ldap/servers
by Richard Allen Megginson
ldap/servers/slapd/back-ldbm/instance.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit 2a0b622d1cce006712b10b278f78e78a68044548
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Wed Feb 1 19:50:00 2012 -0700
Ticket #55 - Limit of 1024 characters for nsMatchingRule
Bug Description: If the total length of all the nsMatchingRule attribute va
1024 characters, the remaining values will get truncated.
Fix Description: ENTRYRDN was changed to ENTRYDN - fixed
https://fedorahosted.org/389/ticket/55
diff --git a/ldap/servers/slapd/back-ldbm/instance.c b/ldap/servers/slapd/back-ldbm/instance.c
index dd8c673..6aa8212 100644
--- a/ldap/servers/slapd/back-ldbm/instance.c
+++ b/ldap/servers/slapd/back-ldbm/instance.c
@@ -207,7 +207,7 @@ int ldbm_instance_create_default_indexes(backend *be)
* ACL routines.
*/
if (entryrdn_get_switch()) { /* subtree-rename: on */
- e = ldbm_instance_init_config_entry(LDBM_ENTRYDN_STR,"subtree", 0, 0, 0);
+ e = ldbm_instance_init_config_entry(LDBM_ENTRYRDN_STR,"subtree", 0, 0, 0);
ldbm_instance_config_add_index_entry(inst, e, flags);
slapi_entry_free(e);
} else {
12 years, 3 months
ldap/servers
by Mark Reynolds
ldap/servers/slapd/bind.c | 3 +++
1 file changed, 3 insertions(+)
New commits:
commit a55c91ec4c706388971323ad26e6aa7fdd63b9db
Author: Mark Reynolds <mareynol(a)redhat.com>
Date: Wed Feb 1 17:05:30 2012 -0500
Ticket #39 - Account Policy Plugin does not work for simple binds when PAM Pass Through Auth plugin is enabled
Bug Description: The PAM plugin, if the bind was successful, aborts the pre and post op plugins.
This causes problems with post op plugins like Account Policy.
Fix Description: In do_bind(), still call the post op plugins even if the pre-op ones fail.
https://fedorahosted.org/389/ticket/39
diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c
index 1d860b6..4c3d25c 100644
--- a/ldap/servers/slapd/bind.c
+++ b/ldap/servers/slapd/bind.c
@@ -796,6 +796,9 @@ do_bind( Slapi_PBlock *pb )
slapi_pblock_set( pb, SLAPI_PLUGIN_OPRETURN, &rc );
plugin_call_plugins( pb, SLAPI_PLUGIN_POST_BIND_FN );
+ } else {
+ /* even though preop failed, we should still call the post-op plugins */
+ plugin_call_plugins( pb, SLAPI_PLUGIN_POST_BIND_FN );
}
} else {
send_ldap_result( pb, LDAP_UNWILLING_TO_PERFORM, NULL,
12 years, 3 months
ldap/servers
by Richard Allen Megginson
ldap/servers/plugins/replication/repl5_replica.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
New commits:
commit 9fd4e09ce45822507993fcb9a35f77327a4a1fc9
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Wed Feb 1 14:01:52 2012 -0700
Ticket #13 - slapd process exits when put the database on read only mode while updates are coming to the server
https://fedorahosted.org/389/ticket/13
Resolves: Ticket #13
Bug Description: slapd process exits when put the database on read only mode while updates are coming to the server
Reviewed by: mreynolds (Thanks!)
Branch: master
Fix Description: Make the log level REPL instead of FATAL - get rid of the
assert
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c
index 8c7a2ab..db8d5be 100644
--- a/ldap/servers/plugins/replication/repl5_replica.c
+++ b/ldap/servers/plugins/replication/repl5_replica.c
@@ -2361,11 +2361,10 @@ replica_write_ruv (Replica *r)
{
char ebuf[BUFSIZ];
- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
"replica_write_ruv: failed to update RUV tombstone for %s; "
"LDAP error - %d\n",
escape_string(slapi_sdn_get_dn(r->repl_root),ebuf), rc);
- PR_ASSERT (0);
}
PR_Unlock(r->repl_lock);
12 years, 3 months
man/man1 man/man8
by Richard Allen Megginson
man/man1/cl-dump.1 | 18 +++++++++---------
man/man1/dbgen.pl.1 | 4 ++--
man/man1/infadd.1 | 8 ++++----
man/man1/migratecred.1 | 6 +++---
man/man1/mmldif.1 | 4 ++--
man/man1/pwdhash.1 | 4 ++--
man/man1/repl-monitor.1 | 16 ++++++++--------
man/man8/ns-slapd.8 | 10 +++++-----
man/man8/remove-ds.pl.8 | 6 +++---
man/man8/setup-ds.pl.8 | 4 ++--
10 files changed, 40 insertions(+), 40 deletions(-)
New commits:
commit 19f290d9aee5337f915c6b34d9e50687a17b4f48
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Wed Feb 1 13:13:58 2012 -0700
Ticket #87 - Manpages fixes
https://fedorahosted.org/389/ticket/87
Resolves: Ticket #87
Bug Description: Manpages fixes
Reviewed by: mareynol (Thanks!)
Branch: master
Fix Description: Some hyphenation fixes that cause problems on some platforms.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
diff --git a/man/man1/cl-dump.1 b/man/man1/cl-dump.1
index 7a35aa2..68c541f 100644
--- a/man/man1/cl-dump.1
+++ b/man/man1/cl-dump.1
@@ -19,12 +19,12 @@
cl-dump \- Dump and decode Directory Server replication change log
.SH SYNOPSIS
.B cl\-dump
-[\fI-h host\fR] [\fI-p port\fR] [\fI-D bind-dn\fR] -w bind-password | -P bind-cert
- [\fI-r replica-roots\fR] [\fI-o output-file\fR] [\fI-c\fR] [\fI-v\fR]
+[\fI\-h host\fR] [\fI\-p port\fR] [\fI\-D bind\(hydn\fR] \-w bind\(hypassword | \-P bind\(hycert
+ [\fI\-r replica\(hyroots\fR] [\fI\-o output\(hyfile\fR] [\fI\-c\fR] [\fI\-v\fR]
.PP
.B cl\-dump
-\-i changelog\-ldif\-file\-with\-base64encoding [\fI\-o output\-file\fR] [\fI\-c\fR]
+\-i changelog\(hyldif\(hyfile\(hywith\(hybase64encoding [\fI\-o output\(hyfile\fR] [\fI\-c\fR]
.PP
.SH DESCRIPTION
Dump and decode Directory Server replication change log
@@ -37,7 +37,7 @@ A summary of options is included below.
.TP
.B \-c
Dump and interpret CSN only. This option can be used with or
-without -i option.
+without \-i option.
.TP
.B \-D bind\-dn
Directory server's bind DN. Default to "cn=Directory Manager" if
@@ -47,21 +47,21 @@ the option is omitted.
Directory server's host. Default to the server where the script
is running.
.TP
-.B \-i changelog\-ldif\-file\-with\-base64encoding
+.B \-i changelog\(hyldif\(hyfile\(hywith\(hybase64encoding
If you already have a ldif-like changelog, but the changes
in that file are encoded, you may use this option to
decode that ldif-like changelog.
.TP
-.B \-o output\-file
+.B \-o output\(hyfile
Path name for the final result. Default to STDOUT if omitted.
.TP
.B \-p port
Directory server's port. Default to 389.
.TP
-.B \-P bind\-cert
+.B \-P bind\(hycert
Pathname of binding certificate DB
.TP
-.B \-r replica\-roots
+.B \-r replica\(hyroots
Specify replica roots whose changelog you want to dump. The replica
roots may be separated by comma. All the replica roots would be
dumped if the option is omitted.
@@ -69,7 +69,7 @@ dumped if the option is omitted.
.B \-v
Print the version of this script.
.TP
-.B \-w bind\-password
+.B \-w bind\(hypassword
Password for the bind DN
.SH RESTRICTIONS
If you are not using \-i option, the script should be run when the server
diff --git a/man/man1/dbgen.pl.1 b/man/man1/dbgen.pl.1
index c53f2c8..efebb84 100644
--- a/man/man1/dbgen.pl.1
+++ b/man/man1/dbgen.pl.1
@@ -19,7 +19,7 @@
dbgen.pl \- Random LDIF database creator
.SH SYNOPSIS
.B dbgen.pl
-[\fIOPTIONS\fR] -o output_file -n number
+[\fIOPTIONS\fR] \-o output_file \-n number
.SH DESCRIPTION
Random LDIF database creator. Used to generate large LDIF files
for use in testing the Directory Server.
@@ -81,4 +81,4 @@ for the Debian project (but may be used by others).
This is free software. You may redistribute copies of it under the terms of
the Directory Server license found in the LICENSE file of this
software distribution. This license is essentially the GNU General Public
-License version 2 with an exception for plug-in distribution.
+License version 2 with an exception for plug\(hyin distribution.
diff --git a/man/man1/infadd.1 b/man/man1/infadd.1
index 36aa9c8..32570d7 100644
--- a/man/man1/infadd.1
+++ b/man/man1/infadd.1
@@ -19,7 +19,7 @@
infadd \- infinite additions to LDAP server
.SH SYNOPSIS
.B infadd
-\fI-s suffix -u bindDN -w password \fR[\fIoptions\fR]
+\fI\-s suffix \-u bindDN \-w password \fR[\fIoptions\fR]
.SH DESCRIPTION
infadd is used
to measure performance of the add operation. It can
@@ -38,13 +38,13 @@ port (default: 389)
number of threads to spin (default: 1)
.TP
.B \-d
-use TCP no\-delay
+use TCP no\(hydelay
.TP
.B \-q
quiet mode (no status updates)
.TP
.B \-v
-verbose mode (give per\-thread statistics)
+verbose mode (give per\(hythread statistics)
.TP
.B \-I num
first uid (default: 0)
@@ -79,4 +79,4 @@ for the Debian project (but may be used by others).
This is free software. You may redistribute copies of it under the terms of
the Directory Server license found in the LICENSE file of this
software distribution. This license is essentially the GNU General Public
-License version 2 with an exception for plug-in distribution.
+License version 2 with an exception for plug\(hyin distribution.
diff --git a/man/man1/migratecred.1 b/man/man1/migratecred.1
index d849ea1..3cc8232 100644
--- a/man/man1/migratecred.1
+++ b/man/man1/migratecred.1
@@ -20,7 +20,7 @@ migratecred \- Migrate credentials from one instance of Directory Server
to another
.SH SYNOPSIS
.B migratecred
--o OldInstancePath -n NewInstancePath -c OldCredential [\fI-p NewPluginPath\fR]
+\-o OldInstancePath \-n NewInstancePath \-c OldCredential [\fI\-p NewPluginPath\fR]
.SH DESCRIPTION
migratecred migrates credentials from one Directory Server instance to the other.
@@ -30,7 +30,7 @@ New plugin path defaults to [\fBlibdir\fP/dirsrv/plugins] if not given
.\" \fI<whatever>\fP escape sequences to invode bold face and italics,
.\" respectively.
\fBmigratecred\fP is a program that migrates credentials used for
-replication and chaining - that is, the password used by the server
+replication and chaining. That is the password used by the server
to perform the simple BIND operation for server to server communications.
.SH OPTIONS
A summary of options is included below:
@@ -62,4 +62,4 @@ for the Debian project (but may be used by others).
This is free software. You may redistribute copies of it under the terms of
the Directory Server license found in the LICENSE file of this
software distribution. This license is essentially the GNU General Public
-License version 2 with an exception for plug-in distribution.
+License version 2 with an exception for plug\(hyin distribution.
diff --git a/man/man1/mmldif.1 b/man/man1/mmldif.1
index 672accf..77aae9c 100644
--- a/man/man1/mmldif.1
+++ b/man/man1/mmldif.1
@@ -19,7 +19,7 @@
mmldif \- mmldif util
.SH SYNOPSIS
.B mmldif
-[-c] [-D] [-o out.ldif] in1.ldif in2.ldif ...
+[\-c] [\-D] [\-o out.ldif] in1.ldif in2.ldif ...
.SH DESCRIPTION
This manual page documents briefly the
@@ -58,4 +58,4 @@ for the Debian project (but may be used by others).
This is free software. You may redistribute copies of it under the terms of
the Directory Server license found in the LICENSE file of this
software distribution. This license is essentially the GNU General Public
-License version 2 with an exception for plug-in distribution.
+License version 2 with an exception for plug\(hyin distribution.
diff --git a/man/man1/pwdhash.1 b/man/man1/pwdhash.1
index 6014732..5b2d7d4 100644
--- a/man/man1/pwdhash.1
+++ b/man/man1/pwdhash.1
@@ -19,7 +19,7 @@
pwdhash \- Generator of password hashes
.SH SYNOPSIS
.B pwdhash
-[\fI-D config-dir\fR] [\fI-H\fR] [\fI-s scheme | -c comparepwd\fR] password
+[\fI\-D config\(hydir\fR] [\fI\-H\fR] [\fI\-s scheme | \-c comparepwd\fR] password
.PP
.SH DESCRIPTION
Generates password hashes which can also be used in LDIF password fields.
@@ -59,4 +59,4 @@ for the Debian project (but may be used by others).
This is free software. You may redistribute copies of it under the terms of
the Directory Server license found in the LICENSE file of this
software distribution. This license is essentially the GNU General Public
-License version 2 with an exception for plug-in distribution.
+License version 2 with an exception for plug\(hyin distribution.
diff --git a/man/man1/repl-monitor.1 b/man/man1/repl-monitor.1
index e9abebd..424550e 100644
--- a/man/man1/repl-monitor.1
+++ b/man/man1/repl-monitor.1
@@ -18,13 +18,13 @@
.SH NAME
repl-monitor \- Directory Server replication monitor
.SH SYNOPSIS
-.B repl-monitor
--f configuration-file [\fI-h host\fR] [\fI-p port\fR] [\fI-r\fR]
-[\fI-u refresh-url\fR] [\fI-t refresh-interval\fR] [\fI-v\fR]
+.B repl\(hymonitor
+\-f configuration\(hyfile [\fI\(hyh host\fR] [\fI\-p port\fR] [\fI\-r\fR]
+[\fI\-u refresh\(hyurl\fR] [\fI\-t refresh\(hyinterval\fR] [\fI\-v\fR]
.SH DESCRIPTION
Outputs the status of all of the configured Directory Servers
-participating in replication. The servers to query for status
+participating in replication. The servers to query for status
are specified in the configuration file.
.PP
.\" TeX users may be more comfortable with the \fB<whatever>\fP and
@@ -39,16 +39,16 @@ Hostname of DS server
.B \-p port
TCP port
.TP
-.B \-f configuration\-file
+.B \-f configuration\(hyfile
Configuration file
.TP
.B \-r
Removes extra HTML tags
.TP
-.B \-u refresh\-url
+.B \-u refresh\(hyurl
Refresh url
.TP
-.B \-t refresh\-interval
+.B \-t refresh\(hyinterval
Refresh interval
.br
.SH AUTHOR
@@ -66,4 +66,4 @@ for the Debian project (but may be used by others).
This is free software. You may redistribute copies of it under the terms of
the Directory Server license found in the LICENSE file of this
software distribution. This license is essentially the GNU General Public
-License version 2 with an exception for plug-in distribution.
+License version 2 with an exception for plug\(hyin distribution.
diff --git a/man/man8/ns-slapd.8 b/man/man8/ns-slapd.8
index fb1386a..2f88281 100644
--- a/man/man8/ns-slapd.8
+++ b/man/man8/ns-slapd.8
@@ -16,12 +16,12 @@
.\" .sp <n> insert n+1 empty lines
.\" for manpage-specific macros, see man(7)
.SH NAME
-ns-slapd \- The main Directory Server daemon
+ns\(hyslapd \- The main Directory Server daemon
.SH SYNOPSIS
.B ns-slapd
--D configdir [\fI-d debuglevel\fR] [\fI-i pidlogfile\fR] [\fI-v\fR] [\fI-V\fR]
+\-D configdir [\fI\-d debuglevel\fR] [\fI\-i pidlogfile\fR] [\fI\-v\fR] [\fI\-V\fR]
.SH DESCRIPTION
-ns-slapd launches the LDAP Directory Server
+ns\(hyslapd launches the LDAP Directory Server
.PP
.\" TeX users may be more comfortable with the \fB<whatever>\fP and
.\" \fI<whatever>\fP escape sequences to invode bold face and italics,
@@ -34,7 +34,7 @@ Show version of program.
.TP
.B \-D configdir
Specifies the configuration directory pointing at the instance
-to be started (e.g. /etc/dirsrv/slapd-localhost)
+to be started (e.g. /etc/dirsrv/slapd\(hylocalhost)
.TP
.B \-d debuglevel
Specifies the debuglevel to be used
@@ -57,4 +57,4 @@ for the Debian project (but may be used by others).
This is free software. You may redistribute copies of it under the terms of
the Directory Server license found in the LICENSE file of this
software distribution. This license is essentially the GNU General Public
-License version 2 with an exception for plug-in distribution.
+License version 2 with an exception for plug\(hyin distribution.
diff --git a/man/man8/remove-ds.pl.8 b/man/man8/remove-ds.pl.8
index e8e322a..3bcf1e0 100644
--- a/man/man8/remove-ds.pl.8
+++ b/man/man8/remove-ds.pl.8
@@ -37,10 +37,10 @@ A summary of options is included below:
Force removal
.TP
.B \fB\-d\fR
-Enable debugging - adding more -d will make output more verbose
+Enable debugging: adding more \-d will make output more verbose
.TP
.B \fB\-i\fR \fIinstance\fR
-The full name of the instance to remove (e.g. slapd-example)
+The full name of the instance to remove (e.g. slapd\(hyexample)
.br
.SH AUTHOR
remove-ds.pl was written by the 389 Project.
@@ -52,4 +52,4 @@ Copyright \(co 2009 Red Hat, Inc.
This is free software. You may redistribute copies of it under the terms of
the Directory Server license found in the LICENSE file of this
software distribution. This license is essentially the GNU General Public
-License version 2 with an exception for plug-in distribution.
+License version 2 with an exception for plug\(hyin distribution.
diff --git a/man/man8/setup-ds.pl.8 b/man/man8/setup-ds.pl.8
index e7eccc3..6c326a4 100644
--- a/man/man8/setup-ds.pl.8
+++ b/man/man8/setup-ds.pl.8
@@ -56,7 +56,7 @@ Do not delete the temporary .inf file generated by this program
Log setup messages to this file \- otherwise, a temp file will be used
.TP
.B \fB\-\-update\fR
-Update existing installations - add/update schema files, add/change configuration, add new instance scripts, etc. You must run setup-ds.pl -u after upgrading your packages. You will usually have to restart your servers in order for all of the changes to take effect (e.g. adding/changing plug-in configuration), so schedule this when you can afford a little downtime.
+Update existing installations \- add/update schema files, add/change configuration, add new instance scripts, etc. You must run setup-ds.pl \-u after upgrading your packages. You will usually have to restart your servers in order for all of the changes to take effect (e.g. adding/changing plug-in configuration), so schedule this when you can afford a little downtime.
.TP
.B \fB\-\-continue\fR
(Update only) Keep going even if errors occur. You will usually not need to use this option unless your installation is broken and you need to force it to update in order to fix it.
@@ -79,7 +79,7 @@ or
.PP
Values passed in this manner will override values in an .inf file given with the \fB\-f\fR argument.
.SH UPDATES
-The update process (setup-ds.pl -u) can work in one of two modes:
+The update process (setup-ds.pl \-u) can work in one of two modes:
\fBOnline\fR: Configuration changes are made to the running directory servers
using LDAP. The operations must be performed as an administrative
12 years, 3 months
ldap/servers
by Richard Allen Megginson
ldap/servers/slapd/tools/ldclt/ldapfct.c | 5 ++---
ldap/servers/slapd/tools/ldclt/threadMain.c | 3 ++-
2 files changed, 4 insertions(+), 4 deletions(-)
New commits:
commit c493fb4f7526760aee6aa17edd8dbec9738c6749
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Wed Feb 1 11:55:24 2012 -0700
fix a couple of minor coverity issues
12432 Copy into fixed size buffer
In msgIdAdd(): A source buffer of statically unknown size is copied into a fixed size destination buffer
12428 Copy into fixed size buffer
In doDeleteEntry(): A source buffer of statically unknown size is copied into a fixed size destination buffer
Reviewed by: mreynold (Thanks!)
diff --git a/ldap/servers/slapd/tools/ldclt/ldapfct.c b/ldap/servers/slapd/tools/ldclt/ldapfct.c
index 76fc9c2..6e66764 100644
--- a/ldap/servers/slapd/tools/ldclt/ldapfct.c
+++ b/ldap/servers/slapd/tools/ldclt/ldapfct.c
@@ -3668,9 +3668,8 @@ doDeleteEntry (
*/
if (buildRandomRdnOrFilter (tttctx) < 0)
return (-1);
- strcpy (delDn, tttctx->bufFilter);
- strcat (delDn, ",");
- strcat (delDn, tttctx->bufBaseDN);
+ snprintf (delDn, sizeof(delDn), "%s,%s", tttctx->bufFilter, tttctx->bufBaseDN);
+ delDn[sizeof(delDn)-1] = '\0';
ret = ldap_delete_ext (tttctx->ldapCtx, delDn, NULL, NULL, &msgid);
if (ret < 0)
diff --git a/ldap/servers/slapd/tools/ldclt/threadMain.c b/ldap/servers/slapd/tools/ldclt/threadMain.c
index 1d2ed59..a335b19 100644
--- a/ldap/servers/slapd/tools/ldclt/threadMain.c
+++ b/ldap/servers/slapd/tools/ldclt/threadMain.c
@@ -626,7 +626,8 @@ msgIdAdd (
*/
tttctx->lastMsgId->next = NULL;
tttctx->lastMsgId->msgid = msgid;
- strcpy (tttctx->lastMsgId->str, str);
+ strncpy (tttctx->lastMsgId->str, str, sizeof(tttctx->lastMsgId->str));
+ tttctx->lastMsgId->str[sizeof(tttctx->lastMsgId->str)-1] = '\0';
strncpy (tttctx->lastMsgId->dn, dn, sizeof(tttctx->lastMsgId->dn));
tttctx->lastMsgId->dn[sizeof(tttctx->lastMsgId->dn)-1] = '\0';
tttctx->lastMsgId->attribs = attribs;
12 years, 3 months
ldap/servers
by Mark Reynolds
ldap/servers/slapd/back-ldbm/instance.c | 131 ++--
ldap/servers/slapd/back-ldbm/ldbm_attr.c | 330 +++++------
ldap/servers/slapd/back-ldbm/ldbm_config.h | 3
ldap/servers/slapd/back-ldbm/ldbm_index_config.c | 681 ++++-------------------
ldap/servers/slapd/back-ldbm/ldif2ldbm.c | 39 -
ldap/servers/slapd/back-ldbm/proto-back-ldbm.h | 2
6 files changed, 399 insertions(+), 787 deletions(-)
New commits:
commit 094709a7bb0d8598095c19bd8c2ed76a61090961
Author: Mark Reynolds <mareynol(a)redhat.com>
Date: Wed Feb 1 14:39:16 2012 -0500
Ticket #55 - Limit of 1024 characters for nsMatchingRule
Bug Description: If the total length of all the nsMatchingRule attribute values in an index, exceeds
1024 characters, the remaining values will get truncated.
Fix Description: Previously there was static buffer of 1024 chars. The reason for creating the buffer
was to comply with some older code. Where we needed to take slapi attrs, and
convert them into comma separated lists. I changed the code to just use the slapi attrs
instead of comma separated lists. Thus removing all the static buffers in this area of
the code.
I also, removed some unneccessary loops that were checking for muliple cn values. This
was not neccessary. However removing the loop caused a lot of indentation changes,
which makes the diff quite long.
https://fedorahosted.org/389/ticket/55
Thanks for the review Rich!
diff --git a/ldap/servers/slapd/back-ldbm/instance.c b/ldap/servers/slapd/back-ldbm/instance.c
index 0217e96..dd8c673 100644
--- a/ldap/servers/slapd/back-ldbm/instance.c
+++ b/ldap/servers/slapd/back-ldbm/instance.c
@@ -44,7 +44,7 @@
/* Forward declarations */
static void ldbm_instance_destructor(void **arg);
-
+Slapi_Entry *ldbm_instance_init_config_entry(char *cn_val, char *v1, char *v2, char *v3, char *v4);
/* Creates and initializes a new ldbm_instance structure.
@@ -148,13 +148,54 @@ done:
return rc;
}
+/*
+ * Take a bunch of strings, and create a index config entry
+ */
+Slapi_Entry *
+ldbm_instance_init_config_entry(char *cn_val, char *val1, char *val2, char *val3, char *val4){
+ Slapi_Entry *e = slapi_entry_alloc();
+ struct berval *vals[2];
+ struct berval val;
+
+ vals[0] = &val;
+ vals[1] = NULL;
+
+ slapi_entry_set_dn(e,slapi_ch_strdup("cn=indexContainer"));
+
+ val.bv_val = cn_val;
+ val.bv_len = strlen(cn_val);
+ slapi_entry_add_values(e,"cn",vals);
+
+ val.bv_val = val1;
+ val.bv_len = strlen(val1);
+ slapi_entry_add_values(e,"nsIndexType",vals);
+
+ if(val2){
+ val.bv_val = val2;
+ val.bv_len = strlen(val2);
+ slapi_entry_add_values(e,"nsIndexType",vals);
+ }
+ if(val3){
+ val.bv_val = val3;
+ val.bv_len = strlen(val3);
+ slapi_entry_add_values(e,"nsIndexType",vals);
+ }
+ if(val4){
+ val.bv_val = val4;
+ val.bv_len = strlen(val4);
+ slapi_entry_add_values(e,"nsIndexType",vals);
+ }
+
+ return e;
+}
+
/* create the default indexes separately
* (because when we're creating a new backend while the server is running,
* the DSE needs to be pre-seeded first.)
*/
int ldbm_instance_create_default_indexes(backend *be)
{
- char *argv[ 9 ];
+ Slapi_Entry *e;
ldbm_instance *inst = (ldbm_instance *)be->be_instance_info;
/* write the dse file only on the final index */
int flags = LDBM_INSTANCE_CONFIG_DONT_WRITE;
@@ -166,76 +207,64 @@ int ldbm_instance_create_default_indexes(backend *be)
* ACL routines.
*/
if (entryrdn_get_switch()) { /* subtree-rename: on */
- argv[ 0 ] = LDBM_ENTRYRDN_STR;
- argv[ 1 ] = "subtree";
- argv[ 2 ] = NULL;
- ldbm_instance_config_add_index_entry(inst, 2, argv, flags);
+ e = ldbm_instance_init_config_entry(LDBM_ENTRYDN_STR,"subtree", 0, 0, 0);
+ ldbm_instance_config_add_index_entry(inst, e, flags);
+ slapi_entry_free(e);
} else {
- argv[ 0 ] = LDBM_ENTRYDN_STR;
- argv[ 1 ] = "eq";
- argv[ 2 ] = NULL;
- ldbm_instance_config_add_index_entry(inst, 2, argv, flags);
+ e = ldbm_instance_init_config_entry(LDBM_ENTRYDN_STR,"eq", 0, 0, 0);
+ ldbm_instance_config_add_index_entry(inst, e, flags);
+ slapi_entry_free(e);
}
- argv[ 0 ] = LDBM_PARENTID_STR;
- argv[ 1 ] = "eq";
- argv[ 2 ] = NULL;
- ldbm_instance_config_add_index_entry(inst, 2, argv, flags);
+ e = ldbm_instance_init_config_entry(LDBM_PARENTID_STR,"eq", 0, 0, 0);
+ ldbm_instance_config_add_index_entry(inst, e, flags);
+ slapi_entry_free(e);
- argv[ 0 ] = "objectclass";
- argv[ 1 ] = "eq";
- argv[ 2 ] = NULL;
- ldbm_instance_config_add_index_entry(inst, 2, argv, flags);
+ e = ldbm_instance_init_config_entry("objectclass","eq", 0, 0, 0);
+ ldbm_instance_config_add_index_entry(inst, e, flags);
+ slapi_entry_free(e);
- argv[ 0 ] = "aci";
- argv[ 1 ] = "pres";
- argv[ 2 ] = NULL;
- ldbm_instance_config_add_index_entry(inst, 2, argv, flags);
+ e = ldbm_instance_init_config_entry("aci","pres", 0, 0, 0);
+ ldbm_instance_config_add_index_entry(inst, e, flags);
+ slapi_entry_free(e);
#if 0 /* don't need copiedfrom */
- argv[ 0 ] = "copiedfrom";
- argv[ 1 ] = "pres";
- argv[ 2 ] = NULL;
- ldbm_instance_config_add_index_entry(inst, 2, argv, flags);
+ e = ldbm_instance_init_config_entry("copiedfrom","pres",0 ,0);
+ ldbm_instance_config_add_index_entry(inst, e, flags);
+ slapi_entry_free(e);
#endif
- argv[ 0 ] = LDBM_NUMSUBORDINATES_STR;
- argv[ 1 ] = "pres";
- argv[ 2 ] = NULL;
- ldbm_instance_config_add_index_entry(inst, 2, argv, flags);
+ e = ldbm_instance_init_config_entry(LDBM_NUMSUBORDINATES_STR,"pres", 0, 0, 0);
+ ldbm_instance_config_add_index_entry(inst, e, flags);
+ slapi_entry_free(e);
- argv[ 0 ] = SLAPI_ATTR_UNIQUEID;
- argv[ 1 ] = "eq";
- argv[ 2 ] = NULL;
- ldbm_instance_config_add_index_entry(inst, 2, argv, flags);
+ e = ldbm_instance_init_config_entry(SLAPI_ATTR_UNIQUEID,"eq", 0, 0, 0);
+ ldbm_instance_config_add_index_entry(inst, e, flags);
+ slapi_entry_free(e);
/* For MMR, we need this attribute (to replace use of dncomp in delete). */
- argv[ 0 ] = ATTR_NSDS5_REPLCONFLICT;
- argv[ 1 ] = "eq,pres";
- argv[ 2 ] = NULL;
- ldbm_instance_config_add_index_entry(inst, 2, argv, flags);
+ e = ldbm_instance_init_config_entry(ATTR_NSDS5_REPLCONFLICT,"eq", "pres", 0, 0);
+ ldbm_instance_config_add_index_entry(inst, e, flags);
+ slapi_entry_free(e);
/* write the dse file only on the final index */
- argv[ 0 ] = SLAPI_ATTR_NSCP_ENTRYDN;
- argv[ 1 ] = "eq";
- argv[ 2 ] = NULL;
- ldbm_instance_config_add_index_entry(inst, 2, argv, 0);
-
- argv[ 0 ] = LDBM_PSEUDO_ATTR_DEFAULT;
- argv[ 1 ] = "none";
- argv[ 2 ] = NULL;
+ e = ldbm_instance_init_config_entry(SLAPI_ATTR_NSCP_ENTRYDN,"eq", 0, 0, 0);
+ ldbm_instance_config_add_index_entry(inst, e, flags);
+ slapi_entry_free(e);
+
/* ldbm_instance_config_add_index_entry(inst, 2, argv); */
- attr_index_config( be, "ldbm index init", 0, 2, argv, 1 );
+ e = ldbm_instance_init_config_entry(LDBM_PSEUDO_ATTR_DEFAULT,"none", 0, 0, 0);
+ attr_index_config( be, "ldbm index init", 0, e, 1, 0 );
+ slapi_entry_free(e);
if (!entryrdn_get_noancestorid()) {
/*
* ancestorid is special, there is actually no such attr type
* but we still want to use the attr index file APIs.
*/
- argv[ 0 ] = LDBM_ANCESTORID_STR;
- argv[ 1 ] = "eq";
- argv[ 2 ] = NULL;
- attr_index_config( be, "ldbm index init", 0, 2, argv, 1 );
+ e = ldbm_instance_init_config_entry(LDBM_ANCESTORID_STR,"eq", 0, 0, 0);
+ attr_index_config( be, "ldbm index init", 0, e, 1, 0 );
+ slapi_entry_free(e);
}
return 0;
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_attr.c b/ldap/servers/slapd/back-ldbm/ldbm_attr.c
index d09413f..63be423 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_attr.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_attr.c
@@ -171,64 +171,65 @@ attr_index_config(
backend *be,
char *fname,
int lineno,
- int argc,
- char **argv,
- int init
+ Slapi_Entry *e,
+ int init,
+ int indextype_none
)
{
ldbm_instance *inst = (ldbm_instance *) be->be_instance_info;
- int i, j;
- char **attrs = NULL;
- char **indexes = NULL;
- char **index_rules = NULL;
+ int j = 0;
struct attrinfo *a;
int return_value = -1;
int *substrlens = NULL;
-
- if ((argc == 0) || (argv == NULL)) {
+ int need_compare_fn = 0;
+ int hasIndexType = 0;
+ const char *attrsyntax_oid = NULL;
+ const struct berval *attrValue;
+ Slapi_Value *sval;
+ Slapi_Attr *attr;
+ int mr_count = 0;
+
+ /* Get the cn */
+ if (0 == slapi_entry_attr_find(e, "cn", &attr)) {
+ slapi_attr_first_value(attr, &sval);
+ attrValue = slapi_value_get_berval(sval);
+ } else {
LDAPDebug(LDAP_DEBUG_ANY, "attr_index_config: Missing indexing arguments\n", 0, 0, 0);
- goto done;
- }
-
- attrs = slapi_str2charray( argv[0], "," );
- if ( argc > 1 ) {
- indexes = slapi_str2charray( argv[1], "," );
- if ( argc > 2 ) {
- index_rules = slapi_str2charray( argv[2], "," );
- }
- }
-
- if (!indexes) {
- LDAPDebug(LDAP_DEBUG_ANY, "attr_index_config: Missing index\n", 0, 0, 0);
- goto done;
+ return;
}
- for ( i = 0; attrs[i] != NULL; i++ ) {
- int need_compare_fn = 0;
- const char *attrsyntax_oid = NULL;
- a = attrinfo_new();
- slapi_attr_init(&a->ai_sattr, attrs[i]);
- /* we can't just set a->ai_type to the type from a->ai_sattr
- if the type has attroptions or subtypes, ai_sattr.a_type will
- contain them - but for the purposes of indexing, we don't want
- them */
- a->ai_type = slapi_attr_basetype( attrs[i], NULL, 0 );
- attrsyntax_oid = attr_get_syntax_oid(&a->ai_sattr);
- a->ai_indexmask = 0;
- for ( j = 0; indexes[j] != NULL; j++ ) {
- if ( strncasecmp( indexes[j], "pres", 4 ) == 0 ) {
+ a = attrinfo_new();
+ slapi_attr_init(&a->ai_sattr, attrValue->bv_val);
+ /*
+ * we can't just set a->ai_type to the type from a->ai_sattr
+ * if the type has attroptions or subtypes, ai_sattr.a_type will
+ * contain them - but for the purposes of indexing, we don't want them
+ */
+ a->ai_type = slapi_attr_basetype( attrValue->bv_val, NULL, 0 );
+ attrsyntax_oid = attr_get_syntax_oid(&a->ai_sattr);
+ a->ai_indexmask = 0;
+
+ if(indextype_none){
+ /* This is the same has having none for indexType, but applies to the whole entry */
+ a->ai_indexmask = INDEX_OFFLINE;
+ } else {
+ slapi_entry_attr_find(e, "nsIndexType", &attr);
+ for (j = slapi_attr_first_value(attr, &sval); j != -1;j = slapi_attr_next_value(attr, j, &sval)) {
+ hasIndexType = 1;
+ attrValue = slapi_value_get_berval(sval);
+ if ( strncasecmp( attrValue->bv_val, "pres", 4 ) == 0 ) {
a->ai_indexmask |= INDEX_PRESENCE;
- } else if ( strncasecmp( indexes[j], "eq", 2 ) == 0 ) {
+ } else if ( strncasecmp( attrValue->bv_val, "eq", 2 ) == 0 ) {
a->ai_indexmask |= INDEX_EQUALITY;
- } else if ( strncasecmp( indexes[j], "approx", 6 ) == 0 ) {
+ } else if ( strncasecmp( attrValue->bv_val, "approx", 6 ) == 0 ) {
a->ai_indexmask |= INDEX_APPROX;
- } else if ( strncasecmp( indexes[j], "subtree", 7 ) == 0 ) {
+ } else if ( strncasecmp( attrValue->bv_val, "subtree", 7 ) == 0 ) {
/* subtree should be located before "sub" */
a->ai_indexmask |= INDEX_SUBTREE;
a->ai_dup_cmp_fn = entryrdn_compare_dups;
- } else if ( strncasecmp( indexes[j], "sub", 3 ) == 0 ) {
+ } else if ( strncasecmp( attrValue->bv_val, "sub", 3 ) == 0 ) {
a->ai_indexmask |= INDEX_SUB;
- } else if ( strncasecmp( indexes[j], "none", 4 ) == 0 ) {
+ } else if ( strncasecmp( attrValue->bv_val, "none", 4 ) == 0 ) {
if ( a->ai_indexmask != 0 ) {
LDAPDebug(LDAP_DEBUG_ANY,
"%s: line %d: index type \"none\" cannot be combined with other types\n",
@@ -238,77 +239,86 @@ attr_index_config(
} else {
LDAPDebug(LDAP_DEBUG_ANY,
"%s: line %d: unknown index type \"%s\" (ignored)\n",
- fname, lineno, indexes[j]);
+ fname, lineno, attrValue->bv_val);
LDAPDebug(LDAP_DEBUG_ANY,
"valid index types are \"pres\", \"eq\", \"approx\", or \"sub\"\n",
0, 0, 0);
}
}
+ if(hasIndexType == 0){
+ /* indexType missing, error out */
+ LDAPDebug(LDAP_DEBUG_ANY, "attr_index_config: Missing index type\n", 0, 0, 0);
+ return;
+ }
+ }
- /* compute a->ai_index_rules: */
- /* for index rules there are two uses:
- * 1) a simple way to define an ordered index to support <= and >= searches
- * for those attributes which do not have an ORDERING matching rule defined
- * for them in their schema definition. The index generated is not a :RULE:
- * index, it is a normal = EQUALITY index, with the keys ordered using the
- * comparison function provided by the syntax plugin for the attribute. For
- * example - the uidNumber attribute has INTEGER syntax, but the standard
- * definition of the attribute does not specify an ORDERING matching rule.
