Add support for unsolicited notifications.

servers/slapd/Makefile.in

@@ -9,7 +9,7 @@ SRCS	= main.c daemon.c connection.c search.c filter.c add.c charray.c \
 		dn.c compare.c modify.c delete.c modrdn.c ch_malloc.c \
 		value.c ava.c bind.c unbind.c abandon.c filterentry.c \
 		phonetic.c acl.c str2filter.c aclparse.c init.c user.c \
-		repl.c lock.c controls.c \
+		repl.c lock.c controls.c extended.c \
 		suffixalias.c schema.c schemaparse.c monitor.c configinfo.c \
 		root_dse.c module.c
 OBJS	= main.o daemon.o connection.o search.o filter.o add.o charray.o \
@@ -17,7 +17,7 @@ OBJS	= main.o daemon.o connection.o search.o filter.o add.o charray.o \
 		dn.o compare.o modify.o delete.o modrdn.o ch_malloc.o \
 		value.o ava.o bind.o unbind.o abandon.o filterentry.o \
 		phonetic.o acl.o str2filter.o aclparse.o init.o user.o \
-		repl.o lock.o controls.o \
+		repl.o lock.o controls.o extended.o \
 		suffixalias.o schema.o schemaparse.o monitor.o configinfo.o \
 		root_dse.o module.o
 

servers/slapd/abandon.c

@@ -40,7 +40,9 @@ do_abandon(
 
 	if ( ber_scanf( op->o_ber, "i", &id ) == LBER_ERROR ) {
 		Debug( LDAP_DEBUG_ANY, "do_abandon: ber_scanf failed\n", 0, 0 ,0 );
-		return LDAP_PROTOCOL_ERROR;
+		send_ldap_disconnect( conn, op,
+			LDAP_PROTOCOL_ERROR, "decoding error" );
+		return -1;
 	}
 
 	if( (rc = get_ctrls( conn, op, 0 )) != LDAP_SUCCESS ) {

servers/slapd/acl.c

@@ -55,7 +55,7 @@ access_allowed(
 		e->e_dn, attr, 0 );
 
 	/* the lastmod attributes are ignored by ACL checking */
-	if ( oc_check_operational( attr ) ) {
+	if ( oc_check_no_usermod_attr( attr ) ) {
  		Debug( LDAP_DEBUG_ACL, "Operational attribute: %s access allowed\n",
 			attr, 0, 0 );
 		return(1);
@@ -212,7 +212,6 @@ acl_access_allowed(
 )
 {
 	int		i;
-	char		*odn;
 	struct access	*b;
 	Attribute	*at;
 	struct berval	bv;
@@ -244,11 +243,9 @@ acl_access_allowed(
 		return( default_access >= access );
 	}
 
-	odn = op->o_ndn;
-
-	if ( odn != NULL ) {
-		bv.bv_val = odn;
-		bv.bv_len = strlen( odn );
+	if ( op->o_ndn != NULL ) {
+		bv.bv_val = op->o_ndn;
+		bv.bv_len = strlen( bv.bv_val );
 	}
 
 	for ( i = 1, b = a->acl_access; b != NULL; b = b->a_next, i++ ) {
@@ -282,7 +279,7 @@ acl_access_allowed(
 					return ACL_GRANT(b->a_access, access );
 				}
 			} else {
-				if ( regex_matches( b->a_dnpat, odn, edn, matches ) ) {
+				if ( regex_matches( b->a_dnpat, op->o_ndn, edn, matches ) ) {
 					Debug( LDAP_DEBUG_ACL,
 				    "<= acl_access_allowed: matched by clause #%d access %s\n",
 				    i, ACL_GRANT(b->a_access, access)
@@ -365,7 +362,7 @@ acl_access_allowed(
 			string_expand(buf, sizeof(buf), b->a_group, edn, matches);
 			(void) dn_normalize_case(buf);
 
-			if (backend_group(be, e, buf, odn,
+			if (backend_group(be, e, buf, op->o_ndn,
 				b->a_group_oc, b->a_group_at) == 0)
 			{
 				Debug( LDAP_DEBUG_ACL,
@@ -408,7 +405,7 @@ acl_check_modlist(
 		regmatch_t       matches[MAXREMATCHES];
 
 		/* the lastmod attributes are ignored by ACL checking */
-		if ( oc_check_operational( mlist->ml_type ) ) {
+		if ( oc_check_no_usermod_attr( mlist->ml_type ) ) {
 			Debug( LDAP_DEBUG_ACL, "Operational attribute: %s access allowed\n",
 				mlist->ml_type, 0, 0 );
 			continue;

servers/slapd/add.c

@@ -57,9 +57,9 @@ do_add( Connection *conn, Operation *op )
 	/* get the name */
 	if ( ber_scanf( ber, "{a", /*}*/ &dn ) == LBER_ERROR ) {
 		Debug( LDAP_DEBUG_ANY, "do_add: ber_scanf failed\n", 0, 0, 0 );
-		send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, NULL,
-		    "decoding error" );
-		return LDAP_PROTOCOL_ERROR;
+		send_ldap_disconnect( conn, op,
+			LDAP_PROTOCOL_ERROR, "decoding error" );
+		return -1;
 	}
 
 	e = (Entry *) ch_calloc( 1, sizeof(Entry) );
@@ -80,17 +80,17 @@ do_add( Connection *conn, Operation *op )
 		struct berval	**vals;
 
 		if ( ber_scanf( ber, "{a{V}}", &type, &vals ) == LBER_ERROR ) {
-			send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR,
-			    NULL, "decoding error" );
+			send_ldap_disconnect( conn, op,
+				LDAP_PROTOCOL_ERROR, "decoding error" );
 			entry_free( e );
-			return LDAP_PROTOCOL_ERROR;
+			return -1;
 		}
 
 		if ( vals == NULL ) {
 			Debug( LDAP_DEBUG_ANY, "no values for type %s\n", type,
 			    0, 0 );
-			send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, NULL,
-			    NULL );
+			send_ldap_result( conn, op,
+				LDAP_PROTOCOL_ERROR, NULL, "no values for type" );
 			free( type );
 			entry_free( e );
 			return LDAP_PROTOCOL_ERROR;
@@ -105,9 +105,9 @@ do_add( Connection *conn, Operation *op )
 	if ( ber_scanf( ber, /*{*/ "}") == LBER_ERROR ) {
 		entry_free( e );
 		Debug( LDAP_DEBUG_ANY, "do_add: ber_scanf failed\n", 0, 0, 0 );
-		send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, NULL,
-		    "decoding error" );
-		return LDAP_PROTOCOL_ERROR;
+		send_ldap_disconnect( conn, op,
+			LDAP_PROTOCOL_ERROR, "decoding error" );
+		return -1;
 	}
 
 	if( (rc = get_ctrls( conn, op, 1 )) != LDAP_SUCCESS ) {
@@ -186,7 +186,7 @@ add_created_attrs( Operation *op, Entry *e )
 
 	/* remove any attempts by the user to add these attrs */
 	for ( a = &e->e_attrs; *a != NULL; a = next ) {
-		if ( oc_check_operational( (*a)->a_type ) ) {
+		if ( oc_check_no_usermod_attr( (*a)->a_type ) ) {
 			tmp = *a;
 			*a = (*a)->a_next;
 			attr_free( tmp );
@@ -197,7 +197,7 @@ add_created_attrs( Operation *op, Entry *e )
 	}
 
 	if ( op->o_dn == NULL || op->o_dn[0] == '\0' ) {
-		bv.bv_val = "NULLDN";
+		bv.bv_val = "<anonymous>";
 		bv.bv_len = strlen( bv.bv_val );
 	} else {
 		bv.bv_val = op->o_dn;

servers/slapd/ava.c

@@ -18,12 +18,12 @@ get_ava(
 	if ( ber_scanf( ber, "{ao}", &ava->ava_type, &ava->ava_value )
 	    == LBER_ERROR ) {
 		Debug( LDAP_DEBUG_ANY, "  get_ava ber_scanf\n", 0, 0, 0 );
-		return( LDAP_PROTOCOL_ERROR );
+		return( -1 );
 	}
 	attr_normalize( ava->ava_type );
 	value_normalize( ava->ava_value.bv_val, attr_syntax( ava->ava_type ) );
 
-	return( 0 );
+	return( LDAP_SUCCESS );
 }
 
 void

servers/slapd/back-bdb2/modify.c

@@ -33,9 +33,9 @@ add_lastmods( Operation *op, LDAPModList **modlist )
 
 	/* remove any attempts by the user to modify these attrs */
 	for ( m = modlist; *m != NULL; m = &(*m)->ml_next ) {
-            if ( oc_check_operational( (*m)->ml_type ) ) {
+            if ( oc_check_no_usermod_attr( (*m)->ml_type ) ) {
                 Debug( LDAP_DEBUG_TRACE,
-					"add_lastmods: found operational attr: %s\n",
+					"add_lastmods: found no user mod attr: %s\n",
 					(*m)->ml_type, 0, 0 );
                 tmp = *m;
                 *m = (*m)->ml_next;

servers/slapd/back-bdb2/search.c

@@ -265,7 +265,7 @@ bdb2i_back_search_internal(
 
 					if (e) {
 						switch ( send_search_entry( be, conn, op, e,
-							attrs, attrsonly ) ) {
+							attrs, attrsonly, 0 ) ) {
 						case 0:		/* entry sent ok */
 							nentries++;
 							break;

servers/slapd/back-ldap/search.c

@@ -158,7 +158,7 @@ ldap_send_entry(
 		if (!attr->a_vals)
 			attr->a_vals = &dummy;
 	}
-	send_search_entry( be, lc->conn, op, &ent, attrs, attrsonly );
+	send_search_entry( be, lc->conn, op, &ent, attrs, attrsonly, 0 );
 	for (;ent.e_attrs;) {
 		attr=ent.e_attrs;
 		ent.e_attrs = attr->a_next;

servers/slapd/back-ldbm/modify.c

@@ -33,9 +33,9 @@ add_lastmods( Operation *op, LDAPModList **modlist )
 
 	/* remove any attempts by the user to modify these attrs */
 	for ( m = modlist; *m != NULL; m = &(*m)->ml_next ) {
-            if ( oc_check_operational( (*m)->ml_type ) ) {
+            if ( oc_check_no_usermod_attr( (*m)->ml_type ) ) {
                 Debug( LDAP_DEBUG_TRACE,
-					"add_lastmods: found operational attr: %s\n",
+					"add_lastmods: found no user mod attr: %s\n",
 					(*m)->ml_type, 0, 0 );
                 tmp = *m;
                 *m = (*m)->ml_next;

servers/slapd/back-ldbm/search.c

@@ -264,7 +264,7 @@ ldbm_back_search(
 					}
 					if (e) {
 						switch ( send_search_entry( be, conn, op, e,
-							attrs, attrsonly ) ) {
+							attrs, attrsonly, 0 ) ) {
 						case 0:		/* entry sent ok */
 							nentries++;
 							break;

servers/slapd/back-passwd/search.c

@@ -139,7 +139,7 @@ passwd_back_search(
 						return( 0 );
 					}
 
-					send_search_entry( be, conn, op, e, attrs, attrsonly );
+					send_search_entry( be, conn, op, e, attrs, attrsonly, 0 );
 					sent++;
 				}
 
@@ -176,7 +176,7 @@ passwd_back_search(
 		e = pw2entry( be, pw, rdn );
 
 		if ( test_filter( be, conn, op, e, filter ) == 0 ) {
-			send_search_entry( be, conn, op, e, attrs, attrsonly );
+			send_search_entry( be, conn, op, e, attrs, attrsonly, 0 );
 			sent++;
 		}
 

servers/slapd/back-perl/search.c

@@ -91,7 +91,8 @@ perl_back_search(
 							   op,
 							   e,
 							   attrs,
-							   attrsonly );
+							   attrsonly,
+							   0 );
 							 
 					entry_free( e );
 				}

servers/slapd/back-shell/result.c

@@ -59,7 +59,7 @@ read_and_send_results(
 				    buf, 0, 0 );
 			} else {
 				send_search_entry( be, conn, op, e, attrs,
-				    attrsonly );
+				    attrsonly, 0 );
 				entry_free( e );
 			}
 

servers/slapd/back-tcl/tcl_util.c

 /* result.c - tcl backend utility functions
  *
- * $Id: tcl_util.c,v 1.4 1999/02/19 06:55:20 bcollins Exp $
+ * $Id: tcl_util.c,v 1.5 1999/02/28 04:55:49 bcollins Exp $
  *
  * Copyright 1999, Ben Collins <bcollins@debian.org>, All rights reserved.
  *
@@ -80,7 +80,7 @@ interp_send_results (
 					buf, 0, 0);
 			} else {
 				send_search_entry (be, conn, op, e, attrs,
-					attrsonly);
+					attrsonly, 0 );
 				entry_free (e);
 			}
 

servers/slapd/bind.c

@@ -22,7 +22,6 @@
 #include "slap.h"
 
 char *supportedSASLMechanisms[] = {
-	"X-CRAM-MD5",
 	"X-DIGEST-MD5",
 	NULL
 };
@@ -103,8 +102,9 @@ do_bind(
 
 	if ( tag == LBER_ERROR ) {
 		Debug( LDAP_DEBUG_ANY, "bind: ber_scanf failed\n", 0, 0, 0 );
-		send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR, NULL,
-		    "decoding error" );
+		send_ldap_disconnect( conn, op,
+			LDAP_PROTOCOL_ERROR, "decoding error" );
+		rc = -1;
 		goto cleanup;
 	}
 
@@ -131,8 +131,10 @@ do_bind(
 	}
 
 	if ( tag == LBER_ERROR ) {
-		send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR, NULL,
+		send_ldap_disconnect( conn, op,
+			LDAP_PROTOCOL_ERROR,
     		"decoding error" );
+		rc = -1;
 		goto cleanup;
 	}
 
@@ -156,8 +158,8 @@ do_bind(
 
 	if ( version < LDAP_VERSION_MIN || version > LDAP_VERSION_MAX ) {
 		Debug( LDAP_DEBUG_ANY, "unknown version %d\n", version, 0, 0 );
-		send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR, NULL,
-		    "version not supported" );
+		send_ldap_result( conn, op,
+			rc = LDAP_PROTOCOL_ERROR, NULL, "version not supported" );
 		goto cleanup;
 	}
 
@@ -165,8 +167,9 @@ do_bind(
 		if ( version < LDAP_VERSION3 ) {
 			Debug( LDAP_DEBUG_ANY, "do_bind: sasl with LDAPv%d\n",
 				version, 0, 0 );
-			send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR, NULL,
-				"sasl bind requires LDAPv3" );
+			send_ldap_disconnect( conn, op,
+				LDAP_PROTOCOL_ERROR, "sasl bind requires LDAPv3" );
+			rc = -1;
 			goto cleanup;
 		}
 

servers/slapd/compare.c

@@ -54,8 +54,9 @@ do_compare(
 	if ( ber_scanf( op->o_ber, "{a{ao}}", &ndn, &ava.ava_type,
 	    &ava.ava_value ) == LBER_ERROR ) {
 		Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
-		send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR, NULL, "" );
-		return rc;
+		send_ldap_disconnect( conn, op,
+			LDAP_PROTOCOL_ERROR, "decoding error" );
+		return -1;
 	}
 
 	if( ( rc = get_ctrls( conn, op, 1 )) != LDAP_SUCCESS ) {

servers/slapd/configinfo.c

@@ -63,7 +63,7 @@ config_info( Connection *conn, Operation *op )
 		attr_merge( e, "database", vals );
 	}
 
-	send_search_entry( &backends[0], conn, op, e, NULL, 0 );
+	send_search_entry( &backends[0], conn, op, e, NULL, 0, 1 );
 	send_ldap_search_result( conn, op, LDAP_SUCCESS, NULL, NULL, 1 );
 
 	entry_free( e );

servers/slapd/connection.c

@@ -681,18 +681,22 @@ connection_operation( void *arg_v )
 		rc = do_abandon( conn, arg->co_op );
 		break;
 
-#if 0
 	case LDAP_REQ_EXTENDED:
 		rc = do_extended( conn, arg->co_op );
 		break;
-#endif
 
 	default:
-		Debug( LDAP_DEBUG_ANY, "unknown request 0x%lx\n",
-		    arg->co_op->o_tag, 0, 0 );
+		Debug( LDAP_DEBUG_ANY, "unknown LDAP request 0x%lx\n",
+		    tag, 0, 0 );
+		arg->co_op->o_tag = LBER_ERROR;
+		send_ldap_disconnect( conn, arg->co_op,
+			LDAP_PROTOCOL_ERROR, "unknown LDAP request" );
+		rc = -1;
 		break;
 	}
 
+	if( rc == -1 ) tag = LBER_ERROR;
+
 	ldap_pvt_thread_mutex_lock( &num_ops_mutex );
 	num_ops_completed++;
 	ldap_pvt_thread_mutex_unlock( &num_ops_mutex );
@@ -710,6 +714,7 @@ connection_operation( void *arg_v )
 	arg = NULL;
 
 	switch( tag ) {
+	case LBER_ERROR:
 	case LDAP_REQ_UNBIND:
 		/* c_mutex is locked */
 		connection_closing( conn );

servers/slapd/controls.c

@@ -32,6 +32,7 @@ int get_ctrls(
 	BerElement *ber = op->o_ber;
 	LDAPControl ***ctrls = &op->o_ctrls;
 	int rc = LDAP_SUCCESS;
+	char *errmsg = NULL;
 
 	len = ber_pvt_ber_remaining(ber);
 
@@ -43,14 +44,16 @@ int get_ctrls(
 
 	if(( tag = ber_peek_tag( ber, &len )) != LDAP_TAG_CONTROLS ) {
 		if( tag == LBER_ERROR ) {
-			rc = LDAP_PROTOCOL_ERROR;
+			rc = -1;
+			errmsg = "unexpected data in PDU";
 		}
 
 		goto return_results;
 	}
 
 	if( op->o_protocol < LDAP_VERSION3 ) {
-		rc = LDAP_PROTOCOL_ERROR;
+		rc = -1;
+		errmsg = "controls require LDAPv3";
 		goto return_results;
 	}
 
@@ -61,6 +64,7 @@ int get_ctrls(
 #if 0
 	if( *ctrls == NULL ) {
 		rc = LDAP_NO_MEMORY;
+		errmsg = "no memory";
 		goto return_results;
 	}
 #endif
@@ -94,6 +98,7 @@ int get_ctrls(
 			*ctrls = NULL;
 
 			rc = LDAP_NO_MEMORY;
+			errmsg = "no memory";
 			goto return_results;
 		}
 #endif
@@ -128,7 +133,8 @@ int get_ctrls(
 		if( tag == LBER_ERROR ) {
 			*ctrls = NULL;
 			ldap_controls_free( tctrls );
-			rc = LDAP_DECODING_ERROR;
+			rc = -1;
+			errmsg = "decoding controls error";
 			goto return_results;
 		}
 
@@ -136,6 +142,7 @@ int get_ctrls(
 			!charray_inlist( supportedControls, tctrl->ldctl_oid ) )
 		{
 			rc = LDAP_UNAVAILABLE_CRITICAL_EXTENSION;
+			errmsg = "critical extension is unavailable ";
 			goto return_results;
 		}
 
@@ -144,7 +151,11 @@ int get_ctrls(
 
 return_results:
 	if( sendres && rc != LDAP_SUCCESS ) {
-		send_ldap_result( conn, op, rc, NULL, NULL );
+		if( rc == -1 ) {
+			send_ldap_disconnect( conn, op, rc, errmsg );
+		} else {
+			send_ldap_result( conn, op, rc, NULL, errmsg );
+		}
 	}
 
 	return rc;

servers/slapd/delete.c

@@ -47,8 +47,9 @@ do_delete(
 
 	if ( ber_scanf( op->o_ber, "a", &ndn ) == LBER_ERROR ) {
 		Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
-		send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR, NULL, "" );
-		return rc;
+		send_ldap_disconnect( conn, op,
+			LDAP_PROTOCOL_ERROR, "decoding error" );
+		return -1;
 	}
 
 	if( ( rc = get_ctrls( conn, op, 1 ) ) != LDAP_SUCCESS ) {