/* require 2.1.3 or later */
#if SASL_VERSION_MAJOR == 2 && SASL_VERSION_MINOR > 1
- __sasl_compat "2.2+ or better okay (we guess)";
+ char *__sasl_compat = "2.2+ or better okay (we guess)";
#elif SASL_VERSION_MAJOR == 2 && SASL_VERSION_MINOR == 1 \
&& SASL_VERSION_STEP >=3
- __sasl_compat = "2.1.3+ or better okay";
+ char *__sasl_compat = "2.1.3+ or better okay";
#endif
], [ol_cv_sasl_compat=yes], [ol_cv_sasl_compat=no])])
])
#! /bin/sh
# $OpenLDAP$
-# from OpenLDAP: pkg/ldap/configure.in,v 1.478.2.3 2003/05/31 19:06:55 kurt Exp
+# from OpenLDAP: pkg/ldap/configure.in,v 1.478.2.4 2003/09/18 15:43:27 kurt Exp
# Copyright 1998-2003 The OpenLDAP Foundation. All Rights Reserved.
#
/* require 2.1.3 or later */
#if SASL_VERSION_MAJOR == 2 && SASL_VERSION_MINOR > 1
- __sasl_compat "2.2+ or better okay (we guess)";
+ char *__sasl_compat = "2.2+ or better okay (we guess)";
#elif SASL_VERSION_MAJOR == 2 && SASL_VERSION_MINOR == 1 \
&& SASL_VERSION_STEP >=3
- __sasl_compat = "2.1.3+ or better okay";
+ char *__sasl_compat = "2.1.3+ or better okay";
#endif
EOF
strstr \
strtol \
strtoul \
+ strtoq \
+ strtouq \
+ strtoll \
strspn \
sysconf \
usleep \
do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:22558: checking for $ac_func" >&5
+echo "configure:22561: checking for $ac_func" >&5
if eval "test \"\${ac_cv_func_$ac_func+set}\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 22563 "configure"
+#line 22566 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char $ac_func(); below. */
; return 0; }
EOF
-if { (eval echo configure:22587: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:22590: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_func_$ac_func=yes"
else
for ac_func in getopt getpeereid
do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:22615: checking for $ac_func" >&5
+echo "configure:22618: checking for $ac_func" >&5
if eval "test \"\${ac_cv_func_$ac_func+set}\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 22620 "configure"
+#line 22623 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char $ac_func(); below. */
; return 0; }
EOF
-if { (eval echo configure:22644: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:22647: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_func_$ac_func=yes"
else
fi
if test "$ac_cv_func_getpeereid" != yes; then
echo $ac_n "checking for msg_accrights in msghdr""... $ac_c" 1>&6
-echo "configure:22676: checking for msg_accrights in msghdr" >&5
+echo "configure:22679: checking for msg_accrights in msghdr" >&5
if eval "test \"\${ol_cv_msghdr_msg_accrights+set}\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 22681 "configure"
+#line 22684 "configure"
#include "confdefs.h"
#include <sys/socket.h>
int main() {
struct msghdr m; m.msg_accrightslen=0
; return 0; }
EOF
-if { (eval echo configure:22688: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:22691: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
rm -rf conftest*
ol_cv_msghdr_msg_accrights=yes
else
# Check Configuration
echo $ac_n "checking declaration of sys_errlist""... $ac_c" 1>&6
-echo "configure:22728: checking declaration of sys_errlist" >&5
+echo "configure:22731: checking declaration of sys_errlist" >&5
if eval "test \"\${ol_cv_dcl_sys_errlist+set}\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 22734 "configure"
+#line 22737 "configure"
#include "confdefs.h"
#include <stdio.h>
char *c = (char *) *sys_errlist
; return 0; }
EOF
-if { (eval echo configure:22747: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:22750: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
rm -rf conftest*
ol_cv_dcl_sys_errlist=yes
ol_cv_have_sys_errlist=yes
echo $ac_n "checking existence of sys_errlist""... $ac_c" 1>&6
-echo "configure:22770: checking existence of sys_errlist" >&5
+echo "configure:22773: checking existence of sys_errlist" >&5
if eval "test \"\${ol_cv_have_sys_errlist+set}\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 22776 "configure"
+#line 22779 "configure"
#include "confdefs.h"
#include <errno.h>
int main() {
char *c = (char *) *sys_errlist
; return 0; }
EOF
-if { (eval echo configure:22783: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:22786: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
ol_cv_have_sys_errlist=yes
else
do
ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:22811: checking for $ac_hdr" >&5
+echo "configure:22814: checking for $ac_hdr" >&5
if eval "test \"\${ac_cv_header_$ac_safe+set}\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 22816 "configure"
+#line 22819 "configure"
#include "confdefs.h"
#include <$ac_hdr>
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:22821: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:22824: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
rm -rf conftest*
{ echo "configure: error: could not locate <ltdl.h>" 1>&2; exit 1; }
fi
echo $ac_n "checking for lt_dlinit in -lltdl""... $ac_c" 1>&6
-echo "configure:22852: checking for lt_dlinit in -lltdl" >&5
+echo "configure:22855: checking for lt_dlinit in -lltdl" >&5
ac_lib_var=`echo ltdl'_'lt_dlinit | sed 'y%./+-:%__p__%'`
if eval "test \"\${ac_cv_lib_$ac_lib_var+set}\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
ac_save_LIBS="$LIBS"
LIBS="-lltdl $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 22860 "configure"
+#line 22863 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
lt_dlinit()
; return 0; }
EOF
-if { (eval echo configure:22871: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:22874: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
[ol_cv_type_long_long=yes],
[ol_cv_type_long_long=no])])
if test $ol_cv_type_long_long = yes; then
- AC_DEFINE(HAVE_LONG_LONG, 1, [define if you have `long long'])
+ AC_DEFINE(HAVE_LONG_LONG, 1, [define if you have 'long long'])
fi
AC_TYPE_MODE_T
strstr \
strtol \
strtoul \
+ strtoq \
+ strtouq \
+ strtoll \
strspn \
sysconf \
usleep \
be specified in this list, which will affect all the attributes that
are required and/or allowed by that objectClass.
.LP
-The last three statements are additive; they can be used in sequence
+Using the form
+.B attrs=<attr> val[.<style>]=<value>
+specifies access to a particular value of a single attribute.
+In this case, only a single attribute type may be given. A value
+.B <style>
+of
+.B exact
+(the default) uses the attribute's equality matching rule to compare the
+value. If the
+.B <style>
+is
+.BR regex ,
+the provided value is used as a regular expression pattern.
+.LP
+The dn, filter, and attrs statements are additive; they can be used in sequence
to select entities the access rule applies to based on naming context,
value and attribute type simultaneously.
.LP
.B dnattr=<attrname>
means that access is granted to requests whose DN is listed in the
entry being accessed under the
-.B attrname
+.B <attrname>
attribute.
.LP
The statement
.B group=<group>
means that access is granted to requests whose DN is listed
in the group entry whose DN is given by
-.BR group .
+.BR <group> .
The optional parameters
-.B objectclass
+.B <objectclass>
and
-.B attrname
+.B <attrname>
define the objectClass and the member attributeType of the group entry.
The optional style qualifier
-.B style
+.B <style>
can be
.BR regex ,
which means that
-.B pattern
-will be expanded accorging to regex (7), and
+.B <group>
+will be expanded according to regex (7), and
.B base
or
.B exact
.BR base ),
which means that exact match will be used.
.LP
+For static groups, the specified attributeType must have
+.B DistinguishedName
+or
+.B NameAndOptionalUID
+syntax. For dynamic groups the attributeType must
+be a subtype of the
+.B labeledURI
+attributeType. Only LDAP URIs of the form
+.B ldap:///<base>??<scope>?<filter>
+will be evaluated in a dynamic group.
+.LP
The statements
.BR peername=<peername> ,
.BR sockname=<sockname> ,
/* Define if you have the strtol function. */
#undef HAVE_STRTOL
+/* Define if you have the strtoll function. */
+#undef HAVE_STRTOLL
+
+/* Define if you have the strtoq function. */
+#undef HAVE_STRTOQ
+
/* Define if you have the strtoul function. */
#undef HAVE_STRTOUL
+/* Define if you have the strtouq function. */
+#undef HAVE_STRTOUQ
+
/* Define if you have the sysconf function. */
#undef HAVE_SYSCONF
/* define if you have -lslp */
#undef HAVE_SLP
-/* define if you have `long long' */
+/* define if you have 'long long' */
#undef HAVE_LONG_LONG
/* Define to `int' if <sys/types.h> does not define. */
sasl_getprop( p->sasl_context, SASL_MAXOUTBUF,
(SASL_CONST void **) &p->sasl_maxbuf );
- if ( p->sasl_maxbuf == 0 )
- p->sasl_maxbuf = SASL_MAX_BUFF_SIZE;
-
sbiod->sbiod_pvt = p;
return 0;
AccessControl *ac, int *count,
Operation *op, Entry *e,
AttributeDescription *desc,
+ struct berval *val,
int nmatches, regmatch_t *matches );
static slap_control_t acl_mask(
memset(matches, '\0', sizeof(matches));
}
- while((a = acl_get( a, &count, op, e, desc,
+ while((a = acl_get( a, &count, op, e, desc, val,
MAXREMATCHES, matches )) != NULL)
{
int i;
done:
if( state != NULL ) {
/* If not value-dependent, save ACL in case of more attrs */
- if ( !(state->as_recorded & ACL_STATE_RECORDED_VD) )
+ if ( !(state->as_recorded & ACL_STATE_RECORDED_VD) ) {
state->as_vi_acl = a;
+ state->as_result = ret;
+ }
state->as_recorded |= ACL_STATE_RECORDED;
- state->as_result = ret;
}
if (be_null) op->o_bd = NULL;
return ret;
Operation *op,
Entry *e,
AttributeDescription *desc,
+ struct berval *val,
int nmatch,
regmatch_t *matches )
{
Debug( LDAP_DEBUG_ACL, "=> acl_get: [%d] check attr %s\n",
*count, attr, 0);
#endif
- if ( attr == NULL || a->acl_attrs == NULL ||
+ if ( a->acl_attrs == NULL ||
ad_inlist( desc, a->acl_attrs ) )
{
#ifdef NEW_LOGGING
accessmask2str( *mask, accessmaskbuf ) );
#endif
+ /* Is this ACL only for a specific value? */
+ if ( a->acl_attrval.bv_len ) {
+ if ( state && !state->as_vd_acl ) {
+ state->as_vd_acl = a;
+ state->as_vd_access = a->acl_access;
+ state->as_vd_access_count = 1;
+ }
+ if ( val == NULL ) {
+ return ACL_BREAK;
+ }
+ if ( a->acl_attrval_style == ACL_STYLE_REGEX ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG( ACL, DETAIL1,
+ "acl_get: valpat %s\n",
+ a->acl_attrval.bv_val, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_ACL,
+ "acl_get: valpat %s\n",
+ a->acl_attrval.bv_val, 0, 0 );
+#endif
+ if (regexec(&a->acl_attrval_re, val->bv_val, 0, NULL, 0))
+ return ACL_BREAK;
+ } else {
+ int match = 0;
+ const char *text;
+#ifdef NEW_LOGGING
+ LDAP_LOG( ACL, DETAIL1,
+ "acl_get: val %s\n",
+ a->acl_attrval.bv_val, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_ACL,
+ "acl_get: val %s\n",
+ a->acl_attrval.bv_val, 0, 0 );
+#endif
+ if (value_match( &match, desc,
+ desc->ad_type->sat_equality, 0,
+ val, &a->acl_attrval, &text ) != LDAP_SUCCESS ||
+ match )
+ return ACL_BREAK;
+ }
+ }
+
if( state && ( state->as_recorded & ACL_STATE_RECORDED_VD )
&& state->as_vd_acl == a )
{
acl_usage();
}
+ } else if ( strncasecmp( left, "val", 3 ) == 0 ) {
+ if ( a->acl_attrval.bv_len ) {
+ fprintf( stderr,
+ "%s: line %d: attr val already specified in to clause.\n",
+ fname, lineno );
+ acl_usage();
+ }
+ if ( a->acl_attrs == NULL || a->acl_attrs[1].an_name.bv_val ) {
+ fprintf( stderr,
+ "%s: line %d: attr val requires a single attribute.\n",
+ fname, lineno );
+ acl_usage();
+ }
+ ber_str2bv( right, 0, 1, &a->acl_attrval );
+ if ( style && strcasecmp( style, "regex" ) == 0 ) {
+ int e = regcomp( &a->acl_attrval_re, a->acl_attrval.bv_val,
+ REG_EXTENDED | REG_ICASE | REG_NOSUB );
+ if ( e ) {
+ char buf[512];
+ regerror( e, &a->acl_attrval_re, buf, sizeof(buf) );
+ fprintf( stderr, "%s: line %d: "
+ "regular expression \"%s\" bad because of %s\n",
+ fname, lineno, right, buf );
+ acl_usage();
+ }
+ a->acl_attrval_style = ACL_STYLE_REGEX;
+ } else {
+ a->acl_attrval_style = ACL_STYLE_BASE;
+ }
+
} else {
fprintf( stderr,
"%s: line %d: expecting <what> got \"%s\"\n",
if( !is_at_syntax( b->a_group_at->ad_type,
SLAPD_DN_SYNTAX ) &&
!is_at_syntax( b->a_group_at->ad_type,
- SLAPD_NAMEUID_SYNTAX ) )
+ SLAPD_NAMEUID_SYNTAX ) &&
+ !is_at_subtype( b->a_group_at->ad_type, slap_schema.si_ad_labeledURI->ad_type ))
{
fprintf( stderr,
"%s: line %d: group \"%s\": inappropriate syntax: %s\n",
"<access clause> ::= access to <what> "
"[ by <who> <access> [ <control> ] ]+ \n"
"<what> ::= * | [dn[.<dnstyle>]=<DN>] [filter=<filter>] [attrs=<attrlist>]\n"
- "<attrlist> ::= <attr> | <attr> , <attrlist>\n"
+ "<attrlist> ::= <attr>
[val[.<style>]=<value>] | <attr> , <attrlist>\n"
"<attr> ::= <attrname> | entry | children\n"
"<who> ::= [ * | anonymous | users | self | dn[.<dnstyle>]=<DN> ]\n"
"\t[dnattr=<attrname>]\n"
fprintf( stderr, "\n" );
}
+ if ( a->acl_attrval.bv_len != 0 ) {
+ to++;
+ fprintf( stderr, " val.%s=%s\n",
+ style_strings[a->acl_attrval_style], a->acl_attrval.bv_val );
+
+ }
+
if( !to ) {
fprintf( stderr, " *\n" );
}
mod->sml_bvalues = (struct berval*) malloc(
(count+1) * sizeof( struct berval) );
- mod->sml_nvalues = (struct berval*) malloc(
+ /* see slap_mods_check() comments...
