X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fcontrols.c;h=1900312250e856026279a1b2e7cc95c3ee3255e9;hb=89812424f4f844053cc2607e3e5e9382b0825bb8;hp=6448d69f3b95bca02229976aedd98c88dedb74fd;hpb=e8c58b4e7f21caa6c0b6006e3528cbad9b8aed45;p=openldap

diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c
index 6448d69f3b..1900312250 100644
--- a/servers/slapd/controls.c
+++ b/servers/slapd/controls.c
@@ -1,13 +1,18 @@
 /* $OpenLDAP$ */
-/* 
- * Copyright 1999-2003 The OpenLDAP Foundation.
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2004 The OpenLDAP Foundation.
  * All rights reserved.
  *
- * Redistribution and use in source and binary forms are permitted only
- * as authorized by the OpenLDAP Public License.  A copy of this
- * license is available at http://www.OpenLDAP.org/license.html or
- * in file LICENSE in the top-level directory of the distribution.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
  */
+
 #include "portable.h"
 
 #include <stdio.h>
@@ -19,8 +24,12 @@
 
 #include "../../libraries/liblber/lber-int.h"
 
+static SLAP_CTRL_PARSE_FN parseAssert;
+static SLAP_CTRL_PARSE_FN parsePreRead;
+static SLAP_CTRL_PARSE_FN parsePostRead;
 static SLAP_CTRL_PARSE_FN parseProxyAuthz;
 static SLAP_CTRL_PARSE_FN parseManageDSAit;
+static SLAP_CTRL_PARSE_FN parseModifyIncrement;
 static SLAP_CTRL_PARSE_FN parseNoOp;
 static SLAP_CTRL_PARSE_FN parsePagedResults;
 static SLAP_CTRL_PARSE_FN parseValuesReturnFilter;
@@ -30,40 +39,24 @@ static SLAP_CTRL_PARSE_FN parseDomainScope;
 #ifdef LDAP_CONTROL_SUBENTRIES
 static SLAP_CTRL_PARSE_FN parseSubentries;
 #endif
-#ifdef LDAP_CLIENT_UPDATE
-static SLAP_CTRL_PARSE_FN parseClientUpdate;
-#endif
-#ifdef LDAP_SYNC
-static SLAP_CTRL_PARSE_FN parseLdupSync;
-#endif
+static SLAP_CTRL_PARSE_FN parseLDAPsync;
 
 #undef sc_mask /* avoid conflict with Irix 6.5 <sys/signal.h> */
 
-static char *proxy_authz_extops[] = {
-	LDAP_EXOP_MODIFY_PASSWD,
-	LDAP_EXOP_X_WHO_AM_I,
-	NULL
-};
+const struct berval slap_pre_read_bv = BER_BVC(LDAP_CONTROL_PRE_READ);
+const struct berval slap_post_read_bv = BER_BVC(LDAP_CONTROL_POST_READ);
 
 struct slap_control {
-	/*
-	 * Control OID
-	 */
+	/* Control OID */
 	char *sc_oid;
 
-	/*
-	 * Operations supported by control
-	 */
+	/* Operations supported by control */
 	slap_mask_t sc_mask;
 
-	/*
-	 * Extended operations supported by control
-	 */
+	/* Extended operations supported by control */
 	char **sc_extendedops;
 
-	/*
-	 * Control parsing callback
-	 */
+	/* Control parsing callback */
 	SLAP_CTRL_PARSE_FN *sc_parse;
 
 	LDAP_SLIST_ENTRY(slap_control) sc_next;
@@ -77,15 +70,28 @@ static LDAP_SLIST_HEAD(ControlsList, slap_control) controls_list
  */
 char **slap_known_controls = NULL;
 
+static char *proxy_authz_extops[] = {
+	LDAP_EXOP_MODIFY_PASSWD,
+	LDAP_EXOP_X_WHO_AM_I,
+	NULL
+};
+
 static struct slap_control control_defs[] = {
+	{ LDAP_CONTROL_ASSERT,
+		SLAP_CTRL_HIDE|SLAP_CTRL_ACCESS, NULL,
+		parseAssert, LDAP_SLIST_ENTRY_INITIALIZER(next) },
+	{ LDAP_CONTROL_PRE_READ,
+		SLAP_CTRL_HIDE|SLAP_CTRL_DELETE|SLAP_CTRL_MODIFY|SLAP_CTRL_RENAME, NULL,
+		parsePreRead, LDAP_SLIST_ENTRY_INITIALIZER(next) },
+	{ LDAP_CONTROL_POST_READ,
+		SLAP_CTRL_HIDE|SLAP_CTRL_ADD|SLAP_CTRL_MODIFY|SLAP_CTRL_RENAME, NULL,
+		parsePostRead, LDAP_SLIST_ENTRY_INITIALIZER(next) },
  	{ LDAP_CONTROL_VALUESRETURNFILTER,
  		SLAP_CTRL_SEARCH, NULL,
 		parseValuesReturnFilter, LDAP_SLIST_ENTRY_INITIALIZER(next) },
-#ifdef LDAP_CONTROL_PAGEDRESULTS
 	{ LDAP_CONTROL_PAGEDRESULTS,
 		SLAP_CTRL_SEARCH, NULL,
 		parsePagedResults, LDAP_SLIST_ENTRY_INITIALIZER(next) },
-#endif
 #ifdef LDAP_CONTROL_X_DOMAIN_SCOPE
 	{ LDAP_CONTROL_X_DOMAIN_SCOPE,
 		SLAP_CTRL_FRONTEND|SLAP_CTRL_SEARCH, NULL,
@@ -104,15 +110,13 @@ static struct slap_control control_defs[] = {
 	{ LDAP_CONTROL_NOOP,
 		SLAP_CTRL_ACCESS, NULL,
 		parseNoOp, LDAP_SLIST_ENTRY_INITIALIZER(next) },
-#ifdef LDAP_CLIENT_UPDATE
-	{ LDAP_CONTROL_CLIENT_UPDATE,
-		SLAP_CTRL_SEARCH, NULL,
-		parseClientUpdate, LDAP_SLIST_ENTRY_INITIALIZER(next) },
-#endif
-#ifdef LDAP_SYNC
 	{ LDAP_CONTROL_SYNC,
-		SLAP_CTRL_SEARCH, NULL,
-		parseLdupSync, LDAP_SLIST_ENTRY_INITIALIZER(next) },
+		SLAP_CTRL_HIDE|SLAP_CTRL_SEARCH, NULL,
+		parseLDAPsync, LDAP_SLIST_ENTRY_INITIALIZER(next) },
+#ifdef LDAP_CONTROL_MODIFY_INCREMENT
+	{ LDAP_CONTROL_MODIFY_INCREMENT,
+		SLAP_CTRL_HIDE|SLAP_CTRL_MODIFY, NULL,
+		parseModifyIncrement, LDAP_SLIST_ENTRY_INITIALIZER(next) },
 #endif
 	{ LDAP_CONTROL_MANAGEDSAIT,
 		SLAP_CTRL_ACCESS, NULL,
@@ -248,14 +252,14 @@ controls_root_dse_info( Entry *e )
 	vals[1].bv_len = 0;
 
 	LDAP_SLIST_FOREACH( sc, &controls_list, sc_next ) {
+		if( sc->sc_mask & SLAP_CTRL_HIDE ) continue;
+
 		vals[0].bv_val = sc->sc_oid;
 		vals[0].bv_len = strlen( sc->sc_oid );
-#ifdef SLAP_NVALUES
-		if ( attr_merge( e, ad_supportedControl, vals, NULL ) )
-#else
-		if ( attr_merge( e, ad_supportedControl, vals ) )
-#endif /* SLAP_NVALUES */
+
+		if ( attr_merge( e, ad_supportedControl, vals, NULL ) ) {
 			return -1;
+		}
 	}
 
 	return 0;
@@ -330,6 +334,19 @@ find_ctrl( const char *oid )
 	return NULL;
 }
 
+void slap_free_ctrls(
+	Operation *op,
+	LDAPControl **ctrls
+)
+{
+	int i;
+
+	for (i=0; ctrls[i]; i++) {
+		op->o_tmpfree(ctrls[i], op->o_tmpmemctx );
+	}
+	op->o_tmpfree( ctrls, op->o_tmpmemctx );
+}
+
 int get_ctrls(
 	Operation *op,
 	SlapReply *rs,
@@ -341,6 +358,7 @@ int get_ctrls(
 	char *opaque;
 	BerElement *ber = op->o_ber;
 	struct slap_control *sc;
+	struct berval bv;
 
 	len = ber_pvt_ber_remaining(ber);
 
@@ -374,7 +392,7 @@ int get_ctrls(
 	}
 
 	/* one for first control, one for termination */
-	op->o_ctrls = ch_malloc( 2 * sizeof(LDAPControl *) );
+	op->o_ctrls = op->o_tmpalloc( 2 * sizeof(LDAPControl *), op->o_tmpmemctx );
 
 #if 0
 	if( op->ctrls == NULL ) {
@@ -394,24 +412,14 @@ int get_ctrls(
 		LDAPControl *c;
 		LDAPControl **tctrls;
 
-		c = ch_calloc( 1, sizeof(LDAPControl) );
-
-#if 0
-		if( c == NULL ) {
-			ldap_controls_free(op->o_ctrls);
-			op->o_ctrls = NULL;
-
-			rs->sr_err = LDAP_NO_MEMORY;
-			rs->sr_text = "no memory";
-			goto return_results;
-		}
-#endif
+		c = op->o_tmpalloc( sizeof(LDAPControl), op->o_tmpmemctx );
+		memset(c, 0, sizeof(LDAPControl));
 
 		/* allocate pointer space for current controls (nctrls)
 		 * + this control + extra NULL
 		 */
-		tctrls = ch_realloc( op->o_ctrls,
-			(nctrls+2) * sizeof(LDAPControl *));
+		tctrls = op->o_tmprealloc( op->o_ctrls,
+			(nctrls+2) * sizeof(LDAPControl *), op->o_tmpmemctx );
 
 #if 0
 		if( tctrls == NULL ) {
@@ -429,7 +437,8 @@ int get_ctrls(
 		op->o_ctrls[nctrls++] = c;
 		op->o_ctrls[nctrls] = NULL;
 
-		tag = ber_scanf( ber, "{a" /*}*/, &c->ldctl_oid );
+		tag = ber_scanf( ber, "{m" /*}*/, &bv );
+		c->ldctl_oid = bv.bv_val;
 
 		if( tag == LBER_ERROR ) {
 #ifdef NEW_LOGGING
@@ -440,7 +449,7 @@ int get_ctrls(
 				0, 0, 0 );
 #endif
 
-			ldap_controls_free( op->o_ctrls );
+			slap_free_ctrls( op, op->o_ctrls );
 			op->o_ctrls = NULL;
 			rs->sr_err = SLAPD_DISCONNECT;
 			rs->sr_text = "decoding controls error";
@@ -457,7 +466,7 @@ int get_ctrls(
 				op->o_connid, 0, 0 );
 #endif
 
-			ldap_controls_free( op->o_ctrls );
+			slap_free_ctrls( op, op->o_ctrls );
 			op->o_ctrls = NULL;
 			rs->sr_err = LDAP_PROTOCOL_ERROR;
 			rs->sr_text = "OID field is empty";
@@ -479,7 +488,7 @@ int get_ctrls(
 				Debug( LDAP_DEBUG_TRACE, "=> get_ctrls: get crit failed.\n",
 					0, 0, 0 );
 #endif
-				ldap_controls_free( op->o_ctrls );
+				slap_free_ctrls( op, op->o_ctrls );
 				op->o_ctrls = NULL;
 				rs->sr_err = SLAPD_DISCONNECT;
 				rs->sr_text = "decoding controls error";
@@ -491,7 +500,7 @@ int get_ctrls(
 		}
 
 		if( tag == LBER_OCTETSTRING ) {
-			tag = ber_scanf( ber, "o", &c->ldctl_value );
+			tag = ber_scanf( ber, "m", &c->ldctl_value );
 
 			if( tag == LBER_ERROR ) {
 #ifdef NEW_LOGGING
@@ -505,7 +514,7 @@ int get_ctrls(
 					op->o_connid, c->ldctl_oid,
 					c->ldctl_iscritical ? "" : "non" );
 #endif
-				ldap_controls_free( op->o_ctrls );
+				slap_free_ctrls( op, op->o_ctrls );
 				op->o_ctrls = NULL;
 				rs->sr_err = SLAPD_DISCONNECT;
 				rs->sr_text = "decoding controls error";
@@ -557,11 +566,11 @@ int get_ctrls(
 				break;
 			case LDAP_REQ_EXTENDED:
 				tagmask=~0L;
-				assert( op->oq_extended.rs_reqoid.bv_val != NULL );
+				assert( op->ore_reqoid.bv_val != NULL );
 				if( sc->sc_extendedops != NULL ) {
 					int i;
 					for( i=0; sc->sc_extendedops[i] != NULL; i++ ) {
-						if( strcmp( op->oq_extended.rs_reqoid.bv_val, sc->sc_extendedops[i] )
+						if( strcmp( op->ore_reqoid.bv_val, sc->sc_extendedops[i] )
 							== 0 )
 						{
 							tagmask=0L;
@@ -639,6 +648,32 @@ return_results:
 	return rs->sr_err;
 }
 
+static int parseModifyIncrement (
+	Operation *op,
+	SlapReply *rs,
+	LDAPControl *ctrl )
+{
+#if 0
+	if ( op->o_parseModifyIncrement != SLAP_NO_CONTROL ) {
+		rs->sr_text = "modifyIncrement control specified multiple times";
+		return LDAP_PROTOCOL_ERROR;
+	}
+#endif
+
+	if ( ctrl->ldctl_value.bv_len ) {
+		rs->sr_text = "modifyIncrement control value not empty";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+#if 0
+	op->o_parseModifyIncrement = ctrl->ldctl_iscritical
+		? SLAP_CRITICAL_CONTROL
+		: SLAP_NONCRITICAL_CONTROL;
+#endif
+
+	return LDAP_SUCCESS;
+}
+
 static int parseManageDSAit (
 	Operation *op,
 	SlapReply *rs,
@@ -666,8 +701,8 @@ static int parseProxyAuthz (
 	SlapReply *rs,
 	LDAPControl *ctrl )
 {
-	int rc;
-	struct berval dn = { 0, NULL };
+	int		rc;
+	struct berval	dn = { 0, NULL };
 
 	if ( op->o_proxy_authz != SLAP_NO_CONTROL ) {
 		rs->sr_text = "proxy authorization control specified multiple times";
@@ -715,9 +750,9 @@ static int parseProxyAuthz (
 		return LDAP_SUCCESS;
 	}
 
-	rc = slap_sasl_getdn( op->o_conn,
-		ctrl->ldctl_value.bv_val, ctrl->ldctl_value.bv_len,
-		NULL, &dn, SLAP_GETDN_AUTHZID );
+	rc = slap_sasl_getdn( op->o_conn, op,
+			ctrl->ldctl_value.bv_val, ctrl->ldctl_value.bv_len,
+			NULL, &dn, SLAP_GETDN_AUTHZID );
 
 	if( rc != LDAP_SUCCESS || !dn.bv_len ) {
 		if ( dn.bv_val ) {
@@ -725,6 +760,7 @@ static int parseProxyAuthz (
 		}
 		rs->sr_text = "authzId mapping failed";
 		return LDAP_PROXY_AUTHZ_FAILURE;
+
 	}
 
 #ifdef NEW_LOGGING
@@ -739,7 +775,7 @@ static int parseProxyAuthz (
 		dn.bv_len ? dn.bv_val : "(NULL)", 0 );
 #endif
 
-	rc = slap_sasl_authorized( op->o_conn, &op->o_ndn, &dn );
+	rc = slap_sasl_authorized( op, &op->o_ndn, &dn );
 
 	if( rc ) {
 		ch_free( dn.bv_val );
@@ -784,7 +820,6 @@ static int parseNoOp (
 	return LDAP_SUCCESS;
 }
 
-#ifdef LDAP_CONTROL_PAGEDRESULTS
 static int parsePagedResults (
 	Operation *op,
 	SlapReply *rs,
@@ -865,8 +900,182 @@ static int parsePagedResults (
 
 	return LDAP_SUCCESS;
 }
+
+static int parseAssert (
+	Operation *op,
+	SlapReply *rs,
+	LDAPControl *ctrl )
+{
+	BerElement	*ber;
+	struct berval	fstr = { 0, NULL };
+	const char *err_msg = "";
+
+	if ( op->o_assert != SLAP_NO_CONTROL ) {
+		rs->sr_text = "assert control specified multiple times";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	if ( ctrl->ldctl_value.bv_len == 0 ) {
+		rs->sr_text = "assert control value is empty (or absent)";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	ber = ber_init( &(ctrl->ldctl_value) );
+	if (ber == NULL) {
+		rs->sr_text = "assert control: internal error";
+		return LDAP_OTHER;
+	}
+	
+	rs->sr_err = get_filter( op, ber, &(op->o_assertion), &rs->sr_text);
+
+	if( rs->sr_err != LDAP_SUCCESS ) {
+		if( rs->sr_err == SLAPD_DISCONNECT ) {
+			rs->sr_err = LDAP_PROTOCOL_ERROR;
+			send_ldap_disconnect( op, rs );
+			rs->sr_err = SLAPD_DISCONNECT;
+		} else {
+			send_ldap_result( op, rs );
+		}
+		if( op->o_assertion != NULL ) {
+			filter_free_x( op, op->o_assertion );
+		}
+		return rs->sr_err;
+	}
+
+#ifdef LDAP_DEBUG
+	filter2bv_x( op, op->o_assertion, &fstr );
+
+#ifdef NEW_LOGGING
+	LDAP_LOG( OPERATION, ARGS, 
+		"parseAssert: conn %ld assert: %s\n", 
+		op->o_connid, fstr.bv_len ? fstr.bv_val : "empty" , 0 );
+#else
+	Debug( LDAP_DEBUG_ARGS, "parseAssert: conn %ld assert: %s\n",
+		op->o_connid, fstr.bv_len ? fstr.bv_val : "empty" , 0 );
+#endif
+	op->o_tmpfree( fstr.bv_val, op->o_tmpmemctx );
 #endif
 
+	op->o_assert = ctrl->ldctl_iscritical
+		? SLAP_CRITICAL_CONTROL
+		: SLAP_NONCRITICAL_CONTROL;
+
+	rs->sr_err = LDAP_SUCCESS;
+	return LDAP_SUCCESS;
+}
+
+static int parsePreRead (
+	Operation *op,
+	SlapReply *rs,
+	LDAPControl *ctrl )
+{
+	ber_len_t siz, off, i;
+	AttributeName *an = NULL;
+	BerElement	*ber;
+
+	if ( op->o_preread != SLAP_NO_CONTROL ) {
+		rs->sr_text = "preread control specified multiple times";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	if ( ctrl->ldctl_value.bv_len == 0 ) {
+		rs->sr_text = "preread control value is empty (or absent)";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	ber = ber_init( &(ctrl->ldctl_value) );
+	if (ber == NULL) {
+		rs->sr_text = "preread control: internal error";
+		return LDAP_OTHER;
+	}
+
+	siz = sizeof( AttributeName );
+	off = offsetof( AttributeName, an_name );
+	if ( ber_scanf( ber, "{M}", &an, &siz, off ) == LBER_ERROR ) {
+		rs->sr_text = "preread control: decoding error";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	for( i=0; i<siz; i++ ) {
+		int		rc = LDAP_SUCCESS;
+		const char	*dummy = NULL;
+
+		an[i].an_desc = NULL;
+		an[i].an_oc = NULL;
+		an[i].an_oc_exclude = 0;
+		rc = slap_bv2ad( &an[i].an_name, &an[i].an_desc, &dummy );
+		if ( rc != LDAP_SUCCESS && ctrl->ldctl_iscritical ) {
+			rs->sr_text = dummy ? dummy : "postread control: unknown attributeType";
+			return rc;
+		}
+	}
+
+	op->o_preread = ctrl->ldctl_iscritical
+		? SLAP_CRITICAL_CONTROL
+		: SLAP_NONCRITICAL_CONTROL;
+
+	op->o_preread_attrs = an;
+
+	rs->sr_err = LDAP_SUCCESS;
+	return LDAP_SUCCESS;
+}
+
+static int parsePostRead (
+	Operation *op,
+	SlapReply *rs,
+	LDAPControl *ctrl )
+{
+	ber_len_t siz, off, i;
+	AttributeName *an = NULL;
+	BerElement	*ber;
+
+	if ( op->o_postread != SLAP_NO_CONTROL ) {
+		rs->sr_text = "postread control specified multiple times";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	if ( ctrl->ldctl_value.bv_len == 0 ) {
+		rs->sr_text = "postread control value is empty (or absent)";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	ber = ber_init( &(ctrl->ldctl_value) );
+	if (ber == NULL) {
+		rs->sr_text = "postread control: internal error";
+		return LDAP_OTHER;
+	}
+
+	siz = sizeof( AttributeName );
+	off = offsetof( AttributeName, an_name );
+	if ( ber_scanf( ber, "{M}", &an, &siz, off ) == LBER_ERROR ) {
+		rs->sr_text = "postread control: decoding error";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	for( i=0; i<siz; i++ ) {
+		int		rc = LDAP_SUCCESS;
+		const char	*dummy = NULL;
+
+		an[i].an_desc = NULL;
+		an[i].an_oc = NULL;
+		an[i].an_oc_exclude = 0;
+		rc = slap_bv2ad( &an[i].an_name, &an[i].an_desc, &dummy );
+		if ( rc != LDAP_SUCCESS && ctrl->ldctl_iscritical ) {
+			rs->sr_text = dummy ? dummy : "postread control: unknown attributeType";
+			return rc;
+		}
+	}
+
+	op->o_postread = ctrl->ldctl_iscritical
+		? SLAP_CRITICAL_CONTROL
+		: SLAP_NONCRITICAL_CONTROL;
+
+	op->o_postread_attrs = an;
+
+	rs->sr_err = LDAP_SUCCESS;
+	return LDAP_SUCCESS;
+}
+
 int parseValuesReturnFilter (
 	Operation *op,
 	SlapReply *rs,
@@ -892,7 +1101,7 @@ int parseValuesReturnFilter (
 		return LDAP_OTHER;
 	}
 	
-	rs->sr_err = get_vrFilter( op->o_conn, ber, &(op->vrFilter), &rs->sr_text);
+	rs->sr_err = get_vrFilter( op, ber, &(op->o_vrFilter), &rs->sr_text);
 
 	if( rs->sr_err != LDAP_SUCCESS ) {
 		if( rs->sr_err == SLAPD_DISCONNECT ) {
@@ -902,11 +1111,11 @@ int parseValuesReturnFilter (
 		} else {
 			send_ldap_result( op, rs );
 		}
-		if( fstr.bv_val != NULL) free( fstr.bv_val );
-		if( op->vrFilter != NULL) vrFilter_free( op->vrFilter ); 
-
-	} else {
-		vrFilter2bv( op->vrFilter, &fstr );
+		if( op->o_vrFilter != NULL) vrFilter_free( op, op->o_vrFilter ); 
+	}
+#ifdef LDAP_DEBUG
+	else {
+		vrFilter2bv( op, op->o_vrFilter, &fstr );
 	}
 
 #ifdef NEW_LOGGING
@@ -917,6 +1126,8 @@ int parseValuesReturnFilter (
 	Debug( LDAP_DEBUG_ARGS, "	vrFilter: %s\n",
 		fstr.bv_len ? fstr.bv_val : "empty", 0, 0 );
 #endif
+	op->o_tmpfree( fstr.bv_val, op->o_tmpmemctx );
+#endif
 
 	op->o_valuesreturnfilter = ctrl->ldctl_iscritical
 		? SLAP_CRITICAL_CONTROL
@@ -1004,139 +1215,7 @@ static int parseDomainScope (
 }
 #endif
 
-#ifdef LDAP_CLIENT_UPDATE
-static int parseClientUpdate (
-	Operation *op,
-	SlapReply *rs,
-	LDAPControl *ctrl )
-{
-	ber_tag_t tag;
-	BerElement *ber;
-	ber_int_t type;
-	ber_int_t interval;
-	ber_len_t len;
-	struct berval scheme = { 0, NULL };
-	struct berval cookie = { 0, NULL };
-
-	if ( op->o_clientupdate != SLAP_NO_CONTROL ) {
-		rs->sr_text = "LCUP client update control specified multiple times";
-		return LDAP_PROTOCOL_ERROR;
-	}
-
-#ifdef LDAP_SYNC
-	if ( op->o_sync != SLAP_NO_CONTROL ) {
-		rs->sr_text = "LDAP Client Update and Sync controls used together";
-		return LDAP_PROTOCOL_ERROR;
-	}
-#endif
-
-	if ( ctrl->ldctl_value.bv_len == 0 ) {
-		rs->sr_text = "LCUP client update control value is empty (or absent)";
-		return LDAP_PROTOCOL_ERROR;
-	}
-
-	/* Parse the control value
-	 *	ClientUpdateControlValue ::= SEQUENCE {
-	 *		updateType	ENUMERATED {
-	 *					synchronizeOnly	{0},
-	 *					synchronizeAndPersist {1},
-	 *					persistOnly {2} },
-	 *		sendCookieInterval INTEGER OPTIONAL,
-	 *		cookie		LCUPCookie OPTIONAL
-	 *	}
-	 */
-
-	ber = ber_init( &ctrl->ldctl_value );
-	if( ber == NULL ) {
-		rs->sr_text = "internal error";
-		return LDAP_OTHER;
-	}
-
-	if ( (tag = ber_scanf( ber, "{i" /*}*/, &type )) == LBER_ERROR ) {
-		rs->sr_text = "LCUP client update control : decoding error";
-		return LDAP_PROTOCOL_ERROR;
-	}
-
-	switch( type ) {
-	case LDAP_CUP_SYNC_ONLY:
-		type = SLAP_LCUP_SYNC;
-		break;
-	case LDAP_CUP_SYNC_AND_PERSIST:
-		type = SLAP_LCUP_SYNC_AND_PERSIST;
-		break;
-	case LDAP_CUP_PERSIST_ONLY:
-		type = SLAP_LCUP_PERSIST;
-		break;
-	default:
-		rs->sr_text = "LCUP client update control : unknown update type";
-		return LDAP_PROTOCOL_ERROR;
-	}
-
-	if ( (tag = ber_peek_tag( ber, &len )) == LBER_DEFAULT ) {
-		rs->sr_text = "LCUP client update control : decoding error";
-		return LDAP_PROTOCOL_ERROR;
-	}
-
-	if ( tag == LDAP_CUP_TAG_INTERVAL ) {
-		if ( (tag = ber_scanf( ber, "i", &interval )) == LBER_ERROR ) {
-			rs->sr_text = "LCUP client update control : decoding error";
-			return LDAP_PROTOCOL_ERROR;
-		}
-		
-		if ( interval <= 0 ) {
-			/* server chooses interval */
-			interval = LDAP_CUP_DEFAULT_SEND_COOKIE_INTERVAL;
-		}
-
-	} else {
-		/* server chooses interval */
-		interval = LDAP_CUP_DEFAULT_SEND_COOKIE_INTERVAL;
-	}
-
-	if ( (tag = ber_peek_tag( ber, &len )) == LBER_DEFAULT ) {
-		rs->sr_text = "LCUP client update control : decoding error";
-		return LDAP_PROTOCOL_ERROR;
-	}
-
-	if ( tag == LDAP_CUP_TAG_COOKIE ) {
-		if ( (tag = ber_scanf( ber, /*{*/ "{mm}}",
-			&scheme, &cookie )) == LBER_ERROR )
-		{
-			rs->sr_text = "LCUP client update control : decoding error";
-			return LDAP_PROTOCOL_ERROR;
-		}
-	}
-
-	/* TODO : Cookie Scheme Validation */
-#if 0
-	if ( lcup_cookie_scheme_validate(scheme) != LDAP_SUCCESS ) {
-		rs->sr_text = "Unsupported LCUP cookie scheme";
-		return LCUP_UNSUPPORTED_SCHEME;
-	}
-
-	if ( lcup_cookie_validate(scheme, cookie) != LDAP_SUCCESS ) {
-		rs->sr_text = "Invalid LCUP cookie";
-		return LCUP_INVALID_COOKIE;
-	}
-#endif
-
-	ber_dupbv( &op->o_clientupdate_state, &cookie );
-
-	(void) ber_free( ber, 1 );
-
-	op->o_clientupdate_type = (char) type;
-	op->o_clientupdate_interval = interval;
-
-	op->o_clientupdate = ctrl->ldctl_iscritical
-		? SLAP_CRITICAL_CONTROL
-		: SLAP_NONCRITICAL_CONTROL;
-
-	return LDAP_SUCCESS;
-}
-#endif
-
-#ifdef LDAP_SYNC
-static int parseLdupSync (
+static int parseLDAPsync (
 	Operation *op,
 	SlapReply *rs,
 	LDAPControl *ctrl )
@@ -1145,20 +1224,13 @@ static int parseLdupSync (
 	BerElement *ber;
 	ber_int_t mode;
 	ber_len_t len;
-	struct berval cookie = { 0, NULL };
+	struct slap_session_entry *se;
 
 	if ( op->o_sync != SLAP_NO_CONTROL ) {
 		rs->sr_text = "LDAP Sync control specified multiple times";
 		return LDAP_PROTOCOL_ERROR;
 	}
 
-#ifdef LDAP_CLIENT_UPDATE
-	if ( op->o_clientupdate != SLAP_NO_CONTROL ) {
-		rs->sr_text = "LDAP Sync and LDAP Client Update controls used together";
-		return LDAP_PROTOCOL_ERROR;
-	}
-#endif
-
 	if ( ctrl->ldctl_value.bv_len == 0 ) {
 		rs->sr_text = "LDAP Sync control value is empty (or absent)";
 		return LDAP_PROTOCOL_ERROR;
@@ -1201,35 +1273,25 @@ static int parseLdupSync (
 
 	tag = ber_peek_tag( ber, &len );
 
-	if ( tag == LDAP_SYNC_TAG_COOKIE ) {
-		if (( ber_scanf( ber, /*{*/ "m}",
-					&cookie )) == LBER_ERROR ) {
+	if ( tag == LDAP_TAG_SYNC_COOKIE ) {
+		struct berval tmp_bv;	
+		if (( ber_scanf( ber, /*{*/ "o", &tmp_bv )) == LBER_ERROR ) {
 			rs->sr_text = "LDAP Sync control : cookie decoding error";
 			return LDAP_PROTOCOL_ERROR;
 		}
-	} else {
-		if (( ber_scanf( ber, /*{*/ "}")) == LBER_ERROR ) {
-			rs->sr_text = "LDAP Sync control : decoding error";
+		ber_bvarray_add( &op->o_sync_state.octet_str, &tmp_bv );
+		slap_parse_sync_cookie( &op->o_sync_state );
+	}
+	if ( tag == LDAP_TAG_RELOAD_HINT ) {
+		if (( ber_scanf( ber, /*{*/ "b", &op->o_sync_rhint )) == LBER_ERROR ) {
+			rs->sr_text = "LDAP Sync control : rhint decoding error";
 			return LDAP_PROTOCOL_ERROR;
 		}
-		cookie.bv_len = 0;
-		cookie.bv_val = NULL;
 	}
-
-	/* TODO : Cookie Scheme Validation */
-#if 0
-	if ( lcup_cookie_scheme_validate(scheme) != LDAP_SUCCESS ) {
-		rs->sr_text = "Unsupported LCUP cookie scheme";
-		return LCUP_UNSUPPORTED_SCHEME;
-	}
-
-	if ( lcup_cookie_validate(scheme, cookie) != LDAP_SUCCESS ) {
-		rs->sr_text = "Invalid LCUP cookie";
-		return LCUP_INVALID_COOKIE;
+	if (( ber_scanf( ber, /*{*/ "}")) == LBER_ERROR ) {
+			rs->sr_text = "LDAP Sync control : decoding error";
+			return LDAP_PROTOCOL_ERROR;
 	}
-#endif
-
-	ber_dupbv( &op->o_sync_state, &cookie );
 
 	(void) ber_free( ber, 1 );
 
@@ -1241,4 +1303,3 @@ static int parseLdupSync (
 
 	return LDAP_SUCCESS;
 }
-#endif