Commit e338789d authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

ITS#6077

parent 9e197df6
......@@ -6,6 +6,7 @@ OpenLDAP 2.4.18 Engineering
Fixed slapd subordinate needs a suffix (ITS#6216)
Fixed slapd tools to properly close database (ITS#6214)
Fixed slapd-ndb startup (ITS#6203)
Fixed slapo-unique filter matching (ITS#6077)
Fixed tools resource leaks (ITS#6145)
Fixed contrib/autogroup with RE24 (ITS#6227)
Build Environment
......
......@@ -47,6 +47,7 @@ typedef struct unique_domain_uri_s {
struct berval dn;
struct berval ndn;
struct berval filter;
Filter *f;
struct unique_attrs_s *attrs;
int scope;
} unique_domain_uri;
......@@ -141,6 +142,7 @@ unique_free_domain_uri ( unique_domain_uri *uri )
ch_free ( uri->dn.bv_val );
ch_free ( uri->ndn.bv_val );
ch_free ( uri->filter.bv_val );
filter_free( uri->f );
attr = uri->attrs;
while ( attr ) {
next_attr = attr->next;
......@@ -214,6 +216,13 @@ unique_new_domain_uri ( unique_domain_uri **urip,
rc = ARG_BAD_CONF;
goto exit;
}
if ( BER_BVISNULL( &be->be_rootndn ) || BER_BVISEMPTY( &be->be_rootndn ) ) {
Debug( LDAP_DEBUG_ANY,
"slapo-unique needs a rootdn; "
"backend <%s> has none, YMMV.\n",
be->be_nsuffix[0].bv_val, 0, 0 );
}
}
attr_str = url_desc->lud_attrs;
......@@ -247,17 +256,16 @@ unique_new_domain_uri ( unique_domain_uri **urip,
}
if (url_desc->lud_filter) {
Filter *f = str2filter( url_desc->lud_filter );
uri->f = str2filter( url_desc->lud_filter );
char *ptr;
if ( !f ) {
if ( !uri->f ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"unique: bad filter");
rc = ARG_BAD_CONF;
goto exit;
}
/* make sure the strfilter is in normal form (ITS#5581) */
filter2bv( f, &uri->filter );
filter_free( f );
filter2bv( uri->f, &uri->filter );
ptr = strstr( uri->filter.bv_val, "(?=" /*)*/ );
if ( ptr != NULL && ptr <= ( uri->filter.bv_val - STRLENOF( "(?=" /*)*/ ) + uri->filter.bv_len ) )
{
......@@ -459,6 +467,13 @@ unique_cf_base( ConfigArgs *c )
abort();
}
if ( rc ) {
ch_free( c->value_dn.bv_val );
BER_BVZERO( &c->value_dn );
ch_free( c->value_ndn.bv_val );
BER_BVZERO( &c->value_ndn );
}
return rc;
}
......@@ -1071,6 +1086,17 @@ unique_add(
&& !dnIsSuffix( &op->o_req_ndn, &uri->ndn ))
continue;
if ( uri->f ) {
if ( test_filter( NULL, op->ora_e, uri->f )
== LDAP_COMPARE_FALSE )
{
Debug( LDAP_DEBUG_TRACE,
"==> unique_add_skip<%s>\n",
op->o_req_dn.bv_val, 0, 0 );
continue;
}
}
if(!(a = op->ora_e->e_attrs)) {
op->o_bd->bd_info = (BackendInfo *) on->on_info;
send_ldap_error(op, rs, LDAP_INVALID_SYNTAX,
......
......@@ -425,6 +425,7 @@ dn: olcOverlay={0}unique,olcDatabase={1}$BACKEND,cn=config
changetype: modify
add: olcUniqueURI
olcUniqueURI: ldap:///?sn?sub?(cn=e*)
olcUniqueURI: ldap:///?uid?sub?(cn=edgar)
-
delete: olcUniqueURI
olcUniqueURI: ldap:///?description?one
......@@ -445,6 +446,7 @@ objectClass: olcUniqueConfig
olcOverlay: {0}unique
olcUniqueURI: ldap:///?employeeNumber,displayName?sub
olcUniqueURI: ldap:///?sn?sub?(cn=e*)
olcUniqueURI: ldap:///?uid?sub?(cn=edgar)
EOF
diff $TESTDIR/third-config.ldif $TESTDIR/third-reference.ldif > /dev/null 2>&1
......@@ -473,6 +475,24 @@ if test $RC != 0 ; then
exit -1
fi
echo "Adding a record unique in all domains because of filter conditions "
$LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
$TESTOUT 2>&1 << EOF
dn: uid=empty,ou=users,o=unique
objectClass: inetOrgPerson
uid: edgar
cn: empty
sn: empty
EOF
RC=$?
if test $RC != 0 ; then
echo "spurious unique error ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit -1
fi
echo "Adding a record unique in one domain, non-unique in the filtered domain..."
$LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment