Commit c530ba9c authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

merge with main branch

parent af77c232
...@@ -778,15 +778,16 @@ char *query; ...@@ -778,15 +778,16 @@ char *query;
e = ldap_first_entry( ld, res ); e = ldap_first_entry( ld, res );
oc = ldap_get_values( ld, e, "objectClass" ); oc = ldap_get_values( ld, e, "objectClass" );
if ( isnonleaf( ld, oc, dn ) ) { dn = ldap_get_dn( ld, e );
dn = ldap_get_dn( ld, e );
if ( isnonleaf( ld, oc, dn ) ) {
rc = do_menu( ld, fp, dn ); rc = do_menu( ld, fp, dn );
free( dn ); free( dn );
return( rc ); return( rc );
} }
free( dn );
ldap_value_free( oc ); ldap_value_free( oc );
} }
......
...@@ -23,6 +23,7 @@ int Argc; /* original argc */ ...@@ -23,6 +23,7 @@ int Argc; /* original argc */
/* VARARGS */ /* VARARGS */
setproctitle( fmt, a, b, c ) setproctitle( fmt, a, b, c )
char *fmt; char *fmt;
char *a, *b, *c;
{ {
static char *endargv = (char *)0; static char *endargv = (char *)0;
char *s; char *s;
......
...@@ -464,7 +464,7 @@ char *cp; ...@@ -464,7 +464,7 @@ char *cp;
return(tmp); return(tmp);
} }
char * code_to_str(i) char * code_to_str(int i)
{ {
switch(i) { switch(i) {
case LDAP_MOD_ADD : return("ADD"); case LDAP_MOD_ADD : return("ADD");
......
...@@ -33,7 +33,7 @@ typedef struct avlnode { ...@@ -33,7 +33,7 @@ typedef struct avlnode {
#define NULLAVL ((Avlnode *) NULL) #define NULLAVL ((Avlnode *) NULL)
/* balance factor values */ /* balance factor values */
#define LH -1 #define LH (-1)
#define EH 0 #define EH 0
#define RH 1 #define RH 1
...@@ -79,7 +79,7 @@ avl_apply LDAP_P((Avlnode *, IFP, caddr_t, int, int)); ...@@ -79,7 +79,7 @@ avl_apply LDAP_P((Avlnode *, IFP, caddr_t, int, int));
#define AVL_INORDER 2 #define AVL_INORDER 2
#define AVL_POSTORDER 3 #define AVL_POSTORDER 3
/* what apply returns if it ran out of nodes */ /* what apply returns if it ran out of nodes */
#define AVL_NOMORE -6 #define AVL_NOMORE (-6)
LDAP_END_DECL LDAP_END_DECL
......
...@@ -125,13 +125,13 @@ struct ldap_tmplitem { ...@@ -125,13 +125,13 @@ struct ldap_tmplitem {
#define NULLTMPLITEM ((struct ldap_tmplitem *)0) #define NULLTMPLITEM ((struct ldap_tmplitem *)0)
#define LDAP_SET_TMPLITEM_APPDATA( ti, datap ) \ #define LDAP_SET_TMPLITEM_APPDATA( ti, datap ) \
(ti)->ti_appdata = (void *)(datap) ( (ti)->ti_appdata = (void *)(datap) )
#define LDAP_GET_TMPLITEM_APPDATA( ti, type ) \ #define LDAP_GET_TMPLITEM_APPDATA( ti, type ) \
(type)((ti)->ti_appdata) ( (type)((ti)->ti_appdata) )
#define LDAP_IS_TMPLITEM_OPTION_SET( ti, option ) \ #define LDAP_IS_TMPLITEM_OPTION_SET( ti, option ) \
(((ti)->ti_options & option ) != 0 ) ( ((ti)->ti_options & (option) ) != 0 )
/* /*
...@@ -201,13 +201,13 @@ struct ldap_disptmpl { ...@@ -201,13 +201,13 @@ struct ldap_disptmpl {
#define NULLDISPTMPL ((struct ldap_disptmpl *)0) #define NULLDISPTMPL ((struct ldap_disptmpl *)0)
#define LDAP_SET_DISPTMPL_APPDATA( dt, datap ) \ #define LDAP_SET_DISPTMPL_APPDATA( dt, datap ) \
(dt)->dt_appdata = (void *)(datap) ( (dt)->dt_appdata = (void *)(datap) )
#define LDAP_GET_DISPTMPL_APPDATA( dt, type ) \ #define LDAP_GET_DISPTMPL_APPDATA( dt, type ) \
(type)((dt)->dt_appdata) ( (type)((dt)->dt_appdata) )
#define LDAP_IS_DISPTMPL_OPTION_SET( dt, option ) \ #define LDAP_IS_DISPTMPL_OPTION_SET( dt, option ) \
(((dt)->dt_options & option ) != 0 ) ( ((dt)->dt_options & (option) ) != 0 )
#define LDAP_TMPL_ERR_VERSION 1 #define LDAP_TMPL_ERR_VERSION 1
#define LDAP_TMPL_ERR_MEM 2 #define LDAP_TMPL_ERR_MEM 2
......
...@@ -171,6 +171,7 @@ LDAP_F int ber_printf LDAP_P(( BerElement *ber, char *fmt, ... )); ...@@ -171,6 +171,7 @@ LDAP_F int ber_printf LDAP_P(( BerElement *ber, char *fmt, ... ));
/* /*
* in io.c: * in io.c:
*/ */
LDAP_F long ber_read LDAP_P(( BerElement *ber, char *buf, unsigned long len )); LDAP_F long ber_read LDAP_P(( BerElement *ber, char *buf, unsigned long len ));
LDAP_F long ber_write LDAP_P(( BerElement *ber, char *buf, unsigned long len, LDAP_F long ber_write LDAP_P(( BerElement *ber, char *buf, unsigned long len,
int nosos )); int nosos ));
......
...@@ -57,16 +57,16 @@ extern int ldap_syslog_level; ...@@ -57,16 +57,16 @@ extern int ldap_syslog_level;
#ifdef LDAP_SYSLOG #ifdef LDAP_SYSLOG
#define Debug( level, fmt, arg1, arg2, arg3 ) \ #define Debug( level, fmt, arg1, arg2, arg3 ) \
{ \ { \
if ( ldap_debug & level ) \ if ( ldap_debug & (level) ) \
fprintf( stderr, fmt, arg1, arg2, arg3 ); \ fprintf( stderr, (fmt), (arg1), (arg2), (arg3) ); \
if ( ldap_syslog & level ) \ if ( ldap_syslog & level ) \
syslog( ldap_syslog_level, fmt, arg1, arg2, arg3 ); \ syslog( ldap_syslog_level, (fmt), (arg1), (arg2), (arg3) ); \
} }
#else /* LDAP_SYSLOG */ #else /* LDAP_SYSLOG */
#ifndef WINSOCK #ifndef WINSOCK
#define Debug( level, fmt, arg1, arg2, arg3 ) \ #define Debug( level, fmt, arg1, arg2, arg3 ) \
if ( ldap_debug & level ) \ if ( ldap_debug & (level) ) \
fprintf( stderr, fmt, arg1, arg2, arg3 ); fprintf( stderr, (fmt), (arg1), (arg2), (arg3) );
#else /* !WINSOCK */ #else /* !WINSOCK */
extern void Debug( int level, char* fmt, ... ); extern void Debug( int level, char* fmt, ... );
#endif /* !WINSOCK */ #endif /* !WINSOCK */
...@@ -479,7 +479,7 @@ typedef struct friendly { ...@@ -479,7 +479,7 @@ typedef struct friendly {
/* /*
* handy macro to check whether LDAP struct is set up for CLDAP or not * handy macro to check whether LDAP struct is set up for CLDAP or not
*/ */
#define LDAP_IS_CLDAP( ld ) ( ld->ld_sb.sb_naddr > 0 ) #define LDAP_IS_CLDAP( ld ) ( (ld)->ld_sb.sb_naddr > 0 )
/* /*
......
