From 5ee89d616797a8a62fa44dec95c52e2b94e8c83f Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Tue, 25 Dec 2001 00:05:26 +0000 Subject: [PATCH] Use struct berval DNs for root DN and update DN --- servers/slapd/add.c | 6 +-- servers/slapd/back-bdb/add.c | 3 +- servers/slapd/back-bdb/delete.c | 2 +- servers/slapd/back-bdb/modrdn.c | 5 +- servers/slapd/back-ldbm/add.c | 3 +- servers/slapd/back-ldbm/delete.c | 3 +- servers/slapd/back-ldbm/modrdn.c | 6 +-- servers/slapd/backend.c | 30 +++++------- servers/slapd/config.c | 82 ++++++++++++++++++++++---------- servers/slapd/delete.c | 6 +-- servers/slapd/modify.c | 6 +-- servers/slapd/modrdn.c | 12 ++--- servers/slapd/passwd.c | 2 +- servers/slapd/proto-slap.h | 2 +- servers/slapd/repl.c | 4 +- servers/slapd/slap.h | 18 +++---- 16 files changed, 105 insertions(+), 85 deletions(-) diff --git a/servers/slapd/add.c b/servers/slapd/add.c index 3127b8664b..21fde149b8 100644 --- a/servers/slapd/add.c +++ b/servers/slapd/add.c @@ -268,12 +268,12 @@ do_add( Connection *conn, Operation *op ) */ if ( be->be_add ) { /* do the update here */ - int repl_user = be_isupdate(be, op->o_ndn.bv_val ); + int repl_user = be_isupdate(be, &op->o_ndn ); #ifndef SLAPD_MULTIMASTER - if ( be->be_update_ndn == NULL || repl_user ) + if ( !be->be_update_ndn.bv_len || repl_user ) #endif { - int update = be->be_update_ndn != NULL; + int update = be->be_update_ndn.bv_len; char textbuf[SLAP_TEXT_BUFLEN]; size_t textlen = sizeof textbuf; diff --git a/servers/slapd/back-bdb/add.c b/servers/slapd/back-bdb/add.c index 69de6cd837..1812992318 100644 --- a/servers/slapd/back-bdb/add.c +++ b/servers/slapd/back-bdb/add.c @@ -193,8 +193,7 @@ retry: rc = txn_abort( ltid ); * or with parent "" */ if ( !be_isroot( be, op->o_ndn.bv_val )) { - if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn.bv_val ) ) { - + if ( be_issuffix( be, "" ) || be_isupdate( be, &op->o_ndn ) ) { p = (Entry *)&slap_entry_root; /* check parent for "children" acl */ diff --git a/servers/slapd/back-bdb/delete.c b/servers/slapd/back-bdb/delete.c index 19f28779ee..45e5cb5540 100644 --- a/servers/slapd/back-bdb/delete.c +++ b/servers/slapd/back-bdb/delete.c @@ -162,7 +162,7 @@ retry: /* transaction retry */ } else { /* no parent, must be root to delete */ if( ! be_isroot( be, op->o_ndn.bv_val ) ) { - if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn.bv_val ) ) { + if ( be_issuffix( be, "" ) || be_isupdate( be, &op->o_ndn ) ) { p = (Entry *)&slap_entry_root; /* check parent for "children" acl */ diff --git a/servers/slapd/back-bdb/modrdn.c b/servers/slapd/back-bdb/modrdn.c index 6c2cf93f01..0420f84494 100644 --- a/servers/slapd/back-bdb/modrdn.c +++ b/servers/slapd/back-bdb/modrdn.c @@ -214,7 +214,7 @@ retry: /* transaction retry */ /* no parent, modrdn entry directly under root */ isroot = be_isroot( be, op->o_ndn.bv_val ); if ( ! isroot ) { - if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn.bv_val ) ) { + if ( be_issuffix( be, "" ) || be_isupdate( be, &op->o_ndn ) ) { p = (Entry *)&slap_entry_root; @@ -335,8 +335,7 @@ retry: /* transaction retry */ /* no parent, modrdn entry directly under root */ if ( ! isroot ) { - if ( be_issuffix( be, "" ) || be_isupdate( be, op->o_ndn.bv_val ) ) { - + if ( be_issuffix( be, "" ) || be_isupdate( be, &op->o_ndn ) ) { np = (Entry *)&slap_entry_root; /* check parent for "children" acl */ diff --git a/servers/slapd/back-ldbm/add.c b/servers/slapd/back-ldbm/add.c index 65b08452bd..797896ff2a 100644 --- a/servers/slapd/back-ldbm/add.c +++ b/servers/slapd/back-ldbm/add.c @@ -206,8 +206,7 @@ ldbm_back_add( /* no parent, must be adding entry to root */ if ( !be_isroot( be, op->o_ndn.bv_val ) ) { - if ( be_issuffix( be, "" ) - || be_isupdate( be, op->o_ndn.bv_val ) ) { + if ( be_issuffix( be, "" ) || be_isupdate( be, &op->o_ndn ) ) { p = (Entry *)&slap_entry_root; rc = access_allowed( be, conn, op, p, diff --git a/servers/slapd/back-ldbm/delete.c b/servers/slapd/back-ldbm/delete.c index 3e34c6dfeb..318fd673e8 100644 --- a/servers/slapd/back-ldbm/delete.c +++ b/servers/slapd/back-ldbm/delete.c @@ -154,8 +154,7 @@ ldbm_back_delete( } else { /* no parent, must be root to delete */ if( ! be_isroot( be, op->o_ndn.bv_val ) ) { - if ( be_issuffix( be, "" ) - || be_isupdate( be, op->o_ndn.bv_val ) ) { + if ( be_issuffix( be, "" ) || be_isupdate( be, &op->o_ndn ) ) { p = (Entry *)&slap_entry_root; rc = access_allowed( be, conn, op, p, diff --git a/servers/slapd/back-ldbm/modrdn.c b/servers/slapd/back-ldbm/modrdn.c index 314c0cd7fe..15aa68f64b 100644 --- a/servers/slapd/back-ldbm/modrdn.c +++ b/servers/slapd/back-ldbm/modrdn.c @@ -208,8 +208,7 @@ ldbm_back_modrdn( /* no parent, must be root to modify rdn */ isroot = be_isroot( be, op->o_ndn.bv_val ); if ( ! be_isroot ) { - if ( be_issuffix( be, "" ) - || be_isupdate( be, op->o_ndn.bv_val ) ) { + if ( be_issuffix( be, "" ) || be_isupdate( be, &op->o_ndn ) ) { p = (Entry *)&slap_entry_root; rc = access_allowed( be, conn, op, p, @@ -387,8 +386,7 @@ ldbm_back_modrdn( } if ( ! be_isroot ) { - if ( be_issuffix( be, "" ) - || be_isupdate( be, op->o_ndn.bv_val ) ) { + if ( be_issuffix( be, "" ) || be_isupdate( be, &op->o_ndn ) ) { np = (Entry *)&slap_entry_root; rc = access_allowed( be, conn, op, np, diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c index c44efa33b4..7eec0d624f 100644 --- a/servers/slapd/backend.c +++ b/servers/slapd/backend.c @@ -419,9 +419,9 @@ int backend_destroy(void) } charray_free( backendDB[i].be_suffix ); ber_bvecfree( backendDB[i].be_nsuffix ); - free( backendDB[i].be_root_dn ); - free( backendDB[i].be_root_ndn ); - free( backendDB[i].be_root_pw.bv_val ); + free( backendDB[i].be_rootdn.bv_val ); + free( backendDB[i].be_rootndn.bv_val ); + free( backendDB[i].be_rootpw.bv_val ); acl_destroy( backendDB[i].be_acl, global_acl ); } free( backendDB ); @@ -599,41 +599,37 @@ be_isroot( Backend *be, const char *ndn ) return( 0 ); } - if ( be->be_root_ndn == NULL || *be->be_root_ndn == '\0' ) { + if ( !be->be_rootndn.bv_len ) { return( 0 ); } - rc = strcmp( be->be_root_ndn, ndn ) ? 0 : 1; + rc = strcmp( be->be_rootndn.bv_val, ndn ) ? 0 : 1; return(rc); } int -be_isupdate( Backend *be, const char *ndn ) +be_isupdate( Backend *be, struct berval *ndn ) { - int rc; - - if ( ndn == NULL || *ndn == '\0' ) { + if ( !ndn->bv_len ) { return( 0 ); } - if ( be->be_update_ndn == NULL || *be->be_update_ndn == '\0' ) { + if ( !be->be_update_ndn.bv_len ) { return( 0 ); } - rc = strcmp( be->be_update_ndn, ndn ) ? 0 : 1; - - return(rc); + return strcmp( be->be_update_ndn.bv_val, ndn->bv_val ) ? 0 : 1; } char * be_root_dn( Backend *be ) { - if ( be->be_root_dn == NULL ) { + if ( !be->be_rootdn.bv_len ) { return( "" ); } - return be->be_root_dn; + return be->be_rootdn.bv_val; } int @@ -648,7 +644,7 @@ be_isroot_pw( Backend *be, return 0; } - if( be->be_root_pw.bv_len == 0 ) { + if( be->be_rootpw.bv_len == 0 ) { return 0; } @@ -659,7 +655,7 @@ be_isroot_pw( Backend *be, #endif #endif - result = lutil_passwd( &be->be_root_pw, cred, NULL ); + result = lutil_passwd( &be->be_rootpw, cred, NULL ); #if defined( SLAPD_CRYPT ) || defined( SLAPD_SPASSWD ) #ifdef SLAPD_SPASSWD diff --git a/servers/slapd/config.c b/servers/slapd/config.c index 47da9ad965..b7b16f13a1 100644 --- a/servers/slapd/config.c +++ b/servers/slapd/config.c @@ -1142,27 +1142,49 @@ read_config( const char *fname ) #endif } else { - be->be_root_dn = ch_strdup( cargv[1] ); - be->be_root_ndn = ch_strdup( cargv[1] ); - + struct berval dn, *pdn = NULL, *ndn = NULL; + if ( load_ucdata( NULL ) < 0 ) { return( 1 ); } - if( dn_normalize( be->be_root_ndn ) == NULL ) { - free( be->be_root_dn ); - free( be->be_root_ndn ); + + dn.bv_val = cargv[1]; + dn.bv_len = strlen( cargv[1] ); + + rc = dnPretty( NULL, &dn, &pdn ); + if( rc != LDAP_SUCCESS ) { #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_CRIT, - "%s: line %d: rootdn DN is invalid.\n", - fname, lineno )); + "%s: line %d: rootdn DN is invalid.\n", + fname, lineno )); #else Debug( LDAP_DEBUG_ANY, -"%s: line %d: rootdn DN is invalid\n", + "%s: line %d: rootdn DN is invalid\n", fname, lineno, 0 ); #endif + return( 1 ); + } + rc = dnNormalize( NULL, &dn, &ndn ); + if( rc != LDAP_SUCCESS ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "config", LDAP_LEVEL_CRIT, + "%s: line %d: rootdn DN is invalid.\n", + fname, lineno )); +#else + Debug( LDAP_DEBUG_ANY, + "%s: line %d: rootdn DN is invalid\n", + fname, lineno, 0 ); +#endif + ber_bvfree( ndn ); return( 1 ); } + + be->be_rootdn = *pdn; + be->be_rootndn = *ndn; + + free( pdn ); + free( ndn ); } /* set super-secret magic database password */ @@ -1192,8 +1214,8 @@ read_config( const char *fname ) #endif } else { - be->be_root_pw.bv_val = ch_strdup( cargv[1] ); - be->be_root_pw.bv_len = strlen( be->be_root_pw.bv_val ); + be->be_rootpw.bv_val = ch_strdup( cargv[1] ); + be->be_rootpw.bv_len = strlen( be->be_rootpw.bv_val ); } /* make this database read-only */ @@ -1798,23 +1820,31 @@ read_config( const char *fname ) #endif } else { - be->be_update_ndn = ch_strdup( cargv[1] ); + struct berval dn, *ndn = NULL; + if ( load_ucdata( NULL ) < 0 ) { return( 1 ); } - if( dn_normalize( be->be_update_ndn ) == NULL ) { + + dn.bv_val = cargv[1]; + dn.bv_len = strlen( cargv[1] ); + + rc = dnNormalize( NULL, &dn, &ndn ); + if( rc != LDAP_SUCCESS ) { #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_CRIT, - "%s: line %d: updatedn DN is invalid.\n", - fname, lineno )); + "%s: line %d: updatedn DN is invalid.\n", + fname, lineno )); #else Debug( LDAP_DEBUG_ANY, -"%s: line %d: updatedn DN is invalid\n", + "%s: line %d: updatedn DN is invalid\n", fname, lineno, 0 ); #endif - return 1; } + + be->be_update_ndn = *ndn; + free( ndn ); } } else if ( strcasecmp( cargv[0], "updateref" ) == 0 ) { @@ -1833,24 +1863,24 @@ read_config( const char *fname ) } if ( be == NULL ) { #ifdef NEW_LOGGING - LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: " - "updateref line must appear inside a database definition " - "(ignored)\n", fname, lineno )); + LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: updateref" + " line must appear inside a database definition\n", + fname, lineno )); #else - Debug( LDAP_DEBUG_ANY, "%s: line %d: " - "updateref line must appear inside a database definition " - "(ignored)\n", fname, lineno, 0 ); + Debug( LDAP_DEBUG_ANY, "%s: line %d: updateref" + " line must appear inside a database definition\n", + fname, lineno, 0 ); #endif return 1; - } else if ( be->be_update_ndn == NULL ) { + } else if ( !be->be_update_ndn.bv_len ) { #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: " - "updateref line must come after updatedn (ignored).\n", + "updateref line must come after updatedn.\n", fname, lineno )); #else Debug( LDAP_DEBUG_ANY, "%s: line %d: " - "updateref line must after updatedn (ignored)\n", + "updateref line must after updatedn.\n", fname, lineno, 0 ); #endif return 1; diff --git a/servers/slapd/delete.c b/servers/slapd/delete.c index 3acbd05c48..cf6c4e00fa 100644 --- a/servers/slapd/delete.c +++ b/servers/slapd/delete.c @@ -179,14 +179,14 @@ do_delete( */ if ( be->be_delete ) { /* do the update here */ - int repl_user = be_isupdate( be, op->o_ndn.bv_val ); + int repl_user = be_isupdate( be, &op->o_ndn ); #ifndef SLAPD_MULTIMASTER - if ( be->be_update_ndn == NULL || repl_user ) + if ( !be->be_update_ndn.bv_len || repl_user ) #endif { if ( (*be->be_delete)( be, conn, op, pdn->bv_val, ndn->bv_val ) == 0 ) { #ifdef SLAPD_MULTIMASTER - if (be->be_update_ndn == NULL || !repl_user ) + if ( !be->be_update_ndn.bv_len || !repl_user ) #endif { replog( be, op, pdn->bv_val, ndn->bv_val, NULL ); diff --git a/servers/slapd/modify.c b/servers/slapd/modify.c index 1bcf5b5c7c..4832d8dc8d 100644 --- a/servers/slapd/modify.c +++ b/servers/slapd/modify.c @@ -333,15 +333,15 @@ do_modify( */ if ( be->be_modify ) { /* do the update here */ - int repl_user = be_isupdate( be, op->o_ndn.bv_val ); + int repl_user = be_isupdate( be, &op->o_ndn ); #ifndef SLAPD_MULTIMASTER /* Multimaster slapd does not have to check for replicator dn * because it accepts each modify request */ - if ( be->be_update_ndn == NULL || repl_user ) + if ( !be->be_update_ndn.bv_len || repl_user ) #endif { - int update = be->be_update_ndn != NULL; + int update = be->be_update_ndn.bv_len; const char *text; char textbuf[SLAP_TEXT_BUFLEN]; size_t textlen = sizeof textbuf; diff --git a/servers/slapd/modrdn.c b/servers/slapd/modrdn.c index 4bd0c6d170..b4b8e04c20 100644 --- a/servers/slapd/modrdn.c +++ b/servers/slapd/modrdn.c @@ -376,21 +376,21 @@ do_modrdn( */ if ( be->be_modrdn ) { /* do the update here */ - int repl_user = be_isupdate( be, op->o_ndn.bv_val ); + int repl_user = be_isupdate( be, &op->o_ndn ); #ifndef SLAPD_MULTIMASTER - if ( be->be_update_ndn == NULL || repl_user ) + if ( !be->be_update_ndn.bv_len || repl_user ) #endif { if ( (*be->be_modrdn)( be, conn, op, pdn->bv_val, ndn->bv_val, pnewrdn->bv_val, deloldrdn, pnewSuperior ? pnewSuperior->bv_val : NULL ) == 0 #ifdef SLAPD_MULTIMASTER - && ( be->be_update_ndn == NULL || !repl_user ) + && ( !be->be_update_ndn.bv_len || !repl_user ) #endif ) { - struct replog_moddn moddn; - moddn.newrdn = pnewrdn->bv_val; + struct slap_replog_moddn moddn; + moddn.newrdn = pnewrdn; moddn.deloldrdn = deloldrdn; - moddn.newsup = pnewSuperior ? pnewSuperior->bv_val : NULL; + moddn.newsup = pnewSuperior; replog( be, op, pdn->bv_val, ndn->bv_val, &moddn ); } diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c index 195183dfff..143cd2f31e 100644 --- a/servers/slapd/passwd.c +++ b/servers/slapd/passwd.c @@ -43,7 +43,7 @@ int passwd_extop( *text = "authorization database is read only"; rc = LDAP_UNWILLING_TO_PERFORM; - } else if( conn->c_authz_backend->be_update_ndn != NULL ) { + } else if( conn->c_authz_backend->be_update_ndn.bv_len ) { /* we SHOULD return a