From: Kurt Zeilenga Date: Fri, 16 Apr 2004 06:12:13 +0000 (+0000) Subject: s/saslAuthz/authz/ X-Git-Tag: OPENDLAP_REL_ENG_2_2_MP~504 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=a54900be42f1afc9f27879d69fbc070a7c153d8c;p=openldap s/saslAuthz/authz/ --- diff --git a/servers/slapd/Makefile.in b/servers/slapd/Makefile.in index 699704dd0d..87183785a6 100644 --- a/servers/slapd/Makefile.in +++ b/servers/slapd/Makefile.in @@ -13,7 +13,7 @@ ## top-level directory of the distribution or, alternatively, at ## . -SLAPTOOLS=slapadd slapcat slapdn slapindex slappasswd slaptest slapsaslauth +SLAPTOOLS=slapadd slapcat slapdn slapindex slappasswd slaptest slapauth PROGRAMS=slapd $(SLAPTOOLS) XPROGRAMS=sslapd libbackends.a .backend liboverlays.a XSRCS=version.c @@ -37,7 +37,7 @@ SRCS = main.c globals.c config.c daemon.c \ backglue.c operational.c matchedValues.c cancel.c syncrepl.c \ backover.c ctxcsn.c ldapsync.c sessionlog.c \ slapadd.c slapcat.c slapcommon.c slapdn.c slapindex.c \ - slappasswd.c slaptest.c slapsaslauth.c \ + slappasswd.c slaptest.c slapauth.c \ $(@PLAT@_SRCS) OBJS = main.o globals.o config.o daemon.o \ @@ -54,7 +54,7 @@ OBJS = main.o globals.o config.o daemon.o \ backglue.o operational.o matchedValues.o cancel.o syncrepl.o \ backover.o ctxcsn.o ldapsync.o sessionlog.o \ slapadd.o slapcat.o slapcommon.o slapdn.o slapindex.o \ - slappasswd.o slaptest.o slapsaslauth.o \ + slappasswd.o slaptest.o slapauth.o \ $(@PLAT@_OBJS) LDAP_INCDIR= ../../include -I$(srcdir)/slapi diff --git a/servers/slapd/config.c b/servers/slapd/config.c index e0bc78ccc7..dd9fb612c2 100644 --- a/servers/slapd/config.c +++ b/servers/slapd/config.c @@ -683,13 +683,11 @@ read_config( const char *fname, int depth ) lutil_salt_format( cargv[1] ); - /* SASL config options */ - } else if ( strncasecmp( cargv[0], "sasl", 4 ) == 0 ) { - if ( slap_sasl_config( cargc, cargv, line, fname, lineno ) ) - return 1; #ifdef SLAP_SASL_REWRITE /* use authid rewrite instead of sasl regexp */ - } else if ( strncasecmp( cargv[0], "authid-rewrite", sizeof("authid-rewrite") - 1 ) == 0 ) { + } else if ( strncasecmp( cargv[0], "auth-rewrite", + sizeof("auth-rewrite") - 1 ) == 0 ) + { int rc = slap_sasl_rewrite_config( fname, lineno, cargc, cargv ); if ( rc ) { @@ -697,6 +695,14 @@ read_config( const char *fname, int depth ) } #endif /* SLAP_SASL_REWRITE */ + /* Auth + SASL config options */ + } else if ( !strncasecmp( cargv[0], "auth", sizeof("auth")-1 ) || + !strncasecmp( cargv[0], "sasl", sizeof("sasl")-1 )) + { + if ( slap_sasl_config( cargc, cargv, line, fname, lineno ) ) + return 1; + + } else if ( strcasecmp( cargv[0], "schemadn" ) == 0 ) { struct berval dn; if ( cargc < 2 ) { diff --git a/servers/slapd/main.c b/servers/slapd/main.c index d5cff55b12..bbb4374da1 100644 --- a/servers/slapd/main.c +++ b/servers/slapd/main.c @@ -65,7 +65,8 @@ static struct sockaddr_in bind_addr; #endif typedef int (MainFunc) LDAP_P(( int argc, char *argv[] )); -extern MainFunc slapadd, slapcat, slapdn, slapindex, slappasswd, slaptest, slapsaslauth; +extern MainFunc slapadd, slapcat, slapdn, slapindex, slappasswd, + slaptest, slapauth; static struct { char *name; @@ -77,7 +78,7 @@ static struct { {"slapindex", slapindex}, {"slappasswd", slappasswd}, {"slaptest", slaptest}, - {"slapsaslauth", slapsaslauth}, + {"slapauth", slapauth}, {NULL, NULL} }; diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c index 4f66a95fe0..1daf413556 100644 --- a/servers/slapd/sasl.c +++ b/servers/slapd/sasl.c @@ -70,55 +70,54 @@ int slap_sasl_config( int cargc, char **cargv, char *line, const char *fname, int lineno ) { /* set SASL proxy authorization policy */ - if ( strcasecmp( cargv[0], "sasl-authz-policy" ) == 0 ) { + if ( !strcasecmp( cargv[0], "authz-policy" ) || + !strcasecmp( cargv[0], "sasl-authz-policy" )) + { if ( cargc != 2 ) { #ifdef NEW_LOGGING LDAP_LOG( CONFIG, CRIT, "%s: line %d: missing policy in" - " \"sasl-authz-policy \" line\n", - fname, lineno, 0 ); + " \"%s \" line\n", + cargv[0], fname, lineno ); #else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing policy in" - " \"sasl-authz-policy \" line\n", - fname, lineno, 0 ); + " \"%s \" line\n", + cargv[0], fname, lineno ); #endif return( 1 ); } if ( slap_sasl_setpolicy( cargv[1] ) ) { #ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: unable " - "to parse value \"%s\" " - "in \"sasl-authz-policy " - "\" line.\n", - fname, lineno, cargv[1] ); + LDAP_LOG( CONFIG, CRIT, "%s: line %d: " + "unable to parse value \"%s\" in \"authz-policy " + "\" line.\n", + fname, lineno, cargv[1] ); #else - Debug( LDAP_DEBUG_ANY, - "%s: line %d: unable " - "to parse value \"%s\" " - "in \"sasl-authz-policy " - "\" line\n", - fname, lineno, cargv[1] ); + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "unable to parse value \"%s\" in \"authz-policy " + "\" line.\n", + fname, lineno, cargv[1] ); #endif return( 1 ); } - } else if ( !strcasecmp( cargv[0], "sasl-regexp" ) - || !strcasecmp( cargv[0], "saslregexp" ) ) + } else if ( !strcasecmp( cargv[0], "authz-regexp" ) || + !strcasecmp( cargv[0], "sasl-regexp" ) || + !strcasecmp( cargv[0], "saslregexp" ) ) { int rc; if ( cargc != 3 ) { #ifdef NEW_LOGGING LDAP_LOG( CONFIG, CRIT, "%s: line %d: need 2 args in " - "\"saslregexp \"\n", + "\"authz-regexp \"\n", fname, lineno, 0 ); #else Debug( LDAP_DEBUG_ANY, "%s: line %d: need 2 args in " - "\"saslregexp \"\n", + "\"authz-regexp \"\n", fname, lineno, 0 ); #endif diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c index f1f338b7db..8935182ccc 100644 --- a/servers/slapd/saslauthz.c +++ b/servers/slapd/saslauthz.c @@ -45,7 +45,7 @@ * dn.exact: the value must pass normalization and is used * in exact DN match. * dn.regex: the value is treated as a regular expression - * in matching DN values in saslAuthz{To|From} + * in matching DN values in authz{To|From} * attributes. * dn: for backwards compatibility reasons, the value * is treated as a regular expression, and thus diff --git a/servers/slapd/schema_prep.c b/servers/slapd/schema_prep.c index 8c91a702a1..4b6a56fac8 100644 --- a/servers/slapd/schema_prep.c +++ b/servers/slapd/schema_prep.c @@ -667,9 +667,9 @@ static struct slap_schema_ad_map { NULL, NULL, NULL, NULL, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_children) }, - { "saslAuthzTo", "( 1.3.6.1.4.1.4203.666.1.8 " - "NAME 'saslAuthzTo' " - "DESC 'SASL proxy authorization targets' " + { "authzTo", "( 1.3.6.1.4.1.4203.666.1.8 " + "NAME ( 'authzTo' 'saslAuthzTo' ) " + "DESC 'proxy authorization targets' " "EQUALITY caseExactMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 " "USAGE distributedOperation )", @@ -677,9 +677,9 @@ static struct slap_schema_ad_map { NULL, NULL, NULL, NULL, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_saslAuthzTo) }, - { "saslAuthzFrom", "( 1.3.6.1.4.1.4203.666.1.9 " - "NAME 'saslAuthzFrom' " - "DESC 'SASL proxy authorization sources' " + { "authzFrom", "( 1.3.6.1.4.1.4203.666.1.9 " + "NAME ( 'authzFrom' 'saslAuthzFrom' ) " + "DESC 'proxy authorization sources' " "EQUALITY caseExactMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 " "USAGE distributedOperation )", diff --git a/servers/slapd/slapauth.c b/servers/slapd/slapauth.c new file mode 100644 index 0000000000..8e998c5b0f --- /dev/null +++ b/servers/slapd/slapauth.c @@ -0,0 +1,173 @@ +/* This work is part of OpenLDAP Software . + * + * Copyright 2004 The OpenLDAP Foundation. + * Portions Copyright 2004 Pierangelo Masarati. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * . + */ +/* ACKNOWLEDGEMENTS: + * This work was initially developed by Pierangelo Masarati for inclusion + * in OpenLDAP Software. + */ + +#include "portable.h" + +#include + +#include + +#include +#include +#include +#include + +#include +#include +#include + +#include "slapcommon.h" + +static int +do_check( Connection *c, Operation *op, struct berval *id ) +{ + struct berval authcDN; + int rc; + + rc = slap_sasl_getdn( c, op, id, NULL, &authcDN, SLAP_GETDN_AUTHCID ); + if ( rc != LDAP_SUCCESS ) { + fprintf( stderr, "ID: <%s> check failed %d (%s)\n", + id->bv_val, rc, + ldap_err2string( rc ) ); + rc = 1; + + } else { + if ( !BER_BVISNULL( &authzID ) ) { + rc = slap_sasl_authorized( op, &authcDN, &authzID ); + + fprintf( stderr, + "ID: <%s>\n" + "authcDN: <%s>\n" + "authzDN: <%s>\n" + "authorization %s\n", + id->bv_val, + authcDN.bv_val, + authzID.bv_val, + rc == LDAP_SUCCESS ? "OK" : "failed" ); + + } else { + fprintf( stderr, "ID: <%s> check succeeded\n" + "authcID: <%s>\n", + id->bv_val, + authcDN.bv_val ); + op->o_tmpfree( authcDN.bv_val, op->o_tmpmemctx ); + } + rc = 0; + } + + return rc; +} + +int +slapauth( int argc, char **argv ) +{ + int rc = EXIT_SUCCESS; + const char *progname = "slapauth"; + Connection conn; + Operation op; + +#ifdef NEW_LOGGING + lutil_log_initialize( argc, argv ); +#endif + slap_tool_init( progname, SLAPAUTH, argc, argv ); + + argv = &argv[ optind ]; + argc -= optind; + + memset( &conn, 0, sizeof( Connection ) ); + memset( &op, 0, sizeof( Operation ) ); + + connection_fake_init( &conn, &op, &conn ); + + if ( !BER_BVISNULL( &authzID ) ) { + struct berval authzDN; + + rc = slap_sasl_getdn( &conn, &op, &authzID, NULL, &authzDN, + SLAP_GETDN_AUTHZID ); + if ( rc != LDAP_SUCCESS ) { + fprintf( stderr, "authzID: <%s> check failed %d (%s)\n", + authzID.bv_val, rc, + ldap_err2string( rc ) ); + rc = 1; + BER_BVZERO( &authzID ); + goto destroy; + } + + authzID = authzDN; + } + + + if ( !BER_BVISNULL( &authcID ) ) { + if ( !BER_BVISNULL( &authzID ) || argc == 0 ) { + rc = do_check( &conn, &op, &authcID ); + goto destroy; + } + + for ( ; argc--; argv++ ) { + struct berval authzDN; + + ber_str2bv( argv[ 0 ], 0, 0, &authzID ); + + rc = slap_sasl_getdn( &conn, &op, &authzID, NULL, &authzDN, + SLAP_GETDN_AUTHZID ); + if ( rc != LDAP_SUCCESS ) { + fprintf( stderr, "authzID: <%s> check failed %d (%s)\n", + authzID.bv_val, rc, + ldap_err2string( rc ) ); + rc = 1; + BER_BVZERO( &authzID ); + goto destroy; + } + + authzID = authzDN; + + rc = do_check( &conn, &op, &authcID ); + + op.o_tmpfree( authzID.bv_val, op.o_tmpmemctx ); + BER_BVZERO( &authzID ); + + if ( rc ) { + goto destroy; + } + } + + goto destroy; + } + + for ( ; argc--; argv++ ) { + struct berval id; + + ber_str2bv( argv[ 0 ], 0, 0, &id ); + + rc = do_check( &conn, &op, &id ); + + if ( rc ) { + goto destroy; + } + } + +destroy:; + if ( !BER_BVISNULL( &authzID ) ) { + op.o_tmpfree( authzID.bv_val, op.o_tmpmemctx ); + } + slap_tool_destroy(); + + return rc; +} + diff --git a/servers/slapd/slapcommon.c b/servers/slapd/slapcommon.c index a3cbc72507..857d422848 100644 --- a/servers/slapd/slapcommon.c +++ b/servers/slapd/slapcommon.c @@ -70,7 +70,7 @@ usage( int tool, const char *progname ) options = "\t[-n databasenumber | -b suffix]\n"; break; - case SLAPSASLAUTH: + case SLAPAUTH: options = "\t[-U authcID] [-X authzID] ID [...]