...@@ -284,6 +284,8 @@ Please try again later.\r\n" ...@@ -284,6 +284,8 @@ Please try again later.\r\n"
*/ */
/* location of the default slapd config file */ /* location of the default slapd config file */
#define SLAPD_DEFAULT_CONFIGFILE "%SYSCONFDIR%/slapd.conf" #define SLAPD_DEFAULT_CONFIGFILE "%SYSCONFDIR%/slapd.conf"
/* default max deref depth for aliases */
#define SLAPD_DEFAULT_MAXDEREFDEPTH 15
/* default sizelimit on number of entries from a search */ /* default sizelimit on number of entries from a search */
#define SLAPD_DEFAULT_SIZELIMIT 500 #define SLAPD_DEFAULT_SIZELIMIT 500
/* default timelimit to spend on a search */ /* default timelimit to spend on a search */
......
...@@ -9,14 +9,14 @@ SRCS = main.c daemon.c connection.c search.c filter.c add.c charray.c \ ...@@ -9,14 +9,14 @@ SRCS = main.c daemon.c connection.c search.c filter.c add.c charray.c \
value.c ava.c bind.c unbind.c abandon.c filterentry.c \ value.c ava.c bind.c unbind.c abandon.c filterentry.c \
phonetic.c acl.c str2filter.c aclparse.c init.c \ phonetic.c acl.c str2filter.c aclparse.c init.c \
detach.c repl.c lock.c \ detach.c repl.c lock.c \
schema.c schemaparse.c monitor.c configinfo.c suffixAlias.c schema.c schemaparse.c monitor.c configinfo.c
OBJS = main.o daemon.o connection.o search.o filter.o add.o charray.o \ OBJS = main.o daemon.o connection.o search.o filter.o add.o charray.o \
attr.o entry.o config.o backend.o result.o operation.o \ attr.o entry.o config.o backend.o result.o operation.o \
dn.o compare.o modify.o delete.o modrdn.o ch_malloc.o \ dn.o compare.o modify.o delete.o modrdn.o ch_malloc.o \
value.o ava.o bind.o unbind.o abandon.o filterentry.o \ value.o ava.o bind.o unbind.o abandon.o filterentry.o \
phonetic.o acl.o str2filter.o aclparse.o init.o \ phonetic.o acl.o str2filter.o aclparse.o init.o \
detach.o repl.o lock.o \ detach.o repl.o lock.o \
schema.o schemaparse.o monitor.o configinfo.o suffixalias.o schema.o schemaparse.o monitor.o configinfo.o
LDAP_INCDIR= ../../include LDAP_INCDIR= ../../include
LDAP_LIBDIR= ../../libraries LDAP_LIBDIR= ../../libraries
......
...@@ -366,7 +366,7 @@ acl_access_allowed( ...@@ -366,7 +366,7 @@ acl_access_allowed(
/* b->a_group is an unexpanded entry name, expanded it should be an /* b->a_group is an unexpanded entry name, expanded it should be an
* entry with objectclass group* and we test to see if odn is one of * entry with objectclass group* and we test to see if odn is one of
* the values in the attribute uniquegroup * the values in the attribute group
*/ */
Debug( LDAP_DEBUG_ARGS, "<= check a_group: %s\n", Debug( LDAP_DEBUG_ARGS, "<= check a_group: %s\n",
b->a_group, 0, 0); b->a_group, 0, 0);
......
SRCS = idl.c add.c search.c cache.c dbcache.c dn2id.c id2entry.c \ SRCS = idl.c add.c search.c cache.c dbcache.c dn2id.c id2entry.c \
index.c id2children.c nextid.c abandon.c compare.c group.c \ index.c id2children.c nextid.c abandon.c compare.c group.c \
modify.c modrdn.c delete.c init.c config.c bind.c attr.c \ modify.c modrdn.c delete.c init.c config.c bind.c attr.c \
filterindex.c unbind.c kerberos.c close.c filterindex.c unbind.c kerberos.c close.c alias.c
OBJS = idl.o add.o search.o cache.o dbcache.o dn2id.o id2entry.o \ OBJS = idl.o add.o search.o cache.o dbcache.o dn2id.o id2entry.o \
index.o id2children.o nextid.o abandon.o compare.o group.o \ index.o id2children.o nextid.o abandon.o compare.o group.o \
modify.o modrdn.o delete.o init.o config.o bind.o attr.o \ modify.o modrdn.o delete.o init.o config.o bind.o attr.o \
filterindex.o unbind.o kerberos.o close.o filterindex.o unbind.o kerberos.o close.o alias.o
LDAP_INCDIR= ../../../include LDAP_INCDIR= ../../../include
LDAP_LIBDIR= ../../../libraries LDAP_LIBDIR= ../../../libraries
......
