From: Kurt Zeilenga Date: Mon, 22 Mar 2004 18:33:28 +0000 (+0000) Subject: Sync with HEAD X-Git-Tag: OPENLDAP_REL_ENG_2_2_7~1 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=19e9bd9fca195e15ba75c538822f17cf7fd2e9fd;p=openldap Sync with HEAD Should now be ready for release --- diff --git a/servers/slapd/back-bdb/bind.c b/servers/slapd/back-bdb/bind.c index 3a45907c42..280dcf4ecc 100644 --- a/servers/slapd/back-bdb/bind.c +++ b/servers/slapd/back-bdb/bind.c @@ -94,8 +94,10 @@ dn2entry_retry: rs->sr_ref = is_entry_referral( e ) ? get_entry_referrals( op, e ) : NULL; - if (rs->sr_ref) + if (rs->sr_ref) { rs->sr_matched = ch_strdup( e->e_name.bv_val ); + rs->sr_flags |= REP_MATCHED_MUSTBEFREED; + } bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache, e, &lock ); e = NULL; @@ -107,10 +109,8 @@ dn2entry_retry: if ( rs->sr_ref != NULL ) { rs->sr_err = LDAP_REFERRAL; send_ldap_result( op, rs ); - free( (char *)rs->sr_matched ); ber_bvarray_free( rs->sr_ref ); rs->sr_ref = NULL; - rs->sr_matched = NULL; } else { rs->sr_err = LDAP_INVALID_CREDENTIALS; send_ldap_result( op, rs ); @@ -170,6 +170,8 @@ dn2entry_retry: if( rs->sr_ref != NULL ) { rs->sr_err = LDAP_REFERRAL; + rs->sr_matched = ch_strdup( e->e_name.bv_val ); + rs->sr_flags |= REP_MATCHED_MUSTBEFREED; } else { rs->sr_err = LDAP_INVALID_CREDENTIALS; } diff --git a/servers/slapd/back-ldbm/bind.c b/servers/slapd/back-ldbm/bind.c index f6b6317b1f..32ade6e953 100644 --- a/servers/slapd/back-ldbm/bind.c +++ b/servers/slapd/back-ldbm/bind.c @@ -65,6 +65,7 @@ ldbm_back_bind( if ( (e = dn2entry_r( op->o_bd, &op->o_req_ndn, &matched )) == NULL ) { if( matched != NULL ) { rs->sr_matched = ch_strdup( matched->e_dn ); + rs->sr_flags |= REP_MATCHED_MUSTBEFREED; rs->sr_ref = is_entry_referral( matched ) ? get_entry_referrals( op, matched ) @@ -89,14 +90,10 @@ ldbm_back_bind( send_ldap_result( op, rs ); if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref ); - if ( rs->sr_matched ) free( (char *)rs->sr_matched ); rs->sr_ref = NULL; - rs->sr_matched = NULL; return rs->sr_err; } - ber_dupbv( &op->oq_bind.rb_edn, &e->e_name ); - /* check for deleted */ #ifdef LDBM_SUBENTRIES if ( is_entry_subentry( e ) ) { @@ -108,8 +105,6 @@ ldbm_back_bind( Debug( LDAP_DEBUG_TRACE, "entry is subentry\n", 0, 0, 0 ); #endif - rs->sr_err = LDAP_INVALID_CREDENTIALS; - send_ldap_result( op, rs ); rc = LDAP_INVALID_CREDENTIALS; goto return_results; } @@ -124,11 +119,7 @@ ldbm_back_bind( Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0, 0, 0 ); #endif - - - send_ldap_error( op, rs, LDAP_ALIAS_PROBLEM, - "entry is alias" ); - + rs->sr_text = "entry is alias"; rc = LDAP_ALIAS_PROBLEM; goto return_results; } @@ -147,18 +138,13 @@ ldbm_back_bind( if( rs->sr_ref != NULL ) { - rs->sr_err = LDAP_REFERRAL; - rs->sr_matched = e->e_name.bv_val; + rc = LDAP_REFERRAL; + rs->sr_matched = ch_strdup( e->e_name.bv_val ); + rs->sr_flags |= REP_MATCHED_MUSTBEFREED; } else { - rs->sr_err = LDAP_INVALID_CREDENTIALS; + rc = LDAP_INVALID_CREDENTIALS; } - send_ldap_result( op, rs ); - - ber_bvarray_free( rs->sr_ref ); - rs->sr_matched = NULL; - rs->sr_ref = NULL; - rc = rs->sr_err; goto return_results; } @@ -167,21 +153,17 @@ ldbm_back_bind( if ( ! access_allowed( op, e, password, NULL, ACL_AUTH, NULL ) ) { - send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL ); rc = LDAP_INSUFFICIENT_ACCESS; goto return_results; } if ( (a = attr_find( e->e_attrs, password )) == NULL ) { - send_ldap_error( op, rs, LDAP_INAPPROPRIATE_AUTH, NULL ); - /* stop front end from sending result */ rc = LDAP_INAPPROPRIATE_AUTH; goto return_results; } if ( slap_passwd_check( op->o_conn, a, &op->oq_bind.rb_cred, &rs->sr_text ) != 0 ) { - send_ldap_error( op, rs, LDAP_INVALID_CREDENTIALS, NULL ); /* stop front end from sending result */ rc = LDAP_INVALID_CREDENTIALS; goto return_results; @@ -193,7 +175,6 @@ ldbm_back_bind( #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND case LDAP_AUTH_KRBV41: if ( krbv4_ldap_auth( op->o_bd, &op->oq_bind.rb_cred, &ad ) != LDAP_SUCCESS ) { - send_ldap_error( op, rs, LDAP_INVALID_CREDENTIALS, NULL ); rc = LDAP_INVALID_CREDENTIALS; goto return_results; } @@ -201,8 +182,6 @@ ldbm_back_bind( if ( ! access_allowed( op, e, krbattr, NULL, ACL_AUTH, NULL ) ) { - send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, - NULL ); rc = LDAP_INSUFFICIENT_ACCESS; goto return_results; } @@ -218,7 +197,6 @@ ldbm_back_bind( rc = 0; break; } - send_ldap_error( op, rs, LDAP_INAPPROPRIATE_AUTH, NULL ); rc = LDAP_INAPPROPRIATE_AUTH; goto return_results; @@ -229,8 +207,6 @@ ldbm_back_bind( krbval.bv_len = strlen( krbname ); if ( value_find( a->a_desc, a->a_vals, &krbval ) != 0 ) { - send_ldap_error( op, rs, - LDAP_INVALID_CREDENTIALS, NULL ); rc = LDAP_INVALID_CREDENTIALS; goto return_results; } @@ -239,25 +215,34 @@ ldbm_back_bind( break; case LDAP_AUTH_KRBV42: - send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, - "Kerberos bind step 2 not supported" ); + rs->sr_text = "Kerberos bind step 2 not supported"; /* stop front end from sending result */ rc = LDAP_UNWILLING_TO_PERFORM; goto return_results; #endif default: - send_ldap_error( op, rs, LDAP_STRONG_AUTH_NOT_SUPPORTED, - "authentication method not supported" ); + rs->sr_text = "authentication method not supported"; rc = LDAP_STRONG_AUTH_NOT_SUPPORTED; goto return_results; } + ber_dupbv( &op->oq_bind.rb_edn, &e->e_name ); + return_results:; /* free entry and reader lock */ cache_return_entry_r( &li->li_cache, e ); ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock); + if ( rc ) { + rs->sr_err = rc; + send_ldap_result( op, rs ); + if ( rs->sr_ref ) { + ber_bvarray_free( rs->sr_ref ); + rs->sr_ref = NULL; + } + } + /* front end will send result on success (rc==0) */ return( rc ); } diff --git a/servers/slapd/back-monitor/database.c b/servers/slapd/back-monitor/database.c index 3442106bb0..2ca220dc63 100644 --- a/servers/slapd/back-monitor/database.c +++ b/servers/slapd/back-monitor/database.c @@ -73,13 +73,15 @@ monitor_subsys_database_init( char buf[ BACKMONITOR_BUFSIZE ]; int j; slap_overinfo *oi = NULL; + BackendInfo *bi; be = &backendDB[i]; + bi = be->bd_info; + if ( strcmp( be->bd_info->bi_type, "over" ) == 0 ) { oi = (slap_overinfo *)be->bd_info; - - be = &oi->oi_bd; + bi = oi->oi_orig; } /* Subordinates are not exposed as their own naming context */ @@ -102,7 +104,7 @@ monitor_subsys_database_init( mi->mi_oc_monitoredObject->soc_cname.bv_val, i, mi->mi_ad_monitoredInfo->ad_cname.bv_val, - be->bd_info->bi_type, + bi->bi_type, mi->mi_startTime.bv_val, mi->mi_startTime.bv_val ); @@ -166,7 +168,7 @@ monitor_subsys_database_init( } #if defined(SLAPD_LDAP) - if ( strcmp( be->bd_info->bi_type, "ldap" ) == 0 ) { + if ( strcmp( bi->bi_type, "ldap" ) == 0 ) { struct ldapinfo *li = (struct ldapinfo *)be->be_private; struct berval bv; @@ -178,7 +180,7 @@ monitor_subsys_database_init( #endif /* defined(SLAPD_LDAP) */ for ( j = nBackendInfo; j--; ) { - if ( backendInfo[ j ].bi_type == be->bd_info->bi_type ) { + if ( backendInfo[ j ].bi_type == bi->bi_type ) { struct berval bv; snprintf( buf, sizeof( buf ), diff --git a/servers/slapd/backover.c b/servers/slapd/backover.c index fed40f1cfd..060d7b0245 100644 --- a/servers/slapd/backover.c +++ b/servers/slapd/backover.c @@ -38,25 +38,23 @@ over_db_func( { slap_overinfo *oi = (slap_overinfo *) be->bd_info; slap_overinst *on = oi->oi_list; - BackendDB bd; BI_db_open **func; int rc = 