From: Howard Chu Date: Mon, 24 Dec 2001 15:11:01 +0000 (+0000) Subject: Changed sai_dn, sai_ndn to struct berval. (Affects op->o_dn,o_ndn, X-Git-Tag: LDBM_PRE_GIANT_RWLOCK~554 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=2f3399265caf72d81ba192a86d63a7a96b0c837b;p=openldap Changed sai_dn, sai_ndn to struct berval. (Affects op->o_dn,o_ndn, conn->c_dn,c_ndn, Access->a_dn_pat) --- diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c index 30fa29afe4..1948e68f40 100644 --- a/servers/slapd/acl.c +++ b/servers/slapd/acl.c @@ -117,7 +117,7 @@ access_allowed( assert( be != NULL ); /* grant database root access */ - if ( be != NULL && be_isroot( be, op->o_ndn ) ) { + if ( be != NULL && be_isroot( be, op->o_ndn.bv_val ) ) { #ifdef NEW_LOGGING LDAP_LOG(( "acl", LDAP_LEVEL_INFO, "access_allowed: conn %d root access granted\n", @@ -480,7 +480,7 @@ acl_mask( Debug( LDAP_DEBUG_ACL, "=> acl_mask: to %s by \"%s\", (%s) \n", val ? "value" : "all values", - op->o_ndn ? op->o_ndn : "", + op->o_ndn.bv_val ? op->o_ndn.bv_val : "", accessmask2str( *mask, accessmaskbuf ) ); #endif @@ -490,43 +490,47 @@ acl_mask( ACL_INVALIDATE( modmask ); /* AND clauses */ - if ( b->a_dn_pat != NULL ) { + if ( b->a_dn_pat.bv_len != 0 ) { #ifdef NEW_LOGGING LDAP_LOG(( "acl", LDAP_LEVEL_DETAIL1, "acl_mask: conn %d check a_dn_pat: %s\n", - conn->c_connid, b->a_dn_pat )); + conn->c_connid, b->a_dn_pat.bv_val )); #else Debug( LDAP_DEBUG_ACL, "<= check a_dn_pat: %s\n", - b->a_dn_pat, 0, 0); + b->a_dn_pat.bv_val, 0, 0); #endif /* * if access applies to the entry itself, and the * user is bound as somebody in the same namespace as * the entry, OR the given dn matches the dn pattern */ - if ( strcmp( b->a_dn_pat, "anonymous" ) == 0 ) { - if (op->o_ndn != NULL && op->o_ndn[0] != '\0' ) { + if ( b->a_dn_pat.bv_len == sizeof("anonymous") -1 && + strcmp( b->a_dn_pat.bv_val, "anonymous" ) == 0 ) { + if (op->o_ndn.bv_len != 0 ) { continue; } - } else if ( strcmp( b->a_dn_pat, "users" ) == 0 ) { - if (op->o_ndn == NULL || op->o_ndn[0] == '\0' ) { + } else if ( b->a_dn_pat.bv_len == sizeof("users") - 1 && + strcmp( b->a_dn_pat.bv_val, "users" ) == 0 ) { + if (op->o_ndn.bv_len == 0 ) { continue; } - } else if ( strcmp( b->a_dn_pat, "self" ) == 0 ) { - if( op->o_ndn == NULL || op->o_ndn[0] == '\0' ) { + } else if ( b->a_dn_pat.bv_len == sizeof("self") - 1 && + strcmp( b->a_dn_pat.bv_val, "self" ) == 0 ) { + if( op->o_ndn.bv_len == 0 ) { continue; } - if ( e->e_dn == NULL || strcmp( e->e_ndn, op->o_ndn ) != 0 ) { + if ( e->e_dn == NULL || strcmp( e->e_ndn, op->o_ndn.bv_val ) != 0 ) { continue; } } else if ( b->a_dn_style == ACL_STYLE_REGEX ) { - if ( strcmp( b->a_dn_pat, "*" ) != 0 ) { - int ret = regex_matches( b->a_dn_pat, - op->o_ndn, e->e_ndn, matches ); + if ( b->a_dn_pat.bv_len != 1 || + strcmp( b->a_dn_pat.bv_val, "*" ) != 0 ) { + int ret = regex_matches( b->a_dn_pat.bv_val, + op->o_ndn.bv_val, e->e_ndn, matches ); if( ret == 0 ) { continue; @@ -537,8 +541,8 @@ acl_mask( if ( e->e_dn == NULL ) continue; - patlen = strlen( b->a_dn_pat ); - odnlen = strlen( op->o_ndn ); + patlen = b->a_dn_pat.bv_len; + odnlen = op->o_ndn.bv_len; if ( odnlen < patlen ) continue; @@ -553,25 +557,25 @@ acl_mask( if ( odnlen <= patlen ) continue; - if ( !DN_SEPARATOR( op->o_ndn[odnlen - patlen - 1] ) || DN_ESCAPE( op->o_ndn[odnlen - patlen - 2] ) ) + if ( !DN_SEPARATOR( op->o_ndn.bv_val[odnlen - patlen - 1] ) || DN_ESCAPE( op->o_ndn.bv_val[odnlen - patlen - 2] ) ) continue; - rdnlen = dn_rdnlen( NULL, op->o_ndn ); + rdnlen = dn_rdnlen( NULL, op->o_ndn.bv_val ); if ( rdnlen != odnlen - patlen - 1 ) continue; } else if ( b->a_dn_style == ACL_STYLE_SUBTREE ) { - if ( odnlen > patlen && ( !DN_SEPARATOR( op->o_ndn[odnlen - patlen - 1] ) || DN_ESCAPE( op->o_ndn[odnlen - patlen - 2] ) ) ) + if ( odnlen > patlen && ( !DN_SEPARATOR( op->o_ndn.bv_val[odnlen - patlen - 1] ) || DN_ESCAPE( op->o_ndn.bv_val[odnlen - patlen - 2] ) ) ) continue; } else if ( b->a_dn_style == ACL_STYLE_CHILDREN ) { if ( odnlen <= patlen ) continue; - if ( !DN_SEPARATOR( op->o_ndn[odnlen - patlen - 1] ) || DN_ESCAPE( op->o_ndn[odnlen - patlen - 2] ) ) + if ( !DN_SEPARATOR( op->o_ndn.bv_val[odnlen - patlen - 1] ) || DN_ESCAPE( op->o_ndn.bv_val[odnlen - patlen - 2] ) ) continue; } - if ( strcmp( b->a_dn_pat, op->o_ndn + odnlen - patlen ) != 0 ) + if ( strcmp( b->a_dn_pat.bv_val, op->o_ndn.bv_val + odnlen - patlen ) != 0 ) continue; } @@ -670,7 +674,7 @@ acl_mask( } } - if ( b->a_dn_at != NULL && op->o_ndn != NULL ) { + if ( b->a_dn_at != NULL && op->o_ndn.bv_len != 0 ) { Attribute *at; struct berval bv; int rc, match = 0; @@ -687,8 +691,7 @@ acl_mask( Debug( LDAP_DEBUG_ACL, "<= check a_dn_at: %s\n", attr, 0, 0); #endif - bv.bv_val = op->o_ndn; - bv.bv_len = strlen( bv.bv_val ); + bv = op->o_ndn; /* see if asker is listed in dnattr */ for( at = attrs_find( e->e_attrs, b->a_dn_at ); @@ -742,7 +745,7 @@ acl_mask( } } - if ( b->a_group_pat != NULL && op->o_ndn != NULL ) { + if ( b->a_group_pat != NULL && op->o_ndn.bv_len != 0 ) { char buf[1024]; /* b->a_group is an unexpanded entry name, expanded it should be an @@ -761,7 +764,7 @@ acl_mask( buf[sizeof(buf) - 1] = 0; } - if (backend_group(be, conn, op, e, buf, op->o_ndn, + if (backend_group(be, conn, op, e, buf, op->o_ndn.bv_val, b->a_group_oc, b->a_group_at) != 0) { continue; @@ -1014,7 +1017,7 @@ acl_check_modlist( assert( be != NULL ); /* short circuit root database access */ - if ( be_isroot( be, op->o_ndn ) ) { + if ( be_isroot( be, op->o_ndn.bv_val ) ) { #ifdef NEW_LOGGING LDAP_LOG(( "acl", LDAP_LEVEL_DETAIL1, "acl_check_modlist: conn %d access granted to root user\n", @@ -1301,7 +1304,7 @@ aci_match_set ( cookie.e = e; cookie.conn = conn; cookie.op = op; - rc = (set_filter(aci_set_gather, &cookie, set, op->o_ndn, e->e_ndn, NULL) > 0); + rc = (set_filter(aci_set_gather, &cookie, set, op->o_ndn.bv_val, e->e_ndn, NULL) > 0); ch_free(set); } return(rc); diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c index 384af00a6f..2b9042665e 100644 --- a/servers/slapd/aclparse.c +++ b/servers/slapd/aclparse.c @@ -362,14 +362,15 @@ parse_acl( } if( pat != NULL ) { - if( b->a_dn_pat != NULL ) { + if( b->a_dn_pat.bv_len != 0 ) { fprintf( stderr, "%s: line %d: dn pattern already specified.\n", fname, lineno ); acl_usage(); } - b->a_dn_pat = pat; + b->a_dn_pat.bv_val = pat; + b->a_dn_pat.bv_len = strlen( pat ); b->a_dn_style = sty; if ( sty != ACL_STYLE_REGEX ) dn_normalize(pat); @@ -1220,8 +1221,8 @@ acl_append( AccessControl **l, AccessControl *a ) static void access_free( Access *a ) { - if ( a->a_dn_pat ) - free ( a->a_dn_pat ); + if ( a->a_dn_pat.bv_val ) + free ( a->a_dn_pat.bv_val ); if ( a->a_peername_pat ) free ( a->a_peername_pat ); if ( a->a_sockname_pat ) @@ -1341,16 +1342,16 @@ print_access( Access *b ) fprintf( stderr, "\tby" ); - if ( b->a_dn_pat != NULL ) { - if( strcmp(b->a_dn_pat, "*") == 0 - || strcmp(b->a_dn_pat, "users") == 0 - || strcmp(b->a_dn_pat, "anonymous") == 0 - || strcmp(b->a_dn_pat, "self") == 0 ) + if ( b->a_dn_pat.bv_len != 0 ) { + if( strcmp(b->a_dn_pat.bv_val, "*") == 0 + || strcmp(b->a_dn_pat.bv_val, "users") == 0 + || strcmp(b->a_dn_pat.bv_val, "anonymous") == 0 + || strcmp(b->a_dn_pat.bv_val, "self") == 0 ) { - fprintf( stderr, " %s", b->a_dn_pat ); + fprintf( stderr, " %s", b->a_dn_pat.bv_val ); } else { - fprintf( stderr, " dn.%s=%s", style_strings[b->a_dn_style], b->a_dn_pat ); + fprintf( stderr, " dn.%s=%s", style_strings[b->a_dn_style], b->a_dn_pat.bv_val ); } } diff --git a/servers/slapd/add.c b/servers/slapd/add.c index 35710236ca..016403bff5 100644 --- a/servers/slapd/add.c +++ b/servers/slapd/add.c @@ -266,7 +266,7 @@ do_add( Connection *conn, Operation *op ) */ if ( be->be_add ) { /* do the update here */ - int repl_user = be_isupdate(be, op->o_ndn ); + int repl_user = be_isupdate(be, op->o_ndn.bv_val ); #ifndef SLAPD_MULTIMASTER if ( be->be_update_ndn == NULL || repl_user ) #endif diff --git a/servers/slapd/back-bdb/add.c b/servers/slapd/back-bdb/add.c index 8373f69349..69de6cd837 100644 --- a/servers/slapd/back-bdb/add.c +++ b/servers/slapd/back-bdb/add.c @@ -192,8 +192,8 @@ retry: rc = txn_abort( ltid ); * must be adding entry to at suffix * or with parent "" */ - if ( !be_isroot( be, op->o_ndn )) { - if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn ) ) { + if ( !be_isroot( be, op->o_ndn.bv_val )) { + if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn.bv_val ) ) { p = (Entry *)&slap_entry_root; diff --git a/servers/slapd/back-bdb/delete.c b/servers/slapd/back-bdb/delete.c index 9094411caf..19f28779ee 100644 --- a/servers/slapd/back-bdb/delete.c +++ b/servers/slapd/back-bdb/delete.c @@ -161,8 +161,8 @@ retry: /* transaction retry */ } else { /* no parent, must be root to delete */ - if( ! be_isroot( be, op->o_ndn ) ) { - if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn ) ) { + if( ! be_isroot( be, op->o_ndn.bv_val ) ) { + if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn.bv_val ) ) { p = (Entry *)&slap_entry_root; /* check parent for "children" acl */ diff --git a/servers/slapd/back-bdb/modify.c b/servers/slapd/back-bdb/modify.c index 77bbc3a8ae..87271e8b06 100644 --- a/servers/slapd/back-bdb/modify.c +++ b/servers/slapd/back-bdb/modify.c @@ -50,7 +50,7 @@ int bdb_modify_internal( switch ( mod->sm_op ) { case LDAP_MOD_ADD: Debug(LDAP_DEBUG_ARGS, "bdb_modify_internal: add\n", 0, 0, 0); - err = add_values( e, mod, op->o_ndn ); + err = add_values( e, mod, op->o_ndn.bv_val ); if( err != LDAP_SUCCESS ) { *text = "modify: add values failed"; @@ -61,7 +61,7 @@ int bdb_modify_internal( case LDAP_MOD_DELETE: Debug(LDAP_DEBUG_ARGS, "bdb_modify_internal: delete\n", 0, 0, 0); - err = delete_values( e, mod, op->o_ndn ); + err = delete_values( e, mod, op->o_ndn.bv_val ); assert( err != LDAP_TYPE_OR_VALUE_EXISTS ); if( err != LDAP_SUCCESS ) { *text = "modify: delete values failed"; @@ -72,7 +72,7 @@ int bdb_modify_internal( case LDAP_MOD_REPLACE: Debug(LDAP_DEBUG_ARGS, "bdb_modify_internal: replace\n", 0, 0, 0); - err = replace_values( e, mod, op->o_ndn ); + err = replace_values( e, mod, op->o_ndn.bv_val ); assert( err != LDAP_TYPE_OR_VALUE_EXISTS ); if( err != LDAP_SUCCESS ) { *text = "modify: replace values failed"; @@ -87,7 +87,7 @@ int bdb_modify_internal( * We need to add index if necessary. */ mod->sm_op = LDAP_MOD_ADD; - err = add_values( e, mod, op->o_ndn ); + err = add_values( e, mod, op->o_ndn.bv_val ); if ( err == LDAP_TYPE_OR_VALUE_EXISTS ) { err = LDAP_SUCCESS; diff --git a/servers/slapd/back-bdb/modrdn.c b/servers/slapd/back-bdb/modrdn.c index 5e6d149561..6c2cf93f01 100644 --- a/servers/slapd/back-bdb/modrdn.c +++ b/servers/slapd/back-bdb/modrdn.c @@ -212,9 +212,9 @@ retry: /* transaction retry */ } else { /* no parent, modrdn entry directly under root */ - isroot = be_isroot( be, op->o_ndn ); + isroot = be_isroot( be, op->o_ndn.bv_val ); if ( ! isroot ) { - if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn ) ) { + if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn.bv_val ) ) { p = (Entry *)&slap_entry_root; @@ -328,14 +328,14 @@ retry: /* transaction retry */ } else { if ( isroot == -1 ) { - isroot = be_isroot( be, op->o_ndn ); + isroot = be_isroot( be, op->o_ndn.bv_val ); } np_dn = ch_strdup( "" ); /* no parent, modrdn entry directly under root */ if ( ! isroot ) { - if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn ) ) { + if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn.bv_val ) ) { np = (Entry *)&slap_entry_root; diff --git a/servers/slapd/back-bdb/passwd.c b/servers/slapd/back-bdb/passwd.c index f41f8ed8a9..5959f33618 100644 --- a/servers/slapd/back-bdb/passwd.c +++ b/servers/slapd/back-bdb/passwd.c @@ -73,7 +73,7 @@ bdb_exop_passwd( goto done; } - dn = id ? id->bv_val : op->o_dn; + dn = id ? id->bv_val : op->o_dn.bv_val; Debug( LDAP_DEBUG_TRACE, "bdb_exop_passwd: \"%s\"%s\n", dn, id ? " (proxy)" : "", 0 ); diff --git a/servers/slapd/back-bdb/search.c b/servers/slapd/back-bdb/search.c index 143d75240b..23af1f789e 100644 --- a/servers/slapd/back-bdb/search.c +++ b/servers/slapd/back-bdb/search.c @@ -157,10 +157,10 @@ bdb_search( } /* if not root, get appropriate limits */ - if ( be_isroot( be, op->o_ndn ) ) { + if ( be_isroot( be, op->o_ndn.bv_val ) ) { isroot = 1; } else { - ( void ) get_limits( be, op->o_ndn, &limit ); + ( void ) get_limits( be, op->o_ndn.bv_val, &limit ); } /* The time/size limits come first because they require very little diff --git a/servers/slapd/back-ldap/search.c b/servers/slapd/back-ldap/search.c index c28302833d..d76ff98a30 100644 --- a/servers/slapd/back-ldap/search.c +++ b/servers/slapd/back-ldap/search.c @@ -85,10 +85,10 @@ ldap_back_search( } /* if not root, get appropriate limits */ - if ( be_isroot( be, op->o_ndn ) ) { + if ( be_isroot( be, op->o_ndn.bv_val ) ) { isroot = 1; } else { - ( void ) get_limits( be, op->o_ndn, &limit ); + ( void ) get_limits( be, op->o_ndn.bv_val, &limit ); } /* if no time limit requested, rely on remote server limits */ diff --git a/servers/slapd/back-ldbm/add.c b/servers/slapd/back-ldbm/add.c index 1a8424f53d..65b08452bd 100644 --- a/servers/slapd/back-ldbm/add.c +++ b/servers/slapd/back-ldbm/add.c @@ -205,9 +205,9 @@ ldbm_back_add( } /* no parent, must be adding entry to root */ - if ( !be_isroot( be, op->o_ndn ) ) { + if ( !be_isroot( be, op->o_ndn.bv_val ) ) { if ( be_issuffix( be, "" ) - || be_isupdate( be, op->o_ndn ) ) { + || be_isupdate( be, op->o_ndn.bv_val ) ) { p = (Entry *)&slap_entry_root; rc = access_allowed( be, conn, op, p, diff --git a/servers/slapd/back-ldbm/delete.c b/servers/slapd/back-ldbm/delete.c index 4c17e6cccd..3e34c6dfeb 100644 --- a/servers/slapd/back-ldbm/delete.c +++ b/servers/slapd/back-ldbm/delete.c @@ -153,9 +153,9 @@ ldbm_back_delete( } else { /* no parent, must be root to delete */ - if( ! be_isroot( be, op->o_ndn ) ) { + if( ! be_isroot( be, op->o_ndn.bv_val ) ) { if ( be_issuffix( be, "" ) - || be_isupdate( be, op->o_ndn ) ) { + || be_isupdate( be, op->o_ndn.bv_val ) ) { p = (Entry *)&slap_entry_root; rc = access_allowed( be, conn, op, p, diff --git a/servers/slapd/back-ldbm/modify.c b/servers/slapd/back-ldbm/modify.c index 5f771dbc81..080f2f6659 100644 --- a/servers/slapd/back-ldbm/modify.c +++ b/servers/slapd/back-ldbm/modify.c @@ -71,7 +71,7 @@ int ldbm_modify_internal( Debug(LDAP_DEBUG_ARGS, "ldbm_modify_internal: add\n", 0, 0, 0); #endif - err = add_values( e, mod, op->o_ndn ); + err = add_values( e, mod, op->o_ndn.bv_val ); if( err != LDAP_SUCCESS ) { *text = "modify: add values failed"; @@ -94,7 +94,7 @@ int