From 02153708a01b580c69e57e41da6243d165bd43c1 Mon Sep 17 00:00:00 2001 From: Pierangelo Masarati Date: Thu, 27 Dec 2001 12:17:54 +0000 Subject: [PATCH] conversion to berval DN --- servers/slapd/back-meta/add.c | 6 +- servers/slapd/back-meta/attribute.c | 11 +- servers/slapd/back-meta/back-meta.h | 44 +++--- servers/slapd/back-meta/bind.c | 64 ++++++--- servers/slapd/back-meta/candidates.c | 54 ++----- servers/slapd/back-meta/compare.c | 17 +-- servers/slapd/back-meta/config.c | 136 ++++++++++++------ servers/slapd/back-meta/conn.c | 46 +++--- servers/slapd/back-meta/data/meta-1.ldif | 6 +- servers/slapd/back-meta/data/meta-2.ldif | 6 +- servers/slapd/back-meta/data/meta-3.ldif | 10 +- servers/slapd/back-meta/data/setup.sh | 2 +- .../slapd/back-meta/data/slapd-ldap-raw.conf | 4 +- servers/slapd/back-meta/data/slapd-ldbm.conf | 12 +- .../back-meta/data/slapd-meta-plain.conf | 8 +- .../back-meta/data/slapd-meta-rewrite.conf | 32 ++--- servers/slapd/back-meta/delete.c | 18 +-- servers/slapd/back-meta/dncache.c | 33 +++-- servers/slapd/back-meta/group.c | 38 +++-- servers/slapd/back-meta/init.c | 18 ++- servers/slapd/back-meta/modify.c | 22 +-- servers/slapd/back-meta/modrdn.c | 34 +++-- servers/slapd/back-meta/search.c | 120 +++++++++------- 23 files changed, 428 insertions(+), 313 deletions(-) diff --git a/servers/slapd/back-meta/add.c b/servers/slapd/back-meta/add.c index f23c4bb154..f061f443c4 100644 --- a/servers/slapd/back-meta/add.c +++ b/servers/slapd/back-meta/add.c @@ -102,8 +102,10 @@ meta_back_add( * get the current connection */ lc = meta_back_getconn( li, conn, op, META_OP_REQUIRE_SINGLE, - e->e_ndn, &candidate ); - if ( !lc || !meta_back_dobind( lc, op ) ) { + &e->e_nname, &candidate ); + if ( !lc || !meta_back_dobind( lc, op ) || !meta_back_is_valid( lc, candidate ) ) { + send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, + NULL, NULL, NULL, NULL ); return -1; } diff --git a/servers/slapd/back-meta/attribute.c b/servers/slapd/back-meta/attribute.c index 8d6e64677a..441f0d0e84 100644 --- a/servers/slapd/back-meta/attribute.c +++ b/servers/slapd/back-meta/attribute.c @@ -89,7 +89,7 @@ meta_back_attribute( Connection *conn, Operation *op, Entry *target, - const char *ndn, + struct berval *ndn, AttributeDescription *entry_at, struct berval ***vals ) @@ -104,7 +104,7 @@ meta_back_attribute( LDAP *ld; *vals = NULL; - if ( target != NULL && strcmp( target->e_ndn, ndn ) == 0 ) { + if ( target != NULL && strcmp( target->e_ndn, ndn->bv_val ) == 0 ) { /* we already have a copy of the entry */ /* attribute and objectclass mapping has already been done */ attr = attr_find( target->e_attrs, entry_at ); @@ -147,15 +147,16 @@ meta_back_attribute( return 1; } - rc = ldap_bind_s( ld, li->targets[ candidate ]->binddn, - li->targets[ candidate ]->bindpw, LDAP_AUTH_SIMPLE ); + rc = ldap_bind_s( ld, li->targets[ candidate ]->binddn->bv_val, + li->targets[ candidate ]->bindpw->bv_val, LDAP_AUTH_SIMPLE ); if ( rc != LDAP_SUCCESS) { return 1; } gattr[ 0 ] = mapped; gattr[ 1 ] = NULL; - if ( ldap_search_ext_s( ld, ndn, LDAP_SCOPE_BASE, "(objectclass=*)", + if ( ldap_search_ext_s( ld, ndn->bv_val, LDAP_SCOPE_BASE, + "(objectclass=*)", gattr, 0, NULL, NULL, LDAP_NO_LIMIT, LDAP_NO_LIMIT, &result) == LDAP_SUCCESS) { if ( ( e = ldap_first_entry( ld, result ) ) != NULL ) { diff --git a/servers/slapd/back-meta/back-meta.h b/servers/slapd/back-meta/back-meta.h index 212425e546..0c99d1e4f5 100644 --- a/servers/slapd/back-meta/back-meta.h +++ b/servers/slapd/back-meta/back-meta.h @@ -89,7 +89,7 @@ struct metasingleconn { #define META_CANDIDATE 1 LDAP *ld; - char *bound_dn; + struct berval *bound_dn; int bound; #define META_UNBOUND 0 #define META_BOUND 1 @@ -113,12 +113,13 @@ struct metaconn { struct metatarget { char *uri; - char *suffix;/* normalized suffix */ - char *binddn; - char *bindpw; + struct berval *psuffix; /* pretty suffix */ + struct berval *suffix; /* normalized suffix */ + struct berval *binddn; + struct berval *bindpw; - char *pseudorootdn; - char *pseudorootpw; + struct berval *pseudorootdn; + struct berval *pseudorootpw; struct rewrite_info *rwinfo; @@ -151,9 +152,9 @@ extern int meta_back_do_single_bind( struct metainfo *li, struct metaconn *lc, - const char *dn, - const char *ndn, - const char *cred, + struct berval *dn, + struct berval *ndn, + struct berval *cred, int method, int candidate ); @@ -168,7 +169,7 @@ meta_back_getconn( struct slap_conn *conn, struct slap_op *op, int op_type, - const char *dn, + struct berval *dn, int *candidate ); @@ -178,6 +179,12 @@ meta_back_dobind( Operation *op ); +extern int +meta_back_is_valid( + struct metaconn *lc, + int candidate +); + extern int meta_back_op_result( struct metaconn *lc, @@ -207,27 +214,26 @@ meta_back_conn_dup( */ extern int meta_back_is_candidate( - const char *nsuffix, - const char *ndn, - int ndnlen + struct berval *nsuffix, + struct berval *ndn ); extern int meta_back_count_candidates( struct metainfo *li, - const char *ndn + struct berval *ndn ); extern int meta_back_is_candidate_unique( struct metainfo *li, - const char *ndn + struct berval *ndn ); extern int meta_back_select_unique_candidate( struct metainfo *li, - const char *ndn + struct berval *ndn ); extern int @@ -262,20 +268,20 @@ meta_dncache_dup( extern int meta_dncache_get_target( struct metadncache *cache, - const char *ndn + struct berval *ndn ); extern int meta_dncache_update_entry( struct metadncache *cache, - const char *ndn, + struct berval *ndn, int target ); extern int meta_dncache_delete_entry( struct metadncache *cache, - const char *ndn + struct berval *ndn ); extern void diff --git a/servers/slapd/back-meta/bind.c b/servers/slapd/back-meta/bind.c index 86fbf7e116..4551173ddd 100644 --- a/servers/slapd/back-meta/bind.c +++ b/servers/slapd/back-meta/bind.c @@ -96,9 +96,9 @@ meta_back_bind( int op_type = META_OP_ALLOW_MULTIPLE; int err = LDAP_SUCCESS; - char *realdn = (char *)dn->bv_val; - char *realndn = (char *)ndn->bv_val; - char *realcred = cred->bv_val; + struct berval *realdn = dn; + struct berval *realndn = ndn; + struct berval *realcred = cred; int realmethod = method; #ifdef NEW_LOGGING @@ -114,7 +114,7 @@ meta_back_bind( ber_dupbv( edn, be_root_dn( be ) ); op_type = META_OP_REQUIRE_ALL; } - lc = meta_back_getconn( li, conn, op, op_type, ndn->bv_val, NULL ); + lc = meta_back_getconn( li, conn, op, op_type, ndn, NULL ); if ( !lc ) { #ifdef NEW_LOGGING LDAP_LOG(( "backend", LDAP_LEVEL_NOTICE, @@ -214,9 +214,9 @@ int meta_back_do_single_bind( struct metainfo *li, struct metaconn *lc, - const char *dn, - const char *ndn, - const char *cred, + struct berval *dn, + struct berval *ndn, + struct berval *cred, int method, int candidate ) @@ -228,18 +228,18 @@ meta_back_do_single_bind( * Rewrite the bind dn if needed */ switch ( rewrite_session( li->targets[ candidate ]->rwinfo, - "bindDn", dn, lc->conn, &mdn ) ) { + "bindDn", dn->bv_val, lc->conn, &mdn ) ) { case REWRITE_REGEXEC_OK: if ( mdn == NULL ) { - mdn = ( char * )dn; + mdn = ( char * )dn->bv_val; } #ifdef NEW_LOGGING LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1, - "[rw] bindDn: \"%s\" -> \"%s\"\n", dn, mdn )); + "[rw] bindDn: \"%s\" -> \"%s\"\n", dn->bv_val, mdn )); #else /* !NEW_LOGGING */ Debug( LDAP_DEBUG_ARGS, "rw> bindDn: \"%s\" -> \"%s\"\n%s", - dn, mdn, "" ); + dn->bv_val, mdn, "" ); #endif /* !NEW_LOGGING */ break; @@ -250,22 +250,22 @@ meta_back_do_single_bind( return LDAP_OPERATIONS_ERROR; } - rc = ldap_bind_s( lc->conns[ candidate ]->ld, mdn, cred, method ); + rc = ldap_bind_s( lc->conns[ candidate ]->ld, mdn, cred->bv_val, method ); if ( rc != LDAP_SUCCESS ) { rc = ldap_back_map_result( rc ); } else { - lc->conns[ candidate ]->bound_dn = ch_strdup( dn ); + lc->conns[ candidate ]->bound_dn = ber_bvdup( dn ); lc->conns[ candidate ]->bound = META_BOUND; lc->bound_target = candidate; if ( li->cache.ttl != META_DNCACHE_DISABLED - && ndn[ 0 ] != '\0' ) { + && ndn->bv_len != 0 ) { ( void )meta_dncache_update_entry( &li->cache, - ch_strdup( ndn ), candidate ); + ber_bvdup( ndn ), candidate ); } } - if ( mdn != dn ) { + if ( mdn != dn->bv_val ) { free( mdn ); } @@ -311,7 +311,7 @@ meta_back_dobind( struct metaconn *lc, Operation *op ) * (note: if the target was already bound, the anonymous * bind clears the previous bind). */ - rc = ldap_bind_s( lsc[ 0 ]->ld, lsc[ 0 ]->bound_dn, + rc = ldap_bind_s( lsc[ 0 ]->ld, lsc[ 0 ]->bound_dn->bv_val, NULL, LDAP_AUTH_SIMPLE ); if ( rc != LDAP_SUCCESS ) { @@ -320,14 +320,14 @@ meta_back_dobind( struct metaconn *lc, Operation *op ) "meta_back_dobind: (anonymous)" " bind as \"%s\" failed" " with error \"%s\"\n", - lsc[ 0 ]->bound_dn, + lsc[ 0 ]->bound_dn->bv_val, ldap_err2string( rc ) )); #else /* !NEW_LOGGING */ Debug( LDAP_DEBUG_ANY, "==>meta_back_dobind: (anonymous)" " bind as \"%s\" failed" " with error \"%s\"\n%s", - lsc[ 0 ]->bound_dn, + lsc[ 0 ]->bound_dn->bv_val, ldap_err2string( rc ), "" ); #endif /* !NEW_LOGGING */ @@ -349,6 +349,32 @@ meta_back_dobind( struct metaconn *lc, Operation *op ) return( bound > 0 ); } +/* + * + */ +int +meta_back_is_valid( struct metaconn *lc, int candidate ) +{ + struct metasingleconn **lsc; + int i; + + assert( lc ); + + if ( candidate < 0 ) { + return 0; + } + + for ( i = 0, lsc = lc->conns; + lsc[ 0 ] != NULL && i < candidate; + ++i, ++lsc ); + + if ( lsc[ 0 ] ) { + return( lsc[ 0 ]->ld != NULL ); + } + + return 0; +} + /* * FIXME: error return must be handled in a cleaner way ... */ diff --git a/servers/slapd/back-meta/candidates.c b/servers/slapd/back-meta/candidates.c index ee2bf0171f..330f5b8746 100644 --- a/servers/slapd/back-meta/candidates.c +++ b/servers/slapd/back-meta/candidates.c @@ -101,43 +101,14 @@ */ int meta_back_is_candidate( - const char *nsuffix, - const char *ndn, - int ndnlen + struct berval *nsuffix, + struct berval *ndn ) { - int len = strlen( nsuffix ); - - if ( len > ndnlen ) { + if ( dnIsSuffix( nsuffix, ndn ) || dnIsSuffix( ndn, nsuffix ) ) { /* * suffix longer than dn */ - if ( ! DN_SEPARATOR( nsuffix[ ( len - ndnlen ) - 1 ] ) ) { - /* - * not a separator begins the possible common part - */ - return META_NOT_CANDIDATE; - } - - if ( strcmp( &nsuffix[ len - ndnlen ] , ndn ) == 0 ) { - /* - * Got it! - */ - return META_CANDIDATE; - } - } - - if ( len < ndnlen && ! DN_SEPARATOR( ndn[ ( ndnlen - len ) - 1 ] ) ) { - /* - * not a separator begins the possible common part - */ - return META_NOT_CANDIDATE; - } - - if ( strcmp( nsuffix, &ndn[ ndnlen - len ] ) == 0 ) { - /* - * Got it! - */ return META_CANDIDATE; } @@ -154,10 +125,10 @@ meta_back_is_candidate( int meta_back_count_candidates( struct metainfo *li, - const char *ndn + struct berval *ndn ) { - int i, cnt = 0, ndnlen = strlen( ndn ); + int i, cnt = 0; /* * I know assertions should not check run-time values; @@ -168,8 +139,7 @@ meta_back_count_candidates( assert( li->ntargets != 0 ); for ( i = 0; i < li->ntargets; ++i ) { - if ( meta_back_is_candidate( li->targets[ i ]->suffix, - ndn, ndnlen ) ) { + if ( meta_back_is_candidate( li->targets[ i ]->suffix, ndn ) ) { ++cnt; } } @@ -186,7 +156,7 @@ meta_back_count_candidates( int meta_back_is_candidate_unique( struct metainfo *li, - const char *ndn + struct berval *ndn ) { return ( meta_back_count_candidates( li, ndn ) == 1 ); @@ -202,10 +172,10 @@ meta_back_is_candidate_unique( int meta_back_select_unique_candidate( struct metainfo *li, - const char *ndn + struct berval *ndn ) { - int i, ndnlen; + int i; switch ( meta_back_count_candidates( li, ndn ) ) { case 1: @@ -216,10 +186,8 @@ meta_back_select_unique_candidate( ? -1 : li->defaulttarget ); } - ndnlen = strlen( ndn ); for ( i = 0; i < li->ntargets; ++i ) { - if ( meta_back_is_candidate( li->targets[ i ]->suffix, - ndn, ndnlen ) ) { + if ( meta_back_is_candidate( li->targets[ i ]->suffix, ndn ) ) { return i; } } @@ -275,7 +243,7 @@ meta_clear_one_candidate( } if ( lsc->bound_dn != NULL ) { - free( lsc->bound_dn ); + ber_bvfree( lsc->bound_dn ); lsc->bound_dn = NULL; } diff --git a/servers/slapd/back-meta/compare.c b/servers/slapd/back-meta/compare.c index 192a61e7f3..fd009c57dc 100644 --- a/servers/slapd/back-meta/compare.c +++ b/servers/slapd/back-meta/compare.c @@ -80,8 +80,8 @@ meta_back_compare( Backend *be, Connection *conn, Operation *op, - const char *dn, - const char *ndn, + struct berval *dn, + struct berval *ndn, AttributeAssertion *ava ) { @@ -120,19 +120,20 @@ meta_back_compare( * Rewrite the compare dn, if needed */ switch ( rewrite_session( li->targets[ i ]->rwinfo, - "compareDn", dn, conn, &mdn ) ) { + "compareDn", + dn->bv_val, conn, &mdn ) ) { case REWRITE_REGEXEC_OK: if ( mdn == NULL ) { - mdn = ( char * )dn; + mdn = ( char * )dn->bv_val; } #ifdef NEW_LOGGING LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1, "[rw] compareDn: \"%s\" -> \"%s\"\n", - dn, mdn )); + dn->bv_val, mdn )); #else /* !NEW_LOGGING */ Debug( LDAP_DEBUG_ARGS, "rw> compareDn: \"%s\" -> \"%s\"\n%s", - dn, mdn, "" ); + dn->bv_val, mdn, "" ); #endif /* !NEW_LOGGING */ break; @@ -185,7 +186,7 @@ meta_back_compare( continue; } - if ( mdn != dn ) { + if ( mdn != dn->bv_val ) { free( mdn ); } if ( mapped_attr != ava->aa_desc->ad_cname.bv_val ) { @@ -243,7 +244,7 @@ meta_back_compare( * sending to cache ... */ if ( li->cache.ttl != META_DNCACHE_DISABLED ) { - ( void )meta_dncache_update_entry( &li->cache, ch_strdup( ndn ), i ); + ( void )meta_dncache_update_entry( &li->cache, ber_bvdup( ndn ), i ); } count++; diff --git a/servers/slapd/back-meta/config.c b/servers/slapd/back-meta/config.c index 0cc797f7bf..a21c8d56c9 100644 --- a/servers/slapd/back-meta/config.c +++ b/servers/slapd/back-meta/config.c @@ -137,12 +137,14 @@ meta_back_db_config( /* URI of server to query */ if ( strcasecmp( argv[ 0 ], "uri" ) == 0 ) { - int i = li->ntargets; + int i = li->ntargets; #if 0 - int j; + int j; #endif /* uncomment if uri MUST be a branch of suffix */ - LDAPURLDesc *ludp; - char *last; + LDAPURLDesc *ludp; + char *last; + struct berval dn, *pdn = NULL, *ndn = NULL; + int rc; if ( argc != 2 ) { fprintf( stderr, @@ -197,17 +199,33 @@ meta_back_db_config( /* * copies and stores uri and suffix */ - li->targets[ i ]->suffix = ch_strdup( ludp->lud_dn ); + dn.bv_val = ludp->lud_dn; + dn.bv_len = strlen( ludp->lud_dn ); + + rc = dnPretty( NULL, &dn, &pdn ); + if( rc != LDAP_SUCCESS ) { + fprintf( stderr, "%s: line %d: " + "target '%s' DN is invalid\n", + fname, lineno, argv[ 1 ] ); + return( 1 ); + } + + rc = dnNormalize( NULL, &dn, &ndn ); + if( rc != LDAP_SUCCESS ) { + fprintf( stderr, "%s: line %d: " + "target '%s' DN is invalid\n", + fname, lineno, argv[ 1 ] ); + ber_bvfree( ndn ); + return( 1 ); + } + + li->targets[ i ]->psuffix = pdn; + li->targets[ i ]->suffix = ndn; + li->targets[ i ]->uri = ch_strdup( argv[ 1 ] ); - last = strstr( li->targets[ i ]->uri, - li->targets[ i ]->suffix ); + last = strstr( li->targets[ i ]->uri, ludp->lud_dn ); assert( last != NULL ); - last[ 0 ] = '\0'; /* wasting memory ... */ - - /* - * Need to store the suffix in normalized form - */ - (void) dn_normalize( li->targets[ i ]->suffix ); + last[ 0 ] = '\0'; /* * uri MUST be a branch of suffix! @@ -241,8 +259,8 @@ meta_back_db_config( * or worked out, at least, in some manner */ for ( j = 0; j < i-1; j++ ) { - if ( strcmp( li->targets[ i ]->suffix, - li->targets[ j ]->suffix ) == 0 ) { + if ( strcmp( li->targets[ i ]->suffix->bv_val, + li->targets[ j ]->suffix->bv_val ) == 0 ) { fprintf( stderr, "%s: line %d: naming context \"%s\" already used" " in \"uri ://[:port]/\" line\n", @@ -254,21 +272,13 @@ meta_back_db_config( ldap_free_urldesc( ludp ); -#ifdef NEW_LOGGING - LDAP_LOG(( "config", LDAP_LEVEL_INFO, - "meta_back_db_config:" - " URI \"%s\", suffix \"%s\"\n", - li->targets[ i ]->uri, - li->targets[ i ]->suffix )); -#else /* !NEW_LOGGING */ - Debug( LDAP_DEBUG_CONFIG, - "==>meta_back_db_config: URI \"%s\", suffix \"%s\"\n%s", - li->targets[ i ]->uri, li->targets[ i ]->suffix, "" ); -#endif /* !NEW_LOGGING */ + fprintf(stderr, "%s: line %d: URI \"%s\", suffix \"%s\"\n", + fname, lineno, li->targets[ i ]->uri, + li->targets[ i ]->psuffix->bv_val ); /* default target directive */ } else if ( strcasecmp( argv[ 0 ], "default-target" ) == 0 ) { - int i = li->ntargets-1; + int i = li->ntargets-1; if ( argc == 1 ) { if ( i < 0 ) { @@ -319,7 +329,8 @@ meta_back_db_config( /* name to use for meta_back_group */ } else if ( strcasecmp( argv[ 0 ], "binddn" ) == 0 ) { - int i = li->ntargets-1; + int i = li->ntargets-1; + struct berval dn, *ndn = NULL; if ( i < 0 ) { fprintf( stderr, @@ -333,11 +344,21 @@ meta_back_db_config( fname, lineno ); return 1; } - li->targets[ i ]->binddn = ch_strdup( argv[ 1 ] ); + + dn.bv_val = argv[ 1 ]; + dn.bv_len = strlen( argv[ 1 ] ); + if ( dnNormalize( NULL, &dn, &ndn ) != LDAP_SUCCESS ) { + fprintf( stderr, "%s: line %d: " + "bind DN '%s' is invalid\n", + fname, lineno, argv[ 1 ] ); + return( 1 ); + } + + li->targets[ i ]->binddn = ndn; /* password to use for meta_back_group */ } else if ( strcasecmp( argv[ 0 ], "bindpw" ) == 0 ) { - int i = li->ntargets-1; + int i = li->ntargets-1; if ( i < 0 ) { fprintf( stderr, @@ -351,11 +372,12 @@ meta_back_db_config( fname, lineno ); return 1; } - li->targets[ i ]->bindpw = ch_strdup( argv[ 1 ] ); + li->targets[ i ]->bindpw = ber_bvstrdup( argv[ 1 ] ); /* name to use as pseudo-root dn */ } else if ( strcasecmp( argv[ 0 ], "pseudorootdn" ) == 0 ) { - int i = li->ntargets-1; + int i = li->ntargets-1; + struct berval dn, *ndn = NULL; if ( i < 0 ) { fprintf( stderr, @@ -369,11 +391,21 @@ meta_back_db_config( fname, lineno ); return 1; } - li->targets[ i ]->pseudorootdn = ch_strdup( argv[ 1 ] ); + + dn.bv_val = argv[ 1 ]; + dn.bv_len = strlen( argv[ 1 ] ); + if ( dnNormalize( NULL, &dn, &ndn ) != LDAP_SUCCESS ) { + fprintf( stderr, "%s: line %d: " + "pseudoroot DN '%s' is invalid\n", + fname, lineno, argv[ 1 ] ); + return( 1 ); + } + + li->targets[ i ]->pseudorootdn = ndn; /* password to use as pseudo-root */ } else if ( strcasecmp( argv[ 0 ], "pseudorootpw" ) == 0 ) { - int i = li->ntargets-1; + int i = li->ntargets-1; if ( i < 0 ) { fprintf( stderr, @@ -387,12 +419,13 @@ meta_back_db_config( fname, lineno ); return 1; } - li->targets[ i ]->pseudorootpw = ch_strdup( argv[ 1 ] ); + li->targets[ i ]->pseudorootpw = ber_bvstrdup( argv[ 1 ] ); /* dn massaging */ } else if ( strcasecmp( argv[ 0 ], "suffixmassage" ) == 0 ) { - BackendDB *tmp_be; - int i = li->ntargets-1; + BackendDB *tmp_be; + int i = li->ntargets-1; + struct berval dn, *ndn = NULL; if ( i < 0 ) { fprintf( stderr, @@ -418,8 +451,18 @@ meta_back_db_config( fname, lineno ); return 1; } + + dn.bv_val = argv[ 1 ]; + dn.bv_len = strlen( argv[ 1 ] ); + if ( dnNormalize( NULL, &dn, &ndn ) != LDAP_SUCCESS ) { + fprintf( stderr, "%s: line %d: " + "suffix '%s' is invalid\n", + fname, lineno, argv[ 1 ] ); + return 1; + } - tmp_be = select_backend( argv[ 1 ], 0, 0 ); + tmp_be = select_backend( ndn, 0, 0 ); + ber_bvfree( ndn ); if ( tmp_be != NULL && tmp_be != be ) { fprintf( stderr, "%s: line %d: suffix already in use by another backend in" @@ -428,7 +471,18 @@ meta_back_db_config( return 1; } - tmp_be = select_backend( argv[ 2 ], 0, 0 ); + dn.bv_val = argv[ 2 ]; + dn.bv_len = strlen( argv[ 2 ] ); + ndn = NULL; + if ( dnNormalize( NULL, &dn, &ndn ) != LDAP_SUCCESS ) { + fprintf( stderr, "%s: line %d: " + "massaged suffix '%s' is invalid\n", + fname, lineno, argv[ 2 ] ); + return 1; + } + + tmp_be = select_backend( ndn, 0, 0 ); + ber_bvfree( ndn ); if ( tmp_be != NULL ) { fprintf( stderr, "%s: line %d: massaged suffix already in use by another backend in" @@ -448,7 +502,7 @@ meta_back_db_config( /* rewrite stuff ... */ } else if ( strncasecmp( argv[ 0 ], "rewrite", 7 ) == 0 ) { - int i = li->ntargets-1; + int i = li->ntargets-1; if ( i < 0 ) { fprintf( stderr, @@ -464,7 +518,7 @@ meta_back_db_config( struct ldapmap *map; struct ldapmapping *mapping; char *src, *dst; - int i = li->ntargets-1; + int i = li->ntargets-1; if ( i < 0 ) { fprintf( stderr, diff --git a/servers/slapd/back-meta/conn.c b/servers/slapd/back-meta/conn.c index e703f57698..e2d814ace6 100644 --- a/servers/slapd/back-meta/conn.c +++ b/servers/slapd/back-meta/conn.c @@ -275,26 +275,27 @@ init_one_conn( /* * If the connection dn is not null, an attempt to rewrite it is made */ - if ( conn->c_cdn != NULL && conn->c_cdn[ 0 ] != '\0' ) { + if ( conn->c_cdn != 0 ) { + char *mdn = NULL; + /* * Rewrite the bind dn if needed */ lsc->bound_dn = NULL; switch ( rewrite_session( lt->rwinfo, "bindDn", - conn->c_cdn, conn, - &lsc->bound_dn ) ) { + conn->c_cdn, conn, &mdn ) ) { case REWRITE_REGEXEC_OK: - if ( lsc->bound_dn == NULL ) { - lsc->bound_dn = ch_strdup( conn->c_cdn ); + if ( mdn == NULL ) { + lsc->bound_dn = ber_bvstrdup( conn->c_cdn ); } #ifdef NEW_LOGGING LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1, "[rw] bindDn: \"%s\" -> \"%s\"\n", - conn->c_cdn, lsc->bound_dn )); + conn->c_cdn, lsc->bound_dn->bv_val )); #else /* !NEW_LOGGING */ Debug( LDAP_DEBUG_ARGS, - "rw> bindDn: \"%s\" -> \"%s\"\n%s", - conn->c_cdn, lsc->bound_dn, "" ); + "rw> bindDn: \"%s\" -> \"%s\"\n", + conn->c_cdn, lsc->bound_dn->bv_val, 0 ); #endif /* !NEW_LOGGING */ break; @@ -312,8 +313,15 @@ init_one_conn( NULL, NULL ); return LDAP_OPERATIONS_ERROR; } + + if ( mdn ) { + lsc->bound_dn = ber_bvstr( mdn ); + } else { + lsc->bound_dn = ber_bvstrdup( "" ); + } + } else { - lsc->bound_dn = NULL; + lsc->bound_dn = ber_bvstrdup( "" ); } lsc->bound = META_UNBOUND; @@ -340,12 +348,11 @@ init_one_conn( struct metaconn * meta_back_getconn( struct metainfo *li, - Connection *conn, - Operation *op, - int op_type, - const char *ndn, - int *candidate - ) + Connection *conn, + Operation *op, + int op_type, + struct berval *ndn, + int *candidate ) { struct metaconn *lc, lc_curr; int vers, cached = -1, i = -1, err = LDAP_SUCCESS; @@ -401,11 +408,12 @@ meta_back_getconn( #ifdef NEW_LOGGING LDAP_LOG(( "backend", LDAP_LEVEL_INFO, "meta_back_getconn: got target %d" - " for ndn=\"%s\" from cache\n", i, ndn )); + " for ndn=\"%s\" from cache\n", + i, ndn->bv_val )); #else /* !NEW_LOGGING */ Debug( LDAP_DEBUG_CACHE, "==>meta_back_getconn: got target %d for ndn=\"%s\" from cache\n%s", - i, ndn, "" ); + i, ndn->bv_val, "" ); #endif /* !NEW_LOGGING */ /* @@ -467,11 +475,9 @@ meta_back_getconn( * if no unique candidate ... */ } else { - int ndnlen = strlen( ndn ); for ( i = 0; i < li->ntargets; i++ ) { if ( i == cached - || meta_back_is_candidate( li->targets[ i ]->suffix, - ndn, ndnlen ) ) { + || meta_back_is_candidate( li->targets[ i ]->suffix, ndn ) ) { /* * The target is activated; if needed, it is diff --git a/servers/slapd/back-meta/data/meta-1.ldif b/servers/slapd/back-meta/data/meta-1.ldif index 1f904653df..23c9b53fd5 100644 --- a/servers/slapd/back-meta/data/meta-1.ldif +++ b/servers/slapd/back-meta/data/meta-1.ldif @@ -1,7 +1,9 @@ -dn: ou=People, dc=foo, dc=example, dc=com +dn: ou=People,dc=foo,dc=example,dc=com objectClass: top +objectClass: organizationalUnit +ou: People -dn: cn=Ando, ou=People, dc=foo, dc=example, dc=com +dn: cn=Ando,ou=People,dc=foo,dc=example,dc=com objectClass: top objectClass: person cn: Ando diff --git a/servers/slapd/back-meta/data/meta-2.ldif b/servers/slapd/back-meta/data/meta-2.ldif index 7c717eeea7..5c33b76c5f 100644 --- a/servers/slapd/back-meta/data/meta-2.ldif +++ b/servers/slapd/back-meta/data/meta-2.ldif @@ -1,7 +1,9 @@ -dn: ou=People, dc=bar, dc=example, dc=com +dn: ou=People,dc=bar,dc=example,dc=com objectClass: top +objectClass: organizationalUnit +ou: People -dn: cn=Ando, ou=People, dc=bar, dc=example, dc=com +dn: cn=Ando,ou=People,dc=bar,dc=example,dc=com objectClass: top objectClass: person cn: Ando diff --git a/servers/slapd/back-meta/data/meta-3.ldif b/servers/slapd/back-meta/data/meta-3.ldif index 1786b24f01..7a6668ea83 100644 --- a/servers/slapd/back-meta/data/meta-3.ldif +++ b/servers/slapd/back-meta/data/meta-3.ldif @@ -1,11 +1,13 @@ -dn: ou=Groups, dc=bar, dc=example, dc=com +dn: ou=Groups,dc=bar,dc=example,dc=com objectClass: top +objectClass: organizationalUnit +ou: Groups -dn: cn=Users, ou=Groups, dc=bar, dc=example, dc=com +dn: cn=Users,ou=Groups,dc=bar,dc=example,dc=com objectClass: top objectClass: groupOfNames objectClass: simpleSecurityObject cn: Users -member: cn=Users, ou=Groups, dc=bar, dc=example, dc=com -member: cn=Ando, ou=People, dc=bar, dc=example, dc=com +member: cn=Users,ou=Groups,dc=bar,dc=example,dc=com +member: cn=Ando,ou=People,dc=bar,dc=example,dc=com userPassword: users diff --git a/servers/slapd/back-meta/data/setup.sh b/servers/slapd/back-meta/data/setup.sh index 401001bf3d..178644a55c 100644 --- a/servers/slapd/back-meta/data/setup.sh +++ b/servers/slapd/back-meta/data/setup.sh @@ -27,7 +27,7 @@ ln -s "$SRCDIR/libraries/liblunicode" ucdata for i in 1 2 3 ; do echo "Feeding directory $i" mkdir -p "$METADBDIR/$i" - $SLAPADD -f $ADDCONF -n $i -l meta-$i.ldif + $SLAPADD -f $ADDCONF -n `expr $i + 1` -l meta-$i.ldif done echo "" diff --git a/servers/slapd/back-meta/data/slapd-ldap-raw.conf b/servers/slapd/back-meta/data/slapd-ldap-raw.conf index d83decac05..856412ef18 100644 --- a/servers/slapd/back-meta/data/slapd-ldap-raw.conf +++ b/servers/slapd/back-meta/data/slapd-ldap-raw.conf @@ -4,8 +4,8 @@ database ldap uri "ldap://localhost:@PORT@/" -suffix "o=FB, c=US" -suffixmassage "o=FB, c=US" "ou=Groups, dc=bar, dc=example, dc=com" +suffix "o=FB,c=US" +suffixmassage "o=FB,c=US" "ou=Groups,dc=bar,dc=example,dc=com" lastmod off access to dn.regex="[^,]+,o=FB,c=US" attr=cn diff --git a/servers/slapd/back-meta/data/slapd-ldbm.conf b/servers/slapd/back-meta/data/slapd-ldbm.conf index 8ca31453ab..6b6c17a481 100644 --- a/servers/slapd/back-meta/data/slapd-ldbm.conf +++ b/servers/slapd/back-meta/data/slapd-ldbm.conf @@ -7,23 +7,23 @@ ####################################################################### database ldbm -suffix "ou=People, dc=foo, dc=example, dc=com" -rootdn "cn=Root, ou=People, dc=foo, dc=example, dc=com" +suffix "ou=People,dc=foo,dc=example,dc=com" +rootdn "cn=Root,ou=People,dc=foo,dc=example,dc=com" rootpw ldap directory ./meta-db/1 lastmod on index objectClass pres,eq database ldbm -suffix "ou=People, dc=bar, dc=example, dc=com" -rootdn "cn=Root, ou=People, dc=bar, dc=example, dc=com" +suffix "ou=People,dc=bar,dc=example,dc=com" +rootdn "cn=Root,ou=People,dc=bar,dc=example,dc=com" rootpw ldap directory ./meta-db/2 index objectClass pres,eq database ldbm -suffix "ou=Groups, dc=bar, dc=example, dc=com" -rootdn "cn=Root, ou=Groups, dc=bar, dc=example, dc=com" +suffix "ou=Groups,dc=bar,dc=example,dc=com" +rootdn "cn=Root,ou=Groups,dc=bar,dc=example,dc=com" rootpw ldap directory ./meta-db/3 index objectClass pres,eq diff --git a/servers/slapd/back-meta/data/slapd-meta-plain.conf b/servers/slapd/back-meta/data/slapd-meta-plain.conf index 9e242d68de..78b6cd90ee 100644 --- a/servers/slapd/back-meta/data/slapd-meta-plain.conf +++ b/servers/slapd/back-meta/data/slapd-meta-plain.conf @@ -35,9 +35,9 @@ include ./slapd-ldap.conf ####################################################################### database meta -suffix "dc=example, dc=com" +suffix "dc=example,dc=com" dncache-ttl forever -uri "ldap://localhost:@PORT@/ou=People, dc=foo, dc=example, dc=com" -uri "ldap://localhost:@PORT@/ou=People, dc=bar, dc=example, dc=com" -uri "ldap://localhost:@PORT@/ou=Groups, dc=bar, dc=example, dc=com" +uri "ldap://localhost:@PORT@/ou=People,dc=foo,dc=example,dc=com" +uri "ldap://localhost:@PORT@/ou=People,dc=bar,dc=example,dc=com" +uri "ldap://localhost:@PORT@/ou=Groups,dc=bar,dc=example,dc=com" diff --git a/servers/slapd/back-meta/data/slapd-meta-rewrite.conf b/servers/slapd/back-meta/data/slapd-meta-rewrite.conf index 2134ef0dde..9d9509007d 100644 --- a/servers/slapd/back-meta/data/slapd-meta-rewrite.conf +++ b/servers/slapd/back-meta/data/slapd-meta-rewrite.conf @@ -31,58 +31,58 @@ access to * by * read ####################################################################### -# ldbm database definitions +# ldap database with suffix massage definitions ####################################################################### -include ./slapd-ldbm.conf +include ./slapd-ldap.conf ####################################################################### -# ldap database with suffix massage definitions +# ldbm database definitions ####################################################################### -include ./slapd-ldap.conf +include ./slapd-ldbm.conf ####################################################################### # meta database definitions ####################################################################### database meta -suffix "o=Foo Bar, c=US" +suffix "o=Foo Bar,c=US" dncache-ttl forever lastmod off rootdn "cn=root,o=Foo Bar,c=US" rootpw foo -uri "ldap://localhost:@PORT@/ou=People, dc=foo, o=Foo Bar, c=US" -pseudorootdn "cn=Root, ou=People, dc=foo, dc=example, dc=com" +uri "ldap://localhost:@PORT@/ou=People,dc=foo,o=Foo Bar,c=US" +pseudorootdn "cn=Root,ou=People,dc=foo,dc=example,dc=com" pseudorootpw ldap rewriteEngine on rewriteContext default -rewriteRule "(.*)o=Foo Bar,[ ]?c=US" "%1dc=example, dc=com" +rewriteRule "(.*)o=Foo Bar,[ ]?c=US" "%1dc=example,dc=com" rewriteContext searchResult -rewriteRule "(.*)dc=example,[ ]?dc=com" "%1o=Foo Bar, c=US" +rewriteRule "(.*)dc=example,[ ]?dc=com" "%1o=Foo Bar,c=US" rewriteContext searchFilter rewriteRule "(.*)member=([^)]+),o=Foo Bar,[ ]?c=US(.*)" "%1member=%2,dc=example,dc=com%3" -uri "ldap://localhost:@PORT@/ou=People, dc=bar, o=Foo Bar, c=US" -pseudorootdn "cn=Root, ou=People, dc=bar, dc=example, dc=com" +uri "ldap://localhost:@PORT@/ou=People,dc=bar,o=Foo Bar,c=US" +pseudorootdn "cn=Root,ou=People,dc=bar,dc=example,dc=com" pseudorootpw ldap rewriteEngine on rewriteContext default -rewriteRule "(.*)o=Foo Bar,[ ]?c=US" "%1dc=example, dc=com" +rewriteRule "(.*)o=Foo Bar,[ ]?c=US" "%1dc=example,dc=com" rewriteContext searchResult -rewriteRule "(.*)dc=example,[ ]?dc=com" "%1o=Foo Bar, c=US" +rewriteRule "(.*)dc=example,[ ]?dc=com" "%1o=Foo Bar,c=US" rewriteContext searchFilter rewriteRule "(.*)member=([^)]+),o=Foo Bar,[ ]?c=US(.*)" "%1member=%2,dc=example,dc=com%3" default-target map attribute givenName sn -uri "ldap://localhost:@PORT@/ou=Groups, dc=bar, o=Foo Bar, c=US" +uri "ldap://localhost:@PORT@/ou=Groups,dc=bar,o=Foo Bar,c=US" rewriteEngine on rewriteContext default -rewriteRule "(.*)o=Foo Bar,[ ]?c=US" "%1dc=example, dc=com" +rewriteRule "(.*)o=Foo Bar,[ ]?c=US" "%1dc=example,dc=com" rewriteContext searchResult -rewriteRule "(.*)dc=example,[ ]?dc=com" "%1o=Foo Bar, c=US" +rewriteRule "(.*)dc=example,[ ]?dc=com" "%1o=Foo Bar,c=US" rewriteContext searchFilter rewriteRule "(.*)member=([^)]+),o=Foo Bar,[ ]?c=US(.*)" "%1member=%2,dc=example,dc=com%3" diff --git a/servers/slapd/back-meta/delete.c b/servers/slapd/back-meta/delete.c index 6f47e91fbb..266dc821b3 100644 --- a/servers/slapd/back-meta/delete.c +++ b/servers/slapd/back-meta/delete.c @@ -80,8 +80,8 @@ meta_back_delete( Backend *be, Connection *conn, Operation *op, - const char *dn, - const char *ndn + struct berval *dn, + struct berval *ndn ) { struct metainfo *li = ( struct metainfo * )be->be_private; @@ -92,7 +92,9 @@ meta_back_delete( lc = meta_back_getconn( li, conn, op, META_OP_REQUIRE_SINGLE, ndn, &candidate ); - if ( !lc || !meta_back_dobind( lc, op ) ) { + if ( !lc || !meta_back_dobind( lc, op ) || !meta_back_is_valid( lc, candidate ) ) { + send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, + NULL, NULL, NULL, NULL ); return -1; } @@ -100,18 +102,18 @@ meta_back_delete( * Rewrite the compare dn, if needed */ switch ( rewrite_session( li->targets[ candidate ]->rwinfo, - "deleteDn", dn, conn, &mdn ) ) { + "deleteDn", dn->bv_val, conn, &mdn ) ) { case REWRITE_REGEXEC_OK: if ( mdn == NULL ) { - mdn = ( char * )dn; + mdn = ( char * )dn->bv_val; } #ifdef NEW_LOGGING LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1, "[rw] deleteDn: \"%s\" -> \"%s\"\n", - dn, mdn )); + dn->bv_val, mdn )); #else /* !NEW_LOGGING */ Debug( LDAP_DEBUG_ARGS, "rw> deleteDn: \"%s\" -> \"%s\"\n%s", - dn, mdn, "" ); + dn->bv_val, mdn, "" ); #endif /* !NEW_LOGGING */ break; @@ -128,7 +130,7 @@ meta_back_delete( ldap_delete_s( lc->conns[ candidate ]->ld, mdn ); - if ( mdn != dn ) { + if ( mdn != dn->bv_val ) { free( mdn ); } diff --git a/servers/slapd/back-meta/dncache.c b/servers/slapd/back-meta/dncache.c index febb963414..a37d1e7706 100644 --- a/servers/slapd/back-meta/dncache.c +++ b/servers/slapd/back-meta/dncache.c @@ -77,10 +77,10 @@ */ struct metadncacheentry { - char *dn; - int target; + struct berval *dn; + int target; - time_t lastupdated; + time_t lastupdated; }; /* @@ -98,11 +98,13 @@ meta_dncache_cmp( { struct metadncacheentry *cc1 = ( struct metadncacheentry * )c1; struct metadncacheentry *cc2 = ( struct metadncacheentry * )c2; + + int d = cc1->dn->bv_len - cc2->dn->bv_len; /* * case sensitive, because the dn MUST be normalized */ - return strcmp( cc1->dn, cc2->dn ); + return d != 0 ? d : strcmp( cc1->dn->bv_val, cc2->dn->bv_val ); } /* @@ -120,10 +122,15 @@ meta_dncache_dup( struct metadncacheentry *cc1 = ( struct metadncacheentry * )c1; struct metadncacheentry *cc2 = ( struct metadncacheentry * )c2; + int d = cc1->dn->bv_len - cc2->dn->bv_len; + int cmp; + /* * case sensitive, because the dn MUST be normalized */ - return ( strcmp( cc1->dn, cc2->dn ) == 0 ) ? -1 : 0; + cmp = d != 0 ? d : strcmp( cc1->dn->bv_val, cc2->dn->bv_val ); + + return ( cmp == 0 ) ? -1 : 0; } /* @@ -135,14 +142,14 @@ meta_dncache_dup( int meta_dncache_get_target( struct metadncache *cache, - const char *ndn + struct berval *ndn ) { struct metadncacheentry tmp_entry, *entry; time_t curr_time; int target = -1; - tmp_entry.dn = ( char * )ndn; + tmp_entry.dn = ndn; ldap_pvt_thread_mutex_lock( &cache->mutex ); entry = ( struct metadncacheentry * )avl_find( cache->tree, ( caddr_t )&tmp_entry, meta_dncache_cmp ); @@ -182,7 +189,7 @@ meta_dncache_get_target( int meta_dncache_update_entry( struct metadncache *cache, - const char *ndn, + struct berval *ndn, int target ) { @@ -203,7 +210,7 @@ meta_dncache_update_entry( curr_time = time( NULL ); } - tmp_entry.dn = ( char * )ndn; + tmp_entry.dn = ndn; ldap_pvt_thread_mutex_lock( &cache->mutex ); entry = ( struct metadncacheentry * )avl_find( cache->tree, @@ -219,7 +226,7 @@ meta_dncache_update_entry( return -1; } - entry->dn = ch_strdup( ndn ); + entry->dn = ber_bvdup( ndn ); if ( entry->dn == NULL ) { ldap_pvt_thread_mutex_unlock( &cache->mutex ); return -1; @@ -244,12 +251,12 @@ meta_dncache_update_entry( int meta_dncache_delete_entry( struct metadncache *cache, - const char *ndn + struct berval *ndn ) { struct metadncacheentry *entry, tmp_entry; - tmp_entry.dn = ( char * )ndn; + tmp_entry.dn = ndn; ldap_pvt_thread_mutex_lock( &cache->mutex ); entry = avl_delete( &cache->tree, ( caddr_t )&tmp_entry, @@ -276,6 +283,6 @@ meta_dncache_free( { struct metadncacheentry *entry = ( struct metadncacheentry * )e; - free( entry->dn ); + ber_bvfree( entry->dn ); } diff --git a/servers/slapd/back-meta/group.c b/servers/slapd/back-meta/group.c index 56cf41fe86..5fa6526ad5 100644 --- a/servers/slapd/back-meta/group.c +++ b/servers/slapd/back-meta/group.c @@ -86,8 +86,8 @@ meta_back_group( Connection *conn, Operation *op, Entry *target, - const char *gr_ndn, - const char *op_ndn, + struct berval *gr_ndn, + struct berval *op_ndn, ObjectClass *group_oc, AttributeDescription *group_at ) @@ -95,8 +95,6 @@ meta_back_group( struct metainfo *li = ( struct metainfo * )be->be_private; int rc = 1, candidate; Attribute *attr; - struct berval bv; - AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass; LDAPMessage *result; char *gattr[ 2 ]; @@ -113,7 +111,7 @@ meta_back_group( group_oc_name = group_oc->soc_oid; } - if ( target != NULL && strcmp( target->e_ndn, gr_ndn ) == 0 ) { + if ( target != NULL && strcmp( target->e_nname.bv_val, gr_ndn->bv_val ) == 0 ) { /* we already have a copy of the entry */ /* attribute and objectclass mapping has already been done */ @@ -142,9 +140,8 @@ meta_back_group( */ attr = attr_find( target->e_attrs, group_at ); if ( attr != NULL ) { - bv.bv_val = ( char * )op_ndn; - bv.bv_len = strlen( op_ndn ); - rc = value_find( group_at, attr->a_vals, &bv ); + rc = value_find( group_at, attr->a_vals, + op_ndn ); if ( rc != LDAP_SUCCESS ) { return 1; } @@ -162,21 +159,21 @@ meta_back_group( * Rewrite the op ndn if needed */ switch ( rewrite_session( li->targets[ candidate ]->rwinfo, "bindDn", - op_ndn, conn, &mop_ndn ) ) { + op_ndn->bv_val, conn, &mop_ndn ) ) { case REWRITE_REGEXEC_OK: if ( mop_ndn == NULL ) { - mop_ndn = ( char * )op_ndn; + mop_ndn = ( char * )op_ndn->bv_val; } #ifdef NEW_LOGGING LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1, "[rw] bindDn (op ndn in group):" \"%s\" -> \"%s\"\n", - op_ndn, mop_ndn )); + op_ndn->bv_val, mop_ndn)); #else /* !NEW_LOGGING */ Debug( LDAP_DEBUG_ARGS, "rw> bindDn (op ndn in group):" " \"%s\" -> \"%s\"\n%s", - op_ndn, mop_ndn, "" ); + op_ndn->bv_val, mop_ndn, "" ); #endif /* !NEW_LOGGING */ break; @@ -192,21 +189,21 @@ meta_back_group( */ switch ( rewrite_session( li->targets[ candidate ]->rwinfo, "searchBase", - gr_ndn, conn, &mgr_ndn ) ) { + gr_ndn->bv_val, conn, &mgr_ndn ) ) { case REWRITE_REGEXEC_OK: if ( mgr_ndn == NULL ) { - mgr_ndn = ( char * )gr_ndn; + mgr_ndn = ( char * )gr_ndn->bv_val; } #ifdef NEW_LOGGING LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1, "[rw] searchBase (gr ndn in group):" " \"%s\" -> \"%s\"\n", - gr_ndn, mgr_ndn )); + gr_ndn->bv_val, mgr_ndn )); #else /* !NEW_LOGGING */ Debug( LDAP_DEBUG_ARGS, "rw> searchBase (gr ndn in group):" " \"%s\" -> \"%s\"\n%s", - gr_ndn, mgr_ndn, "" ); + gr_ndn->bv_val, mgr_ndn, "" ); #endif /* !NEW_LOGGING */ break; @@ -241,8 +238,9 @@ meta_back_group( goto cleanup; } - rc = ldap_bind_s( ld, li->targets[ candidate ]->binddn, - li->targets[ candidate ]->bindpw, LDAP_AUTH_SIMPLE ); + rc = ldap_bind_s( ld, li->targets[ candidate ]->binddn->bv_val, + li->targets[ candidate ]->bindpw->bv_val, + LDAP_AUTH_SIMPLE ); if ( rc != LDAP_SUCCESS ) { goto cleanup; } @@ -274,10 +272,10 @@ cleanup:; if ( filter != NULL ) { ch_free( filter ); } - if ( mop_ndn != op_ndn ) { + if ( mop_ndn != op_ndn->bv_val ) { free( mop_ndn ); } - if ( mgr_ndn != gr_ndn ) { + if ( mgr_ndn != gr_ndn->bv_val ) { free( mgr_ndn ); } diff --git a/servers/slapd/back-meta/init.c b/servers/slapd/back-meta/init.c index 4e30347442..a68519eeab 100644 --- a/servers/slapd/back-meta/init.c +++ b/servers/slapd/back-meta/init.c @@ -165,7 +165,7 @@ conn_free( ldap_unbind( lsc[ 0 ]->ld ); } if ( lsc[ 0 ]->bound_dn ) { - free( lsc[ 0 ]->bound_dn ); + ber_bvfree( lsc[ 0 ]->bound_dn ); } free( lsc[ 0 ] ); } @@ -181,11 +181,23 @@ target_free( if ( lt->uri ) { free( lt->uri ); } + if ( lt->psuffix ) { + ber_bvfree( lt->psuffix ); + } + if ( lt->suffix ) { + ber_bvfree( lt->suffix ); + } if ( lt->binddn ) { - free( lt->binddn ); + ber_bvfree( lt->binddn ); } if ( lt->bindpw ) { - free( lt->bindpw ); + ber_bvfree( lt->bindpw ); + } + if ( lt->pseudorootdn ) { + ber_bvfree( lt->pseudorootdn ); + } + if ( lt->pseudorootpw ) { + ber_bvfree( lt->pseudorootpw ); } if ( lt->rwinfo ) { rewrite_info_delete( lt->rwinfo ); diff --git a/servers/slapd/back-meta/modify.c b/servers/slapd/back-meta/modify.c index 7fc8b8e6e3..db1ee00a64 100644 --- a/servers/slapd/back-meta/modify.c +++ b/servers/slapd/back-meta/modify.c @@ -80,8 +80,8 @@ meta_back_modify( Backend *be, Connection *conn, Operation *op, - const char *dn, - const char *ndn, + struct berval *dn, + struct berval *ndn, Modifications *modlist ) { @@ -95,7 +95,9 @@ meta_back_modify( lc = meta_back_getconn( li, conn, op, META_OP_REQUIRE_SINGLE, ndn, &candidate ); - if ( !lc || !meta_back_dobind( lc, op ) ) { + if ( !lc || !meta_back_dobind( lc, op ) || !meta_back_is_valid( lc, candidate ) ) { + send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, + NULL, NULL, NULL, NULL ); return -1; } @@ -103,18 +105,18 @@ meta_back_modify( * Rewrite the modify dn, if needed */ switch ( rewrite_session( li->targets[ candidate ]->rwinfo, - "modifyDn", dn, conn, &mdn ) ) { + "modifyDn", dn->bv_val, conn, &mdn ) ) { case REWRITE_REGEXEC_OK: if ( mdn == NULL ) { - mdn = ( char * )dn; + mdn = ( char * )dn->bv_val; } #ifdef NEW_LOGGING LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1, "[rw] modifyDn: \"%s\" -> \"%s\"\n", - dn, mdn )); + dn->bv_val, mdn )); #else /* !NEW_LOGGING */ Debug( LDAP_DEBUG_ARGS, "rw> modifyDn: \"%s\" -> \"%s\"\n%s", - dn, mdn, "" ); + dn->bv_val, mdn, "" ); #endif /* !NEW_LOGGING */ break; @@ -134,7 +136,7 @@ meta_back_modify( mods = ch_malloc( sizeof( LDAPMod )*i ); if ( mods == NULL ) { - if ( mdn != dn ) { + if ( mdn != dn->bv_val ) { free( mdn ); } return -1; @@ -142,7 +144,7 @@ meta_back_modify( modv = ( LDAPMod ** )ch_malloc( ( i + 1 )*sizeof( LDAPMod * ) ); if ( modv == NULL ) { free( mods ); - if ( mdn != dn ) { + if ( mdn != dn->bv_val ) { free( mdn ); } return -1; @@ -194,7 +196,7 @@ meta_back_modify( ldap_modify_s( lc->conns[ candidate ]->ld, mdn, modv ); - if ( mdn != dn ) { + if ( mdn != dn->bv_val ) { free( mdn ); } free( mods ); diff --git a/servers/slapd/back-meta/modrdn.c b/servers/slapd/back-meta/modrdn.c index 3528a52072..cd52af743b 100644 --- a/servers/slapd/back-meta/modrdn.c +++ b/servers/slapd/back-meta/modrdn.c @@ -80,11 +80,13 @@ meta_back_modrdn( Backend *be, Connection *conn, Operation *op, - const char *dn, - const char *ndn, - const char *newrdn, + struct berval *dn, + struct berval *ndn, + struct berval *newrdn, + struct berval *nnewrdn, int deleteoldrdn, - const char *newSuperior + struct berval *newSuperior, + struct berval *nnewSuperior ) { struct metainfo *li = ( struct metainfo * )be->be_private; @@ -95,7 +97,9 @@ meta_back_modrdn( lc = meta_back_getconn( li, conn, op, META_OP_REQUIRE_SINGLE, ndn, &candidate ); - if ( !lc || !meta_back_dobind( lc, op ) ) { + if ( !lc || !meta_back_dobind( lc, op ) || !meta_back_is_valid( lc, candidate ) ) { + send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, + NULL, NULL, NULL, NULL ); return -1; } @@ -131,7 +135,9 @@ meta_back_modrdn( */ switch ( rewrite_session( li->targets[ nsCandidate ]->rwinfo, "newSuperiorDn", - newSuperior, conn, &mnewSuperior ) ) { + newSuperior->bv_val, + conn, + &mnewSuperior ) ) { case REWRITE_REGEXEC_OK: if ( mnewSuperior == NULL ) { mnewSuperior = ( char * )newSuperior; @@ -144,7 +150,7 @@ meta_back_modrdn( #else /* !NEW_LOGGING */ Debug( LDAP_DEBUG_ARGS, "rw> newSuperiorDn:" " \"%s\" -> \"%s\"\n%s", - newSuperior, mnewSuperior, "" ); + newSuperior->bv_val, mnewSuperior, "" ); #endif /* !NEW_LOGGING */ break; @@ -164,18 +170,18 @@ meta_back_modrdn( * Rewrite the modrdn dn, if required */ switch ( rewrite_session( li->targets[ candidate ]->rwinfo, - "modrDn", dn, conn, &mdn ) ) { + "modrDn", dn->bv_val, conn, &mdn ) ) { case REWRITE_REGEXEC_OK: if ( mdn == NULL ) { - mdn = ( char * )dn; + mdn = ( char * )dn->bv_val; } #ifdef NEW_LOGGING LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1, "[rw] modrDn: \"%s\" -> \"%s\"\n", - dn, mdn )); + dn->bv_val, mdn )); #else /* !NEW_LOGGING */ Debug( LDAP_DEBUG_ARGS, "rw> modrDn: \"%s\" -> \"%s\"\n%s", - dn, mdn, "" ); + dn->bv_val, mdn, "" ); #endif /* !NEW_LOGGING */ break; @@ -190,13 +196,13 @@ meta_back_modrdn( return -1; } - ldap_rename2_s( lc->conns[ candidate ]->ld, mdn, newrdn, + ldap_rename2_s( lc->conns[ candidate ]->ld, mdn, newrdn->bv_val, mnewSuperior, deleteoldrdn ); - if ( mdn != dn ) { + if ( mdn != dn->bv_val ) { free( mdn ); } - if ( mnewSuperior != NULL && mnewSuperior != newSuperior ) { + if ( mnewSuperior != NULL && mnewSuperior != newSuperior->bv_val ) { free( mnewSuperior ); } diff --git a/servers/slapd/back-meta/search.c b/servers/slapd/back-meta/search.c index 026159ced0..d6723cc2b6 100644 --- a/servers/slapd/back-meta/search.c +++ b/servers/slapd/back-meta/search.c @@ -84,14 +84,14 @@ meta_send_entry( struct metaconn *lc, int i, LDAPMessage *e, - struct berval **attrs, + struct berval **attrs, int attrsonly ); static int is_one_level_rdn( - const char *rdn, - int len + const char *rdn, + int from ); int @@ -99,15 +99,15 @@ meta_back_search( Backend *be, Connection *conn, Operation *op, - const char *base, - const char *nbase, + struct berval *base, + struct berval *nbase, int scope, int deref, int slimit, int tlimit, Filter *filter, const char *filterstr, - struct berval **attrs, + struct berval **attrs, int attrsonly ) { @@ -121,7 +121,7 @@ meta_back_search( char *mbase = NULL, *mfilter = NULL, *mmatch = NULL, *mapped_filter = NULL, **mapped_attrs = NULL; - int i, last = 0, candidates = 0, nbaselen, op_type; + int i, last = 0, candidates = 0, op_type; struct slap_limits_set *limit = NULL; int isroot = 0; @@ -146,8 +146,6 @@ meta_back_search( return -1; } - nbaselen = strlen( nbase ); - /* if not root, get appropriate limits */ if ( be_isroot( be, &op->o_ndn ) ) { isroot = 1; @@ -195,7 +193,7 @@ meta_back_search( * Inits searches */ for ( i = 0, lsc = lc->conns; lsc[ 0 ] != NULL; ++i, ++lsc ) { - char *realbase = ( char * )base; + char *realbase = ( char * )base->bv_val; int realscope = scope; int suffixlen; @@ -219,8 +217,8 @@ meta_back_search( /* * modifies the base according to the scope, if required */ - suffixlen = strlen( li->targets[ i ]->suffix ); - if ( suffixlen > nbaselen ) { + suffixlen = li->targets[ i ]->suffix->bv_len; + if ( suffixlen > nbase->bv_len ) { switch ( scope ) { case LDAP_SCOPE_SUBTREE: /* @@ -229,9 +227,9 @@ meta_back_search( * illegal bases may be turned into * the suffix of the target. */ - if ( dn_issuffix( li->targets[ i ]->suffix, + if ( dnIsSuffix( li->targets[ i ]->suffix, nbase ) ) { - realbase = li->targets[ i ]->suffix; + realbase = li->targets[ i ]->suffix->bv_val; } else { /* * this target is no longer candidate @@ -242,15 +240,15 @@ meta_back_search( break; case LDAP_SCOPE_ONELEVEL: - if ( is_one_level_rdn( li->targets[ i ]->suffix, - suffixlen-nbaselen-1) - && dn_issuffix( li->targets[ i ]->suffix, nbase ) ) { + if ( is_one_level_rdn( li->targets[ i ]->suffix->bv_val, + suffixlen - nbase->bv_len - 1 ) + && dnIsSuffix( li->targets[ i ]->suffix, nbase ) ) { /* * if there is exactly one level, * make the target suffix the new * base, and make scope "base" */ - realbase = li->targets[ i ]->suffix; + realbase = li->targets[ i ]->suffix->bv_val; realscope = LDAP_SCOPE_BASE; break; } /* else continue with the next case */ @@ -278,10 +276,10 @@ meta_back_search( #ifdef NEW_LOGGING LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1, "[rw] searchBase: \"%s\" -> \"%s\"\n", - base, mbase )); + base->bv_val, mbase )); #else /* !NEW_LOGGING */ Debug( LDAP_DEBUG_ARGS, "rw> searchBase: \"%s\" -> \"%s\"\n%s", - base, mbase, "" ); + base->bv_val, mbase, "" ); #endif /* !NEW_LOGGING */ break; @@ -352,8 +350,13 @@ meta_back_search( */ mapped_attrs = ldap_back_map_attrs( &li->targets[ i ]->at_map, attrs, 0 ); - if ( mapped_attrs == NULL ) { - mapped_attrs = attrs; + if ( mapped_attrs == NULL && attrs) { + for ( count = 0; attrs[ count ]; count++ ); + mapped_attrs = ch_malloc( ( count + 1 ) * sizeof(char *)); + for ( count = 0; attrs[ count ]; count++ ) { + mapped_attrs[ count ] = attrs[ count ]->bv_val; + } + mapped_attrs[ count ] = NULL; } /* @@ -366,8 +369,8 @@ meta_back_search( continue; } - if ( mapped_attrs != attrs ) { - charray_free( mapped_attrs ); + if ( mapped_attrs ) { + free( mapped_attrs ); mapped_attrs = NULL; } if ( mapped_filter != mfilter ) { @@ -564,24 +567,25 @@ finish:; static void meta_send_entry( - Backend *be, - Operation *op, + Backend *be, + Operation *op, struct metaconn *lc, - int target, - LDAPMessage *e, - struct berval **attrs, - int attrsonly + int target, + LDAPMessage *e, + struct berval **attrs, + int attrsonly ) { - struct metainfo *li = ( struct metainfo * )be->be_private; - char *a, *mapped; - Entry ent; - BerElement *ber = NULL; - Attribute *attr, **attrp; - struct berval *dummy = NULL; - struct berval *bv; - const char *text; - char *dn; + struct metainfo *li = ( struct metainfo * )be->be_private; + char *a, *mapped; + Entry ent; + BerElement *ber = NULL; + Attribute *attr, **attrp; + struct berval *dummy = NULL; + struct berval *bv; + const char *text; + char *dn, *edn = NULL; + struct berval tdn, *pdn = NULL, *ndn = NULL; struct metasingleconn *lsc = lc->conns[ target ]; @@ -594,19 +598,20 @@ meta_send_entry( * Rewrite the dn of the result, if needed */ switch ( rewrite_session( li->targets[ target ]->rwinfo, - "searchResult", dn, lc->conn, &ent.e_dn ) ) { + "searchResult", dn, lc->conn, &edn ) ) { case REWRITE_REGEXEC_OK: - if ( ent.e_dn == NULL ) { - ent.e_dn = dn; + if ( edn == NULL ) { + edn = dn; + } else { #ifdef NEW_LOGGING LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1, "[rw] searchResult[%d]:" " \"%s\" -> \"%s\"\n", - target, dn, ent.e_dn )); + target, dn, edn )); #else /* !NEW_LOGGING */ Debug( LDAP_DEBUG_ARGS, "rw> searchResult[%d]: \"%s\"" - " -> \"%s\"\n", target, dn, ent.e_dn ); + " -> \"%s\"\n", target, dn, edn ); #endif /* !NEW_LOGGING */ free( dn ); dn = NULL; @@ -619,15 +624,27 @@ meta_send_entry( return; } - ent.e_ndn = ch_strdup( ent.e_dn ); - ( void )dn_normalize( ent.e_ndn ); + tdn.bv_val = edn; + tdn.bv_len = strlen( edn ); + if ( dnPretty( NULL, &tdn, &pdn ) != LDAP_SUCCESS ) { + + } + + if ( dnNormalize( NULL, &tdn, &ndn ) != LDAP_SUCCESS ) { + + } + + ent.e_name = *pdn; + free( pdn ); + ent.e_nname = *ndn; + free( ndn ); /* * cache dn */ if ( li->cache.ttl != META_DNCACHE_DISABLED ) { ( void )meta_dncache_update_entry( &li->cache, - ch_strdup( ent.e_ndn ), + ber_bvdup( &ent.e_nname ), target ); } @@ -779,12 +796,13 @@ meta_send_entry( static int is_one_level_rdn( - const char *rdn, - int len + const char *rdn, + int from ) { - for ( ; len--; ) { - if ( DN_SEPARATOR( rdn[ len ] ) ) { + for ( ; from--; ) { + if ( DN_SEPARATOR( rdn[ from ] ) + && ! DN_ESCAPE( rdn[ from ] - 1 ) ) { return 0; } } -- 2.39.5