liberally accept many LDAPv2/LDAPv3 stuff in DN (quoted parts, ';' as rdn separator...

[openldap] / servers / slapd / backend.c
diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c

index ca5fe460744799cdad3d3937de259ec95693ced8..85ce0983744751b6114445373d94cdaa05739039 100644 (file)
--- a/servers/slapd/backend.c
+++ b/servers/slapd/backend.c
@@ -525,7 +525,7 @@ select_backend(
                         }
  
                         
-                       if ( len && len < dnlen && !DN_SEPARATOR( dn[(dnlen-len)-1] ) ) {
+                       if ( len && len < dnlen && ( !DN_SEPARATOR( dn[(dnlen-len)-1] ) || DN_ESCAPE( dn[(dnlen-len)-2] ) ) ) {
                                 /* make sure we have a separator */
                                 continue;
                         }
@@ -584,6 +584,24 @@ be_isroot( Backend *be, const char *ndn )
         return(rc);
  }
  
+int
+be_isupdate( Backend *be, const char *ndn )
+{
+       int rc;
+
+       if ( ndn == NULL || *ndn == '\0' ) {
+               return( 0 );
+       }
+
+       if ( be->be_update_ndn == NULL || *be->be_update_ndn == '\0' ) {
+               return( 0 );
+       }
+
+       rc = strcmp( be->be_update_ndn, ndn ) ? 0 : 1;
+
+       return(rc);
+}
+
  char *
  be_root_dn( Backend *be )
  {
@@ -953,6 +971,16 @@ backend_group(
         AttributeDescription *group_at
  )
  {
+       GroupAssertion *g;
+       int len = strlen(gr_ndn);
+       int i;
+
+       ldap_pvt_thread_mutex_lock( &op->o_abandonmutex );
+       i = op->o_abandon;
+       ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex );
+       if (i)
+               return SLAPD_ABANDON;
+
         if( strcmp( target->e_ndn, gr_ndn ) != 0 ) {
                 /* we won't attempt to send it to a different backend */
                 
@@ -963,10 +991,38 @@ backend_group(
                 }
         } 
  
+       ldap_pvt_thread_mutex_lock( &conn->c_mutex );
+       for (g = conn->c_groups; g; g=g->next) {
+               if (g->be != be || g->oc != group_oc || g->at != group_at ||
+                   g->len != len)
+                       continue;
+               if (strcmp( g->ndn, gr_ndn ) == 0)
+                       break;
+       }
+       ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
+       if (g)
+               return g->res;
+
         if( be->be_group ) {
-               return be->be_group( be, conn, op,
+               int res = be->be_group( be, conn, op,
                         target, gr_ndn, op_ndn,
                         group_oc, group_at );
+               
+               if (op->o_tag != LDAP_REQ_BIND) {
+                       g = ch_malloc(sizeof(GroupAssertion) + len);
+                       g->be = be;
+                       g->oc = group_oc;
+                       g->at = group_at;
+                       g->res = res;
+                       g->len = len;
+                       strcpy(g->ndn, gr_ndn);
+                       ldap_pvt_thread_mutex_lock( &conn->c_mutex );
+                       g->next = conn->c_groups;
+                       conn->c_groups = g;
+                       ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
+               }
+
+               return res;
         }
  
         return LDAP_UNWILLING_TO_PERFORM;
@@ -1011,7 +1067,7 @@ Attribute *backend_operational(
  
  #ifdef SLAPD_SCHEMA_DN
         a = ch_malloc( sizeof( Attribute ) );
-       a->a_desc = ad_dup( slap_schema.si_ad_subschemaSubentry );
+       a->a_desc = slap_schema.si_ad_subschemaSubentry;
  
         /* Should be backend specific */
         a->a_vals = ch_malloc( 2 * sizeof( struct berval * ) );