upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-02-19 02:28:47 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge from HEAD

Browse source
This commit is contained in:
Kurt Zeilenga 2005-05-06 18:42:38 +00:00
parent 691d91ca26
commit dfdc3baace
58 changed files with 2289 additions and 1626 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1887
configure vendored
View file

File diff suppressed because it is too large Load diff

33
servers/slapd/Makefile.in
View file

@ -17,7 +17,6 @@ SLAPTOOLS=slapadd slapcat slapdn slapindex slappasswd slaptest slapauth slapacl
PROGRAMS=slapd $(SLAPTOOLS)
XPROGRAMS=sslapd libbackends.a .backend liboverlays.a
XSRCS=version.c
STRIP=-s
SUBDIRS=back-* shell-backends slapi overlays
@ -43,7 +42,7 @@ SRCS = main.c globals.c bconfig.c config.c daemon.c \
OBJS = main.o globals.o bconfig.o config.o daemon.o \
connection.o search.o filter.o add.o cr.o \
attr.o entry.o backend.o result.o operation.o \
attr.o entry.o backend.o backends.o result.o operation.o \
dn.o compare.o modify.o delete.o modrdn.o ch_malloc.o \
value.o ava.o bind.o unbind.o abandon.o filterentry.o \
phonetic.o acl.o str2filter.o aclparse.o init.o user.o \
@ -62,7 +61,7 @@ LDAP_INCDIR= ../../include -I$(srcdir) -I$(srcdir)/slapi -I.
LDAP_LIBDIR= ../../libraries
SLAP_DIR=
SLAPD_STATIC_DEPENDS=@SLAPD_NO_STATIC@ libbackends.a
SLAPD_STATIC_DEPENDS=@SLAPD_NO_STATIC@ libbackends.a liboverlays.a
SLAPD_STATIC_BACKENDS=@SLAPD_STATIC_BACKENDS@
SLAPD_DYNAMIC_BACKENDS=@SLAPD_DYNAMIC_BACKENDS@
@ -71,7 +70,7 @@ SLAPI_LIBS=@LIBSLAPI@ @SLAPI_LIBS@
XDEFS = $(MODULES_CPPFLAGS)
XLDFLAGS = $(MODULES_LDFLAGS)
XLIBS = $(SLAPD_STATIC_DEPENDS) liboverlays.a $(SLAPD_L)
XLIBS = $(SLAPD_STATIC_DEPENDS) $(SLAPD_L)
XXLIBS = $(SLAPD_LIBS) $(SECURITY_LIBS) $(LUTIL_LIBS)
XXXLIBS = $(LTHREAD_LIBS) $(SLAPI_LIBS) $(MODULES_LIBS)
@ -81,12 +80,12 @@ BUILD_SRV = @BUILD_SLAPD@
all-local-srv: all-cffiles
NT_SLAPD_DEPENDS = slapd.exp
NT_SLAPD_OBJECTS = slapd.exp symdummy.o $(OBJS) backends.o version.o
NT_SLAPD_OBJECTS = slapd.exp symdummy.o $(OBJS) version.o
UNIX_SLAPD_DEPENDS = $(SLAPD_STATIC_DEPENDS) backends.o version.o $(SLAPD_L)
UNIX_SLAPD_OBJECTS = $(OBJS) backends.o version.o
UNIX_SLAPD_DEPENDS = $(SLAPD_STATIC_DEPENDS) version.o $(SLAPD_L)
UNIX_SLAPD_OBJECTS = $(OBJS) version.o
SLAPD_DEPENDS = liboverlays.a $(@PLAT@_SLAPD_DEPENDS)
SLAPD_DEPENDS = $(@PLAT@_SLAPD_DEPENDS)
SLAPD_OBJECTS = $(@PLAT@_SLAPD_OBJECTS)
# Notes about slapd for Windows
@ -190,6 +189,13 @@ slapd.def: libbackends.a liboverlays.a version.o
done; \
test -z "$$obj" && continue; \
;; \
*.la) \
if test -n "$LTSTATIC"; then \
base=`expr "$$i" : ".*/\(.*\).la"`; \
path=`expr "$$i" : "\(.*/\).*"`; \
obj=$$path.libs/$$base.a; \
fi; \
;; \
*.o | *.a) \
obj=$$i; \
esac; \
@ -263,13 +269,16 @@ slapd: $(SLAPD_DEPENDS) @LIBSLAPI@
$(LN_S) slapd$(EXEEXT) $$i$(EXEEXT); done
sslapd: version.o backends.o
$(LTLINK) -static -o $@ $(OBJS) version.o backends.o $(LIBS) $(WRAP_LIBS)
sslapd: version.o
$(LTLINK) -static -o $@ $(OBJS) version.o $(LIBS) $(WRAP_LIBS)
dummy $(SLAPD_DYNAMIC_BACKENDS): slapd
cd $@; $(MAKE) $(MFLAGS) all
@touch $@
dynamic_overlays: slapd
cd overlays; $(MAKE) $(MFLAGS) dynamic
#
# In Windows, dynamic backends have to be built after slapd. For this
# reason, we only build static backends now and dynamic backends later.
@ -312,7 +321,7 @@ libbackends.a: .backend
@ls -l libbackends.a; echo ""
liboverlays.a: FORCE
@cd overlays; $(MAKE) $(MFLAGS) all
cd overlays; $(MAKE) $(MFLAGS) static
version.c: Makefile
@-$(RM) $@
@ -372,7 +381,7 @@ install-slapd: FORCE
fi; \
done
all-cffiles: slapd $(SLAPD_DYNAMIC_BACKENDS)
all-cffiles: slapd $(SLAPD_DYNAMIC_BACKENDS) dynamic_overlays
@if test $(PLAT) = NT; then \
sysconfdir=`cygpath -w $(sysconfdir) | \
$(SED) -e 's/\\\\/\\\\\\\\\\\\\\\\/g'`; \

135
servers/slapd/aclparse.c
View file

@ -438,8 +438,9 @@ parse_acl(
acl_usage();
}
} else if ( strcasecmp( left, "attr" ) == 0
|| strcasecmp( left, "attrs" ) == 0 ) {
} else if ( strcasecmp( left, "attr" ) == 0 /* TOLERATED */
|| strcasecmp( left, "attrs" ) == 0 ) /* DOCUMENTED */
{
a->acl_attrs = str2anlist( a->acl_attrs,
right, "," );
if ( a->acl_attrs == NULL ) {
@ -464,58 +465,63 @@ parse_acl(
acl_usage();
}
ber_str2bv( right, 0, 1, &a->acl_attrval );
if ( style && strcasecmp( style, "regex" ) == 0 ) {
int e = regcomp( &a->acl_attrval_re, a->acl_attrval.bv_val,
REG_EXTENDED | REG_ICASE | REG_NOSUB );
if ( e ) {
char buf[512];
regerror( e, &a->acl_attrval_re, buf, sizeof(buf) );
fprintf( stderr, "%s: line %d: "
"regular expression \"%s\" bad because of %s\n",
fname, lineno, right, buf );
acl_usage();
}
a->acl_attrval_style = ACL_STYLE_REGEX;
} else {
/* FIXME: if the attribute has DN syntax, we might
* allow one, subtree and children styles as well */
if ( !strcasecmp( style, "exact" ) ) {
a->acl_attrval_style = ACL_STYLE_BASE;
a->acl_attrval_style = ACL_STYLE_BASE;
if ( style != NULL ) {
if ( strcasecmp( style, "regex" ) == 0 ) {
int e = regcomp( &a->acl_attrval_re, a->acl_attrval.bv_val,
REG_EXTENDED | REG_ICASE | REG_NOSUB );
if ( e ) {
char buf[512];
regerror( e, &a->acl_attrval_re, buf, sizeof(buf) );
fprintf( stderr, "%s: line %d: "
"regular expression \"%s\" bad because of %s\n",
fname, lineno, right, buf );
acl_usage();
}
a->acl_attrval_style = ACL_STYLE_REGEX;
} else if ( a->acl_attrs[0].an_desc->ad_type->
sat_syntax == slap_schema.si_syn_distinguishedName )
{
if ( !strcasecmp( style, "baseObject" ) ||
!strcasecmp( style, "base" ) )
{
} else {
/* FIXME: if the attribute has DN syntax, we might
* allow one, subtree and children styles as well */
if ( !strcasecmp( style, "base" ) ||
!strcasecmp( style, "exact" ) ) {
a->acl_attrval_style = ACL_STYLE_BASE;
} else if ( !strcasecmp( style, "onelevel" ) ||
!strcasecmp( style, "one" ) )
} else if ( a->acl_attrs[0].an_desc->ad_type->
sat_syntax == slap_schema.si_syn_distinguishedName )
{
a->acl_attrval_style = ACL_STYLE_ONE;
} else if ( !strcasecmp( style, "subtree" ) ||
!strcasecmp( style, "sub" ) )
{
a->acl_attrval_style = ACL_STYLE_SUBTREE;
} else if ( !strcasecmp( style, "children" ) ) {
a->acl_attrval_style = ACL_STYLE_CHILDREN;
if ( !strcasecmp( style, "baseObject" ) ||
!strcasecmp( style, "base" ) )
{
a->acl_attrval_style = ACL_STYLE_BASE;
} else if ( !strcasecmp( style, "onelevel" ) ||
!strcasecmp( style, "one" ) )
{
a->acl_attrval_style = ACL_STYLE_ONE;
} else if ( !strcasecmp( style, "subtree" ) ||
!strcasecmp( style, "sub" ) )
{
a->acl_attrval_style = ACL_STYLE_SUBTREE;
} else if ( !strcasecmp( style, "children" ) ) {
a->acl_attrval_style = ACL_STYLE_CHILDREN;
} else {
fprintf( stderr,
"%s: line %d: unknown val.<style> \"%s\" "
"for attributeType \"%s\" with DN syntax; "
"using \"base\"\n",
fname, lineno, style,
a->acl_attrs[0].an_desc->ad_cname.bv_val );
a->acl_attrval_style = ACL_STYLE_BASE;
}
} else {
fprintf( stderr,
"%s: line %d: unknown val.<style> \"%s\" "
"for attributeType \"%s\" with DN syntax; "
"using \"base\"\n",
"for attributeType \"%s\"; using \"exact\"\n",
fname, lineno, style,
a->acl_attrs[0].an_desc->ad_cname.bv_val );
a->acl_attrval_style = ACL_STYLE_BASE;
}
} else {
fprintf( stderr,
"%s: line %d: unknown val.<style> \"%s\" "
"for attributeType \"%s\"; using \"exact\"\n",
fname, lineno, style,
a->acl_attrs[0].an_desc->ad_cname.bv_val );
a->acl_attrval_style = ACL_STYLE_BASE;
}
}
@ -690,8 +696,12 @@ parse_acl(
case ACL_STYLE_REGEX:
fprintf( stderr, "%s: line %d: "
"\"regex\" style implies "
"\"expand\" modifier (ignored)\n",
"\"expand\" modifier"
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
fname, lineno );
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
acl_usage();
#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
break;
case ACL_STYLE_EXPAND:
@ -700,8 +710,12 @@ parse_acl(
fprintf( stderr, "%s: line %d: "
"\"expand\" style used "
"in conjunction with "
"\"expand\" modifier (ignored)\n",
"\"expand\" modifier"
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
fname, lineno );
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
acl_usage();
#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
#endif
break;
@ -847,7 +861,34 @@ parse_acl(
bdn->a_pat = bv;
}
bdn->a_style = sty;
bdn->a_expand = expand;
if ( expand ) {
char *exp;
int gotit = 0;
for ( exp = strchr( bdn->a_pat.bv_val, '$' );
exp && exp - bdn->a_pat.bv_val < bdn->a_pat.bv_len;
exp = strchr( exp, '$' ) )
{
if ( isdigit( exp[ 1 ] ) ) {
gotit = 1;
break;
}
}
if ( gotit == 1 ) {
bdn->a_expand = expand;
} else {
fprintf( stderr,
"%s: line %d: \"expand\" used "
"with no expansions in \"pattern\""
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
fname, lineno );
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
acl_usage();
#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
}
}
if ( sty == ACL_STYLE_SELF ) {
bdn->a_self_level = level;

2
servers/slapd/back-bdb/attr.c
View file

@ -258,7 +258,7 @@ bdb_attr_index_config(
continue;
}
fprintf( stderr, "%s: line %d: duplicate index definition "
"for attr \"%s\" (ignored)\n",
"for attr \"%s\"" SLAPD_CONF_UNKNOWN_IGNORED ".\n",
fname, lineno, attrs[i] );
return LDAP_PARAM_ERROR;

2
servers/slapd/back-bdb/config.c
View file

@ -68,7 +68,7 @@ static ConfigTable bdbcfg[] = {
bdb_cf_gen, "( OLcfgDbAt:1.2 NAME 'olcDbCheckpoint' "
"DESC 'Database checkpoint interval in kbytes and minutes' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )",NULL, NULL },
{ "dbconfig", "DB_CONFIG setting", 3, 0, 0, ARG_MAGIC|BDB_CONFIG,
{ "dbconfig", "DB_CONFIG setting", 1, 0, 0, ARG_MAGIC|BDB_CONFIG,
bdb_cf_gen, "( OLcfgDbAt:1.3 NAME 'olcDbConfig' "
"DESC 'BerkeleyDB DB_CONFIG configuration directives' "
"SYNTAX OMsDirectoryString )",NULL, NULL },

6
servers/slapd/back-bdb/init.c
View file

@ -582,8 +582,10 @@ bdb_db_close( BackendDB *be )
/* close db environment */
if( bdb->bi_dbenv ) {
/* force a checkpoint */
if ( !( slapMode & SLAP_TOOL_QUICK )) {
/* force a checkpoint, but not if we were ReadOnly,
* and not in Quick mode since there are no transactions there.
*/
if ( !( slapMode & ( SLAP_TOOL_QUICK|SLAP_TOOL_READONLY ))) {
rc = TXN_CHECKPOINT( bdb->bi_dbenv, 0, 0, DB_FORCE );
if( rc != 0 ) {
Debug( LDAP_DEBUG_ANY,

6
servers/slapd/back-ldap/back-ldap.h
View file

@ -93,14 +93,20 @@ struct ldapinfo {
#define LDAP_BACK_F_USE_TLS 0x02U
#define LDAP_BACK_F_PROPAGATE_TLS 0x04U
#define LDAP_BACK_F_TLS_CRITICAL 0x08U
#define LDAP_BACK_F_TLS_MASK (LDAP_BACK_F_USE_TLS|LDAP_BACK_F_PROPAGATE_TLS|LDAP_BACK_F_TLS_CRITICAL)
#define LDAP_BACK_F_CHASE_REFERRALS 0x10U
#define LDAP_BACK_F_SUPPORT_T_F 0x80U
#define LDAP_BACK_F_SUPPORT_T_F_DISCOVER 0x40U
#define LDAP_BACK_SAVECRED(li) ( (li)->flags & LDAP_BACK_F_SAVECRED )
#define LDAP_BACK_USE_TLS(li) ( (li)->flags & LDAP_BACK_F_USE_TLS )
#define LDAP_BACK_PROPAGATE_TLS(li) ( (li)->flags & LDAP_BACK_F_PROPAGATE_TLS )
#define LDAP_BACK_TLS_CRITICAL(li) ( (li)->flags & LDAP_BACK_F_TLS_CRITICAL )
#define LDAP_BACK_CHASE_REFERRALS(li) ( (li)->flags & LDAP_BACK_F_CHASE_REFERRALS )
int version;
Avlnode *conntree;
int rwm_started;

115
servers/slapd/back-ldap/config.c
View file

@ -217,49 +217,37 @@ ldap_back_db_config(
li->url = ch_strdup( argv[ 1 ] );
#endif
} else if ( strncasecmp( argv[0], "tls-", STRLENOF( "tls-" ) ) == 0 ) {
} else if ( strcasecmp( argv[0], "tls" ) == 0 ) {
if ( argc != 2 ) {
fprintf( stderr,
"%s: line %d: \"tls <what>\" needs 1 argument.\n",
fname, lineno );
return( 1 );
}
/* start tls */
if ( strcasecmp( argv[0], "tls-start" ) == 0 ) {
if ( argc != 1 ) {
fprintf( stderr,
"%s: line %d: tls-start takes no arguments\n",
fname, lineno );
return( 1 );
}
/* start */
if ( strcasecmp( argv[1], "start" ) == 0 ) {
li->flags |= ( LDAP_BACK_F_USE_TLS | LDAP_BACK_F_TLS_CRITICAL );
/* try start tls */
} else if ( strcasecmp( argv[0], "tls-try-start" ) == 0 ) {
if ( argc != 1 ) {
fprintf( stderr,
"%s: line %d: tls-try-start takes no arguments\n",
fname, lineno );
return( 1 );
}
} else if ( strcasecmp( argv[1], "try-start" ) == 0 ) {
li->flags &= ~LDAP_BACK_F_TLS_CRITICAL;
li->flags |= LDAP_BACK_F_USE_TLS;
/* propagate start tls */
} else if ( strcasecmp( argv[0], "tls-propagate" ) == 0 ) {
if ( argc != 1 ) {
fprintf( stderr,
"%s: line %d: tls-propagate takes no arguments\n",
fname, lineno );
return( 1 );
}
} else if ( strcasecmp( argv[1], "propagate" ) == 0 ) {
li->flags |= ( LDAP_BACK_F_PROPAGATE_TLS | LDAP_BACK_F_TLS_CRITICAL );
/* try start tls */
} else if ( strcasecmp( argv[0], "tls-try-propagate" ) == 0 ) {
if ( argc != 1 ) {
fprintf( stderr,
"%s: line %d: tls-try-propagate takes no arguments\n",
fname, lineno );
return( 1 );
}
} else if ( strcasecmp( argv[1], "try-propagate" ) == 0 ) {
li->flags &= ~LDAP_BACK_F_TLS_CRITICAL;
li->flags |= LDAP_BACK_F_PROPAGATE_TLS;
} else {
fprintf( stderr,
"%s: line %d: \"tls <what>\": unknown argument \"%s\".\n",
fname, lineno, argv[1] );
return( 1 );
}
/* remote ACL stuff... */
@ -291,24 +279,50 @@ ldap_back_db_config(
li->flags |= LDAP_BACK_F_SAVECRED;
} else if ( strcasecmp( argv[0], "chase-referrals" ) == 0 ) {
if ( argc != 1 ) {
if ( argc != 2 ) {
fprintf( stderr,
"%s: line %d: \"chase-referrals\" takes no arguments\n",
"%s: line %d: \"chase-referrals\" needs 1 argument.\n",
fname, lineno );
return( 1 );
}
li->flags |= LDAP_BACK_F_CHASE_REFERRALS;
/* this is the default; we add it because the default might change... */
if ( strcasecmp( argv[1], "yes" ) == 0 ) {
li->flags |= LDAP_BACK_F_CHASE_REFERRALS;
} else if ( strcasecmp( argv[0], "dont-chase-referrals" ) == 0 ) {
if ( argc != 1 ) {
} else if ( strcasecmp( argv[1], "no" ) == 0 ) {
li->flags &= ~LDAP_BACK_F_CHASE_REFERRALS;
} else {
fprintf( stderr,
"%s: line %d: \"dont-chase-referrals\" takes no arguments\n",
"%s: line %d: \"chase-referrals {yes|no}\": unknown argument \"%s\".\n",
fname, lineno, argv[1] );
return( 1 );
}
} else if ( strcasecmp( argv[ 0 ], "t-f-support" ) == 0 ) {
if ( argc != 2 ) {
fprintf( stderr,
"%s: line %d: \"t-f-support {no|yes|discover}\" needs 1 argument.\n",
fname, lineno );
return( 1 );
}
li->flags &= ~LDAP_BACK_F_CHASE_REFERRALS;
if ( strcasecmp( argv[ 1 ], "no" ) == 0 ) {
li->flags &= ~(LDAP_BACK_F_SUPPORT_T_F|LDAP_BACK_F_SUPPORT_T_F_DISCOVER);
} else if ( strcasecmp( argv[ 1 ], "yes" ) == 0 ) {
li->flags |= LDAP_BACK_F_SUPPORT_T_F;
} else if ( strcasecmp( argv[ 1 ], "discover" ) == 0 ) {
li->flags |= LDAP_BACK_F_SUPPORT_T_F_DISCOVER;
} else {
fprintf( stderr,
"%s: line %d: unknown value \"%s\" for \"t-f-support {no|yes|discover}\".\n",
fname, lineno, argv[ 1 ] );
return 1;
}
/* intercept exop_who_am_i? */
} else if ( strcasecmp( argv[0], "proxy-whoami" ) == 0 ) {
@ -352,6 +366,7 @@ ldap_back_db_config(
"triggered by \"%s\" directive.\n",
fname, lineno, argv[ 0 ] );
/* this is the default; we add it because the default might change... */
li->rwm_started = 1;
return ( *be->bd_info->bi_db_config )( be, fname, lineno, argc, argv );
@ -606,6 +621,8 @@ parse_idassert(
ber_bvarray_add( &li->idassert_authz, &rule );
} else if ( strcasecmp( argv[0], "idassert-method" ) == 0 ) {
char *argv1;
if ( argc < 2 ) {
fprintf( stderr,
"%s: line %d: missing method in \"%s <method>\" line\n",
@ -613,7 +630,12 @@ parse_idassert(
return( 1 );
}
if ( strcasecmp( argv[1], "none" ) == 0 ) {
argv1 = argv[1];
if ( strncasecmp( argv1, "bindmethod=", STRLENOF( "bindmethod=" ) ) == 0 ) {
argv1 += STRLENOF( "bindmethod=" );
}
if ( strcasecmp( argv1, "none" ) == 0 ) {
/* FIXME: is this at all useful? */
li->idassert_authmethod = LDAP_AUTH_NONE;
@ -623,7 +645,7 @@ parse_idassert(
fname, lineno, argv[0], argv[1] );
}
} else if ( strcasecmp( argv[1], "simple" ) == 0 ) {
} else if ( strcasecmp( argv1, "simple" ) == 0 ) {
li->idassert_authmethod = LDAP_AUTH_SIMPLE;
if ( argc != 2 ) {
@ -632,7 +654,7 @@ parse_idassert(
fname, lineno, argv[0], argv[1] );
}
} else if ( strcasecmp( argv[1], "sasl" ) == 0 ) {
} else if ( strcasecmp( argv1, "sasl" ) == 0 ) {
#ifdef HAVE_CYRUS_SASL
int arg;
@ -823,6 +845,8 @@ parse_acl_auth(
ber_str2bv( argv[1], 0, 1, &li->acl_passwd );
} else if ( strcasecmp( argv[0], "acl-method" ) == 0 ) {
char *argv1;
if ( argc < 2 ) {
fprintf( stderr,
"%s: line %d: missing method in \"%s <method>\" line\n",
@ -830,7 +854,12 @@ parse_acl_auth(
return( 1 );
}
if ( strcasecmp( argv[1], "none" ) == 0 ) {
argv1 = argv[1];
if ( strncasecmp( argv1, "bindmethod=", STRLENOF( "bindmethod=" ) ) == 0 ) {
argv1 += STRLENOF( "bindmethod=" );
}
if ( strcasecmp( argv1, "none" ) == 0 ) {
/* FIXME: is this at all useful? */
li->acl_authmethod = LDAP_AUTH_NONE;
@ -840,7 +869,7 @@ parse_acl_auth(
fname, lineno, argv[0], argv[1] );
}
} else if ( strcasecmp( argv[1], "simple" ) == 0 ) {
} else if ( strcasecmp( argv1, "simple" ) == 0 ) {
li->acl_authmethod = LDAP_AUTH_SIMPLE;
if ( argc != 2 ) {
@ -849,7 +878,7 @@ parse_acl_auth(
fname, lineno, argv[0], argv[1] );
}
} else if ( strcasecmp( argv[1], "sasl" ) == 0 ) {
} else if ( strcasecmp( argv1, "sasl" ) == 0 ) {
#ifdef HAVE_CYRUS_SASL
int arg;

16
servers/slapd/back-ldap/init.c
View file

@ -113,6 +113,9 @@ ldap_back_db_init( Backend *be )
/* initialize flags */
li->flags = LDAP_BACK_F_CHASE_REFERRALS;
/* initialize version */
li->version = LDAP_VERSION3;
ldap_pvt_thread_mutex_init( &li->conn_mutex );
be->be_private = li;
@ -175,6 +178,19 @@ ldap_back_db_open( BackendDB *be )
}
#endif /* SLAPD_MONITOR */
if ( li->flags & LDAP_BACK_F_SUPPORT_T_F_DISCOVER ) {
int rc;
li->flags &= ~LDAP_BACK_F_SUPPORT_T_F_DISCOVER;
rc = slap_discover_feature( li->url, li->version,
slap_schema.si_ad_supportedFeatures->ad_cname.bv_val,
LDAP_FEATURE_ABSOLUTE_FILTERS );
if ( rc == LDAP_COMPARE_TRUE ) {
li->flags |= LDAP_BACK_F_SUPPORT_T_F;
}
}
return 0;
}

129
servers/slapd/back-ldap/search.c
View file

@ -41,6 +41,96 @@ ldap_build_entry( Operation *op, LDAPMessage *e, Entry *ent,
struct berval *bdn, int flags );
#define LDAP_BUILD_ENTRY_PRIVATE 0x01
/*
* Quick'n'dirty rewrite of filter in case of error, to deal with
* <draft-zeilenga-ldap-t-f>.
*/
static int
ldap_back_munge_filter(
Operation *op,
struct berval *filter )
{
struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private;
char *ptr;
int gotit = 0;
Debug( LDAP_DEBUG_ARGS, "=> ldap_back_munge_filter \"%s\"\n",
filter->bv_val, 0, 0 );
for ( ptr = strstr( filter->bv_val, "(?=" );
ptr;
ptr = strstr( ptr, "(?=" ) )
{
static struct berval
bv_true = BER_BVC( "(?=true)" ),
bv_false = BER_BVC( "(?=false)" ),
bv_t = BER_BVC( "(&)" ),
bv_f = BER_BVC( "(|)" ),
bv_T = BER_BVC( "(objectClass=*)" ),
bv_F = BER_BVC( "(!(objectClass=*))" );
struct berval *oldbv = NULL,
*newbv = NULL,
oldfilter = BER_BVNULL;
if ( strncmp( ptr, bv_true.bv_val, bv_true.bv_len ) == 0 ) {
oldbv = &bv_true;
if ( li->flags & LDAP_BACK_F_SUPPORT_T_F ) {
newbv = &bv_t;
} else {
newbv = &bv_T;
}
} else if ( strncmp( ptr, bv_false.bv_val, bv_false.bv_len ) == 0 )
{
oldbv = &bv_false;
if ( li->flags & LDAP_BACK_F_SUPPORT_T_F ) {
newbv = &bv_f;
} else {
newbv = &bv_F;
}
} else {
gotit = 0;
goto done;
}
oldfilter = *filter;
if ( !( li->flags & LDAP_BACK_F_SUPPORT_T_F ) ) {
filter->bv_len += newbv->bv_len - oldbv->bv_len;
if ( filter->bv_val == op->ors_filterstr.bv_val ) {
filter->bv_val = op->o_tmpalloc( filter->bv_len + 1,
op->o_tmpmemctx );
AC_MEMCPY( filter->bv_val, op->ors_filterstr.bv_val,
op->ors_filterstr.bv_len + 1 );
} else {
filter->bv_val = op->o_tmprealloc( filter->bv_val,
filter->bv_len + 1, op->o_tmpmemctx );
}
ptr = filter->bv_val + ( ptr - oldfilter.bv_val );
}
AC_MEMCPY( &ptr[ newbv->bv_len ],
&ptr[ oldbv->bv_len ],
oldfilter.bv_len - ( ptr - filter->bv_val ) - oldbv->bv_len + 1 );
AC_MEMCPY( ptr, newbv->bv_val, newbv->bv_len );
ptr += newbv->bv_len;
gotit = 1;
}
done:;
Debug( LDAP_DEBUG_ARGS, "<= ldap_back_munge_filter \"%s\" (%d)\n",
filter->bv_val, gotit, 0 );
return gotit;
}
int
ldap_back_search(
Operation *op,
@ -52,7 +142,8 @@ ldap_back_search(
*e;
int rc = 0,
msgid;
struct berval match = BER_BVNULL;
struct berval match = BER_BVNULL,
filter = BER_BVNULL;
int i;
char **attrs = NULL;
int dontfreetext = 0;
@ -109,17 +200,20 @@ ldap_back_search(
dontfreetext = 1;
goto finish;
}
/* deal with <draft-zeilenga-ldap-t-f> filters */
filter = op->ors_filterstr;
retry:
rs->sr_err = ldap_search_ext( lc->lc_ld, op->o_req_ndn.bv_val,
op->ors_scope, op->ors_filterstr.bv_val,
op->ors_scope, filter.bv_val,
attrs, op->ors_attrsonly, ctrls, NULL,
tv.tv_sec ? &tv : NULL,
op->ors_slimit, &msgid );
if ( rs->sr_err != LDAP_SUCCESS ) {
fail:;
if ( rs->sr_err == LDAP_SERVER_DOWN ) {
switch ( rs->sr_err ) {
case LDAP_SERVER_DOWN:
if ( do_retry ) {
do_retry = 0;
if ( ldap_back_retry( lc, op, rs, LDAP_BACK_DONTSEND ) ) {
@ -130,6 +224,21 @@ fail:;
ldap_back_freeconn( op, lc );
lc = NULL;
goto finish;
case LDAP_FILTER_ERROR:
if ( ldap_back_munge_filter( op, &filter ) ) {
goto retry;
}
/* invalid filters return success with no data */
rs->sr_err = LDAP_SUCCESS;
rs->sr_text = NULL;
goto finish;
default:
rs->sr_err = slap_map_api2result( rs );
rs->sr_text = NULL;
goto finish;
}
}
@ -170,18 +279,16 @@ fail:;
abort = send_search_entry( op, rs );
while ( ent.e_attrs ) {
Attribute *a;
BerVarray v;
a = ent.e_attrs;
ent.e_attrs = a->a_next;
v = a->a_vals;
if ( a->a_nvals != a->a_vals ) {
ber_bvarray_free( a->a_nvals );
}
if ( a->a_vals != &slap_dummy_bv ) {
ber_bvarray_free( a->a_vals );
}
if ( a->a_nvals != v ) {
ber_bvarray_free( a->a_nvals );
}
ch_free( a );
}
@ -310,6 +417,10 @@ finish:;
LDAP_FREE( match.bv_val );
}
if ( !BER_BVISNULL( &filter ) && filter.bv_val != op->ors_filterstr.bv_val ) {
op->o_tmpfree( filter.bv_val, op->o_tmpmemctx );
}
if ( rs->sr_text ) {
if ( !dontfreetext ) {
LDAP_FREE( (char *)rs->sr_text );

2
servers/slapd/back-ldbm/attr.c
View file

@ -201,7 +201,7 @@ attr_index_config(
if( rc ) {
fprintf( stderr, "%s: line %d: duplicate index definition "
"for attr \"%s\" (ignored)\n",
"for attr \"%s\"" SLAPD_CONF_UNKNOWN_IGNORED ".\n",
fname, lineno, attrs[i] );
return LDAP_PARAM_ERROR;

5
servers/slapd/back-ldbm/config.c
View file

@ -73,8 +73,11 @@ ldbm_back_db_config(
return( 1 );
} else if ( argc > 3 ) {
fprintf( stderr,
"%s: line %d: extra junk after \"index <attr> [pres,eq,approx,sub]\" line (ignored)\n",
"%s: line %d: extra junk after \"index <attr> [pres,eq,approx,sub]\" line" SLAPD_CONF_UNKNOWN_IGNORED ".\n",
fname, lineno );
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
return( 1 );
#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
}
rc = attr_index_config( li, fname, lineno, argc - 1, &argv[1] );

207
servers/slapd/back-ldif/ldif.c
View file

@ -31,15 +31,25 @@
#include "lutil.h"
#include "config.h"
typedef struct enumCookie {
Operation *op;
SlapReply *rs;
Entry **entries;
int elen;
int eind;
} enumCookie;
struct ldif_info {
struct berval li_base_path;
ID tool_current;
Entry ** tool_entries;
int tool_put_entry_flag;
int tool_numentries;
enumCookie li_tool_cookie;
ID li_tool_current;
ldap_pvt_thread_mutex_t li_mutex;
};
#ifdef _WIN32
#define mkdir(a,b) mkdir(a)
#endif
#define LDIF ".ldif"
#define IX_DNL '{'
@ -297,12 +307,6 @@ typedef struct bvlist {
int off;
} bvlist;
typedef struct enumCookie {
Entry **entries;
int elen;
int eind;
int scope;
} enumCookie;
static int r_enum_tree(enumCookie *ck, struct berval *path,
struct berval *pdn, struct berval *pndn)
@ -318,11 +322,6 @@ static int r_enum_tree(enumCookie *ck, struct berval *path,
return LDAP_NO_SUCH_OBJECT;
}
if(ck->entries == NULL) {
ck->entries = (Entry **) SLAP_MALLOC(sizeof(Entry *) * ENTRY_BUFF_INCREMENT);
ck->elen = ENTRY_BUFF_INCREMENT;
}
e = get_entry_for_fd(fd, pdn, pndn);
if ( !e ) {
Debug( LDAP_DEBUG_ANY,
@ -331,20 +330,58 @@ static int r_enum_tree(enumCookie *ck, struct berval *path,
return LDAP_BUSY;
}
if ( ck->scope == LDAP_SCOPE_BASE || ck->scope == LDAP_SCOPE_SUBTREE ) {
if(! (ck->eind < ck->elen)) { /* grow entries if necessary */
ck->entries = (Entry **) SLAP_REALLOC(ck->entries, sizeof(Entry *) * (ck->elen) * 2);
ck->elen *= 2;
}
if ( ck->op->ors_scope == LDAP_SCOPE_BASE ||
ck->op->ors_scope == LDAP_SCOPE_SUBTREE ) {
/* Send right away? */
if ( ck->rs ) {
/*
* if it's a referral, add it to the list of referrals. only do
* this for non-base searches, and don't check the filter
* explicitly here since it's only a candidate anyway.
*/
if ( !get_manageDSAit( ck->op )
&& ck->op->ors_scope != LDAP_SCOPE_BASE
&& is_entry_referral( e ) )
{
BerVarray erefs = get_entry_referrals( ck->op, e );
ck->rs->sr_ref = referral_rewrite( erefs,
&e->e_name, NULL,
ck->op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL
? LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE );
ck->entries[ck->eind] = e;
ck->eind++;
fd = 0;
send_search_reference( ck->op, ck->rs );
ber_bvarray_free( ck->rs->sr_ref );
ber_bvarray_free( erefs );
ck->rs->sr_ref = NULL;
} else if ( test_filter( ck->op, e, ck->op->ors_filter ) == LDAP_COMPARE_TRUE )
{
ck->rs->sr_entry = e;
ck->rs->sr_attrs = ck->op->ors_attrs;
ck->rs->sr_flags = REP_ENTRY_MODIFIABLE;
send_search_entry(ck->op, ck->rs);
}
fd = 1;
} else {
/* Queueing up for tool mode */
if(ck->entries == NULL) {
ck->entries = (Entry **) SLAP_MALLOC(sizeof(Entry *) * ENTRY_BUFF_INCREMENT);
ck->elen = ENTRY_BUFF_INCREMENT;
}
if(ck->eind >= ck->elen) { /* grow entries if necessary */
ck->entries = (Entry **) SLAP_REALLOC(ck->entries, sizeof(Entry *) * (ck->elen) * 2);
ck->elen *= 2;
}
ck->entries[ck->eind++] = e;
fd = 0;
}
} else {
fd = 1;
}
if ( ck->scope != LDAP_SCOPE_BASE ) {
if ( ck->op->ors_scope != LDAP_SCOPE_BASE ) {
DIR * dir_of_path;
bvlist *list = NULL, *ptr;
@ -409,10 +446,10 @@ static int r_enum_tree(enumCookie *ck, struct berval *path,
}
closedir(dir_of_path);
if (ck->scope == LDAP_SCOPE_ONELEVEL)
ck->scope = LDAP_SCOPE_BASE;
else if ( ck->scope == LDAP_SCOPE_SUBORDINATE)
ck->scope = LDAP_SCOPE_SUBTREE;
if (ck->op->ors_scope == LDAP_SCOPE_ONELEVEL)
ck->op->ors_scope = LDAP_SCOPE_BASE;
else if ( ck->op->ors_scope == LDAP_SCOPE_SUBORDINATE)
ck->op->ors_scope = LDAP_SCOPE_SUBTREE;
while ( ( ptr = list ) ) {
struct berval fpath;
@ -438,30 +475,17 @@ leave:
static int
enum_tree(
BackendDB *be,
struct berval *dn,
struct berval *ndn,
int * length,
Entry ***e,
int scope )
enumCookie *ck
)
{
struct ldif_info *ni = (struct ldif_info *) be->be_private;
struct ldif_info *ni = (struct ldif_info *) ck->op->o_bd->be_private;
struct berval path;
int rc;
enumCookie ck = {0};
struct berval pdn, pndn;
assert( e != NULL );
*e = NULL;
ck.scope = scope;
dnParent( dn, &pdn );
dnParent( ndn, &pndn );
dn2path(ndn, &be->be_nsuffix[0], &ni->li_base_path, &path);
rc = r_enum_tree(&ck, &path, &pdn, &pndn);
*length = ck.eind;
*e = ck.entries;
return rc;
dnParent( &ck->op->o_req_dn, &pdn );
dnParent( &ck->op->o_req_ndn, &pndn );
dn2path( &ck->op->o_req_ndn, &ck->op->o_bd->be_nsuffix[0], &ni->li_base_path, &path);
return r_enum_tree(ck, &path, &pdn, &pndn);
}
/* Get the parent path plus the LDIF suffix */
@ -728,48 +752,12 @@ ldif_back_bind( Operation *op, SlapReply *rs )
static int ldif_back_search(Operation *op, SlapReply *rs)
{
struct ldif_info *ni = (struct ldif_info *) op->o_bd->be_private;
int numentries = 0;
int i = 0;
Entry ** entries = NULL;
enumCookie ck = {0};
ck.op = op;
ck.rs = rs;
ldap_pvt_thread_mutex_lock(&ni->li_mutex);
rs->sr_err = enum_tree(op->o_bd, &op->o_req_dn, &op->o_req_ndn, &numentries, &entries, op->ors_scope);
if ( rs->sr_err == LDAP_SUCCESS ) {
for ( i = 0; i < numentries; i++ ) {
/*
* if it's a referral, add it to the list of referrals. only do
* this for non-base searches, and don't check the filter
* explicitly here since it's only a candidate anyway.
*/
if ( !get_manageDSAit( op )
&& op->oq_search.rs_scope != LDAP_SCOPE_BASE
&& is_entry_referral( entries[i] ) )
{
BerVarray erefs = get_entry_referrals( op, entries[i] );
rs->sr_ref = referral_rewrite( erefs,
&entries[i]->e_name, NULL,
op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL
? LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE );
send_search_reference( op, rs );
ber_bvarray_free( rs->sr_ref );
ber_bvarray_free( erefs );
rs->sr_ref = NULL;
} else if ( test_filter( op, entries[i], op->ors_filter ) == LDAP_COMPARE_TRUE )
{
rs->sr_entry = entries[i];
rs->sr_attrs = op->ors_attrs;
rs->sr_flags = REP_ENTRY_MODIFIABLE;
send_search_entry(op, rs);
}
entry_free(entries[i]);
}
}
SLAP_FREE(entries);
rs->sr_err = enum_tree( &ck );
ldap_pvt_thread_mutex_unlock(&ni->li_mutex);
send_ldap_result(op, rs);
@ -1064,17 +1052,14 @@ static int ldif_back_compare(Operation *op, SlapReply *rs) {
static int ldif_tool_entry_open(BackendDB * be, int mode) {
struct ldif_info *ni = (struct ldif_info *) be->be_private;
ni->tool_entries = NULL;
ni->tool_numentries = 0;
ni->tool_current = 0;
ni->tool_put_entry_flag = 0;
ni->li_tool_current = 0;
return 0;
}
static int ldif_tool_entry_close(BackendDB * be) {
struct ldif_info *ni = (struct ldif_info *) be->be_private;
SLAP_FREE(ni->tool_entries);
SLAP_FREE(ni->li_tool_cookie.entries);
return 0;
}
@ -1084,12 +1069,17 @@ ldif_tool_entry_first(BackendDB *be)
struct ldif_info *ni = (struct ldif_info *) be->be_private;
ID id = 1; /* first entry in the array of entries shifted by one */
ni->tool_current = 1;
if(ni->tool_entries == NULL || ni->tool_put_entry_flag) {
(void)enum_tree(be, be->be_suffix, be->be_nsuffix,
&ni->tool_numentries, &ni->tool_entries,
LDAP_SCOPE_SUBTREE);
ni->tool_put_entry_flag = 0;
ni->li_tool_current = 1;
if(ni->li_tool_cookie.entries == NULL) {
Operation op = {0};
op.o_bd = be;
op.o_req_dn = *be->be_suffix;
op.o_req_ndn = *be->be_nsuffix;
op.ors_scope = LDAP_SCOPE_SUBTREE;
ni->li_tool_cookie.op = &op;
(void)enum_tree( &ni->li_tool_cookie );
ni->li_tool_cookie.op = NULL;
}
return id;
}
@ -1097,28 +1087,22 @@ ldif_tool_entry_first(BackendDB *be)
static ID ldif_tool_entry_next(BackendDB *be)
{
struct ldif_info *ni = (struct ldif_info *) be->be_private;
ni->tool_current += 1;
if(ni->tool_put_entry_flag) {
(void)enum_tree(be, be->be_suffix, be->be_nsuffix,
&ni->tool_numentries, &ni->tool_entries,
LDAP_SCOPE_SUBTREE);
ni->tool_put_entry_flag = 0;
}
if(ni->tool_current > ni->tool_numentries)
ni->li_tool_current += 1;
if(ni->li_tool_current > ni->li_tool_cookie.eind)
return NOID;
else
return ni->tool_current;
return ni->li_tool_current;
}
static Entry * ldif_tool_entry_get(BackendDB * be, ID id) {
struct ldif_info *ni = (struct ldif_info *) be->be_private;
Entry * e;
if(id > ni->tool_numentries || id < 1)
if(id > ni->li_tool_cookie.eind || id < 1)
return NULL;
else {
e = ni->tool_entries[id - 1];
ni->tool_entries[id - 1] = NULL;
e = ni->li_tool_cookie.entries[id - 1];
ni->li_tool_cookie.entries[id - 1] = NULL;
return e;
}
}
@ -1168,7 +1152,6 @@ static ID ldif_tool_entry_put(BackendDB * be, Entry * e, struct berval *text) {
}
if(res == LDAP_SUCCESS) {
ni->tool_put_entry_flag = 1;
return 1;
}
else

10
servers/slapd/back-meta/add.c
View file

@ -43,7 +43,7 @@ meta_back_add( Operation *op, SlapReply *rs )
LDAPMod **attrs;
struct berval mdn = BER_BVNULL, mapped;
dncookie dc;
int msgid, do_retry = 1;
int do_retry = 1;
Debug(LDAP_DEBUG_ARGS, "==> meta_back_add: %s\n",
op->o_req_dn.bv_val, 0, 0 );
@ -61,7 +61,7 @@ meta_back_add( Operation *op, SlapReply *rs )
/*
* Rewrite the add dn, if needed
*/
dc.rwmap = &mi->mi_targets[ candidate ]->mt_rwmap;
dc.target = &mi->mi_targets[ candidate ];
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = "addDN";
@ -93,7 +93,7 @@ meta_back_add( Operation *op, SlapReply *rs )
mapped = a->a_desc->ad_cname;
} else {
ldap_back_map( &mi->mi_targets[ candidate ]->mt_rwmap.rwm_at,
ldap_back_map( &mi->mi_targets[ candidate ].mt_rwmap.rwm_at,
&a->a_desc->ad_cname, &mapped, BACKLDAP_MAP );
if ( BER_BVISNULL( &mapped ) || BER_BVISEMPTY( &mapped ) ) {
continue;
@ -118,11 +118,11 @@ meta_back_add( Operation *op, SlapReply *rs )
for ( j = 0; !BER_BVISNULL( &a->a_vals[ j ] ); ) {
struct ldapmapping *mapping;
ldap_back_mapping( &mi->mi_targets[ candidate ]->mt_rwmap.rwm_oc,
ldap_back_mapping( &mi->mi_targets[ candidate ].mt_rwmap.rwm_oc,
&a->a_vals[ j ], &mapping, BACKLDAP_MAP );
if ( mapping == NULL ) {
if ( mi->mi_targets[ candidate ]->mt_rwmap.rwm_oc.drop_missing ) {
if ( mi->mi_targets[ candidate ].mt_rwmap.rwm_oc.drop_missing ) {
continue;
}
attrs[ i ]->mod_bvalues[ j ] = &a->a_vals[ j ];

34
servers/slapd/back-meta/back-meta.h
View file

@ -70,15 +70,15 @@ struct ldaprwmap {
/* Whatever context ldap_back_dn_massage needs... */
typedef struct dncookie {
struct ldaprwmap *rwmap;
struct metatarget_t *target;
#ifdef ENABLE_REWRITE
Connection *conn;
char *ctx;
SlapReply *rs;
Connection *conn;
char *ctx;
SlapReply *rs;
#else
int normalized;
int tofrom;
int normalized;
int tofrom;
#endif
} dncookie;
@ -156,11 +156,12 @@ ldap_dnattr_result_rewrite(
/* (end of) from back-ldap.h before rwm removal */
struct metainfo_t;
typedef struct metasingleconn_t {
int msc_candidate;
#define META_NOT_CANDIDATE ((ber_tag_t)0)
#define META_CANDIDATE ((ber_tag_t)1)
#define META_LAST_CONN ((ber_tag_t)(-1))
LDAP *msc_ld;
struct berval msc_bound_ndn;
@ -169,9 +170,9 @@ typedef struct metasingleconn_t {
#define META_UNBOUND 0
#define META_BOUND 1
#define META_ANONYMOUS 2
} metasingleconn_t;
#define META_LAST(msc) ((msc)->msc_candidate == META_LAST_CONN)
struct metainfo_t *msc_info;
} metasingleconn_t;
typedef struct metaconn_t {
struct slap_conn *mc_conn;
@ -190,8 +191,10 @@ typedef struct metaconn_t {
typedef struct metatarget_t {
char *mt_uri;
struct berval mt_psuffix; /* pretty suffix */
struct berval mt_nsuffix; /* normalized suffix */
struct berval mt_binddn;
struct berval mt_bindpw;
@ -205,6 +208,9 @@ typedef struct metatarget_t {
#define META_RETRY_DEFAULT (3)
struct ldaprwmap mt_rwmap;
unsigned mt_flags;
int mt_version;
} metatarget_t;
typedef struct metadncache_t {
@ -223,7 +229,7 @@ typedef struct metainfo_t {
#define META_DEFAULT_TARGET_NONE (-1)
int mi_nretries;
metatarget_t **mi_targets;
metatarget_t *mi_targets;
SlapReply *mi_candidates;
metadncache_t mi_cache;
@ -237,9 +243,13 @@ typedef struct metainfo_t {
#define LDAP_BACK_F_NONE 0x00U
#define LDAP_BACK_F_SAVECRED 0x01U
#define LDAP_BACK_F_USE_TLS 0x02U
#define LDAP_BACK_F_TLS_CRITICAL ( 0x04U | LDAP_BACK_F_USE_TLS )
#define LDAP_BACK_F_CHASE_REFERRALS 0x8U
#define LDAP_BACK_F_PROPAGATE_TLS 0x04U
#define LDAP_BACK_F_TLS_CRITICAL 0x08U
#define LDAP_BACK_F_TLS_MASK (LDAP_BACK_F_USE_TLS|LDAP_BACK_F_PROPAGATE_TLS|LDAP_BACK_F_TLS_CRITICAL)
#define LDAP_BACK_F_CHASE_REFERRALS 0x10U
#endif
int mi_version;
} metainfo_t;
typedef enum meta_op_type {

67
servers/slapd/back-meta/bind.c
View file

@ -115,11 +115,11 @@ meta_back_bind( Operation *op, SlapReply *rs )
0, 0, 0 );
}
if ( isroot && !BER_BVISNULL( &mi->mi_targets[ i ]->mt_pseudorootdn ) )
if ( isroot && !BER_BVISNULL( &mi->mi_targets[ i ].mt_pseudorootdn ) )
{
op2.o_req_dn = mi->mi_targets[ i ]->mt_pseudorootdn;
op2.o_req_ndn = mi->mi_targets[ i ]->mt_pseudorootdn;
op2.orb_cred = mi->mi_targets[ i ]->mt_pseudorootpw;
op2.o_req_dn = mi->mi_targets[ i ].mt_pseudorootdn;
op2.o_req_ndn = mi->mi_targets[ i ].mt_pseudorootdn;
op2.orb_cred = mi->mi_targets[ i ].mt_pseudorootpw;
op2.orb_method = LDAP_AUTH_SIMPLE;
}
@ -177,7 +177,7 @@ meta_back_single_bind(
int candidate )
{
metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
metatarget_t *mt = mi->mi_targets[ candidate ];
metatarget_t *mt = &mi->mi_targets[ candidate ];
struct berval mdn = BER_BVNULL;
dncookie dc;
metasingleconn_t *msc = &mc->mc_conns[ candidate ];
@ -187,7 +187,7 @@ meta_back_single_bind(
/*
* Rewrite the bind dn if needed
*/
dc.rwmap = &mi->mi_targets[ candidate ]->mt_rwmap;
dc.target = &mi->mi_targets[ candidate ];
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = "bindDN";
@ -326,7 +326,7 @@ meta_back_single_dobind(
int nretries )
{
metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
metatarget_t *mt = mi->mi_targets[ candidate ];
metatarget_t *mt = &mi->mi_targets[ candidate ];
metasingleconn_t *msc = &mc->mc_conns[ candidate ];
int rc;
struct berval cred = BER_BVC( "" );
@ -431,6 +431,9 @@ retry:;
}
break;
}
} else {
rc = slap_map_api2result( rs );
}
rs->sr_err = rc;
@ -453,13 +456,16 @@ meta_back_dobind(
{
metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
metasingleconn_t *msc;
int bound = 0, i;
SlapReply *candidates = meta_back_candidates_get( op );
ldap_pvt_thread_mutex_lock( &mc->mc_mutex );
Debug( LDAP_DEBUG_TRACE,
"%s meta_back_dobind: conn=%ld\n",
op->o_log_prefix, mc->mc_conn->c_connid, 0 );
/*
* all the targets are bound as pseudoroot
*/
@ -468,28 +474,37 @@ meta_back_dobind(
goto done;
}
for ( i = 0, msc = &mc->mc_conns[ 0 ]; !META_LAST( msc ); ++i, ++msc ) {
metatarget_t *mt = mi->mi_targets[ i ];
int rc;
for ( i = 0; i < mi->mi_ntargets; i++ ) {
metatarget_t *mt = &mi->mi_targets[ i ];
metasingleconn_t *msc = &mc->mc_conns[ i ];
int rc;
/*
* Not a candidate or something wrong with this target ...
* Not a candidate
*/
if ( msc->msc_ld == NULL ) {
if ( candidates[ i ].sr_tag != META_CANDIDATE ) {
continue;
}
assert( msc->msc_ld != NULL );
/*
* If the target is already bound it is skipped
*/
if ( msc->msc_bound == META_BOUND && mc->mc_auth_target == i ) {
++bound;
Debug( LDAP_DEBUG_TRACE, "%s meta_back_dobind[%d]: "
"authcTarget\n",
op->o_log_prefix, i, 0 );
continue;
}
rc = meta_back_single_dobind( op, rs, mc, i,
LDAP_BACK_DONTSEND, mt->mt_nretries );
if ( rc != LDAP_SUCCESS ) {
rs->sr_err = slap_map_api2result( rs );
Debug( LDAP_DEBUG_ANY, "%s meta_back_dobind[%d]: "
"(anonymous) err=%d\n",
op->o_log_prefix, i, rc );
@ -502,13 +517,13 @@ meta_back_dobind(
* so better clear the handle
*/
candidates[ i ].sr_tag = META_NOT_CANDIDATE;
#if 0
( void )meta_clear_one_candidate( msc );
#endif
continue;
} /* else */
candidates[ i ].sr_tag = META_CANDIDATE;
Debug( LDAP_DEBUG_TRACE, "%s meta_back_dobind[%d]: "
"(anonymous)\n",
op->o_log_prefix, i, 0 );
msc->msc_bound = META_ANONYMOUS;
++bound;
}
@ -516,7 +531,11 @@ meta_back_dobind(
done:;
ldap_pvt_thread_mutex_unlock( &mc->mc_mutex );
if ( bound == 0 && sendok & LDAP_BACK_SENDERR ) {
Debug( LDAP_DEBUG_TRACE,
"%s meta_back_dobind: conn=%ld bound=%d\n",
op->o_log_prefix, mc->mc_conn->c_connid, bound );
if ( bound == 0 && ( sendok & LDAP_BACK_SENDERR ) ) {
if ( rs->sr_err == LDAP_SUCCESS ) {
rs->sr_err = LDAP_BUSY;
}
@ -557,16 +576,17 @@ meta_back_op_result(
SlapReply *rs,
int candidate )
{
metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
int i,
rerr = LDAP_SUCCESS;
metasingleconn_t *msc;
char *rmsg = NULL;
char *rmatch = NULL;
int free_rmsg = 0,
free_rmatch = 0;
if ( candidate != META_TARGET_NONE ) {
msc = &mc->mc_conns[ candidate ];
metasingleconn_t *msc = &mc->mc_conns[ candidate ];
rs->sr_err = LDAP_SUCCESS;
@ -600,9 +620,10 @@ meta_back_op_result(
}
} else {
for ( i = 0, msc = &mc->mc_conns[ 0 ]; !META_LAST( msc ); ++i, ++msc ) {
char *msg = NULL;
char *match = NULL;
for ( i = 0; i < mi->mi_ntargets; i++ ) {
metasingleconn_t *msc = &mc->mc_conns[ i ];
char *msg = NULL;
char *match = NULL;
rs->sr_err = LDAP_SUCCESS;

2
servers/slapd/back-meta/candidates.c
View file

@ -115,7 +115,7 @@ meta_back_select_unique_candidate(
int i, candidate = META_TARGET_NONE;
for ( i = 0; i < mi->mi_ntargets; ++i ) {
if ( meta_back_is_candidate( &mi->mi_targets[ i ]->mt_nsuffix, ndn, LDAP_SCOPE_BASE ) )
if ( meta_back_is_candidate( &mi->mi_targets[ i ].mt_nsuffix, ndn, LDAP_SCOPE_BASE ) )
{
if ( candidate == META_TARGET_NONE ) {
candidate = i;

25
servers/slapd/back-meta/compare.c
View file

@ -36,7 +36,6 @@ meta_back_compare( Operation *op, SlapReply *rs )
{
metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
metaconn_t *mc;
metasingleconn_t *msc;
char *match = NULL,
*err = NULL;
struct berval mmatch = BER_BVNULL;
@ -69,10 +68,11 @@ meta_back_compare( Operation *op, SlapReply *rs )
dc.rs = rs;
dc.ctx = "compareDN";
for ( i = 0, msc = &mc->mc_conns[ 0 ]; !META_LAST( msc ); ++i, ++msc ) {
struct berval mdn = BER_BVNULL;
struct berval mapped_attr = op->orc_ava->aa_desc->ad_cname;
struct berval mapped_value = op->orc_ava->aa_value;
for ( i = 0; i < mi->mi_ntargets; i++ ) {
metasingleconn_t *msc = &mc->mc_conns[ i ];
struct berval mdn = BER_BVNULL;
struct berval mapped_attr = op->orc_ava->aa_desc->ad_cname;
struct berval mapped_value = op->orc_ava->aa_value;
if ( candidates[ i ].sr_tag != META_CANDIDATE ) {
msgid[ i ] = -1;
@ -82,7 +82,7 @@ meta_back_compare( Operation *op, SlapReply *rs )
/*
* Rewrite the compare dn, if needed
*/
dc.rwmap = &mi->mi_targets[ i ]->mt_rwmap;
dc.target = &mi->mi_targets[ i ];
switch ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
case LDAP_UNWILLING_TO_PERFORM:
@ -97,7 +97,7 @@ meta_back_compare( Operation *op, SlapReply *rs )
* if attr is objectClass, try to remap the value
*/
if ( op->orc_ava->aa_desc == slap_schema.si_ad_objectClass ) {
ldap_back_map( &mi->mi_targets[ i ]->mt_rwmap.rwm_oc,
ldap_back_map( &mi->mi_targets[ i ].mt_rwmap.rwm_oc,
&op->orc_ava->aa_value,
&mapped_value, BACKLDAP_MAP );
@ -108,7 +108,7 @@ meta_back_compare( Operation *op, SlapReply *rs )
* else try to remap the attribute
*/
} else {
ldap_back_map( &mi->mi_targets[ i ]->mt_rwmap.rwm_at,
ldap_back_map( &mi->mi_targets[ i ].mt_rwmap.rwm_at,
&op->orc_ava->aa_desc->ad_cname,
&mapped_attr, BACKLDAP_MAP );
if ( BER_BVISNULL( &mapped_attr ) || mapped_attr.bv_val[0] == '\0' ) {
@ -171,10 +171,11 @@ meta_back_compare( Operation *op, SlapReply *rs )
/*
* FIXME: should we check for abandon?
*/
for ( i = 0, msc = &mc->mc_conns[ 0 ]; !META_LAST( msc ); msc++, i++ ) {
int lrc;
LDAPMessage *res = NULL;
struct timeval tv = { 0 };
for ( i = 0; i < mi->mi_ntargets; i++ ) {
metasingleconn_t *msc = &mc->mc_conns[ i ];
int lrc;
LDAPMessage *res = NULL;
struct timeval tv = { 0 };
tv.tv_sec = 0;
tv.tv_usec = 0;

270
servers/slapd/back-meta/config.c
View file

@ -34,48 +34,39 @@
#include "../../../libraries/libldap/ldap-int.h"
#include "back-meta.h"
static metatarget_t *
new_target( void )
static int
new_target(
metatarget_t *mt )
{
metatarget_t *mt;
struct ldapmapping *mapping;
struct ldapmapping *mapping;
char *rargv[ 3 ];
mt = ch_malloc( sizeof( metatarget_t ) );
if ( mt == NULL ) {
return NULL;
}
memset( mt, 0, sizeof( metatarget_t ) );
mt->mt_rwmap.rwm_rw = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
if ( mt->mt_rwmap.rwm_rw == NULL ) {
free( mt );
return NULL;
return -1;
}
{
char *rargv[3];
/*
* the filter rewrite as a string must be disabled
* by default; it can be re-enabled by adding rules;
* this creates an empty rewriteContext
*/
rargv[ 0 ] = "rewriteContext";
rargv[ 1 ] = "searchFilter";
rargv[ 2 ] = NULL;
rewrite_parse( mt->mt_rwmap.rwm_rw, "<suffix massage>",
1, 2, rargv );
/*
* the filter rewrite as a string must be disabled
* by default; it can be re-enabled by adding rules;
* this creates an empty rewriteContext
*/
rargv[ 0 ] = "rewriteContext";
rargv[ 1 ] = "searchFilter";
rargv[ 2 ] = NULL;
rewrite_parse( mt->mt_rwmap.rwm_rw, "<suffix massage>", 1, 2, rargv );
rargv[ 0 ] = "rewriteContext";
rargv[ 1 ] = "default";
rargv[ 2 ] = NULL;
rewrite_parse( mt->mt_rwmap.rwm_rw, "<suffix massage>",
1, 2, rargv );
}
rargv[ 0 ] = "rewriteContext";
rargv[ 1 ] = "default";
rargv[ 2 ] = NULL;
rewrite_parse( mt->mt_rwmap.rwm_rw, "<suffix massage>", 1, 2, rargv );
ldap_back_map_init( &mt->mt_rwmap.rwm_at, &mapping );
return mt;
return 0;
}
int
@ -116,8 +107,8 @@ meta_back_db_config(
++mi->mi_ntargets;
mi->mi_targets = ( metatarget_t ** )ch_realloc( mi->mi_targets,
sizeof( metatarget_t * ) * mi->mi_ntargets );
mi->mi_targets = ( metatarget_t * )ch_realloc( mi->mi_targets,
sizeof( metatarget_t ) * mi->mi_ntargets );
if ( mi->mi_targets == NULL ) {
fprintf( stderr,
"%s: line %d: out of memory while storing server name"
@ -126,7 +117,7 @@ meta_back_db_config(
return 1;
}
if ( ( mi->mi_targets[ i ] = new_target() ) == NULL ) {
if ( new_target( &mi->mi_targets[ i ] ) != 0 ) {
fprintf( stderr,
"%s: line %d: unable to init server"
" in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
@ -134,7 +125,9 @@ meta_back_db_config(
return 1;
}
mi->mi_targets[ i ]->mt_nretries = mi->mi_nretries;
mi->mi_targets[ i ].mt_nretries = mi->mi_nretries;
mi->mi_targets[ i ].mt_flags = mi->flags;
mi->mi_targets[ i ].mt_version = mi->mi_version;
/*
* uri MUST be legal!
@ -164,8 +157,8 @@ meta_back_db_config(
dn.bv_val = ludp->lud_dn;
dn.bv_len = strlen( ludp->lud_dn );
rc = dnPrettyNormal( NULL, &dn, &mi->mi_targets[ i ]->mt_psuffix,
&mi->mi_targets[ i ]->mt_nsuffix, NULL );
rc = dnPrettyNormal( NULL, &dn, &mi->mi_targets[ i ].mt_psuffix,
&mi->mi_targets[ i ].mt_nsuffix, NULL );
if( rc != LDAP_SUCCESS ) {
fprintf( stderr, "%s: line %d: "
"target '%s' DN is invalid\n",
@ -191,9 +184,9 @@ meta_back_db_config(
}
}
mi->mi_targets[ i ]->mt_uri = ldap_url_list2urls( ludp );
mi->mi_targets[ i ].mt_uri = ldap_url_list2urls( ludp );
ldap_free_urllist( ludp );
if ( mi->mi_targets[ i ]->mt_uri == NULL) {
if ( mi->mi_targets[ i ].mt_uri == NULL) {
fprintf( stderr, "%s: line %d: no memory?\n",
fname, lineno );
return( 1 );
@ -203,7 +196,7 @@ meta_back_db_config(
* uri MUST be a branch of suffix!
*/
#if 0 /* too strict a constraint */
if ( select_backend( &mi->mi_targets[ i ]->suffix, 0, 0 ) != be ) {
if ( select_backend( &mi->mi_targets[ i ].suffix, 0, 0 ) != be ) {
fprintf( stderr,
"%s: line %d: <naming context> of URI does not refer to current backend"
" in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
@ -214,7 +207,7 @@ meta_back_db_config(
/*
* uri MUST be a branch of a suffix!
*/
if ( select_backend( &mi->mi_targets[ i ]->mt_nsuffix, 0, 0 ) == NULL ) {
if ( select_backend( &mi->mi_targets[ i ].mt_nsuffix, 0, 0 ) == NULL ) {
fprintf( stderr,
"%s: line %d: <naming context> of URI does not resolve to a backend"
" in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
@ -223,31 +216,6 @@ meta_back_db_config(
}
#endif
#if 0
/*
* uri MUST not be used by other URIs!
*
* FIXME: this limitation may be removed,
* or worked out, at least, in some manner
*/
for ( j = 0; j < i-1; j++ ) {
if ( dn_match( &mi->mi_targets[ i ]->suffix,
&mi->mi_targets[ j ]->suffix ) ) {
fprintf( stderr,
"%s: line %d: naming context \"%s\" already used"
" in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
fname, lineno, last+1 );
return 1;
}
}
#endif
#if 0
fprintf(stderr, "%s: line %d: URI \"%s\", suffix \"%s\"\n",
fname, lineno, mi->mi_targets[ i ]->uri,
mi->mi_targets[ i ]->psuffix.bv_val );
#endif
/* default target directive */
} else if ( strcasecmp( argv[ 0 ], "default-target" ) == 0 ) {
int i = mi->mi_ntargets - 1;
@ -342,7 +310,7 @@ meta_back_db_config(
dn.bv_val = argv[ 1 ];
dn.bv_len = strlen( argv[ 1 ] );
if ( dnNormalize( 0, NULL, NULL, &dn, &mi->mi_targets[ i ]->mt_binddn,
if ( dnNormalize( 0, NULL, NULL, &dn, &mi->mi_targets[ i ].mt_binddn,
NULL ) != LDAP_SUCCESS )
{
fprintf( stderr, "%s: line %d: "
@ -379,10 +347,10 @@ meta_back_db_config(
/* FIXME: some day we'll need to throw an error */
}
ber_str2bv( argv[ 1 ], 0L, 1, &mi->mi_targets[ i ]->mt_bindpw );
ber_str2bv( argv[ 1 ], 0L, 1, &mi->mi_targets[ i ].mt_bindpw );
/* save bind creds for referral rebinds? */
} else if ( strcasecmp( argv[0], "rebind-as-user" ) == 0 ) {
} else if ( strcasecmp( argv[ 0 ], "rebind-as-user" ) == 0 ) {
if (argc != 1) {
fprintf( stderr,
"%s: line %d: rebind-as-user takes no arguments\n",
@ -392,71 +360,97 @@ meta_back_db_config(
mi->flags |= LDAP_BACK_F_SAVECRED;
} else if ( strcasecmp( argv[0], "chase-referrals" ) == 0 ) {
if ( argc != 1 ) {
} else if ( strcasecmp( argv[ 0 ], "chase-referrals" ) == 0 ) {
unsigned *flagsp = mi->mi_ntargets ?
&mi->mi_targets[ mi->mi_ntargets - 1 ].mt_flags
: &mi->flags;
if ( argc != 2 ) {
fprintf( stderr,
"%s: line %d: \"chase-referrals\" takes no arguments\n",
"%s: line %d: \"chase-referrals\" needs 1 argument.\n",
fname, lineno );
return( 1 );
}
mi->flags |= LDAP_BACK_F_CHASE_REFERRALS;
/* this is the default; we add it because the default might change... */
if ( strcasecmp( argv[ 1 ], "yes" ) == 0 ) {
*flagsp |= LDAP_BACK_F_CHASE_REFERRALS;
} else if ( strcasecmp( argv[0], "dont-chase-referrals" ) == 0 ) {
if ( argc != 1 ) {
} else if ( strcasecmp( argv[ 1 ], "no" ) == 0 ) {
*flagsp &= ~LDAP_BACK_F_CHASE_REFERRALS;
} else {
fprintf( stderr,
"%s: line %d: \"dont-chase-referrals\" takes no arguments\n",
"%s: line %d: \"chase-referrals {yes|no}\": unknown argument \"%s\".\n",
fname, lineno, argv[ 1 ] );
return( 1 );
}
} else if ( strcasecmp( argv[ 0 ], "tls" ) == 0 ) {
unsigned *flagsp = mi->mi_ntargets ?
&mi->mi_targets[ mi->mi_ntargets - 1 ].mt_flags
: &mi->flags;
if ( argc != 2 ) {
fprintf( stderr,
"%s: line %d: \"tls <what>\" needs 1 argument.\n",
fname, lineno );
return( 1 );
}
mi->flags &= ~LDAP_BACK_F_CHASE_REFERRALS;
} else if ( strncasecmp( argv[0], "tls-", STRLENOF( "tls-" ) ) == 0 ) {
/* start tls */
if ( strcasecmp( argv[0], "tls-start" ) == 0 ) {
if ( argc != 1 ) {
fprintf( stderr,
"%s: line %d: tls-start takes no arguments\n",
fname, lineno );
return( 1 );
}
mi->flags |= ( LDAP_BACK_F_USE_TLS | LDAP_BACK_F_TLS_CRITICAL );
/* start */
if ( strcasecmp( argv[ 1 ], "start" ) == 0 ) {
*flagsp |= ( LDAP_BACK_F_USE_TLS | LDAP_BACK_F_TLS_CRITICAL );
/* try start tls */
} else if ( strcasecmp( argv[0], "tls-try-start" ) == 0 ) {
if ( argc != 1 ) {
fprintf( stderr,
"%s: line %d: tls-try-start takes no arguments\n",
fname, lineno );
return( 1 );
}
mi->flags &= ~LDAP_BACK_F_TLS_CRITICAL;
mi->flags |= LDAP_BACK_F_USE_TLS;
} else if ( strcasecmp( argv[ 1 ], "try-start" ) == 0 ) {
*flagsp &= ~LDAP_BACK_F_TLS_CRITICAL;
*flagsp |= LDAP_BACK_F_USE_TLS;
/* propagate start tls */
} else if ( strcasecmp( argv[0], "tls-propagate" ) == 0 ) {
if ( argc != 1 ) {
fprintf( stderr,
"%s: line %d: tls-propagate takes no arguments\n",
fname, lineno );
return( 1 );
}
mi->flags |= ( LDAP_BACK_F_PROPAGATE_TLS | LDAP_BACK_F_TLS_CRITICAL );
} else if ( strcasecmp( argv[ 1 ], "propagate" ) == 0 ) {
*flagsp |= ( LDAP_BACK_F_PROPAGATE_TLS | LDAP_BACK_F_TLS_CRITICAL );
/* try start tls */
} else if ( strcasecmp( argv[0], "tls-try-propagate" ) == 0 ) {
if ( argc != 1 ) {
fprintf( stderr,
"%s: line %d: tls-try-propagate takes no arguments\n",
fname, lineno );
return( 1 );
}
mi->flags &= ~LDAP_BACK_F_TLS_CRITICAL;
mi->flags |= LDAP_BACK_F_PROPAGATE_TLS;
} else if ( strcasecmp( argv[ 1 ], "try-propagate" ) == 0 ) {
*flagsp &= ~LDAP_BACK_F_TLS_CRITICAL;
*flagsp |= LDAP_BACK_F_PROPAGATE_TLS;
} else {
fprintf( stderr,
"%s: line %d: \"tls <what>\": unknown argument \"%s\".\n",
fname, lineno, argv[ 1 ] );
return( 1 );
}
} else if ( strcasecmp( argv[ 0 ], "t-f-support" ) == 0 ) {
unsigned *flagsp = mi->mi_ntargets ?
&mi->mi_targets[ mi->mi_ntargets - 1 ].mt_flags
: &mi->flags;
if ( argc != 2 ) {
fprintf( stderr,
"%s: line %d: \"t-f-support {no|yes|discover}\" needs 1 argument.\n",
fname, lineno );
return( 1 );
}
if ( strcasecmp( argv[ 1 ], "no" ) == 0 ) {
*flagsp &= ~(LDAP_BACK_F_SUPPORT_T_F|LDAP_BACK_F_SUPPORT_T_F_DISCOVER);
} else if ( strcasecmp( argv[ 1 ], "yes" ) == 0 ) {
*flagsp |= LDAP_BACK_F_SUPPORT_T_F;
} else if ( strcasecmp( argv[ 1 ], "discover" ) == 0 ) {
*flagsp |= LDAP_BACK_F_SUPPORT_T_F_DISCOVER;
} else {
fprintf( stderr,
"%s: line %d: unknown value \"%s\" for \"t-f-support {no|yes|discover}\".\n",
fname, lineno, argv[ 1 ] );
return 1;
}
/* name to use as pseudo-root dn */
} else if ( strcasecmp( argv[ 0 ], "pseudorootdn" ) == 0 ) {
int i = mi->mi_ntargets - 1;
@ -479,7 +473,7 @@ meta_back_db_config(
dn.bv_val = argv[ 1 ];
dn.bv_len = strlen( argv[ 1 ] );
if ( dnNormalize( 0, NULL, NULL, &dn,
&mi->mi_targets[ i ]->mt_pseudorootdn, NULL ) != LDAP_SUCCESS )
&mi->mi_targets[ i ].mt_pseudorootdn, NULL ) != LDAP_SUCCESS )
{
fprintf( stderr, "%s: line %d: "
"pseudoroot DN '%s' is invalid\n",
@ -504,7 +498,7 @@ meta_back_db_config(
fname, lineno );
return 1;
}
ber_str2bv( argv[ 1 ], 0L, 1, &mi->mi_targets[ i ]->mt_pseudorootpw );
ber_str2bv( argv[ 1 ], 0L, 1, &mi->mi_targets[ i ].mt_pseudorootpw );
/* dn massaging */
} else if ( strcasecmp( argv[ 0 ], "suffixmassage" ) == 0 ) {
@ -589,7 +583,7 @@ meta_back_db_config(
* FIXME: no extra rewrite capabilities should be added
* to the database
*/
return suffix_massage_config( mi->mi_targets[ i ]->mt_rwmap.rwm_rw,
return suffix_massage_config( mi->mi_targets[ i ].mt_rwmap.rwm_rw,
&pvnc, &nvnc, &prnc, &nrnc );
/* rewrite stuff ... */
@ -603,7 +597,7 @@ meta_back_db_config(
return 1;
}
return rewrite_parse( mi->mi_targets[ i ]->mt_rwmap.rwm_rw,
return rewrite_parse( mi->mi_targets[ i ].mt_rwmap.rwm_rw,
fname, lineno, argc, argv );
/* objectclass/attribute mapping */
@ -617,8 +611,8 @@ meta_back_db_config(
return 1;
}
return ldap_back_map_config( &mi->mi_targets[ i ]->mt_rwmap.rwm_oc,
&mi->mi_targets[ i ]->mt_rwmap.rwm_at,
return ldap_back_map_config( &mi->mi_targets[ i ].mt_rwmap.rwm_oc,
&mi->mi_targets[ i ].mt_rwmap.rwm_at,
fname, lineno, argc, argv );
} else if ( strcasecmp( argv[ 0 ], "nretries" ) == 0 ) {
@ -654,7 +648,7 @@ meta_back_db_config(
mi->mi_nretries = nretries;
} else {
mi->mi_targets[ i ]->mt_nretries = nretries;
mi->mi_targets[ i ].mt_nretries = nretries;
}
/* anything else */
@ -685,11 +679,11 @@ ldap_back_map_config(
return 1;
}
if ( strcasecmp( argv[1], "objectclass" ) == 0 ) {
if ( strcasecmp( argv[ 1 ], "objectclass" ) == 0 ) {
map = oc_map;
is_oc = 1;
} else if ( strcasecmp( argv[1], "attribute" ) == 0 ) {
} else if ( strcasecmp( argv[ 1 ], "attribute" ) == 0 ) {
map = at_map;
} else {
@ -700,20 +694,20 @@ ldap_back_map_config(
return 1;
}
if ( strcmp( argv[2], "*" ) == 0 ) {
if ( argc < 4 || strcmp( argv[3], "*" ) == 0 ) {
if ( strcmp( argv[ 2 ], "*" ) == 0 ) {
if ( argc < 4 || strcmp( argv[ 3 ], "*" ) == 0 ) {
map->drop_missing = ( argc < 4 );
return 0;
}
src = dst = argv[3];
src = dst = argv[ 3 ];
} else if ( argc < 4 ) {
src = "";
dst = argv[2];
dst = argv[ 2 ];
} else {
src = argv[2];
dst = ( strcmp( argv[3], "*" ) == 0 ? src : argv[3] );
src = argv[ 2 ];
dst = ( strcmp( argv[ 3 ], "*" ) == 0 ? src : argv[ 3 ] );
}
if ( ( map == at_map )
@ -735,14 +729,14 @@ ldap_back_map_config(
}
ber_str2bv( src, 0, 1, &mapping->src );
ber_str2bv( dst, 0, 1, &mapping->dst );
mapping[1].src = mapping->dst;
mapping[1].dst = mapping->src;
mapping[ 1 ].src = mapping->dst;
mapping[ 1 ].dst = mapping->src;
/*
* schema check
*/
if ( is_oc ) {
if ( src[0] != '\0' ) {
if ( src[ 0 ] != '\0' ) {
if ( oc_bvfind( &mapping->src ) == NULL ) {
fprintf( stderr,
"%s: line %d: warning, source objectClass '%s' "
@ -767,7 +761,7 @@ ldap_back_map_config(
const char *text = NULL;
AttributeDescription *ad = NULL;
if ( src[0] != '\0' ) {
if ( src[ 0 ] != '\0' ) {
rc = slap_bv2ad( &mapping->src, &ad, &text );
if ( rc != LDAP_SUCCESS ) {
fprintf( stderr,
@ -793,20 +787,20 @@ ldap_back_map_config(
}
}
if ( (src[0] != '\0' && avl_find( map->map, (caddr_t)mapping, mapping_cmp ) != NULL)
|| avl_find( map->remap, (caddr_t)&mapping[1], mapping_cmp ) != NULL)
if ( (src[ 0 ] != '\0' && avl_find( map->map, (caddr_t)mapping, mapping_cmp ) != NULL)
|| avl_find( map->remap, (caddr_t)&mapping[ 1 ], mapping_cmp ) != NULL)
{
fprintf( stderr,
"%s: line %d: duplicate mapping found (ignored)\n",
"%s: line %d: duplicate mapping found" SLAPD_CONF_UNKNOWN_IGNORED ".\n",
fname, lineno );
goto error_return;
}
if ( src[0] != '\0' ) {
if ( src[ 0 ] != '\0' ) {
avl_insert( &map->map, (caddr_t)mapping,
mapping_cmp, mapping_dup );
}
avl_insert( &map->remap, (caddr_t)&mapping[1],
avl_insert( &map->remap, (caddr_t)&mapping[ 1 ],
mapping_cmp, mapping_dup );
return 0;

67
servers/slapd/back-meta/conn.c
View file

@ -121,29 +121,29 @@ myprint( Avlnode *root )
*/
static metaconn_t *
metaconn_alloc(
int ntargets )
Operation *op )
{
metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
metaconn_t *mc;
int i, ntargets = mi->mi_ntargets;
assert( ntargets > 0 );
/* malloc once only; leave an extra one for one-past-end */
mc = ( metaconn_t * )ch_malloc( sizeof( metaconn_t )
+ sizeof( metasingleconn_t ) * ( ntargets + 1 ) );
+ sizeof( metasingleconn_t ) * ntargets );
if ( mc == NULL ) {
return NULL;
}
mc->mc_conns = ( metasingleconn_t * )&mc[ 1 ];
/* FIXME: needed by META_LAST() */
mc->mc_conns[ ntargets ].msc_candidate = META_LAST_CONN;
for ( ; ntargets-- > 0; ) {
mc->mc_conns[ ntargets ].msc_ld = NULL;
BER_BVZERO( &mc->mc_conns[ ntargets ].msc_bound_ndn );
BER_BVZERO( &mc->mc_conns[ ntargets ].msc_cred );
mc->mc_conns[ ntargets ].msc_bound = META_UNBOUND;
for ( i = 0; i < ntargets; i++ ) {
mc->mc_conns[ i ].msc_ld = NULL;
BER_BVZERO( &mc->mc_conns[ i ].msc_bound_ndn );
BER_BVZERO( &mc->mc_conns[ i ].msc_cred );
mc->mc_conns[ i ].msc_bound = META_UNBOUND;
mc->mc_conns[ i ].msc_info = mi;
}
mc->mc_auth_target = META_BOUND_NONE;
@ -328,7 +328,7 @@ retry:;
* If the connection DN is not null, an attempt to rewrite it is made
*/
if ( !BER_BVISEMPTY( &op->o_conn->c_dn ) ) {
dc.rwmap = &mt->mt_rwmap;
dc.target = mt;
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = "bindDN";
@ -381,7 +381,7 @@ meta_back_retry(
ldap_back_send_t sendok )
{
metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
metatarget_t *mt = mi->mi_targets[ candidate ];
metatarget_t *mt = &mi->mi_targets[ candidate ];
int rc;
metasingleconn_t *msc = &mc->mc_conns[ candidate ];
@ -493,7 +493,7 @@ meta_back_get_candidate(
* and a default target is defined, and it is
* a candidate, try using it (FIXME: YMMV) */
if ( mi->mi_defaulttarget != META_DEFAULT_TARGET_NONE
&& meta_back_is_candidate( &mi->mi_targets[ mi->mi_defaulttarget ]->mt_nsuffix,
&& meta_back_is_candidate( &mi->mi_targets[ mi->mi_defaulttarget ].mt_nsuffix,
ndn, op->o_tag == LDAP_REQ_SEARCH ? op->ors_scope : LDAP_SCOPE_BASE ) )
{
candidate = mi->mi_defaulttarget;
@ -592,7 +592,9 @@ meta_back_getconn(
int cached = META_TARGET_NONE,
i = META_TARGET_NONE,
err = LDAP_SUCCESS,
new_conn = 0;
new_conn = 0,
ncandidates = 0;
meta_op_type op_type = META_OP_REQUIRE_SINGLE;
int parent = 0,
@ -656,7 +658,7 @@ meta_back_getconn(
/* Looks like we didn't get a bind. Open a new session... */
if ( !mc ) {
mc = metaconn_alloc( mi->mi_ntargets );
mc = metaconn_alloc( op );
mc->mc_conn = op->o_conn;
new_conn = 1;
}
@ -667,10 +669,11 @@ meta_back_getconn(
* The target is activated; if needed, it is
* also init'd
*/
int lerr = meta_back_init_one_conn( op, rs, mi->mi_targets[ i ],
int lerr = meta_back_init_one_conn( op, rs, &mi->mi_targets[ i ],
&mc->mc_conns[ i ], sendok );
if ( lerr == LDAP_SUCCESS ) {
candidates[ i ].sr_tag = META_CANDIDATE;
ncandidates++;
} else {
@ -732,7 +735,7 @@ meta_back_getconn(
return NULL;
}
Debug( LDAP_DEBUG_CACHE,
Debug( LDAP_DEBUG_TRACE,
"==>meta_back_getconn: got target %d for ndn=\"%s\" from cache\n",
i, op->o_req_ndn.bv_val, 0 );
@ -745,7 +748,7 @@ meta_back_getconn(
/* Looks like we didn't get a bind. Open a new session... */
if ( !mc ) {
mc = metaconn_alloc( mi->mi_ntargets );
mc = metaconn_alloc( op );
mc->mc_conn = op->o_conn;
new_conn = 1;
}
@ -760,10 +763,11 @@ meta_back_getconn(
* also init'd. In case of error, meta_back_init_one_conn
* sends the appropriate result.
*/
err = meta_back_init_one_conn( op, rs, mi->mi_targets[ i ],
err = meta_back_init_one_conn( op, rs, &mi->mi_targets[ i ],
&mc->mc_conns[ i ], sendok );
if ( err == LDAP_SUCCESS ) {
candidates[ i ].sr_tag = META_CANDIDATE;
ncandidates++;
} else {
@ -789,18 +793,16 @@ meta_back_getconn(
*/
} else {
int ncandidates = 0;
/* Looks like we didn't get a bind. Open a new session... */
if ( !mc ) {
mc = metaconn_alloc( mi->mi_ntargets );
mc = metaconn_alloc( op );
mc->mc_conn = op->o_conn;
new_conn = 1;
}
for ( i = 0; i < mi->mi_ntargets; i++ ) {
if ( i == cached
|| meta_back_is_candidate( &mi->mi_targets[ i ]->mt_nsuffix,
|| meta_back_is_candidate( &mi->mi_targets[ i ].mt_nsuffix,
&op->o_req_ndn, LDAP_SCOPE_SUBTREE ) )
{
@ -809,12 +811,15 @@ meta_back_getconn(
* also init'd
*/
int lerr = meta_back_init_one_conn( op, rs,
mi->mi_targets[ i ],
&mi->mi_targets[ i ],
&mc->mc_conns[ i ], sendok );
if ( lerr == LDAP_SUCCESS ) {
candidates[ i ].sr_tag = META_CANDIDATE;
ncandidates++;
Debug( LDAP_DEBUG_TRACE, "%s: meta_back_init_one_conn(%d)\n",
op->o_log_prefix, i, 0 );
} else {
/*
@ -884,13 +889,13 @@ done:;
*/
if ( err == 0 ) {
Debug( LDAP_DEBUG_TRACE,
"%s meta_back_getconn: conn %ld inserted\n",
op->o_log_prefix, mc->mc_conn->c_connid, 0 );
"%s meta_back_getconn: candidates=%d conn=%ld inserted\n",
op->o_log_prefix, ncandidates, mc->mc_conn->c_connid );
} else {
Debug( LDAP_DEBUG_TRACE,
"%s meta_back_getconn: conn %ld insert failed\n",
op->o_log_prefix, mc->mc_conn->c_connid, 0 );
Debug( LDAP_DEBUG_ANY,
"%s meta_back_getconn: candidates=%d conn=%ld insert failed\n",
op->o_log_prefix, ncandidates, mc->mc_conn->c_connid );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "Internal server error";
@ -904,8 +909,8 @@ done:;
} else {
Debug( LDAP_DEBUG_TRACE,
"%s meta_back_getconn: conn %ld fetched\n",
op->o_log_prefix, mc->mc_conn->c_connid, 0 );
"%s meta_back_getconn: candidates=%d conn=%ld fetched\n",
op->o_log_prefix, ncandidates, mc->mc_conn->c_connid );
}
return mc;

4
servers/slapd/back-meta/delete.c
View file

@ -39,7 +39,7 @@ meta_back_delete( Operation *op, SlapReply *rs )
int candidate = -1;
struct berval mdn = BER_BVNULL;
dncookie dc;
int msgid, do_retry = 1;
int do_retry = 1;
mc = meta_back_getconn( op, rs, &candidate, LDAP_BACK_SENDERR );
if ( !mc || !meta_back_dobind( op, rs, mc, LDAP_BACK_SENDERR ) ) {
@ -51,7 +51,7 @@ meta_back_delete( Operation *op, SlapReply *rs )
/*
* Rewrite the compare dn, if needed
*/
dc.rwmap = &mi->mi_targets[ candidate ]->mt_rwmap;
dc.target = &mi->mi_targets[ candidate ];
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = "deleteDN";

41
servers/slapd/back-meta/init.c
View file

@ -45,7 +45,7 @@ meta_back_initialize(
bi->bi_db_init = meta_back_db_init;
bi->bi_db_config = meta_back_db_config;
bi->bi_db_open = 0;
bi->bi_db_open = meta_back_db_open;
bi->bi_db_close = 0;
bi->bi_db_destroy = meta_back_db_destroy;
@ -92,28 +92,60 @@ meta_back_db_init(
/* safe default */
mi->mi_nretries = META_RETRY_DEFAULT;
mi->mi_version = LDAP_VERSION3;
be->be_private = mi;
return 0;
}
int
meta_back_db_open(
Backend *be )
{
metainfo_t *mi = (metainfo_t *)be->be_private;
int i, rc;
for ( i = 0; i < mi->mi_ntargets; i++ ) {
if ( mi->mi_targets[ i ].mt_flags & LDAP_BACK_F_SUPPORT_T_F_DISCOVER ) {
mi->mi_targets[ i ].mt_flags &= ~LDAP_BACK_F_SUPPORT_T_F_DISCOVER;
rc = slap_discover_feature( mi->mi_targets[ i ].mt_uri,
mi->mi_targets[ i ].mt_version,
slap_schema.si_ad_supportedFeatures->ad_cname.bv_val,
LDAP_FEATURE_ABSOLUTE_FILTERS );
if ( rc == LDAP_COMPARE_TRUE ) {
mi->mi_targets[ i ].mt_flags |= LDAP_BACK_F_SUPPORT_T_F;
}
}
}
return 0;
}
static void
conn_free(
void *v_mc )
{
metaconn_t *mc = v_mc;
metasingleconn_t *msc;
int i, ntargets;
assert( mc->mc_conns != NULL );
for ( msc = &mc->mc_conns[ 0 ]; !META_LAST( msc ); msc++ ) {
/* at least one must be present... */
ntargets = mc->mc_conns[ 0 ].msc_info->mi_ntargets;
for ( i = 0; i < ntargets; i++ ) {
metasingleconn_t *msc = &mc->mc_conns[ i ];
if ( msc->msc_ld != NULL ) {
ldap_unbind_ext_s( msc->msc_ld, NULL, NULL );
}
if ( !BER_BVISNULL( &msc->msc_bound_ndn ) ) {
ber_memfree( msc->msc_bound_ndn.bv_val );
}
if ( !BER_BVISNULL( &msc->msc_cred ) ) {
/* destroy sensitive data */
memset( msc->msc_cred.bv_val, 0, msc->msc_cred.bv_len );
@ -193,8 +225,7 @@ meta_back_db_destroy(
* least one ...)
*/
for ( i = 0; i < mi->mi_ntargets; i++ ) {
target_free( mi->mi_targets[ i ] );
free( mi->mi_targets[ i ] );
target_free( &mi->mi_targets[ i ] );
}
free( mi->mi_targets );

42
servers/slapd/back-meta/map.c
View file

@ -206,12 +206,12 @@ map_attr_value(
struct berval vtmp;
int freeval = 0;
ldap_back_map( &dc->rwmap->rwm_at, &ad->ad_cname, mapped_attr, remap );
ldap_back_map( &dc->target->mt_rwmap.rwm_at, &ad->ad_cname, mapped_attr, remap );
if ( BER_BVISNULL( mapped_attr ) || BER_BVISEMPTY( mapped_attr ) ) {
/*
* FIXME: are we sure we need to search oc_map if at_map fails?
*/
ldap_back_map( &dc->rwmap->rwm_oc, &ad->ad_cname, mapped_attr, remap );
ldap_back_map( &dc->target->mt_rwmap.rwm_oc, &ad->ad_cname, mapped_attr, remap );
if ( BER_BVISNULL( mapped_attr ) || BER_BVISEMPTY( mapped_attr ) ) {
*mapped_attr = ad->ad_cname;
}
@ -244,7 +244,7 @@ map_attr_value(
}
} else if ( ad == slap_schema.si_ad_objectClass || ad == slap_schema.si_ad_structuralObjectClass ) {
ldap_back_map( &dc->rwmap->rwm_oc, value, &vtmp, remap );
ldap_back_map( &dc->target->mt_rwmap.rwm_oc, value, &vtmp, remap );
if ( BER_BVISNULL( &vtmp ) || BER_BVISEMPTY( &vtmp ) ) {
vtmp = *value;
}
@ -276,7 +276,7 @@ ldap_back_int_filter_map_rewrite(
ber_len_t len;
if ( f == NULL ) {
ber_str2bv( "No filter!", sizeof("No filter!")-1, 1, fstr );
ber_str2bv( "No filter!", STRLENOF( "No filter!" ), 1, fstr );
return -1;
}
@ -454,7 +454,7 @@ ldap_back_int_filter_map_rewrite(
break;
case LDAP_FILTER_EXT: {
case LDAP_FILTER_EXT:
if ( f->f_mr_desc ) {
if ( map_attr_value( dc, f->f_mr_desc, &atmp,
&f->f_mr_value, &vtmp, remap ) )
@ -481,19 +481,40 @@ ldap_back_int_filter_map_rewrite(
!BER_BVISEMPTY( &f->f_mr_rule_text ) ? f->f_mr_rule_text.bv_val : "",
vtmp.bv_val );
ber_memfree( vtmp.bv_val );
} break;
break;
case SLAPD_FILTER_COMPUTED:
switch ( f->f_result ) {
case LDAP_COMPARE_FALSE:
ber_str2bv( "(?=false)", STRLENOF( "(?=false)" ), 1, fstr );
if ( dc->target->mt_flags & LDAP_BACK_F_SUPPORT_T_F ) {
ber_str2bv( "(|)", STRLENOF( "(|)" ), 1, fstr );
} else {
#if 0
ber_str2bv( "(?=false)", STRLENOF( "(?=false)" ), 1, fstr );
#endif
/* better than nothing... */
ber_str2bv( "(!(objectClass=*))", STRLENOF( "(!(objectClass=*))" ), 1, fstr );
}
break;
case LDAP_COMPARE_TRUE:
ber_str2bv( "(?=true)", STRLENOF( "(?=true)" ), 1, fstr );
if ( dc->target->mt_flags & LDAP_BACK_F_SUPPORT_T_F ) {
ber_str2bv( "(&)", STRLENOF( "(&)" ), 1, fstr );
} else {
#if 0
ber_str2bv( "(?=true)", STRLENOF( "(?=true)" ), 1, fstr );
#endif
/* better than nothing... */
ber_str2bv( "(objectClass=*)", STRLENOF( "(objectClass=*)" ), 1, fstr );
}
break;
case SLAPD_COMPARE_UNDEFINED:
ber_str2bv( "(?=undefined)", STRLENOF( "(?=undefined)" ), 1, fstr );
break;
default:
ber_str2bv( "(?=error)", STRLENOF( "(?=error)" ), 1, fstr );
break;
@ -531,7 +552,7 @@ ldap_back_filter_map_rewrite(
fdc.ctx = "searchFilter";
switch ( rewrite_session( fdc.rwmap->rwm_rw, fdc.ctx,
switch ( rewrite_session( fdc.target->mt_rwmap.rwm_rw, fdc.ctx,
( !BER_BVISEMPTY( &ftmp ) ? ftmp.bv_val : "" ),
fdc.conn, &fstr->bv_val ) )
{
@ -544,7 +565,8 @@ ldap_back_filter_map_rewrite(
}
Debug( LDAP_DEBUG_ARGS,
"[rw] %s: \"%s\" -> \"%s\"\n",
fdc.ctx, ftmp.bv_val, fstr->bv_val );
fdc.ctx, BER_BVISNULL( &ftmp ) ? "" : ftmp.bv_val,
BER_BVISNULL( fstr ) ? "" : fstr->bv_val );
rc = LDAP_SUCCESS;
break;

8
servers/slapd/back-meta/modify.c
View file

@ -57,7 +57,7 @@ meta_back_modify( Operation *op, SlapReply *rs )
/*
* Rewrite the modify dn, if needed
*/
dc.rwmap = &mi->mi_targets[ candidate ]->mt_rwmap;
dc.target = &mi->mi_targets[ candidate ];
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = "modifyDN";
@ -99,7 +99,7 @@ meta_back_modify( Operation *op, SlapReply *rs )
mapped = ml->sml_desc->ad_cname;
} else {
ldap_back_map( &mi->mi_targets[ candidate ]->mt_rwmap.rwm_at,
ldap_back_map( &mi->mi_targets[ candidate ].mt_rwmap.rwm_at,
&ml->sml_desc->ad_cname, &mapped,
BACKLDAP_MAP );
if ( BER_BVISNULL( &mapped ) || BER_BVISEMPTY( &mapped ) ) {
@ -126,11 +126,11 @@ meta_back_modify( Operation *op, SlapReply *rs )
for ( j = 0; !BER_BVISNULL( &ml->sml_values[ j ] ); ) {
struct ldapmapping *mapping;
ldap_back_mapping( &mi->mi_targets[ candidate ]->mt_rwmap.rwm_oc,
ldap_back_mapping( &mi->mi_targets[ candidate ].mt_rwmap.rwm_oc,
&ml->sml_values[ j ], &mapping, BACKLDAP_MAP );
if ( mapping == NULL ) {
if ( mi->mi_targets[ candidate ]->mt_rwmap.rwm_oc.drop_missing ) {
if ( mi->mi_targets[ candidate ].mt_rwmap.rwm_oc.drop_missing ) {
continue;
}
mods[ i ].mod_bvalues[ j ] = &ml->sml_values[ j ];

8
servers/slapd/back-meta/modrdn.c
View file

@ -40,7 +40,7 @@ meta_back_modrdn( Operation *op, SlapReply *rs )
struct berval mdn = BER_BVNULL,
mnewSuperior = BER_BVNULL;
dncookie dc;
int msgid, do_retry = 1;
int do_retry = 1;
mc = meta_back_getconn( op, rs, &candidate, LDAP_BACK_SENDERR );
if ( !mc || !meta_back_dobind( op, rs, mc, LDAP_BACK_SENDERR ) ) {
@ -48,7 +48,7 @@ meta_back_modrdn( Operation *op, SlapReply *rs )
}
assert( mc->mc_conns[ candidate ].msc_ld != NULL );
dc.conn = op->o_conn;
dc.rs = rs;
@ -82,7 +82,7 @@ meta_back_modrdn( Operation *op, SlapReply *rs )
/*
* Rewrite the new superior, if defined and required
*/
dc.rwmap = &mi->mi_targets[ candidate ]->mt_rwmap;
dc.target = &mi->mi_targets[ candidate ];
dc.ctx = "newSuperiorDN";
if ( ldap_back_dn_massage( &dc, op->orr_newSup, &mnewSuperior ) ) {
rs->sr_err = LDAP_OTHER;
@ -93,7 +93,7 @@ meta_back_modrdn( Operation *op, SlapReply *rs )
/*
* Rewrite the modrdn dn, if required
*/
dc.rwmap = &mi->mi_targets[ candidate ]->mt_rwmap;
dc.target = &mi->mi_targets[ candidate ];
dc.ctx = "modrDN";
if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
rs->sr_err = LDAP_OTHER;

1
servers/slapd/back-meta/proto-meta.h
View file

@ -32,6 +32,7 @@ extern BI_close meta_back_close;
extern BI_destroy meta_back_destroy;
extern BI_db_init meta_back_db_init;
extern BI_db_open meta_back_db_open;
extern BI_db_destroy meta_back_db_destroy;
extern BI_db_config meta_back_db_config;

49
servers/slapd/back-meta/search.c
View file

@ -76,12 +76,12 @@ meta_back_search_start(
( void * )&op->ors_slimit);
}
dc->rwmap = &mi->mi_targets[ candidate ]->mt_rwmap;
dc->target = &mi->mi_targets[ candidate ];
/*
* modifies the base according to the scope, if required
*/
suffixlen = mi->mi_targets[ candidate ]->mt_nsuffix.bv_len;
suffixlen = mi->mi_targets[ candidate ].mt_nsuffix.bv_len;
if ( suffixlen > op->o_req_ndn.bv_len ) {
switch ( op->ors_scope ) {
case LDAP_SCOPE_SUBTREE:
@ -93,10 +93,10 @@ meta_back_search_start(
* the requested searchBase already passed
* thru the candidate analyzer...
*/
if ( dnIsSuffix( &mi->mi_targets[ candidate ]->mt_nsuffix,
if ( dnIsSuffix( &mi->mi_targets[ candidate ].mt_nsuffix,
&op->o_req_ndn ) )
{
realbase = mi->mi_targets[ candidate ]->mt_nsuffix;
realbase = mi->mi_targets[ candidate ].mt_nsuffix;
} else {
/*
@ -106,20 +106,30 @@ meta_back_search_start(
}
break;
#ifdef LDAP_SCOPE_SUBORDINATE
case LDAP_SCOPE_SUBORDINATE:
#endif /* LDAP_SCOPE_SUBORDINATE */
case LDAP_SCOPE_ONELEVEL:
{
struct berval rdn = mi->mi_targets[ candidate ]->mt_nsuffix;
struct berval rdn = mi->mi_targets[ candidate ].mt_nsuffix;
rdn.bv_len -= op->o_req_ndn.bv_len + STRLENOF( "," );
if ( dnIsOneLevelRDN( &rdn )
&& dnIsSuffix( &mi->mi_targets[ candidate ]->mt_nsuffix, &op->o_req_ndn ) )
&& dnIsSuffix( &mi->mi_targets[ candidate ].mt_nsuffix, &op->o_req_ndn ) )
{
/*
* if there is exactly one level,
* make the target suffix the new
* base, and make scope "base"
*/
realbase = mi->mi_targets[ candidate ]->mt_nsuffix;
realscope = LDAP_SCOPE_BASE;
realbase = mi->mi_targets[ candidate ].mt_nsuffix;
#ifdef LDAP_SCOPE_SUBORDINATE
if ( op->ors_scope == LDAP_SCOPE_SUBORDINATE ) {
realscope = LDAP_SCOPE_SUBTREE;
} else
#endif /* LDAP_SCOPE_SUBORDINATE */
{
realscope = LDAP_SCOPE_BASE;
}
break;
} /* else continue with the next case */
}
@ -175,7 +185,7 @@ meta_back_search_start(
/*
* Maps required attributes
*/
rc = ldap_back_map_attrs( &mi->mi_targets[ candidate ]->mt_rwmap.rwm_at,
rc = ldap_back_map_attrs( &mi->mi_targets[ candidate ].mt_rwmap.rwm_at,
op->ors_attrs, BACKLDAP_MAP, &mapped_attrs );
if ( rc != LDAP_SUCCESS ) {
/*
@ -220,7 +230,6 @@ meta_back_search( Operation *op, SlapReply *rs )
{
metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
metaconn_t *mc;
metasingleconn_t *msc;
struct timeval tv = { 0, 0 };
LDAPMessage *res = NULL, *e;
int rc = 0, sres = LDAP_SUCCESS;
@ -249,7 +258,9 @@ meta_back_search( Operation *op, SlapReply *rs )
/*
* Inits searches
*/
for ( i = 0, msc = &mc->mc_conns[ 0 ]; !META_LAST( msc ); ++i, ++msc ) {
for ( i = 0; i < mi->mi_ntargets; i++ ) {
metasingleconn_t *msc = &mc->mc_conns[ i ];
candidates[ i ].sr_msgid = -1;
if ( candidates[ i ].sr_tag != META_CANDIDATE ) {
@ -319,7 +330,9 @@ meta_back_search( Operation *op, SlapReply *rs )
for ( rc = 0; ncandidates > 0; ) {
int gotit = 0, doabandon = 0;
for ( i = 0, msc = &mc->mc_conns[ 0 ]; !META_LAST( msc ); msc++, i++ ) {
for ( i = 0; i < mi->mi_ntargets; i++ ) {
metasingleconn_t *msc = &mc->mc_conns[ i ];
if ( candidates[ i ].sr_msgid == -1 ) {
continue;
}
@ -506,7 +519,7 @@ really_bad:;
0, 0, &match );
dc.ctx = "matchedDN";
dc.rwmap = &mi->mi_targets[ i ]->mt_rwmap;
dc.target = &mi->mi_targets[ i ];
if ( !ldap_back_dn_massage( &dc, &match, &mmatch ) ) {
if ( mmatch.bv_val == match.bv_val ) {
@ -607,7 +620,9 @@ really_bad:;
/* check for abandon */
if ( op->o_abandon || doabandon ) {
for ( i = 0, msc = mc->mc_conns; !META_LAST( msc ); msc++, i++ ) {
for ( i = 0; i < mi->mi_ntargets; i++ ) {
metasingleconn_t *msc = &mc->mc_conns[ i ];
if ( candidates[ i ].sr_msgid != -1 ) {
ldap_abandon_ext( msc->msc_ld,
candidates[ i ].sr_msgid,
@ -764,7 +779,7 @@ meta_send_entry(
/*
* Rewrite the dn of the result, if needed
*/
dc.rwmap = &mi->mi_targets[ target ]->mt_rwmap;
dc.target = &mi->mi_targets[ target ];
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = "searchResult";
@ -801,7 +816,7 @@ meta_send_entry(
while ( ber_scanf( &ber, "{m", &a ) != LBER_ERROR ) {
int last = 0;
ldap_back_map( &mi->mi_targets[ target ]->mt_rwmap.rwm_at,
ldap_back_map( &mi->mi_targets[ target ].mt_rwmap.rwm_at,
&a, &mapped, BACKLDAP_REMAP );
if ( BER_BVISNULL( &mapped ) || mapped.bv_val[0] == '\0' ) {
continue;
@ -859,7 +874,7 @@ meta_send_entry(
for ( last = 0; !BER_BVISNULL( &attr->a_vals[ last ] ); ++last );
for ( bv = attr->a_vals; !BER_BVISNULL( bv ); bv++ ) {
ldap_back_map( &mi->mi_targets[ target ]->mt_rwmap.rwm_oc,
ldap_back_map( &mi->mi_targets[ target ].mt_rwmap.rwm_oc,
bv, &mapped, BACKLDAP_REMAP );
if ( BER_BVISNULL( &mapped ) || mapped.bv_val[0] == '\0') {
free( bv->bv_val );

50
servers/slapd/back-meta/suffixmassage.c
View file

@ -61,15 +61,15 @@
#ifdef ENABLE_REWRITE
int
ldap_back_dn_massage(
dncookie *dc,
struct berval *dn,
struct berval *res
)
dncookie *dc,
struct berval *dn,
struct berval *res )
{
int rc = 0;
int rc = 0;
static char *dmy = "";
switch ( rewrite_session( dc->rwmap->rwm_rw, dc->ctx,
( dn->bv_len ? dn->bv_val : "" ),
switch ( rewrite_session( dc->target->mt_rwmap.rwm_rw, dc->ctx,
( dn->bv_val ? dn->bv_val : dmy ),
dc->conn, &res->bv_val ) )
{
case REWRITE_REGEXEC_OK:
@ -78,13 +78,11 @@ ldap_back_dn_massage(
} else {
*res = *dn;
}
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDAP, DETAIL1,
"[rw] %s: \"%s\" -> \"%s\"\n", dc->ctx, dn->bv_val, res->bv_val );
#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS,
"[rw] %s: \"%s\" -> \"%s\"\n", dc->ctx, dn->bv_val, res->bv_val );
#endif /* !NEW_LOGGING */
"[rw] %s: \"%s\" -> \"%s\"\n",
dc->ctx,
BER_BVISNULL( dn ) ? "" : dn->bv_val,
BER_BVISNULL( res ) ? "" : res->bv_val );
rc = LDAP_SUCCESS;
break;
@ -104,6 +102,11 @@ ldap_back_dn_massage(
rc = LDAP_OTHER;
break;
}
if ( res->bv_val == dmy ) {
BER_BVZERO( res );
}
return rc;
}
@ -130,7 +133,7 @@ ldap_back_dn_massage(
res->bv_len = 0;
return 0;
}
if ( dc->rwmap == NULL || dc->rwmap->rwm_suffix_massage == NULL ) {
if ( dc->target->mt_rwmap.rwm_suffix_massage == NULL ) {
*res = *dn;
return 0;
}
@ -149,9 +152,9 @@ ldap_back_dn_massage(
}
for ( i = 0;
dc->rwmap->rwm_suffix_massage[i].bv_val != NULL;
dc->target->mt_rwmap.rwm_suffix_massage[i].bv_val != NULL;
i += 4 ) {
int aliasLength = dc->rwmap->rwm_suffix_massage[i+src].bv_len;
int aliasLength = dc->target->mt_rwmap.rwm_suffix_massage[i+src].bv_len;
int diff = dn->bv_len - aliasLength;
if ( diff < 0 ) {
@ -163,21 +166,16 @@ ldap_back_dn_massage(
/* At a DN Separator */
}
if ( !strcmp( dc->rwmap->rwm_suffix_massage[i+src].bv_val, &dn->bv_val[diff] ) ) {
res->bv_len = diff + dc->rwmap->rwm_suffix_massage[i+dst].bv_len;
if ( !strcmp( dc->target->mt_rwmap.rwm_suffix_massage[i+src].bv_val, &dn->bv_val[diff] ) ) {
res->bv_len = diff + dc->target->mt_rwmap.rwm_suffix_massage[i+dst].bv_len;
res->bv_val = ch_malloc( res->bv_len + 1 );
strncpy( res->bv_val, dn->bv_val, diff );
strcpy( &res->bv_val[diff], dc->rwmap->rwm_suffix_massage[i+dst].bv_val );
#ifdef NEW_LOGGING
LDAP_LOG ( BACK_LDAP, ARGS,
"ldap_back_dn_massage: converted \"%s\" to \"%s\"\n",
dn->bv_val, res->bv_val, 0 );
#else
strcpy( &res->bv_val[diff], dc->target->mt_rwmap.rwm_suffix_massage[i+dst].bv_val );
Debug( LDAP_DEBUG_ARGS,
"ldap_back_dn_massage:"
" converted \"%s\" to \"%s\"\n",
dn->bv_val, res->bv_val, 0 );
#endif
BER_BVISNULL( dn ) ? "" : dn->bv_val,
BER_BVISNULL( res ) ? "" : res->bv_val, 0 );
break;
}
}

2
servers/slapd/back-meta/unbind.c
View file

@ -67,7 +67,7 @@ meta_back_conn_destroy(
continue;
}
rewrite_session_delete( mi->mi_targets[ i ]->mt_rwmap.rwm_rw, conn );
rewrite_session_delete( mi->mi_targets[ i ].mt_rwmap.rwm_rw, conn );
meta_clear_one_candidate( &mc->mc_conns[ i ] );
}
meta_back_conn_free( mc );

1
servers/slapd/back-monitor/back-monitor.h
View file

@ -120,6 +120,7 @@ typedef struct monitor_info_t {
AttributeDescription *mi_ad_monitorConnectionPeerDomain;
AttributeDescription *mi_ad_monitorConnectionStartTime;
AttributeDescription *mi_ad_monitorConnectionActivityTime;
AttributeDescription *mi_ad_monitorIsShadow;
/*
* Generic description attribute

9
servers/slapd/back-monitor/database.c
View file

@ -196,17 +196,20 @@ monitor_subsys_database_init(
"structuralObjectClass: %s\n"
"cn: Database %d\n"
"%s: %s\n"
"%s: %s\n"
"creatorsName: %s\n"
"modifiersName: %s\n"
"createTimestamp: %s\n"
"modifyTimestamp: %s\n",
i,
ms->mss_dn.bv_val,
ms->mss_dn.bv_val,
mi->mi_oc_monitoredObject->soc_cname.bv_val,
mi->mi_oc_monitoredObject->soc_cname.bv_val,
i,
mi->mi_ad_monitoredInfo->ad_cname.bv_val,
bi->bi_type,
bi->bi_type,
mi->mi_ad_monitorIsShadow->ad_cname.bv_val,
SLAP_SHADOW( be ) ? slap_true_bv.bv_val : slap_false_bv.bv_val,
mi->mi_creatorsName.bv_val,
mi->mi_creatorsName.bv_val,
mi->mi_startTime.bv_val,
@ -221,7 +224,7 @@ monitor_subsys_database_init(
return( -1 );
}
if ( SLAP_MONITOR(be) ) {
if ( SLAP_MONITOR( be ) ) {
attr_merge( e, slap_schema.si_ad_monitorContext,
be->be_suffix, be->be_nsuffix );
attr_merge( e_database, slap_schema.si_ad_monitorContext,

53
servers/slapd/back-monitor/init.c
View file

@ -1158,6 +1158,14 @@ monitor_back_initialize(
"NO-USER-MODIFICATION "
"USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
offsetof(monitor_info_t, mi_ad_monitorConnectionActivityTime) },
{ "monitorIsShadow", "( 1.3.6.1.4.1.4203.666.1.52 "
"NAME 'monitorIsShadow' "
"DESC 'TRUE if the database is shadow' "
"EQUALITY booleanMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 "
"SINGLE-VALUE "
"USAGE directoryOperation )", SLAP_AT_HIDE,
offsetof(monitor_info_t, mi_ad_monitorIsShadow) },
{ NULL, NULL, 0, -1 }
};
@ -1364,8 +1372,7 @@ monitor_back_db_open(
Entry *e, **ep;
monitor_entry_t *mp;
int i;
char buf[ BACKMONITOR_BUFSIZE ],
*end_of_line;
char buf[ BACKMONITOR_BUFSIZE ];
struct berval bv;
struct tm *tms;
#ifdef HAVE_GMTIME_R
@ -1444,20 +1451,36 @@ monitor_back_db_open(
return( -1 );
}
bv.bv_val = (char *) Versionstr;
end_of_line = strchr( Versionstr, '\n' );
if ( end_of_line ) {
bv.bv_len = end_of_line - Versionstr;
} else {
bv.bv_len = strlen( Versionstr );
}
bv.bv_val = strchr( (char *) Versionstr, '$' );
if ( bv.bv_val != NULL ) {
char *end;
if ( attr_merge_normalize_one( e, mi->mi_ad_monitoredInfo,
&bv, NULL ) ) {
Debug( LDAP_DEBUG_ANY,
"unable to add monitoredInfo to \"%s\" entry\n",
SLAPD_MONITOR_DN, 0, 0 );
return( -1 );
bv.bv_val++;
for ( ; bv.bv_val[ 0 ] == ' '; bv.bv_val++ )
;
end = strchr( bv.bv_val, '$' );
if ( end != NULL ) {
end--;
for ( ; end > bv.bv_val && end[ 0 ] == ' '; end-- )
;
end++;
bv.bv_len = end - bv.bv_val;
} else {
bv.bv_len = strlen( bv.bv_val );
}
if ( attr_merge_normalize_one( e, mi->mi_ad_monitoredInfo,
&bv, NULL ) ) {
Debug( LDAP_DEBUG_ANY,
"unable to add monitoredInfo to \"%s\" entry\n",
SLAPD_MONITOR_DN, 0, 0 );
return( -1 );
}
}
mp = monitor_entrypriv_create();

4
servers/slapd/backend.c
View file

@ -1281,7 +1281,7 @@ backend_group(
}
if ( rc == 0 ) {
rc = 1;
rc = LDAP_COMPARE_FALSE;
for ( i = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ ) {
if ( ldap_url_parse( a->a_vals[i].bv_val, &ludp ) !=
LDAP_URL_SUCCESS )
@ -1354,6 +1354,8 @@ loopit:
SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
a->a_nvals, op_ndn, op->o_tmpmemctx );
if ( rc == LDAP_NO_SUCH_ATTRIBUTE )
rc = LDAP_COMPARE_FALSE;
}
} else {
rc = LDAP_NO_SUCH_ATTRIBUTE;

257
servers/slapd/bconfig.c
View file

@ -122,7 +122,6 @@ static ConfigDriver config_passwd_hash;
static ConfigDriver config_schema_dn;
static ConfigDriver config_sizelimit;
static ConfigDriver config_timelimit;
static ConfigDriver config_limits;
static ConfigDriver config_overlay;
static ConfigDriver config_suffix;
static ConfigDriver config_deref_depth;
@ -337,7 +336,7 @@ ConfigTable config_back_cf_table[] = {
"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
{ "limits", "limits", 2, 0, 0, ARG_DB|ARG_MAGIC|CFG_LIMITS,
&config_generic, "( OLcfgDbAt:0.5 NAME 'olcLimits' "
"SYNTAX OMsDirectoryString )", NULL, NULL },
"SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
{ "localSSF", "ssf", 2, 2, 0, ARG_INT,
&local_ssf, "( OLcfgGlAt:26 NAME 'olcLocalSSF' "
"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
@ -1243,7 +1242,11 @@ config_generic(ConfigArgs *c) {
default:
Debug(LDAP_DEBUG_ANY, "%s: unknown CFG_TYPE %d"
"(ignored)\n", c->log, c->type, 0);
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
c->log, c->type, 0);
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
return 1;
#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
}
return(0);
@ -1429,8 +1432,12 @@ config_sizelimit(ConfigArgs *c) {
return(1);
} else if(next[0] != '\0') {
Debug(LDAP_DEBUG_ANY, "%s: "
"trailing chars \"%s\" in \"sizelimit <limit>\" line (ignored)\n",
"trailing chars \"%s\" in \"sizelimit <limit>\" line"
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
c->log, next, 0);
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
return 1;
#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
}
}
lim->lms_s_hard = 0;
@ -1482,8 +1489,12 @@ config_timelimit(ConfigArgs *c) {
return(1);
} else if(next[0] != '\0') {
Debug(LDAP_DEBUG_ANY, "%s: "
"trailing chars \"%s\" in \"timelimit <limit>\" line (ignored)\n",
"trailing chars \"%s\" in \"timelimit <limit>\" line"
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
c->log, next, 0);
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
return 1;
#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
}
}
lim->lms_t_hard = 0;
@ -1501,8 +1512,12 @@ config_overlay(ConfigArgs *c) {
}
if(c->argv[1][0] == '-' && overlay_config(c->be, &c->argv[1][1])) {
/* log error */
Debug(LDAP_DEBUG_ANY, "%s: (optional) %s overlay \"%s\" configuration failed (ignored)\n",
Debug(LDAP_DEBUG_ANY, "%s: (optional) %s overlay \"%s\" configuration failed"
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
c->log, c->be == frontendDB ? "global " : "", c->argv[1][1]);
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
return 1;
#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
} else if(overlay_config(c->be, c->argv[1])) {
return(1);
}
@ -1559,8 +1574,12 @@ config_suffix(ConfigArgs *c) {
ndn = c->value_ndn;
tbe = select_backend(&ndn, 0, 0);
if(tbe == c->be) {
Debug(LDAP_DEBUG_ANY, "%s: suffix already served by this backend! (ignored)\n",
Debug(LDAP_DEBUG_ANY, "%s: suffix already served by this backend!"
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
c->log, 0, 0);
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
return 1;
#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
free(pdn.bv_val);
free(ndn.bv_val);
} else if(tbe) {
@ -1610,6 +1629,13 @@ config_rootdn(ConfigArgs *c) {
static int
config_rootpw(ConfigArgs *c) {
Backend *tbe;
/* config_add_internal sets c->be = frontendDB. While the cn=config
* rootpw is technically inside a backend, we expose it in the
* global entry, and need to point to it properly here.
*/
if (c->be == frontendDB)
c->be = LDAP_STAILQ_FIRST(&backendDB);
if (c->op == SLAP_CONFIG_EMIT) {
if (!BER_BVISEMPTY(&c->be->be_rootpw)) {
ber_dupbv( &c->value_bv, &c->be->be_rootpw);
@ -2089,13 +2115,21 @@ config_replica(ConfigArgs *c) {
switch(add_replica_suffix(c->be, nr, c->argv[i] + STRLENOF("suffix="))) {
case 1:
Debug(LDAP_DEBUG_ANY, "%s: "
"suffix \"%s\" in \"replica\" line is not valid for backend (ignored)\n",
"suffix \"%s\" in \"replica\" line is not valid for backend"
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
c->log, c->argv[i] + STRLENOF("suffix="), 0);
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
return 1;
#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
break;
case 2:
Debug(LDAP_DEBUG_ANY, "%s: "
"unable to normalize suffix in \"replica\" line (ignored)\n",
"unable to normalize suffix in \"replica\" line"
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
c->log, 0, 0);
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
return 1;
#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
break;
}
@ -2369,7 +2403,7 @@ config_ldif_resp( Operation *op, SlapReply *rs )
/* Configure and read the underlying back-ldif store */
static int
config_setup_ldif( BackendDB *be, const char *dir ) {
config_setup_ldif( BackendDB *be, const char *dir, int readit ) {
CfBackInfo *cfb = be->be_private;
ConfigArgs c = {0};
ConfigTable *ct;
@ -2426,35 +2460,37 @@ config_setup_ldif( BackendDB *be, const char *dir ) {
if ( backend_startup_one( &cfb->cb_db ))
return 1;
op = (Operation *)opbuf;
connection_fake_init( &conn, op, cfb );
if ( readit ) {
op = (Operation *)opbuf;
connection_fake_init( &conn, op, cfb );
filter.f_desc = slap_schema.si_ad_objectClass;
op->o_tag = LDAP_REQ_SEARCH;
filter.f_desc = slap_schema.si_ad_objectClass;
op->ors_filter = &filter;
op->ors_filterstr = filterstr;
op->ors_scope = LDAP_SCOPE_SUBTREE;
op->o_tag = LDAP_REQ_SEARCH;
op->o_dn = be->be_rootdn;
op->o_ndn = be->be_rootndn;
op->ors_filter = &filter;
op->ors_filterstr = filterstr;
op->ors_scope = LDAP_SCOPE_SUBTREE;
op->o_req_dn = be->be_suffix[0];
op->o_req_ndn = be->be_nsuffix[0];
op->o_dn = be->be_rootdn;
op->o_ndn = be->be_rootndn;
op->ors_tlimit = SLAP_NO_LIMIT;
op->ors_slimit = SLAP_NO_LIMIT;
op->o_req_dn = be->be_suffix[0];
op->o_req_ndn = be->be_nsuffix[0];
op->ors_attrs = slap_anlist_all_attributes;
op->ors_attrsonly = 0;
op->ors_tlimit = SLAP_NO_LIMIT;
op->ors_slimit = SLAP_NO_LIMIT;
op->o_callback = &cb;
cb.sc_private = cfb;
op->ors_attrs = slap_anlist_all_attributes;
op->ors_attrsonly = 0;
op->o_callback = &cb;
cb.sc_private = cfb;
op->o_bd = &cfb->cb_db;
op->o_bd->be_search( op, &rs );
}
op->o_bd = &cfb->cb_db;
op->o_bd->be_search( op, &rs );
cfb->cb_use_ldif = 1;
return 0;
@ -2497,6 +2533,8 @@ int
read_config(const char *fname, const char *dir) {
BackendDB *be;
CfBackInfo *cfb;
const char *cfdir, *cfname;
int rc;
/* Setup the config backend */
be = backend_db_init( "config" );
@ -2505,18 +2543,60 @@ read_config(const char *fname, const char *dir) {
cfb = be->be_private;
/* Setup the underlying back-ldif backend */
if ( config_setup_ldif( be, dir ))
return 1;
/* If no .conf, or a dir was specified, setup the dir */
if ( !fname || dir ) {
if ( dir ) {
/* If explicitly given, check for existence */
struct stat st;
#ifdef SLAP_USE_CONFDIR
/* If we read the config from back-ldif, nothing to do here */
if ( cfb->cb_got_ldif )
return 0;
#endif
ber_str2bv( fname, 0, 1, &cf_prv.c_file );
if ( stat( dir, &st ) < 0 ) {
Debug( LDAP_DEBUG_ANY,
"invalid config directory %s, error %d\n",
dir, errno, 0 );
return 1;
}
cfdir = dir;
} else {
cfdir = SLAPD_DEFAULT_CONFIGDIR;
}
/* if fname is defaulted, try reading .d */
if ( config_setup_ldif( be, cfdir, !fname ))
return 1;
return read_config_file(fname, 0, NULL);
/* If we read the config from back-ldif, nothing to do here */
if ( cfb->cb_got_ldif )
return 0;
}
if ( fname )
cfname = fname;
else
cfname = SLAPD_DEFAULT_CONFIGFILE;
rc = read_config_file(cfname, 0, NULL);
if ( rc == 0 )
ber_str2bv( cfname, 0, 1, &cf_prv.c_file );
/* If we got this far and failed, it may be a serious problem. In server
* mode, we should never come to this. However, it may be alright if we're
* using slapadd to create the conf dir.
*/
while ( rc ) {
if ( slapMode & (SLAP_SERVER_MODE|SLAP_TOOL_READMAIN|SLAP_TOOL_READONLY))
break;
/* If a config file was explicitly given, fail */
if ( fname )
break;
/* Seems to be slapadd with a config dir, let it continue */
if ( cfb->cb_use_ldif ) {
rc = 0;
cfb->cb_got_ldif = 1;
}
break;
}
return rc;
}
static int
@ -2829,7 +2909,7 @@ config_add_internal( CfBackInfo *cfb, Entry *e, SlapReply *rs, int *renum )
CfOcInfo **colst;
Attribute *a, *oc_at, *type_attr;
AttributeDescription *type_ad = NULL;
int i, j, nocs, rc;
int i, j, nocs, rc = 0;
ConfigArgs ca = {0};
struct berval pdn;
ConfigTable *ct, *type_ct = NULL;
@ -2904,11 +2984,13 @@ config_add_internal( CfBackInfo *cfb, Entry *e, SlapReply *rs, int *renum )
/* The cn=schema entry is all hardcoded, so never reparse it */
if (last->ce_type == Cft_Global )
goto ok;
/* FALLTHRU */
ca.private = ch_calloc( 1, sizeof(ConfigFile) );
cfn = ca.private;
cfn = ch_calloc( 1, sizeof(ConfigFile) );
ca.private = cfn;
break;
case Cft_Global:
ca.be = LDAP_STAILQ_FIRST(&backendDB);
cfn = &cf_prv;
ca.private = cfn;
ca.be = frontendDB; /* just to get past check_vals */
break;
case Cft_Backend:
@ -2922,7 +3004,7 @@ config_add_internal( CfBackInfo *cfb, Entry *e, SlapReply *rs, int *renum )
ca.be = last->ce_be;
} else {
type_ad = cfAd_database;
/* dummy, just to get past check_attr */
/* dummy, just to get past check_vals */
ca.be = frontendDB;
}
break;
@ -4008,6 +4090,80 @@ config_back_destroy( BackendInfo *bi )
return 0;
}
static int
config_tool_entry_open( BackendDB *be, int mode )
{
CfBackInfo *cfb = be->be_private;
BackendInfo *bi = cfb->cb_db.bd_info;
if ( bi && bi->bi_tool_entry_open )
return bi->bi_tool_entry_open( &cfb->cb_db, mode );
else
return -1;
}
static int
config_tool_entry_close( BackendDB *be )
{
CfBackInfo *cfb = be->be_private;
BackendInfo *bi = cfb->cb_db.bd_info;
if ( bi && bi->bi_tool_entry_close )
return bi->bi_tool_entry_close( &cfb->cb_db );
else
return -1;
}
static ID
config_tool_entry_first( BackendDB *be )
{
CfBackInfo *cfb = be->be_private;
BackendInfo *bi = cfb->cb_db.bd_info;
if ( bi && bi->bi_tool_entry_first )
return bi->bi_tool_entry_first( &cfb->cb_db );
else
return NOID;
}
static ID
config_tool_entry_next( BackendDB *be )
{
CfBackInfo *cfb = be->be_private;
BackendInfo *bi = cfb->cb_db.bd_info;
if ( bi && bi->bi_tool_entry_next )
return bi->bi_tool_entry_next( &cfb->cb_db );
else
return NOID;
}
static Entry *
config_tool_entry_get( BackendDB *be, ID id )
{
CfBackInfo *cfb = be->be_private;
BackendInfo *bi = cfb->cb_db.bd_info;
if ( bi && bi->bi_tool_entry_get )
return bi->bi_tool_entry_get( &cfb->cb_db, id );
else
return NULL;
}
static ID
config_tool_entry_put( BackendDB *be, Entry *e, struct berval *text )
{
CfBackInfo *cfb = be->be_private;
BackendInfo *bi = cfb->cb_db.bd_info;
if ( bi && bi->bi_tool_entry_put &&
config_add_internal( cfb, e, NULL, NULL ) == 0 )
return bi->bi_tool_entry_put( &cfb->cb_db, e, text );
else
return NOID;
}
static struct {
char *name;
AttributeDescription **desc;
@ -4089,6 +4245,13 @@ config_back_initialize( BackendInfo *bi )
bi->bi_connection_init = 0;
bi->bi_connection_destroy = 0;
bi->bi_tool_entry_open = config_tool_entry_open;
bi->bi_tool_entry_close = config_tool_entry_close;
bi->bi_tool_entry_first = config_tool_entry_first;
bi->bi_tool_entry_next = config_tool_entry_next;
bi->bi_tool_entry_get = config_tool_entry_get;
bi->bi_tool_entry_put = config_tool_entry_put;
argv[3] = NULL;
for (i=0; OidMacros[i].name; i++ ) {
argv[1] = OidMacros[i].name;

32
servers/slapd/config.c
View file

@ -569,8 +569,15 @@ read_config_file(const char *fname, int depth, ConfigArgs *cf)
}
if ( c->argc < 1 ) {
Debug(LDAP_DEBUG_CONFIG, "%s: bad config line (ignored)\n", c->log, 0, 0);
Debug(LDAP_DEBUG_CONFIG, "%s: bad config line"
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
c->log, 0, 0);
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
rc = 1;
goto leave;
#else /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
continue;
#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
}
c->op = SLAP_CONFIG_ADD;
@ -608,9 +615,12 @@ read_config_file(const char *fname, int depth, ConfigArgs *cf)
switch(rc) {
case SLAP_CONF_UNKNOWN:
Debug(LDAP_DEBUG_CONFIG, "%s: "
"unknown directive <%s> inside backend info definition (ignored)\n",
"unknown directive <%s> inside backend info definition"
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
c->log, *c->argv, 0);
#ifndef SLAPD_CONF_UNKNOWN_BAILOUT
continue;
#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
default:
rc = 1;
goto leave;
@ -634,9 +644,11 @@ read_config_file(const char *fname, int depth, ConfigArgs *cf)
case SLAP_CONF_UNKNOWN:
Debug( LDAP_DEBUG_CONFIG, "%s: "
"unknown directive <%s> inside backend database "
"definition (ignored)\n",
"definition" SLAPD_CONF_UNKNOWN_IGNORED ".\n",
c->log, *c->argv, 0);
#ifndef SLAPD_CONF_UNKNOWN_BAILOUT
continue;
#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
default:
rc = 1;
goto leave;
@ -649,9 +661,12 @@ read_config_file(const char *fname, int depth, ConfigArgs *cf)
switch(rc) {
case SLAP_CONF_UNKNOWN:
Debug( LDAP_DEBUG_CONFIG, "%s: "
"unknown directive <%s> inside global database definition (ignored)\n",
"unknown directive <%s> inside global database definition"
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
c->log, *c->argv, 0);
#ifndef SLAPD_CONF_UNKNOWN_BAILOUT
continue;
#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
default:
rc = 1;
goto leave;
@ -660,10 +675,15 @@ read_config_file(const char *fname, int depth, ConfigArgs *cf)
} else {
Debug(LDAP_DEBUG_CONFIG, "%s: "
"unknown directive <%s> outside backend info and database definitions (ignored)\n",
"unknown directive <%s> outside backend info and database definitions"
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
c->log, *c->argv, 0);
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
rc = 1;
goto leave;
#else /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
continue;
#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
}
}

11
servers/slapd/daemon.c
View file

@ -76,14 +76,17 @@ struct runqueue_s slapd_rq;
Listener **slap_listeners = NULL;
#define SLAPD_LISTEN 10
#ifndef SLAPD_LISTEN_BACKLOG
#define SLAPD_LISTEN_BACKLOG 1024
#endif
static ber_socket_t wake_sds[2];
static int emfile;
static int waking;
#define WAKE_LISTENER(w) \
do { if (w && waking < 5) { waking++; tcp_write( wake_sds[1], "0", 1 ); } } while(0)
#define WAKE_LISTENER(w) do { \
if ((w) && waking < 5) { waking++; tcp_write( wake_sds[1], "0", 1 ); } \
} while(0)
volatile sig_atomic_t slapd_shutdown = 0, slapd_gentle_shutdown = 0;
volatile sig_atomic_t slapd_abrupt_shutdown = 0;
@ -1523,7 +1526,7 @@ slapd_daemon_task(
}
#endif
if ( listen( slap_listeners[l]->sl_sd, SLAPD_LISTEN ) == -1 ) {
if ( listen( slap_listeners[l]->sl_sd, SLAPD_LISTEN_BACKLOG ) == -1 ) {
int err = sock_errno();
#ifdef LDAP_PF_INET6

12
servers/slapd/main.c
View file

@ -252,13 +252,8 @@ int main( int argc, char **argv )
int g_argc = argc;
char **g_argv = argv;
#ifdef HAVE_NT_SERVICE_MANAGER
char *configfile = ".\\slapd.conf";
char *configdir = ".\\slapd.d";
#else
char *configfile = SLAPD_DEFAULT_CONFIGFILE;
char *configdir = SLAPD_DEFAULT_CONFIGDIR;
#endif
char *configfile = NULL;
char *configdir = NULL;
char *serverName;
int serverMode = SLAP_SERVER_MODE;
@ -778,7 +773,8 @@ unhandled_option:;
#ifdef HAVE_NT_EVENT_LOG
if (is_NT_Service)
lutil_LogStartedEvent( serverName, slap_debug, configfile, urls );
lutil_LogStartedEvent( serverName, slap_debug, configfile ?
configfile : SLAPD_DEFAULT_CONFIGFILE , urls );
#endif
rc = slapd_daemon();

51
servers/slapd/overlays/Makefile.in
View file

@ -26,19 +26,8 @@ SRCS = overlays.c \
syncprov.c \
translucent.c \
unique.c
OBJS = overlays.lo \
denyop.lo \
dyngroup.lo \
dynlist.lo \
glue.lo \
lastmod.lo \
pcache.lo \
ppolicy.lo \
refint.lo \
rwm.lo rwmconf.lo rwmdn.lo rwmmap.lo \
syncprov.lo \
translucent.lo \
unique.lo
OBJS = overlays.o \
@SLAPD_STATIC_OVERLAYS@
LDAP_INCDIR= ../../../include
LDAP_LIBDIR= ../../../libraries
@ -55,40 +44,47 @@ PROGRAMS = @SLAPD_DYNAMIC_OVERLAYS@
XINCPATH = -I.. -I$(srcdir)/..
XDEFS = $(MODULES_CPPFLAGS)
denyop.la : denyop.lo $(@PLAT@_LINK_LIBS)
static: $(LIBRARY)
dynamic: $(PROGRAMS)
denyop.la : denyop.lo
$(LTLINK_MOD) -module -o $@ denyop.lo version.lo $(LINK_LIBS)
dyngroup.la : dyngroup.lo $(@PLAT@_LINK_LIBS)
dyngroup.la : dyngroup.lo
$(LTLINK_MOD) -module -o $@ dyngroup.lo version.lo $(LINK_LIBS)
dynlist.la : dynlist.lo $(@PLAT@_LINK_LIBS)
dynlist.la : dynlist.lo
$(LTLINK_MOD) -module -o $@ dynlist.lo version.lo $(LINK_LIBS)
glue.la : glue.lo $(@PLAT@_LINK_LIBS)
glue.la : glue.lo
$(LTLINK_MOD) -module -o $@ glue.lo version.lo $(LINK_LIBS)
lastmod.la : lastmod.lo $(@PLAT@_LINK_LIBS)
lastmod.la : lastmod.lo
$(LTLINK_MOD) -module -o $@ lastmod.lo version.lo $(LINK_LIBS)
pcache.la : pcache.lo $(@PLAT@_LINK_LIBS)
pcache.la : pcache.lo
$(LTLINK_MOD) -module -o $@ pcache.lo version.lo $(LINK_LIBS)
ppolicy.la : ppolicy.lo $(@PLAT@_LINK_LIBS)
ppolicy.la : ppolicy.lo
$(LTLINK_MOD) -module -o $@ ppolicy.lo version.lo $(LINK_LIBS) $(MODULES_LIBS)
refint.la : refint.lo $(@PLAT@_LINK_LIBS)
refint.la : refint.lo
$(LTLINK_MOD) -module -o $@ refint.lo version.lo $(LINK_LIBS)
rwm.la : rwm.lo $(@PLAT@_LINK_LIBS)
rwm_x.o: rwm.o rwmconf.o rwmdn.o rwmmap.o
$(LD) -r -o $@ rwm.o rwmconf.o rwmdn.o rwmmap.o
rwm.la : rwm.lo rwmconf.lo rwmdn.lo rwmmap.lo
$(LTLINK_MOD) -module -o $@ rwm.lo rwmconf.lo rwmdn.lo rwmmap.lo version.lo $(LINK_LIBS)
syncprov.la : syncprov.lo $(@PLAT@_LINK_LIBS)
syncprov.la : syncprov.lo
$(LTLINK_MOD) -module -o $@ syncprov.lo version.lo $(LINK_LIBS)
translucent.la : translucent.lo $(@PLAT@_LINK_LIBS)
translucent.la : translucent.lo
$(LTLINK_MOD) -module -o $@ translucent.lo version.lo $(LINK_LIBS)
unique.la : unique.lo $(@PLAT@_LINK_LIBS)
unique.la : unique.lo
$(LTLINK_MOD) -module -o $@ unique.lo version.lo $(LINK_LIBS)
install-local: $(PROGRAMS)
@ -101,9 +97,12 @@ MKDEPFLAG = -l
.SUFFIXES: .c .o .lo
.c.lo:
.c.o:
$(LTCOMPILE_LIB) $<
.c.lo:
$(LTCOMPILE_MOD) $<
$(LIBRARY): version.lo
$(LTLINK_LIB) -o $@ $(OBJS) version.lo