ldbm_modify_internal( Debug(LDAP_DEBUG_ARGS, "ldbm_modify_internal: delete\n", 0, 0, 0); #endif - err = delete_values( e, mod, op->o_ndn ); + err = delete_values( e, mod, op->o_ndn.bv_val ); assert( err != LDAP_TYPE_OR_VALUE_EXISTS ); if( err != LDAP_SUCCESS ) { *text = "modify: delete values failed"; @@ -116,7 +116,7 @@ int ldbm_modify_internal( Debug(LDAP_DEBUG_ARGS, "ldbm_modify_internal: replace\n", 0, 0, 0); #endif - err = replace_values( e, mod, op->o_ndn ); + err = replace_values( e, mod, op->o_ndn.bv_val ); assert( err != LDAP_TYPE_OR_VALUE_EXISTS ); if( err != LDAP_SUCCESS ) { *text = "modify: replace values failed"; @@ -143,7 +143,7 @@ int ldbm_modify_internal( * We need to add index if necessary. */ mod->sm_op = LDAP_MOD_ADD; - err = add_values( e, mod, op->o_ndn ); + err = add_values( e, mod, op->o_ndn.bv_val ); if ( err == LDAP_TYPE_OR_VALUE_EXISTS ) { err = LDAP_SUCCESS; diff --git a/servers/slapd/back-ldbm/modrdn.c b/servers/slapd/back-ldbm/modrdn.c index 26a78a393d..314c0cd7fe 100644 --- a/servers/slapd/back-ldbm/modrdn.c +++ b/servers/slapd/back-ldbm/modrdn.c @@ -206,10 +206,10 @@ ldbm_back_modrdn( } else { /* no parent, must be root to modify rdn */ - isroot = be_isroot( be, op->o_ndn ); + isroot = be_isroot( be, op->o_ndn.bv_val ); if ( ! be_isroot ) { if ( be_issuffix( be, "" ) - || be_isupdate( be, op->o_ndn ) ) { + || be_isupdate( be, op->o_ndn.bv_val ) ) { p = (Entry *)&slap_entry_root; rc = access_allowed( be, conn, op, p, @@ -383,12 +383,12 @@ ldbm_back_modrdn( /* no parent, must be root to modify newSuperior */ if ( isroot == -1 ) { - isroot = be_isroot( be, op->o_ndn ); + isroot = be_isroot( be, op->o_ndn.bv_val ); } if ( ! be_isroot ) { if ( be_issuffix( be, "" ) - || be_isupdate( be, op->o_ndn ) ) { + || be_isupdate( be, op->o_ndn.bv_val ) ) { np = (Entry *)&slap_entry_root; rc = access_allowed( be, conn, op, np, diff --git a/servers/slapd/back-ldbm/passwd.c b/servers/slapd/back-ldbm/passwd.c index a827d494f6..2dcbabad24 100644 --- a/servers/slapd/back-ldbm/passwd.c +++ b/servers/slapd/back-ldbm/passwd.c @@ -80,7 +80,7 @@ ldbm_back_exop_passwd( goto done; } - dn = id ? id->bv_val : op->o_dn; + dn = id ? id->bv_val : op->o_dn.bv_val; #ifdef NEW_LOGGING LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1, @@ -141,7 +141,7 @@ ldbm_back_exop_passwd( ml.sml_next = NULL; rc = ldbm_modify_internal( be, - conn, op, op->o_ndn, &ml, e, text, textbuf, + conn, op, op->o_ndn.bv_val, &ml, e, text, textbuf, sizeof( textbuf ) ); /* FIXME: ldbm_modify_internal may set *tex = textbuf, diff --git a/servers/slapd/back-ldbm/search.c b/servers/slapd/back-ldbm/search.c index 98c1fd11eb..991c8ac395 100644 --- a/servers/slapd/back-ldbm/search.c +++ b/servers/slapd/back-ldbm/search.c @@ -206,10 +206,10 @@ searchit: } /* if not root, get appropriate limits */ - if ( be_isroot( be, op->o_ndn ) ) { + if ( be_isroot( be, op->o_ndn.bv_val ) ) { isroot = 1; } else { - ( void ) get_limits( be, op->o_ndn, &limit ); + ( void ) get_limits( be, op->o_ndn.bv_val, &limit ); } /* if candidates exceed to-be-checked entries, abort */ diff --git a/servers/slapd/back-meta/search.c b/servers/slapd/back-meta/search.c index 328df32985..2926af6c65 100644 --- a/servers/slapd/back-meta/search.c +++ b/servers/slapd/back-meta/search.c @@ -149,10 +149,10 @@ meta_back_search( nbaselen = strlen( nbase ); /* if not root, get appropriate limits */ - if ( be_isroot( be, op->o_ndn ) ) { + if ( be_isroot( be, op->o_ndn.bv_val ) ) { isroot = 1; } else { - ( void ) get_limits( be, op->o_ndn, &limit ); + ( void ) get_limits( be, op->o_ndn.bv_val, &limit ); } /* if no time limit requested, rely on remote server