More Quanah suggested patches

+       Fixed slapadd cn=config issue (ITS#4194)
+       Fixed slapd dynacl tgrant/tdeny initialization
+       Fixed slapd backglue issue (ITS#4529)

CHANGES

@@ -8,10 +8,13 @@ OpenLDAP 2.3.22 Engineering
 	Fixed liblutil strtoul(3) usage (ITS#4503)
 	Updated ldapsearch(1) BASE output (ITS#4504)
 	Fixed slapd cn=config (ITS#4512)
+	Fixed slapadd cn=config issue (ITS#4194)
 	Fixed slapd thread pool init issue (ITS#4513)
 	Fixed slapd cn=config olcLimits (ITS#4515)
 	Fixed slapd cn=config ACL application fix
 	Fixed slapd runqueue use of freed memory (ITS#4517)
+	Fixed slapd dynacl tgrant/tdeny initialization
+	Fixed slapd backglue issue (ITS#4529)
 	Added slapd syncrepl mandatory searchbase check
 	Fixed slapo-accesslog bugs
 	Added slapo-accesslog oldReq feature

servers/slapd/acl.c

@@ -1961,15 +1961,15 @@ slap_acl_mask(
 			}
 
 			/* start out with nothing granted, nothing denied */
-			ACL_INIT(tgrant);
-			ACL_INIT(tdeny);
+			ACL_INVALIDATE(tgrant);
+			ACL_INVALIDATE(tdeny);
 
 			for ( da = b->a_dynacl; da; da = da->da_next ) {
 				slap_access_t	grant,
 						deny;
 
-				ACL_INIT(grant);
-				ACL_INIT(deny);
+				ACL_INVALIDATE(grant);
+				ACL_INVALIDATE(deny);
 
 				Debug( LDAP_DEBUG_ACL, "    <= check a_dynacl: %s\n",
 					da->da_name, 0, 0 );

servers/slapd/ad.c

@@ -124,20 +124,21 @@ int slap_str2ad(
 }
 
 static char *strchrlen(
-	const char *p, 
+	const char *beg, 
+	const char *end,
 	const char ch, 
 	int *len )
 {
-	int i;
+	const char *p;
 
-	for( i=0; p[i]; i++ ) {
-		if( p[i] == ch ) {
-			*len = i;
-			return (char *) &p[i];
+	for( p=beg; *p && p < end; p++ ) {
+		if( *p == ch ) {
+			*len = p - beg;
+			return (char *) p;
 		}
 	}
 
-	*len = i;
+	*len = p - beg;
 	return NULL;
 }
 
@@ -148,7 +149,7 @@ int slap_bv2ad(
 {
 	int rtn = LDAP_UNDEFINED_TYPE;
 	AttributeDescription desc, *d2;
-	char *name, *options;
+	char *name, *options, *optn;
 	char *opt, *next;
 	int ntags;
 	int tagslen;
@@ -201,11 +202,12 @@ int slap_bv2ad(
 	ntags = 0;
 	memset( tags, 0, sizeof( tags ));
 	tagslen = 0;
+	optn = bv->bv_val + bv->bv_len;
 
 	for( opt=options; opt != NULL; opt=next ) {
 		int optlen;
 		opt++; 
-		next = strchrlen( opt, ';', &optlen );
+		next = strchrlen( opt, optn, ';', &optlen );
 
 		if( optlen == 0 ) {
 			*text = "zero length option is invalid";
@@ -443,19 +445,21 @@ static int is_ad_subtags(
 	struct berval *subtagsbv, 
 	struct berval *suptagsbv )
 {
-	const char *suptags, *supp, *supdelimp;
-	const char *subtags, *subp, *subdelimp;
+	const char *suptags, *supp, *supdelimp, *supn;
+	const char *subtags, *subp, *subdelimp, *subn;
 	int  suplen, sublen;
 
 	subtags =subtagsbv->bv_val;
 	suptags =suptagsbv->bv_val;
+	subn = subtags + subtagsbv->bv_len;
+	supn = suptags + suptagsbv->bv_len;
 
 	for( supp=suptags ; supp; supp=supdelimp ) {
-		supdelimp = strchrlen( supp, ';', &suplen );
+		supdelimp = strchrlen( supp, supn, ';', &suplen );
 		if( supdelimp ) supdelimp++;
 
 		for( subp=subtags ; subp; subp=subdelimp ) {
-			subdelimp = strchrlen( subp, ';', &sublen );
+			subdelimp = strchrlen( subp, subn, ';', &sublen );
 			if( subdelimp ) subdelimp++;
 
 			if ( suplen > sublen

servers/slapd/backglue.c

@@ -294,7 +294,7 @@ glue_op_search ( Operation *op, SlapReply *rs )
 	BackendDB *b1 = NULL, *btmp;
 	BackendInfo *bi0 = op->o_bd->bd_info;
 	int i;
-	long stoptime = 0;
+	long stoptime = 0, starttime;
 	glue_state gs = {NULL, NULL, NULL, 0, 0, 0, 0};
 	slap_callback cb = { NULL, glue_op_response, NULL, NULL };
 	int scope0, tlimit0;
@@ -304,6 +304,7 @@ glue_op_search ( Operation *op, SlapReply *rs )
 
 	cb.sc_next = op->o_callback;
 
+	starttime = op->o_time;
 	stoptime = slap_get_time () + op->ors_tlimit;
 
 	op->o_bd = glue_back_select (b0, &op->o_req_ndn);
@@ -347,7 +348,8 @@ glue_op_search ( Operation *op, SlapReply *rs )
 			if (!dnIsSuffix(&btmp->be_nsuffix[0], &b1->be_nsuffix[0]))
 				continue;
 			if (tlimit0 != SLAP_NO_LIMIT) {
-				op->ors_tlimit = stoptime - slap_get_time ();
+				op->o_time = slap_get_time();
+				op->ors_tlimit = stoptime - op->o_time;
 				if (op->ors_tlimit <= 0) {
 					rs->sr_err = gs.err = LDAP_TIMELIMIT_EXCEEDED;
 					break;
@@ -419,6 +421,7 @@ glue_op_search ( Operation *op, SlapReply *rs )
 end_of_loop:;
 		op->ors_scope = scope0;
 		op->ors_tlimit = tlimit0;
+		op->o_time = starttime;
 		op->o_req_dn = dn;
 		op->o_req_ndn = ndn;
 

servers/slapd/bconfig.c

@@ -3015,10 +3015,18 @@ read_config(const char *fname, const char *dir) {
 			if ( rc != LDAP_NO_SUCH_OBJECT )
 				return 1;
 			/* ITS#4194: But if dir was specified and no fname,
-			 * then we were supposed to read the dir.
+			 * then we were supposed to read the dir. Unless we're
+			 * trying to slapadd the dir...
 			 */
-			if ( dir && !fname )
-				return 1;
+			if ( dir && !fname ) {
+				if ( slapMode & (SLAP_SERVER_MODE|SLAP_TOOL_READMAIN|SLAP_TOOL_READONLY))
+					return 1;
+				/* Assume it's slapadd with a config dir, let it continue */
+				rc = 0;
+				cfb->cb_got_ldif = 1;
+				cfb->cb_use_ldif = 1;
+				goto done;
+			}
 		}
 
 		/* If we read the config from back-ldif, nothing to do here */
@@ -3038,25 +3046,6 @@ read_config(const char *fname, const char *dir) {
 	if ( rc == 0 )
 		ber_str2bv( cfname, 0, 1, &cfb->cb_config->c_file );
 
-	/* If we got this far and failed, it may be a serious problem. In server
-	 * mode, we should never come to this. However, it may be alright if we're
-	 * using slapadd to create the conf dir.
-	 */
-	while ( rc ) {
-		if ( slapMode & (SLAP_SERVER_MODE|SLAP_TOOL_READMAIN|SLAP_TOOL_READONLY))
-			break;
-		/* If a config file was explicitly given, fail */
-		if ( fname )
-			break;
-		
-		/* Seems to be slapadd with a config dir, let it continue */
-		if ( cfb->cb_use_ldif ) {
-			rc = 0;
-			cfb->cb_got_ldif = 1;
-		}
-		break;
-	}
-
 done:
 	if ( rc == 0 && BER_BVISNULL( &frontendDB->be_schemadn ) ) {
 		ber_str2bv( SLAPD_SCHEMA_DN, STRLENOF( SLAPD_SCHEMA_DN ), 1,