From: Pierangelo Masarati Date: Fri, 24 Jul 2009 22:00:53 +0000 (+0000) Subject: test whether the current entry matches the current uri filter (ITS#6077); also, don... X-Git-Tag: ACLCHECK_0~403 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=e9f1452624c7fc828d45ebc1f3cc6fcdf03991db;p=openldap test whether the current entry matches the current uri filter (ITS#6077); also, don't leak DN when adding a base fails --- diff --git a/servers/slapd/overlays/unique.c b/servers/slapd/overlays/unique.c index 2b784f5025..91c4464c0c 100644 --- a/servers/slapd/overlays/unique.c +++ b/servers/slapd/overlays/unique.c @@ -47,6 +47,7 @@ typedef struct unique_domain_uri_s { struct berval dn; struct berval ndn; struct berval filter; + Filter *f; struct unique_attrs_s *attrs; int scope; } unique_domain_uri; @@ -141,6 +142,7 @@ unique_free_domain_uri ( unique_domain_uri *uri ) ch_free ( uri->dn.bv_val ); ch_free ( uri->ndn.bv_val ); ch_free ( uri->filter.bv_val ); + filter_free( uri->f ); attr = uri->attrs; while ( attr ) { next_attr = attr->next; @@ -214,6 +216,13 @@ unique_new_domain_uri ( unique_domain_uri **urip, rc = ARG_BAD_CONF; goto exit; } + + if ( BER_BVISNULL( &be->be_rootndn ) || BER_BVISEMPTY( &be->be_rootndn ) ) { + Debug( LDAP_DEBUG_ANY, + "slapo-unique needs a rootdn; " + "backend <%s> has none, YMMV.\n", + be->be_nsuffix[0].bv_val, 0, 0 ); + } } attr_str = url_desc->lud_attrs; @@ -247,17 +256,16 @@ unique_new_domain_uri ( unique_domain_uri **urip, } if (url_desc->lud_filter) { - Filter *f = str2filter( url_desc->lud_filter ); + uri->f = str2filter( url_desc->lud_filter ); char *ptr; - if ( !f ) { + if ( !uri->f ) { snprintf( c->cr_msg, sizeof( c->cr_msg ), "unique: bad filter"); rc = ARG_BAD_CONF; goto exit; } /* make sure the strfilter is in normal form (ITS#5581) */ - filter2bv( f, &uri->filter ); - filter_free( f ); + filter2bv( uri->f, &uri->filter ); ptr = strstr( uri->filter.bv_val, "(?=" /*)*/ ); if ( ptr != NULL && ptr <= ( uri->filter.bv_val - STRLENOF( "(?=" /*)*/ ) + uri->filter.bv_len ) ) { @@ -459,6 +467,13 @@ unique_cf_base( ConfigArgs *c ) abort(); } + if ( rc ) { + ch_free( c->value_dn.bv_val ); + BER_BVZERO( &c->value_dn ); + ch_free( c->value_ndn.bv_val ); + BER_BVZERO( &c->value_ndn ); + } + return rc; } @@ -1071,6 +1086,17 @@ unique_add( && !dnIsSuffix( &op->o_req_ndn, &uri->ndn )) continue; + if ( uri->f ) { + if ( test_filter( NULL, op->ora_e, uri->f ) + == LDAP_COMPARE_FALSE ) + { + Debug( LDAP_DEBUG_TRACE, + "==> unique_add_skip<%s>\n", + op->o_req_dn.bv_val, 0, 0 ); + continue; + } + } + if(!(a = op->ora_e->e_attrs)) { op->o_bd->bd_info = (BackendInfo *) on->on_info; send_ldap_error(op, rs, LDAP_INVALID_SYNTAX, diff --git a/tests/scripts/test024-unique b/tests/scripts/test024-unique index 5b24d1b560..34ed826035 100755 --- a/tests/scripts/test024-unique +++ b/tests/scripts/test024-unique @@ -425,6 +425,7 @@ dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config changetype: modify add: olcUniqueURI olcUniqueURI: ldap:///?sn?sub?(cn=e*) +olcUniqueURI: ldap:///?uid?sub?(cn=edgar) - delete: olcUniqueURI olcUniqueURI: ldap:///?description?one @@ -445,6 +446,7 @@ objectClass: olcUniqueConfig olcOverlay: {0}unique olcUniqueURI: ldap:///?employeeNumber,displayName?sub olcUniqueURI: ldap:///?sn?sub?(cn=e*) +olcUniqueURI: ldap:///?uid?sub?(cn=edgar) EOF diff $TESTDIR/third-config.ldif $TESTDIR/third-reference.ldif > /dev/null 2>&1 @@ -473,6 +475,24 @@ if test $RC != 0 ; then exit -1 fi +echo "Adding a record unique in all domains because of filter conditions " +$LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \ + $TESTOUT 2>&1 << EOF +dn: uid=empty,ou=users,o=unique +objectClass: inetOrgPerson +uid: edgar +cn: empty +sn: empty +EOF + +RC=$? +if test $RC != 0 ; then + echo "spurious unique error ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 +fi + + echo "Adding a record unique in one domain, non-unique in the filtered domain..." $LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \