CFG_IX_INTLEN,
CFG_SYNTAX,
CFG_ACL_ADD,
+ CFG_SYNC_SUBENTRY,
CFG_LAST
};
&config_suffix, "( OLcfgDbAt:0.10 NAME 'olcSuffix' "
"EQUALITY distinguishedNameMatch "
"SYNTAX OMsDN )", NULL, NULL },
+ { "sync_use_subentry", NULL, 0, 0, 0, ARG_ON_OFF|ARG_DB|ARG_MAGIC|CFG_SYNC_SUBENTRY,
+ &config_generic, "( OLcfgDbAt:0.19 NAME 'olcSyncUseSubentry' "
+ "DESC 'Store sync context in a subentry' "
+ "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
{ "syncrepl", NULL, 0, 0, 0, ARG_DB|ARG_MAGIC,
&syncrepl_config, "( OLcfgDbAt:0.11 NAME 'olcSyncrepl' "
"EQUALITY caseIgnoreMatch "
"olcMaxDerefDepth $ olcPlugin $ olcReadOnly $ olcReplica $ "
"olcReplicaArgsFile $ olcReplicaPidFile $ olcReplicationInterval $ "
"olcReplogFile $ olcRequires $ olcRestrict $ olcRootDN $ olcRootPW $ "
- "olcSchemaDN $ olcSecurity $ olcSizeLimit $ olcSyncrepl $ "
+ "olcSchemaDN $ olcSecurity $ olcSizeLimit $ olcSyncUseSubentry $ olcSyncrepl $ "
"olcTimeLimit $ olcUpdateDN $ olcUpdateRef $ olcMirrorMode $ "
"olcMonitoring ) )",
Cft_Database, NULL, cfAddDatabase },
case CFG_LASTMOD:
c->value_int = (SLAP_NOLASTMOD(c->be) == 0);
break;
+ case CFG_SYNC_SUBENTRY:
+ c->value_int = (SLAP_SYNC_SUBENTRY(c->be) != 0);
+ break;
case CFG_MIRRORMODE:
if ( SLAP_SHADOW(c->be))
c->value_int = (SLAP_SINGLE_SHADOW(c->be) == 0);
case CFG_SSTR_IF_MAX:
case CFG_SSTR_IF_MIN:
case CFG_ACL_ADD:
+ case CFG_SYNC_SUBENTRY:
break;
/* no-ops, requires slapd restart */
SLAP_DBFLAGS(c->be) &= ~SLAP_DBFLAG_HIDDEN;
break;
+ case CFG_SYNC_SUBENTRY:
+ if (c->value_int)
+ SLAP_DBFLAGS(c->be) |= SLAP_DBFLAG_SYNC_SUBENTRY;
+ else
+ SLAP_DBFLAGS(c->be) &= ~SLAP_DBFLAG_SYNC_SUBENTRY;
+ break;
+
case CFG_SSTR_IF_MAX:
if (c->value_uint < index_substr_if_minlen) {
snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> invalid value", c->argv[0] );
case CFG_REWRITE: {
struct berval bv;
char *line;
-
+ int rc = 0;
+
+ if ( c->op == LDAP_MOD_ADD ) {
+ c->argv++;
+ c->argc--;
+ }
if(slap_sasl_rewrite_config(c->fname, c->lineno, c->argc, c->argv))
- return(1);
+ rc = 1;
+ if ( rc == 0 ) {
- if ( c->argc > 1 ) {
- char *s;
+ if ( c->argc > 1 ) {
+ char *s;
- /* quote all args but the first */
- line = ldap_charray2str( c->argv, "\" \"" );
- ber_str2bv( line, 0, 0, &bv );
- s = ber_bvchr( &bv, '"' );
- assert( s != NULL );
- /* move the trailing quote of argv[0] to the end */
- AC_MEMCPY( s, s + 1, bv.bv_len - ( s - bv.bv_val ) );
- bv.bv_val[ bv.bv_len - 1 ] = '"';
+ /* quote all args but the first */
+ line = ldap_charray2str( c->argv, "\" \"" );
+ ber_str2bv( line, 0, 0, &bv );
+ s = ber_bvchr( &bv, '"' );
+ assert( s != NULL );
+ /* move the trailing quote of argv[0] to the end */
+ AC_MEMCPY( s, s + 1, bv.bv_len - ( s - bv.bv_val ) );
+ bv.bv_val[ bv.bv_len - 1 ] = '"';
- } else {
- ber_str2bv( c->argv[ 0 ], 0, 1, &bv );
+ } else {
+ ber_str2bv( c->argv[ 0 ], 0, 1, &bv );
+ }
+
+ ber_bvarray_add( &authz_rewrites, &bv );
}
-
- ber_bvarray_add( &authz_rewrites, &bv );
+ if ( c->op == LDAP_MOD_ADD ) {
+ c->argv--;
+ c->argc++;
+ }
+ return rc;
}
- break;
#endif
rc = 1;
return rc;
} else if ( c->op == LDAP_MOD_DELETE ) {
- /* Reset to defaults */
- lim->lms_s_soft = SLAPD_DEFAULT_SIZELIMIT;
- lim->lms_s_hard = 0;
- lim->lms_s_unchecked = -1;
- lim->lms_s_pr = 0;
- lim->lms_s_pr_hide = 0;
- lim->lms_s_pr_total = 0;
- return 0;
+ /* Reset to defaults or values from frontend */
+ if ( c->be == frontendDB ) {
+ lim->lms_s_soft = SLAPD_DEFAULT_SIZELIMIT;
+ lim->lms_s_hard = 0;
+ lim->lms_s_unchecked = -1;
+ lim->lms_s_pr = 0;
+ lim->lms_s_pr_hide = 0;
+ lim->lms_s_pr_total = 0;
+ } else {
+ lim->lms_s_soft = frontendDB->be_def_limit.lms_s_soft;
+ lim->lms_s_hard = frontendDB->be_def_limit.lms_s_hard;
+ lim->lms_s_unchecked = frontendDB->be_def_limit.lms_s_unchecked;
+ lim->lms_s_pr = frontendDB->be_def_limit.lms_s_pr;
+ lim->lms_s_pr_hide = frontendDB->be_def_limit.lms_s_pr_hide;
+ lim->lms_s_pr_total = frontendDB->be_def_limit.lms_s_pr_total;
+ }
+ goto ok;
}
for(i = 1; i < c->argc; i++) {
if(!strncasecmp(c->argv[i], "size", 4)) {
lim->lms_s_hard = 0;
}
}
+
+ok:
+ if ( ( c->be == frontendDB ) && ( c->ca_entry ) ) {
+ /* This is a modification to the global limits apply it to
+ * the other databases as needed */
+ AttributeDescription *ad=NULL;
+ const char *text = NULL;
+ CfEntryInfo *ce = c->ca_entry->e_private;
+
+ slap_str2ad(c->argv[0], &ad, &text);
+ /* if we got here... */
+ assert( ad != NULL );
+
+ if ( ce->ce_type == Cft_Global ){
+ ce = ce->ce_kids;
+ }
+ for (; ce; ce=ce->ce_sibs) {
+ Entry *dbe = ce->ce_entry;
+ if ( (ce->ce_type == Cft_Database) && (ce->ce_be != frontendDB)
+ && (!attr_find(dbe->e_attrs, ad)) ) {
+ ce->ce_be->be_def_limit.lms_s_soft = lim->lms_s_soft;
+ ce->ce_be->be_def_limit.lms_s_hard = lim->lms_s_hard;
+ ce->ce_be->be_def_limit.lms_s_unchecked =lim->lms_s_unchecked;
+ ce->ce_be->be_def_limit.lms_s_pr =lim->lms_s_pr;
+ ce->ce_be->be_def_limit.lms_s_pr_hide =lim->lms_s_pr_hide;
+ ce->ce_be->be_def_limit.lms_s_pr_total =lim->lms_s_pr_total;
+ }
+ }
+ }
return(0);
}
rc = 1;
return rc;
} else if ( c->op == LDAP_MOD_DELETE ) {
- /* Reset to defaults */
- lim->lms_t_soft = SLAPD_DEFAULT_TIMELIMIT;
- lim->lms_t_hard = 0;
- return 0;
+ /* Reset to defaults or values from frontend */
+ if ( c->be == frontendDB ) {
+ lim->lms_t_soft = SLAPD_DEFAULT_TIMELIMIT;
+ lim->lms_t_hard = 0;
+ } else {
+ lim->lms_t_soft = frontendDB->be_def_limit.lms_t_soft;
+ lim->lms_t_hard = frontendDB->be_def_limit.lms_t_hard;
+ }
+ goto ok;
}
for(i = 1; i < c->argc; i++) {
if(!strncasecmp(c->argv[i], "time", 4)) {
lim->lms_t_hard = 0;
}
}
+
+ok:
+ if ( ( c->be == frontendDB ) && ( c->ca_entry ) ) {
+ /* This is a modification to the global limits apply it to
+ * the other databases as needed */
+ AttributeDescription *ad=NULL;
+ const char *text = NULL;
+ slap_str2ad(c->argv[0], &ad, &text);
+ /* if we got here... */
+ assert( ad != NULL );
+
+ CfEntryInfo *ce = c->ca_entry->e_private;
+ if ( ce->ce_type == Cft_Global ){
+ ce = ce->ce_kids;
+ }
+ for (; ce; ce=ce->ce_sibs) {
+ Entry *dbe = ce->ce_entry;
+ if ( (ce->ce_type == Cft_Database) && (ce->ce_be != frontendDB)
+ && (!attr_find(dbe->e_attrs, ad)) ) {
+ ce->ce_be->be_def_limit.lms_t_soft = lim->lms_t_soft;
+ ce->ce_be->be_def_limit.lms_t_hard = lim->lms_t_hard;
+ }
+ }
+ }
return(0);
}
}
static int
-tcp_buffer_unparse( int idx, int size, int rw, Listener *l, struct berval *val )
+tcp_buffer_unparse( int size, int rw, Listener *l, struct berval *val )
{
char buf[sizeof("2147483648")], *ptr;
}
static int
-tcp_buffer_add_one( int argc, char **argv, int idx )
+tcp_buffer_add_one( int argc, char **argv )
{
int rc = 0;
int size = -1, rw = 0;
}
/* unparse for later use */
- rc = tcp_buffer_unparse( idx, size, rw, l, &val );
+ rc = tcp_buffer_unparse( size, rw, l, &val );
if ( rc != LDAP_SUCCESS ) {
return rc;
}
tcp_buffer = SLAP_REALLOC( tcp_buffer, sizeof( struct berval ) * ( tcp_buffer_num + 2 ) );
/* append */
- idx = tcp_buffer_num;
- tcp_buffer[ idx ] = val;
+ tcp_buffer[ tcp_buffer_num ] = val;
tcp_buffer_num++;
BER_BVZERO( &tcp_buffer[ tcp_buffer_num ] );
}
/* unparse for later use */
- rc = tcp_buffer_unparse( tcp_buffer_num, size, rw, l, &val );
+ rc = tcp_buffer_unparse( size, rw, l, &val );
if ( rc != LDAP_SUCCESS ) {
return 1;
}
} else {
int rc;
- int idx;
- rc = tcp_buffer_add_one( c->argc - 1, &c->argv[ 1 ], idx );
+ rc = tcp_buffer_add_one( c->argc - 1, &c->argv[ 1 ] );
if ( rc ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"<%s> unable to add value #%d",
- c->argv[0], idx );
+ c->argv[0], tcp_buffer_num );
Debug( LDAP_DEBUG_ANY, "%s: %s\n",
c->log, c->cr_msg, 0 );
return 1;
loglevel_init( void )
{
slap_verbmasks lo[] = {
- { BER_BVC("Any"), LDAP_DEBUG_ANY },
+ { BER_BVC("Any"), (slap_mask_t) LDAP_DEBUG_ANY },
{ BER_BVC("Trace"), LDAP_DEBUG_TRACE },
{ BER_BVC("Packets"), LDAP_DEBUG_PACKETS },
{ BER_BVC("Args"), LDAP_DEBUG_ARGS },
fprintf( out, "Installed log subsystems:\n\n" );
for ( i = 0; !BER_BVISNULL( &loglevel_ops[ i ].word ); i++ ) {
- fprintf( out, "\t%-30s (%u, 0x%x)\n",
- loglevel_ops[ i ].word.bv_val,
- (unsigned) loglevel_ops[ i ].mask,
- (unsigned) loglevel_ops[ i ].mask );
+ unsigned mask = loglevel_ops[ i ].mask & 0xffffffffUL;
+ fprintf( out,
+ (mask == ((slap_mask_t) -1 & 0xffffffffUL)
+ ? "\t%-30s (-1, 0xffffffff)\n" : "\t%-30s (%u, 0x%x)\n"),
+ loglevel_ops[ i ].word.bv_val, mask, mask );
}
fprintf( out, "\nNOTE: custom log subsystems may be later installed "
ca->valx = -1;
ca->line = NULL;
+ ca->argc = 1;
if ( cfn->c_cr_head ) {
struct berval bv = BER_BVC("olcDitContentRules");
ad = NULL;
Debug( LDAP_DEBUG_TRACE, "%s: config_add_internal: "
"DN=\"%s\" already exists\n",
log_prefix, e->e_name.bv_val, 0 );
+ /* global schema ignores all writes */
+ if ( ce->ce_type == Cft_Schema && ce->ce_parent->ce_type == Cft_Global )
+ return LDAP_COMPARE_TRUE;
return LDAP_ALREADY_EXISTS;
}
}
}
if ( op ) {
+ AclCheck ak;
/* No parent, must be root. This will never happen... */
if ( !last && !be_isroot( op ) && !be_shadow_update( op ) ) {
return LDAP_NO_SUCH_OBJECT;
}
- if ( last && !access_allowed( op, last->ce_entry,
- slap_schema.si_ad_children, NULL, ACL_WADD, NULL ) )
+ ak.ak_e = last->ce_entry;
+ ak.ak_desc = slap_schema.si_ad_children;
+ ak.ak_val = NULL;
+ ak.ak_access = ACL_WADD;
+ ak.ak_state = NULL;
+ if ( last && !access_allowed( op, &ak ))
{
Debug( LDAP_DEBUG_TRACE, "%s: config_add_internal: "
"DN=\"%s\" no write access to \"children\" of parent\n",
ok:
/* Newly added databases and overlays need to be started up */
if ( CONFIG_ONLINE_ADD( ca )) {
- if ( colst[0]->co_type == Cft_Database ) {
+ if ( coptr->co_type == Cft_Database ) {
rc = backend_startup_one( ca->be, &ca->reply );
- } else if ( colst[0]->co_type == Cft_Overlay ) {
+ } else if ( coptr->co_type == Cft_Overlay ) {
if ( ca->bi->bi_db_open ) {
BackendInfo *bi_orig = ca->be->bd_info;
ca->be->bd_info = ca->bi;
ce->ce_parent = last;
ce->ce_entry = entry_dup( e );
ce->ce_entry->e_private = ce;
- ce->ce_type = colst[0]->co_type;
+ ce->ce_type = coptr->co_type;
ce->ce_be = ca->be;
ce->ce_bi = ca->bi;
ce->ce_private = ca->ca_private;
done:
if ( rc ) {
- if ( (colst[0]->co_type == Cft_Database) && ca->be ) {
+ if ( (coptr->co_type == Cft_Database) && ca->be ) {
if ( ca->be != frontendDB )
backend_destroy_one( ca->be, 1 );
- } else if ( (colst[0]->co_type == Cft_Overlay) && ca->bi ) {
+ } else if ( (coptr->co_type == Cft_Overlay) && ca->bi ) {
overlay_destroy_one( ca->be, (slap_overinst *)ca->bi );
- } else if ( colst[0]->co_type == Cft_Schema ) {
+ } else if ( coptr->co_type == Cft_Schema ) {
schema_destroy_one( ca, colst, nocs, last );
}
}
CfBackInfo *cfb;
int renumber;
ConfigArgs ca;
+ AclCheck ak = { op->ora_e, slap_schema.si_ad_entry,
+ NULL, ACL_WADD, NULL };
- if ( !access_allowed( op, op->ora_e, slap_schema.si_ad_entry,
- NULL, ACL_WADD, NULL )) {
+ if ( !access_allowed( op, &ak )) {
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto out;
}
ldap_pvt_thread_pool_resume( &connection_pool );
out:;
- send_ldap_result( op, rs );
+ { int repl = op->o_dont_replicate;
+ if ( rs->sr_err == LDAP_COMPARE_TRUE ) {
+ rs->sr_err = LDAP_SUCCESS;
+ op->o_dont_replicate = 1;
+ }
+ send_ldap_result( op, rs );
+ op->o_dont_replicate = repl;
+ }
slap_graduate_commit_csn( op );
return rs->sr_err;
}
}
ca->line = bv.bv_val;
ca->valx = d->idx[i];
+ config_parse_vals(ct, ca, d->idx[i] );
rc = config_del_vals( ct, ca );
if ( rc != LDAP_SUCCESS ) break;
if ( s )
} else {
ca->valx = -1;
ca->line = NULL;
+ ca->argc = 1;
rc = config_del_vals( ct, ca );
if ( rc ) rc = LDAP_OTHER;
if ( s )
a->a_flags &= ~(SLAP_ATTR_IXDEL|SLAP_ATTR_IXADD);
ca->valx = -1;
ca->line = NULL;
+ ca->argc = 1;
config_del_vals( ct, ca );
}
for ( i=0; !BER_BVISNULL( &s->a_vals[i] ); i++ ) {
ct = config_find_table( colst, nocs, a->a_desc, ca );
ca->valx = -1;
ca->line = NULL;
+ ca->argc = 1;
config_del_vals( ct, ca );
s = attr_find( save_attrs, a->a_desc );
if ( s ) {
CfEntryInfo *ce, *last;
struct berval rdn;
int ixold, ixnew;
+ AclCheck ak;
cfb = (CfBackInfo *)op->o_bd->be_private;
rs->sr_err = LDAP_NO_SUCH_OBJECT;
goto out;
}
- if ( !access_allowed( op, ce->ce_entry, slap_schema.si_ad_entry,
- NULL, ACL_WRITE, NULL )) {
+ ak.ak_e = ce->ce_entry;
+ ak.ak_desc = slap_schema.si_ad_entry;
+ ak.ak_val = NULL;
+ ak.ak_access = ACL_WRITE;
+ ak.ak_state = NULL;
+ if ( !access_allowed( op, &ak )) {
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto out;
}
- { Entry *parent;
+ {
if ( ce->ce_parent )
- parent = ce->ce_parent->ce_entry;
+ ak.ak_e = ce->ce_parent->ce_entry;
else
- parent = (Entry *)&slap_entry_root;
- if ( !access_allowed( op, parent, slap_schema.si_ad_children,
- NULL, ACL_WRITE, NULL )) {
+ ak.ak_e = (Entry *)&slap_entry_root;
+ ak.ak_desc = slap_schema.si_ad_children;
+ if ( !access_allowed( op, &ak )) {
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto out;
}
{
CfBackInfo *cfb;
CfEntryInfo *ce, *last;
- slap_mask_t mask;
+ AclCheck ak;
cfb = (CfBackInfo *)op->o_bd->be_private;
rs->sr_err = LDAP_NO_SUCH_OBJECT;
goto out;
}
- if ( !access_allowed_mask( op, ce->ce_entry, slap_schema.si_ad_entry, NULL,
- ACL_SEARCH, NULL, &mask ))
+ ak.ak_e = ce->ce_entry;
+ ak.ak_desc = slap_schema.si_ad_entry;
+ ak.ak_val = NULL;
+ ak.ak_access = ACL_SEARCH;
+ ak.ak_state = NULL;
+ if ( !access_allowed_mask( op, &ak ))
{
- if ( !ACL_GRANT( mask, ACL_DISCLOSE )) {
+ if ( !ACL_GRANT( ak.ak_mask, ACL_DISCLOSE )) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
} else {
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;