exploit new frontend API 2 protocol error mapping; use urldesc...

diff --git a/servers/slapd/back-ldap/back-ldap.h b/servers/slapd/back-ldap/back-ldap.h
index c4692f361e0301d2c14540f18f362372dad31dcd..2c1c2ce07f07dc8e083becdc1da62609770c1475 100644 (file)
--- a/servers/slapd/back-ldap/back-ldap.h
+++ b/servers/slapd/back-ldap/back-ldap.h
@@ -80,7 +80,8 @@ struct ldaprwmap {
 
 struct ldapinfo {
        struct slap_backend_db  *be;
-       char *url;
+       char            *url;
+       LDAPURLDesc     *lud;
        struct berval binddn;
        struct berval bindpw;
 #ifdef LDAP_BACK_PROXY_AUTHZ

diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
index 29bc8b24ab2c511f017d13642ad122b37c846efc..76d73abfb7b829449b3d65b7bf24cd19040ca875 100644 (file)
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -248,7 +248,7 @@ ldap_back_getconn(Operation *op, SlapReply *rs)
                rs->sr_err = ldap_initialize(&ld, li->url);
                
                if (rs->sr_err != LDAP_SUCCESS) {
-                       rs->sr_err = ldap_back_map_result(rs);
+                       rs->sr_err = slap_map_api2result( rs );
                        if (rs->sr_text == NULL) {
                                rs->sr_text = "ldap_initialize() failed";
                        }
@@ -446,10 +446,10 @@ ldap_back_rebind( LDAP *ld, LDAP_CONST char *url, ber_tag_t request,
        return ldap_bind_s( ld, lc->bound_dn.bv_val, lc->cred.bv_val, LDAP_AUTH_SIMPLE );
 }
 
+#if 0 /* deprecated in favour of slap_map_api2result() */
 /* Map API errors to protocol errors... */
-
 int
-ldap_back_map_result(SlapReply *rs)
+ldap_back_map_result( SlapReply *rs )
 {
        switch(rs->sr_err)
        {
@@ -489,12 +489,12 @@ ldap_back_map_result(SlapReply *rs)
        case LDAP_REFERRAL_LIMIT_EXCEEDED:
                return LDAP_LOOP_DETECT;
        default:
-               if LDAP_API_ERROR(rs->sr_err)
+               if ( LDAP_API_ERROR(rs->sr_err) )
                        return LDAP_OTHER;
-               else
-                       return rs->sr_err;
+               return rs->sr_err;
        }
 }
+#endif
 
 int
 ldap_back_op_result(struct ldapconn *lc, Operation *op, SlapReply *rs,
@@ -502,28 +502,43 @@ ldap_back_op_result(struct ldapconn *lc, Operation *op, SlapReply *rs,
 {
        struct ldapinfo *li = (struct ldapinfo *)op->o_bd->be_private;
        char *match = NULL;
-       LDAPMessage *res;
+       LDAPMessage *res = NULL;
        char *text = NULL;
 
+#define        ERR_OK(err) ((err) == LDAP_SUCCESS || (err) == LDAP_COMPARE_FALSE || (err) == LDAP_COMPARE_TRUE)
+
        rs->sr_text = NULL;
        rs->sr_matched = NULL;
 
-       if (rs->sr_err == LDAP_SUCCESS) {
-               if (ldap_result(lc->ld, msgid, 1, NULL, &res) == -1) {
+       /* if the error recorded in the reply corresponds
+        * to a successful state, get the error from the
+        * remote server response */
+       if ( ERR_OK( rs->sr_err ) ) {
+               /* if result parsing fails, note the failure reason */
+               if ( ldap_result( lc->ld, msgid, 1, NULL, &res ) == -1 ) {
                        ldap_get_option(lc->ld, LDAP_OPT_ERROR_NUMBER,
                                        &rs->sr_err);
+
+               /* otherwise get the result; if it is not
+                * LDAP_SUCCESS, record it in the reply
+                * structure (this includes 
+                * LDAP_COMPARE_{TRUE|FALSE}) */
                } else {
                        int rc = ldap_parse_result(lc->ld, res, &rs->sr_err,
                                        &match, &text, NULL, NULL, 1);
                        rs->sr_text = text;
-                       if (rc != LDAP_SUCCESS) rs->sr_err = rc;
+                       if ( rc != LDAP_SUCCESS ) rs->sr_err = rc;
                }
        }
 
-       if (rs->sr_err != LDAP_SUCCESS) {
-               rs->sr_err = ldap_back_map_result(rs);
+       /* if the error in the reply structure is not
+        * LDAP_SUCCESS, try to map it from client 
+        * to server error */
+       if ( !ERR_OK( rs->sr_err ) ) {
+               rs->sr_err = slap_map_api2result( rs );
 
-               /* internal ops must not reply to client */
+               /* internal ops ( op->o_conn == NULL ) 
+                * must not reply to client */
                if ( op->o_conn && !op->o_do_not_cache && match ) {
                        struct berval dn, mdn;
                        dncookie dc;
@@ -539,11 +554,14 @@ ldap_back_op_result(struct ldapconn *lc, Operation *op, SlapReply *rs,
 #endif
                        ber_str2bv(match, 0, 0, &dn);
                        ldap_back_dn_massage(&dc, &dn, &mdn);
+
+                       /* record the (massaged) matched
+                        * DN into the reply structure */
                        rs->sr_matched = mdn.bv_val;
                                
                }
        }
-       if (op->o_conn && (sendok || rs->sr_err != LDAP_SUCCESS)) {
+       if ( op->o_conn && ( sendok || rs->sr_err != LDAP_SUCCESS ) ) {
                send_ldap_result( op, rs );
        }
        if ( match ) {
@@ -557,7 +575,7 @@ ldap_back_op_result(struct ldapconn *lc, Operation *op, SlapReply *rs,
                ldap_memfree( text );
        }
        rs->sr_text = NULL;
-       return( (rs->sr_err == LDAP_SUCCESS) ? 0 : -1 );
+       return( ERR_OK( rs->sr_err ) ? 0 : -1 );
 }
 
 #ifdef LDAP_BACK_PROXY_AUTHZ

diff --git a/servers/slapd/back-ldap/config.c b/servers/slapd/back-ldap/config.c
index 32da6f9f3de7ee56e82fe39d3f2bc529f923ceed..4ba003666539e5f2f67f5f0ce9ed4633f0d40604 100644 (file)
--- a/servers/slapd/back-ldap/config.c
+++ b/servers/slapd/back-ldap/config.c
@@ -70,7 +70,7 @@ ldap_back_db_config(
 
        /* URI of server to query (preferred over "server" directive) */
        } else if ( strcasecmp( argv[0], "uri" ) == 0 ) {
-               LDAPURLDesc     *lud, tmplud;
+               LDAPURLDesc     tmplud;
 
                if (argc != 2) {
                        fprintf( stderr, "%s: line %d: "
@@ -82,8 +82,11 @@ ldap_back_db_config(
                if ( li->url != NULL ) {
                        ch_free( li->url );
                }
+               if ( li->lud != NULL ) {
+                       ldap_free_urldesc( li->lud );
+               }
 
-               if ( ldap_url_parse( argv[ 1 ], &lud ) != LDAP_URL_SUCCESS ) {
+               if ( ldap_url_parse( argv[ 1 ], &li->lud ) != LDAP_URL_SUCCESS ) {
                        fprintf( stderr, "%s: line %d: "
                                "unable to parse uri \"%s\" "
                                "in \"uri <uri>\" line\n",
@@ -91,10 +94,10 @@ ldap_back_db_config(
                        return 1;
                }
 
-               if ( ( lud->lud_dn != NULL && lud->lud_dn[0] != '\0' )
-                               || lud->lud_attrs != NULL
-                               || lud->lud_filter != NULL
-                               || lud->lud_exts != NULL )
+               if ( ( li->lud->lud_dn != NULL && li->lud->lud_dn[0] != '\0' )
+                               || li->lud->lud_attrs != NULL
+                               || li->lud->lud_filter != NULL
+                               || li->lud->lud_exts != NULL )
                {
                        fprintf( stderr, "%s: line %d: "
                                "warning, only protocol, "
@@ -105,7 +108,7 @@ ldap_back_db_config(
 
 #if 0
                tmplud = *lud;
-               tmplud.lud_dn = NULL;
+               tmplud.lud_dn = "";
                tmplud.lud_attrs = NULL;
                tmplud.lud_filter = NULL;
                if ( !ldap_is_ldapi_url( argv[ 1 ] ) ) {
@@ -125,8 +128,6 @@ ldap_back_db_config(
                li->url = ch_strdup( argv[ 1 ] );
 #endif
 
-               ldap_free_urldesc( lud );
-
        /* name to use for ldap_back_group */
        } else if ( strcasecmp( argv[0], "binddn" ) == 0 ) {
                if (argc != 2) {
@@ -396,6 +397,7 @@ ldap_back_map_config(
                                /*
                                 * FIXME: this should become an err
                                 */
+                               goto error_return;
                        }
                }
 
@@ -421,6 +423,7 @@ ldap_back_map_config(
                                /*
                                 * FIXME: this should become an err
                                 */
+                               goto error_return;
                        }
 
                        ad = NULL;
@@ -441,7 +444,6 @@ ldap_back_map_config(
                fprintf( stderr,
                        "%s: line %d: duplicate mapping found (ignored)\n",
                        fname, lineno );
-               /* FIXME: free stuff */
                goto error_return;
        }
 
@@ -515,16 +517,16 @@ ldap_back_exop_whoami(
                }
                ch_free(c.ldctl_value.bv_val);
                if (rs->sr_err != LDAP_SUCCESS) {
-                       rs->sr_err = ldap_back_map_result(rs);
+                       rs->sr_err = slap_map_api2result( rs );
                }
        } else {
        /* else just do the same as before */
                bv = (struct berval *) ch_malloc( sizeof(struct berval) );
                if( op->o_dn.bv_len ) {
-                       bv->bv_len = op->o_dn.bv_len + sizeof("dn:")-1;
+                       bv->bv_len = op->o_dn.bv_len + sizeof("dn:") - 1;
                        bv->bv_val = ch_malloc( bv->bv_len + 1 );
-                       AC_MEMCPY( bv->bv_val, "dn:", sizeof("dn:")-1 );
-                       AC_MEMCPY( &bv->bv_val[sizeof("dn:")-1], op->o_dn.bv_val,
+                       AC_MEMCPY( bv->bv_val, "dn:", sizeof("dn:") - 1 );
+                       AC_MEMCPY( &bv->bv_val[sizeof("dn:") - 1], op->o_dn.bv_val,
                                op->o_dn.bv_len );
                        bv->bv_val[bv->bv_len] = '\0';
                } else {
@@ -633,15 +635,6 @@ suffix_massage_config(
        ch_free( rargv[ 1 ] );
        ch_free( rargv[ 2 ] );
 
-#if 0 /*  "matched" is not normalized */
-       rargv[ 0 ] = "rewriteContext";
-       rargv[ 1 ] = "matchedDN";
-       rargv[ 2 ] = "alias";
-       rargv[ 3 ] = "searchResult";
-       rargv[ 4 ] = NULL;
-       rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
-#else /* normalize "matched" */
-
        rargv[ 0 ] = "rewriteContext";
        rargv[ 1 ] = "matchedDN";
        rargv[ 2 ] = "alias";
@@ -656,18 +649,6 @@ suffix_massage_config(
        rargv[ 4 ] = NULL;
        rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
 
-#if 0
-       rargv[ 0 ] = "rewriteRule";
-       rargv[ 1 ] = suffix_massage_regexize( prnc->bv_val );
-       rargv[ 2 ] = suffix_massage_patternize( nvnc->bv_val );
-       rargv[ 3 ] = ":";
-       rargv[ 4 ] = NULL;
-       rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
-       ch_free( rargv[ 1 ] );
-       ch_free( rargv[ 2 ] );
-#endif /* 0 */
-#endif /* normalize "matched" */
-
        return 0;
 }
 #endif /* ENABLE_REWRITE */

diff --git a/servers/slapd/back-ldap/extended.c b/servers/slapd/back-ldap/extended.c
index 4403fbaaf51dcc831385f385148284100b083002..1cf5a0444fbd7d3dae8d13dcfbc74e4c0e870e62 100644 (file)
--- a/servers/slapd/back-ldap/extended.c
+++ b/servers/slapd/back-ldap/extended.c
@@ -166,7 +166,7 @@ ldap_back_exop_passwd(
                }
        }
        if (rc != LDAP_SUCCESS) {
-               rs->sr_err = ldap_back_map_result(rs);
+               rs->sr_err = slap_map_api2result( rs );
                send_ldap_result(op, rs);
                if (rs->sr_matched) free((char *)rs->sr_matched);
                if (rs->sr_text) free((char *)rs->sr_text);

diff --git a/servers/slapd/back-ldap/init.c b/servers/slapd/back-ldap/init.c
index ed0f9019fd9a0a5a237710a54ee7c91920cb94cb..cd5466122ab8ab3914e496225cc1d2044e86c409 100644 (file)
--- a/servers/slapd/back-ldap/init.c
+++ b/servers/slapd/back-ldap/init.c
@@ -197,6 +197,10 @@ ldap_back_db_destroy(
                        ch_free(li->url);
                        li->url = NULL;
                }
+               if ( li->lud ) {
+                       ldap_free_urldesc( li->lud );
+                       li->lud = NULL;
+               }
                if (li->binddn.bv_val) {
                        ch_free(li->binddn.bv_val);
                        li->binddn.bv_val = NULL;

diff --git a/servers/slapd/back-ldap/search.c b/servers/slapd/back-ldap/search.c
index 6cf7697fdafc54bb1bcfbcfc0c8376e0797f407a..b0d137cb0e8b77197bae5050ebb8ad7def400137 100644 (file)
--- a/servers/slapd/back-ldap/search.c
+++ b/servers/slapd/back-ldap/search.c
@@ -260,7 +260,7 @@ fail:;
                                        &match.bv_val, (char **)&rs->sr_text,
                                        NULL, NULL, 1);
                        if (rc != LDAP_SUCCESS ) rs->sr_err = rc;
-                       rs->sr_err = ldap_back_map_result(rs);
+                       rs->sr_err = slap_map_api2result( rs );
                        rc = 0;
                        break;
                }