Commit cdf2811a authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Suck in latest from HEAD including modrdn fixes, lint removal

parent 8c350fd8
......@@ -3,10 +3,10 @@ OpenLDAP 2.1 Change Log
OpenLDAP 2.1.10 Release
Fixed slapd acl/group value_find_ex() bug (ITS#2227)
Fixed slapd empty values return filter control bug (ITS#2219)
Fixed slapd empty oid control bug
Fixed slapd NameAndOptionalUID bug
Fixed slapd reentant gethostbyname bug
Fixed slapd SASL/EXTERNAL handling
Fixed slapd SASL/EXTERNAL handling (ITS#2234)
Fixed ldbm/bdb modrdn replog bug (ITS#2235)
Fixed ldapsearch empty baseObject bug
Fixed libldap_r thread stack size
Fixed libldap SASL/EXTERNAL handling
......
......@@ -211,9 +211,9 @@ dn2entry_retry:
goto done;
}
if ( ! access_allowed( be, conn, op, e,
password, NULL, ACL_AUTH, NULL ) )
{
rc = access_allowed( be, conn, op, e,
password, NULL, ACL_AUTH, NULL );
if ( ! rc ) {
send_ldap_result( conn, op, rc = LDAP_INSUFFICIENT_ACCESS,
NULL, NULL, NULL, NULL );
goto done;
......@@ -242,9 +242,9 @@ dn2entry_retry:
goto done;
}
if ( ! access_allowed( be, conn, op, e,
krbattr, NULL, ACL_AUTH, NULL ) )
{
rc = access_allowed( be, conn, op, e,
krbattr, NULL, ACL_AUTH, NULL );
if ( ! rc ) {
send_ldap_result( conn, op, rc = LDAP_INSUFFICIENT_ACCESS,
NULL, NULL, NULL, NULL );
goto done;
......
......@@ -110,9 +110,9 @@ dn2entry_retry:
goto done;
}
if ( ! access_allowed( be, conn, op, e,
ava->aa_desc, &ava->aa_value, ACL_COMPARE, NULL ) )
{
rc = access_allowed( be, conn, op, e,
ava->aa_desc, &ava->aa_value, ACL_COMPARE, NULL );
if ( ! rc ) {
rc = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
......@@ -129,7 +129,6 @@ dn2entry_retry:
rc = LDAP_COMPARE_TRUE;
break;
}
}
return_results:
......
......@@ -38,7 +38,7 @@ bdb_modrdn(
/* LDAP v2 supporting correct attribute handling. */
LDAPRDN *new_rdn = NULL;
LDAPRDN *old_rdn = NULL;
int rc;
int rc;
const char *text;
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof textbuf;
......@@ -188,8 +188,7 @@ retry: /* transaction retry */
}
/* check write on old entry */
rc = access_allowed( be, conn, op, e,
entry, NULL, ACL_WRITE, NULL );
rc = access_allowed( be, conn, op, e, entry, NULL, ACL_WRITE, NULL );
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
......@@ -205,6 +204,7 @@ retry: /* transaction retry */
Debug( LDAP_DEBUG_TRACE, "no access to entry\n", 0,
0, 0 );
#endif
text = "no write access to old entry";
rc = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
......@@ -267,13 +267,16 @@ retry: /* transaction retry */
0, 0, 0);
#endif
rc = LDAP_OTHER;
text = "old entry's parent does not exist";
goto return_results;
}
/* check parent for "children" acl */
if ( ! access_allowed( be, conn, op, p,
children, NULL, ACL_WRITE, NULL ) )
{
rc = access_allowed( be, conn, op, p,
children, NULL, ACL_WRITE, NULL );
if ( ! rc ) {
rc = LDAP_INSUFFICIENT_ACCESS;
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
"==>bdb_modrdn: no access to parent\n", 0, 0, 0 );
......@@ -281,8 +284,7 @@ retry: /* transaction retry */
Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
0, 0 );
#endif
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
NULL, NULL, NULL, NULL );
text = "no write access to old parent's children";
goto return_results;
}
......@@ -325,8 +327,8 @@ retry: /* transaction retry */
p = NULL;
if ( ! rc )
{
if ( ! rc ) {
rc = LDAP_INSUFFICIENT_ACCESS;
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
"==>bdb_modrdn: no access to parent\n", 0, 0, 0 );
......@@ -335,9 +337,7 @@ retry: /* transaction retry */
"no access to parent\n",
0, 0, 0 );
#endif
send_ldap_result( conn, op,
LDAP_INSUFFICIENT_ACCESS,
NULL, NULL, NULL, NULL );
text = "no write access to old parent";
goto return_results;
}
......@@ -374,6 +374,7 @@ retry: /* transaction retry */
"& \"\" is not suffix\n",
0, 0, 0);
#endif
text = "no write access to old parent";
rc = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
......@@ -407,6 +408,7 @@ retry: /* transaction retry */
newSuperior = NULL; /* ignore newSuperior */
}
}
if ( newSuperior != NULL ) {
if ( newSuperior->bv_len ) {
np_dn = newSuperior;
......@@ -445,6 +447,7 @@ retry: /* transaction retry */
"bdb_modrdn: newSup(ndn=%s) not here!\n",
np_ndn->bv_val, 0, 0);
#endif
text = "new superior not found";
rc = LDAP_OTHER;
goto return_results;
}
......@@ -460,7 +463,10 @@ retry: /* transaction retry */
#endif
/* check newSuperior for "children" acl */
if ( !access_allowed( be, conn, op, np, children, NULL, ACL_WRITE, NULL ) ) {
rc = access_allowed( be, conn, op, np, children,
NULL, ACL_WRITE, NULL );
if( ! rc ) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, DETAIL1,
"==>bdb_modrdn: no wr to newSup children\n", 0, 0, 0 );
......@@ -469,6 +475,7 @@ retry: /* transaction retry */
"bdb_modrdn: no wr to newSup children\n",
0, 0, 0 );
#endif
text = "no write access to new superior's children";
rc = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
......@@ -483,7 +490,7 @@ retry: /* transaction retry */
Debug( LDAP_DEBUG_TRACE, "bdb_modrdn: entry is alias\n",
0, 0, 0 );
#endif
text = "new superior is an alias";
rc = LDAP_ALIAS_PROBLEM;
goto return_results;
}
......@@ -498,7 +505,7 @@ retry: /* transaction retry */
Debug( LDAP_DEBUG_TRACE, "bdb_modrdn: entry is referral\n",
0, 0, 0 );
#endif
text = "new superior is a referral";
rc = LDAP_OTHER;
goto return_results;
}
......@@ -522,8 +529,8 @@ retry: /* transaction retry */
np = NULL;
if ( ! rc )
{
if ( ! rc ) {
rc = LDAP_INSUFFICIENT_ACCESS;
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
"==>bdb_modrdn: no access to superior\n", 0, 0, 0 );
......@@ -532,9 +539,7 @@ retry: /* transaction retry */
"no access to new superior\n",
0, 0, 0 );
#endif
send_ldap_result( conn, op,
LDAP_INSUFFICIENT_ACCESS,
NULL, NULL, NULL, NULL );
text = "no write access to new superior's children";
goto return_results;
}
......@@ -558,6 +563,7 @@ retry: /* transaction retry */
"& \"\" is not suffix\n",
0, 0, 0);
#endif
text = "no write access to new superior's children";
rc = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
......
......@@ -37,8 +37,8 @@ dn2id_add(
assert( id != NOID );
if ( (db = ldbm_cache_open( be, "dn2id", LDBM_SUFFIX, LDBM_WRCREAT ))
== NULL ) {
db = ldbm_cache_open( be, "dn2id", LDBM_SUFFIX, LDBM_WRCREAT );
if ( db == NULL ) {
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ERR,
"dn2id_add: couldn't open/create dn2id%s\n", LDBM_SUFFIX, 0, 0 );