/*
* Copyright (c) 1998 Will Ballantyne, ITSD, Government of BC
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and that due credit is given
* to ITSD, Government of BC. The name of ITSD
* may not be used to endorse or promote products derived from this
* software without specific prior written permission. This software
* is provided ``as is'' without express or implied warranty.
*/
#include <stdio.h>
#include <string.h>
#include "slap.h"
#include "back-ldbm.h"
#include "proto-back-ldbm.h"
/*
* given an alias object, dereference it to its end point.
* entry returned has reader lock
*/
Entry *derefAlias_r ( Backend *be,
Connection *conn,
Operation *op,
Entry *e)
{
Attribute *a;
int depth;
char **pastAliases;
char *matched;
Debug( LDAP_DEBUG_TRACE, "<= checking for alias for dn %s\n", e->e_dn, 0, 0 );
/*
* try to deref fully, up to a maximum depth. If the max depth exceeded
* then send an error
*/
for ( depth = 0;
( ( a = attr_find( e->e_attrs, "aliasedobjectname" ) ) != NULL) &&
( depth < be->be_maxDerefDepth );
++depth)
{
/*
* make sure there is a defined aliasedobjectname.
* can only have one value so just use first value (0) in the attr list.
*/
if (a->a_vals[0] && a->a_vals[0]->bv_val) {
char *newDN, *oldDN;
Debug( LDAP_DEBUG_TRACE, "<= %s is an alias for %s\n",
e->e_dn, a->a_vals[0]->bv_val, 0 );
newDN = strdup (a->a_vals[0]->bv_val);
oldDN = strdup (e->e_dn);
/*
* ok, so what happens if there is an alias in the DN of a dereferenced
* alias object?
*/
if ( (e = dn2entry_r( be, newDN, &matched )) == NULL ) {
/* could not deref return error */
Debug( LDAP_DEBUG_TRACE,
"<= %s is a dangling alias to %s\n",
oldDN, newDN, 0 );
send_ldap_result( conn, op, LDAP_ALIAS_PROBLEM, "",
"Dangling Alias" );
if(matched != NULL) free(matched);
}
free (newDN);
free (oldDN);
}
else {
/*
* there was an aliasedobjectname defined but no data.
* this can't happen, right?
*/
Debug( LDAP_DEBUG_TRACE,
"<= %s has no data in aliasedobjectname attribute\n",
e->e_dn, 0, 0 );
send_ldap_result( conn, op, LDAP_ALIAS_PROBLEM, "",
"Alias missing aliasedobjectname" );
}
}
/*
* warn if we pulled out due to exceeding the maximum deref depth
*/
if ( depth >= be->be_maxDerefDepth ) {
Debug( LDAP_DEBUG_TRACE,
"<= %s exceeded maximum deref depth %d\n",
e->e_dn, be->be_maxDerefDepth, 0 );
send_ldap_result( conn, op, LDAP_ALIAS_PROBLEM, "",
"Maximum alias dereference depth exceeded" );
}
return e;
}
/*
* given a DN fully deref it and return the real DN or original DN if it fails
*/
char *derefDN ( Backend *be,
Connection *conn,
Operation *op,
char *dn
)
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
char *matched;
char *newDN;
int depth;
Entry *eMatched;
Entry *eDeref;
Entry *eNew;
Debug( LDAP_DEBUG_TRACE,
"<= dereferencing dn %s\n",
dn, 0, 0 );
newDN = strdup ( dn );
/* while we don't have a matched dn, deref the DN */
for ( depth = 0;
( (eMatched = dn2entry_r( be, newDN, &matched )) == NULL) &&
(depth < be->be_maxDerefDepth);
++depth ) {
/* free reader lock */
cache_return_entry_r(&li->li_cache, eMatched);
if (*matched) {
char *submatch;
/*
* make sure there actually is an entry for the matched part
*/
if ( (eMatched = dn2entry_r( be, matched, &submatch )) != NULL) {
char *remainder; /* part before the aliased part */
int rlen = strlen(newDN) - strlen(matched);
Debug( LDAP_DEBUG_TRACE, "<= matched %s\n", matched, 0, 0 );
remainder = ch_malloc (rlen + 1);
strncpy ( remainder, newDN, rlen );
remainder[rlen] = '\0';
Debug( LDAP_DEBUG_TRACE, "<= remainder %s\n", remainder, 0, 0 );
if ((eNew = derefAlias_r( be, conn, op, eMatched )) == NULL) {
free (matched);
free (newDN);
free (remainder);
break; /* no associated entry, dont deref */
}
else {
Debug( LDAP_DEBUG_TRACE, "<= l&g we have %s vs %s \n", matched, eNew->e_dn, 0 );
if (!strcasecmp (matched, eNew->e_dn)) {
/* newDN same as old so not an alias, no need to go further */
free (newDN);
free (matched);
free (remainder);
break;
}
/*
* we have dereferenced the aliased part so put
* the new dn together
*/
free (newDN);
free (matched);
newDN = ch_malloc (strlen(eMatched->e_dn) + rlen + 1);
strcpy (newDN, remainder);
strcat (newDN, eMatched->e_dn);
Debug( LDAP_DEBUG_TRACE, "<= expanded to %s\n", newDN, 0, 0 );
free (remainder);
/* free reader lock */
cache_return_entry_r(&li->li_cache, eNew);
}
/* free reader lock */
cache_return_entry_r(&li->li_cache, eMatched);
}
else {
if(submatch != NULL) free(submatch);
break; /* there was no entry for the matched part */
}
}
else {
break; /* there was no matched part */
}
}
/*
* the final part of the DN might be an alias
* so try to dereference it.
*/
if ( (eNew = dn2entry_r( be, newDN, &matched )) != NULL) {
if ((eDeref = derefAlias_r( be, conn, op, eNew )) != NULL) {
free (newDN);
newDN = strdup (eDeref->e_dn);
/* free reader lock */
cache_return_entry_r(&li->li_cache, eDeref);
}
/* free reader lock */
cache_return_entry_r(&li->li_cache, eNew);
}
/*
* warn if we exceeded the max depth as the resulting DN may not be dereferenced
*/
if (depth >= be->be_maxDerefDepth) {
Debug( LDAP_DEBUG_TRACE,
"<= max deref depth exceeded in derefDN for %s, result %s\n",
dn, newDN, 0 );
send_ldap_result( conn, op, LDAP_ALIAS_PROBLEM, "",
"Maximum alias dereference depth exceeded for base" );
}
Debug( LDAP_DEBUG_TRACE, "<= returning deref DN of %s\n", newDN, 0, 0 );
free(matched);
return newDN;
}
...@@ -17,7 +17,7 @@ extern Attribute *attr_find(); ...@@ -17,7 +17,7 @@ extern Attribute *attr_find();
#ifdef SLAPD_ACLGROUPS #ifdef SLAPD_ACLGROUPS
/* return 0 IFF edn is a value in uniqueMember attribute /* return 0 IFF edn is a value in uniqueMember attribute
* of entry with bdn AND that entry has an objectClass * of entry with bdn AND that entry has an objectClass
* value of groupOfUniqueNames * value of groupOfNames
*/ */
int int
ldbm_back_group( ldbm_back_group(
...@@ -30,7 +30,7 @@ ldbm_back_group( ...@@ -30,7 +30,7 @@ ldbm_back_group(
Entry *e; Entry *e;
char *matched; char *matched;
Attribute *objectClass; Attribute *objectClass;
Attribute *uniqueMember; Attribute *member;
int rc; int rc;
Debug( LDAP_DEBUG_TRACE, "=> ldbm_back_group: bdn: %s\n", bdn, 0, 0 ); Debug( LDAP_DEBUG_TRACE, "=> ldbm_back_group: bdn: %s\n", bdn, 0, 0 );
...@@ -47,39 +47,40 @@ ldbm_back_group( ...@@ -47,39 +47,40 @@ ldbm_back_group(
/* check for deleted */ /* check for deleted */
/* find it's objectClass and uniqueMember attribute values /* find it's objectClass and member attribute values
* make sure this is a group entry * make sure this is a group entry
* finally test if we can find edn in the uniqueMember attribute value list * * finally test if we can find edn in the member attribute value list *
*/ */
rc = 1; rc = 1;
if ((objectClass = attr_find(e->e_attrs, "objectclass")) == NULL) { if ((objectClass = attr_find(e->e_attrs, "objectclass")) == NULL) {
Debug( LDAP_DEBUG_TRACE, "<= ldbm_back_group: failed to find objectClass\n", 0, 0, 0 ); Debug( LDAP_DEBUG_TRACE, "<= ldbm_back_group: failed to find objectClass\n", 0, 0, 0 );
} }
else if ((uniqueMember = attr_find(e->e_attrs, "uniquemember")) == NULL) { else if ((member = attr_find(e->e_attrs, "member")) == NULL) {
Debug( LDAP_DEBUG_TRACE, "<= ldbm_back_group: failed to find uniqueMember\n", 0, 0, 0 ); Debug( LDAP_DEBUG_TRACE, "<= ldbm_back_group: failed to find member\n", 0, 0, 0 );
} }
else { else {
struct berval bvObjectClass; struct berval bvObjectClass;
struct berval bvUniqueMembers; struct berval bvMembers;
Debug( LDAP_DEBUG_ARGS, "<= ldbm_back_group: found objectClass and uniqueMembers\n", 0, 0, 0 ); Debug( LDAP_DEBUG_ARGS, "<= ldbm_back_group: found objectClass and members\n", 0, 0, 0 );
bvObjectClass.bv_val = "groupofuniquenames"; bvObjectClass.bv_val = "groupofnames";
bvObjectClass.bv_len = strlen( bvObjectClass.bv_val ); bvObjectClass.bv_len = strlen( bvObjectClass.bv_val );
bvUniqueMembers.bv_val = edn; bvMembers.bv_val = edn;
bvUniqueMembers.bv_len = strlen( edn ); bvMembers.bv_len = strlen( edn );
if (value_find(objectClass->a_vals, &bvObjectClass, SYNTAX_CIS, 1) != 0) { if (value_find(objectClass->a_vals, &bvObjectClass, SYNTAX_CIS, 1) != 0) {
Debug( LDAP_DEBUG_TRACE, "<= ldbm_back_group: failed to find objectClass in groupOfUniqueNames\n", Debug( LDAP_DEBUG_TRACE,
"<= ldbm_back_group: failed to find objectClass in groupOfNames\n",
0, 0, 0 ); 0, 0, 0 );
} }
else if (value_find(uniqueMember->a_vals, &bvUniqueMembers, SYNTAX_CIS, 1) != 0) { else if (value_find(Member->a_vals, &bvMembers, SYNTAX_CIS, 1) != 0) {
Debug( LDAP_DEBUG_ACL, "<= ldbm_back_group: %s not in %s: groupOfUniqueNames\n", Debug( LDAP_DEBUG_ACL, "<= ldbm_back_group: %s not in %s: groupOfNames\n",
edn, bdn, 0 ); edn, bdn, 0 );
} }
else { else {
Debug( LDAP_DEBUG_ACL, "<= ldbm_back_group: %s is in %s: groupOfUniqueNames\n", Debug( LDAP_DEBUG_ACL, "<= ldbm_back_group: %s is in %s: groupOfNames\n",
edn, bdn, 0 ); edn, bdn, 0 );
rc = 0; rc = 0;
} }
......
...@@ -48,7 +48,7 @@ id2entry_add( Backend *be, Entry *e ) ...@@ -48,7 +48,7 @@ id2entry_add( Backend *be, Entry *e )
/* store it */ /* store it */
flags = LDBM_REPLACE; flags = LDBM_REPLACE;
if ( li->li_flush_wrt ) flags != LDBM_SYNC; if ( li->li_flush_wrt ) flags |= LDBM_SYNC;
rc = ldbm_cache_store( db, key, data, flags ); rc = ldbm_cache_store( db, key, data, flags );
pthread_mutex_unlock( &entry2str_mutex ); pthread_mutex_unlock( &entry2str_mutex );
......