limits */ diff --git a/servers/slapd/back-sql/search.c b/servers/slapd/back-sql/search.c index 5853597451..367f933fac 100644 --- a/servers/slapd/back-sql/search.c +++ b/servers/slapd/back-sql/search.c @@ -547,7 +547,7 @@ int backsql_search(BackendDB *be,Connection *conn,Operation *op, /* TimesTen : Pass it along to the lower level routines */ srch_info.isTimesTen = bi->isTimesTen; - if (tlimit == 0 && be_isroot(be,op->o_dn)) + if (tlimit == 0 && be_isroot(be,op->o_ndn.bv_val)) { tlimit = -1; /* allow root to set no limit */ } @@ -558,7 +558,7 @@ int backsql_search(BackendDB *be,Connection *conn,Operation *op, stoptime = op->o_time + tlimit; } - if (slimit == 0 && be_isroot(be,op->o_dn)) + if (slimit == 0 && be_isroot(be,op->o_ndn.bv_val)) { slimit = -1; /* allow root to set no limit */ } diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c index 0aff46c443..2e06be0309 100644 --- a/servers/slapd/backend.c +++ b/servers/slapd/backend.c @@ -887,7 +887,7 @@ backend_check_restrictions( return LDAP_CONFIDENTIALITY_REQUIRED; } - if( op->o_ndn == NULL ) { + if( op->o_ndn.bv_len == 0 ) { *text = "modifications require authentication"; return LDAP_OPERATIONS_ERROR; } @@ -901,8 +901,7 @@ backend_check_restrictions( if( requires & SLAP_REQUIRE_STRONG ) { /* should check mechanism */ - if( op->o_authmech == NULL || - op->o_dn == NULL || *op->o_dn == '\0' ) + if( op->o_authmech == NULL || op->o_dn.bv_len == 0 ) { *text = "strong authentication required"; return LDAP_STRONG_AUTH_REQUIRED; @@ -910,8 +909,7 @@ backend_check_restrictions( } if( requires & SLAP_REQUIRE_SASL ) { - if( op->o_authmech == NULL || - op->o_dn == NULL || *op->o_dn == '\0' ) + if( op->o_authmech == NULL || op->o_dn.bv_len == 0 ) { *text = "SASL authentication required"; return LDAP_STRONG_AUTH_REQUIRED; @@ -919,7 +917,7 @@ backend_check_restrictions( } if( requires & SLAP_REQUIRE_AUTHC ) { - if( op->o_dn == NULL || *op->o_dn == '\0' ) { + if( op->o_dn.bv_len == 0 ) { *text = "authentication required"; return LDAP_UNWILLING_TO_PERFORM; } diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c index 6a78b4a51a..0a2cb3f3f9 100644 --- a/servers/slapd/bind.c +++ b/servers/slapd/bind.c @@ -60,14 +60,16 @@ do_bind( connection2anonymous( conn ); ldap_pvt_thread_mutex_unlock( &conn->c_mutex ); - if ( op->o_dn != NULL ) { - free( op->o_dn ); - op->o_dn = ch_strdup( "" ); + if ( op->o_dn.bv_val != NULL ) { + free( op->o_dn.bv_val ); + op->o_dn.bv_val = ch_strdup( "" ); + op->o_dn.bv_len = 0; } - if ( op->o_ndn != NULL ) { - free( op->o_ndn ); - op->o_ndn = ch_strdup( "" ); + if ( op->o_ndn.bv_val != NULL ) { + free( op->o_ndn.bv_val ); + op->o_ndn.bv_val = ch_strdup( "" ); + op->o_ndn.bv_len = 0; } /* @@ -295,10 +297,13 @@ do_bind( ldap_pvt_thread_mutex_lock( &conn->c_mutex ); if( rc == LDAP_SUCCESS ) { - conn->c_dn = edn; + conn->c_dn.bv_val = edn; if( edn != NULL ) { - conn->c_ndn = ch_strdup( edn ); - dn_normalize( conn->c_ndn ); + struct berval *cndn; + conn->c_dn.bv_len = strlen( edn ); + dnNormalize( NULL, &conn->c_dn, &cndn ); + conn->c_ndn = *cndn; + free( cndn ); } conn->c_authmech = conn->c_sasl_bind_mech; conn->c_sasl_bind_mech = NULL; @@ -309,7 +314,7 @@ do_bind( conn->c_ssf = ssf; } - if( conn->c_dn != NULL ) { + if( conn->c_dn.bv_len != 0 ) { ber_len_t max = sockbuf_max_incoming; ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max ); @@ -496,20 +501,22 @@ do_bind( if ( ret == 0 ) { ldap_pvt_thread_mutex_lock( &conn->c_mutex ); + if(edn != NULL) { + conn->c_dn.bv_val = edn; + conn->c_dn.bv_len = strlen( edn ); + } else { + conn->c_dn.bv_val = ch_strdup( pdn->bv_val ); + conn->c_dn.bv_len = pdn->bv_len; + } conn->c_cdn = pdn->bv_val; pdn->bv_val = NULL; pdn->bv_len = 0; - if(edn != NULL) { - conn->c_dn = edn; - } else { - conn->c_dn = ch_strdup( conn->c_cdn ); - } - conn->c_ndn = ndn->bv_val; + conn->c_ndn = *ndn; ndn->bv_val = NULL; ndn->bv_len = 0; - if( conn->c_dn != NULL ) { + if( conn->c_dn.bv_len != 0 ) { ber_len_t max = sockbuf_max_incoming; ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max ); @@ -518,11 +525,11 @@ do_bind( #ifdef NEW_LOGGING LDAP_LOG(( "operation", LDAP_LEVEL_DETAIL1, "do_bind: conn %d v%d bind: \"%s\" to \"%s\" \n", - conn->c_connid, version, conn->c_cdn, conn->c_dn )); + conn->c_connid, version, conn->c_cdn, conn->c_dn.bv_val )); #else Debug( LDAP_DEBUG_TRACE, "do_bind: v%d bind: \"%s\" to \"%s\"\n", - version, conn->c_cdn, conn->c_dn ); + version, conn->c_cdn, conn->c_dn.bv_val ); #endif ldap_pvt_thread_mutex_unlock( &conn->c_mutex ); diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c index c383e90a22..96236b04b0 100644 --- a/servers/slapd/connection.c +++ b/servers/slapd/connection.c @@ -413,8 +413,10 @@ long connection_init( if( c->c_struct_state == SLAP_C_UNINITIALIZED ) { c->c_authmech = NULL; - c->c_dn = NULL; - c->c_ndn = NULL; + c->c_dn.bv_val = NULL; + c->c_dn.bv_len = 0; + c->c_ndn.bv_val = NULL; + c->c_ndn.bv_len = 0; c->c_cdn = NULL; c->c_groups = NULL; @@ -451,8 +453,8 @@ long connection_init( assert( c->c_struct_state == SLAP_C_UNUSED ); assert( c->c_authmech == NULL ); - assert( c->c_dn == NULL ); - assert( c->c_ndn == NULL ); + assert( c->c_dn.bv_val == NULL ); + assert( c->c_ndn.bv_val == NULL ); assert( c->c_cdn == NULL ); assert( c->c_groups == NULL ); assert( c->c_listener_url == NULL ); @@ -578,14 +580,16 @@ void connection2anonymous( Connection *c ) c->c_authmech = NULL; } - if(c->c_dn != NULL) { - free(c->c_dn); - c->c_dn = NULL; + if(c->c_dn.bv_val != NULL) { + free(c->c_dn.bv_val); + c->c_dn.bv_val = NULL; } - if(c->c_ndn != NULL) { - free(c->c_ndn); - c->c_ndn = NULL; + c->c_dn.bv_len = 0; + if(c->c_ndn.bv_val != NULL) { + free(c->c_ndn.bv_val); + c->c_ndn.bv_val = NULL; } + c->c_ndn.bv_len = 0; if(c->c_cdn != NULL) { free(c->c_cdn); @@ -1463,10 +1467,12 @@ static int connection_op_activate( Connection *conn, Operation *op ) arg->co_conn = conn; arg->co_op = op; - if (!arg->co_op->o_dn) { + if (!arg->co_op->o_dn.bv_len) { arg->co_op->o_authz = conn->c_authz; - arg->co_op->o_dn = ch_strdup( conn->c_dn != NULL ? conn->c_dn : "" ); - arg->co_op->o_ndn = ch_strdup( conn->c_ndn != NULL ? conn->c_ndn : "" ); + arg->co_op->o_dn.bv_val = ch_strdup( conn->c_dn.bv_val ? + conn->c_dn.bv_val : "" ); + arg->co_op->o_ndn.bv_val = ch_strdup( conn->c_ndn.bv_val ? + conn->c_ndn.bv_val : "" ); } arg->co_op->o_authtype = conn->c_authtype; arg->co_op->o_authmech = conn->c_authmech != NULL @@ -1576,7 +1582,8 @@ int connection_internal_open( Connection **conn, LDAP **ldp, const char *id ) /* A search operation, number 0 */ op = slap_op_alloc( NULL, 0, LDAP_REQ_SEARCH, 0); - op->o_ndn = ch_strdup( id ); + op->o_ndn.bv_val = ch_strdup( id ); + op->o_ndn.bv_len = strlen( id ); op->o_protocol = LDAP_VERSION3; (*conn) = connection_get( fd[1] ); diff --git a/servers/slapd/delete.c b/servers/slapd/delete.c index f488fecd2c..9272c44a27 100644 --- a/servers/slapd/delete.c +++ b/servers/slapd/delete.c @@ -180,7 +180,7 @@ do_delete( */ if ( be->be_delete ) { /* do the update here */ - int repl_user = be_isupdate( be, op->o_ndn ); + int repl_user = be_isupdate( be, op->o_ndn.bv_val ); #ifndef SLAPD_MULTIMASTER if ( be->be_update_ndn == NULL || repl_user ) #endif diff --git a/servers/slapd/modify.c b/servers/slapd/modify.c index 