\n"; break; } @@ -129,7 +129,7 @@ slap_tool_init( options = "d:f:v"; break; - case SLAPSASLAUTH: + case SLAPAUTH: options = "d:f:U:vX:"; break; @@ -272,7 +272,7 @@ slap_tool_init( } break; - case SLAPSASLAUTH: + case SLAPAUTH: if ( argc == optind && BER_BVISNULL( &authcID ) ) { usage( tool, progname ); } @@ -371,7 +371,7 @@ slap_tool_init( case SLAPTEST: return; - case SLAPSASLAUTH: + case SLAPAUTH: be = NULL; goto startup; diff --git a/servers/slapd/slapcommon.h b/servers/slapd/slapcommon.h index 3722fb603d..ff29921cd1 100644 --- a/servers/slapd/slapcommon.h +++ b/servers/slapd/slapcommon.h @@ -27,7 +27,7 @@ enum slaptool { SLAPINDEX, /* database index tool */ SLAPPASSWD, /* password generation tool */ SLAPTEST, /* slapd.conf test tool */ - SLAPSASLAUTH, /* test sasl-regexp and authc/authz stuff */ + SLAPAUTH, /* test authz-regexp and authc/authz stuff */ SLAPLAST }; diff --git a/servers/slapd/slapsaslauth.c b/servers/slapd/slapsaslauth.c deleted file mode 100644 index baa9236c3f..0000000000 --- a/servers/slapd/slapsaslauth.c +++ /dev/null @@ -1,173 +0,0 @@ -/* This work is part of OpenLDAP Software . - * - * Copyright 2004 The OpenLDAP Foundation. - * Portions Copyright 2004 Pierangelo Masarati. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted only as authorized by the OpenLDAP - * Public License. - * - * A copy of this license is available in file LICENSE in the - * top-level directory of the distribution or, alternatively, at - * . - */ -/* ACKNOWLEDGEMENTS: - * This work was initially developed by Pierangelo Masarati for inclusion - * in OpenLDAP Software. - */ - -#include "portable.h" - -#include - -#include - -#include -#include -#include -#include - -#include -#include -#include - -#include "slapcommon.h" - -static int -do_check( Connection *c, Operation *op, struct berval *id ) -{ - struct berval authcDN; - int rc; - - rc = slap_sasl_getdn( c, op, id, NULL, &authcDN, SLAP_GETDN_AUTHCID ); - if ( rc != LDAP_SUCCESS ) { - fprintf( stderr, "ID: <%s> check failed %d (%s)\n", - id->bv_val, rc, - ldap_err2string( rc ) ); - rc = 1; - - } else { - if ( !BER_BVISNULL( &authzID ) ) { - rc = slap_sasl_authorized( op, &authcDN, &authzID ); - - fprintf( stderr, - "ID: <%s>\n" - "authcDN: <%s>\n" - "authzDN: <%s>\n" - "authorization %s\n", - id->bv_val, - authcDN.bv_val, - authzID.bv_val, - rc == LDAP_SUCCESS ? "OK" : "failed" ); - - } else { - fprintf( stderr, "ID: <%s> check succeeded\n" - "authcID: <%s>\n", - id->bv_val, - authcDN.bv_val ); - op->o_tmpfree( authcDN.bv_val, op->o_tmpmemctx ); - } - rc = 0; - } - - return rc; -} - -int -slapsaslauth( int argc, char **argv ) -{ - int rc = EXIT_SUCCESS; - const char *progname = "slapsaslauth"; - Connection conn; - Operation op; - -#ifdef NEW_LOGGING - lutil_log_initialize( argc, argv ); -#endif - slap_tool_init( progname, SLAPSASLAUTH, argc, argv ); - - argv = &argv[ optind ]; - argc -= optind; - - memset( &conn, 0, sizeof( Connection ) ); - memset( &op, 0, sizeof( Operation ) ); - - connection_fake_init( &conn, &op, &conn ); - - if ( !BER_BVISNULL( &authzID ) ) { - struct berval authzDN; - - rc = slap_sasl_getdn( &conn, &op, &authzID, NULL, &authzDN, - SLAP_GETDN_AUTHZID ); - if ( rc != LDAP_SUCCESS ) { - fprintf( stderr, "authzID: <%s> check failed %d (%s)\n", - authzID.bv_val, rc, - ldap_err2string( rc ) ); - rc = 1; - BER_BVZERO( &authzID ); - goto destroy; - } - - authzID = authzDN; - } - - - if ( !BER_BVISNULL( &authcID ) ) { - if ( !BER_BVISNULL( &authzID ) || argc == 0 ) { - rc = do_check( &conn, &op, &authcID ); - goto destroy; - } - - for ( ; argc--; argv++ ) { - struct berval authzDN; - - ber_str2bv( argv[ 0 ], 0, 0, &authzID ); - - rc = slap_sasl_getdn( &conn, &op, &authzID, NULL, &authzDN, - SLAP_GETDN_AUTHZID ); - if ( rc != LDAP_SUCCESS ) { - fprintf( stderr, "authzID: <%s> check failed %d (%s)\n", - authzID.bv_val, rc, - ldap_err2string( rc ) ); - rc = 1; - BER_BVZERO( &authzID ); - goto destroy; - } - - authzID = authzDN; - - rc = do_check( &conn, &op, &authcID ); - - op.o_tmpfree( authzID.bv_val, op.o_tmpmemctx ); - BER_BVZERO( &authzID ); - - if ( rc ) { - goto destroy; - } - } - - goto destroy; - } - - for ( ; argc--; argv++ ) { - struct berval id; - - ber_str2bv( argv[ 0 ], 0, 0, &id ); - - rc = do_check( &conn, &op, &id ); - - if ( rc ) { - goto destroy; - } - } - -destroy:; - if ( !BER_BVISNULL( &authzID ) ) { - op.o_tmpfree( authzID.bv_val, op.o_tmpmemctx ); - } - slap_tool_destroy(); - - return rc; -} - diff --git a/servers/slapd/syncrepl.c b/servers/slapd/syncrepl.c index b5c76c6de2..9885f2b9dc 100644 --- a/servers/slapd/syncrepl.c +++ b/servers/slapd/syncrepl.c @@ -87,6 +87,7 @@ init_syncrepl(syncinfo_t *si) Debug( LDAP_DEBUG_ANY, "out of memory\n", 0,0,0 ); #endif } + } else { tmp = ( char ** ) ch_realloc( si->si_attrs, 5 * sizeof( char * )); if ( tmp == NULL ) { @@ -102,7 +103,6 @@ init_syncrepl(syncinfo_t *si) si->si_attrs = tmp; /* Add Attributes */ - for ( i = 0; sync_descs[ i ] != NULL; i++ ) { si->si_attrs[ n++ ] = ch_strdup ( sync_descs[i]->ad_cname.bv_val ); si->si_attrs[ n ] = NULL; @@ -112,8 +112,7 @@ init_syncrepl(syncinfo_t *si) static int ldap_sync_search( syncinfo_t *si, - void *ctx -) + void *ctx ) { BerElementBuffer berbuf; BerElement *ber = (BerElement *)&berbuf; @@ -127,11 +126,14 @@ ldap_sync_search( ber_set_option( ber, LBER_OPT_BER_MEMCTX, &ctx ); if ( si->si_syncCookie.octet_str && - si->si_syncCookie.octet_str[0].bv_val ) { - ber_printf( ber, "{eO}", abs(si->si_type), - &si->si_syncCookie.octet_str[0] ); + si->si_syncCookie.octet_str[0].bv_val ) + { + ber_printf( ber, "{eO}", + abs(si->si_type), + &si->si_syncCookie.octet_str[0] ); } else { - ber_printf( ber, "{e}", abs(si->si_type) ); + ber_printf( ber, "{e}", + abs(si->si_type) ); } if ( (rc = ber_flatten2( ber, &c[0].ldctl_value, 0 )) == LBER_ERROR ) { @@ -161,7 +163,6 @@ ldap_sync_search( ctrls, NULL, si->si_tlimit < 0 ? NULL : &timeout, si->si_slimit, &msgid ); ber_free_buf( ber ); - return rc; } @@ -182,7 +183,6 @@ do_syncrep1( psub = &si->si_be->be_nsuffix[0]; /* Init connection to master */ - rc = ldap_initialize( &si->si_ld, si->si_provideruri ); if ( rc != LDAP_SUCCESS ) { #ifdef NEW_LOGGING @@ -242,9 +242,8 @@ do_syncrep1( } } - defaults = lutil_sasl_defaults( si->si_ld, - si->si_saslmech, si->si_realm, - si->si_authcId, si->si_passwd, si->si_authzId ); + defaults = lutil_sasl_defaults( si->si_ld, si->si_saslmech, + si->si_realm, si->si_authcId, si->si_passwd, si->si_authzId ); rc = ldap_sasl_interactive_bind_s( si->si_ld, si->si_binddn, @@ -283,10 +282,12 @@ do_syncrep1( } #else /* HAVE_CYRUS_SASL */ /* Should never get here, we trapped this at config time */ + assert(0); fprintf( stderr, "not compiled with SASL support\n" ); rc = LDAP_OTHER; goto done; #endif + } else { rc = ldap_bind_s( si->si_ld, si->si_binddn, si->si_passwd, si->si_bindmethod ); @@ -303,7 +304,6 @@ do_syncrep1( } /* get syncrepl cookie of shadow replica from subentry */ - assert( si->si_rid < 1000 ); syncrepl_cn_bv.bv_val = syncrepl_cbuf; syncrepl_cn_bv.bv_len = snprintf(syncrepl_cbuf, sizeof(syncrepl_cbuf), @@ -341,6 +341,7 @@ do_syncrep1( slap_dup_sync_cookie( &si->si_syncCookie, sc ); slap_sync_cookie_free( sc, 1 ); sc = NULL; + } else { /* stored cookie */ struct berval newcookie = BER_BVNULL; @@ -374,6 +375,7 @@ do_syncrep1( si->si_syncCookie.sid, si->si_syncCookie.rid ); ber_bvarray_add( &si->si_syncCookie.octet_str, &newcookie ); } + } else { /* no command line cookie is specified */ if ( si->si_syncCookie.octet_str == NULL ) { @@ -476,22 +478,22 @@ do_syncrep2( slap_dup_sync_cookie( &syncCookie_req, &si->si_syncCookie ); - if ( abs(si->si_type) == LDAP_SYNC_REFRESH_AND_PERSIST ){ + if ( abs(si->si_type) == LDAP_SYNC_REFRESH_AND_PERSIST ) { tout_p = &tout; } else { tout_p = NULL; } - while (( rc = ldap_result( si->si_ld, LDAP_RES_ANY, LDAP_MSG_ONE, tout_p, &res )) - > 0 ) + while (( rc = ldap_result( si->si_ld, LDAP_RES_ANY, LDAP_MSG_ONE, + tout_p, &res )) > 0 ) { if ( slapd_shutdown ) { rc = -2; goto done; } for( msg = ldap_first_message( si->si_ld, res ); - msg != NULL; - msg = ldap_next_message( si->si_ld, msg ) ) + msg != NULL; + msg = ldap_next_message( si->si_ld, msg ) ) { switch( ldap_msgtype( msg ) ) { case LDAP_RES_SEARCH_ENTRY: @@ -503,9 +505,9 @@ do_syncrep2( } rctrlp = *rctrls; ber_init2( ber, &rctrlp->ldctl_value, LBER_USE_DER ); - ber_scanf( ber, "{em", &syncstate, &syncUUID ); + ber_scanf( ber, "{em" /*"}"*/, &syncstate, &syncUUID ); if ( ber_peek_tag( ber, &len ) == LDAP_TAG_SYNC_COOKIE ) { - ber_scanf( ber, "m}", &cookie ); + ber_scanf( ber, /*"{"*/ "m}", &cookie ); if ( cookie.bv_val ) { struct berval tmp_bv; ber_dupbv( &tmp_bv, &cookie ); @@ -518,9 +520,10 @@ do_syncrep2( if ( syncrepl_message_to_entry( si, op, msg, &modlist, &entry, syncstate ) == LDAP_SUCCESS ) { rc_efree = syncrepl_entry( si, op, entry, modlist, - syncstate, &syncUUID, &syncCookie_req ); + syncstate, &syncUUID, &syncCookie_req ); if ( syncCookie.octet_str && - syncCookie.octet_str[0].bv_val ) { + syncCookie.octet_str[0].bv_val ) + { syncrepl_updateCookie( si, op, psub, &syncCookie ); } } @@ -552,8 +555,7 @@ do_syncrep2( ber_init2( ber, &rctrlp->ldctl_value, LBER_USE_DER ); ber_scanf( ber, "{" /*"}"*/); - if ( ber_peek_tag( ber, &len ) == LDAP_TAG_SYNC_COOKIE ) - { + if ( ber_peek_tag( ber, &len ) == LDAP_TAG_SYNC_COOKIE ) { ber_scanf( ber, "m", &cookie ); if ( cookie.bv_val ) { struct berval tmp_bv; @@ -561,14 +563,16 @@ do_syncrep2( ber_bvarray_add( &syncCookie.octet_str, &tmp_bv); } if ( syncCookie.octet_str && - syncCookie.octet_str[0].bv_val ) + syncCookie.octet_str[0].bv_val ) + { slap_parse_sync_cookie( &syncCookie ); + } } if ( ber_peek_tag( ber, &len ) == LDAP_TAG_REFRESHDELETES ) { ber_scanf( ber, "b", &refreshDeletes ); } - ber_scanf( ber, "}" ); + ber_scanf( ber, /*"{"*/ "}" ); } if ( syncCookie_req.ctxcsn == NULL ) { match = -1; @@ -578,10 +582,12 @@ do_syncrep2( value_match( &match, slap_schema.si_ad_entryCSN, slap_schema.si_ad_entryCSN->ad_type->sat_ordering, SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX, - &syncCookie_req.ctxcsn[0], &syncCookie.ctxcsn[0], &text ); + &syncCookie_req.ctxcsn[0], &syncCookie.ctxcsn[0], + &text ); } - if ( syncCookie.octet_str && syncCookie.octet_str->bv_val - && match < 0 && err == LDAP_SUCCESS ) { + if ( syncCookie.octet_str && syncCookie.octet_str->bv_val && + match < 0 && err == LDAP_SUCCESS ) + { syncrepl_updateCookie( si, op, psub, &syncCookie ); } if ( rctrls ) { @@ -593,7 +599,8 @@ do_syncrep2( * 2) on err policy : stop service, stop sync, retry */ if ( refreshDeletes == 0 && match < 0 && - err == LDAP_SUCCESS ) { + err == LDAP_SUCCESS ) + { syncrepl_del_nonpresent( op, si ); } else { avl_free( si->si_presentlist, avl_ber_bvfree ); @@ -621,54 +628,60 @@ do_syncrep2( si_refreshDelete = 1; case LDAP_TAG_SYNC_REFRESH_PRESENT: si_refreshPresent = 1; - ber_scanf( ber, "t{", &tag ); + ber_scanf( ber, "t{" /*"}"*/, &tag ); if ( ber_peek_tag( ber, &len ) == LDAP_TAG_SYNC_COOKIE ) { ber_scanf( ber, "m", &cookie ); if ( cookie.bv_val ) { struct berval tmp_bv; ber_dupbv( &tmp_bv, &cookie ); - ber_bvarray_add( &syncCookie.octet_str, &tmp_bv); + ber_bvarray_add( &syncCookie.octet_str, + &tmp_bv); } if ( syncCookie.octet_str && - syncCookie.octet_str[0].bv_val ) + syncCookie.octet_str[0].bv_val ) + { slap_parse_sync_cookie( &syncCookie ); + } } if ( ber_peek_tag( ber, &len ) == - LDAP_TAG_REFRESHDONE ) + LDAP_TAG_REFRESHDONE ) { ber_scanf( ber, "b", &refreshDone ); } - ber_scanf( ber, "}" ); + ber_scanf( ber, /*"{"*/ "}" ); break; case LDAP_TAG_SYNC_ID_SET: - ber_scanf( ber, "t{", &tag ); + ber_scanf( ber, "t{" /*"}"*/, &tag ); if ( ber_peek_tag( ber, &len ) == - LDAP_TAG_SYNC_COOKIE ) { + LDAP_TAG_SYNC_COOKIE ) + { ber_scanf( ber, "m", &cookie ); if ( cookie.bv_val ) { struct berval tmp_bv; ber_dupbv( &tmp_bv, &cookie ); ber_bvarray_add( &syncCookie.octet_str, - &tmp_bv ); + &tmp_bv ); } if ( syncCookie.octet_str && - syncCookie.octet_str[0].bv_val ) + syncCookie.octet_str[0].bv_val ) + { slap_parse_sync_cookie( &syncCookie ); + } } if ( ber_peek_tag( ber, &len ) == - LDAP_TAG_REFRESHDELETES ) + LDAP_TAG_REFRESHDELETES ) { ber_scanf( ber, "b", &refreshDeletes ); } ber_scanf( ber, "[W]", &syncUUIDs ); - ber_scanf( ber, "}" ); + ber_scanf( ber, /*"{"*/ "}" ); for ( i = 0; syncUUIDs[i].bv_val; i++ ) { struct berval *syncuuid_bv; syncuuid_bv = ber_dupbv( NULL, &syncUUIDs[i] ); avl_insert( &si->si_presentlist, - (caddr_t) syncuuid_bv, - syncuuid_cmp, avl_dup_error ); + (caddr_t) syncuuid_bv, + syncuuid_cmp, avl_dup_error ); } ber_memfree_x( syncUUIDs, op->o_tmpmemctx ); break; @@ -699,8 +712,9 @@ do_syncrep2( &syncCookie.ctxcsn[0], &text ); } - if ( syncCookie.ctxcsn && syncCookie.ctxcsn[0].bv_val - && match < 0 ) { + if ( syncCookie.ctxcsn && syncCookie.ctxcsn[0].bv_val && + match < 0 ) + { syncrepl_updateCookie( si, op, psub, &syncCookie); } @@ -713,9 +727,10 @@ do_syncrep2( ldap_memfree( retoid ); ber_bvfree( retdata ); break; + } else { #ifdef NEW_LOGGING - LDAP_LOG( OPERATION, ERR,"do_syncrep2 :" + LDAP_LOG( OPERATION, ERR, "do_syncrep2 :" " unknown intermediate " "response\n", 0, 0, 0 ); #else @@ -728,6 +743,7 @@ do_syncrep2( break; } break; + default: #ifdef NEW_LOGGING LDAP_LOG( OPERATION, ERR, "do_syncrep2 : " @@ -950,8 +966,7 @@ syncrepl_message_to_entry( sl_free( ndn.bv_val, op->o_tmpmemctx ); sl_free( dn.bv_val, op->o_tmpmemctx ); - if ( syncstate == LDAP_SYNC_PRESENT || syncstate == LDAP_SYNC_DELETE ) - { + if ( syncstate == LDAP_SYNC_PRESENT || syncstate == LDAP_SYNC_DELETE ) { return LDAP_SUCCESS; } @@ -987,10 +1002,10 @@ syncrepl_message_to_entry( if ( *modlist == NULL ) { #ifdef NEW_LOGGING LDAP_LOG( OPERATION, ERR, - "syncrepl_message_to_entry: no attributes\n", 0, 0, 0 ); + "syncrepl_message_to_entry: no attributes\n", 0, 0, 0 ); #else Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_entry: no attributes\n", - 0, 0, 0 ); + 0, 0, 0 ); #endif } @@ -999,10 +1014,10 @@ syncrepl_message_to_entry( if ( rc != LDAP_SUCCESS ) { #ifdef NEW_LOGGING LDAP_LOG( OPERATION, ERR, - "syncrepl_message_to_entry: mods check (%s)\n", text, 0, 0 ); + "syncrepl_message_to_entry: mods check (%s)\n", text, 0, 0 ); #else Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_entry: mods check (%s)\n", - text, 0, 0 ); + text, 0, 0 ); #endif goto done; } @@ -1011,10 +1026,10 @@ syncrepl_message_to_entry( if( rc != LDAP_SUCCESS ) { #ifdef NEW_LOGGING LDAP_LOG( OPERATION, ERR, - "syncrepl_message_to_entry: mods2entry (%s)\n", text, 0, 0 ); + "syncrepl_message_to_entry: mods2entry (%s)\n", text, 0, 0 ); #else Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_entry: mods2entry (%s)\n", - text, 0, 