assert( be != NULL );
/* grant database root access */
- if ( be != NULL && be_isroot( be, op->o_ndn ) ) {
+ if ( be != NULL && be_isroot( be, op->o_ndn.bv_val ) ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "acl", LDAP_LEVEL_INFO,
"access_allowed: conn %d root access granted\n",
Debug( LDAP_DEBUG_ACL,
"=> acl_mask: to %s by \"%s\", (%s) \n",
val ? "value" : "all values",
- op->o_ndn ? op->o_ndn : "",
+ op->o_ndn.bv_val ? op->o_ndn.bv_val : "",
accessmask2str( *mask, accessmaskbuf ) );
#endif
ACL_INVALIDATE( modmask );
/* AND <who> clauses */
- if ( b->a_dn_pat != NULL ) {
+ if ( b->a_dn_pat.bv_len != 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "acl", LDAP_LEVEL_DETAIL1,
"acl_mask: conn %d check a_dn_pat: %s\n",
- conn->c_connid, b->a_dn_pat ));
+ conn->c_connid, b->a_dn_pat.bv_val ));
#else
Debug( LDAP_DEBUG_ACL, "<= check a_dn_pat: %s\n",
- b->a_dn_pat, 0, 0);
+ b->a_dn_pat.bv_val, 0, 0);
#endif
/*
* if access applies to the entry itself, and the
* user is bound as somebody in the same namespace as
* the entry, OR the given dn matches the dn pattern
*/
- if ( strcmp( b->a_dn_pat, "anonymous" ) == 0 ) {
- if (op->o_ndn != NULL && op->o_ndn[0] != '\0' ) {
+ if ( b->a_dn_pat.bv_len == sizeof("anonymous") -1 &&
+ strcmp( b->a_dn_pat.bv_val, "anonymous" ) == 0 ) {
+ if (op->o_ndn.bv_len != 0 ) {
continue;
}
- } else if ( strcmp( b->a_dn_pat, "users" ) == 0 ) {
- if (op->o_ndn == NULL || op->o_ndn[0] == '\0' ) {
+ } else if ( b->a_dn_pat.bv_len == sizeof("users") - 1 &&
+ strcmp( b->a_dn_pat.bv_val, "users" ) == 0 ) {
+ if (op->o_ndn.bv_len == 0 ) {
continue;
}
- } else if ( strcmp( b->a_dn_pat, "self" ) == 0 ) {
- if( op->o_ndn == NULL || op->o_ndn[0] == '\0' ) {
+ } else if ( b->a_dn_pat.bv_len == sizeof("self") - 1 &&
+ strcmp( b->a_dn_pat.bv_val, "self" ) == 0 ) {
+ if( op->o_ndn.bv_len == 0 ) {
continue;
}
- if ( e->e_dn == NULL || strcmp( e->e_ndn, op->o_ndn ) != 0 ) {
+ if ( e->e_dn == NULL || strcmp( e->e_ndn, op->o_ndn.bv_val ) != 0 ) {
continue;
}
} else if ( b->a_dn_style == ACL_STYLE_REGEX ) {
- if ( strcmp( b->a_dn_pat, "*" ) != 0 ) {
- int ret = regex_matches( b->a_dn_pat,
- op->o_ndn, e->e_ndn, matches );
+ if ( b->a_dn_pat.bv_len != 1 ||
+ strcmp( b->a_dn_pat.bv_val, "*" ) != 0 ) {
+ int ret = regex_matches( b->a_dn_pat.bv_val,
+ op->o_ndn.bv_val, e->e_ndn, matches );
if( ret == 0 ) {
continue;
if ( e->e_dn == NULL )
continue;
- patlen = strlen( b->a_dn_pat );
- odnlen = strlen( op->o_ndn );
+ patlen = b->a_dn_pat.bv_len;
+ odnlen = op->o_ndn.bv_len;
if ( odnlen < patlen )
continue;
if ( odnlen <= patlen )
continue;
- if ( !DN_SEPARATOR( op->o_ndn[odnlen - patlen - 1] ) || DN_ESCAPE( op->o_ndn[odnlen - patlen - 2] ) )
+ if ( !DN_SEPARATOR( op->o_ndn.bv_val[odnlen - patlen - 1] ) || DN_ESCAPE( op->o_ndn.bv_val[odnlen - patlen - 2] ) )
continue;
- rdnlen = dn_rdnlen( NULL, op->o_ndn );
+ rdnlen = dn_rdnlen( NULL, op->o_ndn.bv_val );
if ( rdnlen != odnlen - patlen - 1 )
continue;
} else if ( b->a_dn_style == ACL_STYLE_SUBTREE ) {
- if ( odnlen > patlen && ( !DN_SEPARATOR( op->o_ndn[odnlen - patlen - 1] ) || DN_ESCAPE( op->o_ndn[odnlen - patlen - 2] ) ) )
+ if ( odnlen > patlen && ( !DN_SEPARATOR( op->o_ndn.bv_val[odnlen - patlen - 1] ) || DN_ESCAPE( op->o_ndn.bv_val[odnlen - patlen - 2] ) ) )
continue;
} else if ( b->a_dn_style == ACL_STYLE_CHILDREN ) {
if ( odnlen <= patlen )
continue;
- if ( !DN_SEPARATOR( op->o_ndn[odnlen - patlen - 1] ) || DN_ESCAPE( op->o_ndn[odnlen - patlen - 2] ) )
+ if ( !DN_SEPARATOR( op->o_ndn.bv_val[odnlen - patlen - 1] ) || DN_ESCAPE( op->o_ndn.bv_val[odnlen - patlen - 2] ) )
continue;
}
- if ( strcmp( b->a_dn_pat, op->o_ndn + odnlen - patlen ) != 0 )
+ if ( strcmp( b->a_dn_pat.bv_val, op->o_ndn.bv_val + odnlen - patlen ) != 0 )
continue;
}
}
}
- if ( b->a_dn_at != NULL && op->o_ndn != NULL ) {
+ if ( b->a_dn_at != NULL && op->o_ndn.bv_len != 0 ) {
Attribute *at;
struct berval bv;
int rc, match = 0;
Debug( LDAP_DEBUG_ACL, "<= check a_dn_at: %s\n",
attr, 0, 0);
#endif
- bv.bv_val = op->o_ndn;
- bv.bv_len = strlen( bv.bv_val );
+ bv = op->o_ndn;
/* see if asker is listed in dnattr */
for( at = attrs_find( e->e_attrs, b->a_dn_at );
}
}
- if ( b->a_group_pat != NULL && op->o_ndn != NULL ) {
+ if ( b->a_group_pat != NULL && op->o_ndn.bv_len != 0 ) {
char buf[1024];
/* b->a_group is an unexpanded entry name, expanded it should be an
buf[sizeof(buf) - 1] = 0;
}
- if (backend_group(be, conn, op, e, buf, op->o_ndn,
+ if (backend_group(be, conn, op, e, buf, op->o_ndn.bv_val,
b->a_group_oc, b->a_group_at) != 0)
{
continue;
assert( be != NULL );
/* short circuit root database access */
- if ( be_isroot( be, op->o_ndn ) ) {
+ if ( be_isroot( be, op->o_ndn.bv_val ) ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "acl", LDAP_LEVEL_DETAIL1,
"acl_check_modlist: conn %d access granted to root user\n",
cookie.e = e;
cookie.conn = conn;
cookie.op = op;
- rc = (set_filter(aci_set_gather, &cookie, set, op->o_ndn, e->e_ndn, NULL) > 0);
+ rc = (set_filter(aci_set_gather, &cookie, set, op->o_ndn.bv_val, e->e_ndn, NULL) > 0);
ch_free(set);
}
return(rc);
}
if( pat != NULL ) {
- if( b->a_dn_pat != NULL ) {
+ if( b->a_dn_pat.bv_len != 0 ) {
fprintf( stderr,
"%s: line %d: dn pattern already specified.\n",
fname, lineno );
acl_usage();
}
- b->a_dn_pat = pat;
+ b->a_dn_pat.bv_val = pat;
+ b->a_dn_pat.bv_len = strlen( pat );
b->a_dn_style = sty;
if ( sty != ACL_STYLE_REGEX )
