diff --git a/CHANGES b/CHANGES
index 4f640b4f8a3c23f2b1e24a24b89273269a032a66..dc456dd4f160c490c7dba867a99d88f9c3b49989 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,5 @@
OpenLDAP 2.4 Change Log
-OpenLDAP 2.4.3alpha Release
+OpenLDAP 2.4.4alpha Release
Changes not tracked
diff --git a/COPYRIGHT b/COPYRIGHT
index a7a81febadb06a579d3ad1e520b32abe3bae6207..db69cf2d0e7f9cb8ca584cdf1b04f8273ca7bf3e 100644
--- a/COPYRIGHT
+++ b/COPYRIGHT
@@ -1,4 +1,4 @@
-Copyright 1998-2006 The OpenLDAP Foundation
+Copyright 1998-2007 The OpenLDAP Foundation
All rights reserved.
Redistribution and use in source and binary forms, with or without
diff --git a/INSTALL b/INSTALL
index e1949d1f7a9175cdd5757bc7d5a66095e41d6a88..7f9aced3afb3b2dbbc19c8efea19b754323738d0 100644
--- a/INSTALL
+++ b/INSTALL
@@ -107,7 +107,7 @@ $OpenLDAP: pkg/openldap-guide/release/install.sdf,v 1.16 2002/02/18
This work is part of OpenLDAP Software <http://www.openldap.org/>.
-Copyright 1998-2006 The OpenLDAP Foundation.
+Copyright 1998-2007 The OpenLDAP Foundation.
All rights reserved.
Redistribution and use in source and binary forms, with or without
diff --git a/Makefile.in b/Makefile.in
index 2a175e167803a5db2500bd4ec4cb8268a986d43a..86f89899a035083d206ab9ab62b94438d18219aa 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/README b/README
index dcc58d2324f9303eb865ab304c346aeddfd7f68f..de5c8cbc23c39a15c7b6eeafbb77049051b708ec 100644
--- a/README
+++ b/README
@@ -80,7 +80,7 @@ $OpenLDAP$
This work is part of OpenLDAP Software <http://www.openldap.org/>.
-Copyright 1998-2006 The OpenLDAP Foundation.
+Copyright 1998-2007 The OpenLDAP Foundation.
All rights reserved.
Redistribution and use in source and binary forms, with or without
diff --git a/build/config.guess b/build/config.guess
index 6e549169c73927e9bc6cc3f7051791a3903a2b7b..a55c277e8405824330338e6582e6ed38e154ca77 100755
--- a/build/config.guess
+++ b/build/config.guess
@@ -29,7 +29,7 @@ timestamp='2003-07-02-OpenLDAP'
# configuration script generated by Autoconf, and is distributable
# under the same distributions terms as OpenLDAP itself.
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/build/config.sub b/build/config.sub
index b549fe25c5a2ab42ece8600535506f95f4871998..0678b9d1554aa9e378e4a318add1c3fa34132473 100755
--- a/build/config.sub
+++ b/build/config.sub
@@ -34,7 +34,7 @@ timestamp='2003-07-04-OpenLDAP'
# configuration script generated by Autoconf, and is distributable
# under the same distributions terms as OpenLDAP itself.
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/build/crupdate b/build/crupdate
index c6bdee8b9a8730fcc1887153575df9b91488fad7..a38bbd9bc8755dbdd1d56daae3b396ae7ef47388 100755
--- a/build/crupdate
+++ b/build/crupdate
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
@@ -18,5 +18,5 @@
set -e # exit immediately if any errors occur
-find . -type f -not -name 'LICENSE*' -print -exec perl -pi -e 's/Copyright ([0-9]{4})([,\-][0-9]{2,4})*,? The OpenLDAP Foundation/Copyright $1-2006 The OpenLDAP Foundation/g;' {} \;
+find . -type f -not -name 'LICENSE*' -print -exec perl -pi -e 's/Copyright ([0-9]{4})([,\-][0-9]{2,4})*,? The OpenLDAP Foundation/Copyright $1-2007 The OpenLDAP Foundation/g;' {} \;
diff --git a/build/db.4.2.52.patch b/build/db.4.2.52.patch
new file mode 100644
index 0000000000000000000000000000000000000000..8386b0036505dbf275411debb0f0d7c087325bf7
--- /dev/null
+++ b/build/db.4.2.52.patch
@@ -0,0 +1,55 @@
+As posted to http://www.openldap.org/lists/openldap-devel/200610/msg00027.html
+
+This is Sleepycat bug #14908. The provided patch is for 4.2.52. The
+same bug is present in all versions up to 4.5.20 where it is fixed.
+
+-------- Original Message --------
+Subject: region size bug Re: [BDB-Alpha] Berkeley DB 4.5.8 ALPHA
+Date: Mon, 10 Jul 2006 13:37:33 -0700
+From: Howard Chu <hyc@symas.com>
+To: support@sleepycat.com
+CC: support@symas.com
+References: <45A742B5-7DD5-4512-A204-A10FE8FC5DFC@oracle.com>
+
+
+I just ran into this in 4.2.52 but the same calculation occurs in 4.4
+and 4.5.8 alpha:
+
+This computation gives the wrong results when the number of cache
+regions is greater than the number of gigabytes (which we encounter on
+Linux using shared memory regions, which are constrained to much smaller
+than a gigabyte each).
+
+
+in mp/mp_region.c:
+
+
+ roff_t reg_size;
+
+
+ /* Figure out how big each cache region is. */
+ reg_size = (roff_t)(dbenv->mp_gbytes / dbenv->mp_ncache) * GIGABYTE;
+ reg_size += ((roff_t)(dbenv->mp_gbytes %
+ dbenv->mp_ncache) * GIGABYTE) / dbenv->mp_ncache;
+ reg_size += dbenv->mp_bytes / dbenv->mp_ncache;
+ *reg_sizep = reg_size;
+
+
+The first reg_size calculation always goes to zero when mp_ncache >
+mp_gbytes.
+This should have been, instead:
+ reg_size = GIGABYTE / dbenv->mp_ncache * dbenv->mp_gbytes;
+
+--- mp/mp_region.c.O 2003-06-30 10:20:19.000000000 -0700
++++ mp/mp_region.c 2006-10-27 23:25:05.000000000 -0700
+@@ -43,9 +43,7 @@
+ int htab_buckets, ret;
+
+ /* Figure out how big each cache region is. */
+- reg_size = (dbenv->mp_gbytes / dbenv->mp_ncache) * GIGABYTE;
+- reg_size += ((dbenv->mp_gbytes %
+- dbenv->mp_ncache) * GIGABYTE) / dbenv->mp_ncache;
++ reg_size = GIGABYTE / dbenv->mp_ncache * dbenv->mp_gbytes;
+ reg_size += dbenv->mp_bytes / dbenv->mp_ncache;
+
+ /*
diff --git a/build/dir.mk b/build/dir.mk
index 6b015f440bdaa60d0c474c19770f14fda73c91bc..039181c121def9ee1a317111cb94cdd556953b7c 100644
--- a/build/dir.mk
+++ b/build/dir.mk
@@ -1,7 +1,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/build/info.mk b/build/info.mk
index 3fdb12414fd714b01a3700fbcf594b3295a8b4c0..af4cd3f637cc3c12e81483fb6186c35261e833ed 100644
--- a/build/info.mk
+++ b/build/info.mk
@@ -1,7 +1,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/build/lib-shared.mk b/build/lib-shared.mk
index 57c79cb0ab05c69b47f95c222d87bbb4b7af2028..90389432a11b3d8cf27748a34fedd0d57d1a8110 100644
--- a/build/lib-shared.mk
+++ b/build/lib-shared.mk
@@ -1,7 +1,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/build/lib-static.mk b/build/lib-static.mk
index c627f07edb7a8b9d9eda0d868c42cdb8ae3791f5..6f85b792a2bd9d805fdbb6d371a182e9cef5f45b 100644
--- a/build/lib-static.mk
+++ b/build/lib-static.mk
@@ -1,7 +1,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/build/lib.mk b/build/lib.mk
index d62b0e80703da93b883861348fb654f5d6acd215..b9180492eaa69b2c5b3222fc234297e6ab988c94 100644
--- a/build/lib.mk
+++ b/build/lib.mk
@@ -1,7 +1,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/build/ltmain.sh b/build/ltmain.sh
index 61666df4dbc14ecad6ec9331350328309cae00a4..be364aa8c8209ffb3ed3b96caa8aef21ec382f9a 100755
--- a/build/ltmain.sh
+++ b/build/ltmain.sh
@@ -28,7 +28,7 @@
# configuration script generated by Autoconf, and is distributable
# under the same distributions terms as OpenLDAP inself.
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/build/man.mk b/build/man.mk
index bbca0e205fd3fab9a0bd43d5a5ba8d7bd320554a..12041a51945cf750a4dffde049aca0451012a617 100644
--- a/build/man.mk
+++ b/build/man.mk
@@ -1,7 +1,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
@@ -32,7 +32,8 @@ all-common:
-e 's%LIBDIR%$(libdir)%' \
-e 's%LIBEXECDIR%$(libexecdir)%' \
-e 's%RELEASEDATE%$(RELEASEDATE)%' \
- $(srcdir)/$$page > $$page.$(TMP_SUFFIX); \
+ $(srcdir)/$$page \
+ | (cd $(srcdir); $(SOELIM) -) > $$page.$(TMP_SUFFIX); \
done
install-common:
diff --git a/build/missing b/build/missing
index baa2e08881877b8a8433bff9e7a6985dafc7beb7..dba6779ea82b7edfba960c6d4f4d26acd697295b 100755
--- a/build/missing
+++ b/build/missing
@@ -29,7 +29,7 @@
# configuration script generated by Autoconf, and is distributable
# under the same distributions terms as OpenLDAP itself.
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/build/mkdep b/build/mkdep
index e30308f8af2d206329727735c41ebbb44c7ee00d..2d62ae2141f4e700a06cceaf9203ea159fdeca75 100755
--- a/build/mkdep
+++ b/build/mkdep
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/build/mkdep.aix b/build/mkdep.aix
index 572a9b6373f0acc65d60ed8ea240dbdd8aacc1d8..ff8896a6d0bdcaef1cd28d80e93239212523d26c 100755
--- a/build/mkdep.aix
+++ b/build/mkdep.aix
@@ -1,7 +1,7 @@
#! /bin/sh
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/build/mkrelease b/build/mkrelease
index d9fa395ed51837d0de3472531f430970f23aaccf..d9baabb8fbea42e68133314d718d013b61fade90 100755
--- a/build/mkrelease
+++ b/build/mkrelease
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/build/mkvers.bat b/build/mkvers.bat
index 618a34c9971d8bccf459ef27f385c0a7177c9823..ff1bee92b079309484808156cef9f2c3df0ec184 100755
--- a/build/mkvers.bat
+++ b/build/mkvers.bat
@@ -1,7 +1,7 @@
:: $OpenLDAP$
:: This work is part of OpenLDAP Software <http://www.openldap.org/>.
::
-:: Copyright 1998-2006 The OpenLDAP Foundation.
+:: Copyright 1998-2007 The OpenLDAP Foundation.
:: All rights reserved.
::
:: Redistribution and use in source and binary forms, with or without
diff --git a/build/mkversion b/build/mkversion
index 2cc2db5f1bcd90bdd6ea5fd0b1fb1b8de4319b46..1a9d7ef40150a101eca85d6f4c2b312bd7260239 100755
--- a/build/mkversion
+++ b/build/mkversion
@@ -3,7 +3,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
@@ -55,7 +55,7 @@ WHOWHERE="$USER@`uname -n`:`pwd`"
cat << __EOF__
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -68,7 +68,7 @@ cat << __EOF__
*/
static const char copyright[] =
-"Copyright 1998-2006 The OpenLDAP Foundation. All rights reserved.\n"
+"Copyright 1998-2007 The OpenLDAP Foundation. All rights reserved.\n"
"COPYING RESTRICTIONS APPLY\n";
$static $const char $SYMBOL[] =
diff --git a/build/mod.mk b/build/mod.mk
index 95f88ad0d7c61189431fd1f13253dddc2da4064c..71463812c299c1720b9e393b02f5eedf3d4da411 100644
--- a/build/mod.mk
+++ b/build/mod.mk
@@ -1,7 +1,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/build/openldap.m4 b/build/openldap.m4
index 273a61c74ff767a5275b60d63230f2f8cf5a0e77..5fa82a24e771b23958033f9509c0dcfc7ce90d4a 100644
--- a/build/openldap.m4
+++ b/build/openldap.m4
@@ -2,7 +2,7 @@ dnl OpenLDAP Autoconf Macros
dnl $OpenLDAP$
dnl This work is part of OpenLDAP Software <http://www.openldap.org/>.
dnl
-dnl Copyright 1998-2006 The OpenLDAP Foundation.
+dnl Copyright 1998-2007 The OpenLDAP Foundation.
dnl All rights reserved.
dnl
dnl Redistribution and use in source and binary forms, with or without
@@ -486,7 +486,12 @@ __db_version
])
if test $ol_cv_bdb_major = 4 ; then
- if test $ol_cv_bdb_minor = 4 ; then
+ if test $ol_cv_bdb_minor = 5 ; then
+ OL_BERKELEY_DB_TRY(ol_cv_db_db45,[-ldb45])
+ OL_BERKELEY_DB_TRY(ol_cv_db_db_45,[-ldb-45])
+ OL_BERKELEY_DB_TRY(ol_cv_db_db_4_dot_5,[-ldb-4.5])
+ OL_BERKELEY_DB_TRY(ol_cv_db_db_4_5,[-ldb-4-5])
+ elif test $ol_cv_bdb_minor = 4 ; then
OL_BERKELEY_DB_TRY(ol_cv_db_db44,[-ldb44])
OL_BERKELEY_DB_TRY(ol_cv_db_db_44,[-ldb-44])
OL_BERKELEY_DB_TRY(ol_cv_db_db_4_dot_4,[-ldb-4.4])
@@ -691,8 +696,8 @@ AC_DEFUN([OL_BDB_COMPAT],
# define DB_VERSION_MINOR 0
#endif
-/* require 4.2 or later */
-#if (DB_VERSION_MAJOR >= 4) && (DB_VERSION_MINOR >= 2)
+/* require 4.2 or later, but exclude 4.3 */
+#if (DB_VERSION_MAJOR >= 4) && (DB_VERSION_MINOR >= 2) && (DB_VERSION_MINOR !=3)
__db_version_compat
#endif
], [ol_cv_bdb_compat=yes], [ol_cv_bdb_compat=no])])
diff --git a/build/rules.mk b/build/rules.mk
index 2b8f01504507f4e42f0997735bd13fedd6fcbb1c..35c2a7f74ec3a64e14056b950d9ce1e238f34ccf 100644
--- a/build/rules.mk
+++ b/build/rules.mk
@@ -1,7 +1,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/build/srv.mk b/build/srv.mk
index 1a3b99353eac4064027b60eab80de210497d6e44..24e4d1eb383506bdc11f5fef846f4bd3d0258d1f 100644
--- a/build/srv.mk
+++ b/build/srv.mk
@@ -1,7 +1,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/build/top.mk b/build/top.mk
index d72cec70d2d5080a6aa21fca8aaff556afac1abc..d63fd33776a20a1d96714ad3dcc978a59c51950e 100644
--- a/build/top.mk
+++ b/build/top.mk
@@ -1,7 +1,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
@@ -149,6 +149,8 @@ SUBST = $(SHTOOL) subst
MANCOMPRESS=$(CAT)
MANCOMPRESSSUFFIX=
+SOELIM=soelim
+
INCLUDEDIR= $(top_srcdir)/include
LDAP_INCPATH= -I$(LDAP_INCDIR) -I$(INCLUDEDIR)
LDAP_LIBDIR= $(top_builddir)/libraries
diff --git a/build/version.h b/build/version.h
index 399d6627330283ba18c23d837b4cb9f4511a61b6..762627218e39590261c8d450b2a8691c35f4985b 100644
--- a/build/version.h
+++ b/build/version.h
@@ -1,6 +1,6 @@
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -13,6 +13,6 @@
*/
static const char copyright[] =
-"Copyright 1998-2006 The OpenLDAP Foundation. All rights reserved.\n"
+"Copyright 1998-2007 The OpenLDAP Foundation. All rights reserved.\n"
"COPYING RESTRICTIONS APPLY.\n";
diff --git a/build/version.sh b/build/version.sh
index 64bc3545a515ba0a81b9c866d57be4789551bfa5..3cd24703d98e0cc872bea032455789edd1d024ad 100755
--- a/build/version.sh
+++ b/build/version.sh
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/build/version.var b/build/version.var
index 25ccabbdf7abd8a87c94c09dddd9acca9cfcc16c..7823dd7796ec87b35373083e34bfd74a18e30807 100644
--- a/build/version.var
+++ b/build/version.var
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
@@ -15,9 +15,9 @@
ol_package=OpenLDAP
ol_major=2
ol_minor=4
-ol_patch=3alpha
-ol_api_inc=20403
+ol_patch=X
+ol_api_inc=20404
ol_api_current=1
-ol_api_revision=2
+ol_api_revision=3
ol_api_age=1
-ol_release_date="2006/08/22"
+ol_release_date="2006/10/20"
diff --git a/clients/Makefile.in b/clients/Makefile.in
index d1a843563e40d931c2185d04213770d5c0890a19..0c83ff462e6104b42887c3d6d95bbf8eae445b61 100644
--- a/clients/Makefile.in
+++ b/clients/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/clients/tools/Makefile.in b/clients/tools/Makefile.in
index 2c10318337336b76bdc510785ccae5a05bfcd208..f6967ad18dd399aa7a688bc135e8b1c6018da13c 100644
--- a/clients/tools/Makefile.in
+++ b/clients/tools/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/clients/tools/common.c b/clients/tools/common.c
index c6fc018af3ccd401576446b6be89d2706dddf8c9..fbacf5ad2991a30285f4cfc3dc931006b6e3db3c 100644
--- a/clients/tools/common.c
+++ b/clients/tools/common.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* Portions Copyright 2003 Kurt D. Zeilenga.
* Portions Copyright 2003 IBM Corporation.
* All rights reserved.
@@ -32,6 +32,7 @@
#include <ac/ctype.h>
#include <ac/unistd.h>
#include <ac/errno.h>
+#include <ac/time.h>
#ifdef HAVE_CYRUS_SASL
#ifdef HAVE_SASL_SASL_H
@@ -52,18 +53,6 @@
#include "common.h"
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
-#if !LDAP_DEPRECATED
-/* Necessary for old LDAPv2 Kerberos Bind methods */
-LDAP_F( int )
-ldap_bind LDAP_P(( /* deprecated */
- LDAP *ld,
- LDAP_CONST char *who,
- LDAP_CONST char *passwd,
- int authmethod ));
-#endif
-#endif
-
/* input-related vars */
/* misc. parameters */
@@ -125,6 +114,9 @@ static int chainingResolve = -1;
static int chainingContinuation = -1;
#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+/* options */
+struct timeval nettimeout = { -1 , 0 };
+
typedef int (*print_ctrl_fn)( LDAP *ld, LDAPControl *ctrl );
static int print_preread( LDAP *ld, LDAPControl *ctrl );
@@ -210,16 +202,18 @@ N_(" [!]preread[=<attrs>] (a comma-separated attribute list)\n")
#ifdef LDAP_DEVEL
N_(" [!]relax\n")
#endif
-N_(" abandon, cancel (SIGINT sends abandon/cancel; not really controls)\n"),
+N_(" abandon, cancel, ignore (SIGINT sends abandon/cancel,\n"
+ " or ignores response; if critical, doesn't wait for SIGINT.\n"
+ " not really controls)\n")
N_(" -f file read operations from `file'\n"),
N_(" -h host LDAP server\n"),
N_(" -H URI LDAP Uniform Resource Indentifier(s)\n"),
N_(" -I use SASL Interactive mode\n"),
-N_(" -k use Kerberos authentication\n"),
-N_(" -K like -k, but do only step 1 of the Kerberos bind\n"),
N_(" -M enable Manage DSA IT control (-MM to make critical)\n"),
N_(" -n show what would be done but don't actually do it\n"),
N_(" -O props SASL security properties\n"),
+N_(" -o <opt>[=<optparam] general options\n"),
+N_(" nettimeout=<timeout> (in seconds, or \"none\" or \"max\")\n"),
N_(" -p port port on LDAP server\n"),
N_(" -P version procotol version (default: 3)\n"),
N_(" -Q use SASL Quiet mode\n"),
@@ -510,9 +504,21 @@ tool_args( int argc, char **argv )
/* this shouldn't go here, really; but it's a feature... */
} else if ( strcasecmp( control, "abandon" ) == 0 ) {
abcan = LDAP_REQ_ABANDON;
+ if ( crit ) {
+ gotintr = abcan;
+ }
} else if ( strcasecmp( control, "cancel" ) == 0 ) {
abcan = LDAP_REQ_EXTENDED;
+ if ( crit ) {
+ gotintr = abcan;
+ }
+
+ } else if ( strcasecmp( control, "ignore" ) == 0 ) {
+ abcan = -1;
+ if ( crit ) {
+ gotintr = abcan;
+ }
} else {
fprintf( stderr, "Invalid general control name: %s\n",
@@ -557,32 +563,6 @@ tool_args( int argc, char **argv )
prog );
exit( EXIT_FAILURE );
#endif
- case 'k': /* kerberos bind */
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
- if( authmethod != -1 ) {
- fprintf( stderr, "%s: -k incompatible with previous "
- "authentication choice\n", prog );
- exit( EXIT_FAILURE );
- }
- authmethod = LDAP_AUTH_KRBV4;
-#else
- fprintf( stderr, "%s: not compiled with Kerberos support\n", prog );
- exit( EXIT_FAILURE );
-#endif
- break;
- case 'K': /* kerberos bind, part one only */
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
- if( authmethod != -1 ) {
- fprintf( stderr, "%s: incompatible with previous "
- "authentication choice\n", prog );
- exit( EXIT_FAILURE );
- }
- authmethod = LDAP_AUTH_KRBV41;
-#else
- fprintf( stderr, "%s: not compiled with Kerberos support\n", prog );
- exit( EXIT_FAILURE );
-#endif
- break;
case 'M':
/* enable Manage DSA IT */
manageDSAit++;
@@ -590,6 +570,45 @@ tool_args( int argc, char **argv )
case 'n': /* print operations, don't actually do them */
dont++;
break;
+ case 'o':
+ control = ber_strdup( optarg );
+ if ( (cvalue = strchr( control, '=' )) != NULL ) {
+ *cvalue++ = '\0';
+ }
+
+ if ( strcasecmp( control, "nettimeout" ) == 0 ) {
+ if( nettimeout.tv_sec != -1 ) {
+ fprintf( stderr, "nettimeout option previously specified\n");
+ exit( EXIT_FAILURE );
+ }
+ if( cvalue == NULL || cvalue[0] == '\0' ) {
+ fprintf( stderr, "nettimeout: option value expected\n" );
+ usage();
+ }
+ if ( strcasecmp( cvalue, "none" ) == 0 ) {
+ nettimeout.tv_sec = 0;
+ } else if ( strcasecmp( cvalue, "max" ) == 0 ) {
+ nettimeout.tv_sec = LDAP_MAXINT;
+ } else {
+ ival = strtol( cvalue, &next, 10 );
+ if ( next == NULL || next[0] != '\0' ) {
+ fprintf( stderr,
+ _("Unable to parse network timeout \"%s\"\n"), cvalue );
+ exit( EXIT_FAILURE );
+ }
+ nettimeout.tv_sec = ival;
+ }
+ if( nettimeout.tv_sec < 0 || nettimeout.tv_sec > LDAP_MAXINT ) {
+ fprintf( stderr, _("%s: invalid network timeout (%ld) specified\n"),
+ prog, (long)nettimeout.tv_sec );
+ exit( EXIT_FAILURE );
+ }
+ } else {
+ fprintf( stderr, "Invalid general option name: %s\n",
+ control );
+ usage();
+ }
+ break;
case 'O':
#ifdef HAVE_CYRUS_SASL
if( sasl_secprops != NULL ) {
@@ -892,15 +911,6 @@ tool_args( int argc, char **argv )
exit( EXIT_FAILURE );
}
#endif
-
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
- } else {
- if ( authmethod == LDAP_AUTH_KRBV4 || authmethod == LDAP_AUTH_KRBV41 ) {
- fprintf( stderr, "%s: -k/-K incompatible with LDAPv%d\n",
- prog, protocol );
- exit( EXIT_FAILURE );
- }
-#endif
}
}
@@ -989,6 +999,16 @@ tool_conn_setup( int dont, void (*private_setup)( LDAP * ) )
}
}
}
+
+ if ( nettimeout.tv_sec > 0 ) {
+ if ( ldap_set_option( ld, LDAP_OPT_NETWORK_TIMEOUT, (void *) &nettimeout )
+ != LDAP_OPT_SUCCESS )
+ {
+ fprintf( stderr, "Could not set LDAP_OPT_NETWORK_TIMEOUT %ld\n",
+ (long)nettimeout.tv_sec );
+ exit( EXIT_FAILURE );
+ }
+ }
}
return ld;
@@ -1069,15 +1089,6 @@ tool_bind( LDAP *ld )
msgbuf[0] = 0;
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
- if ( authmethod == LDAP_AUTH_KRBV4 || authmethod == LDAP_AUTH_KRBV41 ) {
- msgid = ldap_bind( ld, binddn, passwd.bv_val, authmethod );
- if ( msgid == -1 ) {
- tool_perror( "ldap_bind", -1, NULL, NULL, NULL, NULL );
- exit( LDAP_LOCAL_ERROR );
- }
- } else
-#endif
{
/* simple bind */
rc = ldap_sasl_bind( ld, binddn, LDAP_SASL_SIMPLE, &passwd,
@@ -1427,6 +1438,10 @@ tool_check_abandon( LDAP *ld, int msgid )
fprintf( stderr, "got interrupt, abandon got %d: %s\n",
rc, ldap_err2string( rc ) );
return -1;
+
+ case -1:
+ /* just unbind, ignoring the request */
+ return -1;
}
return 0;
diff --git a/clients/tools/common.h b/clients/tools/common.h
index 9f917843f55f19ce5b7ffc96c4189b1371fdbc8f..4445b782a6adae3525baa38d737eb314d07bdfa7 100644
--- a/clients/tools/common.h
+++ b/clients/tools/common.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -94,6 +94,9 @@ extern struct berval pr_cookie;
extern int chaining;
#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+/* options */
+extern struct timeval nettimeout;
+
/* Defined in common.c, set in main() */
extern const char __Version[];
diff --git a/clients/tools/ldapcompare.c b/clients/tools/ldapcompare.c
index 317224acfc626fe04197f0d78b8ca2643ac43dbd..47753525e17166b6a19f4892ec6405a541ffcf3d 100644
--- a/clients/tools/ldapcompare.c
+++ b/clients/tools/ldapcompare.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* Portions Copyright 1998-2001 Net Boolean Incorporated.
* All rights reserved.
@@ -102,7 +102,7 @@ static int docompare LDAP_P((
const char options[] = "z"
- "Cd:D:e:h:H:IkKMnO:p:P:QR:U:vVw:WxX:y:Y:Z";
+ "Cd:D:e:h:H:IMnO:o:p:P:QR:U:vVw:WxX:y:Y:Z";
#ifdef LDAP_CONTROL_DONTUSECOPY
int dontUseCopy = 0;
diff --git a/clients/tools/ldapdelete.c b/clients/tools/ldapdelete.c
index 741c52dcdc0e26c14f2eb9fc255b80b34c0c219c..8133a2d3a05d31b809b7326e3737d463f647e5b0 100644
--- a/clients/tools/ldapdelete.c
+++ b/clients/tools/ldapdelete.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* All rights reserved.
*
@@ -76,7 +76,7 @@ usage( void )
const char options[] = "r"
- "cd:D:e:f:h:H:IkKMnO:p:P:QR:U:vVw:WxX:y:Y:Z";
+ "cd:D:e:f:h:H:IMnO:o:p:P:QR:U:vVw:WxX:y:Y:Z";
int
handle_private_option( int i )
diff --git a/clients/tools/ldapexop.c b/clients/tools/ldapexop.c
index 0ffe42dd5ee2733673d422e5c38e419300458008..59632de3c2693a773e6132ef848e49a36f4f2712 100644
--- a/clients/tools/ldapexop.c
+++ b/clients/tools/ldapexop.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2005-2006 The OpenLDAP Foundation.
+ * Copyright 2005-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -49,7 +49,7 @@ usage( void )
const char options[] = ""
- "d:D:e:h:H:InO:p:QR:U:vVw:WxX:y:Y:Z";
+ "d:D:e:h:H:InO:o:p:QR:U:vVw:WxX:y:Y:Z";
int
handle_private_option( int i )
diff --git a/clients/tools/ldapmodify.c b/clients/tools/ldapmodify.c
index b33c93262e4afae9a81e5f8be15123c1be791af7..ee59c0f7dc8f83d0a203245f952f024cb591ff00 100644
--- a/clients/tools/ldapmodify.c
+++ b/clients/tools/ldapmodify.c
@@ -2,7 +2,8 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2006 Howard Chu.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* Portions Copyright 1998-2001 Net Boolean Incorporated.
* Portions Copyright 2001-2003 IBM Corporation.
@@ -32,6 +33,7 @@
* include:
* Kurt D. Zeilenga
* Norbert Klasen
+ * Howard Chu
*/
#include "portable.h"
@@ -64,44 +66,42 @@
#include "ldap_defaults.h"
#include "ldap_log.h"
#include "ldap_pvt.h"
+#include "lber_pvt.h"
#include "common.h"
-
static int ldapadd, force = 0;
static char *rejfile = NULL;
static LDAP *ld = NULL;
-#define LDAPMOD_MAXLINE 4096
+#define M_SEP 0x7f
/* strings found in replog/LDIF entries (mostly lifted from slurpd/slurp.h) */
-#define T_VERSION_STR "version"
-#define T_REPLICA_STR "replica"
-#define T_DN_STR "dn"
-#define T_CONTROL_STR "control"
-#define T_CHANGETYPESTR "changetype"
-#define T_ADDCTSTR "add"
-#define T_MODIFYCTSTR "modify"
-#define T_DELETECTSTR "delete"
-#define T_MODRDNCTSTR "modrdn"
-#define T_MODDNCTSTR "moddn"
-#define T_RENAMECTSTR "rename"
-#define T_MODOPADDSTR "add"
-#define T_MODOPREPLACESTR "replace"
-#define T_MODOPDELETESTR "delete"
-#define T_MODOPINCREMENTSTR "increment"
-#define T_MODSEPSTR "-"
-#define T_NEWRDNSTR "newrdn"
-#define T_DELETEOLDRDNSTR "deleteoldrdn"
-#define T_NEWSUPSTR "newsuperior"
-
-
-static int process_ldif_rec LDAP_P(( char *rbuf, int count ));
-static int parse_ldif_control LDAP_P(( char *line, LDAPControl ***pctrls ));
-static void addmodifyop LDAP_P((
- LDAPMod ***pmodsp, int modop,
- const char *attr,
- struct berval *value ));
+static struct berval BV_VERSION = BER_BVC("version");
+static struct berval BV_REPLICA = BER_BVC("replica");
+static struct berval BV_DN = BER_BVC("dn");
+static struct berval BV_CONTROL = BER_BVC("control");
+static struct berval BV_CHANGETYPE = BER_BVC("changetype");
+static struct berval BV_ADDCT = BER_BVC("add");
+static struct berval BV_MODIFYCT = BER_BVC("modify");
+static struct berval BV_DELETECT = BER_BVC("delete");
+static struct berval BV_MODRDNCT = BER_BVC("modrdn");
+static struct berval BV_MODDNCT = BER_BVC("moddn");
+static struct berval BV_RENAMECT = BER_BVC("rename");
+static struct berval BV_MODOPADD = BER_BVC("add");
+static struct berval BV_MODOPREPLACE = BER_BVC("replace");
+static struct berval BV_MODOPDELETE = BER_BVC("delete");
+static struct berval BV_MODOPINCREMENT = BER_BVC("increment");
+static struct berval BV_MODSEP = BER_BVC("-");
+static struct berval BV_NEWRDN = BER_BVC("newrdn");
+static struct berval BV_DELETEOLDRDN = BER_BVC("deleteoldrdn");
+static struct berval BV_NEWSUP = BER_BVC("newsuperior");
+
+#define BVICMP(a,b) ((a)->bv_len != (b)->bv_len ? \
+ (a)->bv_len - (b)->bv_len : strcasecmp((a)->bv_val, (b)->bv_val))
+
+static int process_ldif_rec LDAP_P(( char *rbuf, int lineno ));
+static int parse_ldif_control LDAP_P(( struct berval *val, LDAPControl ***pctrls ));
static int domodify LDAP_P((
const char *dn,
LDAPMod **pmods,
@@ -121,7 +121,6 @@ static int process_response(
int msgid,
int res,
const char *dn );
-static char *read_one_record LDAP_P(( FILE *fp ));
#ifdef LDAP_X_TXN
static int txn = 0;
@@ -155,7 +154,7 @@ usage( void )
const char options[] = "aE:FrS:"
- "cd:D:e:f:h:H:IkKMnO:p:P:QR:U:vVw:WxX:y:Y:Z";
+ "cd:D:e:f:h:H:IMnO:o:p:P:QR:U:vVw:WxX:y:Y:Z";
int
handle_private_option( int i )
@@ -244,12 +243,14 @@ handle_private_option( int i )
int
main( int argc, char **argv )
{
- char *rbuf, *start, *rejbuf = NULL;
- FILE *fp, *rejfp;
+ char *rbuf = NULL, *rejbuf = NULL;
+ FILE *rejfp;
+ struct LDIFFP *ldiffp, ldifdummy = {0};
char *matched_msg, *error_msg;
int rc, retval;
- int count, len;
+ int len;
int i = 0;
+ int lineno, nextline = 0, lmax = 0;
LDAPControl c[1];
prog = lutil_progname( "ldapmodify", argc, argv );
@@ -273,12 +274,13 @@ main( int argc, char **argv )
}
if ( infile != NULL ) {
- if (( fp = fopen( infile, "r" )) == NULL ) {
+ if (( ldiffp = ldif_open( infile, "r" )) == NULL ) {
perror( infile );
return( EXIT_FAILURE );
}
} else {
- fp = stdin;
+ ldifdummy.fp = stdin;
+ ldiffp = &ldifdummy;
}
if ( debug ) ldif_debug = debug;
@@ -329,15 +331,11 @@ main( int argc, char **argv )
tool_server_controls( ld, c, i );
rc = 0;
- count = 0;
retval = 0;
- while (( rc == 0 || contoper ) &&
- ( rbuf = read_one_record( fp )) != NULL )
+ lineno = 1;
+ while (( rc == 0 || contoper ) && ldif_read_record( ldiffp, &nextline,
+ &rbuf, &lmax ))
{
- count++;
-
- start = rbuf;
-
if ( rejfp ) {
len = strlen( rbuf );
if (( rejbuf = (char *)ber_memalloc( len+1 )) == NULL ) {
@@ -347,7 +345,8 @@ main( int argc, char **argv )
memcpy( rejbuf, rbuf, len+1 );
}
- rc = process_ldif_rec( start, count );
+ rc = process_ldif_rec( rbuf, lineno );
+ lineno = nextline+1;
if ( rc ) retval = rc;
if ( rc && rejfp ) {
@@ -374,8 +373,8 @@ main( int argc, char **argv )
}
if (rejfp) free( rejbuf );
- free( rbuf );
}
+ free( rbuf );
#ifdef LDAP_X_TXN
if( retval == 0 && txn ) {
@@ -407,24 +406,25 @@ main( int argc, char **argv )
static int
-process_ldif_rec( char *rbuf, int count )
+process_ldif_rec( char *rbuf, int linenum )
{
- char *line, *dn, *type, *newrdn, *newsup, *p;
- int rc, linenum, modop, replicaport;
- int expect_modop, expect_sep, expect_ct, expect_newrdn, expect_newsup;
- int expect_deleteoldrdn, deleteoldrdn;
+ char *line, *dn, *newrdn, *newsup;
+ int rc, modop, replicaport;
+ int expect_modop, expect_sep;
+ int deleteoldrdn;
int saw_replica, use_record, new_entry, delete_entry, got_all;
- LDAPMod **pmods;
+ LDAPMod **pmods, *lm = NULL;
int version;
- struct berval val;
LDAPControl **pctrls;
+ int i, j, k, lines, idn, nmods;
+ struct berval *btype, *vals, **bvl, bv;
+ char *freeval;
+ unsigned char *mops = NULL;
new_entry = ldapadd;
rc = got_all = saw_replica = delete_entry = modop = expect_modop = 0;
- expect_deleteoldrdn = expect_newrdn = expect_newsup = 0;
- expect_sep = expect_ct = 0;
- linenum = 0;
+ expect_sep = 0;
version = 0;
deleteoldrdn = 1;
use_record = force;
@@ -432,237 +432,430 @@ process_ldif_rec( char *rbuf, int count )
pctrls = NULL;
dn = newrdn = newsup = NULL;
+ lines = ldif_countlines( rbuf );
+ btype = ber_memcalloc( 1, (lines+1)*2*sizeof(struct berval)+lines );
+ if ( !btype )
+ return LDAP_NO_MEMORY;
+
+ vals = btype+lines+1;
+ freeval = (char *)(vals+lines+1);
+ i = -1;
+
while ( rc == 0 && ( line = ldif_getline( &rbuf )) != NULL ) {
- ++linenum;
+ int freev;
- if ( expect_sep && strcasecmp( line, T_MODSEPSTR ) == 0 ) {
- expect_sep = 0;
- expect_ct = 1;
+ if ( *line == '\n' || *line == '\0' ) {
+ break;
+ }
+
+ ++i;
+
+ if ( line[0] == '-' && !line[1] ) {
+ BER_BVZERO( btype+i );
+ freeval[i] = 0;
continue;
}
- if ( ldif_parse_line( line, &type, &val.bv_val, &val.bv_len ) < 0 ) {
+ if ( ( rc = ldif_parse_line2( line, btype+i, vals+i, &freev ) ) < 0 ) {
fprintf( stderr, _("%s: invalid format (line %d) entry: \"%s\"\n"),
- prog, linenum, dn == NULL ? "" : dn );
+ prog, linenum+i, dn == NULL ? "" : dn );
rc = LDAP_PARAM_ERROR;
break;
}
+ freeval[i] = freev;
if ( dn == NULL ) {
- if ( !use_record && strcasecmp( type, T_REPLICA_STR ) == 0 ) {
+ if ( !use_record && !BVICMP( btype+i, &BV_REPLICA )) {
+ char *p;
++saw_replica;
- if (( p = strchr( val.bv_val, ':' )) == NULL ) {
+ if (( p = strchr( vals[i].bv_val, ':' )) == NULL ) {
replicaport = 0;
} else {
*p++ = '\0';
if ( lutil_atoi( &replicaport, p ) != 0 ) {
fprintf( stderr, _("%s: unable to parse replica port \"%s\" (line %d) entry: \"%s\"\n"),
- prog, p, linenum, dn == NULL ? "" : dn );
+ prog, p, linenum+i, dn == NULL ? "" : dn );
rc = LDAP_PARAM_ERROR;
break;
}
}
if ( ldaphost != NULL &&
- strcasecmp( val.bv_val, ldaphost ) == 0 &&
+ strcasecmp( vals[i].bv_val, ldaphost ) == 0 &&
replicaport == ldapport )
{
use_record = 1;
}
- } else if ( count == 1 && linenum == 1 &&
- strcasecmp( type, T_VERSION_STR ) == 0 )
- {
+ } else if ( linenum+i == 1 && !BVICMP( btype+i, &BV_VERSION )) {
int v;
- if( val.bv_len == 0 || lutil_atoi( &v, val.bv_val) != 0 || v != 1 ) {
+ if( vals[i].bv_len == 0 || lutil_atoi( &v, vals[i].bv_val) != 0 || v != 1 ) {
fprintf( stderr,
_("%s: invalid version %s, line %d (ignored)\n"),
- prog, val.bv_val, linenum );
+ prog, vals[i].bv_val, linenum );
}
version++;
- } else if ( strcasecmp( type, T_DN_STR ) == 0 ) {
- if (( dn = ber_strdup( val.bv_val )) == NULL ) {
- perror( "strdup" );
- exit( EXIT_FAILURE );
+ } else if ( !BVICMP( btype+i, &BV_DN )) {
+ dn = vals[i].bv_val;
+ idn = i;
+ if ( !use_record && saw_replica ) {
+ printf(_("%s: skipping change record for entry: %s at line %d\n"),
+ prog, dn, linenum+i);
+ printf(_("\t(LDAP host/port does not match replica: lines)\n"));
+ rc = 0;
+ goto leave;
}
- expect_ct = 1;
}
- goto end_line; /* skip all lines until we see "dn:" */
+ /* skip all lines until we see "dn:" */
}
+ }
- if ( expect_ct ) {
- /* Check for "control" tag after dn and before changetype. */
- if (strcasecmp(type, T_CONTROL_STR) == 0) {
- /* Parse and add it to the list of controls */
- rc = parse_ldif_control( line, &pctrls );
- if (rc != 0) {
- fprintf( stderr,
- _("%s: Error processing %s line, line %d: %s\n"),
- prog, T_CONTROL_STR, linenum, ldap_err2string(rc) );
- }
- goto end_line;
- }
+ /* check to make sure there was a dn: line */
+ if ( !dn ) {
+ rc = 0;
+ goto leave;
+ }
- expect_ct = 0;
- if ( !use_record && saw_replica ) {
- printf(_("%s: skipping change record for entry: %s\n"),
- prog, dn);
- printf(_("\t(LDAP host/port does not match replica: lines)\n"));
- free( dn );
- ber_memfree( type );
- ber_memfree( val.bv_val );
- return( 0 );
- }
+ lines = i+1;
+
+ if( lines == 0 ) {
+ rc = 0;
+ goto leave;
+ }
+
+ if( version && lines == 1 ) {
+ rc = 0;
+ goto leave;
+ }
+
+ i = idn+1;
+ /* Check for "control" tag after dn and before changetype. */
+ if (!BVICMP( btype+i, &BV_CONTROL)) {
+ /* Parse and add it to the list of controls */
+ rc = parse_ldif_control( vals+i, &pctrls );
+ if (rc != 0) {
+ fprintf( stderr,
+ _("%s: Error processing %s line, line %d: %s\n"),
+ prog, BV_CONTROL.bv_val, linenum+i, ldap_err2string(rc) );
+ }
+ i++;
+ if ( i>= lines ) {
+short_input:
+ fprintf( stderr,
+ _("%s: Expecting more input after %s line, line %d\n"),
+ prog, btype[i-1].bv_val, linenum+i );
+
+ rc = LDAP_PARAM_ERROR;
+ goto leave;
+ }
+ }
- if ( strcasecmp( type, T_CHANGETYPESTR ) == 0 ) {
+ /* Check for changetype */
+ if ( !BVICMP( btype+i, &BV_CHANGETYPE )) {
#ifdef LIBERAL_CHANGETYPE_MODOP
- /* trim trailing spaces (and log warning ...) */
- int icnt;
- for ( icnt = val.bv_len; --icnt > 0; ) {
- if ( !isspace( (unsigned char) val.bv_val[icnt] ) ) {
- break;
- }
- }
+ /* trim trailing spaces (and log warning ...) */
+ int icnt;
+ for ( icnt = vals[i].bv_len; --icnt > 0; ) {
+ if ( !isspace( (unsigned char) vals[i].bv_val[icnt] ) ) {
+ break;
+ }
+ }
- if ( ++icnt != val.bv_len ) {
- fprintf( stderr, _("%s: illegal trailing space after"
- " \"%s: %s\" trimmed (line %d of entry \"%s\")\n"),
- prog, T_CHANGETYPESTR, val.bv_val, linenum, dn );
- val.bv_val[icnt] = '\0';
- }
+ if ( ++icnt != vals[i].bv_len ) {
+ fprintf( stderr, _("%s: illegal trailing space after"
+ " \"%s: %s\" trimmed (line %d, entry \"%s\")\n"),
+ prog, BV_CHANGETYPE.bv_val, vals[i].bv_val, linenum+i, dn );
+ vals[i].bv_val[icnt] = '\0';
+ }
#endif /* LIBERAL_CHANGETYPE_MODOP */
- if ( strcasecmp( val.bv_val, T_MODIFYCTSTR ) == 0 ) {
- new_entry = 0;
- expect_modop = 1;
- } else if ( strcasecmp( val.bv_val, T_ADDCTSTR ) == 0 ) {
- new_entry = 1;
- } else if ( strcasecmp( val.bv_val, T_MODRDNCTSTR ) == 0
- || strcasecmp( val.bv_val, T_MODDNCTSTR ) == 0
- || strcasecmp( val.bv_val, T_RENAMECTSTR ) == 0)
- {
- expect_newrdn = 1;
- } else if ( strcasecmp( val.bv_val, T_DELETECTSTR ) == 0 ) {
- got_all = delete_entry = 1;
- } else {
- fprintf( stderr,
- _("%s: unknown %s \"%s\" (line %d of entry \"%s\")\n"),
- prog, T_CHANGETYPESTR, val.bv_val, linenum, dn );
+ if ( BVICMP( vals+i, &BV_MODIFYCT ) == 0 ) {
+ new_entry = 0;
+ expect_modop = 1;
+ } else if ( BVICMP( vals+i, &BV_ADDCT ) == 0 ) {
+ new_entry = 1;
+ modop = LDAP_MOD_ADD;
+ } else if ( BVICMP( vals+i, &BV_MODRDNCT ) == 0
+ || BVICMP( vals+i, &BV_MODDNCT ) == 0
+ || BVICMP( vals+i, &BV_RENAMECT ) == 0)
+ {
+ i++;
+ if ( i >= lines )
+ goto short_input;
+ if ( BVICMP( btype+i, &BV_NEWRDN )) {
+ fprintf( stderr, _("%s: expecting \"%s:\" but saw"
+ " \"%s:\" (line %d, entry \"%s\")\n"),
+ prog, BV_NEWRDN.bv_val, btype[i].bv_val, linenum+i, dn );
+ rc = LDAP_PARAM_ERROR;
+ goto leave;
+ }
+ newrdn = vals[i].bv_val;
+ i++;
+ if ( i >= lines )
+ goto short_input;
+ if ( BVICMP( btype+i, &BV_DELETEOLDRDN )) {
+ fprintf( stderr, _("%s: expecting \"%s:\" but saw"
+ " \"%s:\" (line %d, entry \"%s\")\n"),
+ prog, BV_DELETEOLDRDN.bv_val, btype[i].bv_val, linenum+i, dn );
+ rc = LDAP_PARAM_ERROR;
+ goto leave;
+ }
+ deleteoldrdn = ( vals[i].bv_val[0] == '0' ) ? 0 : 1;
+ i++;
+ if ( i < lines ) {
+ if ( BVICMP( btype+i, &BV_NEWSUP )) {
+ fprintf( stderr, _("%s: expecting \"%s:\" but saw"
+ " \"%s:\" (line %d, entry \"%s\")\n"),
+ prog, BV_NEWSUP.bv_val, btype[i].bv_val, linenum+i, dn );
rc = LDAP_PARAM_ERROR;
+ goto leave;
}
- goto end_line;
- } else if ( ldapadd ) { /* missing changetype => add */
- new_entry = 1;
- modop = LDAP_MOD_ADD;
- } else {
- expect_modop = 1; /* missing changetype => modify */
+ newsup = vals[i].bv_val;
+ i++;
}
+ got_all = 1;
+ } else if ( BVICMP( vals+i, &BV_DELETECT ) == 0 ) {
+ got_all = delete_entry = 1;
+ } else {
+ fprintf( stderr,
+ _("%s: unknown %s \"%s\" (line %d, entry \"%s\")\n"),
+ prog, BV_CHANGETYPE.bv_val, vals[i].bv_val, linenum+i, dn );
+ rc = LDAP_PARAM_ERROR;
+ goto leave;
}
+ i++;
+ } else if ( ldapadd ) { /* missing changetype => add */
+ new_entry = 1;
+ modop = LDAP_MOD_ADD;
+ } else {
+ expect_modop = 1; /* missing changetype => modify */
+ }
+ if ( got_all ) {
+ if ( i < lines ) {
+ fprintf( stderr,
+ _("%s: extra lines at end (line %d, entry \"%s\")\n"),
+ prog, linenum+i, dn );
+ rc = LDAP_PARAM_ERROR;
+ goto leave;
+ }
+ goto doit;
+ }
+
+ nmods = lines - i;
+ idn = i;
+
+ if ( new_entry ) {
+ int fv;
+
+ /* Make sure all attributes with multiple values are contiguous */
+ for (; i<lines; i++) {
+ for (j=i+1; j<lines; j++) {
+ if ( !BVICMP( btype+i, btype+j )) {
+ nmods--;
+ /* out of order, move intervening attributes down */
+ if ( j != i+1 ) {
+ bv = vals[j];
+ fv = freeval[j];
+ for (k=j; k>i; k--) {
+ btype[k] = btype[k-1];
+ vals[k] = vals[k-1];
+ freeval[k] = freeval[k-1];
+ }
+ k++;
+ btype[k] = btype[i];
+ vals[k] = bv;
+ freeval[k] = fv;
+ }
+ i++;
+ }
+ }
+ }
+ /* Allocate space for array of mods, array of pointers to mods,
+ * and array of pointers to values, allowing for NULL terminators
+ * for the pointer arrays...
+ */
+ lm = ber_memalloc( nmods * sizeof(LDAPMod) +
+ (nmods+1) * sizeof(LDAPMod*) +
+ (lines + nmods - idn) * sizeof(struct berval *));
+ pmods = (LDAPMod **)(lm+nmods);
+ bvl = (struct berval **)(pmods+nmods+1);
+
+ j = 0;
+ k = -1;
+ BER_BVZERO(&bv);
+ for (i=idn; i<lines; i++) {
+ if ( !BVICMP( btype+i, &BV_DN )) {
+ fprintf( stderr, _("%s: attributeDescription \"%s\":"
+ " (possible missing newline"
+ " after line %d, entry \"%s\"?)\n"),
+ prog, btype[i].bv_val, linenum+i - 1, dn );
+ }
+ if ( BVICMP(btype+i,&bv)) {
+ bvl[k++] = NULL;
+ bv = btype[i];
+ lm[j].mod_op = LDAP_MOD_ADD | LDAP_MOD_BVALUES;
+ lm[j].mod_type = bv.bv_val;
+ lm[j].mod_bvalues = bvl+k;
+ pmods[j] = lm+j;
+ j++;
+ }
+ bvl[k++] = vals+i;
+ }
+ bvl[k] = NULL;
+ pmods[j] = NULL;
+ goto doit;
+ }
+
+ mops = ber_memalloc( lines+1 );
+ mops[lines] = M_SEP;
+ mops[i-1] = M_SEP;
+
+ for ( ; i<lines; i++ ) {
if ( expect_modop ) {
#ifdef LIBERAL_CHANGETYPE_MODOP
/* trim trailing spaces (and log warning ...) */
int icnt;
- for ( icnt = val.bv_len; --icnt > 0; ) {
- if ( !isspace( (unsigned char) val.bv_val[icnt] ) ) break;
+ for ( icnt = vals[i].bv_len; --icnt > 0; ) {
+ if ( !isspace( (unsigned char) vals[i].bv_val[icnt] ) ) break;
}
- if ( ++icnt != val.bv_len ) {
+ if ( ++icnt != vals[i].bv_len ) {
fprintf( stderr, _("%s: illegal trailing space after"
- " \"%s: %s\" trimmed (line %d of entry \"%s\")\n"),
- prog, type, val.bv_val, linenum, dn );
- val.bv_val[icnt] = '\0';
+ " \"%s: %s\" trimmed (line %d, entry \"%s\")\n"),
+ prog, type, vals[i].bv_val, linenum+i, dn );
+ vals[i].bv_val[icnt] = '\0';
}
#endif /* LIBERAL_CHANGETYPE_MODOP */
expect_modop = 0;
expect_sep = 1;
- if ( strcasecmp( type, T_MODOPADDSTR ) == 0 ) {
+ if ( BVICMP( btype+i, &BV_MODOPADD ) == 0 ) {
modop = LDAP_MOD_ADD;
- goto end_line;
- } else if ( strcasecmp( type, T_MODOPREPLACESTR ) == 0 ) {
+ mops[i] = M_SEP;
+ nmods--;
+ } else if ( BVICMP( btype+i, &BV_MODOPREPLACE ) == 0 ) {
+ /* defer handling these since they might have no values.
+ * Use the BVALUES flag to signal that these were
+ * deferred. If values are provided later, this
+ * flag will be switched off.
+ */
modop = LDAP_MOD_REPLACE;
- addmodifyop( &pmods, modop, val.bv_val, NULL );
- goto end_line;
- } else if ( strcasecmp( type, T_MODOPDELETESTR ) == 0 ) {
+ mops[i] = modop | LDAP_MOD_BVALUES;
+ btype[i] = vals[i];
+ } else if ( BVICMP( btype+i, &BV_MODOPDELETE ) == 0 ) {
modop = LDAP_MOD_DELETE;
- addmodifyop( &pmods, modop, val.bv_val, NULL );
- goto end_line;
- } else if ( strcasecmp( type, T_MODOPINCREMENTSTR ) == 0 ) {
+ mops[i] = modop | LDAP_MOD_BVALUES;
+ btype[i] = vals[i];
+ } else if ( BVICMP( btype+i, &BV_MODOPINCREMENT ) == 0 ) {
modop = LDAP_MOD_INCREMENT;
- addmodifyop( &pmods, modop, val.bv_val, NULL );
- goto end_line;
- } else { /* no modify op: use default */
- modop = ldapadd ? LDAP_MOD_ADD : LDAP_MOD_REPLACE;
- }
- }
-
- if ( expect_newrdn ) {
- if ( strcasecmp( type, T_NEWRDNSTR ) == 0 ) {
- if (( newrdn = ber_strdup( val.bv_val )) == NULL ) {
- perror( "strdup" );
- exit( EXIT_FAILURE );
- }
- expect_deleteoldrdn = 1;
- expect_newrdn = 0;
- } else {
- fprintf( stderr, _("%s: expecting \"%s:\" but saw"
- " \"%s:\" (line %d of entry \"%s\")\n"),
- prog, T_NEWRDNSTR, type, linenum, dn );
+ mops[i] = M_SEP;
+ nmods--;
+ } else { /* no modify op: invalid LDIF */
+ fprintf( stderr, _("%s: modify operation type is missing at"
+ " line %d, entry \"%s\"\n"),
+ prog, linenum+i, dn );
rc = LDAP_PARAM_ERROR;
+ goto leave;
}
- } else if ( expect_deleteoldrdn ) {
- if ( strcasecmp( type, T_DELETEOLDRDNSTR ) == 0 ) {
- deleteoldrdn = ( *val.bv_val == '0' ) ? 0 : 1;
- expect_deleteoldrdn = 0;
- expect_newsup = 1;
- got_all = 1;
- } else {
- fprintf( stderr, _("%s: expecting \"%s:\" but saw"
- " \"%s:\" (line %d of entry \"%s\")\n"),
- prog, T_DELETEOLDRDNSTR, type, linenum, dn );
- rc = LDAP_PARAM_ERROR;
- }
- } else if ( expect_newsup ) {
- if ( strcasecmp( type, T_NEWSUPSTR ) == 0 ) {
- if (( newsup = ber_strdup( val.bv_val )) == NULL ) {
- perror( "strdup" );
- exit( EXIT_FAILURE );
- }
- expect_newsup = 0;
- } else {
- fprintf( stderr, _("%s: expecting \"%s:\" but saw"
- " \"%s:\" (line %d of entry \"%s\")\n"),
- prog, T_NEWSUPSTR, type, linenum, dn );
+ bv = vals[i];
+ } else if ( expect_sep && BER_BVISEMPTY( btype+i )) {
+ mops[i] = M_SEP;
+ expect_sep = 0;
+ expect_modop = 1;
+ nmods--;
+ } else {
+ if ( BVICMP( btype+i, &bv )) {
+ fprintf( stderr, _("%s: wrong attributeType at"
+ " line %d, entry \"%s\"\n"),
+ prog, linenum+i, dn );
rc = LDAP_PARAM_ERROR;
+ goto leave;
}
- } else if ( got_all ) {
- fprintf( stderr,
- _("%s: extra lines at end (line %d of entry \"%s\")\n"),
- prog, linenum, dn );
- rc = LDAP_PARAM_ERROR;
- } else {
- if ( new_entry && strcasecmp( type, T_DN_STR ) == 0 ) {
- fprintf( stderr, _("%s: attributeDescription \"%s\":"
- " (possible missing newline"
- " after line %d of entry \"%s\"?)\n"),
- prog, type, linenum - 1, dn );
+ mops[i] = modop;
+ /* If prev op was deferred and matches this type,
+ * clear the flag
+ */
+ if ( (mops[i-1]&LDAP_MOD_BVALUES) && !BVICMP(btype+i,
+ btype+i-1)) {
+ mops[i-1] = M_SEP;
+ nmods--;
}
- addmodifyop( &pmods, modop, type, &val );
}
-
-end_line:
- ber_memfree( type );
- ber_memfree( val.bv_val );
}
- if( linenum == 0 ) {
- return 0;
+#if 0 /* we should faithfully encode the LDIF, not combine */
+ /* Make sure all modops with multiple values are contiguous */
+ for (i=idn; i<lines; i++) {
+ if ( mops[i] == M_SEP )
+ continue;
+ for (j=i+1; j<lines; j++) {
+ if ( mops[j] == M_SEP || mops[i] != mops[j] )
+ continue;
+ if ( !BVICMP( btype+i, btype+j )) {
+ nmods--;
+ /* out of order, move intervening attributes down */
+ if ( j != i+1 ) {
+ int c;
+ struct berval bv;
+ char fv;
+
+ c = mops[j];
+ bv = vals[j];
+ fv = freeval[j];
+ for (k=j; k>i; k--) {
+ btype[k] = btype[k-1];
+ vals[k] = vals[k-1];
+ freeval[k] = freeval[k-1];
+ mops[k] = mops[k-1];
+ }
+ k++;
+ btype[k] = btype[i];
+ vals[k] = bv;
+ freeval[k] = fv;
+ mops[k] = c;
+ }
+ i++;
+ }
+ }
}
+#endif
- if( version && linenum == 1 ) {
- return 0;
+ /* Allocate space for array of mods, array of pointers to mods,
+ * and array of pointers to values, allowing for NULL terminators
+ * for the pointer arrays...
+ */
+ lm = ber_memalloc( nmods * sizeof(LDAPMod) +
+ (nmods+1) * sizeof(LDAPMod*) +
+ (lines + nmods - idn) * sizeof(struct berval *));
+ pmods = (LDAPMod **)(lm+nmods);
+ bvl = (struct berval **)(pmods+nmods+1);
+
+ j = 0;
+ k = -1;
+ BER_BVZERO(&bv);
+ mops[idn-1] = M_SEP;
+ for (i=idn; i<lines; i++) {
+ if ( mops[i] == M_SEP )
+ continue;
+ if ( mops[i] != mops[i-1] || BVICMP(btype+i,&bv)) {
+ bvl[k++] = NULL;
+ bv = btype[i];
+ lm[j].mod_op = mops[i] | LDAP_MOD_BVALUES;
+ lm[j].mod_type = bv.bv_val;
+ if ( mops[i] & LDAP_MOD_BVALUES ) {
+ lm[j].mod_bvalues = NULL;
+ } else {
+ lm[j].mod_bvalues = bvl+k;
+ }
+ pmods[j] = lm+j;
+ j++;
+ }
+ bvl[k++] = vals+i;
}
+ bvl[k] = NULL;
+ pmods[j] = NULL;
+doit:
/* If default controls are set (as with -M option) and controls are
specified in the LDIF file, we must add the default controls to
the list of controls sent with the ldap operation.
@@ -699,7 +892,6 @@ end_line:
}
}
-
if ( rc == 0 ) {
if ( delete_entry ) {
rc = dodelete( dn, pctrls );
@@ -714,21 +906,19 @@ end_line:
}
}
- if ( dn != NULL ) {
- free( dn );
- }
- if ( newrdn != NULL ) {
- free( newrdn );
- }
- if ( newsup != NULL ) {
- free( newsup );
- }
- if ( pmods != NULL ) {
- ldap_mods_free( pmods, 1 );
- }
+leave:
if (pctrls != NULL) {
ldap_controls_free( pctrls );
}
+ if ( lm != NULL ) {
+ ber_memfree( lm );
+ }
+ if ( mops != NULL ) {
+ ber_memfree( mops );
+ }
+ for (i=lines-1; i>=0; i--)
+ if ( freeval[i] ) ber_memfree( vals[i].bv_val );
+ ber_memfree( btype );
return( rc );
}
@@ -741,30 +931,21 @@ end_line:
*/
static int
parse_ldif_control(
- char *line,
+ struct berval *bval,
LDAPControl ***ppctrls )
{
char *oid = NULL;
int criticality = 0; /* Default is false if not present */
- char *type=NULL;
- char *val = NULL;
- ber_len_t value_len = 0;
int i, rc=0;
- char *s, *oidStart, *pcolon;
+ char *s, *oidStart;
LDAPControl *newctrl = NULL;
LDAPControl **pctrls = NULL;
+ struct berval type, bv;
+ int freeval;
if (ppctrls) pctrls = *ppctrls;
- s = line + strlen(T_CONTROL_STR); /* Skip over "control" */
- pcolon = s; /* Save this position for later */
- if (*s++ != ':') { /* Make sure colon follows */
- return ( LDAP_PARAM_ERROR );
- }
- while (*s && isspace((unsigned char)*s)) {
- s++; /* Skip white space before OID */
- }
-
- /* OID should come next. Validate and extract it. */
+ /* OID should come first. Validate and extract it. */
+ s = bval->bv_val;
if (*s == 0) return ( LDAP_PARAM_ERROR );
oidStart = s;
while (isdigit((unsigned char)*s) || *s == '.') {
@@ -806,17 +987,16 @@ parse_ldif_control(
goto cleanup;
}
- /* Shift value down over OID and criticality so it's in the form
- control: value
- control:: base64-value
- control:< url
- Then we can use ldif_parse_line to extract and decode the value
+ /* Back up so value is in the form
+ a: value
+ a:: base64-value
+ a:< url
+ Then we can use ldif_parse_line2 to extract and decode the value
*/
- while ( (*pcolon++ = *s++) != 0) { /* Shift value */
- /* EMPTY */;
- }
- rc = ldif_parse_line(line, &type, &val, &value_len);
- if (type) ber_memfree(type); /* Don't need this field*/
+ s--;
+ *s = 'a';
+
+ rc = ldif_parse_line2(s, &type, &bv, &freeval);
if (rc < 0) {
rc = LDAP_PARAM_ERROR;
goto cleanup;
@@ -832,9 +1012,10 @@ parse_ldif_control(
newctrl->ldctl_oid = oid;
oid = NULL;
newctrl->ldctl_iscritical = criticality;
- newctrl->ldctl_value.bv_len = value_len;
- newctrl->ldctl_value.bv_val = val;
- val = NULL;
+ if ( freeval )
+ newctrl->ldctl_value = bv;
+ else
+ ber_dupbv( &newctrl->ldctl_value, &bv );
/* Add the new control to the passed-in list of controls. */
i = 0;
@@ -863,87 +1044,12 @@ cleanup:
}
ber_memfree(newctrl);
}
- if (val) ber_memfree(val);
if (oid) ber_memfree(oid);
return( rc );
}
-static void
-addmodifyop(
- LDAPMod ***pmodsp,
- int modop,
- const char *attr,
- struct berval *val )
-{
- LDAPMod **pmods;
- int i, j;
-
- pmods = *pmodsp;
- modop |= LDAP_MOD_BVALUES;
-
- i = 0;
- if ( pmods != NULL ) {
- for ( ; pmods[ i ] != NULL; ++i ) {
- if ( strcasecmp( pmods[ i ]->mod_type, attr ) == 0 &&
- pmods[ i ]->mod_op == modop )
- {
- break;
- }
- }
- }
-
- if ( pmods == NULL || pmods[ i ] == NULL ) {
- if (( pmods = (LDAPMod **)ber_memrealloc( pmods, (i + 2) *
- sizeof( LDAPMod * ))) == NULL )
- {
- perror( "realloc" );
- exit( EXIT_FAILURE );
- }
-
- *pmodsp = pmods;
- pmods[ i + 1 ] = NULL;
-
- pmods[ i ] = (LDAPMod *)ber_memcalloc( 1, sizeof( LDAPMod ));
- if ( pmods[ i ] == NULL ) {
- perror( "calloc" );
- exit( EXIT_FAILURE );
- }
-
- pmods[ i ]->mod_op = modop;
- pmods[ i ]->mod_type = ber_strdup( attr );
- if ( pmods[ i ]->mod_type == NULL ) {
- perror( "strdup" );
- exit( EXIT_FAILURE );
- }
- }
-
- if ( val != NULL ) {
- j = 0;
- if ( pmods[ i ]->mod_bvalues != NULL ) {
- for ( ; pmods[ i ]->mod_bvalues[ j ] != NULL; ++j ) {
- /* Empty */;
- }
- }
-
- pmods[ i ]->mod_bvalues = (struct berval **) ber_memrealloc(
- pmods[ i ]->mod_bvalues, (j + 2) * sizeof( struct berval * ));
- if ( pmods[ i ]->mod_bvalues == NULL ) {
- perror( "ber_realloc" );
- exit( EXIT_FAILURE );
- }
-
- pmods[ i ]->mod_bvalues[ j + 1 ] = NULL;
- pmods[ i ]->mod_bvalues[ j ] = ber_bvdup( val );
- if ( pmods[ i ]->mod_bvalues[ j ] == NULL ) {
- perror( "ber_bvdup" );
- exit( EXIT_FAILURE );
- }
- }
-}
-
-
static int
domodify(
const char *dn,
@@ -1159,6 +1265,7 @@ static int process_response(
if ( rc == -1 ) {
ldap_get_option( ld, LDAP_OPT_RESULT_CODE, &rc );
+ tool_perror( "ldap_result", rc, NULL, NULL, NULL, NULL );
return rc;
}
@@ -1196,42 +1303,3 @@ static int process_response(
return rc;
}
-
-static char *
-read_one_record( FILE *fp )
-{
- char *buf, line[ LDAPMOD_MAXLINE ];
- int lcur, lmax;
-
- lcur = lmax = 0;
- buf = NULL;
-
- while ( fgets( line, sizeof(line), fp ) != NULL ) {
- int len = strlen( line );
-
- if( len < 2 || ( len == 2 && *line == '\r' )) {
- if( buf == NULL ) {
- continue;
- } else {
- break;
- }
- }
-
- if ( lcur + len + 1 > lmax ) {
- lmax = LDAPMOD_MAXLINE
- * (( lcur + len + 1 ) / LDAPMOD_MAXLINE + 1 );
-
- if (( buf = (char *)ber_memrealloc( buf, lmax )) == NULL ) {
- perror( "realloc" );
- exit( EXIT_FAILURE );
- }
- }
-
- strcpy( buf + lcur, line );
- lcur += len;
- }
-
- return( buf );
-}
-
-
diff --git a/clients/tools/ldapmodrdn.c b/clients/tools/ldapmodrdn.c
index 2841d7e087534a9f1dbcd6bd27df94f7585f02db..9b03471f4776c429d3fbb0a56a5ec99b53dce358 100644
--- a/clients/tools/ldapmodrdn.c
+++ b/clients/tools/ldapmodrdn.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* Portions Copyright 1998-2001 Net Boolean Incorporated.
* Portions Copyright 2001-2003 IBM Corporation.
@@ -91,7 +91,7 @@ usage( void )
const char options[] = "rs:"
- "cd:D:e:f:h:H:IkKMnO:p:P:QR:U:vVw:WxX:y:Y:Z";
+ "cd:D:e:f:h:H:IMnO:o:p:P:QR:U:vVw:WxX:y:Y:Z";
int
handle_private_option( int i )
diff --git a/clients/tools/ldappasswd.c b/clients/tools/ldappasswd.c
index b8ce5e899a6862e58097077686ff8f86ca857132..7645e55e0a8c97238db0a9ef802ecc79a5c0dba2 100644
--- a/clients/tools/ldappasswd.c
+++ b/clients/tools/ldappasswd.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* Portions Copyright 1998-2001 Net Boolean Incorporated.
* Portions Copyright 2001-2003 IBM Corporation.
@@ -81,7 +81,7 @@ usage( void )
const char options[] = "a:As:St:T:"
- "d:D:e:h:H:InO:p:QR:U:vVw:WxX:y:Y:Z";
+ "d:D:e:h:H:InO:o:p:QR:U:vVw:WxX:y:Y:Z";
int
handle_private_option( int i )
@@ -411,6 +411,9 @@ main( int argc, char *argv[] )
ber_memfree( retoid );
ber_bvfree( retdata );
+ rc = ldap_search_s( ld, binddn, LDAP_SCOPE_BASE, "(objectclass=*)",
+ NULL, 0, &res );
+
rc = ( code == LDAP_SUCCESS ) ? EXIT_SUCCESS : EXIT_FAILURE;
done:
diff --git a/clients/tools/ldapsearch.c b/clients/tools/ldapsearch.c
index 174633e4105f2944e082ace898957048342da894..f5312a27b840c3567f21bd4c75565a7def8092a4 100644
--- a/clients/tools/ldapsearch.c
+++ b/clients/tools/ldapsearch.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* Portions Copyright 1998-2001 Net Boolean Incorporated.
* Portions Copyright 2001-2003 IBM Corporation.
@@ -249,7 +249,7 @@ urlize(char *url)
const char options[] = "a:Ab:cE:F:l:Ls:S:tT:uz:"
- "Cd:D:e:f:h:H:IkKMnO:p:P:QR:U:vVw:WxX:y:Y:Z";
+ "Cd:D:e:f:h:H:IMnO:o:p:P:QR:U:vVw:WxX:y:Y:Z";
int
handle_private_option( int i )
@@ -920,7 +920,7 @@ getNextPage:
char *realbase = base;
if ( realbase == NULL ) {
- ldap_get_option( ld, LDAP_OPT_DEFBASE, (void **)&realbase );
+ ldap_get_option( ld, LDAP_OPT_DEFBASE, (void **)(char *)&realbase );
}
printf( "#\n" );
@@ -1167,7 +1167,7 @@ static int dosearch(
nextended++;
print_extended( ld, msg );
- if( ldap_msgid( msg ) == 0 ) {
+ if ( ldap_msgid( msg ) == 0 ) {
/* unsolicited extended operation */
goto done;
}
diff --git a/clients/tools/ldapwhoami.c b/clients/tools/ldapwhoami.c
index 17d48b28e3981ac4abd6dd5867afc192778a3959..7d20097848df333638cd56b0770283e70c7f37b9 100644
--- a/clients/tools/ldapwhoami.c
+++ b/clients/tools/ldapwhoami.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* Portions Copyright 1998-2001 Net Boolean Incorporated.
* Portions Copyright 2001-2003 IBM Corporation.
@@ -62,7 +62,7 @@ usage( void )
const char options[] = ""
- "d:D:e:h:H:InO:p:QR:U:vVw:WxX:y:Y:Z";
+ "d:D:e:h:H:InO:o:p:QR:U:vVw:WxX:y:Y:Z";
int
handle_private_option( int i )
diff --git a/configure b/configure
index 13edfa9a120f85be9cb73f98e7c7a54477b99c42..204042d757591f6c670e52c0f7c852951d7400c0 100755
--- a/configure
+++ b/configure
@@ -1,9 +1,9 @@
#! /bin/sh
-# From configure.in OpenLDAP: pkg/ldap/configure.in,v 1.631.2.3 2006/08/17 23:50:21 kurt Exp .
+# From configure.in OpenLDAP: pkg/ldap/configure.in,v 1.631.2.4 2006/10/19 20:06:32 kurt Exp .
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.59.
#
-# Copyright 1998-2006 The OpenLDAP Foundation. All rights reserved.
+# Copyright 1998-2007 The OpenLDAP Foundation. All rights reserved.
# Restrictions apply, see COPYRIGHT and LICENSE files.
#
# Copyright (C) 2003 Free Software Foundation, Inc.
@@ -1049,10 +1049,8 @@ SLAPD Overlay Options:
--enable-auditlog Audit Logging overlay no|yes|mod [no]
--enable-constraint Attribute Constraint overlay no|yes|mod [no]
--enable-dds Dynamic Directory Services overlay no|yes|mod [no]
- --enable-denyop Deny Operation overlay no|yes|mod [no]
--enable-dyngroup Dynamic Group overlay no|yes|mod [no]
--enable-dynlist Dynamic List overlay no|yes|mod [no]
- --enable-lastmod Last Modification overlay no|yes|mod [no]
--enable-ppolicy Password Policy overlay no|yes|mod [no]
--enable-proxycache Proxy Cache overlay no|yes|mod [no]
--enable-refint Referential Integrity overlay no|yes|mod [no]
@@ -1088,6 +1086,7 @@ Optional Packages:
--with-tls with TLS/SSL support [auto]
--with-yielding-select with implicitly yielding select [auto]
--with-mp with multiple precision statistics auto|longlong|long|bignum|gmp [auto]
+ --with-odbc with specific ODBC support iodbc|unixodbc|auto [auto]
--with-gnu-ld assume the C compiler uses GNU ld [default=no]
--with-pic try to use only PIC/non-PIC objects [default=use
both]
@@ -1208,7 +1207,7 @@ Copyright (C) 2003 Free Software Foundation, Inc.
This configure script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it.
-Copyright 1998-2006 The OpenLDAP Foundation. All rights reserved.
+Copyright 1998-2007 The OpenLDAP Foundation. All rights reserved.
Restrictions apply, see COPYRIGHT and LICENSE files.
_ACEOF
exit 0
@@ -2262,7 +2261,6 @@ else
fi;
# end --enable-proctitle
ol_enable_referrals=${ol_enable_referrals-no}
-ol_enable_kbind=${ol_enable_kbind-no}
# OpenLDAP --enable-ipv6
# Check whether --enable-ipv6 or --disable-ipv6 was given.
@@ -2356,7 +2354,6 @@ else
ol_with_fetch="auto"
fi; # end --with-fetch
-ol_with_kerberos=${ol_with_kerberos-auto}
# OpenLDAP --with-threads
# Check whether --with-threads or --without-threads was given.
@@ -2449,6 +2446,29 @@ else
ol_with_mp="auto"
fi; # end --with-mp
+# OpenLDAP --with-odbc
+
+# Check whether --with-odbc or --without-odbc was given.
+if test "${with_odbc+set}" = set; then
+ withval="$with_odbc"
+
+ ol_arg=invalid
+ for ol_val in auto iodbc unixodbc ; do
+ if test "$withval" = "$ol_val" ; then
+ ol_arg="$ol_val"
+ fi
+ done
+ if test "$ol_arg" = "invalid" ; then
+ { { echo "$as_me:$LINENO: error: bad value $withval for --with-odbc" >&5
+echo "$as_me: error: bad value $withval for --with-odbc" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ol_with_odbc="$ol_arg"
+
+else
+ ol_with_odbc="auto"
+fi; # end --with-odbc
+
# Check whether --enable-xxslapdoptions or --disable-xxslapdoptions was given.
@@ -3077,10 +3097,8 @@ Overlays="accesslog \
auditlog \
constraint \
dds \
- denyop \
dyngroup \
dynlist \
- lastmod \
ppolicy \
proxycache \
refint \
@@ -3215,30 +3233,6 @@ else
fi;
# end --enable-dds
-# OpenLDAP --enable-denyop
-
- # Check whether --enable-denyop or --disable-denyop was given.
-if test "${enable_denyop+set}" = set; then
- enableval="$enable_denyop"
-
- ol_arg=invalid
- for ol_val in no yes mod ; do
- if test "$enableval" = "$ol_val" ; then
- ol_arg="$ol_val"
- fi
- done
- if test "$ol_arg" = "invalid" ; then
- { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-denyop" >&5
-echo "$as_me: error: bad value $enableval for --enable-denyop" >&2;}
- { (exit 1); exit 1; }; }
- fi
- ol_enable_denyop="$ol_arg"
-
-else
- ol_enable_denyop=${ol_enable_overlays:-no}
-fi;
-# end --enable-denyop
-
# OpenLDAP --enable-dyngroup
# Check whether --enable-dyngroup or --disable-dyngroup was given.
@@ -3287,30 +3281,6 @@ else
fi;
# end --enable-dynlist
-# OpenLDAP --enable-lastmod
-
- # Check whether --enable-lastmod or --disable-lastmod was given.
-if test "${enable_lastmod+set}" = set; then
- enableval="$enable_lastmod"
-
- ol_arg=invalid
- for ol_val in no yes mod ; do
- if test "$enableval" = "$ol_val" ; then
- ol_arg="$ol_val"
- fi
- done
- if test "$ol_arg" = "invalid" ; then
- { { echo "$as_me:$LINENO: error: bad value $enableval for --enable-lastmod" >&5
-echo "$as_me: error: bad value $enableval for --enable-lastmod" >&2;}
- { (exit 1); exit 1; }; }
- fi
- ol_enable_lastmod="$ol_arg"
-
-else
- ol_enable_lastmod=${ol_enable_overlays:-no}
-fi;
-# end --enable-lastmod
-
# OpenLDAP --enable-ppolicy
# Check whether --enable-ppolicy or --disable-ppolicy was given.
@@ -3758,25 +3728,6 @@ echo "$as_me: error: LAN Manager passwords require OpenSSL" >&2;}
fi
fi
-if test $ol_enable_kbind = yes ; then
- if test $ol_with_kerberos = no ; then
- { { echo "$as_me:$LINENO: error: options require --with-kerberos" >&5
-echo "$as_me: error: options require --with-kerberos" >&2;}
- { (exit 1); exit 1; }; }
- elif test $ol_with_kerberos = auto ; then
- ol_with_kerberos=yes
- fi
-
-elif test $ol_enable_kbind = no ; then
- if test $ol_with_kerberos = auto ; then
- ol_with_kerberos=no
- elif test $ol_with_kerberos != no ; then
- { echo "$as_me:$LINENO: WARNING: Kerberos detection enabled unnecessarily" >&5
-echo "$as_me: WARNING: Kerberos detection enabled unnecessarily" >&2;};
- ol_with_kerberos=no
- fi
-fi
-
if test $ol_enable_spasswd = yes ; then
if test $ol_with_cyrus_sasl = no ; then
{ { echo "$as_me:$LINENO: error: options require --with-cyrus-sasl" >&5
@@ -5662,7 +5613,7 @@ ia64-*-hpux*)
;;
*-*-irix6*)
# Find out which ABI we are using.
- echo '#line 5665 "configure"' > conftest.$ac_ext
+ echo '#line 5616 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
@@ -7642,11 +7593,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:7645: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:7596: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:7649: \$? = $ac_status" >&5
+ echo "$as_me:7600: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -7904,11 +7855,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:7907: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:7858: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:7911: \$? = $ac_status" >&5
+ echo "$as_me:7862: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -7966,11 +7917,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:7969: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:7920: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:7973: \$? = $ac_status" >&5
+ echo "$as_me:7924: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -10214,7 +10165,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 10217 "configure"
+#line 10168 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -10312,7 +10263,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 10315 "configure"
+#line 10266 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -18201,14 +18152,15 @@ echo "$as_me: error: AF_LOCAL domain support requires sys/un.h" >&2;}
fi
fi
-ol_link_kbind=no
-ol_link_krb5=no
-ol_link_krb4=no
-case $ol_with_kerberos in yes | auto | k5 | k5only | k425)
+if test $ol_with_tls = yes ; then
+ ol_with_tls=auto
+fi
+ol_link_tls=no
+if test $ol_with_tls = openssl || test $ol_with_tls = auto ; then
-for ac_header in krb5.h
+for ac_header in openssl/ssl.h
do
as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
if eval "test \"\${$as_ac_Header+set}\" = set"; then
@@ -18358,35 +18310,39 @@ fi
done
- if test $ac_cv_header_krb5_h = yes ; then
-
-for ac_header in heim_err.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+ if test $ac_cv_header_openssl_ssl_h = yes ; then
+ echo "$as_me:$LINENO: checking for SSL_library_init in -lssl" >&5
+echo $ECHO_N "checking for SSL_library_init in -lssl... $ECHO_C" >&6
+if test "${ac_cv_lib_ssl_SSL_library_init+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
else
- # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lssl -lcrypto $LIBS"
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
-$ac_includes_default
-#include <$ac_header>
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char SSL_library_init ();
+int
+main ()
+{
+SSL_library_init ();
+ ;
+ return 0;
+}
_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
@@ -18400,129 +18356,41 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
+ { ac_try='test -s conftest$ac_exeext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
- ac_header_compiler=yes
+ ac_cv_lib_ssl_SSL_library_init=yes
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
-ac_header_compiler=no
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
- (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null; then
- if test -s conftest.err; then
- ac_cpp_err=$ac_c_preproc_warn_flag
- ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
- else
- ac_cpp_err=
- fi
-else
- ac_cpp_err=yes
+ac_cv_lib_ssl_SSL_library_init=no
fi
-if test -z "$ac_cpp_err"; then
- ac_header_preproc=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_header_preproc=no
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
- yes:no: )
- { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
- ac_header_preproc=yes
- ;;
- no:yes:* )
- { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
- (
- cat <<\_ASBOX
-## --------------------------------------------- ##
-## Report this to <http://www.openldap.org/its/> ##
-## --------------------------------------------- ##
-_ASBOX
- ) |
- sed "s/^/$as_me: WARNING: /" >&2
- ;;
-esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+echo "$as_me:$LINENO: result: $ac_cv_lib_ssl_SSL_library_init" >&5
+echo "${ECHO_T}$ac_cv_lib_ssl_SSL_library_init" >&6
+if test $ac_cv_lib_ssl_SSL_library_init = yes; then
+ have_openssl=yes
+ need_rsaref=no
else
- eval "$as_ac_Header=\$ac_header_preproc"
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
+ have_openssl=no
fi
-done
-
- if test $ac_cv_header_heim_err_h = yes ; then
- krb5_impl=heimdal
- else
- krb5_impl=mit
- fi
- if test $krb5_impl = mit; then
- echo "$as_me:$LINENO: checking for main in -lk5crypto" >&5
-echo $ECHO_N "checking for main in -lk5crypto... $ECHO_C" >&6
-if test "${ac_cv_lib_k5crypto_main+set}" = set; then
+ if test $have_openssl = no ; then
+ echo "$as_me:$LINENO: checking for ssl3_accept in -lssl" >&5
+echo $ECHO_N "checking for ssl3_accept in -lssl... $ECHO_C" >&6
+if test "${ac_cv_lib_ssl_ssl3_accept+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
ac_check_lib_save_LIBS=$LIBS
-LIBS="-lk5crypto $LIBS"
+LIBS="-lssl -lcrypto -lRSAglue -lrsaref $LIBS"
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
@@ -18530,11 +18398,17 @@ cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
-
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char ssl3_accept ();
int
main ()
{
-main ();
+ssl3_accept ();
;
return 0;
}
@@ -18561,1388 +18435,189 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
- ac_cv_lib_k5crypto_main=yes
+ ac_cv_lib_ssl_ssl3_accept=yes
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
-ac_cv_lib_k5crypto_main=no
+ac_cv_lib_ssl_ssl3_accept=no
fi
rm -f conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_k5crypto_main" >&5
-echo "${ECHO_T}$ac_cv_lib_k5crypto_main" >&6
-if test $ac_cv_lib_k5crypto_main = yes; then
- krb5crypto=k5crypto
+echo "$as_me:$LINENO: result: $ac_cv_lib_ssl_ssl3_accept" >&5
+echo "${ECHO_T}$ac_cv_lib_ssl_ssl3_accept" >&6
+if test $ac_cv_lib_ssl_ssl3_accept = yes; then
+ have_openssl=yes
+ need_rsaref=yes
else
- krb5crypto=crypto
+ have_openssl=no
fi
+ fi
+
+ if test $have_openssl = yes ; then
+ ol_with_tls=openssl
+ ol_link_tls=yes
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_OPENSSL 1
+_ACEOF
+
+
+ if test $need_rsaref = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_RSAREF 1
+_ACEOF
+
+
+ TLS_LIBS="-lssl -lcrypto -lRSAglue -lrsaref"
+ else
+ TLS_LIBS="-lssl -lcrypto"
+ fi
- echo "$as_me:$LINENO: checking for main in -lkrb5" >&5
-echo $ECHO_N "checking for main in -lkrb5... $ECHO_C" >&6
-if test "${ac_cv_lib_krb5_main+set}" = set; then
+ echo "$as_me:$LINENO: checking OpenSSL library version (CRL checking capability)" >&5
+echo $ECHO_N "checking OpenSSL library version (CRL checking capability)... $ECHO_C" >&6
+if test "${ol_cv_ssl_crl_compat+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lkrb5 -l$krb5crypto -lcom_err $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
+
+ cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
+#ifdef HAVE_OPENSSL_SSL_H
+#include <openssl/ssl.h>
+#endif
+
+/* Require 0.9.7d+ */
+#if OPENSSL_VERSION_NUMBER >= 0x0090704fL
+ char *__ssl_compat = "0.9.7d";
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "__ssl_compat" >/dev/null 2>&1; then
+ ol_cv_ssl_crl_compat=yes
+else
+ ol_cv_ssl_crl_compat=no
+fi
+rm -f conftest*
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_ssl_crl_compat" >&5
+echo "${ECHO_T}$ol_cv_ssl_crl_compat" >&6
+
+ if test $ol_cv_ssl_crl_compat = yes ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_OPENSSL_CRL 1
+_ACEOF
+
+ fi
+ fi
+ fi
+fi
+
+WITH_TLS=no
+if test $ol_link_tls = yes ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_TLS 1
+_ACEOF
+
+ WITH_TLS=yes
+elif test $ol_with_tls = auto ; then
+ { echo "$as_me:$LINENO: WARNING: Could not locate TLS/SSL package" >&5
+echo "$as_me: WARNING: Could not locate TLS/SSL package" >&2;}
+ { echo "$as_me:$LINENO: WARNING: TLS data protection not supported!" >&5
+echo "$as_me: WARNING: TLS data protection not supported!" >&2;}
+elif test $ol_with_tls != no ; then
+ { { echo "$as_me:$LINENO: error: Could not locate TLS/SSL package" >&5
+echo "$as_me: error: Could not locate TLS/SSL package" >&2;}
+ { (exit 1); exit 1; }; }
+else
+ { echo "$as_me:$LINENO: WARNING: TLS data protection not supported!" >&5
+echo "$as_me: WARNING: TLS data protection not supported!" >&2;}
+fi
+
+if test $ol_enable_lmpasswd != no; then
+ if test $ol_link_tls != yes ; then
+ { { echo "$as_me:$LINENO: error: LAN Manager passwords require OpenSSL" >&5
+echo "$as_me: error: LAN Manager passwords require OpenSSL" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+
+
+cat >>confdefs.h <<\_ACEOF
+#define SLAPD_LMHASH 1
+_ACEOF
+
+fi
+
+ol_link_threads=no
+
+case $ol_with_threads in auto | yes | nt)
+
+
+ echo "$as_me:$LINENO: checking for _beginthread" >&5
+echo $ECHO_N "checking for _beginthread... $ECHO_C" >&6
+if test "${ac_cv_func__beginthread+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define _beginthread to an innocuous variant, in case <limits.h> declares _beginthread.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define _beginthread innocuous__beginthread
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char _beginthread (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef _beginthread
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char _beginthread ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub__beginthread) || defined (__stub____beginthread)
+choke me
+#else
+char (*f) () = _beginthread;
+#endif
+#ifdef __cplusplus
+}
+#endif
int
main ()
{
-main ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_lib_krb5_main=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_cv_lib_krb5_main=no
-fi
-rm -f conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_krb5_main" >&5
-echo "${ECHO_T}$ac_cv_lib_krb5_main" >&6
-if test $ac_cv_lib_krb5_main = yes; then
- have_krb5=yes
- KRB5_LIBS="-lkrb5 -l$krb5crypto -lcom_err"
-else
- have_krb5=no
-fi
-
-
- elif test $krb5_impl = heimdal; then
- echo "$as_me:$LINENO: checking for main in -ldes" >&5
-echo $ECHO_N "checking for main in -ldes... $ECHO_C" >&6
-if test "${ac_cv_lib_des_main+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldes $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-
-int
-main ()
-{
-main ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_lib_des_main=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_cv_lib_des_main=no
-fi
-rm -f conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_des_main" >&5
-echo "${ECHO_T}$ac_cv_lib_des_main" >&6
-if test $ac_cv_lib_des_main = yes; then
- krb5crypto=des
-else
- krb5crypto=crypto
-fi
-
-
- echo "$as_me:$LINENO: checking for main in -lkrb5" >&5
-echo $ECHO_N "checking for main in -lkrb5... $ECHO_C" >&6
-if test "${ac_cv_lib_krb5_main+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lkrb5 -l$krb5crypto -lasn1 -lroken -lcom_err $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-
-int
-main ()
-{
-main ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_lib_krb5_main=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_cv_lib_krb5_main=no
-fi
-rm -f conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_krb5_main" >&5
-echo "${ECHO_T}$ac_cv_lib_krb5_main" >&6
-if test $ac_cv_lib_krb5_main = yes; then
- have_krb5=yes
- KRB5_LIBS="-lkrb5 -l$krb5crypto -lasn1 -lroken -lcom_err"
-else
- have_krb5=no
-fi
-
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_HEIMDAL_KERBEROS 1
-_ACEOF
-
-
- else
- have_krb5=no
- { echo "$as_me:$LINENO: WARNING: Unrecognized Kerberos5 Implementation" >&5
-echo "$as_me: WARNING: Unrecognized Kerberos5 Implementation" >&2;}
- fi
-
- if test $have_krb5 = yes ; then
- ol_link_krb5=yes
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_KRB5 1
-_ACEOF
-
-
- if test $ol_with_kerberos = k5only ; then
- ol_with_kerberos=found
- fi
-
- elif test $ol_with_kerberos != auto ; then
- { { echo "$as_me:$LINENO: error: Required Kerberos 5 support not available" >&5
-echo "$as_me: error: Required Kerberos 5 support not available" >&2;}
- { (exit 1); exit 1; }; }
- fi
-
- fi
- ;;
-esac
-
-if test $ol_link_krb5 = yes &&
- { test $ol_with_kerberos = yes ||
- test $ol_with_kerberos = auto ||
- test $ol_with_kerberos = k425; }; then
-
-
-
-for ac_header in kerberosIV/krb.h kerberosIV/des.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
- # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_header_compiler=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_header_compiler=no
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
- (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null; then
- if test -s conftest.err; then
- ac_cpp_err=$ac_c_preproc_warn_flag
- ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
- else
- ac_cpp_err=
- fi
-else
- ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
- ac_header_preproc=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
- yes:no: )
- { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
- ac_header_preproc=yes
- ;;
- no:yes:* )
- { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
- (
- cat <<\_ASBOX
-## --------------------------------------------- ##
-## Report this to <http://www.openldap.org/its/> ##
-## --------------------------------------------- ##
-_ASBOX
- ) |
- sed "s/^/$as_me: WARNING: /" >&2
- ;;
-esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- eval "$as_ac_Header=\$ac_header_preproc"
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
- if test $ac_cv_header_kerberosIV_krb_h = yes ; then
- if test $krb5_impl = mit; then
- echo "$as_me:$LINENO: checking for main in -lkrb4" >&5
-echo $ECHO_N "checking for main in -lkrb4... $ECHO_C" >&6
-if test "${ac_cv_lib_krb4_main+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lkrb4 -ldes425 -lkrb5 -l$krb5crypto -lcom_err $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-
-int
-main ()
-{
-main ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_lib_krb4_main=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_cv_lib_krb4_main=no
-fi
-rm -f conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_krb4_main" >&5
-echo "${ECHO_T}$ac_cv_lib_krb4_main" >&6
-if test $ac_cv_lib_krb4_main = yes; then
- have_k425=yes
- KRB4_LIBS="-lkrb4 -ldes425"
-else
- have_k425=no
-fi
-
-
- elif test $krb5_impl = heimdal; then
- echo "$as_me:$LINENO: checking for main in -lkrb4" >&5
-echo $ECHO_N "checking for main in -lkrb4... $ECHO_C" >&6
-if test "${ac_cv_lib_krb4_main+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lkrb4 -lkrb5 -l$krb5crypto -lasn1 -lroken -lcom_err $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-
-int
-main ()
-{
-main ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_lib_krb4_main=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_cv_lib_krb4_main=no
-fi
-rm -f conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_krb4_main" >&5
-echo "${ECHO_T}$ac_cv_lib_krb4_main" >&6
-if test $ac_cv_lib_krb4_main = yes; then
- have_k425=yes
- KRB4_LIBS="-lkrb4"
-else
- have_k425=no
-fi
-
-
- else
- have_425=no
- { echo "$as_me:$LINENO: WARNING: Unrecongized Kerberos V Implementation" >&5
-echo "$as_me: WARNING: Unrecongized Kerberos V Implementation" >&2;}
- fi
-
- if test $have_k425 = yes ; then
- ol_with_kerberos=found
- ol_link_krb4=yes
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_KRB425 1
-_ACEOF
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_KRB4 1
-_ACEOF
-
-
- echo "$as_me:$LINENO: checking for des_debug in Kerberos libraries" >&5
-echo $ECHO_N "checking for des_debug in Kerberos libraries... $ECHO_C" >&6
-if test "${ol_cv_var_des_debug+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- save_LIBS="$LIBS"
- LIBS="$KRB4_LIBS $KRB5_LIBS $LIBS"
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-#include <kerberosIV/krb.h>
-#include <kerberosIV/des.h>
-extern int des_debug;
-
-int
-main ()
-{
-
-des_debug = 1;
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ol_cv_var_des_debug=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ol_cv_var_des_debug=no
-fi
-rm -f conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
- LIBS="$save_LIBS"
-
-fi
-echo "$as_me:$LINENO: result: $ol_cv_var_des_debug" >&5
-echo "${ECHO_T}$ol_cv_var_des_debug" >&6
-
- if test $ol_cv_var_des_debug = yes ; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_DES_DEBUG 1
-_ACEOF
-
- fi
-
- LIBS="$save_LIBS"
- fi
- fi
-fi
-
-if test $ol_link_krb5 = yes ; then
- ol_with_kerberos=found
-fi
-
-case $ol_with_kerberos in yes | auto | k4 | kth)
-
-
-
-
-for ac_header in krb.h des.h krb-archaeology.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
- # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_header_compiler=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_header_compiler=no
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
- (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null; then
- if test -s conftest.err; then
- ac_cpp_err=$ac_c_preproc_warn_flag
- ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
- else
- ac_cpp_err=
- fi
-else
- ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
- ac_header_preproc=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
- yes:no: )
- { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
- ac_header_preproc=yes
- ;;
- no:yes:* )
- { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
- (
- cat <<\_ASBOX
-## --------------------------------------------- ##
-## Report this to <http://www.openldap.org/its/> ##
-## --------------------------------------------- ##
-_ASBOX
- ) |
- sed "s/^/$as_me: WARNING: /" >&2
- ;;
-esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- eval "$as_ac_Header=\$ac_header_preproc"
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
- if test $ac_cv_header_krb_h = yes ; then
- echo "$as_me:$LINENO: checking for main in -lkrb" >&5
-echo $ECHO_N "checking for main in -lkrb... $ECHO_C" >&6
-if test "${ac_cv_lib_krb_main+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lkrb -ldes $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-
-int
-main ()
-{
-main ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_lib_krb_main=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_cv_lib_krb_main=no
-fi
-rm -f conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_krb_main" >&5
-echo "${ECHO_T}$ac_cv_lib_krb_main" >&6
-if test $ac_cv_lib_krb_main = yes; then
- have_k4=yes
-else
- have_k4=no
-fi
-
-
- if test $have_k4 = yes ; then
- ol_with_kerberos=found
- ol_link_krb4=yes
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_KRB4 1
-_ACEOF
-
-
- KRB4_LIBS="-lkrb -ldes"
-
- if test $ac_cv_header_krb_archaeology_h = yes ; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_KTH_KERBEROS 1
-_ACEOF
-
- fi
- fi
- fi
- ;;
-esac
-
-if test $ol_link_krb4 = yes && test $ol_enable_kbind != no ; then
- ol_link_kbind=yes
-
-elif test $ol_enable_kbind = yes ; then
- { { echo "$as_me:$LINENO: error: Kerberos IV detection failed" >&5
-echo "$as_me: error: Kerberos IV detection failed" >&2;}
- { (exit 1); exit 1; }; }
-fi
-
-if test $ol_link_krb4 = yes || test $ol_link_krb5 = yes ; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_KERBEROS 1
-_ACEOF
-
-
-elif test $ol_with_kerberos != auto && test $ol_with_kerberos != no ; then
- { { echo "$as_me:$LINENO: error: Kerberos detection failed" >&5
-echo "$as_me: error: Kerberos detection failed" >&2;}
- { (exit 1); exit 1; }; }
-fi
-
-
-if test $ol_with_tls = yes ; then
- ol_with_tls=auto
-fi
-
-ol_link_tls=no
-if test $ol_with_tls = openssl || test $ol_with_tls = auto ; then
-
-for ac_header in openssl/ssl.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
- # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_header_compiler=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_header_compiler=no
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
- (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null; then
- if test -s conftest.err; then
- ac_cpp_err=$ac_c_preproc_warn_flag
- ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
- else
- ac_cpp_err=
- fi
-else
- ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
- ac_header_preproc=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
- yes:no: )
- { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
- ac_header_preproc=yes
- ;;
- no:yes:* )
- { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
- (
- cat <<\_ASBOX
-## --------------------------------------------- ##
-## Report this to <http://www.openldap.org/its/> ##
-## --------------------------------------------- ##
-_ASBOX
- ) |
- sed "s/^/$as_me: WARNING: /" >&2
- ;;
-esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- eval "$as_ac_Header=\$ac_header_preproc"
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
- if test $ac_cv_header_openssl_ssl_h = yes ; then
- echo "$as_me:$LINENO: checking for SSL_library_init in -lssl" >&5
-echo $ECHO_N "checking for SSL_library_init in -lssl... $ECHO_C" >&6
-if test "${ac_cv_lib_ssl_SSL_library_init+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lssl -lcrypto $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char SSL_library_init ();
-int
-main ()
-{
-SSL_library_init ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_lib_ssl_SSL_library_init=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_cv_lib_ssl_SSL_library_init=no
-fi
-rm -f conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_ssl_SSL_library_init" >&5
-echo "${ECHO_T}$ac_cv_lib_ssl_SSL_library_init" >&6
-if test $ac_cv_lib_ssl_SSL_library_init = yes; then
- have_openssl=yes
- need_rsaref=no
-else
- have_openssl=no
-fi
-
-
- if test $have_openssl = no ; then
- echo "$as_me:$LINENO: checking for ssl3_accept in -lssl" >&5
-echo $ECHO_N "checking for ssl3_accept in -lssl... $ECHO_C" >&6
-if test "${ac_cv_lib_ssl_ssl3_accept+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lssl -lcrypto -lRSAglue -lrsaref $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char ssl3_accept ();
-int
-main ()
-{
-ssl3_accept ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_lib_ssl_ssl3_accept=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_cv_lib_ssl_ssl3_accept=no
-fi
-rm -f conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_ssl_ssl3_accept" >&5
-echo "${ECHO_T}$ac_cv_lib_ssl_ssl3_accept" >&6
-if test $ac_cv_lib_ssl_ssl3_accept = yes; then
- have_openssl=yes
- need_rsaref=yes
-else
- have_openssl=no
-fi
-
- fi
-
- if test $have_openssl = yes ; then
- ol_with_tls=openssl
- ol_link_tls=yes
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_OPENSSL 1
-_ACEOF
-
-
- if test $need_rsaref = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_RSAREF 1
-_ACEOF
-
-
- TLS_LIBS="-lssl -lcrypto -lRSAglue -lrsaref"
- else
- TLS_LIBS="-lssl -lcrypto"
- fi
-
- echo "$as_me:$LINENO: checking OpenSSL library version (CRL checking capability)" >&5
-echo $ECHO_N "checking OpenSSL library version (CRL checking capability)... $ECHO_C" >&6
-if test "${ol_cv_ssl_crl_compat+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-#ifdef HAVE_OPENSSL_SSL_H
-#include <openssl/ssl.h>
-#endif
-
-/* Require 0.9.7d+ */
-#if OPENSSL_VERSION_NUMBER >= 0x0090704fL
- char *__ssl_compat = "0.9.7d";
-#endif
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- $EGREP "__ssl_compat" >/dev/null 2>&1; then
- ol_cv_ssl_crl_compat=yes
-else
- ol_cv_ssl_crl_compat=no
-fi
-rm -f conftest*
-
-fi
-echo "$as_me:$LINENO: result: $ol_cv_ssl_crl_compat" >&5
-echo "${ECHO_T}$ol_cv_ssl_crl_compat" >&6
-
- if test $ol_cv_ssl_crl_compat = yes ; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_OPENSSL_CRL 1
-_ACEOF
-
- fi
- fi
- fi
-fi
-
-WITH_TLS=no
-if test $ol_link_tls = yes ; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_TLS 1
-_ACEOF
-
- WITH_TLS=yes
-elif test $ol_with_tls = auto ; then
- { echo "$as_me:$LINENO: WARNING: Could not locate TLS/SSL package" >&5
-echo "$as_me: WARNING: Could not locate TLS/SSL package" >&2;}
- { echo "$as_me:$LINENO: WARNING: TLS data protection not supported!" >&5
-echo "$as_me: WARNING: TLS data protection not supported!" >&2;}
-elif test $ol_with_tls != no ; then
- { { echo "$as_me:$LINENO: error: Could not locate TLS/SSL package" >&5
-echo "$as_me: error: Could not locate TLS/SSL package" >&2;}
- { (exit 1); exit 1; }; }
-else
- { echo "$as_me:$LINENO: WARNING: TLS data protection not supported!" >&5
-echo "$as_me: WARNING: TLS data protection not supported!" >&2;}
-fi
-
-if test $ol_enable_lmpasswd != no; then
- if test $ol_link_tls != yes ; then
- { { echo "$as_me:$LINENO: error: LAN Manager passwords require OpenSSL" >&5
-echo "$as_me: error: LAN Manager passwords require OpenSSL" >&2;}
- { (exit 1); exit 1; }; }
- fi
-
-
-cat >>confdefs.h <<\_ACEOF
-#define SLAPD_LMHASH 1
-_ACEOF
-
-fi
-
-ol_link_threads=no
-
-case $ol_with_threads in auto | yes | nt)
-
-
- echo "$as_me:$LINENO: checking for _beginthread" >&5
-echo $ECHO_N "checking for _beginthread... $ECHO_C" >&6
-if test "${ac_cv_func__beginthread+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-/* Define _beginthread to an innocuous variant, in case <limits.h> declares _beginthread.
- For example, HP-UX 11i <limits.h> declares gettimeofday. */
-#define _beginthread innocuous__beginthread
-
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char _beginthread (); below.
- Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- <limits.h> exists even on freestanding compilers. */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef _beginthread
-
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char _beginthread ();
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined (__stub__beginthread) || defined (__stub____beginthread)
-choke me
-#else
-char (*f) () = _beginthread;
-#endif
-#ifdef __cplusplus
-}
-#endif
-
-int
-main ()
-{
-return f != _beginthread;
+return f != _beginthread;
;
return 0;
}
@@ -24499,8 +23174,7 @@ echo "$as_me: WARNING: could not locate sched_yield() or pthread_yield()" >&2;}
fi
-
-for ac_func in pthread_kill pthread_rwlock_destroy
+for ac_func in pthread_kill
do
as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
echo "$as_me:$LINENO: checking for $ac_func" >&5
@@ -24602,6 +23276,73 @@ fi
done
+ echo "$as_me:$LINENO: checking for pthread_rwlock_destroy with <pthread.h>" >&5
+echo $ECHO_N "checking for pthread_rwlock_destroy with <pthread.h>... $ECHO_C" >&6
+if test "${ol_cv_func_pthread_rwlock_destroy+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <pthread.h>
+pthread_rwlock_t rwlock;
+
+int
+main ()
+{
+pthread_rwlock_destroy(&rwlock);
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_func_pthread_rwlock_destroy=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_func_pthread_rwlock_destroy=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_func_pthread_rwlock_destroy" >&5
+echo "${ECHO_T}$ol_cv_func_pthread_rwlock_destroy" >&6
+ if test $ol_cv_func_pthread_rwlock_destroy = yes ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_PTHREAD_RWLOCK_DESTROY 1
+_ACEOF
+
+ fi
+
echo "$as_me:$LINENO: checking for pthread_detach with <pthread.h>" >&5
echo $ECHO_N "checking for pthread_detach with <pthread.h>... $ECHO_C" >&6
if test "${ol_cv_func_pthread_detach+set}" = set; then
@@ -28477,7 +27218,444 @@ echo "$as_me:$LINENO: result: $ol_cv_bdb_minor" >&5
echo "${ECHO_T}$ol_cv_bdb_minor" >&6
if test $ol_cv_bdb_major = 4 ; then
- if test $ol_cv_bdb_minor = 4 ; then
+ if test $ol_cv_bdb_minor = 5 ; then
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb45)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb45)... $ECHO_C" >&6
+if test "${ol_cv_db_db45+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb45
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db45=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db45=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db45" >&5
+echo "${ECHO_T}$ol_cv_db_db45" >&6
+
+ if test $ol_cv_db_db45 = yes ; then
+ ol_cv_lib_db=-ldb45
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-45)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-45)... $ECHO_C" >&6
+if test "${ol_cv_db_db_45+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-45
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_45=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_45=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_45" >&5
+echo "${ECHO_T}$ol_cv_db_db_45" >&6
+
+ if test $ol_cv_db_db_45 = yes ; then
+ ol_cv_lib_db=-ldb-45
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4.5)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-4.5)... $ECHO_C" >&6
+if test "${ol_cv_db_db_4_dot_5+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-4.5
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_4_dot_5=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_4_dot_5=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_4_dot_5" >&5
+echo "${ECHO_T}$ol_cv_db_db_4_dot_5" >&6
+
+ if test $ol_cv_db_db_4_dot_5 = yes ; then
+ ol_cv_lib_db=-ldb-4.5
+ fi
+fi
+
+ if test $ol_cv_lib_db = no ; then
+ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4-5)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-4-5)... $ECHO_C" >&6
+if test "${ol_cv_db_db_4_5+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ol_DB_LIB=-ldb-4-5
+ ol_LIBS=$LIBS
+ LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DB_185_H
+# include <db_185.h>
+#else
+# include <db.h>
+#endif
+
+#ifndef DB_VERSION_MAJOR
+# define DB_VERSION_MAJOR 1
+#endif
+
+#ifndef NULL
+#define NULL ((void*)0)
+#endif
+
+int
+main ()
+{
+
+#if DB_VERSION_MAJOR > 1
+ {
+ char *version;
+ int major, minor, patch;
+
+ version = db_version( &major, &minor, &patch );
+
+ if( major != DB_VERSION_MAJOR ||
+ minor < DB_VERSION_MINOR )
+ {
+ printf("Berkeley DB version mismatch\n"
+ "\theader: %s\n\tlibrary: %s\n",
+ DB_VERSION_STRING, version);
+ return 1;
+ }
+ }
+#endif
+
+#if DB_VERSION_MAJOR > 2
+ db_env_create( NULL, 0 );
+#elif DB_VERSION_MAJOR > 1
+ db_appexit( NULL );
+#else
+ (void) dbopen( NULL, 0, 0, 0, NULL);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ol_cv_db_db_4_5=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ol_cv_db_db_4_5=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ LIBS="$ol_LIBS"
+
+fi
+echo "$as_me:$LINENO: result: $ol_cv_db_db_4_5" >&5
+echo "${ECHO_T}$ol_cv_db_db_4_5" >&6
+
+ if test $ol_cv_db_db_4_5 = yes ; then
+ ol_cv_lib_db=-ldb-4-5
+ fi
+fi
+
+ elif test $ol_cv_bdb_minor = 4 ; then
if test $ol_cv_lib_db = no ; then
echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb44)" >&5
echo $ECHO_N "checking for Berkeley DB link (-ldb44)... $ECHO_C" >&6
@@ -31582,8 +30760,8 @@ cat >>conftest.$ac_ext <<_ACEOF
# define DB_VERSION_MINOR 0
#endif
-/* require 4.2 or later */
-#if (DB_VERSION_MAJOR >= 4) && (DB_VERSION_MINOR >= 2)
+/* require 4.2 or later, but exclude 4.3 */
+#if (DB_VERSION_MAJOR >= 4) && (DB_VERSION_MINOR >= 2) && (DB_VERSION_MINOR !=3)
__db_version_compat
#endif
@@ -32184,7 +31362,15 @@ done
sql_LIBS="$LIBS"
LIBS="$LTHREAD_LIBS"
- echo "$as_me:$LINENO: checking for SQLDriverConnect in -liodbc" >&5
+ if test $ol_with_odbc = auto ; then
+ ol_with_odbc="iodbc unixodbc"
+ fi
+
+ for odbc in $ol_with_odbc ; do
+ if test $ol_link_sql = no ; then
+ case $odbc in
+ iodbc)
+ echo "$as_me:$LINENO: checking for SQLDriverConnect in -liodbc" >&5
echo $ECHO_N "checking for SQLDriverConnect in -liodbc... $ECHO_C" >&6
if test "${ac_cv_lib_iodbc_SQLDriverConnect+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -32254,10 +31440,13 @@ else
have_iodbc=no
fi
- if test $have_iodbc = yes ; then
- ol_link_sql="-liodbc"
- else
- echo "$as_me:$LINENO: checking for SQLDriverConnect in -lodbc" >&5
+ if test $have_iodbc = yes ; then
+ ol_link_sql="-liodbc"
+ fi
+ ;;
+
+ unixodbc)
+ echo "$as_me:$LINENO: checking for SQLDriverConnect in -lodbc" >&5
echo $ECHO_N "checking for SQLDriverConnect in -lodbc... $ECHO_C" >&6
if test "${ac_cv_lib_odbc_SQLDriverConnect+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -32327,10 +31516,19 @@ else
have_odbc=no
fi
- if test $have_odbc = yes ; then
- ol_link_sql="-lodbc"
+ if test $have_odbc = yes ; then
+ ol_link_sql="-lodbc"
+ fi
+ ;;
+
+ *)
+ { { echo "$as_me:$LINENO: error: unknown ODBC library" >&5
+echo "$as_me: error: unknown ODBC library" >&2;}
+ { (exit 1); exit 1; }; }
+ ;;
+ esac
fi
- fi
+ done
LIBS="$sql_LIBS"
@@ -40116,13 +39314,6 @@ cat >>confdefs.h <<\_ACEOF
#define LDAP_SYSLOG 1
_ACEOF
-fi
-if test "$ol_link_kbind" != no ; then
-
-cat >>confdefs.h <<\_ACEOF
-#define LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND LDAP_VENDOR_VERSION
-_ACEOF
-
fi
if test "$ol_enable_proctitle" != no ; then
@@ -40505,22 +39696,6 @@ _ACEOF
fi
-if test "$ol_enable_denyop" != no ; then
- BUILD_DENYOP=$ol_enable_denyop
- if test "$ol_enable_denyop" = mod ; then
- MFLAG=SLAPD_MOD_DYNAMIC
- SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS denyop.la"
- else
- MFLAG=SLAPD_MOD_STATIC
- SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS denyop.o"
- fi
-
-cat >>confdefs.h <<_ACEOF
-#define SLAPD_OVER_DENYOP $MFLAG
-_ACEOF
-
-fi
-
if test "$ol_enable_dyngroup" != no ; then
BUILD_DYNGROUP=$ol_enable_dyngroup
if test "$ol_enable_dyngroup" = mod ; then
@@ -40553,22 +39728,6 @@ _ACEOF
fi
-if test "$ol_enable_lastmod" != no ; then
- BUILD_LASTMOD=$ol_enable_lastmod
- if test "$ol_enable_lastmod" = mod ; then
- MFLAG=SLAPD_MOD_DYNAMIC
- SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS lastmod.la"
- else
- MFLAG=SLAPD_MOD_STATIC
- SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS lastmod.o"
- fi
-
-cat >>confdefs.h <<_ACEOF
-#define SLAPD_OVER_LASTMOD $MFLAG
-_ACEOF
-
-fi
-
if test "$ol_enable_ppolicy" != no ; then
BUILD_PPOLICY=$ol_enable_ppolicy
if test "$ol_enable_ppolicy" = mod ; then
@@ -42337,7 +41496,7 @@ rm -f $BACKENDSC
cat > $BACKENDSC << ENDX
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -42388,7 +41547,7 @@ rm -f $OVERLAYSC
cat > $OVERLAYSC << ENDX
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/configure.in b/configure.in
index 5b8fdbc20d924aa080af1fe94558991130868110..b013b04f732973e7b045dfdee79b3e1e7159f2a2 100644
--- a/configure.in
+++ b/configure.in
@@ -1,7 +1,7 @@
dnl $OpenLDAP$
dnl This work is part of OpenLDAP Software <http://www.openldap.org/>.
dnl
-dnl Copyright 1998-2006 The OpenLDAP Foundation.
+dnl Copyright 1998-2007 The OpenLDAP Foundation.
dnl All rights reserved.
dnl
dnl Redistribution and use in source and binary forms, with or without
@@ -23,7 +23,7 @@ define([AC_LIBTOOL_LANG_F77_CONFIG], [:])dnl
define([AC_LIBTOOL_LANG_GCJ_CONFIG], [:])dnl
dnl ================================================================
dnl Configure.in for OpenLDAP
-AC_COPYRIGHT([[Copyright 1998-2006 The OpenLDAP Foundation. All rights reserved.
+AC_COPYRIGHT([[Copyright 1998-2007 The OpenLDAP Foundation. All rights reserved.
Restrictions apply, see COPYRIGHT and LICENSE files.]])
AC_REVISION([$OpenLDAP$])
AC_INIT([OpenLDAP],,[http://www.openldap.org/its/])
@@ -93,7 +93,7 @@ AH_TOP([
/* begin of portable.h.pre */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation
+ * Copyright 1998-2007 The OpenLDAP Foundation
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -230,8 +230,6 @@ OL_ARG_ENABLE(syslog,[ --enable-syslog enable syslog support], auto)dnl
OL_ARG_ENABLE(proctitle,[ --enable-proctitle enable proctitle support], yes)dnl
dnl OL_ARG_ENABLE(referrals,[ --enable-referrals enable LDAPv2+ Referrals (experimental)], no)dnl
ol_enable_referrals=${ol_enable_referrals-no}
-dnl OL_ARG_ENABLE(kbind,[ --enable-kbind enable LDAPv2+ Kerberos IV bind (deprecated)], no)dnl
-ol_enable_kbind=${ol_enable_kbind-no}
OL_ARG_ENABLE(ipv6,[ --enable-ipv6 enable IPv6 support], auto)dnl
OL_ARG_ENABLE(local,[ --enable-local enable AF_LOCAL (AF_UNIX) socket support], auto)dnl
@@ -241,9 +239,6 @@ OL_ARG_WITH(cyrus_sasl,[ --with-cyrus-sasl with Cyrus SASL support],
auto, [auto yes no] )
OL_ARG_WITH(fetch,[ --with-fetch with fetch(3) URL support],
auto, [auto yes no] )
-dnl OL_ARG_WITH(kerberos,[ --with-kerberos with Kerberos support],
-dnl auto, [auto k5 k5only k425 kth k4 afs yes no])
-ol_with_kerberos=${ol_with_kerberos-auto}
OL_ARG_WITH(threads,[ --with-threads with threads],
auto, [auto nt posix mach pth lwp yes no manual] )
OL_ARG_WITH(tls,[ --with-tls with TLS/SSL support],
@@ -254,6 +249,9 @@ OL_ARG_WITH(yielding_select,
OL_ARG_WITH(mp,
[ --with-mp with multiple precision statistics auto|longlong|long|bignum|gmp],
auto, [auto longlong long bignum gmp yes no])
+OL_ARG_WITH(odbc,
+ [ --with-odbc with specific ODBC support iodbc|unixodbc|auto],
+ auto, [auto iodbc unixodbc] )
dnl ----------------------------------------------------------------
dnl Server options
@@ -328,10 +326,8 @@ Overlays="accesslog \
auditlog \
constraint \
dds \
- denyop \
dyngroup \
dynlist \
- lastmod \
ppolicy \
proxycache \
refint \
@@ -356,14 +352,10 @@ OL_ARG_ENABLE(constraint,[ --enable-constraint Attribute Constraint overlay
no, [no yes mod], ol_enable_overlays)
OL_ARG_ENABLE(dds,[ --enable-dds Dynamic Directory Services overlay],
no, [no yes mod], ol_enable_overlays)
-OL_ARG_ENABLE(denyop,[ --enable-denyop Deny Operation overlay],
- no, [no yes mod], ol_enable_overlays)
OL_ARG_ENABLE(dyngroup,[ --enable-dyngroup Dynamic Group overlay],
no, [no yes mod], ol_enable_overlays)
OL_ARG_ENABLE(dynlist,[ --enable-dynlist Dynamic List overlay],
no, [no yes mod], ol_enable_overlays)
-OL_ARG_ENABLE(lastmod,[ --enable-lastmod Last Modification overlay],
- no, [no yes mod], ol_enable_overlays)
OL_ARG_ENABLE(ppolicy,[ --enable-ppolicy Password Policy overlay],
no, [no yes mod], ol_enable_overlays)
OL_ARG_ENABLE(proxycache,[ --enable-proxycache Proxy Cache overlay],
@@ -503,22 +495,6 @@ if test $ol_enable_lmpasswd = yes ; then
fi
fi
-if test $ol_enable_kbind = yes ; then
- if test $ol_with_kerberos = no ; then
- AC_MSG_ERROR([options require --with-kerberos])
- elif test $ol_with_kerberos = auto ; then
- ol_with_kerberos=yes
- fi
-
-elif test $ol_enable_kbind = no ; then
- if test $ol_with_kerberos = auto ; then
- ol_with_kerberos=no
- elif test $ol_with_kerberos != no ; then
- AC_MSG_WARN([Kerberos detection enabled unnecessarily]);
- ol_with_kerberos=no
- fi
-fi
-
if test $ol_enable_spasswd = yes ; then
if test $ol_with_cyrus_sasl = no ; then
AC_MSG_ERROR([options require --with-cyrus-sasl])
@@ -1121,174 +1097,6 @@ if test $ol_enable_local != no ; then
fi
fi
-dnl ----------------------------------------------------------------
-dnl Kerberos
-ol_link_kbind=no
-ol_link_krb5=no
-ol_link_krb4=no
-
-case $ol_with_kerberos in yes | auto | k5 | k5only | k425)
-
- AC_CHECK_HEADERS(krb5.h)
-
- if test $ac_cv_header_krb5_h = yes ; then
- dnl lazy check for Heimdal Kerberos
- AC_CHECK_HEADERS(heim_err.h)
- if test $ac_cv_header_heim_err_h = yes ; then
- krb5_impl=heimdal
- else
- krb5_impl=mit
- fi
-
- if test $krb5_impl = mit; then
- AC_CHECK_LIB(k5crypto, main,
- [krb5crypto=k5crypto],
- [krb5crypto=crypto])
-
- AC_CHECK_LIB(krb5, main,
- [have_krb5=yes
- KRB5_LIBS="-lkrb5 -l$krb5crypto -lcom_err"],
- [have_krb5=no],
- [-l$krb5crypto -lcom_err])
-
- elif test $krb5_impl = heimdal; then
- AC_CHECK_LIB(des, main,
- [krb5crypto=des],
- [krb5crypto=crypto])
-
- AC_CHECK_LIB(krb5, main,
- [have_krb5=yes
- KRB5_LIBS="-lkrb5 -l$krb5crypto -lasn1 -lroken -lcom_err"],
- [have_krb5=no],
- [-l$krb5crypto -lasn1 -lroken -lcom_err])
-
- AC_DEFINE(HAVE_HEIMDAL_KERBEROS, 1,
- [define if you have HEIMDAL Kerberos])
-
- else
- have_krb5=no
- AC_MSG_WARN([Unrecognized Kerberos5 Implementation])
- fi
-
- if test $have_krb5 = yes ; then
- ol_link_krb5=yes
-
- AC_DEFINE(HAVE_KRB5, 1,
- [define if you have Kerberos V])
-
- if test $ol_with_kerberos = k5only ; then
- ol_with_kerberos=found
- fi
-
- elif test $ol_with_kerberos != auto ; then
- AC_MSG_ERROR([Required Kerberos 5 support not available])
- fi
-
- fi
- ;;
-esac
-
-if test $ol_link_krb5 = yes &&
- { test $ol_with_kerberos = yes ||
- test $ol_with_kerberos = auto ||
- test $ol_with_kerberos = k425; }; then
-
- AC_CHECK_HEADERS(kerberosIV/krb.h kerberosIV/des.h)
-
- if test $ac_cv_header_kerberosIV_krb_h = yes ; then
- if test $krb5_impl = mit; then
- AC_CHECK_LIB(krb4, main, [have_k425=yes
- KRB4_LIBS="-lkrb4 -ldes425"], [have_k425=no],
- [-ldes425 -lkrb5 -l$krb5crypto -lcom_err])
-
- elif test $krb5_impl = heimdal; then
- AC_CHECK_LIB(krb4, main, [have_k425=yes
- KRB4_LIBS="-lkrb4"], [have_k425=no],
- [-lkrb5 -l$krb5crypto -lasn1 -lroken -lcom_err])
-
- else
- have_425=no
- AC_MSG_WARN([Unrecongized Kerberos V Implementation])
- fi
-
- if test $have_k425 = yes ; then
- ol_with_kerberos=found
- ol_link_krb4=yes
-
- AC_DEFINE(HAVE_KRB425, 1,
- [define if you have Kerberos V with IV support])
- AC_DEFINE(HAVE_KRB4, 1,
- [define if you have Kerberos IV])
-
- AC_CACHE_CHECK([for des_debug in Kerberos libraries],
- [ol_cv_var_des_debug], [
- dnl save the flags
- save_LIBS="$LIBS"
- LIBS="$KRB4_LIBS $KRB5_LIBS $LIBS"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[
-#include <kerberosIV/krb.h>
-#include <kerberosIV/des.h>
-extern int des_debug;
-]], [[
-des_debug = 1;
-]])],[ol_cv_var_des_debug=yes],[ol_cv_var_des_debug=no])
- dnl restore the LIBS
- LIBS="$save_LIBS"
- ])
-
- if test $ol_cv_var_des_debug = yes ; then
- AC_DEFINE(HAVE_DES_DEBUG,1,
- [define if you have Kerberos des_debug])
- fi
-
- LIBS="$save_LIBS"
- fi
- fi
-fi
-
-if test $ol_link_krb5 = yes ; then
- ol_with_kerberos=found
-fi
-
-case $ol_with_kerberos in yes | auto | k4 | kth)
-
- AC_CHECK_HEADERS(krb.h des.h krb-archaeology.h )
-
- if test $ac_cv_header_krb_h = yes ; then
- AC_CHECK_LIB(krb, main, [have_k4=yes], [have_k4=no], [-ldes])
-
- if test $have_k4 = yes ; then
- ol_with_kerberos=found
- ol_link_krb4=yes
-
- AC_DEFINE(HAVE_KRB4, 1,
- [define if you have Kerberos IV])
-
- KRB4_LIBS="-lkrb -ldes"
-
- if test $ac_cv_header_krb_archaeology_h = yes ; then
- AC_DEFINE(HAVE_KTH_KERBEROS, 1,
- [define if you have Kth Kerberos])
- fi
- fi
- fi
- ;;
-esac
-
-if test $ol_link_krb4 = yes && test $ol_enable_kbind != no ; then
- ol_link_kbind=yes
-
-elif test $ol_enable_kbind = yes ; then
- AC_MSG_ERROR([Kerberos IV detection failed])
-fi
-
-if test $ol_link_krb4 = yes || test $ol_link_krb5 = yes ; then
- AC_DEFINE(HAVE_KERBEROS, 1, [define if you have Kerberos])
-
-elif test $ol_with_kerberos != auto && test $ol_with_kerberos != no ; then
- AC_MSG_ERROR([Kerberos detection failed])
-fi
-
dnl ----------------------------------------------------------------
dnl TLS/SSL
@@ -1518,7 +1326,22 @@ dnl [ol_cv_pthread_lpthread_lexc])
fi
dnl Check functions for compatibility
- AC_CHECK_FUNCS(pthread_kill pthread_rwlock_destroy)
+ AC_CHECK_FUNCS(pthread_kill)
+
+ dnl Check for pthread_rwlock_destroy with <pthread.h>
+ dnl as pthread_rwlock_t may not be defined.
+ AC_CACHE_CHECK([for pthread_rwlock_destroy with <pthread.h>],
+ [ol_cv_func_pthread_rwlock_destroy], [
+ dnl save the flags
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#include <pthread.h>
+pthread_rwlock_t rwlock;
+]], [[pthread_rwlock_destroy(&rwlock);]])],[ol_cv_func_pthread_rwlock_destroy=yes],[ol_cv_func_pthread_rwlock_destroy=no])
+ ])
+ if test $ol_cv_func_pthread_rwlock_destroy = yes ; then
+ AC_DEFINE(HAVE_PTHREAD_RWLOCK_DESTROY,1,
+ [define if you have pthread_rwlock_destroy function])
+ fi
dnl Check for pthread_detach with <pthread.h> inclusion
dnl as it's symbol may have been mangled.
@@ -2071,16 +1894,34 @@ if test $ol_enable_sql != no ; then
sql_LIBS="$LIBS"
LIBS="$LTHREAD_LIBS"
- AC_CHECK_LIB(iodbc,SQLDriverConnect,[have_iodbc=yes],[have_iodbc=no])
- if test $have_iodbc = yes ; then
- ol_link_sql="-liodbc"
- else
- AC_CHECK_LIB(odbc,SQLDriverConnect,[have_odbc=yes],[have_odbc=no])
- if test $have_odbc = yes ; then
- ol_link_sql="-lodbc"
- fi
+ if test $ol_with_odbc = auto ; then
+ ol_with_odbc="iodbc unixodbc"
fi
+ for odbc in $ol_with_odbc ; do
+ if test $ol_link_sql = no ; then
+ case $odbc in
+ iodbc)
+ AC_CHECK_LIB(iodbc, SQLDriverConnect, [have_iodbc=yes], [have_iodbc=no])
+ if test $have_iodbc = yes ; then
+ ol_link_sql="-liodbc"
+ fi
+ ;;
+
+ unixodbc)
+ AC_CHECK_LIB(odbc, SQLDriverConnect, [have_odbc=yes], [have_odbc=no])
+ if test $have_odbc = yes ; then
+ ol_link_sql="-lodbc"
+ fi
+ ;;
+
+ *)
+ AC_MSG_ERROR([unknown ODBC library])
+ ;;
+ esac
+ fi
+ done
+
LIBS="$sql_LIBS"
if test $ol_link_sql != no ; then
@@ -2526,10 +2367,6 @@ if test "$ol_enable_syslog" = yes ; then
AC_DEFINE(LDAP_SYSLOG,1,
[define this to add syslog code])
fi
-if test "$ol_link_kbind" != no ; then
- AC_DEFINE(LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND,LDAP_VENDOR_VERSION,
- [define to LDAP VENDOR VERSION])
-fi
if test "$ol_enable_proctitle" != no ; then
AC_DEFINE(LDAP_PROCTITLE,1,
[define this for LDAP process title support])
@@ -2795,18 +2632,6 @@ if test "$ol_enable_dds" != no ; then
AC_DEFINE_UNQUOTED(SLAPD_OVER_DDS,$MFLAG,[define for Dynamic Directory Services overlay])
fi
-if test "$ol_enable_denyop" != no ; then
- BUILD_DENYOP=$ol_enable_denyop
- if test "$ol_enable_denyop" = mod ; then
- MFLAG=SLAPD_MOD_DYNAMIC
- SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS denyop.la"
- else
- MFLAG=SLAPD_MOD_STATIC
- SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS denyop.o"
- fi
- AC_DEFINE_UNQUOTED(SLAPD_OVER_DENYOP,$MFLAG,[define for Deny Operation overlay])
-fi
-
if test "$ol_enable_dyngroup" != no ; then
BUILD_DYNGROUP=$ol_enable_dyngroup
if test "$ol_enable_dyngroup" = mod ; then
@@ -2831,18 +2656,6 @@ if test "$ol_enable_dynlist" != no ; then
AC_DEFINE_UNQUOTED(SLAPD_OVER_DYNLIST,$MFLAG,[define for Dynamic List overlay])
fi
-if test "$ol_enable_lastmod" != no ; then
- BUILD_LASTMOD=$ol_enable_lastmod
- if test "$ol_enable_lastmod" = mod ; then
- MFLAG=SLAPD_MOD_DYNAMIC
- SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS lastmod.la"
- else
- MFLAG=SLAPD_MOD_STATIC
- SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS lastmod.o"
- fi
- AC_DEFINE_UNQUOTED(SLAPD_OVER_LASTMOD,$MFLAG,[define for Last Modification overlay])
-fi
-
if test "$ol_enable_ppolicy" != no ; then
BUILD_PPOLICY=$ol_enable_ppolicy
if test "$ol_enable_ppolicy" = mod ; then
@@ -3139,7 +2952,7 @@ rm -f $BACKENDSC
cat > $BACKENDSC << ENDX
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -3190,7 +3003,7 @@ rm -f $OVERLAYSC
cat > $OVERLAYSC << ENDX
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/contrib/ldapc++/COPYRIGHT b/contrib/ldapc++/COPYRIGHT
index 721b581b64018cd55d2220d4a669aa79ef8aeb06..ae5f9f8ad8463ad01770b748b6d53cd63df1f4df 100644
--- a/contrib/ldapc++/COPYRIGHT
+++ b/contrib/ldapc++/COPYRIGHT
@@ -1,4 +1,4 @@
-Copyright 1998-2006 The OpenLDAP Foundation
+Copyright 1998-2007 The OpenLDAP Foundation
All rights reserved.
Redistribution and use in source and binary forms, with or without
diff --git a/contrib/ldapc++/src/LDAPAttrType.cpp b/contrib/ldapc++/src/LDAPAttrType.cpp
index 121f9b625018caa0831ea9f5cf5c72fc82a9654d..d59c160dafcf395798acd0894125dcd89ad7c7c7 100644
--- a/contrib/ldapc++/src/LDAPAttrType.cpp
+++ b/contrib/ldapc++/src/LDAPAttrType.cpp
@@ -15,6 +15,7 @@ LDAPAttrType::LDAPAttrType(){
desc = string ();
names = StringList ();
single = false;
+ usage = 0;
}
LDAPAttrType::LDAPAttrType (const LDAPAttrType &at){
@@ -25,6 +26,7 @@ LDAPAttrType::LDAPAttrType (const LDAPAttrType &at){
desc = at.desc;
names = at.names;
single = at.single;
+ usage = at.usage;
}
LDAPAttrType::LDAPAttrType (string at_item) {
@@ -38,10 +40,11 @@ LDAPAttrType::LDAPAttrType (string at_item) {
a = ldap_str2attributetype (at_item.c_str(), &ret, &errp,SCHEMA_PARSE_FLAG);
if (a) {
- this->setNames (a->at_names);
- this->setDesc (a->at_desc);
- this->setOid (a->at_oid);
- this->setSingle (a->at_single_value);
+ this->setNames( a->at_names );
+ this->setDesc( a->at_desc );
+ this->setOid( a->at_oid );
+ this->setSingle( a->at_single_value );
+ this->setUsage( a->at_usage );
}
// else? -> error
}
@@ -70,6 +73,10 @@ void LDAPAttrType::setOid (char *at_oid) {
oid = at_oid;
}
+void LDAPAttrType::setUsage (int at_usage) {
+ usage = at_usage;
+}
+
bool LDAPAttrType::isSingle () {
return single;
}
@@ -93,3 +100,7 @@ string LDAPAttrType::getName () {
else
return *(names.begin());
}
+
+int LDAPAttrType::getUsage () {
+ return usage;
+}
diff --git a/contrib/ldapc++/src/LDAPAttrType.h b/contrib/ldapc++/src/LDAPAttrType.h
index 3042ab5a3342869b38ae5e0625357ef26193d70f..88f066ed88a378b032d3d8d880739f5476709557 100644
--- a/contrib/ldapc++/src/LDAPAttrType.h
+++ b/contrib/ldapc++/src/LDAPAttrType.h
@@ -24,6 +24,7 @@ class LDAPAttrType{
StringList names;
string desc, oid;
bool single;
+ int usage;
public :
@@ -74,15 +75,22 @@ class LDAPAttrType{
StringList getNames();
/**
- * Returns true if attribute type hllows only single value
+ * Returns true if attribute type allows only single value
*/
bool isSingle();
+ /**
+ * Return the 'usage' value:
+ * (0=userApplications, 1=directoryOperation, 2=distributedOperation,
+ * 3=dSAOperation)
+ */
+ int getUsage ();
+
void setNames (char **at_names);
void setDesc (char *at_desc);
void setOid (char *at_oid);
void setSingle (int at_single_value);
-
+ void setUsage (int at_usage );
};
#endif // LDAP_ATTRTYPE_H
diff --git a/contrib/ldapc++/src/LDAPException.cpp b/contrib/ldapc++/src/LDAPException.cpp
index 5be910bfefcce95c3106e45bd5fa698c068c2d4c..46fd2faba489c80c75fdf7d2f23fcb41d878d38d 100644
--- a/contrib/ldapc++/src/LDAPException.cpp
+++ b/contrib/ldapc++/src/LDAPException.cpp
@@ -32,9 +32,9 @@ LDAPException::LDAPException(const LDAPAsynConnection *lc){
const char* err_string;
ldap_get_option(l,LDAP_OPT_DIAGNOSTIC_MESSAGE,&err_string);
if ( err_string ) {
- m_res_string = string(err_string);
+ m_err_string = string(err_string);
} else {
- m_res_string = "";
+ m_err_string = "";
}
}
diff --git a/contrib/ldapc++/src/ac/time.h b/contrib/ldapc++/src/ac/time.h
index 9e38d4e04fc628992f87c69421286f36f157609b..332d96d0531fbf488741669c6392e34968a18555 100644
--- a/contrib/ldapc++/src/ac/time.h
+++ b/contrib/ldapc++/src/ac/time.h
@@ -1,7 +1,7 @@
/* Generic time.h */
/* $OpenLDAP$ */
/*
- * Copyright 1998-2006 The OpenLDAP Foundation, Redwood City, California, USA
+ * Copyright 1998-2007 The OpenLDAP Foundation, Redwood City, California, USA
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted only
diff --git a/contrib/slapd-modules/acl/README b/contrib/slapd-modules/acl/README
index 8a5d90088d59649c2852d4c1f9486d8a87cebd59..e91026045980273c3313e451298d1e73a4b08c38 100644
--- a/contrib/slapd-modules/acl/README
+++ b/contrib/slapd-modules/acl/README
@@ -1,4 +1,4 @@
-Copyright 2005-2006 The OpenLDAP Foundation. All rights reserved.
+Copyright 2005-2007 The OpenLDAP Foundation. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted only as authorized by the OpenLDAP
diff --git a/contrib/slapd-modules/acl/posixgroup.c b/contrib/slapd-modules/acl/posixgroup.c
index 9b9539ce1530752afc6120bd4078c85d1efc7ae1..76f6343570a6b8bd1401621d13bfef4d88e2d8f9 100644
--- a/contrib/slapd-modules/acl/posixgroup.c
+++ b/contrib/slapd-modules/acl/posixgroup.c
@@ -1,6 +1,6 @@
/* $OpenLDAP$ */
/*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -283,7 +283,7 @@ cleanup:;
if ( user != NULL && user != target ) {
op->o_bd = user_be;
- be_entry_release_r( op, group );
+ be_entry_release_r( op, user );
op->o_bd = be;
}
diff --git a/contrib/slapd-modules/allop/README b/contrib/slapd-modules/allop/README
index de5c1d16d425bb071c8f851fb6c9a4a1bc831102..907ad9e2d55cd60535a7e575e674561f23b4b9c1 100644
--- a/contrib/slapd-modules/allop/README
+++ b/contrib/slapd-modules/allop/README
@@ -1,4 +1,4 @@
-Copyright 2004-2006 The OpenLDAP Foundation. All rights reserved.
+Copyright 2004-2007 The OpenLDAP Foundation. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted only as authorized by the OpenLDAP
diff --git a/contrib/slapd-modules/allop/allop.c b/contrib/slapd-modules/allop/allop.c
index 8c985c4882f198a8cfa0725b2c656d4ec36719b5..6ddf4a473e062f47d54c65fce5717e9c00f28e64 100644
--- a/contrib/slapd-modules/allop/allop.c
+++ b/contrib/slapd-modules/allop/allop.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2005-2006 The OpenLDAP Foundation.
+ * Copyright 2005-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/contrib/slapd-modules/allop/slapo-allop.5 b/contrib/slapd-modules/allop/slapo-allop.5
index 3f6b8ebfb3b7e0f92d00d90a29a7abd42b8ed110..eb9732e9a7f920078a8e34e471df1f6754509a19 100644
--- a/contrib/slapd-modules/allop/slapo-allop.5
+++ b/contrib/slapd-modules/allop/slapo-allop.5
@@ -1,5 +1,5 @@
.TH SLAPO-ALLOP 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2005-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2005-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
diff --git a/contrib/slapd-modules/comp_match/Makefile b/contrib/slapd-modules/comp_match/Makefile
index 9c7c7ab3b7e816177bd3ae904ced7ce5558084d1..cbe23015a64e018d518855fac9fe523ad855ed57 100644
--- a/contrib/slapd-modules/comp_match/Makefile
+++ b/contrib/slapd-modules/comp_match/Makefile
@@ -1,7 +1,7 @@
# $OpenLDAP$
# This work is part of OpenLDAP Software <http://www.openldap.org/>.
#
-# Copyright 2003-2006 The OpenLDAP Foundation.
+# Copyright 2003-2007 The OpenLDAP Foundation.
# Portions Copyright 2004 by IBM Corporation.
# All rights reserved.
diff --git a/servers/slapd/overlays/denyop.c b/contrib/slapd-modules/denyop/denyop.c
similarity index 98%
rename from servers/slapd/overlays/denyop.c
rename to contrib/slapd-modules/denyop/denyop.c
index 0f2921d9bc3a2750994f080d42c7d637553bab30..96a5f37b5e411d27f490e19b833221a6976e1639 100644
--- a/servers/slapd/overlays/denyop.c
+++ b/contrib/slapd-modules/denyop/denyop.c
@@ -1,7 +1,8 @@
/* denyop.c - Denies operations */
+/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/contrib/slapd-modules/dsaschema/README b/contrib/slapd-modules/dsaschema/README
index c4be0f7007f9d346d736c97214d271d760f00e90..dbc467c052472db63dc05a4249dff0d40f8a0d1f 100644
--- a/contrib/slapd-modules/dsaschema/README
+++ b/contrib/slapd-modules/dsaschema/README
@@ -1,4 +1,4 @@
-Copyright 2004-2006 The OpenLDAP Foundation. All rights reserved.
+Copyright 2004-2007 The OpenLDAP Foundation. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted only as authorized by the OpenLDAP
diff --git a/contrib/slapd-modules/dsaschema/dsaschema.c b/contrib/slapd-modules/dsaschema/dsaschema.c
index 379babfaa23f77b7341af23502d9c2732b1b798c..0402dc5770fd783ff4205b26d9df6218900a4506 100644
--- a/contrib/slapd-modules/dsaschema/dsaschema.c
+++ b/contrib/slapd-modules/dsaschema/dsaschema.c
@@ -1,6 +1,6 @@
/* $OpenLDAP$ */
/*
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/overlays/lastmod.c b/contrib/slapd-modules/lastmod/lastmod.c
similarity index 99%
rename from servers/slapd/overlays/lastmod.c
rename to contrib/slapd-modules/lastmod/lastmod.c
index ad298296cb2f7ce7ac73f6d35a4755b772758877..4c85ad955d5d1c4b534de526d4188444c7a1e391 100644
--- a/servers/slapd/overlays/lastmod.c
+++ b/contrib/slapd-modules/lastmod/lastmod.c
@@ -1,7 +1,8 @@
/* lastmod.c - returns last modification info */
+/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -563,7 +564,7 @@ lastmod_update( Operation *op, SlapReply *rs )
int rc;
op->o_bd->bd_info = (BackendInfo *)on->on_info->oi_orig;
- rc = (*op->o_bd->bd_info->bi_entry_get_rw)( op, &bv_name, NULL, NULL, 0, &e );
+ rc = op->o_bd->bd_info->bi_entry_get_rw( op, &bv_name, NULL, NULL, 0, &e );
if ( rc == LDAP_SUCCESS ) {
a = attr_find( e->e_attrs, slap_schema.si_ad_modifiersName );
if ( a != NULL ) {
@@ -592,7 +593,7 @@ lastmod_update( Operation *op, SlapReply *rs )
assert( dn_match( &bv_name, &e->e_name ) );
assert( dn_match( &bv_nname, &e->e_nname ) );
- (*op->o_bd->bd_info->bi_entry_release_rw)( op, e, 0 );
+ op->o_bd->bd_info->bi_entry_release_rw( op, e, 0 );
}
op->o_bd->bd_info = bi;
diff --git a/doc/man/man5/slapo-lastmod.5 b/contrib/slapd-modules/lastmod/slapo-lastmod.5
similarity index 98%
rename from doc/man/man5/slapo-lastmod.5
rename to contrib/slapd-modules/lastmod/slapo-lastmod.5
index 14b3819d00d144b7932b696cac17488ed2c57c9f..cca4d39b5d9a2bcf47cebab06cbed5f2d8204e68 100644
--- a/doc/man/man5/slapo-lastmod.5
+++ b/contrib/slapd-modules/lastmod/slapo-lastmod.5
@@ -1,4 +1,4 @@
-.\" Copyright 2004-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.TH SLAPO_LASTMOD 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.SH NAME
diff --git a/contrib/slapd-modules/passwd/README b/contrib/slapd-modules/passwd/README
index ee288431bfe5e9b6dfeb529d34c004caafa1cbfd..2ae57f15617f55c17f1b3e41afbaa8c468d0528e 100644
--- a/contrib/slapd-modules/passwd/README
+++ b/contrib/slapd-modules/passwd/README
@@ -1,4 +1,4 @@
-Copyright 2004-2006 The OpenLDAP Foundation. All rights reserved.
+Copyright 2004-2007 The OpenLDAP Foundation. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted only as authorized by the OpenLDAP
diff --git a/contrib/slapd-modules/passwd/kerberos.c b/contrib/slapd-modules/passwd/kerberos.c
index b2cdf847f5d1779a8a56eb33d7a80e29ff18423a..7b201a177d7afed96ac27befec4f431d92608ffe 100644
--- a/contrib/slapd-modules/passwd/kerberos.c
+++ b/contrib/slapd-modules/passwd/kerberos.c
@@ -1,6 +1,6 @@
/* $OpenLDAP$ */
/*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/contrib/slapd-modules/passwd/netscape.c b/contrib/slapd-modules/passwd/netscape.c
index 667029e2543ec73b345fa7d0d97ebcd8ef02fdb7..7eaea703cf2709de5dff40328a8fad4401085dcf 100644
--- a/contrib/slapd-modules/passwd/netscape.c
+++ b/contrib/slapd-modules/passwd/netscape.c
@@ -1,6 +1,6 @@
/* $OpenLDAP$ */
/*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/contrib/slapd-modules/passwd/radius.c b/contrib/slapd-modules/passwd/radius.c
index 57b216c61bc58f7e7fdd53a77694ba2ea8b4d3d9..f4bbb284bb9c925a94a6576157f9c75699ebbf78 100644
--- a/contrib/slapd-modules/passwd/radius.c
+++ b/contrib/slapd-modules/passwd/radius.c
@@ -1,6 +1,6 @@
/* $OpenLDAP$ */
/*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/contrib/slapd-modules/smbk5pwd/smbk5pwd.c b/contrib/slapd-modules/smbk5pwd/smbk5pwd.c
index 2f0c8f098cee0ff33698bf7a80f94741f75e6b9d..6b674583ebd3735d63c193da354331f756c1cedb 100644
--- a/contrib/slapd-modules/smbk5pwd/smbk5pwd.c
+++ b/contrib/slapd-modules/smbk5pwd/smbk5pwd.c
@@ -880,20 +880,32 @@ smbk5pwd_modules_init( smbk5pwd_t *pi )
ret = krb5_init_context(&context);
if (ret) {
Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
- "unable to initialize krb5 context.\n",
- 0, 0, 0 );
+ "unable to initialize krb5 context (%d).\n",
+ ret, 0, 0 );
oc_krb5KDCEntry = NULL;
return -1;
}
- /* FIXME: check return code? */
ret = kadm5_s_init_with_password_ctx( context,
KADM5_ADMIN_SERVICE,
NULL,
KADM5_ADMIN_SERVICE,
&conf, 0, 0, &kadm_context );
+ if (ret) {
+ char *err_str, *err_msg = "<unknown error>";
+ err_str = krb5_get_error_string( context );
+ if (!err_str)
+ err_msg = krb5_get_err_text( context, ret );
+ Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
+ "unable to initialize krb5 admin context: %s (%d).\n",
+ err_str ? err_str : err_msg, ret, 0 );
+ if (err_str)
+ krb5_free_error_string( context, err_str );
+ krb5_free_context( context );
+ oc_krb5KDCEntry = NULL;
+ return -1;
+ }
- /* FIXME: check return code? */
db = _kadm5_s_get_db( kadm_context );
}
#endif /* DO_KRB5 */
diff --git a/contrib/slapd-modules/trace/trace.c b/contrib/slapd-modules/trace/trace.c
index 7fdbc8c0eb97e4cc7ec1f00d68bfecbb0d1ea1f5..292ec67622146215390d83b6bf60a7c747ace8d3 100644
--- a/contrib/slapd-modules/trace/trace.c
+++ b/contrib/slapd-modules/trace/trace.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2006 The OpenLDAP Foundation.
+ * Copyright 2006-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/contrib/slapd-tools/README b/contrib/slapd-tools/README
index 02c53f01f1300f39794f881329f2e3bb77caa5a4..d9029c535aee233ed75f89f5556677b834c7c9e2 100644
--- a/contrib/slapd-tools/README
+++ b/contrib/slapd-tools/README
@@ -1,4 +1,4 @@
-Copyright 2004-2006 The OpenLDAP Foundation. All rights reserved.
+Copyright 2004-2007 The OpenLDAP Foundation. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted only as authorized by the OpenLDAP
diff --git a/contrib/slapi-plugins/addrdnvalues/README b/contrib/slapi-plugins/addrdnvalues/README
index 4ac9dcf68112672aa73875b0736a3af58738251e..95acbdc04e8ccbb8aa15d8a97764e440338cf6e8 100644
--- a/contrib/slapi-plugins/addrdnvalues/README
+++ b/contrib/slapi-plugins/addrdnvalues/README
@@ -1,4 +1,4 @@
-Copyright 2003-2006 The OpenLDAP Foundation. All rights reserved.
+Copyright 2003-2007 The OpenLDAP Foundation. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted only as authorized by the OpenLDAP
diff --git a/doc/Makefile.in b/doc/Makefile.in
index 91a1ce24f3b50e6ac7ea3684aea1fb2d39b22c1a..102f3dc13af44cc26ea8ba2c0651ca5759038339 100644
--- a/doc/Makefile.in
+++ b/doc/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/doc/devel/args b/doc/devel/args
index 506766990d98732585957c8e76deb801fac8ff82..3ee627535096e6043c841832739b1adcee085343 100644
--- a/doc/devel/args
+++ b/doc/devel/args
@@ -1,15 +1,15 @@
Tools ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
-ldapcompare * DE**HI*K M*OPQR UVWXYZ de *h**k *n*p* vwxyz
-ldapdelete *CDE**HI*K M*OPQR UVWXYZ cdef*h**k *n*p* vwxy
-ldapmodify *CDE**HI*K M*OPQRS UVWXYZabcde *h**k *n*p*r t vwxy
-ldapmodrdn *CDE**HI*K M*OPQR UVWXYZ cdef*h**k *n*p*rs vwxy
-ldappasswd A*CDE**HI* *O QRS UVWXYZa def*h** * * * s vwxy
-ldapsearch A*CDE**HI*KLM*OPQRSTUVWXYZab def*h**kl*n*p* stuvwxyz
-ldapwhoami * DE**HI* *O QR UVWXYZ def*h** *n*p* vwxy
+ldapcompare * DE**HI*K M*OPQR UVWXYZ de *h**k *nop* vwxyz
+ldapdelete *CDE**HI*K M*OPQR UVWXYZ cdef*h**k *nop* vwxy
+ldapmodify *CDE**HI*K M*OPQRS UVWXYZabcde *h**k *nop*r t vwxy
+ldapmodrdn *CDE**HI*K M*OPQR UVWXYZ cdef*h**k *nop*rs vwxy
+ldappasswd A*CDE**HI* *O QRS UVWXYZa def*h** * o * s vwxy
+ldapsearch A*CDE**HI*KLM*OPQRSTUVWXYZab def*h**kl*nop* stuvwxyz
+ldapwhoami * DE**HI* *O QR UVWXYZ def*h** *nop* vwxy
* reserved
- BFGJgijmoq01235789
+ BFGJgijmq01235789
* General flags:
-C Chase Referrals
@@ -25,6 +25,7 @@ ldapwhoami * DE**HI* *O QR UVWXYZ def*h** *n*p* vwxy
-h host
-n no-op
-N no (SASLprep) normalization of simple bind password
+ -o general connection options (currently nettimeout only)
-p port
-v verbose
-V version
diff --git a/doc/guide/COPYRIGHT b/doc/guide/COPYRIGHT
index c0b64f3bff46ecbcb76f4c70cdc179bb7d930863..27a4e73735d82e16230829d90f531b82aa534f90 100644
--- a/doc/guide/COPYRIGHT
+++ b/doc/guide/COPYRIGHT
@@ -1,4 +1,4 @@
-Copyright 1998-2006 The OpenLDAP Foundation
+Copyright 1998-2007 The OpenLDAP Foundation
All rights reserved.
Redistribution and use in source and binary forms, with or without
diff --git a/doc/guide/admin/Makefile b/doc/guide/admin/Makefile
index 5b330589d472f563f0545051383d1ed321fbefc1..dfae7270e963a42303200a6a296fc77e0836e952 100644
--- a/doc/guide/admin/Makefile
+++ b/doc/guide/admin/Makefile
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 2005-2006 The OpenLDAP Foundation.
+## Copyright 2005-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
@@ -20,6 +20,7 @@ sdf-src: \
abstract.sdf \
config.sdf \
dbtools.sdf \
+ glossary.sdf \
guide.sdf \
install.sdf \
intro.sdf \
diff --git a/doc/guide/admin/abstract.sdf b/doc/guide/admin/abstract.sdf
index b78fa0c1b0689a04213ba99b154f47159cb5230a..0285df4bb5c9128f3bdaddb533c80f1282e619e3 100644
--- a/doc/guide/admin/abstract.sdf
+++ b/doc/guide/admin/abstract.sdf
@@ -1,5 +1,5 @@
# $OpenLDAP$
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
#
# OpenLDAP Administrator's Guide: Abstract
diff --git a/doc/guide/admin/admin.sdf b/doc/guide/admin/admin.sdf
index fa93bf197177c6ca60c2e7a70c537cae2d6f0f36..75249078a250f191b21c84dd5fad59a97e21cf4e 100644
--- a/doc/guide/admin/admin.sdf
+++ b/doc/guide/admin/admin.sdf
@@ -1,12 +1,10 @@
# $OpenLDAP$
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
#
# guide.sdf
#
-!define DOC_TOC 0
-
!macro build_html_cover
!endmacro
diff --git a/doc/guide/admin/config.sdf b/doc/guide/admin/config.sdf
index 3ef1b3964bbe585de35e9a9340148520bc19d657..05700cfe4d34b42c185cff695730c7f8bfd0743a 100644
--- a/doc/guide/admin/config.sdf
+++ b/doc/guide/admin/config.sdf
@@ -1,20 +1,21 @@
# $OpenLDAP$
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
H1: The Big Picture - Configuration Choices
This section gives a brief overview of various {{TERM:LDAP}} directory
-configurations, and how your stand-alone LDAP server {{slapd}}(8)
+configurations, and how your Standalone LDAP Daemon {{slapd}}(8)
fits in with the rest of the world.
H2: Local Directory Service
-In this configuration, you run a {{slapd}} which provides directory
-service for your local domain only. It does not interact with other
-directory servers in any way. This configuration is shown in Figure 3.1.
+In this configuration, you run a {{slapd}}(8) instance which provides
+directory service for your local domain only. It does not interact
+with other directory servers in any way. This configuration is shown
+in Figure 3.1.
-!import "config_local.gif"; align="center"; title="Local service via slapd configuration"
+!import "config_local.gif"; align="center"; title="Local service via slapd(8) configuration"
FT[align="Center"] Figure 3.1: Local service configuration.
Use this configuration if you are just starting out (it's the one the
@@ -25,31 +26,35 @@ It's easy to upgrade to another configuration later if you want.
H2: Local Directory Service with Referrals
-In this configuration, you run a slapd which provides directory service
-for your local domain and configure it to return referrals to a
-{{superior}} service capable of handling requests outside your local domain.
-You may run this service yourself or use one provided to you.
+In this configuration, you run a {{slapd}}(8) instance which provides
+directory service for your local domain and configure it to return
+referrals to other servers capable of handling requests. You may
+run this service (or services) yourself or use one provided to you.
This configuration is shown in Figure 3.2.
!import "config_ref.gif"; align="center"; title="Local service with referrals"
FT[align="Center"] Figure 3.2: Local service with referrals
-Use this configuration if you want to provide local service and
-participate in the Global Directory.
+Use this configuration if you want to provide local service and
+participate in the Global Directory, or you want to delegate
+responsibility for {{subordinate}} entries to another server.
H2: Replicated Directory Service
-The slurpd daemon is used to propagate changes from a master slapd
-to one or more slave slapds. An example master-slave configuration
-is shown in figure 3.3.
+slapd(8) includes support for {{LDAP Sync}}-based replication, called
+{{syncrepl}}, which may be used to maintain shadow copies of directory
+information on multiple directory servers. In its most basic
+configuration, the {{master}} is a syncrepl provider and one or more
+{{slave}} (or {{shadow}}) are syncrepl consumers. An example
+master-slave configuration is shown in figure 3.3.
!import "config_repl.gif"; align="center"; title="Replicated Directory Services"
FT[align="Center"] Figure 3.3: Replicated Directory Services
-This configuration can be used in conjunction with either of the first
-two configurations in situations where a single slapd does not
-provide the required reliability or availability.
+This configuration can be used in conjunction with either of the
+first two configurations in situations where a single {{slapd}}(8)
+instance does not provide the required reliability or availability.
H2: Distributed Local Directory Service
diff --git a/doc/guide/admin/config_dit.gif b/doc/guide/admin/config_dit.gif
index c58af04454626a169103bafe88effca1346f394f..2327d03c72b10f9edee0971d3a9d8771517511f4 100644
Binary files a/doc/guide/admin/config_dit.gif and b/doc/guide/admin/config_dit.gif differ
diff --git a/doc/guide/admin/dbtools.sdf b/doc/guide/admin/dbtools.sdf
index ea73d8ba732b6fd1ca825228a0f739e641aa2555..3de7710d303e65a47509f5c2edc7b2553b41213b 100644
--- a/doc/guide/admin/dbtools.sdf
+++ b/doc/guide/admin/dbtools.sdf
@@ -1,5 +1,5 @@
# $OpenLDAP$
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
H1: Database Creation and Maintenance Tools
@@ -7,7 +7,7 @@ H1: Database Creation and Maintenance Tools
This section tells you how to create a slapd database from scratch,
and how to do trouble shooting if you run into problems. There are
two ways to create a database. First, you can create the database
-on-line using LDAP. With this method, you simply start up slapd
+on-line using {{TERM:LDAP}}. With this method, you simply start up slapd
and add entries using the LDAP client of your choice. This method
is fine for relatively small databases (a few hundred or thousand
entries, depending on your requirements). This method works for
diff --git a/doc/guide/admin/glossary.sdf b/doc/guide/admin/glossary.sdf
new file mode 100644
index 0000000000000000000000000000000000000000..28507e18a7542d2b6df9eab8ee91f87331be1603
--- /dev/null
+++ b/doc/guide/admin/glossary.sdf
@@ -0,0 +1,16 @@
+# $OpenLDAP$
+# Copyright 2006-2007 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+H1: Glossary
+
+H2: Terms
+!catalog terms ''; headings; columns="Term,Definition"
+
+H2: Related Organizations
+!catalog organisations ''; headings; columns="ORG:Name,Long,URL:Jump"
+
+H2: Related Products
+!catalog products ''; headings; columns="PRD:Name,URL:Jump"
+
+H2: References
+!catalog references ''; headings; columns="REF:Reference,Document,Status,URL:Jump"
diff --git a/doc/guide/admin/guide.sdf b/doc/guide/admin/guide.sdf
index 28bf2ed35489bd6b4ea1dc068cfa59960491b3e9..59b51cef2bb973884fe78846beec44097449f6b5 100644
--- a/doc/guide/admin/guide.sdf
+++ b/doc/guide/admin/guide.sdf
@@ -1,5 +1,5 @@
# $OpenLDAP$
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
#
# guide.sdf
diff --git a/doc/guide/admin/index.sdf b/doc/guide/admin/index.sdf
index 974dcf188686199800ffec9db9a119d9264acc29..f8cae905e5cf67a9ea3e4eff8ec916e096e56dee 100644
--- a/doc/guide/admin/index.sdf
+++ b/doc/guide/admin/index.sdf
@@ -1,5 +1,5 @@
# $OpenLDAP$
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
#
# index.sdf
diff --git a/doc/guide/admin/install.sdf b/doc/guide/admin/install.sdf
index b7a897a8ff2b9622d22eff6db05063fafb3c34c0..18e113f52979d09d42362ffc7ee34bb0ee96f158 100644
--- a/doc/guide/admin/install.sdf
+++ b/doc/guide/admin/install.sdf
@@ -1,16 +1,15 @@
# $OpenLDAP$
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
H1: Building and Installing OpenLDAP Software
-This chapter details how to build and install the {{ORG:OpenLDAP}}
-Software package including {{slapd}}(8), the stand-alone LDAP daemon
-and {{slurpd}}(8), the stand-alone update replication daemon.
-Building and installing OpenLDAP Software requires several steps:
-installing prerequisite software, configuring OpenLDAP Software
-itself, making, and finally installing. The following sections
-describe this process in detail.
+This chapter details how to build and install the {{PRD:OpenLDAP}}
+Software package including {{slapd}}(8), the Standalone {{TERM:LDAP}}
+Daemon. Building and installing OpenLDAP Software requires several
+steps: installing prerequisite software, configuring OpenLDAP
+Software itself, making, and finally installing. The following
+sections describe this process in detail.
H2: Obtaining and Extracting the Software
@@ -76,27 +75,10 @@ OpenLDAP Software will not be fully LDAPv3 compliant unless OpenLDAP's
{{EX:configure}} detects a usable OpenSSL installation.
-H3: Kerberos Authentication Services
-
-OpenLDAP clients and servers support Kerberos-based authentication
-services.
-In particular, OpenLDAP supports the {{TERM:SASL}}/{{TERM:GSSAPI}}
-authentication mechanism using either {{PRD:Heimdal}} or
-{{PRD:MIT Kerberos}} V packages.
-If you desire to use Kerberos-based SASL/GSSAPI authentication,
-you should install either Heimdal or MIT Kerberos V.
-
-Heimdal Kerberos is available from {{URL:http://www.pdc.kth.se/heimdal/}}.
-MIT Kerberos is available from {{URL:http://web.mit.edu/kerberos/www/}}.
-
-Use of strong authentication services, such as those provided by
-Kerberos, is highly recommended.
-
-
H3: {{TERM[expand]SASL}}
-OpenLDAP clients and servers require installation of {{PRD:Cyrus}}'s
-{{PRD:SASL}} libraries to provide {{TERM[expand]SASL}} services. Though
+OpenLDAP clients and servers require installation of {{PRD:Cyrus SASL}}
+libraries to provide {{TERM[expand]SASL}} services. Though
some operating systems may provide this library as part of the
base system or as an optional software component, Cyrus SASL
often requires separate installation.
@@ -110,10 +92,27 @@ OpenLDAP Software will not be fully LDAPv3 compliant unless OpenLDAP's
configure detects a usable Cyrus SASL installation.
+H3: {{TERM[expand]Kerberos}}
+
+OpenLDAP clients and servers support {{TERM:Kerberos}} authentication
+services. In particular, OpenLDAP supports the Kerberos V
+{{TERM:GSS-API}} {{TERM:SASL}} authentication mechanism known as
+the {{TERM:GSSAPI}} mechanism. This feature requires, in addition to
+Cyrus SASL libraries, either {{PRD:Heimdal}} or {{PRD:MIT Kerberos}}
+V libraries.
+
+Heimdal Kerberos is available from {{URL:http://www.pdc.kth.se/heimdal/}}.
+MIT Kerberos is available from {{URL:http://web.mit.edu/kerberos/www/}}.
+
+Use of strong authentication services, such as those provided by
+Kerberos, is highly recommended.
+
+
+
H3: Database Software
OpenLDAP's {{slapd}}(8) {{TERM:BDB}} and {{TERM:HDB}} primary database backends
-require {{ORG[expand]Sleepycat}} {{PRD:Berkeley DB}}.
+require {{ORG[expand]Oracle}} {{PRD:Berkeley DB}}.
If not available at configure time, you will not be able build
{{slapd}}(8) with these primary database backends.
@@ -122,10 +121,10 @@ Your operating system may provide a supported version of
software component. If not, you'll have to obtain and
install it yourself.
-{{PRD:Berkeley DB}} is available from {{ORG[expand]Sleepycat}}'s
-download page {{URL: http://www.sleepycat.com/download/}}. There
-are several versions available. Generally, the most recent release
-(with published patches) is recommended. This package is required
+{{PRD:Berkeley DB}} is available from {{ORG[expand]Oracle}}'s Berkeley DB
+download page
+{{URL: http://www.oracle.com/technology/software/products/berkeley-db/index.html}}. There are several versions available. Generally, the most recent
+release (with published patches) is recommended. This package is required
if you wish to use the {{TERM:BDB}} or {{TERM:HDB}} database backends.
@@ -219,8 +218,8 @@ Now build the software, this step will actually compile OpenLDAP.
> make
You should examine the output of this command carefully to make sure
-everything is built correctly. Note that this command builds the LDAP
-libraries and associated clients as well as {{slapd}}(8) and {{slurpd}}(8).
+everything is built correctly. Note that this command builds the LDAP
+libraries and associated clients as well as {{slapd}}(8).
H2: Testing the Software
diff --git a/doc/guide/admin/intro.sdf b/doc/guide/admin/intro.sdf
index 9960d05d5ecb1a7ab0f260b7f76ac0481776a6dc..8d40e9d724711f62c60641ae7ad0531b68cda46d 100644
--- a/doc/guide/admin/intro.sdf
+++ b/doc/guide/admin/intro.sdf
@@ -1,33 +1,40 @@
# $OpenLDAP$
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
H1: Introduction to OpenLDAP Directory Services
-This document describes how to build, configure, and operate OpenLDAP
-software to provide directory services. This includes details on
-how to configure and run the stand-alone {{TERM:LDAP}} daemon,
-{{slapd}}(8) and the stand-alone LDAP update replication daemon,
-{{slurpd}}(8). It is intended for newcomers and experienced
-administrators alike. This section provides a basic introduction
-to directory services and, in particular, the directory services
-provided by {{slapd}}(8).
+This document describes how to build, configure, and operate
+{{PRD:OpenLDAP}} Software to provide directory services. This
+includes details on how to configure and run the Standalone
+{{TERM:LDAP}} Daemon, {{slapd}}(8). It is intended for new and
+experienced administrators alike. This section provides a basic
+introduction to directory services and, in particular, the directory
+services provided by {{slapd}}(8). This introduction is only
+intended to provide enough information so one might get started
+learning about {{TERM:LDAP}}, {{TERM:X.500}}, and directory services.
H2: What is a directory service?
-A directory is a specialized database optimized for reading, browsing
-and searching. Directories tend to contain descriptive, attribute-based
-information and support sophisticated filtering capabilities.
-Directories generally do not support complicated transaction or
-roll-back schemes found in database management systems designed
-for handling high-volume complex updates. Directory updates are
-typically simple all-or-nothing changes, if they are allowed at
-all. Directories are tuned to give quick response to high-volume
-lookup or search operations. They may have the ability to replicate
-information widely in order to increase availability and reliability,
-while reducing response time. When directory information is
-replicated, temporary inconsistencies between the replicas may be
-okay, as long as they get in sync eventually.
+A directory is a specialized database specifically designed for
+searching and browsing, in additional to supporting basic lookup
+and update functions.
+
+Note: A directory is defined by some as merely a database optimized
+for read access. This definition, at best, is overly simplistic.
+
+Directories tend to contain descriptive, attribute-based information
+and support sophisticated filtering capabilities. Directories
+generally do not support complicated transaction or roll-back schemes
+found in database management systems designed for handling high-volume
+complex updates. Directory updates are typically simple all-or-nothing
+changes, if they are allowed at all. Directories are generally
+tuned to give quick response to high-volume lookup or search
+operations. They may have the ability to replicate information
+widely in order to increase availability and reliability, while
+reducing response time. When directory information is replicated,
+temporary inconsistencies between the replicas may be okay, as long
+as inconsistencies are resolved in a timely manner.
There are many different ways to provide a directory service.
Different methods allow different kinds of information to be stored
@@ -41,9 +48,17 @@ services are usually {{distributed}}, meaning that the data they
contain is spread across many machines, all of which cooperate to
provide the directory service. Typically a global service defines
a uniform {{namespace}} which gives the same view of the data no
-matter where you are in relation to the data itself. The Internet
-{{TERM[expand]DNS}} (DNS) is an example of a globally distributed
-directory service.
+matter where you are in relation to the data itself.
+
+A web directory, such as provided by the {{Open Directory Project}}
+<{{URL:http://dmoz.org}}>, is a good example of a directory service.
+These services catalog web pages and are specifically designed to
+support browsing and searching.
+
+While some consider the Internet {{TERM[expand]DNS}} (DNS) is an
+example of a globally distributed directory service, DNS is not
+browsable nor searchable. It is more properly described as a
+globaly distributed {{lookup}} service.
H2: What is LDAP?
@@ -53,11 +68,10 @@ it is a lightweight protocol for accessing directory services,
specifically {{TERM:X.500}}-based directory services. LDAP runs
over {{TERM:TCP}}/{{TERM:IP}} or other connection oriented transfer
services. LDAP is an {{ORG:IETF}} Standard Track protocol and is
-specified as detailed in "Lightweight Directory Access Protocol
-(LDAP) Technical Specification Road Map" {{REF:RFC4510}}.
+specified in "Lightweight Directory Access Protocol (LDAP) Technical
+Specification Road Map" {{REF:RFC4510}}.
-This section gives an overview of LDAP from a
-user's perspective.
+This section gives an overview of LDAP from a user's perspective.
{{What kind of information can be stored in the directory?}} The
LDAP information model is based on {{entries}}. An entry is a
@@ -69,8 +83,8 @@ common name, or "{{EX:mail}}" for email address. The syntax of
values depend on the attribute type. For example, a {{EX:cn}}
attribute might contain the value {{EX:Babs Jensen}}. A {{EX:mail}}
attribute might contain the value "{{EX:babs@example.com}}". A
-{{EX:jpegPhoto}} attribute would contain a photograph in the JPEG
-(binary) format.
+{{EX:jpegPhoto}} attribute would contain a photograph in the
+{{TERM:JPEG}} (binary) format.
{{How is the information arranged?}} In LDAP, directory entries
are arranged in a hierarchical tree-like structure. Traditionally,
@@ -107,8 +121,8 @@ the entry itself (called the {{TERM[expand]RDN}} or RDN) and
concatenating the names of its ancestor entries. For example, the
entry for Barbara Jensen in the Internet naming example above has
an RDN of {{EX:uid=babs}} and a DN of
-{{EX:uid=babs,ou=People,dc=example,dc=com}}. The full DN format
-is described in {{REF:RFC4514}}, "LDAP: String Representation of
+{{EX:uid=babs,ou=People,dc=example,dc=com}}. The full DN format is
+described in {{REF:RFC4514}}, "LDAP: String Representation of
Distinguished Names."
{{How is the information accessed?}} LDAP defines operations for
@@ -142,16 +156,15 @@ services.
H2: How does LDAP work?
-LDAP directory service is based on a {{client-server}} model. One
-or more LDAP servers contain the data making up the directory
-information tree (DIT). The client connects to servers and
-asks it a question. The server responds with an answer and/or
-with a pointer to where the client can get additional information
-(typically, another LDAP server). No matter which LDAP server a
-client connects to, it sees the same view of the directory; a name
-presented to one LDAP server references the same entry it would at
-another LDAP server. This is an important feature of a global
-directory service, like LDAP.
+LDAP utilizes a {{client-server model}}. One or more LDAP servers
+contain the data making up the directory information tree ({{TERM:DIT}}).
+The client connects to servers and asks it a question. The server
+responds with an answer and/or with a pointer to where the client
+can get additional information (typically, another LDAP server).
+No matter which LDAP server a client connects to, it sees the same
+view of the directory; a name presented to one LDAP server references
+the same entry it would at another LDAP server. This is an important
+feature of a global directory service.
H2: What about X.500?
@@ -171,7 +184,7 @@ While LDAP is still used to access X.500 directory service via
gateways, LDAP is now more commonly directly implemented in X.500
servers.
-The stand-alone LDAP daemon, or {{slapd}}(8), can be viewed as a
+The Standalone LDAP Daemon, or {{slapd}}(8), can be viewed as a
{{lightweight}} X.500 directory server. That is, it does not
implement the X.500's DAP nor does it support the complete X.500
models.
@@ -184,10 +197,7 @@ X.500 DAP, or have no immediate plans to run X.500 DAP, read on.
It is possible to replicate data from an LDAP directory server to
a X.500 DAP {{TERM:DSA}}. This requires an LDAP/DAP gateway.
-OpenLDAP does not provide such a gateway, but our replication daemon
-can be used to replicate to such a gateway. See the {{SECT:Replication
-with slurpd}} chapter of this document for information regarding
-replication.
+OpenLDAP Software does not include such a gateway.
H2: What is the difference between LDAPv2 and LDAPv3?
@@ -221,13 +231,14 @@ service, or run a service all by yourself. Some of slapd's more
interesting features and capabilities include:
{{B:LDAPv3}}: {{slapd}} implements version 3 of {{TERM[expand]LDAP}}.
-{{slapd}} supports LDAP over both IPv4 and IPv6 and Unix IPC.
+{{slapd}} supports LDAP over both {{TERM:IPv4}} and {{TERM:IPv6}}
+and Unix {{TERM:IPC}}.
{{B:{{TERM[expand]SASL}}}}: {{slapd}} supports strong authentication
and data security (integrity and confidentiality) services through
-the use of SASL. {{slapd}}'s SASL implementation utilizes {{PRD:Cyrus}}
-{{PRD:SASL}} software which supports a number of mechanisms including
-DIGEST-MD5, EXTERNAL, and GSSAPI.
+the use of SASL. {{slapd}}'s SASL implementation utilizes {{PRD:Cyrus
+SASL}} software which supports a number of mechanisms including
+{{TERM:DIGEST-MD5}}, {{TERM:EXTERNAL}}, and {{TERM:GSSAPI}}.
{{B:{{TERM[expand]TLS}}}}: {{slapd}} supports certificate-based
authentication and data security (integrity and confidentiality)
@@ -254,7 +265,7 @@ of different database backends you can choose from. They include
{{TERM:HDB}}, a hierarchical high-performance transactional
backend; {{SHELL}}, a backend interface to arbitrary shell scripts;
and PASSWD, a simple backend interface to the {{passwd}}(5) file.
-The BDB and HDB backends utilize {{ORG:Sleepycat}} {{PRD:Berkeley
+The BDB and HDB backends utilize {{ORG:Oracle}} {{PRD:Berkeley
DB}}.
{{B:Multiple database instances}}: {{slapd}} can be configured to
@@ -272,7 +283,7 @@ well-defined {{TERM:C}} {{TERM:API}}, you can write your own
customized modules which extend {{slapd}} in numerous ways. Also,
a number of {{programmable database}} modules are provided. These
allow you to expose external data sources to {{slapd}} using popular
-programming languages ({{PRD:Perl}}, {{shell}}, {{PRD:SQL}}, and
+programming languages ({{PRD:Perl}}, {{shell}}, {{TERM:SQL}}, and
{{PRD:TCL}}).
{{B:Threads}}: {{slapd}} is threaded for high performance. A single
@@ -284,8 +295,8 @@ required while providing high performance.
copies of directory information. This {{single-master/multiple-slave}}
replication scheme is vital in high-volume environments where a
single {{slapd}} just doesn't provide the necessary availability
-or reliability. {{slapd}} supports two replication methods: {{LDAP
-Sync}}-based and {{slurpd}}(8)-based replication.
+or reliability. {{slapd}} includes support for {{LDAP Sync}}-based
+replication.
{{B:Proxy Cache}}: {{slapd}} can be configured as a caching
LDAP proxy service.
@@ -295,22 +306,3 @@ single configuration file which allows you to change just about
everything you'd ever want to change. Configuration options have
reasonable defaults, making your job much easier.
-
-H2: What is slurpd and what can it do?
-
-{{slurpd}}(8) is a daemon that, with {{slapd}} help, provides
-replicated service. It is responsible for distributing changes
-made to the master {{slapd}} database out to the various {{slapd}}
-replicas. It frees {{slapd}} from having to worry that some replicas
-might be down or unreachable when a change comes through; {{slurpd}}
-handles retrying failed requests automatically. {{slapd}} and
-{{slurpd}} communicate through a simple text file that is used to
-log changes.
-
-See the {{SECT:Replication with slurpd}} chapter for information
-about how to configure and run {{slurpd}}(8).
-
-Alternatively, {{LDAP-Sync}}-based replication may be used to provide
-a replicated service. See the {{SECT:LDAP Sync Replication}} chapter
-for details.
-
diff --git a/doc/guide/admin/master.sdf b/doc/guide/admin/master.sdf
index 7942c36af28daaf9e9afe5f816864db525f8e262..7d7b4b2471c6f219cccfbe7c0742f8ff74901b5f 100644
--- a/doc/guide/admin/master.sdf
+++ b/doc/guide/admin/master.sdf
@@ -1,5 +1,5 @@
# $OpenLDAP$
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
#
# master file for the OpenLDAP Administrator's Guide
@@ -60,8 +60,8 @@ PB:
!include "tls.sdf"; chapter
PB:
-#!include "monitoringslapd.sdf"; chapter
-#PB:
+!include "monitoringslapd.sdf"; chapter
+PB:
#!include "tuning.sdf"; chapter
#PB:
@@ -79,6 +79,11 @@ PB:
PB:
# Appendices
+# Terms
+!include "glossary.sdf"; appendix
+PB:
+
+# Autoconf
!include "../release/autoconf.sdf"; appendix
PB:
diff --git a/doc/guide/admin/monitoringslapd.sdf b/doc/guide/admin/monitoringslapd.sdf
index d34204191472f17c764084f3f359a319a202c667..cc2311b6059bd13b7e75c0eb8364de88bc6bf662 100644
--- a/doc/guide/admin/monitoringslapd.sdf
+++ b/doc/guide/admin/monitoringslapd.sdf
@@ -1,111 +1,500 @@
# $OpenLDAP$
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
-H1: Monitoring Slapd
-
-Slapd supports a monitoring interface you can use to find out
-many useful bits of information about what slapd is currently
-doing, how many connections it has, how many threads are
-working, etc. You can access the monitor feature by doing a
-base object search of the SLAPD_MONITOR_DN from
-include/ldapconfig.h with any kind of valid filter (e.g.,
-"(objectclass=*)"). By default, this DN is set to "cn=monitor".
-You will get one entry returned to you, with the following
+H1: Monitoring
+
+{{slapd}}(8) supports an optional {{TERM:LDAP}} monitoring interface
+you can use to obtain information regarding the current state of
+your {{slapd}} instance. For instance, the interface allows you
+to determine how many clients are connected to the server currently.
+The monitoring information is provided by a specialized backend,
+the {{monitor}} backend. A manual page, {{slapd-monitor}}(5) is
+available.
+
+When the monitoring interface is enabled, LDAP clients may be used
+to access information provided by the {{monitor}} backend, subject
+to access and other controls.
+
+When enabled, the {{monitor}} backend dynamically generates and
+returns objects in response to search requests in the {{cn=Monitor}}
+subtree. Each object contains information about a particular aspect
+of the server. The information is held in a combination of user
+applications and operational attributes. This information can be
+access with {{ldapsearch(1)}}, with any general-purpose LDAP browser,
+or with specialized monitoring tools. The {{SECT:Accessing Monitoring
+Information}} section provides a brief tutorial on how to use
+{{ldapsearch}}(1) to access monitoring information, while the
+{{SECT:Monitor information}} section details monitoring information
+base and its organization.
+
+While support for the monitor backend is included in default builds
+of slapd(8), this support requires some configuration to become
+active. This may be done using either {{EX:cn=config}} or
+{{slapd.conf}}(5). The former is discussed in the {{SECT:Monitor
+configuration via cn=config}} section of this of this chapter. The
+latter is discussed in the {{SECT:Monitor configuration via
+slapd.conf(5)}} section of this chapter. These sections assume
+monitor backend is built into {{slapd}} (e.g., {{EX:--enable-monitor=yes}},
+the default). If the monitor backend was built as a module (e.g.,
+{{EX:--enable-monitor=mod}}, this module must loaded. Loading of
+modules is discussed in the {{SECT:Configuring slapd}} and {{SECT:The
+slapd Configuration File}} chapters.
+
+
+H2: Monitor configuration via cn=config(5)
+
+{{This section has yet to be written.}}
+
+
+H2: Monitor configuration via slapd.conf(5)
+
+Configuration of the slapd.conf(5) to support LDAP monitoring
+is quite simple.
+
+First, ensure {{core.schema}} schema configuration file is included
+by your {{slapd.conf}}(5) file. The {{monitor}} backend requires
+it.
+
+Second, instanticate the {{monitor backend}} by adding a
+{{database monitor}} directive below your existing database
+sections. For instance:
+
+> database monitor
+
+Lastly, add additional global or database directives as needed.
+
+Like most other database backends, the monitor backend does honor
+slapd(8) access and other adminstrative controls. As some monitor
+information may be sensitive, it is generally recommend access to
+cn=monitor be restricted to directory administrators and their
+monitoring agents. Adding an {{access}} directive immediately below
+the {{database monitor}} directive is a clear and effective approach
+for controlling access. For instance, the addition of the following
+{{access}} directive immediately below the {{database monitor}}
+directive restricts access to monitoring information to the specified
+directory manager.
+
+> access to *
+> by dn.exact="cn=Manager,dc=example,dc=com
+> by * none
+
+More information on {{slapd}}(8) access controls, see {{The access
+Control Directive}} section of the {{SECT:The slapd Configuration
+File}} chapter and {{slapd.access}}(5).
+
+After restarting {{slapd}}(8), you are ready to start exploring the
+monitoring information provided in {{EX:cn=config}} as discussed
+in the {{SECT:Accessing Monitoring Information}} section of this
+chapter.
+
+One can verify slapd(8) is properly configured to provide monitoring
+information by attempting to read the {{EX:cn=monitor}} object.
+For instance, if the following {{ldapsearch}}(1) command returns the
+cn=monitor object (with, as requested, no attributes), it's working.
+
+> ldapsearch -x -D 'cn=Manager,dc=example,dc=com' -W \
+> -b 'cn=Monitor' -s base 1.1
+
+Note that unlike general purpose database backends, the database
+suffix is hardcoded. It's always {{EX:cn=Monitor}}. So no {{suffix}}
+directive should be provided. Also note that general purpose
+database backends, the monitor backend cannot be instantiated
+multiple times. That is, there can only be one (or zero) occurances
+of {{EX:database monitor}} in the server's configuration.
+
+
+H2: Accessing Monitoring Information
+
+As previously discussed, when enabled, the {{monitor}} backend
+dynamically generates and returns objects in response to search
+requests in the {{cn=Monitor}} subtree. Each object contains
+information about a particular aspect of the server. The information
+is held in a combination of user applications and operational
+attributes. This information can be access with {{ldapsearch(1)}},
+with any general-purpose LDAP browser, or with specialized monitoring
+tools.
+
+This section provides a provides a brief tutorial on how to use
+{{ldapsearch}}(1) to access monitoring information.
+
+To inspect any particular monitor object, one performs search
+operation on the object with a baseObject scope and a
+{{EX:(objectClass=*)}} filter. As the monitoring information is
+contained in a combination of user applications and operational
+attributes, the return all user applications attributes (e.g.,
+{{EX:'*'}}) and all operational attributes (e.g., {{EX:'+'}}) should
+be requested. For instance, to read the {{EX:cn=Monitor}} object
+itself, the {{ldapsearch}}(1) command (modified to fit your configuration)
+can be used:
+
+> ldapsearch -x -D 'cn=Manager,dc=example,dc=com' -W \
+> -b 'cn=Monitor' -s base '(objectClass=*)' '*' '+'
+
+When run against your server, this should produce output
+similar to:
+
+> dn: cn=Monitor
+> objectClass: monitorServer
+> structuralObjectClass: monitorServer
+> cn: Monitor
+> creatorsName:
+> modifiersName:
+> createTimestamp: 20061208223558Z
+> modifyTimestamp: 20061208223558Z
+> description: This subtree contains monitoring/managing objects.
+> description: This object contains information about this server.
+> description: Most of the information is held in operational attributes, which
+> must be explicitly requested.
+> monitoredInfo: OpenLDAP: slapd 2.4 (Dec 7 2006 17:30:29)
+> entryDN: cn=Monitor
+> subschemaSubentry: cn=Subschema
+> hasSubordinates: TRUE
+
+To reduce the number of uninteresting attributes returned, one
+can be more selective when requesting which attributes are to be
+returned. For instance, one could request the return of all
+attributes allowed by the {{monitorServer}} object class (e.g.,
+{{EX:@objectClass}}) instead of all user and all operational
attributes:
-E: version: slapd <version> (<date>)
+> ldapsearch -x -D 'cn=Manager,dc=example,dc=com' -W \
+> -b 'cn=Monitor' -s base '(objectClass=*)' '@monitorServer'
+
+This limits the output as follows:
+
+> dn: cn=Monitor
+> objectClass: monitorServer
+> cn: Monitor
+> description: This subtree contains monitoring/managing objects.
+> description: This object contains information about this server.
+> description: Most of the information is held in operational attributes, which
+> must be explicitly requested.
+> monitoredInfo: OpenLDAP: slapd 2.X (Dec 7 2006 17:30:29)
+
+To return the names of all the monitoring objects, one performs a
+search of {{EX:cn=Monitor}} with subtree scope and {{EX:(objectClass=*)}}
+filter and requesting no attributes (e.g., {{EX:1.1}}) be returned.
+
+> ldapsearch -x -D 'cn=Manager,dc=example,dc=com' -W -b 'cn=Monitor' -s sub 1.1
+
+If you run this command you will discover that there are many objects
+in the {{cn=Monitor}} subtree. The following section describes
+some of the commonly available monitoring objects.
+
+
+H2: Monitor Information
+
+The {{monitor}} backend provides a wealth of information useful
+for monitoring the slapd(8) contained in set of monitor objects.
+Each object contains information about a particular aspect of
+the server, such as a backends, a connection, or a thread.
+Some objects serve as containers for other objects and used
+to construct a hierarchy of objects.
+
+In this hierarchy, the most superior object is {cn=Monitor}.
+While this object primarily serves as a container for other
+objects, most of which are containers, this object provides
+information about this server. In particular, it provides the
+slapd(8) version string. Example:
+
+> dn: cn=Monitor
+> monitoredInfo: OpenLDAP: slapd 2.X (Dec 7 2006 17:30:29)
+
+Note: Examples in this section (and its subsections) have been
+trimmed to show only key information.
+
+
+H3: Backends
+
+The {{EX:cn=Backends,cn=Monitor}} object, itself, provides a list
+of available backends. The list of available backends all builtin
+backends, as well as backends loaded by modules. For example:
+
+> dn: cn=Backends,cn=Monitor
+> monitoredInfo: config
+> monitoredInfo: ldif
+> monitoredInfo: monitor
+> monitoredInfo: bdb
+> monitoredInfo: hdb
+
+This indicates the {{config}}, {{ldif}}, {{monitor}}, {{bdb}},
+and {{hdb}} backends are available.
+
+The {{EX:cn=Backends,cn=Monitor}} object is also a container
+for available backend objects. Each available backend object
+contains information about a particular backend. For example:
+
+> dn: cn=Backend 0,cn=Backends,cn=Monitor
+> monitoredInfo: config
+> monitorRuntimeConfig: TRUE
+> supportedControl: 2.16.840.1.113730.3.4.2
+> seeAlso: cn=Database 0,cn=Databases,cn=Monitor
+>
+> dn: cn=Backend 1,cn=Backends,cn=Monitor
+> monitoredInfo: ldif
+> monitorRuntimeConfig: TRUE
+> supportedControl: 2.16.840.1.113730.3.4.2
+>
+> dn: cn=Backend 2,cn=Backends,cn=Monitor
+> monitoredInfo: monitor
+> monitorRuntimeConfig: TRUE
+> supportedControl: 2.16.840.1.113730.3.4.2
+> seeAlso: cn=Database 2,cn=Databases,cn=Monitor
+>
+> dn: cn=Backend 3,cn=Backends,cn=Monitor
+> monitoredInfo: bdb
+> monitorRuntimeConfig: TRUE
+> supportedControl: 1.3.6.1.1.12
+> supportedControl: 2.16.840.1.113730.3.4.2
+> supportedControl: 1.3.6.1.4.1.4203.666.5.2
+> supportedControl: 1.2.840.113556.1.4.319
+> supportedControl: 1.3.6.1.1.13.1
+> supportedControl: 1.3.6.1.1.13.2
+> supportedControl: 1.3.6.1.4.1.4203.1.10.1
+> supportedControl: 1.2.840.113556.1.4.1413
+> supportedControl: 1.3.6.1.4.1.4203.666.11.7.2
+> seeAlso: cn=Database 1,cn=Databases,cn=Monitor
+>
+> dn: cn=Backend 4,cn=Backends,cn=Monitor
+> monitoredInfo: hdb
+> monitorRuntimeConfig: TRUE
+> supportedControl: 1.3.6.1.1.12
+> supportedControl: 2.16.840.1.113730.3.4.2
+> supportedControl: 1.3.6.1.4.1.4203.666.5.2
+> supportedControl: 1.2.840.113556.1.4.319
+> supportedControl: 1.3.6.1.1.13.1
+> supportedControl: 1.3.6.1.1.13.2
+> supportedControl: 1.3.6.1.4.1.4203.1.10.1
+> supportedControl: 1.2.840.113556.1.4.1413
+> supportedControl: 1.3.6.1.4.1.4203.666.11.7.2
+
+For each of these objects, monitorInfo indicates which backend the
+information in the object is about. For instance, the {{EX:cn=Backend
+3,cn=Backends,cn=Monitor}} object contains (in the example) information
+about the {{bdb}} backend.
+
+!block table
+Attribute|Description
+monitoredInfo|Name of backend
+supportedControl|supported LDAP control extensions
+seeAlso|Database objects of instances of this backend
+!endblock
+
+H3: Connections
+
+The main entry is empty; it should contain some statistics on the number
+of connections.
+
+Dynamic child entries are created for each open connection, with stats on
+the activity on that connection (the format will be detailed later).
+There are two special child entries that show the number of total and
+current connections respectively.
+
+For example:
+
+Total Connections:
+
+> dn: cn=Total,cn=Connections,cn=Monitor
+> structuralObjectClass: monitorCounterObject
+> monitorCounter: 4
+> entryDN: cn=Total,cn=Connections,cn=Monitor
+> subschemaSubentry: cn=Subschema
+> hasSubordinates: FALSE
+
+Current Connections:
+
+> dn: cn=Current,cn=Connections,cn=Monitor
+> structuralObjectClass: monitorCounterObject
+> monitorCounter: 2
+> entryDN: cn=Current,cn=Connections,cn=Monitor
+> subschemaSubentry: cn=Subschema
+> hasSubordinates: FALSE
+
+
+H3: Databases
+
+The main entry contains the naming context of each configured database;
+the child entries contain, for each database, the type and the naming
+context.
+
+For example:
+
+> dn: cn=Database 2,cn=Databases,cn=Monitor
+> structuralObjectClass: monitoredObject
+> monitoredInfo: monitor
+> monitorIsShadow: FALSE
+> monitorContext: cn=Monitor
+> readOnly: FALSE
+> entryDN: cn=Database 2,cn=Databases,cn=Monitor
+> subschemaSubentry: cn=Subschema
+> hasSubordinates: FALSE
+
+H3: Listener
+
+It contains the description of the devices the server is currently
+listening on:
+
+> dn: cn=Listener 0,cn=Listeners,cn=Monitor
+> structuralObjectClass: monitoredObject
+> monitorConnectionLocalAddress: IP=0.0.0.0:389
+> entryDN: cn=Listener 0,cn=Listeners,cn=Monitor
+> subschemaSubentry: cn=Subschema
+> hasSubordinates: FALSE
+
+
+H3: Log
+
+It contains the currently active log items. The {{Log}} subsystem allows
+user modify operations on the {{description}} attribute, whose values {{MUST}}
+be in the list of admittable log switches:
+
+> Trace
+> Packets
+> Args
+> Conns
+> BER
+> Filter
+> Config (useless)
+> ACL
+> Stats
+> Stats2
+> Shell
+> Parse
+> Cache (deprecated)
+> Index
-This attribute identifies the slapd server software by name,
-version, and build date, e.g., {{EX: slapd 3.3 (Thu May 21 14:19:03
-EDT 1996)}}
+These values can be added, replaced or deleted; they affect what
+messages are sent to the syslog device.
-E: threads: <integer>
+H3: Operations
-This attribute indicates the number of threads (operations)
-currently outstanding in slapd.
+It shows some statistics on the operations performed by the server:
-E: connection: <fd> : <opentime> : <opsinitiated> :
-E: <opscompleted> : <binddn> : [ <rw> ]
+> Initiated
+> Completed
-This multi-valued attribute summarizes information for each
-open connection. The information given is {{EX: <fd>}}, the file
-descriptor; {{EX: <opentime>}}, the time the connection was opened
-in UTC format; {{EX: <opsinitiated>}}, the number of operations
-initiated over the connection; {{EX: <opscompleted>}}, the number
-of operations completed over the connection; {{EX: <binddn>}}, the
-DN currently bound to the connection; and optionally {{EX: <rw>}},
-indicating whether the connection is currently blocked for
-read or write..
+and for each operation type, i.e.:
-E: currentconnections: <integer>
+> Bind
+> Unbind
+> Add
+> Delete
+> Modrdn
+> Modify
+> Compare
+> Search
+> Abandon
+> Extended
-The current number of connections.
+There are too many types to list example here, so please try for yourself
+using {{SECT: Monitor search example}}
-E: totalconnections: <integer>
+H3: Overlays
-The total number of connections handled by slapd since it
-started.
+The main entry contains the type of overlays available at run-time;
+the child entries, for each overlay, contain the type of the overlay.
-E: dtablesize: <integer>
+It should also contain the modules that have been loaded if dynamic
+overlays are enabled:
-The size of slapd's file descriptor table.
+> # Overlays, Monitor
+> dn: cn=Overlays,cn=Monitor
+> structuralObjectClass: monitorContainer
+> monitoredInfo: syncprov
+> monitoredInfo: accesslog
+> monitoredInfo: glue
+> entryDN: cn=Overlays,cn=Monitor
+> subschemaSubentry: cn=Subschema
+> hasSubordinates: TRUE
-E: writewaiters: <integer>
+H3: SASL
-The number of threads blocked waiting to write data to a
-client.
+Currently empty.
-E: readwaiters: <integer>
+H3: Statistics
-The number of threads blocked waiting to read data from a
-client.
+It shows some statistics on the data sent by the server:
-E: opsinitiated: <integer>
+> Bytes
+> PDU
+> Entries
+> Referrals
-The total number of operations initiated by slapd since it
-started.
+e.g.
-E: opscompleted: <integer>
+> # Entries, Statistics, Monitor
+> dn: cn=Entries,cn=Statistics,cn=Monitor
+> structuralObjectClass: monitorCounterObject
+> monitorCounter: 612248
+> entryDN: cn=Entries,cn=Statistics,cn=Monitor
+> subschemaSubentry: cn=Subschema
+> hasSubordinates: FALSE
-The total number of operations completed by slapd since it
-started.
+H3: Threads
-E: entriessent: <integer>
+It contains the maximum number of threads enabled at startup and the
+current backload.
-The total number of entries sent to clients by slapd since it
-started.
+e.g.
-E: bytessent: <integer>
+> # Max, Threads, Monitor
+> dn: cn=Max,cn=Threads,cn=Monitor
+> structuralObjectClass: monitoredObject
+> monitoredInfo: 16
+> entryDN: cn=Max,cn=Threads,cn=Monitor
+> subschemaSubentry: cn=Subschema
+> hasSubordinates: FALSE
-The total number of bytes sent to clients by slapd since it
-started.
-E: currenttime: <UTC time>
+H3: Time
-Slapd's idea of the current time.
+It contains two child entries with the start time and the current time
+of the server.
-E: starttime: <integer>
+e.g.
-The time slapd was started.
+Start time:
-E: nbackends: <integer>
+> dn: cn=Start,cn=Time,cn=Monitor
+> structuralObjectClass: monitoredObject
+> monitorTimestamp: 20061205124040Z
+> entryDN: cn=Start,cn=Time,cn=Monitor
+> subschemaSubentry: cn=Subschema
+> hasSubordinates: FALSE
-The number of backends currently being served by slapd.
+Current time:
-E: concurrency: <integer>
+> dn: cn=Current,cn=Time,cn=Monitor
+> structuralObjectClass: monitoredObject
+> monitorTimestamp: 20061207120624Z
+> entryDN: cn=Current,cn=Time,cn=Monitor
+> subschemaSubentry: cn=Subschema
+> hasSubordinates: FALSE
-Under Solaris 2.x only, an indication of the current level of
-thread concurrency.
+H3: TLS
-Note that slapd takes a snapshot of this information and
-returns it to you. No attempt is made to ensure that the
-information is consistent (i.e., if an operation thread is
-modifying one of these things when the monitor thread is
-reading it, strange results could be returned).
+Currently empty.
-You should be able to use any LDAP client to retrieve this
-information. Here's how you might do it using the
-{{I: ldapsearch}}(1) client:
+H3: Waiters
-E: ldapsearch -x -s base -b cn=monitor 'objectclass=*'
+It contains the number of current read waiters.
+e.g.
+
+Read waiters:
+
+> dn: cn=Read,cn=Waiters,cn=Monitor
+> structuralObjectClass: monitorCounterObject
+> monitorCounter: 7
+> entryDN: cn=Read,cn=Waiters,cn=Monitor
+> subschemaSubentry: cn=Subschema
+> hasSubordinates: FALSE
+
+Write waiters:
+
+> dn: cn=Write,cn=Waiters,cn=Monitor
+> structuralObjectClass: monitorCounterObject
+> monitorCounter: 0
+> entryDN: cn=Write,cn=Waiters,cn=Monitor
+> subschemaSubentry: cn=Subschema
+> hasSubordinates: FALSE
diff --git a/doc/guide/admin/preface.sdf b/doc/guide/admin/preface.sdf
index 22868d998a07cae0202ecd8052a8088f2661bc44..c3d7f320b7baf0c7cf6835b9556a5d5237d33787 100644
--- a/doc/guide/admin/preface.sdf
+++ b/doc/guide/admin/preface.sdf
@@ -1,5 +1,5 @@
# $OpenLDAP$
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
#
@@ -9,7 +9,7 @@ P1: Preface
# document's copyright
P2[notoc] Copyright
-Copyright 1998-2005, The {{ORG[expand]OLF}}, {{All Rights Reserved}}.
+Copyright 1998-2006, The {{ORG[expand]OLF}}, {{All Rights Reserved}}.
Copyright 1992-1996, Regents of the {{ORG[expand]UM}}, {{All Rights Reserved}}.
@@ -17,21 +17,21 @@ This document is considered a part of OpenLDAP Software. This
document is subject to terms of conditions set forth in {{SECT:OpenLDAP
Software Copyright Notices}} and the {{SECT:OpenLDAP Public License}}.
Complete copies of the notices and associated license can be found
-in Appendix B and C, respectively.
+in Appendix C and D, respectively.
P2[notoc] Scope of this Document
This document provides a guide for installing [[DOC_NAME]]
-({{URL:http://www.openldap.org/software/}})
-on {{TERM:UNIX}} (and UNIX-like) systems. The document is aimed at
-experienced system administrators but who may not have prior experience
-operating {{TERM:LDAP}}-based directory software.
+({{URL:http://www.openldap.org/software/}}) on {{TERM:UNIX}} (and
+UNIX-like) systems. The document is aimed at experienced system
+administrators with basic understanding of {{TERM:LDAP}}-based
+directory services.
This document is meant to be used in conjunction with other OpenLDAP
-information resources provided with the software package and on
-the project's extensive site ({{URL:http://www.OpenLDAP.org/}}) on
-the World Wide Web. The site makes available a number of resources.
+information resources provided with the software package and on the
+project's site ({{URL:http://www.OpenLDAP.org/}}) on the
+{{TERM[expand]WWW}}. The site makes available a number of resources.
!block table; align=Center; coltags="N,URL"; \
title="OpenLDAP Resources"
@@ -40,6 +40,7 @@ Document Catalog|http://www.OpenLDAP.org/doc/
Frequently Asked Questions|http://www.OpenLDAP.org/faq/
Issue Tracking System|http://www.OpenLDAP.org/its/
Mailing Lists|http://www.OpenLDAP.org/lists/
+Manual Pages|http://www.OpenLDAP.org/software/man.cgi
Software Pages|http://www.OpenLDAP.org/software/
Support Pages|http://www.OpenLDAP.org/support/
!endblock
@@ -47,26 +48,28 @@ Support Pages|http://www.OpenLDAP.org/support/
P2[notoc] Acknowledgments
-The {{ORG[expand]OLP}} is comprised of a team of volunteers. This document
-would not be possible without their contribution of time and energy.
+The {{ORG[expand]OLP}} is comprised of a team of volunteers. This
+document would not be possible without their contribution of time
+and energy.
The OpenLDAP Project would also like to thank the {{ORG[expand]UMLDAP}}
for building the foundation of LDAP software and information to
which OpenLDAP Software is built upon. This document is based upon
-U-Mich LDAP document: {{The SLAPD and SLURPD Administrators Guide}}.
+University of Michigan document: {{REF[expand]UM-GUIDE}}.
P2[notoc] Amendments
-Suggested enhancements and corrections to this document should
-be submitted using the {{ORG:OpenLDAP}}
-{{{{TERM[expand]ITS}}}} ({{URL: http://www.openldap.org/its/}}).
+Suggested enhancements and corrections to this document should be
+submitted using the {{PRD:OpenLDAP}} {{TERM[expand]ITS}}
+({{URL: http://www.openldap.org/its/}}).
P2[notoc] About this document
-This document was produced using the {{Simple Document Format}}
-({{URL:http://search.cpan.org/src/IANC/sdf-2.001/doc/}}) documentation
-system developed by {{Ian Clatworthy}}. Tools for {{SDF}} are
-available from CPAN ({{URL:http://search.cpan.org/search?query=SDF}}).
+This document was produced using the {{TERM[expand]SDF}} ({{TERM:SDF}})
+documentation system
+({{URL:http://search.cpan.org/src/IANC/sdf-2.001/doc/catalog.html}})
+developed by {{Ian Clatworthy}}. Tools for SDF are available from
+{{ORG:CPAN}} ({{URL:http://search.cpan.org/search?query=SDF}}).
diff --git a/doc/guide/admin/proxycache.sdf b/doc/guide/admin/proxycache.sdf
index 5fd2b3420fba8e9dc3d5cbc0e7c0c4ff397a929e..0d4dcab72b553be6b435420c4519860c8c39225e 100644
--- a/doc/guide/admin/proxycache.sdf
+++ b/doc/guide/admin/proxycache.sdf
@@ -1,15 +1,15 @@
# $OpenLDAP$
-# Copyright 2003-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 2003-2007 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
H1: The Proxy Cache Engine
-LDAP servers typically hold one or more subtrees of a DIT. Replica
-(or shadow) servers hold shadow copies of entries held by one or
-more master servers. Changes are propagated from the master server
-to replica (slave) servers using LDAP Sync or {{slurpd}}(8). An
-LDAP cache is a special type of replica which holds entries
-corresponding to search filters instead of subtrees.
+{{TERM:LDAP}} servers typically hold one or more subtrees of a
+{{TERM:DIT}}. Replica (or shadow) servers hold shadow copies of
+entries held by one or more master servers. Changes are propagated
+from the master server to replica (slave) servers using LDAP Sync
+replication. An LDAP cache is a special type of replica which holds
+entries corresponding to search filters instead of subtrees.
H2: Overview
diff --git a/doc/guide/admin/quickstart.sdf b/doc/guide/admin/quickstart.sdf
index 38864491bfd7ceca81cd842e1e7983362540e8ff..bdc46d8095b4b25f21a85b913e08e7df34df2ec6 100644
--- a/doc/guide/admin/quickstart.sdf
+++ b/doc/guide/admin/quickstart.sdf
@@ -1,33 +1,34 @@
# $OpenLDAP$
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
H1: A Quick-Start Guide
The following is a quick start guide to [[DOC_NAME]],
-including the stand-alone LDAP daemon, {{slapd}}(8).
+including the Standalone {{TERM:LDAP}} Daemon, {{slapd}}(8).
It is meant to walk you through the basic steps needed to install
-and configure OpenLDAP Software. It should be used in conjunction
-with the other chapters of this document, manual pages, and other
-materials provided with the distribution (e.g. the {{F:INSTALL}}
-document) or on the OpenLDAP web site (in particular, the OpenLDAP
-Software {{TERM:FAQ}}).
+and configure {{PRD:OpenLDAP Software}}. It should be used in
+conjunction with the other chapters of this document, manual pages,
+and other materials provided with the distribution (e.g. the
+{{F:INSTALL}} document) or on the {{PRD:OpenLDAP}} web site
+({{URL: http://www.OpenLDAP.org}}), in particular the OpenLDAP
+Software {{TERM:FAQ}} ({{URL: http://www.OpenLDAP.org/faq/?file=2}}).
If you intend to run OpenLDAP Software seriously, you should review
all of this document before attempting to install the software.
Note: This quick start guide does not use strong authentication
nor any integrity or confidential protection services. These
-services are described in other chapters of the OpenLDAP Administrator's
-Guide.
+services are described in other chapters of the
+OpenLDAP Administrator's Guide.
.{{S: }}
^{{B: Get the software}}
. You can obtain a copy of the software by following the
-instructions on the OpenLDAP download page
+instructions on the OpenLDAP Software download page
({{URL: http://www.openldap.org/software/download/}}). It is
recommended that new users start with the latest {{release}}.
@@ -56,7 +57,7 @@ name of the release.
{{F:README}} and {{F:INSTALL}} documents provided with the distribution.
The {{F:COPYRIGHT}} and {{F:LICENSE}} provide information on
acceptable use, copying, and limitation of warranty of OpenLDAP
-software.
+Software.
.{{S: }}
. You should also review other chapters of this document.
@@ -85,9 +86,9 @@ what's best:
. Assuming {{EX:configure}} doesn't dislike your system, you can
proceed with building the software. If {{EX:configure}} did
-complain, well, you'll likely need to go to the FAQ Installation
-Section ({{URL:http://www.openldap.org/faq/}} and/or actually
-read the {{SECT:Building and Installing OpenLDAP Software}}
+complain, well, you'll likely need to go to the Software FAQ
+{{Installation}} section ({{URL:http://www.openldap.org/faq/?file=8}})
+and/or actually read the {{SECT:Building and Installing OpenLDAP Software}}
chapter of this document.
@@ -171,7 +172,7 @@ specified directory must exist prior to starting {{slapd}}(8).
.{{S: }}
+{{B:Start SLAPD}}.
-. You are now ready to start the stand-alone LDAP server, {{slapd}}(8),
+. You are now ready to start the Standalone LDAP Daemon, {{slapd}}(8),
by running the command:
..{{EX:su root -c /usr/local/libexec/slapd}}
@@ -179,7 +180,7 @@ by running the command:
. To check to see if the server is running and configured correctly,
you can run a search against it with {{ldapsearch}}(1). By default,
-ldapsearch is installed as {{F:/usr/local/bin/ldapsearch}}:
+{{ldapsearch}} is installed as {{F:/usr/local/bin/ldapsearch}}:
..{{EX:ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts}}
@@ -198,7 +199,8 @@ in the {{slapd}}(8) manual page and the
+{{B:Add initial entries to your directory}}.
. You can use {{ldapadd}}(1) to add entries to your LDAP directory.
-{{ldapadd}} expects input in LDIF form. We'll do it in two steps:
+{{ldapadd}} expects input in {{TERM:LDIF}} form. We'll do it in two
+steps:
^^ create an LDIF file
++ run ldapadd
@@ -269,10 +271,10 @@ Note that by default, the {{slapd}}(8) database grants {{read access
to everybody}} excepting the {{super-user}} (as specified by the
{{EX:rootdn}} configuration directive). It is highly recommended
that you establish controls to restrict access to authorized users.
-Access controls are discussed in the {{SECT:Access Control}} section
-of {{SECT:The slapd Configuration File}} chapter. You are also
-encouraged to read the {{SECT:Security Considerations}}, {{SECT:Using
-SASL}} and {{SECT:Using TLS}} sections.
+Access controls are discussed in the {{SECT:The access Configuration
+Directive}} section of {{SECT:The slapd Configuration File}} chapter.
+You are also encouraged to read the {{SECT:Security Considerations}},
+{{SECT:Using SASL}} and {{SECT:Using TLS}} sections.
The following chapters provide more detailed information on making,
installing, and running {{slapd}}(8).
diff --git a/doc/guide/admin/referrals.sdf b/doc/guide/admin/referrals.sdf
index 8e66e182e00f07d6728d4472dbb3900097d009f2..0b41a2a355dd1d90838d417fd3b5c5b192a974e2 100644
--- a/doc/guide/admin/referrals.sdf
+++ b/doc/guide/admin/referrals.sdf
@@ -1,5 +1,5 @@
# $OpenLDAP$
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
H1: Constructing a Distributed Directory Service
@@ -51,7 +51,7 @@ object would be added to {{EX:a.example.net}}:
The server uses this information to generate referrals and
search continuations to subordinate servers.
-For those familiar with X.500, a {{named referral}} object is
+For those familiar with {{TERM:X.500}}, a {{named referral}} object is
similar to an X.500 knowledge reference held in a {{subr}}
{{TERM:DSE}}.
@@ -75,8 +75,8 @@ that A holds the immediate superior naming context.
The server uses this information to generate referrals to
management operations.
-For those familiar with X.500, this use of the {{EX:ref}} attribute
-is similar to an X.500 knowledge reference held in a
+For those familiar with {{TERM:X.500}}, this use of the {{EX:ref}}
+attribute is similar to an X.500 knowledge reference held in a
{{immSupr}} {{TERM:DSE}}.
!endif
@@ -99,12 +99,12 @@ as follows:
> referral ldap://a.example.net/
-The server uses this information to generate referrals for
-operations acting upon entries not within or subordinate
-to any of the naming contexts held by the server.
+The server uses this information to generate referrals for operations
+acting upon entries not within or subordinate to any of the naming
+contexts held by the server.
-For those familiar with X.500, this use of the {{EX:ref}} attribute
-is similar to an X.500 knowledge reference held in a
+For those familiar with {{TERM:X.500}}, this use of the {{EX:ref}}
+attribute is similar to an X.500 knowledge reference held in a
{{Supr}} {{TERM:DSE}}.
diff --git a/doc/guide/admin/replication.sdf b/doc/guide/admin/replication.sdf
index afd16ebef8e86a8877bc7edcfb7bc39ff0ee1978..5f1ba203354997f6ec47298dad08d8552830c8df 100644
--- a/doc/guide/admin/replication.sdf
+++ b/doc/guide/admin/replication.sdf
@@ -1,8 +1,13 @@
# $OpenLDAP$
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
H1: Replication with slurpd
+Note: this section is provided for historical reasons. {{slurpd}}(8)
+is deprecated in favor of LDAP Sync based replication, commonly
+referred to as {{syncrepl}}. Syncrepl is discussed in
+{{SECT:LDAP Sync Replication}} section of this document.
+
In certain configurations, a single {{slapd}}(8) instance may be
insufficient to handle the number of clients requiring
directory service via LDAP. It may become necessary to
diff --git a/doc/guide/admin/runningslapd.sdf b/doc/guide/admin/runningslapd.sdf
index 07f205438a5447dfa1e1f3f884c19270dd5f1e65..c96eaf0686a48e66d3aeab39c0f0e35037990d5e 100644
--- a/doc/guide/admin/runningslapd.sdf
+++ b/doc/guide/admin/runningslapd.sdf
@@ -1,12 +1,12 @@
# $OpenLDAP$
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
H1: Running slapd
-{{slapd}}(8) is designed to be run as a stand-alone server. This allows
-the server to take advantage of caching, manage concurrency issues
-with underlying databases, and conserve system resources. Running
-from {{inetd}}(8) is {{NOT}} an option.
+{{slapd}}(8) is designed to be run as a standalone service. This
+allows the server to take advantage of caching, manage concurrency
+issues with underlying databases, and conserve system resources.
+Running from {{inetd}}(8) is {{NOT}} an option.
H2: Command-Line Options
@@ -22,16 +22,17 @@ The default is normally {{F:/usr/local/etc/openldap/slapd.conf}}.
> -h <URLs>
This option specifies alternative listener configurations. The
-default is {{EX:ldap:///}} which implies LDAP over TCP on all
-interfaces on the default LDAP port 389. You can specify
-specific host-port pairs or other protocol schemes (such as
-ldaps:// or ldapi://). For example,
-{{EX:-h "ldaps:// ldap://127.0.0.1:666"}} will create
-two listeners: one for LDAP over SSL on all interfaces on
-the default LDAP/SSL port 636, and one for LDAP over TCP on
-the {{EX:localhost}} ({{loopback}}) interface on port 666.
-Hosts may be specified using IPv4 dotted-decimal form or
-using host names. Port values must be numeric.
+default is {{EX:ldap:///}} which implies {{TERM:LDAP}} over
+{{TERM:TCP}} on all interfaces on the default LDAP port 389. You
+can specify specific host-port pairs or other protocol schemes (such
+as {{EX:ldaps://}} or {{EX:ldapi://}}). For example, {{EX:-h
+"ldaps:// ldap://127.0.0.1:666"}} will create two listeners: one
+for the (non-standard) {{EX:ldaps://}} scheme on all interfaces on
+the default {{EX:ldaps://}} port 636, and one for the standard
+{{EX:ldap://}} scheme on the {{EX:localhost}} ({{loopback}}) interface
+on port 666. Hosts may be specified using using hostnames or
+{{TERM:IPv4}} or {{TERM:IPv6}} addresses. Port values must be
+numeric.
> -n <service-name>
@@ -67,7 +68,7 @@ exits, regardless of any other options you give it. Current
debugging levels are
!block table; colaligns="RL"; align=Center; \
- title="Table 6.1: Debugging Levels"
+ title="Table 7.1: Debugging Levels"
Level Description
-1 enable all debugging
0 no debugging
@@ -113,11 +114,11 @@ terminal and run in the background.
H2: Stopping slapd
-To kill off slapd safely, you should give a command like this
+To kill off {{slapd}}(8) safely, you should give a command like this
> kill -INT `cat /usr/local/var/slapd.pid`
where {{F:/usr/local/var}} is determined by {{EX:configure}}.
-Killing slapd by a more drastic method may cause information
-loss or database corruption.
+Killing slapd by a more drastic method may cause information loss or
+database corruption.
diff --git a/doc/guide/admin/sasl.sdf b/doc/guide/admin/sasl.sdf
index 00e2c4739ec5fcef13f0f03fe220b00ef252f4ec..a67298e11a6f242760ea20429c0dec22e77f7855 100644
--- a/doc/guide/admin/sasl.sdf
+++ b/doc/guide/admin/sasl.sdf
@@ -1,4 +1,4 @@
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
H1: Using SASL
@@ -10,21 +10,21 @@ SASL in OpenLDAP.
There are several industry standard authentication mechanisms that
can be used with SASL, including {{TERM:GSSAPI}} for {{TERM:Kerberos}}
-V, DIGEST-MD5, and PLAIN and EXTERNAL for use with {{TERM[expand]TLS}}
-(TLS).
+V, {{TERM:DIGEST-MD5}}, and {{TERM:PLAIN}} and {{TERM:EXTERNAL}}
+for use with {{TERM[expand]TLS}} (TLS).
The standard client tools provided with OpenLDAP Software, such as
{{ldapsearch}}(1) and {{ldapmodify}}(1), will by default attempt
-to authenticate the user to the {{slapd}}(8) server using SASL.
-Basic authentication service can be set up by the LDAP administrator
-with a few steps, allowing users to be authenticated to the slapd
-server as their LDAP entry. With a few extra steps, some users and
-services can be allowed to exploit SASL's proxy authorization
-feature, allowing them to authenticate themselves and then switch
-their identity to that of another user or service.
+to authenticate the user to the {{TERM:LDAP}} directory server using
+SASL. Basic authentication service can be set up by the LDAP
+administrator with a few steps, allowing users to be authenticated
+to the slapd server as their LDAP entry. With a few extra steps,
+some users and services can be allowed to exploit SASL's proxy
+authorization feature, allowing them to authenticate themselves and
+then switch their identity to that of another user or service.
This chapter assumes you have read {{Cyrus SASL for System
-Administrators}}, provided with the {{PRD:Cyrus}} {{PRD:SASL}}
+Administrators}}, provided with the {{PRD:Cyrus SASL}}
package (in {{FILE:doc/sysadmin.html}}) and have a working Cyrus
SASL installation. You should use the Cyrus SASL {{EX:sample_client}}
and {{EX:sample_server}} to test your SASL installation before
@@ -56,19 +56,19 @@ document.
The DIGEST-MD5 mechanism is the mandatory-to-implement authentication
mechanism for LDAPv3. Though DIGEST-MD5 is not a strong authentication
mechanism in comparison with trusted third party authentication
-systems (such as Kerberos or public key systems), it does offer
-significant protections against a number of attacks. Unlike the
-CRAM-MD5 mechanism, it prevents chosen plaintext attacks. DIGEST-MD5
-is favored over the use of plaintext password mechanisms. The
-CRAM-MD5 mechanism is deprecated in favor of DIGEST-MD5. Use of
-{{SECT:DIGEST-MD5}} is discussed below.
-
-The GSSAPI mechanism utilizes Kerberos V to provide secure
-authentication services. The KERBEROS_V4 mechanism is available
-for those using Kerberos IV. Kerberos is viewed as a secure,
-distributed authentication system suitable for both small and large
-enterprises. Use of {{SECT:GSSAPI}} and {{SECT:KERBEROS_V4}} are
-discussed below.
+systems (such as {{TERM:Kerberos}} or public key systems), it does
+offer significant protections against a number of attacks. Unlike
+the {{TERM:CRAM-MD5}} mechanism, it prevents chosen plaintext
+attacks. DIGEST-MD5 is favored over the use of plaintext password
+mechanisms. The CRAM-MD5 mechanism is deprecated in favor of
+DIGEST-MD5. Use of {{SECT:DIGEST-MD5}} is discussed below.
+
+The GSSAPI mechanism utilizes {{TERM:GSS-API}} {{TERM:Kerberos}} V
+to provide secure authentication services. The KERBEROS_V4 mechanism
+is available for those using Kerberos IV. Kerberos is viewed as a
+secure, distributed authentication system suitable for both small
+and large enterprises. Use of {{SECT:GSSAPI}} and {{SECT:KERBEROS_V4}}
+are discussed below.
The EXTERNAL mechanism utilizes authentication services provided
by lower level network services such as {{TERM:TLS}} (TLS). When
@@ -85,18 +85,18 @@ document.
H2: SASL Authentication
Getting basic SASL authentication running involves a few steps.
-The first step configures your slapd server environment so
-that it can communicate with client programs using the security
-system in place at your site. This usually involves setting up a
-service key, a public key, or other form of secret. The second step
-concerns mapping authentication identities to LDAP DN's, which
+The first step configures your slapd server environment so that it
+can communicate with client programs using the security system in
+place at your site. This usually involves setting up a service key,
+a public key, or other form of secret. The second step concerns
+mapping authentication identities to LDAP {{TERM:DN}}'s, which
depends on how entries are laid out in your directory. An explanation
of the first step will be given in the next section using Kerberos
V4 as an example mechanism. The steps necessary for your site's
authentication mechanism will be similar, but a guide to every
mechanism available under SASL is beyond the scope of this chapter.
-The second step is described in the section
-{{SECT:Mapping Authentication Identities}}.
+The second step is described in the section {{SECT:Mapping
+Authentication Identities}}.
H3: GSSAPI
diff --git a/doc/guide/admin/schema.sdf b/doc/guide/admin/schema.sdf
index 6a14fb3e7ed3363ea215b34974305ed09860e03e..d27f6a50b2b63a0aa402bce0de74dd76c6ef951b 100644
--- a/doc/guide/admin/schema.sdf
+++ b/doc/guide/admin/schema.sdf
@@ -1,5 +1,5 @@
# $OpenLDAP$
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
H1: Schema Specification
@@ -28,7 +28,7 @@ indirectly).
H2: Distributed Schema Files
-OpenLDAP is distributed with a set of schema specifications for
+OpenLDAP Software is distributed with a set of schema specifications for
your use. Each set is defined in a file suitable for inclusion
(using the {{EX:include}} directive) in your {{slapd.conf}}(5)
file. These schema files are normally installed in the
@@ -55,7 +55,7 @@ desired file in the global definitions portion of your
> include /usr/local/etc/openldap/schema/inetorgperson.schema
Additional files may be available. Please consult the OpenLDAP
-FAQ ({{URL:http://www.openldap.org/faq/}}).
+{{TERM:FAQ}} ({{URL:http://www.openldap.org/faq/}}).
Note: You should not modify any of the schema items defined
in provided files.
@@ -114,9 +114,9 @@ see {{URL:http://www.alvestrand.no/harald/objectid/}}.
.{{Under no circumstances should you hijack OID namespace!}}
To obtain a registered OID at {{no cost}}, apply for an OID under
-the {{ORG[expand]IANA}} (IANA) maintained {{Private Enterprise}}
+the {{ORG[expand]IANA}} (ORG:IANA) maintained {{Private Enterprise}}
arc. Any private enterprise (organization) may request an OID to
-be assigned under this arc. Just fill out the {{ORG:IANA}} form
+be assigned under this arc. Just fill out the IANA form
at {{URL: http://www.iana.org/cgi-bin/enterprise.pl}} and your
official OID will be sent to you usually within a few days. Your
base OID will be something like {{EX:1.3.6.1.4.1.X}} where {{EX:X}}
@@ -181,7 +181,7 @@ attribute found in the subschema subentry, e.g.:
E: attributetype <{{REF:RFC4512}} Attribute Type Description>
where Attribute Type Description is defined by the following
-{{TERM:BNF}}:
+{{TERM:ABNF}}:
> AttributeTypeDescription = "(" whsp
> numericoid whsp ; AttributeType identifier
@@ -229,22 +229,22 @@ and a brief description. Each name is an alias for the OID.
{{slapd}}(8) returns the first listed name when returning results.
The first attribute, {{EX:name}}, holds values of {{EX:directoryString}}
-(UTF-8 encoded Unicode) syntax. The syntax is specified by OID
-(1.3.6.1.4.1.1466.115.121.1.15 identifies the directoryString
-syntax). A length recommendation of 32768 is specified. Servers
-should support values of this length, but may support longer values
-The field does NOT specify a size constraint, so is ignored on
-servers (such as slapd) which don't impose such size limits. In
-addition, the equality and substring matching uses case ignore
-rules. Below are tables listing commonly used syntax and
-matching rules (OpenLDAP supports these and many more).
+({{TERM:UTF-8}} encoded Unicode) syntax. The syntax is
+specified by OID (1.3.6.1.4.1.1466.115.121.1.15 identifies the
+directoryString syntax). A length recommendation of 32768 is
+specified. Servers should support values of this length, but may
+support longer values The field does NOT specify a size constraint,
+so is ignored on servers (such as slapd) which don't impose such
+size limits. In addition, the equality and substring matching uses
+case ignore rules. Below are tables listing commonly used syntax
+and matching rules ({{slapd}}(8) supports these and many more).
!block table; align=Center; coltags="EX,EX,N"; \
title="Table 8.3: Commonly Used Syntaxes"
Name OID Description
boolean 1.3.6.1.4.1.1466.115.121.1.7 boolean value
directoryString 1.3.6.1.4.1.1466.115.121.1.15 Unicode (UTF-8) string
-distinguishedName 1.3.6.1.4.1.1466.115.121.1.12 LDAP DN
+distinguishedName 1.3.6.1.4.1.1466.115.121.1.12 LDAP {{TERM:DN}}
integer 1.3.6.1.4.1.1466.115.121.1.27 integer
numericString 1.3.6.1.4.1.1466.115.121.1.36 numeric string
OID 1.3.6.1.4.1.1466.115.121.1.38 object identifier
@@ -301,9 +301,9 @@ description, e.g:
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
> SINGLE-VALUE )
-However, if we want this name to be included in
-{{EX:name}} assertions [e.g. {{EX:(name=*Jane*)}}], the attribute
-could alternatively be defined as a subtype of {{EX:name}}, e.g.:
+However, if we want this name to be used in {{EX:name}} assertions,
+e.g. {{EX:(name=*Jane*)}}, the attribute could alternatively be
+defined as a subtype of {{EX:name}}, e.g.:
> attributetype ( 1.1.2.1.1 NAME 'x-my-UniqueName'
> DESC 'unique name with my organization'
@@ -354,7 +354,7 @@ attribute found in the subschema subentry, e.g.:
E: objectclass <{{REF:RFC4512}} Object Class Description>
where Object Class Description is defined by the following
-{{TERM:BNF}}:
+{{TERM:ABNF}}:
> ObjectClassDescription = "(" whsp
> numericoid whsp ; ObjectClass identifier
@@ -369,7 +369,7 @@ where Object Class Description is defined by the following
> whsp ")"
where whsp is a space ('{{EX: }}'), numericoid is a globally unique
-OID in numeric form (e.g. {{EX:1.1.0}}), qdescrs is one or more
+OID in dotted-decimal form (e.g. {{EX:1.1.0}}), qdescrs is one or more
names, and oids is one or more names and/or OIDs.
@@ -406,8 +406,8 @@ and {{EX:givenName}} and allows {{EX:x-my-Photo}}.
H2: Transferring Schema
Since the {{slapd.conf}}(5) schema directives use {{REF:RFC4512}}
-format values, you can extract schema elements published by
-any LDAPv3 server and easily construct directives for use with
+format values, you can extract schema elements published by any
+{{TERM:LDAPv3}} server and easily construct directives for use with
{{slapd}}(8).
LDAPv3 servers publish schema elements in special {{subschema}}
diff --git a/doc/guide/admin/security.sdf b/doc/guide/admin/security.sdf
index 8dcfcc53908e4bc8db8d3c1a94e99e45e8cbb120..5665c3c5ff5b0b187957b98660fc6d398fb58fcc 100644
--- a/doc/guide/admin/security.sdf
+++ b/doc/guide/admin/security.sdf
@@ -1,4 +1,4 @@
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
H1: Security Considerations
@@ -76,9 +76,10 @@ confidentiality protection. OpenLDAP supports negotiation of
See the {{SECT:Using TLS}} chapter for more information. StartTLS
is the standard track mechanism.
-A number of {{TERM[expand]SASL}} (SASL) mechanisms, such as DIGEST-MD5
-and {{TERM:GSSAPI}}, also provide data integrity and confidentiality
-protection. See the {{SECT:Using SASL}} chapter for more information.
+A number of {{TERM[expand]SASL}} (SASL) mechanisms, such as
+{{TERM:DIGEST-MD5}} and {{TERM:GSSAPI}}, also provide data integrity
+and confidentiality protection. See the {{SECT:Using SASL}} chapter
+for more information.
H3: Security Strength Factors
@@ -102,9 +103,9 @@ requires integrity protection for all operations and encryption
protection, 3DES equivalent, for update operations (e.g. add, delete,
modify, etc.). See {{slapd.conf}}(5) for details.
-For fine-grained control, SSFs may be used in access controls. See
-{{SECT:Access Control}} section of the {{SECT:The slapd Configuration
-File}} for more information.
+For fine-grained control, SSFs may be used in access controls.
+See {{SECT:The access Configuration Directive}} section of the
+{{SECT:The slapd Configuration File}} for more information.
H2: Authentication Methods
@@ -144,13 +145,14 @@ the session. User/password authenticated bind is enabled by default.
However, as this mechanism itself offers no evesdropping protection
(e.g., the password is set in the clear), it is recommended that
it be used only in tightly controlled systems or when the LDAP
-session is protected by other means (e.g., TLS, {{TERM:IPSEC}}).
+session is protected by other means (e.g., TLS, {{TERM:IPsec}}).
Where the administrator relies on TLS to protect the password, it
is recommended that unprotected authentication be disabled. This
-is done by setting "{{EX:disallow bind_simple_unprotected}}" in
-{{slapd.conf}}(5). The {{EX:security}} directive's {{EX:simple_bind}}
-option provides fine grain control over the level of confidential
+is done using the {{EX:security}} directive's {{EX:simple_bind}}
+option, which provides fine grain control over the level of confidential
protection to require for {{simple}} user/password authentication.
+E.g., using {{EX:security simple_bind=56}} would require {{simple}}
+binds to use encryption of DES equivalent or better.
The user/password authenticated bind mechanism can be completely
disabled by setting "{{EX:disallow bind_simple}}".
diff --git a/doc/guide/admin/slapdconf2.sdf b/doc/guide/admin/slapdconf2.sdf
index b02f5d28a21fffb464a1a808f9ca7c2c15d83dde..cbf61398d2f29a8803b588f04985bf09b9fbb0eb 100644
--- a/doc/guide/admin/slapdconf2.sdf
+++ b/doc/guide/admin/slapdconf2.sdf
@@ -1,29 +1,32 @@
# $OpenLDAP$
-# Copyright 2005-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 2005-2007 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
H1: Configuring slapd
Once the software has been built and installed, you are ready
to configure {{slapd}}(8) for use at your site. Unlike previous
-OpenLDAP releases, the slapd runtime configuration in 2.3 is
-fully LDAP-enabled and can be managed using the standard LDAP
+OpenLDAP releases, the slapd(8) runtime configuration in 2.3 (and later)
+is fully LDAP-enabled and can be managed using the standard LDAP
operations with data in {{TERM:LDIF}}. The LDAP configuration engine
allows all of slapd's configuration options to be changed on the fly,
generally without requiring a server restart for the changes
to take effect. The old style {{slapd.conf}}(5) file is still
-supported, but must be converted to the new {{slapd.d}}(5) format
+supported, but must be converted to the new {{slapd-config}}(5) format
to allow runtime changes to be saved. While the old style
configuration uses a single file, normally installed as
{{F:/usr/local/etc/openldap/slapd.conf}}, the new style
uses a slapd backend database to store the configuration. The
configuration database normally resides in the
-{{F:/usr/local/etc/openldap/slapd.d}} directory.
+{{F:/usr/local/etc/openldap/slapd.d}} directory. When
+converting from the slapd.conf format to slapd.d format, any
+include files will also be integrated into the resulting configuration
+database.
-An alternate configuration directory (or file) can be specified via a
-command-line option to {{slapd}}(8) or {{slurpd}}(8). This chapter
-describes the general format of the configuration system, followed by a
-detailed description of commonly used config settings.
+An alternate configuration directory (or file) can be specified via
+a command-line option to {{slapd}}(8). This chapter describes the
+general format of the configuration system, followed by a detailed
+description of commonly used config settings.
Note: some of the backends and of the distributed overlays
do not support runtime configuration yet. In those cases,
@@ -49,13 +52,9 @@ FT[align="Center"] Figure 5.1: Sample configuration tree.
Other objects may be part of the configuration but were omitted from
the illustration for clarity.
-The {{slapd.d}} configuration tree has a very specific structure. The
+The {{slapd-config}} configuration tree has a very specific structure. The
root of the tree is named {{EX:cn=config}} and contains global configuration
settings. Additional settings are contained in separate child entries:
-* Include files
-.. Usually these are just pathnames left over from a converted
-{{EX:slapd.conf}} file.
-.. Otherwise use of Include files is deprecated.
* Dynamically loaded modules
.. These may only be used if the {{EX:--enable-modules}} option was
used to configure the software.
@@ -146,7 +145,7 @@ and object classes) are also provided in the
H2: Configuration Directives
This section details commonly used configuration directives. For
-a complete list, see the {{slapd.d}}(5) manual page. This section
+a complete list, see the {{slapd-config}}(5) manual page. This section
will treat the configuration directives in a top-down order, starting
with the global directives in the {{EX:cn=config}} entry. Each
directive will be described along with its default value (if any) and
@@ -244,39 +243,6 @@ H4: Sample Entry
>olcReferral: ldap://root.openldap.org
-
-H3: cn=include
-
-An include entry holds the pathname of one include file. Include files
-are part of the old style slapd.conf configuration system and must be in
-slapd.conf format. Include files were commonly used to load schema
-specifications. While they are still supported, their use is deprecated.
-Include entries must have the {{EX:olcIncludeFile}} objectClass.
-
-
-H4: olcInclude: <filename>
-
-This directive specifies that slapd should read additional
-configuration information from the given file.
-
-Note: You should be careful when using this directive - there is
-no small limit on the number of nested include directives, and no
-loop detection is done.
-
-
-H4: Sample Entries
-
->dn: cn=include{0},cn=config
->objectClass: olcIncludeFile
->cn: include{0}
->olcInclude: ./schema/core.schema
->
->dn: cn=include{1},cn=config
->objectClass: olcIncludeFile
->cn: include{1}
->olcInclude: ./schema/cosine.schema
-
-
H3: cn=module
If support for dynamically loaded modules was enabled when configuring
@@ -504,8 +470,8 @@ to the slave slapd.
Simple authentication should not be used unless adequate data
integrity and confidentiality protections are in place (e.g. TLS
-or IPSEC). Simple authentication requires specification of
-{{EX:binddn}} and {{EX:credentials}} parameters.
+or {{TERM:IPsec}}). Simple authentication requires specification
+of {{EX:binddn}} and {{EX:credentials}} parameters.
SASL authentication is generally recommended. SASL authentication
requires specification of a mechanism using the {{EX:saslmech}} parameter.
@@ -522,11 +488,12 @@ H4: olcReplogfile: <filename>
This directive specifies the name of the replication log file to
which slapd will log changes. The replication log is typically
-written by slapd and read by slurpd. Normally, this directive is
-only used if slurpd is being used to replicate the database.
-However, you can also use it to generate a transaction log, if
-slurpd is not running. In this case, you will need to periodically
-truncate the file, since it will grow indefinitely otherwise.
+written by {{slapd}}(8) and read by {{slurpd}}(8). Normally, this
+directive is only used if {{slurpd}}(8) is being used to replicate
+the database. However, you can also use it to generate a transaction
+log, if {{slurpd}}(8) is not running. In this case, you will need to
+periodically truncate the file, since it will grow indefinitely
+otherwise.
See the chapter entitled {{SECT:Replication with slurpd}} for more
information on how to use this directive.
@@ -612,7 +579,7 @@ H4: olcSyncrepl
> [type=refreshOnly|refreshAndPersist]
> [interval=dd:hh:mm:ss]
> [retry=[<retry interval> <# of retries>]+]
-> [searchbase=<base DN>]
+> searchbase=<base DN>
> [filter=<filter str>]
> [scope=sub|one|base]
> [attrs=<attr list>]
@@ -628,6 +595,17 @@ H4: olcSyncrepl
> [credentials=<passwd>]
> [realm=<realm>]
> [secprops=<properties>]
+> [starttls=yes|critical]
+> [tls_cert=<file>]
+> [tls_key=<file>]
+> [tls_cacert=<file>]
+> [tls_cacertdir=<path>]
+> [tls_reqcert=never|allow|try|demand]
+> [tls_ciphersuite=<ciphers>]
+> [tls_crlcheck=none|peer|all]
+> [logbase=<base DN>]
+> [logfilter=<filter str>]
+> [syncdata=default|accesslog|changelog]
This directive specifies the current database as a replica of the
@@ -636,8 +614,8 @@ replication consumer site running a syncrepl replication engine.
The master database is located at the replication provider site
specified by the {{EX:provider}} parameter. The replica database is
kept up-to-date with the master content using the LDAP Content
-Synchronization protocol. See {{EX:draft-zeilenga-ldup-sync-xx.txt}}
-({{a work in progress}}) for more information on the protocol.
+Synchronization protocol. See {{REF:RFC4533}}
+for more information on the protocol.
The {{EX:rid}} parameter is used for identification of the current
{{EX:syncrepl}} directive within the replication consumer server,
@@ -672,7 +650,7 @@ attributes, and {{EX:attrsonly}} is unset by default. Both {{EX:sizelimit}}
and {{EX:timelimit}} default to "unlimited", and only positive integers
or "unlimited" may be specified.
-The LDAP Content Synchronization protocol has two operation
+The {{TERM[expand]LDAP Sync}} protocol has two operation
types: {{EX:refreshOnly}} and {{EX:refreshAndPersist}}.
The operation type is specified by the {{EX:type}} parameter.
In the {{EX:refreshOnly}} operation, the next synchronization search operation
@@ -680,7 +658,7 @@ is periodically rescheduled at an interval time after each
synchronization operation finishes. The interval is specified
by the {{EX:interval}} parameter. It is set to one day by default.
In the {{EX:refreshAndPersist}} operation, a synchronization search
-remains persistent in the provider slapd. Further updates to the
+remains persistent in the provider {{slapd}} instance. Further updates to the
master replica will generate {{EX:searchResultEntry}} to the consumer slapd
as the search responses to the persistent synchronization search.
@@ -708,11 +686,11 @@ master database.
The {{EX:bindmethod}} is {{EX:simple}} or {{EX:sasl}},
depending on whether simple password-based authentication or
{{TERM:SASL}} authentication is to be used when connecting
-to the provider slapd.
+to the provider {{slapd}} instance.
Simple authentication should not be used unless adequate data
integrity and confidentiality protections are in place (e.g. TLS
-or IPSEC). Simple authentication requires specification of {{EX:binddn}}
+or IPsec). Simple authentication requires specification of {{EX:binddn}}
and {{EX:credentials}} parameters.
SASL authentication is generally recommended. SASL authentication
@@ -726,11 +704,31 @@ The {{EX:realm}} parameter specifies a realm which a certain
mechanisms authenticate the identity within. The {{EX:secprops}}
parameter specifies Cyrus SASL security properties.
-The syncrepl replication mechanism is supported by the
-two native backends: back-bdb and back-hdb.
-
-See the {{SECT:LDAP Sync Replication}} chapter of the admin guide
-for more information on how to use this directive.
+The {{EX:starttls}} parameter specifies use of the StartTLS extended
+operation to establish a TLS session before authenticating to the provider.
+If the {{EX:critical}} argument is supplied, the session will be aborted
+if the StartTLS request fails. Otherwise the syncrepl session continues
+without TLS. Note that the main slapd TLS settings are not used by the
+syncrepl engine; by default the TLS parameters from a {{ldap.conf}}(5)
+configuration file will be used. TLS settings may be specified here,
+in which case any {{ldap.conf}}(5) settings will be completely ignored.
+
+Rather than replicating whole entries, the consumer can query logs
+of data modifications. This mode of operation is referred to as
+{{delta syncrepl}}. In addition to the above parameters, the
+{{EX:logbase}} and {{EX:logfilter}} parameters must be set appropriately
+for the log that will be used. The {{EX:syncdata}} parameter must
+be set to either {{EX:"accesslog"}} if the log conforms to the
+{{slapo-accesslog}}(5) log format, or {{EX:"changelog"}} if the log
+conforms to the obsolete {{changelog}} format. If the {{EX:syncdata}}
+parameter is omitted or set to {{EX:"default"}} then the log
+parameters are ignored.
+
+The {{syncrepl}} replication mechanism is supported by the {{bdb}} and
+{{hdb}} backends.
+
+See the {{SECT:LDAP Sync Replication}} chapter of this guide for
+more information on how to use this directive.
H4: olcTimeLimit: <integer>
@@ -848,6 +846,14 @@ is multi-valued, to accomodate multiple configuration directives. No default
is provided, but it is essential to use proper settings here to get the
best server performance.
+Any changes made to this attribute will be written to the {{EX:DB_CONFIG}}
+file and will cause the database environment to be reset so the changes
+can take immediate effect. If the environment cache is large and has not
+been recently checkpointed, this reset operation may take a long time. It
+may be advisable to manually perform a single checkpoint using the Berkeley DB
+{{db_checkpoint}} utility before using LDAP Modify to change this
+attribute.
+
\Example:
> olcDbConfig: set_cachesize 0 10485760 0
@@ -861,7 +867,7 @@ in the /var/tmp/bdb-log directory. Also a flag is set to tell BDB to
delete transaction log files as soon as their contents have been
checkpointed and they are no longer needed. Without this setting the
transaction log files will continue to accumulate until some other
-cleanup procedure removes them. See the SleepyCat documentation for the
+cleanup procedure removes them. See the Berkeley DB documentation for the
{{EX:db_archive}} command for details.
Ideally the BDB cache must be
@@ -870,7 +876,7 @@ should be large enough to accomodate most transactions without overflowing,
and the log directory must be on a separate physical disk from the main
database files. And both the database directory and the log directory
should be separate from disks used for regular system activities such as
-the root, boot, or swap filesystems. See the FAQ-o-Matic and the SleepyCat
+the root, boot, or swap filesystems. See the FAQ-o-Matic and the Berkeley DB
documentation for more details.
@@ -900,7 +906,8 @@ H4: olcDbIndex: {<attrlist> | default} [pres,eq,approx,sub,none]
This directive specifies the indices to maintain for the given
attribute. If only an {{EX:<attrlist>}} is given, the default
-indices are maintained.
+indices are maintained. The index keywords correspond to the
+common types of matches that may be used in an LDAP search filter.
\Example:
@@ -917,11 +924,37 @@ be maintained for {{EX:cn}} and {{EX:sn}} attribute types. The
fourth line causes an equality index for the {{EX:objectClass}}
attribute type.
+There is no index keyword for inequality matches. Generally these
+matches do not use an index. However, some attributes do support
+indexing for inequality matches, based on the equality index.
+
+A substring index can be more explicitly specified as {{EX:subinitial}},
+{{EX:subany}}, or {{EX:subfinal}}, corresponding to the three
+possible components
+of a substring match filter. A subinitial index only indexes
+substrings that appear at the beginning of an attribute value.
+A subfinal index only indexes substrings that appear at the end
+of an attribute value, while subany indexes substrings that occur
+anywhere in a value.
+
+Note that by default, setting an index for an attribute also
+affects every subtype of that attribute. E.g., setting an equality
+index on the {{EX:name}} attribute causes {{EX:cn}}, {{EX:sn}}, and every other
+attribute that inherits from {{EX:name}} to be indexed.
+
By default, no indices are maintained. It is generally advised
that minimally an equality index upon objectClass be maintained.
> olcDbindex: objectClass eq
+Additional indices should be configured corresponding to the
+most common searches that are used on the database.
+Presence indexing should not be configured for an attribute
+unless the attribute occurs very rarely in the database, and
+presence searches on the attribute occur very frequently during
+normal use of the directory. Most applications don't use presence
+searches, so usually presence indexing is not very useful.
+
If this setting is changed while slapd is running, an internal task
will be run to generate the changed index data. All server operations
can continue as normal while the indexer does its work. If slapd is
diff --git a/doc/guide/admin/slapdconfig.sdf b/doc/guide/admin/slapdconfig.sdf
index 5302618f4c4d0023ed9ef236e22ed4117e509be9..64f5493e210b4b54af318743da120bf8e2a04e2b 100644
--- a/doc/guide/admin/slapdconfig.sdf
+++ b/doc/guide/admin/slapdconfig.sdf
@@ -1,5 +1,5 @@
# $OpenLDAP$
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
H1: The slapd Configuration File
@@ -10,10 +10,10 @@ runtime configuration is primarily accomplished through the
{{slapd.conf}}(5) file, normally installed in the
{{EX:/usr/local/etc/openldap}} directory.
-An alternate configuration file can be specified via a
-command-line option to {{slapd}}(8) or {{slurpd}}(8). This chapter
-describes the general format of the config file, followed by a
-detailed description of commonly used config file directives.
+An alternate configuration file location can be specified via a command-line
+option to {{slapd}}(8). This chapter describes the general format
+of the {{slapd.conf}}(5) configuration file, followed by a detailed
+description of commonly used config file directives.
H2: Configuration File Format
@@ -89,11 +89,11 @@ by actual text are shown in brackets {{EX:<>}}.
H4: access to <what> [ by <who> [<accesslevel>] [<control>] ]+
-This directive grants access (specified by <accesslevel>) to a
-set of entries and/or attributes (specified by <what>) by one or
-more requesters (specified by <who>).
-See the {{SECT:Access Control}} section of this chapter for a
-summary of basic usage.
+This directive grants access (specified by <accesslevel>) to a set
+of entries and/or attributes (specified by <what>) by one or more
+requesters (specified by <who>). See the {{SECT:The access
+Configuration Directive}} section of this chapter for a summary of
+basic usage.
!if 0
More details discussion of this directive can be found in the
@@ -142,7 +142,7 @@ correspond to what kind of debugging, invoke slapd with {{EX:-?}}
or consult the table below. The possible values for <integer> are:
!block table; colaligns="RL"; align=Center; \
- title="Table 5.1: Debugging Levels"
+ title="Table 6.1: Debugging Levels"
Level Description
-1 enable all debugging
0 no debugging
@@ -229,7 +229,7 @@ H4: backend <type>
This directive marks the beginning of a backend declaration.
{{EX:<type>}} should be one of the
-supported backend types listed in Table 5.2.
+supported backend types listed in Table 6.2.
!block table; align=Center; coltags="EX,N"; \
title="Table 5.2: Database Backends"
@@ -264,7 +264,7 @@ H4: database <type>
This directive marks the beginning of a database instance
declaration.
{{EX:<type>}} should be one of the
-supported backend types listed in Table 5.2.
+supported backend types listed in Table 6.2.
\Example:
@@ -321,7 +321,7 @@ authentication is to be used when connecting to the slave slapd.
Simple authentication should not be used unless adequate data
integrity and confidentiality protections are in place (e.g. TLS
-or IPSEC). Simple authentication requires specification of
+or {{TERM:IPsec}}). Simple authentication requires specification of
{{EX:binddn}} and {{EX:credentials}} parameters.
SASL authentication is generally recommended. SASL authentication
@@ -334,7 +334,6 @@ an authorization identity.
See the chapter entitled {{SECT:Replication with slurpd}} for more
information on how to use this directive.
-
H4: replogfile <filename>
This directive specifies the name of the replication log file to
@@ -415,7 +414,7 @@ H4: syncrepl
> [type=refreshOnly|refreshAndPersist]
> [interval=dd:hh:mm:ss]
> [retry=[<retry interval> <# of retries>]+]
-> [searchbase=<base DN>]
+> searchbase=<base DN>
> [filter=<filter str>]
> [scope=sub|one|base]
> [attrs=<attr list>]
@@ -439,8 +438,8 @@ replication consumer site running a syncrepl replication engine.
The master database is located at the replication provider site
specified by the {{EX:provider}} parameter. The replica database is
kept up-to-date with the master content using the LDAP Content
-Synchronization protocol. See {{EX:draft-zeilenga-ldup-sync-xx.txt}}
-({{a work in progress}}) for more information on the protocol.
+Synchronization protocol. See {{REF:RFC4533}}
+for more information on the protocol.
The {{EX:rid}} parameter is used for identification of the current
{{EX:syncrepl}} directive within the replication consumer server,
@@ -515,7 +514,7 @@ to the provider slapd.
Simple authentication should not be used unless adequate data
integrity and confidentiality protections are in place (e.g. TLS
-or IPSEC). Simple authentication requires specification of {{EX:binddn}}
+or IPsec). Simple authentication requires specification of {{EX:binddn}}
and {{EX:credentials}} parameters.
SASL authentication is generally recommended. SASL authentication
@@ -538,11 +537,13 @@ for more information on how to use this directive.
H4: updatedn <DN>
-This directive is only applicable in a slave slapd. It specifies
-the DN allowed to make changes to the replica. This may be the DN
+This directive is only applicable in a {{slave}} (or {{shadow}})
+{{slapd(8)}} instance. It specifies the DN allowed to make changes to
+the replica. This may be the DN
{{slurpd}}(8) binds as when making changes to the replica or the DN
associated with a SASL identity.
+
Entry-based Example:
> updatedn "cn=Update Daemon,dc=example,dc=com"
@@ -556,7 +557,8 @@ on how to use this directive.
H4: updateref <URL>
-This directive is only applicable in a slave slapd. It
+This directive is only applicable in a {{slave}} (or {{shadow}})
+{{slapd}}(8) instance. It
specifies the URL to return to clients which submit update
requests upon the replica.
If specified multiple times, each {{TERM:URL}} is provided.
@@ -586,9 +588,9 @@ containing the database and associated indices live.
> directory /usr/local/var/openldap-data
-H2: Access Control
+H2: The access Configuration Directive
-Access to slapd entries and attributes is controlled by the
+Access to entries and attributes is controlled by the
access configuration file directive. The general form of an
access line is:
@@ -716,7 +718,7 @@ access. Note that access is granted to "entities" not "entries."
The following table summarizes entity specifiers:
!block table; align=Center; coltags="EX,N"; \
- title="Table 5.3: Access Entity Specifiers"
+ title="Table 6.3: Access Entity Specifiers"
Specifier|Entities
*|All, including anonymous and authenticated users
anonymous|Anonymous (non-authenticated) users
@@ -749,7 +751,7 @@ H3: The access to grant
The kind of <access> granted can be one of the following:
!block table; colaligns="LRL"; coltags="EX,EX,N"; align=Center; \
- title="Table 5.4: Access Levels"
+ title="Table 6.4: Access Levels"
Level Privileges Description
none =0 no access
disclose =d needed for information disclosure on error
diff --git a/doc/guide/admin/syncrepl.sdf b/doc/guide/admin/syncrepl.sdf
index 6755ea788a29647dbb43a20bd7c48e7879ca87e3..8907bdd200647d2605780d68807fa625a3fd05c8 100644
--- a/doc/guide/admin/syncrepl.sdf
+++ b/doc/guide/admin/syncrepl.sdf
@@ -1,17 +1,17 @@
# $OpenLDAP$
-# Copyright 2003-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 2003-2007 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
H1: LDAP Sync Replication
-The LDAP Sync replication engine, syncrepl for short, is a consumer-side
-replication engine that enables the consumer LDAP server to maintain
-a shadow copy of a DIT fragment. A syncrepl engine resides at the
-consumer-side as one of the {{slapd}} (8) threads. It creates and
-maintains a consumer replica by connecting to the replication
-provider to perform the initial DIT content load followed either
-by periodic content polling or by timely updates upon content
-changes.
+The {{TERM:LDAP Sync}} Replication engine, {{TERM:syncrepl}} for
+short, is a consumer-side replication engine that enables the
+consumer {{TERM:LDAP}} server to maintain a shadow copy of a
+{{TERM:DIT}} fragment. A syncrepl engine resides at the consumer-side
+as one of the {{slapd}}(8) threads. It creates and maintains a
+consumer replica by connecting to the replication provider to perform
+the initial DIT content load followed either by periodic content
+polling or by timely updates upon content changes.
Syncrepl uses the LDAP Content Synchronization (or LDAP Sync for
short) protocol as the replica synchronization protocol. It provides
@@ -66,9 +66,7 @@ The LDAP Sync protocol allows a client to maintain a synchronized
copy of a DIT fragment. The LDAP Sync operation is defined as a set
of controls and other protocol elements which extend the LDAP search
operation. This section introduces the LDAP Content Sync protocol
-only briefly. For more information, refer to the Internet Draft
-{{The LDAP Content Synchronization Operation
-<draft-zeilenga-ldup-sync-05.txt>}}.
+only briefly. For more information, refer to {{REF:RFC4533}}.
The LDAP Sync protocol supports both polling and listening for
changes by defining two respective synchronization operations:
@@ -157,13 +155,14 @@ H2: Syncrepl Details
The syncrepl engine utilizes both the {{refreshOnly}} and the
{{refreshAndPersist}} operations of the LDAP Sync protocol. If a
-syncrepl specification is included in a database definition, {{slapd}}
-(8) launches a syncrepl engine as a {{slapd}} (8) thread and schedules
-its execution. If the {{refreshOnly}} operation is specified, the
-syncrepl engine will be rescheduled at the interval time after a
-synchronization operation is completed. If the {{refreshAndPersist}}
-operation is specified, the engine will remain active and process
-the persistent synchronization messages from the provider.
+syncrepl specification is included in a database definition,
+{{slapd}}(8) launches a syncrepl engine as a {{slapd}}(8) thread
+and schedules its execution. If the {{refreshOnly}} operation is
+specified, the syncrepl engine will be rescheduled at the interval
+time after a synchronization operation is completed. If the
+{{refreshAndPersist}} operation is specified, the engine will remain
+active and process the persistent synchronization messages from the
+provider.
The syncrepl engine utilizes both the present phase and the delete
phase of the refresh synchronization. It is possible to configure
@@ -262,7 +261,7 @@ this change without the use of the session log.
H2: Configuring Syncrepl
Because syncrepl is a consumer-side replication engine, the syncrepl
-specification is defined in {{slapd.conf}} (5) of the consumer
+specification is defined in {{slapd.conf}}(5) of the consumer
server, not in the provider server's configuration file. The initial
loading of the replica content can be performed either by starting
the syncrepl engine with no synchronization cookie or by populating
@@ -286,7 +285,7 @@ syncrepl.
H3: Set up the provider slapd
The provider is implemented as an overlay, so the overlay itself
-must first be configured in {{slapd.conf}} (5) before it can be
+must first be configured in {{slapd.conf}}(5) before it can be
used. The provider has only two configuration directives, for setting
checkpoints on the {{EX:contextCSN}} and for configuring the session
log. Because the LDAP Sync search is subject to access control,
@@ -315,7 +314,7 @@ Note that using the session log requires searching on the {{entryUUID}}
attribute. Setting an eq index on this attribute will greatly benefit
the performance of the session log on the provider.
-A more complete example of the {{slapd.conf}} content is thus:
+A more complete example of the {{slapd.conf}}(5) content is thus:
> database bdb
> suffix dc=Example,dc=com
@@ -331,7 +330,7 @@ A more complete example of the {{slapd.conf}} content is thus:
H3: Set up the consumer slapd
The syncrepl replication is specified in the database section of
-{{slapd.conf}} (5) for the replica context. The syncrepl engine
+{{slapd.conf}}(5) for the replica context. The syncrepl engine
is backend independent and the directive can be defined with any
database type.
@@ -354,7 +353,7 @@ database type.
> binddn="cn=syncuser,dc=example,dc=com"
> credentials=secret
-In this example, the consumer will connect to the provider slapd
+In this example, the consumer will connect to the provider {{slapd}}(8)
at port 389 of {{FILE:ldap://provider.example.com}} to perform a
polling ({{refreshOnly}}) mode of synchronization once a day. It
will bind as {{EX:cn=syncuser,dc=example,dc=com}} using simple
@@ -371,8 +370,8 @@ entries whose objectClass is organizationalPerson in the entire
subtree rooted at {{EX:dc=example,dc=com}}. The requested attributes
are {{EX:cn}}, {{EX:sn}}, {{EX:ou}}, {{EX:telephoneNumber}},
{{EX:title}}, and {{EX:l}}. The schema checking is turned off, so
-that the consumer {{slapd}} (8) will not enforce entry schema
-checking when it process updates from the provider {{slapd}} (8).
+that the consumer {{slapd}}(8) will not enforce entry schema
+checking when it process updates from the provider {{slapd}}(8).
For more detailed information on the syncrepl directive, see the
{{SECT:syncrepl}} section of {{SECT:The slapd Configuration File}}
@@ -381,7 +380,7 @@ chapter of this admin guide.
H3: Start the provider and the consumer slapd
-The provider {{slapd}} (8) is not required to be restarted.
+The provider {{slapd}}(8) is not required to be restarted.
{{contextCSN}} is automatically generated as needed: it might be
originally contained in the {{TERM:LDIF}} file, generated by
{{slapadd}} (8), generated upon changes in the context, or generated
@@ -391,7 +390,7 @@ LDIF file is being loaded which did not previously contain the
(8) to cause it to be generated. This will allow the server to
startup a little quicker the first time it runs.
-When starting a consumer {{slapd}} (8), it is possible to provide
+When starting a consumer {{slapd}}(8), it is possible to provide
a synchronization cookie as the {{-c cookie}} command line option
in order to start the synchronization from a specific state. The
cookie is a comma separated list of name=value pairs. Currently
@@ -399,7 +398,7 @@ supported syncrepl cookie fields are {{csn=<csn>}} and {{rid=<rid>}}.
{{<csn>}} represents the current synchronization state of the
consumer replica. {{<rid>}} identifies a consumer replica locally
within the consumer server. It is used to relate the cookie to the
-syncrepl definition in {{slapd.conf}} (5) which has the matching
+syncrepl definition in {{slapd.conf}}(5) which has the matching
replica identifier. The {{<rid>}} must have no more than 3 decimal
digits. The command line cookie overrides the synchronization
cookie stored in the consumer replica database.
diff --git a/doc/guide/admin/title.sdf b/doc/guide/admin/title.sdf
index 297bd56db855ebc93cd356cb96282d5bb43017e0..066cec4825ef820f7f6ee9d3ae1245eb5c9ab960 100644
--- a/doc/guide/admin/title.sdf
+++ b/doc/guide/admin/title.sdf
@@ -6,6 +6,7 @@
# Master: master.sdf
#
+!define DOC_TOC 3
!define DOC_TYPE "Administrator's Guide"
!build_title
diff --git a/doc/guide/admin/tls.sdf b/doc/guide/admin/tls.sdf
index 240064d74011460819b3ea5708fa3f3281bc1c36..9c4cf58e90aadad05047c6f18a579d5147583291 100644
--- a/doc/guide/admin/tls.sdf
+++ b/doc/guide/admin/tls.sdf
@@ -1,4 +1,4 @@
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
H1: Using TLS
@@ -6,25 +6,26 @@ H1: Using TLS
OpenLDAP clients and servers are capable of using the
{{TERM[expand]TLS}} ({{TERM:TLS}}) framework to provide
integrity and confidentiality protections and to support
-LDAP authentication using the {{TERM:SASL}} EXTERNAL mechanism.
+LDAP authentication using the {{TERM:SASL}} {{TERM:EXTERNAL}} mechanism.
TLS is defined in {{REF:RFC4346}}.
H2: TLS Certificates
TLS uses {{TERM:X.509}} certificates to carry client and server
-identities. All servers are required to have valid certificates,
-whereas client certificates are optional. Clients must have a
+identities. All servers are required to have valid certificates,
+whereas client certificates are optional. Clients must have a
valid certificate in order to authenticate via SASL EXTERNAL.
For more information on creating and managing certificates,
see the {{PRD:OpenSSL}} documentation.
H3: Server Certificates
-The DN of a server certificate must use the CN attribute
-to name the server, and the {{EX:CN}} must carry the server's
-fully qualified domain name. Additional alias names and wildcards
-may be present in the {{EX:subjectAltName}} certificate extension.
-More details on server certificate names are in {{REF:RFC4513}}.
+The {{TERM:DN}} of a server certificate must use the {{EX:CN}}
+attribute to name the server, and the {{EX:CN}} must carry the
+server's fully qualified domain name. Additional alias names and
+wildcards may be present in the {{EX:subjectAltName}} certificate
+extension. More details on server certificate names are in
+{{REF:RFC4513}}.
H3: Client Certificates
@@ -117,29 +118,29 @@ and {{EX:SSLv2}}.
H4: TLSRandFile <filename>
This directive specifies the file to obtain random bits from when
-{{EX:/dev/urandom}} is not available. If the
-system provides {{EX:/dev/urandom}} then this option is not needed,
-otherwise a source of random data must be configured.
-Some systems (e.g. Linux)
-provide {{EX:/dev/urandom}} by default, while others (e.g. Solaris)
+{{FILE:/dev/urandom}} is not available. If the system provides
+{{FILE:/dev/urandom}} then this option is not needed, otherwise a
+source of random data must be configured. Some systems (e.g. Linux)
+provide {{FILE:/dev/urandom}} by default, while others (e.g. Solaris)
require the installation of a patch to provide it, and others may
not support it at all. In the latter case, EGD or PRNGD should be
installed, and this directive should specify the name of the EGD/PRNGD
-socket. The environment variable {{EX:RANDFILE}} can also be used to specify
-the filename. Also, in the absence of these options, the {{EX:.rnd}}
-file in the slapd user's home directory may be used if it exists. To
-use the {{EX:.rnd}} file, just create the file and copy a few hundred
-bytes of arbitrary data into the file. The file is only used to
-provide a seed for the pseudo-random number generator, and it doesn't
-need very much data to work.
+socket. The environment variable {{EX:RANDFILE}} can also be used
+to specify the filename. Also, in the absence of these options, the
+{{EX:.rnd}} file in the slapd user's home directory may be used if
+it exists. To use the {{EX:.rnd}} file, just create the file and
+copy a few hundred bytes of arbitrary data into the file. The file
+is only used to provide a seed for the pseudo-random number generator,
+and it doesn't need very much data to work.
H4: TLSEphemeralDHParamFile <filename>
-This directive specifies the file that contains parameters for Diffie-Hellman
-ephemeral key exchange. This is required in order to use a DSA certificate on
-the server side (i.e. {{EX:TLSCertificateKeyFile}} points to a DSA key).
-Multiple sets of parameters can be included in the file; all of them will
-be processed. Parameters can be generated using the following command
+This directive specifies the file that contains parameters for
+Diffie-Hellman ephemeral key exchange. This is required in order
+to use a DSA certificate on the server side (i.e.
+{{EX:TLSCertificateKeyFile}} points to a DSA key). Multiple sets
+of parameters can be included in the file; all of them will be
+processed. Parameters can be generated using the following command
> openssl dhparam [-dsaparam] -out <filename> <numbits>
@@ -177,8 +178,8 @@ be configured on a system-wide basis, they may all be overridden by
individual users in their {{.ldaprc}} files.
The LDAP Start TLS operation is used in LDAP to initiate TLS
-negotatation. All OpenLDAP command line tools support a {{E:-Z}}
-and {{E:-ZZ}} flag to indicate whether a Start TLS operation is to
+negotatation. All OpenLDAP command line tools support a {{EX:-Z}}
+and {{EX:-ZZ}} flag to indicate whether a Start TLS operation is to
be issued. The latter flag indicates that the tool is to cease
processing if TLS cannot be started while the former allows the
command to continue.
@@ -186,7 +187,7 @@ command to continue.
In LDAPv2 environments, TLS is normally started using the LDAP
Secure URI scheme ({{EX:ldaps://}}) instead of the normal LDAP URI
scheme ({{EX:ldap://}}). OpenLDAP command line tools allow either
-scheme to used with the {{EX:-U}} flag and with the {{EX:URI}}
+scheme to used with the {{EX:-H}} flag and with the {{EX:URI}}
{{ldap.conf}}(5) option.
diff --git a/doc/guide/admin/tuning.sdf b/doc/guide/admin/tuning.sdf
index e1d6738def13892347d862cc64a533dadbdd04a2..af7374475522e686ca95cfd333c4e65c16a44620 100644
--- a/doc/guide/admin/tuning.sdf
+++ b/doc/guide/admin/tuning.sdf
@@ -1,5 +1,5 @@
# $OpenLDAP$
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
H1: Performance Tuning
diff --git a/doc/guide/plain.sdf b/doc/guide/plain.sdf
index faae024389f8042400e7a2c3f848ef0250fa3f7f..57c59b4c9adc46a7859a6b2eed8c32657e61e1b8 100644
--- a/doc/guide/plain.sdf
+++ b/doc/guide/plain.sdf
@@ -1,5 +1,5 @@
# $OpenLDAP$
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
# template for plain documents
diff --git a/doc/guide/preamble.sdf b/doc/guide/preamble.sdf
index 01d044cfe6692ed06db46f3e1f8d6f381a813b5c..4bdff5c537b242f88647d662b17dc145d89fdbdc 100644
--- a/doc/guide/preamble.sdf
+++ b/doc/guide/preamble.sdf
@@ -1,5 +1,5 @@
# $OpenLDAP$
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
#
@@ -55,7 +55,7 @@
<P>
<FONT COLOR="#808080" FACE="Arial,Verdana,Helvetica" SIZE="1"><B>
________________<BR>
-<SMALL>© Copyright 2005, <A HREF="http://www.OpenLDAP.org/foundation/">OpenLDAP Foundation</A>, <A HREF="mailto:info@OpenLDAP.org">info@OpenLDAP.org</A></SMALL></B></FONT>
+<SMALL>© Copyright 2007, <A HREF="http://www.OpenLDAP.org/foundation/">OpenLDAP Foundation</A>, <A HREF="mailto:info@OpenLDAP.org">info@OpenLDAP.org</A></SMALL></B></FONT>
!endblock
!endmacro
@@ -91,132 +91,206 @@ ________________<BR>
<P>
<FONT COLOR="#808080" FACE="Arial,Verdana,Helvetica" SIZE="1"><B>
________________<BR>
-<SMALL>© Copyright 2005, <A HREF="http://www.OpenLDAP.org/foundation/">OpenLDAP Foundation</A>, <A HREF="mailto:info@OpenLDAP.org">info@OpenLDAP.org</A></SMALL></B></FONT>
+<SMALL>© Copyright 2007, <A HREF="http://www.OpenLDAP.org/foundation/">OpenLDAP Foundation</A>, <A HREF="mailto:info@OpenLDAP.org">info@OpenLDAP.org</A></SMALL></B></FONT>
!endblock
!endmacro
# OpenLDAP related organization
-!block organisations; data
+!block organisations; data; sort='Name'
Name|Long|Jump
ANSI|American National Standards Institute|http://www.ansi.org/
-BSI|British Standards Institute|http://www.bsa-global.com/
-OpenLDAP|OpenLDAP|http://www.openldap.org/
-OLF|OpenLDAP Foundation|http://www.openldap.org/foundation/
-OLP|OpenLDAP Project|http://www.openldap.org/project/
-UM|University of Michigan|http://www.umich.edu/
-UMLDAP|University of Michigan LDAP|http://www.umich.edu/~dirsvcs/ldap/ldap.html
-IANA|Internet Assigned Numbers Authority|http://www.iana.org/
+BSI|British Standards Institute|http://www.bsi-global.com/
+COSINE|Co-operation and Open Systems Interconnection in Europe
+CPAN|Comprehensive Perl Archive Network|http://cpan.org/
+Cyrus|Project Cyrus|http://cyrusimap.web.cmu.edu/
+FSF|Free Software Foundation|http://www.fsf.org/
+GNU|GNU Not Unix Project|http://www.gnu.org/
IAB|Internet Architecture Board|http://www.iab.org/
-IETF|Internet Engineering Task Force|http://www.ietf.org/
+IANA|Internet Assigned Numbers Authority|http://www.iana.org/
+IEEE|Institute of Electrical and Electronics Engineers|http://www.ieee.org
IESG|Internet Engineering Steering Group|http://www.ietf.org/iesg/
+IETF|Internet Engineering Task Force|http://www.ietf.org/
IRTF|Internet Research Task Force|http://www.irtf.org/
ISO|International Standards Organisation|http://www.iso.org/
+ISOC|Internet Society|http://www.isoc.org/
ITU|International Telephone Union|http://www.itu.int/
-RFC|RFC Editor|http://www.rfc-editor.org/
-OpenSSL|OpenSSL|http://www.openssl.org/
-Cyrus|Cyrus Electronic Mail Project|http://asg.web.cmu.edu/cyrus/
-Sleepycat|Sleepycat Software|http://www.sleepycat.com/
-FSF|Free Software Foundation|http://www.fsf.org/
-GNU|GNU Not Unix|http://www.gnu.org/
+OLF|OpenLDAP Foundation|http://www.openldap.org/foundation/
+OLP|OpenLDAP Project|http://www.openldap.org/project/
+OpenSSL|OpenSSL Project|http://www.openssl.org/
+RFC Editor|RFC Editor|http://www.rfc-editor.org/
+Oracle|Oracle Corporation|http://www.oracle.com/
+UM|University of Michigan|http://www.umich.edu/
+UMLDAP|University of Michigan LDAP Team|http://www.umich.edu/~dirsvcs/ldap/ldap.html
!endblock
-!block products; data
+!block products; data; sort='Name'
Name|Jump
-Berkeley DB|http://www.sleepycat.com/products/transactional.shtml
+Berkeley DB|http://www.oracle.com/database/berkeley-db/db/index.html
CVS|http://www.cvshome.org/
-Cyrus|http://asg.web.cmu.edu/cyrus/
+Cyrus|http://cyrusimap.web.cmu.edu/generalinfo.html
+Cyrus SASL|http://asg.web.cmu.edu/sasl/sasl-library.html
GNU|http://www.gnu.org/software/
GDBM|http://www.gnu.org/software/gdbm/
Heimdal|http://www.pdc.kth.se/heimdal/
+JLDAP|http://www.openldap.org/jldap/
MIT Kerberos|http://web.mit.edu/kerberos/www/
-OpenLDAP|http://www.openldap.org/software/
+OpenLDAP|http://www.openldap.org/
+OpenLDAP FAQ|http://www.openldap.org/faq/
+OpenLDAP ITS|http://www.openldap.org/its/
+OpenLDAP Software|http://www.openldap.org/software/
OpenSSL|http://www.openssl.org/
Perl|http://www.perl.org/
-SASL|http://asg.web.cmu.edu/sasl/sasl-library.html
-SQL|http://www.jcc.com/SQLPages/jccs_sql.htm
TCL|http://www.tcl.tk/
+SDF|http://search.cpan.org/src/IANC/sdf-2.001/doc/catalog.html
+UMLDAP|http://www.umich.edu/~dirsvcs/ldap/ldap.html
!endblock
# Internet and X.500 terms
-!block terms; data
+!block terms; data; sort='Term'
Term|Definition
+3DES|Triple DES
+ABNF|Augmented Backus-Naur Form
+ACDF|Access Control Decision Function
+ACE|ASCII Compatible Encoding
+ASCII|American Standard Code for Information Interchange
+ACID|Atomicity, Consistency, Isolation, and Durability
+ACI|Access Control Information
+ACL|Access Control List
AES|Advance Encryption Standard
+ABI|Application Binary Interface
API|Application Program Interface
-ASN|Abstract Syntax Notation
-ASN.1|Abstract Syntax Notation 1
-BCP|Best Common Practice
-BDB|Berkeley DB
+ASN.1|Abstract Syntax Notation - One
+AVA|Attribute Value Assertion
+AuthcDN|Authentication DN
+AuthcId|Authentication Identity
+AuthzDN|Authorizaiton DN
+AuthzId|Authorization Identity
+BCP|Best Current Practice
+BDB|Berkeley DB (Backend)
BER|Basic Encoding Rules
-BNF|BNF
+BNF|Backus-Naur Form
C|The C Programming Language
CA|Certificate Authority
+CER|Canonical Encoding Rules
CLDAP|Connection-less LDAP
+CN|Common Name
+CRAM-MD5|SASL MD5 Challedge/Response Authentication Mechanism
+CRL|Certificate Revocation List
DAP|Directory Access Protocol
+DC|Domain Component
DER|Distinguished Encoding Rules
DES|Data Encryption Standard
-3DES|Triple DES
+DIB|Directory Information Base
+DIGEST-MD5|SASL Digest MD5 Authentication Mechanism
+DISP|Directory Information Shadowing Protocol
DIT|Directory Information Tree
-DN|Distinguished Name
DNS|Domain Name System
-DS|Draft Standard
-DSA|Directory Service Agent
+DN|Distinguished Name
+DOP|Directory Operational Binding Management Protocol
+DSAIT|DSA Information Tree
+DSA|Directory System Agent
DSE|DSA-specific Entry
+DSP|Directory System Protocol
+DS|Draft Standard
DUA|Directory User Agent
+EXTERNAL|SASL External Authentication Mechanism
FAQ|Frequently Asked Questions
FTP|File Transfer Protocol
FYI|For Your Information
-GSSAPI|Generic Security Services Application Program Interface
-HDB|Heirarchial Database
-I-D|Internet Draft
+GSER|Generic String Encoding Rules
+GSS-API|Generic Security Service Application Program Interface
+GSSAPI|SASL Kerberos V GSS-API Authentication Mechanism
+HDB|Hierarchical Database (Backend)
+I-D|Internet-Draft
+IA5|International Alphabet 5
+IDNA|Internationalized Domain Names in Applications
+IDN|Internationalized Domain Name
+ID|Identification
+ID|Identifier
IP|Internet Protocol
-IPSEC|Internet Protocol Security
+IPC|Inter-process communication
+IPsec|Internet Protocol Security
+IPv4|Internet Protocol, version 4
+IPv6|Internet Protocol, version 6
ITS|Issue Tracking System
+JPEG|Joint Photographic Experts Group
Kerberos|Kerberos Authentication Service
LBER|Lightweight BER
LDAP|Lightweight Directory Access Protocol
+LDAP Sync|LDAP Content Sychronization
+LDAPv3|LDAP, version 3
LDIF|LDAP Data Interchange Format
+MD5|Message Digest 5
MIB|Management Information Base
+MODDN|Modify DN
+MODRDN|Modify RDN
+NSSR|Non-specific Subordinate Reference
OID|Object Identifier
OSI|Open Systems Interconnect
OTP|One Time Password
+PDU|Protocol Data Unit
PEM|Privacy Enhanced eMail
+PKCS|Public Key Cryptosystem
+PKI|Public Key Infrastructure
+PKIX|Public Key Infrastructure (X.509)
+PLAIN|SASL Plaintext Password Authentication Mechanism
+POSIX|Portable Operating System Interface
PS|Proposed Standard
RDN|Relative Distinguished Name
RFC|Request for Comments
+RPC|Remote Procedure Call
+RXER|Robust XML Encoding Rules
+SASL|Simple Authentication and Security Layer
+SDF|Simple Document Format
+SDSE|Shadowed DSE
+SHA1|Secure Hash Algorithm 1
+SLAPD|Standalone LDAP Daemon
+SLURPD|Standalone LDAP Update Replication Daemon
+SMTP|Simple Mail Transfer Protocol
+SNMP|Simple Network Management Protocol
+SQL|Structured Query Language
SRP|Secure Remote Password
SSF|Security Strength Factor
SSL|Secure Socket Layer
STD|Internet Standard
TCP|Transmission Control Protocol
TLS|Transport Layer Security
-SASL|Simple Authentication and Security Layer
-SMTP|Simple Mail Transfer Protocol
-SNMP|Simple Network Management Protocol
-STD|Internet Standard
+UCS|Universal Multiple-Octet Coded Character Set
UDP|User Datagram Protocol
-UNIX|UNIX
+UID|User Identifier
+Unicode|The Unicode Standard
+UNIX|Unix
URI|Uniform Resource Identifier
URL|Uniform Resource Locator
+URN|Uniform Resource Name
+UTF-8|8-bit UCS/Unicode Transformation Format
+UTR|Unicode Technical Report
+UUID|Universally Unique Identifier
WWW|World Wide Web
X.500|X.500 Directory Services
X.509|X.509 Public Key and Attribute Certificate Frameworks
+XED|XML Enabled Directory
+XER|XML Encoding Rules
+XML|Extensible Markup Language
+syncrepl|LDAP Sync-based Replication
!endblock
-!block references; data
+!block references; data; sort=Reference; style=grid
Reference|Status|Document|Jump
+UM-GUIDE|O|The SLAPD and SLURPD Administrators Guide|http://www.umich.edu/~dirsvcs/ldap/doc/guides/slapd/guide.pdf
RFC2079|PS|Definition of an X.500 Attribute Type and an Object Class to Hold Uniform Resource Identifers|http://www.rfc-editor.org/rfc/rfc2079.txt
RFC2296|PS|Use of Language Codes in LDAP|http://www.rfc-editor.org/rfc/rfc2296.txt
RFC2307|X|An Approach for Using LDAP as a Network Information Service|http://www.rfc-editor.org/rfc/rfc2307.txt
-RFC2798|INFO|Definition of the inetOrgPerson LDAP Object Class|http://www.rfc-editor.org/rfc/rfc2798.txt
+RFC2798|I|Definition of the inetOrgPerson LDAP Object Class|http://www.rfc-editor.org/rfc/rfc2798.txt
RFC2831|PS|Using Digest Authentication as a SASL Mechanism|http://www.rfc-editor.org/rfc/rfc2831.txt
RFC2849|PS|The LDAP Data Interchange Format|http://www.rfc-editor.org/rfc/rfc2849.txt
RFC3088|X|OpenLDAP Root Service|http://www.rfc-editor.org/rfc/rfc3088.txt
RFC3296|PS|Named Subordinate References in LDAP|http://www.rfc-editor.org/rfc/rfc3296.txt
-RFC3384|INFO|Lightweight Directory Access Protocol (version 3) Replication Requirements|http://www.rfc-editor.org/rfc/rfc3384.txt
-RFC3494|INFO|Lightweight Directory Access Protocol version 2 (LDAPv2) to Historic Status|http://www.rfc-editor.org/rfc/rfc3494.txt
-RFC4013|PS|SASLprep: Stringprep Profile for User Names and Passwords
+RFC3384|I|Lightweight Directory Access Protocol (version 3) Replication Requirements|http://www.rfc-editor.org/rfc/rfc3384.txt
+RFC3494|I|Lightweight Directory Access Protocol version 2 (LDAPv2) to Historic Status|http://www.rfc-editor.org/rfc/rfc3494.txt
+RFC4013|PS|SASLprep: Stringprep Profile for User Names and Passwords|http://www.rfc-editor.org/rfc/rfc4013.txt
RFC4346|PS|The Transport Layer Security (TLS) Protocol, Version 1.1|http://www.rfc-editor.org/rfc/rfc4346.txt
RFC4422|PS|Simple Authentication and Security Layer (SASL)|http://www.rfc-editor.org/rfc/rfc4422.txt
RFC4510|PS|Lightweight Directory Access Protocol (LDAP) Technical Specification Roadmap|http://www.rfc-editor.org/rfc/rfc4510.txt
@@ -230,4 +304,5 @@ RFC4517|PS|Lightweight Directory Access Protocol (LDAP): Syntaxes and Matching R
RFC4518|PS|Lightweight Directory Access Protocol (LDAP): Internationalized String Preparation|http://www.rfc-editor.org/rfc/rfc4518.txt
RFC4519|PS|Lightweight Directory Access Protocol (LDAP): Schema for User Applications|http://www.rfc-editor.org/rfc/rfc4519.txt
RFC4520|BCP|IANA Considerations for LDAP|http://www.rfc-editor.org/rfc/rfc4520.txt
+RFC4533|X|The Lightweight Directory Access Protocol (LDAP) Content Synchronization Operation|http://www.rfc-editor.org/rfc/rfc4533.txt
!endblock
diff --git a/doc/guide/release/copyright-plain.sdf b/doc/guide/release/copyright-plain.sdf
index 3aa8e3f3a7d877a9fd1b74812129ac384a6a4b7e..1e84289ff15b13f7cd66171652398036b7644ddc 100644
--- a/doc/guide/release/copyright-plain.sdf
+++ b/doc/guide/release/copyright-plain.sdf
@@ -1,5 +1,5 @@
# $OpenLDAP$
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
#
diff --git a/doc/guide/release/copyright.sdf b/doc/guide/release/copyright.sdf
index 521ea93885248f5a5b810b476da190e60c235dff..204015082b255792f9e98215387703fd484f110c 100644
--- a/doc/guide/release/copyright.sdf
+++ b/doc/guide/release/copyright.sdf
@@ -1,5 +1,5 @@
# $OpenLDAP$
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
!if OPT_PP_HTML
@@ -13,7 +13,7 @@ H1: OpenLDAP Software Copyright Notices
H2: OpenLDAP Copyright Notice
!block nofill
-[[copyright]] 1998-2005 The OpenLDAP Foundation.
+[[copyright]] 1998-2007 The OpenLDAP Foundation.
{{All rights reserved.}}
!endblock
@@ -32,7 +32,7 @@ other parties and their use subject to additional restrictions.
This work is derived from the University of Michigan LDAP v3.3
distribution. Information concerning this software is available
-at <{{URL:http://www.umich.edu/~dirsvcs/ldap/}}>.
+at <{{URL:http://www.umich.edu/~dirsvcs/ldap/ldap.html}}>.
This work also contains materials derived from public sources.
@@ -43,9 +43,9 @@ Additional information about OpenLDAP software can be obtained at
H2: Additional Copyright Notice
!block nofill
-Portions [[copyright]] 1998-2005 Kurt D. Zeilenga.
-Portions [[copyright]] 1998-2005 Net Boolean Incorporated.
-Portions [[copyright]] 2001-2005 IBM Corporation.
+Portions [[copyright]] 1998-2006 Kurt D. Zeilenga.
+Portions [[copyright]] 1998-2006 Net Boolean Incorporated.
+Portions [[copyright]] 2001-2006 IBM Corporation.
{{All rights reserved.}}
!endblock
diff --git a/doc/guide/release/install.sdf b/doc/guide/release/install.sdf
index 50a27b825c877d653bd50eb11f7b8d3a6d6da0f1..495e448d473194f9b929f38841c55cb16ac94be8 100644
--- a/doc/guide/release/install.sdf
+++ b/doc/guide/release/install.sdf
@@ -1,5 +1,5 @@
# $OpenLDAP$
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
P1: Making and Installing the OpenLDAP Distribution
diff --git a/doc/guide/release/license-plain.sdf b/doc/guide/release/license-plain.sdf
index a47ea0ab55934df533756a75f831ab5c13fba468..c6b9b648cfd63a3a5f9c482406729ea9416f5bd8 100644
--- a/doc/guide/release/license-plain.sdf
+++ b/doc/guide/release/license-plain.sdf
@@ -1,5 +1,5 @@
# $OpenLDAP$
-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
#
diff --git a/doc/guide/release/license.sdf b/doc/guide/release/license.sdf
index 416144b2bc7446bca7b4e050f7e5acba2829cf6e..411135f0e5603e3d82cb7e3da231249a81925e39 100644
--- a/doc/guide/release/license.sdf
+++ b/doc/guide/release/license.sdf
@@ -1,5 +1,5 @@
# $OpenLDAP$
-# Copyright 2000-2006 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 2000-2007 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
H1: OpenLDAP Public License
diff --git a/doc/man/Makefile.in b/doc/man/Makefile.in
index 0eb13b1b7163dfe8a70b9a6d6f07582df74eb9fc..41f6fa3e72b4efeebd5d7098584bd74abf295ed2 100644
--- a/doc/man/Makefile.in
+++ b/doc/man/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/doc/man/man1/Makefile.in b/doc/man/man1/Makefile.in
index 3030abb00a242269521d486f177c8ebc67a58929..2800c5f85955c0b822b8aa698632d7bdada39b2b 100644
--- a/doc/man/man1/Makefile.in
+++ b/doc/man/man1/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/doc/man/man1/ldapcompare.1 b/doc/man/man1/ldapcompare.1
index 54997589bb597dedfe53c0aa1607cb3602f9a87c..ea5d7c20aeb6c06d25c1498a9c6c733df7cbbe9f 100644
--- a/doc/man/man1/ldapcompare.1
+++ b/doc/man/man1/ldapcompare.1
@@ -1,6 +1,6 @@
.TH LDAPCOMPARE 1 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldapcompare \- LDAP compare tool
diff --git a/doc/man/man1/ldapdelete.1 b/doc/man/man1/ldapdelete.1
index aaa42d13b6b61c36bd18fbd9395c4509c8e87838..ce7b9f950b400e2f3188354662bf1a465d331f7d 100644
--- a/doc/man/man1/ldapdelete.1
+++ b/doc/man/man1/ldapdelete.1
@@ -1,6 +1,6 @@
.TH LDAPDELETE 1 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldapdelete \- LDAP delete entry tool
diff --git a/doc/man/man1/ldapmodify.1 b/doc/man/man1/ldapmodify.1
index c3c812e9697a7ba7b7b2a8fa092b223e3189fdf4..5c5b16062ccd31d214feab080c6f5026921e0063 100644
--- a/doc/man/man1/ldapmodify.1
+++ b/doc/man/man1/ldapmodify.1
@@ -1,6 +1,6 @@
.TH LDAPMODIFY 1 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldapmodify, ldapadd \- LDAP modify entry and LDAP add entry tools
diff --git a/doc/man/man1/ldapmodrdn.1 b/doc/man/man1/ldapmodrdn.1
index b9442e05c5c2ac8ac8725e71fb189fbc04e5f403..5d58bd7032bfaa8a4f9bff9f8782c1492e46938d 100644
--- a/doc/man/man1/ldapmodrdn.1
+++ b/doc/man/man1/ldapmodrdn.1
@@ -1,6 +1,6 @@
.TH LDAPMODRDN 1 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldapmodrdn \- LDAP rename entry tool
diff --git a/doc/man/man1/ldappasswd.1 b/doc/man/man1/ldappasswd.1
index 6ae94833ab017a63c639563f444348ec17738499..7d7a45ce10dc26d057d1e24673b26bd3c8c05cf7 100644
--- a/doc/man/man1/ldappasswd.1
+++ b/doc/man/man1/ldappasswd.1
@@ -1,6 +1,6 @@
.TH LDAPPASSWD 1 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldappasswd \- change the password of an LDAP entry
diff --git a/doc/man/man1/ldapsearch.1 b/doc/man/man1/ldapsearch.1
index 7d5997ae210bcbd56ce038173d6d21ba4e8cadfb..1350f9074a6359caf007985806f01f2a33e29647 100644
--- a/doc/man/man1/ldapsearch.1
+++ b/doc/man/man1/ldapsearch.1
@@ -1,6 +1,6 @@
.TH LDAPSEARCH 1 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldapsearch \- LDAP search tool
diff --git a/doc/man/man1/ldapwhoami.1 b/doc/man/man1/ldapwhoami.1
index 47ddec130388069ecf385a38eab17f9735e1c4a1..e6858774e74680a1276978be8a9e6953f699d239 100644
--- a/doc/man/man1/ldapwhoami.1
+++ b/doc/man/man1/ldapwhoami.1
@@ -1,6 +1,6 @@
.TH LDAPWHOAMI 1 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldapwhoami \- LDAP who am i? tool
diff --git a/doc/man/man3/Makefile.in b/doc/man/man3/Makefile.in
index 26cc98c71974b33c931589eea851075d311854b0..e68054a54b89e0f4b2b5984a8add25587c0cd010 100644
--- a/doc/man/man3/Makefile.in
+++ b/doc/man/man3/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/doc/man/man3/lber-decode.3 b/doc/man/man3/lber-decode.3
index d265ec4e47c9f907d15c58c74ec11db789363328..f677f2df56ae39a8c02186fe619ae95c2a959ff4 100644
--- a/doc/man/man3/lber-decode.3
+++ b/doc/man/man3/lber-decode.3
@@ -1,6 +1,6 @@
.TH LBER_DECODE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int,
@@ -358,7 +358,4 @@ which must be freed by the caller using supplied deallocation routines.
.BR lber-sockbuf (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.
+.so ../Project
diff --git a/doc/man/man3/lber-encode.3 b/doc/man/man3/lber-encode.3
index ad43d0d0d49d3f32ea25791770378746ab451d06..275d42cb09f067d62d0bc6d01550be3d7843adb9 100644
--- a/doc/man/man3/lber-encode.3
+++ b/doc/man/man3/lber-encode.3
@@ -1,6 +1,6 @@
.TH LBER_ENCODE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ber_alloc_t, ber_flush, ber_flush2, ber_printf, ber_put_int, ber_put_enum, ber_put_ostring, ber_put_string, ber_put_null, ber_put_boolean, ber_put_bitstring, ber_start_seq, ber_start_set, ber_put_seq, ber_put_set \- LBER simplified Basic Encoding Rules library routines for encoding
@@ -285,7 +285,4 @@ The return values for all of these functions are declared in the
.BR lber-sockbuf (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.
+.so ../Project
diff --git a/doc/man/man3/lber-memory.3 b/doc/man/man3/lber-memory.3
index 06465fcbb1a32fcf2cc16032e2189fe8cac21139..0a4e968d34cb74733946a29f659351207ef85942 100644
--- a/doc/man/man3/lber-memory.3
+++ b/doc/man/man3/lber-memory.3
@@ -1,6 +1,6 @@
.TH LBER_MEMORY 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ber_memalloc, ber_memcalloc, ber_memrealloc, ber_memfree, ber_memvfree \- LBER memory allocators
@@ -46,7 +46,4 @@ arbitrary dynamically allocated objects.
.BR lber-types (3)
.LP
.SH ACKNOWLEDGEMENTS
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.
+.so ../Project
diff --git a/doc/man/man3/lber-sockbuf.3 b/doc/man/man3/lber-sockbuf.3
new file mode 100644
index 0000000000000000000000000000000000000000..d2e2b5364d860805c8ee7950ee43f0748ec7042a
--- /dev/null
+++ b/doc/man/man3/lber-sockbuf.3
@@ -0,0 +1,200 @@
+.TH LBER_SOCKBUF 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP$
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ber_sockbuf_alloc, ber_sockbuf_free, ber_sockbuf_ctrl, ber_sockbuf_add_io,
+ber_sockbuf_remove_io, Sockbuf_IO \- LBER I/O infrastructure
+.SH LIBRARY
+OpenLDAP LBER (liblber, -llber)
+.SH SYNOPSIS
+.B #include <lber.h>
+.LP
+.B Sockbuf *ber_sockbuf_alloc( void );
+.LP
+.BI "void ber_sockbuf_free(Sockbuf *" sb ");"
+.LP
+.BI "int ber_sockbuf_ctrl(Sockbuf *" sb ", int " opt ", void *" arg ");"
+.LP
+.BI "int ber_sockbuf_add_io(Sockbuf *" sb ", Sockbuf_IO *" sbio ", int " layer ", void *" arg ");"
+.LP
+.BI "int ber_sockbuf_remove_io(Sockbuf *" sb ", Sockbuf_IO *" sbio ", int " layer ");"
+.LP
+.nf
+.B typedef struct sockbuf_io_desc {
+.BI "int " sbiod_level ";"
+.BI "Sockbuf *" sbiod_sb ";"
+.BI "Sockbuf_IO *" sbiod_io ";"
+.BI "void *" sbiod_pvt ";"
+.BI "struct sockbuf_io_desc *" sbiod_next ";"
+.B } Sockbuf_IO_Desc;
+.LP
+.B typedef struct sockbuf_io {
+.BI "int (*" sbi_setup ")(Sockbuf_IO_Desc *" sbiod ", void *" arg ");"
+.BI "int (*" sbi_remove ")(Sockbuf_IO_Desc *" sbiod ");"
+.BI "int (*" sbi_ctrl ")(Sockbuf_IO_Desc *" sbiod ", int " opt ", void *" arg ");"
+.BI "ber_slen_t (*" sbi_read ")(Sockbuf_IO_Desc *" sbiod ", void *" buf ", ber_len_t " len ");"
+.BI "ber_slen_t (*" sbi_write ")(Sockbuf_IO_Desc *" sbiod ", void *" buf ", ber_len_t " len ");"
+.BI "int (*" sbi_close ")(Sockbuf_IO_Desc *" sbiod ");"
+.B } Sockbuf_IO;
+
+.SH DESCRIPTION
+.LP
+These routines are used to manage the low level I/O operations performed
+by the Lightweight BER library. They are called implicitly by the other
+libraries and usually do not need to be called directly from applications.
+The I/O framework is modularized and new transport layers can be supported
+by appropriately defining a
+.B Sockbuf_IO
+structure and installing it onto an existing
+.BR Sockbuf .
+.B Sockbuf
+structures are allocated and freed by
+.BR ber_sockbuf_alloc ()
+and
+.BR ber_sockbuf_free (),
+respectively. The
+.BR ber_sockbuf_ctrl ()
+function is used to get and set options related to a
+.B Sockbuf
+or to a specific I/O layer of the
+.BR Sockbuf .
+The
+.BR ber_sockbuf_add_io ()
+and
+.BR ber_sockbuf_remove_io ()
+functions are used to add and remove specific I/O layers on a
+.BR Sockbuf .
+
+Options for
+.BR ber_sockbuf_ctrl ()
+include:
+.TP
+.B LBER_SB_OPT_HAS_IO
+Takes a
+.B Sockbuf_IO *
+argument and returns 1 if the given handler is installed
+on the
+.BR Sockbuf ,
+otherwise returns 0.
+.TP
+.B LBER_SB_OPT_GET_FD
+Retrieves the file descriptor associated to the
+.BR Sockbuf ;
+.B arg
+must be a
+.BR "ber_socket_t *" .
+The return value will be 1 if a valid descriptor was present, -1 otherwise.
+.TP
+.B LBER_SB_OPT_SET_FD
+Sets the file descriptor of the
+.B Sockbuf
+to the descriptor pointed to by
+.BR arg ;
+.B arg
+must be a
+.BR "ber_socket_t *" .
+The return value will always be 1.
+.TP
+.B LBER_SB_OPT_SET_NONBLOCK
+Toggles the non-blocking state of the file descriptor associated to
+the
+.BR Sockbuf .
+.B arg
+should be NULL to disable and non-NULL to enable the non-blocking state.
+The return value will be 1 for success, -1 otherwise.
+.TP
+.B LBER_SB_OPT_DRAIN
+Flush (read and discard) all available input on the
+.BR Sockbuf .
+The return value will be 1.
+.TP
+.B LBER_SB_OPT_NEEDS_READ
+Returns non-zero if input is waiting to be read.
+.TP
+.B LBER_SB_OPT_NEEDS_WRITE
+Returns non-zero if the
+.B Sockbuf
+is ready to be written.
+.TP
+.B LBER_SB_OPT_GET_MAX_INCOMING
+Returns the maximum allowed size of an incoming message;
+.B arg
+must be a
+.BR "ber_len_t *" .
+The return value will be 1.
+.TP
+.B LBER_SB_OPT_SET_MAX_INCOMING
+Sets the maximum allowed size of an incoming message;
+.B arg
+must be a
+.BR "ber_len_t *" .
+The return value will be 1.
+
+.LP
+Options not in this list will be passed down to each
+.B Sockbuf_IO
+handler in turn until one of them processes it. If the option is not handled
+.BR ber_sockbuf_ctrl ()
+will return 0.
+
+.LP
+Multiple
+.B Sockbuf_IO
+handlers can be stacked in multiple layers to provide various functionality.
+Currently defined layers include
+.TP
+.B LBER_SBIOD_LEVEL_PROVIDER
+the lowest layer, talking directly to a network
+.TP
+.B LBER_SBIOD_LEVEL_TRANSPORT
+an intermediate layer
+.TP
+.B LBER_SBIOD_LEVEL_APPLICATION
+a higher layer
+.LP
+Currently defined
+.B Sockbuf_IO
+handlers in liblber include
+.TP
+.B ber_sockbuf_io_tcp
+The default stream-oriented provider
+.TP
+.B ber_sockbuf_io_fd
+A stream-oriented provider for local IPC sockets
+.TP
+.B ber_sockbuf_io_dgram
+A datagram-oriented provider. This handler is only present if the liblber
+library was built with LDAP_CONNECTIONLESS defined.
+.TP
+.B ber_sockbuf_io_readahead
+A buffering layer, usually used with a datagram provider to hide the
+datagram semantics from upper layers.
+.TP
+.B ber_sockbuf_io_debug
+A generic handler that outputs hex dumps of all traffic. This handler
+may be inserted multiple times at arbitrary layers to show the flow
+of data between other handlers.
+.LP
+Additional handlers may be present in libldap if support for them was
+enabled:
+.TP
+.B ldap_pvt_sockbuf_io_sasl
+An application layer handler for SASL encoding/decoding.
+.TP
+.B sb_tls_sbio
+A transport layer handler for SSL/TLS encoding/decoding. Note that this
+handler is private to the library and is not exposed in the API.
+.LP
+The provided handlers are all instantiated implicitly by libldap, and
+applications generally will not need to directly manipulate them.
+
+.SH SEE ALSO
+.BR lber-decode (3),
+.BR lber-encode (3),
+.BR lber-types (3),
+.BR ldap_get_option (3)
+
+.LP
+.SH ACKNOWLEDGEMENTS
+.so ../Project
diff --git a/doc/man/man3/lber-types.3 b/doc/man/man3/lber-types.3
index 81f931f15042d3cf533c412bbb68db6911359325..3ca443c6caf6ddd39d41a789158e30b8511b6127 100644
--- a/doc/man/man3/lber-types.3
+++ b/doc/man/man3/lber-types.3
@@ -1,12 +1,13 @@
.TH LBER_TYPES 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ber_int_t, ber_uint_t, ber_len_t, ber_slen_t, ber_tag_t,
struct berval, BerValue, BerVarray, BerElement,
ber_bvfree, ber_bvecfree, ber_bvecadd, ber_bvarray_free, ber_bvarray_add,
-ber_bvdup, ber_dupbv, ber_bvstr, ber_bvstrdup, ber_str2bv, ber_free
+ber_bvdup, ber_dupbv, ber_bvstr, ber_bvstrdup, ber_str2bv,
+ber_alloc_t, ber_init, ber_init2, ber_free
\- LBER types and allocation functions
.SH LIBRARY
OpenLDAP LBER (liblber, -llber)
@@ -50,6 +51,12 @@ typedef struct berelement BerElement;
.LP
.BI "struct berval *ber_str2bv(const char *" str ", ber_len_t " len ", int " dup ", struct berval *" bv ");"
.LP
+.BI "BerElement *ber_alloc_t(int " options ");"
+.LP
+.BI "BerElement *ber_init(struct berval *" bv ");"
+.LP
+.BI "void ber_init2(BerElement *" ber ", struct berval *" bv ", int " options ");"
+.LP
.BI "void ber_free(BerElement *" ber ", int " freebuf ");"
.SH DESCRIPTION
.LP
@@ -151,10 +158,29 @@ in this version of the library.
.LP
.B BerElement
is an opaque structure used to maintain state information used in
-encoding and decoding. BerElement structures are created using
-.BR ber_alloc_t (3)
-and
-.BR ber_init (3).
+encoding and decoding.
+.BR ber_alloc_t ()
+is used to create an empty BerElement structure. If
+.B LBER_USE_DER
+is specified for the
+.I options
+parameter then data lengths for data written to the BerElement will be
+encoded in the minimal number of octets required, otherwise they will
+always be written as four byte values.
+.BR ber_init ()
+creates a BerElement structure that is initialized with a copy of the
+data in its
+.I bv
+parameter.
+.BR ber_init2 ()
+initializes an existing BerElement
+.I ber
+using the data in the
+.I bv
+parameter. The data is referenced directly, not copied. The
+.I options
+parameter is the same as for
+.BR ber_alloc_t ().
.BR ber_free ()
frees a BerElement pointed to by \fIber\fP. If \fIber\fP is NULL, the routine
does nothing. If \fIfreebuf\fP is zero, the internal buffer is not freed.
@@ -164,7 +190,4 @@ does nothing. If \fIfreebuf\fP is zero, the internal buffer is not freed.
.BR lber-memory (3)
.LP
.SH ACKNOWLEDGEMENTS
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.
+.so ../Project
diff --git a/doc/man/man3/ldap.3 b/doc/man/man3/ldap.3
index f78b9eaf5725c166d0afee939daa638ede90b5b1..3dd34f753847c28d459398ca831c62e6504265f1 100644
--- a/doc/man/man3/ldap.3
+++ b/doc/man/man3/ldap.3
@@ -1,6 +1,6 @@
.TH LDAP 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap - OpenLDAP Lightweight Directory Access Protocol API
diff --git a/doc/man/man3/ldap_abandon.3 b/doc/man/man3/ldap_abandon.3
index 011e40ecd53f7b7bcc9c16c95aeda2821e5f9e49..1c3183eedfe00b87ace8f830b0959acc23491f00 100644
--- a/doc/man/man3/ldap_abandon.3
+++ b/doc/man/man3/ldap_abandon.3
@@ -1,6 +1,6 @@
.TH LDAP_ABANDON 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_abandon_ext \- Abandon an LDAP operation in progress
diff --git a/doc/man/man3/ldap_add.3 b/doc/man/man3/ldap_add.3
index 9758442365ea9bebafe05779fb852c742dd102cf..f0dd30a5e2941740fbceedcdad39edbf41852085 100644
--- a/doc/man/man3/ldap_add.3
+++ b/doc/man/man3/ldap_add.3
@@ -1,6 +1,6 @@
.TH LDAP_ADD 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_add_ext, ldap_add_ext_s \- Perform an LDAP add operation
diff --git a/doc/man/man3/ldap_bind.3 b/doc/man/man3/ldap_bind.3
index 17d2965745e9cc0679f4d69b444ecb8bc99ea91c..07c4129fbbc8f79d9c56f5cd1c348103f5c2468b 100644
--- a/doc/man/man3/ldap_bind.3
+++ b/doc/man/man3/ldap_bind.3
@@ -1,6 +1,6 @@
.TH LDAP_BIND 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s, ldap_unbind_ext, ldap_unbind_ext_s, ldap_set_rebind_proc \- LDAP bind routines
@@ -49,27 +49,25 @@ OpenLDAP LDAP (libldap, -lldap)
.BI "void *" defaults ");"
.RE
.LP
+.BI "int (LDAP_SASL_INTERACT_PROC)(LDAP *" ld ", unsigned " flags ", void *" defaults ", void *" sasl_interact ");"
+.LP
.BI "int ldap_unbind(LDAP *" ld ");"
.LP
.BI "int ldap_unbind_s(LDAP *" ld ");"
-.\" .LP
-.\" .ft B
-.\" void ldap_set_rebind_proc( ld, rebindproc )
-.\" .ft
-.\" LDAP *ld;
-.\" int (*rebindproc)();
.LP
.BI "int ldap_unbind_ext(LDAP *" ld ", LDAPControl *" sctrls "[],"
.RS
-.BI LDAPControl *" cctrls "[]);"
+.BI "LDAPControl *" cctrls "[]);"
.RE
.LP
.BI "int ldap_unbind_ext_s(LDAP *" ld ", LDAPControl *" sctrls "[],"
.RS
-.BI LDAPControl *" cctrls "[]);"
+.BI "LDAPControl *" cctrls "[]);"
.RE
.LP
-.BI "int ldap_set_rebind_proc (LDAP *" ld ", LDAP_REBIND_PROC *" ldap_proc ", void *" params);"
+.BI "int ldap_set_rebind_proc (LDAP *" ld ", LDAP_REBIND_PROC *" ldap_proc ", void *" params ");"
+.LP
+.BI "int (LDAP_REBIND_PROC)(LDAP *" ld ", LDAP_CONST char *" url ", ber_tag_t " request ", ber_int_t " msgid ", void *" params ");"
.SH DESCRIPTION
.LP
These routines provide various interfaces to the LDAP bind operation.
@@ -120,7 +118,98 @@ returns the message id of the request it initiates.
.B ldap_bind_s()
returns an LDAP error indication.
.SH SASL AUTHENTICATION
-Description still under construction...
+For SASL binds the server always ignores any provided DN, so the
+.I dn
+parameter should always be NULL.
+.BR ldap_sasl_bind_s ()
+sends a single SASL bind request with the given SASL
+.I mechanism
+and credentials in the
+.I cred
+parameter. The format of the credentials depends on the particular
+SASL mechanism in use. For mechanisms that provide mutual authentication
+the server's credentials will be returned in the
+.I servercredp
+parameter.
+The routine returns an LDAP error indication (see
+.BR ldap_error (3)).
+The
+.BR ldap_sasl_bind ()
+call is asynchronous, taking the same parameters but only sending the
+request and returning the message id of the request it sent. The result of
+the operation can be obtained by a subsequent
+call to
+.BR ldap_result (3).
+The result must be additionally parsed by
+.BR ldap_parse_sasl_bind_result ()
+to obtain any server credentials sent from the server.
+.LP
+Many SASL mechanisms require multiple message exchanges to perform a
+complete authentication. Applications should generally use
+.BR ldap_sasl_interactive_bind_s ()
+rather than calling the basic
+.BR ldap_sasl_bind ()
+functions directly. The
+.I mechs
+parameter should contain a space-separated list of candidate mechanisms
+to use. If this parameter is NULL or empty the library will query
+the supportedSASLMechanisms attribute from the server's rootDSE
+for the list of SASL mechanisms the server supports. The
+.I flags
+parameter controls the interaction used to retrieve any necessary
+SASL authentication parameters and should be one of:
+.TP
+LDAP_SASL_AUTOMATIC
+use defaults if available, prompt otherwise
+.TP
+LDAP_SASL_INTERACTIVE
+always prompt
+.TP
+LDAP_SASL_QUIET
+never prompt
+.LP
+The
+.I interact
+function uses the provided
+.I defaults
+to handle requests from the SASL library for particular authentication
+parameters. There is no defined format for the
+.I defaults
+information;
+it is up to the caller to use whatever format is appropriate for the
+supplied
+.I interact
+function.
+The
+.I sasl_interact
+parameter comes from the underlying SASL library. When used with Cyrus SASL
+this is an array of
+.B sasl_interact_t
+structures. The Cyrus SASL library will prompt for a variety of inputs,
+including:
+.TP
+SASL_CB_GETREALM
+the realm for the authentication attempt
+.TP
+SASL_CB_AUTHNAME
+the username to authenticate
+.TP
+SASL_CB_PASS
+the password for the provided username
+.TP
+SASL_CB_USER
+the username to use for proxy authorization
+.TP
+SASL_CB_NOECHOPROMPT
+generic prompt for input with input echoing disabled
+.TP
+SASL_CB_ECHOPROMPT
+generic prompt for input with input echoing enabled
+.TP
+SASL_CB_LIST_END
+indicates the end of the array of prompts
+.LP
+See the Cyrus SASL documentation for more details.
.SH REBINDING
.LP
The
@@ -136,8 +225,7 @@ to use the rebind function. Use the
.BR ldap_set_option
function to set the value.
.LP
-The rebind function has the following syntax.
-.B int rebind_function (LDAP *ld, const char *url,int request,ber_int_t msgid);
+The rebind function parameters are as follows:
.LP
The \fIld\fP parameter must be used by the application when binding to the
referred server if the application wants the libraries to follow the referral.
@@ -147,10 +235,14 @@ The LDAP application can use the
.BR ldap_url_parse (3)
function to parse the string into its components.
.LP
-The \fIrequest\fP parameter specifies the request operation that generated the referral.
+The \fIrequest\fP parameter specifies the type of request that generated the referral.
.LP
The \fImsgid\fP parameter specifies the message ID of the request generating the referral.
.LP
+The \fIparams\fP parameter is the same value as passed originally to the
+.BR ldap_set_rebind_proc ()
+function.
+.LP
The LDAP libraries set all the parameters when they call the rebind function. The application
should not attempt to free either the ld or the url structures in the rebind function.
.LP
@@ -168,38 +260,6 @@ The
call is just another name for
.BR ldap_unbind() ;
both of these calls are synchronous in nature.
-.\" .SH RE-BINDING WHILE FOLLOWING REFERRALS
-.\" The
-.\" .B ldap_set_rebind_proc()
-.\" call is used to set a routine that will be called back to obtain bind
-.\" credentials used when a new server is contacted during the following of
-.\" an LDAP referral. Note that this function is only available when the
-.\" LDAP libraries are compiled with LDAP_REFERRALS defined and is only
-.\" used when the ld_options field in the LDAP structure has
-.\" LDAP_OPT_REFERRALS set (this is the default). If
-.\" .B ldap_set_rebind_proc()
-.\" is never called, or if it is called with a NULL \fIrebindproc\fP
-.\" parameter, an unauthenticated simple LDAP bind will always be done
-.\" when chasing referrals.
-.\" .LP
-.\" \fIrebindproc\fP should be a function that is declared like this:
-.\" .LP
-.\" .nf
-.\" int rebindproc( LDAP *ld, char **whop, char **credp,
-.\" int *methodp, int freeit );
-.\" .fi
-.\" .LP
-.\" The LDAP library will first call the rebindproc to obtain the
-.\" referral bind credentials, and the \fIfreeit\fP parameter will be
-.\" zero. The \fIwhop\fP, \fIcredp\fP, and \fImethodp\fP should be
-.\" set as appropriate. If the rebindproc returns LDAP_SUCCESS, referral
-.\" processing continues, and the rebindproc will be called a second
-.\" time with \fIfreeit\fP non-zero to give your application a chance to
-.\" free any memory allocated in the previous call.
-.\" .LP
-.\" If anything but LDAP_SUCCESS is returned by the first call to
-.\" the rebindproc, then referral processing is stopped and that error code
-.\" is returned for the original LDAP operation.
.LP
The
.B ldap_unbind_ext()
@@ -213,7 +273,7 @@ routines return whatever \fIld_errno\fP is set to. See
.BR ldap_error (3)
for more information.
.SH NOTES
-If an anonymous bind is sufficient for the application,the rebind process
+If an anonymous bind is sufficient for the application, the rebind process
need not be provided. The LDAP libraries with the LDAP_OPT_REFERRALS option
set to ON (default value) will automatically follow referrals using an anonymous bind.
.LP
@@ -231,7 +291,4 @@ The bind method must be synchronous.
.B Cyrus SASL
(http://asg.web.cmu.edu/sasl/)
.SH ACKNOWLEDGEMENTS
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.
+.so ../Project
diff --git a/doc/man/man3/ldap_compare.3 b/doc/man/man3/ldap_compare.3
index fff40d1d533e8d9ca13c6e30295ae3b9bdd720a9..5ca9b440efe590b50fb8924a3ca7aae396b2010f 100644
--- a/doc/man/man3/ldap_compare.3
+++ b/doc/man/man3/ldap_compare.3
@@ -1,6 +1,6 @@
.TH LDAP_COMPARE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_compare, ldap_compare_s, ldap_compare_ext, ldap_compare_ext_s \- Perform an LDAP compare operation.
diff --git a/doc/man/man3/ldap_controls.3 b/doc/man/man3/ldap_controls.3
new file mode 100644
index 0000000000000000000000000000000000000000..7cb7d21ddd11093e9d3480778346bfde83e696c8
--- /dev/null
+++ b/doc/man/man3/ldap_controls.3
@@ -0,0 +1,49 @@
+.TH LDAP_CONTROLS 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP$
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_create_control, ldap_find_control, ldap_control_free, ldap_controls_free \- LDAP control manipulation routines
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.B #include <ldap.h>
+.LP
+.BI "int ldap_create_control(LDAP_CONST char *" OID ", BerElement *" ber ", int " iscritical ", LDAPControl **" ctrlp ");"
+.LP
+.BI "LDAPControl *ldap_find_control(LDAP_CONST char *" OID ", LDAPControl **" ctrls ");"
+.LP
+.BI "void ldap_control_free(LDAPControl *" ctrl ");"
+.LP
+.BI "void ldap_controls_free(LDAPControl **" ctrls ");"
+.SH DESCRIPTION
+These routines are used to manipulate structures used for LDAP controls.
+.BR ldap_create_control ()
+creates a control with the specified
+.I OID
+using the contents of the
+.I ber
+parameter for the control value, if any. The
+.I iscritical
+parameter should be non-zero for a critical control. The created control
+is returned in the
+.I ctrlp
+parameter. The routine returns
+.B LDAP_SUCCESS
+on success or some other error code on failure.
+.BR ldap_find_control ()
+searches the
+.I ctrls
+array for a control whose OID matches the
+.I OID
+parameter. The routine returns a pointer to the control if found,
+NULL otherwise.
+.BR ldap_control_free ()
+frees an individual control structure, and
+.BR ldap_controls_free ()
+frees an array of controls.
+.SH SEE ALSO
+.BR ldap (3),
+.BR ldap_error (3)
+.SH ACKNOWLEDGEMENTS
+.so ../Project
diff --git a/doc/man/man3/ldap_controls.3.links b/doc/man/man3/ldap_controls.3.links
new file mode 100644
index 0000000000000000000000000000000000000000..03cd358cc800d73ec9fe0892bfeff3858b6686c5
--- /dev/null
+++ b/doc/man/man3/ldap_controls.3.links
@@ -0,0 +1,4 @@
+ldap_create_control.3
+ldap_find_control.3
+ldap_control_free.3
+ldap_controls_free.3
diff --git a/doc/man/man3/ldap_delete.3 b/doc/man/man3/ldap_delete.3
index f04a4a1dc577adadc93f37ca24bdb1282c3356ec..b02fc1b2021431b63d16dd777b36ddcd9f507542 100644
--- a/doc/man/man3/ldap_delete.3
+++ b/doc/man/man3/ldap_delete.3
@@ -1,6 +1,6 @@
.TH LDAP_DELETE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_delete, ldap_delete_s, ldap_delete_ext, ldap_delete_ext_s \- Perform an LDAP delete operation.
@@ -86,7 +86,4 @@ something went wrong initiating the request, else return 0.
.BR ldap (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.
+.so ../Project
diff --git a/doc/man/man3/ldap_error.3 b/doc/man/man3/ldap_error.3
index b3ff7637cbc138329659a9417c66fb4f438ba520..0a2b7b2a9dad930f637faef215c7c741ef40e819 100644
--- a/doc/man/man3/ldap_error.3
+++ b/doc/man/man3/ldap_error.3
@@ -1,6 +1,6 @@
.TH LDAP_ERROR 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_perror, ld_errno, ldap_result2error, ldap_errlist, ldap_err2string \- LDAP protocol error handling routines
diff --git a/doc/man/man3/ldap_extended_operation.3 b/doc/man/man3/ldap_extended_operation.3
index 053eb1cf9a19e999eed0a5525f0643bee102cc07..1d33bcf4991557358a989be47c3196e20cc9437d 100644
--- a/doc/man/man3/ldap_extended_operation.3
+++ b/doc/man/man3/ldap_extended_operation.3
@@ -1,6 +1,6 @@
.TH LDAP_EXTENDED_OPERATION 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_extended_operation, ldap_extended_operation_s \- Extends the LDAP operations to the LDAP server.
diff --git a/doc/man/man3/ldap_first_attribute.3 b/doc/man/man3/ldap_first_attribute.3
index 1797fe4d0428cfd80463c610abff771adebbe06a..69c7a91d1a14b8824db354df04332a2e25d163cc 100644
--- a/doc/man/man3/ldap_first_attribute.3
+++ b/doc/man/man3/ldap_first_attribute.3
@@ -1,6 +1,6 @@
.TH LDAP_FIRST_ATTRIBUTE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_first_attribute, ldap_next_attribute \- step through LDAP entry attributes
@@ -70,7 +70,4 @@ return dynamically allocated memory that must be freed by the caller via
.BR ldap_get_values (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.
+.so ../Project
diff --git a/doc/man/man3/ldap_first_entry.3 b/doc/man/man3/ldap_first_entry.3
index 3a7a877c36c1d035b8f38c93bcd023bcb9983568..81832f4771606395cda7c83baea3b0ea8b796e34 100644
--- a/doc/man/man3/ldap_first_entry.3
+++ b/doc/man/man3/ldap_first_entry.3
@@ -1,6 +1,6 @@
.TH LDAP_FIRST_ENTRY 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_first_entry, ldap_next_entry, ldap_count_entries \- LDAP result entry parsing and counting routines
@@ -77,7 +77,4 @@ for a description of possible error codes.
.BR ldap_get_values (3),
.BR ldap_get_dn (3)
.SH ACKNOWLEDGEMENTS
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.
+.so ../Project
diff --git a/doc/man/man3/ldap_first_message.3 b/doc/man/man3/ldap_first_message.3
index dd16401ffe2efa5a32d3bf33fd5a70aeb3c17aac..66af6e7650898eb997e567ed9cfc3b27ff3a6ba5 100644
--- a/doc/man/man3/ldap_first_message.3
+++ b/doc/man/man3/ldap_first_message.3
@@ -1,6 +1,6 @@
.TH LDAP_FIRST_MESSAGE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_first_message, ldap_next_message, ldap_count_messages \- Stepping
@@ -80,7 +80,4 @@ NULL is returned. If an error occurs in
.BR ldap_first_entry (3),
.BR ldap_first_reference (3)
.SH ACKNOWLEDGEMENTS
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.
+.so ../Project
diff --git a/doc/man/man3/ldap_first_reference.3 b/doc/man/man3/ldap_first_reference.3
index 126967846eaf9a021a191e771139f3e292ec4763..b5b2822a35b557227b5b90881193ad513e26d4d7 100644
--- a/doc/man/man3/ldap_first_reference.3
+++ b/doc/man/man3/ldap_first_reference.3
@@ -1,6 +1,6 @@
.TH LDAP_FIRST_REFERENCE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_first_reference, ldap_next_reference, ldap_count_references \- Stepping
@@ -69,7 +69,4 @@ NULL is returned. If an error occurs in
.BR ldap_search (3),
.BR ldap_parse_reference (3)
.SH ACKNOWLEDGEMENTS
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.
+.so ../Project
diff --git a/doc/man/man3/ldap_get_dn.3 b/doc/man/man3/ldap_get_dn.3
index 12f7ae6dce254ba6409e519f61316b75d6261cea..cccdf0cdd002965047de105b32457c1f22950ffe 100644
--- a/doc/man/man3/ldap_get_dn.3
+++ b/doc/man/man3/ldap_get_dn.3
@@ -1,6 +1,6 @@
.TH LDAP_GET_DN 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_get_dn, ldap_explode_dn, ldap_explode_rdn, ldap_dn2ufn \- LDAP DN handling routines
@@ -234,7 +234,4 @@ These routines dynamically allocate memory that the caller must free.
.BR ldap_memfree (3),
.BR ldap_value_free (3)
.SH ACKNOWLEDGEMENTS
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.
+.so ../Project
diff --git a/doc/man/man3/ldap_get_option.3 b/doc/man/man3/ldap_get_option.3
index 567fb3459b67f98a221636cad579e010dbed5072..b98906d7562158ede61a95f14b6359d72bdee5ee 100644
--- a/doc/man/man3/ldap_get_option.3
+++ b/doc/man/man3/ldap_get_option.3
@@ -1,6 +1,6 @@
.TH LDAP_GET_OPTION 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_get_option, ldap_set_option \- LDAP option handling routines
@@ -56,15 +56,14 @@ must be a
This is a read-only, handler-specific option.
.TP
.B LDAP_OPT_TIMEOUT
-Sets/gets a timeout value (\fIFIXME: currently unused\fP).
-.BR outvalue
+Sets/gets a timeout value for the synchronous API calls.
+.B outvalue
+and
+.B invalue
must be a
-.BR "struct timeval **" ,
-and the resulting pointer must be freed by the caller using
-.BR ldap_memfree (3).
-.BR invalue
-must be a
-.BR "struct timeval *" .
+.BR "struct timeval *" ,
+and they cannot be NULL. Using a struct with seconds set to -1 results
+in an infinite timeout, which is the default.
.TP
.B LDAP_OPT_NETWORK_TIMEOUT
Sets/gets the network timeout value after which
@@ -72,14 +71,13 @@ Sets/gets the network timeout value after which
following a
.BR connect (2)
returns in case of no activity.
-.BR outvalue
+.B outvalue
+and
+.B invalue
must be a
-.BR "struct timeval **" ,
-and the resulting pointer must be freed by the caller using
-.BR ldap_memfree (3).
-.BR invalue
-must be a
-.BR "struct timeval *" .
+.BR "struct timeval *" ,
+and they cannot be NULL. Using a struct with seconds set to -1 results
+in an infinite timeout, which is the default.
.TP
.B LDAP_OPT_DEREF
Sets/gets the value that defines when alias deferencing must occur.
@@ -328,7 +326,4 @@ by setting that option to
.B RFC 4422
(http://www.rfc-editor.org),
.SH ACKNOWLEDGEMENTS
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.
+.so ../Project
diff --git a/doc/man/man3/ldap_get_values.3 b/doc/man/man3/ldap_get_values.3
index b4fd0b25e5ca9644a81b2d7f3c491c814bb6b4d1..701f33d0d0c61bb5eaa910ebfca2bcbe93b82430 100644
--- a/doc/man/man3/ldap_get_values.3
+++ b/doc/man/man3/ldap_get_values.3
@@ -1,6 +1,6 @@
.TH LDAP_GET_VALUES 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_get_values, ldap_get_values_len, ldap_count_values \- LDAP attribute value handling routines
@@ -99,7 +99,4 @@ using the supplied routines.
.BR ldap_first_attribute (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.
+.so ../Project
diff --git a/doc/man/man3/ldap_memory.3 b/doc/man/man3/ldap_memory.3
new file mode 100644
index 0000000000000000000000000000000000000000..dfe8f037ee5ec12b7d40aeeccc90795ae2b54aef
--- /dev/null
+++ b/doc/man/man3/ldap_memory.3
@@ -0,0 +1,50 @@
+.TH LDAP_MEMORY 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP$
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_memfree, ldap_memvfree, ldap_memalloc, ldap_memcalloc, ldap_memrealloc, ldap_strdup \- LDAP memory allocation routines
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.B #include <ldap.h>
+.LP
+.BI "void ldap_memfree(void *" p ");"
+.LP
+.BI "void ldap_memvfree(void **" v ");"
+.LP
+.BI "void *ldap_memalloc(ber_len_t " s ");"
+.LP
+.BI "void *ldap_memcalloc(ber_len_t " n ", ber_len_t " s ");"
+.LP
+.BI "void *ldap_memrealloc(void *" p ", ber_len_t " s ");"
+.LP
+.BI "char *ldap_strdup(LDAP_CONST char *" p ");"
+.SH DESCRIPTION
+These routines are used to allocate/deallocate memory used/returned
+by the LDAP library.
+.BR ldap_memalloc (),
+.BR ldap_memcalloc (),
+.BR ldap_memrealloc (),
+and
+.BR ldap_memfree ()
+are used exactly like the standard
+.BR malloc (3),
+.BR calloc (3),
+.BR realloc (3),
+and
+.BR free (3)
+routines, respectively.
+The
+.BR ldap_memvfree ()
+routine is used to free a dynamically allocated array of pointers to
+arbitrary dynamically allocated objects.
+The
+.BR ldap_strdup ()
+routine is used exactly like the standard
+.BR strdup (3)
+routine.
+.SH SEE ALSO
+.BR ldap (3)
+.SH ACKNOWLEDGEMENTS
+.so ../Project
diff --git a/doc/man/man3/ldap_memory.3.links b/doc/man/man3/ldap_memory.3.links
new file mode 100644
index 0000000000000000000000000000000000000000..9351ff1b65b7ac23d0aedc084883e6fba7ede1d3
--- /dev/null
+++ b/doc/man/man3/ldap_memory.3.links
@@ -0,0 +1,6 @@
+ldap_memfree.3
+ldap_memvfree.3
+ldap_memalloc.3
+ldap_memcalloc.3
+ldap_memrealloc.3
+ldap_strdup.3
diff --git a/doc/man/man3/ldap_modify.3 b/doc/man/man3/ldap_modify.3
index ff4745a08d18b7468fba5d6307eca6f064e8dce5..54f06e78c6d40120f2d22392abacb8dae3a73e7a 100644
--- a/doc/man/man3/ldap_modify.3
+++ b/doc/man/man3/ldap_modify.3
@@ -1,6 +1,6 @@
.TH LDAP_MODIFY 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_modify_ext, ldap_modify_ext_s \- Perform an LDAP modify operation
diff --git a/doc/man/man3/ldap_modrdn.3 b/doc/man/man3/ldap_modrdn.3
index 8b7f32a8c3d63f755d0ff54269ee6831e2fbed34..26de41f8edcd72e96d2f583d74be52d24c2f05f6 100644
--- a/doc/man/man3/ldap_modrdn.3
+++ b/doc/man/man3/ldap_modrdn.3
@@ -1,6 +1,6 @@
.TH LDAP_MODRDN 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_modrdn, ldap_modrdn_s, ldap_modrdn2, ldap_modrdn2_s \- Perform an LDAP modify RDN operation
@@ -78,7 +78,4 @@ for more details.
.BR ldap (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.
+.so ../Project
diff --git a/doc/man/man3/ldap_open.3 b/doc/man/man3/ldap_open.3
index 6f9a720d80f2f7a502648d2fe758f61bf3e9b988..3402eb7862b4bc72957dbabea51705008ba33d68 100644
--- a/doc/man/man3/ldap_open.3
+++ b/doc/man/man3/ldap_open.3
@@ -1,6 +1,6 @@
.TH LDAP_OPEN 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_init, ldap_initialize, ldap_open \- Initialize the LDAP library and open a connection to an LDAP server
@@ -28,6 +28,17 @@ int ldap_initialize(ldp, uri)
.ft
LDAP **ldp;
char *uri;
+.LP
+.ft B
+#include <ldap_pvt.h>
+.LP
+.ft B
+int ldap_init_fd(fd, proto, uri, ldp)
+.ft
+ber_socket_t fd;
+int proto;
+char *uri;
+LDAP **ldp;
.SH DESCRIPTION
.LP
.B ldap_open()
@@ -37,8 +48,12 @@ the connection and to maintain per-connection information.
.B ldap_init()
allocates an LDAP structure but does not open an initial connection.
.B ldap_initialize()
-allocates an LDAP structure but does not open an initial connection. One
-of these three routines must be called before any operations are attempted.
+allocates an LDAP structure but does not open an initial connection.
+.B ldap_init_fd()
+allocates an LDAP structure using an existing connection on the
+provided socket.
+One
+of these routines must be called before any operations are attempted.
.LP
.B ldap_open()
takes \fIhost\fP, the hostname on which the LDAP server is
@@ -87,6 +102,33 @@ are deprecated in favor of
.BR ldap_initialize() ,
essentially because the latter allows to specify a schema in the URI
and it explicitly returns an error code.
+.LP
+.B ldap_init_fd()
+allows an LDAP structure to be initialized using an already-opened
+connection. The
+.I proto
+parameter should be one of LDAP_PROTO_TCP, LDAP_PROTO_UDP,
+or LDAP_PROTO_IPC
+for a connection using TCP, UDP, or IPC, respectively. The value
+LDAP_PROTO_EXT
+may also be specified if user-supplied sockbuf handlers are going to
+be used. Note that support for UDP is not implemented unless libldap
+was built with LDAP_CONNECTIONLESS defined.
+The
+.I uri
+parameter may optionally be provided for informational purposes.
+
+Note: the first call into the LDAP library also initializes the global
+options for the library. As such the first call should be single-threaded
+or otherwise protected to insure that only one call is active. It is
+recommended that
+.BR ldap_get_option ()
+or
+.BR ldap_set_option ()
+be used in the program's main thread before any additional threads are created.
+See
+.BR ldap_get_option (3).
+
.SH ERRORS
If an error occurs,
.B ldap_open()
@@ -94,6 +136,8 @@ and
.B ldap_init()
will return NULL and errno should be set appropriately.
.B ldap_initialize()
+and
+.B ldap_init_fd()
will directly return the LDAP code associated to the error (or
.I LDAP_SUCCESS
in case of success);
@@ -103,9 +147,7 @@ errno should be set as well whenever appropriate.
.BR ldap_bind (3),
.BR ldap_get_option (3),
.BR ldap_set_option (3),
+.BR lber-sockbuf (3),
.BR errno (3)
.SH ACKNOWLEDGEMENTS
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.
+.so ../Project
diff --git a/doc/man/man3/ldap_parse_reference.3 b/doc/man/man3/ldap_parse_reference.3
index cff502a3634692151242a855f48b743b5eafd179..c2d697885dcdf4dd0dee4c893f05eaca2436d8a9 100644
--- a/doc/man/man3/ldap_parse_reference.3
+++ b/doc/man/man3/ldap_parse_reference.3
@@ -1,6 +1,6 @@
.TH LDAP_PARSE_REFERENCE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_parse_reference \- Extract referrals and controls from a reference message
@@ -58,7 +58,4 @@ Upon success LDAP_SUCCESS is returned. Otherwise the values of the
.BR ldap_get_values (3),
.BR ldap_controls_free (3)
.SH ACKNOWLEDGEMENTS
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.
+.so ../Project
diff --git a/doc/man/man3/ldap_parse_result.3 b/doc/man/man3/ldap_parse_result.3
index e9d9a5246101a14f5c6ec7fd7572c6e85585c666..5d30af687c0be6fe1d8886617da59135cb94974f 100644
--- a/doc/man/man3/ldap_parse_result.3
+++ b/doc/man/man3/ldap_parse_result.3
@@ -1,6 +1,6 @@
.TH LDAP_PARSE_RESULT 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_parse_result \- Parsing results
@@ -58,7 +58,7 @@ field from the parsed message. This string should be freed using
.LP
The \fIreferralsp\fP parameter will be filled in with an allocated array of
referral strings from the parsed message. This array should be freed using
-.BR ldap_value_free (3).
+.BR ldap_memvfree (3).
If no referrals were returned, \fI*referralsp\fP is set to NULL.
.LP
The \fIserverctrlsp\fP parameter will be filled in with an allocated array of
@@ -99,11 +99,9 @@ result parameters are undefined.
.BR ldap_result (3),
.BR ldap_search (3),
.BR ldap_memfree (3),
+.BR ldap_memvfree (3),
.BR ldap_get_values (3),
.BR ldap_controls_free (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.
+.so ../Project
diff --git a/doc/man/man3/ldap_parse_sort_control.3 b/doc/man/man3/ldap_parse_sort_control.3
index c8f6b55494609dfdf30a37dae1bfac35ff2ec8f5..28813961ab256cf7e365b05130db8e2c4360bebf 100644
--- a/doc/man/man3/ldap_parse_sort_control.3
+++ b/doc/man/man3/ldap_parse_sort_control.3
@@ -1,6 +1,6 @@
.TH LDAP_PARSE_SORT-CONTROL 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_parse_sort_control \- Decodes the information returned from a search operation
@@ -38,7 +38,4 @@ ldap_memfree function.
.BR ldap_result (3),
.BR ldap_controls_free (3)
.SH ACKNOWLEDGEMENTS
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.
+.so ../Project
diff --git a/doc/man/man3/ldap_parse_vlv_control.3 b/doc/man/man3/ldap_parse_vlv_control.3
index a33cc7418361af17e5ecb64b7cdb7c8c75aca147..522cc13c076ed7f2805f79ded27f214687178904 100644
--- a/doc/man/man3/ldap_parse_vlv_control.3
+++ b/doc/man/man3/ldap_parse_vlv_control.3
@@ -1,6 +1,6 @@
.TH LDAP_PARSE_VLV_CONTROL 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_parse_vlv_control \- Decodes the information returned from a search operation that
@@ -47,7 +47,4 @@ ldap.h for a list of possible return codes.
.SH SEE ALSO
.BR ldap_search (3)
.SH ACKNOWLEDGEMENTS
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.
+.so ../Project
diff --git a/doc/man/man3/ldap_rename.3 b/doc/man/man3/ldap_rename.3
index 22989af9d2a356796907097b35a214ca888e10cc..26d4264b9bf4e16670cbf5bd483fbcba8e211b3a 100644
--- a/doc/man/man3/ldap_rename.3
+++ b/doc/man/man3/ldap_rename.3
@@ -1,6 +1,6 @@
.TH LDAP_RENAME 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_rename, ldap_rename_s \- Renames the specified entry.
@@ -63,7 +63,4 @@ returns the LDAP error code resulting from the rename operation.
.BR ldap (3),
.BR ldap_modify (3)
.SH ACKNOWLEDGEMENTS
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.
+.so ../Project
diff --git a/doc/man/man3/ldap_result.3 b/doc/man/man3/ldap_result.3
index 607eed15fb12021571f0c6b33043ac21c0359c9a..9a64117b6c29aa3e2baf785c13cfff7f9d495b18 100644
--- a/doc/man/man3/ldap_result.3
+++ b/doc/man/man3/ldap_result.3
@@ -1,6 +1,6 @@
.TH LDAP_RESULT 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_result \- Wait for the result of an LDAP operation
@@ -127,7 +127,4 @@ return -1 on error.
.BR ldap_first_message (3),
.BR select (2)
.SH ACKNOWLEDGEMENTS
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.
+.so ../Project
diff --git a/doc/man/man3/ldap_schema.3 b/doc/man/man3/ldap_schema.3
index d6e5ab49f30fe9733b47708b49c63cd850fb32bc..63b040ba917922a8f1fd00b7b1e913ab58b29173 100644
--- a/doc/man/man3/ldap_schema.3
+++ b/doc/man/man3/ldap_schema.3
@@ -1,6 +1,6 @@
.TH LDAP_SCHEMA 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 2000-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2000-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free,
@@ -324,8 +324,4 @@ Unexpected end of data.
.SH SEE ALSO
.BR ldap (3)
.SH ACKNOWLEDGEMENTS
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.
-
+.so ../Project
diff --git a/doc/man/man3/ldap_search.3 b/doc/man/man3/ldap_search.3
index abbdc6e6a68f684dd0f1873a76c6ab473298a32b..f17b62f9e8e439f57f6f58310ad53d78b50368e2 100644
--- a/doc/man/man3/ldap_search.3
+++ b/doc/man/man3/ldap_search.3
@@ -1,6 +1,6 @@
.TH LDAP_SEARCH 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_search, ldap_search_s, ldap_search_st, ldap_search_ext, ldap_search_ext_s \- Perform an LDAP search operation
@@ -24,7 +24,8 @@ int \fIattrsonly\fB,
LDAPControl **\fIserverctrls\fB,
LDAPControl **\fIclientctrls\fB,
struct timeval *\fItimeout\fB,
-int sizelimit, *\fImsgidp\fB );
+int \fIsizelimit\fB,
+int *\fImsgidp\fB );
.RE
.LP
.ft B
@@ -39,6 +40,7 @@ int \fIattrsonly\fB,
LDAPControl **\fIserverctrls\fB,
LDAPControl **\fIclientctrls\fB,
struct timeval *\fItimeout\fB,
+int \fIsizelimit\fB,
LDAPMessage **\fIres\fB );
.RE
.SH DESCRIPTION
diff --git a/doc/man/man3/ldap_sort.3 b/doc/man/man3/ldap_sort.3
index 3d13b377f601dc43e00725af8308a1a41582dc91..1f4cfa4bf71c4e12e7bd6e38f269eb23f17cdd67 100644
--- a/doc/man/man3/ldap_sort.3
+++ b/doc/man/man3/ldap_sort.3
@@ -1,6 +1,6 @@
.TH LDAP_SORT 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
LDAP sorting routines (deprecated)
diff --git a/doc/man/man3/ldap_sync.3 b/doc/man/man3/ldap_sync.3
new file mode 100644
index 0000000000000000000000000000000000000000..17b97536c4875c40139f75954bfb77d89f710ce6
--- /dev/null
+++ b/doc/man/man3/ldap_sync.3
@@ -0,0 +1,325 @@
+.TH LDAP_SYNC 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP$
+.\" Copyright 2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_sync_init, ldap_sync_init_refresh_only, ldap_sync_init_refresh_and_persist, ldap_sync_poll \- LDAP sync routines
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.nf
+.B #include <ldap_sync.h>
+.LP
+.BI "int ldap_sync_init(ldap_sync_t *" ls ", int " mode ", int " cancel ");"
+.LP
+.BI "int ldap_sync_init_refresh_only(ldap_sync_t *" ls ", int " cancel ");"
+.LP
+.BI "int ldap_sync_init_refresh_and_persist(ldap_sync_t *" ls ", int " cancel ");"
+.LP
+.BI "int ldap_sync_poll(ldap_sync_t *" ls ");"
+.LP
+.BI "ldap_sync_t * ldap_sync_initialize(ldap_sync_t *" ls ");"
+.LP
+.BI "int ldap_sync_destroy(ldap_sync_t *" ls ", int " freeit ");"
+.LP
+.BI "typedef int (*" ldap_sync_search_entry_f ")(ldap_sync_t *" ls ","
+.RS
+.BI "LDAPMessage *" msg ", struct berval *" entryUUID ","
+.BI "ldap_sync_refresh_t " phase ");"
+.RE
+.LP
+.BI "typedef int (*" ldap_sync_search_reference_f ")(ldap_sync_t *" ls ","
+.RS
+.BI "LDAPMessage *" msg ");"
+.RE
+.LP
+.BI "typedef int (*" ldap_sync_intermediate_f ")(ldap_sync_t *" ls ","
+.RS
+.BI "LDAPMessage *" msg ", BerVarray " syncUUIDs ","
+.BI "ldap_sync_refresh_t " phase ");"
+.RE
+.LP
+.BI "typedef int (*" ldap_sync_search_result_f ")(ldap_sync_t *" ls ","
+.RS
+.BI "LDAPMessage *" msg ", int " refreshDeletes ");"
+.RE
+.SH DESCRIPTION
+.LP
+These routines provide an interface to the LDAP Content Synchronization
+operation (RFC 4533).
+They require an
+.BR ldap_sync_t
+structure to be set up with parameters required for various phases
+of the operation; this includes setting some handlers for special events.
+All handlers take a pointer to the \fBldap_sync_t\fP structure as the first
+argument, and a pointer to the \fBLDAPMessage\fP structure as received
+from the server by the client library, plus, occasionally, other specific
+arguments.
+
+The members of the \fBldap_sync_t\fP structure are:
+.TP
+.BI "char *" ls_base
+The search base; by default, the
+.B BASE
+option in
+.BR ldap.conf (5).
+.TP
+.BI "int " ls_scope
+The search scope (one of
+.BR LDAP_SCOPE_BASE ,
+.BR LDAP_SCOPE_ONELEVEL ,
+.BR LDAP_SCOPE_SUBORDINATE
+or
+.BR LDAP_SCOPE_SUBTREE ;
+see
+.B ldap.h
+for details).
+.TP
+.BI "char *" ls_filter
+The filter (RFC 4515); by default,
+.BR (objectClass=*) .
+.TP
+.BI "char **" ls_attrs
+The requested attributes; by default
+.BR NULL ,
+indicating all user attributes.
+.TP
+.BI "int " ls_timelimit
+The requested time limit (in seconds); by default
+.BR 0 ,
+to indicate no limit.
+.TP
+.BI "int " ls_sizelimit
+The requested size limit (in entries); by default
+.BR 0 ,
+to indicate no limit.
+.TP
+.BI "int " ls_timeout
+The desired timeout during polling with
+.BR ldap_sync_poll (3).
+A value of
+.BR -1
+means that polling is blocking, so
+.BR ldap_sync_poll (3)
+will not return until a message is received; a value of
+.BR 0
+means that polling returns immediately, no matter if any response
+is available or not; a positive value represents the timeout the
+.BR ldap_sync_poll (3)
+function will wait for response before returning, unless a message
+is received; in that case,
+.BR ldap_sync_poll (3)
+returns as soon as the message is available.
+.TP
+.BI "ldap_sync_search_entry_f " ls_search_entry
+A function that is called whenever an entry is returned.
+The
+.BR msg
+argument is the
+.BR LDAPMessage
+that contains the searchResultEntry; it can be parsed using the regular
+client API routines, like
+.BR ldap_get_dn (3),
+.BR ldap_first_attribute (3),
+and so on.
+The
+.BR entryUUID
+argument contains the entryUUID of the entry.
+The
+.BR phase
+argument indicates the type of operation: one of
+.BR LDAP_SYNC_CAPI_PRESENT ,
+.BR LDAP_SYNC_CAPI_ADD ,
+.BR LDAP_SYNC_CAPI_MODIFY ,
+.BR LDAP_SYNC_CAPI_DELETE ;
+in case of
+.BR LDAP_SYNC_CAPI_PRESENT
+or
+.BR LDAP_SYNC_CAPI_DELETE ,
+only the DN is contained in the
+.IR LDAPMessage ;
+in case of
+.BR LDAP_SYNC_CAPI_MODIFY ,
+the whole entry is contained in the
+.IR LDAPMessage ,
+and the application is responsible of determining the differences
+between the new view of the entry provided by the caller and the data
+already known.
+.TP
+.BI "ldap_sync_search_reference_f " ls_search_reference
+A function that is called whenever a search reference is returned.
+The
+.BR msg
+argument is the
+.BR LDAPMessage
+that contains the searchResultReference; it can be parsed using
+the regular client API routines, like
+.BR ldap_parse_reference (3).
+.TP
+.BI "ldap_sync_intermediate_f " ls_intermediate
+A function that is called whenever something relevant occurs during
+the refresh phase of the search, which is marked by
+an \fIintermediateResponse\fP message type.
+The
+.BR msg
+argument is the
+.BR LDAPMessage
+that contains the intermediate response; it can be parsed using
+the regular client API routines, like
+.BR ldap_parse_intermediate (3).
+The
+.BR syncUUIDs
+argument contains an array of UUIDs of the entries that depends
+on the value of the
+.BR phase
+argument.
+In case of
+.BR LDAP_SYNC_CAPI_PRESENTS ,
+the "present" phase is being entered;
+this means that the following sequence of results will consist
+in entries in "present" sync state.
+In case of
+.BR LDAP_SYNC_CAPI_DELETES ,
+the "deletes" phase is being entered;
+this means that the following sequence of results will consist
+in entries in "delete" sync state.
+In case of
+.BR LDAP_SYNC_CAPI_PRESENTS_IDSET ,
+the message contains a set of UUIDs of entries that are present;
+it replaces a "presents" phase.
+In case of
+.BR LDAP_SYNC_CAPI_DELETES_IDSET ,
+the message contains a set of UUIDs of entries that have been deleted;
+it replaces a "deletes" phase.
+In case of
+.BR LDAP_SYNC_CAPI_DONE,
+a "presents" phase with "refreshDone" set to "TRUE" has been returned
+to indicate that the refresh phase of refreshAndPersist is over, and
+the client should start polling.
+Except for the
+.BR LDAP_SYNC_CAPI_PRESENTS_IDSET
+and LDAP_SYNC_CAPI_DELETES_IDSET
+cases,
+.BR syncUUIDs
+is NULL.
+.BR
+.TP
+.BI "ldap_sync_search_result_f " ls_search_result
+A function that is called whenever a searchResultDone is returned.
+In refreshAndPersist this can only occur when the server decides
+that the search must be interrupted.
+The
+.BR msg
+argument is the
+.BR LDAPMessage
+that contains the response; it can be parsed using
+the regular client API routines, like
+.BR ldap_parse_result (3).
+The
+.BR refreshDeletes
+argument is not relevant in this case; it should always be -1.
+.TP
+.BI "void *" ls_private
+A pointer to private data. The client may register here
+a pointer to data the handlers above may need.
+.TP
+.BI "LDAP *" ls_ld
+A pointer to a LDAP structure that is used to connect to the server.
+It is the responsibility of the client to initialize the structure
+and to provide appropriate authentication and security in place.
+
+.SH "GENERAL USE"
+A
+.B ldap_sync_t
+structure is initialized by calling
+.BR ldap_sync_initialize(3).
+This simply clears out the contents of an already existing
+.B ldap_sync_t
+structure, and sets appropriate values for some members.
+After that, the caller is responsible for setting up the
+connection (member
+.BR ls_ld ),
+evetually setting up transport security (TLS),
+for binding and any other initialization.
+The caller must also fill all the documented search-related fields
+of the
+.B ldap_sync_t
+structure.
+
+At the end of a session, the structure can be cleaned up by calling
+.BR ldap_sync_destroy (3),
+which takes care of freeing all data assuming it was allocated by
+.BR ldap_mem* (3)
+routines.
+Otherwise, the caller should take care of destroying and zeroing out
+the documented search-related fields, and call
+.BR ldap_sync_destroy (3)
+to free undocumented members set by the API.
+
+.SH "REFRESH ONLY"
+The
+.BR refreshOnly
+functionality is obtained by periodically calling
+.BR ldap_sync_init (3)
+with mode set to
+.BR LDAP_SYNC_REFRESH_ONLY ,
+or, which is equivalent, by directly calling
+.BR ldap_sync_init_refresh_only (3).
+The state of the search, and the consistency of the search parameters,
+is preserved across calls by passing the
+.B ldap_sync_t
+structure as left by the previous call.
+
+.SH "REFRESH AND PERSIST"
+The
+.BR refreshAndPersist
+functionality is obtained by calling
+.BR ldap_sync_init (3)
+with mode set to
+.BR LDAP_SYNC_REFRESH_AND_PERSIST ,
+or, which is equivalent, by directly calling
+.BR ldap_sync_init_refresh_and_persist (3)
+and, after a successful return, by repeatedly polling with
+.BR ldap_sync_poll (3)
+according to the desired pattern.
+
+A client may insert a call to
+.BR ldap_sync_poll (3)
+into an external loop to check if any modification was returned;
+in this case, it might be appropriate to set
+.BR ls_timeout
+to 0, or to set it to a finite, small value.
+Otherwise, if the client's main purpose consists in waiting for
+responses, a timeout of -1 is most suitable, so that the function
+only returns after some data has been received and handled.
+
+.SH ERRORS
+All routines return any LDAP error resulting from a lower-level error
+in the API calls they are based on, or LDAP_SUCCESS in case of success.
+.BR ldap_sync_poll (3)
+may return
+.BR LDAP_SYNC_REFRESH_REQUIRED
+if a full refresh is requested by the server.
+In this case, it is appropriate to call
+.BR ldap_sync_init (3)
+again, passing the same
+.B ldap_sync_t
+structure as resulted from any previous call.
+.SH NOTES
+.SH SEE ALSO
+.BR ldap (3),
+.BR ldap_search_ext (3),
+.BR ldap_result (3) ;
+.B RFC 4533
+(http://www.rfc-editor.org),
+.SH AUTHOR
+Designed and implemented by Pierangelo Masarati, based on RFC 4533
+and loosely inspired by syncrepl code in
+.BR slapd (8).
+.SH ACKNOWLEDGEMENTS
+Initially developed by
+.BR "SysNet s.n.c."
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
diff --git a/doc/man/man3/ldap_tls.3 b/doc/man/man3/ldap_tls.3
new file mode 100644
index 0000000000000000000000000000000000000000..f05f81612544a9494f5f9bae442c8e7493b4f559
--- /dev/null
+++ b/doc/man/man3/ldap_tls.3
@@ -0,0 +1,41 @@
+.TH LDAP_TLS 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP$
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_start_tls, ldap_start_tls_s, ldap_tls_inplace, ldap_install_tls \- LDAP TLS initialization routines
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.B #include <ldap.h>
+.LP
+.BI "int ldap_start_tls(LDAP *" ld ");"
+.LP
+.BI "int ldap_start_tls_s(LDAP *" ld ", LDAPControl **" serverctrls ", LDAPControl **" clientctrls ");"
+.LP
+.BI "int ldap_tls_inplace(LDAP *" ld ");"
+.LP
+.BI "int ldap_install_tls(LDAP *" ld ");"
+.SH DESCRIPTION
+These routines are used to initiate TLS processing on an LDAP session.
+.BR ldap_start_tls_s ()
+sends a StartTLS request to a server, waits for the reply, and then installs
+TLS handlers on the session if the request succeeded. The routine returns
+.B LDAP_SUCCESS
+if everything succeeded, otherwise it returns an LDAP error code.
+.BR ldap_start_tls ()
+sends a StartTLS request to a server and does nothing else. It returns
+.B LDAP_SUCCESS
+if the request was sent successfully.
+.BR ldap_tls_inplace ()
+returns 1 if TLS handlers have been installed on the specified session, 0
+otherwise.
+.BR ldap_install_tls ()
+installs the TLS handlers on the given session. It returns
+.B LDAP_LOCAL_ERROR
+if TLS is already installed.
+.SH SEE ALSO
+.BR ldap (3),
+.BR ldap_error (3)
+.SH ACKNOWLEDGEMENTS
+.so ../Project
diff --git a/doc/man/man3/ldap_tls.3.links b/doc/man/man3/ldap_tls.3.links
new file mode 100644
index 0000000000000000000000000000000000000000..d03e2bf417b5ea015364641517fdf8ec424a8049
--- /dev/null
+++ b/doc/man/man3/ldap_tls.3.links
@@ -0,0 +1,4 @@
+ldap_start_tls.3
+ldap_start_tls_s.3
+ldap_tls_inplace.3
+ldap_install_tls.3
diff --git a/doc/man/man3/ldap_url.3 b/doc/man/man3/ldap_url.3
index 2093116fb52afef487a93afa0ae6fa4c0a04076f..7a1662bb3f5446d246d7bc01909aaac490feb69b 100644
--- a/doc/man/man3/ldap_url.3
+++ b/doc/man/man3/ldap_url.3
@@ -1,6 +1,6 @@
.TH LDAP_URL 3 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap_is_ldap_url,
diff --git a/doc/man/man5/Makefile.in b/doc/man/man5/Makefile.in
index 71fa085ae59007054284818936137aeb5315dc5a..c00fc36b93e32cab937192961555cfe37f3c11f7 100644
--- a/doc/man/man5/Makefile.in
+++ b/doc/man/man5/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5
index 9949110d263fec1b5e7528bd5470fc186808d12d..78de1480ad3b8f92f39aa8e7b04a21a1ebc87efe 100644
--- a/doc/man/man5/ldap.conf.5
+++ b/doc/man/man5/ldap.conf.5
@@ -1,8 +1,7 @@
.TH LDAP.CONF 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.UC 6
.SH NAME
ldap.conf, .ldaprc \- ldap configuration file
.SH SYNOPSIS
@@ -119,6 +118,28 @@ Specifies the default bind DN to use when performing ldap operations.
The bind DN must be specified as a Distinguished Name in LDAP format.
.B This is a user\-only option.
.TP
+.B DEREF <when>
+Specifies how alias dereferencing is done when performing a search. The
+.B <when>
+can be specified as one of the following keywords:
+.RS
+.TP
+.B never
+Aliases are never dereferenced. This is the default.
+.TP
+.B searching
+Aliases are dereferenced in subordinates of the base object, but
+not in locating the base object of the search.
+.TP
+.B finding
+Aliases are only dereferenced when locating the base object of the search.
+.TP
+.B always
+Aliases are dereferenced both in searching and in locating the base object
+of the search.
+.RE
+.TP
+.TP
.B HOST <name[:port] ...>
Specifies the name(s) of an LDAP server(s) to which the
.I LDAP
@@ -130,6 +151,10 @@ list of hosts may be provided.
is deprecated in favor of
.BR URI .
.TP
+.B NETWORK_TIMEOUT <integer>
+Specifies the timeout (in seconds) after which the poll(2)/select(2)
+following a connect(2) returns in case of no activity.
+.TP
.B PORT <port>
Specifies the default port used when connecting to LDAP servers(s).
The port may be specified as a number.
@@ -144,6 +169,10 @@ The default is on.
Note that the command line tools
.BR ldapsearch (1)
&co always override this option.
+.\" This should only be allowed via ldap_set_option(3)
+.\".TP
+.\".B RESTART <on/true/yes/off/false/no>
+.\"Determines whether the library should implicitly restart connections (FIXME).
.TP
.B SIZELIMIT <integer>
Specifies a size limit to use when performing searches. The
@@ -154,37 +183,11 @@ specifies unlimited search size.
Specifies a time limit to use when performing searches. The
number should be a non-negative integer. \fITIMELIMIT\fP of zero (0)
specifies unlimited search time to be used.
-.TP
-.B DEREF <when>
-Specifies how alias dereferencing is done when performing a search. The
-.B <when>
-can be specified as one of the following keywords:
-.RS
-.TP
-.B never
-Aliases are never dereferenced. This is the default.
-.TP
-.B searching
-Aliases are dereferenced in subordinates of the base object, but
-not in locating the base object of the search.
-.TP
-.B finding
-Aliases are only dereferenced when locating the base object of the search.
-.TP
-.B always
-Aliases are dereferenced both in searching and in locating the base object
-of the search.
-.RE
-.TP
.B VERSION {2|3}
Specifies what version of the LDAP protocol should be used.
.TP
.B TIMEOUT <integer>
Specifies a generic timeout (in seconds). Currently ignored.
-.TP
-.B NETWORK_TIMEOUT <integer>
-Specifies the timeout (in seconds) after which the poll(2)/select(2)
-following a connect(2) returns in case of no activity.
.SH SASL OPTIONS
If OpenLDAP is built with Simple Authentication and Security Layer support,
there are more options you can specify.
@@ -370,7 +373,4 @@ local ldap configuration file
.SH AUTHOR
Kurt Zeilenga, The OpenLDAP Project
.SH ACKNOWLEDGEMENTS
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.
+.so ../Project
diff --git a/doc/man/man5/ldif.5 b/doc/man/man5/ldif.5
index 7eb51e3c1a7d0c46fe64c49fffbdaf5bea3eabc8..0a892983c36a3ac3c5272d6dc8ad4530f9047b5a 100644
--- a/doc/man/man5/ldif.5
+++ b/doc/man/man5/ldif.5
@@ -1,14 +1,19 @@
.TH LDIF 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldif \- LDAP Data Interchange Format
.SH DESCRIPTION
The LDAP Data Interchange Format (LDIF) is used to represent LDAP
entries and change records in text form. LDAP tools, such as
-.BR ldapadd (1) and .BR ldapsearch (1), read and write LDIF entry
-records. ldapmodify(1) reads LDIF change records.
+.BR ldapadd (1)
+and
+.BR ldapsearch (1),
+read and write LDIF entry
+records.
+.BR ldapmodify (1)
+reads LDIF change records.
.LP
This manual page provides a basic description of LDIF. A
formal specification of LDIF is published in RFC 2849.
@@ -228,16 +233,44 @@ of each type of change.
changetype: delete
.fi
+.SH INCLUDE STATEMENT
+The LDIF parser has been extended to support an
+.B include
+statement for referencing other LDIF files. The
+.B include
+statement must be separated from other records by a blank line.
+The referenced file is specified using a file: URI and all of its
+contents are incorporated as if they were part of the original
+LDIF file. As above, other URI schemes may be supported. For example:
+.LP
+.nf
+ dn: dc=example,dc=com
+ objectclass: domain
+ dc: example
+
+ include: file:///tmp/example.com.ldif
+
+ dn: dc=example,dc=org
+ objectclass: domain
+ dc: example
+.fi
+This feature is not part of the LDIF specification in RFC 2849 but
+is expected to appear in a future revision of this spec. It is supported
+by the
+.BR ldapadd (1),
+.BR ldapmodify (1),
+and
+.BR slapadd (8)
+commands.
+
.SH SEE ALSO
.BR ldap (3),
.BR ldapsearch (1),
.BR ldapadd (1),
.BR ldapmodify (1),
+.BR slapadd (8),
.BR slapd.replog (5).
.LP
"LDAP Data Interchange Format," Good, G., RFC 2849.
.SH ACKNOWLEDGEMENTS
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.
+.so ../Project
diff --git a/doc/man/man5/slapd-bdb.5 b/doc/man/man5/slapd-bdb.5
index 052b25f57accf725c9ca7ae36870067afca79842..4fda2c35db6339e7c0bf4eea869e73b6b1ced441 100644
--- a/doc/man/man5/slapd-bdb.5
+++ b/doc/man/man5/slapd-bdb.5
@@ -1,5 +1,5 @@
.TH SLAPD-BDB 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
@@ -223,3 +223,5 @@ Berkeley DB configuration file
.BR slapcat (8),
.BR slapindex (8),
Berkeley DB documentation.
+.SH ACKNOWLEDGEMENTS
+.so ../Project
diff --git a/doc/man/man5/slapd-config.5 b/doc/man/man5/slapd-config.5
new file mode 100644
index 0000000000000000000000000000000000000000..3a375546cb36b17f93aaa8cf3bd169aebd047fdc
--- /dev/null
+++ b/doc/man/man5/slapd-config.5
@@ -0,0 +1,1962 @@
+.TH SLAPD-CONFIG 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.\" $OpenLDAP$
+.SH NAME
+slapd-config \- configuration backend
+.SH SYNOPSIS
+ETCDIR/slapd.d
+.SH DESCRIPTION
+The
+.B config
+backend manages all of the configuration information for the
+.BR slapd (8)
+daemon. This configuration information is also used by the SLAPD tools
+.BR slapacl (8),
+.BR slapadd (8),
+.BR slapauth (8),
+.BR slapcat (8),
+.BR slapdn (8),
+.BR slapindex (8),
+and
+.BR slaptest (8).
+.LP
+The
+.B config
+backend is backward compatible with the older
+.BR slapd.conf (5)
+file but provides the ability to change the configuration dynamically
+at runtime. If slapd is run with only a
+.B slapd.conf
+file dynamic changes will be allowed but they will not persist across
+a server restart. Dynamic changes are only saved when slapd is running
+from a
+.B slapd.d
+configuration directory.
+.LP
+
+Unlike other backends, there can only be one instance of the
+.B config
+backend, and most of its structure is predefined. The root of the
+database is hardcoded to
+.B "cn=config"
+and this root entry contains
+global settings for slapd. Multiple child entries underneath the
+root entry are used to carry various other settings:
+.RS
+.TP
+.B cn=Module
+dynamically loaded modules
+.TP
+.B cn=Schema
+schema definitions
+.TP
+.B olcBackend=xxx
+backend-specific settings
+.TP
+.B olcDatabase=xxx
+database-specific settings
+.RE
+
+The
+.B cn=Module
+entries will only appear in configurations where slapd
+was built with support for dynamically loaded modules. There can be
+multiple entries, one for each configured module path. Within each
+entry there will be values recorded for each module loaded on a
+given path. These entries have no children.
+
+The
+.B cn=Schema
+entry contains all of the hardcoded schema elements.
+The children of this entry contain all user-defined schema elements.
+In schema that were loaded from include files, the child entry will
+be named after the include file from which the schema was loaded.
+Typically the first child in this subtree will be
+.BR cn=core,cn=schema,cn=config .
+
+.B olcBackend
+entries are for storing settings specific to a single
+backend type (and thus global to all database instances of that type).
+At present there are no backends that implement settings of this
+nature, so usually there will not be any olcBackend entries.
+
+.B olcDatabase
+entries store settings specific to a single database
+instance. These entries may have
+.B olcOverlay
+child entries corresponding
+to any overlays configured on the database. The olcDatabase and
+olcOverlay entries may also have miscellaneous child entries for
+other settings as needed. There are two special database entries
+that are predefined - one is an entry for the config database itself,
+and the other is for the "frontend" database. Settings in the
+frontend database are inherited by the other databases, unless
+they are explicitly overridden in a specific database.
+.LP
+The specific configuration options available are discussed below in the
+Global Configuration Options, General Backend Options, and General Database
+Options. Options are set by defining LDAP attributes with specific values.
+In general the names of the LDAP attributes are the same as the corresponding
+.B slapd.conf
+keyword, with an "olc" prefix added on.
+
+The parser for many of these attributes is the same as used for parsing
+the slapd.conf keywords. As such, slapd.conf keywords that allow multiple
+items to be specified on one line, separated by whitespace, will allow
+multiple items to be specified in one attribute value. However, when
+reading the attribute via LDAP, the items will be returned as individual
+attribute values.
+
+Backend-specific options are discussed in the
+.B slapd-<backend>(5)
+manual pages. Refer to the "OpenLDAP Administrator's Guide" for more
+details on configuring slapd.
+.SH GLOBAL CONFIGURATION OPTIONS
+Options described in this section apply to the server as a whole.
+Arguments that should be replaced by
+actual text are shown in brackets <>.
+
+These options may only be specified in the
+.B cn=config
+entry. This entry must have an objectClass of
+.BR olcGlobal .
+
+.TP
+.B olcAllows: <features>
+Specify a set of features to allow (default none).
+.B bind_v2
+allows acceptance of LDAPv2 bind requests. Note that
+.BR slapd (8)
+does not truly implement LDAPv2 (RFC 1777), now Historic (RFC 3494).
+.B bind_anon_cred
+allows anonymous bind when credentials are not empty (e.g.
+when DN is empty).
+.B bind_anon_dn
+allows unauthenticated (anonymous) bind when DN is not empty.
+.B update_anon
+allows unauthenticated (anonymous) update operations to be processed
+(subject to access controls and other administrative limits).
+.B proxy_authz_anon
+allows unauthenticated (anonymous) proxy authorization control to be processed
+(subject to access controls, authorization and other administrative limits).
+.TP
+.B olcArgsFile: <filename>
+The ( absolute ) name of a file that will hold the
+.B slapd
+server's command line options
+if started without the debugging command line option.
+.TP
+.B olcAttributeOptions: <option-name>...
+Define tagging attribute options or option tag/range prefixes.
+Options must not end with `-', prefixes must end with `-'.
+The `lang-' prefix is predefined.
+If you use the
+.B olcAttributeOptions
+directive, `lang-' will no longer be defined and you must specify it
+explicitly if you want it defined.
+
+An attribute description with a tagging option is a subtype of that
+attribute description without the option.
+Except for that, options defined this way have no special semantics.
+Prefixes defined this way work like the `lang-' options:
+They define a prefix for tagging options starting with the prefix.
+That is, if you define the prefix `x-foo-', you can use the option
+`x-foo-bar'.
+Furthermore, in a search or compare, a prefix or range name (with
+a trailing `-') matches all options starting with that name, as well
+as the option with the range name sans the trailing `-'.
+That is, `x-foo-bar-' matches `x-foo-bar' and `x-foo-bar-baz'.
+
+RFC 4520 reserves options beginning with `x-' for private experiments.
+Other options should be registered with IANA, see RFC 4520 section 3.5.
+OpenLDAP also has the `binary' option built in, but this is a transfer
+option, not a tagging option.
+.TP
+.B olcAuthzPolicy: <policy>
+Used to specify which rules to use for Proxy Authorization. Proxy
+authorization allows a client to authenticate to the server using one
+user's credentials, but specify a different identity to use for authorization
+and access control purposes. It essentially allows user A to login as user
+B, using user A's password.
+The
+.B none
+flag disables proxy authorization. This is the default setting.
+The
+.B from
+flag will use rules in the
+.I authzFrom
+attribute of the authorization DN.
+The
+.B to
+flag will use rules in the
+.I authzTo
+attribute of the authentication DN.
+The
+.B any
+flag, an alias for the deprecated value of
+.BR both ,
+will allow any of the above, whatever succeeds first (checked in
+.BR to ,
+.B from
+sequence.
+The
+.B all
+flag requires both authorizations to succeed.
+.LP
+.RS
+The rules are mechanisms to specify which identities are allowed
+to perform proxy authorization.
+The
+.I authzFrom
+attribute in an entry specifies which other users
+are allowed to proxy login to this entry. The
+.I authzTo
+attribute in
+an entry specifies which other users this user can authorize as. Use of
+.I authzTo
+rules can be easily
+abused if users are allowed to write arbitrary values to this attribute.
+In general the
+.I authzTo
+attribute must be protected with ACLs such that
+only privileged users can modify it.
+The value of
+.I authzFrom
+and
+.I authzTo
+describes an
+.B identity
+or a set of identities; it can take five forms:
+.RS
+.TP
+.B ldap:///<base>??[<scope>]?<filter>
+.RE
+.RS
+.B dn[.<dnstyle>]:<pattern>
+.RE
+.RS
+.B u[<mech>[<realm>]]:<pattern>
+.RE
+.RS
+.B group[/objectClass[/attributeType]]:<pattern>
+.RE
+.RS
+.B <pattern>
+.RE
+.RS
+
+.B <dnstyle>:={exact|onelevel|children|subtree|regex}
+
+.RE
+The first form is a valid LDAP
+.B URI
+where the
+.IR <host>:<port> ,
+the
+.I <attrs>
+and the
+.I <extensions>
+portions must be absent, so that the search occurs locally on either
+.I authzFrom
+or
+.IR authzTo .
+The second form is a
+.BR DN ,
+with the optional style modifiers
+.IR exact ,
+.IR onelevel ,
+.IR children ,
+and
+.I subtree
+for exact, onelevel, children and subtree matches, which cause
+.I <pattern>
+to be normalized according to the DN normalization rules, or the special
+.I regex
+style, which causes the
+.I <pattern>
+to be treated as a POSIX (''extended'') regular expression, as
+discussed in
+.BR regex (7)
+and/or
+.BR re_format (7).
+A pattern of
+.I *
+means any non-anonymous DN.
+The third form is a SASL
+.BR id ,
+with the optional fields
+.I <mech>
+and
+.I <realm>
+that allow to specify a SASL
+.BR mechanism ,
+and eventually a SASL
+.BR realm ,
+for those mechanisms that support one.
+The need to allow the specification of a mechanism is still debated,
+and users are strongly discouraged to rely on this possibility.
+The fourth form is a group specification, consisting of the keyword
+.BR group ,
+optionally followed by the specification of the group
+.B objectClass
+and member
+.BR attributeType .
+The group with DN
+.B <pattern>
+is searched with base scope, and in case of match, the values of the
+member
+.B attributeType
+are searched for the asserted DN.
+For backwards compatibility, if no identity type is provided, i.e. only
+.B <pattern>
+is present, an
+.I exact DN
+is assumed; as a consequence,
+.B <pattern>
+is subjected to DN normalization.
+Since the interpretation of
+.I authzFrom
+and
+.I authzTo
+can impact security, users are strongly encouraged
+to explicitly set the type of identity specification that is being used.
+A subset of these rules can be used as third arg in the
+.B olcAuthzRegexp
+statement (see below); significantly, the
+.I URI
+and the
+.I dn.exact:<dn>
+forms.
+.RE
+.TP
+.B olcAuthzRegexp: <match> <replace>
+Used by the authentication framework to convert simple user names,
+such as provided by SASL subsystem, to an LDAP DN used for
+authorization purposes. Note that the resultant DN need not refer
+to an existing entry to be considered valid. When an authorization
+request is received from the SASL subsystem, the SASL
+.BR USERNAME ,
+.BR REALM ,
+and
+.B MECHANISM
+are taken, when available, and combined into a name of the form
+.RS
+.RS
+.TP
+.B UID=<username>[[,CN=<realm>],CN=<mechanism>],CN=auth
+
+.RE
+This name is then compared against the
+.B match
+POSIX (''extended'') regular expression, and if the match is successful,
+the name is replaced with the
+.B replace
+string. If there are wildcard strings in the
+.B match
+regular expression that are enclosed in parenthesis, e.g.
+.RS
+.TP
+.B UID=([^,]*),CN=.*
+
+.RE
+then the portion of the name that matched the wildcard will be stored
+in the numbered placeholder variable $1. If there are other wildcard strings
+in parenthesis, the matching strings will be in $2, $3, etc. up to $9. The
+placeholders can then be used in the
+.B replace
+string, e.g.
+.RS
+.TP
+.B UID=$1,OU=Accounts,DC=example,DC=com
+
+.RE
+The replaced name can be either a DN, i.e. a string prefixed by "dn:",
+or an LDAP URI.
+If the latter, the server will use the URI to search its own database(s)
+and, if the search returns exactly one entry, the name is
+replaced by the DN of that entry. The LDAP URI must have no
+hostport, attrs, or extensions components, but the filter is mandatory,
+e.g.
+.RS
+.TP
+.B ldap:///OU=Accounts,DC=example,DC=com??one?(UID=$1)
+
+.RE
+The protocol portion of the URI must be strictly
+.BR ldap .
+Note that this search is subject to access controls. Specifically,
+the authentication identity must have "auth" access in the subject.
+
+Multiple
+.B olcAuthzRegexp
+values can be specified to allow for multiple matching
+and replacement patterns. The matching patterns are checked in the order they
+appear in the attribute, stopping at the first successful match.
+
+.\".B Caution:
+.\"Because the plus sign + is a character recognized by the regular expression engine,
+.\"and it will appear in names that include a REALM, be careful to escape the
+.\"plus sign with a backslash \\+ to remove the character's special meaning.
+.RE
+.TP
+.B olcConcurrency: <integer>
+Specify a desired level of concurrency. Provided to the underlying
+thread system as a hint. The default is not to provide any hint. This setting
+is only meaningful on some platforms where there is not a one to one
+correspondence between user threads and kernel threads.
+.TP
+.B olcConnMaxPending: <integer>
+Specify the maximum number of pending requests for an anonymous session.
+If requests are submitted faster than the server can process them, they
+will be queued up to this limit. If the limit is exceeded, the session
+is closed. The default is 100.
+.TP
+.B olcConnMaxPendingAuth: <integer>
+Specify the maximum number of pending requests for an authenticated session.
+The default is 1000.
+.TP
+.B olcDisallows: <features>
+Specify a set of features to disallow (default none).
+.B bind_anon
+disables acceptance of anonymous bind requests. Note that this setting
+does not prohibit anonymous directory access (See "require authc").
+.B bind_simple
+disables simple (bind) authentication.
+.B tls_2_anon
+disables forcing session to anonymous status (see also
+.BR tls_authc )
+upon StartTLS operation receipt.
+.B tls_authc
+disallows the StartTLS operation if authenticated (see also
+.BR tls_2_anon ).
+.TP
+.B olcGentleHUP: { TRUE | FALSE }
+A SIGHUP signal will only cause a 'gentle' shutdown-attempt:
+.B Slapd
+will stop listening for new connections, but will not close the
+connections to the current clients. Future write operations return
+unwilling-to-perform, though. Slapd terminates when all clients
+have closed their connections (if they ever do), or \- as before \-
+if it receives a SIGTERM signal. This can be useful if you wish to
+terminate the server and start a new
+.B slapd
+server
+.B with another database,
+without disrupting the currently active clients.
+The default is FALSE. You may wish to use
+.B olcIdletTmeout
+along with this option.
+.TP
+.B olcIdleTimeout: <integer>
+Specify the number of seconds to wait before forcibly closing
+an idle client connection. A setting of 0 disables this
+feature. The default is 0.
+.TP
+.B olcIndexSubstrIfMaxlen: <integer>
+Specify the maximum length for subinitial and subfinal indices. Only
+this many characters of an attribute value will be processed by the
+indexing functions; any excess characters are ignored. The default is 4.
+.TP
+.B olcIndexSubstrIfMinlen: <integer>
+Specify the minimum length for subinitial and subfinal indices. An
+attribute value must have at least this many characters in order to be
+processed by the indexing functions. The default is 2.
+.TP
+.B olcIndexSubstrAnyLen: <integer>
+Specify the length used for subany indices. An attribute value must have
+at least this many characters in order to be processed. Attribute values
+longer than this length will be processed in segments of this length. The
+default is 4. The subany index will also be used in subinitial and
+subfinal index lookups when the filter string is longer than the
+.I olcIndexSubstrIfMaxlen
+value.
+.TP
+.B olcIndexSubstrAnyStep: <integer>
+Specify the steps used in subany index lookups. This value sets the offset
+for the segments of a filter string that are processed for a subany index
+lookup. The default is 2. For example, with the default values, a search
+using this filter "cn=*abcdefgh*" would generate index lookups for
+"abcd", "cdef", and "efgh".
+
+.TP
+.B olcLocalSSF: <SSF>
+Specifies the Security Strength Factor (SSF) to be given local LDAP sessions,
+such as those to the ldapi:// listener. For a description of SSF values,
+see
+.BR olcSaslSecProps 's
+.B minssf
+option description. The default is 71.
+.TP
+.B olcLogLevel: <integer> [...]
+Specify the level at which debugging statements and operation
+statistics should be syslogged (currently logged to the
+.BR syslogd (8)
+LOG_LOCAL4 facility).
+They must be considered subsystems rather than increasingly verbose
+log levels.
+Some messages with higher priority are logged regardless
+of the configured loglevel as soon as some logging is configured,
+otherwise anything is logged at all.
+Log levels are additive, and available levels are:
+.RS
+.RS
+.PD 0
+.TP
+.B 1
+.B (0x1 trace)
+trace function calls
+.TP
+.B 2
+.B (0x2 packets)
+debug packet handling
+.TP
+.B 4
+.B (0x4 args)
+heavy trace debugging (function args)
+.TP
+.B 8
+.B (0x8 conns)
+connection management
+.TP
+.B 16
+.B (0x10 BER)
+print out packets sent and received
+.TP
+.B 32
+.B (0x20 filter)
+search filter processing
+.TP
+.B 64
+.B (0x40 config)
+configuration file processing
+.TP
+.B 128
+.B (0x80 ACL)
+access control list processing
+.TP
+.B 256
+.B (0x100 stats)
+stats log connections/operations/results
+.TP
+.B 512
+.B (0x200 stats2)
+stats log entries sent
+.TP
+.B 1024
+.B (0x400 shell)
+print communication with shell backends
+.TP
+.B 2048
+.B (0x800 parse)
+entry parsing
+\".TP
+\".B 4096
+\".B (0x1000 cache)
+\"caching (unused)
+\".TP
+\".B 8192
+\".B (0x2000 index)
+\"data indexing (unused)
+.TP
+.B 16384
+.B (0x4000 sync)
+LDAPSync replication
+.TP
+.B 32768
+.B (0x8000 none)
+only messages that get logged whatever log level is set
+.PD
+.RE
+The desired log level can be input as a single integer that combines
+the (ORed) desired levels, both in decimal or in hexadecimal notation,
+as a list of integers (that are ORed internally),
+or as a list of the names that are shown between brackets, such that
+.LP
+.nf
+ olcLogLevel: 129
+ olcLogLevel: 0x81
+ olcLogLevel: 128 1
+ olcLogLevel: 0x80 0x1
+ olcLogLevel: acl trace
+.fi
+.LP
+are equivalent.
+The keyword
+.B any
+can be used as a shortcut to enable logging at all levels (equivalent to -1).
+The keyword
+.BR none ,
+or the equivalent integer representation, causes those messages
+that are logged regardless of the configured olcLogLevel to be logged.
+In fact, if no olcLogLevel (or a 0 level) is defined, no logging occurs,
+so at least the
+.B none
+level is required to have high priority messages logged.
+.RE
+.TP
+.B olcPasswordCryptSaltFormat: <format>
+Specify the format of the salt passed to
+.BR crypt (3)
+when generating {CRYPT} passwords (see
+.BR olcPasswordHash )
+during processing of LDAP Password Modify Extended Operations (RFC 3062).
+
+This string needs to be in
+.BR sprintf (3)
+format and may include one (and only one) %s conversion.
+This conversion will be substituted with a string of random
+characters from [A\-Za\-z0\-9./]. For example, "%.2s"
+provides a two character salt and "$1$%.8s" tells some
+versions of crypt(3) to use an MD5 algorithm and provides
+8 random characters of salt. The default is "%s", which
+provides 31 characters of salt.
+.TP
+.B olcPasswordHash: <hash> [<hash>...]
+This option configures one or more hashes to be used in generation of user
+passwords stored in the userPassword attribute during processing of
+LDAP Password Modify Extended Operations (RFC 3062).
+The <hash> must be one of
+.BR {SSHA} ,
+.BR {SHA} ,
+.BR {SMD5} ,
+.BR {MD5} ,
+.BR {CRYPT} ,
+and
+.BR {CLEARTEXT} .
+The default is
+.BR {SSHA} .
+
+.B {SHA}
+and
+.B {SSHA}
+use the SHA-1 algorithm (FIPS 160-1), the latter with a seed.
+
+.B {MD5}
+and
+.B {SMD5}
+use the MD5 algorithm (RFC 1321), the latter with a seed.
+
+.B {CRYPT}
+uses the
+.BR crypt (3).
+
+.B {CLEARTEXT}
+indicates that the new password should be
+added to userPassword as clear text.
+
+Note that this option does not alter the normal user applications
+handling of userPassword during LDAP Add, Modify, or other LDAP operations.
+.TP
+.B olcPidFile: <filename>
+The ( absolute ) name of a file that will hold the
+.B slapd
+server's process ID ( see
+.BR getpid (2)
+) if started without the debugging command line option.
+.TP
+.B olcPluginLogFile: <filename>
+The ( absolute ) name of a file that will contain log
+messages from
+.B SLAPI
+plugins. See
+.BR slapd.plugin (5)
+for details.
+.TP
+.B olcReferral: <url>
+Specify the referral to pass back when
+.BR slapd (8)
+cannot find a local database to handle a request.
+If multiple values are specified, each url is provided.
+.\" slurpd-related keywords are all deprecated
+.\".TP
+.\".B replica-argsfile
+.\"The ( absolute ) name of a file that will hold the
+.\".B slurpd
+.\"server's command line options
+.\"if started without the debugging command line option.
+.\"If it appears after a
+.\".B replogfile
+.\"directive, the args file is specific to the
+.\".BR slurpd (8)
+.\"instance that handles that replication log.
+.\".TP
+.\".B replica-pidfile
+.\"The ( absolute ) name of a file that will hold the
+.\".B slurpd
+.\"server's process ID ( see
+.\".BR getpid (2)
+.\") if started without the debugging command line option.
+.\"If it appears after a
+.\".B replogfile
+.\"directive, the pid file is specific to the
+.\".BR slurpd (8)
+.\"instance that handles that replication log.
+.\".TP
+.\".B replicationinterval
+.\"The number of seconds
+.\".B slurpd
+.\"waits before checking the replogfile for changes.
+.\"If it appears after a
+.\".B replogfile
+.\"directive, the replication interval is specific to the
+.\".BR slurpd (8)
+.\"instance that handles that replication log.
+.TP
+.B olcReverseLookup: TRUE | FALSE
+Enable/disable client name unverified reverse lookup (default is
+.BR FALSE
+if compiled with --enable-rlookups).
+.TP
+.B olcRootDSE: <file>
+Specify the name of an LDIF(5) file containing user defined attributes
+for the root DSE. These attributes are returned in addition to the
+attributes normally produced by slapd.
+.TP
+.B olcSaslHost: <fqdn>
+Used to specify the fully qualified domain name used for SASL processing.
+.TP
+.B olcSaslRealm: <realm>
+Specify SASL realm. Default is empty.
+.TP
+.B olcSaslSecProps: <properties>
+Used to specify Cyrus SASL security properties.
+The
+.B none
+flag (without any other properties) causes the flag properties
+default, "noanonymous,noplain", to be cleared.
+The
+.B noplain
+flag disables mechanisms susceptible to simple passive attacks.
+The
+.B noactive
+flag disables mechanisms susceptible to active attacks.
+The
+.B nodict
+flag disables mechanisms susceptible to passive dictionary attacks.
+The
+.B noanonymous
+flag disables mechanisms which support anonymous login.
+The
+.B forwardsec
+flag require forward secrecy between sessions.
+The
+.B passcred
+require mechanisms which pass client credentials (and allow
+mechanisms which can pass credentials to do so).
+The
+.B minssf=<factor>
+property specifies the minimum acceptable
+.I security strength factor
+as an integer approximate to effective key length used for
+encryption. 0 (zero) implies no protection, 1 implies integrity
+protection only, 56 allows DES or other weak ciphers, 112
+allows triple DES and other strong ciphers, 128 allows RC4,
+Blowfish and other modern strong ciphers. The default is 0.
+The
+.B maxssf=<factor>
+property specifies the maximum acceptable
+.I security strength factor
+as an integer (see minssf description). The default is INT_MAX.
+The
+.B maxbufsize=<size>
+property specifies the maximum security layer receive buffer
+size allowed. 0 disables security layers. The default is 65536.
+.TP
+.B olcServerID: <integer> [<URL>]
+Specify an integer ID from 0 to 4095 for this server. These IDs are
+required when using multimaster replication and each master must have a
+unique ID. If the URL is provided, this directive may be specified
+multiple times, providing a complete list of participating servers
+and their IDs. The fully qualified hostname of each server should be
+used in the supplied URLs. The IDs are used in the "replica id" field
+of all CSNs generated by the specified server. The default value is zero.
+Example:
+.LP
+.nf
+ olcServerID: 1 ldap://ldap1.example.com
+ olcServerID: 2 ldap://ldap2.example.com
+.fi
+.TP
+.B olcSockbufMaxIncoming: <integer>
+Specify the maximum incoming LDAP PDU size for anonymous sessions.
+The default is 262143.
+.TP
+.B olcSockbufMaxIncomingAuth: <integer>
+Specify the maximum incoming LDAP PDU size for authenticated sessions.
+The default is 4194303.
+.TP
+.B olcThreads: <integer>
+Specify the maximum size of the primary thread pool.
+The default is 16; the minimum value is 2.
+.TP
+.B olcToolThreads: <integer>
+Specify the maximum number of threads to use in tool mode.
+This should not be greater than the number of CPUs in the system.
+The default is 1.
+.\"ucdata-path is obsolete / ignored...
+.\".TP
+.\".B ucdata-path <path>
+.\"Specify the path to the directory containing the Unicode character
+.\"tables. The default path is DATADIR/ucdata.
+.SH TLS OPTIONS
+If
+.B slapd
+is built with support for Transport Layer Security, there are more options
+you can specify.
+.TP
+.B olcTLSCipherSuite: <cipher-suite-spec>
+Permits configuring what ciphers will be accepted and the preference order.
+<cipher-suite-spec> should be a cipher specification for OpenSSL. Example:
+
+olcTLSCipherSuite: HIGH:MEDIUM:+SSLv2
+
+To check what ciphers a given spec selects, use:
+
+openssl ciphers -v <cipher-suite-spec>
+.TP
+.B olcTLSCACertificateFile: <filename>
+Specifies the file that contains certificates for all of the Certificate
+Authorities that
+.B slapd
+will recognize.
+.TP
+.B olcTLSCACertificatePath: <path>
+Specifies the path of a directory that contains Certificate Authority
+certificates in separate individual files. Usually only one of this
+or the olcTLSCACertificateFile is defined. If both are specified, both
+locations will be used.
+.TP
+.B olcTLSCertificateFile: <filename>
+Specifies the file that contains the
+.B slapd
+server certificate.
+.TP
+.B olcTLSCertificateKeyFile: <filename>
+Specifies the file that contains the
+.B slapd
+server private key that matches the certificate stored in the
+.B olcTLSCertificateFile
+file. If the private key is protected with a password, the password must
+be manually typed in when slapd starts. Usually the private key is not
+protected with a password, to allow slapd to start without manual
+intervention, so
+it is of critical importance that the file is protected carefully.
+.TP
+.B olcTLSDHParamFile: <filename>
+This directive specifies the file that contains parameters for Diffie-Hellman
+ephemeral key exchange. This is required in order to use a DSA certificate on
+the server. If multiple sets of parameters are present in the file, all of
+them will be processed. Note that setting this option may also enable
+Anonymous Diffie-Hellman key exchanges in certain non-default cipher suites.
+You should append "!ADH" to your cipher suites if you have changed them
+from the default, otherwise no certificate exchanges or verification will
+be done.
+.TP
+.B olcTLSRandFile: <filename>
+Specifies the file to obtain random bits from when /dev/[u]random
+is not available. Generally set to the name of the EGD/PRNGD socket.
+The environment variable RANDFILE can also be used to specify the filename.
+.TP
+.B olcTLSVerifyClient: <level>
+Specifies what checks to perform on client certificates in an
+incoming TLS session, if any.
+The
+.B <level>
+can be specified as one of the following keywords:
+.RS
+.TP
+.B never
+This is the default.
+.B slapd
+will not ask the client for a certificate.
+.TP
+.B allow
+The client certificate is requested. If no certificate is provided,
+the session proceeds normally. If a bad certificate is provided,
+it will be ignored and the session proceeds normally.
+.TP
+.B try
+The client certificate is requested. If no certificate is provided,
+the session proceeds normally. If a bad certificate is provided,
+the session is immediately terminated.
+.TP
+.B demand | hard | true
+These keywords are all equivalent, for compatibility reasons.
+The client certificate is requested. If no certificate is provided,
+or a bad certificate is provided, the session is immediately terminated.
+
+Note that a valid client certificate is required in order to use the
+SASL EXTERNAL authentication mechanism with a TLS session. As such,
+a non-default
+.B olcTLSVerifyClient
+setting must be chosen to enable SASL EXTERNAL authentication.
+.RE
+.TP
+.B olcTLSCRLCheck: <level>
+Specifies if the Certificate Revocation List (CRL) of the CA should be
+used to verify if the client certificates have not been revoked. This
+requires
+.B olcTLSCACertificatePath
+parameter to be set.
+.B <level>
+can be specified as one of the following keywords:
+.RS
+.TP
+.B none
+No CRL checks are performed
+.TP
+.B peer
+Check the CRL of the peer certificate
+.TP
+.B all
+Check the CRL for a whole certificate chain
+.RE
+.SH DYNAMIC MODULE OPTIONS
+If
+.B slapd
+is compiled with --enable-modules then the module-related entries will
+be available. These entries are named
+.B cn=module{x},cn=config
+and
+must have the olcModuleList objectClass. One entry should be created
+per
+.B olcModulePath.
+Normally the config engine generates the "{x}" index in the RDN
+automatically, so it can be omitted when initially loading these entries.
+.TP
+.B olcModuleLoad: <filename>
+Specify the name of a dynamically loadable module to load. The filename
+may be an absolute path name or a simple filename. Non-absolute names
+are searched for in the directories specified by the
+.B olcModulePath
+option.
+.TP
+.B olcModulePath: <pathspec>
+Specify a list of directories to search for loadable modules. Typically
+the path is colon-separated but this depends on the operating system.
+.SH SCHEMA OPTIONS
+Schema definitions are created as entries in the
+.B cn=schema,cn=config
+subtree. These entries must have the olcSchemaConfig objectClass.
+As noted above, the actual
+.B cn=schema,cn=config
+entry is predefined and any values specified for it are ignored.
+
+.HP
+.hy 0
+.B olcAttributetypes: "(\ <oid>\
+ [NAME\ <name>]\
+ [DESC\ <description>]\
+ [OBSOLETE]\
+ [SUP\ <oid>]\
+ [EQUALITY\ <oid>]\
+ [ORDERING\ <oid>]\
+ [SUBSTR\ <oid>]\
+ [SYNTAX\ <oidlen>]\
+ [SINGLE\-VALUE]\
+ [COLLECTIVE]\
+ [NO\-USER\-MODIFICATION]\
+ [USAGE\ <attributeUsage>]\ )"
+.RS
+Specify an attribute type using the LDAPv3 syntax defined in RFC 4512.
+The slapd parser extends the RFC 4512 definition by allowing string
+forms as well as numeric OIDs to be used for the attribute OID and
+attribute syntax OID.
+(See the
+.B olcObjectIdentifier
+description.)
+.RE
+
+.HP
+.hy 0
+.B olcDitContentRules: "(\ <oid>\
+ [NAME\ <name>]\
+ [DESC\ <description>]\
+ [OBSOLETE]\
+ [AUX\ <oids>]\
+ [MUST\ <oids>]\
+ [MAY\ <oids>]\
+ [NOT\ <oids>]\ )"
+.RS
+Specify an DIT Content Rule using the LDAPv3 syntax defined in RFC 4512.
+The slapd parser extends the RFC 4512 definition by allowing string
+forms as well as numeric OIDs to be used for the attribute OID and
+attribute syntax OID.
+(See the
+.B olcObjectIdentifier
+description.)
+.RE
+
+.HP
+.hy 0
+.B olcObjectClasses: "(\ <oid>\
+ [NAME\ <name>]\
+ [DESC\ <description>]\
+ [OBSOLETE]\
+ [SUP\ <oids>]\
+ [{ ABSTRACT | STRUCTURAL | AUXILIARY }]\
+ [MUST\ <oids>] [MAY\ <oids>] )"
+.RS
+Specify an objectclass using the LDAPv3 syntax defined in RFC 4512.
+The slapd parser extends the RFC 4512 definition by allowing string
+forms as well as numeric OIDs to be used for the object class OID.
+(See the
+.B
+olcObjectIdentifier
+description.) Object classes are "STRUCTURAL" by default.
+.RE
+.TP
+.B olcObjectIdentifier: <name> "{ <oid> | <name>[:<suffix>] }"
+Define a string name that equates to the given OID. The string can be used
+in place of the numeric OID in objectclass and attribute definitions. The
+name can also be used with a suffix of the form ":xx" in which case the
+value "oid.xx" will be used.
+
+.SH GENERAL BACKEND OPTIONS
+Options in these entries only apply to the configuration of a single
+type of backend. All backends may support this class of options.
+The entry must be named
+.B olcBackend=<databasetype>,cn=config
+and must have the olcBackendConfig objectClass.
+<databasetype>
+should be one of
+.BR bdb ,
+.BR config ,
+.BR dnssrv ,
+.BR hdb ,
+.BR ldap ,
+.BR ldif ,
+.BR meta ,
+.BR monitor ,
+.BR null ,
+.BR passwd ,
+.BR perl ,
+.BR relay ,
+.BR shell ,
+or
+.BR sql .
+At present, no backend implements any options of this type.
+
+.SH DATABASE OPTIONS
+Database options are set in entries named
+.B olcDatabase={x}<databasetype>,cn=config
+and must have the olcDatabaseConfig objectClass. Normally the config
+engine generates the "{x}" index in the RDN automatically, so it
+can be omitted when initially loading these entries.
+
+The special frontend database is always numbered "{-1}" and the config
+database is always numbered "{0}".
+
+.SH GLOBAL DATABASE OPTIONS
+Options in this section may be set in the special "frontend" database
+and inherited in all the other databases. These options may be altered
+by further settings in each specific database. The frontend entry must
+be named
+.B olcDatabase=frontend,cn=config
+and must have the olcFrontendConfig objectClass.
+.TP
+.B olcAccess: to <what> "[ by <who> <access> <control> ]+"
+Grant access (specified by <access>) to a set of entries and/or
+attributes (specified by <what>) by one or more requestors (specified
+by <who>).
+If no access controls are present, the default policy
+allows anyone and everyone to read anything but restricts
+updates to rootdn. (e.g., "olcAccess: to * by * read").
+See
+.BR slapd.access (5)
+and the "OpenLDAP Administrator's Guide" for details.
+
+Access controls set in the frontend are appended to any access
+controls set on the specific databases.
+The rootdn of a database can always read and write EVERYTHING
+in that database.
+
+Extra special care must be taken with the access controls on the
+config database. Unlike other databases, the default policy for the
+config database is to only allow access to the rootdn. Regular users
+should not have read access, and write access should be granted very
+carefully to privileged administrators.
+
+.TP
+.B olcDefaultSearchBase: <dn>
+Specify a default search base to use when client submits a
+non-base search request with an empty base DN.
+Base scoped search requests with an empty base DN are not affected.
+This setting is only allowed in the frontend entry.
+.TP
+.B olcReadOnly: TRUE | FALSE
+This option puts the database into "read-only" mode. Any attempts to
+modify the database will return an "unwilling to perform" error. By
+default, olcReadOnly is FALSE. Note that when this option is set
+TRUE on the frontend, it cannot be reset without restarting the
+server, since further writes to the config database will be rejected.
+.TP
+.B olcRequires: <conditions>
+Specify a set of conditions to require (default none).
+The directive may be specified globally and/or per-database;
+databases inherit global conditions, so per-database specifications
+are additive.
+.B bind
+requires bind operation prior to directory operations.
+.B LDAPv3
+requires session to be using LDAP version 3.
+.B authc
+requires authentication prior to directory operations.
+.B SASL
+requires SASL authentication prior to directory operations.
+.B strong
+requires strong authentication prior to directory operations.
+The strong keyword allows protected "simple" authentication
+as well as SASL authentication.
+.B none
+may be used to require no conditions (useful to clear out globally
+set conditions within a particular database); it must occur first
+in the list of conditions.
+.TP
+.B olcRestrict: <oplist>
+Specify a list of operations that are restricted.
+Restrictions on a specific database override any frontend setting.
+Operations can be any of
+.BR add ,
+.BR bind ,
+.BR compare ,
+.BR delete ,
+.BR extended[=<OID>] ,
+.BR modify ,
+.BR rename ,
+.BR search ,
+or the special pseudo-operations
+.B read
+and
+.BR write ,
+which respectively summarize read and write operations.
+The use of
+.I restrict write
+is equivalent to
+.I olcReadOnly: TRUE
+(see above).
+The
+.B extended
+keyword allows to indicate the OID of the specific operation
+to be restricted.
+.TP
+.B olcSchemaDN: <dn>
+Specify the distinguished name for the subschema subentry that
+controls the entries on this server. The default is "cn=Subschema".
+.TP
+.B olcSecurity: <factors>
+Specify a set of security strength factors (separated by white space)
+to require (see
+.BR olcSaslSecprops 's
+.B minssf
+option for a description of security strength factors).
+The directive may be specified globally and/or per-database.
+.B ssf=<n>
+specifies the overall security strength factor.
+.B transport=<n>
+specifies the transport security strength factor.
+.B tls=<n>
+specifies the TLS security strength factor.
+.B sasl=<n>
+specifies the SASL security strength factor.
+.B update_ssf=<n>
+specifies the overall security strength factor to require for
+directory updates.
+.B update_transport=<n>
+specifies the transport security strength factor to require for
+directory updates.
+.B update_tls=<n>
+specifies the TLS security strength factor to require for
+directory updates.
+.B update_sasl=<n>
+specifies the SASL security strength factor to require for
+directory updates.
+.B simple_bind=<n>
+specifies the security strength factor required for
+.I simple
+username/password authentication.
+Note that the
+.B transport
+factor is measure of security provided by the underlying transport,
+e.g. ldapi:// (and eventually IPSEC). It is not normally used.
+.TP
+.B olcSizeLimit: {<integer>|unlimited}
+.TP
+.B olcSizeLimit: size[.{soft|hard|unchecked}]=<integer> [...]
+Specify the maximum number of entries to return from a search operation.
+The default size limit is 500.
+Use
+.B unlimited
+to specify no limits.
+The second format allows a fine grain setting of the size limits.
+Extra args can be added in the same value or as additional values.
+See
+.BR olcLimits
+for an explanation of the different flags.
+.TP
+.B olcTimeLimit: {<integer>|unlimited}
+.TP
+.B olcTimeLimit: time[.{soft|hard}]=<integer> [...]
+Specify the maximum number of seconds (in real time)
+.B slapd
+will spend answering a search request. The default time limit is 3600.
+Use
+.B unlimited
+to specify no limits.
+The second format allows a fine grain setting of the time limits.
+Extra args can be added in the same value or as additional values.
+See
+.BR olcLimits
+for an explanation of the different flags.
+
+.SH GENERAL DATABASE OPTIONS
+Options in this section only apply to the specific database for
+which they are defined. They are supported by every
+type of backend. All of the Global Database Options may also be
+used here.
+.TP
+.B olcLastMod: TRUE | FALSE
+Controls whether
+.B slapd
+will automatically maintain the
+modifiersName, modifyTimestamp, creatorsName, and
+createTimestamp attributes for entries. It also controls
+the entryCSN and entryUUID attributes, which are needed
+by the syncrepl provider. By default, olcLastMod is TRUE.
+.TP
+.B olcLimits: <who> <limit> [<limit> [...]]
+Specify time and size limits based on who initiated an operation.
+The argument
+.B who
+can be any of
+.RS
+.RS
+.TP
+anonymous | users | [dn[.<style>]=]<pattern> | group[/oc[/at]]=<pattern>
+
+.RE
+with
+.RS
+.TP
+<style> ::= exact | base | onelevel | subtree | children | regex | anonymous
+
+.RE
+The term
+.B anonymous
+matches all unauthenticated clients.
+The term
+.B users
+matches all authenticated clients;
+otherwise an
+.B exact
+dn pattern is assumed unless otherwise specified by qualifying
+the (optional) key string
+.B dn
+with
+.B exact
+or
+.B base
+(which are synonyms), to require an exact match; with
+.BR onelevel ,
+to require exactly one level of depth match; with
+.BR subtree ,
+to allow any level of depth match, including the exact match; with
+.BR children ,
+to allow any level of depth match, not including the exact match;
+.BR regex
+explicitly requires the (default) match based on POSIX (''extended'')
+regular expression pattern.
+Finally,
+.B anonymous
+matches unbound operations; the
+.B pattern
+field is ignored.
+The same behavior is obtained by using the
+.B anonymous
+form of the
+.B who
+clause.
+The term
+.BR group ,
+with the optional objectClass
+.B oc
+and attributeType
+.B at
+fields, followed by
+.BR pattern ,
+sets the limits for any DN listed in the values of the
+.B at
+attribute (default
+.BR member )
+of the
+.B oc
+group objectClass (default
+.BR groupOfNames )
+whose DN exactly matches
+.BR pattern .
+
+The currently supported limits are
+.B size
+and
+.BR time .
+
+The syntax for time limits is
+.BR time[.{soft|hard}]=<integer> ,
+where
+.I integer
+is the number of seconds slapd will spend answering a search request.
+If no time limit is explicitly requested by the client, the
+.BR soft
+limit is used; if the requested time limit exceeds the
+.BR hard
+.\"limit, an
+.\".I "Administrative limit exceeded"
+.\"error is returned.
+limit, the value of the limit is used instead.
+If the
+.BR hard
+limit is set to the keyword
+.IR soft ,
+the soft limit is used in either case; if it is set to the keyword
+.IR unlimited ,
+no hard limit is enforced.
+Explicit requests for time limits smaller or equal to the
+.BR hard
+limit are honored.
+If no limit specifier is set, the value is assigned to the
+.BR soft
+limit, and the
+.BR hard
+limit is set to
+.IR soft ,
+to preserve the original behavior.
+
+The syntax for size limits is
+.BR size[.{soft|hard|unchecked}]=<integer> ,
+where
+.I integer
+is the maximum number of entries slapd will return answering a search
+request.
+If no size limit is explicitly requested by the client, the
+.BR soft
+limit is used; if the requested size limit exceeds the
+.BR hard
+.\"limit, an
+.\".I "Administrative limit exceeded"
+.\"error is returned.
+limit, the value of the limit is used instead.
+If the
+.BR hard
+limit is set to the keyword
+.IR soft ,
+the soft limit is used in either case; if it is set to the keyword
+.IR unlimited ,
+no hard limit is enforced.
+Explicit requests for size limits smaller or equal to the
+.BR hard
+limit are honored.
+The
+.BR unchecked
+specifier sets a limit on the number of candidates a search request is allowed
+to examine.
+The rationale behind it is that searches for non-properly indexed
+attributes may result in large sets of candidates, which must be
+examined by
+.BR slapd (8)
+to determine whether they match the search filter or not.
+The
+.B unchecked
+limit provides a means to drop such operations before they are even
+started.
+If the selected candidates exceed the
+.BR unchecked
+limit, the search will abort with
+.IR "Unwilling to perform" .
+If it is set to the keyword
+.IR unlimited ,
+no limit is applied (the default).
+If it is set to
+.IR disable ,
+the search is not even performed; this can be used to disallow searches
+for a specific set of users.
+If no limit specifier is set, the value is assigned to the
+.BR soft
+limit, and the
+.BR hard
+limit is set to
+.IR soft ,
+to preserve the original behavior.
+
+In case of no match, the global limits are used.
+The default values are the same as
+.B olcSizeLimit
+and
+.BR olcTimeLimit ;
+no limit is set on
+.BR unchecked .
+
+If
+.B pagedResults
+control is requested, the
+.B hard
+size limit is used by default, because the request of a specific page size
+is considered an explicit request for a limitation on the number
+of entries to be returned.
+However, the size limit applies to the total count of entries returned within
+the search, and not to a single page.
+Additional size limits may be enforced; the syntax is
+.BR size.pr={<integer>|noEstimate|unlimited} ,
+where
+.I integer
+is the max page size if no explicit limit is set; the keyword
+.I noEstimate
+inhibits the server from returning an estimate of the total number
+of entries that might be returned
+(note: the current implementation does not return any estimate).
+The keyword
+.I unlimited
+indicates that no limit is applied to the pagedResults control page size.
+The syntax
+.B size.prtotal={<integer>|unlimited|disabled}
+allows to set a limit on the total number of entries that a pagedResults
+control allows to return.
+By default it is set to the
+.B hard
+limit.
+When set,
+.I integer
+is the max number of entries that the whole search with pagedResults control
+can return.
+Use
+.I unlimited
+to allow unlimited number of entries to be returned, e.g. to allow
+the use of the pagedResults control as a means to circumvent size
+limitations on regular searches; the keyword
+.I disabled
+disables the control, i.e. no paged results can be returned.
+Note that the total number of entries returned when the pagedResults control
+is requested cannot exceed the
+.B hard
+size limit of regular searches unless extended by the
+.B prtotal
+switch.
+.RE
+.TP
+.B olcMaxDerefDepth: <depth>
+Specifies the maximum number of aliases to dereference when trying to
+resolve an entry, used to avoid infinite alias loops. The default is 1.
+.TP
+.B olcMirrorMode: TRUE | FALSE
+This option puts a replica database into "mirror" mode. Update
+operations will be accepted from any user, not just the updatedn. The
+database must already be configured as syncrepl consumer
+before this keyword may be set. This mode must be used with extreme
+care, as it does not offer any consistency guarantees. This feature
+is intended to be used with an external frontend that guarantees that
+writes are only directed to a single master, switching to an alternate
+server only if the original master goes down.
+By default, this setting is FALSE.
+.TP
+.B olcPlugin: <plugin_type> <lib_path> <init_function> [<arguments>]
+Configure a SLAPI plugin. See the
+.BR slapd.plugin (5)
+manpage for more details.
+.\".HP
+.\".hy 0
+.\".B replica uri=ldap[s]://<hostname>[:port]|host=<hostname>[:port]
+.\".B [starttls=yes|critical]
+.\".B [suffix=<suffix> [...]]
+.\".B bindmethod=simple|sasl [binddn=<simple DN>] [credentials=<simple password>]
+.\".B [saslmech=<SASL mech>] [secprops=<properties>] [realm=<realm>]
+.\".B [authcId=<authentication ID>] [authzId=<authorization ID>]
+.\".B [attrs[!]=<attr list>]
+.\".RS
+.\"Specify a replication site for this database. Refer to the "OpenLDAP
+.\"Administrator's Guide" for detailed information on setting up a replicated
+.\".B slapd
+.\"directory service. Zero or more
+.\".B suffix
+.\"instances can be used to select the subtrees that will be replicated
+.\"(defaults to all the database).
+.\".B host
+.\"is deprecated in favor of the
+.\".B uri
+.\"option.
+.\".B uri
+.\"allows the replica LDAP server to be specified as an LDAP URI.
+.\"A
+.\".B bindmethod
+.\"of
+.\".B simple
+.\"requires the options
+.\".B binddn
+.\"and
+.\".B credentials
+.\"and should only be used when adequate security services
+.\"(e.g TLS or IPSEC) are in place. A
+.\".B bindmethod
+.\"of
+.\".B sasl
+.\"requires the option
+.\".B saslmech.
+.\"Specific security properties (as with the
+.\".B sasl-secprops
+.\"keyword above) for a SASL bind can be set with the
+.\".B secprops
+.\"option. A non-default SASL realm can be set with the
+.\".B realm
+.\"option.
+.\"If the
+.\".B mechanism
+.\"will use Kerberos, a kerberos instance should be given in
+.\".B authcId.
+.\"An
+.\".B attr list
+.\"can be given after the
+.\".B attrs
+.\"keyword to allow the selective replication of the listed attributes only;
+.\"if the optional
+.\".B !
+.\"mark is used, the list is considered exclusive, i.e. the listed attributes
+.\"are not replicated.
+.\"If an objectClass is listed, all the related attributes
+.\"are (are not) replicated.
+.\".RE
+.\".TP
+.\".B replogfile <filename>
+.\"Specify the name of the replication log file to log changes to.
+.\"The replication log is typically written by
+.\".BR slapd (8)
+.\"and read by
+.\".BR slurpd (8).
+.\"See
+.\".BR slapd.replog (5)
+.\"for more information. The specified file should be located
+.\"in a directory with limited read/write/execute access as the replication
+.\"logs may contain sensitive information.
+.TP
+.B olcRootDN: <dn>
+Specify the distinguished name that is not subject to access control
+or administrative limit restrictions for operations on this database.
+This DN may or may not be associated with an entry. An empty root
+DN (the default) specifies no root access is to be granted. It is
+recommended that the rootdn only be specified when needed (such as
+when initially populating a database). If the rootdn is within
+a namingContext (suffix) of the database, a simple bind password
+may also be provided using the
+.B olcRootPW
+directive. Note that the rootdn is always needed when using syncrepl.
+.TP
+.B olcRootPW: <password>
+Specify a password (or hash of the password) for the rootdn. The
+password can only be set if the rootdn is within the namingContext
+(suffix) of the database.
+This option accepts all RFC 2307 userPassword formats known to
+the server (see
+.B olcPasswordHash
+description) as well as cleartext.
+.BR slappasswd (8)
+may be used to generate a hash of a password. Cleartext
+and \fB{CRYPT}\fP passwords are not recommended. If empty
+(the default), authentication of the root DN is by other means
+(e.g. SASL). Use of SASL is encouraged.
+.TP
+.B olcSubordinate: [TRUE | FALSE | advertise]
+Specify that the current backend database is a subordinate of another
+backend database. A subordinate database may have only one suffix. This
+option may be used to glue multiple databases into a single namingContext.
+If the suffix of the current database is within the namingContext of a
+superior database, searches against the superior database will be
+propagated to the subordinate as well. All of the databases
+associated with a single namingContext should have identical rootdns.
+Behavior of other LDAP operations is unaffected by this setting. In
+particular, it is not possible to use moddn to move an entry from
+one subordinate to another subordinate within the namingContext.
+
+If the optional \fBadvertise\fP flag is supplied, the naming context of
+this database is advertised in the root DSE. The default is to hide this
+database context, so that only the superior context is visible.
+
+If the slap tools
+.BR slapcat (8),
+.BR slapadd (8),
+or
+.BR slapindex (8)
+are used on the superior database, any glued subordinates that support
+these tools are opened as well.
+
+Databases that are glued together should usually be configured with the
+same indices (assuming they support indexing), even for attributes that
+only exist in some of these databases. In general, all of the glued
+databases should be configured as similarly as possible, since the intent
+is to provide the appearance of a single directory.
+
+Note that the subordinate functionality is implemented internally
+by the \fIglue\fP overlay and as such its behavior will interact with other
+overlays in use. By default, the glue overlay is automatically configured as
+the last overlay on the superior database. Its position on the database
+can be explicitly configured by setting an \fBoverlay glue\fP directive
+at the desired position. This explicit configuration is necessary e.g.
+when using the \fIsyncprov\fP overlay, which needs to follow \fIglue\fP
+in order to work over all of the glued databases. E.g.
+.RS
+.nf
+ dn: olcDatabase={1}bdb,cn=config
+ olcSuffix: dc=example,dc=com
+ ...
+
+ dn: olcOverlay={0}glue,olcDatabase={1}bdb,cn=config
+ ...
+
+ dn: olcOverlay={1}syncprov,olcDatabase={1}bdb,cn=config
+ ...
+.fi
+.RE
+See the Overlays section below for more details.
+.TP
+.B olcSuffix: <dn suffix>
+Specify the DN suffix of queries that will be passed to this
+backend database. Multiple suffix lines can be given and at least one is
+required for each database definition.
+If the suffix of one database is "inside" that of another, the database
+with the inner suffix must come first in the configuration file.
+.HP
+.hy 0
+.B olcSyncrepl: rid=<replica ID>
+.B provider=ldap[s]://<hostname>[:port]
+.B searchbase=<base DN>
+.B [type=refreshOnly|refreshAndPersist]
+.B [interval=dd:hh:mm:ss]
+.B [retry=[<retry interval> <# of retries>]+]
+.B [filter=<filter str>]
+.B [scope=sub|one|base|subord]
+.B [attrs=<attr list>]
+.B [exattrs=<attr list>]
+.B [attrsonly]
+.B [sizelimit=<limit>]
+.B [timelimit=<limit>]
+.B [schemachecking=on|off]
+.B [bindmethod=simple|sasl]
+.B [binddn=<dn>]
+.B [saslmech=<mech>]
+.B [authcid=<identity>]
+.B [authzid=<identity>]
+.B [credentials=<passwd>]
+.B [realm=<realm>]
+.B [secprops=<properties>]
+.B [starttls=yes|critical]
+.B [tls_cert=<file>]
+.B [tls_key=<file>]
+.B [tls_cacert=<file>]
+.B [tls_cacertdir=<path>]
+.B [tls_reqcert=never|allow|try|demand]
+.B [tls_ciphersuite=<ciphers>]
+.B [tls_crlcheck=none|peer|all]
+.B [logbase=<base DN>]
+.B [logfilter=<filter str>]
+.B [syncdata=default|accesslog|changelog]
+.RS
+Specify the current database as a replica which is kept up-to-date with the
+master content by establishing the current
+.BR slapd (8)
+as a replication consumer site running a
+.B syncrepl
+replication engine.
+The replica content is kept synchronized to the master content using
+the LDAP Content Synchronization protocol. Refer to the
+"OpenLDAP Administrator's Guide" for detailed information on
+setting up a replicated
+.B slapd
+directory service using the
+.B syncrepl
+replication engine.
+
+.B rid
+identifies the current
+.B syncrepl
+directive within the replication consumer site.
+It is a non-negative integer having no more than three digits.
+
+.B provider
+specifies the replication provider site containing the master content
+as an LDAP URI. If <port> is not given, the standard LDAP port number
+(389 or 636) is used.
+
+The content of the
+.B syncrepl
+replica is defined using a search
+specification as its result set. The consumer
+.B slapd
+will send search requests to the provider
+.B slapd
+according to the search specification. The search specification includes
+.B searchbase, scope, filter, attrs, attrsonly, sizelimit,
+and
+.B timelimit
+parameters as in the normal search specification. The
+.B exattrs
+option may also be used to specify attributes that should be omitted
+from incoming entries.
+The \fBscope\fP defaults to \fBsub\fP, the \fBfilter\fP defaults to
+\fB(objectclass=*)\fP, and there is no default \fBsearchbase\fP. The
+\fBattrs\fP list defaults to \fB"*,+"\fP to return all user and operational
+attributes, and \fBattrsonly\fP and \fBexattrs\fP are unset by default.
+The \fBsizelimit\fP and \fBtimelimit\fP only
+accept "unlimited" and positive integers, and both default to "unlimited".
+Note, however, that any provider-side limits for the replication identity
+will be enforced by the provider regardless of the limits requested
+by the LDAP Content Synchronization operation, much like for any other
+search operation.
+
+The LDAP Content Synchronization protocol has two operation types.
+In the
+.B refreshOnly
+operation, the next synchronization search operation
+is periodically rescheduled at an interval time (specified by
+.B interval
+parameter; 1 day by default)
+after each synchronization operation finishes.
+In the
+.B refreshAndPersist
+operation, a synchronization search remains persistent in the provider slapd.
+Further updates to the master replica will generate
+.B searchResultEntry
+to the consumer slapd as the search responses to the persistent
+synchronization search.
+
+If an error occurs during replication, the consumer will attempt to
+reconnect according to the
+.B retry
+parameter which is a list of the <retry interval> and <# of retries> pairs.
+For example, retry="60 10 300 3" lets the consumer retry every 60 seconds
+for the first 10 times and then retry every 300 seconds for the next 3
+times before stop retrying. The `+' in <# of retries> means indefinite
+number of retries until success.
+
+The schema checking can be enforced at the LDAP Sync
+consumer site by turning on the
+.B schemachecking
+parameter. The default is off.
+
+A
+.B bindmethod
+of
+.B simple
+requires the options
+.B binddn
+and
+.B credentials
+and should only be used when adequate security services
+(e.g. TLS or IPSEC) are in place.
+A
+.B bindmethod
+of
+.B sasl
+requires the option
+.B saslmech.
+Depending on the mechanism, an authentication identity and/or
+credentials can be specified using
+.B authcid
+and
+.B credentials.
+The
+.B authzid
+parameter may be used to specify an authorization identity.
+Specific security properties (as with the
+.B sasl-secprops
+keyword above) for a SASL bind can be set with the
+.B secprops
+option. A non default SASL realm can be set with the
+.B realm
+option.
+The provider, other than allow authentication of the syncrepl identity,
+should grant that identity appropriate access privileges to the data
+that is being replicated (\fBaccess\fP directive), and appropriate time
+and size limits (\fBlimits\fP directive).
+
+
+The
+.B starttls
+parameter specifies use of the StartTLS extended operation
+to establish a TLS session before Binding to the provider. If the
+.B critical
+argument is supplied, the session will be aborted if the StartTLS request
+fails. Otherwise the syncrepl session continues without TLS. The
+tls_reqcert setting defaults to "demand" and the other TLS settings
+default to the same as the main slapd TLS settings.
+
+Rather than replicating whole entries, the consumer can query logs of
+data modifications. This mode of operation is referred to as \fIdelta
+syncrepl\fP. In addition to the above parameters, the
+.B logbase
+and
+.B logfilter
+parameters must be set appropriately for the log that will be used. The
+.B syncdata
+parameter must be set to either "accesslog" if the log conforms to the
+.BR slapo-accesslog (5)
+log format, or "changelog" if the log conforms
+to the obsolete \fIchangelog\fP format. If the
+.B syncdata
+parameter is omitted or set to "default" then the log parameters are
+ignored.
+.RE
+.TP
+.B olcUpdateDN: <dn>
+This option is only applicable in a slave
+database.
+It specifies the DN permitted to update (subject to access controls)
+the replica (typically, this is the DN
+.BR slurpd (8)
+binds to update the replica). Generally, this DN
+.I should not
+be the same as the
+.B rootdn
+used at the master.
+.TP
+.B olcUpdateRef: <url>
+Specify the referral to pass back when
+.BR slapd (8)
+is asked to modify a replicated local database.
+If multiple values are specified, each url is provided.
+
+.SH DATABASE-SPECIFIC OPTIONS
+Each database may allow specific configuration options; they are
+documented separately in the backends' manual pages. See the
+.BR slapd.backends (5)
+manual page for an overview of available backends.
+.SH OVERLAYS
+An overlay is a piece of
+code that intercepts database operations in order to extend or change
+them. Overlays are pushed onto
+a stack over the database, and so they will execute in the reverse
+of the order in which they were configured and the database itself
+will receive control last of all.
+
+Overlays must be configured as child entries of a specific database. The
+entry's RDN must be of the form
+.B olcOverlay={x}<overlaytype>
+and the entry must have the olcOverlayConfig objectClass. Normally the
+config engine generates the "{x}" index in the RDN automatically, so
+it can be omitted when initially loading these entries.
+
+See the
+.BR slapd.overlays (5)
+manual page for an overview of available overlays.
+.SH EXAMPLES
+.LP
+Here is a short example of a configuration in LDIF suitable for use with
+.BR slapadd (8)
+:
+.LP
+.RS
+.nf
+dn: cn=config
+objectClass: olcGlobal
+cn: config
+olcPidFile: LOCALSTATEDIR/run/slapd.pid
+olcAttributeOptions: x-hidden lang-
+
+dn: cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: schema
+
+include: SYSCONFDIR/schema/core.ldif
+
+dn: olcDatabase=frontend,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcFrontendConfig
+olcDatabase: frontend
+# Subtypes of "name" (e.g. "cn" and "ou") with the
+# option ";x-hidden" can be searched for/compared,
+# but are not shown. See \fBslapd.access\fP(5).
+olcAccess: to attrs=name;x-hidden by * =cs
+# Protect passwords. See \fBslapd.access\fP(5).
+olcAccess: to attrs=userPassword by * auth
+# Read access to other attributes and entries.
+olcAccess: to * by * read
+
+# set a rootpw for the config database so we can bind.
+# deny access to everyone else.
+dn: olcDatabase=config,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: config
+olcRootPW: {SSHA}XKYnrjvGT3wZFQrDD5040US592LxsdLy
+olcAccess: to * by * none
+
+dn: olcDatabase=bdb,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcBdbConfig
+olcDatabase: bdb
+olcSuffix: "dc=our-domain,dc=com"
+# The database directory MUST exist prior to
+# running slapd AND should only be accessible
+# by the slapd/tools. Mode 0700 recommended.
+olcDbDirectory: LOCALSTATEDIR/openldap-data
+# Indices to maintain
+olcDbIndex: objectClass eq
+olcDbIndex: cn,sn,mail pres,eq,approx,sub
+
+# We serve small clients that do not handle referrals,
+# so handle remote lookups on their behalf.
+dn: olcDatabase=ldap,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcLdapConfig
+olcDatabase: ldap
+olcSuffix: ""
+olcDbUri: ldap://ldap.some-server.com/
+.fi
+.RE
+.LP
+Assuming the above data was saved in a file named "config.ldif" and the
+ETCDIR/slapd.d directory has been created, this command will initialize
+the configuration:
+.RS
+.nf
+slapadd -F ETCDIR/slapd.d -n 0 -l config.ldif
+.fi
+.RE
+
+.LP
+"OpenLDAP Administrator's Guide" contains a longer annotated
+example of a slapd configuration.
+
+Alternatively, an existing slapd.conf file can be converted to the new
+format using slapd or any of the slap tools:
+.RS
+.nf
+slaptest -f ETCDIR/slapd.conf -F ETCDIR/slapd.d
+.fi
+.RE
+
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.TP
+ETCDIR/slapd.d
+default slapd configuration directory
+.SH SEE ALSO
+.BR ldap (3),
+.BR ldif (5),
+.BR slapd.access (5),
+.BR slapd.backends (5),
+.BR slapd.conf (5),
+.BR slapd.overlays (5),
+.BR slapd.plugin (5),
+.BR slapd.replog (5),
+.BR slapd (8),
+.BR slapacl (8),
+.BR slapadd (8),
+.BR slapauth (8),
+.BR slapcat (8),
+.BR slapdn (8),
+.BR slapindex (8),
+.BR slappasswd (8),
+.BR slaptest (8),
+.BR slurpd (8).
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.SH ACKNOWLEDGEMENTS
+.so ../Project
diff --git a/doc/man/man5/slapd-dnssrv.5 b/doc/man/man5/slapd-dnssrv.5
index b3989e3af6db8264f70d0365d629ad1422d84060..51d6f27fcceb6e138feb01bcaff161cf2afa5d8b 100644
--- a/doc/man/man5/slapd-dnssrv.5
+++ b/doc/man/man5/slapd-dnssrv.5
@@ -1,5 +1,5 @@
.TH SLAPD-DNSSRV 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
diff --git a/doc/man/man5/slapd-ldap.5 b/doc/man/man5/slapd-ldap.5
index 28bcc7ebf6856d8f19629801b006d190c4c4072a..847ea6d6570d4a2976eb8ef64fa0f44d4e1063b6 100644
--- a/doc/man/man5/slapd-ldap.5
+++ b/doc/man/man5/slapd-ldap.5
@@ -1,5 +1,5 @@
.TH SLAPD-LDAP 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
@@ -38,11 +38,14 @@ rules; see
for details.
.LP
-Note: When looping back to the same instance of \fBslapd\fP(8),
-each connection requires a new thread; as a consequence, \fBslapd\fP(8)
+Note: When looping back to the same instance of
+.BR slapd (8),
+each connection requires a new thread; as a consequence,
+.BR slapd (8)
must be compiled with thread support, and the \fBthreads\fP parameter
may need some tuning; in those cases, one may consider using
-\fBslapd-relay\fP(5) instead, which performs the relayed operation
+.BR slapd-relay (5)
+instead, which performs the relayed operation
internally and thus reuses the same connection.
.SH CONFIGURATION
@@ -95,6 +98,13 @@ needs be created.
.B bindmethod=simple|sasl [binddn=<simple DN>] [credentials=<simple password>]
.B [saslmech=<SASL mech>] [secprops=<properties>] [realm=<realm>]
.B [authcId=<authentication ID>] [authzId=<authorization ID>]
+.B [tls_cert=<file>]
+.B [tls_key=<file>]
+.B [tls_cacert=<file>]
+.B [tls_cacertdir=<path>]
+.B [tls_reqcert=never|allow|try|demand]
+.B [tls_ciphersuite=<ciphers>]
+.B [tls_crlcheck=none|peer|all]
.RS
Allows to define the parameters of the authentication method that is
internally used by the proxy to collect info related to access control,
@@ -127,6 +137,11 @@ This directive obsoletes
.BR acl-authcDN ,
and
.BR acl-passwd .
+
+The TLS settings default to the same as the main slapd TLS settings,
+except for
+.B tls_reqcert
+which defaults to "demand".
.RE
.TP
@@ -193,6 +208,13 @@ for details on the syntax of this field.
.B [saslmech=<SASL mech>] [secprops=<properties>] [realm=<realm>]
.B [authcId=<authentication ID>] [authzId=<authorization ID>]
.B [authz={native|proxyauthz}] [mode=<mode>] [flags=<flags>]
+.B [tls_cert=<file>]
+.B [tls_key=<file>]
+.B [tls_cacert=<file>]
+.B [tls_cacertdir=<path>]
+.B [tls_reqcert=never|allow|try|demand]
+.B [tls_ciphersuite=<ciphers>]
+.B [tls_crlcheck=none|peer|all]
.RS
Allows to define the parameters of the authentication method that is
internally used by the proxy to authorize connections that are
@@ -330,6 +352,11 @@ whose assertion is not allowed by the
.B idassert-authzFrom
patterns.
+The TLS settings default to the same as the main slapd TLS settings,
+except for
+.B tls_reqcert
+which defaults to "demand".
+
The identity associated to this directive is also used for privileged
operations whenever \fBidassert-bind\fP is defined and \fBacl-bind\fP
is not. See \fBacl-bind\fP for details.
@@ -347,6 +374,16 @@ and
This directive causes a cached connection to be dropped an recreated
after it has been idle for the specified time.
+.TP
+.B network-timeout <time>
+Sets the network timeout value after which
+.BR poll (2)/ select (2)
+following a
+.BR connect (2)
+returns in case of no activity.
+The value is in seconds, and it can be specified as for
+.BR idle-timeout .
+
.TP
.B protocol\-version {0,2,3}
This directive indicates what protocol version must be used to contact
@@ -386,8 +423,11 @@ attribute of the database entry in the configuration backend.
.TP
.B rebind-as-user {NO|yes}
If this option is given, the client's bind credentials are remembered
-for rebinds when chasing referrals. Useful when
-\fBchase-referrals\fP is set to \fByes\fP, useless otherwise.
+for rebinds, when trying to re-establish a broken connection,
+or when chasing a referral, if
+.B chase-referrals
+is set to
+.IR yes .
.TP
.B single\-conn {NO|yes}
@@ -406,13 +446,15 @@ support is detected by reading the remote server's root DSE.
This directive allows to set per-operation timeouts.
Operations can be
-\fB<op> ::= bind, add, delete, modrdn, modify, compare\fP
+\fB<op> ::= bind, add, delete, modrdn, modify, compare, search\fP
-The \fBsearch\fP operation is already controlled either
+The overall duration of the \fBsearch\fP operation is controlled either
by the \fBtimelimit\fP parameter or by server-side enforced
time limits (see \fBtimelimit\fP and \fBlimits\fP in
.BR slapd.conf (5)
for details).
+This \fBtimeout\fP parameter controls how long the target can be
+irresponsive before the operation is aborted.
Timeout is meaningless for the remaining operations,
\fBunbind\fP and \fBabandon\fP, which do not imply any response,
while it is not yet implemented in currently supported \fBextended\fP
@@ -434,15 +476,38 @@ identity according to the \fBidassert-bind\fP directive).
In this case, the timeout of the operation that resulted in the bind
is used.
-.TP
-.B tls {[try-]start|[try-]propagate}
-execute the StartTLS extended operation when the connection is initialized;
-only works if the URI directive protocol scheme is not \fBldaps://\fP.
+.HP
+.hy 0
+.B tls {[try-]start|[try-]propagate|ldaps}
+.B [tls_cert=<file>]
+.B [tls_key=<file>]
+.B [tls_cacert=<file>]
+.B [tls_cacertdir=<path>]
+.B [tls_reqcert=never|allow|try|demand]
+.B [tls_ciphersuite=<ciphers>]
+.B [tls_crlcheck=none|peer|all]
+.RS
+Specify the use of TLS when a regular connection is initialized. The
+StartTLS extended operation will be used unless the URI directive protocol
+scheme is \fBldaps://\fP. In that case this keyword may only be
+set to "ldaps" and the StartTLS operation will not be used.
\fBpropagate\fP issues the StartTLS operation only if the original
connection did.
The \fBtry-\fP prefix instructs the proxy to continue operations
if the StartTLS operation failed; its use is \fBnot\fP recommended.
+The TLS settings default to the same as the main slapd TLS settings,
+except for
+.B tls_reqcert
+which defaults to "demand".
+
+.TP
+.B use-temporary-conn {NO|yes}
+when set to
+.BR yes ,
+create a temporary connection whenever competing with other threads
+for a shared one; otherwise, wait until the shared connection is available.
+
.SH BACKWARD COMPATIBILITY
The LDAP backend has been heavily reworked between releases 2.2 and 2.3,
and subsequently between 2.3 and 2.4.
diff --git a/doc/man/man5/slapd-ldbm.5 b/doc/man/man5/slapd-ldbm.5
index 43f8148b4a7ca930a66b622eeabf1673896a785b..336d0ae46a7b331a9048921e89a13b8de3503492 100644
--- a/doc/man/man5/slapd-ldbm.5
+++ b/doc/man/man5/slapd-ldbm.5
@@ -1,5 +1,5 @@
.TH SLAPD-LDBM 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
@@ -139,3 +139,5 @@ default slapd configuration file
.BR slapadd (8),
.BR slapcat (8),
.BR slapindex (8).
+.SH ACKNOWLEDGEMENTS
+.so ../Project
diff --git a/doc/man/man5/slapd-ldif.5 b/doc/man/man5/slapd-ldif.5
index 45729c7aeee0ed1f6adf7b82fc6b5abab451edcf..074e1046828f2ef5014fcbec875460e28ddeb9b6 100644
--- a/doc/man/man5/slapd-ldif.5
+++ b/doc/man/man5/slapd-ldif.5
@@ -1,5 +1,5 @@
.TH SLAPD-LDIF 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
diff --git a/doc/man/man5/slapd-meta.5 b/doc/man/man5/slapd-meta.5
index 95a1603552570ae2740d197350ae268e5b7112d6..46e9fb5c142b8c035eda04e9e3151b72d60510fe 100644
--- a/doc/man/man5/slapd-meta.5
+++ b/doc/man/man5/slapd-meta.5
@@ -1,5 +1,5 @@
.TH SLAPD-META 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2006 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
.\" Copying restrictions apply. See the COPYRIGHT file.
.\" Copyright 2001, Pierangelo Masarati, All rights reserved. <ando@sys-net.it>
.\" $OpenLDAP$
@@ -86,6 +86,11 @@ should be defined first for clarity, including those that are common
to all backends.
They are:
+.TP
+.B conn-ttl <time>
+This directive causes a cached connection to be dropped an recreated
+after a given ttl, regardless of being idle or not.
+
.TP
.B default-target none
This directive forces the backend to reject all those operations
@@ -110,19 +115,17 @@ illustrated for the
directive.
.TP
-.B conn-ttl <time>
-This directive causes a cached connection to be dropped an recreated
-after a given ttl, regardless of being idle or not.
-
-.TP
-.B onerr {CONTINUE|stop}
+.B onerr {CONTINUE|report|stop}
This directive allows to select the behavior in case an error is returned
by one target during a search.
The default, \fBcontinue\fP, consists in continuing the operation,
trying to return as much data as possible.
-If this statement is set to \fBstop\fP, the search is terminated as soon
+If the value is set to \fBstop\fP, the search is terminated as soon
as an error is returned by one target, and the error is immediately
propagated to the client.
+If the value is set to \fBreport\fP, the search is continuated to the end
+but, in case at least one target returned an error code, the first
+non-success error code is returned.
.TP
.B protocol\-version {0,2,3}
@@ -163,12 +166,23 @@ it affects all targets with the same pattern.
.TP
.B rebind-as-user {NO|yes}
If this option is given, the client's bind credentials are remembered
-for rebinds when chasing referrals.
+for rebinds, when trying to re-establish a broken connection,
+or when chasing a referral, if
+.B chase-referrals
+is set to
+.IR yes .
.TP
.B single\-conn {NO|yes}
Discards current cached connection when the client rebinds.
+.TP
+.B use-temporary-conn {NO|yes}
+when set to
+.BR yes ,
+create a temporary connection whenever competing with other threads
+for a shared one; otherwise, wait until the shared connection is available.
+
.SH TARGET SPECIFICATION
Target specification starts with a "uri" directive:
@@ -282,6 +296,18 @@ This maps object classes and attributes as in the LDAP backend.
See
.BR slapd-ldap (5).
+.TP
+.B network-timeout <time>
+Sets the network timeout value after which
+.BR poll (2)/ select (2)
+following a
+.BR connect (2)
+returns in case of no activity.
+The value is in seconds, and it can be specified as for
+.BR idle-timeout .
+If set before any target specification, it affects all targets, unless
+overridden by any per-target directive.
+
.TP
.B nretries {forever|never|<nretries>}
This directive defines how many times a bind should be retried
@@ -345,22 +371,35 @@ If set before any target specification, it affects all targets, unless
overridden by any per-target directive.
.TP
-.B timeout [{add|delete|modify|modrdn}=]<seconds> [...]
-This directive allows to set per-database, per-target and per-operation
-timeouts.
-If no operation is specified, it affects all.
-Currently, only write operations are addressed, because searches
-can already be limited by means of the
-.B limits
-directive (see
+.B timeout [<op>=]<val> [...]
+This directive allows to set per-operation timeouts.
+Operations can be
+
+\fB<op> ::= bind, add, delete, modrdn, modify, compare, search\fP
+
+The overall duration of the \fBsearch\fP operation is controlled either
+by the \fBtimelimit\fP parameter or by server-side enforced
+time limits (see \fBtimelimit\fP and \fBlimits\fP in
.BR slapd.conf (5)
-for details), and other operations are not supposed to incur into the
-need for timeouts.
-Note: if the timelimit is exceeded, the operation is abandoned;
-the protocol does not provide any means to rollback the operation,
-so the client will not know if the operation eventually succeeded or not.
-If set before any target specification, it affects all targets, unless
-overridden by any per-target directive.
+for details).
+This \fBtimeout\fP parameter controls how long the target can be
+irresponsive before the operation is aborted.
+Timeout is meaningless for the remaining operations,
+\fBunbind\fP and \fBabandon\fP, which do not imply any response,
+while it is not yet implemented in currently supported \fBextended\fP
+operations.
+If no operation is specified, the timeout \fBval\fP affects all
+supported operations.
+If specified before any target definition, it affects all targets
+unless overridden by per-target directives.
+
+Note: if the timelimit is exceeded, the operation is cancelled
+(according to the \fBcancel\fP directive);
+the protocol does not provide any means to rollback operations,
+so the client will not be notified about the result of the operation,
+which may eventually succeeded or not.
+In case the timeout is exceeded during a bind operation, the connection
+is destroyed, according to RFC4511.
.TP
.B tls {[try-]start|[try-]propagate}
diff --git a/doc/man/man5/slapd-monitor.5 b/doc/man/man5/slapd-monitor.5
index 549af3eec1d76f0cac1e102524a858fc3730bd67..b4894c34a187feb3905f4b8175199c371437bbb3 100644
--- a/doc/man/man5/slapd-monitor.5
+++ b/doc/man/man5/slapd-monitor.5
@@ -1,5 +1,5 @@
.TH SLAPD-MONITOR 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
@@ -122,4 +122,5 @@ default slapd configuration file
.BR slapd.access (5),
.BR slapd (8),
.BR ldap (3).
-
+.SH ACKNOWLEDGEMENTS
+.so ../Project
diff --git a/doc/man/man5/slapd-null.5 b/doc/man/man5/slapd-null.5
index e7220c7ee3526250e3b1f96127ae8c1481ce0b0f..90d0437509ec0cb68b332741d76fa57e401dac4d 100644
--- a/doc/man/man5/slapd-null.5
+++ b/doc/man/man5/slapd-null.5
@@ -1,5 +1,5 @@
.TH SLAPD-NULL 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2002-2006 The OpenLDAP Foundation. All Rights Reserved.
+.\" Copyright 2002-2007 The OpenLDAP Foundation. All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
diff --git a/doc/man/man5/slapd-passwd.5 b/doc/man/man5/slapd-passwd.5
index ae8dfc431ff72b68016f89078eed5a129015fa01..e488e70f8dcbeafc8a4cabf4ae0f5ca2d1297ce4 100644
--- a/doc/man/man5/slapd-passwd.5
+++ b/doc/man/man5/slapd-passwd.5
@@ -1,5 +1,5 @@
.TH SLAPD-PASSWD 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
diff --git a/doc/man/man5/slapd-shell.5 b/doc/man/man5/slapd-shell.5
index 1589b6557555d601403a282e63109a3f6bcc4bb1..f8e7894b849bbcbdcbe5a436c445f3b99d49d85b 100644
--- a/doc/man/man5/slapd-shell.5
+++ b/doc/man/man5/slapd-shell.5
@@ -1,5 +1,5 @@
.TH SLAPD-SHELL 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
diff --git a/doc/man/man5/slapd-sql.5 b/doc/man/man5/slapd-sql.5
index 7048ce96f3a6d4f8b535b96b124ca61cba857aa7..454f63f46d4b0e88a682ef5ade9aa462e41a35e5 100644
--- a/doc/man/man5/slapd-sql.5
+++ b/doc/man/man5/slapd-sql.5
@@ -26,7 +26,7 @@ You can take a look at
(OpenLDAP FAQ-O-Matic/General LDAP FAQ/Directories vs. conventional
databases) to find out more on this point.
.LP
-The idea (detailed below) is to use some metainformation to translate
+The idea (detailed below) is to use some meta-information to translate
LDAP queries to SQL queries, leaving relational schema untouched, so
that old applications can continue using it without any
modifications.
@@ -34,7 +34,7 @@ This allows SQL and LDAP applications to inter-operate without
replication, and exchange data as needed.
.LP
The SQL backend is designed to be tunable to virtually any relational
-schema without having to change source (through that metainformation
+schema without having to change source (through that meta-information
mentioned).
Also, it uses ODBC to connect to RDBMSes, and is highly configurable
for SQL dialects RDBMSes may use, so it may be used for integration
@@ -107,7 +107,7 @@ suffix, and the scope is subtree; rather collect all entries.
.RE
.SH STATEMENT CONFIGURATION
These options specify SQL query templates for loading schema mapping
-metainformation, adding and deleting entries to ldap_entries, etc.
+meta-information, adding and deleting entries to ldap_entries, etc.
All these and subtree_cond should have the given default values.
For the current value it is recommended to look at the sources,
or in the log output when slapd starts with "-d 5" or greater.
@@ -520,7 +520,7 @@ not very narrow ;) If anyone needs support for different types for
keys - he may want to write a patch, and submit it to OpenLDAP ITS,
then I'll include it.
.LP
-Also, several people complained that they don't really need very
+Also, several users complained that they don't really need very
structured trees, and they don't want to update one more table every
time they add or delete an instance in the relational schema.
Those people can use a view instead of a real table for ldap_entries, something
@@ -551,8 +551,8 @@ and the baseObject cannot be created; in this case, see the
directive for a possible workaround.
.LP
-.SH Typical SQL backend operation
-Having metainformation loaded, the SQL backend uses these tables to
+.SH TYPICAL SQL BACKEND OPERATION
+Having meta-information loaded, the SQL backend uses these tables to
determine a set of primary keys of candidates (depending on search
scope and filter).
It tries to do it for each objectclass registered in ldap_objclasses.
@@ -592,7 +592,7 @@ into the most relaxed SQL condition to filter candidates), and send it to
the user.
.LP
ADD, DELETE, MODIFY and MODRDN operations are also performed on per-attribute
-metainformation (add_proc etc.).
+meta-information (add_proc etc.).
In those fields one can specify an SQL statement or stored procedure
call which can add, or delete given values of a given attribute, using
the given entry keyval (see examples -- mostly PostgreSQL, ORACLE and MSSQL
@@ -605,17 +605,16 @@ Please see samples to find out what are the parameters passed, and other
information on this matter - they are self-explanatory for those familiar
with the concepts expressed above.
.LP
-.SH Common techniques (referrals, multiclassing etc.)
-First of all, let's remember that among other major differences to the
-complete LDAP data model, the concept above does not directly support
-such things as multiple objectclasses per entry, and referrals.
+.SH COMMON TECHNIQUES
+First of all, let's recall that among other major differences to the
+complete LDAP data model, the above illustrated concept does not directly
+support such features as multiple objectclasses per entry, and referrals.
Fortunately, they are easy to adopt in this scheme.
-The SQL backend suggests one more table being added to the schema:
+The SQL backend requires that one more table is added to the schema:
ldap_entry_objectclasses(entry_id,oc_name).
.LP
-The first contains any number of objectclass names that corresponding
-entries will be found by, in addition to that mentioned in
-mapping.
+That table contains any number of objectclass names that corresponding
+entries will possess, in addition to that mentioned in mapping.
The SQL backend automatically adds attribute mapping for the "objectclass"
attribute to each objectclass mapping that loads values from this table.
So, you may, for instance, have a mapping for inetOrgPerson, and use it
@@ -635,7 +634,7 @@ The use of the naming attribute usually requires to add
an "extensibleObject" value to ldap_entry_objclasses.
.LP
-.SH Caveats
+.SH CAVEATS
As previously stated, this backend should not be considered
a replacement of other data storage backends, but rather a gateway
to existing RDBMS storages that need to be published in LDAP form.
@@ -652,11 +651,22 @@ If you need to find all the leaf entries, please use
instead.
.LP
A directoryString value of the form "__First___Last_"
-(where underscores should be replaced by spaces) corresponds
+(where underscores mean spaces, ASCII 0x20 char) corresponds
to its prettified counterpart "First_Last"; this is not currently
honored by back-sql if non-prettified data is written via RDBMS;
when non-prettified data is written thru back-sql, the prettified
values are actually used instead.
+
+.LP
+.SH BUGS
+When the
+.B ldap_entry_objclasses
+table is empty, filters on the
+.B objectClass
+attribute erroneously result in no candidates.
+A workaround consists in adding at least one row to that table,
+no matter if valid or not.
+
.LP
.SH PROXY CACHE OVERLAY
The proxy cache overlay
diff --git a/doc/man/man5/slapd.access.5 b/doc/man/man5/slapd.access.5
index bf3f7f22ebd75c66ad83c2ba8504dcb4dc6884c2..75450bd2426646a13b14b7d4c648e91a1b5a3e43 100644
--- a/doc/man/man5/slapd.access.5
+++ b/doc/man/man5/slapd.access.5
@@ -1,5 +1,5 @@
.TH SLAPD.ACCESS 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
slapd.access \- access configuration for slapd, the stand-alone LDAP daemon
@@ -302,7 +302,7 @@ with
<dnstyle>={{exact|base(object)}|regex
|one(level)|sub(tree)|children|level{<n>}}
<groupstyle>={exact|expand}
- <peernamestyle>={<style>|ip|path}
+ <peernamestyle>={<style>|ip|ipv6|path}
<domainstyle>={exact|regex|sub(tree)}
<setstyle>={exact|regex}
<modifier>={expand}
@@ -533,7 +533,10 @@ The statements
and
.BR sockurl=<sockurl>
mean that the contacting host IP (in the form
-.BR "IP=<ip>:<port>" )
+.BR "IP=<ip>:<port>"
+for IPv4, or
+.BR "IP=[<ipv6>]:<port>"
+for IPv6)
or the contacting host named pipe file name (in the form
.B "PATH=<path>"
if connecting through a named pipe) for
@@ -582,6 +585,9 @@ and
are dotted digit representations of the IP and the mask, while
.BR <n> ,
delimited by curly brackets, is an optional port.
+The same applies to IPv6 addresses when the special
+.B ipv6
+style is used.
When checking access privileges, the IP portion of the
.BR peername
is extracted, eliminating the
@@ -594,7 +600,9 @@ portion of the pattern after masking with
.BR <mask> .
As an example,
.B peername.ip=127.0.0.1
-allows connections only from localhost,
+and
+.B peername.ipv6=::1
+allow connections only from localhost,
.B peername.ip=192.168.1.0%255.255.255.0
allows connections from any IP in the 192.168.1 class C domain, and
.B peername.ip=192.168.1.16%255.255.255.240{9009}
@@ -1092,7 +1100,4 @@ default slapd configuration file
.LP
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
.SH ACKNOWLEDGEMENTS
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.
+.so ../Project
diff --git a/doc/man/man5/slapd.backends.5 b/doc/man/man5/slapd.backends.5
new file mode 100644
index 0000000000000000000000000000000000000000..c5801ad31feb28fb48b5a19cdb93dcfaa1fcce58
--- /dev/null
+++ b/doc/man/man5/slapd.backends.5
@@ -0,0 +1,136 @@
+.TH SLAPD.BACKENDS 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2006-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.\" $OpenLDAP$
+.SH NAME
+slapd.backends \- backends for slapd, the stand-alone LDAP daemon
+.SH DESCRIPTION
+The
+.BR slapd (8)
+daemon can use a variety of different backends for serving LDAP requests.
+Backends may be compiled statically into slapd, or when module support
+is enabled, they may be dynamically loaded. Multiple instances of a
+backend can be configured, to serve separate databases from the same
+slapd server.
+
+
+Configuration options for each backend are documented separately in the
+corresponding
+.BR slapd-<backend> (5)
+manual pages.
+.TP
+.B bdb
+This is the recommended primary backend for a normal slapd database.
+It takes care to configure it properly.
+It uses the transactional database interface of the Sleepycat Berkeley
+DB (BDB) package to store data.
+.TP
+.B config
+This backend is used to manage the configuration of slapd at run-time.
+Unlike other backends, only a single instance of the
+.B config
+backend may be defined. It also instantiates itself automatically,
+so it is always present even if not explicitly defined in the
+.BR slapd.conf (5)
+file.
+.TP
+.B dnssrv
+This backend is experimental.
+It serves up referrals based upon SRV resource records held in the
+Domain Name System.
+.TP
+.B hdb
+This is a variant of the
+.B bdb
+backend that uses a hierarchical database
+layout. This layout stores entry DNs more efficiently than the
+.B bdb
+backend,
+using less space and requiring less work to create, delete, and rename
+entries. It is also one of the few backends to support subtree renames.
+.TP
+.B ldap
+This backend acts as a proxy to forward incoming requests to another
+LDAP server.
+.TP
+.B ldif
+This database uses the filesystem to build the tree structure
+of the database, using plain ascii files to store data.
+Its usage should be limited to very simple databases, where performance
+is not a requirement. This backend also supports subtree renames.
+.TP
+.B meta
+This backend performs basic LDAP proxying with respect to a set of
+remote LDAP servers. It is an enhancement of the
+.B ldap
+backend.
+.TP
+.B monitor
+This backend provides information about the running status of the slapd
+daemon. Only a single instance of the
+.B monitor
+backend may be defined.
+.TP
+.B null
+Operations in this backend succeed but do nothing.
+.TP
+.B passwd
+This backend is provided for demonstration purposes only.
+It serves up user account information from the system
+.BR passwd (5)
+file.
+.TP
+.B perl
+This backend embeds a
+.BR perl (1)
+interpreter into slapd.
+It runs Perl subroutines to implement LDAP operations.
+.TP
+.B relay
+This backend is experimental.
+It redirects LDAP operations to another database
+in the same server, based on the naming context of the request.
+Its use requires the
+.B rwm
+overlay (see
+.BR slapo-rwm (5)
+for details) to rewrite the naming context of the request.
+It is primarily intended to implement virtual views on databases
+that actually store data.
+.TP
+.B shell
+This backend executes external programs to implement LDAP operations.
+It is primarily intended to be used in prototypes.
+.TP
+.B sql
+This backend is experimental.
+It services LDAP requests from an SQL database.
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.TP
+ETCDIR/slapd.d
+default slapd configuration directory
+.SH SEE ALSO
+.BR ldap (3),
+.BR slapd\-bdb (5),
+.BR slapd\-config (5),
+.BR slapd\-dnssrv (5),
+.BR slapd\-hdb (5),
+.BR slapd\-ldap (5),
+.BR slapd\-ldif (5),
+.BR slapd\-meta (5),
+.BR slapd\-monitor (5),
+.BR slapd\-null (5),
+.BR slapd\-passwd (5),
+.BR slapd\-perl (5),
+.BR slapd\-relay (5),
+.BR slapd\-shell (5),
+.BR slapd\-sql (5),
+.BR slapd.conf (5),
+.BR slapd.overlays (5),
+.BR slapd (8).
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.SH ACKNOWLEDGEMENTS
+.so ../Project
diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5
index 6ad2e8ae4c699c476e52e157cdc86ebe3df9561f..e6d75395b9c45105de374d885b5716bf64d9d294 100644
--- a/doc/man/man5/slapd.conf.5
+++ b/doc/man/man5/slapd.conf.5
@@ -1,5 +1,5 @@
.TH SLAPD.CONF 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
@@ -879,6 +879,20 @@ Note that the
factor is measure of security provided by the underlying transport,
e.g. ldapi:// (and eventually IPSEC). It is not normally used.
.TP
+.B serverID <integer> [<URL>]
+Specify an integer ID from 0 to 4095 for this server. These IDs are
+required when using multimaster replication and each master must have a
+unique ID. If the URL is provided, this directive may be specified
+multiple times, providing a complete list of participating servers
+and their IDs. The fully qualified hostname of each server should be
+used in the supplied URLs. The IDs are used in the "replica id" field
+of all CSNs generated by the specified server. The default value is zero.
+Example:
+.LP
+.nf
+ serverID 1
+.fi
+.TP
.B sizelimit {<integer>|unlimited}
.TP
.B sizelimit size[.{soft|hard|unchecked}]=<integer> [...]
@@ -1342,7 +1356,9 @@ code that intercepts database operations in order to extend or change
them. Overlays are pushed onto
a stack over the database, and so they will execute in the reverse
of the order in which they were configured and the database itself
-will receive control last of all.
+will receive control last of all. See the
+.BR slapd.overlays (5)
+manual page for an overview of the available overlays.
.TP
.B readonly on | off
This option puts the database into "read-only" mode. Any attempts to
@@ -1687,11 +1703,9 @@ parameter specifies use of the StartTLS extended operation
to establish a TLS session before Binding to the provider. If the
.B critical
argument is supplied, the session will be aborted if the StartTLS request
-fails. Otherwise the syncrepl session continues without TLS. Note that the
-main slapd TLS settings are not used by the syncrepl engine;
-by default the TLS parameters from ETCDIR/ldap.conf will be used.
-TLS settings may be specified here, in which case the ldap.conf settings
-will be completely ignored.
+fails. Otherwise the syncrepl session continues without TLS. The
+tls_reqcert setting defaults to "demand" and the other TLS settings
+default to the same as the main slapd TLS settings.
Rather than replicating whole entries, the consumer can query logs of
data modifications. This mode of operation is referred to as \fIdelta
@@ -1731,182 +1745,9 @@ If specified multiple times, each url is provided.
.SH DATABASE-SPECIFIC OPTIONS
Each database may allow specific configuration options; they are
-documented separately in the backends' manual pages.
-.SH BACKENDS
-The following backends can be compiled into slapd.
-They are documented in the
-.BR slapd-<backend> (5)
-manual pages.
-.TP
-.B bdb
-This is the recommended primary backend for a normal slapd database.
-It takes care to configure it properly.
-It uses the transactional database interface of the Sleepycat Berkeley
-DB (BDB) package to store data.
-.TP
-.B config
-This backend is used to manage the configuration of slapd run-time.
-.TP
-.B dnssrv
-This backend is experimental.
-It serves up referrals based upon SRV resource records held in the
-Domain Name System.
-.TP
-.B hdb
-This is a variant of the BDB backend that uses a hierarchical database
-layout which supports subtree renames.
-.TP
-.B ldap
-This backend acts as a proxy to forward incoming requests to another
-LDAP server.
-.TP
-.B ldbm
-This is an easy-to-configure but obsolete database backend. It
-does not offer the data durability features of the BDB and HDB
-backends and hence is deprecated in favor of these robust backends.
-LDBM uses lightweight non-transactional DB interfaces,
-such as those providing by GDBM or Berkeley DB, to store data.
-.TP
-.B ldif
-This database uses the filesystem to build the tree structure
-of the database, using plain ascii files to store data.
-Its usage should be limited to very simple databases, where performance
-is not a requirement.
-.TP
-.B meta
-This backend performs basic LDAP proxying with respect to a set of
-remote LDAP servers. It is an enhancement of the ldap backend.
-.TP
-.B monitor
-This backend provides information about the running status of the slapd
-daemon.
-.TP
-.B null
-Operations in this backend succeed but do nothing.
-.TP
-.B passwd
-This backend is provided for demonstration purposes only.
-It serves up user account information from the system
-.BR passwd (5)
-file.
-.TP
-.B perl
-This backend embeds a
-.BR perl (1)
-interpreter into slapd.
-It runs Perl subroutines to implement LDAP operations.
-.TP
-.B relay
-This backend is experimental.
-It redirects LDAP operations to another database
-in the same server, based on the naming context of the request.
-Its use requires the
-.B rwm
-overlay (see
-.BR slapo-rwm (5)
-for details) to rewrite the naming context of the request.
-It is primarily intended to implement virtual views on databases
-that actually store data.
-.TP
-.B shell
-This backend executes external programs to implement LDAP operations.
-It is primarily intended to be used in prototypes.
-.TP
-.B sql
-This backend is experimental.
-It services LDAP requests from an SQL database.
-.SH OVERLAYS
-The following overlays can be compiled into slapd.
-They are documented in the
-.BR slapo-<overlay> (5)
-manual pages.
-.TP
-.B accesslog
-Access Logging.
-This overlay can record accesses to a given backend database on another
-database.
-.TP
-.B auditlog
-Audit Logging.
-This overlay records changes on a given backend database to an LDIF log
-file.
-By default it is not built.
-.TP
-.B chain
-Chaining.
-This overlay allows automatic referral chasing when a referral would
-have been returned, either when configured by the server or when
-requested by the client.
-.TP
-.B denyop
-Deny Operation.
-This overlay allows selected operations to be denied, similar to the
-\fBrestrict\fP option.
-.TP
-.B dyngroup
-Dynamic Group.
-This is a demo overlay which extends the Compare operation to detect
-members of a dynamic group.
-It has no effect on any other operations.
-.TP
-.B dynlist
-Dynamic List.
-This overlay allows expansion of dynamic groups and more.
-.TP
-.B lastmod
-Last Modification.
-This overlay maintains a service entry in the database with the DN,
-modification type, modifiersName and modifyTimestamp of the last write
-operation performed on that database.
-.TP
-.B pcache
-Proxycache.
-This overlay allows caching of LDAP search requests in a local database.
-It is most often used with the ldap or meta backends.
-.TP
-.B ppolicy
-Password Policy.
-This overlay provides a variety of password control mechanisms,
-e.g. password aging, password reuse and duplication control, mandatory
-password resets, etc.
-.TP
-.B refint
-Referential Integrity.
-This overlay can be used with a backend database such as
-.BR slapd-bdb (5)
-to maintain the cohesiveness of a schema which utilizes reference
-attributes.
-.TP
-.B retcode
-Return Code.
-This overlay is useful to test the behavior of clients when
-server-generated erroneous and/or unusual responses occur.
-.TP
-.B rwm
-Rewrite/remap.
-This overlay is experimental.
-It performs basic DN/data rewrite and
-objectClass/attributeType mapping.
-.TP
-.B syncprov
-Syncrepl Provider.
-This overlay implements the provider-side support for
-.B syncrepl
-replication, including persistent search functionality.
-.TP
-.B translucent
-Translucent Proxy.
-This overlay can be used with a backend database such as
-.BR slapd-bdb (5)
-to create a "translucent proxy".
-Content of entries retrieved from a remote LDAP server can be partially
-overridden by the database.
-.TP
-.B unique
-Attribute Uniqueness.
-This overlay can be used with a backend database such as
-.BR slapd-bdb (5)
-to enforce the uniqueness of some or all attributes within a subtree.
+documented separately in the backends' manual pages. See the
+.BR slapd.backends (5)
+manual page for an overview of available backends.
.SH EXAMPLES
.LP
Here is a short example of a configuration file:
@@ -1914,7 +1755,7 @@ Here is a short example of a configuration file:
.RS
.nf
include SYSCONFDIR/schema/core.schema
-pidfile LOCALSTATEDIR/slapd.pid
+pidfile LOCALSTATEDIR/run/slapd.pid
# Subtypes of "name" (e.g. "cn" and "ou") with the
# option ";x-hidden" can be searched for/compared,
@@ -1955,21 +1796,10 @@ ETCDIR/slapd.conf
default slapd configuration file
.SH SEE ALSO
.BR ldap (3),
-.BR slapd\-bdb (5),
-.BR slapd\-dnssrv (5),
-.BR slapd\-hdb (5),
-.BR slapd\-ldap (5),
-.BR slapd\-ldbm (5),
-.BR slapd\-ldif (5),
-.BR slapd\-meta (5),
-.BR slapd\-monitor (5),
-.BR slapd\-null (5),
-.BR slapd\-passwd (5),
-.BR slapd\-perl (5),
-.BR slapd\-relay (5),
-.BR slapd\-shell (5),
-.BR slapd\-sql (5),
+.BR slapd\-config (5),
.BR slapd.access (5),
+.BR slapd.backends (5),
+.BR slapd.overlays (5),
.BR slapd.plugin (5),
.BR slapd.replog (5),
.BR slapd (8),
@@ -1982,25 +1812,7 @@ default slapd configuration file
.BR slappasswd (8),
.BR slaptest (8),
.BR slurpd (8).
-
-Known overlays are documented in
-.BR slapo\-accesslog (5),
-.BR slapo\-auditlog (5),
-.BR slapo\-chain (5),
-.BR slapo\-dynlist (5),
-.BR slapo\-lastmod (5),
-.BR slapo\-pcache (5),
-.BR slapo\-ppolicy (5),
-.BR slapo\-refint (5),
-.BR slapo\-retcode (5),
-.BR slapo\-rwm (5),
-.BR slapo\-syncprov (5),
-.BR slapo\-translucent (5),
-.BR slapo\-unique (5).
.LP
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
.SH ACKNOWLEDGEMENTS
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.
+.so ../Project
diff --git a/doc/man/man5/slapd.overlays.5 b/doc/man/man5/slapd.overlays.5
new file mode 100644
index 0000000000000000000000000000000000000000..251f61f234935b3c2d6aa1bbebb11c9fe5ad6b82
--- /dev/null
+++ b/doc/man/man5/slapd.overlays.5
@@ -0,0 +1,128 @@
+.TH SLAPD.OVERLAYS 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2006-2007 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.\" $OpenLDAP$
+.SH NAME
+slapd.overlays \- overlays for slapd, the stand-alone LDAP daemon
+.SH DESCRIPTION
+The
+.BR slapd (8)
+daemon can use a variety of different overlays to alter or extend
+the normal behavior of a database backend.
+Overlays may be compiled statically into slapd, or when module support
+is enabled, they may be dynamically loaded. Most of the overlays
+are only allowed to be configured on individual databases, but some
+may also be configured globally.
+
+Configuration options for each overlay are documented separately in the
+corresponding
+.BR slapo-<overlay> (5)
+manual pages.
+.TP
+.B accesslog
+Access Logging.
+This overlay can record accesses to a given backend database on another
+database.
+.TP
+.B auditlog
+Audit Logging.
+This overlay records changes on a given backend database to an LDIF log
+file.
+By default it is not built.
+.TP
+.B chain
+Chaining.
+This overlay allows automatic referral chasing when a referral would
+have been returned, either when configured by the server or when
+requested by the client.
+.TP
+.B dyngroup
+Dynamic Group.
+This is a demo overlay which extends the Compare operation to detect
+members of a dynamic group.
+It has no effect on any other operations.
+.TP
+.B dynlist
+Dynamic List.
+This overlay allows expansion of dynamic groups and more.
+.TP
+.B pcache
+Proxycache.
+This overlay allows caching of LDAP search requests in a local database.
+It is most often used with the
+.BR slapd-ldap (5)
+or
+.BR slapd-meta (5)
+backends.
+.TP
+.B ppolicy
+Password Policy.
+This overlay provides a variety of password control mechanisms,
+e.g. password aging, password reuse and duplication control, mandatory
+password resets, etc.
+.TP
+.B refint
+Referential Integrity.
+This overlay can be used with a backend database such as
+.BR slapd-bdb (5)
+to maintain the cohesiveness of a schema which utilizes reference
+attributes.
+.TP
+.B retcode
+Return Code.
+This overlay is useful to test the behavior of clients when
+server-generated erroneous and/or unusual responses occur.
+.TP
+.B rwm
+Rewrite/remap.
+This overlay is experimental.
+It performs basic DN/data rewrite and
+objectClass/attributeType mapping.
+.TP
+.B syncprov
+Syncrepl Provider.
+This overlay implements the provider-side support for
+.B syncrepl
+replication, including persistent search functionality.
+.TP
+.B translucent
+Translucent Proxy.
+This overlay can be used with a backend database such as
+.BR slapd-bdb (5)
+to create a "translucent proxy".
+Content of entries retrieved from a remote LDAP server can be partially
+overridden by the database.
+.TP
+.B unique
+Attribute Uniqueness.
+This overlay can be used with a backend database such as
+.BR slapd-bdb (5)
+to enforce the uniqueness of some or all attributes within a subtree.
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.TP
+ETCDIR/slapd.d
+default slapd configuration directory
+.SH SEE ALSO
+.BR ldap (3),
+.BR slapo\-accesslog (5),
+.BR slapo\-auditlog (5),
+.BR slapo\-chain (5),
+.BR slapo\-dynlist (5),
+.BR slapo\-pcache (5),
+.BR slapo\-ppolicy (5),
+.BR slapo\-refint (5),
+.BR slapo\-retcode (5),
+.BR slapo\-rwm (5),
+.BR slapo\-syncprov (5),
+.BR slapo\-translucent (5),
+.BR slapo\-unique (5).
+.BR slapd\-config (5),
+.BR slapd.conf (5),
+.BR slapd.backends (5),
+.BR slapd (8).
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.SH ACKNOWLEDGEMENTS
+.so ../Project
diff --git a/doc/man/man5/slapd.plugin.5 b/doc/man/man5/slapd.plugin.5
index 8e7b384849713f6050dbb76b90fac3af5ec80524..de9e4f3abc560a63a10f657b68d1f893c4c002ab 100644
--- a/doc/man/man5/slapd.plugin.5
+++ b/doc/man/man5/slapd.plugin.5
@@ -1,5 +1,5 @@
.TH SLAPD.PLUGIN 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2002-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2002-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
slapd.plugin \- plugin configuration for slapd, the stand-alone LDAP daemon
@@ -94,7 +94,7 @@ list is passed to the init function.
.TP
.B pluginlog <file>
Specify an alternative path for the plugin log file (default is
-LOCALSTATEDIR/error).
+LOCALSTATEDIR/errors).
.TP
.B modulepath <pathspec>
This statement sets the module load path for dynamically loadable
@@ -114,12 +114,12 @@ is very platform dependent.
.TP
ETCDIR/slapd.conf
default slapd configuration file
+.TP
+LOCALSTATEDIR/errors
+default plugin log file
.SH SEE ALSO
.BR slapd (8),
.LP
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
.SH ACKNOWLEDGEMENTS
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.
+.so ../Project
diff --git a/doc/man/man5/slapd.replog.5 b/doc/man/man5/slapd.replog.5
index d1f38d3971709e55ce239f146942afc5b44d3453..87f1c7398d6b253605bff9d9ce7805bd766c57d1 100644
--- a/doc/man/man5/slapd.replog.5
+++ b/doc/man/man5/slapd.replog.5
@@ -1,6 +1,6 @@
.TH SLAPD.REPLOG 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
slapd.replog \- slapd replication log format
@@ -164,7 +164,4 @@ lockfile for slapd.replog
.BR slapd (8),
.BR slurpd (8)
.SH ACKNOWLEDGEMENTS
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.
+.so ../Project
diff --git a/doc/man/man5/slapo-accesslog.5 b/doc/man/man5/slapo-accesslog.5
index 43bbde319153a61b8798fdb3fe7e573487fccad8..3c51f0115d9a1c11e37a7367b45e383bcfa32f47 100644
--- a/doc/man/man5/slapo-accesslog.5
+++ b/doc/man/man5/slapo-accesslog.5
@@ -1,5 +1,5 @@
.TH SLAPO-ACCESSLOG 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2005-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2005-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
@@ -25,9 +25,9 @@ directive.
.TP
.B logdb <suffix>
Specify the suffix of a database to be used for storing the log records.
-The specified database must have already been configured in a prior section
-of the config file, and it must have a rootDN configured. The access controls
-on the log database should prevent general write access. The suffix entry
+The specified database must be defined elsewhere in the configuration.
+The access controls
+on the log database should prevent general access. The suffix entry
of the log database will be created automatically by this overlay. The log
entries will be generated as the immediate children of the suffix entry.
.TP
@@ -95,11 +95,6 @@ succeed or not. The default is FALSE.
.SH EXAMPLES
.LP
.nf
- database bdb
- suffix cn=log
- \...
- index reqStart eq
-
database bdb
suffix dc=example,dc=com
\...
@@ -107,6 +102,13 @@ succeed or not. The default is FALSE.
logdb cn=log
logops writes reads
logold (objectclass=person)
+
+ database bdb
+ suffix cn=log
+ \...
+ index reqStart eq
+ access to *
+ by dn.base="cn=admin,dc=example,dc=com" read
.fi
.SH SCHEMA
diff --git a/doc/man/man5/slapo-auditlog.5 b/doc/man/man5/slapo-auditlog.5
index 3cdf4132db3ee3f00d9844e1185f6e6d3356c00a..63cc0cfc65a165107274154b91e96b2bc9bd68fe 100644
--- a/doc/man/man5/slapo-auditlog.5
+++ b/doc/man/man5/slapo-auditlog.5
@@ -1,5 +1,5 @@
.TH SLAPO-AUDITLOG 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2005-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2005-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
diff --git a/doc/man/man5/slapo-chain.5 b/doc/man/man5/slapo-chain.5
index 6981fe10bdc645f3f529c1aff45fa91d70b2892a..3757516e0a29945ac3ca9f18773acb0342e6c2c8 100644
--- a/doc/man/man5/slapo-chain.5
+++ b/doc/man/man5/slapo-chain.5
@@ -1,5 +1,5 @@
.TH SLAPO-CHAIN 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2006 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
.\" Copying restrictions apply. See the COPYRIGHT file.
.\" $OpenLDAP$
.SH NAME
@@ -13,15 +13,15 @@ overlay to
.BR slapd (8)
allows automatic referral chasing.
Any time a referral is returned (except for bind operations),
-it chased by using an instance of the ldap backend.
+it is chased by using an instance of the ldap backend.
If operations are performed with an identity (i.e. after a bind),
that identity can be asserted while chasing the referrals
by means of the \fIidentity assertion\fP feature of back-ldap
(see
.BR slapd-ldap (5)
for details), which is essentially based on the
-.B proxyAuthz
-control (see \fIdraft-weltman-ldapv3-proxy\fP for details.)
+.B proxied authorization
+control [RFC 4370].
Referral chasing can be controlled by the client by issuing the
\fBchaining\fP control
(see \fIdraft-sermersheim-ldap-chaining\fP for details.)
@@ -40,7 +40,7 @@ related to the instances of the \fIldap\fP backend that may be implicitly
instantiated by the overlay may assume a special meaning when used
in conjunction with this overlay. They are described in
.BR slapd-ldap (5),
-and they also need be prefixed by
+and they also need to be prefixed by
.BR chain\- .
.TP
.B overlay chain
@@ -59,7 +59,7 @@ connections to URIs parsed out of referrals that are not predefined,
to be reused for later chaining.
These URIs inherit the properties configured for the underlying
\fBslapd-ldap\fP(5) before any occurrence of the \fBchain-uri\fP
-directive; in detail, they are essentially chained anonymously.
+directive; basically, they are chained anonymously.
.TP
.B chain-chaining [resolve=<r>] [continuation=<c>] [critical]
This directive enables the \fIchaining\fP control
diff --git a/doc/man/man5/slapo-dds.5 b/doc/man/man5/slapo-dds.5
index 7f05d606824a41cce608fcc6cdd8638058f33b1c..77196ca92018e7115c6708c4c9bcee710324b391 100644
--- a/doc/man/man5/slapo-dds.5
+++ b/doc/man/man5/slapo-dds.5
@@ -1,5 +1,5 @@
.TH SLAPO-DDS 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2005-2006 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copyright 2005-2007 The OpenLDAP Foundation, All Rights Reserved.
.\" Copying restrictions apply. See the COPYRIGHT file.
.\" $OpenLDAP$
.SH NAME
diff --git a/doc/man/man5/slapo-dynlist.5 b/doc/man/man5/slapo-dynlist.5
index 74d597860c77f5e903ac6e805a385e3e05904e39..4a1be5723208847cd0010b60a12b848a2c4e7f76 100644
--- a/doc/man/man5/slapo-dynlist.5
+++ b/doc/man/man5/slapo-dynlist.5
@@ -1,5 +1,5 @@
.TH SLAPO-DYNLIST 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2006 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
.\" Copying restrictions apply. See the COPYRIGHT file.
.\" $OpenLDAP$
.SH NAME
@@ -22,6 +22,10 @@ The resulting entry must comply with the LDAP data model, so constraints
are enforced.
For example, if a \fISINGLE-VALUE\fP attribute is listed,
only the first value results in the final entry.
+The above described behavior is disabled when the \fImanageDSAit\fP
+control (RFC 3296) is used.
+In that case, the contents of the dynamic group entry is returned;
+namely, the URLs are returned instead of being expanded.
.SH CONFIGURATION
The config directives that are specific to the
diff --git a/doc/man/man5/slapo-pcache.5 b/doc/man/man5/slapo-pcache.5
index 89ef6424d08faffe1cc2b8d6b1f957a34cfa2e2d..f20270945e7d0365162256d745cc1c846022acbe 100644
--- a/doc/man/man5/slapo-pcache.5
+++ b/doc/man/man5/slapo-pcache.5
@@ -1,5 +1,5 @@
.TH SLAPO-PCACHE 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2006 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
.\" Copying restrictions apply. See the COPYRIGHT file.
.\" Copyright 2001, Pierangelo Masarati, All rights reserved. <ando@sys-net.it>
.\" $OpenLDAP$
diff --git a/doc/man/man5/slapo-ppolicy.5 b/doc/man/man5/slapo-ppolicy.5
index 404324ed7eeb47499f9578b4639e18989812f292..5a507e176bb272ce09a0cb454c4f8666f4e7357d 100644
--- a/doc/man/man5/slapo-ppolicy.5
+++ b/doc/man/man5/slapo-ppolicy.5
@@ -1,5 +1,5 @@
.\" $OpenLDAP$
-.\" Copyright 2004-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.TH SLAPO_PPOLICY 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.SH NAME
@@ -756,7 +756,4 @@ the
IETF document named draft-behera-ldap-password-policy-09.txt,
written in July of 2005.
.P
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.
+.so ../Project
diff --git a/doc/man/man5/slapo-refint.5 b/doc/man/man5/slapo-refint.5
index 4eebbbe54bb33e1e4c2a67807c4d795b7b76282b..1881b8de90e6a652e0a6627f53fea53d3eb94b8d 100644
--- a/doc/man/man5/slapo-refint.5
+++ b/doc/man/man5/slapo-refint.5
@@ -1,5 +1,5 @@
.TH SLAPO-REFINT 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
@@ -56,3 +56,5 @@ ETCDIR/slapd.conf
default slapd configuration file
.SH SEE ALSO
.BR slapd.conf (5).
+.SH ACKNOWLEDGEMENTS
+.so ../Project
diff --git a/doc/man/man5/slapo-retcode.5 b/doc/man/man5/slapo-retcode.5
index 1ee77d919c5cb5355933fb40516b4b403721a447..313dd228ebc026ad921fb35eccc2a0650b9a8a40 100644
--- a/doc/man/man5/slapo-retcode.5
+++ b/doc/man/man5/slapo-retcode.5
@@ -1,5 +1,5 @@
-.TH SLAPO-RETCODE5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2006 The OpenLDAP Foundation, All Rights Reserved.
+.TH SLAPO-RETCODE 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
.\" Copying restrictions apply. See the COPYRIGHT file.
.\" Copyright 2001, Pierangelo Masarati, All rights reserved. <ando@sys-net.it>
.\" $OpenLDAP$
@@ -58,16 +58,31 @@ If not defined, the suffix of the database is used.
.hy 0
.B retcode\-item <RDN> <errCode> [op=<oplist>] [text=<message>]
.B [ref=<referral>] [sleeptime=<sec>] [matched=<DN>]
+.B [unsolicited=<OID>[:<data>]] [flags=[{pre|post}-]disconnect[,...]]
.RS
A dynamically generated entry, located below \fBretcode\-parent\fP.
-The \fB<errCode>\fP is the number of the response code;
-it can be in any format supported by strtol.
-The optional \fB<oplist>\fP is a list of operations that cause
+The \fBerrCode\fP is the number of the response code;
+it can be in any format supported by
+.BR strtol (3).
+The optional \fBoplist\fP is a list of operations that cause
response code generation; if absent, all operations are affected.
The \fBmatched\fP field is the matched DN that is returned
-along with the error.
+along with the error, while the \fBtext\fP field is an optional
+diagnostics message.
The \fBref\fP field is only allowed for the \fBreferral\fP
response code.
+The \fBsleeptime\fP field causes
+.BR slapd (8)
+to sleep the specified number of seconds before proceeding
+with the operation.
+The \fBunsolicited\fP field can be used to cause the return
+of an RFC 4511 unsolicited response message; if \fBOID\fP
+is not "0", an extended response is generated, with the optional
+\fBdata\fP appended.
+If \fBflags\fP contains \fBdisconnect\fP, or \fBpre-disconnect\fP,
+.BR slapd (8)
+disconnects abruptly, without notice; \fBpost-disconnect\fP
+causes disconnection right after sending response as appropriate.
.RE
.TP
.B retcode\-indir
@@ -148,6 +163,40 @@ The matched DN returned to the client:
SINGLE-VALUE )
.RE
.LP
+The OID to be returned as extended response OID
+in RFC 4511 unsolicited responses
+("0" generates a regular response with msgid set to 0):
+.RS 4
+( 1.3.6.1.4.1.4203.666.11.4.1.6
+ NAME ( 'errUnsolicitedOID' )
+ DESC 'OID to be returned within unsolicited response'
+ EQUALITY objectIdentifierMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+ SINGLE-VALUE )
+.RE
+.LP
+The octet string to be returned as extended response data
+in RFC 4511 unsolicited response:
+.RS 4
+( 1.3.6.1.4.1.4203.666.11.4.1.7
+ NAME ( 'errUnsolicitedData' )
+ DESC 'Data to be returned within unsolicited response'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+ SINGLE-VALUE )
+.RE
+.LP
+If TRUE,
+.BR slapd (8)
+disconnects abruptly without notice; if FALSE, it disconnects
+after sending response as appropriate:
+.RS 4
+( 1.3.6.1.4.1.4203.666.11.4.1.8
+ NAME ( 'errDisconnect' )
+ DESC 'Disconnect without notice'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+.RE
+.LP
The abstract class that triggers the overlay:
.RS 4
( 1.3.6.1.4.1.4203.666.11.4.3.0
diff --git a/doc/man/man5/slapo-rwm.5 b/doc/man/man5/slapo-rwm.5
index 707576119418c67d3aa2904284b7bc0149b73760..9ab1c1b3b7f7a41c682d8a0fe0f7d79d84cbaf61 100644
--- a/doc/man/man5/slapo-rwm.5
+++ b/doc/man/man5/slapo-rwm.5
@@ -1,5 +1,5 @@
.TH SLAPO-RWM 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2006 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
.\" Copying restrictions apply. See the COPYRIGHT file.
.\" Copyright 2004, Pierangelo Masarati, All rights reserved. <ando@sys-net.it>
.\" $OpenLDAP$
diff --git a/doc/man/man5/slapo-syncprov.5 b/doc/man/man5/slapo-syncprov.5
index c23d4404961f3f6cbca90f8f209def1358d3e642..1b3059c3eb05c7db66ef2f154efd2b706be90d54 100644
--- a/doc/man/man5/slapo-syncprov.5
+++ b/doc/man/man5/slapo-syncprov.5
@@ -1,5 +1,5 @@
.TH SLAPO-SYNCPROV 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
@@ -73,3 +73,5 @@ default slapd configuration file
.BR slapd.conf (5),
.BR slapo-accesslog (5).
OpenLDAP Administrator's Guide.
+.SH ACKNOWLEDGEMENTS
+.so ../Project
diff --git a/doc/man/man5/slapo-translucent.5 b/doc/man/man5/slapo-translucent.5
index 676835e104ae88e9a077305d75c6a1cb91b10431..3afec26d721b3ac1d35c7ebdde9976fabf6ad8cb 100644
--- a/doc/man/man5/slapo-translucent.5
+++ b/doc/man/man5/slapo-translucent.5
@@ -1,5 +1,5 @@
.TH SLAPO-TRANSLUCENT 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
diff --git a/doc/man/man5/slapo-unique.5 b/doc/man/man5/slapo-unique.5
index 7f15231378780f22e22b1d636d45c0f7743a6a4b..e25df849188eb7d4750eecd80d466b5772006fb6 100644
--- a/doc/man/man5/slapo-unique.5
+++ b/doc/man/man5/slapo-unique.5
@@ -1,5 +1,5 @@
.TH SLAPO-UNIQUE 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
diff --git a/doc/man/man5/slapo-valsort.5 b/doc/man/man5/slapo-valsort.5
index 3e8618fa7d5255cb7646a71bd70e8c8e4087d3c1..3b483bb9c4576eaa128bc2f094dbe95badee24d2 100644
--- a/doc/man/man5/slapo-valsort.5
+++ b/doc/man/man5/slapo-valsort.5
@@ -1,5 +1,5 @@
.TH SLAPO-VALSORT 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2005-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2005-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
diff --git a/doc/man/man8/Makefile.in b/doc/man/man8/Makefile.in
index 439888c1679b3741c8182f5df1fb01c82a79ae9e..7578d4674ba802b16fc7445ca8b006eaf1721328 100644
--- a/doc/man/man8/Makefile.in
+++ b/doc/man/man8/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/doc/man/man8/slapacl.8 b/doc/man/man8/slapacl.8
index aa85d739ff830fd2945953746a3a02307ce1fb50..0da30cb51ab0b474b914671bccbad3afec13f613 100644
--- a/doc/man/man8/slapacl.8
+++ b/doc/man/man8/slapacl.8
@@ -1,5 +1,5 @@
.TH SLAPACL 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
slapacl \- Check access to a list of attributes.
@@ -26,8 +26,6 @@ It opens the
.BR slapd.conf (5)
configuration file, reads in the
.B access
-and
-.B defaultaccess
directives, and then parses the
.B attr
list given on the command-line; if none is given, access to the
diff --git a/doc/man/man8/slapadd.8 b/doc/man/man8/slapadd.8
index 6591b741c39108cbeac967e50c76cb9ef30d3c6e..deaea256658c80d7803cba2012efdacf50f14bc8 100644
--- a/doc/man/man8/slapadd.8
+++ b/doc/man/man8/slapadd.8
@@ -1,6 +1,6 @@
.TH SLAPADD 8C "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
slapadd \- Add entries to a SLAPD database
@@ -34,15 +34,6 @@ Databases configured as
.B subordinate
of this one are also updated, unless \fB-g\fP is specified.
The LDIF input is read from standard input or the specified file.
-.LP
-As
-.B slapadd
-is designed to accept LDIF in database order, as produced by
-.BR slapcat (8),
-it does not verify that superior entries exist before
-adding an entry, does not perform all user and system
-schema checks, and does not maintain operational
-attributes (such as createTimeStamp and modifiersName).
.SH OPTIONS
.TP
.BI \-b " suffix"
diff --git a/doc/man/man8/slapauth.8 b/doc/man/man8/slapauth.8
index dc22819af0e0ae9fdddf2d8de491b2c71d208c07..84201845048db140f1fed010883345f5209d1ff1 100644
--- a/doc/man/man8/slapauth.8
+++ b/doc/man/man8/slapauth.8
@@ -1,5 +1,5 @@
.TH SLAPAUTH 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
slapauth \- Check a list of string-represented IDs for authc/authz.
diff --git a/doc/man/man8/slapcat.8 b/doc/man/man8/slapcat.8
index 282d1390740dcf7784aad8c4bcd8338ff414ef4a..498d148125df576f6eadb718a4278472180d0da7 100644
--- a/doc/man/man8/slapcat.8
+++ b/doc/man/man8/slapcat.8
@@ -1,6 +1,6 @@
.TH SLAPCAT 8C "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
slapcat \- SLAPD database to LDIF utility
diff --git a/doc/man/man8/slapd.8 b/doc/man/man8/slapd.8
index d6561349490722efd445f7fb5adcb4af91a390b6..bb070483e19649f1ddd457e020f344be238ffda8 100644
--- a/doc/man/man8/slapd.8
+++ b/doc/man/man8/slapd.8
@@ -1,5 +1,5 @@
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.TH SLAPD 8C "RELEASEDATE" "OpenLDAP LDVERSION"
.SH NAME
diff --git a/doc/man/man8/slapdn.8 b/doc/man/man8/slapdn.8
index 9de3b483687d993a8aecb8ce630a3141ebf9b32b..4455dc960b798f749e71522c5b4ba460d4ed29e7 100644
--- a/doc/man/man8/slapdn.8
+++ b/doc/man/man8/slapdn.8
@@ -1,5 +1,5 @@
.TH SLAPDN 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
slapdn \- Check a list of string-represented DNs based on schema syntax.
diff --git a/doc/man/man8/slapindex.8 b/doc/man/man8/slapindex.8
index 08fbda411df2a264a0b672329def3f7eddaecd87..df309d59dc8fb4970ac1f83a245e6b686742377e 100644
--- a/doc/man/man8/slapindex.8
+++ b/doc/man/man8/slapindex.8
@@ -1,6 +1,6 @@
.TH SLAPINDEX 8C "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
slapindex \- SLAPD index to LDIF utility
@@ -16,6 +16,7 @@ slapindex \- SLAPD index to LDIF utility
.B [\-o name[=value]
.B [\-q]
.B [\-v]
+.B [attr] [...]
.B
.LP
.SH DESCRIPTION
@@ -118,6 +119,14 @@ To reindex your SLAPD database, give the command:
SBINDIR/slapindex
.ft
.fi
+To regenerate the index for only a specific attribute, e.g. "uid",
+give the command:
+.LP
+.nf
+.ft tt
+ SBINDIR/slapindex uid
+.ft
+.fi
.SH "SEE ALSO"
.BR ldap (3),
.BR ldif (5),
diff --git a/doc/man/man8/slappasswd.8 b/doc/man/man8/slappasswd.8
index 0048f7ed3a3079dfb8206f7d3b6fea38376833ff..420778a21735263f5dc84cc7567966f9d8617f4a 100644
--- a/doc/man/man8/slappasswd.8
+++ b/doc/man/man8/slappasswd.8
@@ -1,6 +1,6 @@
.TH SLAPPASSWD 8C "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
slappasswd \- OpenLDAP password utility
@@ -137,13 +137,13 @@ provides 31 characters of salt.
Omit the trailing newline; useful to pipe the credentials
into a command.
.SH LIMITATIONS
-The practice storing hashed passwords in userPassword violates
+The practice of storing hashed passwords in userPassword violates
Standard Track (RFC 4519) schema specifications and may hinder
interoperability. A new attribute type, authPassword, to hold
hashed passwords has been defined (RFC 3112), but is not yet
implemented in
.BR slapd (8).
-.TP
+.LP
It should also be noted that the behavior of
.BR crypt (3)
is platform specific.
@@ -151,7 +151,7 @@ is platform specific.
Use of hashed passwords does not protect passwords during
protocol transfer. TLS or other eavesdropping protections
should be in\-place before using LDAP simple bind.
-.TP
+.LP
The hashed password values should be protected as if they
were clear text passwords.
.SH "SEE ALSO"
diff --git a/doc/man/man8/slaptest.8 b/doc/man/man8/slaptest.8
index 16f759658059cf77427d4f2691f4d0018dd324e8..a9a66c62419039f2de2651e5d5d5ee5980825add 100644
--- a/doc/man/man8/slaptest.8
+++ b/doc/man/man8/slaptest.8
@@ -1,5 +1,5 @@
.TH SLAPTEST 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
slaptest \- Check the suitability of the slapd.conf file.
diff --git a/doc/man/man8/slurpd.8 b/doc/man/man8/slurpd.8
index 009e5855af1855a9b7e99683d5f73b5bcbb43c42..0f7a303c6f9306ca9346eafde424c098458eff72 100644
--- a/doc/man/man8/slurpd.8
+++ b/doc/man/man8/slurpd.8
@@ -1,6 +1,6 @@
.TH SLURPD 8C "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
slurpd \- Standalone LDAP Update Replication Daemon
diff --git a/include/Makefile.in b/include/Makefile.in
index 9a68ccf7d5508e0b729758dd5ec7350f38e95867..cd25dca8ab2cca531cc176c94410a9ca29640769 100644
--- a/include/Makefile.in
+++ b/include/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/include/ac/alloca.h b/include/ac/alloca.h
index 402f7405adf6c7e80d346cd6948222369b394ecd..20884dd9bcecf366b21516ac50d1cf1d6e29486b 100644
--- a/include/ac/alloca.h
+++ b/include/ac/alloca.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/ac/assert.h b/include/ac/assert.h
index 1c1117d6c4fb017b01c580f862d0c5d15e04efe1..30bef2860de60fd2096b62fa09c990335b545a2c 100644
--- a/include/ac/assert.h
+++ b/include/ac/assert.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/ac/bytes.h b/include/ac/bytes.h
index 24b0c2b6d019729636bed1f14b026d3c6faa8d38..f93729390c7e2d8732f85c101adf023255ce946c 100644
--- a/include/ac/bytes.h
+++ b/include/ac/bytes.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/ac/crypt.h b/include/ac/crypt.h
index bf8a349ab4ffd98192cff091df2c8ee9a588c99a..4596a06cbe83a06083c329dc7e55b635430c7caf 100644
--- a/include/ac/crypt.h
+++ b/include/ac/crypt.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/ac/ctype.h b/include/ac/ctype.h
index 23eabfdbb81afaee516e23a51e7ed6a6e26ff041..19ce83a174e6ba10e87dda92ea846d5261a58ab1 100644
--- a/include/ac/ctype.h
+++ b/include/ac/ctype.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/ac/dirent.h b/include/ac/dirent.h
index e996e7256b7b3b5cbff1fadb9b4019159c6ae7f6..169d29d5025137c7916bb9ba70ddd773112147ef 100644
--- a/include/ac/dirent.h
+++ b/include/ac/dirent.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/ac/errno.h b/include/ac/errno.h
index 178e80e45bb92a2f1d15359ec99c19ab09f6ffe7..89ef242ef7e6a9dc845c9b9cf76c932d4c817680 100644
--- a/include/ac/errno.h
+++ b/include/ac/errno.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/ac/fdset.h b/include/ac/fdset.h
index 6846f571ccdd722795e797faf25695561d54ccdf..294faf952254da5ad03ccdc252dda5f87a9511a2 100644
--- a/include/ac/fdset.h
+++ b/include/ac/fdset.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/ac/krb.h b/include/ac/krb.h
deleted file mode 100644
index 9500cfb919b4f8eea15fab39f568f996f3076b73..0000000000000000000000000000000000000000
--- a/include/ac/krb.h
+++ /dev/null
@@ -1,37 +0,0 @@
-/* Generic krb.h */
-/* $OpenLDAP$ */
-/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
- *
- * Copyright 1998-2006 The OpenLDAP Foundation.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted only as authorized by the OpenLDAP
- * Public License.
- *
- * A copy of this license is available in file LICENSE in the
- * top-level directory of the distribution or, alternatively, at
- * <http://www.OpenLDAP.org/license.html>.
- */
-
-/* Kerberos IV */
-
-#ifndef _AC_KRB_H
-#define _AC_KRB_H
-
-#if defined( HAVE_KRB4 )
-
-#if defined( HAVE_KERBEROSIV_KRB_H )
-#include <kerberosIV/krb.h>
-#elif defined( HAVE_KRB_H )
-#include <krb.h>
-#endif
-
-#if defined( HAVE_KERBEROSIV_DES_H )
-#include <kerberosIV/des.h>
-#elif defined( HAVE_DES_H )
-#include <des.h>
-#endif
-
-#endif /* HAVE_KRB4 */
-#endif /* _AC_KRB_H */
diff --git a/include/ac/krb5.h b/include/ac/krb5.h
deleted file mode 100644
index 1a78e781a13adfe9f33f878aa5dccd32496d9833..0000000000000000000000000000000000000000
--- a/include/ac/krb5.h
+++ /dev/null
@@ -1,26 +0,0 @@
-/* Generic krb.h */
-/* $OpenLDAP$ */
-/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
- *
- * Copyright 1998-2006 The OpenLDAP Foundation.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted only as authorized by the OpenLDAP
- * Public License.
- *
- * A copy of this license is available in file LICENSE in the
- * top-level directory of the distribution or, alternatively, at
- * <http://www.OpenLDAP.org/license.html>.
- */
-
-/* Kerberos V */
-
-#ifndef _AC_KRB5_H
-#define _AC_KRB5_H
-
-#if defined( HAVE_KRB5 )
-#include <krb5.h>
-#endif /* HAVE_KRB5 */
-
-#endif /* _AC_KRB5_H */
diff --git a/include/ac/localize.h b/include/ac/localize.h
index c0f3112c226f3f4ae69eefeda3c6105550e0209d..3d2444c0d27855dedc0b0312a64e6ede22402983 100644
--- a/include/ac/localize.h
+++ b/include/ac/localize.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/ac/param.h b/include/ac/param.h
index 6f1c598129d5d5a1bff36b0fbc6494b0aff299a3..b7cb855fb7c58393fc5bdb83902bebcf8d1f3317 100644
--- a/include/ac/param.h
+++ b/include/ac/param.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/ac/regex.h b/include/ac/regex.h
index 23bd54deb765edffcfe1137707ef8e2bbe537aa2..b12617be9950fb8d0e2a3079a9ee614bfe15032f 100644
--- a/include/ac/regex.h
+++ b/include/ac/regex.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/ac/setproctitle.h b/include/ac/setproctitle.h
index bf847a292d83ad6ba8c7fe8e3f393d09eb3351f2..84e165bd8fed53bf2ff455230eaada45cbabd6f1 100644
--- a/include/ac/setproctitle.h
+++ b/include/ac/setproctitle.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/ac/signal.h b/include/ac/signal.h
index 5ff86f2526bacf46311dae03400aa4e94dfe2eca..1b20a2942011311eb5afff421750f413d93b29a3 100644
--- a/include/ac/signal.h
+++ b/include/ac/signal.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/ac/socket.h b/include/ac/socket.h
index f7534b9e328a88622e215266a29d48090e0502ec..0496c4d62c92e079bf101ac64e00c7d6219e01ec 100644
--- a/include/ac/socket.h
+++ b/include/ac/socket.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/ac/stdarg.h b/include/ac/stdarg.h
index 06916b42f729cba995f99164ee5cce7f1345d406..b32d3580be03353068f9c71450b7d5113fa0e824 100644
--- a/include/ac/stdarg.h
+++ b/include/ac/stdarg.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/ac/stdlib.h b/include/ac/stdlib.h
index 3ddabbb9da7cb1838fbfec0e479bd5cf948e448a..4cab5f6371e8f2444e890d25f97bafe27aaa119d 100644
--- a/include/ac/stdlib.h
+++ b/include/ac/stdlib.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/ac/string.h b/include/ac/string.h
index ce1b73a5b5a11cf9d5d8cb3086f1c325b49a6704..1791ee6af56f4b238e1fb032803294b53a10f89d 100644
--- a/include/ac/string.h
+++ b/include/ac/string.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/ac/sysexits.h b/include/ac/sysexits.h
index 04e4ea8801c0945344081d8cd75dfa9180832bac..f53c49f5abe12170630ae6cd660f6c69d25b7c8b 100644
--- a/include/ac/sysexits.h
+++ b/include/ac/sysexits.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/ac/syslog.h b/include/ac/syslog.h
index b742d0a6f89e89b3310d8c68cbed2760f252eb9f..cd13c5ad0fc2e6aa073bd2af3ee45544bdd883c0 100644
--- a/include/ac/syslog.h
+++ b/include/ac/syslog.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/ac/termios.h b/include/ac/termios.h
index 009dfbd0dde3d8b68664647e03172fdbd7520ed0..51f4c34ef756f1dd764a99464dfc07f23c1aafb1 100644
--- a/include/ac/termios.h
+++ b/include/ac/termios.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/ac/time.h b/include/ac/time.h
index d4e4e4a605c034fb9450dbcc7c5a4e6386925e07..6dd5b541dc6dd2a9ee951072ca712e1f88205046 100644
--- a/include/ac/time.h
+++ b/include/ac/time.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/ac/unistd.h b/include/ac/unistd.h
index a00c2e49e88b47cf8c248e87bf4f9242032087f8..dd3c2788ae83cf1e8db423ebed6aff48d4b24868 100644
--- a/include/ac/unistd.h
+++ b/include/ac/unistd.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/ac/wait.h b/include/ac/wait.h
index b633cf676821fa99a744930f26bfe5a1171126b7..705a2de41f3beaca610c5f7f5938f532cca2d733 100644
--- a/include/ac/wait.h
+++ b/include/ac/wait.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/avl.h b/include/avl.h
index 7b1bafb14e7bd52cb020b37aabf6190f715188c5..e583c40d6cf45c5dce51d571d0807644a0226636 100644
--- a/include/avl.h
+++ b/include/avl.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/getopt-compat.h b/include/getopt-compat.h
index 4f6a362d2a3ce30abf0d1be87cacfe978b22945c..a1b71f722c4aa64b0d8bb85a88af58d31dbafdb1 100644
--- a/include/getopt-compat.h
+++ b/include/getopt-compat.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/lber.h b/include/lber.h
index 522ff4c88703763b638fcdb83dd5e5eb3181d75b..5fb2c8a9ee73e247d21d954ab27ab758ec039021 100644
--- a/include/lber.h
+++ b/include/lber.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/lber_pvt.h b/include/lber_pvt.h
index 4cf90bc6614464811ebaab51698dbb5a39d1c0f5..f0659a685720386e5a9179c7739ad93cdea49a7c 100644
--- a/include/lber_pvt.h
+++ b/include/lber_pvt.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -145,6 +145,9 @@ ber_bvarray_free_x LDAP_P(( BerVarray p, void *ctx ));
LBER_F( int )
ber_bvarray_add_x LDAP_P(( BerVarray *p, BerValue *bv, void *ctx ));
+LBER_F( int )
+ber_bvarray_dup_x LDAP_P(( BerVarray *dst, BerVarray src, void *ctx ));
+
#if 0
#define ber_bvstrcmp(v1,v2) \
((v1)->bv_len < (v2)->bv_len \
diff --git a/include/lber_types.hin b/include/lber_types.hin
index ea8018b6831e625b1f7afa7d1ca8ea0ac15ef685..291b816384082339f3a6756e1faf2542a82b4d8c 100644
--- a/include/lber_types.hin
+++ b/include/lber_types.hin
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/ldap.h b/include/ldap.h
index b7603745370ec97599d76883227682ed3ce9856a..759b9ba01d62ecdcbe97228eb8dcff6c4b68ec39 100644
--- a/include/ldap.h
+++ b/include/ldap.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -122,6 +122,7 @@ LDAP_BEGIN_DECL
#define LDAP_OPT_REFERRAL_URLS 0x5007 /* Referral URLs */
#define LDAP_OPT_SOCKBUF 0x5008 /* sockbuf */
#define LDAP_OPT_DEFBASE 0x5009 /* searchbase */
+#define LDAP_OPT_CONNECT_ASYNC 0x5010 /* create connections asynchronously */
/* OpenLDAP TLS options */
#define LDAP_OPT_X_TLS 0x6000
@@ -653,6 +654,7 @@ typedef struct ldapcontrol {
#define LDAP_MORE_RESULTS_TO_RETURN (-15) /* Obsolete */
#define LDAP_CLIENT_LOOP (-16)
#define LDAP_REFERRAL_LIMIT_EXCEEDED (-17)
+#define LDAP_X_CONNECTING (-18)
/*
@@ -735,6 +737,138 @@ typedef struct ldap_url_desc {
#define LDAP_URL_ERR_BADFILTER 0x09 /* bad or missing filter */
#define LDAP_URL_ERR_BADEXTS 0x0a /* bad or missing extensions */
+/*
+ * LDAP sync (RFC4533) API
+ */
+
+typedef struct ldap_sync_t ldap_sync_t;
+
+typedef enum {
+ /* these are private - the client should never see them */
+ LDAP_SYNC_CAPI_NONE = -1,
+
+ LDAP_SYNC_CAPI_PHASE_FLAG = 0x10U,
+ LDAP_SYNC_CAPI_IDSET_FLAG = 0x20U,
+ LDAP_SYNC_CAPI_DONE_FLAG = 0x40U,
+
+ /* these are passed to ls_search_entry() */
+ LDAP_SYNC_CAPI_PRESENT = LDAP_SYNC_PRESENT,
+ LDAP_SYNC_CAPI_ADD = LDAP_SYNC_ADD,
+ LDAP_SYNC_CAPI_MODIFY = LDAP_SYNC_MODIFY,
+ LDAP_SYNC_CAPI_DELETE = LDAP_SYNC_DELETE,
+
+ /* these are passed to ls_intermediate() */
+ LDAP_SYNC_CAPI_PRESENTS = ( LDAP_SYNC_CAPI_PHASE_FLAG | LDAP_SYNC_CAPI_PRESENT ),
+ LDAP_SYNC_CAPI_DELETES = ( LDAP_SYNC_CAPI_PHASE_FLAG | LDAP_SYNC_CAPI_DELETE ),
+
+ LDAP_SYNC_CAPI_PRESENTS_IDSET = ( LDAP_SYNC_CAPI_PRESENTS | LDAP_SYNC_CAPI_IDSET_FLAG ),
+ LDAP_SYNC_CAPI_DELETES_IDSET = ( LDAP_SYNC_CAPI_DELETES | LDAP_SYNC_CAPI_IDSET_FLAG ),
+
+ LDAP_SYNC_CAPI_DONE = ( LDAP_SYNC_CAPI_DONE_FLAG | LDAP_SYNC_CAPI_PRESENTS )
+} ldap_sync_refresh_t;
+
+/*
+ * Called when an entry is returned by ldap_result().
+ * If phase is LDAP_SYNC_CAPI_ADD or LDAP_SYNC_CAPI_MODIFY,
+ * the entry has been either added or modified, and thus
+ * the complete view of the entry should be in the LDAPMessage.
+ * If phase is LDAP_SYNC_CAPI_PRESENT or LDAP_SYNC_CAPI_DELETE,
+ * only the DN should be in the LDAPMessage.
+ */
+typedef int (*ldap_sync_search_entry_f) LDAP_P((
+ ldap_sync_t *ls,
+ LDAPMessage *msg,
+ struct berval *entryUUID,
+ ldap_sync_refresh_t phase ));
+
+/*
+ * Called when a reference is returned; the client should know
+ * what to do with it.
+ */
+typedef int (*ldap_sync_search_reference_f) LDAP_P((
+ ldap_sync_t *ls,
+ LDAPMessage *msg ));
+
+/*
+ * Called when specific intermediate/final messages are returned.
+ * If phase is LDAP_SYNC_CAPI_PRESENTS or LDAP_SYNC_CAPI_DELETES,
+ * a "presents" or "deletes" phase begins.
+ * If phase is LDAP_SYNC_CAPI_DONE, a special "presents" phase
+ * with refreshDone set to "TRUE" has been returned, to indicate
+ * that the refresh phase of a refreshAndPersist is complete.
+ * In the above cases, syncUUIDs is NULL.
+ *
+ * If phase is LDAP_SYNC_CAPI_PRESENTS_IDSET or
+ * LDAP_SYNC_CAPI_DELETES_IDSET, syncUUIDs is an array of UUIDs
+ * that are either present or have been deleted.
+ */
+typedef int (*ldap_sync_intermediate_f) LDAP_P((
+ ldap_sync_t *ls,
+ LDAPMessage *msg,
+ BerVarray syncUUIDs,
+ ldap_sync_refresh_t phase ));
+
+/*
+ * Called when a searchResultDone is returned. In refreshAndPersist,
+ * this can only occur if the search for any reason is being terminated
+ * by the server.
+ */
+typedef int (*ldap_sync_search_result_f) LDAP_P((
+ ldap_sync_t *ls,
+ LDAPMessage *msg,
+ int refreshDeletes ));
+
+/*
+ * This structure contains all information about the persistent search;
+ * the caller is responsible for connecting, setting version, binding, tls...
+ */
+struct ldap_sync_t {
+ /* conf search params */
+ char *ls_base;
+ int ls_scope;
+ char *ls_filter;
+ char **ls_attrs;
+ int ls_timelimit;
+ int ls_sizelimit;
+
+ /* poll timeout */
+ int ls_timeout;
+
+ /* helpers - add as appropriate */
+ ldap_sync_search_entry_f ls_search_entry;
+ ldap_sync_search_reference_f ls_search_reference;
+ ldap_sync_intermediate_f ls_intermediate;
+ ldap_sync_search_result_f ls_search_result;
+
+ /* set by the caller as appropriate */
+ void *ls_private;
+
+ /* conn stuff */
+ LDAP *ls_ld;
+
+ /* --- the parameters below are private - do not modify --- */
+
+ /* FIXME: make the structure opaque, and provide an interface
+ * to modify the public values? */
+
+ /* result stuff */
+ int ls_msgid;
+
+ /* sync stuff */
+ /* needed by refreshOnly */
+ int ls_reloadHint;
+
+ /* opaque - need to pass between sessions, updated by the API */
+ struct berval ls_cookie;
+
+ /* state variable - do not modify */
+ ldap_sync_refresh_t ls_refreshPhase;
+};
+
+/*
+ * End of LDAP sync (RFC4533) API
+ */
+
/*
* The API draft spec says we should declare (or cause to be declared)
* 'struct timeval'. We don't. See IETF LDAPext discussions.
@@ -1019,35 +1153,6 @@ ldap_simple_bind_s LDAP_P(( /* deprecated, use ldap_sasl_bind_s */
LDAP_CONST char *who,
LDAP_CONST char *passwd ));
-
-/*
- * in kbind.c:
- * (deprecated - use SASL instead)
- */
-LDAP_F( int )
-ldap_kerberos_bind_s LDAP_P(( /* deprecated */
- LDAP *ld,
- LDAP_CONST char *who ));
-
-LDAP_F( int )
-ldap_kerberos_bind1 LDAP_P(( /* deprecated */
- LDAP *ld,
- LDAP_CONST char *who ));
-
-LDAP_F( int )
-ldap_kerberos_bind1_s LDAP_P(( /* deprecated */
- LDAP *ld,
- LDAP_CONST char *who ));
-
-LDAP_F( int )
-ldap_kerberos_bind2 LDAP_P(( /* deprecated */
- LDAP *ld,
- LDAP_CONST char *who ));
-
-LDAP_F( int )
-ldap_kerberos_bind2_s LDAP_P(( /* deprecated */
- LDAP *ld,
- LDAP_CONST char *who ));
#endif
@@ -1577,7 +1682,7 @@ ldap_count_values LDAP_P(( /* deprecated, use ldap_count_values_len */
char **vals ));
LDAP_F( void )
-ldap_value_free LDAP_P(( /* deprecated, use ldap_values_free_len */
+ldap_value_free LDAP_P(( /* deprecated, use ldap_value_free_len */
char **vals ));
#endif
@@ -2120,5 +2225,53 @@ ldap_txn_end_s LDAP_P(( LDAP *ld,
int *retidp ));
#endif
+/*
+ * in ldap_sync.c
+ */
+
+/*
+ * initialize the persistent search structure
+ */
+LDAP_F( ldap_sync_t * )
+ldap_sync_initialize LDAP_P((
+ ldap_sync_t *ls ));
+
+/*
+ * destroy the persistent search structure
+ */
+LDAP_F( void )
+ldap_sync_destroy LDAP_P((
+ ldap_sync_t *ls,
+ int freeit ));
+
+/*
+ * initialize a refreshOnly sync
+ */
+LDAP_F( int )
+ldap_sync_init LDAP_P((
+ ldap_sync_t *ls,
+ int mode ));
+
+/*
+ * initialize a refreshOnly sync
+ */
+LDAP_F( int )
+ldap_sync_init_refresh_only LDAP_P((
+ ldap_sync_t *ls ));
+
+/*
+ * initialize a refreshAndPersist sync
+ */
+LDAP_F( int )
+ldap_sync_init_refresh_and_persist LDAP_P((
+ ldap_sync_t *ls ));
+
+/*
+ * poll for new responses
+ */
+LDAP_F( int )
+ldap_sync_poll LDAP_P((
+ ldap_sync_t *ls ));
+
LDAP_END_DECL
#endif /* _LDAP_H */
diff --git a/include/ldap_cdefs.h b/include/ldap_cdefs.h
index b4955ea50a6bd609fc7f642de35ea44d92015a70..9cf0277097f166e1ead43e83bd0d6a41f796c55a 100644
--- a/include/ldap_cdefs.h
+++ b/include/ldap_cdefs.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/ldap_config.hin b/include/ldap_config.hin
index 899e3b3107e052f27a409b9080f550f98c5a5c2b..5d8132b7c4a0f7c8bd2611220a26a74e9fdc4995 100644
--- a/include/ldap_config.hin
+++ b/include/ldap_config.hin
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/ldap_defaults.h b/include/ldap_defaults.h
index b7b481f666b924322aa922d2acd4ea911c73b8a8..99c1d5908e1ceac7d6ac6877eb0ffefc8af67598 100644
--- a/include/ldap_defaults.h
+++ b/include/ldap_defaults.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/ldap_features.hin b/include/ldap_features.hin
index cd96921b8833c07cb8e99ee176f2028c49586b53..8962b648cb79e9189611ce32559c1e976ff5da93 100644
--- a/include/ldap_features.hin
+++ b/include/ldap_features.hin
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -54,9 +54,6 @@
/* is -lldap_r available or not */
#undef LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE
-/* LDAP v2 Kerberos Bind */
-#undef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
-
/* LDAP v2 Referrals */
#undef LDAP_API_FEATURE_X_OPENLDAP_V2_REFERRALS
diff --git a/include/ldap_int_thread.h b/include/ldap_int_thread.h
index 46c79ae8de6d59b29b63961d5dd23c22070dd80f..d6a6d779575564762c1c324635562ea9acfcb270 100644
--- a/include/ldap_int_thread.h
+++ b/include/ldap_int_thread.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -63,7 +63,7 @@ typedef pthread_cond_t ldap_int_thread_cond_t;
#define LDAP_THREAD_HAVE_SETCONCURRENCY 1
#endif
-#if 0 && defined( HAVE_PTHREAD_RWLOCK_DESTROY )
+#if defined( HAVE_PTHREAD_RWLOCK_DESTROY )
#define LDAP_THREAD_HAVE_RDWR 1
typedef pthread_rwlock_t ldap_int_thread_rdwr_t;
#endif
diff --git a/include/ldap_log.h b/include/ldap_log.h
index f414d45a03311b345de92a3ba32acc46bac08455..ca8274c241df125d7f88216977f0ebbe637351a7 100644
--- a/include/ldap_log.h
+++ b/include/ldap_log.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/ldap_pvt.h b/include/ldap_pvt.h
index 8048e6192fba4b1278bbec4242a86cafd7e608a4..bc9c90662c36afd6a98ffe3ad56c28df9bea9194 100644
--- a/include/ldap_pvt.h
+++ b/include/ldap_pvt.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -27,6 +27,7 @@ LDAP_BEGIN_DECL
#define LDAP_PROTO_TCP 1 /* ldap:// */
#define LDAP_PROTO_UDP 2 /* reserved */
#define LDAP_PROTO_IPC 3 /* ldapi:// */
+#define LDAP_PROTO_EXT 4 /* user-defined socket/sockbuf */
LDAP_F ( int )
ldap_pvt_url_scheme2proto LDAP_P((
@@ -224,14 +225,21 @@ LDAP_F (void) ldap_pvt_sasl_remove LDAP_P(( struct sockbuf * ));
struct ldap;
struct ldapmsg;
-LDAP_F (int) ldap_open_internal_connection LDAP_P((
- struct ldap **ldp, ber_socket_t *fdp ));
+/* abandon */
+LDAP_F ( int ) ldap_pvt_discard LDAP_P((
+ struct ldap *ld, ber_int_t msgid ));
/* messages.c */
LDAP_F( BerElement * )
ldap_get_message_ber LDAP_P((
struct ldapmsg * ));
+/* open */
+LDAP_F (int) ldap_open_internal_connection LDAP_P((
+ struct ldap **ldp, ber_socket_t *fdp ));
+LDAP_F (int) ldap_init_fd LDAP_P((
+ ber_socket_t fd, int proto, LDAP_CONST char *url, struct ldap **ldp ));
+
/* search.c */
LDAP_F( int ) ldap_pvt_put_filter LDAP_P((
BerElement *ber,
diff --git a/include/ldap_pvt_thread.h b/include/ldap_pvt_thread.h
index c2c515f205d3422ab31de1ae8d7bd3971b7d3b71..ddc0302a83cf12cfdf58afb91760e6d024df3699 100644
--- a/include/ldap_pvt_thread.h
+++ b/include/ldap_pvt_thread.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -212,6 +212,7 @@ ldap_pvt_thread_pool_maxthreads LDAP_P((
ldap_pvt_thread_pool_t *pool,
int max_threads ));
+#ifndef LDAP_PVT_THREAD_H_DONE
typedef enum {
LDAP_PVT_THREAD_POOL_PARAM_UNKNOWN = -1,
LDAP_PVT_THREAD_POOL_PARAM_MAX,
@@ -226,6 +227,7 @@ typedef enum {
LDAP_PVT_THREAD_POOL_PARAM_BACKLOAD_MAX,
LDAP_PVT_THREAD_POOL_PARAM_STATE
} ldap_pvt_thread_pool_param_t;
+#endif /* !LDAP_PVT_THREAD_H_DONE */
LDAP_F( int )
ldap_pvt_thread_pool_query LDAP_P((
diff --git a/include/ldap_pvt_uc.h b/include/ldap_pvt_uc.h
index 7c92d060d1ab1987bb756b2111dc16a3d65e57d9..9101ad7f1b62dcaebf217d25e44bd4c6b1aea6de 100644
--- a/include/ldap_pvt_uc.h
+++ b/include/ldap_pvt_uc.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/ldap_queue.h b/include/ldap_queue.h
index 5c579a400d8349a14fd80776b78f9f41617d83e2..b880cc3a98d164cd3deb2ca8c3aad2b7e35d4686 100644
--- a/include/ldap_queue.h
+++ b/include/ldap_queue.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -111,6 +111,7 @@
* _HEAD + + + + +
* _ENTRY + + + + +
* _INIT + + + + +
+ * _ENTRY_INIT + + + + +
* _EMPTY + + + + +
* _FIRST + + + + +
* _NEXT + + + + +
@@ -160,6 +161,10 @@ struct { \
(head)->slh_first = NULL; \
}
+#define LDAP_SLIST_ENTRY_INIT(var, field) { \
+ (var)->field.sle_next = NULL; \
+}
+
#define LDAP_SLIST_INSERT_AFTER(slistelm, elm, field) do { \
(elm)->field.sle_next = (slistelm)->field.sle_next; \
(slistelm)->field.sle_next = (elm); \
@@ -219,6 +224,10 @@ struct { \
(head)->stqh_last = &(head)->stqh_first; \
} while (0)
+#define LDAP_STAILQ_ENTRY_INIT(var, field) { \
+ (entry)->field.stqe_next = NULL; \
+}
+
#define LDAP_STAILQ_FIRST(head) ((head)->stqh_first)
#define LDAP_STAILQ_LAST(head, type, field) \
@@ -310,6 +319,11 @@ struct { \
(head)->lh_first = NULL; \
} while (0)
+#define LDAP_LIST_ENTRY_INIT(var, field) do { \
+ (var)->field.le_next = NULL; \
+ (var)->field.le_prev = NULL; \
+} while (0)
+
#define LDAP_LIST_INSERT_AFTER(listelm, elm, field) do { \
if (((elm)->field.le_next = (listelm)->field.le_next) != NULL) \
(listelm)->field.le_next->field.le_prev = \
@@ -396,6 +410,11 @@ struct { \
(head)->tqh_last = &(head)->tqh_first; \
} while (0)
+#define LDAP_TAILQ_ENTRY_INIT(var, field) do { \
+ (var)->field.tqe_next = NULL; \
+ (var)->field.tqe_prev = NULL; \
+} while (0)
+
#define LDAP_TAILQ_INSERT_HEAD(head, elm, field) do { \
if (((elm)->field.tqe_next = (head)->tqh_first) != NULL) \
(head)->tqh_first->field.tqe_prev = \
@@ -476,6 +495,11 @@ struct { \
(head)->cqh_last = (void *)(head); \
} while (0)
+#define LDAP_CIRCLEQ_ENTRY_INIT(var, field) do { \
+ (var)->field.cqe_next = NULL; \
+ (var)->field.cqe_prev = NULL; \
+} while (0)
+
#define LDAP_CIRCLEQ_INSERT_AFTER(head, listelm, elm, field) do { \
(elm)->field.cqe_next = (listelm)->field.cqe_next; \
(elm)->field.cqe_prev = (listelm); \
diff --git a/include/ldap_rq.h b/include/ldap_rq.h
index 1e3aea16f161a9dbd23eb52b8a9720c3e3854fc9..3f0cb1fe587e226954b436648b0731fd564d873e 100644
--- a/include/ldap_rq.h
+++ b/include/ldap_rq.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/ldap_schema.h b/include/ldap_schema.h
index fee1eacac9f02df20ffb7078c2e8e171da8263f1..2aaaa1e0f8e9616609a6657ec942fef50bf12241 100644
--- a/include/ldap_schema.h
+++ b/include/ldap_schema.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/ldap_utf8.h b/include/ldap_utf8.h
index 8dcfc81b9effe7bcb6661afc7fdfc666e66874ea..d9cdc8f214f6958d9a8d2cd2089575381412467d 100644
--- a/include/ldap_utf8.h
+++ b/include/ldap_utf8.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/ldif.h b/include/ldif.h
index 656b7a06d86be8535201b69d516edb2d98d0ddc1..9ffb8ee2712088af2d38ba7c78b0dc800b4c2f41 100644
--- a/include/ldif.h
+++ b/include/ldif.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/lutil.h b/include/lutil.h
index 1fd11221e93996217baf3bdea16fff94cdbe93a3..49ea7951938dbc163b0e516b1b3b9d6d7ae0fc5d 100644
--- a/include/lutil.h
+++ b/include/lutil.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -158,6 +158,7 @@ typedef struct lutil_tm {
int tm_mon; /* month 0-11 */
int tm_year; /* year - 1900 */
int tm_usec; /* microseconds */
+ int tm_usub; /* submicro */
} lutil_tm;
typedef struct lutil_timet {
@@ -166,14 +167,20 @@ typedef struct lutil_timet {
unsigned int tt_usec; /* microseconds */
} lutil_timet;
+/* Parse a timestamp string into a structure */
LDAP_LUTIL_F( int )
lutil_parsetime LDAP_P((
char *atm, struct lutil_tm * ));
+/* Convert structured time to time in seconds since 1900 */
LDAP_LUTIL_F( int )
lutil_tm2time LDAP_P((
struct lutil_tm *, struct lutil_timet * ));
+/* Get current time as a structured time */
+LDAP_LUTIL_F( void )
+lutil_gettime LDAP_P(( struct lutil_tm * ));
+
#ifdef _WIN32
LDAP_LUTIL_F( void )
lutil_slashpath LDAP_P(( char* path ));
@@ -290,12 +297,39 @@ lutil_atoulx( unsigned long *v, const char *s, int x );
#define lutil_atol(v, s) lutil_atolx((v), (s), 10)
#define lutil_atoul(v, s) lutil_atoulx((v), (s), 10)
+/* Parse and unparse time intervals */
LDAP_LUTIL_F (int)
lutil_parse_time( const char *in, unsigned long *tp );
LDAP_LUTIL_F (int)
lutil_unparse_time( char *buf, size_t buflen, unsigned long t );
+#ifdef timerdiv
+#define lutil_timerdiv timerdiv
+#else /* ! timerdiv */
+/* works inplace (x == t) */
+#define lutil_timerdiv(t,d,x) \
+ do { \
+ time_t s = (t)->tv_sec; \
+ assert( d > 0 ); \
+ (x)->tv_sec = s / d; \
+ (x)->tv_usec = ( (t)->tv_usec + 1000000 * ( s % d ) ) / d; \
+ } while ( 0 )
+#endif /* ! timerdiv */
+
+#ifdef timermul
+#define lutil_timermul timermul
+#else /* ! timermul */
+/* works inplace (x == t) */
+#define lutil_timermul(t,m,x) \
+ do { \
+ time_t u = (t)->tv_usec * m; \
+ assert( m > 0 ); \
+ (x)->tv_sec = (t)->tv_sec * m + u / 1000000; \
+ (x)->tv_usec = u % 1000000; \
+ } while ( 0 );
+#endif /* ! timermul */
+
LDAP_END_DECL
#endif /* _LUTIL_H */
diff --git a/include/lutil_hash.h b/include/lutil_hash.h
index aa134ec68866a4901927c35a3035f057ac8b1988..59f6f195f0eea0e3e4c2dbc385a0caec6ac14042 100644
--- a/include/lutil_hash.h
+++ b/include/lutil_hash.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/lutil_ldap.h b/include/lutil_ldap.h
index b48bc6547eb9ccc827be9750eb1d5c1d95a31a9b..5de24ab6934cd43b875d836f21bb99f4822894f1 100644
--- a/include/lutil_ldap.h
+++ b/include/lutil_ldap.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/lutil_lockf.h b/include/lutil_lockf.h
index e60f0b1340450098dc9687f730584240b6cd281d..45920b0746f90063826c360335aee1a23d0517f0 100644
--- a/include/lutil_lockf.h
+++ b/include/lutil_lockf.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/lutil_md5.h b/include/lutil_md5.h
index c56f5e90c6ad5ee65a8ec791a4da4a3e8ee55f44..eec1b17981517b60d81302c68c4c985026cbad0b 100644
--- a/include/lutil_md5.h
+++ b/include/lutil_md5.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/lutil_sha1.h b/include/lutil_sha1.h
index 37b209fec5afd2f0badad8a6424d332eb0d14bcb..57a1369024e5b51a33a788e67257116d90c3f88e 100644
--- a/include/lutil_sha1.h
+++ b/include/lutil_sha1.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/include/portable.hin b/include/portable.hin
index ba3be72eb18a975f4f8f23fe40cbf15eac8dbe81..b31e486f17c2a2dd83f59e693d5da530f13f87bf 100644
--- a/include/portable.hin
+++ b/include/portable.hin
@@ -4,7 +4,7 @@
/* begin of portable.h.pre */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation
+ * Copyright 1998-2007 The OpenLDAP Foundation
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -132,12 +132,6 @@
/* Define to 1 if you have the <db.h> header file. */
#undef HAVE_DB_H
-/* define if you have Kerberos des_debug */
-#undef HAVE_DES_DEBUG
-
-/* Define to 1 if you have the <des.h> header file. */
-#undef HAVE_DES_H
-
/* define if your system supports /dev/poll */
#undef HAVE_DEVPOLL
@@ -250,12 +244,6 @@
/* Define to 1 if you have the <grp.h> header file. */
#undef HAVE_GRP_H
-/* define if you have HEIMDAL Kerberos */
-#undef HAVE_HEIMDAL_KERBEROS
-
-/* Define to 1 if you have the <heim_err.h> header file. */
-#undef HAVE_HEIM_ERR_H
-
/* Define to 1 if you have the `hstrerror' function. */
#undef HAVE_HSTRERROR
@@ -283,36 +271,6 @@
/* Define to 1 if you have the <io.h> header file. */
#undef HAVE_IO_H
-/* define if you have Kerberos */
-#undef HAVE_KERBEROS
-
-/* Define to 1 if you have the <kerberosIV/des.h> header file. */
-#undef HAVE_KERBEROSIV_DES_H
-
-/* Define to 1 if you have the <kerberosIV/krb.h> header file. */
-#undef HAVE_KERBEROSIV_KRB_H
-
-/* define if you have Kerberos IV */
-#undef HAVE_KRB4
-
-/* define if you have Kerberos V with IV support */
-#undef HAVE_KRB425
-
-/* define if you have Kerberos V */
-#undef HAVE_KRB5
-
-/* Define to 1 if you have the <krb5.h> header file. */
-#undef HAVE_KRB5_H
-
-/* Define to 1 if you have the <krb-archaeology.h> header file. */
-#undef HAVE_KRB_ARCHAEOLOGY_H
-
-/* Define to 1 if you have the <krb.h> header file. */
-#undef HAVE_KRB_H
-
-/* define if you have Kth Kerberos */
-#undef HAVE_KTH_KERBEROS
-
/* Define to 1 if you have the `gen' library (-lgen). */
#undef HAVE_LIBGEN
@@ -463,7 +421,7 @@
/* Define to 1 if you have the `pthread_kill_other_threads_np' function. */
#undef HAVE_PTHREAD_KILL_OTHER_THREADS_NP
-/* Define to 1 if you have the `pthread_rwlock_destroy' function. */
+/* define if you have pthread_rwlock_destroy function */
#undef HAVE_PTHREAD_RWLOCK_DESTROY
/* Define to 1 if you have the `pthread_setconcurrency' function. */
@@ -819,9 +777,6 @@
/* define to 1 if library is thread safe */
#undef LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE
-/* define to LDAP VENDOR VERSION */
-#undef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
-
/* define to LDAP VENDOR VERSION */
#undef LDAP_API_FEATURE_X_OPENLDAP_V2_REFERRALS
@@ -972,18 +927,12 @@
/* define for Dynamic Directory Services overlay */
#undef SLAPD_OVER_DDS
-/* define for Deny Operation overlay */
-#undef SLAPD_OVER_DENYOP
-
/* define for Dynamic Group overlay */
#undef SLAPD_OVER_DYNGROUP
/* define for Dynamic List overlay */
#undef SLAPD_OVER_DYNLIST
-/* define for Last Modification overlay */
-#undef SLAPD_OVER_LASTMOD
-
/* define for Password Policy overlay */
#undef SLAPD_OVER_PPOLICY
diff --git a/include/rewrite.h b/include/rewrite.h
index 7277efc7fed4a69aafa268c9a58fc0a1fbb247a1..4709b078dbd526a9bfab72c1a6adb7ab6a04221d 100644
--- a/include/rewrite.h
+++ b/include/rewrite.h
@@ -2,7 +2,7 @@
*/
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
*
@@ -253,6 +253,46 @@ rewrite_param_destroy(
struct rewrite_info *info
);
+/*
+ * Mapping implementations
+ */
+
+struct rewrite_mapper;
+
+typedef void * (rewrite_mapper_config)(
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv );
+
+typedef int (rewrite_mapper_apply)(
+ void *ctx,
+ const char *arg,
+ struct berval *retval );
+
+typedef int (rewrite_mapper_destroy)(
+ void *ctx );
+
+typedef struct rewrite_mapper {
+ char *rm_name;
+ rewrite_mapper_config *rm_config;
+ rewrite_mapper_apply *rm_apply;
+ rewrite_mapper_destroy *rm_destroy;
+} rewrite_mapper;
+
+/* For dynamic loading and unloading of mappers */
+LDAP_REWRITE_F (int)
+rewrite_mapper_register(
+ const rewrite_mapper *map );
+
+LDAP_REWRITE_F (int)
+rewrite_mapper_unregister(
+ const rewrite_mapper *map );
+
+LDAP_REWRITE_F (const rewrite_mapper *)
+rewrite_mapper_find(
+ const char *name );
+
LDAP_END_DECL
#endif /* REWRITE_H */
diff --git a/include/slapi-plugin.h b/include/slapi-plugin.h
index 5598dcc4cba24d8348b5b867c19d91f35c37dc6d..b3589058f2b6a441e4ab567ad74f8b279e38aa6d 100644
--- a/include/slapi-plugin.h
+++ b/include/slapi-plugin.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* Portions Copyright 1997,2002,2003 IBM Corporation.
* All rights reserved.
*
diff --git a/include/sysexits-compat.h b/include/sysexits-compat.h
index 3f672bbcd5dd3c34000bd65b9ee6f0d6e8967317..7f422368ad74a8ef3c65991379743ec2f7bb44dd 100644
--- a/include/sysexits-compat.h
+++ b/include/sysexits-compat.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/Makefile.in b/libraries/Makefile.in
index b3354275d9f973c0b50b5c979f0871dd48033d35..e8cb7b63d38f05f91a16efb49b3e992238f4e83f 100644
--- a/libraries/Makefile.in
+++ b/libraries/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblber/Makefile.in b/libraries/liblber/Makefile.in
index 533b0f733fec9a3402afadb7eac1165baf2179b9..dbe51598855e215c1231c7c250dec53c97482db8 100644
--- a/libraries/liblber/Makefile.in
+++ b/libraries/liblber/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblber/assert.c b/libraries/liblber/assert.c
index 7bb556db584691c07e56e27fccf17bf8e4f6016f..131e7242283d7d8a3d8074c93f6f86c88a3a28f1 100644
--- a/libraries/liblber/assert.c
+++ b/libraries/liblber/assert.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblber/bprint.c b/libraries/liblber/bprint.c
index 73de9779be40796f8736dc257eb1cf75b182a69c..9bfc34f01e5cd638624c9768809fd2677d75c87a 100644
--- a/libraries/liblber/bprint.c
+++ b/libraries/liblber/bprint.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblber/debug.c b/libraries/liblber/debug.c
index 1e623c34827fd3eb039dc7596fd143a0c629bea4..a2166f021f622694679a205a5a56d74766ea16a0 100644
--- a/libraries/liblber/debug.c
+++ b/libraries/liblber/debug.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblber/decode.c b/libraries/liblber/decode.c
index 3ff84d34b80dbd39fa4f5297ddaee264d7b0c842..7e1343f9267e94dfc8e4a96c010bc6d3c6b34dbd 100644
--- a/libraries/liblber/decode.c
+++ b/libraries/liblber/decode.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblber/dtest.c b/libraries/liblber/dtest.c
index 071f255d76b1a5012f15ea61b3515e83f866690b..b28bf91a55e331a266b5b0e9182dbb9ee881f9b7 100644
--- a/libraries/liblber/dtest.c
+++ b/libraries/liblber/dtest.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblber/encode.c b/libraries/liblber/encode.c
index a8ca1c1725919b504a3023e9babd2a66514eedff..4272a5d9cf2043719667b162d749d8ab0f432a92 100644
--- a/libraries/liblber/encode.c
+++ b/libraries/liblber/encode.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblber/etest.c b/libraries/liblber/etest.c
index c6befe12d2a2356590d9d0d6da64e5c2f3b4f42f..b228c5e6999a41d1ba8d9fb6e2be332fa24599f7 100644
--- a/libraries/liblber/etest.c
+++ b/libraries/liblber/etest.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblber/idtest.c b/libraries/liblber/idtest.c
index b48925a4501ac01cf29ace48d4e96c05669fadbb..1102258d17ac1a0f36349373c3c5e9845d8a03ac 100644
--- a/libraries/liblber/idtest.c
+++ b/libraries/liblber/idtest.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblber/io.c b/libraries/liblber/io.c
index b697acee1fb008ef1c0fe6ffa0cabe3616ca9332..503735819f42a5c7737c3c69f561465b8bb8e2ae 100644
--- a/libraries/liblber/io.c
+++ b/libraries/liblber/io.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblber/lber-int.h b/libraries/liblber/lber-int.h
index 9840416ff667ccb14b3f8cbf69f522b8893dc7f6..4e73a58ebbe0f6c24323cec965398d227f1007e9 100644
--- a/libraries/liblber/lber-int.h
+++ b/libraries/liblber/lber-int.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblber/memory.c b/libraries/liblber/memory.c
index ddd78622f2547923b3519748c81cab0b6117da0e..0681869862b475253d4779aad4320a83c2741150 100644
--- a/libraries/liblber/memory.c
+++ b/libraries/liblber/memory.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -744,6 +744,33 @@ ber_bvarray_free( BerVarray a )
ber_bvarray_free_x(a, NULL);
}
+int
+ber_bvarray_dup_x( BerVarray *dst, BerVarray src, void *ctx )
+{
+ int i, j;
+ BerVarray new;
+
+ if ( !src ) {
+ *dst = NULL;
+ return 0;
+ }
+
+ for (i=0; !BER_BVISNULL( &src[i] ); i++) ;
+ new = ber_memalloc_x(( i+1 ) * sizeof(BerValue), ctx );
+ if ( !new )
+ return -1;
+ for (j=0; j<i; j++) {
+ ber_dupbv_x( &new[j], &src[j], ctx );
+ if ( BER_BVISNULL( &new[j] )) {
+ ber_bvarray_free_x( new, ctx );
+ return -1;
+ }
+ }
+ BER_BVZERO( &new[j] );
+ *dst = new;
+ return 0;
+}
+
int
ber_bvarray_add_x( BerVarray *a, BerValue *bv, void *ctx )
{
@@ -784,6 +811,7 @@ ber_bvarray_add_x( BerVarray *a, BerValue *bv, void *ctx )
(*a)[n++] = *bv;
(*a)[n].bv_val = NULL;
+ (*a)[n].bv_len = 0;
return n;
}
diff --git a/libraries/liblber/nt_err.c b/libraries/liblber/nt_err.c
index dde288a7e0f00c4846532cfff2608760eb7831ba..191ef4f2affc54be4fc4b46dcac0f89acd67ca79 100644
--- a/libraries/liblber/nt_err.c
+++ b/libraries/liblber/nt_err.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblber/options.c b/libraries/liblber/options.c
index 1d0919daa58728c665d53555ee13101826623349..41518d9503955f34bcc75627ce681b2b6ebe65cc 100644
--- a/libraries/liblber/options.c
+++ b/libraries/liblber/options.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblber/sockbuf.c b/libraries/liblber/sockbuf.c
index 27ed84e46653db056e80cc0e8dc2ecaa86bc1fb6..353d526320f30b0aa45b3b859096f74af56617bf 100644
--- a/libraries/liblber/sockbuf.c
+++ b/libraries/liblber/sockbuf.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblber/stdio.c b/libraries/liblber/stdio.c
index e6958c4849673471b02c3db44234477933bce484..cc949bf3db34a3f7268906a0c36ab165f9873485 100644
--- a/libraries/liblber/stdio.c
+++ b/libraries/liblber/stdio.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/libldap/Makefile.in b/libraries/libldap/Makefile.in
index 950d54c9c8af95d919344d419b79a899f89dfdd2..8b62c45cc1c873cae80fd3d878379e9cd1c889dc 100644
--- a/libraries/libldap/Makefile.in
+++ b/libraries/libldap/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
@@ -20,24 +20,24 @@ PROGRAMS = apitest dntest ftest ltest urltest
SRCS = bind.c open.c result.c error.c compare.c search.c \
controls.c messages.c references.c extended.c cyrus.c \
modify.c add.c modrdn.c delete.c abandon.c \
- sasl.c sbind.c kbind.c unbind.c cancel.c \
+ sasl.c sbind.c unbind.c cancel.c \
filter.c free.c sort.c passwd.c whoami.c \
getdn.c getentry.c getattr.c getvalues.c addentry.c \
request.c os-ip.c url.c pagectrl.c sortctrl.c vlvctrl.c \
init.c options.c print.c string.c util-int.c schema.c \
charray.c tls.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \
- turn.c ppolicy.c dds.c txn.c
+ turn.c ppolicy.c dds.c txn.c ldap_sync.c
OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \
controls.lo messages.lo references.lo extended.lo cyrus.lo \
modify.lo add.lo modrdn.lo delete.lo abandon.lo \
- sasl.lo sbind.lo kbind.lo unbind.lo cancel.lo \
+ sasl.lo sbind.lo unbind.lo cancel.lo \
filter.lo free.lo sort.lo passwd.lo whoami.lo \
getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
request.lo os-ip.lo url.lo pagectrl.lo sortctrl.lo vlvctrl.lo \
init.lo options.lo print.lo string.lo util-int.lo schema.lo \
charray.lo tls.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \
- turn.lo ppolicy.lo dds.lo txn.lo
+ turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo
LDAP_INCDIR= ../../include
LDAP_LIBDIR= ../../libraries
diff --git a/libraries/libldap/abandon.c b/libraries/libldap/abandon.c
index c03d9264d6fb22ad6462371face307119d523bfc..43e2f342c8826207f9c0e59405e8a9208d8360c1 100644
--- a/libraries/libldap/abandon.c
+++ b/libraries/libldap/abandon.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -16,14 +16,6 @@
/* Portions Copyright (c) 1990 Regents of the University of Michigan.
* All rights reserved.
*/
-/* Portions Copyright (C) The Internet Society (1997).
- * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
- */
-
-/*
- * An abandon request looks like this:
- * AbandonRequest ::= MessageID
- */
#include "portable.h"
@@ -37,12 +29,20 @@
#include "ldap-int.h"
-static int do_abandon LDAP_P((
+/*
+ * An abandon request looks like this:
+ * AbandonRequest ::= [APPLICATION 16] MessageID
+ * and has no response. (Source: RFC 4511)
+ */
+#include "lutil.h"
+
+static int
+do_abandon(
LDAP *ld,
ber_int_t origid,
ber_int_t msgid,
LDAPControl **sctrls,
- LDAPControl **cctrls));
+ int sendabandon );
/*
* ldap_abandon_ext - perform an ldap extended abandon operation.
@@ -66,20 +66,24 @@ ldap_abandon_ext(
LDAPControl **sctrls,
LDAPControl **cctrls )
{
- int rc;
+ int rc;
+
Debug( LDAP_DEBUG_TRACE, "ldap_abandon_ext %d\n", msgid, 0, 0 );
/* check client controls */
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
#endif
+
rc = ldap_int_client_controls( ld, cctrls );
- if( rc == LDAP_SUCCESS )
- rc = do_abandon( ld, msgid, msgid, sctrls, cctrls );
+ if ( rc == LDAP_SUCCESS ) {
+ rc = do_abandon( ld, msgid, msgid, sctrls, 1 );
+ }
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
#endif
+
return rc;
}
@@ -104,36 +108,55 @@ ldap_abandon( LDAP *ld, int msgid )
}
+int
+ldap_pvt_discard(
+ LDAP *ld,
+ ber_int_t msgid )
+{
+ int rc;
+
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
+#endif
+
+ rc = do_abandon( ld, msgid, msgid, NULL, 0 );
+
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
+#endif
+
+ return rc;
+}
+
static int
do_abandon(
LDAP *ld,
ber_int_t origid,
ber_int_t msgid,
LDAPControl **sctrls,
- LDAPControl **cctrls )
+ int sendabandon )
{
BerElement *ber;
- int i, err, sendabandon;
- ber_int_t *old_abandon;
+ int i, err;
Sockbuf *sb;
LDAPRequest *lr;
Debug( LDAP_DEBUG_TRACE, "do_abandon origid %d, msgid %d\n",
origid, msgid, 0 );
- sendabandon = 1;
-
/* find the request that we are abandoning */
start_again:;
lr = ld->ld_requests;
while ( lr != NULL ) {
- if ( lr->lr_msgid == msgid ) { /* this message */
+ /* this message */
+ if ( lr->lr_msgid == msgid ) {
break;
}
- if ( lr->lr_origid == msgid ) {/* child: abandon it */
- (void)do_abandon( ld,
- lr->lr_origid, lr->lr_msgid, sctrls, cctrls );
+ /* child: abandon it */
+ if ( lr->lr_origid == msgid && !lr->lr_abandoned ) {
+ (void)do_abandon( ld, lr->lr_origid, lr->lr_msgid,
+ sctrls, sendabandon );
/* restart, as lr may now be dangling... */
goto start_again;
@@ -154,9 +177,9 @@ start_again:;
}
}
-/* ldap_msgdelete locks the res_mutex. Give up the req_mutex
- * while we're in there.
- */
+ /* ldap_msgdelete locks the res_mutex. Give up the req_mutex
+ * while we're in there.
+ */
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
#endif
@@ -172,7 +195,8 @@ start_again:;
/* fetch again the request that we are abandoning */
if ( lr != NULL ) {
for ( lr = ld->ld_requests; lr != NULL; lr = lr->lr_next ) {
- if ( lr->lr_msgid == msgid ) { /* this message */
+ /* this message */
+ if ( lr->lr_msgid == msgid ) {
break;
}
}
@@ -180,22 +204,23 @@ start_again:;
err = 0;
if ( sendabandon ) {
- if( ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_GET_FD, NULL ) == -1 ) {
+ if ( ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_GET_FD, NULL ) == -1 ) {
/* not connected */
err = -1;
ld->ld_errno = LDAP_SERVER_DOWN;
- } else if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
- /* BER element alocation failed */
+ } else if ( ( ber = ldap_alloc_ber_with_options( ld ) ) == NULL ) {
+ /* BER element allocation failed */
err = -1;
ld->ld_errno = LDAP_NO_MEMORY;
} else {
- /*
- * We already have the mutex in LDAP_R_COMPILE, so
- * don't try to get it again.
- * LDAP_NEXT_MSGID(ld, i);
- */
+ /*
+ * We already have the mutex in LDAP_R_COMPILE, so
+ * don't try to get it again.
+ * LDAP_NEXT_MSGID(ld, i);
+ */
+
i = ++(ld)->ld_msgid;
#ifdef LDAP_CONNECTIONLESS
if ( LDAP_IS_UDP(ld) ) {
@@ -219,7 +244,7 @@ start_again:;
LDAP_REQ_ABANDON, msgid );
}
- if( err == -1 ) {
+ if ( err == -1 ) {
/* encoding error */
ld->ld_errno = LDAP_ENCODING_ERROR;
@@ -234,7 +259,7 @@ start_again:;
/* close '{' */
err = ber_printf( ber, /*{*/ "N}" );
- if( err == -1 ) {
+ if ( err == -1 ) {
/* encoding error */
ld->ld_errno = LDAP_ENCODING_ERROR;
}
@@ -267,8 +292,12 @@ start_again:;
if ( sendabandon || lr->lr_status == LDAP_REQST_WRITING ) {
ldap_free_connection( ld, lr->lr_conn, 0, 1 );
}
+
if ( origid == msgid ) {
ldap_free_request( ld, lr );
+
+ } else {
+ lr->lr_abandoned = 1;
}
}
@@ -278,34 +307,173 @@ start_again:;
ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
ldap_pvt_thread_mutex_lock( &ld->ld_res_mutex );
#endif
- i = 0;
- if ( ld->ld_abandoned != NULL ) {
- for ( ; ld->ld_abandoned[i] != -1; i++ )
- ; /* NULL */
- }
-
- old_abandon = ld->ld_abandoned;
- ld->ld_abandoned = (ber_int_t *) LDAP_REALLOC( (char *)
- ld->ld_abandoned, (i + 2) * sizeof(ber_int_t) );
-
- if ( ld->ld_abandoned == NULL ) {
- ld->ld_abandoned = old_abandon;
- ld->ld_errno = LDAP_NO_MEMORY;
- goto done;
+ /* use bisection */
+ i = 0;
+ if ( ld->ld_nabandoned == 0 ||
+ ldap_int_bisect_find( ld->ld_abandoned, ld->ld_nabandoned, msgid, &i ) == 0 )
+ {
+ ldap_int_bisect_insert( &ld->ld_abandoned, &ld->ld_nabandoned, msgid, i );
}
- ld->ld_abandoned[i] = msgid;
- ld->ld_abandoned[i + 1] = -1;
-
if ( err != -1 ) {
ld->ld_errno = LDAP_SUCCESS;
}
-done:;
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_unlock( &ld->ld_res_mutex );
ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
#endif
return( ld->ld_errno );
}
+
+/*
+ * ldap_int_bisect_find
+ *
+ * args:
+ * v: array of length n (in)
+ * n: length of array v (in)
+ * id: value to look for (in)
+ * idxp: pointer to location of value/insert point
+ *
+ * return:
+ * 0: not found
+ * 1: found
+ * -1: error
+ */
+int
+ldap_int_bisect_find( ber_int_t *v, ber_len_t n, ber_int_t id, int *idxp )
+{
+ int begin,
+ end,
+ rc = 0;
+
+ assert( n >= 0 );
+ assert( id >= 0 );
+
+ begin = 0;
+ end = n - 1;
+
+ if ( n > 0 ) {
+ if ( id < v[ begin ] ) {
+ *idxp = 0;
+
+ } else if ( id > v[ end ] ) {
+ *idxp = n;
+
+ } else {
+ int pos;
+ ber_int_t curid;
+
+ while ( end >= begin ) {
+ pos = (begin + end)/2;
+ curid = v[ pos ];
+
+ if ( id < curid ) {
+ end = pos - 1;
+
+ } else if ( id > curid ) {
+ begin = pos + 1;
+
+ } else {
+ /* already abandoned? */
+ *idxp = pos;
+ rc = 1;
+ break;
+ }
+ }
+
+ if ( rc == 0 ) {
+ *idxp = pos + ( id > curid ? 1 : 0 );
+ }
+ }
+
+ } else {
+ *idxp = 0;
+ }
+
+ return rc;
+}
+
+/*
+ * ldap_int_bisect_insert
+ *
+ * args:
+ * vp: pointer to array of length *np (in/out)
+ * np: pointer to length of array *vp (in/out)
+ * id: value to insert (in)
+ * idx: location of insert point (as computed by ldap_int_bisect_find())
+ *
+ * return:
+ * 0: inserted
+ * -1: error
+ */
+int
+ldap_int_bisect_insert( ber_int_t **vp, ber_len_t *np, int id, int idx )
+{
+ ber_int_t *v;
+ ber_len_t n;
+ int i;
+
+ assert( vp != NULL );
+ assert( np != NULL );
+ assert( *np >= 0 );
+ assert( idx >= 0 );
+ assert( idx <= *np );
+
+ n = *np;
+
+ v = ber_memrealloc( *vp, sizeof( ber_int_t ) * ( n + 1 ) );
+ if ( v == NULL ) {
+ return -1;
+ }
+ *vp = v;
+
+ for ( i = n; i > idx; i-- ) {
+ v[ i ] = v[ i - 1 ];
+ }
+ v[ idx ] = id;
+ ++(*np);
+
+ return 0;
+}
+
+/*
+ * ldap_int_bisect_delete
+ *
+ * args:
+ * vp: pointer to array of length *np (in/out)
+ * np: pointer to length of array *vp (in/out)
+ * id: value to delete (in)
+ * idx: location of value to delete (as computed by ldap_int_bisect_find())
+ *
+ * return:
+ * 0: deleted
+ */
+int
+ldap_int_bisect_delete( ber_int_t **vp, ber_len_t *np, int id, int idx )
+{
+ ber_int_t *v;
+ ber_len_t n;
+ int i;
+
+ assert( vp != NULL );
+ assert( np != NULL );
+ assert( *np >= 0 );
+ assert( idx >= 0 );
+ assert( idx < *np );
+
+ v = *vp;
+
+ assert( v[ idx ] == id );
+
+ --(*np);
+ n = *np;
+
+ for ( i = idx; i < n; i++ ) {
+ v[ i ] = v[ i + 1 ];
+ }
+
+ return 0;
+}
+
diff --git a/libraries/libldap/add.c b/libraries/libldap/add.c
index 3f4487354cea426c952c91aa1c9d02be5a1e7bd5..f36dfc8a0f05269be3fae9acdf0ebdbd62437959 100644
--- a/libraries/libldap/add.c
+++ b/libraries/libldap/add.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -16,20 +16,6 @@
/* Portions Copyright (c) 1990 Regents of the University of Michigan.
* All rights reserved.
*/
-/* Portions Copyright (C) The Internet Society (1997).
- * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
- */
-
-/*
- * An add request looks like this:
- * AddRequest ::= SEQUENCE {
- * entry DistinguishedName,
- * attrs SEQUENCE OF SEQUENCE {
- * type AttributeType,
- * values SET OF AttributeValue
- * }
- * }
- */
#include "portable.h"
@@ -41,6 +27,30 @@
#include "ldap-int.h"
+/* An LDAP Add Request/Response looks like this:
+ * AddRequest ::= [APPLICATION 8] SEQUENCE {
+ * entry LDAPDN,
+ * attributes AttributeList }
+ *
+ * AttributeList ::= SEQUENCE OF attribute Attribute
+ *
+ * Attribute ::= PartialAttribute(WITH COMPONENTS {
+ * ...,
+ * vals (SIZE(1..MAX))})
+ *
+ * PartialAttribute ::= SEQUENCE {
+ * type AttributeDescription,
+ * vals SET OF value AttributeValue }
+ *
+ * AttributeDescription ::= LDAPString
+ * -- Constrained to <attributedescription> [RFC4512]
+ *
+ * AttributeValue ::= OCTET STRING
+ *
+ * AddResponse ::= [APPLICATION 9] LDAPResult
+ * (Source: RFC 4511)
+ */
+
/*
* ldap_add - initiate an ldap add operation. Parameters:
*
@@ -198,7 +208,7 @@ ldap_add_ext_s(
if ( rc != LDAP_SUCCESS )
return( rc );
- if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, &res ) == -1 )
+ if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, &res ) == -1 || !res )
return( ld->ld_errno );
return( ldap_result2error( ld, res, 1 ) );
diff --git a/libraries/libldap/addentry.c b/libraries/libldap/addentry.c
index 58e90856db68d614d29ead6684d2b2d2bfb35797..229524cd2ee2f98c1bed6e469e29371e46ef7bea 100644
--- a/libraries/libldap/addentry.c
+++ b/libraries/libldap/addentry.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/libldap/apitest.c b/libraries/libldap/apitest.c
index 158fe14be0be84bffb81b4fc818f18bba09ecc06..9b893e2da9a7f32a5bdcaae4e43fe4433c9b0674 100644
--- a/libraries/libldap/apitest.c
+++ b/libraries/libldap/apitest.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* All rights reserved.
*
diff --git a/libraries/libldap/bind.c b/libraries/libldap/bind.c
index 91d682bc69ed213f6b4bd3325368b150d3b78ffe..4305d313d42d66ea11627e734d29fe4a6449602d 100644
--- a/libraries/libldap/bind.c
+++ b/libraries/libldap/bind.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -16,9 +16,19 @@
/* Portions Copyright (c) 1990 Regents of the University of Michigan.
* All rights reserved.
*/
-/* Portions Copyright (C) The Internet Society (1997)
- * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
- */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+#include "ldap_log.h"
/*
* BindRequest ::= SEQUENCE {
@@ -26,10 +36,8 @@
* name DistinguishedName, -- who
* authentication CHOICE {
* simple [0] OCTET STRING -- passwd
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
- * krbv42ldap [1] OCTET STRING
- * krbv42dsa [2] OCTET STRING
-#endif
+ * krbv42ldap [1] OCTET STRING -- OBSOLETE
+ * krbv42dsa [2] OCTET STRING -- OBSOLETE
* sasl [3] SaslCredentials -- LDAPv3
* }
* }
@@ -39,27 +47,14 @@
* serverSaslCreds OCTET STRING OPTIONAL -- LDAPv3
* }
*
+ * (Source: RFC 2251)
*/
-#include "portable.h"
-
-#include <stdio.h>
-
-#include <ac/stdlib.h>
-
-#include <ac/socket.h>
-#include <ac/string.h>
-#include <ac/time.h>
-
-#include "ldap-int.h"
-#include "ldap_log.h"
-
/*
* ldap_bind - bind to the ldap server (and X.500). The dn and password
* of the entry to which to bind are supplied, along with the authentication
* method to use. The msgid of the bind request is returned on success,
- * -1 if there's trouble. Note, the kerberos support assumes the user already
- * has a valid tgt for now. ldap_result() should be called to find out the
+ * -1 if there's trouble. ldap_result() should be called to find out the
* outcome of the bind request.
*
* Example:
@@ -76,14 +71,6 @@ ldap_bind( LDAP *ld, LDAP_CONST char *dn, LDAP_CONST char *passwd, int authmetho
case LDAP_AUTH_SIMPLE:
return( ldap_simple_bind( ld, dn, passwd ) );
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
- case LDAP_AUTH_KRBV41:
- return( ldap_kerberos_bind1( ld, dn ) );
-
- case LDAP_AUTH_KRBV42:
- return( ldap_kerberos_bind2( ld, dn ) );
-#endif
-
case LDAP_AUTH_SASL:
/* user must use ldap_sasl_bind */
/* FALL-THRU */
@@ -99,8 +86,7 @@ ldap_bind( LDAP *ld, LDAP_CONST char *dn, LDAP_CONST char *passwd, int authmetho
* of the entry to which to bind are supplied, along with the authentication
* method to use. This routine just calls whichever bind routine is
* appropriate and returns the result of the bind (e.g. LDAP_SUCCESS or
- * some other error indication). Note, the kerberos support assumes the
- * user already has a valid tgt for now.
+ * some other error indication).
*
* Examples:
* ldap_bind_s( ld, "cn=manager, o=university of michigan, c=us",
@@ -121,17 +107,6 @@ ldap_bind_s(
case LDAP_AUTH_SIMPLE:
return( ldap_simple_bind_s( ld, dn, passwd ) );
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
- case LDAP_AUTH_KRBV4:
- return( ldap_kerberos_bind_s( ld, dn ) );
-
- case LDAP_AUTH_KRBV41:
- return( ldap_kerberos_bind1_s( ld, dn ) );
-
- case LDAP_AUTH_KRBV42:
- return( ldap_kerberos_bind2_s( ld, dn ) );
-#endif
-
case LDAP_AUTH_SASL:
/* user must use ldap_sasl_bind */
/* FALL-THRU */
diff --git a/libraries/libldap/cancel.c b/libraries/libldap/cancel.c
index 1d9b4c0546a5a07c2b303699aff77bed6d1072fa..f7710a0d929c43f35d8359dac3f507ebc8208c3f 100644
--- a/libraries/libldap/cancel.c
+++ b/libraries/libldap/cancel.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/libldap/charray.c b/libraries/libldap/charray.c
index a6a9b2697139b8e064cf9f1b6967f8537dea9785..faec6dcc1a3addea5697dddc5688507f2443f0f7 100644
--- a/libraries/libldap/charray.c
+++ b/libraries/libldap/charray.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/libldap/compare.c b/libraries/libldap/compare.c
index 18db9c31986a0e696464c0b5d20df882368f6c79..0eb5155eb77d73a61b1895fa4635cb75a1d62bd0 100644
--- a/libraries/libldap/compare.c
+++ b/libraries/libldap/compare.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -15,19 +15,6 @@
/* Portions Copyright (c) 1990 Regents of the University of Michigan.
* All rights reserved.
*/
-/* Portions Copyright (C) The Internet Society (1997)
- * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
- */
-
-/* The compare request looks like this:
- * CompareRequest ::= SEQUENCE {
- * entry DistinguishedName,
- * ava SEQUENCE {
- * type AttributeType,
- * value AttributeValue
- * }
- * }
- */
#include "portable.h"
@@ -40,6 +27,16 @@
#include "ldap-int.h"
#include "ldap_log.h"
+/* The compare request looks like this:
+ * CompareRequest ::= SEQUENCE {
+ * entry DistinguishedName,
+ * ava SEQUENCE {
+ * type AttributeType,
+ * value AttributeValue
+ * }
+ * }
+ */
+
/*
* ldap_compare_ext - perform an ldap extended compare operation. The dn
* of the entry to compare to and the attribute and value to compare (in
@@ -156,7 +153,7 @@ ldap_compare_ext_s(
if ( rc != LDAP_SUCCESS )
return( rc );
- if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, &res ) == -1 )
+ if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, &res ) == -1 || !res )
return( ld->ld_errno );
return( ldap_result2error( ld, res, 1 ) );
diff --git a/libraries/libldap/controls.c b/libraries/libldap/controls.c
index ad8384e9c3abaf57374b411a9d163214a007595d..faca9839ecbf4fb7c1258239200246e720f305c0 100644
--- a/libraries/libldap/controls.c
+++ b/libraries/libldap/controls.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -30,9 +30,15 @@
* can be found in the file "build/LICENSE-2.0.1" in this distribution
* of OpenLDAP Software.
*/
-/* Portions Copyright (C) The Internet Society (2006)
- * ASN.1 fragments are from RFC 4511; see RFC for full legal notices.
- */
+
+#include "portable.h"
+
+#include <ac/stdlib.h>
+
+#include <ac/time.h>
+#include <ac/string.h>
+
+#include "ldap-int.h"
/* LDAPv3 Controls (RFC 4511)
*
@@ -45,16 +51,6 @@
* }
*/
-#include "portable.h"
-
-#include <ac/stdlib.h>
-
-#include <ac/time.h>
-#include <ac/string.h>
-
-#include "ldap-int.h"
-
-
/*
* ldap_int_put_controls
*/
diff --git a/libraries/libldap/cyrus.c b/libraries/libldap/cyrus.c
index 52ade28cac059bef59924fdbd1eff9f71dfee2b1..5e413c2451873f12ecf5d7fa0441752940a3a4ba 100644
--- a/libraries/libldap/cyrus.c
+++ b/libraries/libldap/cyrus.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -165,7 +165,7 @@ sb_sasl_setup( Sockbuf_IO_Desc *sbiod, void *arg )
return -1;
}
sasl_getprop( p->sasl_context, SASL_MAXOUTBUF,
- (SASL_CONST void **) &p->sasl_maxbuf );
+ (SASL_CONST void **)(char *) &p->sasl_maxbuf );
sbiod->sbiod_pvt = p;
@@ -847,7 +847,7 @@ ldap_int_sasl_bind(
if( flags != LDAP_SASL_QUIET ) {
saslrc = sasl_getprop( ctx, SASL_USERNAME,
- (SASL_CONST void **) &data );
+ (SASL_CONST void **)(char *) &data );
if( saslrc == SASL_OK && data && *data ) {
fprintf( stderr, "SASL username: %s\n", data );
}
@@ -861,7 +861,7 @@ ldap_int_sasl_bind(
#endif
}
- saslrc = sasl_getprop( ctx, SASL_SSF, (SASL_CONST void **) &ssf );
+ saslrc = sasl_getprop( ctx, SASL_SSF, (SASL_CONST void **)(char *) &ssf );
if( saslrc == SASL_OK ) {
if( flags != LDAP_SASL_QUIET ) {
fprintf( stderr, "SASL SSF: %lu\n",
@@ -1158,7 +1158,7 @@ ldap_int_sasl_get_option( LDAP *ld, int option, void *arg )
}
sc = sasl_getprop( ctx, SASL_SSF,
- (SASL_CONST void **) &ssf );
+ (SASL_CONST void **)(char *) &ssf );
if ( sc != SASL_OK ) {
return -1;
@@ -1265,7 +1265,7 @@ void *ldap_pvt_sasl_mutex_new(void)
{
ldap_pvt_thread_mutex_t *mutex;
- mutex = (ldap_pvt_thread_mutex_t *) LDAP_MALLOC(
+ mutex = (ldap_pvt_thread_mutex_t *) LDAP_CALLOC( 1,
sizeof(ldap_pvt_thread_mutex_t) );
if ( ldap_pvt_thread_mutex_init( mutex ) == 0 ) {
diff --git a/libraries/libldap/dds.c b/libraries/libldap/dds.c
index 6897054590e52a249235e7aa7c6fdcfcc623e536..88ec16f4bd13a15cd8592d83aee36ce2e3c2e16f 100644
--- a/libraries/libldap/dds.c
+++ b/libraries/libldap/dds.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2005-2006 The OpenLDAP Foundation.
+ * Copyright 2005-2007 The OpenLDAP Foundation.
* Portions Copyright 2005-2006 SysNet s.n.c.
* All rights reserved.
*
@@ -142,7 +142,7 @@ ldap_refresh_s(
if ( rc != LDAP_SUCCESS ) return rc;
rc = ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *)NULL, &res );
- if( rc == -1 ) return ld->ld_errno;
+ if( rc == -1 || !res ) return ld->ld_errno;
rc = ldap_parse_refresh( ld, res, newttl );
if( rc != LDAP_SUCCESS ) {
diff --git a/libraries/libldap/delete.c b/libraries/libldap/delete.c
index 2226ff61c8ff103e5072d42949c7066ed9b2f94f..0e51608a68685a3d317dc1e027b8171567eec5c1 100644
--- a/libraries/libldap/delete.c
+++ b/libraries/libldap/delete.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -15,15 +15,6 @@
/* Portions Copyright (c) 1990 Regents of the University of Michigan.
* All rights reserved.
*/
-/*
- * Portions Copyright (C) The Internet Society (1997)
- * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
- */
-
-/*
- * A delete request looks like this:
- * DelRequet ::= DistinguishedName,
- */
#include "portable.h"
@@ -35,6 +26,12 @@
#include "ldap-int.h"
+/*
+ * A delete request looks like this:
+ * DelRequet ::= DistinguishedName,
+ */
+
+
/*
* ldap_delete_ext - initiate an ldap extended delete operation. Parameters:
*
@@ -123,7 +120,7 @@ ldap_delete_ext_s(
if( rc != LDAP_SUCCESS )
return( ld->ld_errno );
- if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, &res ) == -1 )
+ if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, &res ) == -1 || !res )
return( ld->ld_errno );
return( ldap_result2error( ld, res, 1 ) );
diff --git a/libraries/libldap/dnssrv.c b/libraries/libldap/dnssrv.c
index 09e3936cc38544f816a4649ed8946f3aef68c97e..c7a22401a248cee47698dd11a52359525ad43c22 100644
--- a/libraries/libldap/dnssrv.c
+++ b/libraries/libldap/dnssrv.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/libldap/dntest.c b/libraries/libldap/dntest.c
index ea6e95e3ff2402b7fa4d60f2fddda34d3b9d7788..9c53ce92166d8925b74554d645e607d82affbd65 100644
--- a/libraries/libldap/dntest.c
+++ b/libraries/libldap/dntest.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/libldap/error.c b/libraries/libldap/error.c
index ac28ccc880138617822cae3a23fb16c7e06d8de9..98e142294f6ac64743c707f253989acbebda0200 100644
--- a/libraries/libldap/error.c
+++ b/libraries/libldap/error.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -12,9 +12,6 @@
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
-/* Portions Copyright (C) The Internet Society (1997)
- * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
- */
#include "portable.h"
diff --git a/libraries/libldap/extended.c b/libraries/libldap/extended.c
index 6afc1d7f63087cd56f060a112bab2a5154aeae3c..644180de0ecf0662291c4363544fb5131e8f54f5 100644
--- a/libraries/libldap/extended.c
+++ b/libraries/libldap/extended.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -12,9 +12,18 @@
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
-/* Portions Copyright (C) The Internet Society (1997).
- * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
- */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/stdlib.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+#include "ldap_log.h"
/*
* LDAPv3 Extended Operation Request
@@ -30,20 +39,9 @@
* response [11] OCTET STRING OPTIONAL
* }
*
+ * (Source RFC 4511)
*/
-#include "portable.h"
-
-#include <stdio.h>
-#include <ac/stdlib.h>
-
-#include <ac/socket.h>
-#include <ac/string.h>
-#include <ac/time.h>
-
-#include "ldap-int.h"
-#include "ldap_log.h"
-
int
ldap_extended_operation(
LDAP *ld,
@@ -140,7 +138,7 @@ ldap_extended_operation_s(
return( rc );
}
- if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, &res ) == -1 ) {
+ if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, &res ) == -1 || !res ) {
return( ld->ld_errno );
}
diff --git a/libraries/libldap/filter.c b/libraries/libldap/filter.c
index c6453a09fa47cb6ff6df7289abcbb875ef5bc6cb..6709540885ea4080d5b5431536588afd6201e46c 100644
--- a/libraries/libldap/filter.c
+++ b/libraries/libldap/filter.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -16,9 +16,6 @@
/* Portions Copyright (c) 1990 Regents of the University of Michigan.
* All rights reserved.
*/
-/* Portions Copyright (C) The Internet Society (2006)
- * ASN.1 fragments are from RFC 4511; see RFC for full legal notices.
- */
#include "portable.h"
@@ -425,6 +422,10 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in )
parens--;
break;
+ case '(':
+ rc = -1;
+ goto done;
+
default:
Debug( LDAP_DEBUG_TRACE, "put_filter: simple\n",
0, 0, 0 );
@@ -497,9 +498,11 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in )
str = next;
break;
}
+ if ( !parens )
+ break;
}
- rc = parens ? -1 : 0;
+ rc = ( parens || *str ) ? -1 : 0;
done:
LDAP_FREE( freeme );
@@ -804,6 +807,8 @@ put_vrFilter( BerElement *ber, const char *str_in )
* matchingRule [1] MatchingRuleId OPTIONAL,
* type [2] AttributeDescription OPTIONAL,
* matchValue [3] AssertionValue }
+ *
+ * (Source: RFC 3876)
*/
Debug( LDAP_DEBUG_TRACE, "put_vrFilter: \"%s\"\n", str_in, 0, 0 );
diff --git a/libraries/libldap/free.c b/libraries/libldap/free.c
index 82ad23514ae31f76a0ead0140808b23a623cc538..2a9392947e7d59ae84583d8f84f47cd558a45548 100644
--- a/libraries/libldap/free.c
+++ b/libraries/libldap/free.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/libldap/ftest.c b/libraries/libldap/ftest.c
index e7c1c8be79b68c687f95a5068b813c817a743507..bb8e180bcd427e7b0c1b37b42b296654309ae09a 100644
--- a/libraries/libldap/ftest.c
+++ b/libraries/libldap/ftest.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -38,7 +38,7 @@ int usage()
{
fprintf( stderr, "usage:\n"
" ftest [-d n] filter\n"
- " filter - RFC 2254 string representation of an "
+ " filter - RFC 4515 string representation of an "
"LDAP search filter\n" );
return EXIT_FAILURE;
}
diff --git a/libraries/libldap/getattr.c b/libraries/libldap/getattr.c
index 41ce3e86b15b2b662f05f577fb1d180858d420ed..eca6fb464a7fb96bbbb4c25975abe5513077584b 100644
--- a/libraries/libldap/getattr.c
+++ b/libraries/libldap/getattr.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/libldap/getdn.c b/libraries/libldap/getdn.c
index 389dd0a03c4e0f7c4f0b5b722cd9553511066996..161beca9f0a8ee7b9ecb1896f7597e1144855447 100644
--- a/libraries/libldap/getdn.c
+++ b/libraries/libldap/getdn.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -337,16 +337,15 @@ ldap_dn2ad_canonical( LDAP_CONST char *dn )
* from ( fin & LDAP_DN_FORMAT_MASK ) to ( fout & LDAP_DN_FORMAT_MASK )
*
* fin can be one of:
- * LDAP_DN_FORMAT_LDAP (rfc 2253 and ldapbis liberal,
- * plus some rfc 1779)
- * LDAP_DN_FORMAT_LDAPV3 (rfc 2253 and ldapbis)
- * LDAP_DN_FORMAT_LDAPV2 (rfc 1779)
+ * LDAP_DN_FORMAT_LDAP (RFC 4514 liberal, plus some RFC 1779)
+ * LDAP_DN_FORMAT_LDAPV3 (RFC 4514)
+ * LDAP_DN_FORMAT_LDAPV2 (RFC 1779)
* LDAP_DN_FORMAT_DCE (?)
*
* fout can be any of the above except
* LDAP_DN_FORMAT_LDAP
* plus:
- * LDAP_DN_FORMAT_UFN (rfc 1781, partial and with extensions)
+ * LDAP_DN_FORMAT_UFN (RFC 1781, partial and with extensions)
* LDAP_DN_FORMAT_AD_CANONICAL (?)
*/
int
@@ -433,14 +432,14 @@ ldap_dn_normalize( LDAP_CONST char *dnin,
#define LDAP_DN_VALUE_END(c) \
( LDAP_DN_RDN_SEP(c) || LDAP_DN_AVA_SEP(c) )
-/* NOTE: according to draft-ietf-ldapbis-dn, '=' can be escaped
- * and treated as special, i.e. escaped both as "\<hexpair>" and
- * as "\=", but it is treated as a regular char, i.e. it can also
- * appear as '='.
+/* NOTE: according to RFC 4514, '=' can be escaped and treated as special,
+ * i.e. escaped both as "\<hexpair>" and * as "\=", but it is treated as
+ * a regular char, i.e. it can also appear as '='.
*
- * As such, in 2.2 we used to allow reading unescaped '=',
- * but we always produced escaped '\3D'; this changes
- * since 2.3, if compatibility issues do not arise */
+ * As such, in 2.2 we used to allow reading unescaped '=', but we always
+ * produced escaped '\3D'; this changes since 2.3, if compatibility issues
+ * do not arise
+ */
#define LDAP_DN_NE(c) \
( LDAP_DN_RDN_SEP_V2(c) || LDAP_DN_AVA_SEP(c) \
|| LDAP_DN_QUOTES(c) \
@@ -1003,15 +1002,8 @@ ldap_bv2rdn_x( struct berval *bv, LDAPRDN *rdn,
* an AttributeType can be encoded as:
* - its string representation; in detail, implementations
* MUST recognize AttributeType string type names listed
- * in section 2.3 of draft-ietf-ldapbis-dn-XX.txt, and
- * MAY recognize other names.
- * - its numeric OID (a dotted decimal string); in detail
- * RFC 2253 asserts that ``Implementations MUST allow
- * an oid in the attribute type to be prefixed by one
- * of the character strings "oid." or "OID."''. As soon
- * as draft-ietf-ldapbis-dn-XX.txt obsoletes RFC 2253
- * I'm not sure whether this is required or not any
- * longer; to be liberal, we still implement it.
+ * in Section 3 of RFC 4514, and MAY recognize other names.
+ * - its numeric OID (a dotted decimal string)
*/
case B4AVA:
if ( LDAP_DN_ASCII_SPACE( p[ 0 ] ) ) {
@@ -1111,9 +1103,8 @@ ldap_bv2rdn_x( struct berval *bv, LDAPRDN *rdn,
if ( LDAP_DN_LANG_SEP( p[ 0 ] ) ) {
/*
- * RFC 2253 does not explicitly
- * allow lang extensions to attribute
- * types in DNs ...
+ * RFC 4514 explicitly does not allow attribute
+ * description options, such as language tags.
*/
if ( flags & LDAP_DN_PEDANTIC ) {
goto parsing_error;
@@ -1233,7 +1224,7 @@ ldap_bv2rdn_x( struct berval *bv, LDAPRDN *rdn,
}
/*
- * here STRING means RFC 2253 string
+ * here STRING means RFC 4514 string
* FIXME: what about DCE strings?
*/
if ( !p[ 0 ] ) {
@@ -2025,7 +2016,7 @@ static int
strval2strlen( struct berval *val, unsigned flags, ber_len_t *len )
{
ber_len_t l, cl = 1;
- char *p;
+ char *p, *end;
int escaped_byte_len = LDAP_DN_IS_PRETTY( flags ) ? 1 : 3;
#ifdef PRETTY_ESCAPE
int escaped_ascii_len = LDAP_DN_IS_PRETTY( flags ) ? 2 : 3;
@@ -2039,7 +2030,8 @@ strval2strlen( struct berval *val, unsigned flags, ber_len_t *len )
return( 0 );
}
- for ( l = 0, p = val->bv_val; p < val->bv_val + val->bv_len; p += cl ) {
+ end = val->bv_val + val->bv_len - 1;
+ for ( l = 0, p = val->bv_val; p <= end; p += cl ) {
/*
* escape '%x00'
@@ -2068,7 +2060,7 @@ strval2strlen( struct berval *val, unsigned flags, ber_len_t *len )
} else if ( LDAP_DN_NEEDESCAPE( p[ 0 ] )
|| LDAP_DN_SHOULDESCAPE( p[ 0 ] )
|| ( p == val->bv_val && LDAP_DN_NEEDESCAPE_LEAD( p[ 0 ] ) )
- || ( !p[ 1 ] && LDAP_DN_NEEDESCAPE_TRAIL( p[ 0 ] ) ) ) {
+ || ( p == end && LDAP_DN_NEEDESCAPE_TRAIL( p[ 0 ] ) ) ) {
#ifdef PRETTY_ESCAPE
#if 0
if ( LDAP_DN_WILLESCAPE_HEX( flags, p[ 0 ] ) ) {
@@ -3378,7 +3370,7 @@ ldap_X509dn2bv( void *x509_name, struct berval *bv, LDAPDN_rewrite_func *func,
if ( newDN == NULL )
return LDAP_NO_MEMORY;
} else {
- newDN = (LDAPDN)ptrs;
+ newDN = (LDAPDN)(char *)ptrs;
}
newDN[nrdns] = NULL;
@@ -3510,7 +3502,7 @@ nomem:
if ( oidsize != 0 )
LDAP_FREE( oidbuf );
- if ( newDN != (LDAPDN) ptrs )
+ if ( newDN != (LDAPDN)(char *) ptrs )
LDAP_FREE( newDN );
return rc;
}
diff --git a/libraries/libldap/getentry.c b/libraries/libldap/getentry.c
index a03e9c884c2b7610f1a561d7c60ac851e2c558b8..f653194f8780749e8c3ae816aea8ce268ded18a1 100644
--- a/libraries/libldap/getentry.c
+++ b/libraries/libldap/getentry.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/libldap/getvalues.c b/libraries/libldap/getvalues.c
index de0b64b58f0c41eb628fc2327fc6bcba0e874bf0..a3763f7bfc62a3445eb3c8eaeb35f1602903e83e 100644
--- a/libraries/libldap/getvalues.c
+++ b/libraries/libldap/getvalues.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/libldap/init.c b/libraries/libldap/init.c
index 3e0b2b2b061fe4e99593b24a211f9f9fd846f145..345eb823d3f7bf4827086a384f214ff99bcbca88 100644
--- a/libraries/libldap/init.c
+++ b/libraries/libldap/init.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -85,7 +85,10 @@ static const struct ol_attribute {
{0, ATTR_OPTION, "HOST", NULL, LDAP_OPT_HOST_NAME}, /* deprecated */
{0, ATTR_OPTION, "URI", NULL, LDAP_OPT_URI}, /* replaces HOST/PORT */
{0, ATTR_BOOL, "REFERRALS", NULL, LDAP_BOOL_REFERRALS},
+#if 0
+ /* This should only be allowed via ldap_set_option(3) */
{0, ATTR_BOOL, "RESTART", NULL, LDAP_BOOL_RESTART},
+#endif
#ifdef HAVE_CYRUS_SASL
{0, ATTR_STRING, "SASL_MECH", NULL,
@@ -256,7 +259,6 @@ static void openldap_ldap_init_w_conf(
case ATTR_OPT_TV: {
struct timeval tv;
char *next;
- tv.tv_sec = -1;
tv.tv_usec = 0;
tv.tv_sec = strtol( opt, &next, 10 );
if ( next != opt && next[ 0 ] == '\0' && tv.tv_sec > 0 ) {
@@ -441,8 +443,7 @@ ldap_int_destroy_global_options(void)
WSACleanup( );
#endif
-#if defined(LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND) \
- || defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL)
+#if defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL)
if ( ldap_int_hostname ) {
LDAP_FREE( ldap_int_hostname );
ldap_int_hostname = NULL;
@@ -474,8 +475,8 @@ void ldap_int_initialize_global_options( struct ldapoptions *gopts, int *dbglvl
gopts->ldo_timelimit = LDAP_NO_LIMIT;
gopts->ldo_sizelimit = LDAP_NO_LIMIT;
- gopts->ldo_tm_api = (struct timeval *)NULL;
- gopts->ldo_tm_net = (struct timeval *)NULL;
+ gopts->ldo_tm_api.tv_sec = -1;
+ gopts->ldo_tm_net.tv_sec = -1;
/* ldo_defludp will be freed by the termination handler
*/
@@ -526,8 +527,7 @@ void ldap_int_initialize_global_options( struct ldapoptions *gopts, int *dbglvl
return;
}
-#if defined(LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND) \
- || defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL)
+#if defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL)
char * ldap_int_hostname = NULL;
#endif
@@ -575,8 +575,7 @@ void ldap_int_initialize( struct ldapoptions *gopts, int *dbglvl )
}
#endif
-#if defined(LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND) \
- || defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL)
+#if defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL)
{
char *name = ldap_int_hostname;
diff --git a/libraries/libldap/kbind.c b/libraries/libldap/kbind.c
deleted file mode 100644
index ef21432fddcf974d585ff2ae146cfc7702b3fa07..0000000000000000000000000000000000000000
--- a/libraries/libldap/kbind.c
+++ /dev/null
@@ -1,294 +0,0 @@
-/* $OpenLDAP$ */
-/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
- *
- * Copyright 1998-2006 The OpenLDAP Foundation.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted only as authorized by the OpenLDAP
- * Public License.
- *
- * A copy of this license is available in the file LICENSE in the
- * top-level directory of the distribution or, alternatively, at
- * <http://www.OpenLDAP.org/license.html>.
- */
-/* Portions Copyright (c) 1993 Regents of the University of Michigan.
- * All rights reserved.
- */
-/* Portions Copyright (C) The Internet Society (1997)
- * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
- */
-
-/*
- * BindRequest ::= SEQUENCE {
- * version INTEGER,
- * name DistinguishedName, -- who
- * authentication CHOICE {
- * simple [0] OCTET STRING -- passwd
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
- * krbv42ldap [1] OCTET STRING
- * krbv42dsa [2] OCTET STRING
-#endif
- * sasl [3] SaslCredentials -- LDAPv3
- * }
- * }
- *
- * BindResponse ::= SEQUENCE {
- * COMPONENTS OF LDAPResult,
- * serverSaslCreds OCTET STRING OPTIONAL -- LDAPv3
- * }
- *
- */
-
-#include "portable.h"
-
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
-
-#include <stdio.h>
-#include <ac/stdlib.h>
-
-#include <ac/krb.h>
-#include <ac/socket.h>
-#include <ac/string.h>
-#include <ac/time.h>
-
-#include "ldap-int.h"
-
-/*
- * ldap_kerberos_bind1 - initiate a bind to the ldap server using
- * kerberos authentication. The dn is supplied. It is assumed the user
- * already has a valid ticket granting ticket. The msgid of the
- * request is returned on success (suitable for passing to ldap_result()),
- * -1 is returned if there's trouble.
- *
- * Example:
- * ldap_kerberos_bind1( ld, "cn=manager, o=university of michigan, c=us" )
- */
-int
-ldap_kerberos_bind1( LDAP *ld, LDAP_CONST char *dn )
-{
- BerElement *ber;
- char *cred;
- int rc;
- ber_len_t credlen;
- ber_int_t id;
-
- Debug( LDAP_DEBUG_TRACE, "ldap_kerberos_bind1\n", 0, 0, 0 );
-
- if( ld->ld_version > LDAP_VERSION2 ) {
- ld->ld_errno = LDAP_NOT_SUPPORTED;
- return -1;
- }
-
- if ( dn == NULL )
- dn = "";
-
- if ( (cred = ldap_get_kerberosv4_credentials( ld, dn, "ldapserver",
- &credlen )) == NULL ) {
- return( -1 ); /* ld_errno should already be set */
- }
-
- /* create a message to send */
- if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
- LDAP_FREE( cred );
- return( -1 );
- }
-
- LDAP_NEXT_MSGID( ld, id );
- /* fill it in */
- rc = ber_printf( ber, "{it{istoN}N}", id, LDAP_REQ_BIND,
- ld->ld_version, dn, LDAP_AUTH_KRBV41, cred, credlen );
-
- if ( rc == -1 ) {
- LDAP_FREE( cred );
- ber_free( ber, 1 );
- ld->ld_errno = LDAP_ENCODING_ERROR;
- return( -1 );
- }
-
- LDAP_FREE( cred );
-
-
- /* send the message */
- return ( ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id ));
-}
-
-int
-ldap_kerberos_bind1_s( LDAP *ld, LDAP_CONST char *dn )
-{
- int msgid;
- LDAPMessage *res;
-
- Debug( LDAP_DEBUG_TRACE, "ldap_kerberos_bind1_s\n", 0, 0, 0 );
-
- /* initiate the bind */
- if ( (msgid = ldap_kerberos_bind1( ld, dn )) == -1 )
- return( ld->ld_errno );
-
- /* wait for a result */
- if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) 0, &res )
- == -1 ) {
- return( ld->ld_errno ); /* ldap_result sets ld_errno */
- }
-
- return( ldap_result2error( ld, res, 1 ) );
-}
-
-/*
- * ldap_kerberos_bind2 - initiate a bind to the X.500 server using
- * kerberos authentication. The dn is supplied. It is assumed the user
- * already has a valid ticket granting ticket. The msgid of the
- * request is returned on success (suitable for passing to ldap_result()),
- * -1 is returned if there's trouble.
- *
- * Example:
- * ldap_kerberos_bind2( ld, "cn=manager, o=university of michigan, c=us" )
- */
-int
-ldap_kerberos_bind2( LDAP *ld, LDAP_CONST char *dn )
-{
- BerElement *ber;
- char *cred;
- int rc;
- ber_len_t credlen;
- ber_int_t id;
-
- Debug( LDAP_DEBUG_TRACE, "ldap_kerberos_bind2\n", 0, 0, 0 );
-
- if( ld->ld_version > LDAP_VERSION2 ) {
- ld->ld_errno = LDAP_NOT_SUPPORTED;
- return -1;
- }
-
- if ( dn == NULL )
- dn = "";
-
- if ( (cred = ldap_get_kerberosv4_credentials( ld, dn, "x500dsa", &credlen ))
- == NULL ) {
- return( -1 ); /* ld_errno should already be set */
- }
-
- /* create a message to send */
- if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
- LDAP_FREE( cred );
- return( -1 );
- }
-
- LDAP_NEXT_MSGID( ld, id );
- /* fill it in */
- rc = ber_printf( ber, "{it{istoN}N}", id, LDAP_REQ_BIND,
- ld->ld_version, dn, LDAP_AUTH_KRBV42, cred, credlen );
-
- LDAP_FREE( cred );
-
- if ( rc == -1 ) {
- ber_free( ber, 1 );
- ld->ld_errno = LDAP_ENCODING_ERROR;
- return( -1 );
- }
-
- /* send the message */
- return ( ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id ));
-}
-
-/* synchronous bind to DSA using kerberos */
-int
-ldap_kerberos_bind2_s( LDAP *ld, LDAP_CONST char *dn )
-{
- int msgid;
- LDAPMessage *res;
-
- Debug( LDAP_DEBUG_TRACE, "ldap_kerberos_bind2_s\n", 0, 0, 0 );
-
- /* initiate the bind */
- if ( (msgid = ldap_kerberos_bind2( ld, dn )) == -1 )
- return( ld->ld_errno );
-
- /* wait for a result */
- if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) 0, &res )
- == -1 ) {
- return( ld->ld_errno ); /* ldap_result sets ld_errno */
- }
-
- return( ldap_result2error( ld, res, 1 ) );
-}
-
-/* synchronous bind to ldap and DSA using kerberos */
-int
-ldap_kerberos_bind_s( LDAP *ld, LDAP_CONST char *dn )
-{
- int err;
-
- Debug( LDAP_DEBUG_TRACE, "ldap_kerberos_bind_s\n", 0, 0, 0 );
-
- if ( (err = ldap_kerberos_bind1_s( ld, dn )) != LDAP_SUCCESS )
- return( err );
-
- return( ldap_kerberos_bind2_s( ld, dn ) );
-}
-
-
-#ifndef AUTHMAN
-/*
- * ldap_get_kerberosv4_credentials - obtain kerberos v4 credentials for ldap.
- * The dn of the entry to which to bind is supplied. It's assumed the
- * user already has a tgt.
- */
-
-char *
-ldap_get_kerberosv4_credentials(
- LDAP *ld,
- LDAP_CONST char *who,
- LDAP_CONST char *service,
- ber_len_t *len )
-{
- KTEXT_ST ktxt;
- int err;
- char realm[REALM_SZ], *cred, *krbinstance;
-
- Debug( LDAP_DEBUG_TRACE, "ldap_get_kerberosv4_credentials\n", 0, 0, 0 );
-
- if ( (err = krb_get_tf_realm( tkt_string(), realm )) != KSUCCESS ) {
- Debug( LDAP_DEBUG_ANY, "ldap_get_kerberosv4_credentials: "
- "krb_get_tf_realm failed: %s\n", krb_err_txt[err], 0, 0 );
- ld->ld_errno = LDAP_AUTH_UNKNOWN;
- return( NULL );
- }
-
- err = 0;
-#ifdef LDAP_R_COMPILE
- ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
-#endif
- if ( ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_GET_FD, NULL ) == -1 ) {
- /* not connected yet */
- err = ldap_open_defconn( ld );
- }
-#ifdef LDAP_R_COMPILE
- ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
-#endif
- if ( err < 0 ) return NULL;
-
- krbinstance = ld->ld_defconn->lconn_krbinstance;
-
- if ( (err = krb_mk_req( &ktxt, service, krbinstance, realm, 0 ))
- != KSUCCESS )
- {
- Debug( LDAP_DEBUG_ANY, "ldap_get_kerberosv4_credentials: "
- "krb_mk_req failed (%s)\n", krb_err_txt[err], 0, 0 );
- ld->ld_errno = LDAP_AUTH_UNKNOWN;
- return( NULL );
- }
-
- if ( ( cred = LDAP_MALLOC( ktxt.length )) == NULL ) {
- ld->ld_errno = LDAP_NO_MEMORY;
- return( NULL );
- }
-
- *len = ktxt.length;
- AC_MEMCPY( cred, ktxt.dat, ktxt.length );
-
- return( cred );
-}
-
-#endif /* !AUTHMAN */
-#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h
index e4997b02595dba2ba4d7c84dd43eb5e27964a0c4..a49d7427244fcf03ab084f69a904c5d3125d4b8f 100644
--- a/libraries/libldap/ldap-int.h
+++ b/libraries/libldap/ldap-int.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -95,20 +95,20 @@
LDAP_BEGIN_DECL
#define LDAP_URL_PREFIX "ldap://"
-#define LDAP_URL_PREFIX_LEN (sizeof(LDAP_URL_PREFIX)-1)
-#define LDAPS_URL_PREFIX "ldaps://"
-#define LDAPS_URL_PREFIX_LEN (sizeof(LDAPS_URL_PREFIX)-1)
+#define LDAP_URL_PREFIX_LEN STRLENOF(LDAP_URL_PREFIX)
+#define LDAPS_URL_PREFIX "ldaps://"
+#define LDAPS_URL_PREFIX_LEN STRLENOF(LDAPS_URL_PREFIX)
#define LDAPI_URL_PREFIX "ldapi://"
-#define LDAPI_URL_PREFIX_LEN (sizeof(LDAPI_URL_PREFIX)-1)
+#define LDAPI_URL_PREFIX_LEN STRLENOF(LDAPI_URL_PREFIX)
#ifdef LDAP_CONNECTIONLESS
#define LDAPC_URL_PREFIX "cldap://"
-#define LDAPC_URL_PREFIX_LEN (sizeof(LDAPC_URL_PREFIX)-1)
+#define LDAPC_URL_PREFIX_LEN STRLENOF(LDAPC_URL_PREFIX)
#endif
-#define LDAP_URL_URLCOLON "URL:"
-#define LDAP_URL_URLCOLON_LEN (sizeof(LDAP_URL_URLCOLON)-1)
+#define LDAP_URL_URLCOLON "URL:"
+#define LDAP_URL_URLCOLON_LEN STRLENOF(LDAP_URL_URLCOLON)
#define LDAP_REF_STR "Referral:\n"
-#define LDAP_REF_STR_LEN (sizeof(LDAP_REF_STR)-1)
+#define LDAP_REF_STR_LEN STRLENOF(LDAP_REF_STR)
#define LDAP_LDAP_REF_STR LDAP_URL_PREFIX
#define LDAP_LDAP_REF_STR_LEN LDAP_URL_PREFIX_LEN
@@ -117,6 +117,7 @@ LDAP_BEGIN_DECL
#define LDAP_BOOL_REFERRALS 0
#define LDAP_BOOL_RESTART 1
#define LDAP_BOOL_TLS 3
+#define LDAP_BOOL_CONNECT_ASYNC 4
#define LDAP_BOOLEANS unsigned long
#define LDAP_BOOL(n) ((LDAP_BOOLEANS)1 << (n))
@@ -172,8 +173,8 @@ struct ldapoptions {
#endif
/* per API call timeout */
- struct timeval *ldo_tm_api;
- struct timeval *ldo_tm_net;
+ struct timeval ldo_tm_api;
+ struct timeval ldo_tm_net;
ber_int_t ldo_version;
ber_int_t ldo_deref;
@@ -242,6 +243,7 @@ typedef struct ldap_conn {
void *lconn_sasl_sockctx; /* for security layer */
#endif
int lconn_refcnt;
+ time_t lconn_created; /* time */
time_t lconn_lastused; /* time */
int lconn_rebind_inprogress; /* set if rebind in progress */
char ***lconn_rebind_queue; /* used if rebind in progress */
@@ -250,9 +252,6 @@ typedef struct ldap_conn {
#define LDAP_CONNST_CONNECTING 2
#define LDAP_CONNST_CONNECTED 3
LDAPURLDesc *lconn_server;
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
- char *lconn_krbinstance;
-#endif
BerElement *lconn_ber; /* ber receiving on this conn. */
struct ldap_conn *lconn_next;
@@ -272,6 +271,7 @@ typedef struct ldapreq {
#define LDAP_REQST_WRITING 4
int lr_refcnt; /* count of references */
int lr_outrefcnt; /* count of outstanding referrals */
+ int lr_abandoned; /* the request has been abandoned */
ber_int_t lr_origid; /* original request's message id */
int lr_parentcnt; /* count of parent requests */
ber_tag_t lr_res_msgtype; /* result message type */
@@ -365,7 +365,8 @@ struct ldap {
ldap_pvt_thread_mutex_t ld_res_mutex;
#endif
- ber_int_t *ld_abandoned; /* array of abandoned requests */
+ ber_len_t ld_nabandoned;
+ ber_int_t *ld_abandoned; /* array of abandoned requests */
LDAPCache *ld_cache; /* non-null if cache is initialized */
@@ -396,6 +397,17 @@ LDAP_V( ldap_pvt_thread_mutex_t ) ldap_int_sasl_mutex;
#define LDAP_NEXT_MSGID(ld, id) id = ++(ld)->ld_msgid
#endif
+/*
+ * in abandon.c
+ */
+
+LDAP_F (int)
+ldap_int_bisect_find( ber_int_t *v, ber_len_t n, ber_int_t id, int *idxp );
+LDAP_F (int)
+ldap_int_bisect_insert( ber_int_t **vp, ber_len_t *np, int id, int idx );
+LDAP_F (int)
+ldap_int_bisect_delete( ber_int_t **vp, ber_len_t *np, int id, int idx );
+
/*
* in init.c
*/
@@ -465,18 +477,6 @@ LDAP_F (int) ldap_int_client_controls LDAP_P((
*/
LDAP_F (int) ldap_int_next_line_tokens LDAP_P(( char **bufp, ber_len_t *blenp, char ***toksp ));
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
-/*
- * in kerberos.c
- */
-LDAP_F (char *) ldap_get_kerberosv4_credentials LDAP_P((
- LDAP *ld,
- LDAP_CONST char *who,
- LDAP_CONST char *service,
- ber_len_t *len ));
-
-#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
-
/*
* in open.c
@@ -497,9 +497,10 @@ LDAP_F (int) ldap_int_timeval_dup( struct timeval **dest,
const struct timeval *tm );
LDAP_F (int) ldap_connect_to_host( LDAP *ld, Sockbuf *sb,
int proto, const char *host, int port, int async );
+LDAP_F (int) ldap_int_poll( LDAP *ld, ber_socket_t s,
+ struct timeval *tvp );
-#if defined(LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND) || \
- defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL)
+#if defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL)
LDAP_V (char *) ldap_int_hostname;
LDAP_F (char *) ldap_host_connected_to( Sockbuf *sb,
const char *host );
@@ -548,7 +549,7 @@ LDAP_F (int) ldap_int_flush_request( LDAP *ld, LDAPRequest *lr );
/*
* in result.c:
*/
-LDAP_F (char *) ldap_int_msgtype2str( ber_tag_t tag );
+LDAP_F (const char *) ldap_int_msgtype2str( ber_tag_t tag );
/*
* in search.c
diff --git a/libraries/libldap/ldap_sync.c b/libraries/libldap/ldap_sync.c
new file mode 100644
index 0000000000000000000000000000000000000000..8db70ada2801960d0d22142adfc2adf6b1835805
--- /dev/null
+++ b/libraries/libldap/ldap_sync.c
@@ -0,0 +1,929 @@
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2006-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This program was originally developed by Pierangelo Masarati
+ * for inclusion in OpenLDAP Software.
+ */
+
+/*
+ * Proof-of-concept API that implement the client-side
+ * of the "LDAP Content Sync Operation" (RFC 4533)
+ */
+
+#include "portable.h"
+
+#include <ac/time.h>
+
+#include "ldap-int.h"
+
+#ifdef LDAP_SYNC_TRACE
+/*
+ * used for debug purposes
+ */
+static char *
+print_UUID( char *buf, size_t len, unsigned char *UUID )
+{
+ snprintf( buf, len,
+ "%02x%02x%02x%02x-%02x%02x-%02x%02x-"
+ "%02x%02x-%02x%02x%02x%02x%02x%02x",
+ UUID[0],
+ UUID[1],
+ UUID[2],
+ UUID[3],
+ UUID[4],
+ UUID[5],
+ UUID[6],
+ UUID[7],
+ UUID[8],
+ UUID[9],
+ UUID[10],
+ UUID[11],
+ UUID[12],
+ UUID[13],
+ UUID[14],
+ UUID[15] );
+ return buf;
+}
+
+static const char *
+ldap_sync_state2str( int state )
+{
+ switch ( state ) {
+ case LDAP_SYNC_PRESENT:
+ return "LDAP_SYNC_PRESENT";
+
+ case LDAP_SYNC_ADD:
+ return "LDAP_SYNC_ADD";
+
+ case LDAP_SYNC_MODIFY:
+ return "LDAP_SYNC_MODIFY";
+
+ case LDAP_SYNC_DELETE:
+ return "LDAP_SYNC_DELETE";
+
+ default:
+ return "(unknown)";
+ }
+}
+#endif
+
+/*
+ * initialize the persistent search structure
+ */
+ldap_sync_t *
+ldap_sync_initialize( ldap_sync_t *ls_in )
+{
+ ldap_sync_t *ls = ls_in;
+
+ if ( ls == NULL ) {
+ ls = ldap_memalloc( sizeof( ldap_sync_t ) );
+ if ( ls == NULL ) {
+ return NULL;
+ }
+
+ } else {
+ memset( ls, 0, sizeof( ldap_sync_t ) );
+ }
+
+ ls->ls_scope = LDAP_SCOPE_SUBTREE;
+ ls->ls_timeout = -1;
+
+ return ls;
+}
+
+/*
+ * destroy the persistent search structure
+ */
+void
+ldap_sync_destroy( ldap_sync_t *ls, int freeit )
+{
+ assert( ls != NULL );
+
+ if ( ls->ls_base != NULL ) {
+ ldap_memfree( ls->ls_base );
+ ls->ls_base = NULL;
+ }
+
+ if ( ls->ls_filter != NULL ) {
+ ldap_memfree( ls->ls_filter );
+ ls->ls_filter = NULL;
+ }
+
+ if ( ls->ls_attrs != NULL ) {
+ int i;
+
+ for ( i = 0; ls->ls_attrs[ i ] != NULL; i++ ) {
+ ldap_memfree( ls->ls_attrs[ i ] );
+ }
+ ldap_memfree( ls->ls_attrs );
+ ls->ls_attrs = NULL;
+ }
+
+ if ( ls->ls_ld != NULL ) {
+ (void)ldap_unbind_ext( ls->ls_ld, NULL, NULL );
+#ifdef LDAP_SYNC_TRACE
+ fprintf( stderr, "ldap_unbind_ext()\n" );
+#endif /* LDAP_SYNC_TRACE */
+ ls->ls_ld = NULL;
+ }
+
+ if ( ls->ls_cookie.bv_val != NULL ) {
+ ldap_memfree( ls->ls_cookie.bv_val );
+ ls->ls_cookie.bv_val = NULL;
+ }
+
+ if ( freeit ) {
+ ldap_memfree( ls );
+ }
+}
+
+/*
+ * handle the LDAP_RES_SEARCH_ENTRY response
+ */
+static int
+ldap_sync_search_entry( ldap_sync_t *ls, LDAPMessage *res )
+{
+ LDAPControl **ctrls = NULL;
+ int rc = LDAP_SUCCESS,
+ i;
+ BerElement *ber = NULL;
+ struct berval entryUUID = { 0 },
+ cookie = { 0 };
+ int state = -1;
+ ber_len_t len;
+ ldap_sync_refresh_t phase = ls->ls_refreshPhase;
+
+#ifdef LDAP_SYNC_TRACE
+ fprintf( stderr, "\tgot LDAP_RES_SEARCH_ENTRY\n" );
+#endif /* LDAP_SYNC_TRACE */
+
+ assert( ls != NULL );
+ assert( res != NULL );
+
+ /* OK */
+
+ /* extract:
+ * - data
+ * - entryUUID
+ *
+ * check that:
+ * - Sync State Control is "add"
+ */
+
+ /* the control MUST be present */
+
+ /* extract controls */
+ ldap_get_entry_controls( ls->ls_ld, res, &ctrls );
+ if ( ctrls == NULL ) {
+ rc = LDAP_OTHER;
+ goto done;
+ }
+
+ /* lookup the sync state control */
+ for ( i = 0; ctrls[ i ] != NULL; i++ ) {
+ if ( strcmp( ctrls[ i ]->ldctl_oid, LDAP_CONTROL_SYNC_STATE ) == 0 ) {
+ break;
+ }
+ }
+
+ /* control must be present; there might be other... */
+ if ( ctrls[ i ] == NULL ) {
+ rc = LDAP_OTHER;
+ goto done;
+ }
+
+ /* extract data */
+ ber = ber_init( &ctrls[ i ]->ldctl_value );
+ /* scan entryUUID in-place ("m") */
+ ber_scanf( ber, "{em" /*"}"*/, &state, &entryUUID );
+ if ( entryUUID.bv_len == 0 ) {
+ rc = LDAP_OTHER;
+ goto done;
+ }
+
+ if ( ber_peek_tag( ber, &len ) == LDAP_TAG_SYNC_COOKIE ) {
+ /* scan cookie in-place ("m") */
+ ber_scanf( ber, /*"{"*/ "m}", &cookie );
+ if ( cookie.bv_val != NULL ) {
+ ber_bvreplace( &ls->ls_cookie, &cookie );
+ }
+#ifdef LDAP_SYNC_TRACE
+ fprintf( stderr, "\t\tgot cookie=%s\n",
+ cookie.bv_val ? cookie.bv_val : "(null)" );
+#endif /* LDAP_SYNC_TRACE */
+ }
+
+ switch ( state ) {
+ case LDAP_SYNC_PRESENT:
+ case LDAP_SYNC_DELETE:
+ case LDAP_SYNC_ADD:
+ case LDAP_SYNC_MODIFY:
+ /* NOTE: ldap_sync_refresh_t is defined
+ * as the corresponding LDAP_SYNC_*
+ * for the 4 above cases */
+ phase = state;
+#ifdef LDAP_SYNC_TRACE
+ fprintf( stderr, "\t\tgot syncState=%s\n", ldap_sync_state2str( state ) );
+#endif /* LDAP_SYNC_TRACE */
+ break;
+
+ default:
+ rc = LDAP_OTHER;
+#ifdef LDAP_SYNC_TRACE
+ fprintf( stderr, "\t\tgot unknown syncState=%d\n", state );
+#endif /* LDAP_SYNC_TRACE */
+ goto done;
+ }
+
+ if ( ls->ls_search_entry ) {
+ rc = ls->ls_search_entry( ls, res, &entryUUID, phase );
+ }
+
+done:;
+ if ( ber != NULL ) {
+ ber_free( ber, 1 );
+ }
+
+ if ( ctrls != NULL ) {
+ ldap_controls_free( ctrls );
+ }
+
+ return rc;
+}
+
+/*
+ * handle the LDAP_RES_SEARCH_REFERENCE response
+ * (to be implemented yet)
+ */
+static int
+ldap_sync_search_reference( ldap_sync_t *ls, LDAPMessage *res )
+{
+ int rc = 0;
+
+#ifdef LDAP_SYNC_TRACE
+ fprintf( stderr, "\tgot LDAP_RES_SEARCH_REFERENCE\n" );
+#endif /* LDAP_SYNC_TRACE */
+
+ assert( ls != NULL );
+ assert( res != NULL );
+
+ if ( ls->ls_search_reference ) {
+ rc = ls->ls_search_reference( ls, res );
+ }
+
+ return rc;
+}
+
+/*
+ * handle the LDAP_RES_SEARCH_RESULT response
+ */
+static int
+ldap_sync_search_result( ldap_sync_t *ls, LDAPMessage *res )
+{
+ int err;
+ char *matched = NULL,
+ *msg = NULL;
+ LDAPControl **ctrls = NULL;
+ int rc;
+ int refreshDeletes = -1;
+
+#ifdef LDAP_SYNC_TRACE
+ fprintf( stderr, "\tgot LDAP_RES_SEARCH_RESULT\n" );
+#endif /* LDAP_SYNC_TRACE */
+
+ assert( ls != NULL );
+ assert( res != NULL );
+
+ /* should not happen in refreshAndPersist... */
+ rc = ldap_parse_result( ls->ls_ld,
+ res, &err, &matched, &msg, NULL, &ctrls, 0 );
+#ifdef LDAP_SYNC_TRACE
+ fprintf( stderr,
+ "\tldap_parse_result(%d, \"%s\", \"%s\") == %d\n",
+ err,
+ matched ? matched : "",
+ msg ? msg : "",
+ rc );
+#endif /* LDAP_SYNC_TRACE */
+ if ( rc == LDAP_SUCCESS ) {
+ rc = err;
+ }
+
+ ls->ls_refreshPhase = LDAP_SYNC_CAPI_DONE;
+
+ switch ( rc ) {
+ case LDAP_SUCCESS: {
+ int i;
+ BerElement *ber = NULL;
+ ber_len_t len;
+ struct berval cookie = { 0 };
+
+ /* deal with control; then fallthru to handler */
+ if ( ctrls == NULL ) {
+ rc = LDAP_OTHER;
+ goto done;
+ }
+
+ /* lookup the sync state control */
+ for ( i = 0; ctrls[ i ] != NULL; i++ ) {
+ if ( strcmp( ctrls[ i ]->ldctl_oid,
+ LDAP_CONTROL_SYNC_DONE ) == 0 )
+ {
+ break;
+ }
+ }
+
+ /* control must be present; there might be other... */
+ if ( ctrls[ i ] == NULL ) {
+ rc = LDAP_OTHER;
+ goto done;
+ }
+
+ /* extract data */
+ ber = ber_init( &ctrls[ i ]->ldctl_value );
+
+ ber_scanf( ber, "{" /*"}"*/);
+ if ( ber_peek_tag( ber, &len ) == LDAP_TAG_SYNC_COOKIE ) {
+ ber_scanf( ber, "m", &cookie );
+ if ( cookie.bv_val != NULL ) {
+ ber_bvreplace( &ls->ls_cookie, &cookie );
+ }
+#ifdef LDAP_SYNC_TRACE
+ fprintf( stderr, "\t\tgot cookie=%s\n",
+ cookie.bv_val ? cookie.bv_val : "(null)" );
+#endif /* LDAP_SYNC_TRACE */
+ }
+
+ refreshDeletes = 0;
+ if ( ber_peek_tag( ber, &len ) == LDAP_TAG_REFRESHDELETES ) {
+ ber_scanf( ber, "b", &refreshDeletes );
+ if ( refreshDeletes ) {
+ refreshDeletes = 1;
+ }
+ }
+
+ ber_scanf( ber, /*"{"*/ "}" );
+
+ /* NOTE: if any goto/return between ber_init() and here
+ * is introduced, don't forget to ber_free() */
+ ber_free( ber, 1 );
+
+#ifdef LDAP_SYNC_TRACE
+ fprintf( stderr, "\t\tgot refreshDeletes=%s\n",
+ refreshDeletes ? "TRUE" : "FALSE" );
+#endif /* LDAP_SYNC_TRACE */
+
+ /* FIXME: what should we do with the refreshDelete? */
+ switch ( refreshDeletes ) {
+ case 0:
+ ls->ls_refreshPhase = LDAP_SYNC_CAPI_PRESENTS;
+ break;
+
+ default:
+ ls->ls_refreshPhase = LDAP_SYNC_CAPI_DELETES;
+ break;
+ }
+
+ } /* fallthru */
+
+ case LDAP_SYNC_REFRESH_REQUIRED:
+ /* TODO: check for Sync Done Control */
+ /* FIXME: perhaps the handler should be called
+ * also in case of failure; we'll deal with this
+ * later when implementing refreshOnly */
+ if ( ls->ls_search_result ) {
+ err = ls->ls_search_result( ls, res, refreshDeletes );
+ }
+ break;
+
+ default:
+ break;
+ }
+
+done:;
+ if ( matched != NULL ) {
+ ldap_memfree( matched );
+ }
+
+ if ( msg != NULL ) {
+ ldap_memfree( msg );
+ }
+
+ if ( ctrls != NULL ) {
+ ldap_controls_free( ctrls );
+ }
+
+ ls->ls_refreshPhase = LDAP_SYNC_CAPI_DONE;
+
+ return rc;
+}
+
+/*
+ * handle the LDAP_RES_INTERMEDIATE response
+ */
+static int
+ldap_sync_search_intermediate( ldap_sync_t *ls, LDAPMessage *res, int *refreshDone )
+{
+ int rc;
+ char *retoid = NULL;
+ struct berval *retdata = NULL;
+ BerElement *ber = NULL;
+ ber_len_t len;
+ ber_tag_t tag,
+ syncinfo_tag;
+ struct berval cookie;
+ int refreshDeletes = 0;
+ BerVarray syncUUIDs = NULL;
+ ldap_sync_refresh_t phase;
+
+#ifdef LDAP_SYNC_TRACE
+ fprintf( stderr, "\tgot LDAP_RES_INTERMEDIATE\n" );
+#endif /* LDAP_SYNC_TRACE */
+
+ assert( ls != NULL );
+ assert( res != NULL );
+ assert( refreshDone != NULL );
+
+ *refreshDone = 0;
+
+ rc = ldap_parse_intermediate( ls->ls_ld, res,
+ &retoid, &retdata, NULL, 0 );
+#ifdef LDAP_SYNC_TRACE
+ fprintf( stderr, "\t%sldap_parse_intermediate(%s) == %d\n",
+ rc != LDAP_SUCCESS ? "!!! " : "",
+ retoid == NULL ? "\"\"" : retoid,
+ rc );
+#endif /* LDAP_SYNC_TRACE */
+ /* parsing must be successful, and yield the OID
+ * of the sync info intermediate response */
+ if ( rc != LDAP_SUCCESS ) {
+ goto done;
+ }
+
+ if ( retoid == NULL || strcmp( retoid, LDAP_SYNC_INFO ) != 0 ) {
+ rc = LDAP_OTHER;
+ goto done;
+ }
+
+ /* init ber using the value in the response */
+ ber = ber_init( retdata );
+ if ( ber == NULL ) {
+ goto done;
+ }
+
+ syncinfo_tag = ber_peek_tag( ber, &len );
+ switch ( syncinfo_tag ) {
+ case LDAP_TAG_SYNC_NEW_COOKIE:
+ ber_scanf( ber, "tm", &tag, &cookie );
+ if ( cookie.bv_val != NULL ) {
+ ber_bvreplace( &ls->ls_cookie, &cookie );
+ }
+#ifdef LDAP_SYNC_TRACE
+ fprintf( stderr, "\t\tgot cookie=%s\n",
+ cookie.bv_val ? cookie.bv_val : "(null)" );
+#endif /* LDAP_SYNC_TRACE */
+ break;
+
+ case LDAP_TAG_SYNC_REFRESH_DELETE:
+ case LDAP_TAG_SYNC_REFRESH_PRESENT:
+ if ( syncinfo_tag == LDAP_TAG_SYNC_REFRESH_DELETE ) {
+#ifdef LDAP_SYNC_TRACE
+ fprintf( stderr, "\t\tgot refreshDelete\n" );
+#endif /* LDAP_SYNC_TRACE */
+ switch ( ls->ls_refreshPhase ) {
+ case LDAP_SYNC_CAPI_NONE:
+ case LDAP_SYNC_CAPI_PRESENTS:
+ ls->ls_refreshPhase = LDAP_SYNC_CAPI_DELETES;
+ break;
+
+ default:
+ /* TODO: impossible; handle */
+ rc = LDAP_OTHER;
+ goto done;
+ }
+
+ } else {
+#ifdef LDAP_SYNC_TRACE
+ fprintf( stderr, "\t\tgot refreshPresent\n" );
+#endif /* LDAP_SYNC_TRACE */
+ switch ( ls->ls_refreshPhase ) {
+ case LDAP_SYNC_CAPI_NONE:
+ ls->ls_refreshPhase = LDAP_SYNC_CAPI_PRESENTS;
+ break;
+
+ default:
+ /* TODO: impossible; handle */
+ rc = LDAP_OTHER;
+ goto done;
+ }
+ }
+
+ ber_scanf( ber, "t{" /*"}"*/, &tag );
+ if ( ber_peek_tag( ber, &len ) == LDAP_TAG_SYNC_COOKIE ) {
+ ber_scanf( ber, "m", &cookie );
+ if ( cookie.bv_val != NULL ) {
+ ber_bvreplace( &ls->ls_cookie, &cookie );
+ }
+#ifdef LDAP_SYNC_TRACE
+ fprintf( stderr, "\t\tgot cookie=%s\n",
+ cookie.bv_val ? cookie.bv_val : "(null)" );
+#endif /* LDAP_SYNC_TRACE */
+ }
+
+ *refreshDone = 1;
+ if ( ber_peek_tag( ber, &len ) == LDAP_TAG_REFRESHDONE ) {
+ ber_scanf( ber, "b", refreshDone );
+ }
+
+#ifdef LDAP_SYNC_TRACE
+ fprintf( stderr, "\t\tgot refreshDone=%s\n",
+ *refreshDone ? "TRUE" : "FALSE" );
+#endif /* LDAP_SYNC_TRACE */
+
+ ber_scanf( ber, /*"{"*/ "}" );
+
+ if ( *refreshDone ) {
+ ls->ls_refreshPhase = LDAP_SYNC_CAPI_DONE;
+ }
+
+ if ( ls->ls_intermediate ) {
+ ls->ls_intermediate( ls, res, NULL, ls->ls_refreshPhase );
+ }
+
+ break;
+
+ case LDAP_TAG_SYNC_ID_SET:
+#ifdef LDAP_SYNC_TRACE
+ fprintf( stderr, "\t\tgot syncIdSet\n" );
+#endif /* LDAP_SYNC_TRACE */
+ ber_scanf( ber, "t{" /*"}"*/, &tag );
+ if ( ber_peek_tag( ber, &len ) == LDAP_TAG_SYNC_COOKIE ) {
+ ber_scanf( ber, "m", &cookie );
+ if ( cookie.bv_val != NULL ) {
+ ber_bvreplace( &ls->ls_cookie, &cookie );
+ }
+#ifdef LDAP_SYNC_TRACE
+ fprintf( stderr, "\t\tgot cookie=%s\n",
+ cookie.bv_val ? cookie.bv_val : "(null)" );
+#endif /* LDAP_SYNC_TRACE */
+ }
+
+ if ( ber_peek_tag( ber, &len ) == LDAP_TAG_REFRESHDELETES ) {
+ ber_scanf( ber, "b", &refreshDeletes );
+ }
+
+ ber_scanf( ber, "[W]", &syncUUIDs );
+ ber_scanf( ber, /*"{"*/ "}" );
+ if ( syncUUIDs == NULL ) {
+ rc = LDAP_OTHER;
+ goto done;
+ }
+
+#ifdef LDAP_SYNC_TRACE
+ {
+ int i;
+
+ fprintf( stderr, "\t\tgot refreshDeletes=%s\n",
+ refreshDeletes ? "TRUE" : "FALSE" );
+ for ( i = 0; syncUUIDs[ i ].bv_val != NULL; i++ ) {
+ char buf[ BUFSIZ ];
+ fprintf( stderr, "\t\t%s\n",
+ print_UUID( buf, sizeof( buf ),
+ (unsigned char *)syncUUIDs[ i ].bv_val ) );
+ }
+ }
+#endif /* LDAP_SYNC_TRACE */
+
+ if ( refreshDeletes ) {
+ phase = LDAP_SYNC_CAPI_DELETES_IDSET;
+
+ } else {
+ phase = LDAP_SYNC_CAPI_PRESENTS_IDSET;
+ }
+
+ /* FIXME: should touch ls->ls_refreshPhase? */
+ if ( ls->ls_intermediate ) {
+ ls->ls_intermediate( ls, res, syncUUIDs, phase );
+ }
+
+ ber_bvarray_free( syncUUIDs );
+ break;
+
+ default:
+#ifdef LDAP_SYNC_TRACE
+ fprintf( stderr, "\t\tunknown tag!\n" );
+#endif /* LDAP_SYNC_TRACE */
+ goto done;
+ }
+
+done:;
+ if ( ber != NULL ) {
+ ber_free( ber, 1 );
+ }
+
+ if ( retoid != NULL ) {
+ ldap_memfree( retoid );
+ }
+
+ if ( retdata != NULL ) {
+ ber_bvfree( retdata );
+ }
+
+ return rc;
+}
+
+/*
+ * initialize the sync
+ */
+int
+ldap_sync_init( ldap_sync_t *ls, int mode )
+{
+ LDAPControl ctrl = { 0 },
+ *ctrls[ 2 ];
+ BerElement *ber = NULL;
+ int rc;
+ struct timeval tv = { 0 },
+ *tvp = NULL;
+ LDAPMessage *res = NULL;
+
+#ifdef LDAP_SYNC_TRACE
+ fprintf( stderr, "ldap_sync_init(%s)...\n",
+ mode == LDAP_SYNC_REFRESH_AND_PERSIST ?
+ "LDAP_SYNC_REFRESH_AND_PERSIST" :
+ ( mode == LDAP_SYNC_REFRESH_ONLY ?
+ "LDAP_SYNC_REFRESH_ONLY" : "unknown" ) );
+#endif /* LDAP_SYNC_TRACE */
+
+ assert( ls != NULL );
+ assert( ls->ls_ld != NULL );
+
+ /* support both refreshOnly and refreshAndPersist */
+ switch ( mode ) {
+ case LDAP_SYNC_REFRESH_AND_PERSIST:
+ case LDAP_SYNC_REFRESH_ONLY:
+ break;
+
+ default:
+ fprintf( stderr, "ldap_sync_init: unknown mode=%d\n", mode );
+ return LDAP_PARAM_ERROR;
+ }
+
+ /* check consistency of cookie and reloadHint at initial refresh */
+ if ( ls->ls_cookie.bv_val == NULL && ls->ls_reloadHint != 0 ) {
+ fprintf( stderr, "ldap_sync_init: inconsistent cookie/rhint\n" );
+ return LDAP_PARAM_ERROR;
+ }
+
+ ctrls[ 0 ] = &ctrl;
+ ctrls[ 1 ] = NULL;
+
+ /* prepare the Sync Request control */
+ ber = ber_alloc_t( LBER_USE_DER );
+#ifdef LDAP_SYNC_TRACE
+ fprintf( stderr, "%sber_alloc_t() %s= NULL\n",
+ ber == NULL ? "!!! " : "",
+ ber == NULL ? "=" : "!" );
+#endif /* LDAP_SYNC_TRACE */
+ if ( ber == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ goto done;
+ }
+
+ ls->ls_refreshPhase = LDAP_SYNC_CAPI_NONE;
+
+ if ( ls->ls_cookie.bv_val != NULL ) {
+ ber_printf( ber, "{eOb}", mode,
+ &ls->ls_cookie, ls->ls_reloadHint );
+
+ } else {
+ ber_printf( ber, "{eb}", mode, ls->ls_reloadHint );
+ }
+
+ rc = ber_flatten2( ber, &ctrl.ldctl_value, 0 );
+#ifdef LDAP_SYNC_TRACE
+ fprintf( stderr,
+ "%sber_flatten2() == %d\n",
+ rc ? "!!! " : "",
+ rc );
+#endif /* LDAP_SYNC_TRACE */
+ if ( rc == LBER_ERROR ) {
+ rc = LDAP_OTHER;
+ goto done;
+ }
+
+ /* make the control critical, as we cannot proceed without */
+ ctrl.ldctl_oid = LDAP_CONTROL_SYNC;
+ ctrl.ldctl_iscritical = 1;
+
+ /* timelimit? */
+ if ( ls->ls_timelimit ) {
+ tv.tv_sec = ls->ls_timelimit;
+ tvp = &tv;
+ }
+
+ /* actually run the search */
+ rc = ldap_search_ext( ls->ls_ld,
+ ls->ls_base, ls->ls_scope, ls->ls_filter,
+ ls->ls_attrs, 0, ctrls, NULL,
+ tvp, ls->ls_sizelimit, &ls->ls_msgid );
+#ifdef LDAP_SYNC_TRACE
+ fprintf( stderr,
+ "%sldap_search_ext(\"%s\", %d, \"%s\") == %d\n",
+ rc ? "!!! " : "",
+ ls->ls_base, ls->ls_scope, ls->ls_filter, rc );
+#endif /* LDAP_SYNC_TRACE */
+ if ( rc != LDAP_SUCCESS ) {
+ goto done;
+ }
+
+ /* initial content/content update phase */
+ for ( ; ; ) {
+ LDAPMessage *msg = NULL;
+
+ /* NOTE: this very short timeout is just to let
+ * ldap_result() yield long enough to get something */
+ tv.tv_sec = 0;
+ tv.tv_usec = 100000;
+
+ rc = ldap_result( ls->ls_ld, ls->ls_msgid,
+ LDAP_MSG_RECEIVED, &tv, &res );
+#ifdef LDAP_SYNC_TRACE
+ fprintf( stderr,
+ "\t%sldap_result(%d) == %d\n",
+ rc == -1 ? "!!! " : "",
+ ls->ls_msgid, rc );
+#endif /* LDAP_SYNC_TRACE */
+ switch ( rc ) {
+ case 0:
+ /*
+ * timeout
+ *
+ * TODO: can do something else in the meanwhile)
+ */
+ break;
+
+ case -1:
+ /* smtg bad! */
+ goto done;
+
+ default:
+ for ( msg = ldap_first_message( ls->ls_ld, res );
+ msg != NULL;
+ msg = ldap_next_message( ls->ls_ld, msg ) )
+ {
+ int refreshDone;
+
+ switch ( ldap_msgtype( msg ) ) {
+ case LDAP_RES_SEARCH_ENTRY:
+ rc = ldap_sync_search_entry( ls, res );
+ break;
+
+ case LDAP_RES_SEARCH_REFERENCE:
+ rc = ldap_sync_search_reference( ls, res );
+ break;
+
+ case LDAP_RES_SEARCH_RESULT:
+ rc = ldap_sync_search_result( ls, res );
+ goto done_search;
+
+ case LDAP_RES_INTERMEDIATE:
+ rc = ldap_sync_search_intermediate( ls, res, &refreshDone );
+ if ( rc != LDAP_SUCCESS || refreshDone ) {
+ goto done_search;
+ }
+ break;
+
+ default:
+#ifdef LDAP_SYNC_TRACE
+ fprintf( stderr, "\tgot something unexpected...\n" );
+#endif /* LDAP_SYNC_TRACE */
+
+ ldap_msgfree( res );
+
+ rc = LDAP_OTHER;
+ goto done;
+ }
+ }
+ ldap_msgfree( res );
+ res = NULL;
+ break;
+ }
+ }
+
+done_search:;
+ ldap_msgfree( res );
+
+done:;
+ if ( ber != NULL ) {
+ ber_free( ber, 1 );
+ }
+
+ return rc;
+}
+
+/*
+ * initialize the refreshOnly sync
+ */
+int
+ldap_sync_init_refresh_only( ldap_sync_t *ls )
+{
+ return ldap_sync_init( ls, LDAP_SYNC_REFRESH_ONLY );
+}
+
+/*
+ * initialize the refreshAndPersist sync
+ */
+int
+ldap_sync_init_refresh_and_persist( ldap_sync_t *ls )
+{
+ return ldap_sync_init( ls, LDAP_SYNC_REFRESH_AND_PERSIST );
+}
+
+/*
+ * poll for new responses
+ */
+int
+ldap_sync_poll( ldap_sync_t *ls )
+{
+ struct timeval tv,
+ *tvp = NULL;
+ LDAPMessage *res = NULL,
+ *msg;
+ int rc = 0;
+
+#ifdef LDAP_SYNC_TRACE
+ fprintf( stderr, "ldap_sync_poll...\n" );
+#endif /* LDAP_SYNC_TRACE */
+
+ assert( ls != NULL );
+ assert( ls->ls_ld != NULL );
+
+ if ( ls->ls_timeout != -1 ) {
+ tv.tv_sec = ls->ls_timeout;
+ tv.tv_usec = 0;
+ tvp = &tv;
+ }
+
+ rc = ldap_result( ls->ls_ld, ls->ls_msgid,
+ LDAP_MSG_RECEIVED, tvp, &res );
+ if ( rc <= 0 ) {
+ return rc;
+ }
+
+ for ( msg = ldap_first_message( ls->ls_ld, res );
+ msg;
+ msg = ldap_next_message( ls->ls_ld, msg ) )
+ {
+ int refreshDone;
+
+ switch ( ldap_msgtype( msg ) ) {
+ case LDAP_RES_SEARCH_ENTRY:
+ rc = ldap_sync_search_entry( ls, res );
+ break;
+
+ case LDAP_RES_SEARCH_REFERENCE:
+ rc = ldap_sync_search_reference( ls, res );
+ break;
+
+ case LDAP_RES_SEARCH_RESULT:
+ rc = ldap_sync_search_result( ls, res );
+ goto done_search;
+
+ case LDAP_RES_INTERMEDIATE:
+ rc = ldap_sync_search_intermediate( ls, res, &refreshDone );
+ if ( rc != LDAP_SUCCESS || refreshDone ) {
+ goto done_search;
+ }
+ break;
+
+ default:
+#ifdef LDAP_SYNC_TRACE
+ fprintf( stderr, "\tgot something unexpected...\n" );
+#endif /* LDAP_SYNC_TRACE */
+
+ ldap_msgfree( res );
+
+ rc = LDAP_OTHER;
+ goto done;
+ }
+ }
+
+done_search:;
+ ldap_msgfree( res );
+
+done:;
+ return rc;
+}
+
diff --git a/libraries/libldap/messages.c b/libraries/libldap/messages.c
index 816a79ac3de5f3ed75b4b8f5d5d6f2ec4fa03e2f..36c06e511da4b2e841d88b61231be2fdecad9ae0 100644
--- a/libraries/libldap/messages.c
+++ b/libraries/libldap/messages.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/libldap/modify.c b/libraries/libldap/modify.c
index 6c8fb38420bb0df4c07009df9a49582a3b93d735..41b75e712d08ae57dff4ee0b845b1e4d19a1e48c 100644
--- a/libraries/libldap/modify.c
+++ b/libraries/libldap/modify.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -15,9 +15,6 @@
/* Portions Copyright (c) 1990 Regents of the University of Michigan.
* All rights reserved.
*/
-/* Portions Copyright (C) The Internet Society (1997)
- * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
- */
#include "portable.h"
@@ -29,6 +26,32 @@
#include "ldap-int.h"
+/* A modify request/response looks like this:
+ * ModifyRequest ::= [APPLICATION 6] SEQUENCE {
+ * object LDAPDN,
+ * changes SEQUENCE OF change SEQUENCE {
+ * operation ENUMERATED {
+ * add (0),
+ * delete (1),
+ * replace (2),
+ * ... },
+ * modification PartialAttribute } }
+ *
+ * PartialAttribute ::= SEQUENCE {
+ * type AttributeDescription,
+ * vals SET OF value AttributeValue }
+ *
+ * AttributeDescription ::= LDAPString
+ * -- Constrained to <attributedescription> [RFC4512]
+ *
+ * AttributeValue ::= OCTET STRING
+ *
+ * ModifyResponse ::= [APPLICATION 7] LDAPResult
+ *
+ * (Source: RFC 4511)
+ */
+
+
/*
* ldap_modify_ext - initiate an ldap extended modify operation.
*
@@ -65,25 +88,6 @@ ldap_modify_ext( LDAP *ld,
int i, rc;
ber_int_t id;
- /*
- * A modify request looks like this:
- * ModifyRequet ::= SEQUENCE {
- * object DistinguishedName,
- * modifications SEQUENCE OF SEQUENCE {
- * operation ENUMERATED {
- * add (0),
- * delete (1),
- * replace (2),
- * increment (3) -- extension
- * },
- * modification SEQUENCE {
- * type AttributeType,
- * values SET OF AttributeValue
- * }
- * }
- * }
- */
-
Debug( LDAP_DEBUG_TRACE, "ldap_modify_ext\n", 0, 0, 0 );
/* check client controls */
@@ -197,7 +201,7 @@ ldap_modify_ext_s( LDAP *ld, LDAP_CONST char *dn,
if ( rc != LDAP_SUCCESS )
return( rc );
- if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, &res ) == -1 )
+ if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, &res ) == -1 || !res )
return( ld->ld_errno );
return( ldap_result2error( ld, res, 1 ) );
diff --git a/libraries/libldap/modrdn.c b/libraries/libldap/modrdn.c
index c160ea87b408f42652452e7bc44f000c91045d70..bc3c8590d4a0ce7a60d7fb96e95247f518b54e29 100644
--- a/libraries/libldap/modrdn.c
+++ b/libraries/libldap/modrdn.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -23,14 +23,21 @@
* without restriction or fee of any kind as long as this notice
* is preserved.
*/
-/* Portions Copyright (C) The Internet Society (1997)
- * ASN.1 fragments are from RFC 2251; see RFC 2251 for full legal notices.
- */
/* ACKNOWLEDGEMENTS:
* Juan C. Gomez
*/
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+
/*
* A modify rdn request looks like this:
* ModifyRDNRequest ::= SEQUENCE {
@@ -41,15 +48,6 @@
* }
*/
-#include "portable.h"
-
-#include <stdio.h>
-
-#include <ac/socket.h>
-#include <ac/string.h>
-#include <ac/time.h>
-
-#include "ldap-int.h"
/*
* ldap_rename - initiate an ldap extended modifyDN operation.
@@ -221,7 +219,7 @@ ldap_rename_s(
rc = ldap_result( ld, msgid, LDAP_MSG_ALL, NULL, &res );
- if( rc == -1 ) {
+ if( rc == -1 || !res ) {
return ld->ld_errno;
}
diff --git a/libraries/libldap/open.c b/libraries/libldap/open.c
index 91368ec9786a80802a0988c4de638dad7312fd63..9939a87df581b288da467b392099e75ed0e6c53a 100644
--- a/libraries/libldap/open.c
+++ b/libraries/libldap/open.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -122,8 +122,6 @@ ldap_create( LDAP **ldp )
/* but not pointers to malloc'ed items */
ld->ld_options.ldo_sctrls = NULL;
ld->ld_options.ldo_cctrls = NULL;
- ld->ld_options.ldo_tm_api = NULL;
- ld->ld_options.ldo_tm_net = NULL;
ld->ld_options.ldo_defludp = NULL;
#ifdef HAVE_CYRUS_SASL
@@ -146,14 +144,6 @@ ldap_create( LDAP **ldp )
ld->ld_options.ldo_tls_ctx = NULL;
#endif
- if ( gopts->ldo_tm_api &&
- ldap_int_timeval_dup( &ld->ld_options.ldo_tm_api, gopts->ldo_tm_api ))
- goto nomem;
-
- if ( gopts->ldo_tm_net &&
- ldap_int_timeval_dup( &ld->ld_options.ldo_tm_net, gopts->ldo_tm_net ))
- goto nomem;
-
if ( gopts->ldo_defludp ) {
ld->ld_options.ldo_defludp = ldap_url_duplist(gopts->ldo_defludp);
@@ -178,8 +168,6 @@ ldap_create( LDAP **ldp )
nomem:
ldap_free_select_info( ld->ld_selectinfo );
ldap_free_urllist( ld->ld_options.ldo_defludp );
- LDAP_FREE( ld->ld_options.ldo_tm_net );
- LDAP_FREE( ld->ld_options.ldo_tm_api );
#ifdef HAVE_CYRUS_SASL
LDAP_FREE( ld->ld_options.ldo_def_sasl_authzid );
LDAP_FREE( ld->ld_options.ldo_def_sasl_authcid );
@@ -251,6 +239,95 @@ ldap_initialize( LDAP **ldp, LDAP_CONST char *url )
return LDAP_SUCCESS;
}
+int
+ldap_init_fd(
+ ber_socket_t fd,
+ int proto,
+ LDAP_CONST char *url,
+ LDAP **ldp
+)
+{
+ int rc;
+ LDAP *ld;
+ LDAPConn *conn;
+
+ *ldp = NULL;
+ rc = ldap_create( &ld );
+ if( rc != LDAP_SUCCESS )
+ return( rc );
+
+ if (url != NULL) {
+ rc = ldap_set_option(ld, LDAP_OPT_URI, url);
+ if ( rc != LDAP_SUCCESS ) {
+ ldap_ld_free(ld, 1, NULL, NULL);
+ return rc;
+ }
+ }
+
+ /* Attach the passed socket as the LDAP's connection */
+ conn = ldap_new_connection( ld, NULL, 1, 0, NULL);
+ if( conn == NULL ) {
+ ldap_unbind_ext( ld, NULL, NULL );
+ return( LDAP_NO_MEMORY );
+ }
+ ber_sockbuf_ctrl( conn->lconn_sb, LBER_SB_OPT_SET_FD, &fd );
+ ld->ld_defconn = conn;
+ ++ld->ld_defconn->lconn_refcnt; /* so it never gets closed/freed */
+
+ switch( proto ) {
+ case LDAP_PROTO_TCP:
+#ifdef LDAP_DEBUG
+ ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_debug,
+ LBER_SBIOD_LEVEL_PROVIDER, (void *)"tcp_" );
+#endif
+ ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_tcp,
+ LBER_SBIOD_LEVEL_PROVIDER, NULL );
+ break;
+
+#ifdef LDAP_CONNECTIONLESS
+ case LDAP_PROTO_UDP:
+#ifdef LDAP_DEBUG
+ ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_debug,
+ LBER_SBIOD_LEVEL_PROVIDER, (void *)"udp_" );
+#endif
+ ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_udp,
+ LBER_SBIOD_LEVEL_PROVIDER, NULL );
+ ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_readahead,
+ LBER_SBIOD_LEVEL_PROVIDER, NULL );
+ break;
+#endif /* LDAP_CONNECTIONLESS */
+
+ case LDAP_PROTO_IPC:
+#ifdef LDAP_DEBUG
+ ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_debug,
+ LBER_SBIOD_LEVEL_PROVIDER, (void *)"ipc_" );
+#endif
+ ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_fd,
+ LBER_SBIOD_LEVEL_PROVIDER, NULL );
+ break;
+
+ case LDAP_PROTO_EXT:
+ /* caller must supply sockbuf handlers */
+ break;
+
+ default:
+ ldap_unbind_ext( ld, NULL, NULL );
+ return LDAP_PARAM_ERROR;
+ }
+
+#ifdef LDAP_DEBUG
+ ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_debug,
+ INT_MAX, (void *)"ldap_" );
+#endif
+
+ /* Add the connection to the *LDAP's select pool */
+ ldap_mark_select_read( ld, conn->lconn_sb );
+ ldap_mark_select_write( ld, conn->lconn_sb );
+
+ *ldp = ld;
+ return LDAP_SUCCESS;
+}
+
int
ldap_int_open_connection(
LDAP *ld,
@@ -345,6 +422,8 @@ ldap_int_open_connection(
break;
}
+ conn->lconn_created = time( NULL );
+
#ifdef LDAP_DEBUG
ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_debug,
INT_MAX, (void *)"ldap_" );
@@ -370,19 +449,6 @@ ldap_int_open_connection(
}
#endif
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
- if ( conn->lconn_krbinstance == NULL ) {
- char *c;
- conn->lconn_krbinstance = ldap_host_connected_to(
- conn->lconn_sb, host );
-
- if( conn->lconn_krbinstance != NULL &&
- ( c = strchr( conn->lconn_krbinstance, '.' )) != NULL ) {
- *c = '\0';
- }
- }
-#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
-
return( 0 );
}
diff --git a/libraries/libldap/options.c b/libraries/libldap/options.c
index 64525dca1cc221fb0d26027b1e29af92f6fa743a..5589386287dd81ad446beb7c3e70446887c41a01 100644
--- a/libraries/libldap/options.c
+++ b/libraries/libldap/options.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -177,14 +177,18 @@ ldap_get_option(
case LDAP_OPT_TIMEOUT:
/* the caller has to free outvalue ! */
- if ( ldap_int_timeval_dup( outvalue, lo->ldo_tm_api ) != 0 ) {
+ if ( lo->ldo_tm_api.tv_sec < 0 ) {
+ *(void **)outvalue = NULL;
+ } else if ( ldap_int_timeval_dup( outvalue, &lo->ldo_tm_api ) != 0 ) {
return LDAP_OPT_ERROR;
}
return LDAP_OPT_SUCCESS;
case LDAP_OPT_NETWORK_TIMEOUT:
/* the caller has to free outvalue ! */
- if ( ldap_int_timeval_dup( outvalue, lo->ldo_tm_net ) != 0 ) {
+ if ( lo->ldo_tm_net.tv_sec < 0 ) {
+ *(void **)outvalue = NULL;
+ } else if ( ldap_int_timeval_dup( outvalue, &lo->ldo_tm_net ) != 0 ) {
return LDAP_OPT_ERROR;
}
return LDAP_OPT_SUCCESS;
@@ -242,6 +246,10 @@ ldap_get_option(
return LDAP_OPT_SUCCESS;
+ case LDAP_OPT_CONNECT_ASYNC:
+ * (int *) outvalue = (int) LDAP_BOOL_GET(lo, LDAP_BOOL_CONNECT_ASYNC);
+ return LDAP_OPT_SUCCESS;
+
case LDAP_OPT_RESULT_CODE:
if(ld == NULL) {
/* bad param */
@@ -392,6 +400,14 @@ ldap_set_option(
LDAP_BOOL_SET(lo, LDAP_BOOL_RESTART);
}
return LDAP_OPT_SUCCESS;
+
+ case LDAP_OPT_CONNECT_ASYNC:
+ if(invalue == LDAP_OPT_OFF) {
+ LDAP_BOOL_CLR(lo, LDAP_BOOL_CONNECT_ASYNC);
+ } else {
+ LDAP_BOOL_SET(lo, LDAP_BOOL_CONNECT_ASYNC);
+ }
+ return LDAP_OPT_SUCCESS;
}
/* options which can withstand invalue == NULL */
@@ -436,33 +452,6 @@ ldap_set_option(
}
} return LDAP_OPT_SUCCESS;
- case LDAP_OPT_TIMEOUT: {
- const struct timeval *tv =
- (const struct timeval *) invalue;
-
- if ( lo->ldo_tm_api != NULL ) {
- LDAP_FREE( lo->ldo_tm_api );
- lo->ldo_tm_api = NULL;
- }
-
- if ( ldap_int_timeval_dup( &lo->ldo_tm_api, tv ) != 0 ) {
- return LDAP_OPT_ERROR;
- }
- } return LDAP_OPT_SUCCESS;
-
- case LDAP_OPT_NETWORK_TIMEOUT: {
- const struct timeval *tv =
- (const struct timeval *) invalue;
-
- if ( lo->ldo_tm_net != NULL ) {
- LDAP_FREE( lo->ldo_tm_net );
- lo->ldo_tm_net = NULL;
- }
-
- if ( ldap_int_timeval_dup( &lo->ldo_tm_net, tv ) != 0 ) {
- return LDAP_OPT_ERROR;
- }
- } return LDAP_OPT_SUCCESS;
case LDAP_OPT_HOST_NAME: {
const char *host = (const char *) invalue;
@@ -669,6 +658,8 @@ ldap_set_option(
case LDAP_OPT_PROTOCOL_VERSION:
case LDAP_OPT_RESULT_CODE:
case LDAP_OPT_DEBUG_LEVEL:
+ case LDAP_OPT_TIMEOUT:
+ case LDAP_OPT_NETWORK_TIMEOUT:
if(invalue == NULL) {
/* no place to set from */
return LDAP_OPT_ERROR;
@@ -706,6 +697,20 @@ ldap_set_option(
lo->ldo_timelimit = * (const int *) invalue;
return LDAP_OPT_SUCCESS;
+ case LDAP_OPT_TIMEOUT: {
+ const struct timeval *tv =
+ (const struct timeval *) invalue;
+
+ lo->ldo_tm_api = *tv;
+ } return LDAP_OPT_SUCCESS;
+
+ case LDAP_OPT_NETWORK_TIMEOUT: {
+ const struct timeval *tv =
+ (const struct timeval *) invalue;
+
+ lo->ldo_tm_net = *tv;
+ } return LDAP_OPT_SUCCESS;
+
case LDAP_OPT_PROTOCOL_VERSION: {
int vers = * (const int *) invalue;
if (vers < LDAP_VERSION_MIN || vers > LDAP_VERSION_MAX) {
diff --git a/libraries/libldap/os-ip.c b/libraries/libldap/os-ip.c
index 002300722e077b2094763dd20a6d305983acf436..4b7de9e690f362c5b72c7c56b3a777f6d315e48a 100644
--- a/libraries/libldap/os-ip.c
+++ b/libraries/libldap/os-ip.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* Portions Copyright 1999 Lars Uffmann.
* All rights reserved.
*
@@ -214,83 +214,63 @@ ldap_pvt_is_socket_ready(LDAP *ld, int s)
#endif /* HAVE_WINSOCK */
-static int
-ldap_pvt_connect(LDAP *ld, ber_socket_t s,
- struct sockaddr *sin, socklen_t addrlen,
- int async)
+/* NOTE: this is identical to analogous code in os-local.c */
+int
+ldap_int_poll(
+ LDAP *ld,
+ ber_socket_t s,
+ struct timeval *tvp )
{
- int rc, err;
- struct timeval tv = { 0 },
- *opt_tv = NULL;
-
-#ifdef LDAP_CONNECTIONLESS
- /* We could do a connect() but that would interfere with
- * attempts to poll a broadcast address
- */
- if (LDAP_IS_UDP(ld)) {
- if (ld->ld_options.ldo_peer)
- ldap_memfree(ld->ld_options.ldo_peer);
- ld->ld_options.ldo_peer=ldap_memalloc(sizeof(struct sockaddr));
- AC_MEMCPY(ld->ld_options.ldo_peer,sin,sizeof(struct sockaddr));
- return ( 0 );
- }
-#endif
- opt_tv = ld->ld_options.ldo_tm_net;
- if ( opt_tv != NULL ) {
- tv = *opt_tv;
- }
-
- osip_debug(ld, "ldap_connect_timeout: fd: %d tm: %ld async: %d\n",
- s, opt_tv ? tv.tv_sec : -1L, async);
-
- if ( opt_tv && ldap_pvt_ndelay_on(ld, s) == -1 )
- return ( -1 );
-
- if ( connect(s, sin, addrlen) != AC_SOCKET_ERROR ) {
- if ( opt_tv && ldap_pvt_ndelay_off(ld, s) == -1 )
- return ( -1 );
- return ( 0 );
- }
+ int rc;
+
- err = sock_errno();
- if ( err != EINPROGRESS && err != EWOULDBLOCK ) {
- return ( -1 );
- }
-
-#ifdef notyet
- if ( async ) return ( -2 );
-#endif
+ osip_debug(ld, "ldap_int_poll: fd: %d tm: %ld\n",
+ s, tvp ? tvp->tv_sec : -1L, 0);
#ifdef HAVE_POLL
{
struct pollfd fd;
int timeout = INFTIM;
- if( opt_tv != NULL ) timeout = TV2MILLISEC( &tv );
-
fd.fd = s;
fd.events = POLL_WRITE;
+ if ( tvp != NULL ) {
+ timeout = TV2MILLISEC( tvp );
+ }
do {
fd.revents = 0;
rc = poll( &fd, 1, timeout );
- } while( rc == AC_SOCKET_ERROR && errno == EINTR &&
- LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_RESTART ));
+
+ } while ( rc == AC_SOCKET_ERROR && errno == EINTR &&
+ LDAP_BOOL_GET( &ld->ld_options, LDAP_BOOL_RESTART ) );
- if( rc == AC_SOCKET_ERROR ) return rc;
+ if ( rc == AC_SOCKET_ERROR ) {
+ return rc;
+ }
- if( fd.revents & POLL_WRITE ) {
- if ( ldap_pvt_is_socket_ready(ld, s) == -1 ) return -1;
- if ( ldap_pvt_ndelay_off(ld, s) == -1 ) return -1;
- return ( 0 );
+ if ( timeout == 0 && rc == 0 ) {
+ return -2;
+ }
+
+ if ( fd.revents & POLL_WRITE ) {
+ if ( ldap_pvt_is_socket_ready( ld, s ) == -1 ) {
+ return -1;
+ }
+
+ if ( ldap_pvt_ndelay_off( ld, s ) == -1 ) {
+ return -1;
+ }
+ return 0;
}
}
#else
{
- fd_set wfds, *z=NULL;
+ fd_set wfds, *z = NULL;
#ifdef HAVE_WINSOCK
fd_set efds;
#endif
+ struct timeval tv = { 0 };
#if defined( FD_SETSIZE ) && !defined( HAVE_WINSOCK )
if ( s >= FD_SETSIZE ) {
@@ -301,6 +281,10 @@ ldap_pvt_connect(LDAP *ld, ber_socket_t s,
}
#endif
+ if ( tvp != NULL ) {
+ tv = *tvp;
+ }
+
do {
FD_ZERO(&wfds);
FD_SET(s, &wfds );
@@ -310,50 +294,114 @@ ldap_pvt_connect(LDAP *ld, ber_socket_t s,
FD_SET(s, &efds );
#endif
- rc = select(ldap_int_tblsize, z, &wfds,
+ rc = select( ldap_int_tblsize, z, &wfds,
#ifdef HAVE_WINSOCK
&efds,
#else
z,
#endif
- opt_tv ? &tv : NULL);
- } while( rc == AC_SOCKET_ERROR && errno == EINTR &&
- LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_RESTART ));
+ tvp ? &tv : NULL );
+ } while ( rc == AC_SOCKET_ERROR && errno == EINTR &&
+ LDAP_BOOL_GET( &ld->ld_options, LDAP_BOOL_RESTART ) );
- if( rc == AC_SOCKET_ERROR ) return rc;
+ if ( rc == AC_SOCKET_ERROR ) {
+ return rc;
+ }
+
+ if ( rc == 0 && tvp && tvp->tv_sec == 0 && tvp->tv_usec == 0 ) {
+ return -2;
+ }
#ifdef HAVE_WINSOCK
/* This means the connection failed */
if ( FD_ISSET(s, &efds) ) {
- int so_errno;
- int dummy = sizeof(so_errno);
- if ( getsockopt( s, SOL_SOCKET, SO_ERROR,
+ int so_errno;
+ int dummy = sizeof(so_errno);
+ if ( getsockopt( s, SOL_SOCKET, SO_ERROR,
(char *) &so_errno, &dummy ) == AC_SOCKET_ERROR || !so_errno )
- {
- /* impossible */
- so_errno = WSAGetLastError();
- }
- ldap_pvt_set_errno(so_errno);
- osip_debug(ld, "ldap_pvt_connect: error on socket %d: "
- "errno: %d (%s)\n", s, errno, sock_errstr(errno));
- return -1;
+ {
+ /* impossible */
+ so_errno = WSAGetLastError();
+ }
+ ldap_pvt_set_errno( so_errno );
+ osip_debug(ld, "ldap_int_poll: error on socket %d: "
+ "errno: %d (%s)\n", s, errno, sock_errstr( errno ));
+ return -1;
}
#endif
if ( FD_ISSET(s, &wfds) ) {
#ifndef HAVE_WINSOCK
- if ( ldap_pvt_is_socket_ready(ld, s) == -1 ) return -1;
+ if ( ldap_pvt_is_socket_ready( ld, s ) == -1 ) {
+ return -1;
+ }
#endif
- if ( ldap_pvt_ndelay_off(ld, s) == -1 ) return -1;
+ if ( ldap_pvt_ndelay_off(ld, s) == -1 ) {
+ return -1;
+ }
return 0;
}
}
#endif
- osip_debug(ld, "ldap_connect_timeout: timed out\n",0,0,0);
+ osip_debug(ld, "ldap_int_poll: timed out\n",0,0,0);
ldap_pvt_set_errno( ETIMEDOUT );
return -1;
}
+static int
+ldap_pvt_connect(LDAP *ld, ber_socket_t s,
+ struct sockaddr *sin, socklen_t addrlen,
+ int async)
+{
+ int rc, err;
+ struct timeval tv, *opt_tv = NULL;
+
+#ifdef LDAP_CONNECTIONLESS
+ /* We could do a connect() but that would interfere with
+ * attempts to poll a broadcast address
+ */
+ if (LDAP_IS_UDP(ld)) {
+ if (ld->ld_options.ldo_peer)
+ ldap_memfree(ld->ld_options.ldo_peer);
+ ld->ld_options.ldo_peer=ldap_memalloc(sizeof(struct sockaddr));
+ AC_MEMCPY(ld->ld_options.ldo_peer,sin,sizeof(struct sockaddr));
+ return ( 0 );
+ }
+#endif
+ if ( ld->ld_options.ldo_tm_net.tv_sec >= 0 ) {
+ tv = ld->ld_options.ldo_tm_net;
+ opt_tv = &tv;
+ }
+
+ osip_debug(ld, "ldap_pvt_connect: fd: %d tm: %ld async: %d\n",
+ s, opt_tv ? tv.tv_sec : -1L, async);
+
+ if ( opt_tv && ldap_pvt_ndelay_on(ld, s) == -1 )
+ return ( -1 );
+
+ if ( connect(s, sin, addrlen) != AC_SOCKET_ERROR ) {
+ if ( opt_tv && ldap_pvt_ndelay_off(ld, s) == -1 )
+ return ( -1 );
+ return ( 0 );
+ }
+
+ err = sock_errno();
+ if ( err != EINPROGRESS && err != EWOULDBLOCK ) {
+ return ( -1 );
+ }
+
+ if ( async ) {
+ /* caller will call ldap_int_poll() as appropriate? */
+ return ( -2 );
+ }
+
+ rc = ldap_int_poll( ld, s, opt_tv );
+
+ osip_debug(ld, "ldap_pvt_connect: %d\n", rc, 0, 0);
+
+ return rc;
+}
+
#ifndef HAVE_INET_ATON
int
ldap_pvt_inet_aton( const char *host, struct in_addr *in)
@@ -482,7 +530,7 @@ ldap_connect_to_host(LDAP *ld, Sockbuf *sb,
rc = ldap_pvt_connect( ld, s,
sai->ai_addr, sai->ai_addrlen, async );
- if ( (rc == 0) || (rc == -2) ) {
+ if ( rc == 0 || rc == -2 ) {
ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_FD, &s );
break;
}
@@ -569,8 +617,7 @@ ldap_connect_to_host(LDAP *ld, Sockbuf *sb,
return rc;
}
-#if defined( LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND ) || \
- defined( HAVE_CYRUS_SASL )
+#if defined( HAVE_CYRUS_SASL )
char *
ldap_host_connected_to( Sockbuf *sb, const char *host )
{
diff --git a/libraries/libldap/os-local.c b/libraries/libldap/os-local.c
index 9c785fc8ef6fda5d9c2b4d05f8063ae1ba8d54b1..4e3a19e5a29c20fa0fe19f1f73195f1996890230 100644
--- a/libraries/libldap/os-local.c
+++ b/libraries/libldap/os-local.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -168,12 +168,11 @@ static int
ldap_pvt_connect(LDAP *ld, ber_socket_t s, struct sockaddr_un *sa, int async)
{
int rc;
- struct timeval tv = { 0 },
- *opt_tv = NULL;
+ struct timeval tv, *opt_tv = NULL;
- opt_tv = ld->ld_options.ldo_tm_net;
- if ( opt_tv != NULL ) {
- tv = *opt_tv;
+ if ( ld->ld_options.ldo_tm_net.tv_sec >= 0 ) {
+ tv = ld->ld_options.ldo_tm_net;
+ opt_tv = &tv;
}
oslocal_debug(ld, "ldap_connect_timeout: fd: %d tm: %ld async: %d\n",
diff --git a/libraries/libldap/pagectrl.c b/libraries/libldap/pagectrl.c
index c6f1c4ab7578376f97e05fa17922ae6224219a05..df4978705d8401bc22770a8dd8a55bb5b2c029fd 100644
--- a/libraries/libldap/pagectrl.c
+++ b/libraries/libldap/pagectrl.c
@@ -1,6 +1,6 @@
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* Copyright 2006 Hans Leidekker
* All rights reserved.
*
@@ -12,9 +12,6 @@
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
-/* Portions Copyright (C) The Internet Society (1999)
- * ASN.1 fragments are from RFC 2696; see RFC for full legal notices.
- */
#include "portable.h"
diff --git a/libraries/libldap/passwd.c b/libraries/libldap/passwd.c
index ab330a81b7a347b72f0c694923046c88e41efe41..b6caab58310268cf8afd804b540637882a9f477f 100644
--- a/libraries/libldap/passwd.c
+++ b/libraries/libldap/passwd.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -27,7 +27,7 @@
#include "ldap-int.h"
/*
- * LDAP Password Modify (Extended) Operation <RFC 3062>
+ * LDAP Password Modify (Extended) Operation (RFC 3062)
*/
int ldap_parse_passwd(
@@ -156,7 +156,7 @@ ldap_passwd_s(
return rc;
}
- if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, &res ) == -1 ) {
+ if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, &res ) == -1 || !res ) {
return ld->ld_errno;
}
diff --git a/libraries/libldap/ppolicy.c b/libraries/libldap/ppolicy.c
index 2551fb5876e1a81d027f1f579285ed0b2bc7b0d7..16193f64008c5c830f4582712108859a85d3f147 100644
--- a/libraries/libldap/ppolicy.c
+++ b/libraries/libldap/ppolicy.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
* Portions Copyright 2004 Hewlett-Packard Company.
* Portions Copyright 2004 Howard Chu, Symas Corp.
* All rights reserved.
diff --git a/libraries/libldap/print.c b/libraries/libldap/print.c
index 8bea418fc97d390b4dbd41199eee6c1dee06ad8b..d9bc5eb47ae3eba1c170bbbb5ea28c1d0e6da13e 100644
--- a/libraries/libldap/print.c
+++ b/libraries/libldap/print.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/libldap/references.c b/libraries/libldap/references.c
index fe00f994559cb45729aea0c18ed8e710b9fad288..6872ce7a7da15de484435e4dfada2ee22d620483 100644
--- a/libraries/libldap/references.c
+++ b/libraries/libldap/references.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/libldap/request.c b/libraries/libldap/request.c
index 1357707c27085311df31f339fcf222371e2b9c39..ee0ec5013b9d0c05c8f694d0639940677d9094d6 100644
--- a/libraries/libldap/request.c
+++ b/libraries/libldap/request.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -209,11 +209,43 @@ ldap_send_server_request(
}
}
+ /* async connect... */
+ if ( lc != NULL && lc->lconn_status == LDAP_CONNST_CONNECTING ) {
+ ber_socket_t sd = AC_SOCKET_ERROR;
+ struct timeval tv = { 0 };
+
+ ber_sockbuf_ctrl( lc->lconn_sb, LBER_SB_OPT_GET_FD, &sd );
+
+ /* poll ... */
+ switch ( ldap_int_poll( ld, sd, &tv ) ) {
+ case 0:
+ /* go on! */
+ lc->lconn_status = LDAP_CONNST_CONNECTED;
+ break;
+
+ case -2:
+ /* async only occurs if a network timeout is set */
+
+ /* honor network timeout */
+ if ( time( NULL ) - lc->lconn_created <= ld->ld_options.ldo_tm_net.tv_sec )
+ {
+ /* caller will have to call again */
+ ld->ld_errno = LDAP_X_CONNECTING;
+ }
+ /* fallthru */
+
+ default:
+ /* error */
+ break;
+ }
+ }
+
if ( lc == NULL || lc->lconn_status != LDAP_CONNST_CONNECTED ) {
- ber_free( ber, 1 );
if ( ld->ld_errno == LDAP_SUCCESS ) {
ld->ld_errno = LDAP_SERVER_DOWN;
}
+
+ ber_free( ber, 1 );
if ( incparent ) {
/* Forget about the bind */
--parentreq->lr_outrefcnt;
@@ -312,6 +344,7 @@ ldap_new_connection( LDAP *ld, LDAPURLDesc **srvlist, int use_ldsb,
int connect, LDAPreqinfo *bind )
{
LDAPConn *lc;
+ int async = 0;
Debug( LDAP_DEBUG_TRACE, "ldap_new_connection %d %d %d\n",
use_ldsb, connect, (bind != NULL) );
@@ -341,8 +374,10 @@ ldap_new_connection( LDAP *ld, LDAPURLDesc **srvlist, int use_ldsb,
if ( connect ) {
LDAPURLDesc **srvp, *srv = NULL;
+ async = LDAP_BOOL_GET( &ld->ld_options, LDAP_BOOL_CONNECT_ASYNC );
+
for ( srvp = srvlist; *srvp != NULL; srvp = &(*srvp)->lud_next ) {
- if ( ldap_int_open_connection( ld, lc, *srvp, 0 ) != -1 )
+ if ( ldap_int_open_connection( ld, lc, *srvp, async) != -1 )
{
srv = *srvp;
@@ -366,7 +401,7 @@ ldap_new_connection( LDAP *ld, LDAPURLDesc **srvlist, int use_ldsb,
lc->lconn_server = ldap_url_dup( srv );
}
- lc->lconn_status = LDAP_CONNST_CONNECTED;
+ lc->lconn_status = async ? LDAP_CONNST_CONNECTING : LDAP_CONNST_CONNECTED;
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_lock( &ld->ld_conn_mutex );
#endif
@@ -595,11 +630,6 @@ ldap_free_connection( LDAP *ld, LDAPConn *lc, int force, int unbind )
ldap_int_sasl_close( ld, lc );
ldap_free_urllist( lc->lconn_server );
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
- if ( lc->lconn_krbinstance != NULL ) {
- LDAP_FREE( lc->lconn_krbinstance );
- }
-#endif
/* FIXME: is this at all possible?
* ldap_ld_free() in unbind.c calls ldap_free_connection()
@@ -663,8 +693,9 @@ ldap_dump_connection( LDAP *ld, LDAPConn *lconns, int all )
}
Debug( LDAP_DEBUG_TRACE, " refcnt: %d status: %s\n", lc->lconn_refcnt,
( lc->lconn_status == LDAP_CONNST_NEEDSOCKET )
- ? "NeedSocket" : ( lc->lconn_status == LDAP_CONNST_CONNECTING )
- ? "Connecting" : "Connected", 0 );
+ ? "NeedSocket" :
+ ( lc->lconn_status == LDAP_CONNST_CONNECTING )
+ ? "Connecting" : "Connected", 0 );
Debug( LDAP_DEBUG_TRACE, " last used: %s%s\n",
ldap_pvt_ctime( &lc->lconn_lastused, timebuf ),
lc->lconn_rebind_inprogress ? " rebind in progress" : "", 0 );
@@ -716,7 +747,8 @@ ldap_dump_requests_and_responses( LDAP *ld )
Debug( LDAP_DEBUG_TRACE, " outstanding referrals %d, parent count %d\n",
lr->lr_outrefcnt, lr->lr_parentcnt, 0 );
}
- Debug( LDAP_DEBUG_TRACE, " ld %p request count %d\n", (void *)ld, i, 0 );
+ Debug( LDAP_DEBUG_TRACE, " ld %p request count %d (abandoned %lu)\n",
+ (void *)ld, i, ld->ld_nabandoned );
Debug( LDAP_DEBUG_TRACE, "** ld %p Response Queue:\n", (void *)ld, 0, 0 );
if ( ( lm = ld->ld_responses ) == NULL ) {
Debug( LDAP_DEBUG_TRACE, " Empty\n", 0, 0, 0 );
@@ -724,9 +756,9 @@ ldap_dump_requests_and_responses( LDAP *ld )
for ( i = 0; lm != NULL; lm = lm->lm_next, i++ ) {
Debug( LDAP_DEBUG_TRACE, " * msgid %d, type %lu\n",
lm->lm_msgid, (unsigned long)lm->lm_msgtype, 0 );
- if ( ( l = lm->lm_chain ) != NULL ) {
+ if ( lm->lm_chain != NULL ) {
Debug( LDAP_DEBUG_TRACE, " chained responses:\n", 0, 0, 0 );
- for ( ; l != NULL; l = l->lm_chain ) {
+ for ( l = lm->lm_chain; l != NULL; l = l->lm_chain ) {
Debug( LDAP_DEBUG_TRACE,
" * msgid %d, type %lu\n",
l->lm_msgid,
@@ -794,7 +826,6 @@ ldap_free_request_int( LDAP *ld, LDAPRequest *lr )
void
ldap_free_request( LDAP *ld, LDAPRequest *lr )
{
- LDAPRequest **ttmplr;
#ifdef LDAP_R_COMPILE
LDAP_PVT_THREAD_ASSERT_MUTEX_OWNER( &ld->ld_req_mutex );
#endif
@@ -803,16 +834,21 @@ ldap_free_request( LDAP *ld, LDAPRequest *lr )
lr->lr_origid, lr->lr_msgid, 0 );
/* free all referrals (child requests) */
- while ( lr->lr_child )
+ while ( lr->lr_child ) {
ldap_free_request( ld, lr->lr_child );
+ }
if ( lr->lr_parent != NULL ) {
+ LDAPRequest **lrp;
+
--lr->lr_parent->lr_outrefcnt;
- for ( ttmplr = &lr->lr_parent->lr_child;
- *ttmplr && *ttmplr != lr;
- ttmplr = &(*ttmplr)->lr_refnext );
- if ( *ttmplr == lr )
- *ttmplr = lr->lr_refnext;
+ for ( lrp = &lr->lr_parent->lr_child;
+ *lrp && *lrp != lr;
+ lrp = &(*lrp)->lr_refnext );
+
+ if ( *lrp == lr ) {
+ *lrp = lr->lr_refnext;
+ }
}
ldap_free_request_int( ld, lr );
}
@@ -1213,7 +1249,7 @@ ldap_chase_referrals( LDAP *ld,
}
}
if ( looped ) {
- ldap_free_urllist(srv);
+ ldap_free_urllist( srv );
ld->ld_errno = LDAP_CLIENT_LOOP;
rc = -1;
continue;
diff --git a/libraries/libldap/result.c b/libraries/libldap/result.c
index 1720b85df9b944401cb863b28968a18318f2b3d4..994c52bad79208bca9656baf7d50dc232473478c 100644
--- a/libraries/libldap/result.c
+++ b/libraries/libldap/result.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -37,20 +37,17 @@
* can be found in the file "build/LICENSE-2.0.1" in this distribution
* of OpenLDAP Software.
*/
-/* Portions Copyright (C) The Internet Society (2006)
- * ASN.1 fragments are from RFC 4511; see RFC for full legal notices.
- */
/*
* LDAPv3 (RFC 4511)
* LDAPResult ::= SEQUENCE {
* resultCode ENUMERATED { ... },
* matchedDN LDAPDN,
- * diagnosticMessage LDAPString,
+ * diagnosticMessage LDAPString,
* referral [3] Referral OPTIONAL
* }
* Referral ::= SEQUENCE OF LDAPURL (one or more)
- * LDAPURL ::= LDAPString (limited to URL chars)
+ * LDAPURL ::= LDAPString (limited to URL chars)
*/
#include "portable.h"
@@ -67,9 +64,10 @@
#include "ldap-int.h"
#include "ldap_log.h"
+#include "lutil.h"
-static int ldap_abandoned LDAP_P(( LDAP *ld, ber_int_t msgid ));
-static int ldap_mark_abandoned LDAP_P(( LDAP *ld, ber_int_t msgid ));
+static int ldap_abandoned LDAP_P(( LDAP *ld, ber_int_t msgid, int *idx ));
+static int ldap_mark_abandoned LDAP_P(( LDAP *ld, ber_int_t msgid, int idx ));
static int wait4msg LDAP_P(( LDAP *ld, ber_int_t msgid, int all, struct timeval *timeout,
LDAPMessage **result ));
static ber_tag_t try_read1msg LDAP_P(( LDAP *ld, ber_int_t msgid,
@@ -94,7 +92,8 @@ static LDAPMessage * chkResponseList LDAP_P(( LDAP *ld, int msgid, int all));
* search references, followed by an ldap result). An extension to
* LDAPv3 allows partial extended responses to be returned in response
* to any request. The type of the first message received is returned.
- * When waiting, any messages that have been abandoned are discarded.
+ * When waiting, any messages that have been abandoned/discarded are
+ * discarded.
*
* Example:
* ldap_result( s, msgid, all, timeout, result )
@@ -107,8 +106,8 @@ ldap_result(
struct timeval *timeout,
LDAPMessage **result )
{
- LDAPMessage *lm;
- int rc;
+ LDAPMessage *lm = NULL;
+ int rc;
assert( ld != NULL );
assert( result != NULL );
@@ -118,19 +117,26 @@ ldap_result(
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_lock( &ld->ld_res_mutex );
#endif
- lm = chkResponseList(ld, msgid, all);
+
+#if 0
+ /* this is already done inside wait4msg(), right?... */
+ lm = chkResponseList( ld, msgid, all );
+#endif
if ( lm == NULL ) {
rc = wait4msg( ld, msgid, all, timeout, result );
+
} else {
*result = lm;
ld->ld_errno = LDAP_SUCCESS;
rc = lm->lm_msgtype;
}
+
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_unlock( &ld->ld_res_mutex );
#endif
- return( rc );
+
+ return rc;
}
static LDAPMessage *
@@ -140,6 +146,7 @@ chkResponseList(
int all)
{
LDAPMessage *lm, **lastlm, *nextlm;
+ int cnt = 0;
/*
* Look through the list of responses we have received on
@@ -158,13 +165,29 @@ chkResponseList(
lastlm = &ld->ld_responses;
for ( lm = ld->ld_responses; lm != NULL; lm = nextlm ) {
+ int idx;
+
nextlm = lm->lm_next;
+ ++cnt;
+
+ if ( ldap_abandoned( ld, lm->lm_msgid, &idx ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "response list msg abandoned, "
+ "msgid %d message type %s\n",
+ lm->lm_msgid, ldap_int_msgtype2str( lm->lm_msgtype ), 0 );
+
+ switch ( lm->lm_msgtype ) {
+ case LDAP_RES_SEARCH_ENTRY:
+ case LDAP_RES_SEARCH_REFERENCE:
+ case LDAP_RES_INTERMEDIATE:
+ break;
- if ( ldap_abandoned( ld, lm->lm_msgid ) ) {
- Debug( LDAP_DEBUG_TRACE,
- "ldap_chkResponseList msg abandoned, msgid %d\n",
- msgid, 0, 0 );
- ldap_mark_abandoned( ld, lm->lm_msgid );
+ default:
+ /* there's no need to keep the id
+ * in the abandoned list any longer */
+ ldap_mark_abandoned( ld, lm->lm_msgid, idx );
+ break;
+ }
/* Remove this entry from list */
*lastlm = nextlm;
@@ -177,15 +200,18 @@ chkResponseList(
if ( msgid == LDAP_RES_ANY || lm->lm_msgid == msgid ) {
LDAPMessage *tmp;
- if ( all == LDAP_MSG_ONE || all == LDAP_MSG_RECEIVED ||
- msgid == LDAP_RES_UNSOLICITED ) {
+ if ( all == LDAP_MSG_ONE ||
+ all == LDAP_MSG_RECEIVED ||
+ msgid == LDAP_RES_UNSOLICITED )
+ {
break;
}
tmp = lm->lm_chain_tail;
- if ((tmp->lm_msgtype == LDAP_RES_SEARCH_ENTRY) ||
- (tmp->lm_msgtype == LDAP_RES_SEARCH_REFERENCE) ||
- (tmp->lm_msgtype == LDAP_RES_INTERMEDIATE)) {
+ if ( tmp->lm_msgtype == LDAP_RES_SEARCH_ENTRY ||
+ tmp->lm_msgtype == LDAP_RES_SEARCH_REFERENCE ||
+ tmp->lm_msgtype == LDAP_RES_INTERMEDIATE )
+ {
tmp = NULL;
}
@@ -198,31 +224,32 @@ chkResponseList(
lastlm = &lm->lm_next;
}
- if ( lm != NULL ) {
+ if ( lm != NULL ) {
/* Found an entry, remove it from the list */
- if ( all == LDAP_MSG_ONE && lm->lm_chain != NULL ) {
+ if ( all == LDAP_MSG_ONE && lm->lm_chain != NULL ) {
*lastlm = lm->lm_chain;
lm->lm_chain->lm_next = lm->lm_next;
lm->lm_chain->lm_chain_tail = ( lm->lm_chain_tail != lm ) ? lm->lm_chain_tail : lm->lm_chain;
lm->lm_chain = NULL;
lm->lm_chain_tail = NULL;
- } else {
+ } else {
*lastlm = lm->lm_next;
}
- lm->lm_next = NULL;
- }
+ lm->lm_next = NULL;
+ }
#ifdef LDAP_DEBUG
- if( lm == NULL) {
+ if ( lm == NULL) {
Debug( LDAP_DEBUG_TRACE,
"ldap_chkResponseList returns ld %p NULL\n", (void *)ld, 0, 0);
} else {
Debug( LDAP_DEBUG_TRACE,
"ldap_chkResponseList returns ld %p msgid %d, type 0x%02lu\n",
- (void *)ld, lm->lm_msgid, (unsigned long) lm->lm_msgtype);
+ (void *)ld, lm->lm_msgid, (unsigned long)lm->lm_msgtype );
}
#endif
- return lm;
+
+ return lm;
}
static int
@@ -248,6 +275,11 @@ wait4msg(
LDAP_PVT_THREAD_ASSERT_MUTEX_OWNER( &ld->ld_res_mutex );
#endif
+ if ( timeout == NULL && ld->ld_options.ldo_tm_api.tv_sec >= 0 ) {
+ tv = ld->ld_options.ldo_tm_api;
+ timeout = &tv;
+ }
+
#ifdef LDAP_DEBUG
if ( timeout == NULL ) {
Debug( LDAP_DEBUG_TRACE, "wait4msg ld %p msgid %d (infinite timeout)\n",
@@ -299,7 +331,7 @@ wait4msg(
#endif
for ( lc = ld->ld_conns; lc != NULL; lc = lc->lconn_next ) {
if ( ber_sockbuf_ctrl( lc->lconn_sb,
- LBER_SB_OPT_DATA_READY, NULL ) )
+ LBER_SB_OPT_DATA_READY, NULL ) )
{
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_unlock( &ld->ld_conn_mutex );
@@ -421,10 +453,11 @@ try_read1msg(
BerElement *ber;
LDAPMessage *newmsg, *l, *prev;
ber_int_t id;
+ int idx;
ber_tag_t tag;
ber_len_t len;
int foundit = 0;
- LDAPRequest *lr, *tmplr;
+ LDAPRequest *lr, *tmplr, dummy_lr = { 0 };
LDAPConn *lc;
BerElement tmpber;
int rc, refer_cnt, hadref, simple_request;
@@ -435,16 +468,6 @@ try_read1msg(
int moremsgs = 0, isv2 = 0;
#endif
- /*
- * v3ref = flag for V3 referral / search reference
- * 0 = not a ref, 1 = sucessfully chased ref, -1 = pass ref to application
- */
- enum {
- V3REF_NOREF = 0,
- V3REF_SUCCESS = 1,
- V3REF_TOAPP = -1
- } v3ref;
-
assert( ld != NULL );
assert( lcp != NULL );
assert( *lcp != NULL );
@@ -462,7 +485,7 @@ retry:
if ( lc->lconn_ber == NULL ) {
lc->lconn_ber = ldap_alloc_ber_with_options( ld );
- if( lc->lconn_ber == NULL ) {
+ if ( lc->lconn_ber == NULL ) {
return -1;
}
}
@@ -476,7 +499,7 @@ retry:
if ( LDAP_IS_UDP(ld) ) {
struct sockaddr from;
ber_int_sb_read( lc->lconn_sb, &from, sizeof(struct sockaddr) );
- if (ld->ld_options.ldo_version == LDAP_VERSION2) isv2 = 1;
+ if ( ld->ld_options.ldo_version == LDAP_VERSION2 ) isv2 = 1;
}
nextresp3:
#endif
@@ -516,33 +539,72 @@ nextresp3:
return( -1 );
}
+ /* id == 0 iff unsolicited notification message (RFC 4511) */
+
/* if it's been abandoned, toss it */
- if ( ldap_abandoned( ld, id ) ) {
- Debug( LDAP_DEBUG_ANY, "abandoned ld %p msgid %ld\n",
- (void *)ld, (long) id, 0);
+ if ( id > 0 ) {
+ if ( ldap_abandoned( ld, id, &idx ) ) {
+ /* the message type */
+ tag = ber_peek_tag( ber, &len );
+ switch ( tag ) {
+ case LDAP_RES_SEARCH_ENTRY:
+ case LDAP_RES_SEARCH_REFERENCE:
+ case LDAP_RES_INTERMEDIATE:
+ case LBER_ERROR:
+ break;
+
+ default:
+ /* there's no need to keep the id
+ * in the abandoned list any longer */
+ ldap_mark_abandoned( ld, id, idx );
+ break;
+ }
+
+ Debug( LDAP_DEBUG_ANY,
+ "abandoned/discarded ld %p msgid %ld message type %s\n",
+ (void *)ld, (long)id, ldap_int_msgtype2str( tag ) );
+
retry_ber:
- ber_free( ber, 1 );
- if ( ber_sockbuf_ctrl( lc->lconn_sb, LBER_SB_OPT_DATA_READY, NULL ) ) {
- goto retry;
+ ber_free( ber, 1 );
+ if ( ber_sockbuf_ctrl( lc->lconn_sb, LBER_SB_OPT_DATA_READY, NULL ) ) {
+ goto retry;
+ }
+ return( LDAP_MSG_X_KEEP_LOOKING ); /* continue looking */
+ }
+
+ lr = ldap_find_request_by_msgid( ld, id );
+ if ( lr == NULL ) {
+ const char *msg = "unknown";
+
+ /* the message type */
+ tag = ber_peek_tag( ber, &len );
+ switch ( tag ) {
+ case LBER_ERROR:
+ break;
+
+ default:
+ msg = ldap_int_msgtype2str( tag );
+ break;
+ }
+
+ Debug( LDAP_DEBUG_ANY,
+ "no request for response on ld %p msgid %ld message type %s (tossing)\n",
+ (void *)ld, (long)id, msg );
+
+ goto retry_ber;
}
- return( LDAP_MSG_X_KEEP_LOOKING ); /* continue looking */
- }
- lr = ldap_find_request_by_msgid( ld, id );
- if ( lr == NULL ) {
- Debug( LDAP_DEBUG_ANY,
- "no request for response on ld %p msgid %ld (tossing)\n",
- (void *)ld, (long)id, 0 );
- goto retry_ber;
- }
#ifdef LDAP_CONNECTIONLESS
- if (LDAP_IS_UDP(ld) && isv2) {
- ber_scanf(ber, "x{");
- }
+ if ( LDAP_IS_UDP(ld) && isv2 ) {
+ ber_scanf(ber, "x{");
+ }
nextresp2:
#endif
+ }
+
/* the message type */
- if ( (tag = ber_peek_tag( ber, &len )) == LBER_ERROR ) {
+ tag = ber_peek_tag( ber, &len );
+ if ( tag == LBER_ERROR ) {
ld->ld_errno = LDAP_DECODING_ERROR;
ber_free( ber, 1 );
return( -1 );
@@ -550,7 +612,45 @@ nextresp2:
Debug( LDAP_DEBUG_TRACE,
"read1msg: ld %p msgid %ld message type %s\n",
- (void *)ld, (long) lr->lr_msgid, ldap_int_msgtype2str( tag ));
+ (void *)ld, (long)lr->lr_msgid, ldap_int_msgtype2str( tag ) );
+
+ if ( id == 0 ) {
+ /* unsolicited notification message (RFC 4511) */
+ if ( tag != LDAP_RES_EXTENDED ) {
+ /* toss it */
+ goto retry_ber;
+
+ /* strictly speaking, it's an error; from RFC 4511:
+
+4.4. Unsolicited Notification
+
+ An unsolicited notification is an LDAPMessage sent from the server to
+ the client that is not in response to any LDAPMessage received by the
+ server. It is used to signal an extraordinary condition in the
+ server or in the LDAP session between the client and the server. The
+ notification is of an advisory nature, and the server will not expect
+ any response to be returned from the client.
+
+ The unsolicited notification is structured as an LDAPMessage in which
+ the messageID is zero and protocolOp is set to the extendedResp
+ choice using the ExtendedResponse type (See Section 4.12). The
+ responseName field of the ExtendedResponse always contains an LDAPOID
+ that is unique for this notification.
+
+ * however, since unsolicited responses
+ * are of advisory nature, better
+ * toss it, right now
+ */
+
+#if 0
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ ber_free( ber, 1 );
+ return( -1 );
+#endif
+ }
+
+ lr = &dummy_lr;
+ }
id = lr->lr_origid;
refer_cnt = 0;
@@ -559,22 +659,17 @@ nextresp2:
lr->lr_res_msgtype = tag;
/*
- * This code figures out if we are going to chase a
- * referral / search reference, or pass it back to the application
+ * Check for V3 search reference
*/
- v3ref = V3REF_NOREF; /* Assume not a V3 search reference/referral */
- if( (tag != LDAP_RES_SEARCH_ENTRY) && (ld->ld_version > LDAP_VERSION2) ) {
- BerElement tmpber = *ber; /* struct copy */
- char **refs = NULL;
-
- if( tag == LDAP_RES_SEARCH_REFERENCE ) {
+ if ( tag == LDAP_RES_SEARCH_REFERENCE ) {
+ if ( ld->ld_version > LDAP_VERSION2 ) {
/* This is a V3 search reference */
- /* Assume we do not chase the reference,
- * but pass it to application */
- v3ref = V3REF_TOAPP;
- if( LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_REFERRALS) ||
- (lr->lr_parent != NULL) )
+ if ( LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_REFERRALS) ||
+ lr->lr_parent != NULL )
{
+ char **refs = NULL;
+ tmpber = *ber;
+
/* Get the referral list */
if ( ber_scanf( &tmpber, "{v}", &refs ) == LBER_ERROR ) {
rc = LDAP_DECODING_ERROR;
@@ -582,9 +677,9 @@ nextresp2:
} else {
/* Note: refs array is freed by ldap_chase_v3referrals */
refer_cnt = ldap_chase_v3referrals( ld, lr, refs,
- 1, &lr->lr_res_error, &hadref );
+ 1, &lr->lr_res_error, &hadref );
if ( refer_cnt > 0 ) {
- /* sucessfully chased reference */
+ /* successfully chased reference */
/* If haven't got end search, set chasing referrals */
if ( lr->lr_status != LDAP_REQST_COMPLETED ) {
lr->lr_status = LDAP_REQST_CHASINGREFS;
@@ -592,172 +687,121 @@ nextresp2:
"read1msg: search ref chased, "
"mark request chasing refs, "
"id = %d\n",
- lr->lr_msgid, 0, 0);
+ lr->lr_msgid, 0, 0 );
}
-
- /* We sucessfully chased the reference */
- v3ref = V3REF_SUCCESS;
}
}
}
+ }
- } else {
- /* Check for V3 referral */
- ber_len_t len;
- char *lr_res_error = NULL;
+ } else if ( tag != LDAP_RES_SEARCH_ENTRY && tag != LDAP_RES_INTERMEDIATE ) {
+ /* All results that just return a status, i.e. don't return data
+ * go through the following code. This code also chases V2 referrals
+ * and checks if all referrals have been chased.
+ */
+ char *lr_res_error = NULL;
- if ( ber_scanf( &tmpber, "{eAA",/*}*/ &lderr,
- &lr->lr_res_matched, &lr_res_error )
- != LBER_ERROR )
- {
- if ( lr_res_error != NULL ) {
- if ( lr->lr_res_error != NULL ) {
- (void)ldap_append_referral( ld, &lr->lr_res_error, lr_res_error );
- LDAP_FREE( (char *)lr_res_error );
+ tmpber = *ber; /* struct copy */
+ if ( ber_scanf( &tmpber, "{eAA", &lderr,
+ &lr->lr_res_matched, &lr_res_error )
+ != LBER_ERROR )
+ {
+ if ( lr_res_error != NULL ) {
+ if ( lr->lr_res_error != NULL ) {
+ (void)ldap_append_referral( ld, &lr->lr_res_error, lr_res_error );
+ LDAP_FREE( (char *)lr_res_error );
- } else {
- lr->lr_res_error = lr_res_error;
- }
- lr_res_error = NULL;
+ } else {
+ lr->lr_res_error = lr_res_error;
}
+ lr_res_error = NULL;
+ }
+
+ /* Do we need to check for referrals? */
+ if ( LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_REFERRALS) ||
+ lr->lr_parent != NULL )
+ {
+ char **refs = NULL;
+ ber_len_t len;
/* Check if V3 referral */
if ( ber_peek_tag( &tmpber, &len ) == LDAP_TAG_REFERRAL ) {
- /* We have a V3 referral, assume we cannot chase it */
- v3ref = V3REF_TOAPP;
- if( LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_REFERRALS)
- || (lr->lr_parent != NULL) )
- {
- /* Assume referral not chased and return it to app */
- v3ref = V3REF_TOAPP;
-
+ if ( ld->ld_version > LDAP_VERSION2 ) {
/* Get the referral list */
- if( ber_scanf( &tmpber, "{v}", &refs) == LBER_ERROR) {
+ if ( ber_scanf( &tmpber, "{v}", &refs) == LBER_ERROR) {
rc = LDAP_DECODING_ERROR;
lr->lr_status = LDAP_REQST_COMPLETED;
Debug( LDAP_DEBUG_TRACE,
- "read1msg: referral decode error, mark request completed, ld %p msgid %d\n",
- (void *)ld, lr->lr_msgid, 0);
+ "read1msg: referral decode error, "
+ "mark request completed, ld %p msgid %d\n",
+ (void *)ld, lr->lr_msgid, 0 );
} else {
/* Chase the referral
- * Note: refs arrary is freed by ldap_chase_v3referrals
+ * refs array is freed by ldap_chase_v3referrals
*/
refer_cnt = ldap_chase_v3referrals( ld, lr, refs,
0, &lr->lr_res_error, &hadref );
lr->lr_status = LDAP_REQST_COMPLETED;
Debug( LDAP_DEBUG_TRACE,
- "read1msg: referral chased, mark request completed, ld %p msgid %d\n",
- (void *)ld, lr->lr_msgid, 0);
- if( refer_cnt > 0) {
- /* Referral successfully chased */
- v3ref = V3REF_SUCCESS;
+ "read1msg: referral %s chased, "
+ "mark request completed, ld %p msgid %d\n",
+ refer_cnt > 0 ? "" : "not",
+ (void *)ld, lr->lr_msgid);
+ if ( refer_cnt < 0 ) {
+ refer_cnt = 0;
}
}
}
- }
-
- if( lr->lr_res_matched != NULL ) {
- LDAP_FREE( lr->lr_res_matched );
- lr->lr_res_matched = NULL;
- }
-
- if( lr->lr_res_error != NULL ) {
- LDAP_FREE( lr->lr_res_error );
- lr->lr_res_error = NULL;
- }
- }
- }
- }
-
- /* All results that just return a status, i.e. don't return data
- * go through the following code. This code also chases V2 referrals
- * and checks if all referrals have been chased.
- */
- if ( (tag != LDAP_RES_SEARCH_ENTRY) && (v3ref != V3REF_TOAPP) &&
- (tag != LDAP_RES_INTERMEDIATE ))
- {
- /* For a v3 search referral/reference, only come here if already chased it */
- if ( ld->ld_version >= LDAP_VERSION2 &&
- ( lr->lr_parent != NULL ||
- LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_REFERRALS) ) )
- {
- char *lr_res_error = NULL;
-
- tmpber = *ber; /* struct copy */
- if ( v3ref == V3REF_SUCCESS ) {
- /* V3 search reference or V3 referral
- * sucessfully chased. If this message
- * is a search result, then it has no more
- * outstanding referrals.
- */
- if ( tag == LDAP_RES_SEARCH_RESULT )
- refer_cnt = 0;
+ } else {
+ switch ( lderr ) {
+ case LDAP_SUCCESS:
+ case LDAP_COMPARE_TRUE:
+ case LDAP_COMPARE_FALSE:
+ break;
- } else if ( ber_scanf( &tmpber, "{eAA}", &lderr,
- &lr->lr_res_matched, &lr_res_error )
- != LBER_ERROR )
- {
- if ( lr_res_error != NULL ) {
- if ( lr->lr_res_error != NULL ) {
- (void)ldap_append_referral( ld, &lr->lr_res_error, lr_res_error );
- LDAP_FREE( (char *)lr_res_error );
- } else {
- lr->lr_res_error = lr_res_error;
- }
- lr_res_error = NULL;
- }
+ default:
+ if ( lr->lr_res_error == NULL ) {
+ break;
+ }
- switch ( lderr ) {
- case LDAP_SUCCESS:
- case LDAP_COMPARE_TRUE:
- case LDAP_COMPARE_FALSE:
- break;
+ /* pedantic, should never happen */
+ if ( lr->lr_res_error[ 0 ] == '\0' ) {
+ LDAP_FREE( lr->lr_res_error );
+ lr->lr_res_error = NULL;
+ break;
+ }
- default:
- if ( lr->lr_res_error == NULL
- || lr->lr_res_error[ 0 ] == '\0' )
- {
+ /* V2 referrals are in error string */
+ refer_cnt = ldap_chase_referrals( ld, lr,
+ &lr->lr_res_error, -1, &hadref );
+ lr->lr_status = LDAP_REQST_COMPLETED;
+ Debug( LDAP_DEBUG_TRACE,
+ "read1msg: V2 referral chased, "
+ "mark request completed, id = %d\n",
+ lr->lr_msgid, 0, 0 );
break;
}
-
- /* referrals are in error string */
- refer_cnt = ldap_chase_referrals( ld, lr,
- &lr->lr_res_error, -1, &hadref );
- lr->lr_status = LDAP_REQST_COMPLETED;
- Debug( LDAP_DEBUG_TRACE,
- "read1msg: V2 referral chased, "
- "mark request completed, id = %d\n",
- lr->lr_msgid, 0, 0 );
- break;
}
+ }
- /* save errno, message, and matched string */
- if ( !hadref || lr->lr_res_error == NULL ) {
- lr->lr_res_errno = ( lderr ==
- LDAP_PARTIAL_RESULTS ) ? LDAP_SUCCESS
- : lderr;
+ /* save errno, message, and matched string */
+ if ( !hadref || lr->lr_res_error == NULL ) {
+ lr->lr_res_errno =
+ lderr == LDAP_PARTIAL_RESULTS
+ ? LDAP_SUCCESS : lderr;
- } else if ( ld->ld_errno != LDAP_SUCCESS ) {
- lr->lr_res_errno = ld->ld_errno;
+ } else if ( ld->ld_errno != LDAP_SUCCESS ) {
+ lr->lr_res_errno = ld->ld_errno;
- } else {
- lr->lr_res_errno = LDAP_PARTIAL_RESULTS;
- }
-
- Debug( LDAP_DEBUG_TRACE, "new result: "
- "res_errno: %d, "
- "res_error: <%s>, "
- "res_matched: <%s>\n",
- lr->lr_res_errno,
- lr->lr_res_error ? lr->lr_res_error : "",
- lr->lr_res_matched ? lr->lr_res_matched : "" );
+ } else {
+ lr->lr_res_errno = LDAP_PARTIAL_RESULTS;
}
+ }
- /* in any case, don't leave any lr_res_error 'round */
- if ( lr_res_error ) {
- LDAP_FREE( lr_res_error );
- }
+ /* in any case, don't leave any lr_res_error 'round */
+ if ( lr_res_error ) {
+ LDAP_FREE( lr_res_error );
}
Debug( LDAP_DEBUG_TRACE,
@@ -809,17 +853,20 @@ nextresp2:
}
/* This is the parent request if the request has referrals */
- if ( lr->lr_outrefcnt <= 0 && lr->lr_parent == NULL &&
+ if ( lr->lr_outrefcnt <= 0 &&
+ lr->lr_parent == NULL &&
tmplr == NULL )
{
id = lr->lr_msgid;
tag = lr->lr_res_msgtype;
Debug( LDAP_DEBUG_ANY, "request done: ld %p msgid %ld\n",
(void *)ld, (long) id, 0 );
-Debug( LDAP_DEBUG_TRACE,
-"res_errno: %d, res_error: <%s>, res_matched: <%s>\n",
-lr->lr_res_errno, lr->lr_res_error ? lr->lr_res_error : "",
-lr->lr_res_matched ? lr->lr_res_matched : "" );
+ Debug( LDAP_DEBUG_TRACE,
+ "res_errno: %d, res_error: <%s>, "
+ "res_matched: <%s>\n",
+ lr->lr_res_errno,
+ lr->lr_res_error ? lr->lr_res_error : "",
+ lr->lr_res_matched ? lr->lr_res_matched : "" );
if ( !simple_request ) {
ber_free( ber, 1 );
ber = NULL;
@@ -830,11 +877,17 @@ lr->lr_res_matched ? lr->lr_res_matched : "" );
}
}
- ldap_return_request( ld, lr, 1 );
+ if ( lr != &dummy_lr ) {
+ ldap_return_request( ld, lr, 1 );
+ }
lr = NULL;
}
- if ( lc != NULL ) {
+ /*
+ * RF 4511 unsolicited (id == 0) responses
+ * shouldn't necessarily end the connection
+ */
+ if ( lc != NULL && id != 0 ) {
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
#endif
@@ -848,7 +901,9 @@ lr->lr_res_matched ? lr->lr_res_matched : "" );
}
if ( lr != NULL ) {
- ldap_return_request( ld, lr, 0 );
+ if ( lr != &dummy_lr ) {
+ ldap_return_request( ld, lr, 0 );
+ }
lr = NULL;
}
@@ -856,6 +911,72 @@ lr->lr_res_matched ? lr->lr_res_matched : "" );
return( rc );
}
+ /* try to handle unsolicited responses as appropriate */
+ if ( id == 0 && msgid > LDAP_RES_UNSOLICITED ) {
+ int is_nod = 0;
+
+ tag = ber_peek_tag( &tmpber, &len );
+
+ /* we have a res oid */
+ if ( tag == LDAP_TAG_EXOP_RES_OID ) {
+ static struct berval bv_nod = BER_BVC( LDAP_NOTICE_OF_DISCONNECTION );
+ struct berval resoid = BER_BVNULL;
+
+ if ( ber_scanf( &tmpber, "m", &resoid ) == LBER_ERROR ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ ber_free( ber, 1 );
+ return -1;
+ }
+
+ assert( !BER_BVISEMPTY( &resoid ) );
+
+ is_nod = ber_bvcmp( &resoid, &bv_nod ) == 0;
+
+ tag = ber_peek_tag( &tmpber, &len );
+ }
+
+#if 0 /* don't need right now */
+ /* we have res data */
+ if ( tag == LDAP_TAG_EXOP_RES_VALUE ) {
+ struct berval resdata;
+
+ if ( ber_scanf( &tmpber, "m", &resdata ) == LBER_ERROR ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ ber_free( ber, 0 );
+ return ld->ld_errno;
+ }
+
+ /* use it... */
+ }
+#endif
+
+ /* handle RFC 4511 "Notice of Disconnection" locally */
+
+ if ( is_nod ) {
+ if ( tag == LDAP_TAG_EXOP_RES_VALUE ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ ber_free( ber, 1 );
+ return -1;
+ }
+
+ /* get rid of the connection... */
+ if ( lc != NULL ) {
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
+#endif
+ ldap_free_connection( ld, lc, 0, 1 );
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
+#endif
+ lc = *lcp = NULL;
+ }
+
+ /* need to return -1, because otherwise
+ * a valid result is expected */
+ return -1;
+ }
+ }
+
/* make a new ldap message */
newmsg = (LDAPMessage *) LDAP_CALLOC( 1, sizeof(LDAPMessage) );
if ( newmsg == NULL ) {
@@ -889,18 +1010,18 @@ lr->lr_res_matched ? lr->lr_res_matched : "" );
*/
ber = ber_dup( ber );
ber_scanf( ber, "x" );
- if (ber_peek_tag(ber, &len) != LBER_DEFAULT) {
+ if ( ber_peek_tag( ber, &len ) != LBER_DEFAULT ) {
/* There's more - dup the ber buffer so they can all be
* individually freed by ldap_msgfree.
*/
struct berval bv;
- ber_get_option(ber, LBER_OPT_BER_REMAINING_BYTES, &len);
- bv.bv_val = LDAP_MALLOC(len);
- if (bv.bv_val) {
- ok=1;
- ber_read(ber, bv.bv_val, len);
+ ber_get_option( ber, LBER_OPT_BER_REMAINING_BYTES, &len );
+ bv.bv_val = LDAP_MALLOC( len );
+ if ( bv.bv_val ) {
+ ok = 1;
+ ber_read( ber, bv.bv_val, len );
bv.bv_len = len;
- ber_init2(ber, &bv, ld->ld_lberoptions );
+ ber_init2( ber, &bv, ld->ld_lberoptions );
}
}
} else {
@@ -922,16 +1043,20 @@ lr->lr_res_matched ? lr->lr_res_matched : "" );
chain_head->lm_chain_tail = newmsg;
tmp = newmsg;
/* "ok" means there's more to parse */
- if (ok) {
- if (isv2) goto nextresp2;
- else goto nextresp3;
+ if ( ok ) {
+ if ( isv2 ) {
+ goto nextresp2;
+
+ } else {
+ goto nextresp3;
+ }
} else {
/* got to end of datagram without a SearchResult. Free
* our dup'd ber, but leave any buffer alone. For v2 case,
* the previous response is still using this buffer. For v3,
* the new ber has no buffer to free yet.
*/
- ber_free(ber, 0);
+ ber_free( ber, 0 );
return -1;
}
} else if ( moremsgs ) {
@@ -951,12 +1076,14 @@ lr->lr_res_matched ? lr->lr_res_matched : "" );
/* is this the one we're looking for? */
if ( msgid == LDAP_RES_ANY || id == msgid ) {
if ( all == LDAP_MSG_ONE
- || (newmsg->lm_msgtype != LDAP_RES_SEARCH_RESULT
- && newmsg->lm_msgtype != LDAP_RES_SEARCH_ENTRY
- && newmsg->lm_msgtype != LDAP_RES_SEARCH_REFERENCE) ) {
+ || ( newmsg->lm_msgtype != LDAP_RES_SEARCH_RESULT
+ && newmsg->lm_msgtype != LDAP_RES_SEARCH_ENTRY
+ && newmsg->lm_msgtype != LDAP_RES_SEARCH_REFERENCE ) )
+ {
*result = newmsg;
ld->ld_errno = LDAP_SUCCESS;
return( tag );
+
} else if ( newmsg->lm_msgtype == LDAP_RES_SEARCH_RESULT) {
foundit = 1; /* return the chain later */
}
@@ -970,8 +1097,9 @@ lr->lr_res_matched ? lr->lr_res_matched : "" );
prev = NULL;
for ( l = ld->ld_responses; l != NULL; l = l->lm_next ) {
- if ( l->lm_msgid == newmsg->lm_msgid )
+ if ( l->lm_msgid == newmsg->lm_msgid ) {
break;
+ }
prev = l;
}
@@ -996,10 +1124,11 @@ lr->lr_res_matched ? lr->lr_res_matched : "" );
/* return the whole chain if that's what we were looking for */
if ( foundit ) {
- if ( prev == NULL )
+ if ( prev == NULL ) {
ld->ld_responses = l->lm_next;
- else
+ } else {
prev->lm_next = l->lm_next;
+ }
*result = l;
}
@@ -1037,7 +1166,7 @@ build_result_ber( LDAP *ld, BerElement **bp, LDAPRequest *lr )
lr->lr_res_error ? lr->lr_res_error : "" ) == -1 )
{
ld->ld_errno = LDAP_ENCODING_ERROR;
- ber_free(ber, 1);
+ ber_free( ber, 1 );
return( LBER_ERROR );
}
@@ -1045,13 +1174,13 @@ build_result_ber( LDAP *ld, BerElement **bp, LDAPRequest *lr )
if ( ber_skip_tag( ber, &len ) == LBER_ERROR ) {
ld->ld_errno = LDAP_DECODING_ERROR;
- ber_free(ber, 1);
+ ber_free( ber, 1 );
return( LBER_ERROR );
}
if ( ber_get_enum( ber, &along ) == LBER_ERROR ) {
ld->ld_errno = LDAP_DECODING_ERROR;
- ber_free(ber, 1);
+ ber_free( ber, 1 );
return( LBER_ERROR );
}
@@ -1059,7 +1188,7 @@ build_result_ber( LDAP *ld, BerElement **bp, LDAPRequest *lr )
if ( tag == LBER_ERROR ) {
ld->ld_errno = LDAP_DECODING_ERROR;
- ber_free(ber, 1);
+ ber_free( ber, 1 );
return( LBER_ERROR );
}
@@ -1068,18 +1197,19 @@ build_result_ber( LDAP *ld, BerElement **bp, LDAPRequest *lr )
}
-static void
-merge_error_info( LDAP *ld, LDAPRequest *parentr, LDAPRequest *lr )
-{
/*
* Merge error information in "lr" with "parentr" error code and string.
*/
+static void
+merge_error_info( LDAP *ld, LDAPRequest *parentr, LDAPRequest *lr )
+{
if ( lr->lr_res_errno == LDAP_PARTIAL_RESULTS ) {
parentr->lr_res_errno = lr->lr_res_errno;
if ( lr->lr_res_error != NULL ) {
(void)ldap_append_referral( ld, &parentr->lr_res_error,
- lr->lr_res_error );
+ lr->lr_res_error );
}
+
} else if ( lr->lr_res_errno != LDAP_SUCCESS &&
parentr->lr_res_errno == LDAP_SUCCESS )
{
@@ -1099,11 +1229,11 @@ merge_error_info( LDAP *ld, LDAPRequest *parentr, LDAPRequest *lr )
}
Debug( LDAP_DEBUG_TRACE, "merged parent (id %d) error info: ",
- parentr->lr_msgid, 0, 0 );
+ parentr->lr_msgid, 0, 0 );
Debug( LDAP_DEBUG_TRACE, "result errno %d, error <%s>, matched <%s>\n",
- parentr->lr_res_errno, parentr->lr_res_error ?
- parentr->lr_res_error : "", parentr->lr_res_matched ?
- parentr->lr_res_matched : "" );
+ parentr->lr_res_errno,
+ parentr->lr_res_error ? parentr->lr_res_error : "",
+ parentr->lr_res_matched ? parentr->lr_res_matched : "" );
}
@@ -1125,7 +1255,8 @@ ldap_msgid( LDAPMessage *lm )
}
-char * ldap_int_msgtype2str( ber_tag_t tag )
+const char *
+ldap_int_msgtype2str( ber_tag_t tag )
{
switch( tag ) {
case LDAP_RES_ADD: return "add";
@@ -1158,7 +1289,7 @@ ldap_msgfree( LDAPMessage *lm )
LDAP_FREE( (char *) lm );
}
- return( type );
+ return type;
}
/*
@@ -1170,94 +1301,93 @@ int
ldap_msgdelete( LDAP *ld, int msgid )
{
LDAPMessage *lm, *prev;
- int rc = 0;
+ int rc = 0;
assert( ld != NULL );
- Debug( LDAP_DEBUG_TRACE, "ldap_msgdelete\n", 0, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, "ldap_msgdelete ld=%p msgid=%d\n",
+ (void *)ld, msgid, 0 );
- prev = NULL;
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_lock( &ld->ld_res_mutex );
#endif
+ prev = NULL;
for ( lm = ld->ld_responses; lm != NULL; lm = lm->lm_next ) {
- if ( lm->lm_msgid == msgid )
+ if ( lm->lm_msgid == msgid ) {
break;
+ }
prev = lm;
}
if ( lm == NULL ) {
rc = -1;
+
} else {
- if ( prev == NULL )
+ if ( prev == NULL ) {
ld->ld_responses = lm->lm_next;
- else
+ } else {
prev->lm_next = lm->lm_next;
+ }
}
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_unlock( &ld->ld_res_mutex );
#endif
- if ( lm && ldap_msgfree( lm ) == LDAP_RES_SEARCH_ENTRY )
- rc = -1;
+ if ( lm ) {
+ switch ( ldap_msgfree( lm ) ) {
+ case LDAP_RES_SEARCH_ENTRY:
+ case LDAP_RES_SEARCH_REFERENCE:
+ case LDAP_RES_INTERMEDIATE:
+ rc = -1;
+ break;
- return( rc );
+ default:
+ break;
+ }
+ }
+
+ return rc;
}
/*
* ldap_abandoned
*
- * return 1 if message msgid is waiting to be abandoned, 0 otherwise
+ * return the location of the message id in the array of abandoned
+ * message ids, or -1
*
* expects ld_res_mutex to be locked
*/
static int
-ldap_abandoned( LDAP *ld, ber_int_t msgid )
+ldap_abandoned( LDAP *ld, ber_int_t msgid, int *idxp )
{
- int i;
-
#ifdef LDAP_R_COMPILE
LDAP_PVT_THREAD_ASSERT_MUTEX_OWNER( &ld->ld_res_mutex );
#endif
- if ( ld->ld_abandoned == NULL )
- return( 0 );
-
- for ( i = 0; ld->ld_abandoned[i] != -1; i++ )
- if ( ld->ld_abandoned[i] == msgid )
- return( 1 );
+ assert( idxp != NULL );
+ assert( msgid >= 0 );
+ assert( ld->ld_nabandoned >= 0 );
- return( 0 );
+ return ldap_int_bisect_find( ld->ld_abandoned, ld->ld_nabandoned, msgid, idxp );
}
-
/*
* ldap_mark_abandoned
*
* expects ld_res_mutex to be locked
*/
static int
-ldap_mark_abandoned( LDAP *ld, ber_int_t msgid )
+ldap_mark_abandoned( LDAP *ld, ber_int_t msgid, int idx )
{
- int i;
-
#ifdef LDAP_R_COMPILE
LDAP_PVT_THREAD_ASSERT_MUTEX_OWNER( &ld->ld_res_mutex );
#endif
- if ( ld->ld_abandoned == NULL )
- return( -1 );
-
- for ( i = 0; ld->ld_abandoned[i] != -1; i++ )
- if ( ld->ld_abandoned[i] == msgid )
- break;
-
- if ( ld->ld_abandoned[i] == -1 )
- return( -1 );
-
- for ( ; ld->ld_abandoned[i] != -1; i++ ) {
- ld->ld_abandoned[i] = ld->ld_abandoned[i + 1];
- }
+ /* NOTE: those assertions are repeated in ldap_int_bisect_delete() */
+ assert( idx >= 0 );
+ assert( idx < ld->ld_nabandoned );
+ assert( ld->ld_abandoned[ idx ] == msgid );
- return( 0 );
+ return ldap_int_bisect_delete( &ld->ld_abandoned, &ld->ld_nabandoned,
+ msgid, idx );
}
diff --git a/libraries/libldap/sasl.c b/libraries/libldap/sasl.c
index 0624394c3f859c05037a065de7f738aabe6478a9..0b02065c351ca20ab5ba957ea184efb17123744d 100644
--- a/libraries/libldap/sasl.c
+++ b/libraries/libldap/sasl.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -12,9 +12,6 @@
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
-/* Portions Copyright (C) The Internet Society (1997)
- * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
- */
/*
* BindRequest ::= SEQUENCE {
@@ -22,10 +19,8 @@
* name DistinguishedName, -- who
* authentication CHOICE {
* simple [0] OCTET STRING -- passwd
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
- * krbv42ldap [1] OCTET STRING
- * krbv42dsa [2] OCTET STRING
-#endif
+ * krbv42ldap [1] OCTET STRING -- OBSOLETE
+ * krbv42dsa [2] OCTET STRING -- OBSOLETE
* sasl [3] SaslCredentials -- LDAPv3
* }
* }
@@ -196,7 +191,7 @@ ldap_sasl_bind_s(
}
#endif
- if ( ldap_result( ld, msgid, LDAP_MSG_ALL, NULL, &result ) == -1 ) {
+ if ( ldap_result( ld, msgid, LDAP_MSG_ALL, NULL, &result ) == -1 || !result ) {
return( ld->ld_errno ); /* ldap_result sets ld_errno */
}
diff --git a/libraries/libldap/sbind.c b/libraries/libldap/sbind.c
index 15a04defc4392c99f7dc4b718dd6658e5cf5809a..41da98d08bcb2fe548d1c6fd76e0e410e379979d 100644
--- a/libraries/libldap/sbind.c
+++ b/libraries/libldap/sbind.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -15,9 +15,6 @@
/* Portions Copyright (c) 1993 Regents of the University of Michigan.
* All rights reserved.
*/
-/* Portions Copyright (C) The Internet Society (1997)
- * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
- */
/*
* BindRequest ::= SEQUENCE {
@@ -25,10 +22,8 @@
* name DistinguishedName, -- who
* authentication CHOICE {
* simple [0] OCTET STRING -- passwd
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
- * krbv42ldap [1] OCTET STRING
- * krbv42dsa [2] OCTET STRING
-#endif
+ * krbv42ldap [1] OCTET STRING -- OBSOLETE
+ * krbv42dsa [2] OCTET STRING -- OBSOLETE
* sasl [3] SaslCredentials -- LDAPv3
* }
* }
diff --git a/libraries/libldap/schema.c b/libraries/libldap/schema.c
index 46271968e663fa2fb965fe59dbbadc10474f2e2a..86f26e638828c28f3ecc4980e37e3796454960c7 100644
--- a/libraries/libldap/schema.c
+++ b/libraries/libldap/schema.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -1028,7 +1028,7 @@ get_token( const char ** sp, char ** token_val )
**sp != '$' &&
**sp != '\'' &&
/* for suggested minimum upper bound on the number
- * of characters <draft-ietf-ldapbis-syntaxes> */
+ * of characters (RFC 4517) */
**sp != '{' &&
**sp != '\0' )
(*sp)++;
diff --git a/libraries/libldap/search.c b/libraries/libldap/search.c
index 762bfd2fe7abd4999fd9365d75f72dcea8d9c7a2..a09b8301cab484ef5b618f3795008c456a859f4d 100644
--- a/libraries/libldap/search.c
+++ b/libraries/libldap/search.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -385,7 +385,7 @@ ldap_search_s(
== -1 )
return( ld->ld_errno );
- if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, res ) == -1 )
+ if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, res ) == -1 || !res )
return( ld->ld_errno );
return( ldap_result2error( ld, *res, 0 ) );
diff --git a/libraries/libldap/sort.c b/libraries/libldap/sort.c
index b556fc955ec63be44df094e918084b2876280b9b..b1c3c9b6b96cb779fc21957c15109ac808c51e52 100644
--- a/libraries/libldap/sort.c
+++ b/libraries/libldap/sort.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/libldap/sortctrl.c b/libraries/libldap/sortctrl.c
index 185046167210961c320f7f947c90a62eab58caa9..0200e01dacf72073409d7a1c2ef81d67385883fb 100644
--- a/libraries/libldap/sortctrl.c
+++ b/libraries/libldap/sortctrl.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -27,9 +27,6 @@
* can be found in the file "build/LICENSE-2.0.1" in this distribution
* of OpenLDAP Software.
*/
-/* Portions Copyright (C) The Internet Society (1997)
- * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
- */
#include "portable.h"
diff --git a/libraries/libldap/string.c b/libraries/libldap/string.c
index 13566edb4e6d41bf07a2a2925ff00c13deba1d64..4f860ada785e68cfee3c875b314a42bd7ccffc13 100644
--- a/libraries/libldap/string.c
+++ b/libraries/libldap/string.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/libldap/t61.c b/libraries/libldap/t61.c
index 5deb337bb87f67b3c94a44da24ae14fce89695ba..199a908ab2e7bd865c682123fb2620cc0fb1486b 100644
--- a/libraries/libldap/t61.c
+++ b/libraries/libldap/t61.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2002-2006 The OpenLDAP Foundation.
+ * Copyright 2002-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/libldap/test.c b/libraries/libldap/test.c
index 88060893121c4fd5a198f3dc6072e40a618d2585..7b87e9a90d7a89de4d96a901ee1b007196a18a56 100644
--- a/libraries/libldap/test.c
+++ b/libraries/libldap/test.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -252,17 +252,7 @@ bind_prompt( LDAP *ld,
printf("rebind for request=%ld msgid=%ld url=%s\n",
request, (long) msgid, url );
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
- get_line( dn, sizeof(dn), stdin,
- "re-bind method (0->simple, 1->krbv41, 2->krbv42, 3->krbv41&2)? " );
- if (( authmethod = atoi( dn )) == 3 ) {
- authmethod = LDAP_AUTH_KRBV4;
- } else {
- authmethod |= 0x80;
- }
-#else /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
authmethod = LDAP_AUTH_SIMPLE;
-#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
get_line( dn, sizeof(dn), stdin, "re-bind dn? " );
strcat( dn, dnsuffix );
@@ -412,13 +402,7 @@ main( int argc, char **argv )
break;
case 'b': /* asynch bind */
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
- get_line( line, sizeof(line), stdin,
- "method (0->simple, 1->krbv41, 2->krbv42)? " );
- method = atoi( line ) | 0x80;
-#else /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
method = LDAP_AUTH_SIMPLE;
-#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
get_line( dn, sizeof(dn), stdin, "dn? " );
strcat( dn, dnsuffix );
@@ -438,17 +422,7 @@ main( int argc, char **argv )
break;
case 'B': /* synch bind */
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
- get_line( line, sizeof(line), stdin,
- "method 0->simple 1->krbv41 2->krbv42 3->krb? " );
- method = atoi( line );
- if ( method == 3 )
- method = LDAP_AUTH_KRBV4;
- else
- method = method | 0x80;
-#else /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
method = LDAP_AUTH_SIMPLE;
-#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
get_line( dn, sizeof(dn), stdin, "dn? " );
strcat( dn, dnsuffix );
diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c
index 49cd1845959bc0a0972e4ebd128a3f6f30f5842e..2d14794a19457567c03405a82b58e9e177034062 100644
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -103,7 +103,10 @@ static void tls_init_threads( void )
ldap_pvt_thread_mutex_init( &tls_mutexes[i] );
}
CRYPTO_set_locking_callback( tls_locking_cb );
- /* FIXME: the thread id should be added somehow... */
+ CRYPTO_set_id_callback( ldap_pvt_thread_self );
+ /* FIXME: CRYPTO_set_id_callback only works when ldap_pvt_thread_t
+ * is an integral type that fits in an unsigned long
+ */
ldap_pvt_thread_mutex_init( &tls_def_ctx_mutex );
ldap_pvt_thread_mutex_init( &tls_connect_mutex );
@@ -215,6 +218,8 @@ ldap_int_tls_init_ctx( struct ldapoptions *lo, int is_server )
if ( lo->ldo_tls_ctx )
return 0;
+ ldap_pvt_tls_init();
+
if ( is_server && !certfile && !keyfile && !cacertfile && !cacertdir ) {
/* minimum configuration not provided */
return LDAP_NOT_SUPPORTED;
@@ -1294,6 +1299,10 @@ ldap_pvt_tls_get_option( LDAP *ld, int option, void *arg )
*(int *)arg = lo->ldo_tls_crlcheck;
break;
#endif
+ case LDAP_OPT_X_TLS_CIPHER_SUITE:
+ *(char **)arg = lo->ldo_tls_ciphersuite ?
+ LDAP_STRDUP( lo->ldo_tls_ciphersuite ) : NULL;
+ break;
case LDAP_OPT_X_TLS_RANDOM_FILE:
*(char **)arg = tls_opt_randfile ?
LDAP_STRDUP( tls_opt_randfile ) : NULL;
diff --git a/libraries/libldap/turn.c b/libraries/libldap/turn.c
index bcda1cbf5dd689d9f9b253f65fb194ffaff3efd5..030352ec03734cf1704f73f07cc27dad7e436257 100644
--- a/libraries/libldap/turn.c
+++ b/libraries/libldap/turn.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2005-2006 The OpenLDAP Foundation.
+ * Copyright 2005-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/libldap/txn.c b/libraries/libldap/txn.c
index 23856db4b6370fd6cc1fa9b46410ce1146b60972..82cd465de4d2962ff3fd3bf0bdade3d9a2cf4f89 100644
--- a/libraries/libldap/txn.c
+++ b/libraries/libldap/txn.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2006 The OpenLDAP Foundation.
+ * Copyright 2006-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -102,6 +102,9 @@ ldap_txn_end_s(
int rc;
BerElement *txnber = NULL;
struct berval *txnval = NULL;
+ struct berval *retdata = NULL;
+
+ if ( retidp != NULL ) *retidp = -1;
txnber = ber_alloc_t( LBER_USE_DER );
@@ -114,7 +117,38 @@ ldap_txn_end_s(
ber_flatten( txnber, &txnval );
rc = ldap_extended_operation_s( ld, LDAP_EXOP_X_TXN_END,
- txnval, sctrls, cctrls, NULL, NULL );
+ txnval, sctrls, cctrls, NULL, &retdata );
+
+ ber_free( txnber, 1 );
+
+ /* parse retdata */
+ if( retdata != NULL ) {
+ BerElement *ber;
+ ber_tag_t tag;
+ ber_int_t retid;
+
+ if( retidp == NULL ) goto done;
+
+ ber = ber_init( retdata );
+
+ if( ber == NULL ) {
+ rc = ld->ld_errno = LDAP_NO_MEMORY;
+ goto done;
+ }
+
+ tag = ber_scanf( ber, "i", &retid );
+ ber_free( ber, 1 );
+
+ if ( tag != LBER_INTEGER ) {
+ rc = ld->ld_errno = LDAP_DECODING_ERROR;
+ goto done;
+ }
+
+ *retidp = (int) retid;
+
+done:
+ ber_bvfree( retdata );
+ }
return rc;
}
diff --git a/libraries/libldap/unbind.c b/libraries/libldap/unbind.c
index da4163354592dd74a5016b8b57f6dde9a2350b3d..3e0bbab8f6b8de26d7d558bb807f05ed8f7732c2 100644
--- a/libraries/libldap/unbind.c
+++ b/libraries/libldap/unbind.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -15,16 +15,6 @@
/* Portions Copyright (c) 1990 Regents of the University of Michigan.
* All rights reserved.
*/
-/* Portions Copyright (C) The Internet Society (1997)
- * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
- */
-
-/* An Unbind Request looks like this:
- *
- * UnbindRequest ::= NULL
- *
- * and has no response.
- */
#include "portable.h"
@@ -37,6 +27,13 @@
#include "ldap-int.h"
+/* An Unbind Request looks like this:
+ *
+ * UnbindRequest ::= [APPLICATION 2] NULL
+ *
+ * and has no response. (Source: RFC 4511)
+ */
+
int
ldap_unbind_ext(
LDAP *ld,
@@ -147,16 +144,6 @@ ldap_ld_free(
}
#endif
- if ( ld->ld_options.ldo_tm_api != NULL ) {
- LDAP_FREE( ld->ld_options.ldo_tm_api );
- ld->ld_options.ldo_tm_api = NULL;
- }
-
- if ( ld->ld_options.ldo_tm_net != NULL ) {
- LDAP_FREE( ld->ld_options.ldo_tm_net );
- ld->ld_options.ldo_tm_net = NULL;
- }
-
#ifdef HAVE_CYRUS_SASL
if ( ld->ld_options.ldo_def_sasl_mech != NULL ) {
LDAP_FREE( ld->ld_options.ldo_def_sasl_mech );
diff --git a/libraries/libldap/url.c b/libraries/libldap/url.c
index df9be5e0a23f25c0d218c13da8b481ece52e1c2e..1eadf029f152df0f0a7d4d209ce323eb45b49fc7 100644
--- a/libraries/libldap/url.c
+++ b/libraries/libldap/url.c
@@ -1,8 +1,8 @@
-/* LIBLDAP url.c -- LDAP URL (RFC 2255) related routines */
+/* LIBLDAP url.c -- LDAP URL (RFC 4516) related routines */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -25,7 +25,7 @@
* where:
* attributes is a comma separated list
* scope is one of these three strings: base one sub (default=base)
- * filter is an string-represented filter as in RFC 2254
+ * filter is an string-represented filter as in RFC 4515
*
* e.g., ldap://host:port/dc=com?o,cn?base?(o=openldap)?extension
*
diff --git a/libraries/libldap/urltest.c b/libraries/libldap/urltest.c
index 8012cfc020031045621436b6307fbaa11a45fa1c..87db0b676a01f1265ac9aa0338d18f4f6d7f625b 100644
--- a/libraries/libldap/urltest.c
+++ b/libraries/libldap/urltest.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/libldap/utf-8-conv.c b/libraries/libldap/utf-8-conv.c
index e1ffe3c67b66478b134c6d81a75031e4c74ea462..d764bbad38ba7826034f31e2f5d4e7ff59945ec9 100644
--- a/libraries/libldap/utf-8-conv.c
+++ b/libraries/libldap/utf-8-conv.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/libldap/utf-8.c b/libraries/libldap/utf-8.c
index b8a61a1e1e93924188b9038ef93009f3cd51c1fc..0505744d3adaccde3b308a613dd37b6aa84ffdaa 100644
--- a/libraries/libldap/utf-8.c
+++ b/libraries/libldap/utf-8.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/libldap/util-int.c b/libraries/libldap/util-int.c
index 2ed008056b3ddcde368ed8f49dd39147228c581c..6b24d63565db919789a1ef4502ba9e1d33a9fc5d 100644
--- a/libraries/libldap/util-int.c
+++ b/libraries/libldap/util-int.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* Portions Copyright 1998 A. Hartgers.
* All rights reserved.
*
diff --git a/libraries/libldap/vlvctrl.c b/libraries/libldap/vlvctrl.c
index 86528c503c010a3807cf63ed9edcf857245460eb..f301a2e6410d579cd4d8975ca305df8c5b2f9437 100644
--- a/libraries/libldap/vlvctrl.c
+++ b/libraries/libldap/vlvctrl.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -27,9 +27,6 @@
* can be found in the file "build/LICENSE-2.0.1" in this distribution
* of OpenLDAP Software.
*/
-/* Portions Copyright (C) The Internet Society (1997)
- * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
- */
#include "portable.h"
diff --git a/libraries/libldap/whoami.c b/libraries/libldap/whoami.c
index ec96523d32158fc7d6fb25f1687423706c9ac9fc..f77ebb5069b5b6da6314acff0b9fba53034f1ab7 100644
--- a/libraries/libldap/whoami.c
+++ b/libraries/libldap/whoami.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -88,7 +88,7 @@ ldap_whoami_s(
rc = ldap_whoami( ld, sctrls, cctrls, &msgid );
if ( rc != LDAP_SUCCESS ) return rc;
- if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, &res ) == -1 ) {
+ if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, &res ) == -1 || !res ) {
return ld->ld_errno;
}
diff --git a/libraries/libldap_r/Makefile.in b/libraries/libldap_r/Makefile.in
index 2629234e0f6986e3a0b8ddfeb25df054fb195a76..f52f427518ed0adab50f0bd2fd7abeb788885bff 100644
--- a/libraries/libldap_r/Makefile.in
+++ b/libraries/libldap_r/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
@@ -22,13 +22,13 @@ XXSRCS = apitest.c test.c \
bind.c open.c result.c error.c compare.c search.c \
controls.c messages.c references.c extended.c cyrus.c \
modify.c add.c modrdn.c delete.c abandon.c \
- sasl.c sbind.c kbind.c unbind.c cancel.c \
+ sasl.c sbind.c unbind.c cancel.c \
filter.c free.c sort.c passwd.c whoami.c \
getdn.c getentry.c getattr.c getvalues.c addentry.c \
request.c os-ip.c url.c pagectrl.c sortctrl.c vlvctrl.c \
init.c options.c print.c string.c util-int.c schema.c \
charray.c tls.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \
- turn.c ppolicy.c dds.c txn.c
+ turn.c ppolicy.c dds.c txn.c ldap_sync.c
SRCS = threads.c rdwr.c rmutex.c tpool.c rq.c \
thr_posix.c thr_cthreads.c thr_thr.c thr_lwp.c thr_nt.c \
thr_pth.c thr_stub.c thr_debug.c
@@ -38,13 +38,13 @@ OBJS = threads.lo rdwr.lo rmutex.lo tpool.lo rq.lo \
bind.lo open.lo result.lo error.lo compare.lo search.lo \
controls.lo messages.lo references.lo extended.lo cyrus.lo \
modify.lo add.lo modrdn.lo delete.lo abandon.lo \
- sasl.lo sbind.lo kbind.lo unbind.lo cancel.lo \
+ sasl.lo sbind.lo unbind.lo cancel.lo \
filter.lo free.lo sort.lo passwd.lo whoami.lo \
getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
request.lo os-ip.lo url.lo pagectrl.lo sortctrl.lo vlvctrl.lo \
init.lo options.lo print.lo string.lo util-int.lo schema.lo \
charray.lo tls.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \
- turn.lo ppolicy.lo dds.lo txn.lo
+ turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo
LDAP_INCDIR= ../../include
LDAP_LIBDIR= ../../libraries
diff --git a/libraries/libldap_r/ldap_thr_debug.h b/libraries/libldap_r/ldap_thr_debug.h
index 5834ef07b1c180393f77e50fe94e01ad13aabd7a..fa754df71d459c1c3511f33f76ef345c45c47278 100644
--- a/libraries/libldap_r/ldap_thr_debug.h
+++ b/libraries/libldap_r/ldap_thr_debug.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2005-2006 The OpenLDAP Foundation.
+ * Copyright 2005-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/libldap_r/rdwr.c b/libraries/libldap_r/rdwr.c
index de6b23cb4a21cd810e7570dd26bad9faa81f7932..47ed08f8242276e45144269d857ca839ff9a15b0 100644
--- a/libraries/libldap_r/rdwr.c
+++ b/libraries/libldap_r/rdwr.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/libldap_r/rmutex.c b/libraries/libldap_r/rmutex.c
index 98529e42e0d5694fadea7348c2a0f129f9d3185b..a6e66b514b271c5accb5e622d1d0b7c0589aa6ff 100644
--- a/libraries/libldap_r/rmutex.c
+++ b/libraries/libldap_r/rmutex.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2006 The OpenLDAP Foundation.
+ * Copyright 2006-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/libldap_r/rq.c b/libraries/libldap_r/rq.c
index e692c628ed1f2e52cd04b120f0dc556157a831c6..5ea15c2222c86898fe83d36159293c82f4b6fb79 100644
--- a/libraries/libldap_r/rq.c
+++ b/libraries/libldap_r/rq.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
* Portions Copyright 2003 IBM Corporation.
* All rights reserved.
*
diff --git a/libraries/libldap_r/thr_cthreads.c b/libraries/libldap_r/thr_cthreads.c
index af5526a4abb2d82098a39b9822aff4a33b27cda3..b98a47afa2caa28f736207e6a19a7faa6c73e84f 100644
--- a/libraries/libldap_r/thr_cthreads.c
+++ b/libraries/libldap_r/thr_cthreads.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/libldap_r/thr_debug.c b/libraries/libldap_r/thr_debug.c
index 3b99e838fc9fc40a962a598f87f9ed1c5da57e56..87ed67fa02b3ae8a1d9ad7931d92fead52201e03 100644
--- a/libraries/libldap_r/thr_debug.c
+++ b/libraries/libldap_r/thr_debug.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2005-2006 The OpenLDAP Foundation.
+ * Copyright 2005-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/libldap_r/thr_lwp.c b/libraries/libldap_r/thr_lwp.c
index 41b70fa0154338fffbd153d037c67c3d2a860943..ea3eeea71ff35b02fd9e6a7b18d0d6744e2fee1c 100644
--- a/libraries/libldap_r/thr_lwp.c
+++ b/libraries/libldap_r/thr_lwp.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/libldap_r/thr_nt.c b/libraries/libldap_r/thr_nt.c
index 8bae80e9a73d438ed65907f3dcb3e5b8b87b0b35..f3d0755de99941f3a78f237b3c40a6d4349c9330 100644
--- a/libraries/libldap_r/thr_nt.c
+++ b/libraries/libldap_r/thr_nt.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/libldap_r/thr_posix.c b/libraries/libldap_r/thr_posix.c
index ce48b32b53000e919b28449f138745bb055e6422..f378cfcaf8b6515db6f12ef46d037d141b90ad3a 100644
--- a/libraries/libldap_r/thr_posix.c
+++ b/libraries/libldap_r/thr_posix.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/libldap_r/thr_pth.c b/libraries/libldap_r/thr_pth.c
index 57572b236ca906c791f0e610ef11c62657cddc68..c5844533c12da13974e8ecb9ed13b651c0240ab2 100644
--- a/libraries/libldap_r/thr_pth.c
+++ b/libraries/libldap_r/thr_pth.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/libldap_r/thr_stub.c b/libraries/libldap_r/thr_stub.c
index b186e5c8ac032dd9db03a2b6508c5f43f0722c6e..1eabb5b7a1d840447f032b0c7e0581b65434ad9c 100644
--- a/libraries/libldap_r/thr_stub.c
+++ b/libraries/libldap_r/thr_stub.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -229,4 +229,11 @@ ldap_pvt_thread_self( void )
return(0);
}
+ldap_pvt_thread_t
+ldap_pvt_thread_pool_tid( void *vctx )
+{
+
+ return(0);
+}
+
#endif /* NO_THREADS */
diff --git a/libraries/libldap_r/thr_thr.c b/libraries/libldap_r/thr_thr.c
index 529651cf923e9de198e613cad6eee2c9d50dfb40..2acbe083a64978566581134e46a507defc2dbe5e 100644
--- a/libraries/libldap_r/thr_thr.c
+++ b/libraries/libldap_r/thr_thr.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/libldap_r/threads.c b/libraries/libldap_r/threads.c
index b562a87d571e5f21695c8b13e08e2c96289eed0f..9a2358c9e497b4e4ef308b37043b111a66804f90 100644
--- a/libraries/libldap_r/threads.c
+++ b/libraries/libldap_r/threads.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/libldap_r/tpool.c b/libraries/libldap_r/tpool.c
index 32d13dd9dff1648222000439f0f3db087024396c..1b18ff8fe0ec5d4708f0ff6e6408b60028f317b0 100644
--- a/libraries/libldap_r/tpool.c
+++ b/libraries/libldap_r/tpool.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -720,12 +720,7 @@ ldap_int_thread_pool_wrapper (
}
}
- for ( i=0; i<MAXKEYS && uctx.ltu_key[i].ltk_key; i++ ) {
- if (uctx.ltu_key[i].ltk_free)
- uctx.ltu_key[i].ltk_free(
- uctx.ltu_key[i].ltk_key,
- uctx.ltu_key[i].ltk_data );
- }
+ ldap_pvt_thread_pool_context_reset(&uctx);
thread_keys[keyslot].ctx = NULL;
thread_keys[keyslot].id = tid_zero;
@@ -868,7 +863,7 @@ void ldap_pvt_thread_pool_purgekey( void *key )
/*
* This is necessary if the caller does not have access to the
* thread context handle (for example, a slapd plugin calling
- * slapi_search_internal()). No doubt it is more efficient to
+ * slapi_search_internal()). No doubt it is more efficient
* for the application to keep track of the thread context
* handles itself.
*/
@@ -895,7 +890,9 @@ void ldap_pvt_thread_pool_context_reset( void *vctx )
ldap_int_thread_userctx_t *ctx = vctx;
int i;
- for ( i=0; i<MAXKEYS && ctx->ltu_key[i].ltk_key; i++) {
+ for ( i=MAXKEYS-1; i>=0; i--) {
+ if ( !ctx->ltu_key[i].ltk_key )
+ continue;
if ( ctx->ltu_key[i].ltk_free )
ctx->ltu_key[i].ltk_free( ctx->ltu_key[i].ltk_key,
ctx->ltu_key[i].ltk_data );
diff --git a/libraries/liblunicode/Makefile.in b/libraries/liblunicode/Makefile.in
index 2b2c542c73f7463f08b02db6716b748889f21044..22c1a8989a1a76a23e541ddde7edaf0236dc984b 100644
--- a/libraries/liblunicode/Makefile.in
+++ b/libraries/liblunicode/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblunicode/ucdata/ucdata.c b/libraries/liblunicode/ucdata/ucdata.c
index db2adb55814f4b23857b10b1f1e91df9d45e1635..0e188e79104230bed2921f7ca339bc2206de3753 100644
--- a/libraries/liblunicode/ucdata/ucdata.c
+++ b/libraries/liblunicode/ucdata/ucdata.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -313,6 +313,9 @@ ucisprop(ac_uint4 code, ac_uint4 mask1, ac_uint4 mask2)
#if !HARDCODE_DATA
+/* These record the number of slots in the map.
+ * There are 3 words per slot.
+ */
static ac_uint4 _uccase_size;
static ac_uint2 _uccase_len[2];
static ac_uint4 *_uccase_map;
@@ -356,23 +359,23 @@ _uccase_load(char *paths, int reload)
* Set the node count and lengths of the upper and lower case mapping
* tables.
*/
- _uccase_size = hdr.cnt * 3;
- _uccase_len[0] = hdr.size.len[0] * 3;
- _uccase_len[1] = hdr.size.len[1] * 3;
+ _uccase_size = hdr.cnt;
+ _uccase_len[0] = hdr.size.len[0];
+ _uccase_len[1] = hdr.size.len[1];
_uccase_map = (ac_uint4 *)
- malloc(_uccase_size * sizeof(ac_uint4));
+ malloc(_uccase_size * 3 * sizeof(ac_uint4));
/*
* Load the case mapping table.
*/
- fread((char *) _uccase_map, sizeof(ac_uint4), _uccase_size, in);
+ fread((char *) _uccase_map, sizeof(ac_uint4), _uccase_size * 3, in);
/*
* Do an endian swap if necessary.
*/
if (hdr.bom == 0xfffe) {
- for (i = 0; i < _uccase_size; i++)
+ for (i = 0; i < _uccase_size * 3; i++)
_uccase_map[i] = endian_long(_uccase_map[i]);
}
fclose(in);
@@ -394,6 +397,7 @@ static ac_uint4
_uccase_lookup(ac_uint4 code, long l, long r, int field)
{
long m;
+ const ac_uint4 *tmp;
/*
* Do the binary search.
@@ -404,13 +408,13 @@ _uccase_lookup(ac_uint4 code, long l, long r, int field)
* the beginning of a case mapping triple.
*/
m = (l + r) >> 1;
- m -= (m % 3);
- if (code > _uccase_map[m])
- l = m + 3;
- else if (code < _uccase_map[m])
- r = m - 3;
- else if (code == _uccase_map[m])
- return _uccase_map[m + field];
+ tmp = &_uccase_map[m*3];
+ if (code > *tmp)
+ l = m + 1;
+ else if (code < *tmp)
+ r = m - 1;
+ else if (code == *tmp)
+ return tmp[field];
}
return code;
@@ -431,14 +435,14 @@ uctoupper(ac_uint4 code)
*/
field = 2;
l = _uccase_len[0];
- r = (l + _uccase_len[1]) - 3;
+ r = (l + _uccase_len[1]) - 1;
} else {
/*
* The character is title case.
*/
field = 1;
l = _uccase_len[0] + _uccase_len[1];
- r = _uccase_size - 3;
+ r = _uccase_size - 1;
}
return _uccase_lookup(code, l, r, field);
}
@@ -458,14 +462,14 @@ uctolower(ac_uint4 code)
*/
field = 1;
l = 0;
- r = _uccase_len[0] - 3;
+ r = _uccase_len[0] - 1;
} else {
/*
* The character is title case.
*/
field = 2;
l = _uccase_len[0] + _uccase_len[1];
- r = _uccase_size - 3;
+ r = _uccase_size - 1;
}
return _uccase_lookup(code, l, r, field);
}
@@ -489,13 +493,13 @@ uctotitle(ac_uint4 code)
* The character is upper case.
*/
l = 0;
- r = _uccase_len[0] - 3;
+ r = _uccase_len[0] - 1;
} else {
/*
* The character is lower case.
*/
l = _uccase_len[0];
- r = (l + _uccase_len[1]) - 3;
+ r = (l + _uccase_len[1]) - 1;
}
return _uccase_lookup(code, l, r, field);
}
diff --git a/libraries/liblunicode/ucdata/ucdata.h b/libraries/liblunicode/ucdata/ucdata.h
index e5648b813995a571bedbe1860b24dc629ea65ebb..f3ad0b6e3ad5c0120babd2adff4b3044b0558321 100644
--- a/libraries/liblunicode/ucdata/ucdata.h
+++ b/libraries/liblunicode/ucdata/ucdata.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblunicode/ucdata/ucgendat.c b/libraries/liblunicode/ucdata/ucgendat.c
index 18d02b6573e8650071165eee5dca212c681720b3..0af1bfd44acb5c55f96cc588a265cdbea4351d4e 100644
--- a/libraries/liblunicode/ucdata/ucgendat.c
+++ b/libraries/liblunicode/ucdata/ucgendat.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblunicode/ucdata/ucpgba.c b/libraries/liblunicode/ucdata/ucpgba.c
index 47f95199eb6a21d037576ac7e89386c0a9eefd19..cd1f08246f1babef2ad2d759e7fde7fbac179e29 100644
--- a/libraries/liblunicode/ucdata/ucpgba.c
+++ b/libraries/liblunicode/ucdata/ucpgba.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblunicode/ucdata/ucpgba.h b/libraries/liblunicode/ucdata/ucpgba.h
index f491a0e92e0e056184bb25fc680b1fdd0e21e0a4..75702fbc1966f07ce73275b5ffeb72ecb60de700 100644
--- a/libraries/liblunicode/ucdata/ucpgba.h
+++ b/libraries/liblunicode/ucdata/ucpgba.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblunicode/ucstr.c b/libraries/liblunicode/ucstr.c
index d964649addb5bb79d5ff4c40e38e12bd42b3424b..9246dc8edbfbe2273c745e9591a37b9beb2a7005 100644
--- a/libraries/liblunicode/ucstr.c
+++ b/libraries/liblunicode/ucstr.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblunicode/ure/ure.c b/libraries/liblunicode/ure/ure.c
index e2a24ba2caed45c0e295f6d8177bf94e42a1a99f..89bb0487c11dd6a5a6d7245491343eb5794dfe27 100644
--- a/libraries/liblunicode/ure/ure.c
+++ b/libraries/liblunicode/ure/ure.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblunicode/ure/ure.h b/libraries/liblunicode/ure/ure.h
index 524e782920a5e578a6c730b4e67f6dc49987ab56..bc3030600eabbdf4eed0bc33966c1610b3c5136f 100644
--- a/libraries/liblunicode/ure/ure.h
+++ b/libraries/liblunicode/ure/ure.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblunicode/ure/urestubs.c b/libraries/liblunicode/ure/urestubs.c
index 59216341a034b9bc4439c0ea74858784ce34b3a0..7e2a5532b84a4bf5e9baff6e8e5bddf0b2015e7a 100644
--- a/libraries/liblunicode/ure/urestubs.c
+++ b/libraries/liblunicode/ure/urestubs.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblunicode/utbm/utbm.c b/libraries/liblunicode/utbm/utbm.c
index 54327d12327eb64c97b5fc64868cfc10557c6af6..9342f24f20d18f864639a725b1fc2e616eb1912b 100644
--- a/libraries/liblunicode/utbm/utbm.c
+++ b/libraries/liblunicode/utbm/utbm.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblunicode/utbm/utbm.h b/libraries/liblunicode/utbm/utbm.h
index b60dd6d0466088f4d30c970c3ff7dc4fe50d2d31..bbdb3433e6034b77c89373edc2617b71caf35a7f 100644
--- a/libraries/liblunicode/utbm/utbm.h
+++ b/libraries/liblunicode/utbm/utbm.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblunicode/utbm/utbmstub.c b/libraries/liblunicode/utbm/utbmstub.c
index f3c8ceaba6423465e4a5472ccc60851bf0eb9b79..de135d3f6186dcb6bdf60a9f745a4e5a7924f5c4 100644
--- a/libraries/liblunicode/utbm/utbmstub.c
+++ b/libraries/liblunicode/utbm/utbmstub.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblutil/Makefile.in b/libraries/liblutil/Makefile.in
index e08759033c142ec2ba7bb01ce9f1fab4f34451a0..e15928099dc7272c8acd9522b0485b97ba4c80db 100644
--- a/libraries/liblutil/Makefile.in
+++ b/libraries/liblutil/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblutil/avl.c b/libraries/liblutil/avl.c
index 4d6d74431ba27c12b1a26b6ae895d8645dc3aefe..de2d5511bbd2d80a1a6f60ba5a87653aca6ade8d 100644
--- a/libraries/liblutil/avl.c
+++ b/libraries/liblutil/avl.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblutil/base64.c b/libraries/liblutil/base64.c
index 6ea46bcadca6b73bd38bcf20a5e2896ffb993299..1b70554ae6ef769d08db1df82df85371ea0e9763 100644
--- a/libraries/liblutil/base64.c
+++ b/libraries/liblutil/base64.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* Portions Copyright 1995 IBM Corporation.
* All rights reserved.
diff --git a/libraries/liblutil/csn.c b/libraries/liblutil/csn.c
index 6b631e4063bc071fcd6f781d7f6fe0497bb6743a..4eb29bcce2aa14d85ebb41c4a987956914e2ed64 100644
--- a/libraries/liblutil/csn.c
+++ b/libraries/liblutil/csn.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* Portions Copyright 2000-2003 Kurt D. Zeilenga.
* All rights reserved.
*
@@ -35,8 +35,8 @@
* where s is a counter of operations within a timeslice, r is
* the replica id (normally zero), and c is a counter of
* modifications within this operation. s, r, and c are
- * represented in hex and zero padded to lengths of 6, 2, and
- * 6, respectively.
+ * represented in hex and zero padded to lengths of 6, 3, and
+ * 6, respectively. (In previous implementations r was only 2 digits.)
*
* Calls to this routine MUST be serialized with other calls
* to gmtime().
@@ -48,36 +48,19 @@
#include <lutil.h>
+/* Must be mutex-protected, because lutil_gettime needs mutex protection */
size_t
lutil_csnstr(char *buf, size_t len, unsigned int replica, unsigned int mod)
{
- static time_t csntime;
- static unsigned int csnop;
-
- time_t t;
- unsigned int op;
- struct tm *ltm;
-#ifdef HAVE_GMTIME_R
- struct tm ltm_buf;
-#endif
+ struct lutil_tm tm;
int n;
- time( &t );
- if ( t > csntime ) {
- csntime = t;
- csnop = 0;
- }
- op = csnop++;
+ lutil_gettime( &tm );
-#ifdef HAVE_GMTIME_R
- ltm = gmtime_r( &t, <m_buf );
-#else
- ltm = gmtime( &t );
-#endif
n = snprintf( buf, len,
- "%4d%02d%02d%02d%02d%02dZ#%06x#%02x#%06x",
- ltm->tm_year + 1900, ltm->tm_mon + 1, ltm->tm_mday, ltm->tm_hour,
- ltm->tm_min, ltm->tm_sec, op, replica, mod );
+ "%4d%02d%02d%02d%02d%02d.%06dZ#%06x#%03x#%06x",
+ tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday, tm.tm_hour,
+ tm.tm_min, tm.tm_sec, tm.tm_usec, tm.tm_usub, replica, mod );
if( n < 0 ) return 0;
return ( (size_t) n < len ) ? n : 0;
diff --git a/libraries/liblutil/detach.c b/libraries/liblutil/detach.c
index f5701307ae82f38704c1701043cba14062f565e5..603c9ae2ae1fa393dddb8bb43a3e090869b5eaf4 100644
--- a/libraries/liblutil/detach.c
+++ b/libraries/liblutil/detach.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblutil/entropy.c b/libraries/liblutil/entropy.c
index 739ef0d1dfafef9388a286372db5bc64b7b27cf8..b1ef0bacf7a53457f53eee496f46f7ecea082243 100644
--- a/libraries/liblutil/entropy.c
+++ b/libraries/liblutil/entropy.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Kurt D. Zeilenga.
* All rights reserved.
*
diff --git a/libraries/liblutil/fetch.c b/libraries/liblutil/fetch.c
index 661bc1e75b164b45cc9be39466a2d942ca1a2fe8..6535dd20b6ec6b4cb358ce8097779d5dcce4c04c 100644
--- a/libraries/liblutil/fetch.c
+++ b/libraries/liblutil/fetch.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Kurt D. Zeilenga.
* All rights reserved.
*
@@ -43,24 +43,23 @@ ldif_open_url(
LDAP_CONST char *urlstr )
{
FILE *url;
- char *p = NULL;
#ifdef HAVE_FETCH
url = fetchGetURL( (char*) urlstr, "" );
#else
- if( strncasecmp( "file://", urlstr, sizeof("file://")-1 ) == 0 ) {
- p = strchr( &urlstr[sizeof("file://")-1], '/' );
- if( p == NULL ) {
- return NULL;
- }
+ if( strncasecmp( "file:", urlstr, sizeof("file:")-1 ) == 0 ) {
+ char *p;
+ urlstr += sizeof("file:")-1;
/* we don't check for LDAP_DIRSEP since URLs should contain '/' */
- if( p[1] == '.' && ( p[2] == '/' || ( p[2] == '.' && p[3] == '/' ))) {
- /* skip over false root */
- p++;
+ if ( urlstr[0] == '/' && urlstr[1] == '/' ) {
+ urlstr += 2;
+ /* path must be absolute if authority is present */
+ if ( urlstr[0] != '/' )
+ return NULL;
}
- p = ber_strdup( p );
+ p = ber_strdup( urlstr );
ldap_pvt_hex_unescape( p );
url = fopen( p, "rb" );
diff --git a/libraries/liblutil/getopt.c b/libraries/liblutil/getopt.c
index 687095d6c3b809ee64a8f9a03fe23f5609de507c..5e4e02273c3c9ac327666da239a6289246bfeac9 100644
--- a/libraries/liblutil/getopt.c
+++ b/libraries/liblutil/getopt.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* All rights reserved.
*
diff --git a/libraries/liblutil/getpass.c b/libraries/liblutil/getpass.c
index 5c44844804420a2aadf82ad59bb58cddd110369f..a6cf7404fd517c3ded713a17b3323b1cbf92ef9c 100644
--- a/libraries/liblutil/getpass.c
+++ b/libraries/liblutil/getpass.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* All rights reserved.
*
diff --git a/libraries/liblutil/getpeereid.c b/libraries/liblutil/getpeereid.c
index 23aebb9d9d8f589456876b562780354cb1266173..97d87982abf19755b707a6eaedb30de47a9cf90a 100644
--- a/libraries/liblutil/getpeereid.c
+++ b/libraries/liblutil/getpeereid.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblutil/hash.c b/libraries/liblutil/hash.c
index 6668ae2401e245092df3fa09d2ee649fd7fa8b35..752dbab1f60c487ca3da7378ac74c16e4be5f337 100644
--- a/libraries/liblutil/hash.c
+++ b/libraries/liblutil/hash.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* Portions Copyright 2000-2003 Kurt D. Zeilenga.
* All rights reserved.
*
diff --git a/libraries/liblutil/ldif.c b/libraries/liblutil/ldif.c
index c639f875625fa217b4cefdf960035519796aff2b..2af75fb73236caec40a64534769da10db1b26c6e 100644
--- a/libraries/liblutil/ldif.c
+++ b/libraries/liblutil/ldif.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -777,6 +777,8 @@ ldif_close(
}
}
+#define LDIF_MAXLINE 4096
+
/*
* ldif_read_record - read an ldif record. Return 1 for success, 0 for EOF.
*/
@@ -787,7 +789,7 @@ ldif_read_record(
char **bufp, /* ptr to malloced output buffer */
int *buflenp ) /* ptr to length of *bufp */
{
- char linebuf[BUFSIZ], *line, *nbufp;
+ char linebuf[LDIF_MAXLINE], *line, *nbufp;
ber_len_t lcur = 0, len, linesize;
int last_ch = '\n', found_entry = 0, stop, top_comment = 0;
@@ -882,7 +884,7 @@ ldif_read_record(
}
if ( *buflenp - lcur <= len ) {
- *buflenp += len + BUFSIZ;
+ *buflenp += len + LDIF_MAXLINE;
nbufp = ber_memrealloc( *bufp, *buflenp );
if( nbufp == NULL ) {
return 0;
diff --git a/libraries/liblutil/lockf.c b/libraries/liblutil/lockf.c
index 580d66638ac94649cf3f96004f6ff297fe3d8c17..b808e6abdb7d58c04cd99cc204a73109108e198c 100644
--- a/libraries/liblutil/lockf.c
+++ b/libraries/liblutil/lockf.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblutil/md5.c b/libraries/liblutil/md5.c
index 99162541d287c9fb75dcf14b067107c7df87e165..6bb3d3ddfada586370ffc8eaa991c7ae05752488 100644
--- a/libraries/liblutil/md5.c
+++ b/libraries/liblutil/md5.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblutil/memcmp.c b/libraries/liblutil/memcmp.c
index c397d35c0ff35235766a86aab7ac5540a4a87a32..21400fc54dc4678fc46fd43a05e30045962d8004 100644
--- a/libraries/liblutil/memcmp.c
+++ b/libraries/liblutil/memcmp.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblutil/ntservice.c b/libraries/liblutil/ntservice.c
index 7b35288c45d8e6fe64f9545645d4f78a5332ab66..b953176e9914f0e646229a77806f0f61d831d7e7 100644
--- a/libraries/liblutil/ntservice.c
+++ b/libraries/liblutil/ntservice.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblutil/passfile.c b/libraries/liblutil/passfile.c
index 97f0bcd8d74a5c93fa1f580388896be846caf953..c84cda736765d76c5cc7a5a27ae49e4cb69a6793 100644
--- a/libraries/liblutil/passfile.c
+++ b/libraries/liblutil/passfile.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblutil/passwd.c b/libraries/liblutil/passwd.c
index a14071da05cf689d6a305e3415181f800b5e51c5..2ccad563b2047984233644c87cd6821118eb1b29 100644
--- a/libraries/liblutil/passwd.c
+++ b/libraries/liblutil/passwd.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblutil/ptest.c b/libraries/liblutil/ptest.c
index e98d14718b5c3e42395c08201b6104a923ce729f..387d62d31fd95f742a8040ef25041809be1a6537 100644
--- a/libraries/liblutil/ptest.c
+++ b/libraries/liblutil/ptest.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblutil/sasl.c b/libraries/liblutil/sasl.c
index 0fde891a22a01ac344218b78a5bfac08d73f6321..ffbd29846e67b03fadbcd18010c79a319b3c4d32 100644
--- a/libraries/liblutil/sasl.c
+++ b/libraries/liblutil/sasl.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblutil/setproctitle.c b/libraries/liblutil/setproctitle.c
index cb38054e98619026543c9f6c8d436591c378d05f..5f957c548953baba3b8f201ff3c04cd5c7bc8d7b 100644
--- a/libraries/liblutil/setproctitle.c
+++ b/libraries/liblutil/setproctitle.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblutil/sha1.c b/libraries/liblutil/sha1.c
index 69afe79fab8aaf13050a0cbf070e9e264ea16378..d217965ec3a8823bd363016efe42405fd65868ea 100644
--- a/libraries/liblutil/sha1.c
+++ b/libraries/liblutil/sha1.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblutil/signal.c b/libraries/liblutil/signal.c
index 67bf6bf7ed3be66ae968416c4da8475ebdef35af..abc11cd2162cafcae6cb959cba259ec93f8d6a90 100644
--- a/libraries/liblutil/signal.c
+++ b/libraries/liblutil/signal.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblutil/sockpair.c b/libraries/liblutil/sockpair.c
index 47d273ca30f78607356f6c1bd7f2165dd102b549..c2e62200355b60e492a42924a6ad546871824bfd 100644
--- a/libraries/liblutil/sockpair.c
+++ b/libraries/liblutil/sockpair.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblutil/tavl.c b/libraries/liblutil/tavl.c
index 0fd2b7992adeee784e46ae9199880d68a62f0edb..deecd6add368bd0d7b85317bdd9126aa9d771771 100644
--- a/libraries/liblutil/tavl.c
+++ b/libraries/liblutil/tavl.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2005-2006 The OpenLDAP Foundation.
+ * Copyright 2005-2007 The OpenLDAP Foundation.
* Portions Copyright (c) 2005 by Howard Chu, Symas Corp.
* All rights reserved.
*
diff --git a/libraries/liblutil/testavl.c b/libraries/liblutil/testavl.c
index 6e01a6dcf5760e0a736398eb105653c3b743a17f..3cd7f13a1708964148f8893a214fb7d0e736b9b4 100644
--- a/libraries/liblutil/testavl.c
+++ b/libraries/liblutil/testavl.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblutil/testtavl.c b/libraries/liblutil/testtavl.c
index 3fa1d61ae541cbde0e6f7affcb2d34a47e6ab443..0fc2f9b516983f9856db879a98a030a217f7fdab 100644
--- a/libraries/liblutil/testtavl.c
+++ b/libraries/liblutil/testtavl.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/liblutil/utils.c b/libraries/liblutil/utils.c
index e74f9093ced1da465c7d479bbb234232f01a8034..2cd105ed92cf6dd4ddbb4f1c6ea1a7713b24a0dc 100644
--- a/libraries/liblutil/utils.c
+++ b/libraries/liblutil/utils.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -27,9 +27,13 @@
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
+#ifdef _WIN32
+#include <windows.h>
+#endif
-#include <lutil.h>
-#include <ldap_defaults.h>
+#include "lutil.h"
+#include "ldap_defaults.h"
+#include "ldap_pvt.h"
#ifdef HAVE_EBCDIC
int _trans_argv = 1;
@@ -268,6 +272,117 @@ int lutil_parsetime( char *atm, struct lutil_tm *tm )
return -1;
}
+/* return a broken out time, with microseconds
+ * Must be mutex-protected.
+ */
+#ifdef _WIN32
+/* Windows SYSTEMTIME only has 10 millisecond resolution, so we
+ * also need to use a high resolution timer to get microseconds.
+ * This is pretty clunky.
+ */
+void
+lutil_gettime( struct lutil_tm *tm )
+{
+ static LARGE_INTEGER cFreq;
+ static LARGE_INTEGER prevCount;
+ static int subs;
+ static int offset;
+ LARGE_INTEGER count;
+ SYSTEMTIME st;
+
+ GetSystemTime( &st );
+ QueryPerformanceCounter( &count );
+
+ /* We assume Windows has at least a vague idea of
+ * when a second begins. So we align our microsecond count
+ * with the Windows millisecond count using this offset.
+ * We retain the submillisecond portion of our own count.
+ */
+ if ( !cFreq.QuadPart ) {
+ long long t;
+ int usec;
+ QueryPerformanceFrequency( &cFreq );
+
+ t = count.QuadPart * 1000000;
+ t /= cFreq.QuadPart;
+ usec = t % 10000000;
+ usec /= 1000;
+ offset = ( usec - st.wMilliseconds ) * 1000;
+ }
+
+ /* It shouldn't ever go backwards, but multiple CPUs might
+ * be able to hit in the same tick.
+ */
+ if ( count.QuadPart <= prevCount.QuadPart ) {
+ subs++;
+ } else {
+ subs = 0;
+ prevCount = count;
+ }
+
+ tm->tm_usub = subs;
+
+ /* convert to microseconds */
+ count.QuadPart *= 1000000;
+ count.QuadPart /= cFreq.QuadPart;
+ count.QuadPart -= offset;
+
+ tm->tm_usec = count.QuadPart % 1000000;
+
+ /* any difference larger than microseconds is
+ * already reflected in st
+ */
+
+ tm->tm_sec = st.wSecond;
+ tm->tm_min = st.wMinute;
+ tm->tm_hour = st.wHour;
+ tm->tm_mday = st.wDay;
+ tm->tm_mon = st.wMonth - 1;
+ tm->tm_year = st.wYear - 1900;
+}
+#else
+void
+lutil_gettime( struct lutil_tm *ltm )
+{
+ struct timeval tv;
+ static struct timeval prevTv;
+ static int subs;
+
+#ifdef HAVE_GMTIME_R
+ struct tm tm_buf;
+#endif
+ struct tm *tm;
+ time_t t;
+
+ gettimeofday( &tv, NULL );
+ t = tv.tv_sec;
+
+ if ( tv.tv_sec < prevTv.tv_sec
+ || ( tv.tv_sec == prevTv.tv_sec && tv.tv_usec == prevTv.tv_usec )) {
+ subs++;
+ } else {
+ subs = 0;
+ prevTv = tv;
+ }
+
+ ltm->tm_usub = subs;
+
+#ifdef HAVE_GMTIME_R
+ tm = gmtime_r( &t, &tm_buf );
+#else
+ tm = gmtime( &t );
+#endif
+
+ ltm->tm_sec = tm->tm_sec;
+ ltm->tm_min = tm->tm_min;
+ ltm->tm_hour = tm->tm_hour;
+ ltm->tm_mday = tm->tm_mday;
+ ltm->tm_mon = tm->tm_mon;
+ ltm->tm_year = tm->tm_year;
+ ltm->tm_usec = tv.tv_usec;
+}
+#endif
+
/* strcopy is like strcpy except it returns a pointer to the trailing NUL of
* the result string. This allows fast construction of catenated strings
* without the overhead of strlen/strcat.
@@ -315,7 +430,6 @@ int mkstemp( char * template )
#endif
#ifdef _MSC_VER
-#include <windows.h>
struct dirent {
char *d_name;
};
@@ -490,6 +604,7 @@ lutil_atoulx( unsigned long *v, const char *s, int x )
static char time_unit[] = "dhms";
+/* Used to parse and unparse time intervals, not timestamps */
int
lutil_parse_time(
const char *in,
diff --git a/libraries/liblutil/uuid.c b/libraries/liblutil/uuid.c
index 8296bf1a3403297cf689a2e81d132e66727b5388..e2bbe74ad6410577e49bc94e2e9e5e956d5c1f3b 100644
--- a/libraries/liblutil/uuid.c
+++ b/libraries/liblutil/uuid.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* Portions Copyright 2000-2003 Kurt D. Zeilenga.
* All rights reserved.
*
diff --git a/libraries/librewrite/Makefile.in b/libraries/librewrite/Makefile.in
index 2101603f67e61a8fc0771d68ce46d5685d13a097..7cbb5a60dd7d5fa9b040e1d080a4854a9690638d 100644
--- a/libraries/librewrite/Makefile.in
+++ b/libraries/librewrite/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/libraries/librewrite/config.c b/libraries/librewrite/config.c
index 3cbd1f73e76d928d689db9fbc282c14cbef5cec5..60fc6b9b52a1aa2a242723ee1a3affd9866b217a 100644
--- a/libraries/librewrite/config.c
+++ b/libraries/librewrite/config.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -413,8 +413,8 @@ rewrite_parse_builtin_map(
/*
* Built-in ldap map
*/
- if ( strcasecmp( argv[ MAP_TYPE ], "ldap" ) == 0 ) {
- map->lb_type = REWRITE_BUILTIN_MAP_LDAP;
+ if (( map->lb_mapper = rewrite_mapper_find( argv[ MAP_TYPE ] ))) {
+ map->lb_type = REWRITE_BUILTIN_MAP;
#ifdef USE_REWRITE_LDAP_PVT_THREADS
if ( ldap_pvt_thread_mutex_init( & map->lb_mutex ) ) {
@@ -424,7 +424,7 @@ rewrite_parse_builtin_map(
}
#endif /* USE_REWRITE_LDAP_PVT_THREADS */
- map->lb_private = map_ldap_parse( info, fname, lineno,
+ map->lb_private = map->lb_mapper->rm_config( fname, lineno,
argc - 3, argv + 3 );
/*
diff --git a/libraries/librewrite/context.c b/libraries/librewrite/context.c
index 7b1c1a27748b0b7c4591c0a1c2265938d7b90293..aa1c7c05a5217e07d3e4bc9b660693fa9b79fd44 100644
--- a/libraries/librewrite/context.c
+++ b/libraries/librewrite/context.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/librewrite/info.c b/libraries/librewrite/info.c
index dd27ca892be65a59553b1f775acf372f53056f7c..12a9e6315105d3eee9a7bda3bb796ef233857bd2 100644
--- a/libraries/librewrite/info.c
+++ b/libraries/librewrite/info.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/librewrite/ldapmap.c b/libraries/librewrite/ldapmap.c
index c1fae58aa6354898a1ddb33ba3a28036a05c755c..86c1f7582f76b891cf5bde006554843296588064 100644
--- a/libraries/librewrite/ldapmap.c
+++ b/libraries/librewrite/ldapmap.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -85,9 +85,8 @@ map_ldap_free(
free( data );
}
-void *
+static void *
map_ldap_parse(
- struct rewrite_info *info,
const char *fname,
int lineno,
int argc,
@@ -97,7 +96,6 @@ map_ldap_parse(
struct ldap_map_data *data;
char *p, *uri;
- assert( info != NULL );
assert( fname != NULL );
assert( argv != NULL );
@@ -285,9 +283,9 @@ map_ldap_parse(
return ( void * )data;
}
-int
+static int
map_ldap_apply(
- struct rewrite_builtin_map *map,
+ void *private,
const char *filter,
struct berval *val
@@ -296,14 +294,12 @@ map_ldap_apply(
LDAP *ld;
LDAPMessage *res = NULL, *entry;
int rc;
- struct ldap_map_data *data = ( struct ldap_map_data * )map->lb_private;
+ struct ldap_map_data *data = private;
LDAPURLDesc *lud = data->lm_lud;
int first_try = 1, set_version = 0;
- assert( map != NULL );
- assert( map->lb_type == REWRITE_BUILTIN_MAP_LDAP );
- assert( map->lb_private != NULL );
+ assert( private != NULL );
assert( filter != NULL );
assert( val != NULL );
@@ -435,22 +431,24 @@ rc_return:;
return rc;
}
-int
+static int
map_ldap_destroy(
- struct rewrite_builtin_map **pmap
+ void *private
)
{
- struct ldap_map_data *data;
+ struct ldap_map_data *data = private;
- assert( pmap != NULL );
- assert( *pmap != NULL );
+ assert( private != NULL );
- data = ( struct ldap_map_data * )(*pmap)->lb_private;
-
map_ldap_free( data );
- (*pmap)->lb_private = NULL;
-
return 0;
}
+const rewrite_mapper rewrite_ldap_mapper = {
+ "ldap",
+ map_ldap_parse,
+ map_ldap_apply,
+ map_ldap_destroy
+};
+
diff --git a/libraries/librewrite/map.c b/libraries/librewrite/map.c
index edae3114f5184290b013f7f318ba66d5a974f351..d1a98a55a871170b1386343c7caf268429921e16 100644
--- a/libraries/librewrite/map.c
+++ b/libraries/librewrite/map.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -28,6 +28,10 @@
#include "rewrite-int.h"
#include "rewrite-map.h"
+static int num_mappers;
+static const rewrite_mapper **mappers;
+#define MAPPER_ALLOC 8
+
struct rewrite_map *
rewrite_map_parse(
struct rewrite_info *info,
@@ -417,14 +421,12 @@ rewrite_map_apply(
case REWRITE_MAP_BUILTIN: {
struct rewrite_builtin_map *bmap = map->lm_data;
- switch ( bmap->lb_type ) {
- case REWRITE_BUILTIN_MAP_LDAP:
- rc = map_ldap_apply( bmap, key->bv_val, val );
- break;
- default:
+ if ( bmap->lb_mapper && bmap->lb_mapper->rm_apply )
+ rc = bmap->lb_mapper->rm_apply( bmap->lb_private, key->bv_val,
+ val );
+ else
rc = REWRITE_ERR;
break;
- }
break;
}
@@ -445,15 +447,8 @@ rewrite_builtin_map_free(
assert( map != NULL );
- switch ( map->lb_type ) {
- case REWRITE_BUILTIN_MAP_LDAP:
- map_ldap_destroy( &map );
- break;
-
- default:
- assert(0);
- break;
- }
+ if ( map->lb_mapper && map->lb_mapper->rm_destroy )
+ map->lb_mapper->rm_destroy( map->lb_private );
free( map->lb_name );
free( map );
@@ -495,3 +490,58 @@ rewrite_map_destroy(
return 0;
}
+/* ldapmap.c */
+extern const rewrite_mapper rewrite_ldap_mapper;
+
+const rewrite_mapper *
+rewrite_mapper_find(
+ const char *name
+)
+{
+ int i;
+
+ if ( !strcasecmp( name, "ldap" ))
+ return &rewrite_ldap_mapper;
+
+ for (i=0; i<num_mappers; i++)
+ if ( !strcasecmp( name, mappers[i]->rm_name ))
+ return mappers[i];
+ return NULL;
+}
+
+int
+rewrite_mapper_register(
+ const rewrite_mapper *map
+)
+{
+ if ( num_mappers % MAPPER_ALLOC == 0 ) {
+ const rewrite_mapper **mnew;
+ mnew = realloc( mappers, (num_mappers + MAPPER_ALLOC) *
+ sizeof( rewrite_mapper * ));
+ if ( mnew )
+ mappers = mnew;
+ else
+ return -1;
+ }
+ mappers[num_mappers++] = map;
+ return 0;
+}
+
+int
+rewrite_mapper_unregister(
+ const rewrite_mapper *map
+)
+{
+ int i;
+
+ for (i = 0; i<num_mappers; i++) {
+ if ( mappers[i] == map ) {
+ num_mappers--;
+ mappers[i] = mappers[num_mappers];
+ mappers[num_mappers] = NULL;
+ return 0;
+ }
+ }
+ /* not found */
+ return -1;
+}
diff --git a/libraries/librewrite/params.c b/libraries/librewrite/params.c
index 5eeac6a874f0820d9861ec2051f99e0a2c451ba2..8f74d75e560b78db089277ee01487237ccffe2cf 100644
--- a/libraries/librewrite/params.c
+++ b/libraries/librewrite/params.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/librewrite/parse.c b/libraries/librewrite/parse.c
index ada6590d58607f1a00bbb0a2a2dddda3d5a858a9..3cc6ff462acd50b398d5b88f856b87f622360fab 100644
--- a/libraries/librewrite/parse.c
+++ b/libraries/librewrite/parse.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/librewrite/rewrite-int.h b/libraries/librewrite/rewrite-int.h
index 8578ab1e7ecbd0e96f7369f1b264e3e640bcd146..ca8873b06af622c219e893e0d8774ea8fc74773f 100644
--- a/libraries/librewrite/rewrite-int.h
+++ b/libraries/librewrite/rewrite-int.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -157,10 +157,11 @@ struct rewrite_map {
* Builtin maps
*/
struct rewrite_builtin_map {
-#define REWRITE_BUILTIN_MAP_LDAP 0x0201
+#define REWRITE_BUILTIN_MAP 0x0200
int lb_type;
char *lb_name;
void *lb_private;
+ const rewrite_mapper *lb_mapper;
#ifdef USE_REWRITE_LDAP_PVT_THREADS
ldap_pvt_thread_mutex_t lb_mutex;
diff --git a/libraries/librewrite/rewrite-map.h b/libraries/librewrite/rewrite-map.h
index e337092c1079305a1ca15f55c4abee340b83a10b..44a061f379e827cf604c1c16d2f57d6d988f8921 100644
--- a/libraries/librewrite/rewrite-map.h
+++ b/libraries/librewrite/rewrite-map.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -29,26 +29,4 @@ rewrite_builtin_map_find(
const char *name
);
-
-/*
- * LDAP map
- */
-LDAP_REWRITE_F (void *)
-map_ldap_parse(
- struct rewrite_info *info,
- const char *fname,
- int lineno,
- int argc,
- char **argv
-);
-
-LDAP_REWRITE_F (int)
-map_ldap_apply( struct rewrite_builtin_map *map,
- const char *filter,
- struct berval *val
-);
-
-LDAP_REWRITE_F (int)
-map_ldap_destroy( struct rewrite_builtin_map **map );
-
#endif /* MAP_H */
diff --git a/libraries/librewrite/rewrite.c b/libraries/librewrite/rewrite.c
index 16be0d5c6336c1d7798d3c05aadae5a37904d12e..621a6f213f0490dca6c288e60623afea61da1036 100644
--- a/libraries/librewrite/rewrite.c
+++ b/libraries/librewrite/rewrite.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/librewrite/rule.c b/libraries/librewrite/rule.c
index f834bca78b42613d01f4769ebecb70050d4a6854..e2463d2aae817f1c8952096d65a5bb1f98ad3f6e 100644
--- a/libraries/librewrite/rule.c
+++ b/libraries/librewrite/rule.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/librewrite/session.c b/libraries/librewrite/session.c
index bcec2d401f337243a1c452a8426b5bb4bde08296..e88fb5772f10a9841a3e45d48a87a712a1856bf9 100644
--- a/libraries/librewrite/session.c
+++ b/libraries/librewrite/session.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/librewrite/subst.c b/libraries/librewrite/subst.c
index 6a7feda3e42489da1a2fc3398bb333309fb52249..dde7d346238315353c07943b930212279116438f 100644
--- a/libraries/librewrite/subst.c
+++ b/libraries/librewrite/subst.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/librewrite/var.c b/libraries/librewrite/var.c
index 5e13b4d242f25a7265c55385b1cd53ecd35955cf..24602e7a47d98351a37a6cc696f885107d4479c2 100644
--- a/libraries/librewrite/var.c
+++ b/libraries/librewrite/var.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libraries/librewrite/xmap.c b/libraries/librewrite/xmap.c
index d0d0874f7115d39f504fc6dd147d5b1e8b832415..4e2965aa42f9f3d20aade6507ef62febe2fba48c 100644
--- a/libraries/librewrite/xmap.c
+++ b/libraries/librewrite/xmap.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/Makefile.in b/servers/Makefile.in
index aa083b9d96b04d4324f7bfe910bd241535e5ee6f..4fc47ae36a40d131051beda180200815ae664e79 100644
--- a/servers/Makefile.in
+++ b/servers/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/Makefile.in b/servers/slapd/Makefile.in
index 03b0f38bc90a4ea4a87566bd212466aaf7699fa8..1a61ae23c9d8ecef568431a6eaf8e868c12a834a 100644
--- a/servers/slapd/Makefile.in
+++ b/servers/slapd/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
@@ -29,7 +29,7 @@ SRCS = main.c globals.c bconfig.c config.c daemon.c \
dn.c compare.c modify.c delete.c modrdn.c ch_malloc.c \
value.c ava.c bind.c unbind.c abandon.c filterentry.c \
phonetic.c acl.c str2filter.c aclparse.c init.c user.c \
- repl.c lock.c controls.c extended.c kerberos.c passwd.c \
+ repl.c lock.c controls.c extended.c passwd.c \
schema.c schema_check.c schema_init.c schema_prep.c \
schemaparse.c ad.c at.c mr.c syntax.c oc.c saslauthz.c \
oidm.c starttls.c index.c sets.c referral.c root_dse.c \
@@ -47,7 +47,7 @@ OBJS = main.o globals.o bconfig.o config.o daemon.o \
dn.o compare.o modify.o delete.o modrdn.o ch_malloc.o \
value.o ava.o bind.o unbind.o abandon.o filterentry.o \
phonetic.o acl.o str2filter.o aclparse.o init.o user.o \
- repl.o lock.o controls.o extended.o kerberos.o passwd.o \
+ repl.o lock.o controls.o extended.o passwd.o \
schema.o schema_check.o schema_init.o schema_prep.o \
schemaparse.o ad.o at.o mr.o syntax.o oc.o saslauthz.o \
oidm.o starttls.o index.o sets.o referral.o root_dse.o \
diff --git a/servers/slapd/abandon.c b/servers/slapd/abandon.c
index 6bc86c17ae88cb933c7db540faad9f19fd3cc633..bd09f3e81106a69531068121c479269dbac3c209 100644
--- a/servers/slapd/abandon.c
+++ b/servers/slapd/abandon.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/aci.c b/servers/slapd/aci.c
index 75642b6fd404bfc21b60bc3015b8589b9d78cc87..86594ef33c14df8437522b981114c1b17ba50f13 100644
--- a/servers/slapd/aci.c
+++ b/servers/slapd/aci.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -62,6 +62,7 @@ enum {
ACI_BV_SUBTREE,
ACI_BV_BR_ENTRY,
+ ACI_BV_BR_CHILDREN,
ACI_BV_BR_ALL,
ACI_BV_ACCESS_ID,
@@ -96,6 +97,7 @@ static const struct berval aci_bv[] = {
/* */
BER_BVC("[entry]"),
+ BER_BVC("[children]"),
BER_BVC("[all]"),
/* type */
@@ -276,14 +278,18 @@ aci_list_get_attr_rights(
ACL_INIT(mask);
for ( i = 1; acl_get_part( list, i + 1, ';', &bv ) >= 0; i += 2 ) {
if ( aci_list_has_attr( &bv, attr, val ) == 0 ) {
+ Debug( LDAP_DEBUG_ACL, " <= aci_list_get_attr_rights test %s for %s -> failed\n", bv.bv_val, attr->bv_val, 0 );
continue;
}
+ Debug( LDAP_DEBUG_ACL, " <= aci_list_get_attr_rights test %s for %s -> ok\n", bv.bv_val, attr->bv_val, 0 );
if ( acl_get_part( list, i, ';', &bv ) < 0 ) {
+ Debug( LDAP_DEBUG_ACL, " <= aci_list_get_attr_rights test no rightsk\n", 0, 0, 0 );
continue;
}
mask |= aci_list_map_rights( &bv );
+ Debug( LDAP_DEBUG_ACL, " <= aci_list_get_attr_rights rights %s to mask 0x%x\n", bv.bv_val, mask, 0 );
}
return mask;
@@ -291,22 +297,22 @@ aci_list_get_attr_rights(
static int
aci_list_get_rights(
- struct berval *list,
- const struct berval *attr,
- struct berval *val,
- slap_access_t *grant,
- slap_access_t *deny )
+ struct berval *list,
+ struct berval *attr,
+ struct berval *val,
+ slap_access_t *grant,
+ slap_access_t *deny )
{
- struct berval perm, actn;
+ struct berval perm, actn, baseattr;
slap_access_t *mask;
int i, found;
- if ( attr == NULL || BER_BVISEMPTY( attr )
- || ber_bvstrcasecmp( attr, &aci_bv[ ACI_BV_ENTRY ] ) == 0 )
- {
- attr = &aci_bv[ ACI_BV_BR_ENTRY ];
- }
+ if ( attr == NULL || BER_BVISEMPTY( attr ) ) {
+ attr = (struct berval *)&aci_bv[ ACI_BV_ENTRY ];
+ } else if ( acl_get_part( attr, 0, ';', &baseattr ) > 0 ) {
+ attr = &baseattr;
+ }
found = 0;
ACL_INIT(*grant);
ACL_INIT(*deny);
@@ -684,10 +690,7 @@ aci_init( void )
&slap_ad_aci
};
- LDAPAttributeType *at;
- AttributeType *sat;
int rc;
- const char *text;
/* ACI syntax */
rc = register_syntax( &aci_syntax_def );
@@ -1006,16 +1009,17 @@ bv_get_tail(
* aci is accepted in following form:
* oid#scope#rights#type#subject
* Where:
- * oid := numeric OID
- * scope := entry|children
+ * oid := numeric OID (currently ignored)
+ * scope := entry|children|subtree
* rights := right[[$right]...]
* right := (grant|deny);action
- * action := perms;attr[[;perms;attr]...]
+ * action := perms;attrs[[;perms;attrs]...]
* perms := perm[[,perm]...]
* perm := c|s|r|w|x
- * attr := attributeType|[all]
- * type := public|users|self|dnattr|group|role|set|set-ref|
- * access_id|subtree|onelevel|children
+ * attrs := attribute[[,attribute]..]|[all]
+ * attribute := attributeType|attributeType=attributeValue|attributeType=attributeValuePrefix*
+ * type := public|users|self|dnattr|group|role|set|set-ref|
+ * access_id|subtree|onelevel|children
*/
static int
OpenLDAPaciValidatePerms(
@@ -1034,6 +1038,7 @@ OpenLDAPaciValidatePerms(
break;
default:
+ Debug( LDAP_DEBUG_ACL, "aciValidatePerms: perms needs to be one of x,d,c,s,r,w in '%s'\n", perms->bv_val, 0, 0 );
return LDAP_INVALID_SYNTAX;
}
@@ -1047,6 +1052,7 @@ OpenLDAPaciValidatePerms(
assert( i != perms->bv_len );
if ( perms->bv_val[ i ] != ',' ) {
+ Debug( LDAP_DEBUG_ACL, "aciValidatePerms: missing comma in '%s'\n", perms->bv_val, 0, 0 );
return LDAP_INVALID_SYNTAX;
}
@@ -1075,6 +1081,7 @@ OpenLDAPaciValidateRight(
if ( acl_get_part( action, 0, ';', &bv ) < 0 ||
bv_getcaseidx( &bv, ACIgrantdeny ) == -1 )
{
+ Debug( LDAP_DEBUG_ACL, "aciValidateRight: '%s' must be either 'grant' or 'deny'\n", bv.bv_val, 0, 0 );
return LDAP_INVALID_SYNTAX;
}
@@ -1088,16 +1095,36 @@ OpenLDAPaciValidateRight(
} else {
/* attr */
- AttributeDescription *ad = NULL;
- const char *text = NULL;
+ AttributeDescription *ad;
+ const char *text;
+ struct berval attr, left, right;
+ int j;
/* could be "[all]" or an attribute description */
if ( ber_bvstrcasecmp( &bv, &aci_bv[ ACI_BV_BR_ALL ] ) == 0 ) {
continue;
}
- if ( slap_bv2ad( &bv, &ad, &text ) != LDAP_SUCCESS ) {
- return LDAP_INVALID_SYNTAX;
+
+ for ( j = 0; acl_get_part( &bv, j, ',', &attr ) >= 0; j++ )
+ {
+ ad = NULL;
+ text = NULL;
+ if ( acl_get_part( &attr, 0, '=', &left ) < 0
+ || acl_get_part( &attr, 1, '=', &right ) < 0 )
+ {
+ if ( slap_bv2ad( &attr, &ad, &text ) != LDAP_SUCCESS )
+ {
+ Debug( LDAP_DEBUG_ACL, "aciValidateRight: unknown attribute: '%s'\n", attr.bv_val, 0, 0 );
+ return LDAP_INVALID_SYNTAX;
+ }
+ } else {
+ if ( slap_bv2ad( &left, &ad, &text ) != LDAP_SUCCESS )
+ {
+ Debug( LDAP_DEBUG_ACL, "aciValidateRight: unknown attribute: '%s'\n", left.bv_val, 0, 0 );
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
}
}
}
@@ -1107,6 +1134,7 @@ OpenLDAPaciValidateRight(
return LDAP_SUCCESS;
} else {
+ Debug( LDAP_DEBUG_ACL, "aciValidateRight: perms:attr need to be pairs in '%s'\n", action->bv_val, 0, 0 );
return LDAP_INVALID_SYNTAX;
}
@@ -1127,16 +1155,20 @@ OpenLDAPaciNormalizeRight(
/* grant|deny */
if ( acl_get_part( action, 0, ';', &grantdeny ) < 0 ) {
+ Debug( LDAP_DEBUG_ACL, "aciNormalizeRight: missing ';' in '%s'\n", action->bv_val, 0, 0 );
return LDAP_INVALID_SYNTAX;
}
idx = bv_getcaseidx( &grantdeny, ACIgrantdeny );
if ( idx == -1 ) {
+ Debug( LDAP_DEBUG_ACL, "aciNormalizeRight: '%s' must be grant or deny\n", grantdeny.bv_val, 0, 0 );
return LDAP_INVALID_SYNTAX;
}
ber_dupbv_x( naction, (struct berval *)ACIgrantdeny[ idx ], ctx );
for ( i = 1; acl_get_part( action, i, ';', &bv ) >= 0; i++ ) {
+ struct berval nattrs = BER_BVNULL;
+ int freenattrs = 1;
if ( i & 1 ) {
/* perms */
if ( OpenLDAPaciValidatePerms( &bv ) != LDAP_SUCCESS )
@@ -1151,25 +1183,76 @@ OpenLDAPaciNormalizeRight(
/* could be "[all]" or an attribute description */
if ( ber_bvstrcasecmp( &bv, &aci_bv[ ACI_BV_BR_ALL ] ) == 0 ) {
- bv = aci_bv[ ACI_BV_BR_ALL ];
+ nattrs = aci_bv[ ACI_BV_BR_ALL ];
+ freenattrs = 0;
} else {
AttributeDescription *ad = NULL;
+ AttributeDescription adstatic= { 0 };
const char *text = NULL;
- int rc;
+ struct berval attr, left, right;
+ int j;
+ int len;
- rc = slap_bv2ad( &bv, &ad, &text );
- if ( rc != LDAP_SUCCESS ) {
- return LDAP_INVALID_SYNTAX;
+ for ( j = 0; acl_get_part( &bv, j, ',', &attr ) >= 0; j++ )
+ {
+ ad = NULL;
+ text = NULL;
+ /* openldap 2.1 aci compabitibility [entry] -> entry */
+ if ( ber_bvstrcasecmp( &attr, &aci_bv[ ACI_BV_BR_ENTRY ] ) == 0 ) {
+ ad = &adstatic;
+ adstatic.ad_cname = aci_bv[ ACI_BV_ENTRY ];
+
+ /* openldap 2.1 aci compabitibility [children] -> children */
+ } else if ( ber_bvstrcasecmp( &attr, &aci_bv[ ACI_BV_BR_CHILDREN ] ) == 0 ) {
+ ad = &adstatic;
+ adstatic.ad_cname = aci_bv[ ACI_BV_CHILDREN ];
+
+ /* openldap 2.1 aci compabitibility [all] -> only [all] */
+ } else if ( ber_bvstrcasecmp( &attr, &aci_bv[ ACI_BV_BR_ALL ] ) == 0 ) {
+ ber_memfree_x( nattrs.bv_val, ctx );
+ nattrs = aci_bv[ ACI_BV_BR_ALL ];
+ freenattrs = 0;
+ break;
+
+ } else if ( acl_get_part( &attr, 0, '=', &left ) < 0
+ || acl_get_part( &attr, 1, '=', &right ) < 0 )
+ {
+ if ( slap_bv2ad( &attr, &ad, &text ) != LDAP_SUCCESS )
+ {
+ ber_memfree_x( nattrs.bv_val, ctx );
+ Debug( LDAP_DEBUG_ACL, "aciNormalizeRight: unknown attribute: '%s'\n", attr.bv_val, 0, 0 );
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ } else {
+ if ( slap_bv2ad( &left, &ad, &text ) != LDAP_SUCCESS )
+ {
+ ber_memfree_x( nattrs.bv_val, ctx );
+ Debug( LDAP_DEBUG_ACL, "aciNormalizeRight: unknown attribute: '%s'\n", left.bv_val, 0, 0 );
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+
+ len = nattrs.bv_len + ( !BER_BVISEMPTY( &nattrs ) ? STRLENOF( "," ) : 0 )
+ + ad->ad_cname.bv_len;
+ nattrs.bv_val = ber_memrealloc_x( nattrs.bv_val, len + 1, ctx );
+ ptr = &nattrs.bv_val[ nattrs.bv_len ];
+ if ( !BER_BVISEMPTY( &nattrs ) ) {
+ *ptr++ = ',';
+ }
+ ptr = lutil_strncopy( ptr, ad->ad_cname.bv_val, ad->ad_cname.bv_len );
+ ptr[ 0 ] = '\0';
+ nattrs.bv_len = len;
}
- bv = ad->ad_cname;
}
naction->bv_val = ber_memrealloc_x( naction->bv_val,
naction->bv_len + STRLENOF( ";" )
+ perms.bv_len + STRLENOF( ";" )
- + bv.bv_len + 1,
+ + nattrs.bv_len + 1,
ctx );
ptr = &naction->bv_val[ naction->bv_len ];
@@ -1178,10 +1261,13 @@ OpenLDAPaciNormalizeRight(
ptr = lutil_strncopy( ptr, perms.bv_val, perms.bv_len );
ptr[ 0 ] = ';';
ptr++;
- ptr = lutil_strncopy( ptr, bv.bv_val, bv.bv_len );
+ ptr = lutil_strncopy( ptr, nattrs.bv_val, nattrs.bv_len );
ptr[ 0 ] = '\0';
naction->bv_len += STRLENOF( ";" ) + perms.bv_len
- + STRLENOF( ";" ) + bv.bv_len;
+ + STRLENOF( ";" ) + nattrs.bv_len;
+ if ( freenattrs ) {
+ ber_memfree_x( nattrs.bv_val, ctx );
+ }
}
}
@@ -1190,6 +1276,7 @@ OpenLDAPaciNormalizeRight(
return LDAP_SUCCESS;
} else {
+ Debug( LDAP_DEBUG_ACL, "aciNormalizeRight: perms:attr need to be pairs in '%s'\n", action->bv_val, 0, 0 );
return LDAP_INVALID_SYNTAX;
}
}
@@ -1299,8 +1386,10 @@ OpenLDAPaciValidate(
type = BER_BVNULL,
subject = BER_BVNULL;
int idx;
-
+ int rc;
+
if ( BER_BVISEMPTY( val ) ) {
+ Debug( LDAP_DEBUG_ACL, "aciValidatet: value is empty\n", 0, 0, 0 );
return LDAP_INVALID_SYNTAX;
}
@@ -1312,6 +1401,7 @@ OpenLDAPaciValidate(
* I'd replace it with X-ORDERED VALUES so that
* it's guaranteed values are maintained and used
* in the desired order */
+ Debug( LDAP_DEBUG_ACL, "aciValidate: invalid oid '%s'\n", oid.bv_val, 0, 0 );
return LDAP_INVALID_SYNTAX;
}
@@ -1319,6 +1409,7 @@ OpenLDAPaciValidate(
if ( acl_get_part( val, 1, '#', &scope ) < 0 ||
bv_getcaseidx( &scope, OpenLDAPaciscopes ) == -1 )
{
+ Debug( LDAP_DEBUG_ACL, "aciValidate: invalid scope '%s'\n", scope.bv_val, 0, 0 );
return LDAP_INVALID_SYNTAX;
}
@@ -1331,6 +1422,7 @@ OpenLDAPaciValidate(
/* type */
if ( acl_get_part( val, 3, '#', &type ) < 0 ) {
+ Debug( LDAP_DEBUG_ACL, "aciValidate: missing type in '%s'\n", val->bv_val, 0, 0 );
return LDAP_INVALID_SYNTAX;
}
idx = bv_getcaseidx( &type, OpenLDAPacitypes );
@@ -1338,11 +1430,13 @@ OpenLDAPaciValidate(
struct berval isgr;
if ( acl_get_part( &type, 0, '/', &isgr ) < 0 ) {
+ Debug( LDAP_DEBUG_ACL, "aciValidate: invalid type '%s'\n", type.bv_val, 0, 0 );
return LDAP_INVALID_SYNTAX;
}
idx = bv_getcaseidx( &isgr, OpenLDAPacitypes );
if ( idx == -1 || idx >= LAST_OPTIONAL ) {
+ Debug( LDAP_DEBUG_ACL, "aciValidate: invalid type '%s'\n", isgr.bv_val, 0, 0 );
return LDAP_INVALID_SYNTAX;
}
}
@@ -1350,6 +1444,7 @@ OpenLDAPaciValidate(
/* subject */
bv_get_tail( val, &type, &subject );
if ( subject.bv_val[ 0 ] != '#' ) {
+ Debug( LDAP_DEBUG_ACL, "aciValidate: missing subject in '%s'\n", val->bv_val, 0, 0 );
return LDAP_INVALID_SYNTAX;
}
@@ -1357,15 +1452,16 @@ OpenLDAPaciValidate(
if ( OpenLDAPacitypes[ idx ] == &aci_bv[ ACI_BV_DNATTR ] ) {
AttributeDescription *ad = NULL;
const char *text = NULL;
- int rc;
rc = slap_bv2ad( &subject, &ad, &text );
if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ACL, "aciValidate: unknown dn attribute '%s'\n", subject.bv_val, 0, 0 );
return LDAP_INVALID_SYNTAX;
}
if ( ad->ad_type->sat_syntax != slap_schema.si_syn_distinguishedName ) {
/* FIXME: allow nameAndOptionalUID? */
+ Debug( LDAP_DEBUG_ACL, "aciValidate: wrong syntax for dn attribute '%s'\n", subject.bv_val, 0, 0 );
return LDAP_INVALID_SYNTAX;
}
}
@@ -1399,11 +1495,13 @@ OpenLDAPaciValidate(
rc = slap_bv2ad( &atbv, &ad, &text );
if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ACL, "aciValidate: unknown group attribute '%s'\n", atbv.bv_val, 0, 0 );
return LDAP_INVALID_SYNTAX;
}
}
if ( oc_bvfind( &ocbv ) == NULL ) {
+ Debug( LDAP_DEBUG_ACL, "aciValidate: unknown group '%s'\n", ocbv.bv_val, 0, 0 );
return LDAP_INVALID_SYNTAX;
}
}
@@ -1411,6 +1509,7 @@ OpenLDAPaciValidate(
if ( BER_BVISEMPTY( &subject ) ) {
/* empty DN invalid */
+ Debug( LDAP_DEBUG_ACL, "aciValidate: missing dn in '%s'\n", val->bv_val, 0, 0 );
return LDAP_INVALID_SYNTAX;
}
@@ -1418,7 +1517,11 @@ OpenLDAPaciValidate(
subject.bv_len--;
/* FIXME: pass DN syntax? */
- return dnValidate( NULL, &subject );
+ rc = dnValidate( NULL, &subject );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ACL, "aciValidate: invalid dn '%s'\n", subject.bv_val, 0, 0 );
+ }
+ return rc;
}
static int
@@ -1443,6 +1546,7 @@ OpenLDAPaciPrettyNormal(
char *ptr;
if ( BER_BVISEMPTY( val ) ) {
+ Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: value is empty\n", 0, 0, 0 );
return LDAP_INVALID_SYNTAX;
}
@@ -1450,21 +1554,25 @@ OpenLDAPaciPrettyNormal(
if ( acl_get_part( val, 0, '#', &oid ) < 0 ||
numericoidValidate( NULL, &oid ) != LDAP_SUCCESS )
{
+ Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: invalid oid '%s'\n", oid.bv_val, 0, 0 );
return LDAP_INVALID_SYNTAX;
}
/* scope: normalize by replacing with OpenLDAPaciscopes */
if ( acl_get_part( val, 1, '#', &scope ) < 0 ) {
+ Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: missing scope in '%s'\n", val->bv_val, 0, 0 );
return LDAP_INVALID_SYNTAX;
}
idx = bv_getcaseidx( &scope, OpenLDAPaciscopes );
if ( idx == -1 ) {
+ Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: invalid scope '%s'\n", scope.bv_val, 0, 0 );
return LDAP_INVALID_SYNTAX;
}
scope = *OpenLDAPaciscopes[ idx ];
/* rights */
if ( acl_get_part( val, 2, '#', &rights ) < 0 ) {
+ Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: missing rights in '%s'\n", val->bv_val, 0, 0 );
return LDAP_INVALID_SYNTAX;
}
if ( OpenLDAPaciNormalizeRights( &rights, &nrights, ctx )
@@ -1475,6 +1583,7 @@ OpenLDAPaciPrettyNormal(
/* type */
if ( acl_get_part( val, 3, '#', &type ) < 0 ) {
+ Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: missing type in '%s'\n", val->bv_val, 0, 0 );
rc = LDAP_INVALID_SYNTAX;
goto cleanup;
}
@@ -1483,12 +1592,14 @@ OpenLDAPaciPrettyNormal(
struct berval isgr;
if ( acl_get_part( &type, 0, '/', &isgr ) < 0 ) {
+ Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: invalid type '%s'\n", type.bv_val, 0, 0 );
rc = LDAP_INVALID_SYNTAX;
goto cleanup;
}
idx = bv_getcaseidx( &isgr, OpenLDAPacitypes );
if ( idx == -1 || idx >= LAST_OPTIONAL ) {
+ Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: invalid type '%s'\n", isgr.bv_val, 0, 0 );
rc = LDAP_INVALID_SYNTAX;
goto cleanup;
}
@@ -1499,6 +1610,7 @@ OpenLDAPaciPrettyNormal(
bv_get_tail( val, &type, &subject );
if ( BER_BVISEMPTY( &subject ) || subject.bv_val[ 0 ] != '#' ) {
+ Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: missing subject in '%s'\n", val->bv_val, 0, 0 );
rc = LDAP_INVALID_SYNTAX;
goto cleanup;
}
@@ -1519,6 +1631,7 @@ OpenLDAPaciPrettyNormal(
freesubject = 1;
} else {
+ Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: invalid subject dn '%s'\n", subject.bv_val, 0, 0 );
goto cleanup;
}
@@ -1551,6 +1664,7 @@ OpenLDAPaciPrettyNormal(
rc = slap_bv2ad( &atbv, &ad, &text );
if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: unknown group attribute '%s'\n", atbv.bv_val, 0, 0 );
rc = LDAP_INVALID_SYNTAX;
goto cleanup;
}
@@ -1560,6 +1674,7 @@ OpenLDAPaciPrettyNormal(
oc = oc_bvfind( &ocbv );
if ( oc == NULL ) {
+ Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: invalid group '%s'\n", ocbv.bv_val, 0, 0 );
rc = LDAP_INVALID_SYNTAX;
goto cleanup;
}
@@ -1595,12 +1710,14 @@ OpenLDAPaciPrettyNormal(
rc = slap_bv2ad( &subject, &ad, &text );
if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: unknown dn attribute '%s'\n", subject.bv_val, 0, 0 );
rc = LDAP_INVALID_SYNTAX;
goto cleanup;
}
if ( ad->ad_type->sat_syntax != slap_schema.si_syn_distinguishedName ) {
/* FIXME: allow nameAndOptionalUID? */
+ Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: wrong syntax for dn attribute '%s'\n", subject.bv_val, 0, 0 );
rc = LDAP_INVALID_SYNTAX;
goto cleanup;
}
@@ -1612,7 +1729,7 @@ OpenLDAPaciPrettyNormal(
out->bv_len =
oid.bv_len + STRLENOF( "#" )
+ scope.bv_len + STRLENOF( "#" )
- + rights.bv_len + STRLENOF( "#" )
+ + nrights.bv_len + STRLENOF( "#" )
+ ntype.bv_len + STRLENOF( "#" )
+ nsubject.bv_len;
diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c
index 8a4c43e496233960fbd05db26fc5e135afa9ebce..59478d83a6b2c4605ab2ccb5767e3ac3c6a0406b 100644
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -40,6 +40,9 @@
#define ACL_BUF_SIZE 1024 /* use most appropriate size */
static const struct berval acl_bv_ip_eq = BER_BVC( "IP=" );
+#ifdef LDAP_PF_INET6
+static const struct berval acl_bv_ipv6_eq = BER_BVC( "IP=[" );
+#endif /* LDAP_PF_INET6 */
#ifdef LDAP_PF_LOCAL
static const struct berval acl_bv_path_eq = BER_BVC("PATH=");
#endif /* LDAP_PF_LOCAL */
@@ -242,7 +245,6 @@ slap_access_allowed(
}
}
-vd_access:
control = slap_acl_mask( a, &mask, op,
e, desc, val, MAXREMATCHES, matches, count, state );
@@ -349,7 +351,10 @@ access_allowed_mask(
assert( attr != NULL );
if ( op ) {
- if ( op->o_is_auth_check &&
+ if ( op->o_acl_priv != ACL_NONE ) {
+ access = op->o_acl_priv;
+
+ } else if ( op->o_is_auth_check &&
( access_level == ACL_SEARCH || access_level == ACL_READ ) )
{
access = ACL_AUTH;
@@ -1317,6 +1322,50 @@ slap_acl_mask(
if ( (addr & b->a_peername_mask) != b->a_peername_addr )
continue;
+#ifdef LDAP_PF_INET6
+ /* extract IPv6 and try exact match */
+ } else if ( b->a_peername_style == ACL_STYLE_IPV6 ) {
+ char *port;
+ char buf[] = "FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF";
+ struct berval ip;
+ struct in6_addr addr;
+ int port_number = -1;
+
+ if ( strncasecmp( op->o_conn->c_peer_name.bv_val,
+ acl_bv_ipv6_eq.bv_val,
+ acl_bv_ipv6_eq.bv_len ) != 0 )
+ continue;
+
+ ip.bv_val = op->o_conn->c_peer_name.bv_val + acl_bv_ipv6_eq.bv_len;
+ ip.bv_len = op->o_conn->c_peer_name.bv_len - acl_bv_ipv6_eq.bv_len;
+
+ port = strrchr( ip.bv_val, ']' );
+ if ( port ) {
+ ip.bv_len = port - ip.bv_val;
+ ++port;
+ if ( port[0] == ':' && lutil_atoi( &port_number, ++port ) != 0 )
+ continue;
+ }
+
+ /* the port check can be anticipated here */
+ if ( b->a_peername_port != -1 && port_number != b->a_peername_port )
+ continue;
+
+ /* address longer than expected? */
+ if ( ip.bv_len >= sizeof(buf) )
+ continue;
+
+ AC_MEMCPY( buf, ip.bv_val, ip.bv_len );
+ buf[ ip.bv_len ] = '\0';
+
+ if ( inet_pton( AF_INET6, buf, &addr ) != 1 )
+ continue;
+
+ /* check mask */
+ if ( !slap_addr6_mask( &addr, &b->a_peername_mask6, &b->a_peername_addr6 ) )
+ continue;
+#endif /* LDAP_PF_INET6 */
+
#ifdef LDAP_PF_LOCAL
/* extract path and try exact match */
} else if ( b->a_peername_style == ACL_STYLE_PATH ) {
diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c
index 48ec0cd7437d5959d54a0b5474773b46c6383633..37db9afd7f80fbdbaf8fed5496b23ed83f823ab0 100644
--- a/servers/slapd/aclparse.c
+++ b/servers/slapd/aclparse.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -52,6 +52,7 @@ char *style_strings[] = {
"users",
"self",
"ip",
+ "ipv6",
"path",
NULL
};
@@ -804,6 +805,14 @@ parse_acl(
} else if ( strcasecmp( style, "ip" ) == 0 ) {
sty = ACL_STYLE_IP;
+ } else if ( strcasecmp( style, "ipv6" ) == 0 ) {
+#ifndef LDAP_PF_INET6
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: IPv6 not supported\n",
+ fname, lineno, 0 );
+#endif /* ! LDAP_PF_INET6 */
+ sty = ACL_STYLE_IPV6;
+
} else if ( strcasecmp( style, "path" ) == 0 ) {
sty = ACL_STYLE_PATH;
#ifndef LDAP_PF_LOCAL
@@ -1101,6 +1110,7 @@ parse_acl(
if ( strncasecmp( left, "group", STRLENOF( "group" ) ) == 0 ) {
char *name = NULL;
char *value = NULL;
+ char *attr_name = SLAPD_GROUP_ATTR;
switch ( sty ) {
case ACL_STYLE_REGEX:
@@ -1218,49 +1228,41 @@ parse_acl(
}
if ( name && *name ) {
- rc = slap_str2ad( name, &b->a_group_at, &text );
-
- if( rc != LDAP_SUCCESS ) {
- char buf[ SLAP_TEXT_BUFLEN ];
-
- snprintf( buf, sizeof( buf ),
- "group \"%s\": %s.",
- right, text );
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: %s\n",
- fname, lineno, buf );
- goto fail;
- }
+ attr_name = name;
*--name = '/';
- } else {
- rc = slap_str2ad( SLAPD_GROUP_ATTR, &b->a_group_at, &text );
+ }
- if ( rc != LDAP_SUCCESS ) {
- char buf[ SLAP_TEXT_BUFLEN ];
+ rc = slap_str2ad( attr_name, &b->a_group_at, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
- snprintf( buf, sizeof( buf ),
- "group \"%s\": %s.",
- SLAPD_GROUP_ATTR, text );
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: %s\n",
- fname, lineno, buf );
- goto fail;
- }
+ snprintf( buf, sizeof( buf ),
+ "group \"%s\": %s.",
+ right, text );
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: %s\n",
+ fname, lineno, buf );
+ goto fail;
}
if ( !is_at_syntax( b->a_group_at->ad_type,
- SLAPD_DN_SYNTAX ) &&
- !is_at_syntax( b->a_group_at->ad_type,
- SLAPD_NAMEUID_SYNTAX ) &&
- !is_at_subtype( b->a_group_at->ad_type, slap_schema.si_ad_labeledURI->ad_type ) )
+ SLAPD_DN_SYNTAX ) /* e.g. "member" */
+ && !is_at_syntax( b->a_group_at->ad_type,
+ SLAPD_NAMEUID_SYNTAX ) /* e.g. memberUID */
+ && !is_at_subtype( b->a_group_at->ad_type,
+ slap_schema.si_ad_labeledURI->ad_type ) /* e.g. memberURL */ )
{
char buf[ SLAP_TEXT_BUFLEN ];
snprintf( buf, sizeof( buf ),
- "group \"%s\": inappropriate syntax: %s.",
+ "group \"%s\" attr \"%s\": inappropriate syntax: %s; "
+ "must be " SLAPD_DN_SYNTAX " (DN), "
+ SLAPD_NAMEUID_SYNTAX " (NameUID) "
+ "or a subtype of labeledURI.",
right,
- b->a_group_at->ad_type->sat_syntax_oid );
+ attr_name,
+ at_syntax( b->a_group_at->ad_type ) );
Debug( LDAP_DEBUG_ANY,
"%s: line %d: %s\n",
fname, lineno, buf );
@@ -1270,13 +1272,13 @@ parse_acl(
{
int rc;
- struct berval vals[2];
+ ObjectClass *ocs[2];
- ber_str2bv( b->a_group_oc->soc_oid, 0, 0, &vals[0] );
- BER_BVZERO( &vals[1] );
+ ocs[0] = b->a_group_oc;
+ ocs[1] = NULL;
rc = oc_check_allowed( b->a_group_at->ad_type,
- vals, NULL );
+ ocs, NULL );
if( rc != 0 ) {
char buf[ SLAP_TEXT_BUFLEN ];
@@ -1301,6 +1303,7 @@ parse_acl(
case ACL_STYLE_EXPAND:
/* cheap replacement to regex for simple expansion */
case ACL_STYLE_IP:
+ case ACL_STYLE_IPV6:
case ACL_STYLE_PATH:
/* legal, peername specific */
break;
@@ -1384,6 +1387,52 @@ parse_acl(
goto fail;
}
}
+
+#ifdef LDAP_PF_INET6
+ } else if ( sty == ACL_STYLE_IPV6 ) {
+ char *addr = NULL,
+ *mask = NULL,
+ *port = NULL;
+
+ split( right, '{', &addr, &port );
+ split( addr, '%', &addr, &mask );
+
+ if ( inet_pton( AF_INET6, addr, &b->a_peername_addr6 ) != 1 ) {
+ /* illegal address */
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "illegal peername address \"%s\".\n",
+ fname, lineno, addr );
+ goto fail;
+ }
+
+ if ( mask == NULL ) {
+ mask = "FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF";
+ }
+
+ if ( inet_pton( AF_INET6, mask, &b->a_peername_mask6 ) != 1 ) {
+ /* illegal mask */
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "illegal peername address mask "
+ "\"%s\".\n",
+ fname, lineno, mask );
+ goto fail;
+ }
+
+ b->a_peername_port = -1;
+ if ( port ) {
+ char *end = NULL;
+
+ b->a_peername_port = strtol( port, &end, 10 );
+ if ( end == port || end[0] != '}' ) {
+ /* illegal port */
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "illegal peername port specification "
+ "\"{%s}\".\n",
+ fname, lineno, port );
+ goto fail;
+ }
+ }
+#endif /* LDAP_PF_INET6 */
}
}
continue;
@@ -2216,7 +2265,7 @@ acl_usage( void )
"exact | regex\n"
"<attrstyle> ::= exact | regex | base(Object) | one(level) | "
"sub(tree) | children\n"
- "<peernamestyle> ::= exact | regex | ip | path\n"
+ "<peernamestyle> ::= exact | regex | ip | ipv6 | path\n"
"<domainstyle> ::= exact | regex | base(Object) | sub(tree)\n"
"<access> ::= [[real]self]{<level>|<priv>}\n"
"<level> ::= none|disclose|auth|compare|search|read|{write|add|delete}|manage\n"
diff --git a/servers/slapd/ad.c b/servers/slapd/ad.c
index c9601a3a10b33be83fd806f5a9ae55763d0d4c48..a48c7bdc39d46b30a6a15785887ea10a051ba67f 100644
--- a/servers/slapd/ad.c
+++ b/servers/slapd/ad.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -175,8 +175,9 @@ int slap_bv2ad(
}
/* find valid base attribute type; parse in place */
- memset( &desc, 0, sizeof( desc ) );
desc.ad_cname = *bv;
+ desc.ad_flags = 0;
+ BER_BVZERO( &desc.ad_tags );
name = bv->bv_val;
options = ber_bvchr( bv, ';' );
if ( options != NULL && (unsigned) ( options - name ) < bv->bv_len ) {
@@ -200,7 +201,6 @@ int slap_bv2ad(
* parse options in place
*/
ntags = 0;
- memset( tags, 0, sizeof( tags ));
tagslen = 0;
optn = bv->bv_val + bv->bv_len;
@@ -773,6 +773,24 @@ int slap_bv2undef_ad(
return LDAP_SUCCESS;
}
+AttributeDescription *
+slap_bv2tmp_ad(
+ struct berval *bv,
+ void *memctx )
+{
+ AttributeDescription *ad =
+ slap_sl_mfuncs.bmf_malloc( sizeof(AttributeDescription) +
+ bv->bv_len + 1, memctx );
+
+ ad->ad_cname.bv_val = (char *)(ad+1);
+ strncpy( ad->ad_cname.bv_val, bv->bv_val, bv->bv_len+1 );
+ ad->ad_cname.bv_len = bv->bv_len;
+ ad->ad_flags = SLAP_DESC_TEMPORARY;
+ ad->ad_type = slap_schema.si_at_undefined;
+
+ return ad;
+}
+
static int
undef_promote(
AttributeType *at,
diff --git a/servers/slapd/add.c b/servers/slapd/add.c
index e00f6d1a40973eabfcf7d3308999461abd511657..8d22d54afc255c11b7a4279192511b2cc75d4713 100644
--- a/servers/slapd/add.c
+++ b/servers/slapd/add.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -157,7 +157,7 @@ do_add( Operation *op, SlapReply *rs )
goto done;
}
- rs->sr_err = slap_mods_check( modlist, &rs->sr_text,
+ rs->sr_err = slap_mods_check( op, modlist, &rs->sr_text,
textbuf, textlen, NULL );
if ( rs->sr_err != LDAP_SUCCESS ) {
@@ -315,7 +315,7 @@ fe_op_add( Operation *op, SlapReply *rs )
}
- /* check for duplicate values */
+ /* check for unmodifiable attributes */
rs->sr_err = slap_mods_no_repl_user_mod_check( op,
op->ora_modlist, &rs->sr_text, textbuf, textlen );
if ( rs->sr_err != LDAP_SUCCESS ) {
@@ -323,13 +323,6 @@ fe_op_add( Operation *op, SlapReply *rs )
goto done;
}
- rs->sr_err = slap_mods2entry( *modtail, &op->ora_e,
- 0, 0, &rs->sr_text, textbuf, textlen );
- if ( rs->sr_err != LDAP_SUCCESS ) {
- send_ldap_result( op, rs );
- goto done;
- }
-
cb.sc_next = op->o_callback;
op->o_callback = &cb;
}
@@ -431,7 +424,7 @@ slap_mods2entry(
attr->a_vals = ch_realloc( attr->a_vals,
sizeof( struct berval ) * (i+j) );
- /* should check for duplicates */
+ /* checked for duplicates in slap_mods_check */
if ( dup ) {
for ( j = 0; mods->sml_values[j].bv_val; j++ ) {
@@ -470,46 +463,9 @@ slap_mods2entry(
#endif
}
- if( mods->sml_values[1].bv_val != NULL ) {
- /* check for duplicates */
- int i, j, rc, match;
- MatchingRule *mr = mods->sml_desc->ad_type->sat_equality;
-
- for ( i = 1; mods->sml_values[i].bv_val != NULL; i++ ) {
- /* test asserted values against themselves */
- for( j = 0; j < i; j++ ) {
- rc = ordered_value_match( &match, mods->sml_desc, mr,
- SLAP_MR_EQUALITY
- | SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX
- | SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH
- | SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH,
- mods->sml_nvalues
- ? &mods->sml_nvalues[i]
- : &mods->sml_values[i],
- mods->sml_nvalues
- ? &mods->sml_nvalues[j]
- : &mods->sml_values[j],
- text );
-
- if ( rc == LDAP_SUCCESS && match == 0 ) {
- /* value exists already */
- snprintf( textbuf, textlen,
- "%s: value #%d provided more than once",
- mods->sml_desc->ad_cname.bv_val, j );
- *text = textbuf;
- return LDAP_TYPE_OR_VALUE_EXISTS;
-
- } else if ( rc != LDAP_SUCCESS ) {
- return rc;
- }
- }
- }
- }
-
attr = attr_alloc( mods->sml_desc );
/* move values to attr structure */
- /* should check for duplicates */
if ( dup ) {
int i;
for ( i = 0; mods->sml_values[i].bv_val; i++ ) /* EMPTY */;
@@ -628,30 +584,6 @@ int slap_add_opattrs(
char csnbuf[ LDAP_LUTIL_CSNSTR_BUFSIZE ];
Attribute *a;
- a = attr_find( op->ora_e->e_attrs,
- slap_schema.si_ad_structuralObjectClass );
-
- if ( !a ) {
- Attribute *oc;
- int rc;
-
- oc = attr_find( op->ora_e->e_attrs, slap_schema.si_ad_objectClass );
- if ( oc ) {
- rc = structural_class( oc->a_vals, &tmp, NULL, text,
- textbuf, textlen );
- if( rc == LDAP_SUCCESS ) {
- attr_merge_one( op->ora_e,
- slap_schema.si_ad_structuralObjectClass,
- &tmp, NULL );
-
- } else if ( !SLAP_NO_SCHEMA_CHECK( op->o_bd ) &&
- !get_no_schema_check( op ) )
- {
- return rc;
- }
- }
- }
-
if ( SLAP_LASTMOD( op->o_bd ) ) {
char *ptr;
int gotcsn = 0;
@@ -676,10 +608,9 @@ int slap_add_opattrs(
}
ptr = ber_bvchr( &csn, '#' );
if ( ptr ) {
- timestamp.bv_len = ptr - csn.bv_val;
- if ( timestamp.bv_len >= sizeof(timebuf) ) /* ?!? */
- timestamp.bv_len = sizeof(timebuf) - 1;
+ timestamp.bv_len = STRLENOF("YYYYMMDDHHMMSSZ");
AC_MEMCPY( timebuf, csn.bv_val, timestamp.bv_len );
+ timebuf[timestamp.bv_len-1] = 'Z';
timebuf[timestamp.bv_len] = '\0';
} else {
time_t now = slap_get_time();
diff --git a/servers/slapd/alock.c b/servers/slapd/alock.c
index 624e9181851a9e95581cfc27d2a4f345fb3b7312..37d467ad127e658ee0ee0021998f4a13cfa22924 100644
--- a/servers/slapd/alock.c
+++ b/servers/slapd/alock.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2005-2006 The OpenLDAP Foundation.
+ * Copyright 2005-2007 The OpenLDAP Foundation.
* Portions Copyright 2004-2005 Symas Corporation.
* All rights reserved.
*
diff --git a/servers/slapd/alock.h b/servers/slapd/alock.h
index 9225358d487dfa964515793c87b1264ca0f3be1a..0f78fffdd0ef1196475e5f96d7a467990eff5121 100644
--- a/servers/slapd/alock.h
+++ b/servers/slapd/alock.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2005-2006 The OpenLDAP Foundation.
+ * Copyright 2005-2007 The OpenLDAP Foundation.
* Portions Copyright 2004-2005 Symas Corporation.
* All rights reserved.
*
diff --git a/servers/slapd/at.c b/servers/slapd/at.c
index 7ab6eed84fd0cf7761791aaa84a301ffd44446e1..4538f5b5d4c4d8f1619bf818b4b392a8916515eb 100644
--- a/servers/slapd/at.c
+++ b/servers/slapd/at.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -27,16 +27,32 @@
#include "slap.h"
-int is_at_syntax(
- AttributeType *at,
- const char *oid )
+const char *
+at_syntax(
+ AttributeType *at )
{
- for( ; at != NULL; at = at->sat_sup ) {
- if( at->sat_syntax_oid ) {
- return ( strcmp( at->sat_syntax_oid, oid ) == 0 );
+ for ( ; at != NULL; at = at->sat_sup ) {
+ if ( at->sat_syntax_oid ) {
+ return at->sat_syntax_oid;
}
}
+ assert( 0 );
+
+ return NULL;
+}
+
+int
+is_at_syntax(
+ AttributeType *at,
+ const char *oid )
+{
+ const char *syn_oid = at_syntax( at );
+
+ if ( syn_oid ) {
+ return strcmp( syn_oid, oid ) == 0;
+ }
+
return 0;
}
@@ -61,6 +77,9 @@ static Avlnode *attr_cache = NULL;
static LDAP_STAILQ_HEAD(ATList, slap_attribute_type) attr_list
= LDAP_STAILQ_HEAD_INITIALIZER(attr_list);
+/* Last hardcoded attribute registered */
+AttributeType *at_sys_tail;
+
int at_oc_cache;
static int
@@ -265,8 +284,14 @@ at_clean( AttributeType *a )
}
}
- if ( a->sat_oidmacro ) ldap_memfree( a->sat_oidmacro );
- if ( a->sat_subtypes ) ldap_memfree( a->sat_subtypes );
+ if ( a->sat_oidmacro ) {
+ ldap_memfree( a->sat_oidmacro );
+ a->sat_oidmacro = NULL;
+ }
+ if ( a->sat_subtypes ) {
+ ldap_memfree( a->sat_subtypes );
+ a->sat_subtypes = NULL;
+ }
}
static void
@@ -320,7 +345,7 @@ at_next( AttributeType **at )
{
assert( at != NULL );
-#if 1 /* pedantic check */
+#if 0 /* pedantic check: don't use this */
{
AttributeType *tmp = NULL;
@@ -430,6 +455,7 @@ at_insert(
/* replacing a deleted definition? */
if ( old_sat->sat_flags & SLAP_AT_DELETED ) {
AttributeType tmp;
+ AttributeDescription *ad;
/* Keep old oid, free new oid;
* Keep old ads, free new ads;
@@ -443,6 +469,14 @@ at_insert(
tmp.sat_ad = sat->sat_ad;
*sat = tmp;
+ /* Check for basic ad pointing at old cname */
+ for ( ad = old_sat->sat_ad; ad; ad=ad->ad_next ) {
+ if ( ad->ad_cname.bv_val == sat->sat_cname.bv_val ) {
+ ad->ad_cname = old_sat->sat_cname;
+ break;
+ }
+ }
+
at_clean( sat );
at_destroy_one( air );
@@ -525,6 +559,10 @@ at_insert(
}
}
+ if ( sat->sat_flags & SLAP_AT_HARDCODE ) {
+ prev = at_sys_tail;
+ at_sys_tail = sat;
+ }
if ( prev ) {
LDAP_STAILQ_INSERT_AFTER( &attr_list, prev, sat, sat_next );
} else {
@@ -917,7 +955,7 @@ at_unparse( BerVarray *res, AttributeType *start, AttributeType *end, int sys )
/* count the result size */
i = 0;
for ( at=start; at; at=LDAP_STAILQ_NEXT(at, sat_next)) {
- if ( sys && !(at->sat_flags & SLAP_AT_HARDCODE)) continue;
+ if ( sys && !(at->sat_flags & SLAP_AT_HARDCODE)) break;
i++;
if ( at == end ) break;
}
@@ -934,7 +972,7 @@ at_unparse( BerVarray *res, AttributeType *start, AttributeType *end, int sys )
i = 0;
for ( at=start; at; at=LDAP_STAILQ_NEXT(at, sat_next)) {
LDAPAttributeType lat, *latp;
- if ( sys && !(at->sat_flags & SLAP_AT_HARDCODE)) continue;
+ if ( sys && !(at->sat_flags & SLAP_AT_HARDCODE)) break;
if ( at->sat_oidmacro ) {
lat = at->sat_atype;
lat.at_oid = at->sat_oidmacro;
diff --git a/servers/slapd/attr.c b/servers/slapd/attr.c
index 4c21b9bfc0332f9d171deac124d2ca337d2cff40..4e418e3032780459f670c8cb38414a108d76ab83 100644
--- a/servers/slapd/attr.c
+++ b/servers/slapd/attr.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -124,7 +124,7 @@ attrs_alloc( int num )
void
-attr_free( Attribute *a )
+attr_clean( Attribute *a )
{
if ( a->a_nvals && a->a_nvals != a->a_vals &&
!( a->a_flags & SLAP_ATTR_DONT_FREE_VALS )) {
@@ -146,7 +146,19 @@ attr_free( Attribute *a )
ber_bvarray_free( a->a_vals );
}
}
- memset( a, 0, sizeof( Attribute ));
+ a->a_desc = NULL;
+ a->a_vals = NULL;
+ a->a_nvals = NULL;
+#ifdef LDAP_COMP_MATCH
+ a->a_comp_data = NULL;
+#endif
+ a->a_flags = 0;
+}
+
+void
+attr_free( Attribute *a )
+{
+ attr_clean( a );
ldap_pvt_thread_mutex_lock( &attr_mutex );
a->a_next = attr_list;
attr_list = a;
@@ -173,23 +185,28 @@ comp_tree_free( Attribute *a )
void
attrs_free( Attribute *a )
{
- Attribute *next;
-
- for( ; a != NULL ; a = next ) {
- next = a->a_next;
- attr_free( a );
+ Attribute *b, *tail, *next;
+
+ if ( a ) {
+ tail = a;
+ do {
+ next = a->a_next;
+ attr_clean( a );
+ a->a_next = b;
+ b = a;
+ a = next;
+ } while ( next );
+
+ ldap_pvt_thread_mutex_lock( &attr_mutex );
+ tail->a_next = attr_list;
+ attr_list = b;
+ ldap_pvt_thread_mutex_unlock( &attr_mutex );
}
}
-Attribute *
-attr_dup( Attribute *a )
+static void
+attr_dup2( Attribute *tmp, Attribute *a )
{
- Attribute *tmp;
-
- if ( a == NULL) return NULL;
-
- tmp = attr_alloc( a->a_desc );
-
if ( a->a_vals != NULL ) {
int i;
@@ -224,31 +241,43 @@ attr_dup( Attribute *a )
} else {
tmp->a_nvals = tmp->a_vals;
}
-
- } else {
- tmp->a_vals = NULL;
- tmp->a_nvals = NULL;
}
+}
+
+Attribute *
+attr_dup( Attribute *a )
+{
+ Attribute *tmp;
+
+ if ( a == NULL) return NULL;
+
+ tmp = attr_alloc( a->a_desc );
+ attr_dup2( tmp, a );
return tmp;
}
Attribute *
attrs_dup( Attribute *a )
{
- Attribute *tmp, **next;
+ int i;
+ Attribute *tmp, *anew;
if( a == NULL ) return NULL;
- tmp = NULL;
- next = &tmp;
+ /* count them */
+ for( tmp=a,i=0; tmp; tmp=tmp->a_next ) {
+ i++;
+ }
+
+ anew = attrs_alloc( i );
- for( ; a != NULL ; a = a->a_next ) {
- *next = attr_dup( a );
- next = &((*next)->a_next);
+ for( tmp=anew; a; a=a->a_next ) {
+ tmp->a_desc = a->a_desc;
+ attr_dup2( tmp, a );
+ tmp=tmp->a_next;
}
- *next = NULL;
- return tmp;
+ return anew;
}
@@ -348,7 +377,6 @@ attr_normalize(
*nvalsp = nvals;
}
-error_return:;
if ( rc != LDAP_SUCCESS && nvals != NULL ) {
ber_bvarray_free_x( nvals, memctx );
}
diff --git a/servers/slapd/ava.c b/servers/slapd/ava.c
index 888a4404a505cbe07cd6e81e0c481cea2c71b548..4f321fb90b333f5b54c8e63972260516c4e8bd95 100644
--- a/servers/slapd/ava.c
+++ b/servers/slapd/ava.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -48,6 +48,8 @@ ava_free(
nibble_mem_free ( ava->aa_cf->cf_ca->ca_comp_data.cd_mem_op );
#endif
op->o_tmpfree( ava->aa_value.bv_val, op->o_tmpmemctx );
+ if ( ava->aa_desc->ad_flags & SLAP_DESC_TEMPORARY )
+ op->o_tmpfree( ava->aa_desc, op->o_tmpmemctx );
if ( freeit ) op->o_tmpfree( (char *) ava, op->o_tmpmemctx );
}
@@ -55,7 +57,7 @@ int
get_ava(
Operation *op,
BerElement *ber,
- AttributeAssertion **ava,
+ Filter *f,
unsigned usage,
const char **text )
{
@@ -85,13 +87,17 @@ get_ava(
rc = slap_bv2ad( &type, &aa->aa_desc, text );
if( rc != LDAP_SUCCESS ) {
+ f->f_choice |= SLAPD_FILTER_UNDEFINED;
+ *text = NULL;
rc = slap_bv2undef_ad( &type, &aa->aa_desc, text,
SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
if( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_FILTER,
"get_ava: unknown attributeType %s\n", type.bv_val, 0, 0 );
- op->o_tmpfree( aa, op->o_tmpmemctx );
+ aa->aa_desc = slap_bv2tmp_ad( &type, op->o_tmpmemctx );
+ ber_dupbv_x( &aa->aa_value, &value, op->o_tmpmemctx );
+ f->f_ava = aa;
return rc;
}
}
@@ -101,10 +107,11 @@ get_ava(
usage, &value, &aa->aa_value, text, op->o_tmpmemctx );
if( rc != LDAP_SUCCESS ) {
+ f->f_choice |= SLAPD_FILTER_UNDEFINED;
Debug( LDAP_DEBUG_FILTER,
"get_ava: illegal value for attributeType %s\n", type.bv_val, 0, 0 );
- op->o_tmpfree( aa, op->o_tmpmemctx );
- return rc;
+ ber_dupbv_x( &aa->aa_value, &value, op->o_tmpmemctx );
+ rc = LDAP_SUCCESS;
}
#ifdef LDAP_COMP_MATCH
@@ -120,6 +127,6 @@ get_ava(
}
}
#endif
- *ava = aa;
+ f->f_ava = aa;
return LDAP_SUCCESS;
}
diff --git a/servers/slapd/back-bdb/Makefile.in b/servers/slapd/back-bdb/Makefile.in
index 4f1d8d0cc9e9d167398feb3128068146aa9bd2dd..b9317d8668da04d4faa0f40601f01086d28f489b 100644
--- a/servers/slapd/back-bdb/Makefile.in
+++ b/servers/slapd/back-bdb/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-bdb/add.c b/servers/slapd/back-bdb/add.c
index 0e4959838a5984caf4a1a350a950202b9c947711..1f70e8ef409150b5e70ca5abbd385d64782b78eb 100644
--- a/servers/slapd/back-bdb/add.c
+++ b/servers/slapd/back-bdb/add.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@ bdb_add(Operation *op, SlapReply *rs )
{
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
struct berval pdn;
- Entry *p = NULL;
+ Entry *p = NULL, *oe = op->ora_e;
EntryInfo *ei;
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof textbuf;
@@ -35,10 +35,11 @@ bdb_add(Operation *op, SlapReply *rs )
DB_TXN *ltid = NULL, *lt2;
struct bdb_op_info opinfo = {0};
int subentry;
- u_int32_t locker = 0;
+ u_int32_t locker = 0, rlocker = 0;
DB_LOCK lock;
int num_retries = 0;
+ int success;
LDAPControl **postread_ctrl = NULL;
LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
@@ -91,22 +92,23 @@ txnReturn:
ctrls[num_ctrls] = 0;
- /* add opattrs to shadow as well, only missing attrs will actually
- * be added; helps compatibility with older OL versions */
- rs->sr_err = slap_add_opattrs( op, &rs->sr_text, textbuf, textlen, 1 );
+
+ /* check entry's schema */
+ rs->sr_err = entry_schema_check( op, op->oq_add.rs_e, NULL,
+ get_relax(op), 1, &rs->sr_text, textbuf, textlen );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
- LDAP_XSTRING(bdb_add) ": entry failed op attrs add: "
+ LDAP_XSTRING(bdb_add) ": entry failed schema check: "
"%s (%d)\n", rs->sr_text, rs->sr_err, 0 );
goto return_results;
}
- /* check entry's schema */
- rs->sr_err = entry_schema_check( op, op->oq_add.rs_e, NULL,
- get_relax(op), &rs->sr_text, textbuf, textlen );
+ /* add opattrs to shadow as well, only missing attrs will actually
+ * be added; helps compatibility with older OL versions */
+ rs->sr_err = slap_add_opattrs( op, &rs->sr_text, textbuf, textlen, 1 );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
- LDAP_XSTRING(bdb_add) ": entry failed schema check: "
+ LDAP_XSTRING(bdb_add) ": entry failed op attrs add: "
"%s (%d)\n", rs->sr_text, rs->sr_err, 0 );
goto return_results;
}
@@ -127,12 +129,15 @@ txnReturn:
goto return_results;
}
+ /* Get our thread locker ID */
+ rs->sr_err = LOCK_ID( bdb->bi_dbenv, &rlocker );
+
if( 0 ) {
retry: /* transaction retry */
if( p ) {
/* free parent and reader lock */
if ( p != (Entry *)&slap_entry_root ) {
- bdb_unlocked_cache_return_entry_r( &bdb->bi_cache, p );
+ bdb_unlocked_cache_return_entry_r( bdb, p );
}
p = NULL;
}
@@ -214,7 +219,7 @@ retry: /* transaction retry */
rs->sr_ref = is_entry_referral( p )
? get_entry_referrals( op, p )
: NULL;
- bdb_unlocked_cache_return_entry_r( &bdb->bi_cache, p );
+ bdb_unlocked_cache_return_entry_r( bdb, p );
p = NULL;
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": parent "
@@ -269,7 +274,7 @@ retry: /* transaction retry */
rs->sr_matched = ber_strdup_x( p->e_name.bv_val,
op->o_tmpmemctx );
rs->sr_ref = get_entry_referrals( op, p );
- bdb_unlocked_cache_return_entry_r( &bdb->bi_cache, p );
+ bdb_unlocked_cache_return_entry_r( bdb, p );
p = NULL;
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": parent is referral\n",
@@ -288,7 +293,7 @@ retry: /* transaction retry */
/* free parent and reader lock */
if ( p != (Entry *)&slap_entry_root ) {
- bdb_unlocked_cache_return_entry_r( &bdb->bi_cache, p );
+ bdb_unlocked_cache_return_entry_r( bdb, p );
}
p = NULL;
@@ -414,17 +419,17 @@ retry: /* transaction retry */
} else {
struct berval nrdn;
- Entry *e = entry_dup( op->ora_e );
/* pick the RDN if not suffix; otherwise pick the entire DN */
if (pdn.bv_len) {
- nrdn.bv_val = e->e_nname.bv_val;
+ nrdn.bv_val = op->ora_e->e_nname.bv_val;
nrdn.bv_len = pdn.bv_val - op->ora_e->e_nname.bv_val - 1;
} else {
- nrdn = e->e_nname;
+ nrdn = op->ora_e->e_nname;
}
- bdb_cache_add( bdb, ei, e, &nrdn, locker );
+ /* Use the thread locker here, outside the txn */
+ bdb_cache_add( bdb, ei, op->ora_e, &nrdn, rlocker, &lock );
if(( rs->sr_err=TXN_COMMIT( ltid, 0 )) != 0 ) {
rs->sr_text = "txn_commit failed";
@@ -453,6 +458,7 @@ retry: /* transaction retry */
if( num_ctrls ) rs->sr_ctrls = ctrls;
return_results:
+ success = rs->sr_err;
send_ldap_result( op, rs );
slap_graduate_commit_csn( op );
@@ -461,14 +467,26 @@ return_results:
}
op->o_private = NULL;
+ if( success == LDAP_SUCCESS ) {
+ /* We own the entry now, and it can be purged at will
+ * Check to make sure it's the same entry we entered with.
+ * Possibly a callback may have mucked with it, although
+ * in general callbacks should treat the entry as read-only.
+ */
+ bdb_cache_return_entry_r( bdb, oe, &lock );
+ if ( op->ora_e == oe )
+ op->ora_e = NULL;
+
+ if ( bdb->bi_txn_cp_kbyte ) {
+ TXN_CHECKPOINT( bdb->bi_dbenv,
+ bdb->bi_txn_cp_kbyte, bdb->bi_txn_cp_min, 0 );
+ }
+ }
+
if( postread_ctrl != NULL && (*postread_ctrl) != NULL ) {
slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
slap_sl_free( *postread_ctrl, op->o_tmpmemctx );
}
- if( rs->sr_err == LDAP_SUCCESS && bdb->bi_txn_cp ) {
- TXN_CHECKPOINT( bdb->bi_dbenv,
- bdb->bi_txn_cp_kbyte, bdb->bi_txn_cp_min, 0 );
- }
return rs->sr_err;
}
diff --git a/servers/slapd/back-bdb/attr.c b/servers/slapd/back-bdb/attr.c
index 15a28a91ba2bf6b9363365a168195811061c4a00..00f0a0e40a08a31d213ef8feea0228fde4d191ee 100644
--- a/servers/slapd/back-bdb/attr.c
+++ b/servers/slapd/back-bdb/attr.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-bdb/back-bdb.h b/servers/slapd/back-bdb/back-bdb.h
index df8125be6cc707896941e0d48dc5a16a56c17d05..d564bfedfcba079672592a1336a5332e17da88bf 100644
--- a/servers/slapd/back-bdb/back-bdb.h
+++ b/servers/slapd/back-bdb/back-bdb.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -68,9 +68,9 @@ LDAP_BEGIN_DECL
typedef struct bdb_idl_cache_entry_s {
struct berval kstr;
- ldap_pvt_thread_rdwr_t idl_entry_rwlock;
ID *idl;
DB *db;
+ int idl_flags;
struct bdb_idl_cache_entry_s* idl_lru_prev;
struct bdb_idl_cache_entry_s* idl_lru_next;
} bdb_idl_cache_entry_t;
@@ -94,6 +94,8 @@ typedef struct bdb_entry_info {
#define CACHE_ENTRY_LOADING 0x10
#define CACHE_ENTRY_WALKING 0x20
#define CACHE_ENTRY_ONELEVEL 0x40
+#define CACHE_ENTRY_REFERENCED 0x80
+ int bei_finders;
/*
* remaining fields require backend cache lock to access
@@ -121,20 +123,22 @@ typedef struct bdb_entry_info {
/* for the in-core cache of entries */
typedef struct bdb_cache {
- int c_maxsize;
- int c_cursize;
- int c_minfree;
- int c_eiused; /* EntryInfo's in use */
- int c_leaves; /* EntryInfo leaf nodes */
- EntryInfo c_dntree;
EntryInfo *c_eifree; /* free list */
- Avlnode *c_idtree;
+ Avlnode *c_idtree;
EntryInfo *c_lruhead; /* lru - add accessed entries here */
EntryInfo *c_lrutail; /* lru - rem lru entries from here */
- ldap_pvt_thread_rdwr_t c_rwlock;
- ldap_pvt_thread_mutex_t lru_head_mutex;
- ldap_pvt_thread_mutex_t lru_tail_mutex;
+ EntryInfo c_dntree;
+ int c_maxsize;
+ int c_cursize;
+ int c_minfree;
+ int c_eiused; /* EntryInfo's in use */
+ int c_leaves; /* EntryInfo leaf nodes */
+ int c_purging;
u_int32_t c_locker; /* used by lru cleaner */
+ ldap_pvt_thread_rdwr_t c_rwlock;
+ ldap_pvt_thread_mutex_t c_lru_mutex;
+ ldap_pvt_thread_mutex_t c_count_mutex;
+ ldap_pvt_thread_mutex_t c_eifree_mutex;
#ifdef SLAP_ZONE_ALLOC
void *c_zctx;
#endif
diff --git a/servers/slapd/back-bdb/bind.c b/servers/slapd/back-bdb/bind.c
index ef72666535b75a47de487bdc30968a08d836bee9..84f3a38a0ef33ca47c4e8ed6aa0cd29b95eae216 100644
--- a/servers/slapd/back-bdb/bind.c
+++ b/servers/slapd/back-bdb/bind.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -17,7 +17,6 @@
#include "portable.h"
#include <stdio.h>
-#include <ac/krb.h>
#include <ac/string.h>
#include <ac/unistd.h>
@@ -30,12 +29,6 @@ bdb_bind( Operation *op, SlapReply *rs )
Entry *e;
Attribute *a;
EntryInfo *ei;
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
- char krbname[MAX_K_NAME_SZ + 1];
- AttributeDescription *krbattr = slap_schema.si_ad_krbName;
- struct berval krbval;
- AUTH_DAT ad;
-#endif
AttributeDescription *password = slap_schema.si_ad_userPassword;
@@ -88,8 +81,7 @@ dn2entry_retry:
e = ei->bei_e;
if ( rs->sr_err == DB_NOTFOUND ) {
if( e != NULL ) {
- bdb_cache_return_entry_r( bdb->bi_dbenv,
- &bdb->bi_cache, e, &lock );
+ bdb_cache_return_entry_r( bdb, e, &lock );
e = NULL;
}
@@ -145,50 +137,8 @@ dn2entry_retry:
rs->sr_err = 0;
break;
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
- case LDAP_AUTH_KRBV41:
- if ( krbv4_ldap_auth( op->o_bd, &op->oq_bind.rb_cred, &ad )
- != LDAP_SUCCESS )
- {
- rs->sr_err = LDAP_INVALID_CREDENTIALS,
- goto done;
- }
-
- rs->sr_err = access_allowed( op, e,
- krbattr, NULL, ACL_AUTH, NULL );
- if ( ! rs->sr_err ) {
- rs->sr_err = LDAP_INSUFFICIENT_ACCESS,
- goto done;
- }
-
- krbval.bv_len = sprintf( krbname, "%s%s%s@%s", ad.pname,
- *ad.pinst ? "." : "", ad.pinst, ad.prealm );
-
- if ( (a = attr_find( e->e_attrs, krbattr )) == NULL ) {
- /*
- * no krbname values present: check against DN
- */
- if ( strcasecmp( op->o_req_dn.bv_val, krbname ) == 0 ) {
- rs->sr_err = 0;
- break;
- }
- rs->sr_err = LDAP_INAPPROPRIATE_AUTH,
- goto done;
-
- } else { /* look for krbname match */
- krbval.bv_val = krbname;
-
- if ( value_find( a->a_desc, a->a_vals, &krbval ) != 0 ) {
- rs->sr_err = LDAP_INVALID_CREDENTIALS;
- goto done;
- }
- }
- rs->sr_err = 0;
- break;
-#endif
-
default:
- assert( 0 ); /* should not be unreachable */
+ assert( 0 ); /* should not be reachable */
rs->sr_err = LDAP_STRONG_AUTH_NOT_SUPPORTED;
rs->sr_text = "authentication method not supported";
}
@@ -196,7 +146,7 @@ dn2entry_retry:
done:
/* free entry and reader lock */
if( e != NULL ) {
- bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache, e, &lock );
+ bdb_cache_return_entry_r( bdb, e, &lock );
}
LOCK_ID_FREE(bdb->bi_dbenv, locker);
diff --git a/servers/slapd/back-bdb/cache.c b/servers/slapd/back-bdb/cache.c
index b55b8d053d78fd6202b6fe92a75de97a2fc81351..7f93b3bad1096373bf04c069f3da0cf9fd66a3a5 100644
--- a/servers/slapd/back-bdb/cache.c
+++ b/servers/slapd/back-bdb/cache.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -29,52 +29,143 @@
#include "ldap_rq.h"
#ifdef BDB_HIER
-#define bdb_cache_lru_add hdb_cache_lru_add
+#define bdb_cache_lru_purge hdb_cache_lru_purge
#endif
-static void bdb_cache_lru_add( struct bdb_info *bdb, EntryInfo *ei );
+static void bdb_cache_lru_purge( struct bdb_info *bdb );
static int bdb_cache_delete_internal(Cache *cache, EntryInfo *e, int decr);
#ifdef LDAP_DEBUG
+#define SLAPD_UNUSED
#ifdef SLAPD_UNUSED
static void bdb_lru_print(Cache *cache);
#endif
#endif
+/* For concurrency experiments only! */
+#if 0
+#define ldap_pvt_thread_rdwr_wlock(a) 0
+#define ldap_pvt_thread_rdwr_wunlock(a) 0
+#define ldap_pvt_thread_rdwr_rlock(a) 0
+#define ldap_pvt_thread_rdwr_runlock(a) 0
+#endif
+
+#if 0
+#define ldap_pvt_thread_mutex_trylock(a) 0
+#endif
+
static EntryInfo *
bdb_cache_entryinfo_new( Cache *cache )
{
EntryInfo *ei = NULL;
if ( cache->c_eifree ) {
- ldap_pvt_thread_rdwr_wlock( &cache->c_rwlock );
+ ldap_pvt_thread_mutex_lock( &cache->c_eifree_mutex );
if ( cache->c_eifree ) {
ei = cache->c_eifree;
cache->c_eifree = ei->bei_lrunext;
}
- ldap_pvt_thread_rdwr_wunlock( &cache->c_rwlock );
+ ldap_pvt_thread_mutex_unlock( &cache->c_eifree_mutex );
+ ei->bei_finders = 0;
}
- if ( ei ) {
- ei->bei_lrunext = NULL;
- ei->bei_state = 0;
- } else {
- ei = ch_calloc(1, sizeof(struct bdb_entry_info));
+ if ( !ei ) {
+ ei = ch_calloc(1, sizeof(EntryInfo));
ldap_pvt_thread_mutex_init( &ei->bei_kids_mutex );
}
+ ei->bei_state = CACHE_ENTRY_REFERENCED;
+
return ei;
}
+static void
+bdb_cache_entryinfo_free( Cache *cache, EntryInfo *ei )
+{
+ free( ei->bei_nrdn.bv_val );
+ ei->bei_nrdn.bv_val = NULL;
+#ifdef BDB_HIER
+ free( ei->bei_rdn.bv_val );
+ ei->bei_rdn.bv_val = NULL;
+ ei->bei_modrdns = 0;
+ ei->bei_ckids = 0;
+ ei->bei_dkids = 0;
+#endif
+ ei->bei_parent = NULL;
+ ei->bei_kids = NULL;
+ ei->bei_lruprev = NULL;
+
+ ldap_pvt_thread_mutex_lock( &cache->c_eifree_mutex );
+ ei->bei_lrunext = cache->c_eifree;
+ cache->c_eifree = ei;
+ ldap_pvt_thread_mutex_unlock( &cache->c_eifree_mutex );
+}
+
+#define LRU_DEL( c, e ) do { \
+ if ( e == (c)->c_lruhead ) (c)->c_lruhead = e->bei_lruprev; \
+ if ( e == (c)->c_lrutail ) (c)->c_lrutail = e->bei_lruprev; \
+ e->bei_lrunext->bei_lruprev = e->bei_lruprev; \
+ e->bei_lruprev->bei_lrunext = e->bei_lrunext; \
+ e->bei_lruprev = NULL; \
+} while ( 0 )
+
+/* Note - we now use a Second-Chance / Clock algorithm instead of
+ * Least-Recently-Used. This tremendously improves concurrency
+ * because we no longer need to manipulate the lists every time an
+ * entry is touched. We only need to lock the lists when adding
+ * or deleting an entry. It's now a circular doubly-linked list.
+ * We always append to the tail, but the head traverses the circle
+ * during a purge operation.
+ */
+static void
+bdb_cache_lru_link( struct bdb_info *bdb, EntryInfo *ei )
+{
+
+ /* Insert into circular LRU list */
+ ldap_pvt_thread_mutex_lock( &bdb->bi_cache.c_lru_mutex );
+
+ /* Still linked, remove */
+ if ( ei->bei_lruprev ) {
+ LRU_DEL( &bdb->bi_cache, ei );
+ }
+ ei->bei_lruprev = bdb->bi_cache.c_lrutail;
+ if ( bdb->bi_cache.c_lrutail ) {
+ ei->bei_lrunext = bdb->bi_cache.c_lrutail->bei_lrunext;
+ bdb->bi_cache.c_lrutail->bei_lrunext = ei;
+ if ( ei->bei_lrunext )
+ ei->bei_lrunext->bei_lruprev = ei;
+ } else {
+ ei->bei_lrunext = ei->bei_lruprev = ei;
+ bdb->bi_cache.c_lruhead = ei;
+ }
+ bdb->bi_cache.c_lrutail = ei;
+ ldap_pvt_thread_mutex_unlock( &bdb->bi_cache.c_lru_mutex );
+}
+
+#ifdef NO_THREADS
+#define NO_DB_LOCK
+#endif
+
+/* #define NO_DB_LOCK 1 */
+/* Note: The BerkeleyDB locks are much slower than regular
+ * mutexes or rdwr locks. But the BDB implementation has the
+ * advantage of using a fixed size lock table, instead of
+ * allocating a lock object per entry in the DB. That's a
+ * key benefit for scaling. It also frees us from worrying
+ * about undetectable deadlocks between BDB activity and our
+ * own cache activity. It's still worth exploring faster
+ * alternatives though.
+ */
+
/* Atomically release and reacquire a lock */
int
bdb_cache_entry_db_relock(
- DB_ENV *env,
+ struct bdb_info *bdb,
u_int32_t locker,
EntryInfo *ei,
int rw,
int tryOnly,
DB_LOCK *lock )
{
-#ifdef NO_THREADS
+#ifdef NO_DB_LOCK
return 0;
#else
int rc;
@@ -92,7 +183,7 @@ bdb_cache_entry_db_relock(
list[1].lock = *lock;
list[1].mode = rw ? DB_LOCK_WRITE : DB_LOCK_READ;
list[1].obj = &lockobj;
- rc = env->lock_vec(env, locker, tryOnly ? DB_LOCK_NOWAIT : 0,
+ rc = bdb->bi_dbenv->lock_vec(bdb->bi_dbenv, locker, tryOnly ? DB_LOCK_NOWAIT : 0,
list, 2, NULL );
if (rc && !tryOnly) {
@@ -107,10 +198,10 @@ bdb_cache_entry_db_relock(
}
static int
-bdb_cache_entry_db_lock( DB_ENV *env, u_int32_t locker, EntryInfo *ei,
+bdb_cache_entry_db_lock( struct bdb_info *bdb, u_int32_t locker, EntryInfo *ei,
int rw, int tryOnly, DB_LOCK *lock )
{
-#ifdef NO_THREADS
+#ifdef NO_DB_LOCK
return 0;
#else
int rc;
@@ -127,7 +218,7 @@ bdb_cache_entry_db_lock( DB_ENV *env, u_int32_t locker, EntryInfo *ei,
lockobj.data = &ei->bei_id;
lockobj.size = sizeof(ei->bei_id) + 1;
- rc = LOCK_GET(env, locker, tryOnly ? DB_LOCK_NOWAIT : 0,
+ rc = LOCK_GET(bdb->bi_dbenv, locker, tryOnly ? DB_LOCK_NOWAIT : 0,
&lockobj, db_rw, lock);
if (rc && !tryOnly) {
Debug( LDAP_DEBUG_TRACE,
@@ -135,20 +226,20 @@ bdb_cache_entry_db_lock( DB_ENV *env, u_int32_t locker, EntryInfo *ei,
ei->bei_id, rw, rc );
}
return rc;
-#endif /* NO_THREADS */
+#endif /* NO_DB_LOCK */
}
int
-bdb_cache_entry_db_unlock ( DB_ENV *env, DB_LOCK *lock )
+bdb_cache_entry_db_unlock ( struct bdb_info *bdb, DB_LOCK *lock )
{
-#ifdef NO_THREADS
+#ifdef NO_DB_LOCK
return 0;
#else
int rc;
if ( !lock || lock->mode == DB_LOCK_NG ) return 0;
- rc = LOCK_PUT ( env, lock );
+ rc = LOCK_PUT ( bdb->bi_dbenv, lock );
return rc;
#endif
}
@@ -165,34 +256,6 @@ bdb_cache_entryinfo_destroy( EntryInfo *e )
return 0;
}
-#define LRU_DELETE( cache, ei ) do { \
- if ( (ei)->bei_lruprev != NULL ) { \
- (ei)->bei_lruprev->bei_lrunext = (ei)->bei_lrunext; \
- } else { \
- (cache)->c_lruhead = (ei)->bei_lrunext; \
- } \
- if ( (ei)->bei_lrunext != NULL ) { \
- (ei)->bei_lrunext->bei_lruprev = (ei)->bei_lruprev; \
- } else { \
- (cache)->c_lrutail = (ei)->bei_lruprev; \
- } \
- (ei)->bei_lrunext = (ei)->bei_lruprev = NULL; \
-} while(0)
-
-#define LRU_ADD( cache, ei ) do { \
- (ei)->bei_lrunext = (cache)->c_lruhead; \
- if ( (ei)->bei_lrunext != NULL ) { \
- (ei)->bei_lrunext->bei_lruprev = (ei); \
- } \
- (cache)->c_lruhead = (ei); \
- (ei)->bei_lruprev = NULL; \
- if ( !ldap_pvt_thread_mutex_trylock( &(cache)->lru_tail_mutex )) { \
- if ( (cache)->c_lrutail == NULL ) \
- (cache)->c_lrutail = (ei); \
- ldap_pvt_thread_mutex_unlock( &(cache)->lru_tail_mutex ); \
- } \
-} while(0)
-
/* Do a length-ordered sort on normalized RDNs */
static int
bdb_rdn_cmp( const void *v_e1, const void *v_e2 )
@@ -213,6 +276,14 @@ bdb_id_cmp( const void *v_e1, const void *v_e2 )
return e1->bei_id - e2->bei_id;
}
+static int
+bdb_id_dup_err( void *v1, void *v2 )
+{
+ EntryInfo *e2 = v2;
+ e2->bei_lrunext = v1;
+ return -1;
+}
+
/* Create an entryinfo in the cache. Caller must release the locks later.
*/
static int
@@ -240,10 +311,10 @@ bdb_entryinfo_add_internal(
#endif
/* Add to cache ID tree */
- if (avl_insert( &bdb->bi_cache.c_idtree, ei2, bdb_id_cmp, avl_dup_error )) {
- EntryInfo *eix;
- eix = avl_find( bdb->bi_cache.c_idtree, ei2, bdb_id_cmp );
- bdb_cache_entryinfo_destroy( ei2 );
+ if (avl_insert( &bdb->bi_cache.c_idtree, ei2, bdb_id_cmp,
+ bdb_id_dup_err )) {
+ EntryInfo *eix = ei2->bei_lrunext;
+ bdb_cache_entryinfo_free( &bdb->bi_cache, ei2 );
ei2 = eix;
#ifdef BDB_HIER
/* It got freed above because its value was
@@ -315,6 +386,7 @@ bdb_cache_find_ndn(
}
for ( bdb_cache_entryinfo_lock( eip ); eip; ) {
+ eip->bei_state |= CACHE_ENTRY_REFERENCED;
ei.bei_parent = eip;
ei2 = (EntryInfo *)avl_find( eip->bei_kids, &ei, bdb_rdn_cmp );
if ( !ei2 ) {
@@ -392,7 +464,6 @@ hdb_cache_find_parent(
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
EntryInfo ei, eip, *ei2 = NULL, *ein = NULL, *eir = NULL;
int rc;
- int addlru = 0;
ei.bei_id = id;
ei.bei_kids = NULL;
@@ -418,19 +489,19 @@ hdb_cache_find_parent(
ei.bei_ckids = 0;
/* This node is not fully connected yet */
- ein->bei_state = CACHE_ENTRY_NOT_LINKED;
+ ein->bei_state |= CACHE_ENTRY_NOT_LINKED;
/* Insert this node into the ID tree */
ldap_pvt_thread_rdwr_wlock( &bdb->bi_cache.c_rwlock );
if ( avl_insert( &bdb->bi_cache.c_idtree, (caddr_t)ein,
- bdb_id_cmp, avl_dup_error ) ) {
+ bdb_id_cmp, bdb_id_dup_err ) ) {
+ EntryInfo *eix = ein->bei_lrunext;
/* Someone else created this node just before us.
* Free our new copy and use the existing one.
*/
- bdb_cache_entryinfo_destroy( ein );
- ein = (EntryInfo *)avl_find( bdb->bi_cache.c_idtree,
- (caddr_t) &ei, bdb_id_cmp );
+ bdb_cache_entryinfo_free( &bdb->bi_cache, ein );
+ ein = eix;
/* Link in any kids we've already processed */
if ( ei2 ) {
@@ -440,8 +511,6 @@ hdb_cache_find_parent(
ein->bei_ckids++;
bdb_cache_entryinfo_unlock( ein );
}
- addlru = 0;
-
}
/* If this is the first time, save this node
@@ -464,25 +533,22 @@ hdb_cache_find_parent(
bdb->bi_cache.c_leaves++;
ldap_pvt_thread_rdwr_wunlock( &bdb->bi_cache.c_rwlock );
- if ( addlru ) {
- ldap_pvt_thread_mutex_lock( &bdb->bi_cache.lru_head_mutex );
- bdb_cache_lru_add( bdb, ein );
- }
- addlru = 1;
-
/* Got the parent, link in and we're done. */
if ( ei2 ) {
bdb_cache_entryinfo_lock( ei2 );
ein->bei_parent = ei2;
+
avl_insert( &ei2->bei_kids, (caddr_t)ein, bdb_rdn_cmp,
avl_dup_error);
ei2->bei_ckids++;
- bdb_cache_entryinfo_unlock( ei2 );
- bdb_cache_entryinfo_lock( eir );
/* Reset all the state info */
for (ein = eir; ein != ei2; ein=ein->bei_parent)
ein->bei_state &= ~CACHE_ENTRY_NOT_LINKED;
+
+ bdb_cache_entryinfo_unlock( ei2 );
+ bdb_cache_entryinfo_lock( eir );
+
*res = eir;
break;
}
@@ -531,24 +597,25 @@ int hdb_cache_load(
}
#endif
-/* caller must have lru_head_mutex locked. mutex
- * will be unlocked on return.
+/* This is best-effort only. If all entries in the cache are
+ * busy, they will all be kept. This is unlikely to happen
+ * unless the cache is very much smaller than the working set.
*/
static void
-bdb_cache_lru_add(
- struct bdb_info *bdb,
- EntryInfo *ei )
+bdb_cache_lru_purge( struct bdb_info *bdb )
{
DB_LOCK lock, *lockp;
- EntryInfo *elru, *elprev;
- int count = 0;
+ EntryInfo *elru, *elnext = NULL;
+ int count, islocked, eimax;
- LRU_ADD( &bdb->bi_cache, ei );
- ldap_pvt_thread_mutex_unlock( &bdb->bi_cache.lru_head_mutex );
+ /* Wait for the mutex; we're the only one trying to purge. */
+ ldap_pvt_thread_mutex_lock( &bdb->bi_cache.c_lru_mutex );
- /* See if we're above the cache size limit */
- if ( bdb->bi_cache.c_cursize <= bdb->bi_cache.c_maxsize )
+ if ( bdb->bi_cache.c_cursize <= bdb->bi_cache.c_maxsize ) {
+ ldap_pvt_thread_mutex_unlock( &bdb->bi_cache.c_lru_mutex );
+ bdb->bi_cache.c_purging = 0;
return;
+ }
if ( bdb->bi_cache.c_locker ) {
lockp = &lock;
@@ -556,29 +623,49 @@ bdb_cache_lru_add(
lockp = NULL;
}
- /* Don't bother if we can't get the lock */
- if ( ldap_pvt_thread_mutex_trylock( &bdb->bi_cache.lru_tail_mutex ) )
- return;
+ count = 0;
+
+ /* maximum number of EntryInfo leaves to cache. In slapcat
+ * we always free all leaf nodes.
+ */
+ if ( slapMode & SLAP_TOOL_READONLY )
+ eimax = 0;
+ else
+ eimax = bdb->bi_cache.c_maxsize * 4;
/* Look for an unused entry to remove */
- for (elru = bdb->bi_cache.c_lrutail; elru; elru = elprev ) {
- elprev = elru->bei_lruprev;
+ for ( elru = bdb->bi_cache.c_lruhead; elru; elru = elnext ) {
+ elnext = elru->bei_lrunext;
+
+ if ( bdb_cache_entryinfo_trylock( elru ))
+ goto bottom;
+
+ /* This flag implements the clock replacement behavior */
+ if ( elru->bei_state & ( CACHE_ENTRY_REFERENCED )) {
+ elru->bei_state &= ~CACHE_ENTRY_REFERENCED;
+ bdb_cache_entryinfo_unlock( elru );
+ goto bottom;
+ }
+
+ /* If this node is in the process of linking into the cache,
+ * or this node is being deleted, skip it.
+ */
+ if (( elru->bei_state & ( CACHE_ENTRY_NOT_LINKED |
+ CACHE_ENTRY_DELETED | CACHE_ENTRY_LOADING )) ||
+ elru->bei_finders > 0 ) {
+ bdb_cache_entryinfo_unlock( elru );
+ goto bottom;
+ }
+
+ /* entryinfo is locked */
+ islocked = 1;
/* If we can successfully writelock it, then
* the object is idle.
*/
- if ( bdb_cache_entry_db_lock( bdb->bi_dbenv,
- bdb->bi_cache.c_locker, elru, 1, 1, lockp ) == 0 ) {
-
+ if ( bdb_cache_entry_db_lock( bdb,
+ bdb->bi_cache.c_locker, elru, 1, 1, lockp ) == 0 ) {
- /* If this node is in the process of linking into the cache,
- * or this node is being deleted, skip it.
- */
- if ( elru->bei_state &
- ( CACHE_ENTRY_NOT_LINKED | CACHE_ENTRY_DELETED )) {
- bdb_cache_entry_db_unlock( bdb->bi_dbenv, lockp );
- continue;
- }
/* Free entry for this node if it's present */
if ( elru->bei_e ) {
elru->bei_e->e_private = NULL;
@@ -590,35 +677,39 @@ bdb_cache_lru_add(
elru->bei_e = NULL;
count++;
}
- /* ITS#4010 if we're in slapcat, and this node is a leaf
- * node, free it.
- *
- * FIXME: we need to do this for slapd as well, (which is
- * why we compute bi_cache.c_leaves now) but at the moment
- * we can't because it causes unresolvable deadlocks.
+ bdb_cache_entry_db_unlock( bdb, lockp );
+
+ /*
+ * If it is a leaf node, and we're over the limit, free it.
*/
- if ( slapMode & SLAP_TOOL_READONLY ) {
- if ( !elru->bei_kids ) {
- /* This does LRU_DELETE for us */
- bdb_cache_delete_internal( &bdb->bi_cache, elru, 0 );
- bdb_cache_delete_cleanup( &bdb->bi_cache, elru );
- }
- /* Leave node on LRU list for a future pass */
- } else {
- LRU_DELETE( &bdb->bi_cache, elru );
- }
- bdb_cache_entry_db_unlock( bdb->bi_dbenv, lockp );
+ if ( elru->bei_kids ) {
+ /* Drop from list, we ignore it... */
+ LRU_DEL( &bdb->bi_cache, elru );
+ } else if ( bdb->bi_cache.c_leaves > eimax ) {
+ /* Too many leaf nodes, free this one */
+ bdb_cache_delete_internal( &bdb->bi_cache, elru, 0 );
+ bdb_cache_delete_cleanup( &bdb->bi_cache, elru );
+ islocked = 0;
+ } /* Leave on list until we need to free it */
+ }
- if ( count >= bdb->bi_cache.c_minfree ) {
- ldap_pvt_thread_rdwr_wlock( &bdb->bi_cache.c_rwlock );
- bdb->bi_cache.c_cursize -= count;
- ldap_pvt_thread_rdwr_wunlock( &bdb->bi_cache.c_rwlock );
- break;
- }
+ if ( islocked )
+ bdb_cache_entryinfo_unlock( elru );
+
+ if ( count >= bdb->bi_cache.c_minfree ) {
+ ldap_pvt_thread_mutex_lock( &bdb->bi_cache.c_count_mutex );
+ bdb->bi_cache.c_cursize -= count;
+ ldap_pvt_thread_mutex_unlock( &bdb->bi_cache.c_count_mutex );
+ break;
}
+bottom:
+ if ( elnext == bdb->bi_cache.c_lruhead )
+ break;
}
- ldap_pvt_thread_mutex_unlock( &bdb->bi_cache.lru_tail_mutex );
+ bdb->bi_cache.c_lruhead = elnext;
+ ldap_pvt_thread_mutex_unlock( &bdb->bi_cache.c_lru_mutex );
+ bdb->bi_cache.c_purging = 0;
}
EntryInfo *
@@ -671,8 +762,7 @@ again: ldap_pvt_thread_rdwr_rlock( &bdb->bi_cache.c_rwlock );
(caddr_t) &ei, bdb_id_cmp );
if ( *eip ) {
/* If the lock attempt fails, the info is in use */
- if ( ldap_pvt_thread_mutex_trylock(
- &(*eip)->bei_kids_mutex )) {
+ if ( bdb_cache_entryinfo_trylock( *eip )) {
ldap_pvt_thread_rdwr_runlock( &bdb->bi_cache.c_rwlock );
/* If this node is being deleted, treat
* as if the delete has already finished
@@ -727,6 +817,8 @@ again: ldap_pvt_thread_rdwr_rlock( &bdb->bi_cache.c_rwlock );
if ( (*eip)->bei_state & CACHE_ENTRY_DELETED ) {
rc = DB_NOTFOUND;
} else {
+ (*eip)->bei_finders++;
+ (*eip)->bei_state |= CACHE_ENTRY_REFERENCED;
/* Make sure only one thread tries to load the entry */
load1:
#ifdef SLAP_ZONE_ALLOC
@@ -740,23 +832,18 @@ load1:
load = 1;
(*eip)->bei_state |= CACHE_ENTRY_LOADING;
}
+
if ( islocked ) {
bdb_cache_entryinfo_unlock( *eip );
islocked = 0;
}
- rc = bdb_cache_entry_db_lock( bdb->bi_dbenv, locker, *eip, 0, 0, lock );
+ rc = bdb_cache_entry_db_lock( bdb, locker, *eip, load, 0, lock );
if ( (*eip)->bei_state & CACHE_ENTRY_DELETED ) {
rc = DB_NOTFOUND;
- bdb_cache_entry_db_unlock( bdb->bi_dbenv, lock );
+ bdb_cache_entry_db_unlock( bdb, lock );
} else if ( rc == 0 ) {
if ( load ) {
- /* Give up original read lock, obtain write lock
- */
- if ( rc == 0 ) {
- rc = bdb_cache_entry_db_relock( bdb->bi_dbenv, locker,
- *eip, 1, 0, lock );
- }
- if ( rc == 0 && !ep) {
+ if ( !ep) {
rc = bdb_id2entry( op->o_bd, tid, locker, id, &ep );
}
if ( rc == 0 ) {
@@ -769,22 +856,21 @@ load1:
(*eip)->bei_zseq = *((ber_len_t *)ep - 2);
#endif
ep = NULL;
+ bdb_cache_lru_link( bdb, *eip );
}
- (*eip)->bei_state ^= CACHE_ENTRY_LOADING;
if ( rc == 0 ) {
/* If we succeeded, downgrade back to a readlock. */
- rc = bdb_cache_entry_db_relock( bdb->bi_dbenv, locker,
+ rc = bdb_cache_entry_db_relock( bdb, locker,
*eip, 0, 0, lock );
} else {
/* Otherwise, release the lock. */
- bdb_cache_entry_db_unlock( bdb->bi_dbenv, lock );
+ bdb_cache_entry_db_unlock( bdb, lock );
}
} else if ( !(*eip)->bei_e ) {
/* Some other thread is trying to load the entry,
- * give it a chance to finish.
+ * wait for it to finish.
*/
- bdb_cache_entry_db_unlock( bdb->bi_dbenv, lock );
- ldap_pvt_thread_yield();
+ bdb_cache_entry_db_unlock( bdb, lock );
bdb_cache_entryinfo_lock( *eip );
islocked = 1;
goto load1;
@@ -794,17 +880,21 @@ load1:
*/
rc = bdb_fix_dn( (*eip)->bei_e, 1 );
if ( rc ) {
- bdb_cache_entry_db_relock( bdb->bi_dbenv,
+ bdb_cache_entry_db_relock( bdb,
locker, *eip, 1, 0, lock );
/* check again in case other modifier did it already */
if ( bdb_fix_dn( (*eip)->bei_e, 1 ) )
rc = bdb_fix_dn( (*eip)->bei_e, 2 );
- bdb_cache_entry_db_relock( bdb->bi_dbenv,
+ bdb_cache_entry_db_relock( bdb,
locker, *eip, 0, 0, lock );
}
#endif
}
-
+ bdb_cache_entryinfo_lock( *eip );
+ (*eip)->bei_finders--;
+ if ( load )
+ (*eip)->bei_state ^= CACHE_ENTRY_LOADING;
+ bdb_cache_entryinfo_unlock( *eip );
}
}
}
@@ -820,31 +910,20 @@ load1:
#endif
}
if ( rc == 0 ) {
+ int purge = 0;
if ( load ) {
- ldap_pvt_thread_rdwr_wlock( &bdb->bi_cache.c_rwlock );
+ ldap_pvt_thread_mutex_lock( &bdb->bi_cache.c_count_mutex );
bdb->bi_cache.c_cursize++;
- ldap_pvt_thread_rdwr_wunlock( &bdb->bi_cache.c_rwlock );
- }
-
- ldap_pvt_thread_mutex_lock( &bdb->bi_cache.lru_head_mutex );
-
- /* If the LRU list has only one entry and this is it, it
- * doesn't need to be added again.
- */
- if ( bdb->bi_cache.c_lruhead == bdb->bi_cache.c_lrutail &&
- bdb->bi_cache.c_lruhead == *eip ) {
- ldap_pvt_thread_mutex_unlock( &bdb->bi_cache.lru_head_mutex );
- } else {
- /* if entry is on LRU list, remove from old spot */
- if ( (*eip)->bei_lrunext || (*eip)->bei_lruprev ) {
- ldap_pvt_thread_mutex_lock( &bdb->bi_cache.lru_tail_mutex );
- LRU_DELETE( &bdb->bi_cache, *eip );
- ldap_pvt_thread_mutex_unlock( &bdb->bi_cache.lru_tail_mutex );
+ if ( bdb->bi_cache.c_cursize > bdb->bi_cache.c_maxsize &&
+ !bdb->bi_cache.c_purging ) {
+ purge = 1;
+ bdb->bi_cache.c_purging = 1;
}
- /* lru_head_mutex is unlocked for us */
- bdb_cache_lru_add( bdb, *eip );
+ ldap_pvt_thread_mutex_unlock( &bdb->bi_cache.c_count_mutex );
}
+ if ( purge )
+ bdb_cache_lru_purge( bdb );
}
#ifdef SLAP_ZONE_ALLOC
@@ -884,11 +963,11 @@ bdb_cache_add(
EntryInfo *eip,
Entry *e,
struct berval *nrdn,
- u_int32_t locker )
+ u_int32_t locker,
+ DB_LOCK *lock )
{
EntryInfo *new, ei;
- DB_LOCK lock;
- int rc;
+ int rc, purge = 0;
#ifdef BDB_HIER
struct berval rdn = e->e_name;
#endif
@@ -901,7 +980,7 @@ bdb_cache_add(
/* Lock this entry so that bdb_add can run to completion.
* It can only fail if BDB has run out of lock resources.
*/
- rc = bdb_cache_entry_db_lock( bdb->bi_dbenv, locker, &ei, 1, 0, &lock );
+ rc = bdb_cache_entry_db_lock( bdb, locker, &ei, 0, 0, lock );
if ( rc ) {
bdb_cache_entryinfo_unlock( eip );
return rc;
@@ -929,37 +1008,43 @@ bdb_cache_add(
}
new->bei_e = e;
e->e_private = new;
- new->bei_state = CACHE_ENTRY_NO_KIDS | CACHE_ENTRY_NO_GRANDKIDS;
+ new->bei_state |= CACHE_ENTRY_NO_KIDS | CACHE_ENTRY_NO_GRANDKIDS;
eip->bei_state &= ~CACHE_ENTRY_NO_KIDS;
if (eip->bei_parent) {
eip->bei_parent->bei_state &= ~CACHE_ENTRY_NO_GRANDKIDS;
}
bdb_cache_entryinfo_unlock( eip );
- ++bdb->bi_cache.c_cursize;
ldap_pvt_thread_rdwr_wunlock( &bdb->bi_cache.c_rwlock );
+ ldap_pvt_thread_mutex_lock( &bdb->bi_cache.c_count_mutex );
+ ++bdb->bi_cache.c_cursize;
+ if ( bdb->bi_cache.c_cursize > bdb->bi_cache.c_maxsize &&
+ !bdb->bi_cache.c_purging ) {
+ purge = 1;
+ bdb->bi_cache.c_purging = 1;
+ }
+ ldap_pvt_thread_mutex_unlock( &bdb->bi_cache.c_count_mutex );
- /* set lru mutex */
- ldap_pvt_thread_mutex_lock( &bdb->bi_cache.lru_head_mutex );
+ bdb_cache_lru_link( bdb, new );
- /* lru_head_mutex is unlocked for us */
- bdb_cache_lru_add( bdb, new );
+ if ( purge )
+ bdb_cache_lru_purge( bdb );
return rc;
}
int
bdb_cache_modify(
+ struct bdb_info *bdb,
Entry *e,
Attribute *newAttrs,
- DB_ENV *env,
u_int32_t locker,
DB_LOCK *lock )
{
EntryInfo *ei = BEI(e);
int rc;
/* Get write lock on data */
- rc = bdb_cache_entry_db_relock( env, locker, ei, 1, 0, lock );
+ rc = bdb_cache_entry_db_relock( bdb, locker, ei, 1, 0, lock );
/* If we've done repeated mods on a cached entry, then e_attrs
* is no longer contiguous with the entry, and must be freed.
@@ -993,7 +1078,7 @@ bdb_cache_modrdn(
#endif
/* Get write lock on data */
- rc = bdb_cache_entry_db_relock( bdb->bi_dbenv, locker, ei, 1, 0, lock );
+ rc = bdb_cache_entry_db_relock( bdb, locker, ei, 1, 0, lock );
if ( rc ) return rc;
/* If we've done repeated mods on a cached entry, then e_attrs
@@ -1076,9 +1161,8 @@ bdb_cache_modrdn(
*/
int
bdb_cache_delete(
- Cache *cache,
+ struct bdb_info *bdb,
Entry *e,
- DB_ENV *env,
u_int32_t locker,
DB_LOCK *lock )
{
@@ -1094,7 +1178,7 @@ bdb_cache_delete(
bdb_cache_entryinfo_lock( ei );
/* Get write lock on the data */
- rc = bdb_cache_entry_db_relock( env, locker, ei, 1, 0, lock );
+ rc = bdb_cache_entry_db_relock( bdb, locker, ei, 1, 0, lock );
if ( rc ) {
/* couldn't lock, undo and give up */
ei->bei_state ^= CACHE_ENTRY_DELETED;
@@ -1106,18 +1190,12 @@ bdb_cache_delete(
e->e_id, 0, 0 );
/* set lru mutex */
- ldap_pvt_thread_mutex_lock( &cache->lru_tail_mutex );
-
- /* set cache write lock */
- ldap_pvt_thread_rdwr_wlock( &cache->c_rwlock );
+ ldap_pvt_thread_mutex_lock( &bdb->bi_cache.c_lru_mutex );
- rc = bdb_cache_delete_internal( cache, e->e_private, 1 );
-
- /* free cache write lock */
- ldap_pvt_thread_rdwr_wunlock( &cache->c_rwlock );
+ rc = bdb_cache_delete_internal( &bdb->bi_cache, e->e_private, 1 );
/* free lru mutex */
- ldap_pvt_thread_mutex_unlock( &cache->lru_tail_mutex );
+ ldap_pvt_thread_mutex_unlock( &bdb->bi_cache.c_lru_mutex );
/* Leave entry info locked */
@@ -1139,23 +1217,7 @@ bdb_cache_delete_cleanup(
ei->bei_e = NULL;
}
- free( ei->bei_nrdn.bv_val );
- ei->bei_nrdn.bv_val = NULL;
-#ifdef BDB_HIER
- free( ei->bei_rdn.bv_val );
- ei->bei_rdn.bv_val = NULL;
- ei->bei_modrdns = 0;
- ei->bei_ckids = 0;
- ei->bei_dkids = 0;
-#endif
- ei->bei_parent = NULL;
- ei->bei_kids = NULL;
- ei->bei_lruprev = NULL;
-
- ldap_pvt_thread_rdwr_wlock( &cache->c_rwlock );
- ei->bei_lrunext = cache->c_eifree;
- cache->c_eifree = ei;
- ldap_pvt_thread_rdwr_wunlock( &cache->c_rwlock );
+ bdb_cache_entryinfo_free( cache, ei );
bdb_cache_entryinfo_unlock( ei );
}
@@ -1166,6 +1228,7 @@ bdb_cache_delete_internal(
int decr )
{
int rc = 0; /* return code */
+ int decr_leaf = 0;
/* Lock the parent's kids tree */
bdb_cache_entryinfo_lock( e->bei_parent );
@@ -1181,22 +1244,31 @@ bdb_cache_delete_internal(
rc = -1;
}
if ( e->bei_parent->bei_kids )
- cache->c_leaves--;
+ decr_leaf = 1;
+ bdb_cache_entryinfo_unlock( e->bei_parent );
+
+ ldap_pvt_thread_rdwr_wlock( &cache->c_rwlock );
/* id tree */
- if ( avl_delete( &cache->c_idtree, (caddr_t) e, bdb_id_cmp ) == NULL ) {
+ if ( avl_delete( &cache->c_idtree, (caddr_t) e, bdb_id_cmp )) {
+ cache->c_eiused--;
+ if ( decr_leaf )
+ cache->c_leaves--;
+ } else {
rc = -1;
}
+ ldap_pvt_thread_rdwr_wunlock( &cache->c_rwlock );
if ( rc == 0 ){
- cache->c_eiused--;
-
/* lru */
- LRU_DELETE( cache, e );
- if ( e->bei_e ) cache->c_cursize--;
- }
+ LRU_DEL( cache, e );
- bdb_cache_entryinfo_unlock( e->bei_parent );
+ if ( e->bei_e ) {
+ ldap_pvt_thread_mutex_lock( &cache->c_count_mutex );
+ cache->c_cursize--;
+ ldap_pvt_thread_mutex_unlock( &cache->c_count_mutex );
+ }
+ }
return( rc );
}
@@ -1225,7 +1297,7 @@ bdb_cache_release_all( Cache *cache )
/* set cache write lock */
ldap_pvt_thread_rdwr_wlock( &cache->c_rwlock );
/* set lru mutex */
- ldap_pvt_thread_mutex_lock( &cache->lru_tail_mutex );
+ ldap_pvt_thread_mutex_lock( &cache->c_lru_mutex );
Debug( LDAP_DEBUG_TRACE, "====> bdb_cache_release_all\n", 0, 0, 0 );
@@ -1244,7 +1316,7 @@ bdb_cache_release_all( Cache *cache )
cache->c_dntree.bei_kids = NULL;
/* free lru mutex */
- ldap_pvt_thread_mutex_unlock( &cache->lru_tail_mutex );
+ ldap_pvt_thread_mutex_unlock( &cache->c_lru_mutex );
/* free cache write lock */
ldap_pvt_thread_rdwr_wunlock( &cache->c_rwlock );
}
@@ -1256,15 +1328,22 @@ bdb_lru_print( Cache *cache )
{
EntryInfo *e;
- fprintf( stderr, "LRU queue (head to tail):\n" );
- for ( e = cache->c_lruhead; e != NULL; e = e->bei_lrunext ) {
- fprintf( stderr, "\trdn \"%20s\" id %ld\n",
- e->bei_nrdn.bv_val, e->bei_id );
+ fprintf( stderr, "LRU circle head: %p\n", cache->c_lruhead );
+ fprintf( stderr, "LRU circle (tail forward):\n" );
+ for ( e = cache->c_lrutail; ; ) {
+ fprintf( stderr, "\t%p, %p id %ld rdn \"%s\"\n",
+ e, e->bei_e, e->bei_id, e->bei_nrdn.bv_val );
+ e = e->bei_lrunext;
+ if ( e == cache->c_lrutail )
+ break;
}
- fprintf( stderr, "LRU queue (tail to head):\n" );
- for ( e = cache->c_lrutail; e != NULL; e = e->bei_lruprev ) {
- fprintf( stderr, "\trdn \"%20s\" id %ld\n",
- e->bei_nrdn.bv_val, e->bei_id );
+ fprintf( stderr, "LRU circle (tail backward):\n" );
+ for ( e = cache->c_lrutail; ; ) {
+ fprintf( stderr, "\t%p, %p id %ld rdn \"%s\"\n",
+ e, e->bei_e, e->bei_id, e->bei_nrdn.bv_val );
+ e = e->bei_lruprev;
+ if ( e == cache->c_lrutail )
+ break;
}
}
#endif
@@ -1292,6 +1371,19 @@ bdb_locker_id_free( void *key, void *data )
}
}
+/* free up any keys used by the main thread */
+void
+bdb_locker_flush( DB_ENV *env )
+{
+ void *data;
+ void *ctx = ldap_pvt_thread_pool_context();
+
+ if ( !ldap_pvt_thread_pool_getkey( ctx, env, &data, NULL ) ) {
+ ldap_pvt_thread_pool_setkey( ctx, env, NULL, NULL );
+ bdb_locker_id_free( env, data );
+ }
+}
+
int
bdb_locker_id( Operation *op, DB_ENV *env, u_int32_t *locker )
{
@@ -1339,29 +1431,3 @@ bdb_locker_id( Operation *op, DB_ENV *env, u_int32_t *locker )
return 0;
}
#endif /* BDB_REUSE_LOCKERS */
-
-void
-bdb_cache_delete_entry(
- struct bdb_info *bdb,
- EntryInfo *ei,
- u_int32_t locker,
- DB_LOCK *lock )
-{
- ldap_pvt_thread_rdwr_wlock( &bdb->bi_cache.c_rwlock );
- if ( bdb_cache_entry_db_lock( bdb->bi_dbenv, bdb->bi_cache.c_locker, ei, 1, 1, lock ) == 0 )
- {
- if ( ei->bei_e && !(ei->bei_state & CACHE_ENTRY_NOT_LINKED )) {
- LRU_DELETE( &bdb->bi_cache, ei );
- ei->bei_e->e_private = NULL;
-#ifdef SLAP_ZONE_ALLOC
- bdb_entry_return( bdb, ei->bei_e, ei->bei_zseq );
-#else
- bdb_entry_return( ei->bei_e );
-#endif
- ei->bei_e = NULL;
- --bdb->bi_cache.c_cursize;
- }
- bdb_cache_entry_db_unlock( bdb->bi_dbenv, lock );
- }
- ldap_pvt_thread_rdwr_wunlock( &bdb->bi_cache.c_rwlock );
-}
diff --git a/servers/slapd/back-bdb/compare.c b/servers/slapd/back-bdb/compare.c
index 3e88beff28caed6e7055657a640ff3516c0a17bd..4999ec7d46ee53213c72a94bced5c0eed0a9dd1f 100644
--- a/servers/slapd/back-bdb/compare.c
+++ b/servers/slapd/back-bdb/compare.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -80,7 +80,7 @@ dn2entry_retry:
rs->sr_err = LDAP_REFERRAL;
}
- bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache, e, &lock );
+ bdb_cache_return_entry_r( bdb, e, &lock );
e = NULL;
} else {
@@ -182,8 +182,7 @@ return_results:
done:
/* free entry */
if ( e != NULL ) {
- bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache,
- e, &lock );
+ bdb_cache_return_entry_r( bdb, e, &lock );
}
LOCK_ID_FREE ( bdb->bi_dbenv, locker );
diff --git a/servers/slapd/back-bdb/config.c b/servers/slapd/back-bdb/config.c
index d9639fe8d9ec2c90ca70db676eef2e82297becc4..4d92f2f834361846eab0ccbe1279e07782f8d27d 100644
--- a/servers/slapd/back-bdb/config.c
+++ b/servers/slapd/back-bdb/config.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-bdb/dbcache.c b/servers/slapd/back-bdb/dbcache.c
index 01c0f7d1db28318ea8aed6176d0ad8d1b3b85ac1..42f9f8b88320a495dc2ed2d683a8c2cbc982b3d5 100644
--- a/servers/slapd/back-bdb/dbcache.c
+++ b/servers/slapd/back-bdb/dbcache.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-bdb/delete.c b/servers/slapd/back-bdb/delete.c
index 64baaa48d923fdefb0273eeaaa569ab3d856c20c..37b7a13cc9e091e603532ae55981ab0e07e46833 100644
--- a/servers/slapd/back-bdb/delete.c
+++ b/servers/slapd/back-bdb/delete.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -517,8 +517,7 @@ retry: /* transaction retry */
goto return_results;
}
} else {
- rc = bdb_cache_delete( &bdb->bi_cache, e, bdb->bi_dbenv,
- locker, &lock );
+ rc = bdb_cache_delete( bdb, e, locker, &lock );
switch( rc ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
@@ -580,7 +579,7 @@ return_results:
slap_sl_free( *preread_ctrl, op->o_tmpmemctx );
}
- if( rs->sr_err == LDAP_SUCCESS && bdb->bi_txn_cp ) {
+ if( rs->sr_err == LDAP_SUCCESS && bdb->bi_txn_cp_kbyte ) {
TXN_CHECKPOINT( bdb->bi_dbenv,
bdb->bi_txn_cp_kbyte, bdb->bi_txn_cp_min, 0 );
}
diff --git a/servers/slapd/back-bdb/dn2entry.c b/servers/slapd/back-bdb/dn2entry.c
index 1ba92956ce986a5d664dd4fe319ffb10dfb0f078..5211f8e9b863e572368a2c088e5fe0f65f7d074e 100644
--- a/servers/slapd/back-bdb/dn2entry.c
+++ b/servers/slapd/back-bdb/dn2entry.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-bdb/dn2id.c b/servers/slapd/back-bdb/dn2id.c
index 64231082728892978f1ab39b0e5dfe2c6651b834..07acfeb2d51d04522d208135f04e8855fbbf2dc2 100644
--- a/servers/slapd/back-bdb/dn2id.c
+++ b/servers/slapd/back-bdb/dn2id.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -332,7 +332,9 @@ bdb_dn2id_children(
int
bdb_dn2idl(
Operation *op,
- Entry *e,
+ u_int32_t locker,
+ struct berval *ndn,
+ EntryInfo *ei,
ID *ids,
ID *stack )
{
@@ -344,25 +346,26 @@ bdb_dn2idl(
? DN_ONE_PREFIX : DN_SUBTREE_PREFIX;
Debug( LDAP_DEBUG_TRACE, "=> bdb_dn2idl(\"%s\")\n",
- e->e_nname.bv_val, 0, 0 );
+ ndn->bv_val, 0, 0 );
#ifndef BDB_MULTIPLE_SUFFIXES
- if ( prefix == DN_SUBTREE_PREFIX && BEI(e)->bei_parent->bei_id == 0 ) {
+ if ( prefix == DN_SUBTREE_PREFIX
+ && ( ei->bei_id == 0 || ei->bei_parent->bei_id == 0 )) {
BDB_IDL_ALL(bdb, ids);
return 0;
}
#endif
DBTzero( &key );
- key.size = e->e_nname.bv_len + 2;
+ key.size = ndn->bv_len + 2;
key.ulen = key.size;
key.flags = DB_DBT_USERMEM;
key.data = op->o_tmpalloc( key.size, op->o_tmpmemctx );
((char *)key.data)[0] = prefix;
- AC_MEMCPY( &((char *)key.data)[1], e->e_nname.bv_val, key.size - 1 );
+ AC_MEMCPY( &((char *)key.data)[1], ndn->bv_val, key.size - 1 );
BDB_IDL_ZERO( ids );
- rc = bdb_idl_fetch_key( op->o_bd, db, NULL, &key, ids, NULL, 0 );
+ rc = bdb_idl_fetch_key( op->o_bd, db, locker, &key, ids, NULL, 0 );
if( rc != 0 ) {
Debug( LDAP_DEBUG_TRACE,
@@ -830,6 +833,7 @@ hdb_dn2id_children(
struct dn2id_cookie {
struct bdb_info *bdb;
Operation *op;
+ u_int32_t locker;
EntryInfo *ei;
ID *ids;
ID *tmp;
@@ -1060,7 +1064,9 @@ gotit:
int
hdb_dn2idl(
Operation *op,
- Entry *e,
+ u_int32_t locker,
+ struct berval *ndn,
+ EntryInfo *ei,
ID *ids,
ID *stack )
{
@@ -1068,20 +1074,21 @@ hdb_dn2idl(
struct dn2id_cookie cx;
Debug( LDAP_DEBUG_TRACE, "=> hdb_dn2idl(\"%s\")\n",
- e->e_nname.bv_val, 0, 0 );
+ ndn->bv_val, 0, 0 );
#ifndef BDB_MULTIPLE_SUFFIXES
if ( op->ors_scope != LDAP_SCOPE_ONELEVEL &&
- BEI(e)->bei_parent->bei_id == 0 )
+ ( ei->bei_id == 0 ||
+ ei->bei_parent->bei_id == 0 ))
{
BDB_IDL_ALL( bdb, ids );
return 0;
}
#endif
- cx.id = e->e_id;
+ cx.id = ei->bei_id;
BDB_ID2DISK( cx.id, &cx.nid );
- cx.ei = e->e_id ? BEI(e) : &bdb->bi_cache.c_dntree;
+ cx.ei = ei;
cx.bdb = bdb;
cx.db = cx.bdb->bi_dn2id->bdi_db;
cx.prefix = (op->ors_scope == LDAP_SCOPE_ONELEVEL) ?
@@ -1090,6 +1097,7 @@ hdb_dn2idl(
cx.tmp = stack;
cx.buf = stack + BDB_IDL_UM_SIZE;
cx.op = op;
+ cx.locker = locker;
cx.need_sort = 0;
cx.depth = 0;
@@ -1117,8 +1125,9 @@ hdb_dn2idl(
cx.key.data = ptr;
cx.key.size = sizeof(ID)+1;
*ptr = cx.prefix;
- cx.id = e->e_id;
- bdb_idl_cache_put( cx.bdb, cx.db, &cx.key, cx.ids, cx.rc );
+ cx.id = ei->bei_id;
+ if ( cx.bdb->bi_idl_cache_max_size )
+ bdb_idl_cache_put( cx.bdb, cx.db, &cx.key, cx.ids, cx.rc );
}
if ( cx.rc == DB_NOTFOUND )
diff --git a/servers/slapd/back-bdb/error.c b/servers/slapd/back-bdb/error.c
index b36cca98f48d1547b174402acb5877b65b0b8cda..388e78b869c4a974869bd3216080fb21b215a585 100644
--- a/servers/slapd/back-bdb/error.c
+++ b/servers/slapd/back-bdb/error.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-bdb/extended.c b/servers/slapd/back-bdb/extended.c
index e8ca469c3b6654453d1077729c5bf4eb5e478728..75df696010a81d64d9972b0d3dcb61ad969109bd 100644
--- a/servers/slapd/back-bdb/extended.c
+++ b/servers/slapd/back-bdb/extended.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-bdb/filterindex.c b/servers/slapd/back-bdb/filterindex.c
index 13bca595f77b093d424462a0da1652f2f1008ef4..e88395f784277f0733963635dd86f22f48a0ae82 100644
--- a/servers/slapd/back-bdb/filterindex.c
+++ b/servers/slapd/back-bdb/filterindex.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -27,51 +27,59 @@
static int presence_candidates(
Operation *op,
+ u_int32_t locker,
AttributeDescription *desc,
ID *ids );
static int equality_candidates(
Operation *op,
+ u_int32_t locker,
AttributeAssertion *ava,
ID *ids,
ID *tmp );
static int inequality_candidates(
Operation *op,
+ u_int32_t locker,
AttributeAssertion *ava,
ID *ids,
ID *tmp,
int gtorlt );
static int approx_candidates(
Operation *op,
+ u_int32_t locker,
AttributeAssertion *ava,
ID *ids,
ID *tmp );
static int substring_candidates(
Operation *op,
+ u_int32_t locker,
SubstringsAssertion *sub,
ID *ids,
ID *tmp );
static int list_candidates(
Operation *op,
+ u_int32_t locker,
Filter *flist,
int ftype,
ID *ids,
ID *tmp,
ID *stack );
-#ifdef LDAP_COMP_MATCH
static int
ext_candidates(
Operation *op,
+ u_int32_t locker,
MatchingRuleAssertion *mra,
ID *ids,
ID *tmp,
ID *stack);
+#ifdef LDAP_COMP_MATCH
static int
comp_candidates (
Operation *op,
+ u_int32_t locker,
MatchingRuleAssertion *mra,
ComponentFilter *f,
ID *ids,
@@ -81,6 +89,7 @@ comp_candidates (
static int
ava_comp_candidates (
Operation *op,
+ u_int32_t locker,
AttributeAssertion *ava,
AttributeAliasing *aa,
ID *ids,
@@ -91,6 +100,7 @@ ava_comp_candidates (
int
bdb_filter_candidates(
Operation *op,
+ u_int32_t locker,
Filter *f,
ID *ids,
ID *tmp,
@@ -102,6 +112,11 @@ bdb_filter_candidates(
#endif
Debug( LDAP_DEBUG_FILTER, "=> bdb_filter_candidates\n", 0, 0, 0 );
+ if ( f->f_choice & SLAPD_FILTER_UNDEFINED ) {
+ BDB_IDL_ZERO( ids );
+ goto out;
+ }
+
switch ( f->f_choice ) {
case SLAPD_FILTER_COMPUTED:
switch( f->f_result ) {
@@ -124,30 +139,30 @@ bdb_filter_candidates(
break;
case LDAP_FILTER_PRESENT:
Debug( LDAP_DEBUG_FILTER, "\tPRESENT\n", 0, 0, 0 );
- rc = presence_candidates( op, f->f_desc, ids );
+ rc = presence_candidates( op, locker, f->f_desc, ids );
break;
case LDAP_FILTER_EQUALITY:
Debug( LDAP_DEBUG_FILTER, "\tEQUALITY\n", 0, 0, 0 );
#ifdef LDAP_COMP_MATCH
if ( is_aliased_attribute && ( aa = is_aliased_attribute ( f->f_ava->aa_desc ) ) ) {
- rc = ava_comp_candidates ( op, f->f_ava, aa, ids, tmp, stack );
+ rc = ava_comp_candidates ( op, locker, f->f_ava, aa, ids, tmp, stack );
}
else
#endif
{
- rc = equality_candidates( op, f->f_ava, ids, tmp );
+ rc = equality_candidates( op, locker, f->f_ava, ids, tmp );
}
break;
case LDAP_FILTER_APPROX:
Debug( LDAP_DEBUG_FILTER, "\tAPPROX\n", 0, 0, 0 );
- rc = approx_candidates( op, f->f_ava, ids, tmp );
+ rc = approx_candidates( op, locker, f->f_ava, ids, tmp );
break;
case LDAP_FILTER_SUBSTRINGS:
Debug( LDAP_DEBUG_FILTER, "\tSUBSTRINGS\n", 0, 0, 0 );
- rc = substring_candidates( op, f->f_sub, ids, tmp );
+ rc = substring_candidates( op, locker, f->f_sub, ids, tmp );
break;
case LDAP_FILTER_GE:
@@ -155,9 +170,9 @@ bdb_filter_candidates(
Debug( LDAP_DEBUG_FILTER, "\tGE\n", 0, 0, 0 );
if( f->f_ava->aa_desc->ad_type->sat_ordering &&
( f->f_ava->aa_desc->ad_type->sat_ordering->smr_usage & SLAP_MR_ORDERED_INDEX ) )
- rc = inequality_candidates( op, f->f_ava, ids, tmp, LDAP_FILTER_GE );
+ rc = inequality_candidates( op, locker, f->f_ava, ids, tmp, LDAP_FILTER_GE );
else
- rc = presence_candidates( op, f->f_ava->aa_desc, ids );
+ rc = presence_candidates( op, locker, f->f_ava->aa_desc, ids );
break;
case LDAP_FILTER_LE:
@@ -165,9 +180,9 @@ bdb_filter_candidates(
Debug( LDAP_DEBUG_FILTER, "\tLE\n", 0, 0, 0 );
if( f->f_ava->aa_desc->ad_type->sat_ordering &&
( f->f_ava->aa_desc->ad_type->sat_ordering->smr_usage & SLAP_MR_ORDERED_INDEX ) )
- rc = inequality_candidates( op, f->f_ava, ids, tmp, LDAP_FILTER_LE );
+ rc = inequality_candidates( op, locker, f->f_ava, ids, tmp, LDAP_FILTER_LE );
else
- rc = presence_candidates( op, f->f_ava->aa_desc, ids );
+ rc = presence_candidates( op, locker, f->f_ava->aa_desc, ids );
break;
case LDAP_FILTER_NOT:
@@ -180,21 +195,19 @@ bdb_filter_candidates(
case LDAP_FILTER_AND:
Debug( LDAP_DEBUG_FILTER, "\tAND\n", 0, 0, 0 );
- rc = list_candidates( op,
+ rc = list_candidates( op, locker,
f->f_and, LDAP_FILTER_AND, ids, tmp, stack );
break;
case LDAP_FILTER_OR:
Debug( LDAP_DEBUG_FILTER, "\tOR\n", 0, 0, 0 );
- rc = list_candidates( op,
+ rc = list_candidates( op, locker,
f->f_or, LDAP_FILTER_OR, ids, tmp, stack );
break;
-#ifdef LDAP_COMP_MATCH
case LDAP_FILTER_EXT:
Debug( LDAP_DEBUG_FILTER, "\tEXT\n", 0, 0, 0 );
- rc = ext_candidates( op, f->f_mra, ids, tmp, stack );
+ rc = ext_candidates( op, locker, f->f_mra, ids, tmp, stack );
break;
-#endif
default:
Debug( LDAP_DEBUG_FILTER, "\tUNKNOWN %lu\n",
(unsigned long) f->f_choice, 0, 0 );
@@ -204,6 +217,7 @@ bdb_filter_candidates(
}
}
+out:
Debug( LDAP_DEBUG_FILTER,
"<= bdb_filter_candidates: id=%ld first=%ld last=%ld\n",
(long) ids[0],
@@ -217,6 +231,7 @@ bdb_filter_candidates(
static int
comp_list_candidates(
Operation *op,
+ u_int32_t locker,
MatchingRuleAssertion* mra,
ComponentFilter *flist,
int ftype,
@@ -235,7 +250,7 @@ comp_list_candidates(
continue;
}
BDB_IDL_ZERO( save );
- rc = comp_candidates( op, mra, f, save, tmp, save+BDB_IDL_UM_SIZE );
+ rc = comp_candidates( op, locker, mra, f, save, tmp, save+BDB_IDL_UM_SIZE );
if ( rc != 0 ) {
if ( ftype == LDAP_COMP_FILTER_AND ) {
@@ -281,6 +296,7 @@ comp_list_candidates(
static int
comp_equality_candidates (
Operation *op,
+ u_int32_t locker,
MatchingRuleAssertion *mra,
ComponentAssertion *ca,
ID *ids,
@@ -357,7 +373,7 @@ comp_equality_candidates (
return 0;
}
for ( i= 0; keys[i].bv_val != NULL; i++ ) {
- rc = bdb_key_read( op->o_bd, db, NULL, &keys[i], tmp, NULL, 0 );
+ rc = bdb_key_read( op->o_bd, db, locker, &keys[i], tmp, NULL, 0 );
if( rc == DB_NOTFOUND ) {
BDB_IDL_ZERO( ids );
@@ -394,6 +410,7 @@ comp_equality_candidates (
static int
ava_comp_candidates (
Operation *op,
+ u_int32_t locker,
AttributeAssertion *ava,
AttributeAliasing *aa,
ID *ids,
@@ -411,12 +428,13 @@ ava_comp_candidates (
mra.ma_desc = aa->aa_aliased_ad;
mra.ma_rule = ava->aa_desc->ad_type->sat_equality;
- return comp_candidates ( op, &mra, ava->aa_cf, ids, tmp, stack );
+ return comp_candidates ( op, locker, &mra, ava->aa_cf, ids, tmp, stack );
}
static int
comp_candidates (
Operation *op,
+ u_int32_t locker,
MatchingRuleAssertion *mra,
ComponentFilter *f,
ID *ids,
@@ -433,10 +451,10 @@ comp_candidates (
rc = f->cf_result;
break;
case LDAP_COMP_FILTER_AND:
- rc = comp_list_candidates( op, mra, f->cf_and, LDAP_COMP_FILTER_AND, ids, tmp, stack );
+ rc = comp_list_candidates( op, locker, mra, f->cf_and, LDAP_COMP_FILTER_AND, ids, tmp, stack );
break;
case LDAP_COMP_FILTER_OR:
- rc = comp_list_candidates( op, mra, f->cf_or, LDAP_COMP_FILTER_OR, ids, tmp, stack );
+ rc = comp_list_candidates( op, locker, mra, f->cf_or, LDAP_COMP_FILTER_OR, ids, tmp, stack );
break;
case LDAP_COMP_FILTER_NOT:
/* No component indexing supported for NOT filter */
@@ -448,7 +466,7 @@ comp_candidates (
rc = LDAP_PROTOCOL_ERROR;
break;
case LDAP_COMP_FILTER_ITEM:
- rc = comp_equality_candidates( op, mra, f->cf_ca, ids, tmp, stack );
+ rc = comp_equality_candidates( op, locker, mra, f->cf_ca, ids, tmp, stack );
break;
default:
{
@@ -460,32 +478,91 @@ comp_candidates (
return( rc );
}
+#endif
static int
ext_candidates(
Operation *op,
+ u_int32_t locker,
MatchingRuleAssertion *mra,
ID *ids,
ID *tmp,
ID *stack)
{
+ struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+
+#ifdef LDAP_COMP_MATCH
/*
* Currently Only Component Indexing for componentFilterMatch is supported
* Indexing for an extensible filter is not supported yet
*/
- if ( !mra->ma_cf ) {
- struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
- BDB_IDL_ALL( bdb, ids );
- return 0;
+ if ( mra->ma_cf ) {
+ return comp_candidates ( op, locker, mra, mra->ma_cf, ids, tmp, stack);
}
+#endif
+ if ( mra->ma_desc == slap_schema.si_ad_entryDN ) {
+ int rc;
+ EntryInfo *ei;
- return comp_candidates ( op, mra, mra->ma_cf, ids, tmp, stack);
+ BDB_IDL_ZERO( ids );
+ if ( mra->ma_rule == slap_schema.si_mr_distinguishedNameMatch ) {
+ ei = NULL;
+ rc = bdb_cache_find_ndn( op, NULL, &mra->ma_value, &ei );
+ if ( rc == LDAP_SUCCESS )
+ bdb_idl_insert( ids, ei->bei_id );
+ if ( ei )
+ bdb_cache_entryinfo_unlock( ei );
+ return 0;
+ } else if ( mra->ma_rule && mra->ma_rule->smr_match ==
+ dnRelativeMatch && dnIsSuffix( &mra->ma_value,
+ op->o_bd->be_nsuffix )) {
+ int scope;
+ if ( mra->ma_rule == slap_schema.si_mr_dnSuperiorMatch ) {
+ struct berval pdn;
+ ei = NULL;
+ dnParent( &mra->ma_value, &pdn );
+ bdb_cache_find_ndn( op, NULL, &pdn, &ei );
+ if ( ei ) {
+ bdb_cache_entryinfo_unlock( ei );
+ while ( ei && ei->bei_id ) {
+ bdb_idl_insert( ids, ei->bei_id );
+ ei = ei->bei_parent;
+ }
+ }
+ return 0;
+ }
+ if ( mra->ma_rule == slap_schema.si_mr_dnSubtreeMatch )
+ scope = LDAP_SCOPE_SUBTREE;
+ else if ( mra->ma_rule == slap_schema.si_mr_dnOneLevelMatch )
+ scope = LDAP_SCOPE_ONELEVEL;
+ else if ( mra->ma_rule == slap_schema.si_mr_dnSubordinateMatch )
+ scope = LDAP_SCOPE_SUBORDINATE;
+ else
+ scope = LDAP_SCOPE_BASE;
+ if ( scope > LDAP_SCOPE_BASE ) {
+ ei = NULL;
+ rc = bdb_cache_find_ndn( op, NULL, &mra->ma_value, &ei );
+ if ( ei )
+ bdb_cache_entryinfo_unlock( ei );
+ if ( rc == LDAP_SUCCESS ) {
+ int sc = op->ors_scope;
+ op->ors_scope = scope;
+ rc = bdb_dn2idl( op, locker, &mra->ma_value, ei, ids,
+ stack );
+ }
+ return 0;
+ }
+ }
+ }
+
+ BDB_IDL_ALL( bdb, ids );
+ return 0;
}
-#endif
static int
list_candidates(
Operation *op,
+ u_int32_t locker,
Filter *flist,
int ftype,
ID *ids,
@@ -503,7 +580,7 @@ list_candidates(
continue;
}
BDB_IDL_ZERO( save );
- rc = bdb_filter_candidates( op, f, save, tmp,
+ rc = bdb_filter_candidates( op, locker, f, save, tmp,
save+BDB_IDL_UM_SIZE );
if ( rc != 0 ) {
@@ -551,6 +628,7 @@ list_candidates(
static int
presence_candidates(
Operation *op,
+ u_int32_t locker,
AttributeDescription *desc,
ID *ids )
{
@@ -595,7 +673,7 @@ presence_candidates(
return -1;
}
- rc = bdb_key_read( op->o_bd, db, NULL, &prefix, ids, NULL, 0 );
+ rc = bdb_key_read( op->o_bd, db, locker, &prefix, ids, NULL, 0 );
if( rc == DB_NOTFOUND ) {
BDB_IDL_ZERO( ids );
@@ -621,6 +699,7 @@ done:
static int
equality_candidates(
Operation *op,
+ u_int32_t locker,
AttributeAssertion *ava,
ID *ids,
ID *tmp )
@@ -691,7 +770,7 @@ equality_candidates(
}
for ( i= 0; keys[i].bv_val != NULL; i++ ) {
- rc = bdb_key_read( op->o_bd, db, NULL, &keys[i], tmp, NULL, 0 );
+ rc = bdb_key_read( op->o_bd, db, locker, &keys[i], tmp, NULL, 0 );
if( rc == DB_NOTFOUND ) {
BDB_IDL_ZERO( ids );
@@ -737,6 +816,7 @@ equality_candidates(
static int
approx_candidates(
Operation *op,
+ u_int32_t locker,
AttributeAssertion *ava,
ID *ids,
ID *tmp )
@@ -812,7 +892,7 @@ approx_candidates(
}
for ( i= 0; keys[i].bv_val != NULL; i++ ) {
- rc = bdb_key_read( op->o_bd, db, NULL, &keys[i], tmp, NULL, 0 );
+ rc = bdb_key_read( op->o_bd, db, locker, &keys[i], tmp, NULL, 0 );
if( rc == DB_NOTFOUND ) {
BDB_IDL_ZERO( ids );
@@ -856,6 +936,7 @@ approx_candidates(
static int
substring_candidates(
Operation *op,
+ u_int32_t locker,
SubstringsAssertion *sub,
ID *ids,
ID *tmp )
@@ -927,7 +1008,7 @@ substring_candidates(
}
for ( i= 0; keys[i].bv_val != NULL; i++ ) {
- rc = bdb_key_read( op->o_bd, db, NULL, &keys[i], tmp, NULL, 0 );
+ rc = bdb_key_read( op->o_bd, db, locker, &keys[i], tmp, NULL, 0 );
if( rc == DB_NOTFOUND ) {
BDB_IDL_ZERO( ids );
@@ -971,6 +1052,7 @@ substring_candidates(
static int
inequality_candidates(
Operation *op,
+ u_int32_t locker,
AttributeAssertion *ava,
ID *ids,
ID *tmp,
@@ -1043,7 +1125,7 @@ inequality_candidates(
BDB_IDL_ZERO( ids );
while(1) {
- rc = bdb_key_read( op->o_bd, db, NULL, &keys[0], tmp, &cursor, gtorlt );
+ rc = bdb_key_read( op->o_bd, db, locker, &keys[0], tmp, &cursor, gtorlt );
if( rc == DB_NOTFOUND ) {
rc = 0;
diff --git a/servers/slapd/back-bdb/id2entry.c b/servers/slapd/back-bdb/id2entry.c
index 8e670b955db863f0348082f4caac50999e597a34..5c693c14a74040f2c712729cf8df8b6fd9e96380 100644
--- a/servers/slapd/back-bdb/id2entry.c
+++ b/servers/slapd/back-bdb/id2entry.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -260,14 +260,13 @@ int bdb_entry_release(
/* lock is freed with txn */
if ( !boi || boi->boi_txn ) {
- bdb_unlocked_cache_return_entry_rw( &bdb->bi_cache, e, rw );
+ bdb_unlocked_cache_return_entry_rw( bdb, e, rw );
} else {
struct bdb_lock_info *bli, *prev;
for ( prev=(struct bdb_lock_info *)&boi->boi_locks,
bli = boi->boi_locks; bli; prev=bli, bli=bli->bli_next ) {
if ( bli->bli_id == e->e_id ) {
- bdb_cache_return_entry_rw( bdb->bi_dbenv, &bdb->bi_cache,
- e, rw, &bli->bli_lock );
+ bdb_cache_return_entry_rw( bdb, e, rw, &bli->bli_lock );
prev->bli_next = bli->bli_next;
op->o_tmpfree( bli, op->o_tmpmemctx );
break;
@@ -385,21 +384,6 @@ dn2entry_retry:
"=> bdb_entry_get: found entry: \"%s\"\n",
ndn->bv_val, 0, 0 );
- /* find attribute values */
- if( is_entry_alias( e ) ) {
- Debug( LDAP_DEBUG_ACL,
- "<= bdb_entry_get: entry is an alias\n", 0, 0, 0 );
- rc = LDAP_ALIAS_PROBLEM;
- goto return_results;
- }
-
- if( is_entry_referral( e ) ) {
- Debug( LDAP_DEBUG_ACL,
- "<= bdb_entry_get: entry is a referral\n", 0, 0, 0 );
- rc = LDAP_REFERRAL;
- goto return_results;
- }
-
if ( oc && !is_entry_objectclass( e, oc, 0 )) {
Debug( LDAP_DEBUG_ACL,
"<= bdb_entry_get: failed to find objectClass %s\n",
@@ -411,7 +395,7 @@ dn2entry_retry:
return_results:
if( rc != LDAP_SUCCESS ) {
/* free entry */
- bdb_cache_return_entry_rw(bdb->bi_dbenv, &bdb->bi_cache, e, rw, &lock);
+ bdb_cache_return_entry_rw(bdb, e, rw, &lock);
} else {
if ( slapMode == SLAP_SERVER_MODE ) {
@@ -438,7 +422,7 @@ return_results:
}
} else {
*ent = entry_dup( e );
- bdb_cache_return_entry_rw(bdb->bi_dbenv, &bdb->bi_cache, e, rw, &lock);
+ bdb_cache_return_entry_rw(bdb, e, rw, &lock);
}
}
diff --git a/servers/slapd/back-bdb/idl.c b/servers/slapd/back-bdb/idl.c
index 9e55ef3ca3b44a6f6a595e5d070f51e82f4bc6f0..c84486d79040e2ddc2a5aa79cd3351680f0eff5d 100644
--- a/servers/slapd/back-bdb/idl.c
+++ b/servers/slapd/back-bdb/idl.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -28,28 +28,10 @@
#define IDL_CMP(x,y) ( x < y ? -1 : ( x > y ? 1 : 0 ) )
#define IDL_LRU_DELETE( bdb, e ) do { \
- if ( e->idl_lru_prev != NULL ) { \
- e->idl_lru_prev->idl_lru_next = e->idl_lru_next; \
- } else { \
- bdb->bi_idl_lru_head = e->idl_lru_next; \
- } \
- if ( e->idl_lru_next != NULL ) { \
- e->idl_lru_next->idl_lru_prev = e->idl_lru_prev; \
- } else { \
- bdb->bi_idl_lru_tail = e->idl_lru_prev; \
- } \
-} while ( 0 )
-
-#define IDL_LRU_ADD( bdb, e ) do { \
- e->idl_lru_next = bdb->bi_idl_lru_head; \
- if ( e->idl_lru_next != NULL ) { \
- e->idl_lru_next->idl_lru_prev = (e); \
- } \
- (bdb)->bi_idl_lru_head = (e); \
- e->idl_lru_prev = NULL; \
- if ( (bdb)->bi_idl_lru_tail == NULL ) { \
- (bdb)->bi_idl_lru_tail = (e); \
- } \
+ if ( e == bdb->bi_idl_lru_head ) bdb->bi_idl_lru_head = e->idl_lru_next; \
+ if ( e == bdb->bi_idl_lru_tail ) bdb->bi_idl_lru_tail = e->idl_lru_prev; \
+ e->idl_lru_next->idl_lru_prev = e->idl_lru_prev; \
+ e->idl_lru_prev->idl_lru_next = e->idl_lru_next; \
} while ( 0 )
static int
@@ -317,10 +299,7 @@ bdb_idl_cache_get(
if ( matched_idl_entry != NULL ) {
if ( matched_idl_entry->idl && ids )
BDB_IDL_CPY( ids, matched_idl_entry->idl );
- ldap_pvt_thread_mutex_lock( &bdb->bi_idl_tree_lrulock );
- IDL_LRU_DELETE( bdb, matched_idl_entry );
- IDL_LRU_ADD( bdb, matched_idl_entry );
- ldap_pvt_thread_mutex_unlock( &bdb->bi_idl_tree_lrulock );
+ matched_idl_entry->idl_flags |= CACHE_ENTRY_REFERENCED;
if ( matched_idl_entry->idl )
rc = LDAP_SUCCESS;
else
@@ -340,7 +319,7 @@ bdb_idl_cache_put(
int rc )
{
bdb_idl_cache_entry_t idl_tmp;
- bdb_idl_cache_entry_t *ee;
+ bdb_idl_cache_entry_t *ee, *eprev;
if ( rc == DB_NOTFOUND || BDB_IDL_IS_ZERO( ids ))
return;
@@ -355,6 +334,7 @@ bdb_idl_cache_put(
ee->idl_lru_prev = NULL;
ee->idl_lru_next = NULL;
+ ee->idl_flags = 0;
ber_dupbv( &ee->kstr, &idl_tmp.kstr );
ldap_pvt_thread_rdwr_wlock( &bdb->bi_idl_tree_rwlock );
if ( avl_insert( &bdb->bi_idl_tree, (caddr_t) ee,
@@ -367,11 +347,27 @@ bdb_idl_cache_put(
return;
}
ldap_pvt_thread_mutex_lock( &bdb->bi_idl_tree_lrulock );
- IDL_LRU_ADD( bdb, ee );
+ /* LRU_ADD */
+ if ( bdb->bi_idl_lru_head ) {
+ ee->idl_lru_next = bdb->bi_idl_lru_head;
+ ee->idl_lru_prev = bdb->bi_idl_lru_head->idl_lru_prev;
+ bdb->bi_idl_lru_head->idl_lru_prev->idl_lru_next = ee;
+ bdb->bi_idl_lru_head->idl_lru_prev = ee;
+ } else {
+ ee->idl_lru_next = ee->idl_lru_prev = ee;
+ bdb->bi_idl_lru_tail = ee;
+ }
+ bdb->bi_idl_lru_head = ee;
+
if ( ++bdb->bi_idl_cache_size > bdb->bi_idl_cache_max_size ) {
- int i = 0;
- while ( bdb->bi_idl_lru_tail != NULL && i < 10 ) {
- ee = bdb->bi_idl_lru_tail;
+ int i;
+ ee = bdb->bi_idl_lru_tail;
+ for ( i = 0; i < 10; i++, ee = eprev ) {
+ eprev = ee->idl_lru_prev;
+ if ( ee->idl_flags & CACHE_ENTRY_REFERENCED ) {
+ ee->idl_flags ^= CACHE_ENTRY_REFERENCED;
+ continue;
+ }
if ( avl_delete( &bdb->bi_idl_tree, (caddr_t) ee,
bdb_idl_entry_cmp ) == NULL ) {
Debug( LDAP_DEBUG_ANY, "=> bdb_idl_cache_put: "
@@ -385,8 +381,8 @@ bdb_idl_cache_put(
ch_free( ee->idl );
ch_free( ee );
}
+ bdb->bi_idl_lru_tail = eprev;
}
-
ldap_pvt_thread_mutex_unlock( &bdb->bi_idl_tree_lrulock );
ldap_pvt_thread_rdwr_wunlock( &bdb->bi_idl_tree_rwlock );
}
@@ -484,7 +480,7 @@ int
bdb_idl_fetch_key(
BackendDB *be,
DB *db,
- DB_TXN *tid,
+ u_int32_t locker,
DBT *key,
ID *ids,
DBC **saved_cursor,
@@ -557,12 +553,13 @@ bdb_idl_fetch_key(
/* If we're not reusing an existing cursor, get a new one */
if( opflag != DB_NEXT ) {
- rc = db->cursor( db, tid, &cursor, bdb->bi_db_opflags );
+ rc = db->cursor( db, NULL, &cursor, bdb->bi_db_opflags );
if( rc != 0 ) {
Debug( LDAP_DEBUG_ANY, "=> bdb_idl_fetch_key: "
"cursor failed: %s (%d)\n", db_strerror(rc), rc, 0 );
return rc;
}
+ cursor->locker = locker;
} else {
cursor = *saved_cursor;
}
diff --git a/servers/slapd/back-bdb/idl.h b/servers/slapd/back-bdb/idl.h
index 432e1f34e2e319ef53ef9c01e73fdb28346d6e6c..93337bb1bdfa5c1360c0739f7b8981016652eafc 100644
--- a/servers/slapd/back-bdb/idl.h
+++ b/servers/slapd/back-bdb/idl.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-bdb/index.c b/servers/slapd/back-bdb/index.c
index de4cf3d8363c3bb17e5d08da083252a18233ce3b..94d181de7e3dfe7a86d20d4f37228731d042a97b 100644
--- a/servers/slapd/back-bdb/index.c
+++ b/servers/slapd/back-bdb/index.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -482,8 +482,8 @@ bdb_index_entry(
AttrInfo *ai;
/* see if attribute has components to be indexed */
ai = bdb_attr_mask( op->o_bd->be_private, ap->a_desc->ad_type->sat_ad );
- if ( ai ) cr_list = ai->ai_cr;
- else cr_list = NULL;
+ if ( !ai ) continue;
+ cr_list = ai->ai_cr;
if ( attr_converter && cr_list ) {
syn = ap->a_desc->ad_type->sat_syntax;
ap->a_comp_data = op->o_tmpalloc( sizeof( ComponentData ), op->o_tmpmemctx );
diff --git a/servers/slapd/back-bdb/init.c b/servers/slapd/back-bdb/init.c
index c01a5136e8598d6981781a5ac5afa980631beb34..e4566c67bed7531c30bf5004810536888d390116 100644
--- a/servers/slapd/back-bdb/init.c
+++ b/servers/slapd/back-bdb/init.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -71,13 +71,23 @@ bdb_db_init( BackendDB *be )
#ifdef BDB_HIER
ldap_pvt_thread_mutex_init( &bdb->bi_modrdns_mutex );
#endif
- ldap_pvt_thread_mutex_init( &bdb->bi_cache.lru_head_mutex );
- ldap_pvt_thread_mutex_init( &bdb->bi_cache.lru_tail_mutex );
+ ldap_pvt_thread_mutex_init( &bdb->bi_cache.c_lru_mutex );
+ ldap_pvt_thread_mutex_init( &bdb->bi_cache.c_count_mutex );
+ ldap_pvt_thread_mutex_init( &bdb->bi_cache.c_eifree_mutex );
ldap_pvt_thread_mutex_init( &bdb->bi_cache.c_dntree.bei_kids_mutex );
ldap_pvt_thread_rdwr_init ( &bdb->bi_cache.c_rwlock );
ldap_pvt_thread_rdwr_init( &bdb->bi_idl_tree_rwlock );
ldap_pvt_thread_mutex_init( &bdb->bi_idl_tree_lrulock );
+ {
+ Entry *e = entry_alloc();
+ e->e_id = 0;
+ e->e_private = &bdb->bi_cache.c_dntree;
+ BER_BVSTR( &e->e_name, "" );
+ BER_BVSTR( &e->e_nname, "" );
+ bdb->bi_cache.c_dntree.bei_e = e;
+ }
+
be->be_private = bdb;
be->be_cf_ocs = be->bd_info->bi_cf_ocs;
@@ -471,18 +481,18 @@ bdb_db_close( BackendDB *be )
bdb_cache_release_all (&bdb->bi_cache);
- if ( bdb->bi_idl_cache_max_size ) {
+ if ( bdb->bi_idl_cache_size ) {
avl_free( bdb->bi_idl_tree, NULL );
bdb->bi_idl_tree = NULL;
entry = bdb->bi_idl_lru_head;
- while ( entry != NULL ) {
+ do {
next_entry = entry->idl_lru_next;
if ( entry->idl )
free( entry->idl );
free( entry->kstr.bv_val );
free( entry );
entry = next_entry;
- }
+ } while ( entry != bdb->bi_idl_lru_head );
bdb->bi_idl_lru_head = bdb->bi_idl_lru_tail = NULL;
}
@@ -493,7 +503,9 @@ bdb_db_close( BackendDB *be )
XLOCK_ID_FREE(bdb->bi_dbenv, bdb->bi_cache.c_locker);
bdb->bi_cache.c_locker = 0;
}
-
+#ifdef BDB_REUSE_LOCKERS
+ bdb_locker_flush( bdb->bi_dbenv );
+#endif
/* force a checkpoint, but not if we were ReadOnly,
* and not in Quick mode since there are no transactions there.
*/
@@ -540,8 +552,9 @@ bdb_db_destroy( BackendDB *be )
bdb_attr_index_destroy( bdb );
ldap_pvt_thread_rdwr_destroy ( &bdb->bi_cache.c_rwlock );
- ldap_pvt_thread_mutex_destroy( &bdb->bi_cache.lru_head_mutex );
- ldap_pvt_thread_mutex_destroy( &bdb->bi_cache.lru_tail_mutex );
+ ldap_pvt_thread_mutex_destroy( &bdb->bi_cache.c_lru_mutex );
+ ldap_pvt_thread_mutex_destroy( &bdb->bi_cache.c_count_mutex );
+ ldap_pvt_thread_mutex_destroy( &bdb->bi_cache.c_eifree_mutex );
ldap_pvt_thread_mutex_destroy( &bdb->bi_cache.c_dntree.bei_kids_mutex );
#ifdef BDB_HIER
ldap_pvt_thread_mutex_destroy( &bdb->bi_modrdns_mutex );
@@ -551,6 +564,16 @@ bdb_db_destroy( BackendDB *be )
ldap_pvt_thread_rdwr_destroy( &bdb->bi_idl_tree_rwlock );
ldap_pvt_thread_mutex_destroy( &bdb->bi_idl_tree_lrulock );
+ {
+ Entry *e;
+ e = bdb->bi_cache.c_dntree.bei_e;
+ bdb->bi_cache.c_dntree.bei_e = NULL;
+ e->e_private = NULL;
+ BER_BVZERO( &e->e_name );
+ BER_BVZERO( &e->e_nname );
+ entry_free( e );
+ }
+
ch_free( bdb );
be->be_private = NULL;
diff --git a/servers/slapd/back-bdb/key.c b/servers/slapd/back-bdb/key.c
index 37fe1219e00de93512971ca005c7b80799233449..7128a6c5dbd182d583c8d010ba2a43246df767cb 100644
--- a/servers/slapd/back-bdb/key.c
+++ b/servers/slapd/back-bdb/key.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -30,7 +30,7 @@ int
bdb_key_read(
Backend *be,
DB *db,
- DB_TXN *txn,
+ u_int32_t locker,
struct berval *k,
ID *ids,
DBC **saved_cursor,
@@ -47,7 +47,7 @@ bdb_key_read(
key.ulen = key.size;
key.flags = DB_DBT_USERMEM;
- rc = bdb_idl_fetch_key( be, db, txn, &key, ids, saved_cursor, get_flag );
+ rc = bdb_idl_fetch_key( be, db, locker, &key, ids, saved_cursor, get_flag );
if( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, "<= bdb_index_read: failed (%d)\n",
diff --git a/servers/slapd/back-bdb/modify.c b/servers/slapd/back-bdb/modify.c
index a17948dfcf542e97218b92c533f610f61743debc..408ad24f6a4d1454d2366884790b75c6e0bddd79 100644
--- a/servers/slapd/back-bdb/modify.c
+++ b/servers/slapd/back-bdb/modify.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -205,13 +205,13 @@ int bdb_modify_internal(
}
/* check that the entry still obeys the schema */
- rc = entry_schema_check( op, e, save_attrs, get_relax(op),
+ rc = entry_schema_check( op, e, save_attrs, get_relax(op), 0,
text, textbuf, textlen );
if ( rc != LDAP_SUCCESS || op->o_noop ) {
attrs_free( e->e_attrs );
/* clear the indexing flags */
for ( ap = save_attrs; ap != NULL; ap = ap->a_next ) {
- ap->a_flags = 0;
+ ap->a_flags &= ~(SLAP_ATTR_IXADD|SLAP_ATTR_IXDEL);
}
e->e_attrs = save_attrs;
@@ -600,7 +600,7 @@ retry: /* transaction retry */
attrs_free( dummy.e_attrs );
} else {
- rc = bdb_cache_modify( e, dummy.e_attrs, bdb->bi_dbenv, locker, &lock );
+ rc = bdb_cache_modify( bdb, e, dummy.e_attrs, locker, &lock );
switch( rc ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
@@ -640,7 +640,7 @@ return_results:
}
send_ldap_result( op, rs );
- if( rs->sr_err == LDAP_SUCCESS && bdb->bi_txn_cp ) {
+ if( rs->sr_err == LDAP_SUCCESS && bdb->bi_txn_cp_kbyte ) {
TXN_CHECKPOINT( bdb->bi_dbenv,
bdb->bi_txn_cp_kbyte, bdb->bi_txn_cp_min, 0 );
}
diff --git a/servers/slapd/back-bdb/modrdn.c b/servers/slapd/back-bdb/modrdn.c
index 4ea518e90011d558acf74f266e21538e3e4f3d4a..1497a19822f5ac2c82003eea9f37171ce3635837 100644
--- a/servers/slapd/back-bdb/modrdn.c
+++ b/servers/slapd/back-bdb/modrdn.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -783,7 +783,7 @@ return_results:
}
send_ldap_result( op, rs );
- if( rs->sr_err == LDAP_SUCCESS && bdb->bi_txn_cp ) {
+ if( rs->sr_err == LDAP_SUCCESS && bdb->bi_txn_cp_kbyte ) {
TXN_CHECKPOINT( bdb->bi_dbenv,
bdb->bi_txn_cp_kbyte, bdb->bi_txn_cp_min, 0 );
}
diff --git a/servers/slapd/back-bdb/monitor.c b/servers/slapd/back-bdb/monitor.c
index fd8d308362a96796350ea5a76af813c1f227ab22..9114fac70b8ade71f5b883173f4b6eb4ddca6251 100644
--- a/servers/slapd/back-bdb/monitor.c
+++ b/servers/slapd/back-bdb/monitor.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -27,6 +27,8 @@
#include "../back-monitor/back-monitor.h"
+#include "config.h"
+
static ObjectClass *oc_olmBDBDatabase;
static AttributeDescription *ad_olmBDBEntryCache,
@@ -65,7 +67,7 @@ static struct {
"DESC 'Number of items in Entry Cache' "
"SUP monitorCounter "
"NO-USER-MODIFICATION "
- "USAGE directoryOperation )",
+ "USAGE dSAOperation )",
&ad_olmBDBEntryCache },
{ "( olmBDBAttributes:2 "
@@ -73,7 +75,7 @@ static struct {
"DESC 'Number of items in EntryInfo Cache' "
"SUP monitorCounter "
"NO-USER-MODIFICATION "
- "USAGE directoryOperation )",
+ "USAGE dSAOperation )",
&ad_olmBDBEntryInfo },
{ "( olmBDBAttributes:3 "
@@ -81,7 +83,7 @@ static struct {
"DESC 'Number of items in IDL Cache' "
"SUP monitorCounter "
"NO-USER-MODIFICATION "
- "USAGE directoryOperation )",
+ "USAGE dSAOperation )",
&ad_olmBDBIDLCache },
{ "( olmBDBAttributes:4 "
@@ -90,7 +92,7 @@ static struct {
"where the database environment resides' "
"SUP monitoredInfo "
"NO-USER-MODIFICATION "
- "USAGE directoryOperation )",
+ "USAGE dSAOperation )",
&ad_olmDbDirectory },
{ NULL }
@@ -150,6 +152,7 @@ bdb_monitor_update(
return SLAP_CB_CONTINUE;
}
+#if 0 /* uncomment if required */
static int
bdb_monitor_modify(
Operation *op,
@@ -159,11 +162,12 @@ bdb_monitor_modify(
{
return SLAP_CB_CONTINUE;
}
+#endif
static int
bdb_monitor_free(
Entry *e,
- void *priv )
+ void **priv )
{
struct berval values[ 2 ];
Modification mod = { 0 };
@@ -174,6 +178,7 @@ bdb_monitor_free(
int i, rc;
/* NOTE: if slap_shutdown != 0, priv might have already been freed */
+ *priv = NULL;
/* Remove objectClass */
mod.sm_op = LDAP_MOD_DELETE;
@@ -207,6 +212,8 @@ static int
bdb_monitor_initialize( void )
{
int i, code;
+ ConfigArgs c;
+ char *argv[ 3 ];
static int bdb_monitor_initialized = 0;
@@ -220,14 +227,17 @@ bdb_monitor_initialize( void )
/* register schema here */
+ argv[ 0 ] = "back-bdb/back-hdb monitor";
+ c.argv = argv;
+ c.argc = 3;
+ c.fname = argv[0];
+
for ( i = 0; s_oid[ i ].name; i++ ) {
- char *argv[ 3 ];
-
- argv[ 0 ] = "back-bdb/back-hdb monitor";
+ c.lineno = i;
argv[ 1 ] = s_oid[ i ].name;
argv[ 2 ] = s_oid[ i ].oid;
- if ( parse_oidm( argv[ 0 ], i, 3, argv, 0, NULL ) != 0 ) {
+ if ( parse_oidm( &c, 0, NULL ) != 0 ) {
Debug( LDAP_DEBUG_ANY,
"bdb_monitor_initialize: unable to add "
"objectIdentifier \"%s=%s\"\n",
diff --git a/servers/slapd/back-bdb/nextid.c b/servers/slapd/back-bdb/nextid.c
index 8d300488a7e7841b8b80142f7a695e4d7c56abcf..c87c2b68f7dd1d0ab4c16160081ae04069a7df32 100644
--- a/servers/slapd/back-bdb/nextid.c
+++ b/servers/slapd/back-bdb/nextid.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-bdb/operational.c b/servers/slapd/back-bdb/operational.c
index ad23046d62a60fa89f7fd59b1f5418051f1a6ceb..1890975a8f2a8baa11deac4f77575e1c53d9c1be 100644
--- a/servers/slapd/back-bdb/operational.c
+++ b/servers/slapd/back-bdb/operational.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-bdb/proto-bdb.h b/servers/slapd/back-bdb/proto-bdb.h
index cffda2426e210a9e532f3f3e917c74f52cca1642..77aaf6c68853f4d8deb82202b8ad8e6f1068a9f8 100644
--- a/servers/slapd/back-bdb/proto-bdb.h
+++ b/servers/slapd/back-bdb/proto-bdb.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -120,7 +120,9 @@ int bdb_dn2id_children(
int bdb_dn2idl(
Operation *op,
- Entry *e,
+ u_int32_t locker,
+ struct berval *ndn,
+ EntryInfo *ei,
ID *ids,
ID *stack );
@@ -166,6 +168,7 @@ char *ebcdic_dberror( int rc );
int bdb_filter_candidates(
Operation *op,
+ u_int32_t locker,
Filter *f,
ID *ids,
ID *tmp,
@@ -282,7 +285,7 @@ unsigned bdb_idl_search( ID *ids, ID id );
int bdb_idl_fetch_key(
BackendDB *be,
DB *db,
- DB_TXN *tid,
+ u_int32_t locker,
DBT *key,
ID *ids,
DBC **saved_cursor,
@@ -388,7 +391,7 @@ extern int
bdb_key_read(
Backend *be,
DB *db,
- DB_TXN *txn,
+ u_int32_t locker,
struct berval *k,
ID *ids,
DBC **saved_cursor,
@@ -449,25 +452,27 @@ int bdb_monitor_db_destroy( BackendDB *be );
ldap_pvt_thread_mutex_lock( &(e)->bei_kids_mutex )
#define bdb_cache_entryinfo_unlock(e) \
ldap_pvt_thread_mutex_unlock( &(e)->bei_kids_mutex )
+#define bdb_cache_entryinfo_trylock(e) \
+ ldap_pvt_thread_mutex_trylock( &(e)->bei_kids_mutex )
/* What a mess. Hopefully the current cache scheme will stabilize
* and we can trim out all of this stuff.
*/
#if 0
-void bdb_cache_return_entry_rw( DB_ENV *env, Cache *cache, Entry *e,
+void bdb_cache_return_entry_rw( struct bdb_info *bdb, Entry *e,
int rw, DB_LOCK *lock );
#else
-#define bdb_cache_return_entry_rw( env, cache, e, rw, lock ) \
- bdb_cache_entry_db_unlock( env, lock )
-#define bdb_cache_return_entry( env, lock ) \
- bdb_cache_entry_db_unlock( env, lock )
+#define bdb_cache_return_entry_rw( bdb, e, rw, lock ) \
+ bdb_cache_entry_db_unlock( bdb, lock )
+#define bdb_cache_return_entry( bdb, lock ) \
+ bdb_cache_entry_db_unlock( bdb, lock )
#endif
-#define bdb_cache_return_entry_r(env, c, e, l) \
- bdb_cache_return_entry_rw((env), (c), (e), 0, (l))
-#define bdb_cache_return_entry_w(env, c, e, l) \
- bdb_cache_return_entry_rw((env), (c), (e), 1, (l))
+#define bdb_cache_return_entry_r(bdb, e, l) \
+ bdb_cache_return_entry_rw((bdb), (e), 0, (l))
+#define bdb_cache_return_entry_w(bdb, e, l) \
+ bdb_cache_return_entry_rw((bdb), (e), 1, (l))
#if 0
-void bdb_unlocked_cache_return_entry_rw( Cache *cache, Entry *e, int rw );
+void bdb_unlocked_cache_return_entry_rw( struct bdb_info *bdb, Entry *e, int rw );
#else
#define bdb_unlocked_cache_return_entry_rw( a, b, c ) ((void)0)
#endif
@@ -499,7 +504,8 @@ int bdb_cache_add(
EntryInfo *pei,
Entry *e,
struct berval *nrdn,
- u_int32_t locker
+ u_int32_t locker,
+ DB_LOCK *lock
);
int bdb_cache_modrdn(
struct bdb_info *bdb,
@@ -511,9 +517,9 @@ int bdb_cache_modrdn(
DB_LOCK *lock
);
int bdb_cache_modify(
+ struct bdb_info *bdb,
Entry *e,
Attribute *newAttrs,
- DB_ENV *env,
u_int32_t locker,
DB_LOCK *lock
);
@@ -545,9 +551,8 @@ bdb_cache_find_parent(
EntryInfo **res
);
int bdb_cache_delete(
- Cache *cache,
+ struct bdb_info *bdb,
Entry *e,
- DB_ENV *env,
u_int32_t locker,
DB_LOCK *lock
);
@@ -556,12 +561,6 @@ void bdb_cache_delete_cleanup(
EntryInfo *ei
);
void bdb_cache_release_all( Cache *cache );
-void bdb_cache_delete_entry(
- struct bdb_info *bdb,
- EntryInfo *ei,
- u_int32_t locker,
- DB_LOCK *lock
-);
#ifdef BDB_HIER
int hdb_cache_load(
@@ -573,7 +572,7 @@ int hdb_cache_load(
#define bdb_cache_entry_db_relock BDB_SYMBOL(cache_entry_db_relock)
int bdb_cache_entry_db_relock(
- DB_ENV *env,
+ struct bdb_info *bdb,
u_int32_t locker,
EntryInfo *ei,
int rw,
@@ -581,13 +580,15 @@ int bdb_cache_entry_db_relock(
DB_LOCK *lock );
int bdb_cache_entry_db_unlock(
- DB_ENV *env,
+ struct bdb_info *bdb,
DB_LOCK *lock );
#ifdef BDB_REUSE_LOCKERS
#define bdb_locker_id BDB_SYMBOL(locker_id)
+#define bdb_locker_flush BDB_SYMBOL(locker_flush)
int bdb_locker_id( Operation *op, DB_ENV *env, u_int32_t *locker );
+void bdb_locker_flush( DB_ENV *env );
#define LOCK_ID_FREE(env, locker) ((void)0)
#define LOCK_ID(env, locker) bdb_locker_id(op, env, locker)
diff --git a/servers/slapd/back-bdb/referral.c b/servers/slapd/back-bdb/referral.c
index 168da4677d54275fcad90ddae900b930be368ef7..d31056eebbc91bd0e28ea1e6ed1983e532ceaad7 100644
--- a/servers/slapd/back-bdb/referral.c
+++ b/servers/slapd/back-bdb/referral.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -102,7 +102,7 @@ dn2entry_retry:
}
}
- bdb_cache_return_entry_r (bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
+ bdb_cache_return_entry_r (bdb, e, &lock);
e = NULL;
} else if ( !be_issuffix( op->o_bd, &op->o_req_ndn ) && default_referral != NULL ) {
rc = LDAP_OTHER;
@@ -156,7 +156,7 @@ dn2entry_retry:
ber_bvarray_free( refs );
}
- bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
+ bdb_cache_return_entry_r(bdb, e, &lock);
LOCK_ID_FREE ( bdb->bi_dbenv, locker );
return rc;
}
diff --git a/servers/slapd/back-bdb/search.c b/servers/slapd/back-bdb/search.c
index 519b65dd6b786d0db3971b9ae36a71d3db838f8e..94dd7c87ae4eb34b86dc54402d68b708a08d4b4e 100644
--- a/servers/slapd/back-bdb/search.c
+++ b/servers/slapd/back-bdb/search.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -119,8 +119,7 @@ static Entry * deref_base (
/* Free the previous entry, continue to work with the
* one we just retrieved.
*/
- bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache,
- *matched, lock);
+ bdb_cache_return_entry_r( bdb, *matched, lock);
*lock = lockr;
/* We found a regular entry. Return this to the caller. The
@@ -185,7 +184,7 @@ static int search_aliases(
/* Find all aliases in database */
BDB_IDL_ZERO( aliases );
- rs->sr_err = bdb_filter_candidates( op, &af, aliases,
+ rs->sr_err = bdb_filter_candidates( op, locker, &af, aliases,
curscop, visited );
if (rs->sr_err != LDAP_SUCCESS) {
return rs->sr_err;
@@ -207,12 +206,12 @@ static int search_aliases(
* to the cumulative list of candidates.
*/
BDB_IDL_CPY( curscop, aliases );
- rs->sr_err = bdb_dn2idl( op, e, subscop,
+ rs->sr_err = bdb_dn2idl( op, locker, &e->e_nname, BEI(e), subscop,
subscop2+BDB_IDL_DB_SIZE );
if (first) {
first = 0;
} else {
- bdb_cache_return_entry_r (bdb->bi_dbenv, &bdb->bi_cache, e, &locka);
+ bdb_cache_return_entry_r (bdb, e, &locka);
}
BDB_IDL_CPY(subscop2, subscop);
rs->sr_err = bdb_idl_intersection(curscop, subscop);
@@ -238,8 +237,7 @@ retry1:
* turned into a range that spans IDs indiscriminately
*/
if (!is_entry_alias(a)) {
- bdb_cache_return_entry_r (bdb->bi_dbenv, &bdb->bi_cache,
- a, &lockr);
+ bdb_cache_return_entry_r (bdb, a, &lockr);
continue;
}
@@ -257,15 +255,13 @@ retry1:
bdb_idl_insert(newsubs, a->e_id);
bdb_idl_insert(scopes, a->e_id);
}
- bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache,
- a, &lockr);
+ bdb_cache_return_entry_r( bdb, a, &lockr);
} else if (matched) {
/* Alias could not be dereferenced, or it deref'd to
* an ID we've already seen. Ignore it.
*/
- bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache,
- matched, &lockr );
+ bdb_cache_return_entry_r( bdb, matched, &lockr );
rs->sr_text = NULL;
}
}
@@ -315,9 +311,9 @@ bdb_search( Operation *op, SlapReply *rs )
ID id, cursor;
ID candidates[BDB_IDL_UM_SIZE];
ID scopes[BDB_IDL_DB_SIZE];
- Entry *e = NULL, base, e_root = {0};
+ Entry *e = NULL, base, *e_root;
Entry *matched = NULL;
- EntryInfo *ei, ei_root = {0};
+ EntryInfo *ei;
struct berval realbase = BER_BVNULL;
slap_mask_t mask;
int manageDSAit;
@@ -352,15 +348,10 @@ bdb_search( Operation *op, SlapReply *rs )
}
}
+ e_root = bdb->bi_cache.c_dntree.bei_e;
if ( op->o_req_ndn.bv_len == 0 ) {
/* DIT root special case */
- ei_root.bei_e = &e_root;
- ei_root.bei_parent = &ei_root;
- e_root.e_private = &ei_root;
- e_root.e_id = 0;
- BER_BVSTR( &e_root.e_nname, "" );
- BER_BVSTR( &e_root.e_name, "" );
- ei = &ei_root;
+ ei = e_root->e_private;
rs->sr_err = LDAP_SUCCESS;
} else {
if ( op->ors_deref & LDAP_DEREF_FINDING ) {
@@ -405,8 +396,7 @@ dn2entry_retry:
if ( e ) {
build_new_dn( &op->o_req_ndn, &e->e_nname, &stub,
op->o_tmpmemctx );
- bdb_cache_return_entry_r (bdb->bi_dbenv, &bdb->bi_cache,
- e, &lock);
+ bdb_cache_return_entry_r (bdb, e, &lock);
matched = NULL;
goto dn2entry_retry;
}
@@ -444,8 +434,7 @@ dn2entry_retry:
#ifdef SLAP_ZONE_ALLOC
slap_zn_runlock(bdb->bi_cache.c_zctx, matched);
#endif
- bdb_cache_return_entry_r (bdb->bi_dbenv, &bdb->bi_cache,
- matched, &lock);
+ bdb_cache_return_entry_r (bdb, matched, &lock);
matched = NULL;
if ( erefs ) {
@@ -492,14 +481,14 @@ dn2entry_retry:
#ifdef SLAP_ZONE_ALLOC
slap_zn_runlock(bdb->bi_cache.c_zctx, e);
#endif
- if ( e != &e_root ) {
- bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
+ if ( e != e_root ) {
+ bdb_cache_return_entry_r(bdb, e, &lock);
}
send_ldap_result( op, rs );
return rs->sr_err;
}
- if ( !manageDSAit && e != &e_root && is_entry_referral( e ) ) {
+ if ( !manageDSAit && e != e_root && is_entry_referral( e ) ) {
/* entry is a referral, don't allow add */
struct berval matched_dn = BER_BVNULL;
BerVarray erefs = NULL;
@@ -512,7 +501,7 @@ dn2entry_retry:
#ifdef SLAP_ZONE_ALLOC
slap_zn_runlock(bdb->bi_cache.c_zctx, e);
#endif
- bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache, e, &lock );
+ bdb_cache_return_entry_r( bdb, e, &lock );
e = NULL;
if ( erefs ) {
@@ -549,8 +538,8 @@ dn2entry_retry:
#ifdef SLAP_ZONE_ALLOC
slap_zn_runlock(bdb->bi_cache.c_zctx, e);
#endif
- if ( e != &e_root ) {
- bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
+ if ( e != e_root ) {
+ bdb_cache_return_entry_r(bdb, e, &lock);
}
send_ldap_result( op, rs );
return 1;
@@ -572,8 +561,8 @@ dn2entry_retry:
#ifdef SLAP_ZONE_ALLOC
slap_zn_runlock(bdb->bi_cache.c_zctx, e);
#endif
- if ( e != &e_root ) {
- bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
+ if ( e != e_root ) {
+ bdb_cache_return_entry_r(bdb, e, &lock);
}
e = NULL;
@@ -852,8 +841,7 @@ fetch_entry_retry:
#ifdef SLAP_ZONE_ALLOC
slap_zn_runlock(bdb->bi_cache.c_zctx, e);
#endif
- bdb_cache_return_entry_r( bdb->bi_dbenv,
- &bdb->bi_cache, e, &lock );
+ bdb_cache_return_entry_r( bdb, e, &lock );
e = NULL;
send_paged_response( op, rs, &lastid, tentries );
goto done;
@@ -880,8 +868,7 @@ fetch_entry_retry:
#ifdef SLAP_ZONE_ALLOC
slap_zn_runlock(bdb->bi_cache.c_zctx, e);
#endif
- bdb_cache_return_entry_r(bdb->bi_dbenv,
- &bdb->bi_cache, e, &lock);
+ bdb_cache_return_entry_r(bdb, e, &lock);
e = NULL;
rs->sr_entry = NULL;
if ( rs->sr_err == LDAP_SIZELIMIT_EXCEEDED ) {
@@ -909,8 +896,7 @@ loop_continue:
#ifdef SLAP_ZONE_ALLOC
slap_zn_runlock(bdb->bi_cache.c_zctx, e);
#endif
- bdb_cache_return_entry_r( bdb->bi_dbenv,
- &bdb->bi_cache, e , &lock );
+ bdb_cache_return_entry_r( bdb, e , &lock );
e = NULL;
rs->sr_entry = NULL;
}
@@ -1109,11 +1095,11 @@ static int search_candidates(
if( op->ors_deref & LDAP_DEREF_SEARCHING ) {
rc = search_aliases( op, rs, e, locker, ids, scopes, stack );
} else {
- rc = bdb_dn2idl( op, e, ids, stack );
+ rc = bdb_dn2idl( op, locker, &e->e_nname, BEI(e), ids, stack );
}
if ( rc == LDAP_SUCCESS ) {
- rc = bdb_filter_candidates( op, &f, ids,
+ rc = bdb_filter_candidates( op, locker, &f, ids,
stack, stack+BDB_IDL_UM_SIZE );
}
diff --git a/servers/slapd/back-bdb/tools.c b/servers/slapd/back-bdb/tools.c
index 293beca6cf831e18110a93301e483d2d33ca1fb6..f22a057ec9ade75e921edaf8c59f927186575015 100644
--- a/servers/slapd/back-bdb/tools.c
+++ b/servers/slapd/back-bdb/tools.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -262,9 +262,8 @@ int bdb_tool_id2entry_get(
Entry* bdb_tool_entry_get( BackendDB *be, ID id )
{
- int rc, off;
+ int rc;
Entry *e = NULL;
- char *dptr;
assert( be != NULL );
assert( slapMode & SLAP_TOOL_MODE );
@@ -424,6 +423,9 @@ bdb_tool_index_add(
{
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
+ if ( !bdb->bi_nattrs )
+ return 0;
+
if ( slapMode & SLAP_TOOL_QUICK ) {
IndexRec *ir;
int i, rc;
@@ -577,7 +579,8 @@ done:
int bdb_tool_entry_reindex(
BackendDB *be,
- ID id )
+ ID id,
+ AttributeDescription **adv )
{
struct bdb_info *bi = (struct bdb_info *) be->be_private;
int rc;
@@ -597,6 +600,47 @@ int bdb_tool_entry_reindex(
return 0;
}
+ /* Check for explicit list of attrs to index */
+ if ( adv ) {
+ int i, j, n;
+
+ if ( bi->bi_attrs[0]->ai_desc != adv[0] ) {
+ /* count */
+ for ( n = 0; adv[n]; n++ ) ;
+
+ /* insertion sort */
+ for ( i = 0; i < n; i++ ) {
+ AttributeDescription *ad = adv[i];
+ for ( j = i-1; j>=0; j--) {
+ if ( SLAP_PTRCMP( adv[j], ad ) <= 0 ) break;
+ adv[j+1] = adv[j];
+ }
+ adv[j+1] = ad;
+ }
+ }
+
+ for ( i = 0; adv[i]; i++ ) {
+ if ( bi->bi_attrs[i]->ai_desc != adv[i] ) {
+ for ( j = i+1; j < bi->bi_nattrs; j++ ) {
+ if ( bi->bi_attrs[j]->ai_desc == adv[i] ) {
+ AttrInfo *ai = bi->bi_attrs[i];
+ bi->bi_attrs[i] = bi->bi_attrs[j];
+ bi->bi_attrs[j] = ai;
+ break;
+ }
+ }
+ if ( j == bi->bi_nattrs ) {
+ Debug( LDAP_DEBUG_ANY,
+ LDAP_XSTRING(bdb_tool_entry_reindex)
+ ": no index configured for %s\n",
+ adv[i]->ad_cname.bv_val, 0, 0 );
+ return -1;
+ }
+ }
+ }
+ bi->bi_nattrs = i;
+ }
+
/* Get the first attribute to index */
if (bi->bi_linear_index && !index_nattrs) {
index_nattrs = bi->bi_nattrs - 1;
diff --git a/servers/slapd/back-bdb/trans.c b/servers/slapd/back-bdb/trans.c
index 115fcbd8aa62e1a5be4601d65b86ed51483687ac..c34eea201b5fbcbaf9f8036ade3915aab567d17a 100644
--- a/servers/slapd/back-bdb/trans.c
+++ b/servers/slapd/back-bdb/trans.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-dnssrv/Makefile.in b/servers/slapd/back-dnssrv/Makefile.in
index 48f47aa3d2271c1b03fe222075194d0899407412..a28fc142c07ce8dbffd1dc40eaedd7e5ab479e9d 100644
--- a/servers/slapd/back-dnssrv/Makefile.in
+++ b/servers/slapd/back-dnssrv/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## Portions Copyright 1998-2003 Kurt D. Zeilenga.
## All rights reserved.
##
diff --git a/servers/slapd/back-dnssrv/bind.c b/servers/slapd/back-dnssrv/bind.c
index a8960e06619ad37a2ee4c74a9963d993b85a11e3..20fd959fc591aa8f28babe399e2e22333b7a292a 100644
--- a/servers/slapd/back-dnssrv/bind.c
+++ b/servers/slapd/back-dnssrv/bind.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* Portions Copyright 2000-2003 Kurt D. Zeilenga.
* All rights reserved.
*
diff --git a/servers/slapd/back-dnssrv/compare.c b/servers/slapd/back-dnssrv/compare.c
index 863f16a0ec2c5515f2607079058ea27d931a87cc..528156801257372eac89899c903aa7cb892ba8ec 100644
--- a/servers/slapd/back-dnssrv/compare.c
+++ b/servers/slapd/back-dnssrv/compare.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* Portions Copyright 2000-2003 Kurt D. Zeilenga.
* All rights reserved.
*
diff --git a/servers/slapd/back-dnssrv/config.c b/servers/slapd/back-dnssrv/config.c
index 863388f5ab08c6a717f275c07202769768135fdf..12055e54daa2372de57b3355a9d97d550a398675 100644
--- a/servers/slapd/back-dnssrv/config.c
+++ b/servers/slapd/back-dnssrv/config.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* Portions Copyright 2000-2003 Kurt D. Zeilenga.
* All rights reserved.
*
diff --git a/servers/slapd/back-dnssrv/init.c b/servers/slapd/back-dnssrv/init.c
index 4b834cb7e81c8777beb3d0a17eec5aeec10341e8..365e47dfdb5fd27415a993910f15512a88318829 100644
--- a/servers/slapd/back-dnssrv/init.c
+++ b/servers/slapd/back-dnssrv/init.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* Portions Copyright 2000-2003 Kurt D. Zeilenga.
* All rights reserved.
*
diff --git a/servers/slapd/back-dnssrv/proto-dnssrv.h b/servers/slapd/back-dnssrv/proto-dnssrv.h
index a34a58129622aac6fd8943aa5a8a7b408cc40ba6..3537bd907927ce23888bd9edaf59e6c6be113dfc 100644
--- a/servers/slapd/back-dnssrv/proto-dnssrv.h
+++ b/servers/slapd/back-dnssrv/proto-dnssrv.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-dnssrv/referral.c b/servers/slapd/back-dnssrv/referral.c
index 586a538a79bc773d9545ffed68229e1324d0b2e0..bbd4fd6e4115b790fdc84a814b49bbdd4e15af66 100644
--- a/servers/slapd/back-dnssrv/referral.c
+++ b/servers/slapd/back-dnssrv/referral.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* Portions Copyright 2000-2003 Kurt D. Zeilenga.
* All rights reserved.
*
diff --git a/servers/slapd/back-dnssrv/search.c b/servers/slapd/back-dnssrv/search.c
index 3cbc89647c3104dcd425604a288f07faf4f86127..d945433262f8d8d3f0ecc061491ae4c9adef3071 100644
--- a/servers/slapd/back-dnssrv/search.c
+++ b/servers/slapd/back-dnssrv/search.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* Portions Copyright 2000-2003 Kurt D. Zeilenga.
* All rights reserved.
*
diff --git a/servers/slapd/back-hdb/Makefile.in b/servers/slapd/back-hdb/Makefile.in
index 236f3c1c1fd9d29b4bdb3c458f597f560b62e048..31e2e50caf5ddb1099400c074b89dca3b3dffaac 100644
--- a/servers/slapd/back-hdb/Makefile.in
+++ b/servers/slapd/back-hdb/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-hdb/back-bdb.h b/servers/slapd/back-hdb/back-bdb.h
index ec3eea282a60c7519cf10ff7b18aba3fe99f67fa..75cf828b2a423f0346137724b230d09a7a653af8 100644
--- a/servers/slapd/back-hdb/back-bdb.h
+++ b/servers/slapd/back-hdb/back-bdb.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* Portions Copyright 2003 Howard Chu @ Symas Corp.
* All rights reserved.
*
diff --git a/servers/slapd/back-ldap/Makefile.in b/servers/slapd/back-ldap/Makefile.in
index ca231d7f162759e8260d0d54e6fcf650842530b5..916fb87e3cda26ca35a37dd7dac2b0914219186b 100644
--- a/servers/slapd/back-ldap/Makefile.in
+++ b/servers/slapd/back-ldap/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-ldap/add.c b/servers/slapd/back-ldap/add.c
index 9d6d0fc22c5456d21d3d0bf3a65fa69f22ef972b..9a5c4f5422a3acdf0a3f3b524bf328e484e1d264 100644
--- a/servers/slapd/back-ldap/add.c
+++ b/servers/slapd/back-ldap/add.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
@@ -125,7 +125,7 @@ cleanup:
}
if ( lc ) {
- ldap_back_release_conn( op, rs, lc );
+ ldap_back_release_conn( li, lc );
}
Debug( LDAP_DEBUG_ARGS, "<== ldap_back_add(\"%s\"): %d\n",
diff --git a/servers/slapd/back-ldap/back-ldap.h b/servers/slapd/back-ldap/back-ldap.h
index 3490e4a0eff77b19b909f170604c52dcf0210eeb..442869861d3eab48719c871f845b5ebfe3fe5b45 100644
--- a/servers/slapd/back-ldap/back-ldap.h
+++ b/servers/slapd/back-ldap/back-ldap.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
@@ -44,18 +44,57 @@ typedef struct ldap_monitor_info_t {
struct berval lmi_more_filter;
} ldap_monitor_info_t;
+enum {
+ /* even numbers are connection types */
+ LDAP_BACK_PCONN_FIRST = 0,
+ LDAP_BACK_PCONN_ROOTDN = LDAP_BACK_PCONN_FIRST,
+ LDAP_BACK_PCONN_ANON = 2,
+ LDAP_BACK_PCONN_BIND = 4,
+
+ /* add the TLS bit */
+ LDAP_BACK_PCONN_TLS = 0x1U,
+
+ LDAP_BACK_PCONN_ROOTDN_TLS = (LDAP_BACK_PCONN_ROOTDN|LDAP_BACK_PCONN_TLS),
+ LDAP_BACK_PCONN_ANON_TLS = (LDAP_BACK_PCONN_ANON|LDAP_BACK_PCONN_TLS),
+ LDAP_BACK_PCONN_BIND_TLS = (LDAP_BACK_PCONN_BIND|LDAP_BACK_PCONN_TLS),
+
+ LDAP_BACK_PCONN_LAST
+};
+
typedef struct ldapconn_t {
Connection *lc_conn;
-#define LDAP_BACK_PCONN ((void *)0x0)
-#define LDAP_BACK_PCONN_TLS ((void *)0x1)
-#define LDAP_BACK_PCONN_PRIV (-1)
-#define LDAP_BACK_PCONN_ISPRIV(lc) ((void *)(lc)->lc_conn <= LDAP_BACK_PCONN_TLS)
-#define LDAP_BACK_PCONN_ID(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) ? LDAP_BACK_PCONN_PRIV : (lc)->lc_conn->c_connid )
+#define LDAP_BACK_CONN2PRIV(lc) ((unsigned long)(lc)->lc_conn)
+#define LDAP_BACK_PCONN_ISPRIV(lc) ((void *)(lc)->lc_conn >= (void *)LDAP_BACK_PCONN_FIRST \
+ && (void *)(lc)->lc_conn < (void *)LDAP_BACK_PCONN_LAST)
+#define LDAP_BACK_PCONN_ISROOTDN(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \
+ && (LDAP_BACK_CONN2PRIV((lc)) < LDAP_BACK_PCONN_ANON))
+#define LDAP_BACK_PCONN_ISANON(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \
+ && (LDAP_BACK_CONN2PRIV((lc)) < LDAP_BACK_PCONN_BIND) \
+ && (LDAP_BACK_CONN2PRIV((lc)) >= LDAP_BACK_PCONN_ANON))
+#define LDAP_BACK_PCONN_ISBIND(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \
+ && (LDAP_BACK_CONN2PRIV((lc)) >= LDAP_BACK_PCONN_BIND))
+#define LDAP_BACK_PCONN_ISTLS(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \
+ && (LDAP_BACK_CONN2PRIV((lc)) & LDAP_BACK_PCONN_TLS))
+#define LDAP_BACK_PCONN_ID(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) ? \
+ ( -1 - (long)(lc)->lc_conn ) : (lc)->lc_conn->c_connid )
#ifdef HAVE_TLS
-#define LDAP_BACK_PCONN_SET(op) ((op)->o_conn->c_is_tls ? LDAP_BACK_PCONN_TLS : LDAP_BACK_PCONN)
+#define LDAP_BACK_PCONN_ROOTDN_SET(lc, op) \
+ ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_ROOTDN_TLS : (void *) LDAP_BACK_PCONN_ROOTDN))
+#define LDAP_BACK_PCONN_ANON_SET(lc, op) \
+ ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_ANON_TLS : (void *) LDAP_BACK_PCONN_ANON))
+#define LDAP_BACK_PCONN_BIND_SET(lc, op) \
+ ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_BIND_TLS : (void *) LDAP_BACK_PCONN_BIND))
#else /* ! HAVE_TLS */
-#define LDAP_BACK_PCONN_SET(op) (LDAP_BACK_PCONN)
+#define LDAP_BACK_PCONN_ROOTDN_SET(lc, op) \
+ ((lc)->lc_conn = (void *)LDAP_BACK_PCONN_ROOTDN)
+#define LDAP_BACK_PCONN_ANON_SET(lc, op) \
+ ((lc)->lc_conn = (void *)LDAP_BACK_PCONN_ANON)
+#define LDAP_BACK_PCONN_BIND_SET(lc, op) \
+ ((lc)->lc_conn = (void *)LDAP_BACK_PCONN_BIND)
#endif /* ! HAVE_TLS */
+#define LDAP_BACK_PCONN_SET(lc, op) \
+ (BER_BVISEMPTY(&(op)->o_ndn) ? \
+ LDAP_BACK_PCONN_ANON_SET((lc), (op)) : LDAP_BACK_PCONN_ROOTDN_SET((lc), (op)))
LDAP *lc_ld;
struct berval lc_cred;
@@ -79,6 +118,8 @@ typedef struct ldapconn_t {
#define LDAP_BACK_CONN_CLEAR(lc,f) LDAP_BACK_CONN_CLEAR_F(&(lc)->lc_lcflags, (f))
#define LDAP_BACK_CONN_CPY(lc,f,mlc) LDAP_BACK_CONN_CPY_F(&(lc)->lc_lcflags, (f), &(mlc)->lc_lcflags)
+/* 0xFFF00000U are reserved for back-meta */
+
#define LDAP_BACK_FCONN_ISBOUND (0x00000001U)
#define LDAP_BACK_FCONN_ISANON (0x00000002U)
#define LDAP_BACK_FCONN_ISBMASK (LDAP_BACK_FCONN_ISBOUND|LDAP_BACK_FCONN_ISANON)
@@ -86,9 +127,9 @@ typedef struct ldapconn_t {
#define LDAP_BACK_FCONN_ISTLS (0x00000008U)
#define LDAP_BACK_FCONN_BINDING (0x00000010U)
#define LDAP_BACK_FCONN_TAINTED (0x00000020U)
-#define LDAP_BACK_FCONN_ISIDASR (0x00000040U)
-
-/* 0x00FF0000 are reserved for back-meta */
+#define LDAP_BACK_FCONN_ABANDON (0x00000040U)
+#define LDAP_BACK_FCONN_ISIDASR (0x00000080U)
+#define LDAP_BACK_FCONN_CACHED (0x00000100U)
#define LDAP_BACK_CONN_ISBOUND(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISBOUND)
#define LDAP_BACK_CONN_ISBOUND_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISBOUND)
@@ -112,16 +153,23 @@ typedef struct ldapconn_t {
#define LDAP_BACK_CONN_TAINTED(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_TAINTED)
#define LDAP_BACK_CONN_TAINTED_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_TAINTED)
#define LDAP_BACK_CONN_TAINTED_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_TAINTED)
+#define LDAP_BACK_CONN_ABANDON(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ABANDON)
+#define LDAP_BACK_CONN_ABANDON_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ABANDON)
+#define LDAP_BACK_CONN_ABANDON_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ABANDON)
#define LDAP_BACK_CONN_ISIDASSERT(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISIDASR)
#define LDAP_BACK_CONN_ISIDASSERT_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISIDASR)
#define LDAP_BACK_CONN_ISIDASSERT_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISIDASR)
#define LDAP_BACK_CONN_ISIDASSERT_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISIDASR, (mlc))
+#define LDAP_BACK_CONN_CACHED(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_CACHED)
+#define LDAP_BACK_CONN_CACHED_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_CACHED)
+#define LDAP_BACK_CONN_CACHED_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_CACHED)
unsigned lc_refcnt;
- unsigned lc_binding;
unsigned lc_flags;
time_t lc_create_time;
time_t lc_time;
+
+ LDAP_TAILQ_ENTRY(ldapconn_t) lc_q;
} ldapconn_t;
typedef struct ldap_avl_info_t {
@@ -171,12 +219,13 @@ typedef struct slap_idassert_t {
#define li_idassert_tls li_idassert.si_bc.sb_tls
unsigned si_flags;
-#define LDAP_BACK_AUTH_NONE 0x00U
-#define LDAP_BACK_AUTH_NATIVE_AUTHZ 0x01U
-#define LDAP_BACK_AUTH_OVERRIDE 0x02U
-#define LDAP_BACK_AUTH_PRESCRIPTIVE 0x04U
-#define LDAP_BACK_AUTH_OBSOLETE_PROXY_AUTHZ 0x08U
-#define LDAP_BACK_AUTH_OBSOLETE_ENCODING_WORKAROUND 0x10U
+#define LDAP_BACK_AUTH_NONE (0x00U)
+#define LDAP_BACK_AUTH_NATIVE_AUTHZ (0x01U)
+#define LDAP_BACK_AUTH_OVERRIDE (0x02U)
+#define LDAP_BACK_AUTH_PRESCRIPTIVE (0x04U)
+#define LDAP_BACK_AUTH_OBSOLETE_PROXY_AUTHZ (0x08U)
+#define LDAP_BACK_AUTH_OBSOLETE_ENCODING_WORKAROUND (0x10U)
+#define LDAP_BACK_AUTH_AUTHZ_ALL (0x20U)
#define li_idassert_flags li_idassert.si_flags
BerVarray si_authz;
@@ -201,57 +250,71 @@ typedef struct ldapinfo_t {
LDAP_URLLIST_PROC *li_urllist_f;
void *li_urllist_p;
- slap_bindconf li_acl;
-#define li_acl_authcID li_acl.sb_authcId
-#define li_acl_authcDN li_acl.sb_binddn
-#define li_acl_passwd li_acl.sb_cred
-#define li_acl_authzID li_acl.sb_authzId
+ /* we only care about the TLS options here */
+ slap_bindconf li_tls;
+
+ slap_bindconf li_acl;
+#define li_acl_authcID li_acl.sb_authcId
+#define li_acl_authcDN li_acl.sb_binddn
+#define li_acl_passwd li_acl.sb_cred
+#define li_acl_authzID li_acl.sb_authzId
#define li_acl_authmethod li_acl.sb_method
#define li_acl_sasl_mech li_acl.sb_saslmech
#define li_acl_sasl_realm li_acl.sb_realm
-#define li_acl_secprops li_acl.sb_secprops
+#define li_acl_secprops li_acl.sb_secprops
/* ID assert stuff */
- slap_idassert_t li_idassert;
+ slap_idassert_t li_idassert;
/* end of ID assert stuff */
- int li_nretries;
+ int li_nretries;
#define LDAP_BACK_RETRY_UNDEFINED (-2)
#define LDAP_BACK_RETRY_FOREVER (-1)
#define LDAP_BACK_RETRY_NEVER (0)
#define LDAP_BACK_RETRY_DEFAULT (3)
- unsigned li_flags;
-#define LDAP_BACK_F_NONE (0x0000U)
-#define LDAP_BACK_F_SAVECRED (0x0001U)
-#define LDAP_BACK_F_USE_TLS (0x0002U)
-#define LDAP_BACK_F_PROPAGATE_TLS (0x0004U)
-#define LDAP_BACK_F_TLS_CRITICAL (0x0008U)
+ unsigned li_flags;
+
+/* 0xFFF00000U are reserved for back-meta */
+
+#define LDAP_BACK_F_NONE (0x00000000U)
+#define LDAP_BACK_F_SAVECRED (0x00000001U)
+#define LDAP_BACK_F_USE_TLS (0x00000002U)
+#define LDAP_BACK_F_PROPAGATE_TLS (0x00000004U)
+#define LDAP_BACK_F_TLS_CRITICAL (0x00000008U)
+#define LDAP_BACK_F_TLS_LDAPS (0x00000010U)
+
#define LDAP_BACK_F_TLS_USE_MASK (LDAP_BACK_F_USE_TLS|LDAP_BACK_F_TLS_CRITICAL)
#define LDAP_BACK_F_TLS_PROPAGATE_MASK (LDAP_BACK_F_PROPAGATE_TLS|LDAP_BACK_F_TLS_CRITICAL)
-#define LDAP_BACK_F_TLS_MASK (LDAP_BACK_F_TLS_USE_MASK|LDAP_BACK_F_TLS_PROPAGATE_MASK)
-#define LDAP_BACK_F_CHASE_REFERRALS (0x0010U)
-#define LDAP_BACK_F_PROXY_WHOAMI (0x0020U)
+#define LDAP_BACK_F_TLS_MASK (LDAP_BACK_F_TLS_USE_MASK|LDAP_BACK_F_TLS_PROPAGATE_MASK|LDAP_BACK_F_TLS_LDAPS)
+#define LDAP_BACK_F_CHASE_REFERRALS (0x00000020U)
+#define LDAP_BACK_F_PROXY_WHOAMI (0x00000040U)
-#define LDAP_BACK_F_T_F (0x0040U)
-#define LDAP_BACK_F_T_F_DISCOVER (0x0080U)
+#define LDAP_BACK_F_T_F (0x00000080U)
+#define LDAP_BACK_F_T_F_DISCOVER (0x00000100U)
#define LDAP_BACK_F_T_F_MASK (LDAP_BACK_F_T_F)
#define LDAP_BACK_F_T_F_MASK2 (LDAP_BACK_F_T_F_MASK|LDAP_BACK_F_T_F_DISCOVER)
-#define LDAP_BACK_F_MONITOR (0x0100U)
-#define LDAP_BACK_F_SINGLECONN (0x0200U)
+#define LDAP_BACK_F_MONITOR (0x00000200U)
+#define LDAP_BACK_F_SINGLECONN (0x00000400U)
+#define LDAP_BACK_F_USE_TEMPORARIES (0x00000800U)
-#define LDAP_BACK_F_ISOPEN (0x0400U)
+#define LDAP_BACK_F_ISOPEN (0x00001000U)
-#define LDAP_BACK_F_CANCEL_ABANDON (0x0000U)
-#define LDAP_BACK_F_CANCEL_IGNORE (0x1000U)
-#define LDAP_BACK_F_CANCEL_EXOP (0x2000U)
-#define LDAP_BACK_F_CANCEL_EXOP_DISCOVER (0x4000U)
+#define LDAP_BACK_F_CANCEL_ABANDON (0x00000000U)
+#define LDAP_BACK_F_CANCEL_IGNORE (0x00002000U)
+#define LDAP_BACK_F_CANCEL_EXOP (0x00004000U)
+#define LDAP_BACK_F_CANCEL_EXOP_DISCOVER (0x00008000U)
#define LDAP_BACK_F_CANCEL_MASK (LDAP_BACK_F_CANCEL_IGNORE|LDAP_BACK_F_CANCEL_EXOP)
#define LDAP_BACK_F_CANCEL_MASK2 (LDAP_BACK_F_CANCEL_MASK|LDAP_BACK_F_CANCEL_EXOP_DISCOVER)
-#define LDAP_BACK_ISSET(li,f) ( ( (li)->li_flags & (f) ) == (f) )
-#define LDAP_BACK_ISMASK(li,m,f) ( ( (li)->li_flags & (m) ) == (f) )
+#define LDAP_BACK_F_QUARANTINE (0x00010000U)
+
+#define LDAP_BACK_ISSET_F(ff,f) ( ( (ff) & (f) ) == (f) )
+#define LDAP_BACK_ISMASK_F(ff,m,f) ( ( (ff) & (m) ) == (f) )
+
+#define LDAP_BACK_ISSET(li,f) LDAP_BACK_ISSET_F( (li)->li_flags, (f) )
+#define LDAP_BACK_ISMASK(li,m,f) LDAP_BACK_ISMASK_F( (li)->li_flags, (m), (f) )
#define LDAP_BACK_SAVECRED(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_SAVECRED )
#define LDAP_BACK_USE_TLS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_USE_TLS )
@@ -260,11 +323,16 @@ typedef struct ldapinfo_t {
#define LDAP_BACK_CHASE_REFERRALS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_CHASE_REFERRALS )
#define LDAP_BACK_PROXY_WHOAMI(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_PROXY_WHOAMI )
+#define LDAP_BACK_USE_TLS_F(ff) LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_USE_TLS )
+#define LDAP_BACK_PROPAGATE_TLS_F(ff) LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_PROPAGATE_TLS )
+#define LDAP_BACK_TLS_CRITICAL_F(ff) LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_TLS_CRITICAL )
+
#define LDAP_BACK_T_F(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_T_F_MASK, LDAP_BACK_F_T_F )
#define LDAP_BACK_T_F_DISCOVER(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_T_F_MASK2, LDAP_BACK_F_T_F_DISCOVER )
#define LDAP_BACK_MONITOR(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_MONITOR )
#define LDAP_BACK_SINGLECONN(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_SINGLECONN )
+#define LDAP_BACK_USE_TEMPORARIES(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_USE_TEMPORARIES)
#define LDAP_BACK_ISOPEN(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ISOPEN )
@@ -273,9 +341,23 @@ typedef struct ldapinfo_t {
#define LDAP_BACK_CANCEL(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_EXOP )
#define LDAP_BACK_CANCEL_DISCOVER(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK2, LDAP_BACK_F_CANCEL_EXOP_DISCOVER )
- int li_version;
+#define LDAP_BACK_QUARANTINE(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_QUARANTINE )
+
+ int li_version;
- ldap_avl_info_t li_conninfo;
+ /* cached connections;
+ * special conns are in tailq rather than in tree */
+ ldap_avl_info_t li_conninfo;
+ struct {
+ int lic_num;
+ LDAP_TAILQ_HEAD(lc_conn_priv_q, ldapconn_t) lic_priv;
+ } li_conn_priv[ LDAP_BACK_PCONN_LAST ];
+ int li_conn_priv_max;
+#define LDAP_BACK_CONN_PRIV_MIN (1)
+#define LDAP_BACK_CONN_PRIV_MAX (256)
+ /* must be between LDAP_BACK_CONN_PRIV_MIN
+ * and LDAP_BACK_CONN_PRIV_MAX ! */
+#define LDAP_BACK_CONN_PRIV_DEFAULT (16)
ldap_monitor_info_t li_monitor_info;
@@ -285,15 +367,14 @@ typedef struct ldapinfo_t {
#define LDAP_BACK_FQ_RETRYING (2)
slap_retry_info_t li_quarantine;
-#define LDAP_BACK_QUARANTINE(li) ( (li)->li_quarantine.ri_num != NULL )
ldap_pvt_thread_mutex_t li_quarantine_mutex;
ldap_back_quarantine_f li_quarantine_f;
void *li_quarantine_p;
- time_t li_network_timeout;
- time_t li_conn_ttl;
- time_t li_idle_timeout;
- time_t li_timeout[ SLAP_OP_LAST ];
+ time_t li_network_timeout;
+ time_t li_conn_ttl;
+ time_t li_idle_timeout;
+ time_t li_timeout[ SLAP_OP_LAST ];
} ldapinfo_t;
typedef enum ldap_back_send_t {
diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
index 2f62b40c99caccfe9627080be1cc4162bc88a2f0..2247405128a9da26f849df66bc59d27be58750ba 100644
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
@@ -32,6 +32,8 @@
#define AVL_INTERNAL
#include "slap.h"
#include "back-ldap.h"
+#undef ldap_debug /* silence a warning in ldap-int.h */
+#include "../../../libraries/libldap/ldap-int.h"
#include "lutil_ldap.h"
@@ -39,7 +41,7 @@
#if LDAP_BACK_PRINT_CONNTREE > 0
static void
-ravl_print( Avlnode *root, int depth )
+ldap_back_ravl_print( Avlnode *root, int depth )
{
int i;
ldapconn_t *lc;
@@ -48,38 +50,70 @@ ravl_print( Avlnode *root, int depth )
return;
}
- ravl_print( root->avl_right, depth+1 );
+ ldap_back_ravl_print( root->avl_right, depth+1 );
for ( i = 0; i < depth; i++ ) {
fprintf( stderr, "-" );
}
lc = root->avl_data;
- fprintf( stderr, "lc=%p local=\"%s\" conn=%p %s refcnt=%d\n",
+ fprintf( stderr, "lc=%p local=\"%s\" conn=%p %s refcnt=%d flags=0x%08x\n",
(void *)lc,
lc->lc_local_ndn.bv_val ? lc->lc_local_ndn.bv_val : "",
(void *)lc->lc_conn,
- avl_bf2str( root->avl_bf ), lc->lc_refcnt );
+ avl_bf2str( root->avl_bf ), lc->lc_refcnt, lc->lc_lcflags );
- ravl_print( root->avl_left, depth+1 );
+ ldap_back_ravl_print( root->avl_left, depth+1 );
}
+static char* priv2str[] = {
+ "privileged",
+ "privileged/TLS",
+ "anonymous",
+ "anonymous/TLS",
+ "bind",
+ "bind/TLS",
+ NULL
+};
+
void
-ldap_back_print_conntree( Avlnode *root, char *msg )
+ldap_back_print_conntree( ldapinfo_t *li, char *msg )
{
+ int c;
+
fprintf( stderr, "========> %s\n", msg );
+
+ for ( c = LDAP_BACK_PCONN_FIRST; c < LDAP_BACK_PCONN_LAST; c++ ) {
+ int i = 0;
+ ldapconn_t *lc;
+
+ fprintf( stderr, " %s[%d]\n", priv2str[ c ], li->li_conn_priv[ c ].lic_num );
+
+ LDAP_TAILQ_FOREACH( lc, &li->li_conn_priv[ c ].lic_priv, lc_q )
+ {
+ fprintf( stderr, " [%d] lc=%p local=\"%s\" conn=%p refcnt=%d flags=0x%08x\n",
+ i,
+ (void *)lc,
+ lc->lc_local_ndn.bv_val ? lc->lc_local_ndn.bv_val : "",
+ (void *)lc->lc_conn, lc->lc_refcnt, lc->lc_lcflags );
+ i++;
+ }
+ }
- if ( root == 0 ) {
+ if ( li->li_conninfo.lai_tree == 0 ) {
fprintf( stderr, "\t(empty)\n" );
} else {
- ravl_print( root, 0 );
+ ldap_back_ravl_print( li->li_conninfo.lai_tree, 0 );
}
fprintf( stderr, "<======== %s\n", msg );
}
#endif /* LDAP_BACK_PRINT_CONNTREE */
+static int
+ldap_back_freeconn( ldapinfo_t *li, ldapconn_t *lc, int dolock );
+
static ldapconn_t *
ldap_back_getconn( Operation *op, SlapReply *rs, ldap_back_send_t sendok,
struct berval *binddn, struct berval *bindcred );
@@ -93,50 +127,101 @@ ldap_back_proxy_authz_bind( ldapconn_t *lc, Operation *op, SlapReply *rs,
ldap_back_send_t sendok, struct berval *binddn, struct berval *bindcred );
static int
-ldap_back_prepare_conn( ldapconn_t **lcp, Operation *op, SlapReply *rs,
+ldap_back_prepare_conn( ldapconn_t *lc, Operation *op, SlapReply *rs,
ldap_back_send_t sendok );
static int
ldap_back_conndnlc_cmp( const void *c1, const void *c2 );
+ldapconn_t *
+ldap_back_conn_delete( ldapinfo_t *li, ldapconn_t *lc )
+{
+ if ( LDAP_BACK_PCONN_ISPRIV( lc ) ) {
+ if ( LDAP_BACK_CONN_CACHED( lc ) ) {
+ assert( lc->lc_q.tqe_prev != NULL );
+ assert( li->li_conn_priv[ LDAP_BACK_CONN2PRIV( lc ) ].lic_num > 0 );
+ li->li_conn_priv[ LDAP_BACK_CONN2PRIV( lc ) ].lic_num--;
+ LDAP_TAILQ_REMOVE( &li->li_conn_priv[ LDAP_BACK_CONN2PRIV( lc ) ].lic_priv, lc, lc_q );
+ LDAP_TAILQ_ENTRY_INIT( lc, lc_q );
+ LDAP_BACK_CONN_CACHED_CLEAR( lc );
+
+ } else {
+ assert( LDAP_BACK_CONN_TAINTED( lc ) );
+ assert( lc->lc_q.tqe_prev == NULL );
+ }
+
+ } else {
+ ldapconn_t *tmplc = NULL;
+
+ if ( LDAP_BACK_CONN_CACHED( lc ) ) {
+ assert( !LDAP_BACK_CONN_TAINTED( lc ) );
+ tmplc = avl_delete( &li->li_conninfo.lai_tree, (caddr_t)lc,
+ ldap_back_conndnlc_cmp );
+ assert( tmplc == lc );
+ LDAP_BACK_CONN_CACHED_CLEAR( lc );
+ }
+
+ assert( LDAP_BACK_CONN_TAINTED( lc ) || tmplc == lc );
+ }
+
+ return lc;
+}
+
int
ldap_back_bind( Operation *op, SlapReply *rs )
{
- ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
- ldapconn_t *lc;
+ ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
+ ldapconn_t *lc;
- int rc = 0;
- ber_int_t msgid;
+ int rc = 0;
+ ber_int_t msgid;
+ ldap_back_send_t retrying = LDAP_BACK_RETRYING;
lc = ldap_back_getconn( op, rs, LDAP_BACK_BIND_SERR, NULL, NULL );
if ( !lc ) {
return rs->sr_err;
}
+ /* we can do (almost) whatever we want with this conn,
+ * because either it's temporary, or it's marked as binding */
if ( !BER_BVISNULL( &lc->lc_bound_ndn ) ) {
ch_free( lc->lc_bound_ndn.bv_val );
BER_BVZERO( &lc->lc_bound_ndn );
}
+ if ( !BER_BVISNULL( &lc->lc_cred ) ) {
+ memset( lc->lc_cred.bv_val, 0, lc->lc_cred.bv_len );
+ ch_free( lc->lc_cred.bv_val );
+ BER_BVZERO( &lc->lc_cred );
+ }
LDAP_BACK_CONN_ISBOUND_CLEAR( lc );
+retry:;
/* method is always LDAP_AUTH_SIMPLE if we got here */
rs->sr_err = ldap_sasl_bind( lc->lc_ld, op->o_req_dn.bv_val,
LDAP_SASL_SIMPLE,
&op->orb_cred, op->o_ctrls, NULL, &msgid );
+ /* FIXME: should we always retry, or only when piping the bind
+ * in the "override" connection pool? */
rc = ldap_back_op_result( lc, op, rs, msgid,
li->li_timeout[ SLAP_OP_BIND ],
- LDAP_BACK_BIND_SERR );
+ LDAP_BACK_BIND_SERR | retrying );
+ if ( rc == LDAP_UNAVAILABLE && retrying ) {
+ retrying &= ~LDAP_BACK_RETRYING;
+ if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_BIND_SERR ) ) {
+ goto retry;
+ }
+ }
+
if ( rc == LDAP_SUCCESS ) {
/* If defined, proxyAuthz will be used also when
* back-ldap is the authorizing backend; for this
* purpose, after a successful bind the connection
- * is trashed and further operations will use
- * a default connections with identity assertion */
+ * is left for further binds, and further operations
+ * on this client connection will use a default
+ * connection with identity assertion */
/* NOTE: use with care */
if ( li->li_idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) {
- LDAP_BACK_CONN_TAINTED_SET( lc );
- ldap_back_release_conn( op, rs, lc );
-
+ ldap_back_release_conn( li, lc );
return( rc );
}
@@ -145,23 +230,24 @@ ldap_back_bind( Operation *op, SlapReply *rs )
LDAP_BACK_CONN_ISBOUND_SET( lc );
ber_dupbv( &lc->lc_bound_ndn, &op->o_req_ndn );
+ if ( !BER_BVISNULL( &lc->lc_cred ) ) {
+ memset( lc->lc_cred.bv_val, 0,
+ lc->lc_cred.bv_len );
+ }
+
if ( LDAP_BACK_SAVECRED( li ) ) {
- if ( !BER_BVISNULL( &lc->lc_cred ) ) {
- memset( lc->lc_cred.bv_val, 0,
- lc->lc_cred.bv_len );
- }
ber_bvreplace( &lc->lc_cred, &op->orb_cred );
ldap_set_rebind_proc( lc->lc_ld, li->li_rebind_f, lc );
+
+ } else {
+ lc->lc_cred.bv_len = 0;
}
}
- assert( lc->lc_binding == 1 );
- lc->lc_binding = 0;
-
/* must re-insert if local DN changed as result of bind */
if ( !LDAP_BACK_CONN_ISBOUND( lc )
- || ( LDAP_BACK_CONN_ISBOUND( lc )
- && !dn_match( &op->o_req_ndn, &lc->lc_local_ndn ) ) )
+ || ( !dn_match( &op->o_req_ndn, &lc->lc_local_ndn )
+ && !LDAP_BACK_PCONN_ISPRIV( lc ) ) )
{
int lerr = -1;
ldapconn_t *tmplc;
@@ -176,13 +262,11 @@ retry_lock:;
}
#if LDAP_BACK_PRINT_CONNTREE > 0
- ldap_back_print_conntree( li->li_conninfo.lai_tree, ">>> ldap_back_bind" );
+ ldap_back_print_conntree( li, ">>> ldap_back_bind" );
#endif /* LDAP_BACK_PRINT_CONNTREE */
-
+
assert( lc->lc_refcnt == 1 );
- tmplc = avl_delete( &li->li_conninfo.lai_tree, (caddr_t)lc,
- ldap_back_conndnlc_cmp );
- assert( tmplc == NULL || lc == tmplc );
+ ldap_back_conn_delete( li, lc );
/* delete all cached connections with the current connection */
if ( LDAP_BACK_SINGLECONN( li ) ) {
@@ -195,6 +279,7 @@ retry_lock:;
if ( tmplc->lc_refcnt != 0 ) {
/* taint it */
LDAP_BACK_CONN_TAINTED_SET( tmplc );
+ LDAP_BACK_CONN_CACHED_CLEAR( tmplc );
} else {
/*
@@ -210,19 +295,20 @@ retry_lock:;
if ( LDAP_BACK_CONN_ISBOUND( lc ) ) {
ber_bvreplace( &lc->lc_local_ndn, &op->o_req_ndn );
if ( be_isroot_dn( op->o_bd, &op->o_req_ndn ) ) {
- lc->lc_conn = LDAP_BACK_PCONN_SET( op );
+ LDAP_BACK_PCONN_ROOTDN_SET( lc, op );
}
lerr = avl_insert( &li->li_conninfo.lai_tree, (caddr_t)lc,
ldap_back_conndn_cmp, ldap_back_conndn_dup );
}
#if LDAP_BACK_PRINT_CONNTREE > 0
- ldap_back_print_conntree( li->li_conninfo.lai_tree, "<<< ldap_back_bind" );
+ ldap_back_print_conntree( li, "<<< ldap_back_bind" );
#endif /* LDAP_BACK_PRINT_CONNTREE */
ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
switch ( lerr ) {
case 0:
+ LDAP_BACK_CONN_CACHED_SET( lc );
break;
case -1:
@@ -235,7 +321,7 @@ retry_lock:;
}
if ( lc != NULL ) {
- ldap_back_release_conn( op, rs, lc );
+ ldap_back_release_conn( li, lc );
}
return( rc );
@@ -336,29 +422,25 @@ ldap_back_conndn_dup( void *c1, void *c2 )
return 0;
}
-int
-ldap_back_freeconn( Operation *op, ldapconn_t *lc, int dolock )
+static int
+ldap_back_freeconn( ldapinfo_t *li, ldapconn_t *lc, int dolock )
{
- ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
- ldapconn_t *tmplc;
-
if ( dolock ) {
ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
}
#if LDAP_BACK_PRINT_CONNTREE > 0
- ldap_back_print_conntree( li->li_conninfo.lai_tree, ">>> ldap_back_freeconn" );
+ ldap_back_print_conntree( li, ">>> ldap_back_freeconn" );
#endif /* LDAP_BACK_PRINT_CONNTREE */
- tmplc = avl_delete( &li->li_conninfo.lai_tree, (caddr_t)lc,
- ldap_back_conndnlc_cmp );
- assert( LDAP_BACK_CONN_TAINTED( lc ) || tmplc == lc );
+ (void)ldap_back_conn_delete( li, lc );
+
if ( lc->lc_refcnt == 0 ) {
ldap_back_conn_free( (void *)lc );
}
#if LDAP_BACK_PRINT_CONNTREE > 0
- ldap_back_print_conntree( li->li_conninfo.lai_tree, "<<< ldap_back_freeconn" );
+ ldap_back_print_conntree( li, "<<< ldap_back_freeconn" );
#endif /* LDAP_BACK_PRINT_CONNTREE */
if ( dolock ) {
@@ -380,13 +462,9 @@ ldap_back_start_tls(
const char **text )
{
int rc = LDAP_SUCCESS;
- ldapinfo_t dummy;
-
- /* this is ridiculous... */
- dummy.li_flags = flags;
/* start TLS ("tls-[try-]{start,propagate}" statements) */
- if ( ( LDAP_BACK_USE_TLS( &dummy ) || ( *is_tls && LDAP_BACK_PROPAGATE_TLS( &dummy ) ) )
+ if ( ( LDAP_BACK_USE_TLS_F( flags ) || ( *is_tls && LDAP_BACK_PROPAGATE_TLS_F( flags ) ) )
&& !ldap_is_ldaps_url( url ) )
{
#ifdef SLAP_STARTTLS_ASYNCHRONOUS
@@ -495,7 +573,7 @@ retry:;
break;
default:
- if ( LDAP_BACK_TLS_CRITICAL( &dummy ) ) {
+ if ( LDAP_BACK_TLS_CRITICAL_F( flags ) ) {
*text = "could not start TLS";
break;
}
@@ -515,7 +593,7 @@ retry:;
#endif /* HAVE_TLS */
static int
-ldap_back_prepare_conn( ldapconn_t **lcp, Operation *op, SlapReply *rs, ldap_back_send_t sendok )
+ldap_back_prepare_conn( ldapconn_t *lc, Operation *op, SlapReply *rs, ldap_back_send_t sendok )
{
ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
int version;
@@ -523,10 +601,9 @@ ldap_back_prepare_conn( ldapconn_t **lcp, Operation *op, SlapReply *rs, ldap_bac
#ifdef HAVE_TLS
int is_tls = op->o_conn->c_is_tls;
time_t lc_time = (time_t)(-1);
+ slap_bindconf *sb;
#endif /* HAVE_TLS */
- assert( lcp != NULL );
-
ldap_pvt_thread_mutex_lock( &li->li_uri_mutex );
rs->sr_err = ldap_initialize( &ld, li->li_uri );
ldap_pvt_thread_mutex_unlock( &li->li_uri_mutex );
@@ -566,12 +643,29 @@ ldap_back_prepare_conn( ldapconn_t **lcp, Operation *op, SlapReply *rs, ldap_bac
}
#ifdef HAVE_TLS
+ if ( LDAP_BACK_CONN_ISPRIV( lc ) ) {
+ sb = &li->li_acl;
+
+ } else if ( LDAP_BACK_CONN_ISIDASSERT( lc ) ) {
+ sb = &li->li_idassert.si_bc;
+
+ } else {
+ sb = &li->li_tls;
+ }
+
+ if ( sb->sb_tls_do_init ) {
+ bindconf_tls_set( sb, ld );
+ } else if ( sb->sb_tls_ctx ) {
+ ldap_set_option( ld, LDAP_OPT_X_TLS_CTX, sb->sb_tls_ctx );
+ }
+
ldap_pvt_thread_mutex_lock( &li->li_uri_mutex );
rs->sr_err = ldap_back_start_tls( ld, op->o_protocol, &is_tls,
li->li_uri, li->li_flags, li->li_nretries, &rs->sr_text );
ldap_pvt_thread_mutex_unlock( &li->li_uri_mutex );
if ( rs->sr_err != LDAP_SUCCESS ) {
ldap_unbind_ext( ld, NULL, NULL );
+ rs->sr_text = "Start TLS failed";
goto error_return;
} else if ( li->li_idle_timeout ) {
@@ -580,21 +674,16 @@ ldap_back_prepare_conn( ldapconn_t **lcp, Operation *op, SlapReply *rs, ldap_bac
}
#endif /* HAVE_TLS */
- if ( *lcp == NULL ) {
- *lcp = (ldapconn_t *)ch_calloc( 1, sizeof( ldapconn_t ) );
- (*lcp)->lc_flags = li->li_flags;
- }
- (*lcp)->lc_ld = ld;
- (*lcp)->lc_refcnt = 1;
- (*lcp)->lc_binding = 1;
+ lc->lc_ld = ld;
+ lc->lc_refcnt = 1;
#ifdef HAVE_TLS
if ( is_tls ) {
- LDAP_BACK_CONN_ISTLS_SET( *lcp );
+ LDAP_BACK_CONN_ISTLS_SET( lc );
} else {
- LDAP_BACK_CONN_ISTLS_CLEAR( *lcp );
+ LDAP_BACK_CONN_ISTLS_CLEAR( lc );
}
if ( lc_time != (time_t)(-1) ) {
- (*lcp)->lc_time = lc_time;
+ lc->lc_time = lc_time;
}
#endif /* HAVE_TLS */
@@ -603,15 +692,14 @@ error_return:;
rs->sr_err = slap_map_api2result( rs );
if ( sendok & LDAP_BACK_SENDERR ) {
if ( rs->sr_text == NULL ) {
- rs->sr_text = "ldap_initialize() failed";
+ rs->sr_text = "Proxy connection initialization failed";
}
send_ldap_result( op, rs );
- rs->sr_text = NULL;
}
} else {
if ( li->li_conn_ttl > 0 ) {
- (*lcp)->lc_create_time = op->o_time;
+ lc->lc_create_time = op->o_time;
}
}
@@ -630,7 +718,7 @@ ldap_back_getconn(
ldapconn_t *lc = NULL,
lc_curr = { 0 };
int refcnt = 1,
- binding = 1;
+ lookupconn = !( sendok & LDAP_BACK_BINDING );
/* if the server is quarantined, and
* - the current interval did not expire yet, or
@@ -640,23 +728,26 @@ ldap_back_getconn(
slap_retry_info_t *ri = &li->li_quarantine;
int dont_retry = 1;
- ldap_pvt_thread_mutex_lock( &li->li_quarantine_mutex );
- if ( li->li_isquarantined == LDAP_BACK_FQ_YES ) {
- dont_retry = ( ri->ri_num[ ri->ri_idx ] == SLAP_RETRYNUM_TAIL
- || slap_get_time() < ri->ri_last + ri->ri_interval[ ri->ri_idx ] );
- if ( !dont_retry ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: ldap_back_getconn quarantine "
- "retry block #%d try #%d.\n",
- op->o_log_prefix, ri->ri_idx, ri->ri_count );
- li->li_isquarantined = LDAP_BACK_FQ_RETRYING;
+ if ( li->li_quarantine.ri_interval ) {
+ ldap_pvt_thread_mutex_lock( &li->li_quarantine_mutex );
+ if ( li->li_isquarantined == LDAP_BACK_FQ_YES ) {
+ dont_retry = ( ri->ri_num[ ri->ri_idx ] == SLAP_RETRYNUM_TAIL
+ || slap_get_time() < ri->ri_last + ri->ri_interval[ ri->ri_idx ] );
+ if ( !dont_retry ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: ldap_back_getconn quarantine "
+ "retry block #%d try #%d.\n",
+ op->o_log_prefix, ri->ri_idx, ri->ri_count );
+ li->li_isquarantined = LDAP_BACK_FQ_RETRYING;
+ }
}
+ ldap_pvt_thread_mutex_unlock( &li->li_quarantine_mutex );
}
- ldap_pvt_thread_mutex_unlock( &li->li_quarantine_mutex );
if ( dont_retry ) {
rs->sr_err = LDAP_UNAVAILABLE;
if ( op->o_conn && ( sendok & LDAP_BACK_SENDERR ) ) {
+ rs->sr_text = "Target is quarantined";
send_ldap_result( op, rs );
}
return NULL;
@@ -667,56 +758,136 @@ ldap_back_getconn(
if ( op->o_do_not_cache || be_isroot( op ) ) {
LDAP_BACK_CONN_ISPRIV_SET( &lc_curr );
lc_curr.lc_local_ndn = op->o_bd->be_rootndn;
- lc_curr.lc_conn = LDAP_BACK_PCONN_SET( op );
+ LDAP_BACK_PCONN_ROOTDN_SET( &lc_curr, op );
} else {
- lc_curr.lc_local_ndn = op->o_ndn;
- /* Explicit binds must not be shared */
+ struct berval tmpbinddn,
+ tmpbindcred,
+ save_o_dn,
+ save_o_ndn;
+ int isproxyauthz;
+
+ /* need cleanup */
+ if ( binddn == NULL ) {
+ binddn = &tmpbinddn;
+ }
+ if ( bindcred == NULL ) {
+ bindcred = &tmpbindcred;
+ }
+ if ( op->o_tag == LDAP_REQ_BIND ) {
+ save_o_dn = op->o_dn;
+ save_o_ndn = op->o_ndn;
+ op->o_dn = op->o_req_dn;
+ op->o_ndn = op->o_req_ndn;
+ }
+ isproxyauthz = ldap_back_is_proxy_authz( op, rs, sendok, binddn, bindcred );
+ if ( isproxyauthz == -1 ) {
+ return NULL;
+ }
if ( op->o_tag == LDAP_REQ_BIND ) {
+ op->o_dn = save_o_dn;
+ op->o_ndn = save_o_ndn;
+ }
+
+ lc_curr.lc_local_ndn = op->o_ndn;
+ /* Explicit binds must not be shared;
+ * however, explicit binds are piped in a special connection
+ * when idassert is to occur with "override" set */
+ if ( op->o_tag == LDAP_REQ_BIND && !isproxyauthz ) {
lc_curr.lc_conn = op->o_conn;
} else {
- if ( !( sendok & LDAP_BACK_BINDING ) &&
- ldap_back_is_proxy_authz( op, rs, sendok, binddn, bindcred ) )
- {
+ if ( isproxyauthz && !( sendok & LDAP_BACK_BINDING ) ) {
lc_curr.lc_local_ndn = *binddn;
- lc_curr.lc_conn = LDAP_BACK_PCONN_SET( op );
+ LDAP_BACK_PCONN_ROOTDN_SET( &lc_curr, op );
+ LDAP_BACK_CONN_ISIDASSERT_SET( &lc_curr );
+
+ } else if ( isproxyauthz && ( li->li_idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) ) {
+ lc_curr.lc_local_ndn = slap_empty_bv;
+ LDAP_BACK_PCONN_BIND_SET( &lc_curr, op );
LDAP_BACK_CONN_ISIDASSERT_SET( &lc_curr );
+ lookupconn = 1;
} else if ( SLAP_IS_AUTHZ_BACKEND( op ) ) {
lc_curr.lc_conn = op->o_conn;
} else {
- lc_curr.lc_conn = LDAP_BACK_PCONN_SET( op );
+ LDAP_BACK_PCONN_ANON_SET( &lc_curr, op );
}
}
}
/* Explicit Bind requests always get their own conn */
- if ( !( sendok & LDAP_BACK_BINDING ) ) {
- /* Searches for a ldapconn in the avl tree */
+ if ( lookupconn ) {
retry_lock:
ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
+ if ( LDAP_BACK_PCONN_ISPRIV( &lc_curr ) ) {
+ /* lookup a conn that's not binding */
+ LDAP_TAILQ_FOREACH( lc,
+ &li->li_conn_priv[ LDAP_BACK_CONN2PRIV( &lc_curr ) ].lic_priv,
+ lc_q )
+ {
+ if ( !LDAP_BACK_CONN_BINDING( lc ) && lc->lc_refcnt == 0 ) {
+ break;
+ }
+ }
+
+ if ( lc != NULL ) {
+ if ( lc != LDAP_TAILQ_LAST( &li->li_conn_priv[ LDAP_BACK_CONN2PRIV( lc ) ].lic_priv,
+ ldapconn_t, lc_q ) )
+ {
+ LDAP_TAILQ_REMOVE( &li->li_conn_priv[ LDAP_BACK_CONN2PRIV( lc ) ].lic_priv,
+ lc, lc_q );
+ LDAP_TAILQ_ENTRY_INIT( lc, lc_q );
+ LDAP_TAILQ_INSERT_TAIL( &li->li_conn_priv[ LDAP_BACK_CONN2PRIV( lc ) ].lic_priv,
+ lc, lc_q );
+ }
+
+ } else if ( !LDAP_BACK_USE_TEMPORARIES( li )
+ && li->li_conn_priv[ LDAP_BACK_CONN2PRIV( &lc_curr ) ].lic_num == li->li_conn_priv_max )
+ {
+ lc = LDAP_TAILQ_FIRST( &li->li_conn_priv[ LDAP_BACK_CONN2PRIV( &lc_curr ) ].lic_priv );
+ }
+
+ } else {
+
+ /* Searches for a ldapconn in the avl tree */
+ lc = (ldapconn_t *)avl_find( li->li_conninfo.lai_tree,
+ (caddr_t)&lc_curr, ldap_back_conndn_cmp );
+ }
- lc = (ldapconn_t *)avl_find( li->li_conninfo.lai_tree,
- (caddr_t)&lc_curr, ldap_back_conndn_cmp );
if ( lc != NULL ) {
/* Don't reuse connections while they're still binding */
if ( LDAP_BACK_CONN_BINDING( lc ) ) {
- ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
- ldap_pvt_thread_yield();
- goto retry_lock;
+ if ( !LDAP_BACK_USE_TEMPORARIES( li ) ) {
+ ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
+
+ ldap_pvt_thread_yield();
+ goto retry_lock;
+ }
+ lc = NULL;
}
- refcnt = ++lc->lc_refcnt;
- binding = ++lc->lc_binding;
+ if ( lc != NULL ) {
+ if ( op->o_tag == LDAP_REQ_BIND ) {
+ /* right now, this is the only possible case */
+ assert( ( li->li_idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) );
+ LDAP_BACK_CONN_BINDING_SET( lc );
+ }
+
+ refcnt = ++lc->lc_refcnt;
+ }
}
ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
}
/* Looks like we didn't get a bind. Open a new session... */
if ( lc == NULL ) {
- if ( ldap_back_prepare_conn( &lc, op, rs, sendok ) != LDAP_SUCCESS ) {
+ lc = (ldapconn_t *)ch_calloc( 1, sizeof( ldapconn_t ) );
+ lc->lc_flags = li->li_flags;
+ lc->lc_lcflags = lc_curr.lc_lcflags;
+ if ( ldap_back_prepare_conn( lc, op, rs, sendok ) != LDAP_SUCCESS ) {
+ ch_free( lc );
return NULL;
}
@@ -751,8 +922,10 @@ retry_lock:
LDAP_BACK_CONN_ISPRIV_SET( lc );
} else if ( LDAP_BACK_CONN_ISIDASSERT( &lc_curr ) ) {
- ber_dupbv( &lc->lc_bound_ndn, &li->li_idassert_authcDN );
- ber_dupbv( &lc->lc_cred, &li->li_idassert_passwd );
+ if ( !LDAP_BACK_PCONN_ISBIND( &lc_curr ) ) {
+ ber_dupbv( &lc->lc_bound_ndn, &li->li_idassert_authcDN );
+ ber_dupbv( &lc->lc_cred, &li->li_idassert_passwd );
+ }
LDAP_BACK_CONN_ISIDASSERT_SET( lc );
} else {
@@ -770,18 +943,24 @@ retry_lock:
* check if the non-TLS connection was already
* in cache; in case, destroy the newly created
* connection and use the existing one */
- if ( lc->lc_conn == LDAP_BACK_PCONN_TLS
+ if ( LDAP_BACK_PCONN_ISTLS( lc )
&& !ldap_tls_inplace( lc->lc_ld ) )
{
- ldapconn_t *tmplc;
+ ldapconn_t *tmplc = NULL;
+ int idx = LDAP_BACK_CONN2PRIV( &lc_curr ) - 1;
- lc_curr.lc_conn = LDAP_BACK_PCONN;
ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
- tmplc = (ldapconn_t *)avl_find( li->li_conninfo.lai_tree,
- (caddr_t)&lc_curr, ldap_back_conndn_cmp );
+ LDAP_TAILQ_FOREACH( tmplc,
+ &li->li_conn_priv[ idx ].lic_priv,
+ lc_q )
+ {
+ if ( !LDAP_BACK_CONN_BINDING( tmplc ) ) {
+ break;
+ }
+ }
+
if ( tmplc != NULL ) {
refcnt = ++tmplc->lc_refcnt;
- binding = ++tmplc->lc_binding;
ldap_back_conn_free( lc );
lc = tmplc;
}
@@ -793,63 +972,81 @@ retry_lock:
}
#endif /* HAVE_TLS */
- LDAP_BACK_CONN_ISBOUND_CLEAR( lc );
-
/* Inserts the newly created ldapconn in the avl tree */
ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
+ LDAP_BACK_CONN_ISBOUND_CLEAR( lc );
+
+ assert( lc->lc_refcnt == 1 );
+
#if LDAP_BACK_PRINT_CONNTREE > 0
- ldap_back_print_conntree( li->li_conninfo.lai_tree, ">>> ldap_back_getconn(insert)" );
+ ldap_back_print_conntree( li, ">>> ldap_back_getconn(insert)" );
#endif /* LDAP_BACK_PRINT_CONNTREE */
- assert( lc->lc_refcnt == 1 );
- assert( lc->lc_binding == 1 );
- rs->sr_err = avl_insert( &li->li_conninfo.lai_tree, (caddr_t)lc,
- ldap_back_conndn_cmp, ldap_back_conndn_dup );
+ if ( LDAP_BACK_PCONN_ISPRIV( lc ) ) {
+ if ( li->li_conn_priv[ LDAP_BACK_CONN2PRIV( lc ) ].lic_num < li->li_conn_priv_max ) {
+ LDAP_TAILQ_INSERT_TAIL( &li->li_conn_priv[ LDAP_BACK_CONN2PRIV( lc ) ].lic_priv, lc, lc_q );
+ li->li_conn_priv[ LDAP_BACK_CONN2PRIV( lc ) ].lic_num++;
+ LDAP_BACK_CONN_CACHED_SET( lc );
+
+ } else {
+ LDAP_BACK_CONN_TAINTED_SET( lc );
+ }
+ rs->sr_err = 0;
+
+ } else {
+ rs->sr_err = avl_insert( &li->li_conninfo.lai_tree, (caddr_t)lc,
+ ldap_back_conndn_cmp, ldap_back_conndn_dup );
+ LDAP_BACK_CONN_CACHED_SET( lc );
+ }
#if LDAP_BACK_PRINT_CONNTREE > 0
- ldap_back_print_conntree( li->li_conninfo.lai_tree, "<<< ldap_back_getconn(insert)" );
+ ldap_back_print_conntree( li, "<<< ldap_back_getconn(insert)" );
#endif /* LDAP_BACK_PRINT_CONNTREE */
ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
- Debug( LDAP_DEBUG_TRACE,
- "=>ldap_back_getconn: conn %p inserted refcnt=%u binding=%u\n",
- (void *)lc, refcnt, binding );
+ if ( LogTest( LDAP_DEBUG_TRACE ) ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ snprintf( buf, sizeof( buf ),
+ "lc=%p inserted refcnt=%u rc=%d",
+ (void *)lc, refcnt, rs->sr_err );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "=>ldap_back_getconn: %s: %s\n",
+ op->o_log_prefix, buf, 0 );
+ }
- /* Err could be -1 in case a duplicate ldapconn is inserted */
- switch ( rs->sr_err ) {
- case 0:
- break;
+ if ( !LDAP_BACK_PCONN_ISPRIV( lc ) ) {
+ /* Err could be -1 in case a duplicate ldapconn is inserted */
+ switch ( rs->sr_err ) {
+ case 0:
+ break;
- case -1:
- if ( !( sendok & LDAP_BACK_BINDING ) ) {
- /* duplicate: free and try to get the newly created one */
- goto retry_lock;
- }
- /* taint connection, so that it'll be freed when released */
- ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
-#if LDAP_BACK_PRINT_CONNTREE > 0
- ldap_back_print_conntree( li->li_conninfo.lai_tree, ">>> ldap_back_getconn(delete)" );
-#endif /* LDAP_BACK_PRINT_CONNTREE */
- (void *)avl_delete( &li->li_conninfo.lai_tree, (caddr_t)lc,
- ldap_back_conndnlc_cmp );
-#if LDAP_BACK_PRINT_CONNTREE > 0
- ldap_back_print_conntree( li->li_conninfo.lai_tree, "<<< ldap_back_getconn(delete)" );
-#endif /* LDAP_BACK_PRINT_CONNTREE */
- ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
- LDAP_BACK_CONN_TAINTED_SET( lc );
- break;
+ case -1:
+ LDAP_BACK_CONN_CACHED_CLEAR( lc );
+ if ( !( sendok & LDAP_BACK_BINDING ) && !LDAP_BACK_USE_TEMPORARIES( li ) ) {
+ /* duplicate: free and try to get the newly created one */
+ ldap_back_conn_free( lc );
+ lc = NULL;
+ goto retry_lock;
+ }
- default:
- ldap_back_conn_free( lc );
- rs->sr_err = LDAP_OTHER;
- rs->sr_text = "proxy bind collision";
- if ( op->o_conn && ( sendok & LDAP_BACK_SENDERR ) ) {
- send_ldap_result( op, rs );
- rs->sr_text = NULL;
+ /* taint connection, so that it'll be freed when released */
+ LDAP_BACK_CONN_TAINTED_SET( lc );
+ break;
+
+ default:
+ LDAP_BACK_CONN_CACHED_CLEAR( lc );
+ ldap_back_conn_free( lc );
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "Proxy bind collision";
+ if ( op->o_conn && ( sendok & LDAP_BACK_SENDERR ) ) {
+ send_ldap_result( op, rs );
+ }
+ return NULL;
}
- return NULL;
}
} else {
@@ -863,24 +1060,28 @@ retry_lock:
/* let it be used, but taint/delete it so that
* no-one else can look it up any further */
ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
+
#if LDAP_BACK_PRINT_CONNTREE > 0
- ldap_back_print_conntree( li->li_conninfo.lai_tree, ">>> ldap_back_getconn(timeout)" );
+ ldap_back_print_conntree( li, ">>> ldap_back_getconn(timeout)" );
#endif /* LDAP_BACK_PRINT_CONNTREE */
- (void *)avl_delete( &li->li_conninfo.lai_tree, (caddr_t)lc,
- ldap_back_conndnlc_cmp );
+
+ (void)ldap_back_conn_delete( li, lc );
+ LDAP_BACK_CONN_TAINTED_SET( lc );
+
#if LDAP_BACK_PRINT_CONNTREE > 0
- ldap_back_print_conntree( li->li_conninfo.lai_tree, "<<< ldap_back_getconn(timeout)" );
+ ldap_back_print_conntree( li, "<<< ldap_back_getconn(timeout)" );
#endif /* LDAP_BACK_PRINT_CONNTREE */
+
ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
- LDAP_BACK_CONN_TAINTED_SET( lc );
}
if ( LogTest( LDAP_DEBUG_TRACE ) ) {
char buf[ SLAP_TEXT_BUFLEN ];
snprintf( buf, sizeof( buf ),
- "conn %p fetched refcnt=%u binding=%u%s",
- (void *)lc, refcnt, binding, expiring ? " expiring" : "" );
+ "conn %p fetched refcnt=%u%s",
+ (void *)lc, refcnt,
+ expiring ? " expiring" : "" );
Debug( LDAP_DEBUG_TRACE,
"=>ldap_back_getconn: %s.\n", buf, 0, 0 );
}
@@ -895,12 +1096,10 @@ done:;
void
ldap_back_release_conn_lock(
- Operation *op,
- SlapReply *rs,
+ ldapinfo_t *li,
ldapconn_t **lcp,
int dolock )
{
- ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
ldapconn_t *lc = *lcp;
@@ -911,7 +1110,7 @@ ldap_back_release_conn_lock(
LDAP_BACK_CONN_BINDING_CLEAR( lc );
lc->lc_refcnt--;
if ( LDAP_BACK_CONN_TAINTED( lc ) ) {
- ldap_back_freeconn( op, lc, 0 );
+ ldap_back_freeconn( li, lc, 0 );
*lcp = NULL;
}
if ( dolock ) {
@@ -924,7 +1123,7 @@ ldap_back_quarantine(
Operation *op,
SlapReply *rs )
{
- ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
+ ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
slap_retry_info_t *ri = &li->li_quarantine;
@@ -969,9 +1168,13 @@ ldap_back_quarantine(
ri->ri_last = new_last;
} else if ( li->li_isquarantined != LDAP_BACK_FQ_NO ) {
+ if ( ri->ri_last == slap_get_time() ) {
+ goto done;
+ }
+
Debug( LDAP_DEBUG_ANY,
- "%s: ldap_back_quarantine exit.\n",
- op->o_log_prefix, ri->ri_idx, ri->ri_count );
+ "%s: ldap_back_quarantine exit (%d) err=%d.\n",
+ op->o_log_prefix, li->li_isquarantined, rs->sr_err );
if ( li->li_quarantine_f ) {
(void)li->li_quarantine_f( li, li->li_quarantine_p );
@@ -1038,7 +1241,6 @@ retry_lock:;
/* check if already bound */
rc = isbound = LDAP_BACK_CONN_ISBOUND( lc );
if ( isbound ) {
- lc->lc_binding--;
if ( dolock ) {
ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
}
@@ -1060,16 +1262,6 @@ retry_lock:;
}
}
- /* wait for pending operations to finish */
- /* FIXME: may become a bottleneck! */
- if ( lc->lc_refcnt != lc->lc_binding ) {
- if ( dolock ) {
- ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
- }
- ldap_pvt_thread_yield();
- goto retry_lock;
- }
-
if ( dolock ) {
ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
}
@@ -1098,9 +1290,12 @@ retry_lock:;
*/
if ( LDAP_BACK_CONN_ISIDASSERT( lc ) ) {
if ( BER_BVISEMPTY( &binddn ) && BER_BVISEMPTY( &bindcred ) ) {
- ldap_back_is_proxy_authz( op, rs, sendok, &binddn, &bindcred );
+ /* if we got here, it shouldn't return result */
+ rc = ldap_back_is_proxy_authz( op, rs,
+ LDAP_BACK_DONTSEND, &binddn, &bindcred );
+ assert( rc == 1 );
}
- (void)ldap_back_proxy_authz_bind( lc, op, rs, sendok, &binddn, &bindcred );
+ rc = ldap_back_proxy_authz_bind( lc, op, rs, sendok, &binddn, &bindcred );
goto done;
}
@@ -1174,9 +1369,9 @@ retry:;
lc->lc_ld = NULL;
/* lc here must be the regular lc, reset and ready for init */
- rs->sr_err = ldap_back_prepare_conn( &lc, op, rs, sendok );
+ rs->sr_err = ldap_back_prepare_conn( lc, op, rs, sendok );
if ( rs->sr_err != LDAP_SUCCESS ) {
- lc->lc_binding--;
+ sendok &= ~LDAP_BACK_SENDERR;
lc->lc_refcnt = 0;
}
}
@@ -1191,20 +1386,11 @@ retry:;
}
goto retry;
}
-
- } else {
- if ( dolock ) {
- ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
- }
- lc->lc_binding--;
- if ( dolock ) {
- ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
- }
}
- /* FIXME: one binding-- too many? */
- lc->lc_binding--;
- ldap_back_freeconn( op, lc, dolock );
+ assert( lc->lc_refcnt == 1 );
+ lc->lc_refcnt = 0;
+ ldap_back_freeconn( li, lc, dolock );
*lcp = NULL;
rs->sr_err = slap_map_api2result( rs );
@@ -1215,6 +1401,7 @@ retry:;
if ( rs->sr_err != LDAP_SUCCESS &&
( sendok & LDAP_BACK_SENDERR ) )
{
+ rs->sr_text = "Internal proxy bind failure";
send_ldap_result( op, rs );
}
@@ -1222,17 +1409,16 @@ retry:;
}
rc = ldap_back_op_result( lc, op, rs, msgid,
- -1, (sendok|LDAP_BACK_BINDING) );
+ -1, ( sendok | LDAP_BACK_BINDING ) );
if ( rc == LDAP_SUCCESS ) {
LDAP_BACK_CONN_ISBOUND_SET( lc );
}
done:;
- lc->lc_binding--;
LDAP_BACK_CONN_BINDING_CLEAR( lc );
rc = LDAP_BACK_CONN_ISBOUND( lc );
if ( !rc ) {
- ldap_back_release_conn_lock( op, rs, lcp, dolock );
+ ldap_back_release_conn_lock( li, lcp, dolock );
} else if ( LDAP_BACK_SAVECRED( li ) ) {
ldap_set_rebind_proc( lc->lc_ld, li->li_rebind_f, lc );
@@ -1342,7 +1528,7 @@ ldap_back_cancel(
}
if ( LDAP_BACK_IGNORE( li ) ) {
- return LDAP_SUCCESS;
+ return ldap_pvt_discard( lc->lc_ld, msgid );
}
if ( LDAP_BACK_CANCEL( li ) ) {
@@ -1435,8 +1621,23 @@ retry:;
if ( sendok & LDAP_BACK_BINDING ) {
ldap_unbind_ext( lc->lc_ld, NULL, NULL );
lc->lc_ld = NULL;
+
+ /* let it be used, but taint/delete it so that
+ * no-one else can look it up any further */
+ ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
+
+#if LDAP_BACK_PRINT_CONNTREE > 0
+ ldap_back_print_conntree( li, ">>> ldap_back_getconn(timeout)" );
+#endif /* LDAP_BACK_PRINT_CONNTREE */
+
+ (void)ldap_back_conn_delete( li, lc );
LDAP_BACK_CONN_TAINTED_SET( lc );
+#if LDAP_BACK_PRINT_CONNTREE > 0
+ ldap_back_print_conntree( li, "<<< ldap_back_getconn(timeout)" );
+#endif /* LDAP_BACK_PRINT_CONNTREE */
+ ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
+
} else {
(void)ldap_back_cancel( lc, op, rs, msgid, sendok );
}
@@ -1462,7 +1663,7 @@ retry:;
* LDAP_COMPARE_{TRUE|FALSE}) */
default:
/* only touch when activity actually took place... */
- if ( li->li_idle_timeout ) {
+ if ( li->li_idle_timeout && lc ) {
lc->lc_time = op->o_time;
}
@@ -1512,6 +1713,7 @@ retry:;
ldap_back_quarantine( op, rs );
}
if ( op->o_conn && ( sendok & LDAP_BACK_SENDERR ) ) {
+ if ( rs->sr_text == NULL ) rs->sr_text = "Proxy operation retry failed";
send_ldap_result( op, rs );
}
}
@@ -1556,8 +1758,8 @@ retry:;
int
ldap_back_retry( ldapconn_t **lcp, Operation *op, SlapReply *rs, ldap_back_send_t sendok )
{
- int rc = 0;
ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
+ int rc = 0;
assert( lcp != NULL );
assert( *lcp != NULL );
@@ -1565,6 +1767,8 @@ ldap_back_retry( ldapconn_t **lcp, Operation *op, SlapReply *rs, ldap_back_send_
ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
if ( (*lcp)->lc_refcnt == 1 ) {
+ int binding = LDAP_BACK_CONN_BINDING( *lcp );
+
ldap_pvt_thread_mutex_lock( &li->li_uri_mutex );
Debug( LDAP_DEBUG_ANY,
"%s ldap_back_retry: retrying URI=\"%s\" DN=\"%s\"\n",
@@ -1578,21 +1782,27 @@ ldap_back_retry( ldapconn_t **lcp, Operation *op, SlapReply *rs, ldap_back_send_
LDAP_BACK_CONN_ISBOUND_CLEAR( (*lcp) );
/* lc here must be the regular lc, reset and ready for init */
- rc = ldap_back_prepare_conn( lcp, op, rs, sendok );
+ rc = ldap_back_prepare_conn( *lcp, op, rs, sendok );
if ( rc != LDAP_SUCCESS ) {
/* freeit, because lc_refcnt == 1 */
(*lcp)->lc_refcnt = 0;
- (void)ldap_back_freeconn( op, *lcp, 0 );
+ (void)ldap_back_freeconn( li, *lcp, 0 );
*lcp = NULL;
rc = 0;
+ } else if ( ( sendok & LDAP_BACK_BINDING ) ) {
+ if ( binding ) {
+ LDAP_BACK_CONN_BINDING_SET( *lcp );
+ }
+ rc = 1;
+
} else {
rc = ldap_back_dobind_int( lcp, op, rs, sendok, 0, 0 );
if ( rc == 0 && *lcp != NULL ) {
/* freeit, because lc_refcnt == 1 */
(*lcp)->lc_refcnt = 0;
LDAP_BACK_CONN_TAINTED_SET( *lcp );
- (void)ldap_back_freeconn( op, *lcp, 0 );
+ (void)ldap_back_freeconn( li, *lcp, 0 );
*lcp = NULL;
}
}
@@ -1603,12 +1813,12 @@ ldap_back_retry( ldapconn_t **lcp, Operation *op, SlapReply *rs, ldap_back_send_
(void *)(*lcp), (*lcp)->lc_refcnt, 0 );
LDAP_BACK_CONN_TAINTED_SET( *lcp );
- ldap_back_release_conn_lock( op, rs, lcp, 0 );
+ ldap_back_release_conn_lock( li, lcp, 0 );
assert( *lcp == NULL );
- if ( sendok ) {
+ if ( sendok & LDAP_BACK_SENDERR ) {
rs->sr_err = LDAP_UNAVAILABLE;
- rs->sr_text = "unable to retry";
+ rs->sr_text = "Unable to retry";
send_ldap_result( op, rs );
}
}
@@ -1645,6 +1855,7 @@ ldap_back_is_proxy_authz( Operation *op, SlapReply *rs, ldap_back_send_t sendok,
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
if ( sendok & LDAP_BACK_SENDERR ) {
send_ldap_result( op, rs );
+ dobind = -1;
}
goto done;
}
@@ -1674,11 +1885,15 @@ ldap_back_is_proxy_authz( Operation *op, SlapReply *rs, ldap_back_send_t sendok,
default:
/* NOTE: rootdn can always idassert */
- if ( BER_BVISNULL( &ndn ) && li->li_idassert_authz == NULL ) {
+ if ( BER_BVISNULL( &ndn )
+ && li->li_idassert_authz == NULL
+ && !( li->li_idassert_flags & LDAP_BACK_AUTH_AUTHZ_ALL ) )
+ {
if ( li->li_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) {
rs->sr_err = LDAP_INAPPROPRIATE_AUTH;
if ( sendok & LDAP_BACK_SENDERR ) {
send_ldap_result( op, rs );
+ dobind = -1;
}
} else {
@@ -1705,6 +1920,7 @@ ldap_back_is_proxy_authz( Operation *op, SlapReply *rs, ldap_back_send_t sendok,
if ( li->li_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) {
if ( sendok & LDAP_BACK_SENDERR ) {
send_ldap_result( op, rs );
+ dobind = -1;
}
} else {
@@ -1847,7 +2063,7 @@ ldap_back_proxy_authz_bind(
binddn->bv_val, LDAP_SASL_SIMPLE,
bindcred, NULL, NULL, &msgid );
rc = ldap_back_op_result( lc, op, rs, msgid,
- -1, (sendok|LDAP_BACK_BINDING) );
+ -1, ( sendok | LDAP_BACK_BINDING ) );
break;
default:
@@ -1867,13 +2083,17 @@ ldap_back_proxy_authz_bind(
LDAP_BACK_CONN_ISBOUND_SET( lc );
ber_bvreplace( &lc->lc_bound_ndn, binddn );
+ if ( !BER_BVISNULL( &lc->lc_cred ) ) {
+ memset( lc->lc_cred.bv_val, 0,
+ lc->lc_cred.bv_len );
+ }
+
if ( LDAP_BACK_SAVECRED( li ) ) {
- if ( !BER_BVISNULL( &lc->lc_cred ) ) {
- memset( lc->lc_cred.bv_val, 0,
- lc->lc_cred.bv_len );
- }
ber_bvreplace( &lc->lc_cred, bindcred );
ldap_set_rebind_proc( lc->lc_ld, li->li_rebind_f, lc );
+
+ } else {
+ lc->lc_cred.bv_len = 0;
}
}
done:;
@@ -1920,6 +2140,7 @@ ldap_back_proxy_authz_ctrl(
slap_idassert_mode_t mode;
struct berval assertedID,
ndn;
+ int isroot = 0;
*pctrls = NULL;
@@ -1949,7 +2170,7 @@ ldap_back_proxy_authz_ctrl(
goto done;
}
- if ( !op->o_conn || op->o_do_not_cache || be_isroot( op ) ) {
+ if ( !op->o_conn || op->o_do_not_cache || ( isroot = be_isroot( op ) ) ) {
goto done;
}
@@ -2001,7 +2222,7 @@ ldap_back_proxy_authz_ctrl(
goto done;
}
- } else if ( si->si_authz && !be_isroot( op ) ) {
+ } else if ( si->si_authz && !isroot ) {
int rc;
struct berval authcDN;
@@ -2052,21 +2273,11 @@ ldap_back_proxy_authz_ctrl(
}
switch ( mode ) {
- case LDAP_BACK_IDASSERT_SELF:
- if ( BER_BVISNULL( &ndn ) ) {
- goto done;
- }
- assertedID = ndn;
- break;
-
case LDAP_BACK_IDASSERT_LEGACY:
/* original behavior:
* assert the client's identity */
- if ( BER_BVISNULL( &ndn ) ) {
- assertedID = slap_empty_bv;
- } else {
- assertedID = ndn;
- }
+ case LDAP_BACK_IDASSERT_SELF:
+ assertedID = ndn;
break;
case LDAP_BACK_IDASSERT_ANONYMOUS:
@@ -2088,6 +2299,7 @@ ldap_back_proxy_authz_ctrl(
assert( 0 );
}
+ /* if we got here, "" is allowed to proxyAuthz */
if ( BER_BVISNULL( &assertedID ) ) {
assertedID = slap_empty_bv;
}
diff --git a/servers/slapd/back-ldap/chain.c b/servers/slapd/back-ldap/chain.c
index b81de4fb8750a6ce31d1e958fef727b55264f273..3bf88376c498221e8884f773d27032506af59cbf 100644
--- a/servers/slapd/back-ldap/chain.c
+++ b/servers/slapd/back-ldap/chain.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
* Portions Copyright 2003 Howard Chu.
* All rights reserved.
*
@@ -414,14 +414,19 @@ ldap_chain_op(
li.li_bvuri = bvuri;
first_rc = -1;
for ( ; !BER_BVISNULL( ref ); ref++ ) {
- LDAPURLDesc *srv;
- char *save_dn;
+ SlapReply rs2 = { 0 };
+ LDAPURLDesc *srv = NULL;
+ struct berval save_req_dn = op->o_req_dn,
+ save_req_ndn = op->o_req_ndn,
+ dn,
+ pdn = BER_BVNULL,
+ ndn = BER_BVNULL;
int temporary = 0;
/* We're setting the URI of the first referral;
* what if there are more?
-Document: draft-ietf-ldapbis-protocol-27.txt
+Document: RFC 4511
4.1.10. Referral
...
@@ -443,22 +448,35 @@ Document: draft-ietf-ldapbis-protocol-27.txt
continue;
}
- /* remove DN essentially because later on
- * ldap_initialize() will parse the URL
- * as a comma-separated URL list */
- save_dn = srv->lud_dn;
- srv->lud_dn = "";
- srv->lud_scope = LDAP_SCOPE_DEFAULT;
- li.li_uri = ldap_url_desc2str( srv );
- srv->lud_dn = save_dn;
+ /* normalize DN */
+ ber_str2bv( srv->lud_dn, 0, 0, &dn );
+ rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn, op->o_tmpmemctx );
+ if ( rc == LDAP_SUCCESS ) {
+ /* remove DN essentially because later on
+ * ldap_initialize() will parse the URL
+ * as a comma-separated URL list */
+ srv->lud_dn = "";
+ srv->lud_scope = LDAP_SCOPE_DEFAULT;
+ li.li_uri = ldap_url_desc2str( srv );
+ srv->lud_dn = dn.bv_val;
+ }
ldap_free_urldesc( srv );
- if ( li.li_uri == NULL ) {
+ if ( rc != LDAP_SUCCESS ) {
/* try next */
rc = LDAP_OTHER;
continue;
}
+ if ( li.li_uri == NULL ) {
+ /* try next */
+ rc = LDAP_OTHER;
+ goto further_cleanup;
+ }
+
+ op->o_req_dn = pdn;
+ op->o_req_ndn = ndn;
+
ber_str2bv( li.li_uri, 0, 0, &li.li_bvuri[ 0 ] );
/* Searches for a ldapinfo in the avl tree */
@@ -506,7 +524,7 @@ Document: draft-ietf-ldapbis-protocol-27.txt
lb->lb_op_f = op_f;
lb->lb_depth = depth + 1;
- rc = op_f( op, rs );
+ rc = op_f( op, &rs2 );
/* note the first error */
if ( first_rc == -1 ) {
@@ -523,10 +541,24 @@ cleanup:;
(void)ldap_chain_db_close_one( op->o_bd );
(void)ldap_chain_db_destroy_one( op->o_bd );
}
+
+further_cleanup:;
+ if ( !BER_BVISNULL( &pdn ) ) {
+ op->o_tmpfree( pdn.bv_val, op->o_tmpmemctx );
+ }
+ op->o_req_dn = save_req_dn;
+
+ if ( !BER_BVISNULL( &ndn ) ) {
+ op->o_tmpfree( ndn.bv_val, op->o_tmpmemctx );
+ }
+ op->o_req_ndn = save_req_ndn;
- if ( rc == LDAP_SUCCESS && rs->sr_err == LDAP_SUCCESS ) {
+ if ( rc == LDAP_SUCCESS && rs2.sr_err == LDAP_SUCCESS ) {
+ *rs = rs2;
break;
}
+
+ rc = rs2.sr_err;
}
#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
@@ -578,8 +610,13 @@ ldap_chain_search(
* to be set once for all (correct?) */
li.li_bvuri = bvuri;
for ( ; !BER_BVISNULL( &ref[0] ); ref++ ) {
+ SlapReply rs2 = { 0 };
LDAPURLDesc *srv;
- char *save_dn;
+ struct berval save_req_dn = op->o_req_dn,
+ save_req_ndn = op->o_req_ndn,
+ dn,
+ pdn = BER_BVNULL,
+ ndn = BER_BVNULL;
int temporary = 0;
/* parse reference and use
@@ -591,29 +628,35 @@ ldap_chain_search(
continue;
}
- /* remove DN essentially because later on
- * ldap_initialize() will parse the URL
- * as a comma-separated URL list */
- save_dn = srv->lud_dn;
- srv->lud_dn = "";
- srv->lud_scope = LDAP_SCOPE_DEFAULT;
- li.li_uri = ldap_url_desc2str( srv );
- if ( li.li_uri != NULL ) {
- ber_str2bv_x( save_dn, 0, 1, &op->o_req_dn,
- op->o_tmpmemctx );
- ber_dupbv_x( &op->o_req_ndn, &op->o_req_dn,
- op->o_tmpmemctx );
+ /* normalize DN */
+ ber_str2bv( srv->lud_dn, 0, 0, &dn );
+ rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn, op->o_tmpmemctx );
+ if ( rc == LDAP_SUCCESS ) {
+ /* remove DN essentially because later on
+ * ldap_initialize() will parse the URL
+ * as a comma-separated URL list */
+ srv->lud_dn = "";
+ srv->lud_scope = LDAP_SCOPE_DEFAULT;
+ li.li_uri = ldap_url_desc2str( srv );
+ srv->lud_dn = dn.bv_val;
}
-
- srv->lud_dn = save_dn;
ldap_free_urldesc( srv );
- if ( li.li_uri == NULL ) {
+ if ( rc != LDAP_SUCCESS ) {
/* try next */
- rs->sr_err = LDAP_OTHER;
+ rc = LDAP_OTHER;
continue;
}
+ if ( li.li_uri == NULL ) {
+ /* try next */
+ rc = LDAP_OTHER;
+ goto further_cleanup;
+ }
+
+ op->o_req_dn = pdn;
+ op->o_req_ndn = ndn;
+
ber_str2bv( li.li_uri, 0, 0, &li.li_bvuri[ 0 ] );
/* Searches for a ldapinfo in the avl tree */
@@ -664,7 +707,7 @@ ldap_chain_search(
/* FIXME: should we also copy filter and scope?
