OpenLDAP 2.2 Change Log
OpenLDAP 2.2.9 Engineering
+ Fixed slapd syncrepl replication bugs
+ Fixed slapd slurpd update bugs
+ Fixed slapd inappropriate bind error disclosure bugs
+ Fixed slapd sun_path portability bug
+ Fixed slapd passwd referral memory leak
+ Fixed slapd sasl userdb checkpass bug
Fixed ldapmodify missing error information bug (ITS#3057)
Fixed back-meta compare return code (ITS#3042)
+ Added slapd Delivery Method syntax validation
+ Updated slapd overlay framework
+ Updated back-ldap backend
+ Updated back-meta backend
Build Environment
Fixed slapd dynamic backend build (ITS#3044)
Removed deprecated configure options
#endif /* LDAP_SLAPI */
/* grant database root access */
- if ( be != NULL && be_isroot( be, &op->o_ndn ) ) {
+ if ( be != NULL && be_isroot( op ) ) {
#ifdef NEW_LOGGING
LDAP_LOG( ACL, INFO,
"access_allowed: conn %lu root access granted\n",
assert( be != NULL );
/* short circuit root database access */
- if ( be_isroot( op->o_bd, &op->o_ndn ) ) {
+ if ( be_isroot( op ) ) {
#ifdef NEW_LOGGING
LDAP_LOG( ACL, DETAIL1,
"acl_check_modlist: conn %lu access granted to root user\n",
if ( op->o_bd == NULL ) {
rs->sr_ref = referral_rewrite( default_referral,
NULL, &e->e_name, LDAP_SCOPE_DEFAULT );
- if (!rs->sr_ref) rs->sr_ref = default_referral;
- if ( rs->sr_ref != NULL ) {
+ if ( !rs->sr_ref ) rs->sr_ref = default_referral;
+ if ( rs->sr_ref ) {
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
}
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
- "referral missing" );
+ "no global superior knowledge" );
}
goto done;
}
*/
if ( op->o_bd->be_add ) {
/* do the update here */
- int repl_user = be_isupdate(op->o_bd, &op->o_ndn );
+ int repl_user = be_isupdate( op );
#ifndef SLAPD_MULTIMASTER
- if ( LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo ) &&
- ( !op->o_bd->be_update_ndn.bv_len || repl_user ))
+ if ( !SLAP_SHADOW(op->o_bd) || repl_user )
#else
if ( LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo ))
#endif
slap_callback cb = { NULL, slap_replog_cb, NULL, NULL };
rs->sr_err = slap_mods_check( modlist, update, &rs->sr_text,
- textbuf, textlen, NULL );
+ textbuf, textlen, NULL );
if( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
}
rs->sr_err = slap_mods2entry( modlist, &e, repl_user, 0,
- &rs->sr_text, textbuf, textlen );
+ &rs->sr_text, textbuf, textlen );
if( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto done;
}
#endif /* LDAP_SLAPI */
- if ( !LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) {
- syncinfo_t *si;
- LDAP_STAILQ_FOREACH( si, &op->o_bd->be_syncinfo, si_next ) {
- struct berval tmpbv;
- ber_dupbv( &tmpbv, &si->si_provideruri_bv[0] );
- ber_bvarray_add( &defref, &tmpbv );
- }
- } else {
- defref = op->o_bd->be_update_refs
- ? op->o_bd->be_update_refs : default_referral;
- }
+ defref = op->o_bd->be_update_refs
+ ? op->o_bd->be_update_refs : default_referral;
if ( defref != NULL ) {
rs->sr_ref = referral_rewrite( defref,
if (!rs->sr_ref) rs->sr_ref = default_referral;
send_ldap_result( op, rs );
- if ( rs->sr_ref != default_referral ) ber_bvarray_free( rs->sr_ref );
+ if ( rs->sr_ref != default_referral ) {
+ ber_bvarray_free( rs->sr_ref );
+ }
} else {
send_ldap_error( op, rs,
- LDAP_UNWILLING_TO_PERFORM,
- "referral missing" );
+ LDAP_UNWILLING_TO_PERFORM,
+ "shadow context; no update referral" );
}
#endif /* SLAPD_MULTIMASTER */
}
* no parent!
* if not attempting to add entry at suffix or with parent ""
*/
- if (( !be_isroot( op->o_bd, &op->o_ndn ) || pdn.bv_len > 0 )
+ if ((( !be_isroot( op ) && !be_isupdate(op)) || pdn.bv_len > 0 )
&& !is_entry_glue( op->oq_add.rs_e ))
{
#ifdef NEW_LOGGING
DB_LOCK lock;
#ifdef NEW_LOGGING
- LDAP_LOG ( OPERATION, ARGS, "==> bdb_bind: dn: %s\n", op->o_req_dn.bv_val, 0, 0 );
+ LDAP_LOG ( OPERATION, ARGS,
+ "==> bdb_bind: dn: %s\n", op->o_req_dn.bv_val, 0, 0 );
#else
- Debug( LDAP_DEBUG_ARGS, "==> bdb_bind: dn: %s\n", op->o_req_dn.bv_val, 0, 0);
+ Debug( LDAP_DEBUG_ARGS,
+ "==> bdb_bind: dn: %s\n", op->o_req_dn.bv_val, 0, 0);
#endif
/* allow noauth binds */
e = ei->bei_e;
if ( rs->sr_err == DB_NOTFOUND ) {
if( e != NULL ) {
- rs->sr_ref = is_entry_referral( e )
- ? get_entry_referrals( op, e )
- : NULL;
- if (rs->sr_ref) {
- rs->sr_matched = ch_strdup( e->e_name.bv_val );
- rs->sr_flags |= REP_MATCHED_MUSTBEFREED;
- }
-
- bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache, e, &lock );
+ bdb_cache_return_entry_r( bdb->bi_dbenv,
+ &bdb->bi_cache, e, &lock );
e = NULL;
- } else {
- rs->sr_ref = referral_rewrite( default_referral,
- NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
- if ( rs->sr_ref != NULL ) {
- rs->sr_err = LDAP_REFERRAL;
- send_ldap_result( op, rs );
- ber_bvarray_free( rs->sr_ref );
- rs->sr_ref = NULL;
- } else {
- rs->sr_err = LDAP_INVALID_CREDENTIALS;
- send_ldap_result( op, rs );
- }
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+ send_ldap_result( op, rs );
LOCK_ID_FREE(bdb->bi_dbenv, locker);
Debug( LDAP_DEBUG_TRACE, "entry is subentry\n", 0,
0, 0 );
#endif
-
rs->sr_err = LDAP_INVALID_CREDENTIALS;
goto done;
}
if ( is_entry_alias( e ) ) {
/* entry is an alias, don't allow bind */
#ifdef NEW_LOGGING
- LDAP_LOG ( OPERATION, DETAIL1, "bdb_bind: entry is alias\n", 0, 0, 0 );
+ LDAP_LOG ( OPERATION, DETAIL1,
+ "bdb_bind: entry is alias\n", 0, 0, 0 );
#else
- Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0,
- 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0, 0, 0 );
#endif
+#if 1
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+#else
rs->sr_err = LDAP_ALIAS_PROBLEM;
rs->sr_text = "entry is alias";
+#endif
goto done;
}
#endif
if ( is_entry_referral( e ) ) {
- /* entry is a referral, don't allow bind */
- rs->sr_ref = get_entry_referrals( op, e );
-
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, DETAIL1,
"bdb_bind: entry is referral\n", 0, 0, 0 );
Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0,
0, 0 );
#endif
-
- if( rs->sr_ref != NULL ) {
- rs->sr_err = LDAP_REFERRAL;
- rs->sr_matched = ch_strdup( e->e_name.bv_val );
- rs->sr_flags |= REP_MATCHED_MUSTBEFREED;
- } else {
- rs->sr_err = LDAP_INVALID_CREDENTIALS;
- }
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
goto done;
}
rs->sr_err = access_allowed( op, e,
password, NULL, ACL_AUTH, NULL );
if ( ! rs->sr_err ) {
+#if 1
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+#else
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+#endif
goto done;
}
if ( (a = attr_find( e->e_attrs, password )) == NULL ) {
+#if 1
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+#else
rs->sr_err = LDAP_INAPPROPRIATE_AUTH;
+#endif
goto done;
}
- if ( slap_passwd_check( op->o_conn, a, &op->oq_bind.rb_cred, &rs->sr_text ) != 0 ) {
+ if ( slap_passwd_check( op->o_conn,
+ a, &op->oq_bind.rb_cred, &rs->sr_text ) != 0 )
+ {
rs->sr_err = LDAP_INVALID_CREDENTIALS;
goto done;
}
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
case LDAP_AUTH_KRBV41:
- if ( krbv4_ldap_auth( op->o_bd, &op->oq_bind.rb_cred, &ad ) != LDAP_SUCCESS ) {
+ if ( krbv4_ldap_auth( op->o_bd, &op->oq_bind.rb_cred, &ad )
+ != LDAP_SUCCESS )
+ {
rs->sr_err = LDAP_INVALID_CREDENTIALS,
goto done;
}
goto done;
}
- krbval.bv_len = sprintf( krbname, "%s%s%s@%s", ad.pname, *ad.pinst ? "."
- : "", ad.pinst, ad.prealm );
+ krbval.bv_len = sprintf( krbname, "%s%s%s@%s", ad.pname,
+ *ad.pinst ? "." : "", ad.pinst, ad.prealm );
if ( (a = attr_find( e->e_attrs, krbattr )) == NULL ) {
/*
}
rs->sr_err = 0;
break;
-
- case LDAP_AUTH_KRBV42:
- rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
- rs->sr_text = "Kerberos bind step 2 not supported";
- goto done;
#endif
default:
+ assert( 0 ); /* should not be unreachable */
rs->sr_err = LDAP_STRONG_AUTH_NOT_SUPPORTED;
rs->sr_text = "authentication method not supported";
}
} else {
/* no parent, must be root to delete */
- if( ! be_isroot( op->o_bd, &op->o_ndn ) ) {
+ if( ! be_isroot( op ) ) {
if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
- || be_isupdate( op->o_bd, &op->o_ndn ) ) {
+ || be_isupdate( op ) ) {
p = (Entry *)&slap_entry_root;
/* check parent for "children" acl */
0, 0, 0 );
#endif
- /* indicate system schema supported */
- be->be_flags |=
- SLAP_BFLAG_INCREMENT |
-#ifdef BDB_SUBENTRIES
- SLAP_BFLAG_SUBENTRIES |
-#endif
-#ifdef BDB_ALIASES
- SLAP_BFLAG_ALIASES |
-#endif
- SLAP_BFLAG_REFERRALS;
-
/* allocate backend-database-specific stuff */
bdb = (struct bdb_info *) ch_calloc( 1, sizeof(struct bdb_info) );
bdb_bt_compare(
DB *db,
const DBT *usrkey,
- const DBT *curkey
-)
+ const DBT *curkey )
{
unsigned char *u, *c;
int i, x;
int
bdb_initialize(
- BackendInfo *bi
-)
+ BackendInfo *bi )
{
static char *controls[] = {
LDAP_CONTROL_ASSERT,
NULL
};
- bi->bi_controls = controls;
-
/* initialize the underlying database system */
#ifdef NEW_LOGGING
LDAP_LOG( BACK_BDB, ENTRY, "bdb_db_initialize\n", 0, 0, 0 );
0, 0, 0 );
#endif
+ bi->bi_flags |=
+ SLAP_BFLAG_INCREMENT |
+#ifdef BDB_SUBENTRIES
+ SLAP_BFLAG_SUBENTRIES |
+#endif
+#ifdef BDB_ALIASES
+ SLAP_BFLAG_ALIASES |
+#endif
+ SLAP_BFLAG_REFERRALS;
+
+ bi->bi_controls = controls;
+
{ /* version check */
int major, minor, patch;
char *version = db_version( &major, &minor, &patch );
e = ei->bei_e;
/* FIXME: dn2entry() should return non-glue entry */
- if (( rs->sr_err == DB_NOTFOUND ) || ( !manageDSAit && e && is_entry_glue( e ))) {
+ if (( rs->sr_err == DB_NOTFOUND ) ||
+ ( !manageDSAit && e && is_entry_glue( e )))
+ {
if( e != NULL ) {
rs->sr_matched = ch_strdup( e->e_dn );
rs->sr_ref = is_entry_referral( e )
}
ei->bei_state |= CACHE_ENTRY_NO_KIDS;
#endif
+
if (!manageDSAit && is_entry_referral( e ) ) {
/* parent is a referral, don't allow add */
rs->sr_ref = get_entry_referrals( op, e );
} else {
/* no parent, modrdn entry directly under root */
- isroot = be_isroot( op->o_bd, &op->o_ndn );
+ isroot = be_isroot( op );
if ( ! isroot ) {
if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
- || be_isupdate( op->o_bd, &op->o_ndn ) ) {
+ || be_isupdate( op ) ) {
p = (Entry *)&slap_entry_root;
} else {
if ( isroot == -1 ) {
- isroot = be_isroot( op->o_bd, &op->o_ndn );
+ isroot = be_isroot( op );
}
np_dn = NULL;
/* no parent, modrdn entry directly under root */
if ( ! isroot ) {
if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
- || be_isupdate( op->o_bd, &op->o_ndn ) ) {
+ || be_isupdate( op ) ) {
np = (Entry *)&slap_entry_root;
/* check parent for "children" acl */
"no access to new superior\n",
0, 0, 0 );
#endif
- rs->sr_text = "no write access to new superior's children";
+ rs->sr_text =
+ "no write access to new superior's children";
goto return_results;
}
}
/* Build target dn and make sure target entry doesn't exist already. */
- if (!new_dn.bv_val) build_new_dn( &new_dn, new_parent_dn, &op->oq_modrdn.rs_newrdn, NULL );
+ if (!new_dn.bv_val) {
+ build_new_dn( &new_dn, new_parent_dn, &op->oq_modrdn.rs_newrdn, NULL );
+ }
if (!new_ndn.bv_val) {
struct berval bv = {0, NULL};
new_ndn.bv_val, 0, 0 );
#endif
-
/* Shortcut the search */
nei = neip ? neip : eip;
rs->sr_err = bdb_cache_find_ndn ( op, ltid, &new_ndn, &nei );
/* Get attribute type and attribute value of our new rdn, we will
* need to add that to our new entry
*/
- if ( !new_rdn && ldap_bv2rdn_x( &op->oq_modrdn.rs_newrdn, &new_rdn, (char **)&rs->sr_text,
- LDAP_DN_FORMAT_LDAP, op->o_tmpmemctx ) )
+ if ( !new_rdn && ldap_bv2rdn_x( &op->oq_modrdn.rs_newrdn, &new_rdn,
+ (char **)&rs->sr_text, LDAP_DN_FORMAT_LDAP, op->o_tmpmemctx ) )
{
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, RESULTS,
- "bdb_modrdn: new_rdn_type=\"%s\", "
- "new_rdn_val=\"%s\"\n",
- new_rdn[ 0 ]->la_attr.bv_val,
- new_rdn[ 0 ]->la_value.bv_val, 0 );
+ "bdb_modrdn: new_rdn_type=\"%s\", new_rdn_val=\"%s\"\n",
+ new_rdn[ 0 ]->la_attr.bv_val, new_rdn[ 0 ]->la_value.bv_val, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
- "bdb_modrdn: new_rdn_type=\"%s\", "
- "new_rdn_val=\"%s\"\n",
- new_rdn[ 0 ]->la_attr.bv_val,
- new_rdn[ 0 ]->la_value.bv_val, 0 );
+ "bdb_modrdn: new_rdn_type=\"%s\", new_rdn_val=\"%s\"\n",
+ new_rdn[ 0 ]->la_attr.bv_val, new_rdn[ 0 ]->la_value.bv_val, 0 );
#endif
if ( op->oq_modrdn.rs_deleteoldrdn ) {
- if ( !old_rdn && ldap_bv2rdn_x( &op->o_req_dn, &old_rdn, (char **)&rs->sr_text,
- LDAP_DN_FORMAT_LDAP, op->o_tmpmemctx ) )
+ if ( !old_rdn && ldap_bv2rdn_x( &op->o_req_dn, &old_rdn,
+ (char **)&rs->sr_text, LDAP_DN_FORMAT_LDAP, op->o_tmpmemctx ) )
{
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
}
/* nested transaction */
- rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, ltid, <2,
- bdb->bi_db_opflags );
+ rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, ltid, <2, bdb->bi_db_opflags );
rs->sr_text = NULL;
if( rs->sr_err != 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
- "bdb_modrdn: txn_begin(2) failed: %s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 );
+ "bdb_modrdn: txn_begin(2) failed: %s (%d)\n",
+ db_strerror(rs->sr_err), rs->sr_err, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"bdb_modrdn: txn_begin(2) failed: %s (%d)\n",
* already happened, must free the names. The frees are
* done in bdb_cache_modrdn().
*/
- if( e->e_nname.bv_val < e->e_bv.bv_val || e->e_nname.bv_val >
- e->e_bv.bv_val + e->e_bv.bv_len ) {
+ if( e->e_nname.bv_val < e->e_bv.bv_val ||
+ e->e_nname.bv_val > e->e_bv.bv_val + e->e_bv.bv_len )
+ {
e->e_name.bv_val = NULL;
e->e_nname.bv_val = NULL;
}
/* modify entry */
rs->sr_err = bdb_modify_internal( op, lt2, &mod[0], e,
&rs->sr_text, textbuf, textlen );
-
if( rs->sr_err != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
rs->sr_matched = e->e_name.bv_val;
if( rs->sr_ref != NULL ) {
- rs->sr_err = LDAP_REFERRAL;
+ rc = rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
op->o_req_dn.bv_val == NULL ? "" : op->o_req_dn.bv_val,
op->oq_bind.rb_method, NULL );
- if( op->oq_bind.rb_method == LDAP_AUTH_SIMPLE && op->oq_bind.rb_cred.bv_val != NULL && op->oq_bind.rb_cred.bv_len ) {
+ if( op->oq_bind.rb_method == LDAP_AUTH_SIMPLE &&
+ op->oq_bind.rb_cred.bv_val != NULL && op->oq_bind.rb_cred.bv_len )
+ {
Statslog( LDAP_DEBUG_STATS,
"conn=%lu op=%lu DNSSRV BIND dn=\"%s\" provided passwd\n",
op->o_connid, op->o_opid,
assert( get_manageDSAit( op ) );
#endif
send_ldap_error( op, rs, LDAP_OTHER,
- "Operation not supported within naming context" );
+ "Operation not supported within naming context" );
/* not implemented */
-
return 1;
}
}
/* no configuration options (yet) */
- {
- return SLAP_CONF_UNKNOWN;
- }
- return 0;
+ return SLAP_CONF_UNKNOWN;
}
dc.ctx = "addAttrDN";
#endif
- isupdate = be_isupdate( op->o_bd, &op->o_ndn );
+ isupdate = be_isupdate( op );
for (i=0, a=op->oq_add.rs_e->e_attrs; a; a=a->a_next) {
if ( !isupdate && a->a_desc->ad_type->sat_no_user_mod ) {
continue;
struct ldapinfo {
struct slap_backend_db *be;
- char *url;
+ char *url;
+ LDAPURLDesc *lud;
struct berval binddn;
struct berval bindpw;
#ifdef LDAP_BACK_PROXY_AUTHZ
}
/* Internal searches are privileged and shared. So is root. */
- if ( op->o_do_not_cache || be_isroot( li->be, &op->o_ndn ) ) {
+ if ( op->o_do_not_cache || be_isroot_dn( li->be, &op->o_ndn ) ) {
lc_curr.local_dn = li->be->be_rootndn;
lc_curr.conn = NULL;
is_priv = 1;
rs->sr_err = ldap_initialize(&ld, li->url);
if (rs->sr_err != LDAP_SUCCESS) {
- rs->sr_err = ldap_back_map_result(rs);
+ rs->sr_err = slap_map_api2result( rs );
if (rs->sr_text == NULL) {
rs->sr_text = "ldap_initialize() failed";
}
return ldap_bind_s( ld, lc->bound_dn.bv_val, lc->cred.bv_val, LDAP_AUTH_SIMPLE );
}
+#if 0 /* deprecated in favour of slap_map_api2result() */
/* Map API errors to protocol errors... */
-
int
-ldap_back_map_result(SlapReply *rs)
+ldap_back_map_result( SlapReply *rs )
{
switch(rs->sr_err)
{
case LDAP_REFERRAL_LIMIT_EXCEEDED:
return LDAP_LOOP_DETECT;
default:
- if LDAP_API_ERROR(rs->sr_err)
+ if ( LDAP_API_ERROR(rs->sr_err) )
return LDAP_OTHER;
- else
- return rs->sr_err;
+ return rs->sr_err;
}
}
+#endif
int
ldap_back_op_result(struct ldapconn *lc, Operation *op, SlapReply *rs,
{
struct ldapinfo *li = (struct ldapinfo *)op->o_bd->be_private;
char *match = NULL;
- LDAPMessage *res;
+ LDAPMessage *res = NULL;
char *text = NULL;
+#define ERR_OK(err) ((err) == LDAP_SUCCESS || (err) == LDAP_COMPARE_FALSE || (err) == LDAP_COMPARE_TRUE)
+
rs->sr_text = NULL;
rs->sr_matched = NULL;
- if (rs->sr_err == LDAP_SUCCESS) {
- if (ldap_result(lc->ld, msgid, 1, NULL, &res) == -1) {
+ /* if the error recorded in the reply corresponds
+ * to a successful state, get the error from the
+ * remote server response */
+ if ( ERR_OK( rs->sr_err ) ) {
+ /* if result parsing fails, note the failure reason */
+ if ( ldap_result( lc->ld, msgid, 1, NULL, &res ) == -1 ) {
ldap_get_option(lc->ld, LDAP_OPT_ERROR_NUMBER,
&rs->sr_err);
+
+ /* otherwise get the result; if it is not
+ * LDAP_SUCCESS, record it in the reply
+ * structure (this includes
+ * LDAP_COMPARE_{TRUE|FALSE}) */
} else {
int rc = ldap_parse_result(lc->ld, res, &rs->sr_err,
&match, &text, NULL, NULL, 1);
rs->sr_text = text;
- if (rc != LDAP_SUCCESS) rs->sr_err = rc;
+ if ( rc != LDAP_SUCCESS ) rs->sr_err = rc;
}
}
- if (rs->sr_err != LDAP_SUCCESS) {
- rs->sr_err = ldap_back_map_result(rs);
+ /* if the error in the reply structure is not
+ * LDAP_SUCCESS, try to map it from client
+ * to server error */
+ if ( !ERR_OK( rs->sr_err ) ) {
+ rs->sr_err = slap_map_api2result( rs );
- /* internal ops must not reply to client */
+ /* internal ops ( op->o_conn == NULL )
+ * must not reply to client */
if ( op->o_conn && !op->o_do_not_cache && match ) {
struct berval dn, mdn;
dncookie dc;
#endif
ber_str2bv(match, 0, 0, &dn);
ldap_back_dn_massage(&dc, &dn, &mdn);
+
+ /* record the (massaged) matched
+ * DN into the reply structure */
rs->sr_matched = mdn.bv_val;
}
}
- if (op->o_conn && (sendok || rs->sr_err != LDAP_SUCCESS)) {
+ if ( op->o_conn && ( sendok || rs->sr_err != LDAP_SUCCESS ) ) {
send_ldap_result( op, rs );
}
if ( match ) {
ldap_memfree( text );
}
rs->sr_text = NULL;
- return( (rs->sr_err == LDAP_SUCCESS) ? 0 : -1 );
+ return( ERR_OK( rs->sr_err ) ? 0 : -1 );
}
#ifdef LDAP_BACK_PROXY_AUTHZ
+++ /dev/null
-/* chain.c - chain LDAP operations */
-/* $OpenLDAP$ */
-/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
- *
- * Copyright 2003-2004 The OpenLDAP Foundation.
- * Portions Copyright 2003 Howard Chu.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted only as authorized by the OpenLDAP
- * Public License.
- *
- * A copy of this license is available in the file LICENSE in the
- * top-level directory of the distribution or, alternatively, at
- * <http://www.OpenLDAP.org/license.html>.
- */
-/* ACKNOWLEDGEMENTS:
- * This work was initially developed by the Howard Chu for inclusion
- * in OpenLDAP Software.
- */
-
-#include "portable.h"
-
-#include <stdio.h>
-
-#include <ac/string.h>
-#include <ac/socket.h>
-
-#include "slap.h"
-#include "back-ldap.h"
-
-static int
-ldap_chain_response( Operation *op, SlapReply *rs )
-{
- slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
- void *private = op->o_bd->be_private;
- slap_callback *sc = op->o_callback;
- LDAPControl **prev = op->o_ctrls;
- LDAPControl **ctrls = NULL, authz;
- int i, nctrls, rc;
- int cache = op->o_do_not_cache;
- char *authzid = NULL;
- BerVarray ref;
- struct berval ndn = op->o_ndn;
-
- if ( rs->sr_err != LDAP_REFERRAL )
- return SLAP_CB_CONTINUE;
-
- /* currently we assume only one referral destination.
- * we'll have to parse this in the future.
- */
- ref = rs->sr_ref;
- rs->sr_ref = NULL;
-
- op->o_bd->be_private = on->on_bi.bi_private;
- op->o_callback = NULL;
-
- /* Chaining is performed by a privileged user on behalf
- * of a normal user, using the ProxyAuthz control. However,
- * Binds are done separately, on an anonymous session.
