static struct berval config_rdn = BER_BVC("cn=config");
static struct berval schema_rdn = BER_BVC("cn=schema");
-#define IFMT "{%02d}"
+#define IFMT "{%d}"
#ifdef SLAPD_MODULES
typedef struct modpath_s {
&config_generic, "( OLcfgAt:9 NAME 'olcBackend' "
"DESC 'A type of backend' "
"EQUALITY caseIgnoreMatch "
- "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
+ "SYNTAX OMsDirectoryString X-ORDERED 'SIBLINGS' )", NULL, NULL },
{ "concurrency", "level", 2, 2, 0, ARG_INT|ARG_MAGIC|CFG_CONCUR,
&config_generic, "( OLcfgAt:10 NAME 'olcConcurrency' "
"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
{ "database", "type", 2, 2, 0, ARG_MAGIC|CFG_DATABASE,
&config_generic, "( OLcfgAt:13 NAME 'olcDatabase' "
"DESC 'The backend type for a database instance' "
- "SUP olcBackend X-ORDERED 'VALUES' )", NULL, NULL },
+ "SUP olcBackend X-ORDERED 'SIBLINGS' )", NULL, NULL },
{ "defaultSearchBase", "dn", 2, 2, 0, ARG_PRE_BI|ARG_PRE_DB|ARG_DN|ARG_MAGIC,
&config_search_base, "( OLcfgAt:14 NAME 'olcDefaultSearchBase' "
"SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
"SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
{ "overlay", "overlay", 2, 2, 0, ARG_MAGIC,
&config_overlay, "( OLcfgAt:34 NAME 'olcOverlay' "
- "SUP olcDatabase X-ORDERED 'VALUES' )", NULL, NULL },
+ "SUP olcDatabase X-ORDERED 'SIBLINGS' )", NULL, NULL },
{ "password-crypt-salt-format", "salt", 2, 2, 0, ARG_STRING|ARG_MAGIC|CFG_SALT,
&config_generic, "( OLcfgAt:35 NAME 'olcPasswordCryptSaltFormat' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
"SYNTAX OMsDirectoryString )", NULL, NULL },
{ "rootpw", "password", 2, 2, 0, ARG_BERVAL|ARG_DB|ARG_MAGIC,
&config_rootpw, "( OLcfgAt:52 NAME 'olcRootPW' "
- "SYNTAX OMsOctetString SINGLE-VALUE )", NULL, NULL },
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
{ "sasl-authz-policy", NULL, 2, 2, 0, ARG_MAGIC|CFG_AZPOLICY,
&config_generic, NULL, NULL, NULL },
{ "sasl-host", "host", 2, 2, 0,
"( OLcfgAt:72 NAME 'olcTLSCipherSuite' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
{ "TLSCRLCheck", NULL, 0, 0, 0,
-#ifdef HAVE_TLS
+#if defined(HAVE_TLS) && defined(HAVE_OPENSSL_CRL)
CFG_TLS_CRLCHECK|ARG_STRING|ARG_MAGIC, &config_tls_config,
#else
ARG_IGNORED, NULL,
{ "( OLcfgOc:1 "
"NAME 'olcConfig' "
"DESC 'OpenLDAP configuration object' "
- "ABSTRACT SUP top "
- "MAY cn )", Cft_Abstract, NULL },
+ "ABSTRACT SUP top )", Cft_Abstract, NULL },
{ "( OLcfgOc:2 "
"NAME 'olcGlobal' "
"DESC 'OpenLDAP Global configuration options' "
"SUP olcConfig STRUCTURAL "
- "MAY ( olcConfigFile $ olcConfigDir $ olcAllows $ olcArgsFile $ "
+ "MAY ( cn $ olcConfigFile $ olcConfigDir $ olcAllows $ olcArgsFile $ "
"olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ "
"olcAuthzPolicy $ olcAuthzRegexp $ olcConcurrency $ "
"olcConnMaxPending $ olcConnMaxPendingAuth $ olcDefaultSearchBase $ "
"NAME 'olcSchemaConfig' "
"DESC 'OpenLDAP schema object' "
"SUP olcConfig STRUCTURAL "
- "MAY ( olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $ "
- "olcDitContentRules ) )", Cft_Schema, &cfOc_schema },
+ "MAY ( cn $ olcObjectIdentifier $ olcAttributeTypes $ "
+ "olcObjectClasses $ olcDitContentRules ) )",
+ Cft_Schema, &cfOc_schema },
{ "( OLcfgOc:4 "
"NAME 'olcBackendConfig' "
"DESC 'OpenLDAP Backend-specific options' "
"SUP olcConfig STRUCTURAL "
- "MAY ( olcBackend ) )", Cft_Backend, &cfOc_backend },
+ "MUST olcBackend )", Cft_Backend, &cfOc_backend },
{ "( OLcfgOc:5 "
"NAME 'olcDatabaseConfig' "
"DESC 'OpenLDAP Database-specific options' "
"SUP olcConfig STRUCTURAL "
- "MAY ( olcDatabase $ olcSuffix $ olcAccess $ olcLastMod $ olcLimits $ "
+ "MUST olcDatabase "
+ "MAY ( olcSuffix $ olcAccess $ olcLastMod $ olcLimits $ "
"olcMaxDerefDepth $ olcPlugin $ olcReadOnly $ olcReplica $ "
"olcReplogFile $ olcRequires $ olcRestrict $ olcRootDN $ olcRootPW $ "
"olcSchemaDN $ olcSecurity $ olcSizeLimit $ olcSyncrepl $ "
"NAME 'olcOverlayConfig' "
"DESC 'OpenLDAP Overlay-specific options' "
"SUP olcConfig STRUCTURAL "
- "MAY ( olcOverlay ) )", Cft_Overlay, &cfOc_overlay },
+ "MUST olcOverlay )", Cft_Overlay, &cfOc_overlay },
{ "( OLcfgOc:7 "
"NAME 'olcIncludeFile' "
"DESC 'OpenLDAP configuration include file' "
"SUP olcConfig STRUCTURAL "
- "MAY ( olcInclude $ olcConfigFile $ olcRootDSE ) )",
+ "MUST olcInclude "
+ "MAY ( cn $ olcRootDSE ) )",
Cft_Include, &cfOc_include },
#ifdef SLAPD_MODULES
{ "( OLcfgOc:8 "
"NAME 'olcModuleList' "
"DESC 'OpenLDAP dynamic module info' "
"SUP olcConfig STRUCTURAL "
- "MUST olcModuleLoad )",
- Cft_Module, &cfOc_module },
+ "MUST olcModuleLoad "
+ "MAY cn )", Cft_Module, &cfOc_module },
#endif
{ NULL, 0, NULL }
};
}
p = strchr(c->line,'(' /*')'*/);
+ if ( c->op == LDAP_MOD_DELETE ) {
+ int rc = 0;
+ switch(c->type) {
+ case CFG_BACKEND:
+ case CFG_DATABASE:
+ rc = 1;
+ break;
+ case CFG_CONCUR:
+ ldap_pvt_thread_set_concurrency(c);
+ break;
+
+ }
+ }
switch(c->type) {
case CFG_BACKEND:
if(!(c->bi = backend_info(c->argv[1]))) {
/* NOTE: config is always the first backend!
*/
if ( !strcasecmp( c->argv[1], "config" )) {
- c->be = backendDB;
+ c->be = LDAP_STAILQ_FIRST(&backendDB);
} else if ( !strcasecmp( c->argv[1], "frontend" )) {
c->be = frontendDB;
} else if(!(c->be = backend_db_init(c->argv[1]))) {
ConfigFile *cfsave = cfn;
ConfigFile *cf2 = NULL;
if (c->op == SLAP_CONFIG_EMIT) {
+ if (c->private) {
+ ConfigFile *cf = c->private;
+ value_add_one( &c->rvalue_vals, &cf->c_file );
+ return 0;
+ }
return 1;
}
cf = ch_calloc( 1, sizeof(ConfigFile));
config_tls_option(ConfigArgs *c) {
int flag;
switch(c->type) {
- case CFG_TLS_RAND: flag = LDAP_OPT_X_TLS_RANDOM_FILE; break;
+ case CFG_TLS_RAND: flag = LDAP_OPT_X_TLS_RANDOM_FILE; break;
case CFG_TLS_CIPHER: flag = LDAP_OPT_X_TLS_CIPHER_SUITE; break;
case CFG_TLS_CERT_FILE: flag = LDAP_OPT_X_TLS_CERTFILE; break;
case CFG_TLS_CERT_KEY: flag = LDAP_OPT_X_TLS_KEYFILE; break;
case CFG_TLS_CA_PATH: flag = LDAP_OPT_X_TLS_CACERTDIR; break;
case CFG_TLS_CA_FILE: flag = LDAP_OPT_X_TLS_CACERTFILE; break;
default: Debug(LDAP_DEBUG_ANY, "%s: "
- "unknown tls_option <%x>\n",
+ "unknown tls_option <0x%x>\n",
c->log, c->type, 0);
}
if (c->op == SLAP_CONFIG_EMIT) {
{ BER_BVNULL, 0 }
}, *keys;
switch(c->type) {
-#ifdef HAVE_OPENSSL_CRL
- case CFG_TLS_CRLCHECK: flag = LDAP_OPT_X_TLS_CRLCHECK; keys = crlkeys;
- break;
-#endif
- case CFG_TLS_VERIFY: flag = LDAP_OPT_X_TLS_REQUIRE_CERT; keys = vfykeys;
- break;
- default: Debug(LDAP_DEBUG_ANY, "%s: "
- "unknown tls_option <%x>\n",
- c->log, c->type, 0);
+ case CFG_TLS_CRLCHECK: flag = LDAP_OPT_X_TLS_CRLCHECK; keys = crlkeys; break;
+ case CFG_TLS_VERIFY: flag = LDAP_OPT_X_TLS_REQUIRE_CERT; keys = vfykeys; break;
+ default:
+ Debug(LDAP_DEBUG_ANY, "%s: "
+ "unknown tls_option <0x%x>\n",
+ c->log, c->type, 0);
}
if (c->op == SLAP_CONFIG_EMIT) {
ldap_pvt_tls_get_option( NULL, flag, &c->value_int );
while(root) {
*last = root;
for (--c;c>dn->bv_val && *c != ',';c--);
- if ( *c == ',' )
- c++;
cdn.bv_val = c;
- cdn.bv_len = dn->bv_len - (c-dn->bv_val);
+ if ( *c == ',' )
+ cdn.bv_val++;
+ cdn.bv_len = dn->bv_len - (cdn.bv_val - dn->bv_val);
root = root->ce_kids;
return NULL;
}
-/* Sort the values in an X-ORDERED attribute.
+/* Sort the values in an X-ORDERED VALUES attribute.
* If the values have no index, leave them in their given order.
- * If the values have indexes, sort them and then strip the index.
+ * If the values have indexes, sort them.
* If some are indexed and some are not, return Error.
*
* FIXME: This function probably belongs in the frontend somewhere,
struct berval tmp, ntmp;
char *ptr;
+#if 0
/* Strip index from normalized values */
if ( !a->a_nvals || a->a_vals == a->a_nvals ) {
a->a_nvals = ch_malloc( (vals+1)*sizeof(struct berval));
strcpy(a->a_nvals[i].bv_val, ptr);
}
}
+#endif
indexes = ch_malloc( vals * sizeof(int) );
for ( i=0; i<vals; i++)
static int
check_attr( ConfigTable *ct, ConfigArgs *ca, Attribute *a )
{
- int i, rc = 0;
+ int i, rc = 0, sort = 0;
if ( a->a_desc->ad_type->sat_flags & SLAP_AT_ORDERED ) {
+ sort = 1;
rc = sort_vals( a );
if ( rc )
return rc;
}
for ( i=0; a->a_nvals[i].bv_val; i++ ) {
ca->line = a->a_nvals[i].bv_val;
+ if ( sort ) ca->line = strchr( ca->line, '}' ) + 1;
rc = config_parse_vals( ct, ca, i );
if ( rc )
break;
rval.bv_val = strchr(rdn.bv_val, '=' ) + 1;
rval.bv_len = rdn.bv_len - (rval.bv_val - rdn.bv_val);
rtype.bv_val = rdn.bv_val;
- rtype.bv_len = rval.bv_val - rtype.bv_val - 2;
+ rtype.bv_len = rval.bv_val - rtype.bv_val - 1;
/* Find attr */
slap_bv2ad( &rtype, &ad, &text );
rc = LDAP_CONSTRAINT_VIOLATION;
goto leave;
}
+ break;
#ifdef SLAPD_MODULES
case Cft_Module:
if ( !last || last->ce_type != Cft_Global ) {
goto ok;
/* FALLTHRU */
case Cft_Global:
- ca.be = backendDB;
+ ca.be = LDAP_STAILQ_FIRST(&backendDB);
break;
case Cft_Backend:
case Cft_Overlay:
ca.be = last->ce_be;
type_ad = cfAd_overlay;
+ break;
case Cft_Include:
if ( !rs ) /* ignored */
break;
type_ad = cfAd_include;
+ break;
#ifdef SLAPD_MODULES
case Cft_Module: {
ModPaths *mp;
/* Basic syntax checks are OK. Do the actual settings. */
if ( type_ct ) {
- ca.line = type_attr->a_nvals[0].bv_val;
+ ca.line = type_attr->a_vals[0].bv_val;
+ if ( type_ad->ad_type->sat_flags & SLAP_AT_ORDERED )
+ ca.line = strchr( ca.line, '}' ) + 1;
rc = config_parse_add( type_ct, &ca, 0 );
- if ( rc ) goto leave;
+ if ( rc ) {
+ rc = LDAP_OTHER;
+ goto leave;
+ }
}
for ( a=e->e_attrs; a; a=a->a_next ) {
if ( a == type_attr || a == oc_at ) continue;
if ( ct ) break;
}
if ( !ct ) continue; /* user data? */
- for (i=0; a->a_nvals[i].bv_val; i++) {
- ca.line = a->a_nvals[i].bv_val;
+ for (i=0; a->a_vals[i].bv_val; i++) {
+ ca.line = a->a_vals[i].bv_val;
+ if ( a->a_desc->ad_type->sat_flags & SLAP_AT_ORDERED )
+ ca.line = strchr( ca.line, '}' ) + 1;
rc = config_parse_add( ct, &ca, i );
- if ( rc ) goto leave;
+ if ( rc ) {
+ rc = LDAP_OTHER;
+ goto leave;
+ }
}
}
ok:
return rs->sr_err;
}
+/* Modify rules:
+ * for single-valued attributes, should just use REPLACE.
+ * any received DELETE/ADD on a single-valued attr will
+ * be checked (if a DEL value is provided) and then
+ * rewritten as a REPLACE.
+ * any DELETE received without a corresponding ADD will be
+ * rejected with LDAP_CONSTRAINT_VIOLATION.
+ */
static int
config_back_modify( Operation *op, SlapReply *rs )
{
return rs->sr_err;
}
+static int
+config_back_modrdn( Operation *op, SlapReply *rs )
+{
+ CfBackInfo *cfb;
+ CfEntryInfo *ce, *last;
+
+ if ( !be_isroot( op ) ) {
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ send_ldap_result( op, rs );
+ }
+
+ cfb = (CfBackInfo *)op->o_bd->be_private;
+
+ ce = config_find_base( cfb->cb_root, &op->o_req_ndn, &last );
+ if ( !ce ) {
+ if ( last )
+ rs->sr_matched = last->ce_entry->e_name.bv_val;
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ goto out;
+ }
+
+ /* We don't allow moving objects to new parents.
+ * Generally we only allow reordering a set of ordered entries.
+ */
+ if ( op->orr_newSup ) {
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ goto out;
+ }
+ ldap_pvt_thread_pool_pause( &connection_pool );
+
+ ldap_pvt_thread_pool_resume( &connection_pool );
+out:
+ send_ldap_result( op, rs );
+ return rs->sr_err;
+}
+
static int
config_back_search( Operation *op, SlapReply *rs )
{
*/
c.line = 0;
- bi = backendInfo;
- for (i=0; i<nBackendInfo; i++, bi++) {
+ LDAP_STAILQ_FOREACH( bi, &backendInfo, bi_next) {
if (!bi->bi_cf_table) continue;
if (!bi->bi_private) continue;
}
/* Create database nodes... */
- for (i=0; i<nBackendDB; i++) {
+ i = -1;
+ LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) {
slap_overinfo *oi = NULL;
+ i++;
if ( i == 0 ) {
bptr = frontendDB;
} else {
- bptr = &backendDB[i];
+ bptr = be;
}
if ( overlay_is_over( bptr )) {
oi = bptr->bd_info->bi_private;
ConfigTable *ct = config_back_cf_table;
char *argv[4];
int i;
+ static char *controls[] = {
+ LDAP_CONTROL_MANAGEDSAIT,
+ NULL
+ };
+
+ bi->bi_controls = controls;
bi->bi_open = 0;
bi->bi_close = 0;
bi->bi_op_search = config_back_search;
bi->bi_op_compare = 0;
bi->bi_op_modify = config_back_modify;
- bi->bi_op_modrdn = 0;
+ bi->bi_op_modrdn = config_back_modrdn;
bi->bi_op_add = config_back_add;
bi->bi_op_delete = 0;
bi->bi_op_abandon = 0;
projects / openldap / blobdiff