+ * if a_vals == a_nvals, there is no normalizer.
+ * in this case, mod->sml_nvalues must be left NULL.
+ */
+ if ( a_new->a_vals != a_new->a_nvals ) {
+ mod->sml_nvalues = (struct berval*) malloc(
(count+1) * sizeof( struct berval) );
+ } else {
+ mod->sml_nvalues = NULL;
+ }
for ( i = 0; i < count; i++ ) {
ber_dupbv(mod->sml_bvalues+i, a_new->a_vals+i);
- if ( a_new->a_desc->ad_type->sat_equality &&
- a_new->a_desc->ad_type->sat_equality->smr_normalize ) {
- rc = a_new->a_desc->ad_type->sat_equality->smr_normalize(
- 0,
- a_new->a_desc->ad_type->sat_syntax,
- a_new->a_desc->ad_type->sat_equality,
- a_new->a_vals+i, mod->sml_nvalues+i, NULL );
- if (rc) {
- return rc;
- }
- }
- else {
+ if ( mod->sml_nvalues ) {
ber_dupbv( mod->sml_nvalues+i, a_new->a_vals+i );
}
}
mod->sml_bvalues[count].bv_val = 0;
mod->sml_bvalues[count].bv_len = 0;
- mod->sml_nvalues[count].bv_val = 0;
- mod->sml_nvalues[count].bv_len = 0;
+ if ( mod->sml_nvalues ) {
+ mod->sml_nvalues[count].bv_val = 0;
+ mod->sml_nvalues[count].bv_len = 0;
+ }
mod->sml_desc = a_new_desc;
mod->sml_next =NULL;
} else {
struct berval nrdn;
- struct berval ctx_nrdn;
if (pdn.bv_len) {
nrdn.bv_val = op->ora_e->e_nname.bv_val;
if ( !op->o_bd->syncinfo ) {
if ( ctxcsn_added ) {
- ctx_nrdn.bv_val = "cn=ldapsync";
- ctx_nrdn.bv_len = strlen( ctx_nrdn.bv_val );
- bdb_cache_add( bdb, suffix_ei, ctxcsn_e, &ctx_nrdn, locker );
+ bdb_cache_add( bdb, suffix_ei, ctxcsn_e, (struct berval *)&slap_ldapsync_cn_bv, locker );
}
}
u_int32_t locker
)
{
- Cache *cache = &bdb->bi_cache;
- DB_ENV *env = bdb->bi_dbenv;
EntryInfo *ei2 = NULL;
- int incr = 1;
- int addkid = 1;
- int rc;
- DB_LOCK lock;
*res = NULL;
+ ei2 = bdb_cache_entryinfo_new();
+
ldap_pvt_thread_rdwr_wlock( &bdb->bi_cache.c_rwlock );
bdb_cache_entryinfo_lock( ei->bei_parent );
- /* if parent was previously considered a leaf node,
- * it was on the LRU list. Now it's going to have
- * kids, take it off the LRU list.
- */
- ldap_pvt_thread_mutex_lock( &cache->lru_mutex );
- if ( ei->bei_parent->bei_id && !ei->bei_parent->bei_kids ) {
- LRU_DELETE( cache, ei->bei_parent );
- incr = 0;
- }
-
- cache->c_cursize += incr;
-
- /* See if we're above the cache size limit */
- if ( cache->c_cursize > cache->c_maxsize ) {
- EntryInfo *elru, *elprev;
- int i = 0;
-
- /* Look for an unused entry to remove */
- for (elru = cache->c_lrutail; elru; elru = elprev, i++ ) {
- elprev = elru->bei_lruprev;
-
- /* Too many probes, not enough idle, give up */
- if (i > 10) break;
-
- /* If we can successfully writelock it, then
- * the object is idle.
- */
- if ( bdb_cache_entry_db_lock( env, locker, elru, 1, 1,
- &lock ) == 0 ) {
- /* If there's no entry, or this node is in
- * the process of linking into the cache,
- * skip it.
- */
- if ( !elru->bei_e || (elru->bei_state & CACHE_ENTRY_NOT_LINKED) ) {
- bdb_cache_entry_db_unlock( env, &lock );
- continue;
- }
- /* Need to lock parent to delete child */
- if ( ldap_pvt_thread_mutex_trylock(
- &elru->bei_parent->bei_kids_mutex )) {
- bdb_cache_entry_db_unlock( env, &lock );
- continue;
- }
- bdb_cache_delete_internal( cache, elru );
- bdb_cache_entryinfo_unlock( elru->bei_parent );
- elru->bei_e->e_private = NULL;
- bdb_entry_return( elru->bei_e );
- bdb_cache_entry_db_unlock( env, &lock );
- if (ei2) {
- bdb_cache_entryinfo_destroy( elru );
- } else {
- /* re-use this one */
- ch_free(elru->bei_nrdn.bv_val);
- elru->bei_nrdn.bv_val = NULL;
- elru->bei_e = NULL;
- elru->bei_kids = NULL;
- elru->bei_lrunext = NULL;
- elru->bei_lruprev = NULL;
- elru->bei_state = 0;
-#ifdef BDB_HIER
- ch_free(elru->bei_rdn.bv_val);
- elru->bei_rdn.bv_val = NULL;
- elru->bei_modrdns = 0;
-#endif
- ei2 = elru;
- }
- if (cache->c_cursize < cache->c_maxsize)
- break;
- }
- }
- }
- if (!ei2) {
- ei2 = bdb_cache_entryinfo_new();
- }
ei2->bei_id = ei->bei_id;
ei2->bei_parent = ei->bei_parent;
#ifdef BDB_HIER
#endif
/* Add to cache ID tree */
- if (avl_insert( &cache->c_idtree, ei2, bdb_id_cmp, avl_dup_error )) {
+ if (avl_insert( &bdb->bi_cache.c_idtree, ei2, bdb_id_cmp, avl_dup_error )) {
EntryInfo *eix;
- eix = avl_find( cache->c_idtree, ei2, bdb_id_cmp );
+ eix = avl_find( bdb->bi_cache.c_idtree, ei2, bdb_id_cmp );
bdb_cache_entryinfo_destroy( ei2 );
ei2 = eix;
- addkid = 0;
- cache->c_cursize -= incr;
#ifdef BDB_HIER
/* It got freed above because its value was
* assigned to ei2.
ei->bei_rdn.bv_val = NULL;
#endif
} else {
- LRU_ADD( cache, ei2 );
ber_dupbv( &ei2->bei_nrdn, &ei->bei_nrdn );
- }
-
- if ( addkid ) {
avl_insert( &ei->bei_parent->bei_kids, ei2, bdb_rdn_cmp,
avl_dup_error );
}
- ldap_pvt_thread_mutex_unlock( &cache->lru_mutex );
-
*res = ei2;
return 0;
}
}
#endif
+/* caller must have lru_mutex locked. mutex
+ * will be unlocked on return.
+ */
+static void
+bdb_cache_lru_add(
+ struct bdb_info *bdb,
+ u_int32_t locker,
+ EntryInfo *ei
+)
+{
+ DB_LOCK lock;
+
+ /* See if we're above the cache size limit */
+ if ( bdb->bi_cache.c_cursize > bdb->bi_cache.c_maxsize ) {
+ EntryInfo *elru, *elprev;
+ int i = 0;
+
+ /* Look for an unused entry to remove */
+ for (elru = bdb->bi_cache.c_lrutail; elru; elru = elprev, i++ ) {
+ elprev = elru->bei_lruprev;
+
+ /* Too many probes, not enough idle, give up */
+ if (i > 10) break;
+
+ /* If we can successfully writelock it, then
+ * the object is idle.
+ */
+ if ( bdb_cache_entry_db_lock( bdb->bi_dbenv, locker, elru, 1, 1,
+ &lock ) == 0 ) {
+ /* If there's no entry, or this node is in
+ * the process of linking into the cache,
+ * skip it.
+ */
+ if ( !elru->bei_e || (elru->bei_state & CACHE_ENTRY_NOT_LINKED) ) {
+ bdb_cache_entry_db_unlock( bdb->bi_dbenv, &lock );
+ continue;
+ }
+ LRU_DELETE( &bdb->bi_cache, elru );
+ elru->bei_e->e_private = NULL;
+ bdb_entry_return( elru->bei_e );
+ elru->bei_e = NULL;
+ bdb_cache_entry_db_unlock( bdb->bi_dbenv, &lock );
+ --bdb->bi_cache.c_cursize;
+ if (bdb->bi_cache.c_cursize < bdb->bi_cache.c_maxsize)
+ break;
+ }
+ }
+ }
+ LRU_ADD( &bdb->bi_cache, ei );
+ ldap_pvt_thread_mutex_unlock( &bdb->bi_cache.lru_mutex );
+}
+
/*
* cache_find_id - find an entry in the cache, given id.
* The entry is locked for Read upon return. Call with islocked TRUE if
Entry *ep = NULL;
int rc = 0;
EntryInfo ei;
+ int lru_del = 0;
ei.bei_id = id;
bdb_cache_entry_db_relock( bdb->bi_dbenv, locker,
*eip, 0, 0, lock );
}
- }
+ } else {
+ /* If we had the entry already, this item
+ * is on the LRU list.
+ */
+ lru_del = 1;
#ifdef BDB_HIER
- else {
rc = bdb_fix_dn( (*eip)->bei_e, 1 );
if ( rc ) {
bdb_cache_entry_db_relock( bdb->bi_dbenv,
bdb_cache_entry_db_relock( bdb->bi_dbenv,
locker, *eip, 0, 0, lock );
}
- }
#endif
+ }
}
}
- if ( rc == 0 && (*eip)->bei_kids == NULL ) {
+ if ( rc == 0 ) {
/* set lru mutex */
ldap_pvt_thread_mutex_lock( &bdb->bi_cache.lru_mutex );
- LRU_DELETE( &bdb->bi_cache, *eip );
- LRU_ADD( &bdb->bi_cache, *eip );
- ldap_pvt_thread_mutex_unlock( &bdb->bi_cache.lru_mutex );
+ /* if entry is old, remove from old spot on LRU list */
+ if ( lru_del ) {
+ LRU_DELETE( &bdb->bi_cache, *eip );
+ } else {
+ /* if entry is new, bump cache size */
+ bdb->bi_cache.c_cursize++;
+ }
+ /* lru_mutex is unlocked for us */
+ bdb_cache_lru_add( bdb, locker, *eip );
}
if ( islocked ) {
e->e_private = new;
new->bei_state = CACHE_ENTRY_NO_KIDS;
eip->bei_state &= ~CACHE_ENTRY_NO_KIDS;
+
+ /* set lru mutex */
+ ldap_pvt_thread_mutex_lock( &bdb->bi_cache.lru_mutex );
+ ++bdb->bi_cache.c_cursize;
+ /* lru_mutex is unlocked for us */
+ bdb_cache_lru_add( bdb, locker, new );
+
bdb_cache_entryinfo_unlock( eip );
ldap_pvt_thread_rdwr_wunlock( &bdb->bi_cache.c_rwlock );
return rc;
rc = -1;
}
- /* If parent has no more kids, put in on LRU list */
- if ( e->bei_parent->bei_kids == NULL ) {
- LRU_ADD( cache, e->bei_parent );
- cache->c_cursize++;
- }
-
/* id tree */
if ( avl_delete( &cache->c_idtree, (caddr_t) e, bdb_id_cmp ) == NULL )
{
)
{
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
- struct berval ctxcsn_rdn = BER_BVNULL;
struct berval ctxcsn_ndn = BER_BVNULL;
struct berval csn = BER_BVNULL;
- struct berval ctx_nrdn = BER_BVC( "cn=ldapsync" );
EntryInfo *ctxcsn_ei = NULL;
EntryInfo *suffix_ei = NULL;
Entry *ctxcsn_e = NULL;
DB_TXN *ltid = NULL;
Attribute *csn_a;
- char substr[67];
char gid[DB_XIDDATASIZE];
char csnbuf[ LDAP_LUTIL_CSNSTR_BUFSIZE ];
int num_retries = 0;
if ( op->o_sync_mode != SLAP_SYNC_NONE ) {
if ( op->o_bd->syncinfo ) {
+ char substr[67];
+ struct berval bv;
sprintf( substr, "cn=syncrepl%d", op->o_bd->syncinfo->id );
- ber_str2bv( substr, strlen( substr ), 0, &ctxcsn_rdn );
- build_new_dn( &ctxcsn_ndn, &op->o_bd->be_nsuffix[0], &ctxcsn_rdn );
+ ber_str2bv( substr, 0, 0, &bv );
+ build_new_dn( &ctxcsn_ndn, &op->o_bd->be_nsuffix[0], &bv );
} else {
- ber_str2bv( "cn=ldapsync", strlen("cn=ldapsync"), 0, &ctxcsn_rdn );
- build_new_dn( &ctxcsn_ndn, &op->o_bd->be_nsuffix[0], &ctxcsn_rdn );
+ build_new_dn( &ctxcsn_ndn, &op->o_bd->be_nsuffix[0], (struct berval *)&slap_ldapsync_cn_bv );
}
ctxcsn_retry :
return rs->sr_err;
}
- bdb_cache_add( bdb, suffix_ei, ctxcsn_e, &ctx_nrdn, locker );
+ bdb_cache_add( bdb, suffix_ei, ctxcsn_e, (struct berval *)&slap_ldapsync_cn_bv, locker );
rs->sr_err = TXN_COMMIT( ltid, 0 );
if ( rs->sr_err != 0 ) {
rs->sr_err = LDAP_SUCCESS;
}
} else {
- struct berval ctx_nrdn;
-
bdb_cache_delete( &bdb->bi_cache, e, bdb->bi_dbenv,
locker, &lock );
if ( !op->o_bd->syncinfo ) {
if ( ctxcsn_added ) {
- ctx_nrdn.bv_val = "cn=ldapsync";
- ctx_nrdn.bv_len = strlen( ctx_nrdn.bv_val );
- bdb_cache_add( bdb, suffix_ei, ctxcsn_e, &ctx_nrdn, locker );
+ bdb_cache_add( bdb, suffix_ei, ctxcsn_e, (struct berval *)&slap_ldapsync_cn_bv, locker );
}
}
Entry *e = NULL;
EntryInfo *ei;
int rc;
- const char *at_name = at->ad_cname.bv_val;
+ const char *at_name = at ? at->ad_cname.bv_val : "(null)";
u_int32_t locker = 0;
DB_LOCK lock;
AttributeDescription *ad,
struct berval *atname,
BerVarray vals,
- BerVarray xvals,
ID id,
int opid,
slap_mask_t mask )
{
- int rc, i, j;
+ int rc, i;
const char *text;
DB *db;
- struct berval *keys, *xkeys = NULL;
+ struct berval *keys;
void *mark;
assert( mask );
return LDAP_OTHER;
}
+#if 0 /* No longer needed, our frees are in order so nothing accumulates */
mark = sl_mark(op->o_tmpmemctx);
+#endif
- /* For a delete op, make sure we're deleting the entire
- * attribute (xvals == NULL) before changing the presence
- * index. xvals is only non-NULL when deleting part of an attribute.
- */
- if( IS_SLAP_INDEX( mask, SLAP_INDEX_PRESENT ) && xvals == NULL ) {
+ if( IS_SLAP_INDEX( mask, SLAP_INDEX_PRESENT ) ) {
rc = bdb_key_change( op->o_bd, db, txn, &presence_key, id, opid );
if( rc ) {
goto done;
atname, vals, &keys, op->o_tmpmemctx );
if( rc == LDAP_SUCCESS && keys != NULL ) {
- /* xvals is only provided on deletes. Generate the keys for
- * xvals, representing all of the keys that will exist in
- * the index when we're done. If we find a delete key that
- * is in the xkeys, nullify the delete on that key.
- */
- if( xvals ) {
- rc = ad->ad_type->sat_equality->smr_indexer(
- LDAP_FILTER_EQUALITY, mask,
- ad->ad_type->sat_syntax,
- ad->ad_type->sat_equality,
- atname, xvals, &xkeys,
- op->o_tmpmemctx );
-
- for( i=0; keys[i].bv_val; i++ ) {
- for( j=0; xkeys[j].bv_val != NULL; j++ ) {
- if( bvmatch( &keys[i], &xkeys[j] ) ) {
- keys[i].bv_len = 0;
- }
- }
- }
- }
for( i=0; keys[i].bv_val != NULL; i++ ) {
- /* ignore nullified keys */
- if( keys[i].bv_len == 0 ) continue;
rc = bdb_key_change( op->o_bd, db, txn, &keys[i], id, opid );
- if( rc ) break;
- }
- if( xkeys ) {
- ber_bvarray_free_x( xkeys, op->o_tmpmemctx );
- xkeys = NULL;
+ if( rc ) {
+ ber_bvarray_free_x( keys, op->o_tmpmemctx );
+ goto done;
+ }
}
ber_bvarray_free_x( keys, op->o_tmpmemctx );
- if( rc ) goto done;
}
rc = LDAP_SUCCESS;
}
atname, vals, &keys, op->o_tmpmemctx );
if( rc == LDAP_SUCCESS && keys != NULL ) {
- /* nullify duplicate keys */
- for( i=0; keys[i].bv_val; i++ ) {
- if( !keys[i].bv_len ) continue;
- for( j=i+1; keys[j].bv_val; j++ ) {
- if( bvmatch( &keys[i], &keys[j] ) ) {
- keys[j].bv_len = 0;
- break;
- }
- }
- }
- if( xvals ) {
- rc = ad->ad_type->sat_equality->smr_indexer(
- LDAP_FILTER_APPROX, mask,
- ad->ad_type->sat_syntax,
- ad->ad_type->sat_approx,
- atname, xvals, &xkeys,
- op->o_tmpmemctx );
-
- for( i=0; keys[i].bv_val; i++ ) {
- for( j=0; xkeys[j].bv_val != NULL; j++ ) {
- if( bvmatch( &keys[i], &xkeys[j] ) ) {
- keys[i].bv_len = 0;
- }
- }
- }
- }
for( i=0; keys[i].bv_val != NULL; i++ ) {
- /* ignore nullified keys */
- if( keys[i].bv_len == 0 ) continue;
rc = bdb_key_change( op->o_bd, db, txn, &keys[i], id, opid );
- if( rc ) break;
- }
- if( xkeys ) {
- ber_bvarray_free_x( xkeys, op->o_tmpmemctx );
- xkeys = NULL;
+ if( rc ) {
+ ber_bvarray_free_x( keys, op->o_tmpmemctx );
+ goto done;
+ }
}
ber_bvarray_free_x( keys, op->o_tmpmemctx );
- if( rc ) goto done;
}
rc = LDAP_SUCCESS;
atname, vals, &keys, op->o_tmpmemctx );
if( rc == LDAP_SUCCESS && keys != NULL ) {
- /* nullify duplicate keys */
- for( i=0; keys[i].bv_val; i++ ) {
- if( !keys[i].bv_len ) continue;
- for( j=i+1; keys[j].bv_val; j++ ) {
- if( bvmatch( &keys[i], &keys[j] ) ) {
- keys[j].bv_len = 0;
- break;
- }
- }
- }
- if( xvals ) {
- rc = ad->ad_type->sat_equality->smr_indexer(
- LDAP_FILTER_SUBSTRINGS, mask,
- ad->ad_type->sat_syntax,
- ad->ad_type->sat_substr,
- atname, xvals, &xkeys,
- op->o_tmpmemctx );
-
- for( i=0; keys[i].bv_val; i++ ) {
- for( j=0; xkeys[j].bv_val != NULL; j++ ) {
- if( bvmatch( &keys[i], &xkeys[j] ) ) {
- keys[i].bv_len = 0;
- }
- }
- }
- }
for( i=0; keys[i].bv_val != NULL; i++ ) {
- /* ignore nullified keys */
- if ( keys[i].bv_len == 0 ) continue;
bdb_key_change( op->o_bd, db, txn, &keys[i], id, opid );
- if( rc ) break;
- }
- if( xkeys ) {
- ber_bvarray_free_x( xkeys, op->o_tmpmemctx );
- xkeys = NULL;
+ if( rc ) {
+ ber_bvarray_free_x( keys, op->o_tmpmemctx );
+ goto done;
+ }
}
ber_bvarray_free_x( keys, op->o_tmpmemctx );
- if( rc ) goto done;
}
rc = LDAP_SUCCESS;
}
done:
+#if 0
sl_release( mark, op->o_tmpmemctx );
+#endif
return rc;
}
AttributeType *type,
struct berval *tags,
BerVarray vals,
- BerVarray xvals,
ID id,
int opid )
{
/* recurse */
rc = index_at_values( op, txn, NULL,
type->sat_sup, tags,
- vals, xvals, id, opid );
+ vals, id, opid );
if( rc ) return rc;
}
if( mask ) {
rc = indexer( op, txn, ad, &type->sat_cname,
- vals, xvals, id, opid,
+ vals, id, opid,
mask );
if( rc ) return rc;
if( mask ) {
rc = indexer( op, txn, desc, &desc->ad_cname,
- vals, xvals, id, opid,
+ vals, id, opid,
mask );
if( rc ) {
DB_TXN *txn,
AttributeDescription *desc,
BerVarray vals,
- BerVarray xvals,
ID id,
int opid )
{
rc = index_at_values( op, txn, desc,
desc->ad_type, &desc->ad_tags,
- vals, xvals, id, opid );
+ vals, id, opid );
return rc;
}
/* add each attribute to the indexes */
for ( ; ap != NULL; ap = ap->a_next ) {
rc = bdb_index_values( op, txn, ap->a_desc,
- ap->a_nvals, NULL, e->e_id, opid );
+ ap->a_nvals, e->e_id, opid );
if( rc != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
#include "back-bdb.h"
#include "external.h"
-#define INDEXED 0x2000
-#define NULLIFIED 0x4000
-
int bdb_modify_internal(
Operation *op,
DB_TXN *tid,
if ( mod->sm_desc == slap_schema.si_ad_objectClass ) {
e->e_ocflags = 0;
}
+
+ /* check if modified attribute was indexed
+ * but not in case of NOOP... */
+ err = bdb_index_is_indexed( op->o_bd, mod->sm_desc );
+ if ( err == LDAP_SUCCESS && !op->o_noop ) {
+ ap = attr_find( save_attrs, mod->sm_desc );
+ if ( ap ) ap->a_flags |= SLAP_ATTR_IXDEL;
+
+ ap = attr_find( e->e_attrs, mod->sm_desc );
+ if ( ap ) ap->a_flags |= SLAP_ATTR_IXADD;
+ }
}
/* check that the entry still obeys the schema */
}
/* update the indices of the modified attributes */
- if ( !op->o_noop ) {
- Modifications *m2;
-
- /* First look for any deletes that would nullify any adds
- * in this request. I.e., deleting an entire attribute after
- * assigning some values to it.
- */
- for ( ml = modlist; ml != NULL; ml = ml->sml_next ) {
- if (bdb_index_is_indexed( op->o_bd, ml->sml_desc ))
- continue;
- switch ( ml->sml_op ) {
- case LDAP_MOD_DELETE:
- /* If just deleting specific values, ignore */
- if ( ml->sml_bvalues ) break;
- case LDAP_MOD_REPLACE:
- for ( m2 = modlist; m2 != ml; m2 = m2->sml_next ) {
- if ( m2->sml_desc == ml->sml_desc &&
- m2->sml_op != LDAP_MOD_DELETE )
- m2->sml_op |= NULLIFIED;
- }
- break;
+
+ /* start with deleting the old index entries */
+ for ( ap = save_attrs; ap != NULL; ap = ap->a_next ) {
+ if ( ap->a_flags & SLAP_ATTR_IXDEL ) {
+ rc = bdb_index_values( op, tid, ap->a_desc,
+ ap->a_nvals,
+ e->e_id, SLAP_INDEX_DELETE_OP );
+ if ( rc != LDAP_SUCCESS ) {
+ attrs_free( e->e_attrs );
+ e->e_attrs = save_attrs;
+#ifdef NEW_LOGGING
+ LDAP_LOG ( OPERATION, ERR,
+ "bdb_modify_internal: attribute index delete failure\n",
+ 0, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "Attribute index delete failure",
+ 0, 0, 0 );
+#endif
+ return rc;
}
- ml->sml_op |= INDEXED;
+ ap->a_flags &= ~SLAP_ATTR_IXDEL;
}
- /* Now index the modifications */
- for ( ml = modlist; ml != NULL; ml = ml->sml_next ) {
- if ( ! (ml->sml_op & INDEXED) ) continue;
- ml->sml_op ^= INDEXED;
- switch ( ml->sml_op ) {
- case LDAP_MOD_DELETE:
- if ( ml->sml_bvalues ) {
- ap = attr_find( e->e_attrs, ml->sml_desc );
- rc = bdb_index_values( op, tid, ml->sml_desc,
- ml->sml_nvalues ? ml->sml_nvalues : ml->sml_bvalues,
- ap ? ap->a_nvals : NULL,
- e->e_id, SLAP_INDEX_DELETE_OP );
- break;
- }
- /* FALLTHRU */
- case LDAP_MOD_REPLACE:
- /* A nullified replace still does its delete action */
- case LDAP_MOD_REPLACE | NULLIFIED:
- ap = attr_find( save_attrs, ml->sml_desc );
- if ( ap != NULL ) {
- rc = bdb_index_values( op, tid, ap->a_desc,
- ap->a_nvals, NULL,
- e->e_id, SLAP_INDEX_DELETE_OP );
- } else {
- rc = LDAP_SUCCESS;
- }
- if ( rc || ml->sml_op == LDAP_MOD_DELETE ||
- (ml->sml_op & NULLIFIED))
- break;
- /* FALLTHRU */
- case LDAP_MOD_ADD:
- case SLAP_MOD_SOFTADD:
- rc = bdb_index_values( op, tid, ml->sml_desc,
- ml->sml_nvalues ? ml->sml_nvalues : ml->sml_bvalues,
- NULL, e->e_id, SLAP_INDEX_ADD_OP );
- break;
- }
- ml->sml_op &= ~NULLIFIED;
+ }
+
+ /* add the new index entries */
+ for ( ap = e->e_attrs; ap != NULL; ap = ap->a_next ) {
+ if (ap->a_flags & SLAP_ATTR_IXADD) {
+ rc = bdb_index_values( op, tid, ap->a_desc,
+ ap->a_nvals,
+ e->e_id, SLAP_INDEX_ADD_OP );
if ( rc != LDAP_SUCCESS ) {
attrs_free( e->e_attrs );
e->e_attrs = save_attrs;
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
- "bdb_modify_internal: attribute index update failure\n",
+ "bdb_modify_internal: attribute index add failure\n",
0, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY,
- "Attribute index update failure",
+ "Attribute index add failure",
0, 0, 0 );
#endif
- /* reset our flags */
- for (; ml; ml=ml->sml_next ) {
- ml->sml_op &= ~(INDEXED | NULLIFIED);
- }
- break;
+ return rc;
}
+ ap->a_flags &= ~SLAP_ATTR_IXADD;
}
}
rs->sr_err = LDAP_SUCCESS;
}
} else {
- struct berval ctx_nrdn;
EntryInfo *ctx_ei;
bdb_cache_modify( e, dummy.e_attrs, bdb->bi_dbenv, locker, &lock );
if ( !op->o_bd->syncinfo ) {
if ( ctxcsn_added ) {
- ctx_nrdn.bv_val = "cn=ldapsync";
- ctx_nrdn.bv_len = strlen( ctx_nrdn.bv_val );
- bdb_cache_add( bdb, suffix_ei, ctxcsn_e, &ctx_nrdn, locker );
+ bdb_cache_add( bdb, suffix_ei, ctxcsn_e, (struct berval *)&slap_ldapsync_cn_bv, locker );
}
}
if(( rs->sr_err=TXN_PREPARE( ltid, gid )) != 0 ) {
rs->sr_text = "txn_prepare failed";
} else {
- struct berval ctx_nrdn;
-
bdb_cache_modrdn( save, &op->orr_nnewrdn, e, neip,
bdb->bi_dbenv, locker, &lock );
if ( !op->o_bd->syncinfo ) {
if ( ctxcsn_added ) {
- ctx_nrdn.bv_val = "cn=ldapsync";
- ctx_nrdn.bv_len = strlen( ctx_nrdn.bv_val );
- bdb_cache_add( bdb, suffix_ei, ctxcsn_e, &ctx_nrdn, locker );
+ bdb_cache_add( bdb, suffix_ei, ctxcsn_e, (struct berval *)&slap_ldapsync_cn_bv, locker );
}
}
DB_TXN *txn,
AttributeDescription *desc,
BerVarray vals,
- BerVarray xvals,
ID id,
int opid ));
return 1;
}
- ldap_back_map(&li->rwmap.rwm_at, &at->ad_cname, &mapped, BACKLDAP_MAP);
- if (mapped.bv_val == NULL || mapped.bv_val[0] == '\0') {
- rc = 1;
- goto cleanup;
+ if ( at ) {
+ ldap_back_map(&li->rwmap.rwm_at, &at->ad_cname, &mapped, BACKLDAP_MAP);
+ if (mapped.bv_val == NULL || mapped.bv_val[0] == '\0') {
+ rc = 1;
+ goto cleanup;
+ }
}
is_oc = (strcasecmp("objectclass", mapped.bv_val) == 0);
struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
Entry *e;
int rc;
- const char *at_name = at->ad_cname.bv_val;
+ const char *at_name = at ? at->ad_cname.bv_val : "(null)";
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ARGS,
if ( e ) {
a = attr_find( e->e_attrs, group_at );
if ( a ) {
- rc = value_find_ex( group_at,
+ /* If the attribute is a subtype of labeledURI, treat this as
+ * a dynamic group ala groupOfURLs
+ */
+ if (is_at_subtype( group_at->ad_type, slap_schema.si_ad_labeledURI->ad_type ) ) {
+ int i;
+ LDAPURLDesc *ludp;
+ struct berval bv, nbase;
+ Filter *filter;
+ Entry *user;
+ Backend *b2 = op->o_bd;
+
+ if ( target && dn_match( &target->e_nname, op_ndn ) ) {
+ user = target;
+ } else {
+ op->o_bd = select_backend( op_ndn, 0, 0 );
+ rc = be_entry_get_rw(op, op_ndn, NULL, NULL, 0, &user );
+ }
+
+ if ( rc == 0 ) {
+ rc = 1;
+ for (i=0; a->a_vals[i].bv_val; i++) {
+ if ( ldap_url_parse( a->a_vals[i].bv_val, &ludp ) != LDAP_SUCCESS )
+ continue;
+ nbase.bv_val = NULL;
+ /* host part must be empty */
+ /* attrs and extensions parts must be empty */
+ if (( ludp->lud_host && *ludp->lud_host )
+ || ludp->lud_attrs || ludp->lud_exts )
+ goto loopit;
+ ber_str2bv( ludp->lud_dn, 0, 0, &bv );
+ if ( dnNormalize( 0, NULL, NULL, &bv, &nbase, op->o_tmpmemctx ) != LDAP_SUCCESS )
+ goto loopit;
+ switch(ludp->lud_scope) {
+ case LDAP_SCOPE_BASE:
+ if ( !dn_match(&nbase, op_ndn)) goto loopit;
+ break;
+ case LDAP_SCOPE_ONELEVEL:
+ dnParent(op_ndn, &bv );
+ if ( !dn_match(&nbase, &bv)) goto loopit;
+ break;
+ case LDAP_SCOPE_SUBTREE:
+ if ( !dnIsSuffix(op_ndn, &nbase)) goto loopit;
+ break;
+ }
+ filter = str2filter_x( op, ludp->lud_filter );
+ if ( filter ) {
+ if ( test_filter( NULL, user, filter ) == LDAP_COMPARE_TRUE )
+ {
+ rc = 0;
+ }
+ filter_free_x( op, filter );
+ }
+ loopit:
+ ldap_free_urldesc( ludp );
+ if ( nbase.bv_val ) {
+ op->o_tmpfree( nbase.bv_val, op->o_tmpmemctx );
+ }
+ if ( rc == 0 ) break;
+ }
+ if ( user != target ) {
+ be_entry_release_r( op, user );
+ }
+ }
+ op->o_bd = b2;
+ } else {
+ rc = value_find_ex( group_at,
SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
a->a_nvals, op_ndn, op->o_tmpmemctx );
+ }
} else {
rc = LDAP_NO_SUCH_ATTRIBUTE;
}
MatchingRuleAssertion *mra )
{
Attribute *a;
+ void *memctx = op ? op->o_tmpmemctx : NULL;
if ( mra->ma_desc ) {
/*
/* normalize for equality */
rc = asserted_value_validate_normalize( a->a_desc, mra->ma_rule,
SLAP_MR_EXT|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
- &mra->ma_value, &value, &text, op->o_tmpmemctx );
+ &mra->ma_value, &value, &text, memctx );
if ( rc != LDAP_SUCCESS ) {
continue;
}
int rc;
/* parse and pretty the dn */
- rc = dnPrettyDN( NULL, &e->e_name, &dn, op->o_tmpmemctx );
+ rc = dnPrettyDN( NULL, &e->e_name, &dn, memctx );
if ( rc != LDAP_SUCCESS ) {
return LDAP_INVALID_SYNTAX;
}
rc = asserted_value_validate_normalize( ad,
mra->ma_rule,
SLAP_MR_EXT|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
- &mra->ma_value, &value, &text, op->o_tmpmemctx );
+ &mra->ma_value, &value, &text, memctx );
if ( rc != LDAP_SUCCESS ) {
continue;
}
bv, &value, &text );
if( rc != LDAP_SUCCESS ) {
- ldap_dnfree_x( dn, op->o_tmpmemctx );
+ ldap_dnfree_x( dn, memctx );
return rc;
}
if ( ret == 0 ) {
- ldap_dnfree_x( dn, op->o_tmpmemctx );
+ ldap_dnfree_x( dn, memctx );
return LDAP_COMPARE_TRUE;
}
}
}
if ( ava->aa_desc == slap_schema.si_ad_hasSubordinates
- && op->o_bd && op->o_bd->be_has_subordinates ) {
+ && op && op->o_bd && op->o_bd->be_has_subordinates ) {
int hasSubordinates;
struct berval hs;
* is boolean-valued; I think we may live with this
* simplification by now
*/
- if ( op->o_bd && op->o_bd->be_has_subordinates ) {
+ if ( op && op->o_bd && op->o_bd->be_has_subordinates ) {
return LDAP_COMPARE_TRUE;
}
{
/* host part must be empty */
/* attrs and extensions parts must be empty */
- return LDAP_PROTOCOL_ERROR;
+ rc = LDAP_PROTOCOL_ERROR;
+ goto done;
}
/* Grab the scope */
return LDAP_SUCCESS;
}
+/*
+ * Integer conversion macros that will use the largest available
+ * type.
+ */
+#if defined(HAVE_STRTOLL) && defined(LLONG_MAX) && defined(LLONG_MIN)
+# define SLAP_STRTOL(n,e,b) strtoll(n,e,b)
+# define SLAP_LONG_MAX LLONG_MAX
+# define SLAP_LONG_MIN LLONG_MIN
+# define SLAP_LONG long long
+#else
+# define SLAP_STRTOL(n,e,b) strtol(n,e,b)
+# define SLAP_LONG_MAX LONG_MAX
+# define SLAP_LONG_MIN LONG_MIN
+# define SLAP_LONG long
+#endif /* HAVE_STRTOLL ... */
+
static int
integerBitAndMatch(
int *matchp,
struct berval *value,
void *assertedValue )
{
- long lValue, lAssertedValue;
+ SLAP_LONG lValue, lAssertedValue;
/* safe to assume integers are NUL terminated? */
- lValue = strtol(value->bv_val, NULL, 10);
- if(( lValue == LONG_MIN || lValue == LONG_MAX) && errno == ERANGE ) {
+ lValue = SLAP_STRTOL(value->bv_val, NULL, 10);
+ if(( lValue == SLAP_LONG_MIN || lValue == SLAP_LONG_MAX) && errno == ERANGE ) {
return LDAP_CONSTRAINT_VIOLATION;
}
- lAssertedValue = strtol(((struct berval *)assertedValue)->bv_val, NULL, 10);
- if(( lAssertedValue == LONG_MIN || lAssertedValue == LONG_MAX)
+ lAssertedValue = SLAP_STRTOL(((struct berval *)assertedValue)->bv_val, NULL, 10);
+ if(( lAssertedValue == SLAP_LONG_MIN || lAssertedValue == SLAP_LONG_MAX )
&& errno == ERANGE )
{
return LDAP_CONSTRAINT_VIOLATION;
struct berval *value,
void *assertedValue )
{
- long lValue, lAssertedValue;
+ SLAP_LONG lValue, lAssertedValue;
/* safe to assume integers are NUL terminated? */
- lValue = strtol(value->bv_val, NULL, 10);
- if(( lValue == LONG_MIN || lValue == LONG_MAX) && errno == ERANGE ) {
+ lValue = SLAP_STRTOL(value->bv_val, NULL, 10);
+ if(( lValue == SLAP_LONG_MIN || lValue == SLAP_LONG_MAX ) && errno == ERANGE ) {
return LDAP_CONSTRAINT_VIOLATION;
}
- lAssertedValue = strtol(((struct berval *)assertedValue)->bv_val, NULL, 10);
- if(( lAssertedValue == LONG_MIN || lAssertedValue == LONG_MAX)
+ lAssertedValue = SLAP_STRTOL(((struct berval *)assertedValue)->bv_val, NULL, 10);
+ if(( lAssertedValue == SLAP_LONG_MIN || lAssertedValue == SLAP_LONG_MAX )
&& errno == ERANGE )
{
return LDAP_CONSTRAINT_VIOLATION;
NULL, NULL, NULL, NULL, NULL,
offsetof(struct slap_internal_schema, si_ad_userPassword) },
+ { "labeledURI", "( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' "
+ "DESC 'RFC2079: Uniform Resource Identifier with optional label' "
+ "EQUALITY caseExactMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
+ NULL, 0,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_labeledURI) },
+
#ifdef SLAPD_AUTHPASSWD
{ "authPassword", "( 1.3.6.1.4.1.4203.1.3.4 "
"NAME 'authPassword' "
AttributeDescription *si_ad_name;
AttributeDescription *si_ad_cn;
AttributeDescription *si_ad_userPassword;
+ AttributeDescription *si_ad_labeledURI;
#ifdef SLAPD_AUTHPASSWD
AttributeDescription *si_ad_authPassword;
#endif
regex_t acl_dn_re;
struct berval acl_dn_pat;
AttributeName *acl_attrs;
+ slap_style_t acl_attrval_style;
+ regex_t acl_attrval_re;
+ struct berval acl_attrval;
/* "by" part: list of who has what access to the entries */
Access *acl_access;
projects / openldap / commitdiff