From: Kurt Zeilenga Date: Mon, 24 Mar 2003 04:54:12 +0000 (+0000) Subject: Lots of fixes from HEAD X-Git-Tag: OPENLDAP_REL_ENG_2_1_17~21 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=49368be96c9ee626d23c754bc7877667f8c772c3;p=thirdparty%2Fopenldap.git Lots of fixes from HEAD --- diff --git a/servers/slapd/back-bdb/back-bdb.h b/servers/slapd/back-bdb/back-bdb.h index f3df2ae082..50f400688b 100644 --- a/servers/slapd/back-bdb/back-bdb.h +++ b/servers/slapd/back-bdb/back-bdb.h @@ -160,7 +160,7 @@ struct bdb_op_info { int boi_acl_cache; }; -#define DB_OPEN(db, file, name, type, flags, mode) \ +#define DB_OPEN(db, txn, file, name, type, flags, mode) \ (db)->open(db, file, name, type, flags, mode) #if DB_VERSION_MAJOR < 4 @@ -191,8 +191,8 @@ struct bdb_op_info { /* BDB 4.1.17 adds txn arg to db->open */ #if DB_VERSION_MINOR > 1 || DB_VERSION_PATCH >= 17 #undef DB_OPEN -#define DB_OPEN(db, file, name, type, flags, mode) \ - (db)->open(db, NULL, file, name, type, (flags)|DB_AUTO_COMMIT, mode) +#define DB_OPEN(db, txn, file, name, type, flags, mode) \ + (db)->open(db, txn, file, name, type, flags, mode) #endif #define BDB_REUSE_LOCKERS diff --git a/servers/slapd/back-bdb/dbcache.c b/servers/slapd/back-bdb/dbcache.c index 7f5d6718d0..5a07911d6d 100644 --- a/servers/slapd/back-bdb/dbcache.c +++ b/servers/slapd/back-bdb/dbcache.c @@ -46,11 +46,13 @@ bdb_db_hash( int bdb_db_cache( Backend *be, + DB_TXN *tid, const char *name, DB **dbout ) { int i; int rc; + int flags; struct bdb_info *bdb = (struct bdb_info *) be->be_private; struct bdb_db_info *db; char *file; @@ -110,9 +112,11 @@ bdb_db_cache( #ifdef HAVE_EBCDIC __atoe( file ); #endif - rc = DB_OPEN( db->bdi_db, + flags = bdb->bi_db_opflags | DB_CREATE | DB_THREAD; + if ( !tid ) flags |= DB_AUTO_COMMIT; + rc = DB_OPEN( db->bdi_db, tid, file, name, - DB_HASH, bdb->bi_db_opflags | DB_CREATE | DB_THREAD, + DB_HASH, flags, bdb->bi_dbenv_mode ); ch_free( file ); diff --git a/servers/slapd/back-bdb/id2entry.c b/servers/slapd/back-bdb/id2entry.c index 5e4ef60df4..578e5ed435 100644 --- a/servers/slapd/back-bdb/id2entry.c +++ b/servers/slapd/back-bdb/id2entry.c @@ -24,13 +24,14 @@ int bdb_id2entry_put( struct berval bv; int rc; #ifdef BDB_HIER - char *odn, *ondn; + struct berval odn, ondn; /* We only store rdns, and they go in the id2parent database. */ - odn = e->e_dn; ondn = e->e_ndn; + odn = e->e_name; ondn = e->e_nname; - e->e_dn = ""; e->e_ndn = ""; + e->e_name = slap_empty_bv; + e->e_nname = slap_empty_bv; #endif DBTzero( &key ); key.data = (char *) &e->e_id; @@ -38,7 +39,7 @@ int bdb_id2entry_put( rc = entry_encode( e, &bv ); #ifdef BDB_HIER - e->e_dn = odn; e->e_ndn = ondn; + e->e_name = odn; e->e_nname = ondn; #endif if( rc != LDAP_SUCCESS ) { return -1; diff --git a/servers/slapd/back-bdb/index.c b/servers/slapd/back-bdb/index.c index dd695783df..1ea5ad73f1 100644 --- a/servers/slapd/back-bdb/index.c +++ b/servers/slapd/back-bdb/index.c @@ -103,7 +103,7 @@ int bdb_index_param( return LDAP_INAPPROPRIATE_MATCHING; } - rc = bdb_db_cache( be, dbname, &db ); + rc = bdb_db_cache( be, NULL, dbname, &db ); if( rc != LDAP_SUCCESS ) { return rc; @@ -165,7 +165,7 @@ static int indexer( assert( mask ); - rc = bdb_db_cache( be, dbname, &db ); + rc = bdb_db_cache( be, txn, dbname, &db ); if ( rc != LDAP_SUCCESS ) { #ifdef NEW_LOGGING diff --git a/servers/slapd/back-bdb/init.c b/servers/slapd/back-bdb/init.c index 7d6dae13f0..039934c474 100644 --- a/servers/slapd/back-bdb/init.c +++ b/servers/slapd/back-bdb/init.c @@ -380,18 +380,18 @@ bdb_db_open( BackendDB *be ) #ifdef HAVE_EBCDIC strcpy( path, bdbi_databases[i].file ); __atoe( path ); - rc = DB_OPEN( db->bdi_db, + rc = DB_OPEN( db->bdi_db, NULL, path, /* bdbi_databases[i].name, */ NULL, bdbi_databases[i].type, - bdbi_databases[i].flags | flags, + bdbi_databases[i].flags | flags | DB_AUTO_COMMIT, bdb->bi_dbenv_mode ); #else - rc = DB_OPEN( db->bdi_db, + rc = DB_OPEN( db->bdi_db, NULL, bdbi_databases[i].file, /* bdbi_databases[i].name, */ NULL, bdbi_databases[i].type, - bdbi_databases[i].flags | flags, + bdbi_databases[i].flags | flags | DB_AUTO_COMMIT, bdb->bi_dbenv_mode ); #endif diff --git a/servers/slapd/back-bdb/passwd.c b/servers/slapd/back-bdb/passwd.c index 33803ff633..9848173cd6 100644 --- a/servers/slapd/back-bdb/passwd.c +++ b/servers/slapd/back-bdb/passwd.c @@ -38,8 +38,8 @@ bdb_exop_passwd( struct berval id = { 0, NULL }; struct berval new = { 0, NULL }; - struct berval dn; - struct berval ndn; + struct berval dn = { 0, NULL }; + struct berval ndn = { 0, NULL }; u_int32_t locker = 0; DB_LOCK lock; @@ -276,6 +276,10 @@ done: free( hash.bv_val ); } + if( ndn.bv_val != NULL ) { + free( ndn.bv_val ); + } + if( ltid != NULL ) { TXN_ABORT( ltid ); op->o_private = NULL; diff --git a/servers/slapd/back-bdb/proto-bdb.h b/servers/slapd/back-bdb/proto-bdb.h index 01103d1585..8cb1ed5808 100644 --- a/servers/slapd/back-bdb/proto-bdb.h +++ b/servers/slapd/back-bdb/proto-bdb.h @@ -51,6 +51,7 @@ BI_acl_attribute bdb_attribute; int bdb_db_cache( Backend *be, + DB_TXN *tid, const char *name, DB **db ); diff --git a/servers/slapd/back-bdb/search.c b/servers/slapd/back-bdb/search.c index 9aea71c614..69f37d5f96 100644 --- a/servers/slapd/back-bdb/search.c +++ b/servers/slapd/back-bdb/search.c @@ -343,13 +343,13 @@ dn2entry_retry: scope, deref, candidates ); } - /* need normalized dn below */ - ber_dupbv( &realbase, &e->e_nname ); - /* start cursor at beginning of candidates. */ cursor = 0; + /* need normalized dn below */ + ber_dupbv( &realbase, &e->e_nname ); + if ( e != &slap_entry_root ) { bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, e, &lock); } diff --git a/servers/slapd/back-ldbm/passwd.c b/servers/slapd/back-ldbm/passwd.c index 3aed5c4df3..cd6a4a14a6 100644 --- a/servers/slapd/back-ldbm/passwd.c +++ b/servers/slapd/back-ldbm/passwd.c @@ -38,8 +38,8 @@ ldbm_back_exop_passwd( struct berval id = { 0, NULL }; struct berval new = { 0, NULL }; - struct berval dn; - struct berval ndn; + struct berval dn = { 0, NULL }; + struct berval ndn = { 0, NULL }; assert( reqoid != NULL ); assert( strcmp( LDAP_EXOP_MODIFY_PASSWD, reqoid ) == 0 ); diff --git a/servers/slapd/dn.c b/servers/slapd/dn.c index 148d8155e9..af455b9dce 100644 --- a/servers/slapd/dn.c +++ b/servers/slapd/dn.c @@ -266,6 +266,11 @@ LDAPDN_rewrite( LDAPDN *dn, unsigned flags ) ava->la_attr = ad->ad_cname; if( ava->la_flags & LDAP_AVA_BINARY ) { + if( ava->la_value.bv_len == 0 ) { + /* BER encoding is empty */ + return LDAP_INVALID_SYNTAX; + } + /* AVA is binary encoded, don't muck with it */ validf = NULL; transf = NULL; diff --git a/servers/slapd/entry.c b/servers/slapd/entry.c index 8f3fa9ad02..efff35b379 100644 --- a/servers/slapd/entry.c +++ b/servers/slapd/entry.c @@ -524,7 +524,7 @@ int entry_encode(Entry *e, struct berval *bv) entry_putlen(&ptr, i); for (i=0; a->a_vals[i].bv_val; i++) { entry_putlen(&ptr, a->a_vals[i].bv_len); - memcpy(ptr, a->a_vals[i].bv_val, + AC_MEMCPY(ptr, a->a_vals[i].bv_val, a->a_vals[i].bv_len); ptr += a->a_vals[i].bv_len; *ptr++ = '\0'; @@ -537,7 +537,7 @@ int entry_encode(Entry *e, struct berval *bv) /* Retrieve an Entry that was stored using entry_encode above. * We malloc a single block with the size stored above for the Entry - * and all if its Attributes. We also must lookup the stored + * and all of its Attributes. We also must lookup the stored * attribute names to get AttributeDescriptions. To detect if the * attributes of an Entry are later modified, we note that e->e_attr * is always a constant offset from (e). diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c index 257689a1ef..df435683ae 100644 --- a/servers/slapd/sasl.c +++ b/servers/slapd/sasl.c @@ -349,13 +349,16 @@ sasl_ap_lookup( } a = attr_find( e->e_attrs, ad ); if ( !a ) continue; - if ( ! access_allowed( be, conn, op, e, ad, NULL, ACL_AUTH, NULL ) ) + if ( ! access_allowed( be, conn, op, e, ad, NULL, ACL_AUTH, NULL ) ) { continue; - if ( sl->list[i].values && ( sl->flags & SASL_AUXPROP_OVERRIDE ) ) - sl->sparams->utils->prop_erase( sl->sparams->propctx, sl->list[i].name ); + } + if ( sl->list[i].values && ( sl->flags & SASL_AUXPROP_OVERRIDE ) ) { + sl->sparams->utils->prop_erase( sl->sparams->propctx, + sl->list[i].name ); + } for ( bv = a->a_vals; bv->bv_val; bv++ ) { - sl->sparams->utils->prop_set( sl->sparams->propctx, sl->list[i].name, - bv->bv_val, bv->bv_len ); + sl->sparams->utils->prop_set( sl->sparams->propctx, + sl->list[i].name, bv->bv_val, bv->bv_len ); } } return LDAP_SUCCESS; diff --git a/servers/slapd/schema_check.c b/servers/slapd/schema_check.c index 6125db6811..a7b83d1637 100644 --- a/servers/slapd/schema_check.c +++ b/servers/slapd/schema_check.c @@ -845,15 +845,23 @@ entry_naming_check( snprintf( textbuf, textlen, "naming attribute '%s' is not present in entry", ava->la_attr.bv_val ); - rc = LDAP_NO_SUCH_ATTRIBUTE; + rc = LDAP_NAMING_VIOLATION; break; } + + if( ava->la_flags & LDAP_AVA_BINARY ) { + snprintf( textbuf, textlen, + "value of naming attribute '%s' in unsupported BER form", + ava->la_attr.bv_val ); + rc = LDAP_NAMING_VIOLATION; + } + if ( value_find( desc, attr->a_vals, &ava->la_value ) != 0 ) { snprintf( textbuf, textlen, "value of naming attribute '%s' is not present in entry", ava->la_attr.bv_val ); - rc = LDAP_NO_SUCH_ATTRIBUTE; + rc = LDAP_NAMING_VIOLATION; break; } } diff --git a/servers/slapd/slapd.conf b/servers/slapd/slapd.conf index 679cbbf936..5fcca2c1db 100644 --- a/servers/slapd/slapd.conf +++ b/servers/slapd/slapd.conf @@ -64,7 +64,8 @@ rootdn "cn=Manager,dc=my-domain,dc=com" # Use of strong authentication encouraged. rootpw secret # The database directory MUST exist prior to running slapd AND -# should only be accessible by the slapd/tools. Mode 700 recommended. +# should only be accessible by the slapd and slap tools. +# Mode 700 recommended. directory %LOCALSTATEDIR%/openldap-data # Indices to maintain index objectClass eq