* according to RFC3296, no */
- rc = lback->bi_op_search( op, rs );
+ rc = lback->bi_op_search( op, &rs2 );
if ( first_rc == -1 ) {
first_rc = rc;
}
@@ -683,11 +726,23 @@ cleanup:;
(void)ldap_chain_db_destroy_one( op->o_bd );
}
- if ( rc == LDAP_SUCCESS && rs->sr_err == LDAP_SUCCESS ) {
+further_cleanup:;
+ if ( !BER_BVISNULL( &pdn ) ) {
+ op->o_tmpfree( pdn.bv_val, op->o_tmpmemctx );
+ }
+ op->o_req_dn = save_req_dn;
+
+ if ( !BER_BVISNULL( &ndn ) ) {
+ op->o_tmpfree( ndn.bv_val, op->o_tmpmemctx );
+ }
+ op->o_req_ndn = save_req_ndn;
+
+ if ( rc == LDAP_SUCCESS && rs2.sr_err == LDAP_SUCCESS ) {
+ *rs = rs2;
break;
}
- rc = rs->sr_err;
+ rc = rs2.sr_err;
}
#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
@@ -723,6 +778,7 @@ ldap_chain_response( Operation *op, SlapReply *rs )
slap_callback *sc = op->o_callback,
sc2 = { 0 };
int rc = 0;
+ char *text = NULL;
const char *matched;
BerVarray ref;
struct berval ndn = op->o_ndn;
@@ -778,6 +834,8 @@ ldap_chain_response( Operation *op, SlapReply *rs )
SLAP_DBFLAGS( &db ) &= ~SLAP_DBFLAG_MONITORING;
op->o_bd = &db;
+ text = rs->sr_text;
+ rs->sr_text = NULL;
matched = rs->sr_matched;
rs->sr_matched = NULL;
ref = rs->sr_ref;
@@ -911,6 +969,7 @@ cannot_chain:;
rc = SLAP_CB_CONTINUE;
rs->sr_err = sr_err;
rs->sr_type = sr_type;
+ rs->sr_text = text;
rs->sr_matched = matched;
rs->sr_ref = ref;
}
@@ -929,6 +988,7 @@ cannot_chain:;
dont_chain:;
rs->sr_err = sr_err;
rs->sr_type = sr_type;
+ rs->sr_text = text;
rs->sr_matched = matched;
rs->sr_ref = ref;
op->o_bd = bd;
diff --git a/servers/slapd/back-ldap/compare.c b/servers/slapd/back-ldap/compare.c
index 1d667993a2a036c2d625ef606a84e40b685b2a47..a0a1b598075ffc0c58a399431916519a1169884b 100644
--- a/servers/slapd/back-ldap/compare.c
+++ b/servers/slapd/back-ldap/compare.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Howard Chu.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
@@ -78,7 +78,7 @@ cleanup:
(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
if ( lc != NULL ) {
- ldap_back_release_conn( op, rs, lc );
+ ldap_back_release_conn( li, lc );
}
return rs->sr_err;
diff --git a/servers/slapd/back-ldap/config.c b/servers/slapd/back-ldap/config.c
index d43ef4d8d53196cbe8493c5404e23cb2ddf35d20..78a2f2d25c12dd4e402038d75bea29ba4630fa24 100644
--- a/servers/slapd/back-ldap/config.c
+++ b/servers/slapd/back-ldap/config.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Howard Chu.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
@@ -65,6 +65,8 @@ enum {
LDAP_BACK_CFG_NETWORK_TIMEOUT,
LDAP_BACK_CFG_VERSION,
LDAP_BACK_CFG_SINGLECONN,
+ LDAP_BACK_CFG_USETEMP,
+ LDAP_BACK_CFG_CONNPOOLMAX,
LDAP_BACK_CFG_CANCEL,
LDAP_BACK_CFG_QUARANTINE,
LDAP_BACK_CFG_REWRITE,
@@ -81,7 +83,7 @@ static ConfigTable ldapcfg[] = {
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )",
NULL, NULL },
- { "tls", "what", 2, 2, 0,
+ { "tls", "what", 2, 0, 0,
ARG_MAGIC|LDAP_BACK_CFG_TLS,
ldap_back_cf_gen, "( OLcfgDbAt:3.1 "
"NAME 'olcDbStartTLS' "
@@ -277,6 +279,22 @@ static ConfigTable ldapcfg[] = {
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )",
NULL, NULL },
+ { "use-temporary-conn", "TRUE/FALSE", 2, 0, 0,
+ ARG_MAGIC|ARG_ON_OFF|LDAP_BACK_CFG_USETEMP,
+ ldap_back_cf_gen, "( OLcfgDbAt:3.22 "
+ "NAME 'olcDbUseTemporaryConn' "
+ "DESC 'Use temporary connections if the cached one is busy' "
+ "SYNTAX OMsBoolean "
+ "SINGLE-VALUE )",
+ NULL, NULL },
+ { "conn-pool-max", "<n>", 2, 0, 0,
+ ARG_MAGIC|ARG_INT|LDAP_BACK_CFG_CONNPOOLMAX,
+ ldap_back_cf_gen, "( OLcfgDbAt:3.23 "
+ "NAME 'olcDbConnectionPoolMax' "
+ "DESC 'Max size of privileged connections pool' "
+ "SYNTAX OMsInteger "
+ "SINGLE-VALUE )",
+ NULL, NULL },
{ "suffixmassage", "[virtual]> <real", 2, 3, 0,
ARG_STRING|ARG_MAGIC|LDAP_BACK_CFG_REWRITE,
ldap_back_cf_gen, NULL, NULL, NULL },
@@ -314,6 +332,8 @@ static ConfigOCs ldapocs[] = {
"$ olcDbSingleConn "
"$ olcDbCancel "
"$ olcDbQuarantine "
+ "$ olcDbUseTemporaryConn "
+ "$ olcDbConnectionPoolMax "
") )",
Cft_Database, ldapcfg},
{ NULL, 0, NULL }
@@ -332,6 +352,7 @@ static slap_verbmasks tls_mode[] = {
{ BER_BVC( "try-propagate" ), LDAP_BACK_F_PROPAGATE_TLS },
{ BER_BVC( "start" ), LDAP_BACK_F_TLS_USE_MASK },
{ BER_BVC( "try-start" ), LDAP_BACK_F_USE_TLS },
+ { BER_BVC( "ldaps" ), LDAP_BACK_F_TLS_LDAPS },
{ BER_BVC( "none" ), LDAP_BACK_F_NONE },
{ BER_BVNULL, 0 }
};
@@ -360,9 +381,7 @@ static slap_cf_aux_table timeout_table[] = {
{ BER_BVC("modrdn="), SLAP_OP_MODRDN * sizeof( time_t ), 'u', 0, NULL },
{ BER_BVC("modify="), SLAP_OP_MODIFY * sizeof( time_t ), 'u', 0, NULL },
{ BER_BVC("compare="), SLAP_OP_COMPARE * sizeof( time_t ), 'u', 0, NULL },
-#if 0 /* uses timelimit instead */
{ BER_BVC("search="), SLAP_OP_SEARCH * sizeof( time_t ), 'u', 0, NULL },
-#endif
/* abandon makes little sense */
#if 0 /* not implemented yet */
{ BER_BVC("extended="), SLAP_OP_EXTENDED * sizeof( time_t ), 'u', 0, NULL },
@@ -530,15 +549,41 @@ slap_idassert_authzfrom_parse( ConfigArgs *c, slap_idassert_t *si )
struct berval in;
int rc;
- ber_str2bv( c->argv[ 1 ], 0, 0, &in );
- rc = authzNormalize( 0, NULL, NULL, &in, &bv, NULL );
- if ( rc != LDAP_SUCCESS ) {
- snprintf( c->msg, sizeof( c->msg ),
- "\"idassert-authzFrom <authz>\": "
- "invalid syntax" );
- Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
- return 1;
- }
+ if ( strcmp( c->argv[ 1 ], "*" ) == 0
+ || strcmp( c->argv[ 1 ], "dn:*" ) == 0
+ || strcasecmp( c->argv[ 1 ], "dn.regex:.*" ) == 0 )
+ {
+ if ( si->si_authz != NULL ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "\"idassert-authzFrom <authz>\": "
+ "\"%s\" conflicts with existing authz rules",
+ c->argv[ 1 ] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+ }
+
+ si->si_flags |= LDAP_BACK_AUTH_AUTHZ_ALL;
+
+ return 0;
+
+ } else if ( ( si->si_flags & LDAP_BACK_AUTH_AUTHZ_ALL ) ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "\"idassert-authzFrom <authz>\": "
+ "\"<authz>\" conflicts with \"*\"" );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+ }
+
+ ber_str2bv( c->argv[ 1 ], 0, 0, &in );
+ rc = authzNormalize( 0, NULL, NULL, &in, &bv, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "\"idassert-authzFrom <authz>\": "
+ "invalid syntax" );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+ }
+
ber_bvarray_add( &si->si_authz, &bv );
return 0;
@@ -665,6 +710,7 @@ slap_idassert_parse( ConfigArgs *c, slap_idassert_t *si )
return 1;
}
}
+ bindconf_tls_defaults( &si->si_bc );
return 0;
}
@@ -729,10 +775,25 @@ ldap_back_cf_gen( ConfigArgs *c )
}
break;
- case LDAP_BACK_CFG_TLS:
+ case LDAP_BACK_CFG_TLS: {
+ struct berval bc = BER_BVNULL, bv2;
enum_to_verb( tls_mode, ( li->li_flags & LDAP_BACK_F_TLS_MASK ), &bv );
assert( !BER_BVISNULL( &bv ) );
- value_add_one( &c->rvalue_vals, &bv );
+ bindconf_tls_unparse( &li->li_tls, &bc );
+
+ if ( !BER_BVISEMPTY( &bc )) {
+ bv2.bv_len = bv.bv_len + bc.bv_len + 1;
+ bv2.bv_val = ch_malloc( bv2.bv_len + 1 );
+ strcpy( bv2.bv_val, bv.bv_val );
+ bv2.bv_val[bv.bv_len] = ' ';
+ strcpy( &bv2.bv_val[bv.bv_len + 1], bc.bv_val );
+ ber_bvarray_add( &c->rvalue_vals, &bv2 );
+
+ } else {
+ value_add_one( &c->rvalue_vals, &bv );
+ }
+ ber_memfree( bc.bv_val );
+ }
break;
case LDAP_BACK_CFG_ACL_AUTHCDN:
@@ -776,7 +837,13 @@ ldap_back_cf_gen( ConfigArgs *c )
int i;
if ( li->li_idassert_authz == NULL ) {
- rc = 1;
+ if ( ( li->li_idassert_flags & LDAP_BACK_AUTH_AUTHZ_ALL ) ) {
+ BER_BVSTR( &bv, "*" );
+ value_add_one( &c->rvalue_vals, &bv );
+
+ } else {
+ rc = 1;
+ }
break;
}
@@ -1013,6 +1080,14 @@ ldap_back_cf_gen( ConfigArgs *c )
c->value_int = LDAP_BACK_SINGLECONN( li );
break;
+ case LDAP_BACK_CFG_USETEMP:
+ c->value_int = LDAP_BACK_USE_TEMPORARIES( li );
+ break;
+
+ case LDAP_BACK_CFG_CONNPOOLMAX:
+ c->value_int = li->li_conn_priv_max;
+ break;
+
case LDAP_BACK_CFG_CANCEL: {
slap_mask_t mask = LDAP_BACK_F_CANCEL_MASK2;
@@ -1139,6 +1214,14 @@ ldap_back_cf_gen( ConfigArgs *c )
li->li_flags &= ~LDAP_BACK_F_SINGLECONN;
break;
+ case LDAP_BACK_CFG_USETEMP:
+ li->li_flags &= ~LDAP_BACK_F_USE_TEMPORARIES;
+ break;
+
+ case LDAP_BACK_CFG_CONNPOOLMAX:
+ li->li_conn_priv_max = LDAP_BACK_CONN_PRIV_MIN;
+ break;
+
case LDAP_BACK_CFG_QUARANTINE:
if ( !LDAP_BACK_QUARANTINE( li ) ) {
break;
@@ -1147,6 +1230,7 @@ ldap_back_cf_gen( ConfigArgs *c )
slap_retry_info_destroy( &li->li_quarantine );
ldap_pvt_thread_mutex_destroy( &li->li_quarantine_mutex );
li->li_isquarantined = 0;
+ li->li_flags &= ~LDAP_BACK_F_QUARANTINE;
break;
default:
@@ -1310,6 +1394,13 @@ done_url:;
}
li->li_flags &= ~LDAP_BACK_F_TLS_MASK;
li->li_flags |= tls_mode[i].mask;
+ if ( c->argc > 2 ) {
+ for ( i=2; i<c->argc; i++ ) {
+ if ( bindconf_tls_parse( c->argv[i], &li->li_tls ))
+ return 1;
+ }
+ bindconf_tls_defaults( &li->li_tls );
+ }
break;
case LDAP_BACK_CFG_ACL_AUTHCDN:
@@ -1368,6 +1459,7 @@ done_url:;
return 1;
}
}
+ bindconf_tls_defaults( &li->li_acl );
break;
case LDAP_BACK_CFG_IDASSERT_MODE:
@@ -1553,7 +1645,7 @@ done_url:;
&& mask == LDAP_BACK_F_T_F_DISCOVER
&& !LDAP_BACK_T_F( li ) )
{
- slap_bindconf sb = { 0 };
+ slap_bindconf sb = { BER_BVNULL };
int rc;
if ( li->li_uri == NULL ) {
@@ -1684,6 +1776,33 @@ done_url:;
}
break;
+ case LDAP_BACK_CFG_USETEMP:
+ if ( c->value_int ) {
+ li->li_flags |= LDAP_BACK_F_USE_TEMPORARIES;
+
+ } else {
+ li->li_flags &= ~LDAP_BACK_F_USE_TEMPORARIES;
+ }
+ break;
+
+ case LDAP_BACK_CFG_CONNPOOLMAX:
+ if ( c->value_int < LDAP_BACK_CONN_PRIV_MIN
+ || c->value_int > LDAP_BACK_CONN_PRIV_MAX )
+ {
+ snprintf( c->msg, sizeof( c->msg ),
+ "invalid max size " "of privileged "
+ "connections pool \"%s\" "
+ "in \"conn-pool-max <n> "
+ "(must be between %d and %d)\"",
+ c->argv[ 1 ],
+ LDAP_BACK_CONN_PRIV_MIN,
+ LDAP_BACK_CONN_PRIV_MAX );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+ }
+ li->li_conn_priv_max = c->value_int;
+ break;
+
case LDAP_BACK_CFG_CANCEL: {
slap_mask_t mask;
@@ -1698,7 +1817,7 @@ done_url:;
&& mask == LDAP_BACK_F_CANCEL_EXOP_DISCOVER
&& !LDAP_BACK_CANCEL( li ) )
{
- slap_bindconf sb = { 0 };
+ slap_bindconf sb = { BER_BVNULL };
int rc;
if ( li->li_uri == NULL ) {
@@ -1743,6 +1862,7 @@ done_url:;
/* give it a chance to retry if the pattern gets reset
* via back-config */
li->li_isquarantined = 0;
+ li->li_flags |= LDAP_BACK_F_QUARANTINE;
}
break;
@@ -1886,7 +2006,7 @@ retry:
}
if ( lc != NULL ) {
- ldap_back_release_conn( &op2, rs, lc );
+ ldap_back_release_conn( (ldapinfo_t *)op2.o_bd->be_private, lc );
}
} else {
diff --git a/servers/slapd/back-ldap/delete.c b/servers/slapd/back-ldap/delete.c
index e759a2d3219f1f63b2838687fa31d00a2ff3583f..4f1e67ddf87e4a68bb442e1bac69587764596024 100644
--- a/servers/slapd/back-ldap/delete.c
+++ b/servers/slapd/back-ldap/delete.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Howard Chu.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
@@ -36,7 +36,7 @@ ldap_back_delete(
Operation *op,
SlapReply *rs )
{
- ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
+ ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
ldapconn_t *lc = NULL;
ber_int_t msgid;
@@ -63,7 +63,7 @@ retry:
rc = ldap_back_op_result( lc, op, rs, msgid,
li->li_timeout[ SLAP_OP_DELETE ],
( LDAP_BACK_SENDRESULT | retrying ) );
- if ( rs->sr_err == LDAP_SERVER_DOWN && retrying ) {
+ if ( rs->sr_err == LDAP_UNAVAILABLE && retrying ) {
retrying &= ~LDAP_BACK_RETRYING;
if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
/* if the identity changed, there might be need to re-authz */
@@ -76,7 +76,7 @@ cleanup:
(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
if ( lc != NULL ) {
- ldap_back_release_conn( op, rs, lc );
+ ldap_back_release_conn( li, lc );
}
return rc;
diff --git a/servers/slapd/back-ldap/distproc.c b/servers/slapd/back-ldap/distproc.c
index 95c7dfcfbb2e1c5fcbe348384ad2bd975a482ac8..95a167f6131f620ed5f19e6fc6121ec5a8f0e701 100644
--- a/servers/slapd/back-ldap/distproc.c
+++ b/servers/slapd/back-ldap/distproc.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2005-2006 The OpenLDAP Foundation.
+ * Copyright 2005-2007 The OpenLDAP Foundation.
* Portions Copyright 2003 Howard Chu.
* All rights reserved.
*
diff --git a/servers/slapd/back-ldap/extended.c b/servers/slapd/back-ldap/extended.c
index da178559b6c6e84528594714f2419ec7832f619a..38dbfcd71105a186412fce941b49825da89f99cc 100644
--- a/servers/slapd/back-ldap/extended.c
+++ b/servers/slapd/back-ldap/extended.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -78,7 +78,7 @@ ldap_back_extended_one( Operation *op, SlapReply *rs, BI_op_extended exop )
done:;
if ( lc != NULL ) {
- ldap_back_release_conn( op, rs, lc );
+ ldap_back_release_conn( li, lc );
}
return rc;
@@ -216,7 +216,7 @@ retry:
}
if ( lc != NULL ) {
- ldap_back_release_conn( op, rs, lc );
+ ldap_back_release_conn( li, lc );
}
return rc;
@@ -316,7 +316,7 @@ retry:
}
if ( lc != NULL ) {
- ldap_back_release_conn( op, rs, lc );
+ ldap_back_release_conn( li, lc );
}
return rc;
diff --git a/servers/slapd/back-ldap/init.c b/servers/slapd/back-ldap/init.c
index 3847bd0259d440519fcdf6c971e07edf90a5d8ca..d9a4ff61c4250aca3d77f24a1a85a48c428c4e5a 100644
--- a/servers/slapd/back-ldap/init.c
+++ b/servers/slapd/back-ldap/init.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Howard Chu.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
@@ -102,6 +102,7 @@ ldap_back_db_init( Backend *be )
{
ldapinfo_t *li;
int rc;
+ unsigned i;
li = (ldapinfo_t *)ch_calloc( 1, sizeof( ldapinfo_t ) );
if ( li == NULL ) {
@@ -146,12 +147,22 @@ ldap_back_db_init( Backend *be )
ldap_pvt_thread_mutex_init( &li->li_conninfo.lai_mutex );
+ for ( i = LDAP_BACK_PCONN_FIRST; i < LDAP_BACK_PCONN_LAST; i++ ) {
+ li->li_conn_priv[ i ].lic_num = 0;
+ LDAP_TAILQ_INIT( &li->li_conn_priv[ i ].lic_priv );
+ }
+ li->li_conn_priv_max = LDAP_BACK_CONN_PRIV_DEFAULT;
+
be->be_private = li;
SLAP_DBFLAGS( be ) |= SLAP_DBFLAG_NOLASTMOD;
be->be_cf_ocs = be->bd_info->bi_cf_ocs;
rc = ldap_back_monitor_db_init( be );
+ if ( rc != 0 ) {
+ /* ignore, by now */
+ rc = 0;
+ }
return rc;
}
@@ -161,7 +172,7 @@ ldap_back_db_open( BackendDB *be )
{
ldapinfo_t *li = (ldapinfo_t *)be->be_private;
- slap_bindconf sb = { 0 };
+ slap_bindconf sb = { BER_BVNULL };
int rc = 0;
Debug( LDAP_DEBUG_TRACE,
@@ -187,8 +198,6 @@ ldap_back_db_open( BackendDB *be )
BER_BVSTR( &sb.sb_binddn, "" );
if ( LDAP_BACK_T_F_DISCOVER( li ) && !LDAP_BACK_T_F( li ) ) {
- int rc;
-
rc = slap_discover_feature( &sb,
slap_schema.si_ad_supportedFeatures->ad_cname.bv_val,
LDAP_FEATURE_ABSOLUTE_FILTERS );
@@ -240,6 +249,8 @@ ldap_back_conn_free( void *v_lc )
if ( !BER_BVISNULL( &lc->lc_local_ndn ) ) {
ch_free( lc->lc_local_ndn.bv_val );
}
+ lc->lc_q.tqe_prev = NULL;
+ lc->lc_q.tqe_next = NULL;
ch_free( lc );
}
@@ -260,6 +271,7 @@ ldap_back_db_destroy( Backend *be )
{
if ( be->be_private ) {
ldapinfo_t *li = ( ldapinfo_t * )be->be_private;
+ unsigned i;
(void)ldap_back_monitor_db_destroy( be );
@@ -324,6 +336,14 @@ ldap_back_db_destroy( Backend *be )
if ( li->li_conninfo.lai_tree ) {
avl_free( li->li_conninfo.lai_tree, ldap_back_conn_free );
}
+ for ( i = LDAP_BACK_PCONN_FIRST; i < LDAP_BACK_PCONN_LAST; i++ ) {
+ while ( !LDAP_TAILQ_EMPTY( &li->li_conn_priv[ i ].lic_priv ) ) {
+ ldapconn_t *lc = LDAP_TAILQ_FIRST( &li->li_conn_priv[ i ].lic_priv );
+
+ LDAP_TAILQ_REMOVE( &li->li_conn_priv[ i ].lic_priv, lc, lc_q );
+ ldap_back_conn_free( lc );
+ }
+ }
if ( LDAP_BACK_QUARANTINE( li ) ) {
slap_retry_info_destroy( &li->li_quarantine );
ldap_pvt_thread_mutex_destroy( &li->li_quarantine_mutex );
diff --git a/servers/slapd/back-ldap/modify.c b/servers/slapd/back-ldap/modify.c
index 18c9f1ca29f8e45318949a1c0163e13c1fa0583e..3c287cd8db02c67fffdebdc2b239da4e1f119849 100644
--- a/servers/slapd/back-ldap/modify.c
+++ b/servers/slapd/back-ldap/modify.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Howard Chu.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
@@ -130,7 +130,7 @@ cleanup:;
ch_free( modv );
if ( lc != NULL ) {
- ldap_back_release_conn( op, rs, lc );
+ ldap_back_release_conn( li, lc );
}
return rc;
diff --git a/servers/slapd/back-ldap/modrdn.c b/servers/slapd/back-ldap/modrdn.c
index 010b03c94fcfe14db07b9bdbd3157d69480eba17..8fa02ef6e2a216c6f6cc430095a7984433ec1e91 100644
--- a/servers/slapd/back-ldap/modrdn.c
+++ b/servers/slapd/back-ldap/modrdn.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Howard Chu.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
@@ -88,7 +88,7 @@ retry:
rc = ldap_back_op_result( lc, op, rs, msgid,
li->li_timeout[ SLAP_OP_MODRDN ],
( LDAP_BACK_SENDRESULT | retrying ) );
- if ( rs->sr_err == LDAP_SERVER_DOWN && retrying ) {
+ if ( rs->sr_err == LDAP_UNAVAILABLE && retrying ) {
retrying &= ~LDAP_BACK_RETRYING;
if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
/* if the identity changed, there might be need to re-authz */
@@ -101,7 +101,7 @@ cleanup:
(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
if ( lc != NULL ) {
- ldap_back_release_conn( op, rs, lc );
+ ldap_back_release_conn( li, lc );
}
return rc;
diff --git a/servers/slapd/back-ldap/monitor.c b/servers/slapd/back-ldap/monitor.c
index 44f4145ba7b4024333df85125736e1f1d8c9da60..6c598ca364ac986b7349af9223fd90d7709869b5 100644
--- a/servers/slapd/back-ldap/monitor.c
+++ b/servers/slapd/back-ldap/monitor.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Howard Chu.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
@@ -32,6 +32,8 @@
#include "lutil.h"
#include "back-ldap.h"
+#include "config.h"
+
static ObjectClass *oc_olmLDAPDatabase;
static AttributeDescription *ad_olmDbURIList;
@@ -263,9 +265,11 @@ done:;
static int
ldap_back_monitor_free(
Entry *e,
- void *priv )
+ void **priv )
{
- ldapinfo_t *li = (ldapinfo_t *)priv;
+ ldapinfo_t *li = (ldapinfo_t *)(*priv);
+
+ *priv = NULL;
if ( !slapd_shutdown && !BER_BVISNULL( &li->li_monitor_info.lmi_rdn ) ) {
ldap_back_monitor_info_destroy( li );
@@ -304,7 +308,8 @@ static int
ldap_back_monitor_initialize( void )
{
int i, code;
- const char *err;
+ ConfigArgs c;
+ char *argv[ 3 ];
static int ldap_back_monitor_initialized = 0;
@@ -319,14 +324,16 @@ ldap_back_monitor_initialize( void )
return -1;
}
+ argv[ 0 ] = "back-ldap monitor";
+ c.argv = argv;
+ c.argc = 3;
+ c.fname = argv[0];
for ( i = 0; s_oid[ i ].name; i++ ) {
- char *argv[ 3 ];
- argv[ 0 ] = "back-ldap monitor";
argv[ 1 ] = s_oid[ i ].name;
argv[ 2 ] = s_oid[ i ].oid;
- if ( parse_oidm( argv[ 0 ], i, 3, argv, 0, NULL ) != 0 ) {
+ if ( parse_oidm( &c, 0, NULL ) != 0 ) {
Debug( LDAP_DEBUG_ANY,
"ldap_back_monitor_initialize: unable to add "
"objectIdentifier \"%s=%s\"\n",
diff --git a/servers/slapd/back-ldap/proto-ldap.h b/servers/slapd/back-ldap/proto-ldap.h
index 4cc5b14de96a6e61e3749bd5279885617929d49f..8eca7f6593a204e53e5e4d0eb76b255754f04b5e 100644
--- a/servers/slapd/back-ldap/proto-ldap.h
+++ b/servers/slapd/back-ldap/proto-ldap.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -45,9 +45,8 @@ extern BI_connection_destroy ldap_back_conn_destroy;
extern BI_entry_get_rw ldap_back_entry_get;
-int ldap_back_freeconn( Operation *op, ldapconn_t *lc, int dolock );
-void ldap_back_release_conn_lock( Operation *op, SlapReply *rs, ldapconn_t **lcp, int dolock );
-#define ldap_back_release_conn(op, rs, lc) ldap_back_release_conn_lock((op), (rs), &(lc), 1)
+void ldap_back_release_conn_lock( ldapinfo_t *li, ldapconn_t **lcp, int dolock );
+#define ldap_back_release_conn(li, lc) ldap_back_release_conn_lock((li), &(lc), 1)
int ldap_back_dobind( ldapconn_t **lcp, Operation *op, SlapReply *rs, ldap_back_send_t sendok );
int ldap_back_retry( ldapconn_t **lcp, Operation *op, SlapReply *rs, ldap_back_send_t sendok );
int ldap_back_map_result( SlapReply *rs );
@@ -62,6 +61,8 @@ extern int ldap_back_conn_cmp( const void *c1, const void *c2);
extern int ldap_back_conndn_dup( void *c1, void *c2 );
extern void ldap_back_conn_free( void *c );
+extern ldapconn_t * ldap_back_conn_delete( ldapinfo_t *li, ldapconn_t *lc );
+
extern int
ldap_back_proxy_authz_ctrl(
struct berval *bound_ndn,
@@ -83,7 +84,7 @@ ldap_back_quarantine(
#ifdef LDAP_BACK_PRINT_CONNTREE
extern void
-ldap_back_print_conntree( Avlnode *root, char *msg );
+ldap_back_print_conntree( ldapinfo_t *li, char *msg );
#endif /* LDAP_BACK_PRINT_CONNTREE */
extern void slap_retry_info_destroy( slap_retry_info_t *ri );
diff --git a/servers/slapd/back-ldap/search.c b/servers/slapd/back-ldap/search.c
index c15f571e00255d52480b1f0aeb1778a3bc0ae76e..1154d44d826706c17a5013187d9a5c52d13620e0 100644
--- a/servers/slapd/back-ldap/search.c
+++ b/servers/slapd/back-ldap/search.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Howard Chu.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
@@ -152,6 +152,7 @@ ldap_back_search(
msgid;
struct berval match = BER_BVNULL,
filter = BER_BVNULL;
+ int free_filter = 0;
int i;
char **attrs = NULL;
int freetext = 0;
@@ -239,6 +240,7 @@ retry:
case LDAP_FILTER_ERROR:
if ( ldap_back_munge_filter( op, &filter ) ) {
+ free_filter = 1;
goto retry;
}
@@ -254,15 +256,23 @@ retry:
}
}
+ /* if needed, initialize timeout */
+ if ( li->li_timeout[ SLAP_OP_SEARCH ] ) {
+ if ( tv.tv_sec == 0 || tv.tv_sec > li->li_timeout[ SLAP_OP_SEARCH ] ) {
+ tv.tv_sec = li->li_timeout[ SLAP_OP_SEARCH ];
+ tv.tv_usec = 0;
+ }
+ }
+
/* We pull apart the ber result, stuff it into a slapd entry, and
* let send_search_entry stuff it back into ber format. Slow & ugly,
* but this is necessary for version matching, and for ACL processing.
*/
- for ( rc = 0; rc != -1; rc = ldap_result( lc->lc_ld, msgid, LDAP_MSG_ONE, &tv, &res ) )
+ for ( rc = -2; rc != -1; rc = ldap_result( lc->lc_ld, msgid, LDAP_MSG_ONE, &tv, &res ) )
{
/* check for abandon */
- if ( op->o_abandon ) {
+ if ( op->o_abandon || LDAP_BACK_CONN_ABANDON( lc ) ) {
if ( rc > 0 ) {
ldap_msgfree( res );
}
@@ -271,10 +281,23 @@ retry:
goto finish;
}
- if ( rc == 0 ) {
- LDAP_BACK_TV_SET( &tv );
+ if ( rc == 0 || rc == -2 ) {
ldap_pvt_thread_yield();
+ /* check timeout */
+ if ( li->li_timeout[ SLAP_OP_SEARCH ] ) {
+ if ( rc == 0 ) {
+ (void)ldap_back_cancel( lc, op, rs, msgid, LDAP_BACK_DONTSEND );
+ rs->sr_text = "Operation timed out";
+ rc = rs->sr_err = op->o_protocol >= LDAP_VERSION3 ?
+ LDAP_ADMINLIMIT_EXCEEDED : LDAP_OTHER;
+ goto finish;
+ }
+
+ } else {
+ LDAP_BACK_TV_SET( &tv );
+ }
+
/* check time limit */
if ( op->ors_tlimit != SLAP_NO_LIMIT
&& slap_get_time() > stoptime )
@@ -435,6 +458,14 @@ retry:
rc = 0;
break;
}
+
+ /* if needed, restore timeout */
+ if ( li->li_timeout[ SLAP_OP_SEARCH ] ) {
+ if ( tv.tv_sec == 0 || tv.tv_sec > li->li_timeout[ SLAP_OP_SEARCH ] ) {
+ tv.tv_sec = li->li_timeout[ SLAP_OP_SEARCH ];
+ tv.tv_usec = 0;
+ }
+ }
}
if ( rc == -1 && dont_retry == 0 ) {
@@ -498,7 +529,7 @@ finish:;
rs->sr_matched = save_matched;
}
- if ( !BER_BVISNULL( &filter ) && filter.bv_val != op->ors_filterstr.bv_val ) {
+ if ( free_filter ) {
op->o_tmpfree( filter.bv_val, op->o_tmpmemctx );
}
@@ -519,7 +550,7 @@ finish:;
}
if ( lc != NULL ) {
- ldap_back_release_conn( op, rs, lc );
+ ldap_back_release_conn( li, lc );
}
return rs->sr_err;
@@ -803,7 +834,7 @@ retry:
rc = ldap_build_entry( op, e, *ent, &bdn );
if ( rc != LDAP_SUCCESS ) {
- ch_free( *ent );
+ entry_free( *ent );
*ent = NULL;
}
@@ -819,7 +850,7 @@ cleanup:
}
if ( lc != NULL ) {
- ldap_back_release_conn( op, &rs, lc );
+ ldap_back_release_conn( li, lc );
}
return rc;
diff --git a/servers/slapd/back-ldap/unbind.c b/servers/slapd/back-ldap/unbind.c
index fc75e675c3699010047c9a5460cbc200686694fc..b39fee77e4084175236c0d7706f845a95e06b168 100644
--- a/servers/slapd/back-ldap/unbind.c
+++ b/servers/slapd/back-ldap/unbind.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Howard Chu.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
@@ -49,25 +49,28 @@ ldap_back_conn_destroy(
ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
#if LDAP_BACK_PRINT_CONNTREE > 0
- ldap_back_print_conntree( li->li_conninfo.lai_tree, ">>> ldap_back_conn_destroy" );
+ ldap_back_print_conntree( li, ">>> ldap_back_conn_destroy" );
#endif /* LDAP_BACK_PRINT_CONNTREE */
while ( ( lc = avl_delete( &li->li_conninfo.lai_tree, (caddr_t)&lc_curr, ldap_back_conn_cmp ) ) != NULL )
{
Debug( LDAP_DEBUG_TRACE,
- "=>ldap_back_conn_destroy: destroying conn %ld (refcnt=%u)\n",
- LDAP_BACK_PCONN_ID( lc ), lc->lc_refcnt, 0 );
+ "=>ldap_back_conn_destroy: destroying conn %ld "
+ "refcnt=%d flags=0x%08x\n",
+ LDAP_BACK_PCONN_ID( lc ),
+ lc->lc_refcnt, lc->lc_lcflags );
- assert( lc->lc_refcnt == 0 );
+ if ( lc->lc_refcnt > 0 ) {
+ /* someone else might be accessing the connection;
+ * mark for deletion */
+ LDAP_BACK_CONN_CACHED_CLEAR( lc );
+ LDAP_BACK_CONN_TAINTED_SET( lc );
- /*
- * Needs a test because the handler may be corrupted,
- * and calling ldap_unbind on a corrupted header results
- * in a segmentation fault
- */
- ldap_back_conn_free( lc );
+ } else {
+ ldap_back_conn_free( lc );
+ }
}
#if LDAP_BACK_PRINT_CONNTREE > 0
- ldap_back_print_conntree( li->li_conninfo.lai_tree, "<<< ldap_back_conn_destroy" );
+ ldap_back_print_conntree( li, "<<< ldap_back_conn_destroy" );
#endif /* LDAP_BACK_PRINT_CONNTREE */
ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
diff --git a/servers/slapd/back-ldif/Makefile.in b/servers/slapd/back-ldif/Makefile.in
index 8b053555e585017b03c80e78bc1f30185ad5008a..1884700d895fdc1e1c358b27819c4702ceabaf13 100644
--- a/servers/slapd/back-ldif/Makefile.in
+++ b/servers/slapd/back-ldif/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 2005-2006 The OpenLDAP Foundation.
+## Copyright 2005-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-ldif/ldif.c b/servers/slapd/back-ldif/ldif.c
index bec6a02b648fca54e44fc2dd450e86d905c5ed36..855e63889f85a912adb206c2a78455c42dd10b2a 100644
--- a/servers/slapd/back-ldif/ldif.c
+++ b/servers/slapd/back-ldif/ldif.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2005-2006 The OpenLDAP Foundation.
+ * Copyright 2005-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -312,7 +312,7 @@ static int r_enum_tree(enumCookie *ck, struct berval *path,
fd = open( path->bv_val, O_RDONLY );
if ( fd < 0 ) {
- Debug( LDAP_DEBUG_ANY,
+ Debug( LDAP_DEBUG_TRACE,
"=> ldif_enum_tree: failed to open %s: %s\n",
path->bv_val, STRERROR(errno), 0 );
return LDAP_NO_SUCH_OBJECT;
@@ -582,7 +582,7 @@ static int apply_modify_to_entry(Entry * entry,
entry->e_ocflags = 0;
}
/* check that the entry still obeys the schema */
- rc = entry_schema_check( op, entry, NULL, 0,
+ rc = entry_schema_check( op, entry, NULL, 0, 0,
&rs->sr_text, textbuf, sizeof( textbuf ) );
}
@@ -792,14 +792,14 @@ static int ldif_back_add(Operation *op, SlapReply *rs) {
Debug( LDAP_DEBUG_TRACE, "ldif_back_add: \"%s\"\n", dn.bv_val, 0, 0);
+ rs->sr_err = entry_schema_check(op, e, NULL, 0, 1,
+ &rs->sr_text, textbuf, sizeof( textbuf ) );
+ if ( rs->sr_err != LDAP_SUCCESS ) goto send_res;
+
rs->sr_err = slap_add_opattrs( op,
&rs->sr_text, textbuf, sizeof( textbuf ), 1 );
if ( rs->sr_err != LDAP_SUCCESS ) goto send_res;
- rs->sr_err = entry_schema_check(op, e, NULL, 0,
- &rs->sr_text, textbuf, sizeof( textbuf ) );
- if ( rs->sr_err != LDAP_SUCCESS ) goto send_res;
-
ldap_pvt_thread_rdwr_wlock(&ni->li_rdwr);
dn2path(&dn, &op->o_bd->be_nsuffix[0], &ni->li_base_path, &leaf_path);
@@ -971,6 +971,9 @@ static int move_entry(Entry * entry, struct berval * ndn,
if(res != -1) {
/* if this fails we should log something bad */
res = unlink(path.bv_val);
+ path.bv_val[path.bv_len - STRLENOF(".ldif")] = '\0';
+ newpath.bv_val[newpath.bv_len - STRLENOF(".ldif")] = '\0';
+ res = rename(path.bv_val, newpath.bv_val);
res = LDAP_SUCCESS;
}
else {
diff --git a/servers/slapd/back-meta/Makefile.in b/servers/slapd/back-meta/Makefile.in
index b091bb70800d06444d3635101a615c4334596398..aa40c2164c5a87d1161b5ce9c5abe05e78f835e1 100644
--- a/servers/slapd/back-meta/Makefile.in
+++ b/servers/slapd/back-meta/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-meta/add.c b/servers/slapd/back-meta/add.c
index 2d318bb1f04030d16459264cb230fe41419f92d5..ddd651f7a9d6a63b0a3b2ea29a721a0e98f0435f 100644
--- a/servers/slapd/back-meta/add.c
+++ b/servers/slapd/back-meta/add.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
@@ -204,7 +204,7 @@ cleanup:;
done:;
if ( mc ) {
- meta_back_release_conn( op, mc );
+ meta_back_release_conn( mi, mc );
}
return rs->sr_err;
diff --git a/servers/slapd/back-meta/back-meta.h b/servers/slapd/back-meta/back-meta.h
index 0771431096e637238147334705bf314bfb870742..04d7ba885cb685a64885fb10bc01194e812c64dd 100644
--- a/servers/slapd/back-meta/back-meta.h
+++ b/servers/slapd/back-meta/back-meta.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
@@ -160,14 +160,43 @@ ldap_dnattr_result_rewrite(
/* (end of) from back-ldap.h before rwm removal */
+/*
+ * A metasingleconn_t can be in the following, mutually exclusive states:
+ *
+ * - none (0x0U)
+ * - creating META_BACK_FCONN_CREATING
+ * - initialized META_BACK_FCONN_INITED
+ * - binding LDAP_BACK_FCONN_BINDING
+ * - bound/anonymous LDAP_BACK_FCONN_ISBOUND/LDAP_BACK_FCONN_ISANON
+ *
+ * possible modifiers are:
+ *
+ * - privileged LDAP_BACK_FCONN_ISPRIV
+ * - privileged, TLS LDAP_BACK_FCONN_ISTLS
+ * - subjected to idassert LDAP_BACK_FCONN_ISIDASR
+ * - tainted LDAP_BACK_FCONN_TAINTED
+ */
+
+#define META_BACK_FCONN_INITED (0x00100000U)
+#define META_BACK_FCONN_CREATING (0x00200000U)
+
+#define META_BACK_CONN_INITED(lc) LDAP_BACK_CONN_ISSET((lc), META_BACK_FCONN_INITED)
+#define META_BACK_CONN_INITED_SET(lc) LDAP_BACK_CONN_SET((lc), META_BACK_FCONN_INITED)
+#define META_BACK_CONN_INITED_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), META_BACK_FCONN_INITED)
+#define META_BACK_CONN_INITED_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), META_BACK_FCONN_INITED, (mlc))
+#define META_BACK_CONN_CREATING(lc) LDAP_BACK_CONN_ISSET((lc), META_BACK_FCONN_CREATING)
+#define META_BACK_CONN_CREATING_SET(lc) LDAP_BACK_CONN_SET((lc), META_BACK_FCONN_CREATING)
+#define META_BACK_CONN_CREATING_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), META_BACK_FCONN_CREATING)
+#define META_BACK_CONN_CREATING_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), META_BACK_FCONN_CREATING, (mlc))
+
struct metainfo_t;
-typedef struct metasingleconn_t {
- int msc_candidate;
-#define META_NOT_CANDIDATE ((ber_tag_t)0x0)
-#define META_CANDIDATE ((ber_tag_t)0x1)
-#define META_BINDING ((ber_tag_t)0x2)
+#define META_NOT_CANDIDATE ((ber_tag_t)0x0)
+#define META_CANDIDATE ((ber_tag_t)0x1)
+#define META_BINDING ((ber_tag_t)0x2)
+#define META_RETRYING ((ber_tag_t)0x4)
+typedef struct metasingleconn_t {
#define META_CND_ISSET(rs,f) ( ( (rs)->sr_tag & (f) ) == (f) )
#define META_CND_SET(rs,f) ( (rs)->sr_tag |= (f) )
#define META_CND_CLEAR(rs,f) ( (rs)->sr_tag &= ~(f) )
@@ -179,6 +208,9 @@ typedef struct metasingleconn_t {
#define META_IS_BINDING(rs) META_CND_ISSET( (rs), META_BINDING )
#define META_BINDING_SET(rs) META_CND_SET( (rs), META_BINDING )
#define META_BINDING_CLEAR(rs) META_CND_CLEAR( (rs), META_BINDING )
+#define META_IS_RETRYING(rs) META_CND_ISSET( (rs), META_RETRYING )
+#define META_RETRYING_SET(rs) META_CND_SET( (rs), META_RETRYING )
+#define META_RETRYING_CLEAR(rs) META_CND_CLEAR( (rs), META_RETRYING )
LDAP *msc_ld;
time_t msc_time;
@@ -188,8 +220,6 @@ typedef struct metasingleconn_t {
/* NOTE: lc_lcflags is redefined to msc_mscflags to reuse the macros
* defined for back-ldap */
#define lc_lcflags msc_mscflags
-
- struct metainfo_t *msc_info;
} metasingleconn_t;
typedef struct metaconn_t {
@@ -212,6 +242,11 @@ typedef struct metaconn_t {
int mc_authz_target;
#define META_BOUND_NONE (-1)
#define META_BOUND_ALL (-2)
+
+ struct metainfo_t *mc_info;
+
+ LDAP_TAILQ_ENTRY(metaconn_t) mc_q;
+
/* supersedes the connection stuff */
metasingleconn_t mc_conns[ 1 ];
/* NOTE: mc_conns must be last, because
@@ -263,7 +298,6 @@ typedef struct metatarget_t {
sig_atomic_t mt_isquarantined;
slap_retry_info_t mt_quarantine;
ldap_pvt_thread_mutex_t mt_quarantine_mutex;
-#define META_BACK_TGT_QUARANTINE(mt) ( (mt)->mt_quarantine.ri_num != NULL )
unsigned mt_flags;
#define META_BACK_TGT_ISSET(mt,f) ( ( (mt)->mt_flags & (f) ) == (f) )
@@ -276,6 +310,7 @@ typedef struct metatarget_t {
#define META_BACK_TGT_IGNORE(mt) META_BACK_TGT_ISMASK( (mt), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_IGNORE )
#define META_BACK_TGT_CANCEL(mt) META_BACK_TGT_ISMASK( (mt), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_EXOP )
#define META_BACK_TGT_CANCEL_DISCOVER(mt) META_BACK_TGT_ISMASK( (mt), LDAP_BACK_F_CANCEL_MASK2, LDAP_BACK_F_CANCEL_EXOP_DISCOVER )
+#define META_BACK_TGT_QUARANTINE(mt) META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_QUARANTINE )
int mt_version;
time_t mt_network_timeout;
@@ -317,25 +352,41 @@ typedef struct metainfo_t {
metadncache_t mi_cache;
+ /* cached connections;
+ * special conns are in tailq rather than in tree */
ldap_avl_info_t mi_conninfo;
+ struct {
+ int mic_num;
+ LDAP_TAILQ_HEAD(mc_conn_priv_q, metaconn_t) mic_priv;
+ } mi_conn_priv[ LDAP_BACK_PCONN_LAST ];
+ int mi_conn_priv_max;
/* NOTE: quarantine uses the connection mutex */
slap_retry_info_t mi_quarantine;
-
-#define META_BACK_QUARANTINE(mi) ( (mi)->mi_quarantine.ri_num != NULL )
meta_back_quarantine_f mi_quarantine_f;
void *mi_quarantine_p;
unsigned mi_flags;
#define li_flags mi_flags
/* uses flags as defined in <back-ldap/back-ldap.h> */
-#define META_BACK_F_ONERR_STOP (0x00010000U)
-#define META_BACK_F_DEFER_ROOTDN_BIND (0x00020000U)
+#define META_BACK_F_ONERR_STOP (0x00100000U)
+#define META_BACK_F_ONERR_REPORT (0x00200000U)
+#define META_BACK_F_ONERR_MASK (META_BACK_F_ONERR_STOP|META_BACK_F_ONERR_REPORT)
+#define META_BACK_F_DEFER_ROOTDN_BIND (0x00400000U)
+#define META_BACK_F_PROXYAUTHZ_ALWAYS (0x00800000U) /* users always proxyauthz */
+#define META_BACK_F_PROXYAUTHZ_ANON (0x01000000U) /* anonymous always proxyauthz */
+#define META_BACK_F_PROXYAUTHZ_NOANON (0x02000000U) /* anonymous remains anonymous */
-#define META_BACK_ONERR_STOP(mi) ( (mi)->mi_flags & META_BACK_F_ONERR_STOP )
-#define META_BACK_ONERR_CONTINUE(mi) ( !META_BACK_ONERR_CONTINUE( (mi) ) )
+#define META_BACK_ONERR_STOP(mi) LDAP_BACK_ISSET( (mi), META_BACK_F_ONERR_STOP )
+#define META_BACK_ONERR_REPORT(mi) LDAP_BACK_ISSET( (mi), META_BACK_F_ONERR_REPORT )
+#define META_BACK_ONERR_CONTINUE(mi) ( !LDAP_BACK_ISSET( (mi), META_BACK_F_ONERR_MASK ) )
-#define META_BACK_DEFER_ROOTDN_BIND(mi) ( (mi)->mi_flags & META_BACK_F_DEFER_ROOTDN_BIND )
+#define META_BACK_DEFER_ROOTDN_BIND(mi) LDAP_BACK_ISSET( (mi), META_BACK_F_DEFER_ROOTDN_BIND )
+#define META_BACK_PROXYAUTHZ_ALWAYS(mi) LDAP_BACK_ISSET( (mi), META_BACK_F_PROXYAUTHZ_ALWAYS )
+#define META_BACK_PROXYAUTHZ_ANON(mi) LDAP_BACK_ISSET( (mi), META_BACK_F_PROXYAUTHZ_ANON )
+#define META_BACK_PROXYAUTHZ_NOANON(mi) LDAP_BACK_ISSET( (mi), META_BACK_F_PROXYAUTHZ_NOANON )
+
+#define META_BACK_QUARANTINE(mi) LDAP_BACK_ISSET( (mi), LDAP_BACK_F_QUARANTINE )
int mi_version;
time_t mi_network_timeout;
@@ -363,10 +414,10 @@ meta_back_getconn(
extern void
meta_back_release_conn_lock(
- Operation *op,
+ metainfo_t *mi,
metaconn_t *mc,
int dolock );
-#define meta_back_release_conn(op, mc) meta_back_release_conn_lock( (op), (mc), 1 )
+#define meta_back_release_conn(mi, mc) meta_back_release_conn_lock( (mi), (mc), 1 )
extern int
meta_back_retry(
@@ -383,7 +434,7 @@ meta_back_conn_free(
#if META_BACK_PRINT_CONNTREE > 0
extern void
meta_back_print_conntree(
- Avlnode *root,
+ metainfo_t *mi,
char *msg );
#endif
@@ -394,7 +445,8 @@ meta_back_init_one_conn(
metaconn_t *mc,
int candidate,
int ispriv,
- ldap_back_send_t sendok );
+ ldap_back_send_t sendok,
+ int dolock );
extern void
meta_back_quarantine(
@@ -490,12 +542,9 @@ meta_clear_unused_candidates(
extern int
meta_clear_one_candidate(
- metasingleconn_t *mc );
-
-extern int
-meta_clear_candidates(
Operation *op,
- metaconn_t *mc );
+ metaconn_t *mc,
+ int candidate );
/*
* Dn cache stuff (experimental)
diff --git a/servers/slapd/back-meta/bind.c b/servers/slapd/back-meta/bind.c
index faf0526026e17e27e17dfc044e781d5014bfc01e..f0297d4a1b6c07db2b275c7d262d1290cf8e751a 100644
--- a/servers/slapd/back-meta/bind.c
+++ b/servers/slapd/back-meta/bind.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
@@ -33,6 +33,8 @@
#include "slap.h"
#include "../back-ldap/back-ldap.h"
#include "back-meta.h"
+#undef ldap_debug /* silence a warning in ldap-int.h */
+#include "../../../libraries/libldap/ldap-int.h"
#include "lutil_ldap.h"
@@ -166,9 +168,7 @@ meta_back_bind( Operation *op, SlapReply *rs )
BER_BVZERO( &msc->msc_bound_ndn );
}
- if ( LDAP_BACK_SAVECRED( mi ) &&
- !BER_BVISNULL( &msc->msc_cred ) )
- {
+ if ( !BER_BVISNULL( &msc->msc_cred ) ) {
/* destroy sensitive data */
memset( msc->msc_cred.bv_val, 0,
msc->msc_cred.bv_len );
@@ -205,7 +205,9 @@ meta_back_bind( Operation *op, SlapReply *rs )
ber_dupbv( &op->orb_edn, be_root_dn( op->o_bd ) );
}
- if ( !dn_match( &op->o_req_ndn, &mc->mc_local_ndn ) ) {
+ if ( !LDAP_BACK_PCONN_ISPRIV( mc )
+ && !dn_match( &op->o_req_ndn, &mc->mc_local_ndn ) )
+ {
metaconn_t *tmpmc;
int lerr;
@@ -220,7 +222,7 @@ retry_lock:;
assert( mc->mc_refcnt == 1 );
#if META_BACK_PRINT_CONNTREE > 0
- meta_back_print_conntree( mi->mi_conninfo.lai_tree, ">>> meta_back_bind" );
+ meta_back_print_conntree( mi, ">>> meta_back_bind" );
#endif /* META_BACK_PRINT_CONNTREE */
tmpmc = avl_delete( &mi->mi_conninfo.lai_tree, (caddr_t)mc,
meta_back_conndn_cmp );
@@ -251,18 +253,18 @@ retry_lock:;
ber_bvreplace( &mc->mc_local_ndn, &op->o_req_ndn );
if ( isroot ) {
- mc->mc_conn = LDAP_BACK_PCONN_SET( op );
+ LDAP_BACK_CONN_ISPRIV_SET( mc );
+ LDAP_BACK_PCONN_SET( mc, op );
}
lerr = avl_insert( &mi->mi_conninfo.lai_tree, (caddr_t)mc,
meta_back_conndn_cmp, meta_back_conndn_dup );
#if META_BACK_PRINT_CONNTREE > 0
- meta_back_print_conntree( mi->mi_conninfo.lai_tree, "<<< meta_back_bind" );
+ meta_back_print_conntree( mi, "<<< meta_back_bind" );
#endif /* META_BACK_PRINT_CONNTREE */
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
if ( lerr == -1 ) {
- meta_clear_candidates( op, mc );
-
/* we can do this because mc_refcnt == 1 */
+ assert( mc->mc_refcnt == 1 );
mc->mc_refcnt = 0;
meta_back_conn_free( mc );
mc = NULL;
@@ -271,7 +273,7 @@ retry_lock:;
}
if ( mc != NULL ) {
- meta_back_release_conn( op, mc );
+ meta_back_release_conn( mi, mc );
}
/*
@@ -371,12 +373,6 @@ retry:;
rc = ldap_result( msc->msc_ld, msgid, LDAP_MSG_ALL, &tv, &res );
switch ( rc ) {
case 0:
-#if 0
- Debug( LDAP_DEBUG_ANY,
- "%s meta_back_bind_op_result[%d]: ldap_result=0 nretries=%d.\n",
- op->o_log_prefix, candidate, nretries );
-#endif
-
if ( nretries != META_RETRY_NEVER
|| ( timeout && slap_get_time() <= stoptime ) )
{
@@ -392,9 +388,14 @@ retry:;
* because there's a pending bind that will not
* be acknowledged */
ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
- ldap_unbind_ext( msc->msc_ld, NULL, NULL );
- msc->msc_ld = NULL;
- LDAP_BACK_CONN_BINDING_CLEAR( msc );
+ assert( LDAP_BACK_CONN_BINDING( msc ) );
+
+#ifdef DEBUG_205
+ Debug( LDAP_DEBUG_ANY, "### %s meta_back_bind_op_result ldap_unbind_ext[%d] ld=%p\n",
+ op->o_log_prefix, candidate, (void *)msc->msc_ld );
+#endif /* DEBUG_205 */
+
+ meta_clear_one_candidate( op, mc, candidate );
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
rs->sr_err = timeout_err;
@@ -402,7 +403,7 @@ retry:;
break;
case -1:
- ldap_get_option( msc->msc_ld, LDAP_OPT_RESULT_CODE,
+ ldap_get_option( msc->msc_ld, LDAP_OPT_ERROR_NUMBER,
&rs->sr_err );
snprintf( buf, sizeof( buf ),
@@ -462,7 +463,7 @@ meta_back_single_bind(
BER_BVZERO( &msc->msc_bound_ndn );
}
- if ( LDAP_BACK_SAVECRED( mi ) && !BER_BVISNULL( &msc->msc_cred ) ) {
+ if ( !BER_BVISNULL( &msc->msc_cred ) ) {
/* destroy sensitive data */
memset( msc->msc_cred.bv_val, 0, msc->msc_cred.bv_len );
ch_free( msc->msc_cred.bv_val );
@@ -488,9 +489,15 @@ meta_back_single_bind(
* and more in case of failure ... */
/* FIXME: should we check if at least some of the op->o_ctrls
* can/should be passed? */
- rs->sr_err = ldap_sasl_bind( msc->msc_ld, mdn.bv_val,
+ for (;;) {
+ rs->sr_err = ldap_sasl_bind( msc->msc_ld, mdn.bv_val,
LDAP_SASL_SIMPLE, &op->orb_cred,
op->o_ctrls, NULL, &msgid );
+ if ( rs->sr_err != LDAP_X_CONNECTING ) {
+ break;
+ }
+ ldap_pvt_thread_yield();
+ }
meta_back_bind_op_result( op, rs, mc, candidate, msgid, LDAP_BACK_DONTSEND );
if ( rs->sr_err != LDAP_SUCCESS ) {
goto return_results;
@@ -514,6 +521,10 @@ meta_back_single_bind(
mc->mc_authz_target = candidate;
if ( LDAP_BACK_SAVECRED( mi ) ) {
+ if ( !BER_BVISNULL( &msc->msc_cred ) ) {
+ memset( msc->msc_cred.bv_val, 0,
+ msc->msc_cred.bv_len );
+ }
ber_bvreplace( &msc->msc_cred, &op->orb_cred );
ldap_set_rebind_proc( msc->msc_ld, mt->mt_rebind_f, msc );
}
@@ -555,7 +566,6 @@ meta_back_single_dobind(
metatarget_t *mt = mi->mi_targets[ candidate ];
metaconn_t *mc = *mcp;
metasingleconn_t *msc = &mc->mc_conns[ candidate ];
- int rc;
static struct berval cred = BER_BVC( "" );
int msgid;
@@ -566,46 +576,48 @@ meta_back_single_dobind(
!op->o_do_not_cache &&
( BER_BVISNULL( &msc->msc_bound_ndn ) ||
BER_BVISEMPTY( &msc->msc_bound_ndn ) ||
- ( LDAP_BACK_CONN_ISPRIV( msc ) && dn_match( &msc->msc_bound_ndn, &mt->mt_idassert_authcDN ) ) ||
+ ( LDAP_BACK_CONN_ISPRIV( mc ) && dn_match( &msc->msc_bound_ndn, &mt->mt_idassert_authcDN ) ) ||
( mt->mt_idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) ) )
{
(void)meta_back_proxy_authz_bind( mc, candidate, op, rs, sendok );
- rc = rs->sr_err;
- goto done;
- }
- /* FIXME: should we check if at least some of the op->o_ctrls
- * can/should be passed? */
- rs->sr_err = ldap_sasl_bind( msc->msc_ld, "", LDAP_SASL_SIMPLE, &cred,
- NULL, NULL, &msgid );
- rc = meta_back_bind_op_result( op, rs, mc, candidate, msgid, sendok );
+ } else {
-done:;
- rs->sr_err = rc;
- if ( rc != LDAP_SUCCESS ) {
+ /* FIXME: should we check if at least some of the op->o_ctrls
+ * can/should be passed? */
+ for (;;) {
+ rs->sr_err = ldap_sasl_bind( msc->msc_ld,
+ "", LDAP_SASL_SIMPLE, &cred,
+ NULL, NULL, &msgid );
+ if ( rs->sr_err != LDAP_X_CONNECTING ) {
+ break;
+ }
+ ldap_pvt_thread_yield();
+ }
+
+ rs->sr_err = meta_back_bind_op_result( op, rs, mc, candidate, msgid, sendok );
+ }
+
+ if ( rs->sr_err != LDAP_SUCCESS ) {
if ( dolock ) {
ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
}
LDAP_BACK_CONN_BINDING_CLEAR( msc );
if ( META_BACK_ONERR_STOP( mi ) ) {
LDAP_BACK_CONN_TAINTED_SET( mc );
- meta_back_release_conn_lock( op, mc, 0 );
+ meta_back_release_conn_lock( mi, mc, 0 );
*mcp = NULL;
}
if ( dolock ) {
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
}
-
- if ( META_BACK_ONERR_STOP( mi ) && ( sendok & LDAP_BACK_SENDERR ) ) {
- send_ldap_result( op, rs );
- }
}
if ( META_BACK_TGT_QUARANTINE( mt ) ) {
meta_back_quarantine( op, rs, candidate );
}
- return rc;
+ return rs->sr_err;
}
/*
@@ -672,7 +684,8 @@ retry_binding:;
++bound;
continue;
- } else if ( LDAP_BACK_CONN_BINDING( msc ) ) {
+ } else if ( META_BACK_CONN_CREATING( msc ) || LDAP_BACK_CONN_BINDING( msc ) )
+ {
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
ldap_pvt_thread_yield();
goto retry_binding;
@@ -699,7 +712,7 @@ retry_binding:;
if ( rc == LDAP_UNAVAILABLE ) {
- /* FIXME: meta_back_retry() already calls
+ /* FIXME: meta_back_retry() already re-calls
* meta_back_single_dobind() */
if ( meta_back_retry( op, rs, &mc, i, sendok ) ) {
goto retry_ok;
@@ -709,6 +722,7 @@ retry_binding:;
ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
LDAP_BACK_CONN_BINDING_CLEAR( msc );
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+ meta_back_release_conn( mi, mc );
}
return 0;
@@ -767,7 +781,7 @@ done:;
op->o_log_prefix, LDAP_BACK_PCONN_ID( mc ), bound );
if ( bound == 0 ) {
- meta_back_release_conn( op, mc );
+ meta_back_release_conn( mi, mc );
send_err:;
if ( sendok & LDAP_BACK_SENDERR ) {
@@ -865,7 +879,7 @@ meta_back_cancel(
rc = ldap_abandon_ext( msc->msc_ld, msgid, NULL, NULL );
} else if ( META_BACK_TGT_IGNORE( mt ) ) {
- rc = LDAP_SUCCESS;
+ rc = ldap_pvt_discard( msc->msc_ld, msgid );
} else if ( META_BACK_TGT_CANCEL( mt ) ) {
rc = ldap_cancel_s( msc->msc_ld, msgid, NULL, NULL );
@@ -1266,22 +1280,24 @@ meta_back_proxy_authz_cred(
default:
/* NOTE: rootdn can always idassert */
- if ( BER_BVISNULL( &ndn ) && mt->mt_idassert_authz == NULL ) {
+ if ( BER_BVISNULL( &ndn )
+ && mt->mt_idassert_authz == NULL
+ && !( mt->mt_idassert_flags & LDAP_BACK_AUTH_AUTHZ_ALL ) )
+ {
if ( mt->mt_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) {
rs->sr_err = LDAP_INAPPROPRIATE_AUTH;
if ( sendok & LDAP_BACK_SENDERR ) {
send_ldap_result( op, rs );
}
LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
+ goto done;
- } else {
- rs->sr_err = LDAP_SUCCESS;
- *binddn = slap_empty_bv;
- *bindcred = slap_empty_bv;
- break;
}
- goto done;
+ rs->sr_err = LDAP_SUCCESS;
+ *binddn = slap_empty_bv;
+ *bindcred = slap_empty_bv;
+ break;
} else if ( mt->mt_idassert_authz && !be_isroot( op ) ) {
struct berval authcDN;
@@ -1300,15 +1316,13 @@ meta_back_proxy_authz_cred(
send_ldap_result( op, rs );
}
LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
-
- } else {
- rs->sr_err = LDAP_SUCCESS;
- *binddn = slap_empty_bv;
- *bindcred = slap_empty_bv;
- break;
+ goto done;
}
- goto done;
+ rs->sr_err = LDAP_SUCCESS;
+ *binddn = slap_empty_bv;
+ *bindcred = slap_empty_bv;
+ break;
}
}
@@ -1446,9 +1460,15 @@ meta_back_proxy_authz_bind( metaconn_t *mc, int candidate, Operation *op, SlapRe
switch ( method ) {
case LDAP_AUTH_NONE:
case LDAP_AUTH_SIMPLE:
- rs->sr_err = ldap_sasl_bind( msc->msc_ld,
+ for (;;) {
+ rs->sr_err = ldap_sasl_bind( msc->msc_ld,
binddn.bv_val, LDAP_SASL_SIMPLE,
&cred, NULL, NULL, &msgid );
+ if ( rs->sr_err != LDAP_X_CONNECTING ) {
+ break;
+ }
+ ldap_pvt_thread_yield();
+ }
rc = meta_back_bind_op_result( op, rs, mc, candidate, msgid, sendok );
if ( rc == LDAP_SUCCESS ) {
/* set rebind stuff in case of successful proxyAuthz bind,
diff --git a/servers/slapd/back-meta/candidates.c b/servers/slapd/back-meta/candidates.c
index 64b56cc8ada7baad0059492bb2532136c8388d56..7d3b6b7c522f4647810dfecc76159b7261f5372a 100644
--- a/servers/slapd/back-meta/candidates.c
+++ b/servers/slapd/back-meta/candidates.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
@@ -181,9 +181,23 @@ meta_clear_unused_candidates(
*/
int
meta_clear_one_candidate(
- metasingleconn_t *msc )
+ Operation *op,
+ metaconn_t *mc,
+ int candidate )
{
- if ( msc->msc_ld ) {
+ metasingleconn_t *msc = &mc->mc_conns[ candidate ];
+
+ if ( msc->msc_ld != NULL ) {
+
+#ifdef DEBUG_205
+ char buf[ BUFSIZ ];
+
+ snprintf( buf, sizeof( buf ), "meta_clear_one_candidate ldap_unbind_ext[%d] mc=%p ld=%p",
+ candidate, (void *)mc, (void *)msc->msc_ld );
+ Debug( LDAP_DEBUG_ANY, "### %s %s\n",
+ op ? op->o_log_prefix : "", buf, 0 );
+#endif /* DEBUG_205 */
+
ldap_unbind_ext( msc->msc_ld, NULL, NULL );
msc->msc_ld = NULL;
}
@@ -199,23 +213,8 @@ meta_clear_one_candidate(
BER_BVZERO( &msc->msc_cred );
}
- return 0;
-}
-
-/*
- * meta_clear_candidates
- *
- * clears all candidates
- */
-int
-meta_clear_candidates( Operation *op, metaconn_t *mc )
-{
- metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
- int c;
-
- for ( c = 0; c < mi->mi_ntargets; c++ ) {
- meta_clear_one_candidate( &mc->mc_conns[ c ] );
- }
+ msc->msc_mscflags = 0;
return 0;
}
+
diff --git a/servers/slapd/back-meta/compare.c b/servers/slapd/back-meta/compare.c
index be48b0a03abf000340c3688f6ee0a728af244e26..0a8cf10e6bf7803ac194220ba7cfb4a2d3f74e02 100644
--- a/servers/slapd/back-meta/compare.c
+++ b/servers/slapd/back-meta/compare.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
@@ -34,319 +34,122 @@
int
meta_back_compare( Operation *op, SlapReply *rs )
{
- metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
- metaconn_t *mc = NULL;
- char *match = NULL,
- *err = NULL;
- struct berval mmatch = BER_BVNULL;
- int ncandidates = 0,
- last = 0,
- i,
- count = 0,
- rc,
- cres = LDAP_SUCCESS,
- rres = LDAP_SUCCESS,
- *msgid;
- dncookie dc;
-
- SlapReply *candidates = meta_back_candidates_get( op );
-
- mc = meta_back_getconn( op, rs, NULL, LDAP_BACK_SENDERR );
+ metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
+ metatarget_t *mt;
+ metaconn_t *mc;
+ int rc = 0;
+ int candidate = -1;
+ struct berval mdn = BER_BVNULL;
+ dncookie dc;
+ struct berval mapped_attr = op->orc_ava->aa_desc->ad_cname;
+ struct berval mapped_value = op->orc_ava->aa_value;
+ int msgid;
+ int do_retry = 1;
+ LDAPControl **ctrls = NULL;
+
+ mc = meta_back_getconn( op, rs, &candidate, LDAP_BACK_SENDERR );
if ( !mc || !meta_back_dobind( op, rs, mc, LDAP_BACK_SENDERR ) ) {
return rs->sr_err;
}
-
- msgid = ch_calloc( sizeof( int ), mi->mi_ntargets );
- if ( msgid == NULL ) {
- send_ldap_error( op, rs, LDAP_OTHER, NULL );
- rc = LDAP_OTHER;
- goto done;
- }
+
+ assert( mc->mc_conns[ candidate ].msc_ld != NULL );
/*
- * start an asynchronous compare for each candidate target
+ * Rewrite the modify dn, if needed
*/
+ mt = mi->mi_targets[ candidate ];
+ dc.target = mt;
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = "compareDN";
- for ( i = 0; i < mi->mi_ntargets; i++ ) {
- struct berval mdn = BER_BVNULL;
- struct berval mapped_attr = op->orc_ava->aa_desc->ad_cname;
- struct berval mapped_value = op->orc_ava->aa_value;
- metatarget_t *mt = mi->mi_targets[ i ];
- LDAPControl **ctrls = NULL;
-
- if ( ! META_IS_CANDIDATE( &candidates[ i ] ) ) {
- msgid[ i ] = -1;
- continue;
- }
-
- /*
- * Rewrite the compare dn, if needed
- */
- dc.target = mt;
-
- switch ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
- case LDAP_UNWILLING_TO_PERFORM:
- rc = 1;
- goto finish;
-
- default:
- break;
- }
-
- /*
- * if attr is objectClass, try to remap the value
- */
- if ( op->orc_ava->aa_desc == slap_schema.si_ad_objectClass ) {
- ldap_back_map( &mt->mt_rwmap.rwm_oc,
- &op->orc_ava->aa_value,
- &mapped_value, BACKLDAP_MAP );
-
- if ( BER_BVISNULL( &mapped_value ) || mapped_value.bv_val[0] == '\0' ) {
- continue;
- }
- /*
- * else try to remap the attribute
- */
- } else {
- ldap_back_map( &mt->mt_rwmap.rwm_at,
- &op->orc_ava->aa_desc->ad_cname,
- &mapped_attr, BACKLDAP_MAP );
- if ( BER_BVISNULL( &mapped_attr ) || mapped_attr.bv_val[0] == '\0' ) {
- continue;
- }
-
- if ( op->orc_ava->aa_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName )
- {
- dc.ctx = "compareAttrDN";
+ switch ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
+ case LDAP_UNWILLING_TO_PERFORM:
+ rc = 1;
+ goto cleanup;
- switch ( ldap_back_dn_massage( &dc, &op->orc_ava->aa_value, &mapped_value ) )
- {
- case LDAP_UNWILLING_TO_PERFORM:
- rc = 1;
- goto finish;
-
- default:
- break;
- }
- }
- }
-
- ctrls = op->o_ctrls;
- if ( ldap_back_proxy_authz_ctrl( &mc->mc_conns[ i ].msc_bound_ndn,
- mt->mt_version, &mt->mt_idassert, op, rs, &ctrls ) != LDAP_SUCCESS )
- {
- continue;
- }
-
- /*
- * the compare op is spawned across the targets and the first
- * that returns determines the result; a constraint on unicity
- * of the result ought to be enforced
- */
- rc = ldap_compare_ext( mc->mc_conns[ i ].msc_ld, mdn.bv_val,
- mapped_attr.bv_val, &mapped_value,
- ctrls, NULL, &msgid[ i ] );
-
- (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
-
- if ( mdn.bv_val != op->o_req_dn.bv_val ) {
- free( mdn.bv_val );
- BER_BVZERO( &mdn );
- }
-
- if ( mapped_attr.bv_val != op->orc_ava->aa_desc->ad_cname.bv_val ) {
- free( mapped_attr.bv_val );
- BER_BVZERO( &mapped_attr );
- }
-
- if ( mapped_value.bv_val != op->orc_ava->aa_value.bv_val ) {
- free( mapped_value.bv_val );
- BER_BVZERO( &mapped_value );
- }
-
- if ( rc != LDAP_SUCCESS ) {
- /* FIXME: what should we do with the error? */
- continue;
- }
-
- ++ncandidates;
+ default:
+ break;
}
/*
- * wait for replies
+ * if attr is objectClass, try to remap the value
*/
- for ( rc = 0, count = 0; ncandidates > 0; ) {
-
- /*
- * FIXME: should we check for abandon?
- */
- for ( i = 0; i < mi->mi_ntargets; i++ ) {
- metasingleconn_t *msc = &mc->mc_conns[ i ];
- int lrc;
- LDAPMessage *res = NULL;
- struct timeval tv;
+ if ( op->orc_ava->aa_desc == slap_schema.si_ad_objectClass ) {
+ ldap_back_map( &mt->mt_rwmap.rwm_oc,
+ &op->orc_ava->aa_value,
+ &mapped_value, BACKLDAP_MAP );
- LDAP_BACK_TV_SET( &tv );
-
- if ( msgid[ i ] == -1 ) {
- continue;
- }
+ if ( BER_BVISNULL( &mapped_value ) || BER_BVISEMPTY( &mapped_value ) ) {
+ goto cleanup;
+ }
- lrc = ldap_result( msc->msc_ld, msgid[ i ],
- LDAP_MSG_ALL, &tv, &res );
+ /*
+ * else try to remap the attribute
+ */
+ } else {
+ ldap_back_map( &mt->mt_rwmap.rwm_at,
+ &op->orc_ava->aa_desc->ad_cname,
+ &mapped_attr, BACKLDAP_MAP );
+ if ( BER_BVISNULL( &mapped_attr ) || BER_BVISEMPTY( &mapped_attr ) ) {
+ goto cleanup;
+ }
- switch ( lrc ) {
- case 0:
- assert( res == NULL );
- continue;
+ if ( op->orc_ava->aa_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName )
+ {
+ dc.ctx = "compareAttrDN";
- case -1:
- /* we do not retry in this case;
- * only for unique operations... */
- ldap_get_option( msc->msc_ld,
- LDAP_OPT_RESULT_CODE, &rs->sr_err );
- rres = slap_map_api2result( rs );
- rres = rc;
- rc = -1;
- goto finish;
+ switch ( ldap_back_dn_massage( &dc, &op->orc_ava->aa_value, &mapped_value ) )
+ {
+ case LDAP_UNWILLING_TO_PERFORM:
+ rc = 1;
+ goto cleanup;
default:
- /* only touch when activity actually took place... */
- /* NOTE: no mutex because there's only a loose requirement
- * to bump it up... */
- if ( mi->mi_idle_timeout != 0 && msc->msc_time < op->o_time ) {
- msc->msc_time = op->o_time;
- }
- break;
- }
-
- if ( lrc == LDAP_RES_COMPARE ) {
- if ( count > 0 ) {
- rres = LDAP_OTHER;
- rc = -1;
- goto finish;
- }
-
- /* FIXME: matched? referrals? response controls? */
- rc = ldap_parse_result( msc->msc_ld, res,
- &rs->sr_err,
- NULL, NULL, NULL, NULL, 1 );
- if ( rc != LDAP_SUCCESS ) {
- rres = rc;
- rc = -1;
- goto finish;
- }
-
- switch ( rs->sr_err ) {
- case LDAP_COMPARE_TRUE:
- case LDAP_COMPARE_FALSE:
-
- /*
- * true or false, got it;
- * sending to cache ...
- */
- if ( mi->mi_cache.ttl != META_DNCACHE_DISABLED ) {
- ( void )meta_dncache_update_entry( &mi->mi_cache, &op->o_req_ndn, i );
- }
-
- count++;
- rc = 0;
- break;
-
- default:
- rres = slap_map_api2result( rs );
-
- if ( err != NULL ) {
- free( err );
- }
- ldap_get_option( msc->msc_ld,
- LDAP_OPT_DIAGNOSTIC_MESSAGE, &err );
-
- if ( match != NULL ) {
- free( match );
- }
- ldap_get_option( msc->msc_ld,
- LDAP_OPT_MATCHED_DN, &match );
-
- last = i;
- break;
- }
- msgid[ i ] = -1;
- --ncandidates;
-
- } else {
- msgid[ i ] = -1;
- --ncandidates;
- if ( res ) {
- ldap_msgfree( res );
- }
break;
}
}
}
-finish:;
-
- /*
- * Rewrite the matched portion of the search base, if required
- *
- * FIXME: only the last one gets caught!
- */
- if ( count == 1 ) {
- if ( match != NULL ) {
- free( match );
- match = NULL;
- }
-
- /*
- * the result of the compare is assigned to the res code
- * that will be returned
- */
- rres = cres;
-
- /*
- * At least one compare failed with matched portion,
- * and none was successful
- */
- } else if ( match != NULL && match[ 0 ] != '\0' ) {
- struct berval matched, pmatched;
-
- ber_str2bv( match, 0, 0, &matched );
+retry:;
+ ctrls = op->o_ctrls;
+ rc = ldap_back_proxy_authz_ctrl( &mc->mc_conns[ candidate ].msc_bound_ndn,
+ mt->mt_version, &mt->mt_idassert, op, rs, &ctrls );
+ if ( rc != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ goto cleanup;
+ }
- dc.ctx = "matchedDN";
- ldap_back_dn_massage( &dc, &matched, &mmatch );
- if ( dnPretty( NULL, &mmatch, &pmatched, NULL ) == LDAP_SUCCESS ) {
- if ( mmatch.bv_val != match ) {
- free( mmatch.bv_val );
- }
- mmatch = pmatched;
+ rs->sr_err = ldap_compare_ext( mc->mc_conns[ candidate ].msc_ld, mdn.bv_val,
+ mapped_attr.bv_val, &mapped_value,
+ ctrls, NULL, &msgid );
+
+ rs->sr_err = meta_back_op_result( mc, op, rs, candidate, msgid,
+ mt->mt_timeout[ SLAP_OP_COMPARE ], LDAP_BACK_SENDRESULT );
+ if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
+ do_retry = 0;
+ if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
+ /* if the identity changed, there might be need to re-authz */
+ (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ goto retry;
}
}
- if ( rres != LDAP_SUCCESS ) {
- rs->sr_err = rres;
- }
- rs->sr_matched = mmatch.bv_val;
- send_ldap_result( op, rs );
- rs->sr_matched = NULL;
+cleanup:;
+ (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
- if ( match != NULL ) {
- if ( mmatch.bv_val != match ) {
- free( mmatch.bv_val );
- }
- free( match );
+ if ( mdn.bv_val != op->o_req_dn.bv_val ) {
+ free( mdn.bv_val );
}
- if ( msgid ) {
- free( msgid );
+ if ( op->orc_ava->aa_value.bv_val != mapped_value.bv_val ) {
+ free( mapped_value.bv_val );
}
-done:;
- meta_back_release_conn( op, mc );
+ if ( mc ) {
+ meta_back_release_conn( mi, mc );
+ }
- return rc;
+ return rs->sr_err;
}
diff --git a/servers/slapd/back-meta/config.c b/servers/slapd/back-meta/config.c
index 70d6a179a8f74ea3a7b4c4f1f2166c0a338db311..d90e40ec2526dc860c17b908704ab898c46c40c1 100644
--- a/servers/slapd/back-meta/config.c
+++ b/servers/slapd/back-meta/config.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
@@ -38,7 +38,6 @@ static int
meta_back_new_target(
metatarget_t **mtp )
{
- struct ldapmapping *mapping;
char *rargv[ 3 ];
metatarget_t *mt;
@@ -52,7 +51,6 @@ meta_back_new_target(
return -1;
}
-
/*
* the filter rewrite as a string must be disabled
* by default; it can be re-enabled by adding rules;
@@ -68,8 +66,6 @@ meta_back_new_target(
rargv[ 2 ] = NULL;
rewrite_parse( mt->mt_rwmap.rwm_rw, "<suffix massage>", 1, 2, rargv );
- ldap_back_map_init( &mt->mt_rwmap.rwm_at, &mapping );
-
ldap_pvt_thread_mutex_init( &mt->mt_uri_mutex );
mt->mt_idassert_mode = LDAP_BACK_IDASSERT_LEGACY;
@@ -769,20 +765,23 @@ meta_back_db_config(
} else if ( strcasecmp( argv[ 0 ], "onerr" ) == 0 ) {
if ( argc != 2 ) {
Debug( LDAP_DEBUG_ANY,
- "%s: line %d: \"onerr {CONTINUE|stop}\" takes 1 argument\n",
+ "%s: line %d: \"onerr {CONTINUE|report|stop}\" takes 1 argument\n",
fname, lineno, 0 );
return( 1 );
}
if ( strcasecmp( argv[ 1 ], "continue" ) == 0 ) {
- mi->mi_flags &= ~META_BACK_F_ONERR_STOP;
+ mi->mi_flags &= ~META_BACK_F_ONERR_MASK;
} else if ( strcasecmp( argv[ 1 ], "stop" ) == 0 ) {
mi->mi_flags |= META_BACK_F_ONERR_STOP;
+ } else if ( strcasecmp( argv[ 1 ], "report" ) == 0 ) {
+ mi->mi_flags |= META_BACK_F_ONERR_REPORT;
+
} else {
Debug( LDAP_DEBUG_ANY,
- "%s: line %d: \"onerr {CONTINUE|stop}\": invalid arg \"%s\".\n",
+ "%s: line %d: \"onerr {CONTINUE|report|stop}\": invalid arg \"%s\".\n",
fname, lineno, argv[ 1 ] );
return 1;
}
@@ -846,6 +845,64 @@ meta_back_db_config(
return 1;
}
+ /* use-temporaries? */
+ } else if ( strcasecmp( argv[ 0 ], "use-temporary-conn" ) == 0 ) {
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"use-temporary-conn {FALSE|true}\" takes 1 argument\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ if ( mi->mi_ntargets > 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"use-temporary-conn\" must appear before target definitions\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ switch ( check_true_false( argv[ 1 ] ) ) {
+ case 0:
+ mi->mi_flags &= ~LDAP_BACK_F_USE_TEMPORARIES;
+ break;
+
+ case 1:
+ mi->mi_flags |= LDAP_BACK_F_USE_TEMPORARIES;
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"use-temporary-conn {FALSE|true}\": invalid arg \"%s\".\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+ }
+
+ /* privileged connections pool max size ? */
+ } else if ( strcasecmp( argv[ 0 ], "conn-pool-max" ) == 0 ) {
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"conn-pool-max <n>\" takes 1 argument\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ if ( mi->mi_ntargets > 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"conn-pool-max\" must appear before target definitions\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ if ( lutil_atoi( &mi->mi_conn_priv_max, argv[1] )
+ || mi->mi_conn_priv_max < LDAP_BACK_CONN_PRIV_MIN
+ || mi->mi_conn_priv_max > LDAP_BACK_CONN_PRIV_MAX )
+ {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"conn-pool-max <n>\": invalid arg \"%s\".\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+ }
+
} else if ( strcasecmp( argv[ 0 ], "cancel" ) == 0 ) {
unsigned flag = 0;
unsigned *flagsp = mi->mi_ntargets ?
@@ -916,10 +973,8 @@ meta_back_db_config(
t = &tv[ SLAP_OP_MODIFY ];
} else if ( strncasecmp( argv[ c ], "compare", len ) == 0 ) {
t = &tv[ SLAP_OP_COMPARE ];
-#if 0 /* uses timelimit instead */
} else if ( strncasecmp( argv[ c ], "search", len ) == 0 ) {
t = &tv[ SLAP_OP_SEARCH ];
-#endif
/* abandon makes little sense */
#if 0 /* not implemented yet */
} else if ( strncasecmp( argv[ c ], "extended", len ) == 0 ) {
@@ -1173,6 +1228,13 @@ idassert-authzFrom "dn:<rootdn>"
fname, lineno, buf );
return 1;
}
+
+ if ( mi->mi_ntargets ) {
+ mi->mi_flags |= LDAP_BACK_F_QUARANTINE;
+
+ } else {
+ mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags |= LDAP_BACK_F_QUARANTINE;
+ }
/* dn massaging */
} else if ( strcasecmp( argv[ 0 ], "suffixmassage" ) == 0 ) {
@@ -1399,7 +1461,7 @@ ldap_back_map_config(
if ( strcmp( argv[ 2 ], "*" ) == 0 ) {
if ( argc < 4 || strcmp( argv[ 3 ], "*" ) == 0 ) {
map->drop_missing = ( argc < 4 );
- return 0;
+ goto success_return;
}
src = dst = argv[ 3 ];
@@ -1413,7 +1475,7 @@ ldap_back_map_config(
}
if ( ( map == at_map )
- && ( strcasecmp( src, "objectclass" ) == 0
+ && ( strcasecmp( src, "objectclass" ) == 0
|| strcasecmp( dst, "objectclass" ) == 0 ) )
{
Debug( LDAP_DEBUG_ANY,
@@ -1541,6 +1603,12 @@ ldap_back_map_config(
avl_insert( &map->remap, (caddr_t)&mapping[ 1 ],
mapping_cmp, mapping_dup );
+success_return:;
+ if ( !is_oc && map->map == NULL ) {
+ /* only init if required */
+ ldap_back_map_init( map, &mapping );
+ }
+
return 0;
error_return:;
diff --git a/servers/slapd/back-meta/conn.c b/servers/slapd/back-meta/conn.c
index 976fc7f77d6ceccd22590581a2341d80836674ef..e5d84842f853eefa03de77d4ddc6e12d46ae40fc 100644
--- a/servers/slapd/back-meta/conn.c
+++ b/servers/slapd/back-meta/conn.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
@@ -140,7 +140,7 @@ meta_back_conndn_dup(
*/
#if META_BACK_PRINT_CONNTREE > 0
static void
-ravl_print( Avlnode *root, int depth )
+meta_back_ravl_print( Avlnode *root, int depth )
{
int i;
metaconn_t *mc;
@@ -149,32 +149,63 @@ ravl_print( Avlnode *root, int depth )
return;
}
- ravl_print( root->avl_right, depth + 1 );
+ meta_back_ravl_print( root->avl_right, depth + 1 );
for ( i = 0; i < depth; i++ ) {
fprintf( stderr, "-" );
}
mc = (metaconn_t *)root->avl_data;
- fprintf( stderr, "mc=%p local=\"%s\" conn=%p %s refcnt=%d\n",
+ fprintf( stderr, "mc=%p local=\"%s\" conn=%p %s refcnt=%d%s\n",
(void *)mc,
mc->mc_local_ndn.bv_val ? mc->mc_local_ndn.bv_val : "",
(void *)mc->mc_conn,
- avl_bf2str( root->avl_bf ), mc->mc_refcnt );
+ avl_bf2str( root->avl_bf ), mc->mc_refcnt,
+ LDAP_BACK_CONN_TAINTED( mc ) ? " tainted" : "" );
- ravl_print( root->avl_left, depth + 1 );
+ meta_back_ravl_print( root->avl_left, depth + 1 );
}
+/* NOTE: duplicate from back-ldap/bind.c */
+static char* priv2str[] = {
+ "privileged",
+ "privileged/TLS",
+ "anonymous",
+ "anonymous/TLS",
+ "bind",
+ "bind/TLS",
+ NULL
+};
+
void
-meta_back_print_conntree( Avlnode *root, char *msg )
+meta_back_print_conntree( metainfo_t *mi, char *msg )
{
+ int c;
+
fprintf( stderr, "========> %s\n", msg );
- if ( root == 0 ) {
+ for ( c = LDAP_BACK_PCONN_FIRST; c < LDAP_BACK_PCONN_LAST; c++ ) {
+ int i = 0;
+ metaconn_t *mc;
+
+ fprintf( stderr, " %s[%d]\n", priv2str[ c ], mi->mi_conn_priv[ c ].mic_num );
+
+ LDAP_TAILQ_FOREACH( mc, &mi->mi_conn_priv[ c ].mic_priv, mc_q )
+ {
+ fprintf( stderr, " [%d] mc=%p local=\"%s\" conn=%p refcnt=%d flags=0x%08x\n",
+ i,
+ (void *)mc,
+ mc->mc_local_ndn.bv_val ? mc->mc_local_ndn.bv_val : "",
+ (void *)mc->mc_conn, mc->mc_refcnt, mc->msc_mscflags );
+ i++;
+ }
+ }
+
+ if ( mi->mi_conninfo.lai_tree == NULL ) {
fprintf( stderr, "\t(empty)\n" );
} else {
- ravl_print( root, 0 );
+ meta_back_ravl_print( mi->mi_conninfo.lai_tree, 0 );
}
fprintf( stderr, "<======== %s\n", msg );
@@ -195,20 +226,18 @@ metaconn_alloc(
{
metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
metaconn_t *mc;
- int i, ntargets = mi->mi_ntargets;
+ int ntargets = mi->mi_ntargets;
assert( ntargets > 0 );
/* malloc all in one */
mc = ( metaconn_t * )ch_calloc( 1, sizeof( metaconn_t )
- + sizeof( metasingleconn_t ) * ntargets );
+ + sizeof( metasingleconn_t ) * ( ntargets - 1 ) );
if ( mc == NULL ) {
return NULL;
}
- for ( i = 0; i < ntargets; i++ ) {
- mc->mc_conns[ i ].msc_info = mi;
- }
+ mc->mc_info = mi;
mc->mc_authz_target = META_BOUND_NONE;
mc->mc_refcnt = 1;
@@ -228,7 +257,8 @@ meta_back_init_one_conn(
metaconn_t *mc,
int candidate,
int ispriv,
- ldap_back_send_t sendok )
+ ldap_back_send_t sendok,
+ int dolock )
{
metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
metatarget_t *mt = mi->mi_targets[ candidate ];
@@ -236,6 +266,7 @@ meta_back_init_one_conn(
int version;
dncookie dc;
int isauthz = ( candidate == mc->mc_authz_target );
+ int do_return = 0;
#ifdef HAVE_TLS
int is_ldaps = 0;
#endif /* HAVE_TLS */
@@ -248,42 +279,99 @@ meta_back_init_one_conn(
slap_retry_info_t *ri = &mt->mt_quarantine;
int dont_retry = 1;
- if ( mt->mt_isquarantined == LDAP_BACK_FQ_YES ) {
- dont_retry = ( ri->ri_num[ ri->ri_idx ] == SLAP_RETRYNUM_TAIL
- || slap_get_time() < ri->ri_last + ri->ri_interval[ ri->ri_idx ] );
- if ( !dont_retry ) {
- if ( LogTest( LDAP_DEBUG_ANY ) ) {
- char buf[ SLAP_TEXT_BUFLEN ];
-
- snprintf( buf, sizeof( buf ),
- "meta_back_init_one_conn[%d]: quarantine "
- "retry block #%d try #%d",
- candidate, ri->ri_idx, ri->ri_count );
- Debug( LDAP_DEBUG_ANY, "%s %s.\n",
- op->o_log_prefix, buf, 0 );
+ if ( mt->mt_quarantine.ri_interval ) {
+ ldap_pvt_thread_mutex_lock( &mt->mt_quarantine_mutex );
+ if ( mt->mt_isquarantined == LDAP_BACK_FQ_YES ) {
+ dont_retry = ( ri->ri_num[ ri->ri_idx ] == SLAP_RETRYNUM_TAIL
+ || slap_get_time() < ri->ri_last + ri->ri_interval[ ri->ri_idx ] );
+ if ( !dont_retry ) {
+ if ( LogTest( LDAP_DEBUG_ANY ) ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ snprintf( buf, sizeof( buf ),
+ "meta_back_init_one_conn[%d]: quarantine "
+ "retry block #%d try #%d",
+ candidate, ri->ri_idx, ri->ri_count );
+ Debug( LDAP_DEBUG_ANY, "%s %s.\n",
+ op->o_log_prefix, buf, 0 );
+ }
}
mt->mt_isquarantined = LDAP_BACK_FQ_RETRYING;
}
+ ldap_pvt_thread_mutex_unlock( &mt->mt_quarantine_mutex );
}
if ( dont_retry ) {
rs->sr_err = LDAP_UNAVAILABLE;
if ( op->o_conn && ( sendok & LDAP_BACK_SENDERR ) ) {
+ rs->sr_text = "Target is quarantined";
send_ldap_result( op, rs );
}
return rs->sr_err;
}
}
+retry_lock:;
+ if ( dolock ) {
+ ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+ }
+
/*
* Already init'ed
*/
- if ( msc->msc_ld != NULL ) {
- return rs->sr_err = LDAP_SUCCESS;
+ if ( LDAP_BACK_CONN_ISBOUND( msc )
+ || LDAP_BACK_CONN_ISANON( msc ) )
+ {
+ assert( msc->msc_ld != NULL );
+ rs->sr_err = LDAP_SUCCESS;
+ do_return = 1;
+
+ } else if ( META_BACK_CONN_CREATING( msc )
+ || LDAP_BACK_CONN_BINDING( msc ) )
+ {
+ if ( !LDAP_BACK_USE_TEMPORARIES( mi ) ) {
+ if ( dolock ) {
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+ }
+
+ ldap_pvt_thread_yield();
+ goto retry_lock;
+ }
+
+ /* sounds more appropriate */
+ rs->sr_err = LDAP_BUSY;
+ rs->sr_text = "No connections to target are available";
+ do_return = 1;
+
+ } else if ( META_BACK_CONN_INITED( msc ) ) {
+ assert( msc->msc_ld != NULL );
+ rs->sr_err = LDAP_SUCCESS;
+ do_return = 1;
+
+ } else {
+ /*
+ * creating...
+ */
+ META_BACK_CONN_CREATING_SET( msc );
+ }
+
+ if ( dolock ) {
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+ }
+
+ if ( do_return ) {
+ if ( rs->sr_err != LDAP_SUCCESS
+ && op->o_conn
+ && ( sendok & LDAP_BACK_SENDERR ) )
+ {
+ send_ldap_result( op, rs );
+ }
+
+ return rs->sr_err;
}
- msc->msc_mscflags = 0;
+ assert( msc->msc_ld == NULL );
/*
* Attempts to initialize the connection to the target ds
@@ -320,8 +408,10 @@ meta_back_init_one_conn(
#ifdef HAVE_TLS
/* start TLS ("tls [try-]{start|propagate}" statement) */
- if ( ( LDAP_BACK_USE_TLS( mi ) || ( op->o_conn->c_is_tls && LDAP_BACK_PROPAGATE_TLS( mi ) ) )
- && !is_ldaps )
+ if ( ( LDAP_BACK_USE_TLS( mi )
+ || ( op->o_conn->c_is_tls
+ && LDAP_BACK_PROPAGATE_TLS( mi ) ) )
+ && !is_ldaps )
{
#ifdef SLAP_STARTTLS_ASYNCHRONOUS
/*
@@ -368,14 +458,14 @@ retry:;
struct berval *data = NULL;
/* NOTE: right now, data is unused, so don't get it */
- rs->sr_err = ldap_parse_extended_result( msc->msc_ld, res,
- NULL, NULL /* &data */ , 0 );
+ rs->sr_err = ldap_parse_extended_result( msc->msc_ld,
+ res, NULL, NULL /* &data */ , 0 );
if ( rs->sr_err == LDAP_SUCCESS ) {
int err;
/* FIXME: matched? referrals? response controls? */
- rs->sr_err = ldap_parse_result( msc->msc_ld, res,
- &err, NULL, NULL, NULL, NULL, 1 );
+ rs->sr_err = ldap_parse_result( msc->msc_ld,
+ res, &err, NULL, NULL, NULL, NULL, 1 );
res = NULL;
if ( rs->sr_err == LDAP_SUCCESS ) {
@@ -392,14 +482,12 @@ retry:;
} else if ( rs->sr_err == LDAP_REFERRAL ) {
/* FIXME: LDAP_OPERATIONS_ERROR? */
rs->sr_err = LDAP_OTHER;
- rs->sr_text = "unwilling to chase referral returned by Start TLS exop";
+ rs->sr_text = "Unwilling to chase referral "
+ "returned by Start TLS exop";
}
if ( data ) {
- if ( data->bv_val ) {
- ber_memfree( data->bv_val );
- }
- ber_memfree( data );
+ ber_bvfree( data );
}
}
@@ -423,10 +511,20 @@ retry:;
* of misconfiguration, but also when used in the chain
* overlay, where the "uri" can be parsed out of a referral */
if ( rs->sr_err == LDAP_SERVER_DOWN
- || ( rs->sr_err != LDAP_SUCCESS && LDAP_BACK_TLS_CRITICAL( mi ) ) )
+ || ( rs->sr_err != LDAP_SUCCESS
+ && LDAP_BACK_TLS_CRITICAL( mi ) ) )
{
- ldap_unbind_ext( msc->msc_ld, NULL, NULL );
- msc->msc_ld = NULL;
+
+#ifdef DEBUG_205
+ Debug( LDAP_DEBUG_ANY,
+ "### %s meta_back_init_one_conn(TLS) "
+ "ldap_unbind_ext[%d] ld=%p\n",
+ op->o_log_prefix, candidate,
+ (void *)msc->msc_ld );
+#endif /* DEBUG_205 */
+
+ /* need to trash a failed Start TLS */
+ meta_clear_one_candidate( op, mc, candidate );
goto error_return;
}
}
@@ -453,6 +551,10 @@ retry:;
if ( !BER_BVISNULL( &mt->mt_idassert_authcDN ) ) {
ber_bvreplace( &msc->msc_bound_ndn, &mt->mt_idassert_authcDN );
if ( !BER_BVISNULL( &mt->mt_idassert_passwd ) ) {
+ if ( !BER_BVISNULL( &msc->msc_cred ) ) {
+ memset( msc->msc_cred.bv_val, 0,
+ msc->msc_cred.bv_len );
+ }
ber_bvreplace( &msc->msc_cred, &mt->mt_idassert_passwd );
}
@@ -460,8 +562,6 @@ retry:;
ber_bvreplace( &msc->msc_bound_ndn, &slap_empty_bv );
}
- LDAP_BACK_CONN_ISPRIV_SET( msc );
-
} else {
if ( !BER_BVISNULL( &msc->msc_cred ) ) {
memset( msc->msc_cred.bv_val, 0, msc->msc_cred.bv_len );
@@ -487,8 +587,17 @@ retry:;
if ( ldap_back_dn_massage( &dc, &op->o_conn->c_dn,
&msc->msc_bound_ndn ) )
{
- ldap_unbind_ext( msc->msc_ld, NULL, NULL );
- msc->msc_ld = NULL;
+
+#ifdef DEBUG_205
+ Debug( LDAP_DEBUG_ANY,
+ "### %s meta_back_init_one_conn(rewrite) "
+ "ldap_unbind_ext[%d] ld=%p\n",
+ op->o_log_prefix, candidate,
+ (void *)msc->msc_ld );
+#endif /* DEBUG_205 */
+
+ /* need to trash a connection not fully established */
+ meta_clear_one_candidate( op, mc, candidate );
goto error_return;
}
@@ -497,6 +606,8 @@ retry:;
ber_dupbv( &msc->msc_bound_ndn, &op->o_conn->c_dn );
}
+ assert( !BER_BVISNULL( &msc->msc_bound_ndn ) );
+
} else {
ber_dupbv( &msc->msc_bound_ndn, (struct berval *)&slap_empty_bv );
}
@@ -505,17 +616,25 @@ retry:;
assert( !BER_BVISNULL( &msc->msc_bound_ndn ) );
error_return:;
+ if ( dolock ) {
+ ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+ }
+ META_BACK_CONN_CREATING_CLEAR( msc );
if ( rs->sr_err == LDAP_SUCCESS ) {
/*
* Sets a cookie for the rewrite session
*/
( void )rewrite_session_init( mt->mt_rwmap.rwm_rw, op->o_conn );
+ META_BACK_CONN_INITED_SET( msc );
+ }
+ if ( dolock ) {
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+ }
- } else {
+ if ( rs->sr_err != LDAP_SUCCESS ) {
rs->sr_err = slap_map_api2result( rs );
if ( sendok & LDAP_BACK_SENDERR ) {
send_ldap_result( op, rs );
- rs->sr_text = NULL;
}
}
@@ -540,16 +659,22 @@ meta_back_retry(
metaconn_t *mc = *mcp;
metasingleconn_t *msc = &mc->mc_conns[ candidate ];
int rc = LDAP_UNAVAILABLE,
- binding;
+ binding,
+ quarantine = 1;
ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+
+ assert( !META_BACK_CONN_CREATING( msc ) );
binding = LDAP_BACK_CONN_BINDING( msc );
+ LDAP_BACK_CONN_BINDING_CLEAR( msc );
assert( mc->mc_refcnt > 0 );
if ( mc->mc_refcnt == 1 ) {
if ( LogTest( LDAP_DEBUG_ANY ) ) {
char buf[ SLAP_TEXT_BUFLEN ];
+ /* this lock is required; however,
+ * it's invoked only when logging is on */
ldap_pvt_thread_mutex_lock( &mt->mt_uri_mutex );
snprintf( buf, sizeof( buf ),
"retrying URI=\"%s\" DN=\"%s\"",
@@ -563,19 +688,22 @@ meta_back_retry(
op->o_log_prefix, candidate, buf );
}
- meta_clear_one_candidate( msc );
+ meta_clear_one_candidate( op, mc, candidate );
LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
( void )rewrite_session_delete( mt->mt_rwmap.rwm_rw, op->o_conn );
/* mc here must be the regular mc, reset and ready for init */
rc = meta_back_init_one_conn( op, rs, mc, candidate,
- LDAP_BACK_CONN_ISPRIV( mc ), sendok );
+ LDAP_BACK_CONN_ISPRIV( mc ), sendok, 0 );
+
+ /* restore the "binding" flag, in case */
if ( binding ) {
LDAP_BACK_CONN_BINDING_SET( msc );
}
if ( rc == LDAP_SUCCESS ) {
+ quarantine = 0;
rc = meta_back_single_dobind( op, rs, mcp, candidate,
sendok, mt->mt_nretries, 0 );
@@ -584,13 +712,24 @@ meta_back_retry(
"meta_back_single_dobind=%d\n",
op->o_log_prefix, candidate, rc );
if ( rc == LDAP_SUCCESS ) {
- if ( be_isroot( op ) ) {
+ if ( !BER_BVISNULL( &msc->msc_bound_ndn ) &&
+ !BER_BVISEMPTY( &msc->msc_bound_ndn ) )
+ {
LDAP_BACK_CONN_ISBOUND_SET( msc );
+
} else {
LDAP_BACK_CONN_ISANON_SET( msc );
}
+
+ /* when bound, dispose of the "binding" flag */
+ if ( binding ) {
+ LDAP_BACK_CONN_BINDING_CLEAR( msc );
+ }
}
}
+
+ /* don't send twice */
+ sendok &= ~LDAP_BACK_SENDERR;
}
if ( rc != LDAP_SUCCESS ) {
@@ -599,27 +738,61 @@ meta_back_retry(
candidates[ candidate ].sr_err = rc;
if ( *mcp != NULL ) {
- if ( binding ) {
- LDAP_BACK_CONN_BINDING_CLEAR( msc );
+ if ( mc->mc_refcnt == 1 ) {
+ if ( binding ) {
+ LDAP_BACK_CONN_BINDING_CLEAR( msc );
+ }
+ (void)meta_clear_one_candidate( op, mc, candidate );
}
+
LDAP_BACK_CONN_TAINTED_SET( mc );
/* only release if mandatory; otherwise
* let the caller do what's best before
* releasing */
if ( META_BACK_ONERR_STOP( mi ) ) {
- meta_back_release_conn_lock( op, mc, 0 );
+ meta_back_release_conn_lock( mi, mc, 0 );
*mcp = NULL;
+
+ } else {
+#if META_BACK_PRINT_CONNTREE > 0
+ meta_back_print_conntree( mi, ">>> meta_back_retry" );
+#endif /* META_BACK_PRINT_CONNTREE */
+
+ /* FIXME: could be done better, reworking meta_back_release_conn_lock() */
+ if ( LDAP_BACK_PCONN_ISPRIV( mc ) ) {
+ if ( mc->mc_q.tqe_prev != NULL ) {
+ assert( LDAP_BACK_CONN_CACHED( mc ) );
+ assert( mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_num > 0 );
+ LDAP_TAILQ_REMOVE( &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_priv,
+ mc, mc_q );
+ mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_num--;
+ LDAP_TAILQ_ENTRY_INIT( mc, mc_q );
+
+ } else {
+ assert( !LDAP_BACK_CONN_CACHED( mc ) );
+ }
+
+ } else {
+ /* FIXME: check if in tree, for consistency? */
+ (void)avl_delete( &mi->mi_conninfo.lai_tree,
+ ( caddr_t )mc, meta_back_conndnmc_cmp );
+ }
+ LDAP_BACK_CONN_CACHED_CLEAR( mc );
+
+#if META_BACK_PRINT_CONNTREE > 0
+ meta_back_print_conntree( mi, "<<< meta_back_retry" );
+#endif /* META_BACK_PRINT_CONNTREE */
}
}
- if ( sendok ) {
+ if ( sendok & LDAP_BACK_SENDERR ) {
rs->sr_err = rc;
- rs->sr_text = NULL;
+ rs->sr_text = "Unable to retry";
send_ldap_result( op, rs );
}
}
- if ( META_BACK_TGT_QUARANTINE( mt ) ) {
+ if ( quarantine && META_BACK_TGT_QUARANTINE( mt ) ) {
meta_back_quarantine( op, rs, candidate );
}
@@ -673,7 +846,7 @@ meta_back_get_candidate(
*/
if ( candidate == META_TARGET_NONE ) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
- rs->sr_text = "no suitable candidate target found";
+ rs->sr_text = "No suitable candidate target found";
} else if ( candidate == META_TARGET_MULTIPLE ) {
Filter f = { 0 };
@@ -726,7 +899,7 @@ meta_back_get_candidate(
} else {
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
- rs->sr_text = "cannot select unique candidate target";
+ rs->sr_text = "Unable to select unique candidate target";
}
break;
}
@@ -852,65 +1025,143 @@ meta_back_getconn(
META_DNTYPE_ENTRY,
META_DNTYPE_PARENT,
META_DNTYPE_NEWPARENT
- } dn_type = META_DNTYPE_ENTRY;
+ } dn_type = META_DNTYPE_ENTRY;
struct berval ndn = op->o_req_ndn,
pndn;
SlapReply *candidates = meta_back_candidates_get( op );
/* Internal searches are privileged and shared. So is root. */
- /* FIXME: there seem to be concurrency issues */
- if ( op->o_do_not_cache || be_isroot( op ) ) {
- mc_curr.mc_local_ndn = op->o_bd->be_rootndn;
+ if ( ( !BER_BVISEMPTY( &op->o_ndn ) && META_BACK_PROXYAUTHZ_ALWAYS( mi ) )
+ || ( BER_BVISEMPTY( &op->o_ndn ) && META_BACK_PROXYAUTHZ_ANON( mi ) )
+ || op->o_do_not_cache || be_isroot( op ) )
+ {
LDAP_BACK_CONN_ISPRIV_SET( &mc_curr );
- mc_curr.mc_conn = LDAP_BACK_PCONN_SET( op );
+ mc_curr.mc_local_ndn = op->o_bd->be_rootndn;
+ LDAP_BACK_PCONN_ROOTDN_SET( &mc_curr, op );
+
+ } else if ( BER_BVISEMPTY( &op->o_ndn ) && META_BACK_PROXYAUTHZ_NOANON( mi ) )
+ {
+ LDAP_BACK_CONN_ISANON_SET( &mc_curr );
+ BER_BVSTR( &mc_curr.mc_local_ndn, "" );
+ LDAP_BACK_PCONN_ANON_SET( &mc_curr, op );
} else {
mc_curr.mc_local_ndn = op->o_ndn;
/* Explicit binds must not be shared */
- if ( op->o_tag == LDAP_REQ_BIND || SLAP_IS_AUTHZ_BACKEND( op ) ) {
+ if ( !BER_BVISEMPTY( &op->o_ndn )
+ || op->o_tag == LDAP_REQ_BIND
+ || SLAP_IS_AUTHZ_BACKEND( op ) )
+ {
mc_curr.mc_conn = op->o_conn;
} else {
- mc_curr.mc_conn = LDAP_BACK_PCONN_SET( op );
+ LDAP_BACK_CONN_ISANON_SET( &mc_curr );
+ LDAP_BACK_PCONN_ANON_SET( &mc_curr, op );
}
}
/* Explicit Bind requests always get their own conn */
- if ( !( sendok & LDAP_BACK_BINDING ) ) {
+ if ( sendok & LDAP_BACK_BINDING ) {
+ mc_curr.mc_conn = op->o_conn;
+
+ } else {
/* Searches for a metaconn in the avl tree */
retry_lock:;
ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
- mc = (metaconn_t *)avl_find( mi->mi_conninfo.lai_tree,
- (caddr_t)&mc_curr, meta_back_conndn_cmp );
- if ( mc ) {
- if ( ( mi->mi_conn_ttl != 0 && op->o_time > mc->mc_create_time + mi->mi_conn_ttl )
- || ( mi->mi_idle_timeout != 0 && op->o_time > mc->mc_time + mi->mi_idle_timeout ) )
+ if ( LDAP_BACK_PCONN_ISPRIV( &mc_curr ) ) {
+ /* lookup a conn that's not binding */
+ LDAP_TAILQ_FOREACH( mc,
+ &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( &mc_curr ) ].mic_priv,
+ mc_q )
{
+ if ( !LDAP_BACK_CONN_BINDING( mc ) && mc->mc_refcnt == 0 ) {
+ break;
+ }
+ }
+
+ if ( mc != NULL ) {
+ if ( mc != LDAP_TAILQ_LAST( &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_priv,
+ metaconn_t, mc_q ) )
+ {
+ LDAP_TAILQ_REMOVE( &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_priv,
+ mc, mc_q );
+ LDAP_TAILQ_ENTRY_INIT( mc, mc_q );
+ LDAP_TAILQ_INSERT_TAIL( &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_priv,
+ mc, mc_q );
+ }
+
+ } else if ( !LDAP_BACK_USE_TEMPORARIES( mi )
+ && mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( &mc_curr ) ].mic_num == mi->mi_conn_priv_max )
+ {
+ mc = LDAP_TAILQ_FIRST( &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( &mc_curr ) ].mic_priv );
+ }
+
+
+ } else {
+ mc = (metaconn_t *)avl_find( mi->mi_conninfo.lai_tree,
+ (caddr_t)&mc_curr, meta_back_conndn_cmp );
+ }
+
+ if ( mc ) {
+ /* catch taint errors */
+ assert( !LDAP_BACK_CONN_TAINTED( mc ) );
+
+ /* Don't reuse connections while they're still binding
+ * NOTE: only makes sense for binds */
+ if ( LDAP_BACK_CONN_BINDING( mc ) ) {
+ if ( !LDAP_BACK_USE_TEMPORARIES( mi ) ) {
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+
+ ldap_pvt_thread_yield();
+ goto retry_lock;
+ }
+
+ /* release conn, and create a temporary */
+ mc = NULL;
+
+ } else {
+ if ( ( mi->mi_conn_ttl != 0 && op->o_time > mc->mc_create_time + mi->mi_conn_ttl )
+ || ( mi->mi_idle_timeout != 0 && op->o_time > mc->mc_time + mi->mi_idle_timeout ) )
+ {
#if META_BACK_PRINT_CONNTREE > 0
- meta_back_print_conntree( mi->mi_conninfo.lai_tree, ">>> meta_back_getconn" );
+ meta_back_print_conntree( mi,
+ ">>> meta_back_getconn(expired)" );
#endif /* META_BACK_PRINT_CONNTREE */
- /* don't let anyone else use this expired connection */
- (void)avl_delete( &mi->mi_conninfo.lai_tree,
- (caddr_t)mc, meta_back_conndnmc_cmp );
+
+ /* don't let anyone else use this expired connection */
+ if ( LDAP_BACK_PCONN_ISPRIV( mc ) ) {
+ if ( mc->mc_q.tqe_prev != NULL ) {
+ assert( LDAP_BACK_CONN_CACHED( mc ) );
+ assert( mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_num > 0 );
+ LDAP_TAILQ_REMOVE( &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_priv,
+ mc, mc_q );
+ mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_num--;
+ LDAP_TAILQ_ENTRY_INIT( mc, mc_q );
+
+ } else {
+ assert( !LDAP_BACK_CONN_CACHED( mc ) );
+ }
+
+ } else {
+ (void)avl_delete( &mi->mi_conninfo.lai_tree,
+ (caddr_t)mc, meta_back_conndnmc_cmp );
+ }
+
#if META_BACK_PRINT_CONNTREE > 0
- meta_back_print_conntree( mi->mi_conninfo.lai_tree, "<<< meta_back_getconn" );
+ meta_back_print_conntree( mi,
+ "<<< meta_back_getconn(expired)" );
#endif /* META_BACK_PRINT_CONNTREE */
- LDAP_BACK_CONN_TAINTED_SET( mc );
+ LDAP_BACK_CONN_TAINTED_SET( mc );
+ LDAP_BACK_CONN_CACHED_CLEAR( mc );
- Debug( LDAP_DEBUG_TRACE, "%s meta_back_getconn: mc=%p conn=%ld expired.\n",
- op->o_log_prefix, (void *)mc, LDAP_BACK_PCONN_ID( mc ) );
- }
+ Debug( LDAP_DEBUG_TRACE, "%s meta_back_getconn: mc=%p conn=%ld expired (tainted).\n",
+ op->o_log_prefix, (void *)mc, LDAP_BACK_PCONN_ID( mc ) );
+ }
- /* Don't reuse connections while they're still binding */
- if ( LDAP_BACK_CONN_BINDING( mc ) ) {
- ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
- ldap_pvt_thread_yield();
- goto retry_lock;
+ mc->mc_refcnt++;
}
-
- mc->mc_refcnt++;
}
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
}
@@ -939,12 +1190,12 @@ retry_lock:;
}
break;
+ case LDAP_REQ_COMPARE:
case LDAP_REQ_DELETE:
case LDAP_REQ_MODIFY:
/* just a unique candidate */
break;
- case LDAP_REQ_COMPARE:
case LDAP_REQ_SEARCH:
/* allow multiple candidates for the searchBase */
op_type = META_OP_ALLOW_MULTIPLE;
@@ -970,6 +1221,16 @@ retry_lock:;
if ( sendok & LDAP_BACK_BINDING ) {
LDAP_BACK_CONN_BINDING_SET( mc );
}
+ if ( LDAP_BACK_CONN_ISPRIV( &mc_curr ) ) {
+ LDAP_BACK_CONN_ISPRIV_SET( mc );
+
+ } else if ( LDAP_BACK_CONN_ISANON( &mc_curr ) ) {
+ LDAP_BACK_CONN_ISANON_SET( mc );
+ }
+
+ } else if ( 0 ) {
+ /* TODO: if any of the connections is binding,
+ * release mc and create a new one */
}
for ( i = 0; i < mi->mi_ntargets; i++ ) {
@@ -979,7 +1240,7 @@ retry_lock:;
*/
candidates[ i ].sr_err = meta_back_init_one_conn( op,
rs, mc, i, LDAP_BACK_CONN_ISPRIV( &mc_curr ),
- sendok );
+ LDAP_BACK_DONTSEND, !new_conn );
if ( candidates[ i ].sr_err == LDAP_SUCCESS ) {
META_CANDIDATE_SET( &candidates[ i ] );
ncandidates++;
@@ -1003,7 +1264,7 @@ retry_lock:;
meta_back_conn_free( mc );
} else {
- meta_back_release_conn( op, mc );
+ meta_back_release_conn( mi, mc );
}
rs->sr_err = LDAP_NO_SUCH_OBJECT;
@@ -1014,7 +1275,6 @@ retry_lock:;
rs->sr_matched = op->o_bd->be_suffix[ 0 ].bv_val;
}
send_ldap_result( op, rs );
- rs->sr_text = NULL;
rs->sr_matched = NULL;
}
@@ -1054,7 +1314,7 @@ retry_lock:;
if ( i < 0 || rs->sr_err != LDAP_SUCCESS ) {
if ( mc != NULL ) {
- meta_back_release_conn( op, mc );
+ meta_back_release_conn( mi, mc );
}
if ( sendok & LDAP_BACK_SENDERR ) {
@@ -1062,7 +1322,6 @@ retry_lock:;
rs->sr_matched = op->o_bd->be_suffix[ 0 ].bv_val;
}
send_ldap_result( op, rs );
- rs->sr_text = NULL;
rs->sr_matched = NULL;
}
@@ -1073,14 +1332,13 @@ retry_lock:;
if ( dn_type == META_DNTYPE_NEWPARENT && meta_back_get_candidate( op, rs, op->orr_nnewSup ) != i )
{
if ( mc != NULL ) {
- meta_back_release_conn( op, mc );
+ meta_back_release_conn( mi, mc );
}
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
- rs->sr_text = "cross-target rename not supported";
+ rs->sr_text = "Cross-target rename not supported";
if ( sendok & LDAP_BACK_SENDERR ) {
send_ldap_result( op, rs );
- rs->sr_text = NULL;
}
return NULL;
@@ -1100,14 +1358,24 @@ retry_lock2:;
mc = (metaconn_t *)avl_find( mi->mi_conninfo.lai_tree,
(caddr_t)&mc_curr, meta_back_conndn_cmp );
if ( mc != NULL ) {
+ /* catch taint errors */
+ assert( !LDAP_BACK_CONN_TAINTED( mc ) );
+
/* Don't reuse connections while they're still binding */
- if ( LDAP_BACK_CONN_BINDING( mc ) ) {
- ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
- ldap_pvt_thread_yield();
- goto retry_lock2;
- }
+ if ( META_BACK_CONN_CREATING( &mc->mc_conns[ i ] )
+ || LDAP_BACK_CONN_BINDING( &mc->mc_conns[ i ] ) )
+ {
+ if ( !LDAP_BACK_USE_TEMPORARIES( mi ) ) {
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+ ldap_pvt_thread_yield();
+ goto retry_lock2;
+ }
+
+ mc = NULL;
- mc->mc_refcnt++;
+ } else {
+ mc->mc_refcnt++;
+ }
}
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
}
@@ -1122,6 +1390,12 @@ retry_lock2:;
if ( sendok & LDAP_BACK_BINDING ) {
LDAP_BACK_CONN_BINDING_SET( mc );
}
+ if ( LDAP_BACK_CONN_ISPRIV( &mc_curr ) ) {
+ LDAP_BACK_CONN_ISPRIV_SET( mc );
+
+ } else if ( LDAP_BACK_CONN_ISANON( &mc_curr ) ) {
+ LDAP_BACK_CONN_ISANON_SET( mc );
+ }
}
}
@@ -1139,7 +1413,7 @@ retry_lock2:;
* sends the appropriate result.
*/
err = meta_back_init_one_conn( op, rs, mc, i,
- LDAP_BACK_CONN_ISPRIV( &mc_curr ), sendok );
+ LDAP_BACK_CONN_ISPRIV( &mc_curr ), sendok, !new_conn );
if ( err != LDAP_SUCCESS ) {
/*
* FIXME: in case one target cannot
@@ -1152,7 +1426,7 @@ retry_lock2:;
meta_back_conn_free( mc );
} else {
- meta_back_release_conn( op, mc );
+ meta_back_release_conn( mi, mc );
}
return NULL;
}
@@ -1177,14 +1451,18 @@ retry_lock2:;
mc->mc_conn = mc_curr.mc_conn;
ber_dupbv( &mc->mc_local_ndn, &mc_curr.mc_local_ndn );
new_conn = 1;
- if ( sendok & LDAP_BACK_BINDING ) {
- LDAP_BACK_CONN_BINDING_SET( mc );
+ if ( LDAP_BACK_CONN_ISPRIV( &mc_curr ) ) {
+ LDAP_BACK_CONN_ISPRIV_SET( mc );
+
+ } else if ( LDAP_BACK_CONN_ISANON( &mc_curr ) ) {
+ LDAP_BACK_CONN_ISANON_SET( mc );
}
}
for ( i = 0; i < mi->mi_ntargets; i++ ) {
metatarget_t *mt = mi->mi_targets[ i ];
- metasingleconn_t *msc = &mc->mc_conns[ i ];
+
+ META_CANDIDATE_RESET( &candidates[ i ] );
if ( i == cached
|| meta_back_is_candidate( mt, &op->o_req_ndn,
@@ -1196,10 +1474,11 @@ retry_lock2:;
* also init'd
*/
int lerr = meta_back_init_one_conn( op, rs, mc, i,
- LDAP_BACK_CONN_ISPRIV( &mc_curr ), LDAP_BACK_DONTSEND );
+ LDAP_BACK_CONN_ISPRIV( &mc_curr ),
+ LDAP_BACK_DONTSEND, !new_conn );
+ candidates[ i ].sr_err = lerr;
if ( lerr == LDAP_SUCCESS ) {
META_CANDIDATE_SET( &candidates[ i ] );
- candidates[ i ].sr_err = LDAP_SUCCESS;
ncandidates++;
Debug( LDAP_DEBUG_TRACE, "%s: meta_back_getconn[%d]\n",
@@ -1207,7 +1486,6 @@ retry_lock2:;
} else if ( lerr == LDAP_UNAVAILABLE && !META_BACK_ONERR_STOP( mi ) ) {
META_CANDIDATE_SET( &candidates[ i ] );
- candidates[ i ].sr_err = LDAP_UNAVAILABLE;
Debug( LDAP_DEBUG_TRACE, "%s: meta_back_getconn[%d] %s\n",
op->o_log_prefix, i,
@@ -1221,46 +1499,42 @@ retry_lock2:;
* be tried?
*/
if ( new_conn ) {
- ( void )meta_clear_one_candidate( msc );
+ ( void )meta_clear_one_candidate( op, mc, i );
}
/* leave the target candidate, but record the error for later use */
- candidates[ i ].sr_err = lerr;
err = lerr;
if ( lerr == LDAP_UNAVAILABLE && mt->mt_isquarantined != LDAP_BACK_FQ_NO ) {
- Debug( LDAP_DEBUG_TRACE, "%s: meta_back_getconn[%d] quarantined: %d\n",
+ Debug( LDAP_DEBUG_TRACE, "%s: meta_back_getconn[%d] quarantined err=%d\n",
op->o_log_prefix, i, lerr );
} else {
- Debug( LDAP_DEBUG_ANY, "%s: meta_back_getconn[%d] failed: %d\n",
+ Debug( LDAP_DEBUG_ANY, "%s: meta_back_getconn[%d] failed err=%d\n",
op->o_log_prefix, i, lerr );
}
if ( META_BACK_ONERR_STOP( mi ) ) {
if ( sendok & LDAP_BACK_SENDERR ) {
send_ldap_result( op, rs );
- rs->sr_text = NULL;
}
if ( new_conn ) {
mc->mc_refcnt = 0;
meta_back_conn_free( mc );
} else {
- meta_back_release_conn( op, mc );
+ meta_back_release_conn( mi, mc );
}
return NULL;
}
- rs->sr_text = NULL;
continue;
}
} else {
if ( new_conn ) {
- ( void )meta_clear_one_candidate( msc );
+ ( void )meta_clear_one_candidate( op, mc, i );
}
- META_CANDIDATE_RESET( &candidates[ i ] );
}
}
@@ -1270,7 +1544,7 @@ retry_lock2:;
meta_back_conn_free( mc );
} else {
- meta_back_release_conn( op, mc );
+ meta_back_release_conn( mi, mc );
}
if ( rs->sr_err == LDAP_SUCCESS ) {
@@ -1283,7 +1557,6 @@ retry_lock2:;
rs->sr_matched = op->o_bd->be_suffix[ 0 ].bv_val;
}
send_ldap_result( op, rs );
- rs->sr_text = NULL;
rs->sr_matched = NULL;
}
@@ -1311,47 +1584,70 @@ done:;
*/
ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
#if META_BACK_PRINT_CONNTREE > 0
- meta_back_print_conntree( mi->mi_conninfo.lai_tree, ">>> meta_back_getconn" );
+ meta_back_print_conntree( mi, ">>> meta_back_getconn" );
#endif /* META_BACK_PRINT_CONNTREE */
- err = avl_insert( &mi->mi_conninfo.lai_tree, ( caddr_t )mc,
+
+ if ( LDAP_BACK_PCONN_ISPRIV( mc ) ) {
+ if ( mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_num < mi->mi_conn_priv_max ) {
+ LDAP_TAILQ_INSERT_TAIL( &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_priv, mc, mc_q );
+ mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_num++;
+ LDAP_BACK_CONN_CACHED_SET( mc );
+
+ } else {
+ LDAP_BACK_CONN_TAINTED_SET( mc );
+ }
+ rs->sr_err = 0;
+
+ } else {
+ err = avl_insert( &mi->mi_conninfo.lai_tree, ( caddr_t )mc,
meta_back_conndn_cmp, meta_back_conndn_dup );
+ LDAP_BACK_CONN_CACHED_SET( mc );
+ }
+
#if META_BACK_PRINT_CONNTREE > 0
- meta_back_print_conntree( mi->mi_conninfo.lai_tree, ">>> meta_back_getconn" );
+ meta_back_print_conntree( mi, ">>> meta_back_getconn" );
#endif /* META_BACK_PRINT_CONNTREE */
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
- /*
- * Err could be -1 in case a duplicate metaconn is inserted
- */
- switch ( err ) {
- case 0:
- break;
+ if ( !LDAP_BACK_PCONN_ISPRIV( mc ) ) {
+ /*
+ * Err could be -1 in case a duplicate metaconn is inserted
+ */
+ switch ( err ) {
+ case 0:
+ break;
- case -1:
- /* duplicate: free and try to get the newly created one */
- if ( !( sendok & LDAP_BACK_BINDING ) ) {
- new_conn = 0;
- goto retry_lock;
- }
- LDAP_BACK_CONN_TAINTED_SET( mc );
- break;
+ case -1:
+ LDAP_BACK_CONN_CACHED_CLEAR( mc );
+ /* duplicate: free and try to get the newly created one */
+ if ( !( sendok & LDAP_BACK_BINDING ) && !LDAP_BACK_USE_TEMPORARIES( mi ) ) {
+ mc->mc_refcnt = 0;
+ meta_back_conn_free( mc );
+
+ new_conn = 0;
+ goto retry_lock;
+ }
- default:
- Debug( LDAP_DEBUG_ANY,
- "%s meta_back_getconn: candidates=%d conn=%ld insert failed\n",
- op->o_log_prefix, ncandidates,
- LDAP_BACK_PCONN_ID( mc ) );
+ LDAP_BACK_CONN_TAINTED_SET( mc );
+ break;
+
+ default:
+ LDAP_BACK_CONN_CACHED_CLEAR( mc );
+ Debug( LDAP_DEBUG_ANY,
+ "%s meta_back_getconn: candidates=%d conn=%ld insert failed\n",
+ op->o_log_prefix, ncandidates,
+ LDAP_BACK_PCONN_ID( mc ) );
- mc->mc_refcnt = 0;
- meta_back_conn_free( mc );
+ mc->mc_refcnt = 0;
+ meta_back_conn_free( mc );
- rs->sr_err = LDAP_OTHER;
- rs->sr_text = "proxy bind collision";
- if ( sendok & LDAP_BACK_SENDERR ) {
- send_ldap_result( op, rs );
- rs->sr_text = NULL;
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "Proxy bind collision";
+ if ( sendok & LDAP_BACK_SENDERR ) {
+ send_ldap_result( op, rs );
+ }
+ return NULL;
}
- return NULL;
}
Debug( LDAP_DEBUG_TRACE,
@@ -1365,18 +1661,16 @@ done:;
op->o_log_prefix, ncandidates,
LDAP_BACK_PCONN_ID( mc ) );
}
-
+
return mc;
}
void
meta_back_release_conn_lock(
- Operation *op,
+ metainfo_t *mi,
metaconn_t *mc,
int dolock )
{
- metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
-
assert( mc != NULL );
if ( dolock ) {
@@ -1384,32 +1678,55 @@ meta_back_release_conn_lock(
}
assert( mc->mc_refcnt > 0 );
mc->mc_refcnt--;
- LDAP_BACK_CONN_BINDING_CLEAR( mc );
/* NOTE: the connection is removed if either it is tainted
* or if it is shared and no one else is using it. This needs
* to occur because for intrinsic reasons cached connections
* that are not privileged would live forever and pollute
* the connection space (and eat up resources). Maybe this
* should be configurable... */
- if ( LDAP_BACK_CONN_TAINTED( mc ) ||
- ( !LDAP_BACK_CONN_ISPRIV( mc ) &&
- LDAP_BACK_PCONN_ISPRIV( mc ) &&
- mc->mc_refcnt == 0 ) )
- {
- Debug( LDAP_DEBUG_TRACE, "%s meta_back_release_conn: mc=%p conn=%ld tainted.\n",
- op->o_log_prefix, (void *)mc, LDAP_BACK_PCONN_ID( mc ) );
+ if ( LDAP_BACK_CONN_TAINTED( mc ) ) {
#if META_BACK_PRINT_CONNTREE > 0
- meta_back_print_conntree( mi->mi_conninfo.lai_tree, ">>> meta_back_release_conn" );
+ meta_back_print_conntree( mi, ">>> meta_back_release_conn" );
#endif /* META_BACK_PRINT_CONNTREE */
- (void)avl_delete( &mi->mi_conninfo.lai_tree,
- ( caddr_t )mc, meta_back_conndnmc_cmp );
+
+ if ( LDAP_BACK_PCONN_ISPRIV( mc ) ) {
+ if ( mc->mc_q.tqe_prev != NULL ) {
+ assert( LDAP_BACK_CONN_CACHED( mc ) );
+ assert( mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_num > 0 );
+ LDAP_TAILQ_REMOVE( &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_priv, mc, mc_q );
+ mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_num--;
+ LDAP_TAILQ_ENTRY_INIT( mc, mc_q );
+
+ } else {
+ assert( !LDAP_BACK_CONN_CACHED( mc ) );
+ }
+
+ } else {
+ metaconn_t *tmpmc;
+
+ tmpmc = avl_delete( &mi->mi_conninfo.lai_tree,
+ ( caddr_t )mc, meta_back_conndnmc_cmp );
+
+ /* Overparanoid, but useful... */
+ assert( tmpmc == NULL || tmpmc == mc );
+ }
+
+ LDAP_BACK_CONN_CACHED_CLEAR( mc );
+
#if META_BACK_PRINT_CONNTREE > 0
- meta_back_print_conntree( mi->mi_conninfo.lai_tree, "<<< meta_back_release_conn" );
+ meta_back_print_conntree( mi, "<<< meta_back_release_conn" );
#endif /* META_BACK_PRINT_CONNTREE */
+
if ( mc->mc_refcnt == 0 ) {
meta_back_conn_free( mc );
+ mc = NULL;
}
}
+
+ if ( mc != NULL && LDAP_BACK_CONN_BINDING( mc ) ) {
+ LDAP_BACK_CONN_BINDING_CLEAR( mc );
+ }
+
if ( dolock ) {
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
}
diff --git a/servers/slapd/back-meta/delete.c b/servers/slapd/back-meta/delete.c
index 14ded8b4a81cc85421a453380b531030de1d153a..8f1eaac21b794ae66fa905441342b7ceea9cc7ae 100644
--- a/servers/slapd/back-meta/delete.c
+++ b/servers/slapd/back-meta/delete.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
@@ -96,7 +96,7 @@ cleanup:;
}
if ( mc ) {
- meta_back_release_conn( op, mc );
+ meta_back_release_conn( mi, mc );
}
return rs->sr_err;
diff --git a/servers/slapd/back-meta/dncache.c b/servers/slapd/back-meta/dncache.c
index 12560f0181962707a5bd7a850983ea7bbeb6b52d..32f427f72d492ace8cad02f8515abf6c7b712b94 100644
--- a/servers/slapd/back-meta/dncache.c
+++ b/servers/slapd/back-meta/dncache.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
diff --git a/servers/slapd/back-meta/init.c b/servers/slapd/back-meta/init.c
index 46aee301ca401745680809bbc49f2b180138453b..89f27ad8182ff97736b71c8cdad83bf6f93c66a5 100644
--- a/servers/slapd/back-meta/init.c
+++ b/servers/slapd/back-meta/init.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
@@ -90,6 +90,7 @@ meta_back_db_init(
Backend *be )
{
metainfo_t *mi;
+ int i;
mi = ch_calloc( 1, sizeof( metainfo_t ) );
if ( mi == NULL ) {
@@ -113,6 +114,12 @@ meta_back_db_init(
/* safe default */
mi->mi_nretries = META_RETRY_DEFAULT;
mi->mi_version = LDAP_VERSION3;
+
+ for ( i = LDAP_BACK_PCONN_FIRST; i < LDAP_BACK_PCONN_LAST; i++ ) {
+ mi->mi_conn_priv[ i ].mic_num = 0;
+ LDAP_TAILQ_INIT( &mi->mi_conn_priv[ i ].mic_priv );
+ }
+ mi->mi_conn_priv_max = LDAP_BACK_CONN_PRIV_DEFAULT;
be->be_private = mi;
@@ -125,10 +132,21 @@ meta_back_db_open(
{
metainfo_t *mi = (metainfo_t *)be->be_private;
- int i, rc;
+ int i,
+ not_always = 0,
+ not_always_anon_proxyauthz = 0,
+ not_always_anon_non_prescriptive = 0,
+ rc;
+
+ if ( mi->mi_ntargets == 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "meta_back_db_open: no targets defined\n",
+ 0, 0, 0 );
+ return 1;
+ }
for ( i = 0; i < mi->mi_ntargets; i++ ) {
- slap_bindconf sb = { 0 };
+ slap_bindconf sb = { BER_BVNULL };
metatarget_t *mt = mi->mi_targets[ i ];
ber_str2bv( mt->mt_uri, 0, 0, &sb.sb_uri );
@@ -153,6 +171,49 @@ meta_back_db_open(
mt->mt_flags |= LDAP_BACK_F_CANCEL_EXOP;
}
}
+
+ if ( not_always == 0 ) {
+ if ( !( mt->mt_idassert_flags & LDAP_BACK_AUTH_OVERRIDE )
+ || mt->mt_idassert_authz != NULL )
+ {
+ not_always = 1;
+ }
+ }
+
+ if ( ( mt->mt_idassert_flags & LDAP_BACK_AUTH_AUTHZ_ALL )
+ && !( mt->mt_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) )
+ {
+ Debug( LDAP_DEBUG_ANY, "meta_back_db_open(%s): "
+ "target #%d inconsistent idassert configuration "
+ "(likely authz=\"*\" used with \"non-prescriptive\" flag)\n",
+ be->be_suffix[ 0 ].bv_val, i, 0 );
+ return 1;
+ }
+
+ if ( not_always_anon_proxyauthz == 0 ) {
+ if ( !( mt->mt_idassert_flags & LDAP_BACK_AUTH_AUTHZ_ALL ) )
+ {
+ not_always_anon_proxyauthz = 1;
+ }
+ }
+
+ if ( not_always_anon_non_prescriptive == 0 ) {
+ if ( ( mt->mt_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) )
+ {
+ not_always_anon_non_prescriptive = 1;
+ }
+ }
+ }
+
+ if ( not_always == 0 ) {
+ mi->mi_flags |= META_BACK_F_PROXYAUTHZ_ALWAYS;
+ }
+
+ if ( not_always_anon_proxyauthz == 0 ) {
+ mi->mi_flags |= META_BACK_F_PROXYAUTHZ_ANON;
+
+ } else if ( not_always_anon_non_prescriptive == 0 ) {
+ mi->mi_flags |= META_BACK_F_PROXYAUTHZ_NOANON;
}
return 0;
@@ -175,12 +236,11 @@ meta_back_conn_free(
assert( mc->mc_refcnt == 0 );
/* at least one must be present... */
- assert( mc->mc_conns != NULL );
- ntargets = mc->mc_conns[ 0 ].msc_info->mi_ntargets;
+ ntargets = mc->mc_info->mi_ntargets;
assert( ntargets > 0 );
for ( ; ntargets--; ) {
- (void)meta_clear_one_candidate( &mc->mc_conns[ ntargets ] );
+ (void)meta_clear_one_candidate( NULL, mc, ntargets );
}
if ( !BER_BVISNULL( &mc->mc_local_ndn ) ) {
@@ -285,6 +345,14 @@ meta_back_db_destroy(
if ( mi->mi_conninfo.lai_tree ) {
avl_free( mi->mi_conninfo.lai_tree, meta_back_conn_free );
}
+ for ( i = LDAP_BACK_PCONN_FIRST; i < LDAP_BACK_PCONN_LAST; i++ ) {
+ while ( !LDAP_TAILQ_EMPTY( &mi->mi_conn_priv[ i ].mic_priv ) ) {
+ metaconn_t *mc = LDAP_TAILQ_FIRST( &mi->mi_conn_priv[ i ].mic_priv );
+
+ LDAP_TAILQ_REMOVE( &mi->mi_conn_priv[ i ].mic_priv, mc, mc_q );
+ meta_back_conn_free( mc );
+ }
+ }
/*
* Destroy the per-target stuff (assuming there's at
diff --git a/servers/slapd/back-meta/map.c b/servers/slapd/back-meta/map.c
index 0f01e6bfc553eec7114d1cfda86e7c9afb41fe47..4d6aa59b61fc49f73c169052028a73363da0870d 100644
--- a/servers/slapd/back-meta/map.c
+++ b/servers/slapd/back-meta/map.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -90,19 +90,19 @@ ldap_back_map_init ( struct ldapmap *lm, struct ldapmapping **m )
assert( m != NULL );
*m = NULL;
-
+
mapping = (struct ldapmapping *)ch_calloc( 2,
sizeof( struct ldapmapping ) );
if ( mapping == NULL ) {
return;
}
- ber_str2bv( "objectclass", sizeof("objectclass")-1, 1, &mapping->src);
- ber_dupbv( &mapping->dst, &mapping->src );
- mapping[1].src = mapping->src;
- mapping[1].dst = mapping->dst;
+ ber_str2bv( "objectclass", STRLENOF("objectclass"), 1, &mapping[0].src);
+ ber_dupbv( &mapping[0].dst, &mapping[0].src );
+ mapping[1].src = mapping[0].src;
+ mapping[1].dst = mapping[0].dst;
- avl_insert( &lm->map, (caddr_t)mapping,
+ avl_insert( &lm->map, (caddr_t)&mapping[0],
mapping_cmp, mapping_dup );
avl_insert( &lm->remap, (caddr_t)&mapping[1],
mapping_cmp, mapping_dup );
@@ -120,6 +120,7 @@ ldap_back_mapping ( struct ldapmap *map, struct berval *s, struct ldapmapping **
if ( remap == BACKLDAP_REMAP ) {
tree = map->remap;
+
} else {
tree = map->map;
}
@@ -139,6 +140,13 @@ ldap_back_map ( struct ldapmap *map, struct berval *s, struct berval *bv,
{
struct ldapmapping *mapping;
+ /* map->map may be NULL when mapping is configured,
+ * but map->remap can't */
+ if ( map->remap == NULL ) {
+ *bv = *s;
+ return;
+ }
+
BER_BVZERO( bv );
( void )ldap_back_mapping( map, s, &mapping, remap );
if ( mapping != NULL ) {
diff --git a/servers/slapd/back-meta/modify.c b/servers/slapd/back-meta/modify.c
index 9b86b49b29fa6f01dbd9ab5c2ff7a7789bf0b377..a1088c793279b9426497d11e8244c7934940f2d5 100644
--- a/servers/slapd/back-meta/modify.c
+++ b/servers/slapd/back-meta/modify.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
@@ -214,7 +214,7 @@ cleanup:;
free( modv );
if ( mc ) {
- meta_back_release_conn( op, mc );
+ meta_back_release_conn( mi, mc );
}
return rs->sr_err;
diff --git a/servers/slapd/back-meta/modrdn.c b/servers/slapd/back-meta/modrdn.c
index f6e27c64902f3d622e1c7363e982eb50825dd366..2a14b272085af0f9aaad7ec76bd6491871357d3d 100644
--- a/servers/slapd/back-meta/modrdn.c
+++ b/servers/slapd/back-meta/modrdn.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
@@ -158,7 +158,7 @@ cleanup:;
}
if ( mc ) {
- meta_back_release_conn( op, mc );
+ meta_back_release_conn( mi, mc );
}
return rs->sr_err;
diff --git a/servers/slapd/back-meta/proto-meta.h b/servers/slapd/back-meta/proto-meta.h
index 59a4b0e9c540275ae044a6cb76d8a8d79a755d3b..f03866444fa8ed35477a8ee764179f0b18c5776a 100644
--- a/servers/slapd/back-meta/proto-meta.h
+++ b/servers/slapd/back-meta/proto-meta.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
diff --git a/servers/slapd/back-meta/search.c b/servers/slapd/back-meta/search.c
index d7d251efe176f11b87378cc9dd3908439c440a61..ba163e9f093469de4a8e22e6bf62d6b45d081197 100644
--- a/servers/slapd/back-meta/search.c
+++ b/servers/slapd/back-meta/search.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
@@ -28,6 +28,7 @@
#include <ac/string.h>
#include <ac/time.h>
+#include "lutil.h"
#include "slap.h"
#include "../back-ldap/back-ldap.h"
#include "back-meta.h"
@@ -41,6 +42,7 @@
*/
#define META_MSGID_IGNORE (-1)
#define META_MSGID_NEED_BIND (-2)
+#define META_MSGID_CONNECTING (-3)
static int
meta_send_entry(
@@ -51,11 +53,13 @@ meta_send_entry(
LDAPMessage *e );
typedef enum meta_search_candidate_t {
+ META_SEARCH_UNDEFINED = -2,
META_SEARCH_ERR = -1,
META_SEARCH_NOT_CANDIDATE,
META_SEARCH_CANDIDATE,
META_SEARCH_BINDING,
- META_SEARCH_NEED_BIND
+ META_SEARCH_NEED_BIND,
+ META_SEARCH_CONNECTING
} meta_search_candidate_t;
/*
@@ -84,7 +88,8 @@ meta_search_dobind_init(
meta_search_candidate_t retcode;
- Debug( LDAP_DEBUG_TRACE, "%s >>> meta_search_dobind_init[%d]\n", op->o_log_prefix, candidate, 0 );
+ Debug( LDAP_DEBUG_TRACE, "%s >>> meta_search_dobind_init[%d]\n",
+ op->o_log_prefix, candidate, 0 );
/*
* all the targets are already bound as pseudoroot
@@ -97,45 +102,87 @@ meta_search_dobind_init(
ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
if ( LDAP_BACK_CONN_ISBOUND( msc ) || LDAP_BACK_CONN_ISANON( msc ) ) {
/* already bound (or anonymous) */
+
+#ifdef DEBUG_205
+ char buf[ SLAP_TEXT_BUFLEN ] = { '\0' };
+ int bound = 0;
+
+ if ( LDAP_BACK_CONN_ISBOUND( msc ) ) {
+ bound = 1;
+ }
+
+ snprintf( buf, sizeof( buf ), " mc=%p ld=%p%s DN=\"%s\"",
+ (void *)mc, (void *)msc->msc_ld,
+ bound ? " bound" : " anonymous",
+ bound == 0 ? "" : msc->msc_bound_ndn.bv_val );
+ Debug( LDAP_DEBUG_ANY, "### %s meta_search_dobind_init[%d]%s\n",
+ op->o_log_prefix, candidate, buf );
+#endif /* DEBUG_205 */
+
retcode = META_SEARCH_CANDIDATE;
- } else if ( LDAP_BACK_CONN_BINDING( msc ) ) {
+ } else if ( META_BACK_CONN_CREATING( msc ) || LDAP_BACK_CONN_BINDING( msc ) ) {
/* another thread is binding the target for this conn; wait */
+
+#ifdef DEBUG_205
+ char buf[ SLAP_TEXT_BUFLEN ] = { '\0' };
+
+ snprintf( buf, sizeof( buf ), " mc=%p ld=%p needbind",
+ (void *)mc, (void *)msc->msc_ld );
+ Debug( LDAP_DEBUG_ANY, "### %s meta_search_dobind_init[%d]%s\n",
+ op->o_log_prefix, candidate, buf );
+#endif /* DEBUG_205 */
+
candidates[ candidate ].sr_msgid = META_MSGID_NEED_BIND;
retcode = META_SEARCH_NEED_BIND;
} else {
/* we'll need to bind the target for this conn */
+
+#ifdef DEBUG_205
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ snprintf( buf, sizeof( buf ), " mc=%p ld=%p binding",
+ (void *)mc, (void *)msc->msc_ld );
+ Debug( LDAP_DEBUG_ANY, "### %s meta_search_dobind_init[%d]%s\n",
+ op->o_log_prefix, candidate, buf );
+#endif /* DEBUG_205 */
+
+ if ( msc->msc_ld == NULL ) {
+ /* for some reason (e.g. because formerly in "binding"
+ * state, with eventual connection expiration or invalidation)
+ * it was not initialized as expected */
+
+ Debug( LDAP_DEBUG_ANY, "%s meta_search_dobind_init[%d] mc=%p ld=NULL\n",
+ op->o_log_prefix, candidate, (void *)mc );
+
+ rc = meta_back_init_one_conn( op, rs, *mcp, candidate,
+ LDAP_BACK_CONN_ISPRIV( *mcp ), LDAP_BACK_DONTSEND, 0 );
+ switch ( rc ) {
+ case LDAP_SUCCESS:
+ assert( msc->msc_ld != NULL );
+ break;
+
+ case LDAP_SERVER_DOWN:
+ case LDAP_UNAVAILABLE:
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+ goto down;
+
+ default:
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+ goto other;
+ }
+ }
+
LDAP_BACK_CONN_BINDING_SET( msc );
}
+
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+
if ( retcode != META_SEARCH_BINDING ) {
return retcode;
}
- if ( msc->msc_ld == NULL ) {
- /* for some reason (e.g. because formerly in "binding"
- * state, with eventual connection expiration or invalidation)
- * it was not initialized as expected */
-
- Debug( LDAP_DEBUG_ANY, "%s meta_search_dobind_init[%d] ld=NULL\n",
- op->o_log_prefix, candidate, 0 );
-
- rc = meta_back_init_one_conn( op, rs, *mcp, candidate,
- LDAP_BACK_CONN_ISPRIV( *mcp ), LDAP_BACK_DONTSEND );
- switch ( rc ) {
- case LDAP_SUCCESS:
- assert( msc->msc_ld != NULL );
- break;
-
- case LDAP_SERVER_DOWN:
- goto down;
-
- default:
- goto other;
- }
- }
-
/* NOTE: this obsoletes pseudorootdn */
if ( op->o_conn != NULL &&
!op->o_do_not_cache &&
@@ -153,7 +200,11 @@ meta_search_dobind_init(
if ( !BER_BVISNULL( &binddn ) ) {
ber_bvreplace( &msc->msc_bound_ndn, &binddn );
if ( LDAP_BACK_SAVECRED( mi ) && !BER_BVISNULL( &cred ) ) {
- ber_dupbv( &msc->msc_cred, &cred );
+ if ( !BER_BVISNULL( &msc->msc_cred ) ) {
+ memset( msc->msc_cred.bv_val, 0,
+ msc->msc_cred.bv_len );
+ }
+ ber_bvreplace( &msc->msc_cred, &cred );
}
}
@@ -181,19 +232,85 @@ meta_search_dobind_init(
assert( msc->msc_ld != NULL );
+ /* connect must be async */
+retry:;
+ ldap_set_option( msc->msc_ld, LDAP_OPT_CONNECT_ASYNC, LDAP_OPT_ON );
+
rc = ldap_sasl_bind( msc->msc_ld, binddn.bv_val, LDAP_SASL_SIMPLE, &cred,
NULL, NULL, &candidates[ candidate ].sr_msgid );
+
+#ifdef DEBUG_205
+ {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ snprintf( buf, sizeof( buf ), "meta_search_dobind_init[%d] mc=%p ld=%p rc=%d",
+ candidate, (void *)mc, (void *)mc->mc_conns[ candidate ].msc_ld, rc );
+ Debug( LDAP_DEBUG_ANY, "### %s %s\n",
+ op->o_log_prefix, buf, 0 );
+ }
+#endif /* DEBUG_205 */
+
switch ( rc ) {
case LDAP_SUCCESS:
+ assert( candidates[ candidate ].sr_msgid >= 0 );
META_BINDING_SET( &candidates[ candidate ] );
return META_SEARCH_BINDING;
+ case LDAP_X_CONNECTING:
+ /* must retry, same conn */
+ candidates[ candidate ].sr_msgid = META_MSGID_CONNECTING;
+ ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+ LDAP_BACK_CONN_BINDING_CLEAR( msc );
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+ return META_SEARCH_CONNECTING;
+
case LDAP_SERVER_DOWN:
down:;
/* This is the worst thing that could happen:
* the search will wait until the retry is over. */
- if ( meta_back_retry( op, rs, mcp, candidate, LDAP_BACK_DONTSEND ) ) {
- return META_SEARCH_CANDIDATE;
+ if ( !META_IS_RETRYING( &candidates[ candidate ] ) ) {
+ META_RETRYING_SET( &candidates[ candidate ] );
+
+ ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+
+ assert( mc->mc_refcnt > 0 );
+ if ( LogTest( LDAP_DEBUG_ANY ) ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ /* this lock is required; however,
+ * it's invoked only when logging is on */
+ ldap_pvt_thread_mutex_lock( &mt->mt_uri_mutex );
+ snprintf( buf, sizeof( buf ),
+ "retrying URI=\"%s\" DN=\"%s\"",
+ mt->mt_uri,
+ BER_BVISNULL( &msc->msc_bound_ndn ) ?
+ "" : msc->msc_bound_ndn.bv_val );
+ ldap_pvt_thread_mutex_unlock( &mt->mt_uri_mutex );
+
+ Debug( LDAP_DEBUG_ANY,
+ "%s meta_search_dobind_init[%d]: %s.\n",
+ op->o_log_prefix, candidate, buf );
+ }
+
+ meta_clear_one_candidate( op, mc, candidate );
+ LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
+
+ ( void )rewrite_session_delete( mt->mt_rwmap.rwm_rw, op->o_conn );
+
+ /* mc here must be the regular mc, reset and ready for init */
+ rc = meta_back_init_one_conn( op, rs, mc, candidate,
+ LDAP_BACK_CONN_ISPRIV( mc ), LDAP_BACK_DONTSEND, 0 );
+
+ if ( rc == LDAP_SUCCESS ) {
+ LDAP_BACK_CONN_BINDING_SET( msc );
+ }
+
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+
+ if ( rc == LDAP_SUCCESS ) {
+ candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
+ goto retry;
+ }
}
if ( *mcp == NULL ) {
@@ -209,18 +326,20 @@ other:;
rc = slap_map_api2result( rs );
ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
- LDAP_BACK_CONN_BINDING_CLEAR( msc );
+ meta_clear_one_candidate( op, mc, candidate );
+ candidates[ candidate ].sr_err = rc;
if ( META_BACK_ONERR_STOP( mi ) ) {
LDAP_BACK_CONN_TAINTED_SET( mc );
- meta_back_release_conn( op, mc );
+ meta_back_release_conn_lock( mi, mc, 0 );
*mcp = NULL;
+ rs->sr_err = rc;
retcode = META_SEARCH_ERR;
} else {
- candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
retcode = META_SEARCH_NOT_CANDIDATE;
}
+ candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
break;
}
@@ -252,32 +371,45 @@ meta_search_dobind_result(
NULL, NULL, NULL, NULL, 0 );
if ( rc != LDAP_SUCCESS ) {
candidates[ candidate ].sr_err = rc;
+
+ } else {
+ rc = slap_map_api2result( &candidates[ candidate ] );
}
- rc = slap_map_api2result( &candidates[ candidate ] );
ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
LDAP_BACK_CONN_BINDING_CLEAR( msc );
if ( rc != LDAP_SUCCESS ) {
+ meta_clear_one_candidate( op, mc, candidate );
+ candidates[ candidate ].sr_err = rc;
if ( META_BACK_ONERR_STOP( mi ) ) {
LDAP_BACK_CONN_TAINTED_SET( mc );
- meta_back_release_conn( op, mc );
+ meta_back_release_conn_lock( mi, mc, 0 );
*mcp = NULL;
retcode = META_SEARCH_ERR;
+ rs->sr_err = rc;
}
} else {
/* FIXME: check if bound as idassert authcDN! */
- if ( be_isroot( op ) ) {
- LDAP_BACK_CONN_ISBOUND_SET( msc );
- } else {
+ if ( BER_BVISNULL( &msc->msc_bound_ndn )
+ || BER_BVISEMPTY( &msc->msc_bound_ndn ) )
+ {
LDAP_BACK_CONN_ISANON_SET( msc );
+
+ } else {
+ LDAP_BACK_CONN_ISBOUND_SET( msc );
}
retcode = META_SEARCH_CANDIDATE;
+
+ /* connect must be async */
+ ldap_set_option( msc->msc_ld, LDAP_OPT_CONNECT_ASYNC, LDAP_OPT_OFF );
}
- ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+ candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
META_BINDING_CLEAR( &candidates[ candidate ] );
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+
return retcode;
}
@@ -310,9 +442,11 @@ meta_back_search_start(
"%s: meta_back_search_start candidate=%d ld=NULL%s.\n",
op->o_log_prefix, candidate,
META_BACK_ONERR_STOP( mi ) ? "" : " (ignored)" );
+ candidates[ candidate ].sr_err = LDAP_OTHER;
if ( META_BACK_ONERR_STOP( mi ) ) {
return META_SEARCH_ERR;
}
+ candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
return META_SEARCH_NOT_CANDIDATE;
}
@@ -529,12 +663,17 @@ meta_back_search( Operation *op, SlapReply *rs )
{
metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
metaconn_t *mc;
- struct timeval tv = { 0, 0 };
- time_t stoptime = (time_t)-1;
+ struct timeval save_tv = { 0, 0 },
+ tv;
+ time_t stoptime = (time_t)(-1),
+ lastres_time = slap_get_time(),
+ timeout = 0;
int rc = 0, sres = LDAP_SUCCESS;
char *matched = NULL;
int last = 0, ncandidates = 0,
- initial_candidates = 0, candidate_match = 0;
+ initial_candidates = 0, candidate_match = 0,
+ needbind = 0;
+ ldap_back_send_t sendok = LDAP_BACK_SENDERR;
long i;
dncookie dc;
int is_ok = 0;
@@ -547,7 +686,8 @@ meta_back_search( Operation *op, SlapReply *rs )
* FIXME: in case of values return filter, we might want
* to map attrs and maybe rewrite value
*/
- mc = meta_back_getconn( op, rs, NULL, LDAP_BACK_SENDERR );
+getconn:;
+ mc = meta_back_getconn( op, rs, NULL, sendok );
if ( !mc ) {
return rs->sr_err;
}
@@ -559,8 +699,17 @@ meta_back_search( Operation *op, SlapReply *rs )
* Inits searches
*/
for ( i = 0; i < mi->mi_ntargets; i++ ) {
+ /* reset sr_msgid; it is used in most loops
+ * to check if that target is still to be considered */
candidates[ i ].sr_msgid = META_MSGID_IGNORE;
+ /* a target is marked as candidate by meta_back_getconn();
+ * if for any reason (an error, it's over or so) it is
+ * no longer active, sr_msgid is set to META_MSGID_IGNORE
+ * but it remains candidate, which means it has been active
+ * at some point during the operation. This allows to
+ * use its response code and more to compute the final
+ * response */
if ( !META_IS_CANDIDATE( &candidates[ i ] ) ) {
continue;
}
@@ -569,6 +718,13 @@ meta_back_search( Operation *op, SlapReply *rs )
candidates[ i ].sr_text = NULL;
candidates[ i ].sr_ref = NULL;
candidates[ i ].sr_ctrls = NULL;
+
+ /* get largest timeout among candidates */
+ if ( mi->mi_targets[ i ]->mt_timeout[ SLAP_OP_SEARCH ]
+ && mi->mi_targets[ i ]->mt_timeout[ SLAP_OP_SEARCH ] > timeout )
+ {
+ timeout = mi->mi_targets[ i ]->mt_timeout[ SLAP_OP_SEARCH ];
+ }
}
for ( i = 0; i < mi->mi_ntargets; i++ ) {
@@ -581,11 +737,16 @@ meta_back_search( Operation *op, SlapReply *rs )
switch ( meta_back_search_start( op, rs, &dc, &mc, i, candidates ) )
{
case META_SEARCH_NOT_CANDIDATE:
+ candidates[ i ].sr_msgid = META_MSGID_IGNORE;
break;
+ case META_SEARCH_NEED_BIND:
+ ++needbind;
+ /* fallthru */
+
+ case META_SEARCH_CONNECTING:
case META_SEARCH_CANDIDATE:
case META_SEARCH_BINDING:
- case META_SEARCH_NEED_BIND:
candidates[ i ].sr_type = REP_INTERMEDIATE;
++ncandidates;
break;
@@ -597,13 +758,53 @@ meta_back_search( Operation *op, SlapReply *rs )
op->o_private = savepriv;
rc = -1;
goto finish;
+
+ default:
+ assert( 0 );
+ break;
}
}
+ if ( ncandidates > 0 && needbind == ncandidates ) {
+ /*
+ * give up the second time...
+ *
+ * NOTE: this should not occur the second time, since a fresh
+ * connection has ben created; however, targets may also
+ * need bind because the bind timed out or so.
+ */
+ if ( sendok & LDAP_BACK_BINDING ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s meta_back_search: unable to initialize conn\n",
+ op->o_log_prefix, 0, 0 );
+ rs->sr_err = LDAP_UNAVAILABLE;
+ rs->sr_text = "unable to initialize connection to remote targets";
+ send_ldap_result( op, rs );
+ rc = -1;
+ goto finish;
+ }
+
+ /* FIXME: better create a separate connection? */
+ sendok |= LDAP_BACK_BINDING;
+
+#ifdef DEBUG_205
+ Debug( LDAP_DEBUG_ANY, "*** %s drop mc=%p create new connection\n",
+ op->o_log_prefix, (void *)mc, 0 );
+#endif /* DEBUG_205 */
+
+ meta_back_release_conn( mi, mc );
+ mc = NULL;
+
+ needbind = 0;
+ ncandidates = 0;
+
+ goto getconn;
+ }
+
initial_candidates = ncandidates;
if ( LogTest( LDAP_DEBUG_TRACE ) ) {
- char cnd[ BUFSIZ ];
+ char cnd[ SLAP_TEXT_BUFLEN ];
int c;
for ( c = 0; c < mi->mi_ntargets; c++ ) {
@@ -666,7 +867,25 @@ meta_back_search( Operation *op, SlapReply *rs )
* among the candidates
*/
for ( rc = 0; ncandidates > 0; ) {
- int gotit = 0, doabandon = 0;
+ int gotit = 0,
+ doabandon = 0,
+ alreadybound = ncandidates;
+ time_t curr_time = 0;
+
+ /* check timeout */
+ if ( timeout && lastres_time > 0
+ && ( slap_get_time() - lastres_time ) > timeout )
+ {
+ doabandon = 1;
+ rs->sr_text = "Operation timed out";
+ rc = rs->sr_err = op->o_protocol >= LDAP_VERSION3 ?
+ LDAP_ADMINLIMIT_EXCEEDED : LDAP_OTHER;
+ savepriv = op->o_private;
+ op->o_private = (void *)i;
+ send_ldap_result( op, rs );
+ op->o_private = savepriv;
+ goto finish;
+ }
/* check time limit */
if ( op->ors_tlimit != SLAP_NO_LIMIT
@@ -682,16 +901,19 @@ meta_back_search( Operation *op, SlapReply *rs )
}
for ( i = 0; i < mi->mi_ntargets; i++ ) {
+ meta_search_candidate_t retcode = META_SEARCH_UNDEFINED;
metasingleconn_t *msc = &mc->mc_conns[ i ];
LDAPMessage *res = NULL, *msg;
+ /* if msgid is invalid, don't ldap_result() */
if ( candidates[ i ].sr_msgid == META_MSGID_IGNORE ) {
continue;
}
- if ( candidates[ i ].sr_msgid == META_MSGID_NEED_BIND ) {
- meta_search_candidate_t retcode;
-
+ /* if target still needs bind, retry */
+ if ( candidates[ i ].sr_msgid == META_MSGID_NEED_BIND
+ || candidates[ i ].sr_msgid == META_MSGID_CONNECTING )
+ {
/* initiate dobind */
retcode = meta_search_dobind_init( op, rs, &mc, i, candidates );
@@ -699,20 +921,16 @@ meta_back_search( Operation *op, SlapReply *rs )
op->o_log_prefix, i, retcode );
switch ( retcode ) {
- case META_SEARCH_BINDING:
case META_SEARCH_NEED_BIND:
- break;
+ alreadybound--;
+ /* fallthru */
- case META_SEARCH_NOT_CANDIDATE:
- /*
- * When no candidates are left,
- * the outer cycle finishes
- */
- candidates[ i ].sr_msgid = META_MSGID_IGNORE;
- --ncandidates;
+ case META_SEARCH_CONNECTING:
+ case META_SEARCH_BINDING:
break;
case META_SEARCH_ERR:
+ candidates[ i ].sr_err = rs->sr_err;
if ( META_BACK_ONERR_STOP( mi ) ) {
savepriv = op->o_private;
op->o_private = (void *)i;
@@ -720,6 +938,16 @@ meta_back_search( Operation *op, SlapReply *rs )
op->o_private = savepriv;
goto finish;
}
+ /* fallthru */
+
+ case META_SEARCH_NOT_CANDIDATE:
+ /*
+ * When no candidates are left,
+ * the outer cycle finishes
+ */
+ candidates[ i ].sr_msgid = META_MSGID_IGNORE;
+ assert( ncandidates > 0 );
+ --ncandidates;
break;
case META_SEARCH_CANDIDATE:
@@ -727,14 +955,11 @@ meta_back_search( Operation *op, SlapReply *rs )
switch ( meta_back_search_start( op, rs, &dc, &mc, i, candidates ) )
{
case META_SEARCH_CANDIDATE:
+ assert( candidates[ i ].sr_msgid >= 0 );
break;
- /* means that failed but onerr == continue */
- case META_SEARCH_NOT_CANDIDATE:
case META_SEARCH_ERR:
- candidates[ i ].sr_msgid = META_MSGID_IGNORE;
- --ncandidates;
-
+ candidates[ i ].sr_err = rs->sr_err;
if ( META_BACK_ONERR_STOP( mi ) ) {
savepriv = op->o_private;
op->o_private = (void *)i;
@@ -742,6 +967,14 @@ meta_back_search( Operation *op, SlapReply *rs )
op->o_private = savepriv;
goto finish;
}
+ /* fallthru */
+
+ case META_SEARCH_NOT_CANDIDATE:
+ /* means that meta_back_search_start()
+ * failed but onerr == continue */
+ candidates[ i ].sr_msgid = META_MSGID_IGNORE;
+ assert( ncandidates > 0 );
+ --ncandidates;
break;
default:
@@ -760,9 +993,27 @@ meta_back_search( Operation *op, SlapReply *rs )
}
/* check for abandon */
- if ( op->o_abandon ) {
+ if ( op->o_abandon || LDAP_BACK_CONN_ABANDON( mc ) ) {
break;
}
+
+#ifdef DEBUG_205
+ if ( msc->msc_ld == NULL ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+ snprintf( buf, sizeof( buf ),
+ "%s meta_back_search[%ld] mc=%p msgid=%d%s%s%s\n",
+ op->o_log_prefix, (long)i, (void *)mc,
+ candidates[ i ].sr_msgid,
+ META_IS_BINDING( &candidates[ i ] ) ? " binding" : "",
+ LDAP_BACK_CONN_BINDING( &mc->mc_conns[ i ] ) ? " connbinding" : "",
+ META_BACK_CONN_CREATING( &mc->mc_conns[ i ] ) ? " conncreating" : "" );
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+
+ Debug( LDAP_DEBUG_ANY, "!!! %s\n", buf, 0, 0 );
+ }
+#endif /* DEBUG_205 */
/*
* FIXME: handle time limit as well?
@@ -771,6 +1022,7 @@ meta_back_search( Operation *op, SlapReply *rs )
* get a LDAP_TIMELIMIT_EXCEEDED from
* one of them ...
*/
+ tv = save_tv;
rc = ldap_result( msc->msc_ld, candidates[ i ].sr_msgid,
LDAP_MSG_RECEIVED, &tv, &res );
switch ( rc ) {
@@ -789,14 +1041,14 @@ really_bad:;
candidates[ i ].sr_msgid = META_MSGID_IGNORE;
switch ( meta_back_search_start( op, rs, &dc, &mc, i, candidates ) )
{
- case META_SEARCH_CANDIDATE:
- break;
-
/* means that failed but onerr == continue */
case META_SEARCH_NOT_CANDIDATE:
candidates[ i ].sr_msgid = META_MSGID_IGNORE;
+
+ assert( ncandidates > 0 );
--ncandidates;
+ candidates[ i ].sr_err = rs->sr_err;
if ( META_BACK_ONERR_STOP( mi ) ) {
savepriv = op->o_private;
op->o_private = (void *)i;
@@ -804,18 +1056,27 @@ really_bad:;
op->o_private = savepriv;
goto finish;
}
- break;
+ /* fall thru */
+
+ case META_SEARCH_CANDIDATE:
+ /* get back into business... */
+ continue;
case META_SEARCH_BINDING:
+ case META_SEARCH_CONNECTING:
case META_SEARCH_NEED_BIND:
+ case META_SEARCH_UNDEFINED:
assert( 0 );
default:
+ /* unrecoverable error */
+ candidates[ i ].sr_msgid = META_MSGID_IGNORE;
rc = rs->sr_err = LDAP_OTHER;
goto finish;
}
}
+ candidates[ i ].sr_err = rs->sr_err;
if ( META_BACK_ONERR_STOP( mi ) ) {
savepriv = op->o_private;
op->o_private = (void *)i;
@@ -830,14 +1091,17 @@ really_bad:;
* the outer cycle finishes
*/
candidates[ i ].sr_msgid = META_MSGID_IGNORE;
+ assert( ncandidates > 0 );
--ncandidates;
rs->sr_err = candidates[ i ].sr_err;
continue;
default:
+ lastres_time = slap_get_time();
+
/* only touch when activity actually took place... */
- if ( mi->mi_idle_timeout != 0 && msc->msc_time < op->o_time ) {
- msc->msc_time = op->o_time;
+ if ( mi->mi_idle_timeout != 0 && msc->msc_time < lastres_time ) {
+ msc->msc_time = lastres_time;
}
break;
}
@@ -883,8 +1147,8 @@ really_bad:;
/* don't wait any longer... */
gotit = 1;
- tv.tv_sec = 0;
- tv.tv_usec = 0;
+ save_tv.tv_sec = 0;
+ save_tv.tv_usec = 0;
} else if ( rc == LDAP_RES_SEARCH_REFERENCE ) {
char **references = NULL;
@@ -916,6 +1180,7 @@ really_bad:;
#endif /* ! ENABLE_REWRITE */
/* FIXME: merge all and return at the end */
+
for ( cnt = 0; references[ cnt ]; cnt++ )
;
@@ -977,7 +1242,7 @@ really_bad:;
0 );
if ( rs->sr_err != LDAP_SUCCESS ) {
ldap_get_option( msc->msc_ld,
- LDAP_OPT_RESULT_CODE,
+ LDAP_OPT_ERROR_NUMBER,
&rs->sr_err );
sres = slap_map_api2result( rs );
candidates[ i ].sr_type = REP_RESULT;
@@ -1087,6 +1352,7 @@ really_bad:;
* the target enforced a limit lower
* than what requested by the proxy;
* ignore it */
+ candidates[ i ].sr_err = rs->sr_err;
if ( rs->sr_nentries == op->ors_slimit
|| META_BACK_ONERR_STOP( mi ) )
{
@@ -1101,6 +1367,7 @@ really_bad:;
break;
default:
+ candidates[ i ].sr_err = rs->sr_err;
if ( META_BACK_ONERR_STOP( mi ) ) {
savepriv = op->o_private;
op->o_private = (void *)i;
@@ -1121,6 +1388,7 @@ really_bad:;
* the outer cycle finishes
*/
candidates[ i ].sr_msgid = META_MSGID_IGNORE;
+ assert( ncandidates > 0 );
--ncandidates;
} else if ( rc == LDAP_RES_BIND ) {
@@ -1140,8 +1408,10 @@ really_bad:;
case META_SEARCH_NOT_CANDIDATE:
case META_SEARCH_ERR:
candidates[ i ].sr_msgid = META_MSGID_IGNORE;
+ assert( ncandidates > 0 );
--ncandidates;
+ candidates[ i ].sr_err = rs->sr_err;
if ( META_BACK_ONERR_STOP( mi ) ) {
savepriv = op->o_private;
op->o_private = (void *)i;
@@ -1151,7 +1421,7 @@ really_bad:;
res = NULL;
goto finish;
}
- break;
+ goto free_message;
default:
assert( 0 );
@@ -1166,21 +1436,32 @@ really_bad:;
}
}
+free_message:;
ldap_msgfree( res );
res = NULL;
}
/* check for abandon */
- if ( op->o_abandon || doabandon ) {
+ if ( op->o_abandon || LDAP_BACK_CONN_ABANDON( mc ) ) {
for ( i = 0; i < mi->mi_ntargets; i++ ) {
if ( candidates[ i ].sr_msgid >= 0 ) {
if ( META_IS_BINDING( &candidates[ i ] ) ) {
ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
if ( LDAP_BACK_CONN_BINDING( &mc->mc_conns[ i ] ) ) {
/* if still binding, destroy */
- ldap_unbind_ext( mc->mc_conns[ i ].msc_ld, NULL, NULL );
- mc->mc_conns[ i ].msc_ld = NULL;
- LDAP_BACK_CONN_BINDING_CLEAR( &mc->mc_conns[ i ] );
+
+#ifdef DEBUG_205
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ snprintf( buf, sizeof( buf), "%s meta_back_search(abandon) "
+ "ldap_unbind_ext[%ld] mc=%p ld=%p",
+ op->o_log_prefix, i, (void *)mc,
+ (void *)mc->mc_conns[i].msc_ld );
+
+ Debug( LDAP_DEBUG_ANY, "### %s\n", buf, 0, 0 );
+#endif /* DEBUG_205 */
+
+ meta_clear_one_candidate( op, mc, i );
}
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
META_BINDING_CLEAR( &candidates[ i ] );
@@ -1192,24 +1473,40 @@ really_bad:;
}
candidates[ i ].sr_msgid = META_MSGID_IGNORE;
+ assert( ncandidates > 0 );
+ --ncandidates;
}
}
if ( op->o_abandon ) {
rc = SLAPD_ABANDON;
- /* let send_ldap_result play cleanup handlers (ITS#4645) */
- break;
}
+
+ /* let send_ldap_result play cleanup handlers (ITS#4645) */
+ break;
}
/* if no entry was found during this loop,
* set a minimal timeout */
- if ( gotit == 0 ) {
- /* make the entire wait last
- * LDAP_BACK_RESULT_UTIMEOUT at worst */
- tv.tv_sec = 0;
- tv.tv_usec = LDAP_BACK_RESULT_UTIMEOUT/initial_candidates;
- ldap_pvt_thread_yield();
+ if ( ncandidates > 0 && gotit == 0 ) {
+ if ( save_tv.tv_sec == 0 && save_tv.tv_usec == 0 ) {
+ save_tv.tv_usec = LDAP_BACK_RESULT_UTIMEOUT/initial_candidates;
+
+ /* arbitrarily limit to something between 1 and 2 minutes */
+ } else if ( ( stoptime == -1 && save_tv.tv_sec < 60 )
+ || save_tv.tv_sec < ( stoptime - slap_get_time() ) / ( 2 * ncandidates ) )
+ {
+ /* double the timeout */
+ lutil_timermul( &save_tv, 2, &save_tv );
+ }
+
+ if ( alreadybound == 0 ) {
+ tv = save_tv;
+ (void)select( 0, NULL, NULL, NULL, &tv );
+
+ } else {
+ ldap_pvt_thread_yield();
+ }
}
}
@@ -1293,39 +1590,38 @@ really_bad:;
matched = op->o_bd->be_suffix[ 0 ].bv_val;
}
-#if 0
- {
- char buf[BUFSIZ];
- char cnd[BUFSIZ];
- int i;
-
- for ( i = 0; i < mi->mi_ntargets; i++ ) {
- if ( META_IS_CANDIDATE( &candidates[ i ] ) ) {
- cnd[ i ] = '*';
- } else {
- cnd[ i ] = ' ';
- }
- }
- cnd[ i ] = '\0';
-
- snprintf( buf, sizeof( buf ), "%s meta_back_search: is_scope=%d is_ok=%d cnd=\"%s\"\n",
- op->o_log_prefix, initial_candidates, is_ok, cnd );
-
- Debug( LDAP_DEBUG_ANY, "%s", buf, 0, 0 );
- }
-#endif
-
/*
* In case we returned at least one entry, we return LDAP_SUCCESS
* otherwise, the latter error code we got
- *
- * FIXME: we should handle error codes and return the more
- * important/reasonable
*/
- if ( sres == LDAP_SUCCESS && rs->sr_v2ref ) {
- sres = LDAP_REFERRAL;
+ if ( sres == LDAP_SUCCESS ) {
+ if ( rs->sr_v2ref ) {
+ sres = LDAP_REFERRAL;
+ }
+
+ if ( META_BACK_ONERR_REPORT( mi ) ) {
+ /*
+ * Report errors, if any
+ *
+ * FIXME: we should handle error codes and return the more
+ * important/reasonable
+ */
+ for ( i = 0; i < mi->mi_ntargets; i++ ) {
+ if ( !META_IS_CANDIDATE( &candidates[ i ] ) ) {
+ continue;
+ }
+
+ if ( candidates[ i ].sr_err != LDAP_SUCCESS
+ && candidates[ i ].sr_err != LDAP_NO_SUCH_OBJECT )
+ {
+ sres = candidates[ i ].sr_err;
+ break;
+ }
+ }
+ }
}
+
rs->sr_err = sres;
rs->sr_matched = matched;
rs->sr_ref = ( sres == LDAP_REFERRAL ? rs->sr_v2ref : NULL );
@@ -1351,14 +1647,17 @@ finish:;
if ( mc && META_IS_BINDING( &candidates[ i ] ) ) {
ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
if ( LDAP_BACK_CONN_BINDING( &mc->mc_conns[ i ] ) ) {
- LDAP_BACK_CONN_BINDING_CLEAR( &mc->mc_conns[ i ] );
-
assert( candidates[ i ].sr_msgid >= 0 );
assert( mc->mc_conns[ i ].msc_ld != NULL );
+#ifdef DEBUG_205
+ Debug( LDAP_DEBUG_ANY, "### %s meta_back_search(cleanup) "
+ "ldap_unbind_ext[%ld] ld=%p\n",
+ op->o_log_prefix, i, (void *)mc->mc_conns[i].msc_ld );
+#endif /* DEBUG_205 */
+
/* if still binding, destroy */
- ldap_unbind_ext( mc->mc_conns[ i ].msc_ld, NULL, NULL );
- mc->mc_conns[ i ].msc_ld = NULL;
+ meta_clear_one_candidate( op, mc, i );
}
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
META_BINDING_CLEAR( &candidates[ i ] );
@@ -1403,7 +1702,7 @@ finish:;
}
if ( mc ) {
- meta_back_release_conn( op, mc );
+ meta_back_release_conn( mi, mc );
}
return rs->sr_err;
diff --git a/servers/slapd/back-meta/suffixmassage.c b/servers/slapd/back-meta/suffixmassage.c
index 1fe6f502c4084bed5874a4e4b74afcaf2ea4f534..2910493178d8d22b24603766e7498fb74b3359a7 100644
--- a/servers/slapd/back-meta/suffixmassage.c
+++ b/servers/slapd/back-meta/suffixmassage.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-meta/unbind.c b/servers/slapd/back-meta/unbind.c
index 1051b0b3b1114361c49f89e0634e385cd5429e2b..42af600c05fe0ea519870a5231e1c4ff7fc1bd77 100644
--- a/servers/slapd/back-meta/unbind.c
+++ b/servers/slapd/back-meta/unbind.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
@@ -52,20 +52,28 @@ meta_back_conn_destroy(
ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
#if META_BACK_PRINT_CONNTREE > 0
- meta_back_print_conntree( mi->mi_conninfo.lai_tree, ">>> meta_back_conn_destroy" );
+ meta_back_print_conntree( mi, ">>> meta_back_conn_destroy" );
#endif /* META_BACK_PRINT_CONNTREE */
while ( ( mc = avl_delete( &mi->mi_conninfo.lai_tree, ( caddr_t )&mc_curr, meta_back_conn_cmp ) ) != NULL )
{
Debug( LDAP_DEBUG_TRACE,
- "=>meta_back_conn_destroy: destroying conn %ld\n",
- LDAP_BACK_PCONN_ID( mc ), 0, 0 );
+ "=>meta_back_conn_destroy: destroying conn %ld "
+ "refcnt=%d flags=0x%08x\n",
+ LDAP_BACK_PCONN_ID( mc ),
+ mc->mc_refcnt, mc->msc_mscflags );
- assert( mc->mc_refcnt == 0 );
+ if ( mc->mc_refcnt > 0 ) {
+ /* someone else might be accessing the connection;
+ * mark for deletion */
+ LDAP_BACK_CONN_CACHED_CLEAR( mc );
+ LDAP_BACK_CONN_TAINTED_SET( mc );
- meta_back_conn_free( mc );
+ } else {
+ meta_back_conn_free( mc );
+ }
}
#if META_BACK_PRINT_CONNTREE > 0
- meta_back_print_conntree( mi->mi_conninfo.lai_tree, "<<< meta_back_conn_destroy" );
+ meta_back_print_conntree( mi, "<<< meta_back_conn_destroy" );
#endif /* META_BACK_PRINT_CONNTREE */
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
diff --git a/servers/slapd/back-monitor/Makefile.in b/servers/slapd/back-monitor/Makefile.in
index 56c11d2085c0a4f210cdbfadb360ea7e5ad7458a..b2677529f0e016ed7ef4d20f7e2524f6bf53b3f1 100644
--- a/servers/slapd/back-monitor/Makefile.in
+++ b/servers/slapd/back-monitor/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-monitor/back-monitor.h b/servers/slapd/back-monitor/back-monitor.h
index 905bcf73ff651a6619cfbecbb37caca23cdc8078..79bf0858727c2ea9a9c1cb966f7cf065ba73ed69 100644
--- a/servers/slapd/back-monitor/back-monitor.h
+++ b/servers/slapd/back-monitor/back-monitor.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
@@ -39,9 +39,13 @@ typedef struct monitor_callback_t {
int (*mc_modify)( Operation *op, SlapReply *rs, Entry *e, void *priv );
/* modify callback
for user-defined entries */
- int (*mc_free)( Entry *e, void *priv );
+ int (*mc_free)( Entry *e, void **priv );
/* delete callback
for user-defined entries */
+ void (*mc_dispose)( void **priv );
+ /* dispose callback
+ to dispose of the callback
+ private data itself */
void *mc_private; /* opaque pointer to
private data */
struct monitor_callback_t *mc_next;
diff --git a/servers/slapd/back-monitor/backend.c b/servers/slapd/back-monitor/backend.c
index 04c21f27342ca1e0206be70880a1534e6d41359d..34f4a18f5289cc745a6a920658462f89f18fa0fc 100644
--- a/servers/slapd/back-monitor/backend.c
+++ b/servers/slapd/back-monitor/backend.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
diff --git a/servers/slapd/back-monitor/bind.c b/servers/slapd/back-monitor/bind.c
index 0e3a2869fd5fb12733bddd9648fb264cd3d3a56e..bc7dbc5298874172f67dd9176199c03671dee393 100644
--- a/servers/slapd/back-monitor/bind.c
+++ b/servers/slapd/back-monitor/bind.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
diff --git a/servers/slapd/back-monitor/cache.c b/servers/slapd/back-monitor/cache.c
index 9c96c0c154adaa7b1515f38f04ca17b8a5f69ac2..f98fb18d081c748bbaf375fe701035abcf56a398 100644
--- a/servers/slapd/back-monitor/cache.c
+++ b/servers/slapd/back-monitor/cache.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
@@ -405,7 +405,7 @@ monitor_entry_destroy( void *v_mc )
monitor_callback_t *next = cb->mc_next;
if ( cb->mc_free ) {
- cb->mc_free( mc->mc_e, cb->mc_private );
+ (void)cb->mc_free( mc->mc_e, &cb->mc_private );
}
ch_free( mp->mp_cb );
diff --git a/servers/slapd/back-monitor/compare.c b/servers/slapd/back-monitor/compare.c
index 244c8bb69a85523a61e2cbdfb9847e57500ac5e1..09eb118d23afef1f75f4f2b5d530eded766f068c 100644
--- a/servers/slapd/back-monitor/compare.c
+++ b/servers/slapd/back-monitor/compare.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
diff --git a/servers/slapd/back-monitor/conn.c b/servers/slapd/back-monitor/conn.c
index 5f89f8ccd00c174bf707bdcdcb1f0539bbfce92c..45ceade0546f23c1dd1a37f1c9841c0e3a5fcade 100644
--- a/servers/slapd/back-monitor/conn.c
+++ b/servers/slapd/back-monitor/conn.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
@@ -383,8 +383,10 @@ conn_create(
c->c_dn.bv_len ? c->c_dn.bv_val : SLAPD_ANONYMOUS,
c->c_listener_url.bv_val,
- c->c_peer_domain.bv_val,
- c->c_peer_name.bv_val,
+ BER_BVISNULL( &c->c_peer_domain )
+ ? "" : c->c_peer_domain.bv_val,
+ BER_BVISNULL( &c->c_peer_name )
+ ? "" : c->c_peer_name.bv_val,
c->c_sock_name.bv_val,
buf2,
@@ -432,6 +434,7 @@ conn_create(
&c->c_dn, &c->c_ndn );
/* NOTE: client connections leave the c_peer_* fields NULL */
+ assert( !BER_BVISNULL( &c->c_listener_url ) );
attr_merge_one( e, mi->mi_ad_monitorConnectionListener,
&c->c_listener_url, NULL );
@@ -443,6 +446,7 @@ conn_create(
BER_BVISNULL( &c->c_peer_name ) ? &bv_unknown : &c->c_peer_name,
NULL );
+ assert( !BER_BVISNULL( &c->c_sock_name ) );
attr_merge_one( e, mi->mi_ad_monitorConnectionLocalAddress,
&c->c_sock_name, NULL );
diff --git a/servers/slapd/back-monitor/database.c b/servers/slapd/back-monitor/database.c
index 8f82d751e4eec2a1251b10042b5135bcd761478e..2ae676a0c9644ab43d71a49380ecf982303721a7 100644
--- a/servers/slapd/back-monitor/database.c
+++ b/servers/slapd/back-monitor/database.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
diff --git a/servers/slapd/back-monitor/entry.c b/servers/slapd/back-monitor/entry.c
index 3b3d4691c531c8c08351d0af4991c55ff48d8f1b..96e2f0fe76d3e508c59c34432a8925d7898ceb1f 100644
--- a/servers/slapd/back-monitor/entry.c
+++ b/servers/slapd/back-monitor/entry.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
diff --git a/servers/slapd/back-monitor/init.c b/servers/slapd/back-monitor/init.c
index bc5448f17838aa2f61a3ed0f34caedb662b6c1ff..978d1301c8809a38fe35f8398196d4c73fad8e22 100644
--- a/servers/slapd/back-monitor/init.c
+++ b/servers/slapd/back-monitor/init.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
@@ -30,6 +30,8 @@
#include "lber_pvt.h"
#include "back-monitor.h"
+#include "config.h"
+
#undef INTEGRATE_CORE_SCHEMA
/*
@@ -704,6 +706,7 @@ monitor_search2ndn(
Connection conn = { 0 };
OperationBuffer opbuf;
Operation *op;
+ void *thrctx;
SlapReply rs = { 0 };
slap_callback cb = { NULL, monitor_search2ndn_cb, NULL, NULL };
int rc;
@@ -715,14 +718,13 @@ monitor_search2ndn(
}
op = (Operation *) &opbuf;
- connection_fake_init( &conn, op, &conn );
+ thrctx = ldap_pvt_thread_pool_context();
+ connection_fake_init( &conn, op, thrctx );
op->o_tag = LDAP_REQ_SEARCH;
/* use global malloc for now */
if ( op->o_tmpmemctx ) {
- /* FIXME: connection_fake_init() calls slap_sl_mem_create, so we destroy it for now */
- slap_sl_mem_destroy( NULL, op->o_tmpmemctx );
op->o_tmpmemctx = NULL;
}
op->o_tmpmfuncs = &ch_mfuncs;
@@ -990,7 +992,6 @@ done:;
return -1;
}
-done_limbo:;
if ( *elpp != NULL ) {
el.el_next = NULL;
**elpp = el;
@@ -1078,7 +1079,7 @@ monitor_back_unregister_entry(
monitor_callback_t *next = cb->mc_next;
if ( cb->mc_free ) {
- (void)cb->mc_free( e, cb->mc_private );
+ (void)cb->mc_free( e, &cb->mc_private );
}
ch_free( cb );
@@ -1206,7 +1207,7 @@ monitor_back_unregister_entry_parent(
for ( cbp = &mp->mp_cb; *cbp != NULL; cbp = &(*cbp)->mc_next ) {
if ( *cbp == target_cb ) {
if ( (*cbp)->mc_free ) {
- (void)(*cbp)->mc_free( e, (*cbp)->mc_private );
+ (void)(*cbp)->mc_free( e, &(*cbp)->mc_private );
}
*cbp = (*cbp)->mc_next;
ch_free( target_cb );
@@ -1368,7 +1369,7 @@ monitor_back_unregister_entry_attrs(
for ( cbp = &mp->mp_cb; *cbp != NULL; cbp = &(*cbp)->mc_next ) {
if ( *cbp == target_cb ) {
if ( (*cbp)->mc_free ) {
- (void)(*cbp)->mc_free( e, (*cbp)->mc_private );
+ (void)(*cbp)->mc_free( e, &(*cbp)->mc_private );
}
*cbp = (*cbp)->mc_next;
ch_free( target_cb );
@@ -1596,7 +1597,7 @@ monitor_back_initialize(
"SUBSTR caseIgnoreSubstringsMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} "
"NO-USER-MODIFICATION "
- "USAGE directoryOperation )", SLAP_AT_HIDE,
+ "USAGE dSAOperation )", SLAP_AT_HIDE,
offsetof(monitor_info_t, mi_ad_monitoredInfo) },
{ "( 1.3.6.1.4.1.4203.666.1.55.2 "
"NAME 'managedInfo' "
@@ -1610,28 +1611,28 @@ monitor_back_initialize(
"ORDERING integerOrderingMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 "
"NO-USER-MODIFICATION "
- "USAGE directoryOperation )", SLAP_AT_HIDE,
+ "USAGE dSAOperation )", SLAP_AT_HIDE,
offsetof(monitor_info_t, mi_ad_monitorCounter) },
{ "( 1.3.6.1.4.1.4203.666.1.55.4 "
"NAME 'monitorOpCompleted' "
"DESC 'monitor completed operations' "
"SUP monitorCounter "
"NO-USER-MODIFICATION "
- "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ "USAGE dSAOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
offsetof(monitor_info_t, mi_ad_monitorOpCompleted) },
{ "( 1.3.6.1.4.1.4203.666.1.55.5 "
"NAME 'monitorOpInitiated' "
"DESC 'monitor initiated operations' "
"SUP monitorCounter "
"NO-USER-MODIFICATION "
- "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ "USAGE dSAOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
offsetof(monitor_info_t, mi_ad_monitorOpInitiated) },
{ "( 1.3.6.1.4.1.4203.666.1.55.6 "
"NAME 'monitorConnectionNumber' "
"DESC 'monitor connection number' "
"SUP monitorCounter "
"NO-USER-MODIFICATION "
- "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ "USAGE dSAOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
offsetof(monitor_info_t, mi_ad_monitorConnectionNumber) },
{ "( 1.3.6.1.4.1.4203.666.1.55.7 "
"NAME 'monitorConnectionAuthzDN' "
@@ -1640,21 +1641,21 @@ monitor_back_initialize(
"EQUALITY distinguishedNameMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 "
"NO-USER-MODIFICATION "
- "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ "USAGE dSAOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
offsetof(monitor_info_t, mi_ad_monitorConnectionAuthzDN) },
{ "( 1.3.6.1.4.1.4203.666.1.55.8 "
"NAME 'monitorConnectionLocalAddress' "
"DESC 'monitor connection local address' "
"SUP monitoredInfo "
"NO-USER-MODIFICATION "
- "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ "USAGE dSAOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
offsetof(monitor_info_t, mi_ad_monitorConnectionLocalAddress) },
{ "( 1.3.6.1.4.1.4203.666.1.55.9 "
"NAME 'monitorConnectionPeerAddress' "
"DESC 'monitor connection peer address' "
"SUP monitoredInfo "
"NO-USER-MODIFICATION "
- "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ "USAGE dSAOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
offsetof(monitor_info_t, mi_ad_monitorConnectionPeerAddress) },
{ "( 1.3.6.1.4.1.4203.666.1.55.10 "
"NAME 'monitorTimestamp' "
@@ -1664,14 +1665,14 @@ monitor_back_initialize(
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
"SINGLE-VALUE "
"NO-USER-MODIFICATION "
- "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ "USAGE dSAOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
offsetof(monitor_info_t, mi_ad_monitorTimestamp) },
{ "( 1.3.6.1.4.1.4203.666.1.55.11 "
"NAME 'monitorOverlay' "
"DESC 'name of overlays defined for a given database' "
"SUP monitoredInfo "
"NO-USER-MODIFICATION "
- "USAGE directoryOperation )", SLAP_AT_HIDE,
+ "USAGE dSAOperation )", SLAP_AT_HIDE,
offsetof(monitor_info_t, mi_ad_monitorOverlay) },
{ "( 1.3.6.1.4.1.4203.666.1.55.12 "
"NAME 'readOnly' "
@@ -1679,7 +1680,7 @@ monitor_back_initialize(
"EQUALITY booleanMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 "
"SINGLE-VALUE "
- "USAGE directoryOperation )", SLAP_AT_HIDE,
+ "USAGE dSAOperation )", SLAP_AT_HIDE,
offsetof(monitor_info_t, mi_ad_readOnly) },
{ "( 1.3.6.1.4.1.4203.666.1.55.13 "
"NAME 'restrictedOperation' "
@@ -1691,77 +1692,77 @@ monitor_back_initialize(
"DESC 'monitor connection protocol' "
"SUP monitoredInfo "
"NO-USER-MODIFICATION "
- "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ "USAGE dSAOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
offsetof(monitor_info_t, mi_ad_monitorConnectionProtocol) },
{ "( 1.3.6.1.4.1.4203.666.1.55.15 "
"NAME 'monitorConnectionOpsReceived' "
"DESC 'monitor number of operations received by the connection' "
"SUP monitorCounter "
"NO-USER-MODIFICATION "
- "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ "USAGE dSAOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
offsetof(monitor_info_t, mi_ad_monitorConnectionOpsReceived) },
{ "( 1.3.6.1.4.1.4203.666.1.55.16 "
"NAME 'monitorConnectionOpsExecuting' "
"DESC 'monitor number of operations in execution within the connection' "
"SUP monitorCounter "
"NO-USER-MODIFICATION "
- "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ "USAGE dSAOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
offsetof(monitor_info_t, mi_ad_monitorConnectionOpsExecuting) },
{ "( 1.3.6.1.4.1.4203.666.1.55.17 "
"NAME 'monitorConnectionOpsPending' "
"DESC 'monitor number of pending operations within the connection' "
"SUP monitorCounter "
"NO-USER-MODIFICATION "
- "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ "USAGE dSAOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
offsetof(monitor_info_t, mi_ad_monitorConnectionOpsPending) },
{ "( 1.3.6.1.4.1.4203.666.1.55.18 "
"NAME 'monitorConnectionOpsCompleted' "
"DESC 'monitor number of operations completed within the connection' "
"SUP monitorCounter "
"NO-USER-MODIFICATION "
- "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ "USAGE dSAOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
offsetof(monitor_info_t, mi_ad_monitorConnectionOpsCompleted) },
{ "( 1.3.6.1.4.1.4203.666.1.55.19 "
"NAME 'monitorConnectionGet' "
"DESC 'number of times connection_get() was called so far' "
"SUP monitorCounter "
"NO-USER-MODIFICATION "
- "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ "USAGE dSAOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
offsetof(monitor_info_t, mi_ad_monitorConnectionGet) },
{ "( 1.3.6.1.4.1.4203.666.1.55.20 "
"NAME 'monitorConnectionRead' "
"DESC 'number of times connection_read() was called so far' "
"SUP monitorCounter "
"NO-USER-MODIFICATION "
- "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ "USAGE dSAOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
offsetof(monitor_info_t, mi_ad_monitorConnectionRead) },
{ "( 1.3.6.1.4.1.4203.666.1.55.21 "
"NAME 'monitorConnectionWrite' "
"DESC 'number of times connection_write() was called so far' "
"SUP monitorCounter "
"NO-USER-MODIFICATION "
- "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ "USAGE dSAOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
offsetof(monitor_info_t, mi_ad_monitorConnectionWrite) },
{ "( 1.3.6.1.4.1.4203.666.1.55.22 "
"NAME 'monitorConnectionMask' "
"DESC 'monitor connection mask' "
"SUP monitoredInfo "
"NO-USER-MODIFICATION "
- "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ "USAGE dSAOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
offsetof(monitor_info_t, mi_ad_monitorConnectionMask) },
{ "( 1.3.6.1.4.1.4203.666.1.55.23 "
"NAME 'monitorConnectionListener' "
"DESC 'monitor connection listener' "
"SUP monitoredInfo "
"NO-USER-MODIFICATION "
- "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ "USAGE dSAOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
offsetof(monitor_info_t, mi_ad_monitorConnectionListener) },
{ "( 1.3.6.1.4.1.4203.666.1.55.24 "
"NAME 'monitorConnectionPeerDomain' "
"DESC 'monitor connection peer domain' "
"SUP monitoredInfo "
"NO-USER-MODIFICATION "
- "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ "USAGE dSAOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
offsetof(monitor_info_t, mi_ad_monitorConnectionPeerDomain) },
{ "( 1.3.6.1.4.1.4203.666.1.55.25 "
"NAME 'monitorConnectionStartTime' "
@@ -1769,7 +1770,7 @@ monitor_back_initialize(
"SUP monitorTimestamp "
"SINGLE-VALUE "
"NO-USER-MODIFICATION "
- "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ "USAGE dSAOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
offsetof(monitor_info_t, mi_ad_monitorConnectionStartTime) },
{ "( 1.3.6.1.4.1.4203.666.1.55.26 "
"NAME 'monitorConnectionActivityTime' "
@@ -1777,7 +1778,7 @@ monitor_back_initialize(
"SUP monitorTimestamp "
"SINGLE-VALUE "
"NO-USER-MODIFICATION "
- "USAGE directoryOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
+ "USAGE dSAOperation )", SLAP_AT_FINAL|SLAP_AT_HIDE,
offsetof(monitor_info_t, mi_ad_monitorConnectionActivityTime) },
{ "( 1.3.6.1.4.1.4203.666.1.55.27 "
"NAME 'monitorIsShadow' "
@@ -1785,14 +1786,14 @@ monitor_back_initialize(
"EQUALITY booleanMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 "
"SINGLE-VALUE "
- "USAGE directoryOperation )", SLAP_AT_HIDE,
+ "USAGE dSAOperation )", SLAP_AT_HIDE,
offsetof(monitor_info_t, mi_ad_monitorIsShadow) },
{ "( 1.3.6.1.4.1.4203.666.1.55.28 "
"NAME 'monitorUpdateRef' "
"DESC 'update referral for shadow databases' "
"SUP monitoredInfo "
"SINGLE-VALUE "
- "USAGE directoryOperation )", SLAP_AT_HIDE,
+ "USAGE dSAOperation )", SLAP_AT_HIDE,
offsetof(monitor_info_t, mi_ad_monitorUpdateRef) },
{ "( 1.3.6.1.4.1.4203.666.1.55.29 "
"NAME 'monitorRuntimeConfig' "
@@ -1800,7 +1801,7 @@ monitor_back_initialize(
"EQUALITY booleanMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 "
"SINGLE-VALUE "
- "USAGE directoryOperation )", SLAP_AT_HIDE,
+ "USAGE dSAOperation )", SLAP_AT_HIDE,
offsetof(monitor_info_t, mi_ad_monitorRuntimeConfig) },
{ NULL, 0, -1 }
};
@@ -1835,17 +1836,20 @@ monitor_back_initialize(
};
int i, rc;
- const char *text;
monitor_info_t *mi = &monitor_info;
+ ConfigArgs c;
+ char *argv[ 3 ];
+
+ argv[ 0 ] = "monitor";
+ c.argv = argv;
+ c.argc = 3;
+ c.fname = argv[0];
for ( i = 0; s_oid[ i ].name; i++ ) {
- char *argv[ 3 ];
-
- argv[ 0 ] = "monitor";
argv[ 1 ] = s_oid[ i ].name;
argv[ 2 ] = s_oid[ i ].oid;
- if ( parse_oidm( argv[ 0 ], i, 3, argv, 0, NULL ) != 0 ) {
+ if ( parse_oidm( &c, 0, NULL ) != 0 ) {
Debug( LDAP_DEBUG_ANY,
"monitor_back_initialize: unable to add "
"objectIdentifier \"%s=%s\"\n",
@@ -2225,10 +2229,11 @@ monitor_back_db_open(
for ( ; el; ) {
entry_limbo_t *tmp;
+ int rc;
switch ( el->el_type ) {
case LIMBO_ENTRY:
- monitor_back_register_entry(
+ rc = monitor_back_register_entry(
el->el_e,
el->el_cb,
el->el_mss,
@@ -2236,7 +2241,7 @@ monitor_back_db_open(
break;
case LIMBO_ENTRY_PARENT:
- monitor_back_register_entry_parent(
+ rc = monitor_back_register_entry_parent(
el->el_e,
el->el_cb,
el->el_mss,
@@ -2248,7 +2253,7 @@ monitor_back_db_open(
case LIMBO_ATTRS:
- monitor_back_register_entry_attrs(
+ rc = monitor_back_register_entry_attrs(
&el->el_ndn,
el->el_a,
el->el_cb,
@@ -2258,7 +2263,7 @@ monitor_back_db_open(
break;
case LIMBO_CB:
- monitor_back_register_entry_callback(
+ rc = monitor_back_register_entry_callback(
&el->el_ndn,
el->el_cb,
&el->el_nbase,
@@ -2285,6 +2290,12 @@ monitor_back_db_open(
if ( !BER_BVISNULL( &el->el_filter ) ) {
ber_memfree( el->el_filter.bv_val );
}
+ if ( el->el_cb && rc != 0 ) {
+ if ( el->el_cb->mc_dispose ) {
+ el->el_cb->mc_dispose( &el->el_cb->mc_private );
+ }
+ ch_free( el->el_cb );
+ }
tmp = el;
el = el->el_next;
diff --git a/servers/slapd/back-monitor/listener.c b/servers/slapd/back-monitor/listener.c
index 102d5c0d55c52d46620376785c38e0e242143f17..6cb469289658de940d01af7dd9ca01b622c60628 100644
--- a/servers/slapd/back-monitor/listener.c
+++ b/servers/slapd/back-monitor/listener.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
diff --git a/servers/slapd/back-monitor/log.c b/servers/slapd/back-monitor/log.c
index 6b74d7115e8471d0e1f28a42dd8dbfee9406b9fc..c25261b07c4890ddd72567ca371be3d910c3a713 100644
--- a/servers/slapd/back-monitor/log.c
+++ b/servers/slapd/back-monitor/log.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
@@ -181,7 +181,7 @@ monitor_subsys_log_modify(
}
/* check that the entry still obeys the schema */
- rc = entry_schema_check( op, e, save_attrs, 0,
+ rc = entry_schema_check( op, e, save_attrs, 0, 0,
&text, textbuf, sizeof( textbuf ) );
if ( rc != LDAP_SUCCESS ) {
rs->sr_err = rc;
diff --git a/servers/slapd/back-monitor/modify.c b/servers/slapd/back-monitor/modify.c
index 448bad1950bcbbff7d813bec6bee356d9b57e61f..a8d6c887dbc68bc54fe08032f58c65a8afe364d3 100644
--- a/servers/slapd/back-monitor/modify.c
+++ b/servers/slapd/back-monitor/modify.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
diff --git a/servers/slapd/back-monitor/operation.c b/servers/slapd/back-monitor/operation.c
index c84088dcb8c155a8531d9462034e53eb92ba3105..48bbcd5f70978bcf69cc3546e43e2ab5d7b95e7a 100644
--- a/servers/slapd/back-monitor/operation.c
+++ b/servers/slapd/back-monitor/operation.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
diff --git a/servers/slapd/back-monitor/operational.c b/servers/slapd/back-monitor/operational.c
index 75ca5e69d283799a44caba19b469e864833bace8..87a526391bbed2b17a83046ba6460bb5b5ad77ad 100644
--- a/servers/slapd/back-monitor/operational.c
+++ b/servers/slapd/back-monitor/operational.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
diff --git a/servers/slapd/back-monitor/overlay.c b/servers/slapd/back-monitor/overlay.c
index 5c6f100a86123bcec78d38126a1b3a553340ed74..91e9e59b80f5df3db2346dd7a8919e68797f6ac6 100644
--- a/servers/slapd/back-monitor/overlay.c
+++ b/servers/slapd/back-monitor/overlay.c
@@ -1,7 +1,7 @@
/* overlay.c - deals with overlay subsystem */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
diff --git a/servers/slapd/back-monitor/proto-back-monitor.h b/servers/slapd/back-monitor/proto-back-monitor.h
index 790116b78025def04be8c0bdec85fd87c9524d51..66306e23ae50968591a0ae3b2dd0505f605a858b 100644
--- a/servers/slapd/back-monitor/proto-back-monitor.h
+++ b/servers/slapd/back-monitor/proto-back-monitor.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
diff --git a/servers/slapd/back-monitor/rww.c b/servers/slapd/back-monitor/rww.c
index 76cb031603ce4e773d16bb6611d848e40374b0f2..652698889f7ce9d85984898ae45801711e646ff6 100644
--- a/servers/slapd/back-monitor/rww.c
+++ b/servers/slapd/back-monitor/rww.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
diff --git a/servers/slapd/back-monitor/search.c b/servers/slapd/back-monitor/search.c
index a444086d2fd76faa20d03df159becef745e40773..72900c99ce2a0f8917b2a72a0281f96f7bb08ede 100644
--- a/servers/slapd/back-monitor/search.c
+++ b/servers/slapd/back-monitor/search.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
diff --git a/servers/slapd/back-monitor/sent.c b/servers/slapd/back-monitor/sent.c
index caa6beab52381704c8db52519ad42e9e6ff86140..1be74711d9a0c38f68c9b0fc7b30f7bc94f9962c 100644
--- a/servers/slapd/back-monitor/sent.c
+++ b/servers/slapd/back-monitor/sent.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
diff --git a/servers/slapd/back-monitor/thread.c b/servers/slapd/back-monitor/thread.c
index 4e307beccd5679e9e329d9b1abef3fda72267f9e..387d71ead398c37388d9f75272c0ef52692be7fc 100644
--- a/servers/slapd/back-monitor/thread.c
+++ b/servers/slapd/back-monitor/thread.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
@@ -29,12 +29,7 @@
#include <ldap_rq.h>
-static int
-monitor_subsys_thread_update(
- Operation *op,
- SlapReply *rs,
- Entry *e );
-
+#ifndef NO_THREADS
typedef enum {
MT_UNKNOWN,
MT_RUNQUEUE,
@@ -45,39 +40,73 @@ typedef enum {
static struct {
struct berval rdn;
+ struct berval desc;
struct berval nrdn;
ldap_pvt_thread_pool_param_t param;
monitor_thread_t mt;
} mt[] = {
- { BER_BVC( "cn=Max" ), BER_BVNULL, LDAP_PVT_THREAD_POOL_PARAM_MAX, MT_UNKNOWN },
- { BER_BVC( "cn=Max Pending" ), BER_BVNULL, LDAP_PVT_THREAD_POOL_PARAM_MAX_PENDING, MT_UNKNOWN },
- { BER_BVC( "cn=Open" ), BER_BVNULL, LDAP_PVT_THREAD_POOL_PARAM_OPEN, MT_UNKNOWN },
- { BER_BVC( "cn=Starting" ), BER_BVNULL, LDAP_PVT_THREAD_POOL_PARAM_STARTING, MT_UNKNOWN },
- { BER_BVC( "cn=Active" ), BER_BVNULL, LDAP_PVT_THREAD_POOL_PARAM_ACTIVE, MT_UNKNOWN },
- { BER_BVC( "cn=Pending" ), BER_BVNULL, LDAP_PVT_THREAD_POOL_PARAM_PENDING, MT_UNKNOWN },
- { BER_BVC( "cn=Backload" ), BER_BVNULL, LDAP_PVT_THREAD_POOL_PARAM_BACKLOAD, MT_UNKNOWN },
+ { BER_BVC( "cn=Max" ),
+ BER_BVC("Maximum number of threads as configured"),
+ BER_BVNULL, LDAP_PVT_THREAD_POOL_PARAM_MAX, MT_UNKNOWN },
+ { BER_BVC( "cn=Max Pending" ),
+ BER_BVC("Maximum number of pending threads"),
+ BER_BVNULL, LDAP_PVT_THREAD_POOL_PARAM_MAX_PENDING, MT_UNKNOWN },
+ { BER_BVC( "cn=Open" ),
+ BER_BVC("Number of open threads"),
+ BER_BVNULL, LDAP_PVT_THREAD_POOL_PARAM_OPEN, MT_UNKNOWN },
+ { BER_BVC( "cn=Starting" ),
+ BER_BVC("Number of threads being started"),
+ BER_BVNULL, LDAP_PVT_THREAD_POOL_PARAM_STARTING, MT_UNKNOWN },
+ { BER_BVC( "cn=Active" ),
+ BER_BVC("Number of active threads"),
+ BER_BVNULL, LDAP_PVT_THREAD_POOL_PARAM_ACTIVE, MT_UNKNOWN },
+ { BER_BVC( "cn=Pending" ),
+ BER_BVC("Number of pending threads"),
+ BER_BVNULL, LDAP_PVT_THREAD_POOL_PARAM_PENDING, MT_UNKNOWN },
+ { BER_BVC( "cn=Backload" ),
+ BER_BVC("Number of active plus pending threads"),
+ BER_BVNULL, LDAP_PVT_THREAD_POOL_PARAM_BACKLOAD, MT_UNKNOWN },
#if 0 /* not meaningful right now */
- { BER_BVC( "cn=Active Max" ), BER_BVNULL, LDAP_PVT_THREAD_POOL_PARAM_ACTIVE_MAX, MT_UNKNOWN },
- { BER_BVC( "cn=Pending Max" ), BER_BVNULL, LDAP_PVT_THREAD_POOL_PARAM_PENDING_MAX, MT_UNKNOWN },
- { BER_BVC( "cn=Backload Max" ), BER_BVNULL, LDAP_PVT_THREAD_POOL_PARAM_BACKLOAD_MAX,MT_UNKNOWN },
+ { BER_BVC( "cn=Active Max" ),
+ BER_BVNULL,
+ BER_BVNULL, LDAP_PVT_THREAD_POOL_PARAM_ACTIVE_MAX, MT_UNKNOWN },
+ { BER_BVC( "cn=Pending Max" ),
+ BER_BVNULL,
+ BER_BVNULL, LDAP_PVT_THREAD_POOL_PARAM_PENDING_MAX, MT_UNKNOWN },
+ { BER_BVC( "cn=Backload Max" ),
+ BER_BVNULL,
+ BER_BVNULL, LDAP_PVT_THREAD_POOL_PARAM_BACKLOAD_MAX,MT_UNKNOWN },
#endif
- { BER_BVC( "cn=State" ), BER_BVNULL, LDAP_PVT_THREAD_POOL_PARAM_STATE, MT_UNKNOWN },
+ { BER_BVC( "cn=State" ),
+ BER_BVC("Thread pool state"),
+ BER_BVNULL, LDAP_PVT_THREAD_POOL_PARAM_STATE, MT_UNKNOWN },
- { BER_BVC( "cn=Runqueue" ), BER_BVNULL, LDAP_PVT_THREAD_POOL_PARAM_UNKNOWN, MT_RUNQUEUE },
- { BER_BVC( "cn=Tasklist" ), BER_BVNULL, LDAP_PVT_THREAD_POOL_PARAM_UNKNOWN, MT_TASKLIST },
+ { BER_BVC( "cn=Runqueue" ),
+ BER_BVC("Queue of running threads - besides those handling operations"),
+ BER_BVNULL, LDAP_PVT_THREAD_POOL_PARAM_UNKNOWN, MT_RUNQUEUE },
+ { BER_BVC( "cn=Tasklist" ),
+ BER_BVC("List of running plus standby threads - besides those handling operations"),
+ BER_BVNULL, LDAP_PVT_THREAD_POOL_PARAM_UNKNOWN, MT_TASKLIST },
{ BER_BVNULL }
};
+static int
+monitor_subsys_thread_update(
+ Operation *op,
+ SlapReply *rs,
+ Entry *e );
+#endif /* ! NO_THREADS */
+
/*
* initializes log subentry
*/
int
monitor_subsys_thread_init(
BackendDB *be,
- monitor_subsys_t *ms
-)
+ monitor_subsys_t *ms )
{
+#ifndef NO_THREADS
monitor_info_t *mi;
monitor_entry_t *mp;
Entry *e, **ep, *e_thread;
@@ -90,7 +119,7 @@ monitor_subsys_thread_init(
if ( monitor_cache_get( mi, &ms->mss_ndn, &e_thread ) ) {
Debug( LDAP_DEBUG_ANY,
"monitor_subsys_thread_init: unable to get entry \"%s\"\n",
- ms->mss_ndn.bv_val,
+ ms->mss_dn.bv_val,
0, 0 );
return( -1 );
}
@@ -151,6 +180,12 @@ monitor_subsys_thread_init(
if ( !BER_BVISNULL( &bv ) ) {
attr_merge_normalize_one( e, mi->mi_ad_monitoredInfo, &bv, NULL );
}
+
+ if ( !BER_BVISNULL( &mt[ i ].desc ) ) {
+ attr_merge_normalize_one( e,
+ slap_schema.si_ad_description,
+ &mt[ i ].desc, NULL );
+ }
mp = monitor_entrypriv_create();
if ( mp == NULL ) {
@@ -166,7 +201,7 @@ monitor_subsys_thread_init(
"monitor_subsys_thread_init: "
"unable to add entry \"%s,%s\"\n",
mt[ i ].rdn.bv_val,
- ms->mss_ndn.bv_val, 0 );
+ ms->mss_dn.bv_val, 0 );
return( -1 );
}
@@ -176,9 +211,11 @@ monitor_subsys_thread_init(
monitor_cache_release( mi, e_thread );
+#endif /* ! NO_THREADS */
return( 0 );
}
+#ifndef NO_THREADS
static int
monitor_subsys_thread_update(
Operation *op,
@@ -241,6 +278,9 @@ monitor_subsys_thread_update(
if ( vals ) {
attr_merge_normalize( e, mi->mi_ad_monitoredInfo, vals, NULL );
ber_bvarray_free( vals );
+
+ } else {
+ attr_delete( &e->e_attrs, mi->mi_ad_monitoredInfo );
}
break;
@@ -270,6 +310,9 @@ monitor_subsys_thread_update(
if ( vals ) {
attr_merge_normalize( e, mi->mi_ad_monitoredInfo, vals, NULL );
ber_bvarray_free( vals );
+
+ } else {
+ attr_delete( &e->e_attrs, mi->mi_ad_monitoredInfo );
}
break;
@@ -310,4 +353,4 @@ monitor_subsys_thread_update(
return SLAP_CB_CONTINUE;
}
-
+#endif /* ! NO_THREADS */
diff --git a/servers/slapd/back-monitor/time.c b/servers/slapd/back-monitor/time.c
index ac2f61543edc415e2530a8f530bc3b6f503c262e..2d96339fa4a7541cd3e6fbdb521d783dcbe0d4b2 100644
--- a/servers/slapd/back-monitor/time.c
+++ b/servers/slapd/back-monitor/time.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
diff --git a/servers/slapd/back-null/Makefile.in b/servers/slapd/back-null/Makefile.in
index 47ba6f28b7387ea10ea5793018da7bf1a3769843..48f533376ac2913c8b27123776eb637ef49ae0d7 100644
--- a/servers/slapd/back-null/Makefile.in
+++ b/servers/slapd/back-null/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-null/null.c b/servers/slapd/back-null/null.c
index 64e71ee6102f5ab12427fb678b12e1928ad218ce..4fc58ef961998d296cd07b430bde9bcdd5f4bca9 100644
--- a/servers/slapd/back-null/null.c
+++ b/servers/slapd/back-null/null.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2002-2006 The OpenLDAP Foundation.
+ * Copyright 2002-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-passwd/Makefile.in b/servers/slapd/back-passwd/Makefile.in
index 0bece148cab0a6ed04f7777ae8c5d34adfd06289..0563bc6f0f59ee521f32b0af9a13399998155fa3 100644
--- a/servers/slapd/back-passwd/Makefile.in
+++ b/servers/slapd/back-passwd/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-passwd/back-passwd.h b/servers/slapd/back-passwd/back-passwd.h
index b99de224253a48e08ad3bb07f95ccdf85029b6ec..0274f801a8e25c6a8c6301341ea6c0b0158fa597 100644
--- a/servers/slapd/back-passwd/back-passwd.h
+++ b/servers/slapd/back-passwd/back-passwd.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-passwd/config.c b/servers/slapd/back-passwd/config.c
index a038c7034f4b4716e7f37e418b32ebcf9369d1da..2d148116040f551c7a4bf71348985fd13c544ba8 100644
--- a/servers/slapd/back-passwd/config.c
+++ b/servers/slapd/back-passwd/config.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-passwd/init.c b/servers/slapd/back-passwd/init.c
index 0b61bc9f40b60fc1f77c13319607591a5b17adcf..ad1026ef1588938727db1941f82255e12b4242c6 100644
--- a/servers/slapd/back-passwd/init.c
+++ b/servers/slapd/back-passwd/init.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-passwd/proto-passwd.h b/servers/slapd/back-passwd/proto-passwd.h
index 8300b1b68801c52b453764c02634c49f26421248..91a14fa56e856597c859317d5d44027a81793bfc 100644
--- a/servers/slapd/back-passwd/proto-passwd.h
+++ b/servers/slapd/back-passwd/proto-passwd.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-passwd/search.c b/servers/slapd/back-passwd/search.c
index 23a74ab53aedaa0ec8e49534cfd3b034654a97e8..212e1d2316ffd44823c0b34a195eb17f670d46ba 100644
--- a/servers/slapd/back-passwd/search.c
+++ b/servers/slapd/back-passwd/search.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-perl/Makefile.in b/servers/slapd/back-perl/Makefile.in
index 0a6db05843c395e329d742e44b4015f97994c0ef..84c8d5542c9d022e68c1dbcd5b14a6de518b4fa6 100644
--- a/servers/slapd/back-perl/Makefile.in
+++ b/servers/slapd/back-perl/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## Portions Copyright 1999 John C. Quillan.
## All rights reserved.
##
diff --git a/servers/slapd/back-perl/SampleLDAP.pm b/servers/slapd/back-perl/SampleLDAP.pm
index 9d668982914fc10f8f49259101d74838db8cc926..4e20ff628c10f6759befdde6445cf0a7c6eb8a25 100644
--- a/servers/slapd/back-perl/SampleLDAP.pm
+++ b/servers/slapd/back-perl/SampleLDAP.pm
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## Portions Copyright 1999 John C. Quillan.
## All rights reserved.
##
diff --git a/servers/slapd/back-perl/add.c b/servers/slapd/back-perl/add.c
index 2e029e4af0b68d15ad7480b21effb238938f24fd..929232074a512081a5f210dde73e3408a66ccaca 100644
--- a/servers/slapd/back-perl/add.c
+++ b/servers/slapd/back-perl/add.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999 John C. Quillan.
* Portions Copyright 2002 myinternet Limited.
* All rights reserved.
@@ -26,6 +26,9 @@ perl_back_add(
int len;
int count;
+#if defined(HAVE_WIN32_ASPERL) || defined(USE_ITHREADS)
+ PERL_SET_CONTEXT( PERL_INTERPRETER );
+#endif
ldap_pvt_thread_mutex_lock( &perl_interpreter_mutex );
ldap_pvt_thread_mutex_lock( &entry2str_mutex );
diff --git a/servers/slapd/back-perl/asperl_undefs.h b/servers/slapd/back-perl/asperl_undefs.h
index 009ab3fc652da0a326586473007b3d536293788a..d9f5cffc542d99af93dc62729e29e95be5be8640 100644
--- a/servers/slapd/back-perl/asperl_undefs.h
+++ b/servers/slapd/back-perl/asperl_undefs.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-perl/bind.c b/servers/slapd/back-perl/bind.c
index 72e418746e0903360f2518168091e31ab9abe96b..2e19370f49a15a75140341ca3c79c606ca475875 100644
--- a/servers/slapd/back-perl/bind.c
+++ b/servers/slapd/back-perl/bind.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999 John C. Quillan.
* Portions Copyright 2002 myinternet Limited.
* All rights reserved.
diff --git a/servers/slapd/back-perl/close.c b/servers/slapd/back-perl/close.c
index 63ed16eb5f1938ee40e4145ab8b720be85940c5b..46257972332983a40191a35df9ebd990d8761907 100644
--- a/servers/slapd/back-perl/close.c
+++ b/servers/slapd/back-perl/close.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999 John C. Quillan.
* Portions Copyright 2002 myinternet Limited.
* All rights reserved.
diff --git a/servers/slapd/back-perl/compare.c b/servers/slapd/back-perl/compare.c
index 43985bbdcad6da564e76d55c015ab138df732e43..665bc83da7b1f5edfbf3a8ffc83a2e990766127b 100644
--- a/servers/slapd/back-perl/compare.c
+++ b/servers/slapd/back-perl/compare.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999 John C. Quillan.
* Portions Copyright 2002 myinternet Limited.
* All rights reserved.
@@ -41,6 +41,9 @@ perl_back_compare(
op->orc_ava->aa_desc->ad_cname.bv_val ), "=" ),
op->orc_ava->aa_value.bv_val );
+#if defined(HAVE_WIN32_ASPERL) || defined(USE_ITHREADS)
+ PERL_SET_CONTEXT( PERL_INTERPRETER );
+#endif
ldap_pvt_thread_mutex_lock( &perl_interpreter_mutex );
{
diff --git a/servers/slapd/back-perl/config.c b/servers/slapd/back-perl/config.c
index 325af0aa439da416ecd397f1e7bf596ddb726dc8..9b5e85a55f7424075f122db6f5128ba2f39a4641 100644
--- a/servers/slapd/back-perl/config.c
+++ b/servers/slapd/back-perl/config.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999 John C. Quillan.
* Portions Copyright 2002 myinternet Limited.
* All rights reserved.
diff --git a/servers/slapd/back-perl/delete.c b/servers/slapd/back-perl/delete.c
index 45dbbcb241c782ee3cc5468460efbef2bcf918e0..acd27934f873fbdf57c78324fef1a665c9b7b5ad 100644
--- a/servers/slapd/back-perl/delete.c
+++ b/servers/slapd/back-perl/delete.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999 John C. Quillan.
* Portions Copyright 2002 myinternet Limited.
* All rights reserved.
@@ -25,6 +25,9 @@ perl_back_delete(
PerlBackend *perl_back = (PerlBackend *) op->o_bd->be_private;
int count;
+#if defined(HAVE_WIN32_ASPERL) || defined(USE_ITHREADS)
+ PERL_SET_CONTEXT( PERL_INTERPRETER );
+#endif
ldap_pvt_thread_mutex_lock( &perl_interpreter_mutex );
{
diff --git a/servers/slapd/back-perl/init.c b/servers/slapd/back-perl/init.c
index 526953a9ad4741b4846d77280cfb4382e3b743fc..a695a8f97f82bc9276ac8c6091888413561a661f 100644
--- a/servers/slapd/back-perl/init.c
+++ b/servers/slapd/back-perl/init.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999 John C. Quillan.
* Portions Copyright 2002 myinternet Limited.
* All rights reserved.
diff --git a/servers/slapd/back-perl/modify.c b/servers/slapd/back-perl/modify.c
index 1da13c00f273585d34c94809cc37c8b2e3e0a3b7..1dad3404bc1e221b103553d9659f490a99c4593a 100644
--- a/servers/slapd/back-perl/modify.c
+++ b/servers/slapd/back-perl/modify.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999 John C. Quillan.
* Portions Copyright 2002 myinternet Limited.
* All rights reserved.
@@ -27,6 +27,9 @@ perl_back_modify(
int count;
int i;
+#if defined(HAVE_WIN32_ASPERL) || defined(USE_ITHREADS)
+ PERL_SET_CONTEXT( PERL_INTERPRETER );
+#endif
ldap_pvt_thread_mutex_lock( &perl_interpreter_mutex );
diff --git a/servers/slapd/back-perl/modrdn.c b/servers/slapd/back-perl/modrdn.c
index 60bff790fd84e117768cf68e1c1981f2fbf6144f..d136bf4bb92d740c90fe26fb22fd94c663a640a8 100644
--- a/servers/slapd/back-perl/modrdn.c
+++ b/servers/slapd/back-perl/modrdn.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999 John C. Quillan.
* Portions Copyright 2002 myinternet Limited.
* All rights reserved.
@@ -25,6 +25,10 @@ perl_back_modrdn(
PerlBackend *perl_back = (PerlBackend *) op->o_bd->be_private;
int count;
+#if defined(HAVE_WIN32_ASPERL) || defined(USE_ITHREADS)
+ PERL_SET_CONTEXT( PERL_INTERPRETER );
+#endif
+
ldap_pvt_thread_mutex_lock( &perl_interpreter_mutex );
{
diff --git a/servers/slapd/back-perl/perl_back.h b/servers/slapd/back-perl/perl_back.h
index 79d57af7492b119dffc72e75c14af322e8701517..0716aa03ca9a80dd326ce66bdd93cc019b396a45 100644
--- a/servers/slapd/back-perl/perl_back.h
+++ b/servers/slapd/back-perl/perl_back.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999 John C. Quillan.
* Portions Copyright 2002 myinternet Limited.
* All rights reserved.
diff --git a/servers/slapd/back-perl/proto-perl.h b/servers/slapd/back-perl/proto-perl.h
index a2d464ab7a0f338fbd5e987a574ef961af5d97f6..dbf433d53148edb608efaa3d5e34731b0626c7e0 100644
--- a/servers/slapd/back-perl/proto-perl.h
+++ b/servers/slapd/back-perl/proto-perl.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999 John C. Quillan.
* Portions Copyright 2002 myinternet Limited.
* All rights reserved.
diff --git a/servers/slapd/back-perl/search.c b/servers/slapd/back-perl/search.c
index d249825a4be0f9abb19ef04c66ef1ee85ea5bc39..db9bd2512950c8ecb4adca7f898dd2fe9b33d954 100644
--- a/servers/slapd/back-perl/search.c
+++ b/servers/slapd/back-perl/search.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999 John C. Quillan.
* Portions Copyright 2002 myinternet Limited.
* All rights reserved.
@@ -34,6 +34,9 @@ perl_back_search(
char *buf;
int i;
+#if defined(HAVE_WIN32_ASPERL) || defined(USE_ITHREADS)
+ PERL_SET_CONTEXT( PERL_INTERPRETER );
+#endif
ldap_pvt_thread_mutex_lock( &perl_interpreter_mutex );
{
diff --git a/servers/slapd/back-relay/Makefile.in b/servers/slapd/back-relay/Makefile.in
index 57d0f48b9aa0dc28db0664801e35bb16795c6bee..6ef139cbaf0a09cddd7dc878648242b12910039d 100644
--- a/servers/slapd/back-relay/Makefile.in
+++ b/servers/slapd/back-relay/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-relay/back-relay.h b/servers/slapd/back-relay/back-relay.h
index 5130c5193eaa14358c3cebe8c48ea072792e1629..ba6f59d16e51a1f936d980d42e48659237a12bd7 100644
--- a/servers/slapd/back-relay/back-relay.h
+++ b/servers/slapd/back-relay/back-relay.h
@@ -1,7 +1,7 @@
/* back-relay.h - relay backend header file */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
* Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved.
*
diff --git a/servers/slapd/back-relay/config.c b/servers/slapd/back-relay/config.c
index b8f85830115a5883ff1840862c1cc422a80f933c..503da6e9404b3396f66c85026280d2bdba6d1639 100644
--- a/servers/slapd/back-relay/config.c
+++ b/servers/slapd/back-relay/config.c
@@ -1,7 +1,7 @@
/* config.c - relay backend configuration file routine */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
* Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved.
*
@@ -114,7 +114,7 @@ relay_back_db_config(
* where the overlay is instantiated by moving
* around the "relay" directive, although this could
* make slapd.conf a bit confusing. */
- if ( overlay_config( be, "rwm" ) ) {
+ if ( overlay_config( be, "rwm", -1, NULL ) ) {
Log2( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
"%s: line %d: unable to install "
"rwm overlay "
diff --git a/servers/slapd/back-relay/init.c b/servers/slapd/back-relay/init.c
index 4a83e2f63ecccbfeb79ce7a9e8e191a3b77f09a9..c8219e1e206cd6275a43a4bc572115f88e05b9b1 100644
--- a/servers/slapd/back-relay/init.c
+++ b/servers/slapd/back-relay/init.c
@@ -1,7 +1,7 @@
/* init.c - initialize relay backend */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
* Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved.
*
diff --git a/servers/slapd/back-relay/op.c b/servers/slapd/back-relay/op.c
index 412a5b4f5134f29be388f15b510c19729f3be85f..0c463cc20318fc6d9518fd543dd05d35297dc1aa 100644
--- a/servers/slapd/back-relay/op.c
+++ b/servers/slapd/back-relay/op.c
@@ -1,7 +1,7 @@
/* op.c - relay backend operations */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
* Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved.
*
diff --git a/servers/slapd/back-relay/proto-back-relay.h b/servers/slapd/back-relay/proto-back-relay.h
index 53ac26b950f020ee588e17d54777eefcac20f1f5..97ba1c55642ed7613702db9a4c30698fe9f00017 100644
--- a/servers/slapd/back-relay/proto-back-relay.h
+++ b/servers/slapd/back-relay/proto-back-relay.h
@@ -1,6 +1,6 @@
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
* Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved.
*
diff --git a/servers/slapd/back-shell/Makefile.in b/servers/slapd/back-shell/Makefile.in
index 8f4ae55971695eaff0ec3457740b693371ef92c0..70d5f278ddf1025e44013040d54821ba357b3bb0 100644
--- a/servers/slapd/back-shell/Makefile.in
+++ b/servers/slapd/back-shell/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-shell/add.c b/servers/slapd/back-shell/add.c
index ba982f91589267bd0e5b30d45bb3b3ea38ec410b..3f7950cc3243c5457036887dff708ad4000a0e09 100644
--- a/servers/slapd/back-shell/add.c
+++ b/servers/slapd/back-shell/add.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-shell/bind.c b/servers/slapd/back-shell/bind.c
index 143a62ca2f6f147cbfe5d4b58002ed2436d91138..32d8865e3ddd7071330d0a0ee4156e22724d6804 100644
--- a/servers/slapd/back-shell/bind.c
+++ b/servers/slapd/back-shell/bind.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-shell/compare.c b/servers/slapd/back-shell/compare.c
index bb3304ae8e473619457078f7c2efddf4c3d1f174..d38b27c23b103083066d663206c8320d90b69302 100644
--- a/servers/slapd/back-shell/compare.c
+++ b/servers/slapd/back-shell/compare.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-shell/config.c b/servers/slapd/back-shell/config.c
index 129820491fe1920355f3c6dc80cc1396983e6b82..e7d4c96875366f86052d950d66f2b65725d00bf5 100644
--- a/servers/slapd/back-shell/config.c
+++ b/servers/slapd/back-shell/config.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-shell/delete.c b/servers/slapd/back-shell/delete.c
index ed3ccbd76a383211a1c2b3eda30d5ccb3eb56c0c..90f270404b679b13a91b5930a2ff175bf07da2de 100644
--- a/servers/slapd/back-shell/delete.c
+++ b/servers/slapd/back-shell/delete.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-shell/fork.c b/servers/slapd/back-shell/fork.c
index 500637e035e8b094d47e3fae0982b7a46fc7a142..cd1099cb05fe3543b6958fa954df8374c6caaeea 100644
--- a/servers/slapd/back-shell/fork.c
+++ b/servers/slapd/back-shell/fork.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-shell/init.c b/servers/slapd/back-shell/init.c
index 9ff27ebac55d4bd5b2cc05049ea948d7487fb527..5724118e5aa6d28290e2fd48532049bd7a491bcb 100644
--- a/servers/slapd/back-shell/init.c
+++ b/servers/slapd/back-shell/init.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-shell/modify.c b/servers/slapd/back-shell/modify.c
index ad93e516f2a25cba6745250c4a69501daba76c39..277c3c1dcd502fec0ffae5fbfe7a493f5815d84c 100644
--- a/servers/slapd/back-shell/modify.c
+++ b/servers/slapd/back-shell/modify.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-shell/modrdn.c b/servers/slapd/back-shell/modrdn.c
index 1d660a3920b272c17262e99f7e5bfb38b2524846..1728eab224698a361bb1cfaba240a2f509d77b98 100644
--- a/servers/slapd/back-shell/modrdn.c
+++ b/servers/slapd/back-shell/modrdn.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-shell/proto-shell.h b/servers/slapd/back-shell/proto-shell.h
index b4709871697be111e87046db6220e45d28df109b..7f6c651a51ad24fd27509fede43b25fdcdff0894 100644
--- a/servers/slapd/back-shell/proto-shell.h
+++ b/servers/slapd/back-shell/proto-shell.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-shell/result.c b/servers/slapd/back-shell/result.c
index b4a538b2bd374c5bf45c33343c371a64ed52bc36..3eef7da16fe7cef242af74a5ff45a749d69e0d48 100644
--- a/servers/slapd/back-shell/result.c
+++ b/servers/slapd/back-shell/result.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-shell/search.c b/servers/slapd/back-shell/search.c
index b4de0d7c1b762d10c3f17b161d192a88079c03e7..f4700cebab4a1bc69965be05daa8b7c357b650d0 100644
--- a/servers/slapd/back-shell/search.c
+++ b/servers/slapd/back-shell/search.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-shell/searchexample.conf b/servers/slapd/back-shell/searchexample.conf
index 2d38c75576011623d5cc135b9426395976508c55..b24645bb013dad969105a259233b6b89f987264c 100644
--- a/servers/slapd/back-shell/searchexample.conf
+++ b/servers/slapd/back-shell/searchexample.conf
@@ -1,7 +1,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-shell/searchexample.sh b/servers/slapd/back-shell/searchexample.sh
index 7a069a30b4001ca228a04960d546fb31f499bcca..8f2f06cff154e393670b74f2d73fe0bdb7c5e12e 100644
--- a/servers/slapd/back-shell/searchexample.sh
+++ b/servers/slapd/back-shell/searchexample.sh
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-shell/shell.h b/servers/slapd/back-shell/shell.h
index d82d0c473a8194f9dbb8609f1c376f93202ff0ee..15406651732e88c61195d95f166eeb2ddbfbf119 100644
--- a/servers/slapd/back-shell/shell.h
+++ b/servers/slapd/back-shell/shell.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-shell/unbind.c b/servers/slapd/back-shell/unbind.c
index c83784f36cf58ec74a6b051ec0e9cd56be3c5838..7a5129bc52da14b90ef5ccceef97d2f663f638bb 100644
--- a/servers/slapd/back-shell/unbind.c
+++ b/servers/slapd/back-shell/unbind.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-sql/Makefile.in b/servers/slapd/back-sql/Makefile.in
index 997dfe39472ab907a47dc5b8efff66c12bb9f14e..4cb23b800b41b51d04defd573a473b9688930481 100644
--- a/servers/slapd/back-sql/Makefile.in
+++ b/servers/slapd/back-sql/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/back-sql/add.c b/servers/slapd/back-sql/add.c
index eb24f67b928cd61e29a50932023c521973690df6..ed10958b67c0df14d452773f34b15eb3a16f2a22 100644
--- a/servers/slapd/back-sql/add.c
+++ b/servers/slapd/back-sql/add.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
* Portions Copyright 2002 Pierangelo Masarati.
* Portions Copyright 2004 Mark Adamson.
@@ -924,6 +924,7 @@ backsql_add( Operation *op, SlapReply *rs )
Entry p = { 0 }, *e = NULL;
Attribute *at,
*at_objectClass = NULL;
+ ObjectClass *soc = NULL;
struct berval scname = BER_BVNULL;
struct berval pdn;
struct berval realdn = BER_BVNULL;
@@ -957,13 +958,11 @@ backsql_add( Operation *op, SlapReply *rs )
Debug( LDAP_DEBUG_TRACE, "==>backsql_add(\"%s\")\n",
op->ora_e->e_name.bv_val, 0, 0 );
- slap_add_opattrs( op, &rs->sr_text, textbuf, textlen, 1 );
-
/* check schema */
if ( BACKSQL_CHECK_SCHEMA( bi ) ) {
char textbuf[ SLAP_TEXT_BUFLEN ] = { '\0' };
- rs->sr_err = entry_schema_check( op, op->ora_e, NULL, 0,
+ rs->sr_err = entry_schema_check( op, op->ora_e, NULL, 0, 1,
&rs->sr_text, textbuf, sizeof( textbuf ) );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
@@ -974,6 +973,8 @@ backsql_add( Operation *op, SlapReply *rs )
}
}
+ slap_add_opattrs( op, &rs->sr_text, textbuf, textlen, 1 );
+
/* search structuralObjectClass */
for ( at = op->ora_e->e_attrs; at != NULL; at = at->a_next ) {
if ( at->a_desc == slap_schema.si_ad_structuralObjectClass ) {
@@ -1002,8 +1003,8 @@ backsql_add( Operation *op, SlapReply *rs )
goto done;
}
- rs->sr_err = structural_class( at->a_vals, &scname, NULL,
- &text, buf, sizeof( buf ) );
+ rs->sr_err = structural_class( at->a_vals, &soc, NULL,
+ &text, buf, sizeof( buf ), op->o_tmpmemctx );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
"%s (%d)\n",
@@ -1011,6 +1012,7 @@ backsql_add( Operation *op, SlapReply *rs )
e = NULL;
goto done;
}
+ scname = soc->soc_cname;
} else {
scname = at->a_vals[0];
diff --git a/servers/slapd/back-sql/api.c b/servers/slapd/back-sql/api.c
index 4525f2a90dc721deeff913d2a069348e9cef0fd2..5cf3cc94c8e4aa712c5c79dd25dada01ddf4adbd 100644
--- a/servers/slapd/back-sql/api.c
+++ b/servers/slapd/back-sql/api.c
@@ -1,6 +1,6 @@
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
* Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved.
diff --git a/servers/slapd/back-sql/back-sql.h b/servers/slapd/back-sql/back-sql.h
index 7f319424a20215f417a1bca90f82d45951eaba14..f21467914824f30008f4f0698489160391fcf4b3 100644
--- a/servers/slapd/back-sql/back-sql.h
+++ b/servers/slapd/back-sql/back-sql.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
* Portions Copyright 2002 Pierangelo Mararati.
* Portions Copyright 2004 Mark Adamson.
diff --git a/servers/slapd/back-sql/bind.c b/servers/slapd/back-sql/bind.c
index f87ebdd972cc2d2b48ac938c5d9c4c754e742e2b..7db1ac8e5dbf88dca9b463ec654bf6352c22209f 100644
--- a/servers/slapd/back-sql/bind.c
+++ b/servers/slapd/back-sql/bind.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
* Portions Copyright 2002 Pierangelo Masarati.
* All rights reserved.
diff --git a/servers/slapd/back-sql/compare.c b/servers/slapd/back-sql/compare.c
index 47b2914e3ea341f055e5e43a8c8c91ee88cf85d9..8ac1d96b041612d99fa796ab2ef2348c604bc93c 100644
--- a/servers/slapd/back-sql/compare.c
+++ b/servers/slapd/back-sql/compare.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
* Portions Copyright 2002 Pierangelo Masarati.
* All rights reserved.
diff --git a/servers/slapd/back-sql/config.c b/servers/slapd/back-sql/config.c
index 88d02229e33bd403153884919dfd4e751d7ed05b..e9857fa760c19ac09c1c3b791d63809a0bc099d4 100644
--- a/servers/slapd/back-sql/config.c
+++ b/servers/slapd/back-sql/config.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
* Portions Copyright 2002 Pierangelo Masarati.
* Portions Copyright 2004 Mark Adamson.
diff --git a/servers/slapd/back-sql/delete.c b/servers/slapd/back-sql/delete.c
index 7f010fb083af0efa8c44e7a5cca4cc1464a4b5a6..2bfddfda6cefb22a0ebafe900391aa60c402ae71 100644
--- a/servers/slapd/back-sql/delete.c
+++ b/servers/slapd/back-sql/delete.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
* Portions Copyright 2002 Pierangelo Masarati.
* All rights reserved.
diff --git a/servers/slapd/back-sql/entry-id.c b/servers/slapd/back-sql/entry-id.c
index d381fe3a29c2ffedf9e376428bba0c9cbbd76987..39122f2c1064125963e8bd2537d2e29ef3bfe4d4 100644
--- a/servers/slapd/back-sql/entry-id.c
+++ b/servers/slapd/back-sql/entry-id.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
* Portions Copyright 2002 Pierangelo Masarati.
* Portions Copyright 2004 Mark Adamson.
@@ -1004,8 +1004,8 @@ next:;
const char *text = NULL;
char textbuf[ 1024 ];
size_t textlen = sizeof( textbuf );
- struct berval soc,
- bv[ 2 ],
+ ObjectClass *soc = NULL;
+ struct berval bv[ 2 ],
*nvals;
int rc = LDAP_SUCCESS;
@@ -1021,7 +1021,7 @@ next:;
}
rc = structural_class( nvals, &soc, NULL,
- &text, textbuf, textlen );
+ &text, textbuf, textlen, op->o_tmpmemctx );
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, "backsql_id2entry(%s): "
"structural_class() failed %d (%s)\n",
@@ -1031,12 +1031,12 @@ next:;
return rc;
}
- if ( !bvmatch( &soc, &bsi->bsi_oc->bom_oc->soc_cname ) ) {
+ if ( !bvmatch( &soc->soc_cname, &bsi->bsi_oc->bom_oc->soc_cname ) ) {
Debug( LDAP_DEBUG_TRACE, "backsql_id2entry(%s): "
"computed structuralObjectClass %s "
"does not match objectClass %s associated "
"to entry\n",
- bsi->bsi_e->e_name.bv_val, soc.bv_val,
+ bsi->bsi_e->e_name.bv_val, soc->soc_cname.bv_val,
bsi->bsi_oc->bom_oc->soc_cname.bv_val );
backsql_entry_clean( op, bsi->bsi_e );
return rc;
diff --git a/servers/slapd/back-sql/init.c b/servers/slapd/back-sql/init.c
index 42bbb9c2a36469f43b9845a6565a967a3b48739e..df67a50006319876b2b04e3000cfc8486e74d4bf 100644
--- a/servers/slapd/back-sql/init.c
+++ b/servers/slapd/back-sql/init.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
* Portions Copyright 2002 Pierangelo Masarati.
* All rights reserved.
diff --git a/servers/slapd/back-sql/modify.c b/servers/slapd/back-sql/modify.c
index df1c95341e5f8fc77cdfd148abaf5c5c081c62ac..4ee11dbd58e7bccda9df2e64fdecc73f7526bc05 100644
--- a/servers/slapd/back-sql/modify.c
+++ b/servers/slapd/back-sql/modify.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
* Portions Copyright 2002 Pierangelo Masarati.
* All rights reserved.
@@ -152,10 +152,10 @@ backsql_modify( Operation *op, SlapReply *rs )
goto do_transact;
}
- rs->sr_err = entry_schema_check( op, &m, NULL, 0,
+ rs->sr_err = entry_schema_check( op, &m, NULL, 0, 0,
&rs->sr_text, textbuf, sizeof( textbuf ) );
if ( rs->sr_err != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
+ Debug( LDAP_DEBUG_TRACE, " backsql_modify(\"%s\"): "
"entry failed schema check -- aborting\n",
m.e_name.bv_val, 0, 0 );
e = NULL;
diff --git a/servers/slapd/back-sql/modrdn.c b/servers/slapd/back-sql/modrdn.c
index 67940a58ba881d3e649c0ffc6a2ca950bc595729..4634078fdd57eef891ce375e16b4629c8754abf5 100644
--- a/servers/slapd/back-sql/modrdn.c
+++ b/servers/slapd/back-sql/modrdn.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
* Portions Copyright 2002 Pierangelo Masarati.
* All rights reserved.
@@ -50,7 +50,6 @@ backsql_modrdn( Operation *op, SlapReply *rs )
*e = NULL;
int manageDSAit = get_manageDSAit( op );
struct berval *newSuperior = op->oq_modrdn.rs_newSup;
- char *next;
Debug( LDAP_DEBUG_TRACE, "==>backsql_modrdn() renaming entry \"%s\", "
"newrdn=\"%s\", newSuperior=\"%s\"\n",
@@ -452,10 +451,10 @@ backsql_modrdn( Operation *op, SlapReply *rs )
e_id = bsi.bsi_base_id;
- rs->sr_err = entry_schema_check( op, &r, NULL, 0,
+ rs->sr_err = entry_schema_check( op, &r, NULL, 0, 0,
&rs->sr_text, textbuf, sizeof( textbuf ) );
if ( rs->sr_err != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
+ Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(\"%s\"): "
"entry failed schema check -- aborting\n",
r.e_name.bv_val, 0, 0 );
e = NULL;
diff --git a/servers/slapd/back-sql/operational.c b/servers/slapd/back-sql/operational.c
index f0933a6318edacb5a98a7ca8e5a8849179f2c924..60252f6d49f3c129bae71b0c03bc8e09b46e47e0 100644
--- a/servers/slapd/back-sql/operational.c
+++ b/servers/slapd/back-sql/operational.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
* Portions Copyright 2002 Pierangelo Masarati.
* All rights reserved.
diff --git a/servers/slapd/back-sql/proto-sql.h b/servers/slapd/back-sql/proto-sql.h
index e7c3590feaf8b1bb8be8a1ba12fe445cbb025635..78b9251556bab10f07ba54de97cf797bc8e86d32 100644
--- a/servers/slapd/back-sql/proto-sql.h
+++ b/servers/slapd/back-sql/proto-sql.h
@@ -1,6 +1,6 @@
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
* Portions Copyright 2002 Pierangelo Mararati.
* All rights reserved.
diff --git a/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/Makefile b/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/Makefile
index 5e6bc151415c8ceedaf1388ff1d45794d1d3283b..4cf2fd73e73276aa644481df8acc814b7f8f9fb4 100644
--- a/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/Makefile
+++ b/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/Makefile
@@ -1,4 +1,4 @@
-## Copyright 1997-2006 The OpenLDAP Foundation, All Rights Reserved.
+## Copyright 1997-2007 The OpenLDAP Foundation, All Rights Reserved.
## COPYING RESTRICTIONS APPLY, see COPYRIGHT file
#
diff --git a/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/dnreverse.cpp b/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/dnreverse.cpp
index bf83e6da1474d02380df19e594200b2511401091..ae399b2a7697e09f22177fd198372e1919aee780 100644
--- a/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/dnreverse.cpp
+++ b/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/dnreverse.cpp
@@ -1,4 +1,4 @@
-// Copyright 1997-2006 The OpenLDAP Foundation, All Rights Reserved.
+// Copyright 1997-2007 The OpenLDAP Foundation, All Rights Reserved.
// COPYING RESTRICTIONS APPLY, see COPYRIGHT file
// (c) Copyright 1999-2001 TimesTen Performance Software. All rights reserved.
diff --git a/servers/slapd/back-sql/schema-map.c b/servers/slapd/back-sql/schema-map.c
index 6f47ce96aaec579b56bfaafa222a7ef9aea59923..d64d5e937e1ecef30a5573e5a2fe9195be18117c 100644
--- a/servers/slapd/back-sql/schema-map.c
+++ b/servers/slapd/back-sql/schema-map.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
* Portions Copyright 2002 Pierangelo Masarati.
* Portions Copyright 2004 Mark Adamson.
diff --git a/servers/slapd/back-sql/search.c b/servers/slapd/back-sql/search.c
index 1e3d92d9c7fff4f286830daed7336e1b044a962e..b9d9365034b735526651ffff4ebd15cb70c633e1 100644
--- a/servers/slapd/back-sql/search.c
+++ b/servers/slapd/back-sql/search.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
* Portions Copyright 2002 Pierangelo Masarati.
* Portions Copyright 2004 Mark Adamson.
@@ -2398,20 +2398,23 @@ send_results:;
if ( op->o_sync ) {
Operation op2 = *op;
SlapReply rs2 = { 0 };
- Entry e = { 0 };
+ Entry *e = entry_alloc();
slap_callback cb = { 0 };
op2.o_tag = LDAP_REQ_ADD;
op2.o_bd = select_backend( &op->o_bd->be_nsuffix[0], 0, 0 );
- op2.ora_e = &e;
+ op2.ora_e = e;
op2.o_callback = &cb;
- e.e_name = op->o_bd->be_suffix[0];
- e.e_nname = op->o_bd->be_nsuffix[0];
+ ber_dupbv( &e->e_name, op->o_bd->be_suffix );
+ ber_dupbv( &e->e_nname, op->o_bd->be_nsuffix );
cb.sc_response = slap_null_cb;
op2.o_bd->be_add( &op2, &rs2 );
+
+ if ( op2.ora_e == e )
+ entry_free( e );
}
#endif /* BACKSQL_SYNCPROV */
diff --git a/servers/slapd/back-sql/sql-wrap.c b/servers/slapd/back-sql/sql-wrap.c
index bda1982bcdbb47de64a5eddd6716730a45eca556..d01d9cbb31e1e403927f9b8e2ed76fd6e131b934 100644
--- a/servers/slapd/back-sql/sql-wrap.c
+++ b/servers/slapd/back-sql/sql-wrap.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
* Portions Copyright 2002 Pierangelo Masarati.
* Portions Copyright 2004 Mark Adamson.
diff --git a/servers/slapd/back-sql/util.c b/servers/slapd/back-sql/util.c
index cc8c6a09b60fbb811ff18c11b3ef249ef81e0a9b..b3c319d5709ef041b7cb04a5807deef28fba95b8 100644
--- a/servers/slapd/back-sql/util.c
+++ b/servers/slapd/back-sql/util.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999 Dmitry Kovalev.
* Portions Copyright 2002 Pierangelo Masarati.
* All rights reserved.
@@ -252,7 +252,7 @@ backsql_entry_addattr(
#ifdef BACKSQL_TRACE
Debug( LDAP_DEBUG_TRACE, "backsql_entry_addattr(\"%s\"): %s=%s\n",
- e->e_name.bv_val, ad->ad_cname->bv_val, val->bv_val );
+ e->e_name.bv_val, ad->ad_cname.bv_val, val->bv_val );
#endif /* BACKSQL_TRACE */
rc = attr_merge_normalize_one( e, ad, val, memctx );
diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c
index 64a23ab1d268644e03fd9599469dbb2f1c424583..8bb21b559161b42b5437ee0607d6ddc1ff8efe22 100644
--- a/servers/slapd/backend.c
+++ b/servers/slapd/backend.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -422,7 +422,7 @@ void backend_destroy_one( BackendDB *bd, int dynamic )
}
if ( bd->be_syncinfo ) {
- syncinfo_free( bd->be_syncinfo );
+ syncinfo_free( bd->be_syncinfo, 1 );
}
backend_stopdown_one( bd );
@@ -530,13 +530,48 @@ BackendInfo* backend_info(const char *type)
return NULL;
}
+void
+backend_db_insert(
+ BackendDB *be,
+ int idx
+)
+{
+ /* If idx < 0, just add to end of list */
+ if ( idx < 0 ) {
+ LDAP_STAILQ_INSERT_TAIL(&backendDB, be, be_next);
+ } else if ( idx == 0 ) {
+ LDAP_STAILQ_INSERT_HEAD(&backendDB, be, be_next);
+ } else {
+ int i;
+ BackendDB *b2;
+
+ b2 = LDAP_STAILQ_FIRST(&backendDB);
+ idx--;
+ for (i=0; i<idx; i++) {
+ b2 = LDAP_STAILQ_NEXT(b2, be_next);
+ }
+ LDAP_STAILQ_INSERT_AFTER(&backendDB, b2, be, be_next);
+ }
+}
+
+void
+backend_db_move(
+ BackendDB *be,
+ int idx
+)
+{
+ LDAP_STAILQ_REMOVE(&backendDB, be, slap_backend_db, be_next);
+ backend_db_insert(be, idx);
+}
BackendDB *
backend_db_init(
const char *type,
- BackendDB *be )
+ BackendDB *b0,
+ int idx )
{
BackendInfo *bi = backend_info(type);
+ BackendDB *be = b0;
int rc = 0;
if( bi == NULL ) {
@@ -549,8 +584,11 @@ backend_db_init(
*/
if ( !be ) {
be = ch_calloc( 1, sizeof(Backend) );
+ /* Just append */
+ if ( idx >= nbackends )
+ idx = -1;
nbackends++;
- LDAP_STAILQ_INSERT_TAIL(&backendDB, be, be_next);
+ backend_db_insert( be, idx );
}
be->bd_info = bi;
@@ -574,11 +612,16 @@ backend_db_init(
if ( rc != 0 ) {
fprintf( stderr, "database init failed (%s)\n", type );
- nbackends--;
- return NULL;
+ /* If we created and linked this be, remove it and free it */
+ if ( !b0 ) {
+ LDAP_STAILQ_REMOVE(&backendDB, be, slap_backend_db, be_next);
+ ch_free( be );
+ be = NULL;
+ nbackends--;
+ }
+ } else {
+ bi->bi_nDB++;
}
-
- bi->bi_nDB++;
return( be );
}
@@ -852,18 +895,13 @@ backend_check_controls(
case LDAP_COMPARE_FALSE:
if ( !op->o_bd->be_ctrls[cid] && (*ctrls)->ldctl_iscritical ) {
- /* Per RFC 2251 (and LDAPBIS discussions), if the control
- * is recognized and appropriate for the operation (which
- * we've already verified), then the server should make
- * use of the control when performing the operation.
- *
- * Here we find that operation extended by the control
- * is unavailable in a particular context, and the control
- * is marked Critical, hence the return of
- * unwillingToPerform.
+ /* RFC 4511 allows unavailableCriticalExtension to be
+ * returned when the server is unwilling to perform
+ * an operation extended by a recognized critical
+ * control.
*/
rs->sr_text = "critical control unavailable in context";
- rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_err = LDAP_UNAVAILABLE_CRITICAL_EXTENSION;
goto done;
}
break;
@@ -1709,7 +1747,6 @@ fe_aux_operational(
{
Attribute **ap;
int rc = 0;
- BackendDB *be_orig;
for ( ap = &rs->sr_operational_attrs; *ap; ap = &(*ap)->a_next )
/* just count them */ ;
@@ -1735,14 +1772,14 @@ fe_aux_operational(
ap = &(*ap)->a_next;
}
- if ( op->o_bd != NULL )
- {
+ if ( op->o_bd != NULL ) {
+ BackendDB *be_orig = op->o_bd;
+
/* Let the overlays have a chance at this */
- be_orig = op->o_bd;
op->o_bd = select_backend( &op->o_req_ndn, 0, 0 );
- if ( !be_match( op->o_bd, frontendDB ) &&
+ if ( op->o_bd != NULL && !be_match( op->o_bd, frontendDB ) &&
( SLAP_OPATTRS( rs->sr_attr_flags ) || rs->sr_attrs ) &&
- op->o_bd != NULL && op->o_bd->be_operational != NULL )
+ op->o_bd->be_operational != NULL )
{
rc = op->o_bd->be_operational( op, rs );
}
diff --git a/servers/slapd/backglue.c b/servers/slapd/backglue.c
index cce5905ee1b827595b6ea2bd2a8037e8765a0804..56b2f08ae67f25a56df5c850abc66896e096e4e7 100644
--- a/servers/slapd/backglue.c
+++ b/servers/slapd/backglue.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -87,6 +87,15 @@ typedef struct glue_state {
int nctrls;
} glue_state;
+static int
+glue_op_cleanup( Operation *op, SlapReply *rs )
+{
+ /* This is not a final result */
+ if (rs->sr_type == REP_RESULT )
+ rs->sr_type = REP_GLUE_RESULT;
+ return SLAP_CB_CONTINUE;
+}
+
static int
glue_op_response ( Operation *op, SlapReply *rs )
{
@@ -192,6 +201,7 @@ glue_op_func ( Operation *op, SlapReply *rs )
case LDAP_REQ_DELETE: which = op_delete; break;
case LDAP_REQ_MODIFY: which = op_modify; break;
case LDAP_REQ_MODRDN: which = op_modrdn; break;
+ case LDAP_REQ_EXTENDED: which = op_extended; break;
default: assert( 0 ); break;
}
@@ -199,13 +209,25 @@ glue_op_func ( Operation *op, SlapReply *rs )
if ( func[which] )
rc = func[which]( op, rs );
else
- rc = SLAP_CB_CONTINUE;
+ rc = SLAP_CB_BYPASS;
op->o_bd = b0;
op->o_bd->bd_info = bi0;
return rc;
}
+static int
+glue_response ( Operation *op, SlapReply *rs )
+{
+ BackendDB *be = op->o_bd;
+ be = glue_back_select (op->o_bd, &op->o_req_ndn);
+
+ /* If we're on the master backend, let overlay framework handle it.
+ * Otherwise, bail out.
+ */
+ return ( op->o_bd == be ) ? SLAP_CB_CONTINUE : SLAP_CB_BYPASS;
+}
+
static int
glue_chk_referrals ( Operation *op, SlapReply *rs )
{
@@ -303,7 +325,7 @@ glue_op_search ( Operation *op, SlapReply *rs )
int i;
long stoptime = 0, starttime;
glue_state gs = {NULL, NULL, NULL, 0, 0, 0, 0};
- slap_callback cb = { NULL, glue_op_response, NULL, NULL };
+ slap_callback cb = { NULL, glue_op_response, glue_op_cleanup, NULL };
int scope0, tlimit0;
struct berval dn, ndn, *pdn;
@@ -590,6 +612,28 @@ glue_close (
return rc;
}
+static int
+glue_entry_get_rw (
+ Operation *op,
+ struct berval *dn,
+ ObjectClass *oc,
+ AttributeDescription *ad,
+ int rw,
+ Entry **e )
+{
+ BackendDB *b0 = op->o_bd;
+ op->o_bd = glue_back_select( b0, dn );
+ int rc;
+
+ if ( op->o_bd->be_fetch ) {
+ rc = op->o_bd->be_fetch( op, dn, oc, ad, rw, e );
+ } else {
+ rc = LDAP_UNWILLING_TO_PERFORM;
+ }
+ op->o_bd =b0;
+ return rc;
+}
+
static int
glue_entry_release_rw (
Operation *op,
@@ -597,13 +641,10 @@ glue_entry_release_rw (
int rw
)
{
- BackendDB *b0, b2;
+ BackendDB *b0 = op->o_bd;
int rc = -1;
- b0 = op->o_bd;
- b2 = *op->o_bd;
- b2.bd_info = (BackendInfo *)glue_tool_inst( op->o_bd->bd_info );
- op->o_bd = glue_back_select (&b2, &e->e_nname);
+ op->o_bd = glue_back_select (b0, &e->e_nname);
if ( op->o_bd->be_release ) {
rc = op->o_bd->be_release( op, e, rw );
@@ -742,13 +783,14 @@ glue_tool_entry_put (
static int
glue_tool_entry_reindex (
BackendDB *b0,
- ID id
+ ID id,
+ AttributeDescription **adv
)
{
if (!glueBack || !glueBack->be_entry_reindex)
return -1;
- return glueBack->be_entry_reindex (glueBack, id);
+ return glueBack->be_entry_reindex (glueBack, id, adv);
}
static int
@@ -799,8 +841,6 @@ glue_db_init(
oi->oi_bi.bi_open = glue_open;
oi->oi_bi.bi_close = glue_close;
- oi->oi_bi.bi_entry_release_rw = glue_entry_release_rw;
-
/* Only advertise these if the root DB supports them */
if ( bi->bi_tool_entry_open )
oi->oi_bi.bi_tool_entry_open = glue_tool_entry_open;
@@ -933,7 +973,7 @@ glue_sub_attach()
/* If it's not already configured, set up the overlay */
if ( !SLAP_GLUE_INSTANCE( be )) {
- rc = overlay_config( be, glue.on_bi.bi_type );
+ rc = overlay_config( be, glue.on_bi.bi_type, -1, NULL );
if ( rc )
break;
}
@@ -1009,9 +1049,14 @@ glue_sub_init()
glue.on_bi.bi_op_modrdn = glue_op_func;
glue.on_bi.bi_op_add = glue_op_func;
glue.on_bi.bi_op_delete = glue_op_func;
+ glue.on_bi.bi_extended = glue_op_func;
glue.on_bi.bi_chk_referrals = glue_chk_referrals;
glue.on_bi.bi_chk_controls = glue_chk_controls;
+ glue.on_bi.bi_entry_get_rw = glue_entry_get_rw;
+ glue.on_bi.bi_entry_release_rw = glue_entry_release_rw;
+
+ glue.on_response = glue_response;
return overlay_register( &glue );
}
diff --git a/servers/slapd/backover.c b/servers/slapd/backover.c
index 3ffd18828508066aff7add1f0da3246b26808a82..eccc395fedbca24b2bfd12a6a09b8e8dba2e52f8 100644
--- a/servers/slapd/backover.c
+++ b/servers/slapd/backover.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -238,6 +238,11 @@ over_back_response ( Operation *op, SlapReply *rs )
if ( rc != SLAP_CB_CONTINUE ) break;
}
}
+ /* Bypass the remaining on_response layers, but allow
+ * normal execution to continue.
