Commit 4857a804 authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Sync with HEAD

parent dd83469d
......@@ -148,7 +148,7 @@ synchronously bind to the directory
.SM ldap_unbind_ext(3)
synchronously unbind from the LDAP server and close the connection
.TP
.SM ldap_unbind_ext_s(3)
.SM ldap_unbind(3) and ldap_unbind_s(3) are
equivalent to
.BR ldap_unbind_ext (3)
.TP
......
......@@ -103,8 +103,9 @@ static int regex_matches(
int nmatch, regmatch_t *matches);
typedef struct AclSetCookie {
Operation *op;
Entry *e;
SetCookie asc_cookie;
#define asc_op asc_cookie.set_op
Entry *asc_e;
} AclSetCookie;
SLAP_SET_GATHER acl_set_gather;
......@@ -142,7 +143,8 @@ slap_access_always_allowed(
{
assert( maskp != NULL );
ACL_PRIV_SET( *maskp, ACL_ACCESS2PRIV( access ) );
/* assign all */
ACL_LVL_ASSIGN_MANAGE( *maskp );
return 1;
}
......@@ -181,6 +183,8 @@ slap_access_allowed(
assert( attr != NULL );
ACL_INIT( mask );
/* grant database root access */
if ( be_isroot( op ) ) {
Debug( LDAP_DEBUG_ACL, "<= root access granted\n", 0, 0, 0 );
......@@ -197,7 +201,8 @@ slap_access_allowed(
* if we get here it means a non-root user is trying to
* manage data, so we need to check its privileges.
*/
if ( access_level == ACL_WRITE && is_at_no_user_mod( desc->ad_type )
if ( access_level == ACL_WRITE
&& is_at_no_user_mod( desc->ad_type )
&& desc != slap_schema.si_ad_entry
&& desc != slap_schema.si_ad_children )
{
......@@ -1192,7 +1197,7 @@ acl_mask_dn(
}
rdnlen = dn_rdnlen( NULL, opndn );
if ( rdnlen != odnlen - patlen - 1 ) {
if ( rdnlen - ( odnlen - patlen - 1 ) != 0 ) {
goto dn_match_cleanup;
}
......@@ -1211,8 +1216,8 @@ acl_mask_dn(
}
} else if ( b->a_style == ACL_STYLE_LEVEL ) {
int level;
struct berval ndn;
int level = b->a_level;
struct berval ndn;
if ( odnlen <= patlen ) {
goto dn_match_cleanup;
......@@ -1223,7 +1228,6 @@ acl_mask_dn(
goto dn_match_cleanup;
}
level = b->a_level;
ndn = *opndn;
for ( ; level > 0; level-- ) {
if ( BER_BVISEMPTY( &ndn ) ) {
......@@ -2535,7 +2539,7 @@ acl_set_gather( SetCookie *cookie, struct berval *name, AttributeDescription *de
/* Grab the searchbase and see if an appropriate database can be found */
ber_str2bv( ludp->lud_dn, 0, 0, &op2.o_req_dn );
rc = dnNormalize( 0, NULL, NULL, &op2.o_req_dn,
&op2.o_req_ndn, cp->op->o_tmpmemctx );
&op2.o_req_ndn, cp->asc_op->o_tmpmemctx );
BER_BVZERO( &op2.o_req_dn );
if ( rc != LDAP_SUCCESS ) {
goto url_done;
......@@ -2550,13 +2554,13 @@ acl_set_gather( SetCookie *cookie, struct berval *name, AttributeDescription *de
/* Grab the filter */
if ( ludp->lud_filter ) {
ber_str2bv_x( ludp->lud_filter, 0, 0, &op2.ors_filterstr,
cp->op->o_tmpmemctx );
cp->asc_op->o_tmpmemctx );
} else {
op2.ors_filterstr = defaultFilter_bv;
}
op2.ors_filter = str2filter_x( cp->op, op2.ors_filterstr.bv_val );
op2.ors_filter = str2filter_x( cp->asc_op, op2.ors_filterstr.bv_val );
if ( op2.ors_filter == NULL ) {
rc = LDAP_PROTOCOL_ERROR;
goto url_done;
......@@ -2571,7 +2575,7 @@ acl_set_gather( SetCookie *cookie, struct berval *name, AttributeDescription *de
;
anlistp = slap_sl_malloc( sizeof( AttributeName ) * ( nattrs + 2 ),
cp->op->o_tmpmemctx );
cp->asc_op->o_tmpmemctx );
for ( ; ludp->lud_attrs[ nattrs ]; nattrs++ ) {
ber_str2bv( ludp->lud_attrs[ nattrs ], 0, 0, &anlistp[ nattrs ].an_name );
......@@ -2594,19 +2598,19 @@ acl_set_gather( SetCookie *cookie, struct berval *name, AttributeDescription *de
p.cookie = cookie;
op2.o_hdr = cp->op->o_hdr;
op2.o_hdr = cp->asc_op->o_hdr;
op2.o_tag = LDAP_REQ_SEARCH;
op2.o_ndn = op2.o_bd->be_rootndn;
op2.o_callback = &cb;
op2.o_time = slap_get_time();
op2.o_do_not_cache = 1;
op2.o_is_auth_check = 0;
ber_dupbv_x( &op2.o_req_dn, &op2.o_req_ndn, cp->op->o_tmpmemctx );
ber_dupbv_x( &op2.o_req_dn, &op2.o_req_ndn, cp->asc_op->o_tmpmemctx );
op2.ors_slimit = SLAP_NO_LIMIT;
op2.ors_tlimit = SLAP_NO_LIMIT;
op2.ors_attrs = anlistp;
op2.ors_attrsonly = 0;
op2.o_private = cp->op->o_private;
op2.o_private = cp->asc_op->o_private;
cb.sc_private = &p;
......@@ -2617,19 +2621,19 @@ acl_set_gather( SetCookie *cookie, struct berval *name, AttributeDescription *de
url_done:;
if ( op2.ors_filter ) {
filter_free_x( cp->op, op2.ors_filter );
filter_free_x( cp->asc_op, op2.ors_filter );
}
if ( !BER_BVISNULL( &op2.o_req_ndn ) ) {
slap_sl_free( op2.o_req_ndn.bv_val, cp->op->o_tmpmemctx );
slap_sl_free( op2.o_req_ndn.bv_val, cp->asc_op->o_tmpmemctx );
}
if ( !BER_BVISNULL( &op2.o_req_dn ) ) {
slap_sl_free( op2.o_req_dn.bv_val, cp->op->o_tmpmemctx );
slap_sl_free( op2.o_req_dn.bv_val, cp->asc_op->o_tmpmemctx );
}
if ( ludp ) {
ldap_free_urldesc( ludp );
}
if ( anlistp && anlistp != anlist ) {
slap_sl_free( anlistp, cp->op->o_tmpmemctx );
slap_sl_free( anlistp, cp->asc_op->o_tmpmemctx );
}
return p.bvals;
......@@ -2647,22 +2651,22 @@ acl_set_gather2( SetCookie *cookie, struct berval *name, AttributeDescription *d
* plain strings, since syntax is not known. It should
* also return the syntax or some "comparison cookie".
*/
rc = dnNormalize( 0, NULL, NULL, name, &ndn, cp->op->o_tmpmemctx );
rc = dnNormalize( 0, NULL, NULL, name, &ndn, cp->asc_op->o_tmpmemctx );
if ( rc == LDAP_SUCCESS ) {
if ( desc == slap_schema.si_ad_entryDN ) {
bvals = (BerVarray)slap_sl_malloc( sizeof( BerValue ) * 2,
cp->op->o_tmpmemctx );
cp->asc_op->o_tmpmemctx );
bvals[ 0 ] = ndn;
BER_BVZERO( &bvals[ 1 ] );
BER_BVZERO( &ndn );
} else {
backend_attribute( cp->op,
cp->e, &ndn, desc, &bvals, ACL_NONE );
backend_attribute( cp->asc_op,
cp->asc_e, &ndn, desc, &bvals, ACL_NONE );
}
if ( !BER_BVISNULL( &ndn ) ) {
slap_sl_free( ndn.bv_val, cp->op->o_tmpmemctx );
slap_sl_free( ndn.bv_val, cp->asc_op->o_tmpmemctx );
}
}
......@@ -2724,9 +2728,11 @@ acl_match_set (
}
if ( !BER_BVISNULL( &set ) ) {
cookie.op = op;
cookie.e = e;
rc = ( slap_set_filter( acl_set_gather, (SetCookie *)&cookie, &set,
cookie.asc_op = op;
cookie.asc_e = e;
rc = ( slap_set_filter(
acl_set_gather,
(SetCookie *)&cookie, &set,
&op->o_ndn, &e->e_nname, NULL ) > 0 );
slap_sl_free( set.bv_val, op->o_tmpmemctx );
}
......
......@@ -178,7 +178,7 @@ int slap_bv2ad(
desc.ad_cname = *bv;
name = bv->bv_val;
options = strchr( name, ';' );
if ( options != NULL && ( options - name ) < bv->bv_len ) {
if ( options != NULL && (unsigned) ( options - name ) < bv->bv_len ) {
/* don't go past the end of the berval! */
desc.ad_cname.bv_len = options - name;
} else {
......@@ -250,7 +250,7 @@ int slap_bv2ad(
rc = strncasecmp( opt, tags[i].bv_val,
(unsigned) optlen < tags[i].bv_len
? optlen : tags[i].bv_len );
? (unsigned) optlen : tags[i].bv_len );
if( rc == 0 && (unsigned)optlen == tags[i].bv_len ) {
/* duplicate (ignore) */
......@@ -388,7 +388,7 @@ done:;
if( lp != desc.ad_tags.bv_val ) {
*cp++ = ';';
j = (lp
? lp - desc.ad_tags.bv_val - 1
? (unsigned) (lp - desc.ad_tags.bv_val - 1)
: strlen( desc.ad_tags.bv_val ));
cp = lutil_strncopy(cp, desc.ad_tags.bv_val, j);
}
......@@ -664,15 +664,12 @@ int ad_inlist(
}
} else {
/* short-circuit this search next time around */
if (!slap_schema.si_at_undefined->sat_ad) {
const char *text;
slap_bv2undef_ad(&attrs->an_name,
&attrs->an_desc, &text, 0);
} else {
attrs->an_desc =
slap_schema.si_at_undefined->sat_ad;
}
const char *text;
/* give it a chance of being retrieved by a proxy... */
(void)slap_bv2undef_ad( &attrs->an_name,
&attrs->an_desc, &text,
SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
}
}
......@@ -756,6 +753,11 @@ int slap_bv2undef_ad(
desc->ad_next = desc->ad_type->sat_ad;
desc->ad_type->sat_ad = desc;
ldap_pvt_thread_mutex_unlock( &ad_undef_mutex );
Debug( LDAP_DEBUG_ANY,
"%s attributeDescription \"%s\" inserted.\n",
( flags & SLAP_AD_PROXIED ) ? "PROXIED" : "UNKNOWN",
desc->ad_cname.bv_val, 0 );
}
if( !*ad ) {
......
......@@ -312,6 +312,8 @@ bdb_db_open( BackendDB *be )
open_env = 0;
} else {
/* Create a new env that can take the desired settings */
bdb->bi_dbenv->close( bdb->bi_dbenv, 0 );
bdb->bi_dbenv = NULL;
rc = db_env_create( &bdb->bi_dbenv, 0 );
if( rc != 0 ) {
Debug( LDAP_DEBUG_ANY,
......
......@@ -429,7 +429,14 @@ fail:;
* Rewrite the matched portion of the search base, if required
*/
if ( !BER_BVISNULL( &match ) && !BER_BVISEMPTY( &match ) ) {
rs->sr_matched = match.bv_val;
struct berval pmatch;
if ( dnPretty( NULL, &match, &pmatch, op->o_tmpmemctx ) == LDAP_SUCCESS ) {
rs->sr_matched = pmatch.bv_val;
} else {
rs->sr_matched = match.bv_val;
}
}
if ( rs->sr_v2ref ) {
......@@ -448,9 +455,14 @@ finish:;
rs->sr_ctrls = NULL;
}
if ( match.bv_val ) {
if ( rs->sr_matched != NULL ) {
if ( rs->sr_matched != match.bv_val ) {
ber_memfree_x( (char *)rs->sr_matched, op->o_tmpmemctx );
} else {
LDAP_FREE( match.bv_val );
}
rs->sr_matched = NULL;
LDAP_FREE( match.bv_val );
}
if ( !BER_BVISNULL( &filter ) && filter.bv_val != op->ors_filterstr.bv_val ) {
......@@ -477,7 +489,7 @@ finish:;
ldap_back_release_conn( op, rs, lc );
}
return rc;
return rs->sr_err;
}
static int
......
