From 693be082648e4726c21e7f431c26c666263a6d18 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Tue, 6 Apr 2004 20:16:00 +0000 Subject: [PATCH] Suck in changes from HEAD (CHANGES needs ITS #s) + Fixed slapd syncrepl replication bugs + Fixed slapd slurpd update bugs + Fixed slapd inappropriate bind error disclosure bugs + Fixed slapd sun_path portability bug + Fixed slapd passwd referral memory leak + Fixed slapd sasl userdb checkpass bug + Added slapd Delivery Method syntax validation + Updated slapd overlay framework + Updated back-ldap backend + Updated back-meta backend --- CHANGES | 10 ++ servers/slapd/acl.c | 4 +- servers/slapd/add.c | 36 ++--- servers/slapd/back-bdb/add.c | 2 +- servers/slapd/back-bdb/bind.c | 80 +++++------ servers/slapd/back-bdb/delete.c | 4 +- servers/slapd/back-bdb/init.c | 31 ++-- servers/slapd/back-bdb/modrdn.c | 53 +++---- servers/slapd/back-bdb/referral.c | 2 +- servers/slapd/back-dnssrv/bind.c | 4 +- servers/slapd/back-dnssrv/compare.c | 3 +- servers/slapd/back-dnssrv/config.c | 5 +- servers/slapd/back-ldap/add.c | 2 +- servers/slapd/back-ldap/back-ldap.h | 3 +- servers/slapd/back-ldap/bind.c | 50 ++++--- servers/slapd/back-ldap/chain.c | 197 -------------------------- servers/slapd/back-ldap/config.c | 51 +++---- servers/slapd/back-ldap/extended.c | 7 +- servers/slapd/back-ldap/init.c | 6 +- servers/slapd/back-ldap/modify.c | 2 +- servers/slapd/back-ldap/search.c | 2 +- servers/slapd/back-ldbm/add.c | 4 +- servers/slapd/back-ldbm/bind.c | 75 ++++------ servers/slapd/back-ldbm/delete.c | 4 +- servers/slapd/back-ldbm/init.c | 17 ++- servers/slapd/back-ldbm/modrdn.c | 8 +- servers/slapd/back-meta/bind.c | 8 +- servers/slapd/back-meta/compare.c | 2 +- servers/slapd/back-meta/conn.c | 2 +- servers/slapd/back-meta/search.c | 2 +- servers/slapd/back-monitor/database.c | 2 +- servers/slapd/back-monitor/init.c | 2 +- servers/slapd/backend.c | 18 ++- servers/slapd/backglue.c | 6 +- servers/slapd/backover.c | 54 ++++++- servers/slapd/bind.c | 47 ++++-- servers/slapd/config.c | 52 +++++-- servers/slapd/ctxcsn.c | 58 ++++---- servers/slapd/daemon.c | 8 ++ servers/slapd/delete.c | 33 ++--- servers/slapd/init.c | 3 +- servers/slapd/limits.c | 2 +- servers/slapd/modify.c | 44 +++--- servers/slapd/modrdn.c | 32 ++--- servers/slapd/overlays/pcache.c | 13 +- servers/slapd/passwd.c | 30 ++-- servers/slapd/proto-slap.h | 8 +- servers/slapd/result.c | 69 ++++++++- servers/slapd/root_dse.c | 2 +- servers/slapd/sasl.c | 117 +-------------- servers/slapd/saslauthz.c | 4 +- servers/slapd/schema_init.c | 135 +++++++++++++++++- servers/slapd/slap.h | 129 ++++++++++------- servers/slapd/slapcommon.c | 5 + servers/slapd/slapi/slapi_ops.c | 10 +- servers/slapd/slapi/slapi_utils.c | 4 +- servers/slapd/syncrepl.c | 4 +- 57 files changed, 766 insertions(+), 801 deletions(-) delete mode 100644 servers/slapd/back-ldap/chain.c diff --git a/CHANGES b/CHANGES index ddbf4c9f37..dc9fbcf661 100644 --- a/CHANGES +++ b/CHANGES @@ -1,8 +1,18 @@ OpenLDAP 2.2 Change Log OpenLDAP 2.2.9 Engineering + Fixed slapd syncrepl replication bugs + Fixed slapd slurpd update bugs + Fixed slapd inappropriate bind error disclosure bugs + Fixed slapd sun_path portability bug + Fixed slapd passwd referral memory leak + Fixed slapd sasl userdb checkpass bug Fixed ldapmodify missing error information bug (ITS#3057) Fixed back-meta compare return code (ITS#3042) + Added slapd Delivery Method syntax validation + Updated slapd overlay framework + Updated back-ldap backend + Updated back-meta backend Build Environment Fixed slapd dynamic backend build (ITS#3044) Removed deprecated configure options diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c index 9896b77d74..e5db4a6cfd 100644 --- a/servers/slapd/acl.c +++ b/servers/slapd/acl.c @@ -228,7 +228,7 @@ access_allowed( #endif /* LDAP_SLAPI */ /* grant database root access */ - if ( be != NULL && be_isroot( be, &op->o_ndn ) ) { + if ( be != NULL && be_isroot( op ) ) { #ifdef NEW_LOGGING LDAP_LOG( ACL, INFO, "access_allowed: conn %lu root access granted\n", @@ -1568,7 +1568,7 @@ acl_check_modlist( assert( be != NULL ); /* short circuit root database access */ - if ( be_isroot( op->o_bd, &op->o_ndn ) ) { + if ( be_isroot( op ) ) { #ifdef NEW_LOGGING LDAP_LOG( ACL, DETAIL1, "acl_check_modlist: conn %lu access granted to root user\n", diff --git a/servers/slapd/add.c b/servers/slapd/add.c index 4557d083da..ffa94168b6 100644 --- a/servers/slapd/add.c +++ b/servers/slapd/add.c @@ -212,8 +212,8 @@ do_add( Operation *op, SlapReply *rs ) if ( op->o_bd == NULL ) { rs->sr_ref = referral_rewrite( default_referral, NULL, &e->e_name, LDAP_SCOPE_DEFAULT ); - if (!rs->sr_ref) rs->sr_ref = default_referral; - if ( rs->sr_ref != NULL ) { + if ( !rs->sr_ref ) rs->sr_ref = default_referral; + if ( rs->sr_ref ) { rs->sr_err = LDAP_REFERRAL; send_ldap_result( op, rs ); @@ -222,7 +222,7 @@ do_add( Operation *op, SlapReply *rs ) } } else { send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, - "referral missing" ); + "no global superior knowledge" ); } goto done; } @@ -250,10 +250,9 @@ do_add( Operation *op, SlapReply *rs ) */ if ( op->o_bd->be_add ) { /* do the update here */ - int repl_user = be_isupdate(op->o_bd, &op->o_ndn ); + int repl_user = be_isupdate( op ); #ifndef SLAPD_MULTIMASTER - if ( LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo ) && - ( !op->o_bd->be_update_ndn.bv_len || repl_user )) + if ( !SLAP_SHADOW(op->o_bd) || repl_user ) #else if ( LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) #endif @@ -264,7 +263,7 @@ do_add( Operation *op, SlapReply *rs ) slap_callback cb = { NULL, slap_replog_cb, NULL, NULL }; rs->sr_err = slap_mods_check( modlist, update, &rs->sr_text, - textbuf, textlen, NULL ); + textbuf, textlen, NULL ); if( rs->sr_err != LDAP_SUCCESS ) { send_ldap_result( op, rs ); @@ -288,7 +287,7 @@ do_add( Operation *op, SlapReply *rs ) } rs->sr_err = slap_mods2entry( modlist, &e, repl_user, 0, - &rs->sr_text, textbuf, textlen ); + &rs->sr_text, textbuf, textlen ); if( rs->sr_err != LDAP_SUCCESS ) { send_ldap_result( op, rs ); goto done; @@ -338,17 +337,8 @@ do_add( Operation *op, SlapReply *rs ) } #endif /* LDAP_SLAPI */ - if ( !LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) { - syncinfo_t *si; - LDAP_STAILQ_FOREACH( si, &op->o_bd->be_syncinfo, si_next ) { - struct berval tmpbv; - ber_dupbv( &tmpbv, &si->si_provideruri_bv[0] ); - ber_bvarray_add( &defref, &tmpbv ); - } - } else { - defref = op->o_bd->be_update_refs - ? op->o_bd->be_update_refs : default_referral; - } + defref = op->o_bd->be_update_refs + ? op->o_bd->be_update_refs : default_referral; if ( defref != NULL ) { rs->sr_ref = referral_rewrite( defref, @@ -358,11 +348,13 @@ do_add( Operation *op, SlapReply *rs ) if (!rs->sr_ref) rs->sr_ref = default_referral; send_ldap_result( op, rs ); - if ( rs->sr_ref != default_referral ) ber_bvarray_free( rs->sr_ref ); + if ( rs->sr_ref != default_referral ) { + ber_bvarray_free( rs->sr_ref ); + } } else { send_ldap_error( op, rs, - LDAP_UNWILLING_TO_PERFORM, - "referral missing" ); + LDAP_UNWILLING_TO_PERFORM, + "shadow context; no update referral" ); } #endif /* SLAPD_MULTIMASTER */ } diff --git a/servers/slapd/back-bdb/add.c b/servers/slapd/back-bdb/add.c index 6b30fed39a..6e7ccdb9b0 100644 --- a/servers/slapd/back-bdb/add.c +++ b/servers/slapd/back-bdb/add.c @@ -298,7 +298,7 @@ retry: /* transaction retry */ * no parent! * if not attempting to add entry at suffix or with parent "" */ - if (( !be_isroot( op->o_bd, &op->o_ndn ) || pdn.bv_len > 0 ) + if ((( !be_isroot( op ) && !be_isupdate(op)) || pdn.bv_len > 0 ) && !is_entry_glue( op->oq_add.rs_e )) { #ifdef NEW_LOGGING diff --git a/servers/slapd/back-bdb/bind.c b/servers/slapd/back-bdb/bind.c index 280dcf4ecc..9739773aea 100644 --- a/servers/slapd/back-bdb/bind.c +++ b/servers/slapd/back-bdb/bind.c @@ -44,9 +44,11 @@ bdb_bind( Operation *op, SlapReply *rs ) DB_LOCK lock; #ifdef NEW_LOGGING - LDAP_LOG ( OPERATION, ARGS, "==> bdb_bind: dn: %s\n", op->o_req_dn.bv_val, 0, 0 ); + LDAP_LOG ( OPERATION, ARGS, + "==> bdb_bind: dn: %s\n", op->o_req_dn.bv_val, 0, 0 ); #else - Debug( LDAP_DEBUG_ARGS, "==> bdb_bind: dn: %s\n", op->o_req_dn.bv_val, 0, 0); + Debug( LDAP_DEBUG_ARGS, + "==> bdb_bind: dn: %s\n", op->o_req_dn.bv_val, 0, 0); #endif /* allow noauth binds */ @@ -91,30 +93,13 @@ dn2entry_retry: e = ei->bei_e; if ( rs->sr_err == DB_NOTFOUND ) { if( e != NULL ) { - rs->sr_ref = is_entry_referral( e ) - ? get_entry_referrals( op, e ) - : NULL; - if (rs->sr_ref) { - rs->sr_matched = ch_strdup( e->e_name.bv_val ); - rs->sr_flags |= REP_MATCHED_MUSTBEFREED; - } - - bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache, e, &lock ); + bdb_cache_return_entry_r( bdb->bi_dbenv, + &bdb->bi_cache, e, &lock ); e = NULL; - } else { - rs->sr_ref = referral_rewrite( default_referral, - NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT ); } - if ( rs->sr_ref != NULL ) { - rs->sr_err = LDAP_REFERRAL; - send_ldap_result( op, rs ); - ber_bvarray_free( rs->sr_ref ); - rs->sr_ref = NULL; - } else { - rs->sr_err = LDAP_INVALID_CREDENTIALS; - send_ldap_result( op, rs ); - } + rs->sr_err = LDAP_INVALID_CREDENTIALS; + send_ldap_result( op, rs ); LOCK_ID_FREE(bdb->bi_dbenv, locker); @@ -134,7 +119,6 @@ dn2entry_retry: Debug( LDAP_DEBUG_TRACE, "entry is subentry\n", 0, 0, 0 ); #endif - rs->sr_err = LDAP_INVALID_CREDENTIALS; goto done; } @@ -144,22 +128,23 @@ dn2entry_retry: if ( is_entry_alias( e ) ) { /* entry is an alias, don't allow bind */ #ifdef NEW_LOGGING - LDAP_LOG ( OPERATION, DETAIL1, "bdb_bind: entry is alias\n", 0, 0, 0 ); + LDAP_LOG ( OPERATION, DETAIL1, + "bdb_bind: entry is alias\n", 0, 0, 0 ); #else - Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0, - 0, 0 ); + Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0, 0, 0 ); #endif +#if 1 + rs->sr_err = LDAP_INVALID_CREDENTIALS; +#else rs->sr_err = LDAP_ALIAS_PROBLEM; rs->sr_text = "entry is alias"; +#endif goto done; } #endif if ( is_entry_referral( e ) ) { - /* entry is a referral, don't allow bind */ - rs->sr_ref = get_entry_referrals( op, e ); - #ifdef NEW_LOGGING LDAP_LOG ( OPERATION, DETAIL1, "bdb_bind: entry is referral\n", 0, 0, 0 ); @@ -167,14 +152,7 @@ dn2entry_retry: Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0, 0, 0 ); #endif - - if( rs->sr_ref != NULL ) { - rs->sr_err = LDAP_REFERRAL; - rs->sr_matched = ch_strdup( e->e_name.bv_val ); - rs->sr_flags |= REP_MATCHED_MUSTBEFREED; - } else { - rs->sr_err = LDAP_INVALID_CREDENTIALS; - } + rs->sr_err = LDAP_INVALID_CREDENTIALS; goto done; } @@ -183,16 +161,26 @@ dn2entry_retry: rs->sr_err = access_allowed( op, e, password, NULL, ACL_AUTH, NULL ); if ( ! rs->sr_err ) { +#if 1 + rs->sr_err = LDAP_INVALID_CREDENTIALS; +#else rs->sr_err = LDAP_INSUFFICIENT_ACCESS; +#endif goto done; } if ( (a = attr_find( e->e_attrs, password )) == NULL ) { +#if 1 + rs->sr_err = LDAP_INVALID_CREDENTIALS; +#else rs->sr_err = LDAP_INAPPROPRIATE_AUTH; +#endif goto done; } - if ( slap_passwd_check( op->o_conn, a, &op->oq_bind.rb_cred, &rs->sr_text ) != 0 ) { + if ( slap_passwd_check( op->o_conn, + a, &op->oq_bind.rb_cred, &rs->sr_text ) != 0 ) + { rs->sr_err = LDAP_INVALID_CREDENTIALS; goto done; } @@ -202,7 +190,9 @@ dn2entry_retry: #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND case LDAP_AUTH_KRBV41: - if ( krbv4_ldap_auth( op->o_bd, &op->oq_bind.rb_cred, &ad ) != LDAP_SUCCESS ) { + if ( krbv4_ldap_auth( op->o_bd, &op->oq_bind.rb_cred, &ad ) + != LDAP_SUCCESS ) + { rs->sr_err = LDAP_INVALID_CREDENTIALS, goto done; } @@ -214,8 +204,8 @@ dn2entry_retry: goto done; } - krbval.bv_len = sprintf( krbname, "%s%s%s@%s", ad.pname, *ad.pinst ? "." - : "", ad.pinst, ad.prealm ); + krbval.bv_len = sprintf( krbname, "%s%s%s@%s", ad.pname, + *ad.pinst ? "." : "", ad.pinst, ad.prealm ); if ( (a = attr_find( e->e_attrs, krbattr )) == NULL ) { /* @@ -238,14 +228,10 @@ dn2entry_retry: } rs->sr_err = 0; break; - - case LDAP_AUTH_KRBV42: - rs->sr_err = LDAP_UNWILLING_TO_PERFORM; - rs->sr_text = "Kerberos bind step 2 not supported"; - goto done; #endif default: + assert( 0 ); /* should not be unreachable */ rs->sr_err = LDAP_STRONG_AUTH_NOT_SUPPORTED; rs->sr_text = "authentication method not supported"; } diff --git a/servers/slapd/back-bdb/delete.c b/servers/slapd/back-bdb/delete.c index c8e46b6fd3..4f9bff15a1 100644 --- a/servers/slapd/back-bdb/delete.c +++ b/servers/slapd/back-bdb/delete.c @@ -244,9 +244,9 @@ retry: /* transaction retry */ } else { /* no parent, must be root to delete */ - if( ! be_isroot( op->o_bd, &op->o_ndn ) ) { + if( ! be_isroot( op ) ) { if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv ) - || be_isupdate( op->o_bd, &op->o_ndn ) ) { + || be_isupdate( op ) ) { p = (Entry *)&slap_entry_root; /* check parent for "children" acl */ diff --git a/servers/slapd/back-bdb/init.c b/servers/slapd/back-bdb/init.c index 0b64dd192d..cd9d9a7c26 100644 --- a/servers/slapd/back-bdb/init.c +++ b/servers/slapd/back-bdb/init.c @@ -75,17 +75,6 @@ bdb_db_init( BackendDB *be ) 0, 0, 0 ); #endif - /* indicate system schema supported */ - be->be_flags |= - SLAP_BFLAG_INCREMENT | -#ifdef BDB_SUBENTRIES - SLAP_BFLAG_SUBENTRIES | -#endif -#ifdef BDB_ALIASES - SLAP_BFLAG_ALIASES | -#endif - SLAP_BFLAG_REFERRALS; - /* allocate backend-database-specific stuff */ bdb = (struct bdb_info *) ch_calloc( 1, sizeof(struct bdb_info) ); @@ -118,8 +107,7 @@ int bdb_bt_compare( DB *db, const DBT *usrkey, - const DBT *curkey -) + const DBT *curkey ) { unsigned char *u, *c; int i, x; @@ -585,8 +573,7 @@ int init_module( int argc, char *argv[] ) { int bdb_initialize( - BackendInfo *bi -) + BackendInfo *bi ) { static char *controls[] = { LDAP_CONTROL_ASSERT, @@ -600,8 +587,6 @@ bdb_initialize( NULL }; - bi->bi_controls = controls; - /* initialize the underlying database system */ #ifdef NEW_LOGGING LDAP_LOG( BACK_BDB, ENTRY, "bdb_db_initialize\n", 0, 0, 0 ); @@ -610,6 +595,18 @@ bdb_initialize( 0, 0, 0 ); #endif + bi->bi_flags |= + SLAP_BFLAG_INCREMENT | +#ifdef BDB_SUBENTRIES + SLAP_BFLAG_SUBENTRIES | +#endif +#ifdef BDB_ALIASES + SLAP_BFLAG_ALIASES | +#endif + SLAP_BFLAG_REFERRALS; + + bi->bi_controls = controls; + { /* version check */ int major, minor, patch; char *version = db_version( &major, &minor, &patch ); diff --git a/servers/slapd/back-bdb/modrdn.c b/servers/slapd/back-bdb/modrdn.c index ecef5038d8..b950479151 100644 --- a/servers/slapd/back-bdb/modrdn.c +++ b/servers/slapd/back-bdb/modrdn.c @@ -175,7 +175,9 @@ retry: /* transaction retry */ e = ei->bei_e; /* FIXME: dn2entry() should return non-glue entry */ - if (( rs->sr_err == DB_NOTFOUND ) || ( !manageDSAit && e && is_entry_glue( e ))) { + if (( rs->sr_err == DB_NOTFOUND ) || + ( !manageDSAit && e && is_entry_glue( e ))) + { if( e != NULL ) { rs->sr_matched = ch_strdup( e->e_dn ); rs->sr_ref = is_entry_referral( e ) @@ -275,6 +277,7 @@ retry: /* transaction retry */ } ei->bei_state |= CACHE_ENTRY_NO_KIDS; #endif + if (!manageDSAit && is_entry_referral( e ) ) { /* parent is a referral, don't allow add */ rs->sr_ref = get_entry_referrals( op, e ); @@ -390,10 +393,10 @@ retry: /* transaction retry */ } else { /* no parent, modrdn entry directly under root */ - isroot = be_isroot( op->o_bd, &op->o_ndn ); + isroot = be_isroot( op ); if ( ! isroot ) { if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv ) - || be_isupdate( op->o_bd, &op->o_ndn ) ) { + || be_isupdate( op ) ) { p = (Entry *)&slap_entry_root; @@ -600,7 +603,7 @@ retry: /* transaction retry */ } else { if ( isroot == -1 ) { - isroot = be_isroot( op->o_bd, &op->o_ndn ); + isroot = be_isroot( op ); } np_dn = NULL; @@ -608,7 +611,7 @@ retry: /* transaction retry */ /* no parent, modrdn entry directly under root */ if ( ! isroot ) { if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv ) - || be_isupdate( op->o_bd, &op->o_ndn ) ) { + || be_isupdate( op ) ) { np = (Entry *)&slap_entry_root; /* check parent for "children" acl */ @@ -633,7 +636,8 @@ retry: /* transaction retry */ "no access to new superior\n", 0, 0, 0 ); #endif - rs->sr_text = "no write access to new superior's children"; + rs->sr_text = + "no write access to new superior's children"; goto return_results; } @@ -686,7 +690,9 @@ retry: /* transaction retry */ } /* Build target dn and make sure target entry doesn't exist already. */ - if (!new_dn.bv_val) build_new_dn( &new_dn, new_parent_dn, &op->oq_modrdn.rs_newrdn, NULL ); + if (!new_dn.bv_val) { + build_new_dn( &new_dn, new_parent_dn, &op->oq_modrdn.rs_newrdn, NULL ); + } if (!new_ndn.bv_val) { struct berval bv = {0, NULL}; @@ -702,7 +708,6 @@ retry: /* transaction retry */ new_ndn.bv_val, 0, 0 ); #endif - /* Shortcut the search */ nei = neip ? neip : eip; rs->sr_err = bdb_cache_find_ndn ( op, ltid, &new_ndn, &nei ); @@ -725,8 +730,8 @@ retry: /* transaction retry */ /* Get attribute type and attribute value of our new rdn, we will * need to add that to our new entry */ - if ( !new_rdn && ldap_bv2rdn_x( &op->oq_modrdn.rs_newrdn, &new_rdn, (char **)&rs->sr_text, - LDAP_DN_FORMAT_LDAP, op->o_tmpmemctx ) ) + if ( !new_rdn && ldap_bv2rdn_x( &op->oq_modrdn.rs_newrdn, &new_rdn, + (char **)&rs->sr_text, LDAP_DN_FORMAT_LDAP, op->o_tmpmemctx ) ) { #ifdef NEW_LOGGING LDAP_LOG ( OPERATION, ERR, @@ -746,21 +751,17 @@ retry: /* transaction retry */ #ifdef NEW_LOGGING LDAP_LOG ( OPERATION, RESULTS, - "bdb_modrdn: new_rdn_type=\"%s\", " - "new_rdn_val=\"%s\"\n", - new_rdn[ 0 ]->la_attr.bv_val, - new_rdn[ 0 ]->la_value.bv_val, 0 ); + "bdb_modrdn: new_rdn_type=\"%s\", new_rdn_val=\"%s\"\n", + new_rdn[ 0 ]->la_attr.bv_val, new_rdn[ 0 ]->la_value.bv_val, 0 ); #else Debug( LDAP_DEBUG_TRACE, - "bdb_modrdn: new_rdn_type=\"%s\", " - "new_rdn_val=\"%s\"\n", - new_rdn[ 0 ]->la_attr.bv_val, - new_rdn[ 0 ]->la_value.bv_val, 0 ); + "bdb_modrdn: new_rdn_type=\"%s\", new_rdn_val=\"%s\"\n", + new_rdn[ 0 ]->la_attr.bv_val, new_rdn[ 0 ]->la_value.bv_val, 0 ); #endif if ( op->oq_modrdn.rs_deleteoldrdn ) { - if ( !old_rdn && ldap_bv2rdn_x( &op->o_req_dn, &old_rdn, (char **)&rs->sr_text, - LDAP_DN_FORMAT_LDAP, op->o_tmpmemctx ) ) + if ( !old_rdn && ldap_bv2rdn_x( &op->o_req_dn, &old_rdn, + (char **)&rs->sr_text, LDAP_DN_FORMAT_LDAP, op->o_tmpmemctx ) ) { #ifdef NEW_LOGGING LDAP_LOG ( OPERATION, ERR, @@ -805,13 +806,13 @@ retry: /* transaction retry */ } /* nested transaction */ - rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, ltid, <2, - bdb->bi_db_opflags ); + rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, ltid, <2, bdb->bi_db_opflags ); rs->sr_text = NULL; if( rs->sr_err != 0 ) { #ifdef NEW_LOGGING LDAP_LOG ( OPERATION, ERR, - "bdb_modrdn: txn_begin(2) failed: %s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 ); + "bdb_modrdn: txn_begin(2) failed: %s (%d)\n", + db_strerror(rs->sr_err), rs->sr_err, 0 ); #else Debug( LDAP_DEBUG_TRACE, "bdb_modrdn: txn_begin(2) failed: %s (%d)\n", @@ -853,8 +854,9 @@ retry: /* transaction retry */ * already happened, must free the names. The frees are * done in bdb_cache_modrdn(). */ - if( e->e_nname.bv_val < e->e_bv.bv_val || e->e_nname.bv_val > - e->e_bv.bv_val + e->e_bv.bv_len ) { + if( e->e_nname.bv_val < e->e_bv.bv_val || + e->e_nname.bv_val > e->e_bv.bv_val + e->e_bv.bv_len ) + { e->e_name.bv_val = NULL; e->e_nname.bv_val = NULL; } @@ -896,7 +898,6 @@ retry: /* transaction retry */ /* modify entry */ rs->sr_err = bdb_modify_internal( op, lt2, &mod[0], e, &rs->sr_text, textbuf, textlen ); - if( rs->sr_err != LDAP_SUCCESS ) { #ifdef NEW_LOGGING LDAP_LOG ( OPERATION, ERR, diff --git a/servers/slapd/back-bdb/referral.c b/servers/slapd/back-bdb/referral.c index cf6dbd15a9..d69c35a7d9 100644 --- a/servers/slapd/back-bdb/referral.c +++ b/servers/slapd/back-bdb/referral.c @@ -150,7 +150,7 @@ dn2entry_retry: rs->sr_matched = e->e_name.bv_val; if( rs->sr_ref != NULL ) { - rs->sr_err = LDAP_REFERRAL; + rc = rs->sr_err = LDAP_REFERRAL; send_ldap_result( op, rs ); ber_bvarray_free( rs->sr_ref ); rs->sr_ref = NULL; diff --git a/servers/slapd/back-dnssrv/bind.c b/servers/slapd/back-dnssrv/bind.c index 137516ccb0..529ced8a87 100644 --- a/servers/slapd/back-dnssrv/bind.c +++ b/servers/slapd/back-dnssrv/bind.c @@ -39,7 +39,9 @@ dnssrv_back_bind( op->o_req_dn.bv_val == NULL ? "" : op->o_req_dn.bv_val, op->oq_bind.rb_method, NULL ); - if( op->oq_bind.rb_method == LDAP_AUTH_SIMPLE && op->oq_bind.rb_cred.bv_val != NULL && op->oq_bind.rb_cred.bv_len ) { + if( op->oq_bind.rb_method == LDAP_AUTH_SIMPLE && + op->oq_bind.rb_cred.bv_val != NULL && op->oq_bind.rb_cred.bv_len ) + { Statslog( LDAP_DEBUG_STATS, "conn=%lu op=%lu DNSSRV BIND dn=\"%s\" provided passwd\n", op->o_connid, op->o_opid, diff --git a/servers/slapd/back-dnssrv/compare.c b/servers/slapd/back-dnssrv/compare.c index 6db8715794..50464d5b08 100644 --- a/servers/slapd/back-dnssrv/compare.c +++ b/servers/slapd/back-dnssrv/compare.c @@ -39,9 +39,8 @@ dnssrv_back_compare( assert( get_manageDSAit( op ) ); #endif send_ldap_error( op, rs, LDAP_OTHER, - "Operation not supported within naming context" ); + "Operation not supported within naming context" ); /* not implemented */ - return 1; } diff --git a/servers/slapd/back-dnssrv/config.c b/servers/slapd/back-dnssrv/config.c index 2f9b314b15..d809179b4b 100644 --- a/servers/slapd/back-dnssrv/config.c +++ b/servers/slapd/back-dnssrv/config.c @@ -46,8 +46,5 @@ dnssrv_back_db_config( } /* no configuration options (yet) */ - { - return SLAP_CONF_UNKNOWN; - } - return 0; + return SLAP_CONF_UNKNOWN; } diff --git a/servers/slapd/back-ldap/add.c b/servers/slapd/back-ldap/add.c index a6d3d1fa3a..53e29906e6 100644 --- a/servers/slapd/back-ldap/add.c +++ b/servers/slapd/back-ldap/add.c @@ -90,7 +90,7 @@ ldap_back_add( dc.ctx = "addAttrDN"; #endif - isupdate = be_isupdate( op->o_bd, &op->o_ndn ); + isupdate = be_isupdate( op ); for (i=0, a=op->oq_add.rs_e->e_attrs; a; a=a->a_next) { if ( !isupdate && a->a_desc->ad_type->sat_no_user_mod ) { continue; diff --git a/servers/slapd/back-ldap/back-ldap.h b/servers/slapd/back-ldap/back-ldap.h index 5a887d1e11..4ab4d34d37 100644 --- a/servers/slapd/back-ldap/back-ldap.h +++ b/servers/slapd/back-ldap/back-ldap.h @@ -80,7 +80,8 @@ struct ldaprwmap { struct ldapinfo { struct slap_backend_db *be; - char *url; + char *url; + LDAPURLDesc *lud; struct berval binddn; struct berval bindpw; #ifdef LDAP_BACK_PROXY_AUTHZ diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c index 29bc8b24ab..26aa3fe5b5 100644 --- a/servers/slapd/back-ldap/bind.c +++ b/servers/slapd/back-ldap/bind.c @@ -229,7 +229,7 @@ ldap_back_getconn(Operation *op, SlapReply *rs) } /* Internal searches are privileged and shared. So is root. */ - if ( op->o_do_not_cache || be_isroot( li->be, &op->o_ndn ) ) { + if ( op->o_do_not_cache || be_isroot_dn( li->be, &op->o_ndn ) ) { lc_curr.local_dn = li->be->be_rootndn; lc_curr.conn = NULL; is_priv = 1; @@ -248,7 +248,7 @@ ldap_back_getconn(Operation *op, SlapReply *rs) rs->sr_err = ldap_initialize(&ld, li->url); if (rs->sr_err != LDAP_SUCCESS) { - rs->sr_err = ldap_back_map_result(rs); + rs->sr_err = slap_map_api2result( rs ); if (rs->sr_text == NULL) { rs->sr_text = "ldap_initialize() failed"; } @@ -446,10 +446,10 @@ ldap_back_rebind( LDAP *ld, LDAP_CONST char *url, ber_tag_t request, return ldap_bind_s( ld, lc->bound_dn.bv_val, lc->cred.bv_val, LDAP_AUTH_SIMPLE ); } +#if 0 /* deprecated in favour of slap_map_api2result() */ /* Map API errors to protocol errors... */ - int -ldap_back_map_result(SlapReply *rs) +ldap_back_map_result( SlapReply *rs ) { switch(rs->sr_err) { @@ -489,12 +489,12 @@ ldap_back_map_result(SlapReply *rs) case LDAP_REFERRAL_LIMIT_EXCEEDED: return LDAP_LOOP_DETECT; default: - if LDAP_API_ERROR(rs->sr_err) + if ( LDAP_API_ERROR(rs->sr_err) ) return LDAP_OTHER; - else - return rs->sr_err; + return rs->sr_err; } } +#endif int ldap_back_op_result(struct ldapconn *lc, Operation *op, SlapReply *rs, @@ -502,28 +502,43 @@ ldap_back_op_result(struct ldapconn *lc, Operation *op, SlapReply *rs, { struct ldapinfo *li = (struct ldapinfo *)op->o_bd->be_private; char *match = NULL; - LDAPMessage *res; + LDAPMessage *res = NULL; char *text = NULL; +#define ERR_OK(err) ((err) == LDAP_SUCCESS || (err) == LDAP_COMPARE_FALSE || (err) == LDAP_COMPARE_TRUE) + rs->sr_text = NULL; rs->sr_matched = NULL; - if (rs->sr_err == LDAP_SUCCESS) { - if (ldap_result(lc->ld, msgid, 1, NULL, &res) == -1) { + /* if the error recorded in the reply corresponds + * to a successful state, get the error from the + * remote server response */ + if ( ERR_OK( rs->sr_err ) ) { + /* if result parsing fails, note the failure reason */ + if ( ldap_result( lc->ld, msgid, 1, NULL, &res ) == -1 ) { ldap_get_option(lc->ld, LDAP_OPT_ERROR_NUMBER, &rs->sr_err); + + /* otherwise get the result; if it is not + * LDAP_SUCCESS, record it in the reply + * structure (this includes + * LDAP_COMPARE_{TRUE|FALSE}) */ } else { int rc = ldap_parse_result(lc->ld, res, &rs->sr_err, &match, &text, NULL, NULL, 1); rs->sr_text = text; - if (rc != LDAP_SUCCESS) rs->sr_err = rc; + if ( rc != LDAP_SUCCESS ) rs->sr_err = rc; } } - if (rs->sr_err != LDAP_SUCCESS) { - rs->sr_err = ldap_back_map_result(rs); + /* if the error in the reply structure is not + * LDAP_SUCCESS, try to map it from client + * to server error */ + if ( !ERR_OK( rs->sr_err ) ) { + rs->sr_err = slap_map_api2result( rs ); - /* internal ops must not reply to client */ + /* internal ops ( op->o_conn == NULL ) + * must not reply to client */ if ( op->o_conn && !op->o_do_not_cache && match ) { struct berval dn, mdn; dncookie dc; @@ -539,11 +554,14 @@ ldap_back_op_result(struct ldapconn *lc, Operation *op, SlapReply *rs, #endif ber_str2bv(match, 0, 0, &dn); ldap_back_dn_massage(&dc, &dn, &mdn); + + /* record the (massaged) matched + * DN into the reply structure */ rs->sr_matched = mdn.bv_val; } } - if (op->o_conn && (sendok || rs->sr_err != LDAP_SUCCESS)) { + if ( op->o_conn && ( sendok || rs->sr_err != LDAP_SUCCESS ) ) { send_ldap_result( op, rs ); } if ( match ) { @@ -557,7 +575,7 @@ ldap_back_op_result(struct ldapconn *lc, Operation *op, SlapReply *rs, ldap_memfree( text ); } rs->sr_text = NULL; - return( (rs->sr_err == LDAP_SUCCESS) ? 0 : -1 ); + return( ERR_OK( rs->sr_err ) ? 0 : -1 ); } #ifdef LDAP_BACK_PROXY_AUTHZ diff --git a/servers/slapd/back-ldap/chain.c b/servers/slapd/back-ldap/chain.c deleted file mode 100644 index 09adff18db..0000000000 --- a/servers/slapd/back-ldap/chain.c +++ /dev/null @@ -1,197 +0,0 @@ -/* chain.c - chain LDAP operations */ -/* $OpenLDAP$ */ -/* This work is part of OpenLDAP Software . - * - * Copyright 2003-2004 The OpenLDAP Foundation. - * Portions Copyright 2003 Howard Chu. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted only as authorized by the OpenLDAP - * Public License. - * - * A copy of this license is available in the file LICENSE in the - * top-level directory of the distribution or, alternatively, at - * . - */ -/* ACKNOWLEDGEMENTS: - * This work was initially developed by the Howard Chu for inclusion - * in OpenLDAP Software. - */ - -#include "portable.h" - -#include - -#include -#include - -#include "slap.h" -#include "back-ldap.h" - -static int -ldap_chain_response( Operation *op, SlapReply *rs ) -{ - slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; - void *private = op->o_bd->be_private; - slap_callback *sc = op->o_callback; - LDAPControl **prev = op->o_ctrls; - LDAPControl **ctrls = NULL, authz; - int i, nctrls, rc; - int cache = op->o_do_not_cache; - char *authzid = NULL; - BerVarray ref; - struct berval ndn = op->o_ndn; - - if ( rs->sr_err != LDAP_REFERRAL ) - return SLAP_CB_CONTINUE; - - /* currently we assume only one referral destination. - * we'll have to parse this in the future. - */ - ref = rs->sr_ref; - rs->sr_ref = NULL; - - op->o_bd->be_private = on->on_bi.bi_private; - op->o_callback = NULL; - - /* Chaining is performed by a privileged user on behalf - * of a normal user, using the ProxyAuthz control. However, - * Binds are done separately, on an anonymous session. - */ - if ( op->o_tag != LDAP_REQ_BIND ) { - for (i=0; prev && prev[i]; i++); - nctrls = i; - - /* Add an extra NULL slot */ - if (!prev) i++; - - ctrls = op->o_tmpalloc((i+1)*sizeof(LDAPControl *), - op->o_tmpmemctx); - for (i=0; i o_dn; - if ( op->o_dn.bv_len ) { - authzid = op->o_tmpalloc( op->o_dn.bv_len+4, - op->o_tmpmemctx ); - strcpy(authzid, "dn: "); - strcpy(authzid+4, op->o_dn.bv_val); - authz.ldctl_value.bv_len = op->o_dn.bv_len + 4; - authz.ldctl_value.bv_val = authzid; - } - op->o_ctrls = ctrls; - op->o_ndn = op->o_bd->be_rootndn; - } - - switch( op->o_tag ) { - case LDAP_REQ_BIND: { - struct berval rndn = op->o_req_ndn; - Connection *conn = op->o_conn; - op->o_req_ndn = slap_empty_bv; - op->o_conn = NULL; - rc = ldap_back_bind( op, rs ); - op->o_req_ndn = rndn; - op->o_conn = conn; - } - break; - case LDAP_REQ_ADD: - rc = ldap_back_add( op, rs ); - break; - case LDAP_REQ_DELETE: - rc = ldap_back_delete( op, rs ); - break; - case LDAP_REQ_MODRDN: - rc = ldap_back_modrdn( op, rs ); - break; - case LDAP_REQ_MODIFY: - rc = ldap_back_modify( op, rs ); - break; - case LDAP_REQ_COMPARE: - rc = ldap_back_compare( op, rs ); - break; - case LDAP_REQ_SEARCH: - rc = ldap_back_search( op, rs ); - break; - case LDAP_REQ_EXTENDED: - rc = ldap_back_extended( op, rs ); - break; - default: - rc = SLAP_CB_CONTINUE; - break; - } - op->o_do_not_cache = cache; - op->o_ctrls = prev; - op->o_bd->be_private = private; - op->o_callback = sc; - op->o_ndn = ndn; - if ( ctrls ) op->o_tmpfree( ctrls, op->o_tmpmemctx ); - if ( authzid ) op->o_tmpfree( authzid, op->o_tmpmemctx ); - rs->sr_ref = ref; - - return rc; -} - -static int ldap_chain_config( - BackendDB *be, - const char *fname, - int lineno, - int argc, - char **argv -) -{ - slap_overinst *on = (slap_overinst *) be->bd_info; - void *private = be->be_private; - int rc; - - be->be_private = on->on_bi.bi_private; - rc = ldap_back_db_config( be, fname, lineno, argc, argv ); - be->be_private = private; - return rc; -} - -static int ldap_chain_init( - BackendDB *be -) -{ - slap_overinst *on = (slap_overinst *) be->bd_info; - void *private = be->be_private; - int rc; - - be->be_private = NULL; - rc = ldap_back_db_init( be ); - on->on_bi.bi_private = be->be_private; - be->be_private = private; - return rc; -} - -static int ldap_chain_destroy( - BackendDB *be -) -{ - slap_overinst *on = (slap_overinst *) be->bd_info; - void *private = be->be_private; - int rc; - - be->be_private = on->on_bi.bi_private; - rc = ldap_back_db_destroy( be ); - on->on_bi.bi_private = be->be_private; - be->be_private = private; - return rc; -} - -static slap_overinst ldapchain; - -int ldap_chain_setup() -{ - ldapchain.on_bi.bi_type = "chain"; - ldapchain.on_bi.bi_db_init = ldap_chain_init; - ldapchain.on_bi.bi_db_config = ldap_chain_config; - ldapchain.on_bi.bi_db_destroy = ldap_chain_destroy; - ldapchain.on_response = ldap_chain_response; - - return overlay_register( &ldapchain ); -} diff --git a/servers/slapd/back-ldap/config.c b/servers/slapd/back-ldap/config.c index 32da6f9f3d..4ba0036665 100644 --- a/servers/slapd/back-ldap/config.c +++ b/servers/slapd/back-ldap/config.c @@ -70,7 +70,7 @@ ldap_back_db_config( /* URI of server to query (preferred over "server" directive) */ } else if ( strcasecmp( argv[0], "uri" ) == 0 ) { - LDAPURLDesc *lud, tmplud; + LDAPURLDesc tmplud; if (argc != 2) { fprintf( stderr, "%s: line %d: " @@ -82,8 +82,11 @@ ldap_back_db_config( if ( li->url != NULL ) { ch_free( li->url ); } + if ( li->lud != NULL ) { + ldap_free_urldesc( li->lud ); + } - if ( ldap_url_parse( argv[ 1 ], &lud ) != LDAP_URL_SUCCESS ) { + if ( ldap_url_parse( argv[ 1 ], &li->lud ) != LDAP_URL_SUCCESS ) { fprintf( stderr, "%s: line %d: " "unable to parse uri \"%s\" " "in \"uri \" line\n", @@ -91,10 +94,10 @@ ldap_back_db_config( return 1; } - if ( ( lud->lud_dn != NULL && lud->lud_dn[0] != '\0' ) - || lud->lud_attrs != NULL - || lud->lud_filter != NULL - || lud->lud_exts != NULL ) + if ( ( li->lud->lud_dn != NULL && li->lud->lud_dn[0] != '\0' ) + || li->lud->lud_attrs != NULL + || li->lud->lud_filter != NULL + || li->lud->lud_exts != NULL ) { fprintf( stderr, "%s: line %d: " "warning, only protocol, " @@ -105,7 +108,7 @@ ldap_back_db_config( #if 0 tmplud = *lud; - tmplud.lud_dn = NULL; + tmplud.lud_dn = ""; tmplud.lud_attrs = NULL; tmplud.lud_filter = NULL; if ( !ldap_is_ldapi_url( argv[ 1 ] ) ) { @@ -125,8 +128,6 @@ ldap_back_db_config( li->url = ch_strdup( argv[ 1 ] ); #endif - ldap_free_urldesc( lud ); - /* name to use for ldap_back_group */ } else if ( strcasecmp( argv[0], "binddn" ) == 0 ) { if (argc != 2) { @@ -396,6 +397,7 @@ ldap_back_map_config( /* * FIXME: this should become an err */ + goto error_return; } } @@ -421,6 +423,7 @@ ldap_back_map_config( /* * FIXME: this should become an err */ + goto error_return; } ad = NULL; @@ -441,7 +444,6 @@ ldap_back_map_config( fprintf( stderr, "%s: line %d: duplicate mapping found (ignored)\n", fname, lineno ); - /* FIXME: free stuff */ goto error_return; } @@ -515,16 +517,16 @@ ldap_back_exop_whoami( } ch_free(c.ldctl_value.bv_val); if (rs->sr_err != LDAP_SUCCESS) { - rs->sr_err = ldap_back_map_result(rs); + rs->sr_err = slap_map_api2result( rs ); } } else { /* else just do the same as before */ bv = (struct berval *) ch_malloc( sizeof(struct berval) ); if( op->o_dn.bv_len ) { - bv->bv_len = op->o_dn.bv_len + sizeof("dn:")-1; + bv->bv_len = op->o_dn.bv_len + sizeof("dn:") - 1; bv->bv_val = ch_malloc( bv->bv_len + 1 ); - AC_MEMCPY( bv->bv_val, "dn:", sizeof("dn:")-1 ); - AC_MEMCPY( &bv->bv_val[sizeof("dn:")-1], op->o_dn.bv_val, + AC_MEMCPY( bv->bv_val, "dn:", sizeof("dn:") - 1 ); + AC_MEMCPY( &bv->bv_val[sizeof("dn:") - 1], op->o_dn.bv_val, op->o_dn.bv_len ); bv->bv_val[bv->bv_len] = '\0'; } else { @@ -633,15 +635,6 @@ suffix_massage_config( ch_free( rargv[ 1 ] ); ch_free( rargv[ 2 ] ); -#if 0 /* "matched" is not normalized */ - rargv[ 0 ] = "rewriteContext"; - rargv[ 1 ] = "matchedDN"; - rargv[ 2 ] = "alias"; - rargv[ 3 ] = "searchResult"; - rargv[ 4 ] = NULL; - rewrite_parse( info, "", ++line, 4, rargv ); -#else /* normalize "matched" */ - rargv[ 0 ] = "rewriteContext"; rargv[ 1 ] = "matchedDN"; rargv[ 2 ] = "alias"; @@ -656,18 +649,6 @@ suffix_massage_config( rargv[ 4 ] = NULL; rewrite_parse( info, "", ++line, 4, rargv ); -#if 0 - rargv[ 0 ] = "rewriteRule"; - rargv[ 1 ] = suffix_massage_regexize( prnc->bv_val ); - rargv[ 2 ] = suffix_massage_patternize( nvnc->bv_val ); - rargv[ 3 ] = ":"; - rargv[ 4 ] = NULL; - rewrite_parse( info, "", ++line, 4, rargv ); - ch_free( rargv[ 1 ] ); - ch_free( rargv[ 2 ] ); -#endif /* 0 */ -#endif /* normalize "matched" */ - return 0; } #endif /* ENABLE_REWRITE */ diff --git a/servers/slapd/back-ldap/extended.c b/servers/slapd/back-ldap/extended.c index 4403fbaaf5..9e0641209f 100644 --- a/servers/slapd/back-ldap/extended.c +++ b/servers/slapd/back-ldap/extended.c @@ -134,8 +134,9 @@ ldap_back_exop_passwd( } rc = ldap_passwd(lc->ld, isproxy ? &mdn : NULL, - qpw->rs_old.bv_len ? &qpw->rs_old : NULL, - qpw->rs_new.bv_len ? &qpw->rs_new : NULL, op->o_ctrls, NULL, &msgid); + qpw->rs_old.bv_val ? &qpw->rs_old : NULL, + qpw->rs_new.bv_val ? &qpw->rs_new : NULL, + op->o_ctrls, NULL, &msgid); if (mdn.bv_val != op->o_req_dn.bv_val) { free(mdn.bv_val); @@ -166,7 +167,7 @@ ldap_back_exop_passwd( } } if (rc != LDAP_SUCCESS) { - rs->sr_err = ldap_back_map_result(rs); + rs->sr_err = slap_map_api2result( rs ); send_ldap_result(op, rs); if (rs->sr_matched) free((char *)rs->sr_matched); if (rs->sr_text) free((char *)rs->sr_text); diff --git a/servers/slapd/back-ldap/init.c b/servers/slapd/back-ldap/init.c index 83d8c90234..8fb695fe12 100644 --- a/servers/slapd/back-ldap/init.c +++ b/servers/slapd/back-ldap/init.c @@ -148,7 +148,7 @@ ldap_back_db_init( li->be = be; be->be_private = li; - be->be_flags |= SLAP_BFLAG_NOLASTMOD; + SLAP_DBFLAGS(be) |= SLAP_DBFLAG_NOLASTMOD; return 0; } @@ -199,6 +199,10 @@ ldap_back_db_destroy( ch_free(li->url); li->url = NULL; } + if ( li->lud ) { + ldap_free_urldesc( li->lud ); + li->lud = NULL; + } if (li->binddn.bv_val) { ch_free(li->binddn.bv_val); li->binddn.bv_val = NULL; diff --git a/servers/slapd/back-ldap/modify.c b/servers/slapd/back-ldap/modify.c index 6da70a1536..b40664261f 100644 --- a/servers/slapd/back-ldap/modify.c +++ b/servers/slapd/back-ldap/modify.c @@ -91,7 +91,7 @@ ldap_back_modify( dc.ctx = "modifyAttrDN"; #endif - isupdate = be_isupdate( op->o_bd, &op->o_ndn ); + isupdate = be_isupdate( op ); for (i=0, ml=op->oq_modify.rs_modlist; ml; ml=ml->sml_next) { int is_oc = 0; diff --git a/servers/slapd/back-ldap/search.c b/servers/slapd/back-ldap/search.c index 6cf7697fda..b0d137cb0e 100644 --- a/servers/slapd/back-ldap/search.c +++ b/servers/slapd/back-ldap/search.c @@ -260,7 +260,7 @@ fail:; &match.bv_val, (char **)&rs->sr_text, NULL, NULL, 1); if (rc != LDAP_SUCCESS ) rs->sr_err = rc; - rs->sr_err = ldap_back_map_result(rs); + rs->sr_err = slap_map_api2result( rs ); rc = 0; break; } diff --git a/servers/slapd/back-ldbm/add.c b/servers/slapd/back-ldbm/add.c index 34ab716fd1..d621eeb2a8 100644 --- a/servers/slapd/back-ldbm/add.c +++ b/servers/slapd/back-ldbm/add.c @@ -247,8 +247,8 @@ ldbm_back_add( } else { assert( pdn.bv_val == NULL || *pdn.bv_val == '\0' ); - if ( !be_isroot( op->o_bd, &op->o_ndn ) - && !is_entry_glue( op->oq_add.rs_e )) + if (( !be_isroot( op ) && !be_isupdate( op )) && + !is_entry_glue( op->oq_add.rs_e )) { ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock); diff --git a/servers/slapd/back-ldbm/bind.c b/servers/slapd/back-ldbm/bind.c index 32ade6e953..02ca82df89 100644 --- a/servers/slapd/back-ldbm/bind.c +++ b/servers/slapd/back-ldbm/bind.c @@ -49,7 +49,8 @@ ldbm_back_bind( LDAP_LOG( BACK_LDBM, ENTRY, "ldbm_back_bind: dn: %s.\n", op->o_req_dn.bv_val, 0, 0 ); #else - Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_bind: dn: %s\n", op->o_req_dn.bv_val, 0, 0); + Debug(LDAP_DEBUG_ARGS, + "==> ldbm_back_bind: dn: %s\n", op->o_req_dn.bv_val, 0, 0); #endif if ( op->oq_bind.rb_method == LDAP_AUTH_SIMPLE && be_isroot_pw( op ) ) { @@ -64,33 +65,14 @@ ldbm_back_bind( /* get entry with reader lock */ if ( (e = dn2entry_r( op->o_bd, &op->o_req_ndn, &matched )) == NULL ) { if( matched != NULL ) { - rs->sr_matched = ch_strdup( matched->e_dn ); - rs->sr_flags |= REP_MATCHED_MUSTBEFREED; - - rs->sr_ref = is_entry_referral( matched ) - ? get_entry_referrals( op, matched ) - : NULL; - cache_return_entry_r( &li->li_cache, matched ); - - } else { - rs->sr_ref = referral_rewrite( default_referral, - NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT ); } - ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock); /* allow noauth binds */ rc = 1; - if ( rs->sr_ref != NULL ) { - rs->sr_err = LDAP_REFERRAL; - } else { - rs->sr_err = LDAP_INVALID_CREDENTIALS; - } + rs->sr_err = LDAP_INVALID_CREDENTIALS; send_ldap_result( op, rs ); - - if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref ); - rs->sr_ref = NULL; return rs->sr_err; } @@ -114,37 +96,31 @@ ldbm_back_bind( /* entry is an alias, don't allow bind */ #ifdef NEW_LOGGING LDAP_LOG( BACK_LDBM, INFO, - "ldbm_back_bind: entry (%s) is an alias.\n", e->e_name.bv_val, 0, 0 ); + "ldbm_back_bind: entry (%s) is an alias.\n", + e->e_name.bv_val, 0, 0 ); #else - Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0, - 0, 0 ); + Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0, 0, 0 ); #endif + +#if 1 + rc = LDAP_INVALID_CREDENTIALS; +#else rs->sr_text = "entry is alias"; rc = LDAP_ALIAS_PROBLEM; +#endif goto return_results; } if ( is_entry_referral( e ) ) { /* entry is a referral, don't allow bind */ - rs->sr_ref = get_entry_referrals( op, e ); - #ifdef NEW_LOGGING LDAP_LOG( BACK_LDBM, INFO, - "ldbm_back_bind: entry(%s) is a referral.\n", e->e_dn, 0, 0 ); + "ldbm_back_bind: entry(%s) is a referral.\n", e->e_dn, 0, 0 ); #else - Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0, - 0, 0 ); + Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0, 0, 0 ); #endif - - if( rs->sr_ref != NULL ) { - rc = LDAP_REFERRAL; - rs->sr_matched = ch_strdup( e->e_name.bv_val ); - rs->sr_flags |= REP_MATCHED_MUSTBEFREED; - - } else { - rc = LDAP_INVALID_CREDENTIALS; - } + rc = LDAP_INVALID_CREDENTIALS; goto return_results; } @@ -153,17 +129,27 @@ ldbm_back_bind( if ( ! access_allowed( op, e, password, NULL, ACL_AUTH, NULL ) ) { +#if 1 + rc = LDAP_INVALID_CREDENTIALS; +#else rc = LDAP_INSUFFICIENT_ACCESS; +#endif goto return_results; } if ( (a = attr_find( e->e_attrs, password )) == NULL ) { /* stop front end from sending result */ +#if 1 + rc = LDAP_INVALID_CREDENTIALS; +#else rc = LDAP_INAPPROPRIATE_AUTH; +#endif goto return_results; } - if ( slap_passwd_check( op->o_conn, a, &op->oq_bind.rb_cred, &rs->sr_text ) != 0 ) { + if ( slap_passwd_check( op->o_conn, + a, &op->oq_bind.rb_cred, &rs->sr_text ) != 0 ) + { /* stop front end from sending result */ rc = LDAP_INVALID_CREDENTIALS; goto return_results; @@ -174,7 +160,9 @@ ldbm_back_bind( #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND case LDAP_AUTH_KRBV41: - if ( krbv4_ldap_auth( op->o_bd, &op->oq_bind.rb_cred, &ad ) != LDAP_SUCCESS ) { + if ( krbv4_ldap_auth( op->o_bd, &op->oq_bind.rb_cred, &ad ) + != LDAP_SUCCESS ) + { rc = LDAP_INVALID_CREDENTIALS; goto return_results; } @@ -213,15 +201,10 @@ ldbm_back_bind( } rc = 0; break; - - case LDAP_AUTH_KRBV42: - rs->sr_text = "Kerberos bind step 2 not supported"; - /* stop front end from sending result */ - rc = LDAP_UNWILLING_TO_PERFORM; - goto return_results; #endif default: + assert( 0 ); /* should not be reachable */ rs->sr_text = "authentication method not supported"; rc = LDAP_STRONG_AUTH_NOT_SUPPORTED; goto return_results; diff --git a/servers/slapd/back-ldbm/delete.c b/servers/slapd/back-ldbm/delete.c index 7276f84d37..7acf90ac89 100644 --- a/servers/slapd/back-ldbm/delete.c +++ b/servers/slapd/back-ldbm/delete.c @@ -194,8 +194,8 @@ ldbm_back_delete( } else { /* no parent, must be root to delete */ - if( ! be_isroot( op->o_bd, &op->o_ndn ) ) { - if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv ) || be_isupdate( op->o_bd, &op->o_ndn ) ) { + if( ! be_isroot( op ) ) { + if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv ) || be_isupdate( op ) ) { p = (Entry *)&slap_entry_root; rc = access_allowed( op, p, diff --git a/servers/slapd/back-ldbm/init.c b/servers/slapd/back-ldbm/init.c index a705fd9984..3a24c9f81a 100644 --- a/servers/slapd/back-ldbm/init.c +++ b/servers/slapd/back-ldbm/init.c @@ -52,6 +52,14 @@ ldbm_back_initialize( bi->bi_controls = controls; + bi->bi_flags |= + SLAP_BFLAG_INCREMENT | +#ifdef LDBM_SUBENTRIES + SLAP_BFLAG_SUBENTRIES | +#endif + SLAP_BFLAG_ALIASES | + SLAP_BFLAG_REFERRALS; + bi->bi_open = ldbm_back_open; bi->bi_config = NULL; bi->bi_close = ldbm_back_close; @@ -140,15 +148,6 @@ ldbm_back_db_init( { struct ldbminfo *li; - /* indicate system schema supported */ - be->be_flags |= - SLAP_BFLAG_INCREMENT | -#ifdef LDBM_SUBENTRIES - SLAP_BFLAG_SUBENTRIES | -#endif - SLAP_BFLAG_ALIASES | - SLAP_BFLAG_REFERRALS; - /* allocate backend-database-specific stuff */ li = (struct ldbminfo *) ch_calloc( 1, sizeof(struct ldbminfo) ); diff --git a/servers/slapd/back-ldbm/modrdn.c b/servers/slapd/back-ldbm/modrdn.c index eb463e3b96..11085b8535 100644 --- a/servers/slapd/back-ldbm/modrdn.c +++ b/servers/slapd/back-ldbm/modrdn.c @@ -246,9 +246,9 @@ ldbm_back_modrdn( } else { /* no parent, must be root to modify rdn */ - isroot = be_isroot( op->o_bd, &op->o_ndn ); + isroot = be_isroot( op ); if ( ! isroot ) { - if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv ) || be_isupdate( op->o_bd, &op->o_ndn ) ) { + if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv ) || be_isupdate( op ) ) { int can_access; p = (Entry *)&slap_entry_root; @@ -418,11 +418,11 @@ ldbm_back_modrdn( /* no parent, must be root to modify newSuperior */ if ( isroot == -1 ) { - isroot = be_isroot( op->o_bd, &op->o_ndn ); + isroot = be_isroot( op ); } if ( ! isroot ) { - if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv ) || be_isupdate( op->o_bd, &op->o_ndn ) ) { + if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv ) || be_isupdate( op ) ) { int can_access; np = (Entry *)&slap_entry_root; diff --git a/servers/slapd/back-meta/bind.c b/servers/slapd/back-meta/bind.c index 25430df987..a62977520e 100644 --- a/servers/slapd/back-meta/bind.c +++ b/servers/slapd/back-meta/bind.c @@ -169,7 +169,7 @@ meta_back_bind( Operation *op, SlapReply *rs ) rs->sr_err = LDAP_INVALID_CREDENTIALS; } - rs->sr_err = ldap_back_map_result( rs ); + rs->sr_err = slap_map_api2result( rs ); send_ldap_result( op, rs ); return -1; } @@ -214,7 +214,7 @@ meta_back_do_single_bind( rs->sr_err = ldap_set_option( lsc->ld, LDAP_OPT_SERVER_CONTROLS, op->o_ctrls ); if ( rs->sr_err != LDAP_SUCCESS ) { - rs->sr_err = ldap_back_map_result( rs ); + rs->sr_err = slap_map_api2result( rs ); goto return_results; } } @@ -226,7 +226,7 @@ meta_back_do_single_bind( LDAP_SASL_SIMPLE, &op->oq_bind.rb_cred, op->o_ctrls, NULL, NULL); if ( rs->sr_err != LDAP_SUCCESS ) { - rs->sr_err = ldap_back_map_result( rs ); + rs->sr_err = slap_map_api2result( rs ); goto return_results; } @@ -436,7 +436,7 @@ meta_back_op_result( struct metaconn *lc, Operation *op, SlapReply *rs ) LDAP_OPT_ERROR_STRING, &msg ); ldap_get_option( lsc->ld, LDAP_OPT_MATCHED_DN, &match ); - rs->sr_err = ldap_back_map_result( rs ); + rs->sr_err = slap_map_api2result( rs ); #ifdef NEW_LOGGING LDAP_LOG( BACK_META, RESULTS, diff --git a/servers/slapd/back-meta/compare.c b/servers/slapd/back-meta/compare.c index 30314eb9f6..da20763aab 100644 --- a/servers/slapd/back-meta/compare.c +++ b/servers/slapd/back-meta/compare.c @@ -194,7 +194,7 @@ meta_back_compare( Operation *op, SlapReply *rs ) break; default: - rres = ldap_back_map_result( rs ); + rres = slap_map_api2result( rs ); if ( err != NULL ) { free( err ); diff --git a/servers/slapd/back-meta/conn.c b/servers/slapd/back-meta/conn.c index 0d3a4839ea..9b8ba83b95 100644 --- a/servers/slapd/back-meta/conn.c +++ b/servers/slapd/back-meta/conn.c @@ -207,7 +207,7 @@ init_one_conn( */ rs->sr_err = ldap_initialize( &lsc->ld, lt->uri ); if ( rs->sr_err != LDAP_SUCCESS ) { - return ldap_back_map_result( rs ); + return slap_map_api2result( rs ); } /* diff --git a/servers/slapd/back-meta/search.c b/servers/slapd/back-meta/search.c index ecb5fcdafb..a065c6c94a 100644 --- a/servers/slapd/back-meta/search.c +++ b/servers/slapd/back-meta/search.c @@ -430,7 +430,7 @@ new_candidate:; res, 1 ); res = NULL; - sres = ldap_back_map_result( rs ); + sres = slap_map_api2result( rs ); if ( err != NULL ) { free( err ); } diff --git a/servers/slapd/back-monitor/database.c b/servers/slapd/back-monitor/database.c index 2ca220dc63..7191e5479b 100644 --- a/servers/slapd/back-monitor/database.c +++ b/servers/slapd/back-monitor/database.c @@ -126,7 +126,7 @@ monitor_subsys_database_init( return( -1 ); } - if ( be->be_flags & SLAP_BFLAG_MONITOR ) { + if ( SLAP_MONITOR(be) ) { attr_merge( e, slap_schema.si_ad_monitorContext, be->be_suffix, be->be_nsuffix ); attr_merge( e_database, slap_schema.si_ad_monitorContext, diff --git a/servers/slapd/back-monitor/init.c b/servers/slapd/back-monitor/init.c index f8d2815066..92e90f7880 100644 --- a/servers/slapd/back-monitor/init.c +++ b/servers/slapd/back-monitor/init.c @@ -251,7 +251,7 @@ monitor_back_db_init( be_monitor = be; /* indicate system schema supported */ - be->be_flags |= SLAP_BFLAG_MONITOR; + SLAP_DBFLAGS(be) |= SLAP_BFLAG_MONITOR; dn.bv_val = SLAPD_MONITOR_DN; dn.bv_len = sizeof( SLAPD_MONITOR_DN ) - 1; diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c index 21dd29003f..54249eebc4 100644 --- a/servers/slapd/backend.c +++ b/servers/slapd/backend.c @@ -714,7 +714,7 @@ be_issuffix( } int -be_isroot( Backend *be, struct berval *ndn ) +be_isroot_dn( Backend *be, struct berval *ndn ) { if ( !ndn->bv_len ) { return( 0 ); @@ -728,7 +728,13 @@ be_isroot( Backend *be, struct berval *ndn ) } int -be_isupdate( Backend *be, struct berval *ndn ) +be_isupdate( Operation *op ) +{ + return be_isupdate_dn( op->o_bd, &op->o_ndn ); +} + +int +be_isupdate_dn( Backend *be, struct berval *ndn ) { if ( !ndn->bv_len ) { return( 0 ); @@ -747,13 +753,19 @@ be_root_dn( Backend *be ) return &be->be_rootdn; } +int +be_isroot( Operation *op ) +{ + return be_isroot_dn( op->o_bd, &op->o_ndn ); +} + int be_isroot_pw( Operation *op ) { int result; char *errmsg; - if ( ! be_isroot( op->o_bd, &op->o_req_ndn ) ) { + if ( ! be_isroot_dn( op->o_bd, &op->o_req_ndn ) ) { return 0; } diff --git a/servers/slapd/backglue.c b/servers/slapd/backglue.c index d76154743a..cd8a63d354 100644 --- a/servers/slapd/backglue.c +++ b/servers/slapd/backglue.c @@ -562,7 +562,7 @@ glue_sub_init( ) if (SLAP_GLUE_SUBORDINATE ( b1 ) ) { /* The last database cannot be a subordinate of noone */ if (i == nBackendDB - 1) { - b1->be_flags ^= SLAP_BFLAG_GLUE_SUBORDINATE; + SLAP_DBFLAGS(b1) ^= SLAP_DBFLAG_GLUE_SUBORDINATE; } continue; } @@ -581,7 +581,7 @@ glue_sub_init( ) continue; } cont--; - be->be_flags |= SLAP_BFLAG_GLUE_LINKED; + SLAP_DBFLAGS(be) |= SLAP_DBFLAG_GLUE_LINKED; if (gi == NULL) { /* We create a copy of the superior's be * structure, pointing to all of its original @@ -590,7 +590,7 @@ glue_sub_init( ) * is used whenever we have operations to pass * down to the real database. */ - b1->be_flags |= SLAP_BFLAG_GLUE_INSTANCE; + SLAP_DBFLAGS(b1) |= SLAP_DBFLAG_GLUE_INSTANCE; gi = (glueinfo *)ch_malloc(sizeof(glueinfo)); gi->nodes = 0; gi->bd = *b1; diff --git a/servers/slapd/backover.c b/servers/slapd/backover.c index 060d7b0245..d51de28535 100644 --- a/servers/slapd/backover.c +++ b/servers/slapd/backover.c @@ -146,9 +146,40 @@ over_back_response ( Operation *op, SlapReply *rs ) return rc; } -enum op_which { op_bind = 0, op_unbind, op_search, op_compare, - op_modify, op_modrdn, op_add, op_delete, op_abandon, - op_cancel, op_extended }; +enum op_which { + op_bind = 0, + op_unbind, + op_search, + op_compare, + op_modify, + op_modrdn, + op_add, + op_delete, + op_abandon, + op_cancel, + op_extended, + op_aux_chk_referrals, + op_last +}; + +/* + * default return code in case of missing backend function + * and overlay stack returning SLAP_CB_CONTINUE + */ +static int op_rc[] = { + LDAP_UNWILLING_TO_PERFORM, /* bind */ + LDAP_UNWILLING_TO_PERFORM, /* unbind */ + LDAP_UNWILLING_TO_PERFORM, /* search */ + LDAP_UNWILLING_TO_PERFORM, /* compare */ + LDAP_UNWILLING_TO_PERFORM, /* modify */ + LDAP_UNWILLING_TO_PERFORM, /* modrdn */ + LDAP_UNWILLING_TO_PERFORM, /* add */ + LDAP_UNWILLING_TO_PERFORM, /* delete */ + LDAP_UNWILLING_TO_PERFORM, /* abandon */ + LDAP_UNWILLING_TO_PERFORM, /* cancel */ + LDAP_UNWILLING_TO_PERFORM, /* extended */ + LDAP_SUCCESS /* aux_chk_referrals */ +}; static int over_op_func( @@ -185,7 +216,7 @@ over_op_func( } /* should not fall thru this far without anything happening... */ if ( rc == SLAP_CB_CONTINUE ) { - rc = LDAP_UNWILLING_TO_PERFORM; + rc = op_rc[ which ]; } op->o_callback = cb.sc_next; return rc; @@ -257,6 +288,12 @@ over_op_extended( Operation *op, SlapReply *rs ) return over_op_func( op, rs, op_extended ); } +static int +over_chk_referrals( Operation *op, SlapReply *rs ) +{ + return over_op_func( op, rs, op_aux_chk_referrals ); +} + int overlay_register( slap_overinst *on @@ -325,8 +362,17 @@ overlay_config( BackendDB *be, const char *ov ) bi->bi_op_delete = over_op_delete; bi->bi_op_abandon = over_op_abandon; bi->bi_op_cancel = over_op_cancel; + bi->bi_extended = over_op_extended; + /* + * this is fine because it has the same + * args of the operations; we need to rework + * all the hooks to share the same args + * of the operations... + */ + bi->bi_chk_referrals = over_chk_referrals; + be->bd_info = bi; } else { diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c index 685773aec6..c360ea3043 100644 --- a/servers/slapd/bind.c +++ b/servers/slapd/bind.c @@ -433,8 +433,8 @@ do_bind( send_ldap_result( op, rs ); #ifdef NEW_LOGGING LDAP_LOG( OPERATION, DETAIL1, - "do_bind: conn %d v%d anonymous bind\n", - op->o_connid, version , 0 ); + "do_bind: conn %d v%d anonymous bind\n", + op->o_connid, version , 0 ); #else Debug( LDAP_DEBUG_TRACE, "do_bind: v%d anonymous bind\n", version, 0, 0 ); @@ -460,26 +460,42 @@ do_bind( } #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND - } else if ( op->orb_method == LDAP_AUTH_KRBV41 || - op->orb_method == LDAP_AUTH_KRBV42 ) - { + } else if ( op->orb_method == LDAP_AUTH_KRBV41 ) { if ( global_disallows & SLAP_DISALLOW_BIND_KRBV4 ) { - /* disallow simple authentication */ + /* disallow krbv4 authentication */ rs->sr_err = LDAP_UNWILLING_TO_PERFORM; rs->sr_text = "unwilling to perform Kerberos V4 bind"; send_ldap_result( op, rs ); + #ifdef NEW_LOGGING LDAP_LOG( OPERATION, DETAIL1, - "do_bind: conn %d v%d Kerberos V4 bind\n", + "do_bind: conn %d v%d Kerberos V4 (step 1) bind refused\n", op->o_connid, version , 0 ); #else - Debug( LDAP_DEBUG_TRACE, "do_bind: v%d Kerberos V4 bind\n", + Debug( LDAP_DEBUG_TRACE, + "do_bind: v%d Kerberos V4 (step 1) bind refused\n", version, 0, 0 ); #endif goto cleanup; } ber_str2bv( "KRBV4", sizeof("KRBV4")-1, 0, &mech ); + + } else if ( op->orb_method == LDAP_AUTH_KRBV42 ) { + rs->sr_err = LDAP_AUTH_METHOD_NOT_SUPPORTED; + rs->sr_text = "Kerberos V4 (step 2) bind not supported"; + send_ldap_result( op, rs ); + +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, DETAIL1, + "do_bind: conn %d v%d Kerberos V4 (step 2) bind refused\n", + op->o_connid, version , 0 ); +#else + Debug( LDAP_DEBUG_TRACE, + "do_bind: v%d Kerberos V4 (step 2) bind refused\n", + version, 0, 0 ); +#endif + goto cleanup; #endif } else { @@ -531,7 +547,7 @@ do_bind( goto cleanup; } -#if defined( LDAP_SLAPI ) +#ifdef LDAP_SLAPI if ( pb ) { int rc; slapi_int_pblock_set_operation( pb, op ); @@ -577,7 +593,8 @@ do_bind( op->orb_edn.bv_len = 0; if ( rs->sr_err == LDAP_SUCCESS ) { - slapi_pblock_get( pb, SLAPI_CONN_DN, (void *)&op->orb_edn.bv_val ); + slapi_pblock_get( pb, SLAPI_CONN_DN, + (void *)&op->orb_edn.bv_val ); if ( op->orb_edn.bv_val == NULL ) { if ( rc == 1 ) { /* No plugins were called; continue. */ @@ -614,7 +631,7 @@ do_bind( break; } } -#endif /* defined( LDAP_SLAPI ) */ +#endif /* LDAP_SLAPI */ if( op->o_bd->be_bind ) { rs->sr_err = (op->o_bd->be_bind)( op, rs ); @@ -671,8 +688,10 @@ do_bind( "operation not supported within naming context" ); } -#if defined( LDAP_SLAPI ) - if ( pb != NULL && slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_POST_BIND_FN, pb ) < 0 ) { +#ifdef LDAP_SLAPI + if ( pb != NULL && + slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_POST_BIND_FN, pb ) < 0 ) + { #ifdef NEW_LOGGING LDAP_LOG( OPERATION, INFO, "do_bind: Bind postoperation plugins failed\n", @@ -683,7 +702,7 @@ do_bind( 0, 0, 0); #endif } -#endif /* defined( LDAP_SLAPI ) */ +#endif /* LDAP_SLAPI */ cleanup: if ( rs->sr_err == LDAP_SUCCESS ) { diff --git a/servers/slapd/config.c b/servers/slapd/config.c index 03ed198d51..3f9db3e69f 100644 --- a/servers/slapd/config.c +++ b/servers/slapd/config.c @@ -960,7 +960,7 @@ read_config( const char *fname, int depth ) return 1; } else { - be->be_flags |= SLAP_BFLAG_GLUE_SUBORDINATE; + SLAP_DBFLAGS(be) |= SLAP_DBFLAG_GLUE_SUBORDINATE; num_subordinates++; } @@ -1801,12 +1801,25 @@ read_config( const char *fname, int depth ) "a database definition.\n", fname, lineno, 0); #endif return 1; - } else { - if ( add_syncrepl( be, cargv, cargc )) { - return 1; - } + + } else if ( SLAP_SHADOW( be )) { +#ifdef NEW_LOGGING + LDAP_LOG( CONFIG, INFO, + "%s: line %d: syncrepl: database already shadowed.\n", + fname, lineno, 0); +#else + Debug( LDAP_DEBUG_ANY, + "%s: line %d: syncrepl: database already shadowed.\n", + fname, lineno, 0); +#endif + return 1; + + } else if ( add_syncrepl( be, cargv, cargc )) { + return 1; } + SLAP_DBFLAGS(be) |= SLAP_DBFLAG_SHADOW; + /* list of replicas of the data in this backend (master only) */ } else if ( strcasecmp( cargv[0], "replica" ) == 0 ) { if ( cargc < 2 ) { @@ -2010,6 +2023,18 @@ read_config( const char *fname, int depth ) #endif return 1; + } else if ( SLAP_SHADOW(be) ) { +#ifdef NEW_LOGGING + LDAP_LOG( CONFIG, INFO, + "%s: line %d: updatedn: database already shadowed.\n", + fname, lineno, 0); +#else + Debug( LDAP_DEBUG_ANY, + "%s: line %d: updatedn: database already shadowed.\n", + fname, lineno, 0); +#endif + return 1; + } else { struct berval dn; @@ -2031,7 +2056,9 @@ read_config( const char *fname, int depth ) #endif return 1; } + } + SLAP_DBFLAGS(be) |= SLAP_DBFLAG_SHADOW; } else if ( strcasecmp( cargv[0], "updateref" ) == 0 ) { if ( cargc < 2 ) { @@ -2059,14 +2086,14 @@ read_config( const char *fname, int depth ) #endif return 1; - } else if ( !be->be_update_ndn.bv_len ) { + } else if ( !SLAP_SHADOW(be) ) { #ifdef NEW_LOGGING LDAP_LOG( CONFIG, INFO, "%s: line %d: " - "updateref line must come after updatedn.\n", + "updateref line must come after syncrepl or updatedn.\n", fname, lineno , 0 ); #else Debug( LDAP_DEBUG_ANY, "%s: line %d: " - "updateref line must after updatedn.\n", + "updateref line must after syncrepl or updatedn.\n", fname, lineno, 0 ); #endif return 1; @@ -2087,8 +2114,9 @@ read_config( const char *fname, int depth ) vals[0].bv_val = cargv[1]; vals[0].bv_len = strlen( vals[0].bv_val ); - if( value_add( &be->be_update_refs, vals ) ) + if( value_add( &be->be_update_refs, vals ) ) { return LDAP_OTHER; + } /* replication log file to which changes are appended */ } else if ( strcasecmp( cargv[0], "replogfile" ) == 0 ) { @@ -2156,13 +2184,13 @@ read_config( const char *fname, int depth ) } if ( strcasecmp( cargv[1], "on" ) == 0 ) { if ( be ) { - be->be_flags &= ~SLAP_BFLAG_NOLASTMOD; + SLAP_DBFLAGS(be) &= ~SLAP_DBFLAG_NOLASTMOD; } else { lastmod = 1; } } else { if ( be ) { - be->be_flags |= SLAP_BFLAG_NOLASTMOD; + SLAP_DBFLAGS(be) |= SLAP_DBFLAG_NOLASTMOD; } else { lastmod = 0; } @@ -2913,7 +2941,7 @@ add_syncrepl( si->si_provideruri == NULL ? "(null)" : si->si_provideruri, 0, 0 ); #endif if ( !si->si_schemachecking ) { - be->be_flags |= SLAP_BFLAG_NO_SCHEMA_CHECK; + SLAP_DBFLAGS(be) |= SLAP_DBFLAG_NO_SCHEMA_CHECK; } si->si_be = be; LDAP_STAILQ_INSERT_TAIL( &be->be_syncinfo, si, si_next ); diff --git a/servers/slapd/ctxcsn.c b/servers/slapd/ctxcsn.c index 53ed6a0ae1..ab1061978e 100644 --- a/servers/slapd/ctxcsn.c +++ b/servers/slapd/ctxcsn.c @@ -41,24 +41,20 @@ slap_get_commit_csn( Operation *op, struct berval *csn ) ldap_pvt_thread_mutex_lock( &op->o_bd->be_pcl_mutex ); - LDAP_TAILQ_FOREACH( csne, &op->o_bd->be_pending_csn_list, csn_link ) { - if ( csne->opid == op->o_opid && csne->connid == op->o_connid ) { - csne->state = SLAP_CSN_COMMIT; + LDAP_TAILQ_FOREACH( csne, &op->o_bd->be_pending_csn_list, ce_csn_link ) { + if ( csne->ce_opid == op->o_opid && csne->ce_connid == op->o_connid ) { + csne->ce_state = SLAP_CSN_COMMIT; break; } } - LDAP_TAILQ_FOREACH( csne, &op->o_bd->be_pending_csn_list, csn_link ) { - if ( csne->state == SLAP_CSN_COMMIT ) committed_csne = csne; - if ( csne->state == SLAP_CSN_PENDING ) break; - } - - if ( committed_csne ) { - ber_dupbv( csn, committed_csne->csn ); + LDAP_TAILQ_FOREACH( csne, &op->o_bd->be_pending_csn_list, ce_csn_link ) { + if ( csne->ce_state == SLAP_CSN_COMMIT ) committed_csne = csne; + if ( csne->ce_state == SLAP_CSN_PENDING ) break; } + if ( committed_csne ) ber_dupbv( csn, committed_csne->ce_csn ); ldap_pvt_thread_mutex_unlock( &op->o_bd->be_pcl_mutex ); - } void @@ -68,9 +64,9 @@ slap_rewind_commit_csn( Operation *op ) ldap_pvt_thread_mutex_lock( &op->o_bd->be_pcl_mutex ); - LDAP_TAILQ_FOREACH( csne, &op->o_bd->be_pending_csn_list, csn_link ) { - if ( csne->opid == op->o_opid && csne->connid == op->o_connid ) { - csne->state = SLAP_CSN_PENDING; + LDAP_TAILQ_FOREACH( csne, &op->o_bd->be_pending_csn_list, ce_csn_link ) { + if ( csne->ce_opid == op->o_opid && csne->ce_connid == op->o_connid ) { + csne->ce_state = SLAP_CSN_PENDING; break; } } @@ -83,19 +79,17 @@ slap_graduate_commit_csn( Operation *op ) { struct slap_csn_entry *csne; - if ( op == NULL ) - return; - - if ( op->o_bd == NULL ) - return; + if ( op == NULL ) return; + if ( op->o_bd == NULL ) return; ldap_pvt_thread_mutex_lock( &op->o_bd->be_pcl_mutex ); - LDAP_TAILQ_FOREACH( csne, &op->o_bd->be_pending_csn_list, csn_link ) { - if ( csne->opid == op->o_opid && csne->connid == op->o_connid ) { - LDAP_TAILQ_REMOVE( &op->o_bd->be_pending_csn_list, csne, csn_link ); - ch_free( csne->csn->bv_val ); - ch_free( csne->csn ); + LDAP_TAILQ_FOREACH( csne, &op->o_bd->be_pending_csn_list, ce_csn_link ) { + if ( csne->ce_opid == op->o_opid && csne->ce_connid == op->o_connid ) { + LDAP_TAILQ_REMOVE( &op->o_bd->be_pending_csn_list, + csne, ce_csn_link ); + ch_free( csne->ce_csn->bv_val ); + ch_free( csne->ce_csn ); ch_free( csne ); break; } @@ -116,8 +110,7 @@ static struct berval ocbva[] = { Entry * slap_create_context_csn_entry( Backend *be, - struct berval *context_csn -) + struct berval *context_csn ) { Entry* e; int rc; @@ -155,8 +148,7 @@ slap_get_csn( char *csnbuf, int len, struct berval *csn, - int manage_ctxcsn -) + int manage_ctxcsn ) { struct slap_csn_entry *pending; @@ -170,12 +162,12 @@ slap_get_csn( sizeof( struct slap_csn_entry )); ldap_pvt_thread_mutex_lock( &op->o_bd->be_pcl_mutex ); ber_dupbv( &op->o_sync_csn, csn ); - pending->csn = ber_dupbv( NULL, csn ); - pending->connid = op->o_connid; - pending->opid = op->o_opid; - pending->state = SLAP_CSN_PENDING; + pending->ce_csn = ber_dupbv( NULL, csn ); + pending->ce_connid = op->o_connid; + pending->ce_opid = op->o_opid; + pending->ce_state = SLAP_CSN_PENDING; LDAP_TAILQ_INSERT_TAIL( &op->o_bd->be_pending_csn_list, - pending, csn_link ); + pending, ce_csn_link ); ldap_pvt_thread_mutex_unlock( &op->o_bd->be_pcl_mutex ); } diff --git a/servers/slapd/daemon.c b/servers/slapd/daemon.c index 97556de00e..b0d0f0d776 100644 --- a/servers/slapd/daemon.c +++ b/servers/slapd/daemon.c @@ -1660,6 +1660,14 @@ slapd_daemon_task( switch ( from.sa_addr.sa_family ) { # ifdef LDAP_PF_LOCAL case AF_LOCAL: + /* FIXME: apparently accept doesn't fill + * the sun_path sun_path member */ + if ( from.sa_un_addr.sun_path[0] == '\0' ) { + AC_MEMCPY( from.sa_un_addr.sun_path, + slap_listeners[l]->sl_sa.sa_un_addr.sun_path, + sizeof( from.sa_un_addr.sun_path ) ); + } + sprintf( peername, "PATH=%s", from.sa_un_addr.sun_path ); ssf = LDAP_PVT_SASL_LOCAL_SSF; { diff --git a/servers/slapd/delete.c b/servers/slapd/delete.c index 1749c0975c..4e701eaa31 100644 --- a/servers/slapd/delete.c +++ b/servers/slapd/delete.c @@ -138,7 +138,8 @@ do_delete( * appropriate one, or send a referral to our "referral server" * if we don't hold it. */ - if ( (op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 0 )) == NULL ) { + op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 0 ); + if ( op->o_bd == NULL ) { rs->sr_ref = referral_rewrite( default_referral, NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT ); @@ -151,7 +152,7 @@ do_delete( if (rs->sr_ref != default_referral) ber_bvarray_free( rs->sr_ref ); } else { send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, - "referral missing" ); + "no global superior knowledge" ); } goto cleanup; } @@ -204,10 +205,9 @@ do_delete( */ if ( op->o_bd->be_delete ) { /* do the update here */ - int repl_user = be_isupdate( op->o_bd, &op->o_ndn ); + int repl_user = be_isupdate( op ); #ifndef SLAPD_MULTIMASTER - if ( LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo ) && - ( !op->o_bd->be_update_ndn.bv_len || repl_user )) + if ( !SLAP_SHADOW(op->o_bd) || repl_user ) #else if ( LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) #endif @@ -240,7 +240,8 @@ do_delete( op->o_managedsait = 1; while ( rs->sr_err == LDAP_SUCCESS && - op->o_delete_glue_parent ) { + op->o_delete_glue_parent ) + { op->o_delete_glue_parent = 0; if ( !be_issuffix( op->o_bd, &op->o_req_ndn )) { slap_callback cb = { NULL }; @@ -264,18 +265,9 @@ do_delete( #ifndef SLAPD_MULTIMASTER } else { - BerVarray defref = NULL; - if ( !LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) { - syncinfo_t *si; - LDAP_STAILQ_FOREACH( si, &op->o_bd->be_syncinfo, si_next ) { - struct berval tmpbv; - ber_dupbv( &tmpbv, &si->si_provideruri_bv[0] ); - ber_bvarray_add( &defref, &tmpbv ); - } - } else { - defref = op->o_bd->be_update_refs - ? op->o_bd->be_update_refs : default_referral; - } + BerVarray defref = op->o_bd->be_update_refs + ? op->o_bd->be_update_refs : default_referral; + if ( defref != NULL ) { rs->sr_ref = referral_rewrite( defref, NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT ); @@ -284,10 +276,11 @@ do_delete( send_ldap_result( op, rs ); if (rs->sr_ref != defref) ber_bvarray_free( rs->sr_ref ); + } else { send_ldap_error( op, rs, - LDAP_UNWILLING_TO_PERFORM, - "referral missing" ); + LDAP_UNWILLING_TO_PERFORM, + "shadow context; no update referral" ); } #endif } diff --git a/servers/slapd/init.c b/servers/slapd/init.c index a2e01e9c3e..1c9e947b75 100644 --- a/servers/slapd/init.c +++ b/servers/slapd/init.c @@ -138,7 +138,8 @@ slap_init( int mode, const char *name ) (void) ldap_pvt_thread_initialize(); - ldap_pvt_thread_pool_init(&connection_pool, connection_pool_max, 0); + ldap_pvt_thread_pool_init( &connection_pool, + connection_pool_max, 0); ldap_pvt_thread_mutex_init( &entry2str_mutex ); ldap_pvt_thread_mutex_init( &replog_mutex ); diff --git a/servers/slapd/limits.c b/servers/slapd/limits.c index d1dd42f25b..291824ac95 100644 --- a/servers/slapd/limits.c +++ b/servers/slapd/limits.c @@ -780,7 +780,7 @@ limits_check( Operation *op, SlapReply *rs ) assert( op->o_tag == LDAP_REQ_SEARCH); /* allow root to set no limit */ - if ( be_isroot( op->o_bd, &op->o_ndn ) ) { + if ( be_isroot( op ) ) { op->ors_limit = NULL; if ( op->ors_tlimit == 0 ) { diff --git a/servers/slapd/modify.c b/servers/slapd/modify.c index eb8a3ac4b6..ea498a0f06 100644 --- a/servers/slapd/modify.c +++ b/servers/slapd/modify.c @@ -367,7 +367,7 @@ do_modify( if (rs->sr_ref != default_referral) ber_bvarray_free( rs->sr_ref ); } else { send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, - "referral missing" ); + "no global superior knowledge" ); } goto cleanup; } @@ -398,21 +398,25 @@ do_modify( modv = slapi_int_modifications2ldapmods( &modlist ); slapi_pblock_set( pb, SLAPI_MODIFY_MODS, (void *)modv ); - rs->sr_err = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_MODIFY_FN, pb ); + rs->sr_err = slapi_int_call_plugins( op->o_bd, + SLAPI_PLUGIN_PRE_MODIFY_FN, pb ); if ( rs->sr_err < 0 ) { /* * A preoperation plugin failure will abort the * entire operation. */ #ifdef NEW_LOGGING - LDAP_LOG( OPERATION, INFO, "do_modify: modify preoperation plugin " - "failed\n", 0, 0, 0 ); + LDAP_LOG( OPERATION, INFO, + "do_modify: modify preoperation plugin failed\n", + 0, 0, 0 ); #else - Debug(LDAP_DEBUG_TRACE, "do_modify: modify preoperation plugin failed.\n", - 0, 0, 0); + Debug(LDAP_DEBUG_TRACE, + "do_modify: modify preoperation plugin failed.\n", + 0, 0, 0); #endif - if ( ( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE, (void *)&rs->sr_err ) != 0 ) || - rs->sr_err == LDAP_SUCCESS ) { + if ( ( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE, + (void *)&rs->sr_err ) != 0 ) || rs->sr_err == LDAP_SUCCESS ) + { rs->sr_err = LDAP_OTHER; } slapi_int_free_ldapmods( modv ); @@ -457,14 +461,13 @@ do_modify( */ if ( op->o_bd->be_modify ) { /* do the update here */ - int repl_user = be_isupdate( op->o_bd, &op->o_ndn ); + int repl_user = be_isupdate( op ); /* Multimaster slapd does not have to check for replicator dn * because it accepts each modify request */ #ifndef SLAPD_MULTIMASTER - if ( LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo ) && - ( !op->o_bd->be_update_ndn.bv_len || repl_user )) + if ( !SLAP_SHADOW(op->o_bd) || repl_user ) #else if ( LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) #endif @@ -512,18 +515,8 @@ do_modify( #ifndef SLAPD_MULTIMASTER /* send a referral */ } else { - BerVarray defref = NULL; - if ( !LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) { - syncinfo_t *si; - LDAP_STAILQ_FOREACH( si, &op->o_bd->be_syncinfo, si_next ) { - struct berval tmpbv; - ber_dupbv( &tmpbv, &si->si_provideruri_bv[0] ); - ber_bvarray_add( &defref, &tmpbv ); - } - } else { - defref = op->o_bd->be_update_refs - ? op->o_bd->be_update_refs : default_referral; - } + BerVarray defref = op->o_bd->be_update_refs + ? op->o_bd->be_update_refs : default_referral; if ( defref != NULL ) { rs->sr_ref = referral_rewrite( defref, NULL, &op->o_req_dn, @@ -535,9 +528,8 @@ do_modify( ber_bvarray_free( rs->sr_ref ); } } else { - send_ldap_error( op, rs, - LDAP_UNWILLING_TO_PERFORM, - "referral missing" ); + send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, + "shadow context; no update referral" ); } #endif } diff --git a/servers/slapd/modrdn.c b/servers/slapd/modrdn.c index ea8dd0e612..ae45b32a7c 100644 --- a/servers/slapd/modrdn.c +++ b/servers/slapd/modrdn.c @@ -277,7 +277,8 @@ do_modrdn( * appropriate one, or send a referral to our "referral server" * if we don't hold it. */ - if ( (op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 0 )) == NULL ) { + op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 0 ); + if ( op->o_bd == NULL ) { rs->sr_ref = referral_rewrite( default_referral, NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT ); if (!rs->sr_ref) rs->sr_ref = default_referral; @@ -289,7 +290,7 @@ do_modrdn( if (rs->sr_ref != default_referral) ber_bvarray_free( rs->sr_ref ); } else { send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, - "referral missing" ); + "no global superior knowledge" ); } goto cleanup; } @@ -361,10 +362,9 @@ do_modrdn( */ if ( op->o_bd->be_modrdn ) { /* do the update here */ - int repl_user = be_isupdate( op->o_bd, &op->o_ndn ); + int repl_user = be_isupdate( op ); #ifndef SLAPD_MULTIMASTER - if ( LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo ) && - ( !op->o_bd->be_update_ndn.bv_len || repl_user )) + if ( !SLAP_SHADOW(op->o_bd) || repl_user ) #else if ( LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) #endif @@ -415,18 +415,9 @@ do_modrdn( #ifndef SLAPD_MULTIMASTER } else { - BerVarray defref = NULL; - if ( !LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) { - syncinfo_t *si; - LDAP_STAILQ_FOREACH( si, &op->o_bd->be_syncinfo, si_next ) { - struct berval tmpbv; - ber_dupbv( &tmpbv, &si->si_provideruri_bv[0] ); - ber_bvarray_add( &defref, &tmpbv ); - } - } else { - defref = op->o_bd->be_update_refs - ? op->o_bd->be_update_refs : default_referral; - } + BerVarray defref = op->o_bd->be_update_refs + ? op->o_bd->be_update_refs : default_referral; + if ( defref != NULL ) { rs->sr_ref = referral_rewrite( defref, NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT ); @@ -437,9 +428,8 @@ do_modrdn( if (rs->sr_ref != defref) ber_bvarray_free( rs->sr_ref ); } else { - send_ldap_error( op, rs, - LDAP_UNWILLING_TO_PERFORM, - "referral missing" ); + send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, + "shadow context; no update referral" ); } #endif } @@ -493,7 +483,7 @@ slap_modrdn2mods( assert( new_rdn != NULL ); assert( !op->orr_deleteoldrdn || old_rdn != NULL ); - repl_user = be_isupdate( op->o_bd, &op->o_ndn ); + repl_user = be_isupdate( op ); /* Add new attribute values to the entry */ for ( a_cnt = 0; new_rdn[a_cnt]; a_cnt++ ) { diff --git a/servers/slapd/overlays/pcache.c b/servers/slapd/overlays/pcache.c index 8b2d6a7dad..ff1964b7fc 100644 --- a/servers/slapd/overlays/pcache.c +++ b/servers/slapd/overlays/pcache.c @@ -1829,7 +1829,7 @@ proxy_cache_init( qm = (query_manager*)ch_malloc(sizeof(query_manager)); cm->db = *be; - cm->db.be_flags |= SLAP_BFLAG_NO_SCHEMA_CHECK; + SLAP_DBFLAGS(&cm->db) |= SLAP_DBFLAG_NO_SCHEMA_CHECK; cm->db.be_private = NULL; cm->qm = qm; cm->numattrsets = 0; @@ -1870,10 +1870,13 @@ proxy_cache_open( rc = cm->db.bd_info->bi_db_open( &cm->db ); } - ldap_pvt_thread_mutex_lock( &syncrepl_rq.rq_mutex ); - ldap_pvt_runqueue_insert( &syncrepl_rq, cm->cc_period, - consistency_check, on ); - ldap_pvt_thread_mutex_unlock( &syncrepl_rq.rq_mutex ); + /* There is no runqueue in TOOL mode */ + if ( slapMode & SLAP_SERVER_MODE ) { + ldap_pvt_thread_mutex_lock( &syncrepl_rq.rq_mutex ); + ldap_pvt_runqueue_insert( &syncrepl_rq, cm->cc_period, + consistency_check, on ); + ldap_pvt_thread_mutex_unlock( &syncrepl_rq.rq_mutex ); + } return rc; } diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c index bfb271b675..25d541d895 100644 --- a/servers/slapd/passwd.c +++ b/servers/slapd/passwd.c @@ -110,23 +110,25 @@ int passwd_extop( #ifndef SLAPD_MULTIMASTER /* This does not apply to multi-master case */ - if( op->o_bd->be_update_ndn.bv_len || - !LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) { + if(!( !SLAP_SHADOW( op->o_bd ) || be_isupdate( op ))) { /* we SHOULD return a referral in this case */ - BerVarray defref = NULL; - if ( !LDAP_STAILQ_EMPTY( &op->o_bd->be_syncinfo )) { - syncinfo_t *si; - LDAP_STAILQ_FOREACH( si, &op->o_bd->be_syncinfo, si_next ) { - struct berval tmpbv; - ber_dupbv( &tmpbv, &si->si_provideruri_bv[0] ); - ber_bvarray_add( &defref, &tmpbv ); - } - } else { - defref = referral_rewrite( op->o_bd->be_update_refs, + BerVarray defref = op->o_bd->be_update_refs + ? op->o_bd->be_update_refs : default_referral; + + if( defref != NULL ) { + rs->sr_ref = referral_rewrite( op->o_bd->be_update_refs, NULL, NULL, LDAP_SCOPE_DEFAULT ); + if(rs->sr_ref) { + rs->sr_flags |= REP_REF_MUSTBEFREED; + } else { + rs->sr_ref = defref; + } + return LDAP_REFERRAL; + } - rs->sr_ref = defref; - return LDAP_REFERRAL; + + rs->sr_text = "shadow context; no update referral"; + return LDAP_UNWILLING_TO_PERFORM; } #endif /* !SLAPD_MULTIMASTER */ diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index 2956c7ed70..d1c05ebc7a 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -222,10 +222,11 @@ LDAP_SLAPD_F (BackendDB *) select_backend LDAP_P(( LDAP_SLAPD_F (int) be_issuffix LDAP_P(( Backend *be, struct berval *suffix )); -LDAP_SLAPD_F (int) be_isroot LDAP_P(( Backend *be, - struct berval *ndn )); +LDAP_SLAPD_F (int) be_isroot LDAP_P(( Operation *op )); +LDAP_SLAPD_F (int) be_isroot_dn LDAP_P(( Backend *be, struct berval *ndn )); LDAP_SLAPD_F (int) be_isroot_pw LDAP_P(( Operation *op )); -LDAP_SLAPD_F (int) be_isupdate LDAP_P(( Backend *be, struct berval *ndn )); +LDAP_SLAPD_F (int) be_isupdate LDAP_P(( Operation *op )); +LDAP_SLAPD_F (int) be_isupdate_dn LDAP_P(( Backend *be, struct berval *ndn )); LDAP_SLAPD_F (struct berval *) be_root_dn LDAP_P(( Backend *be )); LDAP_SLAPD_F (int) be_entry_get_rw LDAP_P(( struct slap_op *o, struct berval *ndn, ObjectClass *oc, @@ -946,6 +947,7 @@ LDAP_SLAPD_F (int) slap_read_controls LDAP_P(( Operation *op, SlapReply *rs, LDAP_SLAPD_F (int) str2result LDAP_P(( char *s, int *code, char **matched, char **info )); +LDAP_SLAPD_F (int) slap_map_api2result LDAP_P(( SlapReply *rs )); /* * root_dse.c diff --git a/servers/slapd/result.c b/servers/slapd/result.c index 2f97e13ab4..ad555812ac 100644 --- a/servers/slapd/result.c +++ b/servers/slapd/result.c @@ -351,7 +351,7 @@ send_ldap_response( if (op->o_conn && op->o_conn->c_is_udp && op->o_protocol == LDAP_VERSION2 ) { - rc = ber_printf( ber, "t{ess" /*"}}"*/, + rc = ber_printf( ber, "t{ess" /*"}"*/, rs->sr_tag, rs->sr_err, rs->sr_matched == NULL ? "" : rs->sr_matched, rs->sr_text == NULL ? "" : rs->sr_text ); @@ -409,7 +409,9 @@ send_ldap_response( } #ifdef LDAP_CONNECTIONLESS - if( op->o_conn && op->o_conn->c_is_udp && op->o_protocol == LDAP_VERSION2 && rc != -1 ) { + if( op->o_conn && op->o_conn->c_is_udp && op->o_protocol == LDAP_VERSION2 + && rc != -1 ) + { rc = ber_printf( ber, /*"{"*/ "N}" ); } #endif @@ -426,7 +428,9 @@ send_ldap_response( #ifdef LDAP_CONNECTIONLESS if (!op->o_conn || op->o_conn->c_is_udp == 0) #endif - ber_free_buf( ber ); + { + ber_free_buf( ber ); + } goto cleanup; } @@ -435,7 +439,9 @@ send_ldap_response( #ifdef LDAP_CONNECTIONLESS if (!op->o_conn || op->o_conn->c_is_udp == 0) #endif - ber_free_buf( ber ); + { + ber_free_buf( ber ); + } if ( bytes < 0 ) { #ifdef NEW_LOGGING @@ -454,7 +460,8 @@ send_ldap_response( #ifdef LDAP_SLAPI if ( op->o_pb ) { slapi_pblock_set( op->o_pb, SLAPI_RESULT_CODE, (void *)rs->sr_err ); - slapi_pblock_set( op->o_pb, SLAPI_RESULT_MATCHED, (void *)rs->sr_matched ); + slapi_pblock_set( op->o_pb, SLAPI_RESULT_MATCHED, + (void *)rs->sr_matched ); slapi_pblock_set( op->o_pb, SLAPI_RESULT_TEXT, (void *)rs->sr_text ); } #endif /* LDAP_SLAPI */ @@ -475,6 +482,11 @@ cleanup: rs->sr_matched = NULL; } + if ( rs->sr_ref && rs->sr_flags & REP_REF_MUSTBEFREED ) { + ber_bvarray_free( rs->sr_ref ); + rs->sr_ref = NULL; + } + clean2: if (op->o_callback) { slap_callback *sc = op->o_callback; @@ -1655,3 +1667,50 @@ int slap_read_controls( **ctrl = c; return LDAP_SUCCESS; } + +/* Map API errors to protocol errors... */ +int +slap_map_api2result( SlapReply *rs ) +{ + switch(rs->sr_err) { + case LDAP_SERVER_DOWN: + return LDAP_UNAVAILABLE; + case LDAP_LOCAL_ERROR: + return LDAP_OTHER; + case LDAP_ENCODING_ERROR: + case LDAP_DECODING_ERROR: + return LDAP_PROTOCOL_ERROR; + case LDAP_TIMEOUT: + return LDAP_UNAVAILABLE; + case LDAP_AUTH_UNKNOWN: + return LDAP_AUTH_METHOD_NOT_SUPPORTED; + case LDAP_FILTER_ERROR: + rs->sr_text = "Filter error"; + return LDAP_OTHER; + case LDAP_USER_CANCELLED: + rs->sr_text = "User cancelled"; + return LDAP_OTHER; + case LDAP_PARAM_ERROR: + return LDAP_PROTOCOL_ERROR; + case LDAP_NO_MEMORY: + return LDAP_OTHER; + case LDAP_CONNECT_ERROR: + return LDAP_UNAVAILABLE; + case LDAP_NOT_SUPPORTED: + return LDAP_UNWILLING_TO_PERFORM; + case LDAP_CONTROL_NOT_FOUND: + return LDAP_PROTOCOL_ERROR; + case LDAP_NO_RESULTS_RETURNED: + return LDAP_NO_SUCH_OBJECT; + case LDAP_MORE_RESULTS_TO_RETURN: + rs->sr_text = "More results to return"; + return LDAP_OTHER; + case LDAP_CLIENT_LOOP: + case LDAP_REFERRAL_LIMIT_EXCEEDED: + return LDAP_LOOP_DETECT; + default: + if ( LDAP_API_ERROR(rs->sr_err) ) return LDAP_OTHER; + return rs->sr_err; + } +} + diff --git a/servers/slapd/root_dse.c b/servers/slapd/root_dse.c index d5ef3f54d4..9761bdfbfc 100644 --- a/servers/slapd/root_dse.c +++ b/servers/slapd/root_dse.c @@ -124,7 +124,7 @@ root_dse_info( /* no suffix! */ continue; } - if ( backends[i].be_flags & SLAP_BFLAG_MONITOR ) { + if ( SLAP_MONITOR( &backends[i] )) { vals[0] = backends[i].be_suffix[0]; nvals[0] = backends[i].be_nsuffix[0]; if( attr_merge( e, ad_monitorContext, vals, nvals ) ) { diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c index 61d9234a1d..cffc17423c 100644 --- a/servers/slapd/sasl.c +++ b/servers/slapd/sasl.c @@ -334,7 +334,7 @@ typedef struct lookup_info { sasl_server_params_t *sparams; } lookup_info; -static slap_response sasl_ap_lookup, sasl_cb_checkpass; +static slap_response sasl_ap_lookup; static int sasl_ap_lookup( Operation *op, SlapReply *rs ) @@ -617,116 +617,6 @@ slap_auxprop_init( return SASL_OK; } -typedef struct checkpass_info { - int rc; - struct berval cred; -} checkpass_info; - -static int -sasl_cb_checkpass( Operation *op, SlapReply *rs ) -{ - slap_callback *tmp = op->o_callback; - checkpass_info *ci = tmp->sc_private; - Attribute *a; - struct berval *bv; - - if (rs->sr_type != REP_SEARCH) return 0; - - ci->rc = SASL_NOVERIFY; - - a = attr_find( rs->sr_entry->e_attrs, slap_schema.si_ad_userPassword ); - if ( !a ) return 0; - if ( ! access_allowed( op, rs->sr_entry, slap_schema.si_ad_userPassword, - NULL, ACL_AUTH, NULL ) ) - { - return 0; - } - - for ( bv = a->a_vals; bv->bv_val != NULL; bv++ ) { - if ( !lutil_passwd( bv, &ci->cred, NULL, &rs->sr_text ) ) { - ci->rc = SASL_OK; - break; - } - } - return 0; -} - -static int -slap_sasl_checkpass( - sasl_conn_t *sconn, - void *context, - const char *username, - const char *pass, - unsigned passlen, - struct propctx *propctx) -{ - Connection *conn = (Connection *)context; - Operation op = {0}; - int rc; - checkpass_info ci; - - ci.rc = SASL_NOUSER; - - /* SASL will fallback to its own mechanisms if we don't - * find an answer here. - */ - - rc = slap_sasl_getdn( conn, NULL, (char *)username, 0, NULL, &op.o_req_ndn, - SLAP_GETDN_AUTHCID ); - if ( rc != LDAP_SUCCESS ) { - sasl_seterror( sconn, 0, ldap_err2string( rc ) ); - return SASL_NOUSER; - } - - if ( op.o_req_ndn.bv_len == 0 ) { - sasl_seterror( sconn, 0, - "No password is associated with the Root DSE" ); - if ( op.o_req_ndn.bv_val != NULL ) { - ch_free( op.o_req_ndn.bv_val ); - } - return SASL_NOUSER; - } - - op.o_bd = select_backend( &op.o_req_ndn, 0, 1 ); - if ( op.o_bd && op.o_bd->be_search ) { - slap_callback cb = { NULL, sasl_cb_checkpass, NULL, NULL }; - SlapReply rs = {REP_RESULT}; - - ci.cred.bv_val = (char *)pass; - ci.cred.bv_len = passlen; - - cb.sc_private = &ci; - op.o_tag = LDAP_REQ_SEARCH; - op.o_protocol = LDAP_VERSION3; - op.o_ndn = conn->c_ndn; - op.o_callback = &cb; - op.o_time = slap_get_time(); - op.o_do_not_cache = 1; - op.o_is_auth_check = 1; - op.o_threadctx = conn->c_sasl_bindop->o_threadctx; - op.o_tmpmemctx = conn->c_sasl_bindop->o_tmpmemctx; - op.o_tmpmfuncs = conn->c_sasl_bindop->o_tmpmfuncs; - op.o_conn = conn; - op.o_connid = conn->c_connid; - op.o_req_dn = op.o_req_ndn; - op.ors_scope = LDAP_SCOPE_BASE; - op.ors_deref = LDAP_DEREF_NEVER; - op.ors_slimit = 1; - op.ors_filter = &generic_filter; - op.ors_filterstr = generic_filterstr; - - op.o_bd->be_search( &op, &rs ); - } - if ( ci.rc != SASL_OK ) { - sasl_seterror( sconn, 0, - ldap_err2string( LDAP_INVALID_CREDENTIALS ) ); - } - - ch_free( op.o_req_ndn.bv_val ); - - return ci.rc; -} - /* Convert a SASL authcid or authzid into a DN. Store the DN in an * auxiliary property, so that we can refer to it in sasl_authorize * without interfering with anything else. Also, the SASL username @@ -1265,11 +1155,6 @@ int slap_sasl_open( Connection *conn, int reopen ) session_callbacks[cb].id = SASL_CB_CANON_USER; session_callbacks[cb].proc = &slap_sasl_canonicalize; session_callbacks[cb++].context = conn; - - /* XXXX: this should be conditional */ - session_callbacks[cb].id = SASL_CB_SERVER_USERDB_CHECKPASS; - session_callbacks[cb].proc = &slap_sasl_checkpass; - session_callbacks[cb++].context = conn; #endif session_callbacks[cb].id = SASL_CB_LIST_END; diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c index 40b454d82f..48ab0e9004 100644 --- a/servers/slapd/saslauthz.c +++ b/servers/slapd/saslauthz.c @@ -1000,7 +1000,9 @@ int slap_sasl_authorized( Operation *op, } /* Allow the manager to authorize as any DN. */ - if( op->o_conn->c_authz_backend && be_isroot( op->o_conn->c_authz_backend, authcDN )) { + if( op->o_conn->c_authz_backend && + be_isroot_dn( op->o_conn->c_authz_backend, authcDN )) + { rc = LDAP_SUCCESS; goto DONE; } diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c index e424f6310c..e6169e44f5 100644 --- a/servers/slapd/schema_init.c +++ b/servers/slapd/schema_init.c @@ -2557,6 +2557,139 @@ generalizedTimeOrderingMatch( return LDAP_SUCCESS; } +static int +deliveryMethodValidate( + Syntax *syntax, + struct berval *val ) +{ +#undef LENOF +#define LENOF(s) (sizeof(s)-1) + struct berval tmp = *val; + /* + * DeliveryMethod = pdm *( WSP DOLLAR WSP DeliveryMethod ) + * pdm = "any" / "mhs" / "physical" / "telex" / "teletex" / + * "g3fax" / "g4fax" / "ia5" / "videotex" / "telephone" + */ +again: + if( tmp.bv_len < 3 ) return LDAP_INVALID_SYNTAX; + + switch( tmp.bv_val[0] ) { + case 'a': + case 'A': + if(( tmp.bv_len >= LENOF("any") ) && + ( strncasecmp(tmp.bv_val, "any", LENOF("any")) == 0 )) + { + tmp.bv_len -= LENOF("any"); + tmp.bv_val += LENOF("any"); + break; + } + return LDAP_INVALID_SYNTAX; + + case 'm': + case 'M': + if(( tmp.bv_len >= LENOF("mhs") ) && + ( strncasecmp(tmp.bv_val, "mhs", LENOF("mhs")) == 0 )) + { + tmp.bv_len -= LENOF("mhs"); + tmp.bv_val += LENOF("mhs"); + break; + } + return LDAP_INVALID_SYNTAX; + + case 'p': + case 'P': + if(( tmp.bv_len >= LENOF("physical") ) && + ( strncasecmp(tmp.bv_val, "physical", LENOF("physical")) == 0 )) + { + tmp.bv_len -= LENOF("physical"); + tmp.bv_val += LENOF("physical"); + break; + } + return LDAP_INVALID_SYNTAX; + + case 't': + case 'T': /* telex or teletex or telephone */ + if(( tmp.bv_len >= LENOF("telex") ) && + ( strncasecmp(tmp.bv_val, "telex", LENOF("telex")) == 0 )) + { + tmp.bv_len -= LENOF("telex"); + tmp.bv_val += LENOF("telex"); + break; + } + if(( tmp.bv_len >= LENOF("teletex") ) && + ( strncasecmp(tmp.bv_val, "teletex", LENOF("teletex")) == 0 )) + { + tmp.bv_len -= LENOF("teletex"); + tmp.bv_val += LENOF("teletex"); + break; + } + if(( tmp.bv_len >= LENOF("telephone") ) && + ( strncasecmp(tmp.bv_val, "telephone", LENOF("telephone")) == 0 )) + { + tmp.bv_len -= LENOF("telephone"); + tmp.bv_val += LENOF("telephone"); + break; + } + return LDAP_INVALID_SYNTAX; + + case 'g': + case 'G': /* g3fax or g4fax */ + if(( tmp.bv_len >= LENOF("g3fax") ) && ( + ( strncasecmp(tmp.bv_val, "g3fax", LENOF("g3fax")) == 0 ) || + ( strncasecmp(tmp.bv_val, "g4fax", LENOF("g4fax")) == 0 ))) + { + tmp.bv_len -= LENOF("g3fax"); + tmp.bv_val += LENOF("g3fax"); + break; + } + return LDAP_INVALID_SYNTAX; + + case 'i': + case 'I': + if(( tmp.bv_len >= LENOF("ia5") ) && + ( strncasecmp(tmp.bv_val, "ia5", LENOF("ia5")) == 0 )) + { + tmp.bv_len -= LENOF("ia5"); + tmp.bv_val += LENOF("ia5"); + break; + } + return LDAP_INVALID_SYNTAX; + + case 'v': + case 'V': + if(( tmp.bv_len >= LENOF("videotex") ) && + ( strncasecmp(tmp.bv_val, "videotex", LENOF("videotex")) == 0 )) + { + tmp.bv_len -= LENOF("videotex"); + tmp.bv_val += LENOF("videotex"); + break; + } + return LDAP_INVALID_SYNTAX; + + default: + return LDAP_INVALID_SYNTAX; + } + + if( tmp.bv_len == 0 ) return LDAP_SUCCESS; + + while( tmp.bv_len && ( tmp.bv_val[0] == ' ' )) { + tmp.bv_len++; + tmp.bv_val--; + } + if( tmp.bv_len && ( tmp.bv_val[0] == '$' )) { + tmp.bv_len++; + tmp.bv_val--; + } else { + return LDAP_INVALID_SYNTAX; + } + while( tmp.bv_len && ( tmp.bv_val[0] == ' ' )) { + tmp.bv_len++; + tmp.bv_val--; + } + + goto again; +} + static int nisNetgroupTripleValidate( Syntax *syntax, @@ -2740,7 +2873,7 @@ static slap_syntax_defs_rec syntax_defs[] = { {"( 1.3.6.1.4.1.1466.115.121.1.13 DESC 'Data Quality' )", 0, NULL, NULL}, {"( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'Delivery Method' )", - 0, NULL, NULL}, + 0, deliveryMethodValidate, NULL}, {"( 1.3.6.1.4.1.1466.115.121.1.15 DESC 'Directory String' )", 0, UTF8StringValidate, NULL}, {"( 1.3.6.1.4.1.1466.115.121.1.16 DESC 'DIT Content Rule Description' )", diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index fe07730bee..d7832fcd53 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -530,8 +530,8 @@ typedef struct slap_matching_rule { */ struct slap_matching_rule *smr_associated; -#define SLAP_MR_ASSOCIATED(mr,amr) (((mr) == (amr)) || \ - ((mr)->smr_associated == (amr))) +#define SLAP_MR_ASSOCIATED(mr,amr) \ + (((mr) == (amr)) || ((mr)->smr_associated == (amr))) LDAP_SLIST_ENTRY(slap_matching_rule)smr_next; @@ -1395,6 +1395,9 @@ typedef struct syncinfo_s { struct slap_backend_db { BackendInfo *bd_info; /* pointer to shared backend info */ + /* fields in this structure (and routines acting on this structure) + should be renamed from be_ to bd_ */ + /* BackendInfo accessors */ #define be_config bd_info->bi_db_config #define be_type bd_info->bi_type @@ -1412,9 +1415,9 @@ struct slap_backend_db { #define be_extended bd_info->bi_extended +#define be_chk_referrals bd_info->bi_chk_referrals #define be_fetch bd_info->bi_entry_get_rw #define be_release bd_info->bi_entry_release_rw -#define be_chk_referrals bd_info->bi_chk_referrals #define be_group bd_info->bi_acl_group #define be_attribute bd_info->bi_acl_attribute #define be_operational bd_info->bi_operational @@ -1445,33 +1448,26 @@ struct slap_backend_db { #define be_entry_modify bd_info->bi_tool_entry_modify #endif -#define SLAP_BFLAG_NOLASTMOD 0x0001U -#define SLAP_BFLAG_NO_SCHEMA_CHECK 0x0002U -#define SLAP_BFLAG_GLUE_INSTANCE 0x0010U /* a glue backend */ -#define SLAP_BFLAG_GLUE_SUBORDINATE 0x0020U /* child of a glue hierarchy */ -#define SLAP_BFLAG_GLUE_LINKED 0x0040U /* child is connected to parent */ -#define SLAP_BFLAG_MONITOR 0x0080U /* a monitor backend */ -#define SLAP_BFLAG_INCREMENT 0x0100U -#define SLAP_BFLAG_ALIASES 0x1000U -#define SLAP_BFLAG_REFERRALS 0x2000U -#define SLAP_BFLAG_SUBENTRIES 0x4000U -#define SLAP_BFLAG_DYNAMIC 0x8000U +/* Database flags */ +#define SLAP_DBFLAG_NOLASTMOD 0x0001U +#define SLAP_DBFLAG_NO_SCHEMA_CHECK 0x0002U +#define SLAP_DBFLAG_GLUE_INSTANCE 0x0010U /* a glue backend */ +#define SLAP_DBFLAG_GLUE_SUBORDINATE 0x0020U /* child of a glue hierarchy */ +#define SLAP_DBFLAG_GLUE_LINKED 0x0040U /* child is connected to parent */ +#define SLAP_DBFLAG_SHADOW 0x8000U /* a shadow */ slap_mask_t be_flags; -#define SLAP_LASTMOD(be) (!