- * By default, this means that you cannot perform searches like
- * (uidNumber>=501) - but many users expect to be able to perform this type of
- * search. By specifying that you want an ordered index, using an integer
- * matching rule, you can support indexed seaches of this type.
- * 2) a RULE index - the index key prefix is :NAMEOROID: - this is used
- * to support extensible match searches like (cn:fr-CA.3:=gilles), which would
- * find the index key :fr-CA.3:gilles in the cn index.
- * We check first to see if this is a simple ordered index - user specified an
- * ordering matching rule compatible with the attribute syntax, and there is
- * a compare function. If not, we assume it is a RULE index definition.
- */
- j = 0;
- if (index_rules != NULL) for (; index_rules[j] != NULL; ++j);
- if (j > 0) { /* there are some candidates */
- char** official_rules =
- (char**)slapi_ch_malloc ((j + 1) * sizeof (char*));
- size_t k = 0;
- for (j = 0; index_rules[j] != NULL; ++j) {
- /* Check that index_rules[j] is an official OID */
- char* officialOID = NULL;
- IFP mrINDEX = NULL;
- Slapi_PBlock* pb = NULL;
- int do_continue = 0; /* can we skip the RULE parsing stuff? */
-
- if (strstr(index_rules[j], INDEX_ATTR_SUBSTRBEGIN)) {
- _set_attr_substrlen(INDEX_SUBSTRBEGIN, index_rules[j],
- &substrlens);
- do_continue = 1; /* done with j - next j */
- } else if (strstr(index_rules[j], INDEX_ATTR_SUBSTRMIDDLE)) {
- _set_attr_substrlen(INDEX_SUBSTRMIDDLE, index_rules[j],
- &substrlens);
- do_continue = 1; /* done with j - next j */
- } else if (strstr(index_rules[j], INDEX_ATTR_SUBSTREND)) {
- _set_attr_substrlen(INDEX_SUBSTREND, index_rules[j],
- &substrlens);
- do_continue = 1; /* done with j - next j */
- /* check if this is a simple ordering specification
- for an attribute that has no ordering matching rule */
- } else if (slapi_matchingrule_is_ordering(index_rules[j], attrsyntax_oid) &&
- slapi_matchingrule_can_use_compare_fn(index_rules[j]) &&
- !a->ai_sattr.a_mr_ord_plugin) { /* no ordering for this attribute */
- need_compare_fn = 1; /* get compare func for this attr */
- do_continue = 1; /* done with j - next j */
- }
+ /* compute a->ai_index_rules: */
+ /* for index rules there are two uses:
+ * 1) a simple way to define an ordered index to support <= and >= searches
+ * for those attributes which do not have an ORDERING matching rule defined
+ * for them in their schema definition. The index generated is not a :RULE:
+ * index, it is a normal = EQUALITY index, with the keys ordered using the
+ * comparison function provided by the syntax plugin for the attribute. For
+ * example - the uidNumber attribute has INTEGER syntax, but the standard
+ * definition of the attribute does not specify an ORDERING matching rule.
+ * By default, this means that you cannot perform searches like
+ * (uidNumber>=501) - but many users expect to be able to perform this type of
+ * search. By specifying that you want an ordered index, using an integer
+ * matching rule, you can support indexed seaches of this type.
+ * 2) a RULE index - the index key prefix is :NAMEOROID: - this is used
+ * to support extensible match searches like (cn:fr-CA.3:=gilles), which would
+ * find the index key :fr-CA.3:gilles in the cn index.
+ * We check first to see if this is a simple ordered index - user specified an
+ * ordering matching rule compatible with the attribute syntax, and there is
+ * a compare function. If not, we assume it is a RULE index definition.
+ */
- if (do_continue) {
- continue; /* done with index_rules[j] */
- }
+ if(0 == slapi_entry_attr_find(e, "nsMatchingRule", &attr)){
+ char** official_rules;
+ size_t k = 0;
+
+ /* Get a count and allocate an array for the official matching rules */
+ slapi_attr_get_numvalues(attr, &mr_count);
+ official_rules = (char**)slapi_ch_malloc ((mr_count + 1) * sizeof (char*));
+
+ for (j = slapi_attr_first_value(attr, &sval); j != -1;j = slapi_attr_next_value(attr, j, &sval)) {
+ /* Check that index_rules[j] is an official OID */
+ char* officialOID = NULL;
+ IFP mrINDEX = NULL;
+ Slapi_PBlock* pb = NULL;
+ int do_continue = 0; /* can we skip the RULE parsing stuff? */
+ attrValue = slapi_value_get_berval(sval);
+
+ if (strstr(attrValue->bv_val, INDEX_ATTR_SUBSTRBEGIN)) {
+ _set_attr_substrlen(INDEX_SUBSTRBEGIN, attrValue->bv_val, &substrlens);
+ do_continue = 1; /* done with j - next j */
+ } else if (strstr(attrValue->bv_val, INDEX_ATTR_SUBSTRMIDDLE)) {
+ _set_attr_substrlen(INDEX_SUBSTRMIDDLE, attrValue->bv_val, &substrlens);
+ do_continue = 1; /* done with j - next j */
+ } else if (strstr(attrValue->bv_val, INDEX_ATTR_SUBSTREND)) {
+ _set_attr_substrlen(INDEX_SUBSTREND, attrValue->bv_val, &substrlens);
+ do_continue = 1; /* done with j - next j */
+ /* check if this is a simple ordering specification
+ for an attribute that has no ordering matching rule */
+ } else if (slapi_matchingrule_is_ordering(attrValue->bv_val, attrsyntax_oid) &&
+ slapi_matchingrule_can_use_compare_fn(attrValue->bv_val) &&
+ !a->ai_sattr.a_mr_ord_plugin) { /* no ordering for this attribute */
+ need_compare_fn = 1; /* get compare func for this attr */
+ do_continue = 1; /* done with j - next j */
+ }
+
+ if (do_continue) {
+ continue; /* done with index_rules[j] */
+ }
- /* must be a RULE specification */
- pb = slapi_pblock_new();
- /* next check if this is a RULE type index
- try to actually create an indexer and see if the indexer
- actually has a regular INDEX_FN or an INDEX_SV_FN */
- if (!slapi_pblock_set (pb, SLAPI_PLUGIN_MR_OID, index_rules[j]) &&
+ /* must be a RULE specification */
+ pb = slapi_pblock_new();
+ /*
+ * next check if this is a RULE type index
+ * try to actually create an indexer and see if the indexer
+ * actually has a regular INDEX_FN or an INDEX_SV_FN
+ */
+ if (!slapi_pblock_set (pb, SLAPI_PLUGIN_MR_OID, attrValue->bv_val) &&
!slapi_pblock_set (pb, SLAPI_PLUGIN_MR_TYPE, a->ai_type) &&
!slapi_mr_indexer_create (pb) &&
((!slapi_pblock_get (pb, SLAPI_PLUGIN_MR_INDEX_FN, &mrINDEX) &&
@@ -317,76 +327,70 @@ attr_index_config(
mrINDEX != NULL)) &&
!slapi_pblock_get (pb, SLAPI_PLUGIN_MR_OID, &officialOID) &&
officialOID != NULL) {
- if (!strcasecmp (index_rules[j], officialOID)) {
- official_rules[k++] = slapi_ch_strdup (officialOID);
- } else {
- char* preamble = slapi_ch_smprintf("%s: line %d", fname, lineno);
- LDAPDebug (LDAP_DEBUG_ANY, "%s: use \"%s\" instead of \"%s\" (ignored)\n",
- preamble, officialOID, index_rules[j] );
- slapi_ch_free((void**)&preamble);
- }
- } else { /* we don't know what this is */
- LDAPDebug (LDAP_DEBUG_ANY, "%s: line %d: "
- "unknown or invalid matching rule \"%s\" in index configuration (ignored)\n",
- fname, lineno, index_rules[j] );
- }
- {/* It would improve speed to save the indexer, for future use.
- But, for simplicity, we destroy it now: */
- IFP mrDESTROY = NULL;
- if (!slapi_pblock_get (pb, SLAPI_PLUGIN_DESTROY_FN, &mrDESTROY) &&
- mrDESTROY != NULL) {
- mrDESTROY (pb);
- }
+ if (!strcasecmp (attrValue->bv_val, officialOID)) {
+ official_rules[k++] = slapi_ch_strdup (officialOID);
+ } else {
+ char* preamble = slapi_ch_smprintf("%s: line %d", fname, lineno);
+ LDAPDebug (LDAP_DEBUG_ANY, "%s: use \"%s\" instead of \"%s\" (ignored)\n",
+ preamble, officialOID, attrValue->bv_val);
+ slapi_ch_free((void**)&preamble);
}
- slapi_pblock_destroy (pb);
+ } else { /* we don't know what this is */
+ LDAPDebug (LDAP_DEBUG_ANY, "%s: line %d: "
+ "unknown or invalid matching rule \"%s\" in index configuration (ignored)\n",
+ fname, lineno, attrValue->bv_val);
}
- official_rules[k] = NULL;
- a->ai_substr_lens = substrlens;
- if (k > 0) {
- a->ai_index_rules = official_rules;
- a->ai_indexmask |= INDEX_RULES;
- } else {
- slapi_ch_free((void**)&official_rules);
+
+ { /*
+ * It would improve speed to save the indexer, for future use.
+ * But, for simplicity, we destroy it now:
+ */
+ IFP mrDESTROY = NULL;
+ if (!slapi_pblock_get (pb, SLAPI_PLUGIN_DESTROY_FN, &mrDESTROY) &&
+ mrDESTROY != NULL) {
+ mrDESTROY (pb);
+ }
}
+ slapi_pblock_destroy (pb);
}
+ official_rules[k] = NULL;
+ a->ai_substr_lens = substrlens;
+ if (k > 0) {
+ a->ai_index_rules = official_rules;
+ a->ai_indexmask |= INDEX_RULES;
+ } else {
+ slapi_ch_free((void**)&official_rules);
+ }
+ }
- /* initialize the IDL code's private data */
- return_value = idl_init_private(be, a);
- if (0 != return_value) {
- /* fatal error, exit */
- LDAPDebug(LDAP_DEBUG_ANY,"%s: line %d:Fatal Error: Failed to initialize attribute structure\n",
+ /* initialize the IDL code's private data */
+ return_value = idl_init_private(be, a);
+ if (0 != return_value) {
+ /* fatal error, exit */
+ LDAPDebug(LDAP_DEBUG_ANY,"%s: line %d:Fatal Error: Failed to initialize attribute structure\n",
fname, lineno, 0);
- exit( 1 );
- }
+ exit( 1 );
+ }
- /* if user didn't specify an ordering rule in the index config,
- see if the schema def for the attr defines one */
- if (!need_compare_fn && a->ai_sattr.a_mr_ord_plugin) {
- need_compare_fn = 1;
- }
+ /* if user didn't specify an ordering rule in the index config,
+ see if the schema def for the attr defines one */
+ if (!need_compare_fn && a->ai_sattr.a_mr_ord_plugin) {
+ need_compare_fn = 1;
+ }
- if (need_compare_fn) {
- int rc = attr_get_value_cmp_fn( &a->ai_sattr, &a->ai_key_cmp_fn );
- if (rc != LDAP_SUCCESS) {
- LDAPDebug(LDAP_DEBUG_ANY,
+ if (need_compare_fn) {
+ int rc = attr_get_value_cmp_fn( &a->ai_sattr, &a->ai_key_cmp_fn );
+ if (rc != LDAP_SUCCESS) {
+ LDAPDebug(LDAP_DEBUG_ANY,
"The attribute [%s] does not have a valid ORDERING matching rule - error %d:s\n",
a->ai_type, rc, ldap_err2string(rc));
- a->ai_key_cmp_fn = NULL;
- }
- }
-
- if ( avl_insert( &inst->inst_attrs, a, ainfo_cmp, ainfo_dup ) != 0 ) {
- /* duplicate - existing version updated */
- attrinfo_delete(&a);
+ a->ai_key_cmp_fn = NULL;
}
}
-done:
- charray_free( attrs );
- if ( indexes != NULL ) {
- charray_free( indexes );
- }
- if ( index_rules != NULL ) {
- charray_free( index_rules );
+
+ if ( avl_insert( &inst->inst_attrs, a, ainfo_cmp, ainfo_dup ) != 0 ) {
+ /* duplicate - existing version updated */
+ attrinfo_delete(&a);
}
}
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_config.h b/ldap/servers/slapd/back-ldbm/ldbm_config.h
index e41b623..36b8f60 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_config.h
+++ b/ldap/servers/slapd/back-ldbm/ldbm_config.h
@@ -170,8 +170,7 @@ int ldbm_config_ignored_attr(char *attr_name);
/* Functions in ldbm_instance_config.c used in ldbm_config.c */
int ldbm_instance_config_load_dse_info(ldbm_instance *inst);
-int ldbm_instance_config_add_index_entry(ldbm_instance *inst, int argc,
- char **argv, int flags);
+int ldbm_instance_config_add_index_entry(ldbm_instance *inst, Slapi_Entry *e, int flags);
int
ldbm_instance_index_config_enable_index(ldbm_instance *inst, Slapi_Entry* e);
int ldbm_instance_create_default_user_indexes(ldbm_instance *inst);
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_index_config.c b/ldap/servers/slapd/back-ldbm/ldbm_index_config.c
index aa47584..2775785 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_index_config.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_index_config.c
@@ -51,103 +51,14 @@
int ldbm_instance_index_config_add_callback(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e, int *returncode, char *returntext, void *arg);
int ldbm_instance_index_config_delete_callback(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e, int *returncode, char *returntext, void *arg);
+#define INDEXTYPE_NONE 1
-
-
-
-/* attrinfo2ConfIndexes: converts attrinfo into "pres,eq,sub,approx"
- * as seen in index entries within dse.ldif
- */
-static char *attrinfo2ConfIndexes (struct attrinfo *pai)
-{
- char buffer[128];
-
- buffer[0] = '\0';
- if (!(IS_INDEXED( pai->ai_indexmask ))) { /* skip if no index */
- strcat (buffer, "none");
- }
-
- if (pai->ai_indexmask & INDEX_PRESENCE) {
- if (strlen (buffer)) {
- strcat (buffer, ",");
- }
- strcat (buffer, "pres");
- }
- if (pai->ai_indexmask & INDEX_EQUALITY) {
- if (strlen (buffer)) {
- strcat (buffer, ",");
- }
- strcat (buffer, "eq");
- }
- if (pai->ai_indexmask & INDEX_APPROX) {
- if (strlen(buffer)) {
- strcat (buffer, ",");
- }
- strcat (buffer, "approx");
- }
- if (pai->ai_indexmask & INDEX_SUB) {
- if (strlen (buffer)) {
- strcat (buffer, ",");
- }
- strcat (buffer, "sub");
- }
- if (entryrdn_get_switch()) { /* subtree-rename: on */
- if (pai->ai_indexmask & INDEX_SUBTREE) {
- if (strlen (buffer)) {
- strcat (buffer, ",");
- }
- strcat (buffer, "subtree");
- }
- }
-
- return (slapi_ch_strdup (buffer) );
-}
-
-
-/* attrinfo2ConfMatchingRules: converts attrinfo into matching rule oids, as
- * seen in index entries within dse.ldif
- */
-static char *attrinfo2ConfMatchingRules (struct attrinfo *pai)
-{
- int i;
- char buffer[1024];
-
- buffer[0] = '\0';
-
- if (pai->ai_index_rules) {
- strcat (buffer, "\t");
- for (i = 0; pai->ai_index_rules[i]; i++) {
- PL_strcatn (buffer, sizeof(buffer), pai->ai_index_rules[i]);
- if (pai->ai_index_rules[i+1]) {
- PL_strcatn (buffer, sizeof(buffer), ",");
- }
- }
- }
- return (slapi_ch_strdup (buffer) );
-}
-
-
-/* used by the two callbacks below, to parse an index entry into something
- * awkward that we can pass to attr_index_config().
- */
-#define MAX_TMPBUF 1024
-#define ZCAT_SAFE(_buf, _x1, _x2) do { \
- if (strlen(_buf) + strlen(_x1) + strlen(_x2) + 2 < MAX_TMPBUF) { \
- strcat(_buf, _x1); \
- strcat(_buf, _x2); \
- } \
-} while (0)
static int ldbm_index_parse_entry(ldbm_instance *inst, Slapi_Entry *e,
- const char *trace_string,
- char **index_name)
+ const char *trace_string, char **index_name)
{
- char *arglist[] = { NULL, NULL, NULL, NULL };
- int argc = 0, i;
- int isFirst;
Slapi_Attr *attr;
const struct berval *attrValue;
Slapi_Value *sval;
- char tmpBuf[MAX_TMPBUF];
/* Get the name of the attribute to index which will be the value
* of the cn attribute. */
@@ -159,127 +70,34 @@ static int ldbm_index_parse_entry(ldbm_instance *inst, Slapi_Entry *e,
slapi_attr_first_value(attr, &sval);
attrValue = slapi_value_get_berval(sval);
- if (NULL == attrValue->bv_val || 0 == strlen(attrValue->bv_val)) {
+ if (NULL == attrValue->bv_val || 0 == attrValue->bv_len) {
LDAPDebug(LDAP_DEBUG_ANY,
"Warning: malformed index entry %s -- empty index name\n",
- slapi_entry_get_dn(e), 0, 0);
+ slapi_entry_get_dn(e), 0, 0);
return LDAP_OPERATIONS_ERROR;
}
- arglist[argc++] = slapi_ch_strdup(attrValue->bv_val);
- if (index_name != NULL) {
- *index_name = slapi_ch_strdup(attrValue->bv_val);
+
+ if(index_name != NULL){
+ *index_name = slapi_ch_strdup(attrValue->bv_val);
}
- /* Get the list of index types from the entry. */
+ /* check and see if we have the required indexType */
if (0 == slapi_entry_attr_find(e, "nsIndexType", &attr)) {
- tmpBuf[0] = 0;
- isFirst = 1;
- for (i = slapi_attr_first_value(attr, &sval); i != -1;
- i = slapi_attr_next_value(attr, i, &sval)) {
- attrValue = slapi_value_get_berval(sval);
- if (NULL != attrValue->bv_val && strlen(attrValue->bv_val) > 0) {
- if (isFirst) {
- ZCAT_SAFE(tmpBuf, "", attrValue->bv_val);
- isFirst = 0;
- } else {
- ZCAT_SAFE(tmpBuf, ",", attrValue->bv_val);
- }
- }
- }
- if (0 == tmpBuf[0]) {
+ slapi_attr_first_value(attr, &sval);
+ attrValue = slapi_value_get_berval(sval);
+ if (NULL == attrValue->bv_val || attrValue->bv_len == 0) {
+ /* missing the index type, error out */
LDAPDebug(LDAP_DEBUG_ANY,
"Warning: malformed index entry %s -- empty nsIndexType\n",
slapi_entry_get_dn(e), 0, 0);
slapi_ch_free_string(index_name);
- for (i = 0; i < argc; i++) {
- slapi_ch_free((void **)&arglist[i]);
- }
return LDAP_OPERATIONS_ERROR;
}
- arglist[argc++] = slapi_ch_strdup(tmpBuf);
- }
-
- tmpBuf[0] = 0;
- /* Get the list of matching rules from the entry. */
- if (0 == slapi_entry_attr_find(e, "nsMatchingRule", &attr)) {
- for (i = slapi_attr_first_value(attr, &sval); i != -1;
- i = slapi_attr_next_value(attr, i, &sval)) {
- attrValue = slapi_value_get_berval(sval);
- if (NULL != attrValue->bv_val && strlen(attrValue->bv_val) > 0) {
- if (0 == tmpBuf[0]) {
- ZCAT_SAFE(tmpBuf, "", attrValue->bv_val);
- } else {
- ZCAT_SAFE(tmpBuf, ",", attrValue->bv_val);
- }
- }
- }
- }
-
- /* Get the substr begin length. note: pick the first value. */
- if (0 == slapi_entry_attr_find(e, INDEX_ATTR_SUBSTRBEGIN, &attr)) {
- i = slapi_attr_first_value(attr, &sval);
- if (-1 != i) {
- attrValue = slapi_value_get_berval(sval);
- if (NULL != attrValue->bv_val && strlen(attrValue->bv_val) > 0) {
- if (0 == tmpBuf[0]) {
- PR_snprintf(tmpBuf, MAX_TMPBUF, "%s=%s",
- INDEX_ATTR_SUBSTRBEGIN, attrValue->bv_val);
- } else {
- int tmpbuflen = strlen(tmpBuf);
- char *p = tmpBuf + tmpbuflen;
- PR_snprintf(p, MAX_TMPBUF - tmpbuflen, ",%s=%s",
- INDEX_ATTR_SUBSTRBEGIN, attrValue->bv_val);
- }
- }
- }
}
- /* Get the substr middle length. note: pick the first value. */
- if (0 == slapi_entry_attr_find(e, INDEX_ATTR_SUBSTRMIDDLE, &attr)) {
- i = slapi_attr_first_value(attr, &sval);
- if (-1 != i) {
- attrValue = slapi_value_get_berval(sval);
- if (NULL != attrValue->bv_val && strlen(attrValue->bv_val) > 0) {
- if (0 == tmpBuf[0]) {
- PR_snprintf(tmpBuf, MAX_TMPBUF, "%s=%s",
- INDEX_ATTR_SUBSTRMIDDLE, attrValue->bv_val);
- } else {
- int tmpbuflen = strlen(tmpBuf);
- char *p = tmpBuf + tmpbuflen;
- PR_snprintf(p, MAX_TMPBUF - tmpbuflen, ",%s=%s",
- INDEX_ATTR_SUBSTRMIDDLE, attrValue->bv_val);
- }
- }
- }
- }
-
- /* Get the substr end length. note: pick the first value. */
- if (0 == slapi_entry_attr_find(e, INDEX_ATTR_SUBSTREND, &attr)) {
- i = slapi_attr_first_value(attr, &sval);
- if (-1 != i) {
- attrValue = slapi_value_get_berval(sval);
- if (NULL != attrValue->bv_val && strlen(attrValue->bv_val) > 0) {
- if (0 == tmpBuf[0]) {
- PR_snprintf(tmpBuf, MAX_TMPBUF, "%s=%s",
- INDEX_ATTR_SUBSTREND, attrValue->bv_val);
- } else {
- int tmpbuflen = strlen(tmpBuf);
- char *p = tmpBuf + tmpbuflen;
- PR_snprintf(p, MAX_TMPBUF - tmpbuflen, ",%s=%s",
- INDEX_ATTR_SUBSTREND, attrValue->bv_val);
- }
- }
- }
- }
- if (0 != tmpBuf[0]) {
- arglist[argc++] = slapi_ch_strdup(tmpBuf);
- }
+ /* ok the entry is good to process, pass it to attr_index_config */
+ attr_index_config(inst->inst_be, (char *)trace_string, 0, e, 0, 0);
- arglist[argc] = NULL;
- attr_index_config(inst->inst_be, (char *)trace_string, 0, argc, arglist, 0);
- for (i = 0; i < argc; i++) {
- slapi_ch_free((void **)&arglist[i]);
- }
return LDAP_SUCCESS;
}
@@ -294,8 +112,7 @@ ldbm_index_init_entry_callback(Slapi_PBlock *pb, Slapi_Entry* e, Slapi_Entry* en
ldbm_instance *inst = (ldbm_instance *) arg;
returntext[0] = '\0';
- *returncode = ldbm_index_parse_entry(inst, e, "from ldbm instance init",
- NULL);
+ *returncode = ldbm_index_parse_entry(inst, e, "from ldbm instance init", NULL);
if (*returncode == LDAP_SUCCESS) {
return SLAPI_DSE_CALLBACK_OK;
} else {
@@ -318,16 +135,15 @@ ldbm_instance_index_config_add_callback(Slapi_PBlock *pb, Slapi_Entry* e, Slapi_
*returncode = ldbm_index_parse_entry(inst, e, "from DSE add", &index_name);
if (*returncode == LDAP_SUCCESS) {
struct attrinfo *ai = NULL;
-
/* if the index is a "system" index, we assume it's being added by
* by the server, and it's okay for the index to go online immediately.
