From: Kurt Zeilenga Date: Mon, 29 Aug 2005 20:26:09 +0000 (+0000) Subject: Sync with HEAD X-Git-Tag: OPENLDAP_REL_ENG_2_3_7~15 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=4857a80408a711c92feef0bde1a4223597acd4c4;p=openldap Sync with HEAD --- diff --git a/doc/man/man3/ldap.3 b/doc/man/man3/ldap.3 index f75c3b9912..c9cd6f8b9a 100644 --- a/doc/man/man3/ldap.3 +++ b/doc/man/man3/ldap.3 @@ -148,7 +148,7 @@ synchronously bind to the directory .SM ldap_unbind_ext(3) synchronously unbind from the LDAP server and close the connection .TP -.SM ldap_unbind_ext_s(3) +.SM ldap_unbind(3) and ldap_unbind_s(3) are equivalent to .BR ldap_unbind_ext (3) .TP diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c index e89f1406b6..91c33e9c23 100644 --- a/servers/slapd/acl.c +++ b/servers/slapd/acl.c @@ -103,8 +103,9 @@ static int regex_matches( int nmatch, regmatch_t *matches); typedef struct AclSetCookie { - Operation *op; - Entry *e; + SetCookie asc_cookie; +#define asc_op asc_cookie.set_op + Entry *asc_e; } AclSetCookie; SLAP_SET_GATHER acl_set_gather; @@ -142,7 +143,8 @@ slap_access_always_allowed( { assert( maskp != NULL ); - ACL_PRIV_SET( *maskp, ACL_ACCESS2PRIV( access ) ); + /* assign all */ + ACL_LVL_ASSIGN_MANAGE( *maskp ); return 1; } @@ -181,6 +183,8 @@ slap_access_allowed( assert( attr != NULL ); + ACL_INIT( mask ); + /* grant database root access */ if ( be_isroot( op ) ) { Debug( LDAP_DEBUG_ACL, "<= root access granted\n", 0, 0, 0 ); @@ -197,7 +201,8 @@ slap_access_allowed( * if we get here it means a non-root user is trying to * manage data, so we need to check its privileges. */ - if ( access_level == ACL_WRITE && is_at_no_user_mod( desc->ad_type ) + if ( access_level == ACL_WRITE + && is_at_no_user_mod( desc->ad_type ) && desc != slap_schema.si_ad_entry && desc != slap_schema.si_ad_children ) { @@ -1192,7 +1197,7 @@ acl_mask_dn( } rdnlen = dn_rdnlen( NULL, opndn ); - if ( rdnlen != odnlen - patlen - 1 ) { + if ( rdnlen - ( odnlen - patlen - 1 ) != 0 ) { goto dn_match_cleanup; } @@ -1211,8 +1216,8 @@ acl_mask_dn( } } else if ( b->a_style == ACL_STYLE_LEVEL ) { - int level; - struct berval ndn; + int level = b->a_level; + struct berval ndn; if ( odnlen <= patlen ) { goto dn_match_cleanup; @@ -1223,7 +1228,6 @@ acl_mask_dn( goto dn_match_cleanup; } - level = b->a_level; ndn = *opndn; for ( ; level > 0; level-- ) { if ( BER_BVISEMPTY( &ndn ) ) { @@ -2535,7 +2539,7 @@ acl_set_gather( SetCookie *cookie, struct berval *name, AttributeDescription *de /* Grab the searchbase and see if an appropriate database can be found */ ber_str2bv( ludp->lud_dn, 0, 0, &op2.o_req_dn ); rc = dnNormalize( 0, NULL, NULL, &op2.o_req_dn, - &op2.o_req_ndn, cp->op->o_tmpmemctx ); + &op2.o_req_ndn, cp->asc_op->o_tmpmemctx ); BER_BVZERO( &op2.o_req_dn ); if ( rc != LDAP_SUCCESS ) { goto url_done; @@ -2550,13 +2554,13 @@ acl_set_gather( SetCookie *cookie, struct berval *name, AttributeDescription *de /* Grab the filter */ if ( ludp->lud_filter ) { ber_str2bv_x( ludp->lud_filter, 0, 0, &op2.ors_filterstr, - cp->op->o_tmpmemctx ); + cp->asc_op->o_tmpmemctx ); } else { op2.ors_filterstr = defaultFilter_bv; } - op2.ors_filter = str2filter_x( cp->op, op2.ors_filterstr.bv_val ); + op2.ors_filter = str2filter_x( cp->asc_op, op2.ors_filterstr.bv_val ); if ( op2.ors_filter == NULL ) { rc = LDAP_PROTOCOL_ERROR; goto url_done; @@ -2571,7 +2575,7 @@ acl_set_gather( SetCookie *cookie, struct berval *name, AttributeDescription *de ; anlistp = slap_sl_malloc( sizeof( AttributeName ) * ( nattrs + 2 ), - cp->op->o_tmpmemctx ); + cp->asc_op->o_tmpmemctx ); for ( ; ludp->lud_attrs[ nattrs ]; nattrs++ ) { ber_str2bv( ludp->lud_attrs[ nattrs ], 0, 0, &anlistp[ nattrs ].an_name ); @@ -2594,19 +2598,19 @@ acl_set_gather( SetCookie *cookie, struct berval *name, AttributeDescription *de p.cookie = cookie; - op2.o_hdr = cp->op->o_hdr; + op2.o_hdr = cp->asc_op->o_hdr; op2.o_tag = LDAP_REQ_SEARCH; op2.o_ndn = op2.o_bd->be_rootndn; op2.o_callback = &cb; op2.o_time = slap_get_time(); op2.o_do_not_cache = 1; op2.o_is_auth_check = 0; - ber_dupbv_x( &op2.o_req_dn, &op2.o_req_ndn, cp->op->o_tmpmemctx ); + ber_dupbv_x( &op2.o_req_dn, &op2.o_req_ndn, cp->asc_op->o_tmpmemctx ); op2.ors_slimit = SLAP_NO_LIMIT; op2.ors_tlimit = SLAP_NO_LIMIT; op2.ors_attrs = anlistp; op2.ors_attrsonly = 0; - op2.o_private = cp->op->o_private; + op2.o_private = cp->asc_op->o_private; cb.sc_private = &p; @@ -2617,19 +2621,19 @@ acl_set_gather( SetCookie *cookie, struct berval *name, AttributeDescription *de url_done:; if ( op2.ors_filter ) { - filter_free_x( cp->op, op2.ors_filter ); + filter_free_x( cp->asc_op, op2.ors_filter ); } if ( !BER_BVISNULL( &op2.o_req_ndn ) ) { - slap_sl_free( op2.o_req_ndn.bv_val, cp->op->o_tmpmemctx ); + slap_sl_free( op2.o_req_ndn.bv_val, cp->asc_op->o_tmpmemctx ); } if ( !BER_BVISNULL( &op2.o_req_dn ) ) { - slap_sl_free( op2.o_req_dn.bv_val, cp->op->o_tmpmemctx ); + slap_sl_free( op2.o_req_dn.bv_val, cp->asc_op->o_tmpmemctx ); } if ( ludp ) { ldap_free_urldesc( ludp ); } if ( anlistp && anlistp != anlist ) { - slap_sl_free( anlistp, cp->op->o_tmpmemctx ); + slap_sl_free( anlistp, cp->asc_op->o_tmpmemctx ); } return p.bvals; @@ -2647,22 +2651,22 @@ acl_set_gather2( SetCookie *cookie, struct berval *name, AttributeDescription *d * plain strings, since syntax is not known. It should * also return the syntax or some "comparison cookie". */ - rc = dnNormalize( 0, NULL, NULL, name, &ndn, cp->op->o_tmpmemctx ); + rc = dnNormalize( 0, NULL, NULL, name, &ndn, cp->asc_op->o_tmpmemctx ); if ( rc == LDAP_SUCCESS ) { if ( desc == slap_schema.si_ad_entryDN ) { bvals = (BerVarray)slap_sl_malloc( sizeof( BerValue ) * 2, - cp->op->o_tmpmemctx ); + cp->asc_op->o_tmpmemctx ); bvals[ 0 ] = ndn; BER_BVZERO( &bvals[ 1 ] ); BER_BVZERO( &ndn ); } else { - backend_attribute( cp->op, - cp->e, &ndn, desc, &bvals, ACL_NONE ); + backend_attribute( cp->asc_op, + cp->asc_e, &ndn, desc, &bvals, ACL_NONE ); } if ( !BER_BVISNULL( &ndn ) ) { - slap_sl_free( ndn.bv_val, cp->op->o_tmpmemctx ); + slap_sl_free( ndn.bv_val, cp->asc_op->o_tmpmemctx ); } } @@ -2724,9 +2728,11 @@ acl_match_set ( } if ( !BER_BVISNULL( &set ) ) { - cookie.op = op; - cookie.e = e; - rc = ( slap_set_filter( acl_set_gather, (SetCookie *)&cookie, &set, + cookie.asc_op = op; + cookie.asc_e = e; + rc = ( slap_set_filter( + acl_set_gather, + (SetCookie *)&cookie, &set, &op->o_ndn, &e->e_nname, NULL ) > 0 ); slap_sl_free( set.bv_val, op->o_tmpmemctx ); } diff --git a/servers/slapd/ad.c b/servers/slapd/ad.c index cc9a8fd889..2b32e533c7 100644 --- a/servers/slapd/ad.c +++ b/servers/slapd/ad.c @@ -178,7 +178,7 @@ int slap_bv2ad( desc.ad_cname = *bv; name = bv->bv_val; options = strchr( name, ';' ); - if ( options != NULL && ( options - name ) < bv->bv_len ) { + if ( options != NULL && (unsigned) ( options - name ) < bv->bv_len ) { /* don't go past the end of the berval! */ desc.ad_cname.bv_len = options - name; } else { @@ -250,7 +250,7 @@ int slap_bv2ad( rc = strncasecmp( opt, tags[i].bv_val, (unsigned) optlen < tags[i].bv_len - ? optlen : tags[i].bv_len ); + ? (unsigned) optlen : tags[i].bv_len ); if( rc == 0 && (unsigned)optlen == tags[i].bv_len ) { /* duplicate (ignore) */ @@ -388,7 +388,7 @@ done:; if( lp != desc.ad_tags.bv_val ) { *cp++ = ';'; j = (lp - ? lp - desc.ad_tags.bv_val - 1 + ? (unsigned) (lp - desc.ad_tags.bv_val - 1) : strlen( desc.ad_tags.bv_val )); cp = lutil_strncopy(cp, desc.ad_tags.bv_val, j); } @@ -664,15 +664,12 @@ int ad_inlist( } } else { - /* short-circuit this search next time around */ - if (!slap_schema.si_at_undefined->sat_ad) { - const char *text; - slap_bv2undef_ad(&attrs->an_name, - &attrs->an_desc, &text, 0); - } else { - attrs->an_desc = - slap_schema.si_at_undefined->sat_ad; - } + const char *text; + + /* give it a chance of being retrieved by a proxy... */ + (void)slap_bv2undef_ad( &attrs->an_name, + &attrs->an_desc, &text, + SLAP_AD_PROXIED|SLAP_AD_NOINSERT ); } } @@ -756,6 +753,11 @@ int slap_bv2undef_ad( desc->ad_next = desc->ad_type->sat_ad; desc->ad_type->sat_ad = desc; ldap_pvt_thread_mutex_unlock( &ad_undef_mutex ); + + Debug( LDAP_DEBUG_ANY, + "%s attributeDescription \"%s\" inserted.\n", + ( flags & SLAP_AD_PROXIED ) ? "PROXIED" : "UNKNOWN", + desc->ad_cname.bv_val, 0 ); } if( !