Lots of fixes from HEAD

servers/slapd/back-bdb/back-bdb.h

@@ -160,7 +160,7 @@ struct bdb_op_info {
 	int		boi_acl_cache;
 };
 
-#define	DB_OPEN(db, file, name, type, flags, mode) \
+#define	DB_OPEN(db, txn, file, name, type, flags, mode) \
 	(db)->open(db, file, name, type, flags, mode)
 
 #if DB_VERSION_MAJOR < 4
@@ -191,8 +191,8 @@ struct bdb_op_info {
 /* BDB 4.1.17 adds txn arg to db->open */
 #if DB_VERSION_MINOR > 1 || DB_VERSION_PATCH >= 17
 #undef DB_OPEN
-#define	DB_OPEN(db, file, name, type, flags, mode) \
-	(db)->open(db, NULL, file, name, type, (flags)|DB_AUTO_COMMIT, mode)
+#define	DB_OPEN(db, txn, file, name, type, flags, mode) \
+	(db)->open(db, txn, file, name, type, flags, mode)
 #endif
 
 #define BDB_REUSE_LOCKERS

servers/slapd/back-bdb/dbcache.c

@@ -46,11 +46,13 @@ bdb_db_hash(
 int
 bdb_db_cache(
 	Backend	*be,
+	DB_TXN *tid,
 	const char *name,
 	DB **dbout )
 {
 	int i;
 	int rc;
+	int flags;
 	struct bdb_info *bdb = (struct bdb_info *) be->be_private;
 	struct bdb_db_info *db;
 	char *file;
@@ -110,9 +112,11 @@ bdb_db_cache(
 #ifdef HAVE_EBCDIC
 	__atoe( file );
 #endif
-	rc = DB_OPEN( db->bdi_db,
+	flags = bdb->bi_db_opflags | DB_CREATE | DB_THREAD;
+	if ( !tid ) flags |= DB_AUTO_COMMIT;
+	rc = DB_OPEN( db->bdi_db, tid,
 		file, name,
-		DB_HASH, bdb->bi_db_opflags | DB_CREATE | DB_THREAD,
+		DB_HASH, flags,
 		bdb->bi_dbenv_mode );
 
 	ch_free( file );

servers/slapd/back-bdb/id2entry.c

@@ -24,13 +24,14 @@ int bdb_id2entry_put(
 	struct berval bv;
 	int rc;
 #ifdef BDB_HIER
-	char *odn, *ondn;
+	struct berval odn, ondn;
 
 	/* We only store rdns, and they go in the id2parent database. */
 
-	odn = e->e_dn; ondn = e->e_ndn;
+	odn = e->e_name; ondn = e->e_nname;
 
-	e->e_dn = ""; e->e_ndn = "";
+	e->e_name = slap_empty_bv;
+	e->e_nname = slap_empty_bv;
 #endif
 	DBTzero( &key );
 	key.data = (char *) &e->e_id;
@@ -38,7 +39,7 @@ int bdb_id2entry_put(
 
 	rc = entry_encode( e, &bv );
 #ifdef BDB_HIER
-	e->e_dn = odn; e->e_ndn = ondn;
+	e->e_name = odn; e->e_nname = ondn;
 #endif
 	if( rc != LDAP_SUCCESS ) {
 		return -1;

servers/slapd/back-bdb/index.c

@@ -103,7 +103,7 @@ int bdb_index_param(
 		return LDAP_INAPPROPRIATE_MATCHING;
 	}
 
-	rc = bdb_db_cache( be, dbname, &db );
+	rc = bdb_db_cache( be, NULL, dbname, &db );
 
 	if( rc != LDAP_SUCCESS ) {
 		return rc;
@@ -165,7 +165,7 @@ static int indexer(
 
 	assert( mask );
 
-	rc = bdb_db_cache( be, dbname, &db );
+	rc = bdb_db_cache( be, txn, dbname, &db );
 	
 	if ( rc != LDAP_SUCCESS ) {
 #ifdef NEW_LOGGING

servers/slapd/back-bdb/init.c

@@ -380,18 +380,18 @@ bdb_db_open( BackendDB *be )
 #ifdef HAVE_EBCDIC
 		strcpy( path, bdbi_databases[i].file );
 		__atoe( path );
-		rc = DB_OPEN( db->bdi_db, 
+		rc = DB_OPEN( db->bdi_db, NULL,
 			path,
 		/*	bdbi_databases[i].name, */ NULL,
 			bdbi_databases[i].type,
-			bdbi_databases[i].flags | flags,
+			bdbi_databases[i].flags | flags | DB_AUTO_COMMIT,
 			bdb->bi_dbenv_mode );
 #else
-		rc = DB_OPEN( db->bdi_db, 
+		rc = DB_OPEN( db->bdi_db, NULL,
 			bdbi_databases[i].file,
 		/*	bdbi_databases[i].name, */ NULL,
 			bdbi_databases[i].type,
-			bdbi_databases[i].flags | flags,
+			bdbi_databases[i].flags | flags | DB_AUTO_COMMIT,
 			bdb->bi_dbenv_mode );
 #endif
 

servers/slapd/back-bdb/passwd.c

@@ -38,8 +38,8 @@ bdb_exop_passwd(
 	struct berval id = { 0, NULL };
 	struct berval new = { 0, NULL };
 
-	struct berval dn;
-	struct berval ndn;
+	struct berval dn = { 0, NULL };
+	struct berval ndn = { 0, NULL };
 
 	u_int32_t	locker = 0;
 	DB_LOCK		lock;
@@ -276,6 +276,10 @@ done:
 		free( hash.bv_val );
 	}
 
+	if( ndn.bv_val != NULL ) {
+		free( ndn.bv_val );
+	}
+
 	if( ltid != NULL ) {
 		TXN_ABORT( ltid );
 		op->o_private = NULL;

servers/slapd/back-bdb/proto-bdb.h

@@ -51,6 +51,7 @@ BI_acl_attribute bdb_attribute;
 int
 bdb_db_cache(
     Backend	*be,
+    DB_TXN *tid,
     const char *name,
 	DB **db );
 

servers/slapd/back-bdb/search.c

@@ -343,13 +343,13 @@ dn2entry_retry:
 			scope, deref, candidates );
 	}
 
-	/* need normalized dn below */
-	ber_dupbv( &realbase, &e->e_nname );
-
 	/* start cursor at beginning of candidates.
 	 */
 	cursor = 0;
 
+	/* need normalized dn below */
+	ber_dupbv( &realbase, &e->e_nname );
+
 	if ( e != &slap_entry_root ) {
 		bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
 	}

servers/slapd/back-ldbm/passwd.c

@@ -38,8 +38,8 @@ ldbm_back_exop_passwd(
 	struct berval id = { 0, NULL };
 	struct berval new = { 0, NULL };
 
-	struct berval dn;
-	struct berval ndn;
+	struct berval dn = { 0, NULL };
+	struct berval ndn = { 0, NULL };
 
 	assert( reqoid != NULL );
 	assert( strcmp( LDAP_EXOP_MODIFY_PASSWD, reqoid ) == 0 );

servers/slapd/dn.c

@@ -266,6 +266,11 @@ LDAPDN_rewrite( LDAPDN *dn, unsigned flags )
 			ava->la_attr = ad->ad_cname;
 
 			if( ava->la_flags & LDAP_AVA_BINARY ) {
+				if( ava->la_value.bv_len == 0 ) {
+					/* BER encoding is empty */
+					return LDAP_INVALID_SYNTAX;
+				}
+
 				/* AVA is binary encoded, don't muck with it */
 				validf = NULL;
 				transf = NULL;

servers/slapd/entry.c

@@ -524,7 +524,7 @@ int entry_encode(Entry *e, struct berval *bv)
 		    entry_putlen(&ptr, i);
 		    for (i=0; a->a_vals[i].bv_val; i++) {
 			entry_putlen(&ptr, a->a_vals[i].bv_len);
-			memcpy(ptr, a->a_vals[i].bv_val,
+			AC_MEMCPY(ptr, a->a_vals[i].bv_val,
 				a->a_vals[i].bv_len);
 			ptr += a->a_vals[i].bv_len;
 			*ptr++ = '\0';
@@ -537,7 +537,7 @@ int entry_encode(Entry *e, struct berval *bv)
 
 /* Retrieve an Entry that was stored using entry_encode above.
  * We malloc a single block with the size stored above for the Entry
- * and all if its Attributes. We also must lookup the stored
+ * and all of its Attributes. We also must lookup the stored
  * attribute names to get AttributeDescriptions. To detect if the
  * attributes of an Entry are later modified, we note that e->e_attr
  * is always a constant offset from (e).

servers/slapd/sasl.c

@@ -349,13 +349,16 @@ sasl_ap_lookup(
 		}
 		a = attr_find( e->e_attrs, ad );
 		if ( !a ) continue;
-		if ( ! access_allowed( be, conn, op, e, ad, NULL, ACL_AUTH, NULL ) )
+		if ( ! access_allowed( be, conn, op, e, ad, NULL, ACL_AUTH, NULL ) ) {
 			continue;
-		if ( sl->list[i].values && ( sl->flags & SASL_AUXPROP_OVERRIDE ) )
-			sl->sparams->utils->prop_erase( sl->sparams->propctx, sl->list[i].name );
+		}
+		if ( sl->list[i].values && ( sl->flags & SASL_AUXPROP_OVERRIDE ) ) {
+			sl->sparams->utils->prop_erase( sl->sparams->propctx,
+			sl->list[i].name );
+		}
 		for ( bv = a->a_vals; bv->bv_val; bv++ ) {
-			sl->sparams->utils->prop_set( sl->sparams->propctx, sl->list[i].name,
-				bv->bv_val, bv->bv_len );
+			sl->sparams->utils->prop_set( sl->sparams->propctx,
+				sl->list[i].name, bv->bv_val, bv->bv_len );
 		}
 	}
 	return LDAP_SUCCESS;

servers/slapd/schema_check.c

@@ -845,15 +845,23 @@ entry_naming_check(
 			snprintf( textbuf, textlen, 
 				"naming attribute '%s' is not present in entry",
 				ava->la_attr.bv_val );
-			rc = LDAP_NO_SUCH_ATTRIBUTE;
+			rc = LDAP_NAMING_VIOLATION;
 			break;
 		}
 
+ 
+		if( ava->la_flags & LDAP_AVA_BINARY ) {
+			snprintf( textbuf, textlen, 
+				"value of naming attribute '%s' in unsupported BER form",
+				ava->la_attr.bv_val );
+			rc = LDAP_NAMING_VIOLATION;
+		}
+
 		if ( value_find( desc, attr->a_vals, &ava->la_value ) != 0 ) {
 			snprintf( textbuf, textlen, 
 				"value of naming attribute '%s' is not present in entry",
 				ava->la_attr.bv_val );
-			rc = LDAP_NO_SUCH_ATTRIBUTE;
+			rc = LDAP_NAMING_VIOLATION;
 			break;
 		}
 	}

servers/slapd/slapd.conf

@@ -64,7 +64,8 @@ rootdn		"cn=Manager,dc=my-domain,dc=com"
 # Use of strong authentication encouraged.
 rootpw		secret
 # The database directory MUST exist prior to running slapd AND 
-# should only be accessible by the slapd/tools. Mode 700 recommended.
+# should only be accessible by the slapd and slap tools.
+# Mode 700 recommended.
 directory	%LOCALSTATEDIR%/openldap-data
 # Indices to maintain
 index	objectClass	eq