OpenLDAP 2.4.15 Engineering
Fixed slapd corrupt contextCSN (ITS#5947)
+ Fixed slapo-rwm objectClass preservation (ITS#5760)
OpenLDAP 2.4.14 Release (2009/02/14)
Added libldap option to disable SASL host canonicalization (ITS#5812)
#endif
+/*
+ * gssapi.c:
+ */
+LDAP_F( int )
+ldap_gssapi_bind LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *creds ));
+
+LDAP_F( int )
+ldap_gssapi_bind_s LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *creds ));
+
+
/*
* in modify.c:
*/
LDAP_F (int) ldap_init_fd LDAP_P((
ber_socket_t fd, int proto, LDAP_CONST char *url, struct ldap **ldp ));
+/* sasl.c */
+LDAP_F (int) ldap_pvt_sasl_generic_install LDAP_P(( Sockbuf *sb,
+ struct sb_sasl_generic_install *install_arg ));
+LDAP_F (void) ldap_pvt_sasl_generic_remove LDAP_P(( Sockbuf *sb ));
+
/* search.c */
LDAP_F( int ) ldap_pvt_put_filter LDAP_P((
BerElement *ber,
#include "slap.h"
#include "lutil.h"
+static struct berval bv_no_attrs = BER_BVC( LDAP_NO_ATTRS );
+static struct berval bv_all_user_attrs = BER_BVC( "*" );
+static struct berval bv_all_operational_attrs = BER_BVC( "+" );
+
static AttributeName anlist_no_attrs[] = {
{ BER_BVC( LDAP_NO_ATTRS ), NULL, 0, NULL },
{ BER_BVNULL, NULL, 0, NULL }
AttributeName *slap_anlist_all_operational_attributes = anlist_all_operational_attributes;
AttributeName *slap_anlist_all_attributes = anlist_all_attributes;
+struct berval * slap_bv_no_attrs = &bv_no_attrs;
+struct berval * slap_bv_all_user_attrs = &bv_all_user_attrs;
+struct berval * slap_bv_all_operational_attrs = &bv_all_operational_attrs;
+
typedef struct Attr_option {
struct berval name; /* option name or prefix */
int prefix; /* NAME is a tag and range prefix */
#define META_BACK_TGT_NOREFS(mt) META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_NOREFS )
#define META_BACK_TGT_NOUNDEFFILTER(mt) META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_NOUNDEFFILTER )
+ slap_mask_t mt_rep_flags;
+
int mt_version;
time_t mt_network_timeout;
struct timeval mt_bind_timeout;
slap_bindconf sb = { BER_BVNULL };
metatarget_t *mt = mi->mi_targets[ i ];
+ struct berval mapped;
+
ber_str2bv( mt->mt_uri, 0, 0, &sb.sb_uri );
sb.sb_version = mt->mt_version;
sb.sb_method = LDAP_AUTH_SIMPLE;
not_always_anon_non_prescriptive = 1;
}
}
+
+ BER_BVZERO( &mapped );
+ ldap_back_map( &mt->mt_rwmap.rwm_at,
+ &slap_schema.si_ad_entryDN->ad_cname, &mapped,
+ BACKLDAP_REMAP );
+ if ( BER_BVISNULL( &mapped ) || mapped.bv_val[0] == '\0' ) {
+ mt->mt_rep_flags |= REP_NO_ENTRYDN;
+ }
+
+ BER_BVZERO( &mapped );
+ ldap_back_map( &mt->mt_rwmap.rwm_at,
+ &slap_schema.si_ad_subschemaSubentry->ad_cname, &mapped,
+ BACKLDAP_REMAP );
+ if ( BER_BVISNULL( &mapped ) || mapped.bv_val[0] == '\0' ) {
+ mt->mt_rep_flags |= REP_NO_SUBSCHEMA;
+ }
}
if ( not_always == 0 ) {
assert( m != NULL );
+ /* let special attrnames slip through (ITS#5760) */
+ if ( bvmatch( s, slap_bv_no_attrs )
+ || bvmatch( s, slap_bv_all_user_attrs )
+ || bvmatch( s, slap_bv_all_operational_attrs ) )
+ {
+ *m = NULL;
+ return 0;
+ }
+
if ( remap == BACKLDAP_REMAP ) {
tree = map->remap;
int remap )
{
struct ldapmapping *mapping;
+ int drop_missing;
/* map->map may be NULL when mapping is configured,
* but map->remap can't */
}
BER_BVZERO( bv );
- ( void )ldap_back_mapping( map, s, &mapping, remap );
+ drop_missing = ldap_back_mapping( map, s, &mapping, remap );
if ( mapping != NULL ) {
if ( !BER_BVISNULL( &mapping->dst ) ) {
*bv = mapping->dst;
return;
}
- if ( !map->drop_missing ) {
+ if ( !drop_missing ) {
*bv = *s;
}
}
rs->sr_entry = &ent;
rs->sr_attrs = op->ors_attrs;
rs->sr_operational_attrs = NULL;
- rs->sr_flags = 0;
+ rs->sr_flags = mi->mi_targets[ target ]->mt_rep_flags;
rs->sr_err = LDAP_SUCCESS;
rc = send_search_entry( op, rs );
switch ( rc ) {
}
if ( ( bsi->bsi_flags & BSQL_SF_ALL_OPER )
- || an_find( bsi->bsi_attrs, &AllOper )
+ || an_find( bsi->bsi_attrs, slap_bv_all_operational_attrs )
|| an_find( bsi->bsi_attrs, &slap_schema.si_ad_structuralObjectClass->ad_cname ) )
{
ObjectClass *soc = NULL;
BER_BVZERO( &bsi->bsi_attrs[ 0 ].an_name );
for ( p = attrs; !BER_BVISNULL( &p->an_name ); p++ ) {
- if ( BACKSQL_NCMP( &p->an_name, &AllUser ) == 0 ) {
+ if ( BACKSQL_NCMP( &p->an_name, slap_bv_all_user_attrs ) == 0 ) {
/* handle "*" */
bsi->bsi_flags |= BSQL_SF_ALL_USER;
}
continue;
- } else if ( BACKSQL_NCMP( &p->an_name, &AllOper ) == 0 ) {
+ } else if ( BACKSQL_NCMP( &p->an_name, slap_bv_all_operational_attrs ) == 0 ) {
/* handle "+" */
bsi->bsi_flags |= BSQL_SF_ALL_OPER;
}
continue;
- } else if ( BACKSQL_NCMP( &p->an_name, &NoAttrs ) == 0 ) {
+ } else if ( BACKSQL_NCMP( &p->an_name, slap_bv_no_attrs ) == 0 ) {
/* ignore "1.1" */
continue;
/* use hints if available */
for ( p = bi->sql_anlist; !BER_BVISNULL( &p->an_name ); p++ ) {
- if ( BACKSQL_NCMP( &p->an_name, &AllUser ) == 0 ) {
+ if ( BACKSQL_NCMP( &p->an_name, slap_bv_all_user_attrs ) == 0 ) {
/* handle "*" */
bsi->bsi_flags |= BSQL_SF_ALL_USER;
}
continue;
- } else if ( BACKSQL_NCMP( &p->an_name, &AllOper ) == 0 ) {
+ } else if ( BACKSQL_NCMP( &p->an_name, slap_bv_all_operational_attrs ) == 0 ) {
/* handle "+" */
bsi->bsi_flags |= BSQL_SF_ALL_OPER;
BerVarray default_referral = NULL;
-struct berval AllUser = BER_BVC( LDAP_ALL_USER_ATTRIBUTES );
-struct berval AllOper = BER_BVC( LDAP_ALL_OPERATIONAL_ATTRIBUTES );
-struct berval NoAttrs = BER_BVC( LDAP_NO_ATTRS );
-
/*
* global variables that need mutex protection
*/
}
#ifndef SLAP_OPATTRS
- opattrs = ( rs->sr_attrs == NULL ) ? 0 : an_find( rs->sr_attrs, &AllOper );
- userattrs = ( rs->sr_attrs == NULL ) ? 1 : an_find( rs->sr_attrs, &AllUser );
+ opattrs = ( rs->sr_attrs == NULL ) ? 0 : an_find( rs->sr_attrs, slap_bv_operational_attrs );
+ userattrs = ( rs->sr_attrs == NULL ) ? 1 : an_find( rs->sr_attrs, slap_bv_user_attrs );
#else /* SLAP_OPATTRS */
opattrs = SLAP_OPATTRS( rs->sr_attr_flags );
userattrs = SLAP_USERATTRS( rs->sr_attr_flags );
}
#ifndef SLAP_OPATTRS
- opattrs = ( rs->sr_attrs == NULL ) ? 0 : an_find( rs->sr_attrs, &AllOper );
- userattrs = ( rs->sr_attrs == NULL ) ? 1 : an_find( rs->sr_attrs, &AllUser );
+ opattrs = ( rs->sr_attrs == NULL ) ? 0 : an_find( rs->sr_attrs, slap_bv_operational_attrs );
+ userattrs = ( rs->sr_attrs == NULL ) ? 1 : an_find( rs->sr_attrs, slap_bv_user_attrs );
#else /* SLAP_OPATTRS */
opattrs = SLAP_OPATTRS( rs->sr_attr_flags );
userattrs = SLAP_USERATTRS( rs->sr_attr_flags );
(*new_attrs)[i].an_desc = attrs->attrs[i].an_desc;
}
BER_BVZERO( &(*new_attrs)[i].an_name );
- alluser = an_find(*new_attrs, &AllUser);
- allop = an_find(*new_attrs, &AllOper);
+ alluser = an_find( *new_attrs, slap_bv_all_user_attrs );
+ allop = an_find( *new_attrs, slap_bv_all_operational_attrs );
j = i;
for ( i=0; i<fattr_cnt; i++ ) {
int last = -1;
Attribute *a;
- if ( SLAP_OPATTRS( rs->sr_attr_flags ) && is_at_operational( (*ap)->a_desc->ad_type ) )
+ if ( op->ors_attrs != NULL &&
+ !SLAP_USERATTRS( rs->sr_attr_flags ) &&
+ !ad_inlist( (*ap)->a_desc, op->ors_attrs ) )
{
- /* go on */ ;
-
- } else {
- if ( op->ors_attrs != NULL &&
- !SLAP_USERATTRS( rs->sr_attr_flags ) &&
- !ad_inlist( (*ap)->a_desc, op->ors_attrs ) )
- {
- goto cleanup_attr;
- }
+ goto cleanup_attr;
+ }
- drop_missing = rwm_mapping( &rwmap->rwm_at,
- &(*ap)->a_desc->ad_cname, &mapping, RWM_REMAP );
- if ( drop_missing || ( mapping != NULL && BER_BVISEMPTY( &mapping->m_dst ) ) )
- {
- goto cleanup_attr;
- }
- if ( mapping != NULL ) {
- assert( mapping->m_dst_ad != NULL );
+ drop_missing = rwm_mapping( &rwmap->rwm_at,
+ &(*ap)->a_desc->ad_cname, &mapping, RWM_REMAP );
+ if ( drop_missing || ( mapping != NULL && BER_BVISEMPTY( &mapping->m_dst ) ) )
+ {
+ goto cleanup_attr;
+ }
+ if ( mapping != NULL ) {
+ assert( mapping->m_dst_ad != NULL );
- /* try to normalize mapped Attributes if the original
- * AttributeType was not normalized */
- if ( (!(*ap)->a_desc->ad_type->sat_equality ||
- !(*ap)->a_desc->ad_type->sat_equality->smr_normalize) &&
- mapping->m_dst_ad->ad_type->sat_equality &&
- mapping->m_dst_ad->ad_type->sat_equality->smr_normalize )
+ /* try to normalize mapped Attributes if the original
+ * AttributeType was not normalized */
+ if ( (!(*ap)->a_desc->ad_type->sat_equality ||
+ !(*ap)->a_desc->ad_type->sat_equality->smr_normalize) &&
+ mapping->m_dst_ad->ad_type->sat_equality &&
+ mapping->m_dst_ad->ad_type->sat_equality->smr_normalize )
+ {
+ if ((rwmap->rwm_flags & RWM_F_NORMALIZE_MAPPED_ATTRS))
{
- if ((rwmap->rwm_flags & RWM_F_NORMALIZE_MAPPED_ATTRS))
+ int i = 0;
+
+ last = (*ap)->a_numvals;
+ if ( last )
{
- int i = 0;
-
- last = (*ap)->a_numvals;
- if ( last )
- {
- (*ap)->a_nvals = ch_malloc( (last+1) * sizeof(struct berval) );
-
- for ( i = 0; !BER_BVISNULL( &(*ap)->a_vals[i]); i++ ) {
- int rc;
- /*
- * check that each value is valid per syntax
- * and pretty if appropriate
- */
- rc = mapping->m_dst_ad->ad_type->sat_equality->smr_normalize(
- SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
- mapping->m_dst_ad->ad_type->sat_syntax,
- mapping->m_dst_ad->ad_type->sat_equality,
- &(*ap)->a_vals[i], &(*ap)->a_nvals[i],
- NULL );
-
- if ( rc != LDAP_SUCCESS ) {
- BER_BVZERO( &(*ap)->a_nvals[i] );
- }
+ (*ap)->a_nvals = ch_malloc( (last+1) * sizeof(struct berval) );
+
+ for ( i = 0; !BER_BVISNULL( &(*ap)->a_vals[i]); i++ ) {
+ int rc;
+ /*
+ * check that each value is valid per syntax
+ * and pretty if appropriate
+ */
+ rc = mapping->m_dst_ad->ad_type->sat_equality->smr_normalize(
+ SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+ mapping->m_dst_ad->ad_type->sat_syntax,
+ mapping->m_dst_ad->ad_type->sat_equality,
+ &(*ap)->a_vals[i], &(*ap)->a_nvals[i],
+ NULL );
+
+ if ( rc != LDAP_SUCCESS ) {
+ BER_BVZERO( &(*ap)->a_nvals[i] );
}
- BER_BVZERO( &(*ap)->a_nvals[i] );
}
-
- } else {
- assert( (*ap)->a_nvals == (*ap)->a_vals );
- (*ap)->a_nvals = NULL;
- ber_bvarray_dup_x( &(*ap)->a_nvals, (*ap)->a_vals, NULL );
+ BER_BVZERO( &(*ap)->a_nvals[i] );
}
+
+ } else {
+ assert( (*ap)->a_nvals == (*ap)->a_vals );
+ (*ap)->a_nvals = NULL;
+ ber_bvarray_dup_x( &(*ap)->a_nvals, (*ap)->a_vals, NULL );
}
+ }
- /* rewrite the attribute description */
- (*ap)->a_desc = mapping->m_dst_ad;
+ /* rewrite the attribute description */
+ (*ap)->a_desc = mapping->m_dst_ad;
- /* will need to check for duplicate attrs */
- check_duplicate_attrs++;
- }
+ /* will need to check for duplicate attrs */
+ check_duplicate_attrs++;
}
if ( (*ap)->a_desc == slap_schema.si_ad_entryDN ) {
rwm_bva_rewrite_add(
struct ldaprwmap *rwmap,
int idx,
- const char *argv[] )
+ char **argv )
{
char *line;
struct berval bv;
assert( m != NULL );
+ /* let special attrnames slip through (ITS#5760) */
+ if ( bvmatch( s, slap_bv_no_attrs )
+ || bvmatch( s, slap_bv_all_user_attrs )
+ || bvmatch( s, slap_bv_all_operational_attrs ) )
+ {
+ *m = NULL;
+ return 0;
+ }
+
if ( remap == RWM_REMAP ) {
tree = map->remap;
if ( j == 0 && i != 0 ) {
memset( &(*anp)[0], 0, sizeof( AttributeName ) );
- BER_BVSTR( &(*anp)[0].an_name, LDAP_NO_ATTRS );
+ (*anp)[0].an_name = *slap_bv_no_attrs;
j = 1;
}
memset( &(*anp)[j], 0, sizeof( AttributeName ) );
LDAP_SLAPD_V( AttributeName * ) slap_anlist_all_operational_attributes;
LDAP_SLAPD_V( AttributeName * ) slap_anlist_all_attributes;
+LDAP_SLAPD_V( struct berval * ) slap_bv_no_attrs;
+LDAP_SLAPD_V( struct berval * ) slap_bv_all_user_attrs;
+LDAP_SLAPD_V( struct berval * ) slap_bv_all_operational_attrs;
+
+/* deprecated; only defined for backward compatibility */
+#define NoAttrs (*slap_bv_no_attrs)
+#define AllUser (*slap_bv_all_user_attrs)
+#define AllOper (*slap_bv_all_operational_attrs)
+
/*
* add.c
*/
LDAP_SLAPD_V (int) use_reverse_lookup;
-LDAP_SLAPD_V (struct berval) AllUser;
-LDAP_SLAPD_V (struct berval) AllOper;
-LDAP_SLAPD_V (struct berval) NoAttrs;
-
/*
* operations
*/
flags |= ( SLAP_OPATTRS_NO | SLAP_USERATTRS_YES );
} else {
- flags |= an_find( an, &AllOper )
+ flags |= an_find( an, slap_bv_all_operational_attrs )
? SLAP_OPATTRS_YES : SLAP_OPATTRS_NO;
- flags |= an_find( an, &AllUser )
+ flags |= an_find( an, slap_bv_all_user_attrs )
? SLAP_USERATTRS_YES : SLAP_USERATTRS_NO;
}