*ad ) { diff --git a/servers/slapd/back-bdb/init.c b/servers/slapd/back-bdb/init.c index 33ef87d559..e7417c7faa 100644 --- a/servers/slapd/back-bdb/init.c +++ b/servers/slapd/back-bdb/init.c @@ -312,6 +312,8 @@ bdb_db_open( BackendDB *be ) open_env = 0; } else { /* Create a new env that can take the desired settings */ + bdb->bi_dbenv->close( bdb->bi_dbenv, 0 ); + bdb->bi_dbenv = NULL; rc = db_env_create( &bdb->bi_dbenv, 0 ); if( rc != 0 ) { Debug( LDAP_DEBUG_ANY, diff --git a/servers/slapd/back-ldap/search.c b/servers/slapd/back-ldap/search.c index b38b3db935..213de64871 100644 --- a/servers/slapd/back-ldap/search.c +++ b/servers/slapd/back-ldap/search.c @@ -429,7 +429,14 @@ fail:; * Rewrite the matched portion of the search base, if required */ if ( !BER_BVISNULL( &match ) && !BER_BVISEMPTY( &match ) ) { - rs->sr_matched = match.bv_val; + struct berval pmatch; + + if ( dnPretty( NULL, &match, &pmatch, op->o_tmpmemctx ) == LDAP_SUCCESS ) { + rs->sr_matched = pmatch.bv_val; + + } else { + rs->sr_matched = match.bv_val; + } } if ( rs->sr_v2ref ) { @@ -448,9 +455,14 @@ finish:; rs->sr_ctrls = NULL; } - if ( match.bv_val ) { + if ( rs->sr_matched != NULL ) { + if ( rs->sr_matched != match.bv_val ) { + ber_memfree_x( (char *)rs->sr_matched, op->o_tmpmemctx ); + + } else { + LDAP_FREE( match.bv_val ); + } rs->sr_matched = NULL; - LDAP_FREE( match.bv_val ); } if ( !BER_BVISNULL( &filter ) && filter.bv_val != op->ors_filterstr.bv_val ) { @@ -477,7 +489,7 @@ finish:; ldap_back_release_conn( op, rs, lc ); } - return rc; + return rs->sr_err; } static int diff --git a/servers/slapd/back-meta/bind.c b/servers/slapd/back-meta/bind.c index 3ce113c130..0cb7f3337e 100644 --- a/servers/slapd/back-meta/bind.c +++ b/servers/slapd/back-meta/bind.c @@ -667,8 +667,6 @@ meta_back_op_result( rerr = LDAP_SUCCESS; char *rmsg = NULL; char *rmatch = NULL; - int free_rmsg = 0, - free_rmatch = 0; if ( candidate != META_TARGET_NONE ) { metasingleconn_t *msc = &mc->mc_conns[ candidate ]; @@ -685,17 +683,20 @@ meta_back_op_result( */ ldap_get_option( msc->msc_ld, LDAP_OPT_ERROR_STRING, &rmsg ); + if ( rmsg != NULL && rmsg[ 0 ] == '\0' ) { + ldap_memfree( rmsg ); + rmsg = NULL; + } + ldap_get_option( msc->msc_ld, LDAP_OPT_MATCHED_DN, &rmatch ); - rerr = rs->sr_err = slap_map_api2result( rs ); - - if ( rmsg ) { - free_rmsg = 1; - } - if ( rmatch ) { - free_rmatch = 1; + if ( rmatch != NULL && rmatch[ 0 ] == '\0' ) { + ldap_memfree( rmatch ); + rmatch = NULL; } + rerr = rs->sr_err = slap_map_api2result( rs ); + Debug(LDAP_DEBUG_ANY, "==> meta_back_op_result: target" " <%d> sending msg \"%s\"" @@ -722,8 +723,18 @@ meta_back_op_result( */ ldap_get_option( msc->msc_ld, LDAP_OPT_ERROR_STRING, &msg ); + if ( msg != NULL && msg[ 0 ] == '\0' ) { + ldap_memfree( msg ); + msg = NULL; + } + ldap_get_option( msc->msc_ld, LDAP_OPT_MATCHED_DN, &match ); + if ( match != NULL && match[ 0 ] == '\0' ) { + ldap_memfree( match ); + match = NULL; + } + rs->sr_err = slap_map_api2result( rs ); Debug(LDAP_DEBUG_ANY, @@ -739,27 +750,29 @@ meta_back_op_result( switch ( rs->sr_err ) { default: rerr = rs->sr_err; - if ( rmsg ) { - ber_memfree( rmsg ); + if ( msg != NULL ) { + if ( rmsg ) { + ldap_memfree( rmsg ); + } + rmsg = msg; + msg = NULL; } - rmsg = msg; - free_rmsg = 1; - msg = NULL; - if ( rmatch ) { - ber_memfree( rmatch ); + if ( match != NULL ) { + if ( rmatch ) { + ldap_memfree( rmatch ); + } + rmatch = match; + match = NULL; } - rmatch = match; - free_rmatch = 1; - match = NULL; break; } + + if ( msg ) { + ldap_memfree( msg ); + } - /* better test the pointers before freeing? */ if ( match ) { - free( match ); - } - if ( msg ) { - free( msg ); + ldap_memfree( match ); } } } @@ -767,16 +780,35 @@ meta_back_op_result( rs->sr_err = rerr; rs->sr_text = rmsg; - rs->sr_matched = rmatch; + if ( rmatch != NULL ) { + struct berval dn, pdn; + + ber_str2bv( rmatch, 0, 0, &dn ); + if ( dnPretty( NULL, &dn, &pdn, op->o_tmpmemctx ) == LDAP_SUCCESS ) { + rs->sr_matched = pdn.bv_val; + ldap_memfree( rmatch ); + rmatch = NULL; + } else { + rs->sr_matched = rmatch; + } + + } else { + rs->sr_matched = NULL; + } send_ldap_result( op, rs ); - if ( free_rmsg ) { + if ( rmsg != NULL ) { ber_memfree( rmsg ); } - if ( free_rmatch ) { - ber_memfree( rmatch ); + if ( rs->sr_matched != NULL ) { + if ( rmatch == NULL ) { + ber_memfree_x( rs->sr_matched, op->o_tmpmemctx ); + + } else { + ldap_memfree( rmatch ); + } + rs->sr_matched = NULL; } rs->sr_text = NULL; - rs->sr_matched = NULL; return ( ( rerr == LDAP_SUCCESS ) ? 0 : -1 ); } diff --git a/servers/slapd/back-meta/compare.c b/servers/slapd/back-meta/compare.c index 0b5adf6b35..82d407fe73 100644 --- a/servers/slapd/back-meta/compare.c +++ b/servers/slapd/back-meta/compare.c @@ -289,13 +289,19 @@ finish:; * At least one compare failed with matched portion, * and none was successful */ - } else if ( match != NULL && match[0] != '\0' ) { - struct berval matched; + } else if ( match != NULL && match[ 0 ] != '\0' ) { + struct berval matched, pmatched; ber_str2bv( match, 0, 0, &matched ); dc.ctx = "matchedDN"; ldap_back_dn_massage( &dc, &matched, &mmatch ); + if ( dnPretty( NULL, &mmatch, &pmatched, NULL ) == LDAP_SUCCESS ) { + if ( mmatch.bv_val != match ) { + free( mmatch.bv_val ); + } + mmatch = pmatched; + } } if ( rres != LDAP_SUCCESS ) { diff --git a/servers/slapd/back-meta/search.c b/servers/slapd/back-meta/search.c index 92e89d8c38..edf3975be4 100644 --- a/servers/slapd/back-meta/search.c +++ b/servers/slapd/back-meta/search.c @@ -759,7 +759,7 @@ really_bad:; } } else if ( sres == LDAP_NO_SUCH_OBJECT ) { - matched = ch_strdup( op->o_bd->be_suffix[ 0 ].bv_val ); + matched = op->o_bd->be_suffix[ 0 ].bv_val; } #if 0 @@ -804,7 +804,7 @@ really_bad:; rs->sr_ref = NULL; finish:; - if ( matched ) { + if ( matched && matched != op->o_bd->be_suffix[ 0 ].bv_val ) { op->o_tmpfree( matched, op->o_tmpmemctx ); } diff --git a/servers/slapd/config.c b/servers/slapd/config.c index 40be0f7ba5..b1e5b18dd6 100644 --- a/servers/slapd/config.c +++ b/servers/slapd/config.c @@ -638,7 +638,7 @@ read_config_file(const char *fname, int depth, ConfigArgs *cf, ConfigTable *cft) ch_free( c->tline ); if ( fp_parse_line( c ) ) { rc = 1; - goto leave; + goto done; } if ( c->argc < 1 ) { @@ -647,7 +647,7 @@ read_config_file(const char *fname, int depth, ConfigArgs *cf, ConfigTable *cft) c->log, 0, 0); #ifdef SLAPD_CONF_UNKNOWN_BAILOUT rc = 1; - goto leave; + goto done; #else /* ! SLAPD_CONF_UNKNOWN_BAILOUT */ continue; #endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */ @@ -665,11 +665,11 @@ read_config_file(const char *fname, int depth, ConfigArgs *cf, ConfigTable *cft) Debug(LDAP_DEBUG_CONFIG, "%s: unknown user type <%s>\n", c->log, c->argv[0], 0); rc = 1; - goto leave; + goto done; } else if ( rc == ARG_BAD_CONF ) { rc = 1; - goto leave; + goto done; } } else if ( c->bi && !c->be ) { @@ -696,7 +696,7 @@ read_config_file(const char *fname, int depth, ConfigArgs *cf, ConfigTable *cft) #endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */ default: rc = 1; - goto leave; + goto done; } } @@ -724,7 +724,7 @@ read_config_file(const char *fname, int depth, ConfigArgs *cf, ConfigTable *cft) #endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */ default: rc = 1; - goto leave; + goto done; } } @@ -742,7 +742,7 @@ read_config_file(const char *fname, int depth, ConfigArgs *cf, ConfigTable *cft) #endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */ default: rc = 1; - goto leave; + goto done; } } @@ -753,7 +753,7 @@ read_config_file(const char *fname, int depth, ConfigArgs *cf, ConfigTable *cft) c->log, *c->argv, 0); #ifdef SLAPD_CONF_UNKNOWN_BAILOUT rc = 1; - goto leave; + goto done; #else /* ! SLAPD_CONF_UNKNOWN_BAILOUT */ continue; #endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */ @@ -762,7 +762,7 @@ read_config_file(const char *fname, int depth, ConfigArgs *cf, ConfigTable *cft) rc = 0; -leave: +done: ch_free(c->tline); fclose(fp); ch_free(c->argv); diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c index 3bfbdf179e..5e24959560 100644 --- a/servers/slapd/controls.c +++ b/servers/slapd/controls.c @@ -1333,7 +1333,7 @@ static int parseSearchOptions ( ber_tag_t tag; if ( ctrl->ldctl_value.bv_len == 0 ) { - rs->sr_text = "searchOptions control value not empty"; + rs->sr_text = "searchOptions control value is empty (or absent)"; return LDAP_PROTOCOL_ERROR; } @@ -1367,7 +1367,7 @@ static int parseSearchOptions ( * including: * LDAP_SEARCH_FLAG_PHANTOM_ROOM */ - rs->sr_text = "searchOptions contained unrecongized flag"; + rs->sr_text = "searchOptions contained unrecognized flag"; return LDAP_UNWILLING_TO_PERFORM; } diff --git a/servers/slapd/init.c b/servers/slapd/init.c index b8e676056a..edc1689311 100644 --- a/servers/slapd/init.c +++ b/servers/slapd/init.c @@ -92,6 +92,8 @@ slap_init( int mode, const char *name ) assert( mode ); if ( slapMode != SLAP_UNDEFINED_MODE ) { + /* Make sure we write something to stderr */ + ldap_debug |= 1; Debug( LDAP_DEBUG_ANY, "%s init: init called twice (old=%d, new=%d)\n", name, slapMode, mode ); @@ -101,6 +103,25 @@ slap_init( int mode, const char *name ) slapMode = mode; +#ifdef SLAPD_MODULES + if ( module_init() != 0 ) { + ldap_debug |= 1; + Debug( LDAP_DEBUG_ANY, + "%s: module_init failed\n", + name, 0, 0 ); + return 1; + } +#endif + + if ( slap_schema_init( ) != 0 ) { + ldap_debug |= 1; + Debug( LDAP_DEBUG_ANY, + "%s: slap_schema_init failed\n", + name, 0, 0 ); + return 1; + } + + switch ( slapMode & SLAP_MODE ) { case SLAP_SERVER_MODE: ldap_pvt_thread_pool_init( &connection_pool, @@ -153,6 +174,7 @@ slap_init( int mode, const char *name ) break; default: + ldap_debug |= 1; Debug( LDAP_DEBUG_ANY, "%s init: undefined mode (%d).\n", name, mode, 0 ); @@ -160,6 +182,49 @@ slap_init( int mode, const char *name ) break; } + if ( slap_controls_init( ) != 0 ) { + ldap_debug |= 1; + Debug( LDAP_DEBUG_ANY, + "%s: slap_controls_init failed\n", + name, 0, 0 ); + return 1; + } + +#ifdef HAVE_TLS + /* Library defaults to full certificate checking. This is correct when + * a client is verifying a server because all servers should have a + * valid cert. But few clients have valid certs, so we want our default + * to be no checking. The config file can override this as usual. + */ + rc = 0; + (void) ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &rc ); +#endif + + if ( frontend_init() ) { + ldap_debug |= 1; + Debug( LDAP_DEBUG_ANY, + "%s: frontend_init failed\n", + name, 0, 0 ); + return 1; + } + + if ( overlay_init() ) { + ldap_debug |= 1; + Debug( LDAP_DEBUG_ANY, + "%s: overlay_init failed\n", + name, 0, 0 ); + return 1; + } + +#ifdef SLAP_DYNACL + if ( acl_init() ) { + ldap_debug |= 1; + Debug( LDAP_DEBUG_ANY, + "%s: acl_init failed\n", + name, 0, 0 ); + return 1; + } +#endif /* SLAP_DYNACL */ return rc; } diff --git a/servers/slapd/main.c b/servers/slapd/main.c index 1096af18fc..03b264513d 100644 --- a/servers/slapd/main.c +++ b/servers/slapd/main.c @@ -604,60 +604,12 @@ unhandled_option:; lutil_passwd_init(); slap_op_init(); -#ifdef SLAPD_MODULES - if ( module_init() != 0 ) { - rc = 1; - SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 17 ); - goto destroy; - } -#endif - - if ( slap_schema_init( ) != 0 ) { - Debug( LDAP_DEBUG_ANY, - "schema initialization error\n", - 0, 0, 0 ); - - goto destroy; - } - - if ( slap_init( serverMode, serverName ) != 0 ) { - rc = 1; + rc = slap_init( serverMode, serverName ); + if ( rc ) { SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 18 ); goto destroy; } - if ( slap_controls_init( ) != 0 ) { - Debug( LDAP_DEBUG_ANY, - "controls initialization error\n", - 0, 0, 0 ); - - goto destroy; - } - -#ifdef HAVE_TLS - /* Library defaults to full certificate checking. This is correct when - * a client is verifying a server because all servers should have a - * valid cert. But few clients have valid certs, so we want our default - * to be no checking. The config file can override this as usual. - */ - rc = 0; - (void) ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &rc ); -#endif - - if ( frontend_init() ) { - goto destroy; - } - - if ( overlay_init() ) { - goto destroy; - } - -#ifdef SLAP_DYNACL - if ( acl_init() ) { - goto destroy; - } -#endif /* SLAP_DYNACL */ - if ( read_config( configfile, configdir ) != 0 ) { rc = 1; SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 19 ); diff --git a/servers/slapd/overlays/accesslog.c b/servers/slapd/overlays/accesslog.c index b9e390722c..0470d0d1bd 100644 --- a/servers/slapd/overlays/accesslog.c +++ b/servers/slapd/overlays/accesslog.c @@ -421,7 +421,7 @@ log_age_unparse( int age, struct berval *agebv ) agebv->bv_len = ptr - agebv->bv_val; } -static slap_callback nullsc = { NULL, slap_null_cb, NULL, NULL }; +static slap_callback nullsc = { NULL, NULL, NULL, NULL }; #define PURGE_INCREMENT 100 @@ -844,7 +844,7 @@ static int accesslog_response(Operation *op, SlapReply *rs) { vals[i].bv_len = m->sml_desc->ad_cname.bv_len + 2; vals[i].bv_val = ch_malloc( vals[i].bv_len+1 ); ptr = lutil_strcopy( vals[i].bv_val, - a->a_desc->ad_cname.bv_val ); + m->sml_desc->ad_cname.bv_val ); *ptr++ = ':'; *ptr++ = '-'; *ptr = '\0'; @@ -1063,6 +1063,8 @@ int accesslog_init() accesslog.on_bi.bi_cf_ocs = log_cfocs; + nullsc.sc_response = slap_null_cb; + rc = config_register_schema( log_cfats, log_cfocs ); if ( rc ) return rc; diff --git a/servers/slapd/overlays/syncprov.c b/servers/slapd/overlays/syncprov.c index 57d6b46600..238cef6a5b 100644 --- a/servers/slapd/overlays/syncprov.c +++ b/servers/slapd/overlays/syncprov.c @@ -2222,7 +2222,6 @@ syncprov_db_close( { slap_overinst *on = (slap_overinst *) be->bd_info; syncprov_info_t *si = (syncprov_info_t *)on->on_bi.bi_private; - int i; if ( slapMode & SLAP_TOOL_MODE ) { return 0; diff --git a/servers/slapd/overlays/unique.c b/servers/slapd/overlays/unique.c index 3ea3741a99..9668b4b945 100644 --- a/servers/slapd/overlays/unique.c +++ b/servers/slapd/overlays/unique.c @@ -139,7 +139,7 @@ static int unique_config( up->next = ud->attrs; ud->attrs = up; } - Debug(LDAP_DEBUG_ANY, "%s: line %d: new attribute <%s>\n", + Debug(LDAP_DEBUG_CONFIG, "%s: line %d: new attribute <%s>\n", fname, lineno, argv[i]); } } else if(!strcasecmp(*argv, "unique_strict")) { @@ -149,7 +149,7 @@ static int unique_config( ber_str2bv( argv[1], 0, 0, &bv ); ch_free(ud->dn.bv_val); dnNormalize(0, NULL, NULL, &bv, &ud->dn, NULL); - Debug(LDAP_DEBUG_ANY, "%s: line %d: new base dn <%s>\n", + Debug(LDAP_DEBUG_CONFIG, "%s: line %d: new base dn <%s>\n", fname, lineno, argv[1]); } else { return(SLAP_CONF_UNKNOWN); diff --git a/servers/slapd/overlays/valsort.c b/servers/slapd/overlays/valsort.c index 8943452070..c273eb361c 100644 --- a/servers/slapd/overlays/valsort.c +++ b/servers/slapd/overlays/valsort.c @@ -272,11 +272,13 @@ valsort_response( Operation *op, SlapReply *rs ) valsort_info *vi; Attribute *a; - /* We only want search responses */ - if ( rs->sr_type != REP_SEARCH ) return SLAP_CB_CONTINUE; - - /* If this is a syncrepl response, pass thru unmodified */ - if ( op->o_sync > SLAP_CONTROL_IGNORED ) return SLAP_CB_CONTINUE; + /* If this is not a search response, or it is a syncrepl response, + * or the valsort control wants raw results, pass thru unmodified. + */ + if ( rs->sr_type != REP_SEARCH || + ( _SCM(op->o_sync) > SLAP_CONTROL_IGNORED ) || + ( op->o_ctrlflag[valsort_cid] & SLAP_CONTROL_DATA0)) + return SLAP_CB_CONTINUE; on = (slap_overinst *) op->o_bd->bd_info; vi = on->on_bi.bi_private; @@ -470,6 +472,14 @@ valsort_modify( Operation *op, SlapReply *rs ) return SLAP_CB_CONTINUE; } +static int +valsort_db_open( + BackendDB *be +) +{ + return overlay_register_control( be, LDAP_CONTROL_VALSORT ); +} + static int valsort_destroy( BackendDB *be @@ -493,12 +503,26 @@ valsort_parseCtrl( SlapReply *rs, LDAPControl *ctrl ) { - if ( ctrl->ldctl_value.bv_len ) { - rs->sr_text = "valSort control value not empty"; + ber_tag_t tag; + BerElementBuffer berbuf; + BerElement *ber = (BerElement *)&berbuf; + ber_int_t flag = 0; + + if ( ctrl->ldctl_value.bv_len == 0 ) { + rs->sr_text = "valSort control value is empty (or absent)"; + return LDAP_PROTOCOL_ERROR; + } + + ber_init2( ber, &ctrl->ldctl_value, 0 ); + if (( tag = ber_scanf( ber, "{b}", &flag )) == LBER_ERROR ) { + rs->sr_text = "valSort control: flag decoding error"; return LDAP_PROTOCOL_ERROR; } + op->o_ctrlflag[valsort_cid] = ctrl->ldctl_iscritical ? SLAP_CONTROL_CRITICAL : SLAP_CONTROL_NONCRITICAL; + if ( flag ) + op->o_ctrlflag[valsort_cid] |= SLAP_CONTROL_DATA0; return LDAP_SUCCESS; } @@ -507,10 +531,11 @@ static slap_overinst valsort; int valsort_init() { - int i, rc; + int rc; valsort.on_bi.bi_type = "valsort"; valsort.on_bi.bi_db_destroy = valsort_destroy; + valsort.on_bi.bi_db_open = valsort_db_open; valsort.on_bi.bi_op_add = valsort_add; valsort.on_bi.bi_op_modify = valsort_modify; diff --git a/servers/slapd/sets.c b/servers/slapd/sets.c index 9a626947b3..6574cc92de 100644 --- a/servers/slapd/sets.c +++ b/servers/slapd/sets.c @@ -57,11 +57,11 @@ slap_set_dispose( SetCookie *cp, BerVarray set, unsigned flags ) { if ( flags & SLAP_SET_REFVAL ) { if ( ! ( flags & SLAP_SET_REFARR ) ) { - cp->op->o_tmpfree( set, cp->op->o_tmpmemctx ); + cp->set_op->o_tmpfree( set, cp->set_op->o_tmpmemctx ); } } else { - ber_bvarray_free_x( set, cp->op->o_tmpmemctx ); + ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx ); } } @@ -79,9 +79,9 @@ set_dup( SetCookie *cp, BerVarray set, unsigned flags ) for ( i = 0; !BER_BVISNULL( &set[ i ] ); i++ ) ; - newset = cp->op->o_tmpcalloc( i + 1, + newset = cp->set_op->o_tmpcalloc( i + 1, sizeof(struct berval), - cp->op->o_tmpmemctx ); + cp->set_op->o_tmpmemctx ); if ( newset == NULL ) { return NULL; } @@ -89,7 +89,7 @@ set_dup( SetCookie *cp, BerVarray set, unsigned flags ) if ( flags & SLAP_SET_REFVAL ) { for ( i = 0; !BER_BVISNULL( &set[ i ] ); i++ ) { ber_dupbv_x( &newset[ i ], &set[ i ], - cp->op->o_tmpmemctx ); + cp->set_op->o_tmpmemctx ); } } else { @@ -120,9 +120,9 @@ slap_set_join( if ( lset == NULL || BER_BVISNULL( lset ) ) { if ( rset == NULL ) { if ( lset == NULL ) { - set = cp->op->o_tmpcalloc( 1, + set = cp->set_op->o_tmpcalloc( 1, sizeof(struct berval), - cp->op->o_tmpmemctx ); + cp->set_op->o_tmpmemctx ); BER_BVZERO( set ); return set; } @@ -137,7 +137,7 @@ slap_set_join( } i = slap_set_size( lset ) + slap_set_size( rset ) + 1; - set = cp->op->o_tmpcalloc( i, sizeof(struct berval), cp->op->o_tmpmemctx ); + set = cp->set_op->o_tmpcalloc( i, sizeof(struct berval), cp->set_op->o_tmpmemctx ); if ( set != NULL ) { /* set_chase() depends on this routine to * keep the first elements of the result @@ -146,7 +146,7 @@ slap_set_join( */ for ( i = 0; !BER_BVISNULL( &lset[ i ] ); i++ ) { if ( op_flags & SLAP_SET_LREFVAL ) { - ber_dupbv_x( &set[ i ], &lset[ i ], cp->op->o_tmpmemctx ); + ber_dupbv_x( &set[ i ], &lset[ i ], cp->set_op->o_tmpmemctx ); } else { set[ i ] = lset[ i ]; @@ -162,7 +162,7 @@ slap_set_join( if ( bvmatch( &rset[ i ], &set[ j ] ) ) { if ( !( op_flags & SLAP_SET_RREFVAL ) ) { - cp->op->o_tmpfree( rset[ i ].bv_val, cp->op->o_tmpmemctx ); + cp->set_op->o_tmpfree( rset[ i ].bv_val, cp->set_op->o_tmpmemctx ); BER_BVZERO( &rset[ i ] ); } exists = 1; @@ -172,7 +172,7 @@ slap_set_join( if ( !exists ) { if ( op_flags & SLAP_SET_RREFVAL ) { - ber_dupbv_x( &set[ last ], &rset[ i ], cp->op->o_tmpmemctx ); + ber_dupbv_x( &set[ last ], &rset[ i ], cp->set_op->o_tmpmemctx ); } else { set[ last ] = rset[ i ]; @@ -188,8 +188,8 @@ slap_set_join( if ( lset == NULL || BER_BVISNULL( lset ) || rset == NULL || BER_BVISNULL( rset ) ) { - set = cp->op->o_tmpcalloc( 1, sizeof(struct berval), - cp->op->o_tmpmemctx ); + set = cp->set_op->o_tmpcalloc( 1, sizeof(struct berval), + cp->set_op->o_tmpmemctx ); BER_BVZERO( set ); } else { @@ -207,7 +207,7 @@ slap_set_join( } if ( BER_BVISNULL( &rset[ j ] ) ) { - cp->op->o_tmpfree( set[ i ].bv_val, cp->op->o_tmpmemctx ); + cp->set_op->o_tmpfree( set[ i ].bv_val, cp->set_op->o_tmpmemctx ); set[ i ] = set[ last ]; BER_BVZERO( &set[ last ] ); last--; @@ -221,8 +221,8 @@ slap_set_join( i = slap_set_size( rset ); j = slap_set_size( lset ); - set = cp->op->o_tmpcalloc( i * j + 1, sizeof(struct berval), - cp->op->o_tmpmemctx ); + set = cp->set_op->o_tmpcalloc( i * j + 1, sizeof(struct berval), + cp->set_op->o_tmpmemctx ); if ( set == NULL ) { break; } @@ -233,8 +233,8 @@ slap_set_join( long k; bv.bv_len = lset[ i ].bv_len + rset[ j ].bv_len; - bv.bv_val = cp->op->o_tmpalloc( bv.bv_len + 1, - cp->op->o_tmpmemctx ); + bv.bv_val = cp->set_op->o_tmpalloc( bv.bv_len + 1, + cp->set_op->o_tmpmemctx ); if ( bv.bv_val == NULL ) { slap_set_dispose( cp, set, 0 ); set = NULL; @@ -246,7 +246,7 @@ slap_set_join( for ( k = 0; k < last; k++ ) { if ( bvmatch( &set[ k ], &bv ) ) { - cp->op->o_tmpfree( bv.bv_val, cp->op->o_tmpmemctx ); + cp->set_op->o_tmpfree( bv.bv_val, cp->set_op->o_tmpmemctx ); break; } } @@ -265,11 +265,11 @@ slap_set_join( done:; if ( !( op_flags & SLAP_SET_LREFARR ) && lset != NULL ) { - cp->op->o_tmpfree( lset, cp->op->o_tmpmemctx ); + cp->set_op->o_tmpfree( lset, cp->set_op->o_tmpmemctx ); } if ( !( op_flags & SLAP_SET_RREFARR ) && rset != NULL ) { - cp->op->o_tmpfree( rset, cp->op->o_tmpmemctx ); + cp->set_op->o_tmpfree( rset, cp->set_op->o_tmpmemctx ); } return set; @@ -283,8 +283,8 @@ set_chase( SLAP_SET_GATHER gatherer, int i; if ( set == NULL ) { - set = cp->op->o_tmpcalloc( 1, sizeof(struct berval), - cp->op->o_tmpmemctx ); + set = cp->set_op->o_tmpcalloc( 1, sizeof(struct berval), + cp->set_op->o_tmpmemctx ); BER_BVZERO( set ); return set; } @@ -293,7 +293,7 @@ set_chase( SLAP_SET_GATHER gatherer, return set; } - nset = cp->op->o_tmpcalloc( 1, sizeof(struct berval), cp->op->o_tmpmemctx ); + nset = cp->set_op->o_tmpcalloc( 1, sizeof(struct berval), cp->set_op->o_tmpmemctx ); if ( nset == NULL ) { slap_set_dispose( cp, set, 0 ); return NULL; @@ -340,7 +340,7 @@ slap_set_filter( SLAP_SET_GATHER gatherer, BerVarray set, lset; BerVarray stack[ STACK_SIZE ] = { 0 }; int len, rc, stp; - unsigned op; + unsigned long op; char c, *filter = fbv->bv_val; if ( results ) { @@ -375,7 +375,7 @@ slap_set_filter( SLAP_SET_GATHER gatherer, set = NULL; } else if ( IS_OP( SF_TOP() ) ) { - op = (unsigned)SF_POP(); + op = (unsigned long)SF_POP(); lset = SF_POP(); SF_POP(); set = slap_set_join( cp, lset, op, set ); @@ -402,7 +402,7 @@ slap_set_filter( SLAP_SET_GATHER gatherer, set = NULL; } else if ( IS_OP( SF_TOP() ) ) { - op = (unsigned)SF_POP(); + op = (unsigned long)SF_POP(); lset = SF_POP(); set = slap_set_join( cp, lset, op, set ); if ( set == NULL ) { @@ -427,13 +427,13 @@ slap_set_filter( SLAP_SET_GATHER gatherer, SF_ERROR(syntax); } - set = cp->op->o_tmpcalloc( 2, sizeof(struct berval), - cp->op->o_tmpmemctx ); + set = cp->set_op->o_tmpcalloc( 2, sizeof(struct berval), + cp->set_op->o_tmpmemctx ); if ( set == NULL ) { SF_ERROR(memory); } - set->bv_val = cp->op->o_tmpcalloc( len + 1, sizeof(char), - cp->op->o_tmpmemctx ); + set->bv_val = cp->set_op->o_tmpcalloc( len + 1, sizeof(char), + cp->set_op->o_tmpmemctx ); if ( BER_BVISNULL( set ) ) { SF_ERROR( memory ); } @@ -478,12 +478,12 @@ slap_set_filter( SLAP_SET_GATHER gatherer, if ( ( SF_TOP() == (void *)'/' ) || IS_SET( SF_TOP() ) ) { SF_ERROR( syntax ); } - set = cp->op->o_tmpcalloc( 2, sizeof(struct berval), - cp->op->o_tmpmemctx ); + set = cp->set_op->o_tmpcalloc( 2, sizeof(struct berval), + cp->set_op->o_tmpmemctx ); if ( set == NULL ) { SF_ERROR( memory ); } - ber_dupbv_x( set, target, cp->op->o_tmpmemctx ); + ber_dupbv_x( set, target, cp->set_op->o_tmpmemctx ); if ( BER_BVISNULL( set ) ) { SF_ERROR( memory ); } @@ -495,12 +495,12 @@ slap_set_filter( SLAP_SET_GATHER gatherer, if ( ( SF_TOP() == (void *)'/' ) || IS_SET( SF_TOP() ) ) { SF_ERROR( syntax ); } - set = cp->op->o_tmpcalloc( 2, sizeof(struct berval), - cp->op->o_tmpmemctx ); + set = cp->set_op->o_tmpcalloc( 2, sizeof(struct berval), + cp->set_op->o_tmpmemctx ); if ( set == NULL ) { SF_ERROR( memory ); } - ber_dupbv_x( set, user, cp->op->o_tmpmemctx ); + ber_dupbv_x( set, user, cp->set_op->o_tmpmemctx ); if ( BER_BVISNULL( set ) ) { SF_ERROR( memory ); } @@ -550,7 +550,7 @@ slap_set_filter( SLAP_SET_GATHER gatherer, /* FIXME: ok ? */ ; } else if ( IS_OP( SF_TOP() ) ) { - op = (unsigned)SF_POP(); + op = (unsigned long)SF_POP(); lset = SF_POP(); set = slap_set_join( cp, lset, op, set ); if ( set == NULL ) { diff --git a/servers/slapd/sets.h b/servers/slapd/sets.h index af5d809dc7..e92064481b 100644 --- a/servers/slapd/sets.h +++ b/servers/slapd/sets.h @@ -21,7 +21,7 @@ LDAP_BEGIN_DECL typedef struct slap_set_cookie { - struct slap_op *op; + struct slap_op *set_op; } SetCookie; /* this routine needs to return the bervals instead of diff --git a/servers/slapd/slapcommon.c b/servers/slapd/slapcommon.c index c6418c9142..a035874ee1 100644 --- a/servers/slapd/slapcommon.c +++ b/servers/slapd/slapcommon.c @@ -393,44 +393,12 @@ slap_tool_init( * initialize stuff and figure out which backend we're dealing with */ -#ifdef SLAPD_MODULES - if ( module_init() != 0 ) { - fprintf( stderr, "%s: module_init failed!\n", progname ); - exit( EXIT_FAILURE ); - } -#endif - - rc = slap_schema_init(); - - if ( rc != 0 ) { - fprintf( stderr, "%s: slap_schema_init failed!\n", progname ); - exit( EXIT_FAILURE ); - } - rc = slap_init( mode, progname ); - if ( rc != 0 ) { fprintf( stderr, "%s: slap_init failed!\n", progname ); exit( EXIT_FAILURE ); } - if ( frontend_init() ) { - fprintf( stderr, "%s: frontend_init failed!\n", progname ); - exit( EXIT_FAILURE ); - } - - if ( overlay_init() ) { - fprintf( stderr, "%s: overlay_init failed!\n", progname ); - exit( EXIT_FAILURE ); - } - -#ifdef SLAP_DYNACL - if ( acl_init() ) { - fprintf( stderr, "%s: acl_init failed!\n", progname ); - exit( EXIT_FAILURE ); - } -#endif /* SLAP_DYNACL */ - rc = read_config( conffile, confdir ); if ( rc != 0 ) { diff --git a/servers/slapd/slapi/slapi_dn.c b/servers/slapd/slapi/slapi_dn.c index 477eb0afe6..fcee2979fe 100644 --- a/servers/slapd/slapi/slapi_dn.c +++ b/servers/slapd/slapi/slapi_dn.c @@ -267,7 +267,7 @@ int slapi_sdn_compare( const Slapi_DN *sdn1, const Slapi_DN *sdn2 ) int slapi_sdn_isempty( const Slapi_DN *sdn) { - return ( BER_BVISEMPTY( &sdn->dn ) ); + return ( BER_BVISEMPTY( &sdn->dn ) && BER_BVISEMPTY( &sdn->ndn ) ); } int slapi_sdn_issuffix( const Slapi_DN *sdn, const Slapi_DN *suffix_sdn ) @@ -409,12 +409,12 @@ void slapi_rdn_set_dn( Slapi_RDN *rdn, const char *dn ) void slapi_rdn_set_sdn( Slapi_RDN *rdn, const Slapi_DN *sdn ) { - return slapi_rdn_set_dn( rdn, slapi_sdn_get_dn( sdn ) ); + slapi_rdn_set_dn( rdn, slapi_sdn_get_dn( sdn ) ); } void slapi_rdn_set_rdn( Slapi_RDN *rdn, const Slapi_RDN *fromrdn ) { - return slapi_rdn_set_dn( rdn, fromrdn->bv.bv_val ); + slapi_rdn_set_dn( rdn, fromrdn->bv.bv_val ); } void slapi_rdn_free( Slapi_RDN **rdn )