Luke Howard [Fri, 27 Aug 2004 19:34:14 +0000 (19:34 +0000)]
Remove bogus SLAPI code path which special-cased modlist == NULL
This had the effect of setting the result code to LDAP_SUCCESS for modlist == NULL
even on a replica when an update-ref might be set. This was causing a plugin (that
implements the commit phase in a post-op plugin) to write to "read-only" replica.
Luke Howard [Fri, 27 Aug 2004 17:12:01 +0000 (17:12 +0000)]
Fix a SLAPI bug where slapd could crash if a preop plugin changed the mods
list and a subsequent plugin aborted the operation -- regardless of the
preop result the frontend must refetch the array of LDAPMods
Luke Howard [Thu, 26 Aug 2004 05:18:33 +0000 (05:18 +0000)]
backend_compute_output_attr() should use actual computed attribute type
returned by the plugin, rather than that requested by backend_attribute(),
for ACL checking.
They should of course be the same but this is the "correct" approach from
both a security and readability perspective
Sang Seok Lim [Thu, 26 Aug 2004 00:06:39 +0000 (00:06 +0000)]
This patch is for a component filter. please refer ITS#3260 for detail
and "implementing GSER and Component Matching" in ODD 2004.
All codes are #ifdef'd with LDAP_COMP_MATCH.
test031-component-filter works correctly only when the LDAP_COMP_MATCH macro is set.
To disable it, set AC_WITH_COMP_MATCH "no" in "openldap_src/tests/run.in".
Luke Howard [Wed, 25 Aug 2004 11:52:55 +0000 (11:52 +0000)]
This patch fixes some subtle interactions between SLAPI and syncrepl. Due to
SLAPI always assigning connection and operation IDs of zero for internal
operations, such operations would cause a stale contextCSN to be returned from
slap_get_commit_csn(). As a result, SLAPI internal updates would be invisible
to replicas until an external update was made. Also, SLAPI internal operations
never called slap_graduate_commit_csn() which leaked pending CSNs.
Also included in this patch is a general cleanup of some of the SLAPI code.
Note that we need to use a separate mutex on conn_nextid to avoid a deadlock
where a post-operation plugin tries to acquire connections_mutex, having locked
the per-connection mutex, while the listener thread tries to acquire the
per-connection mutex (having locked connections_mutex). connection.c needs to
be fixed to acquire mutexes in the same order.
more definitive improvements; now write operations are consistent; plugged some more leaks/invalid frees; tests are more complete. IBM db2 doesn't pass write test because the entries are written in a different order; need to write a script that sorts the results...
- proxy cache erroneously returns the filtering attributes
and the objectClass right after caching, even if not requested,
while subsequent searches are fine;
- the response callback needs be apended at the end of the
callback list, otherwise the resulting entries are cached
before other overlays can alter them
- the callback structure and its contents needs be freed
Jong Hyuk Choi [Fri, 20 Aug 2004 16:26:58 +0000 (16:26 +0000)]
attrs=*,+ becmoes the default behavior when attrs are not specified in syncrepl definition. When attrs are specified, operational attributes other than objectClass, structuralObjectClass, and entryCSN need to be explicitly specified to be included in the replication content.
allow to search for "auxiliary" objectClasses (i.e. those in ldap_entry_objclasses); allow to return all objectClasses including "auxiliary"; various cleanup
Howard Chu [Thu, 19 Aug 2004 23:39:45 +0000 (23:39 +0000)]
ITS#3289 - add SLAP_AT_DYNAMIC flag for dynamically generated attributes.
Set flag for hasSubordinates and subschemaSubentry. Strip dynamic attributes
before storing entries in syncrepl.