......@@ -57,7 +57,8 @@ dn2id_add(
buf[0] = DN_BASE_PREFIX;
ptr.bv_val = buf + 1;
ptr.bv_len = dn->bv_len;
strcpy( ptr.bv_val, dn->bv_val );
AC_MEMCPY( ptr.bv_val, dn->bv_val, dn->bv_len );
ptr.bv_val[ dn->bv_len ] = '\0';
ldbm_datum_init( data );
data.dptr = (char *) &id;
......@@ -121,6 +122,7 @@ dn2id(
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
DBCache *db;
Datum key, data;
unsigned char *tmp;
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ENTRY, "dn2id: (%s)\n", dn->bv_val, 0, 0 );
......@@ -131,7 +133,8 @@ dn2id(
assert( idp );
/* first check the cache */
if ( (*idp = cache_find_entry_ndn2id( be, &li->li_cache, dn )) != NOID ) {
*idp = cache_find_entry_ndn2id( be, &li->li_cache, dn );
if ( *idp != NOID ) {
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, DETAIL1, "dn2id: (%s)%ld in cache.\n", dn, *idp, 0 );
#else
......@@ -142,8 +145,8 @@ dn2id(
return( 0 );
}
if ( (db = ldbm_cache_open( be, "dn2id", LDBM_SUFFIX, LDBM_WRCREAT ))
== NULL ) {
db = ldbm_cache_open( be, "dn2id", LDBM_SUFFIX, LDBM_WRCREAT );
if ( db == NULL ) {
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ERR,
"dn2id: couldn't open dn2id%s\n", LDBM_SUFFIX, 0, 0 );
......@@ -163,7 +166,11 @@ dn2id(
key.dsize = dn->bv_len + 2;
key.dptr = ch_malloc( key.dsize );
sprintf( key.dptr, "%c%s", DN_BASE_PREFIX, dn->bv_val );
tmp = (unsigned char *)key.dptr;
tmp[0] = DN_BASE_PREFIX;
tmp++;
AC_MEMCPY( tmp, dn->bv_val, dn->bv_len );
tmp[dn->bv_len] = '\0';
data = ldbm_cache_fetch( db, key );
......@@ -207,6 +214,7 @@ dn2idl(
{
DBCache *db;
Datum key;
unsigned char *tmp;
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ENTRY, "dn2idl: \"%c%s\"\n", prefix, dn->bv_val, 0 );
......@@ -222,8 +230,8 @@ dn2idl(
return 0;
}
if ( (db = ldbm_cache_open( be, "dn2id", LDBM_SUFFIX, LDBM_WRCREAT ))
== NULL ) {
db = ldbm_cache_open( be, "dn2id", LDBM_SUFFIX, LDBM_WRCREAT );
if ( db == NULL ) {
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ERR,
"dn2idl: could not open dn2id%s\n", LDBM_SUFFIX, 0, 0 );
......@@ -239,7 +247,11 @@ dn2idl(
key.dsize = dn->bv_len + 2;
key.dptr = ch_malloc( key.dsize );
sprintf( key.dptr, "%c%s", prefix, dn->bv_val );
tmp = (unsigned char *)key.dptr;
tmp[0] = prefix;
tmp++;
AC_MEMCPY( tmp, dn->bv_val, dn->bv_len );
tmp[dn->bv_len] = '\0';
*idlp = idl_fetch( be, db, key );
......@@ -274,8 +286,8 @@ dn2id_delete(
assert( id != NOID );
if ( (db = ldbm_cache_open( be, "dn2id", LDBM_SUFFIX, LDBM_WRCREAT ))
== NULL ) {
db = ldbm_cache_open( be, "dn2id", LDBM_SUFFIX, LDBM_WRCREAT );
if ( db == NULL ) {
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ERR,
"dn2id_delete: couldn't open db2id%s\n", LDBM_SUFFIX, 0, 0 );
......@@ -295,7 +307,8 @@ dn2id_delete(
buf[0] = DN_BASE_PREFIX;
ptr.bv_val = buf + 1;
ptr.bv_len = dn->bv_len;
strcpy( ptr.bv_val, dn->bv_val );
AC_MEMCPY( ptr.bv_val, dn->bv_val, dn->bv_len );
ptr.bv_val[dn->bv_len] = '\0';
rc = ldbm_cache_delete( db, key );
......@@ -378,7 +391,9 @@ dn2entry_rw(
/* something bad happened to ldbm cache */
return( NULL );
} else if ( id != NOID ) {
}
if ( id != NOID ) {
/* try to return the entry */
if ((e = id2entry_rw( be, id, rw )) != NULL ) {
return( e );
......
......@@ -182,8 +182,7 @@ idl_fetch(
Datum data;
ID_BLOCK *idl;
ID_BLOCK **tmp;
int nids;
unsigned i;
unsigned i, nids, nblocks;
idl = idl_fetch_one( be, db, key );
......@@ -209,21 +208,17 @@ idl_fetch(
#ifndef USE_INDIRECT_NIDS
/* count the number of blocks & allocate space for pointers to them */
for ( i = 0; !ID_BLOCK_NOID(idl, i); i++ )
for ( nblocks = 0; !ID_BLOCK_NOID(idl, nblocks); nblocks++ )
; /* NULL */
#else
i = ID_BLOCK_NIDS(idl);
nblocks = ID_BLOCK_NIDS(idl);
#endif
tmp = (ID_BLOCK **) ch_malloc( (i + 1) * sizeof(ID_BLOCK *) );
tmp = (ID_BLOCK **) ch_malloc( nblocks * sizeof(ID_BLOCK *) );
/* read in all the blocks */
cont_alloc( &data, &key );
nids = 0;
#ifndef USE_INDIRECT_NIDS
for ( i = 0; !ID_BLOCK_NOID(idl, i); i++ ) {
#else
for ( i = 0; i < ID_BLOCK_NIDS(idl); i++ ) {
#endif
for ( i = 0; i < nblocks; i++ ) {
cont_id( &data, ID_BLOCK_ID(idl, i) );
if ( (tmp[i] = idl_fetch_one( be, db, data )) == NULL ) {
......@@ -240,7 +235,6 @@ idl_fetch(
nids += ID_BLOCK_NIDS(tmp[i]);
}
tmp[i] = NULL;
cont_free( &data );
idl_free( idl );
......@@ -250,7 +244,7 @@ idl_fetch(
nids = 0;
/* copy in all the ids from the component blocks */
for ( i = 0; tmp[i] != NULL; i++ ) {
for ( i = 0; i < nblocks; i++ ) {
if ( tmp[i] == NULL ) {
continue;
}
......
......@@ -62,9 +62,9 @@ ldbm_back_modrdn(
int rc = CAN_ROLLBACK;
int rc_id = 0;
ID id = NOID;
const char *text = NULL;
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof textbuf;
const char *text = NULL;
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof textbuf;
/* Added to support newSuperior */
Entry *np = NULL; /* newSuperior Entry */
struct berval *np_ndn = NULL; /* newSuperior ndn */
......@@ -245,14 +245,15 @@ ldbm_back_modrdn(
isroot = be_isroot( be, &op->o_ndn );
if ( ! isroot ) {
if ( be_issuffix( be, (struct berval *)&slap_empty_bv ) || be_isupdate( be, &op->o_ndn ) ) {
int can_access;
p = (Entry *)&slap_entry_root;
rc = access_allowed( be, conn, op, p,
can_access = access_allowed( be, conn, op, p,
children, NULL, ACL_WRITE, NULL );
p = NULL;
/* check parent for "children" acl */
if ( ! rc ) {
if ( ! can_access ) {
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ERR,
"ldbm_back_modrdn: no access to parent \"\"\n", 0,0,0 );
......@@ -419,14 +420,15 @@ ldbm_back_modrdn(
if ( ! isroot ) {
if ( be_issuffix( be, (struct berval *)&slap_empty_bv ) || be_isupdate( be, &op->o_ndn ) ) {
int can_access;
np = (Entry *)&slap_entry_root;
rc = access_allowed( be, conn, op, np,
can_access = access_allowed( be, conn, op, np,
children, NULL, ACL_WRITE, NULL );
np = NULL;
/* check parent for "children" acl */
if ( ! rc ) {
if ( ! can_access ) {
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ERR,
"ldbm_back_modrdn: no access "
......@@ -526,8 +528,6 @@ ldbm_back_modrdn(
"type(s)/values(s) of newrdn\n",
0, 0, 0 );
#endif
rc = LDAP_INVALID_DN_SYNTAX;
text = "unknown type(s) used in RDN";
goto return_results;
}
......@@ -560,8 +560,6 @@ ldbm_back_modrdn(
"the old_rdn type(s)/value(s)\n",
0, 0, 0 );
#endif
rc = LDAP_OTHER;
text = "cannot parse RDN from old DN";
goto return_results;
}
}
......@@ -573,9 +571,8 @@ ldbm_back_modrdn(
0, 0, 0 );
#endif
rc = slap_modrdn2mods( be, conn, op, e, old_rdn, new_rdn,
deleteoldrdn, &mod );
if ( rc != LDAP_SUCCESS ) {
if ( slap_modrdn2mods( be, conn, op, e, old_rdn, new_rdn,
deleteoldrdn, &mod ) != LDAP_SUCCESS ) {
goto return_results;
}
......@@ -604,6 +601,10 @@ ldbm_back_modrdn(
new_dn.bv_val = NULL;
new_ndn.bv_val = NULL;
/* NOTE: after this you must not free new_dn or new_ndn!
* They are used by cache.
*/
/* add new one */
if ( dn2id_add( be, &e->e_nname, e->e_id ) != 0 ) {
send_ldap_result( conn, op, LDAP_OTHER,
......@@ -612,30 +613,28 @@ ldbm_back_modrdn(
}
/* modify memory copy of entry */
rc = ldbm_modify_internal( be, conn, op, dn->bv_val, &mod[0], e,
rc_id = ldbm_modify_internal( be, conn, op, dn->bv_val, &mod[0], e,
&text, textbuf, textlen );
switch ( rc_id ) {
case LDAP_SUCCESS:
break;
if( rc != LDAP_SUCCESS ) {
if( rc != SLAPD_ABANDON ) {
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
}
case SLAPD_ABANDON:
/* too late ... */
send_ldap_result( conn, op, rc_id, NULL, text, NULL, NULL );
goto return_results;
default:
/* here we may try to delete the newly added dn */
if ( dn2id_delete( be, &e->e_nname, e->e_id ) != 0 ) {
/* we already are in trouble ... */
;
}
goto return_results;
}
(void) cache_update_entry( &li->li_cache, e );
/* NOTE: after this you must not free new_dn or new_ndn!
* They are used by cache.
*/
/* id2entry index */
if ( id2entry_add( be, e ) != 0 ) {
send_ldap_result( conn, op, LDAP_OTHER,
......
......@@ -949,8 +949,8 @@ slap_sasl_authorize(
ok:
if (conn->c_sasl_bindop) {
Statslog( LDAP_DEBUG_STATS,
"conn=%lu op=%lu BIND authcid=\"%s\"\n",
conn->c_connid, conn->c_sasl_bindop->o_opid,
"conn=%lu op=%lu BIND authcid=\"%s\"\n",
conn->c_connid, conn->c_sasl_bindop->o_opid,
auth_identity, 0, 0);
}
......
......@@ -3735,25 +3735,31 @@ serial_and_issuer_parse(
for (p=begin; p<=end && *p != '$'; p++) /* empty */ ;
if ( p > end ) return LDAP_INVALID_SYNTAX;
/* p now points at the $ sign, now use begin and end to delimit the
serial number */
/* p now points at the $ sign, now use
* begin and end to delimit the serial number
*/
while (ASCII_SPACE(*begin)) begin++;
end = p-1;
while (ASCII_SPACE(*end)) end--;
if( end <= begin ) return LDAP_INVALID_SYNTAX;
bv.bv_len = end-begin+1;
bv.bv_val = begin;
ber_dupbv(serial, &bv);
/* now extract the issuer, remember p was at the dollar sign */
if ( issuer_dn ) {
begin = p+1;
end = assertion->bv_val+assertion->bv_len-1;
while (ASCII_SPACE(*begin)) begin++;
/* should we trim spaces at the end too? is it safe always? */
begin = p+1;
end = assertion->bv_val+assertion->bv_len-1;
while (ASCII_SPACE(*begin)) begin++;
/* should we trim spaces at the end too? is it safe always? no, no */
if( end <= begin ) return LDAP_INVALID_SYNTAX;
if ( issuer_dn ) {
bv.bv_len = end-begin+1;
bv.bv_val = begin;
dnNormalize2( NULL, &bv, issuer_dn );
}
......@@ -3924,9 +3930,10 @@ static int certificateExactFilter(
{
BerVarray keys;
struct berval asserted_serial;
int ret;
serial_and_issuer_parse(assertedValue,
&asserted_serial, NULL);
ret = serial_and_issuer_parse( assertedValue, &asserted_serial, NULL );
if( ret != LDAP_SUCCESS ) return ret;
keys = ch_malloc( sizeof( struct berval ) * 2 );
integerNormalize( syntax, &asserted_serial, &keys[0] );
......@@ -4405,7 +4412,7 @@ static slap_syntax_defs_rec syntax_defs[] = {
* Chadwick in private mail.
*/
{"( 1.2.826.0.1.3344810.7.1 DESC 'Serial Number and Issuer' )",
0, NULL, NULL, NULL},
0, UTF8StringValidate, NULL, NULL},
#endif
/* OpenLDAP Experimental Syntaxes */
......
......@@ -20,14 +20,14 @@ static int set_samedn (char *dn1, char *dn2);
long
slap_set_size (BerVarray set)
{
int i;
long i;
i = 0;
if (set != NULL) {
while (set[i].bv_val)
i++;
}
return(i);
return i;
}