7
servers/slapd/overlays/dyngroup.c
View file

@ -64,10 +64,11 @@ dyngroup_response( Operation *op, SlapReply *rs )
int cache = op->o_do_not_cache;
op->o_do_not_cache = 1;
if ( backend_group( op, NULL, &op->o_req_ndn,
&op->oq_compare.rs_ava->aa_value, NULL, ap->ap_uri ) == 0 )
rs->sr_err = LDAP_COMPARE_TRUE;
rs->sr_err = backend_group( op, NULL, &op->o_req_ndn,
&op->oq_compare.rs_ava->aa_value, NULL, ap->ap_uri );
op->o_do_not_cache = cache;
if ( rs->sr_err == LDAP_SUCCESS )
rs->sr_err = LDAP_COMPARE_TRUE;
break;
}
}

4
servers/slapd/overlays/ppolicy.c
View file

@ -28,10 +28,6 @@
#ifdef SLAPD_OVER_PPOLICY
#if SLAPD_OVER_PPOLICY == SLAPD_MOD_DYNAMIC
#define SLAPD_IMPORT
#endif
#include <ldap.h>
#include "lutil.h"
#include "slap.h"

31
servers/slapd/overlays/rwm.c
View file

@ -1310,6 +1310,10 @@ rwm_db_config(
char **argv
)
{
slap_overinst *on = (slap_overinst *) be->bd_info;
struct ldaprwmap *rwmap =
(struct ldaprwmap *)on->on_bi.bi_private;
int rc = 0;
char *argv0 = NULL;
@ -1327,6 +1331,33 @@ rwm_db_config(
} else if ( strcasecmp( argv[0], "suffixmassage" ) == 0 ) {
rc = rwm_suffixmassage_config( be, fname, lineno, argc, argv );
} else if ( strcasecmp( argv[0], "t-f-support" ) == 0 ) {
if ( argc != 2 ) {
fprintf( stderr,
"%s: line %d: \"t-f-support {no|yes|discover}\" needs 1 argument.\n",
fname, lineno );
return( 1 );
}
if ( strcasecmp( argv[ 1 ], "no" ) == 0 ) {
rwmap->rwm_flags &= ~(RWM_F_SUPPORT_T_F|RWM_F_SUPPORT_T_F_DISCOVER);
} else if ( strcasecmp( argv[ 1 ], "yes" ) == 0 ) {
rwmap->rwm_flags |= RWM_F_SUPPORT_T_F;
#if 0
/* TODO: not implemented yet */
} else if ( strcasecmp( argv[ 1 ], "discover" ) == 0 ) {
rwmap->rwm_flags |= RWM_F_SUPPORT_T_F_DISCOVER;
#endif
} else {
fprintf( stderr,
"%s: line %d: unknown value \"%s\" for \"t-f-support {no|yes|discover}\".\n",
fname, lineno, argv[ 1 ] );
return 1;
}
} else {
rc = SLAP_CONF_UNKNOWN;
}

7
servers/slapd/overlays/rwm.h
View file

@ -80,6 +80,11 @@ struct ldaprwmap {
*/
struct ldapmap rwm_oc;
struct ldapmap rwm_at;
#define RWM_F_NONE 0x0000U
#define RWM_F_SUPPORT_T_F 0x4000U
#define RWM_F_SUPPORT_T_F_DISCOVER 0x8000U
unsigned rwm_flags;
};
/* Whatever context ldap_back_dn_massage needs... */
@ -110,7 +115,7 @@ void rwm_map ( struct ldapmap *map, struct berval *s, struct berval *m,
int remap );
int rwm_mapping ( struct ldapmap *map, struct berval *s,
struct ldapmapping **m, int remap );
#define RWM_MAP 0
#define RWM_MAP 0
#define RWM_REMAP 1
char *
rwm_map_filter(

2
servers/slapd/overlays/rwmconf.c
View file

@ -217,7 +217,7 @@ rwm_map_config(
|| avl_find( map->remap, (caddr_t)&mapping[1], rwm_mapping_cmp ) != NULL)
{
fprintf( stderr,
"%s: line %d: duplicate mapping found (ignored)\n",
"%s: line %d: duplicate mapping found" SLAPD_CONF_UNKNOWN_IGNORED ".\n",
fname, lineno );
/* FIXME: free stuff */
goto error_return;

22
servers/slapd/overlays/rwmmap.c
View file

@ -450,8 +450,18 @@ rwm_int_filter_map_rewrite(
vtmp,
tmp;
static struct berval
#if 0
ber_bvfalse = BER_BVC( "(?=false)" ),
#endif
/* better than nothing... */
ber_bvfalse = BER_BVC( "(!(objectClass=*))" ),
ber_bvtf_false = BER_BVC( "(|)" ),
#if 0
ber_bvtrue = BER_BVC( "(?=true)" ),
#endif
/* better than nothing... */
ber_bvtrue = BER_BVC( "(objectClass=*)" ),
ber_bvtf_true = BER_BVC( "(&)" ),
ber_bvundefined = BER_BVC( "(?=undefined)" ),
ber_bverror = BER_BVC( "(?=error)" ),
ber_bvunknown = BER_BVC( "(?=unknown)" ),
@ -666,11 +676,19 @@ rwm_int_filter_map_rewrite(
case SLAPD_FILTER_COMPUTED:
switch ( f->f_result ) {
case LDAP_COMPARE_FALSE:
tmp = ber_bvfalse;
if ( dc->rwmap->rwm_flags & RWM_F_SUPPORT_T_F ) {
tmp = ber_bvtf_false;
} else {
tmp = ber_bvfalse;
}
break;
case LDAP_COMPARE_TRUE:
tmp = ber_bvtrue;
if ( dc->rwmap->rwm_flags & RWM_F_SUPPORT_T_F ) {
tmp = ber_bvtf_true;
} else {
tmp = ber_bvtrue;
}
break;
case SLAPD_COMPARE_UNDEFINED:

6
servers/slapd/proto-slap.h
View file

@ -1185,6 +1185,12 @@ LDAP_SLAPD_F (int) root_dse_info LDAP_P((
LDAP_SLAPD_F (int) read_root_dse_file LDAP_P((
const char *file));
LDAP_SLAPD_F (int) slap_discover_feature LDAP_P((
const char *uri,
int version,
const char *attr,
const char *val ));
/*
* sasl.c
*/

2
servers/slapd/repl.c
View file

@ -135,7 +135,7 @@ replog( Operation *op )
int count = 0;
#endif
int subsets = 0;
long now = slap_get_time();
long now = slap_get_time();
char *replogfile;
replogfile = op->o_bd->be_replogfile ? op->o_bd->be_replogfile :

75
servers/slapd/root_dse.c
View file

@ -308,3 +308,78 @@ int read_root_dse_file( const char *fname )
Debug(LDAP_DEBUG_CONFIG, "rootDSE file %s read.\n", fname, 0, 0);
return rc;
}
int
slap_discover_feature(
const char *uri,
int version,
const char *attr,
const char *val )
{
LDAP *ld;
LDAPMessage *res = NULL, *entry;
int rc, i;
struct berval cred = BER_BVC( "" ),
bv_val,
**values = NULL;
char *attrs[ 2 ] = { NULL, NULL };
ber_str2bv( val, 0, 0, &bv_val );
attrs[ 0 ] = attr;
rc = ldap_initialize( &ld, uri );
if ( rc != LDAP_SUCCESS ) {
return rc;
}
rc = ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version );
if ( rc != LDAP_SUCCESS ) {
goto done;
}
rc = ldap_sasl_bind_s( ld, "", LDAP_SASL_SIMPLE,
&cred, NULL, NULL, NULL );
if ( rc != LDAP_SUCCESS ) {
goto done;
}
rc = ldap_search_ext_s( ld, "", LDAP_SCOPE_BASE, "(objectClass=*)",
attrs, 0, NULL, NULL, NULL, 0, &res );
if ( rc != LDAP_SUCCESS ) {
goto done;
}
entry = ldap_first_entry( ld, res );
if ( entry == NULL ) {
goto done;
}
values = ldap_get_values_len( ld, entry, attrs[ 0 ] );
if ( values == NULL ) {
rc = LDAP_NO_SUCH_ATTRIBUTE;
goto done;
}
for ( i = 0; values[ i ] != NULL; i++ ) {
if ( bvmatch( &bv_val, values[ i ] ) ) {
rc = LDAP_COMPARE_TRUE;
goto done;
}
}
rc = LDAP_COMPARE_FALSE;
done:;
if ( values != NULL ) {
ldap_value_free_len( values );
}
if ( res != NULL ) {
ldap_msgfree( res );
}
ldap_unbind_ext( ld, NULL, NULL );
return rc;
}

7
servers/slapd/schema_prep.c
View file

@ -969,7 +969,7 @@ static struct slap_schema_ad_map {
subschemaAttribute, 0,
NULL, NULL,
NULL, NULL, NULL, NULL, NULL,
offsetof(struct slap_internal_schema, si_ad_authPassword) },
offsetof(struct slap_internal_schema, si_ad_authPasswordSchemes) },
#endif
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
{ "krbName", "( 1.3.6.1.4.1.250.1.32 "
@ -1009,12 +1009,13 @@ static AttributeType slap_at_undefined = {
{ "1.1.1", NULL, NULL, 1, NULL,
NULL, NULL, NULL, NULL,
0, 0, 0, 1, 3, NULL }, /* LDAPAttributeType */
{ sizeof("UNDEFINED")-1, "UNDEFINED" }, /* cname */
BER_BVC("UNDEFINED"), /* cname */
NULL, /* sup */
NULL, /* subtypes */
NULL, NULL, NULL, NULL, /* matching rules routines */
NULL, /* syntax (this may need to be defined) */
(AttributeTypeSchemaCheckFN *) 0, /* schema check function */
NULL, /* schema check function */
NULL, /* oidmacro */
SLAP_AT_ABSTRACT|SLAP_AT_FINAL, /* mask */
{ NULL }, /* next */
NULL /* attribute description */

4
servers/slapd/sl_malloc.c
View file

@ -376,6 +376,10 @@ slap_sl_realloc(void *ptr, ber_len_t size, void *ctx)
}
if (sh->sh_stack) {
/* round up to doubleword boundary */
size += pad + sizeof( ber_len_t );
size &= ~pad;
/* Never shrink blocks */
if (size <= p[-1]) {
new = p;

12
servers/slapd/slap.h
View file

@ -69,14 +69,21 @@ LDAP_BEGIN_DECL
#define LDAP_SYNC_TIMESTAMP
#define LDAP_COLLECTIVE_ATTRIBUTES
#define SLAP_CONTROL_X_TREE_DELETE LDAP_CONTROL_X_TREE_DELETE
#define SLAP_USE_CONFDIR /* partially implemented */
#define SLAPD_CONF_UNKNOWN_BAILOUT
#ifdef ENABLE_REWRITE
#define SLAP_AUTH_REWRITE 1 /* use librewrite for sasl-regexp */
#endif
#endif
/*
* ITS#3705: bail out if unknown config directives appear in slapd.conf
*/
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
#define SLAPD_CONF_UNKNOWN_IGNORED ""
#else /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
#define SLAPD_CONF_UNKNOWN_IGNORED " (ignored)"
#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
/*
* SLAPD Memory allocation macros
@ -888,6 +895,7 @@ struct slap_internal_schema {
AttributeDescription *si_ad_labeledURI;
#ifdef SLAPD_AUTHPASSWD
AttributeDescription *si_ad_authPassword;
AttributeDescription *si_ad_authPasswordSchemes;
#endif
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
AttributeDescription *si_ad_krbName;

4
servers/slapd/slapcommon.c
View file

@ -166,8 +166,8 @@ slap_tool_init(
int argc, char **argv )
{
char *options;
char *conffile = SLAPD_DEFAULT_CONFIGFILE;
char *confdir = SLAPD_DEFAULT_CONFIGDIR;
char *conffile = NULL;
char *confdir = NULL;
struct berval base = BER_BVNULL;
char *filterstr = NULL;
char *subtree = NULL;

2
servers/slapd/syncrepl.c
View file

@ -2732,7 +2732,7 @@ syncrepl_unparse( syncinfo_t *si, struct berval *bv )
for (i=0; si->si_retryinterval[i]; i++) {
if ( space ) *ptr++ = ' ';
space = 1;
ptr += sprintf( ptr, "%d", si->si_retryinterval[i] );
ptr += sprintf( ptr, "%d ", si->si_retryinterval[i] );
if ( si->si_retrynum_init[i] == -1 )
*ptr++ = '+';
else

2
servers/slurpd/Makefile.in
View file

@ -60,7 +60,7 @@ install-local-srv: FORCE
@-$(INSTALL) -m 700 -d $(DESTDIR)$(localstatedir)/openldap-slurp
@( \
for prg in $(PROGRAMS); do \
$(LTINSTALL) $(INSTALLFLAGS) -s -m 755 $$prg$(EXEEXT) \
$(LTINSTALL) $(INSTALLFLAGS) $(STRIP) -m 755 $$prg$(EXEEXT) \
$(DESTDIR)$(libexecdir); \
done \
)

2
tests/data/proxycache.out
View file

@ -182,8 +182,6 @@ sn: Hampster
uid: uham
title: Secretary, UM Alumni Association
ANSWERABILITY RESULTS
dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
cn: James A Jones 1
cn: James Jones

2
tests/data/slapd-meta.conf
View file

@ -43,7 +43,7 @@ database meta
suffix "o=Example,c=US"
rootdn "cn=Manager,o=Example,c=US"
rootpw secret
dont-chase-referrals
chase-referrals no
#nretries forever
nretries 1000

62
tests/data/slapd-relay.conf
View file

@ -49,48 +49,48 @@ index objectClass eq
database @RELAY@
suffix "o=Example,c=US"
### back-relay can automatically instantiate the rwm overlay
#relay#relay "dc=example,dc=com" massage
#relay#rwm-map objectClass groupOfNames groupOfUniqueNames
#relay#rwm-map objectClass uidObject dcObject
#relay#rwm-map attribute member uniqueMember
#relay#rwm-map attribute uid dc
#relay-relay#relay "dc=example,dc=com" massage
#relay-relay#rwm-map objectClass groupOfNames groupOfUniqueNames
#relay-relay#rwm-map objectClass uidObject dcObject
#relay-relay#rwm-map attribute member uniqueMember
#relay-relay#rwm-map attribute uid dc
### back-ldap needs explicit instantiation of the rwm overlay
#ldap#uri "@URI1@"
#ldap#overlay rwm
#ldap#rwm-suffixmassage "dc=example,dc=com"
#ldap#rwm-map objectClass groupOfNames groupOfUniqueNames
#ldap#rwm-map objectClass uidObject dcObject
#ldap#rwm-map attribute member uniqueMember
#ldap#rwm-map attribute uid dc
#meta#uri "@URI1@o=Example,c=US"
#meta#suffixmassage "o=Example,c=US" "dc=example,dc=com"
#meta#map objectClass groupOfNames groupOfUniqueNames
#meta#map objectClass uidObject dcObject
#meta#map attribute member uniqueMember
#meta#map attribute uid dc
#relay-ldap#uri "@URI1@"
#relay-ldap#overlay rwm
#relay-ldap#rwm-suffixmassage "dc=example,dc=com"
#relay-ldap#rwm-map objectClass groupOfNames groupOfUniqueNames
#relay-ldap#rwm-map objectClass uidObject dcObject
#relay-ldap#rwm-map attribute member uniqueMember
#relay-ldap#rwm-map attribute uid dc
#relay-meta#uri "@URI1@o=Example,c=US"
#relay-meta#suffixmassage "o=Example,c=US" "dc=example,dc=com"
#relay-meta#map objectClass groupOfNames groupOfUniqueNames
#relay-meta#map objectClass uidObject dcObject
#relay-meta#map attribute member uniqueMember
#relay-meta#map attribute uid dc
database @RELAY@
suffix "o=Esempio,c=IT"
### use this alternate form of back-relay, without the "relay" directive,
### which causes the target database to be selected after DN massaging
#relay#overlay rwm
#relay#rwm-suffixmassage "dc=example,dc=com"
#relay-relay#overlay rwm
#relay-relay#rwm-suffixmassage "dc=example,dc=com"
### back-ldap needs URI
#ldap#uri "@URI1@"
#ldap#overlay rwm
#ldap#rwm-suffixmassage "dc=example,dc=com"
#meta#uri "@URI1@o=Esempio,c=IT"
#meta#suffixmassage "o=Esempio,c=IT" "dc=example,dc=com"
#relay-ldap#uri "@URI1@"
#relay-ldap#overlay rwm
#relay-ldap#rwm-suffixmassage "dc=example,dc=com"
#relay-meta#uri "@URI1@o=Esempio,c=IT"
#relay-meta#suffixmassage "o=Esempio,c=IT" "dc=example,dc=com"
database @RELAY@
suffix "o=Beispiel,c=DE"
### back-relay can automatically instantiate the rwm overlay
#relay#relay "dc=example,dc=com" massage
#relay-relay#relay "dc=example,dc=com" massage
### back-ldap needs explicit instantiation of the rwm overlay
#ldap#uri "@URI1@"
#ldap#overlay rwm
#ldap#rwm-suffixmassage "dc=example,dc=com"
#meta#uri "@URI1@o=Beispiel,c=DE"
#meta#suffixmassage "o=Beispiel,c=DE" "dc=example,dc=com"
#relay-ldap#uri "@URI1@"
#relay-ldap#overlay rwm
#relay-ldap#rwm-suffixmassage "dc=example,dc=com"
#relay-meta#uri "@URI1@o=Beispiel,c=DE"
#relay-meta#suffixmassage "o=Beispiel,c=DE" "dc=example,dc=com"
#monitor#database monitor

4
tests/scripts/conf.sh
View file

@ -35,7 +35,7 @@ fi
sed -e "s/@BACKEND@/${BACKEND}/" \
-e "s/^#${BACKEND}#//" \
-e "s/@RELAY@/${RELAY}/" \
-e "s/^#${RELAY}#//" \
-e "s/^#relay-${RELAY}#//" \
-e "s/^#${BACKENDTYPE}#//" \
-e "s/^#${AC_glue}#//" \
-e "s/^#${AC_ldap}#//" \
@ -67,4 +67,4 @@ sed -e "s/@BACKEND@/${BACKEND}/" \
-e "s;@PORT6@;${PORT6};" \
-e "s/@SASL_MECH@/${SASL_MECH}/" \
-e "s/@CACHETTL@/${CACHETTL}/" \
-e "s/@ENTRY_LIMIT@/${CACHE_ENTRY_LIMIT}/"
-e "s/@ENTRY_LIMIT@/${CACHE_ENTRY_LIMIT}/"

3
tests/scripts/test020-proxycache
View file

@ -199,9 +199,6 @@ else
exit 1
fi
echo "ANSWERABILITY RESULTS" >> $SLAVEOUT
echo "" >> $SLAVEOUT
echo "Query 8: filter:(|(cn=*Jones)(sn=Jones)) attrs:cn sn title uid"
$LDAPSEARCH -x -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
'(|(cn=*Jones)(sn=Jones))' cn sn title uid >> $SLAVEOUT 2>&1