[Pkg-openldap-devel] r857 - in openldap/trunk-2.3: . build debian debian/patches doc/guide/admin doc/man/man5 doc/man/man8 include include/ac libraries/liblber libraries/libldap libraries/liblutil servers/slapd servers/slapd/back-bdb servers/slapd/back-hdb servers/slapd/back-ldap servers/slapd/back-ldif servers/slapd/back-meta servers/slapd/back-sql servers/slapd/overlays
Russ Allbery
rra at alioth.debian.org
Mon Nov 12 00:45:49 UTC 2007
Author: rra
Date: 2007-11-12 00:45:48 +0000 (Mon, 12 Nov 2007)
New Revision: 857
Removed:
openldap/trunk-2.3/debian/patches/ITS5119
Modified:
openldap/trunk-2.3/CHANGES
openldap/trunk-2.3/README
openldap/trunk-2.3/build/openldap.m4
openldap/trunk-2.3/configure
openldap/trunk-2.3/debian/changelog
openldap/trunk-2.3/debian/patches/index-files-created-as-root
openldap/trunk-2.3/debian/patches/read-config-before-dropping-privileges
openldap/trunk-2.3/debian/patches/sasl-default-path
openldap/trunk-2.3/debian/patches/series
openldap/trunk-2.3/debian/patches/wrong-database-location
openldap/trunk-2.3/doc/guide/admin/guide.html
openldap/trunk-2.3/doc/man/man5/slapd-bdb.5
openldap/trunk-2.3/doc/man/man5/slapd-meta.5
openldap/trunk-2.3/doc/man/man5/slapd-sql.5
openldap/trunk-2.3/doc/man/man5/slapd.conf.5
openldap/trunk-2.3/doc/man/man5/slapo-chain.5
openldap/trunk-2.3/doc/man/man8/slapadd.8
openldap/trunk-2.3/doc/man/man8/slapcat.8
openldap/trunk-2.3/doc/man/man8/slapindex.8
openldap/trunk-2.3/include/ac/termios.h
openldap/trunk-2.3/include/lutil.h
openldap/trunk-2.3/libraries/liblber/bprint.c
openldap/trunk-2.3/libraries/liblber/decode.c
openldap/trunk-2.3/libraries/libldap/controls.c
openldap/trunk-2.3/libraries/libldap/cyrus.c
openldap/trunk-2.3/libraries/libldap/ppolicy.c
openldap/trunk-2.3/libraries/liblutil/getpass.c
openldap/trunk-2.3/libraries/liblutil/uuid.c
openldap/trunk-2.3/servers/slapd/back-bdb/config.c
openldap/trunk-2.3/servers/slapd/back-hdb/Makefile.in
openldap/trunk-2.3/servers/slapd/back-ldap/bind.c
openldap/trunk-2.3/servers/slapd/back-ldap/chain.c
openldap/trunk-2.3/servers/slapd/back-ldap/search.c
openldap/trunk-2.3/servers/slapd/back-ldif/ldif.c
openldap/trunk-2.3/servers/slapd/back-meta/bind.c
openldap/trunk-2.3/servers/slapd/back-meta/config.c
openldap/trunk-2.3/servers/slapd/back-meta/conn.c
openldap/trunk-2.3/servers/slapd/back-meta/map.c
openldap/trunk-2.3/servers/slapd/back-sql/init.c
openldap/trunk-2.3/servers/slapd/back-sql/sql-wrap.c
openldap/trunk-2.3/servers/slapd/backglue.c
openldap/trunk-2.3/servers/slapd/backover.c
openldap/trunk-2.3/servers/slapd/bconfig.c
openldap/trunk-2.3/servers/slapd/config.c
openldap/trunk-2.3/servers/slapd/config.h
openldap/trunk-2.3/servers/slapd/filter.c
openldap/trunk-2.3/servers/slapd/modify.c
openldap/trunk-2.3/servers/slapd/overlays/Makefile.in
openldap/trunk-2.3/servers/slapd/overlays/pcache.c
openldap/trunk-2.3/servers/slapd/overlays/rwm.c
openldap/trunk-2.3/servers/slapd/overlays/rwmmap.c
openldap/trunk-2.3/servers/slapd/overlays/syncprov.c
openldap/trunk-2.3/servers/slapd/sasl.c
openldap/trunk-2.3/servers/slapd/sets.c
openldap/trunk-2.3/servers/slapd/syncrepl.c
openldap/trunk-2.3/servers/slapd/value.c
Log:
Merge upstream 2.3.39 release. Unfuzz patches and drop ITS5119 patch
(applied upstream). Add initial changelog for 2.3.39-1.
Modified: openldap/trunk-2.3/CHANGES
===================================================================
--- openldap/trunk-2.3/CHANGES 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/CHANGES 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,5 +1,37 @@
OpenLDAP 2.3 Change Log
+OpenLDAP 2.3.39 Release (2007/10/26)
+ Fixed slapd database/overlay config conflict (ITS#4848)
+ Fixed slapd password_hash config order (ITS#5082)
+ Fixed slapd slap_mods_check bug (ITS#5119)
+ Fixed slapd ACL sets memory handling (ITS#4860,ITS#4873)
+ Fixed slapd ordered values add normalization issue (ITS#5136)
+ Fixed slapd-bdb DB_CONFIG conversion bug (ITS#5118)
+ Fixed slapd-ldap search control parsing (ITS#5138)
+ Fixed slapd-ldap SASL idassert w/o authcId
+ Fixed slapd-ldif directory separators in DN (ITS#5172)
+ Fixed slapd-meta conn caching on bind failure (ITS#5154)
+ Fixed slapd-meta bind timeout assertion (ITS#5185)
+ Fixed slapd-sql concurrency issue (ITS#5095)
+ Fixed slapo-chain double-free (ITS#5137)
+ Fixed slapo-pcache and -rwm interaction fix (ITS#4991)
+ Fixed slapo-pcache non-null terminated array crasher (ITS#5163)
+ Fixed slapo-rwm modlist handling (ITS#5124)
+ Fixed slapo-rwm UUID in filter (ITS#5168)
+ Fixed sasl SASL_SSF_EXTERNAL type (ITS#3864)
+ Fixed liblber Windows x64 portability (ITS#5105)
+ Fixed libldap ppolicy control creation (ITS#5103)
+ Build Environment
+ Fixed termios macro check (ITS#4880)
+ Updated Makefiles
+ Documentation
+ Fixed slapd-bdb(5) note about dbconfig directives (ITS#5134)
+ Added slapd-sql(5) empty oc mapping workaround (ITS#4785)
+ Added max-depth/return-error to slapo-chain(5)
+ slapadd/slapindex note about file ownership (ITS#5166)
+ slapcat note about using against running slapd (ITS#5028)
+ Fixed Admin Guide URL in README (ITS#5107)
+
OpenLDAP 2.3.38 Release (2007/08/20)
Fixed slapadd check for ';binary' when required (ITS#5071)
Fixed slapd select_backend/ManageDSAit (ITS#4986)
@@ -107,6 +139,7 @@
Fixed slapo-syncprov contextCSN checkpoint again (ITS#4720)
Added slapo-ppolicy cn=config support (ITS#4836)
Added slapo-auditlog cn=config support
+ Fixed slapi late initialization (ITS#4468)
Build environment
Added Berkeley DB 4.5 detection
Documentation
@@ -218,6 +251,7 @@
OpenLDAP 2.3.27 Release (2006/08/19)
Fixed libldap dangling pointer issue (previous fix was broken) (ITS#4405)
+ Fixed slapd-sql noop handling (ITS#4563)
OpenLDAP 2.3.26 Release (2006/08/17)
Fixed libldap dnssrv bug with "not present" positive statement (ITS#4610)
Modified: openldap/trunk-2.3/README
===================================================================
--- openldap/trunk-2.3/README 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/README 2007-11-12 00:45:48 UTC (rev 857)
@@ -19,7 +19,9 @@
POSIX REGEX software (required)
SLAPD:
- BDB and HDB backends require Sleepycat Berkeley DB 4.2 or later
+ BDB and HDB backends require Oracle Berkeley DB 4.2, 4.4,
+ or 4.5. It is highly recommended to apply the patches
+ from Oracle for a given release.
SLURPD:
LTHREAD compatible thread package
@@ -39,7 +41,7 @@
The OpenLDAP Administrator's Guide is available in the
guide.html file in the doc/guide/admin directory. The
guide and a number of other documents are available at
- <http://www.openldap.org/doc/guide/admin/guide.html>.
+ <http://www.openldap.org/doc/admin/guide.html>.
The distribution also includes manual pages for most programs
and library APIs. See ldap(3) for details.
@@ -76,7 +78,7 @@
<http://www.openldap.org/its/> to be considered.
---
-$OpenLDAP: pkg/ldap/README,v 1.38.2.7 2007/01/02 21:43:21 kurt Exp $
+$OpenLDAP: pkg/ldap/README,v 1.38.2.9 2007/10/11 18:52:18 quanah Exp $
This work is part of OpenLDAP Software <http://www.openldap.org/>.
Modified: openldap/trunk-2.3/build/openldap.m4
===================================================================
--- openldap/trunk-2.3/build/openldap.m4 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/build/openldap.m4 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,5 +1,5 @@
dnl OpenLDAP Autoconf Macros
-dnl $OpenLDAP: pkg/ldap/build/openldap.m4,v 1.140.2.13 2007/08/06 12:32:51 ando Exp $
+dnl $OpenLDAP: pkg/ldap/build/openldap.m4,v 1.140.2.14 2007/10/05 15:33:02 hyc Exp $
dnl This work is part of OpenLDAP Software <http://www.openldap.org/>.
dnl
dnl Copyright 1998-2007 The OpenLDAP Foundation.
@@ -696,8 +696,8 @@
# define DB_VERSION_MINOR 0
#endif
-/* require 4.2 or later */
-#if (DB_VERSION_MAJOR >= 4) && (DB_VERSION_MINOR >= 2)
+/* require 4.2-4.5 */
+#if (DB_VERSION_MAJOR >= 4) && (DB_VERSION_MINOR >= 2) && (DB_VERSION_MINOR < 6)
__db_version_compat
#endif
], [ol_cv_bdb_compat=yes], [ol_cv_bdb_compat=no])])
Modified: openldap/trunk-2.3/configure
===================================================================
--- openldap/trunk-2.3/configure 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/configure 2007-11-12 00:45:48 UTC (rev 857)
@@ -35855,8 +35855,8 @@
# define DB_VERSION_MINOR 0
#endif
-/* require 4.2 or later */
-#if (DB_VERSION_MAJOR >= 4) && (DB_VERSION_MINOR >= 2)
+/* require 4.2-4.5 */
+#if (DB_VERSION_MAJOR >= 4) && (DB_VERSION_MINOR >= 2) && (DB_VERSION_MINOR < 6)
__db_version_compat
#endif
Modified: openldap/trunk-2.3/debian/changelog
===================================================================
--- openldap/trunk-2.3/debian/changelog 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/debian/changelog 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,3 +1,13 @@
+openldap2.3 (2.3.39-1) UNRELEASED; urgency=medium
+
+ * Medium severity due to denial of service fix.
+ * New upstream release.
+ - CVE-2007-5708: Fix remote denial of service attack in slapo-pcache
+ (the overlay for proxy caching). (Closes: #448644)
+ - Multiple additional more minor bug fixes.
+
+ -- Russ Allbery <rra at debian.org> Sun, 11 Nov 2007 16:41:54 -0800
+
openldap2.3 (2.3.38-1) unstable; urgency=low
[ Steve Langasek ]
Deleted: openldap/trunk-2.3/debian/patches/ITS5119
===================================================================
--- openldap/trunk-2.3/debian/patches/ITS5119 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/debian/patches/ITS5119 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,12 +0,0 @@
-Index: servers/slapd/modify.c
-===================================================================
---- servers/slapd/modify.c.orig
-+++ servers/slapd/modify.c
-@@ -734,6 +734,7 @@
- "%s: value #%ld normalization failed",
- ml->sml_type.bv_val, (long) nvals );
- *text = textbuf;
-+ BER_BVZERO( &ml->sml_nvalues[nvals] );
- return rc;
- }
- }
Modified: openldap/trunk-2.3/debian/patches/index-files-created-as-root
===================================================================
--- openldap/trunk-2.3/debian/patches/index-files-created-as-root 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/debian/patches/index-files-created-as-root 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,8 +1,6 @@
-Index: doc/man/man8/slapindex.8
-===================================================================
--- doc/man/man8/slapindex.8.orig
+++ doc/man/man8/slapindex.8
-@@ -90,6 +90,10 @@
+@@ -105,6 +105,10 @@
should not be running (at least, not in read-write
mode) when you do this to ensure consistency of the database.
.LP
@@ -13,8 +11,6 @@
This command provides ample opportunity for the user to obtain
and drink their favorite beverage.
.SH EXAMPLES
-Index: servers/slapd/slapindex.c
-===================================================================
--- servers/slapd/slapindex.c.orig
+++ servers/slapd/slapindex.c
@@ -34,6 +34,8 @@
Modified: openldap/trunk-2.3/debian/patches/read-config-before-dropping-privileges
===================================================================
--- openldap/trunk-2.3/debian/patches/read-config-before-dropping-privileges 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/debian/patches/read-config-before-dropping-privileges 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,5 +1,3 @@
-Index: servers/slapd/main.c
-===================================================================
--- servers/slapd/main.c.orig
+++ servers/slapd/main.c
@@ -648,12 +648,6 @@
@@ -14,8 +12,8 @@
-
extops_init();
lutil_passwd_init();
- slap_op_init();
-@@ -675,6 +669,12 @@
+
+@@ -674,6 +668,12 @@
goto destroy;
}
Modified: openldap/trunk-2.3/debian/patches/sasl-default-path
===================================================================
--- openldap/trunk-2.3/debian/patches/sasl-default-path 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/debian/patches/sasl-default-path 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,5 +1,3 @@
-Index: include/ldap_defaults.h
-===================================================================
--- include/ldap_defaults.h.orig
+++ include/ldap_defaults.h
@@ -65,4 +65,6 @@
@@ -9,11 +7,9 @@
+#define SASL_CONFIGPATH LDAP_SYSCONFDIR LDAP_DIRSEP "sasl2"
+
#endif /* _LDAP_CONFIG_H */
-Index: servers/slapd/sasl.c
-===================================================================
--- servers/slapd/sasl.c.orig
+++ servers/slapd/sasl.c
-@@ -951,12 +951,38 @@
+@@ -952,12 +952,38 @@
#endif /* HAVE_CYRUS_SASL */
Modified: openldap/trunk-2.3/debian/patches/series
===================================================================
--- openldap/trunk-2.3/debian/patches/series 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/debian/patches/series 2007-11-12 00:45:48 UTC (rev 857)
@@ -10,4 +10,3 @@
index-files-created-as-root -p0
sasl-default-path -p0
man-slurpd -p0
-ITS5119 -p0
Modified: openldap/trunk-2.3/debian/patches/wrong-database-location
===================================================================
--- openldap/trunk-2.3/debian/patches/wrong-database-location 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/debian/patches/wrong-database-location 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,8 +1,6 @@
-Index: doc/man/man5/slapd-bdb.5
-===================================================================
---- doc/man/man5/slapd-bdb.5.orig 2007-05-23 13:05:50.000000000 -0700
-+++ doc/man/man5/slapd-bdb.5 2007-05-23 13:05:53.000000000 -0700
-@@ -96,7 +96,7 @@ Specify the directory where the BDB file
+--- doc/man/man5/slapd-bdb.5.orig
++++ doc/man/man5/slapd-bdb.5
+@@ -97,7 +97,7 @@
associated indexes live.
A separate directory must be specified for each database.
The default is
@@ -11,11 +9,9 @@
.TP
.B dirtyread
Allow reads of modified but not yet committed data.
-Index: doc/man/man5/slapd-ldbm.5
-===================================================================
---- doc/man/man5/slapd-ldbm.5.orig 2007-05-23 13:05:50.000000000 -0700
-+++ doc/man/man5/slapd-ldbm.5 2007-05-23 13:05:53.000000000 -0700
-@@ -84,7 +84,7 @@ Specify the directory where the LDBM fil
+--- doc/man/man5/slapd-ldbm.5.orig
++++ doc/man/man5/slapd-ldbm.5
+@@ -84,7 +84,7 @@
associated indexes live.
A separate directory must be specified for each database.
The default is
@@ -24,11 +20,9 @@
.TP
.B
index {<attrlist>|default} [pres,eq,approx,sub,<special>]
-Index: doc/man/man5/slapd.conf.5
-===================================================================
---- doc/man/man5/slapd.conf.5.orig 2007-05-23 13:05:50.000000000 -0700
-+++ doc/man/man5/slapd.conf.5 2007-05-23 13:05:53.000000000 -0700
-@@ -1873,7 +1873,7 @@ suffix "dc=our-domain,dc=com"
+--- doc/man/man5/slapd.conf.5.orig
++++ doc/man/man5/slapd.conf.5
+@@ -1875,7 +1875,7 @@
# The database directory MUST exist prior to
# running slapd AND should only be accessible
# by the slapd/tools. Mode 0700 recommended.
@@ -37,10 +31,8 @@
# Indices to maintain
index objectClass eq
index cn,sn,mail pres,eq,approx,sub
-Index: include/ldap_defaults.h
-===================================================================
---- include/ldap_defaults.h.orig 2007-05-23 13:05:53.000000000 -0700
-+++ include/ldap_defaults.h 2007-05-23 13:06:15.000000000 -0700
+--- include/ldap_defaults.h.orig
++++ include/ldap_defaults.h
@@ -47,7 +47,7 @@
/* location of the default slapd config file */
#define SLAPD_DEFAULT_CONFIGFILE LDAP_SYSCONFDIR LDAP_DIRSEP "slapd.conf"
@@ -50,11 +42,9 @@
#define SLAPD_DEFAULT_DB_MODE 0600
#define SLAPD_DEFAULT_UCDATA LDAP_DATADIR LDAP_DIRSEP "ucdata"
/* default max deref depth for aliases */
-Index: servers/slapd/Makefile.in
-===================================================================
---- servers/slapd/Makefile.in.orig 2007-05-23 13:05:50.000000000 -0700
-+++ servers/slapd/Makefile.in 2007-05-23 13:05:53.000000000 -0700
-@@ -430,9 +430,9 @@ install-conf: FORCE
+--- servers/slapd/Makefile.in.orig
++++ servers/slapd/Makefile.in
+@@ -430,9 +430,9 @@
install-db-config: FORCE
@-$(MKDIR) $(DESTDIR)$(localstatedir) $(DESTDIR)$(sysconfdir)
Modified: openldap/trunk-2.3/doc/guide/admin/guide.html
===================================================================
--- openldap/trunk-2.3/doc/guide/admin/guide.html 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/doc/guide/admin/guide.html 2007-11-12 00:45:48 UTC (rev 857)
@@ -23,7 +23,7 @@
<DIV CLASS="title">
<H1 CLASS="doc-title">OpenLDAP Software 2.3 Administrator's Guide</H1>
<ADDRESS CLASS="doc-author">The OpenLDAP Project <<A HREF="http://www.openldap.org/">http://www.openldap.org/</A>></ADDRESS>
-<ADDRESS CLASS="doc-modified">20 August 2007</ADDRESS>
+<ADDRESS CLASS="doc-modified">26 October 2007</ADDRESS>
<BR CLEAR="All">
</DIV>
<DIV CLASS="contents">
Modified: openldap/trunk-2.3/doc/man/man5/slapd-bdb.5
===================================================================
--- openldap/trunk-2.3/doc/man/man5/slapd-bdb.5 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/doc/man/man5/slapd-bdb.5 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,7 +1,7 @@
.TH SLAPD-BDB 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-bdb.5,v 1.20.2.11 2007/08/06 15:45:52 ghenry Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-bdb.5,v 1.20.2.12 2007/09/26 16:18:24 quanah Exp $
.SH NAME
\fBslapd-bdb\fP, \fBslapd-hdb\fP \- Berkeley DB backends to \fBslapd\fP
.SH SYNOPSIS
@@ -71,7 +71,8 @@
file.
The options set using this directive will only be written to the
.B DB_CONFIG
-file if no such file existed at server startup time. This allows one
+file if no such file existed at server startup time, otherwise
+they are completely ignored. This allows one
to set initial values without overwriting/destroying a
.B DB_CONFIG
file that was already customized through other means.
Modified: openldap/trunk-2.3/doc/man/man5/slapd-meta.5
===================================================================
--- openldap/trunk-2.3/doc/man/man5/slapd-meta.5 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/doc/man/man5/slapd-meta.5 2007-11-12 00:45:48 UTC (rev 857)
@@ -2,13 +2,13 @@
.\" Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
.\" Copying restrictions apply. See the COPYRIGHT file.
.\" Copyright 2001, Pierangelo Masarati, All rights reserved. <ando at sys-net.it>
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-meta.5,v 1.29.2.16 2007/04/06 03:57:19 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-meta.5,v 1.29.2.17 2007/09/13 19:33:55 ando Exp $
.\"
.\" Portions of this document should probably be moved to slapd-ldap(5)
.\" and maybe manual pages for librewrite.
.\"
.SH NAME
-slapd-meta \- metadirectory backend
+slapd-meta \- metadirectory backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
@@ -68,17 +68,16 @@
.fi
.RE
.LP
-for every
+for
.B ldap
and
.B meta
-database.
-This is because operational attributes related to entry creation and
-modification should not be proxied, as they could be mistakenly written
+databases.
+This was required because operational attributes related to entry creation
+and modification should not be proxied, as they could be mistakenly written
to the target server(s), generating an error.
-The current implementation automatically sets lastmod to off, so its use
-is redundant and should be omitted, because the lastmod directive will
-be deprecated in the future.
+The current implementation automatically sets lastmod to \fBoff\fP,
+so its use is redundant and should be omitted.
.SH SPECIAL CONFIGURATION DIRECTIVES
Target configuration starts with the "uri" directive.
@@ -88,6 +87,11 @@
They are:
.TP
+.B conn-ttl <time>
+This directive causes a cached connection to be dropped an recreated
+after a given ttl, regardless of being idle or not.
+
+.TP
.B default-target none
This directive forces the backend to reject all those operations
that must resolve to a single target in case none or multiple
@@ -111,19 +115,17 @@
directive.
.TP
-.B conn-ttl <time>
-This directive causes a cached connection to be dropped an recreated
-after a given ttl, regardless of being idle or not.
-
-.TP
-.B onerr {CONTINUE|stop}
+.B onerr {CONTINUE|report|stop}
This directive allows to select the behavior in case an error is returned
by one target during a search.
The default, \fBcontinue\fP, consists in continuing the operation,
trying to return as much data as possible.
-If this statement is set to \fBstop\fP, the search is terminated as soon
+If the value is set to \fBstop\fP, the search is terminated as soon
as an error is returned by one target, and the error is immediately
propagated to the client.
+If the value is set to \fBreport\fP, the search is continuated to the end
+but, in case at least one target returned an error code, the first
+non-success error code is returned.
.TP
.B protocol\-version {0,2,3}
@@ -144,6 +146,24 @@
identity to be deferred until actually needed by subsequent operations.
.TP
+.B quarantine <interval>,<num>[;<interval>,<num>[...]]
+Turns on quarantine of URIs that returned
+.IR LDAP_UNAVAILABLE ,
+so that an attempt to reconnect only occurs at given intervals instead
+of any time a client requests an operation.
+The pattern is: retry only after at least
+.I interval
+seconds elapsed since last attempt, for exactly
+.I num
+times; then use the next pattern.
+If
+.I num
+for the last pattern is "\fB+\fP", it retries forever; otherwise,
+no more retries occur.
+This directive must appear before any target specification;
+it affects all targets with the same pattern.
+
+.TP
.B rebind-as-user {NO|yes}
If this option is given, the client's bind credentials are remembered
for rebinds, when trying to re-establish a broken connection,
@@ -152,20 +172,30 @@
is set to
.IR yes .
+.TP
+.B single\-conn {NO|yes}
+Discards current cached connection when the client rebinds.
+
+.TP
+.B use-temporary-conn {NO|yes}
+when set to
+.BR yes ,
+create a temporary connection whenever competing with other threads
+for a shared one; otherwise, wait until the shared connection is available.
+
.SH TARGET SPECIFICATION
Target specification starts with a "uri" directive:
.TP
-.B uri <protocol>://[<host>[:<port>]]/<naming context>
-The "server" directive that was allowed in the LDAP backend (although
-deprecated) has been completely discarded in the Meta backend.
+.B uri <protocol>://[<host>]/<naming context> [...]
The <protocol> part can be anything
.BR ldap_initialize (3)
-accepts ({ldap|ldaps|ldapi} and variants); <host> and <port> may be
+accepts ({ldap|ldaps|ldapi} and variants); the <host> may be
omitted, defaulting to whatever is set in
.BR ldap.conf (5).
-The <naming context> part is mandatory.
-It must end with one of the naming contexts defined for the backend,
+The <naming context> part is \fImandatory\fP for the first URI,
+but it \fImust be omitted\fP for subsequent ones, if any.
+The naming context part must be within the naming context defined for the backend,
e.g.:
.LP
.RS
@@ -178,25 +208,25 @@
.RS
The <naming context> part doesn't need to be unique across the targets;
it may also match one of the values of the "suffix" directive.
-Multiple URIs may be defined in a single argument. The URIs must
-be separated by TABs (e.g. '\\t'; commas or spaces, unlike back-ldap,
-will not work,
-because they are legal in the <naming context>, and we don't want to use
-URL-encoded <naming context>s), and the additional URIs must have
-no <naming context> part. This causes the underlying library
+Multiple URIs may be defined in a single URI statement.
+The additional URIs must be separate arguments and must not have any
+<naming context> part. This causes the underlying library
to contact the first server of the list that responds.
For example, if \fIl1.foo.com\fP and \fIl2.foo.com\fP are shadows
of the same server, the directive
.LP
.nf
suffix "\fBdc=foo,dc=com\fP"
-uri "ldap://l1.foo.com/\fBdc=foo,dc=com\fP ldap://l2.foo.com/"
+uri "ldap://l1.foo.com/\fBdc=foo,dc=com\fP" "ldap://l2.foo.com/"
.fi
.RE
.RS
causes \fIl2.foo.com\fP to be contacted whenever \fIl1.foo.com\fP
does not respond.
+In that case, the URI list is internally rearranged, by moving unavailable
+URIs to the end, so that further connection attempts occur with respect to
+the last URI that succeeded.
.RE
.TP
@@ -340,23 +370,36 @@
overridden by any per-target directive.
.TP
-.B timeout [{add|delete|modify|modrdn}=]<seconds> [...]
-This directive allows to set per-database, per-target and per-operation
-timeouts.
-If no operation is specified, it affects all.
-Currently, only write operations are addressed, because searches
-can already be limited by means of the
-.B limits
-directive (see
+.B timeout [<op>=]<val> [...]
+This directive allows to set per-operation timeouts.
+Operations can be
+
+\fB<op> ::= bind, add, delete, modrdn, modify, compare, search\fP
+
+The overall duration of the \fBsearch\fP operation is controlled either
+by the \fBtimelimit\fP parameter or by server-side enforced
+time limits (see \fBtimelimit\fP and \fBlimits\fP in
.BR slapd.conf (5)
-for details), and other operations are not supposed to incur into the
-need for timeouts.
-Note: if the timelimit is exceeded, the operation is abandoned;
-the protocol does not provide any means to rollback the operation,
-so the client will not know if the operation eventually succeeded or not.
-If set before any target specification, it affects all targets, unless
-overridden by any per-target directive.
+for details).
+This \fBtimeout\fP parameter controls how long the target can be
+irresponsive before the operation is aborted.
+Timeout is meaningless for the remaining operations,
+\fBunbind\fP and \fBabandon\fP, which do not imply any response,
+while it is not yet implemented in currently supported \fBextended\fP
+operations.
+If no operation is specified, the timeout \fBval\fP affects all
+supported operations.
+If specified before any target definition, it affects all targets
+unless overridden by per-target directives.
+Note: if the timeout is exceeded, the operation is cancelled
+(according to the \fBcancel\fP directive);
+the protocol does not provide any means to rollback operations,
+so the client will not be notified about the result of the operation,
+which may eventually succeeded or not.
+In case the timeout is exceeded during a bind operation, the connection
+is destroyed, according to RFC4511.
+
.TP
.B tls {[try-]start|[try-]propagate}
execute the StartTLS extended operation when the connection is initialized;
Modified: openldap/trunk-2.3/doc/man/man5/slapd-sql.5
===================================================================
--- openldap/trunk-2.3/doc/man/man5/slapd-sql.5 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/doc/man/man5/slapd-sql.5 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,5 +1,5 @@
.TH SLAPD-SQL 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-sql.5,v 1.16.2.7 2007/03/05 18:39:51 ando Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-sql.5,v 1.16.2.8 2007/08/22 09:01:17 ando Exp $
.SH NAME
slapd-sql \- SQL backend to slapd
.SH SYNOPSIS
@@ -657,7 +657,18 @@
honored by back-sql if non-prettified data is written via RDBMS;
when non-prettified data is written thru back-sql, the prettified
values are actually used instead.
+
.LP
+.SH BUGS
+When the
+.B ldap_entry_objclasses
+table is empty, filters on the
+.B objectClass
+attribute erroneously result in no candidates.
+A workaround consists in adding at least one row to that table,
+no matter if valid or not.
+
+.LP
.SH PROXY CACHE OVERLAY
The proxy cache overlay
allows caching of LDAP search requests (queries) in a local database.
Modified: openldap/trunk-2.3/doc/man/man5/slapd.conf.5
===================================================================
--- openldap/trunk-2.3/doc/man/man5/slapd.conf.5 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/doc/man/man5/slapd.conf.5 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,7 +1,7 @@
.TH SLAPD.CONF 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd.conf.5,v 1.191.2.31 2007/08/06 15:46:33 ghenry Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd.conf.5,v 1.191.2.32 2007/10/11 20:56:48 quanah Exp $
.SH NAME
slapd.conf \- configuration file for slapd, the stand-alone LDAP daemon
.SH SYNOPSIS
@@ -1429,7 +1429,8 @@
a namingContext (suffix) of the database, a simple bind password
may also be provided using the
.B rootpw
-directive. Note that the rootdn is always needed when using syncrepl.
+directive. Many optional features, including syncrepl, require the
+rootdn to be defined for the database.
.TP
.B rootpw <password>
Specify a password (or hash of the password) for the rootdn. The
Modified: openldap/trunk-2.3/doc/man/man5/slapo-chain.5
===================================================================
--- openldap/trunk-2.3/doc/man/man5/slapo-chain.5 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/doc/man/man5/slapo-chain.5 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,7 +1,7 @@
.TH SLAPO-CHAIN 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
.\" Copying restrictions apply. See the COPYRIGHT file.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-chain.5,v 1.1.2.7 2007/01/02 21:43:45 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-chain.5,v 1.1.2.8 2007/09/06 18:21:41 ando Exp $
.SH NAME
slapo-chain \- chain overlay
.SH SYNOPSIS
@@ -53,6 +53,14 @@
[Note: this may change in the future, as the \fBldap\fP(5) and
\fBmeta\fP(5) backends might no longer chase referrals on their own.]
.TP
+.B chain-cache-uri {FALSE|true}
+This directive instructs the \fIchain\fP overlay to cache
+connections to URIs parsed out of referrals that are not predefined,
+to be reused for later chaining.
+These URIs inherit the properties configured for the underlying
+\fBslapd-ldap\fP(5) before any occurrence of the \fBchain-uri\fP
+directive; basically, they are chained anonymously.
+.TP
.B chain-chaining [resolve=<r>] [continuation=<c>] [critical]
This directive enables the \fIchaining\fP control
(see \fIdraft-sermersheim-ldap-chaining\fP for details)
@@ -71,14 +79,19 @@
If the \fBcritical\fP flag affects the control criticality if provided.
[This control is experimental and its support may change in the future.]
.TP
-.B chain-cache-uri {FALSE|true}
-This directive instructs the \fIchain\fP overlay to cache
-connections to URIs parsed out of referrals that are not predefined,
-to be reused for later chaining.
-These URIs inherit the properties configured for the underlying
-\fBslapd-ldap\fP(5) before any occurrence of the \fBchain-uri\fP
-directive; in detail, they are essentially chained anonymously.
+.B chain-max-depth <n>
+In case a referral is returned during referral chasing, further chasing
+occurs at most \fB<n>\fP levels deep. Set to \fB1\fP (the default)
+to disable further referral chasing.
.TP
+.B chain-return-error {FALSE|true}
+In case referral chasing fails, the real error is returned instead
+of the original referral. In case multiple referral URIs are present,
+only the first error is returned. This behavior may not be always
+appropriate nor desirable, since failures in referral chasing might be
+better resolved by the client (e.g. when caused by distributed
+authentication issues).
+.TP
.B chain-uri <ldapuri>
This directive instantiates a new underlying \fIldap\fP database
and instructs it about which URI to contact to chase referrals.
Modified: openldap/trunk-2.3/doc/man/man8/slapadd.8
===================================================================
--- openldap/trunk-2.3/doc/man/man8/slapadd.8 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/doc/man/man8/slapadd.8 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,5 +1,5 @@
.TH SLAPADD 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapadd.8,v 1.23.2.10 2007/04/20 20:00:58 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapadd.8,v 1.23.2.11 2007/10/04 09:02:15 ando Exp $
.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
@@ -42,6 +42,21 @@
adding an entry, does not perform all user and system
schema checks, and does not maintain operational
attributes (such as createTimeStamp and modifiersName).
+
+All files eventually created by
+.BR slapadd
+will belong to the identity
+.BR slapadd
+is run as, so make sure you either run
+.BR slapadd
+with the same identity
+.BR slapd (8)
+will be run as (see option
+.B \-u
+in
+.BR slapd (8)),
+or change file ownership before running
+.BR slapd (8).
.SH OPTIONS
.TP
.B \-v
Modified: openldap/trunk-2.3/doc/man/man8/slapcat.8
===================================================================
--- openldap/trunk-2.3/doc/man/man8/slapcat.8 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/doc/man/man8/slapcat.8 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,5 +1,5 @@
.TH SLAPCAT 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapcat.8,v 1.19.2.8 2007/01/02 21:43:46 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapcat.8,v 1.19.2.9 2007/09/12 15:00:36 ghenry Exp $
.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
@@ -109,10 +109,18 @@
.BI \-l " ldif-file"
Write LDIF to specified file instead of standard output.
.SH LIMITATIONS
-In general, your
+For some backend types, your
.BR slapd (8)
should not be running (at least, not in read-write
-mode) when you do this to ensure consistency of the database.
+mode) when you do this to ensure consistency of the database. It is
+always safe to run
+.B slapcat
+with the
+.BR slapd-bdb (5),
+.BR slapd-hdb (5),
+and
+.BR slapd-null (5)
+backends.
.SH EXAMPLES
To make a text backup of your SLAPD database and put it in a file called
.BR ldif ,
Modified: openldap/trunk-2.3/doc/man/man8/slapindex.8
===================================================================
--- openldap/trunk-2.3/doc/man/man8/slapindex.8 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/doc/man/man8/slapindex.8 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,5 +1,5 @@
.TH SLAPINDEX 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapindex.8,v 1.10.2.10 2007/01/02 21:43:46 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapindex.8,v 1.10.2.11 2007/10/04 09:02:15 ando Exp $
.\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
@@ -29,6 +29,21 @@
Databases configured as
.B subordinate
of this one are also re-indexed, unless \fB-g\fP is specified.
+
+All files eventually created by
+.BR slapindex
+will belong to the identity
+.BR slapindex
+is run as, so make sure you either run
+.BR slapindex
+with the same identity
+.BR slapd (8)
+will be run as (see option
+.B \-u
+in
+.BR slapd (8)),
+or change file ownership before running
+.BR slapd (8).
.SH OPTIONS
.TP
.B \-v
Modified: openldap/trunk-2.3/include/ac/termios.h
===================================================================
--- openldap/trunk-2.3/include/ac/termios.h 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/include/ac/termios.h 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,5 +1,5 @@
/* Generic termios.h */
-/* $OpenLDAP: pkg/ldap/include/ac/termios.h,v 1.16.2.3 2007/01/02 21:43:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/termios.h,v 1.16.2.4 2007/09/22 23:09:11 hyc Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2007 The OpenLDAP Foundation.
@@ -17,7 +17,7 @@
#ifndef _AC_TERMIOS_H
#define _AC_TERMIOS_H
-#ifdef HAVE_POSIX_TERMIOS
+#ifdef HAVE_TERMIOS_H
#include <termios.h>
#ifdef GCWINSZ_IN_SYS_IOCTL
Modified: openldap/trunk-2.3/include/lutil.h
===================================================================
--- openldap/trunk-2.3/include/lutil.h 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/include/lutil.h 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/include/lutil.h,v 1.57.2.7 2007/01/05 09:47:09 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/include/lutil.h,v 1.57.2.8 2007/10/04 20:02:09 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2007 The OpenLDAP Foundation.
@@ -212,6 +212,13 @@
LDAP_LUTIL_F( size_t )
lutil_uuidstr( char *buf, size_t len );
+LDAP_LUTIL_F( int )
+lutil_uuidstr_from_normalized(
+ char *uuid,
+ size_t uuidlen,
+ char *buf,
+ size_t buflen );
+
/* csn.c */
/* use this macro to allocate buffer for lutil_csnstr */
#define LDAP_LUTIL_CSNSTR_BUFSIZE 64
Modified: openldap/trunk-2.3/libraries/liblber/bprint.c
===================================================================
--- openldap/trunk-2.3/libraries/liblber/bprint.c 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/libraries/liblber/bprint.c 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblber/bprint.c,v 1.55.2.3 2007/01/02 21:43:48 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/bprint.c,v 1.55.2.4 2007/08/27 10:11:31 hyc Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2007 The OpenLDAP Foundation.
@@ -265,10 +265,10 @@
len = ber_pvt_ber_write(ber);
}
- sprintf( buf, "ber_dump: buf=0x%08lx ptr=0x%08lx end=0x%08lx len=%ld\n",
- (long) ber->ber_buf,
- (long) ber->ber_ptr,
- (long) ber->ber_end,
+ sprintf( buf, "ber_dump: buf=%p ptr=%p end=%p len=%ld\n",
+ ber->ber_buf,
+ ber->ber_ptr,
+ ber->ber_end,
(long) len );
(void) (*ber_pvt_log_print)( buf );
@@ -303,10 +303,10 @@
(*ber_pvt_log_print)( "*** sos dump ***\n" );
while ( sos != NULL ) {
- sprintf( buf, "ber_sos_dump: clen %ld first 0x%lx ptr 0x%lx\n",
+ sprintf( buf, "ber_sos_dump: clen %ld first %p ptr %p\n",
(long) sos->sos_clen,
- (long) sos->sos_first,
- (long) sos->sos_ptr );
+ sos->sos_first,
+ sos->sos_ptr );
(*ber_pvt_log_print)( buf );
sprintf( buf, " current len %ld contents:\n",
Modified: openldap/trunk-2.3/libraries/liblber/decode.c
===================================================================
--- openldap/trunk-2.3/libraries/liblber/decode.c 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/libraries/liblber/decode.c 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,5 +1,5 @@
/* decode.c - ber input decoding routines */
-/* $OpenLDAP: pkg/ldap/libraries/liblber/decode.c,v 1.101.2.4 2007/01/02 21:43:48 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/decode.c,v 1.101.2.5 2007/08/27 10:11:31 hyc Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2007 The OpenLDAP Foundation.
@@ -373,7 +373,7 @@
case BvOff:
*b->res.ba = ber_memalloc_x( (n+1) * b->siz, b->ber->ber_memctx );
if ( *b->res.ba == NULL ) return LBER_DEFAULT;
- ((struct berval *)((long)(*b->res.ba) + n*b->siz +
+ ((struct berval *)((char *)(*b->res.ba) + n*b->siz +
b->off))->bv_val = NULL;
break;
}
@@ -406,7 +406,7 @@
*bvp = bv;
break;
case BvOff:
- *(BerVarray)((long)(*b->res.ba)+n*b->siz+b->off) = bv;
+ *(BerVarray)((char *)(*b->res.ba)+n*b->siz+b->off) = bv;
break;
}
}
Modified: openldap/trunk-2.3/libraries/libldap/controls.c
===================================================================
--- openldap/trunk-2.3/libraries/libldap/controls.c 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/libraries/libldap/controls.c 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/controls.c,v 1.45.2.3 2007/01/02 21:43:48 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/controls.c,v 1.45.2.4 2007/08/22 20:44:41 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2007 The OpenLDAP Foundation.
@@ -442,7 +442,8 @@
return LDAP_NO_MEMORY;
}
- if ( ber_flatten2( ber, &ctrl->ldctl_value, 1 ) == -1 ) {
+ BER_BVZERO( &ctrl->ldctl_value );
+ if ( ber != NULL && ber_flatten2( ber, &ctrl->ldctl_value, 1 ) == -1 ) {
LDAP_FREE( ctrl );
return LDAP_NO_MEMORY;
}
Modified: openldap/trunk-2.3/libraries/libldap/cyrus.c
===================================================================
--- openldap/trunk-2.3/libraries/libldap/cyrus.c 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/libraries/libldap/cyrus.c 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/cyrus.c,v 1.112.2.16 2007/01/02 21:43:48 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/cyrus.c,v 1.112.2.17 2007/10/08 09:53:53 hyc Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2007 The OpenLDAP Foundation.
@@ -898,6 +898,8 @@
sasl_conn_t *ctx;
#if SASL_VERSION_MAJOR < 2
sasl_external_properties_t extprops;
+#else
+ sasl_ssf_t sasl_ssf = ssf;
#endif
ctx = conn->lconn_sasl_authctx;
@@ -907,7 +909,7 @@
}
#if SASL_VERSION_MAJOR >= 2
- sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL, &ssf );
+ sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL, &sasl_ssf );
if ( sc == SASL_OK )
sc = sasl_setprop( ctx, SASL_AUTH_EXTERNAL, authid );
#else
@@ -1205,6 +1207,8 @@
int sc;
#if SASL_VERSION_MAJOR < 2
sasl_external_properties_t extprops;
+#else
+ sasl_ssf_t sasl_ssf;
#endif
sasl_conn_t *ctx;
@@ -1219,7 +1223,8 @@
}
#if SASL_VERSION_MAJOR >= 2
- sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL, arg);
+ sasl_ssf = * (ber_len_t *)arg;
+ sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL, &sasl_ssf);
#else
memset(&extprops, 0L, sizeof(extprops));
Modified: openldap/trunk-2.3/libraries/libldap/ppolicy.c
===================================================================
--- openldap/trunk-2.3/libraries/libldap/ppolicy.c 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/libraries/libldap/ppolicy.c 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/ppolicy.c,v 1.3.2.5 2007/01/02 21:43:49 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/ppolicy.c,v 1.3.2.6 2007/08/22 20:44:41 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2004-2007 The OpenLDAP Foundation.
@@ -61,21 +61,13 @@
ldap_create_passwordpolicy_control( LDAP *ld,
LDAPControl **ctrlp )
{
- BerElement *ber;
-
assert( ld != NULL );
assert( LDAP_VALID( ld ) );
assert( ctrlp != NULL );
- if ((ber = ldap_alloc_ber_with_options(ld)) == NULL) {
- ld->ld_errno = LDAP_NO_MEMORY;
- return(LDAP_NO_MEMORY);
- }
-
ld->ld_errno = ldap_create_control( LDAP_CONTROL_PASSWORDPOLICYREQUEST,
- ber, 0, ctrlp);
+ NULL, 0, ctrlp);
- ber_free(ber, 1);
return(ld->ld_errno);
}
Modified: openldap/trunk-2.3/libraries/liblutil/getpass.c
===================================================================
--- openldap/trunk-2.3/libraries/liblutil/getpass.c 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/libraries/liblutil/getpass.c 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,5 +1,5 @@
/* getpass.c -- get password from user */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/getpass.c,v 1.15.2.3 2007/01/02 21:43:52 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/getpass.c,v 1.15.2.4 2007/09/22 23:09:11 hyc Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2007 The OpenLDAP Foundation.
@@ -60,7 +60,7 @@
char *
lutil_getpass( const char *prompt )
{
-#if !defined(HAVE_POSIX_TERMIOS) && !defined(HAVE_SGTTY_H)
+#if !defined(HAVE_TERMIOS_H) && !defined(HAVE_SGTTY_H)
static char buf[256];
int i, c;
Modified: openldap/trunk-2.3/libraries/liblutil/uuid.c
===================================================================
--- openldap/trunk-2.3/libraries/liblutil/uuid.c 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/libraries/liblutil/uuid.c 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,5 +1,5 @@
/* uuid.c -- Universally Unique Identifier routines */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/uuid.c,v 1.25.2.4 2007/01/02 21:43:52 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/uuid.c,v 1.25.2.5 2007/10/04 20:02:09 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2000-2007 The OpenLDAP Foundation.
@@ -371,6 +371,47 @@
#endif
}
+int
+lutil_uuidstr_from_normalized(
+ char *uuid,
+ size_t uuidlen,
+ char *buf,
+ size_t buflen )
+{
+ unsigned char nibble;
+ int i, d = 0;
+
+ assert( uuid != NULL );
+ assert( buf != NULL );
+
+ if ( uuidlen != 16 ) return -1;
+ if ( buflen < 36 ) return -1;
+
+ for ( i = 0; i < 16; i++ ) {
+ if ( i == 4 || i == 6 || i == 8 || i == 10 ) {
+ buf[(i<<1)+d] = '-';
+ d += 1;
+ }
+
+ nibble = (uuid[i] >> 4) & 0xF;
+ if ( nibble < 10 ) {
+ buf[(i<<1)+d] = nibble + '0';
+ } else {
+ buf[(i<<1)+d] = nibble - 10 + 'a';
+ }
+
+ nibble = (uuid[i]) & 0xF;
+ if ( nibble < 10 ) {
+ buf[(i<<1)+d+1] = nibble + '0';
+ } else {
+ buf[(i<<1)+d+1] = nibble - 10 + 'a';
+ }
+ }
+
+ if ( buflen > 36 ) buf[36] = '\0';
+ return 36;
+}
+
#ifdef TEST
int
main(int argc, char **argv)
Modified: openldap/trunk-2.3/servers/slapd/back-bdb/config.c
===================================================================
--- openldap/trunk-2.3/servers/slapd/back-bdb/config.c 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/servers/slapd/back-bdb/config.c 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,5 +1,5 @@
/* config.c - bdb backend configuration file routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/config.c,v 1.43.2.18 2007/08/11 00:31:46 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/config.c,v 1.43.2.19 2007/09/02 21:57:35 hyc Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2000-2007 The OpenLDAP Foundation.
@@ -363,7 +363,7 @@
break;
case BDB_CONFIG:
- if (( slapMode&SLAP_SERVER_MODE ) && !( bdb->bi_flags&BDB_IS_OPEN )
+ if ( !( bdb->bi_flags & BDB_IS_OPEN )
&& !bdb->bi_db_config ) {
char buf[SLAP_TEXT_BUFLEN];
FILE *f = fopen( bdb->bi_db_config_path, "r" );
Modified: openldap/trunk-2.3/servers/slapd/back-hdb/Makefile.in
===================================================================
--- openldap/trunk-2.3/servers/slapd/back-hdb/Makefile.in 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/servers/slapd/back-hdb/Makefile.in 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,5 +1,5 @@
# Makefile for back-hdb
-# $OpenLDAP: pkg/ldap/servers/slapd/back-hdb/Makefile.in,v 1.9.2.5 2007/01/02 21:44:01 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-hdb/Makefile.in,v 1.9.2.6 2007/10/23 21:21:38 quanah Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2007 The OpenLDAP Foundation.
@@ -57,7 +57,7 @@
XINCPATH = -I.. -I$(srcdir)/.. -I$(srcdir) -I$(XXDIR)
XDEFS = $(MODULES_CPPFLAGS)
-depend-common: .links
+depend-local-lib: .links
all-local-lib: ../.backend
Modified: openldap/trunk-2.3/servers/slapd/back-ldap/bind.c
===================================================================
--- openldap/trunk-2.3/servers/slapd/back-ldap/bind.c 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/servers/slapd/back-ldap/bind.c 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,5 +1,5 @@
/* bind.c - ldap backend bind function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/bind.c,v 1.85.2.36 2007/03/19 14:52:17 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/bind.c,v 1.85.2.37 2007/09/09 20:24:13 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1999-2007 The OpenLDAP Foundation.
@@ -2133,7 +2133,8 @@
* but if it is not set this test fails. We need a different
* means to detect if idassert is enabled */
if ( ( BER_BVISNULL( &si->si_bc.sb_authcId ) || BER_BVISEMPTY( &si->si_bc.sb_authcId ) )
- && ( BER_BVISNULL( &si->si_bc.sb_binddn ) || BER_BVISEMPTY( &si->si_bc.sb_binddn ) ) )
+ && ( BER_BVISNULL( &si->si_bc.sb_binddn ) || BER_BVISEMPTY( &si->si_bc.sb_binddn ) )
+ && BER_BVISNULL( &si->si_bc.sb_saslmech ) )
{
goto done;
}
Modified: openldap/trunk-2.3/servers/slapd/back-ldap/chain.c
===================================================================
--- openldap/trunk-2.3/servers/slapd/back-ldap/chain.c 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/servers/slapd/back-ldap/chain.c 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,5 +1,5 @@
/* chain.c - chain LDAP operations */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/chain.c,v 1.12.2.23 2007/05/19 12:27:53 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/chain.c,v 1.12.2.24 2007/09/14 22:00:56 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2003-2007 The OpenLDAP Foundation.
@@ -726,9 +726,6 @@
ldap_memfree( li.li_uri );
li.li_uri = NULL;
- op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
- op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
-
if ( temporary ) {
lip->li_uri = NULL;
lip->li_bvuri = NULL;
Modified: openldap/trunk-2.3/servers/slapd/back-ldap/search.c
===================================================================
--- openldap/trunk-2.3/servers/slapd/back-ldap/search.c 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/servers/slapd/back-ldap/search.c 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,5 +1,5 @@
/* search.c - ldap backend search function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/search.c,v 1.148.2.39 2007/07/11 23:41:11 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/search.c,v 1.148.2.40 2007/09/29 09:06:51 hyc Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1999-2007 The OpenLDAP Foundation.
@@ -603,12 +603,14 @@
Attribute *attr, **attrp;
const char *text;
int last;
+ char *lastb;
+ ber_len_t len;
/* safe assumptions ... */
assert( ent != NULL );
BER_BVZERO( &ent->e_bv );
- if ( ber_scanf( &ber, "{m{", bdn ) == LBER_ERROR ) {
+ if ( ber_scanf( &ber, "{m", bdn ) == LBER_ERROR ) {
return LDAP_DECODING_ERROR;
}
@@ -628,9 +630,14 @@
return LDAP_INVALID_DN_SYNTAX;
}
+ ent->e_attrs = NULL;
+ if ( ber_first_element( &ber, &len, &lastb ) != LBER_SEQUENCE ) {
+ return LDAP_SUCCESS;
+ }
+
attrp = &ent->e_attrs;
-
- while ( ber_scanf( &ber, "{m", &a ) != LBER_ERROR ) {
+ while ( ber_next_element( &ber, &len, lastb ) == LBER_SEQUENCE &&
+ ber_scanf( &ber, "{m", &a ) != LBER_ERROR ) {
int i;
slap_syntax_validate_func *validate;
slap_syntax_transform_func *pretty;
@@ -826,9 +833,9 @@
if ( oc ) {
char *ptr;
- filter = ch_malloc( STRLENOF( "(objectclass=)" )
- + oc->soc_cname.bv_len + 1 );
- ptr = lutil_strcopy( filter, "(objectclass=" );
+ filter = op->o_tmpalloc( STRLENOF( "(objectClass=" ")" )
+ + oc->soc_cname.bv_len + 1, op->o_tmpmemctx );
+ ptr = lutil_strcopy( filter, "(objectClass=" );
ptr = lutil_strcopy( ptr, oc->soc_cname.bv_val );
*ptr++ = ')';
*ptr++ = '\0';
@@ -841,7 +848,8 @@
if ( rc != LDAP_SUCCESS ) {
goto cleanup;
}
-
+
+ /* TODO: timeout? */
rc = ldap_search_ext_s( lc->lc_ld, ndn->bv_val, LDAP_SCOPE_BASE, filter,
attrp, 0, ctrls, NULL,
NULL, LDAP_NO_LIMIT, &result );
@@ -884,7 +892,7 @@
}
if ( filter ) {
- ch_free( filter );
+ op->o_tmpfree( filter, op->o_tmpmemctx );
}
if ( lc != NULL ) {
Modified: openldap/trunk-2.3/servers/slapd/back-ldif/ldif.c
===================================================================
--- openldap/trunk-2.3/servers/slapd/back-ldif/ldif.c 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/servers/slapd/back-ldif/ldif.c 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,5 +1,5 @@
/* ldif.c - the ldif backend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldif/ldif.c,v 1.1.2.22 2007/01/02 21:44:03 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldif/ldif.c,v 1.1.2.23 2007/10/10 16:57:13 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2005-2007 The OpenLDAP Foundation.
@@ -82,25 +82,56 @@
};
static void
-dn2path(struct berval * dn, struct berval * suffixdn, struct berval * base_path,
+dn2path(struct berval * orig_dn, struct berval * suffixdn, struct berval * base_path,
struct berval *res)
{
char *ptr, *sep, *end;
+ int nsep = 0;
+ struct berval dn;
- assert( dn != NULL );
- assert( !BER_BVISNULL( dn ) );
+ assert( orig_dn != NULL );
+ assert( !BER_BVISNULL( orig_dn ) );
assert( suffixdn != NULL );
assert( !BER_BVISNULL( suffixdn ) );
- assert( dnIsSuffix( dn, suffixdn ) );
+ assert( dnIsSuffix( orig_dn, suffixdn ) );
- res->bv_len = dn->bv_len + base_path->bv_len + 1 + STRLENOF( LDIF );
+ dn = *orig_dn;
+
+ for ( ptr = dn.bv_val, end = &dn.bv_val[dn.bv_len]; ptr < end; ptr++) {
+ if ( ptr[0] == LDAP_DIRSEP[0] ) {
+ nsep++;
+ }
+ }
+
+ if ( nsep ) {
+ char *p;
+
+ dn.bv_len += 2*nsep;
+ dn.bv_val = ch_malloc( dn.bv_len + 1 );
+
+ for ( ptr = orig_dn->bv_val, end = &orig_dn->bv_val[orig_dn->bv_len], p = dn.bv_val;
+ ptr < end; ptr++, p++)
+ {
+ static const char hex[] = "0123456789ABCDEF";
+ if ( ptr[0] == LDAP_DIRSEP[0] ) {
+ *p++ = '\\'; /* FIXME: fs-escape */
+ *p++ = hex[(LDAP_DIRSEP[0] & 0xF0U) >> 4];
+ *p = hex[LDAP_DIRSEP[0] & 0x0FU];
+ } else {
+ p[0] = ptr[0];
+ }
+ }
+ p[0] = '\0';
+ }
+
+ res->bv_len = dn.bv_len + base_path->bv_len + 1 + STRLENOF( LDIF );
res->bv_val = ch_malloc( res->bv_len + 1 );
ptr = lutil_strcopy( res->bv_val, base_path->bv_val );
*ptr++ = LDAP_DIRSEP[0];
ptr = lutil_strcopy( ptr, suffixdn->bv_val );
- end = dn->bv_val + dn->bv_len - suffixdn->bv_len - 1;
- while ( end > dn->bv_val ) {
- for (sep = end-1; sep >=dn->bv_val && !DN_SEPARATOR( *sep ); sep--);
+ end = dn.bv_val + dn.bv_len - suffixdn->bv_len - 1;
+ while ( end > dn.bv_val ) {
+ for (sep = end-1; sep >= dn.bv_val && !DN_SEPARATOR( *sep ); sep--);
*ptr++ = LDAP_DIRSEP[0];
ptr = lutil_strncopy( ptr, sep+1, end-sep-1 );
end = sep;
@@ -117,6 +148,9 @@
break;
}
#endif
+ if ( dn.bv_val != orig_dn->bv_val ) {
+ ch_free( dn.bv_val );
+ }
}
static char * slurp_file(int fd) {
Modified: openldap/trunk-2.3/servers/slapd/back-meta/bind.c
===================================================================
--- openldap/trunk-2.3/servers/slapd/back-meta/bind.c 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/servers/slapd/back-meta/bind.c 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/bind.c,v 1.40.2.31 2007/03/09 16:23:16 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/bind.c,v 1.40.2.32 2007/09/26 19:04:22 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1999-2007 The OpenLDAP Foundation.
@@ -189,6 +189,10 @@
if ( lerr != LDAP_SUCCESS ) {
rc = rs->sr_err = lerr;
+ /* Mark the meta_conn struct as tainted so
+ * it'll be freed by meta_conn_back_destroy below */
+ LDAP_BACK_CONN_TAINTED_SET( mc );
+
/* FIXME: in some cases (e.g. unavailable)
* do not assume it's not candidate; rather
* mark this as an error to be eventually
Modified: openldap/trunk-2.3/servers/slapd/back-meta/config.c
===================================================================
--- openldap/trunk-2.3/servers/slapd/back-meta/config.c 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/servers/slapd/back-meta/config.c 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/config.c,v 1.35.2.24 2007/01/27 23:56:43 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/config.c,v 1.35.2.26 2007/09/13 19:33:55 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1999-2007 The OpenLDAP Foundation.
@@ -111,33 +111,21 @@
/* URI of server to query */
if ( strcasecmp( argv[ 0 ], "uri" ) == 0 ) {
int i = mi->mi_ntargets;
-#if 0
- int j;
-#endif /* uncomment if uri MUST be a branch of suffix */
- LDAPURLDesc *ludp, *tmpludp;
+ LDAPURLDesc *ludp;
struct berval dn;
int rc;
int c;
metatarget_t *mt;
+
+ char **uris = NULL;
- switch ( argc ) {
- case 1:
+ if ( argc == 1 ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: missing URI "
"in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
fname, lineno, 0 );
return 1;
-
- case 2:
- break;
-
- default:
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: too many args "
- "in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
- fname, lineno, 0 );
- return 1;
}
if ( be->be_nsuffix == NULL ) {
@@ -170,7 +158,6 @@
mt = mi->mi_targets[ i ];
mt->mt_rebind_f = mi->mi_rebind_f;
- mt->mt_urllist_p = mt;
mt->mt_nretries = mi->mi_nretries;
mt->mt_quarantine = mi->mi_quarantine;
@@ -185,92 +172,122 @@
mt->mt_timeout[ c ] = mi->mi_timeout[ c ];
}
- /*
- * uri MUST be legal!
- */
- if ( ldap_url_parselist_ext( &ludp, argv[ 1 ], "\t" ) != LDAP_SUCCESS )
- {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unable to parse URI"
- " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
- fname, lineno, 0 );
- return 1;
- }
+ for ( c = 1; c < argc; c++ ) {
+ char **tmpuris = ldap_str2charray( argv[ c ], "\t" );
- /*
- * uri MUST have the <dn> part!
- */
- if ( ludp->lud_dn == NULL ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing <naming context> "
+ if ( tmpuris == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unable to parse URIs #%d"
" in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
- fname, lineno, 0 );
- return 1;
+ fname, lineno, c - 1 );
+ return 1;
+ }
- } else if ( ludp->lud_dn[ 0 ] == '\0' ) {
- int j = -1;
+ if ( c == 0 ) {
+ uris = tmpuris;
- for ( j = 0; !BER_BVISNULL( &be->be_nsuffix[ j ] ); j++ ) {
- if ( BER_BVISEMPTY( &be->be_nsuffix[ j ] ) ) {
- break;
- }
+ } else {
+ ldap_charray_merge( &uris, tmpuris );
+ ldap_charray_free( tmpuris );
}
+ }
- if ( BER_BVISNULL( &be->be_nsuffix[ j ] ) ) {
+ for ( c = 0; uris[ c ] != NULL; c++ ) {
+ char *tmpuri = NULL;
+
+ /*
+ * uri MUST be legal!
+ */
+ if ( ldap_url_parselist_ext( &ludp, uris[ c ], "\t" ) != LDAP_SUCCESS
+ || ludp->lud_next != NULL )
+ {
Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing <naming context> "
+ "%s: line %d: unable to parse URI #%d"
" in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
- fname, lineno, 0 );
+ fname, lineno, c );
+ ldap_charray_free( uris );
return 1;
}
- }
- /*
- * copies and stores uri and suffix
- */
- ber_str2bv( ludp->lud_dn, 0, 0, &dn );
- rc = dnPrettyNormal( NULL, &dn, &mt->mt_psuffix,
- &mt->mt_nsuffix, NULL );
- if( rc != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "target \"%s\" DN is invalid\n",
- fname, lineno, argv[ 1 ] );
- return( 1 );
- }
+ if ( c == 0 ) {
- ludp->lud_dn[ 0 ] = '\0';
+ /*
+ * uri MUST have the <dn> part!
+ */
+ if ( ludp->lud_dn == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing <naming context> "
+ " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
+ fname, lineno, 0 );
+ ldap_free_urllist( ludp );
+ ldap_charray_free( uris );
+ return 1;
+ }
- switch ( ludp->lud_scope ) {
- case LDAP_SCOPE_DEFAULT:
- mt->mt_scope = LDAP_SCOPE_SUBTREE;
- break;
+ /*
+ * copies and stores uri and suffix
+ */
+ ber_str2bv( ludp->lud_dn, 0, 0, &dn );
+ rc = dnPrettyNormal( NULL, &dn, &mt->mt_psuffix,
+ &mt->mt_nsuffix, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "target \"%s\" DN is invalid\n",
+ fname, lineno, argv[ 1 ] );
+ ldap_free_urllist( ludp );
+ ldap_charray_free( uris );
+ return( 1 );
+ }
- case LDAP_SCOPE_SUBTREE:
- case LDAP_SCOPE_SUBORDINATE:
- mt->mt_scope = ludp->lud_scope;
- break;
+ ludp->lud_dn[ 0 ] = '\0';
- default:
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "invalid scope for target \"%s\"\n",
- fname, lineno, argv[ 1 ] );
- return( 1 );
- }
+ switch ( ludp->lud_scope ) {
+ case LDAP_SCOPE_DEFAULT:
+ mt->mt_scope = LDAP_SCOPE_SUBTREE;
+ break;
- /* check all, to apply the scope check on the first one */
- for ( tmpludp = ludp; tmpludp; tmpludp = tmpludp->lud_next ) {
- if ( tmpludp->lud_dn != NULL && tmpludp->lud_dn[ 0 ] != '\0' ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "multiple URIs must have "
- "no DN part\n",
+ case LDAP_SCOPE_SUBTREE:
+ case LDAP_SCOPE_SUBORDINATE:
+ mt->mt_scope = ludp->lud_scope;
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "invalid scope for target \"%s\"\n",
+ fname, lineno, argv[ 1 ] );
+ ldap_free_urllist( ludp );
+ ldap_charray_free( uris );
+ return( 1 );
+ }
+
+ } else {
+ /* check all, to apply the scope check on the first one */
+ if ( ludp->lud_dn != NULL && ludp->lud_dn[ 0 ] != '\0' ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "multiple URIs must have "
+ "no DN part\n",
+ fname, lineno, 0 );
+ ldap_free_urllist( ludp );
+ ldap_charray_free( uris );
+ return( 1 );
+
+ }
+ }
+
+ tmpuri = ldap_url_list2urls( ludp );
+ ldap_free_urllist( ludp );
+ if ( tmpuri == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: no memory?\n",
fname, lineno, 0 );
+ ldap_charray_free( uris );
return( 1 );
-
}
+ ldap_memfree( uris[ c ] );
+ uris[ c ] = tmpuri;
}
- mt->mt_uri = ldap_url_list2urls( ludp );
- ldap_free_urllist( ludp );
+ mt->mt_uri = ldap_charray2str( uris, " " );
+ ldap_charray_free( uris );
if ( mt->mt_uri == NULL) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: no memory?\n",
fname, lineno, 0 );
@@ -280,26 +297,18 @@
/*
* uri MUST be a branch of suffix!
*/
-#if 0 /* too strict a constraint */
- if ( select_backend( &mt->mt_nsuffix, 0, 0 ) != be ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: <naming context> of URI does not refer to current backend"
- " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
- fname, lineno, 0 );
- return 1;
+ for ( c = 0; !BER_BVISNULL( &be->be_nsuffix[ c ] ); c++ ) {
+ if ( dnIsSuffix( &mt->mt_nsuffix, &be->be_nsuffix[ c ] ) ) {
+ break;
+ }
}
-#else
- /*
- * uri MUST be a branch of a suffix!
- */
- if ( select_backend( &mt->mt_nsuffix, 0, 0 ) == NULL ) {
+
+ if ( BER_BVISNULL( &be->be_nsuffix[ c ] ) ) {
Debug( LDAP_DEBUG_ANY,
- "%s: line %d: <naming context> of URI does not resolve to a backend"
- " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
+ "%s: line %d: <naming context> of URI must be within the naming context of this database.\n",
fname, lineno, 0 );
return 1;
}
-#endif
/* subtree-exclude */
} else if ( strcasecmp( argv[ 0 ], "subtree-exclude" ) == 0 ) {
@@ -1238,8 +1247,8 @@
/* dn massaging */
} else if ( strcasecmp( argv[ 0 ], "suffixmassage" ) == 0 ) {
- BackendDB *tmp_be;
- int i = mi->mi_ntargets - 1, rc;
+ BackendDB *tmp_bd;
+ int i = mi->mi_ntargets - 1, c, rc;
struct berval dn, nvnc, pvnc, nrnc, prnc;
if ( i < 0 ) {
@@ -1270,17 +1279,22 @@
ber_str2bv( argv[ 1 ], 0, 0, &dn );
if ( dnPrettyNormal( NULL, &dn, &pvnc, &nvnc, NULL ) != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "suffix '%s' is invalid\n",
+ "suffix \"%s\" is invalid\n",
fname, lineno, argv[ 1 ] );
return 1;
}
-
- tmp_be = select_backend( &nvnc, 0, 0 );
- if ( tmp_be != NULL && tmp_be != be ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: suffix already in use by another backend in"
- " \"suffixMassage <suffix> <massaged suffix>\"\n",
- fname, lineno, 0 );
+
+ for ( c = 0; !BER_BVISNULL( &be->be_nsuffix[ c ] ); c++ ) {
+ if ( dnIsSuffix( &nvnc, &be->be_nsuffix[ 0 ] ) ) {
+ break;
+ }
+ }
+
+ if ( BER_BVISNULL( &be->be_nsuffix[ c ] ) ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "%s: line %d: <suffix> \"%s\" must be within the database naming context, in "
+ "\"suffixMassage <suffix> <massaged suffix>\"\n",
+ fname, lineno, pvnc.bv_val );
free( pvnc.bv_val );
free( nvnc.bv_val );
return 1;
@@ -1289,33 +1303,24 @@
ber_str2bv( argv[ 2 ], 0, 0, &dn );
if ( dnPrettyNormal( NULL, &dn, &prnc, &nrnc, NULL ) != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "massaged suffix '%s' is invalid\n",
+ "massaged suffix \"%s\" is invalid\n",
fname, lineno, argv[ 2 ] );
free( pvnc.bv_val );
free( nvnc.bv_val );
return 1;
}
-#if 0
- tmp_be = select_backend( &nrnc, 0, 0 );
- if ( tmp_be != NULL ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: massaged suffix already in use by another backend in"
- " \"suffixMassage <suffix> <massaged suffix>\"\n",
- fname, lineno, 0 );
- free( pvnc.bv_val );
- free( nvnc.bv_val );
- free( prnc.bv_val );
- free( nrnc.bv_val );
- return 1;
+ tmp_bd = select_backend( &nrnc, 0, 0 );
+ if ( tmp_bd != NULL && tmp_bd->be_private == be->be_private ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: warning: <massaged suffix> \"%s\" resolves to this database, in "
+ "\"suffixMassage <suffix> <massaged suffix>\"\n",
+ fname, lineno, prnc.bv_val );
}
-#endif
-
+
/*
* The suffix massaging is emulated by means of the
* rewrite capabilities
- * FIXME: no extra rewrite capabilities should be added
- * to the database
*/
rc = suffix_massage_config( mi->mi_targets[ i ]->mt_rwmap.rwm_rw,
&pvnc, &nvnc, &prnc, &nrnc );
Modified: openldap/trunk-2.3/servers/slapd/back-meta/conn.c
===================================================================
--- openldap/trunk-2.3/servers/slapd/back-meta/conn.c 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/servers/slapd/back-meta/conn.c 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/conn.c,v 1.31.2.28 2007/01/27 23:56:43 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/conn.c,v 1.31.2.29 2007/10/13 08:26:04 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1999-2007 The OpenLDAP Foundation.
@@ -1183,7 +1183,8 @@
case LDAP_REQ_BIND:
/* if bound as rootdn, the backend must bind to all targets
- * with the administrative identity */
+ * with the administrative identity
+ * (unless pseoudoroot-bind-defer is TRUE) */
if ( op->orb_method == LDAP_AUTH_SIMPLE && be_isroot_pw( op ) ) {
op_type = META_OP_REQUIRE_ALL;
}
@@ -1241,6 +1242,9 @@
rs, mc, i, LDAP_BACK_CONN_ISPRIV( &mc_curr ),
LDAP_BACK_DONTSEND, !new_conn );
if ( candidates[ i ].sr_err == LDAP_SUCCESS ) {
+ if ( new_conn && ( sendok & LDAP_BACK_BINDING ) ) {
+ LDAP_BACK_CONN_BINDING_SET( &mc->mc_conns[ i ] );
+ }
META_CANDIDATE_SET( &candidates[ i ] );
ncandidates++;
@@ -1430,6 +1434,10 @@
return NULL;
}
+ if ( new_conn && ( sendok & LDAP_BACK_BINDING ) ) {
+ LDAP_BACK_CONN_BINDING_SET( &mc->mc_conns[ i ] );
+ }
+
candidates[ i ].sr_err = LDAP_SUCCESS;
META_CANDIDATE_SET( &candidates[ i ] );
ncandidates++;
Modified: openldap/trunk-2.3/servers/slapd/back-meta/map.c
===================================================================
--- openldap/trunk-2.3/servers/slapd/back-meta/map.c 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/servers/slapd/back-meta/map.c 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,5 +1,5 @@
/* map.c - ldap backend mapping routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/map.c,v 1.1.2.14 2007/02/26 19:40:12 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/map.c,v 1.1.2.15 2007/10/04 20:18:59 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2007 The OpenLDAP Foundation.
@@ -57,6 +57,7 @@
#include <ac/socket.h>
#include "slap.h"
+#include "lutil.h"
#include "../back-ldap/back-ldap.h"
#include "back-meta.h"
@@ -212,6 +213,7 @@
int remap )
{
struct berval vtmp;
+ char uuid[ LDAP_LUTIL_UUIDSTR_BUFSIZE ];
int freeval = 0;
ldap_back_map( &dc->target->mt_rwmap.rwm_at, &ad->ad_cname, mapped_attr, remap );
@@ -258,6 +260,14 @@
return -1;
}
+ } else if ( ad->ad_type->sat_syntax == slap_schema.si_ad_entryUUID->ad_type->sat_syntax ) {
+ vtmp.bv_len = lutil_uuidstr_from_normalized( value->bv_val,
+ value->bv_len, uuid, LDAP_LUTIL_UUIDSTR_BUFSIZE );
+ if ( vtmp.bv_len < 0 ) {
+ return -1;
+ }
+ vtmp.bv_val = uuid;
+
} else if ( ad == slap_schema.si_ad_objectClass || ad == slap_schema.si_ad_structuralObjectClass ) {
ldap_back_map( &dc->target->mt_rwmap.rwm_oc, value, &vtmp, remap );
if ( BER_BVISNULL( &vtmp ) || BER_BVISEMPTY( &vtmp ) ) {
Modified: openldap/trunk-2.3/servers/slapd/back-sql/init.c
===================================================================
--- openldap/trunk-2.3/servers/slapd/back-sql/init.c 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/servers/slapd/back-sql/init.c 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/init.c,v 1.47.2.13 2007/01/02 21:44:07 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/init.c,v 1.47.2.14 2007/08/22 21:37:58 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1999-2007 The OpenLDAP Foundation.
@@ -477,7 +477,11 @@
"connection failed, exiting\n", 0, 0, 0 );
return 1;
}
-
+ if ( backsql_load_schema_map( bi, dbh ) != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
+ "schema mapping failed, exiting\n", 0, 0, 0 );
+ return 1;
+ }
if ( backsql_free_db_conn( op ) != SQL_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
"connection free failed\n", 0, 0, 0 );
Modified: openldap/trunk-2.3/servers/slapd/back-sql/sql-wrap.c
===================================================================
--- openldap/trunk-2.3/servers/slapd/back-sql/sql-wrap.c 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/servers/slapd/back-sql/sql-wrap.c 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/sql-wrap.c,v 1.28.2.8 2007/01/02 21:44:07 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/sql-wrap.c,v 1.28.2.9 2007/08/22 21:37:58 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1999-2007 The OpenLDAP Foundation.
@@ -345,6 +345,7 @@
{
/* TimesTen */
char DBMSName[ 32 ];
+ SQLHDBC dbh = SQL_NULL_HDBC;
backsql_db_conn *dbc;
int rc;
@@ -354,9 +355,7 @@
Debug( LDAP_DEBUG_TRACE, "==>backsql_open_db_conn(%lu)\n",
ldap_cid, 0, 0 );
- dbc = (backsql_db_conn *)ch_calloc( 1, sizeof( backsql_db_conn ) );
- dbc->ldap_cid = ldap_cid;
- rc = SQLAllocConnect( bi->sql_db_env, &dbc->dbh );
+ rc = SQLAllocConnect( bi->sql_db_env, &dbh );
if ( !BACKSQL_SUCCESS( rc ) ) {
Debug( LDAP_DEBUG_TRACE, "backsql_open_db_conn(%lu): "
"SQLAllocConnect() failed:\n", ldap_cid, 0, 0 );
@@ -365,7 +364,7 @@
return LDAP_UNAVAILABLE;
}
- rc = SQLConnect( dbc->dbh,
+ rc = SQLConnect( dbh,
(SQLCHAR*)bi->sql_dbname, SQL_NTS,
(SQLCHAR*)bi->sql_dbuser, SQL_NTS,
(SQLCHAR*)bi->sql_dbpasswd, SQL_NTS );
@@ -375,8 +374,9 @@
ldap_cid, bi->sql_dbname,
rc == SQL_SUCCESS_WITH_INFO ?
"succeeded with info" : "failed" );
- backsql_PrintErrors( bi->sql_db_env, dbc->dbh, SQL_NULL_HENV, rc );
+ backsql_PrintErrors( bi->sql_db_env, dbh, SQL_NULL_HENV, rc );
if ( rc != SQL_SUCCESS_WITH_INFO ) {
+ SQLFreeConnect( dbh );
return LDAP_UNAVAILABLE;
}
}
@@ -385,7 +385,7 @@
* TimesTen : Turn off autocommit. We must explicitly
* commit any transactions.
*/
- SQLSetConnectOption( dbc->dbh, SQL_AUTOCOMMIT, SQL_AUTOCOMMIT_OFF );
+ SQLSetConnectOption( dbh, SQL_AUTOCOMMIT, SQL_AUTOCOMMIT_OFF );
/*
* See if this connection is to TimesTen. If it is,
@@ -394,7 +394,7 @@
/* Assume until proven otherwise */
bi->sql_flags &= ~BSQLF_USE_REVERSE_DN;
DBMSName[ 0 ] = '\0';
- rc = SQLGetInfo( dbc->dbh, SQL_DBMS_NAME, (PTR)&DBMSName,
+ rc = SQLGetInfo( dbh, SQL_DBMS_NAME, (PTR)&DBMSName,
sizeof( DBMSName ), NULL );
if ( rc == SQL_SUCCESS ) {
if ( strcmp( DBMSName, "TimesTen" ) == 0 ||
@@ -403,28 +403,23 @@
"TimesTen database!\n", ldap_cid, 0, 0 );
bi->sql_flags |= BSQLF_USE_REVERSE_DN;
}
+
} else {
Debug( LDAP_DEBUG_TRACE, "backsql_open_db_conn(%lu): "
"SQLGetInfo() failed.\n", ldap_cid, 0, 0 );
- backsql_PrintErrors( bi->sql_db_env, dbc->dbh, SQL_NULL_HENV, rc );
- return rc;
+ backsql_PrintErrors( bi->sql_db_env, dbh, SQL_NULL_HENV, rc );
}
/* end TimesTen */
- Debug( LDAP_DEBUG_TRACE, "backsql_open_db_conn(%lu): "
- "connected, adding to tree.\n", ldap_cid, 0, 0 );
- ldap_pvt_thread_mutex_lock( &bi->sql_dbconn_mutex );
- if ( avl_insert( &bi->sql_db_conns, dbc, backsql_cmp_connid, avl_dup_error ) ) {
- Debug( LDAP_DEBUG_TRACE, "backsql_open_db_conn(%lu): "
- "duplicate connection ID.\n", ldap_cid, 0, 0 );
- return LDAP_OTHER;
- }
- ldap_pvt_thread_mutex_unlock( &bi->sql_dbconn_mutex );
- Debug( LDAP_DEBUG_TRACE, "<==backsql_open_db_conn(%lu)\n", ldap_cid, 0, 0 );
+ dbc = (backsql_db_conn *)ch_calloc( 1, sizeof( backsql_db_conn ) );
+ dbc->ldap_cid = ldap_cid;
+ dbc->dbh = dbh;
*pdbc = dbc;
- return LDAP_SUCCESS;
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_open_db_conn(%lu)\n", ldap_cid, 0, 0 );
+
+ return rc;
}
int
@@ -475,7 +470,9 @@
* we have one thread per connection, as I understand --
* so we do not need locking here
*/
+ ldap_pvt_thread_mutex_lock( &bi->sql_dbconn_mutex );
dbc = avl_find( bi->sql_db_conns, &tmp, backsql_cmp_connid );
+ ldap_pvt_thread_mutex_unlock( &bi->sql_dbconn_mutex );
if ( !dbc ) {
rc = backsql_open_db_conn( bi, op->o_connid, &dbc );
if ( rc != LDAP_SUCCESS) {
@@ -483,21 +480,26 @@
"could not get connection handle "
"-- returning NULL\n", 0, 0, 0 );
return rc;
- }
- }
- ldap_pvt_thread_mutex_lock( &bi->sql_schema_mutex );
- if ( !BACKSQL_SCHEMA_LOADED( bi ) ) {
- Debug( LDAP_DEBUG_TRACE, "backsql_get_db_conn(): "
- "first call -- reading schema map\n", 0, 0, 0 );
- rc = backsql_load_schema_map( bi, dbc->dbh );
- if ( rc != LDAP_SUCCESS ) {
- ldap_pvt_thread_mutex_unlock( &bi->sql_schema_mutex );
- backsql_free_db_conn( op );
- return rc;
+ } else {
+ int ret;
+
+ Debug( LDAP_DEBUG_TRACE, "backsql_open_db_conn(%lu): "
+ "connected, adding to tree.\n",
+ op->o_connid, 0, 0 );
+ ldap_pvt_thread_mutex_lock( &bi->sql_dbconn_mutex );
+ ret = avl_insert( &bi->sql_db_conns, dbc, backsql_cmp_connid, avl_dup_error );
+ ldap_pvt_thread_mutex_unlock( &bi->sql_dbconn_mutex );
+ if ( ret != 0 ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_open_db_conn(%lu): "
+ "duplicate connection ID.\n",
+ op->o_connid, 0, 0 );
+ backsql_close_db_conn( (void *)dbc );
+ dbc = NULL;
+ return LDAP_OTHER;
+ }
}
}
- ldap_pvt_thread_mutex_unlock( &bi->sql_schema_mutex );
*dbh = dbc->dbh;
Modified: openldap/trunk-2.3/servers/slapd/backglue.c
===================================================================
--- openldap/trunk-2.3/servers/slapd/backglue.c 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/servers/slapd/backglue.c 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,5 +1,5 @@
/* backglue.c - backend glue */
-/* $OpenLDAP: pkg/ldap/servers/slapd/backglue.c,v 1.91.2.18 2007/07/12 00:36:36 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/backglue.c,v 1.91.2.19 2007/08/23 14:31:02 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2001-2007 The OpenLDAP Foundation.
@@ -620,9 +620,10 @@
Entry **e )
{
BackendDB *b0 = op->o_bd;
- op->o_bd = glue_back_select( b0, dn );
int rc;
+ op->o_bd = glue_back_select( b0, dn );
+
if ( op->o_bd->be_fetch ) {
rc = op->o_bd->be_fetch( op, dn, oc, ad, rw, e );
} else {
Modified: openldap/trunk-2.3/servers/slapd/backover.c
===================================================================
--- openldap/trunk-2.3/servers/slapd/backover.c 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/servers/slapd/backover.c 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,5 +1,5 @@
/* backover.c - backend overlay routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/backover.c,v 1.31.2.22 2007/07/12 00:42:42 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/backover.c,v 1.31.2.23 2007/09/02 11:51:09 hyc Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2003-2007 The OpenLDAP Foundation.
@@ -147,6 +147,7 @@
ca.bi = &on->on_bi;
ct = config_find_keyword( on->on_bi.bi_cf_ocs->co_table, &ca );
if ( ct ) {
+ ca.table = on->on_bi.bi_cf_ocs->co_type;
rc = config_add_vals( ct, &ca );
if ( rc != SLAP_CONF_UNKNOWN )
break;
Modified: openldap/trunk-2.3/servers/slapd/bconfig.c
===================================================================
--- openldap/trunk-2.3/servers/slapd/bconfig.c 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/servers/slapd/bconfig.c 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,5 +1,5 @@
/* bconfig.c - the config backend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/bconfig.c,v 1.17.2.53 2007/07/23 19:41:30 hallvard Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/bconfig.c,v 1.17.2.54 2007/09/02 11:51:09 hyc Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2005-2007 The OpenLDAP Foundation.
@@ -707,7 +707,7 @@
"NAME 'olcFrontendConfig' "
"DESC 'OpenLDAP frontend configuration' "
"AUXILIARY "
- "MAY olcDefaultSearchBase )",
+ "MAY ( olcDefaultSearchBase $ olcPasswordHash ) )",
Cft_Database, NULL, NULL },
#ifdef SLAPD_MODULES
{ "( OLcfgGlOc:8 "
@@ -1459,17 +1459,27 @@
return(0);
}
+/* For backward compatibility we allow this in the global entry
+ * but we now defer it to the frontend entry to allow modules
+ * to load new hash types.
+ */
static int
config_passwd_hash(ConfigArgs *c) {
int i;
if (c->op == SLAP_CONFIG_EMIT) {
struct berval bv;
+ /* Don't generate it in the global entry */
+ if ( c->table == Cft_Global )
+ return 1;
for (i=0; default_passwd_hash && default_passwd_hash[i]; i++) {
ber_str2bv(default_passwd_hash[i], 0, 0, &bv);
value_add_one(&c->rvalue_vals, &bv);
}
return i ? 0 : 1;
} else if ( c->op == LDAP_MOD_DELETE ) {
+ /* Deleting from global is a no-op, only the frontendDB entry matters */
+ if ( c->table == Cft_Global )
+ return 0;
if ( c->valx < 0 ) {
ldap_charray_free( default_passwd_hash );
default_passwd_hash = NULL;
@@ -1481,12 +1491,6 @@
}
return 0;
}
- if(default_passwd_hash) {
- Debug(LDAP_DEBUG_ANY, "%s: "
- "already set default password_hash\n",
- c->log, 0, 0);
- return(1);
- }
for(i = 1; i < c->argc; i++) {
if(!lutil_passwd_scheme(c->argv[i])) {
snprintf( c->msg, sizeof( c->msg ), "<%s> scheme not available", c->argv[0] );
@@ -1495,13 +1499,13 @@
} else {
ldap_charray_add(&default_passwd_hash, c->argv[i]);
}
- if(!default_passwd_hash) {
- snprintf( c->msg, sizeof( c->msg ), "<%s> no valid hashes found", c->argv[0] );
- Debug(LDAP_DEBUG_ANY, "%s: %s\n",
- c->log, c->msg, 0 );
- return(1);
- }
}
+ if(!default_passwd_hash) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> no valid hashes found", c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s\n",
+ c->log, c->msg, 0 );
+ return(1);
+ }
return(0);
}
@@ -2924,6 +2928,7 @@
argv[1] = (char *)dir;
argv[2] = NULL;
c.argv = argv;
+ c.table = Cft_Database;
ct = config_find_keyword( c.be->be_cf_ocs->co_table, &c );
if ( !ct )
@@ -3137,14 +3142,17 @@
}
static ConfigTable *
-config_find_table( ConfigOCs **colst, int nocs, AttributeDescription *ad )
+config_find_table( ConfigOCs **colst, int nocs, AttributeDescription *ad,
+ ConfigArgs *ca )
{
int i, j;
for (j=0; j<nocs; j++) {
for (i=0; colst[j]->co_table[i].name; i++)
- if ( colst[j]->co_table[i].ad == ad )
+ if ( colst[j]->co_table[i].ad == ad ) {
+ ca->table = colst[j]->co_type;
return &colst[j]->co_table[i];
+ }
}
return NULL;
}
@@ -3590,7 +3598,7 @@
for ( a=e->e_attrs; a; a=a->a_next ) {
if ( a == oc_at ) continue;
- ct = config_find_table( colst, nocs, a->a_desc );
+ ct = config_find_table( colst, nocs, a->a_desc, ca );
if ( !ct ) continue; /* user data? */
rc = check_vals( ct, ca, a, 1 );
if ( rc ) goto done;
@@ -3599,7 +3607,7 @@
/* Basic syntax checks are OK. Do the actual settings. */
for ( a=e->e_attrs; a; a=a->a_next ) {
if ( a == oc_at ) continue;
- ct = config_find_table( colst, nocs, a->a_desc );
+ ct = config_find_table( colst, nocs, a->a_desc, ca );
if ( !ct ) continue; /* user data? */
for (i=0; a->a_vals[i].bv_val; i++) {
ca->line = a->a_vals[i].bv_val;
@@ -3769,7 +3777,7 @@
strcpy( ca->log, "back-config" );
for (ml = op->orm_modlist; ml; ml=ml->sml_next) {
- ct = config_find_table( colst, nocs, ml->sml_desc );
+ ct = config_find_table( colst, nocs, ml->sml_desc, ca );
switch (ml->sml_op) {
case LDAP_MOD_DELETE:
case LDAP_MOD_REPLACE: {
@@ -3882,7 +3890,7 @@
if ( rc == LDAP_SUCCESS ) {
/* Basic syntax checks are OK. Do the actual settings. */
for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
- ct = config_find_table( colst, nocs, ml->sml_desc );
+ ct = config_find_table( colst, nocs, ml->sml_desc, ca );
if ( !ct ) continue;
switch (ml->sml_op) {
@@ -4237,6 +4245,7 @@
attr_merge_normalize_one(e, ad, &val, NULL );
oc = main->co_oc;
+ c->table = main->co_type;
if ( oc->soc_required )
config_build_attrs( e, oc->soc_required, ad, main->co_table, c );
@@ -4245,6 +4254,7 @@
if ( extra ) {
oc = extra->co_oc;
+ c->table = extra->co_type;
if ( oc->soc_required )
config_build_attrs( e, oc->soc_required, ad, extra->co_table, c );
Modified: openldap/trunk-2.3/servers/slapd/config.c
===================================================================
--- openldap/trunk-2.3/servers/slapd/config.c 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/servers/slapd/config.c 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,5 +1,5 @@
/* config.c - configuration file handling routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/config.c,v 1.341.2.25 2007/02/08 12:31:24 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/config.c,v 1.341.2.26 2007/09/02 11:51:09 hyc Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2007 The OpenLDAP Foundation.
@@ -308,8 +308,7 @@
return(0);
}
if(arg_type & ARG_OFFSET) {
- if (c->be && (!overlay_is_over(c->be) ||
- ((slap_overinfo *)c->be->bd_info)->oi_orig == c->bi))
+ if (c->be && c->table == Cft_Database)
ptr = c->be->be_private;
else if (c->bi)
ptr = c->bi->bi_private;
@@ -400,8 +399,7 @@
if ( rc ) return rc;
} else {
if ( cf->arg_type & ARG_OFFSET ) {
- if (c->be && (!overlay_is_over(c->be) ||
- ((slap_overinfo *)c->be->bd_info)->oi_orig == c->bi))
+ if (c->be && c->table == Cft_Database)
ptr = c->be->be_private;
else if ( c->bi )
ptr = c->bi->bi_private;
@@ -752,6 +750,7 @@
ct = config_find_keyword( cft, c );
if ( ct ) {
+ c->table = Cft_Global;
rc = config_add_vals( ct, c );
if ( !rc ) continue;
@@ -772,6 +771,7 @@
if ( c->bi->bi_cf_ocs ) {
ct = config_find_keyword( c->bi->bi_cf_ocs->co_table, c );
if ( ct ) {
+ c->table = c->bi->bi_cf_ocs->co_type;
rc = config_add_vals( ct, c );
}
}
@@ -800,6 +800,7 @@
if ( c->be->be_cf_ocs ) {
ct = config_find_keyword( c->be->be_cf_ocs->co_table, c );
if ( ct ) {
+ c->table = c->be->be_cf_ocs->co_type;
rc = config_add_vals( ct, c );
}
}
@@ -1526,7 +1527,9 @@
rc = SLAP_CONF_UNKNOWN;
ct = config_find_keyword( be->be_cf_ocs->co_table, &c );
- if ( ct )
+ if ( ct ) {
+ c.table = be->be_cf_ocs->co_type;
rc = config_add_vals( ct, &c );
+ }
return rc;
}
Modified: openldap/trunk-2.3/servers/slapd/config.h
===================================================================
--- openldap/trunk-2.3/servers/slapd/config.h 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/servers/slapd/config.h 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,5 +1,5 @@
/* config.h - configuration abstraction structure */
-/* $OpenLDAP: pkg/ldap/servers/slapd/config.h,v 1.2.2.13 2007/01/02 21:43:55 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/config.h,v 1.2.2.14 2007/09/02 11:51:09 hyc Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2007 The OpenLDAP Foundation.
@@ -141,6 +141,7 @@
Entry *ca_entry; /* entry being modified */
void *private; /* anything */
ConfigDriver *cleanup;
+ ConfigType table; /* which config table did we come from */
} ConfigArgs;
/* If lineno is zero, we have an actual LDAP Add request from a client.
Modified: openldap/trunk-2.3/servers/slapd/filter.c
===================================================================
--- openldap/trunk-2.3/servers/slapd/filter.c 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/servers/slapd/filter.c 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,5 +1,5 @@
/* filter.c - routines for parsing and dealing with filters */
-/* $OpenLDAP: pkg/ldap/servers/slapd/filter.c,v 1.125.2.10 2007/01/02 21:43:55 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/filter.c,v 1.125.2.12 2007/10/05 06:36:24 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2007 The OpenLDAP Foundation.
@@ -32,6 +32,7 @@
#include <ac/string.h>
#include "slap.h"
+#include "lutil.h"
static int get_filter_list(
Operation *op,
@@ -561,7 +562,14 @@
switch ( f->f_choice ) {
case LDAP_FILTER_EQUALITY:
- filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx );
+ if ( f->f_av_desc->ad_type->sat_syntax == slap_schema.si_ad_entryUUID->ad_type->sat_syntax ) {
+ tmp.bv_val = op->o_tmpalloc( LDAP_LUTIL_UUIDSTR_BUFSIZE, op->o_tmpmemctx );
+ tmp.bv_len = lutil_uuidstr_from_normalized( f->f_av_value.bv_val,
+ f->f_av_value.bv_len, tmp.bv_val, LDAP_LUTIL_UUIDSTR_BUFSIZE );
+ assert( tmp.bv_len > 0 );
+ } else {
+ filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx );
+ }
fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
tmp.bv_len + ( sizeof("(=)") - 1 );
Modified: openldap/trunk-2.3/servers/slapd/modify.c
===================================================================
--- openldap/trunk-2.3/servers/slapd/modify.c 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/servers/slapd/modify.c 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/modify.c,v 1.227.2.25 2007/01/02 21:43:56 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/modify.c,v 1.227.2.26 2007/09/04 03:42:37 hyc Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2007 The OpenLDAP Foundation.
@@ -734,6 +734,7 @@
"%s: value #%ld normalization failed",
ml->sml_type.bv_val, (long) nvals );
*text = textbuf;
+ BER_BVZERO( &ml->sml_nvalues[nvals] );
return rc;
}
}
Modified: openldap/trunk-2.3/servers/slapd/overlays/Makefile.in
===================================================================
--- openldap/trunk-2.3/servers/slapd/overlays/Makefile.in 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/servers/slapd/overlays/Makefile.in 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,5 +1,5 @@
# Makefile.in for overlays
-# $OpenLDAP: pkg/ldap/servers/slapd/overlays/Makefile.in,v 1.16.2.17 2007/05/29 21:57:47 hallvard Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/overlays/Makefile.in,v 1.16.2.18 2007/10/23 21:21:38 quanah Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 2003-2007 The OpenLDAP Foundation.
@@ -124,7 +124,7 @@
$(AR) rs $@ $(OBJS)
# Must fixup depends for non-libtool objects
-depend-local:
+depend-local: depend-common
@if test -n "$(OBJS)"; then \
OBJ2=`echo $(OBJS) $(OBJDEP) | $(SED) -e 's/\.o//g'`; \
SCR=''; for i in $$OBJ2; do SCR="$$SCR -e s/^$$i.lo:/$$i.o:/"; done; \
Modified: openldap/trunk-2.3/servers/slapd/overlays/pcache.c
===================================================================
--- openldap/trunk-2.3/servers/slapd/overlays/pcache.c 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/servers/slapd/overlays/pcache.c 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/pcache.c,v 1.41.2.19 2007/07/23 20:08:32 hallvard Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/pcache.c,v 1.41.2.22 2007/10/23 23:26:19 hyc Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2003-2007 The OpenLDAP Foundation.
@@ -1050,7 +1050,6 @@
if ( si->query.save_attrs != NULL ) {
rs->sr_attrs = si->query.save_attrs;
op->ors_attrs = si->query.save_attrs;
- si->query.save_attrs = NULL;
}
if ( rs->sr_type == REP_SEARCH ) {
@@ -1135,8 +1134,8 @@
count++;
}
- *new_attrs = (AttributeName*)ch_malloc((count+1)*
- sizeof(AttributeName));
+ *new_attrs = (AttributeName*)ch_calloc( count + 1,
+ sizeof(AttributeName) );
for (i=0; i<attrs->count; i++) {
(*new_attrs)[i].an_name = attrs->attrs[i].an_name;
(*new_attrs)[i].an_desc = attrs->attrs[i].an_desc;
@@ -1156,18 +1155,13 @@
continue;
(*new_attrs)[j].an_name = filter_attrs[i].an_name;
(*new_attrs)[j].an_desc = filter_attrs[i].an_desc;
- (*new_attrs)[j].an_oc = NULL;
- (*new_attrs)[j].an_oc_exclude = 0;
j++;
}
if ( addoc ) {
(*new_attrs)[j].an_name = slap_schema.si_ad_objectClass->ad_cname;
(*new_attrs)[j].an_desc = slap_schema.si_ad_objectClass;
- (*new_attrs)[j].an_oc = NULL;
- (*new_attrs)[j].an_oc_exclude = 0;
j++;
}
- BER_BVZERO( &(*new_attrs)[j].an_name );
}
/* NOTE: this is a quick workaround to let pcache minimally interact
@@ -1264,7 +1258,7 @@
continue;
cacheable = 1;
template_id = i;
- Debug( LDAP_DEBUG_NONE, "Entering QC, querystr = %s\n",
+ Debug( pcache_debug, "Entering QC, querystr = %s\n",
op->ors_filterstr.bv_val, 0, 0 );
answerable = (*(qm->qcfunc))(op, qm, &query, i);
Modified: openldap/trunk-2.3/servers/slapd/overlays/rwm.c
===================================================================
--- openldap/trunk-2.3/servers/slapd/overlays/rwm.c 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/servers/slapd/overlays/rwm.c 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,5 +1,5 @@
/* rwm.c - rewrite/remap operations */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwm.c,v 1.37.2.20 2007/08/14 09:59:44 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwm.c,v 1.37.2.21 2007/09/07 07:40:11 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2003-2007 The OpenLDAP Foundation.
@@ -516,7 +516,35 @@
return SLAP_CB_CONTINUE;
}
+/* imported from HEAD */
static int
+ber_bvarray_dup_x( BerVarray *dst, BerVarray src, void *ctx )
+{
+ int i, j;
+ BerVarray new;
+
+ if ( !src ) {
+ *dst = NULL;
+ return 0;
+ }
+
+ for (i=0; !BER_BVISNULL( &src[i] ); i++) ;
+ new = ber_memalloc_x(( i+1 ) * sizeof(BerValue), ctx );
+ if ( !new )
+ return -1;
+ for (j=0; j<i; j++) {
+ ber_dupbv_x( &new[j], &src[j], ctx );
+ if ( BER_BVISNULL( &new[j] )) {
+ ber_bvarray_free_x( new, ctx );
+ return -1;
+ }
+ }
+ BER_BVZERO( &new[j] );
+ *dst = new;
+ return 0;
+}
+
+static int
rwm_op_modify( Operation *op, SlapReply *rs )
{
slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
@@ -544,21 +572,26 @@
isupdate = be_shadow_update( op );
for ( mlp = &op->oq_modify.rs_modlist; *mlp; ) {
int is_oc = 0;
- Modifications *ml;
+ Modifications *ml = *mlp;
struct ldapmapping *mapping = NULL;
- /* duplicate the modlist */
- ml = ch_malloc( sizeof( Modifications ));
- *ml = **mlp;
- *mlp = ml;
-
+ /* ml points to a temporary mod until needs duplication */
if ( ml->sml_desc == slap_schema.si_ad_objectClass
|| ml->sml_desc == slap_schema.si_ad_structuralObjectClass )
{
is_oc = 1;
- } else if ( !isupdate && !get_manageDIT( op ) && (*mlp)->sml_desc->ad_type->sat_no_user_mod )
+ } else if ( !isupdate && !get_manageDIT( op ) && ml->sml_desc->ad_type->sat_no_user_mod )
{
+ ml = ch_malloc( sizeof( Modifications ) );
+ *ml = **mlp;
+ if ( (*mlp)->sml_values ) {
+ ber_bvarray_dup_x( &ml->sml_values, (*mlp)->sml_values, NULL );
+ if ( (*mlp)->sml_nvalues ) {
+ ber_bvarray_dup_x( &ml->sml_nvalues, (*mlp)->sml_nvalues, NULL );
+ }
+ }
+ *mlp = ml;
goto next_mod;
} else {
@@ -573,6 +606,11 @@
}
}
+ /* duplicate the modlist */
+ ml = ch_malloc( sizeof( Modifications ));
+ *ml = **mlp;
+ *mlp = ml;
+
if ( ml->sml_values != NULL ) {
int i, num;
struct berval *bva;
Modified: openldap/trunk-2.3/servers/slapd/overlays/rwmmap.c
===================================================================
--- openldap/trunk-2.3/servers/slapd/overlays/rwmmap.c 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/servers/slapd/overlays/rwmmap.c 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,5 +1,5 @@
/* rwmmap.c - rewrite/mapping routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwmmap.c,v 1.14.2.15 2007/07/12 20:23:48 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwmmap.c,v 1.14.2.16 2007/10/04 20:02:08 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1999-2007 The OpenLDAP Foundation.
@@ -32,6 +32,7 @@
#include "slap.h"
#include "rwm.h"
+#include "lutil.h"
#undef ldap_debug /* silence a warning in ldap-int.h */
#include "../../../libraries/libldap/ldap-int.h"
@@ -382,6 +383,7 @@
{
struct berval vtmp = BER_BVNULL;
int freeval = 0;
+ char uuid[ LDAP_LUTIL_UUIDSTR_BUFSIZE ];
AttributeDescription *ad = *adp;
struct ldapmapping *mapping = NULL;
@@ -425,6 +427,14 @@
return -1;
}
+ } else if ( ad->ad_type->sat_syntax == slap_schema.si_ad_entryUUID->ad_type->sat_syntax ) {
+ vtmp.bv_len = lutil_uuidstr_from_normalized( value->bv_val,
+ value->bv_len, uuid, LDAP_LUTIL_UUIDSTR_BUFSIZE );
+ if ( vtmp.bv_len < 0 ) {
+ return -1;
+ }
+ vtmp.bv_val = uuid;
+
} else if ( ad == slap_schema.si_ad_objectClass
|| ad == slap_schema.si_ad_structuralObjectClass )
{
Modified: openldap/trunk-2.3/servers/slapd/overlays/syncprov.c
===================================================================
--- openldap/trunk-2.3/servers/slapd/overlays/syncprov.c 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/servers/slapd/overlays/syncprov.c 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/syncprov.c,v 1.56.2.45 2007/07/22 15:24:26 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/syncprov.c,v 1.56.2.46 2007/10/08 16:13:54 hyc Exp $ */
/* syncprov.c - syncrepl provider */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
@@ -1503,7 +1503,7 @@
{
struct berval maxcsn = BER_BVNULL;
char cbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
- int do_check=0;
+ int do_check = 0, have_psearches;
/* Update our context CSN */
cbuf[0] = '\0';
@@ -1548,7 +1548,10 @@
opc->sctxcsn.bv_val = cbuf;
/* Handle any persistent searches */
- if ( si->si_ops ) {
+ ldap_pvt_thread_mutex_lock( &si->si_ops_mutex );
+ have_psearches = ( si->si_ops != NULL );
+ ldap_pvt_thread_mutex_unlock( &si->si_ops_mutex );
+ if ( have_psearches ) {
switch(op->o_tag) {
case LDAP_REQ_ADD:
case LDAP_REQ_MODIFY:
@@ -1653,12 +1656,19 @@
{
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
syncprov_info_t *si = on->on_bi.bi_private;
+ slap_callback *cb;
+ opcookie *opc;
+ int have_psearches, cbsize;
- slap_callback *cb = op->o_tmpcalloc(1, sizeof(slap_callback)+
- sizeof(opcookie) +
- (si->si_ops ? sizeof(modinst) : 0 ),
- op->o_tmpmemctx);
- opcookie *opc = (opcookie *)(cb+1);
+ ldap_pvt_thread_mutex_lock( &si->si_ops_mutex );
+ have_psearches = ( si->si_ops != NULL );
+ ldap_pvt_thread_mutex_unlock( &si->si_ops_mutex );
+
+ cbsize = sizeof(slap_callback) + sizeof(opcookie) +
+ (have_psearches ? sizeof(modinst) : 0 );
+
+ cb = op->o_tmpcalloc(1, cbsize, op->o_tmpmemctx);
+ opc = (opcookie *)(cb+1);
opc->son = on;
cb->sc_response = syncprov_op_response;
cb->sc_cleanup = syncprov_op_cleanup;
@@ -1669,7 +1679,7 @@
/* If there are active persistent searches, lock this operation.
* See seqmod.c for the locking logic on its own.
*/
- if ( si->si_ops ) {
+ if ( have_psearches ) {
modtarget *mt, mtdummy;
modinst *mi;
@@ -1716,7 +1726,7 @@
}
}
- if (( si->si_ops || si->si_logs ) && op->o_tag != LDAP_REQ_ADD )
+ if (( have_psearches || si->si_logs ) && op->o_tag != LDAP_REQ_ADD )
syncprov_matchops( op, opc, 1 );
return SLAP_CB_CONTINUE;
@@ -1865,8 +1875,9 @@
a = attr_find( rs->sr_operational_attrs, slap_schema.si_ad_entryCSN );
}
if ( a ) {
+ /* If not a persistent search */
/* Make sure entry is less than the snapshot'd contextCSN */
- if ( ber_bvcmp( &a->a_nvals[0], &ss->ss_ctxcsn ) > 0 ) {
+ if ( !ss->ss_so && ber_bvcmp( &a->a_nvals[0], &ss->ss_ctxcsn ) > 0 ) {
Debug( LDAP_DEBUG_SYNC, "Entry %s CSN %s greater than snapshot %s\n",
rs->sr_entry->e_name.bv_val,
a->a_nvals[0].bv_val,
Modified: openldap/trunk-2.3/servers/slapd/sasl.c
===================================================================
--- openldap/trunk-2.3/servers/slapd/sasl.c 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/servers/slapd/sasl.c 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/sasl.c,v 1.212.2.18 2007/06/08 08:10:31 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/sasl.c,v 1.212.2.19 2007/10/08 09:53:53 hyc Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2007 The OpenLDAP Foundation.
@@ -1191,12 +1191,13 @@
#if SASL_VERSION_MAJOR >= 2
int sc;
sasl_conn_t *ctx = conn->c_sasl_authctx;
+ sasl_ssf_t sasl_ssf = ssf;
if ( ctx == NULL ) {
return LDAP_UNAVAILABLE;
}
- sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL, &ssf );
+ sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL, &sasl_ssf );
if ( sc != SASL_OK ) {
return LDAP_OTHER;
@@ -1365,7 +1366,7 @@
if ( !op->o_conn->c_sasl_bind_in_progress ) {
/* If we already authenticated once, must use a new context */
if ( op->o_conn->c_sasl_done ) {
- slap_ssf_t ssf = 0;
+ sasl_ssf_t ssf = 0;
const char *authid = NULL;
#if SASL_VERSION_MAJOR >= 2
sasl_getprop( ctx, SASL_SSF_EXTERNAL, (void *)&ssf );
Modified: openldap/trunk-2.3/servers/slapd/sets.c
===================================================================
--- openldap/trunk-2.3/servers/slapd/sets.c 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/servers/slapd/sets.c 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/sets.c,v 1.24.2.5 2007/01/02 21:43:58 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/sets.c,v 1.24.2.7 2007/10/24 15:03:07 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2000-2007 The OpenLDAP Foundation.
@@ -111,19 +111,19 @@
BerVarray rset )
{
BerVarray set;
- long i, j, last;
+ long i, j, last, rlast;
unsigned op = ( op_flags & SLAP_SET_OPMASK );
set = NULL;
switch ( op ) {
case '|': /* union */
- if ( lset == NULL || BER_BVISNULL( lset ) ) {
+ if ( lset == NULL || BER_BVISNULL( &lset[ 0 ] ) ) {
if ( rset == NULL ) {
if ( lset == NULL ) {
set = cp->set_op->o_tmpcalloc( 1,
sizeof( struct berval ),
cp->set_op->o_tmpmemctx );
- BER_BVZERO( set );
+ BER_BVZERO( &set[ 0 ] );
return set;
}
return set_dup( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
@@ -131,12 +131,14 @@
slap_set_dispose( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
return set_dup( cp, rset, SLAP_SET_RREF2REF( op_flags ) );
}
- if ( rset == NULL || BER_BVISNULL( rset ) ) {
+ if ( rset == NULL || BER_BVISNULL( &rset[ 0 ] ) ) {
slap_set_dispose( cp, rset, SLAP_SET_RREF2REF( op_flags ) );
return set_dup( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
}
- i = slap_set_size( lset ) + slap_set_size( rset ) + 1;
+ /* worst scenario: no duplicates */
+ rlast = slap_set_size( rset );
+ i = slap_set_size( lset ) + rlast + 1;
set = cp->set_op->o_tmpcalloc( i, sizeof( struct berval ), cp->set_op->o_tmpmemctx );
if ( set != NULL ) {
/* set_chase() depends on this routine to
@@ -153,6 +155,9 @@
}
}
+ /* pointers to values have been used in set - don't free twice */
+ op_flags |= SLAP_SET_LREFVAL;
+
last = i;
for ( i = 0; !BER_BVISNULL( &rset[ i ] ); i++ ) {
@@ -163,11 +168,12 @@
{
if ( !( op_flags & SLAP_SET_RREFVAL ) ) {
cp->set_op->o_tmpfree( rset[ i ].bv_val, cp->set_op->o_tmpmemctx );
- BER_BVZERO( &rset[ i ] );
+ rset[ i ] = rset[ --rlast ];
+ BER_BVZERO( &rset[ rlast ] );
}
exists = 1;
- break;
- }
+ break;
+ }
}
if ( !exists ) {
@@ -180,37 +186,59 @@
last++;
}
}
+
+ /* pointers to values have been used in set - don't free twice */
+ op_flags |= SLAP_SET_RREFVAL;
+
BER_BVZERO( &set[ last ] );
}
break;
case '&': /* intersection */
- if ( lset == NULL || BER_BVISNULL( lset )
- || rset == NULL || BER_BVISNULL( rset ) )
+ if ( lset == NULL || BER_BVISNULL( &lset[ 0 ] )
+ || rset == NULL || BER_BVISNULL( &rset[ 0 ] ) )
{
set = cp->set_op->o_tmpcalloc( 1, sizeof( struct berval ),
cp->set_op->o_tmpmemctx );
- BER_BVZERO( set );
+ BER_BVZERO( &set[ 0 ] );
+ break;
} else {
- set = set_dup( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
+ long llen, rlen;
+ BerVarray sset;
+
+ llen = slap_set_size( lset );
+ rlen = slap_set_size( rset );
+
+ /* dup the shortest */
+ if ( llen < rlen ) {
+ last = llen;
+ set = set_dup( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
+ lset = NULL;
+ sset = rset;
+
+ } else {
+ last = rlen;
+ set = set_dup( cp, rset, SLAP_SET_RREF2REF( op_flags ) );
+ rset = NULL;
+ sset = lset;
+ }
+
if ( set == NULL ) {
break;
}
- lset = NULL;
- last = slap_set_size( set ) - 1;
+
for ( i = 0; !BER_BVISNULL( &set[ i ] ); i++ ) {
- for ( j = 0; !BER_BVISNULL( &rset[ j ] ); j++ ) {
- if ( bvmatch( &set[ i ], &rset[ j ] ) ) {
+ for ( j = 0; !BER_BVISNULL( &sset[ j ] ); j++ ) {
+ if ( bvmatch( &set[ i ], &sset[ j ] ) ) {
break;
}
}
- if ( BER_BVISNULL( &rset[ j ] ) ) {
+ if ( BER_BVISNULL( &sset[ j ] ) ) {
cp->set_op->o_tmpfree( set[ i ].bv_val, cp->set_op->o_tmpmemctx );
- set[ i ] = set[ last ];
+ set[ i ] = set[ --last ];
BER_BVZERO( &set[ last ] );
- last--;
i--;
}
}
@@ -221,6 +249,29 @@
i = slap_set_size( rset );
j = slap_set_size( lset );
+ /* handle empty set cases */
+ if ( i == 0 ) {
+ if ( j == 0 ) {
+ set = cp->set_op->o_tmpcalloc( i * j + 1, sizeof( struct berval ),
+ cp->set_op->o_tmpmemctx );
+ if ( set == NULL ) {
+ break;
+ }
+ BER_BVZERO( &set[ 0 ] );
+ break;
+
+ } else {
+ set = set_dup( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
+ lset = NULL;
+ break;
+ }
+
+ } else if ( j == 0 ) {
+ set = set_dup( cp, rset, SLAP_SET_RREF2REF( op_flags ) );
+ rset = NULL;
+ break;
+ }
+
set = cp->set_op->o_tmpcalloc( i * j + 1, sizeof( struct berval ),
cp->set_op->o_tmpmemctx );
if ( set == NULL ) {
@@ -232,17 +283,36 @@
struct berval bv;
long k;
- bv.bv_len = lset[ i ].bv_len + rset[ j ].bv_len;
- bv.bv_val = cp->set_op->o_tmpalloc( bv.bv_len + 1,
- cp->set_op->o_tmpmemctx );
- if ( bv.bv_val == NULL ) {
- slap_set_dispose( cp, set, 0 );
- set = NULL;
- goto done;
+ /* don't concatenate with the empty string */
+ if ( BER_BVISEMPTY( &lset[ i ] ) ) {
+ ber_dupbv_x( &bv, &rset[ j ], cp->set_op->o_tmpmemctx );
+ if ( bv.bv_val == NULL ) {
+ ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );
+ set = NULL;
+ goto done;
+ }
+
+ } else if ( BER_BVISEMPTY( &rset[ j ] ) ) {
+ ber_dupbv_x( &bv, &lset[ i ], cp->set_op->o_tmpmemctx );
+ if ( bv.bv_val == NULL ) {
+ ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );
+ set = NULL;
+ goto done;
+ }
+
+ } else {
+ bv.bv_len = lset[ i ].bv_len + rset[ j ].bv_len;
+ bv.bv_val = cp->set_op->o_tmpalloc( bv.bv_len + 1,
+ cp->set_op->o_tmpmemctx );
+ if ( bv.bv_val == NULL ) {
+ ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );
+ set = NULL;
+ goto done;
+ }
+ AC_MEMCPY( bv.bv_val, lset[ i ].bv_val, lset[ i ].bv_len );
+ AC_MEMCPY( &bv.bv_val[ lset[ i ].bv_len ], rset[ j ].bv_val, rset[ j ].bv_len );
+ bv.bv_val[ bv.bv_len ] = '\0';
}
- AC_MEMCPY( bv.bv_val, lset[ i ].bv_val, lset[ i ].bv_len );
- AC_MEMCPY( &bv.bv_val[ lset[ i ].bv_len ], rset[ j ].bv_val, rset[ j ].bv_len );
- bv.bv_val[ bv.bv_len ] = '\0';
for ( k = 0; k < last; k++ ) {
if ( bvmatch( &set[ k ], &bv ) ) {
@@ -264,18 +334,9 @@
}
done:;
- if ( !( op_flags & SLAP_SET_LREFARR ) && lset != NULL ) {
- if ( !( op_flags & SLAP_SET_LREFVAL ))
- cp->set_op->o_tmpfree( lset->bv_val, cp->set_op->o_tmpmemctx );
- cp->set_op->o_tmpfree( lset, cp->set_op->o_tmpmemctx );
- }
+ if ( lset ) slap_set_dispose( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
+ if ( rset ) slap_set_dispose( cp, rset, SLAP_SET_RREF2REF( op_flags ) );
- if ( !( op_flags & SLAP_SET_RREFARR ) && rset != NULL ) {
- if ( !( op_flags & SLAP_SET_RREFVAL ))
- cp->set_op->o_tmpfree( rset->bv_val, cp->set_op->o_tmpmemctx );
- cp->set_op->o_tmpfree( rset, cp->set_op->o_tmpmemctx );
- }
-
return set;
}
@@ -289,7 +350,9 @@
if ( set == NULL ) {
set = cp->set_op->o_tmpcalloc( 1, sizeof( struct berval ),
cp->set_op->o_tmpmemctx );
- BER_BVZERO( set );
+ if ( set != NULL ) {
+ BER_BVZERO( &set[ 0 ] );
+ }
return set;
}
@@ -299,7 +362,7 @@
nset = cp->set_op->o_tmpcalloc( 1, sizeof( struct berval ), cp->set_op->o_tmpmemctx );
if ( nset == NULL ) {
- slap_set_dispose( cp, set, 0 );
+ ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );
return NULL;
}
for ( i = 0; !BER_BVISNULL( &set[ i ] ); i++ ) {
@@ -308,7 +371,7 @@
nset = slap_set_join( cp, nset, '|', vals );
}
}
- slap_set_dispose( cp, set, 0 );
+ ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );
if ( closure ) {
for ( i = 0; !BER_BVISNULL( &nset[ i ] ); i++ ) {
@@ -573,11 +636,11 @@
_error:
if ( IS_SET( set ) ) {
- slap_set_dispose( cp, set, 0 );
+ ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );
}
while ( ( set = SF_POP() ) ) {
if ( IS_SET( set ) ) {
- slap_set_dispose( cp, set, 0 );
+ ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );
}
}
return rc;
Modified: openldap/trunk-2.3/servers/slapd/syncrepl.c
===================================================================
--- openldap/trunk-2.3/servers/slapd/syncrepl.c 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/servers/slapd/syncrepl.c 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,5 +1,5 @@
/* syncrepl.c -- Replication Engine which uses the LDAP Sync protocol */
-/* $OpenLDAP: pkg/ldap/servers/slapd/syncrepl.c,v 1.168.2.49 2007/08/08 16:26:00 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/syncrepl.c,v 1.168.2.50 2007/10/05 08:36:13 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2003-2007 The OpenLDAP Foundation.
@@ -2109,11 +2109,8 @@
for (i=0; uuids[i].bv_val; i++) {
op->ors_slimit = 1;
- slap_uuidstr_from_normalized( &uf.f_av_value, &uuids[i],
- op->o_tmpmemctx );
- filter2bv_x( op, op->ors_filter, &op->ors_filterstr );
- op->o_tmpfree( uf.f_av_value.bv_val, op->o_tmpmemctx );
uf.f_av_value = uuids[i];
+ filter2bv_x( op, op->ors_filter, &op->ors_filterstr );
rc = be->be_search( op, &rs_search );
op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
}
Modified: openldap/trunk-2.3/servers/slapd/value.c
===================================================================
--- openldap/trunk-2.3/servers/slapd/value.c 2007-11-12 00:36:47 UTC (rev 856)
+++ openldap/trunk-2.3/servers/slapd/value.c 2007-11-12 00:45:48 UTC (rev 857)
@@ -1,5 +1,5 @@
/* value.c - routines for dealing with values */
-/* $OpenLDAP: pkg/ldap/servers/slapd/value.c,v 1.79.2.14 2007/01/02 21:43:59 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/value.c,v 1.79.2.15 2007/09/14 21:59:53 ando Exp $ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2007 The OpenLDAP Foundation.
@@ -697,7 +697,21 @@
}
new = ch_malloc( (anum+vnum+1) * sizeof(struct berval));
- if ( a->a_nvals && a->a_nvals != a->a_vals ) {
+
+ /* sanity check: if normalized modifications come in, either
+ * no values are present or normalized existing values differ
+ * from non-normalized; if no normalized modifications come in,
+ * either no values are present or normalized existing values
+ * don't differ from non-normalized */
+ if ( nvals != NULL ) {
+ assert( nvals != vals );
+ assert( a->a_nvals == NULL || a->a_nvals != a->a_vals );
+
+ } else {
+ assert( a->a_nvals == NULL || a->a_nvals == a->a_vals );
+ }
+
+ if ( ( a->a_nvals && a->a_nvals != a->a_vals ) || nvals != NULL ) {
nnew = ch_malloc( (anum+vnum+1) * sizeof(struct berval));
/* Shouldn't happen... */
if ( !nvals ) nvals = vals;
More information about the Pkg-openldap-devel
mailing list