From: Pierangelo Masarati Date: Sat, 25 Aug 2007 10:59:24 +0000 (+0000) Subject: import DN containment checks from HEAD X-Git-Tag: OPENLDAP_REL_ENG_2_3_39~48 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5eea3fe3054f34e91c72aaf4ad15e83363fa34c0;p=thirdparty%2Fopenldap.git import DN containment checks from HEAD --- diff --git a/servers/slapd/back-meta/config.c b/servers/slapd/back-meta/config.c index 6a00b5a99a..f737dc751c 100644 --- a/servers/slapd/back-meta/config.c +++ b/servers/slapd/back-meta/config.c @@ -111,13 +111,11 @@ meta_back_db_config( /* URI of server to query */ if ( strcasecmp( argv[ 0 ], "uri" ) == 0 ) { int i = mi->mi_ntargets; -#if 0 - int j; -#endif /* uncomment if uri MUST be a branch of suffix */ LDAPURLDesc *ludp, *tmpludp; struct berval dn; int rc; int c; + BackendDB *tmp_bd; metatarget_t *mt; @@ -280,26 +278,14 @@ meta_back_db_config( /* * uri MUST be a branch of suffix! */ -#if 0 /* too strict a constraint */ - if ( select_backend( &mt->mt_nsuffix, 0, 0 ) != be ) { - Debug( LDAP_DEBUG_ANY, - "%s: line %d: of URI does not refer to current backend" - " in \"uri ://[:port]/\" line\n", - fname, lineno, 0 ); - return 1; - } -#else - /* - * uri MUST be a branch of a suffix! - */ - if ( select_backend( &mt->mt_nsuffix, 0, 0 ) == NULL ) { + tmp_bd = select_backend( &mt->mt_nsuffix, 0, 0 ); + if ( tmp_bd == NULL || tmp_bd->be_private != be->be_private ) + { Debug( LDAP_DEBUG_ANY, - "%s: line %d: of URI does not resolve to a backend" - " in \"uri ://[:port]/\" line\n", + "%s: line %d: of URI does not resolve to this database.\n", fname, lineno, 0 ); return 1; } -#endif /* subtree-exclude */ } else if ( strcasecmp( argv[ 0 ], "subtree-exclude" ) == 0 ) { @@ -1238,7 +1224,7 @@ idassert-authzFrom "dn:" /* dn massaging */ } else if ( strcasecmp( argv[ 0 ], "suffixmassage" ) == 0 ) { - BackendDB *tmp_be; + BackendDB *tmp_bd; int i = mi->mi_ntargets - 1, rc; struct berval dn, nvnc, pvnc, nrnc, prnc; @@ -1270,17 +1256,17 @@ idassert-authzFrom "dn:" ber_str2bv( argv[ 1 ], 0, 0, &dn ); if ( dnPrettyNormal( NULL, &dn, &pvnc, &nvnc, NULL ) != LDAP_SUCCESS ) { Debug( LDAP_DEBUG_ANY, "%s: line %d: " - "suffix '%s' is invalid\n", + "suffix \"%s\" is invalid\n", fname, lineno, argv[ 1 ] ); return 1; } - tmp_be = select_backend( &nvnc, 0, 0 ); - if ( tmp_be != NULL && tmp_be != be ) { + tmp_bd = select_backend( &nvnc, 0, 0 ); + if ( tmp_bd != NULL && tmp_bd->be_private != be->be_private ) { Debug( LDAP_DEBUG_ANY, - "%s: line %d: suffix already in use by another backend in" - " \"suffixMassage \"\n", - fname, lineno, 0 ); + "%s: line %d: \"%s\" already in use by another database, in " + "\"suffixMassage \"\n", + fname, lineno, pvnc.bv_val ); free( pvnc.bv_val ); free( nvnc.bv_val ); return 1; @@ -1289,33 +1275,27 @@ idassert-authzFrom "dn:" ber_str2bv( argv[ 2 ], 0, 0, &dn ); if ( dnPrettyNormal( NULL, &dn, &prnc, &nrnc, NULL ) != LDAP_SUCCESS ) { Debug( LDAP_DEBUG_ANY, "%s: line %d: " - "massaged suffix '%s' is invalid\n", + "massaged suffix \"%s\" is invalid\n", fname, lineno, argv[ 2 ] ); free( pvnc.bv_val ); free( nvnc.bv_val ); return 1; } -#if 0 - tmp_be = select_backend( &nrnc, 0, 0 ); - if ( tmp_be != NULL ) { - Debug( LDAP_DEBUG_ANY, - "%s: line %d: massaged suffix already in use by another backend in" - " \"suffixMassage \"\n", - fname, lineno, 0 ); + tmp_bd = select_backend( &nrnc, 0, 0 ); + if ( tmp_bd != NULL && tmp_bd->be_private == be->be_private ) { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: warning: \"%s\" point to this database, in " + "\"suffixMassage \"\n", + fname, lineno, prnc.bv_val ); free( pvnc.bv_val ); free( nvnc.bv_val ); - free( prnc.bv_val ); - free( nrnc.bv_val ); - return 1; + return 1; } -#endif - + /* * The suffix massaging is emulated by means of the * rewrite capabilities - * FIXME: no extra rewrite capabilities should be added - * to the database */ rc = suffix_massage_config( mi->mi_targets[ i ]->mt_rwmap.rwm_rw, &pvnc, &nvnc, &prnc, &nrnc );