X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Foverlays%2Fmemberof.c;h=09edce82b7f6f662703849bf90c0132c9c61f8a2;hb=76754855e81c68071d79e7f06978c4f394ca4228;hp=8e282e99910c3cf0424c77989183d737e8c39224;hpb=4e32148ac59ba6b4f3acc79a3b782cd3556f941a;p=openldap diff --git a/servers/slapd/overlays/memberof.c b/servers/slapd/overlays/memberof.c index 8e282e9991..09edce82b7 100644 --- a/servers/slapd/overlays/memberof.c +++ b/servers/slapd/overlays/memberof.c @@ -155,6 +155,8 @@ typedef struct memberof_t { #define MEMBEROF_FREFINT 0x04U #define MEMBEROF_FREVERSE 0x08U + ber_int_t mo_dangling_err; + #define MEMBEROF_CHK(mo,f) \ (((mo)->mo_flags & (f)) == (f)) #define MEMBEROF_DANGLING_CHECK(mo) \ @@ -192,20 +194,18 @@ memberof_saved_member_free( void *key, void *data ) static BerVarray memberof_saved_member_get( Operation *op, void *keyp ) { - BerVarray vals; + void *vals; BerVarray *key = (BerVarray *)keyp; - assert( op ); + assert( op != NULL ); if ( op->o_threadctx == NULL ) { vals = *key; *key = NULL; } else { - ldap_pvt_thread_pool_getkey( op->o_threadctx, - key, (void **)&vals, NULL ); ldap_pvt_thread_pool_setkey( op->o_threadctx, - key, NULL, NULL ); + key, NULL, 0, &vals, NULL ); } return vals; @@ -217,7 +217,7 @@ memberof_saved_member_set( Operation *op, void *keyp, BerVarray vals ) BerVarray saved_vals = NULL; BerVarray *key = (BerVarray*)keyp; - assert( op ); + assert( op != NULL ); if ( vals ) { ber_bvarray_dup_x( &saved_vals, vals, NULL ); @@ -230,8 +230,13 @@ memberof_saved_member_set( Operation *op, void *keyp, BerVarray vals ) *key = saved_vals; } else { + void *old_vals = NULL; + ldap_pvt_thread_pool_setkey( op->o_threadctx, key, - saved_vals, memberof_saved_member_free ); + saved_vals, memberof_saved_member_free, &old_vals, NULL ); + if ( old_vals != NULL ) { + ber_bvarray_free( old_vals ); + } } } @@ -264,20 +269,22 @@ memberof_saveMember_cb( Operation *op, SlapReply *rs ) if ( rs->sr_type == REP_SEARCH ) { memberof_cookie_t *mc; Attribute *a; + BerVarray vals = NULL; mc = (memberof_cookie_t *)op->o_callback->sc_private; mc->foundit = 1; - assert( rs->sr_entry ); - assert( rs->sr_entry->e_attrs ); + assert( rs->sr_entry != NULL ); + assert( rs->sr_entry->e_attrs != NULL ); a = attr_find( rs->sr_entry->e_attrs, mc->ad ); + if ( a != NULL ) { + vals = a->a_nvals; + } - assert( a != NULL ); - - memberof_saved_member_set( op, mc->key, a->a_nvals ); + memberof_saved_member_set( op, mc->key, vals ); - if ( attr_find( a->a_next, mc->ad ) != NULL ) { + if ( a && attr_find( a->a_next, mc->ad ) != NULL ) { Debug( LDAP_DEBUG_ANY, "%s: memberof_saveMember_cb(\"%s\"): " "more than one occurrence of \"%s\" " @@ -403,6 +410,7 @@ memberof_value_modify( slap_callback cb = { NULL, slap_null_cb, NULL, NULL }; Modifications mod[ 2 ] = { { { 0 } } }, *ml; struct berval values[ 4 ], nvalues[ 4 ]; + int mcnt = 0; op2.o_tag = LDAP_REQ_MODIFY; @@ -414,22 +422,29 @@ memberof_value_modify( op2.o_callback = &cb; op2.o_dn = op->o_bd->be_rootdn; op2.o_ndn = op->o_bd->be_rootndn; + op2.orm_modlist = NULL; + + if ( !BER_BVISNULL( &mo->mo_ndn ) ) { + ml = &mod[ mcnt ]; + ml->sml_numvals = 1; + ml->sml_values = &values[ 0 ]; + ml->sml_values[ 0 ] = mo->mo_dn; + BER_BVZERO( &ml->sml_values[ 1 ] ); + ml->sml_nvalues = &nvalues[ 0 ]; + ml->sml_nvalues[ 0 ] = mo->mo_ndn; + BER_BVZERO( &ml->sml_nvalues[ 1 ] ); + ml->sml_desc = slap_schema.si_ad_modifiersName; + ml->sml_type = ml->sml_desc->ad_cname; + ml->sml_op = LDAP_MOD_REPLACE; + ml->sml_flags = SLAP_MOD_INTERNAL; + ml->sml_next = op2.orm_modlist; + op2.orm_modlist = ml; + + mcnt++; + } - ml = &mod[ 0 ]; - ml->sml_values = &values[ 0 ]; - ml->sml_values[ 0 ] = mo->mo_dn; - BER_BVZERO( &ml->sml_values[ 1 ] ); - ml->sml_nvalues = &nvalues[ 0 ]; - ml->sml_nvalues[ 0 ] = mo->mo_ndn; - BER_BVZERO( &ml->sml_nvalues[ 1 ] ); - ml->sml_desc = slap_schema.si_ad_modifiersName; - ml->sml_type = ml->sml_desc->ad_cname; - ml->sml_op = LDAP_MOD_REPLACE; - ml->sml_flags = SLAP_MOD_INTERNAL; - ml->sml_next = NULL; - op2.orm_modlist = ml; - - ml = &mod[ 1 ]; + ml = &mod[ mcnt ]; + ml->sml_numvals = 1; ml->sml_values = &values[ 2 ]; BER_BVZERO( &ml->sml_values[ 1 ] ); ml->sml_nvalues = &nvalues[ 2 ]; @@ -437,42 +452,71 @@ memberof_value_modify( ml->sml_desc = ad; ml->sml_type = ml->sml_desc->ad_cname; ml->sml_flags = SLAP_MOD_INTERNAL; - ml->sml_next = NULL; - op2.orm_modlist->sml_next = ml; + ml->sml_next = op2.orm_modlist; + op2.orm_modlist = ml; if ( new_ndn != NULL ) { assert( !BER_BVISNULL( new_dn ) ); assert( !BER_BVISNULL( new_ndn ) ); + ml = &mod[ mcnt ]; ml->sml_op = LDAP_MOD_ADD; ml->sml_values[ 0 ] = *new_dn; ml->sml_nvalues[ 0 ] = *new_ndn; (void)op->o_bd->be_modify( &op2, &rs2 ); + if ( rs2.sr_err != LDAP_SUCCESS ) { + char buf[ SLAP_TEXT_BUFLEN ]; + snprintf( buf, sizeof( buf ), + "memberof_value_modify %s=\"%s\" failed err=%d text=%s", + ad->ad_cname.bv_val, new_dn->bv_val, rs2.sr_err, + rs2.sr_text ? rs2.sr_text : "" ); + Debug( LDAP_DEBUG_ANY, "%s: %s\n", + op->o_log_prefix, buf, 0 ); + } - assert( op2.orm_modlist == &mod[ 0 ] ); - assert( op2.orm_modlist->sml_next == &mod[ 1 ] ); - ml = op2.orm_modlist->sml_next->sml_next; + assert( op2.orm_modlist == &mod[ mcnt ] ); + assert( mcnt == 0 || op2.orm_modlist->sml_next == &mod[ 0 ] ); + ml = op2.orm_modlist->sml_next; + if ( mcnt == 1 ) { + assert( ml == &mod[ 0 ] ); + ml = ml->sml_next; + } if ( ml != NULL ) { slap_mods_free( ml, 1 ); } + + mod[ 0 ].sml_next = NULL; } if ( old_ndn != NULL ) { assert( !BER_BVISNULL( old_dn ) ); assert( !BER_BVISNULL( old_ndn ) ); + ml = &mod[ mcnt ]; ml->sml_op = LDAP_MOD_DELETE; ml->sml_values[ 0 ] = *old_dn; ml->sml_nvalues[ 0 ] = *old_ndn; (void)op->o_bd->be_modify( &op2, &rs2 ); + if ( rs2.sr_err != LDAP_SUCCESS ) { + char buf[ SLAP_TEXT_BUFLEN ]; + snprintf( buf, sizeof( buf ), + "memberof_value_modify %s=\"%s\" failed err=%d text=%s", + ad->ad_cname.bv_val, old_dn->bv_val, rs2.sr_err, + rs2.sr_text ? rs2.sr_text : "" ); + Debug( LDAP_DEBUG_ANY, "%s: %s\n", + op->o_log_prefix, buf, 0 ); + } - assert( op2.orm_modlist == &mod[ 0 ] ); - assert( op2.orm_modlist->sml_next == &mod[ 1 ] ); - ml = op2.orm_modlist->sml_next->sml_next; + assert( op2.orm_modlist == &mod[ mcnt ] ); + ml = op2.orm_modlist->sml_next; + if ( mcnt == 1 ) { + assert( ml == &mod[ 0 ] ); + ml = ml->sml_next; + } if ( ml != NULL ) { slap_mods_free( ml, 1 ); } @@ -524,7 +568,7 @@ memberof_op_add( Operation *op, SlapReply *rs ) if ( MEMBEROF_DANGLING_CHECK( mo ) && !get_relax( op ) - && is_entry_objectclass( op->ora_e, mo->mo_oc_group, 0 ) ) + && is_entry_objectclass_or_sub( op->ora_e, mo->mo_oc_group ) ) { op->o_dn = op->o_bd->be_rootdn; op->o_dn = op->o_bd->be_rootndn; @@ -541,11 +585,7 @@ memberof_op_add( Operation *op, SlapReply *rs ) assert( a->a_nvals != NULL ); for ( i = 0; !BER_BVISNULL( &a->a_nvals[ i ] ); i++ ) { - Entry *e; - - /* FIXME: entry_get_rw does not pass - * thru overlays yet; when it does, we - * might need to make a copy of the DN */ + Entry *e = NULL; rc = be_entry_get_rw( op, &a->a_nvals[ i ], NULL, NULL, 0, &e ); @@ -555,7 +595,7 @@ memberof_op_add( Operation *op, SlapReply *rs ) } if ( MEMBEROF_DANGLING_ERROR( mo ) ) { - rc = rs->sr_err = LDAP_CONSTRAINT_VIOLATION; + rc = rs->sr_err = mo->mo_dangling_err; rs->sr_text = "adding non-existing object " "as group member"; send_ldap_result( op, rs ); @@ -633,7 +673,7 @@ memberof_op_add( Operation *op, SlapReply *rs ) } if ( MEMBEROF_DANGLING_ERROR( mo ) ) { - rc = rs->sr_err = LDAP_CONSTRAINT_VIOLATION; + rc = rs->sr_err = mo->mo_dangling_err; rs->sr_text = "adding non-existing object " "as memberof"; send_ldap_result( op, rs ); @@ -744,101 +784,133 @@ memberof_op_modify( Operation *op, SlapReply *rs ) save_dn = op->o_dn; save_ndn = op->o_ndn; - if ( MEMBEROF_DANGLING_CHECK( mo ) - && !get_relax( op ) - && memberof_isGroupOrMember( op, &iswhat ) == LDAP_SUCCESS - && ( iswhat & MEMBEROF_IS_GROUP ) ) + if ( memberof_isGroupOrMember( op, &iswhat ) == LDAP_SUCCESS + && ( iswhat & MEMBEROF_IS_GROUP ) ) { - op->o_dn = op->o_bd->be_rootdn; - op->o_dn = op->o_bd->be_rootndn; - op->o_bd->bd_info = (BackendInfo *)on->on_info; - - assert( op->orm_modlist != NULL ); - - for ( mlp = &op->orm_modlist; *mlp; ) { - Modifications *ml = *mlp; - int i; - - if ( !is_ad_subtype( ml->sml_desc, mo->mo_ad_member ) ) { - mlp = &ml->sml_next; - continue; + Modifications *ml; + int save_member = 0; + + for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) { + if ( ml->sml_desc == mo->mo_ad_member ) { + switch ( ml->sml_op ) { + case LDAP_MOD_DELETE: + case LDAP_MOD_REPLACE: + save_member = 1; + break; + } } - - switch ( ml->sml_op ) { - case LDAP_MOD_DELETE: - /* we don't care about cancellations: if the value - * exists, fine; if it doesn't, we let the underlying - * database fail as appropriate; */ - mlp = &ml->sml_next; - break; - - case LDAP_MOD_REPLACE: - case LDAP_MOD_ADD: - /* NOTE: right now, the attributeType we use - * for member must have a normalized value */ - assert( ml->sml_nvalues ); - - for ( i = 0; !BER_BVISNULL( &ml->sml_nvalues[ i ] ); i++ ) { - int rc; - Entry *e; - - if ( be_entry_get_rw( op, &ml->sml_nvalues[ i ], - NULL, NULL, 0, &e ) == LDAP_SUCCESS ) - { - be_entry_release_r( op, e ); - continue; - } - - if ( MEMBEROF_DANGLING_ERROR( mo ) ) { - rc = rs->sr_err = LDAP_CONSTRAINT_VIOLATION; - rs->sr_text = "adding non-existing object " - "as group member"; - send_ldap_result( op, rs ); - goto done; - } - - if ( MEMBEROF_DANGLING_DROP( mo ) ) { - int j; - - Debug( LDAP_DEBUG_ANY, "%s: memberof_op_modify(\"%s\"): " - "member=\"%s\" does not exist (stripping...)\n", - op->o_log_prefix, op->o_req_dn.bv_val, - ml->sml_nvalues[ i ].bv_val ); - - for ( j = i + 1; !BER_BVISNULL( &ml->sml_nvalues[ j ] ); j++ ); - ber_memfree( ml->sml_values[ i ].bv_val ); - BER_BVZERO( &ml->sml_values[ i ] ); - ber_memfree( ml->sml_nvalues[ i ].bv_val ); - BER_BVZERO( &ml->sml_nvalues[ i ] ); - if ( j - i == 1 ) { - break; - } - - AC_MEMCPY( &ml->sml_values[ i ], &ml->sml_values[ i + 1 ], - sizeof( struct berval ) * ( j - i ) ); - AC_MEMCPY( &ml->sml_nvalues[ i ], &ml->sml_nvalues[ i + 1 ], - sizeof( struct berval ) * ( j - i ) ); - i--; - } + } + + if ( save_member ) { + BerVarray vals = NULL; + + op->o_dn = op->o_bd->be_rootdn; + op->o_dn = op->o_bd->be_rootndn; + op->o_bd->bd_info = (BackendInfo *)on->on_info; + rc = backend_attribute( op, NULL, &op->o_req_ndn, + mo->mo_ad_member, &vals, ACL_READ ); + op->o_bd->bd_info = (BackendInfo *)on; + if ( rc == LDAP_SUCCESS && vals != NULL ) { + memberof_saved_member_set( op, &saved_member_vals, vals ); + ber_bvarray_free_x( vals, op->o_tmpmemctx ); + } + } + + if ( MEMBEROF_DANGLING_CHECK( mo ) + && !get_relax( op ) ) + { + op->o_dn = op->o_bd->be_rootdn; + op->o_dn = op->o_bd->be_rootndn; + op->o_bd->bd_info = (BackendInfo *)on->on_info; + + assert( op->orm_modlist != NULL ); + + for ( mlp = &op->orm_modlist; *mlp; ) { + Modifications *ml = *mlp; + int i; + + if ( !is_ad_subtype( ml->sml_desc, mo->mo_ad_member ) ) { + mlp = &ml->sml_next; + continue; } - - if ( BER_BVISNULL( &ml->sml_nvalues[ 0 ] ) ) { - *mlp = ml->sml_next; - slap_mod_free( &ml->sml_mod, 0 ); - free( ml ); - - } else { + + switch ( ml->sml_op ) { + case LDAP_MOD_DELETE: + /* we don't care about cancellations: if the value + * exists, fine; if it doesn't, we let the underlying + * database fail as appropriate; */ mlp = &ml->sml_next; + break; + + case LDAP_MOD_REPLACE: + case LDAP_MOD_ADD: + /* NOTE: right now, the attributeType we use + * for member must have a normalized value */ + assert( ml->sml_nvalues != NULL ); + + for ( i = 0; !BER_BVISNULL( &ml->sml_nvalues[ i ] ); i++ ) { + int rc; + Entry *e; + + if ( be_entry_get_rw( op, &ml->sml_nvalues[ i ], + NULL, NULL, 0, &e ) == LDAP_SUCCESS ) + { + be_entry_release_r( op, e ); + continue; + } + + if ( MEMBEROF_DANGLING_ERROR( mo ) ) { + rc = rs->sr_err = mo->mo_dangling_err; + rs->sr_text = "adding non-existing object " + "as group member"; + send_ldap_result( op, rs ); + goto done; + } + + if ( MEMBEROF_DANGLING_DROP( mo ) ) { + int j; + + Debug( LDAP_DEBUG_ANY, "%s: memberof_op_modify(\"%s\"): " + "member=\"%s\" does not exist (stripping...)\n", + op->o_log_prefix, op->o_req_dn.bv_val, + ml->sml_nvalues[ i ].bv_val ); + + for ( j = i + 1; !BER_BVISNULL( &ml->sml_nvalues[ j ] ); j++ ); + ber_memfree( ml->sml_values[ i ].bv_val ); + BER_BVZERO( &ml->sml_values[ i ] ); + ber_memfree( ml->sml_nvalues[ i ].bv_val ); + BER_BVZERO( &ml->sml_nvalues[ i ] ); + ml->sml_numvals--; + if ( j - i == 1 ) { + break; + } + + AC_MEMCPY( &ml->sml_values[ i ], &ml->sml_values[ i + 1 ], + sizeof( struct berval ) * ( j - i ) ); + AC_MEMCPY( &ml->sml_nvalues[ i ], &ml->sml_nvalues[ i + 1 ], + sizeof( struct berval ) * ( j - i ) ); + i--; + } + } + + if ( BER_BVISNULL( &ml->sml_nvalues[ 0 ] ) ) { + *mlp = ml->sml_next; + slap_mod_free( &ml->sml_mod, 0 ); + free( ml ); + + } else { + mlp = &ml->sml_next; + } + + break; + + default: + assert( 0 ); } - - break; - - default: - assert( 0 ); } } } - + if ( mmlp != NULL ) { Modifications *ml = *mmlp; int i; @@ -885,7 +957,7 @@ memberof_op_modify( Operation *op, SlapReply *rs ) } if ( MEMBEROF_DANGLING_ERROR( mo ) ) { - rc = rs->sr_err = LDAP_CONSTRAINT_VIOLATION; + rc = rs->sr_err = mo->mo_dangling_err; rs->sr_text = "deleting non-existing object " "as memberof"; send_ldap_result( op, rs ); @@ -907,6 +979,7 @@ memberof_op_modify( Operation *op, SlapReply *rs ) ber_memfree( ml->sml_nvalues[ i ].bv_val ); BER_BVZERO( &ml->sml_nvalues[ i ] ); } + ml->sml_numvals--; if ( j - i == 1 ) { break; } @@ -995,7 +1068,7 @@ memberof_op_modify( Operation *op, SlapReply *rs ) op->o_bd->bd_info = (BackendInfo *)on; if ( rc != LDAP_SUCCESS ) { if ( MEMBEROF_DANGLING_ERROR( mo ) ) { - rc = rs->sr_err = LDAP_CONSTRAINT_VIOLATION; + rc = rs->sr_err = mo->mo_dangling_err; rs->sr_text = "adding non-existing object " "as memberof"; send_ldap_result( op, rs ); @@ -1017,6 +1090,7 @@ memberof_op_modify( Operation *op, SlapReply *rs ) ber_memfree( ml->sml_nvalues[ i ].bv_val ); BER_BVZERO( &ml->sml_nvalues[ i ] ); } + ml->sml_numvals--; if ( j - i == 1 ) { break; } @@ -1111,7 +1185,7 @@ memberof_res_add( Operation *op, SlapReply *rs ) } } - if ( is_entry_objectclass( op->ora_e, mo->mo_oc_group, 0 ) ) { + if ( is_entry_objectclass_or_sub( op->ora_e, mo->mo_oc_group ) ) { Attribute *a; for ( a = attrs_find( op->ora_e->e_attrs, mo->mo_ad_member ); @@ -1153,6 +1227,7 @@ memberof_res_delete( Operation *op, SlapReply *rs ) NULL, NULL ); } + memberof_saved_member_set( op, &saved_memberof_vals, NULL ); ber_bvarray_free( vals ); } @@ -1166,6 +1241,7 @@ memberof_res_delete( Operation *op, SlapReply *rs ) NULL, NULL ); } + memberof_saved_member_set( op, &saved_member_vals, NULL ); ber_bvarray_free( vals ); } } @@ -1273,12 +1349,10 @@ memberof_res_modify( Operation *op, SlapReply *rs ) /* fall thru */ case LDAP_MOD_REPLACE: + vals = memberof_saved_member_get( op, &saved_member_vals ); + /* delete all ... */ - op->o_bd->bd_info = (BackendInfo *)on->on_info; - rc = backend_attribute( op, NULL, &op->o_req_ndn, - mo->mo_ad_member, &vals, ACL_READ ); - op->o_bd->bd_info = (BackendInfo *)on; - if ( rc == LDAP_SUCCESS ) { + if ( vals != NULL ) { for ( i = 0; !BER_BVISNULL( &vals[ i ] ); i++ ) { (void)memberof_value_modify( op, rs, &vals[ i ], mo->mo_ad_memberof, @@ -1439,39 +1513,12 @@ memberof_db_init( ConfigReply *cr ) { slap_overinst *on = (slap_overinst *)be->bd_info; - memberof_t *mo; - - int rc; - const char *text = NULL; + memberof_t *mo; mo = (memberof_t *)ch_calloc( 1, sizeof( memberof_t ) ); - rc = slap_str2ad( SLAPD_MEMBEROF_ATTR, &mo->mo_ad_memberof, &text ); - if ( rc != LDAP_SUCCESS ) { - Debug( LDAP_DEBUG_ANY, - "memberof_db_init: " - "unable to find attribute=\"%s\": %s (%d)\n", - SLAPD_MEMBEROF_ATTR, text, rc ); - return rc; - } - - rc = slap_str2ad( SLAPD_GROUP_ATTR, &mo->mo_ad_member, &text ); - if ( rc != LDAP_SUCCESS ) { - Debug( LDAP_DEBUG_ANY, - "memberof_db_init: " - "unable to find attribute=\"%s\": %s (%d)\n", - SLAPD_GROUP_ATTR, text, rc ); - return rc; - } - - mo->mo_oc_group = oc_find( SLAPD_GROUP_CLASS ); - if ( mo->mo_oc_group == NULL ) { - Debug( LDAP_DEBUG_ANY, - "memberof_db_init: " - "unable to find objectClass=\"%s\"\n", - SLAPD_GROUP_CLASS, 0, 0 ); - return 1; - } + /* safe default */ + mo->mo_dangling_err = LDAP_CONSTRAINT_VIOLATION; on->on_bi.bi_private = (void *)mo; @@ -1482,12 +1529,16 @@ enum { MO_DN = 1, MO_DANGLING, MO_REFINT, + MO_GROUP_OC, + MO_MEMBER_AD, + MO_MEMBER_OF_AD, #if 0 MO_REVERSE, #endif - MO_GROUP_OC, - MO_MEMBER_AD, - MO_MEMBER_OF_AD + + MO_DANGLING_ERROR, + + MO_LAST }; static ConfigDriver mo_cf_gen; @@ -1553,6 +1604,13 @@ static ConfigTable mo_cfg[] = { NULL, NULL }, #endif + { "memberof-dangling-error", "error code", + 2, 2, 0, ARG_MAGIC|MO_DANGLING_ERROR, mo_cf_gen, + "( OLcfgOvAt:18.7 NAME 'olcMemberOfDanglingError' " + "DESC 'Error code returned in case of dangling back reference' " + "SYNTAX OMsDirectoryString SINGLE-VALUE )", + NULL, NULL }, + { NULL, NULL, 0, 0, 0, ARG_IGNORED } }; @@ -1564,6 +1622,7 @@ static ConfigOCs mo_ocs[] = { "MAY ( " "olcMemberOfDN " "$ olcMemberOfDangling " + "$ olcMemberOfDanglingError" "$ olcMemberOfRefInt " "$ olcMemberOfGroupOC " "$ olcMemberOfMemberAD " @@ -1648,8 +1707,10 @@ mo_cf_gen( ConfigArgs *c ) switch( c->type ) { case MO_DN: - value_add_one( &c->rvalue_vals, &mo->mo_dn ); - value_add_one( &c->rvalue_nvals, &mo->mo_ndn ); + if ( mo->mo_dn.bv_val != NULL) { + value_add_one( &c->rvalue_vals, &mo->mo_dn ); + value_add_one( &c->rvalue_nvals, &mo->mo_ndn ); + } break; case MO_DANGLING: @@ -1664,6 +1725,25 @@ mo_cf_gen( ConfigArgs *c ) } break; + case