referral in this case */ *refs = referral_rewrite( conn->c_authz_backend->be_update_refs, NULL, NULL, LDAP_SCOPE_DEFAULT ); diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index f6f019ffef..fb0bd6896c 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -161,7 +161,7 @@ LDAP_SLAPD_F (int) be_issuffix LDAP_P(( Backend *be, const char *suffix )); LDAP_SLAPD_F (int) be_isroot LDAP_P(( Backend *be, const char *ndn )); LDAP_SLAPD_F (int) be_isroot_pw LDAP_P(( Backend *be, Connection *conn, const char *ndn, struct berval *cred )); -LDAP_SLAPD_F (int) be_isupdate LDAP_P(( Backend *be, const char *ndn )); +LDAP_SLAPD_F (int) be_isupdate LDAP_P(( Backend *be, struct berval *ndn )); LDAP_SLAPD_F (char *) be_root_dn LDAP_P(( Backend *be )); LDAP_SLAPD_F (int) be_entry_release_rw LDAP_P(( BackendDB *be, Connection *c, Operation *o, Entry *e, int rw )); diff --git a/servers/slapd/repl.c b/servers/slapd/repl.c index b6e35f1b84..055972730f 100644 --- a/servers/slapd/repl.c +++ b/servers/slapd/repl.c @@ -81,7 +81,7 @@ replog( { Modifications *ml; Entry *e; - struct replog_moddn *moddn; + struct slap_replog_moddn *moddn; char *tmp; FILE *fp, *lfp; int len, i; @@ -213,7 +213,7 @@ replog( fprintf( fp, "newrdn: %s\n", moddn->newrdn ); fprintf( fp, "deleteoldrdn: %d\n", moddn->deloldrdn ? 1 : 0 ); if( moddn->newsup != NULL ) { - fprintf( fp, "newsuperior: %s\n", moddn->newsup ); + fprintf( fp, "newsuperior: %s\n", moddn->newsup->bv_val ); } } fprintf( fp, "\n" ); diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index aad4c61918..2c61ffa273 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -834,10 +834,10 @@ typedef struct slap_acl { /* * replog moddn param structure */ -struct replog_moddn { - char *newrdn; +struct slap_replog_moddn { + struct berval *newrdn; int deloldrdn; - char *newsup; + struct berval *newsup; }; /* @@ -982,11 +982,11 @@ struct slap_backend_db { /* these should be renamed from be_ to bd_ */ char **be_suffix; /* the DN suffixes of data in this backend */ - struct berval **be_nsuffix; /* the normalized DN suffixes in this backend */ - struct berval **be_suffixAlias; /* pairs of DN suffix aliases and deref values */ - char *be_root_dn; /* the magic "root" dn for this db */ - char *be_root_ndn; /* the magic "root" normalized dn for this db */ - struct berval be_root_pw; /* the magic "root" password for this db */ + struct berval **be_nsuffix; /* the normalized DN suffixes in this backend */ + struct berval **be_suffixAlias; /* pairs of DN suffix aliases and deref values */ + struct berval be_rootdn; /* the magic "root" name (DN) for this db */ + struct berval be_rootndn; /* the magic "root" normalized name (DN) for this db */ + struct berval be_rootpw; /* the magic "root" password for this db */ unsigned int be_max_deref_depth; /* limit for depth of an alias deref */ #define be_sizelimit be_def_limit.lms_s_soft #define be_timelimit be_def_limit.lms_t_soft @@ -996,7 +996,7 @@ struct slap_backend_db { slap_access_t be_dfltaccess; /* access given if no acl matches */ struct slap_replica_info **be_replica; /* replicas of this backend (in master) */ char *be_replogfile; /* replication log file (in master) */ - char *be_update_ndn; /* allowed to make changes (in replicas) */ + struct berval be_update_ndn; /* allowed to make changes (in replicas) */ struct berval **be_update_refs; /* where to refer modifying clients to */ int be_lastmod; /* keep track of lastmodified{by,time} */ -- 2.39.5