Latest changes from devel

diff --git a/clients/tools/ldapsearch.c b/clients/tools/ldapsearch.c
index 0b8ca33c31b2bf02c06620970912aa79d8a24251..a07370ecb631df5aae3b254759eac4b7e61a1265 100644 (file)
--- a/clients/tools/ldapsearch.c
+++ b/clients/tools/ldapsearch.c
@@ -713,7 +713,7 @@ static int dosearch(
                sctrls, cctrls, timelimit, sizelimit, &msgid );
 
        if( rc != LDAP_SUCCESS ) {
-               fprintf( stderr, "ldapsearch: ldap_search_ext: %s (%d)",
+               fprintf( stderr, "ldapsearch: ldap_search_ext: %s (%d)\n",
                        ldap_err2string( rc ), rc );
                return( rc );
        }
@@ -1069,7 +1069,7 @@ static int print_result(
                        if( !ldif ) {
                                write_ldif( LDIF_PUT_VALUE, "ref", refs[i], strlen(refs[i]) );
                        } else {
-                               fprintf( stderr, "Referral: %s", refs[i] );
+                               fprintf( stderr, "Referral: %s\n", refs[i] );
                        }
                }
 

diff --git a/include/ac/errno.h b/include/ac/errno.h
index 7e6abae9c062b38a0b577b03c1d797176ada7252..ec9169911f00fd86588f9f2fb164ccaeffe3b36c 100644 (file)
--- a/include/ac/errno.h
+++ b/include/ac/errno.h
@@ -25,15 +25,27 @@
 #      define          sys_errlist     ((char **)0)
 #elif DECL_SYS_ERRLIST 
        /* have sys_errlist but need declaration */
-       LDAP_LIBC_V (int)      sys_nerr;
-       LDAP_LIBC_V (char)    *sys_errlist[];
+       LDAP_LIBC_V(int)      sys_nerr;
+       LDAP_LIBC_V(char)    *sys_errlist[];
 #endif
 
-#ifdef HAVE_STRERROR
-#define        STRERROR(err)   strerror(err)
+#undef _AC_ERRNO_UNKNOWN
+#define _AC_ERRNO_UNKNOWN "unknown error"
+
+#ifdef HAVE_SYS_ERRLIST
+       /* this is thread safe */
+#      define  STRERROR(e) ( (e) > -1 && (e) < sys_nerr \
+                       ? sys_errlist[(e)] : _AC_ERRNO_UNKNOWN )
+
+#elif defined( HAVE_STRERROR )
+       /* this may not be thread safe */
+       /* and, yes, some implementations of strerror may return NULL */
+#      define  STRERROR(e) ( strerror(e) \
+               ? strerror(e) : _AC_ERRNO_UNKNOWN )
+
 #else
-#define        STRERROR(err) \
-       ((err) > -1 && (err) < sys_nerr ? sys_errlist[(err)] : "unknown")
+       /* this is thread safe */
+#      define  STRERROR(e) ( _AC_ERRNO_UNKNOWN )
 #endif
 
 #endif /* _AC_ERRNO_H */

diff --git a/libraries/liblber/sockbuf.c b/libraries/liblber/sockbuf.c
index e3ddbcd44a8833bcb0db1c830ef52797629e5fdf..5c133e65400f77714c6090ec5befed23dff301b9 100644 (file)
--- a/libraries/liblber/sockbuf.c
+++ b/libraries/liblber/sockbuf.c
@@ -914,7 +914,7 @@ sb_debug_read( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len )
        if ( ret < 0 ) {
                ber_log_printf( LDAP_DEBUG_PACKETS, sbiod->sbiod_sb->sb_debug,
                        "%sread: want=%ld error=%s\n", (char *)sbiod->sbiod_pvt,
-                       (long)len, strerror( errno ) );
+                       (long)len, STRERROR( errno ) );
        }
        else {
                ber_log_printf( LDAP_DEBUG_PACKETS, sbiod->sbiod_sb->sb_debug,
@@ -936,7 +936,7 @@ sb_debug_write( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len )
                ber_log_printf( LDAP_DEBUG_PACKETS, sbiod->sbiod_sb->sb_debug,
                        "%swrite: want=%ld error=%s\n",
                        (char *)sbiod->sbiod_pvt, (long)len,
-                       strerror( errno ) );
+                       STRERROR( errno ) );
        }
        else {
                ber_log_printf( LDAP_DEBUG_PACKETS, sbiod->sbiod_sb->sb_debug,