MO_DANGLING_ERROR: + if ( mo->mo_flags & MEMBEROF_FDANGLING_ERROR ) { + char buf[ SLAP_TEXT_BUFLEN ]; + enum_to_verb( slap_ldap_response_code, mo->mo_dangling_err, &bv ); + if ( BER_BVISNULL( &bv ) ) { + bv.bv_len = snprintf( buf, sizeof( buf ), "0x%x", mo->mo_dangling_err ); + if ( bv.bv_len < sizeof( buf ) ) { + bv.bv_val = buf; + } else { + rc = 1; + break; + } + } + value_add_one( &c->rvalue_vals, &bv ); + } else { + rc = 1; + } + break; + case MO_REFINT: c->value_int = MEMBEROF_REFINT( mo ); break; @@ -1675,18 +1755,21 @@ mo_cf_gen( ConfigArgs *c ) #endif case MO_GROUP_OC: - assert( mo->mo_oc_group != NULL ); - value_add_one( &c->rvalue_vals, &mo->mo_oc_group->soc_cname ); + if ( mo->mo_oc_group != NULL ){ + value_add_one( &c->rvalue_vals, &mo->mo_oc_group->soc_cname ); + } break; case MO_MEMBER_AD: - assert( mo->mo_ad_member != NULL ); - value_add_one( &c->rvalue_vals, &mo->mo_ad_member->ad_cname ); + if ( mo->mo_ad_member != NULL ){ + value_add_one( &c->rvalue_vals, &mo->mo_ad_member->ad_cname ); + } break; case MO_MEMBER_OF_AD: - assert( mo->mo_ad_memberof != NULL ); - value_add_one( &c->rvalue_vals, &mo->mo_ad_memberof->ad_cname ); + if ( mo->mo_ad_memberof != NULL ){ + value_add_one( &c->rvalue_vals, &mo->mo_ad_memberof->ad_cname ); + } break; default: @@ -1720,6 +1803,15 @@ mo_cf_gen( ConfigArgs *c ) mo->mo_flags |= dangling_mode[ i ].mask; break; + case MO_DANGLING_ERROR: + i = verb_to_mask( c->argv[ 1 ], slap_ldap_response_code ); + if ( !BER_BVISNULL( &slap_ldap_response_code[ i ].word ) ) { + mo->mo_dangling_err = slap_ldap_response_code[ i ].mask; + } else if ( lutil_atoix( &mo->mo_dangling_err, c->argv[ 1 ], 0 ) ) { + return 1; + } + break; + case MO_REFINT: if ( c->value_int ) { mo->mo_flags |= MEMBEROF_FREFINT; @@ -1834,8 +1926,42 @@ memberof_db_open( { slap_overinst *on = (slap_overinst *)be->bd_info; memberof_t *mo = (memberof_t *)on->on_bi.bi_private; + + int rc; + const char *text = NULL; + + if( ! mo->mo_ad_memberof ){ + rc = slap_str2ad( SLAPD_MEMBEROF_ATTR, &mo->mo_ad_memberof, &text ); + if ( rc != LDAP_SUCCESS ) { + Debug( LDAP_DEBUG_ANY, "memberof_db_open: " + "unable to find attribute=\"%s\": %s (%d)\n", + SLAPD_MEMBEROF_ATTR, text, rc ); + return rc; + } + } + + if( ! mo->mo_ad_member ){ + rc = slap_str2ad( SLAPD_GROUP_ATTR, &mo->mo_ad_member, &text ); + if ( rc != LDAP_SUCCESS ) { + Debug( LDAP_DEBUG_ANY, "memberof_db_open: " + "unable to find attribute=\"%s\": %s (%d)\n", + SLAPD_GROUP_ATTR, text, rc ); + return rc; + } + } + + if( ! mo->mo_oc_group ){ + mo->mo_oc_group = oc_find( SLAPD_GROUP_CLASS ); + if ( mo->mo_oc_group == NULL ) { + Debug( LDAP_DEBUG_ANY, + "memberof_db_open: " + "unable to find objectClass=\"%s\"\n", + SLAPD_GROUP_CLASS, 0, 0 ); + return 1; + } + } - if ( BER_BVISNULL( &mo->mo_dn ) ) { + if ( BER_BVISNULL( &mo->mo_dn ) && !BER_BVISNULL( &be->be_rootdn ) ) { ber_dupbv( &mo->mo_dn, &be->be_rootdn ); ber_dupbv( &mo->mo_ndn, &be->be_rootndn ); }