4c69378ed4..2e43ae3cd0 100644 --- a/servers/slapd/modify.c +++ b/servers/slapd/modify.c @@ -334,7 +334,7 @@ do_modify( */ if ( be->be_modify ) { /* do the update here */ - int repl_user = be_isupdate( be, op->o_ndn ); + int repl_user = be_isupdate( be, op->o_ndn.bv_val ); #ifndef SLAPD_MULTIMASTER /* Multimaster slapd does not have to check for replicator dn * because it accepts each modify request @@ -613,12 +613,11 @@ int slap_mods_opattrs( timestamp.bv_val = timebuf; timestamp.bv_len = strlen(timebuf); - if( op->o_dn == NULL || op->o_dn[0] == '\0' ) { + if( op->o_dn.bv_len == 0 ) { name.bv_val = SLAPD_ANONYMOUS; name.bv_len = sizeof(SLAPD_ANONYMOUS)-1; } else { - name.bv_val = op->o_dn; - name.bv_len = strlen( op->o_dn ); + name = op->o_dn; } if( op->o_tag == LDAP_REQ_ADD ) { diff --git a/servers/slapd/modrdn.c b/servers/slapd/modrdn.c index c3247c26ca..45431bad52 100644 --- a/servers/slapd/modrdn.c +++ b/servers/slapd/modrdn.c @@ -313,7 +313,7 @@ do_modrdn( */ if ( be->be_modrdn ) { /* do the update here */ - int repl_user = be_isupdate( be, op->o_ndn ); + int repl_user = be_isupdate( be, op->o_ndn.bv_val ); #ifndef SLAPD_MULTIMASTER if ( be->be_update_ndn == NULL || repl_user ) #endif diff --git a/servers/slapd/operation.c b/servers/slapd/operation.c index 159b57278c..0dd9c1f334 100644 --- a/servers/slapd/operation.c +++ b/servers/slapd/operation.c @@ -23,11 +23,11 @@ slap_op_free( Operation *op ) if ( op->o_ber != NULL ) { ber_free( op->o_ber, 1 ); } - if ( op->o_dn != NULL ) { - free( op->o_dn ); + if ( op->o_dn.bv_val != NULL ) { + free( op->o_dn.bv_val ); } - if ( op->o_ndn != NULL ) { - free( op->o_ndn ); + if ( op->o_ndn.bv_val != NULL ) { + free( op->o_ndn.bv_val ); } if ( op->o_authmech != NULL ) { free( op->o_authmech ); @@ -60,8 +60,10 @@ slap_op_alloc( op->o_msgid = msgid; op->o_tag = tag; - op->o_dn = NULL; - op->o_ndn = NULL; + op->o_dn.bv_val = NULL; + op->o_dn.bv_len = 0; + op->o_ndn.bv_val = NULL; + op->o_ndn.bv_len = 0; op->o_authmech = NULL; op->o_ctrls = NULL; diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c index c5ada769ff..195183dfff 100644 --- a/servers/slapd/passwd.c +++ b/servers/slapd/passwd.c @@ -33,8 +33,8 @@ int passwd_extop( assert( reqoid != NULL ); assert( strcmp( LDAP_EXOP_X_MODIFY_PASSWD, reqoid ) == 0 ); - if( op->o_dn == NULL || op->o_dn[0] == '\0' ) { - *text = "only authenicated users may change passwords"; + if( op->o_dn.bv_len == 0 ) { + *text = "only authenticated users may change passwords"; return LDAP_STRONG_AUTH_REQUIRED; } diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index 8bcfcb2e68..697aeb30b4 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -706,8 +706,8 @@ typedef enum slap_style_e { typedef struct slap_authz_info { ber_tag_t sai_method; /* LDAP_AUTH_* from */ char * sai_mech; /* SASL Mechanism */ - char * sai_dn; /* DN for reporting purposes */ - char * sai_ndn; /* Normalized DN */ + struct berval sai_dn; /* DN for reporting purposes */ + struct berval sai_ndn; /* Normalized DN */ /* Security Strength Factors */ slap_ssf_t sai_ssf; /* Overall SSF */ diff --git a/servers/slapd/starttls.c b/servers/slapd/starttls.c index 95dc4bbd2a..0e258e9708 100644 --- a/servers/slapd/starttls.c +++ b/servers/slapd/starttls.c @@ -62,14 +62,14 @@ starttls_extop ( } if ( !( global_disallows & SLAP_DISALLOW_TLS_2_ANON ) && - ( conn->c_dn != NULL ) ) + ( conn->c_dn.bv_len != 0 ) ) { /* force to anonymous */ connection2anonymous( conn ); } if ( ( global_disallows & SLAP_DISALLOW_TLS_AUTHC ) && - ( conn->c_dn != NULL ) ) + ( conn->c_dn.bv_len != 0 ) ) { *text = "cannot start TLS after authentication"; rc = LDAP_OPERATIONS_ERROR;