From: Howard Chu Date: Tue, 23 Nov 2004 13:08:45 +0000 (+0000) Subject: Dynamic control management X-Git-Tag: OPENLDAP_REL_ENG_2_3_0ALPHA~246 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=47dd8d87327fd5ba219b3fe698b86780a14de697;p=openldap Dynamic control management --- diff --git a/servers/slapd/back-bdb/search.c b/servers/slapd/back-bdb/search.c index 182cbbd673..f1381063b6 100644 --- a/servers/slapd/back-bdb/search.c +++ b/servers/slapd/back-bdb/search.c @@ -737,12 +737,12 @@ bdb_do_search( Operation *op, SlapReply *rs, Operation *sop, /* Sync control overrides manageDSAit */ if ( !IS_PSEARCH && sop->o_sync_mode & SLAP_SYNC_REFRESH ) { - if ( manageDSAit == SLAP_NO_CONTROL ) { - manageDSAit = SLAP_CRITICAL_CONTROL; + if ( manageDSAit == SLAP_CONTROL_NONE ) { + manageDSAit = SLAP_CONTROL_CRITICAL; } } else if ( IS_PSEARCH ) { - if ( manageDSAit == SLAP_NO_CONTROL ) { - manageDSAit = SLAP_CRITICAL_CONTROL; + if ( manageDSAit == SLAP_CONTROL_NONE ) { + manageDSAit = SLAP_CONTROL_CRITICAL; } } @@ -1000,7 +1000,8 @@ dn2entry_retry: tentries = BDB_IDL_N(candidates); } - if ( get_pagedresults( sop ) > SLAP_NO_CONTROL ) { + if ( get_pagedresults( sop ) > SLAP_CONTROL_IGNORED ) { + PagedResultsState *ps = sop->o_pagedresults_state; /* deferred cookie parsing */ rs->sr_err = parse_paged_cookie( sop, rs ); if ( rs->sr_err != LDAP_SUCCESS ) { @@ -1008,11 +1009,11 @@ dn2entry_retry: goto done; } - if ( (ID)( sop->o_pagedresults_state.ps_cookie ) == 0 ) { + if ( (ID)( ps->ps_cookie ) == 0 ) { id = bdb_idl_first( candidates, &cursor ); } else { - if ( sop->o_pagedresults_size == 0 ) { + if ( ps->ps_size == 0 ) { rs->sr_err = LDAP_SUCCESS; rs->sr_text = "search abandoned by pagedResult size=0"; send_ldap_result( sop, rs ); @@ -1020,7 +1021,7 @@ dn2entry_retry: } for ( id = bdb_idl_first( candidates, &cursor ); id != NOID && - id <= (ID)( sop->o_pagedresults_state.ps_cookie ); + id <= (ID)( ps->ps_cookie ); id = bdb_idl_next( candidates, &cursor ) ) { /* empty */; @@ -1427,8 +1428,8 @@ id2entry_retry: goto done; } - if ( get_pagedresults(sop) > SLAP_NO_CONTROL ) { - if ( rs->sr_nentries >= sop->o_pagedresults_size ) { + if ( get_pagedresults(sop) > SLAP_CONTROL_IGNORED ) { + if ( rs->sr_nentries >= ((PagedResultsState *)sop->o_pagedresults_state)->ps_size ) { send_paged_response( sop, rs, &lastid, tentries ); goto done; } @@ -1766,7 +1767,7 @@ nochange: rs->sr_ref = rs->sr_v2ref; rs->sr_err = (rs->sr_v2ref == NULL) ? LDAP_SUCCESS : LDAP_REFERRAL; rs->sr_rspoid = NULL; - if ( get_pagedresults(sop) > SLAP_NO_CONTROL ) { + if ( get_pagedresults(sop) > SLAP_CONTROL_IGNORED ) { send_paged_response( sop, rs, NULL, 0 ); } else { send_ldap_result( sop, rs ); @@ -2007,11 +2008,12 @@ parse_paged_cookie( Operation *op, SlapReply *rs ) ber_int_t size; BerElement *ber; struct berval cookie = BER_BVNULL; + PagedResultsState *ps = op->o_pagedresults_state; /* this function must be invoked only if the pagedResults * control has been detected, parsed and partially checked * by the frontend */ - assert( get_pagedresults( op ) > SLAP_NO_CONTROL ); + assert( get_pagedresults( op ) > SLAP_CONTROL_IGNORED ); /* look for the appropriate ctrl structure */ for ( c = op->o_ctrls; c[0] != NULL; c++ ) { @@ -2061,13 +2063,13 @@ parse_paged_cookie( Operation *op, SlapReply *rs ) AC_MEMCPY( &reqcookie, cookie.bv_val, sizeof( reqcookie )); - if ( reqcookie > op->o_pagedresults_state.ps_cookie ) { + if ( reqcookie > ps->ps_cookie ) { /* bad cookie */ rs->sr_text = "paged results cookie is invalid"; rc = LDAP_PROTOCOL_ERROR; goto done; - } else if ( reqcookie < op->o_pagedresults_state.ps_cookie ) { + } else if ( reqcookie < ps->ps_cookie ) { rs->sr_text = "paged results cookie is invalid or old"; rc = LDAP_UNWILLING_TO_PERFORM; goto done; @@ -2085,8 +2087,8 @@ parse_paged_cookie( Operation *op, SlapReply *rs ) goto done; } #endif - op->o_pagedresults_state.ps_cookie = 0; - op->o_pagedresults_state.ps_count = 0; + ps->ps_cookie = 0; + ps->ps_count = 0; } done:; @@ -2130,7 +2132,7 @@ send_paged_response( op->o_conn->c_pagedresults_state.ps_cookie = respcookie; op->o_conn->c_pagedresults_state.ps_count = - op->o_pagedresults_state.ps_count + rs->sr_nentries; + ((PagedResultsState *)op->o_pagedresults_state)->ps_count + rs->sr_nentries; /* return size of 0 -- no estimate */ ber_printf( ber, "{iO}", 0, &cookie ); diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c index 836e9d4ce5..7ad9bf1d50 100644 --- a/servers/slapd/bind.c +++ b/servers/slapd/bind.c @@ -231,7 +231,7 @@ fe_op_bind( Operation *op, SlapReply *rs ) struct