[Pkg-openldap-devel] r1282 - in openldap/trunk: . build contrib/slapd-modules/nssov contrib/slapd-modules/samba4 debian doc/guide/admin doc/man/man5 include libraries/libldap libraries/liblutil servers/slapd servers/slapd/back-bdb servers/slapd/back-dnssrv servers/slapd/back-ldap servers/slapd/back-meta servers/slapd/overlays tests/scripts

matthijs at alioth.debian.org matthijs at alioth.debian.org
Mon Jul 12 07:03:33 UTC 2010


Author: matthijs
Date: 2010-07-12 07:03:32 +0000 (Mon, 12 Jul 2010)
New Revision: 1282

Added:
   openldap/trunk/contrib/slapd-modules/samba4/vernum.c
Modified:
   openldap/trunk/CHANGES
   openldap/trunk/build/version.var
   openldap/trunk/contrib/slapd-modules/nssov/network.c
   openldap/trunk/contrib/slapd-modules/samba4/Makefile
   openldap/trunk/contrib/slapd-modules/samba4/README
   openldap/trunk/debian/changelog
   openldap/trunk/debian/rules
   openldap/trunk/doc/guide/admin/guide.html
   openldap/trunk/doc/man/man5/slapd-config.5
   openldap/trunk/include/ldap.h
   openldap/trunk/libraries/libldap/cyrus.c
   openldap/trunk/libraries/libldap/request.c
   openldap/trunk/libraries/libldap/result.c
   openldap/trunk/libraries/libldap/unbind.c
   openldap/trunk/libraries/liblutil/utils.c
   openldap/trunk/servers/slapd/back-bdb/dn2id.c
   openldap/trunk/servers/slapd/back-bdb/operational.c
   openldap/trunk/servers/slapd/back-dnssrv/config.c
   openldap/trunk/servers/slapd/back-dnssrv/init.c
   openldap/trunk/servers/slapd/back-ldap/bind.c
   openldap/trunk/servers/slapd/back-meta/search.c
   openldap/trunk/servers/slapd/backglue.c
   openldap/trunk/servers/slapd/dn.c
   openldap/trunk/servers/slapd/modrdn.c
   openldap/trunk/servers/slapd/overlays/ppolicy.c
   openldap/trunk/servers/slapd/overlays/refint.c
   openldap/trunk/servers/slapd/overlays/rwm.c
   openldap/trunk/servers/slapd/overlays/rwmconf.c
   openldap/trunk/servers/slapd/overlays/sssvlv.c
   openldap/trunk/servers/slapd/overlays/syncprov.c
   openldap/trunk/servers/slapd/overlays/valsort.c
   openldap/trunk/servers/slapd/schema_init.c
   openldap/trunk/servers/slapd/syncrepl.c
   openldap/trunk/tests/scripts/test043-delta-syncrepl
Log:
 * New upstream version (2.4.23)


Modified: openldap/trunk/CHANGES
===================================================================
--- openldap/trunk/CHANGES	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/CHANGES	2010-07-12 07:03:32 UTC (rev 1282)
@@ -1,5 +1,28 @@
 OpenLDAP 2.4 Change Log
 
+OpenLDAP 2.4.23 Release (2010/06/30)
+	Fixed libldap to return server's error code (ITS#6569)
+	Fixed libldap memleaks (ITS#6568)
+	Fixed liblutil off-by-one with delta (ITS#6541)
+	Fixed slapd acls with glued databases (ITS#6468)
+	Fixed slapd syncrepl rid logging (ITS#6533)
+	Fixed slapd modrdn handling of invalid values (ITS#6570)
+	Fixed slapd-bdb hasSubordinates computation (ITS#6549)
+	Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474)
+	Fixed slapd-bdb entry cache delete failure (ITS#6577)
+	Fixed slapd-ldap to return control responses (ITS#6530)
+	Fixed slapo-ppolicy to use Debug (ITS#6566)
+	Fixed slapo-refint to zero out freed DN vals (ITS#6572)
+	Fixed slapo-rwm to use Debug (ITS#6566)
+	Fixed slapo-sssvlv to use Debug (ITS#6566)
+	Fixed slapo-syncprov lost deletes in refresh phase (ITS#6555)
+	Fixed slapo-valsort to use Debug (ITS#6566)
+ 	Fixed contrib/nssov network.c missing patch (ITS#6562)
+	Build Environment
+		Fixed test043 attribute sorting (ITS#6553)
+	Documentation
+	        slapd-config(5) note default rootdn (ITS#6546)
+
 OpenLDAP 2.4.22 Release (2010/04/24)
 	Added slapd SLAP_SCHEMA_EXPOSE flag for hidden schema elements (ITS#6435)
 	Added slapd tools selective iterations (ITS#6442)
@@ -25,7 +48,7 @@
 	Fixed slapd sasl auxprop ssf (ITS#5195)
 	Fixed slapd syncrepl for attributes with no matching rule (ITS#6458)
 	Fixed slapd syncrepl for unknown attrs and delta-sync (ITS#6473)
-	Fixed slapd syncrep loop with moddn (ITS#6472)
+	Fixed slapd syncrepl loop with moddn (ITS#6472)
 	Fixed slapo-accesslog to not replicate internal purges (ITS#6519)
 	Fixed slapd-bdb contextCSN updates from updatedn (ITS#6469)
 	Fixed slapd-bdb lockobj zeroing (ITS#6501)
@@ -49,7 +72,7 @@
 	Build Environment
 		Added back-ldif, back-null test support (ITS#5810)
 	Documentation
-		admin24 avoid explicity moduleload statements (ITS#6486)
+		admin24 avoid explicit moduleload statements (ITS#6486)
 		admin24 broken link fixes (ITS#6493,ITS#6515)
 	        slapd.access(5) val.regex explanation (ITS#5804)
 
@@ -195,6 +218,8 @@
 	Documentation
 		admin24 fix broken link (ITS#6264)
 		ldap_open(3) document URI (ITS#6261)
+		ldap_set/get_option(3) SASL/TLS options added (ITS#6260)
+		man page format updates (ITS#6023)
 
 OpenLDAP 2.4.17 Release (2009/07/13)
 	Fixed liblber to use ber_strnlen (ITS#6080)

Modified: openldap/trunk/build/version.var
===================================================================
--- openldap/trunk/build/version.var	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/build/version.var	2010-07-12 07:03:32 UTC (rev 1282)
@@ -1,5 +1,5 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/build/version.var,v 1.9.2.70 2010/04/21 22:53:53 quanah Exp $
+# $OpenLDAP: pkg/ldap/build/version.var,v 1.9.2.73 2010/06/29 15:23:31 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
 ## Copyright 1998-2010 The OpenLDAP Foundation.
@@ -15,9 +15,9 @@
 ol_package=OpenLDAP
 ol_major=2
 ol_minor=4
-ol_patch=22
-ol_api_inc=20422
+ol_patch=23
+ol_api_inc=20423
 ol_api_current=7
-ol_api_revision=5
+ol_api_revision=6
 ol_api_age=5
-ol_release_date="2010/04/24"
+ol_release_date="2010/06/30"

Modified: openldap/trunk/contrib/slapd-modules/nssov/network.c
===================================================================
--- openldap/trunk/contrib/slapd-modules/nssov/network.c	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/contrib/slapd-modules/nssov/network.c	2010-07-12 07:03:32 UTC (rev 1282)
@@ -1,5 +1,5 @@
 /* network.c - network address lookup routines */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/network.c,v 1.1.2.5 2010/04/13 20:22:28 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/network.c,v 1.1.2.7 2010/05/26 15:21:53 hyc Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>. 
  *
  * Copyright 2008-2010 The OpenLDAP Foundation.
@@ -91,7 +91,7 @@
 	addrs = a->a_vals;
 	numaddr = a->a_numvals;
 	/* write the entry */
-	WRITE_INT32(cbp->fp,NSLCD_RESULT_SUCCESS);
+	WRITE_INT32(cbp->fp,NSLCD_RESULT_BEGIN);
 	WRITE_BERVAL(cbp->fp,&name);
 	if ( dupname >= 0 ) {
 		WRITE_INT32(cbp->fp,numname-1);
@@ -118,7 +118,7 @@
 	struct berval filter = {sizeof(fbuf)};
 	filter.bv_val = fbuf;
 	BER_BVZERO(&cbp.addr);
-	READ_STRING_BUF2(fp,cbp.buf,sizeof(cbp.buf));
+	READ_STRING(fp,cbp.buf);
 	cbp.name.bv_len = tmpint32;
 	cbp.name.bv_val = cbp.buf;,
 	Debug(LDAP_DEBUG_TRACE,"nssov_network_byname(%s)\n",cbp.name.bv_val,0,0);,

Modified: openldap/trunk/contrib/slapd-modules/samba4/Makefile
===================================================================
--- openldap/trunk/contrib/slapd-modules/samba4/Makefile	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/contrib/slapd-modules/samba4/Makefile	2010-07-12 07:03:32 UTC (rev 1282)
@@ -1,4 +1,4 @@
-# $OpenLDAP: pkg/ldap/contrib/slapd-modules/samba4/Makefile,v 1.3.2.2 2010/04/21 20:13:22 quanah Exp $
+# $OpenLDAP: pkg/ldap/contrib/slapd-modules/samba4/Makefile,v 1.3.2.3 2010/06/10 17:44:02 quanah Exp $
 # This work is part of OpenLDAP Software <http://www.openldap.org/>.
 #
 # Copyright 1998-2010 The OpenLDAP Foundation.
@@ -20,7 +20,7 @@
 OPT=-g -O2
 CC=gcc
 
-DEFS=-DSLAPD_OVER_RDNVAL=2 -DSLAPD_OVER_PGUID=2
+DEFS=-DSLAPD_OVER_RDNVAL=2 -DSLAPD_OVER_PGUID=2 -DSLAPD_OVER_VERNUM=2
 
 LDAP_INC=-I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd \
 	-I$(LDAP_BUILD)/include
@@ -37,7 +37,7 @@
 libexecdir=$(exec_prefix)/libexec
 moduledir = $(libexecdir)$(ldap_subdir)
 
-PROGRAMS = pguid.la rdnval.la
+PROGRAMS = pguid.la rdnval.la vernum.la
 
 all:	$(PROGRAMS)
 
@@ -55,10 +55,18 @@
 	$(LIBTOOL) --mode=link $(CC) $(OPT) -version-info 0:0:0 \
 	-rpath $(moduledir) -module -o $@ $? $(LIBS)
 
+vernum.lo:	vernum.c
+	$(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $?
+
+vernum.la:	vernum.lo
+	$(LIBTOOL) --mode=link $(CC) $(OPT) -version-info 0:0:0 \
+	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
 clean:
 	rm -f \
 		pguid.o pguid.lo pguid.la \
-		rdnval.o rdnval.lo rdnval.la 
+		rdnval.o rdnval.lo rdnval.la \
+		vernum.o vernum.lo vernum.la
 
 install: $(PROGRAMS)
 	mkdir -p $(DESTDIR)$(moduledir)

Modified: openldap/trunk/contrib/slapd-modules/samba4/README
===================================================================
--- openldap/trunk/contrib/slapd-modules/samba4/README	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/contrib/slapd-modules/samba4/README	2010-07-12 07:03:32 UTC (rev 1282)
@@ -1,4 +1,4 @@
-# $OpenLDAP: pkg/ldap/contrib/slapd-modules/samba4/README,v 1.2.2.2 2010/04/21 20:13:22 quanah Exp $
+# $OpenLDAP: pkg/ldap/contrib/slapd-modules/samba4/README,v 1.2.2.3 2010/06/10 17:44:02 quanah Exp $
 
 This directory contains slapd overlays specific to samba4 LDAP backend:
 
@@ -41,14 +41,21 @@
 to your slapd configuration file.  An instance is required for each database
 that needs to maintain this attribute.
 
-This overlay is only set up to be built as a dynamically loaded module.
-On most platforms, in order for the module to be usable, all of the 
+
+  - VERNUM
+
+This overlay increments a counter any time an attribute is modified.
+It is intended to increment the counter 'msDS-KeyVersionNumber' when
+the attribute 'unicodePwd' is modified.
+ 
+
+These overlays are only set up to be built as a dynamically loaded modules.
+On most platforms, in order for the modules to be usable, all of the 
 library dependencies must also be available as shared libraries.
 
-If you need to build the overlay statically, you will have to move it into the
-slapd/overlays directory and edit the Makefile and overlays.c to reference
-it. You will also have to define SLAPD_OVER_SMBK5PWD to SLAPD_MOD_STATIC,
-and add the relevant libraries to the main slapd link command.
+If you need to build the overlays statically, you will have to move them
+into the slapd/overlays directory and edit the Makefile and overlays.c
+to reference them. 
 
 ---
 This work is part of OpenLDAP Software <http://www.openldap.org/>.

Copied: openldap/trunk/contrib/slapd-modules/samba4/vernum.c (from rev 1281, openldap/vendor/openldap-2.4.23/contrib/slapd-modules/samba4/vernum.c)
===================================================================
--- openldap/trunk/contrib/slapd-modules/samba4/vernum.c	                        (rev 0)
+++ openldap/trunk/contrib/slapd-modules/samba4/vernum.c	2010-07-12 07:03:32 UTC (rev 1282)
@@ -0,0 +1,459 @@
+/* vernum.c - RDN value overlay */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/samba4/vernum.c,v 1.2.2.2 2010/06/10 17:44:02 quanah Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2009 The OpenLDAP Foundation.
+ * Portions Copyright 2008 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati
+ * for inclusion in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#ifdef SLAPD_OVER_VERNUM
+
+#include <stdio.h>
+
+#include "ac/string.h"
+#include "ac/socket.h"
+
+#include "slap.h"
+#include "config.h"
+
+#include "lutil.h"
+
+/*
+ * Maintain an attribute (e.g. msDS-KeyVersionNumber) that consists
+ * in a counter of modifications of another attribute (e.g. unicodePwd).
+ */
+
+typedef struct vernum_t {
+	AttributeDescription	*vn_attr;
+	AttributeDescription	*vn_vernum;
+} vernum_t;
+
+static AttributeDescription	*ad_msDS_KeyVersionNumber;
+
+static struct berval		val_init = BER_BVC( "0" );
+static slap_overinst 		vernum;
+
+static int
+vernum_op_add( Operation *op, SlapReply *rs )
+{
+	slap_overinst	*on = (slap_overinst *) op->o_bd->bd_info;
+	vernum_t	*vn = (vernum_t *)on->on_bi.bi_private;
+
+	Attribute *a, **ap;
+	int rc;
+
+	/* NOTE: should we accept an entry still in mods format? */
+	assert( op->ora_e != NULL );
+
+	if ( BER_BVISEMPTY( &op->ora_e->e_nname ) ) {
+		return SLAP_CB_CONTINUE;
+	}
+
+	a = attr_find( op->ora_e->e_attrs, vn->vn_attr );
+	if ( a == NULL ) {
+		return SLAP_CB_CONTINUE;
+	}
+
+	if ( attr_find( op->ora_e->e_attrs, vn->vn_vernum ) != NULL ) {
+		/* already present - leave it alone */
+		return SLAP_CB_CONTINUE;
+	}
+
+	a = attr_alloc( vn->vn_vernum );
+
+	value_add_one( &a->a_vals, &val_init );
+	a->a_nvals = a->a_vals;
+	a->a_numvals = 1;
+
+	for ( ap = &op->ora_e->e_attrs; *ap != NULL; ap = &(*ap)->a_next )
+		/* goto tail */ ;
+
+	*ap = a;
+
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+vernum_op_modify( Operation *op, SlapReply *rs )
+{
+	slap_overinst	*on = (slap_overinst *) op->o_bd->bd_info;
+	vernum_t	*vn = (vernum_t *)on->on_bi.bi_private;
+
+	Modifications *ml, **mlp;
+	struct berval val = BER_BVC( "1" );
+	int rc;
+	unsigned got = 0;
+
+	for ( ml = op->orm_modlist; ml != NULL; ml = ml->sml_next ) {
+		if ( ml->sml_desc == vn->vn_vernum ) {
+			/* already present - leave it alone
+			 * (or should we increment it anyway?) */
+			return SLAP_CB_CONTINUE;
+		}
+
+		if ( ml->sml_desc == vn->vn_attr ) {
+			got = 1;
+		}
+	}
+
+	if ( !got ) {
+		return SLAP_CB_CONTINUE;
+	}
+
+	for ( mlp = &op->orm_modlist; *mlp != NULL; mlp = &(*mlp)->sml_next )
+		/* goto tail */ ;
+
+	/* ITS#6561 */
+#ifdef SLAP_MOD_ADD_IF_NOT_PRESENT
+	/* the initial value is only added if the vernum attr is not present */
+	ml = SLAP_CALLOC( sizeof( Modifications ), 1 );
+	ml->sml_values = SLAP_CALLOC( sizeof( struct berval ) , 2 );
+	value_add_one( &ml->sml_values, &val_init );
+	ml->sml_nvalues = NULL;
+	ml->sml_numvals = 1;
+	ml->sml_op = SLAP_MOD_ADD_IF_NOT_PRESENT;
+	ml->sml_flags = SLAP_MOD_INTERNAL;
+	ml->sml_desc = vn->vn_vernum;
+	ml->sml_type = vn->vn_vernum->ad_cname;
+
+	*mlp = ml;
+	mlp = &ml->sml_next;
+#endif /* SLAP_MOD_ADD_IF_NOT_PRESENT */
+
+	/* this increments by 1 the vernum attr */
+	ml = SLAP_CALLOC( sizeof( Modifications ), 1 );
+	ml->sml_values = SLAP_CALLOC( sizeof( struct berval ) , 2 );
+	value_add_one( &ml->sml_values, &val );
+	ml->sml_nvalues = NULL;
+	ml->sml_numvals = 1;
+	ml->sml_op = LDAP_MOD_INCREMENT;
+	ml->sml_flags = SLAP_MOD_INTERNAL;
+	ml->sml_desc = vn->vn_vernum;
+	ml->sml_type = vn->vn_vernum->ad_cname;
+
+	*mlp = ml;
+
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+vernum_db_init(
+	BackendDB	*be,
+	ConfigReply	*cr)
+{
+	slap_overinst	*on = (slap_overinst *) be->bd_info;
+	vernum_t	*vn = NULL;
+
+	if ( SLAP_ISGLOBALOVERLAY( be ) ) {
+		Log0( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
+			"vernum_db_init: vernum cannot be used as global overlay.\n" );
+		return 1;
+	}
+
+	if ( be->be_nsuffix == NULL ) {
+		Log0( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
+			"vernum_db_init: database must have suffix\n" );
+		return 1;
+	}
+
+	if ( BER_BVISNULL( &be->be_rootndn ) || BER_BVISEMPTY( &be->be_rootndn ) ) {
+		Log1( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
+			"vernum_db_init: missing rootdn for database DN=\"%s\", YMMV\n",
+			be->be_suffix[ 0 ].bv_val );
+	}
+
+	vn = (vernum_t *)ch_calloc( 1, sizeof( vernum_t ) );
+
+	on->on_bi.bi_private = (void *)vn;
+
+	return 0;
+}
+
+typedef struct vernum_mod_t {
+	struct berval ndn;
+	struct vernum_mod_t *next;
+} vernum_mod_t;
+
+typedef struct {
+	BackendDB *bd;
+	vernum_mod_t *mods;
+} vernum_repair_cb_t;
+
+static int
+vernum_repair_cb( Operation *op, SlapReply *rs )
+{
+	int rc;
+	vernum_repair_cb_t *rcb = op->o_callback->sc_private;
+	vernum_mod_t *mod;
+	ber_len_t len;
+	BackendDB *save_bd = op->o_bd;
+
+	switch ( rs->sr_type ) {
+	case REP_SEARCH:
+		break;
+
+	case REP_SEARCHREF:
+	case REP_RESULT:
+		return rs->sr_err;
+
+	default:
+		assert( 0 );
+	}
+
+	assert( rs->sr_entry != NULL );
+
+	len = sizeof( vernum_mod_t ) + rs->sr_entry->e_nname.bv_len + 1;
+	mod = op->o_tmpalloc( len, op->o_tmpmemctx );
+	mod->ndn.bv_len = rs->sr_entry->e_nname.bv_len;
+	mod->ndn.bv_val = (char *)&mod[1];
+	lutil_strncopy( mod->ndn.bv_val, rs->sr_entry->e_nname.bv_val, rs->sr_entry->e_nname.bv_len );
+
+	mod->next = rcb->mods;
+	rcb->mods = mod;
+
+	Debug( LDAP_DEBUG_TRACE, "%s: vernum_repair_cb: scheduling entry DN=\"%s\" for repair\n",
+		op->o_log_prefix, rs->sr_entry->e_name.bv_val, 0 );
+
+	return 0;
+}
+
+static int
+vernum_repair( BackendDB *be )
+{
+	slap_overinst *on = (slap_overinst *)be->bd_info;
+	vernum_t *vn = (vernum_t *)on->on_bi.bi_private;
+	void *ctx = ldap_pvt_thread_pool_context();
+	Connection conn = { 0 };
+	OperationBuffer opbuf;
+	Operation *op;
+	BackendDB db;
+	slap_callback sc = { 0 };
+	vernum_repair_cb_t rcb = { 0 };
+	SlapReply rs = { REP_RESULT };
+	vernum_mod_t *rmod;
+	int nrepaired = 0;
+
+	connection_fake_init2( &conn, &opbuf, ctx, 0 );
+	op = &opbuf.ob_op;
+
+	op->o_tag = LDAP_REQ_SEARCH;
+	memset( &op->oq_search, 0, sizeof( op->oq_search ) );
+
+	assert( !BER_BVISNULL( &be->be_nsuffix[ 0 ] ) );
+
+	op->o_bd = select_backend( &be->be_nsuffix[ 0 ], 0 );
+	assert( op->o_bd != NULL );
+	assert( op->o_bd->be_nsuffix != NULL );
+
+	op->o_req_dn = op->o_bd->be_suffix[ 0 ];
+	op->o_req_ndn = op->o_bd->be_nsuffix[ 0 ];
+
+	op->o_dn = op->o_bd->be_rootdn;
+	op->o_ndn = op->o_bd->be_rootndn;
+
+	op->ors_scope = LDAP_SCOPE_SUBTREE;
+	op->ors_tlimit = SLAP_NO_LIMIT;
+	op->ors_slimit = SLAP_NO_LIMIT;
+	op->ors_attrs = slap_anlist_no_attrs;
+
+	op->ors_filterstr.bv_len = STRLENOF( "(&(=*)(!(=*)))" )
+		+ vn->vn_attr->ad_cname.bv_len
+		+ vn->vn_vernum->ad_cname.bv_len;
+	op->ors_filterstr.bv_val = op->o_tmpalloc( op->ors_filterstr.bv_len + 1, op->o_tmpmemctx );
+	snprintf( op->ors_filterstr.bv_val, op->ors_filterstr.bv_len + 1,
+		"(&(%s=*)(!(%s=*)))",
+		vn->vn_attr->ad_cname.bv_val,
+		vn->vn_vernum->ad_cname.bv_val );
+
+	op->ors_filter = str2filter_x( op, op->ors_filterstr.bv_val );
+	if ( op->ors_filter == NULL ) {
+		rs.sr_err = LDAP_OTHER;
+		goto done_search;
+	}
+	
+	op->o_callback = &sc;
+	sc.sc_response = vernum_repair_cb;
+	sc.sc_private = &rcb;
+	rcb.bd = &db;
+	db = *be;
+	db.bd_info = (BackendInfo *)on;
+
+	(void)op->o_bd->bd_info->bi_op_search( op, &rs );
+
+	op->o_tag = LDAP_REQ_MODIFY;
+	sc.sc_response = slap_null_cb;
+	sc.sc_private = NULL;
+	memset( &op->oq_modify, 0, sizeof( req_modify_s ) );
+
+	for ( rmod = rcb.mods; rmod != NULL; ) {
+		vernum_mod_t *rnext;
+		Modifications mod;
+		struct berval vals[2] = { BER_BVNULL };
+		SlapReply rs2 = { REP_RESULT };
+
+		mod.sml_flags = SLAP_MOD_INTERNAL;
+		mod.sml_op = LDAP_MOD_REPLACE;
+		mod.sml_desc = vn->vn_vernum;
+		mod.sml_type = vn->vn_vernum->ad_cname;
+		mod.sml_values = vals;
+		mod.sml_values[0] = val_init;
+		mod.sml_nvalues = NULL;
+		mod.sml_numvals = 1;
+		mod.sml_next = NULL;
+
+		op->o_req_dn = rmod->ndn;
+		op->o_req_ndn = rmod->ndn;
+
+		op->orm_modlist = &mod;
+
+		op->o_bd->be_modify( op, &rs2 );
+
+		slap_mods_free( op->orm_modlist->sml_next, 1 );
+		if ( rs2.sr_err == LDAP_SUCCESS ) {
+			Debug( LDAP_DEBUG_TRACE, "%s: vernum_repair: entry DN=\"%s\" repaired\n",
+				op->o_log_prefix, rmod->ndn.bv_val, 0 );
+			nrepaired++;
+
+		} else {
+			Debug( LDAP_DEBUG_ANY, "%s: vernum_repair: entry DN=\"%s\" repair failed (%d)\n",
+				op->o_log_prefix, rmod->ndn.bv_val, rs2.sr_err );
+		}
+
+		rnext = rmod->next;
+		op->o_tmpfree( rmod, op->o_tmpmemctx );
+		rmod = rnext;
+	}
+
+done_search:;
+	op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
+	filter_free_x( op, op->ors_filter, 1 );
+
+	Log1( LDAP_DEBUG_STATS, LDAP_LEVEL_INFO,
+		"vernum: repaired=%d\n", nrepaired );
+
+	return 0;
+}
+
+static int
+vernum_db_open(
+	BackendDB	*be,
+	ConfigReply	*cr )
+{
+	slap_overinst *on = (slap_overinst *)be->bd_info;
+	vernum_t *vn = (vernum_t *)on->on_bi.bi_private;
+
+	if ( SLAP_SINGLE_SHADOW( be ) ) {
+		Log1( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
+			"vernum incompatible with shadow database \"%s\".\n",
+			be->be_suffix[ 0 ].bv_val );
+		return 1;
+	}
+
+	/* default: unicodePwd & msDS-KeyVersionNumber */
+	if ( vn->vn_attr == NULL ) {
+		const char *text = NULL;
+		int rc;
+
+		rc = slap_str2ad( "unicodePwd", &vn->vn_attr, &text );
+		if ( rc != LDAP_SUCCESS ) {
+			Debug( LDAP_DEBUG_ANY, "vernum: unable to find attribute 'unicodePwd' (%d: %s)\n",
+				rc, text, 0 );
+			return 1;
+		}
+
+		vn->vn_vernum = ad_msDS_KeyVersionNumber;
+	}
+
+	return vernum_repair( be );
+}
+
+static int
+vernum_db_destroy(
+	BackendDB	*be,
+	ConfigReply	*cr )
+{
+	slap_overinst *on = (slap_overinst *)be->bd_info;
+	vernum_t *vn = (vernum_t *)on->on_bi.bi_private;
+
+	if ( vn ) {
+		ch_free( vn );
+		on->on_bi.bi_private = NULL;
+	}
+
+	return 0;
+}
+
+static struct {
+	char	*desc;
+	AttributeDescription **adp;
+} as[] = {
+	{ "( 1.2.840.113556.1.4.1782 "
+		"NAME 'msDS-KeyVersionNumber' "
+		"DESC 'in the original specification the syntax is 2.5.5.9' "
+		"SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' "
+		"EQUALITY integerMatch "
+		"SINGLE-VALUE "
+		"USAGE dSAOperation "
+		"NO-USER-MODIFICATION " 
+		")",
+		&ad_msDS_KeyVersionNumber },
+	{ NULL }
+};
+
+int
+vernum_initialize(void)
+{
+	int code, i;
+
+	for ( i = 0; as[ i ].desc != NULL; i++ ) {
+		code = register_at( as[ i ].desc, as[ i ].adp, 0 );
+		if ( code ) {
+			Debug( LDAP_DEBUG_ANY,
+				"vernum_initialize: register_at #%d failed\n",
+				i, 0, 0 );
+			return code;
+		}
+
+		/* Allow Manager to set these as needed */
+		if ( is_at_no_user_mod( (*as[ i ].adp)->ad_type ) ) {
+			(*as[ i ].adp)->ad_type->sat_flags |=
+				SLAP_AT_MANAGEABLE;
+		}
+	}
+
+	vernum.on_bi.bi_type = "vernum";
+
+	vernum.on_bi.bi_op_add = vernum_op_add;
+	vernum.on_bi.bi_op_modify = vernum_op_modify;
+
+	vernum.on_bi.bi_db_init = vernum_db_init;
+	vernum.on_bi.bi_db_open = vernum_db_open;
+	vernum.on_bi.bi_db_destroy = vernum_db_destroy;
+
+	return overlay_register( &vernum );
+}
+
+#if SLAPD_OVER_VERNUM == SLAPD_MOD_DYNAMIC
+int
+init_module( int argc, char *argv[] )
+{
+	return vernum_initialize();
+}
+#endif /* SLAPD_OVER_VERNUM == SLAPD_MOD_DYNAMIC */
+
+#endif /* SLAPD_OVER_VERNUM */

Modified: openldap/trunk/debian/changelog
===================================================================
--- openldap/trunk/debian/changelog	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/debian/changelog	2010-07-12 07:03:32 UTC (rev 1282)
@@ -1,4 +1,4 @@
-openldap (2.4.22-1) unstable; urgency=low
+openldap (2.4.23-1) unstable; urgency=low
 
   * New upstream version
   * Change to build dependency libdb4.8-dev instead of libdb4.7-dev
@@ -8,7 +8,7 @@
   * Updated german translation thanks Helge Kreutzmann (Closes: #579582)
   * Fix bashisms in debian/rules (Closes: #581454)
 
- -- Matthijs Mohlmann <matthijs at cacholong.nl>  Fri, 21 May 2010 08:50:50 +0200
+ -- Matthijs Mohlmann <matthijs at cacholong.nl>  Mon, 12 Jul 2010 08:33:50 +0200
 
 openldap (2.4.21-1) unstable; urgency=low
 

Modified: openldap/trunk/debian/rules
===================================================================
--- openldap/trunk/debian/rules	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/debian/rules	2010-07-12 07:03:32 UTC (rev 1282)
@@ -42,7 +42,7 @@
 
 # These variables are used only by get-orig-source, which will normally only
 # be run by maintainers.
-VERSION = 2.4.22
+VERSION = 2.4.23
 URL     = http://www.openldap.org/software/download/OpenLDAP/openldap-release/
 
 # Download the upstream source and make changes as required for DFSG reasons.

Modified: openldap/trunk/doc/guide/admin/guide.html
===================================================================
--- openldap/trunk/doc/guide/admin/guide.html	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/doc/guide/admin/guide.html	2010-07-12 07:03:32 UTC (rev 1282)
@@ -23,7 +23,7 @@
 <DIV CLASS="title">
 <H1 CLASS="doc-title">OpenLDAP Software 2.4 Administrator's Guide</H1>
 <ADDRESS CLASS="doc-author">The OpenLDAP Project &lt;<A HREF="http://www.openldap.org/">http://www.openldap.org/</A>&gt;</ADDRESS>
-<ADDRESS CLASS="doc-modified">24 April 2010</ADDRESS>
+<ADDRESS CLASS="doc-modified">29 June 2010</ADDRESS>
 <BR CLEAR="All">
 </DIV>
 <DIV CLASS="contents">

Modified: openldap/trunk/doc/man/man5/slapd-config.5
===================================================================
--- openldap/trunk/doc/man/man5/slapd-config.5	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/doc/man/man5/slapd-config.5	2010-07-12 07:03:32 UTC (rev 1282)
@@ -1,7 +1,7 @@
 .TH SLAPD-CONFIG 5 "RELEASEDATE" "OpenLDAP LDVERSION"
 .\" Copyright 1998-2010 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-config.5,v 1.13.2.25 2010/04/16 18:05:07 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-config.5,v 1.13.2.26 2010/06/10 17:17:53 quanah Exp $
 .SH NAME
 slapd\-config \- configuration backend to slapd
 .SH SYNOPSIS
@@ -1552,6 +1552,13 @@
 may also be provided using the
 .B olcRootPW
 directive. Note that the rootdn is always needed when using syncrepl.
+The
+.B olcRootDN
+of the
+.B cn=config
+database defaults to
+.B cn=config
+itself.
 .TP
 .B olcRootPW: <password>
 Specify a password (or hash of the password) for the rootdn.  The

Modified: openldap/trunk/include/ldap.h
===================================================================
--- openldap/trunk/include/ldap.h	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/include/ldap.h	2010-07-12 07:03:32 UTC (rev 1282)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/include/ldap.h,v 1.312.2.24 2010/04/13 20:22:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ldap.h,v 1.312.2.25 2010/06/10 18:48:36 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  * 
  * Copyright 1998-2010 The OpenLDAP Foundation.
@@ -187,6 +187,7 @@
 #define LDAP_OPT_X_SASL_MECHLIST		0x610a /* read-only */
 #define LDAP_OPT_X_SASL_NOCANON			0x610b
 #define LDAP_OPT_X_SASL_USERNAME		0x610c /* read-only */
+#define LDAP_OPT_X_SASL_GSS_CREDS		0x610d
 
 /* OpenLDAP GSSAPI options */
 #define LDAP_OPT_X_GSSAPI_DO_NOT_FREE_CONTEXT      0x6200

Modified: openldap/trunk/libraries/libldap/cyrus.c
===================================================================
--- openldap/trunk/libraries/libldap/cyrus.c	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/libraries/libldap/cyrus.c	2010-07-12 07:03:32 UTC (rev 1282)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/cyrus.c,v 1.133.2.16 2010/04/13 20:22:56 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/cyrus.c,v 1.133.2.18 2010/06/12 22:06:11 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
  * Copyright 1998-2010 The OpenLDAP Foundation.
@@ -1042,6 +1042,25 @@
 			/* this option is write only */
 			return -1;
 
+#ifdef SASL_GSS_CREDS
+		case LDAP_OPT_X_SASL_GSS_CREDS: {
+			sasl_conn_t *ctx;
+			int sc;
+
+			if ( ld->ld_defconn == NULL )
+				return -1;
+
+			ctx = ld->ld_defconn->lconn_sasl_authctx;
+			if ( ctx == NULL )
+				return -1;
+
+			sc = sasl_getprop( ctx, SASL_GSS_CREDS, arg );
+			if ( sc != SASL_OK )
+				return -1;
+			}
+			break;
+#endif
+
 		default:
 			return -1;
 	}
@@ -1124,6 +1143,25 @@
 		return sc == LDAP_SUCCESS ? 0 : -1;
 		}
 
+#ifdef SASL_GSS_CREDS
+	case LDAP_OPT_X_SASL_GSS_CREDS: {
+		sasl_conn_t *ctx;
+		int sc;
+
+		if ( ld->ld_defconn == NULL )
+			return -1;
+
+		ctx = ld->ld_defconn->lconn_sasl_authctx;
+		if ( ctx == NULL )
+			return -1;
+
+		sc = sasl_setprop( ctx, SASL_GSS_CREDS, arg );
+		if ( sc != SASL_OK )
+			return -1;
+		}
+		break;
+#endif
+
 	default:
 		return -1;
 	}

Modified: openldap/trunk/libraries/libldap/request.c
===================================================================
--- openldap/trunk/libraries/libldap/request.c	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/libraries/libldap/request.c	2010-07-12 07:03:32 UTC (rev 1282)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/request.c,v 1.125.2.16 2010/04/13 20:22:59 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/request.c,v 1.125.2.17 2010/06/10 17:39:48 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
  * Copyright 1998-2010 The OpenLDAP Foundation.
@@ -124,10 +124,14 @@
 			if (ld->ld_options.ldo_cldapdn)
 				ldap_memfree(ld->ld_options.ldo_cldapdn);
 			ld->ld_options.ldo_cldapdn = ldap_strdup(dn);
+			ber_free( ber, 1 );
 			return 0;
 		}
 		if (msgtype != LDAP_REQ_ABANDON && msgtype != LDAP_REQ_SEARCH)
+		{
+			ber_free( ber, 1 );
 			return LDAP_PARAM_ERROR;
+		}
 	}
 #endif
 #ifdef LDAP_R_COMPILE

Modified: openldap/trunk/libraries/libldap/result.c
===================================================================
--- openldap/trunk/libraries/libldap/result.c	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/libraries/libldap/result.c	2010-07-12 07:03:32 UTC (rev 1282)
@@ -1,5 +1,5 @@
 /* result.c - wait for an ldap result */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/result.c,v 1.124.2.22 2010/04/15 23:59:41 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/result.c,v 1.124.2.23 2010/06/10 17:41:05 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
  * Copyright 1998-2010 The OpenLDAP Foundation.
@@ -994,6 +994,7 @@
 
 			/* need to return -1, because otherwise
 			 * a valid result is expected */
+			ld->ld_errno = lderr;
 			return -1;
 		}
 	}

Modified: openldap/trunk/libraries/libldap/unbind.c
===================================================================
--- openldap/trunk/libraries/libldap/unbind.c	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/libraries/libldap/unbind.c	2010-07-12 07:03:32 UTC (rev 1282)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/unbind.c,v 1.56.2.7 2010/04/13 20:23:01 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/unbind.c,v 1.56.2.8 2010/06/10 17:39:48 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
  * Copyright 1998-2010 The OpenLDAP Foundation.
@@ -154,6 +154,11 @@
 		LDAP_FREE( ld->ld_options.ldo_peer );
 		ld->ld_options.ldo_peer = NULL;
 	}
+
+	if ( ld->ld_options.ldo_cldapdn != NULL ) {
+		LDAP_FREE( ld->ld_options.ldo_cldapdn );
+		ld->ld_options.ldo_cldapdn = NULL;
+	}
 #endif
 
 #ifdef HAVE_CYRUS_SASL

Modified: openldap/trunk/libraries/liblutil/utils.c
===================================================================
--- openldap/trunk/libraries/liblutil/utils.c	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/libraries/liblutil/utils.c	2010-07-12 07:03:32 UTC (rev 1282)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/utils.c,v 1.33.2.28 2010/04/19 16:53:01 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/utils.c,v 1.33.2.29 2010/06/10 17:23:20 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
  * Copyright 1998-2010 The OpenLDAP Foundation.
@@ -147,7 +147,7 @@
 	snprintf( p, smax - 15, "%02ld%02ld", delta / 3600,
 			( delta % 3600 ) / 60 );
 
-	return ret + 5;
+	return ret + 4;
 }
 
 int lutil_tm2time( struct lutil_tm *tm, struct lutil_timet *tt )

Modified: openldap/trunk/servers/slapd/back-bdb/dn2id.c
===================================================================
--- openldap/trunk/servers/slapd/back-bdb/dn2id.c	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/servers/slapd/back-bdb/dn2id.c	2010-07-12 07:03:32 UTC (rev 1282)
@@ -1,5 +1,5 @@
 /* dn2id.c - routines to deal with the dn2id index */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/dn2id.c,v 1.137.2.21 2010/04/13 20:23:24 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/dn2id.c,v 1.137.2.23 2010/06/23 15:57:26 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
  * Copyright 2000-2010 The OpenLDAP Foundation.
@@ -23,7 +23,6 @@
 #include "idl.h"
 #include "lutil.h"
 
-#if 0
 #define bdb_dn2id_lock					BDB_SYMBOL(dn2id_lock)
 
 static int
@@ -49,9 +48,6 @@
 					&lockobj, db_rw, lock);
 	return rc;
 }
-#else
-#define	bdb_dn2id_lock(a,b,c,d,e)	0
-#endif
 
 #ifndef BDB_HIER
 int
@@ -680,7 +676,7 @@
 	d->nrdnlen[0] = (BEI(e)->bei_nrdn.bv_len >> 8) | 0x80;
 	dlen[0] = d->nrdnlen[0];
 	dlen[1] = d->nrdnlen[1];
-	strcpy( d->nrdn, BEI(e)->bei_nrdn.bv_val );
+	memcpy( d->nrdn, BEI(e)->bei_nrdn.bv_val, BEI(e)->bei_nrdn.bv_len+1 );
 	data.data = d;
 
 	rc = db->cursor( db, txn, &cursor, bdb->bi_db_opflags );

Modified: openldap/trunk/servers/slapd/back-bdb/operational.c
===================================================================
--- openldap/trunk/servers/slapd/back-bdb/operational.c	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/servers/slapd/back-bdb/operational.c	2010-07-12 07:03:32 UTC (rev 1282)
@@ -1,5 +1,5 @@
 /* operational.c - bdb backend operational attributes function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/operational.c,v 1.29.2.6 2010/04/13 20:23:25 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/operational.c,v 1.29.2.7 2010/06/10 17:25:02 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
  * Copyright 2000-2010 The OpenLDAP Foundation.
@@ -39,6 +39,7 @@
 	OpExtra *oex;
 	DB_TXN		*rtxn;
 	int		rc;
+	int		release = 0;
 	
 	assert( e != NULL );
 
@@ -48,7 +49,18 @@
 	 * let's disable the hasSubordinate feature for back-relay.
 	 */
 	if ( BEI( e ) == NULL ) {
-		return LDAP_OTHER;
+		Entry *ee = NULL;
+		rc = be_entry_get_rw( op, &e->e_nname, NULL, NULL, 0, &ee );
+		if ( rc != LDAP_SUCCESS || ee == NULL ) {
+			rc = LDAP_OTHER;
+			goto done;
+		}
+		e = ee;
+		release = 1;
+		if ( BEI( ee ) == NULL ) {
+			rc = LDAP_OTHER;
+			goto done;
+		}
 	}
 
 	/* Check for a txn in a parent op, otherwise use reader txn */
@@ -61,7 +73,10 @@
 		rtxn = opinfo->boi_txn;
 	} else {
 		rc = bdb_reader_get(op, bdb->bi_dbenv, &rtxn);
-		if ( rc ) return LDAP_OTHER;
+		if ( rc ) {
+			rc = LDAP_OTHER;
+			goto done;
+		}
 	}
 
 retry:
@@ -92,6 +107,8 @@
 		rc = LDAP_OTHER;
 	}
 
+done:;
+	if ( release && e != NULL ) be_entry_release_r( op, e );
 	return rc;
 }
 

Modified: openldap/trunk/servers/slapd/back-dnssrv/config.c
===================================================================
--- openldap/trunk/servers/slapd/back-dnssrv/config.c	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/servers/slapd/back-dnssrv/config.c	2010-07-12 07:03:32 UTC (rev 1282)
@@ -1,5 +1,5 @@
 /* config.c - DNS SRV backend configuration file routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/config.c,v 1.16.2.5 2010/04/13 20:23:26 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/config.c,v 1.16.2.6 2010/06/17 20:09:16 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
  * Copyright 2000-2010 The OpenLDAP Foundation.
@@ -29,6 +29,7 @@
 #include "slap.h"
 #include "proto-dnssrv.h"
 
+#if 0
 int
 dnssrv_back_db_config(
     BackendDB	*be,
@@ -50,3 +51,4 @@
 	/* no configuration options (yet) */
 	return SLAP_CONF_UNKNOWN;
 }
+#endif

Modified: openldap/trunk/servers/slapd/back-dnssrv/init.c
===================================================================
--- openldap/trunk/servers/slapd/back-dnssrv/init.c	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/servers/slapd/back-dnssrv/init.c	2010-07-12 07:03:32 UTC (rev 1282)
@@ -1,5 +1,5 @@
 /* init.c - initialize ldap backend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/init.c,v 1.29.2.6 2010/04/13 20:23:26 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/init.c,v 1.29.2.7 2010/06/17 20:09:16 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
  * Copyright 2000-2010 The OpenLDAP Foundation.
@@ -49,7 +49,7 @@
 
 	bi->bi_db_init = 0;
 	bi->bi_db_destroy = 0;
-	bi->bi_db_config = dnssrv_back_db_config;
+	bi->bi_db_config = 0 /* dnssrv_back_db_config */;
 	bi->bi_db_open = 0;
 	bi->bi_db_close = 0;
 

Modified: openldap/trunk/servers/slapd/back-ldap/bind.c
===================================================================
--- openldap/trunk/servers/slapd/back-ldap/bind.c	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/servers/slapd/back-ldap/bind.c	2010-07-12 07:03:32 UTC (rev 1282)
@@ -1,5 +1,5 @@
 /* bind.c - ldap backend bind function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/bind.c,v 1.162.2.28 2010/04/19 19:28:15 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/bind.c,v 1.162.2.29 2010/06/10 19:38:49 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
  * Copyright 1999-2010 The OpenLDAP Foundation.
@@ -1886,19 +1886,12 @@
 		send_ldap_result( op, rs );
 	}
 
-	if ( match ) {
-		if ( rs->sr_matched != match ) {
-			free( (char *)rs->sr_matched );
-		}
-		rs->sr_matched = NULL;
-		ldap_memfree( match );
-	}
-
 	if ( text ) {
 		ldap_memfree( text );
 	}
 	rs->sr_text = NULL;
 
+	/* there can't be refs with a (successful) bind */
 	if ( rs->sr_ref ) {
 		op->o_tmpfree( rs->sr_ref, op->o_tmpmemctx );
 		rs->sr_ref = NULL;
@@ -1908,10 +1901,50 @@
 		ber_memvfree( (void **)refs );
 	}
 
-	if ( ctrls ) {
-		assert( rs->sr_ctrls != NULL );
+		/* match should not be possible with a successful bind */
+		if ( match ) {
+			if ( rs->sr_matched != match ) {
+				free( (char *)rs->sr_matched );
+			}
+			rs->sr_matched = NULL;
+			ldap_memfree( match );
+		}
+
+	if ( ctrls != NULL ) {
+		if ( op->o_tag == LDAP_REQ_BIND && rs->sr_err == LDAP_SUCCESS ) {
+			int i;
+
+			for ( i = 0; ctrls[i] != NULL; i++ );
+
+			rs->sr_ctrls = op->o_tmpalloc( sizeof( LDAPControl * )*( i + 1 ),
+				op->o_tmpmemctx );
+			for ( i = 0; ctrls[ i ] != NULL; i++ ) {
+				char *ptr;
+				ber_len_t oidlen = strlen( ctrls[i]->ldctl_oid );
+				ber_len_t size = sizeof( LDAPControl )
+					+ oidlen + 1
+					+ ctrls[i]->ldctl_value.bv_len + 1;
+	
+				rs->sr_ctrls[ i ] = op->o_tmpalloc( size, op->o_tmpmemctx );
+				rs->sr_ctrls[ i ]->ldctl_oid = (char *)&rs->sr_ctrls[ i ][ 1 ];
+				lutil_strcopy( rs->sr_ctrls[ i ]->ldctl_oid, ctrls[i]->ldctl_oid );
+				rs->sr_ctrls[ i ]->ldctl_value.bv_val
+						= (char *)&rs->sr_ctrls[ i ]->ldctl_oid[oidlen + 1];
+				rs->sr_ctrls[ i ]->ldctl_value.bv_len
+					= ctrls[i]->ldctl_value.bv_len;
+				ptr = lutil_memcopy( rs->sr_ctrls[ i ]->ldctl_value.bv_val,
+					ctrls[i]->ldctl_value.bv_val, ctrls[i]->ldctl_value.bv_len );
+				*ptr = '\0';
+			}
+			rs->sr_ctrls[ i ] = NULL;
+			rs->sr_flags |= REP_CTRLS_MUSTBEFREED;
+
+		} else {
+			assert( rs->sr_ctrls != NULL );
+			rs->sr_ctrls = NULL;
+		}
+
 		ldap_controls_free( ctrls );
-		rs->sr_ctrls = NULL;
 	}
 
 	return( LDAP_ERR_OK( rs->sr_err ) ? LDAP_SUCCESS : rs->sr_err );

Modified: openldap/trunk/servers/slapd/back-meta/search.c
===================================================================
--- openldap/trunk/servers/slapd/back-meta/search.c	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/servers/slapd/back-meta/search.c	2010-07-12 07:03:32 UTC (rev 1282)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/search.c,v 1.146.2.26 2010/04/15 22:22:28 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/search.c,v 1.146.2.27 2010/06/10 17:26:51 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
  * Copyright 1999-2010 The OpenLDAP Foundation.
@@ -232,6 +232,21 @@
 
 	assert( msc->msc_ld != NULL );
 
+	if ( !BER_BVISEMPTY( &binddn ) && BER_BVISEMPTY( &cred ) ) {
+		/* bind anonymously? */
+		Debug( LDAP_DEBUG_ANY, "%s meta_search_dobind_init[%d] mc=%p: "
+			"non-empty dn with empty cred; binding anonymously\n",
+			op->o_log_prefix, candidate, (void *)mc );
+		cred = slap_empty_bv;
+		
+	} else if ( BER_BVISEMPTY( &binddn ) && !BER_BVISEMPTY( &cred ) ) {
+		/* error */
+		Debug( LDAP_DEBUG_ANY, "%s meta_search_dobind_init[%d] mc=%p: "
+			"empty dn with non-empty cred: error\n",
+			op->o_log_prefix, candidate, (void *)mc );
+		goto other;
+	}
+
 	/* connect must be async only the first time... */
 	ldap_set_option( msc->msc_ld, LDAP_OPT_CONNECT_ASYNC, LDAP_OPT_ON );
 

Modified: openldap/trunk/servers/slapd/backglue.c
===================================================================
--- openldap/trunk/servers/slapd/backglue.c	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/servers/slapd/backglue.c	2010-07-12 07:03:32 UTC (rev 1282)
@@ -1,5 +1,5 @@
 /* backglue.c - backend glue */
-/* $OpenLDAP: pkg/ldap/servers/slapd/backglue.c,v 1.112.2.24 2010/04/15 20:15:19 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/backglue.c,v 1.112.2.25 2010/06/10 19:33:40 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
  * Copyright 2001-2010 The OpenLDAP Foundation.
@@ -1472,6 +1472,29 @@
 	return rc;
 }
 
+static int
+glue_access_allowed(
+	Operation		*op,
+	Entry			*e,
+	AttributeDescription	*desc,
+	struct berval		*val,
+	slap_access_t		access,
+	AccessControlState	*state,
+	slap_mask_t		*maskp )
+{
+	BackendDB *b0, *be = glue_back_select( op->o_bd, &e->e_nname );
+	int rc;
+
+	if ( be == NULL || be == op->o_bd || be->bd_info->bi_access_allowed == NULL )
+		return SLAP_CB_CONTINUE;
+
+	b0 = op->o_bd;
+	op->o_bd = be;
+	rc = be->bd_info->bi_access_allowed ( op, e, desc, val, access, state, maskp );
+	op->o_bd = b0;
+	return rc;
+}
+
 int
 glue_sub_init()
 {
@@ -1492,6 +1515,7 @@
 	glue.on_bi.bi_chk_controls = glue_chk_controls;
 	glue.on_bi.bi_entry_get_rw = glue_entry_get_rw;
 	glue.on_bi.bi_entry_release_rw = glue_entry_release_rw;
+	glue.on_bi.bi_access_allowed = glue_access_allowed;
 
 	glue.on_response = glue_response;
 

Modified: openldap/trunk/servers/slapd/dn.c
===================================================================
--- openldap/trunk/servers/slapd/dn.c	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/servers/slapd/dn.c	2010-07-12 07:03:32 UTC (rev 1282)
@@ -1,5 +1,5 @@
 /* dn.c - routines for dealing with distinguished names */
-/* $OpenLDAP: pkg/ldap/servers/slapd/dn.c,v 1.182.2.15 2010/04/13 20:23:14 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/dn.c,v 1.182.2.16 2010/06/10 17:48:06 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
  * Copyright 1998-2010 The OpenLDAP Foundation.
@@ -302,16 +302,13 @@
 		ava->la_attr = ad->ad_cname;
 
 		if( ava->la_flags & LDAP_AVA_BINARY ) {
-			if( ava->la_value.bv_len == 0 ) {
-				/* BER encoding is empty */
-				return LDAP_INVALID_SYNTAX;
-			}
+			/* AVA is binary encoded, not supported */
+			return LDAP_INVALID_SYNTAX;
 
 			/* Do not allow X-ORDERED 'VALUES' naming attributes */
 		} else if( ad->ad_type->sat_flags & SLAP_AT_ORDERED_VAL ) {
 			return LDAP_INVALID_SYNTAX;
 
-			/* AVA is binary encoded, don't muck with it */
 		} else if( flags & SLAP_LDAPDN_PRETTY ) {
 			transf = ad->ad_type->sat_syntax->ssyn_pretty;
 			if( !transf ) {
@@ -379,6 +376,10 @@
 			ava->la_value = bv;
 			ava->la_flags |= LDAP_AVA_FREE_VALUE;
 		}
+		/* reject empty values */
+		if (!ava->la_value.bv_len) {
+			return LDAP_INVALID_SYNTAX;
+		}
 	}
 	rc = LDAP_SUCCESS;
 

Modified: openldap/trunk/servers/slapd/modrdn.c
===================================================================
--- openldap/trunk/servers/slapd/modrdn.c	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/servers/slapd/modrdn.c	2010-07-12 07:03:32 UTC (rev 1282)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/modrdn.c,v 1.170.2.7 2010/04/13 20:23:16 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/modrdn.c,v 1.170.2.8 2010/06/10 17:48:07 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
  * Copyright 1998-2010 The OpenLDAP Foundation.
@@ -445,12 +445,19 @@
 		mod_tmp->sml_values[1].bv_val = NULL;
 		if( desc->ad_type->sat_equality->smr_normalize) {
 			mod_tmp->sml_nvalues = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) );
-			(void) (*desc->ad_type->sat_equality->smr_normalize)(
+			rs->sr_err = desc->ad_type->sat_equality->smr_normalize(
 				SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
 				desc->ad_type->sat_syntax,
 				desc->ad_type->sat_equality,
 				&mod_tmp->sml_values[0],
 				&mod_tmp->sml_nvalues[0], NULL );
+			if (rs->sr_err != LDAP_SUCCESS) {
+				ch_free(mod_tmp->sml_nvalues);
+				ch_free(mod_tmp->sml_values[0].bv_val);
+				ch_free(mod_tmp->sml_values);
+				ch_free(mod_tmp);
+				goto done;
+			}
 			mod_tmp->sml_nvalues[1].bv_val = NULL;
 		} else {
 			mod_tmp->sml_nvalues = NULL;

Modified: openldap/trunk/servers/slapd/overlays/ppolicy.c
===================================================================
--- openldap/trunk/servers/slapd/overlays/ppolicy.c	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/servers/slapd/overlays/ppolicy.c	2010-07-12 07:03:32 UTC (rev 1282)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/ppolicy.c,v 1.75.2.30 2010/04/19 19:43:21 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/ppolicy.c,v 1.75.2.31 2010/06/10 17:37:40 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
  * Copyright 2004-2010 The OpenLDAP Foundation.
@@ -2230,7 +2230,7 @@
 		if ( cr ){
 			snprintf( cr->msg, sizeof(cr->msg), 
 				"slapo-ppolicy cannot be global" );
-			fprintf( stderr, "%s\n", cr->msg );
+			Debug( LDAP_DEBUG_ANY, "%s\n", cr->msg, 0, 0 );
 		}
 		return 1;
 	}
@@ -2247,7 +2247,7 @@
 					snprintf( cr->msg, sizeof(cr->msg), 
 						"User Schema load failed for attribute \"%s\". Error code %d: %s",
 						pwd_UsSchema[i].def, code, err );
-					fprintf( stderr, "%s\n", cr->msg );
+					Debug( LDAP_DEBUG_ANY, "%s\n", cr->msg, 0, 0 );
 				}
 				return code;
 			}
@@ -2340,7 +2340,7 @@
 		SLAP_CTRL_ADD|SLAP_CTRL_BIND|SLAP_CTRL_MODIFY|SLAP_CTRL_HIDE, extops,
 		ppolicy_parseCtrl, &ppolicy_cid );
 	if ( code != LDAP_SUCCESS ) {
-		fprintf( stderr, "Failed to register control %d\n", code );
+		Debug( LDAP_DEBUG_ANY, "Failed to register control %d\n", code, 0, 0 );
 		return code;
 	}
 

Modified: openldap/trunk/servers/slapd/overlays/refint.c
===================================================================
--- openldap/trunk/servers/slapd/overlays/refint.c	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/servers/slapd/overlays/refint.c	2010-07-12 07:03:32 UTC (rev 1282)
@@ -1,5 +1,5 @@
 /* refint.c - referential integrity module */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/refint.c,v 1.19.2.13 2010/04/13 20:23:45 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/refint.c,v 1.19.2.15 2010/06/17 20:08:31 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
  * Copyright 2004-2010 The OpenLDAP Foundation.
@@ -76,7 +76,6 @@
 } refint_q;
 
 typedef struct refint_data_s {
-	const char *message;			/* breadcrumbs */
 	struct refint_attrs_s *attrs;	/* list of known attrs */
 	BerValue dn;				/* basedn in parent, */
 	BerValue nothing;			/* the nothing value, if needed */
@@ -210,21 +209,17 @@
 			rc = 0;
 			break;
 		case REFINT_NOTHING:
-			if ( dd->nothing.bv_val )
-				ber_memfree ( dd->nothing.bv_val );
-			if ( dd->nnothing.bv_val )
-				ber_memfree ( dd->nnothing.bv_val );
-			dd->nothing.bv_len = 0;
-			dd->nnothing.bv_len = 0;
+			ch_free( dd->nothing.bv_val );
+			ch_free( dd->nnothing.bv_val );
+			BER_BVZERO( &dd->nothing );
+			BER_BVZERO( &dd->nnothing );
 			rc = 0;
 			break;
 		case REFINT_MODIFIERSNAME:
-			if ( dd->refint_dn.bv_val )
-				ber_memfree ( dd->refint_dn.bv_val );
-			if ( dd->refint_ndn.bv_val )
-				ber_memfree ( dd->refint_ndn.bv_val );
-			dd->refint_dn.bv_len = 0;
-			dd->refint_ndn.bv_len = 0;
+			ch_free( dd->refint_dn.bv_val );
+			ch_free( dd->refint_ndn.bv_val );
+			BER_BVZERO( &dd->refint_dn );
+			BER_BVZERO( &dd->refint_ndn );
 			rc = 0;
 			break;
 		default:
@@ -256,22 +251,26 @@
 			}
 			break;
 		case REFINT_NOTHING:
-			if ( dd->nothing.bv_val )
-				ber_memfree ( dd->nothing.bv_val );
-			if ( dd->nnothing.bv_val )
-				ber_memfree ( dd->nnothing.bv_val );
-			dd->nothing = c->value_dn;
-			dd->nnothing = c->value_ndn;
-			rc = 0;
+			if ( !BER_BVISNULL( &c->value_ndn )) {
+				ch_free ( dd->nothing.bv_val );
+				ch_free ( dd->nnothing.bv_val );
+				dd->nothing = c->value_dn;
+				dd->nnothing = c->value_ndn;
+				rc = 0;
+			} else {
+				rc = ARG_BAD_CONF;
+			}
 			break;
 		case REFINT_MODIFIERSNAME:
-			if ( dd->refint_dn.bv_val )
-				ber_memfree ( dd->refint_dn.bv_val );
-			if ( dd->refint_ndn.bv_val )
-				ber_memfree ( dd->refint_ndn.bv_val );
-			dd->refint_dn = c->value_dn;
-			dd->refint_ndn = c->value_ndn;
-			rc = 0;
+			if ( !BER_BVISNULL( &c->value_ndn )) {
+				ch_free( dd->refint_dn.bv_val );
+				ch_free( dd->refint_ndn.bv_val );
+				dd->refint_dn = c->value_dn;
+				dd->refint_ndn = c->value_ndn;
+				rc = 0;
+			} else {
+				rc = ARG_BAD_CONF;
+			}
 			break;
 		default:
 			abort ();
@@ -299,7 +298,6 @@
 	slap_overinst *on = (slap_overinst *)be->bd_info;
 	refint_data *id = ch_calloc(1,sizeof(refint_data));
 
-	id->message = "_init";
 	on->on_bi.bi_private = id;
 	ldap_pvt_thread_mutex_init( &id->qmutex );
 	return(0);
@@ -335,7 +333,6 @@
 {
 	slap_overinst *on	= (slap_overinst *)be->bd_info;
 	refint_data *id	= on->on_bi.bi_private;
-	id->message		= "_open";
 
 	if ( BER_BVISNULL( &id->dn )) {
 		if ( BER_BVISNULL( &be->be_nsuffix[0] ))
@@ -354,7 +351,6 @@
 ** foreach configured attribute:
 **	free it;
 ** free our basedn;
-** (do not) free id->message;
 ** reset on_bi.bi_private;
 ** free our config data;
 **
@@ -369,7 +365,6 @@
 	slap_overinst *on	= (slap_overinst *) be->bd_info;
 	refint_data *id	= on->on_bi.bi_private;
 	refint_attrs *ii, *ij;
-	id->message		= "_close";
 
 	for(ii = id->attrs; ii; ii = ij) {
 		ij = ii->next;
@@ -870,8 +865,6 @@
 	BackendDB *db = NULL;
 	refint_attrs *ip;
 
-	id->message = "_refint_response";
-
 	/* If the main op failed or is not a Delete or ModRdn, ignore it */
 	if (( op->o_tag != LDAP_REQ_DELETE && op->o_tag != LDAP_REQ_MODRDN ) ||
 		rs->sr_err != LDAP_SUCCESS )

Modified: openldap/trunk/servers/slapd/overlays/rwm.c
===================================================================
--- openldap/trunk/servers/slapd/overlays/rwm.c	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/servers/slapd/overlays/rwm.c	2010-07-12 07:03:32 UTC (rev 1282)
@@ -1,5 +1,5 @@
 /* rwm.c - rewrite/remap operations */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwm.c,v 1.70.2.35 2010/04/19 19:32:31 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwm.c,v 1.70.2.36 2010/06/10 17:37:40 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
  * Copyright 2003-2010 The OpenLDAP Foundation.
@@ -122,7 +122,7 @@
 #if 0
 			ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
 			/* too late, c_mutex released */
-			fprintf( stderr, "*** DN: \"%s\" => \"%s\"\n",
+			Debug( LDAP_DEBUG_ANY, "*** DN: \"%s\" => \"%s\"\n",
 				op->o_conn->c_ndn.bv_val,
 				op->o_req_ndn.bv_val );
 			ber_bvreplace( &op->o_conn->c_ndn,
@@ -1626,12 +1626,12 @@
 	 */
 	if ( argc == 2 ) {
 		if ( be->be_suffix == NULL ) {
- 			fprintf( stderr, "%s: line %d: "
+ 			Debug( LDAP_DEBUG_ANY, "%s: line %d: "
 				       " \"suffixMassage [<suffix>]"
 				       " <massaged suffix>\" without "
 				       "<suffix> part requires database "
 				       "suffix be defined first.\n",
-				fname, lineno );
+				fname, lineno, 0 );
 			return 1;
 		}
 		bvnc = be->be_suffix[ 0 ];
@@ -1642,22 +1642,22 @@
 		massaged = 2;
 
 	} else  {
- 		fprintf( stderr, "%s: line %d: syntax is"
+ 		Debug( LDAP_DEBUG_ANY, "%s: line %d: syntax is"
 			       " \"suffixMassage [<suffix>]"
 			       " <massaged suffix>\"\n",
-			fname, lineno );
+			fname, lineno, 0 );
 		return 1;
 	}
 
 	if ( dnPrettyNormal( NULL, &bvnc, &pvnc, &nvnc, NULL ) != LDAP_SUCCESS ) {
-		fprintf( stderr, "%s: line %d: suffix DN %s is invalid\n",
+		Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix DN %s is invalid\n",
 			fname, lineno, bvnc.bv_val );
 		return 1;
 	}
 
 	ber_str2bv( argv[ massaged ], 0, 0, &brnc );
 	if ( dnPrettyNormal( NULL, &brnc, &prnc, &nrnc, NULL ) != LDAP_SUCCESS ) {
-		fprintf( stderr, "%s: line %d: suffix DN %s is invalid\n",
+		Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix DN %s is invalid\n",
 				fname, lineno, brnc.bv_val );
 		free( nvnc.bv_val );
 		free( pvnc.bv_val );
@@ -1776,9 +1776,9 @@
 
 	} else if ( strcasecmp( argv[0], "t-f-support" ) == 0 ) {
 		if ( argc != 2 ) {
-			fprintf( stderr,
+			Debug( LDAP_DEBUG_ANY,
 		"%s: line %d: \"t-f-support {no|yes|discover}\" needs 1 argument.\n",
-					fname, lineno );
+					fname, lineno, 0 );
 			return( 1 );
 		}
 
@@ -1790,17 +1790,17 @@
 
 		/* TODO: not implemented yet */
 		} else if ( strcasecmp( argv[ 1 ], "discover" ) == 0 ) {
-			fprintf( stderr,
+			Debug( LDAP_DEBUG_ANY,
 		"%s: line %d: \"discover\" not supported yet "
 		"in \"t-f-support {no|yes|discover}\".\n",
-					fname, lineno );
+					fname, lineno, 0 );
 			return( 1 );
 #if 0
 			rwmap->rwm_flags |= RWM_F_SUPPORT_T_F_DISCOVER;
 #endif
 
 		} else {
-			fprintf( stderr,
+			Debug( LDAP_DEBUG_ANY,
 	"%s: line %d: unknown value \"%s\" for \"t-f-support {no|yes|discover}\".\n",
 				fname, lineno, argv[ 1 ] );
 			return 1;
@@ -1808,9 +1808,9 @@
 
 	} else if ( strcasecmp( argv[0], "normalize-mapped-attrs" ) ==  0 ) {
 		if ( argc !=2 ) { 
-			fprintf( stderr,
+			Debug( LDAP_DEBUG_ANY,
 		"%s: line %d: \"normalize-mapped-attrs {no|yes}\" needs 1 argument.\n",
-					fname, lineno );
+					fname, lineno, 0 );
 			return( 1 );
 		}
 

Modified: openldap/trunk/servers/slapd/overlays/rwmconf.c
===================================================================
--- openldap/trunk/servers/slapd/overlays/rwmconf.c	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/servers/slapd/overlays/rwmconf.c	2010-07-12 07:03:32 UTC (rev 1282)
@@ -1,5 +1,5 @@
 /* rwmconf.c - rewrite/map configuration file routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwmconf.c,v 1.25.2.6 2010/04/13 20:23:46 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwmconf.c,v 1.25.2.7 2010/06/10 17:37:40 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
  * Copyright 1999-2010 The OpenLDAP Foundation.
@@ -50,9 +50,9 @@
 	int			rc = 0;
 
 	if ( argc < 3 || argc > 4 ) {
-		fprintf( stderr,
+		Debug( LDAP_DEBUG_ANY,
 	"%s: line %d: syntax is \"map {objectclass | attribute} [<local> | *] {<foreign> | *}\"\n",
-			fname, lineno );
+			fname, lineno, 0 );
 		return 1;
 	}
 
@@ -64,10 +64,10 @@
 		map = at_map;
 
 	} else {
-		fprintf( stderr, "%s: line %d: syntax is "
+		Debug( LDAP_DEBUG_ANY, "%s: line %d: syntax is "
 			"\"map {objectclass | attribute} [<local> | *] "
 			"{<foreign> | *}\"\n",
-			fname, lineno );
+			fname, lineno, 0 );
 		return 1;
 	}
 
@@ -98,18 +98,18 @@
 			&& ( strcasecmp( src, "objectclass" ) == 0
 			|| strcasecmp( dst, "objectclass" ) == 0 ) )
 	{
-		fprintf( stderr,
+		Debug( LDAP_DEBUG_ANY,
 			"%s: line %d: objectclass attribute cannot be mapped\n",
-			fname, lineno );
+			fname, lineno, 0 );
 		return 1;
 	}
 
 	mapping = (struct ldapmapping *)ch_calloc( 2,
 		sizeof(struct ldapmapping) );
 	if ( mapping == NULL ) {
-		fprintf( stderr,
+		Debug( LDAP_DEBUG_ANY,
 			"%s: line %d: out of memory\n",
-			fname, lineno );
+			fname, lineno, 0 );
 		return 1;
 	}
 	ber_str2bv( src, 0, 1, &mapping[0].m_src );
@@ -127,7 +127,7 @@
 		if ( src[0] != '\0' ) {
 			mapping[0].m_src_oc = oc_bvfind( &mapping[0].m_src );
 			if ( mapping[0].m_src_oc == NULL ) {
-				fprintf( stderr,
+				Debug( LDAP_DEBUG_ANY,
 	"%s: line %d: warning, source objectClass '%s' "
 	"should be defined in schema\n",
 					fname, lineno, src );
@@ -145,14 +145,14 @@
 
 		mapping[0].m_dst_oc = oc_bvfind( &mapping[0].m_dst );
 		if ( mapping[0].m_dst_oc == NULL ) {
-			fprintf( stderr,
+			Debug( LDAP_DEBUG_ANY,
 	"%s: line %d: warning, destination objectClass '%s' "
 	"is not defined in schema\n",
 				fname, lineno, dst );
 
 			mapping[0].m_dst_oc = oc_bvfind_undef( &mapping[0].m_dst );
 			if ( mapping[0].m_dst_oc == NULL ) {
-				fprintf( stderr, "%s: line %d: unable to mimic destination objectClass '%s'\n",
+				Debug( LDAP_DEBUG_ANY, "%s: line %d: unable to mimic destination objectClass '%s'\n",
 					fname, lineno, dst );
 				goto error_return;
 			}
@@ -170,7 +170,7 @@
 			rc = slap_bv2ad( &mapping[0].m_src,
 					&mapping[0].m_src_ad, &text );
 			if ( rc != LDAP_SUCCESS ) {
-				fprintf( stderr,
+				Debug( LDAP_DEBUG_ANY,
 	"%s: line %d: warning, source attributeType '%s' "
 	"should be defined in schema\n",
 					fname, lineno, src );
@@ -184,9 +184,12 @@
 						&mapping[0].m_src_ad, &text,
 						SLAP_AD_PROXIED );
 				if ( rc != LDAP_SUCCESS ) {
-					fprintf( stderr,
-	"%s: line %d: source attributeType '%s': %d (%s)\n",
-						fname, lineno, src, rc, text ? text : "null" );
+					char prefix[1024];
+					snprintf( prefix, sizeof(prefix),
+	"%s: line %d: source attributeType '%s': %d",
+						fname, lineno, src, rc );
+					Debug( LDAP_DEBUG_ANY, "%s (%s)\n",
+						prefix, text ? text : "null", 0 );
 					goto error_return;
 				}
 
@@ -196,7 +199,7 @@
 
 		rc = slap_bv2ad( &mapping[0].m_dst, &mapping[0].m_dst_ad, &text );
 		if ( rc != LDAP_SUCCESS ) {
-			fprintf( stderr,
+			Debug( LDAP_DEBUG_ANY,
 	"%s: line %d: warning, destination attributeType '%s' "
 	"is not defined in schema\n",
 				fname, lineno, dst );
@@ -205,9 +208,12 @@
 					&mapping[0].m_dst_ad, &text,
 					SLAP_AD_PROXIED );
 			if ( rc != LDAP_SUCCESS ) {
-				fprintf( stderr,
-	"%s: line %d: destination attributeType '%s': %d (%s)\n",
-					fname, lineno, dst, rc, text ? text : "null" );
+				char prefix[1024];
+				snprintf( prefix, sizeof(prefix), 
+	"%s: line %d: destination attributeType '%s': %d",
+					fname, lineno, dst, rc );
+				Debug( LDAP_DEBUG_ANY, "%s (%s)\n",
+					prefix, text ? text : "null", 0 );
 				goto error_return;
 			}
 		}
@@ -217,9 +223,9 @@
 	if ( ( src[0] != '\0' && avl_find( map->map, (caddr_t)mapping, rwm_mapping_cmp ) != NULL)
 			|| avl_find( map->remap, (caddr_t)&mapping[1], rwm_mapping_cmp ) != NULL)
 	{
-		fprintf( stderr,
+		Debug( LDAP_DEBUG_ANY,
 			"%s: line %d: duplicate mapping found.\n",
-			fname, lineno );
+			fname, lineno, 0 );
 		/* FIXME: free stuff */
 		goto error_return;
 	}

Modified: openldap/trunk/servers/slapd/overlays/sssvlv.c
===================================================================
--- openldap/trunk/servers/slapd/overlays/sssvlv.c	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/servers/slapd/overlays/sssvlv.c	2010-07-12 07:03:32 UTC (rev 1282)
@@ -1,5 +1,5 @@
 /* sssvlv.c - server side sort / virtual list view */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/sssvlv.c,v 1.9.2.6 2010/04/14 17:56:50 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/sssvlv.c,v 1.9.2.9 2010/06/10 17:37:40 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
  * Copyright 2009-2010 The OpenLDAP Foundation.
@@ -471,7 +471,9 @@
 	be = op->o_bd;
 	for ( i=0; i<j; i++ ) {
 		sort_node *sn = cur_node->avl_data;
-		
+
+		if ( slapd_shutdown ) break;
+
 		op->o_bd = select_backend( &sn->sn_dn, 0 );
 		e = NULL;
 		rc = be_entry_get_rw( op, &sn->sn_dn, NULL, NULL, 0, &e );
@@ -503,6 +505,8 @@
 	while ( cur_node && rs->sr_nentries < so->so_page_size ) {
 		sort_node *sn = cur_node->avl_data;
 
+		if ( slapd_shutdown ) break;
+
 		next_node = tavl_next( cur_node, TAVL_DIR_RIGHT );
 
 		op->o_bd = select_backend( &sn->sn_dn, 0 );
@@ -822,6 +826,8 @@
 					so->so_vlv = op->o_ctrlflag[vlv_cid];
 					so->so_vlv_target = 0;
 					so->so_vlv_rc = 0;
+				} else {
+					so->so_vlv = SLAP_CONTROL_NONE;
 				}
 			}
 			so->so_vcontext = (unsigned long)so;
@@ -1230,11 +1236,11 @@
 	if ( rc == LDAP_SUCCESS ) {
 		rc = overlay_register( &sssvlv );
 		if ( rc != LDAP_SUCCESS ) {
-			fprintf( stderr, "Failed to register server side sort overlay\n" );
+			Debug( LDAP_DEBUG_ANY, "Failed to register server side sort overlay\n", 0, 0, 0 );
 		}
 	}
 	else {
-		fprintf( stderr, "Failed to register control %d\n", rc );
+		Debug( LDAP_DEBUG_ANY, "Failed to register control %d\n", rc, 0, 0 );
 	}
 
 	return rc;

Modified: openldap/trunk/servers/slapd/overlays/syncprov.c
===================================================================
--- openldap/trunk/servers/slapd/overlays/syncprov.c	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/servers/slapd/overlays/syncprov.c	2010-07-12 07:03:32 UTC (rev 1282)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/syncprov.c,v 1.147.2.73 2010/04/19 16:53:04 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/syncprov.c,v 1.147.2.75 2010/06/10 18:50:48 quanah Exp $ */
 /* syncprov.c - syncrepl provider */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
@@ -1301,7 +1301,15 @@
 			op2.o_hdr = &oh;
 			op2.o_extra = op->o_extra;
 			op2.o_callback = NULL;
-			rc = test_filter( &op2, e, ss->s_op->ors_filter );
+			ldap_pvt_thread_mutex_lock( &ss->s_mutex );
+			if (ss->s_flags & PS_FIX_FILTER) {
+				/* Skip the AND/GE clause that we stuck on in front. We
+				   would lose deletes/mods that happen during the refresh
+				   phase otherwise (ITS#6555) */
+				op2.ors_filter = ss->s_op->ors_filter->f_and->f_next;
+			}
+			ldap_pvt_thread_mutex_unlock( &ss->s_mutex );
+			rc = test_filter( &op2, e, op2.ors_filter );
 		}
 
 		Debug( LDAP_DEBUG_TRACE, "syncprov_matchops: sid %03x fscope %d rc %d\n",
@@ -1413,6 +1421,7 @@
 	SlapReply rsm = { 0 };
 	slap_callback cb = {0};
 	BackendDB be;
+	BackendInfo *bi;
 
 #ifdef CHECK_CSN
 	Syntax *syn = slap_schema.si_ad_contextCSN->ad_type->sat_syntax;
@@ -1442,6 +1451,7 @@
 	}
 	opm.o_req_dn = si->si_contextdn;
 	opm.o_req_ndn = si->si_contextdn;
+	bi = opm.o_bd->bd_info;
 	opm.o_bd->bd_info = on->on_info->oi_orig;
 	opm.o_managedsait = SLAP_CONTROL_NONCRITICAL;
 	opm.o_no_schema_check = 1;
@@ -1459,6 +1469,7 @@
 		if ( e == opm.ora_e )
 			be_entry_release_w( &opm, opm.ora_e );
 	}
+	opm.o_bd->bd_info = bi;
 
 	if ( mod.sml_next != NULL ) {
 		slap_mods_free( mod.sml_next, 1 );

Modified: openldap/trunk/servers/slapd/overlays/valsort.c
===================================================================
--- openldap/trunk/servers/slapd/overlays/valsort.c	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/servers/slapd/overlays/valsort.c	2010-07-12 07:03:32 UTC (rev 1282)
@@ -1,5 +1,5 @@
 /* valsort.c - sort attribute values */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/valsort.c,v 1.17.2.8 2010/04/14 17:26:11 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/valsort.c,v 1.17.2.9 2010/06/10 17:37:40 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
  * Copyright 2005-2010 The OpenLDAP Foundation.
@@ -568,7 +568,7 @@
 		SLAP_CTRL_SEARCH | SLAP_CTRL_HIDE, NULL, valsort_parseCtrl,
 		&valsort_cid );
 	if ( rc != LDAP_SUCCESS ) {
-		fprintf( stderr, "Failed to register control %d\n", rc );
+		Debug( LDAP_DEBUG_ANY, "Failed to register control %d\n", rc, 0, 0 );
 		return rc;
 	}
 

Modified: openldap/trunk/servers/slapd/schema_init.c
===================================================================
--- openldap/trunk/servers/slapd/schema_init.c	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/servers/slapd/schema_init.c	2010-07-12 07:03:32 UTC (rev 1282)
@@ -1,5 +1,5 @@
 /* schema_init.c - init builtin schema */
-/* $OpenLDAP: pkg/ldap/servers/slapd/schema_init.c,v 1.386.2.39 2010/04/14 18:12:15 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/schema_init.c,v 1.386.2.40 2010/06/10 17:48:07 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
  * Copyright 1998-2010 The OpenLDAP Foundation.
@@ -1735,8 +1735,9 @@
 		? LDAP_UTF8_APPROX : 0;
 
 	val = UTF8bvnormalize( val, &tmp, flags, ctx );
+	/* out of memory or syntax error, the former is unlikely */
 	if( val == NULL ) {
-		return LDAP_OTHER;
+		return LDAP_INVALID_SYNTAX;
 	}
 	
 	/* collapse spaces (in place) */

Modified: openldap/trunk/servers/slapd/syncrepl.c
===================================================================
--- openldap/trunk/servers/slapd/syncrepl.c	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/servers/slapd/syncrepl.c	2010-07-12 07:03:32 UTC (rev 1282)
@@ -1,5 +1,5 @@
 /* syncrepl.c -- Replication Engine which uses the LDAP Sync protocol */
-/* $OpenLDAP: pkg/ldap/servers/slapd/syncrepl.c,v 1.254.2.105 2010/04/19 19:24:41 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/syncrepl.c,v 1.254.2.106 2010/06/10 17:15:14 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
  * Copyright 2003-2010 The OpenLDAP Foundation.
@@ -4592,9 +4592,10 @@
 		return 1;
 	} else {
 		Debug( LDAP_DEBUG_CONFIG,
-			"Config: ** successfully added syncrepl \"%s\"\n",
+			"Config: ** successfully added syncrepl %s \"%s\"\n",
+			si->si_ridtxt,
 			BER_BVISNULL( &si->si_bindconf.sb_uri ) ?
-			"(null)" : si->si_bindconf.sb_uri.bv_val, 0, 0 );
+			"(null)" : si->si_bindconf.sb_uri.bv_val, 0 );
 		if ( c->be->be_syncinfo ) {
 			syncinfo_t *sip;
 

Modified: openldap/trunk/tests/scripts/test043-delta-syncrepl
===================================================================
--- openldap/trunk/tests/scripts/test043-delta-syncrepl	2010-07-12 06:57:19 UTC (rev 1281)
+++ openldap/trunk/tests/scripts/test043-delta-syncrepl	2010-07-12 07:03:32 UTC (rev 1282)
@@ -1,5 +1,5 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test043-delta-syncrepl,v 1.4.2.7 2010/04/19 19:14:35 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test043-delta-syncrepl,v 1.4.2.8 2010/06/10 17:28:50 quanah Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
 ## Copyright 1998-2010 The OpenLDAP Foundation.
@@ -339,9 +339,9 @@
 test $KILLSERVERS != no && kill -HUP $KILLPIDS
 
 echo "Filtering producer results..."
-$LDIFFILTER < $MASTEROUT | grep -iv "^auditcontext:" > $MASTERFLT
+$LDIFFILTER -s bdb=a,hdb=a < $MASTEROUT | grep -iv "^auditcontext:" > $MASTERFLT
 echo "Filtering consumer results..."
-$LDIFFILTER < $SLAVEOUT | grep -iv "^auditcontext:" > $SLAVEFLT
+$LDIFFILTER -s bdb=a,hdb=a < $SLAVEOUT | grep -iv "^auditcontext:" > $SLAVEFLT
 
 echo "Comparing retrieved entries from producer and consumer..."
 $CMP $MASTERFLT $SLAVEFLT > $CMPOUT




More information about the Pkg-openldap-devel mailing list