0 ); + text, 0, 0 ); #endif } @@ -1036,8 +1051,7 @@ syncrepl_entry( Modifications* modlist, int syncstate, struct berval* syncUUID, - struct sync_cookie* syncCookie_req -) + struct sync_cookie* syncCookie_req ) { Backend *be = op->o_bd; slap_callback cb = { NULL }; @@ -1059,8 +1073,7 @@ syncrepl_entry( struct berval org_ndn = BER_BVNULL; int org_managedsait; - if (( syncstate == LDAP_SYNC_PRESENT || syncstate == LDAP_SYNC_ADD )) - { + if (( syncstate == LDAP_SYNC_PRESENT || syncstate == LDAP_SYNC_ADD )) { syncuuid_bv = ber_dupbv( NULL, syncUUID ); avl_insert( &si->si_presentlist, (caddr_t) syncuuid_bv, syncuuid_cmp, avl_dup_error ); @@ -1110,8 +1123,7 @@ syncrepl_entry( cb.sc_response = null_callback; cb.sc_private = si; - if ( rc == LDAP_SUCCESS && si->si_syncUUID_ndn.bv_val ) - { + if ( rc == LDAP_SUCCESS && si->si_syncUUID_ndn.bv_val ) { char *subseq_ptr; if ( syncstate != LDAP_SYNC_DELETE ) { @@ -1139,8 +1151,7 @@ syncrepl_entry( op->o_ndn = op->o_bd->be_rootndn; op->o_managedsait = 1; - while ( rs.sr_err == LDAP_SUCCESS && - op->o_delete_glue_parent ) { + while ( rs.sr_err == LDAP_SUCCESS && op->o_delete_glue_parent ) { op->o_delete_glue_parent = 0; if ( !be_issuffix( op->o_bd, &op->o_req_ndn )) { slap_callback cb = { NULL }; @@ -1292,8 +1303,7 @@ static struct berval gcbva[] = { static void syncrepl_del_nonpresent( Operation *op, - syncinfo_t *si -) + syncinfo_t *si ) { Backend* be = op->o_bd; slap_callback cb = { NULL }; @@ -1429,12 +1439,10 @@ syncrepl_del_nonpresent( return; } - void syncrepl_add_glue( Operation* op, - Entry *e -) + Entry *e ) { Backend *be = op->o_bd; slap_callback cb = { NULL }; @@ -1586,8 +1594,7 @@ syncrepl_updateCookie( syncinfo_t *si, Operation *op, struct berval *pdn, - struct sync_cookie *syncCookie -) + struct sync_cookie *syncCookie ) { Backend *be = op->o_bd; Modifications *ml; @@ -1656,7 +1663,7 @@ syncrepl_updateCookie( op->o_tag = LDAP_REQ_ADD; rc = slap_mods_opattrs( op, modlist, modtail, - &text,txtbuf, textlen ); + &text, txtbuf, textlen ); for ( ml = modlist; ml != NULL; ml = ml->sml_next ) { ml->sml_op = LDAP_MOD_REPLACE; @@ -1799,8 +1806,7 @@ syncrepl_isupdate( Operation *op ) int syncrepl_isupdate_dn( Backend* be, - struct berval* ndn -) + struct berval* ndn ) { syncinfo_t* si; int ret = 0; @@ -1818,8 +1824,7 @@ syncrepl_isupdate_dn( static int dn_callback( Operation* op, - SlapReply* rs -) + SlapReply* rs ) { syncinfo_t *si = op->o_callback->sc_private; @@ -1843,8 +1848,7 @@ dn_callback( static int nonpresent_callback( Operation* op, - SlapReply* rs -) + SlapReply* rs ) { syncinfo_t *si = op->o_callback->sc_private; Attribute *a; @@ -1950,12 +1954,8 @@ slap_uuidstr_from_normalized( unsigned char nibble; int i, d = 0; - if ( normalized == NULL ) - return NULL; - - if ( normalized->bv_len != 16 ) { - return NULL; - } + if ( normalized == NULL ) return NULL; + if ( normalized->bv_len != 16 ) return NULL; if ( uuidstr ) { new = uuidstr; @@ -1966,8 +1966,7 @@ slap_uuidstr_from_normalized( new->bv_len = 36; if (( new->bv_val = sl_malloc( new->bv_len + 1, ctx )) == NULL) { - if ( !uuidstr ) - sl_free( new, ctx ); + if ( !uuidstr ) sl_free( new, ctx ); return NULL; } @@ -1993,7 +1992,6 @@ slap_uuidstr_from_normalized( } new->bv_val[new->bv_len] = '\0'; - return new; } @@ -2010,11 +2008,9 @@ syncuuid_cmp( const void* v_uuid1, const void* v_uuid2 ) static void avl_ber_bvfree( void *bv ) { - if( bv == NULL ) { - return; - } + if( bv == NULL ) return; if ( ((struct berval *)bv)->bv_val != NULL ) { - ch_free ( ((struct berval *)bv)->bv_val ); + ch_free( ((struct berval *)bv)->bv_val ); } - ch_free ( (char *) bv ); + ch_free( (char *) bv ); }