 0; !BER_BVISNULL( &mod->sm_values[i] ); i++ ) /* count 'em */;
pmod.sm_values = (BerVarray)ch_malloc( (i + 1)*sizeof( struct berval ) );
for ( i = 0; !BER_BVISNULL( &mod->sm_values[i] ); i++ ) {
/* EMPTY -- just counting 'em */;
}
pmod.sm_values = (BerVarray)ch_malloc(
(i + 1) * sizeof( struct berval ));
if ( pmod.sm_nvalues != NULL ) {
pmod.sm_nvalues = (BerVarray)ch_malloc(
(i + 1)*sizeof( struct berval ) );
(i + 1) * sizeof( struct berval ));
}
}

23
servers/slapd/operation.c
View file

@ -112,6 +112,21 @@ slap_op_free( Operation *op )
ldap_pvt_thread_mutex_unlock( &slap_op_mutex );
}
void
slap_op_time(time_t *t, int *nop)
{
*t = slap_get_time();
ldap_pvt_thread_mutex_lock( &slap_op_mutex );
if ( *t == last_time ) {
*nop = ++last_incr;
} else {
last_time = *t;
last_incr = 0;
*nop = 0;
}
ldap_pvt_thread_mutex_unlock( &slap_op_mutex );
}
Operation *
slap_op_alloc(
BerElement *ber,
@ -139,13 +154,7 @@ slap_op_alloc(
op->o_msgid = msgid;
op->o_tag = tag;
op->o_time = slap_get_time();
if ( op->o_time == last_time ) {
op->o_tincr = ++last_incr;
} else {
last_time = op->o_time;
last_incr = 0; /* o_tincr is alredy zero */
}
slap_op_time( &op->o_time, &op->o_tincr );
op->o_opid = id;
op->o_res_ber = NULL;

351
servers/slapd/overlays/accesslog.c
View file

@ -58,6 +58,8 @@ typedef struct log_info {
int li_cycle;
struct re_s *li_task;
int li_success;
ldap_pvt_thread_mutex_t li_op_mutex;
ldap_pvt_thread_mutex_t li_log_mutex;
} log_info;
static ConfigDriver log_cf_gen;
@ -139,7 +141,7 @@ enum {
LOG_EN__COUNT
};
static ObjectClass *log_ocs[LOG_EN__COUNT];
static ObjectClass *log_ocs[LOG_EN__COUNT], *log_container;
#define LOG_SCHEMA_ROOT "1.3.6.1.4.1.4203.666.11.5"
@ -152,10 +154,8 @@ static AttributeDescription *ad_reqDN, *ad_reqStart, *ad_reqEnd, *ad_reqType,
*ad_reqNewSuperior, *ad_reqDeleteOldRDN, *ad_reqMod,
*ad_reqScope, *ad_reqFilter, *ad_reqAttr, *ad_reqEntries,
*ad_reqSizeLimit, *ad_reqTimeLimit, *ad_reqAttrsOnly, *ad_reqData,
*ad_reqId, *ad_reqMessage;
#if 0
static AttributeDescription *ad_oldest;
#endif
*ad_reqId, *ad_reqMessage, *ad_reqVersion, *ad_reqDerefAliases,
*ad_reqReferral, *ad_reqOld;
static struct {
char *at;
@ -188,97 +188,127 @@ static struct {
"EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )", &ad_reqSession },
{ "( " LOG_SCHEMA_AT ".6 NAME 'reqResult' "
"DESC 'Result code of request' "
"EQUALITY integerMatch "
"SYNTAX OMsInteger "
"SINGLE-VALUE )", &ad_reqResult },
{ "( " LOG_SCHEMA_AT ".7 NAME 'reqAuthzID' "
{ "( " LOG_SCHEMA_AT ".6 NAME 'reqAuthzID' "
"DESC 'Authorization ID of requestor' "
"EQUALITY distinguishedNameMatch "
"SYNTAX OMsDN "
"SINGLE-VALUE )", &ad_reqAuthzID },
{ "( " LOG_SCHEMA_AT ".8 NAME 'reqControls' "
{ "( " LOG_SCHEMA_AT ".7 NAME 'reqResult' "
"DESC 'Result code of request' "
"EQUALITY integerMatch "
"ORDERING integerOrderingMatch "
"SYNTAX OMsInteger "
"SINGLE-VALUE )", &ad_reqResult },
{ "( " LOG_SCHEMA_AT ".8 NAME 'reqMessage' "
"DESC 'Error text of request' "
"EQUALITY caseIgnoreMatch "
"SUBSTR caseIgnoreSubstringsMatch "
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )", &ad_reqMessage },
{ "( " LOG_SCHEMA_AT ".9 NAME 'reqReferral' "
"DESC 'Referrals returned for request' "
"SUP labeledURI )", &ad_reqReferral },
{ "( " LOG_SCHEMA_AT ".10 NAME 'reqControls' "
"DESC 'Request controls' "
"SYNTAX OMsOctetString )", &ad_reqControls },
{ "( " LOG_SCHEMA_AT ".9 NAME 'reqRespControls' "
{ "( " LOG_SCHEMA_AT ".11 NAME 'reqRespControls' "
"DESC 'Response controls of request' "
"SYNTAX OMsOctetString )", &ad_reqRespControls },
{ "( " LOG_SCHEMA_AT ".10 NAME 'reqMethod' "
{ "( " LOG_SCHEMA_AT ".12 NAME 'reqId' "
"DESC 'ID of Request to Abandon' "
"EQUALITY integerMatch "
"ORDERING integerOrderingMatch "
"SYNTAX OMsInteger "
"SINGLE-VALUE )", &ad_reqId },
{ "( " LOG_SCHEMA_AT ".13 NAME 'reqVersion' "
"DESC 'Protocol version of Bind request' "
"EQUALITY integerMatch "
"ORDERING integerOrderingMatch "
"SYNTAX OMsInteger "
"SINGLE-VALUE )", &ad_reqVersion },
{ "( " LOG_SCHEMA_AT ".14 NAME 'reqMethod' "
"DESC 'Bind method of request' "
"EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )", &ad_reqMethod },
{ "( " LOG_SCHEMA_AT ".11 NAME 'reqAssertion' "
{ "( " LOG_SCHEMA_AT ".15 NAME 'reqAssertion' "
"DESC 'Compare Assertion of request' "
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )", &ad_reqAssertion },
{ "( " LOG_SCHEMA_AT ".12 NAME 'reqNewRDN' "
{ "( " LOG_SCHEMA_AT ".16 NAME 'reqMod' "
"DESC 'Modifications of request' "
"EQUALITY octetStringMatch "
"SUBSTR octetStringSubstringsMatch "
"SYNTAX OMsOctetString )", &ad_reqMod },
{ "( " LOG_SCHEMA_AT ".17 NAME 'reqOld' "
"DESC 'Old values of entry before request completed' "
"EQUALITY octetStringMatch "
"SUBSTR octetStringSubstringsMatch "
"SYNTAX OMsOctetString )", &ad_reqOld },
{ "( " LOG_SCHEMA_AT ".18 NAME 'reqNewRDN' "
"DESC 'New RDN of request' "
"EQUALITY distinguishedNameMatch "
"SYNTAX OMsDN "
"SINGLE-VALUE )", &ad_reqNewRDN },
{ "( " LOG_SCHEMA_AT ".13 NAME 'reqNewSuperior' "
{ "( " LOG_SCHEMA_AT ".19 NAME 'reqDeleteOldRDN' "
"DESC 'Delete old RDN' "
"EQUALITY booleanMatch "
"SYNTAX OMsBoolean "
"SINGLE-VALUE )", &ad_reqDeleteOldRDN },
{ "( " LOG_SCHEMA_AT ".20 NAME 'reqNewSuperior' "
"DESC 'New superior DN of request' "
"EQUALITY distinguishedNameMatch "
"SYNTAX OMsDN "
"SINGLE-VALUE )", &ad_reqNewSuperior },
{ "( " LOG_SCHEMA_AT ".14 NAME 'reqDeleteOldRDN' "
"DESC 'Delete old RDN' "
"SYNTAX OMsBoolean "
"SINGLE-VALUE )", &ad_reqDeleteOldRDN },
{ "( " LOG_SCHEMA_AT ".15 NAME 'reqMod' "
"DESC 'Modifications of request' "
"SYNTAX OMsDirectoryString "
"EQUALITY caseIgnoreMatch "
"SUBSTR caseIgnoreSubstringsMatch )", &ad_reqMod },
{ "( " LOG_SCHEMA_AT ".16 NAME 'reqScope' "
{ "( " LOG_SCHEMA_AT ".21 NAME 'reqScope' "
"DESC 'Scope of request' "
"EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )", &ad_reqScope },
{ "( " LOG_SCHEMA_AT ".17 NAME 'reqFilter' "
"DESC 'Filter of request' "
{ "( " LOG_SCHEMA_AT ".22 NAME 'reqDerefAliases' "
"DESC 'Disposition of Aliases in request' "
"EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )", &ad_reqFilter },
{ "( " LOG_SCHEMA_AT ".18 NAME 'reqAttr' "
"DESC 'Attributes of request' "
"SYNTAX OMsDirectoryString )", &ad_reqAttr },
{ "( " LOG_SCHEMA_AT ".19 NAME 'reqEntries' "
"DESC 'Number of entries returned' "
"SYNTAX OMsInteger "
"SINGLE-VALUE )", &ad_reqEntries },
{ "( " LOG_SCHEMA_AT ".20 NAME 'reqSizeLimit' "
"DESC 'Size limit of request' "
"SYNTAX OMsInteger "
"SINGLE-VALUE )", &ad_reqSizeLimit },
{ "( " LOG_SCHEMA_AT ".21 NAME 'reqTimeLimit' "
"DESC 'Time limit of request' "
"SYNTAX OMsInteger "
"SINGLE-VALUE )", &ad_reqTimeLimit },
{ "( " LOG_SCHEMA_AT ".22 NAME 'reqAttrsOnly' "
"SINGLE-VALUE )", &ad_reqDerefAliases },
{ "( " LOG_SCHEMA_AT ".23 NAME 'reqAttrsOnly' "
"DESC 'Attributes and values of request' "
"EQUALITY booleanMatch "
"SYNTAX OMsBoolean "
"SINGLE-VALUE )", &ad_reqAttrsOnly },
{ "( " LOG_SCHEMA_AT ".23 NAME 'reqData' "
{ "( " LOG_SCHEMA_AT ".24 NAME 'reqFilter' "
"DESC 'Filter of request' "
"EQUALITY caseIgnoreMatch "
"SUBSTR caseIgnoreSubstringsMatch "
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )", &ad_reqFilter },
{ "( " LOG_SCHEMA_AT ".25 NAME 'reqAttr' "
"DESC 'Attributes of request' "
"EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString )", &ad_reqAttr },
{ "( " LOG_SCHEMA_AT ".26 NAME 'reqSizeLimit' "
"DESC 'Size limit of request' "
"EQUALITY integerMatch "
"ORDERING integerOrderingMatch "
"SYNTAX OMsInteger "
"SINGLE-VALUE )", &ad_reqSizeLimit },
{ "( " LOG_SCHEMA_AT ".27 NAME 'reqTimeLimit' "
"DESC 'Time limit of request' "
"EQUALITY integerMatch "
"ORDERING integerOrderingMatch "
"SYNTAX OMsInteger "
"SINGLE-VALUE )", &ad_reqTimeLimit },
{ "( " LOG_SCHEMA_AT ".28 NAME 'reqEntries' "
"DESC 'Number of entries returned' "
"EQUALITY integerMatch "
"ORDERING integerOrderingMatch "
"SYNTAX OMsInteger "
"SINGLE-VALUE )", &ad_reqEntries },
{ "( " LOG_SCHEMA_AT ".29 NAME 'reqData' "
"DESC 'Data of extended request' "
"EQUALITY octetStringMatch "
"SUBSTR octetStringSubstringsMatch "
"SYNTAX OMsOctetString "
"SINGLE-VALUE )", &ad_reqData },
{ "( " LOG_SCHEMA_AT ".24 NAME 'reqId' "
"DESC 'ID of Request to Abandon' "
"SYNTAX OMsInteger "
"SINGLE-VALUE )", &ad_reqId },
{ "( " LOG_SCHEMA_AT ".25 NAME 'reqMessage' "
"DESC 'Error text of request' "
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )", &ad_reqMessage },
#if 0
{ "( " LOG_SCHEMA_AT ".26 NAME 'auditOldest' "
"DESC 'Oldest record in this branch' "
"EQUALITY generalizedTimeMatch "
"ORDERING generalizedTimeOrderingMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
"SINGLE-VALUE )", &ad_oldest },
#endif
{ NULL, NULL }
};
@ -286,24 +316,23 @@ static struct {
char *ot;
ObjectClass **oc;
} locs[] = {
#if 0
{ "( " LOG_SCHEMA_OC ".0 NAME 'auditContainer' "
"DESC 'AuditLog container' "
"SUP top STRUCTURAL "
"MUST auditOldest "
"MAY cn )", &oc_container },
#endif
"MAY ( cn $ reqStart $ reqEnd ) )", &log_container },
{ "( " LOG_SCHEMA_OC ".1 NAME 'auditObject' "
"DESC 'OpenLDAP request auditing' "
"SUP top STRUCTURAL "
"MUST ( reqStart $ reqType $ reqSession ) "
"MAY ( reqDN $ reqAuthzID $ reqControls $ reqRespControls $ reqEnd $ "
"reqResult $ reqMessage ) )", &log_ocs[LOG_EN_UNBIND] },
"reqResult $ reqMessage $ reqReferral ) )",
&log_ocs[LOG_EN_UNBIND] },
{ "( " LOG_SCHEMA_OC ".2 NAME 'auditReadObject' "
"DESC 'OpenLDAP read request record' "
"SUP auditObject STRUCTURAL )", NULL },
{ "( " LOG_SCHEMA_OC ".3 NAME 'auditWriteObject' "
"DESC 'OpenLDAP write request record' "
"SUP auditObject STRUCTURAL )", &log_ocs[LOG_EN_DELETE] },
"SUP auditObject STRUCTURAL )", NULL },
{ "( " LOG_SCHEMA_OC ".4 NAME 'auditAbandon' "
"DESC 'Abandon operation' "
"SUP auditObject STRUCTURAL "
@ -315,27 +344,31 @@ static struct {
{ "( " LOG_SCHEMA_OC ".6 NAME 'auditBind' "
"DESC 'Bind operation' "
"SUP auditObject STRUCTURAL "
"MUST reqMethod )", &log_ocs[LOG_EN_BIND] },
"MUST ( reqVersion $ reqMethod ) )", &log_ocs[LOG_EN_BIND] },
{ "( " LOG_SCHEMA_OC ".7 NAME 'auditCompare' "
"DESC 'Compare operation' "
"SUP auditReadObject STRUCTURAL "
"MUST reqAssertion )", &log_ocs[LOG_EN_COMPARE] },
{ "( " LOG_SCHEMA_OC ".8 NAME 'auditModify' "
{ "( " LOG_SCHEMA_OC ".8 NAME 'auditDelete' "
"DESC 'Delete operation' "
"SUP auditWriteObject STRUCTURAL "
"MAY reqOld )", &log_ocs[LOG_EN_DELETE] },
{ "( " LOG_SCHEMA_OC ".9 NAME 'auditModify' "
"DESC 'Modify operation' "
"SUP auditWriteObject STRUCTURAL "
"MUST reqMod )", &log_ocs[LOG_EN_MODIFY] },
{ "( " LOG_SCHEMA_OC ".9 NAME 'auditModRDN' "
"MAY reqOld MUST reqMod )", &log_ocs[LOG_EN_MODIFY] },
{ "( " LOG_SCHEMA_OC ".10 NAME 'auditModRDN' "
"DESC 'ModRDN operation' "
"SUP auditWriteObject STRUCTURAL "
"MUST ( reqNewRDN $ reqDeleteOldRDN ) "
"MAY reqNewSuperior )", &log_ocs[LOG_EN_MODRDN] },
{ "( " LOG_SCHEMA_OC ".10 NAME 'auditSearch' "
{ "( " LOG_SCHEMA_OC ".11 NAME 'auditSearch' "
"DESC 'Search operation' "
"SUP auditReadObject STRUCTURAL "
"MUST ( reqScope $ reqAttrsonly ) "
"MUST ( reqScope $ reqDerefAliases $ reqAttrsonly ) "
"MAY ( reqFilter $ reqAttr $ reqEntries $ reqSizeLimit $ "
"reqTimeLimit ) )", &log_ocs[LOG_EN_SEARCH] },
{ "( " LOG_SCHEMA_OC ".11 NAME 'auditExtended' "
{ "( " LOG_SCHEMA_OC ".12 NAME 'auditExtended' "
"DESC 'Extended operation' "
"SUP auditObject STRUCTURAL "
"MAY reqData )", &log_ocs[LOG_EN_EXTENDED] },
@ -344,22 +377,26 @@ static struct {
#define RDNEQ "reqStart="
/* Our time intervals are of the form [dd+]hh:mm[:ss]
* If a field is present, it must be two digits. We assume no one
* will want to keep log records for longer than 99 days.
/* Our time intervals are of the form [ddd+]hh:mm[:ss]
* If a field is present, it must be two digits. (Except for
* days, which can be arbitrary width.)
*/
static int
log_age_parse(char *agestr)
{
int t1, t2;
int gotdays = 0;
char *endptr;
t1 = atoi( agestr );
t1 = strtol( agestr, &endptr, 10 );
/* Is there a days delimiter? */
if ( agestr[2] == '+' ) {
if ( *endptr == '+' ) {
/* 32 bit time only covers about 68 years */
if ( t1 < 0 || t1 > 25000 )
return -1;
t1 *= 24;
gotdays = 1;
} else if ( agestr[2] != ':' ) {
} else if ( *endptr != ':' ) {
/* No valid delimiter found, fail */
return -1;
}
@ -419,7 +456,7 @@ log_age_unparse( int age, struct berval *agebv )
ptr = agebv->bv_val;
if ( dd )
ptr += sprintf( ptr, "%02d+", dd );
ptr += sprintf( ptr, "%d+", dd );
ptr += sprintf( ptr, "%02d:%02d", hh, mm );
if ( ss )
ptr += sprintf( ptr, ":%02d", ss );
@ -539,7 +576,7 @@ log_cf_gen(ConfigArgs *c)
struct log_info *li = on->on_bi.bi_private;
int rc = 0;
slap_mask_t tmask = 0;
char agebuf[2*STRLENOF("dd+hh:mm:ss ")];
char agebuf[2*STRLENOF("ddddd+hh:mm:ss ")];
struct berval agebv, cyclebv;
switch( c->op ) {
@ -649,7 +686,8 @@ log_cf_gen(ConfigArgs *c)
return rc;
}
static Entry *accesslog_entry( Operation *op, int logop ) {
static Entry *accesslog_entry( Operation *op, int logop,
Operation *op2 ) {
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
log_info *li = on->on_bi.bi_private;
@ -690,6 +728,15 @@ static Entry *accesslog_entry( Operation *op, int logop ) {
attr_merge_one( e, ad_reqStart, &timestamp, &ntimestamp );
op->o_tmpfree( ntimestamp.bv_val, op->o_tmpmemctx );
slap_op_time( &op2->o_time, &op2->o_tincr );
timestamp.bv_len = sizeof(rdnbuf) - STRLENOF(RDNEQ);
slap_timestamp( &op2->o_time, &timestamp );
sprintf( timestamp.bv_val + timestamp.bv_len-1, ".%06dZ", op2->o_tincr );
timestamp.bv_len += 7;
attr_merge_normalize_one( e, ad_reqEnd, &timestamp, op->o_tmpmemctx );
/* Exops have OID appended */
if ( logop == LOG_EN_EXTENDED ) {
bv.bv_len = lo->word.bv_len + op->ore_reqoid.bv_len + 2;
@ -721,9 +768,16 @@ static Entry *accesslog_entry( Operation *op, int logop ) {
static struct berval scopes[] = {
BER_BVC("base"),
BER_BVC("onelevel"),
BER_BVC("subtree"),
BER_BVC("subordinate")
BER_BVC("one"),
BER_BVC("sub"),
BER_BVC("subord")
};
static struct berval derefs[] = {
BER_BVC("never"),
BER_BVC("searching"),
BER_BVC("finding"),
BER_BVC("always")
};
static struct berval simple = BER_BVC("SIMPLE");
@ -734,12 +788,11 @@ static int accesslog_response(Operation *op, SlapReply *rs) {
Attribute *a, *last_attr;
Modifications *m;
struct berval *b;
time_t endtime;
int i;
int logop;
slap_verbmasks *lo;
Entry *e;
char timebuf[LDAP_LUTIL_GENTIME_BUFSIZE];
char timebuf[LDAP_LUTIL_GENTIME_BUFSIZE+8];
struct berval bv;
char *ptr;
BerVarray vals;
@ -749,9 +802,6 @@ static int accesslog_response(Operation *op, SlapReply *rs) {
if ( rs->sr_type != REP_RESULT && rs->sr_type != REP_EXTENDED )
return SLAP_CB_CONTINUE;
if ( li->li_success && rs->sr_err != LDAP_SUCCESS )
return SLAP_CB_CONTINUE;
switch ( op->o_tag ) {
case LDAP_REQ_ADD: logop = LOG_EN_ADD; break;
case LDAP_REQ_DELETE: logop = LOG_EN_DELETE; break;
@ -769,15 +819,15 @@ static int accesslog_response(Operation *op, SlapReply *rs) {
if ( !( li->li_ops & lo->mask ))
return SLAP_CB_CONTINUE;
endtime = slap_get_time();
if ( lo->mask & LOG_OP_WRITES ) {
ldap_pvt_thread_mutex_lock( &li->li_log_mutex );
ldap_pvt_thread_mutex_unlock( &li->li_op_mutex );
}
e = accesslog_entry( op, logop );
if ( li->li_success && rs->sr_err != LDAP_SUCCESS )
goto done;
bv.bv_val = timebuf;
bv.bv_len = sizeof(timebuf);
slap_timestamp( &endtime, &bv );
attr_merge_one( e, ad_reqEnd, &bv, NULL );
e = accesslog_entry( op, logop, &op2 );
attr_merge_one( e, ad_reqDN, &op->o_req_dn, &op->o_req_ndn );
@ -915,6 +965,7 @@ static int accesslog_response(Operation *op, SlapReply *rs) {
case LOG_EN_SEARCH:
attr_merge_one( e, ad_reqScope, &scopes[op->ors_scope], NULL );
attr_merge_one( e, ad_reqDerefAliases, &derefs[op->ors_deref], NULL );
attr_merge_one( e, ad_reqAttrsOnly, op->ors_attrsonly ?
(struct berval *)&slap_true_bv : (struct berval *)&slap_false_bv,
NULL );
@ -943,6 +994,9 @@ static int accesslog_response(Operation *op, SlapReply *rs) {
break;
case LOG_EN_BIND:
bv.bv_val = timebuf;
bv.bv_len = sprintf( bv.bv_val, "%d", op->o_protocol );
attr_merge_one( e, ad_reqVersion, &bv, NULL );
if ( op->orb_method == LDAP_AUTH_SIMPLE ) {
attr_merge_one( e, ad_reqMethod, &simple, NULL );
} else {
@ -955,6 +1009,7 @@ static int accesslog_response(Operation *op, SlapReply *rs) {
attr_merge_one( e, ad_reqMethod, &bv, NULL );
op->o_tmpfree( bv.bv_val, op->o_tmpmemctx );
}
break;
case LOG_EN_EXTENDED:
@ -970,8 +1025,6 @@ static int accesslog_response(Operation *op, SlapReply *rs) {
op2.o_hdr = op->o_hdr;
op2.o_tag = LDAP_REQ_ADD;
op2.o_time = endtime;
op2.o_tincr = 0;
op2.o_bd = li->li_db;
op2.o_dn = li->li_db->be_rootdn;
op2.o_ndn = li->li_db->be_rootndn;
@ -980,16 +1033,71 @@ static int accesslog_response(Operation *op, SlapReply *rs) {
op2.ora_e = e;
op2.o_callback = &nullsc;
if ( lo->mask & LOG_OP_WRITES ) {
slap_get_commit_csn( op, NULL, &bv );
attr_merge_one( e, slap_schema.si_ad_entryCSN, &bv, NULL );
slap_queue_csn( &op2, &bv );
if (( lo->mask & LOG_OP_WRITES ) && !BER_BVISEMPTY( &op->o_csn )) {
slap_queue_csn( &op2, &op->o_csn );
}
op2.o_bd->be_add( &op2, &rs2 );
slap_graduate_commit_csn( &op2 );
entry_free( e );
done:
ldap_pvt_thread_mutex_unlock( &li->li_log_mutex );
return SLAP_CB_CONTINUE;
}
/* Since Bind success is sent by the frontend, it won't normally enter
* the overlay response callback. Add another callback to make sure it
* gets here.
*/
static int
accesslog_bind_resp( Operation *op, SlapReply *rs )
{
BackendDB *be, db;
int rc;
slap_callback *sc;
be = op->o_bd;
db = *be;
op->o_bd = &db;
db.bd_info = op->o_callback->sc_private;
rc = accesslog_response( op, rs );
op->o_bd = be;
sc = op->o_callback;
op->o_callback = sc->sc_next;
op->o_tmpfree( sc, op->o_tmpmemctx );
return rc;
}
static int
accesslog_op_bind( Operation *op, SlapReply *rs )
{
slap_callback *sc;
sc = op->o_tmpcalloc( 1, sizeof(slap_callback), op->o_tmpmemctx );
sc->sc_response = accesslog_bind_resp;
sc->sc_private = op->o_bd->bd_info;
if ( op->o_callback ) {
sc->sc_next = op->o_callback->sc_next;
op->o_callback->sc_next = sc;
} else {
op->o_callback = sc;
}
return SLAP_CB_CONTINUE;
}
static int
accesslog_op_mod( Operation *op, SlapReply *rs )
{
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
log_info *li = on->on_bi.bi_private;
if ( li->li_ops & LOG_OP_WRITES ) {
/* FIXME: this needs to be a recursive mutex to allow
* overlays like refint to keep working.
*/
ldap_pvt_thread_mutex_lock( &li->li_op_mutex );
}
return SLAP_CB_CONTINUE;
}
@ -999,21 +1107,20 @@ static int accesslog_response(Operation *op, SlapReply *rs) {
static int
accesslog_unbind( Operation *op, SlapReply *rs )
{
if ( op->o_conn->c_authz_backend == op->o_bd ) {
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
if ( op->o_conn->c_authz_backend == on->on_info->oi_origdb ) {
log_info *li = on->on_bi.bi_private;
Operation op2;
void *cids[SLAP_MAX_CIDS];
SlapReply rs2 = {REP_RESULT};
Entry *e;
if ( !( li->li_ops & LOG_OP_UNBIND ))
return SLAP_CB_CONTINUE;
e = accesslog_entry( op, LOG_EN_UNBIND );
e = accesslog_entry( op, LOG_EN_UNBIND, &op2 );
op2.o_hdr = op->o_hdr;
op2.o_tag = LDAP_REQ_ADD;
op2.o_time = op->o_time;
op2.o_tincr = 0;
op2.o_bd = li->li_db;
op2.o_dn = li->li_db->be_rootdn;
op2.o_ndn = li->li_db->be_rootndn;
@ -1021,6 +1128,9 @@ accesslog_unbind( Operation *op, SlapReply *rs )
op2.o_req_ndn = e->e_nname;
op2.ora_e = e;
op2.o_callback = &nullsc;
op2.o_controls = cids;
memset(cids, 0, sizeof( cids ));
memset(op2.o_ctrlflag, 0, sizeof( op2.o_ctrlflag ));
op2.o_bd->be_add( &op2, &rs2 );
entry_free( e );
@ -1034,6 +1144,7 @@ accesslog_abandon( Operation *op, SlapReply *rs )
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
log_info *li = on->on_bi.bi_private;
Operation op2;
void *cids[SLAP_MAX_CIDS];
SlapReply rs2 = {REP_RESULT};
Entry *e;
char buf[64];
@ -1042,15 +1153,13 @@ accesslog_abandon( Operation *op, SlapReply *rs )
if ( !op->o_time || !( li->li_ops & LOG_OP_ABANDON ))
return SLAP_CB_CONTINUE;
e = accesslog_entry( op, LOG_EN_ABANDON );
e = accesslog_entry( op, LOG_EN_ABANDON, &op2 );
bv.bv_val = buf;
bv.bv_len = sprintf( buf, "%d", op->orn_msgid );
attr_merge_one( e, ad_reqId, &bv, NULL );
op2.o_hdr = op->o_hdr;
op2.o_tag = LDAP_REQ_ADD;
op2.o_time = op->o_time;
op2.o_tincr = 0;
op2.o_bd = li->li_db;
op2.o_dn = li->li_db->be_rootdn;
op2.o_ndn = li->li_db->be_rootndn;
@ -1058,6 +1167,9 @@ accesslog_abandon( Operation *op, SlapReply *rs )
op2.o_req_ndn = e->e_nname;
op2.ora_e = e;
op2.o_callback = &nullsc;
op2.o_controls = cids;
memset(cids, 0, sizeof( cids ));
memset(op2.o_ctrlflag, 0, sizeof( op2.o_ctrlflag ));
op2.o_bd->be_add( &op2, &rs2 );
entry_free( e );
@ -1076,6 +1188,8 @@ accesslog_db_init(
log_info *li = ch_calloc(1, sizeof(log_info));
on->on_bi.bi_private = li;
ldap_pvt_thread_mutex_init( &li->li_op_mutex );
ldap_pvt_thread_mutex_init( &li->li_log_mutex );
return 0;
}
@ -1087,6 +1201,8 @@ accesslog_db_destroy(
slap_overinst *on = (slap_overinst *)be->bd_info;
log_info *li = on->on_bi.bi_private;
ldap_pvt_thread_mutex_destroy( &li->li_log_mutex );
ldap_pvt_thread_mutex_destroy( &li->li_op_mutex );
free( li );
return LDAP_SUCCESS;
}
@ -1099,6 +1215,11 @@ int accesslog_init()
accesslog.on_bi.bi_db_init = accesslog_db_init;
accesslog.on_bi.bi_db_destroy = accesslog_db_destroy;
accesslog.on_bi.bi_op_add = accesslog_op_mod;
accesslog.on_bi.bi_op_bind = accesslog_op_bind;
accesslog.on_bi.bi_op_delete = accesslog_op_mod;
accesslog.on_bi.bi_op_modify = accesslog_op_mod;
accesslog.on_bi.bi_op_modrdn = accesslog_op_mod;
accesslog.on_bi.bi_op_unbind = accesslog_unbind;
accesslog.on_bi.bi_op_abandon = accesslog_abandon;
accesslog.on_response = accesslog_response;

8
servers/slapd/overlays/lastmod.c
View file

@ -370,7 +370,9 @@ best_guess( Operation *op,
char csnbuf[ LDAP_LUTIL_CSNSTR_BUFSIZE ];
struct berval entryCSN;
slap_get_csn( NULL, csnbuf, sizeof(csnbuf), &entryCSN, 0 );
entryCSN.bv_val = csnbuf;
entryCSN.bv_len = sizeof( csnbuf );
slap_get_csn( NULL, &entryCSN, 0 );
ber_dupbv( bv_entryCSN, &entryCSN );
ber_dupbv( bv_nentryCSN, &entryCSN );
@ -909,7 +911,9 @@ lastmod_db_open(
timestamp.bv_len = sizeof(tmbuf);
slap_timestamp( &starttime, &timestamp );
slap_get_csn( NULL, csnbuf, sizeof(csnbuf), &entryCSN, 0 );
entryCSN.bv_val = csnbuf;
entryCSN.bv_len = sizeof( csnbuf );
slap_get_csn( NULL, &entryCSN, 0 );
if ( BER_BVISNULL( &lmi->lmi_rdnvalue ) ) {
ber_str2bv( "Lastmod", 0, 1, &lmi->lmi_rdnvalue );

38
servers/slapd/overlays/ppolicy.c
View file

@ -1179,11 +1179,12 @@ ppolicy_modify( Operation *op, SlapReply *rs )
*/
if ( be_shadow_update( op )) {
Modifications **prev;
int got_del_grace = 0, got_del_lock = 0, got_pw = 0;
Attribute *a_grace, *a_lock;
int got_del_grace = 0, got_del_lock = 0, got_pw = 0, got_del_fail = 0;
Attribute *a_grace, *a_lock, *a_fail;
a_grace = attr_find( e->e_attrs, ad_pwdGraceUseTime );
a_lock = attr_find( e->e_attrs, ad_pwdAccountLockedTime );
a_fail = attr_find( e->e_attrs, ad_pwdFailureTime );
for( prev = &op->oq_modify.rs_modlist, ml = *prev; ml;
prev = &ml->sml_next, ml = *prev ) {
@ -1206,6 +1207,11 @@ ppolicy_modify( Operation *op, SlapReply *rs )
got_del_lock = 1;
if ( !a_lock )
drop = 1;
} else
if ( ml->sml_desc == ad_pwdFailureTime ) {
got_del_fail = 1;
if ( !a_fail )
drop = 1;
}
if ( drop ) {
*prev = ml->sml_next;
@ -1215,8 +1221,8 @@ ppolicy_modify( Operation *op, SlapReply *rs )
}
}
/* If we're resetting the password, make sure grace and accountlock
* also get removed.
/* If we're resetting the password, make sure grace, accountlock,
* and failure also get removed.
*/
if ( got_pw ) {
if ( a_grace && !got_del_grace ) {
@ -1242,6 +1248,17 @@ ppolicy_modify( Operation *op, SlapReply *rs )
ml->sml_next = NULL;
*prev = ml;
}
if ( a_fail && !got_del_fail ) {
ml = (Modifications *) ch_malloc( sizeof( Modifications ) );
ml->sml_op = LDAP_MOD_DELETE;
ml->sml_flags = SLAP_MOD_INTERNAL;
ml->sml_type.bv_val = NULL;
ml->sml_desc = ad_pwdFailureTime;
ml->sml_values = NULL;
ml->sml_nvalues = NULL;
ml->sml_next = NULL;
*prev = ml;
}
}
op->o_bd->bd_info = (BackendInfo *)on->on_info;
be_entry_release_r( op, e );
@ -1577,6 +1594,19 @@ do_modify:
modtail = mods;
}
if (attr_find(e->e_attrs, ad_pwdFailureTime )) {
mods = (Modifications *) ch_malloc( sizeof( Modifications ) );
mods->sml_op = LDAP_MOD_DELETE;
mods->sml_flags = SLAP_MOD_INTERNAL;
mods->sml_type.bv_val = NULL;
mods->sml_desc = ad_pwdFailureTime;
mods->sml_values = NULL;
mods->sml_nvalues = NULL;
mods->sml_next = NULL;
modtail->sml_next = mods;
modtail = mods;
}
/* Delete the pwdReset attribute, since it's being reset */
if ((zapReset) && (attr_find(e->e_attrs, ad_pwdReset ))) {
mods = (Modifications *) ch_malloc( sizeof( Modifications ) );

6
servers/slapd/overlays/refint.c
View file

@ -621,10 +621,6 @@ refint_response(
*/
for(dp = dd.mods; dp; dp = dp->next) {
Modifications **tail, *m;
for(m = dp->mm; m && m->sml_next; m = m->sml_next);
tail = &m->sml_next;
nop.o_req_dn = dp->dn;
nop.o_req_ndn = dp->dn;
nop.o_bd = select_backend(&dp->dn, 0, 1);
@ -637,8 +633,6 @@ refint_response(
nop.orm_modlist = dp->mm; /* callback did all the work */
nop.o_dn = refint_dn;
nop.o_ndn = refint_dn;
rs->sr_err = slap_mods_opattrs( &nop, nop.orm_modlist,
tail, &rs->sr_text, NULL, 0, 1 );
nop.o_dn = nop.o_bd->be_rootdn;
nop.o_ndn = nop.o_bd->be_rootndn;
if(rs->sr_err != LDAP_SUCCESS) goto done;

22
servers/slapd/overlays/rwm.c
View file

@ -695,7 +695,7 @@ rwm_op_search( Operation *op, SlapReply *rs )
dc.normalized = 0;
#endif /* ! ENABLE_REWRITE */
rc = rwm_filter_map_rewrite( &dc, op->ors_filter, &fstr );
rc = rwm_filter_map_rewrite( op, &dc, op->ors_filter, &fstr );
if ( rc != LDAP_SUCCESS ) {
text = "searchFilter/searchFilterAttrDN massage error";
goto error_return;
@ -1043,6 +1043,7 @@ rwm_send_entry( Operation *op, SlapReply *rs )
goto fail;
}
flags &= ~REP_ENTRY_MUSTRELEASE;
flags |= ( REP_ENTRY_MODIFIABLE | REP_ENTRY_MUSTBEFREED );
}
@ -1075,11 +1076,9 @@ rwm_send_entry( Operation *op, SlapReply *rs )
* to return, and remap them accordingly */
(void)rwm_attrs( op, rs, &e->e_attrs, 1 );
#if 0
if ( rs->sr_operational_attrs ) {
(void)rwm_attrs( op, rs, &rs->sr_operational_attrs, 0 );
if ( rs->sr_flags & REP_ENTRY_MUSTRELEASE ) {
be_entry_release_rw( op, rs->sr_entry, 0 );
}
#endif
rs->sr_entry = e;
rs->sr_flags = flags;
@ -1395,9 +1394,14 @@ rwm_db_config(
} else if ( strcasecmp( argv[ 1 ], "yes" ) == 0 ) {
rwmap->rwm_flags |= RWM_F_SUPPORT_T_F;
#if 0
/* TODO: not implemented yet */
} else if ( strcasecmp( argv[ 1 ], "discover" ) == 0 ) {
fprintf( stderr,
"%s: line %d: \"discover\" not supported yet "
"in \"t-f-support {no|yes|discover}\".\n",
fname, lineno );
return( 1 );
#if 0
rwmap->rwm_flags |= RWM_F_SUPPORT_T_F_DISCOVER;
#endif
@ -1477,7 +1481,7 @@ rwm_db_destroy(
(struct ldaprwmap *)on->on_bi.bi_private;
#ifdef ENABLE_REWRITE
if (rwmap->rwm_rw) {
if ( rwmap->rwm_rw ) {
rewrite_info_delete( &rwmap->rwm_rw );
}
#else /* !ENABLE_REWRITE */
@ -1486,9 +1490,9 @@ rwm_db_destroy(
}
#endif /* !ENABLE_REWRITE */
avl_free( rwmap->rwm_oc.remap, NULL );
avl_free( rwmap->rwm_oc.remap, rwm_mapping_dst_free );
avl_free( rwmap->rwm_oc.map, rwm_mapping_free );
avl_free( rwmap->rwm_at.remap, NULL );
avl_free( rwmap->rwm_at.remap, rwm_mapping_dst_free );
avl_free( rwmap->rwm_at.map, rwm_mapping_free );
ch_free( rwmap );

3
servers/slapd/overlays/rwm.h
View file

@ -138,6 +138,8 @@ rwm_map_attrnames(
AttributeName **anp,
int remap );
extern void rwm_mapping_dst_free ( void *mapping );
extern void rwm_mapping_free ( void *mapping );
extern int rwm_map_config(
@ -150,6 +152,7 @@ extern int rwm_map_config(
extern int
rwm_filter_map_rewrite(
Operation *op,
dncookie *dc,
Filter *f,
struct berval *fstr );

6
servers/slapd/overlays/rwmconf.c
View file

@ -146,7 +146,7 @@ rwm_map_config(
if ( mapping[0].m_dst_oc == NULL ) {
fprintf( stderr, "%s: line %d: unable to mimic destination objectClass '%s'\n",
fname, lineno, dst );
return 1;
goto error_return;
}
#if 0
@ -186,7 +186,7 @@ rwm_map_config(
fprintf( stderr,
"%s: line %d: source attributeType '%s': %d (%s)\n",
fname, lineno, src, rc, text ? text : "null" );
return 1;
goto error_return;
}
}
@ -207,7 +207,7 @@ rwm_map_config(
fprintf( stderr,
"%s: line %d: destination attributeType '%s': %d (%s)\n",
fname, lineno, dst, rc, text ? text : "null" );
return 1;
goto error_return;
}
}
mapping[1].m_src_ad = mapping[0].m_dst_ad;

72
servers/slapd/overlays/rwmmap.c
View file

@ -442,6 +442,7 @@ map_attr_value(
static int
rwm_int_filter_map_rewrite(
Operation *op,
dncookie *dc,
Filter *f,
struct berval *fstr )
@ -450,7 +451,7 @@ rwm_int_filter_map_rewrite(
Filter *p;
struct berval atmp,
vtmp,
tmp;
*tmp;
static struct berval
/* better than nothing... */
ber_bvfalse = BER_BVC( "(!(objectClass=*))" ),
@ -469,7 +470,7 @@ rwm_int_filter_map_rewrite(
if ( f == NULL ) {
ber_dupbv( fstr, &ber_bvnone );
return -1;
return LDAP_OTHER;
}
switch ( f->f_choice ) {
@ -477,7 +478,7 @@ rwm_int_filter_map_rewrite(
if ( map_attr_value( dc, &f->f_av_desc, &atmp,
&f->f_av_value, &vtmp, RWM_MAP ) )
{
return -1;
goto computed;
}
fstr->bv_len = atmp.bv_len + vtmp.bv_len + STRLENOF( "(=)" );
@ -493,7 +494,7 @@ rwm_int_filter_map_rewrite(
if ( map_attr_value( dc, &f->f_av_desc, &atmp,
&f->f_av_value, &vtmp, RWM_MAP ) )
{
return -1;
goto computed;
}
fstr->bv_len = atmp.bv_len + vtmp.bv_len + STRLENOF( "(>=)" );
@ -509,7 +510,7 @@ rwm_int_filter_map_rewrite(
if ( map_attr_value( dc, &f->f_av_desc, &atmp,
&f->f_av_value, &vtmp, RWM_MAP ) )
{
return -1;
goto computed;
}
fstr->bv_len = atmp.bv_len + vtmp.bv_len + STRLENOF( "(<=)" );
@ -525,7 +526,7 @@ rwm_int_filter_map_rewrite(
if ( map_attr_value( dc, &f->f_av_desc, &atmp,
&f->f_av_value, &vtmp, RWM_MAP ) )
{
return -1;
goto computed;
}
fstr->bv_len = atmp.bv_len + vtmp.bv_len + STRLENOF( "(~=)" );
@ -541,7 +542,7 @@ rwm_int_filter_map_rewrite(
if ( map_attr_value( dc, &f->f_sub_desc, &atmp,
NULL, NULL, RWM_MAP ) )
{
return -1;
goto computed;
}
/* cannot be a DN ... */
@ -603,7 +604,7 @@ rwm_int_filter_map_rewrite(
if ( map_attr_value( dc, &f->f_desc, &atmp,
NULL, NULL, RWM_MAP ) )
{
return -1;
goto computed;
}
fstr->bv_len = atmp.bv_len + STRLENOF( "(=*)" );
@ -624,11 +625,13 @@ rwm_int_filter_map_rewrite(
f->f_choice == LDAP_FILTER_OR ? '|' : '!' );
for ( p = f->f_list; p != NULL; p = p->f_next ) {
int rc;
len = fstr->bv_len;
if ( rwm_int_filter_map_rewrite( dc, p, &vtmp ) )
{
return -1;
rc = rwm_int_filter_map_rewrite( op, dc, p, &vtmp );
if ( rc != LDAP_SUCCESS ) {
return rc;
}
fstr->bv_len += vtmp.bv_len;
@ -647,7 +650,7 @@ rwm_int_filter_map_rewrite(
if ( map_attr_value( dc, &f->f_mr_desc, &atmp,
&f->f_mr_value, &vtmp, RWM_MAP ) )
{
return -1;
goto computed;
}
} else {
@ -672,33 +675,39 @@ rwm_int_filter_map_rewrite(
break;
}
case 0:
computed:;
filter_free_x( op, f );
f->f_choice = SLAPD_FILTER_COMPUTED;
f->f_result = SLAPD_COMPARE_UNDEFINED;
/* fallthru */
case SLAPD_FILTER_COMPUTED:
switch ( f->f_result ) {
case LDAP_COMPARE_FALSE:
/* FIXME: treat UNDEFINED as FALSE */
case SLAPD_COMPARE_UNDEFINED:
if ( dc->rwmap->rwm_flags & RWM_F_SUPPORT_T_F ) {
tmp = ber_bvtf_false;
tmp = &ber_bvtf_false;
break;
}
/* fallthru */
case SLAPD_COMPARE_UNDEFINED:
tmp = ber_bvfalse;
tmp = &ber_bvfalse;
break;
case LDAP_COMPARE_TRUE:
if ( dc->rwmap->rwm_flags & RWM_F_SUPPORT_T_F ) {
tmp = ber_bvtf_true;
} else {
tmp = ber_bvtrue;
tmp = &ber_bvtf_true;
break;
}
tmp = &ber_bvtrue;
break;
default:
tmp = ber_bverror;
tmp = &ber_bverror;
break;
}
ber_dupbv( fstr, &tmp );
ber_dupbv( fstr, tmp );
break;
default:
@ -706,11 +715,12 @@ rwm_int_filter_map_rewrite(
break;
}
return 0;
return LDAP_SUCCESS;
}
int
rwm_filter_map_rewrite(
Operation *op,
dncookie *dc,
Filter *f,
struct berval *fstr )
@ -719,10 +729,10 @@ rwm_filter_map_rewrite(
dncookie fdc;
struct berval ftmp;
rc = rwm_int_filter_map_rewrite( dc, f, fstr );
rc = rwm_int_filter_map_rewrite( op, dc, f, fstr );
#ifdef ENABLE_REWRITE
if ( rc != LDAP_SUCCESS ) {
if ( rc != 0 ) {
return rc;
}
@ -766,8 +776,8 @@ rwm_filter_map_rewrite(
rc = LDAP_OTHER;
break;
}
#endif /* ENABLE_REWRITE */
return rc;
}
@ -1188,6 +1198,16 @@ rwm_dnattr_result_rewrite(
return 0;
}
void
rwm_mapping_dst_free( void *v_mapping )
{
struct ldapmapping *mapping = v_mapping;
if ( BER_BVISEMPTY( &mapping[0].m_dst ) ) {
rwm_mapping_free( &mapping[ -1 ] );
}
}
void
rwm_mapping_free( void *v_mapping )
{

44
servers/slapd/overlays/syncprov.c
View file

@ -122,6 +122,7 @@ typedef struct syncprov_info_t {
int si_chktime;
int si_numops; /* number of ops since last checkpoint */
int si_nopres; /* Skip present phase */
int si_usehint; /* use reload hint */
time_t si_chklast; /* time of last checkpoint */
Avlnode *si_mods; /* entries being modified */
sessionlog *si_logs;
@ -382,6 +383,9 @@ findbase_cb( Operation *op, SlapReply *rs )
return LDAP_SUCCESS;
}
static Filter generic_filter = { LDAP_FILTER_PRESENT, { 0 }, NULL };
static struct berval generic_filterstr = BER_BVC("(objectclass=*)");
static int
syncprov_findbase( Operation *op, fbase_cookie *fc )
{
@ -421,6 +425,8 @@ syncprov_findbase( Operation *op, fbase_cookie *fc )
fop.ors_tlimit = SLAP_NO_LIMIT;
fop.ors_attrs = slap_anlist_no_attrs;
fop.ors_attrsonly = 1;
fop.ors_filter = &generic_filter;
fop.ors_filterstr = generic_filterstr;
fop.o_bd->bd_info = on->on_info->oi_orig;
rc = fop.o_bd->be_search( &fop, &frs );
@ -728,7 +734,8 @@ syncprov_free_syncop( syncops *so )
/* Send a persistent search response */
static int
syncprov_sendresp( Operation *op, opcookie *opc, syncops *so, Entry **e, int mode)
syncprov_sendresp( Operation *op, opcookie *opc, syncops *so,
Entry **e, int mode )
{
slap_overinst *on = opc->son;
@ -1943,12 +1950,11 @@ syncprov_op_search( Operation *op, SlapReply *rs )
/* Is the CSN still present in the database? */
if ( syncprov_findcsn( op, FIND_CSN ) != LDAP_SUCCESS ) {
/* No, so a reload is required */
#if 0 /* the consumer doesn't seem to send this hint */
if ( op->o_sync_rhint == 0 ) {
/* the 2.2 consumer doesn't send this hint */
if ( si->si_usehint && srs->sr_rhint == 0 ) {
send_ldap_error( op, rs, LDAP_SYNC_REFRESH_REQUIRED, "sync cookie is stale" );
return rs->sr_err;
}
#endif
} else {
gotstate = 1;
/* If changed and doing Present lookup, send Present UUIDs */
@ -2069,7 +2075,8 @@ syncprov_operational(
enum {
SP_CHKPT = 1,
SP_SESSL,
SP_NOPRES
SP_NOPRES,
SP_USEHINT
};
static ConfigDriver sp_cf_gen;
@ -2087,6 +2094,10 @@ static ConfigTable spcfg[] = {
sp_cf_gen, "( OLcfgOvAt:1.3 NAME 'olcSpNoPresent' "
"DESC 'Omit Present phase processing' "
"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
{ "syncprov-reloadhint", NULL, 2, 2, 0, ARG_ON_OFF|ARG_MAGIC|SP_USEHINT,
sp_cf_gen, "( OLcfgOvAt:1.4 NAME 'olcSpReloadHint' "
"DESC 'Observe Reload Hint in Request control' "
"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
};
@ -2134,6 +2145,13 @@ sp_cf_gen(ConfigArgs *c)
rc = 1;
}
break;
case SP_USEHINT:
if ( si->si_usehint ) {
c->value_int = 1;
} else {
rc = 1;
}
break;
}
return rc;
} else if ( c->op == LDAP_MOD_DELETE ) {
@ -2154,6 +2172,12 @@ sp_cf_gen(ConfigArgs *c)
else
rc = LDAP_NO_SUCH_ATTRIBUTE;
break;
case SP_USEHINT:
if ( si->si_usehint )
si->si_usehint = 0;
else
rc = LDAP_NO_SUCH_ATTRIBUTE;
break;
}
return rc;
}
@ -2188,6 +2212,9 @@ sp_cf_gen(ConfigArgs *c)
case SP_NOPRES:
si->si_nopres = c->value_int;
break;
case SP_USEHINT:
si->si_usehint = c->value_int;
break;
}
return rc;
}
@ -2275,8 +2302,8 @@ syncprov_db_open(
}
if ( BER_BVISEMPTY( &si->si_ctxcsn ) ) {
slap_get_csn( op, si->si_ctxcsnbuf, sizeof(si->si_ctxcsnbuf),
&si->si_ctxcsn, 0 );
si->si_ctxcsn.bv_len = sizeof( si->si_ctxcsnbuf );
slap_get_csn( op, &si->si_ctxcsn, 0 );
}
/* If our ctxcsn is different from what was read from the root
@ -2435,6 +2462,7 @@ static int syncprov_parseCtrl (
rs->sr_text = "Sync control : cookie decoding error";
return LDAP_PROTOCOL_ERROR;
}
tag = ber_peek_tag( ber, &len );
}
if ( tag == LDAP_TAG_RELOAD_HINT ) {
if (( ber_scanf( ber, /*{*/ "b", &rhint )) == LBER_ERROR ) {
@ -2509,6 +2537,8 @@ syncprov_init()
syncprov.on_bi.bi_cf_ocs = spocs;
generic_filter.f_desc = slap_schema.si_ad_objectClass;
rc = config_register_schema( spcfg, spocs );
if ( rc ) return rc;

7
servers/slapd/passwd.c
View file

@ -273,12 +273,7 @@ old_good:
cb2.sc_private = qpw; /* let Modify know this was pwdMod,
* if it cares... */
rs->sr_err = slap_mods_opattrs( op, ml, qpw->rs_modtail, &rs->sr_text,
NULL, 0, 1 );
if ( rs->sr_err == LDAP_SUCCESS ) {
rs->sr_err = op->o_bd->be_modify( op, rs );
}
rs->sr_err = op->o_bd->be_modify( op, rs );
if ( rs->sr_err == LDAP_SUCCESS ) {
rs->sr_rspdata = rsp;
} else if ( rsp ) {

34
servers/slapd/proto-slap.h
View file

@ -114,7 +114,7 @@ LDAP_SLAPD_F (int) acl_string_expand LDAP_P((
*/
LDAP_SLAPD_V (char *) style_strings[];
LDAP_SLAPD_F (void) parse_acl LDAP_P(( Backend *be,
LDAP_SLAPD_F (int) parse_acl LDAP_P(( Backend *be,
const char *fname, int lineno,
int argc, char **argv, int pos ));
@ -206,6 +206,12 @@ LDAP_SLAPD_F (int) slap_mods2entry LDAP_P(( Modifications *mods, Entry **e,
LDAP_SLAPD_F (int) slap_entry2mods LDAP_P(( Entry *e,
Modifications **mods, const char **text,
char *textbuf, size_t textlen ));
LDAP_SLAPD_F( int ) slap_add_opattrs(
Operation *op,
const char **text,
char *textbuf, size_t textlen,
int manage_ctxcsn );
/*
* at.c
@ -426,6 +432,9 @@ LDAP_SLAPD_F (int) overlay_op_walk LDAP_P((
*/
LDAP_SLAPD_F (int) slap_loglevel_register LDAP_P (( slap_mask_t m, struct berval *s ));
LDAP_SLAPD_F (int) str2loglevel LDAP_P(( const char *s, int *l ));
LDAP_SLAPD_F (int) loglevel2bvarray LDAP_P(( int l, BerVarray *bva ));
LDAP_SLAPD_F (const char *) loglevel2str LDAP_P(( int l ));
LDAP_SLAPD_F (int) loglevel2bv LDAP_P(( int l, struct berval *bv ));
/*
* ch_malloc.c
@ -645,8 +654,13 @@ LDAP_SLAPD_F (int) connection_state_closing LDAP_P(( Connection *c ));
LDAP_SLAPD_F (const char *) connection_state2str LDAP_P(( int state ))
LDAP_GCCATTR((const));
#ifdef SLAP_LIGHTWEIGHT_DISPATCHER
LDAP_SLAPD_F (int) connection_write_activate LDAP_P((ber_socket_t s));
LDAP_SLAPD_F (int) connection_read_activate LDAP_P((ber_socket_t s));
#else
LDAP_SLAPD_F (int) connection_write LDAP_P((ber_socket_t s));
LDAP_SLAPD_F (int) connection_read LDAP_P((ber_socket_t s));
#endif
LDAP_SLAPD_F (unsigned long) connections_nextid(void);
@ -693,7 +707,7 @@ LDAP_SLAPD_F (void) slap_get_commit_csn LDAP_P((
LDAP_SLAPD_F (void) slap_rewind_commit_csn LDAP_P(( Operation * ));
LDAP_SLAPD_F (void) slap_graduate_commit_csn LDAP_P(( Operation * ));
LDAP_SLAPD_F (Entry *) slap_create_context_csn_entry LDAP_P(( Backend *, struct berval *));
LDAP_SLAPD_F (int) slap_get_csn LDAP_P(( Operation *, char *, int, struct berval *, int ));
LDAP_SLAPD_F (int) slap_get_csn LDAP_P(( Operation *, struct berval *, int ));
LDAP_SLAPD_F (void) slap_queue_csn LDAP_P(( Operation *, struct berval * ));
/*
@ -704,7 +718,10 @@ LDAP_SLAPD_F (int) slapd_daemon_init( const char *urls );
LDAP_SLAPD_F (int) slapd_daemon_destroy(void);
LDAP_SLAPD_F (int) slapd_daemon(void);
LDAP_SLAPD_F (Listener **) slapd_get_listeners LDAP_P((void));
LDAP_SLAPD_F (void) slapd_remove LDAP_P((ber_socket_t s, int wasactive, int wake));
LDAP_SLAPD_F (void) slapd_remove LDAP_P((ber_socket_t s, int wasactive,
int wake, int locked ));
LDAP_SLAPD_F (void) slapd_sd_lock();
LDAP_SLAPD_F (void) slapd_sd_unlock();
LDAP_SLAPD_F (RETSIGTYPE) slap_sig_shutdown LDAP_P((int sig));
LDAP_SLAPD_F (RETSIGTYPE) slap_sig_wake LDAP_P((int sig));
@ -713,7 +730,7 @@ LDAP_SLAPD_F (void) slap_wake_listener LDAP_P((void));
LDAP_SLAPD_F (void) slapd_set_write LDAP_P((ber_socket_t s, int wake));
LDAP_SLAPD_F (void) slapd_clr_write LDAP_P((ber_socket_t s, int wake));
LDAP_SLAPD_F (void) slapd_set_read LDAP_P((ber_socket_t s, int wake));
LDAP_SLAPD_F (void) slapd_clr_read LDAP_P((ber_socket_t s, int wake));
LDAP_SLAPD_F (int) slapd_clr_read LDAP_P((ber_socket_t s, int wake));
LDAP_SLAPD_V (volatile sig_atomic_t) slapd_abrupt_shutdown;
LDAP_SLAPD_V (volatile sig_atomic_t) slapd_shutdown;
@ -858,7 +875,7 @@ typedef int (SLAP_EXTOP_GETOID_FN) LDAP_P((
int index, struct berval *oid, int blen ));
LDAP_SLAPD_F (int) load_extop LDAP_P((
struct berval *ext_oid,
const struct berval *ext_oid,
slap_mask_t flags,
SLAP_EXTOP_MAIN_FN *ext_main ));
@ -1037,12 +1054,9 @@ LDAP_SLAPD_F( void ) slap_timestamp(
time_t *tm,
struct berval *bv );
LDAP_SLAPD_F( int ) slap_mods_opattrs(
LDAP_SLAPD_F( void ) slap_mods_opattrs(
Operation *op,
Modifications *mods,
Modifications **modlist,
const char **text,
char *textbuf, size_t textlen,
int manage_ctxcsn );
/*
@ -1206,6 +1220,7 @@ LDAP_SLAPD_F (int) parse_oidm LDAP_P((
LDAP_SLAPD_F (void) slap_op_init LDAP_P(( void ));
LDAP_SLAPD_F (void) slap_op_destroy LDAP_P(( void ));
LDAP_SLAPD_F (void) slap_op_free LDAP_P(( Operation *op ));
LDAP_SLAPD_F (void) slap_op_time LDAP_P(( time_t *t, int *n ));
LDAP_SLAPD_F (Operation *) slap_op_alloc LDAP_P((
BerElement *ber, ber_int_t msgid,
ber_tag_t tag, ber_int_t id ));
@ -1722,6 +1737,7 @@ LDAP_SLAPD_V (time_t) starttime;
LDAP_SLAPD_V (ldap_pvt_thread_pool_t) connection_pool;
LDAP_SLAPD_V (int) connection_pool_max;
LDAP_SLAPD_V (int) slap_tool_thread_max;
LDAP_SLAPD_V (ldap_pvt_thread_mutex_t) entry2str_mutex;
LDAP_SLAPD_V (ldap_pvt_thread_mutex_t) replog_mutex;

66
servers/slapd/result.c
View file

@ -300,21 +300,19 @@ send_ldap_response(
}
if ( op->o_callback ) {
int first = 1;
slap_callback *sc = op->o_callback,
*sc_next = op->o_callback;
slap_callback *sc = op->o_callback, **sc_prev = &sc, *sc_next;
rc = SLAP_CB_CONTINUE;
for ( sc_next = op->o_callback; sc_next; op->o_callback = sc_next) {
sc_next = op->o_callback->sc_next;
if ( op->o_callback->sc_response ) {
rc = op->o_callback->sc_response( op, rs );
if ( first && op->o_callback == NULL ) {
sc = NULL;
if ( op->o_callback != *sc_prev ) {
*sc_prev = op->o_callback;
}
if ( rc != SLAP_CB_CONTINUE ) break;
if ( rc != SLAP_CB_CONTINUE || !op->o_callback ) break;
}
first = 0;
sc_prev = &op->o_callback->sc_next;
}
op->o_callback = sc;
@ -456,18 +454,18 @@ cleanup:;
clean2:;
if ( op->o_callback ) {
int first = 1;
slap_callback *sc = op->o_callback, *sc_next;
slap_callback *sc = op->o_callback, **sc_prev = &sc, *sc_next;
for ( sc_next = op->o_callback; sc_next; op->o_callback = sc_next) {
sc_next = op->o_callback->sc_next;
if ( op->o_callback->sc_cleanup ) {
(void)op->o_callback->sc_cleanup( op, rs );
if ( first && op->o_callback != sc ) {
sc = op->o_callback;
if ( op->o_callback != *sc_prev ) {
*sc_prev = op->o_callback;
}
if ( !op->o_callback ) break;
}
first = 0;
sc_prev = &op->o_callback->sc_next;
}
op->o_callback = sc;
}
@ -700,9 +698,7 @@ slap_send_search_entry( Operation *op, SlapReply *rs )
}
if ( op->o_callback ) {
int first = 1;
slap_callback *sc = op->o_callback,
*sc_next = op->o_callback;
slap_callback *sc = op->o_callback, **sc_prev = &sc, *sc_next;
rc = SLAP_CB_CONTINUE;
for ( sc_next = op->o_callback; sc_next; op->o_callback = sc_next )
@ -710,12 +706,12 @@ slap_send_search_entry( Operation *op, SlapReply *rs )
sc_next = op->o_callback->sc_next;
if ( op->o_callback->sc_response ) {
rc = op->o_callback->sc_response( op, rs );
if ( first && op->o_callback == NULL ) {
sc = NULL;
if ( op->o_callback != *sc_prev ) {
*sc_prev = op->o_callback;
}
if ( rc != SLAP_CB_CONTINUE ) break;
if ( rc != SLAP_CB_CONTINUE || !op->o_callback ) break;
}
first = 0;
sc_prev = &op->o_callback->sc_next;
}
op->o_callback = sc;
@ -1148,18 +1144,18 @@ slap_send_search_entry( Operation *op, SlapReply *rs )
error_return:;
if ( op->o_callback ) {
int first = 1;
slap_callback *sc = op->o_callback, *sc_next;
slap_callback *sc = op->o_callback, **sc_prev = &sc, *sc_next;
for ( sc_next = op->o_callback; sc_next; op->o_callback = sc_next) {
sc_next = op->o_callback->sc_next;
if ( op->o_callback->sc_cleanup ) {
(void)op->o_callback->sc_cleanup( op, rs );
if ( first && op->o_callback != sc ) {
sc = op->o_callback;
if ( op->o_callback != *sc_prev ) {
*sc_prev = op->o_callback;
}
if ( !op->o_callback ) break;
}
first = 0;
sc_prev = &op->o_callback->sc_next;
}
op->o_callback = sc;
}
@ -1205,21 +1201,19 @@ slap_send_search_reference( Operation *op, SlapReply *rs )
rs->sr_type = REP_SEARCHREF;
if ( op->o_callback ) {
int first = 1;
slap_callback *sc = op->o_callback,
*sc_next = op->o_callback;
slap_callback *sc = op->o_callback, **sc_prev = &sc, *sc_next;
rc = SLAP_CB_CONTINUE;
for ( sc_next = op->o_callback; sc_next; op->o_callback = sc_next) {
sc_next = op->o_callback->sc_next;
if ( op->o_callback->sc_response ) {
rc = op->o_callback->sc_response( op, rs );
if ( first && op->o_callback == NULL ) {
sc = NULL;
if ( op->o_callback != *sc_prev ) {
*sc_prev = op->o_callback;
}
if ( rc != SLAP_CB_CONTINUE ) break;
if ( rc != SLAP_CB_CONTINUE || !op->o_callback ) break;
}
first = 0;
sc_prev = &op->o_callback->sc_next;
}
op->o_callback = sc;
@ -1351,18 +1345,18 @@ slap_send_search_reference( Operation *op, SlapReply *rs )
rel:
if ( op->o_callback ) {
int first = 1;
slap_callback *sc = op->o_callback, *sc_next;
slap_callback *sc = op->o_callback, **sc_prev = &sc, *sc_next;
for ( sc_next = op->o_callback; sc_next; op->o_callback = sc_next) {
sc_next = op->o_callback->sc_next;
if ( op->o_callback->sc_cleanup ) {
(void)op->o_callback->sc_cleanup( op, rs );
if ( first && op->o_callback != sc ) {
sc = op->o_callback;
if ( op->o_callback != *sc_prev ) {
*sc_prev = op->o_callback;
}
if ( rc != SLAP_CB_CONTINUE || !op->o_callback ) break;
}
first = 0;
sc_prev = &op->o_callback->sc_next;
}
op->o_callback = sc;
}

Some files were not shown because too many files have changed in this diff Show more