diff --git a/libraries/libldap/os-local.c b/libraries/libldap/os-local.c
index a2cd8343083c3eb5c76f43160b399f1f7b90769c..89d4278e185693a4ff8a97bf883f139f569d9e69 100644 (file)
--- a/libraries/libldap/os-local.c
+++ b/libraries/libldap/os-local.c
@@ -83,7 +83,7 @@ ldap_pvt_close_socket(LDAP *ld, int s)
                "ldap_is_socket_ready: errror on socket %d: errno: %d (%s)\n", \
                s, \
                errno, \
-               strerror(errno) ); \
+               STRERROR(errno) ); \
 } while( 0 )
 
 /*

diff --git a/libraries/libldap_r/thr_stub.c b/libraries/libldap_r/thr_stub.c
index e473e0e557ebe2dddbf0bffe5cf4841aab27da13..b613186a05f02734c1ce040acfc51833c6428394 100644 (file)
--- a/libraries/libldap_r/thr_stub.c
+++ b/libraries/libldap_r/thr_stub.c
@@ -160,6 +160,12 @@ ldap_pvt_thread_pool_submit (
        return(0);
 }
 
+int
+ldap_pvt_thread_pool_maxthreads ( ldap_pvt_thread_pool_t *tpool, int max_threads )
+{
+       return(0);
+}
+
 int
 ldap_pvt_thread_pool_backload (
        ldap_pvt_thread_pool_t *pool )

diff --git a/libraries/libldbm/ldbm.c b/libraries/libldbm/ldbm.c
index 2560fd8727f568c7a80ecd9291043b89c40f386c..3e6825ac0a065263ce4ddf20a145c0a64f3420d9 100644 (file)
--- a/libraries/libldbm/ldbm.c
+++ b/libraries/libldbm/ldbm.c
@@ -135,11 +135,8 @@ int ldbm_initialize( void )
        if ( err ) {
                char error[BUFSIZ];
 
-               if ( err < 0 ) {
-                       sprintf( error, "%ld\n", (long) err );
-               } else {
-                       sprintf( error, "%s\n", strerror( err ));
-               }
+               sprintf( error, "%s (%d)\n", STRERROR( err ), err );
+
 #ifdef LDAP_SYSLOG
                syslog( LOG_INFO,
                        "ldbm_initialize(): FATAL error in db_appinit() : %s\n",
@@ -158,11 +155,8 @@ int ldbm_initialize( void )
         {
             char error[BUFSIZ];
 
-            if ( err < 0 ) {
-                sprintf( error, "%ld\n", (long) err );
-            } else {
-                sprintf( error, "%s\n", strerror( err ));
-            }
+            sprintf( error, "%s (%d)\n", STRERROR( err ), err );
+
 #ifdef LDAP_SYSLOG
             syslog( LOG_INFO,
                     "ldbm_initialize(): FATAL error in db_appinit() : %s\n",
@@ -233,11 +227,8 @@ ldbm_open( char *name, int rw, int mode, int dbcachesize )
        {
            char error[BUFSIZ];
 
-           if ( err < 0 ) {
-               sprintf( error, "%ld\n", (long) err );
-           } else {
-               sprintf( error, "%s\n", strerror( err ));
-           }
+           sprintf( error, "%s (%d)\n", STRERROR( err ), err );
+
            (void)ret->close(ret, 0);
            return NULL;
        }
@@ -251,11 +242,8 @@ ldbm_open( char *name, int rw, int mode, int dbcachesize )
        {
            char error[BUFSIZ];
 
-           if ( err < 0 ) {
-               sprintf( error, "%ld\n", (long) err );
-           } else {
-               sprintf( error, "%s\n", strerror( err ));
-           }
+           sprintf( error, "%s (%d)\n", STRERROR( err ), err );
+
            (void)ret->close(ret, 0);
            return NULL;
        }
@@ -383,13 +371,9 @@ ldbm_store( LDBM ldbm, Datum key, Datum data, int flags )
        {
            char error[BUFSIZ];
 
-           if ( rc < 0 ) {
-               sprintf( error, "%ld\n", (long) rc );
-           } else {
-               sprintf( error, "%s\n", strerror( rc ));
-           }
+           sprintf( error, "%s (%d)\n", STRERROR( rc ), rc );
        }
-        rc = (-1) * rc;
+       rc = (-1) * rc;
 
 #elif DB_VERSION_MAJOR >= 2
        rc = (*ldbm->put)( ldbm, NULL, &key, &data, flags & ~LDBM_SYNC );

diff --git a/servers/slapd/Makefile.in b/servers/slapd/Makefile.in
index c27ebbd31524d5c3b713a8ffe0ae68e5fc27d66f..d7787e7127ea95ba1d869c93a369252f4f4e8257 100644 (file)
--- a/servers/slapd/Makefile.in
+++ b/servers/slapd/Makefile.in
@@ -160,7 +160,7 @@ sslapd: version.o
 
 .backend: $(@PLAT@_IMPLIB) FORCE
        @for i in back-*; do \
-               if [ -d $$i ]; then \
+               if [ -d $$i -a -f $$i/Makefile ]; then \
                        echo " "; echo "  cd $$i; $(MAKE) $(MFLAGS) all"; \
                        ( cd $$i; $(MAKE) $(MFLAGS) all ); \
                        if test $$? != 0 ; then exit 1; fi ; \
@@ -197,7 +197,7 @@ version.c: $(OBJS) $(SLAPD_LIBDEPEND)
 
 depend-local-srv: FORCE
        @for i in back-* shell-backends tools; do \
-               if [ -d $$i ]; then \
+               if [ -d $$i -a -f $$i/Makefile ]; then \
                        echo; echo "  cd $$i; $(MAKE) $(MFLAGS) depend"; \
                        ( cd $$i; $(MAKE) $(MFLAGS) depend ); \
                        if test $$? != 0 ; then exit 1; fi ; \
@@ -210,7 +210,7 @@ clean-local:
 
 clean-local-srv: FORCE
        @for i in back-* shell-backends tools; do \
-               if [ -d $$i ]; then \
+               if [ -d $$i -a -f $$i/Makefile ]; then \
                        echo; echo "  cd $$i; $(MAKE) $(MFLAGS) clean"; \
                        ( cd $$i; $(MAKE) $(MFLAGS) clean ); \
                        if test $$? != 0 ; then exit 1; fi ; \
@@ -220,7 +220,7 @@ clean-local-srv: FORCE
 
 veryclean-local-srv: FORCE
        @for i in back-* shell-backends tools; do \
-               if [ -d $$i ]; then \
+               if [ -d $$i -a -f $$i/Makefile ]; then \
                        echo; echo "  cd $$i; $(MAKE) $(MFLAGS) clean"; \
                        ( cd $$i; $(MAKE) $(MFLAGS) veryclean ); \
                fi; \
@@ -235,7 +235,7 @@ install-slapd: FORCE
                slapd$(EXEEXT) $(DESTDIR)$(libexecdir)
        @if [ ! -z "$(SLAPD_MODULES)" ]; then \
            for i in back-* shell-backends tools; do \
-               if [ -d $$i ]; then \
+               if [ -d $$i -a -f $$i/Makefile ]; then \
                        echo; echo "  cd $$i; $(MAKE) $(MFLAGS) install"; \
                        ( cd $$i; $(MAKE) $(MFLAGS) install ); \
                        if test $$? != 0 ; then exit 1; fi ; \

diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c
index 4dacfc06e97a4e17ea150891b12a718e53174685..b61b1570c18a92b00aa0f69570d213fcfc134606 100644 (file)
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -961,9 +961,9 @@ aci_set_gather (void *cookie, char *name, char *attr)
 
        if ((ndn = ch_strdup(name)) != NULL) {
                if (dn_normalize(ndn) != NULL) {
-                       char *text;
+                       const char *text;
                        AttributeDescription *desc = NULL;
-                       if (slap_str2ad(attr, &desc, &text) == 0) {
+                       if (slap_str2ad(attr, &desc, &text) == LDAP_SUCCESS) {
                                backend_attribute(cp->be, NULL /*cp->conn*/,
                                                                        NULL /*cp->op*/, cp->e,
                                                                        ndn, desc, &bvals);
@@ -1012,7 +1012,7 @@ aci_match_set (
                char *subjdn;
                char *setat;
                struct berval **bvals;
-               char *text;
+               const char *text;
                AttributeDescription *desc = NULL;
 
                /* format of string is "entry/setAttrName" */
@@ -1032,7 +1032,7 @@ aci_match_set (
                }
                if ( setat != NULL ) {
                        if ( dn_normalize(subjdn) != NULL
-                               && slap_str2ad(setat, &desc, &text) == 0 )
+                               && slap_str2ad(setat, &desc, &text) == LDAP_SUCCESS )
                        {
                                backend_attribute(be, NULL, NULL, e,
                                                                subjdn, desc, &bvals);

diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c
index 91fe75896155b8bc55f4ab4cd8a32395d5bcebc7..8239c9c3ef726f7e165de84d4f8cb24802065698 100644 (file)
--- a/servers/slapd/bind.c
+++ b/servers/slapd/bind.c
@@ -216,19 +216,28 @@ do_bind(
                ldap_pvt_thread_mutex_lock( &conn->c_mutex );
 
                if ( conn->c_sasl_bind_mech != NULL ) {
+                       /* SASL bind is in progress */
+#ifdef HAVE_CYRUS_SASL
+                       assert( conn->c_sasl_bind_context != NULL );
+#endif
+
                        if((strcmp(conn->c_sasl_bind_mech, mech) != 0)) {
-                               /* mechanism changed, cancel in progress bind */
+                               /* mechanism changed */
 #ifdef HAVE_CYRUS_SASL
+                               /* dispose of context */
                                sasl_dispose(&conn->c_sasl_bind_context);
                                conn->c_sasl_bind_context = NULL;
 #endif
                        }
+
                        free( conn->c_sasl_bind_mech );
                        conn->c_sasl_bind_mech = NULL;
 
 #ifdef LDAP_DEBUG
-#ifdef HAVE_CYRUS_SASL
                } else {
+                       /* SASL bind is NOT in progress */
+                       assert( conn->c_sasl_bind_mech == NULL );
+#ifdef HAVE_CYRUS_SASL
                        assert( conn->c_sasl_bind_context == NULL );
 #endif
 #endif
@@ -256,7 +265,7 @@ do_bind(
 
 #ifdef HAVE_CYRUS_SASL
                } else {
-                       assert( conn->c_sasl_bind_context != NULL );
+                       assert( conn->c_sasl_bind_context == NULL );
 #endif
                }
 
@@ -374,6 +383,24 @@ do_bind(
        }
 
 cleanup:
+       if( rc != LDAP_SASL_BIND_IN_PROGRESS ) {
+               ldap_pvt_thread_mutex_lock( &conn->c_mutex );
+
+               /* dispose of mech */
+               free( conn->c_sasl_bind_mech );
+               conn->c_sasl_bind_mech = NULL;
+
+#ifdef HAVE_CYRUS_SASL
+               if( conn->c_sasl_bind_context != NULL ) {
+                       /* dispose of context */
+                       sasl_dispose(&conn->c_sasl_bind_context);
+                       conn->c_sasl_bind_context = NULL;
+               }
+#endif
+
+               ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
+       }
+
        if( dn != NULL ) {
                free( dn );
        }

diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c
index 8d3769c22ac89346ef8a879a54f615b058cb500d..23dfaae8fa60ba99a4225198d5983c19323042a2 100644 (file)
--- a/servers/slapd/sasl.c
+++ b/servers/slapd/sasl.c
@@ -105,6 +105,7 @@ int sasl_init( void )
                slap_sasl_mutex_unlock,
                slap_sasl_mutex_dispose );
 
+       /* server name should be configurable */
        rc = sasl_server_init( NULL, "slapd" );
 
        if( rc != SASL_OK ) {
@@ -134,6 +135,7 @@ int sasl_init( void )
 
 #ifndef SLAPD_IGNORE_RFC2829
        {
+               /* security flags should be configurable */
                sasl_security_properties_t secprops;
                memset(&secprops, '\0', sizeof(secprops));
                secprops.security_flags = SASL_SEC_NOPLAINTEXT | SASL_SEC_NOANONYMOUS;
@@ -237,13 +239,15 @@ int sasl_bind(
                        callbacks, SASL_SECURITY_LAYER, &conn->c_sasl_bind_context );
 
                if( sc != SASL_OK ) {
-                       send_ldap_result( conn, op, rc = LDAP_AUTH_METHOD_NOT_SUPPORTED,
-                               NULL, NULL, NULL, NULL );
+                       send_ldap_result( conn, op, rc = slap_sasl_err2ldap( sc ),
+                               NULL, "could not create new SASL context", NULL, NULL );
+
                } else {
                        unsigned reslen;
                        conn->c_authmech = ch_strdup( mech );
 
-                       sc = sasl_server_start( conn->c_sasl_bind_context, conn->c_authmech,
+                       sc = sasl_server_start( conn->c_sasl_bind_context,
+                               conn->c_authmech,
                                cred->bv_val, cred->bv_len,
                                (char **)&response.bv_val, &reslen, &errstr );
 
@@ -254,9 +258,11 @@ int sasl_bind(
                                        NULL, errstr, NULL, NULL );
                        }
                }
+
        } else {
                unsigned reslen;
-               sc = sasl_server_step( conn->c_sasl_bind_context, cred->bv_val, cred->bv_len,
+               sc = sasl_server_step( conn->c_sasl_bind_context,
+                       cred->bv_val, cred->bv_len,
                        (char **)&response.bv_val, &reslen, &errstr );
 
                response.bv_len = reslen;
@@ -270,26 +276,35 @@ int sasl_bind(
        if ( sc == SASL_OK ) {
                char *authzid;
 
-               if ( ( sc = sasl_getprop( conn->c_sasl_bind_context, SASL_USERNAME,
-                       (void **)&authzid ) ) != SASL_OK ) {
+               sc = sasl_getprop( conn->c_sasl_bind_context, SASL_USERNAME,
+                       (void **)&authzid );
+
+               if ( sc != SASL_OK ) {
                        send_ldap_result( conn, op, rc = slap_sasl_err2ldap( sc ),
-                               NULL, NULL, NULL, NULL );
+                               NULL, "no SASL username", NULL, NULL );
 
                } else {
-                       Debug(LDAP_DEBUG_TRACE, "<== sasl_bind: username=%s\n",
+                       Debug(LDAP_DEBUG_TRACE, "sasl_bind: username=%s\n",
                                authzid, 0, 0);
 
-                       if( strncasecmp( authzid, "anonymous", sizeof("anonyous")-1 ) &&
+                       if( !strncasecmp( authzid, "anonymous", sizeof("anonyous")-1 ) &&
                                ( ( authzid[sizeof("anonymous")] == '\0' ) ||
-                               ( authzid[sizeof("anonymous")] == '@' ) ) )
+                                 ( authzid[sizeof("anonymous")] == '@' ) ) )
                        {
+                               Debug(LDAP_DEBUG_TRACE, "<== sasl_bind: anonymous\n",
+                                       0, 0, 0);
+
+                       } else {
                                *edn = ch_malloc( sizeof( "authzid=" ) + strlen( authzid ) );
                                strcpy( *edn, "authzid=" );
                                strcat( *edn, authzid );
+
+                               Debug(LDAP_DEBUG_TRACE, "<== sasl_bind: authzdn: \"%s\"\n",
+                                       *edn, 0, 0);
                        }
 
-                       send_ldap_result( conn, op, rc = LDAP_SUCCESS,
-                               NULL, NULL, NULL, NULL );
+                       send_ldap_sasl( conn, op, rc = LDAP_SUCCESS,
+                               NULL, NULL, NULL, NULL, &response );
                }
 
        } else if ( sc == SASL_CONTINUE ) {