/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004-2008 The OpenLDAP Foundation.
+ * Copyright 2004-2011 The OpenLDAP Foundation.
* Portions Copyright 2004,2006-2007 Symas Corporation.
* All rights reserved.
*
struct berval dn;
struct berval ndn;
struct berval filter;
+ Filter *f;
struct unique_attrs_s *attrs;
int scope;
} unique_domain_uri;
ch_free ( uri->dn.bv_val );
ch_free ( uri->ndn.bv_val );
ch_free ( uri->filter.bv_val );
+ filter_free( uri->f );
attr = uri->attrs;
while ( attr ) {
next_attr = attr->next;
uri = ch_calloc ( 1, sizeof ( unique_domain_uri ) );
+ if ( url_desc->lud_host && url_desc->lud_host[0] ) {
+ snprintf( c->cr_msg, sizeof( c->cr_msg ),
+ "host <%s> not allowed in URI",
+ url_desc->lud_host );
+ rc = ARG_BAD_CONF;
+ goto exit;
+ }
+
if ( url_desc->lud_dn && url_desc->lud_dn[0] ) {
ber_str2bv( url_desc->lud_dn, 0, 0, &bv );
rc = dnPrettyNormal( NULL,
rc = ARG_BAD_CONF;
goto exit;
}
+
+ if ( BER_BVISNULL( &be->be_rootndn ) || BER_BVISEMPTY( &be->be_rootndn ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "slapo-unique needs a rootdn; "
+ "backend <%s> has none, YMMV.\n",
+ be->be_nsuffix[0].bv_val, 0, 0 );
+ }
}
attr_str = url_desc->lud_attrs;
}
if (url_desc->lud_filter) {
- Filter *f = str2filter( url_desc->lud_filter );
char *ptr;
- if ( !f ) {
+ uri->f = str2filter( url_desc->lud_filter );
+ if ( !uri->f ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"unique: bad filter");
rc = ARG_BAD_CONF;
goto exit;
}
/* make sure the strfilter is in normal form (ITS#5581) */
- filter2bv( f, &uri->filter );
- filter_free( f );
+ filter2bv( uri->f, &uri->filter );
ptr = strstr( uri->filter.bv_val, "(?=" /*)*/ );
if ( ptr != NULL && ptr <= ( uri->filter.bv_val - STRLENOF( "(?=" /*)*/ ) + uri->filter.bv_len ) )
{
abort();
}
+ if ( rc ) {
+ ch_free( c->value_dn.bv_val );
+ BER_BVZERO( &c->value_dn );
+ ch_free( c->value_ndn.bv_val );
+ BER_BVZERO( &c->value_ndn );
+ }
+
return rc;
}
int len;
ldap_bv2escaped_filter_value_x( &b[i], &bv, 1, ctx );
+ if (!b[i].bv_len)
+ bv.bv_val = b[i].bv_val;
len = snprintf( kp, ks, "(%s=%s)", ad->ad_cname.bv_val, bv.bv_val );
assert( len >= 0 && len < ks );
kp += len;
nop->o_bd = on->on_info->oi_origdb;
rc = nop->o_bd->be_search(nop, &nrs);
- filter_free_x(nop, nop->ors_filter);
+ filter_free_x(nop, nop->ors_filter, 1);
op->o_tmpfree( key->bv_val, op->o_tmpmemctx );
if(rc != LDAP_SUCCESS && rc != LDAP_NO_SUCH_OBJECT) {
Debug(LDAP_DEBUG_TRACE, "==> unique_add <%s>\n",
op->o_req_dn.bv_val, 0, 0);
+ /* skip the checks if the operation has manageDsaIt control in it
+ * (for replication) */
+ if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) {
+ Debug(LDAP_DEBUG_TRACE, "unique_add: administrative bypass, skipping\n", 0, 0, 0);
+ return rc;
+ }
+
for ( domain = legacy ? legacy : domains;
domain;
domain = domain->next )
{
unique_domain_uri *uri;
- int ks = STRLENOF("(|)");
for ( uri = domain->uri;
uri;
uri = uri->next )
{
int len;
+ int ks = 0;
if ( uri->ndn.bv_val
&& !dnIsSuffix( &op->o_req_ndn, &uri->ndn ))
continue;
+ if ( uri->f ) {
+ if ( test_filter( NULL, op->ora_e, uri->f )
+ == LDAP_COMPARE_FALSE )
+ {
+ Debug( LDAP_DEBUG_TRACE,
+ "==> unique_add_skip<%s>\n",
+ op->o_req_dn.bv_val, 0, 0 );
+ continue;
+ }
+ }
+
if(!(a = op->ora_e->e_attrs)) {
op->o_bd->bd_info = (BackendInfo *) on->on_info;
send_ldap_error(op, rs, LDAP_INVALID_SYNTAX,
if ( !ks ) continue;
/* terminating NUL */
- ks++;
+ ks += sizeof("(|)");
if ( uri->filter.bv_val && uri->filter.bv_len )
ks += uri->filter.bv_len + STRLENOF ("(&)");
Debug(LDAP_DEBUG_TRACE, "==> unique_modify <%s>\n",
op->o_req_dn.bv_val, 0, 0);
+ /* skip the checks if the operation has manageDsaIt control in it
+ * (for replication) */
+ if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) {
+ Debug(LDAP_DEBUG_TRACE, "unique_modify: administrative bypass, skipping\n", 0, 0, 0);
+ return rc;
+ }
+
for ( domain = legacy ? legacy : domains;
domain;
domain = domain->next )
{
unique_domain_uri *uri;
- int ks = STRLENOF("(|)");
for ( uri = domain->uri;
uri;
uri = uri->next )
{
int len;
+ int ks = 0;
if ( uri->ndn.bv_val
&& !dnIsSuffix( &op->o_req_ndn, &uri->ndn ))
if ( !ks ) continue;
/* terminating NUL */
- ks++;
+ ks += sizeof("(|)");
if ( uri->filter.bv_val && uri->filter.bv_len )
ks += uri->filter.bv_len + STRLENOF ("(&)");
Debug(LDAP_DEBUG_TRACE, "==> unique_modrdn <%s> <%s>\n",
op->o_req_dn.bv_val, op->orr_newrdn.bv_val, 0);
+ /* skip the checks if the operation has manageDsaIt control in it
+ * (for replication) */
+ if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) {
+ Debug(LDAP_DEBUG_TRACE, "unique_modrdn: administrative bypass, skipping\n", 0, 0, 0);
+ return rc;
+ }
+
for ( domain = legacy ? legacy : domains;
domain;
domain = domain->next )
{
unique_domain_uri *uri;
- int ks = STRLENOF("(|)");
for ( uri = domain->uri;
uri;
uri = uri->next )
{
int i, len;
+ int ks = 0;
if ( uri->ndn.bv_val
&& !dnIsSuffix( &op->o_req_ndn, &uri->ndn )
if ( !ks ) continue;
/* terminating NUL */
- ks++;
+ ks += sizeof("(|)");
if ( uri->filter.bv_val && uri->filter.bv_len )
ks += uri->filter.bv_len + STRLENOF ("(&)");
projects / openldap / blobdiff