berval mech = op->orb_tmp_mech; /* check for inappropriate controls */ - if( get_manageDSAit( op ) == SLAP_CRITICAL_CONTROL ) { + if( get_manageDSAit( op ) == SLAP_CONTROL_CRITICAL ) { send_ldap_error( op, rs, LDAP_UNAVAILABLE_CRITICAL_EXTENSION, "manageDSAit control inappropriate" ); diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c index 44c4e9faf7..6b1c055a22 100644 --- a/servers/slapd/connection.c +++ b/servers/slapd/connection.c @@ -1438,15 +1438,10 @@ connection_input( op = slap_op_alloc( ber, msgid, tag, conn->c_n_ops_received++ ); op->o_conn = conn; - op->o_assertion = NULL; - op->o_preread_attrs = NULL; - op->o_postread_attrs = NULL; - op->o_vrFilter = NULL; /* clear state if the connection is being reused from inactive */ if ( conn->c_conn_state == SLAP_C_INACTIVE ) { memset( &conn->c_pagedresults_state, 0, sizeof( conn->c_pagedresults_state ) ); } - op->o_pagedresults_state = conn->c_pagedresults_state; op->o_res_ber = NULL; diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c index bdf2666ed9..ecdc8fe835 100644 --- a/servers/slapd/controls.c +++ b/servers/slapd/controls.c @@ -48,10 +48,15 @@ static SLAP_CTRL_PARSE_FN parseLDAPsync; const struct berval slap_pre_read_bv = BER_BVC(LDAP_CONTROL_PRE_READ); const struct berval slap_post_read_bv = BER_BVC(LDAP_CONTROL_POST_READ); +struct slap_control_ids slap_cids; + struct slap_control { /* Control OID */ char *sc_oid; + /* The controlID for this control */ + int sc_cid; + /* Operations supported by control */ slap_mask_t sc_mask; @@ -71,6 +76,7 @@ static LDAP_SLIST_HEAD(ControlsList, slap_control) controls_list * all known request control OIDs should be added to this list */ char **slap_known_controls = NULL; +static int num_known_controls; static char *proxy_authz_extops[] = { LDAP_EXOP_MODIFY_PASSWD, @@ -79,64 +85,79 @@ static char *proxy_authz_extops[] = { }; static struct slap_control control_defs[] = { - { LDAP_CONTROL_ASSERT, + { LDAP_CONTROL_ASSERT, + (int)offsetof(struct slap_control_ids, sc_assert), SLAP_CTRL_HIDE|SLAP_CTRL_ACCESS, NULL, parseAssert, LDAP_SLIST_ENTRY_INITIALIZER(next) }, { LDAP_CONTROL_PRE_READ, + (int)offsetof(struct slap_control_ids, sc_preRead), SLAP_CTRL_HIDE|SLAP_CTRL_DELETE|SLAP_CTRL_MODIFY|SLAP_CTRL_RENAME, NULL, parsePreRead, LDAP_SLIST_ENTRY_INITIALIZER(next) }, { LDAP_CONTROL_POST_READ, + (int)offsetof(struct slap_control_ids, sc_postRead), SLAP_CTRL_HIDE|SLAP_CTRL_ADD|SLAP_CTRL_MODIFY|SLAP_CTRL_RENAME, NULL, parsePostRead, LDAP_SLIST_ENTRY_INITIALIZER(next) }, { LDAP_CONTROL_VALUESRETURNFILTER, + (int)offsetof(struct slap_control_ids, sc_valuesReturnFilter), SLAP_CTRL_SEARCH, NULL, parseValuesReturnFilter, LDAP_SLIST_ENTRY_INITIALIZER(next) }, { LDAP_CONTROL_PAGEDRESULTS, + (int)offsetof(struct slap_control_ids, sc_pagedResults), SLAP_CTRL_SEARCH, NULL, parsePagedResults, LDAP_SLIST_ENTRY_INITIALIZER(next) }, #ifdef LDAP_CONTROL_X_DOMAIN_SCOPE { LDAP_CONTROL_X_DOMAIN_SCOPE, + (int)offsetof(struct slap_control_ids, sc_domainScope), SLAP_CTRL_FRONTEND|SLAP_CTRL_SEARCH, NULL, parseDomainScope, LDAP_SLIST_ENTRY_INITIALIZER(next) }, #endif #ifdef LDAP_CONTROL_X_PERMISSIVE_MODIFY { LDAP_CONTROL_X_PERMISSIVE_MODIFY, + (int)offsetof(struct slap_control_ids, sc_permissiveModify), SLAP_CTRL_MODIFY, NULL, parsePermissiveModify, LDAP_SLIST_ENTRY_INITIALIZER(next) }, #endif #ifdef LDAP_CONTROL_X_TREE_DELETE { LDAP_CONTROL_X_TREE_DELETE, + (int)offsetof(struct slap_control_ids, sc_treeDelete), SLAP_CTRL_DELETE, NULL, parseTreeDelete, LDAP_SLIST_ENTRY_INITIALIZER(next) }, #endif #ifdef LDAP_CONTORL_X_SEARCH_OPTIONS { LDAP_CONTORL_X_SEARCH_OPTIONS, + (int)offsetof(struct slap_control_ids, sc_searchOptions), SLAP_CTRL_FRONTEND|SLAP_CTRL_SEARCH, NULL, parseSearchOptions, LDAP_SLIST_ENTRY_INITIALIZER(next) }, #endif #ifdef LDAP_CONTROL_SUBENTRIES { LDAP_CONTROL_SUBENTRIES, + (int)offsetof(struct slap_control_ids, sc_subentries), SLAP_CTRL_SEARCH, NULL, parseSubentries, LDAP_SLIST_ENTRY_INITIALIZER(next) }, #endif { LDAP_CONTROL_NOOP, + (int)offsetof(struct slap_control_ids, sc_noOp), SLAP_CTRL_HIDE|SLAP_CTRL_ACCESS, NULL, parseNoOp, LDAP_SLIST_ENTRY_INITIALIZER(next) }, { LDAP_CONTROL_SYNC, + (int)offsetof(struct slap_control_ids, sc_LDAPsync), SLAP_CTRL_HIDE|SLAP_CTRL_SEARCH, NULL, parseLDAPsync, LDAP_SLIST_ENTRY_INITIALIZER(next) }, #ifdef LDAP_CONTROL_MODIFY_INCREMENT { LDAP_CONTROL_MODIFY_INCREMENT, + (int)offsetof(struct slap_control_ids, sc_modifyIncrement), SLAP_CTRL_HIDE|SLAP_CTRL_MODIFY, NULL, parseModifyIncrement, LDAP_SLIST_ENTRY_INITIALIZER(next) }, #endif { LDAP_CONTROL_MANAGEDSAIT, + (int)offsetof(struct slap_control_ids, sc_manageDSAit), SLAP_CTRL_ACCESS, NULL, parseManageDSAit, LDAP_SLIST_ENTRY_INITIALIZER(next) }, { LDAP_CONTROL_PROXY_AUTHZ, + (int)offsetof(struct slap_control_ids, sc_proxyAuthz), SLAP_CTRL_FRONTEND|SLAP_CTRL_ACCESS, proxy_authz_extops, parseProxyAuthz, LDAP_SLIST_ENTRY_INITIALIZER(next) }, - { NULL, 0, NULL, 0, LDAP_SLIST_ENTRY_INITIALIZER(next) } + { NULL, 0, 0, NULL, 0, LDAP_SLIST_ENTRY_INITIALIZER(next) } }; /* @@ -149,10 +170,10 @@ int register_supported_control(const char *controloid, slap_mask_t controlmask, char **controlexops, - SLAP_CTRL_PARSE_FN *controlparsefn) + SLAP_CTRL_PARSE_FN *controlparsefn, + int *controlcid) { struct slap_control *sc; - int i; if ( controloid == NULL ) return LDAP_PARAM_ERROR; @@ -182,18 +203,12 @@ register_supported_control(const char *controloid, ch_free( sc ); return LDAP_NO_MEMORY; } - slap_known_controls[0] = ch_strdup( sc->sc_oid ); - slap_known_controls[1] = NULL; } else { char **new_known_controls; - for ( i = 0; slap_known_controls[i] != NULL; i++ ) { - /* EMPTY */ ; - } - new_known_controls = (char **)SLAP_REALLOC( - slap_known_controls, (i + 2) * sizeof(char *) ); + slap_known_controls, (num_known_controls + 2) * sizeof(char *) ); if ( new_known_controls == NULL ) { if ( sc->sc_extendedops != NULL ) { @@ -203,9 +218,11 @@ register_supported_control(const char *controloid, return LDAP_NO_MEMORY; } slap_known_controls = new_known_controls; - slap_known_controls[i++] = ch_strdup( sc->sc_oid ); - slap_known_controls[i] = NULL; } + if ( controlcid ) *controlcid = num_known_controls; + sc->sc_cid = num_known_controls; + slap_known_controls[num_known_controls++] = ch_strdup( sc->sc_oid ); + slap_known_controls[num_known_controls] = NULL; LDAP_SLIST_NEXT( sc, sc_next ) = NULL; LDAP_SLIST_INSERT_HEAD( &controls_list, sc, sc_next ); @@ -224,9 +241,10 @@ slap_controls_init( void ) rc = LDAP_SUCCESS; for ( i = 0; control_defs[i].sc_oid != NULL; i++ ) { + int *cid = (int *)(((char *)&slap_cids) + control_defs[i].sc_cid ); rc = register_supported_control( control_defs[i].sc_oid, control_defs[i].sc_mask, control_defs[i].sc_extendedops, - control_defs[i].sc_parse ); + control_defs[i].sc_parse, cid ); if ( rc != LDAP_SUCCESS ) break; } @@ -636,7 +654,7 @@ static int parseModifyIncrement ( LDAPControl *ctrl ) { #if 0 - if ( op->o_modifyIncrement != SLAP_NO_CONTROL ) { + if ( op->o_modifyIncrement != SLAP_CONTROL_NONE ) { rs->sr_text = "modifyIncrement control specified multiple times"; return LDAP_PROTOCOL_ERROR; } @@ -649,8 +667,8 @@ static int parseModifyIncrement ( #if 0 op->o_modifyIncrement = ctrl->ldctl_iscritical - ? SLAP_CRITICAL_CONTROL - : SLAP_NONCRITICAL_CONTROL; + ? SLAP_CONTROL_CRITICAL + : SLAP_CONTROL_NONCRITICAL; #endif return LDAP_SUCCESS; @@ -661,7 +679,7 @@ static int parseManageDSAit ( SlapReply *rs, LDAPControl *ctrl ) { - if ( op->o_managedsait != SLAP_NO_CONTROL ) { + if ( op->o_managedsait != SLAP_CONTROL_NONE ) { rs->sr_text = "manageDSAit control specified multiple times"; return LDAP_PROTOCOL_ERROR; } @@ -672,8 +690,8 @@ static int parseManageDSAit ( } op->o_managedsait = ctrl->ldctl_iscritical - ? SLAP_CRITICAL_CONTROL - : SLAP_NONCRITICAL_CONTROL; + ? SLAP_CONTROL_CRITICAL + : SLAP_CONTROL_NONCRITICAL; return LDAP_SUCCESS; } @@ -686,14 +704,14 @@ static int parseProxyAuthz ( int rc; struct berval dn = BER_BVNULL; - if ( op->o_proxy_authz != SLAP_NO_CONTROL ) { + if ( op->o_proxy_authz != SLAP_CONTROL_NONE ) { rs->sr_text = "proxy authorization control specified multiple times"; return LDAP_PROTOCOL_ERROR; } op->o_proxy_authz = ctrl->ldctl_iscritical - ? SLAP_CRITICAL_CONTROL - : SLAP_NONCRITICAL_CONTROL; + ? SLAP_CONTROL_CRITICAL + : SLAP_CONTROL_NONCRITICAL; Debug( LDAP_DEBUG_ARGS, "parseProxyAuthz: conn %lu authzid=\"%s\"\n", @@ -766,7 +784,7 @@ static int parseNoOp ( SlapReply *rs, LDAPControl *ctrl ) { - if ( op->o_noop != SLAP_NO_CONTROL ) { + if ( op->o_noop != SLAP_CONTROL_NONE ) { rs->sr_text = "noop control specified multiple times"; return LDAP_PROTOCOL_ERROR; } @@ -777,8 +795,8 @@ static int parseNoOp ( } op->o_noop = ctrl->ldctl_iscritical - ? SLAP_CRITICAL_CONTROL - : SLAP_NONCRITICAL_CONTROL; + ? SLAP_CONTROL_CRITICAL + : SLAP_CONTROL_NONCRITICAL; return LDAP_SUCCESS; } @@ -793,13 +811,14 @@ static int parsePagedResults ( ber_int_t size; BerElement *ber; struct berval cookie = BER_BVNULL; + PagedResultsState *ps; - if ( op->o_pagedresults != SLAP_NO_CONTROL ) { + if ( op->o_pagedresults != SLAP_CONTROL_NONE ) { rs->sr_text = "paged results control specified multiple times"; return LDAP_PROTOCOL_ERROR; } - if ( op->o_sync != SLAP_NO_CONTROL ) { + if ( op->o_sync != SLAP_CONTROL_NONE ) { rs->sr_text = "paged results control specified with sync control"; return LDAP_PROTOCOL_ERROR; } @@ -879,7 +898,10 @@ static int parsePagedResults ( } #endif - op->o_pagedresults_size = size; + ps = op->o_tmpalloc( sizeof(PagedResultsState), op->o_tmpmemctx ); + *ps = op->o_conn->c_pagedresults_state; + ps->ps_size = size; + op->o_pagedresults_state = ps; /* NOTE: according to RFC 2696 3.: @@ -892,13 +914,13 @@ static int parsePagedResults ( */ if ( op->ors_slimit > 0 && size >= op->ors_slimit ) { - op->o_pagedresults = SLAP_IGNORED_CONTROL; + op->o_pagedresults = SLAP_CONTROL_IGNORED; } else if ( ctrl->ldctl_iscritical ) { - op->o_pagedresults = SLAP_CRITICAL_CONTROL; + op->o_pagedresults = SLAP_CONTROL_CRITICAL; } else { - op->o_pagedresults = SLAP_NONCRITICAL_CONTROL; + op->o_pagedresults = SLAP_CONTROL_NONCRITICAL; } done:; @@ -915,7 +937,7 @@ static int parseAssert ( struct berval fstr = BER_BVNULL; const char *err_msg = ""; - if ( op->o_assert != SLAP_NO_CONTROL ) { + if ( op->o_assert != SLAP_CONTROL_NONE ) { rs->sr_text = "assert control specified multiple times"; return LDAP_PROTOCOL_ERROR; } @@ -931,7 +953,7 @@ static int parseAssert ( return LDAP_OTHER; } - rs->sr_err = get_filter( op, ber, &(op->o_assertion), &rs->sr_text); + rs->sr_err = get_filter( op, ber, (Filter **)&(op->o_assertion), &rs->sr_text); if( rs->sr_err != LDAP_SUCCESS ) { if( rs->sr_err == SLAPD_DISCONNECT ) { @@ -956,8 +978,8 @@ static int parseAssert ( #endif op->o_assert = ctrl->ldctl_iscritical - ? SLAP_CRITICAL_CONTROL - : SLAP_NONCRITICAL_CONTROL; + ? SLAP_CONTROL_CRITICAL + : SLAP_CONTROL_NONCRITICAL; rs->sr_err = LDAP_SUCCESS; return LDAP_SUCCESS; @@ -972,7 +994,7 @@ static int parsePreRead ( AttributeName *an = NULL; BerElement *ber; - if ( op->o_preread != SLAP_NO_CONTROL ) { + if ( op->o_preread != SLAP_CONTROL_NONE ) { rs->sr_text = "preread control specified multiple times"; return LDAP_PROTOCOL_ERROR; } @@ -1010,8 +1032,8 @@ static int parsePreRead ( } op->o_preread = ctrl->ldctl_iscritical - ? SLAP_CRITICAL_CONTROL - : SLAP_NONCRITICAL_CONTROL; + ? SLAP_CONTROL_CRITICAL + : SLAP_CONTROL_NONCRITICAL; op->o_preread_attrs = an; @@ -1028,7 +1050,7 @@ static int parsePostRead ( AttributeName *an = NULL; BerElement *ber; - if ( op->o_postread != SLAP_NO_CONTROL ) { + if ( op->o_postread != SLAP_CONTROL_NONE ) { rs->sr_text = "postread control specified multiple times"; return LDAP_PROTOCOL_ERROR; } @@ -1066,8 +1088,8 @@ static int parsePostRead ( } op->o_postread = ctrl->ldctl_iscritical - ? SLAP_CRITICAL_CONTROL - : SLAP_NONCRITICAL_CONTROL; + ? SLAP_CONTROL_CRITICAL + : SLAP_CONTROL_NONCRITICAL; op->o_postread_attrs = an; @@ -1084,7 +1106,7 @@ int parseValuesReturnFilter ( struct berval fstr = BER_BVNULL; const char *err_msg = ""; - if ( op->o_valuesreturnfilter != SLAP_NO_CONTROL ) { + if ( op->o_valuesreturnfilter != SLAP_CONTROL_NONE ) { rs->sr_text = "valuesReturnFilter control specified multiple times"; return LDAP_PROTOCOL_ERROR; } @@ -1100,7 +1122,7 @@ int parseValuesReturnFilter ( return LDAP_OTHER; } - rs->sr_err = get_vrFilter( op, ber, &(op->o_vrFilter), &rs->sr_text); + rs->sr_err = get_vrFilter( op, ber, (ValuesReturnFilter **)&(op->o_vrFilter), &rs->sr_text); if( rs->sr_err != LDAP_SUCCESS ) { if( rs->sr_err == SLAPD_DISCONNECT ) { @@ -1123,8 +1145,8 @@ int parseValuesReturnFilter ( #endif op->o_valuesreturnfilter = ctrl->ldctl_iscritical - ? SLAP_CRITICAL_CONTROL - : SLAP_NONCRITICAL_CONTROL; + ? SLAP_CONTROL_CRITICAL + : SLAP_CONTROL_NONCRITICAL; rs->sr_err = LDAP_SUCCESS; return LDAP_SUCCESS; @@ -1136,7 +1158,7 @@ static int parseSubentries ( SlapReply *rs, LDAPControl *ctrl ) { - if ( op->o_subentries != SLAP_NO_CONTROL ) { + if ( op->o_subentries != SLAP_CONTROL_NONE ) { rs->sr_text = "subentries control specified multiple times"; return LDAP_PROTOCOL_ERROR; } @@ -1151,10 +1173,11 @@ static int parseSubentries ( } op->o_subentries = ctrl->ldctl_iscritical - ? SLAP_CRITICAL_CONTROL - : SLAP_NONCRITICAL_CONTROL; + ? SLAP_CONTROL_CRITICAL + : SLAP_CONTROL_NONCRITICAL; - op->o_subentries_visibility = (ctrl->ldctl_value.bv_val[2] != 0x00); + if ( (void *)(ctrl->ldctl_value.bv_val[2] != 0x00)) + set_subentries_visibility( op ); return LDAP_SUCCESS; } @@ -1166,7 +1189,7 @@ static int parsePermissiveModify ( SlapReply *rs, LDAPControl *ctrl ) { - if ( op->o_permissive_modify != SLAP_NO_CONTROL ) { + if ( op->o_permissive_modify != SLAP_CONTROL_NONE ) { rs->sr_text = "permissiveModify