- */
- if ( op->o_tag != LDAP_REQ_BIND ) {
- for (i=0; prev && prev[i]; i++);
- nctrls = i;
-
- /* Add an extra NULL slot */
- if (!prev) i++;
-
- ctrls = op->o_tmpalloc((i+1)*sizeof(LDAPControl *),
- op->o_tmpmemctx);
- for (i=0; i <nctrls; i++)
- ctrls[i] = prev[i];
- ctrls[nctrls] = &authz;
- ctrls[nctrls+1] = NULL;
- authz.ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
- authz.ldctl_iscritical = 1;
- authz.ldctl_value = op->o_dn;
- if ( op->o_dn.bv_len ) {
- authzid = op->o_tmpalloc( op->o_dn.bv_len+4,
- op->o_tmpmemctx );
- strcpy(authzid, "dn: ");
- strcpy(authzid+4, op->o_dn.bv_val);
- authz.ldctl_value.bv_len = op->o_dn.bv_len + 4;
- authz.ldctl_value.bv_val = authzid;
- }
- op->o_ctrls = ctrls;
- op->o_ndn = op->o_bd->be_rootndn;
- }
-
- switch( op->o_tag ) {
- case LDAP_REQ_BIND: {
- struct berval rndn = op->o_req_ndn;
- Connection *conn = op->o_conn;
- op->o_req_ndn = slap_empty_bv;
- op->o_conn = NULL;
- rc = ldap_back_bind( op, rs );
- op->o_req_ndn = rndn;
- op->o_conn = conn;
- }
- break;
- case LDAP_REQ_ADD:
- rc = ldap_back_add( op, rs );
- break;
- case LDAP_REQ_DELETE:
- rc = ldap_back_delete( op, rs );
- break;
- case LDAP_REQ_MODRDN:
- rc = ldap_back_modrdn( op, rs );
- break;
- case LDAP_REQ_MODIFY:
- rc = ldap_back_modify( op, rs );
- break;
- case LDAP_REQ_COMPARE:
- rc = ldap_back_compare( op, rs );
- break;
- case LDAP_REQ_SEARCH:
- rc = ldap_back_search( op, rs );
- break;
- case LDAP_REQ_EXTENDED:
- rc = ldap_back_extended( op, rs );
- break;
- default:
- rc = SLAP_CB_CONTINUE;
- break;
- }
- op->o_do_not_cache = cache;
- op->o_ctrls = prev;
- op->o_bd->be_private = private;
- op->o_callback = sc;
- op->o_ndn = ndn;
- if ( ctrls ) op->o_tmpfree( ctrls, op->o_tmpmemctx );
- if ( authzid ) op->o_tmpfree( authzid, op->o_tmpmemctx );
- rs->sr_ref = ref;
-
- return rc;
-}
-
-static int ldap_chain_config(
- BackendDB *be,
- const char *fname,
- int lineno,
- int argc,
- char **argv
-)
-{
- slap_overinst *on = (slap_overinst *) be->bd_info;
- void *private = be->be_private;
- int rc;
-
- be->be_private = on->on_bi.bi_private;
- rc = ldap_back_db_config( be, fname, lineno, argc, argv );
- be->be_private = private;
- return rc;
-}
-
-static int ldap_chain_init(
- BackendDB *be
-)
-{
- slap_overinst *on = (slap_overinst *) be->bd_info;
- void *private = be->be_private;
- int rc;
-
- be->be_private = NULL;
- rc = ldap_back_db_init( be );
- on->on_bi.bi_private = be->be_private;
- be->be_private = private;
- return rc;
-}
-
-static int ldap_chain_destroy(
- BackendDB *be
-)
-{
- slap_overinst *on = (slap_overinst *) be->bd_info;
- void *private = be->be_private;
- int rc;
-
- be->be_private = on->on_bi.bi_private;
- rc = ldap_back_db_destroy( be );
- on->on_bi.bi_private = be->be_private;
- be->be_private = private;
- return rc;
-}
-
-static slap_overinst ldapchain;
-
-int ldap_chain_setup()
-{
- ldapchain.on_bi.bi_type = "chain";
- ldapchain.on_bi.bi_db_init = ldap_chain_init;
- ldapchain.on_bi.bi_db_config = ldap_chain_config;
- ldapchain.on_bi.bi_db_destroy = ldap_chain_destroy;
- ldapchain.on_response = ldap_chain_response;
-
- return overlay_register( &ldapchain );
-}
/* URI of server to query (preferred over "server" directive) */
} else if ( strcasecmp( argv[0], "uri" ) == 0 ) {
- LDAPURLDesc *lud, tmplud;
+ LDAPURLDesc tmplud;
if (argc != 2) {
fprintf( stderr, "%s: line %d: "
if ( li->url != NULL ) {
ch_free( li->url );
}
+ if ( li->lud != NULL ) {
+ ldap_free_urldesc( li->lud );
+ }
- if ( ldap_url_parse( argv[ 1 ], &lud ) != LDAP_URL_SUCCESS ) {
+ if ( ldap_url_parse( argv[ 1 ], &li->lud ) != LDAP_URL_SUCCESS ) {
fprintf( stderr, "%s: line %d: "
"unable to parse uri \"%s\" "
"in \"uri <uri>\" line\n",
return 1;
}
- if ( ( lud->lud_dn != NULL && lud->lud_dn[0] != '\0' )
- || lud->lud_attrs != NULL
- || lud->lud_filter != NULL
- || lud->lud_exts != NULL )
+ if ( ( li->lud->lud_dn != NULL && li->lud->lud_dn[0] != '\0' )
+ || li->lud->lud_attrs != NULL
+ || li->lud->lud_filter != NULL
+ || li->lud->lud_exts != NULL )
{
fprintf( stderr, "%s: line %d: "
"warning, only protocol, "
#if 0
tmplud = *lud;
- tmplud.lud_dn = NULL;
+ tmplud.lud_dn = "";
tmplud.lud_attrs = NULL;
tmplud.lud_filter = NULL;
if ( !ldap_is_ldapi_url( argv[ 1 ] ) ) {
li->url = ch_strdup( argv[ 1 ] );
#endif
- ldap_free_urldesc( lud );
-
/* name to use for ldap_back_group */
} else if ( strcasecmp( argv[0], "binddn" ) == 0 ) {
if (argc != 2) {
/*
* FIXME: this should become an err
*/
+ goto error_return;
}
}
/*
* FIXME: this should become an err
*/
+ goto error_return;
}
ad = NULL;
fprintf( stderr,
"%s: line %d: duplicate mapping found (ignored)\n",
fname, lineno );
- /* FIXME: free stuff */
goto error_return;
}
}
ch_free(c.ldctl_value.bv_val);
if (rs->sr_err != LDAP_SUCCESS) {
- rs->sr_err = ldap_back_map_result(rs);
+ rs->sr_err = slap_map_api2result( rs );
}
} else {
/* else just do the same as before */
bv = (struct berval *) ch_malloc( sizeof(struct berval) );
if( op->o_dn.bv_len ) {
- bv->bv_len = op->o_dn.bv_len + sizeof("dn:")-1;
+ bv->bv_len = op->o_dn.bv_len + sizeof("dn:") - 1;
bv->bv_val = ch_malloc( bv->bv_len + 1 );
- AC_MEMCPY( bv->bv_val, "dn:", sizeof("dn:")-1 );
- AC_MEMCPY( &bv->bv_val[sizeof("dn:")-1], op->o_dn.bv_val,
+ AC_MEMCPY( bv->bv_val, "dn:", sizeof("dn:") - 1 );
+ AC_MEMCPY( &bv->bv_val[sizeof("dn:") - 1], op->o_dn.bv_val,
op->o_dn.bv_len );
bv->bv_val[bv->bv_len] = '\0';
} else {
ch_free( rargv[ 1 ] );
ch_free( rargv[ 2 ] );
-#if 0 /* "matched" is not normalized */
- rargv[ 0 ] = "rewriteContext";
- rargv[ 1 ] = "matchedDN";
- rargv[ 2 ] = "alias";
- rargv[ 3 ] = "searchResult";
- rargv[ 4 ] = NULL;
- rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
-#else /* normalize "matched" */
-
rargv[ 0 ] = "rewriteContext";
rargv[ 1 ] = "matchedDN";
rargv[ 2 ] = "alias";
rargv[ 4 ] = NULL;
rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
-#if 0
- rargv[ 0 ] = "rewriteRule";
- rargv[ 1 ] = suffix_massage_regexize( prnc->bv_val );
- rargv[ 2 ] = suffix_massage_patternize( nvnc->bv_val );
- rargv[ 3 ] = ":";
- rargv[ 4 ] = NULL;
- rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
- ch_free( rargv[ 1 ] );
- ch_free( rargv[ 2 ] );
-#endif /* 0 */
-#endif /* normalize "matched" */
-
return 0;
}
#endif /* ENABLE_REWRITE */
}
rc = ldap_passwd(lc->ld, isproxy ? &mdn : NULL,
- qpw->rs_old.bv_len ? &qpw->rs_old : NULL,
- qpw->rs_new.bv_len ? &qpw->rs_new : NULL, op->o_ctrls, NULL, &msgid);
+ qpw->rs_old.bv_val ? &qpw->rs_old : NULL,
+ qpw->rs_new.bv_val ? &qpw->rs_new : NULL,
+ op->o_ctrls, NULL, &msgid);
if (mdn.bv_val != op->o_req_dn.bv_val) {
free(mdn.bv_val);
}
}
if (rc != LDAP_SUCCESS) {
- rs->sr_err = ldap_back_map_result(rs);
+ rs->sr_err = slap_map_api2result( rs );
send_ldap_result(op, rs);
if (rs->sr_matched) free((char *)rs->sr_matched);
if (rs->sr_text) free((char *)rs->sr_text);
li->be = be;
be->be_private = li;
- be->be_flags |= SLAP_BFLAG_NOLASTMOD;
+ SLAP_DBFLAGS(be) |= SLAP_DBFLAG_NOLASTMOD;
return 0;
}
ch_free(li->url);
li->url = NULL;
}
+ if ( li->lud ) {
+ ldap_free_urldesc( li->lud );
+ li->lud = NULL;
+ }
if (li->binddn.bv_val) {
ch_free(li->binddn.bv_val);
li->binddn.bv_val = NULL;
dc.ctx = "modifyAttrDN";
#endif
- isupdate = be_isupdate( op->o_bd, &op->o_ndn );
+ isupdate = be_isupdate( op );
for (i=0, ml=op->oq_modify.rs_modlist; ml; ml=ml->sml_next) {
int is_oc = 0;
&match.bv_val, (char **)&rs->sr_text,
NULL, NULL, 1);
if (rc != LDAP_SUCCESS ) rs->sr_err = rc;
- rs->sr_err = ldap_back_map_result(rs);
+ rs->sr_err = slap_map_api2result( rs );
rc = 0;
break;
}
} else {
assert( pdn.bv_val == NULL || *pdn.bv_val == '\0' );
- if ( !be_isroot( op->o_bd, &op->o_ndn )
- && !is_entry_glue( op->oq_add.rs_e ))
+ if (( !be_isroot( op ) && !be_isupdate( op )) &&
+ !is_entry_glue( op->oq_add.rs_e ))
{
ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
LDAP_LOG( BACK_LDBM, ENTRY,
"ldbm_back_bind: dn: %s.\n", op->o_req_dn.bv_val, 0, 0 );
#else
- Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_bind: dn: %s\n", op->o_req_dn.bv_val, 0, 0);
+ Debug(LDAP_DEBUG_ARGS,
+ "==> ldbm_back_bind: dn: %s\n", op->o_req_dn.bv_val, 0, 0);
#endif
if ( op->oq_bind.rb_method == LDAP_AUTH_SIMPLE && be_isroot_pw( op ) ) {
/* get entry with reader lock */
if ( (e = dn2entry_r( op->o_bd, &op->o_req_ndn, &matched )) == NULL ) {
if( matched != NULL ) {
- rs->sr_matched = ch_strdup( matched->e_dn );
- rs->sr_flags |= REP_MATCHED_MUSTBEFREED;
-
- rs->sr_ref = is_entry_referral( matched )
- ? get_entry_referrals( op, matched )
- : NULL;
-
cache_return_entry_r( &li->li_cache, matched );
-
- } else {
- rs->sr_ref = referral_rewrite( default_referral,
- NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
-
ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
/* allow noauth binds */
rc = 1;
- if ( rs->sr_ref != NULL ) {
- rs->sr_err = LDAP_REFERRAL;
- } else {
- rs->sr_err = LDAP_INVALID_CREDENTIALS;
- }
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
send_ldap_result( op, rs );
-
- if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
- rs->sr_ref = NULL;
return rs->sr_err;
}
/* entry is an alias, don't allow bind */
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, INFO,
- "ldbm_back_bind: entry (%s) is an alias.\n", e->e_name.bv_val, 0, 0 );
+ "ldbm_back_bind: entry (%s) is an alias.\n",
+ e->e_name.bv_val, 0, 0 );
#else
- Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0,
- 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0, 0, 0 );
#endif
+
+#if 1
+ rc = LDAP_INVALID_CREDENTIALS;
+#else
rs->sr_text = "entry is alias";
rc = LDAP_ALIAS_PROBLEM;
+#endif
goto return_results;
}
if ( is_entry_referral( e ) ) {
/* entry is a referral, don't allow bind */
- rs->sr_ref = get_entry_referrals( op, e );
-
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, INFO,
- "ldbm_back_bind: entry(%s) is a referral.\n", e->e_dn, 0, 0 );
+ "ldbm_back_bind: entry(%s) is a referral.\n", e->e_dn, 0, 0 );
#else
- Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0,
- 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0, 0, 0 );
#endif
-
- if( rs->sr_ref != NULL ) {
- rc = LDAP_REFERRAL;
- rs->sr_matched = ch_strdup( e->e_name.bv_val );
- rs->sr_flags |= REP_MATCHED_MUSTBEFREED;
-
- } else {
- rc = LDAP_INVALID_CREDENTIALS;
- }
+ rc = LDAP_INVALID_CREDENTIALS;
goto return_results;
}
if ( ! access_allowed( op, e,
password, NULL, ACL_AUTH, NULL ) )
{
+#if 1
+ rc = LDAP_INVALID_CREDENTIALS;
+#else
rc = LDAP_INSUFFICIENT_ACCESS;
+#endif
goto return_results;
}
if ( (a = attr_find( e->e_attrs, password )) == NULL ) {
/* stop front end from sending result */
+#if 1
+ rc = LDAP_INVALID_CREDENTIALS;
+#else
rc = LDAP_INAPPROPRIATE_AUTH;
+#endif
goto return_results;
}
- if ( slap_passwd_check( op->o_conn, a, &op->oq_bind.rb_cred, &rs->sr_text ) != 0 ) {
+ if ( slap_passwd_check( op->o_conn,
+ a, &op->oq_bind.rb_cred, &rs->sr_text ) != 0 )
+ {
/* stop front end from sending result */
rc = LDAP_INVALID_CREDENTIALS;
goto return_results;
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
case LDAP_AUTH_KRBV41:
- if ( krbv4_ldap_auth( op->o_bd, &op->oq_bind.rb_cred, &ad ) != LDAP_SUCCESS ) {
+ if ( krbv4_ldap_auth( op->o_bd, &op->oq_bind.rb_cred, &ad )
+ != LDAP_SUCCESS )
+ {
rc = LDAP_INVALID_CREDENTIALS;
goto return_results;
}
}
rc = 0;
break;
-
- case LDAP_AUTH_KRBV42:
- rs->sr_text = "Kerberos bind step 2 not supported";
- /* stop front end from sending result */
- rc = LDAP_UNWILLING_TO_PERFORM;
- goto return_results;
#endif
default:
+ assert( 0 ); /* should not be reachable */
rs->sr_text = "authentication method not supported";
rc = LDAP_STRONG_AUTH_NOT_SUPPORTED;
goto return_results;
} else {
/* no parent, must be root to delete */
- if( ! be_isroot( op->o_bd, &op->o_ndn ) ) {
- if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv ) || be_isupdate( op->o_bd, &op->o_ndn ) ) {
+ if( ! be_isroot( op ) ) {
+ if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv ) || be_isupdate( op ) ) {
p = (Entry *)&slap_entry_root;
rc = access_allowed( op, p,
bi->bi_controls = controls;
+ bi->bi_flags |=
+ SLAP_BFLAG_INCREMENT |
+#ifdef LDBM_SUBENTRIES
+ SLAP_BFLAG_SUBENTRIES |
+#endif
+ SLAP_BFLAG_ALIASES |
+ SLAP_BFLAG_REFERRALS;
+
bi->bi_open = ldbm_back_open;
bi->bi_config = NULL;
bi->bi_close = ldbm_back_close;
{
struct ldbminfo *li;
- /* indicate system schema supported */
- be->be_flags |=
- SLAP_BFLAG_INCREMENT |
-#ifdef LDBM_SUBENTRIES
- SLAP_BFLAG_SUBENTRIES |
-#endif
- SLAP_BFLAG_ALIASES |
- SLAP_BFLAG_REFERRALS;
-
/* allocate backend-database-specific stuff */
li = (struct ldbminfo *) ch_calloc( 1, sizeof(struct ldbminfo) );
} else {
/* no parent, must be root to modify rdn */
- isroot = be_isroot( op->o_bd, &op->o_ndn );
+ isroot = be_isroot( op );
if ( ! isroot ) {
- if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv ) || be_isupdate( op->o_bd, &op->o_ndn ) ) {
+ if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv ) || be_isupdate( op ) ) {
int can_access;
p = (Entry *)&slap_entry_root;
/* no parent, must be root to modify newSuperior */
if ( isroot == -1 ) {
- isroot = be_isroot( op->o_bd, &op->o_ndn );
+ isroot = be_isroot( op );
}
if ( ! isroot ) {
- if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv ) || be_isupdate( op->o_bd, &op->o_ndn ) ) {
+ if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv ) || be_isupdate( op ) ) {
int can_access;
np = (Entry *)&slap_entry_root;
rs->sr_err = LDAP_INVALID_CREDENTIALS;
}
- rs->sr_err = ldap_back_map_result( rs );
+ rs->sr_err = slap_map_api2result( rs );
send_ldap_result( op, rs );
return -1;
}
rs->sr_err = ldap_set_option( lsc->ld,
LDAP_OPT_SERVER_CONTROLS, op->o_ctrls );
if ( rs->sr_err != LDAP_SUCCESS ) {
- rs->sr_err = ldap_back_map_result( rs );
+ rs->sr_err = slap_map_api2result( rs );
goto return_results;
}
}
LDAP_SASL_SIMPLE, &op->oq_bind.rb_cred,
op->o_ctrls, NULL, NULL);
if ( rs->sr_err != LDAP_SUCCESS ) {
- rs->sr_err = ldap_back_map_result( rs );
+ rs->sr_err = slap_map_api2result( rs );
goto return_results;
}
LDAP_OPT_ERROR_STRING, &msg );
ldap_get_option( lsc->ld,
LDAP_OPT_MATCHED_DN, &match );
- rs->sr_err = ldap_back_map_result( rs );
+ rs->sr_err = slap_map_api2result( rs );
#ifdef NEW_LOGGING
LDAP_LOG( BACK_META, RESULTS,
break;
default:
- rres = ldap_back_map_result( rs );
+ rres = slap_map_api2result( rs );
if ( err != NULL ) {
free( err );
*/
rs->sr_err = ldap_initialize( &lsc->ld, lt->uri );
if ( rs->sr_err != LDAP_SUCCESS ) {
- return ldap_back_map_result( rs );
+ return slap_map_api2result( rs );
}
/*
res, 1 );
res = NULL;
- sres = ldap_back_map_result( rs );
+ sres = slap_map_api2result( rs );
if ( err != NULL ) {
free( err );
}
return( -1 );
}
- if ( be->be_flags & SLAP_BFLAG_MONITOR ) {
+ if ( SLAP_MONITOR(be) ) {
attr_merge( e, slap_schema.si_ad_monitorContext,
be->be_suffix, be->be_nsuffix );
attr_merge( e_database, slap_schema.si_ad_monitorContext,
be_monitor = be;
/* indicate system schema supported */
- be->be_flags |= SLAP_BFLAG_MONITOR;
+ SLAP_DBFLAGS(be) |= SLAP_BFLAG_MONITOR;
dn.bv_val = SLAPD_MONITOR_DN;
dn.bv_len = sizeof( SLAPD_MONITOR_DN ) - 1;
}
int
-be_isroot( Backend *be, struct berval *ndn )
+be_isroot_dn( Backend *be, struct berval *ndn )
{
if ( !ndn->bv_len ) {
return( 0 );
}
int
-be_isupdate( Backend *be, struct berval *ndn )
+be_isupdate( Operation *op )
+{
+ return be_isupdate_dn( op->o_bd, &op->o_ndn );
+}
+
+int
+be_isupdate_dn( Backend *be, struct berval *ndn )
{
if ( !ndn->bv_len ) {
return( 0 );
return &be->be_rootdn;
}
+int
+be_isroot( Operation *op )
+{
+ return be_isroot_dn( op->o_bd, &op->o_ndn );
+}
+
int
be_isroot_pw( Operation *op )
{
int result;
char *errmsg;
- if ( ! be_isroot( op->o_bd, &op->o_req_ndn ) ) {
+ if ( ! be_isroot_dn( op->o_bd, &op->o_req_ndn ) ) {
return 0;
}
if (SLAP_GLUE_SUBORDINATE ( b1 ) ) {
/* The last database cannot be a subordinate of noone */
if (i == nBackendDB - 1) {
- b1->be_flags ^= SLAP_BFLAG_GLUE_SUBORDINATE;
+ SLAP_DBFLAGS(b1) ^= SLAP_DBFLAG_GLUE_SUBORDINATE;
}
continue;
}
continue;
}
cont--;
- be->be_flags |= SLAP_BFLAG_GLUE_LINKED;
+ SLAP_DBFLAGS(be) |= SLAP_DBFLAG_GLUE_LINKED;
if (gi == NULL) {
/* We create a copy of the superior's be
* structure, pointing to all of its original
* is used whenever we have operations to pass
* down to the real database.
*/
- b1->be_flags |= SLAP_BFLAG_GLUE_INSTANCE;
+ SLAP_DBFLAGS(b1) |= SLAP_DBFLAG_GLUE_INSTANCE;
gi = (glueinfo *)ch_malloc(sizeof(glueinfo));
gi->nodes = 0;
gi->bd = *b1;
return rc;
}
-enum op_which { op_bind = 0, op_unbind, op_search, op_compare,
- op_modify, op_modrdn, op_add, op_delete, op_abandon,
- op_cancel, op_extended };
+enum op_which {
+ op_bind = 0,
+ op_unbind,
+ op_search,
+ op_compare,
+ op_modify,
+ op_modrdn,
+ op_add,
+ op_delete,
+ op_abandon,
+ op_cancel,
+ op_extended,
+ op_aux_chk_referrals,
+ op_last
+};
+
+/*
+ * default return code in case of missing backend function
+ * and overlay stack returning SLAP_CB_CONTINUE
+ */
+static int op_rc[] = {
+ LDAP_UNWILLING_TO_PERFORM, /* bind */
+ LDAP_UNWILLING_TO_PERFORM, /* unbind */
+ LDAP_UNWILLING_TO_PERFORM, /* search */
+ LDAP_UNWILLING_TO_PERFORM, /* compare */
+ LDAP_UNWILLING_TO_PERFORM, /* modify */
+ LDAP_UNWILLING_TO_PERFORM, /* modrdn */
+ LDAP_UNWILLING_TO_PERFORM, /* add */
+ LDAP_UNWILLING_TO_PERFORM, /* delete */
+ LDAP_UNWILLING_TO_PERFORM, /* abandon */
+ LDAP_UNWILLING_TO_PERFORM, /* cancel */
+ LDAP_UNWILLING_TO_PERFORM, /* extended */
+ LDAP_SUCCESS /* aux_chk_referrals */
+};
static int
over_op_func(
}
/* should not fall thru this far without anything happening... */
if ( rc == SLAP_CB_CONTINUE ) {
- rc = LDAP_UNWILLING_TO_PERFORM;
+ rc = op_rc[ which ];
}
op->o_callback = cb.sc_next;
return rc;
return over_op_func( op, rs, op_extended );
}
+static int
+over_chk_referrals( Operation *op, SlapReply *rs )
+{
+ return over_op_func( op, rs, op_aux_chk_referrals );
+}
+
int
overlay_register(
slap_overinst *on
bi->bi_op_delete = over_op_delete;
bi->bi_op_abandon = over_op_abandon;
bi->bi_op_cancel = over_op_cancel;
+
bi->bi_extended = over_op_extended;
+ /*
+ * this is fine because it has the same
+ * args of the operations; we need to rework
+ * all the hooks to share the same args
+ * of the operations...
+ */
+ bi->bi_chk_referrals = over_chk_referrals;
+
be->bd_info = bi;
} else {
send_ldap_result( op, rs );
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, DETAIL1,
- "do_bind: conn %d v%d anonymous bind\n",
- op->o_connid, version , 0 );
+ "do_bind: conn %d v%d anonymous bind\n",
+ op->o_connid, version , 0 );
#else
Debug( LDAP_DEBUG_TRACE, "do_bind: v%d anonymous bind\n",
version, 0, 0 );
}
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
- } else if ( op->orb_method == LDAP_AUTH_KRBV41 ||
- op->orb_method == LDAP_AUTH_KRBV42 )
- {
+ } else if ( op->orb_method == LDAP_AUTH_KRBV41 ) {
if ( global_disallows & SLAP_DISALLOW_BIND_KRBV4 ) {
- /* disallow simple authentication */
+ /* disallow krbv4 authentication */
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
rs->sr_text = "unwilling to perform Kerberos V4 bind";
send_ldap_result( op, rs );
+
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, DETAIL1,
- "do_bind: conn %d v%d Kerberos V4 bind\n",
+ "do_bind: conn %d v%d Kerberos V4 (step 1) bind refused\n",
op->o_connid, version , 0 );
#else
- Debug( LDAP_DEBUG_TRACE, "do_bind: v%d Kerberos V4 bind\n",
+ Debug( LDAP_DEBUG_TRACE,
+ "do_bind: v%d Kerberos V4 (step 1) bind refused\n",
version, 0, 0 );
#endif
goto cleanup;
}
ber_str2bv( "KRBV4", sizeof("KRBV4")-1, 0, &mech );
+
+ } else if ( op->orb_method == LDAP_AUTH_KRBV42 ) {
+ rs->sr_err = LDAP_AUTH_METHOD_NOT_SUPPORTED;
+ rs->sr_text = "Kerberos V4 (step 2) bind not supported";
+ send_ldap_result( op, rs );
+
+#ifdef NEW_LOGGING
+ LDAP_LOG( OPERATION, DETAIL1,
+ "do_bind: conn %d v%d Kerberos V4 (step 2) bind refused\n",
+ op->o_connid, version , 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "do_bind: v%d Kerberos V4 (step 2) bind refused\n",
+ version, 0, 0 );
+#endif
+ goto cleanup;
#endif
} else {
goto cleanup;
}
-#if defined( LDAP_SLAPI )
+#ifdef LDAP_SLAPI
if ( pb ) {
int rc;
slapi_int_pblock_set_operation( pb, op );
op->orb_edn.bv_len = 0;
if ( rs->sr_err == LDAP_SUCCESS ) {
- slapi_pblock_get( pb, SLAPI_CONN_DN, (void *)&op->orb_edn.bv_val );
+ slapi_pblock_get( pb, SLAPI_CONN_DN,
+ (void *)&op->orb_edn.bv_val );
if ( op->orb_edn.bv_val == NULL ) {
if ( rc == 1 ) {
/* No plugins were called; continue. */
break;
}
}
-#endif /* defined( LDAP_SLAPI ) */
+#endif /* LDAP_SLAPI */
if( op->o_bd->be_bind ) {
rs->sr_err = (op->o_bd->be_bind)( op, rs );
"operation not supported within naming context" );
}
-#if defined( LDAP_SLAPI )
- if ( pb != NULL && slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_POST_BIND_FN, pb ) < 0 ) {
+#ifdef LDAP_SLAPI
+ if ( pb != NULL &&
+ slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_POST_BIND_FN, pb ) < 0 )
+ {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
"do_bind: Bind postoperation plugins failed\n",
0, 0, 0);
#endif
}
-#endif /* defined( LDAP_SLAPI ) */
+#endif /* LDAP_SLAPI */
cleanup:
if ( rs->sr_err == LDAP_SUCCESS ) {
return 1;
} else {
- be->be_flags |= SLAP_BFLAG_GLUE_SUBORDINATE;
+ SLAP_DBFLAGS(be) |= SLAP_DBFLAG_GLUE_SUBORDINATE;
num_subordinates++;
}
"a database definition.\n", fname, lineno, 0);
#endif
return 1;
- } else {
- if ( add_syncrepl( be, cargv, cargc )) {
- return 1;
- }
+
+ } else if ( SLAP_SHADOW( be )) {
+#ifdef NEW_LOGGING
+ LDAP_LOG( CONFIG, INFO,
+ "%s: line %d: syncrepl: database already shadowed.\n",
+ fname, lineno, 0);
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: syncrepl: database already shadowed.\n",
+ fname, lineno, 0);
+#endif
+ return 1;
+
+ } else if ( add_syncrepl( be, cargv, cargc )) {
+ return 1;
}
+ SLAP_DBFLAGS(be) |= SLAP_DBFLAG_SHADOW;
+
/* list of replicas of the data in this backend (master only) */
} else if ( strcasecmp( cargv[0], "replica" ) == 0 ) {
if ( cargc < 2 ) {
#endif
return 1;
+ } else if ( SLAP_SHADOW(be) ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG( CONFIG, INFO,
+ "%s: line %d: updatedn: database already shadowed.\n",
+ fname, lineno, 0);
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: updatedn: database already shadowed.\n",
+ fname, lineno, 0);
+#endif
+ return 1;
+
} else {
struct berval dn;
#endif
return 1;
}
+
}
+ SLAP_DBFLAGS(be) |= SLAP_DBFLAG_SHADOW;
} else if ( strcasecmp( cargv[0], "updateref" ) == 0 ) {
if ( cargc < 2 ) {
#endif
return 1;
- } else if ( !be->be_update_ndn.bv_len ) {
+ } else if ( !SLAP_SHADOW(be) ) {
#ifdef NEW_LOGGING
LDAP_LOG( CONFIG, INFO, "%s: line %d: "
- "updateref line must come after updatedn.\n",
+ "updateref line must come after syncrepl or updatedn.\n",
fname, lineno , 0 );
#else
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "updateref line must after updatedn.\n",
+ "updateref line must after syncrepl or updatedn.\n",
fname, lineno, 0 );
#endif
return 1;
vals[0].bv_val = cargv[1];
vals[0].bv_len = strlen( vals[0].bv_val );
- if( value_add( &be->be_update_refs, vals ) )
+ if( value_add( &be->be_update_refs, vals ) ) {
return LDAP_OTHER;
+ }
/* replication log file to which changes are appended */
} else if ( strcasecmp( cargv[0], "replogfile" ) == 0 ) {
}
if ( strcasecmp( cargv[1], "on" ) == 0 ) {
if ( be ) {
- be->be_flags &= ~SLAP_BFLAG_NOLASTMOD;
+ SLAP_DBFLAGS(be) &= ~SLAP_DBFLAG_NOLASTMOD;
} else {
lastmod = 1;
}
} else {
if ( be ) {
- be->be_flags |= SLAP_BFLAG_NOLASTMOD;
+ SLAP_DBFLAGS(be) |= SLAP_DBFLAG_NOLASTMOD;
} else {
lastmod = 0;
}
si->si_provideruri == NULL ? "(null)" : si->si_provideruri, 0, 0 );
#endif
if ( !si->si_schemachecking ) {
- be->be_flags |= SLAP_BFLAG_NO_SCHEMA_CHECK;
+ SLAP_DBFLAGS(be) |= SLAP_DBFLAG_NO_SCHEMA_CHECK;
}
si->si_be = be;
LDAP_STAILQ_INSERT_TAIL( &be->be_syncinfo, si, si_next );
ldap_pvt_thread_mutex_lock( &op->o_bd->be_pcl_mutex );
- LDAP_TAILQ_FOREACH( csne, &op->o_bd->be_pending_csn_list, csn_link ) {
- if ( csne->opid == op->o_opid && csne->connid == op->o_connid ) {
- csne->state = SLAP_CSN_COMMIT;
+ LDAP_TAILQ_FOREACH( csne, &op->o_bd->be_pending_csn_list, ce_csn_link ) {
+ if ( csne->ce_opid == op->o_opid && csne->ce_connid == op->o_connid ) {
+ csne->ce_state = SLAP_CSN_COMMIT;
break;
}
}
- LDAP_TAILQ_FOREACH( csne, &op->o_bd->be_pending_csn_list, csn_link ) {
- if ( csne->state == SLAP_CSN_COMMIT ) committed_csne = csne;
- if ( csne->state == SLAP_CSN_PENDING ) break;
- }
-
- if ( committed_csne ) {
- ber_dupbv( csn, committed_csne->csn );
+ LDAP_TAILQ_FOREACH( csne, &op->o_bd->be_pending_csn_list, ce_csn_link ) {
+ if ( csne->ce_state == SLAP_CSN_COMMIT ) committed_csne = csne;
+ if ( csne->ce_state == SLAP_CSN_PENDING ) break;
}
+ if ( committed_csne ) ber_dupbv( csn, committed_csne->ce_csn );
ldap_pvt_thread_mutex_unlock( &op->o_bd->be_pcl_mutex );
-
}
void
ldap_pvt_thread_mutex_lock( &op->o_bd->be_pcl_mutex );
- LDAP_TAILQ_FOREACH( csne, &op->o_bd->be_pending_csn_list, csn_link ) {
- if ( csne->opid == op->o_opid && csne->connid == op->o_connid ) {
- csne->state = SLAP_CSN_PENDING;
+ LDAP_TAILQ_FOREACH( csne, &op->o_bd->be_pending_csn_list, ce_csn_link ) {
+ if ( csne->ce_opid == op->o_opid && csne->ce_connid == op->o_connid ) {
+ csne->ce_state = SLAP_CSN_PENDING;
break;
}
}
{
struct slap_csn_entry *csne;
- if ( op == NULL )
- return;
-
- if ( op->o_bd == NULL )
- return;
+ if ( op == NULL ) return;
+ if ( op->o_bd == NULL ) return;
ldap_pvt_thread_mutex_lock( &op->o_bd->be_pcl_mutex );
- LDAP_TAILQ_FOREACH( csne, &op->o_bd->be_pending_csn_list, csn_link ) {
- if ( csne->opid == op->o_opid && csne->connid == op->o_connid ) {
- LDAP_TAILQ_REMOVE( &op->o_bd->be_pending_csn_list, csne, csn_link );
- ch_free( csne->csn->bv_val );
- ch_free( csne->csn );
+ LDAP_TAILQ_FOREACH( csne, &op->o_bd->be_pending_csn_list, ce_csn_link ) {
+ if ( csne->ce_opid == op->o_opid && csne->ce_connid == op->o_connid ) {
+ LDAP_TAILQ_REMOVE( &op->o_bd->be_pending_csn_list,
+ csne, ce_csn_link );
+ ch_free( csne->ce_csn->bv_val );
+ ch_free( csne->ce_csn );
ch_free( csne );
break;
}
Entry *
slap_create_context_csn_entry(
Backend *be,
- struct berval *context_csn
-)
+ struct berval *context_csn )
{
Entry* e;
int rc;
char *csnbuf,
int len,
struct berval *csn,
- int manage_ctxcsn
-)
+ int manage_ctxcsn )
{
struct slap_csn_entry *pending;
sizeof( struct slap_csn_entry ));
ldap_pvt_thread_mutex_lock( &op->o_bd->be_pcl_mutex );
ber_dupbv( &op->o_sync_csn, csn );
- pending->csn = ber_dupbv( NULL, csn );
- pending->connid = op->o_connid;
- pending->opid = op->o_opid;
- pending->state = SLAP_CSN_PENDING;
+ pending->ce_csn = ber_dupbv( NULL, csn );
+ pending->ce_connid = op->o_connid;
+ pending->ce_opid = op->o_opid;
+ pending->ce_state = SLAP_CSN_PENDING;
LDAP_TAILQ_INSERT_TAIL( &op->o_bd->be_pending_csn_list,
- pending, csn_link );
+ pending, ce_csn_link );
ldap_pvt_thread_mutex_unlock( &op->o_bd->be_pcl_mutex );
}
switch ( from.sa_addr.sa_family ) {
# ifdef LDAP_PF_LOCAL
case AF_LOCAL:
+ /* FIXME: apparently accept doesn't fill
+ * the sun_path sun_path member */
+ if ( from.sa_un_addr.sun_path[0] == '\0' ) {
+ AC_MEMCPY( from.sa_un_addr.sun_path,
+ slap_listeners[l]->sl_sa.sa_un_addr.sun_path,
+ sizeof( from.sa_un_addr.sun_path ) );
+ }
+
sprintf( peername, "PATH=%s", from.sa_un_addr.sun_path );
ssf = LDAP_PVT_SASL_LOCAL_SSF;
{
* appropriate one, or send a referral to our "referral server"
* if we don't hold it.
*/
- if ( (op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 0 )) == NULL ) {
+ op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 0 );
+ if ( op->o_bd == NULL ) {
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
if (rs->sr_ref != default_referral) ber_bvarray_free( rs->sr_ref );
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
- "referral missing" );
+ "no global superior knowledge" );
}
goto cleanup;
}
*/
if ( op->o_bd->be_delete ) {
/* do the update here */
- int repl_user = be_isupdate( op->o_bd, &op->o_ndn );
+ int repl_user = be_isupdate( op );
#ifndef SLAPD_MULTIMASTER
- if ( LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo ) &&
- ( !op->o_bd->be_update_ndn.bv_len || repl_user ))
+ if ( !SLAP_SHADOW(op->o_bd) || repl_user )
#else
if ( LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo ))
#endif
op->o_managedsait = 1;
while ( rs->sr_err == LDAP_SUCCESS &&
- op->o_delete_glue_parent ) {
+ op->o_delete_glue_parent )
+ {
op->o_delete_glue_parent = 0;
if ( !be_issuffix( op->o_bd, &op->o_req_ndn )) {
slap_callback cb = { NULL };
#ifndef SLAPD_MULTIMASTER
} else {
- BerVarray defref = NULL;
- if ( !LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) {
- syncinfo_t *si;
- LDAP_STAILQ_FOREACH( si, &op->o_bd->be_syncinfo, si_next ) {
- struct berval tmpbv;
- ber_dupbv( &tmpbv, &si->si_provideruri_bv[0] );
- ber_bvarray_add( &defref, &tmpbv );
- }
- } else {
- defref = op->o_bd->be_update_refs
- ? op->o_bd->be_update_refs : default_referral;
- }
+ BerVarray defref = op->o_bd->be_update_refs
+ ? op->o_bd->be_update_refs : default_referral;
+
if ( defref != NULL ) {
rs->sr_ref = referral_rewrite( defref,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
send_ldap_result( op, rs );
if (rs->sr_ref != defref) ber_bvarray_free( rs->sr_ref );
+
} else {
send_ldap_error( op, rs,
- LDAP_UNWILLING_TO_PERFORM,
- "referral missing" );
+ LDAP_UNWILLING_TO_PERFORM,
+ "shadow context; no update referral" );
}
#endif
}
(void) ldap_pvt_thread_initialize();
- ldap_pvt_thread_pool_init(&connection_pool, connection_pool_max, 0);
+ ldap_pvt_thread_pool_init( &connection_pool,
+ connection_pool_max, 0);
ldap_pvt_thread_mutex_init( &entry2str_mutex );
ldap_pvt_thread_mutex_init( &replog_mutex );
assert( op->o_tag == LDAP_REQ_SEARCH);
/* allow root to set no limit */
- if ( be_isroot( op->o_bd, &op->o_ndn ) ) {
+ if ( be_isroot( op ) ) {
op->ors_limit = NULL;
if ( op->ors_tlimit == 0 ) {
if (rs->sr_ref != default_referral) ber_bvarray_free( rs->sr_ref );
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
- "referral missing" );
+ "no global superior knowledge" );
}
goto cleanup;
}
modv = slapi_int_modifications2ldapmods( &modlist );
slapi_pblock_set( pb, SLAPI_MODIFY_MODS, (void *)modv );
- rs->sr_err = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_MODIFY_FN, pb );
+ rs->sr_err = slapi_int_call_plugins( op->o_bd,
+ SLAPI_PLUGIN_PRE_MODIFY_FN, pb );
if ( rs->sr_err < 0 ) {
/*
* A preoperation plugin failure will abort the
* entire operation.
*/
#ifdef NEW_LOGGING
- LDAP_LOG( OPERATION, INFO, "do_modify: modify preoperation plugin "
- "failed\n", 0, 0, 0 );
+ LDAP_LOG( OPERATION, INFO,
+ "do_modify: modify preoperation plugin failed\n",
+ 0, 0, 0 );
#else
- Debug(LDAP_DEBUG_TRACE, "do_modify: modify preoperation plugin failed.\n",
- 0, 0, 0);
+ Debug(LDAP_DEBUG_TRACE,
+ "do_modify: modify preoperation plugin failed.\n",
+ 0, 0, 0);
#endif
- if ( ( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE, (void *)&rs->sr_err ) != 0 ) ||
- rs->sr_err == LDAP_SUCCESS ) {
+ if ( ( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE,
+ (void *)&rs->sr_err ) != 0 ) || rs->sr_err == LDAP_SUCCESS )
+ {
rs->sr_err = LDAP_OTHER;
}
slapi_int_free_ldapmods( modv );
*/
if ( op->o_bd->be_modify ) {
/* do the update here */
- int repl_user = be_isupdate( op->o_bd, &op->o_ndn );
+ int repl_user = be_isupdate( op );
/* Multimaster slapd does not have to check for replicator dn
* because it accepts each modify request
*/
#ifndef SLAPD_MULTIMASTER
- if ( LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo ) &&
- ( !op->o_bd->be_update_ndn.bv_len || repl_user ))
+ if ( !SLAP_SHADOW(op->o_bd) || repl_user )
#else
if ( LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo ))
#endif
#ifndef SLAPD_MULTIMASTER
/* send a referral */
} else {
- BerVarray defref = NULL;
- if ( !LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) {
- syncinfo_t *si;
- LDAP_STAILQ_FOREACH( si, &op->o_bd->be_syncinfo, si_next ) {
- struct berval tmpbv;
- ber_dupbv( &tmpbv, &si->si_provideruri_bv[0] );
- ber_bvarray_add( &defref, &tmpbv );
- }
- } else {
- defref = op->o_bd->be_update_refs
- ? op->o_bd->be_update_refs : default_referral;
- }
+ BerVarray defref = op->o_bd->be_update_refs
+ ? op->o_bd->be_update_refs : default_referral;
if ( defref != NULL ) {
rs->sr_ref = referral_rewrite( defref,
NULL, &op->o_req_dn,
ber_bvarray_free( rs->sr_ref );
}
} else {
- send_ldap_error( op, rs,
- LDAP_UNWILLING_TO_PERFORM,
- "referral missing" );
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "shadow context; no update referral" );
}
#endif
}
* appropriate one, or send a referral to our "referral server"
* if we don't hold it.
*/
- if ( (op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 0 )) == NULL ) {
+ op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 0 );
+ if ( op->o_bd == NULL ) {
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
if (!rs->sr_ref) rs->sr_ref = default_referral;
if (rs->sr_ref != default_referral) ber_bvarray_free( rs->sr_ref );
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
- "referral missing" );
+ "no global superior knowledge" );
}
goto cleanup;
}
*/
if ( op->o_bd->be_modrdn ) {
/* do the update here */
- int repl_user = be_isupdate( op->o_bd, &op->o_ndn );
+ int repl_user = be_isupdate( op );
#ifndef SLAPD_MULTIMASTER
- if ( LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo ) &&
- ( !op->o_bd->be_update_ndn.bv_len || repl_user ))
+ if ( !SLAP_SHADOW(op->o_bd) || repl_user )
#else
if ( LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo ))
#endif
#ifndef SLAPD_MULTIMASTER
} else {
- BerVarray defref = NULL;
- if ( !LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) {
- syncinfo_t *si;
- LDAP_STAILQ_FOREACH( si, &op->o_bd->be_syncinfo, si_next ) {
- struct berval tmpbv;
- ber_dupbv( &tmpbv, &si->si_provideruri_bv[0] );
- ber_bvarray_add( &defref, &tmpbv );
- }
- } else {
- defref = op->o_bd->be_update_refs
- ? op->o_bd->be_update_refs : default_referral;
- }
+ BerVarray defref = op->o_bd->be_update_refs
+ ? op->o_bd->be_update_refs : default_referral;
+
if ( defref != NULL ) {
rs->sr_ref = referral_rewrite( defref,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
if (rs->sr_ref != defref) ber_bvarray_free( rs->sr_ref );
} else {
- send_ldap_error( op, rs,
- LDAP_UNWILLING_TO_PERFORM,
- "referral missing" );
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+ "shadow context; no update referral" );
}
#endif
}
assert( new_rdn != NULL );
assert( !op->orr_deleteoldrdn || old_rdn != NULL );
- repl_user = be_isupdate( op->o_bd, &op->o_ndn );
+ repl_user = be_isupdate( op );
/* Add new attribute values to the entry */
for ( a_cnt = 0; new_rdn[a_cnt]; a_cnt++ ) {
qm = (query_manager*)ch_malloc(sizeof(query_manager));
cm->db = *be;
- cm->db.be_flags |= SLAP_BFLAG_NO_SCHEMA_CHECK;
+ SLAP_DBFLAGS(&cm->db) |= SLAP_DBFLAG_NO_SCHEMA_CHECK;
cm->db.be_private = NULL;
cm->qm = qm;
cm->numattrsets = 0;
rc = cm->db.bd_info->bi_db_open( &cm->db );
}
- ldap_pvt_thread_mutex_lock( &syncrepl_rq.rq_mutex );
- ldap_pvt_runqueue_insert( &syncrepl_rq, cm->cc_period,
- consistency_check, on );
- ldap_pvt_thread_mutex_unlock( &syncrepl_rq.rq_mutex );
+ /* There is no runqueue in TOOL mode */
+ if ( slapMode & SLAP_SERVER_MODE ) {
+ ldap_pvt_thread_mutex_lock( &syncrepl_rq.rq_mutex );
+ ldap_pvt_runqueue_insert( &syncrepl_rq, cm->cc_period,
+ consistency_check, on );
+ ldap_pvt_thread_mutex_unlock( &syncrepl_rq.rq_mutex );
+ }
return rc;
}
#ifndef SLAPD_MULTIMASTER
/* This does not apply to multi-master case */
- if( op->o_bd->be_update_ndn.bv_len ||
- !LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) {
+ if(!( !SLAP_SHADOW( op->o_bd ) || be_isupdate( op ))) {
/* we SHOULD return a referral in this case */
- BerVarray defref = NULL;
- if ( !LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) {
- syncinfo_t *si;
- LDAP_STAILQ_FOREACH( si, &op->o_bd->be_syncinfo, si_next ) {
- struct berval tmpbv;
- ber_dupbv( &tmpbv, &si->si_provideruri_bv[0] );
- ber_bvarray_add( &defref, &tmpbv );
- }
- } else {
- defref = referral_rewrite( op->o_bd->be_update_refs,
+ BerVarray defref = op->o_bd->be_update_refs
+ ? op->o_bd->be_update_refs : default_referral;
+
+ if( defref != NULL ) {
+ rs->sr_ref = referral_rewrite( op->o_bd->be_update_refs,
NULL, NULL, LDAP_SCOPE_DEFAULT );
+ if(rs->sr_ref) {
+ rs->sr_flags |= REP_REF_MUSTBEFREED;
+ } else {
+ rs->sr_ref = defref;
+ }
+ return LDAP_REFERRAL;
+
}
- rs->sr_ref = defref;
- return LDAP_REFERRAL;
+
+ rs->sr_text = "shadow context; no update referral";
+ return LDAP_UNWILLING_TO_PERFORM;
}
#endif /* !SLAPD_MULTIMASTER */
LDAP_SLAPD_F (int) be_issuffix LDAP_P(( Backend *be,
struct berval *suffix ));
-LDAP_SLAPD_F (int) be_isroot LDAP_P(( Backend *be,
- struct berval *ndn ));
+LDAP_SLAPD_F (int) be_isroot LDAP_P(( Operation *op ));
+LDAP_SLAPD_F (int) be_isroot_dn LDAP_P(( Backend *be, struct berval *ndn ));
LDAP_SLAPD_F (int) be_isroot_pw LDAP_P(( Operation *op ));
-LDAP_SLAPD_F (int) be_isupdate LDAP_P(( Backend *be, struct berval *ndn ));
+LDAP_SLAPD_F (int) be_isupdate LDAP_P(( Operation *op ));
+LDAP_SLAPD_F (int) be_isupdate_dn LDAP_P(( Backend *be, struct berval *ndn ));
LDAP_SLAPD_F (struct berval *) be_root_dn LDAP_P(( Backend *be ));
LDAP_SLAPD_F (int) be_entry_get_rw LDAP_P(( struct slap_op *o,
struct berval *ndn, ObjectClass *oc,
LDAP_SLAPD_F (int) str2result LDAP_P(( char *s,
int *code, char **matched, char **info ));
+LDAP_SLAPD_F (int) slap_map_api2result LDAP_P(( SlapReply *rs ));
/*
* root_dse.c
if (op->o_conn && op->o_conn->c_is_udp &&
op->o_protocol == LDAP_VERSION2 )
{
- rc = ber_printf( ber, "t{ess" /*"}}"*/,
+ rc = ber_printf( ber, "t{ess" /*"}"*/,
rs->sr_tag, rs->sr_err,
rs->sr_matched == NULL ? "" : rs->sr_matched,
rs->sr_text == NULL ? "" : rs->sr_text );
}
#ifdef LDAP_CONNECTIONLESS
- if( op->o_conn && op->o_conn->c_is_udp && op->o_protocol == LDAP_VERSION2 && rc != -1 ) {
+ if( op->o_conn && op->o_conn->c_is_udp && op->o_protocol == LDAP_VERSION2
+ && rc != -1 )
+ {
rc = ber_printf( ber, /*"{"*/ "N}" );
}
#endif
#ifdef LDAP_CONNECTIONLESS
if (!op->o_conn || op->o_conn->c_is_udp == 0)
#endif
- ber_free_buf( ber );
+ {
+ ber_free_buf( ber );
+ }
goto cleanup;
}
#ifdef LDAP_CONNECTIONLESS
if (!op->o_conn || op->o_conn->c_is_udp == 0)
#endif
- ber_free_buf( ber );
+ {
+ ber_free_buf( ber );
+ }
if ( bytes < 0 ) {
#ifdef NEW_LOGGING
#ifdef LDAP_SLAPI
if ( op->o_pb ) {
slapi_pblock_set( op->o_pb, SLAPI_RESULT_CODE, (void *)rs->sr_err );
- slapi_pblock_set( op->o_pb, SLAPI_RESULT_MATCHED, (void *)rs->sr_matched );
+ slapi_pblock_set( op->o_pb, SLAPI_RESULT_MATCHED,
+ (void *)rs->sr_matched );
slapi_pblock_set( op->o_pb, SLAPI_RESULT_TEXT, (void *)rs->sr_text );
}
#endif /* LDAP_SLAPI */
rs->sr_matched = NULL;
}
+ if ( rs->sr_ref && rs->sr_flags & REP_REF_MUSTBEFREED ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+
clean2:
if (op->o_callback) {
slap_callback *sc = op->o_callback;
**ctrl = c;
return LDAP_SUCCESS;
}
+
+/* Map API errors to protocol errors... */
+int
+slap_map_api2result( SlapReply *rs )
+{
+ switch(rs->sr_err) {
+ case LDAP_SERVER_DOWN:
+ return LDAP_UNAVAILABLE;
+ case LDAP_LOCAL_ERROR:
+ return LDAP_OTHER;
+ case LDAP_ENCODING_ERROR:
+ case LDAP_DECODING_ERROR:
+ return LDAP_PROTOCOL_ERROR;
+ case LDAP_TIMEOUT:
+ return LDAP_UNAVAILABLE;
+ case LDAP_AUTH_UNKNOWN:
+ return LDAP_AUTH_METHOD_NOT_SUPPORTED;
+ case LDAP_FILTER_ERROR:
+ rs->sr_text = "Filter error";
+ return LDAP_OTHER;
+ case LDAP_USER_CANCELLED:
+ rs->sr_text = "User cancelled";
+ return LDAP_OTHER;
+ case LDAP_PARAM_ERROR:
+ return LDAP_PROTOCOL_ERROR;
+ case LDAP_NO_MEMORY:
+ return LDAP_OTHER;
+ case LDAP_CONNECT_ERROR:
+ return LDAP_UNAVAILABLE;
+ case LDAP_NOT_SUPPORTED:
+ return LDAP_UNWILLING_TO_PERFORM;
+ case LDAP_CONTROL_NOT_FOUND:
+ return LDAP_PROTOCOL_ERROR;
+ case LDAP_NO_RESULTS_RETURNED:
+ return LDAP_NO_SUCH_OBJECT;
+ case LDAP_MORE_RESULTS_TO_RETURN:
+ rs->sr_text = "More results to return";
+ return LDAP_OTHER;
+ case LDAP_CLIENT_LOOP:
+ case LDAP_REFERRAL_LIMIT_EXCEEDED:
+ return LDAP_LOOP_DETECT;
+ default:
+ if ( LDAP_API_ERROR(rs->sr_err) ) return LDAP_OTHER;
+ return rs->sr_err;
+ }
+}
+
/* no suffix! */
continue;
}
- if ( backends[i].be_flags & SLAP_BFLAG_MONITOR ) {
+ if ( SLAP_MONITOR( &backends[i] )) {
vals[0] = backends[i].be_suffix[0];
nvals[0] = backends[i].be_nsuffix[0];
if( attr_merge( e, ad_monitorContext, vals, nvals ) ) {
sasl_server_params_t *sparams;
} lookup_info;
-static slap_response sasl_ap_lookup, sasl_cb_checkpass;
+static slap_response sasl_ap_lookup;
static int
sasl_ap_lookup( Operation *op, SlapReply *rs )
return SASL_OK;
}
-typedef struct checkpass_info {
- int rc;
- struct berval cred;
-} checkpass_info;
-
-static int
-sasl_cb_checkpass( Operation *op, SlapReply *rs )
-{
- slap_callback *tmp = op->o_callback;
- checkpass_info *ci = tmp->sc_private;
- Attribute *a;
- struct berval *bv;
-
- if (rs->sr_type != REP_SEARCH) return 0;
-
- ci->rc = SASL_NOVERIFY;
-
- a = attr_find( rs->sr_entry->e_attrs, slap_schema.si_ad_userPassword );
- if ( !a ) return 0;
- if ( ! access_allowed( op, rs->sr_entry, slap_schema.si_ad_userPassword,
- NULL, ACL_AUTH, NULL ) )
- {
- return 0;
- }
-
- for ( bv = a->a_vals; bv->bv_val != NULL; bv++ ) {
- if ( !lutil_passwd( bv, &ci->cred, NULL, &rs->sr_text ) ) {
- ci->rc = SASL_OK;
- break;
- }
- }
- return 0;
-}
-
-static int
-slap_sasl_checkpass(
- sasl_conn_t *sconn,
- void *context,
- const char *username,
- const char *pass,
- unsigned passlen,
- struct propctx *propctx)
-{
- Connection *conn = (Connection *)context;
- Operation op = {0};
- int rc;
- checkpass_info ci;
-
- ci.rc = SASL_NOUSER;
-
- /* SASL will fallback to its own mechanisms if we don't
- * find an answer here.
- */
-
- rc = slap_sasl_getdn( conn, NULL, (char *)username, 0, NULL, &op.o_req_ndn,
- SLAP_GETDN_AUTHCID );
- if ( rc != LDAP_SUCCESS ) {
- sasl_seterror( sconn, 0, ldap_err2string( rc ) );
- return SASL_NOUSER;
- }
-
- if ( op.o_req_ndn.bv_len == 0 ) {
- sasl_seterror( sconn, 0,
- "No password is associated with the Root DSE" );
- if ( op.o_req_ndn.bv_val != NULL ) {
- ch_free( op.o_req_ndn.bv_val );
- }
- return SASL_NOUSER;
- }
-
- op.o_bd = select_backend( &op.o_req_ndn, 0, 1 );
- if ( op.o_bd && op.o_bd->be_search ) {
- slap_callback cb = { NULL, sasl_cb_checkpass, NULL, NULL };
- SlapReply rs = {REP_RESULT};
-
- ci.cred.bv_val = (char *)pass;
- ci.cred.bv_len = passlen;
-
- cb.sc_private = &ci;
- op.o_tag = LDAP_REQ_SEARCH;
- op.o_protocol = LDAP_VERSION3;
- op.o_ndn = conn->c_ndn;
- op.o_callback = &cb;
- op.o_time = slap_get_time();
- op.o_do_not_cache = 1;
- op.o_is_auth_check = 1;
- op.o_threadctx = conn->c_sasl_bindop->o_threadctx;
- op.o_tmpmemctx = conn->c_sasl_bindop->o_tmpmemctx;
- op.o_tmpmfuncs = conn->c_sasl_bindop->o_tmpmfuncs;
- op.o_conn = conn;
- op.o_connid = conn->c_connid;
- op.o_req_dn = op.o_req_ndn;
- op.ors_scope = LDAP_SCOPE_BASE;
- op.ors_deref = LDAP_DEREF_NEVER;
- op.ors_slimit = 1;
- op.ors_filter = &generic_filter;
- op.ors_filterstr = generic_filterstr;
-
- op.o_bd->be_search( &op, &rs );
- }
- if ( ci.rc != SASL_OK ) {
- sasl_seterror( sconn, 0,
- ldap_err2string( LDAP_INVALID_CREDENTIALS ) );
- }
-
- ch_free( op.o_req_ndn.bv_val );
-
- return ci.rc;
-}
-
/* Convert a SASL authcid or authzid into a DN. Store the DN in an
* auxiliary property, so that we can refer to it in sasl_authorize
* without interfering with anything else. Also, the SASL username
session_callbacks[cb].id = SASL_CB_CANON_USER;
session_callbacks[cb].proc = &slap_sasl_canonicalize;
session_callbacks[cb++].context = conn;
-
- /* XXXX: this should be conditional */
- session_callbacks[cb].id = SASL_CB_SERVER_USERDB_CHECKPASS;
- session_callbacks[cb].proc = &slap_sasl_checkpass;
- session_callbacks[cb++].context = conn;
#endif
session_callbacks[cb].id = SASL_CB_LIST_END;
}
/* Allow the manager to authorize as any DN. */
- if( op->o_conn->c_authz_backend && be_isroot( op->o_conn->c_authz_backend, authcDN )) {
+ if( op->o_conn->c_authz_backend &&
+ be_isroot_dn( op->o_conn->c_authz_backend, authcDN ))
+ {
rc = LDAP_SUCCESS;
goto DONE;
}
return LDAP_SUCCESS;
}
+static int
+deliveryMethodValidate(
+ Syntax *syntax,
+ struct berval *val )
+{
+#undef LENOF
+#define LENOF(s) (sizeof(s)-1)
+ struct berval tmp = *val;
+ /*
+ * DeliveryMethod = pdm *( WSP DOLLAR WSP DeliveryMethod )
+ * pdm = "any" / "mhs" / "physical" / "telex" / "teletex" /
+ * "g3fax" / "g4fax" / "ia5" / "videotex" / "telephone"
+ */
+again:
+ if( tmp.bv_len < 3 ) return LDAP_INVALID_SYNTAX;
+
+ switch( tmp.bv_val[0] ) {
+ case 'a':
+ case 'A':
+ if(( tmp.bv_len >= LENOF("any") ) &&
+ ( strncasecmp(tmp.bv_val, "any", LENOF("any")) == 0 ))
+ {
+ tmp.bv_len -= LENOF("any");
+ tmp.bv_val += LENOF("any");
+ break;
+ }
+ return LDAP_INVALID_SYNTAX;
+
+ case 'm':
+ case 'M':
+ if(( tmp.bv_len >= LENOF("mhs") ) &&
+ ( strncasecmp(tmp.bv_val, "mhs", LENOF("mhs")) == 0 ))
+ {
+ tmp.bv_len -= LENOF("mhs");
+ tmp.bv_val += LENOF("mhs");
+ break;
+ }
+ return LDAP_INVALID_SYNTAX;
+
+ case 'p':
+ case 'P':
+ if(( tmp.bv_len >= LENOF("physical") ) &&
+ ( strncasecmp(tmp.bv_val, "physical", LENOF("physical")) == 0 ))
+ {
+ tmp.bv_len -= LENOF("physical");
+ tmp.bv_val += LENOF("physical");
+ break;
+ }
+ return LDAP_INVALID_SYNTAX;
+
+ case 't':
+ case 'T': /* telex or teletex or telephone */
+ if(( tmp.bv_len >= LENOF("telex") ) &&
+ ( strncasecmp(tmp.bv_val, "telex", LENOF("telex")) == 0 ))
+ {
+ tmp.bv_len -= LENOF("telex");
+ tmp.bv_val += LENOF("telex");
+ break;
+ }
+ if(( tmp.bv_len >= LENOF("teletex") ) &&
+ ( strncasecmp(tmp.bv_val, "teletex", LENOF("teletex")) == 0 ))
+ {
+ tmp.bv_len -= LENOF("teletex");
+ tmp.bv_val += LENOF("teletex");
+ break;
+ }
+ if(( tmp.bv_len >= LENOF("telephone") ) &&
+ ( strncasecmp(tmp.bv_val, "telephone", LENOF("telephone")) == 0 ))
+ {
+ tmp.bv_len -= LENOF("telephone");
+ tmp.bv_val += LENOF("telephone");
+ break;
+ }
+ return LDAP_INVALID_SYNTAX;
+
+ case 'g':
+ case 'G': /* g3fax or g4fax */
+ if(( tmp.bv_len >= LENOF("g3fax") ) && (
+ ( strncasecmp(tmp.bv_val, "g3fax", LENOF("g3fax")) == 0 ) ||
+ ( strncasecmp(tmp.bv_val, "g4fax", LENOF("g4fax")) == 0 )))
+ {
+ tmp.bv_len -= LENOF("g3fax");
+ tmp.bv_val += LENOF("g3fax");
+ break;
+ }
+ return LDAP_INVALID_SYNTAX;
+
+ case 'i':
+ case 'I':
+ if(( tmp.bv_len >= LENOF("ia5") ) &&
+ ( strncasecmp(tmp.bv_val, "ia5", LENOF("ia5")) == 0 ))
+ {
+ tmp.bv_len -= LENOF("ia5");
+ tmp.bv_val += LENOF("ia5");
+ break;
+ }
+ return LDAP_INVALID_SYNTAX;
+
+ case 'v':
+ case 'V':
+ if(( tmp.bv_len >= LENOF("videotex") ) &&
+ ( strncasecmp(tmp.bv_val, "videotex", LENOF("videotex")) == 0 ))
+ {
+ tmp.bv_len -= LENOF("videotex");
+ tmp.bv_val += LENOF("videotex");
+ break;
+ }
+ return LDAP_INVALID_SYNTAX;
+
+ default:
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ if( tmp.bv_len == 0 ) return LDAP_SUCCESS;
+
+ while( tmp.bv_len && ( tmp.bv_val[0] == ' ' )) {
+ tmp.bv_len++;
+ tmp.bv_val--;
+ }
+ if( tmp.bv_len && ( tmp.bv_val[0] == '$' )) {
+ tmp.bv_len++;
+ tmp.bv_val--;
+ } else {
+ return LDAP_INVALID_SYNTAX;
+ }
+ while( tmp.bv_len && ( tmp.bv_val[0] == ' ' )) {
+ tmp.bv_len++;
+ tmp.bv_val--;
+ }
+
+ goto again;
+}
+
static int
nisNetgroupTripleValidate(
Syntax *syntax,
{"( 1.3.6.1.4.1.1466.115.121.1.13 DESC 'Data Quality' )",
0, NULL, NULL},
{"( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'Delivery Method' )",
- 0, NULL, NULL},
+ 0, deliveryMethodValidate, NULL},
{"( 1.3.6.1.4.1.1466.115.121.1.15 DESC 'Directory String' )",
0, UTF8StringValidate, NULL},
{"( 1.3.6.1.4.1.1466.115.121.1.16 DESC 'DIT Content Rule Description' )",
*/
struct slap_matching_rule *smr_associated;
-#define SLAP_MR_ASSOCIATED(mr,amr) (((mr) == (amr)) || \
- ((mr)->smr_associated == (amr)))
+#define SLAP_MR_ASSOCIATED(mr,amr) \
+ (((mr) == (amr)) || ((mr)->smr_associated == (amr)))
LDAP_SLIST_ENTRY(slap_matching_rule)smr_next;
struct slap_backend_db {
BackendInfo *bd_info; /* pointer to shared backend info */
+ /* fields in this structure (and routines acting on this structure)
+ should be renamed from be_ to bd_ */
+
/* BackendInfo accessors */
#define be_config bd_info->bi_db_config
#define be_type bd_info->bi_type
#define be_extended bd_info->bi_extended
+#define be_chk_referrals bd_info->bi_chk_referrals
#define be_fetch bd_info->bi_entry_get_rw
#define be_release bd_info->bi_entry_release_rw
-#define be_chk_referrals bd_info->bi_chk_referrals
#define be_group bd_info->bi_acl_group
#define be_attribute bd_info->bi_acl_attribute
#define be_operational bd_info->bi_operational
#define be_entry_modify bd_info->bi_tool_entry_modify
#endif
-#define SLAP_BFLAG_NOLASTMOD 0x0001U
-#define SLAP_BFLAG_NO_SCHEMA_CHECK 0x0002U
-#define SLAP_BFLAG_GLUE_INSTANCE 0x0010U /* a glue backend */
-#define SLAP_BFLAG_GLUE_SUBORDINATE 0x0020U /* child of a glue hierarchy */
-#define SLAP_BFLAG_GLUE_LINKED 0x0040U /* child is connected to parent */
-#define SLAP_BFLAG_MONITOR 0x0080U /* a monitor backend */
-#define SLAP_BFLAG_INCREMENT 0x0100U
-#define SLAP_BFLAG_ALIASES 0x1000U
-#define SLAP_BFLAG_REFERRALS 0x2000U
-#define SLAP_BFLAG_SUBENTRIES 0x4000U
-#define SLAP_BFLAG_DYNAMIC 0x8000U
+/* Database flags */
+#define SLAP_DBFLAG_NOLASTMOD 0x0001U
+#define SLAP_DBFLAG_NO_SCHEMA_CHECK 0x0002U
+#define SLAP_DBFLAG_GLUE_INSTANCE 0x0010U /* a glue backend */
+#define SLAP_DBFLAG_GLUE_SUBORDINATE 0x0020U /* child of a glue hierarchy */
+#define SLAP_DBFLAG_GLUE_LINKED 0x0040U /* child is connected to parent */
+#define SLAP_DBFLAG_SHADOW 0x8000U /* a shadow */
slap_mask_t be_flags;
-#define SLAP_LASTMOD(be) (!((be)->be_flags & SLAP_BFLAG_NOLASTMOD))
-#define SLAP_NO_SCHEMA_CHECK(be) (((be)->be_flags & SLAP_BFLAG_NO_SCHEMA_CHECK))
-#define SLAP_GLUE_INSTANCE(be) ((be)->be_flags & SLAP_BFLAG_GLUE_INSTANCE)
-#define SLAP_GLUE_SUBORDINATE(be) \
- ((be)->be_flags & SLAP_BFLAG_GLUE_SUBORDINATE)
-#define SLAP_GLUE_LINKED(be) ((be)->be_flags & SLAP_BFLAG_GLUE_LINKED)
-
-#define SLAP_MONITOR(be) ((be)->be_flags & SLAP_BFLAG_MONITOR)
-#define SLAP_INCREMENT(be) ((be)->be_flags & SLAP_BFLAG_INCREMENT)
-
-#define SLAP_ALIASES(be) ((be)->be_flags & SLAP_BFLAG_ALIASES)
-#define SLAP_REFERRALS(be) ((be)->be_flags & SLAP_BFLAG_REFERRALS)
-#define SLAP_SUBENTRIES(be) ((be)->be_flags & SLAP_BFLAG_SUBENTRIES)
-#define SLAP_DYNAMIC(be) ((be)->be_flags & SLAP_BFLAG_DYNAMIC)
-
+#define SLAP_DBFLAGS(be) ((be)->be_flags)
+#define SLAP_NOLASTMOD(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_NOLASTMOD)
+#define SLAP_LASTMOD(be) (!SLAP_NOLASTMOD(be))
+#define SLAP_NO_SCHEMA_CHECK(be) \
+ (SLAP_DBFLAGS(be) & SLAP_DBFLAG_NO_SCHEMA_CHECK)
+#define SLAP_GLUE_INSTANCE(be) \
+ (SLAP_DBFLAGS(be) & SLAP_DBFLAG_GLUE_INSTANCE)
+#define SLAP_GLUE_SUBORDINATE(be) \
+ (SLAP_DBFLAGS(be) & SLAP_DBFLAG_GLUE_SUBORDINATE)
+#define SLAP_GLUE_LINKED(be) \
+ (SLAP_DBFLAGS(be) & SLAP_DBFLAG_GLUE_LINKED)
+#define SLAP_SHADOW(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SHADOW)
slap_mask_t be_restrictops; /* restriction operations */
#define SLAP_RESTRICT_OP_ADD 0x0001U
/* Required Security Strength Factor */
slap_ssf_set_t be_ssf_set;
- /* these should be renamed from be_ to bd_ */
BerVarray be_suffix; /* the DN suffixes of data in this backend */
BerVarray be_nsuffix; /* the normalized DN suffixes in this backend */
struct berval be_schemadn; /* per-backend subschema subentry DN */
struct slap_limits **be_limits; /* regex-based size and time limits */
AccessControl *be_acl; /* access control list for this backend */
slap_access_t be_dfltaccess; /* access given if no acl matches */
+
+ /* Replica Information */
struct slap_replica_info **be_replica; /* replicas of this backend (in master) */
char *be_replogfile; /* replication log file (in master) */
struct berval be_update_ndn; /* allowed to make changes (in replicas) */
BerVarray be_update_refs; /* where to refer modifying clients to */
- char *be_realm;
- void *be_private; /* anything the backend database needs */
-
- void *be_pb; /* Netscape plugin */
LDAP_TAILQ_HEAD( be_pcl, slap_csn_entry ) be_pending_csn_list;
ldap_pvt_thread_mutex_t be_pcl_mutex;
struct berval be_context_csn;
ldap_pvt_thread_mutex_t be_context_csn_mutex;
LDAP_STAILQ_HEAD( be_si, syncinfo_s ) be_syncinfo; /* For syncrepl */
+
+ char *be_realm;
+ void *be_pb; /* Netscape plugin */
+
+ void *be_private; /* anything the backend database needs */
};
struct slap_conn;
rep_search_s sru_search;
} sr_un;
slap_mask_t sr_flags;
-#define REP_ENTRY_MODIFIABLE 0x00000001
-#define REP_ENTRY_MUSTBEFREED 0x00000002
-#define REP_MATCHED_MUSTBEFREED 0x00000010
+#define REP_ENTRY_MODIFIABLE 0x0001U
+#define REP_ENTRY_MUSTBEFREED 0x0002U
+#define REP_MATCHED_MUSTBEFREED 0x0010U
+#define REP_REF_MUSTBEFREED 0x0020U
} SlapReply;
/* short hands for response members */
typedef int (BI_op_delete) LDAP_P(( struct slap_op *op, struct slap_rep *rs ));
typedef int (BI_op_abandon) LDAP_P(( struct slap_op *op, struct slap_rep *rs ));
typedef int (BI_op_cancel) LDAP_P(( struct slap_op *op, struct slap_rep *rs ));
-typedef int (BI_op_extended) LDAP_P(( struct slap_op *op, struct slap_rep *rs ));
-typedef int (BI_entry_release_rw) LDAP_P(( struct slap_op *op, Entry *e, int rw ));
+typedef int (BI_op_extended) LDAP_P((
+ struct slap_op *op, struct slap_rep *rs ));
+typedef int (BI_chk_referrals) LDAP_P((
+ struct slap_op *op, struct slap_rep *rs ));
+typedef int (BI_entry_release_rw)
+ LDAP_P(( struct slap_op *op, Entry *e, int rw ));
typedef int (BI_entry_get_rw) LDAP_P(( struct slap_op *op, struct berval *ndn,
ObjectClass *oc, AttributeDescription *at, int rw, Entry **e ));
-typedef int (BI_chk_referrals) LDAP_P(( struct slap_op *op, struct slap_rep *rs ));
-typedef int (BI_operational) LDAP_P(( struct slap_op *op, struct slap_rep *rs, int opattrs, Attribute **ap ));
-typedef int (BI_has_subordinates) LDAP_P(( struct slap_op *op, Entry *e, int *hasSubs ));
+typedef int (BI_operational) LDAP_P(( struct slap_op *op, struct slap_rep *rs,
+ int opattrs, Attribute **ap ));
+typedef int (BI_has_subordinates) LDAP_P(( struct slap_op *op,
+ Entry *e, int *hasSubs ));
-typedef int (BI_connection_init) LDAP_P((BackendDB *bd,
- struct slap_conn *c));
-typedef int (BI_connection_destroy) LDAP_P((BackendDB *bd,
- struct slap_conn *c));
+typedef int (BI_connection_init) LDAP_P(( BackendDB *bd,
+ struct slap_conn *c ));
+typedef int (BI_connection_destroy) LDAP_P(( BackendDB *bd,
+ struct slap_conn *c ));
typedef int (BI_tool_entry_open) LDAP_P(( BackendDB *be, int mode ));
typedef int (BI_tool_entry_close) LDAP_P(( BackendDB *be ));
typedef ID (BI_tool_entry_next) LDAP_P(( BackendDB *be ));
typedef Entry* (BI_tool_entry_get) LDAP_P(( BackendDB *be, ID id ));
typedef ID (BI_tool_entry_put) LDAP_P(( BackendDB *be, Entry *e,
- struct berval *text ));
+ struct berval *text ));
typedef int (BI_tool_entry_reindex) LDAP_P(( BackendDB *be, ID id ));
typedef int (BI_tool_sync) LDAP_P(( BackendDB *be ));
typedef ID (BI_tool_dn2id_get) LDAP_P(( BackendDB *be, struct berval *dn ));
typedef int (BI_tool_id2entry_get) LDAP_P(( BackendDB *be, ID id, Entry **e ));
typedef ID (BI_tool_entry_modify) LDAP_P(( BackendDB *be, Entry *e,
- struct berval *text ));
+ struct berval *text ));
struct slap_backend_info {
char *bi_type; /* type of backend */
BI_op_extended *bi_extended;
/* Auxilary Functions */
+ BI_chk_referrals *bi_chk_referrals;
BI_entry_get_rw *bi_entry_get_rw;
BI_entry_release_rw *bi_entry_release_rw;
- BI_chk_referrals *bi_chk_referrals;
BI_operational *bi_operational;
BI_has_subordinates *bi_has_subordinates;
#define SLAP_INDEX_ADD_OP 0x0001
#define SLAP_INDEX_DELETE_OP 0x0002
+ slap_mask_t bi_flags; /* backend flags */
+#define SLAP_BFLAG_MONITOR 0x0001U /* a monitor backend */
+#define SLAP_BFLAG_INCREMENT 0x0100U
+#define SLAP_BFLAG_ALIASES 0x1000U
+#define SLAP_BFLAG_REFERRALS 0x2000U
+#define SLAP_BFLAG_SUBENTRIES 0x4000U
+#define SLAP_BFLAG_DYNAMIC 0x8000U
+
+#define SLAP_BFLAGS(be) ((be)->bd_info->bi_flags)
+#define SLAP_MONITOR(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_MONITOR)
+#define SLAP_INCREMENT(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_INCREMENT)
+#define SLAP_ALIASES(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_ALIASES)
+#define SLAP_REFERRALS(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_REFERRALS)
+#define SLAP_SUBENTRIES(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_SUBENTRIES)
+#define SLAP_DYNAMIC(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_DYNAMIC)
+
char **bi_controls; /* supported controls */
unsigned int bi_nDB; /* number of databases of this type */
ID ps_id;
} PagedResultsState;
-
#define LDAP_PSEARCH_BY_ADD 0x01
#define LDAP_PSEARCH_BY_DELETE 0x02
#define LDAP_PSEARCH_BY_PREMODIFY 0x03
};
struct slap_csn_entry {
- struct berval *csn;
- unsigned long opid;
- unsigned long connid;
+ struct berval *ce_csn;
+ unsigned long ce_opid;
+ unsigned long ce_connid;
#define SLAP_CSN_PENDING 1
#define SLAP_CSN_COMMIT 2
- long state;
- LDAP_TAILQ_ENTRY (slap_csn_entry) csn_link;
+ long ce_state;
+ LDAP_TAILQ_ENTRY (slap_csn_entry) ce_csn_link;
};
/*
exit( EXIT_FAILURE );
}
+ if ( overlay_init() ) {
+ fprintf( stderr, "%s: overlay_init failed!\n", progname );
+ exit( EXIT_FAILURE );
+ }
+
rc = read_config( conffile, 0 );
if ( rc != 0 ) {
if ( op->o_bd == NULL ) {
rc = LDAP_PARTIAL_RESULTS;
} else {
- int repl_user = be_isupdate( op->o_bd, &op->o_bd->be_rootdn );
+ int repl_user = be_isupdate_dn( op->o_bd, &op->o_bd->be_rootdn );
if ( !op->o_bd->be_update_ndn.bv_len || repl_user ) {
int update = op->o_bd->be_update_ndn.bv_len;
char textbuf[SLAP_TEXT_BUFLEN];
op->o_ndn = pConn->c_ndn = op->o_bd->be_rootndn;
if ( op->o_bd->be_delete ) {
- int repl_user = be_isupdate( op->o_bd, &op->o_ndn );
+ int repl_user = be_isupdate( op );
if ( !op->o_bd->be_update_ndn.bv_len || repl_user ) {
slap_callback cb = { NULL, slap_replog_cb, NULL, NULL };
if ( log_change ) op->o_callback = &cb;
op->oq_add.rs_e = *e;
if ( op->o_bd->be_add ) {
- int repl_user = be_isupdate( op->o_bd, &op->o_ndn );
+ int repl_user = be_isupdate( op );
if ( !op->o_bd->be_update_ndn.bv_len || repl_user ) {
slap_callback cb = { NULL, slap_replog_cb, NULL, NULL };
if ( log_changes ) op->o_callback = &cb;
op->oq_modrdn.rs_deleteoldrdn = deloldrdn;
if ( op->o_bd->be_modrdn ) {
- int repl_user = be_isupdate( op->o_bd, &op->o_ndn );
+ int repl_user = be_isupdate( op );
if ( !op->o_bd->be_update_ndn.bv_len || repl_user ) {
slap_callback cb = { NULL, slap_replog_cb, NULL, NULL };
if ( log_change ) op->o_callback = &cb;
op->oq_modify.rs_modlist = modlist;
if ( op->o_bd->be_modify ) {
- int repl_user = be_isupdate( op->o_bd, &op->o_ndn );
+ int repl_user = be_isupdate( op );
if ( !op->o_bd->be_update_ndn.bv_len || repl_user ) {
int update = op->o_bd->be_update_ndn.bv_len;
const char *text = NULL;
char *opAuthType;
if ( op->o_bd != NULL ) {
- isRoot = be_isroot( op->o_bd, &op->o_ndn );
- isUpdateDn = be_isupdate( op->o_bd, &op->o_ndn );
+ isRoot = be_isroot( op );
+ isUpdateDn = be_isupdate( op );
}
rc = slapi_int_pblock_set_backend( pb, op->o_bd );
ber_dupbv( &cnbva[0], (struct berval *) &slap_syncrepl_bvc );
assert( si->si_rid < 1000 );
cnbva[0].bv_len = snprintf( cnbva[0].bv_val,
- slap_syncrepl_bvc.bv_len,
+ slap_syncrepl_bvc.bv_len + 1,
"syncrepl%ld", si->si_rid );
mod = (Modifications *) ch_calloc( 1, sizeof( Modifications ));
mod->sml_op = LDAP_MOD_REPLACE;
slap_syncrepl_cn_bv.bv_val = syncrepl_cbuf;
assert( si->si_rid < 1000 );
slap_syncrepl_cn_bv.bv_len = snprintf( slap_syncrepl_cn_bv.bv_val,
- slap_syncrepl_cn_bvc.bv_len,
+ slap_syncrepl_cn_bvc.bv_len + 1,
"cn=syncrepl%ld", si->si_rid );
build_new_dn( &slap_syncrepl_dn_bv, pdn, &slap_syncrepl_cn_bv,
projects / openldap / commitdiff