+ */
+ if ( rc == SLAP_CB_BYPASS )
+ rc = SLAP_CB_CONTINUE;
op->o_bd = be;
return rc;
}
@@ -317,6 +322,147 @@ over_access_allowed(
return rc;
}
+int
+overlay_entry_get_ov(
+ Operation *op,
+ struct berval *dn,
+ ObjectClass *oc,
+ AttributeDescription *ad,
+ int rw,
+ Entry **e,
+ slap_overinst *on )
+{
+ slap_overinfo *oi = on->on_info;
+ BackendDB *be = op->o_bd, db;
+ BackendInfo *bi = op->o_bd->bd_info;
+ int rc = SLAP_CB_CONTINUE;
+
+ for ( ; on; on = on->on_next ) {
+ if ( on->on_bi.bi_entry_get_rw ) {
+ /* NOTE: do not copy the structure until required */
+ if ( !SLAP_ISOVERLAY( op->o_bd ) ) {
+ db = *op->o_bd;
+ db.be_flags |= SLAP_DBFLAG_OVERLAY;
+ op->o_bd = &db;
+ }
+
+ op->o_bd->bd_info = (BackendInfo *)on;
+ rc = on->on_bi.bi_entry_get_rw( op, dn,
+ oc, ad, rw, e );
+ if ( rc != SLAP_CB_CONTINUE ) break;
+ }
+ }
+
+ if ( rc == SLAP_CB_CONTINUE ) {
+ /* if the database structure was changed, o_bd points to a
+ * copy of the structure; put the original bd_info in place */
+ if ( SLAP_ISOVERLAY( op->o_bd ) ) {
+ op->o_bd->bd_info = oi->oi_orig;
+ }
+
+ if ( oi->oi_orig->bi_entry_get_rw ) {
+ rc = oi->oi_orig->bi_entry_get_rw( op, dn,
+ oc, ad, rw, e );
+ }
+ }
+ /* should not fall thru this far without anything happening... */
+ if ( rc == SLAP_CB_CONTINUE ) {
+ rc = LDAP_UNWILLING_TO_PERFORM;
+ }
+
+ op->o_bd = be;
+ op->o_bd->bd_info = bi;
+
+ return rc;
+}
+
+static int
+over_entry_get_rw(
+ Operation *op,
+ struct berval *dn,
+ ObjectClass *oc,
+ AttributeDescription *ad,
+ int rw,
+ Entry **e )
+{
+ slap_overinfo *oi;
+ slap_overinst *on;
+
+ assert( op->o_bd != NULL );
+
+ oi = op->o_bd->bd_info->bi_private;
+ on = oi->oi_list;
+
+ return overlay_entry_get_ov( op, dn, oc, ad, rw, e, on );
+}
+
+int
+overlay_entry_release_ov(
+ Operation *op,
+ Entry *e,
+ int rw,
+ slap_overinst *on )
+{
+ slap_overinfo *oi = on->on_info;
+ BackendDB *be = op->o_bd, db;
+ BackendInfo *bi = op->o_bd->bd_info;
+ int rc = SLAP_CB_CONTINUE;
+
+ for ( ; on; on = on->on_next ) {
+ if ( on->on_bi.bi_entry_release_rw ) {
+ /* NOTE: do not copy the structure until required */
+ if ( !SLAP_ISOVERLAY( op->o_bd ) ) {
+ db = *op->o_bd;
+ db.be_flags |= SLAP_DBFLAG_OVERLAY;
+ op->o_bd = &db;
+ }
+
+ op->o_bd->bd_info = (BackendInfo *)on;
+ rc = on->on_bi.bi_entry_release_rw( op, e, rw );
+ if ( rc != SLAP_CB_CONTINUE ) break;
+ }
+ }
+
+ if ( rc == SLAP_CB_CONTINUE ) {
+ /* if the database structure was changed, o_bd points to a
+ * copy of the structure; put the original bd_info in place */
+ if ( SLAP_ISOVERLAY( op->o_bd ) ) {
+ op->o_bd->bd_info = oi->oi_orig;
+ }
+
+ if ( oi->oi_orig->bi_entry_release_rw ) {
+ rc = oi->oi_orig->bi_entry_release_rw( op, e, rw );
+ }
+ }
+ /* should not fall thru this far without anything happening... */
+ if ( rc == SLAP_CB_CONTINUE ) {
+ entry_free( e );
+ rc = 0;
+ }
+
+ op->o_bd = be;
+ op->o_bd->bd_info = bi;
+
+ return rc;
+}
+
+static int
+over_entry_release_rw(
+ Operation *op,
+ Entry *e,
+ int rw )
+{
+ slap_overinfo *oi;
+ slap_overinst *on;
+
+ assert( op->o_bd != NULL );
+
+ oi = op->o_bd->bd_info->bi_private;
+ on = oi->oi_list;
+
+ return overlay_entry_release_ov( op, e, rw, on );
+}
+
static int
over_acl_group(
Operation *op,
@@ -493,6 +639,8 @@ int overlay_op_walk(
if ( rc != SLAP_CB_CONTINUE ) break;
}
}
+ if ( rc == SLAP_CB_BYPASS )
+ rc = SLAP_CB_CONTINUE;
func = &oi->oi_orig->bi_op_bind;
if ( func[which] && rc == SLAP_CB_CONTINUE ) {
@@ -935,14 +1083,77 @@ overlay_destroy_one( BackendDB *be, slap_overinst *on )
}
}
+void
+overlay_insert( BackendDB *be, slap_overinst *on2, slap_overinst ***prev,
+ int idx )
+{
+ slap_overinfo *oi = (slap_overinfo *)be->bd_info;
+
+ if ( idx == -1 ) {
+ on2->on_next = oi->oi_list;
+ oi->oi_list = on2;
+ } else {
+ int i;
+ slap_overinst *on, *otmp1 = NULL, *otmp2;
+
+ /* Since the list is in reverse order and is singly linked,
+ * we reverse it to find the idx insertion point. Adding
+ * on overlay at a specific point should be a pretty
+ * infrequent occurrence.
+ */
+ for ( on = oi->oi_list; on; on=otmp2 ) {
+ otmp2 = on->on_next;
+ on->on_next = otmp1;
+ otmp1 = on;
+ }
+ oi->oi_list = NULL;
+ /* advance to insertion point */
+ for ( i=0, on = otmp1; i<idx; i++ ) {
+ otmp1 = on->on_next;
+ on->on_next = oi->oi_list;
+ oi->oi_list = on;
+ }
+ /* insert */
+ on2->on_next = oi->oi_list;
+ oi->oi_list = on2;
+ if ( otmp1 ) {
+ *prev = &otmp1->on_next;
+ /* replace remainder of list */
+ for ( on=otmp1; on; on=otmp1 ) {
+ otmp1 = on->on_next;
+ on->on_next = oi->oi_list;
+ oi->oi_list = on;
+ }
+ }
+ }
+}
+
+void
+overlay_move( BackendDB *be, slap_overinst *on, int idx )
+{
+ slap_overinfo *oi = (slap_overinfo *)be->bd_info;
+ slap_overinst **onp;
+
+ for (onp = &oi->oi_list; *onp; onp= &(*onp)->on_next) {
+ if ( *onp == on ) {
+ *onp = on->on_next;
+ break;
+ }
+ }
+ overlay_insert( be, on, &onp, idx );
+}
+
/* add an overlay to a particular backend. */
int
-overlay_config( BackendDB *be, const char *ov )
+overlay_config( BackendDB *be, const char *ov, int idx, BackendInfo **res )
{
- slap_overinst *on = NULL, *on2 = NULL;
+ slap_overinst *on = NULL, *on2 = NULL, **prev;
slap_overinfo *oi = NULL;
BackendInfo *bi = NULL;
+ if ( res )
+ *res = NULL;
+
on = overlay_find( ov );
if ( !on ) {
Debug( LDAP_DEBUG_ANY, "overlay \"%s\" not found\n", ov, 0, 0 );
@@ -1020,6 +1231,8 @@ overlay_config( BackendDB *be, const char *ov )
bi->bi_chk_controls = over_aux_chk_controls;
/* these have specific arglists */
+ bi->bi_entry_get_rw = over_entry_get_rw;
+ bi->bi_entry_release_rw = over_entry_release_rw;
bi->bi_access_allowed = over_access_allowed;
bi->bi_acl_group = over_acl_group;
bi->bi_acl_attribute = over_acl_attribute;
@@ -1042,28 +1255,44 @@ overlay_config( BackendDB *be, const char *ov )
oi = be->bd_info->bi_private;
}
- /* Insert new overlay on head of list. Overlays are executed
- * in reverse of config order...
+ /* Insert new overlay into list. By default overlays are
+ * added to head of list and executed in LIFO order.
*/
on2 = ch_calloc( 1, sizeof(slap_overinst) );
*on2 = *on;
on2->on_info = oi;
- on2->on_next = oi->oi_list;
- oi->oi_list = on2;
+
+ prev = &oi->oi_list;
+ /* Do we need to find the insertion point? */
+ if ( idx >= 0 ) {
+ int i;
+
+ /* count current overlays */
+ for ( i=0, on=oi->oi_list; on; on=on->on_next, i++ );
+
+ /* are we just appending a new one? */
+ if ( idx >= i )
+ idx = -1;
+ }
+ overlay_insert( be, on2, &prev, idx );
/* Any initialization needed? */
- if ( on->on_bi.bi_db_init ) {
+ if ( on2->on_bi.bi_db_init ) {
int rc;
be->bd_info = (BackendInfo *)on2;
rc = on2->on_bi.bi_db_init( be );
be->bd_info = (BackendInfo *)oi;
if ( rc ) {
- oi->oi_list = on2->on_next;
+ *prev = on2->on_next;
ch_free( on2 );
+ on2 = NULL;
return rc;
}
}
+ if ( res )
+ *res = &on2->on_bi;
+
return 0;
}
diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c
index 9e44314f69bb004ba4863c3602b3417d1cac7b6d..c01ec584a51ef30757316ade1c5a0b337d663cc4 100644
--- a/servers/slapd/bconfig.c
+++ b/servers/slapd/bconfig.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2005-2006 The OpenLDAP Foundation.
+ * Copyright 2005-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -37,8 +37,11 @@
#include "config.h"
-static struct berval config_rdn = BER_BVC("cn=config");
-static struct berval schema_rdn = BER_BVC("cn=schema");
+#define CONFIG_RDN "cn=config"
+#define SCHEMA_RDN "cn=schema"
+
+static struct berval config_rdn = BER_BVC(CONFIG_RDN);
+static struct berval schema_rdn = BER_BVC(SCHEMA_RDN);
extern int slap_DN_strict; /* dn.c */
@@ -71,6 +74,8 @@ typedef struct {
int cb_use_ldif;
} CfBackInfo;
+static CfBackInfo cfBackInfo;
+
static char *passwd_salt;
static char *logfileName;
#ifdef SLAP_AUTH_REWRITE
@@ -81,15 +86,25 @@ static struct berval cfdir;
/* Private state */
static AttributeDescription *cfAd_backend, *cfAd_database, *cfAd_overlay,
- *cfAd_include;
+ *cfAd_include, *cfAd_attr, *cfAd_oc, *cfAd_om;
static ConfigFile *cfn;
static Avlnode *CfOcTree;
+/* System schema state */
+extern AttributeType *at_sys_tail; /* at.c */
+extern ObjectClass *oc_sys_tail; /* oc.c */
+extern OidMacro *om_sys_tail; /* oidm.c */
+static AttributeType *cf_at_tail;
+static ObjectClass *cf_oc_tail;
+static OidMacro *cf_om_tail;
+
static int config_add_internal( CfBackInfo *cfb, Entry *e, ConfigArgs *ca,
SlapReply *rs, int *renumber, Operation *op );
+static int config_check_schema( Operation *op, CfBackInfo *cfb );
+
static ConfigDriver config_fname;
static ConfigDriver config_cfdir;
static ConfigDriver config_generic;
@@ -164,6 +179,7 @@ enum {
CFG_MIRRORMODE,
CFG_HIDDEN,
CFG_MONITORING,
+ CFG_SERVERID,
CFG_LAST
};
@@ -185,6 +201,12 @@ static OidRec OidMacros[] = {
{ "OLcfgBkOc", "OLcfgOc:1" },
{ "OLcfgDbOc", "OLcfgOc:2" },
{ "OLcfgOvOc", "OLcfgOc:3" },
+
+ /* Syntaxes. We should just start using the standard names and
+ * document that they are predefined and available for users
+ * to reference in their own schema. Defining schema without
+ * OID macros is for masochists...
+ */
{ "OMsyn", "1.3.6.1.4.1.1466.115.121.1" },
{ "OMsBoolean", "OMsyn:7" },
{ "OMsDN", "OMsyn:12" },
@@ -329,8 +351,7 @@ static ConfigTable config_back_cf_table[] = {
&global_idletimeout, "( OLcfgGlAt:18 NAME 'olcIdleTimeout' "
"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
{ "include", "file", 2, 2, 0, ARG_MAGIC,
- &config_include, "( OLcfgGlAt:19 NAME 'olcInclude' "
- "SUP labeledURI )", NULL, NULL },
+ &config_include, NULL, NULL, NULL },
{ "index_substr_if_minlen", "min", 2, 2, 0, ARG_INT|ARG_NONZERO|ARG_MAGIC|CFG_SSTR_IF_MIN,
&config_generic, "( OLcfgGlAt:20 NAME 'olcIndexSubstrIfMinLen' "
"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
@@ -393,7 +414,7 @@ static ConfigTable config_back_cf_table[] = {
"EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )",
NULL, NULL },
- { "objectidentifier", NULL, 0, 0, 0, ARG_MAGIC|CFG_OID,
+ { "objectidentifier", "name> <oid", 3, 3, 0, ARG_MAGIC|CFG_OID,
&config_generic, "( OLcfgGlAt:33 NAME 'olcObjectIdentifier' "
"EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
@@ -512,6 +533,10 @@ static ConfigTable config_back_cf_table[] = {
&config_security, "( OLcfgGlAt:59 NAME 'olcSecurity' "
"EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString )", NULL, NULL },
+ { "serverID", "number> <[URI]", 2, 3, 0, ARG_MAGIC|CFG_SERVERID,
+ &config_generic, "( OLcfgGlAt:81 NAME 'olcServerID' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString )", NULL, NULL },
{ "sizelimit", "limit", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
&config_sizelimit, "( OLcfgGlAt:60 NAME 'olcSizeLimit' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
@@ -521,14 +546,6 @@ static ConfigTable config_back_cf_table[] = {
{ "sockbuf_max_incoming_auth", "max", 2, 2, 0, ARG_BER_LEN_T,
&sockbuf_max_incoming_auth, "( OLcfgGlAt:62 NAME 'olcSockbufMaxIncomingAuth' "
"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
- { "srvtab", "file", 2, 2, 0,
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
- ARG_STRING, &ldap_srvtab,
-#else
- ARG_IGNORED, NULL,
-#endif
- "( OLcfgGlAt:63 NAME 'olcSrvtab' "
- "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
{ "subordinate", "[advertise]", 1, 2, 0, ARG_DB|ARG_MAGIC,
&config_subordinate, "( OLcfgDbAt:0.15 NAME 'olcSubordinate' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
@@ -538,7 +555,8 @@ static ConfigTable config_back_cf_table[] = {
"SYNTAX OMsDN )", NULL, NULL },
{ "syncrepl", NULL, 0, 0, 0, ARG_DB|ARG_MAGIC,
&syncrepl_config, "( OLcfgDbAt:0.11 NAME 'olcSyncrepl' "
- "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
{ "threads", "count", 2, 2, 0,
#ifdef NO_THREADS
ARG_IGNORED, NULL,
@@ -639,7 +657,7 @@ static ConfigTable config_back_cf_table[] = {
};
/* Routines to check if a child can be added to this type */
-static ConfigLDAPadd cfAddSchema, cfAddInclude, cfAddDatabase,
+static ConfigLDAPadd cfAddSchema, cfAddDatabase,
cfAddBackend, cfAddModule, cfAddOverlay;
/* NOTE: be careful when defining array members
@@ -649,10 +667,9 @@ static ConfigLDAPadd cfAddSchema, cfAddInclude, cfAddDatabase,
#define CFOC_BACKEND cf_ocs[3]
#define CFOC_DATABASE cf_ocs[4]
#define CFOC_OVERLAY cf_ocs[5]
-#define CFOC_INCLUDE cf_ocs[6]
-#define CFOC_FRONTEND cf_ocs[7]
+#define CFOC_FRONTEND cf_ocs[6]
#ifdef SLAPD_MODULES
-#define CFOC_MODULE cf_ocs[8]
+#define CFOC_MODULE cf_ocs[7]
#endif /* SLAPD_MODULES */
static ConfigOCs cf_ocs[] = {
@@ -677,8 +694,8 @@ static ConfigOCs cf_ocs[] = {
"olcReplogFile $ olcRequires $ olcRestrict $ olcReverseLookup $ "
"olcRootDSE $ "
"olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ "
- "olcSecurity $ olcSizeLimit $ "
- "olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcSrvtab $ "
+ "olcSecurity $ olcServerID $ olcSizeLimit $ "
+ "olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ "
"olcThreads $ olcTimeLimit $ olcTLSCACertificateFile $ "
"olcTLSCACertificatePath $ olcTLSCertificateFile $ "
"olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ "
@@ -717,13 +734,6 @@ static ConfigOCs cf_ocs[] = {
"DESC 'OpenLDAP Overlay-specific options' "
"SUP olcConfig STRUCTURAL "
"MUST olcOverlay )", Cft_Overlay, NULL, cfAddOverlay },
- { "( OLcfgGlOc:6 "
- "NAME 'olcIncludeFile' "
- "DESC 'OpenLDAP configuration include file' "
- "SUP olcConfig STRUCTURAL "
- "MUST olcInclude "
- "MAY ( cn $ olcRootDSE ) )",
- Cft_Include, NULL, cfAddInclude },
/* This should be STRUCTURAL like all the other database classes, but
* that would mean inheriting all of the olcDatabaseConfig attributes,
* which causes them to be merged twice in config_build_entry.
@@ -745,9 +755,16 @@ static ConfigOCs cf_ocs[] = {
{ NULL, 0, NULL }
};
+typedef struct ServerID {
+ struct ServerID *si_next;
+ struct berval si_url;
+ int si_num;
+} ServerID;
+
+static ServerID *sid_list;
+
static int
config_generic(ConfigArgs *c) {
- char *p;
int i;
if ( c->op == SLAP_CONFIG_EMIT ) {
@@ -932,6 +949,30 @@ config_generic(ConfigArgs *c) {
}
}
break;
+ case CFG_SERVERID:
+ if ( sid_list ) {
+ ServerID *si;
+ struct berval bv;
+ char *ptr;
+
+ for ( si = sid_list; si; si=si->si_next ) {
+ if ( !BER_BVISEMPTY( &si->si_url )) {
+ bv.bv_len = si->si_url.bv_len + 6;
+ bv.bv_val = ch_malloc( bv.bv_len );
+ sprintf( bv.bv_val, "%d %s", si->si_num,
+ si->si_url.bv_val );
+ ber_bvarray_add( &c->rvalue_vals, &bv );
+ } else {
+ char buf[5];
+ bv.bv_val = buf;
+ bv.bv_len = sprintf( buf, "%d", si->si_num );
+ value_add_one( &c->rvalue_vals, &bv );
+ }
+ }
+ } else {
+ rc = 1;
+ }
+ break;
case CFG_LOGFILE:
if ( logfileName )
c->value_string = ch_strdup( logfileName );
@@ -1080,6 +1121,23 @@ config_generic(ConfigArgs *c) {
logfileName = NULL;
break;
+ case CFG_SERVERID: {
+ int i;
+ ServerID *si, **sip;
+
+ for ( i=0, si = sid_list, sip = &sid_list;
+ si; si = *sip, i++ ) {
+ if ( c->valx == -1 || i == c->valx ) {
+ *sip = si->si_next;
+ ch_free( si );
+ if ( c->valx >= 0 )
+ break;
+ } else {
+ sip = &si->si_next;
+ }
+ }
+ }
+ break;
case CFG_HIDDEN:
c->be->be_flags &= ~SLAP_DBFLAG_HIDDEN;
break;
@@ -1195,8 +1253,6 @@ config_generic(ConfigArgs *c) {
return rc;
}
- p = strchr(c->line,'(' /*')'*/);
-
switch(c->type) {
case CFG_BACKEND:
if(!(c->bi = backend_info(c->argv[1]))) {
@@ -1216,7 +1272,7 @@ config_generic(ConfigArgs *c) {
} else if ( !strcasecmp( c->argv[1], "frontend" )) {
c->be = frontendDB;
} else {
- c->be = backend_db_init(c->argv[1], NULL);
+ c->be = backend_db_init(c->argv[1], NULL, c->valx);
if ( !c->be ) {
snprintf( c->msg, sizeof( c->msg ), "<%s> failed init", c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s (%s)!\n",
@@ -1313,7 +1369,7 @@ config_generic(ConfigArgs *c) {
if ( c->op == LDAP_MOD_ADD && c->private && cfn != c->private )
cfn = c->private;
- if(parse_oidm(c->fname, c->lineno, c->argc, c->argv, 1, &om))
+ if(parse_oidm(c, 1, &om))
return(1);
if (!cfn->c_om_head) cfn->c_om_head = om;
cfn->c_om_tail = om;
@@ -1346,7 +1402,7 @@ config_generic(ConfigArgs *c) {
}
/* else prev is NULL, append to end of global list */
}
- if(parse_oc(c->fname, c->lineno, p, c->argv, &oc, prev)) return(1);
+ if(parse_oc(c, &oc, prev)) return(1);
if (!cfn->c_oc_head) cfn->c_oc_head = oc;
if (cfn->c_oc_tail == prev) cfn->c_oc_tail = oc;
}
@@ -1378,7 +1434,7 @@ config_generic(ConfigArgs *c) {
}
/* else prev is NULL, append to end of global list */
}
- if(parse_at(c->fname, c->lineno, p, c->argv, &at, prev)) return(1);
+ if(parse_at(c, &at, prev)) return(1);
if (!cfn->c_at_head) cfn->c_at_head = at;
if (cfn->c_at_tail == prev) cfn->c_at_tail = at;
}
@@ -1389,7 +1445,7 @@ config_generic(ConfigArgs *c) {
if ( c->op == LDAP_MOD_ADD && c->private && cfn != c->private )
cfn = c->private;
- if(parse_cr(c->fname, c->lineno, p, c->argv, &cr)) return(1);
+ if(parse_cr(c, &cr)) return(1);
if (!cfn->c_cr_head) cfn->c_cr_head = cr;
cfn->c_cr_tail = cr;
}
@@ -1497,7 +1553,7 @@ config_generic(ConfigArgs *c) {
break;
case CFG_ROOTDSE:
- if(read_root_dse_file(c->argv[1])) {
+ if(root_dse_read_file(c->argv[1])) {
snprintf( c->msg, sizeof( c->msg ), "<%s> could not read file", c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
c->log, c->msg, c->argv[1] );
@@ -1512,6 +1568,111 @@ config_generic(ConfigArgs *c) {
}
break;
+ case CFG_SERVERID:
+ {
+ ServerID *si, **sip;
+ LDAPURLDesc *lud;
+ int num = atoi( c->argv[1] );
+ if ( num < 0 || num > SLAP_SYNC_SID_MAX ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "<%s> illegal server ID", c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
+ c->log, c->msg, c->argv[1] );
+ return 1;
+ }
+ /* only one value allowed if no URL is given */
+ if ( c->argc > 2 ) {
+ int len;
+
+ if ( sid_list && BER_BVISEMPTY( &sid_list->si_url )) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "<%s> only one server ID allowed now", c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
+ c->log, c->msg, c->argv[1] );
+ return 1;
+ }
+
+ if ( ldap_url_parse( c->argv[2], &lud )) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "<%s> invalid URL", c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
+ c->log, c->msg, c->argv[2] );
+ return 1;
+ }
+ len = strlen( c->argv[2] );
+ si = ch_malloc( sizeof(ServerID) + len + 1 );
+ si->si_url.bv_val = (char *)(si+1);
+ si->si_url.bv_len = len;
+ strcpy( si->si_url.bv_val, c->argv[2] );
+ } else {
+ if ( sid_list ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "<%s> unqualified server ID not allowed now", c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
+ c->log, c->msg, c->argv[1] );
+ return 1;
+ }
+ si = ch_malloc( sizeof(ServerID) );
+ slap_serverID = num;
+ }
+ si->si_next = NULL;
+ si->si_num = num;
+ for ( sip = &sid_list; *sip; sip = &(*sip)->si_next );
+ *sip = si;
+
+ if (( slapMode & SLAP_SERVER_MODE ) && c->argc > 2 ) {
+ /* If hostname is empty, or is localhost, or matches
+ * our hostname, this serverID refers to this host.
+ * Compare it against listeners and ports.
+ */
+ if ( !lud->lud_host || !lud->lud_host[0] ||
+ !strncasecmp("localhost", lud->lud_host,
+ STRLENOF("localhost")) ||
+ !strcasecmp( global_host, lud->lud_host )) {
+ Listener **l = slapd_get_listeners();
+ int i;
+
+ for ( i=0; l[i]; i++ ) {
+ LDAPURLDesc *lu2;
+ int isMe = 0;
+ ldap_url_parse( l[i]->sl_url.bv_val, &lu2 );
+ do {
+ if ( strcasecmp( lud->lud_scheme,
+ lu2->lud_scheme ))
+ break;
+ if ( lud->lud_port != lu2->lud_port )
+ break;
+ /* Listener on ANY address */
+ if ( !lu2->lud_host || !lu2->lud_host[0] ) {
+ isMe = 1;
+ break;
+ }
+ /* URL on ANY address */
+ if ( !lud->lud_host || !lud->lud_host[0] ) {
+ isMe = 1;
+ break;
+ }
+ /* Listener has specific host, must
+ * match it
+ */
+ if ( !strcasecmp( lud->lud_host,
+ lu2->lud_host )) {
+ isMe = 1;
+ break;
+ }
+ } while(0);
+ ldap_free_urldesc( lu2 );
+ if ( isMe ) {
+ slap_serverID = si->si_num;
+ break;
+ }
+ }
+ }
+ }
+ if ( c->argc > 2 )
+ ldap_free_urldesc( lud );
+ }
+ break;
case CFG_LOGFILE: {
FILE *logfile;
if ( logfileName ) ch_free( logfileName );
@@ -1614,6 +1775,10 @@ config_generic(ConfigArgs *c) {
ber_str2bv(ptr, 0, 1, &bv);
ber_bvarray_add( &modcur->mp_loads, &bv );
}
+ /* Check for any new hardcoded schema */
+ if ( c->op == LDAP_MOD_ADD && CONFIG_ONLINE_ADD( c )) {
+ config_check_schema( NULL, &cfBackInfo );
+ }
break;
case CFG_MODPATH:
@@ -1918,26 +2083,21 @@ config_timelimit(ConfigArgs *c) {
static int
config_overlay(ConfigArgs *c) {
- slap_overinfo *oi;
if (c->op == SLAP_CONFIG_EMIT) {
return 1;
} else if ( c->op == LDAP_MOD_DELETE ) {
assert(0);
}
- if(c->argv[1][0] == '-' && overlay_config(c->be, &c->argv[1][1])) {
+ if(c->argv[1][0] == '-' && overlay_config(c->be, &c->argv[1][1],
+ c->valx, &c->bi)) {
/* log error */
Debug( LDAP_DEBUG_ANY,
"%s: (optional) %s overlay \"%s\" configuration failed.\n",
c->log, c->be == frontendDB ? "global " : "", &c->argv[1][1]);
return 1;
- } else if(overlay_config(c->be, c->argv[1])) {
+ } else if(overlay_config(c->be, c->argv[1], c->valx, &c->bi)) {
return(1);
}
- /* Setup context for subsequent config directives.
- * The newly added overlay is at the head of the list.
- */
- oi = (slap_overinfo *)c->be->bd_info;
- c->bi = &oi->oi_list->on_bi;
return(0);
}
@@ -2080,22 +2240,30 @@ config_suffix(ConfigArgs *c)
free(pdn.bv_val);
free(ndn.bv_val);
} else if(tbe) {
- char *type = tbe->bd_info->bi_type;
+ BackendDB *b2 = tbe;
- if ( overlay_is_over( tbe ) ) {
- slap_overinfo *oi = (slap_overinfo *)tbe->bd_info->bi_private;
- type = oi->oi_orig->bi_type;
- }
+ /* Does tbe precede be? */
+ while (( b2 = LDAP_STAILQ_NEXT(b2, be_next )) && b2 && b2 != c->be );
- snprintf( c->msg, sizeof( c->msg ), "<%s> namingContext \"%s\" already served by "
- "a preceding %s database serving namingContext",
- c->argv[0], pdn.bv_val, type );
- Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
- c->log, c->msg, tbe->be_suffix[0].bv_val);
- free(pdn.bv_val);
- free(ndn.bv_val);
- return(1);
- } else if(pdn.bv_len == 0 && default_search_nbase.bv_len) {
+ if ( b2 ) {
+ char *type = tbe->bd_info->bi_type;
+
+ if ( overlay_is_over( tbe ) ) {
+ slap_overinfo *oi = (slap_overinfo *)tbe->bd_info->bi_private;
+ type = oi->oi_orig->bi_type;
+ }
+
+ snprintf( c->msg, sizeof( c->msg ), "<%s> namingContext \"%s\" "
+ "already served by a preceding %s database",
+ c->argv[0], pdn.bv_val, type );
+ Debug(LDAP_DEBUG_ANY, "%s: %s serving namingContext \"%s\"\n",
+ c->log, c->msg, tbe->be_suffix[0].bv_val);
+ free(pdn.bv_val);
+ free(ndn.bv_val);
+ return(1);
+ }
+ }
+ if(pdn.bv_len == 0 && default_search_nbase.bv_len) {
Debug(LDAP_DEBUG_ANY, "%s: suffix DN empty and default search "
"base provided \"%s\" (assuming okay)\n",
c->log, default_search_base.bv_val, 0);
@@ -2253,7 +2421,6 @@ config_disallows(ConfigArgs *c) {
slap_verbmasks disallowable_ops[] = {
{ BER_BVC("bind_anon"), SLAP_DISALLOW_BIND_ANON },
{ BER_BVC("bind_simple"), SLAP_DISALLOW_BIND_SIMPLE },
- { BER_BVC("bind_krb4"), SLAP_DISALLOW_BIND_KRBV4 },
{ BER_BVC("tls_2_anon"), SLAP_DISALLOW_TLS_2_ANON },
{ BER_BVC("tls_authc"), SLAP_DISALLOW_TLS_AUTHC },
{ BER_BVNULL, 0 }
@@ -2949,9 +3116,6 @@ config_shadow( ConfigArgs *c, int flag )
} else if ( SLAP_MONITOR(c->be) ) {
notallowed = "monitor";
-
- } else if ( SLAP_CONFIG(c->be) ) {
- notallowed = "config";
}
if ( notallowed != NULL ) {
@@ -2986,7 +3150,7 @@ config_updateref(ConfigArgs *c) {
}
return 0;
}
- if(!SLAP_SHADOW(c->be)) {
+ if(!SLAP_SHADOW(c->be) && !c->be->be_syncinfo) {
snprintf( c->msg, sizeof( c->msg ), "<%s> must appear after syncrepl or updatedn",
c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s\n",
@@ -3012,15 +3176,8 @@ config_include(ConfigArgs *c) {
ConfigFile *cf;
ConfigFile *cfsave = cfn;
ConfigFile *cf2 = NULL;
- if (c->op == SLAP_CONFIG_EMIT) {
- if (c->private) {
- ConfigFile *cf = c->private;
- value_add_one( &c->rvalue_vals, &cf->c_file );
- return 0;
- }
- return 1;
- } else if ( c->op == LDAP_MOD_DELETE ) {
- }
+
+ /* No dynamic config for include files */
cf = ch_calloc( 1, sizeof(ConfigFile));
if ( cfn->c_kids ) {
for (cf2=cfn->c_kids; cf2 && cf2->c_sibs; cf2=cf2->c_sibs) ;
@@ -3075,22 +3232,9 @@ config_tls_option(ConfigArgs *c) {
static int
config_tls_config(ConfigArgs *c) {
int i, flag;
- slap_verbmasks crlkeys[] = {
- { BER_BVC("none"), LDAP_OPT_X_TLS_CRL_NONE },
- { BER_BVC("peer"), LDAP_OPT_X_TLS_CRL_PEER },
- { BER_BVC("all"), LDAP_OPT_X_TLS_CRL_ALL },
- { BER_BVNULL, 0 }
- };
- slap_verbmasks vfykeys[] = {
- { BER_BVC("never"), LDAP_OPT_X_TLS_NEVER },
- { BER_BVC("demand"), LDAP_OPT_X_TLS_DEMAND },
- { BER_BVC("try"), LDAP_OPT_X_TLS_TRY },
- { BER_BVC("hard"), LDAP_OPT_X_TLS_HARD },
- { BER_BVNULL, 0 }
- }, *keys;
switch(c->type) {
- case CFG_TLS_CRLCHECK: flag = LDAP_OPT_X_TLS_CRLCHECK; keys = crlkeys; break;
- case CFG_TLS_VERIFY: flag = LDAP_OPT_X_TLS_REQUIRE_CERT; keys = vfykeys; break;
+ case CFG_TLS_CRLCHECK: flag = LDAP_OPT_X_TLS_CRLCHECK; break;
+ case CFG_TLS_VERIFY: flag = LDAP_OPT_X_TLS_REQUIRE_CERT; break;
default:
Debug(LDAP_DEBUG_ANY, "%s: "
"unknown tls_option <0x%x>\n",
@@ -3098,14 +3242,7 @@ config_tls_config(ConfigArgs *c) {
return 1;
}
if (c->op == SLAP_CONFIG_EMIT) {
- ldap_pvt_tls_get_option( slap_tls_ld, flag, &c->value_int );
- for (i=0; !BER_BVISNULL(&keys[i].word); i++) {
- if (keys[i].mask == c->value_int) {
- c->value_string = ch_strdup( keys[i].word.bv_val );
- return 0;
- }
- }
- return 1;
+ return slap_tls_get_config( slap_tls_ld, flag, &c->value_string );
} else if ( c->op == LDAP_MOD_DELETE ) {
int i = 0;
return ldap_pvt_tls_set_option( slap_tls_ld, flag, &i );
@@ -3167,6 +3304,10 @@ config_find_base( CfEntryInfo *root, struct berval *dn, CfEntryInfo **last )
typedef struct setup_cookie {
CfBackInfo *cfb;
ConfigArgs *ca;
+ Entry *frontend;
+ Entry *config;
+ int got_frontend;
+ int got_config;
} setup_cookie;
static int
@@ -3176,6 +3317,60 @@ config_ldif_resp( Operation *op, SlapReply *rs )
setup_cookie *sc = op->o_callback->sc_private;
sc->cfb->cb_got_ldif = 1;
+ /* Does the frontend exist? */
+ if ( !sc->got_frontend ) {
+ if ( !strncmp( rs->sr_entry->e_nname.bv_val,
+ "olcDatabase", STRLENOF( "olcDatabase" ))) {
+ if ( strncmp( rs->sr_entry->e_nname.bv_val +
+ STRLENOF( "olcDatabase" ), "={-1}frontend",
+ STRLENOF( "={-1}frontend" ))) {
+ struct berval rdn;
+ int i = op->o_noop;
+ sc->ca->be = frontendDB;
+ sc->ca->bi = frontendDB->bd_info;
+ frontendDB->be_cf_ocs = &CFOC_FRONTEND;
+ rdn.bv_val = sc->ca->log;
+ rdn.bv_len = snprintf(rdn.bv_val, sizeof( sc->ca->log ),
+ "%s=" SLAP_X_ORDERED_FMT "%s",
+ cfAd_database->ad_cname.bv_val, -1,
+ sc->ca->bi->bi_type);
+ op->o_noop = 1;
+ sc->frontend = config_build_entry( op, rs,
+ sc->cfb->cb_root, sc->ca, &rdn, &CFOC_DATABASE,
+ sc->ca->be->be_cf_ocs );
+ op->o_noop = i;
+ sc->got_frontend++;
+ } else {
+ sc->got_frontend++;
+ goto ok;
+ }
+ }
+ }
+ /* Does the configDB exist? */
+ if ( sc->got_frontend && !sc->got_config &&
+ !strncmp( rs->sr_entry->e_nname.bv_val,
+ "olcDatabase", STRLENOF( "olcDatabase" ))) {
+ if ( strncmp( rs->sr_entry->e_nname.bv_val +
+ STRLENOF( "olcDatabase" ), "={0}config",
+ STRLENOF( "={0}config" ))) {
+ struct berval rdn;
+ int i = op->o_noop;
+ sc->ca->be = LDAP_STAILQ_FIRST( &backendDB );
+ sc->ca->bi = sc->ca->be->bd_info;
+ rdn.bv_val = sc->ca->log;
+ rdn.bv_len = snprintf(rdn.bv_val, sizeof( sc->ca->log ),
+ "%s=" SLAP_X_ORDERED_FMT "%s",
+ cfAd_database->ad_cname.bv_val, 0,
+ sc->ca->bi->bi_type);
+ op->o_noop = 1;
+ sc->config = config_build_entry( op, rs, sc->cfb->cb_root,
+ sc->ca, &rdn, &CFOC_DATABASE, sc->ca->be->be_cf_ocs );
+ op->o_noop = i;
+ }
+ sc->got_config++;
+ }
+
+ok:
rs->sr_err = config_add_internal( sc->cfb, rs->sr_entry, sc->ca, NULL, NULL, NULL );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "config error processing %s: %s\n",
@@ -3215,7 +3410,7 @@ config_setup_ldif( BackendDB *be, const char *dir, int readit ) {
if ( !cfb->cb_db.bd_info )
return 0; /* FIXME: eventually this will be a fatal error */
- if ( backend_db_init( "ldif", &cfb->cb_db ) == NULL )
+ if ( backend_db_init( "ldif", &cfb->cb_db, -1 ) == NULL )
return 1;
cfb->cb_db.be_suffix = be->be_suffix;
@@ -3278,6 +3473,10 @@ config_setup_ldif( BackendDB *be, const char *dir, int readit ) {
sc.cfb = cfb;
sc.ca = &c;
cb.sc_private = ≻
+ sc.got_frontend = 0;
+ sc.got_config = 0;
+ sc.frontend = NULL;
+ sc.config = NULL;
op->o_bd = &cfb->cb_db;
@@ -3290,6 +3489,15 @@ config_setup_ldif( BackendDB *be, const char *dir, int readit ) {
/* Restore normal DN validation */
slap_DN_strict = prev_DN_strict;
+ op->o_tag = LDAP_REQ_ADD;
+ if ( rc == LDAP_SUCCESS && sc.frontend ) {
+ op->ora_e = sc.frontend;
+ rc = op->o_bd->be_add( op, &rs );
+ }
+ if ( rc == LDAP_SUCCESS && sc.config ) {
+ op->ora_e = sc.config;
+ rc = op->o_bd->be_add( op, &rs );
+ }
ldap_pvt_thread_pool_context_reset( thrctx );
}
@@ -3338,7 +3546,7 @@ read_config(const char *fname, const char *dir) {
int rc;
/* Setup the config backend */
- be = backend_db_init( "config", NULL );
+ be = backend_db_init( "config", NULL, 0 );
if ( !be )
return 1;
@@ -3571,13 +3779,181 @@ check_vals( ConfigTable *ct, ConfigArgs *ca, void *ptr, int isAttr )
return rc;
}
+static int
+config_rename_attr( SlapReply *rs, Entry *e, struct berval *rdn,
+ Attribute **at )
+{
+ struct berval rtype, rval;
+ Attribute *a;
+ AttributeDescription *ad = NULL;
+
+ dnRdn( &e->e_name, rdn );
+ rval.bv_val = strchr(rdn->bv_val, '=' ) + 1;
+ rval.bv_len = rdn->bv_len - (rval.bv_val - rdn->bv_val);
+ rtype.bv_val = rdn->bv_val;
+ rtype.bv_len = rval.bv_val - rtype.bv_val - 1;
+
+ /* Find attr */
+ slap_bv2ad( &rtype, &ad, &rs->sr_text );
+ a = attr_find( e->e_attrs, ad );
+ if (!a ) return LDAP_NAMING_VIOLATION;
+ *at = a;
+
+ return 0;
+}
+
+static void
+config_rename_kids( CfEntryInfo *ce )
+{
+ CfEntryInfo *ce2;
+ struct berval rdn, nrdn;
+
+ for (ce2 = ce->ce_kids; ce2; ce2 = ce2->ce_sibs) {
+ dnRdn ( &ce2->ce_entry->e_name, &rdn );
+ dnRdn ( &ce2->ce_entry->e_nname, &nrdn );
+ free( ce2->ce_entry->e_name.bv_val );
+ free( ce2->ce_entry->e_nname.bv_val );
+ build_new_dn( &ce2->ce_entry->e_name, &ce->ce_entry->e_name,
+ &rdn, NULL );
+ build_new_dn( &ce2->ce_entry->e_nname, &ce->ce_entry->e_nname,
+ &nrdn, NULL );
+ config_rename_kids( ce2 );
+ }
+}
+
+static int
+config_rename_one( Operation *op, SlapReply *rs, Entry *e,
+ CfEntryInfo *parent, Attribute *a, struct berval *newrdn,
+ struct berval *nnewrdn, int use_ldif )
+{
+ char *ptr1;
+ int rc = 0;
+ struct berval odn, ondn;
+
+ odn = e->e_name;
+ ondn = e->e_nname;
+ build_new_dn( &e->e_name, &parent->ce_entry->e_name, newrdn, NULL );
+ build_new_dn( &e->e_nname, &parent->ce_entry->e_nname, nnewrdn, NULL );
+
+ /* Replace attr */
+ free( a->a_vals[0].bv_val );
+ ptr1 = strchr( newrdn->bv_val, '=' ) + 1;
+ a->a_vals[0].bv_len = newrdn->bv_len - (ptr1 - newrdn->bv_val);
+ a->a_vals[0].bv_val = ch_malloc( a->a_vals[0].bv_len + 1 );
+ strcpy( a->a_vals[0].bv_val, ptr1 );
+
+ if ( a->a_nvals != a->a_vals ) {
+ free( a->a_nvals[0].bv_val );
+ ptr1 = strchr( nnewrdn->bv_val, '=' ) + 1;
+ a->a_nvals[0].bv_len = nnewrdn->bv_len - (ptr1 - nnewrdn->bv_val);
+ a->a_nvals[0].bv_val = ch_malloc( a->a_nvals[0].bv_len + 1 );
+ strcpy( a->a_nvals[0].bv_val, ptr1 );
+ }
+ if ( use_ldif ) {
+ CfBackInfo *cfb = (CfBackInfo *)op->o_bd->be_private;
+ BackendDB *be = op->o_bd;
+ slap_callback sc = { NULL, slap_null_cb, NULL, NULL }, *scp;
+ struct berval dn, ndn, xdn, xndn;
+
+ op->o_bd = &cfb->cb_db;
+
+ /* Save current rootdn; use the underlying DB's rootdn */
+ dn = op->o_dn;
+ ndn = op->o_ndn;
+ xdn = op->o_req_dn;
+ xndn = op->o_req_ndn;
+ op->o_dn = op->o_bd->be_rootdn;
+ op->o_ndn = op->o_bd->be_rootndn;
+ op->o_req_dn = odn;
+ op->o_req_ndn = ondn;
+
+ scp = op->o_callback;
+ op->o_callback = ≻
+ op->orr_newrdn = *newrdn;
+ op->orr_nnewrdn = *nnewrdn;
+ op->orr_newSup = NULL;
+ op->orr_nnewSup = NULL;
+ op->orr_deleteoldrdn = 1;
+ op->orr_modlist = NULL;
+ slap_modrdn2mods( op, rs );
+ slap_mods_opattrs( op, &op->orr_modlist, 1 );
+ rc = op->o_bd->be_modrdn( op, rs );
+ slap_mods_free( op->orr_modlist, 1 );
+
+ op->o_bd = be;
+ op->o_callback = scp;
+ op->o_dn = dn;
+ op->o_ndn = ndn;
+ op->o_req_dn = xdn;
+ op->o_req_ndn = xndn;
+ }
+ free( odn.bv_val );
+ free( ondn.bv_val );
+ if ( e->e_private )
+ config_rename_kids( e->e_private );
+ return rc;
+}
+
+static int
+config_renumber_one( Operation *op, SlapReply *rs, CfEntryInfo *parent,
+ Entry *e, int idx, int tailindex, int use_ldif )
+{
+ struct berval ival, newrdn, nnewrdn;
+ struct berval rdn;
+ Attribute *a;
+ char ibuf[32], *ptr1, *ptr2 = NULL;
+ int rc = 0;
+
+ rc = config_rename_attr( rs, e, &rdn, &a );
+ if ( rc ) return rc;
+
+ ival.bv_val = ibuf;
+ ival.bv_len = snprintf( ibuf, sizeof( ibuf ), SLAP_X_ORDERED_FMT, idx );
+ if ( ival.bv_len >= sizeof( ibuf ) ) {
+ return LDAP_NAMING_VIOLATION;
+ }
+
+ newrdn.bv_len = rdn.bv_len + ival.bv_len;
+ newrdn.bv_val = ch_malloc( newrdn.bv_len+1 );
+
+ if ( tailindex ) {
+ ptr1 = lutil_strncopy( newrdn.bv_val, rdn.bv_val, rdn.bv_len );
+ ptr1 = lutil_strcopy( ptr1, ival.bv_val );
+ } else {
+ int xlen;
+ ptr2 = ber_bvchr( &rdn, '}' );
+ if ( ptr2 ) {
+ ptr2++;
+ } else {
+ ptr2 = rdn.bv_val + a->a_desc->ad_cname.bv_len + 1;
+ }
+ xlen = rdn.bv_len - (ptr2 - rdn.bv_val);
+ ptr1 = lutil_strncopy( newrdn.bv_val, a->a_desc->ad_cname.bv_val,
+ a->a_desc->ad_cname.bv_len );
+ *ptr1++ = '=';
+ ptr1 = lutil_strcopy( ptr1, ival.bv_val );
+ ptr1 = lutil_strncopy( ptr1, ptr2, xlen );
+ *ptr1 = '\0';
+ }
+
+ /* Do the equivalent of ModRDN */
+ /* Replace DN / NDN */
+ newrdn.bv_len = ptr1 - newrdn.bv_val;
+ rdnNormalize( 0, NULL, NULL, &newrdn, &nnewrdn, NULL );
+ rc = config_rename_one( op, rs, e, parent, a, &newrdn, &nnewrdn, use_ldif );
+
+ free( nnewrdn.bv_val );
+ free( newrdn.bv_val );
+ return rc;
+}
+
static int
check_name_index( CfEntryInfo *parent, ConfigType ce_type, Entry *e,
- SlapReply *rs, int *renum )
+ SlapReply *rs, int *renum, int *ibase )
{
CfEntryInfo *ce;
- int index = -1, gotindex = 0, nsibs;
- int renumber = 0, tailindex = 0;
+ int index = -1, gotindex = 0, nsibs, rc = 0;
+ int renumber = 0, tailindex = 0, isfrontend = 0;
char *ptr1, *ptr2 = NULL;
struct berval rdn;
@@ -3587,11 +3963,14 @@ check_name_index( CfEntryInfo *parent, ConfigType ce_type, Entry *e,
if ( ce_type == Cft_Global ) return 0;
if ( ce_type == Cft_Schema && parent->ce_type == Cft_Global ) return 0;
- if ( ce_type == Cft_Include || ce_type == Cft_Module )
+ if ( ce_type == Cft_Module )
tailindex = 1;
/* See if the rdn has an index already */
dnRdn( &e->e_name, &rdn );
+ if ( ce_type == Cft_Database && !strncmp( rdn.bv_val + rdn.bv_len -
+ STRLENOF("frontend"), "frontend", STRLENOF("frontend") ))
+ isfrontend = 1;
ptr1 = ber_bvchr( &e->e_name, '{' );
if ( ptr1 && ptr1 - e->e_name.bv_val < rdn.bv_len ) {
char *next;
@@ -3607,9 +3986,7 @@ check_name_index( CfEntryInfo *parent, ConfigType ce_type, Entry *e,
}
if ( index < 0 ) {
/* Special case, we allow -1 for the frontendDB */
- if ( index != -1 || ce_type != Cft_Database ||
- strncmp( ptr2+1, "frontend,", STRLENOF("frontend,") ))
-
+ if ( index != -1 || !isfrontend )
return LDAP_NAMING_VIOLATION;
}
}
@@ -3619,91 +3996,31 @@ check_name_index( CfEntryInfo *parent, ConfigType ce_type, Entry *e,
if ( ce->ce_type == ce_type ) nsibs++;
}
+ /* account for -1 frontend */
+ if ( ce_type == Cft_Database )
+ nsibs--;
+
if ( index != nsibs ) {
if ( gotindex ) {
if ( index < nsibs ) {
if ( tailindex ) return LDAP_NAMING_VIOLATION;
/* Siblings need to be renumbered */
- renumber = 1;
+ if ( index != -1 || !isfrontend )
+ renumber = 1;
}
}
- if ( !renumber ) {
- struct berval ival, newrdn, nnewrdn;
- struct berval rtype, rval;
- Attribute *a;
- AttributeDescription *ad = NULL;
- char ibuf[32];
- const char *text;
-
- rval.bv_val = strchr(rdn.bv_val, '=' ) + 1;
- rval.bv_len = rdn.bv_len - (rval.bv_val - rdn.bv_val);
- rtype.bv_val = rdn.bv_val;
- rtype.bv_len = rval.bv_val - rtype.bv_val - 1;
-
- /* Find attr */
- slap_bv2ad( &rtype, &ad, &text );
- a = attr_find( e->e_attrs, ad );
- if (!a ) return LDAP_NAMING_VIOLATION;
-
- ival.bv_val = ibuf;
- ival.bv_len = snprintf( ibuf, sizeof( ibuf ), SLAP_X_ORDERED_FMT, nsibs );
- if ( ival.bv_len >= sizeof( ibuf ) ) {
- return LDAP_NAMING_VIOLATION;
- }
-
- newrdn.bv_len = rdn.bv_len + ival.bv_len;
- newrdn.bv_val = ch_malloc( newrdn.bv_len+1 );
-
- if ( tailindex ) {
- ptr1 = lutil_strncopy( newrdn.bv_val, rdn.bv_val, rdn.bv_len );
- ptr1 = lutil_strcopy( ptr1, ival.bv_val );
- } else {
- int xlen;
- if ( !gotindex ) {
- ptr2 = rval.bv_val;
- xlen = rval.bv_len;
- } else {
- xlen = rdn.bv_len - (ptr2 - rdn.bv_val);
- }
- ptr1 = lutil_strncopy( newrdn.bv_val, rtype.bv_val,
- rtype.bv_len );
- *ptr1++ = '=';
- ptr1 = lutil_strcopy( ptr1, ival.bv_val );
- ptr1 = lutil_strncopy( ptr1, ptr2, xlen );
- *ptr1 = '\0';
- }
+ if ( !isfrontend && index == -1 ) {
+ index = nsibs;
+ }
- /* Do the equivalent of ModRDN */
- /* Replace DN / NDN */
- newrdn.bv_len = ptr1 - newrdn.bv_val;
- rdnNormalize( 0, NULL, NULL, &newrdn, &nnewrdn, NULL );
- free( e->e_name.bv_val );
- build_new_dn( &e->e_name, &parent->ce_entry->e_name,
- &newrdn, NULL );
- free( e->e_nname.bv_val );
- build_new_dn( &e->e_nname, &parent->ce_entry->e_nname,
- &nnewrdn, NULL );
-
- /* Replace attr */
- free( a->a_vals[0].bv_val );
- ptr1 = strchr( newrdn.bv_val, '=' ) + 1;
- a->a_vals[0].bv_len = newrdn.bv_len - (ptr1 - newrdn.bv_val);
- a->a_vals[0].bv_val = ch_malloc( a->a_vals[0].bv_len + 1 );
- strcpy( a->a_vals[0].bv_val, ptr1 );
-
- if ( a->a_nvals != a->a_vals ) {
- free( a->a_nvals[0].bv_val );
- ptr1 = strchr( nnewrdn.bv_val, '=' ) + 1;
- a->a_nvals[0].bv_len = nnewrdn.bv_len - (ptr1 - nnewrdn.bv_val);
- a->a_nvals[0].bv_val = ch_malloc( a->a_nvals[0].bv_len + 1 );
- strcpy( a->a_nvals[0].bv_val, ptr1 );
- }
- free( nnewrdn.bv_val );
- free( newrdn.bv_val );
+ /* just make index = nsibs */
+ if ( !renumber ) {
+ rc = config_renumber_one( NULL, rs, parent, e, index, tailindex, 0 );
}
}
+ if ( ibase ) *ibase = index;
if ( renum ) *renum = renumber;
- return 0;
+ return rc;
}
static ConfigOCs **
@@ -3735,21 +4052,6 @@ count_ocs( Attribute *oc_at, int *nocs )
return colst;
}
-static int
-cfAddInclude( CfEntryInfo *p, Entry *e, ConfigArgs *ca )
-{
- if ( p->ce_type != Cft_Global && p->ce_type != Cft_Include )
- return LDAP_CONSTRAINT_VIOLATION;
-
- /* If we're reading from a configdir, don't parse this entry */
- if ( ca->lineno )
- return LDAP_COMPARE_TRUE;
-
- cfn = p->ce_private;
- ca->private = cfn;
- return LDAP_SUCCESS;
-}
-
static int
cfAddSchema( CfEntryInfo *p, Entry *e, ConfigArgs *ca )
{
@@ -3806,6 +4108,50 @@ cfAddOverlay( CfEntryInfo *p, Entry *e, struct config_args_s *ca )
return LDAP_SUCCESS;
}
+static void
+schema_destroy_one( ConfigArgs *ca, ConfigOCs **colst, int nocs,
+ CfEntryInfo *p )
+{
+ ConfigTable *ct;
+ ConfigFile *cfo;
+ AttributeDescription *ad;
+ const char *text;
+
+ ca->valx = -1;
+ ca->line = NULL;
+ if ( cfn->c_cr_head ) {
+ struct berval bv = BER_BVC("olcDitContentRules");
+ ad = NULL;
+ slap_bv2ad( &bv, &ad, &text );
+ ct = config_find_table( colst, nocs, ad );
+ config_del_vals( ct, ca );
+ }
+ if ( cfn->c_oc_head ) {
+ struct berval bv = BER_BVC("olcObjectClasses");
+ ad = NULL;
+ slap_bv2ad( &bv, &ad, &text );
+ ct = config_find_table( colst, nocs, ad );
+ config_del_vals( ct, ca );
+ }
+ if ( cfn->c_at_head ) {
+ struct berval bv = BER_BVC("olcAttributeTypes");
+ ad = NULL;
+ slap_bv2ad( &bv, &ad, &text );
+ ct = config_find_table( colst, nocs, ad );
+ config_del_vals( ct, ca );
+ }
+ if ( cfn->c_om_head ) {
+ struct berval bv = BER_BVC("olcObjectIdentifier");
+ ad = NULL;
+ slap_bv2ad( &bv, &ad, &text );
+ ct = config_find_table( colst, nocs, ad );
+ config_del_vals( ct, ca );
+ }
+ cfo = p->ce_private;
+ cfo->c_kids = cfn->c_sibs;
+ ch_free( cfn );
+}
+
/* Parse an LDAP entry into config directives */
static int
config_add_internal( CfBackInfo *cfb, Entry *e, ConfigArgs *ca, SlapReply *rs,
@@ -3814,15 +4160,24 @@ config_add_internal( CfBackInfo *cfb, Entry *e, ConfigArgs *ca, SlapReply *rs,
CfEntryInfo *ce, *last;
ConfigOCs **colst;
Attribute *a, *oc_at;
- int i, nocs, rc = 0;
+ int i, ibase = -1, nocs, rc = 0;
struct berval pdn;
ConfigTable *ct;
char *ptr;
- /* Make sure parent exists and entry does not */
+ memset( ca, 0, sizeof(ConfigArgs));
+
+ /* Make sure parent exists and entry does not. But allow
+ * Databases and Overlays to be inserted. Don't do any
+ * auto-renumbering if manageDSAit control is present.
+ */
ce = config_find_base( cfb->cb_root, &e->e_nname, &last );
- if ( ce )
+ if ( ce ) {
+ if (( op && op->o_managedsait ) ||
+ ( ce->ce_type != Cft_Database && ce->ce_type != Cft_Overlay &&
+ ce->ce_type != Cft_Module ))
return LDAP_ALREADY_EXISTS;
+ }
dnParent( &e->e_nname, &pdn );
@@ -3847,8 +4202,6 @@ config_add_internal( CfBackInfo *cfb, Entry *e, ConfigArgs *ca, SlapReply *rs,
oc_at = attr_find( e->e_attrs, slap_schema.si_ad_objectClass );
if ( !oc_at ) return LDAP_OBJECT_CLASS_VIOLATION;
- memset( ca, 0, sizeof(ConfigArgs));
-
/* Fake the coordinates based on whether we're part of an
* LDAP Add or if reading the config dir
*/
@@ -3859,6 +4212,7 @@ config_add_internal( CfBackInfo *cfb, Entry *e, ConfigArgs *ca, SlapReply *rs,
ca->fname = cfdir.bv_val;
ca->lineno = 1;
}
+ ca->ca_op = op;
colst = count_ocs( oc_at, &nocs );
@@ -3893,7 +4247,7 @@ config_add_internal( CfBackInfo *cfb, Entry *e, ConfigArgs *ca, SlapReply *rs,
}
if ( rc != LDAP_SUCCESS )
- goto done;
+ goto done_noop;
/* Parse all the values and check for simple syntax errors before
* performing any set actions.
@@ -3912,16 +4266,17 @@ config_add_internal( CfBackInfo *cfb, Entry *e, ConfigArgs *ca, SlapReply *rs,
* but only the other types support auto-renumbering of siblings.
*/
{
- int renumber = renum ? *renum : 0;
- rc = check_name_index( last, colst[0]->co_type, e, rs, renum );
+ rc = check_name_index( last, colst[0]->co_type, e, rs, renum,
+ &ibase );
if ( rc ) {
- goto done;
+ goto done_noop;
}
- if ( renum && *renum && renumber == -1 ) {
+ if ( renum && *renum && colst[0]->co_type != Cft_Database &&
+ colst[0]->co_type != Cft_Overlay ) {
snprintf( ca->msg, sizeof( ca->msg ),
"operation requires sibling renumbering" );
rc = LDAP_UNWILLING_TO_PERFORM;
- goto done;
+ goto done_noop;
}
}
@@ -3935,7 +4290,7 @@ config_add_internal( CfBackInfo *cfb, Entry *e, ConfigArgs *ca, SlapReply *rs,
ct = config_find_table( colst, nocs, a->a_desc );
if ( !ct ) continue; /* user data? */
rc = check_vals( ct, ca, a, 1 );
- if ( rc ) goto done;
+ if ( rc ) goto done_noop;
}
/* Basic syntax checks are OK. Do the actual settings. */
@@ -3944,13 +4299,25 @@ config_add_internal( CfBackInfo *cfb, Entry *e, ConfigArgs *ca, SlapReply *rs,
ct = config_find_table( colst, nocs, a->a_desc );
if ( !ct ) continue; /* user data? */
for (i=0; a->a_vals[i].bv_val; i++) {
+ char *iptr = NULL;
ca->line = a->a_vals[i].bv_val;
if ( a->a_desc->ad_type->sat_flags & SLAP_AT_ORDERED ) {
ptr = strchr( ca->line, '}' );
- if ( ptr ) ca->line = ptr+1;
+ if ( ptr ) {
+ iptr = strchr( ca->line, '{' );
+ ca->line = ptr+1;
+ }
}
- ca->valx = i;
- rc = config_parse_add( ct, ca );
+ if ( a->a_desc->ad_type->sat_flags & SLAP_AT_ORDERED_SIB ) {
+ if ( iptr ) {
+ ca->valx = strtol( iptr+1, NULL, 0 );
+ } else {
+ ca->valx = -1;
+ }
+ } else {
+ ca->valx = i;
+ }
+ rc = config_parse_add( ct, ca, i );
if ( rc ) {
rc = LDAP_OTHER;
goto done;
@@ -3980,6 +4347,7 @@ ok:
}
}
+ ca->valx = ibase;
ce = ch_calloc( 1, sizeof(CfEntryInfo) );
ce->ce_parent = last;
ce->ce_entry = entry_dup( e );
@@ -3988,14 +4356,41 @@ ok:
ce->ce_be = ca->be;
ce->ce_bi = ca->bi;
ce->ce_private = ca->private;
+ ca->ca_entry = ce->ce_entry;
if ( !last ) {
cfb->cb_root = ce;
} else if ( last->ce_kids ) {
- CfEntryInfo *c2;
-
- for (c2=last->ce_kids; c2 && c2->ce_sibs; c2 = c2->ce_sibs);
+ CfEntryInfo *c2, **cprev;
- c2->ce_sibs = ce;
+ /* Advance to first of this type */
+ cprev = &last->ce_kids;
+ for ( c2 = *cprev; c2 && c2->ce_type < ce->ce_type; ) {
+ cprev = &c2->ce_sibs;
+ c2 = c2->ce_sibs;
+ }
+ /* Account for the (-1) frontendDB entry */
+ if ( ce->ce_type == Cft_Database ) {
+ if ( ca->be == frontendDB )
+ ibase = 0;
+ else if ( ibase != -1 )
+ ibase++;
+ }
+ /* Append */
+ if ( ibase < 0 ) {
+ for (c2 = *cprev; c2 && c2->ce_type == ce->ce_type;) {
+ cprev = &c2->ce_sibs;
+ c2 = c2->ce_sibs;
+ }
+ } else {
+ /* Insert */
+ int i;
+ for ( i=0; i<ibase; i++ ) {
+ c2 = *cprev;
+ cprev = &c2->ce_sibs;
+ }
+ }
+ ce->ce_sibs = *cprev;
+ *cprev = ce;
} else {
last->ce_kids = ce;
}
@@ -4007,14 +4402,87 @@ done:
backend_destroy_one( ca->be, 1 );
} else if ( (colst[0]->co_type == Cft_Overlay) && ca->bi ) {
overlay_destroy_one( ca->be, (slap_overinst *)ca->bi );
+ } else if ( colst[0]->co_type == Cft_Schema ) {
+ schema_destroy_one( ca, colst, nocs, last );
}
}
+done_noop:
ch_free( ca->argv );
if ( colst ) ch_free( colst );
return rc;
}
+#define BIGTMP 10000
+static int
+config_rename_add( Operation *op, SlapReply *rs, CfEntryInfo *ce,
+ int base, int rebase, int max, int use_ldif )
+{
+ CfEntryInfo *ce2, *ce3, *cetmp = NULL, *cerem = NULL;
+ ConfigType etype = ce->ce_type;
+ int count = 0, rc = 0;
+
+ /* Reverse ce list */
+ for (ce2 = ce->ce_sibs;ce2;ce2 = ce3) {
+ if (ce2->ce_type != etype) {
+ cerem = ce2;
+ break;
+ }
+ ce3 = ce2->ce_sibs;
+ ce2->ce_sibs = cetmp;
+ cetmp = ce2;
+ count++;
+ if ( max && count >= max ) {
+ cerem = ce3;
+ break;
+ }
+ }
+
+ /* Move original to a temp name until increments are done */
+ if ( rebase ) {
+ ce->ce_entry->e_private = NULL;
+ rc = config_renumber_one( op, rs, ce->ce_parent, ce->ce_entry,
+ base+BIGTMP, 0, use_ldif );
+ ce->ce_entry->e_private = ce;
+ }
+ /* start incrementing */
+ for (ce2=cetmp; ce2; ce2=ce3) {
+ ce3 = ce2->ce_sibs;
+ ce2->ce_sibs = cerem;
+ cerem = ce2;
+ if ( rc == 0 )
+ rc = config_renumber_one( op, rs, ce2->ce_parent, ce2->ce_entry,
+ count+base, 0, use_ldif );
+ count--;
+ }
+ if ( rebase )
+ rc = config_renumber_one( op, rs, ce->ce_parent, ce->ce_entry,
+ base, 0, use_ldif );
+ return rc;
+}
+
+static int
+config_rename_del( Operation *op, SlapReply *rs, CfEntryInfo *ce,
+ CfEntryInfo *ce2, int old, int use_ldif )
+{
+ int count = 0;
+
+ /* Renumber original to a temp value */
+ ce->ce_entry->e_private = NULL;
+ config_renumber_one( op, rs, ce->ce_parent, ce->ce_entry,
+ old+BIGTMP, 0, use_ldif );
+ ce->ce_entry->e_private = ce;
+
+ /* start decrementing */
+ for (; ce2 != ce; ce2=ce2->ce_sibs) {
+ config_renumber_one( op, rs, ce2->ce_parent, ce2->ce_entry,
+ count+old, 0, use_ldif );
+ count++;
+ }
+ return config_renumber_one( op, rs, ce->ce_parent, ce->ce_entry,
+ count+old, 0, use_ldif );
+}
+
/* Parse an LDAP entry into config directives, then store in underlying
* database.
*/
@@ -4033,26 +4501,53 @@ config_back_add( Operation *op, SlapReply *rs )
cfb = (CfBackInfo *)op->o_bd->be_private;
+ /* add opattrs for syncprov */
+ {
+ char textbuf[SLAP_TEXT_BUFLEN];
+ size_t textlen = sizeof textbuf;
+ rs->sr_err = entry_schema_check(op, op->ora_e, NULL, 0, 1,
+ &rs->sr_text, textbuf, sizeof( textbuf ) );
+ if ( rs->sr_err != LDAP_SUCCESS )
+ goto out;
+ rs->sr_err = slap_add_opattrs( op, &rs->sr_text, textbuf, textlen, 1 );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ LDAP_XSTRING(config_back_add) ": entry failed op attrs add: "
+ "%s (%d)\n", rs->sr_text, rs->sr_err, 0 );
+ goto out;
+ }
+ }
+
ldap_pvt_thread_pool_pause( &connection_pool );
/* Strategy:
* 1) check for existence of entry
* 2) check for sibling renumbering
* 3) perform internal add
- * 4) store entry in underlying database
- * 5) perform any necessary renumbering
+ * 4) perform any necessary renumbering
+ * 5) store entry in underlying database
*/
- /* NOTE: by now we do not accept adds that require renumbering */
- renumber = -1;
rs->sr_err = config_add_internal( cfb, op->ora_e, &ca, rs, &renumber, op );
if ( rs->sr_err != LDAP_SUCCESS ) {
rs->sr_text = ca.msg;
goto out2;
}
+ if ( renumber ) {
+ CfEntryInfo *ce = ca.ca_entry->e_private;
+ req_add_s addr = op->oq_add;
+ op->o_tag = LDAP_REQ_MODRDN;
+ rs->sr_err = config_rename_add( op, rs, ce, ca.valx, 0, 0, cfb->cb_use_ldif );
+ op->o_tag = LDAP_REQ_ADD;
+ op->oq_add = addr;
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ goto out2;
+ }
+ }
+
if ( cfb->cb_use_ldif ) {
BackendDB *be = op->o_bd;
- slap_callback sc = { NULL, slap_null_cb, NULL, NULL };
+ slap_callback sc = { NULL, slap_null_cb, NULL, NULL }, *scp;
struct berval dn, ndn;
op->o_bd = &cfb->cb_db;
@@ -4063,24 +4558,21 @@ config_back_add( Operation *op, SlapReply *rs )
op->o_dn = op->o_bd->be_rootdn;
op->o_ndn = op->o_bd->be_rootndn;
- sc.sc_next = op->o_callback;
+ scp = op->o_callback;
op->o_callback = ≻
op->o_bd->be_add( op, rs );
op->o_bd = be;
- op->o_callback = sc.sc_next;
+ op->o_callback = scp;
op->o_dn = dn;
op->o_ndn = ndn;
}
- if ( renumber ) {
- /* TODO */
- }
-
out2:;
ldap_pvt_thread_pool_resume( &connection_pool );
out:;
send_ldap_result( op, rs );
+ slap_graduate_commit_csn( op );
return rs->sr_err;
}
@@ -4090,6 +4582,33 @@ typedef struct delrec {
int idx[1];
} delrec;
+static int
+config_modify_add( ConfigTable *ct, ConfigArgs *ca, AttributeDescription *ad,
+ int i )
+{
+ int rc;
+
+ if (ad->ad_type->sat_flags & SLAP_AT_ORDERED &&
+ ca->line[0] == '{' )
+ {
+ char *ptr = strchr( ca->line + 1, '}' );
+ if ( ptr ) {
+ char *next;
+
+ ca->valx = strtol( ca->line + 1, &next, 0 );
+ if ( next == ca->line + 1 || next[ 0 ] != '}' ) {
+ return LDAP_OTHER;
+ }
+ ca->line = ptr+1;
+ }
+ }
+ rc = config_parse_add( ct, ca, i );
+ if ( rc ) {
+ rc = LDAP_OTHER;
+ }
+ return rc;
+}
+
static int
config_modify_internal( CfEntryInfo *ce, Operation *op, SlapReply *rs,
ConfigArgs *ca )
@@ -4097,7 +4616,7 @@ config_modify_internal( CfEntryInfo *ce, Operation *op, SlapReply *rs,
int rc = LDAP_UNWILLING_TO_PERFORM;
Modifications *ml;
Entry *e = ce->ce_entry;
- Attribute *save_attrs = e->e_attrs, *oc_at;
+ Attribute *save_attrs = e->e_attrs, *oc_at, *s, *a;
ConfigTable *ct;
ConfigOCs **colst;
int i, nocs;
@@ -4109,6 +4628,11 @@ config_modify_internal( CfEntryInfo *ce, Operation *op, SlapReply *rs,
colst = count_ocs( oc_at, &nocs );
+ /* make sure add/del flags are clear; should always be true */
+ for ( s = save_attrs; s; s = s->a_next ) {
+ s->a_flags &= ~(SLAP_ATTR_IXADD|SLAP_ATTR_IXDEL);
+ }
+
e->e_attrs = attrs_dup( e->e_attrs );
init_config_argv( ca );
@@ -4117,6 +4641,7 @@ config_modify_internal( CfEntryInfo *ce, Operation *op, SlapReply *rs,
ca->private = ce->ce_private;
ca->ca_entry = e;
ca->fname = "slapd";
+ ca->ca_op = op;
strcpy( ca->log, "back-config" );
for (ml = op->orm_modlist; ml; ml=ml->sml_next) {
@@ -4130,7 +4655,7 @@ config_modify_internal( CfEntryInfo *ce, Operation *op, SlapReply *rs,
rc = LDAP_OTHER;
snprintf(ca->msg, sizeof(ca->msg), "cannot delete %s",
ml->sml_desc->ad_cname.bv_val );
- goto out;
+ goto out_noop;
}
if ( ml->sml_op == LDAP_MOD_REPLACE ) {
vals = ml->sml_values;
@@ -4192,11 +4717,11 @@ config_modify_internal( CfEntryInfo *ce, Operation *op, SlapReply *rs,
rc = LDAP_OTHER;
snprintf(ca->msg, sizeof(ca->msg), "cannot insert %s",
ml->sml_desc->ad_cname.bv_val );
- goto out;
+ goto out_noop;
}
}
rc = check_vals( ct, ca, ml, 0 );
- if ( rc ) goto out;
+ if ( rc ) goto out_noop;
}
}
rc = modify_add_values(e, &ml->sml_mod,
@@ -4225,117 +4750,144 @@ config_modify_internal( CfEntryInfo *ce, Operation *op, SlapReply *rs,
if(rc != LDAP_SUCCESS) break;
}
- if(rc == LDAP_SUCCESS) {
+ if ( rc == LDAP_SUCCESS) {
/* check that the entry still obeys the schema */
- rc = entry_schema_check(op, e, NULL, 0,
+ rc = entry_schema_check(op, e, NULL, 0, 0,
&rs->sr_text, ca->msg, sizeof(ca->msg) );
+ if ( rc ) goto out_noop;
}
- if ( rc == LDAP_SUCCESS ) {
- /* Basic syntax checks are OK. Do the actual settings. */
- for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
- ct = config_find_table( colst, nocs, ml->sml_desc );
- if ( !ct ) continue;
-
- switch (ml->sml_op) {
- case LDAP_MOD_DELETE:
- case LDAP_MOD_REPLACE: {
- BerVarray vals = NULL, nvals = NULL;
- Attribute *a;
- delrec *d = NULL;
-
- a = attr_find( e->e_attrs, ml->sml_desc );
-
- if ( ml->sml_op == LDAP_MOD_REPLACE ) {
- vals = ml->sml_values;
- nvals = ml->sml_nvalues;
- ml->sml_values = NULL;
- ml->sml_nvalues = NULL;
- }
+ /* Basic syntax checks are OK. Do the actual settings. */
+ for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
+ ct = config_find_table( colst, nocs, ml->sml_desc );
+ if ( !ct ) continue;
- if ( ml->sml_values )
- d = dels;
+ s = attr_find( save_attrs, ml->sml_desc );
+ a = attr_find( e->e_attrs, ml->sml_desc );
- /* If we didn't delete the whole attribute */
- if ( ml->sml_values && a ) {
- struct berval *mvals;
- int j;
+ switch (ml->sml_op) {
+ case LDAP_MOD_DELETE:
+ case LDAP_MOD_REPLACE: {
+ BerVarray vals = NULL, nvals = NULL;
+ delrec *d = NULL;
- if ( ml->sml_nvalues )
- mvals = ml->sml_nvalues;
- else
- mvals = ml->sml_values;
-
- /* use the indexes we saved up above */
- for (i=0; i < d->nidx; i++) {
- struct berval bv = *mvals++;
- if ( a->a_desc->ad_type->sat_flags & SLAP_AT_ORDERED &&
- bv.bv_val[0] == '{' ) {
- ptr = strchr( bv.bv_val, '}' ) + 1;
- bv.bv_len -= ptr - bv.bv_val;
- bv.bv_val = ptr;
- }
- ca->line = bv.bv_val;
- ca->valx = d->idx[i];
- rc = config_del_vals( ct, ca );
- if ( rc != LDAP_SUCCESS ) break;
- for (j=i+1; j < d->nidx; j++)
- if ( d->idx[j] >d->idx[i] )
- d->idx[j]--;
+ if ( ml->sml_op == LDAP_MOD_REPLACE ) {
+ vals = ml->sml_values;
+ nvals = ml->sml_nvalues;
+ ml->sml_values = NULL;
+ ml->sml_nvalues = NULL;
+ }
+
+ if ( ml->sml_values )
+ d = dels;
+
+ /* If we didn't delete the whole attribute */
+ if ( ml->sml_values && a ) {
+ struct berval *mvals;
+ int j;
+
+ if ( ml->sml_nvalues )
+ mvals = ml->sml_nvalues;
+ else
+ mvals = ml->sml_values;
+
+ /* use the indexes we saved up above */
+ for (i=0; i < d->nidx; i++) {
+ struct berval bv = *mvals++;
+ if ( a->a_desc->ad_type->sat_flags & SLAP_AT_ORDERED &&
+ bv.bv_val[0] == '{' ) {
+ ptr = strchr( bv.bv_val, '}' ) + 1;
+ bv.bv_len -= ptr - bv.bv_val;
+ bv.bv_val = ptr;
}
- } else {
- ca->valx = -1;
- ca->line = NULL;
+ ca->line = bv.bv_val;
+ ca->valx = d->idx[i];
rc = config_del_vals( ct, ca );
- if ( rc ) rc = LDAP_OTHER;
- }
- if ( ml->sml_values ) {
- d = d->next;
- ch_free( dels );
- dels = d;
- }
- if ( ml->sml_op == LDAP_MOD_REPLACE ) {
- ml->sml_values = vals;
- ml->sml_nvalues = nvals;
+ if ( rc != LDAP_SUCCESS ) break;
+ if ( s )
+ s->a_flags |= SLAP_ATTR_IXDEL;
+ for (j=i+1; j < d->nidx; j++)
+ if ( d->idx[j] >d->idx[i] )
+ d->idx[j]--;
}
- if ( !vals || rc != LDAP_SUCCESS )
- break;
- }
- /* FALLTHRU: LDAP_MOD_REPLACE && vals */
+ } else {
+ ca->valx = -1;
+ ca->line = NULL;
+ rc = config_del_vals( ct, ca );
+ if ( rc ) rc = LDAP_OTHER;
+ if ( s )
+ s->a_flags |= SLAP_ATTR_IXDEL;
+ }
+ if ( ml->sml_values ) {
+ d = d->next;
+ ch_free( dels );
+ dels = d;
+ }
+ if ( ml->sml_op == LDAP_MOD_REPLACE ) {
+ ml->sml_values = vals;
+ ml->sml_nvalues = nvals;
+ }
+ if ( !vals || rc != LDAP_SUCCESS )
+ break;
+ }
+ /* FALLTHRU: LDAP_MOD_REPLACE && vals */
- case LDAP_MOD_ADD:
- for (i=0; ml->sml_values[i].bv_val; i++) {
- ca->line = ml->sml_values[i].bv_val;
+ case LDAP_MOD_ADD:
+ for (i=0; ml->sml_values[i].bv_val; i++) {
+ ca->line = ml->sml_values[i].bv_val;
+ ca->valx = -1;
+ rc = config_modify_add( ct, ca, ml->sml_desc, i );
+ if ( rc )
+ goto out;
+ a->a_flags |= SLAP_ATTR_IXADD;
+ }
+ break;
+ }
+ }
+
+out:
+ /* Undo for a failed operation */
+ if ( rc != LDAP_SUCCESS ) {
+ for ( s = save_attrs; s; s = s->a_next ) {
+ if ( s->a_flags & SLAP_ATTR_IXDEL ) {
+ s->a_flags &= ~(SLAP_ATTR_IXDEL|SLAP_ATTR_IXADD);
+ ct = config_find_table( colst, nocs, s->a_desc );
+ a = attr_find( e->e_attrs, s->a_desc );
+ if ( a ) {
+ /* clear the flag so the add check below will skip it */
+ a->a_flags &= ~(SLAP_ATTR_IXDEL|SLAP_ATTR_IXADD);
ca->valx = -1;
- if ( ml->sml_desc->ad_type->sat_flags & SLAP_AT_ORDERED &&
- ca->line[0] == '{' )
- {
- ptr = strchr( ca->line + 1, '}' );
- if ( ptr ) {
- char *next;
-
- ca->valx = strtol( ca->line + 1, &next, 0 );
- if ( next == ca->line + 1 || next[ 0 ] != '}' ) {
- rc = LDAP_OTHER;
- goto out;
- }
- ca->line = ptr+1;
- }
- }
- rc = config_parse_add( ct, ca );
- if ( rc ) {
- rc = LDAP_OTHER;
- goto out;
+ ca->line = NULL;
+ config_del_vals( ct, ca );
+ }
+ for ( i=0; !BER_BVISNULL( &s->a_vals[i] ); i++ ) {
+ ca->line = s->a_vals[i].bv_val;
+ ca->valx = -1;
+ config_modify_add( ct, ca, s->a_desc, i );
+ }
+ }
+ }
+ for ( a = e->e_attrs; a; a = a->a_next ) {
+ if ( a->a_flags & SLAP_ATTR_IXADD ) {
+ ct = config_find_table( colst, nocs, a->a_desc );
+ ca->valx = -1;
+ ca->line = NULL;
+ config_del_vals( ct, ca );
+ s = attr_find( save_attrs, a->a_desc );
+ if ( s ) {
+ s->a_flags &= ~(SLAP_ATTR_IXDEL|SLAP_ATTR_IXADD);
+ for ( i=0; !BER_BVISNULL( &s->a_vals[i] ); i++ ) {
+ ca->line = s->a_vals[i].bv_val;
+ ca->valx = -1;
+ config_modify_add( ct, ca, s->a_desc, i );
}
}
-
- break;
}
}
}
-out:
if ( ca->cleanup )
ca->cleanup( ca );
+out_noop:
if ( rc == LDAP_SUCCESS ) {
attrs_free( save_attrs );
} else {
@@ -4395,7 +4947,10 @@ config_back_modify( Operation *op, SlapReply *rs )
}
}
- ldap_pvt_thread_pool_pause( &connection_pool );
+ slap_mods_opattrs( op, &op->orm_modlist, 1 );
+
+ if ( !slapd_shutdown )
+ ldap_pvt_thread_pool_pause( &connection_pool );
/* Strategy:
* 1) perform the Modify on the cached Entry.
@@ -4408,7 +4963,7 @@ config_back_modify( Operation *op, SlapReply *rs )
rs->sr_text = ca.msg;
} else if ( cfb->cb_use_ldif ) {
BackendDB *be = op->o_bd;
- slap_callback sc = { NULL, slap_null_cb, NULL, NULL };
+ slap_callback sc = { NULL, slap_null_cb, NULL, NULL }, *scp;
struct berval dn, ndn;
op->o_bd = &cfb->cb_db;
@@ -4418,18 +4973,20 @@ config_back_modify( Operation *op, SlapReply *rs )
op->o_dn = op->o_bd->be_rootdn;
op->o_ndn = op->o_bd->be_rootndn;
- sc.sc_next = op->o_callback;
+ scp = op->o_callback;
op->o_callback = ≻
op->o_bd->be_modify( op, rs );
op->o_bd = be;
- op->o_callback = sc.sc_next;
+ op->o_callback = scp;
op->o_dn = dn;
op->o_ndn = ndn;
}
- ldap_pvt_thread_pool_resume( &connection_pool );
+ if ( !slapd_shutdown )
+ ldap_pvt_thread_pool_resume( &connection_pool );
out:
send_ldap_result( op, rs );
+ slap_graduate_commit_csn( op );
return rs->sr_err;
}
@@ -4438,6 +4995,8 @@ config_back_modrdn( Operation *op, SlapReply *rs )
{
CfBackInfo *cfb;
CfEntryInfo *ce, *last;
+ struct berval rdn;
+ int ixold, ixnew;
cfb = (CfBackInfo *)op->o_bd->be_private;
@@ -4472,10 +5031,155 @@ config_back_modrdn( Operation *op, SlapReply *rs )
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
goto out;
}
+
+ /* If newRDN == oldRDN, quietly succeed */
+ dnRdn( &op->o_req_ndn, &rdn );
+ if ( dn_match( &rdn, &op->orr_nnewrdn )) {
+ rs->sr_err = LDAP_SUCCESS;
+ goto out;
+ }
+
+ /* Current behavior, subject to change as needed:
+ *
+ * For backends and overlays, we only allow renumbering.
+ * For schema, we allow renaming with the same number.
+ * Otherwise, the op is not allowed.
+ */
+
+ if ( ce->ce_type == Cft_Schema ) {
+ char *ptr1, *ptr2;
+ int len;
+
+ /* Can't alter the main cn=schema entry */
+ if ( ce->ce_parent->ce_type == Cft_Global ) {
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "renaming not allowed for this entry";
+ goto out;
+ }
+
+ /* We could support this later if desired */
+ ptr1 = ber_bvchr( &rdn, '}' );
+ ptr2 = ber_bvchr( &op->orr_newrdn, '}' );
+ len = ptr1 - rdn.bv_val;
+ if ( len != ptr2 - op->orr_newrdn.bv_val ||
+ strncmp( rdn.bv_val, op->orr_newrdn.bv_val, len )) {
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "schema reordering not supported";
+ goto out;
+ }
+ } else if ( ce->ce_type == Cft_Database ||
+ ce->ce_type == Cft_Overlay ) {
+ char *ptr1, *ptr2, *iptr1, *iptr2;
+ int len1, len2;
+
+ iptr2 = ber_bvchr( &op->orr_newrdn, '=' ) + 1;
+ if ( *iptr2 != '{' ) {
+ rs->sr_err = LDAP_NAMING_VIOLATION;
+ rs->sr_text = "new ordering index is required";
+ goto out;
+ }
+ iptr2++;
+ iptr1 = ber_bvchr( &rdn, '{' ) + 1;
+ ptr1 = ber_bvchr( &rdn, '}' );
+ ptr2 = ber_bvchr( &op->orr_newrdn, '}' );
+ if ( !ptr2 ) {
+ rs->sr_err = LDAP_NAMING_VIOLATION;
+ rs->sr_text = "new ordering index is required";
+ goto out;
+ }
+
+ len1 = ptr1 - rdn.bv_val;
+ len2 = ptr2 - op->orr_newrdn.bv_val;
+
+ if ( rdn.bv_len - len1 != op->orr_newrdn.bv_len - len2 ||
+ strncmp( ptr1, ptr2, rdn.bv_len - len1 )) {
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "changing database/overlay type not allowed";
+ goto out;
+ }
+ ixold = strtol( iptr1, NULL, 0 );
+ ixnew = strtol( iptr2, &ptr1, 0 );
+ if ( ptr1 != ptr2 || ixold < 0 || ixnew < 0 ) {
+ rs->sr_err = LDAP_NAMING_VIOLATION;
+ goto out;
+ }
+ /* config DB is always 0, cannot be changed */
+ if ( ce->ce_type == Cft_Database && ( ixold == 0 || ixnew == 0 )) {
+ rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
+ goto out;
+ }
+ } else {
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "renaming not supported for this entry";
+ goto out;
+ }
+
ldap_pvt_thread_pool_pause( &connection_pool );
- rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
- rs->sr_text = "renaming not implemented yet within naming context";
+ if ( ce->ce_type == Cft_Schema ) {
+ req_modrdn_s modr = op->oq_modrdn;
+ struct berval rdn;
+ Attribute *a;
+ rs->sr_err = config_rename_attr( rs, ce->ce_entry, &rdn, &a );
+ if ( rs->sr_err == LDAP_SUCCESS ) {
+ rs->sr_err = config_rename_one( op, rs, ce->ce_entry,
+ ce->ce_parent, a, &op->orr_newrdn, &op->orr_nnewrdn,
+ cfb->cb_use_ldif );
+ }
+ op->oq_modrdn = modr;
+ } else {
+ CfEntryInfo *ce2, *cebase, **cprev, **cbprev, *ceold;
+ req_modrdn_s modr = op->oq_modrdn;
+ int i;
+
+ /* Advance to first of this type */
+ cprev = &ce->ce_parent->ce_kids;
+ for ( ce2 = *cprev; ce2 && ce2->ce_type != ce->ce_type; ) {
+ cprev = &ce2->ce_sibs;
+ ce2 = ce2->ce_sibs;
+ }
+ /* Skip the -1 entry */
+ if ( ce->ce_type == Cft_Database ) {
+ cprev = &ce2->ce_sibs;
+ ce2 = ce2->ce_sibs;
+ }
+ cebase = ce2;
+ cbprev = cprev;
+
+ /* Remove from old slot */
+ for ( ce2 = *cprev; ce2 && ce2 != ce; ce2 = ce2->ce_sibs )
+ cprev = &ce2->ce_sibs;
+ *cprev = ce->ce_sibs;
+ ceold = ce->ce_sibs;
+
+ /* Insert into new slot */
+ cprev = cbprev;
+ for ( i=0; i<ixnew; i++ ) {
+ ce2 = *cprev;
+ if ( !ce2 )
+ break;
+ cprev = &ce2->ce_sibs;
+ }
+ ce->ce_sibs = *cprev;
+ *cprev = ce;
+
+ ixnew = i;
+
+ /* NOTE: These should be encoded in the OC tables, not inline here */
+ if ( ce->ce_type == Cft_Database )
+ backend_db_move( ce->ce_be, ixnew );
+ else if ( ce->ce_type == Cft_Overlay )
+ overlay_move( ce->ce_be, (slap_overinst *)ce->ce_bi, ixnew );
+
+ if ( ixold < ixnew ) {
+ rs->sr_err = config_rename_del( op, rs, ce, ceold, ixold,
+ cfb->cb_use_ldif );
+ } else {
+ rs->sr_err = config_rename_add( op, rs, ce, ixnew, 1,
+ ixold - ixnew, cfb->cb_use_ldif );
+ }
+ op->oq_modrdn = modr;
+ }
ldap_pvt_thread_pool_resume( &connection_pool );
out:
@@ -4483,6 +5187,13 @@ out:
return rs->sr_err;
}
+static int
+config_back_delete( Operation *op, SlapReply *rs )
+{
+ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, NULL );
+ return rs->sr_err;
+}
+
static int
config_back_search( Operation *op, SlapReply *rs )
{
@@ -4528,6 +5239,41 @@ out:
return 0;
}
+/* no-op, we never free entries */
+int config_entry_release(
+ Operation *op,
+ Entry *e,
+ int rw )
+{
+ return LDAP_SUCCESS;
+}
+
+/* return LDAP_SUCCESS IFF we can retrieve the specified entry.
+ */
+int config_back_entry_get(
+ Operation *op,
+ struct berval *ndn,
+ ObjectClass *oc,
+ AttributeDescription *at,
+ int rw,
+ Entry **ent )
+{
+ CfBackInfo *cfb;
+ CfEntryInfo *ce, *last;
+
+ cfb = (CfBackInfo *)op->o_bd->be_private;
+
+ ce = config_find_base( cfb->cb_root, ndn, &last );
+ if ( ce ) {
+ *ent = ce->ce_entry;
+ if ( *ent && oc && !is_entry_objectclass_or_sub( *ent, oc ) ) {
+ *ent = NULL;
+ }
+ }
+
+ return ( *ent == NULL ? 1 : 0 );
+}
+
static void
config_build_attrs( Entry *e, AttributeType **at, AttributeDescription *ad,
ConfigTable *ct, ConfigArgs *c )
@@ -4579,17 +5325,18 @@ config_build_entry( Operation *op, SlapReply *rs, CfEntryInfo *parent,
Debug( LDAP_DEBUG_TRACE, "config_build_entry: \"%s\"\n", rdn->bv_val, 0, 0);
e->e_private = ce;
ce->ce_entry = e;
+ ce->ce_type = main->co_type;
ce->ce_parent = parent;
if ( parent ) {
pdn = parent->ce_entry->e_nname;
if ( parent->ce_kids )
- for ( ceprev = parent->ce_kids; ceprev->ce_sibs;
+ for ( ceprev = parent->ce_kids; ceprev->ce_sibs &&
+ ceprev->ce_type <= ce->ce_type;
ceprev = ceprev->ce_sibs );
} else {
BER_BVZERO( &pdn );
}
- ce->ce_type = main->co_type;
ce->ce_private = c->private;
ce->ce_be = c->be;
ce->ce_bi = c->bi;
@@ -4630,11 +5377,12 @@ config_build_entry( Operation *op, SlapReply *rs, CfEntryInfo *parent,
}
oc_at = attr_find( e->e_attrs, slap_schema.si_ad_objectClass );
- rc = structural_class(oc_at->a_vals, &val, NULL, &text, c->msg,
- sizeof(c->msg));
- attr_merge_normalize_one(e, slap_schema.si_ad_structuralObjectClass, &val, NULL );
- if ( op ) {
+ rc = structural_class(oc_at->a_vals, &oc, NULL, &text, c->msg,
+ sizeof(c->msg), op ? op->o_tmpmemctx : NULL );
+ attr_merge_normalize_one(e, slap_schema.si_ad_structuralObjectClass, &oc->soc_cname, NULL );
+ if ( op && !op->o_noop ) {
op->ora_e = e;
+ op->ora_modlist = NULL;
op->o_bd->be_add( op, rs );
if ( ( rs->sr_err != LDAP_SUCCESS )
&& (rs->sr_err != LDAP_ALREADY_EXISTS) ) {
@@ -4642,8 +5390,10 @@ config_build_entry( Operation *op, SlapReply *rs, CfEntryInfo *parent,
}
}
if ( ceprev ) {
+ ce->ce_sibs = ceprev->ce_sibs;
ceprev->ce_sibs = ce;
} else if ( parent ) {
+ ce->ce_sibs = parent->ce_kids;
parent->ce_kids = ce;
}
@@ -4694,34 +5444,6 @@ config_build_schema_inc( ConfigArgs *c, CfEntryInfo *ceparent,
return 0;
}
-static int
-config_build_includes( ConfigArgs *c, CfEntryInfo *ceparent,
- Operation *op, SlapReply *rs )
-{
- Entry *e;
- int i;
- ConfigFile *cf = c->private;
-
- for (i=0; cf; cf=cf->c_sibs, i++) {
- c->value_dn.bv_val = c->log;
- c->value_dn.bv_len = snprintf(c->value_dn.bv_val, sizeof( c->log ), "cn=include" SLAP_X_ORDERED_FMT, i);
- if ( c->value_dn.bv_len >= sizeof( c->log ) ) {
- /* FIXME: how can indicate error? */
- return -1;
- }
- c->private = cf;
- e = config_build_entry( op, rs, ceparent, c, &c->value_dn,
- &CFOC_INCLUDE, NULL );
- if ( ! e ) {
- return -1;
- } else if ( e && cf->c_kids ) {
- c->private = cf->c_kids;
- config_build_includes( c, e->e_private, op, rs );
- }
- }
- return 0;
-}
-
#ifdef SLAPD_MODULES
static int
@@ -4749,6 +5471,86 @@ config_build_modules( ConfigArgs *c, CfEntryInfo *ceparent,
}
#endif
+static int
+config_check_schema(Operation *op, CfBackInfo *cfb)
+{
+ struct berval schema_dn = BER_BVC(SCHEMA_RDN "," CONFIG_RDN);
+ ConfigArgs c = {0};
+ CfEntryInfo *ce, *last;
+ Entry *e;
+
+ /* If there's no root entry, we must be in the midst of converting */
+ if ( !cfb->cb_root )
+ return 0;
+
+ /* Make sure the main schema entry exists */
+ ce = config_find_base( cfb->cb_root, &schema_dn, &last );
+ if ( ce ) {
+ Attribute *a;
+ struct berval *bv;
+
+ e = ce->ce_entry;
+
+ /* Make sure it's up to date */
+ if ( cf_om_tail != om_sys_tail ) {
+ a = attr_find( e->e_attrs, cfAd_om );
+ if ( a ) {
+ if ( a->a_nvals != a->a_vals )
+ ber_bvarray_free( a->a_nvals );
+ ber_bvarray_free( a->a_vals );
+ a->a_vals = NULL;
+ a->a_nvals = NULL;
+ }
+ oidm_unparse( &bv, NULL, NULL, 1 );
+ attr_merge_normalize( e, cfAd_om, bv, NULL );
+ ber_bvarray_free( bv );
+ cf_om_tail = om_sys_tail;
+ }
+ if ( cf_at_tail != at_sys_tail ) {
+ a = attr_find( e->e_attrs, cfAd_attr );
+ if ( a ) {
+ if ( a->a_nvals != a->a_vals )
+ ber_bvarray_free( a->a_nvals );
+ ber_bvarray_free( a->a_vals );
+ a->a_vals = NULL;
+ a->a_nvals = NULL;
+ }
+ at_unparse( &bv, NULL, NULL, 1 );
+ attr_merge_normalize( e, cfAd_attr, bv, NULL );
+ ber_bvarray_free( bv );
+ cf_at_tail = at_sys_tail;
+ }
+ if ( cf_oc_tail != oc_sys_tail ) {
+ a = attr_find( e->e_attrs, cfAd_oc );
+ if ( a ) {
+ if ( a->a_nvals != a->a_vals )
+ ber_bvarray_free( a->a_nvals );
+ ber_bvarray_free( a->a_vals );
+ a->a_vals = NULL;
+ a->a_nvals = NULL;
+ }
+ oc_unparse( &bv, NULL, NULL, 1 );
+ attr_merge_normalize( e, cfAd_oc, bv, NULL );
+ ber_bvarray_free( bv );
+ cf_oc_tail = oc_sys_tail;
+ }
+ } else {
+ SlapReply rs = {REP_RESULT};
+ c.private = NULL;
+ e = config_build_entry( op, &rs, cfb->cb_root, &c, &schema_rdn,
+ &CFOC_SCHEMA, NULL );
+ if ( !e ) {
+ return -1;
+ }
+ ce = e->e_private;
+ ce->ce_private = cfb->cb_config;
+ cf_at_tail = at_sys_tail;
+ cf_oc_tail = oc_sys_tail;
+ cf_om_tail = om_sys_tail;
+ }
+ return 0;
+}
+
static const char *defacl[] = {
NULL, "to", "*", "by", "*", "none", NULL
};
@@ -4779,22 +5581,23 @@ config_back_db_open( BackendDB *be )
parse_acl(be, "config_back_db_open", 0, 6, (char **)defacl, 0 );
}
- /* If we read the config from back-ldif, nothing to do here */
- if ( cfb->cb_got_ldif )
- return 0;
+ thrctx = ldap_pvt_thread_pool_context();
+ op = (Operation *) &opbuf;
+ connection_fake_init( &conn, op, thrctx );
- if ( cfb->cb_use_ldif ) {
- thrctx = ldap_pvt_thread_pool_context();
- op = (Operation *) &opbuf;
- connection_fake_init( &conn, op, thrctx );
+ op->o_tag = LDAP_REQ_ADD;
+ op->o_callback = &cb;
+ op->o_bd = &cfb->cb_db;
+ op->o_dn = op->o_bd->be_rootdn;
+ op->o_ndn = op->o_bd->be_rootndn;
- op->o_tag = LDAP_REQ_ADD;
- op->o_callback = &cb;
- op->o_bd = &cfb->cb_db;
- op->o_dn = op->o_bd->be_rootdn;
- op->o_ndn = op->o_bd->be_rootndn;
- } else {
- op = NULL;
+ if ( !cfb->cb_use_ldif ) {
+ op->o_noop = 1;
+ }
+
+ /* If we read the config from back-ldif, do some quick sanity checks */
+ if ( cfb->cb_got_ldif ) {
+ return config_check_schema( op, cfb );
}
/* create root of tree */
@@ -4811,15 +5614,6 @@ config_back_db_open( BackendDB *be )
parent = e;
ceparent = ce;
- /* Create includeFile nodes */
- if ( cfb->cb_config->c_kids ) {
- c.depth = 0;
- c.private = cfb->cb_config->c_kids;
- if ( config_build_includes( &c, ceparent, op, &rs ) ) {
- return -1;
- }
- }
-
#ifdef SLAPD_MODULES
/* Create Module nodes... */
if ( modpaths.mp_loads ) {
@@ -4841,6 +5635,9 @@ config_back_db_open( BackendDB *be )
}
ce = e->e_private;
ce->ce_private = cfb->cb_config;
+ cf_at_tail = at_sys_tail;
+ cf_oc_tail = oc_sys_tail;
+ cf_om_tail = om_sys_tail;
/* Create schema nodes for included schema... */
if ( cfb->cb_config->c_kids ) {
@@ -5031,8 +5828,6 @@ config_back_db_destroy( BackendDB *be )
backend_destroy_one( &cfb->cb_db, 0 );
}
- free( be->be_private );
-
loglevel_destroy();
return 0;
@@ -5044,7 +5839,7 @@ config_back_db_init( BackendDB *be )
struct berval dn;
CfBackInfo *cfb;
- cfb = ch_calloc( 1, sizeof(CfBackInfo));
+ cfb = &cfBackInfo;
cfb->cb_config = ch_calloc( 1, sizeof(ConfigFile));
cfn = cfb->cb_config;
be->be_private = cfb;
@@ -5148,9 +5943,12 @@ static struct {
char *name;
AttributeDescription **desc;
} ads[] = {
+ { "attribute", &cfAd_attr },
{ "backend", &cfAd_backend },
{ "database", &cfAd_database },
{ "include", &cfAd_include },
+ { "objectclass", &cfAd_oc },
+ { "objectidentifier", &cfAd_om },
{ "overlay", &cfAd_overlay },
{ NULL, NULL }
};
@@ -5182,6 +5980,7 @@ int
config_back_initialize( BackendInfo *bi )
{
ConfigTable *ct = config_back_cf_table;
+ ConfigArgs ca;
char *argv[4];
int i;
AttributeDescription *ad = NULL;
@@ -5214,7 +6013,7 @@ config_back_initialize( BackendInfo *bi )
bi->bi_op_modify = config_back_modify;
bi->bi_op_modrdn = config_back_modrdn;
bi->bi_op_add = config_back_add;
- bi->bi_op_delete = 0;
+ bi->bi_op_delete = config_back_delete;
bi->bi_op_abandon = 0;
bi->bi_extended = 0;
@@ -5226,6 +6025,9 @@ config_back_initialize( BackendInfo *bi )
bi->bi_connection_init = 0;
bi->bi_connection_destroy = 0;
+ bi->bi_entry_release_rw = config_entry_release;
+ bi->bi_entry_get_rw = config_back_entry_get;
+
bi->bi_tool_entry_open = config_tool_entry_open;
bi->bi_tool_entry_close = config_tool_entry_close;
bi->bi_tool_entry_first = config_tool_entry_first;
@@ -5233,11 +6035,17 @@ config_back_initialize( BackendInfo *bi )
bi->bi_tool_entry_get = config_tool_entry_get;
bi->bi_tool_entry_put = config_tool_entry_put;
+ ca.argv = argv;
+ argv[ 0 ] = "slapd";
+ ca.argv = argv;
+ ca.argc = 3;
+ ca.fname = argv[0];
+
argv[3] = NULL;
for (i=0; OidMacros[i].name; i++ ) {
argv[1] = OidMacros[i].name;
argv[2] = OidMacros[i].oid;
- parse_oidm( "slapd", i, 3, argv, 0, NULL );
+ parse_oidm( &ca, 0, NULL );
}
bi->bi_cf_ocs = cf_ocs;
diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c
index 24074d36a9e0b03e8d65f2c52d568d441ebeb4ee..706cc43559b06ff9718c91c1080ff75e0a8642dd 100644
--- a/servers/slapd/bind.c
+++ b/servers/slapd/bind.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -86,8 +86,8 @@ do_bind(
* name DistinguishedName, -- dn
* authentication CHOICE {
* simple [0] OCTET STRING -- passwd
- * krbv42ldap [1] OCTET STRING
- * krbv42dsa [2] OCTET STRING
+ * krbv42ldap [1] OCTET STRING -- OBSOLETE
+ * krbv42dsa [2] OCTET STRING -- OBSOLETE
* SASL [3] SaslCredentials
* }
* }
@@ -340,33 +340,6 @@ fe_op_bind( Operation *op, SlapReply *rs )
goto cleanup;
}
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
- } else if ( op->orb_method == LDAP_AUTH_KRBV41 ) {
- if ( global_disallows & SLAP_DISALLOW_BIND_KRBV4 ) {
- /* disallow krbv4 authentication */
- rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
- rs->sr_text = "unwilling to perform Kerberos V4 bind";
-
- send_ldap_result( op, rs );
-
- Debug( LDAP_DEBUG_TRACE,
- "do_bind: v%d Kerberos V4 (step 1) bind refused\n",
- op->o_protocol, 0, 0 );
- goto cleanup;
- }
- BER_BVSTR( &op->orb_tmp_mech, "KRBV4" );
-
- } else if ( op->orb_method == LDAP_AUTH_KRBV42 ) {
- rs->sr_err = LDAP_AUTH_METHOD_NOT_SUPPORTED;
- rs->sr_text = "Kerberos V4 (step 2) bind not supported";
- send_ldap_result( op, rs );
-
- Debug( LDAP_DEBUG_TRACE,
- "do_bind: v%d Kerberos V4 (step 2) bind refused\n",
- op->o_protocol, 0, 0 );
- goto cleanup;
-#endif
-
} else {
rs->sr_err = LDAP_AUTH_METHOD_NOT_SUPPORTED;
rs->sr_text = "unknown authentication method";
diff --git a/servers/slapd/cancel.c b/servers/slapd/cancel.c
index bc946160105d4381f64564e627b70bcc399f594d..08115f45eda2bdc5b78fd1664db12c8eb2011e28 100644
--- a/servers/slapd/cancel.c
+++ b/servers/slapd/cancel.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -18,7 +18,6 @@
#include <stdio.h>
-#include <ac/krb.h>
#include <ac/socket.h>
#include <ac/string.h>
#include <ac/unistd.h>
diff --git a/servers/slapd/ch_malloc.c b/servers/slapd/ch_malloc.c
index 4df7720697546f05a78f98e8913fa73708cbc618..3e634dae51253dfc09c8c1056f9f9b7f4eddd230 100644
--- a/servers/slapd/ch_malloc.c
+++ b/servers/slapd/ch_malloc.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/compare.c b/servers/slapd/compare.c
index f69c162527bc7970e493eb3cde24e13f8128d558..230602895a597849c61e6b39106d69634bd71e2e 100644
--- a/servers/slapd/compare.c
+++ b/servers/slapd/compare.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/component.c b/servers/slapd/component.c
index 3a6ae67d8995041fad879a2974d4b2fb20c9a88a..95413c30a2afac8b430c81cefa64c9c2e6836577 100644
--- a/servers/slapd/component.c
+++ b/servers/slapd/component.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
* Portions Copyright 2004 by IBM Corporation.
* All rights reserved.
*
@@ -1073,7 +1073,7 @@ parse_comp_filter( Operation* op, ComponentAssertionValue* cav,
ber_tag_t tag;
int err;
ComponentFilter f;
- /* TAG : item, and, or, not in RFC 2254 */
+ /* TAG : item, and, or, not in RFC 4515 */
tag = strip_cav_tag( cav );
if ( tag == LBER_ERROR ) {
diff --git a/servers/slapd/component.h b/servers/slapd/component.h
index 9b0ffca402657413c26011a9020cb4373541104d..e827be75d64cdb3a43836dfd2387341435a28d40 100644
--- a/servers/slapd/component.h
+++ b/servers/slapd/component.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
* Portions Copyright 2004 by IBM Corporation.
* All rights reserved.
*
diff --git a/servers/slapd/config.c b/servers/slapd/config.c
index 290aa1a8efb49ce78ddeedf76be6db22749288a6..54dcf2d571eb86deeb9a8709c9d3cb26dff9ebde 100644
--- a/servers/slapd/config.c
+++ b/servers/slapd/config.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -68,7 +68,6 @@ int global_gentlehup = 0;
int global_idletimeout = 0;
char *global_host = NULL;
char *global_realm = NULL;
-char *ldap_srvtab = "";
char **default_passwd_hash = NULL;
struct berval default_search_base = BER_BVNULL;
struct berval default_search_nbase = BER_BVNULL;
@@ -618,12 +617,12 @@ config_parse_vals(ConfigTable *ct, ConfigArgs *c, int valx)
}
int
-config_parse_add(ConfigTable *ct, ConfigArgs *c)
+config_parse_add(ConfigTable *ct, ConfigArgs *c, int valx)
{
int rc = 0;
snprintf( c->log, sizeof( c->log ), "%s: value #%d",
- ct->ad->ad_cname.bv_val, c->valx );
+ ct->ad->ad_cname.bv_val, valx );
c->argc = 1;
c->argv[0] = ct->ad->ad_cname.bv_val;
@@ -998,6 +997,21 @@ static slap_verbmasks tlskey[] = {
{ BER_BVC("critical"), SB_TLS_CRITICAL },
{ BER_BVNULL, 0 }
};
+
+static slap_verbmasks crlkeys[] = {
+ { BER_BVC("none"), LDAP_OPT_X_TLS_CRL_NONE },
+ { BER_BVC("peer"), LDAP_OPT_X_TLS_CRL_PEER },
+ { BER_BVC("all"), LDAP_OPT_X_TLS_CRL_ALL },
+ { BER_BVNULL, 0 }
+ };
+
+static slap_verbmasks vfykeys[] = {
+ { BER_BVC("never"), LDAP_OPT_X_TLS_NEVER },
+ { BER_BVC("demand"), LDAP_OPT_X_TLS_DEMAND },
+ { BER_BVC("try"), LDAP_OPT_X_TLS_TRY },
+ { BER_BVC("hard"), LDAP_OPT_X_TLS_HARD },
+ { BER_BVNULL, 0 }
+ };
#endif
static slap_verbmasks methkey[] = {
@@ -1017,19 +1031,23 @@ static slap_verbmasks versionkey[] = {
static slap_cf_aux_table bindkey[] = {
{ BER_BVC("uri="), offsetof(slap_bindconf, sb_uri), 'b', 1, NULL },
- { BER_BVC("version="), offsetof(slap_bindconf, sb_version), 'd', 0, versionkey },
- { BER_BVC("bindmethod="), offsetof(slap_bindconf, sb_method), 'd', 0, methkey },
- { BER_BVC("binddn="), offsetof(slap_bindconf, sb_binddn), 'b', 1, NULL },
+ { BER_BVC("version="), offsetof(slap_bindconf, sb_version), 'i', 0, versionkey },
+ { BER_BVC("bindmethod="), offsetof(slap_bindconf, sb_method), 'i', 0, methkey },
+ { BER_BVC("timeout="), offsetof(slap_bindconf, sb_timeout_api), 'i', 0, NULL },
+ { BER_BVC("network-timeout="), offsetof(slap_bindconf, sb_timeout_net), 'i', 0, NULL },
+ { BER_BVC("binddn="), offsetof(slap_bindconf, sb_binddn), 'b', 1, (slap_verbmasks *)dnNormalize },
{ BER_BVC("credentials="), offsetof(slap_bindconf, sb_cred), 'b', 1, NULL },
{ BER_BVC("saslmech="), offsetof(slap_bindconf, sb_saslmech), 'b', 0, NULL },
{ BER_BVC("secprops="), offsetof(slap_bindconf, sb_secprops), 's', 0, NULL },
{ BER_BVC("realm="), offsetof(slap_bindconf, sb_realm), 'b', 0, NULL },
- { BER_BVC("authcID="), offsetof(slap_bindconf, sb_authcId), 'b', 0, NULL },
- { BER_BVC("authzID="), offsetof(slap_bindconf, sb_authzId), 'b', 1, NULL },
+ { BER_BVC("authcID="), offsetof(slap_bindconf, sb_authcId), 'b', 0, (slap_verbmasks *)authzNormalize },
+ { BER_BVC("authzID="), offsetof(slap_bindconf, sb_authzId), 'b', 1, (slap_verbmasks *)authzNormalize },
#ifdef HAVE_TLS
- { BER_BVC("starttls="), offsetof(slap_bindconf, sb_tls), 'd', 0, tlskey },
+ { BER_BVC("starttls="), offsetof(slap_bindconf, sb_tls), 'i', 0, tlskey },
-#define aux_TLS (bindkey+10) /* beginning of TLS keywords */
+ /* NOTE: replace "13" with the actual index
+ * of the first TLS-related line */
+#define aux_TLS (bindkey+13) /* beginning of TLS keywords */
{ BER_BVC("tls_cert="), offsetof(slap_bindconf, sb_tls_cert), 's', 1, NULL },
{ BER_BVC("tls_key="), offsetof(slap_bindconf, sb_tls_key), 's', 1, NULL },
@@ -1044,14 +1062,23 @@ static slap_cf_aux_table bindkey[] = {
{ BER_BVNULL, 0, 0, 0, NULL }
};
+/*
+ * 's': char *
+ * 'b': struct berval; if !NULL, normalize using ((slap_mr_normalize_func *)aux)
+ * 'i': int; if !NULL, compute using ((slap_verbmasks *)aux)
+ * 'u': unsigned
+ * 'I': long
+ * 'U': unsigned long
+ */
+
int
slap_cf_aux_table_parse( const char *word, void *dst, slap_cf_aux_table *tab0, LDAP_CONST char *tabmsg )
{
int rc = SLAP_CONF_UNKNOWN;
slap_cf_aux_table *tab;
- for (tab = tab0; !BER_BVISNULL(&tab->key); tab++ ) {
- if ( !strncasecmp( word, tab->key.bv_val, tab->key.bv_len )) {
+ for ( tab = tab0; !BER_BVISNULL( &tab->key ); tab++ ) {
+ if ( !strncasecmp( word, tab->key.bv_val, tab->key.bv_len ) ) {
char **cptr;
int *iptr, j;
unsigned *uptr;
@@ -1069,27 +1096,39 @@ slap_cf_aux_table_parse( const char *word, void *dst, slap_cf_aux_table *tab0, L
case 'b':
bptr = (struct berval *)((char *)dst + tab->off);
- ber_str2bv( val, 0, 1, bptr );
- rc = 0;
- break;
+ if ( tab->aux != NULL ) {
+ struct berval dn;
+ slap_mr_normalize_func *normalize = (slap_mr_normalize_func *)tab->aux;
- case 'd':
- assert( tab->aux != NULL );
- iptr = (int *)((char *)dst + tab->off);
+ ber_str2bv( val, 0, 0, &dn );
+ rc = normalize( 0, NULL, NULL, &dn, bptr, NULL );
- rc = 1;
- for ( j = 0; !BER_BVISNULL( &tab->aux[j].word ); j++ ) {
- if ( !strcasecmp( val, tab->aux[j].word.bv_val ) ) {
- *iptr = tab->aux[j].mask;
- rc = 0;
- }
+ } else {
+ ber_str2bv( val, 0, 1, bptr );
+ rc = 0;
}
break;
case 'i':
iptr = (int *)((char *)dst + tab->off);
- rc = lutil_atoix( iptr, val, 0 );
+ if ( tab->aux != NULL ) {
+ slap_verbmasks *aux = (slap_verbmasks *)tab->aux;
+
+ assert( aux != NULL );
+
+ rc = 1;
+ for ( j = 0; !BER_BVISNULL( &aux[j].word ); j++ ) {
+ if ( !strcasecmp( val, aux[j].word.bv_val ) ) {
+ *iptr = aux[j].mask;
+ rc = 0;
+ break;
+ }
+ }
+
+ } else {
+ rc = lutil_atoix( iptr, val, 0 );
+ }
break;
case 'u':
@@ -1145,6 +1184,7 @@ slap_cf_aux_table_unparse( void *src, struct berval *bv, slap_cf_aux_table *tab0
case 'b':
bptr = (struct berval *)((char *)src + tab->off);
cptr = &bptr->bv_val;
+
case 's':
if ( *cptr ) {
*ptr++ = ' ';
@@ -1155,25 +1195,26 @@ slap_cf_aux_table_unparse( void *src, struct berval *bv, slap_cf_aux_table *tab0
}
break;
- case 'd':
- assert( tab->aux != NULL );
+ case 'i':
iptr = (int *)((char *)src + tab->off);
-
- for ( i = 0; !BER_BVISNULL( &tab->aux[i].word ); i++ ) {
- if ( *iptr == tab->aux[i].mask ) {
- *ptr++ = ' ';
- ptr = lutil_strcopy( ptr, tab->key.bv_val );
- ptr = lutil_strcopy( ptr, tab->aux[i].word.bv_val );
- break;
+
+ if ( tab->aux != NULL ) {
+ slap_verbmasks *aux = (slap_verbmasks *)tab->aux;
+
+ for ( i = 0; !BER_BVISNULL( &aux[i].word ); i++ ) {
+ if ( *iptr == aux[i].mask ) {
+ *ptr++ = ' ';
+ ptr = lutil_strcopy( ptr, tab->key.bv_val );
+ ptr = lutil_strcopy( ptr, aux[i].word.bv_val );
+ break;
+ }
}
- }
- break;
- case 'i':
- iptr = (int *)((char *)src + tab->off);
- *ptr++ = ' ';
- ptr = lutil_strcopy( ptr, tab->key.bv_val );
- ptr += snprintf( ptr, sizeof( buf ) - ( ptr - buf ), "%d", *iptr );
+ } else {
+ *ptr++ = ' ';
+ ptr = lutil_strcopy( ptr, tab->key.bv_val );
+ ptr += snprintf( ptr, sizeof( buf ) - ( ptr - buf ), "%d", *iptr );
+ }
break;
case 'u':
@@ -1208,14 +1249,63 @@ slap_cf_aux_table_unparse( void *src, struct berval *bv, slap_cf_aux_table *tab0
}
int
-bindconf_parse( const char *word, slap_bindconf *bc )
+slap_tls_get_config( LDAP *ld, int opt, char **val )
+{
+ slap_verbmasks *keys;
+ int i, ival;
+
+ *val = NULL;
+ switch( opt ) {
+#ifdef HAVE_TLS
+ case LDAP_OPT_X_TLS_CRLCHECK:
+ keys = crlkeys;
+ break;
+ case LDAP_OPT_X_TLS_REQUIRE_CERT:
+ keys = vfykeys;
+ break;
+#endif
+ default:
+ return -1;
+ }
+ ldap_pvt_tls_get_option( ld, opt, &ival );
+ for (i=0; !BER_BVISNULL(&keys[i].word); i++) {
+ if (keys[i].mask == ival) {
+ *val = ch_strdup( keys[i].word.bv_val );
+ return 0;
+ }
+ }
+ return -1;
+}
+
+int
+bindconf_tls_parse( const char *word, slap_bindconf *bc )
{
#ifdef HAVE_TLS
- /* Detect TLS config changes explicitly */
if ( slap_cf_aux_table_parse( word, bc, aux_TLS, "tls config" ) == 0 ) {
bc->sb_tls_do_init = 1;
return 0;
}
+#endif
+ return -1;
+}
+
+int
+bindconf_tls_unparse( slap_bindconf *bc, struct berval *bv )
+{
+#ifdef HAVE_TLS
+ return slap_cf_aux_table_unparse( bc, bv, aux_TLS );
+#endif
+ return -1;
+}
+
+int
+bindconf_parse( const char *word, slap_bindconf *bc )
+{
+#ifdef HAVE_TLS
+ /* Detect TLS config changes explicitly */
+ if ( bindconf_tls_parse( word, bc ) == 0 ) {
+ return 0;
+ }
#endif
return slap_cf_aux_table_parse( word, bc, bindkey, "bind config" );
}
@@ -1299,6 +1389,37 @@ void bindconf_free( slap_bindconf *bc ) {
#endif
}
+void
+bindconf_tls_defaults( slap_bindconf *bc )
+{
+#ifdef HAVE_TLS
+ if ( bc->sb_tls_do_init ) {
+ if ( !bc->sb_tls_cacert )
+ ldap_pvt_tls_get_option( slap_tls_ld, LDAP_OPT_X_TLS_CACERTFILE,
+ &bc->sb_tls_cacert );
+ if ( !bc->sb_tls_cacertdir )
+ ldap_pvt_tls_get_option( slap_tls_ld, LDAP_OPT_X_TLS_CACERTDIR,
+ &bc->sb_tls_cacertdir );
+ if ( !bc->sb_tls_cert )
+ ldap_pvt_tls_get_option( slap_tls_ld, LDAP_OPT_X_TLS_CERTFILE,
+ &bc->sb_tls_cert );
+ if ( !bc->sb_tls_key )
+ ldap_pvt_tls_get_option( slap_tls_ld, LDAP_OPT_X_TLS_KEYFILE,
+ &bc->sb_tls_key );
+ if ( !bc->sb_tls_cipher_suite )
+ ldap_pvt_tls_get_option( slap_tls_ld, LDAP_OPT_X_TLS_CIPHER_SUITE,
+ &bc->sb_tls_cipher_suite );
+ if ( !bc->sb_tls_reqcert )
+ bc->sb_tls_reqcert = ch_strdup("demand");
+#ifdef HAVE_OPENSSL_CRL
+ if ( !bc->sb_tls_crlcheck )
+ slap_tls_get_config( slap_tls_ld, LDAP_OPT_X_TLS_CRLCHECK,
+ &bc->sb_tls_crlcheck );
+#endif
+ }
+#endif
+}
+
#ifdef HAVE_TLS
static struct {
const char *key;
@@ -1384,6 +1505,7 @@ slap_client_connect( LDAP **ldp, slap_bindconf *sb )
{
LDAP *ld = NULL;
int rc;
+ struct timeval tv;
/* Init connection to master */
rc = ldap_initialize( &ld, sb->sb_uri.bv_val );
@@ -1400,6 +1522,18 @@ slap_client_connect( LDAP **ldp, slap_bindconf *sb )
(const void *)&sb->sb_version );
}
+ if ( sb->sb_timeout_api ) {
+ tv.tv_sec = sb->sb_timeout_api;
+ tv.tv_usec = 0;
+ ldap_set_option( ld, LDAP_OPT_TIMEOUT, &tv );
+ }
+
+ if ( sb->sb_timeout_net ) {
+ tv.tv_sec = sb->sb_timeout_net;
+ tv.tv_usec = 0;
+ ldap_set_option( ld, LDAP_OPT_NETWORK_TIMEOUT, &tv );
+ }
+
#ifdef HAVE_TLS
if ( sb->sb_tls_do_init ) {
rc = bindconf_tls_set( sb, ld );
diff --git a/servers/slapd/config.h b/servers/slapd/config.h
index aaf4855eb0b9f5fbed213ce8d9ae855cd904eac0..eac44942e9ecb44175b9a36f80547ecfb5184168 100644
--- a/servers/slapd/config.h
+++ b/servers/slapd/config.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -30,15 +30,15 @@ typedef struct ConfigTable {
void *notify;
} ConfigTable;
+/* search entries are returned according to this order */
typedef enum {
Cft_Abstract = 0,
Cft_Global,
+ Cft_Module,
Cft_Schema,
Cft_Backend,
Cft_Database,
Cft_Overlay,
- Cft_Include,
- Cft_Module,
Cft_Misc /* backend/overlay defined */
} ConfigType;
@@ -136,6 +136,7 @@ typedef struct config_args_s {
#define SLAP_CONFIG_ADD 0x4000 /* config file add vs LDAP add */
int op;
int type; /* ConfigTable.arg_type & ARGS_USERLAND */
+ Operation *ca_op;
BackendDB *be;
BackendInfo *bi;
Entry *ca_entry; /* entry being modified */
@@ -165,7 +166,7 @@ void init_config_argv( ConfigArgs *c );
int init_config_attrs(ConfigTable *ct);
int init_config_ocs( ConfigOCs *ocs );
int config_parse_vals(ConfigTable *ct, ConfigArgs *c, int valx);
-int config_parse_add(ConfigTable *ct, ConfigArgs *c);
+int config_parse_add(ConfigTable *ct, ConfigArgs *c, int valx);
int read_config_file(const char *fname, int depth, ConfigArgs *cf,
ConfigTable *cft );
diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c
index 2e6421cce53eeb6fe74b4fdda2393b1c21d0f96e..15d0d098525a40775c742c46b9b020b5e2f5e0b5 100644
--- a/servers/slapd/connection.c
+++ b/servers/slapd/connection.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -196,23 +196,22 @@ int connections_shutdown(void)
ber_socket_t i;
for ( i = 0; i < dtblsize; i++ ) {
- if( connections[i].c_struct_state != SLAP_C_USED ) {
- continue;
- }
- /* give persistent clients a chance to cleanup */
- if( connections[i].c_conn_state == SLAP_C_CLIENT ) {
- ldap_pvt_thread_pool_submit( &connection_pool,
- connections[i].c_clientfunc, connections[i].c_clientarg );
- continue;
+ if( connections[i].c_struct_state != SLAP_C_UNINITIALIZED ) {
+ ldap_pvt_thread_mutex_lock( &connections[i].c_mutex );
+ if( connections[i].c_struct_state == SLAP_C_USED ) {
+
+ /* give persistent clients a chance to cleanup */
+ if( connections[i].c_conn_state == SLAP_C_CLIENT ) {
+ ldap_pvt_thread_pool_submit( &connection_pool,
+ connections[i].c_clientfunc, connections[i].c_clientarg );
+ } else {
+ /* c_mutex is locked */
+ connection_closing( &connections[i], "slapd shutdown" );
+ connection_close( &connections[i] );
+ }
+ }
+ ldap_pvt_thread_mutex_unlock( &connections[i].c_mutex );
}
-
- ldap_pvt_thread_mutex_lock( &connections[i].c_mutex );
-
- /* c_mutex is locked */
- connection_closing( &connections[i], "slapd shutdown" );
- connection_close( &connections[i] );
-
- ldap_pvt_thread_mutex_unlock( &connections[i].c_mutex );
}
return 0;
@@ -306,11 +305,20 @@ static Connection* connection_get( ber_socket_t s )
if( c != NULL ) {
ber_socket_t sd;
- assert( c->c_struct_state != SLAP_C_UNINITIALIZED );
-
ldap_pvt_thread_mutex_lock( &c->c_mutex );
+ assert( c->c_struct_state != SLAP_C_UNINITIALIZED );
+
ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_GET_FD, &sd );
+#ifdef HAVE_WINSOCK
+ /* Avoid race condition after releasing
+ * connections_mutex
+ */
+ if ( sd != s ) {
+ ldap_pvt_thread_mutex_unlock( &c->c_mutex );
+ return NULL;
+ }
+#endif
if( c->c_struct_state != SLAP_C_USED ) {
/* connection must have been closed due to resched */
@@ -738,10 +746,13 @@ connection_destroy( Connection *c )
if ( sd != AC_SOCKET_INVALID ) {
slapd_remove( sd, sb, 1, 0, 0 );
- Statslog( LDAP_DEBUG_STATS, (close_reason
- ? "conn=%lu fd=%ld closed (%s)\n"
- : "conn=%lu fd=%ld closed\n"),
- connid, (long) sd, close_reason, 0, 0 );
+ if ( close_reason == NULL ) {
+ Statslog( LDAP_DEBUG_STATS, "conn=%lu fd=%ld closed\n",
+ connid, (long) sd, 0, 0, 0 );
+ } else {
+ Statslog( LDAP_DEBUG_STATS, "conn=%lu fd=%ld closed (%s)\n",
+ connid, (long) sd, close_reason, 0, 0 );
+ }
}
}
@@ -835,8 +846,8 @@ void connection_closing( Connection *c, const char *why )
* connection_resched / connection_close before we
* finish, but that's OK.
*/
- ldap_pvt_thread_mutex_unlock( &c->c_mutex );
slapd_clr_write( sd, 1 );
+ ldap_pvt_thread_mutex_unlock( &c->c_mutex );
ldap_pvt_thread_mutex_lock( &c->c_write_mutex );
ldap_pvt_thread_mutex_lock( &c->c_mutex );
ldap_pvt_thread_mutex_unlock( &c->c_write_mutex );
@@ -1517,11 +1528,11 @@ connection_input( Connection *conn )
ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_GET_FD, &sd );
- Debug( LDAP_DEBUG_TRACE,
- "ber_get_next on fd %d failed errno=%d (%s)\n",
- sd, err, sock_errstr(err) );
if ( err != EWOULDBLOCK && err != EAGAIN ) {
/* log, close and send error */
+ Debug( LDAP_DEBUG_TRACE,
+ "ber_get_next on fd %d failed errno=%d (%s)\n",
+ sd, err, sock_errstr(err) );
ber_free( conn->c_currentber, 1 );
conn->c_currentber = NULL;
@@ -1749,13 +1760,17 @@ static int connection_bind_cleanup_cb( Operation *op, SlapReply *rs )
{
op->o_conn->c_sasl_bindop = NULL;
+ ch_free( op->o_callback );
+ op->o_callback = NULL;
+
return SLAP_CB_CONTINUE;
}
static int connection_bind_cb( Operation *op, SlapReply *rs )
{
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
- op->o_conn->c_conn_state = SLAP_C_ACTIVE;
+ if ( op->o_conn->c_conn_state == SLAP_C_BINDING )
+ op->o_conn->c_conn_state = SLAP_C_ACTIVE;
op->o_conn->c_sasl_bind_in_progress =
( rs->sr_err == LDAP_SASL_BIND_IN_PROGRESS );
@@ -1931,6 +1946,36 @@ int connection_write(ber_socket_t s)
return 0;
}
+#ifdef LDAP_SLAPI
+typedef struct conn_fake_extblock {
+ void *eb_conn;
+ void *eb_op;
+} conn_fake_extblock;
+
+static void
+connection_fake_destroy(
+ void *key,
+ void *data )
+{
+ Connection conn = {0};
+ Operation op = {0};
+ Opheader ohdr = {0};
+
+ conn_fake_extblock *eb = data;
+
+ op.o_hdr = &ohdr;
+ op.o_hdr->oh_extensions = eb->eb_op;
+ conn.c_extensions = eb->eb_conn;
+ op.o_conn = &conn;
+ conn.c_connid = -1;
+ op.o_connid = -1;
+
+ ber_memfree_x( eb, NULL );
+ slapi_int_free_object_extensions( SLAPI_X_EXT_OPERATION, &op );
+ slapi_int_free_object_extensions( SLAPI_X_EXT_CONNECTION, &conn );
+}
+#endif
+
void
connection_fake_init(
Connection *conn,
@@ -1959,8 +2004,24 @@ connection_fake_init(
connection_init_log_prefix( op );
#ifdef LDAP_SLAPI
- slapi_int_create_object_extensions( SLAPI_X_EXT_CONNECTION, conn );
- slapi_int_create_object_extensions( SLAPI_X_EXT_OPERATION, op );
+ if ( slapi_plugins_used ) {
+ conn_fake_extblock *eb = NULL;
+
+ /* Use thread keys to make sure these eventually get cleaned up */
+ if ( ldap_pvt_thread_pool_getkey( ctx, connection_fake_init, &eb,
+ NULL )) {
+ eb = ch_malloc( sizeof( *eb ));
+ slapi_int_create_object_extensions( SLAPI_X_EXT_CONNECTION, conn );
+ slapi_int_create_object_extensions( SLAPI_X_EXT_OPERATION, op );
+ eb->eb_conn = conn->c_extensions;
+ eb->eb_op = op->o_hdr->oh_extensions;
+ ldap_pvt_thread_pool_setkey( ctx, connection_fake_init, eb,
+ connection_fake_destroy );
+ } else {
+ conn->c_extensions = eb->eb_conn;
+ op->o_hdr->oh_extensions = eb->eb_op;
+ }
+ }
#endif /* LDAP_SLAPI */
slap_op_time( &op->o_time, &op->o_tincr );
diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c
index bc31133bacd69abbbbba2f1764e6e7dd338b2bfa..f9e9b9b076fafb20c3d4ecc418f81c53628de850 100644
--- a/servers/slapd/controls.c
+++ b/servers/slapd/controls.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -991,7 +991,6 @@ static int parseProxyAuthz (
op->o_ndn = dn;
ber_dupbv( &op->o_dn, &dn );
-
Statslog( LDAP_DEBUG_STATS, "%s PROXYAUTHZ dn=\"%s\"\n",
op->o_log_prefix, dn.bv_val, 0, 0, 0 );
diff --git a/servers/slapd/cr.c b/servers/slapd/cr.c
index 19c0bfa7cd4b8c1d1af6ba1a5dd4b0a0245519b6..5e40ce202b86a25109274e63ca3469e6aecbbb4c 100644
--- a/servers/slapd/cr.c
+++ b/servers/slapd/cr.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/ctxcsn.c b/servers/slapd/ctxcsn.c
index 0cab941536b648fec82e1431db46a74c6e27c841..c93fa5c83c1e1d082d3e17c87e1f40b25d2e93c5 100644
--- a/servers/slapd/ctxcsn.c
+++ b/servers/slapd/ctxcsn.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
* Portions Copyright 2003 IBM Corporation.
* All rights reserved.
*
@@ -28,6 +28,7 @@
const struct berval slap_ldapsync_bv = BER_BVC("ldapsync");
const struct berval slap_ldapsync_cn_bv = BER_BVC("cn=ldapsync");
+int slap_serverID;
void
slap_get_commit_csn(
@@ -181,13 +182,10 @@ slap_get_csn(
{
if ( csn == NULL ) return LDAP_OTHER;
-#ifndef HAVE_GMTIME_R
+ /* gmtime doesn't always need a mutex, but lutil_csnstr does */
ldap_pvt_thread_mutex_lock( &gmtime_mutex );
-#endif
- csn->bv_len = lutil_csnstr( csn->bv_val, csn->bv_len, 0, 0 );
-#ifndef HAVE_GMTIME_R
+ csn->bv_len = lutil_csnstr( csn->bv_val, csn->bv_len, slap_serverID, 0 );
ldap_pvt_thread_mutex_unlock( &gmtime_mutex );
-#endif
if ( manage_ctxcsn )
slap_queue_csn( op, csn );
diff --git a/servers/slapd/daemon.c b/servers/slapd/daemon.c
index 1cbfd5012fadb7491d2f5302ee35e4314b0bcbc2..9f86d3d13035d64fe8cf4aec1f7afd065ed3627e 100644
--- a/servers/slapd/daemon.c
+++ b/servers/slapd/daemon.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -328,7 +328,7 @@ static struct slap_daemon {
} while (0)
# define SLAP_DEVPOLL_SOCK_SET(s, mode) do { \
- fprintf( stderr, "SLAP_SOCK_SET_%s(%d) = %d\n", \
+ Debug( LDAP_DEBUG_CONNS, "SLAP_SOCK_SET_%s(%d)=%d\n", \
(mode) == POLLIN ? "READ" : "WRITE", (s), \
( (SLAP_DEVPOLL_SOCK_EV((s)) & (mode)) != (mode) ) ); \
if ( (SLAP_DEVPOLL_SOCK_EV((s)) & (mode)) != (mode) ) { \
@@ -341,7 +341,7 @@ static struct slap_daemon {
} while (0)
# define SLAP_DEVPOLL_SOCK_CLR(s, mode) do { \
- fprintf( stderr, "SLAP_SOCK_CLR_%s(%d) = %d\n", \
+ Debug( LDAP_DEBUG_CONNS, "SLAP_SOCK_CLR_%s(%d)=%d\n", \
(mode) == POLLIN ? "READ" : "WRITE", (s), \
( (SLAP_DEVPOLL_SOCK_EV((s)) & (mode)) == (mode) ) ); \
if ((SLAP_DEVPOLL_SOCK_EV((s)) & (mode)) == (mode) ) { \
@@ -378,7 +378,7 @@ static struct slap_daemon {
* need to shutdown.
*/
# define SLAP_SOCK_ADD(s, l) do { \
- fprintf( stderr, "SLAP_SOCK_ADD(%d, %p)\n", (s), (l) ); \
+ Debug( LDAP_DEBUG_CONNS, "SLAP_SOCK_ADD(%d, %p)\n", (s), (l), 0 ); \
SLAP_DEVPOLL_SOCK_IX((s)) = slap_daemon.sd_nfds; \
SLAP_DEVPOLL_SOCK_LX((s)) = (l); \
SLAP_DEVPOLL_SOCK_FD((s)) = (s); \
@@ -391,7 +391,7 @@ static struct slap_daemon {
# define SLAP_SOCK_DEL(s) do { \
int fd, index = SLAP_DEVPOLL_SOCK_IX((s)); \
- fprintf( stderr, "SLAP_SOCK_DEL(%d)\n", (s) ); \
+ Debug( LDAP_DEBUG_CONNS, "SLAP_SOCK_DEL(%d)\n", (s), 0, 0 ); \
if ( index < 0 ) break; \
if ( index < slap_daemon.sd_nfds - 1 ) { \
struct pollfd pfd = slap_daemon.sd_pollfd[index]; \
@@ -494,6 +494,7 @@ static struct slap_daemon {
# define SLAP_SOCK_INIT do { \
SLAP_SELECT_CHK_SETSIZE; \
+ FD_ZERO(&slap_daemon.sd_actives); \
FD_ZERO(&slap_daemon.sd_readers); \
FD_ZERO(&slap_daemon.sd_writers); \
} while (0)
@@ -582,28 +583,17 @@ slapd_slp_init( const char* urls )
/* find and expand INADDR_ANY URLs */
for ( i = 0; slapd_srvurls[i] != NULL; i++ ) {
if ( strcmp( slapd_srvurls[i], "ldap:///" ) == 0 ) {
- char *host = ldap_pvt_get_fqdn( NULL );
- if ( host != NULL ) {
- slapd_srvurls[i] = (char *) ch_realloc( slapd_srvurls[i],
- strlen( host ) +
- sizeof( LDAP_SRVTYPE_PREFIX ) );
- strcpy( lutil_strcopy(slapd_srvurls[i],
- LDAP_SRVTYPE_PREFIX ), host );
-
- ch_free( host );
- }
-
+ slapd_srvurls[i] = (char *) ch_realloc( slapd_srvurls[i],
+ strlen( global_host ) +
+ sizeof( LDAP_SRVTYPE_PREFIX ) );
+ strcpy( lutil_strcopy(slapd_srvurls[i],
+ LDAP_SRVTYPE_PREFIX ), global_host );
} else if ( strcmp( slapd_srvurls[i], "ldaps:///" ) == 0 ) {
- char *host = ldap_pvt_get_fqdn( NULL );
- if ( host != NULL ) {
- slapd_srvurls[i] = (char *) ch_realloc( slapd_srvurls[i],
- strlen( host ) +
- sizeof( LDAPS_SRVTYPE_PREFIX ) );
- strcpy( lutil_strcopy(slapd_srvurls[i],
- LDAPS_SRVTYPE_PREFIX ), host );
-
- ch_free( host );
- }
+ slapd_srvurls[i] = (char *) ch_realloc( slapd_srvurls[i],
+ strlen( global_host ) +
+ sizeof( LDAPS_SRVTYPE_PREFIX ) );
+ strcpy( lutil_strcopy(slapd_srvurls[i],
+ LDAPS_SRVTYPE_PREFIX ), global_host );
}
}
@@ -713,8 +703,8 @@ slapd_add( ber_socket_t s, int isactive, Listener *sl )
SLAP_SOCK_ADD(s, sl);
- Debug( LDAP_DEBUG_CONNS, "daemon: added %ldr\n",
- (long) s, 0, 0 );
+ Debug( LDAP_DEBUG_CONNS, "daemon: added %ldr%s listener=%p\n",
+ (long) s, isactive ? " (active)" : "", (void *)sl );
ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
@@ -1387,9 +1377,9 @@ slap_open_listener(
inet_ntop( AF_INET6, &((struct sockaddr_in6 *)*sal)->sin6_addr,
addr, sizeof addr);
port = ntohs( ((struct sockaddr_in6 *)*sal)->sin6_port );
- l.sl_name.bv_len = strlen(addr) + sizeof("IP= 65535");
+ l.sl_name.bv_len = strlen(addr) + sizeof("IP=[]:65535");
l.sl_name.bv_val = ber_memalloc( l.sl_name.bv_len );
- snprintf( l.sl_name.bv_val, l.sl_name.bv_len, "IP=%s %d",
+ snprintf( l.sl_name.bv_val, l.sl_name.bv_len, "IP=[%s]:%d",
addr, port );
l.sl_name.bv_len = strlen( l.sl_name.bv_val );
} break;
@@ -1594,11 +1584,15 @@ slap_listener(
#ifdef LDAP_PF_LOCAL
char peername[MAXPATHLEN + sizeof("PATH=")];
#elif defined(LDAP_PF_INET6)
- char peername[sizeof("IP=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 65535")];
+ char peername[sizeof("IP=[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]:65535")];
#else /* ! LDAP_PF_LOCAL && ! LDAP_PF_INET6 */
char peername[sizeof("IP=255.255.255.255:65336")];
#endif /* LDAP_PF_LOCAL */
+ Debug( LDAP_DEBUG_TRACE,
+ ">>> slap_listener(%s)\n",
+ sl->sl_url.bv_val, 0, 0 );
+
peername[0] = '\0';
#ifdef LDAP_CONNECTIONLESS
@@ -1754,7 +1748,7 @@ slap_listener(
peeraddr = (char *) inet_ntop( AF_INET6,
&from.sa_in6_addr.sin6_addr,
addr, sizeof addr );
- sprintf( peername, "IP=%s %d",
+ sprintf( peername, "IP=[%s]:%d",
peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN,
(unsigned) ntohs( from.sa_in6_addr.sin6_port ) );
}
@@ -1762,10 +1756,10 @@ slap_listener(
# endif /* LDAP_PF_INET6 */
case AF_INET:
- peeraddr = inet_ntoa( from.sa_in_addr.sin_addr );
- sprintf( peername, "IP=%s:%d",
- peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN,
- (unsigned) ntohs( from.sa_in_addr.sin_port ) );
+ peeraddr = inet_ntoa( from.sa_in_addr.sin_addr );
+ sprintf( peername, "IP=%s:%d",
+ peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN,
+ (unsigned) ntohs( from.sa_in_addr.sin_port ) );
break;
default:
@@ -1850,13 +1844,15 @@ slap_listener_thread(
void* ctx,
void* ptr )
{
- int rc;
+ int rc;
+ Listener *sl = (Listener *)ptr;
- rc = slap_listener( (Listener*)ptr );
+ rc = slap_listener( sl );
if( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY,
- "listener_thread: failed %d", rc, 0, 0 );
+ "slap_listener_thread(%s): failed err=%d",
+ sl->sl_url.bv_val, rc, 0 );
}
return (void*)NULL;
diff --git a/servers/slapd/delete.c b/servers/slapd/delete.c
index f2501476a9d3340e525af96c38617240d64424fb..e31c51bbdb79b7b263f7cd044a0207a34080c171 100644
--- a/servers/slapd/delete.c
+++ b/servers/slapd/delete.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/dn.c b/servers/slapd/dn.c
index d82f8025df166dfae3c152bdec67ed54bd5fa5cf..509adb76e3ac3272a8c6bfda8706b6bdcda4a01f 100644
--- a/servers/slapd/dn.c
+++ b/servers/slapd/dn.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/entry.c b/servers/slapd/entry.c
index e7c4222b7d8f3980f3cfd83b57e90c194183752d..dda4e185023f86f3a4f92125f5d595eba0397611 100644
--- a/servers/slapd/entry.c
+++ b/servers/slapd/entry.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -207,6 +207,8 @@ str2entry2( char *s, int checkvals )
goto fail;
}
+#define bvcasematch(bv1, bv2) ( ((bv1)->bv_len == (bv2)->bv_len) && (strncasecmp((bv1)->bv_val, (bv2)->bv_val, (bv1)->bv_len) == 0) )
+
/* Make sure all attributes with multiple values are contiguous */
if ( checkvals ) {
int j, k;
@@ -215,7 +217,7 @@ str2entry2( char *s, int checkvals )
for (i=0; i<lines; i++) {
for ( j=i+1; j<lines; j++ ) {
- if ( bvmatch( type+i, type+j )) {
+ if ( bvcasematch( type+i, type+j )) {
/* out of order, move intervening attributes down */
if ( j != i+1 ) {
bv = vals[j];
@@ -238,7 +240,7 @@ str2entry2( char *s, int checkvals )
for ( i=0; i<=lines; i++ ) {
ad_prev = ad;
- if ( !ad || ( i<lines && !bvmatch( type+i, &ad->ad_cname ))) {
+ if ( !ad || ( i<lines && !bvcasematch( type+i, &ad->ad_cname ))) {
ad = NULL;
rc = slap_bv2ad( type+i, &ad, &text );
@@ -444,22 +446,30 @@ entry_clean( Entry *e )
/* e_private must be freed by the caller */
assert( e->e_private == NULL );
+ e->e_id = 0;
+
/* free DNs */
if ( !BER_BVISNULL( &e->e_name ) ) {
free( e->e_name.bv_val );
+ BER_BVZERO( &e->e_name );
}
if ( !BER_BVISNULL( &e->e_nname ) ) {
free( e->e_nname.bv_val );
+ BER_BVZERO( &e->e_nname );
}
if ( !BER_BVISNULL( &e->e_bv ) ) {
free( e->e_bv.bv_val );
+ BER_BVZERO( &e->e_bv );
}
/* free attributes */
- attrs_free( e->e_attrs );
+ if ( e->e_attrs ) {
+ attrs_free( e->e_attrs );
+ e->e_attrs = NULL;
+ }
- memset(e, 0, sizeof(Entry));
+ e->e_ocflags = 0;
}
void
@@ -473,24 +483,47 @@ entry_free( Entry *e )
ldap_pvt_thread_mutex_unlock( &entry_mutex );
}
+/* These parameters work well on AMD64 */
+#if 0
+#define STRIDE 8
+#define STRIPE 5
+#else
+#define STRIDE 1
+#define STRIPE 1
+#endif
+#define STRIDE_FACTOR (STRIDE*STRIPE)
+
int
entry_prealloc( int num )
{
- Entry *e;
+ Entry *e, **prev, *tmp;
slap_list *s;
+ int i, j;
if (!num) return 0;
+#if STRIDE_FACTOR > 1
+ /* Round up to our stride factor */
+ num += STRIDE_FACTOR-1;
+ num /= STRIDE_FACTOR;
+ num *= STRIDE_FACTOR;
+#endif
+
s = ch_calloc( 1, sizeof(slap_list) + num * sizeof(Entry));
s->next = entry_chunks;
entry_chunks = s;
- e = (Entry *)(s+1);
- for ( ;num>1; num--) {
- e->e_private = e+1;
- e++;
+ prev = &tmp;
+ for (i=0; i<STRIPE; i++) {
+ e = (Entry *)(s+1);
+ e += i;
+ for (j=i; j<num; j+= STRIDE) {
+ *prev = e;
+ prev = (Entry **)&e->e_private;
+ e += STRIDE;
+ }
}
- e->e_private = entry_list;
+ *prev = entry_list;
entry_list = (Entry *)(s+1);
return 0;
@@ -862,3 +895,76 @@ Entry *entry_dup( Entry *e )
return ret;
}
+#if 1
+/* Duplicates an entry using a single malloc. Saves CPU time, increases
+ * heap usage because a single large malloc is harder to satisfy than
+ * lots of small ones, and the freed space isn't as easily reusable.
+ *
+ * Probably not worth using this function.
+ */
+Entry *entry_dup_bv( Entry *e )
+{
+ ber_len_t len;
+ int nattrs, nvals;
+ Entry *ret;
+ struct berval *bvl;
+ char *ptr;
+ Attribute *src, *dst;
+
+ ret = entry_alloc();
+
+ entry_partsize(e, &len, &nattrs, &nvals, 1);
+ ret->e_id = e->e_id;
+ ret->e_attrs = attrs_alloc( nattrs );
+ ret->e_ocflags = e->e_ocflags;
+ ret->e_bv.bv_len = len + nvals * sizeof(struct berval);
+ ret->e_bv.bv_val = ch_malloc( ret->e_bv.bv_len );
+
+ bvl = (struct berval *)ret->e_bv.bv_val;
+ ptr = (char *)(bvl + nvals);
+
+ ret->e_name.bv_len = e->e_name.bv_len;
+ ret->e_name.bv_val = ptr;
+ AC_MEMCPY( ptr, e->e_name.bv_val, e->e_name.bv_len );
+ ptr += e->e_name.bv_len;
+ *ptr++ = '\0';
+
+ ret->e_nname.bv_len = e->e_nname.bv_len;
+ ret->e_nname.bv_val = ptr;
+ AC_MEMCPY( ptr, e->e_nname.bv_val, e->e_nname.bv_len );
+ ptr += e->e_name.bv_len;
+ *ptr++ = '\0';
+
+ dst = ret->e_attrs;
+ for (src = e->e_attrs; src; src=src->a_next,dst=dst->a_next ) {
+ int i;
+ dst->a_desc = src->a_desc;
+ dst->a_flags = SLAP_ATTR_DONT_FREE_DATA | SLAP_ATTR_DONT_FREE_VALS;
+ dst->a_vals = bvl;
+ for ( i=0; src->a_vals[i].bv_val; i++ ) {
+ bvl->bv_len = src->a_vals[i].bv_len;
+ bvl->bv_val = ptr;
+ AC_MEMCPY( ptr, src->a_vals[i].bv_val, bvl->bv_len );
+ ptr += bvl->bv_len;
+ *ptr++ = '\0';
+ bvl++;
+ }
+ BER_BVZERO(bvl);
+ bvl++;
+ if ( src->a_vals != src->a_nvals ) {
+ dst->a_nvals = bvl;
+ for ( i=0; src->a_nvals[i].bv_val; i++ ) {
+ bvl->bv_len = src->a_nvals[i].bv_len;
+ bvl->bv_val = ptr;
+ AC_MEMCPY( ptr, src->a_nvals[i].bv_val, bvl->bv_len );
+ ptr += bvl->bv_len;
+ *ptr++ = '\0';
+ bvl++;
+ }
+ BER_BVZERO(bvl);
+ bvl++;
+ }
+ }
+ return ret;
+}
+#endif
diff --git a/servers/slapd/extended.c b/servers/slapd/extended.c
index 4d197d07fbdcb2fc0783a1726f0bc925c595ae52..38bb96c14734df866407e4b8faafe8b8fa9a6af4 100644
--- a/servers/slapd/extended.c
+++ b/servers/slapd/extended.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -281,7 +281,7 @@ load_extop2(
LDAP_SUCCESS )
{
oidm.bv_val = oidm_find( ext_oid->bv_val );
- if ( ext_oid == NULL ) {
+ if ( oidm.bv_val == NULL ) {
return -1;
}
oidm.bv_len = strlen( oidm.bv_val );
diff --git a/servers/slapd/filter.c b/servers/slapd/filter.c
index 87cfd7193730c6672e6859cd389e18836fcce2e1..f7b6821482337d12bce556412bbb8b67c2cdd592 100644
--- a/servers/slapd/filter.c
+++ b/servers/slapd/filter.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -42,7 +42,7 @@ static int get_filter_list(
static int get_ssa(
Operation *op,
BerElement *ber,
- SubstringsAssertion **s,
+ Filter *f,
const char **text );
static void simple_vrFilter2bv(
@@ -79,8 +79,8 @@ get_filter(
* substrings [4] SubstringFilter,
* greaterOrEqual [5] AttributeValueAssertion,
* lessOrEqual [6] AttributeValueAssertion,
- * present [7] AttributeType,,
- * approxMatch [8] AttributeValueAssertion
+ * present [7] AttributeType,
+ * approxMatch [8] AttributeValueAssertion,
* extensibleMatch [9] MatchingRuleAssertion
* }
*
@@ -117,7 +117,7 @@ get_filter(
switch ( f.f_choice ) {
case LDAP_FILTER_EQUALITY:
Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
- err = get_ava( op, ber, &f.f_ava, SLAP_MR_EQUALITY, text );
+ err = get_ava( op, ber, &f, SLAP_MR_EQUALITY, text );
if ( err != LDAP_SUCCESS ) {
break;
}
@@ -127,7 +127,7 @@ get_filter(
case LDAP_FILTER_SUBSTRINGS:
Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
- err = get_ssa( op, ber, &f.f_sub, text );
+ err = get_ssa( op, ber, &f, text );
if( err != LDAP_SUCCESS ) {
break;
}
@@ -136,7 +136,7 @@ get_filter(
case LDAP_FILTER_GE:
Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
- err = get_ava( op, ber, &f.f_ava, SLAP_MR_ORDERING, text );
+ err = get_ava( op, ber, &f, SLAP_MR_ORDERING, text );
if ( err != LDAP_SUCCESS ) {
break;
}
@@ -145,7 +145,7 @@ get_filter(
case LDAP_FILTER_LE:
Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
- err = get_ava( op, ber, &f.f_ava, SLAP_MR_ORDERING, text );
+ err = get_ava( op, ber, &f, SLAP_MR_ORDERING, text );
if ( err != LDAP_SUCCESS ) {
break;
}
@@ -166,6 +166,7 @@ get_filter(
err = slap_bv2ad( &type, &f.f_desc, text );
if( err != LDAP_SUCCESS ) {
+ f.f_choice |= SLAPD_FILTER_UNDEFINED;
err = slap_bv2undef_ad( &type, &f.f_desc, text,
SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
@@ -176,12 +177,10 @@ get_filter(
"type=%s (%d)\n",
op->o_connid, type.bv_val, err );
- f.f_choice = SLAPD_FILTER_COMPUTED;
- f.f_result = LDAP_COMPARE_FALSE;
err = LDAP_SUCCESS;
- *text = NULL;
- break;
+ f.f_desc = slap_bv2tmp_ad( &type, op->o_tmpmemctx );
}
+ *text = NULL;
}
assert( f.f_desc != NULL );
@@ -189,7 +188,7 @@ get_filter(
case LDAP_FILTER_APPROX:
Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
- err = get_ava( op, ber, &f.f_ava, SLAP_MR_EQUALITY_APPROX, text );
+ err = get_ava( op, ber, &f, SLAP_MR_EQUALITY_APPROX, text );
if ( err != LDAP_SUCCESS ) {
break;
}
@@ -253,7 +252,7 @@ get_filter(
case LDAP_FILTER_EXT:
Debug( LDAP_DEBUG_FILTER, "EXTENSIBLE\n", 0, 0, 0 );
- err = get_mra( op, ber, &f.f_mra, text );
+ err = get_mra( op, ber, &f, text );
if ( err != LDAP_SUCCESS ) {
break;
}
@@ -320,7 +319,7 @@ static int
get_ssa(
Operation *op,
BerElement *ber,
- SubstringsAssertion **out,
+ Filter *f,
const char **text )
{
ber_tag_t tag;
@@ -331,7 +330,6 @@ get_ssa(
SubstringsAssertion ssa;
*text = "error decoding filter";
- *out = NULL;
Debug( LDAP_DEBUG_FILTER, "begin get_ssa\n", 0, 0, 0 );
if ( ber_scanf( ber, "{m" /*}*/, &desc ) == LBER_ERROR ) {
@@ -348,6 +346,7 @@ get_ssa(
rc = slap_bv2ad( &desc, &ssa.sa_desc, text );
if( rc != LDAP_SUCCESS ) {
+ f->f_choice |= SLAPD_FILTER_UNDEFINED;
rc = slap_bv2undef_ad( &desc, &ssa.sa_desc, text,
SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
@@ -356,13 +355,7 @@ get_ssa(
"get_ssa: conn %lu unknown attribute type=%s (%ld)\n",
op->o_connid, desc.bv_val, (long) rc );
- /* skip over the rest of this filter */
- for ( tag = ber_first_element( ber, &len, &last );
- tag != LBER_DEFAULT;
- tag = ber_next_element( ber, &len, last ) ) {
- ber_scanf( ber, "x" );
- }
- return rc;
+ ssa.sa_desc = slap_bv2tmp_ad( &desc, op->o_tmpmemctx );
}
}
@@ -455,6 +448,8 @@ return_error:
(long) rc, 0, 0 );
slap_sl_free( ssa.sa_initial.bv_val, op->o_tmpmemctx );
ber_bvarray_free_x( ssa.sa_any, op->o_tmpmemctx );
+ if ( ssa.sa_desc->ad_flags & SLAP_DESC_TEMPORARY )
+ op->o_tmpfree( ssa.sa_desc, op->o_tmpmemctx );
slap_sl_free( ssa.sa_final.bv_val, op->o_tmpmemctx );
return rc;
}
@@ -463,8 +458,8 @@ return_error:
}
if( rc == LDAP_SUCCESS ) {
- *out = op->o_tmpalloc( sizeof( ssa ), op->o_tmpmemctx );
- **out = ssa;
+ f->f_sub = op->o_tmpalloc( sizeof( ssa ), op->o_tmpmemctx );
+ *f->f_sub = ssa;
}
Debug( LDAP_DEBUG_FILTER, "end get_ssa\n", 0, 0, 0 );
@@ -480,6 +475,8 @@ filter_free_x( Operation *op, Filter *f )
return;
}
+ f->f_choice &= SLAPD_FILTER_MASK;
+
switch ( f->f_choice ) {
case LDAP_FILTER_PRESENT:
break;
@@ -499,6 +496,8 @@ filter_free_x( Operation *op, Filter *f )
if ( f->f_sub_final.bv_val != NULL ) {
op->o_tmpfree( f->f_sub_final.bv_val, op->o_tmpmemctx );
}
+ if ( f->f_sub->sa_desc->ad_flags & SLAP_DESC_TEMPORARY )
+ op->o_tmpfree( f->f_sub->sa_desc, op->o_tmpmemctx );
op->o_tmpfree( f->f_sub, op->o_tmpmemctx );
break;
@@ -553,90 +552,64 @@ filter2bv_x( Operation *op, Filter *f, struct berval *fstr )
ber_bvunknown = BER_BVC( "(?=unknown)" ),
ber_bvnone = BER_BVC( "(?=none)" );
ber_len_t len;
+ ber_tag_t choice;
+ int undef;
+ char *sign;
if ( f == NULL ) {
ber_dupbv_x( fstr, &ber_bvnone, op->o_tmpmemctx );
return;
}
- switch ( f->f_choice ) {
- case LDAP_FILTER_EQUALITY:
- filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx );
- /* NOTE: tmp can legitimately be NULL (meaning empty)
- * since in a Filter values in AVAs are supposed
- * to have been normalized, meaning that an empty value
- * is legal for that attribute's syntax */
-
- fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
- tmp.bv_len + STRLENOF("(=)");
- fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
-
- snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
- f->f_av_desc->ad_cname.bv_val,
- tmp.bv_len ? tmp.bv_val : "" );
-
- ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
- break;
+ undef = f->f_choice & SLAPD_FILTER_UNDEFINED;
+ choice = f->f_choice & SLAPD_FILTER_MASK;
+ switch ( choice ) {
+ case LDAP_FILTER_EQUALITY:
+ fstr->bv_len = STRLENOF("(=)");
+ sign = "=";
+ goto simple;
case LDAP_FILTER_GE:
- filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx );
- /* NOTE: tmp can legitimately be NULL (meaning empty)
- * since in a Filter values in AVAs are supposed
- * to have been normalized, meaning that an empty value
- * is legal for that attribute's syntax */
-
- fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
- tmp.bv_len + STRLENOF("(>=)");
- fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
-
- snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
- f->f_av_desc->ad_cname.bv_val,
- tmp.bv_len ? tmp.bv_val : "");
-
- ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
- break;
-
+ fstr->bv_len = STRLENOF("(>=)");
+ sign = ">=";
+ goto simple;
case LDAP_FILTER_LE:
- filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx );
- /* NOTE: tmp can legitimately be NULL (meaning empty)
- * since in a Filter values in AVAs are supposed
- * to have been normalized, meaning that an empty value
- * is legal for that attribute's syntax */
-
- fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
- tmp.bv_len + STRLENOF("(<=)");
- fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
-
- snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
- f->f_av_desc->ad_cname.bv_val,
- tmp.bv_len ? tmp.bv_val : "");
-
- ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
- break;
-
+ fstr->bv_len = STRLENOF("(<=)");
+ sign = "<=";
+ goto simple;
case LDAP_FILTER_APPROX:
+ fstr->bv_len = STRLENOF("(~=)");
+ sign = "~=";
+
+simple:
filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx );
/* NOTE: tmp can legitimately be NULL (meaning empty)
* since in a Filter values in AVAs are supposed
* to have been normalized, meaning that an empty value
* is legal for that attribute's syntax */
- fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
- tmp.bv_len + STRLENOF("(~=)");
+ fstr->bv_len += f->f_av_desc->ad_cname.bv_len + tmp.bv_len;
+ if ( undef )
+ fstr->bv_len++;
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
- snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
- f->f_av_desc->ad_cname.bv_val,
- tmp.bv_len ? tmp.bv_val : "");
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s)",
+ undef ? "?" : "",
+ f->f_av_desc->ad_cname.bv_val, sign,
+ tmp.bv_len ? tmp.bv_val : "" );
+
ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
break;
case LDAP_FILTER_SUBSTRINGS:
fstr->bv_len = f->f_sub_desc->ad_cname.bv_len +
STRLENOF("(=*)");
+ if ( undef )
+ fstr->bv_len++;
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx );
- snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s=*)",
+ undef ? "?" : "",
f->f_sub_desc->ad_cname.bv_val );
if ( f->f_sub_initial.bv_val != NULL ) {
@@ -705,9 +678,13 @@ filter2bv_x( Operation *op, Filter *f, struct berval *fstr )
case LDAP_FILTER_PRESENT:
fstr->bv_len = f->f_desc->ad_cname.bv_len +
STRLENOF("(=*)");
+ if ( undef )
+ fstr->bv_len++;
+
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
- snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s=*)",
+ undef ? "?" : "",
f->f_desc->ad_cname.bv_val );
break;
@@ -761,7 +738,8 @@ filter2bv_x( Operation *op, Filter *f, struct berval *fstr )
tmp.bv_len + STRLENOF("(:=)");
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
- snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
+ snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s%s:=%s)",
+ undef ? "?" : "",
ad.bv_val,
f->f_mr_dnattrs ? ":dn" : "",
f->f_mr_rule_text.bv_len ? ":" : "",
@@ -824,12 +802,15 @@ filter_dup( Filter *f, void *memctx )
n->f_choice = f->f_choice;
n->f_next = NULL;
- switch( f->f_choice ) {
+ switch( f->f_choice & SLAPD_FILTER_MASK ) {
case SLAPD_FILTER_COMPUTED:
n->f_result = f->f_result;
break;
case LDAP_FILTER_PRESENT:
- n->f_desc = f->f_desc;
+ if ( f->f_desc->ad_flags & SLAP_DESC_TEMPORARY )
+ n->f_desc = slap_bv2tmp_ad( &f->f_desc->ad_cname, memctx );
+ else
+ n->f_desc = f->f_desc;
break;
case LDAP_FILTER_EQUALITY:
case LDAP_FILTER_GE:
@@ -838,11 +819,16 @@ filter_dup( Filter *f, void *memctx )
/* Should this be ava_dup() ? */
n->f_ava = mf->bmf_calloc( 1, sizeof(AttributeAssertion), memctx );
*n->f_ava = *f->f_ava;
+ if ( f->f_av_desc->ad_flags & SLAP_DESC_TEMPORARY )
+ n->f_av_desc = slap_bv2tmp_ad( &f->f_av_desc->ad_cname, memctx );
ber_dupbv_x( &n->f_av_value, &f->f_av_value, memctx );
break;
case LDAP_FILTER_SUBSTRINGS:
n->f_sub = mf->bmf_calloc( 1, sizeof(SubstringsAssertion), memctx );
- n->f_sub_desc = f->f_sub_desc;
+ if ( f->f_sub_desc->ad_flags & SLAP_DESC_TEMPORARY )
+ n->f_sub_desc = slap_bv2tmp_ad( &f->f_sub_desc->ad_cname, memctx );
+ else
+ n->f_sub_desc = f->f_sub_desc;
if ( !BER_BVISNULL( &f->f_sub_initial ))
ber_dupbv_x( &n->f_sub_initial, &f->f_sub_initial, memctx );
if ( f->f_sub_any ) {
@@ -866,6 +852,8 @@ filter_dup( Filter *f, void *memctx )
length += f->f_mr_rule_text.bv_len + 1;
n->f_mra = mf->bmf_calloc( 1, length, memctx );
*n->f_mra = *f->f_mra;
+ if ( f->f_mr_desc && ( f->f_sub_desc->ad_flags & SLAP_DESC_TEMPORARY ))
+ n->f_mr_desc = slap_bv2tmp_ad( &f->f_mr_desc->ad_cname, memctx );
ber_dupbv_x( &n->f_mr_value, &f->f_mr_value, memctx );
if ( !BER_BVISNULL( &f->f_mr_rule_text )) {
n->f_mr_rule_text.bv_val = (char *)(n->f_mra+1);
@@ -915,7 +903,7 @@ get_simple_vrFilter(
switch ( vrf.vrf_choice ) {
case LDAP_FILTER_EQUALITY:
Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
- err = get_ava( op, ber, &vrf.vrf_ava, SLAP_MR_EQUALITY, text );
+ err = get_ava( op, ber, (Filter *)&vrf, SLAP_MR_EQUALITY, text );
if ( err != LDAP_SUCCESS ) {
break;
}
@@ -925,12 +913,12 @@ get_simple_vrFilter(
case LDAP_FILTER_SUBSTRINGS:
Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
- err = get_ssa( op, ber, &vrf.vrf_sub, text );
+ err = get_ssa( op, ber, (Filter *)&vrf, text );
break;
case LDAP_FILTER_GE:
Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
- err = get_ava( op, ber, &vrf.vrf_ava, SLAP_MR_ORDERING, text );
+ err = get_ava( op, ber, (Filter *)&vrf, SLAP_MR_ORDERING, text );
if ( err != LDAP_SUCCESS ) {
break;
}
@@ -938,7 +926,7 @@ get_simple_vrFilter(
case LDAP_FILTER_LE:
Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
- err = get_ava( op, ber, &vrf.vrf_ava, SLAP_MR_ORDERING, text );
+ err = get_ava( op, ber, (Filter *)&vrf, SLAP_MR_ORDERING, text );
if ( err != LDAP_SUCCESS ) {
break;
}
@@ -958,8 +946,9 @@ get_simple_vrFilter(
err = slap_bv2ad( &type, &vrf.vrf_desc, text );
if( err != LDAP_SUCCESS ) {
+ vrf.vrf_choice |= SLAPD_FILTER_UNDEFINED;
err = slap_bv2undef_ad( &type, &vrf.vrf_desc, text,
- SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
+ SLAP_AD_PROXIED);
if( err != LDAP_SUCCESS ) {
/* unrecognized attribute description or other error */
@@ -978,7 +967,7 @@ get_simple_vrFilter(
case LDAP_FILTER_APPROX:
Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
- err = get_ava( op, ber, &vrf.vrf_ava, SLAP_MR_EQUALITY_APPROX, text );
+ err = get_ava( op, ber, (Filter *)&vrf, SLAP_MR_EQUALITY_APPROX, text );
if ( err != LDAP_SUCCESS ) {
break;
}
@@ -987,7 +976,7 @@ get_simple_vrFilter(
case LDAP_FILTER_EXT:
Debug( LDAP_DEBUG_FILTER, "EXTENSIBLE\n", 0, 0, 0 );
- err = get_mra( op, ber, &vrf.vrf_mra, text );
+ err = get_mra( op, ber, (Filter *)&vrf, text );
if ( err != LDAP_SUCCESS ) {
break;
}
@@ -1012,7 +1001,7 @@ get_simple_vrFilter(
}
if ( err == LDAP_SUCCESS ) {
- *filt = ch_malloc( sizeof vrf );
+ *filt = op->o_tmpalloc( sizeof vrf, op->o_tmpmemctx );
**filt = vrf;
}
@@ -1103,7 +1092,7 @@ vrFilter_free( Operation *op, ValuesReturnFilter *vrf )
for ( p = vrf; p != NULL; p = next ) {
next = p->vrf_next;
- switch ( vrf->vrf_choice ) {
+ switch ( vrf->vrf_choice & SLAPD_FILTER_MASK ) {
case LDAP_FILTER_PRESENT:
break;
@@ -1181,19 +1170,22 @@ simple_vrFilter2bv( Operation *op, ValuesReturnFilter *vrf, struct berval *fstr
{
struct berval tmp;
ber_len_t len;
+ int undef;
if ( vrf == NULL ) {
ber_str2bv_x( "No filter!", STRLENOF("No filter!"), 1, fstr,
op->o_tmpmemctx );
return;
}
+ undef = vrf->vrf_choice & SLAPD_FILTER_UNDEFINED;
- switch ( vrf->vrf_choice ) {
+ switch ( vrf->vrf_choice & SLAPD_FILTER_MASK ) {
case LDAP_FILTER_EQUALITY:
filter_escape_value_x( &vrf->vrf_av_value, &tmp, op->o_tmpmemctx );
fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
tmp.bv_len + STRLENOF("(=)");
+ if ( undef ) fstr->bv_len++;
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
@@ -1208,6 +1200,7 @@ simple_vrFilter2bv( Operation *op, ValuesReturnFilter *vrf, struct berval *fstr
fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
tmp.bv_len + STRLENOF("(>=)");
+ if ( undef ) fstr->bv_len++;
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
@@ -1222,6 +1215,7 @@ simple_vrFilter2bv( Operation *op, ValuesReturnFilter *vrf, struct berval *fstr
fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
tmp.bv_len + STRLENOF("(<=)");
+ if ( undef ) fstr->bv_len++;
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
@@ -1236,6 +1230,7 @@ simple_vrFilter2bv( Operation *op, ValuesReturnFilter *vrf, struct berval *fstr
fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
tmp.bv_len + STRLENOF("(~=)");
+ if ( undef ) fstr->bv_len++;
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
@@ -1247,6 +1242,7 @@ simple_vrFilter2bv( Operation *op, ValuesReturnFilter *vrf, struct berval *fstr
case LDAP_FILTER_SUBSTRINGS:
fstr->bv_len = vrf->vrf_sub_desc->ad_cname.bv_len +
STRLENOF("(=*)");
+ if ( undef ) fstr->bv_len++;
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
@@ -1307,6 +1303,7 @@ simple_vrFilter2bv( Operation *op, ValuesReturnFilter *vrf, struct berval *fstr
case LDAP_FILTER_PRESENT:
fstr->bv_len = vrf->vrf_desc->ad_cname.bv_len +
STRLENOF("(=*)");
+ if ( undef ) fstr->bv_len++;
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
@@ -1329,6 +1326,7 @@ simple_vrFilter2bv( Operation *op, ValuesReturnFilter *vrf, struct berval *fstr
( vrf->vrf_mr_rule_text.bv_len
? vrf->vrf_mr_rule_text.bv_len+1 : 0 ) +
tmp.bv_len + STRLENOF("(:=)");
+ if ( undef ) fstr->bv_len++;
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
diff --git a/servers/slapd/filterentry.c b/servers/slapd/filterentry.c
index f10ff2232d27e5ae99f7ac646719352a61f394cc..336476a8fd39d9a8f624b706e95a91a1607aee71 100644
--- a/servers/slapd/filterentry.c
+++ b/servers/slapd/filterentry.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -66,6 +66,12 @@ test_filter(
int rc;
Debug( LDAP_DEBUG_FILTER, "=> test_filter\n", 0, 0, 0 );
+ if ( f->f_choice & SLAPD_FILTER_UNDEFINED ) {
+ Debug( LDAP_DEBUG_FILTER, " UNDEFINED\n", 0, 0, 0 );
+ rc = SLAPD_COMPARE_UNDEFINED;
+ goto out;
+ }
+
switch ( f->f_choice ) {
case SLAPD_FILTER_COMPUTED:
Debug( LDAP_DEBUG_FILTER, " COMPUTED %s (%d)\n",
@@ -144,7 +150,7 @@ test_filter(
f->f_choice, 0, 0 );
rc = LDAP_PROTOCOL_ERROR;
}
-
+out:
Debug( LDAP_DEBUG_FILTER, "<= test_filter %d\n", rc, 0, 0 );
return( rc );
}
@@ -276,14 +282,14 @@ static int test_mra_filter(
if ( normalize_attribute && mra->ma_rule->smr_normalize ) {
/*
- Document: draft-ietf-ldapbis-protocol
+ Document: RFC 4511
4.5.1. Search Request
...
If the type field is present and the matchingRule is present,
the matchValue is compared against entry attributes of the
specified type. In this case, the matchingRule MUST be one
- suitable for use with the specified type (see [Syntaxes]),
+ suitable for use with the specified type (see [RFC4517]),
otherwise the filter item is Undefined.
diff --git a/servers/slapd/frontend.c b/servers/slapd/frontend.c
index dd27a9d5cf1be4b3410b1fe1047cf383c658eec9..1a2dd396b3dc82161ab7513484ea6e068dd1a075 100644
--- a/servers/slapd/frontend.c
+++ b/servers/slapd/frontend.c
@@ -1,7 +1,7 @@
/* frontend.c - routines for dealing with frontend */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/globals.c b/servers/slapd/globals.c
index 184314465e2202c23d3fe3f6f3574bf513187074..37963bb81c20714575c1f07118b6680b43dc809f 100644
--- a/servers/slapd/globals.c
+++ b/servers/slapd/globals.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/index.c b/servers/slapd/index.c
index 2edd9a916355c6366e0a9c1598a331c964e62b0c..d25def048d9cd0570a546fdfeb275d0b38bb4538 100644
--- a/servers/slapd/index.c
+++ b/servers/slapd/index.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/init.c b/servers/slapd/init.c
index f92590872c214da1c03ba835257fdbd2f4b15cd3..3cff69e3e63765e010dc5d6537c2b74684a983b8 100644
--- a/servers/slapd/init.c
+++ b/servers/slapd/init.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -65,9 +65,7 @@ struct berval NoAttrs = BER_BVC( LDAP_NO_ATTRS );
ldap_pvt_thread_pool_t connection_pool;
int connection_pool_max = SLAP_MAX_WORKER_THREADS;
int slap_tool_thread_max = 1;
-#ifndef HAVE_GMTIME_R
ldap_pvt_thread_mutex_t gmtime_mutex;
-#endif
slap_counters_t slap_counters;
@@ -124,6 +122,7 @@ slap_init( int mode, const char *name )
switch ( slapMode & SLAP_MODE ) {
case SLAP_SERVER_MODE:
+ root_dse_init();
/* FALLTHRU */
case SLAP_TOOL_MODE:
@@ -159,9 +158,7 @@ slap_init( int mode, const char *name )
}
#endif /* SLAPD_MONITOR */
-#ifndef HAVE_GMTIME_R
ldap_pvt_thread_mutex_init( &gmtime_mutex );
-#endif
slap_passwd_init();
rc = slap_sasl_init();
@@ -270,14 +267,21 @@ int slap_destroy(void)
ber_bvarray_free( default_referral );
}
+ /* clear out any thread-keys for the main thread */
+ ldap_pvt_thread_pool_context_reset( ldap_pvt_thread_pool_context());
+
rc = backend_destroy();
slap_sasl_destroy();
+ /* rootdse destroy goes before entry_destroy()
+ * because it may use entry_free() */
+ root_dse_destroy();
entry_destroy();
switch ( slapMode & SLAP_MODE ) {
case SLAP_SERVER_MODE:
+
case SLAP_TOOL_MODE:
ldap_pvt_thread_mutex_destroy( &slap_counters.sc_sent_mutex );
diff --git a/servers/slapd/kerberos.c b/servers/slapd/kerberos.c
deleted file mode 100644
index fd145aaf2ff3a44a430d68e908cbc7a759088ec5..0000000000000000000000000000000000000000
--- a/servers/slapd/kerberos.c
+++ /dev/null
@@ -1,58 +0,0 @@
-/* kerberos.c - kerberos bind routines */
-/* $OpenLDAP$ */
-/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
- *
- * Copyright 1998-2006 The OpenLDAP Foundation.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted only as authorized by the OpenLDAP
- * Public License.
- *
- * A copy of this license is available in the file LICENSE in the
- * top-level directory of the distribution or, alternatively, at
- * <http://www.OpenLDAP.org/license.html>.
- */
-
-#include "portable.h"
-
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
-
-#include <stdio.h>
-
-#include <ac/krb.h>
-#include <ac/socket.h>
-#include <ac/string.h>
-
-#include "slap.h"
-
-#define LDAP_KRB_PRINCIPAL "ldapserver"
-
-krbv4_ldap_auth(
- Backend *be,
- struct berval *cred,
- AUTH_DAT *ad
-)
-{
- KTEXT_ST k;
- KTEXT ktxt = &k;
- char instance[INST_SZ];
- int err;
-
- Debug( LDAP_DEBUG_TRACE, "=> kerberosv4_ldap_auth\n", 0, 0, 0 );
-
- AC_MEMCPY( ktxt->dat, cred->bv_val, cred->bv_len );
- ktxt->length = cred->bv_len;
-
- strcpy( instance, "*" );
- if ( (err = krb_rd_req( ktxt, LDAP_KRB_PRINCIPAL, instance, 0L, ad,
- ldap_srvtab )) != KSUCCESS ) {
- Debug( LDAP_DEBUG_ANY, "krb_rd_req failed (%s)\n",
- krb_err_txt[err], 0, 0 );
- return( LDAP_INVALID_CREDENTIALS );
- }
-
- return( LDAP_SUCCESS );
-}
-
-#endif /* kerberos */
diff --git a/servers/slapd/ldapsync.c b/servers/slapd/ldapsync.c
index 693bf7c7e38b46abe777d51c73a31dd1fe48cfd1..1d7bf3b2bf2e34d1347118e1e5ba1309f95b4669 100644
--- a/servers/slapd/ldapsync.c
+++ b/servers/slapd/ldapsync.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
* Portions Copyright 2003 IBM Corporation.
* All rights reserved.
*
@@ -34,34 +34,58 @@ void
slap_compose_sync_cookie(
Operation *op,
struct berval *cookie,
- struct berval *csn,
- int rid )
+ BerVarray csn,
+ int rid,
+ int sid )
{
- char cookiestr[ LDAP_LUTIL_CSNSTR_BUFSIZE + 20 ];
- int len;
+ int len, numcsn = 0;
- if ( BER_BVISNULL( csn )) {
+ if ( csn ) {
+ for (; !BER_BVISNULL( &csn[numcsn] ); numcsn++);
+ }
+
+ if ( numcsn == 0 || rid == -1 ) {
+ char cookiestr[ LDAP_LUTIL_CSNSTR_BUFSIZE + 20 ];
if ( rid == -1 ) {
cookiestr[0] = '\0';
len = 0;
} else {
- len = snprintf( cookiestr, LDAP_LUTIL_CSNSTR_BUFSIZE + 20,
+ len = snprintf( cookiestr, sizeof( cookiestr ),
"rid=%03d", rid );
+ if ( sid >= 0 ) {
+ len += sprintf( cookiestr+len, ",sid=%03x", sid );
+ }
}
+ ber_str2bv_x( cookiestr, len, 1, cookie,
+ op ? op->o_tmpmemctx : NULL );
} else {
- char *end = cookiestr + sizeof(cookiestr);
- char *ptr = lutil_strcopy( cookiestr, "csn=" );
- len = csn->bv_len;
- if ( ptr + len >= end )
- len = end - ptr;
- ptr = lutil_strncopy( ptr, csn->bv_val, len );
- if ( rid != -1 && ptr < end - STRLENOF(",rid=xxx") ) {
- ptr += sprintf( ptr, ",rid=%03d", rid );
+ char *ptr;
+ int i;
+
+ len = 0;
+ for ( i=0; i<numcsn; i++)
+ len += csn[i].bv_len + 1;
+
+ len += STRLENOF("rid=123,csn=");
+ if ( sid >= 0 )
+ len += STRLENOF("sid=xxx,");
+
+ cookie->bv_val = slap_sl_malloc( len, op ? op->o_tmpmemctx : NULL );
+
+ len = sprintf( cookie->bv_val, "rid=%03d,", rid );
+ ptr = cookie->bv_val + len;
+ if ( sid >= 0 ) {
+ ptr += sprintf( ptr, "sid=%03x,", sid );
+ }
+ ptr = lutil_strcopy( ptr, "csn=" );
+ for ( i=0; i<numcsn; i++) {
+ ptr = lutil_strncopy( ptr, csn[i].bv_val, csn[i].bv_len );
+ *ptr++ = ';';
}
- len = ptr - cookiestr;
+ ptr--;
+ *ptr = '\0';
+ cookie->bv_len = ptr - cookie->bv_val;
}
- ber_str2bv_x( cookiestr, len, 1, cookie,
- op ? op->o_tmpmemctx : NULL );
}
void
@@ -73,11 +97,16 @@ slap_sync_cookie_free(
if ( cookie == NULL )
return;
- if ( !BER_BVISNULL( &cookie->ctxcsn )) {
- ch_free( cookie->ctxcsn.bv_val );
- BER_BVZERO( &cookie->ctxcsn );
+ if ( cookie->sids ) {
+ ch_free( cookie->sids );
+ cookie->sids = NULL;
}
+ if ( cookie->ctxcsn ) {
+ ber_bvarray_free( cookie->ctxcsn );
+ cookie->ctxcsn = NULL;
+ }
+ cookie->numcsns = 0;
if ( !BER_BVISNULL( &cookie->octet_str )) {
ch_free( cookie->octet_str.bv_val );
BER_BVZERO( &cookie->octet_str );
@@ -90,6 +119,37 @@ slap_sync_cookie_free(
return;
}
+int
+slap_parse_csn_sid( struct berval *csn )
+{
+ char *p, *q;
+ int i;
+
+ p = memchr( csn->bv_val, '#', csn->bv_len );
+ if ( p )
+ p = strchr( p+1, '#' );
+ if ( !p )
+ return -1;
+ p++;
+ i = strtoul( p, &q, 10 );
+ if ( p == q || i > SLAP_SYNC_SID_MAX )
+ i = -1;
+ return i;
+}
+
+int *
+slap_parse_csn_sids( BerVarray csns, int numcsns )
+{
+ int i, *ret;
+ char *p, *q;
+
+ ret = ch_malloc( numcsns * sizeof(int) );
+ for ( i=0; i<numcsns; i++ ) {
+ ret[i] = slap_parse_csn_sid( &csns[i] );
+ }
+ return ret;
+}
+
int
slap_parse_sync_cookie(
struct sync_cookie *cookie,
@@ -99,10 +159,10 @@ slap_parse_sync_cookie(
char *csn_ptr;
char *csn_str;
int csn_str_len;
- int valid = 0;
char *rid_ptr;
char *cval;
- char *next;
+ char *next, *end;
+ AttributeDescription *ad = slap_schema.si_ad_modifyTimestamp;
if ( cookie == NULL )
return -1;
@@ -111,60 +171,89 @@ slap_parse_sync_cookie(
return -1;
cookie->rid = -1;
- /* FIXME: may read past end of cookie->octet_str.bv_val */
- rid_ptr = strstr( cookie->octet_str.bv_val, "rid=" );
- if ( rid_ptr == NULL
- || rid_ptr > &cookie->octet_str.bv_val[ cookie->octet_str.bv_len - STRLENOF( "rid=" ) ] )
- {
- return -1;
- }
-
- if ( rid_ptr[ STRLENOF( "rid=" ) ] == '-' ) {
- return -1;
- }
- cookie->rid = strtoul( &rid_ptr[ STRLENOF( "rid=" ) ], &next, 10 );
- if ( next == &rid_ptr[ STRLENOF( "rid=" ) ] || ( next[ 0 ] != ',' && next[ 0 ] != '\0' ) ) {
- return -1;
- }
-
- while (( csn_ptr = strstr( cookie->octet_str.bv_val, "csn=" )) != NULL ) {
- AttributeDescription *ad = slap_schema.si_ad_modifyTimestamp;
- slap_syntax_validate_func *validate;
- struct berval stamp;
-
- /* This only happens when called from main */
- if ( ad == NULL )
- break;
-
- if ( csn_ptr >= &cookie->octet_str.bv_val[ cookie->octet_str.bv_len - STRLENOF( "csn=" ) ] ) {
- return -1;
+ cookie->sid = -1;
+ cookie->ctxcsn = NULL;
+ cookie->sids = NULL;
+ cookie->numcsns = 0;
+
+ end = cookie->octet_str.bv_val + cookie->octet_str.bv_len;
+
+ for ( next=cookie->octet_str.bv_val; next < end; ) {
+ if ( !strncmp( next, "rid=", STRLENOF("rid=") )) {
+ rid_ptr = next;
+ cookie->rid = strtoul( &rid_ptr[ STRLENOF( "rid=" ) ], &next, 10 );
+ if ( next == rid_ptr || next > end || *next != ',' ) {
+ return -1;
+ }
+ if ( *next == ',' ) {
+ next++;
+ }
+ if ( !ad ) {
+ break;
+ }
+ continue;
}
-
- csn_str = csn_ptr + STRLENOF("csn=");
- cval = strchr( csn_str, ',' );
- if ( cval && cval < &cookie->octet_str.bv_val[ cookie->octet_str.bv_len ] )
- csn_str_len = cval - csn_str;
- else
- csn_str_len = 0;
-
- /* FIXME use csnValidate when it gets implemented */
- csn_ptr = strchr( csn_str, '#' );
- if ( !csn_ptr || csn_str >= &cookie->octet_str.bv_val[ cookie->octet_str.bv_len ] ) break;
-
- stamp.bv_val = csn_str;
- stamp.bv_len = csn_ptr - csn_str;
- validate = ad->ad_type->sat_syntax->ssyn_validate;
- if ( validate( ad->ad_type->sat_syntax, &stamp ) != LDAP_SUCCESS )
- break;
- valid = 1;
- break;
+ if ( !strncmp( next, "sid=", STRLENOF("sid=") )) {
+ rid_ptr = next;
+ cookie->sid = strtoul( &rid_ptr[ STRLENOF( "sid=" ) ], &next, 16 );
+ if ( next == rid_ptr || next > end || *next != ',' ) {
+ return -1;
+ }
+ if ( *next == ',' ) {
+ next++;
+ }
+ continue;
+ }
+ if ( !strncmp( next, "csn=", STRLENOF("csn=") )) {
+ slap_syntax_validate_func *validate;
+ struct berval stamp;
+
+ next += STRLENOF("csn=");
+ while ( next < end ) {
+ csn_str = next;
+ /* FIXME use csnValidate when it gets implemented */
+ csn_ptr = strchr( csn_str, '#' );
+ if ( !csn_ptr || csn_ptr > end )
+ break;
+ /* ad will be NULL when called from main. we just
+ * want to parse the rid then. But we still iterate
+ * through the string to find the end.
+ */
+ if ( ad ) {
+ stamp.bv_val = csn_str;
+ stamp.bv_len = csn_ptr - csn_str;
+ validate = ad->ad_type->sat_syntax->ssyn_validate;
+ if ( validate( ad->ad_type->sat_syntax, &stamp )
+ != LDAP_SUCCESS )
+ break;
+ }
+ cval = strchr( csn_ptr, ';' );
+ if ( !cval )
+ cval = strchr(csn_ptr, ',' );
+ if ( cval )
+ stamp.bv_len = cval - csn_str;
+ else
+ stamp.bv_len = end - csn_str;
+ if ( ad ) {
+ value_add_one( &cookie->ctxcsn, &stamp );
+ cookie->numcsns++;
+ }
+ if ( cval ) {
+ next = cval + 1;
+ if ( *cval != ';' )
+ break;
+ } else {
+ next = end;
+ break;
+ }
+ }
+ continue;
+ }
+ next++;
}
- if ( valid ) {
- ber_str2bv_x( csn_str, csn_str_len, 1, &cookie->ctxcsn, memctx );
- } else {
- BER_BVZERO( &cookie->ctxcsn );
+ if ( cookie->numcsns ) {
+ cookie->sids = slap_parse_csn_sids( cookie->ctxcsn, cookie->numcsns );
}
-
return 0;
}
@@ -189,7 +278,10 @@ slap_init_sync_cookie_ctxcsn(
ctxcsn.bv_val = octet_str.bv_val + 4;
ctxcsn.bv_len = octet_str.bv_len - 4;
- ber_dupbv( &cookie->ctxcsn, &ctxcsn );
+ cookie->ctxcsn = NULL;
+ value_add_one( &cookie->ctxcsn, &ctxcsn );
+ cookie->numcsns = 1;
+ cookie->sid = -1;
return 0;
}
@@ -201,14 +293,16 @@ slap_dup_sync_cookie(
)
{
struct sync_cookie *new;
+ int i;
if ( src == NULL )
return NULL;
if ( dst ) {
- ch_free( dst->ctxcsn.bv_val );
+ ber_bvarray_free( dst->ctxcsn );
+ dst->ctxcsn = NULL;
+ dst->sids = NULL;
ch_free( dst->octet_str.bv_val );
- BER_BVZERO( &dst->ctxcsn );
BER_BVZERO( &dst->octet_str );
new = dst;
} else {
@@ -217,9 +311,19 @@ slap_dup_sync_cookie(
}
new->rid = src->rid;
-
- if ( !BER_BVISNULL( &src->ctxcsn )) {
- ber_dupbv( &new->ctxcsn, &src->ctxcsn );
+ new->sid = src->sid;
+ new->numcsns = src->numcsns;
+
+ if ( src->numcsns ) {
+ if ( ber_bvarray_dup_x( &new->ctxcsn, src->ctxcsn, NULL )) {
+ if ( !dst ) {
+ ch_free( new );
+ }
+ return NULL;
+ }
+ new->sids = ch_malloc( src->numcsns * sizeof(int) );
+ for (i=0; i<src->numcsns; i++)
+ new->sids[i] = src->sids[i];
}
if ( !BER_BVISNULL( &src->octet_str )) {
diff --git a/servers/slapd/limits.c b/servers/slapd/limits.c
index 7eda28ec60e1f82da3a0e79ac39a8c0527e3b399..70ba3029a3fc0555a8f90a9be545f90833ae32cd 100644
--- a/servers/slapd/limits.c
+++ b/servers/slapd/limits.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/lock.c b/servers/slapd/lock.c
index d19cc646f02c48899d75626baef2b8536c1383db..f8ddb6a48e15581582147b5e867e36495dd8330f 100644
--- a/servers/slapd/lock.c
+++ b/servers/slapd/lock.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/main.c b/servers/slapd/main.c
index 877c04250311b9e4eca49a25040bb5ee9e360e23..b18b8e0e07fd1c11cfff66556160bab076c48ea5 100644
--- a/servers/slapd/main.c
+++ b/servers/slapd/main.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -697,6 +697,8 @@ unhandled_option:;
Debug( LDAP_DEBUG_ANY, "%s", Versionstr, 0, 0 );
+ global_host = ldap_pvt_get_fqdn( NULL );
+
if( check == CHECK_NONE && slapd_daemon_init( urls ) != 0 ) {
rc = 1;
SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 16 );
diff --git a/servers/slapd/matchedValues.c b/servers/slapd/matchedValues.c
index d4f91e3c489bda157c85ff55e924e664508f3196..5617e771126200876bbbd189c25c49dc781b30f4 100644
--- a/servers/slapd/matchedValues.c
+++ b/servers/slapd/matchedValues.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/modify.c b/servers/slapd/modify.c
index bab4bb0ffd7244aa4aa12f7971d7bb395c046142..0cd1d039ab85b9bafd28040c07d578db28de7483 100644
--- a/servers/slapd/modify.c
+++ b/servers/slapd/modify.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -44,9 +44,6 @@ do_modify(
char *last;
ber_tag_t tag;
ber_len_t len;
- Modifications *modlist = NULL;
- Modifications **modtail = &modlist;
- int increment = 0;
char textbuf[ SLAP_TEXT_BUFLEN ];
size_t textlen = sizeof( textbuf );
@@ -80,94 +77,12 @@ do_modify(
Debug( LDAP_DEBUG_ARGS, "do_modify: dn (%s)\n", dn.bv_val, 0, 0 );
- /* collect modifications & save for later */
- for ( tag = ber_first_element( op->o_ber, &len, &last );
- tag != LBER_DEFAULT;
- tag = ber_next_element( op->o_ber, &len, last ) )
- {
- ber_int_t mop;
- Modifications tmp, *mod;
-
- tmp.sml_nvalues = NULL;
-
- if ( ber_scanf( op->o_ber, "{e{m[W]}}", &mop,
- &tmp.sml_type, &tmp.sml_values ) == LBER_ERROR )
- {
- send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR,
- "decoding modlist error" );
- rs->sr_err = SLAPD_DISCONNECT;
- goto cleanup;
- }
-
- mod = (Modifications *) ch_malloc( sizeof(Modifications) );
- mod->sml_op = mop;
- mod->sml_flags = 0;
- mod->sml_type = tmp.sml_type;
- mod->sml_values = tmp.sml_values;
- mod->sml_nvalues = NULL;
- mod->sml_desc = NULL;
- mod->sml_next = NULL;
- *modtail = mod;
-
- switch( mop ) {
- case LDAP_MOD_ADD:
- if ( mod->sml_values == NULL ) {
- Debug( LDAP_DEBUG_ANY,
- "do_modify: modify/add operation (%ld) requires values\n",
- (long) mop, 0, 0 );
-
- send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR,
- "modify/add operation requires values" );
- goto cleanup;
- }
-
- /* fall through */
-
- case LDAP_MOD_DELETE:
- case LDAP_MOD_REPLACE:
- break;
-
- case LDAP_MOD_INCREMENT:
- if( op->o_protocol >= LDAP_VERSION3 ) {
- increment++;
- if ( mod->sml_values == NULL ) {
- Debug( LDAP_DEBUG_ANY, "do_modify: "
- "modify/increment operation (%ld) requires value\n",
- (long) mop, 0, 0 );
-
- send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR,
- "modify/increment operation requires value" );
- goto cleanup;
- }
-
- if ( !BER_BVISNULL( &mod->sml_values[ 1 ] ) ) {
- Debug( LDAP_DEBUG_ANY, "do_modify: modify/increment "
- "operation (%ld) requires single value\n",
- (long) mop, 0, 0 );
-
- send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR,
- "modify/increment operation requires single value" );
- goto cleanup;
- }
-
- break;
- }
- /* fall thru */
-
- default: {
- Debug( LDAP_DEBUG_ANY,
- "do_modify: unrecognized modify operation (%ld)\n",
- (long) mop, 0, 0 );
-
- send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR,
- "unrecognized modify operation" );
- goto cleanup;
- }
- }
-
- modtail = &mod->sml_next;
+ rs->sr_err = slap_parse_modlist( op, rs, op->o_ber, &op->oq_modify );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "do_modify: slap_parse_modlist failed err=%d msg=%s\n",
+ rs->sr_err, rs->sr_text, 0 );
+ goto cleanup;
}
- *modtail = NULL;
if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "do_modify: get_ctrls failed\n", 0, 0, 0 );
@@ -183,7 +98,7 @@ do_modify(
goto cleanup;
}
- rs->sr_err = slap_mods_check( modlist,
+ rs->sr_err = slap_mods_check( op, op->orm_modlist,
&rs->sr_text, textbuf, textlen, NULL );
if ( rs->sr_err != LDAP_SUCCESS ) {
@@ -191,10 +106,6 @@ do_modify(
goto cleanup;
}
- /* FIXME: needs review */
- op->orm_modlist = modlist;
- op->orm_increment = increment;
-
op->o_bd = frontendDB;
rs->sr_err = frontendDB->be_modify( op, rs );
@@ -539,6 +450,7 @@ slap_mods_no_repl_user_mod_check(
* Do basic attribute type checking and syntax validation.
*/
int slap_mods_check(
+ Operation *op,
Modifications *ml,
const char **text,
char *textbuf,
@@ -553,6 +465,12 @@ int slap_mods_check(
/* convert to attribute description */
if ( ml->sml_desc == NULL ) {
rc = slap_bv2ad( &ml->sml_type, &ml->sml_desc, text );
+ if( rc != LDAP_SUCCESS ) {
+ if ( get_no_schema_check( op )) {
+ rc = slap_bv2undef_ad( &ml->sml_type, &ml->sml_desc,
+ text, 0 );
+ }
+ }
if( rc != LDAP_SUCCESS ) {
snprintf( textbuf, textlen, "%s: %s",
ml->sml_type.bv_val, *text );
@@ -729,6 +647,8 @@ int slap_mods_check(
/* check for duplicates, but ignore Deletes.
*/
if( nvals > 1 && ml->sml_op != LDAP_MOD_DELETE ) {
+#define SLAP_MODS_CHECK_QUICKSORT
+#ifndef SLAP_MODS_CHECK_QUICKSORT
int i, j, rc, match;
MatchingRule *mr = ad->ad_type->sat_equality;
@@ -760,8 +680,164 @@ int slap_mods_check(
}
}
}
+#else /* SLAP_MODS_CHECK_QUICKSORT */
+
+/* Quicksort + Insertion sort for small arrays */
+
+#define SMALL 8
+#define SWAP(a,b,tmp) tmp=(a);(a)=(b);(b)=tmp
+#define COMP(a,b) match=0; rc = ordered_value_match( &match, \
+ ml->sml_desc, mr, SLAP_MR_EQUALITY \
+ | SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX \
+ | SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH \
+ | SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH, \
+ &(a), &(b), text );
+
+ MatchingRule *mr = ad->ad_type->sat_equality;
+ int istack[sizeof(int)*16];
+ int i,j,k,l,ir,jstack, rc, match, *ix, itmp;
+ struct berval a, *cv;
+
+/* If PRESERVE_ORDER is defined only the index array is sorted; the
+ * actual values are left in their incoming order. Otherwise, the
+ * only reason to keep the index array is to identify the offending
+ * value when duplicates are found.
+ */
+#define PRESERVE_ORDER
+#ifndef PRESERVE_ORDER
+ struct berval va, *v, *nv, bvtmp;
+
+#define IX(x) x
+#define EXCH(x,y) SWAP(ix[x],ix[y],itmp); SWAP(cv[x],cv[y],bvtmp); \
+ if (nv) {SWAP(v[x],v[y],bvtmp);}
+#define SETA(x) itmp = ix[x]; a = cv[x]; if (nv) va=v[x]
+#define GETA(x) ix[x] = itmp; cv[x] = a; if (nv) v[x]=va
+#define SET(x,y) ix[x] = ix[y]; cv[x] = cv[y]; if (nv) v[x]=v[y]
+
+ v = ml->sml_values;
+ nv = ml->sml_nvalues;
+
+#else /* PRESERVE_ORDER */
+
+#define IX(x) ix[x]
+#define EXCH(x,y) SWAP(ix[x],ix[y],itmp)
+#define SETA(x) itmp = ix[x]; a = cv[itmp]
+#define GETA(x) ix[x] = itmp;
+#define SET(x,y) ix[x] = ix[y]
+
+#endif /* PRESERVE_ORDER */
+
+ cv = ml->sml_nvalues ? ml->sml_nvalues : ml->sml_values;
+ if ( ad == slap_schema.si_ad_objectClass )
+ mr = NULL; /* shortcut matching */
+
+ /* record indices to preserve input ordering */
+ ix = slap_sl_malloc( nvals * sizeof(int), ctx );
+ for (i=0; i<nvals; i++) ix[i] = i;
+
+ ir = nvals-1;
+ l = 0;
+ jstack = 0;
+
+ for(;;) {
+ if (ir - l < SMALL) { /* Insertion sort */
+ match=1;
+ for (j=l+1;j<=ir;j++) {
+ SETA(j);
+ for (i=j-1;i>=0;i--) {
+ COMP(cv[IX(i)], a);
+ if ( match <= 0 )
+ break;
+ SET(i+1,i);
+ }
+ GETA(i+1);
+ if ( match == 0 ) goto done;
+ }
+ if ( jstack == 0 ) break;
+ if ( match == 0 ) break;
+ ir = istack[jstack--];
+ l = istack[jstack--];
+ } else {
+ k = (l + ir) >> 1; /* Choose median of left, center, right */
+ EXCH(k, l+1);
+ COMP( cv[IX(l)], cv[IX(ir)] );
+ if ( match > 0 ) {
+ EXCH(l, ir);
+ } else if ( match == 0 ) {
+ i = ir;
+ break;
+ }
+ COMP( cv[IX(l+1)], cv[IX(ir)] );
+ if ( match > 0 ) {
+ EXCH(l+1, ir);
+ } else if ( match == 0 ) {
+ i = ir;
+ break;
+ }
+ COMP( cv[IX(l)], cv[IX(l+1)] );
+ if ( match > 0 ) {
+ EXCH(l, l+1);
+ } else if ( match == 0 ) {
+ i = l;
+ break;
+ }
+ i = l+1;
+ j = ir;
+ a = cv[IX(i)];
+ for(;;) {
+ do {
+ i++;
+ COMP( cv[IX(i)], a );
+ } while( match < 0 );
+ while( match > 0 ) {
+ j--;
+ COMP( cv[IX(j)], a );
+ }
+ if (j < i) {
+ match = 1;
+ break;
+ }
+ if ( match == 0 ) {
+ i = l+1;
+ break;
+ }
+ EXCH(i,j);
+ }
+ if ( match == 0 )
+ break;
+ EXCH(l+1,j);
+ jstack += 2;
+ if (ir-i+1 >= j) {
+ istack[jstack] = ir;
+ istack[jstack-1] = i;
+ ir = j;
+ } else {
+ istack[jstack] = j;
+ istack[jstack-1] = l;
+ l = i;
+ }
+ }
+ }
+done:
+ if ( i >= 0 )
+ j = ix[i];
+
+ slap_sl_free( ix, ctx );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ } else if ( match == 0 ) {
+ /* value exists already */
+ assert( i >= 0 );
+ assert( i < nvals );
+ snprintf( textbuf, textlen,
+ "%s: value #%d provided more than once",
+ ml->sml_desc->ad_cname.bv_val, j );
+ *text = textbuf;
+ return LDAP_TYPE_OR_VALUE_EXISTS;
+ }
+#endif /* SLAP_MODS_CHECK_QUICKSORT */
}
-
}
}
@@ -805,42 +881,54 @@ void slap_mods_opattrs(
Modifications *mod, **modtail, *modlast;
int gotcsn = 0, gotmname = 0, gotmtime = 0;
- if ( SLAP_LASTMOD( op->o_bd ) ) {
+ if ( SLAP_LASTMOD( op->o_bd ) && !op->orm_no_opattrs ) {
char *ptr;
timestamp.bv_val = timebuf;
for ( modtail = modsp; *modtail; modtail = &(*modtail)->sml_next ) {
if ( (*modtail)->sml_op != LDAP_MOD_ADD &&
- (*modtail)->sml_op != LDAP_MOD_REPLACE ) continue;
- if ( (*modtail)->sml_desc == slap_schema.si_ad_entryCSN ) {
+ (*modtail)->sml_op != LDAP_MOD_REPLACE )
+ {
+ continue;
+ }
+
+ if ( (*modtail)->sml_desc == slap_schema.si_ad_entryCSN )
+ {
csn = (*modtail)->sml_values[0];
gotcsn = 1;
- } else
- if ( (*modtail)->sml_desc == slap_schema.si_ad_modifiersName ) {
+
+ } else if ( (*modtail)->sml_desc == slap_schema.si_ad_modifiersName )
+ {
gotmname = 1;
- } else
- if ( (*modtail)->sml_desc == slap_schema.si_ad_modifyTimestamp ) {
+
+ } else if ( (*modtail)->sml_desc == slap_schema.si_ad_modifyTimestamp )
+ {
gotmtime = 1;
}
}
+
if ( BER_BVISEMPTY( &op->o_csn )) {
if ( !gotcsn ) {
csn.bv_val = csnbuf;
csn.bv_len = sizeof( csnbuf );
slap_get_csn( op, &csn, manage_ctxcsn );
+
} else {
- if ( manage_ctxcsn )
+ if ( manage_ctxcsn ) {
slap_queue_csn( op, &csn );
+ }
}
+
} else {
csn = op->o_csn;
}
+
ptr = ber_bvchr( &csn, '#' );
if ( ptr ) {
- timestamp.bv_len = ptr - csn.bv_val;
- if ( timestamp.bv_len >= sizeof( timebuf )) /* ?!? */
- timestamp.bv_len = sizeof( timebuf ) - 1;
+ timestamp.bv_len = STRLENOF("YYYYMMDDHHMMSSZ");
AC_MEMCPY( timebuf, csn.bv_val, timestamp.bv_len );
+ timebuf[timestamp.bv_len-1] = 'Z';
timebuf[timestamp.bv_len] = '\0';
+
} else {
time_t now = slap_get_time();
@@ -852,6 +940,7 @@ void slap_mods_opattrs(
if ( BER_BVISEMPTY( &op->o_dn ) ) {
BER_BVSTR( &name, SLAPD_ANONYMOUS );
nname = name;
+
} else {
name = op->o_dn;
nname = op->o_ndn;
@@ -912,3 +1001,117 @@ void slap_mods_opattrs(
}
}
+int
+slap_parse_modlist(
+ Operation *op,
+ SlapReply *rs,
+ BerElement *ber,
+ req_modify_s *ms )
+{
+ ber_tag_t tag;
+ ber_len_t len;
+ char *last;
+ Modifications **modtail = &ms->rs_modlist;
+
+ ms->rs_modlist = NULL;
+ ms->rs_increment = 0;
+
+ rs->sr_err = LDAP_SUCCESS;
+
+ /* collect modifications & save for later */
+ for ( tag = ber_first_element( ber, &len, &last );
+ tag != LBER_DEFAULT;
+ tag = ber_next_element( ber, &len, last ) )
+ {
+ ber_int_t mop;
+ Modifications tmp, *mod;
+
+ tmp.sml_nvalues = NULL;
+
+ if ( ber_scanf( ber, "{e{m[W]}}", &mop,
+ &tmp.sml_type, &tmp.sml_values ) == LBER_ERROR )
+ {
+ rs->sr_text = "decoding modlist error";
+ rs->sr_err = LDAP_PROTOCOL_ERROR;
+ goto done;
+ }
+
+ mod = (Modifications *) ch_malloc( sizeof(Modifications) );
+ mod->sml_op = mop;
+ mod->sml_flags = 0;
+ mod->sml_type = tmp.sml_type;
+ mod->sml_values = tmp.sml_values;
+ mod->sml_nvalues = NULL;
+ mod->sml_desc = NULL;
+ mod->sml_next = NULL;
+ *modtail = mod;
+
+ switch( mop ) {
+ case LDAP_MOD_ADD:
+ if ( mod->sml_values == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "slap_parse_modlist: "
+ "modify/add operation (%ld) requires values\n",
+ (long) mop, 0, 0 );
+
+ rs->sr_text = "modify/add operation requires values";
+ rs->sr_err = LDAP_PROTOCOL_ERROR;
+ goto done;
+ }
+
+ /* fall through */
+
+ case LDAP_MOD_DELETE:
+ case LDAP_MOD_REPLACE:
+ break;
+
+ case LDAP_MOD_INCREMENT:
+ if( op->o_protocol >= LDAP_VERSION3 ) {
+ ms->rs_increment++;
+ if ( mod->sml_values == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "slap_parse_modlist: "
+ "modify/increment operation (%ld) requires value\n",
+ (long) mop, 0, 0 );
+
+ rs->sr_text = "modify/increment operation requires value";
+ rs->sr_err = LDAP_PROTOCOL_ERROR;
+ goto done;
+ }
+
+ if ( !BER_BVISNULL( &mod->sml_values[ 1 ] ) ) {
+ Debug( LDAP_DEBUG_ANY, "slap_parse_modlist: modify/increment "
+ "operation (%ld) requires single value\n",
+ (long) mop, 0, 0 );
+
+ rs->sr_text = "modify/increment operation requires single value";
+ rs->sr_err = LDAP_PROTOCOL_ERROR;
+ goto done;
+ }
+
+ break;
+ }
+ /* fall thru */
+
+ default:
+ Debug( LDAP_DEBUG_ANY, "slap_parse_modlist: "
+ "unrecognized modify operation (%ld)\n",
+ (long) mop, 0, 0 );
+
+ rs->sr_text = "unrecognized modify operation";
+ rs->sr_err = LDAP_PROTOCOL_ERROR;
+ goto done;
+ }
+
+ modtail = &mod->sml_next;
+ }
+ *modtail = NULL;
+
+done:
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ slap_mods_free( ms->rs_modlist, 1 );
+ ms->rs_modlist = NULL;
+ ms->rs_increment = 0;
+ }
+
+ return rs->sr_err;
+}
+
diff --git a/servers/slapd/modrdn.c b/servers/slapd/modrdn.c
index 258519349e9e00f95ae07c5fa867b4eb86f1dce0..0e511a761e6d2a8a2d06520c78932e874b6a4e1f 100644
--- a/servers/slapd/modrdn.c
+++ b/servers/slapd/modrdn.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -417,6 +417,7 @@ slap_modrdn2mods(
goto done;
}
}
+ rs->sr_text = NULL;
/* Add new attribute values to the entry */
for ( a_cnt = 0; new_rdn[a_cnt]; a_cnt++ ) {
diff --git a/servers/slapd/mods.c b/servers/slapd/mods.c
index f1dbdffcb804468ef7db1ad83b7d3e8358aeeae0..31b79274c8a0fddf04ac21bcd35bf2c58516b6f8 100644
--- a/servers/slapd/mods.c
+++ b/servers/slapd/mods.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/module.c b/servers/slapd/module.c
index b9e3ff5a6ce32592c1ad8d1ff6ca60f46eea4d07..ebeb50b6e748d8f1e741f103260589a1f741ba17 100644
--- a/servers/slapd/module.c
+++ b/servers/slapd/module.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -44,11 +44,12 @@ struct module_regtable_t {
typedef struct module_loaded_t {
struct module_loaded_t *next;
lt_dlhandle lib;
+ char name[1];
} module_loaded_t;
module_loaded_t *module_list = NULL;
-static int module_unload (module_loaded_t *module);
+static int module_int_unload (module_loaded_t *module);
#ifdef HAVE_EBCDIC
static char ebuf[BUFSIZ];
@@ -74,7 +75,7 @@ int module_kill (void)
{
/* unload all modules before shutdown */
while (module_list != NULL) {
- module_unload(module_list);
+ module_int_unload(module_list);
}
if (lt_dlexit()) {
@@ -91,6 +92,30 @@ int module_kill (void)
return 0;
}
+void * module_handle( const char *file_name )
+{
+ module_loaded_t *module;
+
+ for ( module = module_list; module; module= module->next ) {
+ if ( !strcmp( module->name, file_name )) {
+ return module;
+ }
+ }
+ return NULL;
+}
+
+int module_unload( const char *file_name )
+{
+ module_loaded_t *module;
+
+ module = module_handle( file_name );
+ if ( module ) {
+ module_int_unload( module );
+ return 0;
+ }
+ return -1; /* not found */
+}
+
int module_load(const char* file_name, int argc, char *argv[])
{
module_loaded_t *module = NULL;
@@ -103,13 +128,15 @@ int module_load(const char* file_name, int argc, char *argv[])
#define file file_name
#endif
- module = (module_loaded_t *)ch_calloc(1, sizeof(module_loaded_t));
+ module = (module_loaded_t *)ch_calloc(1, sizeof(module_loaded_t) +
+ strlen(file_name));
if (module == NULL) {
Debug(LDAP_DEBUG_ANY, "module_load failed: (%s) out of memory\n", file_name,
0, 0);
return -1;
}
+ strcpy( module->name, file_name );
#ifdef HAVE_EBCDIC
strcpy( file, file_name );
@@ -183,7 +210,7 @@ int module_load(const char* file_name, int argc, char *argv[])
Debug(LDAP_DEBUG_CONFIG, "module %s: unknown registration type (%d)\n",
file_name, rc, 0);
- module_unload(module);
+ module_int_unload(module);
return -1;
}
@@ -192,7 +219,7 @@ int module_load(const char* file_name, int argc, char *argv[])
Debug(LDAP_DEBUG_CONFIG, "module %s: %s module could not be registered\n",
file_name, module_regtable[rc].type, 0);
- module_unload(module);
+ module_int_unload(module);
return rc;
}
@@ -227,7 +254,7 @@ void *module_resolve (const void *module, const char *name)
return(lt_dlsym(((module_loaded_t *)module)->lib, name));
}
-static int module_unload (module_loaded_t *module)
+static int module_int_unload (module_loaded_t *module)
{
module_loaded_t *mod;
MODULE_TERM_FN terminate;
diff --git a/servers/slapd/mr.c b/servers/slapd/mr.c
index 4ca235e7e518df32e7d2c04bd84f01f37eba7c2f..85d60bf62c47f6498ad17455c799ef8752cecd89 100644
--- a/servers/slapd/mr.c
+++ b/servers/slapd/mr.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/mra.c b/servers/slapd/mra.c
index 54dde3964ee2b4e8bc5527705727094148ac450c..e29faf8ddfa1815cf7c61d9c00cdfac9edcd45f9 100644
--- a/servers/slapd/mra.c
+++ b/servers/slapd/mra.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -41,6 +41,8 @@ mra_free(
#endif
/* op->o_tmpfree( mra->ma_value.bv_val, op->o_tmpmemctx ); */
ch_free( mra->ma_value.bv_val );
+ if ( mra->ma_desc && mra->ma_desc->ad_flags & SLAP_DESC_TEMPORARY )
+ op->o_tmpfree( mra->ma_desc, op->o_tmpmemctx );
if ( freeit ) op->o_tmpfree( (char *) mra, op->o_tmpmemctx );
}
@@ -48,7 +50,7 @@ int
get_mra(
Operation *op,
BerElement *ber,
- MatchingRuleAssertion **mra,
+ Filter *f,
const char **text )
{
int rc;
@@ -141,11 +143,13 @@ get_mra(
if( type.bv_val != NULL ) {
rc = slap_bv2ad( &type, &ma.ma_desc, text );
if( rc != LDAP_SUCCESS ) {
+ f->f_choice |= SLAPD_FILTER_UNDEFINED;
rc = slap_bv2undef_ad( &type, &ma.ma_desc, text,
SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
if( rc != LDAP_SUCCESS ) {
- return rc;
+ ma.ma_desc = slap_bv2tmp_ad( &type, op->o_tmpmemctx );
+ rc = LDAP_SUCCESS;
}
}
}
@@ -214,12 +218,12 @@ get_mra(
length = sizeof(ma);
/* Append rule_text to end of struct */
if (rule_text.bv_val) length += rule_text.bv_len + 1;
- *mra = op->o_tmpalloc( length, op->o_tmpmemctx );
- **mra = ma;
+ f->f_mra = op->o_tmpalloc( length, op->o_tmpmemctx );
+ *f->f_mra = ma;
if (rule_text.bv_val) {
- (*mra)->ma_rule_text.bv_len = rule_text.bv_len;
- (*mra)->ma_rule_text.bv_val = (char *)(*mra+1);
- AC_MEMCPY((*mra)->ma_rule_text.bv_val, rule_text.bv_val,
+ f->f_mra->ma_rule_text.bv_len = rule_text.bv_len;
+ f->f_mra->ma_rule_text.bv_val = (char *)(f->f_mra+1);
+ AC_MEMCPY(f->f_mra->ma_rule_text.bv_val, rule_text.bv_val,
rule_text.bv_len+1);
}
diff --git a/servers/slapd/nt_svc.c b/servers/slapd/nt_svc.c
index 67893d23a94503d08c84fde8748190ce6658153e..82be0a9281fde2b1a04dbaa13baa80bc0b461ad7 100644
--- a/servers/slapd/nt_svc.c
+++ b/servers/slapd/nt_svc.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/oc.c b/servers/slapd/oc.c
index a483922aa31b07010dd65ec5e30c1e30f7f7089c..ef52fc869585909492cb384eda46dde365cf6814 100644
--- a/servers/slapd/oc.c
+++ b/servers/slapd/oc.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -135,6 +135,8 @@ static Avlnode *oc_cache = NULL;
static LDAP_STAILQ_HEAD(OCList, slap_object_class) oc_list
= LDAP_STAILQ_HEAD_INITIALIZER(oc_list);
+ObjectClass *oc_sys_tail;
+
static int
oc_index_cmp(
const void *v_oir1,
@@ -420,10 +422,22 @@ oc_delete( ObjectClass *oc )
static void
oc_clean( ObjectClass *o )
{
- if (o->soc_sups) ldap_memfree(o->soc_sups);
- if (o->soc_required) ldap_memfree(o->soc_required);
- if (o->soc_allowed) ldap_memfree(o->soc_allowed);
- if (o->soc_oidmacro) ldap_memfree(o->soc_oidmacro);
+ if (o->soc_sups) {
+ ldap_memfree(o->soc_sups);
+ o->soc_sups = NULL;
+ }
+ if (o->soc_required) {
+ ldap_memfree(o->soc_required);
+ o->soc_required = NULL;
+ }
+ if (o->soc_allowed) {
+ ldap_memfree(o->soc_allowed);
+ o->soc_allowed = NULL;
+ }
+ if (o->soc_oidmacro) {
+ ldap_memfree(o->soc_oidmacro);
+ o->soc_oidmacro = NULL;
+ }
}
static void
@@ -474,7 +488,7 @@ oc_next( ObjectClass **oc )
{
assert( oc != NULL );
-#if 1 /* pedantic check */
+#if 0 /* pedantic check: breaks when deleting an oc, don't use it. */
{
ObjectClass *tmp = NULL;
@@ -669,7 +683,15 @@ oc_insert(
names++;
}
}
- LDAP_STAILQ_INSERT_TAIL( &oc_list, soc, soc_next );
+ if ( soc->soc_flags & SLAP_OC_HARDCODE ) {
+ prev = oc_sys_tail;
+ oc_sys_tail = soc;
+ }
+ if ( prev ) {
+ LDAP_STAILQ_INSERT_AFTER( &oc_list, prev, soc, soc_next );
+ } else {
+ LDAP_STAILQ_INSERT_TAIL( &oc_list, soc, soc_next );
+ }
return 0;
}
@@ -796,7 +818,7 @@ oc_unparse( BerVarray *res, ObjectClass *start, ObjectClass *end, int sys )
/* count the result size */
i = 0;
for ( oc=start; oc; oc=LDAP_STAILQ_NEXT(oc, soc_next)) {
- if ( sys && !(oc->soc_flags & SLAP_OC_HARDCODE)) continue;
+ if ( sys && !(oc->soc_flags & SLAP_OC_HARDCODE)) break;
i++;
if ( oc == end ) break;
}
@@ -813,7 +835,7 @@ oc_unparse( BerVarray *res, ObjectClass *start, ObjectClass *end, int sys )
i = 0;
for ( oc=start; oc; oc=LDAP_STAILQ_NEXT(oc, soc_next)) {
LDAPObjectClass loc, *locp;
- if ( sys && !(oc->soc_flags & SLAP_OC_HARDCODE)) continue;
+ if ( sys && !(oc->soc_flags & SLAP_OC_HARDCODE)) break;
if ( oc->soc_oidmacro ) {
loc = oc->soc_oclass;
loc.oc_oid = oc->soc_oidmacro;
diff --git a/servers/slapd/oidm.c b/servers/slapd/oidm.c
index 24ed7d1b217d0acf3ec978afd3eaf2e82b100497..646574a378a7f603aa3a70048569ca1af427099a 100644
--- a/servers/slapd/oidm.c
+++ b/servers/slapd/oidm.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -24,10 +24,13 @@
#include "slap.h"
#include "lutil.h"
+#include "config.h"
static LDAP_STAILQ_HEAD(OidMacroList, slap_oid_macro) om_list
= LDAP_STAILQ_HEAD_INITIALIZER(om_list);
+OidMacro *om_sys_tail;
+
/* Replace an OID Macro invocation with its full numeric OID.
* If the macro is used with "macroname:suffix" append ".suffix"
* to the expansion.
@@ -92,64 +95,75 @@ oidm_destroy()
int
parse_oidm(
- const char *fname,
- int lineno,
- int argc,
- char **argv,
+ struct config_args_s *c,
int user,
OidMacro **rom)
{
- char *oid;
- OidMacro *om = NULL;
+ char *oid, *oidv;
+ OidMacro *om = NULL, *prev = NULL;
struct berval bv;
- if (argc != 3) {
- fprintf( stderr, "%s: line %d: too many arguments\n",
- fname, lineno );
-usage: fprintf( stderr, "\tObjectIdentifier <name> <oid>\n");
- if (om) SLAP_FREE( om );
+ oidv = oidm_find( c->argv[2] );
+ if( !oidv ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "%s: OID %s not recognized",
+ c->argv[0], c->argv[2] );
+ Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+ "%s %s\n", c->log, c->msg, 0 );
return 1;
}
- oid = oidm_find( argv[1] );
+ oid = oidm_find( c->argv[1] );
if( oid != NULL ) {
- fprintf( stderr,
- "%s: line %d: "
- "ObjectIdentifier \"%s\" previously defined \"%s\"",
- fname, lineno, argv[1], oid );
+ int rc;
+ snprintf( c->msg, sizeof( c->msg ),
+ "%s: \"%s\" previously defined \"%s\"",
+ c->argv[0], c->argv[1], oid );
+ Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+ "%s %s\n", c->log, c->msg, 0 );
+ /* Allow duplicate if the definition is identical */
+ rc = strcmp( oid, oidv ) != 0;
SLAP_FREE( oid );
- return 1;
+ if ( oidv != c->argv[2] )
+ SLAP_FREE( oidv );
+ return rc;
}
om = (OidMacro *) SLAP_CALLOC( sizeof(OidMacro), 1 );
if( om == NULL ) {
- Debug( LDAP_DEBUG_ANY, "parse_oidm: SLAP_CALLOC failed", 0, 0, 0 );
+ snprintf( c->msg, sizeof( c->msg ),
+ "%s: SLAP_CALLOC failed", c->argv[0] );
+ Debug( LDAP_DEBUG_ANY,
+ "%s %s\n", c->log, c->msg, 0 );
+ if ( oidv != c->argv[2] )
+ SLAP_FREE( oidv );
return 1;
}
om->som_names = NULL;
om->som_subs = NULL;
- ber_str2bv( argv[1], 0, 1, &bv );
+ ber_str2bv( c->argv[1], 0, 1, &bv );
ber_bvarray_add( &om->som_names, &bv );
- ber_str2bv( argv[2], 0, 1, &bv );
+ ber_str2bv( c->argv[2], 0, 1, &bv );
ber_bvarray_add( &om->som_subs, &bv );
- om->som_oid.bv_val = oidm_find( argv[2] );
-
- if (!om->som_oid.bv_val) {
- fprintf( stderr, "%s: line %d: OID %s not recognized\n",
- fname, lineno, argv[2] );
- goto usage;
- }
+ om->som_oid.bv_val = oidv;
- if (om->som_oid.bv_val == argv[2]) {
- om->som_oid.bv_val = ch_strdup( argv[2] );
+ if (om->som_oid.bv_val == c->argv[2]) {
+ om->som_oid.bv_val = ch_strdup( c->argv[2] );
}
om->som_oid.bv_len = strlen( om->som_oid.bv_val );
- if ( !user )
+ if ( !user ) {
om->som_flags |= SLAP_OM_HARDCODE;
+ prev = om_sys_tail;
+ om_sys_tail = om;
+ }
- LDAP_STAILQ_INSERT_TAIL( &om_list, om, som_next );
+ if ( prev ) {
+ LDAP_STAILQ_INSERT_AFTER( &om_list, prev, om, som_next );
+ } else {
+ LDAP_STAILQ_INSERT_TAIL( &om_list, om, som_next );
+ }
if ( rom ) *rom = om;
return 0;
}
@@ -167,7 +181,7 @@ void oidm_unparse( BerVarray *res, OidMacro *start, OidMacro *end, int sys )
/* count the result size */
i = 0;
for ( om=start; om; om=LDAP_STAILQ_NEXT(om, som_next)) {
- if ( sys && !(om->som_flags & SLAP_OM_HARDCODE)) continue;
+ if ( sys && !(om->som_flags & SLAP_OM_HARDCODE)) break;
for ( j=0; !BER_BVISNULL(&om->som_names[j]); j++ );
i += j;
if ( om == end ) break;
@@ -183,7 +197,7 @@ void oidm_unparse( BerVarray *res, OidMacro *start, OidMacro *end, int sys )
ibuf[0] = '\0';
}
for ( i=0,om=start; om; om=LDAP_STAILQ_NEXT(om, som_next)) {
- if ( sys && !(om->som_flags & SLAP_OM_HARDCODE)) continue;
+ if ( sys && !(om->som_flags & SLAP_OM_HARDCODE)) break;
for ( j=0; !BER_BVISNULL(&om->som_names[j]); i++,j++ ) {
if ( !sys ) {
idx.bv_len = sprintf(idx.bv_val, "{%d}", i );
diff --git a/servers/slapd/operation.c b/servers/slapd/operation.c
index 2ffddce841d9d30a793f14b3c84195468ef7e160..601ab81259ef01970ae0ec6b8060e361a8a74fc9 100644
--- a/servers/slapd/operation.c
+++ b/servers/slapd/operation.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -60,6 +60,17 @@ void slap_op_destroy(void)
ldap_pvt_thread_mutex_destroy( &slap_op_mutex );
}
+void
+slap_op_groups_free( Operation *op )
+{
+ GroupAssertion *g, *n;
+ for ( g = op->o_groups; g; g = n ) {
+ n = g->ga_next;
+ slap_sl_free( g, op->o_tmpmemctx );
+ }
+ op->o_groups = NULL;
+}
+
void
slap_op_free( Operation *op )
{
@@ -87,13 +98,8 @@ slap_op_free( Operation *op )
}
#endif
- {
- GroupAssertion *g, *n;
- for ( g = op->o_groups; g; g = n ) {
- n = g->ga_next;
- slap_sl_free( g, op->o_tmpmemctx );
- }
- op->o_groups = NULL;
+ if ( op->o_groups ) {
+ slap_op_groups_free( op );
}
#if defined( LDAP_SLAPI )
diff --git a/servers/slapd/operational.c b/servers/slapd/operational.c
index 2d8510614f9c6d2ea07552b23e5e72319bbecd49..fd12d0aff6e38f89c691edfe763b8b015e05aedb 100644
--- a/servers/slapd/operational.c
+++ b/servers/slapd/operational.c
@@ -1,7 +1,7 @@
/* operational.c - routines to deal with on-the-fly operational attrs */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/overlays/Makefile.in b/servers/slapd/overlays/Makefile.in
index 7d0cca84b567fe613618115d067ee2ea55bf786f..a6d04ee1d983ed3b2a07c72dfedb8e95f2559b92 100644
--- a/servers/slapd/overlays/Makefile.in
+++ b/servers/slapd/overlays/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 2003-2006 The OpenLDAP Foundation.
+## Copyright 2003-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
@@ -18,10 +18,8 @@ SRCS = overlays.c \
auditlog.c \
constraint.c \
dds.c \
- denyop.c \
dyngroup.c \
dynlist.c \
- lastmod.c \
pcache.c \
ppolicy.c \
refint.c \
@@ -72,18 +70,12 @@ constraint.la : constraint.lo
dds.la : dds.lo
$(LTLINK_MOD) -module -o $@ dds.lo version.lo $(LINK_LIBS)
-denyop.la : denyop.lo
- $(LTLINK_MOD) -module -o $@ denyop.lo version.lo $(LINK_LIBS)
-
dyngroup.la : dyngroup.lo
$(LTLINK_MOD) -module -o $@ dyngroup.lo version.lo $(LINK_LIBS)
dynlist.la : dynlist.lo
$(LTLINK_MOD) -module -o $@ dynlist.lo version.lo $(LINK_LIBS)
-lastmod.la : lastmod.lo
- $(LTLINK_MOD) -module -o $@ lastmod.lo version.lo $(LINK_LIBS)
-
pcache.la : pcache.lo
$(LTLINK_MOD) -module -o $@ pcache.lo version.lo $(LINK_LIBS)
diff --git a/servers/slapd/overlays/accesslog.c b/servers/slapd/overlays/accesslog.c
index 2e0fe09f88e162694c76bc0506acc0f56192b806..b23c421f1e9fd2630f69357140de7b0409f02fce 100644
--- a/servers/slapd/overlays/accesslog.c
+++ b/servers/slapd/overlays/accesslog.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2005-2006 The OpenLDAP Foundation.
+ * Copyright 2005-2007 The OpenLDAP Foundation.
* Portions copyright 2004-2005 Symas Corporation.
* All rights reserved.
*
@@ -58,6 +58,7 @@ typedef struct log_attr {
typedef struct log_info {
BackendDB *li_db;
+ struct berval li_db_suffix;
slap_mask_t li_ops;
int li_age;
int li_cycle;
@@ -107,6 +108,7 @@ static ConfigTable log_cfats[] = {
{ "logoldattr", "attrs", 2, 0, 0, ARG_MAGIC|LOG_OLDATTR,
log_cf_gen, "( OLcfgOvAt:4.6 NAME 'olcAccessLogOldAttr' "
"DESC 'Log old values of these attributes even if unmodified' "
+ "EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString )", NULL, NULL },
{ NULL }
};
@@ -174,7 +176,7 @@ static AttributeDescription *ad_reqDN, *ad_reqStart, *ad_reqEnd, *ad_reqType,
*ad_reqScope, *ad_reqFilter, *ad_reqAttr, *ad_reqEntries,
*ad_reqSizeLimit, *ad_reqTimeLimit, *ad_reqAttrsOnly, *ad_reqData,
*ad_reqId, *ad_reqMessage, *ad_reqVersion, *ad_reqDerefAliases,
- *ad_reqReferral, *ad_reqOld;
+ *ad_reqReferral, *ad_reqOld, *ad_auditContext;
static struct {
char *at;
@@ -328,6 +330,26 @@ static struct {
"SUBSTR octetStringSubstringsMatch "
"SYNTAX OMsOctetString "
"SINGLE-VALUE )", &ad_reqData },
+
+ /*
+ * from <draft-chu-ldap-logschema-01.txt>:
+ *
+
+ ( LOG_SCHEMA_AT .30 NAME 'auditContext'
+ DESC 'DN of auditContainer'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+ SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
+
+ * - removed EQUALITY matchingRule
+ * - changed directoryOperation in dSAOperation
+ */
+ { "( " LOG_SCHEMA_AT ".30 NAME 'auditContext' "
+ "DESC 'DN of auditContainer' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 "
+ "SINGLE-VALUE "
+ "NO-USER-MODIFICATION "
+ "USAGE dSAOperation )", &ad_auditContext },
{ NULL, NULL }
};
@@ -380,7 +402,7 @@ static struct {
"DESC 'ModRDN operation' "
"SUP auditWriteObject STRUCTURAL "
"MUST ( reqNewRDN $ reqDeleteOldRDN ) "
- "MAY ( reqNewSuperior $ reqOld ) )", &log_ocs[LOG_EN_MODRDN] },
+ "MAY ( reqNewSuperior $ reqMod $ reqOld ) )", &log_ocs[LOG_EN_MODRDN] },
{ "( " LOG_SCHEMA_OC ".11 NAME 'auditSearch' "
"DESC 'Search operation' "
"SUP auditReadObject STRUCTURAL "
@@ -495,6 +517,7 @@ typedef struct purge_data {
int used;
BerVarray dn;
BerVarray ndn;
+ struct berval csn; /* an arbitrary old CSN */
} purge_data;
static int
@@ -506,6 +529,18 @@ log_old_lookup( Operation *op, SlapReply *rs )
if ( slapd_shutdown ) return 0;
+ /* Remember old CSN */
+ if ( pd->csn.bv_val[0] == '\0' ) {
+ Attribute *a = attr_find( rs->sr_entry->e_attrs,
+ slap_schema.si_ad_entryCSN );
+ if ( a ) {
+ int len = a->a_vals[0].bv_len;
+ if ( len > pd->csn.bv_len )
+ len = pd->csn.bv_len;
+ AC_MEMCPY( pd->csn.bv_val, a->a_vals[0].bv_val, len );
+ pd->csn.bv_len = len;
+ }
+ }
if ( pd->used >= pd->slots ) {
pd->slots += PURGE_INCREMENT;
pd->dn = ch_realloc( pd->dn, pd->slots * sizeof( struct berval ));
@@ -533,6 +568,7 @@ accesslog_purge( void *ctx, void *arg )
AttributeAssertion ava = {0};
purge_data pd = {0};
char timebuf[LDAP_LUTIL_GENTIME_BUFSIZE];
+ char csnbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
time_t old = slap_get_time();
connection_fake_init( &conn, op, ctx );
@@ -564,6 +600,9 @@ accesslog_purge( void *ctx, void *arg )
op->ors_attrs = slap_anlist_no_attrs;
op->ors_attrsonly = 1;
+ pd.csn.bv_len = sizeof( csnbuf );
+ pd.csn.bv_val = csnbuf;
+ csnbuf[0] = '\0';
cb.sc_private = &pd;
op->o_bd->be_search( op, &rs );
@@ -574,6 +613,7 @@ accesslog_purge( void *ctx, void *arg )
op->o_tag = LDAP_REQ_DELETE;
op->o_callback = &nullsc;
+ op->o_csn = pd.csn;
for (i=0; i<pd.used; i++) {
op->o_req_dn = pd.dn[i];
@@ -608,7 +648,13 @@ log_cf_gen(ConfigArgs *c)
case SLAP_CONFIG_EMIT:
switch( c->type ) {
case LOG_DB:
- if ( li->li_db == NULL ) {
+ if ( !BER_BVISEMPTY( &li->li_db_suffix )) {
+ value_add_one( &c->rvalue_vals, &li->li_db_suffix );
+ value_add_one( &c->rvalue_nvals, &li->li_db_suffix );
+ } else if ( li->li_db ) {
+ value_add_one( &c->rvalue_vals, li->li_db->be_suffix );
+ value_add_one( &c->rvalue_nvals, li->li_db->be_nsuffix );
+ } else {
snprintf( c->msg, sizeof( c->msg ),
"accesslog: \"logdb <suffix>\" must be specified" );
Debug( LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
@@ -616,8 +662,6 @@ log_cf_gen(ConfigArgs *c)
rc = 1;
break;
}
- value_add( &c->rvalue_vals, li->li_db->be_suffix );
- value_add( &c->rvalue_nvals, li->li_db->be_nsuffix );
break;
case LOG_OPS:
rc = mask_to_verbs( logops, li->li_ops, &c->rvalue_vals );
@@ -721,24 +765,21 @@ log_cf_gen(ConfigArgs *c)
default:
switch( c->type ) {
case LOG_DB:
- li->li_db = select_backend( &c->value_ndn, 0, 0 );
- if ( !li->li_db ) {
- snprintf( c->msg, sizeof( c->msg ),
- "<%s> no matching backend found for suffix",
- c->argv[0] );
- Debug( LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
- c->log, c->msg, c->value_dn.bv_val );
- rc = 1;
- } else if ( BER_BVISEMPTY( &li->li_db->be_rootdn )) {
- snprintf( c->msg, sizeof( c->msg ),
- "<%s> no rootDN was configured for suffix",
- c->argv[0] );
- Debug( LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
- c->log, c->msg, c->value_dn.bv_val );
- rc = 1;
+ if ( CONFIG_ONLINE_ADD( c )) {
+ li->li_db = select_backend( &c->value_ndn, 0, 0 );
+ if ( !li->li_db ) {
+ snprintf( c->msg, sizeof( c->msg ),
+ "<%s> no matching backend found for suffix",
+ c->argv[0] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
+ c->log, c->msg, c->value_dn.bv_val );
+ rc = 1;
+ }
+ ch_free( c->value_ndn.bv_val );
+ } else {
+ li->li_db_suffix = c->value_ndn;
}
ch_free( c->value_dn.bv_val );
- ch_free( c->value_ndn.bv_val );
break;
case LOG_OPS:
rc = verbs_to_mask( c->argc, c->argv, logops, &tmask );
@@ -789,7 +830,10 @@ log_cf_gen(ConfigArgs *c)
la->next = li->li_oldattrs;
li->li_oldattrs = la;
} else {
- sprintf( c->msg, "%s: %s", c->argv[i], text );
+ snprintf( c->msg, sizeof( c->msg ), "%s <%s>: %s",
+ c->argv[0], c->argv[i], text );
+ Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+ "%s: %s\n", c->log, c->msg, 0 );
rc = ARG_BAD_CONF;
break;
}
@@ -1020,15 +1064,18 @@ static int accesslog_response(Operation *op, SlapReply *rs) {
break;
}
+ case LOG_EN_MODRDN:
case LOG_EN_MODIFY:
/* count all the mods */
i = 0;
- for ( m=op->orm_modlist; m; m=m->sml_next ) {
+ for ( m = op->orm_modlist; m; m = m->sml_next ) {
if ( m->sml_values ) {
- for (b=m->sml_values; !BER_BVISNULL( b ); b++) {
+ for ( b = m->sml_values; !BER_BVISNULL( b ); b++ ) {
i++;
}
- } else if ( m->sml_op == LDAP_MOD_DELETE ) {
+ } else if ( m->sml_op == LDAP_MOD_DELETE ||
+ m->sml_op == LDAP_MOD_REPLACE )
+ {
i++;
}
}
@@ -1037,29 +1084,41 @@ static int accesslog_response(Operation *op, SlapReply *rs) {
/* init flags on old entry */
if ( old ) {
- for ( a=old->e_attrs; a; a=a->a_next ) {
+ for ( a = old->e_attrs; a; a = a->a_next ) {
log_attr *la;
a->a_flags = 0;
/* look for attrs that are always logged */
- for ( la=li->li_oldattrs; la; la=la->next )
- if ( a->a_desc == la->attr )
+ for ( la = li->li_oldattrs; la; la = la->next ) {
+ if ( a->a_desc == la->attr ) {
a->a_flags = 1;
+ }
+ }
}
}
- for ( m=op->orm_modlist; m; m=m->sml_next ) {
+ for ( m = op->orm_modlist; m; m = m->sml_next ) {
/* Mark this attribute as modified */
if ( old ) {
a = attr_find( old->e_attrs, m->sml_desc );
- if ( a )
+ if ( a ) {
a->a_flags = 1;
+ }
}
+
+ /* don't log the RDN mods; they're explicitly logged later */
+ if ( logop == LOG_EN_MODRDN &&
+ ( m->sml_op == SLAP_MOD_SOFTADD ||
+ m->sml_op == LDAP_MOD_DELETE ) )
+ {
+ continue;
+ }
+
if ( m->sml_values ) {
- for (b=m->sml_values; !BER_BVISNULL( b ); b++,i++) {
+ for ( b = m->sml_values; !BER_BVISNULL( b ); b++, i++ ) {
char c_op;
- switch( m->sml_op ) {
+ switch ( m->sml_op ) {
case LDAP_MOD_ADD: c_op = '+'; break;
case LDAP_MOD_DELETE: c_op = '-'; break;
case LDAP_MOD_REPLACE: c_op = '='; break;
@@ -1073,78 +1132,52 @@ static int accesslog_response(Operation *op, SlapReply *rs) {
}
accesslog_val2val( m->sml_desc, b, c_op, &vals[i] );
}
- } else if ( m->sml_op == LDAP_MOD_DELETE ) {
+ } else if ( m->sml_op == LDAP_MOD_DELETE ||
+ m->sml_op == LDAP_MOD_REPLACE )
+ {
vals[i].bv_len = m->sml_desc->ad_cname.bv_len + 2;
- vals[i].bv_val = ch_malloc( vals[i].bv_len+1 );
+ vals[i].bv_val = ch_malloc( vals[i].bv_len + 1 );
ptr = lutil_strcopy( vals[i].bv_val,
m->sml_desc->ad_cname.bv_val );
*ptr++ = ':';
- *ptr++ = '-';
+ if ( m->sml_op == LDAP_MOD_DELETE ) {
+ *ptr++ = '-';
+ } else {
+ *ptr++ = '=';
+ }
*ptr = '\0';
i++;
}
}
- vals[i].bv_val = NULL;
- vals[i].bv_len = 0;
- a = attr_alloc( ad_reqMod );
- a->a_vals = vals;
- a->a_nvals = vals;
- last_attr->a_next = a;
- if ( old ) {
- last_attr = a;
- /* count all the vals */
- i = 0;
- for ( a=old->e_attrs; a; a=a->a_next ) {
- if ( a->a_vals && a->a_flags ) {
- for (b=a->a_vals; !BER_BVISNULL( b ); b++) {
- i++;
- }
- }
- }
- vals = ch_malloc( (i+1) * sizeof( struct berval ));
- i = 0;
- for ( a=old->e_attrs; a; a=a->a_next ) {
- if ( a->a_vals && a->a_flags ) {
- for (b=a->a_vals; !BER_BVISNULL( b ); b++,i++) {
- accesslog_val2val( a->a_desc, b, 0, &vals[i] );
- }
- }
- }
- vals[i].bv_val = NULL;
- vals[i].bv_len = 0;
- a = attr_alloc( ad_reqOld );
+ if ( i > 0 ) {
+ BER_BVZERO( &vals[i] );
+ a = attr_alloc( ad_reqMod );
a->a_vals = vals;
a->a_nvals = vals;
last_attr->a_next = a;
+ last_attr = a;
+
+ } else {
+ ch_free( vals );
}
- break;
- case LOG_EN_MODRDN:
if ( old ) {
/* count all the vals */
i = 0;
- for ( a=old->e_attrs; a; a=a->a_next ) {
- log_attr *la;
-
- /* look for attrs that are always logged */
- for ( la=li->li_oldattrs; la; la=la->next ) {
- if ( a->a_desc == la->attr ) {
- for (b=a->a_vals; !BER_BVISNULL( b ); b++) {
- i++;
- }
+ for ( a = old->e_attrs; a != NULL; a = a->a_next ) {
+ if ( a->a_vals && a->a_flags ) {
+ for ( b = a->a_vals; !BER_BVISNULL( b ); b++ ) {
+ i++;
}
}
}
- vals = ch_malloc( (i+1) * sizeof( struct berval ));
+ vals = ch_malloc( (i + 1) * sizeof( struct berval ) );
i = 0;
for ( a=old->e_attrs; a; a=a->a_next ) {
- log_attr *la;
- for ( la=li->li_oldattrs; la; la=la->next ) {
- if ( a->a_desc == la->attr ) {
- for (b=a->a_vals; !BER_BVISNULL( b ); b++,i++) {
- accesslog_val2val( a->a_desc, b, 0, &vals[i] );
- }
+ if ( a->a_vals && a->a_flags ) {
+ for (b=a->a_vals; !BER_BVISNULL( b ); b++,i++) {
+ accesslog_val2val( a->a_desc, b, 0, &vals[i] );
}
}
}
@@ -1155,6 +1188,11 @@ static int accesslog_response(Operation *op, SlapReply *rs) {
a->a_nvals = vals;
last_attr->a_next = a;
}
+ if ( logop == LOG_EN_MODIFY ) {
+ break;
+ }
+
+ /* Now log the actual modRDN info */
attr_merge_one( e, ad_reqNewRDN, &op->orr_newrdn, &op->orr_nnewrdn );
attr_merge_one( e, ad_reqDeleteOldRDN, op->orr_deleteoldrdn ?
(struct berval *)&slap_true_bv : (struct berval *)&slap_false_bv,
@@ -1253,11 +1291,12 @@ static int accesslog_response(Operation *op, SlapReply *rs) {
}
op2.o_bd->be_add( &op2, &rs2 );
+ if ( e == op2.ora_e ) entry_free( e );
+ e = NULL;
done:
if ( lo->mask & LOG_OP_WRITES )
ldap_pvt_thread_mutex_unlock( &li->li_log_mutex );
- if ( e ) entry_free( e );
if ( old ) entry_free( old );
return SLAP_CB_CONTINUE;
}
@@ -1361,7 +1400,8 @@ accesslog_unbind( Operation *op, SlapReply *rs )
memset(cids, 0, sizeof( cids ));
op2.o_bd->be_add( &op2, &rs2 );
- entry_free( e );
+ if ( e == op2.ora_e )
+ entry_free( e );
}
return SLAP_CB_CONTINUE;
}
@@ -1399,7 +1439,36 @@ accesslog_abandon( Operation *op, SlapReply *rs )
memset(cids, 0, sizeof( cids ));
op2.o_bd->be_add( &op2, &rs2 );
- entry_free( e );
+ if ( e == op2.ora_e )
+ entry_free( e );
+
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+accesslog_operational( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ log_info *li = on->on_bi.bi_private;
+
+ if ( rs->sr_entry != NULL
+ && dn_match( &op->o_bd->be_nsuffix[0], &rs->sr_entry->e_nname ) )
+ {
+ Attribute **ap;
+
+ for ( ap = &rs->sr_operational_attrs; *ap; ap = &(*ap)->a_next )
+ /* just count */ ;
+
+ if ( SLAP_OPATTRS( rs->sr_attr_flags ) ||
+ ad_inlist( ad_auditContext, rs->sr_attrs ) )
+ {
+ *ap = attr_alloc( ad_auditContext );
+ value_add_one( &(*ap)->a_vals,
+ &li->li_db->be_suffix[0] );
+ value_add_one( &(*ap)->a_nvals,
+ &li->li_db->be_nsuffix[0] );
+ }
+ }
return SLAP_CB_CONTINUE;
}
@@ -1441,37 +1510,27 @@ accesslog_db_destroy(
return LDAP_SUCCESS;
}
-static int
-accesslog_db_open(
- BackendDB *be
-)
+/* Create the logdb's root entry if it's missing */
+static void *
+accesslog_db_root(
+ void *ctx,
+ void *arg )
{
- slap_overinst *on = (slap_overinst *)be->bd_info;
+ struct re_s *rtask = arg;
+ slap_overinst *on = rtask->arg;
log_info *li = on->on_bi.bi_private;
- Connection conn;
+ Connection conn = {0};
OperationBuffer opbuf;
Operation *op = (Operation *) &opbuf;
+
Entry *e;
int rc;
- void *thrctx;
-
- if ( li->li_db == NULL ) {
- Debug( LDAP_DEBUG_ANY,
- "accesslog: \"logdb <suffix>\" must be specified.\n",
- 0, 0, 0 );
- return 1;
- }
-
- if ( slapMode & SLAP_TOOL_MODE )
- return 0;
- thrctx = ldap_pvt_thread_pool_context();
- connection_fake_init( &conn, op, thrctx );
+ connection_fake_init( &conn, op, ctx );
op->o_bd = li->li_db;
op->o_dn = li->li_db->be_rootdn;
op->o_ndn = li->li_db->be_rootndn;
-
rc = be_entry_get_rw( op, li->li_db->be_nsuffix, NULL, NULL, 0, &e );
if ( e ) {
@@ -1486,8 +1545,8 @@ accesslog_db_open(
Entry *e_ctx;
e = entry_alloc();
- e->e_name = *li->li_db->be_suffix;
- e->e_nname = *li->li_db->be_nsuffix;
+ ber_dupbv( &e->e_name, li->li_db->be_suffix );
+ ber_dupbv( &e->e_nname, li->li_db->be_nsuffix );
attr_merge_one( e, slap_schema.si_ad_objectClass,
&log_container->soc_cname, NULL );
@@ -1511,9 +1570,8 @@ accesslog_db_open(
attr_merge_one( e, ad, &rdn, &nrdn );
/* Get contextCSN from main DB */
- op->o_bd = be;
- op->o_bd->bd_info = on->on_info->oi_orig;
- rc = be_entry_get_rw( op, be->be_nsuffix, NULL,
+ op->o_bd = on->on_info->oi_origdb;
+ rc = be_entry_get_rw( op, op->o_bd->be_nsuffix, NULL,
slap_schema.si_ad_contextCSN, 0, &e_ctx );
if ( e_ctx ) {
@@ -1526,7 +1584,6 @@ accesslog_db_open(
}
be_entry_release_rw( op, e_ctx, 0 );
}
- op->o_bd->bd_info = (BackendInfo *)on;
op->o_bd = li->li_db;
op->ora_e = e;
@@ -1536,12 +1593,50 @@ accesslog_db_open(
SLAP_DBFLAGS( op->o_bd ) |= SLAP_DBFLAG_NOLASTMOD;
rc = op->o_bd->be_add( op, &rs );
SLAP_DBFLAGS( op->o_bd ) ^= SLAP_DBFLAG_NOLASTMOD;
- BER_BVZERO( &e->e_name );
- BER_BVZERO( &e->e_nname );
- entry_free( e );
+ if ( e == op->ora_e )
+ entry_free( e );
}
- ldap_pvt_thread_pool_context_reset( thrctx );
- return rc;
+ ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
+ ldap_pvt_runqueue_stoptask( &slapd_rq, rtask );
+ ldap_pvt_runqueue_remove( &slapd_rq, rtask );
+ ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
+
+ return NULL;
+}
+
+static int
+accesslog_db_open(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ log_info *li = on->on_bi.bi_private;
+
+
+ if ( !BER_BVISEMPTY( &li->li_db_suffix )) {
+ li->li_db = select_backend( &li->li_db_suffix, 0, 0 );
+ ch_free( li->li_db_suffix.bv_val );
+ BER_BVZERO( &li->li_db_suffix );
+ }
+ if ( li->li_db == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "accesslog: \"logdb <suffix>\" missing or invalid.\n",
+ 0, 0, 0 );
+ return 1;
+ }
+
+ if ( slapMode & SLAP_TOOL_MODE )
+ return 0;
+
+ if ( BER_BVISEMPTY( &li->li_db->be_rootndn )) {
+ ber_dupbv( &li->li_db->be_rootdn, li->li_db->be_suffix );
+ ber_dupbv( &li->li_db->be_rootndn, li->li_db->be_nsuffix );
+ }
+
+ ldap_pvt_runqueue_insert( &slapd_rq, 3600, accesslog_db_root, on,
+ "accesslog_db_root", li->li_db->be_suffix[0].bv_val );
+
+ return 0;
}
int accesslog_initialize()
@@ -1560,6 +1655,7 @@ int accesslog_initialize()
accesslog.on_bi.bi_op_modrdn = accesslog_op_mod;
accesslog.on_bi.bi_op_unbind = accesslog_unbind;
accesslog.on_bi.bi_op_abandon = accesslog_abandon;
+ accesslog.on_bi.bi_operational = accesslog_operational;
accesslog.on_response = accesslog_response;
accesslog.on_bi.bi_cf_ocs = log_cfocs;
diff --git a/servers/slapd/overlays/auditlog.c b/servers/slapd/overlays/auditlog.c
index 56f349bee29b123a0654140b2ac4c7d6cfcc4a41..601c733efd6769a1a653eaec8dc82e59718a0734 100644
--- a/servers/slapd/overlays/auditlog.c
+++ b/servers/slapd/overlays/auditlog.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2005-2006 The OpenLDAP Foundation.
+ * Copyright 2005-2007 The OpenLDAP Foundation.
* Portions copyright 2004-2005 Symas Corporation.
* All rights reserved.
*
diff --git a/servers/slapd/overlays/collect.c b/servers/slapd/overlays/collect.c
index 08e1bee42b00eec8fc83a38f0da2df16756c0eee..5fd2cb8325cd47b0148a52db5706594fc2147053 100644
--- a/servers/slapd/overlays/collect.c
+++ b/servers/slapd/overlays/collect.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
* Portions Copyright 2003 Howard Chu.
* All rights reserved.
*
diff --git a/servers/slapd/overlays/constraint.c b/servers/slapd/overlays/constraint.c
index 7f33dd1cb3f63570ba1f81dfd00fc86a6609805f..c86c11a53a2e141698e1d8c0a5666c747696674e 100644
--- a/servers/slapd/overlays/constraint.c
+++ b/servers/slapd/overlays/constraint.c
@@ -64,6 +64,7 @@ static ConfigTable constraintcfg[] = {
4, 4, 0, ARG_MAGIC | CONSTRAINT_ATTRIBUTE, constraint_cf_gen,
"( OLcfgOvAt:13.1 NAME 'olcConstraintAttribute' "
"DESC 'regular expression constraint for attribute' "
+ "EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString )", NULL, NULL },
{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
};
@@ -86,7 +87,6 @@ constraint_cf_gen( ConfigArgs *c )
struct berval bv;
int i, rc = 0;
constraint ap = { NULL, NULL, NULL }, *a2 = NULL;
- regmatch_t rm[2];
const char *text = NULL;
switch ( c->op ) {
@@ -168,9 +168,10 @@ constraint_cf_gen( ConfigArgs *c )
switch (c->type) {
case CONSTRAINT_ATTRIBUTE:
if ( slap_str2ad( c->argv[1], &ap.ap, &text ) ) {
- Debug( LDAP_DEBUG_CONFIG,
- "constraint_add: <%s>: attribute description unknown %s.\n",
- c->argv[1], text, 0 );
+ snprintf( c->msg, sizeof( c->msg ),
+ "%s <%s>: %s\n", c->argv[0], c->argv[1], text );
+ Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+ "%s: %s\n", c->log, c->msg, 0 );
return( ARG_BAD_CONF );
}
@@ -184,17 +185,21 @@ constraint_cf_gen( ConfigArgs *c )
regerror( err, ap.re, errmsg, sizeof(errmsg) );
ch_free(ap.re);
- Debug( LDAP_DEBUG_CONFIG,
- "%s: Illegal regular expression \"%s\": Error %s\n",
- c->argv[1], c->argv[3], errmsg);
+ snprintf( c->msg, sizeof( c->msg ),
+ "%s %s: Illegal regular expression \"%s\": Error %s",
+ c->argv[0], c->argv[1], c->argv[3], errmsg);
+ Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+ "%s: %s\n", c->log, c->msg, 0 );
ap.re = NULL;
return( ARG_BAD_CONF );
}
ap.re_str = ch_strdup( c->argv[3] );
} else {
- Debug( LDAP_DEBUG_CONFIG,
- "%s: Unknown constraint type: %s\n",
- c->argv[1], c->argv[2], 0 );
+ snprintf( c->msg, sizeof( c->msg ),
+ "%s %s: Unknown constraint type: %s",
+ c->argv[0], c->argv[1], c->argv[2] );
+ Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+ "%s: %s\n", c->log, c->msg, 0 );
return ( ARG_BAD_CONF );
}
diff --git a/servers/slapd/overlays/dds.c b/servers/slapd/overlays/dds.c
index 07bb88d2694f6d330b0664cf4f46ec1ebab1cbf2..80999f6381fc9a816ba9a20aaf6ed30c19f17ae9 100644
--- a/servers/slapd/overlays/dds.c
+++ b/servers/slapd/overlays/dds.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2005-2006 The OpenLDAP Foundation.
+ * Copyright 2005-2007 The OpenLDAP Foundation.
* Portions Copyright 2005-2006 SysNet s.n.c.
* All rights reserved.
*
@@ -1730,7 +1730,6 @@ dds_db_open(
rc = entry_info_register( dds_entry_info, (void *)di );
done:;
- ldap_pvt_thread_pool_context_reset( thrctx );
return rc;
}
@@ -1837,7 +1836,6 @@ dds_initialize()
{
int rc = 0;
int i, code;
- const char *err;
/* Make sure we don't exceed the bits reserved for userland */
config_check_userland( DDS_LAST );
diff --git a/servers/slapd/overlays/dyngroup.c b/servers/slapd/overlays/dyngroup.c
index ab7b559f62a734254d8b3c8b4cc52ee303bd8f37..6b28ecc8c5590aa9ae2adb1b80fe3ed7c966479a 100644
--- a/servers/slapd/overlays/dyngroup.c
+++ b/servers/slapd/overlays/dyngroup.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
* Copyright 2003 by Howard Chu.
* All rights reserved.
*
diff --git a/servers/slapd/overlays/dynlist.c b/servers/slapd/overlays/dynlist.c
index 872ede5e7ae802df04311ab7539b273f0f682ea1..ff2d80b6e72a2ad6dd5f5bfe56c0a9611ebcaa66 100644
--- a/servers/slapd/overlays/dynlist.c
+++ b/servers/slapd/overlays/dynlist.c
@@ -1,7 +1,8 @@
/* dynlist.c - dynamic list overlay */
+/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
* Portions Copyright 2004-2005 Pierangelo Masarati.
* All rights reserved.
*
@@ -22,11 +23,15 @@
#ifdef SLAPD_OVER_DYNLIST
-#if LDAP_VENDOR_VERSION_MINOR != X && LDAP_VENDOR_VERSION_MINOR < 3
-#define OL_2_2_COMPAT
-#elif SLAPD_OVER_DYNGROUP != SLAPD_MOD_STATIC
+#if LDAP_VENDOR_VERSION_MINOR == X || LDAP_VENDOR_VERSION_MINOR > 3
+#if SLAPD_OVER_DYNGROUP != SLAPD_MOD_STATIC
#define TAKEOVER_DYNGROUP
#endif
+#else
+#if LDAP_VENDOR_VERSION_MINOR < 3
+#define OL_2_2_COMPAT
+#endif
+#endif
#include <stdio.h>
@@ -193,7 +198,8 @@ dynlist_sc_update( Operation *op, SlapReply *rs )
for ( a = rs->sr_entry->e_attrs; a != NULL; a = a->a_next ) {
BerVarray vals, nvals = NULL;
- int i, j;
+ int i, j,
+ is_oc = a->a_desc == slap_schema.si_ad_objectClass;
/* if attribute is not requested, skip it */
if ( rs->sr_attrs == NULL ) {
@@ -242,6 +248,14 @@ dynlist_sc_update( Operation *op, SlapReply *rs )
}
for ( i = 0, j = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ ) {
+ if ( is_oc ) {
+ ObjectClass *soc = oc_bvfind( &a->a_vals[i] );
+
+ if ( soc->soc_kind == LDAP_SCHEMA_STRUCTURAL ) {
+ continue;
+ }
+ }
+
if ( access_allowed( op, rs->sr_entry, a->a_desc,
&a->a_nvals[i], ACL_READ, &acl_state ) )
{
@@ -284,6 +298,8 @@ dynlist_sc_update( Operation *op, SlapReply *rs )
done:;
if ( rs->sr_flags & REP_ENTRY_MUSTBEFREED ) {
entry_free( rs->sr_entry );
+ rs->sr_entry = NULL;
+ rs->sr_flags ^= REP_ENTRY_MUSTBEFREED;
}
return 0;
@@ -607,6 +623,8 @@ dynlist_compare( Operation *op, SlapReply *rs )
o.ors_attrs = an;
o.ors_attrsonly = 0;
+ o.o_acl_priv = ACL_COMPARE;
+
rc = o.o_bd->be_search( &o, &r );
filter_free_x( &o, o.ors_filter );
diff --git a/servers/slapd/overlays/overlays.c b/servers/slapd/overlays/overlays.c
index ea96b681426226bab065a1522688be534ff36306..e3420c052fdd29390434dcf5493932517b7ae857 100644
--- a/servers/slapd/overlays/overlays.c
+++ b/servers/slapd/overlays/overlays.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
* Copyright 2003 by Howard Chu.
* All rights reserved.
*
diff --git a/servers/slapd/overlays/pcache.c b/servers/slapd/overlays/pcache.c
index 7176b421b111ebe1daaa24f424fec2d265c0b77d..56bf2a29b21bdf7d51abf6d18dca544022268a49 100644
--- a/servers/slapd/overlays/pcache.c
+++ b/servers/slapd/overlays/pcache.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
* Portions Copyright 2003 IBM Corporation.
* Portions Copyright 2003 Symas Corporation.
* All rights reserved.
@@ -216,7 +216,8 @@ merge_entry(
rc = 0;
}
} else {
- be_entry_release_w( op, e );
+ if ( op->ora_e == e )
+ be_entry_release_w( op, e );
rc = 1;
}
@@ -1925,7 +1926,7 @@ pc_cf_gen( ConfigArgs *c )
return( 1 );
}
- if ( !backend_db_init( c->argv[1], &cm->db )) {
+ if ( !backend_db_init( c->argv[1], &cm->db, -1 )) {
snprintf( c->msg, sizeof( c->msg ), "unknown backend type (arg #1)" );
Debug( LDAP_DEBUG_CONFIG, "%s: %s.\n", c->log, c->msg, 0 );
return( 1 );
diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index 68216d445ae635ab4a570c5d5a3f139d18ede91f..48ecf6821905b65532addd5839c03fb4f7219008 100644
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
* Portions Copyright 2004-2005 Howard Chu, Symas Corporation.
* Portions Copyright 2004 Hewlett-Packard Company.
* All rights reserved.
@@ -645,13 +645,12 @@ check_password_quality( struct berval *cred, PassPolicy *pp, LDAPPasswordPolicyE
ldap_pvt_thread_mutex_lock( &chk_syntax_mutex );
ok = prog( cred->bv_val, &txt, e );
ldap_pvt_thread_mutex_unlock( &chk_syntax_mutex );
- if (txt) {
+ if (ok != LDAP_SUCCESS) {
Debug(LDAP_DEBUG_ANY,
"check_password_quality: module error: (%s) %s.[%d]\n",
- pp->pwdCheckModule, txt, ok );
+ pp->pwdCheckModule, txt ? txt : "", ok );
free(txt);
- } else
- ok = LDAP_SUCCESS;
+ }
}
lt_dlclose( mod );
@@ -1283,7 +1282,7 @@ ppolicy_add(
if ((pa = attr_find( op->oq_add.rs_e->e_attrs,
slap_schema.si_ad_userPassword )))
{
- assert( pa->a_vals );
+ assert( pa->a_vals != NULL );
assert( !BER_BVISNULL( &pa->a_vals[ 0 ] ) );
if ( !BER_BVISNULL( &pa->a_vals[ 1 ] ) ) {
diff --git a/servers/slapd/overlays/refint.c b/servers/slapd/overlays/refint.c
index ce4ecaa29c03f8679ef2a77403af59bfc7441e20..0a7c1aeb09d2decf3d8ca02dffb20f07ecd55d58 100644
--- a/servers/slapd/overlays/refint.c
+++ b/servers/slapd/overlays/refint.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
* Portions Copyright 2004 Symas Corporation.
* All rights reserved.
*
@@ -96,6 +96,7 @@ static ConfigTable refintcfg[] = {
ARG_MAGIC|REFINT_ATTRS, refint_cf_gen,
"( OLcfgOvAt:11.1 NAME 'olcRefintAttribute' "
"DESC 'Attributes for referential integrity' "
+ "EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString )", NULL, NULL },
{ "refint_nothing", "string", 2, 2, 0,
ARG_DN|ARG_MAGIC|REFINT_NOTHING, refint_cf_gen,
@@ -208,13 +209,10 @@ refint_cf_gen(ConfigArgs *c)
ip->next = dd->attrs;
dd->attrs = ip;
} else {
- Debug ( LDAP_DEBUG_CONFIG,
- "refint add: <%s>: %s\n",
- c->argv[i], text, NULL );
- strncpy ( c->msg,
- text,
- SLAP_TEXT_BUFLEN-1 );
- c->msg[SLAP_TEXT_BUFLEN-1] = '\0';
+ snprintf( c->msg, sizeof( c->msg ),
+ "%s <%s>: %s", c->argv[0], c->argv[i], text );
+ Debug ( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+ "%s: %s\n", c->log, c->msg, 0 );
rc = ARG_BAD_CONF;
}
}
@@ -322,12 +320,14 @@ refint_close(
ij = ii->next;
ch_free(ii);
}
+ id->attrs = NULL;
- ch_free(id->dn.bv_val);
- ch_free(id->nothing.bv_val);
- ch_free(id->nnothing.bv_val);
-
- memset( id, 0, sizeof(*id));
+ ch_free( id->dn.bv_val );
+ BER_BVZERO( &id->dn );
+ ch_free( id->nothing.bv_val );
+ BER_BVZERO( &id->nothing );
+ ch_free( id->nnothing.bv_val );
+ BER_BVZERO( &id->nnothing );
return(0);
}
@@ -647,7 +647,7 @@ refint_response(
slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
refint_data *id = on->on_bi.bi_private;
BerValue pdn;
- int rc, ac;
+ int ac;
refint_q *rq;
BackendDB *db;
refint_attrs *ip;
diff --git a/servers/slapd/overlays/retcode.c b/servers/slapd/overlays/retcode.c
index 3e5568552d255293069a853f594afeb010a7e4f6..4c8af8898695bcc2e7c3cb3509c6e1f9ccb2da3f 100644
--- a/servers/slapd/overlays/retcode.c
+++ b/servers/slapd/overlays/retcode.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2005-2006 The OpenLDAP Foundation.
+ * Copyright 2005-2007 The OpenLDAP Foundation.
* Portions Copyright 2005 Pierangelo Masarati <ando@sys-net.it>
* All rights reserved.
*
@@ -32,6 +32,7 @@
#include "slap.h"
#include "lutil.h"
+#include "ldif.h"
static slap_overinst retcode;
@@ -40,6 +41,10 @@ static AttributeDescription *ad_errText;
static AttributeDescription *ad_errOp;
static AttributeDescription *ad_errSleepTime;
static AttributeDescription *ad_errMatchedDN;
+static AttributeDescription *ad_errUnsolicitedOID;
+static AttributeDescription *ad_errUnsolicitedData;
+static AttributeDescription *ad_errDisconnect;
+
static ObjectClass *oc_errAbsObject;
static ObjectClass *oc_errObject;
static ObjectClass *oc_errAuxObject;
@@ -70,6 +75,13 @@ typedef struct retcode_item_t {
int rdi_sleeptime;
Entry rdi_e;
slap_mask_t rdi_mask;
+ struct berval rdi_unsolicited_oid;
+ struct berval rdi_unsolicited_data;
+
+ unsigned rdi_flags;
+#define RDI_PRE_DISCONNECT (0x1U)
+#define RDI_POST_DISCONNECT (0x2U)
+
struct retcode_item_t *rdi_next;
} retcode_item_t;
@@ -143,11 +155,6 @@ retcode_send_onelevel( Operation *op, SlapReply *rs )
rs->sr_err = test_filter( op, &rdi->rdi_e, op->ors_filter );
if ( rs->sr_err == LDAP_COMPARE_TRUE ) {
- if ( op->ors_slimit == rs->sr_nentries ) {
- rs->sr_err = LDAP_SIZELIMIT_EXCEEDED;
- goto done;
- }
-
/* safe default */
rs->sr_attrs = op->ors_attrs;
rs->sr_operational_attrs = NULL;
@@ -407,6 +414,10 @@ retcode_op_func( Operation *op, SlapReply *rs )
rs->sr_text = "retcode not found";
} else {
+ if ( rdi->rdi_flags & RDI_PRE_DISCONNECT ) {
+ return rs->sr_err = SLAPD_DISCONNECT;
+ }
+
rs->sr_err = rdi->rdi_err;
rs->sr_text = rdi->rdi_text.bv_val;
rs->sr_matched = rdi->rdi_matched.bv_val;
@@ -447,13 +458,45 @@ retcode_op_func( Operation *op, SlapReply *rs )
break;
default:
- send_ldap_result( op, rs );
+ if ( rdi && !BER_BVISNULL( &rdi->rdi_unsolicited_oid ) ) {
+ ber_int_t msgid = op->o_msgid;
+
+ /* RFC 4511 unsolicited response */
+
+ op->o_msgid = 0;
+ if ( strcmp( rdi->rdi_unsolicited_oid.bv_val, "0" ) == 0 ) {
+ send_ldap_result( op, rs );
+
+ } else {
+ ber_tag_t tag = op->o_tag;
+
+ op->o_tag = LDAP_REQ_EXTENDED;
+ rs->sr_rspoid = rdi->rdi_unsolicited_oid.bv_val;
+ if ( !BER_BVISNULL( &rdi->rdi_unsolicited_data ) ) {
+ rs->sr_rspdata = &rdi->rdi_unsolicited_data;
+ }
+ send_ldap_extended( op, rs );
+ rs->sr_rspoid = NULL;
+ rs->sr_rspdata = NULL;
+ op->o_tag = tag;
+
+ }
+ op->o_msgid = msgid;
+
+ } else {
+ send_ldap_result( op, rs );
+ }
+
if ( rs->sr_ref != NULL ) {
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
}
rs->sr_matched = NULL;
rs->sr_text = NULL;
+
+ if ( rdi && rdi->rdi_flags & RDI_POST_DISCONNECT ) {
+ return rs->sr_err = SLAPD_DISCONNECT;
+ }
break;
}
@@ -498,6 +541,7 @@ retcode_entry_response( Operation *op, SlapReply *rs, BackendInfo *bi, Entry *e
Attribute *a;
int err;
char *next;
+ int disconnect = 0;
if ( get_manageDSAit( op ) ) {
return SLAP_CB_CONTINUE;
@@ -532,6 +576,15 @@ retcode_entry_response( Operation *op, SlapReply *rs, BackendInfo *bi, Entry *e
}
}
+ /* disconnect */
+ a = attr_find( e->e_attrs, ad_errDisconnect );
+ if ( a != NULL ) {
+ if ( bvmatch( &a->a_nvals[ 0 ], &slap_true_bv ) ) {
+ return rs->sr_err = SLAPD_DISCONNECT;
+ }
+ disconnect = 1;
+ }
+
/* error code */
a = attr_find( e->e_attrs, ad_errCode );
if ( a == NULL ) {
@@ -553,7 +606,7 @@ retcode_entry_response( Operation *op, SlapReply *rs, BackendInfo *bi, Entry *e
}
}
- if ( rs->sr_err != LDAP_SUCCESS ) {
+ if ( rs->sr_err != LDAP_SUCCESS && !LDAP_API_ERROR( rs->sr_err )) {
BackendDB db = *op->o_bd,
*o_bd = op->o_bd;
void *o_callback = op->o_callback;
@@ -596,7 +649,44 @@ retcode_entry_response( Operation *op, SlapReply *rs, BackendInfo *bi, Entry *e
rs->sr_ref = NULL;
} else {
- send_ldap_result( op, rs );
+ a = attr_find( e->e_attrs, ad_errUnsolicitedOID );
+ if ( a != NULL ) {
+ struct berval oid = BER_BVNULL,
+ data = BER_BVNULL;
+ ber_int_t msgid = op->o_msgid;
+
+ /* RFC 4511 unsolicited response */
+
+ op->o_msgid = 0;
+
+ oid = a->a_nvals[ 0 ];
+
+ a = attr_find( e->e_attrs, ad_errUnsolicitedData );
+ if ( a != NULL ) {
+ data = a->a_nvals[ 0 ];
+ }
+
+ if ( strcmp( oid.bv_val, "0" ) == 0 ) {
+ send_ldap_result( op, rs );
+
+ } else {
+ ber_tag_t tag = op->o_tag;
+
+ op->o_tag = LDAP_REQ_EXTENDED;
+ rs->sr_rspoid = oid.bv_val;
+ if ( !BER_BVISNULL( &data ) ) {
+ rs->sr_rspdata = &data;
+ }
+ send_ldap_extended( op, rs );
+ rs->sr_rspoid = NULL;
+ rs->sr_rspdata = NULL;
+ op->o_tag = tag;
+ }
+ op->o_msgid = msgid;
+
+ } else {
+ send_ldap_result( op, rs );
+ }
}
rs->sr_text = NULL;
@@ -604,8 +694,12 @@ retcode_entry_response( Operation *op, SlapReply *rs, BackendInfo *bi, Entry *e
op->o_bd = o_bd;
op->o_callback = o_callback;
}
-
+
if ( rs->sr_err != LDAP_SUCCESS ) {
+ if ( disconnect ) {
+ return rs->sr_err = SLAPD_DISCONNECT;
+ }
+
op->o_abandon = 1;
return rs->sr_err;
}
@@ -887,10 +981,60 @@ retcode_db_config(
return 1;
}
+ } else if ( strncasecmp( argv[ i ], "unsolicited=", STRLENOF( "unsolicited=" ) ) == 0 )
+ {
+ char *data;
+
+ if ( !BER_BVISNULL( &rdi.rdi_unsolicited_oid ) ) {
+ fprintf( stderr, "%s: line %d: retcode: "
+ "\"unsolicited\" already provided.\n",
+ fname, lineno );
+ return 1;
+ }
+
+ data = strchr( &argv[ i ][ STRLENOF( "unsolicited=" ) ], ':' );
+ if ( data != NULL ) {
+ struct berval oid;
+
+ if ( ldif_parse_line2( &argv[ i ][ STRLENOF( "unsolicited=" ) ],
+ &oid, &rdi.rdi_unsolicited_data, NULL ) )
+ {
+ fprintf( stderr, "%s: line %d: retcode: "
+ "unable to parse \"unsolicited\".\n",
+ fname, lineno );
+ return 1;
+ }
+
+ ber_dupbv( &rdi.rdi_unsolicited_oid, &oid );
+
+ } else {
+ ber_str2bv( &argv[ i ][ STRLENOF( "unsolicited=" ) ], 0, 1,
+ &rdi.rdi_unsolicited_oid );
+ }
+
+ } else if ( strncasecmp( argv[ i ], "flags=", STRLENOF( "flags=" ) ) == 0 )
+ {
+ char *arg = &argv[ i ][ STRLENOF( "flags=" ) ];
+ if ( strcasecmp( arg, "disconnect" ) == 0 ) {
+ rdi.rdi_flags |= RDI_PRE_DISCONNECT;
+
+ } else if ( strcasecmp( arg, "pre-disconnect" ) == 0 ) {
+ rdi.rdi_flags |= RDI_PRE_DISCONNECT;
+
+ } else if ( strcasecmp( arg, "post-disconnect" ) == 0 ) {
+ rdi.rdi_flags |= RDI_POST_DISCONNECT;
+
+ } else {
+ fprintf( stderr, "%s: line %d: retcode: "
+ "unknown flag \"%s\".\n",
+ fname, lineno, arg );
+ return 1;
+ }
+
} else {
fprintf( stderr, "%s: line %d: retcode: "
"unknown option \"%s\".\n",
- fname, lineno, argv[ i ] );
+ fname, lineno, argv[ i ] );
return 1;
}
}
@@ -1118,7 +1262,6 @@ int
retcode_initialize( void )
{
int i, code;
- const char *err;
static struct {
char *desc;
@@ -1161,6 +1304,25 @@ retcode_initialize( void )
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 "
"SINGLE-VALUE )",
&ad_errMatchedDN },
+ { "( 1.3.6.1.4.1.4203.666.11.4.1.6 "
+ "NAME ( 'errUnsolicitedOID' ) "
+ "DESC 'OID to be returned within unsolicited response' "
+ "EQUALITY objectIdentifierMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 "
+ "SINGLE-VALUE )",
+ &ad_errUnsolicitedOID },
+ { "( 1.3.6.1.4.1.4203.666.11.4.1.7 "
+ "NAME ( 'errUnsolicitedData' ) "
+ "DESC 'Data to be returned within unsolicited response' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 "
+ "SINGLE-VALUE )",
+ &ad_errUnsolicitedData },
+ { "( 1.3.6.1.4.1.4203.666.11.4.1.8 "
+ "NAME ( 'errDisconnect' ) "
+ "DESC 'Disconnect without notice' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 "
+ "SINGLE-VALUE )",
+ &ad_errDisconnect },
{ NULL }
};
@@ -1179,6 +1341,9 @@ retcode_initialize( void )
"$ errText "
"$ errSleepTime "
"$ errMatchedDN "
+ "$ errUnsolicitedOID "
+ "$ errUnsolicitedData "
+ "$ errDisconnect "
") )",
&oc_errAbsObject },
{ "( 1.3.6.1.4.1.4203.666.11.4.3.1 "
diff --git a/servers/slapd/overlays/rwm.c b/servers/slapd/overlays/rwm.c
index 6f3bfddcf2707818b7dda38a2a22ec66b0deb20e..4e87d36dd2b05098e299f092f6df37b6f482f5ab 100644
--- a/servers/slapd/overlays/rwm.c
+++ b/servers/slapd/overlays/rwm.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
* Portions Copyright 2003 Pierangelo Masarati.
* All rights reserved.
*
@@ -26,11 +26,105 @@
#include "slap.h"
#include "rwm.h"
+typedef struct rwm_op_state {
+ ber_tag_t r_tag;
+ struct berval ro_dn;
+ struct berval ro_ndn;
+ struct berval r_dn;
+ struct berval r_ndn;
+ OpRequest o_request;
+} rwm_op_state;
+
static int
rwm_db_destroy( BackendDB *be );
+typedef struct rwm_op_cb {
+ slap_callback cb;
+ rwm_op_state ros;
+} rwm_op_cb;
+
+static int
+rwm_op_cleanup( Operation *op, SlapReply *rs )
+{
+ slap_callback *cb = op->o_callback;
+ rwm_op_state *ros = cb->sc_private;
+
+ if ( rs->sr_type == REP_RESULT || rs->sr_type == REP_EXTENDED ||
+ op->o_abandon || rs->sr_err == SLAPD_ABANDON ) {
+
+ op->o_req_dn = ros->ro_dn;
+ op->o_req_ndn = ros->ro_ndn;
+
+ if ( !BER_BVISEMPTY( &ros->r_dn )) ch_free( ros->r_dn.bv_val );
+ if ( !BER_BVISEMPTY( &ros->r_ndn )) ch_free( ros->r_ndn.bv_val );
+
+ switch( ros->r_tag ) {
+ case LDAP_REQ_COMPARE:
+ if ( op->orc_ava->aa_value.bv_val != ros->orc_ava->aa_value.bv_val )
+ op->o_tmpfree( op->orc_ava->aa_value.bv_val, op->o_tmpmemctx );
+ op->orc_ava = ros->orc_ava;
+ break;
+ case LDAP_REQ_MODIFY:
+ slap_mods_free( op->orm_modlist, 1 );
+ op->orm_modlist = ros->orm_modlist;
+ break;
+ case LDAP_REQ_MODRDN:
+ if ( op->orr_newSup != ros->orr_newSup ) {
+ ch_free( op->orr_newSup->bv_val );
+ ch_free( op->orr_nnewSup->bv_val );
+ op->o_tmpfree( op->orr_newSup, op->o_tmpmemctx );
+ op->o_tmpfree( op->orr_nnewSup, op->o_tmpmemctx );
+ op->orr_newSup = ros->orr_newSup;
+ op->orr_nnewSup = ros->orr_nnewSup;
+ }
+ break;
+ case LDAP_REQ_SEARCH:
+ ch_free( op->ors_attrs );
+ filter_free_x( op, op->ors_filter );
+ ch_free( op->ors_filterstr.bv_val );
+ op->ors_attrs = ros->ors_attrs;
+ op->ors_filter = ros->ors_filter;
+ op->ors_filterstr = ros->ors_filterstr;
+ break;
+ case LDAP_REQ_EXTENDED:
+ if ( op->ore_reqdata != ros->ore_reqdata ) {
+ ber_bvfree( op->ore_reqdata );
+ op->ore_reqdata = ros->ore_reqdata;
+ }
+ break;
+ default: break;
+ }
+ op->o_callback = op->o_callback->sc_next;
+ op->o_tmpfree( cb, op->o_tmpmemctx );
+ }
+
+ return SLAP_CB_CONTINUE;
+}
+
+static rwm_op_cb *
+rwm_callback_get( Operation *op, SlapReply *rs )
+{
+ rwm_op_cb *roc = NULL;
+
+ roc = op->o_tmpalloc( sizeof( struct rwm_op_cb ), op->o_tmpmemctx );
+ roc->cb.sc_cleanup = rwm_op_cleanup;
+ roc->cb.sc_response = NULL;
+ roc->cb.sc_next = op->o_callback;
+ roc->cb.sc_private = &roc->ros;
+ roc->ros.r_tag = op->o_tag;
+ roc->ros.ro_dn = op->o_req_dn;
+ roc->ros.ro_ndn = op->o_req_ndn;
+ roc->ros.o_request = op->o_request;
+ BER_BVZERO( &roc->ros.r_dn );
+ BER_BVZERO( &roc->ros.r_ndn );
+
+ return roc;
+}
+
+
static int
-rwm_op_dn_massage( Operation *op, SlapReply *rs, void *cookie )
+rwm_op_dn_massage( Operation *op, SlapReply *rs, void *cookie,
+ rwm_op_state *ros )
{
slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
struct ldaprwmap *rwmap =
@@ -77,12 +171,12 @@ rwm_op_dn_massage( Operation *op, SlapReply *rs, void *cookie )
}
if ( op->o_req_dn.bv_val != op->o_req_ndn.bv_val ) {
- op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
op->o_req_dn = dn;
+ ros->r_dn = dn;
} else {
op->o_req_dn = ndn;
}
- op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
+ ros->r_ndn = ndn;
op->o_req_ndn = ndn;
return LDAP_SUCCESS;
@@ -101,11 +195,13 @@ rwm_op_add( Operation *op, SlapReply *rs )
char *olddn = op->o_req_dn.bv_val;
int isupdate;
+ rwm_op_cb *roc = rwm_callback_get( op, rs );
+
#ifdef ENABLE_REWRITE
- rc = rwm_op_dn_massage( op, rs, "addDN" );
+ rc = rwm_op_dn_massage( op, rs, "addDN", &roc->ros );
#else /* ! ENABLE_REWRITE */
rc = 1;
- rc = rwm_op_dn_massage( op, rs, &rc );
+ rc = rwm_op_dn_massage( op, rs, &rc, &roc->ros );
#endif /* ! ENABLE_REWRITE */
if ( rc != LDAP_SUCCESS ) {
op->o_bd->bd_info = (BackendInfo *)on->on_info;
@@ -225,7 +321,8 @@ cleanup_attr:;
attr_free( a );
}
- /* TODO: map attribute types, values of DN-valued attributes ... */
+ op->o_callback = &roc->cb;
+
return SLAP_CB_CONTINUE;
}
@@ -261,11 +358,13 @@ rwm_op_bind( Operation *op, SlapReply *rs )
slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
int rc;
+ rwm_op_cb *roc = rwm_callback_get( op, rs );
+
#ifdef ENABLE_REWRITE
- rc = rwm_op_dn_massage( op, rs, "bindDN" );
+ rc = rwm_op_dn_massage( op, rs, "bindDN", &roc->ros );
#else /* ! ENABLE_REWRITE */
rc = 1;
- rc = rwm_op_dn_massage( op, rs, &rc );
+ rc = rwm_op_dn_massage( op, rs, &rc, &roc->ros );
#endif /* ! ENABLE_REWRITE */
if ( rc != LDAP_SUCCESS ) {
op->o_bd->bd_info = (BackendInfo *)on->on_info;
@@ -273,6 +372,8 @@ rwm_op_bind( Operation *op, SlapReply *rs )
return -1;
}
+ op->o_callback = &roc->cb;
+
return SLAP_CB_CONTINUE;
}
@@ -298,14 +399,15 @@ rwm_op_compare( Operation *op, SlapReply *rs )
(struct ldaprwmap *)on->on_bi.bi_private;
int rc;
- struct berval mapped_at = BER_BVNULL,
- mapped_vals[2] = { BER_BVNULL, BER_BVNULL };
+ struct berval mapped_vals[2] = { BER_BVNULL, BER_BVNULL };
+
+ rwm_op_cb *roc = rwm_callback_get( op, rs );
#ifdef ENABLE_REWRITE
- rc = rwm_op_dn_massage( op, rs, "compareDN" );
+ rc = rwm_op_dn_massage( op, rs, "compareDN", &roc->ros );
#else /* ! ENABLE_REWRITE */
rc = 1;
- rc = rwm_op_dn_massage( op, rs, &rc );
+ rc = rwm_op_dn_massage( op, rs, &rc, &roc->ros );
#endif /* ! ENABLE_REWRITE */
if ( rc != LDAP_SUCCESS ) {
op->o_bd->bd_info = (BackendInfo *)on->on_info;
@@ -326,9 +428,9 @@ rwm_op_compare( Operation *op, SlapReply *rs )
return -1;
} else if ( mapped_vals[0].bv_val != op->orc_ava->aa_value.bv_val ) {
- ber_bvreplace_x( &op->orc_ava->aa_value, &mapped_vals[0], op->o_tmpmemctx );
+ ber_dupbv_x( &op->orc_ava->aa_value, &mapped_vals[0],
+ op->o_tmpmemctx );
}
- mapped_at = op->orc_ava->aa_desc->ad_cname;
} else {
struct ldapmapping *mapping = NULL;
@@ -376,13 +478,15 @@ rwm_op_compare( Operation *op, SlapReply *rs )
* already freed the old value, so now
* it's invalid */
ber_dupbv_x( &op->orc_ava->aa_value, &mapped_vals[0],
- op->o_tmpmemctx );
+ op->o_tmpmemctx );
ber_memfree_x( mapped_vals[ 0 ].bv_val, NULL );
}
}
op->orc_ava->aa_desc = ad;
}
+ op->o_callback = &roc->cb;
+
return SLAP_CB_CONTINUE;
}
@@ -392,11 +496,13 @@ rwm_op_delete( Operation *op, SlapReply *rs )
slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
int rc;
+ rwm_op_cb *roc = rwm_callback_get( op, rs );
+
#ifdef ENABLE_REWRITE
- rc = rwm_op_dn_massage( op, rs, "deleteDN" );
+ rc = rwm_op_dn_massage( op, rs, "deleteDN", &roc->ros );
#else /* ! ENABLE_REWRITE */
rc = 1;
- rc = rwm_op_dn_massage( op, rs, &rc );
+ rc = rwm_op_dn_massage( op, rs, &rc, &roc->ros );
#endif /* ! ENABLE_REWRITE */
if ( rc != LDAP_SUCCESS ) {
op->o_bd->bd_info = (BackendInfo *)on->on_info;
@@ -404,6 +510,8 @@ rwm_op_delete( Operation *op, SlapReply *rs )
return -1;
}
+ op->o_callback = &roc->cb;
+
return SLAP_CB_CONTINUE;
}
@@ -418,11 +526,13 @@ rwm_op_modify( Operation *op, SlapReply *rs )
Modifications **mlp;
int rc;
+ rwm_op_cb *roc = rwm_callback_get( op, rs );
+
#ifdef ENABLE_REWRITE
- rc = rwm_op_dn_massage( op, rs, "modifyDN" );
+ rc = rwm_op_dn_massage( op, rs, "modifyDN", &roc->ros );
#else /* ! ENABLE_REWRITE */
rc = 1;
- rc = rwm_op_dn_massage( op, rs, &rc );
+ rc = rwm_op_dn_massage( op, rs, &rc, &roc->ros );
#endif /* ! ENABLE_REWRITE */
if ( rc != LDAP_SUCCESS ) {
op->o_bd->bd_info = (BackendInfo *)on->on_info;
@@ -436,12 +546,17 @@ rwm_op_modify( Operation *op, SlapReply *rs )
Modifications *ml;
struct ldapmapping *mapping = NULL;
- if ( (*mlp)->sml_desc == slap_schema.si_ad_objectClass
- || (*mlp)->sml_desc == slap_schema.si_ad_structuralObjectClass )
+ /* duplicate the modlist */
+ ml = ch_malloc( sizeof( Modifications ));
+ *ml = **mlp;
+ *mlp = ml;
+
+ if ( ml->sml_desc == slap_schema.si_ad_objectClass
+ || ml->sml_desc == slap_schema.si_ad_structuralObjectClass )
{
is_oc = 1;
- } else if ( !isupdate && !get_relax( op ) && (*mlp)->sml_desc->ad_type->sat_no_user_mod )
+ } else if ( !isupdate && !get_relax( op ) && ml->sml_desc->ad_type->sat_no_user_mod )
{
goto next_mod;
@@ -449,7 +564,7 @@ rwm_op_modify( Operation *op, SlapReply *rs )
int drop_missing;
drop_missing = rwm_mapping( &rwmap->rwm_at,
- &(*mlp)->sml_desc->ad_cname,
+ &ml->sml_desc->ad_cname,
&mapping, RWM_MAP );
if ( drop_missing || ( mapping != NULL && BER_BVISNULL( &mapping->m_dst ) ) )
{
@@ -457,18 +572,36 @@ rwm_op_modify( Operation *op, SlapReply *rs )
}
}
- if ( (*mlp)->sml_values != NULL ) {
+ if ( ml->sml_values != NULL ) {
+ int i, num;
+ struct berval *bva;
+
+ for ( num = 0; !BER_BVISNULL( &ml->sml_values[ num ] ); num++ )
+ /* count values */ ;
+
+ bva = ch_malloc( (num+1) * sizeof( struct berval ));
+ for (i=0; i<num; i++)
+ ber_dupbv( &bva[i], &ml->sml_values[i] );
+ BER_BVZERO( &bva[i] );
+ ml->sml_values = bva;
+
+ if ( ml->sml_nvalues ) {
+ bva = ch_malloc( (num+1) * sizeof( struct berval ));
+ for (i=0; i<num; i++)
+ ber_dupbv( &bva[i], &ml->sml_nvalues[i] );
+ BER_BVZERO( &bva[i] );
+ ml->sml_nvalues = bva;
+ }
+
if ( is_oc ) {
int last, j;
- for ( last = 0; !BER_BVISNULL( &(*mlp)->sml_values[ last ] ); last++ )
- /* count values */ ;
- last--;
+ last = num-1;
- for ( j = 0; !BER_BVISNULL( &(*mlp)->sml_values[ j ] ); j++ ) {
+ for ( j = 0; !BER_BVISNULL( &ml->sml_values[ j ] ); j++ ) {
struct ldapmapping *oc_mapping = NULL;
- ( void )rwm_mapping( &rwmap->rwm_oc, &(*mlp)->sml_values[ j ],
+ ( void )rwm_mapping( &rwmap->rwm_oc, &ml->sml_values[ j ],
&oc_mapping, RWM_MAP );
if ( oc_mapping == NULL ) {
if ( rwmap->rwm_at.drop_missing ) {
@@ -476,47 +609,47 @@ rwm_op_modify( Operation *op, SlapReply *rs )
* if the resulting entry is inconsistent, that's
* the relayed database's business...
*/
- ch_free( (*mlp)->sml_values[ j ].bv_val );
if ( last > j ) {
- (*mlp)->sml_values[ j ] = (*mlp)->sml_values[ last ];
+ ch_free( ml->sml_values[ j ].bv_val );
+ ml->sml_values[ j ] = ml->sml_values[ last ];
}
- BER_BVZERO( &(*mlp)->sml_values[ last ] );
+ BER_BVZERO( &ml->sml_values[ last ] );
last--;
j--;
}
} else {
- ch_free( (*mlp)->sml_values[ j ].bv_val );
- ber_dupbv( &(*mlp)->sml_values[ j ], &oc_mapping->m_dst );
+ ch_free( ml->sml_values[ j ].bv_val );
+ ber_dupbv( &ml->sml_values[ j ], &oc_mapping->m_dst );
}
}
} else {
- if ( (*mlp)->sml_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName
+ if ( ml->sml_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName
|| ( mapping != NULL && mapping->m_dst_ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) )
{
#ifdef ENABLE_REWRITE
rc = rwm_dnattr_rewrite( op, rs, "modifyAttrDN",
- (*mlp)->sml_values,
- (*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
+ ml->sml_values,
+ ml->sml_nvalues ? &ml->sml_nvalues : NULL );
#else /* ! ENABLE_REWRITE */
rc = 1;
rc = rwm_dnattr_rewrite( op, rs, &rc,
- (*mlp)->sml_values,
- (*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
+ ml->sml_values,
+ ml->sml_nvalues ? &ml->sml_nvalues : NULL );
#endif /* ! ENABLE_REWRITE */
- } else if ( (*mlp)->sml_desc == slap_schema.si_ad_ref ) {
+ } else if ( ml->sml_desc == slap_schema.si_ad_ref ) {
#ifdef ENABLE_REWRITE
rc = rwm_referral_rewrite( op, rs,
"referralAttrDN",
- (*mlp)->sml_values,
- (*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
+ ml->sml_values,
+ ml->sml_nvalues ? &ml->sml_nvalues : NULL );
#else /* ! ENABLE_REWRITE */
rc = 1;
rc = rwm_referral_rewrite( op, rs, &rc,
- (*mlp)->sml_values,
- (*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
+ ml->sml_values,
+ ml->sml_nvalues ? &ml->sml_nvalues : NULL );
#endif /* ! ENABLE_REWRITE */
if ( rc != LDAP_SUCCESS ) {
goto cleanup_mod;
@@ -533,10 +666,10 @@ next_mod:;
if ( mapping != NULL ) {
/* use new attribute description */
assert( mapping->m_dst_ad != NULL );
- (*mlp)->sml_desc = mapping->m_dst_ad;
+ ml->sml_desc = mapping->m_dst_ad;
}
- mlp = &(*mlp)->sml_next;
+ mlp = &ml->sml_next;
continue;
cleanup_mod:;
@@ -546,6 +679,8 @@ cleanup_mod:;
free( ml );
}
+ op->o_callback = &roc->cb;
+
return SLAP_CB_CONTINUE;
}
@@ -558,6 +693,8 @@ rwm_op_modrdn( Operation *op, SlapReply *rs )
int rc;
+ rwm_op_cb *roc = rwm_callback_get( op, rs );
+
if ( op->orr_newSup ) {
dncookie dc;
struct berval nnewSup = BER_BVNULL;
@@ -585,8 +722,10 @@ rwm_op_modrdn( Operation *op, SlapReply *rs )
}
if ( op->orr_newSup->bv_val != newSup.bv_val ) {
- op->o_tmpfree( op->orr_newSup->bv_val, op->o_tmpmemctx );
- op->o_tmpfree( op->orr_nnewSup->bv_val, op->o_tmpmemctx );
+ op->orr_newSup = op->o_tmpalloc( sizeof( struct berval ),
+ op->o_tmpmemctx );
+ op->orr_nnewSup = op->o_tmpalloc( sizeof( struct berval ),
+ op->o_tmpmemctx );
*op->orr_newSup = newSup;
*op->orr_nnewSup = nnewSup;
}
@@ -596,61 +735,43 @@ rwm_op_modrdn( Operation *op, SlapReply *rs )
* Rewrite the dn, if needed
*/
#ifdef ENABLE_REWRITE
- rc = rwm_op_dn_massage( op, rs, "renameDN" );
+ rc = rwm_op_dn_massage( op, rs, "renameDN", &roc->ros );
#else /* ! ENABLE_REWRITE */
rc = 1;
- rc = rwm_op_dn_massage( op, rs, &rc );
+ rc = rwm_op_dn_massage( op, rs, &rc, &roc->ros );
#endif /* ! ENABLE_REWRITE */
if ( rc != LDAP_SUCCESS ) {
op->o_bd->bd_info = (BackendInfo *)on->on_info;
send_ldap_error( op, rs, rc, "renameDN massage error" );
+ if ( op->orr_newSup != roc->ros.orr_newSup ) {
+ ch_free( op->orr_newSup->bv_val );
+ ch_free( op->orr_nnewSup->bv_val );
+ op->o_tmpfree( op->orr_newSup, op->o_tmpmemctx );
+ op->o_tmpfree( op->orr_nnewSup, op->o_tmpmemctx );
+ op->orr_newSup = roc->ros.orr_newSup;
+ op->orr_nnewSup = roc->ros.orr_nnewSup;
+ }
return -1;
}
/* TODO: rewrite newRDN, attribute types,
* values of DN-valued attributes ... */
- return SLAP_CB_CONTINUE;
-}
-static slap_callback rwm_cb;
+ op->o_callback = &roc->cb;
-static void
-rwm_keyfree(
- void *key,
- void *data )
-{
- ber_memfree_x( data, NULL );
+ return SLAP_CB_CONTINUE;
}
-static slap_callback *
-rwm_callback_get( Operation *op )
-{
- void *data = NULL;
-
- if ( op->o_threadctx == NULL ) {
- return &rwm_cb;
- }
-
- ldap_pvt_thread_pool_getkey( op->o_threadctx,
- rwm_keyfree, &data, NULL );
- if ( data == NULL ) {
- data = ch_calloc( sizeof( slap_callback ), 1 );
- ldap_pvt_thread_pool_setkey( op->o_threadctx,
- rwm_keyfree, data, rwm_keyfree );
- }
-
- return (slap_callback *)data;
-}
static int
rwm_swap_attrs( Operation *op, SlapReply *rs )
{
slap_callback *cb = op->o_callback;
- AttributeName *an = (AttributeName *)cb->sc_private;
+ rwm_op_state *ros = cb->sc_private;
- rs->sr_attrs = an;
+ rs->sr_attrs = ros->ors_attrs;
- return SLAP_CB_CONTINUE;
+ return SLAP_CB_CONTINUE;
}
static int
@@ -666,19 +787,20 @@ rwm_op_search( Operation *op, SlapReply *rs )
struct berval fstr = BER_BVNULL;
Filter *f = NULL;
- slap_callback *cb = NULL;
AttributeName *an = NULL;
char *text = NULL;
+ rwm_op_cb *roc = rwm_callback_get( op, rs );
+
#ifdef ENABLE_REWRITE
rc = rewrite_session_var_set( rwmap->rwm_rw, op->o_conn,
"searchFilter", op->ors_filterstr.bv_val );
if ( rc == LDAP_SUCCESS )
- rc = rwm_op_dn_massage( op, rs, "searchDN" );
+ rc = rwm_op_dn_massage( op, rs, "searchDN", &roc->ros );
#else /* ! ENABLE_REWRITE */
rc = 1;
- rc = rwm_op_dn_massage( op, rs, &rc );
+ rc = rwm_op_dn_massage( op, rs, &rc, &roc->ros );
#endif /* ! ENABLE_REWRITE */
if ( rc != LDAP_SUCCESS ) {
text = "searchDN massage error";
@@ -711,14 +833,6 @@ rwm_op_search( Operation *op, SlapReply *rs )
goto error_return;
}
- if ( !BER_BVISNULL( &op->ors_filterstr ) ) {
- ch_free( op->ors_filterstr.bv_val );
- }
-
- if( op->ors_filter ) {
- filter_free_x( op, op->ors_filter );
- }
-
op->ors_filter = f;
op->ors_filterstr = fstr;
@@ -729,15 +843,10 @@ rwm_op_search( Operation *op, SlapReply *rs )
goto error_return;
}
- cb = rwm_callback_get( op );
-
- cb->sc_response = rwm_swap_attrs;
- cb->sc_cleanup = NULL;
- cb->sc_private = (void *)op->ors_attrs;
- cb->sc_next = op->o_callback;
-
- op->o_callback = cb;
op->ors_attrs = an;
+ roc->cb.sc_response = rwm_swap_attrs;
+
+ op->o_callback = &roc->cb;
return SLAP_CB_CONTINUE;
@@ -754,6 +863,8 @@ error_return:;
ch_free( fstr.bv_val );
}
+ op->oq_search = roc->ros.oq_search;
+
op->o_bd->bd_info = (BackendInfo *)on->on_info;
send_ldap_error( op, rs, rc, text );
@@ -766,10 +877,12 @@ rwm_exop_passwd( Operation *op, SlapReply *rs )
{
slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
int rc;
+ rwm_op_cb *roc;
struct berval id = BER_BVNULL,
pwold = BER_BVNULL,
pwnew = BER_BVNULL;
+ BerElement *ber = NULL;
if ( !BER_BVISNULL( &op->o_req_ndn ) ) {
return LDAP_SUCCESS;
@@ -799,11 +912,13 @@ rwm_exop_passwd( Operation *op, SlapReply *rs )
ber_dupbv_x( &op->o_req_ndn, &op->o_ndn, op->o_tmpmemctx );
}
+ roc = rwm_callback_get( op, rs );
+
#ifdef ENABLE_REWRITE
- rc = rwm_op_dn_massage( op, rs, "extendedDN" );
+ rc = rwm_op_dn_massage( op, rs, "extendedDN", &roc->ros );
#else /* ! ENABLE_REWRITE */
rc = 1;
- rc = rwm_op_dn_massage( op, rs, &rc );
+ rc = rwm_op_dn_massage( op, rs, &rc, &roc->ros );
#endif /* ! ENABLE_REWRITE */
if ( rc != LDAP_SUCCESS ) {
op->o_bd->bd_info = (BackendInfo *)on->on_info;
@@ -811,7 +926,28 @@ rwm_exop_passwd( Operation *op, SlapReply *rs )
return -1;
}
- /* TODO: re-encode the request with the massaged DN */
+ ber = ber_alloc_t( LBER_USE_DER );
+ if ( !ber ) {
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "No memory";
+ return rs->sr_err;
+ }
+ ber_printf( ber, "{" );
+ if ( !BER_BVISNULL( &id )) {
+ ber_printf( ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_ID,
+ &op->o_req_dn );
+ }
+ if ( !BER_BVISNULL( &pwold )) {
+ ber_printf( ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, &pwold );
+ }
+ if ( !BER_BVISNULL( &pwnew )) {
+ ber_printf( ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, &pwnew );
+ }
+ ber_printf( ber, "N}" );
+ ber_flatten( ber, &op->ore_reqdata );
+ ber_free( ber, 1 );
+
+ op->o_callback = &roc->cb;
return SLAP_CB_CONTINUE;
}
@@ -829,6 +965,7 @@ rwm_extended( Operation *op, SlapReply *rs )
{
slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
int rc;
+ rwm_op_cb *roc;
int i;
@@ -852,11 +989,13 @@ rwm_extended( Operation *op, SlapReply *rs )
}
}
+ roc = rwm_callback_get( op, rs );
+
#ifdef ENABLE_REWRITE
- rc = rwm_op_dn_massage( op, rs, "extendedDN" );
+ rc = rwm_op_dn_massage( op, rs, "extendedDN", &roc->ros );
#else /* ! ENABLE_REWRITE */
rc = 1;
- rc = rwm_op_dn_massage( op, rs, &rc );
+ rc = rwm_op_dn_massage( op, rs, &rc, &roc->ros );
#endif /* ! ENABLE_REWRITE */
if ( rc != LDAP_SUCCESS ) {
op->o_bd->bd_info = (BackendInfo *)on->on_info;
@@ -865,6 +1004,8 @@ rwm_extended( Operation *op, SlapReply *rs )
}
/* TODO: rewrite/map extended data ? ... */
+ op->o_callback = &roc->cb;
+
return SLAP_CB_CONTINUE;
}
@@ -1386,16 +1527,6 @@ rwm_response( Operation *op, SlapReply *rs )
switch( op->o_tag ) {
case LDAP_REQ_SEARCH:
- /* Note: the operation attrs are remapped */
- if ( rs->sr_type == REP_RESULT
- && op->ors_attrs != NULL
- && op->ors_attrs != rs->sr_attrs )
- {
- ch_free( op->ors_attrs );
- op->ors_attrs = rs->sr_attrs;
- }
- /* fall thru */
-
case LDAP_REQ_BIND:
case LDAP_REQ_ADD:
case LDAP_REQ_DELETE:
@@ -1512,7 +1643,6 @@ rwm_db_init(
BackendDB *be )
{
slap_overinst *on = (slap_overinst *) be->bd_info;
- struct ldapmapping *mapping = NULL;
struct ldaprwmap *rwmap;
#ifdef ENABLE_REWRITE
char *rargv[ 3 ];
@@ -1541,13 +1671,6 @@ rwm_db_init(
rewrite_parse( rwmap->rwm_rw, "<suffix massage>", 2, 2, rargv );
#endif /* ENABLE_REWRITE */
- if ( rwm_map_init( &rwmap->rwm_oc, &mapping ) != LDAP_SUCCESS ||
- rwm_map_init( &rwmap->rwm_at, &mapping ) != LDAP_SUCCESS )
- {
- rc = 1;
- goto error_return;
- }
-
error_return:;
on->on_bi.bi_private = (void *)rwmap;
diff --git a/servers/slapd/overlays/rwm.h b/servers/slapd/overlays/rwm.h
index aa1ba77598edc141032762af097fa68df07843b0..bc349d9c4092477fde5faee7b6522033f12d1121 100644
--- a/servers/slapd/overlays/rwm.h
+++ b/servers/slapd/overlays/rwm.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Howard Chu.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
diff --git a/servers/slapd/overlays/rwmconf.c b/servers/slapd/overlays/rwmconf.c
index e02ccb5ae7bf1e9d35cb1719784335c36fa7c335..81e0b3b594e45a2514c57a74f59c4bde832b0866 100644
--- a/servers/slapd/overlays/rwmconf.c
+++ b/servers/slapd/overlays/rwmconf.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Howard Chu.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
@@ -47,6 +47,7 @@ rwm_map_config(
struct ldapmapping *mapping;
char *src, *dst;
int is_oc = 0;
+ int rc = 0;
if ( argc < 3 || argc > 4 ) {
fprintf( stderr,
@@ -73,7 +74,7 @@ rwm_map_config(
if ( strcmp( argv[2], "*" ) == 0 ) {
if ( argc < 4 || strcmp( argv[3], "*" ) == 0 ) {
map->drop_missing = ( argc < 4 );
- return 0;
+ goto success_return;
}
src = dst = argv[3];
@@ -230,7 +231,13 @@ rwm_map_config(
avl_insert( &map->remap, (caddr_t)&mapping[1],
rwm_mapping_cmp, rwm_mapping_dup );
- return 0;
+success_return:;
+ if ( !is_oc && map->map == NULL ) {
+ /* only init if required */
+ rc = rwm_map_init( map, &mapping ) != LDAP_SUCCESS;
+ }
+
+ return rc;
error_return:;
if ( mapping ) {
diff --git a/servers/slapd/overlays/rwmdn.c b/servers/slapd/overlays/rwmdn.c
index f76487799b4a08cd81f2915a7069d165ab34809d..9348c70f119ad1cfa80e1fc44af7b6ebdcc36e53 100644
--- a/servers/slapd/overlays/rwmdn.c
+++ b/servers/slapd/overlays/rwmdn.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Howard Chu.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
diff --git a/servers/slapd/overlays/rwmmap.c b/servers/slapd/overlays/rwmmap.c
index dce3a95f73087fdd218f13695ac00cf23b289758..c05032a36aa3cd18d30f1fd79c309c4c2834ec2e 100644
--- a/servers/slapd/overlays/rwmmap.c
+++ b/servers/slapd/overlays/rwmmap.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Howard Chu.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
@@ -142,6 +142,13 @@ rwm_map( struct ldapmap *map, struct berval *s, struct berval *bv, int remap )
{
struct ldapmapping *mapping;
+ /* map->map may be NULL when mapping is configured,
+ * but map->remap can't */
+ if ( map->remap == NULL ) {
+ *bv = *s;
+ return;
+ }
+
BER_BVZERO( bv );
( void )rwm_mapping( map, s, &mapping, remap );
if ( mapping != NULL ) {
@@ -451,6 +458,7 @@ rwm_int_filter_map_rewrite(
{
int i;
Filter *p;
+ AttributeDescription *ad;
struct berval atmp,
vtmp,
*tmp;
@@ -478,9 +486,10 @@ rwm_int_filter_map_rewrite(
return LDAP_OTHER;
}
- switch ( f->f_choice ) {
+ switch ( f->f_choice & SLAPD_FILTER_MASK ) {
case LDAP_FILTER_EQUALITY:
- if ( map_attr_value( dc, &f->f_av_desc, &atmp,
+ ad = f->f_av_desc;
+ if ( map_attr_value( dc, &ad, &atmp,
&f->f_av_value, &vtmp, RWM_MAP ) )
{
goto computed;
@@ -496,7 +505,8 @@ rwm_int_filter_map_rewrite(
break;
case LDAP_FILTER_GE:
- if ( map_attr_value( dc, &f->f_av_desc, &atmp,
+ ad = f->f_av_desc;
+ if ( map_attr_value( dc, &ad, &atmp,
&f->f_av_value, &vtmp, RWM_MAP ) )
{
goto computed;
@@ -512,7 +522,8 @@ rwm_int_filter_map_rewrite(
break;
case LDAP_FILTER_LE:
- if ( map_attr_value( dc, &f->f_av_desc, &atmp,
+ ad = f->f_av_desc;
+ if ( map_attr_value( dc, &ad, &atmp,
&f->f_av_value, &vtmp, RWM_MAP ) )
{
goto computed;
@@ -528,7 +539,8 @@ rwm_int_filter_map_rewrite(
break;
case LDAP_FILTER_APPROX:
- if ( map_attr_value( dc, &f->f_av_desc, &atmp,
+ ad = f->f_av_desc;
+ if ( map_attr_value( dc, &ad, &atmp,
&f->f_av_value, &vtmp, RWM_MAP ) )
{
goto computed;
@@ -544,7 +556,8 @@ rwm_int_filter_map_rewrite(
break;
case LDAP_FILTER_SUBSTRINGS:
- if ( map_attr_value( dc, &f->f_sub_desc, &atmp,
+ ad = f->f_sub_desc;
+ if ( map_attr_value( dc, &ad, &atmp,
NULL, NULL, RWM_MAP ) )
{
goto computed;
@@ -606,7 +619,8 @@ rwm_int_filter_map_rewrite(
break;
case LDAP_FILTER_PRESENT:
- if ( map_attr_value( dc, &f->f_desc, &atmp,
+ ad = f->f_desc;
+ if ( map_attr_value( dc, &ad, &atmp,
NULL, NULL, RWM_MAP ) )
{
goto computed;
@@ -652,7 +666,8 @@ rwm_int_filter_map_rewrite(
case LDAP_FILTER_EXT: {
if ( f->f_mr_desc ) {
- if ( map_attr_value( dc, &f->f_mr_desc, &atmp,
+ ad = f->f_mr_desc;
+ if ( map_attr_value( dc, &ad, &atmp,
&f->f_mr_value, &vtmp, RWM_MAP ) )
{
goto computed;
@@ -680,7 +695,7 @@ rwm_int_filter_map_rewrite(
break;
}
- case 0:
+ case -1:
computed:;
filter_free_x( op, f );
f->f_choice = SLAPD_FILTER_COMPUTED;
diff --git a/servers/slapd/overlays/seqmod.c b/servers/slapd/overlays/seqmod.c
index 6a0a1296b7cb62b554a495a22cc735e5dbf8fcda..278face56d26e3a7791e934017e4cc9778d8fbba 100644
--- a/servers/slapd/overlays/seqmod.c
+++ b/servers/slapd/overlays/seqmod.c
@@ -1,7 +1,7 @@
/* seqmod.c - sequenced modifies */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/overlays/syncprov.c b/servers/slapd/overlays/syncprov.c
index c17597392fac990d23774cfb42288e1c68234cee..5a399a43e89493a3e90d87f721de585e510575af 100644
--- a/servers/slapd/overlays/syncprov.c
+++ b/servers/slapd/overlays/syncprov.c
@@ -2,7 +2,7 @@
/* syncprov.c - syncrepl provider */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -59,6 +59,7 @@ typedef struct syncops {
ID s_eid; /* entryID of search base */
Operation *s_op; /* search op */
int s_rid;
+ int s_sid;
struct berval s_filterstr;
int s_flags; /* search status */
#define PS_IS_REFRESHING 0x01
@@ -103,6 +104,7 @@ typedef struct slog_entry {
struct slog_entry *se_next;
struct berval se_uuid;
struct berval se_csn;
+ int se_sid;
ber_tag_t se_tag;
} slog_entry;
@@ -118,7 +120,9 @@ typedef struct sessionlog {
/* The main state for this overlay */
typedef struct syncprov_info_t {
syncops *si_ops;
- struct berval si_ctxcsn; /* ldapsync context */
+ BerVarray si_ctxcsn; /* ldapsync context */
+ int *si_sids;
+ int si_numcsns;
int si_chkops; /* checkpointing info */
int si_chktime;
int si_numops; /* number of ops since last checkpoint */
@@ -127,10 +131,9 @@ typedef struct syncprov_info_t {
time_t si_chklast; /* time of last checkpoint */
Avlnode *si_mods; /* entries being modified */
sessionlog *si_logs;
- ldap_pvt_thread_mutex_t si_csn_mutex;
+ ldap_pvt_thread_rdwr_t si_csn_rwlock;
ldap_pvt_thread_mutex_t si_ops_mutex;
ldap_pvt_thread_mutex_t si_mods_mutex;
- char si_ctxcsnbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
} syncprov_info_t;
typedef struct opcookie {
@@ -401,6 +404,7 @@ syncprov_findbase( Operation *op, fbase_cookie *fc )
slap_callback cb = {0};
Operation fop;
SlapReply frs = { REP_RESULT };
+ BackendInfo *bi;
int rc;
fc->fss->s_flags ^= PS_FIND_BASE;
@@ -412,6 +416,7 @@ syncprov_findbase( Operation *op, fbase_cookie *fc )
fop.o_bd = op->o_bd;
fop.o_time = op->o_time;
fop.o_tincr = op->o_tincr;
+ bi = op->o_bd->bd_info;
cb.sc_response = findbase_cb;
cb.sc_private = fc;
@@ -429,9 +434,8 @@ syncprov_findbase( Operation *op, fbase_cookie *fc )
fop.ors_filter = &generic_filter;
fop.ors_filterstr = generic_filterstr;
- fop.o_bd->bd_info = on->on_info->oi_orig;
- rc = fop.o_bd->be_search( &fop, &frs );
- fop.o_bd->bd_info = (BackendInfo *)on;
+ rc = overlay_op_walk( &fop, &frs, op_search, on->on_info, on );
+ op->o_bd->bd_info = bi;
} else {
ldap_pvt_thread_mutex_unlock( &fc->fss->s_mutex );
fc->fbase = 1;
@@ -580,7 +584,7 @@ syncprov_findcsn( Operation *op, find_csn_t mode )
char buf[LDAP_LUTIL_CSNSTR_BUFSIZE + STRLENOF("(entryCSN<=)")];
char cbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
struct berval maxcsn;
- Filter cf, af;
+ Filter cf;
#ifdef LDAP_COMP_MATCH
AttributeAssertion eq = { NULL, BER_BVNULL, NULL };
#else
@@ -590,13 +594,10 @@ syncprov_findcsn( Operation *op, find_csn_t mode )
sync_control *srs = NULL;
struct slap_limits_set fc_limits;
int i, rc = LDAP_SUCCESS, findcsn_retry = 1;
+ int maxid = 0;
if ( mode != FIND_MAXCSN ) {
srs = op->o_controls[slap_cids.sc_LDAPsync];
-
- if ( srs->sr_state.ctxcsn.bv_len >= LDAP_LUTIL_CSNSTR_BUFSIZE ) {
- return LDAP_OTHER;
- }
}
fop = *op;
@@ -606,6 +607,7 @@ syncprov_findcsn( Operation *op, find_csn_t mode )
cf.f_ava = &eq;
cf.f_av_desc = slap_schema.si_ad_entryCSN;
+ BER_BVZERO( &cf.f_av_value );
cf.f_next = NULL;
fop.o_callback = &cb;
@@ -618,7 +620,14 @@ again:
switch( mode ) {
case FIND_MAXCSN:
cf.f_choice = LDAP_FILTER_GE;
- cf.f_av_value = si->si_ctxcsn;
+ cf.f_av_value = si->si_ctxcsn[0];
+ /* If there are multiple CSNs, use the largest */
+ for ( i=1; i<si->si_numcsns; i++) {
+ if ( ber_bvcmp( &cf.f_av_value, &si->si_ctxcsn[i] ) < 0 ) {
+ cf.f_av_value = si->si_ctxcsn[i];
+ maxid = i;
+ }
+ }
fop.ors_filterstr.bv_len = sprintf( buf, "(entryCSN>=%s)",
cf.f_av_value.bv_val );
fop.ors_attrsonly = 0;
@@ -626,12 +635,21 @@ again:
fop.ors_slimit = SLAP_NO_LIMIT;
cb.sc_private = &maxcsn;
cb.sc_response = findmax_cb;
- strcpy( cbuf, si->si_ctxcsn.bv_val );
+ strcpy( cbuf, cf.f_av_value.bv_val );
maxcsn.bv_val = cbuf;
- maxcsn.bv_len = si->si_ctxcsn.bv_len;
+ maxcsn.bv_len = cf.f_av_value.bv_len;
break;
case FIND_CSN:
- cf.f_av_value = srs->sr_state.ctxcsn;
+ if ( BER_BVISEMPTY( &cf.f_av_value )) {
+ cf.f_av_value = srs->sr_state.ctxcsn[0];
+ /* If there are multiple CSNs, use the smallest */
+ for ( i=1; i<srs->sr_state.numcsns; i++ ) {
+ if ( ber_bvcmp( &cf.f_av_value, &srs->sr_state.ctxcsn[i] )
+ > 0 ) {
+ cf.f_av_value = srs->sr_state.ctxcsn[i];
+ }
+ }
+ }
/* Look for exact match the first time */
if ( findcsn_retry ) {
cf.f_choice = LDAP_FILTER_EQUALITY;
@@ -652,14 +670,8 @@ again:
cb.sc_response = findcsn_cb;
break;
case FIND_PRESENT:
- af.f_choice = LDAP_FILTER_AND;
- af.f_next = NULL;
- af.f_and = &cf;
- cf.f_choice = LDAP_FILTER_LE;
- cf.f_av_value = srs->sr_state.ctxcsn;
- cf.f_next = op->ors_filter;
- fop.ors_filter = ⁡
- filter2bv_x( &fop, fop.ors_filter, &fop.ors_filterstr );
+ fop.ors_filter = op->ors_filter;
+ fop.ors_filterstr = op->ors_filterstr;
fop.ors_attrsonly = 0;
fop.ors_attrs = uuid_anlist;
fop.ors_slimit = SLAP_NO_LIMIT;
@@ -687,8 +699,10 @@ again:
switch( mode ) {
case FIND_MAXCSN:
- strcpy( si->si_ctxcsnbuf, maxcsn.bv_val );
- si->si_ctxcsn.bv_len = maxcsn.bv_len;
+ if ( ber_bvcmp( &si->si_ctxcsn[maxid], &maxcsn )) {
+ ber_bvreplace( &si->si_ctxcsn[maxid], &maxcsn );
+ si->si_numops++; /* ensure a checkpoint */
+ }
break;
case FIND_CSN:
/* If matching CSN was not found, invalidate the context. */
@@ -703,7 +717,6 @@ again:
break;
case FIND_PRESENT:
op->o_tmpfree( pcookie.uuids, op->o_tmpmemctx );
- op->o_tmpfree( fop.ors_filterstr.bv_val, op->o_tmpmemctx );
break;
}
@@ -748,7 +761,7 @@ syncprov_sendresp( Operation *op, opcookie *opc, syncops *so,
SlapReply rs = { REP_SEARCH };
LDAPControl *ctrls[2];
- struct berval cookie;
+ struct berval cookie, csns[2];
Entry e_uuid = {0};
Attribute a_uuid = {0};
@@ -756,7 +769,9 @@ syncprov_sendresp( Operation *op, opcookie *opc, syncops *so,
return SLAPD_ABANDON;
ctrls[1] = NULL;
- slap_compose_sync_cookie( op, &cookie, &opc->sctxcsn, so->s_rid );
+ csns[0] = opc->sctxcsn;
+ BER_BVZERO( &csns[1] );
+ slap_compose_sync_cookie( op, &cookie, csns, so->s_rid, so->s_sid );
e_uuid.e_attrs = &a_uuid;
a_uuid.a_desc = slap_schema.si_ad_entryUUID;
@@ -825,7 +840,6 @@ syncprov_qplay( Operation *op, slap_overinst *on, syncops *so )
int rc = 0;
opc.son = on;
- op->o_bd->bd_info = (BackendInfo *)on->on_info;
for (;;) {
ldap_pvt_thread_mutex_lock( &so->s_mutex );
@@ -847,16 +861,19 @@ syncprov_qplay( Operation *op, slap_overinst *on, syncops *so )
e = NULL;
if ( sr->s_mode != LDAP_SYNC_DELETE ) {
- rc = be_entry_get_rw( op, &opc.sndn, NULL, NULL, 0, &e );
+ rc = overlay_entry_get_ov( op, &opc.sndn, NULL, NULL, 0, &e, on );
if ( rc ) {
+ Debug( LDAP_DEBUG_SYNC, "syncprov_qplay: failed to get %s, "
+ "error (%d), ignoring...\n", opc.sndn.bv_val, rc, 0 );
ch_free( sr );
+ rc = 0;
continue;
}
}
rc = syncprov_sendresp( op, &opc, so, &e, sr->s_mode );
if ( e ) {
- be_entry_release_rw( op, e, 0 );
+ overlay_entry_release_ov( op, e, 0, on );
}
ch_free( sr );
@@ -864,7 +881,6 @@ syncprov_qplay( Operation *op, slap_overinst *on, syncops *so )
if ( rc )
break;
}
- op->o_bd->bd_info = (BackendInfo *)on;
return rc;
}
@@ -961,6 +977,12 @@ static int
syncprov_qresp( opcookie *opc, syncops *so, int mode )
{
syncres *sr;
+ int sid;
+
+ /* Don't send changes back to their originator */
+ sid = slap_parse_csn_sid( &opc->sctxcsn );
+ if ( sid >= 0 && sid == so->s_sid )
+ return LDAP_SUCCESS;
sr = ch_malloc(sizeof(syncres) + opc->suuid.bv_len + 1 +
opc->sdn.bv_len + 1 + opc->sndn.bv_len + 1 + opc->sctxcsn.bv_len + 1 );
@@ -1075,7 +1097,7 @@ syncprov_matchops( Operation *op, opcookie *opc, int saveit )
fbase_cookie fc;
syncops *ss, *sprev, *snext;
- Entry *e;
+ Entry *e = NULL;
Attribute *a;
int rc;
struct berval newdn;
@@ -1097,15 +1119,13 @@ syncprov_matchops( Operation *op, opcookie *opc, int saveit )
db = *op->o_bd;
op->o_bd = &db;
}
- op->o_bd->bd_info = (BackendInfo *)on->on_info;
- rc = be_entry_get_rw( op, fc.fdn, NULL, NULL, 0, &e );
+ rc = overlay_entry_get_ov( op, fc.fdn, NULL, NULL, 0, &e, on );
/* If we're sending responses now, make a copy and unlock the DB */
if ( e && !saveit ) {
Entry *e2 = entry_dup( e );
- be_entry_release_rw( op, e, 0 );
+ overlay_entry_release_ov( op, e, 0, on );
e = e2;
}
- op->o_bd->bd_info = (BackendInfo *)on;
if ( rc ) {
op->o_bd = b0;
return;
@@ -1262,21 +1282,13 @@ syncprov_op_cleanup( Operation *op, SlapReply *rs )
static void
syncprov_checkpoint( Operation *op, SlapReply *rs, slap_overinst *on )
{
- syncprov_info_t *si = on->on_bi.bi_private;
+ syncprov_info_t *si = (syncprov_info_t *)on->on_bi.bi_private;
Modifications mod;
Operation opm;
SlapReply rsm = { 0 };
- struct berval bv[2];
slap_callback cb = {0};
- /* If ctxcsn is empty, delete it */
- if ( BER_BVISEMPTY( &si->si_ctxcsn )) {
- mod.sml_values = NULL;
- } else {
- mod.sml_values = bv;
- bv[1].bv_val = NULL;
- bv[0] = si->si_ctxcsn;
- }
+ mod.sml_values = si->si_ctxcsn;
mod.sml_nvalues = NULL;
mod.sml_desc = slap_schema.si_ad_contextCSN;
mod.sml_op = LDAP_MOD_REPLACE;
@@ -1288,13 +1300,12 @@ syncprov_checkpoint( Operation *op, SlapReply *rs, slap_overinst *on )
opm.o_tag = LDAP_REQ_MODIFY;
opm.o_callback = &cb;
opm.orm_modlist = &mod;
+ opm.orm_no_opattrs = 1;
opm.o_req_dn = op->o_bd->be_suffix[0];
opm.o_req_ndn = op->o_bd->be_nsuffix[0];
opm.o_bd->bd_info = on->on_info->oi_orig;
opm.o_managedsait = SLAP_CONTROL_NONCRITICAL;
- SLAP_DBFLAGS( opm.o_bd ) |= SLAP_DBFLAG_NOLASTMOD;
opm.o_bd->be_modify( &opm, &rsm );
- SLAP_DBFLAGS( opm.o_bd ) ^= SLAP_DBFLAG_NOLASTMOD;
if ( mod.sml_next != NULL ) {
slap_mods_free( mod.sml_next, 1 );
}
@@ -1325,6 +1336,7 @@ syncprov_add_slog( Operation *op )
AC_MEMCPY( se->se_csn.bv_val, op->o_csn.bv_val, op->o_csn.bv_len );
se->se_csn.bv_val[op->o_csn.bv_len] = '\0';
se->se_csn.bv_len = op->o_csn.bv_len;
+ se->se_sid = slap_parse_csn_sid( &se->se_csn );
ldap_pvt_thread_mutex_lock( &sl->sl_mutex );
if ( sl->sl_head ) {
@@ -1359,14 +1371,14 @@ playlog_cb( Operation *op, SlapReply *rs )
/* enter with sl->sl_mutex locked, release before returning */
static void
syncprov_playlog( Operation *op, SlapReply *rs, sessionlog *sl,
- sync_control *srs, struct berval *ctxcsn )
+ sync_control *srs, BerVarray ctxcsn, int numcsns, int *sids )
{
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
slog_entry *se;
int i, j, ndel, num, nmods, mmods;
char cbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
BerVarray uuids;
- struct berval delcsn;
+ struct berval delcsn[2];
if ( !sl->sl_num ) {
ldap_pvt_thread_mutex_unlock( &sl->sl_mutex );
@@ -1381,22 +1393,47 @@ syncprov_playlog( Operation *op, SlapReply *rs, sessionlog *sl,
num * UUID_LEN, op->o_tmpmemctx );
uuids[0].bv_val = (char *)(uuids + num + 1);
- delcsn.bv_len = 0;
- delcsn.bv_val = cbuf;
+ delcsn[0].bv_len = 0;
+ delcsn[0].bv_val = cbuf;
+ BER_BVZERO(&delcsn[1]);
/* Make a copy of the relevant UUIDs. Put the Deletes up front
* and everything else at the end. Do this first so we can
* unlock the list mutex.
*/
+ Debug( LDAP_DEBUG_SYNC, "srs csn %s\n",
+ srs->sr_state.ctxcsn[0].bv_val, 0, 0 );
for ( se=sl->sl_head; se; se=se->se_next ) {
- if ( ber_bvcmp( &se->se_csn, &srs->sr_state.ctxcsn ) <= 0 ) continue;
- if ( ber_bvcmp( &se->se_csn, ctxcsn ) > 0 ) break;
+ int k;
+ Debug( LDAP_DEBUG_SYNC, "log csn %s\n", se->se_csn.bv_val, 0, 0 );
+ ndel = 1;
+ for ( k=0; k<srs->sr_state.numcsns; k++ ) {
+ if ( se->se_sid == srs->sr_state.sids[k] ) {
+ ndel = ber_bvcmp( &se->se_csn, &srs->sr_state.ctxcsn[k] );
+ break;
+ }
+ }
+ if ( ndel <= 0 ) {
+ Debug( LDAP_DEBUG_SYNC, "cmp %d, too old\n", ndel, 0, 0 );
+ continue;
+ }
+ ndel = 0;
+ for ( k=0; k<numcsns; k++ ) {
+ if ( se->se_sid == sids[k] ) {
+ ndel = ber_bvcmp( &se->se_csn, &ctxcsn[k] );
+ break;
+ }
+ }
+ if ( ndel > 0 ) {
+ Debug( LDAP_DEBUG_SYNC, "cmp %d, too new\n", ndel, 0, 0 );
+ break;
+ }
if ( se->se_tag == LDAP_REQ_DELETE ) {
j = i;
i++;
AC_MEMCPY( cbuf, se->se_csn.bv_val, se->se_csn.bv_len );
- delcsn.bv_len = se->se_csn.bv_len;
- delcsn.bv_val[delcsn.bv_len] = '\0';
+ delcsn[0].bv_len = se->se_csn.bv_len;
+ delcsn[0].bv_val[delcsn[0].bv_len] = '\0';
} else {
nmods++;
j = num - nmods;
@@ -1490,7 +1527,8 @@ syncprov_playlog( Operation *op, SlapReply *rs, sessionlog *sl,
if ( ndel ) {
struct berval cookie;
- slap_compose_sync_cookie( op, &cookie, &delcsn, srs->sr_state.rid );
+ slap_compose_sync_cookie( op, &cookie, delcsn, srs->sr_state.rid,
+ srs->sr_state.sid );
uuids[ndel].bv_val = NULL;
syncprov_sendinfo( op, rs, LDAP_TAG_SYNC_ID_SET, &cookie, 0, uuids, 1 );
op->o_tmpfree( cookie.bv_val, op->o_tmpmemctx );
@@ -1510,29 +1548,43 @@ syncprov_op_response( Operation *op, SlapReply *rs )
{
struct berval maxcsn = BER_BVNULL;
char cbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
+ int do_check = 0;
/* Update our context CSN */
cbuf[0] = '\0';
- ldap_pvt_thread_mutex_lock( &si->si_csn_mutex );
+ ldap_pvt_thread_rdwr_wlock( &si->si_csn_rwlock );
slap_get_commit_csn( op, &maxcsn );
if ( !BER_BVISNULL( &maxcsn ) ) {
+ int i, sid;
strcpy( cbuf, maxcsn.bv_val );
- if ( ber_bvcmp( &maxcsn, &si->si_ctxcsn ) > 0 ) {
- strcpy( si->si_ctxcsnbuf, cbuf );
- si->si_ctxcsn.bv_len = maxcsn.bv_len;
+ sid = slap_parse_csn_sid( &maxcsn );
+ for ( i=0; i<si->si_numcsns; i++ ) {
+ if ( sid == si->si_sids[i] ) {
+ if ( ber_bvcmp( &maxcsn, &si->si_ctxcsn[i] ) > 0 ) {
+ ber_bvreplace( &si->si_ctxcsn[i], &maxcsn );
+ }
+ break;
+ }
+ }
+ /* It's a new SID for us */
+ if ( i == si->si_numcsns ) {
+ value_add_one( &si->si_ctxcsn, &maxcsn );
+ si->si_numcsns++;
+ si->si_sids = ch_realloc( si->si_sids, si->si_numcsns *
+ sizeof(int));
+ si->si_sids[i] = sid;
}
}
/* Don't do any processing for consumer contextCSN updates */
if ( SLAP_SYNC_SHADOW( op->o_bd ) &&
op->o_msgid == SLAP_SYNC_UPDATE_MSGID ) {
- ldap_pvt_thread_mutex_unlock( &si->si_csn_mutex );
+ ldap_pvt_thread_rdwr_wunlock( &si->si_csn_rwlock );
return SLAP_CB_CONTINUE;
}
si->si_numops++;
if ( si->si_chkops || si->si_chktime ) {
- int do_check=0;
if ( si->si_chkops && si->si_numops >= si->si_chkops ) {
do_check = 1;
si->si_numops = 0;
@@ -1542,11 +1594,14 @@ syncprov_op_response( Operation *op, SlapReply *rs )
do_check = 1;
si->si_chklast = op->o_time;
}
- if ( do_check ) {
- syncprov_checkpoint( op, rs, on );
- }
}
- ldap_pvt_thread_mutex_unlock( &si->si_csn_mutex );
+ ldap_pvt_thread_rdwr_wunlock( &si->si_csn_rwlock );
+
+ if ( do_check ) {
+ ldap_pvt_thread_rdwr_rlock( &si->si_csn_rwlock );
+ syncprov_checkpoint( op, rs, on );
+ ldap_pvt_thread_rdwr_runlock( &si->si_csn_rwlock );
+ }
opc->sctxcsn.bv_len = maxcsn.bv_len;
opc->sctxcsn.bv_val = cbuf;
@@ -1598,19 +1653,17 @@ syncprov_op_compare( Operation *op, SlapReply *rs )
{
Entry e = {0};
Attribute a = {0};
- struct berval bv[2];
e.e_name = op->o_bd->be_suffix[0];
e.e_nname = op->o_bd->be_nsuffix[0];
-
- BER_BVZERO( &bv[1] );
- bv[0] = si->si_ctxcsn;
+ e.e_attrs = &a;
a.a_desc = slap_schema.si_ad_contextCSN;
- a.a_vals = bv;
- a.a_nvals = a.a_vals;
- ldap_pvt_thread_mutex_lock( &si->si_csn_mutex );
+ ldap_pvt_thread_rdwr_rlock( &si->si_csn_rwlock );
+
+ a.a_vals = si->si_ctxcsn;
+ a.a_nvals = a.a_vals;
rs->sr_err = access_allowed( op, &e, op->oq_compare.rs_ava->aa_desc,
&op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL );
@@ -1639,7 +1692,7 @@ syncprov_op_compare( Operation *op, SlapReply *rs )
return_results:;
- ldap_pvt_thread_mutex_unlock( &si->si_csn_mutex );
+ ldap_pvt_thread_rdwr_runlock( &si->si_csn_rwlock );
send_ldap_result( op, rs );
@@ -1738,9 +1791,10 @@ syncprov_op_extended( Operation *op, SlapReply *rs )
typedef struct searchstate {
slap_overinst *ss_on;
syncops *ss_so;
+ BerVarray ss_ctxcsn;
+ int *ss_sids;
+ int ss_numcsns;
int ss_present;
- struct berval ss_ctxcsn;
- char ss_csnbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
} searchstate;
static int
@@ -1869,23 +1923,43 @@ syncprov_search_response( Operation *op, SlapReply *rs )
a = attr_find( rs->sr_operational_attrs, slap_schema.si_ad_entryCSN );
}
if ( a ) {
- /* Make sure entry is less than the snapshot'd contextCSN */
- if ( ber_bvcmp( &a->a_nvals[0], &ss->ss_ctxcsn ) > 0 ) {
- Debug( LDAP_DEBUG_SYNC, "Entry %s CSN %s greater than snapshot %s\n",
- rs->sr_entry->e_name.bv_val,
- a->a_nvals[0].bv_val,
- ss->ss_ctxcsn.bv_val );
+ int i, sid;
+ sid = slap_parse_csn_sid( &a->a_nvals[0] );
+
+ /* Don't send changed entries back to the originator */
+ if ( sid == srs->sr_state.sid && srs->sr_state.numcsns ) {
+ Debug( LDAP_DEBUG_SYNC,
+ "Entry %s changed by peer, ignored\n",
+ rs->sr_entry->e_name.bv_val, 0, 0 );
return LDAP_SUCCESS;
}
+ /* Make sure entry is less than the snapshot'd contextCSN */
+ for ( i=0; i<ss->ss_numcsns; i++ ) {
+ if ( sid == ss->ss_sids[i] && ber_bvcmp( &a->a_nvals[0],
+ &ss->ss_ctxcsn[i] ) > 0 ) {
+ Debug( LDAP_DEBUG_SYNC,
+ "Entry %s CSN %s greater than snapshot %s\n",
+ rs->sr_entry->e_name.bv_val,
+ a->a_nvals[0].bv_val,
+ ss->ss_ctxcsn[i].bv_val );
+ return LDAP_SUCCESS;
+ }
+ }
- /* Don't send the ctx entry twice */
- if ( !BER_BVISNULL( &srs->sr_state.ctxcsn ) &&
- bvmatch( &a->a_nvals[0], &srs->sr_state.ctxcsn ) ) {
- Debug( LDAP_DEBUG_SYNC, "Entry %s CSN %s matches ctx %s\n",
- rs->sr_entry->e_name.bv_val,
- a->a_nvals[0].bv_val,
- srs->sr_state.ctxcsn.bv_val );
- return LDAP_SUCCESS;
+ /* Don't send old entries twice */
+ if ( srs->sr_state.ctxcsn ) {
+ for ( i=0; i<srs->sr_state.numcsns; i++ ) {
+ if ( sid == srs->sr_state.sids[i] &&
+ ber_bvcmp( &a->a_nvals[0],
+ &srs->sr_state.ctxcsn[i] )<= 0 ) {
+ Debug( LDAP_DEBUG_SYNC,
+ "Entry %s CSN %s older or equal to ctx %s\n",
+ rs->sr_entry->e_name.bv_val,
+ a->a_nvals[0].bv_val,
+ srs->sr_state.ctxcsn[i].bv_val );
+ return LDAP_SUCCESS;
+ }
+ }
}
}
rs->sr_ctrls = op->o_tmpalloc( sizeof(LDAPControl *)*2,
@@ -1896,8 +1970,8 @@ syncprov_search_response( Operation *op, SlapReply *rs )
} else if ( rs->sr_type == REP_RESULT && rs->sr_err == LDAP_SUCCESS ) {
struct berval cookie;
- slap_compose_sync_cookie( op, &cookie, &ss->ss_ctxcsn,
- srs->sr_state.rid );
+ slap_compose_sync_cookie( op, &cookie, ss->ss_ctxcsn,
+ srs->sr_state.rid, srs->sr_state.sid );
/* Is this a regular refresh? */
if ( !ss->ss_so ) {
@@ -1945,8 +2019,9 @@ syncprov_op_search( Operation *op, SlapReply *rs )
syncops *sop = NULL;
searchstate *ss;
sync_control *srs;
- struct berval ctxcsn;
- char csnbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
+ BerVarray ctxcsn;
+ int i, *sids, numcsns;
+ struct berval mincsn;
if ( !(op->o_sync_mode & SLAP_SYNC_REFRESH) ) return SLAP_CB_CONTINUE;
@@ -1990,6 +2065,7 @@ syncprov_op_search( Operation *op, SlapReply *rs )
*sop = so;
ldap_pvt_thread_mutex_init( &sop->s_mutex );
sop->s_rid = srs->sr_state.rid;
+ sop->s_sid = srs->sr_state.sid;
sop->s_inuse = 1;
ldap_pvt_thread_mutex_lock( &si->si_ops_mutex );
@@ -1999,35 +2075,89 @@ syncprov_op_search( Operation *op, SlapReply *rs )
}
/* snapshot the ctxcsn */
- ldap_pvt_thread_mutex_lock( &si->si_csn_mutex );
- strcpy( csnbuf, si->si_ctxcsnbuf );
- ctxcsn.bv_len = si->si_ctxcsn.bv_len;
- ldap_pvt_thread_mutex_unlock( &si->si_csn_mutex );
- ctxcsn.bv_val = csnbuf;
+ ldap_pvt_thread_rdwr_rlock( &si->si_csn_rwlock );
+ numcsns = si->si_numcsns;
+ if ( numcsns ) {
+ ber_bvarray_dup_x( &ctxcsn, si->si_ctxcsn, op->o_tmpmemctx );
+ sids = op->o_tmpalloc( numcsns * sizeof(int), op->o_tmpmemctx );
+ for ( i=0; i<numcsns; i++ )
+ sids[i] = si->si_sids[i];
+ } else {
+ ctxcsn = NULL;
+ sids = NULL;
+ }
+ ldap_pvt_thread_rdwr_runlock( &si->si_csn_rwlock );
/* If we have a cookie, handle the PRESENT lookups */
- if ( !BER_BVISNULL( &srs->sr_state.ctxcsn )) {
+ if ( srs->sr_state.ctxcsn ) {
sessionlog *sl;
+ int i, j;
- /* The cookie was validated when it was parsed, just use it */
+ /* If we don't have any CSN of our own yet, pretend nothing
+ * has changed.
+ */
+ if ( !numcsns )
+ goto no_change;
- /* If just Refreshing and nothing has changed, shortcut it */
- if ( bvmatch( &srs->sr_state.ctxcsn, &ctxcsn )) {
- nochange = 1;
- if ( !(op->o_sync_mode & SLAP_SYNC_PERSIST) ) {
- LDAPControl *ctrls[2];
+ /* If there are SIDs we don't recognize in the cookie, drop them */
+ for (i=0; i<srs->sr_state.numcsns; ) {
+ for (j=0; j<numcsns; j++) {
+ if ( srs->sr_state.sids[i] == sids[j] ) {
+ break;
+ }
+ }
+ /* not found */
+ if ( j == numcsns ) {
+ struct berval tmp = srs->sr_state.ctxcsn[i];
+ j = srs->sr_state.numcsns - 1;
+ srs->sr_state.ctxcsn[i] = srs->sr_state.ctxcsn[j];
+ tmp.bv_len = 0;
+ srs->sr_state.ctxcsn[j] = tmp;
+ srs->sr_state.numcsns = j;
+ srs->sr_state.sids[i] = srs->sr_state.sids[j];
+ continue;
+ }
+ i++;
+ }
- ctrls[0] = NULL;
- ctrls[1] = NULL;
- syncprov_done_ctrl( op, rs, ctrls, 0, 0,
- NULL, LDAP_SYNC_REFRESH_DELETES );
- rs->sr_ctrls = ctrls;
- rs->sr_err = LDAP_SUCCESS;
- send_ldap_result( op, rs );
- rs->sr_ctrls = NULL;
- return rs->sr_err;
+ /* Find the smallest CSN */
+ mincsn = srs->sr_state.ctxcsn[0];
+ for ( i=1; i<srs->sr_state.numcsns; i++ ) {
+ if ( ber_bvcmp( &mincsn, &srs->sr_state.ctxcsn[i] ) > 0 )
+ mincsn = srs->sr_state.ctxcsn[i];
+ }
+
+ /* If nothing has changed, shortcut it */
+ if ( srs->sr_state.numcsns == numcsns ) {
+ int i, j, changed = 0;
+ for ( i=0; i<srs->sr_state.numcsns; i++ ) {
+ for ( j=0; j<numcsns; j++ ) {
+ if ( srs->sr_state.sids[i] != sids[j] )
+ continue;
+ if ( !bvmatch( &srs->sr_state.ctxcsn[i], &ctxcsn[j] ))
+ changed = 1;
+ break;
+ }
+ if ( changed )
+ break;
+ }
+ if ( !changed ) {
+no_change: nochange = 1;
+ if ( !(op->o_sync_mode & SLAP_SYNC_PERSIST) ) {
+ LDAPControl *ctrls[2];
+
+ ctrls[0] = NULL;
+ ctrls[1] = NULL;
+ syncprov_done_ctrl( op, rs, ctrls, 0, 0,
+ NULL, LDAP_SYNC_REFRESH_DELETES );
+ rs->sr_ctrls = ctrls;
+ rs->sr_err = LDAP_SUCCESS;
+ send_ldap_result( op, rs );
+ rs->sr_ctrls = NULL;
+ return rs->sr_err;
+ }
+ goto shortcut;
}
- goto shortcut;
}
/* Do we have a sessionlog for this search? */
sl=si->si_logs;
@@ -2036,10 +2166,10 @@ syncprov_op_search( Operation *op, SlapReply *rs )
/* Are there any log entries, and is the consumer state
* present in the session log?
*/
- if ( sl->sl_num > 0 && ber_bvcmp( &srs->sr_state.ctxcsn, &sl->sl_mincsn ) >= 0 ) {
+ if ( sl->sl_num > 0 && ber_bvcmp( &mincsn, &sl->sl_mincsn ) >= 0 ) {
do_present = 0;
/* mutex is unlocked in playlog */
- syncprov_playlog( op, rs, sl, srs, &ctxcsn );
+ syncprov_playlog( op, rs, sl, srs, ctxcsn, numcsns, sids );
} else {
ldap_pvt_thread_mutex_unlock( &sl->sl_mutex );
}
@@ -2049,6 +2179,8 @@ syncprov_op_search( Operation *op, SlapReply *rs )
/* No, so a reload is required */
/* the 2.2 consumer doesn't send this hint */
if ( si->si_usehint && srs->sr_rhint == 0 ) {
+ if ( ctxcsn )
+ ber_bvarray_free_x( ctxcsn, op->o_tmpmemctx );
send_ldap_error( op, rs, LDAP_SYNC_REFRESH_REQUIRED, "sync cookie is stale" );
return rs->sr_err;
}
@@ -2057,6 +2189,8 @@ syncprov_op_search( Operation *op, SlapReply *rs )
/* If changed and doing Present lookup, send Present UUIDs */
if ( do_present && syncprov_findcsn( op, FIND_PRESENT ) !=
LDAP_SUCCESS ) {
+ if ( ctxcsn )
+ ber_bvarray_free_x( ctxcsn, op->o_tmpmemctx );
send_ldap_result( op, rs );
return rs->sr_err;
}
@@ -2086,7 +2220,7 @@ shortcut:
#ifdef LDAP_COMP_MATCH
fava->f_ava->aa_cf = NULL;
#endif
- ber_dupbv_x( &fava->f_ava->aa_value, &srs->sr_state.ctxcsn, op->o_tmpmemctx );
+ ber_dupbv_x( &fava->f_ava->aa_value, &mincsn, op->o_tmpmemctx );
fava->f_next = op->ors_filter;
op->ors_filter = fand;
filter2bv_x( op, op->ors_filter, &op->ors_filterstr );
@@ -2100,19 +2234,15 @@ shortcut:
ss->ss_on = on;
ss->ss_so = sop;
ss->ss_present = do_present;
- ss->ss_ctxcsn.bv_len = ctxcsn.bv_len;
- ss->ss_ctxcsn.bv_val = ss->ss_csnbuf;
- strcpy( ss->ss_ctxcsn.bv_val, ctxcsn.bv_val );
+ ss->ss_ctxcsn = ctxcsn;
+ ss->ss_numcsns = numcsns;
+ ss->ss_sids = sids;
cb->sc_response = syncprov_search_response;
cb->sc_cleanup = syncprov_search_cleanup;
cb->sc_private = ss;
cb->sc_next = op->o_callback;
op->o_callback = cb;
-#if 0 /* I don't think we need to shortcircuit back-bdb any more */
- op->o_sync_mode &= SLAP_CONTROL_MASK;
-#endif
-
/* If this is a persistent search and no changes were reported during
* the refresh phase, just invoke the response callback to transition
* us into persist phase
@@ -2146,23 +2276,30 @@ syncprov_operational(
break;
}
- if ( !a ) {
- for ( ap = &rs->sr_operational_attrs; *ap; ap=&(*ap)->a_next );
+ ldap_pvt_thread_rdwr_rlock( &si->si_csn_rwlock );
+ if ( si->si_ctxcsn ) {
+ if ( !a ) {
+ for ( ap = &rs->sr_operational_attrs; *ap;
+ ap=&(*ap)->a_next );
- a = attr_alloc( slap_schema.si_ad_contextCSN );
- a->a_vals = ch_malloc( 2 * sizeof(struct berval));
- a->a_vals[1].bv_val = NULL;
- a->a_nvals = a->a_vals;
- *ap = a;
- }
+ a = attr_alloc( slap_schema.si_ad_contextCSN );
+ *ap = a;
+ }
- ldap_pvt_thread_mutex_lock( &si->si_csn_mutex );
- if ( !ap ) {
- strcpy( a->a_vals[0].bv_val, si->si_ctxcsnbuf );
- } else {
- ber_dupbv( &a->a_vals[0], &si->si_ctxcsn );
+ if ( !ap ) {
+ if ( !rs->sr_flags & REP_ENTRY_MODIFIABLE ) {
+ rs->sr_entry = entry_dup( rs->sr_entry );
+ rs->sr_flags |=
+ REP_ENTRY_MODIFIABLE|REP_ENTRY_MUSTBEFREED;
+ a = attr_find( rs->sr_entry->e_attrs,
+ slap_schema.si_ad_contextCSN );
+ }
+ free( a->a_vals );
+ }
+ ber_bvarray_dup_x( &a->a_vals, si->si_ctxcsn, NULL );
+ a->a_nvals = a->a_vals;
}
- ldap_pvt_thread_mutex_unlock( &si->si_csn_mutex );
+ ldap_pvt_thread_rdwr_runlock( &si->si_csn_rwlock );
}
}
return SLAP_CB_CONTINUE;
@@ -2280,27 +2417,31 @@ sp_cf_gen(ConfigArgs *c)
switch ( c->type ) {
case SP_CHKPT:
if ( lutil_atoi( &si->si_chkops, c->argv[1] ) != 0 ) {
- sprintf( c->msg, "%s unable to parse checkpoint ops # \"%s\"",
+ snprintf( c->msg, sizeof( c->msg ), "%s unable to parse checkpoint ops # \"%s\"",
c->argv[0], c->argv[1] );
- Debug( LDAP_DEBUG_CONFIG, "%s: %s\n", c->log, c->msg, 0 );
+ Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+ "%s: %s\n", c->log, c->msg, 0 );
return ARG_BAD_CONF;
}
if ( si->si_chkops <= 0 ) {
- sprintf( c->msg, "%s invalid checkpoint ops # \"%d\"",
+ snprintf( c->msg, sizeof( c->msg ), "%s invalid checkpoint ops # \"%d\"",
c->argv[0], si->si_chkops );
- Debug( LDAP_DEBUG_CONFIG, "%s: %s\n", c->log, c->msg, 0 );
+ Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+ "%s: %s\n", c->log, c->msg, 0 );
return ARG_BAD_CONF;
}
if ( lutil_atoi( &si->si_chktime, c->argv[2] ) != 0 ) {
- sprintf( c->msg, "%s unable to parse checkpoint time \"%s\"",
+ snprintf( c->msg, sizeof( c->msg ), "%s unable to parse checkpoint time \"%s\"",
c->argv[0], c->argv[1] );
- Debug( LDAP_DEBUG_CONFIG, "%s: %s\n", c->log, c->msg, 0 );
+ Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+ "%s: %s\n", c->log, c->msg, 0 );
return ARG_BAD_CONF;
}
if ( si->si_chktime <= 0 ) {
- sprintf( c->msg, "%s invalid checkpoint time \"%d\"",
+ snprintf( c->msg, sizeof( c->msg ), "%s invalid checkpoint time \"%d\"",
c->argv[0], si->si_chkops );
- Debug( LDAP_DEBUG_CONFIG, "%s: %s\n", c->log, c->msg, 0 );
+ Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+ "%s: %s\n", c->log, c->msg, 0 );
return ARG_BAD_CONF;
}
si->si_chktime *= 60;
@@ -2310,9 +2451,10 @@ sp_cf_gen(ConfigArgs *c)
int size = c->value_int;
if ( size < 0 ) {
- sprintf( c->msg, "%s size %d is negative",
+ snprintf( c->msg, sizeof( c->msg ), "%s size %d is negative",
c->argv[0], size );
- Debug( LDAP_DEBUG_CONFIG, "%s: %s\n", c->log, c->msg, 0 );
+ Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+ "%s: %s\n", c->log, c->msg, 0 );
return ARG_BAD_CONF;
}
sl = si->si_logs;
@@ -2364,9 +2506,8 @@ syncprov_db_open(
Connection conn = { 0 };
OperationBuffer opbuf = { 0 };
- char ctxcsnbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
Operation *op = (Operation *) &opbuf;
- Entry *e;
+ Entry *e = NULL;
Attribute *a;
int rc;
void *thrctx = NULL;
@@ -2392,28 +2533,22 @@ syncprov_db_open(
op->o_dn = be->be_rootdn;
op->o_ndn = be->be_rootndn;
- ctxcsnbuf[0] = '\0';
-
- op->o_bd->bd_info = on->on_info->oi_orig;
- rc = be_entry_get_rw( op, be->be_nsuffix, NULL,
- slap_schema.si_ad_contextCSN, 0, &e );
+ rc = overlay_entry_get_ov( op, be->be_nsuffix, NULL,
+ slap_schema.si_ad_contextCSN, 0, &e, on );
if ( e ) {
ldap_pvt_thread_t tid;
a = attr_find( e->e_attrs, slap_schema.si_ad_contextCSN );
if ( a ) {
- si->si_ctxcsn.bv_len = a->a_nvals[0].bv_len;
- if ( si->si_ctxcsn.bv_len >= sizeof(si->si_ctxcsnbuf ))
- si->si_ctxcsn.bv_len = sizeof(si->si_ctxcsnbuf)-1;
- strncpy( si->si_ctxcsnbuf, a->a_nvals[0].bv_val,
- si->si_ctxcsn.bv_len );
- si->si_ctxcsnbuf[si->si_ctxcsn.bv_len] = '\0';
- strcpy( ctxcsnbuf, si->si_ctxcsnbuf );
- }
- be_entry_release_rw( op, e, 0 );
- if ( !BER_BVISEMPTY( &si->si_ctxcsn ) ) {
- op->o_bd->bd_info = (BackendInfo *)on;
+ int i;
+ ber_bvarray_dup_x( &si->si_ctxcsn, a->a_vals, NULL );
+ for ( i = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ );
+ si->si_numcsns = i;
+ si->si_sids = slap_parse_csn_sids( si->si_ctxcsn, i );
+ }
+ overlay_entry_release_ov( op, e, 0, on );
+ if ( si->si_ctxcsn ) {
op->o_req_dn = be->be_suffix[0];
op->o_req_ndn = be->be_nsuffix[0];
op->ors_scope = LDAP_SCOPE_SUBTREE;
@@ -2422,28 +2557,32 @@ syncprov_db_open(
}
}
- if ( BER_BVISEMPTY( &si->si_ctxcsn ) ) {
+ /* Didn't find a contextCSN, should we generate one? */
+ if ( !si->si_ctxcsn ) {
+ char csnbuf[ LDAP_LUTIL_CSNSTR_BUFSIZE ];
+ struct berval csn;
+
if ( SLAP_SYNC_SHADOW( op->o_bd )) {
- /* If we're also a consumer, and we didn't get a contextCSN,
- * then don't generate anything, wait for our provider to send it
- * to us.
+ /* If we're also a consumer, then don't generate anything.
+ * Wait for our provider to send it to us, or for a local
+ * modify if we have multimaster.
*/
goto out;
}
- si->si_ctxcsn.bv_len = sizeof( si->si_ctxcsnbuf );
- slap_get_csn( op, &si->si_ctxcsn, 0 );
- }
+ csn.bv_val = csnbuf;
+ csn.bv_len = sizeof( csnbuf );
+ slap_get_csn( op, &csn, 0 );
+ value_add_one( &si->si_ctxcsn, &csn );
+ si->si_numcsns = 1;
+ si->si_sids = ch_malloc( sizeof(int) );
+ si->si_sids[0] = slap_serverID;
- /* If our ctxcsn is different from what was read from the root
- * entry, make sure we do a checkpoint on close
- */
- if ( strcmp( si->si_ctxcsnbuf, ctxcsnbuf )) {
+ /* make sure we do a checkpoint on close */
si->si_numops++;
}
out:
op->o_bd->bd_info = (BackendInfo *)on;
- ldap_pvt_thread_pool_context_reset( thrctx );
return 0;
}
@@ -2473,7 +2612,6 @@ syncprov_db_close(
op->o_dn = be->be_rootdn;
op->o_ndn = be->be_rootndn;
syncprov_checkpoint( op, &rs, on );
- ldap_pvt_thread_pool_context_reset( thrctx );
}
return 0;
@@ -2487,12 +2625,18 @@ syncprov_db_init(
slap_overinst *on = (slap_overinst *)be->bd_info;
syncprov_info_t *si;
+ if ( SLAP_ISGLOBALOVERLAY( be ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "syncprov must be instantiated within a database.\n",
+ 0, 0, 0 );
+ return 1;
+ }
+
si = ch_calloc(1, sizeof(syncprov_info_t));
on->on_bi.bi_private = si;
- ldap_pvt_thread_mutex_init( &si->si_csn_mutex );
+ ldap_pvt_thread_rdwr_init( &si->si_csn_rwlock );
ldap_pvt_thread_mutex_init( &si->si_ops_mutex );
ldap_pvt_thread_mutex_init( &si->si_mods_mutex );
- si->si_ctxcsn.bv_val = si->si_ctxcsnbuf;
csn_anlist[0].an_desc = slap_schema.si_ad_entryCSN;
csn_anlist[0].an_name = slap_schema.si_ad_entryCSN->ad_cname;
@@ -2525,9 +2669,13 @@ syncprov_db_destroy(
ch_free( si->si_logs );
}
+ if ( si->si_ctxcsn )
+ ber_bvarray_free( si->si_ctxcsn );
+ if ( si->si_sids )
+ ch_free( si->si_sids );
ldap_pvt_thread_mutex_destroy( &si->si_mods_mutex );
ldap_pvt_thread_mutex_destroy( &si->si_ops_mutex );
- ldap_pvt_thread_mutex_destroy( &si->si_csn_mutex );
+ ldap_pvt_thread_rdwr_destroy( &si->si_csn_rwlock );
ch_free( si );
}
diff --git a/servers/slapd/overlays/translucent.c b/servers/slapd/overlays/translucent.c
index 4b908c13672d1261692fa00ba8aa780b2f127768..ee9bf9ebe4da59bf5700f1e47d8cfaff836ae1c5 100644
--- a/servers/slapd/overlays/translucent.c
+++ b/servers/slapd/overlays/translucent.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
* Portions Copyright 2005 Symas Corporation.
* All rights reserved.
*
@@ -300,9 +300,9 @@ static int translucent_modify(Operation *op, SlapReply *rs) {
slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
translucent_info *ov = on->on_bi.bi_private;
- Entry ne, *e = NULL, *re = NULL;
+ Entry *e = NULL, *re = NULL;
Attribute *a, *ax;
- Modifications *m, *mm;
+ Modifications *m, **mm;
int del, rc, erc = 0;
slap_callback cb = { 0 };
@@ -343,10 +343,14 @@ static int translucent_modify(Operation *op, SlapReply *rs) {
if(e && rc == LDAP_SUCCESS) {
Debug(LDAP_DEBUG_TRACE, "=> translucent_modify: found local entry\n", 0, 0, 0);
- for(m = op->orm_modlist; m; m = m->sml_next) {
+ for(mm = &op->orm_modlist; *mm; ) {
+ m = *mm;
for(a = e->e_attrs; a; a = a->a_next)
if(a->a_desc == m->sml_desc) break;
- if(a) continue; /* found local attr */
+ if(a) {
+ mm = &m->sml_next;
+ continue; /* found local attr */
+ }
if(m->sml_op == LDAP_MOD_DELETE) {
for(a = re->e_attrs; a; a = a->a_next)
if(a->a_desc == m->sml_desc) break;
@@ -362,14 +366,13 @@ static int translucent_modify(Operation *op, SlapReply *rs) {
Debug(LDAP_DEBUG_TRACE,
"=> translucent_modify: silently dropping delete: %s\n",
m->sml_desc->ad_cname.bv_val, 0, 0);
- for(mm = op->orm_modlist; mm->sml_next != m; mm = mm->sml_next);
- mm->sml_next = m->sml_next;
+ *mm = m->sml_next;
m->sml_next = NULL;
slap_mods_free(m, 1);
- m = mm;
continue;
}
m->sml_op = LDAP_MOD_ADD;
+ mm = &m->sml_next;
}
erc = SLAP_CB_CONTINUE;
release:
@@ -413,6 +416,7 @@ release:
Debug(LDAP_DEBUG_TRACE, "=> translucent_modify: fabricating local add\n", 0, 0, 0);
a = NULL;
for(del = 0, ax = NULL, m = op->orm_modlist; m; m = m->sml_next) {
+ Attribute atmp;
if(((m->sml_op & LDAP_MOD_OP) != LDAP_MOD_ADD) &&
((m->sml_op & LDAP_MOD_OP) != LDAP_MOD_REPLACE)) {
Debug(LDAP_DEBUG_ANY,
@@ -421,15 +425,16 @@ release:
if((m->sml_op & LDAP_MOD_OP) == LDAP_MOD_DELETE) del++;
continue;
}
- a = attr_alloc( m->sml_desc );
- a->a_vals = m->sml_values;
- a->a_nvals = m->sml_nvalues ? m->sml_nvalues : a->a_vals;
+ atmp.a_desc = m->sml_desc;
+ atmp.a_vals = m->sml_values;
+ atmp.a_nvals = m->sml_nvalues ? m->sml_nvalues : atmp.a_vals;
+ a = attr_dup( &atmp );
a->a_next = ax;
ax = a;
}
if(del && ov->strict) {
- free_attr_chain(a);
+ attrs_free( a );
send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION,
"attempt to delete attributes from local database");
return(rs->sr_err);
@@ -447,17 +452,13 @@ release:
return(rs->sr_err);
}
- ne.e_id = NOID;
- ne.e_name = op->o_req_dn;
- ne.e_nname = op->o_req_ndn;
- ne.e_attrs = a;
- ne.e_ocflags = 0;
- ne.e_bv.bv_len = 0;
- ne.e_bv.bv_val = NULL;
- ne.e_private = NULL;
+ e = entry_alloc();
+ ber_dupbv( &e->e_name, &op->o_req_dn );
+ ber_dupbv( &e->e_nname, &op->o_req_ndn );
+ e->e_attrs = a;
nop.o_tag = LDAP_REQ_ADD;
- nop.oq_add.rs_e = ≠
+ nop.oq_add.rs_e = e;
glue_parent(&nop);
@@ -466,7 +467,8 @@ release:
cb.sc_next = nop.o_callback;
nop.o_callback = &cb;
rc = on->on_info->oi_orig->bi_op_add(&nop, &nrs);
- free_attr_chain(a);
+ if ( nop.ora_e == e )
+ entry_free( e );
return(rc);
}
@@ -687,7 +689,6 @@ static int translucent_db_config(
static int translucent_db_init(BackendDB *be) {
slap_overinst *on = (slap_overinst *) be->bd_info;
translucent_info *ov;
- int rc;
Debug(LDAP_DEBUG_TRACE, "==> translucent_db_init\n", 0, 0, 0);
@@ -697,7 +698,7 @@ static int translucent_db_init(BackendDB *be) {
ov->db.be_private = NULL;
ov->db.be_pcl_mutexp = &ov->db.be_pcl_mutex;
- if ( !backend_db_init( "ldap", &ov->db )) {
+ if ( !backend_db_init( "ldap", &ov->db, -1 )) {
Debug( LDAP_DEBUG_CONFIG, "translucent: unable to open captive back-ldap\n", 0, 0, 0);
return 1;
}
diff --git a/servers/slapd/overlays/unique.c b/servers/slapd/overlays/unique.c
index 401f1840849d8d13f1493512daa02e93a7e92fe6..9d6eefbdbbcf3b35c96da76b30c4b653037a47bb 100644
--- a/servers/slapd/overlays/unique.c
+++ b/servers/slapd/overlays/unique.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
* Portions Copyright 2004 Symas Corporation.
* All rights reserved.
*
@@ -68,10 +68,12 @@ static ConfigTable uniquecfg[] = {
{ "unique_ignore", "attribute...", 2, 0, 0, ARG_MAGIC|UNIQUE_IGNORE,
unique_cf_gen, "( OLcfgOvAt:10.2 NAME 'olcUniqueIgnore' "
"DESC 'Attributes for which uniqueness shall not be enforced' "
+ "EQUALITY caseIgnoreMatch " /* Should use OID syntax */
"SYNTAX OMsDirectoryString )", NULL, NULL },
{ "unique_attributes", "attribute...", 2, 0, 0, ARG_MAGIC|UNIQUE_ATTR,
unique_cf_gen, "( OLcfgOvAt:10.3 NAME 'olcUniqueAttribute' "
"DESC 'Attributes for which uniqueness shall be enforced' "
+ "EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString )", NULL, NULL },
{ "unique_strict", "on|off", 1, 2, 0,
ARG_ON_OFF|ARG_OFFSET|UNIQUE_STRICT,
@@ -187,9 +189,10 @@ unique_cf_gen( ConfigArgs *c )
case UNIQUE_BASE:
if ( !dnIsSuffix ( &c->value_ndn,
&be->be_nsuffix[0] ) ) {
- sprintf ( c->msg, "dn is not a suffix of backend base" );
- Debug ( LDAP_DEBUG_CONFIG, "unique add: %s\n",
- c->msg, NULL, NULL );
+ sprintf ( c->msg, "%s dn is not a suffix of backend base",
+ c->argv[0] );
+ Debug ( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+ "%s: %s\n", c->log, c->msg, 0 );
rc = ARG_BAD_CONF;
}
if ( ud->dn.bv_val ) ber_memfree ( ud->dn.bv_val );
@@ -216,13 +219,10 @@ unique_cf_gen( ConfigArgs *c )
ud->attrs = up;
}
} else {
- Debug ( LDAP_DEBUG_CONFIG,
- "unique add: <%s>: %s\n",
- c->argv[i], text, NULL );
- strncpy ( c->msg,
- text,
- SLAP_TEXT_BUFLEN-1 );
- c->msg[SLAP_TEXT_BUFLEN-1] = '\0';
+ snprintf( c->msg, sizeof( c->msg ),
+ "%s <%s>: %s", c->argv[0], c->argv[i], text );
+ Debug ( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+ "%s: %s\n", c->log, c->msg, 0 );
rc = ARG_BAD_CONF;
}
}
diff --git a/servers/slapd/overlays/valsort.c b/servers/slapd/overlays/valsort.c
index 00fa046919e20a1f4795f30aacbedd2a378dbc5d..b089a7189974e2cfd50423de36ea7c217811a488 100644
--- a/servers/slapd/overlays/valsort.c
+++ b/servers/slapd/overlays/valsort.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2005-2006 The OpenLDAP Foundation.
+ * Copyright 2005-2007 The OpenLDAP Foundation.
* Portions copyright 2005 Symas Corporation.
* All rights reserved.
*
diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c
index ebb98e23c0573c225745c3fd18e479e2636235a2..327de020e045e2217832e45791be01459a74ce83 100644
--- a/servers/slapd/passwd.c
+++ b/servers/slapd/passwd.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -18,7 +18,6 @@
#include <stdio.h>
-#include <ac/krb.h>
#include <ac/socket.h>
#include <ac/string.h>
#include <ac/unistd.h>
diff --git a/servers/slapd/phonetic.c b/servers/slapd/phonetic.c
index 38cd8893aece44aaf5c9f7e33d87049dd900f52b..f54998eb351308b5121adc82266ffa3d1f2e0f9f 100644
--- a/servers/slapd/phonetic.c
+++ b/servers/slapd/phonetic.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h
index a0cfa0674c961f61488fd384531733594100dc5d..87f5133668393e8a4cc4c16d6137baa42a06e03c 100644
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -31,6 +31,8 @@
LDAP_BEGIN_DECL
+struct config_args_s; /* config.h */
+
/*
* aci.c
*/
@@ -151,6 +153,10 @@ LDAP_SLAPD_F (int) slap_bv2undef_ad LDAP_P((
const char **text,
unsigned proxied ));
+LDAP_SLAPD_F (AttributeDescription *) slap_bv2tmp_ad LDAP_P((
+ struct berval *bv,
+ void *memctx ));
+
LDAP_SLAPD_F (int) slap_ad_undef_promote LDAP_P((
char *name,
AttributeType *nat ));
@@ -224,6 +230,8 @@ LDAP_SLAPD_F (int) is_at_subtype LDAP_P((
AttributeType *sub,
AttributeType *super ));
+LDAP_SLAPD_F (const char *) at_syntax LDAP_P((
+ AttributeType *at ));
LDAP_SLAPD_F (int) is_at_syntax LDAP_P((
AttributeType *at,
const char *oid ));
@@ -293,7 +301,7 @@ LDAP_SLAPD_F (int) attr_destroy LDAP_P(( void ));
LDAP_SLAPD_F (int) get_ava LDAP_P((
Operation *op,
BerElement *ber,
- AttributeAssertion **ava,
+ Filter *f,
unsigned usage,
const char **text ));
LDAP_SLAPD_F (void) ava_free LDAP_P((
@@ -321,7 +329,9 @@ LDAP_SLAPD_F (void) backend_destroy_one LDAP_P((BackendDB *bd, int dynamic));
LDAP_SLAPD_F (BackendInfo *) backend_info LDAP_P(( const char *type ));
LDAP_SLAPD_F (BackendDB *) backend_db_init LDAP_P(( const char *type,
- BackendDB *be ));
+ BackendDB *be, int idx ));
+LDAP_SLAPD_F (void) backend_db_insert LDAP_P((BackendDB *bd, int idx));
+LDAP_SLAPD_F (void) backend_db_move LDAP_P((BackendDB *bd, int idx));
LDAP_SLAPD_F (BackendDB *) select_backend LDAP_P((
struct berval * dn,
@@ -409,7 +419,8 @@ LDAP_SLAPD_F (int) glue_sub_del( BackendDB *be );
* backover.c
*/
LDAP_SLAPD_F (int) overlay_register LDAP_P(( slap_overinst *on ));
-LDAP_SLAPD_F (int) overlay_config LDAP_P(( BackendDB *be, const char *ov ));
+LDAP_SLAPD_F (int) overlay_config LDAP_P(( BackendDB *be, const char *ov,
+ int idx, BackendInfo **res ));
LDAP_SLAPD_F (void) overlay_destroy_one LDAP_P((
BackendDB *be,
slap_overinst *on ));
@@ -426,6 +437,23 @@ LDAP_SLAPD_F (int) overlay_op_walk LDAP_P((
slap_operation_t which,
slap_overinfo *oi,
slap_overinst *on ));
+LDAP_SLAPD_F (int) overlay_entry_get_ov LDAP_P((
+ Operation *op,
+ struct berval *dn,
+ ObjectClass *oc,
+ AttributeDescription *ad,
+ int rw,
+ Entry **e,
+ slap_overinst *ov ));
+LDAP_SLAPD_F (int) overlay_entry_release_ov LDAP_P((
+ Operation *op,
+ Entry *e,
+ int rw,
+ slap_overinst *ov ));
+LDAP_SLAPD_F (void) overlay_insert LDAP_P((
+ BackendDB *be, slap_overinst *on, slap_overinst ***prev, int idx ));
+LDAP_SLAPD_F (void) overlay_move LDAP_P((
+ BackendDB *be, slap_overinst *on, int idx ));
/*
* bconfig.c
@@ -619,6 +647,13 @@ LDAP_SLAPD_F (int) slap_verbmasks_init LDAP_P(( slap_verbmasks **vp, slap_verbma
LDAP_SLAPD_F (int) slap_verbmasks_destroy LDAP_P(( slap_verbmasks *v ));
LDAP_SLAPD_F (int) slap_verbmasks_append LDAP_P(( slap_verbmasks **vp,
slap_mask_t m, struct berval *v, slap_mask_t *ignore ));
+LDAP_SLAPD_F (int) slap_tls_get_config LDAP_P((
+ LDAP *ld, int opt, char **val ));
+LDAP_SLAPD_F (void) bindconf_tls_defaults LDAP_P(( slap_bindconf *bc ));
+LDAP_SLAPD_F (int) bindconf_tls_parse LDAP_P((
+ const char *word, slap_bindconf *bc ));
+LDAP_SLAPD_F (int) bindconf_tls_unparse LDAP_P((
+ slap_bindconf *bc, struct berval *bv ));
LDAP_SLAPD_F (int) bindconf_parse LDAP_P((
const char *word, slap_bindconf *bc ));
LDAP_SLAPD_F (int) bindconf_unparse LDAP_P((
@@ -711,6 +746,7 @@ LDAP_SLAPD_F (ContentRule *) cr_bvfind LDAP_P((
* ctxcsn.c
*/
+LDAP_SLAPD_V( int ) slap_serverID;
LDAP_SLAPD_V( const struct berval ) slap_ldapsync_bv;
LDAP_SLAPD_V( const struct berval ) slap_ldapsync_cn_bv;
LDAP_SLAPD_F (void) slap_get_commit_csn LDAP_P((
@@ -870,6 +906,7 @@ LDAP_SLAPD_F (int) entry_cmp LDAP_P(( Entry *a, Entry *b ));
LDAP_SLAPD_F (int) entry_dn_cmp LDAP_P(( const void *v_a, const void *v_b ));
LDAP_SLAPD_F (int) entry_id_cmp LDAP_P(( const void *v_a, const void *v_b ));
LDAP_SLAPD_F (Entry *) entry_dup LDAP_P(( Entry *e ));
+LDAP_SLAPD_F (Entry *) entry_dup_bv LDAP_P(( Entry *e ));
LDAP_SLAPD_F (Entry *) entry_alloc LDAP_P((void));
LDAP_SLAPD_F (int) entry_prealloc LDAP_P((int num));
@@ -988,21 +1025,17 @@ LDAP_SLAPD_F (int) slap_destroy LDAP_P((void));
LDAP_SLAPD_V (char *) slap_known_controls[];
-/*
- * kerberos.c
- */
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
-LDAP_SLAPD_V (char *) ldap_srvtab;
-LDAP_SLAPD_V (int) krbv4_ldap_auth();
-#endif
-
/*
* ldapsync.c
*/
LDAP_SLAPD_F (void) slap_compose_sync_cookie LDAP_P((
- Operation *, struct berval *, struct berval *, int ));
+ Operation *, struct berval *, BerVarray, int, int ));
LDAP_SLAPD_F (void) slap_sync_cookie_free LDAP_P((
struct sync_cookie *, int free_cookie ));
+LDAP_SLAPD_F (int) slap_parse_csn_sid LDAP_P((
+ struct berval * ));
+LDAP_SLAPD_F (int *) slap_parse_csn_sids LDAP_P((
+ BerVarray, int ));
LDAP_SLAPD_F (int) slap_parse_sync_cookie LDAP_P((
struct sync_cookie *, void *memctx ));
LDAP_SLAPD_F (int) slap_init_sync_cookie_ctxcsn LDAP_P((
@@ -1088,6 +1121,7 @@ LDAP_SLAPD_F ( int ) slap_mods_no_repl_user_mod_check(
size_t textlen );
LDAP_SLAPD_F( int ) slap_mods_check(
+ Operation *op,
Modifications *ml,
const char **text,
char *textbuf, size_t textlen, void *ctx );
@@ -1101,6 +1135,12 @@ LDAP_SLAPD_F( void ) slap_mods_opattrs(
Modifications **modsp,
int manage_ctxcsn );
+LDAP_SLAPD_F( int ) slap_parse_modlist(
+ Operation *op,
+ SlapReply *rs,
+ BerElement *ber,
+ req_modify_s *ms );
+
/*
* mods.c
*/
@@ -1146,8 +1186,11 @@ LDAP_SLAPD_F (int) module_load LDAP_P((
const char* file_name,
int argc, char *argv[] ));
LDAP_SLAPD_F (int) module_path LDAP_P(( const char* path ));
+LDAP_SLAPD_F (int) module_unload LDAP_P(( const char* file_name ));
-LDAP_SLAPD_F (void) *module_resolve LDAP_P((
+LDAP_SLAPD_F (void *) module_handle LDAP_P(( const char* file_name ));
+
+LDAP_SLAPD_F (void *) module_resolve LDAP_P((
const void *module, const char *name));
#endif /* SLAPD_MODULES */
@@ -1179,7 +1222,7 @@ LDAP_SLAPD_F (int) mr_usable_with_at( MatchingRule *mr,
LDAP_SLAPD_F (int) get_mra LDAP_P((
Operation *op,
BerElement *ber,
- MatchingRuleAssertion **mra,
+ Filter *f,
const char **text ));
LDAP_SLAPD_F (void) mra_free LDAP_P((
Operation *op,
@@ -1264,14 +1307,14 @@ LDAP_SLAPD_F (void) oidm_destroy LDAP_P(( void ));
LDAP_SLAPD_F (void) oidm_unparse LDAP_P((
BerVarray *bva, OidMacro *start, OidMacro *end, int system ));
LDAP_SLAPD_F (int) parse_oidm LDAP_P((
- const char *fname, int lineno, int argc, char **argv, int user,
- OidMacro **om ));
+ struct config_args_s *ca, int user, OidMacro **om ));
/*
* operation.c
*/
LDAP_SLAPD_F (void) slap_op_init LDAP_P(( void ));
LDAP_SLAPD_F (void) slap_op_destroy LDAP_P(( void ));
+LDAP_SLAPD_F (void) slap_op_groups_free LDAP_P(( Operation *op ));
LDAP_SLAPD_F (void) slap_op_free LDAP_P(( Operation *op ));
LDAP_SLAPD_F (void) slap_op_time LDAP_P(( time_t *t, int *n ));
LDAP_SLAPD_F (Operation *) slap_op_alloc LDAP_P((
@@ -1401,12 +1444,15 @@ LDAP_SLAPD_V( const struct berval ) slap_dummy_bv;
/*
* root_dse.c
*/
+LDAP_SLAPD_F (int) root_dse_init LDAP_P(( void ));
+LDAP_SLAPD_F (int) root_dse_destroy LDAP_P(( void ));
+
LDAP_SLAPD_F (int) root_dse_info LDAP_P((
Connection *conn,
Entry **e,
const char **text ));
-LDAP_SLAPD_F (int) read_root_dse_file LDAP_P((
+LDAP_SLAPD_F (int) root_dse_read_file LDAP_P((
const char *file));
LDAP_SLAPD_F (int) slap_discover_feature LDAP_P((
@@ -1513,21 +1559,22 @@ LDAP_SLAPD_F (int) schema_info LDAP_P(( Entry **entry, const char **text ));
*/
LDAP_SLAPD_F( int ) oc_check_allowed(
AttributeType *type,
- BerVarray oclist,
+ ObjectClass **socs,
ObjectClass *sc );
LDAP_SLAPD_F( int ) structural_class(
BerVarray ocs,
- struct berval *scbv,
ObjectClass **sc,
+ ObjectClass ***socs,
const char **text,
- char *textbuf, size_t textlen );
+ char *textbuf, size_t textlen, void *ctx );
LDAP_SLAPD_F( int ) entry_schema_check(
Operation *op,
Entry *e,
Attribute *attrs,
int manage,
+ int add_soc,
const char** text,
char *textbuf, size_t textlen );
@@ -1535,7 +1582,7 @@ LDAP_SLAPD_F( int ) mods_structural_class(
Modifications *mods,
struct berval *oc,
const char** text,
- char *textbuf, size_t textlen );
+ char *textbuf, size_t textlen, void *ctx );
/*
* schema_init.c
@@ -1571,14 +1618,11 @@ LDAP_SLAPD_F (int) slap_schema_check LDAP_P((void));
LDAP_SLAPD_F( int ) slap_valid_descr( const char * );
LDAP_SLAPD_F (int) parse_cr LDAP_P((
- const char *fname, int lineno, char *line, char **argv,
- ContentRule **scr ));
+ struct config_args_s *ca, ContentRule **scr ));
LDAP_SLAPD_F (int) parse_oc LDAP_P((
- const char *fname, int lineno, char *line, char **argv,
- ObjectClass **soc, ObjectClass *prev ));
+ struct config_args_s *ca, ObjectClass **soc, ObjectClass *prev ));
LDAP_SLAPD_F (int) parse_at LDAP_P((
- const char *fname, int lineno, char *line, char **argv,
- AttributeType **sat, AttributeType *prev ));
+ struct config_args_s *ca, AttributeType **sat, AttributeType *prev ));
LDAP_SLAPD_F (char *) scherr2str LDAP_P((int code)) LDAP_GCCATTR((const));
LDAP_SLAPD_F (int) dscompare LDAP_P(( const char *s1, const char *s2del,
char delim ));
@@ -1629,7 +1673,7 @@ LDAP_SLAPD_F (Filter *) str2filter_x LDAP_P(( Operation *op, const char *str ));
LDAP_SLAPD_F (int) syncrepl_add_glue LDAP_P((
Operation*, Entry* ));
-LDAP_SLAPD_F (void) syncinfo_free LDAP_P(( struct syncinfo_s * ));
+LDAP_SLAPD_F (void) syncinfo_free LDAP_P(( struct syncinfo_s *, int all ));
/* syntax.c */
LDAP_SLAPD_F (Syntax *) syn_find LDAP_P((
@@ -1803,9 +1847,7 @@ LDAP_SLAPD_V (int) slap_tool_thread_max;
LDAP_SLAPD_V (ldap_pvt_thread_mutex_t) entry2str_mutex;
LDAP_SLAPD_V (ldap_pvt_thread_mutex_t) replog_mutex;
-#ifndef HAVE_GMTIME_R
LDAP_SLAPD_V (ldap_pvt_thread_mutex_t) gmtime_mutex;
-#endif
LDAP_SLAPD_V (ldap_pvt_thread_mutex_t) ad_undef_mutex;
LDAP_SLAPD_V (ldap_pvt_thread_mutex_t) oc_undef_mutex;
diff --git a/servers/slapd/referral.c b/servers/slapd/referral.c
index 966651ef2ab59f22f42de3f7a703f22d728f9323..9de8121eae140cefde72201bc2ff53499ff40d01 100644
--- a/servers/slapd/referral.c
+++ b/servers/slapd/referral.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/repl.c b/servers/slapd/repl.c
index ebdf6267b847aaed1e16c5dc0d4832681c3ff40c..280977294ad28e5b5403b1e82df67881b8129119 100644
--- a/servers/slapd/repl.c
+++ b/servers/slapd/repl.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/result.c b/servers/slapd/result.c
index 6d453e582b8ea9c18fd0985c8957178b26500d6b..ae6a42dd0f5cd61cdcf04eefb0b5683b02046e60 100644
--- a/servers/slapd/result.c
+++ b/servers/slapd/result.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/root_dse.c b/servers/slapd/root_dse.c
index 670b9ca37674539c3267cedaaec9856befe800d4..73ced7fd15975ab627eee47a10dbd31ad0467e9f 100644
--- a/servers/slapd/root_dse.c
+++ b/servers/slapd/root_dse.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -375,13 +375,31 @@ fail:
return LDAP_SUCCESS;
}
+int
+root_dse_init( void )
+{
+ return 0;
+}
+
+int
+root_dse_destroy( void )
+{
+ if ( usr_attr ) {
+ entry_free( usr_attr );
+ usr_attr = NULL;
+ }
+
+ return 0;
+}
+
/*
* Read the entries specified in fname and merge the attributes
* to the user defined rootDSE. Note thaat if we find any errors
* what so ever, we will discard the entire entries, print an
* error message and return.
*/
-int read_root_dse_file( const char *fname )
+int
+root_dse_read_file( const char *fname )
{
struct LDIFFP *fp;
int rc = 0, lineno = 0, lmax = 0;
@@ -389,7 +407,7 @@ int read_root_dse_file( const char *fname )
if ( (fp = ldif_open( fname, "r" )) == NULL ) {
Debug( LDAP_DEBUG_ANY,
- "could not open rootdse attr file \"%s\" - absolute path?\n",
+ "root_dse_read_file: could not open rootdse attr file \"%s\" - absolute path?\n",
fname, 0, 0 );
perror( fname );
return EXIT_FAILURE;
@@ -398,7 +416,7 @@ int read_root_dse_file( const char *fname )
usr_attr = entry_alloc();
if( usr_attr == NULL ) {
Debug( LDAP_DEBUG_ANY,
- "read_root_dse_file: entry_alloc failed", 0, 0, 0 );
+ "root_dse_read_file: entry_alloc failed", 0, 0, 0 );
ldif_close( fp );
return LDAP_OTHER;
}
@@ -409,17 +427,19 @@ int read_root_dse_file( const char *fname )
Attribute *a;
if( e == NULL ) {
- fprintf( stderr, "root_dse: could not parse entry (line=%d)\n",
- lineno );
+ Debug( LDAP_DEBUG_ANY, "root_dse_read_file: "
+ "could not parse entry (file=\"%s\" line=%d)\n",
+ fname, lineno, 0 );
rc = EXIT_FAILURE;
break;
}
/* make sure the DN is the empty DN */
if( e->e_nname.bv_len ) {
- fprintf( stderr,
- "root_dse: invalid rootDSE - dn=\"%s\" (line=%d)\n",
- e->e_dn, lineno );
+ Debug( LDAP_DEBUG_ANY,
+ "root_dse_read_file: invalid rootDSE "
+ "- dn=\"%s\" (file=\"%s\" line=%d)\n",
+ e->e_dn, fname, lineno );
entry_free( e );
rc = EXIT_FAILURE;
break;
@@ -453,7 +473,7 @@ int read_root_dse_file( const char *fname )
ldif_close( fp );
- Debug(LDAP_DEBUG_CONFIG, "rootDSE file %s read.\n", fname, 0, 0);
+ Debug(LDAP_DEBUG_CONFIG, "rootDSE file=\"%s\" read.\n", fname, 0, 0);
return rc;
}
@@ -466,8 +486,7 @@ slap_discover_feature(
LDAP *ld = NULL;
LDAPMessage *res = NULL, *entry;
int rc, i;
- struct berval cred = BER_BVC( "" ),
- bv_val,
+ struct berval bv_val,
**values = NULL;
char *attrs[ 2 ] = { NULL, NULL };
diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c
index 484300bf6f36b8ce81345060d555cd2c57bc9b49..9a81f4e85fe0e772702bfb656d476deddebc7f50 100644
--- a/servers/slapd/sasl.c
+++ b/servers/slapd/sasl.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -464,7 +464,7 @@ slap_auxprop_store(
}
*modtail = NULL;
- rc = slap_mods_check( modlist, &text, textbuf, textlen, NULL );
+ rc = slap_mods_check( &op, modlist, &text, textbuf, textlen, NULL );
if ( rc == LDAP_SUCCESS ) {
rc = slap_mods_no_user_mod_check( &op, modlist,
@@ -1048,6 +1048,42 @@ int slap_sasl_destroy( void )
return 0;
}
+#if SASL_VERSION_MAJOR >= 2
+static char *
+slap_sasl_peer2ipport( struct berval *peer )
+{
+ int isv6 = 0;
+ char *ipport, *p,
+ *addr = &peer->bv_val[ STRLENOF( "IP=" ) ];
+ ber_len_t plen = peer->bv_len - STRLENOF( "IP=" );
+
+ /* IPv6? */
+ if ( addr[0] == '[' ) {
+ isv6 = 1;
+ plen--;
+ }
+ ipport = ch_strdup( &addr[isv6] );
+
+ /* Convert IPv6/IPv4 addresses to address;port syntax. */
+ p = strrchr( ipport, ':' );
+ if ( p != NULL ) {
+ *p = ';';
+ if ( isv6 ) {
+ assert( p[-1] == ']' );
+ AC_MEMCPY( &p[-1], p, plen - ( p - ipport ) + 1 );
+ }
+
+ } else if ( isv6 ) {
+ /* trim ']' */
+ plen--;
+ assert( addr[plen] == ']' );
+ addr[plen] = '\0';
+ }
+
+ return ipport;
+}
+#endif
+
int slap_sasl_open( Connection *conn, int reopen )
{
int sc = LDAP_SUCCESS;
@@ -1102,38 +1138,20 @@ int slap_sasl_open( Connection *conn, int reopen )
conn->c_sasl_layers = 0;
- if( global_host == NULL ) {
- global_host = ldap_pvt_get_fqdn( NULL );
- }
-
/* create new SASL context */
#if SASL_VERSION_MAJOR >= 2
if ( conn->c_sock_name.bv_len != 0 &&
- strncmp( conn->c_sock_name.bv_val, "IP=", 3 ) == 0) {
- char *p;
-
- iplocalport = ch_strdup( conn->c_sock_name.bv_val + 3 );
- /* Convert IPv6 addresses to address;port syntax. */
- p = strrchr( iplocalport, ' ' );
- /* Convert IPv4 addresses to address;port syntax. */
- if ( p == NULL ) p = strchr( iplocalport, ':' );
- if ( p != NULL ) {
- *p = ';';
- }
+ strncmp( conn->c_sock_name.bv_val, "IP=", STRLENOF( "IP=" ) ) == 0 )
+ {
+ iplocalport = slap_sasl_peer2ipport( &conn->c_sock_name );
}
+
if ( conn->c_peer_name.bv_len != 0 &&
- strncmp( conn->c_peer_name.bv_val, "IP=", 3 ) == 0) {
- char *p;
-
- ipremoteport = ch_strdup( conn->c_peer_name.bv_val + 3 );
- /* Convert IPv6 addresses to address;port syntax. */
- p = strrchr( ipremoteport, ' ' );
- /* Convert IPv4 addresses to address;port syntax. */
- if ( p == NULL ) p = strchr( ipremoteport, ':' );
- if ( p != NULL ) {
- *p = ';';
- }
+ strncmp( conn->c_peer_name.bv_val, "IP=", STRLENOF( "IP=" ) ) == 0 )
+ {
+ ipremoteport = slap_sasl_peer2ipport( &conn->c_peer_name );
}
+
sc = sasl_server_new( "ldap", global_host, global_realm,
iplocalport, ipremoteport, session_callbacks, SASL_SUCCESS_DATA, &ctx );
if ( iplocalport != NULL ) {
@@ -1534,7 +1552,7 @@ slap_sasl_setpass( Operation *op, SlapReply *rs )
assert( ber_bvcmp( &slap_EXOP_MODIFY_PASSWD, &op->ore_reqoid ) == 0 );
rs->sr_err = sasl_getprop( op->o_conn->c_sasl_authctx, SASL_USERNAME,
- (SASL_CONST void **)&id.bv_val );
+ (SASL_CONST void **)(char *)&id.bv_val );
if( rs->sr_err != SASL_OK ) {
rs->sr_text = "unable to retrieve SASL username";
diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
index 3fd24ad87d2386f35b584f493090694b036fbfd6..2f6fd33d48aa4e5d6fcf374afd933e9767a9da6b 100644
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* Portions Copyright 2000 Mark Adamson, Carnegie Mellon.
* All rights reserved.
*
@@ -1130,6 +1130,7 @@ is_dn: bv.bv_len = uri->bv_len - (bv.bv_val - uri->bv_val);
} else {
BER_BVSTR( &group_oc, SLAPD_GROUP_CLASS );
+ BER_BVSTR( &member_at, SLAPD_GROUP_ATTR );
}
group_dn.bv_val++;
group_dn.bv_len = uri->bv_len - ( group_dn.bv_val - uri->bv_val );
@@ -1606,7 +1607,7 @@ static int sasl_sc_sasl2dn( Operation *op, SlapReply *rs )
Debug( LDAP_DEBUG_TRACE,
"%s: slap_sc_sasl2dn: search DN returned more than 1 entry\n",
op->o_log_prefix, 0, 0 );
- return LDAP_OTHER;
+ return LDAP_UNAVAILABLE; /* short-circuit the search */
}
ber_dupbv_x( ndn, &rs->sr_entry->e_nname, op->o_tmpmemctx );
@@ -1623,23 +1624,11 @@ static int sasl_sc_smatch( Operation *o, SlapReply *rs )
{
smatch_info *sm = o->o_callback->sc_private;
- if ( rs->sr_type != REP_SEARCH ) {
- if ( rs->sr_err != LDAP_SUCCESS ) {
- sm->match = -1;
- }
- return 0;
- }
-
- if ( sm->match == 1 ) {
- sm->match = -1;
- return 0;
- }
+ if (rs->sr_type != REP_SEARCH) return 0;
if (dn_match(sm->dn, &rs->sr_entry->e_nname)) {
sm->match = 1;
-
- } else {
- sm->match = -1;
+ return LDAP_UNAVAILABLE; /* short-circuit the search */
}
return 0;
@@ -1859,7 +1848,7 @@ exact_match:
op.o_bd->be_search( &op, &rs );
- if (sm.match == 1) {
+ if (sm.match) {
rc = LDAP_SUCCESS;
} else {
rc = LDAP_INAPPROPRIATE_AUTH;
@@ -1893,14 +1882,18 @@ slap_sasl_check_authz( Operation *op,
AttributeDescription *ad,
struct berval *authc )
{
- int rc;
- BerVarray vals = NULL;
+ int rc,
+ do_not_cache = op->o_do_not_cache;
+ BerVarray vals = NULL;
Debug( LDAP_DEBUG_TRACE,
"==>slap_sasl_check_authz: does %s match %s rule in %s?\n",
assertDN->bv_val, ad->ad_cname.bv_val, searchDN->bv_val);
+ /* ITS#4760: don't cache group access */
+ op->o_do_not_cache = 1;
rc = backend_attribute( op, NULL, searchDN, ad, &vals, ACL_AUTH );
+ op->o_do_not_cache = do_not_cache;
if( rc != LDAP_SUCCESS ) goto COMPLETE;
/* Check if the *assertDN matches any *vals */
diff --git a/servers/slapd/schema.c b/servers/slapd/schema.c
index 403dac0cdfa9f7adfd83f3e245f03b798f67ef01..6071be120fcedffe5caa5f7f15833943dd932ea4 100644
--- a/servers/slapd/schema.c
+++ b/servers/slapd/schema.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -120,11 +120,11 @@ schema_info( Entry **entry, const char **text )
char timebuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
/*
- * According to RFC 2251:
+ * According to RFC 4512:
- Servers SHOULD provide the attributes createTimestamp and
- modifyTimestamp in subschema entries, in order to allow clients to
- maintain their caches of schema information.
+ Servers SHOULD maintain the 'creatorsName', 'createTimestamp',
+ 'modifiersName', and 'modifyTimestamp' attributes for all entries of
+ the DIT.
* to be conservative, we declare schema created
* AND modified at server startup time ...
diff --git a/servers/slapd/schema/README b/servers/slapd/schema/README
index befd8baabefd854f8939e536fbe706699a8b43aa..e449d69b859ad21331da9e3c871a0da61997de33 100644
--- a/servers/slapd/schema/README
+++ b/servers/slapd/schema/README
@@ -34,7 +34,7 @@ convert schema files in general.
This notice applies to all files in this directory.
-Copyright 1998-2006 The OpenLDAP Foundation, Redwood City, California, USA
+Copyright 1998-2007 The OpenLDAP Foundation, Redwood City, California, USA
All rights reserved.
Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/schema/collective.schema b/servers/slapd/schema/collective.schema
index 2d70fd2e851d197f975263b1e51098d89648db41..4d1dd366274431930ba35a282ba65cdf024ea6b2 100644
--- a/servers/slapd/schema/collective.schema
+++ b/servers/slapd/schema/collective.schema
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/schema/corba.schema b/servers/slapd/schema/corba.schema
index 4ea408fb8ae208a8f656f31bfec86c12a7f10696..e100cf36a045a6845fa2a30646dc82859b508ea3 100644
--- a/servers/slapd/schema/corba.schema
+++ b/servers/slapd/schema/corba.schema
@@ -4,7 +4,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/schema/core.ldif b/servers/slapd/schema/core.ldif
index 94c0ee464d2f1f2a885134fcd3f1d5532b688ef4..f82aac80d709b062d915231e8b3f99f4e0eca334 100644
--- a/servers/slapd/schema/core.ldif
+++ b/servers/slapd/schema/core.ldif
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/schema/core.schema b/servers/slapd/schema/core.schema
index b95844c4f5e67467bee73dda4222762a6508578f..5f8cba5679ad81f1c7b5b4a3ae9b7e372f86b1db 100644
--- a/servers/slapd/schema/core.schema
+++ b/servers/slapd/schema/core.schema
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/schema/cosine.ldif b/servers/slapd/schema/cosine.ldif
new file mode 100644
index 0000000000000000000000000000000000000000..21b8c703b9adac5daf5ec3cd9c738eaab3296128
--- /dev/null
+++ b/servers/slapd/schema/cosine.ldif
@@ -0,0 +1,200 @@
+# RFC1274: Cosine and Internet X.500 schema
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# RFC1274: Cosine and Internet X.500 schema
+#
+# This file contains LDAPv3 schema derived from X.500 COSINE "pilot"
+# schema. As this schema was defined for X.500(89), some
+# oddities were introduced in the mapping to LDAPv3. The
+# mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt
+# (a work in progress)
+#
+# Note: It seems that the pilot schema evolved beyond what was
+# described in RFC1274. However, this document attempts to describes
+# RFC1274 as published.
+#
+# Depends on core.ldif
+#
+# This file was automatically generated from cosine.schema; see that
+# file for complete background.
+#
+dn: cn=cosine,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: cosine
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress'
+ EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.
+ 1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.4 NAME 'info' DESC 'RFC1274: g
+ eneral information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDri
+ nk' ) DESC 'RFC1274: favorite drink' EQUALITY caseIgnoreMatch SUBSTR caseIgno
+ reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC 'RFC1
+ 274: room number' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S
+ YNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC 'RFC1274:
+ photo (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC 'RFC12
+ 74: category of user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat
+ ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.9 NAME 'host' DESC 'RFC1274: h
+ ost computer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA
+ X 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC 'RFC127
+ 4: DN of manager' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115
+ .121.1.12 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' D
+ ESC 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch SUBSTR
+ caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' DESC '
+ RFC1274: title of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstri
+ ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' DES
+ C 'RFC1274: version of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu
+ bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' DESC
+ 'RFC1274: DN of author of document' EQUALITY distinguishedNameMatch SYNTAX 1
+ .3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' DE
+ SC 'RFC1274: location of document original' EQUALITY caseIgnoreMatch SUBSTR c
+ aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTe
+ lephoneNumber' ) DESC 'RFC1274: home telephone number' EQUALITY telephoneNumb
+ erMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121
+ .1.50 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'RFC
+ 1274: DN of secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.146
+ 6.115.121.1.12 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' SYNTAX
+ 1.3.6.1.4.1.1466.115.121.1.39 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY ca
+ seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY c
+ aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY c
+ aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY c
+ aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' EQUALITY
+ caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALIT
+ Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC
+ 'RFC1274: DN of entry associated with domain' EQUALITY distinguishedNameMatc
+ h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' D
+ ESC 'RFC1274: home postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIg
+ noreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' DESC
+ 'RFC1274: personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring
+ sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTel
+ ephoneNumber' ) DESC 'RFC1274: mobile telephone number' EQUALITY telephoneNum
+ berMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12
+ 1.1.50 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelep
+ honeNumber' ) DESC 'RFC1274: pager telephone number' EQUALITY telephoneNumber
+ Match SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1
+ .50 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCount
+ ryName' ) DESC 'RFC1274: friendly country name' EQUALITY caseIgnoreMatch SUBS
+ TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' DE
+ SC 'RFC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.14
+ 66.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus
+ ' DESC 'RFC1274: organizational status' EQUALITY caseIgnoreMatch SUBSTR caseI
+ gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' DESC '
+ RFC1274: Janet mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst
+ ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.47 NAME 'mailPreferenceOption
+ ' DESC 'RFC1274: mail preference option' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.48 NAME 'buildingName' DESC '
+ RFC1274: name of building' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin
+ gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' DESC 'RF
+ C1274: DSA Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality'
+ DESC 'RFC1274: Single Level Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SIN
+ GLE-VALUE )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQualit
+ y' DESC 'RFC1274: Subtree Mininum Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 13 SINGLE-VALUE )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQualit
+ y' DESC 'RFC1274: Subtree Maximun Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 13 SINGLE-VALUE )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' D
+ ESC 'RFC1274: Personal Signature (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 23 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' DESC 'R
+ FC1274: DIT Redirect' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466
+ .115.121.1.12 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC 'RFC1274
+ : audio (u-law)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' D
+ ESC 'RFC1274: publisher of document' EQUALITY caseIgnoreMatch SUBSTR caseIgno
+ reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson' 'newPilo
+ tPerson' ) SUP person STRUCTURAL MAY ( userid $ textEncodedORAddress $ rfc822
+ Mailbox $ favouriteDrink $ roomNumber $ userClass $ homeTelephoneNumber $ hom
+ ePostalAddress $ secretary $ personalTitle $ preferredDeliveryMethod $ busine
+ ssCategory $ janetMailbox $ otherMailbox $ mobileTelephoneNumber $ pagerTelep
+ honeNumber $ organizationalStatus $ mailPreferenceOption $ personalSignature
+ ) )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRUCT
+ URAL MUST userid MAY ( description $ seeAlso $ localityName $ organizationNam
+ e $ organizationalUnitName $ host ) )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STRUC
+ TURAL MUST documentIdentifier MAY ( commonName $ description $ seeAlso $ loca
+ lityName $ organizationName $ organizationalUnitName $ documentTitle $ docume
+ ntVersion $ documentAuthor $ documentLocation $ documentPublisher ) )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTURA
+ L MUST commonName MAY ( roomNumber $ description $ seeAlso $ telephoneNumber
+ ) )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP top
+ STRUCTURAL MUST commonName MAY ( description $ seeAlso $ telephonenumber $ l
+ ocalityName $ organizationName $ organizationalUnitName ) )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top STRUCT
+ URAL MUST domainComponent MAY ( associatedName $ organizationName $ descripti
+ on $ businessCategory $ seeAlso $ searchGuide $ userPassword $ localityName $
+ stateOrProvinceName $ streetAddress $ physicalDeliveryOfficeName $ postalAdd
+ ress $ postalCode $ postOfficeBox $ streetAddress $ facsimileTelephoneNumber
+ $ internationalISDNNumber $ telephoneNumber $ teletexTerminalIdentifier $ tel
+ exNumber $ preferredDeliveryMethod $ destinationIndicator $ registeredAddress
+ $ x121Address ) )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' SUP d
+ omain STRUCTURAL MAY ( commonName $ surname $ description $ seeAlso $ telepho
+ neNumber $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOffi
+ ceBox $ streetAddress $ facsimileTelephoneNumber $ internationalISDNNumber $
+ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ preferredDelivery
+ Method $ destinationIndicator $ registeredAddress $ x121Address ) )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' SUP domain
+ STRUCTURAL MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAME
+ Record ) )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' D
+ ESC 'RFC1274: an object related to an domain' SUP top AUXILIARY MUST associat
+ edDomain )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP c
+ ountry STRUCTURAL MUST friendlyCountryName )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization' SU
+ P ( organization $ organizationalUnit ) STRUCTURAL MAY buildingName )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' SUP dsa STR
+ UCTURAL MAY dSAQuality )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData'
+ SUP top AUXILIARY MUST dsaQuality MAY ( subtreeMinimumQuality $ subtreeMaximu
+ mQuality ) )
diff --git a/servers/slapd/schema/cosine.schema b/servers/slapd/schema/cosine.schema
index 9477c731e9d467beb6f27cec911ab46aeae43dc6..8a8ba6b1902ce932380ff87825237109bb6414d1 100644
--- a/servers/slapd/schema/cosine.schema
+++ b/servers/slapd/schema/cosine.schema
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/schema/duaconf.schema b/servers/slapd/schema/duaconf.schema
index 1741265f8945dbd8816c1c05a343db5e93bb0fc5..eb70506a0e64223ee16e1f1e145db1d36f9288be 100644
--- a/servers/slapd/schema/duaconf.schema
+++ b/servers/slapd/schema/duaconf.schema
@@ -1,7 +1,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/schema/dyngroup.schema b/servers/slapd/schema/dyngroup.schema
index 5a42b06bfc1e954c53db94cdc074fd996e79b428..1650cb4965b90f0fd54cf9be6902f7cfb3c98ed8 100644
--- a/servers/slapd/schema/dyngroup.schema
+++ b/servers/slapd/schema/dyngroup.schema
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
@@ -14,8 +14,11 @@
## <http://www.OpenLDAP.org/license.html>.
#
# Dynamic Group schema (experimental), as defined by Netscape. See
-# http://enterprise.netscape.com/docs/enterprise/60/admin/esusrgrp.htm#1019520
-# for details.
+# http://www.redhat.com/docs/manuals/ent-server/pdf/esadmin611.pdf
+# page 70 for details on how these groups were used.
+#
+# A description of the objectclass definition is available here:
+# http://www.redhat.com/docs/manuals/dir-server/schema/7.1/oc_dir.html#1303745
#
# depends upon:
# core.schema
@@ -23,7 +26,23 @@
# These definitions are considered experimental due to the lack of
# a formal specification (e.g., RFC).
#
-# Not recommended for production use! Use with caution!
+# NOT RECOMMENDED FOR PRODUCTION USE! USE WITH CAUTION!
+#
+# The Netscape documentation describes this as an auxiliary objectclass
+# but their implementations have always defined it as a structural class.
+# The sloppiness here is because Netscape-derived servers don't actually
+# implement the X.500 data model, and they don't honor the distinction
+# between structural and auxiliary classes. This fact is noted here:
+# http://forum.java.sun.com/thread.jspa?threadID=5016864&messageID=9034636
+#
+# In accordance with the actual usage in practice, we define it as an
+# auxiliary class.
+#
+# Our definition of memberURL also does not match theirs but again
+# their published definition and what works in practice do not agree.
+# In other words, the Netscape definitions are broken and interoperability
+# is not guaranteed.
+#
objectIdentifier NetscapeRoot 2.16.840.1.113730
diff --git a/servers/slapd/schema/inetorgperson.ldif b/servers/slapd/schema/inetorgperson.ldif
new file mode 100644
index 0000000000000000000000000000000000000000..4ed87e8df33f005d2d83e66b79d6a903128b2364
--- /dev/null
+++ b/servers/slapd/schema/inetorgperson.ldif
@@ -0,0 +1,69 @@
+# InetOrgPerson (RFC2798)
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# InetOrgPerson (RFC2798)
+#
+# Depends upon
+# Definition of an X.500 Attribute Type and an Object Class to Hold
+# Uniform Resource Identifiers (URIs) [RFC2079]
+# (core.ldif)
+#
+# A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256]
+# (core.ldif)
+#
+# The COSINE and Internet X.500 Schema [RFC1274] (cosine.ldif)
+#
+# This file was automatically generated from inetorgperson.schema; see
+# that file for complete references.
+#
+dn: cn=inetorgperson,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: inetorgperson
+olcAttributeTypes: ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC279
+ 8: vehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR cas
+ eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC '
+ RFC2798: identifies a department within an organization' EQUALITY caseIgnoreM
+ atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: ( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'RFC
+ 2798: preferred name to be used when displaying entries' EQUALITY caseIgnoreM
+ atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI
+ NGLE-VALUE )
+olcAttributeTypes: ( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'RF
+ C2798: numerically identifies an employee within an organization' EQUALITY ca
+ seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12
+ 1.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RFC2
+ 798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgn
+ oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RFC2
+ 798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
+olcAttributeTypes: ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC
+ 'RFC2798: preferred written or spoken language for a person' EQUALITY caseIg
+ noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 15 SINGLE-VALUE )
+olcAttributeTypes: ( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' D
+ ESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4.1.14
+ 66.115.121.1.5 )
+olcAttributeTypes: ( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RFC2
+ 798: personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.1466.1
+ 15.121.1.5 )
+olcObjectClasses: ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2
+ 798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL MAY
+ ( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ em
+ ployeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ ini
+ tials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo
+ $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ pre
+ ferredLanguage $ userSMIMECertificate $ userPKCS12 ) )
diff --git a/servers/slapd/schema/inetorgperson.schema b/servers/slapd/schema/inetorgperson.schema
index edba41fae761e3f99173ffda25de84bc41554705..0574d07501d3397d55f80f9763ed20ce100419ea 100644
--- a/servers/slapd/schema/inetorgperson.schema
+++ b/servers/slapd/schema/inetorgperson.schema
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/schema/java.schema b/servers/slapd/schema/java.schema
index 1f9ac4fe8e12347171cc5b9e1ce9b9cc6be4dab1..054374d8777771a7798f7b81d7e1d3f9c9db32ba 100644
--- a/servers/slapd/schema/java.schema
+++ b/servers/slapd/schema/java.schema
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/schema/misc.schema b/servers/slapd/schema/misc.schema
index a5075b8142d025bd87b4e680aa8e2e3533b73d07..9707e1c85feedca4b16dea826ec42b242d3c7a54 100644
--- a/servers/slapd/schema/misc.schema
+++ b/servers/slapd/schema/misc.schema
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/schema/nadf.schema b/servers/slapd/schema/nadf.schema
index ffeb54f17378865f94ec86b531409fb06ae7c031..984bb93caf978b49470ba03bae74eccc0946bd13 100644
--- a/servers/slapd/schema/nadf.schema
+++ b/servers/slapd/schema/nadf.schema
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/schema/nis.ldif b/servers/slapd/schema/nis.ldif
new file mode 100644
index 0000000000000000000000000000000000000000..bd563d0a2f16ca44e922a1b0a8ebe05b3d1a8a77
--- /dev/null
+++ b/servers/slapd/schema/nis.ldif
@@ -0,0 +1,120 @@
+# NIS (RFC2307)
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# Definitions from RFC2307 (Experimental)
+# An Approach for Using LDAP as a Network Information Service
+#
+# Depends upon core.ldif and cosine.ldif
+#
+# This file was automatically generated from nis.schema; see that file
+# for complete references.
+#
+dn: cn=nis,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: nis
+olcAttributeTypes: ( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; th
+ e common name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc
+ h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absolut
+ e path to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1
+ 466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to th
+ e login shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2
+ 6 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY integ
+ erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY integerM
+ atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integer
+ Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY integerM
+ atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerMat
+ ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactI
+ A5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 26 )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY ca
+ seExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11
+ 5.121.1.26 )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgr
+ oup triple' SYNTAX 1.3.6.1.1.1.0.0 )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' EQUALITY intege
+ rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' SUP name )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' EQUALITY int
+ egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' EQUALITY integer
+ Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IP address
+ ' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP netw
+ ork' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI
+ NGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP netm
+ ask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI
+ NGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC address'
+ EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.bootp
+ aramd parameter' SYNTAX 1.3.6.1.1.1.0.1 )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image nam
+ e' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' SUP name )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' EQUALITY caseExac
+ tIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.
+ 1.26{1024} SINGLE-VALUE )
+olcObjectClasses: ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction o
+ f an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ uidNu
+ mber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $
+ description ) )
+olcObjectClasses: ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Additional a
+ ttributes for shadow passwords' SUP top AUXILIARY MUST uid MAY ( userPassword
+ $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive
+ $ shadowExpire $ shadowFlag $ description ) )
+olcObjectClasses: ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Abstraction of
+ a group of accounts' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( userPas
+ sword $ memberUid $ description ) )
+olcObjectClasses: ( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Abstraction an I
+ nternet Protocol service' SUP top STRUCTURAL MUST ( cn $ ipServicePort $ ipSe
+ rviceProtocol ) MAY description )
+olcObjectClasses: ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Abstraction of
+ an IP protocol' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber $ description
+ ) MAY description )
+olcObjectClasses: ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Abstraction of an O
+ NC/RPC binding' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber $ description ) M
+ AY description )
+olcObjectClasses: ( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Abstraction of a ho
+ st, an IP device' SUP top AUXILIARY MUST ( cn $ ipHostNumber ) MAY ( l $ desc
+ ription $ manager ) )
+olcObjectClasses: ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Abstraction of a
+ n IP network' SUP top STRUCTURAL MUST ( cn $ ipNetworkNumber ) MAY ( ipNetmas
+ kNumber $ l $ description $ manager ) )
+olcObjectClasses: ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Abstraction of
+ a netgroup' SUP top STRUCTURAL MUST cn MAY ( nisNetgroupTriple $ memberNisNe
+ tgroup $ description ) )
+olcObjectClasses: ( 1.3.6.1.1.1.2.9 NAME 'nisMap' DESC 'A generic abstracti
+ on of a NIS map' SUP top STRUCTURAL MUST nisMapName MAY description )
+olcObjectClasses: ( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'An entry in a
+ NIS map' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY descri
+ ption )
+olcObjectClasses: ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'A device w
+ ith a MAC address' SUP top AUXILIARY MAY macAddress )
+olcObjectClasses: ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'A device
+ with boot parameters' SUP top AUXILIARY MAY ( bootFile $ bootParameter ) )
diff --git a/servers/slapd/schema/nis.schema b/servers/slapd/schema/nis.schema
index 4e42f9f781ab0c7089e2e3747f2e21c436fdffd4..2461649a20f4fc39b41404c8f0dece1b185d5874 100644
--- a/servers/slapd/schema/nis.schema
+++ b/servers/slapd/schema/nis.schema
@@ -1,7 +1,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/schema/openldap.ldif b/servers/slapd/schema/openldap.ldif
index 9b535f2e08398fe6df1df6742033cc6cd73426cb..e046c944123bc5ebd8c6175a8705a9e6eca3b67f 100644
--- a/servers/slapd/schema/openldap.ldif
+++ b/servers/slapd/schema/openldap.ldif
@@ -1,7 +1,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/schema/openldap.schema b/servers/slapd/schema/openldap.schema
index 2679d805687704f9413d796b983ea14cd3c11abd..cff6e79f0872753bcf8b2663cfc85cce2ea0646c 100644
--- a/servers/slapd/schema/openldap.schema
+++ b/servers/slapd/schema/openldap.schema
@@ -1,7 +1,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/schema/ppolicy.schema b/servers/slapd/schema/ppolicy.schema
index 6d02239d314cb0c62a18cd90ebddf94f6115ae63..dc42c23ceaef12e8fc1413b578438ffc522089b0 100644
--- a/servers/slapd/schema/ppolicy.schema
+++ b/servers/slapd/schema/ppolicy.schema
@@ -1,7 +1,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 2004-2006 The OpenLDAP Foundation.
+## Copyright 2004-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/schema_check.c b/servers/slapd/schema_check.c
index bf6b75a8ca21f9382b4818df1bcbe3bb840a2035..19bed5b3bbcf03133ed0b5bc94de560842d0f4a2 100644
--- a/servers/slapd/schema_check.c
+++ b/servers/slapd/schema_check.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -47,15 +47,15 @@ entry_schema_check(
Entry *e,
Attribute *oldattrs,
int manage,
+ int add_soc,
const char** text,
char *textbuf, size_t textlen )
{
- Attribute *a, *asc, *aoc;
- ObjectClass *sc, *oc;
+ Attribute *a, *asc = NULL, *aoc = NULL;
+ ObjectClass *sc, *oc, **socs = NULL;
AttributeType *at;
ContentRule *cr;
int rc, i;
- struct berval nsc;
AttributeDescription *ad_structuralObjectClass
= slap_schema.si_ad_structuralObjectClass;
AttributeDescription *ad_objectClass
@@ -87,13 +87,18 @@ entry_schema_check(
assert( a->a_vals[0].bv_val != NULL );
if( a->a_desc->ad_type->sat_check ) {
- int rc = (a->a_desc->ad_type->sat_check)(
+ rc = (a->a_desc->ad_type->sat_check)(
op->o_bd, e, a, text, textbuf, textlen );
if( rc != LDAP_SUCCESS ) {
return rc;
}
}
+ if( a->a_desc == ad_structuralObjectClass )
+ asc = a;
+ else if ( a->a_desc == ad_objectClass )
+ aoc = a;
+
if( !collectiveSubentry && is_at_collective( a->a_desc->ad_type ) ) {
snprintf( textbuf, textlen,
"'%s' can only appear in collectiveAttributeSubentry",
@@ -117,9 +122,20 @@ entry_schema_check(
}
}
- /* find the structural object class attribute */
- asc = attr_find( e->e_attrs, ad_structuralObjectClass );
- if ( asc == NULL ) {
+ /* check the object class attribute */
+ if ( aoc == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "No objectClass for entry (%s)\n",
+ e->e_dn, 0, 0 );
+
+ *text = "no objectClass attribute";
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
+
+ assert( aoc->a_vals != NULL );
+ assert( aoc->a_vals[0].bv_val != NULL );
+
+ /* check the structural object class attribute */
+ if ( asc == NULL && !add_soc ) {
Debug( LDAP_DEBUG_ANY,
"No structuralObjectClass for entry (%s)\n",
e->e_dn, 0, 0 );
@@ -128,6 +144,19 @@ entry_schema_check(
return LDAP_OTHER;
}
+ rc = structural_class( aoc->a_vals, &oc, &socs, text, textbuf, textlen,
+ op->o_tmpmemctx );
+ if( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+
+ if ( asc == NULL && add_soc ) {
+ attr_merge_one( e, ad_structuralObjectClass, &oc->soc_cname, NULL );
+ asc = attr_find( e->e_attrs, ad_structuralObjectClass );
+ sc = oc;
+ goto got_soc;
+ }
+
assert( asc->a_vals != NULL );
assert( asc->a_vals[0].bv_val != NULL );
assert( asc->a_vals[1].bv_val == NULL );
@@ -142,7 +171,8 @@ entry_schema_check(
"entry_check_schema(%s): %s\n",
e->e_dn, textbuf, 0 );
- return LDAP_OBJECT_CLASS_VIOLATION;
+ rc = LDAP_OBJECT_CLASS_VIOLATION;
+ goto leave;
}
if( sc->soc_kind != LDAP_SCHEMA_STRUCTURAL ) {
@@ -154,9 +184,11 @@ entry_schema_check(
"entry_check_schema(%s): %s\n",
e->e_dn, textbuf, 0 );
- return LDAP_OTHER;
+ rc = LDAP_OTHER;
+ goto leave;
}
+got_soc:
if( !manage && sc->soc_obsolete ) {
snprintf( textbuf, textlen,
"structuralObjectClass '%s' is OBSOLETE",
@@ -166,25 +198,8 @@ entry_schema_check(
"entry_check_schema(%s): %s\n",
e->e_dn, textbuf, 0 );
- return LDAP_OBJECT_CLASS_VIOLATION;
- }
-
- /* find the object class attribute */
- aoc = attr_find( e->e_attrs, ad_objectClass );
- if ( aoc == NULL ) {
- Debug( LDAP_DEBUG_ANY, "No objectClass for entry (%s)\n",
- e->e_dn, 0, 0 );
-
- *text = "no objectClass attribute";
- return LDAP_OBJECT_CLASS_VIOLATION;
- }
-
- assert( aoc->a_vals != NULL );
- assert( aoc->a_vals[0].bv_val != NULL );
-
- rc = structural_class( aoc->a_vals, &nsc, &oc, text, textbuf, textlen );
- if( rc != LDAP_SUCCESS ) {
- return rc;
+ rc = LDAP_OBJECT_CLASS_VIOLATION;
+ goto leave;
}
*text = textbuf;
@@ -193,23 +208,25 @@ entry_schema_check(
snprintf( textbuf, textlen,
"unrecognized objectClass '%s'",
aoc->a_vals[0].bv_val );
- return LDAP_OBJECT_CLASS_VIOLATION;
+ rc = LDAP_OBJECT_CLASS_VIOLATION;
+ goto leave;
} else if ( sc != slap_schema.si_oc_glue && sc != oc ) {
snprintf( textbuf, textlen,
"structural object class modification "
"from '%s' to '%s' not allowed",
- asc->a_vals[0].bv_val, nsc.bv_val );
- return LDAP_NO_OBJECT_CLASS_MODS;
+ asc->a_vals[0].bv_val, oc->soc_cname.bv_val );
+ rc = LDAP_NO_OBJECT_CLASS_MODS;
+ goto leave;
} else if ( sc == slap_schema.si_oc_glue ) {
sc = oc;
}
/* naming check */
- if ( !is_entry_objectclass ( e, slap_schema.si_oc_glue, 0 ) ) {
+ if ( !is_entry_glue ( e ) ) {
rc = entry_naming_check( e, manage, text, textbuf, textlen );
if( rc != LDAP_SUCCESS ) {
- return rc;
+ goto leave;
}
} else {
/* Glue Entry */
@@ -232,7 +249,8 @@ entry_schema_check(
"Entry (%s): %s\n",
e->e_dn, textbuf, 0 );
- return LDAP_OBJECT_CLASS_VIOLATION;
+ rc = LDAP_OBJECT_CLASS_VIOLATION;
+ goto leave;
}
if( cr->scr_required ) for( i=0; cr->scr_required[i]; i++ ) {
@@ -255,7 +273,8 @@ entry_schema_check(
"Entry (%s): %s\n",
e->e_dn, textbuf, 0 );
- return LDAP_OBJECT_CLASS_VIOLATION;
+ rc = LDAP_OBJECT_CLASS_VIOLATION;
+ goto leave;
}
}
@@ -279,25 +298,15 @@ entry_schema_check(
"Entry (%s): %s\n",
e->e_dn, textbuf, 0 );
- return LDAP_OBJECT_CLASS_VIOLATION;
+ rc = LDAP_OBJECT_CLASS_VIOLATION;
+ goto leave;
}
}
}
/* check that the entry has required attrs for each oc */
- for ( i = 0; aoc->a_vals[i].bv_val != NULL; i++ ) {
- if ( (oc = oc_bvfind( &aoc->a_vals[i] )) == NULL ) {
- snprintf( textbuf, textlen,
- "unrecognized objectClass '%s'",
- aoc->a_vals[i].bv_val );
-
- Debug( LDAP_DEBUG_ANY,
- "entry_check_schema(%s): %s\n",
- e->e_dn, textbuf, 0 );
-
- return LDAP_OBJECT_CLASS_VIOLATION;
- }
-
+ for ( i = 0; socs[i]; i++ ) {
+ oc = socs[i];
if ( !manage && oc->soc_obsolete ) {
/* disallow obsolete classes */
snprintf( textbuf, textlen,
@@ -308,14 +317,15 @@ entry_schema_check(
"entry_check_schema(%s): %s\n",
e->e_dn, textbuf, 0 );
- return LDAP_OBJECT_CLASS_VIOLATION;
+ rc = LDAP_OBJECT_CLASS_VIOLATION;
+ goto leave;
}
if ( oc->soc_check ) {
- int rc = (oc->soc_check)( op->o_bd, e, oc,
+ rc = (oc->soc_check)( op->o_bd, e, oc,
text, textbuf, textlen );
if( rc != LDAP_SUCCESS ) {
- return rc;
+ goto leave;
}
}
@@ -326,20 +336,9 @@ entry_schema_check(
{
int j;
ObjectClass *xc = NULL;
- for( j=0; aoc->a_vals[j].bv_val; j++ ) {
+ for( j=0; socs[j]; j++ ) {
if( i != j ) {
- xc = oc_bvfind( &aoc->a_vals[i] );
- if( xc == NULL ) {
- snprintf( textbuf, textlen,
- "unrecognized objectClass '%s'",
- aoc->a_vals[i].bv_val );
-
- Debug( LDAP_DEBUG_ANY,
- "entry_check_schema(%s): %s\n",
- e->e_dn, textbuf, 0 );
-
- return LDAP_OBJECT_CLASS_VIOLATION;
- }
+ xc = socs[j];
/* since we previous check against the
* structural object of this entry, the
@@ -365,7 +364,8 @@ entry_schema_check(
"entry_check_schema(%s): %s\n",
e->e_dn, textbuf, 0 );
- return LDAP_OBJECT_CLASS_VIOLATION;
+ rc = LDAP_OBJECT_CLASS_VIOLATION;
+ goto leave;
}
}
@@ -387,23 +387,28 @@ entry_schema_check(
}
}
}
+ if ( k ) {
+ snprintf( textbuf, textlen,
+ "class '%s' not allowed by content rule '%s'",
+ oc->soc_cname.bv_val,
+ ldap_contentrule2name( &cr->scr_crule ) );
+ }
} else if ( global_disallows & SLAP_DISALLOW_AUX_WO_CR ) {
k = -1;
+ snprintf( textbuf, textlen,
+ "class '%s' not allowed by any content rule",
+ oc->soc_cname.bv_val );
} else {
k = 0;
}
if( k == -1 ) {
- snprintf( textbuf, textlen,
- "content rule '%s' does not allow class '%s'",
- ldap_contentrule2name( &cr->scr_crule ),
- oc->soc_cname.bv_val );
-
Debug( LDAP_DEBUG_ANY,
"Entry (%s): %s\n",
e->e_dn, textbuf, 0 );
- return LDAP_OBJECT_CLASS_VIOLATION;
+ rc = LDAP_OBJECT_CLASS_VIOLATION;
+ goto leave;
}
}
@@ -417,7 +422,8 @@ entry_schema_check(
"Entry (%s): %s\n",
e->e_dn, textbuf, 0 );
- return LDAP_OBJECT_CLASS_VIOLATION;
+ rc = LDAP_OBJECT_CLASS_VIOLATION;
+ goto leave;
}
if( oc == slap_schema.si_oc_extensibleObject ) {
@@ -428,39 +434,38 @@ entry_schema_check(
if( extensible ) {
*text = NULL;
- return LDAP_SUCCESS;
+ rc = LDAP_SUCCESS;
+ goto leave;
}
/* check that each attr in the entry is allowed by some oc */
for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
- int ret;
-
- ret = LDAP_OBJECT_CLASS_VIOLATION;
+ rc = LDAP_OBJECT_CLASS_VIOLATION;
if( cr && cr->scr_required ) {
for( i=0; cr->scr_required[i]; i++ ) {
if( cr->scr_required[i] == a->a_desc->ad_type ) {
- ret = LDAP_SUCCESS;
+ rc = LDAP_SUCCESS;
break;
}
}
}
- if( ret != LDAP_SUCCESS && cr && cr->scr_allowed ) {
+ if( rc != LDAP_SUCCESS && cr && cr->scr_allowed ) {
for( i=0; cr->scr_allowed[i]; i++ ) {
if( cr->scr_allowed[i] == a->a_desc->ad_type ) {
- ret = LDAP_SUCCESS;
+ rc = LDAP_SUCCESS;
break;
}
}
}
- if( ret != LDAP_SUCCESS )
+ if( rc != LDAP_SUCCESS )
{
- ret = oc_check_allowed( a->a_desc->ad_type, aoc->a_vals, sc );
+ rc = oc_check_allowed( a->a_desc->ad_type, socs, sc );
}
- if ( ret != LDAP_SUCCESS ) {
+ if ( rc != LDAP_SUCCESS ) {
char *type = a->a_desc->ad_cname.bv_val;
snprintf( textbuf, textlen,
@@ -471,12 +476,14 @@ entry_schema_check(
"Entry (%s), %s\n",
e->e_dn, textbuf, 0 );
- return ret;
+ goto leave;
}
}
*text = NULL;
- return LDAP_SUCCESS;
+leave:
+ slap_sl_free( socs, op->o_tmpmemctx );
+ return rc;
}
static char *
@@ -519,7 +526,7 @@ oc_check_required(
int oc_check_allowed(
AttributeType *at,
- BerVarray ocl,
+ ObjectClass **socs,
ObjectClass *sc )
{
int i, j;
@@ -562,9 +569,9 @@ int oc_check_allowed(
}
/* check that the type appears as req or opt in at least one oc */
- for ( i = 0; ocl[i].bv_val != NULL; i++ ) {
+ for ( i = 0; socs[i]; i++ ) {
/* if we know about the oc */
- ObjectClass *oc = oc_bvfind( &ocl[i] );
+ ObjectClass *oc = socs[i];
if ( oc != NULL && oc->soc_kind != LDAP_SCHEMA_ABSTRACT &&
( sc == NULL || oc->soc_kind == LDAP_SCHEMA_AUXILIARY ))
{
@@ -596,30 +603,40 @@ int oc_check_allowed(
*/
int structural_class(
BerVarray ocs,
- struct berval *scbv,
ObjectClass **scp,
+ ObjectClass ***socsp,
const char **text,
- char *textbuf, size_t textlen )
+ char *textbuf, size_t textlen,
+ void *ctx )
{
- int i;
- ObjectClass *oc;
+ int i, nocs;
+ ObjectClass *oc, **socs;
ObjectClass *sc = NULL;
int scn = -1;
*text = "structural_class: internal error";
- scbv->bv_len = 0;
+
+ /* count them */
+ for( i=0; ocs[i].bv_val; i++ ) ;
+ nocs = i;
+
+ socs = slap_sl_malloc( (nocs+1) * sizeof(ObjectClass *), ctx );
for( i=0; ocs[i].bv_val; i++ ) {
- oc = oc_bvfind( &ocs[i] );
+ socs[i] = oc_bvfind( &ocs[i] );
- if( oc == NULL ) {
+ if( socs[i] == NULL ) {
snprintf( textbuf, textlen,
"unrecognized objectClass '%s'",
ocs[i].bv_val );
*text = textbuf;
- return LDAP_OBJECT_CLASS_VIOLATION;
+ goto fail;
}
+ }
+ socs[i] = NULL;
+ for( i=0; ocs[i].bv_val; i++ ) {
+ oc = socs[i];
if( oc->soc_kind == LDAP_SCHEMA_STRUCTURAL ) {
if( sc == NULL || is_object_subclass( sc, oc ) ) {
sc = oc;
@@ -631,14 +648,14 @@ int structural_class(
/* find common superior */
for( j=i+1; ocs[j].bv_val; j++ ) {
- xc = oc_bvfind( &ocs[j] );
+ xc = socs[j];
if( xc == NULL ) {
snprintf( textbuf, textlen,
"unrecognized objectClass '%s'",
ocs[j].bv_val );
*text = textbuf;
- return LDAP_OBJECT_CLASS_VIOLATION;
+ goto fail;
}
if( xc->soc_kind != LDAP_SCHEMA_STRUCTURAL ) {
@@ -662,7 +679,7 @@ int structural_class(
"invalid structural object class chain (%s/%s)",
ocs[scn].bv_val, ocs[i].bv_val );
*text = textbuf;
- return LDAP_OBJECT_CLASS_VIOLATION;
+ goto fail;
}
}
}
@@ -674,24 +691,26 @@ int structural_class(
if( sc == NULL ) {
*text = "no structural object class provided";
- return LDAP_OBJECT_CLASS_VIOLATION;
+ goto fail;
}
if( scn < 0 ) {
*text = "invalid structural object class";
- return LDAP_OBJECT_CLASS_VIOLATION;
+ goto fail;
}
- *scbv = ocs[scn];
-
- if( scbv->bv_len == 0 ) {
- *text = "invalid structural object class";
- return LDAP_OBJECT_CLASS_VIOLATION;
+ if ( socsp ) {
+ *socsp = socs;
+ } else {
+ slap_sl_free( socs, ctx );
}
-
*text = NULL;
return LDAP_SUCCESS;
+
+fail:
+ slap_sl_free( socs, ctx );
+ return LDAP_OBJECT_CLASS_VIOLATION;
}
/*
@@ -701,9 +720,11 @@ int mods_structural_class(
Modifications *mods,
struct berval *sc,
const char **text,
- char *textbuf, size_t textlen )
+ char *textbuf, size_t textlen, void *ctx )
{
Modifications *ocmod = NULL;
+ ObjectClass *ssc;
+ int rc;
for( ; mods != NULL; mods = mods->sml_next ) {
if( mods->sml_desc == slap_schema.si_ad_objectClass ) {
@@ -725,8 +746,11 @@ int mods_structural_class(
return LDAP_OBJECT_CLASS_VIOLATION;
}
- return structural_class( ocmod->sml_values, sc, NULL,
- text, textbuf, textlen );
+ rc = structural_class( ocmod->sml_values, &ssc, NULL,
+ text, textbuf, textlen, ctx );
+ if ( rc == LDAP_SUCCESS )
+ *sc = ssc->soc_cname;
+ return rc;
}
diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
index f1a96bd0815115ba66b3342850ec6981155179f1..616d9703842915b381cccaf56eea1facf464339e 100644
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -710,11 +710,14 @@ bitStringValidate(
return LDAP_INVALID_SYNTAX;
}
- /*
- * RFC 2252 section 6.3 Bit String
- * bitstring = "'" *binary-digit "'B"
- * binary-digit = "0" / "1"
- * example: '0101111101'B
+ /* RFC 4517 Section 3.3.2 Bit String:
+ * BitString = SQUOTE *binary-digit SQUOTE "B"
+ * binary-digit = "0" / "1"
+ *
+ * where SQUOTE [RFC4512] is
+ * SQUOTE = %x27 ; single quote ("'")
+ *
+ * Example: '0101111101'B
*/
if( in->bv_val[0] != '\'' ||
@@ -734,39 +737,7 @@ bitStringValidate(
}
/*
- * Syntax is [RFC2252]:
- *
-
-6.3. Bit String
-
- ( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'Bit String' )
-
- Values in this syntax are encoded according to the following BNF:
-
- bitstring = "'" *binary-digit "'B"
-
- binary-digit = "0" / "1"
-
- ...
-
-6.21. Name And Optional UID
-
- ( 1.3.6.1.4.1.1466.115.121.1.34 DESC 'Name And Optional UID' )
-
- Values in this syntax are encoded according to the following BNF:
-
- NameAndOptionalUID = DistinguishedName [ "#" bitstring ]
-
- Although the '#' character may occur in a string representation of a
- distinguished name, no additional special quoting is done. This
- syntax has been added subsequent to RFC 1778.
-
- Example:
-
- 1.3.6.1.4.1.1466.0=#04024869,O=Test,C=GB#'0101'B
-
- *
- * draft-ietf-ldapbis-syntaxes-xx.txt says:
+ * Syntaxes from RFC 4517
*
3.3.2. Bit String
@@ -824,7 +795,7 @@ bitStringValidate(
[X.520].
*
- * draft-ietf-ldapbis-models-xx.txt [MODELS] says:
+ * RFC 4512 says:
*
1.4. Common ABNF Productions
@@ -842,11 +813,11 @@ bitStringValidate(
*
* 1.3.6.1.4.1.1466.0=#04024869,o=test,c=gb#'101'B
*
- * Since draft-ietf-ldapbis-dn-xx.txt clarifies that SHARP,
- * i.e. "#", doesn't have to be escaped except when at the
- * beginning of a value, the definition of Name and Optional
- * UID appears to be flawed, because there is no clear means
- * to determine whether the UID part is present or not.
+ * RFC 4514 clarifies that SHARP, i.e. "#", doesn't have to
+ * be escaped except when at the beginning of a value, the
+ * definition of Name and Optional UID appears to be flawed,
+ * because there is no clear means to determine whether the
+ * UID part is present or not.
*
* Example:
*
@@ -1292,7 +1263,7 @@ Summary:
TelephoneNumber subset subset i + ignore all spaces and "-"
- See draft-ietf-ldapbis-strpro for details (once published).
+ See RFC 4518 for details.
Directory String -
@@ -2078,8 +2049,6 @@ IA5StringValidate(
{
ber_len_t i;
- if( BER_BVISEMPTY( val ) ) return LDAP_INVALID_SYNTAX;
-
for(i=0; i < val->bv_len; i++) {
if( !LDAP_ASCII(val->bv_val[i]) ) {
return LDAP_INVALID_SYNTAX;
@@ -2102,8 +2071,6 @@ IA5StringNormalize(
int casefold = !SLAP_MR_ASSOCIATED( mr,
slap_schema.si_mr_caseExactIA5Match );
- assert( !BER_BVISEMPTY( val ) );
-
assert( SLAP_MR_IS_VALUE_OF_SYNTAX( use ) != 0 );
p = val->bv_val;
@@ -2140,18 +2107,12 @@ IA5StringNormalize(
* position. One is enough because the above loop collapsed
* all whitespace to a single space.
*/
- if ( ASCII_SPACE( q[-1] ) ) --q;
+ if ( q > normalized->bv_val && ASCII_SPACE( q[-1] ) ) --q;
/* null terminate */
*q = '\0';
normalized->bv_len = q - normalized->bv_val;
- if( BER_BVISEMPTY( normalized ) ) {
- normalized->bv_val = slap_sl_realloc( normalized->bv_val, 2, ctx );
- normalized->bv_val[0] = ' ';
- normalized->bv_val[1] = '\0';
- normalized->bv_len = 1;
- }
return LDAP_SUCCESS;
}
@@ -4194,13 +4155,13 @@ char *directoryStringSyntaxes[] = {
};
char *integerFirstComponentMatchSyntaxes[] = {
"1.3.6.1.4.1.1466.115.121.1.27" /* INTEGER */,
- "1.3.6.1.4.1.1466.115.121.1.17" /* ditStructureRuleDescription */,
+ "1.3.6.1.4.1.1466.115.121.1.17" /* dITStructureRuleDescription */,
NULL
};
char *objectIdentifierFirstComponentMatchSyntaxes[] = {
"1.3.6.1.4.1.1466.115.121.1.38" /* OID */,
"1.3.6.1.4.1.1466.115.121.1.3" /* attributeTypeDescription */,
- "1.3.6.1.4.1.1466.115.121.1.16" /* ditContentRuleDescription */,
+ "1.3.6.1.4.1.1466.115.121.1.16" /* dITContentRuleDescription */,
"1.3.6.1.4.1.1466.115.121.1.54" /* ldapSyntaxDescription */,
"1.3.6.1.4.1.1466.115.121.1.30" /* matchingRuleDescription */,
"1.3.6.1.4.1.1466.115.121.1.31" /* matchingRuleUseDescription */,
diff --git a/servers/slapd/schema_prep.c b/servers/slapd/schema_prep.c
index 5bc607d3f17d4bd8e3b1aae482b1d4f10d28ed66..43eb1be76687933f097de5ac0881260e74ef5ead 100644
--- a/servers/slapd/schema_prep.c
+++ b/servers/slapd/schema_prep.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -250,31 +250,24 @@ static int objectSubClassIndexer(
{
int rc, noc, i;
BerVarray ocvalues;
+ ObjectClass **socs;
for( noc=0; values[noc].bv_val != NULL; noc++ ) {
/* just count em */;
}
/* over allocate */
- ocvalues = slap_sl_malloc( sizeof( struct berval ) * (noc+16), ctx );
+ socs = slap_sl_malloc( (noc+16) * sizeof( ObjectClass * ), ctx );
- /* copy listed values (and termination) */
+ /* initialize */
for( i=0; i<noc; i++ ) {
- ObjectClass *oc = oc_bvfind( &values[i] );
- if( oc ) {
- ocvalues[i] = oc->soc_cname;
- } else {
- ocvalues[i] = values[i];
- }
+ socs[i] = oc_bvfind( &values[i] );
}
- ocvalues[i].bv_val = NULL;
- ocvalues[i].bv_len = 0;
-
/* expand values */
for( i=0; i<noc; i++ ) {
int j;
- ObjectClass *oc = oc_bvfind( &ocvalues[i] );
+ ObjectClass *oc = socs[i];
if( oc == NULL || oc->soc_sups == NULL ) continue;
for( j=0; oc->soc_sups[j] != NULL; j++ ) {
@@ -283,35 +276,37 @@ static int objectSubClassIndexer(
int k;
for( k=0; k<noc; k++ ) {
- if( bvmatch( &ocvalues[k], &sup->soc_cname ) ) {
+ if( sup == socs[k] ) {
found++;
break;
}
}
if( !found ) {
- ocvalues = slap_sl_realloc( ocvalues,
- sizeof( struct berval ) * (noc+2), ctx );
+ socs = slap_sl_realloc( socs,
+ sizeof( ObjectClass * ) * (noc+2), ctx );
assert( k == noc );
-
- ocvalues[noc] = sup->soc_cname;
-
- assert( ocvalues[noc].bv_val != NULL );
- assert( ocvalues[noc].bv_len != 0 );
-
- noc++;
-
- ocvalues[noc].bv_len = 0;
- ocvalues[noc].bv_val = NULL;
+ socs[noc++] = sup;
}
}
}
+ ocvalues = slap_sl_malloc( sizeof( struct berval ) * (noc+1), ctx );
+ /* copy values */
+ for( i=0; i<noc; i++ ) {
+ if ( socs[i] )
+ ocvalues[i] = socs[i]->soc_cname;
+ else
+ ocvalues[i] = values[i];
+ }
+ BER_BVZERO( &ocvalues[i] );
+
rc = octetStringIndexer( use, mask, syntax, mr,
prefix, ocvalues, keysp, ctx );
slap_sl_free( ocvalues, ctx );
+ slap_sl_free( socs, ctx );
return rc;
}
@@ -368,7 +363,7 @@ static struct slap_schema_oc_map {
{ "subschema", "( 2.5.20.1 NAME 'subschema' "
"DESC 'RFC4512: controlling subschema (sub)entry' "
"AUXILIARY "
- "MAY ( dITStructureRules $ nameForms $ ditContentRules $ "
+ "MAY ( dITStructureRules $ nameForms $ dITContentRules $ "
"objectClasses $ attributeTypes $ matchingRules $ "
"matchingRuleUse ) )",
subentryObjectClass, SLAP_OC_OPERATIONAL,
@@ -608,7 +603,7 @@ static struct slap_schema_ad_map {
"EQUALITY CSNMatch "
"ORDERING CSNOrderingMatch "
"SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} "
- "SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )",
+ "NO-USER-MODIFICATION USAGE dSAOperation )",
NULL, SLAP_AT_HIDE,
NULL, NULL,
NULL, NULL, NULL, NULL, NULL,
@@ -747,7 +742,7 @@ static struct slap_schema_ad_map {
offsetof(struct slap_internal_schema, si_ad_subtreeSpecification) },
/* subschema subentry attributes */
- { "ditStructureRules", "( 2.5.21.1 NAME 'dITStructureRules' "
+ { "dITStructureRules", "( 2.5.21.1 NAME 'dITStructureRules' "
"DESC 'RFC4512: DIT structure rules' "
"EQUALITY integerFirstComponentMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.17 "
@@ -756,7 +751,7 @@ static struct slap_schema_ad_map {
NULL, NULL,
NULL, NULL, NULL, NULL, NULL,
offsetof(struct slap_internal_schema, si_ad_ditStructureRules) },
- { "ditContentRules", "( 2.5.21.2 NAME 'dITContentRules' "
+ { "dITContentRules", "( 2.5.21.2 NAME 'dITContentRules' "
"DESC 'RFC4512: DIT content rules' "
"EQUALITY objectIdentifierFirstComponentMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.16 USAGE directoryOperation )",
@@ -991,18 +986,6 @@ static struct slap_schema_ad_map {
NULL, NULL, NULL, NULL, NULL,
offsetof(struct slap_internal_schema, si_ad_authPasswordSchemes) },
#endif
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
- { "krbName", "( 1.3.6.1.4.1.250.1.32 "
- "NAME ( 'krbName' 'kerberosName' ) "
- "DESC 'Kerberos principal associated with object' "
- "EQUALITY caseIgnoreIA5Match "
- "SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 "
- "SINGLE-VALUE )",
- NULL, 0,
- NULL, NULL,
- NULL, NULL, NULL, NULL, NULL,
- offsetof(struct slap_internal_schema, si_ad_krbName) },
-#endif
{ "description", "( 2.5.4.13 NAME 'description' "
"DESC 'RFC4519: descriptive information' "
diff --git a/servers/slapd/schemaparse.c b/servers/slapd/schemaparse.c
index e00d3af70e14ae5afbaabc12996d1eb62088daac..05535257b48e217c19b762361cffd5cefb0db3cf 100644
--- a/servers/slapd/schemaparse.c
+++ b/servers/slapd/schemaparse.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -24,6 +24,7 @@
#include "slap.h"
#include "ldap_schema.h"
+#include "config.h"
static void oc_usage(void);
static void at_usage(void);
@@ -124,28 +125,29 @@ cr_usage( void )
int
parse_cr(
- const char *fname,
- int lineno,
- char *line,
- char **argv,
+ struct config_args_s *c,
ContentRule **scr )
{
LDAPContentRule *cr;
int code;
const char *err;
+ char *line = strchr( c->line, '(' );
cr = ldap_str2contentrule( line, &code, &err, LDAP_SCHEMA_ALLOW_ALL );
if ( !cr ) {
- fprintf( stderr, "%s: line %d: %s before %s\n",
- fname, lineno, ldap_scherr2str(code), err );
+ snprintf( c->msg, sizeof( c->msg ), "%s: %s before %s",
+ c->argv[0], ldap_scherr2str( code ), err );
+ Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+ "%s %s\n", c->log, c->msg, 0 );
cr_usage();
return 1;
}
if ( cr->cr_oid == NULL ) {
- fprintf( stderr,
- "%s: line %d: Content rule has no OID\n",
- fname, lineno );
+ snprintf( c->msg, sizeof( c->msg ), "%s: OID is missing",
+ c->argv[0] );
+ Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+ "%s %s\n", c->log, c->msg, 0 );
cr_usage();
code = 1;
goto done;
@@ -153,8 +155,10 @@ parse_cr(
code = cr_add( cr, 1, scr, &err );
if ( code ) {
- fprintf( stderr, "%s: line %d: %s: \"%s\"\n",
- fname, lineno, scherr2str( code ), err );
+ snprintf( c->msg, sizeof( c->msg ), "%s: %s: \"%s\"",
+ c->argv[0], scherr2str(code), err);
+ Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+ "%s %s\n", c->log, c->msg, 0 );
code = 1;
goto done;
}
@@ -172,29 +176,30 @@ done:;
int
parse_oc(
- const char *fname,
- int lineno,
- char *line,
- char **argv,
+ struct config_args_s *c,
ObjectClass **soc,
ObjectClass *prev )
{
LDAPObjectClass *oc;
int code;
const char *err;
+ char *line = strchr( c->line, '(' );
oc = ldap_str2objectclass(line, &code, &err, LDAP_SCHEMA_ALLOW_ALL );
if ( !oc ) {
- fprintf( stderr, "%s: line %d: %s before %s\n",
- fname, lineno, ldap_scherr2str( code ), err );
+ snprintf( c->msg, sizeof( c->msg ), "%s: %s before %s",
+ c->argv[0], ldap_scherr2str( code ), err );
+ Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+ "%s %s\n", c->log, c->msg, 0 );
oc_usage();
return 1;
}
if ( oc->oc_oid == NULL ) {
- fprintf( stderr,
- "%s: line %d: objectclass has no OID\n",
- fname, lineno );
+ snprintf( c->msg, sizeof( c->msg ), "%s: OID is missing",
+ c->argv[0] );
+ Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+ "%s %s\n", c->log, c->msg, 0 );
oc_usage();
code = 1;
goto done;
@@ -202,8 +207,10 @@ parse_oc(
code = oc_add( oc, 1, soc, prev, &err );
if ( code ) {
- fprintf( stderr, "%s: line %d: %s: \"%s\"\n",
- fname, lineno, scherr2str( code ), err );
+ snprintf( c->msg, sizeof( c->msg ), "%s: %s: \"%s\"",
+ c->argv[0], scherr2str(code), err);
+ Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+ "%s %s\n", c->log, c->msg, 0 );
code = 1;
goto done;
}
@@ -264,29 +271,30 @@ at_usage( void )
int
parse_at(
- const char *fname,
- int lineno,
- char *line,
- char **argv,
+ struct config_args_s *c,
AttributeType **sat,
AttributeType *prev )
{
LDAPAttributeType *at;
int code;
const char *err;
+ char *line = strchr( c->line, '(' );
at = ldap_str2attributetype( line, &code, &err, LDAP_SCHEMA_ALLOW_ALL );
if ( !at ) {
- fprintf( stderr, "%s: line %d: %s before %s\n",
- fname, lineno, ldap_scherr2str(code), err );
+ snprintf( c->msg, sizeof( c->msg ), "%s: %s before %s",
+ c->argv[0], ldap_scherr2str(code), err );
+ Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+ "%s %s\n", c->log, c->msg, 0 );
at_usage();
return 1;
}
if ( at->at_oid == NULL ) {
- fprintf( stderr,
- "%s: line %d: attributeType has no OID\n",
- fname, lineno );
+ snprintf( c->msg, sizeof( c->msg ), "%s: OID is missing",
+ c->argv[0] );
+ Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+ "%s %s\n", c->log, c->msg, 0 );
at_usage();
code = 1;
goto done;
@@ -294,16 +302,20 @@ parse_at(
/* operational attributes should be defined internally */
if ( at->at_usage ) {
- fprintf( stderr, "%s: line %d: attribute type \"%s\" is operational\n",
- fname, lineno, at->at_oid );
+ snprintf( c->msg, sizeof( c->msg ), "%s: \"%s\" is operational",
+ c->argv[0], at->at_oid );
+ Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+ "%s %s\n", c->log, c->msg, 0 );
code = 1;
goto done;
}
code = at_add( at, 1, sat, prev, &err);
if ( code ) {
- fprintf( stderr, "%s: line %d: %s: \"%s\"\n",
- fname, lineno, scherr2str(code), err);
+ snprintf( c->msg, sizeof( c->msg ), "%s: %s: \"%s\"",
+ c->argv[0], scherr2str(code), err);
+ Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+ "%s %s\n", c->log, c->msg, 0 );
code = 1;
goto done;
}
diff --git a/servers/slapd/search.c b/servers/slapd/search.c
index b6eb2832f4c952b9401a359d40a242cc609656d1..f53584a9e88003fc62232b36f96f3b7a40b2fc80 100644
--- a/servers/slapd/search.c
+++ b/servers/slapd/search.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/sets.c b/servers/slapd/sets.c
index 50a4d0d56ef5909eb3627fecbe98be586427a743..22ec84f0556aa02033afaeb1a53163be411719b0 100644
--- a/servers/slapd/sets.c
+++ b/servers/slapd/sets.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2000-2006 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -265,10 +265,14 @@ slap_set_join(
done:;
if ( !( op_flags & SLAP_SET_LREFARR ) && lset != NULL ) {
+ if ( !( op_flags & SLAP_SET_LREFVAL ))
+ cp->set_op->o_tmpfree( lset->bv_val, cp->set_op->o_tmpmemctx );
cp->set_op->o_tmpfree( lset, cp->set_op->o_tmpmemctx );
}
if ( !( op_flags & SLAP_SET_RREFARR ) && rset != NULL ) {
+ if ( !( op_flags & SLAP_SET_RREFVAL ))
+ cp->set_op->o_tmpfree( rset->bv_val, cp->set_op->o_tmpmemctx );
cp->set_op->o_tmpfree( rset, cp->set_op->o_tmpmemctx );
}
diff --git a/servers/slapd/sets.h b/servers/slapd/sets.h
index e1d0f0f55c75c917c6aaf999a9454047a18223df..c63361432b042e6643a832acb6bd8309554a7297 100644
--- a/servers/slapd/sets.h
+++ b/servers/slapd/sets.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/shell-backends/Makefile.in b/servers/slapd/shell-backends/Makefile.in
index dbd783f1a96438888707e6289afeedb894bd4048..ae94a2ad2d05ca70b3a17e00e9da9edbc8bff980 100644
--- a/servers/slapd/shell-backends/Makefile.in
+++ b/servers/slapd/shell-backends/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/shell-backends/passwd-shell.c b/servers/slapd/shell-backends/passwd-shell.c
index 77601fc30e613dac9b799bab860c9e15d78c531a..b32de501d37b4df87ac79a9d580b9395f088c517 100644
--- a/servers/slapd/shell-backends/passwd-shell.c
+++ b/servers/slapd/shell-backends/passwd-shell.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/shell-backends/shellutil.c b/servers/slapd/shell-backends/shellutil.c
index 0321061bd4c62970b2d494bbe67d7e66a39a7bb8..54b7c0d018d2171e303b5e99ceb9c0f8f47ee168 100644
--- a/servers/slapd/shell-backends/shellutil.c
+++ b/servers/slapd/shell-backends/shellutil.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/shell-backends/shellutil.h b/servers/slapd/shell-backends/shellutil.h
index 40bed65a534e7af93d4ad09d343e9fba943627b8..08a6c0c8e15ef61c27d873786985406c6e031370 100644
--- a/servers/slapd/shell-backends/shellutil.h
+++ b/servers/slapd/shell-backends/shellutil.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/sl_malloc.c b/servers/slapd/sl_malloc.c
index b19507ab2adb324d0bcf5a7154bfe85706d22961..c9d87795eb54ce6d02b8806b8417d5c9af31219e 100644
--- a/servers/slapd/sl_malloc.c
+++ b/servers/slapd/sl_malloc.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h
index 1d25e3bcfd2e0a4031525e9f3dfc58f116b23384..f4c1cf7d1d99f32796b03ab0d7f4f0149a257d24 100644
--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -70,7 +70,6 @@ LDAP_BEGIN_DECL
#define SLAP_SORTEDRESULTS
#endif
-#define SLAP_RELAX
#define LDAP_DYNAMIC_OBJECTS
#define SLAP_CONTROL_X_TREE_DELETE LDAP_CONTROL_X_TREE_DELETE
#define SLAP_DISTPROC
@@ -158,7 +157,7 @@ LDAP_BEGIN_DECL
* on normalized/pretty DN, such that ';' is never used
* as RDN separator, and all occurrences of ';' must be escaped */
#define DN_SEPARATOR(c) ((c) == ',')
-#define RDN_ATTRTYPEANDVALUE_SEPARATOR(c) ((c) == '+') /* RFC 2253 */
+#define RDN_ATTRTYPEANDVALUE_SEPARATOR(c) ((c) == '+') /* RFC 4514 */
#define RDN_SEPARATOR(c) (DN_SEPARATOR(c) || RDN_ATTRTYPEANDVALUE_SEPARATOR(c))
#define RDN_NEEDSESCAPE(c) ((c) == '\\' || (c) == '"')
@@ -462,7 +461,7 @@ typedef struct slap_matching_rule_use MatchingRuleUse;
typedef struct slap_matching_rule {
LDAPMatchingRule smr_mrule;
MatchingRuleUse *smr_mru;
- /* RFC2252 string representation */
+ /* RFC 4512 string representation */
struct berval smr_str;
/*
* Note: the former
@@ -591,7 +590,7 @@ typedef struct slap_matching_rule {
struct slap_matching_rule_use {
LDAPMatchingRuleUse smru_mruleuse;
MatchingRule *smru_mr;
- /* RFC2252 string representation */
+ /* RFC 4512 string representation */
struct berval smru_str;
LDAP_SLIST_ENTRY(slap_matching_rule_use) smru_next;
@@ -783,6 +782,7 @@ typedef struct slap_attr_desc {
#define SLAP_DESC_NONE 0x00U
#define SLAP_DESC_BINARY 0x01U
#define SLAP_DESC_TAG_RANGE 0x80U
+#define SLAP_DESC_TEMPORARY 0x1000U
} AttributeDescription;
/* flags to slap_*2undef_ad to register undefined (0, the default)
@@ -900,9 +900,6 @@ struct slap_internal_schema {
#ifdef SLAPD_AUTHPASSWD
AttributeDescription *si_ad_authPassword;
AttributeDescription *si_ad_authPasswordSchemes;
-#endif
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
- AttributeDescription *si_ad_krbName;
#endif
AttributeDescription *si_ad_description;
AttributeDescription *si_ad_seeAlso;
@@ -978,7 +975,9 @@ typedef struct slap_mr_assertion {
*/
typedef struct slap_filter {
ber_tag_t f_choice; /* values taken from ldap.h, plus: */
-#define SLAPD_FILTER_COMPUTED ((ber_tag_t) -1)
+#define SLAPD_FILTER_COMPUTED 0
+#define SLAPD_FILTER_MASK 0x7fff
+#define SLAPD_FILTER_UNDEFINED 0x8000
union f_un_u {
/* precomputed result */
@@ -1232,6 +1231,7 @@ typedef enum slap_style_e {
ACL_STYLE_USERS,
ACL_STYLE_SELF,
ACL_STYLE_IP,
+ ACL_STYLE_IPV6,
ACL_STYLE_PATH
} slap_style_t;
@@ -1399,8 +1399,40 @@ typedef struct slap_access {
/* connection related stuff */
slap_style_t a_peername_style;
struct berval a_peername_pat;
+#ifdef LDAP_PF_INET6
+ union {
+ struct in6_addr ax6;
+ unsigned long ax;
+ } ax_peername_addr,
+ ax_peername_mask;
+#define a_peername_addr6 ax_peername_addr.ax6
+#define a_peername_addr ax_peername_addr.ax
+#define a_peername_mask6 ax_peername_mask.ax6
+#define a_peername_mask ax_peername_mask.ax
+/* apparently, only s6_addr is portable;
+ * define a portable address mask comparison */
+#define slap_addr6_mask(val, msk, asr) ( \
+ (((val)->s6_addr[0] & (msk)->s6_addr[0]) == (asr)->s6_addr[0]) \
+ && (((val)->s6_addr[1] & (msk)->s6_addr[1]) == (asr)->s6_addr[1]) \
+ && (((val)->s6_addr[2] & (msk)->s6_addr[2]) == (asr)->s6_addr[2]) \
+ && (((val)->s6_addr[3] & (msk)->s6_addr[3]) == (asr)->s6_addr[3]) \
+ && (((val)->s6_addr[4] & (msk)->s6_addr[4]) == (asr)->s6_addr[4]) \
+ && (((val)->s6_addr[5] & (msk)->s6_addr[5]) == (asr)->s6_addr[5]) \
+ && (((val)->s6_addr[6] & (msk)->s6_addr[6]) == (asr)->s6_addr[6]) \
+ && (((val)->s6_addr[7] & (msk)->s6_addr[7]) == (asr)->s6_addr[7]) \
+ && (((val)->s6_addr[8] & (msk)->s6_addr[8]) == (asr)->s6_addr[8]) \
+ && (((val)->s6_addr[9] & (msk)->s6_addr[9]) == (asr)->s6_addr[9]) \
+ && (((val)->s6_addr[10] & (msk)->s6_addr[10]) == (asr)->s6_addr[10]) \
+ && (((val)->s6_addr[11] & (msk)->s6_addr[11]) == (asr)->s6_addr[11]) \
+ && (((val)->s6_addr[12] & (msk)->s6_addr[12]) == (asr)->s6_addr[12]) \
+ && (((val)->s6_addr[13] & (msk)->s6_addr[13]) == (asr)->s6_addr[13]) \
+ && (((val)->s6_addr[14] & (msk)->s6_addr[14]) == (asr)->s6_addr[14]) \
+ && (((val)->s6_addr[15] & (msk)->s6_addr[15]) == (asr)->s6_addr[15]) \
+ )
+#else /* ! LDAP_PF_INET6 */
unsigned long a_peername_addr,
a_peername_mask;
+#endif /* ! LDAP_PF_INET6 */
int a_peername_port;
slap_style_t a_sockname_style;
@@ -1506,6 +1538,8 @@ typedef struct slap_bindconf {
int sb_version;
int sb_tls;
int sb_method;
+ int sb_timeout_api;
+ int sb_timeout_net;
struct berval sb_binddn;
struct berval sb_cred;
struct berval sb_saslmech;
@@ -1546,7 +1580,7 @@ typedef struct slap_cf_aux_table {
int off;
char type;
char quote;
- slap_verbmasks *aux;
+ void *aux;
} slap_cf_aux_table;
#define SLAP_LIMIT_TIME 1
@@ -1618,14 +1652,18 @@ typedef BackendDB Backend;
struct syncinfo_s;
#define SLAP_SYNC_RID_SIZE 3
+#define SLAP_SYNC_SID_MAX 4095 /* based on liblutil/csn.c field width */
#define SLAP_SYNCUUID_SET_SIZE 256
#define SLAP_SYNC_UPDATE_MSGID 1
struct sync_cookie {
- struct berval ctxcsn;
+ struct berval *ctxcsn;
struct berval octet_str;
- long rid;
+ int rid;
+ int sid;
+ int numcsns;
+ int *sids;
LDAP_STAILQ_ENTRY(sync_cookie) sc_next;
};
@@ -1780,7 +1818,6 @@ struct slap_backend_db {
#define SLAP_DISALLOW_BIND_ANON 0x0001U /* no anonymous */
#define SLAP_DISALLOW_BIND_SIMPLE 0x0002U /* simple authentication */
-#define SLAP_DISALLOW_BIND_KRBV4 0x0004U /* Kerberos V4 authentication */
#define SLAP_DISALLOW_TLS_2_ANON 0x0010U /* StartTLS -> Anonymous */
#define SLAP_DISALLOW_TLS_AUTHC 0x0020U /* TLS while authenticated */
@@ -1882,20 +1919,21 @@ typedef struct req_compare_s {
typedef struct req_modify_s {
Modifications *rs_modlist;
int rs_increment; /* FIXME: temporary */
+ char rs_no_opattrs; /* don't att modify operational attrs */
} req_modify_s;
typedef struct req_modrdn_s {
+ Modifications *rs_modlist;
struct berval rs_newrdn;
struct berval rs_nnewrdn;
struct berval *rs_newSup;
struct berval *rs_nnewSup;
int rs_deleteoldrdn;
- Modifications *rs_modlist;
} req_modrdn_s;
typedef struct req_add_s {
- Entry *rs_e;
Modifications *rs_modlist; /* FIXME: temporary */
+ Entry *rs_e;
} req_add_s;
typedef struct req_abandon_s {
@@ -1929,7 +1967,8 @@ typedef enum slap_reply_e {
REP_EXTENDED,
REP_SEARCH,
REP_SEARCHREF,
- REP_INTERMEDIATE
+ REP_INTERMEDIATE,
+ REP_GLUE_RESULT
} slap_reply_t;
typedef struct rep_sasl_s {
@@ -2045,7 +2084,7 @@ typedef ID (BI_tool_entry_next) LDAP_P(( BackendDB *be ));
typedef Entry* (BI_tool_entry_get) LDAP_P(( BackendDB *be, ID id ));
typedef ID (BI_tool_entry_put) LDAP_P(( BackendDB *be, Entry *e,
struct berval *text ));
-typedef int (BI_tool_entry_reindex) LDAP_P(( BackendDB *be, ID id ));
+typedef int (BI_tool_entry_reindex) LDAP_P(( BackendDB *be, ID id, AttributeDescription **adv ));
typedef int (BI_tool_sync) LDAP_P(( BackendDB *be ));
typedef ID (BI_tool_dn2id_get) LDAP_P(( BackendDB *be, struct berval *dn ));
typedef int (BI_tool_id2entry_get) LDAP_P(( BackendDB *be, ID id, Entry **e ));
@@ -2262,6 +2301,7 @@ typedef struct slap_overinfo {
/* Should successive callbacks in a chain be processed? */
#define SLAP_CB_FREEME 0x04000
+#define SLAP_CB_BYPASS 0x08800
#define SLAP_CB_CONTINUE 0x08000
/*
@@ -2348,6 +2388,19 @@ typedef struct slap_op_header {
#endif
} Opheader;
+typedef union slap_op_request {
+ req_add_s oq_add;
+ req_bind_s oq_bind;
+ req_compare_s oq_compare;
+ req_modify_s oq_modify;
+ req_modrdn_s oq_modrdn;
+ req_search_s oq_search;
+ req_abandon_s oq_abandon;
+ req_abandon_s oq_cancel;
+ req_extended_s oq_extended;
+ req_pwdexop_s oq_pwdexop;
+} OpRequest;
+
typedef struct slap_op {
Opheader *o_hdr;
@@ -2376,18 +2429,7 @@ typedef struct slap_op {
struct berval o_req_dn; /* DN of target of request */
struct berval o_req_ndn;
- union o_req_u {
- req_add_s oq_add;
- req_bind_s oq_bind;
- req_compare_s oq_compare;
- req_modify_s oq_modify;
- req_modrdn_s oq_modrdn;
- req_search_s oq_search;
- req_abandon_s oq_abandon;
- req_abandon_s oq_cancel;
- req_extended_s oq_extended;
- req_pwdexop_s oq_pwdexop;
- } o_request;
+ OpRequest o_request;
/* short hands for union members */
#define oq_add o_request.oq_add
@@ -2431,6 +2473,7 @@ typedef struct slap_op {
#define orn_msgid oq_abandon.rs_msgid
#define orm_modlist oq_modify.rs_modlist
#define orm_increment oq_modify.rs_increment
+#define orm_no_opattrs oq_modify.rs_no_opattrs
#define ore_reqoid oq_extended.rs_reqoid
#define ore_flags oq_extended.rs_flags
@@ -2445,6 +2488,7 @@ typedef struct slap_op {
GroupAssertion *o_groups;
char o_do_not_cache; /* don't cache groups from this op */
char o_is_auth_check; /* authorization in progress */
+ slap_access_t o_acl_priv;
char o_nocaching;
char o_delete_glue_parent;
diff --git a/servers/slapd/slapacl.c b/servers/slapd/slapacl.c
index 80ed5aef1647779a7b25533cbee2fd36979fa1c0..f8573b5ed5ea7369cadada8abe35d4f924a9f006 100644
--- a/servers/slapd/slapacl.c
+++ b/servers/slapd/slapacl.c
@@ -1,6 +1,6 @@
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
* Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved.
*
diff --git a/servers/slapd/slapadd.c b/servers/slapd/slapadd.c
index 6a01077dae327813f45dcb482c4aafadb0acf54b..72daa638c6b8e7fd212f1841ec7f15534755008b 100644
--- a/servers/slapd/slapadd.c
+++ b/servers/slapd/slapadd.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* Portions Copyright 2003 IBM Corporation.
* All rights reserved.
@@ -71,6 +71,7 @@ slapadd( int argc, char **argv )
memset( &opbuf, 0, sizeof(opbuf) );
op = (Operation *) &opbuf;
+ op->o_hdr = (Opheader *)(op+1);
if( !be->be_entry_open ||
!be->be_entry_close ||
@@ -163,8 +164,6 @@ slapadd( int argc, char **argv )
}
{
- Attribute *sc = attr_find( e->e_attrs,
- slap_schema.si_ad_structuralObjectClass );
Attribute *oc = attr_find( e->e_attrs,
slap_schema.si_ad_objectClass );
@@ -178,30 +177,11 @@ slapadd( int argc, char **argv )
break;
}
- if( sc == NULL ) {
- struct berval val;
-
- rc = structural_class( oc->a_vals, &val,
- NULL, &text, textbuf, textlen );
-
- if( rc != LDAP_SUCCESS ) {
- fprintf( stderr, "%s: dn=\"%s\" (line=%d): (%d) %s\n",
- progname, e->e_dn, lineno, rc, text );
- rc = EXIT_FAILURE;
- entry_free( e );
- if( continuemode ) continue;
- break;
- }
-
- attr_merge_one( e, slap_schema.si_ad_structuralObjectClass,
- &val, NULL );
- }
-
/* check schema */
op->o_bd = be;
if ( (slapMode & SLAP_TOOL_NO_SCHEMA_CHECK) == 0) {
- rc = entry_schema_check( op, e, NULL, manage,
+ rc = entry_schema_check( op, e, NULL, manage, 1,
&text, textbuf, textlen );
if( rc != LDAP_SUCCESS ) {
diff --git a/servers/slapd/slapauth.c b/servers/slapd/slapauth.c
index 31c5361d4bdace9cd66537bba5731f63565207d5..3a4c304ff940215166bdd4c3d5e7b21c4e5a8ffd 100644
--- a/servers/slapd/slapauth.c
+++ b/servers/slapd/slapauth.c
@@ -1,6 +1,6 @@
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
* Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved.
*
diff --git a/servers/slapd/slapcat.c b/servers/slapd/slapcat.c
index 930feb7a677723b438b19bfa0667d7c509a05a05..73732963fc72d78d5595fbc98378a276ed99f313 100644
--- a/servers/slapd/slapcat.c
+++ b/servers/slapd/slapcat.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* Portions Copyright 2003 IBM Corporation.
* All rights reserved.
diff --git a/servers/slapd/slapcommon.c b/servers/slapd/slapcommon.c
index bad640605a6485b68b45b4d3e26b2aae5653a0f0..70843c731e9c6c2317c568974ad916eafb46de17 100644
--- a/servers/slapd/slapcommon.c
+++ b/servers/slapd/slapcommon.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* Portions Copyright 2003 IBM Corporation.
* All rights reserved.
@@ -88,7 +88,7 @@ usage( int tool, const char *progname )
break;
case SLAPINDEX:
- options = " [-c]\n\t[-g] [-n databasenumber | -b suffix] [-q]\n";
+ options = " [-c]\n\t[-g] [-n databasenumber | -b suffix] [attr ...] [-q]\n";
break;
case SLAPTEST:
@@ -441,13 +441,19 @@ slap_tool_init(
switch ( tool ) {
case SLAPADD:
case SLAPCAT:
- case SLAPINDEX:
if ( ( argc != optind ) || (dbnum >= 0 && base.bv_val != NULL ) ) {
usage( tool, progname );
}
break;
+ case SLAPINDEX:
+ if ( dbnum >= 0 && base.bv_val != NULL ) {
+ usage( tool, progname );
+ }
+
+ break;
+
case SLAPDN:
if ( argc == optind ) {
usage( tool, progname );
diff --git a/servers/slapd/slapcommon.h b/servers/slapd/slapcommon.h
index a5da19eb763510b2a178679a7b0ed37196ed4a82..8f74a029e9df5f8b680f866dc206c705d2287112 100644
--- a/servers/slapd/slapcommon.h
+++ b/servers/slapd/slapcommon.h
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/slapd.conf b/servers/slapd/slapd.conf
index eaadebcf37b94d38e83a07b43089721206e0709c..4938b851b00b71f85fcc4fb7a0ffb92e1eae5650 100644
--- a/servers/slapd/slapd.conf
+++ b/servers/slapd/slapd.conf
@@ -18,8 +18,6 @@ argsfile %LOCALSTATEDIR%/run/slapd.args
# moduleload back_bdb.la
# moduleload back_hdb.la
# moduleload back_ldap.la
-# moduleload back_passwd.la
-# moduleload back_shell.la
# Sample security restrictions
# Require integrity protection (prevent hijacking)
diff --git a/servers/slapd/slapdn.c b/servers/slapd/slapdn.c
index d3e34fc7842642774d9b7990a30b2be545632442..0f59e97200ab5cf947444e4deb351ac8a503b03b 100644
--- a/servers/slapd/slapdn.c
+++ b/servers/slapd/slapdn.c
@@ -1,6 +1,6 @@
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
* Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved.
*
diff --git a/servers/slapd/slapi/Makefile.in b/servers/slapd/slapi/Makefile.in
index 40ddb6c60bbc208332de7e5fc76be73281303034..2e7df60d4dd79508e11dd3ad2538434f049aae6c 100644
--- a/servers/slapd/slapi/Makefile.in
+++ b/servers/slapd/slapi/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## Portions Copyright IBM Corp. 1997,2002,2003
## All rights reserved.
##
diff --git a/servers/slapd/slapi/plugin.c b/servers/slapd/slapi/plugin.c
index 22e482328a414782d9a6e21e35c9adc5ed2c99bf..da0085ca50f2c098f9bf932e6f1212dddcfc92fe 100644
--- a/servers/slapd/slapi/plugin.c
+++ b/servers/slapd/slapi/plugin.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2002-2006 The OpenLDAP Foundation.
+ * Copyright 2002-2007 The OpenLDAP Foundation.
* Portions Copyright 1997,2002-2003 IBM Corporation.
* All rights reserved.
*
diff --git a/servers/slapd/slapi/printmsg.c b/servers/slapd/slapi/printmsg.c
index 6ec1a591e07d6b4b76d8bb1a03c0a5f7d283be3b..22f96cc00cc167f46e78769ff7f6de4bc2b61815 100644
--- a/servers/slapd/slapi/printmsg.c
+++ b/servers/slapd/slapi/printmsg.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2002-2006 The OpenLDAP Foundation.
+ * Copyright 2002-2007 The OpenLDAP Foundation.
* Portions Copyright 1997,2002-2003 IBM Corporation.
* All rights reserved.
*
diff --git a/servers/slapd/slapi/proto-slapi.h b/servers/slapd/slapi/proto-slapi.h
index 45dfe1dc6de2e6493c8f4f89238a48d2b154164b..344b09623d3e6fc8a26735f9aa1dbd1a76b98446 100644
--- a/servers/slapd/slapi/proto-slapi.h
+++ b/servers/slapd/slapi/proto-slapi.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2002-2006 The OpenLDAP Foundation.
+ * Copyright 2002-2007 The OpenLDAP Foundation.
* Portions Copyright 1997,2002-2003 IBM Corporation.
* All rights reserved.
*
@@ -27,7 +27,7 @@ LDAP_BEGIN_DECL
/* slapi_utils.c */
LDAP_SLAPI_F (LDAPMod **) slapi_int_modifications2ldapmods LDAP_P(( Modifications * ));
-LDAP_SLAPI_F (Modifications *) slapi_int_ldapmods2modifications LDAP_P(( LDAPMod ** ));
+LDAP_SLAPI_F (Modifications *) slapi_int_ldapmods2modifications LDAP_P(( Operation *op, LDAPMod ** ));
LDAP_SLAPI_F (int) slapi_int_count_controls LDAP_P(( LDAPControl **ctrls ));
LDAP_SLAPI_F (char **) slapi_get_supported_extended_ops LDAP_P((void));
LDAP_SLAPI_F (int) slapi_int_access_allowed LDAP_P((Operation *op, Entry *entry, AttributeDescription *desc, struct berval *val, slap_access_t access, AccessControlState *state ));
diff --git a/servers/slapd/slapi/slapi.h b/servers/slapd/slapi/slapi.h
index 140c0592674f153eee505a06f59501b76572a322..f4b562b6e7932512c8f3ef18428b836781af03bf 100644
--- a/servers/slapd/slapi/slapi.h
+++ b/servers/slapd/slapi/slapi.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2002-2006 The OpenLDAP Foundation.
+ * Copyright 2002-2007 The OpenLDAP Foundation.
* Portions Copyright 1997,2002-2003 IBM Corporation.
* All rights reserved.
*
diff --git a/servers/slapd/slapi/slapi_dn.c b/servers/slapd/slapi/slapi_dn.c
index 9a0bae3204b4da7b0630dac7108fee7d480b8798..cbf0bca4a61dda50fbccf6dbafcde2914ce7ad24 100644
--- a/servers/slapd/slapi/slapi_dn.c
+++ b/servers/slapd/slapi/slapi_dn.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2005-2006 The OpenLDAP Foundation.
+ * Copyright 2005-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/slapi/slapi_ext.c b/servers/slapd/slapi/slapi_ext.c
index 823dd131a88804d490001005f2a2e408ddfaa498..92d9bab23b624e5f9eabac72231cec91b17b7d80 100644
--- a/servers/slapd/slapi/slapi_ext.c
+++ b/servers/slapd/slapi/slapi_ext.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/slapi/slapi_ops.c b/servers/slapd/slapi/slapi_ops.c
index aba0caeb44460bb6c4f1e9dd3458a1eb4f0ad1a8..27374322cb156e7d1250fb999a75f3897c5646dd 100644
--- a/servers/slapd/slapi/slapi_ops.c
+++ b/servers/slapd/slapi/slapi_ops.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2002-2006 The OpenLDAP Foundation.
+ * Copyright 2002-2007 The OpenLDAP Foundation.
* Portions Copyright 1997,2002-2003 IBM Corporation.
* All rights reserved.
*
@@ -465,7 +465,7 @@ slapi_add_internal_pb( Slapi_PBlock *pb )
assert( pb->pb_op->ora_modlist != NULL );
}
- rs->sr_err = slap_mods_check( pb->pb_op->ora_modlist, &rs->sr_text,
+ rs->sr_err = slap_mods_check( pb->pb_op, pb->pb_op->ora_modlist, &rs->sr_text,
pb->pb_textbuf, sizeof( pb->pb_textbuf ), NULL );
if ( rs->sr_err != LDAP_SUCCESS ) {
goto cleanup;
@@ -550,7 +550,7 @@ slapi_modify_internal_pb( Slapi_PBlock *pb )
goto cleanup;
}
- rs->sr_err = slap_mods_check( pb->pb_op->orm_modlist,
+ rs->sr_err = slap_mods_check( pb->pb_op, pb->pb_op->orm_modlist,
&rs->sr_text, pb->pb_textbuf, sizeof( pb->pb_textbuf ), NULL );
if ( rs->sr_err != LDAP_SUCCESS ) {
goto cleanup;
diff --git a/servers/slapd/slapi/slapi_overlay.c b/servers/slapd/slapi/slapi_overlay.c
index cdd6e0f7c1c56378e69dddf9962e88311a48c19f..fcbe435643fda766e4daf23ce4657c20fde19e36 100644
--- a/servers/slapd/slapi/slapi_overlay.c
+++ b/servers/slapd/slapi/slapi_overlay.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2006 The OpenLDAP Foundation.
+ * Copyright 2001-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -935,7 +935,7 @@ int slapi_over_config( BackendDB *be )
slapi_over_initialized = 1;
}
- return overlay_config( be, SLAPI_OVERLAY_NAME );
+ return overlay_config( be, SLAPI_OVERLAY_NAME, -1, NULL );
}
#endif /* LDAP_SLAPI */
diff --git a/servers/slapd/slapi/slapi_pblock.c b/servers/slapd/slapi/slapi_pblock.c
index bdf0e167ea5b3bd0a2ddbdb8c85695220b68a449..2414ce5ed6272b7d77b969dc1fbbfd5878207765 100644
--- a/servers/slapd/slapi/slapi_pblock.c
+++ b/servers/slapd/slapi/slapi_pblock.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2002-2006 The OpenLDAP Foundation.
+ * Copyright 2002-2007 The OpenLDAP Foundation.
* Portions Copyright 1997,2002-2003 IBM Corporation.
* All rights reserved.
*
@@ -497,7 +497,8 @@ pblock_get( Slapi_PBlock *pb, int param, void **value )
rc = mods_structural_class( pb->pb_op->ora_modlist,
&tmpval, &pb->pb_rs->sr_text,
- pb->pb_textbuf, sizeof( pb->pb_textbuf ));
+ pb->pb_textbuf, sizeof( pb->pb_textbuf ),
+ pb->pb_op->o_tmpmemctx );
*((char **)value) = tmpval.bv_val;
} else {
rc = PBLOCK_ERROR;
@@ -1004,7 +1005,7 @@ pblock_set( Slapi_PBlock *pb, int param, void *value )
break;
}
- newmods = slapi_int_ldapmods2modifications( (LDAPMod **)value );
+ newmods = slapi_int_ldapmods2modifications( pb->pb_op, (LDAPMod **)value );
if ( newmods != NULL ) {
slap_mods_free( *mlp, 1 );
*mlp = newmods;
diff --git a/servers/slapd/slapi/slapi_utils.c b/servers/slapd/slapi/slapi_utils.c
index 3a0939ff43a16e0f9e493a8265579ec387d3c006..6feae2bf7b37bb84c2805d4a9aba852a32b0af50 100644
--- a/servers/slapd/slapi/slapi_utils.c
+++ b/servers/slapd/slapi/slapi_utils.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2002-2006 The OpenLDAP Foundation.
+ * Copyright 2002-2007 The OpenLDAP Foundation.
* Portions Copyright 1997,2002-2003 IBM Corporation.
* All rights reserved.
*
@@ -2607,7 +2607,7 @@ int slapi_acl_check_mods(Slapi_PBlock *pb, Slapi_Entry *e, LDAPMod **mods, char
if ( pb == NULL || pb->pb_op == NULL )
return LDAP_PARAM_ERROR;
- ml = slapi_int_ldapmods2modifications( mods );
+ ml = slapi_int_ldapmods2modifications( pb->pb_op, mods );
if ( ml == NULL ) {
return LDAP_OTHER;
}
@@ -2677,7 +2677,7 @@ LDAPMod **slapi_int_modifications2ldapmods( Modifications *modlist )
* before prettying (and we can't easily get out of calling
* slap_mods_check() because we need normalized values).
*/
-Modifications *slapi_int_ldapmods2modifications ( LDAPMod **mods )
+Modifications *slapi_int_ldapmods2modifications ( Operation *op, LDAPMod **mods )
{
Modifications *modlist = NULL, **modtail;
LDAPMod **modp;
@@ -2746,7 +2746,7 @@ Modifications *slapi_int_ldapmods2modifications ( LDAPMod **mods )
modtail = &mod->sml_next;
}
- if ( slap_mods_check( modlist, &text, textbuf, sizeof( textbuf ), NULL ) != LDAP_SUCCESS ) {
+ if ( slap_mods_check( op, modlist, &text, textbuf, sizeof( textbuf ), NULL ) != LDAP_SUCCESS ) {
slap_mods_free( modlist, 1 );
modlist = NULL;
}
@@ -3118,7 +3118,7 @@ int slapi_entry_schema_check( Slapi_PBlock *pb, Slapi_Entry *e )
pb->pb_op->o_bd = select_backend( &e->e_nname, 0, 0 );
if ( pb->pb_op->o_bd != NULL ) {
- rc = entry_schema_check( pb->pb_op, e, NULL, 0,
+ rc = entry_schema_check( pb->pb_op, e, NULL, 0, 0,
&text, textbuf, textlen );
}
pb->pb_op->o_bd = be_orig;
diff --git a/servers/slapd/slapindex.c b/servers/slapd/slapindex.c
index 6f7499bdb95af958ee4607791bab62ad03c61cf4..4f8e326b55d2ea425f6a239c3189e52b792626b3 100644
--- a/servers/slapd/slapindex.c
+++ b/servers/slapd/slapindex.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* All rights reserved.
*
@@ -37,6 +37,7 @@ slapindex( int argc, char **argv )
ID id;
int rc = EXIT_SUCCESS;
const char *progname = "slapindex";
+ AttributeDescription *ad, **adv = NULL;
slap_tool_init( progname, SLAPINDEX, argc, argv );
@@ -51,12 +52,32 @@ slapindex( int argc, char **argv )
exit( EXIT_FAILURE );
}
+ argc -= optind;
+ if ( argc > 0 ) {
+ const char *text;
+ int i;
+
+ argv = &argv[optind];
+ adv = (AttributeDescription **)argv;
+
+ for (i = 0; i < argc; i++ ) {
+ ad = NULL;
+ rc = slap_str2ad( argv[i], &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "slap_str2ad(%s) failed %d (%s)\n",
+ argv[i], rc, ldap_err2string( rc ));
+ exit( EXIT_FAILURE );
+ }
+ adv[i] = ad;
+ }
+ }
+
if( be->be_entry_open( be, 0 ) != 0 ) {
fprintf( stderr, "%s: could not open database.\n",
progname );
exit( EXIT_FAILURE );
}
-
+
for ( id = be->be_entry_first( be );
id != NOID;
id = be->be_entry_next( be ) )
@@ -67,7 +88,7 @@ slapindex( int argc, char **argv )
printf("indexing id=%08lx\n", (long) id );
}
- rtn = be->be_entry_reindex( be, id );
+ rtn = be->be_entry_reindex( be, id, adv );
if( rtn != LDAP_SUCCESS ) {
rc = EXIT_FAILURE;
diff --git a/servers/slapd/slappasswd.c b/servers/slapd/slappasswd.c
index 9cb21e50b6de3fc7d3acb4f490bae5b462242b84..44751ecbf5e4441cd757113a67a026083f31d7f4 100644
--- a/servers/slapd/slappasswd.c
+++ b/servers/slapd/slappasswd.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* All rights reserved.
*
diff --git a/servers/slapd/slaptest.c b/servers/slapd/slaptest.c
index 6ad27ba7f0836e3972f728e55b8e6e2f212c9fdf..ca10c7a6c7e2543192b227d47926f20158c13b87 100644
--- a/servers/slapd/slaptest.c
+++ b/servers/slapd/slaptest.c
@@ -1,6 +1,6 @@
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004-2006 The OpenLDAP Foundation.
+ * Copyright 2004-2007 The OpenLDAP Foundation.
* Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved.
*
diff --git a/servers/slapd/starttls.c b/servers/slapd/starttls.c
index f2593e74742469769f873096d428acb45374a984..edc7a3ff8a759859b31abc4c6e45e3f0cd271c68 100644
--- a/servers/slapd/starttls.c
+++ b/servers/slapd/starttls.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/str2filter.c b/servers/slapd/str2filter.c
index f6ae9bf5b9dae2c1ebfdc51bd84d12b107c17b33..504ee5f7431e7984f12bf4992abb6bb9ae931777 100644
--- a/servers/slapd/str2filter.c
+++ b/servers/slapd/str2filter.c
@@ -1,8 +1,8 @@
-/* str2filter.c - parse an RFC 2554 string filter */
+/* str2filter.c - parse an RFC 4515 string filter */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/syncrepl.c b/servers/slapd/syncrepl.c
index 1cff5d1e45abe7ca6762c6531af65f6e6c389d11..1b313b5bbdcea3e358547fbfd79fcaf03dc02700 100644
--- a/servers/slapd/syncrepl.c
+++ b/servers/slapd/syncrepl.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
* Portions Copyright 2003 by IBM Corporation.
* Portions Copyright 2003 by Howard Chu, Symas Corporation.
* All rights reserved.
@@ -37,6 +37,14 @@ struct nonpresent_entry {
LDAP_LIST_ENTRY(nonpresent_entry) npe_link;
};
+typedef struct cookie_state {
+ ldap_pvt_thread_mutex_t cs_mutex;
+ int cs_num;
+ int cs_age;
+ struct berval *cs_vals;
+ int *cs_sids;
+} cookie_state;
+
#define SYNCDATA_DEFAULT 0 /* entries are plain LDAP entries */
#define SYNCDATA_ACCESSLOG 1 /* entries are accesslog format */
#define SYNCDATA_CHANGELOG 2 /* entries are changelog format */
@@ -50,9 +58,12 @@ struct nonpresent_entry {
#define RETRYNUM_FINITE(n) ((n) > RETRYNUM_FOREVER) /* not forever */
typedef struct syncinfo_s {
+ struct syncinfo_s *si_next;
struct slap_backend_db *si_be;
+ struct slap_backend_db *si_wbe;
struct re_s *si_re;
- long si_rid;
+ int si_rid;
+ char si_ridtxt[8];
slap_bindconf si_bindconf;
struct berval si_base;
struct berval si_logbase;
@@ -75,6 +86,8 @@ typedef struct syncinfo_s {
int *si_retrynum_init;
int *si_retrynum;
struct sync_cookie si_syncCookie;
+ cookie_state *si_cookieState;
+ int si_cookieAge;
int si_manageDSAit;
int si_slimit;
int si_tlimit;
@@ -99,9 +112,7 @@ static int syncrepl_message_to_entry(
Modifications **, Entry **, int );
static int syncrepl_entry(
syncinfo_t *, Operation*, Entry*,
- Modifications**,int, struct berval*,
- struct sync_cookie *,
- struct berval * );
+ Modifications**,int, struct berval* );
static int syncrepl_updateCookie(
syncinfo_t *, Operation *, struct berval *,
struct sync_cookie * );
@@ -137,7 +148,7 @@ init_syncrepl(syncinfo_t *si)
if ( si->si_allattrs ) {
i = 0;
while ( attrs[i] ) {
- if ( !is_at_operational( at_find( attrs[i] ))) {
+ if ( !is_at_operational( at_find( attrs[i] ) ) ) {
for ( j = i; attrs[j] != NULL; j++ ) {
if ( j == i )
ch_free( attrs[i] );
@@ -154,7 +165,7 @@ init_syncrepl(syncinfo_t *si)
} else if ( si->si_allopattrs ) {
i = 0;
while ( attrs[i] ) {
- if ( is_at_operational( at_find( attrs[i] ))) {
+ if ( is_at_operational( at_find( attrs[i] ) ) ) {
for ( j = i; attrs[j] != NULL; j++ ) {
if ( j == i )
ch_free( attrs[i] );
@@ -172,7 +183,7 @@ init_syncrepl(syncinfo_t *si)
for ( i = 0; sync_descs[i] != NULL; i++ ) {
j = 0;
while ( attrs[j] ) {
- if ( !strcmp( attrs[j], sync_descs[i]->ad_cname.bv_val )) {
+ if ( !strcmp( attrs[j], sync_descs[i]->ad_cname.bv_val ) ) {
for ( k = j; attrs[k] != NULL; k++ ) {
if ( k == j )
ch_free( attrs[k] );
@@ -187,9 +198,9 @@ init_syncrepl(syncinfo_t *si)
for ( n = 0; attrs[ n ] != NULL; n++ ) /* empty */;
if ( si->si_allopattrs ) {
- attrs = ( char ** ) ch_realloc( attrs, (n + 2)*sizeof( char * ));
+ attrs = ( char ** ) ch_realloc( attrs, (n + 2)*sizeof( char * ) );
} else {
- attrs = ( char ** ) ch_realloc( attrs, (n + 4)*sizeof( char * ));
+ attrs = ( char ** ) ch_realloc( attrs, (n + 4)*sizeof( char * ) );
}
if ( attrs == NULL ) {
@@ -238,7 +249,7 @@ init_syncrepl(syncinfo_t *si)
for ( i = 0; sync_descs[i] != NULL; i++ ) {
j = 0;
while ( exattrs[j] != NULL ) {
- if ( !strcmp( exattrs[j], sync_descs[i]->ad_cname.bv_val )) {
+ if ( !strcmp( exattrs[j], sync_descs[i]->ad_cname.bv_val ) ) {
ch_free( exattrs[j] );
for ( k = j; exattrs[k] != NULL; k++ ) {
exattrs[k] = exattrs[k+1];
@@ -256,7 +267,7 @@ init_syncrepl(syncinfo_t *si)
k = 0;
while ( oc->soc_required[k] ) {
if ( !strcmp( exattrs[i],
- oc->soc_required[k]->sat_cname.bv_val )) {
+ oc->soc_required[k]->sat_cname.bv_val ) ) {
ch_free( exattrs[i] );
for ( l = i; exattrs[l]; l++ ) {
exattrs[l] = exattrs[l+1];
@@ -272,7 +283,7 @@ init_syncrepl(syncinfo_t *si)
for ( i = 0; exattrs[i] != NULL; i++ ) ;
if ( i != n )
- exattrs = (char **) ch_realloc( exattrs, (i + 1)*sizeof(char *));
+ exattrs = (char **) ch_realloc( exattrs, (i + 1)*sizeof(char *) );
}
si->si_exattrs = exattrs;
@@ -330,8 +341,9 @@ ldap_sync_search(
/* If we're using a log but we have no state, then fallback to
* normal mode for a full refresh.
*/
- if ( si->si_syncdata && BER_BVISEMPTY( &si->si_syncCookie.ctxcsn ))
+ if ( si->si_syncdata && !si->si_syncCookie.numcsns ) {
si->si_logstate = SYNCLOG_FALLBACK;
+ }
/* Use the log parameters if we're in log mode */
if ( si->si_syncdata && si->si_logstate == SYNCLOG_LOGGING ) {
@@ -378,7 +390,7 @@ ldap_sync_search(
abs(si->si_type), rhint );
}
- if ( (rc = ber_flatten2( ber, &c[0].ldctl_value, 0 )) == LBER_ERROR ) {
+ if ( (rc = ber_flatten2( ber, &c[0].ldctl_value, 0 ) ) == LBER_ERROR ) {
ber_free_buf( ber );
return rc;
}
@@ -416,13 +428,10 @@ do_syncrep1(
int cmdline_cookie_found = 0;
struct sync_cookie *sc = NULL;
- struct berval *psub;
#ifdef HAVE_TLS
void *ssl;
#endif
- psub = &si->si_be->be_nsuffix[0];
-
rc = slap_client_connect( &si->si_ld, &si->si_bindconf );
if ( rc != LDAP_SUCCESS ) {
goto done;
@@ -444,25 +453,15 @@ do_syncrep1(
op->o_ssf = ( op->o_sasl_ssf > op->o_tls_ssf )
? op->o_sasl_ssf : op->o_tls_ssf;
-
- if ( BER_BVISNULL( &si->si_syncCookie.octet_str )) {
- /* get contextCSN shadow replica from database */
- BerVarray csn = NULL;
-
- assert( si->si_rid < 1000 );
- op->o_req_ndn = op->o_bd->be_nsuffix[0];
- op->o_req_dn = op->o_req_ndn;
-
- /* try to read stored contextCSN */
- backend_attribute( op, NULL, &op->o_req_ndn,
- slap_schema.si_ad_contextCSN, &csn, ACL_READ );
- if ( csn ) {
- ch_free( si->si_syncCookie.ctxcsn.bv_val );
- ber_dupbv( &si->si_syncCookie.ctxcsn, csn );
- ber_bvarray_free_x( csn, op->o_tmpmemctx );
- }
+ /* We've just started up, or the remote server hasn't sent us
+ * any meaningful state.
+ */
+ if ( BER_BVISNULL( &si->si_syncCookie.octet_str ) ) {
+ int i;
si->si_syncCookie.rid = si->si_rid;
+ si->si_syncCookie.sid = SLAP_SINGLE_SHADOW( si->si_be ) ? -1 :
+ slap_serverID;
LDAP_STAILQ_FOREACH( sc, &slap_sync_cookie, sc_next ) {
if ( si->si_rid == sc->rid ) {
@@ -478,25 +477,148 @@ do_syncrep1(
/* ctxcsn wasn't parsed yet, do it now */
slap_parse_sync_cookie( sc, op->o_tmpmemctx );
- if ( BER_BVISNULL( &sc->ctxcsn ) ) {
- /* if cmdline cookie does not have ctxcsn */
- /* component, set it to an initial value */
- slap_init_sync_cookie_ctxcsn( sc );
- }
slap_sync_cookie_free( &si->si_syncCookie, 0 );
slap_dup_sync_cookie( &si->si_syncCookie, sc );
slap_sync_cookie_free( sc, 1 );
+ } else {
+ ldap_pvt_thread_mutex_lock( &si->si_cookieState->cs_mutex );
+ if ( !si->si_cookieState->cs_num ) {
+ /* get contextCSN shadow replica from database */
+ BerVarray csn = NULL;
+ void *ctx = op->o_tmpmemctx;
+
+ op->o_req_ndn = op->o_bd->be_nsuffix[0];
+ op->o_req_dn = op->o_req_ndn;
+
+ /* try to read stored contextCSN */
+ op->o_tmpmemctx = NULL;
+ backend_attribute( op, NULL, &op->o_req_ndn,
+ slap_schema.si_ad_contextCSN, &csn, ACL_READ );
+ op->o_tmpmemctx = ctx;
+ if ( csn ) {
+ si->si_cookieState->cs_vals = csn;
+ for (i=0; !BER_BVISNULL( &csn[i] ); i++);
+ si->si_cookieState->cs_num = i;
+ si->si_cookieState->cs_sids = slap_parse_csn_sids( csn, i );
+ }
+ }
+ if ( si->si_cookieState->cs_num ) {
+ ber_bvarray_free( si->si_syncCookie.ctxcsn );
+ if ( ber_bvarray_dup_x( &si->si_syncCookie.ctxcsn,
+ si->si_cookieState->cs_vals, NULL )) {
+ rc = LDAP_NO_MEMORY;
+ goto done;
+ }
+ si->si_syncCookie.numcsns = si->si_cookieState->cs_num;
+ si->si_syncCookie.sids = ch_malloc( si->si_cookieState->cs_num *
+ sizeof(int) );
+ for ( i=0; i<si->si_syncCookie.numcsns; i++ )
+ si->si_syncCookie.sids[i] = si->si_cookieState->cs_sids[i];
+ }
+ ldap_pvt_thread_mutex_unlock( &si->si_cookieState->cs_mutex );
}
slap_compose_sync_cookie( NULL, &si->si_syncCookie.octet_str,
- &si->si_syncCookie.ctxcsn, si->si_syncCookie.rid );
+ si->si_syncCookie.ctxcsn, si->si_syncCookie.rid,
+ si->si_syncCookie.sid );
+ } else {
+ AttributeName at[2];
+ Attribute a = { slap_schema.si_ad_contextCSN };
+ Entry e = {0};
+ SlapReply rs = {0};
+ int i, j, changed = 0;
+
+ /* Look for contextCSN from syncprov overlay. If
+ * there's no overlay, this will be a no-op. That means
+ * this is a pure consumer, so local changes will not be
+ * allowed, and all changes will already be reflected in
+ * the cookieState.
+ */
+ e.e_attrs = &a;
+ e.e_name = si->si_wbe->be_suffix[0];
+ e.e_nname = si->si_wbe->be_nsuffix[0];
+ rs.sr_entry = &e;
+ rs.sr_flags = REP_ENTRY_MODIFIABLE;
+ at[0].an_name = a.a_desc->ad_cname;
+ at[0].an_desc = a.a_desc;
+ BER_BVZERO( &at[1].an_name );
+
+ ldap_pvt_thread_mutex_lock( &si->si_cookieState->cs_mutex );
+ rc = backend_operational( op, &rs );
+ if ( rc == LDAP_SUCCESS && a.a_vals ) {
+ int num;
+ for (i=0; !BER_BVISNULL( &a.a_vals[i] ); i++) ;
+ num = i;
+ /* check for differences */
+ if ( num != si->si_cookieState->cs_num ) {
+ changed = 1;
+ } else {
+ for ( i=0; i<num; i++ ) {
+ if ( ber_bvcmp( &a.a_vals[i],
+ &si->si_cookieState->cs_vals[i] )) {
+ changed =1;
+ break;
+ }
+ }
+ }
+ if ( changed ) {
+ ber_bvarray_free( si->si_cookieState->cs_vals );
+ ch_free( si->si_cookieState->cs_sids );
+ si->si_cookieState->cs_num = num;
+ si->si_cookieState->cs_vals = a.a_vals;
+ si->si_cookieState->cs_sids = slap_parse_csn_sids( a.a_vals,
+ num );
+ si->si_cookieState->cs_age++;
+ } else {
+ ber_bvarray_free( a.a_vals );
+ }
+ changed = 0;
+ }
+ /* See if the cookieState has changed due to anything outside
+ * this particular consumer. That includes other consumers in
+ * the same context, or local changes detected above.
+ */
+ if ( si->si_cookieState->cs_num > 1 && si->si_cookieAge !=
+ si->si_cookieState->cs_age ) {
+
+ for (i=0; !BER_BVISNULL( &si->si_syncCookie.ctxcsn[i] ); i++) {
+ /* bogus, just dup everything */
+ if ( si->si_syncCookie.sids[i] == -1 ) {
+ ber_bvarray_free( si->si_syncCookie.ctxcsn );
+ ber_bvarray_dup_x( &si->si_syncCookie.ctxcsn,
+ si->si_cookieState->cs_vals, NULL );
+ changed = 1;
+ break;
+ }
+ for (j=0; j<si->si_cookieState->cs_num; j++) {
+ if ( si->si_syncCookie.sids[i] !=
+ si->si_cookieState->cs_sids[j] )
+ continue;
+ if ( bvmatch( &si->si_syncCookie.ctxcsn[i],
+ &si->si_cookieState->cs_vals[j] ))
+ break;
+ ber_bvreplace( &si->si_syncCookie.ctxcsn[i],
+ &si->si_cookieState->cs_vals[j] );
+ changed = 1;
+ break;
+ }
+ }
+ if ( changed ) {
+ ch_free( si->si_syncCookie.octet_str.bv_val );
+ slap_compose_sync_cookie( NULL, &si->si_syncCookie.octet_str,
+ si->si_syncCookie.ctxcsn, si->si_syncCookie.rid,
+ SLAP_SINGLE_SHADOW( si->si_be ) ? -1 : slap_serverID );
+ }
+ }
+ ldap_pvt_thread_mutex_unlock( &si->si_cookieState->cs_mutex );
}
rc = ldap_sync_search( si, op->o_tmpmemctx );
if( rc != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY, "do_syncrep1: "
- "ldap_search_ext: %s (%d)\n", ldap_err2string( rc ), rc, 0 );
+ Debug( LDAP_DEBUG_ANY, "do_syncrep1: %s "
+ "ldap_search_ext: %s (%d)\n",
+ si->si_ridtxt, ldap_err2string( rc ), rc );
}
done:
@@ -510,6 +632,37 @@ done:
return rc;
}
+static int
+compare_csns( struct sync_cookie *sc1, struct sync_cookie *sc2, int *which )
+{
+ int i, j, match = 0;
+ const char *text;
+
+ *which = 0;
+
+ if ( sc1->numcsns < sc2->numcsns ) {
+ *which = sc1->numcsns;
+ return -1;
+ }
+
+ for (i=0; !BER_BVISNULL( &sc1->ctxcsn[i] ); i++) {
+ for (j=0; !BER_BVISNULL( &sc2->ctxcsn[j] ); j++) {
+ if ( sc1->sids[i] != sc2->sids[j] )
+ continue;
+ value_match( &match, slap_schema.si_ad_entryCSN,
+ slap_schema.si_ad_entryCSN->ad_type->sat_ordering,
+ SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+ &sc1->ctxcsn[i], &sc2->ctxcsn[i], &text );
+ if ( match < 0 ) {
+ *which = j;
+ return match;
+ }
+ break;
+ }
+ }
+ return match;
+}
+
static int
do_syncrep2(
Operation *op,
@@ -531,8 +684,8 @@ do_syncrep2(
int syncstate;
struct berval syncUUID = BER_BVNULL;
- struct sync_cookie syncCookie = { BER_BVNULL };
- struct sync_cookie syncCookie_req = { BER_BVNULL };
+ struct sync_cookie syncCookie = { NULL };
+ struct sync_cookie syncCookie_req = { NULL };
struct berval cookie = BER_BVNULL;
int rc, err;
@@ -541,8 +694,7 @@ do_syncrep2(
struct berval *psub;
Modifications *modlist = NULL;
- const char *text;
- int match;
+ int match, m;
struct timeval *tout_p = NULL;
struct timeval tout = { 0, 0 };
@@ -560,7 +712,7 @@ do_syncrep2(
ber_init2( ber, NULL, LBER_USE_DER );
ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
- Debug( LDAP_DEBUG_TRACE, "=>do_syncrep2\n", 0, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, "=>do_syncrep2 %s\n", si->si_ridtxt, 0, 0 );
psub = &si->si_be->be_nsuffix[0];
@@ -572,8 +724,8 @@ do_syncrep2(
tout_p = NULL;
}
- while (( rc = ldap_result( si->si_ld, LDAP_RES_ANY, LDAP_MSG_ONE,
- tout_p, &res )) > 0 )
+ while ( ( rc = ldap_result( si->si_ld, LDAP_RES_ANY, LDAP_MSG_ONE,
+ tout_p, &res ) ) > 0 )
{
if ( slapd_shutdown ) {
rc = -2;
@@ -599,9 +751,9 @@ do_syncrep2(
rctrlp = ldap_find_control( LDAP_CONTROL_SYNC_STATE, rctrls );
}
if ( rctrlp == NULL ) {
- Debug( LDAP_DEBUG_ANY, "do_syncrep2: "
+ Debug( LDAP_DEBUG_ANY, "do_syncrep2: %s "
"got search entry without "
- "Sync State control\n", 0, 0, 0 );
+ "Sync State control\n", si->si_ridtxt, 0, 0 );
rc = -1;
goto done;
}
@@ -610,8 +762,8 @@ do_syncrep2(
/* FIXME: what if syncUUID is NULL or empty?
* (happens with back-sql...) */
if ( BER_BVISEMPTY( &syncUUID ) ) {
- Debug( LDAP_DEBUG_ANY, "do_syncrep2: "
- "got empty syncUUID\n", 0, 0, 0 );
+ Debug( LDAP_DEBUG_ANY, "do_syncrep2: %s "
+ "got empty syncUUID\n", si->si_ridtxt, 0, 0 );
ldap_controls_free( rctrls );
rc = -1;
goto done;
@@ -630,16 +782,18 @@ do_syncrep2(
rc = 0;
if ( si->si_syncdata && si->si_logstate == SYNCLOG_LOGGING ) {
modlist = NULL;
- if (( rc = syncrepl_message_to_op( si, op, msg )) == LDAP_SUCCESS &&
- !BER_BVISNULL( &syncCookie.ctxcsn ) ) {
+ if ( ( rc = syncrepl_message_to_op( si, op, msg ) ) == LDAP_SUCCESS &&
+ syncCookie.ctxcsn )
+ {
rc = syncrepl_updateCookie( si, op, psub, &syncCookie );
}
- } else if (( rc = syncrepl_message_to_entry( si, op, msg,
- &modlist, &entry, syncstate )) == LDAP_SUCCESS ) {
- if (( rc = syncrepl_entry( si, op, entry, &modlist,
- syncstate, &syncUUID, &syncCookie_req,
- &syncCookie.ctxcsn )) == LDAP_SUCCESS &&
- !BER_BVISNULL( &syncCookie.ctxcsn ) ) {
+ } else if ( ( rc = syncrepl_message_to_entry( si, op, msg,
+ &modlist, &entry, syncstate ) ) == LDAP_SUCCESS )
+ {
+ if ( ( rc = syncrepl_entry( si, op, entry, &modlist,
+ syncstate, &syncUUID ) ) == LDAP_SUCCESS &&
+ syncCookie.ctxcsn )
+ {
rc = syncrepl_updateCookie( si, op, psub, &syncCookie );
}
}
@@ -653,12 +807,14 @@ do_syncrep2(
case LDAP_RES_SEARCH_REFERENCE:
Debug( LDAP_DEBUG_ANY,
- "do_syncrep2: reference received error\n", 0, 0, 0 );
+ "do_syncrep2: %s reference received error\n",
+ si->si_ridtxt, 0, 0 );
break;
case LDAP_RES_SEARCH_RESULT:
Debug( LDAP_DEBUG_SYNC,
- "do_syncrep2: LDAP_RES_SEARCH_RESULT\n", 0, 0, 0 );
+ "do_syncrep2: %s LDAP_RES_SEARCH_RESULT\n",
+ si->si_ridtxt, 0, 0 );
ldap_parse_result( si->si_ld, msg, &err, NULL, NULL, NULL,
&rctrls, 0 );
#ifdef LDAP_X_SYNC_REFRESH_REQUIRED
@@ -696,16 +852,13 @@ do_syncrep2(
}
ber_scanf( ber, /*"{"*/ "}" );
}
- if ( BER_BVISNULL( &syncCookie_req.ctxcsn )) {
+ if ( !syncCookie_req.ctxcsn ) {
match = -1;
- } else if ( BER_BVISNULL( &syncCookie.ctxcsn )) {
+ m = 0;
+ } else if ( !syncCookie.ctxcsn ) {
match = 1;
} else {
- value_match( &match, slap_schema.si_ad_entryCSN,
- slap_schema.si_ad_entryCSN->ad_type->sat_ordering,
- SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
- &syncCookie_req.ctxcsn, &syncCookie.ctxcsn,
- &text );
+ match = compare_csns( &syncCookie_req, &syncCookie, &m );
}
if ( rctrls ) {
ldap_controls_free( rctrls );
@@ -718,14 +871,14 @@ do_syncrep2(
if ( refreshDeletes == 0 && match < 0 &&
err == LDAP_SUCCESS )
{
- syncrepl_del_nonpresent( op, si, NULL, &syncCookie.ctxcsn );
+ syncrepl_del_nonpresent( op, si, NULL,
+ &syncCookie.ctxcsn[m] );
} else {
avl_free( si->si_presentlist, avl_ber_bvfree );
si->si_presentlist = NULL;
}
}
- if ( !BER_BVISNULL( &syncCookie.ctxcsn ) &&
- match < 0 && err == LDAP_SUCCESS )
+ if ( syncCookie.ctxcsn && match < 0 && err == LDAP_SUCCESS )
{
rc = syncrepl_updateCookie( si, op, psub, &syncCookie );
}
@@ -745,23 +898,24 @@ do_syncrep2(
if ( !rc && !strcmp( retoid, LDAP_SYNC_INFO ) ) {
ber_init2( ber, retdata, LBER_USE_DER );
- switch ( si_tag = ber_peek_tag( ber, &len )) {
+ switch ( si_tag = ber_peek_tag( ber, &len ) ) {
ber_tag_t tag;
case LDAP_TAG_SYNC_NEW_COOKIE:
Debug( LDAP_DEBUG_SYNC,
- "do_syncrep2: %s - %s%s\n",
+ "do_syncrep2: %s %s - %s\n",
+ si->si_ridtxt,
"LDAP_RES_INTERMEDIATE",
- "NEW_COOKIE", "\n" );
+ "NEW_COOKIE" );
ber_scanf( ber, "tm", &tag, &cookie );
break;
case LDAP_TAG_SYNC_REFRESH_DELETE:
case LDAP_TAG_SYNC_REFRESH_PRESENT:
Debug( LDAP_DEBUG_SYNC,
- "do_syncrep2: %s - %s%s\n",
+ "do_syncrep2: %s %s - %s\n",
+ si->si_ridtxt,
"LDAP_RES_INTERMEDIATE",
si_tag == LDAP_TAG_SYNC_REFRESH_PRESENT ?
- "REFRESH_PRESENT" : "REFRESH_DELETE",
- "\n" );
+ "REFRESH_PRESENT" : "REFRESH_DELETE" );
if ( si_tag == LDAP_TAG_SYNC_REFRESH_DELETE ) {
si->si_refreshDelete = 1;
} else {
@@ -789,10 +943,10 @@ do_syncrep2(
break;
case LDAP_TAG_SYNC_ID_SET:
Debug( LDAP_DEBUG_SYNC,
- "do_syncrep2: %s - %s%s\n",
+ "do_syncrep2: %s %s - %s\n",
+ si->si_ridtxt,
"LDAP_RES_INTERMEDIATE",
- "SYNC_ID_SET",
- "\n" );
+ "SYNC_ID_SET" );
ber_scanf( ber, "t{" /*"}"*/, &tag );
if ( ber_peek_tag( ber, &len ) ==
LDAP_TAG_SYNC_COOKIE )
@@ -805,6 +959,7 @@ do_syncrep2(
if ( !BER_BVISNULL( &syncCookie.octet_str ) )
{
slap_parse_sync_cookie( &syncCookie, NULL );
+ compare_csns( &syncCookie_req, &syncCookie, &m );
}
}
if ( ber_peek_tag( ber, &len ) ==
@@ -816,7 +971,7 @@ do_syncrep2(
ber_scanf( ber, /*"{"*/ "}" );
if ( refreshDeletes ) {
syncrepl_del_nonpresent( op, si, syncUUIDs,
- &syncCookie.ctxcsn );
+ &syncCookie.ctxcsn[m] );
ber_bvarray_free_x( syncUUIDs, op->o_tmpmemctx );
} else {
int i;
@@ -824,9 +979,12 @@ do_syncrep2(
struct berval *syncuuid_bv;
syncuuid_bv = ber_dupbv( NULL, &syncUUIDs[i] );
slap_sl_free( syncUUIDs[i].bv_val,op->o_tmpmemctx );
- avl_insert( &si->si_presentlist,
+ if ( avl_insert( &si->si_presentlist,
(caddr_t) syncuuid_bv,
- syncuuid_cmp, avl_dup_error );
+ syncuuid_cmp, avl_dup_error ) )
+ {
+ ber_bvfree( syncuuid_bv );
+ }
}
slap_sl_free( syncUUIDs, op->o_tmpmemctx );
}
@@ -834,31 +992,29 @@ do_syncrep2(
break;
default:
Debug( LDAP_DEBUG_ANY,
- "do_syncrep2 : unknown syncinfo tag (%ld)\n",
- (long) si_tag, 0, 0 );
+ "do_syncrep2: %s unknown syncinfo tag (%ld)\n",
+ si->si_ridtxt, (long) si_tag, 0 );
ldap_memfree( retoid );
ber_bvfree( retdata );
continue;
}
- if ( BER_BVISNULL( &syncCookie_req.ctxcsn )) {
+ if ( !syncCookie_req.ctxcsn ) {
match = -1;
- } else if ( BER_BVISNULL( &syncCookie.ctxcsn )) {
+ m = 0;
+ } else if ( !syncCookie.ctxcsn ) {
match = 1;
} else {
- value_match( &match, slap_schema.si_ad_entryCSN,
- slap_schema.si_ad_entryCSN->ad_type->sat_ordering,
- SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
- &syncCookie_req.ctxcsn,
- &syncCookie.ctxcsn, &text );
+ match = compare_csns( &syncCookie_req, &syncCookie, &m );
}
if ( match < 0 ) {
if ( si->si_refreshPresent == 1 ) {
- syncrepl_del_nonpresent( op, si, NULL, &syncCookie.ctxcsn );
+ syncrepl_del_nonpresent( op, si, NULL,
+ &syncCookie.ctxcsn[m] );
}
- if ( !BER_BVISNULL( &syncCookie.ctxcsn ))
+ if ( syncCookie.ctxcsn )
{
rc = syncrepl_updateCookie( si, op, psub, &syncCookie);
}
@@ -869,9 +1025,9 @@ do_syncrep2(
break;
} else {
- Debug( LDAP_DEBUG_ANY, "do_syncrep2 : "
+ Debug( LDAP_DEBUG_ANY, "do_syncrep2: %s "
"unknown intermediate response (%d)\n",
- rc, 0, 0 );
+ si->si_ridtxt, rc, 0 );
ldap_memfree( retoid );
ber_bvfree( retdata );
break;
@@ -879,12 +1035,12 @@ do_syncrep2(
break;
default:
- Debug( LDAP_DEBUG_ANY, "do_syncrep2 : "
- "unknown message\n", 0, 0, 0 );
+ Debug( LDAP_DEBUG_ANY, "do_syncrep2: %s "
+ "unknown message\n", si->si_ridtxt, 0, 0 );
break;
}
- if ( !BER_BVISNULL( &syncCookie.octet_str )) {
+ if ( !BER_BVISNULL( &syncCookie.octet_str ) ) {
slap_sync_cookie_free( &syncCookie_req, 0 );
slap_dup_sync_cookie( &syncCookie_req, &syncCookie );
slap_sync_cookie_free( &syncCookie, 0 );
@@ -901,7 +1057,7 @@ do_syncrep2(
errstr = ldap_err2string( rc );
Debug( LDAP_DEBUG_ANY,
- "do_syncrep2 : %s\n", errstr, 0, 0 );
+ "do_syncrep2: %s %s\n", si->si_ridtxt, errstr, 0 );
}
done:
@@ -940,14 +1096,14 @@ do_syncrepl(
int i, defer = 1;
Backend *be;
- Debug( LDAP_DEBUG_TRACE, "=>do_syncrepl\n", 0, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, "=>do_syncrepl %s\n", si->si_ridtxt, 0, 0 );
if ( si == NULL )
return NULL;
ldap_pvt_thread_mutex_lock( &si->si_mutex );
- switch( abs( si->si_type )) {
+ switch( abs( si->si_type ) ) {
case LDAP_SYNC_REFRESH_ONLY:
case LDAP_SYNC_REFRESH_AND_PERSIST:
break;
@@ -981,6 +1137,17 @@ do_syncrepl(
op->o_bd = be = si->si_be;
op->o_dn = op->o_bd->be_rootdn;
op->o_ndn = op->o_bd->be_rootndn;
+ if ( !si->si_schemachecking )
+ op->o_no_schema_check = 1;
+
+ /* If we're glued, send writes through the glue parent */
+ if ( !si->si_wbe ) {
+ if ( SLAP_GLUE_SUBORDINATE( be )) {
+ si->si_wbe = select_backend( &be->be_nsuffix[0], 0, 1 );
+ } else {
+ si->si_wbe = be;
+ }
+ }
/* Establish session, do search */
if ( !si->si_ld ) {
@@ -1000,6 +1167,13 @@ reload:
goto reload;
}
+ /* We got deleted while running on cn=config */
+ if ( !si->si_ctype ) {
+ if ( si->si_conn_setup )
+ dostop = 1;
+ rc = -1;
+ }
+
if ( abs(si->si_type) == LDAP_SYNC_REFRESH_AND_PERSIST ) {
/* If we succeeded, enable the connection for further listening.
* If we failed, tear down the connection and reschedule.
@@ -1028,7 +1202,7 @@ reload:
*/
ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
- if ( ldap_pvt_runqueue_isrunning( &slapd_rq, rtask )) {
+ if ( ldap_pvt_runqueue_isrunning( &slapd_rq, rtask ) ) {
ldap_pvt_runqueue_stoptask( &slapd_rq, rtask );
}
@@ -1054,7 +1228,8 @@ reload:
break;
}
- if ( !si->si_retrynum || si->si_retrynum[i] == RETRYNUM_TAIL ) {
+ if ( !si->si_ctype
+ || !si->si_retrynum || si->si_retrynum[i] == RETRYNUM_TAIL ) {
ldap_pvt_runqueue_remove( &slapd_rq, rtask );
} else if ( RETRYNUM_VALID( si->si_retrynum[i] ) ) {
if ( si->si_retrynum[i] > 0 )
@@ -1068,6 +1243,25 @@ reload:
ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
ldap_pvt_thread_mutex_unlock( &si->si_mutex );
+ /* Do final delete cleanup */
+ if ( !si->si_ctype ) {
+ cookie_state *cs = NULL;
+ syncinfo_t **sip;
+
+ cs = be->be_syncinfo->si_cookieState;
+ for ( sip = &be->be_syncinfo; *sip != si; sip = &(*sip)->si_next );
+ *sip = si->si_next;
+ syncinfo_free( si, 0 );
+ if ( !be->be_syncinfo ) {
+ SLAP_DBFLAGS( be ) &= ~(SLAP_DBFLAG_SHADOW|SLAP_DBFLAG_SYNC_SHADOW);
+ if ( cs ) {
+ ch_free( cs->cs_sids );
+ ber_bvarray_free( cs->cs_vals );
+ ldap_pvt_thread_mutex_destroy( &cs->cs_mutex );
+ ch_free( cs );
+ }
+ }
+ }
return NULL;
}
@@ -1100,20 +1294,28 @@ syncrepl_accesslog_mods(
bv = vals[i];
colon = ber_bvchr( &bv, ':' );
- if ( !colon )
- continue; /* invalid */
+ if ( !colon ) {
+ /* Invalid */
+ continue;
+ }
+
bv.bv_len = colon - bv.bv_val;
- if ( slap_bv2ad( &bv, &ad, &text )) {
+ if ( slap_bv2ad( &bv, &ad, &text ) ) {
/* Invalid */
continue;
}
+
/* Ignore dynamically generated attrs */
- if ( ad->ad_type->sat_flags & SLAP_AT_DYNAMIC )
+ if ( ad->ad_type->sat_flags & SLAP_AT_DYNAMIC ) {
continue;
+ }
+
/* Ignore excluded attrs */
if ( ldap_charray_inlist( si->si_exattrs,
- ad->ad_type->sat_cname.bv_val ))
+ ad->ad_type->sat_cname.bv_val ) )
+ {
continue;
+ }
switch(colon[1]) {
case '+': op = LDAP_MOD_ADD; break;
@@ -1124,7 +1326,7 @@ syncrepl_accesslog_mods(
}
if ( !mod || ad != mod->sml_desc || op != mod->sml_op ) {
- mod = (Modifications *) ch_malloc( sizeof( Modifications ));
+ mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
mod->sml_flags = 0;
mod->sml_op = op;
mod->sml_next = NULL;
@@ -1177,11 +1379,12 @@ syncrepl_message_to_op(
struct berval rdn = BER_BVNULL, sup = BER_BVNULL,
prdn = BER_BVNULL, nrdn = BER_BVNULL,
psup = BER_BVNULL, nsup = BER_BVNULL;
- int rc, deleteOldRdn = 0;
+ int rc, deleteOldRdn = 0, freeReqDn = 0;
if ( ldap_msgtype( msg ) != LDAP_RES_SEARCH_ENTRY ) {
- Debug( LDAP_DEBUG_ANY,
- "Message type should be entry (%d)", ldap_msgtype( msg ), 0, 0 );
+ Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_op: %s "
+ "Message type should be entry (%d)",
+ si->si_ridtxt, ldap_msgtype( msg ), 0 );
return -1;
}
@@ -1194,57 +1397,63 @@ syncrepl_message_to_op(
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY,
- "syncrepl_message_to_op : dn get failed (%d)", rc, 0, 0 );
+ "syncrepl_message_to_op: %s dn get failed (%d)",
+ si->si_ridtxt, rc, 0 );
return rc;
}
op->o_tag = LBER_DEFAULT;
+ op->o_bd = si->si_wbe;
- while (( rc = ldap_get_attribute_ber( si->si_ld, msg, ber, &bv, &bvals ))
+ while (( rc = ldap_get_attribute_ber( si->si_ld, msg, ber, &bv, &bvals ) )
== LDAP_SUCCESS ) {
if ( bv.bv_val == NULL )
break;
- if ( !ber_bvstrcasecmp( &bv, &ls->ls_dn )) {
+ if ( !ber_bvstrcasecmp( &bv, &ls->ls_dn ) ) {
bdn = bvals[0];
dnPrettyNormal( NULL, &bdn, &dn, &ndn, op->o_tmpmemctx );
ber_dupbv( &op->o_req_dn, &dn );
ber_dupbv( &op->o_req_ndn, &ndn );
slap_sl_free( ndn.bv_val, op->o_tmpmemctx );
slap_sl_free( dn.bv_val, op->o_tmpmemctx );
- } else if ( !ber_bvstrcasecmp( &bv, &ls->ls_req )) {
+ freeReqDn = 1;
+ } else if ( !ber_bvstrcasecmp( &bv, &ls->ls_req ) ) {
int i = verb_to_mask( bvals[0].bv_val, modops );
if ( i < 0 ) {
Debug( LDAP_DEBUG_ANY,
- "syncrepl_message_to_op : unknown op %s",
- bvals[0].bv_val, 0, 0 );
+ "syncrepl_message_to_op: %s unknown op %s",
+ si->si_ridtxt, bvals[0].bv_val, 0 );
ch_free( bvals );
rc = -1;
goto done;
}
op->o_tag = modops[i].mask;
- } else if ( !ber_bvstrcasecmp( &bv, &ls->ls_mod )) {
+ } else if ( !ber_bvstrcasecmp( &bv, &ls->ls_mod ) ) {
/* Parse attribute into modlist */
- if ( si->si_syncdata == SYNCDATA_ACCESSLOG )
+ if ( si->si_syncdata == SYNCDATA_ACCESSLOG ) {
modlist = syncrepl_accesslog_mods( si, bvals );
- else
+ } else {
modlist = syncrepl_changelog_mods( si, bvals );
- } else if ( !ber_bvstrcasecmp( &bv, &ls->ls_newRdn )) {
+ }
+ } else if ( !ber_bvstrcasecmp( &bv, &ls->ls_newRdn ) ) {
rdn = bvals[0];
- } else if ( !ber_bvstrcasecmp( &bv, &ls->ls_delRdn )) {
- if ( !ber_bvstrcasecmp( &slap_true_bv, bvals ))
+ } else if ( !ber_bvstrcasecmp( &bv, &ls->ls_delRdn ) ) {
+ if ( !ber_bvstrcasecmp( &slap_true_bv, bvals ) ) {
deleteOldRdn = 1;
- } else if ( !ber_bvstrcasecmp( &bv, &ls->ls_newSup )) {
+ }
+ } else if ( !ber_bvstrcasecmp( &bv, &ls->ls_newSup ) ) {
sup = bvals[0];
} else if ( !ber_bvstrcasecmp( &bv,
- &slap_schema.si_ad_entryCSN->ad_cname )) {
+ &slap_schema.si_ad_entryCSN->ad_cname ) )
+ {
slap_queue_csn( op, bvals );
}
ch_free( bvals );
}
/* If we didn't get a mod type or a target DN, bail out */
- if ( op->o_tag == LBER_DEFAULT || BER_BVISNULL( &dn )) {
+ if ( op->o_tag == LBER_DEFAULT || BER_BVISNULL( &dn ) ) {
rc = -1;
goto done;
}
@@ -1258,47 +1467,57 @@ syncrepl_message_to_op(
/* If we didn't get required data, bail */
if ( !modlist ) goto done;
- rc = slap_mods_check( modlist, &text, txtbuf, textlen, NULL );
+ rc = slap_mods_check( op, modlist, &text, txtbuf, textlen, NULL );
if ( rc != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_op: mods check (%s)\n",
- text, 0, 0 );
+ Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_op: %s "
+ "mods check (%s)\n",
+ si->si_ridtxt, text, 0 );
goto done;
}
if ( op->o_tag == LDAP_REQ_ADD ) {
- op->ora_e = entry_alloc();
+ Entry *e = entry_alloc();
+ op->ora_e = e;
op->ora_e->e_name = op->o_req_dn;
op->ora_e->e_nname = op->o_req_ndn;
+ freeReqDn = 0;
rc = slap_mods2entry( modlist, &op->ora_e, 1, 0, &text, txtbuf, textlen);
if( rc != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_op: mods2entry (%s)\n",
- text, 0, 0 );
+ Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_op: %s "
+ "mods2entry (%s)\n",
+ si->si_ridtxt, text, 0 );
} else {
rc = op->o_bd->be_add( op, &rs );
Debug( LDAP_DEBUG_SYNC,
- "syncrepl_message_to_op: be_add %s (%d)\n",
- op->o_req_dn.bv_val, rc, 0 );
+ "syncrepl_message_to_op: %s be_add %s (%d)\n",
+ si->si_ridtxt, op->o_req_dn.bv_val, rc );
}
- be_entry_release_w( op, op->ora_e );
+ if ( e == op->ora_e )
+ be_entry_release_w( op, op->ora_e );
} else {
op->orm_modlist = modlist;
+ op->o_bd = si->si_wbe;
rc = op->o_bd->be_modify( op, &rs );
- Debug( LDAP_DEBUG_SYNC,
- "syncrepl_message_to_op: be_modify %s (%d)\n",
- op->o_req_dn.bv_val, rc, 0 );
+ Debug( rc ? LDAP_DEBUG_ANY : LDAP_DEBUG_SYNC,
+ "syncrepl_message_to_op: %s be_modify %s (%d)\n",
+ si->si_ridtxt, op->o_req_dn.bv_val, rc );
+ op->o_bd = si->si_be;
}
break;
case LDAP_REQ_MODRDN:
- if ( BER_BVISNULL( &rdn )) goto done;
+ if ( BER_BVISNULL( &rdn ) ) goto done;
- if ( rdnPretty( NULL, &rdn, &prdn, NULL ))
+ if ( rdnPretty( NULL, &rdn, &prdn, NULL ) ) {
goto done;
- if ( rdnNormalize( 0, NULL, NULL, &rdn, &nrdn, NULL ))
+ }
+ if ( rdnNormalize( 0, NULL, NULL, &rdn, &nrdn, NULL ) ) {
goto done;
- if ( !BER_BVISNULL( &sup )) {
- if ( dnPrettyNormal( NULL, &sup, &psup, &nsup, NULL ))
+ }
+ if ( !BER_BVISNULL( &sup ) ) {
+ if ( dnPrettyNormal( NULL, &sup, &psup, &nsup, NULL ) ) {
goto done;
+ }
op->orr_newSup = &psup;
op->orr_nnewSup = ⊅
} else {
@@ -1309,36 +1528,59 @@ syncrepl_message_to_op(
op->orr_nnewrdn = nrdn;
op->orr_deleteoldrdn = deleteOldRdn;
op->orr_modlist = NULL;
- if ( slap_modrdn2mods( op, &rs ))
+ if ( slap_modrdn2mods( op, &rs ) ) {
goto done;
+ }
+
+ /* Append modlist for operational attrs */
+ {
+ Modifications *m;
+
+ for ( m = op->orr_modlist; m->sml_next; m = m->sml_next )
+ ;
+ m->sml_next = modlist;
+ modlist = NULL;
+ }
rc = op->o_bd->be_modrdn( op, &rs );
slap_mods_free( op->orr_modlist, 1 );
- Debug( LDAP_DEBUG_SYNC,
- "syncrepl_message_to_op: be_modrdn %s (%d)\n",
- op->o_req_dn.bv_val, rc, 0 );
+ Debug( rc ? LDAP_DEBUG_ANY : LDAP_DEBUG_SYNC,
+ "syncrepl_message_to_op: %s be_modrdn %s (%d)\n",
+ si->si_ridtxt, op->o_req_dn.bv_val, rc );
break;
case LDAP_REQ_DELETE:
rc = op->o_bd->be_delete( op, &rs );
- Debug( LDAP_DEBUG_SYNC,
- "syncrepl_message_to_op: be_delete %s (%d)\n",
- op->o_req_dn.bv_val, rc, 0 );
+ Debug( rc ? LDAP_DEBUG_ANY : LDAP_DEBUG_SYNC,
+ "syncrepl_message_to_op: %s be_delete %s (%d)\n",
+ si->si_ridtxt, op->o_req_dn.bv_val, rc );
break;
}
done:
slap_graduate_commit_csn( op );
- if ( modlist )
+ op->o_bd = si->si_be;
+ op->o_tmpfree( op->o_csn.bv_val, op->o_tmpmemctx );
+ BER_BVZERO( &op->o_csn );
+ if ( modlist ) {
slap_mods_free( modlist, op->o_tag != LDAP_REQ_ADD );
- if ( !BER_BVISNULL( &rdn )) {
- if ( !BER_BVISNULL( &nsup ))
+ }
+ if ( !BER_BVISNULL( &rdn ) ) {
+ if ( !BER_BVISNULL( &nsup ) ) {
ch_free( nsup.bv_val );
- if ( !BER_BVISNULL( &psup ))
+ }
+ if ( !BER_BVISNULL( &psup ) ) {
ch_free( psup.bv_val );
- if ( !BER_BVISNULL( &nrdn ))
+ }
+ if ( !BER_BVISNULL( &nrdn ) ) {
ch_free( nrdn.bv_val );
- if ( !BER_BVISNULL( &prdn ))
+ }
+ if ( !BER_BVISNULL( &prdn ) ) {
ch_free( prdn.bv_val );
+ }
+ }
+ if ( freeReqDn ) {
+ ch_free( op->o_req_ndn.bv_val );
+ ch_free( op->o_req_dn.bv_val );
}
- ber_free ( ber, 0 );
+ ber_free( ber, 0 );
return rc;
}
@@ -1362,36 +1604,31 @@ syncrepl_message_to_entry(
char txtbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof txtbuf;
- struct berval bdn = {0, NULL}, dn, ndn;
- int rc;
+ struct berval bdn = BER_BVNULL, dn, ndn;
+ int rc, is_ctx;
*modlist = NULL;
if ( ldap_msgtype( msg ) != LDAP_RES_SEARCH_ENTRY ) {
- Debug( LDAP_DEBUG_ANY,
- "Message type should be entry (%d)", ldap_msgtype( msg ), 0, 0 );
+ Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_entry: %s "
+ "Message type should be entry (%d)",
+ si->si_ridtxt, ldap_msgtype( msg ), 0 );
return -1;
}
op->o_tag = LDAP_REQ_ADD;
rc = ldap_get_dn_ber( si->si_ld, msg, &ber, &bdn );
-
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY,
- "syncrepl_message_to_entry : dn get failed (%d)", rc, 0, 0 );
+ "syncrepl_message_to_entry: %s dn get failed (%d)",
+ si->si_ridtxt, rc, 0 );
return rc;
}
- dnPrettyNormal( NULL, &bdn, &dn, &ndn, op->o_tmpmemctx );
- ber_dupbv( &op->o_req_dn, &dn );
- ber_dupbv( &op->o_req_ndn, &ndn );
- slap_sl_free( ndn.bv_val, op->o_tmpmemctx );
- slap_sl_free( dn.bv_val, op->o_tmpmemctx );
-
if ( syncstate == LDAP_SYNC_PRESENT || syncstate == LDAP_SYNC_DELETE ) {
- if ( entry )
- *entry = NULL;
+ /* NOTE: this could be done even before decoding the DN,
+ * although encoding errors wouldn't be detected */
return LDAP_SUCCESS;
}
@@ -1399,6 +1636,14 @@ syncrepl_message_to_entry(
return -1;
}
+ dnPrettyNormal( NULL, &bdn, &dn, &ndn, op->o_tmpmemctx );
+ ber_dupbv( &op->o_req_dn, &dn );
+ ber_dupbv( &op->o_req_ndn, &ndn );
+ slap_sl_free( ndn.bv_val, op->o_tmpmemctx );
+ slap_sl_free( dn.bv_val, op->o_tmpmemctx );
+
+ is_ctx = dn_match( &op->o_req_ndn, &op->o_bd->be_nsuffix[0] );
+
e = entry_alloc();
e->e_name = op->o_req_dn;
e->e_nname = op->o_req_ndn;
@@ -1410,7 +1655,16 @@ syncrepl_message_to_entry(
break;
}
- mod = (Modifications *) ch_malloc( sizeof( Modifications ));
+ /* Drop all updates to the contextCSN of the context entry
+ * (ITS#4622, etc.)
+ */
+ if ( is_ctx && !strcasecmp( tmp.sml_type.bv_val,
+ slap_schema.si_ad_contextCSN->ad_cname.bv_val )) {
+ ber_bvarray_free( tmp.sml_values );
+ continue;
+ }
+
+ mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
mod->sml_op = LDAP_MOD_REPLACE;
mod->sml_flags = 0;
@@ -1425,17 +1679,17 @@ syncrepl_message_to_entry(
}
if ( *modlist == NULL ) {
- Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_entry: no attributes\n",
- 0, 0, 0 );
+ Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_entry: %s no attributes\n",
+ si->si_ridtxt, 0, 0 );
rc = -1;
goto done;
}
- rc = slap_mods_check( *modlist, &text, txtbuf, textlen, NULL );
+ rc = slap_mods_check( op, *modlist, &text, txtbuf, textlen, NULL );
if ( rc != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_entry: mods check (%s)\n",
- text, 0, 0 );
+ Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_entry: %s mods check (%s)\n",
+ si->si_ridtxt, text, 0 );
goto done;
}
@@ -1455,7 +1709,8 @@ syncrepl_message_to_entry(
for ( modtail = modlist; *modtail ; ) {
mod = *modtail;
if ( ldap_charray_inlist( si->si_exattrs,
- mod->sml_desc->ad_type->sat_cname.bv_val )) {
+ mod->sml_desc->ad_type->sat_cname.bv_val ) )
+ {
*modtail = mod->sml_next;
slap_mod_free( &mod->sml_mod, 0 );
ch_free( mod );
@@ -1463,15 +1718,15 @@ syncrepl_message_to_entry(
modtail = &mod->sml_next;
}
}
-
+
rc = slap_mods2entry( *modlist, &e, 1, 1, &text, txtbuf, textlen);
if( rc != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_entry: mods2entry (%s)\n",
- text, 0, 0 );
+ Debug( LDAP_DEBUG_ANY, "syncrepl_message_to_entry: %s mods2entry (%s)\n",
+ si->si_ridtxt, text, 0 );
}
done:
- ber_free ( ber, 0 );
+ ber_free( ber, 0 );
if ( rc != LDAP_SUCCESS ) {
if ( e ) {
entry_free( e );
@@ -1500,17 +1755,18 @@ static struct berval generic_filterstr = BER_BVC("(objectclass=*)");
* the new ones. This avoids the issue of trying to delete/add a non-leaf
* entry.
*
- * We don't try to otherwise distinguish ModDN from Modify; in the case of
- * a ModDN we will issue both operations on the local database.
+ * We otherwise distinguish ModDN from Modify; in the case of
+ * a ModDN we just use the CSN, modifyTimestamp and modifiersName
+ * operational attributes from the entry, and do a regular ModDN.
*/
typedef struct dninfo {
Entry *new_entry;
struct berval dn;
struct berval ndn;
int renamed; /* Was an existing entry renamed? */
- int wasChanged; /* are the attributes changed? */
- int attrs; /* how many attribute types are in the ads list */
- AttributeDescription **ads;
+ int delOldRDN; /* Was old RDN deleted? */
+ Modifications **modlist; /* the modlist we received */
+ Modifications *mods; /* the modlist we compared */
} dninfo;
static int
@@ -1520,9 +1776,7 @@ syncrepl_entry(
Entry* entry,
Modifications** modlist,
int syncstate,
- struct berval* syncUUID,
- struct sync_cookie* syncCookie_req,
- struct berval* syncCSN )
+ struct berval* syncUUID )
{
Backend *be = op->o_bd;
slap_callback cb = { NULL, NULL, NULL, NULL };
@@ -1548,36 +1802,40 @@ syncrepl_entry(
switch( syncstate ) {
case LDAP_SYNC_PRESENT:
- Debug( LDAP_DEBUG_SYNC, "%s: %s\n",
- "syncrepl_entry",
+ Debug( LDAP_DEBUG_SYNC, "syncrepl_entry: %s %s\n",
+ si->si_ridtxt,
"LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_PRESENT)", 0 );
break;
case LDAP_SYNC_ADD:
- Debug( LDAP_DEBUG_SYNC, "%s: %s\n",
- "syncrepl_entry",
+ Debug( LDAP_DEBUG_SYNC, "syncrepl_entry: %s %s\n",
+ si->si_ridtxt,
"LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)", 0 );
break;
case LDAP_SYNC_DELETE:
- Debug( LDAP_DEBUG_SYNC, "%s: %s\n",
- "syncrepl_entry",
+ Debug( LDAP_DEBUG_SYNC, "syncrepl_entry: %s %s\n",
+ si->si_ridtxt,
"LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_DELETE)", 0 );
break;
case LDAP_SYNC_MODIFY:
- Debug( LDAP_DEBUG_SYNC, "%s: %s\n",
- "syncrepl_entry",
+ Debug( LDAP_DEBUG_SYNC, "syncrepl_entry: %s %s\n",
+ si->si_ridtxt,
"LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_MODIFY)", 0 );
break;
default:
- Debug( LDAP_DEBUG_ANY, "%s: %s\n",
- "syncrepl_entry",
+ Debug( LDAP_DEBUG_ANY, "syncrepl_entry: %s %s\n",
+ si->si_ridtxt,
"LDAP_RES_SEARCH_ENTRY(UNKNOWN syncstate)", 0 );
}
- if (( syncstate == LDAP_SYNC_PRESENT || syncstate == LDAP_SYNC_ADD )) {
+ if (( syncstate == LDAP_SYNC_PRESENT || syncstate == LDAP_SYNC_ADD ) ) {
if ( !si->si_refreshPresent ) {
syncuuid_bv = ber_dupbv( NULL, syncUUID );
- avl_insert( &si->si_presentlist, (caddr_t) syncuuid_bv,
- syncuuid_cmp, avl_dup_error );
+ if ( avl_insert( &si->si_presentlist, (caddr_t) syncuuid_bv,
+ syncuuid_cmp, avl_dup_error ) )
+ {
+ ber_bvfree( syncuuid_bv );
+ syncuuid_bv = NULL;
+ }
}
}
@@ -1589,15 +1847,34 @@ syncrepl_entry(
}
}
+ (void)slap_uuidstr_from_normalized( &syncUUID_strrep, syncUUID, op->o_tmpmemctx );
+ if ( syncstate != LDAP_SYNC_DELETE ) {
+ Attribute *a = attr_find( entry->e_attrs, slap_schema.si_ad_entryUUID );
+
+ if ( a == NULL ) {
+ /* add if missing */
+ attr_merge_one( entry, slap_schema.si_ad_entryUUID,
+ &syncUUID_strrep, syncUUID );
+
+ } else if ( !bvmatch( &a->a_nvals[0], syncUUID ) ) {
+ /* replace only if necessary */
+ if ( a->a_nvals != a->a_vals ) {
+ ber_memfree( a->a_nvals[0].bv_val );
+ ber_dupbv( &a->a_nvals[0], syncUUID );
+ }
+ ber_memfree( a->a_vals[0].bv_val );
+ ber_dupbv( &a->a_vals[0], &syncUUID_strrep );
+ }
+ }
+
f.f_choice = LDAP_FILTER_EQUALITY;
f.f_ava = &ava;
ava.aa_desc = slap_schema.si_ad_entryUUID;
ava.aa_value = *syncUUID;
- (void)slap_uuidstr_from_normalized( &syncUUID_strrep, syncUUID, op->o_tmpmemctx );
if ( syncuuid_bv ) {
- Debug( LDAP_DEBUG_SYNC, "syncrepl_entry: inserted UUID %s\n",
- syncUUID_strrep.bv_val, 0, 0 );
+ Debug( LDAP_DEBUG_SYNC, "syncrepl_entry: %s inserted UUID %s\n",
+ si->si_ridtxt, syncUUID_strrep.bv_val, 0 );
}
op->ors_filter = &f;
@@ -1630,12 +1907,13 @@ syncrepl_entry(
cb.sc_response = dn_callback;
cb.sc_private = &dni;
dni.new_entry = entry;
+ dni.modlist = modlist;
if ( limits_check( op, &rs_search ) == 0 ) {
rc = be->be_search( op, &rs_search );
Debug( LDAP_DEBUG_SYNC,
- "syncrepl_entry: %s (%d)\n",
- "be_search", rc, 0 );
+ "syncrepl_entry: %s be_search (%d)\n",
+ si->si_ridtxt, rc, 0 );
}
if ( !BER_BVISNULL( &op->ors_filterstr ) ) {
@@ -1647,47 +1925,12 @@ syncrepl_entry(
if ( entry && !BER_BVISNULL( &entry->e_name ) ) {
Debug( LDAP_DEBUG_SYNC,
- "syncrepl_entry: %s\n",
- entry->e_name.bv_val, 0, 0 );
+ "syncrepl_entry: %s %s\n",
+ si->si_ridtxt, entry->e_name.bv_val, 0 );
} else {
Debug( LDAP_DEBUG_SYNC,
- "syncrepl_entry: %s\n",
- dni.dn.bv_val ? dni.dn.bv_val : "(null)", 0, 0 );
- }
-
- if ( syncstate != LDAP_SYNC_DELETE ) {
- Attribute *a = attr_find( entry->e_attrs, slap_schema.si_ad_entryUUID );
-
- if ( a == NULL ) {
- /* add if missing */
- attr_merge_one( entry, slap_schema.si_ad_entryUUID,
- &syncUUID_strrep, syncUUID );
-
- } else if ( !bvmatch( &a->a_nvals[0], syncUUID ) ) {
- /* replace only if necessary */
- if ( a->a_nvals != a->a_vals ) {
- ber_memfree( a->a_nvals[0].bv_val );
- ber_dupbv( &a->a_nvals[0], syncUUID );
- }
- ber_memfree( a->a_vals[0].bv_val );
- ber_dupbv( &a->a_vals[0], &syncUUID_strrep );
- }
- /* Don't save the contextCSN on the inooming context entry,
- * we'll write it when syncrepl_updateCookie eventually
- * gets called. (ITS#4622)
- */
- if ( syncstate == LDAP_SYNC_ADD && dn_match( &entry->e_nname,
- &be->be_nsuffix[0] )) {
- Attribute **ap;
- for ( ap = &entry->e_attrs; *ap; ap=&(*ap)->a_next ) {
- a = *ap;
- if ( a->a_desc == slap_schema.si_ad_contextCSN ) {
- *ap = a->a_next;
- attr_free( a );
- break;
- }
- }
- }
+ "syncrepl_entry: %s %s\n",
+ si->si_ridtxt, dni.dn.bv_val ? dni.dn.bv_val : "(null)", 0 );
}
slap_op_time( &op->o_time, &op->o_tincr );
@@ -1707,20 +1950,23 @@ syncrepl_entry(
}
}
retry_add:;
- if ( BER_BVISNULL( &dni.dn )) {
+ if ( BER_BVISNULL( &dni.dn ) ) {
op->o_req_dn = entry->e_name;
op->o_req_ndn = entry->e_nname;
op->o_tag = LDAP_REQ_ADD;
op->ora_e = entry;
+ op->o_bd = si->si_wbe;
- rc = be->be_add( op, &rs_add );
+ rc = op->o_bd->be_add( op, &rs_add );
Debug( LDAP_DEBUG_SYNC,
- "syncrepl_entry: %s (%d)\n",
- "be_add", rc, 0 );
+ "syncrepl_entry: %s be_add (%d)\n",
+ si->si_ridtxt, rc, 0 );
switch ( rs_add.sr_err ) {
case LDAP_SUCCESS:
- be_entry_release_w( op, entry );
+ if ( op->ora_e == entry ) {
+ be_entry_release_w( op, entry );
+ }
entry = NULL;
break;
@@ -1745,6 +1991,7 @@ retry_add:;
SlapReply rs2 = { 0 };
slap_callback cb2 = { 0 };
+ op2.o_bd = be;
op2.o_tag = LDAP_REQ_SEARCH;
op2.o_req_dn = entry->e_name;
op2.o_req_ndn = entry->e_nname;
@@ -1776,10 +2023,11 @@ retry_add:;
default:
Debug( LDAP_DEBUG_ANY,
- "syncrepl_entry : be_add failed (%d)\n",
- rs_add.sr_err, 0, 0 );
+ "syncrepl_entry: %s be_add failed (%d)\n",
+ si->si_ridtxt, rs_add.sr_err, 0 );
break;
}
+ op->o_bd = be;
goto done;
}
/* FALLTHRU */
@@ -1794,7 +2042,7 @@ retry_add:;
dnParent( &dni.ndn, &noldp );
dnParent( &entry->e_nname, &nnewp );
- if ( !dn_match( &noldp, &nnewp )) {
+ if ( !dn_match( &noldp, &nnewp ) ) {
dnParent( &entry->e_name, &newp );
op->orr_newSup = &newp;
op->orr_nnewSup = &nnewp;
@@ -1802,9 +2050,9 @@ retry_add:;
op->orr_newSup = NULL;
op->orr_nnewSup = NULL;
}
- op->orr_deleteoldrdn = 0;
+ op->orr_deleteoldrdn = dni.delOldRDN;
op->orr_modlist = NULL;
- if (( rc = slap_modrdn2mods( op, &rs_modify ))) {
+ if ( ( rc = slap_modrdn2mods( op, &rs_modify ) ) ) {
goto done;
}
@@ -1814,100 +2062,88 @@ retry_add:;
noldp = op->orr_nnewrdn;
ber_dupbv_x( &op->orr_nnewrdn, &noldp, op->o_tmpmemctx );
- rc = be->be_modrdn( op, &rs_modify );
+ /* Setup opattrs too */
+ {
+ AttributeDescription *opattrs[] = {
+ slap_schema.si_ad_entryCSN,
+ slap_schema.si_ad_modifiersName,
+ slap_schema.si_ad_modifyTimestamp,
+ NULL
+ };
+ Modifications *mod, **modtail, **ml;
+ int i;
+
+ for ( mod = op->orr_modlist;
+ mod->sml_next;
+ mod = mod->sml_next )
+ ;
+ modtail = &mod->sml_next;
+
+ /* pull mod off incoming modlist, append to orr_modlist */
+ for ( i = 0; opattrs[i]; i++ ) {
+ for ( ml = modlist; *ml; ml = &(*ml)->sml_next )
+ {
+ if ( (*ml)->sml_desc == opattrs[i] ) {
+ mod = *ml;
+ *ml = mod->sml_next;
+ mod->sml_next = NULL;
+ *modtail = mod;
+ modtail = &mod->sml_next;
+ break;
+ }
+ }
+ }
+ }
+ op->o_bd = si->si_wbe;
+ rc = op->o_bd->be_modrdn( op, &rs_modify );
op->o_tmpfree( op->orr_nnewrdn.bv_val, op->o_tmpmemctx );
op->o_tmpfree( op->orr_newrdn.bv_val, op->o_tmpmemctx );
slap_mods_free( op->orr_modlist, 1 );
Debug( LDAP_DEBUG_SYNC,
- "syncrepl_entry: %s (%d)\n",
- "be_modrdn", rc, 0 );
- if ( rs_modify.sr_err == LDAP_SUCCESS ) {
- op->o_req_dn = entry->e_name;
- op->o_req_ndn = entry->e_nname;
- } else {
- goto done;
- }
- if ( dni.wasChanged )
- slap_op_time( &op->o_time, &op->o_tincr );
+ "syncrepl_entry: %s be_modrdn (%d)\n",
+ si->si_ridtxt, rc, 0 );
+ op->o_bd = be;
+ goto done;
}
- if ( dni.wasChanged ) {
- Modifications *mod, *modhead = NULL;
- Modifications *modtail = NULL;
- int i;
-
+ if ( dni.mods ) {
op->o_tag = LDAP_REQ_MODIFY;
+ op->orm_modlist = dni.mods;
+ op->orm_no_opattrs = 1;
+ op->o_bd = si->si_wbe;
- assert( *modlist != NULL );
-
- /* Delete all the old attrs */
- for ( i = 0; i < dni.attrs; i++ ) {
- mod = ch_malloc( sizeof( Modifications ) );
- mod->sml_op = LDAP_MOD_DELETE;
- mod->sml_flags = 0;
- mod->sml_desc = dni.ads[i];
- mod->sml_type = mod->sml_desc->ad_cname;
- mod->sml_values = NULL;
- mod->sml_nvalues = NULL;
- if ( !modhead ) modhead = mod;
- if ( modtail ) {
- modtail->sml_next = mod;
- }
- modtail = mod;
- }
-
- /* Append passed in list to ours */
- if ( modtail ) {
- modtail->sml_next = *modlist;
- *modlist = modhead;
- } else {
- mod = *modlist;
- }
-
- /* Find end of this list */
- for ( ; mod != NULL; mod = mod->sml_next ) {
- modtail = mod;
- }
-
- mod = (Modifications *)ch_calloc(1, sizeof(Modifications));
- mod->sml_op = LDAP_MOD_REPLACE;
- mod->sml_flags = 0;
- mod->sml_desc = slap_schema.si_ad_entryUUID;
- mod->sml_type = mod->sml_desc->ad_cname;
- ber_dupbv( &uuid_bv, &syncUUID_strrep );
- ber_bvarray_add( &mod->sml_values, &uuid_bv );
- ber_dupbv( &uuid_bv, syncUUID );
- ber_bvarray_add( &mod->sml_nvalues, &uuid_bv );
- modtail->sml_next = mod;
-
- op->o_tag = LDAP_REQ_MODIFY;
- op->orm_modlist = *modlist;
-
- rc = be->be_modify( op, &rs_modify );
+ rc = op->o_bd->be_modify( op, &rs_modify );
+ slap_mods_free( op->orm_modlist, 1 );
Debug( LDAP_DEBUG_SYNC,
- "syncrepl_entry: %s (%d)\n",
- "be_modify", rc, 0 );
+ "syncrepl_entry: %s be_modify (%d)\n",
+ si->si_ridtxt, rc, 0 );
if ( rs_modify.sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY,
- "syncrepl_entry : be_modify failed (%d)\n",
- rs_modify.sr_err, 0, 0 );
+ "syncrepl_entry: %s be_modify failed (%d)\n",
+ si->si_ridtxt, rs_modify.sr_err, 0 );
}
+ op->o_bd = be;
+ } else {
+ Debug( LDAP_DEBUG_SYNC,
+ "syncrepl_entry: %s entry unchanged, ignored (%s)\n",
+ si->si_ridtxt, op->o_req_dn.bv_val, 0 );
}
goto done;
case LDAP_SYNC_DELETE :
- if ( !BER_BVISNULL( &dni.dn )) {
+ if ( !BER_BVISNULL( &dni.dn ) ) {
op->o_req_dn = dni.dn;
op->o_req_ndn = dni.ndn;
op->o_tag = LDAP_REQ_DELETE;
- rc = be->be_delete( op, &rs_delete );
+ op->o_bd = si->si_wbe;
+ rc = op->o_bd->be_delete( op, &rs_delete );
Debug( LDAP_DEBUG_SYNC,
- "syncrepl_entry: %s (%d)\n",
- "be_delete", rc, 0 );
+ "syncrepl_entry: %s be_delete (%d)\n",
+ si->si_ridtxt, rc, 0 );
while ( rs_delete.sr_err == LDAP_SUCCESS
&& op->o_delete_glue_parent ) {
op->o_delete_glue_parent = 0;
- if ( !be_issuffix( op->o_bd, &op->o_req_ndn )) {
+ if ( !be_issuffix( be, &op->o_req_ndn ) ) {
slap_callback cb = { NULL };
cb.sc_response = slap_null_cb;
dnParent( &op->o_req_ndn, &pdn );
@@ -1919,12 +2155,13 @@ retry_add:;
break;
}
}
+ op->o_bd = be;
}
goto done;
default :
Debug( LDAP_DEBUG_ANY,
- "syncrepl_entry : unknown syncstate\n", 0, 0, 0 );
+ "syncrepl_entry: %s unknown syncstate\n", si->si_ridtxt, 0, 0 );
goto done;
}
@@ -1933,9 +2170,6 @@ done:
slap_sl_free( syncUUID_strrep.bv_val, op->o_tmpmemctx );
BER_BVZERO( &syncUUID_strrep );
}
- if ( dni.ads ) {
- op->o_tmpfree( dni.ads, op->o_tmpmemctx );
- }
if ( !BER_BVISNULL( &dni.ndn ) ) {
op->o_tmpfree( dni.ndn.bv_val, op->o_tmpmemctx );
}
@@ -2014,6 +2248,7 @@ syncrepl_del_nonpresent(
slap_uuidstr_from_normalized( &uf.f_av_value, &uuids[i],
op->o_tmpmemctx );
filter2bv_x( op, op->ors_filter, &op->ors_filterstr );
+ op->o_tmpfree( uf.f_av_value.bv_val, op->o_tmpmemctx );
uf.f_av_value = uuids[i];
rc = be->be_search( op, &rs_search );
op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
@@ -2040,11 +2275,13 @@ syncrepl_del_nonpresent(
if ( !LDAP_LIST_EMPTY( &si->si_nonpresentlist ) ) {
- if ( cookiecsn && !BER_BVISNULL( cookiecsn ))
+ if ( cookiecsn && !BER_BVISNULL( cookiecsn ) ) {
csn = *cookiecsn;
- else
- csn = si->si_syncCookie.ctxcsn;
+ } else {
+ csn = si->si_syncCookie.ctxcsn[0];
+ }
+ op->o_bd = si->si_wbe;
slap_queue_csn( op, &csn );
np_list = LDAP_LIST_FIRST( &si->si_nonpresentlist );
@@ -2060,8 +2297,8 @@ syncrepl_del_nonpresent(
op->o_req_ndn = *np_prev->npe_nname;
rc = op->o_bd->be_delete( op, &rs_delete );
Debug( LDAP_DEBUG_SYNC,
- "syncrepl_del_nonpresent: be_delete %s (%d)\n",
- op->o_req_dn.bv_val, rc, 0 );
+ "syncrepl_del_nonpresent: %s be_delete %s (%d)\n",
+ si->si_ridtxt, op->o_req_dn.bv_val, rc );
if ( rs_delete.sr_err == LDAP_NOT_ALLOWED_ON_NONLEAF ) {
Modifications mod1, mod2;
@@ -2084,13 +2321,14 @@ syncrepl_del_nonpresent(
op->o_tag = LDAP_REQ_MODIFY;
op->orm_modlist = &mod1;
- rc = be->be_modify( op, &rs_modify );
+ rc = op->o_bd->be_modify( op, &rs_modify );
+ if ( mod2.sml_next ) slap_mods_free( mod2.sml_next, 1 );
}
while ( rs_delete.sr_err == LDAP_SUCCESS &&
op->o_delete_glue_parent ) {
op->o_delete_glue_parent = 0;
- if ( !be_issuffix( op->o_bd, &op->o_req_ndn )) {
+ if ( !be_issuffix( be, &op->o_req_ndn ) ) {
slap_callback cb = { NULL };
cb.sc_response = slap_null_cb;
dnParent( &op->o_req_ndn, &pdn );
@@ -2101,7 +2339,7 @@ syncrepl_del_nonpresent(
op->o_bd->be_delete( op, &rs_delete );
} else {
break;
- }
+ }
}
op->o_delete_glue_parent = 0;
@@ -2112,6 +2350,7 @@ syncrepl_del_nonpresent(
}
slap_graduate_commit_csn( op );
+ op->o_bd = be;
op->o_tmpfree( op->o_csn.bv_val, op->o_tmpmemctx );
BER_BVZERO( &op->o_csn );
@@ -2198,7 +2437,7 @@ syncrepl_add_glue(
a = attr_alloc( slap_schema.si_ad_objectClass );
- a->a_vals = ch_calloc( 3, sizeof( struct berval ));
+ a->a_vals = ch_calloc( 3, sizeof( struct berval ) );
ber_dupbv( &a->a_vals[0], &gcbva[0] );
ber_dupbv( &a->a_vals[1], &gcbva[1] );
ber_dupbv( &a->a_vals[2], &gcbva[2] );
@@ -2210,7 +2449,7 @@ syncrepl_add_glue(
a = attr_alloc( slap_schema.si_ad_structuralObjectClass );
- a->a_vals = ch_calloc( 2, sizeof( struct berval ));
+ a->a_vals = ch_calloc( 2, sizeof( struct berval ) );
ber_dupbv( &a->a_vals[0], &gcbva[1] );
ber_dupbv( &a->a_vals[1], &gcbva[2] );
@@ -2224,7 +2463,8 @@ syncrepl_add_glue(
op->ora_e = glue;
rc = be->be_add ( op, &rs_add );
if ( rs_add.sr_err == LDAP_SUCCESS ) {
- be_entry_release_w( op, glue );
+ if ( op->ora_e == glue )
+ be_entry_release_w( op, glue );
} else {
/* incl. ALREADY EXIST */
entry_free( glue );
@@ -2257,7 +2497,8 @@ syncrepl_add_glue(
op->ora_e = e;
rc = be->be_add ( op, &rs_add );
if ( rs_add.sr_err == LDAP_SUCCESS ) {
- be_entry_release_w( op, e );
+ if ( op->ora_e == e )
+ be_entry_release_w( op, e );
} else {
entry_free( e );
}
@@ -2273,27 +2514,58 @@ syncrepl_updateCookie(
struct sync_cookie *syncCookie )
{
Backend *be = op->o_bd;
- Modifications mod = { { 0 } };
- struct berval vals[ 2 ];
+ Modifications mod[2];
+ struct berval first = BER_BVNULL;
- int rc;
+ int rc, i, j;
slap_callback cb = { NULL };
SlapReply rs_modify = {REP_RESULT};
- mod.sml_op = LDAP_MOD_REPLACE;
- mod.sml_desc = slap_schema.si_ad_contextCSN;
- mod.sml_type = mod.sml_desc->ad_cname;
- mod.sml_values = vals;
- vals[0] = syncCookie->ctxcsn;
- BER_BVZERO( &vals[1] );
-
- slap_queue_csn( op, &syncCookie->ctxcsn );
+ mod[0].sml_op = LDAP_MOD_DELETE;
+ mod[0].sml_desc = slap_schema.si_ad_contextCSN;
+ mod[0].sml_type = mod[0].sml_desc->ad_cname;
+ mod[0].sml_values = NULL;
+ mod[0].sml_nvalues = NULL;
+ mod[0].sml_next = &mod[1];
+
+ mod[1].sml_op = LDAP_MOD_ADD;
+ mod[1].sml_desc = slap_schema.si_ad_contextCSN;
+ mod[1].sml_type = mod[0].sml_desc->ad_cname;
+ mod[1].sml_values = NULL;
+ mod[1].sml_nvalues = NULL;
+ mod[1].sml_next = NULL;
+
+ ldap_pvt_thread_mutex_lock( &si->si_cookieState->cs_mutex );
+
+ for ( i=0; i<syncCookie->numcsns; i++ ) {
+ for ( j=0; j<si->si_cookieState->cs_num; j++ ) {
+ if ( syncCookie->sids[i] != si->si_cookieState->cs_sids[j] )
+ continue;
+ if ( ber_bvcmp( &syncCookie->ctxcsn[i],
+ &si->si_cookieState->cs_vals[j] ) > 0 ) {
+ ber_bvarray_add_x( &mod[0].sml_values,
+ &si->si_cookieState->cs_vals[j], op->o_tmpmemctx );
+ ber_bvarray_add_x( &mod[1].sml_values,
+ &syncCookie->ctxcsn[i], op->o_tmpmemctx );
+ if ( BER_BVISNULL( &first ))
+ first = syncCookie->ctxcsn[i];
+ }
+ break;
+ }
+ /* there was no match for this SID, it's a new CSN */
+ if ( j == si->si_cookieState->cs_num ) {
+ ber_bvarray_add_x( &mod[1].sml_values,
+ &syncCookie->ctxcsn[i], op->o_tmpmemctx );
+ if ( BER_BVISNULL( &first ))
+ first = syncCookie->ctxcsn[i];
+ }
+ }
+ op->o_bd = si->si_wbe;
+ slap_queue_csn( op, &first );
op->o_tag = LDAP_REQ_MODIFY;
- assert( si->si_rid < 1000 );
-
cb.sc_response = null_callback;
cb.sc_private = si;
@@ -2303,26 +2575,191 @@ syncrepl_updateCookie(
/* update contextCSN */
op->o_msgid = SLAP_SYNC_UPDATE_MSGID;
- op->orm_modlist = &mod;
- rc = be->be_modify( op, &rs_modify );
+
+ if ( mod[0].sml_values )
+ op->orm_modlist = mod;
+ else
+ op->orm_modlist = &mod[1];
+
+ op->orm_no_opattrs = 1;
+ rc = op->o_bd->be_modify( op, &rs_modify );
op->o_msgid = 0;
if ( rs_modify.sr_err == LDAP_SUCCESS ) {
slap_sync_cookie_free( &si->si_syncCookie, 0 );
slap_dup_sync_cookie( &si->si_syncCookie, syncCookie );
+ /* If we replaced any old values */
+ if ( mod[0].sml_values ) {
+ for ( i=0; !BER_BVISNULL( &mod[0].sml_values[i] ); i++ ) {
+ for ( j=0; j<si->si_cookieState->cs_num; j++ ) {
+ if ( mod[0].sml_values[i].bv_val !=
+ si->si_cookieState->cs_vals[j].bv_val )
+ continue;
+ ber_bvreplace( &si->si_cookieState->cs_vals[j],
+ &mod[1].sml_values[i] );
+ break;
+ }
+ }
+ } else {
+ /* Else we just added */
+ si->si_cookieState->cs_num += syncCookie->numcsns;
+ value_add( &si->si_cookieState->cs_vals, syncCookie->ctxcsn );
+ free( si->si_cookieState->cs_sids );
+ si->si_cookieState->cs_sids = slap_parse_csn_sids(
+ si->si_cookieState->cs_vals, si->si_cookieState->cs_num );
+ }
+
+ si->si_cookieState->cs_age++;
+ si->si_cookieAge = si->si_cookieState->cs_age;
} else {
Debug( LDAP_DEBUG_ANY,
- "be_modify failed (%d)\n", rs_modify.sr_err, 0, 0 );
+ "syncrepl_updateCookie: %s be_modify failed (%d)\n",
+ si->si_ridtxt, rs_modify.sr_err, 0 );
}
+ ldap_pvt_thread_mutex_unlock( &si->si_cookieState->cs_mutex );
slap_graduate_commit_csn( op );
-
+ op->o_bd = be;
op->o_tmpfree( op->o_csn.bv_val, op->o_tmpmemctx );
BER_BVZERO( &op->o_csn );
+ if ( mod[1].sml_next ) slap_mods_free( mod[1].sml_next, 1 );
+ op->o_tmpfree( mod[1].sml_values, op->o_tmpmemctx );
+ op->o_tmpfree( mod[0].sml_values, op->o_tmpmemctx );
return rc;
}
+static void
+attr_cmp( Operation *op, Attribute *old, Attribute *new,
+ Modifications ***mret, Modifications ***mcur )
+{
+ int i, j;
+ Modifications *mod, **modtail;
+
+ modtail = *mret;
+
+ if ( old ) {
+ int n, o, d, a, *adds, *dels;
+ /* count old and new */
+ for ( o=0; old->a_vals[o].bv_val; o++ ) ;
+ for ( n=0; new->a_vals[n].bv_val; n++ ) ;
+
+ adds = op->o_tmpalloc( sizeof(int) * n, op->o_tmpmemctx );
+ dels = op->o_tmpalloc( sizeof(int) * o, op->o_tmpmemctx );
+ d = 0;
+ a = 0;
+ i = 0;
+ j = 0;
+
+ while ( i < o && j < n ) {
+ int k;
+ if ( bvmatch( &old->a_vals[i], &new->a_vals[j] ) ) {
+ i++;
+ j++;
+ continue;
+ }
+ for ( k = j + 1; k<n; k++ ) {
+ if ( bvmatch( &old->a_vals[i], &new->a_vals[k] ) ) {
+ break;
+ }
+ }
+ /* an old value was deleted */
+ if ( k == n ) {
+ dels[d++] = i++;
+ continue;
+ }
+ for ( k = i + 1; k < o; k++ ) {
+ if ( bvmatch( &old->a_vals[k], &new->a_vals[j] ) ) {
+ break;
+ }
+ }
+ if ( k == o ) {
+ adds[a++] = j++;
+ }
+ }
+ while ( i < o )
+ dels[d++] = i++;
+ while ( j < n )
+ adds[a++] = j++;
+
+ /* all old values were deleted, just use the replace op */
+ if ( d == o ) {
+ i = j-1;
+ } else if ( d ) {
+ /* delete some values */
+ mod = ch_malloc( sizeof( Modifications ) );
+ mod->sml_op = LDAP_MOD_DELETE;
+ mod->sml_flags = 0;
+ mod->sml_desc = old->a_desc;
+ mod->sml_type = mod->sml_desc->ad_cname;
+ mod->sml_values = ch_malloc( ( d + 1 ) * sizeof(struct berval) );
+ if ( old->a_vals != old->a_nvals ) {
+ mod->sml_nvalues = ch_malloc( ( d + 1 ) * sizeof(struct berval) );
+ } else {
+ mod->sml_nvalues = NULL;
+ }
+ for ( i = 0; i < d; i++ ) {
+ ber_dupbv( &mod->sml_values[i], &old->a_vals[dels[i]] );
+ if ( mod->sml_nvalues ) {
+ ber_dupbv( &mod->sml_nvalues[i], &old->a_nvals[dels[i]] );
+ }
+ }
+ BER_BVZERO( &mod->sml_values[i] );
+ if ( mod->sml_nvalues ) {
+ BER_BVZERO( &mod->sml_nvalues[i] );
+ }
+ *modtail = mod;
+ modtail = &mod->sml_next;
+ i = j;
+ }
+ op->o_tmpfree( dels, op->o_tmpmemctx );
+ /* some values were added */
+ if ( a && d < o ) {
+ mod = ch_malloc( sizeof( Modifications ) );
+ mod->sml_op = LDAP_MOD_ADD;
+ mod->sml_flags = 0;
+ mod->sml_desc = old->a_desc;
+ mod->sml_type = mod->sml_desc->ad_cname;
+ mod->sml_values = ch_malloc( ( a + 1 ) * sizeof(struct berval) );
+ if ( old->a_vals != old->a_nvals ) {
+ mod->sml_nvalues = ch_malloc( ( a + 1 ) * sizeof(struct berval) );
+ } else {
+ mod->sml_nvalues = NULL;
+ }
+ for ( i = 0; i < a; i++ ) {
+ ber_dupbv( &mod->sml_values[i], &new->a_vals[adds[i]] );
+ if ( mod->sml_nvalues ) {
+ ber_dupbv( &mod->sml_nvalues[i], &new->a_nvals[adds[i]] );
+ }
+ }
+ BER_BVZERO( &mod->sml_values[i] );
+ if ( mod->sml_nvalues ) {
+ BER_BVZERO( &mod->sml_nvalues[i] );
+ }
+ *modtail = mod;
+ modtail = &mod->sml_next;
+ i = j;
+ }
+ op->o_tmpfree( adds, op->o_tmpmemctx );
+ } else {
+ /* new attr, just use the new mod */
+ i = 0;
+ j = 1;
+ }
+ /* advance to next element */
+ mod = **mcur;
+ if ( mod ) {
+ if ( i != j ) {
+ **mcur = mod->sml_next;
+ *modtail = mod;
+ modtail = &mod->sml_next;
+ } else {
+ *mcur = &mod->sml_next;
+ }
+ }
+ *mret = modtail;
+}
+
static int
dn_callback(
Operation* op,
@@ -2343,72 +2780,130 @@ dn_callback(
* in the provider are always propagated.
*/
if ( dni->new_entry ) {
+ Modifications **modtail, **ml;
Attribute *old, *new;
- int i;
+ int i, is_ctx;
- /* Did the DN change? Note that we don't explicitly try to
- * discover if the deleteOldRdn argument applies here. It
- * would save an unnecessary Modify if we detected it, but
- * that's a fair amount of trouble to compare the two attr
- * lists in detail. (Just test normalized DN; we ignore
- * insignificant changes here.)
+ is_ctx = dn_match( &rs->sr_entry->e_nname,
+ &op->o_bd->be_nsuffix[0] );
+
+ /* Did the DN change?
*/
- if ( !dn_match( &rs->sr_entry->e_nname,
- &dni->new_entry->e_nname ) )
+ if ( !dn_match( &rs->sr_entry->e_name,
+ &dni->new_entry->e_name ) )
{
+ struct berval oldRDN, oldVal;
+ AttributeDescription *ad = NULL;
+ Attribute *a;
+
dni->renamed = 1;
+ /* See if the oldRDN was deleted */
+ dnRdn( &rs->sr_entry->e_nname, &oldRDN );
+ oldVal.bv_val = strchr(oldRDN.bv_val, '=') + 1;
+ oldVal.bv_len = oldRDN.bv_len - ( oldVal.bv_val -
+ oldRDN.bv_val );
+ oldRDN.bv_len -= oldVal.bv_len + 2;
+ slap_bv2ad( &oldRDN, &ad, &rs->sr_text );
+ a = attr_find( dni->new_entry->e_attrs, ad );
+ if ( !a || value_find_ex( ad,
+ SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH |
+ SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
+ SLAP_MR_VALUE_OF_SYNTAX, a->a_nvals,
+ &oldVal, op->o_tmpmemctx ) != LDAP_SUCCESS )
+ {
+ dni->delOldRDN = 1;
+ }
+ /* OK, this was just a modDN, we're done */
+ return LDAP_SUCCESS;
}
- for ( i = 0, old = rs->sr_entry->e_attrs;
- old;
- i++, old = old->a_next )
- ;
-
- dni->attrs = i;
+ modtail = &dni->mods;
+ ml = dni->modlist;
+
+ /* Make sure new entry is actually newer than old entry */
+ old = attr_find( rs->sr_entry->e_attrs,
+ slap_schema.si_ad_entryCSN );
+ new = attr_find( dni->new_entry->e_attrs,
+ slap_schema.si_ad_entryCSN );
+ if ( new && old && ber_bvcmp( &old->a_vals[0],
+ &new->a_vals[0] ) >= 0 ) {
+ Debug( LDAP_DEBUG_SYNC,
+ "dn_callback : new entry is older than ours "
+ "%s ours %s, new %s\n",
+ rs->sr_entry->e_name.bv_val,
+ old->a_vals[0].bv_val,
+ new->a_vals[0].bv_val );
+ return LDAP_SUCCESS;
+ }
/* We assume that attributes are saved in the same order
* in the remote and local databases. So if we walk through
* the attributeDescriptions one by one they should match in
- * lock step. If not, we signal a change. Otherwise we test
- * all the values...
+ * lock step. If not, look for an add or delete.
*/
for ( old = rs->sr_entry->e_attrs, new = dni->new_entry->e_attrs;
- old && new;
- old = old->a_next, new = new->a_next )
+ old && new; )
{
- if ( old->a_desc != new->a_desc ) {
- dni->wasChanged = 1;
- break;
+ /* If we've seen this before, use its mod now */
+ if ( new->a_flags & SLAP_ATTR_IXADD ) {
+ attr_cmp( op, NULL, new, &modtail, &ml );
+ new = new->a_next;
+ continue;
}
- for ( i = 0; ; i++ ) {
- int nold, nnew;
- nold = BER_BVISNULL( &old->a_vals[i] );
- nnew = BER_BVISNULL( &new->a_vals[i] );
- /* If both are empty, stop looking */
- if ( nold && nnew ) {
- break;
- }
- /* If they are different, stop looking */
- if ( nold != nnew ) {
- dni->wasChanged = 1;
- break;
- }
- if ( ber_bvcmp( &old->a_vals[i], &new->a_vals[i] )) {
- dni->wasChanged = 1;
- break;
- }
+ /* Skip contextCSN */
+ if ( is_ctx && old->a_desc ==
+ slap_schema.si_ad_contextCSN ) {
+ old = old->a_next;
+ continue;
}
- if ( dni->wasChanged ) break;
- }
- if ( dni->wasChanged ) {
- dni->ads = op->o_tmpalloc( dni->attrs *
- sizeof(AttributeDescription *), op->o_tmpmemctx );
- i = 0;
- for ( old = rs->sr_entry->e_attrs; old; old = old->a_next ) {
- dni->ads[i] = old->a_desc;
- i++;
+
+ if ( old->a_desc != new->a_desc ) {
+ Modifications *mod;
+ Attribute *tmp;
+
+ /* If it's just been re-added later,
+ * remember that we've seen it.
+ */
+ tmp = attr_find( new, old->a_desc );
+ if ( tmp ) {
+ tmp->a_flags |= SLAP_ATTR_IXADD;
+ } else {
+ /* If it's a new attribute, pull it in.
+ */
+ tmp = attr_find( old, new->a_desc );
+ if ( !tmp ) {
+ attr_cmp( op, NULL, new, &modtail, &ml );
+ new = new->a_next;
+ continue;
+ }
+ /* Delete old attr */
+ mod = ch_malloc( sizeof( Modifications ) );
+ mod->sml_op = LDAP_MOD_DELETE;
+ mod->sml_flags = 0;
+ mod->sml_desc = old->a_desc;
+ mod->sml_type = mod->sml_desc->ad_cname;
+ mod->sml_values = NULL;
+ mod->sml_nvalues = NULL;
+ *modtail = mod;
+ modtail = &mod->sml_next;
+ }
+ old = old->a_next;
+ continue;
}
+ /* kludge - always update modifiersName so that it
+ * stays co-located with the other mod opattrs. But only
+ * if we know there are other valid mods.
+ */
+ if ( old->a_desc == slap_schema.si_ad_modifiersName &&
+ dni->mods )
+ attr_cmp( op, NULL, new, &modtail, &ml );
+ else
+ attr_cmp( op, old, new, &modtail, &ml );
+ new = new->a_next;
+ old = old->a_next;
}
+ *modtail = *ml;
+ *ml = NULL;
}
}
} else if ( rs->sr_type == REP_RESULT ) {
@@ -2438,22 +2933,30 @@ nonpresent_callback(
si->si_presentlist = NULL;
} else if ( rs->sr_type == REP_SEARCH ) {
- if ( !(si->si_refreshDelete & NP_DELETE_ONE )) {
+ if ( !( si->si_refreshDelete & NP_DELETE_ONE ) ) {
+ char buf[sizeof("rid=000 not")];
+
a = attr_find( rs->sr_entry->e_attrs, slap_schema.si_ad_entryUUID );
- if ( a )
+ if ( a ) {
present_uuid = avl_find( si->si_presentlist, &a->a_nvals[0],
syncuuid_cmp );
+ }
+
+ if ( slap_debug & LDAP_DEBUG_SYNC ) {
+ sprintf( buf, "%s %s", si->si_ridtxt,
+ present_uuid ? "got" : "not" );
+ }
- Debug( LDAP_DEBUG_SYNC, "nonpresent_callback: UUID %s, dn %s, %sfound\n",
- a ? a->a_vals[0].bv_val : "<missing>", rs->sr_entry->e_name.bv_val, present_uuid ? "" : "not " );
+ Debug( LDAP_DEBUG_SYNC, "nonpresent_callback: %s UUID %s, dn %s\n",
+ buf, a ? a->a_vals[0].bv_val : "<missing>", rs->sr_entry->e_name.bv_val );
if ( a == NULL ) return 0;
}
if ( present_uuid == NULL ) {
np_entry = (struct nonpresent_entry *)
- ch_calloc( 1, sizeof( struct nonpresent_entry ));
+ ch_calloc( 1, sizeof( struct nonpresent_entry ) );
np_entry->npe_name = ber_dupbv( NULL, &rs->sr_entry->e_name );
np_entry->npe_nname = ber_dupbv( NULL, &rs->sr_entry->e_nname );
LDAP_LIST_INSERT_HEAD( &si->si_nonpresentlist, np_entry, npe_link );
@@ -2565,100 +3068,119 @@ avl_ber_bvfree( void *v_bv )
}
void
-syncinfo_free( syncinfo_t *sie )
+syncinfo_free( syncinfo_t *sie, int free_all )
{
- if ( sie->si_ld ) {
- if ( sie->si_conn_setup ) {
- ber_socket_t s;
- ldap_get_option( sie->si_ld, LDAP_OPT_DESC, &s );
- connection_client_stop( s );
- sie->si_conn_setup = 0;
- }
- ldap_unbind_ext( sie->si_ld, NULL, NULL );
- }
+ syncinfo_t *si_next;
- /* re-fetch it, in case it was already removed */
- sie->si_re = ldap_pvt_runqueue_find( &slapd_rq, do_syncrepl, sie );
- if ( sie->si_re ) {
- if ( ldap_pvt_runqueue_isrunning( &slapd_rq, sie->si_re ) )
- ldap_pvt_runqueue_stoptask( &slapd_rq, sie->si_re );
- ldap_pvt_runqueue_remove( &slapd_rq, sie->si_re );
+ if ( free_all && sie->si_cookieState ) {
+ ch_free( sie->si_cookieState->cs_sids );
+ ber_bvarray_free( sie->si_cookieState->cs_vals );
+ ldap_pvt_thread_mutex_destroy( &sie->si_cookieState->cs_mutex );
+ ch_free( sie->si_cookieState );
}
+ do {
+ si_next = sie->si_next;
- ldap_pvt_thread_mutex_destroy( &sie->si_mutex );
-
- bindconf_free( &sie->si_bindconf );
-
- if ( sie->si_filterstr.bv_val ) {
- ch_free( sie->si_filterstr.bv_val );
- }
- if ( sie->si_base.bv_val ) {
- ch_free( sie->si_base.bv_val );
- }
- if ( sie->si_attrs ) {
- int i = 0;
- while ( sie->si_attrs[i] != NULL ) {
- ch_free( sie->si_attrs[i] );
- i++;
+ if ( sie->si_ld ) {
+ if ( sie->si_conn_setup ) {
+ ber_socket_t s;
+ ldap_get_option( sie->si_ld, LDAP_OPT_DESC, &s );
+ connection_client_stop( s );
+ sie->si_conn_setup = 0;
+ }
+ ldap_unbind_ext( sie->si_ld, NULL, NULL );
}
- ch_free( sie->si_attrs );
- }
- if ( sie->si_exattrs ) {
- int i = 0;
- while ( sie->si_exattrs[i] != NULL ) {
- ch_free( sie->si_exattrs[i] );
- i++;
+
+ /* re-fetch it, in case it was already removed */
+ sie->si_re = ldap_pvt_runqueue_find( &slapd_rq, do_syncrepl, sie );
+ if ( sie->si_re ) {
+ if ( ldap_pvt_runqueue_isrunning( &slapd_rq, sie->si_re ) )
+ ldap_pvt_runqueue_stoptask( &slapd_rq, sie->si_re );
+ ldap_pvt_runqueue_remove( &slapd_rq, sie->si_re );
}
- ch_free( sie->si_exattrs );
- }
- if ( sie->si_anlist ) {
- int i = 0;
- while ( sie->si_anlist[i].an_name.bv_val != NULL ) {
- ch_free( sie->si_anlist[i].an_name.bv_val );
- i++;
+
+ ldap_pvt_thread_mutex_destroy( &sie->si_mutex );
+
+ bindconf_free( &sie->si_bindconf );
+
+ if ( sie->si_filterstr.bv_val ) {
+ ch_free( sie->si_filterstr.bv_val );
}
- ch_free( sie->si_anlist );
- }
- if ( sie->si_exanlist ) {
- int i = 0;
- while ( sie->si_exanlist[i].an_name.bv_val != NULL ) {
- ch_free( sie->si_exanlist[i].an_name.bv_val );
- i++;
+ if ( sie->si_logfilterstr.bv_val ) {
+ ch_free( sie->si_logfilterstr.bv_val );
}
- ch_free( sie->si_exanlist );
- }
- if ( sie->si_retryinterval ) {
- ch_free( sie->si_retryinterval );
- }
- if ( sie->si_retrynum ) {
- ch_free( sie->si_retrynum );
- }
- if ( sie->si_retrynum_init ) {
- ch_free( sie->si_retrynum_init );
- }
- slap_sync_cookie_free( &sie->si_syncCookie, 0 );
- if ( sie->si_presentlist ) {
- avl_free( sie->si_presentlist, avl_ber_bvfree );
- }
- while ( !LDAP_LIST_EMPTY( &sie->si_nonpresentlist )) {
- struct nonpresent_entry* npe;
- npe = LDAP_LIST_FIRST( &sie->si_nonpresentlist );
- LDAP_LIST_REMOVE( npe, npe_link );
- if ( npe->npe_name ) {
- if ( npe->npe_name->bv_val ) {
- ch_free( npe->npe_name->bv_val );
+ if ( sie->si_base.bv_val ) {
+ ch_free( sie->si_base.bv_val );
+ }
+ if ( sie->si_logbase.bv_val ) {
+ ch_free( sie->si_logbase.bv_val );
+ }
+ if ( sie->si_attrs ) {
+ int i = 0;
+ while ( sie->si_attrs[i] != NULL ) {
+ ch_free( sie->si_attrs[i] );
+ i++;
}
- ch_free( npe->npe_name );
+ ch_free( sie->si_attrs );
}
- if ( npe->npe_nname ) {
- if ( npe->npe_nname->bv_val ) {
- ch_free( npe->npe_nname->bv_val );
+ if ( sie->si_exattrs ) {
+ int i = 0;
+ while ( sie->si_exattrs[i] != NULL ) {
+ ch_free( sie->si_exattrs[i] );
+ i++;
}
- ch_free( npe->npe_nname );
+ ch_free( sie->si_exattrs );
}
- ch_free( npe );
- }
- ch_free( sie );
+ if ( sie->si_anlist ) {
+ int i = 0;
+ while ( sie->si_anlist[i].an_name.bv_val != NULL ) {
+ ch_free( sie->si_anlist[i].an_name.bv_val );
+ i++;
+ }
+ ch_free( sie->si_anlist );
+ }
+ if ( sie->si_exanlist ) {
+ int i = 0;
+ while ( sie->si_exanlist[i].an_name.bv_val != NULL ) {
+ ch_free( sie->si_exanlist[i].an_name.bv_val );
+ i++;
+ }
+ ch_free( sie->si_exanlist );
+ }
+ if ( sie->si_retryinterval ) {
+ ch_free( sie->si_retryinterval );
+ }
+ if ( sie->si_retrynum ) {
+ ch_free( sie->si_retrynum );
+ }
+ if ( sie->si_retrynum_init ) {
+ ch_free( sie->si_retrynum_init );
+ }
+ slap_sync_cookie_free( &sie->si_syncCookie, 0 );
+ if ( sie->si_presentlist ) {
+ avl_free( sie->si_presentlist, avl_ber_bvfree );
+ }
+ while ( !LDAP_LIST_EMPTY( &sie->si_nonpresentlist ) ) {
+ struct nonpresent_entry* npe;
+ npe = LDAP_LIST_FIRST( &sie->si_nonpresentlist );
+ LDAP_LIST_REMOVE( npe, npe_link );
+ if ( npe->npe_name ) {
+ if ( npe->npe_name->bv_val ) {
+ ch_free( npe->npe_name->bv_val );
+ }
+ ch_free( npe->npe_name );
+ }
+ if ( npe->npe_nname ) {
+ if ( npe->npe_nname->bv_val ) {
+ ch_free( npe->npe_nname->bv_val );
+ }
+ ch_free( npe->npe_nname );
+ }
+ ch_free( npe );
+ }
+ ch_free( sie );
+ sie = si_next;
+ } while ( free_all && si_next );
}
@@ -2678,22 +3200,13 @@ syncinfo_free( syncinfo_t *sie )
#define SLIMITSTR "sizelimit"
#define TLIMITSTR "timelimit"
#define SYNCDATASTR "syncdata"
+#define LOGBASESTR "logbase"
+#define LOGFILTERSTR "logfilter"
/* FIXME: undocumented */
-#define LOGBASESTR "logbase"
-#define LOGFILTERSTR "logfilter"
-#define OLDAUTHCSTR "bindprincipal"
#define EXATTRSSTR "exattrs"
#define MANAGEDSAITSTR "manageDSAit"
-/* FIXME: unused */
-#define LASTMODSTR "lastmod"
-#define LMGENSTR "gen"
-#define LMNOSTR "no"
-#define LMREQSTR "req"
-#define SRVTABSTR "srvtab"
-#define SUFFIXSTR "suffix"
-
/* mandatory */
#define GOT_ID 0x0001
#define GOT_PROVIDER 0x0002
@@ -2755,6 +3268,7 @@ parse_syncrepl_line(
return -1;
}
si->si_rid = tmp;
+ sprintf( si->si_ridtxt, IDSTR "=%03d", si->si_rid );
gots |= GOT_ID;
} else if ( !strncasecmp( c->argv[ i ], PROVIDERSTR "=",
STRLENOF( PROVIDERSTR "=" ) ) )
@@ -2766,7 +3280,7 @@ parse_syncrepl_line(
STRLENOF( SCHEMASTR "=" ) ) )
{
val = c->argv[ i ] + STRLENOF( SCHEMASTR "=" );
- if ( !strncasecmp( val, "on", STRLENOF( "on" ) )) {
+ if ( !strncasecmp( val, "on", STRLENOF( "on" ) ) ) {
si->si_schemachecking = 1;
} else if ( !strncasecmp( val, "off", STRLENOF( "off" ) ) ) {
si->si_schemachecking = 0;
@@ -2831,8 +3345,8 @@ parse_syncrepl_line(
{
int j;
val = c->argv[ i ] + STRLENOF( SCOPESTR "=" );
- for ( j=0; !BER_BVISNULL(&scopes[j].key); j++ ) {
- if (!strcasecmp( val, scopes[j].key.bv_val )) {
+ for ( j = 0; !BER_BVISNULL(&scopes[j].key); j++ ) {
+ if (!strcasecmp( val, scopes[j].key.bv_val ) ) {
si->si_scope = scopes[j].val;
break;
}
@@ -2871,11 +3385,11 @@ parse_syncrepl_line(
{
if ( strlen(s) == 1 && *s == '*' ) {
si->si_allattrs = 1;
- *(val + ( s - str )) = delimstr[0];
+ val[ s - str ] = delimstr[0];
}
if ( strlen(s) == 1 && *s == '+' ) {
si->si_allopattrs = 1;
- *(val + ( s - str )) = delimstr[0];
+ val [ s - str ] = delimstr[0];
}
}
ch_free( str );
@@ -2888,7 +3402,7 @@ parse_syncrepl_line(
STRLENOF( EXATTRSSTR "=" ) ) )
{
val = c->argv[ i ] + STRLENOF( EXATTRSSTR "=" );
- if ( !strncasecmp( val, ":include:", STRLENOF(":include:") )) {
+ if ( !strncasecmp( val, ":include:", STRLENOF(":include:") ) ) {
char *attr_fname;
attr_fname = ch_strdup( val + STRLENOF(":include:") );
si->si_exanlist = file2anlist(
@@ -2999,7 +3513,7 @@ parse_syncrepl_line(
int j, k, n;
val = c->argv[ i ] + STRLENOF( RETRYSTR "=" );
- retry_list = (char **) ch_calloc( 1, sizeof( char * ));
+ retry_list = (char **) ch_calloc( 1, sizeof( char * ) );
retry_list[0] = NULL;
slap_str2clist( &retry_list, val, " ,\t" );
@@ -3016,9 +3530,9 @@ parse_syncrepl_line(
ch_free( retry_list );
return 1;
}
- si->si_retryinterval = (time_t *) ch_calloc( n + 1, sizeof( time_t ));
- si->si_retrynum = (int *) ch_calloc( n + 1, sizeof( int ));
- si->si_retrynum_init = (int *) ch_calloc( n + 1, sizeof( int ));
+ si->si_retryinterval = (time_t *) ch_calloc( n + 1, sizeof( time_t ) );
+ si->si_retrynum = (int *) ch_calloc( n + 1, sizeof( int ) );
+ si->si_retrynum_init = (int *) ch_calloc( n + 1, sizeof( int ) );
for ( j = 0; j < n; j++ ) {
unsigned long t;
if ( lutil_atoul( &t, retry_list[j*2] ) != 0 ) {
@@ -3115,7 +3629,7 @@ parse_syncrepl_line(
} else if ( bindconf_parse( c->argv[i], &si->si_bindconf ) ) {
snprintf( c->msg, sizeof( c->msg ),
"Error: parse_syncrepl_line: "
- "unknown keyword \"%s\"\n", c->argv[ i ] );
+ "unable to parse \"%s\"\n", c->argv[ i ] );
Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
return -1;
}
@@ -3147,7 +3661,7 @@ add_syncrepl(
Debug( LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
return 1;
}
- if ( BER_BVISEMPTY( &c->be->be_rootdn )) {
+ if ( BER_BVISEMPTY( &c->be->be_rootdn ) ) {
strcpy( c->msg, "rootDN must be defined before syncrepl may be used" );
Debug( LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
return 1;
@@ -3167,8 +3681,8 @@ add_syncrepl(
si->si_base.bv_val = NULL;
si->si_scope = LDAP_SCOPE_SUBTREE;
si->si_attrsonly = 0;
- si->si_anlist = (AttributeName *) ch_calloc( 1, sizeof( AttributeName ));
- si->si_exanlist = (AttributeName *) ch_calloc( 1, sizeof( AttributeName ));
+ si->si_anlist = (AttributeName *) ch_calloc( 1, sizeof( AttributeName ) );
+ si->si_exanlist = (AttributeName *) ch_calloc( 1, sizeof( AttributeName ) );
si->si_attrs = NULL;
si->si_allattrs = 0;
si->si_allopattrs = 0;
@@ -3203,20 +3717,50 @@ add_syncrepl(
Debug( LDAP_DEBUG_ANY,
"version %d incompatible with syncrepl\n",
si->si_bindconf.sb_version, 0, 0 );
- syncinfo_free( si );
+ syncinfo_free( si, 0 );
return 1;
}
si->si_be = c->be;
- init_syncrepl( si );
- si->si_re = ldap_pvt_runqueue_insert( &slapd_rq, si->si_interval,
- do_syncrepl, si, "do_syncrepl", c->be->be_suffix[0].bv_val );
- if ( !si->si_re )
- rc = -1;
+ if ( slapMode & SLAP_SERVER_MODE ) {
+ Listener **l = slapd_get_listeners();
+ int isMe = 0;
+
+ /* check if URL points to current server. If so, ignore
+ * this configuration. We require an exact match. Just
+ * in case they really want to do this, they can vary
+ * the case of the URL to allow it.
+ */
+ if ( l && !SLAP_DBHIDDEN( c->be ) ) {
+ int i;
+ for ( i=0; l[i]; i++ ) {
+ if ( bvmatch( &l[i]->sl_url, &si->si_bindconf.sb_uri ) ) {
+ isMe = 1;
+ break;
+ }
+ }
+ }
+
+ if ( !isMe ) {
+ init_syncrepl( si );
+ si->si_re = ldap_pvt_runqueue_insert( &slapd_rq,
+ si->si_interval, do_syncrepl, si, "do_syncrepl",
+ si->si_ridtxt );
+ if ( si->si_re )
+ rc = config_sync_shadow( c ) ? -1 : 0;
+ else
+ rc = -1;
+ }
+ }
}
+
+#ifdef HAVE_TLS
+ /* Use main slapd defaults */
+ bindconf_tls_defaults( &si->si_bindconf );
+#endif
if ( rc < 0 ) {
Debug( LDAP_DEBUG_ANY, "failed to add syncinfo\n", 0, 0, 0 );
- syncinfo_free( si );
+ syncinfo_free( si, 0 );
return 1;
} else {
Debug( LDAP_DEBUG_CONFIG,
@@ -3226,6 +3770,13 @@ add_syncrepl(
if ( !si->si_schemachecking ) {
SLAP_DBFLAGS(c->be) |= SLAP_DBFLAG_NO_SCHEMA_CHECK;
}
+ if ( c->be->be_syncinfo ) {
+ si->si_cookieState = c->be->be_syncinfo->si_cookieState;
+ } else {
+ si->si_cookieState = ch_calloc( 1, sizeof( cookie_state ));
+ ldap_pvt_thread_mutex_init( &si->si_cookieState->cs_mutex );
+ }
+ si->si_next = c->be->be_syncinfo;
c->be->be_syncinfo = si;
return 0;
}
@@ -3254,7 +3805,7 @@ syncrepl_unparse( syncinfo_t *si, struct berval *bv )
ptr += snprintf( ptr, WHATSLEFT, IDSTR "=%03ld " PROVIDERSTR "=%s",
si->si_rid, si->si_bindconf.sb_uri.bv_val );
if ( ptr - buf >= sizeof( buf ) ) return;
- if ( !BER_BVISNULL( &bc )) {
+ if ( !BER_BVISNULL( &bc ) ) {
if ( WHATSLEFT <= bc.bv_len ) {
free( bc.bv_val );
return;
@@ -3262,25 +3813,25 @@ syncrepl_unparse( syncinfo_t *si, struct berval *bv )
ptr = lutil_strcopy( ptr, bc.bv_val );
free( bc.bv_val );
}
- if ( !BER_BVISEMPTY( &si->si_filterstr )) {
+ if ( !BER_BVISEMPTY( &si->si_filterstr ) ) {
if ( WHATSLEFT <= STRLENOF( " " FILTERSTR "=\"" "\"" ) + si->si_filterstr.bv_len ) return;
ptr = lutil_strcopy( ptr, " " FILTERSTR "=\"" );
ptr = lutil_strcopy( ptr, si->si_filterstr.bv_val );
*ptr++ = '"';
}
- if ( !BER_BVISNULL( &si->si_base )) {
+ if ( !BER_BVISNULL( &si->si_base ) ) {
if ( WHATSLEFT <= STRLENOF( " " SEARCHBASESTR "=\"" "\"" ) + si->si_base.bv_len ) return;
ptr = lutil_strcopy( ptr, " " SEARCHBASESTR "=\"" );
ptr = lutil_strcopy( ptr, si->si_base.bv_val );
*ptr++ = '"';
}
- if ( !BER_BVISEMPTY( &si->si_logfilterstr )) {
+ if ( !BER_BVISEMPTY( &si->si_logfilterstr ) ) {
if ( WHATSLEFT <= STRLENOF( " " LOGFILTERSTR "=\"" "\"" ) + si->si_logfilterstr.bv_len ) return;
ptr = lutil_strcopy( ptr, " " LOGFILTERSTR "=\"" );
ptr = lutil_strcopy( ptr, si->si_logfilterstr.bv_val );
*ptr++ = '"';
}
- if ( !BER_BVISNULL( &si->si_logbase )) {
+ if ( !BER_BVISNULL( &si->si_logbase ) ) {
if ( WHATSLEFT <= STRLENOF( " " LOGBASESTR "=\"" "\"" ) + si->si_logbase.bv_len ) return;
ptr = lutil_strcopy( ptr, " " LOGBASESTR "=\"" );
ptr = lutil_strcopy( ptr, si->si_logbase.bv_val );
@@ -3304,7 +3855,7 @@ syncrepl_unparse( syncinfo_t *si, struct berval *bv )
ptr = lutil_strcopy( ptr, si->si_anfile );
*ptr++ = '"';
} else if ( si->si_allattrs || si->si_allopattrs ||
- ( si->si_anlist && !BER_BVISNULL(&si->si_anlist[0].an_name) ))
+ ( si->si_anlist && !BER_BVISNULL(&si->si_anlist[0].an_name) ) )
{
char *old;
@@ -3400,26 +3951,59 @@ syncrepl_config( ConfigArgs *c )
if (c->op == SLAP_CONFIG_EMIT) {
if ( c->be->be_syncinfo ) {
struct berval bv;
- syncrepl_unparse( c->be->be_syncinfo, &bv );
- ber_bvarray_add( &c->rvalue_vals, &bv );
+ syncinfo_t *si;
+
+ for ( si = c->be->be_syncinfo; si; si=si->si_next ) {
+ syncrepl_unparse( si, &bv );
+ ber_bvarray_add( &c->rvalue_vals, &bv );
+ }
return 0;
}
return 1;
} else if ( c->op == LDAP_MOD_DELETE ) {
+ cookie_state *cs = NULL;
if ( c->be->be_syncinfo ) {
- syncinfo_free( c->be->be_syncinfo );
- c->be->be_syncinfo = NULL;
+ syncinfo_t *si, **sip;
+ int i;
+
+ cs = c->be->be_syncinfo->si_cookieState;
+ for ( sip = &c->be->be_syncinfo, i=0; *sip; i++ ) {
+ si = *sip;
+ if ( c->valx == -1 || i == c->valx ) {
+ *sip = si->si_next;
+ /* If the task is currently active, we have to leave
+ * it running. It will exit on its own. This will only
+ * happen when running on the cn=config DB.
+ */
+ if ( si->si_re &&
+ ldap_pvt_runqueue_isrunning( &slapd_rq, si->si_re ) ) {
+ si->si_ctype = 0;
+ } else {
+ syncinfo_free( si, 0 );
+ }
+ if ( i == c->valx )
+ break;
+ } else {
+ sip = &si->si_next;
+ }
+ }
+ }
+ if ( !c->be->be_syncinfo ) {
+ SLAP_DBFLAGS( c->be ) &= ~(SLAP_DBFLAG_SHADOW|SLAP_DBFLAG_SYNC_SHADOW);
+ if ( cs ) {
+ ber_bvarray_free( cs->cs_vals );
+ ldap_pvt_thread_mutex_destroy( &cs->cs_mutex );
+ ch_free( cs );
+ }
}
- SLAP_DBFLAGS( c->be ) &= ~(SLAP_DBFLAG_SHADOW|SLAP_DBFLAG_SYNC_SHADOW);
return 0;
}
- if ( SLAP_SHADOW( c->be ) ) {
+ if ( SLAP_SLURP_SHADOW( c->be ) ) {
Debug(LDAP_DEBUG_ANY, "%s: "
"syncrepl: database already shadowed.\n",
c->log, 0, 0);
return(1);
- } else if ( add_syncrepl( c ) ) {
- return(1);
+ } else {
+ return add_syncrepl( c );
}
- return config_sync_shadow( c );
}
diff --git a/servers/slapd/syntax.c b/servers/slapd/syntax.c
index 61ed5f740c74b6d4a111927512c22e55295dd8eb..c5b36cfdfdeaf18ef4851e8c709d84aaa2f53583 100644
--- a/servers/slapd/syntax.c
+++ b/servers/slapd/syntax.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/txn.c b/servers/slapd/txn.c
index b087a35463fdf7ead229d613a90b27a8c6e1537e..84d7997b13634a1b240e3eaad1d166e368805697 100644
--- a/servers/slapd/txn.c
+++ b/servers/slapd/txn.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -18,7 +18,6 @@
#include <stdio.h>
-#include <ac/krb.h>
#include <ac/socket.h>
#include <ac/string.h>
#include <ac/unistd.h>
diff --git a/servers/slapd/unbind.c b/servers/slapd/unbind.c
index a90dee76fb5783943a37b830d8a8d4c7eec2b9b1..87263443a50686cfdf1889517ae5c54b59963616 100644
--- a/servers/slapd/unbind.c
+++ b/servers/slapd/unbind.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/user.c b/servers/slapd/user.c
index 358e6f38116fab2bb7179e719b93dd45befbcb3a..d7166b5972ccb90b486e4d2bc4adf83a3fbd13b3 100644
--- a/servers/slapd/user.c
+++ b/servers/slapd/user.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* Portions Copyright 1999 PM Lashley.
* All rights reserved.
*
diff --git a/servers/slapd/value.c b/servers/slapd/value.c
index 071286a0ee506f2d825d46856dcc14968f4a9332..cd03ff97319204aadb58ad4b5baa5785438307d6 100644
--- a/servers/slapd/value.c
+++ b/servers/slapd/value.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slapd/zn_malloc.c b/servers/slapd/zn_malloc.c
index dbd8863cb515424db20d01f6ad9be01a96d567d0..ad46d96e660c00095bcba21b0b06a5381e8326ab 100644
--- a/servers/slapd/zn_malloc.c
+++ b/servers/slapd/zn_malloc.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$*/
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2006 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slurpd/Makefile.in b/servers/slurpd/Makefile.in
index 3f2ff26387b391e4cec1a4646e62cfb2b4461f97..9ce402c03a05f29cb6c1d4f610e0d3d544da8745 100644
--- a/servers/slurpd/Makefile.in
+++ b/servers/slurpd/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/servers/slurpd/admin.c b/servers/slurpd/admin.c
index b34cce996f71d831283e6b5094da7410271fa550..fa4e8f8a35122e25a3b01590fc1d2cc8f1cdb69f 100644
--- a/servers/slurpd/admin.c
+++ b/servers/slurpd/admin.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slurpd/args.c b/servers/slurpd/args.c
index 8a4332cd24406b54307c939cbf447bb910645224..c5685817efc9587dac665a5ad150da4c991c5d40 100644
--- a/servers/slurpd/args.c
+++ b/servers/slurpd/args.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -52,11 +52,7 @@ usage( char *name )
{
fprintf( stderr, "usage: %s\t[-d debug-level] [-s syslog-level]\n", name );
fprintf( stderr, "\t\t[-f slapd-config-file] [-r replication-log-file]\n" );
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
- fprintf( stderr, "\t\t[-t tmp-dir] [-o] [-k srvtab-file]\n" );
-#else /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
fprintf( stderr, "\t\t[-t tmp-dir] [-o]\n" );
-#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
fprintf( stderr, "\t\t[-n service-name]\n" );
}
diff --git a/servers/slurpd/ch_malloc.c b/servers/slurpd/ch_malloc.c
index 68c70afd5eecf0d7b8719cacc176ee5a480bb185..7532fbe4dc3e4d121c416e7d0c030bc087a6e761 100644
--- a/servers/slurpd/ch_malloc.c
+++ b/servers/slurpd/ch_malloc.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slurpd/config.c b/servers/slurpd/config.c
index 3654c4be42b0797a4bab74281b18658451dbfdc0..949e3084e09713652bf34953c45e5c194569eab4 100644
--- a/servers/slurpd/config.c
+++ b/servers/slurpd/config.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* Portions Copyright 2003 Mark Benson.
* Portions Copyright 2002 John Morrissey.
* All rights reserved.
@@ -613,12 +613,7 @@ parse_replica_line(
} else if ( !strncasecmp( cargv[ i ], BINDMETHSTR,
sizeof( BINDMETHSTR ) - 1 ) ) {
val = cargv[ i ] + sizeof( BINDMETHSTR );
- if ( !strcasecmp( val, KERBEROSSTR )) {
- fprintf( stderr, "Error: a bind method of \"kerberos\" was\n" );
- fprintf( stderr, "specified in the slapd configuration file.\n" );
- fprintf( stderr, "slurpd no longer supports Kerberos.\n" );
- exit( EXIT_FAILURE );
- } else if ( !strcasecmp( val, SIMPLESTR )) {
+ if ( !strcasecmp( val, SIMPLESTR )) {
ri->ri_bind_method = LDAP_AUTH_SIMPLE;
gots |= GOT_METHOD;
} else if ( !strcasecmp( val, SASLSTR )) {
@@ -657,13 +652,6 @@ parse_replica_line(
AUTHZSTR, sizeof( AUTHZSTR ) - 1 ) ) {
val = cargv[ i ] + sizeof( AUTHZSTR );
ri->ri_authzId = strdup( val );
- } else if ( !strncasecmp( cargv[ i ],
- SRVTABSTR, sizeof( SRVTABSTR ) - 1 ) ) {
- val = cargv[ i ] + sizeof( SRVTABSTR );
- if ( ri->ri_srvtab != NULL ) {
- free( ri->ri_srvtab );
- }
- ri->ri_srvtab = strdup( val );
} else {
fprintf( stderr,
"Error: parse_replica_line: unknown keyword \"%s\"\n",
diff --git a/servers/slurpd/fm.c b/servers/slurpd/fm.c
index 987163873604c3dcd323aa5041c4792bc46b5fa9..23d08bfba0e62510f0c68213304b6d5034530c30 100644
--- a/servers/slurpd/fm.c
+++ b/servers/slurpd/fm.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -43,6 +43,7 @@
#include "slurp.h"
#include "globals.h"
+#include "lutil.h"
/*
@@ -77,8 +78,8 @@ fm(
#ifdef SIGHUP
(void) SIGNAL( SIGHUP, slurp_set_shutdown );
#endif
-#if defined(SIGBREAK) && defined(HAVE_NT_SERVICE_MANAGER)
- (void) SIGNAL( SIGBREAK, do_nothing );
+#if defined(SIGBREAK)
+ (void) SIGNAL( SIGBREAK, slurp_set_shutdown );
#endif
if ( sglob->one_shot_mode ) {
@@ -165,8 +166,15 @@ fm(
RETSIGTYPE
slurp_set_shutdown(int sig)
{
+#if HAVE_NT_SERVICE_MANAGER && SIGBREAK
+ if (is_NT_Service && sig == SIGBREAK) {
+ /* empty */;
+ } else
+#endif
+ {
sglob->slurpd_shutdown = 1; /* set flag */
tcp_write( sglob->wake_sds[1], "0", 1); /* wake up file mgr */
+ }
(void) SIGNAL_REINSTALL( sig, slurp_set_shutdown ); /* reinstall handlers */
}
diff --git a/servers/slurpd/globals.c b/servers/slurpd/globals.c
index 30ed54d368bbc8ed865c46bf6b1d909267e3f114..80e2238f721c57dc78e59b7cac4187a07001b2f3 100644
--- a/servers/slurpd/globals.c
+++ b/servers/slurpd/globals.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -95,9 +95,6 @@ init_globals( void )
fprintf( stderr, "Cannot initialize queue\n" );
exit( EXIT_FAILURE );
}
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
- g->default_srvtab = SRVTAB;
-#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
return g;
}
diff --git a/servers/slurpd/globals.h b/servers/slurpd/globals.h
index a920a8141cd4bef5279516f8292f376aed2dedc7..28a960b9f9e50e0564f5b69601567795d46f6988 100644
--- a/servers/slurpd/globals.h
+++ b/servers/slurpd/globals.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -77,10 +77,6 @@ typedef struct globals {
St *st;
/* Pointer to replication queue */
Rq *rq;
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
- /* Default name of kerberos srvtab file */
- char *default_srvtab;
-#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
/* Non-zero if we shall print the version */
int version;
} Globals;
diff --git a/servers/slurpd/ldap_op.c b/servers/slurpd/ldap_op.c
index cf77dd6a088ea56dfc33a6896a22ae6bc23c3bdc..dc06b2d310e215eb600257e9e56855cbd35e418c 100644
--- a/servers/slurpd/ldap_op.c
+++ b/servers/slurpd/ldap_op.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* Portions Copyright 2003 Mark Benson.
* All rights reserved.
*
diff --git a/servers/slurpd/lock.c b/servers/slurpd/lock.c
index 9ef0fd7f78a48fc0b536539e350611a51d36da48..7b459abc31b517d8dc8b356b0f5ab1a27f0b3a8f 100644
--- a/servers/slurpd/lock.c
+++ b/servers/slurpd/lock.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slurpd/main.c b/servers/slurpd/main.c
index 44eef26a37e79adb05ed893e0336ad66901471e7..4284c873618a52a719cf78bb9d627984c61cb3be 100644
--- a/servers/slurpd/main.c
+++ b/servers/slurpd/main.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slurpd/nt_svc.c b/servers/slurpd/nt_svc.c
index 1ba7715ecc9b411511229349db16d9a60afbfe51..e2b0f889181b5ead83260f0d3fe153c557b042d3 100644
--- a/servers/slurpd/nt_svc.c
+++ b/servers/slurpd/nt_svc.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slurpd/proto-slurp.h b/servers/slurpd/proto-slurp.h
index 23308c7344352dd72cfe01e9a7eca3c2e7f93d35..b21386737c09f2744922cb774e24c12324724ab9 100644
--- a/servers/slurpd/proto-slurp.h
+++ b/servers/slurpd/proto-slurp.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slurpd/re.c b/servers/slurpd/re.c
index 591db0d6462d41a2fd322df5d1583b6c98ce11ca..e0d4ddd8f10ce89c7c5e3e8fa2f67196bc872a44 100644
--- a/servers/slurpd/re.c
+++ b/servers/slurpd/re.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slurpd/reject.c b/servers/slurpd/reject.c
index 4f49f6a4e02e899f231ee5db2c3a40df206f139c..9eeac4f3153a5454e43480a5f0320c94b56375b6 100644
--- a/servers/slurpd/reject.c
+++ b/servers/slurpd/reject.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slurpd/replica.c b/servers/slurpd/replica.c
index 86500e2e69c2287a449b3084696a4a01beea3c94..4702d105c7fd0d6d46b14c9e6d6c22e2efd3ff0d 100644
--- a/servers/slurpd/replica.c
+++ b/servers/slurpd/replica.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slurpd/replog.c b/servers/slurpd/replog.c
index 6b637db4a3f7ba41046591b69b9a9b59770625e3..e4bf325747399b4f197971bcfafa5a8619d183bc 100644
--- a/servers/slurpd/replog.c
+++ b/servers/slurpd/replog.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slurpd/ri.c b/servers/slurpd/ri.c
index ac50de02676aa40a650e3709b40431e6622a6dc7..62062cceb8a7562084cab3373bd96a148d63d3cd 100644
--- a/servers/slurpd/ri.c
+++ b/servers/slurpd/ri.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -209,7 +209,6 @@ Ri_init(
(*ri)->ri_bind_dn = NULL;
(*ri)->ri_password = NULL;
(*ri)->ri_authcId = NULL;
- (*ri)->ri_srvtab = NULL;
(*ri)->ri_curr = NULL;
return 0;
diff --git a/servers/slurpd/rq.c b/servers/slurpd/rq.c
index 4110e3c95a95ecc495a06b8231f45d860a3cc2b1..46010e67571394bb29c15d0a2ab8396c4a0bd234 100644
--- a/servers/slurpd/rq.c
+++ b/servers/slurpd/rq.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slurpd/sanity.c b/servers/slurpd/sanity.c
index 5539dc392adec0c7cd86c8f8276f6c8d1e131bca..56d1ed3d6704ef1195a75c511db73288f5340eff 100644
--- a/servers/slurpd/sanity.c
+++ b/servers/slurpd/sanity.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/servers/slurpd/slurp.h b/servers/slurpd/slurp.h
index 6589e3cc79e68793b16bae98ec3e9ea9726223e2..9a125c63f71f80a2ffeeb7399c8c20bd6c1825d6 100644
--- a/servers/slurpd/slurp.h
+++ b/servers/slurpd/slurp.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -156,14 +156,12 @@
#define SUFFIXSTR "suffix"
#define BINDDNSTR "binddn"
#define BINDMETHSTR "bindmethod"
-#define KERBEROSSTR "kerberos"
#define SIMPLESTR "simple"
#define SASLSTR "sasl"
#define CREDSTR "credentials"
#define OLDAUTHCSTR "bindprincipal"
#define AUTHCSTR "authcID"
#define AUTHZSTR "authzID"
-#define SRVTABSTR "srvtab"
#define SASLMECHSTR "saslmech"
#define REALMSTR "realm"
#define SECPROPSSTR "secprops"
@@ -179,7 +177,6 @@
#define BIND_ERR_OPEN 2
#define BIND_ERR_BAD_ATYPE 3
#define BIND_ERR_SIMPLE_FAILED 4
-#define BIND_ERR_KERBEROS_FAILED 5
#define BIND_ERR_BADRI 6
#define BIND_ERR_VERSION 7
#define BIND_ERR_REFERRALS 8
@@ -241,14 +238,13 @@ struct ri {
char *ri_uri; /* e.g. "ldaps://ldap-1.example.com:636" */
LDAP *ri_ldp; /* LDAP struct for this replica */
int ri_tls; /* TLS: 0=no, 1=yes, 2=critical */
- int ri_bind_method; /* AUTH_SIMPLE or AUTH_KERBEROS */
+ int ri_bind_method; /* AUTH_SIMPLE or AUTH_SASL */
char *ri_bind_dn; /* DN to bind as when replicating */
char *ri_password; /* Password for any method */
char *ri_secprops; /* SASL security properties */
char *ri_realm; /* realm for any mechanism */
char *ri_authcId; /* authentication ID for any mechanism */
char *ri_authzId; /* authorization ID for any mechanism */
- char *ri_srvtab; /* srvtab file for kerberos bind */
char *ri_saslmech; /* SASL mechanism to use */
struct re *ri_curr; /* current repl entry being processed */
struct stel *ri_stel; /* pointer to Stel for this replica */
diff --git a/servers/slurpd/st.c b/servers/slurpd/st.c
index d355ce68a554e0f1f8bafd994a29f8b8ed446e40..609766e20454dff0f435fc2cd856a87b6a856f0d 100644
--- a/servers/slurpd/st.c
+++ b/servers/slurpd/st.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/tests/Makefile.in b/tests/Makefile.in
index 59575f5fa4b4dca2600af0fdad126c38e97fc4d0..c4c385e02c2a61b14fe27a667e8f8fe91718674d 100644
--- a/tests/Makefile.in
+++ b/tests/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/ditcontentrules.conf b/tests/data/ditcontentrules.conf
index a8643704ae21d8824e3448f71da1d2525453b86b..3e897c17172003ee63a6b6f03cf65b8bd28d6403 100644
--- a/tests/data/ditcontentrules.conf
+++ b/tests/data/ditcontentrules.conf
@@ -1,7 +1,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/meta.out b/tests/data/meta.out
index 4826865aa71d075cdf188ce3e1c9de9b8e2809a1..2b0930a5e3e3ea80041c424c74ac6cdf89fddcac 100644
--- a/tests/data/meta.out
+++ b/tests/data/meta.out
@@ -1442,3 +1442,5 @@ member: cn=Another Added Group,ou=Groups,o=Example,c=US
# refldap://localhost:9016/cn=Somewhere,ou=Meta,dc=example,dc=com??sub
+# Checking server-enforced size limit...
+# Checking client-requested size limit...
diff --git a/tests/data/regressions/its4184/its4184 b/tests/data/regressions/its4184/its4184
index 901db13a3f5fe2871773d608a46f9504abb703a0..76f108cf8c793858ec86aec508da03887b6e0bbe 100755
--- a/tests/data/regressions/its4184/its4184
+++ b/tests/data/regressions/its4184/its4184
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/regressions/its4326/its4326 b/tests/data/regressions/its4326/its4326
index 906945cc1635a2de5bd79fc4a2c2b7ace66e6e87..09dc41a0c541faf8873b7dd6316eb42a7951585f 100755
--- a/tests/data/regressions/its4326/its4326
+++ b/tests/data/regressions/its4326/its4326
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/regressions/its4326/slapd.conf b/tests/data/regressions/its4326/slapd.conf
index fd024c77dd5ef2da7f94a91bbcd17216190596a4..43fa7e3fe54c297d82da91de807b1aa44048229f 100644
--- a/tests/data/regressions/its4326/slapd.conf
+++ b/tests/data/regressions/its4326/slapd.conf
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/regressions/its4336/its4336 b/tests/data/regressions/its4336/its4336
index ac59673be9fd307e7f3370a87b32fe08073fad88..da4d61d7d18fb16d2fa005a5874dcc5d30c562bb 100755
--- a/tests/data/regressions/its4336/its4336
+++ b/tests/data/regressions/its4336/its4336
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/regressions/its4336/slapd.conf b/tests/data/regressions/its4336/slapd.conf
index 412f48234edc41f93873fd1cfae6c89166045722..6f8de6e0b970582b84069c702406d2297c69325e 100644
--- a/tests/data/regressions/its4336/slapd.conf
+++ b/tests/data/regressions/its4336/slapd.conf
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/regressions/its4337/its4337 b/tests/data/regressions/its4337/its4337
index e14f1f8858034b6c7fab059bd88c416263c369d4..1bdf2788aec3b8b12bc20604d8d8f5ef438e7f40 100755
--- a/tests/data/regressions/its4337/its4337
+++ b/tests/data/regressions/its4337/its4337
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/regressions/its4337/slapd.conf b/tests/data/regressions/its4337/slapd.conf
index ac105044ad8fcd20e409678d1df0bebf800152ba..27b8756554b0aa526f9c04a1d8b4a6bfcc205f04 100644
--- a/tests/data/regressions/its4337/slapd.conf
+++ b/tests/data/regressions/its4337/slapd.conf
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/regressions/its4448/its4448 b/tests/data/regressions/its4448/its4448
index 7334df9abe2c38f7290b04ced671d8e56045d039..6093b065b857996013be3f6a393b76bedd5f6c59 100755
--- a/tests/data/regressions/its4448/its4448
+++ b/tests/data/regressions/its4448/its4448
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/regressions/its4448/slapd-meta.conf b/tests/data/regressions/its4448/slapd-meta.conf
index 66a0e9062a49664664adc342b6ba405144c97418..e962595e984701ca1031963313c1ab2c6d51282f 100644
--- a/tests/data/regressions/its4448/slapd-meta.conf
+++ b/tests/data/regressions/its4448/slapd-meta.conf
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/retcode.conf b/tests/data/retcode.conf
index 683452fe16e065f50b0541efb24703eccf429ad5..b63cb8e7e786b6ec03e9d146d31dd3fc7fe40f90 100644
--- a/tests/data/retcode.conf
+++ b/tests/data/retcode.conf
@@ -2,7 +2,7 @@
# $Header$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-aci.conf b/tests/data/slapd-aci.conf
index ce03d157d2e0f91189512fd75f57b78cde481e35..792a1605cda7d1aa833d3ff1b668e3ad0d444152 100644
--- a/tests/data/slapd-aci.conf
+++ b/tests/data/slapd-aci.conf
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-acl.conf b/tests/data/slapd-acl.conf
index a168e5cd5ec647ff12ce4eab64fcd44e5c6ebbd4..183ce16b1eb4c261ee03ebb99f2b9c01a397d2a7 100644
--- a/tests/data/slapd-acl.conf
+++ b/tests/data/slapd-acl.conf
@@ -3,7 +3,7 @@
kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-cache-master.conf b/tests/data/slapd-cache-master.conf
index 26857a43793f911b3377d719edf6e40fcc34a514..724acca1e7000b3573406ff709a302da8b18e9a2 100644
--- a/tests/data/slapd-cache-master.conf
+++ b/tests/data/slapd-cache-master.conf
@@ -3,7 +3,7 @@
22:05:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-chain1.conf b/tests/data/slapd-chain1.conf
index d14bb3e0c886216777f27de16e73ae48eb7b9749..731a6e6ab9b0c23d377b04609898499fe0a8c4e4 100644
--- a/tests/data/slapd-chain1.conf
+++ b/tests/data/slapd-chain1.conf
@@ -3,7 +3,7 @@
kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-chain2.conf b/tests/data/slapd-chain2.conf
index fcabfb97b938f2bba7b35ea38cad3f63182a0b3d..b4fc03228af255df958082b7bd277e2161b09194 100644
--- a/tests/data/slapd-chain2.conf
+++ b/tests/data/slapd-chain2.conf
@@ -3,7 +3,7 @@
kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-component.conf b/tests/data/slapd-component.conf
index 3bb2bc93b1c97b1f0abb674e9710b9c9e50e5917..8c191a53616ecb36ac677e414869eefd3f3482bb 100644
--- a/tests/data/slapd-component.conf
+++ b/tests/data/slapd-component.conf
@@ -3,7 +3,7 @@
:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-config-undo.conf b/tests/data/slapd-config-undo.conf
new file mode 100644
index 0000000000000000000000000000000000000000..d3013c3328e15cbf81c1d15f326850034bbcabd7
--- /dev/null
+++ b/tests/data/slapd-config-undo.conf
@@ -0,0 +1,23 @@
+include @SCHEMADIR@/core.schema
+
+#mod#modulepath ../servers/slapd/back-@BACKEND@/
+#mod#moduleload back_@BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+database @BACKEND@
+suffix "o=undo"
+directory @TESTDIR@/db.1.a
+rootdn "cn=Manager,o=undo"
+rootpw secret
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
+
+#monitor#database monitor
+
+database config
+include "configpw.conf"
diff --git a/tests/data/slapd-dds.conf b/tests/data/slapd-dds.conf
index 275d2537a4029f87a488f0d9e927e4d006201def..3fe61a889a2ddbe5a1c3b6884c8048ef03429d6b 100644
--- a/tests/data/slapd-dds.conf
+++ b/tests/data/slapd-dds.conf
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 2005-2006 The OpenLDAP Foundation.
+## Copyright 2005-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-deltasync-master.conf b/tests/data/slapd-deltasync-master.conf
index 549799702c9b2a2573caa425da2b834c4f69c000..23c0c4846042112e1682c88028234b57e868dbe8 100644
--- a/tests/data/slapd-deltasync-master.conf
+++ b/tests/data/slapd-deltasync-master.conf
@@ -3,7 +3,7 @@
15 22:05:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
@@ -65,6 +65,9 @@ rootpw secret
#hdb#index entryUUID,entryCSN eq
#ldbm#index objectClass eq
#ldbm#index cn,sn,uid pres,eq,sub
+access to *
+ by users write
+ by * read
overlay syncprov
#syncprov-sessionlog 100
diff --git a/tests/data/slapd-deltasync-slave.conf b/tests/data/slapd-deltasync-slave.conf
index e4608b33ffe4fdc5ee18be6c07b8fe23b1471d6b..8f363f118f96809d47c2238fbdb6aefb7142632c 100644
--- a/tests/data/slapd-deltasync-slave.conf
+++ b/tests/data/slapd-deltasync-slave.conf
@@ -3,7 +3,7 @@
2003/12/15 22:05:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-dn.conf b/tests/data/slapd-dn.conf
index 9119c3b88a6b6e1f8697a6ece1cd57ff62881ab2..81a387c9391c407ae6106ee3249286cc79a9edb6 100644
--- a/tests/data/slapd-dn.conf
+++ b/tests/data/slapd-dn.conf
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 2004-2006 The OpenLDAP Foundation.
+## Copyright 2004-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-dnssrv.conf b/tests/data/slapd-dnssrv.conf
index 91ea0d3796e4727e41b6bf12e73612fa1522b21f..f8e77c309a2251669ce776a86921ae124ef8e84d 100644
--- a/tests/data/slapd-dnssrv.conf
+++ b/tests/data/slapd-dnssrv.conf
@@ -3,7 +3,7 @@
:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-dynamic.ldif b/tests/data/slapd-dynamic.ldif
new file mode 100644
index 0000000000000000000000000000000000000000..fe86edcac648f878e7ac9b7469ad942347f80907
--- /dev/null
+++ b/tests/data/slapd-dynamic.ldif
@@ -0,0 +1,8 @@
+dn: cn=config
+objectClass: olcGlobal
+cn: config
+
+dn: olcDatabase={0}config,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: {0}config
+olcRootPW:< file:configpw
diff --git a/tests/data/slapd-dynlist.conf b/tests/data/slapd-dynlist.conf
index cbe30703361def8dc4ada939d179a5c6c60daf72..1584074eebd375201cbe08c0882805b26536f9d8 100644
--- a/tests/data/slapd-dynlist.conf
+++ b/tests/data/slapd-dynlist.conf
@@ -1,7 +1,7 @@
# stand-alone slapd config -- for testing (with indexing)
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-emptydn.conf b/tests/data/slapd-emptydn.conf
index 36cb28f3020e43c0156b7a0f93469c7ce4cbbdeb..5ee7b7917d6083da9eee3df17a09cb0d32f11853 100644
--- a/tests/data/slapd-emptydn.conf
+++ b/tests/data/slapd-emptydn.conf
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 2004-2006 The OpenLDAP Foundation.
+## Copyright 2004-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-glue-ldap.conf b/tests/data/slapd-glue-ldap.conf
index ba5222096a99760ab1f64c5304a1e211d5baf34c..504a11011cfbc3855835b61cd1658c62fa37e833 100644
--- a/tests/data/slapd-glue-ldap.conf
+++ b/tests/data/slapd-glue-ldap.conf
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-glue-syncrepl1.conf b/tests/data/slapd-glue-syncrepl1.conf
index 46ad831e4fed4fa08600bd0ab337adb81603ec33..6748d8b6c1d7fda087ccb8f164090ccf0e525dee 100644
--- a/tests/data/slapd-glue-syncrepl1.conf
+++ b/tests/data/slapd-glue-syncrepl1.conf
@@ -3,7 +3,7 @@
kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-glue-syncrepl2.conf b/tests/data/slapd-glue-syncrepl2.conf
index 3877e000f6721179cf82a30a0fcd5830b049b06c..e84ac49add6d76e2d13e581964376926039aa8bf 100644
--- a/tests/data/slapd-glue-syncrepl2.conf
+++ b/tests/data/slapd-glue-syncrepl2.conf
@@ -3,7 +3,7 @@
kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-glue.conf b/tests/data/slapd-glue.conf
index e5e8514367f03fc673cd4d9fdf44c95d22bf88a9..9cac035bea16037c5471c2d02488bd827ee74117 100644
--- a/tests/data/slapd-glue.conf
+++ b/tests/data/slapd-glue.conf
@@ -3,7 +3,7 @@
kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-idassert.conf b/tests/data/slapd-idassert.conf
index 26d8884e96b592d2e19130ca5f2ebba1a3cae3f5..101e053ddf46ef417e6aac91e5905f4e9b94327a 100644
--- a/tests/data/slapd-idassert.conf
+++ b/tests/data/slapd-idassert.conf
@@ -3,7 +3,7 @@
kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-ldapglue.conf b/tests/data/slapd-ldapglue.conf
index c05a0a317f8f78a6e01c956806f3c21c1f3c6d60..2ec9f7b89f8d13aa64ceafabbc8023f5ccf0813e 100644
--- a/tests/data/slapd-ldapglue.conf
+++ b/tests/data/slapd-ldapglue.conf
@@ -3,7 +3,7 @@
kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-ldapgluegroups.conf b/tests/data/slapd-ldapgluegroups.conf
index a44d7aabb11b3a49f1a6ef39a52d090a45ea0999..5df507614b76443e8287d32185774e378351deaf 100644
--- a/tests/data/slapd-ldapgluegroups.conf
+++ b/tests/data/slapd-ldapgluegroups.conf
@@ -3,7 +3,7 @@
kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-ldapgluepeople.conf b/tests/data/slapd-ldapgluepeople.conf
index 92c8488e0d6c3a7bc9bd8b517b1c55f906f2aade..bd9d199f112449df240ca1aa0c38c89f2e7d3ecb 100644
--- a/tests/data/slapd-ldapgluepeople.conf
+++ b/tests/data/slapd-ldapgluepeople.conf
@@ -3,7 +3,7 @@
kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-limits.conf b/tests/data/slapd-limits.conf
index ab38aa8c83b303682d8eaf5e43520de70959d0e3..cdf8dddf61e4d66fc873374e411846dcc9b6f7c4 100644
--- a/tests/data/slapd-limits.conf
+++ b/tests/data/slapd-limits.conf
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-master.conf b/tests/data/slapd-master.conf
index 47e5d207456f1b7da6e03982aa11ba490fbb13b8..300e64eeb3e8b9042b9c287c71284f75e9c3c9a2 100644
--- a/tests/data/slapd-master.conf
+++ b/tests/data/slapd-master.conf
@@ -3,7 +3,7 @@
:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-meta.conf b/tests/data/slapd-meta.conf
index 11f6f4245d1548361d34f8897eaf12316e2e3bbc..60b15fedfcebc563fc7acc6ebbef8456a4223cea 100644
--- a/tests/data/slapd-meta.conf
+++ b/tests/data/slapd-meta.conf
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-meta2.conf b/tests/data/slapd-meta2.conf
index f803bb2aa54f71159a14aabcb58cc1abda4a8a03..45bd83da31805d05e8cb96551a48a0c0bd559981 100644
--- a/tests/data/slapd-meta2.conf
+++ b/tests/data/slapd-meta2.conf
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-nis-master.conf b/tests/data/slapd-nis-master.conf
index da55398ca6c679dddc2497d15ca8e314cf4fe7da..851da283742d1a25d74b35d2eb2cabb3d6420b51 100644
--- a/tests/data/slapd-nis-master.conf
+++ b/tests/data/slapd-nis-master.conf
@@ -3,7 +3,7 @@
2:05:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-passwd.conf b/tests/data/slapd-passwd.conf
index 18978751a8c520172068452059f7e4089521aba1..c5ecc9ba295d98e5f7331e20e06cb249b3b83378 100644
--- a/tests/data/slapd-passwd.conf
+++ b/tests/data/slapd-passwd.conf
@@ -3,7 +3,7 @@
:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-ppolicy.conf b/tests/data/slapd-ppolicy.conf
index a87d5803be41189a69862a0eabecd045bba167ac..5f6aab942c3fe5d3b5cf3ecbf90be5758360442f 100644
--- a/tests/data/slapd-ppolicy.conf
+++ b/tests/data/slapd-ppolicy.conf
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-proxycache.conf b/tests/data/slapd-proxycache.conf
index 15e3f5c9595d0e8b5a3dbe95b33a6a4eeaa60d95..ceafcfc585d1b9ce3eee83af8fadcd7fdb07124d 100644
--- a/tests/data/slapd-proxycache.conf
+++ b/tests/data/slapd-proxycache.conf
@@ -3,7 +3,7 @@
:05:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-pw.conf b/tests/data/slapd-pw.conf
index d56bdcb42112788376d2fe25479c2ff6d7cf2611..3b3d28605f7b3359b46f240f937990d76a8cb9cd 100644
--- a/tests/data/slapd-pw.conf
+++ b/tests/data/slapd-pw.conf
@@ -3,7 +3,7 @@
kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-ref-slave.conf b/tests/data/slapd-ref-slave.conf
index 0e71e0d431175c537458738917d234ea2df5d6f7..86a96ba9f2fa27c7876d3aaddc0ec87e9bf6242c 100644
--- a/tests/data/slapd-ref-slave.conf
+++ b/tests/data/slapd-ref-slave.conf
@@ -3,7 +3,7 @@
:05:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-referrals.conf b/tests/data/slapd-referrals.conf
index b450a81e1f4371faeaef775b999b679598fd023b..83b010115a75bece2ff6368f927857013f9ae40e 100644
--- a/tests/data/slapd-referrals.conf
+++ b/tests/data/slapd-referrals.conf
@@ -3,7 +3,7 @@
05:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-refint.conf b/tests/data/slapd-refint.conf
index 59a3d969b068476bce838ce57756850a1095c775..be919c529efb0d736840aa660c08ff95d49c0226 100644
--- a/tests/data/slapd-refint.conf
+++ b/tests/data/slapd-refint.conf
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 2004-2006 The OpenLDAP Foundation.
+## Copyright 2004-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-relay.conf b/tests/data/slapd-relay.conf
index 1589f2408cbd83b93abb18c173b76551b891b9c2..a4375def3c6fdd69339499b972718e7612b0fce1 100644
--- a/tests/data/slapd-relay.conf
+++ b/tests/data/slapd-relay.conf
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-repl-master.conf b/tests/data/slapd-repl-master.conf
index a6fbdd611ec886bd3393663235c76a6689538ada..b77357b1e7d658ee51861ce30ecfee6f16bd0339 100644
--- a/tests/data/slapd-repl-master.conf
+++ b/tests/data/slapd-repl-master.conf
@@ -3,7 +3,7 @@
22:05:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-repl-slave-remote.conf b/tests/data/slapd-repl-slave-remote.conf
index 68f9944032ca13a8aab61e35792bd117731d746a..72838619543e970c7cac455612d110df9f3818f2 100644
--- a/tests/data/slapd-repl-slave-remote.conf
+++ b/tests/data/slapd-repl-slave-remote.conf
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-repl-slave.conf b/tests/data/slapd-repl-slave.conf
index a68d12b80a2474cf8b7e5a068312d59c84addc55..0ae0f5f3619a8bc2af67cc7ded982147461f951d 100644
--- a/tests/data/slapd-repl-slave.conf
+++ b/tests/data/slapd-repl-slave.conf
@@ -3,7 +3,7 @@
2:05:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-retcode.conf b/tests/data/slapd-retcode.conf
index 94828ed69b0eb2e53e47884ba95466bc53fffa80..a9984009cee57e3454a52b3df214c0065e21bfb1 100644
--- a/tests/data/slapd-retcode.conf
+++ b/tests/data/slapd-retcode.conf
@@ -2,7 +2,7 @@
# $Header$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
@@ -51,4 +51,9 @@ overlay retcode
retcode-parent "ou=RetCodes,dc=example,dc=com"
include @DATADIR@/retcode.conf
+retcode-item "cn=Unsolicited" 0x00 unsolicited="0"
+retcode-item "cn=Notice of Disconnect" 0x00 unsolicited="1.3.6.1.4.1.1466.20036"
+retcode-item "cn=Pre-disconnect" 0x34 flags="pre-disconnect"
+retcode-item "cn=Post-disconnect" 0x34 flags="post-disconnect"
+
#monitor#database monitor
diff --git a/tests/data/slapd-schema.conf b/tests/data/slapd-schema.conf
index b017b1af40f84fa7497a2503258c0581990936ba..341ea1910b488a052b6a58751302173d19b8ec04 100644
--- a/tests/data/slapd-schema.conf
+++ b/tests/data/slapd-schema.conf
@@ -3,7 +3,7 @@
:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-sql-syncrepl-master.conf b/tests/data/slapd-sql-syncrepl-master.conf
index 5a0e8243936587740c12d49b6f0d6d6f6d05816b..4952f7d10ff5698b849a7ba94c4ac08df676db9c 100644
--- a/tests/data/slapd-sql-syncrepl-master.conf
+++ b/tests/data/slapd-sql-syncrepl-master.conf
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-sql.conf b/tests/data/slapd-sql.conf
index b9fe61c53a9e08439cc31b8edb6c9cbabdeb7bd9..bf513bc0ebb2845f14520f41cbc6ec5d38c348e1 100644
--- a/tests/data/slapd-sql.conf
+++ b/tests/data/slapd-sql.conf
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-syncrepl-master.conf b/tests/data/slapd-syncrepl-master.conf
index 03558d63d7441ff6a3a15fcd56e65398e604bf12..c2a34ef617cfce1318fe474b3cfb5b0e3285ece4 100644
--- a/tests/data/slapd-syncrepl-master.conf
+++ b/tests/data/slapd-syncrepl-master.conf
@@ -3,7 +3,7 @@
15 22:05:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-syncrepl-multiproxy.conf b/tests/data/slapd-syncrepl-multiproxy.conf
index 547f8e2dc1d5ec6c00ee87e948b005b71ecd69f8..d0b1486d2a2513054ce8968779aa11bb088ad998 100644
--- a/tests/data/slapd-syncrepl-multiproxy.conf
+++ b/tests/data/slapd-syncrepl-multiproxy.conf
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-syncrepl-slave-persist-ldap.conf b/tests/data/slapd-syncrepl-slave-persist-ldap.conf
index 43207eeb51815d9b583ae04bc4ec5ba5fbd4c3fd..eeb96191f974fac2b3a7e8eadeddc56853f70b6d 100644
--- a/tests/data/slapd-syncrepl-slave-persist-ldap.conf
+++ b/tests/data/slapd-syncrepl-slave-persist-ldap.conf
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-syncrepl-slave-persist1.conf b/tests/data/slapd-syncrepl-slave-persist1.conf
index d7aaaa28f3310f7d3e78f484b307cb76cb585307..5e6ac0590c627ba977cb1a33c8683d2bf9f233c5 100644
--- a/tests/data/slapd-syncrepl-slave-persist1.conf
+++ b/tests/data/slapd-syncrepl-slave-persist1.conf
@@ -3,7 +3,7 @@
2003/12/15 22:05:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
@@ -67,6 +67,7 @@ syncrepl rid=1
schemachecking=off
scope=sub
type=refreshAndPersist
+ retry="5 5 300 5"
updateref @URI1@
overlay syncprov
diff --git a/tests/data/slapd-syncrepl-slave-persist3.conf b/tests/data/slapd-syncrepl-slave-persist3.conf
index fca619b058ea47f27b99b2e980455a9ee19c0d23..0aa36885510a665f4aef944616cb955d81897c2c 100644
--- a/tests/data/slapd-syncrepl-slave-persist3.conf
+++ b/tests/data/slapd-syncrepl-slave-persist3.conf
@@ -3,7 +3,7 @@
2003/12/15 22:05:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-syncrepl-slave-refresh1.conf b/tests/data/slapd-syncrepl-slave-refresh1.conf
index ec94559d10554b9f35a3e3ec0c1727ec0b7260f3..3be2b74ea4dc636cc2dc610628cbfa792a582e98 100644
--- a/tests/data/slapd-syncrepl-slave-refresh1.conf
+++ b/tests/data/slapd-syncrepl-slave-refresh1.conf
@@ -3,7 +3,7 @@
2003/12/15 22:05:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
@@ -57,7 +57,6 @@ syncrepl rid=1
credentials=secret
searchbase="dc=example,dc=com"
filter="(objectClass=*)"
- attrs="*"
schemachecking=off
scope=sub
type=refreshOnly
diff --git a/tests/data/slapd-syncrepl-slave-refresh2.conf b/tests/data/slapd-syncrepl-slave-refresh2.conf
index 3ee6b0e970e60328399581d3570d86ec57f8a90f..a5edc4f0bd6900b3c516a3ff60740b5c09384c31 100644
--- a/tests/data/slapd-syncrepl-slave-refresh2.conf
+++ b/tests/data/slapd-syncrepl-slave-refresh2.conf
@@ -3,7 +3,7 @@
2003/12/15 22:05:29 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-translucent-local.conf b/tests/data/slapd-translucent-local.conf
index 33bbcfd34a5be1f35de52f6d8b2c5c83dce221a9..df59b2313e3af368c4c8bd9a63f881bafde6cea4 100644
--- a/tests/data/slapd-translucent-local.conf
+++ b/tests/data/slapd-translucent-local.conf
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 2004-2006 The OpenLDAP Foundation.
+## Copyright 2004-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-translucent-remote.conf b/tests/data/slapd-translucent-remote.conf
index ffc3ae56abe1a5ef952492e8cc4db967bf073884..f331d05d92290e155be3786243129b0df5b31ac9 100644
--- a/tests/data/slapd-translucent-remote.conf
+++ b/tests/data/slapd-translucent-remote.conf
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 2004-2006 The OpenLDAP Foundation.
+## Copyright 2004-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-unique.conf b/tests/data/slapd-unique.conf
index 88387fb2eabc275a1bda482aac495c408f198570..1a12ffba63a7ac6ca8c75c53b94e78579dc8f4ee 100644
--- a/tests/data/slapd-unique.conf
+++ b/tests/data/slapd-unique.conf
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 2004-2006 The OpenLDAP Foundation.
+## Copyright 2004-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-valsort.conf b/tests/data/slapd-valsort.conf
index 52c556dc9d7b14aec30882a376741aa8f568d5dc..468e959b56c11e2d3999ecb3aed3394b72854fa1 100644
--- a/tests/data/slapd-valsort.conf
+++ b/tests/data/slapd-valsort.conf
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 2004-2006 The OpenLDAP Foundation.
+## Copyright 2004-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd-whoami.conf b/tests/data/slapd-whoami.conf
index 89ae3b41029b5b3db9900a341045e71bc6449912..c269008052ff3a54edc9cfcdc14031b627e2df00 100644
--- a/tests/data/slapd-whoami.conf
+++ b/tests/data/slapd-whoami.conf
@@ -3,7 +3,7 @@
kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd.conf b/tests/data/slapd.conf
index 84b8a44fd61a37a50dce811dd97aa833248f7470..b4e461fb60515f8e9eef682b165672edcc47a5ac 100644
--- a/tests/data/slapd.conf
+++ b/tests/data/slapd.conf
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/slapd2.conf b/tests/data/slapd2.conf
index 912cc1531c85cb33937916c63f8f4b359c6ade4d..acdfab13564e9b1de0964a8f4fbb6f648b8be54a 100644
--- a/tests/data/slapd2.conf
+++ b/tests/data/slapd2.conf
@@ -3,7 +3,7 @@
t Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/data/test-translucent-data.ldif b/tests/data/test-translucent-data.ldif
index ee32cbbc74bf9f0320d13ca81da1a2f069eb05b8..2def65c835bfe6538894175017188cc45bc5b08f 100644
--- a/tests/data/test-translucent-data.ldif
+++ b/tests/data/test-translucent-data.ldif
@@ -5,6 +5,7 @@ uid: danger
sn: warning
cn: danger
businessCategory: backend-opaque
+initials: dw
carLicense: BACK
departmentNumber: 7341
displayName: Warning
diff --git a/tests/data/test-translucent-merged.ldif b/tests/data/test-translucent-merged.ldif
index 5bb54ec31ab4671fd637b1425e20dea4a95df339..583734a3a3e2213cfb0ec7c07d34ac001ab8c05c 100644
--- a/tests/data/test-translucent-merged.ldif
+++ b/tests/data/test-translucent-merged.ldif
@@ -4,6 +4,7 @@ uid: danger
sn: danger
cn: henry
businessCategory: frontend-override
+initials: dw
carLicense: LIVID
departmentNumber: 9999999
displayName: Warning
diff --git a/tests/data/test-whoami.ldif b/tests/data/test-whoami.ldif
index 189b6cad31e02ca370c501b74e3d68a533f6451b..6a70ab42a8f60b272ab511860f29e986449e47c9 100644
--- a/tests/data/test-whoami.ldif
+++ b/tests/data/test-whoami.ldif
@@ -254,7 +254,8 @@ telephonenumber: +1 313 555 0355
authzFrom: dn.exact:cn=Barbara Jensen,ou=Information Technology Division,ou=Pe
ople,dc=example,dc=com
authzFrom: u:melliot
-authzFrom: ldap:///ou=People,dc=example,dc=com??sub?cn=Jane Doe
+authzFrom: ldap:///ou=People,dc=example,dc=com??sub?(|(cn=Jane Doe)
+ (cn=Jennifer Smith))
authzFrom: group/groupOfUniqueNames/uniqueMember:cn=ITD Staff,ou=Groups,dc=exa
mple,dc=com
authzFrom: dn.onelevel:ou=Information Technology Division,ou=People,dc=example,dc=com
diff --git a/tests/data/test.schema b/tests/data/test.schema
index d37108848e49b9bc1f1fa77138bb30f28e43d62e..54e08302cf1c6c15aa738d0d51c8cc3d58c1c8c7 100644
--- a/tests/data/test.schema
+++ b/tests/data/test.schema
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/progs/Makefile.in b/tests/progs/Makefile.in
index 3832f84c4325e7a600ebad147015e3ad66adca28..a3c12c41b82d75305909fec5172db55a6de139a5 100644
--- a/tests/progs/Makefile.in
+++ b/tests/progs/Makefile.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/progs/slapd-addel.c b/tests/progs/slapd-addel.c
index 5e9fd13e31e1d094443de83eb623314748a3b1d9..a51e5aca0be56a00d70c3943323b210389ed9aa4 100644
--- a/tests/progs/slapd-addel.c
+++ b/tests/progs/slapd-addel.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -87,8 +87,9 @@ main( int argc, char **argv )
tester_init( "slapd-addel", TESTER_ADDEL );
- while ( (i = getopt( argc, argv, "CFH:h:p:D:w:f:l:L:r:t:" )) != EOF ) {
- switch( i ) {
+ while ( ( i = getopt( argc, argv, "CD:Ff:H:h:i:L:l:p:r:t:w:" ) ) != EOF )
+ {
+ switch ( i ) {
case 'C':
chaserefs++;
break;
@@ -320,7 +321,6 @@ do_addel(
{
LDAP *ld = NULL;
int i = 0, do_retry = maxretries;
- pid_t pid = getpid();
int rc = LDAP_SUCCESS;
int version = LDAP_VERSION3;
diff --git a/tests/progs/slapd-bind.c b/tests/progs/slapd-bind.c
index 11db20b1b50cc4606455222b3a44f1d38d410004..21642137a0e978a7667183a041212d88fddddc91 100644
--- a/tests/progs/slapd-bind.c
+++ b/tests/progs/slapd-bind.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -35,6 +35,7 @@
#include <ldap.h>
#include <lutil.h>
#include <lber_pvt.h>
+#include <ldap_pvt.h>
#include "slapd-common.h"
@@ -42,11 +43,13 @@
static int
do_bind( char *uri, char *dn, struct berval *pass, int maxloop,
- int force, int chaserefs, int noinit, LDAP **ldp );
+ int force, int chaserefs, int noinit, LDAP **ldp,
+ int action_type, void *action );
static int
do_base( char *uri, char *dn, struct berval *pass, char *base, char *filter, char *pwattr,
- int maxloop, int force, int chaserefs, int noinit, int delay );
+ int maxloop, int force, int chaserefs, int noinit, int delay,
+ int action_type, void *action );
/* This program can be invoked two ways: if -D is used to specify a Bind DN,
* that DN will be used repeatedly for all of the Binds. If instead -b is used
@@ -56,14 +59,20 @@ do_base( char *uri, char *dn, struct berval *pass, char *base, char *filter, cha
* assumed that the users are all onelevel children of the base.
*/
static void
-usage( char *name )
+usage( char *name, char opt )
{
+ if ( opt ) {
+ fprintf( stderr, "%s: unable to handle option \'%c\'\n\n",
+ name, opt );
+ }
+
fprintf( stderr, "usage: %s "
"[-H uri | -h <host> [-p port]] "
"[-D <dn> [-w <passwd>]] "
"[-b <baseDN> [-f <searchfilter>] [-a pwattr]] "
"[-l <loops>] "
"[-L <outerloops>] "
+ "[-B <extra>[,...]] "
"[-F] "
"[-C] "
"[-I] "
@@ -89,16 +98,31 @@ main( int argc, char **argv )
int outerloops = 1;
int force = 0;
int chaserefs = 0;
- int noinit = 0;
+ int noinit = 1;
int delay = 0;
+ /* extra action to do after bind... */
+ struct berval type[] = {
+ BER_BVC( "tester=" ),
+ BER_BVC( "add=" ),
+ BER_BVC( "bind=" ),
+ BER_BVC( "modify=" ),
+ BER_BVC( "modrdn=" ),
+ BER_BVC( "read=" ),
+ BER_BVC( "search=" ),
+ BER_BVNULL
+ };
+
+ LDAPURLDesc *extra_ludp = NULL;
+
tester_init( "slapd-bind", TESTER_BIND );
/* by default, tolerate invalid credentials */
tester_ignore_str2errlist( "INVALID_CREDENTIALS" );
- while ( (i = getopt( argc, argv, "a:b:H:h:i:p:D:w:l:L:f:FIt:" )) != EOF ) {
- switch( i ) {
+ while ( ( i = getopt( argc, argv, "a:B:b:D:Ff:H:h:Ii:L:l:p:t:w:" ) ) != EOF )
+ {
+ switch ( i ) {
case 'a':
pwattr = optarg;
break;
@@ -107,6 +131,48 @@ main( int argc, char **argv )
base = optarg;
break;
+ case 'B':
+ {
+ int c;
+
+ for ( c = 0; type[c].bv_val; c++ ) {
+ if ( strncasecmp( optarg, type[c].bv_val, type[c].bv_len ) == 0 )
+ {
+ break;
+ }
+ }
+
+ if ( type[c].bv_val == NULL ) {
+ usage( argv[0], 'B' );
+ }
+
+ switch ( c ) {
+ case TESTER_TESTER:
+ case TESTER_BIND:
+ /* invalid */
+ usage( argv[0], 'B' );
+
+ case TESTER_SEARCH:
+ {
+ if ( ldap_url_parse( &optarg[type[c].bv_len], &extra_ludp ) != LDAP_URL_SUCCESS )
+ {
+ usage( argv[0], 'B' );
+ }
+ } break;
+
+ case TESTER_ADDEL:
+ case TESTER_MODIFY:
+ case TESTER_MODRDN:
+ case TESTER_READ:
+ /* nothing to do */
+ break;
+
+ default:
+ assert( 0 );
+ }
+
+ } break;
+
case 'C':
chaserefs++;
break;
@@ -125,7 +191,7 @@ main( int argc, char **argv )
case 'p': /* the servers port */
if ( lutil_atoi( &port, optarg ) != 0 ) {
- usage( argv[0] );
+ usage( argv[0], 'p' );
}
break;
@@ -140,13 +206,13 @@ main( int argc, char **argv )
case 'l': /* the number of loops */
if ( lutil_atoi( &loops, optarg ) != 0 ) {
- usage( argv[0] );
+ usage( argv[0], 'l' );
}
break;
case 'L': /* the number of outerloops */
if ( lutil_atoi( &outerloops, optarg ) != 0 ) {
- usage( argv[0] );
+ usage( argv[0], 'L' );
}
break;
@@ -160,24 +226,24 @@ main( int argc, char **argv )
case 'I':
/* reuse connection */
- noinit++;
+ noinit = 0;
break;
case 't':
/* sleep between binds */
if ( lutil_atoi( &delay, optarg ) != 0 ) {
- usage( argv[0] );
+ usage( argv[0], 't' );
}
break;
default:
- usage( argv[0] );
+ usage( argv[0], i );
break;
}
}
if ( port == -1 && uri == NULL ) {
- usage( argv[0] );
+ usage( argv[0], '\0' );
}
uri = tester_uri( uri, host, port );
@@ -185,10 +251,10 @@ main( int argc, char **argv )
for ( i = 0; i < outerloops; i++ ) {
if ( base != NULL ) {
do_base( uri, dn, &pass, base, filter, pwattr, loops,
- force, chaserefs, noinit, delay );
+ force, chaserefs, noinit, delay, -1, NULL );
} else {
do_bind( uri, dn, &pass, loops,
- force, chaserefs, noinit, NULL );
+ force, chaserefs, noinit, NULL, -1, NULL );
}
}
@@ -198,15 +264,62 @@ main( int argc, char **argv )
static int
do_bind( char *uri, char *dn, struct berval *pass, int maxloop,
- int force, int chaserefs, int noinit, LDAP **ldp )
+ int force, int chaserefs, int noinit, LDAP **ldp,
+ int action_type, void *action )
{
LDAP *ld = ldp ? *ldp : NULL;
int i, rc = -1;
- pid_t pid = getpid();
- if ( maxloop > 1 )
+ /* for internal search */
+ int timelimit = 0;
+ int sizelimit = 0;
+
+ switch ( action_type ) {
+ case -1:
+ break;
+
+ case TESTER_SEARCH:
+ {
+ LDAPURLDesc *ludp = (LDAPURLDesc *)action;
+
+ assert( action != NULL );
+
+ if ( ludp->lud_exts != NULL ) {
+ for ( i = 0; ludp->lud_exts[ i ] != NULL; i++ ) {
+ char *ext = ludp->lud_exts[ i ];
+ int crit = 0;
+
+ if (ext[0] == '!') {
+ crit++;
+ ext++;
+ }
+
+ if ( strncasecmp( ext, "x-timelimit=", STRLENOF( "x-timelimit=" ) ) == 0 ) {
+ if ( lutil_atoi( &timelimit, &ext[ STRLENOF( "x-timelimit=" ) ] ) && crit ) {
+ tester_error( "unable to parse critical extension x-timelimit" );
+ }
+
+ } else if ( strncasecmp( ext, "x-sizelimit=", STRLENOF( "x-sizelimit=" ) ) == 0 ) {
+ if ( lutil_atoi( &sizelimit, &ext[ STRLENOF( "x-sizelimit=" ) ] ) && crit ) {
+ tester_error( "unable to parse critical extension x-sizelimit" );
+ }
+
+ } else if ( crit ) {
+ tester_error( "unknown critical extension" );
+ }
+ }
+ }
+ } break;
+
+ default:
+ /* nothing to do yet */
+ break;
+ }
+
+ if ( maxloop > 1 ) {
fprintf( stderr, "PID=%ld - Bind(%d): dn=\"%s\".\n",
(long) pid, maxloop, dn );
+ }
for ( i = 0; i < maxloop; i++ ) {
if ( !noinit || ld == NULL ) {
@@ -240,6 +353,35 @@ do_bind( char *uri, char *dn, struct berval *pass, int maxloop,
tester_ldap_error( ld, "ldap_sasl_bind_s", NULL );
}
}
+
+ switch ( action_type ) {
+ case -1:
+ break;
+
+ case TESTER_SEARCH:
+ {
+ LDAPURLDesc *ludp = (LDAPURLDesc *)action;
+ LDAPMessage *res = NULL;
+ struct timeval tv = { 0 }, *tvp = NULL;
+
+ if ( timelimit ) {
+ tv.tv_sec = timelimit;
+ tvp = &tv;
+ }
+
+ assert( action != NULL );
+
+ rc = ldap_search_ext_s( ld,
+ ludp->lud_dn, ludp->lud_scope,
+ ludp->lud_filter, ludp->lud_attrs, 0,
+ NULL, NULL, tvp, sizelimit, &res );
+ ldap_msgfree( res );
+ } break;
+
+ default:
+ /* nothing to do yet */
+ break;
+ }
if ( !noinit ) {
ldap_unbind_ext( ld, NULL, NULL );
@@ -268,11 +410,11 @@ do_bind( char *uri, char *dn, struct berval *pass, int maxloop,
static int
do_base( char *uri, char *dn, struct berval *pass, char *base, char *filter, char *pwattr,
- int maxloop, int force, int chaserefs, int noinit, int delay )
+ int maxloop, int force, int chaserefs, int noinit, int delay,
+ int action_type, void *action )
{
LDAP *ld = NULL;
int i = 0;
- pid_t pid = getpid();
int rc = LDAP_SUCCESS;
ber_int_t msgid;
LDAPMessage *res, *msg;
@@ -288,8 +430,6 @@ do_base( char *uri, char *dn, struct berval *pass, char *base, char *filter, cha
int version = LDAP_VERSION3;
char *nullstr = "";
- srand( pid );
-
ldap_initialize( &ld, uri );
if ( ld == NULL ) {
tester_perror( "ldap_initialize", NULL );
@@ -410,8 +550,8 @@ novals:;
cred = creds[j];
}
- if ( do_bind( uri, dns[j], &cred, 1, force, chaserefs, noinit, &ld )
- && !force )
+ if ( do_bind( uri, dns[j], &cred, 1, force, chaserefs, noinit, &ld,
+ action_type, action ) && !force )
{
break;
}
diff --git a/tests/progs/slapd-common.c b/tests/progs/slapd-common.c
index b68b3062280fd8d5fb1873b24a25c6a850a219b1..7a4df27bfc6f36cd7e29d1c9f4d55e74a897459e 100644
--- a/tests/progs/slapd-common.c
+++ b/tests/progs/slapd-common.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -31,6 +31,10 @@
#include "ldap_pvt.h"
#include "slapd-common.h"
+/* global vars */
+pid_t pid;
+
+/* static vars */
static char progname[ BUFSIZ ];
tester_t progtype;
@@ -208,7 +212,9 @@ tester_ignore_err( int err )
void
tester_init( const char *pname, tester_t ptype )
{
- snprintf( progname, sizeof( progname ), "%s PID=%d", pname, getpid() );
+ pid = getpid();
+ srand( pid );
+ snprintf( progname, sizeof( progname ), "%s PID=%d", pname, pid );
progtype = ptype;
}
diff --git a/tests/progs/slapd-common.h b/tests/progs/slapd-common.h
index e42e8080a655ebe6d7f64c1e451f95bec6b0db51..eda7f752a697cc5eb3c6c6f8eef38c9700249a25 100644
--- a/tests/progs/slapd-common.h
+++ b/tests/progs/slapd-common.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -27,7 +27,8 @@ typedef enum {
TESTER_MODIFY,
TESTER_MODRDN,
TESTER_READ,
- TESTER_SEARCH
+ TESTER_SEARCH,
+ TESTER_LAST
} tester_t;
extern void tester_init( const char *pname, tester_t ptype );
@@ -38,4 +39,6 @@ extern void tester_ldap_error( LDAP *ld, const char *fname, const char *msg );
extern int tester_ignore_str2errlist( const char *err );
extern unsigned tester_ignore_err( int err );
+extern pid_t pid;
+
#endif /* SLAPD_COMMON_H */
diff --git a/tests/progs/slapd-modify.c b/tests/progs/slapd-modify.c
index cb416d861180984e3df3edaac42d4dcb98a21454..ae639572db2d6ef0ddecbf059a14c9e499b852a2 100644
--- a/tests/progs/slapd-modify.c
+++ b/tests/progs/slapd-modify.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -81,7 +81,8 @@ main( int argc, char **argv )
tester_init( "slapd-modify", TESTER_MODIFY );
- while ( (i = getopt( argc, argv, "CFH:h:i:p:D:w:e:a:l:L:r:t:" )) != EOF ) {
+ while ( ( i = getopt( argc, argv, "a:CD:e:FH:h:i:L:l:p:r:t:w:" ) ) != EOF )
+ {
switch ( i ) {
case 'C':
chaserefs++;
@@ -200,7 +201,6 @@ do_modify( char *uri, char *manager,
{
LDAP *ld = NULL;
int i = 0, do_retry = maxretries;
- pid_t pid;
int rc = LDAP_SUCCESS;
struct ldapmod mod;
@@ -208,8 +208,6 @@ do_modify( char *uri, char *manager,
char *values[2];
int version = LDAP_VERSION3;
- pid = getpid();
-
values[0] = value;
values[1] = NULL;
mod.mod_op = LDAP_MOD_ADD;
diff --git a/tests/progs/slapd-modrdn.c b/tests/progs/slapd-modrdn.c
index f2e7ad82f3f53f4671138836d214ce8a5e86350d..d2646e4c2460f1ccf520edc058ae314d19a0ea9a 100644
--- a/tests/progs/slapd-modrdn.c
+++ b/tests/progs/slapd-modrdn.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -82,8 +82,9 @@ main( int argc, char **argv )
tester_init( "slapd-modrdn", TESTER_MODRDN );
- while ( (i = getopt( argc, argv, "CFH:h:i:p:D:w:e:l:L:r:t:" )) != EOF ) {
- switch( i ) {
+ while ( ( i = getopt( argc, argv, "CD:e:FH:h:i:L:l:p:r:t:w:" ) ) != EOF )
+ {
+ switch ( i ) {
case 'C':
chaserefs++;
break;
@@ -183,14 +184,12 @@ do_modrdn( char *uri, char *manager,
{
LDAP *ld = NULL;
int i = 0, do_retry = maxretries;
- pid_t pid;
char *DNs[2];
char *rdns[2];
int rc = LDAP_SUCCESS;
char *p1, *p2;
int version = LDAP_VERSION3;
- pid = getpid();
DNs[0] = entry;
DNs[1] = strdup( entry );
diff --git a/tests/progs/slapd-read.c b/tests/progs/slapd-read.c
index 0bc00d20a9d37e76a32e137a5f125561cc2a0e73..c938875ec4c0fb7814560f9b015242620df84e01 100644
--- a/tests/progs/slapd-read.c
+++ b/tests/progs/slapd-read.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -40,12 +40,12 @@
static void
do_read( char *uri, char *manager, struct berval *passwd,
- char *entry, LDAP **ld, int noattrs, int maxloop,
+ char *entry, LDAP **ld, int noattrs, int nobind, int maxloop,
int maxretries, int delay, int force, int chaserefs );
static void
do_random( char *uri, char *manager, struct berval *passwd,
- char *sbase, char *filter, int noattrs,
+ char *sbase, char *filter, int noattrs, int nobind,
int innerloop, int maxretries, int delay, int force, int chaserefs );
static void
@@ -60,6 +60,7 @@ usage( char *name )
"[-A] "
"[-C] "
"[-F] "
+ "[-N] "
"[-f filter] "
"[-i <ignore>] "
"[-l <loops>] "
@@ -88,14 +89,15 @@ main( int argc, char **argv )
int force = 0;
int chaserefs = 0;
int noattrs = 0;
+ int nobind = 0;
tester_init( "slapd-read", TESTER_READ );
/* by default, tolerate referrals and no such object */
tester_ignore_str2errlist( "REFERRAL,NO_SUCH_OBJECT" );
- while ( (i = getopt( argc, argv, "ACD:H:h:i:p:e:Ff:l:L:r:t:w:" )) != EOF ) {
- switch( i ) {
+ while ( (i = getopt( argc, argv, "ACD:e:Ff:H:h:i:L:l:p:r:t:w:" )) != EOF ) {
+ switch ( i ) {
case 'A':
noattrs++;
break;
@@ -116,6 +118,10 @@ main( int argc, char **argv )
tester_ignore_str2errlist( optarg );
break;
+ case 'N':
+ nobind++;
+ break;
+
case 'p': /* the servers port */
if ( lutil_atoi( &port, optarg ) != 0 ) {
usage( argv[0] );
@@ -188,11 +194,11 @@ main( int argc, char **argv )
for ( i = 0; i < outerloops; i++ ) {
if ( filter != NULL ) {
do_random( uri, manager, &passwd, entry, filter,
- noattrs, loops, retries, delay, force,
+ noattrs, nobind, loops, retries, delay, force,
chaserefs );
} else {
- do_read( uri, manager, &passwd, entry, NULL, noattrs,
+ do_read( uri, manager, &passwd, entry, NULL, noattrs, nobind,
loops, retries, delay, force, chaserefs );
}
}
@@ -202,21 +208,18 @@ main( int argc, char **argv )
static void
do_random( char *uri, char *manager, struct berval *passwd,
- char *sbase, char *filter, int noattrs,
+ char *sbase, char *filter, int noattrs, int nobind,
int innerloop, int maxretries, int delay, int force, int chaserefs )
{
LDAP *ld = NULL;
int i = 0, do_retry = maxretries;
char *attrs[ 2 ];
- pid_t pid = getpid();
int rc = LDAP_SUCCESS;
int version = LDAP_VERSION3;
int nvalues = 0;
char **values = NULL;
LDAPMessage *res = NULL, *e = NULL;
- srand( pid );
-
attrs[ 0 ] = LDAP_NO_ATTRS;
attrs[ 1 ] = NULL;
@@ -235,17 +238,19 @@ do_random( char *uri, char *manager, struct berval *passwd,
(long) pid, innerloop, sbase, filter );
}
- rc = ldap_sasl_bind_s( ld, manager, LDAP_SASL_SIMPLE, passwd, NULL, NULL, NULL );
- if ( rc != LDAP_SUCCESS ) {
- tester_ldap_error( ld, "ldap_sasl_bind_s", NULL );
- switch ( rc ) {
- case LDAP_BUSY:
- case LDAP_UNAVAILABLE:
- /* fallthru */
- default:
- break;
+ if ( nobind == 0 ) {
+ rc = ldap_sasl_bind_s( ld, manager, LDAP_SASL_SIMPLE, passwd, NULL, NULL, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ tester_ldap_error( ld, "ldap_sasl_bind_s", NULL );
+ switch ( rc ) {
+ case LDAP_BUSY:
+ case LDAP_UNAVAILABLE:
+ /* fallthru */
+ default:
+ break;
+ }
+ exit( EXIT_FAILURE );
}
- exit( EXIT_FAILURE );
}
rc = ldap_search_ext_s( ld, sbase, LDAP_SCOPE_SUBTREE,
@@ -283,9 +288,10 @@ do_random( char *uri, char *manager, struct berval *passwd,
int r = ((double)nvalues)*rand()/(RAND_MAX + 1.0);
do_read( uri, manager, passwd, values[ r ], &ld,
- noattrs, 1, maxretries, delay, force,
+ noattrs, nobind, 1, maxretries, delay, force,
chaserefs );
}
+ free( values );
break;
default:
@@ -302,13 +308,12 @@ do_random( char *uri, char *manager, struct berval *passwd,
static void
do_read( char *uri, char *manager, struct berval *passwd, char *entry,
- LDAP **ldp, int noattrs, int maxloop,
+ LDAP **ldp, int noattrs, int nobind, int maxloop,
int maxretries, int delay, int force, int chaserefs )
{
LDAP *ld = ldp ? *ldp : NULL;
int i = 0, do_retry = maxretries;
char *attrs[] = { "1.1", NULL };
- pid_t pid = getpid();
int rc = LDAP_SUCCESS;
int version = LDAP_VERSION3;
@@ -329,25 +334,27 @@ retry:;
(long) pid, maxloop, entry );
}
- rc = ldap_sasl_bind_s( ld, manager, LDAP_SASL_SIMPLE, passwd, NULL, NULL, NULL );
- if ( rc != LDAP_SUCCESS ) {
- tester_ldap_error( ld, "ldap_sasl_bind_s", NULL );
- switch ( rc ) {
- case LDAP_BUSY:
- case LDAP_UNAVAILABLE:
- if ( do_retry > 0 ) {
- ldap_unbind_ext( ld, NULL, NULL );
- do_retry--;
- if ( delay != 0 ) {
- sleep( delay );
+ if ( nobind == 0 ) {
+ rc = ldap_sasl_bind_s( ld, manager, LDAP_SASL_SIMPLE, passwd, NULL, NULL, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ tester_ldap_error( ld, "ldap_sasl_bind_s", NULL );
+ switch ( rc ) {
+ case LDAP_BUSY:
+ case LDAP_UNAVAILABLE:
+ if ( do_retry > 0 ) {
+ ldap_unbind_ext( ld, NULL, NULL );
+ do_retry--;
+ if ( delay != 0 ) {
+ sleep( delay );
+ }
+ goto retry;
}
- goto retry;
+ /* fallthru */
+ default:
+ break;
}
- /* fallthru */
- default:
- break;
+ exit( EXIT_FAILURE );
}
- exit( EXIT_FAILURE );
}
}
diff --git a/tests/progs/slapd-search.c b/tests/progs/slapd-search.c
index 5709c7be48ca59264c23aaa0e47c8e4a30827287..e0b6b1d5c56c43031b86b3fb6c27260d30654b00 100644
--- a/tests/progs/slapd-search.c
+++ b/tests/progs/slapd-search.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -40,13 +40,13 @@
static void
do_search( char *uri, char *manager, struct berval *passwd,
- char *sbase, char *filter, LDAP **ldp, int noattrs,
+ char *sbase, char *filter, LDAP **ldp, int noattrs, int nobind,
int innerloop, int maxretries, int delay, int force, int chaserefs );
static void
do_random( char *uri, char *manager, struct berval *passwd,
- char *sbase, char *filter, char *attr, int noattrs, int innerloop,
- int maxretries, int delay, int force, int chaserefs );
+ char *sbase, char *filter, char *attr, int noattrs, int nobind,
+ int innerloop, int maxretries, int delay, int force, int chaserefs );
static void
usage( char *name )
@@ -62,6 +62,7 @@ usage( char *name )
"[-A] "
"[-C] "
"[-F] "
+ "[-N] "
"[-i <ignore>] "
"[-l <loops>] "
"[-L <outerloops>] "
@@ -90,14 +91,16 @@ main( int argc, char **argv )
int force = 0;
int chaserefs = 0;
int noattrs = 0;
+ int nobind = 0;
tester_init( "slapd-search", TESTER_SEARCH );
/* by default, tolerate referrals and no such object */
tester_ignore_str2errlist( "REFERRAL,NO_SUCH_OBJECT" );
- while ( (i = getopt( argc, argv, "Aa:b:CD:f:FH:h:i:l:L:p:w:r:t:" )) != EOF ) {
- switch( i ) {
+ while ( ( i = getopt( argc, argv, "Aa:b:CD:f:FH:h:i:l:L:Np:r:t:w:" ) ) != EOF )
+ {
+ switch ( i ) {
case 'A':
noattrs++;
break;
@@ -118,6 +121,10 @@ main( int argc, char **argv )
tester_ignore_str2errlist( optarg );
break;
+ case 'N':
+ nobind++;
+ break;
+
case 'p': /* the servers port */
if ( lutil_atoi( &port, optarg ) != 0 ) {
usage( argv[0] );
@@ -196,11 +203,11 @@ main( int argc, char **argv )
for ( i = 0; i < outerloops; i++ ) {
if ( attr != NULL ) {
do_random( uri, manager, &passwd, sbase, filter, attr,
- noattrs, loops, retries, delay, force, chaserefs );
+ noattrs, nobind, loops, retries, delay, force, chaserefs );
} else {
do_search( uri, manager, &passwd, sbase, filter, NULL,
- noattrs, loops, retries, delay, force, chaserefs );
+ noattrs, nobind, loops, retries, delay, force, chaserefs );
}
}
@@ -210,21 +217,18 @@ main( int argc, char **argv )
static void
do_random( char *uri, char *manager, struct berval *passwd,
- char *sbase, char *filter, char *attr, int noattrs,
+ char *sbase, char *filter, char *attr, int noattrs, int nobind,
int innerloop, int maxretries, int delay, int force, int chaserefs )
{
LDAP *ld = NULL;
int i = 0, do_retry = maxretries;
char *attrs[ 2 ];
- pid_t pid = getpid();
int rc = LDAP_SUCCESS;
int version = LDAP_VERSION3;
int nvalues = 0;
char **values = NULL;
LDAPMessage *res = NULL, *e = NULL;
- srand( pid );
-
attrs[ 0 ] = attr;
attrs[ 1 ] = NULL;
@@ -243,17 +247,19 @@ do_random( char *uri, char *manager, struct berval *passwd,
(long) pid, innerloop, sbase, filter, attr );
}
- rc = ldap_sasl_bind_s( ld, manager, LDAP_SASL_SIMPLE, passwd, NULL, NULL, NULL );
- if ( rc != LDAP_SUCCESS ) {
- tester_ldap_error( ld, "ldap_sasl_bind_s", NULL );
- switch ( rc ) {
- case LDAP_BUSY:
- case LDAP_UNAVAILABLE:
- /* fallthru */
- default:
- break;
+ if ( nobind == 0 ) {
+ rc = ldap_sasl_bind_s( ld, manager, LDAP_SASL_SIMPLE, passwd, NULL, NULL, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ tester_ldap_error( ld, "ldap_sasl_bind_s", NULL );
+ switch ( rc ) {
+ case LDAP_BUSY:
+ case LDAP_UNAVAILABLE:
+ /* fallthru */
+ default:
+ break;
+ }
+ exit( EXIT_FAILURE );
}
- exit( EXIT_FAILURE );
}
rc = ldap_search_ext_s( ld, sbase, LDAP_SCOPE_SUBTREE,
@@ -289,6 +295,12 @@ do_random( char *uri, char *manager, struct berval *passwd,
ldap_msgfree( res );
+ if ( !values ) {
+ fprintf( stderr, " PID=%ld - Search base=\"%s\" filter=\"%s\" got %d values.\n",
+ (long) pid, sbase, filter, nvalues );
+ exit(EXIT_FAIL);
+ }
+
if ( do_retry == maxretries ) {
fprintf( stderr, " PID=%ld - Search base=\"%s\" filter=\"%s\" got %d values.\n",
(long) pid, sbase, filter, nvalues );
@@ -303,7 +315,7 @@ do_random( char *uri, char *manager, struct berval *passwd,
snprintf( buf, sizeof( buf ), "(%s=%s)", attr, values[ r ] );
- do_search( uri, manager, passwd, sbase, buf, &ld, noattrs,
+ do_search( uri, manager, passwd, sbase, buf, &ld, noattrs, nobind,
1, maxretries, delay, force, chaserefs );
}
break;
@@ -322,14 +334,12 @@ do_random( char *uri, char *manager, struct berval *passwd,
static void
do_search( char *uri, char *manager, struct berval *passwd,
- char *sbase, char *filter, LDAP **ldp,
- int noattrs, int innerloop, int maxretries, int delay,
- int force, int chaserefs )
+ char *sbase, char *filter, LDAP **ldp, int noattrs, int nobind,
+ int innerloop, int maxretries, int delay, int force, int chaserefs )
{
LDAP *ld = ldp ? *ldp : NULL;
int i = 0, do_retry = maxretries;
char *attrs[] = { "cn", "sn", NULL };
- pid_t pid = getpid();
int rc = LDAP_SUCCESS;
int version = LDAP_VERSION3;
char buf[ BUFSIZ ];
@@ -352,27 +362,29 @@ retry:;
(long) pid, innerloop, sbase, filter );
}
- rc = ldap_sasl_bind_s( ld, manager, LDAP_SASL_SIMPLE, passwd, NULL, NULL, NULL );
- if ( rc != LDAP_SUCCESS ) {
- snprintf( buf, sizeof( buf ),
- "bindDN=\"%s\"", manager );
- tester_ldap_error( ld, "ldap_sasl_bind_s", buf );
- switch ( rc ) {
- case LDAP_BUSY:
- case LDAP_UNAVAILABLE:
- if ( do_retry > 0 ) {
- ldap_unbind_ext( ld, NULL, NULL );
- do_retry--;
- if ( delay != 0 ) {
- sleep( delay );
+ if ( nobind == 0 ) {
+ rc = ldap_sasl_bind_s( ld, manager, LDAP_SASL_SIMPLE, passwd, NULL, NULL, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ snprintf( buf, sizeof( buf ),
+ "bindDN=\"%s\"", manager );
+ tester_ldap_error( ld, "ldap_sasl_bind_s", buf );
+ switch ( rc ) {
+ case LDAP_BUSY:
+ case LDAP_UNAVAILABLE:
+ if ( do_retry > 0 ) {
+ ldap_unbind_ext( ld, NULL, NULL );
+ do_retry--;
+ if ( delay != 0 ) {
+ sleep( delay );
+ }
+ goto retry;
}
- goto retry;
+ /* fallthru */
+ default:
+ break;
}
- /* fallthru */
- default:
- break;
+ exit( EXIT_FAILURE );
}
- exit( EXIT_FAILURE );
}
}
diff --git a/tests/progs/slapd-tester.c b/tests/progs/slapd-tester.c
index fdca62f2044f0cfae33ff3dbea2001e0c157858b..6cbc13fd109665ed5c7ce0711ac770b5e93c17db 100644
--- a/tests/progs/slapd-tester.c
+++ b/tests/progs/slapd-tester.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -36,6 +36,8 @@
#include "lutil.h"
#include "ldap.h"
+#include "ldap_pvt.h"
+#include "lber_pvt.h"
#include "slapd-common.h"
#define SEARCHCMD "slapd-search"
@@ -75,8 +77,13 @@ static char argbuf[BUFSIZ];
#endif
static void
-usage( char *name )
+usage( char *name, char opt )
{
+ if ( opt ) {
+ fprintf( stderr, "%s: unable to handle option \'%c\'\n\n",
+ name, opt );
+ }
+
fprintf( stderr,
"usage: %s "
"-H <uri> | ([-h <host>] -p <port>) "
@@ -85,13 +92,15 @@ usage( char *name )
"-d <datadir> "
"[-i <ignore>] "
"[-j <maxchild>] "
- "[-l <loops>] "
+ "[-l {<loops>|<type>=<loops>[,...]}] "
"[-L <outerloops>] "
"-P <progdir> "
"[-r <maxretries>] "
"[-t <delay>] "
+ "[-C] "
"[-F] "
- "[-C]\n",
+ "[-I] "
+ "[-N]\n",
name );
exit( EXIT_FAILURE );
}
@@ -116,6 +125,8 @@ main( int argc, char **argv )
int friendly = 0;
int chaserefs = 0;
int noattrs = 0;
+ int nobind = 0;
+ int noinit = 1;
char *ignore = NULL;
/* search */
char *sfile = NULL;
@@ -126,7 +137,8 @@ main( int argc, char **argv )
char *sargs[MAXARGS];
int sanum;
char scmd[MAXPATHLEN];
- char sloops[] = "18446744073709551615UL";
+ /* static so that its address can be used in initializer below. */
+ static char sloops[] = "18446744073709551615UL";
/* read */
char *rfile = NULL;
char *rreqs[MAXREQS];
@@ -135,31 +147,31 @@ main( int argc, char **argv )
char *rflts[MAXREQS];
int ranum;
char rcmd[MAXPATHLEN];
- char rloops[] = "18446744073709551615UL";
+ static char rloops[] = "18446744073709551615UL";
/* addel */
char *afiles[MAXREQS];
int anum = 0;
char *aargs[MAXARGS];
int aanum;
char acmd[MAXPATHLEN];
- char aloops[] = "18446744073709551615UL";
+ static char aloops[] = "18446744073709551615UL";
/* modrdn */
+ char *nfile = NULL;
+ char *nreqs[MAXREQS];
+ int nnum = 0;
+ char *nargs[MAXARGS];
+ int nanum;
+ char ncmd[MAXPATHLEN];
+ static char nloops[] = "18446744073709551615UL";
+ /* modify */
char *mfile = NULL;
char *mreqs[MAXREQS];
+ char *mdn[MAXREQS];
int mnum = 0;
char *margs[MAXARGS];
int manum;
char mcmd[MAXPATHLEN];
- char mloops[] = "18446744073709551615UL";
- /* modify */
- char *modfile = NULL;
- char *modreqs[MAXREQS];
- char *moddn[MAXREQS];
- int modnum = 0;
- char *modargs[MAXARGS];
- int modanum;
- char modcmd[MAXPATHLEN];
- char modloops[] = "18446744073709551615UL";
+ static char mloops[] = "18446744073709551615UL";
/* bind */
char *bfile = NULL;
char *breqs[MAXREQS];
@@ -169,20 +181,56 @@ main( int argc, char **argv )
char *bargs[MAXARGS];
int banum;
char bcmd[MAXPATHLEN];
- char bloops[] = "18446744073709551615UL";
+ static char bloops[] = "18446744073709551615UL";
+ char **bargs_extra = NULL;
char *friendlyOpt = NULL;
int pw_ask = 0;
char *pw_file = NULL;
+ /* extra action to do after bind... */
+ typedef struct extra_t {
+ char *action;
+ struct extra_t *next;
+ } extra_t;
+
+ extra_t *extra = NULL;
+ int nextra = 0;
+
tester_init( "slapd-tester", TESTER_TESTER );
- while ( (i = getopt( argc, argv, "ACD:d:FH:h:i:j:l:L:P:p:r:t:w:Wy:" )) != EOF ) {
- switch( i ) {
+ sloops[0] = '\0';
+ rloops[0] = '\0';
+ aloops[0] = '\0';
+ nloops[0] = '\0';
+ mloops[0] = '\0';
+ bloops[0] = '\0';
+
+ while ( ( i = getopt( argc, argv, "AB:CD:d:FH:h:Ii:j:L:l:NP:p:r:t:Ww:y:" ) ) != EOF )
+ {
+ switch ( i ) {
case 'A':
noattrs++;
break;
+ case 'B': {
+ char **p,
+ **b = ldap_str2charray( optarg, "," );
+ extra_t **epp;
+
+ for ( epp = &extra; *epp; epp = &(*epp)->next )
+ ;
+
+ for ( p = b; p[0]; p++ ) {
+ *epp = calloc( 1, sizeof( extra_t ) );
+ (*epp)->action = p[0];
+ epp = &(*epp)->next;
+ nextra++;
+ }
+
+ ldap_memfree( b );
+ } break;
+
case 'C':
chaserefs++;
break;
@@ -207,19 +255,61 @@ main( int argc, char **argv )
host = strdup( optarg );
break;
+ case 'I':
+ noinit = 0;
+ break;
+
case 'i':
ignore = optarg;
break;
case 'j': /* the number of parallel clients */
if ( lutil_atoi( &maxkids, optarg ) != 0 ) {
- usage( argv[0] );
+ usage( argv[0], 'j' );
}
break;
case 'l': /* the number of loops per client */
- if ( lutil_atoi( &loops, optarg ) != 0 ) {
- usage( argv[0] );
+ if ( !isdigit( (unsigned char) optarg[0] ) ) {
+ char **p,
+ **l = ldap_str2charray( optarg, "," );
+
+ for ( p = l; p[0]; p++) {
+ struct {
+ struct berval type;
+ char *buf;
+ } types[] = {
+ { BER_BVC( "add=" ), aloops },
+ { BER_BVC( "bind=" ), bloops },
+ { BER_BVC( "modify=" ), mloops },
+ { BER_BVC( "modrdn=" ), nloops },
+ { BER_BVC( "read=" ), rloops },
+ { BER_BVC( "search=" ), sloops },
+ { BER_BVNULL, NULL }
+ };
+ int c, n;
+
+ for ( c = 0; types[c].type.bv_val; c++ ) {
+ if ( strncasecmp( p[0], types[c].type.bv_val, types[c].type.bv_len ) == 0 ) {
+ break;
+ }
+ }
+
+ if ( types[c].type.bv_val == NULL ) {
+ usage( argv[0], 'l' );
+ }
+
+ if ( lutil_atoi( &n, &p[0][types[c].type.bv_len] ) != 0 ) {
+ usage( argv[0], 'l' );
+ }
+
+ snprintf( types[c].buf, sizeof( aloops ), "%d", n );
+ }
+
+ ldap_charray_free( l );
+
+ } else if ( lutil_atoi( &loops, optarg ) != 0 ) {
+ usage( argv[0], 'l' );
}
break;
@@ -227,6 +317,10 @@ main( int argc, char **argv )
outerloops = strdup( optarg );
break;
+ case 'N':
+ nobind++;
+ break;
+
case 'P': /* prog directory */
progdir = strdup( optarg );
break;
@@ -257,14 +351,16 @@ main( int argc, char **argv )
break;
default:
- usage( argv[0] );
+ usage( argv[0], '\0' );
break;
}
}
if (( dirname == NULL ) || ( port == NULL && uri == NULL ) ||
( manager == NULL ) || ( passwd == NULL ) || ( progdir == NULL ))
- usage( argv[0] );
+ {
+ usage( argv[0], '\0' );
+ }
#ifdef HAVE_WINSOCK
children = malloc( maxkids * sizeof(HANDLE) );
@@ -286,10 +382,10 @@ main( int argc, char **argv )
rfile = get_file_name( dirname, file->d_name );
continue;
} else if ( !strcasecmp( file->d_name, TMODRDNFILE )) {
- mfile = get_file_name( dirname, file->d_name );
+ nfile = get_file_name( dirname, file->d_name );
continue;
} else if ( !strcasecmp( file->d_name, TMODIFYFILE )) {
- modfile = get_file_name( dirname, file->d_name );
+ mfile = get_file_name( dirname, file->d_name );
continue;
} else if ( !strncasecmp( file->d_name, TADDFILE, strlen( TADDFILE ))
&& ( anum < MAXREQS )) {
@@ -327,13 +423,13 @@ main( int argc, char **argv )
}
/* look for modrdn requests */
- if ( mfile ) {
- mnum = get_read_entries( mfile, mreqs, NULL );
+ if ( nfile ) {
+ nnum = get_read_entries( nfile, nreqs, NULL );
}
/* look for modify requests */
- if ( modfile ) {
- modnum = get_search_filters( modfile, modreqs, NULL, moddn );
+ if ( mfile ) {
+ mnum = get_search_filters( mfile, mreqs, NULL, mdn );
}
/* look for bind requests */
@@ -358,12 +454,12 @@ main( int argc, char **argv )
break;
}
- snprintf( sloops, sizeof( sloops ), "%d", 10 * loops );
- snprintf( rloops, sizeof( rloops ), "%d", 20 * loops );
- snprintf( aloops, sizeof( aloops ), "%d", loops );
- snprintf( mloops, sizeof( mloops ), "%d", loops );
- snprintf( modloops, sizeof( modloops ), "%d", loops );
- snprintf( bloops, sizeof( bloops ), "%d", 20 * loops );
+ if ( sloops[0] == '\0' ) snprintf( sloops, sizeof( sloops ), "%d", 10 * loops );
+ if ( rloops[0] == '\0' ) snprintf( rloops, sizeof( rloops ), "%d", 20 * loops );
+ if ( aloops[0] == '\0' ) snprintf( aloops, sizeof( aloops ), "%d", loops );
+ if ( nloops[0] == '\0' ) snprintf( nloops, sizeof( nloops ), "%d", loops );
+ if ( mloops[0] == '\0' ) snprintf( mloops, sizeof( mloops ), "%d", loops );
+ if ( bloops[0] == '\0' ) snprintf( bloops, sizeof( bloops ), "%d", 20 * loops );
/*
* generate the search clients
@@ -403,6 +499,9 @@ main( int argc, char **argv )
if ( noattrs ) {
sargs[sanum++] = "-A";
}
+ if ( nobind ) {
+ sargs[sanum++] = "-N";
+ }
if ( ignore ) {
sargs[sanum++] = "-i";
sargs[sanum++] = ignore;
@@ -471,8 +570,51 @@ main( int argc, char **argv )
* generate the modrdn clients
*/
+ nanum = 0;
+ snprintf( ncmd, sizeof ncmd, "%s" LDAP_DIRSEP MODRDNCMD,
+ progdir );
+ nargs[nanum++] = ncmd;
+ if ( uri ) {
+ nargs[nanum++] = "-H";
+ nargs[nanum++] = uri;
+ } else {
+ nargs[nanum++] = "-h";
+ nargs[nanum++] = host;
+ nargs[nanum++] = "-p";
+ nargs[nanum++] = port;
+ }
+ nargs[nanum++] = "-D";
+ nargs[nanum++] = manager;
+ nargs[nanum++] = "-w";
+ nargs[nanum++] = passwd;
+ nargs[nanum++] = "-l";
+ nargs[nanum++] = nloops;
+ nargs[nanum++] = "-L";
+ nargs[nanum++] = outerloops;
+ nargs[nanum++] = "-r";
+ nargs[nanum++] = retries;
+ nargs[nanum++] = "-t";
+ nargs[nanum++] = delay;
+ if ( friendly ) {
+ nargs[nanum++] = friendlyOpt;
+ }
+ if ( chaserefs ) {
+ nargs[nanum++] = "-C";
+ }
+ if ( ignore ) {
+ nargs[nanum++] = "-i";
+ nargs[nanum++] = ignore;
+ }
+ nargs[nanum++] = "-e";
+ nargs[nanum++] = NULL; /* will hold the modrdn entry */
+ nargs[nanum++] = NULL;
+
+ /*
+ * generate the modify clients
+ */
+
manum = 0;
- snprintf( mcmd, sizeof mcmd, "%s" LDAP_DIRSEP MODRDNCMD,
+ snprintf( mcmd, sizeof mcmd, "%s" LDAP_DIRSEP MODIFYCMD,
progdir );
margs[manum++] = mcmd;
if ( uri ) {
@@ -507,53 +649,10 @@ main( int argc, char **argv )
margs[manum++] = ignore;
}
margs[manum++] = "-e";
- margs[manum++] = NULL; /* will hold the modrdn entry */
+ margs[manum++] = NULL; /* will hold the modify entry */
+ margs[manum++] = "-a";;
+ margs[manum++] = NULL; /* will hold the ava */
margs[manum++] = NULL;
-
- /*
- * generate the modify clients
- */
-
- modanum = 0;
- snprintf( modcmd, sizeof modcmd, "%s" LDAP_DIRSEP MODIFYCMD,
- progdir );
- modargs[modanum++] = modcmd;
- if ( uri ) {
- modargs[modanum++] = "-H";
- modargs[modanum++] = uri;
- } else {
- modargs[modanum++] = "-h";
- modargs[modanum++] = host;
- modargs[modanum++] = "-p";
- modargs[modanum++] = port;
- }
- modargs[modanum++] = "-D";
- modargs[modanum++] = manager;
- modargs[modanum++] = "-w";
- modargs[modanum++] = passwd;
- modargs[modanum++] = "-l";
- modargs[modanum++] = modloops;
- modargs[modanum++] = "-L";
- modargs[modanum++] = outerloops;
- modargs[modanum++] = "-r";
- modargs[modanum++] = retries;
- modargs[modanum++] = "-t";
- modargs[modanum++] = delay;
- if ( friendly ) {
- modargs[modanum++] = friendlyOpt;
- }
- if ( chaserefs ) {
- modargs[modanum++] = "-C";
- }
- if ( ignore ) {
- modargs[modanum++] = "-i";
- modargs[modanum++] = ignore;
- }
- modargs[modanum++] = "-e";
- modargs[modanum++] = NULL; /* will hold the modify entry */
- modargs[modanum++] = "-a";;
- modargs[modanum++] = NULL; /* will hold the ava */
- modargs[modanum++] = NULL;
/*
* generate the add/delete clients
@@ -606,7 +705,9 @@ main( int argc, char **argv )
snprintf( bcmd, sizeof bcmd, "%s" LDAP_DIRSEP BINDCMD,
progdir );
bargs[banum++] = bcmd;
- bargs[banum++] = "-I"; /* don't init on each bind */
+ if ( !noinit ) {
+ bargs[banum++] = "-I"; /* init on each bind */
+ }
if ( uri ) {
bargs[banum++] = "-H";
bargs[banum++] = uri;
@@ -636,6 +737,10 @@ main( int argc, char **argv )
bargs[banum++] = "-i";
bargs[banum++] = ignore;
}
+ if ( nextra ) {
+ bargs[banum++] = "-B";
+ bargs_extra = &bargs[banum++];
+ }
bargs[banum++] = "-D";
bargs[banum++] = NULL;
bargs[banum++] = "-w";
@@ -674,17 +779,17 @@ main( int argc, char **argv )
fork_child( rcmd, rargs );
}
+ if ( j < nnum ) {
+ nargs[nanum - 2] = nreqs[j];
+ fork_child( ncmd, nargs );
+ }
+
if ( j < mnum ) {
+ margs[manum - 4] = mdn[j];
margs[manum - 2] = mreqs[j];
fork_child( mcmd, margs );
}
- if ( j < modnum ) {
- modargs[modanum - 4] = moddn[j];
- modargs[modanum - 2] = modreqs[j];
- fork_child( modcmd, modargs );
- }
-
if ( j < anum ) {
aargs[aanum - 2] = afiles[j];
fork_child( acmd, aargs );
@@ -693,6 +798,15 @@ main( int argc, char **argv )
if ( DOREQ( bnum, j ) ) {
int jj = j % bnum;
+ if ( nextra ) {
+ int n = ((double)nextra)*rand()/(RAND_MAX + 1.0);
+ extra_t *e;
+
+ for ( e = extra; n-- > 0; e = e->next )
+ ;
+ *bargs_extra = e->action;
+ }
+
if ( battrs[jj] != NULL ) {
bargs[banum - 4] = manager ? manager : "";
bargs[banum - 2] = passwd ? passwd : "";
@@ -830,6 +944,7 @@ get_read_entries( char *filename, char *entries[], char *filters[] )
static void
fork_child( char *prog, char **args )
{
+ /* note: obscures global pid var; intended */
pid_t pid;
wait4kids( maxkids );
diff --git a/tests/run.in b/tests/run.in
index 966762280ac5eb4c7c21d2fc3028ba0435371404..a8bcaa1cacf41ad0cf4d7534cee642db88ae46c3 100644
--- a/tests/run.in
+++ b/tests/run.in
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/acfilter.sh b/tests/scripts/acfilter.sh
index e1b7599840e77fc58592ffad193f09a1ae48658e..9a650359bdc4e39a1561b8222336925817a53038 100755
--- a/tests/scripts/acfilter.sh
+++ b/tests/scripts/acfilter.sh
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/all b/tests/scripts/all
index 851c0d20c7d36912b1e28f959c36ee3166386dc8..e05bba09ab92773dd9b521a49e170c149a79c2b3 100755
--- a/tests/scripts/all
+++ b/tests/scripts/all
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/conf.sh b/tests/scripts/conf.sh
index 7bef25a2a58305ba24b092cf063e056a5f98ebb6..e4a73a3b41f4c6716bdeb6a35e6fcbe5ff596cb8 100755
--- a/tests/scripts/conf.sh
+++ b/tests/scripts/conf.sh
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/defines.sh b/tests/scripts/defines.sh
index 7a2a21235aaef52c2c2718bc83f63426b96f40c3..8f4e7ad1212c40b15f6a5a2d51fa7e6a53321b18 100755
--- a/tests/scripts/defines.sh
+++ b/tests/scripts/defines.sh
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
@@ -123,6 +123,9 @@ PLSRSLAVECONF=$DATADIR/slapd-syncrepl-slave-persist-ldap.conf
PLSRMASTERCONF=$DATADIR/slapd-syncrepl-multiproxy.conf
DDSCONF=$DATADIR/slapd-dds.conf
PASSWDCONF=$DATADIR/slapd-passwd.conf
+UNDOCONF=$DATADIR/slapd-config-undo.conf
+
+DYNAMICCONF=$DATADIR/slapd-dynamic.ldif
# generated files
CONF1=$TESTDIR/slapd.1.conf
@@ -152,10 +155,10 @@ TOOLPROTO="-P 3"
LDIFFILTER=$SRCDIR/scripts/acfilter.sh
CONFFILTER=$SRCDIR/scripts/conf.sh
-SLAPADD="../servers/slapd/slapd -Ta -d 0 $LDAP_VERBOSE"
-SLAPCAT="../servers/slapd/slapd -Tc -d 0 $LDAP_VERBOSE"
-SLAPINDEX="../servers/slapd/slapd -Ti -d 0 $LDAP_VERBOSE"
-SLAPPASSWD="../servers/slapd/slapd -Tpasswd"
+SLAPADD="`pwd`/../servers/slapd/slapd -Ta -d 0 $LDAP_VERBOSE"
+SLAPCAT="`pwd`/../servers/slapd/slapd -Tc -d 0 $LDAP_VERBOSE"
+SLAPINDEX="`pwd`/../servers/slapd/slapd -Ti -d 0 $LDAP_VERBOSE"
+SLAPPASSWD="`pwd`/../servers/slapd/slapd -Tpasswd"
unset DIFF_OPTIONS
# NOTE: -u/-c is not that portable...
@@ -163,8 +166,8 @@ DIFF="diff -i"
CMP="diff -i"
BCMP="diff -iB"
CMPOUT=/dev/null
-SLAPD="../servers/slapd/slapd -s0"
-SLURPD=../servers/slurpd/slurpd
+SLAPD="`pwd`/../servers/slapd/slapd -s0"
+SLURPD="`pwd`/../servers/slurpd/slurpd"
LDAPPASSWD="$CLIENTDIR/ldappasswd $TOOLARGS"
LDAPSASLSEARCH="$CLIENTDIR/ldapsearch $TOOLPROTO $LDAP_TOOLARGS -LLL"
LDAPSEARCH="$CLIENTDIR/ldapsearch $TOOLPROTO $TOOLARGS -LLL"
diff --git a/tests/scripts/its-all b/tests/scripts/its-all
index 4f3cba8fcfdb9145cf79559116e34e13ae8afa4b..da140b309717f7d7dae604d468c5b149e9226cde 100755
--- a/tests/scripts/its-all
+++ b/tests/scripts/its-all
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/passwd-search b/tests/scripts/passwd-search
index 56adc93c3deb0c70fdb11933720ffecb0ddc0093..47e1648f75d3c4bd01891992c4d003d026a144a9 100755
--- a/tests/scripts/passwd-search
+++ b/tests/scripts/passwd-search
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/relay b/tests/scripts/relay
index 3e1d95a4149b26d3b9fd8a8f7a9120e7a1f617c8..5aa15b7a412411700a8da510be6bdd3331025804 100755
--- a/tests/scripts/relay
+++ b/tests/scripts/relay
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/sql-all b/tests/scripts/sql-all
index 89cb6aaf1644ff44ad137c18084900c0d2b01831..67ff71339413a174b664af6d5494d0e6d91b70b2 100755
--- a/tests/scripts/sql-all
+++ b/tests/scripts/sql-all
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/sql-test000-read b/tests/scripts/sql-test000-read
index 1d206cc9f34fe7edf214a0580db8c38e6dc2dc6d..8c70395166733073ebcae1c4e496ff9faefcf3c6 100755
--- a/tests/scripts/sql-test000-read
+++ b/tests/scripts/sql-test000-read
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/sql-test001-concurrency b/tests/scripts/sql-test001-concurrency
index 0c85c476e46c012c2943dd3af0627cfefe558096..4594dbf21fd4f87f1af5f4915dd26d0b3063c40f 100755
--- a/tests/scripts/sql-test001-concurrency
+++ b/tests/scripts/sql-test001-concurrency
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/sql-test900-write b/tests/scripts/sql-test900-write
index 91209b675041af69c8a5cb58a8d50970038e7856..b11b4fd3d1f4ae60c190b6f0f8128c00c001cdd3 100755
--- a/tests/scripts/sql-test900-write
+++ b/tests/scripts/sql-test900-write
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/sql-test901-syncrepl b/tests/scripts/sql-test901-syncrepl
index 54c4a95eedd173886a2ddc59eadf0fa905f6c0df..9dc05eb7a419e53c7c33f11ba5a2911b2135b14b 100755
--- a/tests/scripts/sql-test901-syncrepl
+++ b/tests/scripts/sql-test901-syncrepl
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/start-server b/tests/scripts/start-server
index f1a507f2eab5deb16bddb04aeeea5724abc4beec..5fe43ef2b58695c1416c2618806dbd293cfa31f9 100755
--- a/tests/scripts/start-server
+++ b/tests/scripts/start-server
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/start-server-nolog b/tests/scripts/start-server-nolog
index 5ed1eab7ce65c1e746e71d42d4fb44fa1bffbbc1..1b9ef43077fd909635e56f8d5164753cc249ee3b 100755
--- a/tests/scripts/start-server-nolog
+++ b/tests/scripts/start-server-nolog
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/start-server2 b/tests/scripts/start-server2
index 79da611ebdbe13a3ec83a0284c7bd5681e451aec..9a55e372e4de946d9db34a448bccc1aa18335cc1 100755
--- a/tests/scripts/start-server2
+++ b/tests/scripts/start-server2
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/start-server2-nolog b/tests/scripts/start-server2-nolog
index 6a07cce963b6bf115c365d760a6df953180317bd..962f58be32bc31d86de87a72a65af20ca7186c39 100755
--- a/tests/scripts/start-server2-nolog
+++ b/tests/scripts/start-server2-nolog
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/startup_nis_ldap_server.sh b/tests/scripts/startup_nis_ldap_server.sh
index 72606e834a982b56910c3d4a9236986e8295be03..756ddae208644f4510792863b7cade4424a7ac89 100755
--- a/tests/scripts/startup_nis_ldap_server.sh
+++ b/tests/scripts/startup_nis_ldap_server.sh
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test000-rootdse b/tests/scripts/test000-rootdse
index 635b9fff6b8e80d23d4081312a62c600049422af..267dcea9f40c05ed6187c62831dcd9059366c59d 100755
--- a/tests/scripts/test000-rootdse
+++ b/tests/scripts/test000-rootdse
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
@@ -33,7 +33,7 @@ sleep 1
echo "Using ldapsearch to retrieve the root DSE..."
for i in 0 1 2 3 4 5; do
$LDAPSEARCH -b "" -s base -h $LOCALHOST -p $PORT1 \
- '+extensibleObject' > $SEARCHOUT 2>&1
+ '@extensibleObject' > $SEARCHOUT 2>&1
RC=$?
if test $RC = 0 ; then
break
@@ -57,7 +57,7 @@ if test $RC = 0 ; then
count=3
echo "Using ldapsearch to retrieve the cn=Monitor..."
$LDAPSEARCH -b "cn=Monitor" -s base -h $LOCALHOST -p $PORT1 \
- '+extensibleObject' >> $SEARCHOUT 2>&1
+ '@monitor' >> $SEARCHOUT 2>&1
RC=$?
;;
esac
diff --git a/tests/scripts/test001-slapadd b/tests/scripts/test001-slapadd
index 3adf5e3fba4cf227160c051a96fca11ebeff6b36..5e92b774781e06a0c2758353d0506033ede9852f 100755
--- a/tests/scripts/test001-slapadd
+++ b/tests/scripts/test001-slapadd
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test002-populate b/tests/scripts/test002-populate
index cc7de3491c16d98f08b2cb246f8b73425dfc5ad7..43a7a330503dd0ac98e3f1400cdbde5a959c2b54 100755
--- a/tests/scripts/test002-populate
+++ b/tests/scripts/test002-populate
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test003-search b/tests/scripts/test003-search
index 2da5130f49dade1f282355b8417469b843600a3f..49a1612ff1d7e5e1d3f8251c80e42480f926558a 100755
--- a/tests/scripts/test003-search
+++ b/tests/scripts/test003-search
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test004-modify b/tests/scripts/test004-modify
index 8e317b5c68ad269ec29c6e31f9be5e0cd9b8a764..b14860bcb9f1ea0ccc5cebe7b9323769bba08544 100755
--- a/tests/scripts/test004-modify
+++ b/tests/scripts/test004-modify
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test005-modrdn b/tests/scripts/test005-modrdn
index 60c90d796585571b57c33ade96832029fb71b22a..d523a736e119cfe89e426e919678a9699c1a2761 100755
--- a/tests/scripts/test005-modrdn
+++ b/tests/scripts/test005-modrdn
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test006-acls b/tests/scripts/test006-acls
index d47ec025725498add308bf0f9c4ea51fb7aa29e0..235a1ea63777679ba7c90ed5efb3ca6d9fbb8e52 100755
--- a/tests/scripts/test006-acls
+++ b/tests/scripts/test006-acls
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test007-replication b/tests/scripts/test007-replication
index 85169e1f5541f8222c47ed7ee29cd2af71e3338a..4ae4e89bd30cadee6c70ae885037f65a3df7197c 100755
--- a/tests/scripts/test007-replication
+++ b/tests/scripts/test007-replication
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test008-concurrency b/tests/scripts/test008-concurrency
index d37fcb77c634bfbf46dcdef77063f65d9effdd0f..f8ea657843a373d5453a0439ee112f7b57609afa 100755
--- a/tests/scripts/test008-concurrency
+++ b/tests/scripts/test008-concurrency
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test009-referral b/tests/scripts/test009-referral
index c359aede5f2ebc0e793a5cba8663f864b5cf57fc..9be1b53f85b4c3d002a902b57128fabcf8d7d70a 100755
--- a/tests/scripts/test009-referral
+++ b/tests/scripts/test009-referral
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test010-passwd b/tests/scripts/test010-passwd
index a1a3edb1af41a8124d5b9235580f4a082fb7a1ec..5892433cd092c71f91398e3dec7c40a7a2f30b25 100755
--- a/tests/scripts/test010-passwd
+++ b/tests/scripts/test010-passwd
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test011-glue-slapadd b/tests/scripts/test011-glue-slapadd
index cae730bd3ebc148993cf2eb891aacfdbc7542a59..eca1932e782dd1e1e01db6f7de49875b7713401b 100755
--- a/tests/scripts/test011-glue-slapadd
+++ b/tests/scripts/test011-glue-slapadd
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test012-glue-populate b/tests/scripts/test012-glue-populate
index a9124eb6043e6fbb19b3d03a40a0d978de202af5..f59e91f243dec3b407ac7e2257378af5b5e50433 100755
--- a/tests/scripts/test012-glue-populate
+++ b/tests/scripts/test012-glue-populate
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test013-language b/tests/scripts/test013-language
index 5a2fe761bf14cbbc682fa59216794eb70e0a95f1..7e2240c377eccd4ffebfdfcd757472d90942c8e5 100755
--- a/tests/scripts/test013-language
+++ b/tests/scripts/test013-language
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test014-whoami b/tests/scripts/test014-whoami
index e9d38994fbca131198d675e26947518c10ad3d3d..e7d99863a2522306549341dceed7d74d77be619a 100755
--- a/tests/scripts/test014-whoami
+++ b/tests/scripts/test014-whoami
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
@@ -135,8 +135,8 @@ if test $RC != 0 ; then
exit $RC
fi
-BINDDN="cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com"
-BINDPW=jdoe
+BINDDN="cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com"
+BINDPW=jen
AUTHZID="u:bjorn"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI)..."
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
@@ -464,5 +464,5 @@ exit 0
## Note to developers: when SLAPD_DEBUG=-1 the command
## awk '/^do_extended$/ {if (c) {print c} c=0} /<===slap_sasl_match:/ {c++} END {print c}' $TESTDIR/slapd.1.log
-## must return the sequence 1 2 3 4 5 6 7 8 9 9 1 2 3 4 5 6 7 8 9 9 9 1
+## must return the sequence 1 2 3 4 5 6 7 8 8 8 1 2 3 4 5 6 7 8 8 8 8 1
## to indicate that the authzFrom and authzTo rules applied in the right order.
diff --git a/tests/scripts/test015-xsearch b/tests/scripts/test015-xsearch
index e14963e798ae7094b3cda34ae4f63842742b2107..56e81f2f732a67f2bad4f9b03558dd9a4f2c1185 100755
--- a/tests/scripts/test015-xsearch
+++ b/tests/scripts/test015-xsearch
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test016-subref b/tests/scripts/test016-subref
index 04d4f5cb57b9db7e5bb67fe2fc22c60b4ba42924..c28fd52a7808395cc260f04f3207b45c4f25438e 100755
--- a/tests/scripts/test016-subref
+++ b/tests/scripts/test016-subref
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test017-syncreplication-refresh b/tests/scripts/test017-syncreplication-refresh
index 54fbb115191e27c42e6b0cbdb1a0bbbdce407945..202b295434cf95c43f784be39db5f9e3c9e81275 100755
--- a/tests/scripts/test017-syncreplication-refresh
+++ b/tests/scripts/test017-syncreplication-refresh
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
@@ -25,15 +25,15 @@ mkdir -p $TESTDIR $DBDIR1 $DBDIR2
#
# Test replication:
-# - start master
-# - start slave
+# - start producer
+# - start consumer
# - populate over ldap
# - perform some modifies and deleted
-# - attempt to modify the slave (referral)
+# - attempt to modify the consumer (referral)
# - retrieve database over ldap and compare against expected results
#
-echo "Starting master slapd on TCP/IP port $PORT1..."
+echo "Starting producer slapd on TCP/IP port $PORT1..."
. $CONFFILTER $BACKEND $MONITORDB < $SRMASTERCONF > $CONF1
$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
PID=$!
@@ -45,7 +45,7 @@ KILLPIDS="$PID"
sleep 1
-echo "Using ldapsearch to check that master slapd is running..."
+echo "Using ldapsearch to check that producer slapd is running..."
for i in 0 1 2 3 4 5; do
$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
'objectclass=*' > /dev/null 2>&1
@@ -63,7 +63,7 @@ if test $RC != 0 ; then
exit $RC
fi
-echo "Using ldapadd to create the context prefix entry in the master..."
+echo "Using ldapadd to create the context prefix entry in the producer..."
$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \
$LDIFORDEREDCP > /dev/null 2>&1
RC=$?
@@ -73,7 +73,7 @@ if test $RC != 0 ; then
exit $RC
fi
-echo "Starting slave slapd on TCP/IP port $PORT2..."
+echo "Starting consumer slapd on TCP/IP port $PORT2..."
. $CONFFILTER $BACKEND $MONITORDB < $R1SRSLAVECONF > $CONF2
$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 &
SLAVEPID=$!
@@ -85,7 +85,7 @@ KILLPIDS="$KILLPIDS $SLAVEPID"
sleep 1
-echo "Using ldapsearch to check that slave slapd is running..."
+echo "Using ldapsearch to check that consumer slapd is running..."
for i in 0 1 2 3 4 5; do
$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \
'objectclass=*' > /dev/null 2>&1
@@ -103,7 +103,7 @@ if test $RC != 0 ; then
exit $RC
fi
-echo "Using ldapadd to populate the master directory..."
+echo "Using ldapadd to populate the producer directory..."
$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \
$LDIFORDEREDNOCP > /dev/null 2>&1
RC=$?
@@ -116,7 +116,7 @@ fi
echo "Waiting 15 seconds for syncrepl to receive changes..."
sleep 15
-echo "Using ldapmodify to modify master directory..."
+echo "Using ldapmodify to modify producer directory..."
#
# Do some modifications
@@ -205,7 +205,7 @@ fi
echo "Waiting 15 seconds for syncrepl to receive changes..."
sleep 15
-echo "Try updating the slave slapd..."
+echo "Try updating the consumer slapd..."
$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT2 -w $PASSWD > \
$TESTOUT 2>&1 << EOMODS
dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com
@@ -225,40 +225,42 @@ if test $RC != 10 ; then
exit $RC
fi
-echo "Using ldapsearch to read all the entries from the master..."
+OPATTRS="entryUUID creatorsName createTimestamp modifiersName modifyTimestamp"
+
+echo "Using ldapsearch to read all the entries from the producer..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
- 'objectclass=*' > $MASTEROUT 2>&1
+ '(objectclass=*)' '*' $OPATTRS > $MASTEROUT 2>&1
RC=$?
if test $RC != 0 ; then
- echo "ldapsearch failed at master ($RC)!"
+ echo "ldapsearch failed at producer ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
-echo "Using ldapsearch to read all the entries from the slave..."
+echo "Using ldapsearch to read all the entries from the consumer..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
- 'objectclass=*' > $SLAVEOUT 2>&1
+ '(objectclass=*)' '*' $OPATTRS > $SLAVEOUT 2>&1
RC=$?
if test $RC != 0 ; then
- echo "ldapsearch failed at slave ($RC)!"
+ echo "ldapsearch failed at consumer ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
test $KILLSERVERS != no && kill -HUP $KILLPIDS
-echo "Filtering master results..."
+echo "Filtering producer results..."
. $LDIFFILTER < $MASTEROUT > $MASTERFLT
-echo "Filtering slave results..."
+echo "Filtering consumer results..."
. $LDIFFILTER < $SLAVEOUT > $SLAVEFLT
-echo "Comparing retrieved entries from master and slave..."
+echo "Comparing retrieved entries from producer and consumer..."
$CMP $MASTERFLT $SLAVEFLT > $CMPOUT
if test $? != 0 ; then
- echo "test failed - master and slave databases differ"
+ echo "test failed - producer and consumer databases differ"
exit 1
fi
diff --git a/tests/scripts/test018-syncreplication-persist b/tests/scripts/test018-syncreplication-persist
index 65685cb01a447378dbb917ec52ae5065c0c06ab6..50cd004a1c660562342809d415b4c8721dd1addc 100755
--- a/tests/scripts/test018-syncreplication-persist
+++ b/tests/scripts/test018-syncreplication-persist
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
@@ -30,15 +30,15 @@ mkdir -p $TESTDIR $DBDIR1 $DBDIR4
#
# Test replication:
-# - start master
-# - start slave
+# - start producer
+# - start consumer
# - populate over ldap
# - perform some modifies and deleted
-# - attempt to modify the slave (referral or chain)
+# - attempt to modify the consumer (referral or chain)
# - retrieve database over ldap and compare against expected results
#
-echo "Starting master slapd on TCP/IP port $PORT1..."
+echo "Starting producer slapd on TCP/IP port $PORT1..."
. $CONFFILTER $BACKEND $MONITORDB < $SRMASTERCONF > $CONF1
$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
PID=$!
@@ -50,7 +50,7 @@ KILLPIDS="$PID"
sleep 1
-echo "Using ldapsearch to check that master slapd is running..."
+echo "Using ldapsearch to check that producer slapd is running..."
for i in 0 1 2 3 4 5; do
$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
'objectclass=*' > /dev/null 2>&1
@@ -68,7 +68,7 @@ if test $RC != 0 ; then
exit $RC
fi
-echo "Using ldapadd to create the context prefix entry in the master..."
+echo "Using ldapadd to create the context prefix entry in the producer..."
$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \
$LDIFORDEREDCP > /dev/null 2>&1
RC=$?
@@ -78,7 +78,7 @@ if test $RC != 0 ; then
exit $RC
fi
-echo "Starting slave slapd on TCP/IP port $PORT4..."
+echo "Starting consumer slapd on TCP/IP port $PORT4..."
. $CONFFILTER $BACKEND $MONITORDB < $P1SRSLAVECONF > $CONF4
$SLAPD -f $CONF4 -h $URI4 -d $LVL $TIMING > $LOG4 2>&1 &
SLAVEPID=$!
@@ -90,7 +90,7 @@ KILLPIDS="$KILLPIDS $SLAVEPID"
sleep 1
-echo "Using ldapsearch to check that slave slapd is running..."
+echo "Using ldapsearch to check that consumer slapd is running..."
for i in 0 1 2 3 4 5; do
$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT4 \
'objectclass=*' > /dev/null 2>&1
@@ -108,7 +108,7 @@ if test $RC != 0 ; then
exit $RC
fi
-echo "Using ldapadd to populate the master directory..."
+echo "Using ldapadd to populate the producer directory..."
$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \
$LDIFORDEREDNOCP > /dev/null 2>&1
RC=$?
@@ -136,7 +136,7 @@ KILLPIDS="$PID $SLAVEPID"
sleep 1
-echo "Using ldapsearch to check that master slapd is running..."
+echo "Using ldapsearch to check that producer slapd is running..."
for i in 0 1 2 3 4 5; do
$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
'objectclass=*' > /dev/null 2>&1
@@ -154,7 +154,7 @@ if test $RC != 0 ; then
exit $RC
fi
-echo "Using ldapmodify to modify master directory..."
+echo "Using ldapmodify to modify producer directory..."
#
# Do some modifications
@@ -247,7 +247,7 @@ echo "Stopping consumer to test recovery..."
kill -HUP $SLAVEPID
wait $SLAVEPID
-echo "Modifying more entries on the master..."
+echo "Modifying more entries on the producer..."
$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD >> \
$TESTOUT 2>&1 << EOMODS
dn: cn=Rosco P. Coltrane, ou=Retired, ou=People, dc=example,dc=com
@@ -281,7 +281,7 @@ echo "Waiting 25 seconds for syncrepl to receive changes..."
sleep 25
if test ! $BACKLDAP = "ldapno" ; then
- echo "Try updating the slave slapd..."
+ echo "Try updating the consumer slapd..."
$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT4 -w $PASSWD > \
$TESTOUT 2>&1 << EOMODS
dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com
@@ -303,40 +303,42 @@ EOMODS
sleep 15
fi
-echo "Using ldapsearch to read all the entries from the master..."
+OPATTRS="entryUUID creatorsName createTimestamp modifiersName modifyTimestamp"
+
+echo "Using ldapsearch to read all the entries from the producer..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
- 'objectclass=*' > $MASTEROUT 2>&1
+ '(objectclass=*)' '*' $OPATTRS > $MASTEROUT 2>&1
RC=$?
if test $RC != 0 ; then
- echo "ldapsearch failed at master ($RC)!"
+ echo "ldapsearch failed at producer ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
-echo "Using ldapsearch to read all the entries from the slave..."
+echo "Using ldapsearch to read all the entries from the consumer..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT4 \
- 'objectclass=*' > $SLAVEOUT 2>&1
+ '(objectclass=*)' '*' $OPATTRS > $SLAVEOUT 2>&1
RC=$?
if test $RC != 0 ; then
- echo "ldapsearch failed at slave ($RC)!"
+ echo "ldapsearch failed at consumer ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
test $KILLSERVERS != no && kill -HUP $KILLPIDS
-echo "Filtering master results..."
+echo "Filtering producer results..."
. $LDIFFILTER < $MASTEROUT > $MASTERFLT
-echo "Filtering slave results..."
+echo "Filtering consumer results..."
. $LDIFFILTER < $SLAVEOUT > $SLAVEFLT
-echo "Comparing retrieved entries from master and slave..."
+echo "Comparing retrieved entries from producer and consumer..."
$CMP $MASTERFLT $SLAVEFLT > $CMPOUT
if test $? != 0 ; then
- echo "test failed - master and slave databases differ"
+ echo "test failed - producer and consumer databases differ"
exit 1
fi
diff --git a/tests/scripts/test019-syncreplication-cascade b/tests/scripts/test019-syncreplication-cascade
index ff8e541c37d7c8a082184523fb7838b80518e284..9d7a256291c86acff17617f27a47709f7e30fcab 100755
--- a/tests/scripts/test019-syncreplication-cascade
+++ b/tests/scripts/test019-syncreplication-cascade
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test020-proxycache b/tests/scripts/test020-proxycache
index f28062bc9c251150b632dab5ff283261b48b3c21..070970af97b6f51ca929afc3ce3a0d6bb2a95849 100755
--- a/tests/scripts/test020-proxycache
+++ b/tests/scripts/test020-proxycache
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test021-certificate b/tests/scripts/test021-certificate
index 150df453fe75cfdba77251db3dd5c100a00ec329..a5dbb2f418658d506ca6943f3d24da4e3aad48f4 100755
--- a/tests/scripts/test021-certificate
+++ b/tests/scripts/test021-certificate
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
@@ -77,7 +77,7 @@ changetype: modify
add: objectClass
objectClass: extensibleObject
-
-add: cAcertificate
+add: cAcertificate;binary
cAcertificate;binary::
MIIDVDCCAr2gAwIBAgIBADANBgkqhkiG9w0BAQQFADB3MQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwg
@@ -103,7 +103,7 @@ changetype: modify
add: objectClass
objectClass: strongAuthenticationUser
-
-add: userCertificate
+add: userCertificate;binary
userCertificate;binary::
MIIDazCCAtSgAwIBAgIBAjANBgkqhkiG9w0BAQQFADB3MQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwg
@@ -130,7 +130,7 @@ changetype: modify
add: objectClass
objectClass: strongAuthenticationUser
-
-add: userCertificate
+add: userCertificate;binary
userCertificate;binary::
MIIDcDCCAtmgAwIBAgIBATANBgkqhkiG9w0BAQQFADB3MQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwg
diff --git a/tests/scripts/test022-ppolicy b/tests/scripts/test022-ppolicy
index a7ccc295a64d26db8a7696143bf41c7f29de1050..5f2f566c7250ef6d7dcf200cefed4ec4237de190 100755
--- a/tests/scripts/test022-ppolicy
+++ b/tests/scripts/test022-ppolicy
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test023-refint b/tests/scripts/test023-refint
index d1c9103484fdf6c21aba24a90865882a50ed611a..66050191b924ae81a0a4b46b62000f46a7b2c994 100755
--- a/tests/scripts/test023-refint
+++ b/tests/scripts/test023-refint
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 2004-2006 The OpenLDAP Foundation.
+## Copyright 2004-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test024-unique b/tests/scripts/test024-unique
index dff70391a812fda7b3b193e4f8d0c8f8d1cad0e1..3e17bddd2546a41c85e96ff5d1e0290d6d76eeb8 100755
--- a/tests/scripts/test024-unique
+++ b/tests/scripts/test024-unique
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 2004-2006 The OpenLDAP Foundation.
+## Copyright 2004-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test025-limits b/tests/scripts/test025-limits
index 14e9560a36fe1512996f76c4ee49eb212c3220fc..036c798a2a33bf883cfad68fc205dda79c921d71 100755
--- a/tests/scripts/test025-limits
+++ b/tests/scripts/test025-limits
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test026-dn b/tests/scripts/test026-dn
index 9e25d88ae94b57b8ff63ff1f06402a2ad8ed01c2..01bc2f8075d393aea7b07ceca0c8e06ffef6e304 100755
--- a/tests/scripts/test026-dn
+++ b/tests/scripts/test026-dn
@@ -1,7 +1,7 @@
#! /bin/sh
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 2004-2006 The OpenLDAP Foundation.
+## Copyright 2004-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test027-emptydn b/tests/scripts/test027-emptydn
index 9d0e7dfc10f4ed85a5b3c91e0c707d8730355c3f..7257cceca9311cb89df420d9fc0d9e28a040f3ba 100755
--- a/tests/scripts/test027-emptydn
+++ b/tests/scripts/test027-emptydn
@@ -1,7 +1,7 @@
#! /bin/sh
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 2004-2006 The OpenLDAP Foundation.
+## Copyright 2004-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test028-idassert b/tests/scripts/test028-idassert
index 772f3d5f87b1a238c627102ba3ce627cb3b0f026..e73ee6278c388cfbf06513cb5a0efc86143f1174 100755
--- a/tests/scripts/test028-idassert
+++ b/tests/scripts/test028-idassert
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test029-ldapglue b/tests/scripts/test029-ldapglue
index 233d1f2eab71a0fcb83c843f9934fbc57de7c9d1..9618fbf1b94447cc2437fd87370da2c7922e2c35 100755
--- a/tests/scripts/test029-ldapglue
+++ b/tests/scripts/test029-ldapglue
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test030-relay b/tests/scripts/test030-relay
index 413b0f25b88b3459751835d1b5c995cb4c61999c..07cf038bb881b5293724f52afa293ac0f6b17aaa 100755
--- a/tests/scripts/test030-relay
+++ b/tests/scripts/test030-relay
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test031-component-filter b/tests/scripts/test031-component-filter
index 421dce66449de73e654a8eac6fa553a5edd7cf19..7bf799570bfefe87ca66db23107cb24b32d0bbbc 100755
--- a/tests/scripts/test031-component-filter
+++ b/tests/scripts/test031-component-filter
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test032-chain b/tests/scripts/test032-chain
index e03d55d1da6e0887ada3af27a16ae775bbaa1064..e288fea8ad193c46fbc909c3779c8494d1c110fa 100755
--- a/tests/scripts/test032-chain
+++ b/tests/scripts/test032-chain
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test033-glue-syncrepl b/tests/scripts/test033-glue-syncrepl
index 613a9ee7e4568267f320ea1cfdfd736c5b28b690..104ec795b684738bb02df462eafa93034841d7cd 100755
--- a/tests/scripts/test033-glue-syncrepl
+++ b/tests/scripts/test033-glue-syncrepl
@@ -1,7 +1,7 @@
#! /bin/sh
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test034-translucent b/tests/scripts/test034-translucent
index 343528066a61d5a7e1a0b8fa871920676915ded5..d657b57c39aba4d3636cf430bed42af29f9dc3c9 100755
--- a/tests/scripts/test034-translucent
+++ b/tests/scripts/test034-translucent
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 2004-2006 The OpenLDAP Foundation.
+## Copyright 2004-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
@@ -550,6 +550,24 @@ if test $RC != 16 ; then
exit 1
fi
+echo "Testing delete: valid local record, remote attribute..."
+
+$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOF_MOD8
+version: 1
+dn: uid=danger,ou=users,o=translucent
+changetype: modify
+delete: initials
+EOF_MOD8
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed ($RC)"
+ grep "$FAILURE" $TESTOUT
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
echo "Testing modify: valid remote record, combination add-modify-delete..."
$LDAPMODIFY -v -D "$TRANSLUCENTROOT" -H $URI2 -w $PASSWD > \
diff --git a/tests/scripts/test035-meta b/tests/scripts/test035-meta
index 5bdc5ddc577a5460bf433c699e970a9a3727c11c..00737a788dc3dc31e464affd3c23ad916c94ac29 100755
--- a/tests/scripts/test035-meta
+++ b/tests/scripts/test035-meta
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
@@ -471,6 +471,8 @@ case $RC in
;;
esac
+# NOTE: cannot send to $SEARCHOUT because the returned entries
+# are not predictable...
echo "Checking server-enforced size limit..."
echo "# Checking server-enforced size limit..." >> $SEARCHOUT
$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 \
@@ -493,6 +495,8 @@ case $RC in
;;
esac
+# NOTE: cannot send to $SEARCHOUT because the returned entries
+# are not predictable...
echo "Checking client-requested size limit..."
echo "# Checking client-requested size limit..." >> $SEARCHOUT
$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 \
diff --git a/tests/scripts/test036-meta-concurrency b/tests/scripts/test036-meta-concurrency
index 76d48ac1c4aaf1e3d7ce5e2897f7db582f95deba..6ef14eb8caa60963c2053e5b4fefff52d45ccb59 100755
--- a/tests/scripts/test036-meta-concurrency
+++ b/tests/scripts/test036-meta-concurrency
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
@@ -198,7 +198,8 @@ done
echo "Using tester for concurrent server access..."
$SLAPDTESTER -P "$PROGDIR" -d "$TESTDIR/$DATADIR" -h $LOCALHOST -p $PORT3 \
- -D "cn=Manager,$METABASEDN" -w $PASSWD -l $TESTLOOPS -r 20 -FF
+ -D "cn=Manager,$METABASEDN" -w $PASSWD -l $TESTLOOPS -r 20 -FF \
+ -i '!REFERRAL'
RC=$?
if test $RC != 0 ; then
diff --git a/tests/scripts/test037-manage b/tests/scripts/test037-manage
index b50c7777dae166358a714ac6f9074a91ee16808c..7527e122e0a1277cbe9cb952d8c63583ec7bece5 100755
--- a/tests/scripts/test037-manage
+++ b/tests/scripts/test037-manage
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test038-retcode b/tests/scripts/test038-retcode
index 024437fcdf1117f7dd79238076871c222c9ecb9a..58cae30f9f983d568391351a5d9f7e1608053b6c 100755
--- a/tests/scripts/test038-retcode
+++ b/tests/scripts/test038-retcode
@@ -2,7 +2,7 @@
# $Header$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test039-glue-ldap-concurrency b/tests/scripts/test039-glue-ldap-concurrency
index c87c406bdd0e7d5afe5f7b40199d713e6a75acaa..00227556625a995c691a86b8a64ca761455c8f6a 100755
--- a/tests/scripts/test039-glue-ldap-concurrency
+++ b/tests/scripts/test039-glue-ldap-concurrency
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
@@ -180,7 +180,8 @@ done
echo "Using tester for concurrent server access..."
$SLAPDTESTER -P "$PROGDIR" -d "$TESTDIR/$DATADIR" -h $LOCALHOST -p $PORT3 \
-D "cn=Manager,$METABASEDN" -w $PASSWD \
- -l $TESTLOOPS -L $TESTOLOOPS -r 20 -FF
+ -l $TESTLOOPS -L $TESTOLOOPS -r 20 -FF \
+ -i '!REFERRAL'
RC=$?
if test $RC != 0 ; then
diff --git a/tests/scripts/test040-subtree-rename b/tests/scripts/test040-subtree-rename
index cbdb97eb79c7010a41f23a5f0135f9d078367c21..3d1246e94c836e4c48b8b66cd34d11be03d5fb07 100755
--- a/tests/scripts/test040-subtree-rename
+++ b/tests/scripts/test040-subtree-rename
@@ -2,7 +2,7 @@
# $OpenLDAP$ */
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test041-aci b/tests/scripts/test041-aci
index 8d6f9af8f06a6caab81a409925386efc1b281238..eaedc877744f9942b23439c9490d8c3664f50db4 100755
--- a/tests/scripts/test041-aci
+++ b/tests/scripts/test041-aci
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test042-valsort b/tests/scripts/test042-valsort
index a8f5a64fdf6f726563e8792a66beddc582ce2480..895a9d95074273243daedf80f243ea990c91c499 100755
--- a/tests/scripts/test042-valsort
+++ b/tests/scripts/test042-valsort
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 2004-2006 The OpenLDAP Foundation.
+## Copyright 2004-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test043-delta-syncrepl b/tests/scripts/test043-delta-syncrepl
index 6c0bf33d964e911b158e8f529415fa194eb71525..253d764067b29b7db0a7397da3752e88ebdeb2f1 100755
--- a/tests/scripts/test043-delta-syncrepl
+++ b/tests/scripts/test043-delta-syncrepl
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
@@ -34,15 +34,15 @@ mkdir -p $TESTDIR $DBDIR1A $DBDIR1B $DBDIR2
#
# Test replication:
-# - start master
-# - start slave
+# - start producer
+# - start consumer
# - populate over ldap
# - perform some modifies and deleted
-# - attempt to modify the slave (referral or chain)
+# - attempt to modify the consumer (referral or chain)
# - retrieve database over ldap and compare against expected results
#
-echo "Starting master slapd on TCP/IP port $PORT1..."
+echo "Starting producer slapd on TCP/IP port $PORT1..."
. $CONFFILTER $BACKEND $MONITORDB < $DSRMASTERCONF > $CONF1
$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
PID=$!
@@ -54,7 +54,7 @@ KILLPIDS="$PID"
sleep 1
-echo "Using ldapsearch to check that master slapd is running..."
+echo "Using ldapsearch to check that producer slapd is running..."
for i in 0 1 2 3 4 5; do
$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
'objectclass=*' > /dev/null 2>&1
@@ -72,7 +72,7 @@ if test $RC != 0 ; then
exit $RC
fi
-echo "Using ldapadd to create the context prefix entries in the master..."
+echo "Using ldapadd to create the context prefix entries in the producer..."
$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \
$LDIFORDEREDCP > /dev/null 2>&1
RC=$?
@@ -82,7 +82,7 @@ if test $RC != 0 ; then
exit $RC
fi
-echo "Starting slave slapd on TCP/IP port $PORT2..."
+echo "Starting consumer slapd on TCP/IP port $PORT2..."
. $CONFFILTER $BACKEND $MONITORDB < $DSRSLAVECONF > $CONF2
$SLAPD -f $CONF2 -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 &
SLAVEPID=$!
@@ -94,7 +94,7 @@ KILLPIDS="$KILLPIDS $SLAVEPID"
sleep 1
-echo "Using ldapsearch to check that slave slapd is running..."
+echo "Using ldapsearch to check that consumer slapd is running..."
for i in 0 1 2 3 4 5; do
$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT2 \
'objectclass=*' > /dev/null 2>&1
@@ -112,7 +112,7 @@ if test $RC != 0 ; then
exit $RC
fi
-echo "Using ldapadd to populate the master directory..."
+echo "Using ldapadd to populate the producer directory..."
$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \
$LDIFORDEREDNOCP > /dev/null 2>&1
RC=$?
@@ -139,7 +139,7 @@ KILLPIDS="$PID $SLAVEPID"
sleep 1
-echo "Using ldapsearch to check that master slapd is running..."
+echo "Using ldapsearch to check that producer slapd is running..."
for i in 0 1 2 3 4 5; do
$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
'objectclass=*' > /dev/null 2>&1
@@ -157,7 +157,7 @@ if test $RC != 0 ; then
exit $RC
fi
-echo "Using ldapmodify to modify master directory..."
+echo "Using ldapmodify to modify producer directory..."
#
# Do some modifications
@@ -235,7 +235,6 @@ dn: cn=James A Jones 2, ou=Information Technology Division, ou=People, dc=exampl
changetype: delete
EOMODS
-
RC=$?
if test $RC != 0 ; then
echo "ldapmodify failed ($RC)!"
@@ -250,8 +249,8 @@ echo "Stopping consumer to test recovery..."
kill -HUP $SLAVEPID
sleep 10
-echo "Modifying more entries on the master..."
-$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD >> \
+echo "Modifying more entries on the producer..."
+$LDAPMODIFY -v -D "$BJORNSDN" -h $LOCALHOST -p $PORT1 -w bjorn >> \
$TESTOUT 2>&1 << EOMODS
dn: cn=Rosco P. Coltrane, ou=Retired, ou=People, dc=example,dc=com
changetype: delete
@@ -268,6 +267,15 @@ sn: Coltrane
uid: rosco
cn: Rosco P. Coltrane
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+changetype: modify
+replace: drink
+
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+changetype: modrdn
+newrdn: cn=Some Staff
+deleteoldrdn: 1
+
EOMODS
echo "Restarting consumer..."
@@ -284,7 +292,7 @@ echo "Waiting 25 seconds for syncrepl to receive changes..."
sleep 25
if test ! $BACKLDAP = "ldapno" ; then
- echo "Try updating the slave slapd..."
+ echo "Try updating the consumer slapd..."
$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT2 -w $PASSWD > \
$TESTOUT 2>&1 << EOMODS
dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com
@@ -306,40 +314,40 @@ EOMODS
sleep 15
fi
-echo "Using ldapsearch to read all the entries from the master..."
+echo "Using ldapsearch to read all the entries from the producer..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
- 'objectclass=*' > $MASTEROUT 2>&1
+ 'objectclass=*' \* + > $MASTEROUT 2>&1
RC=$?
if test $RC != 0 ; then
- echo "ldapsearch failed at master ($RC)!"
+ echo "ldapsearch failed at producer ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
-echo "Using ldapsearch to read all the entries from the slave..."
+echo "Using ldapsearch to read all the entries from the consumer..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
- 'objectclass=*' > $SLAVEOUT 2>&1
+ 'objectclass=*' \* + > $SLAVEOUT 2>&1
RC=$?
if test $RC != 0 ; then
- echo "ldapsearch failed at slave ($RC)!"
+ echo "ldapsearch failed at consumer ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
test $KILLSERVERS != no && kill -HUP $KILLPIDS
-echo "Filtering master results..."
-. $LDIFFILTER < $MASTEROUT > $MASTERFLT
-echo "Filtering slave results..."
-. $LDIFFILTER < $SLAVEOUT > $SLAVEFLT
+echo "Filtering producer results..."
+. $LDIFFILTER < $MASTEROUT | grep -iv ^auditcontext: > $MASTERFLT
+echo "Filtering consumer results..."
+. $LDIFFILTER < $SLAVEOUT | grep -iv ^auditcontext: > $SLAVEFLT
-echo "Comparing retrieved entries from master and slave..."
+echo "Comparing retrieved entries from producer and consumer..."
$CMP $MASTERFLT $SLAVEFLT > $CMPOUT
if test $? != 0 ; then
- echo "test failed - master and slave databases differ"
+ echo "test failed - producer and consumer databases differ"
exit 1
fi
diff --git a/tests/scripts/test044-dynlist b/tests/scripts/test044-dynlist
index e1a5487f3b97770458fc6e15c391b0dfa9764188..ef3e94c8838fd38cd0f051878a2f71b3fb0d6ffa 100755
--- a/tests/scripts/test044-dynlist
+++ b/tests/scripts/test044-dynlist
@@ -1,7 +1,7 @@
#! /bin/sh
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test045-syncreplication-proxied b/tests/scripts/test045-syncreplication-proxied
index 47c9bad8cfdc4b5d76c84442086340a753f71181..40e7e4bc80af29fcc3e8893f39913fdb8abab507 100755
--- a/tests/scripts/test045-syncreplication-proxied
+++ b/tests/scripts/test045-syncreplication-proxied
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
@@ -174,13 +174,43 @@ if test $RC != 0 ; then
exit $RC
fi
-SLEEP=15
-echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
-sleep $SLEEP
+# get master contextCSN
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(objectClass=*)' -s base contextCSN > "${MASTEROUT}.$CHECK" 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed at master ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# check slave contextCSN
+sleep 1
+for i in 1 2 3; do
+ $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
+ '(objectClass=*)' -s base contextCSN > "${SLAVEOUT}.$CHECK" 2>&1
+ RC=$?
+
+ if test $RC != 0 ; then
+ echo "ldapsearch failed at slave ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ $CMP ${MASTEROUT}.$CHECK ${SLAVEOUT}.$CHECK > $CMPOUT
+
+ if test $? = 0 ; then
+ break
+ fi
+
+ SLEEP=5
+ echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
+ sleep $SLEEP
+done
#echo "Using ldapsearch to read all the entries from the master..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
- '(objectClass=*)' > "${MASTEROUT}.1" 2>&1
+ '(objectClass=*)' > "${MASTEROUT}.$CHECK" 2>&1
RC=$?
if test $RC != 0 ; then
@@ -191,7 +221,7 @@ fi
#echo "Using ldapsearch to read all the entries from the slave..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
- '(objectClass=*)' > "${SLAVEOUT}.1" 2>&1
+ '(objectClass=*)' > "${SLAVEOUT}.$CHECK" 2>&1
RC=$?
if test $RC != 0 ; then
@@ -201,9 +231,9 @@ if test $RC != 0 ; then
fi
#echo "Filtering master results..."
-. $LDIFFILTER < "${MASTEROUT}.1" > $MASTERFLT
+. $LDIFFILTER < "${MASTEROUT}.$CHECK" > $MASTERFLT
#echo "Filtering slave results..."
-. $LDIFFILTER < "${SLAVEOUT}.1" > $SLAVEFLT
+. $LDIFFILTER < "${SLAVEOUT}.$CHECK" > $SLAVEFLT
echo "$CHECK < Comparing retrieved entries from master and slave..."
$CMP $MASTERFLT $SLAVEFLT > $CMPOUT
@@ -337,13 +367,42 @@ if test $RC != 0 ; then
exit $RC
fi
-SLEEP=15
-echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
-sleep $SLEEP
+# get master contextCSN
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(objectClass=*)' -s base contextCSN > "${MASTEROUT}.$CHECK" 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed at master ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# check slave contextCSN
+for i in 1 2 3; do
+ SLEEP=5
+ echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
+ sleep $SLEEP
+
+ $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
+ '(objectClass=*)' -s base contextCSN > "${SLAVEOUT}.$CHECK" 2>&1
+ RC=$?
+
+ if test $RC != 0 ; then
+ echo "ldapsearch failed at slave ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ $CMP ${MASTEROUT}.$CHECK ${SLAVEOUT}.$CHECK > $CMPOUT
+
+ if test $? = 0 ; then
+ break
+ fi
+done
#echo "Using ldapsearch to read all the entries from the master..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
- '(objectClass=*)' > "${MASTEROUT}.2" 2>&1
+ '(objectClass=*)' > "${MASTEROUT}.$CHECK" 2>&1
RC=$?
if test $RC != 0 ; then
@@ -354,7 +413,7 @@ fi
#echo "Using ldapsearch to read all the entries from the slave..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
- '(objectClass=*)' > "${SLAVEOUT}.2" 2>&1
+ '(objectClass=*)' > "${SLAVEOUT}.$CHECK" 2>&1
RC=$?
if test $RC != 0 ; then
@@ -364,9 +423,9 @@ if test $RC != 0 ; then
fi
#echo "Filtering master results..."
-. $LDIFFILTER < "${MASTEROUT}.2" > $MASTERFLT
+. $LDIFFILTER < "${MASTEROUT}.$CHECK" > $MASTERFLT
#echo "Filtering slave results..."
-. $LDIFFILTER < "${SLAVEOUT}.2" > $SLAVEFLT
+. $LDIFFILTER < "${SLAVEOUT}.$CHECK" > $SLAVEFLT
echo "$CHECK < Comparing retrieved entries from master and slave..."
$CMP $MASTERFLT $SLAVEFLT > $CMPOUT
@@ -416,13 +475,42 @@ if test $WAIT != 0 ; then
fi
KILLPIDS="$MASTERPID $SLAVEPID $PROXYPID"
-SLEEP=25
-echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
-sleep $SLEEP
+# get master contextCSN
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(objectClass=*)' -s base contextCSN > "${MASTEROUT}.$CHECK" 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed at master ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# check slave contextCSN
+for i in 1 2 3 4 5; do
+ SLEEP=5
+ echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
+ sleep $SLEEP
+
+ $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
+ '(objectClass=*)' -s base contextCSN > "${SLAVEOUT}.$CHECK" 2>&1
+ RC=$?
+
+ if test $RC != 0 ; then
+ echo "ldapsearch failed at slave ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ $CMP ${MASTEROUT}.$CHECK ${SLAVEOUT}.$CHECK > $CMPOUT
+
+ if test $? = 0 ; then
+ break
+ fi
+done
#echo "Using ldapsearch to read all the entries from the master..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
- '(objectClass=*)' > "${MASTEROUT}.3" 2>&1
+ '(objectClass=*)' > "${MASTEROUT}.$CHECK" 2>&1
RC=$?
if test $RC != 0 ; then
@@ -433,7 +521,7 @@ fi
#echo "Using ldapsearch to read all the entries from the slave..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
- '(objectClass=*)' > "${SLAVEOUT}.3" 2>&1
+ '(objectClass=*)' > "${SLAVEOUT}.$CHECK" 2>&1
RC=$?
if test $RC != 0 ; then
@@ -443,9 +531,9 @@ if test $RC != 0 ; then
fi
#echo "Filtering master results..."
-. $LDIFFILTER < "${MASTEROUT}.3" > $MASTERFLT
+. $LDIFFILTER < "${MASTEROUT}.$CHECK" > $MASTERFLT
#echo "Filtering slave results..."
-. $LDIFFILTER < "${SLAVEOUT}.3" > $SLAVEFLT
+. $LDIFFILTER < "${SLAVEOUT}.$CHECK" > $SLAVEFLT
echo "$CHECK < Comparing retrieved entries from master and slave..."
$CMP $MASTERFLT $SLAVEFLT > $CMPOUT
@@ -475,13 +563,44 @@ if test $RC != 0 ; then
exit $RC
fi
-SLEEP=15
-echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
-sleep $SLEEP
+# get master contextCSN
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(objectClass=*)' -s base contextCSN > "${MASTEROUT}.$CHECK" 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed at master ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# check slave contextCSN
+sleep 1
+
+for i in 1 2 3; do
+ $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
+ '(objectClass=*)' -s base contextCSN > "${SLAVEOUT}.$CHECK" 2>&1
+ RC=$?
+
+ if test $RC != 0 ; then
+ echo "ldapsearch failed at slave ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ $CMP ${MASTEROUT}.$CHECK ${SLAVEOUT}.$CHECK > $CMPOUT
+
+ if test $? = 0 ; then
+ break
+ fi
+
+ SLEEP=5
+ echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
+ sleep $SLEEP
+done
#echo "Using ldapsearch to read all the entries from the master..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
- '(objectClass=*)' > "${MASTEROUT}.4" 2>&1
+ '(objectClass=*)' > "${MASTEROUT}.$CHECK" 2>&1
RC=$?
if test $RC != 0 ; then
@@ -492,7 +611,7 @@ fi
#echo "Using ldapsearch to read all the entries from the slave..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
-'(objectClass=*)' > "${SLAVEOUT}.4" 2>&1
+'(objectClass=*)' > "${SLAVEOUT}.$CHECK" 2>&1
RC=$?
if test $RC != 0 ; then
@@ -502,9 +621,9 @@ if test $RC != 0 ; then
fi
#echo "Filtering master results..."
-. $LDIFFILTER < "${MASTEROUT}.4" > $MASTERFLT
+. $LDIFFILTER < "${MASTEROUT}.$CHECK" > $MASTERFLT
#echo "Filtering slave results..."
-. $LDIFFILTER < "${SLAVEOUT}.4" > $SLAVEFLT
+. $LDIFFILTER < "${SLAVEOUT}.$CHECK" > $SLAVEFLT
echo "$CHECK < Comparing retrieved entries from master and slave..."
$CMP $MASTERFLT $SLAVEFLT > $CMPOUT
@@ -544,13 +663,43 @@ if test $WAIT != 0 ; then
fi
KILLPIDS="$MASTERPID $SLAVEPID $PROXYPID"
-SLEEP=25
-echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
-sleep $SLEEP
+# get master contextCSN
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(objectClass=*)' -s base contextCSN > "${MASTEROUT}.$CHECK" 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed at master ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# check slave contextCSN
+
+for i in 1 2 3 4 5; do
+ SLEEP=5
+ echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
+ sleep $SLEEP
+
+ $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
+ '(objectClass=*)' -s base contextCSN > "${SLAVEOUT}.$CHECK" 2>&1
+ RC=$?
+
+ if test $RC != 0 ; then
+ echo "ldapsearch failed at slave ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ $CMP ${MASTEROUT}.$CHECK ${SLAVEOUT}.$CHECK > $CMPOUT
+
+ if test $? = 0 ; then
+ break
+ fi
+done
#echo "Using ldapsearch to read all the entries from the master..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
- '(objectClass=*)' > "${MASTEROUT}.5" 2>&1
+ '(objectClass=*)' > "${MASTEROUT}.$CHECK" 2>&1
RC=$?
if test $RC != 0 ; then
@@ -561,7 +710,7 @@ fi
#echo "Using ldapsearch to read all the entries from the slave..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
- '(objectClass=*)' > "${SLAVEOUT}.5" 2>&1
+ '(objectClass=*)' > "${SLAVEOUT}.$CHECK" 2>&1
RC=$?
if test $RC != 0 ; then
@@ -571,9 +720,9 @@ if test $RC != 0 ; then
fi
#echo "Filtering master results..."
-. $LDIFFILTER < "${MASTEROUT}.5" > $MASTERFLT
+. $LDIFFILTER < "${MASTEROUT}.$CHECK" > $MASTERFLT
#echo "Filtering slave results..."
-. $LDIFFILTER < "${SLAVEOUT}.5" > $SLAVEFLT
+. $LDIFFILTER < "${SLAVEOUT}.$CHECK" > $SLAVEFLT
echo "$CHECK < Comparing retrieved entries from master and slave..."
$CMP $MASTERFLT $SLAVEFLT > $CMPOUT
@@ -656,13 +805,43 @@ if test $RC != 0 ; then
exit $RC
fi
-SLEEP=15
-echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
-sleep $SLEEP
+# get master contextCSN
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ '(objectClass=*)' -s base contextCSN > "${MASTEROUT}.$CHECK" 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed at master ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# check slave contextCSN
+sleep 1
+for i in 1 2 3; do
+ $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
+ '(objectClass=*)' -s base contextCSN > "${SLAVEOUT}.$CHECK" 2>&1
+ RC=$?
+
+ if test $RC != 0 ; then
+ echo "ldapsearch failed at slave ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ $CMP ${MASTEROUT}.$CHECK ${SLAVEOUT}.$CHECK > $CMPOUT
+
+ if test $? = 0 ; then
+ break
+ fi
+
+ SLEEP=5
+ echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
+ sleep $SLEEP
+done
#echo "Using ldapsearch to read all the entries from the master..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
- '(objectClass=*)' > "${MASTEROUT}.6" 2>&1
+ '(objectClass=*)' > "${MASTEROUT}.$CHECK" 2>&1
RC=$?
if test $RC != 0 ; then
@@ -673,7 +852,7 @@ fi
#echo "Using ldapsearch to read all the entries from the slave..."
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
- '(objectClass=*)' > "${SLAVEOUT}.6" 2>&1
+ '(objectClass=*)' > "${SLAVEOUT}.$CHECK" 2>&1
RC=$?
if test $RC != 0 ; then
@@ -683,9 +862,9 @@ if test $RC != 0 ; then
fi
#echo "Filtering master results..."
-. $LDIFFILTER < "${MASTEROUT}.6" > $MASTERFLT
+. $LDIFFILTER < "${MASTEROUT}.$CHECK" > $MASTERFLT
#echo "Filtering slave results..."
-. $LDIFFILTER < "${SLAVEOUT}.6" > $SLAVEFLT
+. $LDIFFILTER < "${SLAVEOUT}.$CHECK" > $SLAVEFLT
echo "$CHECK < Comparing retrieved entries from master and slave..."
$CMP $MASTERFLT $SLAVEFLT > $CMPOUT
diff --git a/tests/scripts/test046-dds b/tests/scripts/test046-dds
index c36800090abc194ab61c7cfbdefec40e05f3d874..d7b3a7b18e78af5d0b3665c033a1542b0ecc1086 100755
--- a/tests/scripts/test046-dds
+++ b/tests/scripts/test046-dds
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 2005-2006 The OpenLDAP Foundation.
+## Copyright 2005-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test047-ldap b/tests/scripts/test047-ldap
index f054805dd3dfae0b7f5188b239bb86fda59ef186..26f777ced8651669062e924e5f7511e42bb7bd0d 100755
--- a/tests/scripts/test047-ldap
+++ b/tests/scripts/test047-ldap
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
@@ -471,6 +471,8 @@ case $RC in
;;
esac
+# NOTE: cannot send to $SEARCHOUT because the returned entries
+# are not predictable...
echo "Checking server-enforced size limit..."
echo "# Checking server-enforced size limit..." >> $SEARCHOUT
$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 \
@@ -493,6 +495,8 @@ case $RC in
;;
esac
+# NOTE: cannot send to $SEARCHOUT because the returned entries
+# are not predictable...
echo "Checking client-requested size limit..."
echo "# Checking client-requested size limit..." >> $SEARCHOUT
$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 \
diff --git a/tests/scripts/test048-syncrepl-multiproxy b/tests/scripts/test048-syncrepl-multiproxy
index 00ee233cf4181fca49a1ea8559ad22ab245beb17..8cc3bac271861b2dc372e4197e321d02c5e99606 100755
--- a/tests/scripts/test048-syncrepl-multiproxy
+++ b/tests/scripts/test048-syncrepl-multiproxy
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2006 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
diff --git a/tests/scripts/test049-sync-config b/tests/scripts/test049-sync-config
new file mode 100755
index 0000000000000000000000000000000000000000..80406de47f7b70bb0bc232bd75512c868689fbc4
--- /dev/null
+++ b/tests/scripts/test049-sync-config
@@ -0,0 +1,360 @@
+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test $SYNCPROV = syncprovno; then
+ echo "Syncrepl provider overlay not available, test skipped"
+ exit 0
+fi
+
+PRODIR=$TESTDIR/pro
+CONDIR=$TESTDIR/con
+DBPRO=$PRODIR/db
+DBCON=$CONDIR/db
+CFPRO=$PRODIR/slapd.d
+CFCON=$CONDIR/slapd.d
+LOG1=slapd.1.log
+LOG2=slapd.2.log
+
+mkdir -p $TESTDIR $PRODIR $CONDIR $DBPRO $DBCON $CFPRO $CFCON
+
+#
+# Test replication of dynamic config:
+# - start producer
+# - start consumer
+# - configure over ldap
+# - populate over ldap
+# - configure syncrepl over ldap
+# - retrieve database over ldap and compare against expected results
+#
+
+echo "Starting producer slapd on TCP/IP port $PORT1..."
+$SLAPADD -F $CFPRO -n 0 -l $DYNAMICCONF
+cd $PRODIR
+$SLAPD -F ./slapd.d -h $URI1 -d $LVL $TIMING > ../$LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+cd ../..
+
+sleep 1
+
+echo "Using ldapsearch to check that producer slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "" -H $URI1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Inserting syncprov overlay on producer..."
+if [ "$SYNCPROV" = syncprovmod ]; then
+ $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1
+dn: cn=module,cn=config
+objectClass: olcModuleList
+cn: module
+olcModulePath: ../../../servers/slapd/overlays
+olcModuleLoad: syncprov.la
+EOF
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapadd failed for moduleLoad ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+fi
+CONFIGPW=`cat $CONFIGPWF`
+$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcDatabase={0}config,cn=config
+changetype: modify
+add: olcSyncRepl
+olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" bindmethod=simple
+ credentials=$CONFIGPW searchbase="cn=config" type=refreshOnly
+ interval=00:00:00:10
+-
+add: olcUpdateRef
+olcUpdateRef: $URI1
+
+dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config
+changetype: add
+objectClass: olcOverlayConfig
+objectClass: olcSyncProvConfig
+olcOverlay: syncprov
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed for syncrepl config ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting consumer slapd on TCP/IP port $PORT2..."
+$SLAPADD -F $CFCON -n 0 -l $DYNAMICCONF
+cd $CONDIR
+$SLAPD -F ./slapd.d -h $URI2 -d $LVL $TIMING > ../$LOG2 2>&1 &
+SLAVEPID=$!
+if test $WAIT != 0 ; then
+ echo SLAVEPID $SLAVEPID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $SLAVEPID"
+cd ../..
+
+sleep 1
+
+echo "Using ldapsearch to check that consumer slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "" -H $URI2 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Configuring syncrepl on consumer..."
+$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
+dn: olcDatabase={0}config,cn=config
+changetype: modify
+add: olcSyncRepl
+olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" bindmethod=simple
+ credentials=$CONFIGPW searchbase="cn=config" type=refreshOnly
+ interval=00:00:00:10
+-
+add: olcUpdateRef
+olcUpdateRef: $URI1
+EOF
+
+SLEEP=10
+echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
+sleep $SLEEP
+
+echo "Using ldapsearch to check that syncrepl received config changes..."
+RC=32
+for i in 0 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI2 -D cn=config -y $CONFIGPWF \
+ -s base -b "olcDatabase={0}config,cn=config" \
+ '(olcUpdateRef=*)' 2>&1 | awk '/^dn:/ {print "OK"}'`
+ if test "x$RESULT" = "xOK" ; then
+ RC=0
+ break
+ fi
+ echo "Waiting 5 seconds for syncrepl to receive changes..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Adding schema and databases on producer..."
+$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
+include: file:$SCHEMADIR/core.ldif
+
+include: file:$SCHEMADIR/cosine.ldif
+
+include: file:$SCHEMADIR/inetorgperson.ldif
+
+include: file:$SCHEMADIR/openldap.ldif
+
+include: file:$SCHEMADIR/nis.ldif
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed for schema config ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+if [ "$BACKENDTYPE" = mod ]; then
+ $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
+dn: cn=module,cn=config
+objectClass: olcModuleList
+cn: module
+olcModulePath: ../../../servers/slapd/back-$BACKEND
+olcModuleLoad: back_$BACKEND.la
+EOF
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapadd failed for backend config ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+fi
+
+$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
+dn: olcDatabase={1}$BACKEND,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc${BACKEND}Config
+olcDatabase: {1}$BACKEND
+olcSuffix: $BASEDN
+olcDbDirectory: ./db
+olcRootDN: $MANAGERDN
+olcRootPW: $PASSWD
+olcSyncRepl: rid=002 provider=$URI1 binddn="$MANAGERDN" bindmethod=simple
+ credentials=$PASSWD searchbase="$BASEDN" type=refreshOnly
+ interval=00:00:00:10
+olcUpdateRef: $URI1
+
+dn: olcOverlay=syncprov,olcDatabase={1}${BACKEND},cn=config
+changetype: add
+objectClass: olcOverlayConfig
+objectClass: olcSyncProvConfig
+olcOverlay: syncprov
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed for database config ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapadd to populate producer..."
+$LDAPADD -D "$MANAGERDN" -H $URI1 -w $PASSWD -f $LDIFORDERED \
+ >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed for database config ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+SLEEP=20
+echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
+sleep $SLEEP
+
+echo "Using ldapsearch to check that syncrepl received database changes..."
+RC=32
+for i in 0 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI2 \
+ -s base -b "cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com" \
+ '(objectClass=*)' 2>&1 | awk '/^dn:/ {print "OK"}'`
+ if test "x$RESULT" = "xOK" ; then
+ RC=0
+ break
+ fi
+ echo "Waiting 5 seconds for syncrepl to receive changes..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to read config from the producer..."
+$LDAPSEARCH -b cn=config -D cn=config -H $URI1 -y $CONFIGPWF \
+ 'objectclass=*' > $MASTEROUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed at producer ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to read config from the consumer..."
+$LDAPSEARCH -b cn=config -D cn=config -H $URI2 -y $CONFIGPWF \
+ 'objectclass=*' > $SLAVEOUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed at consumer ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Filtering producer results..."
+. $LDIFFILTER < $MASTEROUT > $MASTERFLT
+echo "Filtering consumer results..."
+. $LDIFFILTER < $SLAVEOUT > $SLAVEFLT
+
+echo "Comparing retrieved configs from producer and consumer..."
+$CMP $MASTERFLT $SLAVEFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "test failed - producer and consumer configs differ"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Using ldapsearch to read all the entries from the producer..."
+$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI1 -w $PASSWD \
+ 'objectclass=*' > $MASTEROUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed at producer ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to read all the entries from the consumer..."
+$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI2 -w $PASSWD \
+ 'objectclass=*' > $SLAVEOUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed at consumer ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo "Filtering producer results..."
+. $LDIFFILTER < $MASTEROUT > $MASTERFLT
+echo "Filtering consumer results..."
+. $LDIFFILTER < $SLAVEOUT > $SLAVEFLT
+
+echo "Comparing retrieved entries from producer and consumer..."
+$CMP $MASTERFLT $SLAVEFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "test failed - producer and consumer databases differ"
+ exit 1
+fi
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
diff --git a/tests/scripts/test050-syncrepl-multimaster b/tests/scripts/test050-syncrepl-multimaster
new file mode 100755
index 0000000000000000000000000000000000000000..1540244a25304a132be33a38324929c48b3569fc
--- /dev/null
+++ b/tests/scripts/test050-syncrepl-multimaster
@@ -0,0 +1,452 @@
+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test $SYNCPROV = syncprovno; then
+ echo "Syncrepl provider overlay not available, test skipped"
+ exit 0
+fi
+
+PRODIR=$TESTDIR/pro
+CONDIR=$TESTDIR/con
+DBPRO=$PRODIR/db
+DBCON=$CONDIR/db
+CFPRO=$PRODIR/slapd.d
+CFCON=$CONDIR/slapd.d
+LOG1=slapd.1.log
+LOG2=slapd.2.log
+
+mkdir -p $TESTDIR $PRODIR $CONDIR $DBPRO $DBCON $CFPRO $CFCON
+
+#
+# Test replication of dynamic config:
+# - start producer
+# - start consumer
+# - configure over ldap
+# - populate over ldap
+# - configure syncrepl over ldap
+# - retrieve database over ldap and compare against expected results
+#
+
+echo "Initializing server configurations..."
+$SLAPADD -F $CFCON -n 0 <<EOF
+dn: cn=config
+objectClass: olcGlobal
+cn: config
+olcServerID: 2
+
+dn: olcDatabase={0}config,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: {0}config
+olcRootPW:< file:configpw
+EOF
+
+$SLAPADD -F $CFPRO -n 0 <<EOF
+dn: cn=config
+objectClass: olcGlobal
+cn: config
+olcServerID: 1
+
+dn: olcDatabase={0}config,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: {0}config
+olcRootPW:< file:configpw
+EOF
+
+echo "Starting producer slapd on TCP/IP port $PORT1..."
+cd $PRODIR
+$SLAPD -F ./slapd.d -h $URI1 -d $LVL $TIMING > ../$LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+cd ../..
+
+sleep 1
+
+echo "Using ldapsearch to check that producer slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "" -H $URI1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Inserting syncprov overlay on producer..."
+if [ "$SYNCPROV" = syncprovmod ]; then
+ $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF > $TESTOUT 2>&1
+dn: cn=module,cn=config
+objectClass: olcModuleList
+cn: module
+olcModulePath: ../../../servers/slapd/overlays
+olcModuleLoad: syncprov.la
+EOF
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapadd failed for moduleLoad ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+fi
+#
+# Note that we configure a timeout here; it's possible for both
+# servers to attempt to bind to each other while a modify to
+# cn=config is in progress. When the modify pauses the thread pool
+# neither server will progress. The timeout will drop the syncrepl
+# attempt and allow the modifies to complete.
+#
+CONFIGPW=`cat $CONFIGPWF`
+$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: cn=config
+changetype: modify
+replace: olcServerID
+olcServerID: 1 $URI1
+olcServerID: 2 $URI2
+
+dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config
+changetype: add
+objectClass: olcOverlayConfig
+objectClass: olcSyncProvConfig
+olcOverlay: syncprov
+
+dn: olcDatabase={0}config,cn=config
+changetype: modify
+add: olcSyncRepl
+olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" bindmethod=simple
+ credentials=$CONFIGPW searchbase="cn=config" type=refreshAndPersist
+ retry="5 5 300 5" timeout=1
+olcSyncRepl: rid=002 provider=$URI2 binddn="cn=config" bindmethod=simple
+ credentials=$CONFIGPW searchbase="cn=config" type=refreshAndPersist
+ retry="5 5 300 5" timeout=1
+-
+add: olcMirrorMode
+olcMirrorMode: TRUE
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapmodify failed for syncrepl config ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Starting consumer slapd on TCP/IP port $PORT2..."
+cd $CONDIR
+$SLAPD -F ./slapd.d -h $URI2 -d $LVL $TIMING > ../$LOG2 2>&1 &
+SLAVEPID=$!
+if test $WAIT != 0 ; then
+ echo SLAVEPID $SLAVEPID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $SLAVEPID"
+cd ../..
+
+sleep 1
+
+echo "Using ldapsearch to check that consumer slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "" -H $URI2 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Configuring syncrepl on consumer..."
+$LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
+dn: olcDatabase={0}config,cn=config
+changetype: modify
+add: olcSyncRepl
+olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" bindmethod=simple
+ credentials=$CONFIGPW searchbase="cn=config" type=refreshAndPersist
+ retry="5 5 300 5" timeout=1
+olcSyncRepl: rid=002 provider=$URI2 binddn="cn=config" bindmethod=simple
+ credentials=$CONFIGPW searchbase="cn=config" type=refreshAndPersist
+ retry="5 5 300 5" timeout=1
+-
+add: olcMirrorMode
+olcMirrorMode: TRUE
+EOF
+
+echo "Adding schema and databases on producer..."
+$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
+include: file:$SCHEMADIR/core.ldif
+
+include: file:$SCHEMADIR/cosine.ldif
+
+include: file:$SCHEMADIR/inetorgperson.ldif
+
+include: file:$SCHEMADIR/openldap.ldif
+
+include: file:$SCHEMADIR/nis.ldif
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed for schema config ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+if [ "$BACKENDTYPE" = mod ]; then
+ $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
+dn: cn=module,cn=config
+objectClass: olcModuleList
+cn: module
+olcModulePath: ../../../servers/slapd/back-$BACKEND
+olcModuleLoad: back_$BACKEND.la
+EOF
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapadd failed for backend config ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+fi
+
+$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
+dn: olcDatabase={1}$BACKEND,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olc${BACKEND}Config
+olcDatabase: {1}$BACKEND
+olcSuffix: $BASEDN
+olcDbDirectory: ./db
+olcRootDN: $MANAGERDN
+olcRootPW: $PASSWD
+olcSyncRepl: rid=003 provider=$URI1 binddn="$MANAGERDN" bindmethod=simple
+ credentials=$PASSWD searchbase="$BASEDN" type=refreshOnly
+ interval=00:00:00:10 retry="5 5 300 5" timeout=1
+olcSyncRepl: rid=004 provider=$URI2 binddn="$MANAGERDN" bindmethod=simple
+ credentials=$PASSWD searchbase="$BASEDN" type=refreshOnly
+ interval=00:00:00:10 retry="5 5 300 5" timeout=1
+olcMirrorMode: TRUE
+
+dn: olcOverlay=syncprov,olcDatabase={1}${BACKEND},cn=config
+changetype: add
+objectClass: olcOverlayConfig
+objectClass: olcSyncProvConfig
+olcOverlay: syncprov
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed for database config ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapadd to populate producer..."
+$LDAPADD -D "$MANAGERDN" -H $URI1 -w $PASSWD -f $LDIFORDERED \
+ >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd failed for database config ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+SLEEP=20
+echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
+sleep $SLEEP
+
+echo "Using ldapsearch to check that syncrepl received database changes..."
+RC=32
+for i in 0 1 2 3 4 5; do
+ RESULT=`$LDAPSEARCH -H $URI2 \
+ -s base -b "cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com" \
+ '(objectClass=*)' 2>&1 | awk '/^dn:/ {print "OK"}'`
+ if test "x$RESULT" = "xOK" ; then
+ RC=0
+ break
+ fi
+ echo "Waiting 5 seconds for syncrepl to receive changes..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to read config from the producer..."
+$LDAPSEARCH -b cn=config -D cn=config -H $URI1 -y $CONFIGPWF \
+ 'objectclass=*' > $MASTEROUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed at producer ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to read config from the consumer..."
+$LDAPSEARCH -b cn=config -D cn=config -H $URI2 -y $CONFIGPWF \
+ 'objectclass=*' > $SLAVEOUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed at consumer ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Filtering producer results..."
+. $LDIFFILTER < $MASTEROUT > $MASTERFLT
+echo "Filtering consumer results..."
+. $LDIFFILTER < $SLAVEOUT > $SLAVEFLT
+
+echo "Comparing retrieved configs from producer and consumer..."
+$CMP $MASTERFLT $SLAVEFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "test failed - producer and consumer configs differ"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+fi
+
+echo "Using ldapsearch to read all the entries from the producer..."
+$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI1 -w $PASSWD \
+ 'objectclass=*' > $MASTEROUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed at producer ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Using ldapsearch to read all the entries from the consumer..."
+$LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI2 -w $PASSWD \
+ 'objectclass=*' > $SLAVEOUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed at consumer ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo "Filtering producer results..."
+. $LDIFFILTER < $MASTEROUT > $MASTERFLT
+echo "Filtering consumer results..."
+. $LDIFFILTER < $SLAVEOUT > $SLAVEFLT
+
+echo "Comparing retrieved entries from producer and consumer..."
+$CMP $MASTERFLT $SLAVEFLT > $CMPOUT
+
+if test $? != 0 ; then
+ echo "test failed - producer and consumer databases differ"
+ exit 1
+fi
+
+test $KILLSERVERS != no && wait
+
+echo "Restarting servers..."
+echo "Starting producer slapd on TCP/IP port $PORT1..."
+cd $PRODIR
+echo "======================= RESTART =======================" >> ../$LOG1
+$SLAPD -F ./slapd.d -h $URI1 -d $LVL $TIMING >> ../$LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+cd ../..
+echo "Using ldapsearch to check that producer slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "" -H $URI1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+#exit 0
+echo "Starting consumer slapd on TCP/IP port $PORT2..."
+cd $CONDIR
+echo "======================= RESTART =======================" >> ../$LOG2
+$SLAPD -F ./slapd.d -h $URI2 -d $LVL $TIMING >> ../$LOG2 2>&1 &
+SLAVEPID=$!
+if test $WAIT != 0 ; then
+ echo SLAVEPID $SLAVEPID
+ read foo
+fi
+KILLPIDS="$KILLPIDS $SLAVEPID"
+cd ../..
+
+sleep 1
+
+echo "Using ldapsearch to check that consumer slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "" -H $URI2 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# Insert modifications and more tests here.
+SLEEP=10
+echo "Waiting $SLEEP seconds for servers to resync..."
+sleep $SLEEP
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
diff --git a/tests/scripts/test051-config-undo b/tests/scripts/test051-config-undo
new file mode 100755
index 0000000000000000000000000000000000000000..825a1159093cefcddb087a22df7597cb9de9da73
--- /dev/null
+++ b/tests/scripts/test051-config-undo
@@ -0,0 +1,114 @@
+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2006 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+mkdir -p $TESTDIR $DBDIR1
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $UNDOCONF > $CONF1
+$SLAPADD -f $CONF1 <<EOF
+dn: o=undo
+objectClass: organization
+o: undo
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+mkdir testrun/confdir
+$SLAPD -f $CONF1 -F testrun/confdir -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+ echo PID $PID
+ read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting 5 seconds for slapd to start..."
+ sleep 5
+done
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo Dynamically assaulting the schema
+$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \
+ > $TESTOUT 2>&1 <<EOF
+dn: cn={0}core,cn=schema,cn=config
+changetype: modify
+replace: olcObjectClasses
+olcObjectClasses: ( rawr )
+-
+EOF
+RC=$?
+if test $RC != 80 ; then
+ echo "invalid objectclass modify allowed ($RC)"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+fi
+
+$LDAPMODIFY -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF \
+ > $TESTOUT 2>&1 <<EOF
+dn: cn={0}core,cn=schema,cn=config
+changetype: modify
+replace: olcAttributeTypes
+olcAttributeTypes: ( rawr )
+-
+EOF
+RC=$?
+if test $RC != 80 ; then
+ echo "invalid attributeType modify allowed ($RC)"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+fi
+
+echo Surveying the damage
+$LDAPMODIFY -D cn=manager,o=undo -w secret -h $LOCALHOST -p $PORT1 <<EOF
+dn: o=foo,o=undo
+changetype: add
+objectClass: organization
+o: foo
+
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "schema destroyed by an unsuccessful operation"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0