((be)->be_flags & SLAP_BFLAG_NOLASTMOD)) -#define SLAP_NO_SCHEMA_CHECK(be) (((be)->be_flags & SLAP_BFLAG_NO_SCHEMA_CHECK)) -#define SLAP_GLUE_INSTANCE(be) ((be)->be_flags & SLAP_BFLAG_GLUE_INSTANCE) -#define SLAP_GLUE_SUBORDINATE(be) \ - ((be)->be_flags & SLAP_BFLAG_GLUE_SUBORDINATE) -#define SLAP_GLUE_LINKED(be) ((be)->be_flags & SLAP_BFLAG_GLUE_LINKED) - -#define SLAP_MONITOR(be) ((be)->be_flags & SLAP_BFLAG_MONITOR) -#define SLAP_INCREMENT(be) ((be)->be_flags & SLAP_BFLAG_INCREMENT) - -#define SLAP_ALIASES(be) ((be)->be_flags & SLAP_BFLAG_ALIASES) -#define SLAP_REFERRALS(be) ((be)->be_flags & SLAP_BFLAG_REFERRALS) -#define SLAP_SUBENTRIES(be) ((be)->be_flags & SLAP_BFLAG_SUBENTRIES) -#define SLAP_DYNAMIC(be) ((be)->be_flags & SLAP_BFLAG_DYNAMIC) - +#define SLAP_DBFLAGS(be) ((be)->be_flags) +#define SLAP_NOLASTMOD(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_NOLASTMOD) +#define SLAP_LASTMOD(be) (!SLAP_NOLASTMOD(be)) +#define SLAP_NO_SCHEMA_CHECK(be) \ + (SLAP_DBFLAGS(be) & SLAP_DBFLAG_NO_SCHEMA_CHECK) +#define SLAP_GLUE_INSTANCE(be) \ + (SLAP_DBFLAGS(be) & SLAP_DBFLAG_GLUE_INSTANCE) +#define SLAP_GLUE_SUBORDINATE(be) \ + (SLAP_DBFLAGS(be) & SLAP_DBFLAG_GLUE_SUBORDINATE) +#define SLAP_GLUE_LINKED(be) \ + (SLAP_DBFLAGS(be) & SLAP_DBFLAG_GLUE_LINKED) +#define SLAP_SHADOW(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SHADOW) slap_mask_t be_restrictops; /* restriction operations */ #define SLAP_RESTRICT_OP_ADD 0x0001U @@ -1517,7 +1513,6 @@ struct slap_backend_db { /* Required Security Strength Factor */ slap_ssf_set_t be_ssf_set; - /* these should be renamed from be_ to bd_ */ BerVarray be_suffix; /* the DN suffixes of data in this backend */ BerVarray be_nsuffix; /* the normalized DN suffixes in this backend */ struct berval be_schemadn; /* per-backend subschema subentry DN */ @@ -1532,19 +1527,22 @@ struct slap_backend_db { struct slap_limits **be_limits; /* regex-based size and time limits */ AccessControl *be_acl; /* access control list for this backend */ slap_access_t be_dfltaccess; /* access given if no acl matches */ + + /* Replica Information */ struct slap_replica_info **be_replica; /* replicas of this backend (in master) */ char *be_replogfile; /* replication log file (in master) */ struct berval be_update_ndn; /* allowed to make changes (in replicas) */ BerVarray be_update_refs; /* where to refer modifying clients to */ - char *be_realm; - void *be_private; /* anything the backend database needs */ - - void *be_pb; /* Netscape plugin */ LDAP_TAILQ_HEAD( be_pcl, slap_csn_entry ) be_pending_csn_list; ldap_pvt_thread_mutex_t be_pcl_mutex; struct berval be_context_csn; ldap_pvt_thread_mutex_t be_context_csn_mutex; LDAP_STAILQ_HEAD( be_si, syncinfo_s ) be_syncinfo; /* For syncrepl */ + + char *be_realm; + void *be_pb; /* Netscape plugin */ + + void *be_private; /* anything the backend database needs */ }; struct slap_conn; @@ -1664,9 +1662,10 @@ typedef struct slap_rep { rep_search_s sru_search; } sr_un; slap_mask_t sr_flags; -#define REP_ENTRY_MODIFIABLE 0x00000001 -#define REP_ENTRY_MUSTBEFREED 0x00000002 -#define REP_MATCHED_MUSTBEFREED 0x00000010 +#define REP_ENTRY_MODIFIABLE 0x0001U +#define REP_ENTRY_MUSTBEFREED 0x0002U +#define REP_MATCHED_MUSTBEFREED 0x0010U +#define REP_REF_MUSTBEFREED 0x0020U } SlapReply; /* short hands for response members */ @@ -1688,18 +1687,23 @@ typedef int (BI_op_add) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); typedef int (BI_op_delete) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); typedef int (BI_op_abandon) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); typedef int (BI_op_cancel) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); -typedef int (BI_op_extended) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); -typedef int (BI_entry_release_rw) LDAP_P(( struct slap_op *op, Entry *e, int rw )); +typedef int (BI_op_extended) LDAP_P(( + struct slap_op *op, struct slap_rep *rs )); +typedef int (BI_chk_referrals) LDAP_P(( + struct slap_op *op, struct slap_rep *rs )); +typedef int (BI_entry_release_rw) + LDAP_P(( struct slap_op *op, Entry *e, int rw )); typedef int (BI_entry_get_rw) LDAP_P(( struct slap_op *op, struct berval *ndn, ObjectClass *oc, AttributeDescription *at, int rw, Entry **e )); -typedef int (BI_chk_referrals) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); -typedef int (BI_operational) LDAP_P(( struct slap_op *op, struct slap_rep *rs, int opattrs, Attribute **ap )); -typedef int (BI_has_subordinates) LDAP_P(( struct slap_op *op, Entry *e, int *hasSubs )); +typedef int (BI_operational) LDAP_P(( struct slap_op *op, struct slap_rep *rs, + int opattrs, Attribute **ap )); +typedef int (BI_has_subordinates) LDAP_P(( struct slap_op *op, + Entry *e, int *hasSubs )); -typedef int (BI_connection_init) LDAP_P((BackendDB *bd, - struct slap_conn *c)); -typedef int (BI_connection_destroy) LDAP_P((BackendDB *bd, - struct slap_conn *c)); +typedef int (BI_connection_init) LDAP_P(( BackendDB *bd, + struct slap_conn *c )); +typedef int (BI_connection_destroy) LDAP_P(( BackendDB *bd, + struct slap_conn *c )); typedef int (BI_tool_entry_open) LDAP_P(( BackendDB *be, int mode )); typedef int (BI_tool_entry_close) LDAP_P(( BackendDB *be )); @@ -1707,13 +1711,13 @@ typedef ID (BI_tool_entry_first) LDAP_P(( BackendDB *be )); typedef ID (BI_tool_entry_next) LDAP_P(( BackendDB *be )); typedef Entry* (BI_tool_entry_get) LDAP_P(( BackendDB *be, ID id )); typedef ID (BI_tool_entry_put) LDAP_P(( BackendDB *be, Entry *e, - struct berval *text )); + struct berval *text )); typedef int (BI_tool_entry_reindex) LDAP_P(( BackendDB *be, ID id )); typedef int (BI_tool_sync) LDAP_P(( BackendDB *be )); typedef ID (BI_tool_dn2id_get) LDAP_P(( BackendDB *be, struct berval *dn )); typedef int (BI_tool_id2entry_get) LDAP_P(( BackendDB *be, ID id, Entry **e )); typedef ID (BI_tool_entry_modify) LDAP_P(( BackendDB *be, Entry *e, - struct berval *text )); + struct berval *text )); struct slap_backend_info { char *bi_type; /* type of backend */ @@ -1787,9 +1791,9 @@ struct slap_backend_info { BI_op_extended *bi_extended; /* Auxilary Functions */ + BI_chk_referrals *bi_chk_referrals; BI_entry_get_rw *bi_entry_get_rw; BI_entry_release_rw *bi_entry_release_rw; - BI_chk_referrals *bi_chk_referrals; BI_operational *bi_operational; BI_has_subordinates *bi_has_subordinates; @@ -1813,6 +1817,22 @@ struct slap_backend_info { #define SLAP_INDEX_ADD_OP 0x0001 #define SLAP_INDEX_DELETE_OP 0x0002 + slap_mask_t bi_flags; /* backend flags */ +#define SLAP_BFLAG_MONITOR 0x0001U /* a monitor backend */ +#define SLAP_BFLAG_INCREMENT 0x0100U +#define SLAP_BFLAG_ALIASES 0x1000U +#define SLAP_BFLAG_REFERRALS 0x2000U +#define SLAP_BFLAG_SUBENTRIES 0x4000U +#define SLAP_BFLAG_DYNAMIC 0x8000U + +#define SLAP_BFLAGS(be) ((be)->bd_info->bi_flags) +#define SLAP_MONITOR(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_MONITOR) +#define SLAP_INCREMENT(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_INCREMENT) +#define SLAP_ALIASES(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_ALIASES) +#define SLAP_REFERRALS(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_REFERRALS) +#define SLAP_SUBENTRIES(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_SUBENTRIES) +#define SLAP_DYNAMIC(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_DYNAMIC) + char **bi_controls; /* supported controls */ unsigned int bi_nDB; /* number of databases of this type */ @@ -1874,7 +1894,6 @@ typedef struct slap_paged_state { ID ps_id; } PagedResultsState; - #define LDAP_PSEARCH_BY_ADD 0x01 #define LDAP_PSEARCH_BY_DELETE 0x02 #define LDAP_PSEARCH_BY_PREMODIFY 0x03 @@ -1902,13 +1921,13 @@ struct slap_session_entry { }; struct slap_csn_entry { - struct berval *csn; - unsigned long opid; - unsigned long connid; + struct berval *ce_csn; + unsigned long ce_opid; + unsigned long ce_connid; #define SLAP_CSN_PENDING 1 #define SLAP_CSN_COMMIT 2 - long state; - LDAP_TAILQ_ENTRY (slap_csn_entry) csn_link; + long ce_state; + LDAP_TAILQ_ENTRY (slap_csn_entry) ce_csn_link; }; /* diff --git a/servers/slapd/slapcommon.c b/servers/slapd/slapcommon.c index 996536b4f8..4944272d91 100644 --- a/servers/slapd/slapcommon.c +++ b/servers/slapd/slapcommon.c @@ -302,6 +302,11 @@ slap_tool_init( exit( EXIT_FAILURE ); } + if ( overlay_init() ) { + fprintf( stderr, "%s: overlay_init failed!\n", progname ); + exit( EXIT_FAILURE ); + } + rc = read_config( conffile, 0 ); if ( rc != 0 ) { diff --git a/servers/slapd/slapi/slapi_ops.c b/servers/slapd/slapi/slapi_ops.c index db3ecb7d2e..5d0c93675b 100644 --- a/servers/slapd/slapi/slapi_ops.c +++ b/servers/slapd/slapi/slapi_ops.c @@ -444,7 +444,7 @@ slapi_int_ldapmod_to_entry( if ( op->o_bd == NULL ) { rc = LDAP_PARTIAL_RESULTS; } else { - int repl_user = be_isupdate( op->o_bd, &op->o_bd->be_rootdn ); + int repl_user = be_isupdate_dn( op->o_bd, &op->o_bd->be_rootdn ); if ( !op->o_bd->be_update_ndn.bv_len || repl_user ) { int update = op->o_bd->be_update_ndn.bv_len; char textbuf[SLAP_TEXT_BUFLEN]; @@ -557,7 +557,7 @@ slapi_delete_internal( op->o_ndn = pConn->c_ndn = op->o_bd->be_rootndn; if ( op->o_bd->be_delete ) { - int repl_user = be_isupdate( op->o_bd, &op->o_ndn ); + int repl_user = be_isupdate( op ); if ( !op->o_bd->be_update_ndn.bv_len || repl_user ) { slap_callback cb = { NULL, slap_replog_cb, NULL, NULL }; if ( log_change ) op->o_callback = &cb; @@ -636,7 +636,7 @@ slapi_int_add_entry_locked( op->oq_add.rs_e = *e; if ( op->o_bd->be_add ) { - int repl_user = be_isupdate( op->o_bd, &op->o_ndn ); + int repl_user = be_isupdate( op ); if ( !op->o_bd->be_update_ndn.bv_len || repl_user ) { slap_callback cb = { NULL, slap_replog_cb, NULL, NULL }; if ( log_changes ) op->o_callback = &cb; @@ -827,7 +827,7 @@ slapi_modrdn_internal( op->oq_modrdn.rs_deleteoldrdn = deloldrdn; if ( op->o_bd->be_modrdn ) { - int repl_user = be_isupdate( op->o_bd, &op->o_ndn ); + int repl_user = be_isupdate( op ); if ( !op->o_bd->be_update_ndn.bv_len || repl_user ) { slap_callback cb = { NULL, slap_replog_cb, NULL, NULL }; if ( log_change ) op->o_callback = &cb; @@ -1018,7 +1018,7 @@ slapi_modify_internal( op->oq_modify.rs_modlist = modlist; if ( op->o_bd->be_modify ) { - int repl_user = be_isupdate( op->o_bd, &op->o_ndn ); + int repl_user = be_isupdate( op ); if ( !op->o_bd->be_update_ndn.bv_len || repl_user ) { int update = op->o_bd->be_update_ndn.bv_len; const char *text = NULL; diff --git a/servers/slapd/slapi/slapi_utils.c b/servers/slapd/slapi/slapi_utils.c index 3944a4c81c..e95c107795 100644 --- a/servers/slapd/slapi/slapi_utils.c +++ b/servers/slapd/slapi/slapi_utils.c @@ -2461,8 +2461,8 @@ int slapi_int_pblock_set_operation( Slapi_PBlock *pb, Operation *op ) char *opAuthType; if ( op->o_bd != NULL ) { - isRoot = be_isroot( op->o_bd, &op->o_ndn ); - isUpdateDn = be_isupdate( op->o_bd, &op->o_ndn ); + isRoot = be_isroot( op ); + isUpdateDn = be_isupdate( op ); } rc = slapi_int_pblock_set_backend( pb, op->o_bd ); diff --git a/servers/slapd/syncrepl.c b/servers/slapd/syncrepl.c index 951841b9e8..88da2c36d2 100644 --- a/servers/slapd/syncrepl.c +++ b/servers/slapd/syncrepl.c @@ -1622,7 +1622,7 @@ syncrepl_updateCookie( ber_dupbv( &cnbva[0], (struct berval *) &slap_syncrepl_bvc ); assert( si->si_rid < 1000 ); cnbva[0].bv_len = snprintf( cnbva[0].bv_val, - slap_syncrepl_bvc.bv_len, + slap_syncrepl_bvc.bv_len + 1, "syncrepl%ld", si->si_rid ); mod = (Modifications *) ch_calloc( 1, sizeof( Modifications )); mod->sml_op = LDAP_MOD_REPLACE; @@ -1675,7 +1675,7 @@ syncrepl_updateCookie( slap_syncrepl_cn_bv.bv_val = syncrepl_cbuf; assert( si->si_rid < 1000 ); slap_syncrepl_cn_bv.bv_len = snprintf( slap_syncrepl_cn_bv.bv_val, - slap_syncrepl_cn_bvc.bv_len, + slap_syncrepl_cn_bvc.bv_len + 1, "cn=syncrepl%ld", si->si_rid ); build_new_dn( &slap_syncrepl_dn_bv, pdn, &slap_syncrepl_cn_bv, -- 2.39.2