0; - func = &oi->oi_bd.bd_info->bi_db_open; + func = &oi->oi_orig->bi_db_open; if ( func[which] ) { - rc = func[which]( &oi->oi_bd ); - if ( rc ) return rc; + be->bd_info = oi->oi_orig; + rc = func[which]( be ); } - bd = *be; - for (; on; on=on->on_next) { - bd.bd_info = &on->on_bi; + for (; on && rc == 0; on=on->on_next) { + be->bd_info = &on->on_bi; func = &on->on_bi.bi_db_open; if (func[which]) { - rc = func[which]( &bd ); - if ( rc ) break; + rc = func[which]( be ); } } + be->bd_info = (BackendInfo *)oi; return rc; } @@ -71,24 +69,25 @@ over_db_config( { slap_overinfo *oi = (slap_overinfo *) be->bd_info; slap_overinst *on = oi->oi_list; - BackendDB bd; int rc = 0; - if ( oi->oi_bd.bd_info->bi_db_config ) { - rc = oi->oi_bd.bd_info->bi_db_config( &oi->oi_bd, fname, lineno, + if ( oi->oi_orig->bi_db_config ) { + be->bd_info = oi->oi_orig; + rc = oi->oi_orig->bi_db_config( be, fname, lineno, argc, argv ); + be->bd_info = (BackendInfo *)oi; if ( rc != SLAP_CONF_UNKNOWN ) return rc; } - bd = *be; for (; on; on=on->on_next) { - bd.bd_info = &on->on_bi; if (on->on_bi.bi_db_config) { - rc = on->on_bi.bi_db_config( &bd, fname, lineno, + be->bd_info = &on->on_bi; + rc = on->on_bi.bi_db_config( be, fname, lineno, argc, argv ); if ( rc != SLAP_CONF_UNKNOWN ) break; } } + be->bd_info = (BackendInfo *)oi; return rc; } @@ -180,7 +179,7 @@ over_op_func( } op->o_bd = be; - func = &oi->oi_bd.bd_info->bi_op_bind; + func = &oi->oi_orig->bi_op_bind; if ( func[which] && rc == SLAP_CB_CONTINUE ) { rc = func[which]( op, rs ); } @@ -304,7 +303,7 @@ overlay_config( BackendDB *be, const char *ov ) */ if ( be->bd_info->bi_type != overtype ) { oi = ch_malloc( sizeof(slap_overinfo) ); - oi->oi_bd = *be; + oi->oi_orig = be->bd_info; oi->oi_bi = *be->bd_info; oi->oi_list = NULL; bi = (BackendInfo *)oi; diff --git a/servers/slapd/overlays/README b/servers/slapd/overlays/README new file mode 100644 index 0000000000..32cb8dc878 --- /dev/null +++ b/servers/slapd/overlays/README @@ -0,0 +1,4 @@ +This directory contains a number of SLAPD overlays, some +project-maintained, some not. Some are generally usable, +others are purely experimental. + diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c index cffba781dc..40b454d82f 100644 --- a/servers/slapd/saslauthz.c +++ b/servers/slapd/saslauthz.c @@ -561,6 +561,7 @@ static int sasl_sc_sasl2dn( Operation *o, SlapReply *rs ) if( ndn->bv_val ) { o->o_tmpfree(ndn->bv_val, o->o_tmpmemctx); ndn->bv_val = NULL; + ndn->bv_len = 0; #ifdef NEW_LOGGING LDAP_LOG( TRANSPORT, DETAIL1, @@ -898,6 +899,9 @@ void slap_sasl2dn( Operation *opx, case LDAP_SCOPE_ONELEVEL: case LDAP_SCOPE_SUBTREE: +#ifdef LDAP_SCOPE_SUBORDINATE + case LDAP_SCOPE_SUBORDINATE: +#endif /* do a search */ break; diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index 9e6c6c250c..fe07730bee 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -769,6 +769,7 @@ struct slap_internal_schema { AttributeDescription *si_ad_dseType; AttributeDescription *si_ad_syncreplCookie; + AttributeDescription *si_ad_syncTimestamp; AttributeDescription *si_ad_contextCSN; /* root DSE attribute descriptions */ @@ -874,6 +875,9 @@ typedef struct slap_filter { #define SLAPD_FILTER_COMPUTED ((ber_tag_t) -1) #define SLAPD_FILTER_DN_ONE ((ber_tag_t) -2) #define SLAPD_FILTER_DN_SUBTREE ((ber_tag_t) -3) +#ifdef LDAP_SCOPE_SUBORDINATE +#define SLAPD_FILTER_DN_CHILDREN ((ber_tag_t) -4) +#endif union f_un_u { /* precomputed result */ @@ -1853,8 +1857,8 @@ typedef struct slap_overinst { typedef struct slap_overinfo { BackendInfo oi_bi; - BackendDB oi_bd; - slap_overinst *oi_list; + BackendInfo *oi_orig; + struct slap_overinst *oi_list; } slap_overinfo; /* Should successive callbacks in a chain be processed? */