control specified multiple times"; return LDAP_PROTOCOL_ERROR; } @@ -1177,8 +1200,8 @@ static int parsePermissiveModify ( } op->o_permissive_modify = ctrl->ldctl_iscritical - ? SLAP_CRITICAL_CONTROL - : SLAP_NONCRITICAL_CONTROL; + ? SLAP_CONTROL_CRITICAL + : SLAP_CONTROL_NONCRITICAL; return LDAP_SUCCESS; } @@ -1190,7 +1213,7 @@ static int parseDomainScope ( SlapReply *rs, LDAPControl *ctrl ) { - if ( op->o_domain_scope != SLAP_NO_CONTROL ) { + if ( op->o_domain_scope != SLAP_CONTROL_NONE ) { rs->sr_text = "domainScope control specified multiple times"; return LDAP_PROTOCOL_ERROR; } @@ -1201,8 +1224,8 @@ static int parseDomainScope ( } op->o_domain_scope = ctrl->ldctl_iscritical - ? SLAP_CRITICAL_CONTROL - : SLAP_NONCRITICAL_CONTROL; + ? SLAP_CONTROL_CRITICAL + : SLAP_CONTROL_NONCRITICAL; return LDAP_SUCCESS; } @@ -1214,7 +1237,7 @@ static int parseTreeDelete ( SlapReply *rs, LDAPControl *ctrl ) { - if ( op->o_tree_delete != SLAP_NO_CONTROL ) { + if ( op->o_tree_delete != SLAP_CONTROL_NONE ) { rs->sr_text = "treeDelete control specified multiple times"; return LDAP_PROTOCOL_ERROR; } @@ -1225,8 +1248,8 @@ static int parseTreeDelete ( } op->o_tree_delete = ctrl->ldctl_iscritical - ? SLAP_CRITICAL_CONTROL - : SLAP_NONCRITICAL_CONTROL; + ? SLAP_CONTROL_CRITICAL + : SLAP_CONTROL_NONCRITICAL; return LDAP_SUCCESS; } @@ -1260,15 +1283,15 @@ static int parseSearchOptions ( (void) ber_free( ber, 1 ); if ( search_flags & LDAP_SEARCH_FLAG_DOMAIN_SCOPE ) { - if ( op->o_domain_scope != SLAP_NO_CONTROL ) { + if ( op->o_domain_scope != SLAP_CONTROL_NONE ) { rs->sr_text = "searchOptions control specified multiple times " "or with domainScope control"; return LDAP_PROTOCOL_ERROR; } op->o_domain_scope = ctrl->ldctl_iscritical - ? SLAP_CRITICAL_CONTROL - : SLAP_NONCRITICAL_CONTROL; + ? SLAP_CONTROL_CRITICAL + : SLAP_CONTROL_NONCRITICAL; } if ( search_flags & ~(LDAP_SEARCH_FLAG_DOMAIN_SCOPE) ) { @@ -1292,12 +1315,12 @@ static int parseLDAPsync ( ber_len_t len; struct slap_session_entry *se; - if ( op->o_sync != SLAP_NO_CONTROL ) { + if ( op->o_sync != SLAP_CONTROL_NONE ) { rs->sr_text = "Sync control specified multiple times"; return LDAP_PROTOCOL_ERROR; } - if ( op->o_pagedresults != SLAP_NO_CONTROL ) { + if ( op->o_pagedresults != SLAP_CONTROL_NONE ) { rs->sr_text = "Sync control specified with pagedResults control"; return LDAP_PROTOCOL_ERROR; } @@ -1370,8 +1393,8 @@ static int parseLDAPsync ( op->o_sync_mode = (char) mode; op->o_sync = ctrl->ldctl_iscritical - ? SLAP_CRITICAL_CONTROL - : SLAP_NONCRITICAL_CONTROL; + ? SLAP_CONTROL_CRITICAL + : SLAP_CONTROL_NONCRITICAL; return LDAP_SUCCESS; } diff --git a/servers/slapd/delete.c b/servers/slapd/delete.c index 36a838b54a..8dbe493281 100644 --- a/servers/slapd/delete.c +++ b/servers/slapd/delete.c @@ -215,7 +215,7 @@ fe_op_delete( Operation *op, SlapReply *rs ) org_managedsait = get_manageDSAit( op ); op->o_dn = op->o_bd->be_rootdn; op->o_ndn = op->o_bd->be_rootndn; - op->o_managedsait = 1; + op->o_managedsait = SLAP_CONTROL_NONCRITICAL; while ( rs->sr_err == LDAP_SUCCESS && op->o_delete_glue_parent ) diff --git a/servers/slapd/extended.c b/servers/slapd/extended.c index 8a62bf8f71..9a010e812a 100644 --- a/servers/slapd/extended.c +++ b/servers/slapd/extended.c @@ -169,7 +169,7 @@ do_extended( } /* check for controls inappropriate for all extended operations */ - if( get_manageDSAit( op ) == SLAP_CRITICAL_CONTROL ) { + if( get_manageDSAit( op ) == SLAP_CONTROL_CRITICAL ) { send_ldap_error( op, rs, LDAP_UNAVAILABLE_CRITICAL_EXTENSION, "manageDSAit control inappropriate" ); diff --git a/servers/slapd/limits.c b/servers/slapd/limits.c index 04902fda87..ab5130e4dc 100644 --- a/servers/slapd/limits.c +++ b/servers/slapd/limits.c @@ -982,9 +982,10 @@ limits_check( Operation *op, SlapReply *rs ) } /* if paged results is requested */ - if ( get_pagedresults( op ) > SLAP_NO_CONTROL ) { + if ( get_pagedresults( op ) > SLAP_CONTROL_IGNORED ) { int slimit = -2; int pr_total; + PagedResultsState *ps = op->o_pagedresults_state; /* paged results is not allowed */ if ( op->ors_limit->lms_s_pr_total == -2 ) { @@ -996,7 +997,7 @@ limits_check( Operation *op, SlapReply *rs ) return -1; } - if ( op->ors_limit->lms_s_pr > 0 && op->o_pagedresults_size > op->ors_limit->lms_s_pr ) { + if ( op->ors_limit->lms_s_pr > 0 && ps->ps_size > op->ors_limit->lms_s_pr ) { rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED; rs->sr_text = "illegal pagedResults page size"; send_ldap_result( op, rs ); @@ -1020,7 +1021,7 @@ limits_check( Operation *op, SlapReply *rs ) slimit = -1; } else { - slimit = op->ors_slimit - op->o_pagedresults_state.ps_count; + slimit = op->ors_slimit - ps->ps_count; } #ifdef ABOVE_HARD_LIMIT_IS_ERROR @@ -1056,7 +1057,7 @@ limits_check( Operation *op, SlapReply *rs ) slimit2 = op->ors_slimit; } - total = slimit2 - op->o_pagedresults_state.ps_count; + total = slimit2 - ps->ps_count; if ( total >= 0 ) { if ( op->ors_limit->lms_s_pr > 0 ) { @@ -1092,7 +1093,7 @@ limits_check( Operation *op, SlapReply *rs ) op->ors_slimit = slimit; } else if ( slimit > 0 ) { - if ( op->ors_slimit - op->o_pagedresults_state.ps_count > slimit ) { + if ( op->ors_slimit - ps->ps_count > slimit ) { rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED; send_ldap_result( op, rs ); rs->sr_err = LDAP_SUCCESS; diff --git a/servers/slapd/modrdn.c b/servers/slapd/modrdn.c index 1cfd673261..de26c6c7a0 100644 --- a/servers/slapd/modrdn.c +++ b/servers/slapd/modrdn.c @@ -338,7 +338,7 @@ fe_op_modrdn( Operation *op, SlapReply *rs ) org_managedsait = get_manageDSAit( op ); op->o_dn = op->o_bd->be_rootdn; op->o_ndn = op->o_bd->be_rootndn; - op->o_managedsait = 1; + op->o_managedsait = SLAP_CONTROL_NONCRITICAL; while ( rs->sr_err == LDAP_SUCCESS && op->o_delete_glue_parent ) { diff --git a/servers/slapd/operation.c b/servers/slapd/operation.c index 27ec820fac..10bacb21d8 100644 --- a/servers/slapd/operation.c +++ b/servers/slapd/operation.c @@ -53,6 +53,7 @@ void slap_op_destroy(void) while ( (o = LDAP_STAILQ_FIRST( &slap_free_ops )) != NULL) { LDAP_STAILQ_REMOVE_HEAD( &slap_free_ops, o_next ); LDAP_STAILQ_NEXT(o, o_next) = NULL; + ch_free( o->o_controls ); ch_free( o ); } ldap_pvt_thread_mutex_destroy( &slap_op_mutex ); @@ -62,6 +63,7 @@ void slap_op_free( Operation *op ) { struct berval slap_empty_bv_dup; + void **controls; assert( LDAP_STAILQ_NEXT(op, o_next) == NULL ); @@ -109,7 +111,10 @@ slap_op_free( Operation *op ) ch_free( op->o_sync_csn.bv_val ); } + controls = op->o_controls; + memset( controls, 0, sizeof(void *) * SLAP_MAX_CIDS ); memset( op, 0, sizeof(Operation) ); + op->o_controls = controls; op->o_sync_state.sid = -1; op->o_sync_slog_size = -1; @@ -138,6 +143,7 @@ slap_op_alloc( if (!op) { op = (Operation *) ch_calloc( 1, sizeof(Operation) ); + op->o_controls = (void **) ch_calloc( SLAP_MAX_CIDS, sizeof( void *)); } op->o_ber = ber; diff --git a/servers/slapd/overlays/Makefile.in b/servers/slapd/overlays/Makefile.in index 710c6b9b44..78d8407a89 100644 --- a/servers/slapd/overlays/Makefile.in +++ b/servers/slapd/overlays/Makefile.in @@ -73,6 +73,9 @@ refint.la : refint.lo $(@PLAT@_LINK_LIBS) rwm.la : rwm.lo $(@PLAT@_LINK_LIBS) $(LTLINK_MOD) -module -o $@ rwm.lo rwmconf.lo rwmdn.lo rwmmap.lo version.lo $(LINK_LIBS) +syncprov.la : syncprov.lo $(@PLAT@_LINK_LIBS) + $(LTLINK_MOD) -module -o $@ syncprov.lo version.lo $(LINK_LIBS) + unique.la : unique.lo $(@PLAT@_LINK_LIBS) $(LTLINK_MOD) -module -o $@ unique.lo version.lo $(LINK_LIBS) diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c index b01be1dc89..c22b295072 100644 --- a/servers/slapd/overlays/ppolicy.c +++ b/servers/slapd/overlays/ppolicy.c @@ -62,6 +62,7 @@ typedef struct pw_conn { } pw_conn; static pw_conn *pwcons; +static int ppolicy_cid; typedef struct pass_policy { AttributeDescription *ad; /* attribute to which the policy applies */ @@ -1000,13 +1001,8 @@ ppolicy_bind( Operation *op, SlapReply *rs ) op->o_callback->sc_next = cb; /* Did we receive a password policy request control? */ - for ( i=0; op->o_ctrls && op->o_ctrls[i]; i++ ) { - if ( !strcmp( op->o_ctrls[i]->ldctl_oid, - LDAP_CONTROL_PASSWORDPOLICYREQUEST ) ) - { - ppb->send_ctrl = 1; - break; - } + if ( op->o_ctrlflag[ppolicy_cid] ) { + ppb->send_ctrl = 1; } op->o_bd->bd_info = (BackendInfo *)on; @@ -1047,12 +1043,8 @@ ppolicy_restrict( int i, send_ctrl = 0; /* Did we receive a password policy request control? */ - for ( i=0; op->o_ctrls && op->o_ctrls[i]; i++ ) { - if ( !strcmp( op->o_ctrls[i]->ldctl_oid, - LDAP_CONTROL_PASSWORDPOLICYREQUEST ) ) { - send_ctrl = 1; - break; - } + if ( op->o_ctrlflag[ppolicy_cid] ) { + send_ctrl = 1; } if ( op->o_conn && pwcons[op->o_conn->c_conn_idx].restrict ) { @@ -1106,12 +1098,8 @@ ppolicy_add( LDAPPasswordPolicyError pErr = PP_noError; /* Did we receive a password policy request control? */ - for ( i=0; op->o_ctrls && op->o_ctrls[i]; i++ ) { - if ( !strcmp( op->o_ctrls[i]->ldctl_oid, - LDAP_CONTROL_PASSWORDPOLICYREQUEST ) ) { - send_ctrl = 1; - break; - } + if ( op->o_ctrlflag[ppolicy_cid] ) { + send_ctrl = 1; } rc = check_password_quality( bv, &pp, &pErr, op->ora_e ); if (rc != LDAP_SUCCESS) { @@ -1206,12 +1194,8 @@ ppolicy_modify( Operation *op, SlapReply *rs ) if ( rc != LDAP_SUCCESS ) return SLAP_CB_CONTINUE; /* Did we receive a password policy request control? */ - for ( i=0; op->o_ctrls && op->o_ctrls[i]; i++ ) { - if ( !strcmp( op->o_ctrls[i]->ldctl_oid, - LDAP_CONTROL_PASSWORDPOLICYREQUEST ) ) { - send_ctrl = 1; - break; - } + if ( op->o_ctrlflag[ppolicy_cid] ) { + send_ctrl = 1; } /* See if this is a pwdModify exop. If so, we can @@ -1691,6 +1675,7 @@ ppolicy_parseCtrl( rs->sr_text = "passwordPolicyRequest control invalid criticality"; return LDAP_PROTOCOL_ERROR; } + op->o_ctrlflag[ppolicy_cid] = SLAP_CONTROL_NONCRITICAL; return LDAP_SUCCESS; } @@ -1821,7 +1806,7 @@ int ppolicy_init() code = register_supported_control( LDAP_CONTROL_PASSWORDPOLICYREQUEST, SLAP_CTRL_ADD|SLAP_CTRL_BIND|SLAP_CTRL_MODIFY, extops, - ppolicy_parseCtrl ); + ppolicy_parseCtrl, &ppolicy_cid ); if ( code != LDAP_SUCCESS ) { fprintf( stderr, "Failed to register control %d\n", code ); return code; diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index b0cc478630..ce4154556e 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -372,6 +372,7 @@ LDAP_SLAPD_F (int) allComponentsValidate LDAP_P(( /* * controls.c */ +LDAP_SLAPD_V( struct slap_control_ids ) slap_cids; LDAP_SLAPD_F (void) slap_free_ctrls LDAP_P(( Operation *op, LDAPControl **ctrls )); @@ -383,7 +384,8 @@ LDAP_SLAPD_F (int) register_supported_control LDAP_P(( const char *controloid, slap_mask_t controlmask, char **controlexops, - SLAP_CTRL_PARSE_FN *controlparsefn )); + SLAP_CTRL_PARSE_FN *controlparsefn, + int *controlcid )); LDAP_SLAPD_F (int) slap_controls_init LDAP_P ((void)); LDAP_SLAPD_F (void) controls_destroy LDAP_P ((void)); LDAP_SLAPD_F (int) controls_root_dse_info LDAP_P ((Entry *e)); diff --git a/servers/slapd/search.c b/servers/slapd/search.c index a817ce2d46..6b555b4bf3 100644 --- a/servers/slapd/search.c +++ b/servers/slapd/search.c @@ -351,9 +351,9 @@ fe_op_search( Operation *op, SlapReply *rs ) /* Sync control overrides manageDSAit */ - if ( manageDSAit != SLAP_NO_CONTROL ) { + if ( manageDSAit != SLAP_CONTROL_NONE ) { if ( op->o_sync_mode & SLAP_SYNC_REFRESH ) { - be_manageDSAit = SLAP_NO_CONTROL; + be_manageDSAit = SLAP_CONTROL_NONE; } else { be_manageDSAit = manageDSAit; } diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index 940e9d5a68..29a4ee57d3 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -2045,6 +2045,7 @@ typedef struct slap_overinfo { typedef unsigned long PagedResultsCookie; typedef struct slap_paged_state { Backend *ps_be; + ber_int_t ps_size; PagedResultsCookie ps_cookie; int ps_count; } PagedResultsState; @@ -2109,6 +2110,28 @@ typedef struct slap_gacl { char ga_ndn[1]; } GroupAssertion; +#ifndef SLAP_MAX_CIDS +#define SLAP_MAX_CIDS 32 /* Maximum number of supported controls */ +#endif + +struct slap_control_ids { + int sc_assert; + int sc_preRead; + int sc_postRead; + int sc_proxyAuthz; + int sc_manageDSAit; + int sc_modifyIncrement; + int sc_noOp; + int sc_pagedResults; + int sc_valuesReturnFilter; + int sc_permissiveModify; + int sc_domainScope; + int sc_treeDelete; + int sc_searchOptions; + int sc_subentries; + int sc_LDAPsync; +}; + /* * represents an operation pending from an ldap client */ @@ -2200,58 +2223,77 @@ typedef struct slap_op { char o_do_not_cache; /* don't cache groups from this op */ char o_is_auth_check; /* authorization in progress */ -#define SLAP_IGNORED_CONTROL -1 -#define SLAP_NO_CONTROL 0 -#define SLAP_NONCRITICAL_CONTROL 1 -#define SLAP_CRITICAL_CONTROL 2 - char o_managedsait; -#define get_manageDSAit(op) ((int)(op)->o_managedsait) +#define SLAP_CONTROL_NONE 0 +#define SLAP_CONTROL_IGNORED 1 +#define SLAP_CONTROL_NONCRITICAL 2 +#define SLAP_CONTROL_CRITICAL 3 +#define SLAP_CONTROL_MASK 3 +#define SLAP_CONTROL_DATA0 0x10 +#define SLAP_CONTROL_DATA1 0x20 +#define SLAP_CONTROL_DATA2 0x40 +#define SLAP_CONTROL_DATA3 0x80 + + +#define _SCM(x) ((x) & SLAP_CONTROL_MASK) + + char o_ctrlflag[SLAP_MAX_CIDS]; /* per-control flags */ + void **o_controls; /* per-control state */ + +#define o_managedsait o_ctrlflag[slap_cids.sc_manageDSAit] +#define get_manageDSAit(op) _SCM((op)->o_managedsait) - char o_noop; - char o_proxy_authz; +#define o_noop o_ctrlflag[slap_cids.sc_noOp] +#define o_proxy_authz o_ctrlflag[slap_cids.sc_proxyAuthz] +#define o_subentries o_ctrlflag[slap_cids.sc_subentries] - char o_subentries; -#define get_subentries(op) ((int)(op)->o_subentries) - char o_subentries_visibility; -#define get_subentries_visibility(op) ((int)(op)->o_subentries_visibility) +#define get_subentries(op) _SCM((op)->o_subentries) +#define o_subentries_visibility o_ctrlflag[slap_cids.sc_subentries] - char o_assert; +#define set_subentries_visibility(op) ((op)->o_subentries |= SLAP_CONTROL_DATA0) +#define get_subentries_visibility(op) ((op)->o_subentries & SLAP_CONTROL_DATA0) + +#define o_assert o_ctrlflag[slap_cids.sc_assert] #define get_assert(op) ((int)(op)->o_assert) +#define o_assertion o_controls[slap_cids.sc_assert] +#define get_assertion(op) ((op)->o_assertion) - char o_valuesreturnfilter; +#define o_valuesreturnfilter o_ctrlflag[slap_cids.sc_valuesReturnFilter] +#define o_vrFilter o_controls[slap_cids.sc_valuesReturnFilter] #ifdef LDAP_CONTROL_X_PERMISSIVE_MODIFY - char o_permissive_modify; +#define o_permissive_modify o_ctrlflag[slap_cids.sc_permissiveModify] #define get_permissiveModify(op) ((int)(op)->o_permissive_modify) #else #define get_permissiveModify(op) (0) #endif #ifdef LDAP_CONTROL_X_DOMAIN_SCOPE - char o_domain_scope; +#define o_domain_scope o_ctrlflag[slap_cids.sc_domainScope] #define get_domainScope(op) ((int)(op)->o_domain_scope) #else #define get_domainScope(op) (0) #endif #ifdef LDAP_CONTROL_X_TREE_DELETE - char o_tree_delete; +#define o_tree_delete o_ctrlflag[slap_cids.sc_treeDelete] #define get_treeDelete(op) ((int)(op)->o_tree_delete) #else #define get_treeDelete(op) (0) #endif - char o_preread; - char o_postread; - AttributeName *o_preread_attrs; - AttributeName *o_postread_attrs; +#define o_preread o_ctrlflag[slap_cids.sc_preRead] +#define o_postread o_ctrlflag[slap_cids.sc_postRead] + +#define o_preread_attrs o_controls[slap_cids.sc_preRead] +#define o_postread_attrs o_controls[slap_cids.sc_postRead] + +#define o_pagedresults o_ctrlflag[slap_cids.sc_pagedResults] +#define o_pagedresults_state o_controls[slap_cids.sc_pagedResults] - char o_pagedresults; #define get_pagedresults(op) ((int)(op)->o_pagedresults) - ber_int_t o_pagedresults_size; - PagedResultsState o_pagedresults_state; - char o_sync; +#define o_sync o_ctrlflag[slap_cids.sc_LDAPsync] + char o_sync_mode; #define SLAP_SYNC_NONE LDAP_SYNC_NONE #define SLAP_SYNC_REFRESH LDAP_SYNC_REFRESH_ONLY @@ -2296,10 +2338,6 @@ typedef struct slap_op { LDAP_STAILQ_ENTRY(slap_op) o_next; /* next operation in list */ - Filter *o_assertion; /* Assert control filter */ -#define get_assertion(op) ((op)->o_assertion) - - ValuesReturnFilter *o_vrFilter; /* ValuesReturnFilter */ int o_nocaching; int o_delete_glue_parent; @@ -2308,6 +2346,7 @@ typedef struct slap_op { void *o_pb; /* NS-SLAPI plugin */ void *o_extensions; /* NS-SLAPI plugin */ #endif + } Operation; #define send_ldap_error( op, rs, err, text ) do { \ diff --git a/servers/slapd/slapi/slapi_utils.c b/servers/slapd/slapi/slapi_utils.c index 7209e43e98..f1e2b4e73a 100644 --- a/servers/slapd/slapi/slapi_utils.c +++ b/servers/slapd/slapi/slapi_utils.c @@ -1422,7 +1422,7 @@ slapi_register_supported_control( slapiControlOp2SlapControlMask( controlops, &controlmask ); - register_supported_control( controloid, controlmask, NULL, slapi_int_parse_control ); + register_supported_control( controloid, controlmask, NULL, slapi_int_parse_control, NULL ); #endif /* LDAP_SLAPI */ } diff --git a/servers/slapd/syncrepl.c b/servers/slapd/syncrepl.c index 5d2fdcf40d..978a903178 100644 --- a/servers/slapd/syncrepl.c +++ b/servers/slapd/syncrepl.c @@ -926,7 +926,7 @@ do_syncrepl( op.o_dn = si->si_updatedn; op.o_ndn = si->si_updatedn; - op.o_managedsait = 1; + op.o_managedsait = SLAP_CONTROL_NONCRITICAL; op.o_bd = be = si->si_be; op.o_sync_state.ctxcsn = NULL; @@ -1326,7 +1326,7 @@ syncrepl_entry( org_managedsait = get_manageDSAit( op ); op->o_dn = op->o_bd->be_rootdn; op->o_ndn = op->o_bd->be_rootndn; - op->o_managedsait = 1; + op->o_managedsait = SLAP_CONTROL_NONCRITICAL; while ( rs_delete.sr_err == LDAP_SUCCESS && op->o_delete_glue_parent ) { op->o_delete_glue_parent = 0; @@ -1517,13 +1517,13 @@ syncrepl_del_nonpresent( op->ors_filterstr = si->si_filterstr; op->o_nocaching = 1; - op->o_managedsait = 0; + op->o_managedsait = SLAP_CONTROL_NONE; if ( limits_check( op, &rs_search ) == 0 ) { rc = be->be_search( op, &rs_search ); } - op->o_managedsait = 1; + op->o_managedsait = SLAP_CONTROL_NONCRITICAL; op->o_nocaching = 0; if ( op->ors_filter ) filter_free_x( op, op->ors_filter ); @@ -1578,7 +1578,7 @@ syncrepl_del_nonpresent( org_managedsait = get_manageDSAit( op ); op->o_dn = op->o_bd->be_rootdn; op->o_ndn = op->o_bd->be_rootndn; - op->o_managedsait = 1; + op->o_managedsait = SLAP_CONTROL_NONCRITICAL; while ( rs_delete.sr_err == LDAP_SUCCESS && op->o_delete_glue_parent ) {