dn_normalize(pat);
static void
access_free( Access *a )
{
- if ( a->a_dn_pat )
- free ( a->a_dn_pat );
+ if ( a->a_dn_pat.bv_val )
+ free ( a->a_dn_pat.bv_val );
if ( a->a_peername_pat )
free ( a->a_peername_pat );
if ( a->a_sockname_pat )
fprintf( stderr, "\tby" );
- if ( b->a_dn_pat != NULL ) {
- if( strcmp(b->a_dn_pat, "*") == 0
- || strcmp(b->a_dn_pat, "users") == 0
- || strcmp(b->a_dn_pat, "anonymous") == 0
- || strcmp(b->a_dn_pat, "self") == 0 )
+ if ( b->a_dn_pat.bv_len != 0 ) {
+ if( strcmp(b->a_dn_pat.bv_val, "*") == 0
+ || strcmp(b->a_dn_pat.bv_val, "users") == 0
+ || strcmp(b->a_dn_pat.bv_val, "anonymous") == 0
+ || strcmp(b->a_dn_pat.bv_val, "self") == 0 )
{
- fprintf( stderr, " %s", b->a_dn_pat );
+ fprintf( stderr, " %s", b->a_dn_pat.bv_val );
} else {
- fprintf( stderr, " dn.%s=%s", style_strings[b->a_dn_style], b->a_dn_pat );
+ fprintf( stderr, " dn.%s=%s", style_strings[b->a_dn_style], b->a_dn_pat.bv_val );
}
}
*/
if ( be->be_add ) {
/* do the update here */
- int repl_user = be_isupdate(be, op->o_ndn );
+ int repl_user = be_isupdate(be, op->o_ndn.bv_val );
#ifndef SLAPD_MULTIMASTER
if ( be->be_update_ndn == NULL || repl_user )
#endif
* must be adding entry to at suffix
* or with parent ""
*/
- if ( !be_isroot( be, op->o_ndn )) {
- if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn ) ) {
+ if ( !be_isroot( be, op->o_ndn.bv_val )) {
+ if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn.bv_val ) ) {
p = (Entry *)&slap_entry_root;
} else {
/* no parent, must be root to delete */
- if( ! be_isroot( be, op->o_ndn ) ) {
- if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn ) ) {
+ if( ! be_isroot( be, op->o_ndn.bv_val ) ) {
+ if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn.bv_val ) ) {
p = (Entry *)&slap_entry_root;
/* check parent for "children" acl */
switch ( mod->sm_op ) {
case LDAP_MOD_ADD:
Debug(LDAP_DEBUG_ARGS, "bdb_modify_internal: add\n", 0, 0, 0);
- err = add_values( e, mod, op->o_ndn );
+ err = add_values( e, mod, op->o_ndn.bv_val );
if( err != LDAP_SUCCESS ) {
*text = "modify: add values failed";
case LDAP_MOD_DELETE:
Debug(LDAP_DEBUG_ARGS, "bdb_modify_internal: delete\n", 0, 0, 0);
- err = delete_values( e, mod, op->o_ndn );
+ err = delete_values( e, mod, op->o_ndn.bv_val );
assert( err != LDAP_TYPE_OR_VALUE_EXISTS );
if( err != LDAP_SUCCESS ) {
*text = "modify: delete values failed";
case LDAP_MOD_REPLACE:
Debug(LDAP_DEBUG_ARGS, "bdb_modify_internal: replace\n", 0, 0, 0);
- err = replace_values( e, mod, op->o_ndn );
+ err = replace_values( e, mod, op->o_ndn.bv_val );
assert( err != LDAP_TYPE_OR_VALUE_EXISTS );
if( err != LDAP_SUCCESS ) {
*text = "modify: replace values failed";
* We need to add index if necessary.
*/
mod->sm_op = LDAP_MOD_ADD;
- err = add_values( e, mod, op->o_ndn );
+ err = add_values( e, mod, op->o_ndn.bv_val );
if ( err == LDAP_TYPE_OR_VALUE_EXISTS ) {
err = LDAP_SUCCESS;
} else {
/* no parent, modrdn entry directly under root */
- isroot = be_isroot( be, op->o_ndn );
+ isroot = be_isroot( be, op->o_ndn.bv_val );
if ( ! isroot ) {
- if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn ) ) {
+ if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn.bv_val ) ) {
p = (Entry *)&slap_entry_root;
} else {
if ( isroot == -1 ) {
- isroot = be_isroot( be, op->o_ndn );
+ isroot = be_isroot( be, op->o_ndn.bv_val );
}
np_dn = ch_strdup( "" );
/* no parent, modrdn entry directly under root */
if ( ! isroot ) {
- if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn ) ) {
+ if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn.bv_val ) ) {
np = (Entry *)&slap_entry_root;
goto done;
}
- dn = id ? id->bv_val : op->o_dn;
+ dn = id ? id->bv_val : op->o_dn.bv_val;
Debug( LDAP_DEBUG_TRACE, "bdb_exop_passwd: \"%s\"%s\n",
dn, id ? " (proxy)" : "", 0 );
}
/* if not root, get appropriate limits */
- if ( be_isroot( be, op->o_ndn ) ) {
+ if ( be_isroot( be, op->o_ndn.bv_val ) ) {
isroot = 1;
} else {
- ( void ) get_limits( be, op->o_ndn, &limit );
+ ( void ) get_limits( be, op->o_ndn.bv_val, &limit );
}
/* The time/size limits come first because they require very little
}
/* if not root, get appropriate limits */
- if ( be_isroot( be, op->o_ndn ) ) {
+ if ( be_isroot( be, op->o_ndn.bv_val ) ) {
isroot = 1;
} else {
- ( void ) get_limits( be, op->o_ndn, &limit );
+ ( void ) get_limits( be, op->o_ndn.bv_val, &limit );
}
/* if no time limit requested, rely on remote server limits */
}
/* no parent, must be adding entry to root */
- if ( !be_isroot( be, op->o_ndn ) ) {
+ if ( !be_isroot( be, op->o_ndn.bv_val ) ) {
if ( be_issuffix( be, "" )
- || be_isupdate( be, op->o_ndn ) ) {
+ || be_isupdate( be, op->o_ndn.bv_val ) ) {
p = (Entry *)&slap_entry_root;
rc = access_allowed( be, conn, op, p,
} else {
/* no parent, must be root to delete */
- if( ! be_isroot( be, op->o_ndn ) ) {
+ if( ! be_isroot( be, op->o_ndn.bv_val ) ) {
if ( be_issuffix( be, "" )
- || be_isupdate( be, op->o_ndn ) ) {
+ || be_isupdate( be, op->o_ndn.bv_val ) ) {
p = (Entry *)&slap_entry_root;
rc = access_allowed( be, conn, op, p,
Debug(LDAP_DEBUG_ARGS, "ldbm_modify_internal: add\n", 0, 0, 0);
#endif
- err = add_values( e, mod, op->o_ndn );
+ err = add_values( e, mod, op->o_ndn.bv_val );
if( err != LDAP_SUCCESS ) {
*text = "modify: add values failed";
Debug(LDAP_DEBUG_ARGS, "ldbm_modify_internal: delete\n", 0, 0, 0);
#endif
- err = delete_values( e, mod, op->o_ndn );
+ err = delete_values( e, mod, op->o_ndn.bv_val );
assert( err != LDAP_TYPE_OR_VALUE_EXISTS );
if( err != LDAP_SUCCESS ) {
*text = "modify: delete values failed";
Debug(LDAP_DEBUG_ARGS, "ldbm_modify_internal: replace\n", 0, 0, 0);
#endif
- err = replace_values( e, mod, op->o_ndn );
+ err = replace_values( e, mod, op->o_ndn.bv_val );
assert( err != LDAP_TYPE_OR_VALUE_EXISTS );
if( err != LDAP_SUCCESS ) {
*text = "modify: replace values failed";
* We need to add index if necessary.
*/
mod->sm_op = LDAP_MOD_ADD;
- err = add_values( e, mod, op->o_ndn );
+ err = add_values( e, mod, op->o_ndn.bv_val );
if ( err == LDAP_TYPE_OR_VALUE_EXISTS ) {
err = LDAP_SUCCESS;
} else {
/* no parent, must be root to modify rdn */
- isroot = be_isroot( be, op->o_ndn );
+ isroot = be_isroot( be, op->o_ndn.bv_val );
if ( ! be_isroot ) {
if ( be_issuffix( be, "" )
- || be_isupdate( be, op->o_ndn ) ) {
+ || be_isupdate( be, op->o_ndn.bv_val ) ) {
p = (Entry *)&slap_entry_root;
rc = access_allowed( be, conn, op, p,
/* no parent, must be root to modify newSuperior */
if ( isroot == -1 ) {
- isroot = be_isroot( be, op->o_ndn );
+ isroot = be_isroot( be, op->o_ndn.bv_val );
}
if ( ! be_isroot ) {
if ( be_issuffix( be, "" )
- || be_isupdate( be, op->o_ndn ) ) {
+ || be_isupdate( be, op->o_ndn.bv_val ) ) {
np = (Entry *)&slap_entry_root;
rc = access_allowed( be, conn, op, np,
goto done;
}
- dn = id ? id->bv_val : op->o_dn;
+ dn = id ? id->bv_val : op->o_dn.bv_val;
#ifdef NEW_LOGGING
LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
ml.sml_next = NULL;
rc = ldbm_modify_internal( be,
- conn, op, op->o_ndn, &ml, e, text, textbuf,
+ conn, op, op->o_ndn.bv_val, &ml, e, text, textbuf,
sizeof( textbuf ) );
/* FIXME: ldbm_modify_internal may set *tex = textbuf,
}
/* if not root, get appropriate limits */
- if ( be_isroot( be, op->o_ndn ) ) {
+ if ( be_isroot( be, op->o_ndn.bv_val ) ) {
isroot = 1;
} else {
- ( void ) get_limits( be, op->o_ndn, &limit );
+ ( void ) get_limits( be, op->o_ndn.bv_val, &limit );
}
/* if candidates exceed to-be-checked entries, abort */
nbaselen = strlen( nbase );
/* if not root, get appropriate limits */
- if ( be_isroot( be, op->o_ndn ) ) {
+ if ( be_isroot( be, op->o_ndn.bv_val ) ) {
isroot = 1;
} else {
- ( void ) get_limits( be, op->o_ndn, &limit );
+ ( void ) get_limits( be, op->o_ndn.bv_val, &limit );
}
/* if no time limit requested, rely on remote server limits */
/* TimesTen : Pass it along to the lower level routines */
srch_info.isTimesTen = bi->isTimesTen;
- if (tlimit == 0 && be_isroot(be,op->o_dn))
+ if (tlimit == 0 && be_isroot(be,op->o_ndn.bv_val))
{
tlimit = -1; /* allow root to set no limit */
}
stoptime = op->o_time + tlimit;
}
- if (slimit == 0 && be_isroot(be,op->o_dn))
+ if (slimit == 0 && be_isroot(be,op->o_ndn.bv_val))
{
slimit = -1; /* allow root to set no limit */
}
return LDAP_CONFIDENTIALITY_REQUIRED;
}
- if( op->o_ndn == NULL ) {
+ if( op->o_ndn.bv_len == 0 ) {
*text = "modifications require authentication";
return LDAP_OPERATIONS_ERROR;
}
if( requires & SLAP_REQUIRE_STRONG ) {
/* should check mechanism */
- if( op->o_authmech == NULL ||
- op->o_dn == NULL || *op->o_dn == '\0' )
+ if( op->o_authmech == NULL || op->o_dn.bv_len == 0 )
{
*text = "strong authentication required";
return LDAP_STRONG_AUTH_REQUIRED;
}
if( requires & SLAP_REQUIRE_SASL ) {
- if( op->o_authmech == NULL ||
- op->o_dn == NULL || *op->o_dn == '\0' )
+ if( op->o_authmech == NULL || op->o_dn.bv_len == 0 )
{
*text = "SASL authentication required";
return LDAP_STRONG_AUTH_REQUIRED;
}
if( requires & SLAP_REQUIRE_AUTHC ) {
- if( op->o_dn == NULL || *op->o_dn == '\0' ) {
+ if( op->o_dn.bv_len == 0 ) {
*text = "authentication required";
return LDAP_UNWILLING_TO_PERFORM;
}
connection2anonymous( conn );
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
- if ( op->o_dn != NULL ) {
- free( op->o_dn );
- op->o_dn = ch_strdup( "" );
+ if ( op->o_dn.bv_val != NULL ) {
+ free( op->o_dn.bv_val );
+ op->o_dn.bv_val = ch_strdup( "" );
+ op->o_dn.bv_len = 0;
}
- if ( op->o_ndn != NULL ) {
- free( op->o_ndn );
- op->o_ndn = ch_strdup( "" );
+ if ( op->o_ndn.bv_val != NULL ) {
+ free( op->o_ndn.bv_val );
+ op->o_ndn.bv_val = ch_strdup( "" );
+ op->o_ndn.bv_len = 0;
}
/*
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
if( rc == LDAP_SUCCESS ) {
- conn->c_dn = edn;
+ conn->c_dn.bv_val = edn;
if( edn != NULL ) {
- conn->c_ndn = ch_strdup( edn );
- dn_normalize( conn->c_ndn );
+ struct berval *cndn;
+ conn->c_dn.bv_len = strlen( edn );
+ dnNormalize( NULL, &conn->c_dn, &cndn );
+ conn->c_ndn = *cndn;
+ free( cndn );
}
conn->c_authmech = conn->c_sasl_bind_mech;
conn->c_sasl_bind_mech = NULL;
conn->c_ssf = ssf;
}
- if( conn->c_dn != NULL ) {
+ if( conn->c_dn.bv_len != 0 ) {
ber_len_t max = sockbuf_max_incoming;
ber_sockbuf_ctrl( conn->c_sb,
LBER_SB_OPT_SET_MAX_INCOMING, &max );
if ( ret == 0 ) {
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
+ if(edn != NULL) {
+ conn->c_dn.bv_val = edn;
+ conn->c_dn.bv_len = strlen( edn );
+ } else {
+ conn->c_dn.bv_val = ch_strdup( pdn->bv_val );
+ conn->c_dn.bv_len = pdn->bv_len;
+ }
conn->c_cdn = pdn->bv_val;
pdn->bv_val = NULL;
pdn->bv_len = 0;
- if(edn != NULL) {
- conn->c_dn = edn;
- } else {
- conn->c_dn = ch_strdup( conn->c_cdn );
- }
- conn->c_ndn = ndn->bv_val;
+ conn->c_ndn = *ndn;
ndn->bv_val = NULL;
ndn->bv_len = 0;
- if( conn->c_dn != NULL ) {
+ if( conn->c_dn.bv_len != 0 ) {
ber_len_t max = sockbuf_max_incoming;
ber_sockbuf_ctrl( conn->c_sb,
LBER_SB_OPT_SET_MAX_INCOMING, &max );
#ifdef NEW_LOGGING
LDAP_LOG(( "operation", LDAP_LEVEL_DETAIL1,
"do_bind: conn %d v%d bind: \"%s\" to \"%s\" \n",
- conn->c_connid, version, conn->c_cdn, conn->c_dn ));
+ conn->c_connid, version, conn->c_cdn, conn->c_dn.bv_val ));
#else
Debug( LDAP_DEBUG_TRACE,
"do_bind: v%d bind: \"%s\" to \"%s\"\n",
- version, conn->c_cdn, conn->c_dn );
+ version, conn->c_cdn, conn->c_dn.bv_val );
#endif
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
if( c->c_struct_state == SLAP_C_UNINITIALIZED ) {
c->c_authmech = NULL;
- c->c_dn = NULL;
- c->c_ndn = NULL;
+ c->c_dn.bv_val = NULL;
+ c->c_dn.bv_len = 0;
+ c->c_ndn.bv_val = NULL;
+ c->c_ndn.bv_len = 0;
c->c_cdn = NULL;
c->c_groups = NULL;
assert( c->c_struct_state == SLAP_C_UNUSED );
assert( c->c_authmech == NULL );
- assert( c->c_dn == NULL );
- assert( c->c_ndn == NULL );
+ assert( c->c_dn.bv_val == NULL );
+ assert( c->c_ndn.bv_val == NULL );
assert( c->c_cdn == NULL );
assert( c->c_groups == NULL );
assert( c->c_listener_url == NULL );
c->c_authmech = NULL;
}
- if(c->c_dn != NULL) {
- free(c->c_dn);
- c->c_dn = NULL;
+ if(c->c_dn.bv_val != NULL) {
+ free(c->c_dn.bv_val);
+ c->c_dn.bv_val = NULL;
}
- if(c->c_ndn != NULL) {
- free(c->c_ndn);
- c->c_ndn = NULL;
+ c->c_dn.bv_len = 0;
+ if(c->c_ndn.bv_val != NULL) {
+ free(c->c_ndn.bv_val);
+ c->c_ndn.bv_val = NULL;
}
+ c->c_ndn.bv_len = 0;
if(c->c_cdn != NULL) {
free(c->c_cdn);
arg->co_conn = conn;
arg->co_op = op;
- if (!arg->co_op->o_dn) {
+ if (!arg->co_op->o_dn.bv_len) {
arg->co_op->o_authz = conn->c_authz;
- arg->co_op->o_dn = ch_strdup( conn->c_dn != NULL ? conn->c_dn : "" );
- arg->co_op->o_ndn = ch_strdup( conn->c_ndn != NULL ? conn->c_ndn : "" );
+ arg->co_op->o_dn.bv_val = ch_strdup( conn->c_dn.bv_val ?
+ conn->c_dn.bv_val : "" );
+ arg->co_op->o_ndn.bv_val = ch_strdup( conn->c_ndn.bv_val ?
+ conn->c_ndn.bv_val : "" );
}
arg->co_op->o_authtype = conn->c_authtype;
arg->co_op->o_authmech = conn->c_authmech != NULL
/* A search operation, number 0 */
op = slap_op_alloc( NULL, 0, LDAP_REQ_SEARCH, 0);
- op->o_ndn = ch_strdup( id );
+ op->o_ndn.bv_val = ch_strdup( id );
+ op->o_ndn.bv_len = strlen( id );
op->o_protocol = LDAP_VERSION3;
(*conn) = connection_get( fd[1] );
*/
if ( be->be_delete ) {
/* do the update here */
- int repl_user = be_isupdate( be, op->o_ndn );
+ int repl_user = be_isupdate( be, op->o_ndn.bv_val );
#ifndef SLAPD_MULTIMASTER
if ( be->be_update_ndn == NULL || repl_user )
#endif
*/
if ( be->be_modify ) {
/* do the update here */
- int repl_user = be_isupdate( be, op->o_ndn );
+ int repl_user = be_isupdate( be, op->o_ndn.bv_val );
#ifndef SLAPD_MULTIMASTER
/* Multimaster slapd does not have to check for replicator dn
* because it accepts each modify request
timestamp.bv_val = timebuf;
timestamp.bv_len = strlen(timebuf);
- if( op->o_dn == NULL || op->o_dn[0] == '\0' ) {
+ if( op->o_dn.bv_len == 0 ) {
name.bv_val = SLAPD_ANONYMOUS;
name.bv_len = sizeof(SLAPD_ANONYMOUS)-1;
} else {
- name.bv_val = op->o_dn;
- name.bv_len = strlen( op->o_dn );
+ name = op->o_dn;
}
if( op->o_tag == LDAP_REQ_ADD ) {
*/
if ( be->be_modrdn ) {
/* do the update here */
- int repl_user = be_isupdate( be, op->o_ndn );
+ int repl_user = be_isupdate( be, op->o_ndn.bv_val );
#ifndef SLAPD_MULTIMASTER
if ( be->be_update_ndn == NULL || repl_user )
#endif
if ( op->o_ber != NULL ) {
ber_free( op->o_ber, 1 );
}
- if ( op->o_dn != NULL ) {
- free( op->o_dn );
+ if ( op->o_dn.bv_val != NULL ) {
+ free( op->o_dn.bv_val );
}
- if ( op->o_ndn != NULL ) {
- free( op->o_ndn );
+ if ( op->o_ndn.bv_val != NULL ) {
+ free( op->o_ndn.bv_val );
}
if ( op->o_authmech != NULL ) {
free( op->o_authmech );
op->o_msgid = msgid;
op->o_tag = tag;
- op->o_dn = NULL;
- op->o_ndn = NULL;
+ op->o_dn.bv_val = NULL;
+ op->o_dn.bv_len = 0;
+ op->o_ndn.bv_val = NULL;
+ op->o_ndn.bv_len = 0;
op->o_authmech = NULL;
op->o_ctrls = NULL;
assert( reqoid != NULL );
assert( strcmp( LDAP_EXOP_X_MODIFY_PASSWD, reqoid ) == 0 );
- if( op->o_dn == NULL || op->o_dn[0] == '\0' ) {
- *text = "only authenicated users may change passwords";
+ if( op->o_dn.bv_len == 0 ) {
+ *text = "only authenticated users may change passwords";
return LDAP_STRONG_AUTH_REQUIRED;
}
typedef struct slap_authz_info {
ber_tag_t sai_method; /* LDAP_AUTH_* from <ldap.h> */
char * sai_mech; /* SASL Mechanism */
- char * sai_dn; /* DN for reporting purposes */
- char * sai_ndn; /* Normalized DN */
+ struct berval sai_dn; /* DN for reporting purposes */
+ struct berval sai_ndn; /* Normalized DN */
/* Security Strength Factors */
slap_ssf_t sai_ssf; /* Overall SSF */
}
if ( !( global_disallows & SLAP_DISALLOW_TLS_2_ANON ) &&
- ( conn->c_dn != NULL ) )
+ ( conn->c_dn.bv_len != 0 ) )
{
/* force to anonymous */
connection2anonymous( conn );
}
if ( ( global_disallows & SLAP_DISALLOW_TLS_AUTHC ) &&
- ( conn->c_dn != NULL ) )
+ ( conn->c_dn.bv_len != 0 ) )
{
*text = "cannot start TLS after authentication";
rc = LDAP_OPERATIONS_ERROR;
projects / openldap / commitdiff