* if not, we set the index "offline" so it won't actually be used
* until someone runs db2index on it.
*/
if (! ldbm_attribute_always_indexed(index_name)) {
- ainfo_get(inst->inst_be, index_name, &ai);
- PR_ASSERT(ai != NULL);
- ai->ai_indexmask |= INDEX_OFFLINE;
+ ainfo_get(inst->inst_be, index_name, &ai);
+ PR_ASSERT(ai != NULL);
+ ai->ai_indexmask |= INDEX_OFFLINE;
}
slapi_ch_free((void **)&index_name);
return SLAPI_DSE_CALLBACK_OK;
@@ -343,11 +159,9 @@ int
ldbm_instance_index_config_delete_callback(Slapi_PBlock *pb, Slapi_Entry* e, Slapi_Entry* entryAfter, int *returncode, char *returntext, void *arg)
{
ldbm_instance *inst = (ldbm_instance *) arg;
- char *arglist[4];
Slapi_Attr *attr;
Slapi_Value *sval;
const struct berval *attrValue;
- int argc = 0;
int rc = SLAPI_DSE_CALLBACK_OK;
struct attrinfo *ainfo = NULL;
@@ -358,15 +172,9 @@ ldbm_instance_index_config_delete_callback(Slapi_PBlock *pb, Slapi_Entry* e, Sla
slapi_attr_first_value(attr, &sval);
attrValue = slapi_value_get_berval(sval);
- arglist[argc++] = slapi_ch_strdup(attrValue->bv_val);
- arglist[argc++] = slapi_ch_strdup("none");
- arglist[argc] = NULL;
- attr_index_config(inst->inst_be, "From DSE delete", 0, argc, arglist, 0);
- slapi_ch_free((void **)&arglist[0]);
- slapi_ch_free((void **)&arglist[1]);
+ attr_index_config(inst->inst_be, "From DSE delete", 0, e, 0, INDEXTYPE_NONE);
ainfo_get(inst->inst_be, attrValue->bv_val, &ainfo);
-
if (NULL == ainfo) {
*returncode = LDAP_UNAVAILABLE;
rc = SLAPI_DSE_CALLBACK_ERROR;
@@ -394,325 +202,139 @@ ldbm_instance_index_config_modify_callback(Slapi_PBlock *pb, Slapi_Entry *e,
Slapi_Value *sval;
const struct berval *attrValue;
struct attrinfo *ainfo = NULL;
- LDAPMod **mods;
- char *arglist[4] = {0};
- char *config_attr;
- char *origIndexTypes = NULL;
- char *origMatchingRules = NULL;
- char **origIndexTypesArray = NULL;
- char **origMatchingRulesArray = NULL;
- char **addIndexTypesArray = NULL;
- char **addMatchingRulesArray = NULL;
- char **deleteIndexTypesArray = NULL;
- char **deleteMatchingRulesArray = NULL;
- int i, j;
- int dodeletes = 0;
- char tmpBuf[MAX_TMPBUF];
- int rc = SLAPI_DSE_CALLBACK_OK;
returntext[0] = '\0';
*returncode = LDAP_SUCCESS;
- slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &mods);
- slapi_entry_attr_find(e, "cn", &attr);
+ if(slapi_entry_attr_find(entryAfter, "cn", &attr) != 0){
+ LDAPDebug(LDAP_DEBUG_ANY,
+ "Warning: malformed index entry %s - missing cn attribute\n",
+ slapi_entry_get_dn(entryAfter), 0, 0);
+ *returncode = LDAP_OBJECT_CLASS_VIOLATION;
+ return SLAPI_DSE_CALLBACK_ERROR;
+ }
slapi_attr_first_value(attr, &sval);
attrValue = slapi_value_get_berval(sval);
- ainfo_get(inst->inst_be, attrValue->bv_val, &ainfo);
- if (NULL == ainfo) {
- rc = SLAPI_DSE_CALLBACK_ERROR;
- goto out;
- }
-
- origIndexTypes = attrinfo2ConfIndexes(ainfo);
- if (NULL == origIndexTypes) {
- rc = SLAPI_DSE_CALLBACK_ERROR;
- goto out;
- }
-
- origMatchingRules = attrinfo2ConfMatchingRules(ainfo);
- if (NULL == origMatchingRules) {
- rc = SLAPI_DSE_CALLBACK_ERROR;
- goto out;
- }
-
- origIndexTypesArray = slapi_str2charray(origIndexTypes, ",");
- if (NULL == origIndexTypesArray) {
- rc = SLAPI_DSE_CALLBACK_ERROR;
- goto out;
- }
-
- origMatchingRulesArray = slapi_str2charray(origMatchingRules, ",");
- if (NULL == origMatchingRulesArray) {
- rc = SLAPI_DSE_CALLBACK_ERROR;
- goto out;
- }
-
- for (i = 0; mods[i] != NULL; i++) {
- config_attr = (char *)mods[i]->mod_type;
-
- if (strcasecmp(config_attr, "nsIndexType") == 0) {
- if (SLAPI_IS_MOD_ADD(mods[i]->mod_op)) {
- for (j = 0; mods[i]->mod_bvalues[j] != NULL; j++) {
- charray_add(&addIndexTypesArray,
- slapi_ch_strdup(mods[i]->mod_bvalues[j]->bv_val));
- }
- continue;
- }
- if (SLAPI_IS_MOD_DELETE(mods[i]->mod_op)) {
- if ((mods[i]->mod_bvalues == NULL) ||
- (mods[i]->mod_bvalues[0] == NULL)) {
- if (deleteIndexTypesArray) {
- charray_free(deleteIndexTypesArray);
- }
- deleteIndexTypesArray = charray_dup(origIndexTypesArray);
- } else {
- for (j = 0; mods[i]->mod_bvalues[j] != NULL; j++) {
- charray_add(&deleteIndexTypesArray,
- slapi_ch_strdup(mods[i]->mod_bvalues[j]->bv_val));
- }
- }
- continue;
- }
- }
- if (strcasecmp(config_attr, "nsMatchingRule") == 0) {
- if (SLAPI_IS_MOD_ADD(mods[i]->mod_op)) {
- for (j = 0; mods[i]->mod_bvalues[j] != NULL; j++) {
- charray_add(&addMatchingRulesArray,
- slapi_ch_strdup(mods[i]->mod_bvalues[j]->bv_val));
- }
- continue;
- }
- if (SLAPI_IS_MOD_DELETE(mods[i]->mod_op)) {
- if ((mods[i]->mod_bvalues == NULL) ||
- (mods[i]->mod_bvalues[0] == NULL)) {
- if (deleteMatchingRulesArray) {
- charray_free(deleteMatchingRulesArray);
- }
- deleteMatchingRulesArray = charray_dup(origMatchingRulesArray);
- } else {
- for (j = 0; mods[i]->mod_bvalues[j] != NULL; j++) {
- charray_add(&deleteMatchingRulesArray,
- slapi_ch_strdup(mods[i]->mod_bvalues[j]->bv_val));
- }
- }
- continue;
- }
- }
- }
-
- /* create the new set of index types */
- if (deleteIndexTypesArray) {
- for (i = 0; origIndexTypesArray[i] != NULL; i++) {
- if (charray_inlist(deleteIndexTypesArray,
- origIndexTypesArray[i])) {
- slapi_ch_free((void **)&(origIndexTypesArray[i]));
- dodeletes = 1;
- if (origIndexTypesArray[i+1] != NULL) {
- for (j = i+1; origIndexTypesArray[j] != NULL; j++) {
- origIndexTypesArray[j-1] = origIndexTypesArray[j];
- }
- origIndexTypesArray[j-1] = NULL;
- i--;
- }
- }
- }
- }
-
- if (addIndexTypesArray) {
- for (i = 0; addIndexTypesArray[i] != NULL; i++) {
- if (!charray_inlist(origIndexTypesArray, addIndexTypesArray[i])) {
- charray_add(&origIndexTypesArray,
- slapi_ch_strdup(addIndexTypesArray[i]));
- }
- }
- }
-
- if (deleteMatchingRulesArray) {
- for (i = 0; origMatchingRulesArray[i] != NULL; i++) {
- if (charray_inlist(deleteMatchingRulesArray,
- origMatchingRulesArray[i])) {
- slapi_ch_free((void **)&(origMatchingRulesArray[i]));
- dodeletes = 1;
- if (origMatchingRulesArray[i+1] != NULL) {
- for (j = i+1; origMatchingRulesArray[j] != NULL; j++) {
- origMatchingRulesArray[j-1] = origMatchingRulesArray[j];
- }
- origMatchingRulesArray[j-1] = NULL;
- i--;
- }
- }
- }
- }
-
- if (addMatchingRulesArray) {
- for (i = 0; addMatchingRulesArray[i] != NULL; i++) {
- if (!charray_inlist(origMatchingRulesArray,
- addMatchingRulesArray[i])) {
- charray_add(&origMatchingRulesArray,
- slapi_ch_strdup(addMatchingRulesArray[i]));
- }
- }
- }
-
- if (dodeletes) {
- i = 0;
- arglist[i++] = slapi_ch_strdup(attrValue->bv_val);
- arglist[i++] = slapi_ch_strdup("none");
- arglist[i] = NULL;
- attr_index_config(inst->inst_be, "from DSE modify", 0, i, arglist, 0);
-
- /* Free args */
- slapi_ch_free((void **)&arglist[0]);
- slapi_ch_free((void **)&arglist[1]);
- }
-
- i = 0;
- arglist[i++] = slapi_ch_strdup(attrValue->bv_val);
- if (origIndexTypesArray && origIndexTypesArray[0]) {
- tmpBuf[0] = 0;
- ZCAT_SAFE(tmpBuf, "", origIndexTypesArray[0]);
- for (j = 1; origIndexTypesArray[j] != NULL; j++) {
- ZCAT_SAFE(tmpBuf, ",", origIndexTypesArray[j]);
- }
- arglist[i++] = slapi_ch_strdup(tmpBuf);
- } else {
- arglist[i++] = slapi_ch_strdup("none");
+ if (NULL == attrValue->bv_val || 0 == attrValue->bv_len) {
+ LDAPDebug(LDAP_DEBUG_ANY,
+ "Warning: malformed index entry %s, missing index name\n",
+ slapi_entry_get_dn(e), 0, 0);
+ *returncode = LDAP_UNWILLING_TO_PERFORM;
+ return SLAPI_DSE_CALLBACK_ERROR;
}
- if (origMatchingRulesArray && origMatchingRulesArray[0]) {
- tmpBuf[0] = 0;
- ZCAT_SAFE(tmpBuf, "", origMatchingRulesArray[0]);
- for (j = 1; origMatchingRulesArray[j] != NULL; j++) {
- ZCAT_SAFE(tmpBuf, ",", origMatchingRulesArray[j]);
- }
- arglist[i++] = slapi_ch_strdup(tmpBuf);
+ ainfo_get(inst->inst_be, attrValue->bv_val, &ainfo);
+ if (NULL == ainfo) {
+ LDAPDebug(LDAP_DEBUG_ANY,
+ "Warning: malformed index entry %s - missing cn attribute info\n",
+ slapi_entry_get_dn(e), 0, 0);
+ *returncode = LDAP_UNWILLING_TO_PERFORM;
+ return SLAPI_DSE_CALLBACK_ERROR;
}
- arglist[i] = NULL;
- attr_index_config(inst->inst_be, "from DSE modify", 0, i, arglist, 0);
-
-out:
- /* Free args */
- for (i=0; arglist[i]; i++) {
- slapi_ch_free((void **)&arglist[i]);
+ if(slapi_entry_attr_find(entryAfter, "nsIndexType", &attr) != 0){
+ LDAPDebug(LDAP_DEBUG_ANY,
+ "Warning: malformed index entry %s - missing nsIndexType attribute\n",
+ slapi_entry_get_dn(entryAfter), 0, 0);
+ *returncode = LDAP_OBJECT_CLASS_VIOLATION;
+ return SLAPI_DSE_CALLBACK_ERROR;
}
- if(origIndexTypesArray) {
- charray_free(origIndexTypesArray);
- }
- if(origMatchingRulesArray) {
- charray_free(origMatchingRulesArray);
- }
- if(addIndexTypesArray) {
- charray_free(addIndexTypesArray);
- }
- if(deleteIndexTypesArray) {
- charray_free(deleteIndexTypesArray);
- }
- if(addMatchingRulesArray) {
- charray_free(addMatchingRulesArray);
- }
- if(deleteMatchingRulesArray) {
- charray_free(deleteMatchingRulesArray);
- }
- if (origIndexTypes) {
- slapi_ch_free ((void **)&origIndexTypes);
- }
- if (origMatchingRules) {
- slapi_ch_free ((void **)&origMatchingRules);
- }
+ attr_index_config(inst->inst_be, "from DSE modify", 0, entryAfter, 0, 0);
- return rc;
+ return SLAPI_DSE_CALLBACK_OK;
}
/* add index entries to the per-instance DSE (used only from instance.c) */
int ldbm_instance_config_add_index_entry(
ldbm_instance *inst,
- int argc,
- char **argv,
+ Slapi_Entry *e,
int flags
)
{
- char **attrs = NULL;
- char **indexes = NULL;
- char **matchingRules = NULL;
char *eBuf;
- int i = 0;
int j = 0;
char *basetype = NULL;
- char tmpAttrsStr[256];
- char tmpIndexesStr[256];
- char tmpMatchingRulesStr[1024];
struct ldbminfo *li = inst->inst_li;
char *dn = NULL;
+ Slapi_Attr *attr;
+ const struct berval *attrValue;
+ Slapi_Value *sval;
int rc = 0;
- if ((argc < 2) || (NULL == argv) || (NULL == argv[0]) ||
- (NULL == argv[1])) {
- return(-1);
+ /* get the cn value */
+ if (slapi_entry_attr_find(e, "cn", &attr) != 0) {
+ LDAPDebug(LDAP_DEBUG_ANY, "Warning: malformed index entry %s, missing cn attrbiute\n",
+ slapi_entry_get_dn(e), 0, 0);
+ return -1;
}
- PL_strncpyz(tmpAttrsStr,argv[0], sizeof(tmpAttrsStr));
- attrs = slapi_str2charray( tmpAttrsStr, "," );
- PL_strncpyz(tmpIndexesStr,argv[1], sizeof(tmpIndexesStr));
- indexes = slapi_str2charray( tmpIndexesStr, ",");
-
- if(argc > 2) {
- PL_strncpyz(tmpMatchingRulesStr,argv[2], sizeof(tmpMatchingRulesStr));
- matchingRules = slapi_str2charray( tmpMatchingRulesStr, ",");
+ slapi_attr_first_value(attr, &sval);
+ attrValue = slapi_value_get_berval(sval);
+ if (NULL == attrValue->bv_val || 0 == attrValue->bv_len) {
+ LDAPDebug(LDAP_DEBUG_ANY,
+ "Warning: malformed index entry %s, missing index name\n",
+ slapi_entry_get_dn(e), 0, 0);
+ return -1;
}
- for(i=0; attrs && attrs[i] !=NULL; i++)
- {
- if('\0' == attrs[i][0]) continue;
- basetype = slapi_attr_basetype(attrs[i], NULL, 0);
- dn = slapi_create_dn_string("cn=%s,cn=index,cn=%s,cn=%s,cn=plugins,cn=config",
+ basetype = slapi_attr_basetype(attrValue->bv_val, NULL, 0);
+ dn = slapi_create_dn_string("cn=%s,cn=index,cn=%s,cn=%s,cn=plugins,cn=config",
basetype, inst->inst_name, li->li_plugin->plg_name);
- if (NULL == dn) {
- LDAPDebug(LDAP_DEBUG_ANY,
- "ldbm_instance_config_add_index_entry: "
- "failed create index dn with type %s for plugin %s, "
- "instance %s\n",
- basetype, inst->inst_li->li_plugin->plg_name,
- inst->inst_name);
- slapi_ch_free((void**)&basetype);
- rc = -1;
- goto done;
- }
- eBuf = PR_smprintf(
- "dn: %s\n"
- "objectclass: top\n"
- "objectclass: nsIndex\n"
- "cn: %s\n"
- "nsSystemIndex: %s\n",
+ if (NULL == dn) {
+ LDAPDebug(LDAP_DEBUG_ANY,
+ "ldbm_instance_config_add_index_entry: "
+ "failed create index dn with type %s for plugin %s, "
+ "instance %s\n",
+ basetype, inst->inst_li->li_plugin->plg_name,
+ inst->inst_name);
+ slapi_ch_free((void**)&basetype);
+ return -1;
+ }
+
+ eBuf = PR_smprintf(
+ "dn: %s\n"
+ "objectclass: top\n"
+ "objectclass: nsIndex\n"
+ "cn: %s\n"
+ "nsSystemIndex: %s\n",
dn, basetype,
(ldbm_attribute_always_indexed(basetype)?"true":"false"));
- slapi_ch_free_string(&dn);
- for(j=0; indexes && indexes[j] != NULL; j++)
- {
- eBuf = PR_sprintf_append(eBuf, "nsIndexType:%s\n", indexes[j]);
- }
- if((argc>2)&&(argv[2]))
- {
- for(j=0; matchingRules && matchingRules[j] != NULL; j++)
- {
- eBuf = PR_sprintf_append(eBuf, "nsMatchingRule:%s\n", matchingRules[j]);
- }
- }
+ slapi_ch_free_string(&dn);
+
+ /* get nsIndexType and its values, and add them */
+ if( 0 == slapi_entry_attr_find(e, "nsIndexType", &attr)){
+ for (j = slapi_attr_first_value(attr, &sval); j != -1;j = slapi_attr_next_value(attr, j, &sval)) {
+ attrValue = slapi_value_get_berval(sval);
+ eBuf = PR_sprintf_append(eBuf, "nsIndexType: %s\n", attrValue->bv_val);
+ }
+ } else {
+ LDAPDebug(LDAP_DEBUG_ANY,
+ "ldbm_instance_config_add_index_entry: "
+ "failed create index dn with type %s for plugin %s, "
+ "instance %s. Missing nsIndexType\n",
+ basetype, inst->inst_li->li_plugin->plg_name,
+ inst->inst_name);
+ slapi_ch_free((void**)&basetype);
+ return -1;
+ }
- ldbm_config_add_dse_entry(li, eBuf, flags);
- if (eBuf) {
- PR_smprintf_free(eBuf);
- }
+ /* get nsMatchingRule and its values, and add them */
+ if(0 == slapi_entry_attr_find(e, "nsMatchingRule", &attr)) {
+ for (j = slapi_attr_first_value(attr, &sval); j != -1;j = slapi_attr_next_value(attr, j, &sval)) {
+ attrValue = slapi_value_get_berval(sval);
+ eBuf = PR_sprintf_append(eBuf, "nsMatchingRule: %s\n", attrValue->bv_val);
+ }
+ }
+
+ ldbm_config_add_dse_entry(li, eBuf, flags);
+ if (eBuf) {
+ PR_smprintf_free(eBuf);
+ }
- slapi_ch_free((void**)&basetype);
- }
+ slapi_ch_free((void**)&basetype);
-done:
- charray_free(attrs);
- charray_free(indexes);
- charray_free(matchingRules);
return rc;
}
@@ -724,10 +346,9 @@ ldbm_instance_index_config_enable_index(ldbm_instance *inst, Slapi_Entry* e)
rc=ldbm_index_parse_entry(inst, e, "from DSE add", &index_name);
if (rc == LDAP_SUCCESS) {
+ /* Assume the caller knows if it is OK to go online immediately */
struct attrinfo *ai = NULL;
- /* Assume the caller knows if it is OK to go online immediatly */
-
ainfo_get(inst->inst_be, index_name, &ai);
PR_ASSERT(ai != NULL);
ai->ai_indexmask &= ~INDEX_OFFLINE;
@@ -736,30 +357,19 @@ ldbm_instance_index_config_enable_index(ldbm_instance *inst, Slapi_Entry* e)
return rc;
}
-
/*
-** create the default user-defined indexes
+** Create the default user-defined indexes
+**
+** Search for user-defined default indexes and add them
+** to the backend instance being created.
*/
int ldbm_instance_create_default_user_indexes(ldbm_instance *inst)
{
-
- /*
- ** Search for user-defined default indexes and add them
- ** to the backend instance beeing created.
- */
-
Slapi_PBlock *aPb;
Slapi_Entry **entries = NULL;
Slapi_Attr *attr;
- Slapi_Value *sval = NULL;
- const struct berval *attrValue;
- char *argv[ 8 ];
- char tmpBuf[MAX_TMPBUF];
- char tmpBuf2[MAX_TMPBUF];
- int argc;
char *basedn = NULL;
-
struct ldbminfo *li;
/* write the dse file only on the final index */
@@ -772,7 +382,6 @@ int ldbm_instance_create_default_user_indexes(ldbm_instance *inst)
}
li = inst->inst_li;
- strcpy(tmpBuf,"");
/* Construct the base dn of the subtree that holds the default user indexes. */
basedn = slapi_create_dn_string("cn=default indexes,cn=config,cn=%s,cn=plugins,cn=config",
@@ -792,69 +401,27 @@ int ldbm_instance_create_default_user_indexes(ldbm_instance *inst)
slapi_search_internal_pb (aPb);
slapi_pblock_get(aPb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
if (entries!=NULL) {
- int i,j;
+ int i;
for (i=0; entries[i]!=NULL; i++) {
-
- /* Get the name of the attribute to index which will be the value
- * of the cn attribute. */
-
+ /*
+ * Get the name of the attribute to index which will be the value
+ * of the cn attribute.
+ */
if (slapi_entry_attr_find(entries[i], "cn", &attr) != 0) {
LDAPDebug(LDAP_DEBUG_ANY,"Warning: malformed index entry %s. Index ignored.\n",
slapi_entry_get_dn(entries[i]), 0, 0);
continue;
}
- slapi_attr_first_value(attr, &sval);
- attrValue = slapi_value_get_berval(sval);
- argv[0] = attrValue->bv_val;
- argc=1;
-
- /* Get the list of index types from the entry. */
-
- if (0 == slapi_entry_attr_find(entries[i], "nsIndexType", &attr)) {
- for (j = slapi_attr_first_value(attr, &sval); j != -1;
- j = slapi_attr_next_value(attr, j, &sval)) {
- attrValue = slapi_value_get_berval(sval);
- if (0 == j) {
- tmpBuf[0] = 0;
- ZCAT_SAFE(tmpBuf, "", attrValue->bv_val);
- } else {
- ZCAT_SAFE(tmpBuf, ",", attrValue->bv_val);
- }
- }
- argv[argc]=tmpBuf;
- argc++;
- }
-
- /* Get the list of matching rules from the entry. */
-
- if (0 == slapi_entry_attr_find(entries[i], "nsMatchingRule", &attr)) {
- for (j = slapi_attr_first_value(attr, &sval); j != -1;
- j = slapi_attr_next_value(attr, j, &sval)) {
- attrValue = slapi_value_get_berval(sval);
- if (0 == j) {
- tmpBuf2[0] = 0;
- ZCAT_SAFE(tmpBuf2, "", attrValue->bv_val);
- } else {
- ZCAT_SAFE(tmpBuf2, ",", attrValue->bv_val);
- }
- }
- argv[argc]=tmpBuf2;
- argc++;
- }
-
- argv[argc]=NULL;
/* Create the index entry in the backend */
-
if (entries[i+1] == NULL) {
/* write the dse file only on the final index */
flags = 0;
}
- ldbm_instance_config_add_index_entry(inst, argc, argv, flags);
+ ldbm_instance_config_add_index_entry(inst, entries[i], flags);
/* put the index online */
-
ldbm_instance_index_config_enable_index(inst, entries[i]);
}
}
diff --git a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
index b4bdc52..1e28070 100644
--- a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
+++ b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
@@ -2489,32 +2489,45 @@ db2index_add_indexed_attr(backend *be, char *attrString)
{
char *iptr = NULL;
char *mptr = NULL;
- char *nsslapd_index_value[4];
- int argc = 0;
- int i;
+ Slapi_Entry *e;
+ struct berval *vals[2];
+ struct berval val;
+
+ vals[0] = &val;
+ vals[1] = NULL;
if (NULL == (iptr = strchr(attrString, ':'))) {
return(0);
}
+ e = slapi_entry_alloc();
iptr[0] = '\0';
iptr++;
-
- nsslapd_index_value[argc++] = slapi_ch_strdup(attrString+1);
-
+
+ /* set the index name */
+ val.bv_val = attrString+1;
+ val.bv_len = strlen(attrString);
+ slapi_entry_add_values(e,"cn",vals);
+
if (NULL != (mptr = strchr(iptr, ':'))) {
mptr[0] = '\0';
mptr++;
}
- nsslapd_index_value[argc++] = slapi_ch_strdup(iptr);
+
+ /* set the index type */
+ val.bv_val = iptr;
+ val.bv_len = strlen(iptr);
+ slapi_entry_add_values(e,"nsIndexType",vals);
+
if (NULL != mptr) {
- nsslapd_index_value[argc++] = slapi_ch_strdup(mptr);
+ /* set the matching rule */
+ val.bv_val = mptr;
+ val.bv_len = strlen(mptr);
+ slapi_entry_add_values(e,"nsMatchingRule",vals);
}
- nsslapd_index_value[argc] = NULL;
- attr_index_config(be, "from db2index()", 0, argc, nsslapd_index_value, 0);
- for ( i=0; i<argc; i++ ) {
- slapi_ch_free_string(&nsslapd_index_value[i]);
- }
+ attr_index_config(be, "from db2index()", 0, e, 0, 0);
+ slapi_entry_free(e);
+
return(0);
}
diff --git a/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h b/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h
index f286377..0734162 100644
--- a/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h
+++ b/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h
@@ -55,7 +55,7 @@ void attr_masks( backend *be, char *type, int *indexmask,
void attr_masks_ex( backend *be, char *type, int *indexmask,
int *syntaxmask, struct attrinfo **at );
void attr_index_config( backend *be, char *fname, int lineno,
- int argc, char **argv, int init );
+ Slapi_Entry *e, int init, int none );
int ldbm_compute_init();
void attrinfo_deletetree(ldbm_instance *inst);
void attr_create_empty(backend *be,char *type,struct attrinfo **ai);
12 years, 3 months
ldap/servers
by Noriko Hosoi
ldap/servers/slapd/back-ldbm/index.c | 2
ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c | 60 ++++++++++++++++++++++++---
2 files changed, 55 insertions(+), 7 deletions(-)
New commits:
commit e72f4b277e8d06651d489467a7f77fd8f4a829cd
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Jan 31 14:58:44 2012 -0800
Trac Ticket #274 - Reindexing entryrdn fails if
ancestors are also tombstoned
https://fedorahosted.org/389/ticket/274
Bug description: Inserting/traversing entryrdn fails if a parent
entry is tombstoned and the rdn in the entryrdn index includes
nsuniqueid.
In DIT cn=A,ou=B,o=C, cn=A and ou=B are removed and turned to
tombstone entries. Both of the 2 representations need to be
supported in the entryrdn.
nsuniqueid=...,cn=A,ou=B,o=C and
nsuniqueid=...,cn=A,nsuniqueid=...,ou=B,o=C
Fix description: Support for the second case is added by this patch.
Also, in index_add_mods, code for checking NULL mods is added.
diff --git a/ldap/servers/slapd/back-ldbm/index.c b/ldap/servers/slapd/back-ldbm/index.c
index 65ad867..0ed6918 100644
--- a/ldap/servers/slapd/back-ldbm/index.c
+++ b/ldap/servers/slapd/back-ldbm/index.c
@@ -526,7 +526,7 @@ index_add_mods(
* should be deleted.
*/
- for ( i = 0; mods[i] != NULL; i++ ) {
+ for ( i = 0; mods && mods[i] != NULL; i++ ) {
/* Get base attribute type */
basetype = buf;
tmp = slapi_attr_basetype(mods[i]->mod_type, buf, sizeof(buf));
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
index 40b2f1e..d793705 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
@@ -1652,11 +1652,12 @@ retry_get0:
childelem = (rdn_elem *)dataret.data;
childnrdn = (char *)childelem->rdn_elem_nrdn_rdn;
comma = strchr(childnrdn, ',');
- if (NULL == comma) { /* This node is not a tombstone */
+ if (NULL == comma) { /* No comma; This node is not a tombstone */
continue;
}
if (strncasecmp(childnrdn, SLAPI_ATTR_UNIQUEID,
sizeof(SLAPI_ATTR_UNIQUEID) - 1)) {
+ /* Does not start w/ UNIQUEID; not a tombstone */
continue;
}
if (0 == strcmp(comma + 1, slapi_rdn_get_nrdn(srdn))) {
@@ -1664,6 +1665,12 @@ retry_get0:
_entryrdn_dup_rdn_elem((const void *)dataret.data, elem);
goto bail;
}
+ if (0 == strncmp(childnrdn, slapi_rdn_get_nrdn(srdn),
+ comma - childnrdn)) {
+ /* found and done */
+ _entryrdn_dup_rdn_elem((const void *)dataret.data, elem);
+ goto bail;
+ }
} while (NULL != dataret.data && NULL != ptr);
retry_get1:
rc = cursor->c_get(cursor, key, &data, DB_NEXT_DUP|DB_MULTIPLE);
@@ -2268,8 +2275,7 @@ _entryrdn_insert_key(backend *be,
if (DB_NOTFOUND == rc) {
/* if 0 == rdnidx, Child is a Leaf RDN to be added */
if (0 == rdnidx) {
- /* keybuf (C#:<parent_rdn>) is consumed in
- _entryrdn_insert_key_elems */
+ /* keybuf (C#) is consumed in _entryrdn_insert_key_elems */
/* set id to the elem to be added */
id_internal_to_stored(id, elem->rdn_elem_id);
rc = _entryrdn_insert_key_elems(be, cursor, srdn, &key,
@@ -2279,6 +2285,17 @@ _entryrdn_insert_key(backend *be,
/* done */
} else {
ID currid = 0;
+ /*
+ * In DIT cn=A,ou=B,o=C, cn=A and ou=B are removed and
+ * turned to tombstone entries. We need to support both:
+ * nsuniqueid=...,cn=A,ou=B,o=C and
+ * nsuniqueid=...,cn=A,nsuniqueid=...,ou=B,o=C
+ * The former appears when cn=A is deleted;
+ * the latter appears when the entryrdn is reindexed.
+ * The former is taken care in _entryrdn_get_tombstone_elem;
+ * the else clause to skip "nsuniqueid" is needed for the
+ * latter case.
+ */
rc = _entryrdn_get_tombstone_elem(cursor, tmpsrdn, &key,
childnrdn, &tmpelem);
if (rc || (NULL == tmpelem)) {
@@ -2295,6 +2312,13 @@ _entryrdn_insert_key(backend *be,
}
slapi_ch_free_string(&dn);
goto bail;
+ } else {
+ int tmpidx = slapi_rdn_get_prev_ext(srdn, rdnidx,
+ &childnrdn, FLAG_ALL_NRDNS);
+ if (0 == strncasecmp(childnrdn, SLAPI_ATTR_UNIQUEID,
+ sizeof(SLAPI_ATTR_UNIQUEID) - 1)) {
+ rdnidx = tmpidx;
+ }
}
/* Node is a tombstone. */
slapi_ch_free((void **)&elem);
@@ -2779,10 +2803,34 @@ _entryrdn_index_read(backend *be,
slapi_ch_free((void **)&tmpelem);
if (flags & TOMBSTONE_INCLUDED) {
/* Node might be a tombstone */
+ /*
+ * In DIT cn=A,ou=B,o=C, cn=A and ou=B are removed and
+ * turned to tombstone entries. We need to support both:
+ * nsuniqueid=...,cn=A,ou=B,o=C and
+ * nsuniqueid=...,cn=A,nsuniqueid=...,ou=B,o=C
+ */
rc = _entryrdn_get_tombstone_elem(cursor, tmpsrdn, &key,
childnrdn, &tmpelem);
- }
- if (rc || (NULL == tmpelem)) {
+ if (rc || (NULL == tmpelem)) {
+ slapi_ch_free((void **)&tmpelem);
+ slapi_log_error(SLAPI_LOG_BACKLDBM, ENTRYRDN_TAG,
+ "_entryrdn_index_read: Child link \"%s\" of "
+ "key \"%s\" not found: %s(%d)\n",
+ childnrdn, keybuf, dblayer_strerror(rc), rc);
+ rc = DB_NOTFOUND;
+ if (tmpsrdn != srdn) {
+ slapi_rdn_free(&tmpsrdn);
+ }
+ goto bail;
+ } else {
+ int tmpidx = slapi_rdn_get_prev_ext(srdn, rdnidx,
+ &childnrdn, FLAG_ALL_NRDNS);
+ if (0 == strncasecmp(childnrdn, SLAPI_ATTR_UNIQUEID,
+ sizeof(SLAPI_ATTR_UNIQUEID) - 1)) {
+ rdnidx = tmpidx;
+ }
+ }
+ } else {
slapi_ch_free((void **)&tmpelem);
slapi_log_error(SLAPI_LOG_BACKLDBM, ENTRYRDN_TAG,
"_entryrdn_index_read: Child link \"%s\" of "
@@ -2790,7 +2838,7 @@ _entryrdn_index_read(backend *be,
childnrdn, keybuf, dblayer_strerror(rc), rc);
rc = DB_NOTFOUND;
if (tmpsrdn != srdn) {
- slapi_rdn_free(&tmpsrdn);
+ slapi_rdn_free(&tmpsrdn);
}
goto bail;
}
12 years, 3 months
ldap/servers
by Mark Reynolds
ldap/servers/slapd/proxyauth.c | 30 +++++++++++++++++-------------
ldap/servers/slapd/slap.h | 2 ++
2 files changed, 19 insertions(+), 13 deletions(-)
New commits:
commit 5232b202fc2ddb529312d30304867d3ff470d3a2
Author: Mark Reynolds <mareynol(a)redhat.com>
Date: Wed Feb 1 10:35:56 2012 -0500
Ticket #6 - protocol error from proxied auth operation
Bug Description: Trying to perform a proxied auth operation leads to
a protocol error(err=2).
Fix Description: ber_scanf() was rejecting the authdn value, becuase it
did not start with a octet string/char. The fix was
to check for the octet string, and if it wasn't present
then just use the value as it is.
https://fedorahosted.org/389/ticket/
diff --git a/ldap/servers/slapd/proxyauth.c b/ldap/servers/slapd/proxyauth.c
index 2230a31..fe36cf1 100644
--- a/ldap/servers/slapd/proxyauth.c
+++ b/ldap/servers/slapd/proxyauth.c
@@ -106,21 +106,25 @@ parse_LDAPProxyAuth(struct berval *spec_ber, int version, char **errtextp,
break;
}
- ber = ber_init(spec_ber);
- if (!ber) {
- break;
- }
-
- if ( version == 1 ) {
- tag = ber_scanf(ber, "{a}", &spec->auth_dn);
+ if (version == 2 && (spec_ber->bv_val[0] != CHAR_OCTETSTRING)) {
+ /* This doesn't start with an octet string, so just use the actual value */
+ spec->auth_dn = slapi_ch_strdup(spec_ber->bv_val);
} else {
- tag = ber_scanf(ber, "a", &spec->auth_dn);
- }
- if (tag == LBER_ERROR) {
- lderr = LDAP_PROTOCOL_ERROR;
- break;
- }
+ ber = ber_init(spec_ber);
+ if (!ber) {
+ break;
+ }
+ if ( version == 1 ) {
+ tag = ber_scanf(ber, "{a}", &spec->auth_dn);
+ } else {
+ tag = ber_scanf(ber, "a", &spec->auth_dn);
+ }
+ if (tag == LBER_ERROR) {
+ lderr = LDAP_PROTOCOL_ERROR;
+ break;
+ }
+ }
/*
* In version 2 of the control, the control value is actually an
* authorization ID (see section 9 of RFC 2829). We only support
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
index 86d954d..c6d342c 100644
--- a/ldap/servers/slapd/slap.h
+++ b/ldap/servers/slapd/slap.h
@@ -2310,6 +2310,8 @@ extern char *attr_dataversion;
#define LDAP_VIRTUAL_LIST_VIEW_ERROR 0x4C /* 76 */
#endif
+#define CHAR_OCTETSTRING (char)0x04
+
/* copied from replication/repl5.h */
#define RUV_STORAGE_ENTRY_UNIQUEID "ffffffff-ffffffff-ffffffff-ffffffff"
12 years, 3 months