......@@ -667,8 +667,6 @@ meta_back_op_result(
rerr = LDAP_SUCCESS;
char *rmsg = NULL;
char *rmatch = NULL;
int free_rmsg = 0,
free_rmatch = 0;
if ( candidate != META_TARGET_NONE ) {
metasingleconn_t *msc = &mc->mc_conns[ candidate ];
......@@ -685,17 +683,20 @@ meta_back_op_result(
*/
ldap_get_option( msc->msc_ld,
LDAP_OPT_ERROR_STRING, &rmsg );
if ( rmsg != NULL && rmsg[ 0 ] == '\0' ) {
ldap_memfree( rmsg );
rmsg = NULL;
}
ldap_get_option( msc->msc_ld,
LDAP_OPT_MATCHED_DN, &rmatch );
rerr = rs->sr_err = slap_map_api2result( rs );
if ( rmsg ) {
free_rmsg = 1;
}
if ( rmatch ) {
free_rmatch = 1;
if ( rmatch != NULL && rmatch[ 0 ] == '\0' ) {
ldap_memfree( rmatch );
rmatch = NULL;
}
rerr = rs->sr_err = slap_map_api2result( rs );
Debug(LDAP_DEBUG_ANY,
"==> meta_back_op_result: target"
" <%d> sending msg \"%s\""
......@@ -722,8 +723,18 @@ meta_back_op_result(
*/
ldap_get_option( msc->msc_ld,
LDAP_OPT_ERROR_STRING, &msg );
if ( msg != NULL && msg[ 0 ] == '\0' ) {
ldap_memfree( msg );
msg = NULL;
}
ldap_get_option( msc->msc_ld,
LDAP_OPT_MATCHED_DN, &match );
if ( match != NULL && match[ 0 ] == '\0' ) {
ldap_memfree( match );
match = NULL;
}
rs->sr_err = slap_map_api2result( rs );
Debug(LDAP_DEBUG_ANY,
......@@ -739,27 +750,29 @@ meta_back_op_result(
switch ( rs->sr_err ) {
default:
rerr = rs->sr_err;
if ( rmsg ) {
ber_memfree( rmsg );
if ( msg != NULL ) {
if ( rmsg ) {
ldap_memfree( rmsg );
}
rmsg = msg;
msg = NULL;
}
rmsg = msg;
free_rmsg = 1;
msg = NULL;
if ( rmatch ) {
ber_memfree( rmatch );
if ( match != NULL ) {
if ( rmatch ) {
ldap_memfree( rmatch );
}
rmatch = match;
match = NULL;
}
rmatch = match;
free_rmatch = 1;
match = NULL;
break;
}
if ( msg ) {
ldap_memfree( msg );
}
/* better test the pointers before freeing? */
if ( match ) {
free( match );
}
if ( msg ) {
free( msg );
ldap_memfree( match );
}
}
}
......@@ -767,16 +780,35 @@ meta_back_op_result(
rs->sr_err = rerr;
rs->sr_text = rmsg;
rs->sr_matched = rmatch;
if ( rmatch != NULL ) {
struct berval dn, pdn;
ber_str2bv( rmatch, 0, 0, &dn );
if ( dnPretty( NULL, &dn, &pdn, op->o_tmpmemctx ) == LDAP_SUCCESS ) {
rs->sr_matched = pdn.bv_val;
ldap_memfree( rmatch );
rmatch = NULL;
} else {
rs->sr_matched = rmatch;
}
} else {
rs->sr_matched = NULL;
}
send_ldap_result( op, rs );
if ( free_rmsg ) {
if ( rmsg != NULL ) {
ber_memfree( rmsg );
}
if ( free_rmatch ) {
ber_memfree( rmatch );
if ( rs->sr_matched != NULL ) {
if ( rmatch == NULL ) {
ber_memfree_x( rs->sr_matched, op->o_tmpmemctx );
} else {
ldap_memfree( rmatch );
}
rs->sr_matched = NULL;
}
rs->sr_text = NULL;
rs->sr_matched = NULL;
return ( ( rerr == LDAP_SUCCESS ) ? 0 : -1 );
}
......
......@@ -289,13 +289,19 @@ finish:;
* At least one compare failed with matched portion,
* and none was successful
*/
} else if ( match != NULL && match[0] != '\0' ) {
struct berval matched;
} else if ( match != NULL && match[ 0 ] != '\0' ) {
struct berval matched, pmatched;
ber_str2bv( match, 0, 0, &matched );
dc.ctx = "matchedDN";
ldap_back_dn_massage( &dc, &matched, &mmatch );
if ( dnPretty( NULL, &mmatch, &pmatched, NULL ) == LDAP_SUCCESS ) {
if ( mmatch.bv_val != match ) {
free( mmatch.bv_val );
}
mmatch = pmatched;
}
}
if ( rres != LDAP_SUCCESS ) {
......
......@@ -759,7 +759,7 @@ really_bad:;
}
} else if ( sres == LDAP_NO_SUCH_OBJECT ) {
matched = ch_strdup( op->o_bd->be_suffix[ 0 ].bv_val );
matched = op->o_bd->be_suffix[ 0 ].bv_val;
}
#if 0
......@@ -804,7 +804,7 @@ really_bad:;
rs->sr_ref = NULL;
finish:;
if ( matched ) {
if ( matched && matched != op->o_bd->be_suffix[ 0 ].bv_val ) {
op->o_tmpfree( matched, op->o_tmpmemctx );
}
......
......@@ -638,7 +638,7 @@ read_config_file(const char *fname, int depth, ConfigArgs *cf, ConfigTable *cft)
ch_free( c->tline );
if ( fp_parse_line( c ) ) {
rc = 1;
goto leave;
goto done;
}
if ( c->argc < 1 ) {
......@@ -647,7 +647,7 @@ read_config_file(const char *fname, int depth, ConfigArgs *cf, ConfigTable *cft)
c->log, 0, 0);
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
rc = 1;
goto leave;
goto done;
#else /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
continue;
#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
......@@ -665,11 +665,11 @@ read_config_file(const char *fname, int depth, ConfigArgs *cf, ConfigTable *cft)
Debug(LDAP_DEBUG_CONFIG, "%s: unknown user type <%s>\n",
c->log, c->argv[0], 0);
rc = 1;
goto leave;
goto done;
} else if ( rc == ARG_BAD_CONF ) {
rc = 1;
goto leave;
goto done;
}
} else if ( c->bi && !c->be ) {
......@@ -696,7 +696,7 @@ read_config_file(const char *fname, int depth, ConfigArgs *cf, ConfigTable *cft)
#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
default:
rc = 1;
goto leave;
goto done;
}
}
......@@ -724,7 +724,7 @@ read_config_file(const char *fname, int depth, ConfigArgs *cf, ConfigTable *cft)
#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
default:
rc = 1;
goto leave;
goto done;
}
}
......@@ -742,7 +742,7 @@ read_config_file(const char *fname, int depth, ConfigArgs *cf, ConfigTable *cft)
#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
default:
rc = 1;
goto leave;
goto done;
}
}
......@@ -753,7 +753,7 @@ read_config_file(const char *fname, int depth, ConfigArgs *cf, ConfigTable *cft)
c->log, *c->argv, 0);
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
rc = 1;
goto leave;
goto done;
#else /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
continue;
#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
......@@ -762,7 +762,7 @@ read_config_file(const char *fname, int depth, ConfigArgs *cf, ConfigTable *cft)
rc = 0;
leave:
done:
ch_free(c->tline);
fclose(fp);
ch_free(c->argv);
......
......@@ -1333,7 +1333,7 @@ static int parseSearchOptions (
ber_tag_t tag;
if ( ctrl->ldctl_value.bv_len == 0 ) {
rs->sr_text = "searchOptions control value not empty";
rs->sr_text = "searchOptions control value is empty (or absent)";
return LDAP_PROTOCOL_ERROR;
}
......@@ -1367,7 +1367,7 @@ static int parseSearchOptions (
* including:
* LDAP_SEARCH_FLAG_PHANTOM_ROOM
*/
rs->sr_text = "searchOptions contained unrecongized flag";
rs->sr_text = "searchOptions contained unrecognized flag";
return LDAP_UNWILLING_TO_PERFORM;
}
......
......@@ -92,6 +92,8 @@ slap_init( int mode, const char *name )
assert( mode );
if ( slapMode != SLAP_UNDEFINED_MODE ) {
/* Make sure we write something to stderr */
ldap_debug |= 1;
Debug( LDAP_DEBUG_ANY,
"%s init: init called twice (old=%d, new=%d)\n",
name, slapMode, mode );
......@@ -101,6 +103,25 @@ slap_init( int mode, const char *name )
slapMode = mode;
#ifdef SLAPD_MODULES
if ( module_init() != 0 ) {
ldap_debug |= 1;
Debug( LDAP_DEBUG_ANY,
"%s: module_init failed\n",
name, 0, 0 );
return 1;
}
#endif
if ( slap_schema_init( ) != 0 ) {
ldap_debug |= 1;
Debug( LDAP_DEBUG_ANY,
"%s: slap_schema_init failed\n",
name, 0, 0 );
return 1;
}
switch ( slapMode & SLAP_MODE ) {
case SLAP_SERVER_MODE: