From: Kurt Zeilenga Date: Thu, 6 Jul 2000 17:12:59 +0000 (+0000) Subject: Latest changes from devel X-Git-Tag: OPENLDAP_REL_ENG_2_0_BETA~7 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=98416e52193176f80d06713cb3f5d7833b7d7539;p=openldap Latest changes from devel --- diff --git a/clients/tools/ldapsearch.c b/clients/tools/ldapsearch.c index 0b8ca33c31..a07370ecb6 100644 --- a/clients/tools/ldapsearch.c +++ b/clients/tools/ldapsearch.c @@ -713,7 +713,7 @@ static int dosearch( sctrls, cctrls, timelimit, sizelimit, &msgid ); if( rc != LDAP_SUCCESS ) { - fprintf( stderr, "ldapsearch: ldap_search_ext: %s (%d)", + fprintf( stderr, "ldapsearch: ldap_search_ext: %s (%d)\n", ldap_err2string( rc ), rc ); return( rc ); } @@ -1069,7 +1069,7 @@ static int print_result( if( !ldif ) { write_ldif( LDIF_PUT_VALUE, "ref", refs[i], strlen(refs[i]) ); } else { - fprintf( stderr, "Referral: %s", refs[i] ); + fprintf( stderr, "Referral: %s\n", refs[i] ); } } diff --git a/include/ac/errno.h b/include/ac/errno.h index 7e6abae9c0..ec9169911f 100644 --- a/include/ac/errno.h +++ b/include/ac/errno.h @@ -25,15 +25,27 @@ # define sys_errlist ((char **)0) #elif DECL_SYS_ERRLIST /* have sys_errlist but need declaration */ - LDAP_LIBC_V (int) sys_nerr; - LDAP_LIBC_V (char) *sys_errlist[]; + LDAP_LIBC_V(int) sys_nerr; + LDAP_LIBC_V(char) *sys_errlist[]; #endif -#ifdef HAVE_STRERROR -#define STRERROR(err) strerror(err) +#undef _AC_ERRNO_UNKNOWN +#define _AC_ERRNO_UNKNOWN "unknown error" + +#ifdef HAVE_SYS_ERRLIST + /* this is thread safe */ +# define STRERROR(e) ( (e) > -1 && (e) < sys_nerr \ + ? sys_errlist[(e)] : _AC_ERRNO_UNKNOWN ) + +#elif defined( HAVE_STRERROR ) + /* this may not be thread safe */ + /* and, yes, some implementations of strerror may return NULL */ +# define STRERROR(e) ( strerror(e) \ + ? strerror(e) : _AC_ERRNO_UNKNOWN ) + #else -#define STRERROR(err) \ - ((err) > -1 && (err) < sys_nerr ? sys_errlist[(err)] : "unknown") + /* this is thread safe */ +# define STRERROR(e) ( _AC_ERRNO_UNKNOWN ) #endif #endif /* _AC_ERRNO_H */ diff --git a/libraries/liblber/sockbuf.c b/libraries/liblber/sockbuf.c index e3ddbcd44a..5c133e6540 100644 --- a/libraries/liblber/sockbuf.c +++ b/libraries/liblber/sockbuf.c @@ -914,7 +914,7 @@ sb_debug_read( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len ) if ( ret < 0 ) { ber_log_printf( LDAP_DEBUG_PACKETS, sbiod->sbiod_sb->sb_debug, "%sread: want=%ld error=%s\n", (char *)sbiod->sbiod_pvt, - (long)len, strerror( errno ) ); + (long)len, STRERROR( errno ) ); } else { ber_log_printf( LDAP_DEBUG_PACKETS, sbiod->sbiod_sb->sb_debug, @@ -936,7 +936,7 @@ sb_debug_write( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len ) ber_log_printf( LDAP_DEBUG_PACKETS, sbiod->sbiod_sb->sb_debug, "%swrite: want=%ld error=%s\n", (char *)sbiod->sbiod_pvt, (long)len, - strerror( errno ) ); + STRERROR( errno ) ); } else { ber_log_printf( LDAP_DEBUG_PACKETS, sbiod->sbiod_sb->sb_debug, diff --git a/libraries/libldap/os-local.c b/libraries/libldap/os-local.c index a2cd834308..89d4278e18 100644 --- a/libraries/libldap/os-local.c +++ b/libraries/libldap/os-local.c @@ -83,7 +83,7 @@ ldap_pvt_close_socket(LDAP *ld, int s) "ldap_is_socket_ready: errror on socket %d: errno: %d (%s)\n", \ s, \ errno, \ - strerror(errno) ); \ + STRERROR(errno) ); \ } while( 0 ) /* diff --git a/libraries/libldap_r/thr_stub.c b/libraries/libldap_r/thr_stub.c index e473e0e557..b613186a05 100644 --- a/libraries/libldap_r/thr_stub.c +++ b/libraries/libldap_r/thr_stub.c @@ -160,6 +160,12 @@ ldap_pvt_thread_pool_submit ( return(0); } +int +ldap_pvt_thread_pool_maxthreads ( ldap_pvt_thread_pool_t *tpool, int max_threads ) +{ + return(0); +} + int ldap_pvt_thread_pool_backload ( ldap_pvt_thread_pool_t *pool ) diff --git a/libraries/libldbm/ldbm.c b/libraries/libldbm/ldbm.c index 2560fd8727..3e6825ac0a 100644 --- a/libraries/libldbm/ldbm.c +++ b/libraries/libldbm/ldbm.c @@ -135,11 +135,8 @@ int ldbm_initialize( void ) if ( err ) { char error[BUFSIZ]; - if ( err < 0 ) { - sprintf( error, "%ld\n", (long) err ); - } else { - sprintf( error, "%s\n", strerror( err )); - } + sprintf( error, "%s (%d)\n", STRERROR( err ), err ); + #ifdef LDAP_SYSLOG syslog( LOG_INFO, "ldbm_initialize(): FATAL error in db_appinit() : %s\n", @@ -158,11 +155,8 @@ int ldbm_initialize( void ) { char error[BUFSIZ]; - if ( err < 0 ) { - sprintf( error, "%ld\n", (long) err ); - } else { - sprintf( error, "%s\n", strerror( err )); - } + sprintf( error, "%s (%d)\n", STRERROR( err ), err ); + #ifdef LDAP_SYSLOG syslog( LOG_INFO, "ldbm_initialize(): FATAL error in db_appinit() : %s\n", @@ -233,11 +227,8 @@ ldbm_open( char *name, int rw, int mode, int dbcachesize ) { char error[BUFSIZ]; - if ( err < 0 ) { - sprintf( error, "%ld\n", (long) err ); - } else { - sprintf( error, "%s\n", strerror( err )); - } + sprintf( error, "%s (%d)\n", STRERROR( err ), err ); + (void)ret->close(ret, 0); return NULL; } @@ -251,11 +242,8 @@ ldbm_open( char *name, int rw, int mode, int dbcachesize ) { char error[BUFSIZ]; - if ( err < 0 ) { - sprintf( error, "%ld\n", (long) err ); - } else { - sprintf( error, "%s\n", strerror( err )); - } + sprintf( error, "%s (%d)\n", STRERROR( err ), err ); + (void)ret->close(ret, 0); return NULL; } @@ -383,13 +371,9 @@ ldbm_store( LDBM ldbm, Datum key, Datum data, int flags ) { char error[BUFSIZ]; - if ( rc < 0 ) { - sprintf( error, "%ld\n", (long) rc ); - } else { - sprintf( error, "%s\n", strerror( rc )); - } + sprintf( error, "%s (%d)\n", STRERROR( rc ), rc ); } - rc = (-1) * rc; + rc = (-1) * rc; #elif DB_VERSION_MAJOR >= 2 rc = (*ldbm->put)( ldbm, NULL, &key, &data, flags & ~LDBM_SYNC ); diff --git a/servers/slapd/Makefile.in b/servers/slapd/Makefile.in index c27ebbd315..d7787e7127 100644 --- a/servers/slapd/Makefile.in +++ b/servers/slapd/Makefile.in @@ -160,7 +160,7 @@ sslapd: version.o .backend: $(@PLAT@_IMPLIB) FORCE @for i in back-*; do \ - if [ -d $$i ]; then \ + if [ -d $$i -a -f $$i/Makefile ]; then \ echo " "; echo " cd $$i; $(MAKE) $(MFLAGS) all"; \ ( cd $$i; $(MAKE) $(MFLAGS) all ); \ if test $$? != 0 ; then exit 1; fi ; \ @@ -197,7 +197,7 @@ version.c: $(OBJS) $(SLAPD_LIBDEPEND) depend-local-srv: FORCE @for i in back-* shell-backends tools; do \ - if [ -d $$i ]; then \ + if [ -d $$i -a -f $$i/Makefile ]; then \ echo; echo " cd $$i; $(MAKE) $(MFLAGS) depend"; \ ( cd $$i; $(MAKE) $(MFLAGS) depend ); \ if test $$? != 0 ; then exit 1; fi ; \ @@ -210,7 +210,7 @@ clean-local: clean-local-srv: FORCE @for i in back-* shell-backends tools; do \ - if [ -d $$i ]; then \ + if [ -d $$i -a -f $$i/Makefile ]; then \ echo; echo " cd $$i; $(MAKE) $(MFLAGS) clean"; \ ( cd $$i; $(MAKE) $(MFLAGS) clean ); \ if test $$? != 0 ; then exit 1; fi ; \ @@ -220,7 +220,7 @@ clean-local-srv: FORCE veryclean-local-srv: FORCE @for i in back-* shell-backends tools; do \ - if [ -d $$i ]; then \ + if [ -d $$i -a -f $$i/Makefile ]; then \ echo; echo " cd $$i; $(MAKE) $(MFLAGS) clean"; \ ( cd $$i; $(MAKE) $(MFLAGS) veryclean ); \ fi; \ @@ -235,7 +235,7 @@ install-slapd: FORCE slapd$(EXEEXT) $(DESTDIR)$(libexecdir) @if [ ! -z "$(SLAPD_MODULES)" ]; then \ for i in back-* shell-backends tools; do \ - if [ -d $$i ]; then \ + if [ -d $$i -a -f $$i/Makefile ]; then \ echo; echo " cd $$i; $(MAKE) $(MFLAGS) install"; \ ( cd $$i; $(MAKE) $(MFLAGS) install ); \ if test $$? != 0 ; then exit 1; fi ; \ diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c index 4dacfc06e9..b61b1570c1 100644 --- a/servers/slapd/acl.c +++ b/servers/slapd/acl.c @@ -961,9 +961,9 @@ aci_set_gather (void *cookie, char *name, char *attr) if ((ndn = ch_strdup(name)) != NULL) { if (dn_normalize(ndn) != NULL) { - char *text; + const char *text; AttributeDescription *desc = NULL; - if (slap_str2ad(attr, &desc, &text) == 0) { + if (slap_str2ad(attr, &desc, &text) == LDAP_SUCCESS) { backend_attribute(cp->be, NULL /*cp->conn*/, NULL /*cp->op*/, cp->e, ndn, desc, &bvals); @@ -1012,7 +1012,7 @@ aci_match_set ( char *subjdn; char *setat; struct berval **bvals; - char *text; + const char *text; AttributeDescription *desc = NULL; /* format of string is "entry/setAttrName" */ @@ -1032,7 +1032,7 @@ aci_match_set ( } if ( setat != NULL ) { if ( dn_normalize(subjdn) != NULL - && slap_str2ad(setat, &desc, &text) == 0 ) + && slap_str2ad(setat, &desc, &text) == LDAP_SUCCESS ) { backend_attribute(be, NULL, NULL, e, subjdn, desc, &bvals); diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c index 91fe758961..8239c9c3ef 100644 --- a/servers/slapd/bind.c +++ b/servers/slapd/bind.c @@ -216,19 +216,28 @@ do_bind( ldap_pvt_thread_mutex_lock( &conn->c_mutex ); if ( conn->c_sasl_bind_mech != NULL ) { + /* SASL bind is in progress */ +#ifdef HAVE_CYRUS_SASL + assert( conn->c_sasl_bind_context != NULL ); +#endif + if((strcmp(conn->c_sasl_bind_mech, mech) != 0)) { - /* mechanism changed, cancel in progress bind */ + /* mechanism changed */ #ifdef HAVE_CYRUS_SASL + /* dispose of context */ sasl_dispose(&conn->c_sasl_bind_context); conn->c_sasl_bind_context = NULL; #endif } + free( conn->c_sasl_bind_mech ); conn->c_sasl_bind_mech = NULL; #ifdef LDAP_DEBUG -#ifdef HAVE_CYRUS_SASL } else { + /* SASL bind is NOT in progress */ + assert( conn->c_sasl_bind_mech == NULL ); +#ifdef HAVE_CYRUS_SASL assert( conn->c_sasl_bind_context == NULL ); #endif #endif @@ -256,7 +265,7 @@ do_bind( #ifdef HAVE_CYRUS_SASL } else { - assert( conn->c_sasl_bind_context != NULL ); + assert( conn->c_sasl_bind_context == NULL ); #endif } @@ -374,6 +383,24 @@ do_bind( } cleanup: + if( rc != LDAP_SASL_BIND_IN_PROGRESS ) { + ldap_pvt_thread_mutex_lock( &conn->c_mutex ); + + /* dispose of mech */ + free( conn->c_sasl_bind_mech ); + conn->c_sasl_bind_mech = NULL; + +#ifdef HAVE_CYRUS_SASL + if( conn->c_sasl_bind_context != NULL ) { + /* dispose of context */ + sasl_dispose(&conn->c_sasl_bind_context); + conn->c_sasl_bind_context = NULL; + } +#endif + + ldap_pvt_thread_mutex_unlock( &conn->c_mutex ); + } + if( dn != NULL ) { free( dn ); } diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c index 8d3769c22a..23dfaae8fa 100644 --- a/servers/slapd/sasl.c +++ b/servers/slapd/sasl.c @@ -105,6 +105,7 @@ int sasl_init( void ) slap_sasl_mutex_unlock, slap_sasl_mutex_dispose ); + /* server name should be configurable */ rc = sasl_server_init( NULL, "slapd" ); if( rc != SASL_OK ) { @@ -134,6 +135,7 @@ int sasl_init( void ) #ifndef SLAPD_IGNORE_RFC2829 { + /* security flags should be configurable */ sasl_security_properties_t secprops; memset(&secprops, '\0', sizeof(secprops)); secprops.security_flags = SASL_SEC_NOPLAINTEXT | SASL_SEC_NOANONYMOUS; @@ -237,13 +239,15 @@ int sasl_bind( callbacks, SASL_SECURITY_LAYER, &conn->c_sasl_bind_context ); if( sc != SASL_OK ) { - send_ldap_result( conn, op, rc = LDAP_AUTH_METHOD_NOT_SUPPORTED, - NULL, NULL, NULL, NULL ); + send_ldap_result( conn, op, rc = slap_sasl_err2ldap( sc ), + NULL, "could not create new SASL context", NULL, NULL ); + } else { unsigned reslen; conn->c_authmech = ch_strdup( mech ); - sc = sasl_server_start( conn->c_sasl_bind_context, conn->c_authmech, + sc = sasl_server_start( conn->c_sasl_bind_context, + conn->c_authmech, cred->bv_val, cred->bv_len, (char **)&response.bv_val, &reslen, &errstr ); @@ -254,9 +258,11 @@ int sasl_bind( NULL, errstr, NULL, NULL ); } } + } else { unsigned reslen; - sc = sasl_server_step( conn->c_sasl_bind_context, cred->bv_val, cred->bv_len, + sc = sasl_server_step( conn->c_sasl_bind_context, + cred->bv_val, cred->bv_len, (char **)&response.bv_val, &reslen, &errstr ); response.bv_len = reslen; @@ -270,26 +276,35 @@ int sasl_bind( if ( sc == SASL_OK ) { char *authzid; - if ( ( sc = sasl_getprop( conn->c_sasl_bind_context, SASL_USERNAME, - (void **)&authzid ) ) != SASL_OK ) { + sc = sasl_getprop( conn->c_sasl_bind_context, SASL_USERNAME, + (void **)&authzid ); + + if ( sc != SASL_OK ) { send_ldap_result( conn, op, rc = slap_sasl_err2ldap( sc ), - NULL, NULL, NULL, NULL ); + NULL, "no SASL username", NULL, NULL ); } else { - Debug(LDAP_DEBUG_TRACE, "<== sasl_bind: username=%s\n", + Debug(LDAP_DEBUG_TRACE, "sasl_bind: username=%s\n", authzid, 0, 0); - if( strncasecmp( authzid, "anonymous", sizeof("anonyous")-1 ) && + if( !strncasecmp( authzid, "anonymous", sizeof("anonyous")-1 ) && ( ( authzid[sizeof("anonymous")] == '\0' ) || - ( authzid[sizeof("anonymous")] == '@' ) ) ) + ( authzid[sizeof("anonymous")] == '@' ) ) ) { + Debug(LDAP_DEBUG_TRACE, "<== sasl_bind: anonymous\n", + 0, 0, 0); + + } else { *edn = ch_malloc( sizeof( "authzid=" ) + strlen( authzid ) ); strcpy( *edn, "authzid=" ); strcat( *edn, authzid ); + + Debug(LDAP_DEBUG_TRACE, "<== sasl_bind: authzdn: \"%s\"\n", + *edn, 0, 0); } - send_ldap_result( conn, op, rc = LDAP_SUCCESS, - NULL, NULL, NULL, NULL ); + send_ldap_sasl( conn, op, rc = LDAP_SUCCESS, + NULL, NULL, NULL, NULL, &response ); } } else if ( sc == SASL_CONTINUE ) {