ldap/schema
by Mark Reynolds
ldap/schema/60nis.ldif | 2 ++
1 file changed, 2 insertions(+)
New commits:
commit b4cd1376f5a57420babc2b52d28477326046bafd
Author: Mark Reynolds <mareynol(a)redhat.com>
Date: Tue Jan 31 13:10:20 2012 -0500
Ticket #38 - nisDomain schema is incorrect
Bug Description: nisDomain was missing some of its definitions
https://fedorahosted.org/389/ticket/38
diff --git a/ldap/schema/60nis.ldif b/ldap/schema/60nis.ldif
index 9aff3fc..57ef402 100644
--- a/ldap/schema/60nis.ldif
+++ b/ldap/schema/60nis.ldif
@@ -31,6 +31,8 @@ attributeTypes: (
NAME 'nisDomain'
DESC 'NIS domain'
SUP name
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
#
11 years, 10 months
ldap/admin
by Richard Allen Megginson
ldap/admin/src/scripts/91subtreereindex.pl | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
New commits:
commit 790cbbb903e37086ca5d042c0636fab426200e88
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Mon Jan 30 20:47:23 2012 -0700
Ticket #273 - ruv tombstone searches don't work after reindex entryrdn
https://fedorahosted.org/389/ticket/273
Resolves: Ticket #273
Bug Description: ruv tombstone searches don't work after reindex entryrdn
Reviewed by: nhosoi (Thanks!)
Branch: master
Fix Description: Upgrade script was not working correctly:
1) replace both rdn-format/ and rdn-format-1/ with rdn-format-2/
2) use s (replace) instead of y (transliterate)
3) use correct version string when updating main DBVERSION file
4) open main DBVERSION file in write mode
5) do not put extra newline in DBVERSION file
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
diff --git a/ldap/admin/src/scripts/91subtreereindex.pl b/ldap/admin/src/scripts/91subtreereindex.pl
index c512435..a031cc1 100644
--- a/ldap/admin/src/scripts/91subtreereindex.pl
+++ b/ldap/admin/src/scripts/91subtreereindex.pl
@@ -123,8 +123,9 @@ sub runinst {
if (!open(DBVERSION, "> $dbversion1")) {
push @errs, ['error_opening_file', $dbversion1, $!];
} else {
- $versionstr =~ y/rdn\-format/rdn\-format\-2/;
- print DBVERSION $versionstr . "\n";
+ $versionstr =~ s,rdn\-format\-1/,rdn\-format\-2/,;
+ $versionstr =~ s,rdn\-format/,rdn\-format\-2/,;
+ print DBVERSION $versionstr; # not chomp'd above, already has newline
close DBVERSION;
}
}
@@ -134,11 +135,12 @@ NEXT:
}
# update main DBVERSION file
- if (!open(DBVERSION, "$dbversion0")) {
+ if (!open(DBVERSION, "> $dbversion0")) {
push @errs, ['error_opening_file', $dbversion0, $!];
} else {
- $dbversionstr = y/rdn\-format/rdn\-format\-2/;
- print DBVERSION $versionstr . "\n";
+ $dbversionstr =~ s,rdn\-format\-1/,rdn\-format\-2/,;
+ $dbversionstr =~ s,rdn\-format/,rdn\-format\-2/,;
+ print DBVERSION $dbversionstr; # not chomp'd above, already has newline
close DBVERSION;
}
11 years, 10 months
ldap/admin ldap/servers
by Richard Allen Megginson
ldap/admin/src/scripts/91subtreereindex.pl | 14 ++++++++++----
ldap/servers/slapd/back-ldbm/back-ldbm.h | 2 +-
ldap/servers/slapd/back-ldbm/ldif2ldbm.c | 21 ++++++++++++++++++---
3 files changed, 29 insertions(+), 8 deletions(-)
New commits:
commit 6037bfe7592f7953a813c6e10f31e6aa4b20ecdb
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Fri Jan 27 17:09:06 2012 -0700
Ticket #273 - ruv tombstone searches don't work after reindex entryrdn
https://fedorahosted.org/389/ticket/273
Resolves: Ticket #273
Bug Description: ruv tombstone searches don't work after reindex entryrdn
Reviewed by: nhosoi (Thanks!)
Branch: master
Fix Description: When indexing entryrdn, if there is no parentid in the
entry, assume the parent is the suffix entry. It appears the only case
where there was no parentid in the entry is the ruv tombstone case.
Bump the database rdn-format version to 2.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
diff --git a/ldap/admin/src/scripts/91subtreereindex.pl b/ldap/admin/src/scripts/91subtreereindex.pl
index f5aee9f..c512435 100644
--- a/ldap/admin/src/scripts/91subtreereindex.pl
+++ b/ldap/admin/src/scripts/91subtreereindex.pl
@@ -51,11 +51,14 @@ sub runinst {
if ($_ =~ /rdn-format-1/) {
$is_rdn_format = 2;
}
+ if ($_ =~ /rdn-format-2/) {
+ $is_rdn_format = 3;
+ }
}
}
close DBVERSION;
- if (2 == $is_rdn_format) {
+ if (3 == $is_rdn_format) {
return (); # DB already has the new rdn format.
}
@@ -95,11 +98,14 @@ sub runinst {
if ($_ =~ /rdn-format-1/) {
$is_rdn_format = 2;
}
+ if ($_ =~ /rdn-format-2/) {
+ $is_rdn_format = 3;
+ }
}
}
close DBVERSION;
- if (2 == $is_rdn_format) {
+ if (3 == $is_rdn_format) {
# DB already has the new rdn format.
goto NEXT;
}
@@ -117,7 +123,7 @@ sub runinst {
if (!open(DBVERSION, "> $dbversion1")) {
push @errs, ['error_opening_file', $dbversion1, $!];
} else {
- $versionstr =~ y/rdn\-format/rdn\-format\-1/;
+ $versionstr =~ y/rdn\-format/rdn\-format\-2/;
print DBVERSION $versionstr . "\n";
close DBVERSION;
}
@@ -131,7 +137,7 @@ NEXT:
if (!open(DBVERSION, "$dbversion0")) {
push @errs, ['error_opening_file', $dbversion0, $!];
} else {
- $dbversionstr = y/rdn\-format/rdn\-format\-1/;
+ $dbversionstr = y/rdn\-format/rdn\-format\-2/;
print DBVERSION $versionstr . "\n";
close DBVERSION;
}
diff --git a/ldap/servers/slapd/back-ldbm/back-ldbm.h b/ldap/servers/slapd/back-ldbm/back-ldbm.h
index 3a92f59..f11ec82 100644
--- a/ldap/servers/slapd/back-ldbm/back-ldbm.h
+++ b/ldap/servers/slapd/back-ldbm/back-ldbm.h
@@ -167,7 +167,7 @@ typedef unsigned short u_int16_t;
#define BDB_BACKEND "libback-ldbm" /* This backend plugin */
#define BDB_NEWIDL "newidl" /* new idl format */
#define BDB_RDNFORMAT "rdn-format" /* Subtree rename enabled */
-#define BDB_RDNFORMAT_VERSION "1" /* rdn-format version (by default, 0) */
+#define BDB_RDNFORMAT_VERSION "2" /* rdn-format version (by default, 0) */
#define BDB_DNFORMAT "dn-4514" /* DN format RFC 4514 compliant */
#define DBVERSION_NEWIDL 0x1
diff --git a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
index b430f9a..b4bdc52 100644
--- a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
+++ b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
@@ -1678,6 +1678,7 @@ ldbm_back_ldbm2index(Slapi_PBlock *pb)
int index_ext = 0;
struct vlvIndex *vlvip = NULL;
back_txn txn;
+ ID suffixid = NOID; /* holds the id of the suffix entry */
LDAPDebug( LDAP_DEBUG_TRACE, "=> ldbm_back_ldbm2index\n", 0, 0, 0 );
if ( g_get_shutdown() || c_get_shutdown() ) {
@@ -2021,9 +2022,23 @@ ldbm_back_ldbm2index(Slapi_PBlock *pb)
/* get a parent pid */
rc = get_value_from_string((const char *)data.dptr,
LDBM_PARENTID_STR, &pid_str);
- if (rc) {
- rc = 0; /* assume this is a suffix */
- } else {
+ if (rc || !pid_str) {
+ /* see if this is a suffix or some entry without a parent id
+ e.g. a tombstone entry */
+ Slapi_DN sufdn;
+
+ slapi_sdn_init_dn_byref(&sufdn, rdn);
+ if (slapi_be_issuffix(be, &sufdn)) {
+ rc = 0; /* is a suffix */
+ suffixid = temp_id; /* this is the ID of a suffix entry */
+ } else {
+ /* assume the parent entry is the suffix entry for this backend
+ set pid to the id of that entry */
+ pid = suffixid;
+ }
+ slapi_sdn_done(&sufdn);
+ }
+ if (pid_str) {
pid = (ID)strtol(pid_str, (char **)NULL, 10);
slapi_ch_free_string(&pid_str);
/* if pid is larger than the current pid temp_id,
11 years, 10 months
ldap/schema
by Richard Allen Megginson
ldap/schema/60samba3.ldif | 34 ++++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)
New commits:
commit b862b3cb6d1ace2b71a4793b72d90dac9edebfc0
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Fri Jan 27 12:01:09 2012 -0700
Ticket #29 - Samba3-schema is missing sambaTrustedDomainPassword
https://fedorahosted.org/389/ticket/29
Resolves: Ticket #29
Bug Description: Samba3-schema is missing sambaTrustedDomainPassword
Reviewed by: nhosoi (Thanks!)
Branch: master
Fix Description: Add schema to 60samba3.ldif
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
diff --git a/ldap/schema/60samba3.ldif b/ldap/schema/60samba3.ldif
index d6a0e5c..5dd5f31 100644
--- a/ldap/schema/60samba3.ldif
+++ b/ldap/schema/60samba3.ldif
@@ -399,6 +399,28 @@ attributeTypes: (
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
#
+###############################################################################
+#
+attributeTypes: (
+ 1.3.6.1.4.1.7165.2.1.68
+ NAME 'sambaClearTextPassword'
+ DESC 'Clear text password (used for trusted domain passwords)'
+ EQUALITY octetStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+ SINGLE-VALUE
+ )
+#
+###############################################################################
+#
+attributeTypes: (
+ 1.3.6.1.4.1.7165.2.1.69
+ NAME 'sambaPreviousClearTextPassword'
+ DESC 'Previous clear text password (used for trusted domain passwords)'
+ EQUALITY octetStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+ SINGLE-VALUE
+ )
+#
################################################################################
#
objectClasses: (
@@ -530,3 +552,15 @@ objectClasses: (
#
################################################################################
#
+objectClasses: (
+ 1.3.6.1.4.1.7165.2.2.15
+ NAME 'sambaTrustedDomainPassword'
+ DESC 'Samba Trusted Domain Password'
+ SUP top
+ STRUCTURAL
+ MUST ( sambaDomainName $ sambaSID $ sambaClearTextPassword $ sambaPwdLastSet )
+ MAY ( sambaPreviousClearTextPassword )
+ )
+#
+###############################################################################
+#
11 years, 10 months
ldap/schema Makefile.am Makefile.in
by Richard Allen Megginson
Makefile.am | 1
Makefile.in | 1
ldap/schema/50ns-directory.ldif | 2 -
ldap/schema/60sendmail.ldif | 54 ++++++++++++++++++++++++++++++++++++++++
4 files changed, 57 insertions(+), 1 deletion(-)
New commits:
commit 64d2bc6af815bd872096a8c490c65cb751ed488b
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Fri Jan 27 11:45:55 2012 -0700
Ticket #22 - RFE: Support sendmail LDAP routing schema
https://fedorahosted.org/389/ticket/22
Resolves: Ticket #22
Bug Description: RFE: Support sendmail LDAP routing schema
Reviewed by: nhosoi (Thanks!)
Branch: master
Fix Description: First I had to fix the OID for ntGroupType. I assigned
a new OID to it from our OID range.
Next, I added a new file 60sendmail.ldif containing the new sendmail schema.
This must be in a separate file. The problem is that the new schema is
incompatible with the existing schema of the same name - different syntaxes
and matching rules. So if you use 60sendmail.ldif, you must not use
50ns-mail.ldif, 60inetmail.ldif, or 60qmail.ldif.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
diff --git a/Makefile.am b/Makefile.am
index 045c986..e84b63d 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -266,6 +266,7 @@ sampledata_DATA = ldap/admin/src/scripts/failedbinds.py \
$(srcdir)/ldap/schema/60rfc4876.ldif \
$(srcdir)/ldap/schema/60samba.ldif \
$(srcdir)/ldap/schema/60samba3.ldif \
+ $(srcdir)/ldap/schema/60sendmail.ldif \
$(LIBPRESENCE_SCHEMA)
schema_DATA = $(srcdir)/ldap/schema/00core.ldif \
diff --git a/Makefile.in b/Makefile.in
index b1d5c68..b33c6a5 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1469,6 +1469,7 @@ sampledata_DATA = ldap/admin/src/scripts/failedbinds.py \
$(srcdir)/ldap/schema/60rfc4876.ldif \
$(srcdir)/ldap/schema/60samba.ldif \
$(srcdir)/ldap/schema/60samba3.ldif \
+ $(srcdir)/ldap/schema/60sendmail.ldif \
$(LIBPRESENCE_SCHEMA)
schema_DATA = $(srcdir)/ldap/schema/00core.ldif \
diff --git a/ldap/schema/50ns-directory.ldif b/ldap/schema/50ns-directory.ldif
index 1c7ae35..1e31dca 100644
--- a/ldap/schema/50ns-directory.ldif
+++ b/ldap/schema/50ns-directory.ldif
@@ -78,7 +78,7 @@ attributeTypes: ( 2.16.840.1.113730.3.1.43 NAME 'ntUserDeleteAccount' DESC 'Nets
attributeTypes: ( 2.16.840.1.113730.3.1.44 NAME 'ntGroupDomainId' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )
attributeTypes: ( 2.16.840.1.113730.3.1.45 NAME 'ntGroupCreateNewGroup' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )
attributeTypes: ( 2.16.840.1.113730.3.1.46 NAME 'ntGroupDeleteGroup' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )
-attributeTypes: ( 2.16.840.1.113730.3.1.47 NAME 'ntGroupType' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )
+attributeTypes: ( 2.16.840.1.113730.3.1.2112 NAME 'ntGroupType' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )
attributeTypes: ( 2.16.840.1.113730.3.1.59 NAME 'ntUserPriv' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )
attributeTypes: ( 2.16.840.1.113730.3.1.60 NAME 'ntUserAuthFlags' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )
attributeTypes: ( 2.16.840.1.113730.3.1.61 NAME 'ntUserUsrComment' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )
diff --git a/ldap/schema/60sendmail.ldif b/ldap/schema/60sendmail.ldif
new file mode 100644
index 0000000..1d746d7
--- /dev/null
+++ b/ldap/schema/60sendmail.ldif
@@ -0,0 +1,54 @@
+#
+################################################################################
+#
+dn: cn=schema
+#
+################################################################################
+#
+attributeTypes: (
+ 2.16.840.1.113730.3.1.13
+ NAME 'mailLocalAddress'
+ DESC 'RFC822 email address of this recipient'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ X-ORIGIN 'draft-lachman-laser-ldap-mail-routing-02.txt'
+ )
+#
+################################################################################
+#
+attributeTypes: (
+ 2.16.840.1.113730.3.1.18
+ NAME 'mailHost'
+ DESC 'FQDN of the SMTP/MTA of this recipient'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE
+ X-ORIGIN 'draft-lachman-laser-ldap-mail-routing-02.txt'
+ )
+#
+################################################################################
+#
+attributeTypes: (
+ 2.16.840.1.113730.3.1.47
+ NAME 'mailRoutingAddress'
+ DESC 'RFC822 routing address of this recipient'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE
+ X-ORIGIN 'draft-lachman-laser-ldap-mail-routing-02.txt'
+ )
+#
+################################################################################
+#
+objectClasses: (
+ 2.16.840.1.113730.3.2.147
+ NAME 'inetLocalMailRecipient'
+ DESC 'Internet local mail recipient'
+ SUP top
+ AUXILIARY
+ MAY ( mailLocalAddress $ mailHost $ mailRoutingAddress )
+ X-ORIGIN 'draft-lachman-laser-ldap-mail-routing-02.txt'
+ )
+#
+################################################################################
+#
11 years, 10 months
Branch 'Directory_Server_8_2_Branch' - 11 commits - ldap/servers
by Richard Allen Megginson
ldap/servers/plugins/acl/acl.c | 3
ldap/servers/plugins/acl/acl.h | 2
ldap/servers/plugins/acl/aclplugin.c | 8
ldap/servers/plugins/replication/repl5.h | 2
ldap/servers/plugins/replication/repl5_connection.c | 10
ldap/servers/plugins/replication/repl5_inc_protocol.c | 2
ldap/servers/plugins/replication/repl5_protocol_util.c | 7
ldap/servers/plugins/replication/repl5_tot_protocol.c | 2
ldap/servers/slapd/abandon.c | 7
ldap/servers/slapd/attrsyntax.c | 22
ldap/servers/slapd/connection.c | 14
ldap/servers/slapd/csnset.c | 4
ldap/servers/slapd/dn.c | 495 ++++++++++++++++-
ldap/servers/slapd/entrywsi.c | 18
ldap/servers/slapd/libglobs.c | 33 +
ldap/servers/slapd/opshared.c | 42 +
ldap/servers/slapd/pagedresults.c | 33 +
ldap/servers/slapd/proto-slap.h | 3
ldap/servers/slapd/sasl_map.c | 4
ldap/servers/slapd/slap.h | 2
ldap/servers/slapd/slapi-plugin.h | 59 ++
ldap/servers/slapd/slapi2nspr.c | 83 ++
ldap/servers/slapd/ssl.c | 73 ++
23 files changed, 850 insertions(+), 78 deletions(-)
New commits:
commit 04a60122c0c506cf6ec5797c7e36aa24960de3b1
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Tue Dec 13 15:46:43 2011 -0700
Bug 767273 - add switch to disable DN normalization of nested DNs
https://bugzilla.redhat.com/show_bug.cgi?id=767273
Resolves: bug 767273
Bug Description: add switch to disable DN normalization of nested DNs
Reviewed by: nhosoi (Thanks!)
Branch: Directory_Server_8_2_Branch
Fix Description: Fix compiler error and warning
diff --git a/ldap/servers/slapd/dn.c b/ldap/servers/slapd/dn.c
index 998f731..efb5868 100644
--- a/ldap/servers/slapd/dn.c
+++ b/ldap/servers/slapd/dn.c
@@ -511,7 +511,6 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, size_t *dest_len)
struct berval *subrdn_avs = NULL;
struct berval subinitial_rdn_av_stack[ SLAPI_DNNORM_INITIAL_RDN_AVS ];
int chkblank = 0;
- int avstat = 0;
int is_dn_syntax = 0;
int normalize_nested_dn = config_get_normalize_nested_dn();
@@ -2605,8 +2604,8 @@ old_slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, size_t *dest_
} else if (s + 2 < ends &&
isxdigit(*(s+1)) && isxdigit(*(s+2))) {
/* esc hexpair ==> real character */
- int n = slapi_hexchar2int(*(s+1));
- int n2 = slapi_hexchar2int(*(s+2));
+ int n = hexchar2int(*(s+1));
+ int n2 = hexchar2int(*(s+2));
n = (n << 4) + n2;
if (n == 0) { /* don't change \00 */
*d++ = *++s;
commit 049b8eb771a44cc26b8178af4bce1a9d2f44aaec
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Mon Nov 21 15:58:56 2011 -0700
Bug 730387 - attrsyntax - Add slapi_rwlock API and use POSIX rwlocks
This adds a new slapi_rwlock API and uses it throughout the server.
Internally, this API can allow either NSPR or POSIX rwlocks to be
used for different platforms. This patch makes it use the POSIX
implementation on Linux platforms since the NSPR implementation
does not safely allow re-entrant reader locks to be used.
backported from
commit f9b199ec05f4fd0d3054f05ce6cd6ba4a820d246
Author: Nathan Kinder <nkinder(a)redhat.com>
Date: Wed Aug 17 09:20:26 2011 -0700
this patch only addresses the attrsyntax rwlocks, not all of the other
rwlocks in the server
diff --git a/ldap/servers/slapd/attrsyntax.c b/ldap/servers/slapd/attrsyntax.c
index 6d3fe8c..0b8111f 100644
--- a/ldap/servers/slapd/attrsyntax.c
+++ b/ldap/servers/slapd/attrsyntax.c
@@ -55,7 +55,7 @@
*/
static PLHashTable *oid2asi = NULL;
/* read/write lock to protect table */
-static PRRWLock *oid2asi_lock = NULL;
+static Slapi_RWLock *oid2asi_lock = NULL;
/*
* This hashtable maps the name or alias of the attribute to the
@@ -65,12 +65,12 @@ static PRRWLock *oid2asi_lock = NULL;
*/
static PLHashTable *name2asi = NULL;
/* read/write lock to protect table */
-static PRRWLock *name2asi_lock = NULL;
+static Slapi_RWLock *name2asi_lock = NULL;
-#define AS_LOCK_READ(l) PR_RWLock_Rlock(l)
-#define AS_LOCK_WRITE(l) PR_RWLock_Wlock(l)
-#define AS_UNLOCK_READ(l) PR_RWLock_Unlock(l)
-#define AS_UNLOCK_WRITE(l) PR_RWLock_Unlock(l)
+#define AS_LOCK_READ(l) slapi_rwlock_rdlock(l)
+#define AS_LOCK_WRITE(l) slapi_rwlock_wrlock(l)
+#define AS_UNLOCK_READ(l) slapi_rwlock_unlock(l)
+#define AS_UNLOCK_WRITE(l) slapi_rwlock_unlock(l)
@@ -994,13 +994,12 @@ attr_syntax_init(void)
oid2asi = PL_NewHashTable(2047, hashNocaseString,
hashNocaseCompare,
PL_CompareValues, 0, 0);
- if ( NULL == ( oid2asi_lock = PR_NewRWLock( PR_RWLOCK_RANK_NONE,
- "attrsyntax oid rwlock" ))) {
+ if ( NULL == ( oid2asi_lock = slapi_new_rwlock())) {
if(oid2asi) PL_HashTableDestroy(oid2asi);
oid2asi = NULL;
slapi_log_error( SLAPI_LOG_FATAL, "attr_syntax_init",
- "PR_NewRWLock() for oid2asi lock failed\n" );
+ "slapi_new_rwlock() for oid2asi lock failed\n" );
return 1;
}
}
@@ -1010,13 +1009,12 @@ attr_syntax_init(void)
name2asi = PL_NewHashTable(2047, hashNocaseString,
hashNocaseCompare,
PL_CompareValues, 0, 0);
- if ( NULL == ( name2asi_lock = PR_NewRWLock( PR_RWLOCK_RANK_NONE,
- "attrsyntax name2asi rwlock"))) {
+ if ( NULL == ( name2asi_lock = slapi_new_rwlock())) {
if(name2asi) PL_HashTableDestroy(name2asi);
name2asi = NULL;
slapi_log_error( SLAPI_LOG_FATAL, "attr_syntax_init",
- "PR_NewRWLock() for oid2asi lock failed\n" );
+ "slapi_new_rwlock() for oid2asi lock failed\n" );
return 1;
}
}
diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
index ff14108..79f1e60 100644
--- a/ldap/servers/slapd/slapi-plugin.h
+++ b/ldap/servers/slapd/slapi-plugin.h
@@ -4739,6 +4739,7 @@ int slapi_is_loglevel_set( const int loglevel );
*/
typedef struct slapi_mutex Slapi_Mutex;
typedef struct slapi_condvar Slapi_CondVar;
+typedef struct slapi_rwlock Slapi_RWLock;
Slapi_Mutex *slapi_new_mutex( void );
void slapi_destroy_mutex( Slapi_Mutex *mutex );
void slapi_lock_mutex( Slapi_Mutex *mutex );
@@ -4748,6 +4749,64 @@ void slapi_destroy_condvar( Slapi_CondVar *cvar );
int slapi_wait_condvar( Slapi_CondVar *cvar, struct timeval *timeout );
int slapi_notify_condvar( Slapi_CondVar *cvar, int notify_all );
+/**
+ * Creates a new read/write lock.
+ *
+ * \return A pointer to a \c Slapi_RWLock
+ *
+ * \note Free the returned lock by calling slapi_destroy_rwlock() when finished
+ *
+ * \see slapi_destroy_rwlock()
+ * \see slapi_rwlock_rdlock()
+ * \see slapi_rwlock_wrlock()
+ * \see slapi_rwlock_unlock()
+ */
+Slapi_RWLock *slapi_new_rwlock( void );
+
+/**
+ * Free a read/write lock
+ *
+ * \see slapi_new_rwlock()
+ */
+void slapi_destroy_rwlock( Slapi_RWLock *rwlock );
+
+/**
+ * Acquires a reader lock
+ *
+ * \return 0 if successful
+ * \return Non-zero if an error occurred
+ *
+ * \note Release the acquired lock by calling slapi_rwlock_unlock()
+ * \note It is safe for a thread to hold multiple reader locks, but
+ * you must call slapi_rwlock_unlock() for each aquired lock.
+ *
+ * \see slapi_rwlock_unlock()
+ */
+int slapi_rwlock_rdlock( Slapi_RWLock *rwlock );
+
+/**
+ * Acquires a writer lock
+ *
+ * \return 0 if successful
+ * \return Non-zero if an error occurred
+ *
+ * \note Release the acquired lock by calling slapi_rwlock_unlock()
+ *
+ * \see slapi_rwlock_unlock()
+ */
+int slapi_rwlock_wrlock( Slapi_RWLock *rwlock );
+
+/**
+ * Releases a reader or writer lock
+ *
+ * \return 0 if successful
+ * \return Non-zero if an error occurred
+ *
+ * \see slapi_rwlock_rdlock()
+ * \see slapi_rwlock_wrlock()
+ */
+int slapi_rwlock_unlock( Slapi_RWLock *rwlock );
+
/*
* thread-safe LDAP connections
diff --git a/ldap/servers/slapd/slapi2nspr.c b/ldap/servers/slapd/slapi2nspr.c
index 18eebfb..c6d1d97 100644
--- a/ldap/servers/slapd/slapi2nspr.c
+++ b/ldap/servers/slapd/slapi2nspr.c
@@ -210,3 +210,86 @@ slapi_notify_condvar( Slapi_CondVar *cvar, int notify_all )
return( prrc == PR_SUCCESS ? 1 : 0 );
}
+
+#ifndef USE_POSIX_RWLOCKS
+#define USE_POSIX_RWLOCKS 1
+#endif
+
+Slapi_RWLock *
+slapi_new_rwlock(void)
+{
+#ifdef USE_POSIX_RWLOCKS
+ pthread_rwlock_t *rwlock = NULL;
+
+ rwlock = (pthread_rwlock_t *)slapi_ch_malloc(sizeof(pthread_rwlock_t));
+ if (rwlock) {
+ pthread_rwlock_init(rwlock, NULL);
+ }
+
+ return((Slapi_RWLock *)rwlock);
+#else
+ return((Slapi_RWLock *)PR_NewRWLock(PR_RWLOCK_RANK_NONE, "slapi_rwlock"));
+#endif
+}
+
+void
+slapi_destroy_rwlock(Slapi_RWLock *rwlock)
+{
+ if (rwlock != NULL) {
+#ifdef USE_POSIX_RWLOCKS
+ pthread_rwlock_destroy((pthread_rwlock_t *)rwlock);
+ slapi_ch_free((void **)&rwlock);
+#else
+ PR_DestroyLock((PRRWLock *)rwlock);
+#endif
+ }
+}
+
+int
+slapi_rwlock_rdlock( Slapi_RWLock *rwlock )
+{
+ int ret = 0;
+
+ if (rwlock != NULL) {
+#ifdef USE_POSIX_RWLOCKS
+ ret = pthread_rwlock_rdlock((pthread_rwlock_t *)rwlock);
+#else
+ PR_RWLock_Rlock((PRRWLock *)rwlock);
+#endif
+ }
+
+ return ret;
+}
+
+int
+slapi_rwlock_wrlock( Slapi_RWLock *rwlock )
+{
+ int ret = 0;
+
+ if (rwlock != NULL) {
+#ifdef USE_POSIX_RWLOCKS
+ ret = pthread_rwlock_wrlock((pthread_rwlock_t *)rwlock);
+#else
+ PR_RWLock_Wlock((PRRWLock *)rwlock);
+#endif
+ }
+
+ return ret;
+}
+
+int
+slapi_rwlock_unlock( Slapi_RWLock *rwlock )
+{
+ int ret = 0;
+
+ if (rwlock != NULL) {
+#ifdef USE_POSIX_RWLOCKS
+ ret = pthread_rwlock_unlock((pthread_rwlock_t *)rwlock);
+#else
+ PR_RWLock_Unlock((PRRWLock *)rwlock);
+#endif
+ }
+
+ return ret;
+}
+
commit 1719004585a0ef439c116d63bff5a3d9c96d347e
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Tue Dec 13 11:48:38 2011 -0700
Bug 767273 - add switch to disable DN normalization of nested DNs
https://bugzilla.redhat.com/show_bug.cgi?id=767273
Resolves: bug 767273
Bug Description: add switch to disable DN normalization of nested DNs
Reviewed by: nhosoi (Thanks!)
Branch: Directory_Server_8_2_Branch
Fix Description: Added a new cn=config attribute nsslapd-normalize-nested-dn
This is set to "on" by default. If this is set to off, the old (8.2.2)
version of slapi_normalize_dn_ext() will be used instead of the new one.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
cherry-picked from 45623ad410327af106eaf5a50a1149d3c01fc54d and rebased for 8.2
diff --git a/ldap/servers/slapd/dn.c b/ldap/servers/slapd/dn.c
index 8e0d0fa..998f731 100644
--- a/ldap/servers/slapd/dn.c
+++ b/ldap/servers/slapd/dn.c
@@ -60,6 +60,7 @@ static void reset_rdn_avs( struct berval **rdn_avsp, int *rdn_av_countp );
static void sort_rdn_avs( struct berval *avs, int count, int escape );
static int rdn_av_cmp( struct berval *av1, struct berval *av2 );
static void rdn_av_swap( struct berval *av1, struct berval *av2, int escape );
+static int old_slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, size_t *dest_len);
int
@@ -512,6 +513,11 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, size_t *dest_len)
int chkblank = 0;
int avstat = 0;
int is_dn_syntax = 0;
+ int normalize_nested_dn = config_get_normalize_nested_dn();
+
+ if (!normalize_nested_dn) {
+ return old_slapi_dn_normalize_ext(src, src_len, dest, dest_len);
+ }
if (NULL == dest) {
goto bail;
@@ -2324,3 +2330,491 @@ sdn_dump( const Slapi_DN *sdn, const char *text)
LDAPDebug( LDAP_DEBUG_ANY, "SDN %s ptr=%lx dn=%s\n", text, sdn, (sdn->dn==NULL?"NULL":sdn->dn));
}
#endif
+
+/*
+ * This is the old version of slapi_dn_normalize_ext that does not correctly
+ * handle DNs nested within other DNs in all cases, but is required for
+ * backwards compatability
+ * set nsslapd-normalize-nested-dn: off to use this function
+ */
+static int
+old_slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, size_t *dest_len)
+{
+ int rc = -1;
+ int state = B4TYPE;
+ char *s = NULL; /* work pointer for src */
+ char *d = NULL; /* work pointer for dest */
+ char *ends = NULL;
+ char *endd = NULL;
+ char *lastesc = NULL;
+ /* rdn avs for the main DN */
+ char *typestart = NULL;
+ int rdn_av_count = 0;
+ struct berval *rdn_avs = NULL;
+ struct berval initial_rdn_av_stack[ SLAPI_DNNORM_INITIAL_RDN_AVS ];
+ /* rdn avs for the nested DN */
+ char *subtypestart = NULL; /* used for nested rdn avs */
+ int subrdn_av_count = 0;
+ struct berval *subrdn_avs = NULL;
+ struct berval subinitial_rdn_av_stack[ SLAPI_DNNORM_INITIAL_RDN_AVS ];
+ int chkblank = 0;
+
+ if (NULL == dest) {
+ goto bail;
+ }
+ if (NULL == src) {
+ *dest = NULL;
+ *dest_len = 0;
+ goto bail;
+ }
+ if (0 == src_len) {
+ src_len = strlen(src);
+ }
+ s = PL_strnchr(src, '\\', src_len);
+ if (s) {
+ *dest_len = src_len * 3;
+ *dest = slapi_ch_malloc(*dest_len); /* max length */
+ rc = 1;
+ } else {
+ s = PL_strnchr(src, '"', src_len);
+ if (s) {
+ *dest_len = src_len * 3;
+ *dest = slapi_ch_malloc(*dest_len); /* max length */
+ rc = 1;
+ } else {
+ *dest_len = src_len;
+ *dest = src; /* just removing spaces around separators */
+ rc = 0;
+ }
+ }
+
+ ends = src + src_len;
+ endd = *dest + *dest_len;
+ for (s = src, d = *dest; s < ends && d < endd; ) {
+ switch (state) {
+ case B4TYPE: /* before type; cn=... */
+ /* ^ */
+ if (ISSPACE(*s)) {
+ s++; /* skip leading spaces */
+ } else {
+ state = INTYPE;
+ typestart = d;
+ *d++ = *s++;
+ }
+ break;
+ case INTYPE: /* in type; cn=... */
+ /* ^ */
+ if (ISEQUAL(*s)) {
+ state = B4VALUE;
+ *d++ = *s++;
+ } else if (ISCLOSEBRACKET(*s)) { /* special care for ACL macro */
+ state = INVALUE; /* skip a trailing space */
+ *d++ = *s++;
+ } else if (ISSPACE(*s)) {
+ state = B4EQUAL; /* skip a trailing space */
+ } else {
+ *d++ = *s++;
+ }
+ break;
+ case B4EQUAL: /* before equal; cn =... */
+ /* ^ */
+ if (ISEQUAL(*s)) {
+ state = B4VALUE;
+ *d++ = *s++;
+ } else if (ISSPACE(*s)) {
+ s++; /* skip trailing spaces */
+ } else {
+ /* type includes spaces; not a valid dn */
+ rc = -1;
+ goto bail;
+ }
+ break;
+ case B4VALUE: /* before value; cn= ABC */
+ /* ^ */
+ if (ISSPACE(*s)) {
+ s++;
+ } else {
+ if (ISQUOTE(*s)) {
+ s++; /* start with the first char in quotes */
+ state = INQUOTEDVALUE1ST;
+ } else {
+ state = INVALUE1ST;
+ }
+ lastesc = NULL;
+ /* process *s in INVALUE or INQUOTEDVALUE */
+ }
+ break;
+ case INVALUE1ST: /* 1st char in value; cn=ABC */
+ /* ^ */
+ if (ISSPACE(*s)) { /* skip leading spaces */
+ s++;
+ continue;
+ } else if (SEPARATOR(*s)) {
+ /* 1st char in value is separator; invalid dn */
+ rc = -1;
+ goto bail;
+ } /* otherwise, go through */
+ if (ISESCAPE(*s)) {
+ subtypestart = NULL; /* if escaped, can't be multivalued dn */
+ } else {
+ subtypestart = d; /* prepare for '+' in the nested DN, if any */
+ }
+ subrdn_av_count = 0;
+ case INVALUE: /* in value; cn=ABC */
+ /* ^ */
+ if (ISESCAPE(*s)) {
+ if (s + 1 >= ends) {
+ /* DN ends with '\'; invalid dn */
+ rc = -1;
+ goto bail;
+ }
+ if (((state == INVALUE1ST) && LEADNEEDSESCAPE(*(s+1))) ||
+ ((state == INVALUE) && NEEDSESCAPE(*(s+1)))) {
+ if (d + 2 >= endd) {
+ /* Not enough space for dest; this never happens! */
+ rc = -1;
+ goto bail;
+ } else {
+ if (ISEQUAL(*(s+1))) {
+ while (ISSPACE(*(d-1))) {
+ /* remove trailing spaces */
+ d--;
+ }
+ } else if (SEPARATOR(*(s+1))) {
+ /* separator is a subset of needsescape */
+ while (ISSPACE(*(d-1))) {
+ /* remove trailing spaces */
+ d--;
+ chkblank = 1;
+ }
+ if (chkblank && ISESCAPE(*(d-1)) && ISBLANK(*d)) {
+ /* last space is escaped "cn=A\ ,ou=..." */
+ /* ^ */
+ PR_snprintf(d, 3, "%X", *d); /* hexpair */
+ d += 2;
+ chkblank = 0;
+ }
+ /*
+ * Track and sort attribute values within
+ * multivalued RDNs.
+ */
+ if (subtypestart &&
+ (ISPLUS(*(s+1)) || subrdn_av_count > 0)) {
+ add_rdn_av(subtypestart, d, &subrdn_av_count,
+ &subrdn_avs, subinitial_rdn_av_stack);
+ }
+ if (!ISPLUS(*(s+1))) { /* at end of this RDN */
+ if (subrdn_av_count > 1) {
+ sort_rdn_avs( subrdn_avs,
+ subrdn_av_count, 1 );
+ }
+ if (subrdn_av_count > 0) {
+ reset_rdn_avs( &subrdn_avs,
+ &subrdn_av_count );
+ subtypestart = NULL;
+ }
+ }
+ }
+ /* dn: cn=x\=x\,... -> dn: cn=x\3Dx\2C,... */
+ *d++ = *s++; /* '\\' */
+ PR_snprintf(d, 3, "%X", *s); /* hexpair */
+ d += 2;
+ if (ISPLUS(*s)) {
+ /* next type start of multi values */
+ /* should not be a escape char AND should be
+ * followed by \\= or \\3D */
+ if (!ISESCAPE(*s) &&
+ (PL_strnstr(s, "\\=", ends - s) ||
+ PL_strncaserstr(s, "\\3D", ends - s))) {
+ subtypestart = d;
+ } else {
+ subtypestart = NULL;
+ }
+ }
+ if (SEPARATOR(*s) || ISEQUAL(*s)) {
+ while (ISSPACE(*(s+1)))
+ s++; /* remove leading spaces */
+ s++;
+ } else {
+ s++;
+ }
+ }
+ } else if (((state == INVALUE1ST) &&
+ (s+2 < ends) && LEADNEEDSESCAPESTR(s+1)) ||
+ ((state == INVALUE) &&
+ (((s+2 < ends) && NEEDSESCAPESTR(s+1)) ||
+ (ISEOV(s+3, ends) && ISBLANKSTR(s+1))))) {
+ /* e.g., cn=abc\20 ,... */
+ /* ^ */
+ if (ISEQUALSTR(s+1)) {
+ while (ISSPACE(*(d-1))) {
+ /* remove trailing spaces */
+ d--;
+ }
+ } else if (SEPARATORSTR(s+1)) {
+ /* separator is a subset of needsescape */
+ while (ISSPACE(*(d-1))) {
+ /* remove trailing spaces */
+ d--;
+ chkblank = 1;
+ }
+ if (chkblank && ISESCAPE(*(d-1)) && ISBLANK(*d)) {
+ /* last space is escaped "cn=A\ ,ou=..." */
+ /* ^ */
+ PR_snprintf(d, 3, "%X", *d); /* hexpair */
+ d += 2;
+ chkblank = 0;
+ }
+ /*
+ * Track and sort attribute values within
+ * multivalued RDNs.
+ */
+ if (subtypestart &&
+ (ISPLUSSTR(s+1) || subrdn_av_count > 0)) {
+ add_rdn_av(subtypestart, d, &subrdn_av_count,
+ &subrdn_avs, subinitial_rdn_av_stack);
+ }
+ if (!ISPLUSSTR(s+1)) { /* at end of this RDN */
+ if (subrdn_av_count > 1) {
+ sort_rdn_avs( subrdn_avs, subrdn_av_count, 1 );
+ }
+ if (subrdn_av_count > 0) {
+ reset_rdn_avs( &subrdn_avs, &subrdn_av_count );
+ subtypestart = NULL;
+ }
+ }
+ }
+ *d++ = *s++; /* '\\' */
+ *d++ = *s++; /* HEX */
+ *d++ = *s++; /* HEX */
+ if (ISPLUSSTR(s-2)) {
+ /* next type start of multi values */
+ /* should not be a escape char AND should be followed
+ * by \\= or \\3D */
+ if (!ISESCAPE(*s) && (PL_strnstr(s, "\\=", ends - s) ||
+ PL_strncaserstr(s, "\\3D", ends - s))) {
+ subtypestart = d;
+ } else {
+ subtypestart = NULL;
+ }
+ }
+ if (SEPARATORSTR(s-2) || ISEQUALSTR(s-2)) {
+ while (ISSPACE(*s)) /* remove leading spaces */
+ s++;
+ }
+ } else if (s + 2 < ends &&
+ isxdigit(*(s+1)) && isxdigit(*(s+2))) {
+ /* esc hexpair ==> real character */
+ int n = slapi_hexchar2int(*(s+1));
+ int n2 = slapi_hexchar2int(*(s+2));
+ n = (n << 4) + n2;
+ if (n == 0) { /* don't change \00 */
+ *d++ = *++s;
+ *d++ = *++s;
+ } else {
+ *d++ = n;
+ s += 3;
+ }
+ } else {
+ /* ignore an escape for now */
+ lastesc = d; /* position of the previous escape */
+ s++;
+ }
+ } else if (SEPARATOR(*s)) { /* cn=ABC , ... */
+ /* ^ */
+ /* handling a trailing escaped space */
+ /* assuming a space is the only an extra character which
+ * is not escaped if it appears in the middle, but should
+ * be if it does at the end of the RDN value */
+ /* e.g., ou=ABC \ ,o=XYZ --> ou=ABC \ ,o=XYZ */
+ if (lastesc) {
+ while (ISSPACE(*(d-1)) && d > lastesc ) {
+ d--;
+ }
+ if (d == lastesc) {
+ /* esc hexpair of space: \20 */
+ *d++ = '\\';
+ *d++ = '2';
+ *d++ = '0';
+ }
+ } else {
+ while (ISSPACE(*(d-1))) {
+ d--;
+ }
+ }
+ state = B4SEPARATOR;
+ break;
+ } else { /* else if (SEPARATOR(*s)) */
+ *d++ = *s++;
+ }
+ if (state == INVALUE1ST) {
+ state = INVALUE;
+ }
+ break;
+ case INQUOTEDVALUE1ST:
+ if (ISSPACE(*s) && (s+1 < ends && ISSPACE(*(s+1)))) {
+ /* skip leading spaces but need to leave one */
+ s++;
+ continue;
+ }
+ subtypestart = d; /* prepare for '+' in the quoted value, if any */
+ subrdn_av_count = 0;
+ case INQUOTEDVALUE:
+ if (ISQUOTE(*s)) {
+ if (ISESCAPE(*(d-1))) { /* the quote is escaped */
+ PR_snprintf(d, 3, "%X", *(s++)); /* hexpair */
+ } else { /* end of INQUOTEVALUE */
+ while (ISSPACE(*(d-1))) { /* eliminate trailing spaces */
+ d--;
+ chkblank = 1;
+ }
+ /* We have to keep the last ' ' of a value in quotes.
+ * The same idea as the escaped last space:
+ * "cn=A,ou=B " */
+ /* ^ */
+ if (chkblank && ISBLANK(*d)) {
+ PR_snprintf(d, 4, "\\%X", *d); /* hexpair */
+ d += 3;
+ chkblank = 0;
+ }
+ state = B4SEPARATOR;
+ s++;
+ }
+ } else if (((state == INQUOTEDVALUE1ST) && LEADNEEDSESCAPE(*s)) ||
+ (state == INQUOTEDVALUE && NEEDSESCAPE(*s))) {
+ if (d + 2 >= endd) {
+ /* Not enough space for dest; this never happens! */
+ rc = -1;
+ goto bail;
+ } else {
+ if (ISEQUAL(*s)) {
+ while (ISSPACE(*(d-1))) { /* remove trailing spaces */
+ d--;
+ }
+ } else if (SEPARATOR(*s)) {
+ /* separator is a subset of needsescape */
+ while (ISSPACE(*(d-1))) { /* remove trailing spaces */
+ d--;
+ chkblank = 1;
+ }
+ /* We have to keep the last ' ' of a value in quotes.
+ * The same idea as the escaped last space:
+ * "cn=A\ ,ou=..." */
+ /* ^ */
+ if (chkblank && ISBLANK(*d)) {
+ PR_snprintf(d, 4, "\\%X", *d); /* hexpair */
+ d += 3;
+ chkblank = 0;
+ }
+ /*
+ * Track and sort attribute values within
+ * multivalued RDNs.
+ */
+ if (subtypestart &&
+ (ISPLUS(*s) || subrdn_av_count > 0)) {
+ add_rdn_av(subtypestart, d, &subrdn_av_count,
+ &subrdn_avs, subinitial_rdn_av_stack);
+ }
+ if (!ISPLUS(*s)) { /* at end of this RDN */
+ if (subrdn_av_count > 1) {
+ sort_rdn_avs( subrdn_avs, subrdn_av_count, 1 );
+ }
+ if (subrdn_av_count > 0) {
+ reset_rdn_avs( &subrdn_avs, &subrdn_av_count );
+ subtypestart = NULL;
+ }
+ }
+ }
+
+ /* dn: cn="x=x,..",... -> dn: cn=x\3Dx\2C,... */
+ *d++ = '\\';
+ PR_snprintf(d, 3, "%X", *s); /* hexpair */
+ d += 2;
+ if (ISPLUS(*s++)) {
+ subtypestart = d; /* next type start of multi values */
+ }
+ if (SEPARATOR(*(s-1)) || ISEQUAL(*(s-1))) {
+ while (ISSPACE(*s)) /* remove leading spaces */
+ s++;
+ }
+ }
+ } else {
+ *d++ = *s++;
+ }
+ if (state == INQUOTEDVALUE1ST) {
+ state = INQUOTEDVALUE;
+ }
+ break;
+ case B4SEPARATOR:
+ if (SEPARATOR(*s)) {
+ state = B4TYPE;
+
+ /*
+ * Track and sort attribute values within
+ * multivalued RDNs.
+ */
+ if (typestart &&
+ (ISPLUS(*s) || rdn_av_count > 0)) {
+ add_rdn_av(typestart, d, &rdn_av_count,
+ &rdn_avs, initial_rdn_av_stack);
+ }
+ if (!ISPLUS(*s)) { /* at end of this RDN */
+ if (rdn_av_count > 1) {
+ sort_rdn_avs( rdn_avs, rdn_av_count, 0 );
+ }
+ if (rdn_av_count > 0) {
+ reset_rdn_avs( &rdn_avs, &rdn_av_count );
+ typestart = NULL;
+ }
+ }
+
+ *d++ = (ISPLUS(*s++)) ? '+' : ',';
+ } else {
+ s++;
+ }
+ break;
+ default:
+ LDAPDebug( LDAP_DEBUG_ANY,
+ "slapi_dn_normalize - unknown state %d\n", state, 0, 0 );
+ break;
+ }
+ }
+
+ /*
+ * Track and sort attribute values within multivalued RDNs.
+ */
+ /* We may still be in an unexpected state, such as B4TYPE if
+ * we encountered something odd like a '+' at the end of the
+ * rdn. If this is the case, we don't want to add this bogus
+ * rdn to our list to sort. We should only be in the INVALUE
+ * or B4SEPARATOR state if we have a valid rdn component to
+ * be added. */
+ if (typestart && (rdn_av_count > 0) && ((state == INVALUE1ST) ||
+ (state == INVALUE) || (state == B4SEPARATOR))) {
+ add_rdn_av(typestart, d, &rdn_av_count, &rdn_avs, initial_rdn_av_stack);
+ }
+ if ( rdn_av_count > 1 ) {
+ sort_rdn_avs( rdn_avs, rdn_av_count, 0 );
+ }
+ if ( rdn_av_count > 0 ) {
+ reset_rdn_avs( &rdn_avs, &rdn_av_count );
+ }
+ /* Trim trailing spaces */
+ while (d > *dest && ISBLANK(*(d-1))) {
+ --d; /* XXX 518524 */
+ }
+ *dest_len = d - *dest;
+bail:
+ if (rc < 0) {
+ if (*dest != src) {
+ slapi_ch_free_string(dest);
+ } else {
+ *dest = NULL;
+ }
+ *dest_len = 0;
+ } else if (rc > 0) {
+ /* We terminate the str with NULL only when we allocate the str */
+ *d = '\0';
+ }
+ return rc;
+}
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index b8e26d1..945ebca 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -624,7 +624,11 @@ static struct config_get_and_set {
{CONFIG_FORCE_SASL_EXTERNAL_ATTRIBUTE, config_set_force_sasl_external,
NULL, 0,
(void**)&global_slapdFrontendConfig.force_sasl_external, CONFIG_ON_OFF,
- (ConfigGetFunc)config_get_force_sasl_external}
+ (ConfigGetFunc)config_get_force_sasl_external},
+ {CONFIG_NORMALIZE_NESTED_DN, config_set_normalize_nested_dn,
+ NULL, 0,
+ (void**)&global_slapdFrontendConfig.normalize_nested_dn, CONFIG_ON_OFF,
+ (ConfigGetFunc)config_get_normalize_nested_dn}
#ifdef MEMPOOL_EXPERIMENTAL
,{CONFIG_MEMPOOL_SWITCH_ATTRIBUTE, config_set_mempool_switch,
NULL, 0,
@@ -1002,6 +1006,7 @@ FrontendConfig_init () {
cfg->auditlog_exptime = 1;
cfg->auditlog_exptimeunit = slapi_ch_strdup("month");
+ cfg->normalize_nested_dn = LDAP_ON; /* normalize_nested_dn is on by default */
#ifdef MEMPOOL_EXPERIMENTAL
cfg->mempool_switch = LDAP_ON;
cfg->mempool_maxfreelist = 1024;
@@ -5526,6 +5531,32 @@ config_set_force_sasl_external( const char *attrname, char *value,
}
+int
+config_get_normalize_nested_dn(void)
+{
+ int retVal;
+ slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+ /* disable locking for this value for performance */
+ /*CFG_LOCK_READ(slapdFrontendConfig);*/
+ retVal = slapdFrontendConfig->normalize_nested_dn;
+ /*CFG_UNLOCK_READ(slapdFrontendConfig);*/
+
+ return retVal;
+}
+
+int
+config_set_normalize_nested_dn( const char *attrname, char *value,
+ char *errorbuf, int apply )
+{
+ int retVal = LDAP_SUCCESS;
+ slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+
+ retVal = config_set_onoff(attrname, value,
+ &(slapdFrontendConfig->normalize_nested_dn),
+ errorbuf, apply);
+ return retVal;
+}
+
/*
* This function is intended to be used from the dse code modify callback. It
* is "optimized" for that case because it takes a berval** of values, which is
diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
index 2c85b20..3392025 100644
--- a/ldap/servers/slapd/proto-slap.h
+++ b/ldap/servers/slapd/proto-slap.h
@@ -351,6 +351,7 @@ int config_set_minssf(const char *attrname, char *value, char *errorbuf, int app
int config_set_accesslogbuffering(const char *attrname, char *value, char *errorbuf, int apply);
int config_set_csnlogging(const char *attrname, char *value, char *errorbuf, int apply);
int config_set_force_sasl_external(const char *attrname, char *value, char *errorbuf, int apply );
+int config_set_normalize_nested_dn( const char *attrname, char *value, char *errorbuf, int apply );
#if !defined(_WIN32) && !defined(AIX)
int config_set_maxdescriptors( const char *attrname, char *value, char *errorbuf, int apply );
@@ -489,6 +490,7 @@ long config_get_system_page_size();
int config_get_system_page_bits();
#endif
int config_get_force_sasl_external();
+int config_get_normalize_nested_dn(void);
int is_abspath(const char *);
char* rel2abspath( char * );
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
index 1ec7224..e55fb1f 100644
--- a/ldap/servers/slapd/slap.h
+++ b/ldap/servers/slapd/slap.h
@@ -1857,6 +1857,7 @@ typedef struct _slapdEntryPoints {
#define CONFIG_HASH_FILTERS_ATTRIBUTE "nsslapd-hash-filters"
#define CONFIG_OUTBOUND_LDAP_IO_TIMEOUT_ATTRIBUTE "nsslapd-outbound-ldap-io-timeout"
#define CONFIG_FORCE_SASL_EXTERNAL_ATTRIBUTE "nsslapd-force-sasl-external"
+#define CONFIG_NORMALIZE_NESTED_DN "nsslapd-normalize-nested-dn"
#ifdef MEMPOOL_EXPERIMENTAL
#define CONFIG_MEMPOOL_SWITCH_ATTRIBUTE "nsslapd-mempool"
@@ -2073,6 +2074,7 @@ typedef struct _slapdFrontendConfig {
int system_page_bits; /* bit count to shift the system page size */
#endif /* MEMPOOL_EXPERIMENTAL */
int force_sasl_external; /* force SIMPLE bind to be SASL/EXTERNAL if client cert credentials were supplied */
+ int normalize_nested_dn; /* if true, attempt to normalize DNs nested within a DN */
} slapdFrontendConfig_t;
/* possible values for slapdFrontendConfig_t.schemareplace */
commit 7c1124804a8b63d55827d1e3cb2f23261847559b
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 16:03:57 2011 -0700
Bug 750622 - Fix Coverity (11104) Resource leak:
ids_sasl_user_to_entry (slapd/saslbind.c)
https://bugzilla.redhat.com/show_bug.cgi?id=750622
Bug Description: sasl_map_domap allocates strings for "base" and
"filter" in it; the caller ids_sasl_user_to_entry releases them
only when the function returns non-0 regexmatch (matched), but
even if the return value is 0 (did not match), the strings are
allocated.
Fix Description: underlying function sasl_map_check frees "base"
and "filter" if mapping did not match.
(cherry picked from commit 6af5ece3ca029271f2b2180c24bad546e2d64c45)
diff --git a/ldap/servers/slapd/sasl_map.c b/ldap/servers/slapd/sasl_map.c
index d6a84a7..3cdabac 100644
--- a/ldap/servers/slapd/sasl_map.c
+++ b/ldap/servers/slapd/sasl_map.c
@@ -517,6 +517,8 @@ sasl_map_check(sasl_map_data *dp, char *sasl_user_and_realm, char **ldap_search_
"sasl_map_check: slapi_re_subs failed: "
"subject: %s, subst str: %s (%d)\n",
sasl_user_and_realm, dp->template_base_dn, rc);
+ slapi_ch_free_string(ldap_search_base);
+ slapi_ch_free_string(ldap_search_filter);
} else {
/* Substitutes '&' and/or "\#" in template_search_filter */
rc = slapi_re_subs(re, sasl_user_and_realm,
@@ -527,6 +529,8 @@ sasl_map_check(sasl_map_data *dp, char *sasl_user_and_realm, char **ldap_search_
"sasl_map_check: slapi_re_subs failed: "
"subject: %s, subst str: %s (%d)\n",
sasl_user_and_realm, dp->template_search_filter, rc);
+ slapi_ch_free_string(ldap_search_base);
+ slapi_ch_free_string(ldap_search_filter);
} else {
/* these values are internal regex representations with
* lots of unprintable control chars - escape for logging */
commit 4bdaacd5b1c06cd1ecbd1788d37f067db38957ac
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Fri Oct 28 12:51:08 2011 -0600
Bug 748575 - part 2 - rhds81 modrdn operation and 100% cpu use in replication
https://bugzilla.redhat.com/show_bug.cgi?id=748575
Resolves: bug 748575
Bug Description: rhds81 modrdn operation and 100% cpu use in replication
Reviewed by: nhosoi (Thanks!)
Branch: Directory_Server_8_2_Branch
Fix Description: The entry code takes great pains to add or insert in
ascending order the dncsn to the e_dncsnset. But the only place this is
ever used is in the call to entry_get_dncsn, which just calls
csnset_get_last_csn, which just gets the last one in the list. Since the
last one in the list is the one with the greatest csn, and the function
csnset_update_csn already stores the greatest csn, we can just use that
function, rather than using csnset_add and insert and building a potentially
very large list. This should also have the effect of making importing
a replica init LDIF faster.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
(cherry picked from commit c07717326879119f321512d87e558b69045a86fd)
diff --git a/ldap/servers/slapd/entrywsi.c b/ldap/servers/slapd/entrywsi.c
index 83a9c2a..4959047 100644
--- a/ldap/servers/slapd/entrywsi.c
+++ b/ldap/servers/slapd/entrywsi.c
@@ -184,10 +184,7 @@ int
entry_add_dncsn(Slapi_Entry *entry, const CSN *csn)
{
PR_ASSERT(entry!=NULL);
- if(!csnset_contains(entry->e_dncsnset,csn))
- {
- csnset_add_csn(&entry->e_dncsnset, CSN_TYPE_VALUE_DISTINGUISHED, csn);
- }
+ csnset_update_csn(&entry->e_dncsnset, CSN_TYPE_VALUE_DISTINGUISHED, csn);
return 0;
}
@@ -204,17 +201,7 @@ int
entry_add_dncsn_ext(Slapi_Entry *entry, const CSN *csn, PRUint32 flags)
{
PR_ASSERT(entry!=NULL);
- if(!csnset_contains(entry->e_dncsnset,csn))
- {
- if (flags & ENTRY_DNCSN_INCREASING)
- {
- csnset_insert_csn(&entry->e_dncsnset, CSN_TYPE_VALUE_DISTINGUISHED, csn);
- }
- else
- {
- csnset_add_csn(&entry->e_dncsnset, CSN_TYPE_VALUE_DISTINGUISHED, csn);
- }
- }
+ csnset_update_csn(&entry->e_dncsnset, CSN_TYPE_VALUE_DISTINGUISHED, csn);
return 0;
}
commit 7b6a831c344c33c128a15328ec0b8e46690248ec
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Wed Oct 26 17:13:28 2011 -0600
Bug 748575 - rhds81 modrn operation and 100% cpu use in replication
https://bugzilla.redhat.com/show_bug.cgi?id=748575
Resolves: bug 748575
Bug Description: rhds81 modrn operation and 100% cpu use in replication
Reviewed by: ???
Branch: Directory_Server_8_2_Branch
Fix Description: The modrdn operation causes the entry to be copied multiple
times by calling slapi_entry_dup. This in turn does a csnset_dup of the
e_dncsnset in the entry. This function was very inefficient. It would simply
call csnset_add_csn, which would iterate to the end of the linked list
for every addition. Once you get several thousand items in the list, it
has to iterate to the end of several thousand items each time. I changed it
to keep track of the last item in the list, and just add the new item to the
end of the list. This improves the performance quite a bit, but the cpu
still gets pegged at a high percentage eventually, it just takes longer to
reach that point.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
(cherry picked from commit 23467126c33a1f6004bb8357d87bc355a53eb25d)
diff --git a/ldap/servers/slapd/csnset.c b/ldap/servers/slapd/csnset.c
index 645c17e..d98cecf 100644
--- a/ldap/servers/slapd/csnset.c
+++ b/ldap/servers/slapd/csnset.c
@@ -374,11 +374,13 @@ CSNSet *
csnset_dup(const CSNSet *csnset)
{
CSNSet *newcsnset= NULL;
+ CSNSet **curnode = &newcsnset;
const CSNSet *n= csnset;
while(n!=NULL)
{
- csnset_add_csn(&newcsnset,n->type,&n->csn);
+ csnset_add_csn(curnode,n->type,&n->csn);
n= n->next;
+ curnode = &((*curnode)->next);
}
return newcsnset;
}
diff --git a/ldap/servers/slapd/entrywsi.c b/ldap/servers/slapd/entrywsi.c
index 01c160c..83a9c2a 100644
--- a/ldap/servers/slapd/entrywsi.c
+++ b/ldap/servers/slapd/entrywsi.c
@@ -357,6 +357,7 @@ entry_purge_state_information(Slapi_Entry *e, const CSN *csnUpTo)
*/
attr_purge_state_information(e, a, csnUpTo);
}
+ csnset_purge(&e->e_dncsnset, csnUpTo);
}
/*
commit f5ed8e84a50b27135ed30e7662a29cf0a071244e
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Thu Jul 7 11:38:00 2011 -0600
Bug 709468 - RSA Authentication Server timeouts when using simple paged results on RHDS 8.2.
https://bugzilla.redhat.com/show_bug.cgi?id=709468
Resolves: bug 709468
Bug Description: RSA Authentication Server timeouts when using simple paged results on RHDS 8.2.
Reviewed by: nkinder, nhosoi (Thanks!)
Branch: Directory_Server_8_2_Branch
Fix Description: When returning the last page of the last result set, in the
searchResultDone message, the paged results cookie is set to NULL. This
means the client cannot issue another search using this result set/cookie,
which means the server can free/reset the simple paged resources
associated with this result set. Use pagedresults_cleanup() to do this.
Since before it was assumed pagedresults_cleanup was called with the
connection lock, a new parameter tells it if it needs to lock or not.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
diff --git a/ldap/servers/slapd/abandon.c b/ldap/servers/slapd/abandon.c
index 4e87a71..8870364 100644
--- a/ldap/servers/slapd/abandon.c
+++ b/ldap/servers/slapd/abandon.c
@@ -152,7 +152,12 @@ do_abandon( Slapi_PBlock *pb )
0 );
}
- if ( NULL == o ) {
+ if (pagedresults_cleanup(pb->pb_conn, 0 /* already locked */)) {
+ /* Cleaned up paged result connection */
+ slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d ABANDON"
+ " targetop=Simple Paged Results\n",
+ pb->pb_conn->c_connid, pb->pb_op->o_opid );
+ } else if ( NULL == o ) {
slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d ABANDON"
" targetop=NOTFOUND msgid=%d\n",
pb->pb_conn->c_connid, pb->pb_op->o_opid, id );
diff --git a/ldap/servers/slapd/connection.c b/ldap/servers/slapd/connection.c
index 768f959..ec2b6bd 100644
--- a/ldap/servers/slapd/connection.c
+++ b/ldap/servers/slapd/connection.c
@@ -200,16 +200,7 @@ connection_cleanup(Connection *conn)
/* destroy any sasl context */
sasl_dispose((sasl_conn_t**)&conn->c_sasl_conn);
/* PAGED_RESULTS */
- if (conn->c_search_result_set) {
- if (conn->c_current_be->be_search_results_release) {
- conn->c_current_be->be_search_results_release(&(conn->c_search_result_set));
- }
- conn->c_search_result_set = NULL;
- }
- conn->c_current_be = NULL;
- conn->c_search_result_count = 0;
- conn->c_timelimit = 0;
- /* PAGED_RESULTS ENDS */
+ pagedresults_cleanup(conn, 0 /* do not need to lock inside */);
/* free the connection socket buffer */
connection_free_private_buffer(conn);
@@ -2723,6 +2714,9 @@ disconnect_server_nomutex( Connection *conn, PRUint64 opconnid, int opid, PRErro
conn->c_gettingber = 0;
connection_abandon_operations( conn );
+ pagedresults_cleanup(conn, 0 /* already locked */); /* In case the connection is on pagedresult.
+ Better to call it after the op is abandened. */
+
if (! config_check_referral_mode()) {
/*
* If any of the outstanding operations on this
diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
index 08243dd..2761886 100644
--- a/ldap/servers/slapd/opshared.c
+++ b/ldap/servers/slapd/opshared.c
@@ -587,6 +587,9 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
sort_make_sort_response_control(pb, CONN_GET_SORT_RESULT_CODE, NULL);
}
next_be = NULL; /* to break the loop */
+ if (curr_search_count == -1) {
+ pagedresults_cleanup(pb->pb_conn, 1 /* need to lock */);
+ }
} else {
/* be_suffix null means that we are searching the default backend
* -> don't change the search parameters in pblock
@@ -725,6 +728,9 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
pagesize, curr_search_count);
slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET, NULL );
next_be = NULL; /* to break the loop */
+ if (curr_search_count == -1) {
+ pagedresults_cleanup(pb->pb_conn, 1 /* need to lock */);
+ }
}
/* if rc != 0 an error occurred while sending back the entries
diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
index 919dd4c..270a074 100644
--- a/ldap/servers/slapd/pagedresults.c
+++ b/ldap/servers/slapd/pagedresults.c
@@ -314,6 +314,39 @@ pagedresults_set_timelimit(Connection *conn, time_t timelimit)
}
/*
+ * must be called with conn->c_mutex held
+ * return values
+ * 0: not a simple paged result connection
+ * 1: simple paged result and successfully abandoned
+ */
+int
+pagedresults_cleanup(Connection *conn, int needlock)
+{
+ int rc = 0;
+
+ if (needlock) {
+ PR_Lock(conn->c_mutex);
+ }
+ if (conn->c_current_be) {
+ if (conn->c_search_result_set) {
+ if (conn->c_current_be->be_search_results_release) {
+ conn->c_current_be->be_search_results_release(&(conn->c_search_result_set));
+ }
+ conn->c_search_result_set = NULL;
+ }
+ conn->c_current_be = 0;
+ rc = 1;
+ }
+ conn->c_search_result_count = 0;
+ conn->c_timelimit = 0;
+ conn->c_flags &= ~CONN_FLAG_PAGEDRESULTS_PROCESSING;
+ if (needlock) {
+ PR_Unlock(conn->c_mutex);
+ }
+ return rc;
+}
+
+/*
* check to see if this connection is currently processing
* a pagedresults search - if it is, return True - if not,
* mark that it is processing, and return False
diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
index f11565c..2c85b20 100644
--- a/ldap/servers/slapd/proto-slap.h
+++ b/ldap/servers/slapd/proto-slap.h
@@ -1349,6 +1349,7 @@ int pagedresults_set_with_sort(Connection *conn, int flags);
int pagedresults_get_sort_result_code(Connection *conn);
int pagedresults_set_sort_result_code(Connection *conn, int code);
int pagedresults_set_timelimit(Connection *conn, time_t timelimit);
+int pagedresults_cleanup(Connection *conn, int needlock);
int pagedresults_check_or_set_processing(Connection *conn);
int pagedresults_reset_processing(Connection *conn);
commit b05d4f5b97db5662bb617b312818fb20b8433d28
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Wed Jun 22 20:54:58 2011 -0600
Bug 697694 - rhds82 - incr update state stop_fatal_error "requires administrator action", with extop_result: 9
https://bugzilla.redhat.com/show_bug.cgi?id=697694
Resolves: bug 697694
Bug Description: incr update state stop_fatal_error "requires administrator action", with extop_result: 9
Reviewed by: nkinder, nhosoi (Thanks!)
Branch: Directory_Server_8_2_Branch
Fix Description: Calling ldap_result with LDAP_RES_ANY will return the first
msgid available. Because the operation sending and receiving is async
done in separate threads, we may not get the msgid corresponding to the
request we sent. This is the cause of the "Bad parameter to an LDAP routine"
errors. We call ldap_parse_result expecting an EXTENDED operation but we get
some other operation. This causes hard failures to eventually propagate up
and halt replication with fatal errors. The solution is to call
ldap_result with the actual msgid corresponding to the operation that was
sent, instead of LDAP_RES_ANY.
This is hard to reproduce. One way I have found to consistently reproduce
the error is to set up a 4-way MMR and run one of the masters in the
debugger. Break the debugger and let the server sit idle for several minutes
until you see errors in the errors logs of the other masters. Break and
continue like this several times, and you will eventually see "Bad parameter
to an LDAP routine" errors.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h
index 6be21ce..6c322c2 100644
--- a/ldap/servers/plugins/replication/repl5.h
+++ b/ldap/servers/plugins/replication/repl5.h
@@ -398,7 +398,7 @@ void conn_set_timeout(Repl_Connection *conn, long timeout);
long conn_get_timeout(Repl_Connection *conn);
void conn_set_agmt_changed(Repl_Connection *conn);
ConnResult conn_read_result(Repl_Connection *conn, int *message_id);
-ConnResult conn_read_result_ex(Repl_Connection *conn, char **retoidp, struct berval **retdatap, LDAPControl ***returned_controls, int *message_id, int noblock);
+ConnResult conn_read_result_ex(Repl_Connection *conn, char **retoidp, struct berval **retdatap, LDAPControl ***returned_controls, int send_msgid, int *resp_msgid, int noblock);
/* In repl5_protocol.c */
typedef struct repl_protocol Repl_Protocol;
diff --git a/ldap/servers/plugins/replication/repl5_connection.c b/ldap/servers/plugins/replication/repl5_connection.c
index 927fb20..11bf3f7 100644
--- a/ldap/servers/plugins/replication/repl5_connection.c
+++ b/ldap/servers/plugins/replication/repl5_connection.c
@@ -284,7 +284,7 @@ conn_get_error_ex(Repl_Connection *conn, int *operation, int *error, char **erro
/* The _ex version handles a bunch of parameters (retoidp et al) that were present in the original
* sync operation functions, but were never actually used) */
ConnResult
-conn_read_result_ex(Repl_Connection *conn, char **retoidp, struct berval **retdatap, LDAPControl ***returned_controls, int *message_id, int block)
+conn_read_result_ex(Repl_Connection *conn, char **retoidp, struct berval **retdatap, LDAPControl ***returned_controls, int send_msgid, int *resp_msgid, int block)
{
LDAPMessage *res = NULL;
int setlevel = 0;
@@ -323,7 +323,7 @@ conn_read_result_ex(Repl_Connection *conn, char **retoidp, struct berval **retda
break;
}
- rc = ldap_result(conn->ld, LDAP_RES_ANY , 1, &local_timeout, &res);
+ rc = ldap_result(conn->ld, send_msgid, 1, &local_timeout, &res);
PR_Unlock(conn->lock);
if (0 != rc)
@@ -412,9 +412,9 @@ conn_read_result_ex(Repl_Connection *conn, char **retoidp, struct berval **retda
char **referrals = NULL;
char *matched = NULL;
- if (message_id)
+ if (resp_msgid)
{
- *message_id = ldap_msgid(res);
+ *resp_msgid = ldap_msgid(res);
}
rc = ldap_parse_result(conn->ld, res, &err, &matched,
@@ -483,7 +483,7 @@ conn_read_result_ex(Repl_Connection *conn, char **retoidp, struct berval **retda
ConnResult
conn_read_result(Repl_Connection *conn, int *message_id)
{
- return conn_read_result_ex(conn,NULL,NULL,NULL,message_id,1);
+ return conn_read_result_ex(conn,NULL,NULL,NULL,LDAP_RES_ANY,message_id,1);
}
/* Because the SDK isn't really thread-safe (it can deadlock between
diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c
index d999d3b..4de9fc7 100644
--- a/ldap/servers/plugins/replication/repl5_inc_protocol.c
+++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c
@@ -293,7 +293,7 @@ static void repl5_inc_result_threadmain(void *param)
while (!finished)
{
- conres = conn_read_result_ex(conn, NULL, NULL, NULL, &message_id, 0);
+ conres = conn_read_result_ex(conn, NULL, NULL, NULL, LDAP_RES_ANY, &message_id, 0);
slapi_log_error(SLAPI_LOG_REPL, NULL, "repl5_inc_result_threadmain: read result for message_id %d\n", message_id);
/* Timeout here means that we didn't block, not a real timeout */
if (CONN_TIMEOUT == conres)
diff --git a/ldap/servers/plugins/replication/repl5_protocol_util.c b/ldap/servers/plugins/replication/repl5_protocol_util.c
index 3fbc978..54f2a22 100644
--- a/ldap/servers/plugins/replication/repl5_protocol_util.c
+++ b/ldap/servers/plugins/replication/repl5_protocol_util.c
@@ -212,6 +212,7 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
current_csn = get_current_csn(replarea_sdn);
if (NULL != current_csn)
{
+ int send_msgid = 0;
struct berval *payload = NSDS50StartReplicationRequest_new(
prot_oid, slapi_sdn_get_ndn(replarea_sdn),
NULL /* XXXggood need to provide referral(s) */, current_csn);
@@ -219,7 +220,7 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
csn_free(¤t_csn);
current_csn = NULL;
crc = conn_send_extended_operation(conn,
- REPL_START_NSDS50_REPLICATION_REQUEST_OID, payload, NULL /* update control */, NULL /* Message ID */);
+ REPL_START_NSDS50_REPLICATION_REQUEST_OID, payload, NULL /* update control */, &send_msgid /* Message ID */);
if (CONN_OPERATION_SUCCESS != crc)
{
int operation, error;
@@ -234,7 +235,7 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
error ? ldap_err2string(error) : "unknown error");
}
/* Since the operation request is async, we need to wait for the response here */
- crc = conn_read_result_ex(conn,&retoid,&retdata,NULL,NULL,1);
+ crc = conn_read_result_ex(conn,&retoid,&retdata,NULL,send_msgid,NULL,1);
ber_bvfree(payload);
payload = NULL;
/* Look at the response we got. */
@@ -482,7 +483,7 @@ release_replica(Private_Repl_Protocol *prp)
goto error;
}
/* Since the operation request is async, we need to wait for the response here */
- conres = conn_read_result_ex(prp->conn,&retoid,&retdata,NULL,&ret_message_id,1);
+ conres = conn_read_result_ex(prp->conn,&retoid,&retdata,NULL,sent_message_id,&ret_message_id,1);
if (CONN_OPERATION_SUCCESS != conres)
{
int operation, error;
diff --git a/ldap/servers/plugins/replication/repl5_tot_protocol.c b/ldap/servers/plugins/replication/repl5_tot_protocol.c
index 7bd6e25..8ceee7a 100644
--- a/ldap/servers/plugins/replication/repl5_tot_protocol.c
+++ b/ldap/servers/plugins/replication/repl5_tot_protocol.c
@@ -153,7 +153,7 @@ static void repl5_tot_result_threadmain(void *param)
while (!finished)
{
- conres = conn_read_result_ex(conn, NULL, NULL, NULL, &message_id, 0);
+ conres = conn_read_result_ex(conn, NULL, NULL, NULL, LDAP_RES_ANY, &message_id, 0);
/* Timeout here means that we didn't block, not a real timeout */
if (CONN_TIMEOUT == conres)
{
commit eff49fc34104ffd0c0314eb02b2f92954566a4b2
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Tue May 24 11:38:32 2011 -0600
Bug 707015 - Cannot disable SSLv3 and use TLS only
https://bugzilla.redhat.com/show_bug.cgi?id=707015
Resolves: bug 707015
Bug Description: Cannot disable SSLv3 and use TLS only
Reviewed by: nkinder (Thanks!)
Branch: Directory_Server_8_2_Branch
Fix Description: We had attributes in the cn=encryption,cn=config entry
for nsSSL2 and nsSSL3 but they were not being used. The way it works now
is this:
If the nsSSL3 attribute is not present, and modutil -chkfips is disabled,
SSLv3 will be enabled.
If the nsSSL3 attribute is not present, and modutil -chkfips is enabled,
SSLv3 will be disabled.
If FIPS is enabled, SSLv3 will be disabled. If the user set nsSSL3 to
"on" or boolean true, the server will print a warning message to the error
log and disable SSLv3.
If FIPS is disabled, and the nsSSL3 attribute is present, and the value
is "on" or a boolean value that evaluates to true, SSLv3 will be enabled.
If FIPS is disabled, and the nsSSL3 attribute is present, and the value
is "off" or a boolean value that evaluates to false, SSLv3 will be disabled.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: Yes - will need to document this behavior
(cherry picked from commit 63309e4c86bf30720b8213bd2f486cc19327be62)
diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
index 0866dc7..158ce21 100644
--- a/ldap/servers/slapd/ssl.c
+++ b/ldap/servers/slapd/ssl.c
@@ -754,6 +754,10 @@ int slapd_ssl_init2(PRFileDesc **fd, int startTLS)
int slapd_SSLclientAuth;
char* tmpDir;
Slapi_Entry *e = NULL;
+ PRBool enableSSL2 = PR_FALSE;
+ PRBool enableSSL3 = PR_TRUE;
+ PRBool enableTLS1 = PR_TRUE;
+ PRBool fipsMode = PR_FALSE;
/* turn off the PKCS11 pin interactive mode */
#ifndef _WIN32
@@ -803,6 +807,9 @@ int slapd_ssl_init2(PRFileDesc **fd, int startTLS)
errorCode, slapd_pr_strerror(errorCode));
return -1;
}
+ fipsMode = PR_TRUE;
+ /* FIPS does not like to use SSLv3 */
+ enableSSL3 = PR_FALSE;
}
slapd_pk11_setSlotPWValues(slot, 0, 0);
@@ -995,23 +1002,16 @@ int slapd_ssl_init2(PRFileDesc **fd, int startTLS)
return -1;
}
- sslStatus = SSL_OptionSet(pr_sock, SSL_ENABLE_SSL3, PR_TRUE);
- if (sslStatus != SECSuccess) {
- errorCode = PR_GetError();
- slapd_SSL_warn("Security Initialization: Failed to enable SSLv3 "
- "on the imported socket (" SLAPI_COMPONENT_NAME_NSPR " error %d - %s)",
- errorCode, slapd_pr_strerror(errorCode));
- }
-
- sslStatus = SSL_OptionSet(pr_sock, SSL_ENABLE_TLS, PR_TRUE);
+/* Explicitly disabling SSL2 - NGK */
+ sslStatus = SSL_OptionSet(pr_sock, SSL_ENABLE_SSL2, enableSSL2);
if (sslStatus != SECSuccess) {
errorCode = PR_GetError();
- slapd_SSL_warn("Security Initialization: Failed to enable TLS "
+ slapd_SSL_warn("Security Initialization: Failed to %s SSLv2 "
"on the imported socket (" SLAPI_COMPONENT_NAME_NSPR " error %d - %s)",
+ enableSSL2 ? "enable" : "disable",
errorCode, slapd_pr_strerror(errorCode));
+ return -1;
}
-/* Explicitly disabling SSL2 - NGK */
- sslStatus = SSL_OptionSet(pr_sock, SSL_ENABLE_SSL2, PR_FALSE);
/* Retrieve the SSL Client Authentication status from cn=config */
/* Set a default value if no value found */
@@ -1056,6 +1056,55 @@ int slapd_ssl_init2(PRFileDesc **fd, int startTLS)
slapi_ch_free_string(&val);
}
+ if ( e != NULL ) {
+ val = slapi_entry_attr_get_charptr( e, "nsSSL3" );
+ if ( val ) {
+ if ( !strcasecmp( val, "off" ) ) {
+ enableSSL3 = PR_FALSE;
+ } else if ( !strcasecmp( val, "on" ) ) {
+ enableSSL3 = PR_TRUE;
+ } else {
+ enableSSL3 = slapi_entry_attr_get_bool( e, "nsSSL3" );
+ }
+ if ( fipsMode && enableSSL3 ) {
+ slapd_SSL_warn("Security Initialization: FIPS mode is enabled and "
+ "nsSSL3 explicitly set to on - SSLv3 is not approved "
+ "for use in FIPS mode - SSLv3 will be disabled - if "
+ "you want to use SSLv3, you must use modutil to "
+ "disable FIPS in the internal token.\n");
+ enableSSL3 = PR_FALSE;
+ }
+ }
+ slapi_ch_free_string( &val );
+ val = slapi_entry_attr_get_charptr( e, "nsTLS1" );
+ if ( val ) {
+ if ( !strcasecmp( val, "off" ) ) {
+ enableTLS1 = PR_FALSE;
+ } else if ( !strcasecmp( val, "on" ) ) {
+ enableTLS1 = PR_TRUE;
+ } else {
+ enableTLS1 = slapi_entry_attr_get_bool( e, "nsTLS1" );
+ }
+ }
+ slapi_ch_free_string( &val );
+ }
+ sslStatus = SSL_OptionSet(pr_sock, SSL_ENABLE_SSL3, enableSSL3);
+ if (sslStatus != SECSuccess) {
+ errorCode = PR_GetError();
+ slapd_SSL_warn("Security Initialization: Failed to %s SSLv3 "
+ "on the imported socket (" SLAPI_COMPONENT_NAME_NSPR " error %d - %s)",
+ enableSSL3 ? "enable" : "disable",
+ errorCode, slapd_pr_strerror(errorCode));
+ }
+
+ sslStatus = SSL_OptionSet(pr_sock, SSL_ENABLE_TLS, enableTLS1);
+ if (sslStatus != SECSuccess) {
+ errorCode = PR_GetError();
+ slapd_SSL_warn("Security Initialization: Failed to %s TLSv1 "
+ "on the imported socket (" SLAPI_COMPONENT_NAME_NSPR " error %d - %s)",
+ enableTLS1 ? "enable" : "disable",
+ errorCode, slapd_pr_strerror(errorCode));
+ }
freeConfigEntry( &e );
if(( slapd_SSLclientAuth = config_get_SSLclientAuth()) != SLAPD_SSLCLIENTAUTH_OFF ) {
commit d999fa991f1440735e5082fc0579d80d0148fd19
Author: Endi S. Dewata <edewata(a)redhat.com>
Date: Sat Mar 20 21:03:59 2010 -0500
Bug 520151 - Error when modifying userPassword with proxy user
https://bugzilla.redhat.com/show_bug.cgi?id=520151
Resolves: bug 520151
Bug description: Error when modifying userPassword with proxy user
Fix description: The acl_access_allowed() has been modified to
call aclplugin_preop_common() which will initialize the aclpb.
The aclplugin_preop_common() has been modified to check for the
ACLPB_INITIALIZED flag to avoid re-initializing aclpb.
Reviewed by: rmeggins (and pushed by)
(cherry picked from commit 742032c11f0dabbdc80ba204801c27c4cbe305a4)
diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c
index 9cb9229..3b9f057 100644
--- a/ldap/servers/plugins/acl/acl.c
+++ b/ldap/servers/plugins/acl/acl.c
@@ -323,6 +323,9 @@ acl_access_allowed(
/* Get the bindDN */
slapi_pblock_get ( pb, SLAPI_REQUESTOR_DN, &clientDn );
+ /* Initialize aclpb */
+ aclplugin_preop_common( pb );
+
/* get the right acl pblock to work with */
if ( access & SLAPI_ACL_PROXY )
aclpb = acl_get_aclpb ( pb, ACLPB_PROXYDN_PBLOCK );
diff --git a/ldap/servers/plugins/acl/acl.h b/ldap/servers/plugins/acl/acl.h
index cbfde48..3f4b4e6 100644
--- a/ldap/servers/plugins/acl/acl.h
+++ b/ldap/servers/plugins/acl/acl.h
@@ -932,4 +932,6 @@ acl_get_effective_rights ( Slapi_PBlock *pb, Slapi_Entry *e,
char* aclutil__access_str (int type , char str[]);
+int aclplugin_preop_common( Slapi_PBlock *pb );
+
#endif /* _ACL_H_ */
diff --git a/ldap/servers/plugins/acl/aclplugin.c b/ldap/servers/plugins/acl/aclplugin.c
index 881d0f1..12c435d 100644
--- a/ldap/servers/plugins/acl/aclplugin.c
+++ b/ldap/servers/plugins/acl/aclplugin.c
@@ -54,7 +54,7 @@ char *plugin_name = ACL_PLUGIN_NAME;
static int aclplugin_preop_search ( Slapi_PBlock *pb );
static int aclplugin_preop_modify ( Slapi_PBlock *pb );
-static int aclplugin_preop_common ( Slapi_PBlock *pb );
+int aclplugin_preop_common ( Slapi_PBlock *pb );
/*******************************************************************************
* ACL PLUGIN Architecture
@@ -192,7 +192,7 @@ aclplugin_preop_modify ( Slapi_PBlock *pb )
* 0 - all is well; proceed.
* 1 - fatal error; result has been sent to client.
*/
-static int
+int
aclplugin_preop_common( Slapi_PBlock *pb )
{
char *proxy_dn; /* id being assumed */
@@ -205,6 +205,9 @@ aclplugin_preop_common( Slapi_PBlock *pb )
aclpb = acl_get_aclpb ( pb, ACLPB_BINDDN_PBLOCK );
+ /* See if we have initialized already */
+ if ( aclpb->aclpb_state & ACLPB_INITIALIZED ) goto done;
+
/*
* The following mallocs memory for proxy_dn, but not the dn.
* The proxy_dn is the id being assumed, while dn
@@ -248,6 +251,7 @@ aclplugin_preop_common( Slapi_PBlock *pb )
}
+done:
TNF_PROBE_0_DEBUG(aclplugin_preop_common_end ,"ACL","");
return 0;
commit b116c808e854fb85f08651a00c5a452b4b1e5aa3
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Wed Sep 22 16:28:59 2010 -0700
Bug 606920 - anonymous resource limit- nstimelimit -
also applied to "cn=directory manager"
https://bugzilla.redhat.com/show_bug.cgi?id=606920
Description: Client side sizelimit / timelimit request should
be honoured by the Directory Manager, too. Changing the time/
sizelimit evaluation so that if client side request exists,
the value is set even if the bind user is the directory manager.
(cherry picked from commit f980ff61da122b39d33bf83bc20f2b7a81b6be24)
diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
index 761d48a..08243dd 100644
--- a/ldap/servers/slapd/opshared.c
+++ b/ldap/servers/slapd/opshared.c
@@ -1380,12 +1380,18 @@ compute_limits (Slapi_PBlock *pb)
}
}
- if ( isroot ) {
- timelimit = max_timelimit = -1; /* no limit */
- } else if ( requested_timelimit == 0 ) {
- timelimit = ( max_timelimit == -1 ) ? -1 : max_timelimit;
- } else if ( max_timelimit == -1 || requested_timelimit < max_timelimit ) {
- timelimit = requested_timelimit;
+ if ( requested_timelimit ) {
+ /* requested limit should be applied to all (including root) */
+ if ( isroot ) {
+ timelimit = requested_timelimit;
+ } else if ( (max_timelimit == -1) ||
+ (requested_timelimit < max_timelimit) ) {
+ timelimit = requested_timelimit;
+ } else {
+ timelimit = max_timelimit;
+ }
+ } else if ( isroot ) {
+ timelimit = -1; /* no limit */
} else {
timelimit = max_timelimit;
}
@@ -1411,12 +1417,18 @@ compute_limits (Slapi_PBlock *pb)
}
}
- if ( isroot ) {
- sizelimit = max_sizelimit = -1;
- } else if ( requested_sizelimit == 0 ) {
- sizelimit = ( max_sizelimit == -1 ) ? -1 : max_sizelimit;
- } else if ( max_sizelimit == -1 || requested_sizelimit < max_sizelimit ) {
- sizelimit = requested_sizelimit;
+ if ( requested_sizelimit ) {
+ /* requested limit should be applied to all (including root) */
+ if ( isroot ) {
+ sizelimit = requested_sizelimit;
+ } else if ( (max_sizelimit == -1) ||
+ (requested_sizelimit < max_sizelimit) ) {
+ sizelimit = requested_sizelimit;
+ } else {
+ sizelimit = max_sizelimit;
+ }
+ } else if ( isroot ) {
+ sizelimit = -1; /* no limit */
} else {
sizelimit = max_sizelimit;
}
11 years, 10 months
include/base ldap/servers ldap/systools lib/base lib/libaccess
by Richard Allen Megginson
include/base/file.h | 3 --
ldap/servers/plugins/linkedattrs/fixup_task.c | 7 +++-
ldap/servers/plugins/syntaxes/string.c | 4 +-
ldap/servers/slapd/back-ldbm/index.c | 4 +-
ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c | 38 ++++----------------------
ldap/servers/slapd/libglobs.c | 1
ldap/servers/slapd/ssl.c | 24 ++++++++++------
ldap/servers/slapd/tools/ldclt/data.c | 24 ++++++++--------
ldap/servers/slapd/tools/ldclt/ldapfct.c | 10 ++----
ldap/servers/slapd/tools/ldclt/ldclt.c | 15 ++++++++--
ldap/servers/slapd/tools/ldclt/scalab01.c | 8 ++---
ldap/servers/slapd/tools/ldclt/threadMain.c | 3 +-
ldap/servers/slapd/util.c | 11 ++++++-
ldap/systools/idsktune.c | 6 ++--
lib/base/file.cpp | 24 ----------------
lib/libaccess/acl.tab.cpp | 4 +-
lib/libaccess/acltext.y | 4 +-
17 files changed, 83 insertions(+), 107 deletions(-)
New commits:
commit 24731b3d13029d651c6fd24056b1268d3dcee8b6
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Thu Jan 26 12:13:54 2012 -0700
Ticket #161 - Review and address latest Coverity issues
https://fedorahosted.org/389/ticket/161
Resolves: Ticket #161
Bug Description: Review and address latest Coverity issues
Reviewed by: nhosoi (Thanks!)
Branch: master
Fix Description:
12486 12485 12484 Resource leak In
linked_attrs_add_backlinks_callback(): Leak of memory or pointers to
system resources
the return -1 left targetsdn, targets, and pb dangling
allocate targetsdn after shutdown check - instead of return -1, goto done and free resources at done:
12481 Resource leak In config_set_default_naming_context(): Leak of
memory or pointers to system resources
free suffix before return
12477 Uninitialized pointer read In index_addordel_entry(): Reads an
uninitialized pointer or its target
use LDBM_PARENTID_STR instead of type
12476 Dereference after null check In string_assertion2keys_ava():
Pointer is checked against null but then dereferenced anyway
check for NULL val
12475 Logically dead code In _entryrdn_insert_key(): Code can never be
reached because of a logical contradiction
get rid of dead code
12448 Time of check time of use In INTdir_create_all(): A check occurs
on a file's attributes before the file is used in a privileged
operation, but things may have changed
get rid of unused code
12447-12444 Time of check time of use
use open() to open the file, then use the functions that take an fd to
further test or access the file - this prevents someone changing the file
between functions that only use the filename
12434-12425 Copy into fixed size buffer
use strncpy or snprintf and make sure the string is null terminated
Platforms tested: RHEL6 x86_64, Fedora 16
Flag Day: no
Doc impact: no
diff --git a/include/base/file.h b/include/base/file.h
index 496c33e..fa53eb5 100644
--- a/include/base/file.h
+++ b/include/base/file.h
@@ -86,8 +86,6 @@ NSAPI_PUBLIC SYS_DIRENT *INTdir_read(SYS_DIR ds);
NSAPI_PUBLIC void INTdir_close(SYS_DIR ds);
#endif /* XP_WIN32 */
-NSAPI_PUBLIC int INTdir_create_all(char *dir);
-
/* --- OBSOLETE ----------------------------------------------------------
* The following macros/functions are obsolete and are only maintained for
* compatibility. Do not use them. 11-19-96
@@ -131,7 +129,6 @@ NSPR_END_EXTERN_C
#define dir_read INTdir_read
#define dir_close INTdir_close
#endif /* XP_WIN32 */
-#define dir_create_all INTdir_create_all
/* Obsolete */
#ifdef XP_WIN32
diff --git a/ldap/servers/plugins/linkedattrs/fixup_task.c b/ldap/servers/plugins/linkedattrs/fixup_task.c
index b92c6b7..c1af2f2 100644
--- a/ldap/servers/plugins/linkedattrs/fixup_task.c
+++ b/ldap/servers/plugins/linkedattrs/fixup_task.c
@@ -369,12 +369,14 @@ linked_attrs_add_backlinks_callback(Slapi_Entry *e, void *callback_data)
for (i = 0; targets && targets[i]; ++i) {
char *targetdn = (char *)targets[i];
int perform_update = 0;
- Slapi_DN *targetsdn = slapi_sdn_new_normdn_byref(targetdn);
+ Slapi_DN *targetsdn = NULL;
if (g_get_shutdown()) {
- return -1;
+ rc = -1;
+ goto done;
}
+ targetsdn = slapi_sdn_new_normdn_byref(targetdn);
if (config->scope) {
/* Check if the target is within the scope. */
perform_update = slapi_dn_issuffix(targetdn, config->scope);
@@ -408,6 +410,7 @@ linked_attrs_add_backlinks_callback(Slapi_Entry *e, void *callback_data)
slapi_sdn_free(&targetsdn);
}
+done:
slapi_ch_array_free(targets);
slapi_pblock_destroy(pb);
diff --git a/ldap/servers/plugins/syntaxes/string.c b/ldap/servers/plugins/syntaxes/string.c
index f482723..3840c2e 100644
--- a/ldap/servers/plugins/syntaxes/string.c
+++ b/ldap/servers/plugins/syntaxes/string.c
@@ -678,8 +678,8 @@ string_assertion2keys_ava(
break;
case LDAP_FILTER_EQUALITY:
(*ivals) = (Slapi_Value **) slapi_ch_malloc( 2 * sizeof(Slapi_Value *) );
- (*ivals)[0] = slapi_value_dup( val );
- if (!(flags & SLAPI_ATTR_FLAG_NORMALIZED)) {
+ (*ivals)[0] = val ? slapi_value_dup( val ) : NULL;
+ if (val && !(flags & SLAPI_ATTR_FLAG_NORMALIZED)) {
/* 3rd arg: 1 - trim leading blanks */
value_normalize_ext( (*ivals)[0]->bv.bv_val, syntax, 1, &alt );
if (alt) {
diff --git a/ldap/servers/slapd/back-ldbm/index.c b/ldap/servers/slapd/back-ldbm/index.c
index d00fd14..65ad867 100644
--- a/ldap/servers/slapd/back-ldbm/index.c
+++ b/ldap/servers/slapd/back-ldbm/index.c
@@ -379,7 +379,7 @@ index_addordel_entry(
back_txn *txn
)
{
- char *type;
+ char *type = NULL;
Slapi_Value **svals;
int rc, result;
Slapi_Attr *attr;
@@ -430,7 +430,7 @@ index_addordel_entry(
slapi_entry_attr_find(e->ep_entry, LDBM_PARENTID_STR, &attr);
if (attr) {
svals = attr_get_present_values(attr);
- result = index_addordel_values_sv(be, type, svals, NULL,
+ result = index_addordel_values_sv(be, LDBM_PARENTID_STR, svals, NULL,
e->ep_id, flags, txn);
if ( result != 0 ) {
ldbm_nasty(errmsg, 1020, result);
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
index 953129e..40b2f1e 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
@@ -2278,6 +2278,7 @@ _entryrdn_insert_key(backend *be,
goto bail;
/* done */
} else {
+ ID currid = 0;
rc = _entryrdn_get_tombstone_elem(cursor, tmpsrdn, &key,
childnrdn, &tmpelem);
if (rc || (NULL == tmpelem)) {
@@ -2296,41 +2297,14 @@ _entryrdn_insert_key(backend *be,
goto bail;
}
/* Node is a tombstone. */
- ID currid = 0;
slapi_ch_free((void **)&elem);
elem = tmpelem;
currid = id_stored_to_internal(elem->rdn_elem_id);
- if (0 == rdnidx) { /* Child is a Leaf RDN to be added */
- if (currid == id) {
- /* already in the file */
- /* do nothing and return. */
- rc = 0;
- slapi_log_error(SLAPI_LOG_BACKLDBM, ENTRYRDN_TAG,
- "_entryrdn_insert_key: ID %d is already "
- "in the index. NOOP.\n", currid);
- } else { /* different id, error return */
- char *dn = NULL;
- int tmprc = slapi_rdn_get_dn(srdn, &dn);
- slapi_log_error(SLAPI_LOG_FATAL,
- ENTRYRDN_TAG,
- "_entryrdn_insert_key: Same DN (%s: %s) "
- "is already in the %s file with different ID "
- "%d. Expected ID is %d.\n",
- tmprc?"rdn":"dn", tmprc?childnrdn:dn,
- LDBM_ENTRYRDN_STR, currid, id);
- slapi_ch_free_string(&dn);
- /* returning special error code for the upgrade */
- rc = LDBM_ERROR_FOUND_DUPDN;
- }
- slapi_ch_free((void **)&tmpelem);
- goto bail;
- } else { /* if (0 != rdnidx) */
- nrdn = childnrdn;
- workid = currid;
- slapi_ch_free((void **)&parentelem);
- parentelem = elem;
- elem = NULL;
- }
+ nrdn = childnrdn;
+ workid = currid;
+ slapi_ch_free((void **)&parentelem);
+ parentelem = elem;
+ elem = NULL;
}
} else {
char *dn = NULL;
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index fa179ae..3e8a615 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -5899,6 +5899,7 @@ config_set_default_naming_context(const char *attrname,
}
if (!apply) {
+ slapi_ch_free_string(&suffix);
return LDAP_SUCCESS;
}
diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
index e90e00a..f656df9 100644
--- a/ldap/servers/slapd/ssl.c
+++ b/ldap/servers/slapd/ssl.c
@@ -1497,7 +1497,6 @@ char* slapd_get_tmp_dir()
unsigned ilen;
char pch;
#endif
- struct stat ffinfo;
tmp[0] = '\0';
@@ -1535,25 +1534,32 @@ char* slapd_get_tmp_dir()
}
#endif
- if(stat(tmpdir, &ffinfo) == -1)
#if defined( XP_WIN32 )
- if(CreateDirectory(tmpdir, NULL) == 0)
- {
- slapi_log_error(
+ if(CreateDirectory(tmpdir, NULL) == 0)
+ {
+ slapi_log_error(
SLAPI_LOG_FATAL,
"slapd_get_tmp_dir",
"CreateDirectory(%s, NULL) Error: %s\n",
tmpdir, strerror(errno));
- }
+ }
#else
- if(mkdir(tmpdir, 00770) == -1)
- {
+ if(mkdir(tmpdir, 00770) == -1)
+ {
+ if (errno == EEXIST) {
+ slapi_log_error(
+ SLAPI_LOG_TRACE,
+ "slapd_get_tmp_dir",
+ "mkdir(%s, 00770) - already exists\n",
+ tmpdir);
+ } else {
slapi_log_error(
SLAPI_LOG_FATAL,
"slapd_get_tmp_dir",
"mkdir(%s, 00770) Error: %s\n",
- tmpdir, strerror(errno));
+ tmpdir, strerror(errno));
}
+ }
#endif
return ( tmpdir );
}
diff --git a/ldap/servers/slapd/tools/ldclt/data.c b/ldap/servers/slapd/tools/ldclt/data.c
index 33de017..e0eac55 100644
--- a/ldap/servers/slapd/tools/ldclt/data.c
+++ b/ldap/servers/slapd/tools/ldclt/data.c
@@ -234,18 +234,8 @@ int loadImages (
/*
* Read the image size
*/
- strcpy (name, dirpath);
- strcat (name, "/");
- strcat (name, fileName);
- if (stat (name, &stat_buf) < 0)
- {
- perror (name);
- fprintf (stderr, "Cannot stat(%s)\n", name);
- fflush (stderr);
- rc = -1;
- goto exit;
- }
- mctx.images[mctx.imagesNb-1].length = stat_buf.st_size;
+ snprintf (name, sizeof(name), "%s/%s", dirpath, fileName);
+ name[sizeof(name)-1] = '\0';
/*
* Open the image
@@ -260,6 +250,16 @@ int loadImages (
goto exit;
}
+ if (fstat (fd, &stat_buf) < 0)
+ {
+ perror (name);
+ fprintf (stderr, "Cannot stat(%s)\n", name);
+ fflush (stderr);
+ rc = -1;
+ goto exit;
+ }
+ mctx.images[mctx.imagesNb-1].length = stat_buf.st_size;
+
#ifdef _WIN32
/*
* Allocate buffer and read the data :-(
diff --git a/ldap/servers/slapd/tools/ldclt/ldapfct.c b/ldap/servers/slapd/tools/ldclt/ldapfct.c
index fd291bb..76fc9c2 100644
--- a/ldap/servers/slapd/tools/ldclt/ldapfct.c
+++ b/ldap/servers/slapd/tools/ldclt/ldapfct.c
@@ -2624,9 +2624,8 @@ doRename (
*/
if (buildRandomRdnOrFilter (tttctx) < 0)
return (-1);
- strcpy (oldDn, tttctx->bufFilter);
- strcat (oldDn, ",");
- strcat (oldDn, tttctx->bufBaseDN);
+ snprintf (oldDn, sizeof(oldDn), "%s,%s", tttctx->bufFilter, tttctx->bufBaseDN);
+ oldDn[sizeof(oldDn)-1] = '\0';
/*
* Now, build a random new name for this entry
@@ -3585,9 +3584,8 @@ doDeleteEntry (
*/
if (buildRandomRdnOrFilter (tttctx) < 0)
return (-1);
- strcpy (delDn, tttctx->bufFilter);
- strcat (delDn, ",");
- strcat (delDn, tttctx->bufBaseDN);
+ snprintf(delDn, sizeof(delDn), "%s,%s", tttctx->bufFilter, tttctx->bufBaseDN);
+ delDn[sizeof(delDn)-1] = '\0';
ret = ldap_delete_ext_s (tttctx->ldapCtx, delDn, NULL, NULL);
if (ret != LDAP_SUCCESS)
diff --git a/ldap/servers/slapd/tools/ldclt/ldclt.c b/ldap/servers/slapd/tools/ldclt/ldclt.c
index cabdea8..a00058b 100644
--- a/ldap/servers/slapd/tools/ldclt/ldclt.c
+++ b/ldap/servers/slapd/tools/ldclt/ldclt.c
@@ -1270,6 +1270,7 @@ basicInit (void)
int ret; /* Return value */
int oflags;/* open() flags */ /*JLS 05-04-01*/
struct stat file_st ; /* file status checker for attreplacefile option */
+ int fd = -1;
FILE *attrF; /* file pointer for attreplacefile option */
char buffer[BUFFERSIZE]; /* buffer used to read attreplacefile content */
@@ -1539,9 +1540,18 @@ basicInit (void)
(3) save the content into mctx.attrplFileContent
*/
+ fd = open(mctx.attrplFile, O_RDONLY);
+ if (fd == -1)
+ {
+ printf("ERROR reading attr file [%s]\n",mctx.attrplFile);
+ return (-1);
+ }else{
+ printf("file opened for reading\n");
+ }
/* determine file size here */
- if (stat(mctx.attrplFile, &file_st) < 0){
+ if (fstat(fd, &file_st) < 0){
printf ("attr replace file [%s] does not exist, exit\n", mctx.attrplFile);
+ close(fd);
return (-1);
}else{
mctx.attrplFileSize = file_st.st_size;
@@ -1549,9 +1559,10 @@ basicInit (void)
}
/* open file to read */
- if ((attrF = fopen(mctx.attrplFile, "r")) == NULL )
+ if ((attrF = fdopen(fd, "r")) == NULL )
{
printf("ERROR reading attr file [%s]\n",mctx.attrplFile);
+ close(fd);
return (-1);
}else{
printf("file opened for reading\n");
diff --git a/ldap/servers/slapd/tools/ldclt/scalab01.c b/ldap/servers/slapd/tools/ldclt/scalab01.c
index 049e5f6..e64734a 100644
--- a/ldap/servers/slapd/tools/ldclt/scalab01.c
+++ b/ldap/servers/slapd/tools/ldclt/scalab01.c
@@ -429,7 +429,8 @@ scalab01_addLogin (
return -1;
}
- strcpy (new->dn, dn);
+ strncpy (new->dn, dn, sizeof(new->dn));
+ new->dn[sizeof(new->dn)-1] = '\0';
new->cost = new->counter = duration;
new->next = NULL;
@@ -537,9 +538,8 @@ scalab01_connectSuperuser (void)
unsigned int mod2 = mctx.mod2;
if (!(mode & CLTAUTH)) {
- strcpy (bindDN, SCALAB01_SUPER_USER_RDN);
- strcat (bindDN, ",");
- strcat (bindDN, mctx.baseDN);
+ snprintf (bindDN, sizeof(bindDN), "%s,%s", SCALAB01_SUPER_USER_RDN, mctx.baseDN);
+ bindDN[sizeof(bindDN)-1] = '\0';
}
/* clear bits not applicable to this mode */
mod2 &= ~M2_RNDBINDFILE;
diff --git a/ldap/servers/slapd/tools/ldclt/threadMain.c b/ldap/servers/slapd/tools/ldclt/threadMain.c
index f6a2428..1d2ed59 100644
--- a/ldap/servers/slapd/tools/ldclt/threadMain.c
+++ b/ldap/servers/slapd/tools/ldclt/threadMain.c
@@ -627,7 +627,8 @@ msgIdAdd (
tttctx->lastMsgId->next = NULL;
tttctx->lastMsgId->msgid = msgid;
strcpy (tttctx->lastMsgId->str, str);
- strcpy (tttctx->lastMsgId->dn, dn);
+ strncpy (tttctx->lastMsgId->dn, dn, sizeof(tttctx->lastMsgId->dn));
+ tttctx->lastMsgId->dn[sizeof(tttctx->lastMsgId->dn)-1] = '\0';
tttctx->lastMsgId->attribs = attribs;
return (0);
diff --git a/ldap/servers/slapd/util.c b/ldap/servers/slapd/util.c
index fd5ebcb..9cd3656 100644
--- a/ldap/servers/slapd/util.c
+++ b/ldap/servers/slapd/util.c
@@ -50,6 +50,7 @@
#include <pwd.h>
#include <stdint.h>
#endif
+#include <fcntl.h>
#include <libgen.h>
#include <pk11func.h>
#include "slap.h"
@@ -876,21 +877,27 @@ strarray2str( char **a, char *buf, size_t buflen, int include_quotes )
int
slapd_chown_if_not_owner(const char *filename, uid_t uid, gid_t gid)
{
+ int fd = -1;
struct stat statbuf;
int result = 1;
if (!filename)
return result;
+ fd = open(filename, O_RDONLY);
+ if (fd == -1) {
+ return result;
+ }
memset(&statbuf, '\0', sizeof(statbuf));
- if (!(result = stat(filename, &statbuf)))
+ if (!(result = fstat(fd, &statbuf)))
{
if (((uid != -1) && (uid != statbuf.st_uid)) ||
((gid != -1) && (gid != statbuf.st_gid)))
{
- result = chown(filename, uid, gid);
+ result = fchown(fd, uid, gid);
}
}
+ close(fd);
return result;
}
#endif
diff --git a/ldap/systools/idsktune.c b/ldap/systools/idsktune.c
index 2382259..a16c27c 100644
--- a/ldap/systools/idsktune.c
+++ b/ldap/systools/idsktune.c
@@ -2731,7 +2731,8 @@ static int check_fs_options(char *reqdir,char mntbuf[MAXPATHLEN])
if (mntdir_matches(reqdir,reqlen,mep->IDDS_MNTENT_DIRNAME,mntbuf) == 0) {
found = 0;
#if defined(IDDS_MNTENT_OPTIONS)
- strcpy(optbuf,mep->IDDS_MNTENT_OPTIONS);
+ strncpy(optbuf,mep->IDDS_MNTENT_OPTIONS,sizeof(optbuf));
+ optbuf[sizeof(optbuf)-1] = '\0';
#else
strcpy(optbuf,"");
#endif
@@ -3318,7 +3319,8 @@ int main(int argc,char *argv[])
flag_carrier = 1;
break;
case 'i':
- strcpy(install_dir,optarg);
+ strncpy(install_dir,optarg,sizeof(install_dir));
+ install_dir[sizeof(install_dir)-1] = '\0';
break;
default:
usage(argv[0]);
diff --git a/lib/base/file.cpp b/lib/base/file.cpp
index c7a1a9e..6dc39e6 100644
--- a/lib/base/file.cpp
+++ b/lib/base/file.cpp
@@ -503,30 +503,6 @@ NSAPI_PUBLIC int file_notfound(void)
#endif
}
-NSAPI_PUBLIC int dir_create_all(char *dir)
-{
- struct stat fi;
- char *t;
-
-#ifdef XP_WIN32
- t = dir + 3;
-#else /* XP_UNIX */
- t = dir + 1;
-#endif
- while(1) {
- t = strchr(t, FILE_PATHSEP);
- if(t) *t = '\0';
- if(stat(dir, &fi) == -1) {
- if(dir_create(dir) == -1)
- return -1;
- }
- if(t) *t++ = FILE_PATHSEP;
- else break;
- }
- return 0;
-}
-
-
#ifdef XP_UNIX
#if !defined(SNI) && !defined(LINUX)
extern char *sys_errlist[];
diff --git a/lib/libaccess/acl.tab.cpp b/lib/libaccess/acl.tab.cpp
index ad828ac..27c8c1b 100644
--- a/lib/libaccess/acl.tab.cpp
+++ b/lib/libaccess/acl.tab.cpp
@@ -1213,8 +1213,8 @@ case 13:
if (!use_generic_rights) {
acl_string_lower(aclpvt[-0].string);
- strcpy(acl_tmp_arg, "http_");
- strcat(acl_tmp_arg, aclpvt[-0].string);
+ snprintf(acl_tmp_arg, sizeof(acl_tmp_arg), "http_%s", aclpvt[-0].string);
+ acl_tmp_arg[sizeof(acl_tmp_arg)-1] = '\0';
PERM_FREE(aclpvt[-0].string);
acl_new_arg = PERM_STRDUP(acl_tmp_arg);
acl_add_arg(curr_args_list, acl_new_arg);
diff --git a/lib/libaccess/acltext.y b/lib/libaccess/acltext.y
index 368e7ad..6ec9567 100644
--- a/lib/libaccess/acltext.y
+++ b/lib/libaccess/acltext.y
@@ -350,8 +350,8 @@ arg_v2: ACL_VARIABLE_TOK
if (!use_generic_rights) {
acl_string_lower($<string>1);
- strcpy(acl_tmp_arg, "http_");
- strcat(acl_tmp_arg, $<string>1);
+ snprintf(acl_tmp_arg, sizeof(acl_tmp_arg), "http_%s", $<string>1);
+ acl_tmp_arg[sizeof(acl_tmp_arg)-1] = '\0';
PERM_FREE($<string>1);
acl_new_arg = PERM_STRDUP(acl_tmp_arg);
acl_add_arg(curr_args_list, acl_new_arg);
11 years, 10 months
Branch '389-ds-base-1.2.6' - 14 commits - ldap/servers VERSION.sh
by Richard Allen Megginson
VERSION.sh | 2
ldap/servers/plugins/acl/acleffectiverights.c | 3
ldap/servers/plugins/linkedattrs/linked_attrs.c | 3
ldap/servers/plugins/replication/repl5_inc_protocol.c | 2
ldap/servers/plugins/replication/repl5_tot_protocol.c | 2
ldap/servers/plugins/usn/usn.c | 4
ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c | 14 +-
ldap/servers/slapd/back-ldbm/monitor.c | 14 +-
ldap/servers/slapd/dn.c | 59 +++++++++-
ldap/servers/slapd/mapping_tree.c | 5
ldap/servers/slapd/modrdn.c | 48 ++++++++
ldap/servers/slapd/opshared.c | 4
ldap/servers/slapd/sasl_io.c | 101 ++++++++++--------
ldap/servers/slapd/utf8compare.c | 2
ldap/servers/slapd/util.c | 46 +++++---
15 files changed, 222 insertions(+), 87 deletions(-)
New commits:
commit 3a07aea6ec4250b080d023099fe8c0e889291a2b
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Tue Oct 5 15:40:10 2010 -0700
Bug 640027 - Naming attribute with a special char sequence parsing bug
https://bugzilla.redhat.com/show_bug.cgi?id=640027
Description: When DN is made from RDNs containing escaped plus
"\+", the dn normalizer considers the value could be nested multi-
valued RDNs. (e.g., cn=C\=Z\+A\=X\+B\=Y\,o\=O,o=OO)
In that case, multi-valued RDNs are sorted by the normalizer.
(==> cn=A\=X\+B\=Y\+C\=Z\,o\=O,o=OO)
The sample DN provided by Andrey Ivanov contains "\+", but that
is not a separator for the multi-valued RDNs:
cn=mytest\+\=-123'\;456,dc=example,dc=com
The dn normalizer should have checked the possibility, as well.
The check is added in this patch.
Also, sorting was not triggered if multi-valued RDNs are located
at the end of the value. (e.g., cn=C\=X\,B\=Y\+A\=Z,o=OO)
The bug was fixed, as well.
(cherry picked from commit 9a00a444cea117d0950bef3bb9327bd05e9d11bb)
Branch: 389-ds-base-1.2.6
diff --git a/ldap/servers/slapd/dn.c b/ldap/servers/slapd/dn.c
index 172a829..6edf06e 100644
--- a/ldap/servers/slapd/dn.c
+++ b/ldap/servers/slapd/dn.c
@@ -116,6 +116,11 @@ hexchar2int( char c )
#define ISCLOSEBRACKET(c) (((c) == ')') || ((c) == ']'))
+#define MAYBEDN(eq) ( \
+ (eq) && ((eq) != subtypestart) && \
+ ((eq) != subtypestart + strlen(subtypestart) - 3) \
+)
+
#define B4TYPE 0
#define INTYPE 1
#define B4EQUAL 2
@@ -648,8 +653,19 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, size_t *dest_len)
*/
if (subtypestart &&
(ISPLUS(*(s+1)) || subrdn_av_count > 0)) {
- add_rdn_av(subtypestart, d, &subrdn_av_count,
- &subrdn_avs, subinitial_rdn_av_stack);
+ /* if subtypestart is not valid DN,
+ * we do not do sorting.*/
+ char *p = PL_strcasestr(subtypestart, "\\3d");
+ if (MAYBEDN(p)) {
+ add_rdn_av(subtypestart, d,
+ &subrdn_av_count,
+ &subrdn_avs,
+ subinitial_rdn_av_stack);
+ } else {
+ reset_rdn_avs(&subrdn_avs,
+ &subrdn_av_count);
+ subtypestart = NULL;
+ }
}
if (!ISPLUS(*(s+1))) { /* at end of this RDN */
if (subrdn_av_count > 1) {
@@ -671,8 +687,7 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, size_t *dest_len)
/* next type start of multi values */
/* should not be a escape char AND should be
* followed by \\= or \\3D */
- if (!ISESCAPE(*s) &&
- (PL_strnstr(s, "\\=", ends - s) ||
+ if ((PL_strnstr(s, "\\=", ends - s) ||
PL_strncaserstr(s, "\\3D", ends - s))) {
subtypestart = d;
} else {
@@ -719,8 +734,16 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, size_t *dest_len)
*/
if (subtypestart &&
(ISPLUSSTR(s+1) || subrdn_av_count > 0)) {
- add_rdn_av(subtypestart, d, &subrdn_av_count,
+ /* if subtypestart is not valid DN,
+ * we do not do sorting.*/
+ char *p = PL_strcasestr(subtypestart, "\\3d");
+ if (MAYBEDN(p)) {
+ add_rdn_av(subtypestart, d, &subrdn_av_count,
&subrdn_avs, subinitial_rdn_av_stack);
+ } else {
+ reset_rdn_avs( &subrdn_avs, &subrdn_av_count );
+ subtypestart = NULL;
+ }
}
if (!ISPLUSSTR(s+1)) { /* at end of this RDN */
if (subrdn_av_count > 1) {
@@ -860,8 +883,16 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, size_t *dest_len)
*/
if (subtypestart &&
(ISPLUS(*s) || subrdn_av_count > 0)) {
- add_rdn_av(subtypestart, d, &subrdn_av_count,
+ /* if subtypestart is not valid DN,
+ * we do not do sorting.*/
+ char *p = PL_strcasestr(subtypestart, "\\3d");
+ if (MAYBEDN(p)) {
+ add_rdn_av(subtypestart, d, &subrdn_av_count,
&subrdn_avs, subinitial_rdn_av_stack);
+ } else {
+ reset_rdn_avs( &subrdn_avs, &subrdn_av_count );
+ subtypestart = NULL;
+ }
}
if (!ISPLUS(*s)) { /* at end of this RDN */
if (subrdn_av_count > 1) {
@@ -906,6 +937,11 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, size_t *dest_len)
add_rdn_av(typestart, d, &rdn_av_count,
&rdn_avs, initial_rdn_av_stack);
}
+ /* Sub type sorting might be also ongoing */
+ if (subtypestart && subrdn_av_count > 0) {
+ add_rdn_av(subtypestart, d, &subrdn_av_count,
+ &subrdn_avs, subinitial_rdn_av_stack);
+ }
if (!ISPLUS(*s)) { /* at end of this RDN */
if (rdn_av_count > 1) {
sort_rdn_avs( rdn_avs, rdn_av_count, 0 );
@@ -914,6 +950,14 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, size_t *dest_len)
reset_rdn_avs( &rdn_avs, &rdn_av_count );
typestart = NULL;
}
+ /* If in the middle of sub type sorting, finish it. */
+ if (subrdn_av_count > 1) {
+ sort_rdn_avs( subrdn_avs, subrdn_av_count, 1 );
+ }
+ if (subrdn_av_count > 0) {
+ reset_rdn_avs( &subrdn_avs, &subrdn_av_count );
+ subtypestart = NULL;
+ }
}
*d++ = (ISPLUS(*s++)) ? '+' : ',';
commit 15271d747ef62d1a74ddec4cf89bc7987e65a643
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Fri Aug 27 17:01:11 2010 -0700
Bug 627738 - The cn=monitor statistics entries for the dnentry cache do not change or change very rarely
https://bugzilla.redhat.com/show_bug.cgi?id=627738
Description:
1) id2entry_add_ext replaces an dn instance in the dn cache even if
the DN value is identical. Replace it only when they don't match.
2) Modifying the dn cache related labels:
dnEntrycachehits
dnEntrycachetries
dnEntrycachehitratio
dnCurrententrycachesize
dnMaxentrycachesize
dnCurrententrycachecount
dnMaxentrycachecount
===>
dncachehits
dncachetries
dncachehitratio
currentdncachesize
maxdncachesize
currentdncachecount
maxdncachecount
diff --git a/ldap/servers/slapd/back-ldbm/monitor.c b/ldap/servers/slapd/back-ldbm/monitor.c
index 265021c..075a48f 100644
--- a/ldap/servers/slapd/back-ldbm/monitor.c
+++ b/ldap/servers/slapd/back-ldbm/monitor.c
@@ -131,19 +131,19 @@ int ldbm_back_monitor_instance_search(Slapi_PBlock *pb, Slapi_Entry *e,
cache_get_stats(&(inst->inst_dncache), &hits, &tries,
&nentries, &maxentries, &size, &maxsize);
sprintf(buf, "%" NSPRIu64, hits);
- MSET("dnEntryCacheHits");
+ MSET("dnCacheHits");
sprintf(buf, "%" NSPRIu64, tries);
- MSET("dnEntryCacheTries");
+ MSET("dnCacheTries");
sprintf(buf, "%lu", (unsigned long)(100.0*(double)hits / (double)(tries > 0 ? tries : 1)));
- MSET("dnEntryCacheHitRatio");
+ MSET("dnCacheHitRatio");
sprintf(buf, "%lu", size);
- MSET("dnCurrentEntryCacheSize");
+ MSET("currentDnCacheSize");
sprintf(buf, "%lu", maxsize);
- MSET("dnMaxEntryCacheSize");
+ MSET("maxDnCacheSize");
sprintf(buf, "%ld", nentries);
- MSET("dnCurrentEntryCacheCount");
+ MSET("currentDnCacheCount");
sprintf(buf, "%ld", maxentries);
- MSET("dnMaxEntryCacheCount");
+ MSET("maxDnCacheCount");
}
#ifdef DEBUG
commit 84264ea9caea02029438e6d631cde7bcd6aab417
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Tue Sep 14 18:05:56 2010 -0700
Bug 625014 - SubTree Renames: ModRDN operation fails and the server hangs if the entry is moved to "under" the same DN.
https://bugzilla.redhat.com/show_bug.cgi?id=625014
Description: adding a check if the newsuperior is the entry itself
or its descendent. If it is, modrdn returns LDAP_UNWILLING_TO_PERFORM.
(cherry picked from commit 20d1e7c8e9280e2175ca843f60a50addc096f134)
Branch: 389-ds-base-1.2.6
diff --git a/ldap/servers/slapd/modrdn.c b/ldap/servers/slapd/modrdn.c
index 6951fb0..77450ed 100644
--- a/ldap/servers/slapd/modrdn.c
+++ b/ldap/servers/slapd/modrdn.c
@@ -79,6 +79,11 @@ do_modrdn( Slapi_PBlock *pb )
int err = 0, deloldrdn = 0;
ber_len_t len = 0;
size_t dnlen = 0;
+ char *newdn = NULL;
+ char *parent = NULL;
+ Slapi_DN sdn = {0};
+ Slapi_DN snewdn = {0};
+ Slapi_DN snewsuperior = {0};
LDAPDebug( LDAP_DEBUG_TRACE, "do_modrdn\n", 0, 0, 0 );
@@ -223,6 +228,38 @@ do_modrdn( Slapi_PBlock *pb )
}
/*
+ * If newsuperior is myself or my descendent, the modrdn should fail.
+ * Note: need to check the case newrdn is given, and newsuperior
+ * uses the newrdn, as well.
+ */
+ /* Both newrdn and dn are already normalized. */
+ parent = slapi_dn_parent(dn);
+ newdn = slapi_ch_smprintf("%s,%s", newrdn, parent);
+ slapi_sdn_set_dn_byref(&sdn, dn);
+ slapi_sdn_set_dn_byref(&snewdn, newdn);
+ slapi_sdn_set_dn_byref(&snewsuperior, newsuperior);
+ if (0 == slapi_sdn_compare(&sdn, &snewsuperior) ||
+ 0 == slapi_sdn_compare(&snewdn, &snewsuperior)) {
+ op_shared_log_error_access(pb, "MODRDN", rawnewsuperior,
+ "new superior is identical to the entry dn");
+ send_ldap_result(pb, LDAP_UNWILLING_TO_PERFORM, NULL,
+ "new superior is identical to the entry dn", 0, NULL);
+ goto free_and_return;
+ }
+ if (slapi_sdn_issuffix(&snewsuperior, &sdn) ||
+ slapi_sdn_issuffix(&snewsuperior, &snewdn)) {
+ /* E.g.,
+ * newsuperior: ou=sub,ou=people,dc=example,dc=com
+ * dn: ou=people,dc=example,dc=com
+ */
+ op_shared_log_error_access(pb, "MODRDN", rawnewsuperior,
+ "new superior is descendent of the entry");
+ send_ldap_result(pb, LDAP_UNWILLING_TO_PERFORM, NULL,
+ "new superior is descendent of the entry", 0, NULL);
+ goto free_and_return;
+ }
+
+ /*
* in LDAPv3 there can be optional control extensions on
* the end of an LDAPMessage. we need to read them in and
* pass them to the backend.
@@ -244,12 +281,19 @@ do_modrdn( Slapi_PBlock *pb )
slapi_pblock_set( pb, SLAPI_MODRDN_DELOLDRDN, &deloldrdn );
op_shared_rename(pb, 1 /* pass in ownership of string arguments */ );
- return;
+ goto ok_return;
free_and_return:
slapi_ch_free_string( &dn );
slapi_ch_free_string( &newrdn );
slapi_ch_free_string( &newsuperior );
+ok_return:
+ slapi_sdn_done(&sdn);
+ slapi_sdn_done(&snewdn);
+ slapi_sdn_done(&snewsuperior);
+ slapi_ch_free_string(&parent);
+ slapi_ch_free_string(&newdn);
+
return;
}
@@ -387,7 +431,7 @@ op_shared_rename(Slapi_PBlock *pb, int passin_args)
char **rdns;
int deloldrdn;
Slapi_Backend *be = NULL;
- Slapi_DN sdn;
+ Slapi_DN sdn = {0};
Slapi_Mods smods;
char dnbuf[BUFSIZ];
char newrdnbuf[BUFSIZ];
commit 2e7494f527d35c79de2ca9e481d967d68fc2746f
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Wed Aug 11 17:06:41 2010 -0700
Bug 623118 - Simplepaged results going in infinite loop
if a sub suffix exists in the domain
https://bugzilla.redhat.com/show_bug.cgi?id=623118
Description: When paging is done on a backend, and if there are
more sub backends to be searched and paged, simple paged code is
supposed to set the next backend to connection->c_current_be.
The setting was missing.
(cherry picked from commit b44e8f4f2f5b399698e97e47e6fd211932e96719)
Branch: 389-ds-base-1.2.6
diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
index 29bb3ce..af6bede 100644
--- a/ldap/servers/slapd/opshared.c
+++ b/ldap/servers/slapd/opshared.c
@@ -571,6 +571,10 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
curr_search_count = -1;
} else {
curr_search_count = pnentries;
+ /* no more entries, but at least another backend */
+ if (pagedresults_set_current_be(pb->pb_conn, next_be) < 0) {
+ goto free_and_return;
+ }
}
} else {
curr_search_count = pnentries;
commit 5af5b5de59522a14c52b0273e6cef0b49e0758cb
Author: Nathan Kinder <nkinder(a)redhat.com>
Date: Fri Oct 1 14:11:20 2010 -0700
Bug 522055 - Scope check for managed attribute fails
When using the linked attribute plug-in, an entry that is renamed
that is outside of the scope of the plug-in will cause the forward
links in other entries to be updated if they contain a managed
attribute type.
We need to check if the new DN of the renamed entry is within the
scope of the configured linked attributes before updating forward
links.
(cherry picked from commit a82f61269d69882d19b15def70de68906ed5740e)
Branch: 389-ds-base-1.2.6
diff --git a/ldap/servers/plugins/linkedattrs/linked_attrs.c b/ldap/servers/plugins/linkedattrs/linked_attrs.c
index 822f6c0..5ac731c 100644
--- a/ldap/servers/plugins/linkedattrs/linked_attrs.c
+++ b/ldap/servers/plugins/linkedattrs/linked_attrs.c
@@ -1928,7 +1928,8 @@ linked_attrs_modrdn_post_op(Slapi_PBlock *pb)
linked_attrs_find_config_reverse(slapi_value_get_string(val),
type, &config);
- if (config) {
+ /* If the new DN is within scope, we should fixup the forward links. */
+ if (config && slapi_dn_issuffix(new_dn, (config->scope))) {
Slapi_ValueSet *vals = slapi_valueset_new();
slapi_valueset_add_value(vals, val);
commit 9a95211bfc3e45fa72e3229f3c64e59fa42eced2
Author: Nathan Kinder <nkinder(a)redhat.com>
Date: Mon Oct 18 09:33:11 2010 -0700
Bug 643937 - Initialize replication version flags
The flags used to identity the replication protocol versions for
7.1 and 9.0 are not being initialized. This can cause the wrong
protocol to be used when replicating to another server. This
patch initializes the flags to 0 when the structures are created.
(cherry picked from commit 52632d7cfbb74b98fc807a7c5b831f0f2f428c57)
Branch: 389-ds-base-1.2.6
diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c
index 6475eb8..b82ca8b 100644
--- a/ldap/servers/plugins/replication/repl5_inc_protocol.c
+++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c
@@ -2101,6 +2101,8 @@ Repl_5_Inc_Protocol_new(Repl_Protocol *rp)
prp->private = (void *)rip;
prp->replica_acquired = PR_FALSE;
prp->repl50consumer = 0;
+ prp->repl71consumer = 0;
+ prp->repl90consumer = 0;
return prp;
loser:
repl5_inc_delete(&prp);
diff --git a/ldap/servers/plugins/replication/repl5_tot_protocol.c b/ldap/servers/plugins/replication/repl5_tot_protocol.c
index 8e26f47..0f66eef 100644
--- a/ldap/servers/plugins/replication/repl5_tot_protocol.c
+++ b/ldap/servers/plugins/replication/repl5_tot_protocol.c
@@ -578,6 +578,8 @@ Repl_5_Tot_Protocol_new(Repl_Protocol *rp)
prp->private = (void *)rip;
prp->replica_acquired = PR_FALSE;
prp->repl50consumer = 0;
+ prp->repl71consumer = 0;
+ prp->repl90consumer = 0;
return prp;
loser:
repl5_tot_delete(&prp);
commit 54150f2102c26981a135ea3aa7461e9bcdceecdc
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Mon Sep 13 14:28:46 2010 -0600
Only check modrdn ops for backend/suffix correctness if not the default backend
The function slapi_mapping_tree_select_and_check() is only called for
modrdn operations, to make sure we are not attempting to rename a suffix
or move an entry from one backend to another. This defeats datainterop
plugins that may want to perform some other operation in these cases. If
the target suffix/backend is not found, the default backend is used. If
the default backend is being used, don't check for all errors, just allow
the operation to pass through to the preop plugins.
Need to make sure this doesn't cause problems if
1) null suffix is not used - entry really is bogus or doesn't exist
2) null suffix is being used but entry belongs to another null suffix or
is really bogus
Reviewed by: nhosoi (Thanks!)
Tested on: Fedora 14 x86_64
Branch: 389_1.2.6
(cherry picked from commit 09baba59e5b457efe8e0f44fc8cc7bc850ddb50c)
diff --git a/ldap/servers/slapd/mapping_tree.c b/ldap/servers/slapd/mapping_tree.c
index a67ec2a..57e214e 100644
--- a/ldap/servers/slapd/mapping_tree.c
+++ b/ldap/servers/slapd/mapping_tree.c
@@ -2291,6 +2291,7 @@ int slapi_mapping_tree_select_and_check(Slapi_PBlock *pb,char *newdn, Slapi_Back
Slapi_DN *target_sdn = NULL;
Slapi_DN dn_newdn;
Slapi_Backend * new_be = NULL;
+ Slapi_Backend * def_be = defbackend_get_backend();
Slapi_Entry * new_referral = NULL;
mapping_tree_node *target_node;
int index;
@@ -2329,7 +2330,7 @@ int slapi_mapping_tree_select_and_check(Slapi_PBlock *pb,char *newdn, Slapi_Back
{
/* suffix is a part of mapping tree. We should not free it */
const Slapi_DN *suffix = slapi_get_suffix_by_dn(target_sdn);
- if (NULL == suffix)
+ if ((*be != def_be) && (NULL == suffix))
{
ret = LDAP_NO_SUCH_OBJECT;
PR_snprintf(errorbuf, BUFSIZ,
@@ -2337,7 +2338,7 @@ int slapi_mapping_tree_select_and_check(Slapi_PBlock *pb,char *newdn, Slapi_Back
slapi_sdn_get_dn(target_sdn));
goto unlock_and_return;
}
- if (0 == slapi_sdn_compare(target_sdn, suffix))
+ if (suffix && (0 == slapi_sdn_compare(target_sdn, suffix)))
{
/* target_sdn is a suffix */
const Slapi_DN *new_suffix = NULL;
commit b2921c914b7cd18569c9812dfd27b19e8a57bfe9
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Thu Sep 2 14:15:09 2010 -0700
Bug 629710 - escape_string does not check '\<HEX><HEX>'
https://bugzilla.redhat.com/show_bug.cgi?id=629710
Resolves: 629710
Description: do_escape_string (core of escape_string) converts
'\\ (backslash)' to '\5C' even if the following 2 characters are
hex digits. That is, the character is already escaped. This
patch checks the case and if it is, it does not escape it further.
(cherry picked from commit 34c0dfe8e862d86591823004150e777b1e035b6e)
Branch: 389-ds-base-1.2.6
diff --git a/ldap/servers/slapd/util.c b/ldap/servers/slapd/util.c
index fccee11..8d91813 100644
--- a/ldap/servers/slapd/util.c
+++ b/ldap/servers/slapd/util.c
@@ -73,19 +73,23 @@
static int special_np(unsigned char c)
{
- if(c < 32 || c > 126) {
- return UTIL_ESCAPE_HEX;
- } else if ((c== '"') || (c=='\\'))
- {
- return UTIL_ESCAPE_HEX;
- }
+ if (c == '\\') {
+ return UTIL_ESCAPE_BACKSLASH;
+ }
+ if (c < 32 || c > 126 || c == '"') {
+ return UTIL_ESCAPE_HEX;
+ }
return UTIL_ESCAPE_NONE;
}
static int special_np_and_punct(unsigned char c)
{
- if (c < 32 || c > 126 || c == '*') return UTIL_ESCAPE_HEX;
- if (c == '\\' || c == '"') return UTIL_ESCAPE_BACKSLASH;
+ if (c == '\\') {
+ return UTIL_ESCAPE_BACKSLASH;
+ }
+ if (c < 32 || c > 126 || c == '"' || c == '*') {
+ return UTIL_ESCAPE_HEX;
+ }
return UTIL_ESCAPE_NONE;
}
@@ -142,16 +146,26 @@ do_escape_string (
break;
}
do {
- *bufNext++ = '\\'; --bufSpace;
- if (bufSpace < 2) {
- memcpy (bufNext, "..", 2);
- bufNext += 2;
- goto bail;
- }
if (esc == UTIL_ESCAPE_BACKSLASH) {
- *bufNext++ = *s; --bufSpace;
+ /* *s is '\\' */
+ /* If *(s+1) and *(s+2) are both hex digits,
+ * the char is already escaped. */
+ if (isxdigit(*(s+1)) && isxdigit(*(s+2))) {
+ memcpy(bufNext, s, 3);
+ bufNext += 3;
+ bufSpace -= 3;
+ s += 2;
+ } else {
+ *bufNext++ = *s; --bufSpace;
+ }
} else { /* UTIL_ESCAPE_HEX */
- sprintf (bufNext, "%02x", (unsigned)*(unsigned char*)s);
+ *bufNext++ = '\\'; --bufSpace;
+ if (bufSpace < 3) {
+ memcpy(bufNext, "..", 2);
+ bufNext += 2;
+ goto bail;
+ }
+ PR_snprintf(bufNext, 3, "%02x", *(unsigned char*)s);
bufNext += 2; bufSpace -= 2;
}
} while (++s <= last &&
commit 483da62ad4ebc39faf74610f2a6fcfe3334a2b19
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Thu Sep 2 12:06:25 2010 -0600
use slapi_mods_init_passin/get_ldapmods_passout if modifying the smods
When using slapi_mods_init_byref/get_ldapmods_byref, the slapi_mods code
expects the Slapi_Mods to be read-only. Since the usn code adds a mod
to the list, it needs to use the slapi_mods_init_passin/get_ldapmods_passout
APIs. This avoids an assertion when using --enable-debug.
(cherry picked from commit 3c4185bb9fad50b44dc86b961d2e85535afe5e56)
Branch: 389-ds-base-1.2.6
diff --git a/ldap/servers/plugins/usn/usn.c b/ldap/servers/plugins/usn/usn.c
index 992a9ae..7dc9051 100644
--- a/ldap/servers/plugins/usn/usn.c
+++ b/ldap/servers/plugins/usn/usn.c
@@ -373,12 +373,12 @@ _usn_mod_next_usn(LDAPMod ***mods, Slapi_Backend *be)
bvals[0] = &usn_berval;
bvals[1] = NULL;
- slapi_mods_init_byref(&smods, *mods);
+ slapi_mods_init_passin(&smods, *mods);
/* bvals is duplicated by ber_bvdup in slapi_mods_add_modbvps */
slapi_mods_add_modbvps(&smods, LDAP_MOD_REPLACE | LDAP_MOD_BVALUES,
SLAPI_ATTR_ENTRYUSN, bvals);
- *mods = slapi_mods_get_ldapmods_byref(&smods);
+ *mods = slapi_mods_get_ldapmods_passout(&smods);
slapi_log_error(SLAPI_LOG_TRACE, USN_PLUGIN_SUBSYSTEM,
"<-- _usn_mod_next_usn\n");
commit 71a8c8c137ed2c5a374864390da7ca8e08cd7769
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Thu Aug 26 11:13:48 2010 -0600
ger should support both "dn" and "distinguishedName"
the name "dn" is being deprecated - the standard attribute name is
"distinguishedName" - ger should support both of these
(cherry picked from commit 8db7b8aa30e9cca9ab3bea380de2e81c85bb05fb)
Branch: 389-ds-base-1.2.6
diff --git a/ldap/servers/plugins/acl/acleffectiverights.c b/ldap/servers/plugins/acl/acleffectiverights.c
index 013c088..5edce85 100644
--- a/ldap/servers/plugins/acl/acleffectiverights.c
+++ b/ldap/servers/plugins/acl/acleffectiverights.c
@@ -702,7 +702,8 @@ _ger_get_attrs_rights (
{
if (charray_inlist(allattrs, attrs[i]) ||
charray_inlist(opattrs, attrs[i]) ||
- (0 == strcasecmp(attrs[i], "dn")))
+ (0 == strcasecmp(attrs[i], "dn")) ||
+ (0 == strcasecmp(attrs[i], "distinguishedName")))
{
_ger_get_attr_rights ( gerpb, e, subjectndn, attrs[i],
gerstr, gerstrsize, gerstrcap, isfirstattr, errbuf );
commit 577d0067856879a2c38be0e9324108ce45b6d686
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Fri Oct 15 15:17:52 2010 -0700
Bug 643532 - Incorrect DNs sometimes returned on searches
https://bugzilla.redhat.com/show_bug.cgi?id=643532
Description: Some of the functions in ldbm_entryrdn.c uses
static memory for reading data from the entryrdn index, where
the static initializer should not have been used since the
memory cannot be shared among threads. This patch fixes it.
(cherry picked from commit f39aab7b4fc39a2c0797424314cfc638c33f482e)
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
index 36fbe93..4b2bad1 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
@@ -1006,7 +1006,6 @@ entryrdn_lookup_dn(backend *be,
DBC *cursor = NULL;
DB_TXN *db_txn = (txn != NULL) ? txn->back_txn_txn : NULL;
DBT key, data;
- static char buffer[RDN_BULK_FETCH_BUFFER_SIZE];
char *keybuf = NULL;
Slapi_RDN *srdn = NULL;
char *orignrdn = NULL;
@@ -1064,10 +1063,7 @@ entryrdn_lookup_dn(backend *be,
/* Setting the bulk fetch buffer */
memset(&data, 0, sizeof(data));
- data.ulen = sizeof(buffer);
- data.size = sizeof(buffer);
- data.data = buffer;
- data.flags = DB_DBT_USERMEM;
+ data.flags = DB_DBT_MALLOC;
do {
/* Setting up a key for the node to get its parent */
@@ -1131,6 +1127,7 @@ retry_get1:
workid = id_stored_to_internal(elem->rdn_elem_id);
/* 1 is byref, and the dup'ed rdn is freed with srdn */
slapi_rdn_add_rdn_to_all_rdns(srdn, slapi_ch_strdup(RDN_ADDR(elem)), 1);
+ slapi_ch_free(&data.data);
} while (workid);
if (0 == workid) {
@@ -1138,6 +1135,7 @@ retry_get1:
}
bail:
+ slapi_ch_free(&data.data);
/* Close the cursor */
if (cursor) {
int myrc = cursor->c_close(cursor);
@@ -1764,7 +1762,7 @@ _entryrdn_replace_suffix_id(DBC *cursor, DBT *key, DBT *adddata,
char *keybuf = NULL;
char *realkeybuf = NULL;
DBT realkey;
- static char buffer[RDN_BULK_FETCH_BUFFER_SIZE];
+ char buffer[RDN_BULK_FETCH_BUFFER_SIZE];
DBT data;
DBT moddata;
rdn_elem **childelems = NULL;
@@ -2679,7 +2677,7 @@ _entryrdn_index_read(backend *be,
/* get the child elems */
if (childelems) {
- static char buffer[RDN_BULK_FETCH_BUFFER_SIZE];
+ char buffer[RDN_BULK_FETCH_BUFFER_SIZE];
slapi_ch_free_string(&keybuf);
keybuf = slapi_ch_smprintf("%c%u:%s", RDN_INDEX_CHILD, id, nrdn);
@@ -2768,7 +2766,7 @@ _entryrdn_append_childidl(DBC *cursor,
/* E.g., C5:ou=accounting */
char *keybuf = slapi_ch_smprintf("%c%u:%s", RDN_INDEX_CHILD, id, nrdn);
DBT key, data;
- static char buffer[RDN_BULK_FETCH_BUFFER_SIZE];
+ char buffer[RDN_BULK_FETCH_BUFFER_SIZE];
int rc = 0;
key.data = keybuf;
commit fc52c78f1f47371fec6f8cfd16ae491d89db0eae
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Thu Oct 14 17:27:46 2010 -0600
bump to version 1.2.6.2
diff --git a/VERSION.sh b/VERSION.sh
index af18f3c..19df189 100644
--- a/VERSION.sh
+++ b/VERSION.sh
@@ -10,7 +10,7 @@ vendor="389 Project"
# PACKAGE_VERSION is constructed from these
VERSION_MAJOR=1
VERSION_MINOR=2
-VERSION_MAINT=6.1
+VERSION_MAINT=6.2
# if this is a PRERELEASE, set VERSION_PREREL
# otherwise, comment it out
# be sure to include the dot prefix in the prerel
commit 998ce61617bd24b696df827fc684c9c192240702
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Mon Oct 11 16:39:54 2010 -0700
Bug 637852 - sasl_io_start_packet: failed - read only 3 bytes
of sasl packet length on connection 4
https://bugzilla.redhat.com/show_bug.cgi?id=637852
Description: A SASL packet is made from the 4 byte length and
the length size of payload. When the first 4 bytes were not
successfully received by one PR_Recv call, sasl_io_start_packet
in sasl_io.c considered an error occurred and set PR_IO_ERROR,
which terminates the SASL IO session.
To give clients a chance to send the rest of the length in the
next packet, this patch sets PR_WOULD_BLOCK_ERROR to the nspr
error code and EWOULDBLOCK/EAGAIN to errno and once the succeeding
packet comes in, it appends it to the previous incomplete length
data and continues the SASL IO.
Branch: 389-ds-base-1.2.6
cherry picked from master 310c056b2f39c534701b1ee1d1ec4755d4192f70
diff --git a/ldap/servers/slapd/sasl_io.c b/ldap/servers/slapd/sasl_io.c
index b831a86..ac0694f 100644
--- a/ldap/servers/slapd/sasl_io.c
+++ b/ldap/servers/slapd/sasl_io.c
@@ -209,11 +209,13 @@ sasl_io_start_packet(PRFileDesc *fd, PRIntn flags, PRIntervalTime timeout, PRInt
size_t saslio_limit;
sasl_io_private *sp = sasl_get_io_private(fd);
Connection *c = sp->conn;
+ PRInt32 amount = sizeof(buffer);
*err = 0;
debug_print_layers(fd);
+ amount -= sp->encrypted_buffer_offset;
/* first we need the length bytes */
- ret = PR_Recv(fd->lower, buffer, sizeof(buffer), flags, timeout);
+ ret = PR_Recv(fd->lower, buffer, amount, flags, timeout);
LDAPDebug( LDAP_DEBUG_CONNS,
"read sasl packet length returned %d on connection %" NSPRIu64 "\n", ret, c->c_connid, 0 );
if (ret <= 0) {
@@ -228,49 +230,57 @@ sasl_io_start_packet(PRFileDesc *fd, PRIntn flags, PRIntervalTime timeout, PRInt
return ret;
}
/*
- * NOTE: A better way to do this would be to read the bytes and add them to
- * sp->encrypted_buffer - if offset < 4, tell caller we didn't read enough
- * bytes yet - if offset >= 4, decode the length and proceed. However, it
- * is highly unlikely that a request to read 4 bytes will return < 4 bytes,
- * perhaps only in error conditions, in which case the ret < 0 case above
- * will run
+ * Read the bytes and add them to sp->encrypted_buffer
+ * - if offset < 4, tell caller we didn't read enough bytes yet
+ * - if offset >= 4, decode the length and proceed.
*/
if (ret < sizeof(buffer)) {
- LDAPDebug( LDAP_DEBUG_ANY,
- "sasl_io_start_packet: failed - read only %d bytes of sasl packet length on connection %" NSPRIu64 "\n", ret, c->c_connid, 0 );
- PR_SetError(PR_IO_ERROR, 0);
- return -1;
+ memcpy(sp->encrypted_buffer + sp->encrypted_buffer_offset, buffer, ret);
+ sp->encrypted_buffer_offset += ret;
+ if (sp->encrypted_buffer_offset < sizeof(buffer)) {
+ LDAPDebug2Args( LDAP_DEBUG_CONNS,
+ "sasl_io_start_packet: read only %d bytes of sasl packet "
+ "length on connection %" NSPRIu64 "\n", ret, c->c_connid );
+#if defined(EWOULDBLOCK)
+ errno = EWOULDBLOCK;
+#elif defined(EAGAIN)
+ errno = EAGAIN;
+#endif
+ PR_SetError(PR_WOULD_BLOCK_ERROR, errno);
+ return PR_FAILURE;
+ }
+ } else {
+ memcpy(sp->encrypted_buffer, buffer, sizeof(buffer));
+ sp->encrypted_buffer_offset = sizeof(buffer);
}
- if (ret == sizeof(buffer)) {
- /* Decode the length (could use ntohl here ??) */
- packet_length = buffer[0] << 24 | buffer[1] << 16 | buffer[2] << 8 | buffer[3];
- /* add length itself (for Cyrus SASL library) */
- packet_length += 4;
-
- LDAPDebug( LDAP_DEBUG_CONNS,
- "read sasl packet length %ld on connection %" NSPRIu64 "\n", packet_length, c->c_connid, 0 );
+ /* At this point, sp->encrypted_buffer_offset == sizeof(buffer) */
+ /* Decode the length */
+ packet_length = ntohl(*(uint32_t *)sp->encrypted_buffer);
+ /* add length itself (for Cyrus SASL library) */
+ packet_length += sizeof(uint32_t);
- /* Check if the packet length is larger than our max allowed. A
- * setting of -1 means that we allow any size SASL IO packet. */
- saslio_limit = config_get_maxsasliosize();
- if(((long)saslio_limit != -1) && (packet_length > saslio_limit)) {
- LDAPDebug( LDAP_DEBUG_ANY,
+ LDAPDebug2Args( LDAP_DEBUG_CONNS,
+ "read sasl packet length %ld on connection %" NSPRIu64 "\n",
+ packet_length, c->c_connid );
+
+ /* Check if the packet length is larger than our max allowed. A
+ * setting of -1 means that we allow any size SASL IO packet. */
+ saslio_limit = config_get_maxsasliosize();
+ if(((long)saslio_limit != -1) && (packet_length > saslio_limit)) {
+ LDAPDebug2Args( LDAP_DEBUG_ANY,
"SASL encrypted packet length exceeds maximum allowed limit (length=%ld, limit=%ld)."
" Change the nsslapd-maxsasliosize attribute in cn=config to increase limit.\n",
- packet_length, config_get_maxsasliosize(), 0);
- PR_SetError(PR_BUFFER_OVERFLOW_ERROR, 0);
- *err = PR_BUFFER_OVERFLOW_ERROR;
- return -1;
- }
-
- sasl_io_resize_encrypted_buffer(sp, packet_length);
- /* Cyrus SASL implementation expects to have the length at the first
- 4 bytes */
- memcpy(sp->encrypted_buffer, buffer, 4);
- sp->encrypted_buffer_count = packet_length;
- sp->encrypted_buffer_offset = 4;
+ packet_length, config_get_maxsasliosize() );
+ PR_SetError(PR_BUFFER_OVERFLOW_ERROR, 0);
+ *err = PR_BUFFER_OVERFLOW_ERROR;
+ return -1;
}
+ sasl_io_resize_encrypted_buffer(sp, packet_length);
+ /* Cyrus SASL implementation expects to have the length at the first
+ 4 bytes */
+ sp->encrypted_buffer_count = packet_length;
+
return 1;
}
@@ -344,7 +354,12 @@ sasl_io_recv(PRFileDesc *fd, void *buf, PRInt32 len, PRIntn flags,
if (!sasl_io_finished_packet(sp)) {
LDAPDebug( LDAP_DEBUG_CONNS,
"sasl_io_recv for connection %" NSPRIu64 " - not finished reading packet yet\n", c->c_connid, 0, 0 );
- PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
+#if defined(EWOULDBLOCK)
+ errno = EWOULDBLOCK;
+#elif defined(EAGAIN)
+ errno = EAGAIN;
+#endif
+ PR_SetError(PR_WOULD_BLOCK_ERROR, errno);
return PR_FAILURE;
}
/* We have the full encrypted buffer now - decrypt it */
@@ -355,6 +370,9 @@ sasl_io_recv(PRFileDesc *fd, void *buf, PRInt32 len, PRIntn flags,
"sasl_io_recv finished reading packet for connection %" NSPRIu64 "\n", c->c_connid );
/* Now decode it */
ret = sasl_decode(c->c_sasl_conn,sp->encrypted_buffer,sp->encrypted_buffer_count,&output_buffer,&output_length);
+ /* even if decode fails, need re-initialize the encrypted_buffer */
+ sp->encrypted_buffer_offset = 0;
+ sp->encrypted_buffer_count = 0;
if (SASL_OK == ret) {
LDAPDebug2Args( LDAP_DEBUG_CONNS,
"sasl_io_recv decoded packet length %d for connection %" NSPRIu64 "\n", output_length, c->c_connid );
@@ -363,8 +381,6 @@ sasl_io_recv(PRFileDesc *fd, void *buf, PRInt32 len, PRIntn flags,
memcpy(sp->decrypted_buffer,output_buffer,output_length);
sp->decrypted_buffer_count = output_length;
sp->decrypted_buffer_offset = 0;
- sp->encrypted_buffer_offset = 0;
- sp->encrypted_buffer_count = 0;
bytes_in_buffer = output_length;
}
} else {
@@ -460,7 +476,12 @@ sasl_io_send(PRFileDesc *fd, const void *buf, PRInt32 amount,
(sp->send_size - sp->send_offset) );
sp->send_offset += ret;
ret = PR_FAILURE;
- PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
+#if defined(EWOULDBLOCK)
+ errno = EWOULDBLOCK;
+#elif defined(EAGAIN)
+ errno = EAGAIN;
+#endif
+ PR_SetError(PR_WOULD_BLOCK_ERROR, errno);
}
/* else - ret is error - caller will handle */
} else {
commit 009b9dd1277d2522778d1da3931e8aded01321cc
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Tue Oct 5 09:31:15 2010 -0700
Bug 639289 - Adding a new CN entry with UpperCase UTF-8 Character
https://bugzilla.redhat.com/show_bug.cgi?id=639289
Description:
There was a bug in the utf8 uppe2Lower table:
Character İ (LATIN CAPITAL LETTER I WITH DOT ABOVE) did not map
to the corresponding LATIN SMALL LETTER DOTLESS I (2 bytes) but
to ascii 'i' (1 byte). The shortened DN tailed with a garbage
character and the entry was treated as an orphan entry which does
not belong to any suffix.
This patch fixes the mapping table mismatch as well as adds a code
to dn_ignore_case_to_end to force to NULL terminate the converted
string.
Branch: 389-ds-base-1.2.6
(cherry picked from commit 76c33394c21a64a7c20047f72196b31dfdf233f0)
diff --git a/ldap/servers/slapd/dn.c b/ldap/servers/slapd/dn.c
index e50ec76..172a829 100644
--- a/ldap/servers/slapd/dn.c
+++ b/ldap/servers/slapd/dn.c
@@ -1240,6 +1240,9 @@ dn_ignore_case_to_end( char *dn, char *end )
s += ssz, d += dsz) {
slapi_utf8ToLower( s, d, &ssz, &dsz );
}
+ if (d) {
+ *d = '\0'; /* utf8ToLower result may be shorter than the original */
+ }
return( dn );
}
diff --git a/ldap/servers/slapd/utf8compare.c b/ldap/servers/slapd/utf8compare.c
index 5d28b8c..12cdf22 100644
--- a/ldap/servers/slapd/utf8compare.c
+++ b/ldap/servers/slapd/utf8compare.c
@@ -133,7 +133,7 @@ UpperLowerTbl_t Upper2LowerTbl21[] = {
{"\304\252", "\304\253", 2},
{"\304\254", "\304\255", 2},
{"\304\256", "\304\257", 2},
- {"\304\260", "\151", 1},
+ {"\304\260", "\304\261", 2},
{"\304\262", "\304\263", 2},
{"\304\264", "\304\265", 2},
{"\304\266", "\304\267", 2},
11 years, 10 months
Branch '389-ds-base-1.2.7' - ldap/servers
by Richard Allen Megginson
ldap/servers/slapd/back-ldbm/ldbm_search.c | 8 ++++-
ldap/servers/slapd/opshared.c | 10 +++++++
ldap/servers/slapd/pagedresults.c | 40 +++++++++++++++++++++++++++++
ldap/servers/slapd/proto-slap.h | 2 +
ldap/servers/slapd/slap.h | 3 ++
5 files changed, 61 insertions(+), 2 deletions(-)
New commits:
commit 77717b89e1497f4bfe0fca66129eed4299dcc07e
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Thu Jan 13 13:44:15 2011 -0700
Bug 666076 - dirsrv crash (1.2.7.5) with multiple simple paged result searches
https://bugzilla.redhat.com/show_bug.cgi?id=666076
Resolves: bug 666076
Bug Description: dirsrv crash (1.2.7.5) with multiple simple paged result searches
Reviewed by: nkinder, nhosoi (Thanks!)
Branch: master
Fix Description: Only allow one simple paged results search per-connection
at a time. The new function pagedresults_check_or_set_processing() will
check the flag in the connection to see if pagedresults processing is in
progress. If so, the function will return True and the search will terminate
with LDAP_UNWILLING_TO_PERFORM (as per section 3 in RFC 2696, a server is
allowed to return unwillingToPerform if there is a limit to the number of
outstanding paged search requests from a given client). The processing
flag will be reset once the search result has been sent to the client.
Since the problem is multiple threads in the same connection accessing
the pagedresults data, the workaround is to just set
nsslapd-maxthreadsperconn: 1
in cn=config in dse.ldif.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_search.c b/ldap/servers/slapd/back-ldbm/ldbm_search.c
index 568d32c..19a6bac 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_search.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_search.c
@@ -1169,6 +1169,7 @@ ldbm_back_next_search_entry_ext( Slapi_PBlock *pb, int use_extension )
if ( !use_extension )
{
CACHE_RETURN( &inst->inst_cache, &(sr->sr_entry) );
+ sr->sr_entry = NULL;
}
if(sr->sr_vlventry != NULL && !use_extension )
@@ -1207,7 +1208,6 @@ ldbm_back_next_search_entry_ext( Slapi_PBlock *pb, int use_extension )
curtime = current_time();
if ( tlimit != -1 && curtime > stoptime )
{
- slapi_send_ldap_result( pb, LDAP_TIMELIMIT_EXCEEDED, NULL, NULL, nentries, urls );
/* in case paged results, clean up the conn */
pagedresults_set_search_result(pb->pb_conn, NULL);
slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET, NULL );
@@ -1218,13 +1218,13 @@ ldbm_back_next_search_entry_ext( Slapi_PBlock *pb, int use_extension )
slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_ENTRY, NULL );
delete_search_result_set( &sr );
rc = SLAPI_FAIL_GENERAL;
+ slapi_send_ldap_result( pb, LDAP_TIMELIMIT_EXCEEDED, NULL, NULL, nentries, urls );
goto bail;
}
/* check lookthrough limit */
if ( llimit != -1 && sr->sr_lookthroughcount >= llimit )
{
- slapi_send_ldap_result( pb, LDAP_ADMINLIMIT_EXCEEDED, NULL, NULL, nentries, urls );
/* in case paged results, clean up the conn */
pagedresults_set_search_result(pb->pb_conn, NULL);
slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET, NULL );
@@ -1235,6 +1235,7 @@ ldbm_back_next_search_entry_ext( Slapi_PBlock *pb, int use_extension )
slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_ENTRY, NULL );
delete_search_result_set( &sr );
rc = SLAPI_FAIL_GENERAL;
+ slapi_send_ldap_result( pb, LDAP_ADMINLIMIT_EXCEEDED, NULL, NULL, nentries, urls );
goto bail;
}
@@ -1424,12 +1425,14 @@ ldbm_back_next_search_entry_ext( Slapi_PBlock *pb, int use_extension )
else
{
CACHE_RETURN ( &inst->inst_cache, &(sr->sr_entry) );
+ sr->sr_entry = NULL;
}
}
else
{
/* Failed the filter test, and this isn't a VLV Search */
CACHE_RETURN( &inst->inst_cache, &(sr->sr_entry) );
+ sr->sr_entry = NULL;
if (LDAP_UNWILLING_TO_PERFORM == filter_test) {
/* Need to catch this error to detect the vattr loop */
slapi_send_ldap_result( pb, filter_test, NULL,
@@ -1489,6 +1492,7 @@ delete_search_result_set( back_search_result_set **sr )
{
idl_free( (*sr)->sr_candidates );
}
+ memset( *sr, 0, sizeof( back_search_result_set ) );
slapi_ch_free( (void**)sr );
}
diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
index a2684f9..a12ad04 100644
--- a/ldap/servers/slapd/opshared.c
+++ b/ldap/servers/slapd/opshared.c
@@ -225,6 +225,7 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
Slapi_Backend *pr_be = NULL;
void *pr_search_result = NULL;
int pr_search_result_count = 0;
+ int pr_reset_processing = 0;
be_list[0] = NULL;
referral_list[0] = NULL;
@@ -395,6 +396,12 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
&pagesize, &curr_search_count);
if (LDAP_SUCCESS == rc) {
unsigned int opnote = SLAPI_OP_NOTE_SIMPLEPAGED;
+ if (pagedresults_check_or_set_processing(pb->pb_conn)) {
+ send_ldap_result(pb, LDAP_UNWILLING_TO_PERFORM,
+ NULL, "Simple Paged Results Search already in progress on this connection", 0, NULL);
+ goto free_and_return_nolock;
+ }
+ pr_reset_processing = 1; /* need to reset after we are done with this op */
operation->o_flags |= OP_FLAG_PAGED_RESULTS;
pr_be = pagedresults_get_current_be(pb->pb_conn);
pr_search_result = pagedresults_get_search_result(pb->pb_conn);
@@ -879,6 +886,9 @@ free_and_return:
slapi_sdn_done(&sdn);
slapi_ch_free_string(&proxydn);
slapi_ch_free_string(&proxystr);
+ if (pr_reset_processing) {
+ pagedresults_reset_processing(pb->pb_conn);
+ }
}
/* Returns 1 if this processing on this entry is finished
diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
index 47b3490..172e3a9 100644
--- a/ldap/servers/slapd/pagedresults.c
+++ b/ldap/servers/slapd/pagedresults.c
@@ -364,6 +364,7 @@ pagedresults_set_timelimit(Connection *conn, time_t timelimit)
}
/*
+ * must be called with conn->c_mutex held
* return values
* 0: not a simple paged result connection
* 1: simple paged result and successfully abandoned
@@ -383,7 +384,46 @@ pagedresults_cleanup(Connection *conn)
conn->c_current_be = 0;
conn->c_search_result_count = 0;
conn->c_timelimit = 0;
+ conn->c_flags &= ~CONN_FLAG_PAGEDRESULTS_PROCESSING;
rc = 1;
}
return rc;
}
+
+/*
+ * check to see if this connection is currently processing
+ * a pagedresults search - if it is, return True - if not,
+ * mark that it is processing, and return False
+ */
+int
+pagedresults_check_or_set_processing(Connection *conn)
+{
+ int ret = 0;
+ if (conn) {
+ PR_Lock(conn->c_mutex);
+ ret = conn->c_flags&CONN_FLAG_PAGEDRESULTS_PROCESSING;
+ /* if ret is true, the following doesn't do anything */
+ conn->c_flags |= CONN_FLAG_PAGEDRESULTS_PROCESSING;
+ PR_Unlock(conn->c_mutex);
+ }
+ return ret;
+}
+
+/*
+ * mark the connection as being done with pagedresults
+ * processing - returns True if it was processing,
+ * False otherwise
+ */
+int
+pagedresults_reset_processing(Connection *conn)
+{
+ int ret = 0;
+ if (conn) {
+ PR_Lock(conn->c_mutex);
+ ret = conn->c_flags&CONN_FLAG_PAGEDRESULTS_PROCESSING;
+ /* if ret is false, the following doesn't do anything */
+ conn->c_flags &= ~CONN_FLAG_PAGEDRESULTS_PROCESSING;
+ PR_Unlock(conn->c_mutex);
+ }
+ return ret;
+}
diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
index 1a8c6e5..c46b623 100644
--- a/ldap/servers/slapd/proto-slap.h
+++ b/ldap/servers/slapd/proto-slap.h
@@ -1380,6 +1380,8 @@ int pagedresults_get_sort_result_code(Connection *conn);
int pagedresults_set_sort_result_code(Connection *conn, int code);
int pagedresults_set_timelimit(Connection *conn, time_t timelimit);
int pagedresults_cleanup(Connection *conn);
+int pagedresults_check_or_set_processing(Connection *conn);
+int pagedresults_reset_processing(Connection *conn);
/*
* sort.c
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
index d71367f..f02eb3b 100644
--- a/ldap/servers/slapd/slap.h
+++ b/ldap/servers/slapd/slap.h
@@ -1395,6 +1395,9 @@ typedef struct conn {
#define CONN_FLAG_PAGEDRESULTS_UNINDEXED 128 /* If the search is unindexed,
* store the info in c_flags
*/
+#define CONN_FLAG_PAGEDRESULTS_PROCESSING 256 /* there is an operation
+ * processing a pagedresults search
+ */
#define CONN_GET_SORT_RESULT_CODE (-1)
#define START_TLS_OID "1.3.6.1.4.1.1466.20037"
11 years, 10 months
2 commits - ldap/servers
by Mark Reynolds
ldap/servers/slapd/back-ldbm/instance.c | 136 ++----
ldap/servers/slapd/back-ldbm/ldbm_attr.c | 323 +++++++--------
ldap/servers/slapd/back-ldbm/ldbm_config.h | 3
ldap/servers/slapd/back-ldbm/ldbm_index_config.c | 469 +++++++++++++++--------
ldap/servers/slapd/back-ldbm/ldif2ldbm.c | 50 --
ldap/servers/slapd/back-ldbm/perfctrs.c | 2
ldap/servers/slapd/back-ldbm/proto-back-ldbm.h | 2
7 files changed, 556 insertions(+), 429 deletions(-)
New commits:
commit d17fa78abb8ce467046be8c1b353f26fe248039c
Author: Mark Reynolds <mareynol(a)redhat.com>
Date: Fri Jan 27 17:36:38 2012 -0500
Revert "Ticket #55 - Limit of 1024 characters for nsMatchingRule"
This reverts commit 39870fe59195d54dd9d654b1d46737968683f48f.
diff --git a/ldap/servers/slapd/back-ldbm/instance.c b/ldap/servers/slapd/back-ldbm/instance.c
index 8cf79a3..0217e96 100644
--- a/ldap/servers/slapd/back-ldbm/instance.c
+++ b/ldap/servers/slapd/back-ldbm/instance.c
@@ -44,7 +44,7 @@
/* Forward declarations */
static void ldbm_instance_destructor(void **arg);
-Slapi_Entry *ldbm_instance_init_config_entry(char *cn_val, char *v1, char *v2, char *v3);
+
/* Creates and initializes a new ldbm_instance structure.
@@ -148,59 +148,13 @@ done:
return rc;
}
-/*
- * Take a bunch of strings, and create a index config entry
- */
-Slapi_Entry *
-ldbm_instance_init_config_entry(char *cn_val, char *type_val1, char *type_val2, char *type_val3){
- Slapi_Entry *e = slapi_entry_alloc();
- Slapi_Value *sval;
- Slapi_Attr *indextype_attr;
- Slapi_Attr *cn_attr;
- Slapi_Attr *attrs = slapi_attr_new();;
-
- cn_attr = slapi_attr_new();
- slapi_attr_init(cn_attr, "cn");
- sval = slapi_value_new_string(cn_val);
- slapi_attr_add_value(cn_attr,sval);
- attrlist_add(attrs,cn_attr);
- slapi_value_free(&sval);
-
- indextype_attr = slapi_attr_new();
- slapi_attr_init(indextype_attr, "nsIndexType");
- sval = slapi_value_new_string(type_val1);
- slapi_attr_add_value(indextype_attr,sval);
- attrlist_add(&attrs,indextype_attr);
- slapi_value_free(&sval);
-
- if(type_val2){
- indextype_attr = slapi_attr_new();
- slapi_attr_init(indextype_attr, "nsIndexType");
- sval = slapi_value_new_string(type_val2);
- slapi_attr_add_value(indextype_attr,sval);
- attrlist_add(&attrs,indextype_attr);
- slapi_value_free(&sval);
- }
- if(type_val3){
- indextype_attr = slapi_attr_new();
- slapi_attr_init(indextype_attr, "nsIndexType");
- sval = slapi_value_new_string(type_val3);
- slapi_attr_add_value(indextype_attr,sval);
- attrlist_add(&attrs,indextype_attr);
- slapi_value_free(&sval);
- }
-
- slapi_entry_init_ext(e, NULL, attrs);
- return e;
-}
-
/* create the default indexes separately
* (because when we're creating a new backend while the server is running,
* the DSE needs to be pre-seeded first.)
*/
int ldbm_instance_create_default_indexes(backend *be)
{
- Slapi_Entry *e;
+ char *argv[ 9 ];
ldbm_instance *inst = (ldbm_instance *)be->be_instance_info;
/* write the dse file only on the final index */
int flags = LDBM_INSTANCE_CONFIG_DONT_WRITE;
@@ -212,64 +166,76 @@ int ldbm_instance_create_default_indexes(backend *be)
* ACL routines.
*/
if (entryrdn_get_switch()) { /* subtree-rename: on */
- e = ldbm_instance_init_config_entry(LDBM_ENTRYDN_STR,"subtree", 0, 0);
- ldbm_instance_config_add_index_entry(inst, e, flags);
- slapi_entry_free(e);
+ argv[ 0 ] = LDBM_ENTRYRDN_STR;
+ argv[ 1 ] = "subtree";
+ argv[ 2 ] = NULL;
+ ldbm_instance_config_add_index_entry(inst, 2, argv, flags);
} else {
- e = ldbm_instance_init_config_entry(LDBM_ENTRYDN_STR,"eq", 0, 0);
- ldbm_instance_config_add_index_entry(inst, e, flags);
- slapi_entry_free(e);
+ argv[ 0 ] = LDBM_ENTRYDN_STR;
+ argv[ 1 ] = "eq";
+ argv[ 2 ] = NULL;
+ ldbm_instance_config_add_index_entry(inst, 2, argv, flags);
}
- e = ldbm_instance_init_config_entry(LDBM_PARENTID_STR,"eq", 0, 0);
- ldbm_instance_config_add_index_entry(inst, e, flags);
- slapi_entry_free(e);
+ argv[ 0 ] = LDBM_PARENTID_STR;
+ argv[ 1 ] = "eq";
+ argv[ 2 ] = NULL;
+ ldbm_instance_config_add_index_entry(inst, 2, argv, flags);
- e = ldbm_instance_init_config_entry("objectclass","eq", 0, 0);
- ldbm_instance_config_add_index_entry(inst, e, flags);
- slapi_entry_free(e);
+ argv[ 0 ] = "objectclass";
+ argv[ 1 ] = "eq";
+ argv[ 2 ] = NULL;
+ ldbm_instance_config_add_index_entry(inst, 2, argv, flags);
- e = ldbm_instance_init_config_entry("aci","pres", 0, 0);
- ldbm_instance_config_add_index_entry(inst, e, flags);
- slapi_entry_free(e);
+ argv[ 0 ] = "aci";
+ argv[ 1 ] = "pres";
+ argv[ 2 ] = NULL;
+ ldbm_instance_config_add_index_entry(inst, 2, argv, flags);
#if 0 /* don't need copiedfrom */
- e = ldbm_instance_init_config_entry("copiedfrom","pres");
- ldbm_instance_config_add_index_entry(inst, e, flags);
- slapi_entry_free(e);
+ argv[ 0 ] = "copiedfrom";
+ argv[ 1 ] = "pres";
+ argv[ 2 ] = NULL;
+ ldbm_instance_config_add_index_entry(inst, 2, argv, flags);
#endif
- e = ldbm_instance_init_config_entry(LDBM_NUMSUBORDINATES_STR,"pres", 0, 0);
- ldbm_instance_config_add_index_entry(inst, e, flags);
- slapi_entry_free(e);
+ argv[ 0 ] = LDBM_NUMSUBORDINATES_STR;
+ argv[ 1 ] = "pres";
+ argv[ 2 ] = NULL;
+ ldbm_instance_config_add_index_entry(inst, 2, argv, flags);
- e = ldbm_instance_init_config_entry(SLAPI_ATTR_UNIQUEID,"eq", 0, 0);
- ldbm_instance_config_add_index_entry(inst, e, flags);
- slapi_entry_free(e);
+ argv[ 0 ] = SLAPI_ATTR_UNIQUEID;
+ argv[ 1 ] = "eq";
+ argv[ 2 ] = NULL;
+ ldbm_instance_config_add_index_entry(inst, 2, argv, flags);
/* For MMR, we need this attribute (to replace use of dncomp in delete). */
- e = ldbm_instance_init_config_entry(ATTR_NSDS5_REPLCONFLICT,"eq", "pres", 0);
- ldbm_instance_config_add_index_entry(inst, e, flags);
- slapi_entry_free(e);
+ argv[ 0 ] = ATTR_NSDS5_REPLCONFLICT;
+ argv[ 1 ] = "eq,pres";
+ argv[ 2 ] = NULL;
+ ldbm_instance_config_add_index_entry(inst, 2, argv, flags);
/* write the dse file only on the final index */
- e = ldbm_instance_init_config_entry(SLAPI_ATTR_NSCP_ENTRYDN,"eq", 0, 0);
- ldbm_instance_config_add_index_entry(inst, e, flags);
- slapi_entry_free(e);
-
+ argv[ 0 ] = SLAPI_ATTR_NSCP_ENTRYDN;
+ argv[ 1 ] = "eq";
+ argv[ 2 ] = NULL;
+ ldbm_instance_config_add_index_entry(inst, 2, argv, 0);
+
+ argv[ 0 ] = LDBM_PSEUDO_ATTR_DEFAULT;
+ argv[ 1 ] = "none";
+ argv[ 2 ] = NULL;
/* ldbm_instance_config_add_index_entry(inst, 2, argv); */
- e = ldbm_instance_init_config_entry(LDBM_PSEUDO_ATTR_DEFAULT,"none", 0, 0);
- attr_index_config( be, "ldbm index init", 0, e, 1, 0 );
- slapi_entry_free(e);
+ attr_index_config( be, "ldbm index init", 0, 2, argv, 1 );
if (!entryrdn_get_noancestorid()) {
/*
* ancestorid is special, there is actually no such attr type
* but we still want to use the attr index file APIs.
*/
- e = ldbm_instance_init_config_entry(LDBM_ANCESTORID_STR,"eq", 0, 0);
- attr_index_config( be, "ldbm index init", 0, e, 1, 0 );
- slapi_entry_free(e);
+ argv[ 0 ] = LDBM_ANCESTORID_STR;
+ argv[ 1 ] = "eq";
+ argv[ 2 ] = NULL;
+ attr_index_config( be, "ldbm index init", 0, 2, argv, 1 );
}
return 0;
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_attr.c b/ldap/servers/slapd/back-ldbm/ldbm_attr.c
index 4890d60..d09413f 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_attr.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_attr.c
@@ -171,65 +171,64 @@ attr_index_config(
backend *be,
char *fname,
int lineno,
- Slapi_Entry *e,
- int init,
- int indextype_none
+ int argc,
+ char **argv,
+ int init
)
{
ldbm_instance *inst = (ldbm_instance *) be->be_instance_info;
- int j = 0;
+ int i, j;
+ char **attrs = NULL;
+ char **indexes = NULL;
char **index_rules = NULL;
struct attrinfo *a;
int return_value = -1;
int *substrlens = NULL;
- int need_compare_fn = 0;
- int hasIndexType = 0;
- const char *attrsyntax_oid = NULL;
- const struct berval *attrValue;
- Slapi_Value *sval;
- Slapi_Attr *attr;
-
- /* Get the cn */
- if (0 == slapi_entry_attr_find(e, "cn", &attr)) {
- slapi_attr_first_value(attr, &sval);
- attrValue = slapi_value_get_berval(sval);
- } else {
+
+ if ((argc == 0) || (argv == NULL)) {
LDAPDebug(LDAP_DEBUG_ANY, "attr_index_config: Missing indexing arguments\n", 0, 0, 0);
- return;
+ goto done;
}
- a = attrinfo_new();
- slapi_attr_init(&a->ai_sattr, attrValue->bv_val);
- /*
- * we can't just set a->ai_type to the type from a->ai_sattr
- * if the type has attroptions or subtypes, ai_sattr.a_type will
- * contain them - but for the purposes of indexing, we don't want them
- */
- a->ai_type = slapi_attr_basetype( attrValue->bv_val, NULL, 0 );
- attrsyntax_oid = attr_get_syntax_oid(&a->ai_sattr);
- a->ai_indexmask = 0;
-
- if(indextype_none){
- /* This is the same has having none for indexType, but applies to the whole entry */
- a->ai_indexmask = INDEX_OFFLINE;
- } else {
- slapi_entry_attr_find(e, "nsIndexType", &attr);
- for (j = slapi_attr_first_value(attr, &sval); j != -1;j = slapi_attr_next_value(attr, j, &sval)) {
- hasIndexType = 1;
- attrValue = slapi_value_get_berval(sval);
- if ( strncasecmp( attrValue->bv_val, "pres", 4 ) == 0 ) {
+ attrs = slapi_str2charray( argv[0], "," );
+ if ( argc > 1 ) {
+ indexes = slapi_str2charray( argv[1], "," );
+ if ( argc > 2 ) {
+ index_rules = slapi_str2charray( argv[2], "," );
+ }
+ }
+
+ if (!indexes) {
+ LDAPDebug(LDAP_DEBUG_ANY, "attr_index_config: Missing index\n", 0, 0, 0);
+ goto done;
+ }
+
+ for ( i = 0; attrs[i] != NULL; i++ ) {
+ int need_compare_fn = 0;
+ const char *attrsyntax_oid = NULL;
+ a = attrinfo_new();
+ slapi_attr_init(&a->ai_sattr, attrs[i]);
+ /* we can't just set a->ai_type to the type from a->ai_sattr
+ if the type has attroptions or subtypes, ai_sattr.a_type will
+ contain them - but for the purposes of indexing, we don't want
+ them */
+ a->ai_type = slapi_attr_basetype( attrs[i], NULL, 0 );
+ attrsyntax_oid = attr_get_syntax_oid(&a->ai_sattr);
+ a->ai_indexmask = 0;
+ for ( j = 0; indexes[j] != NULL; j++ ) {
+ if ( strncasecmp( indexes[j], "pres", 4 ) == 0 ) {
a->ai_indexmask |= INDEX_PRESENCE;
- } else if ( strncasecmp( attrValue->bv_val, "eq", 2 ) == 0 ) {
+ } else if ( strncasecmp( indexes[j], "eq", 2 ) == 0 ) {
a->ai_indexmask |= INDEX_EQUALITY;
- } else if ( strncasecmp( attrValue->bv_val, "approx", 6 ) == 0 ) {
+ } else if ( strncasecmp( indexes[j], "approx", 6 ) == 0 ) {
a->ai_indexmask |= INDEX_APPROX;
- } else if ( strncasecmp( attrValue->bv_val, "subtree", 7 ) == 0 ) {
+ } else if ( strncasecmp( indexes[j], "subtree", 7 ) == 0 ) {
/* subtree should be located before "sub" */
a->ai_indexmask |= INDEX_SUBTREE;
a->ai_dup_cmp_fn = entryrdn_compare_dups;
- } else if ( strncasecmp( attrValue->bv_val, "sub", 3 ) == 0 ) {
+ } else if ( strncasecmp( indexes[j], "sub", 3 ) == 0 ) {
a->ai_indexmask |= INDEX_SUB;
- } else if ( strncasecmp( attrValue->bv_val, "none", 4 ) == 0 ) {
+ } else if ( strncasecmp( indexes[j], "none", 4 ) == 0 ) {
if ( a->ai_indexmask != 0 ) {
LDAPDebug(LDAP_DEBUG_ANY,
"%s: line %d: index type \"none\" cannot be combined with other types\n",
@@ -239,81 +238,77 @@ attr_index_config(
} else {
LDAPDebug(LDAP_DEBUG_ANY,
"%s: line %d: unknown index type \"%s\" (ignored)\n",
- fname, lineno, attrValue->bv_val);
+ fname, lineno, indexes[j]);
LDAPDebug(LDAP_DEBUG_ANY,
"valid index types are \"pres\", \"eq\", \"approx\", or \"sub\"\n",
0, 0, 0);
}
}
- if(hasIndexType == 0){
- /* indexType missing, error out */
- LDAPDebug(LDAP_DEBUG_ANY, "attr_index_config: Missing index type\n", 0, 0, 0);
- return;
- }
- }
- /* compute a->ai_index_rules: */
- /* for index rules there are two uses:
- * 1) a simple way to define an ordered index to support <= and >= searches
- * for those attributes which do not have an ORDERING matching rule defined
- * for them in their schema definition. The index generated is not a :RULE:
- * index, it is a normal = EQUALITY index, with the keys ordered using the
- * comparison function provided by the syntax plugin for the attribute. For
- * example - the uidNumber attribute has INTEGER syntax, but the standard
- * definition of the attribute does not specify an ORDERING matching rule.
- * By default, this means that you cannot perform searches like
- * (uidNumber>=501) - but many users expect to be able to perform this type of
- * search. By specifying that you want an ordered index, using an integer
- * matching rule, you can support indexed seaches of this type.
- * 2) a RULE index - the index key prefix is :NAMEOROID: - this is used
- * to support extensible match searches like (cn:fr-CA.3:=gilles), which would
- * find the index key :fr-CA.3:gilles in the cn index.
- * We check first to see if this is a simple ordered index - user specified an
- * ordering matching rule compatible with the attribute syntax, and there is
- * a compare function. If not, we assume it is a RULE index definition.
- */
-
- if(0 == slapi_entry_attr_find(e, "nsMatchingRule", &attr)){
- char** official_rules = (char**)slapi_ch_malloc ((j + 1) * sizeof (char*));
- size_t k = 0;
- for (j = slapi_attr_first_value(attr, &sval); j != -1;j = slapi_attr_next_value(attr, j, &sval)) {
- /* Check that index_rules[j] is an official OID */
- char* officialOID = NULL;
- IFP mrINDEX = NULL;
- Slapi_PBlock* pb = NULL;
- int do_continue = 0; /* can we skip the RULE parsing stuff? */
- attrValue = slapi_value_get_berval(sval);
-
- if (strstr(index_rules[j], INDEX_ATTR_SUBSTRBEGIN)) {
- _set_attr_substrlen(INDEX_SUBSTRBEGIN, attrValue->bv_val, &substrlens);
- do_continue = 1; /* done with j - next j */
- } else if (strstr(index_rules[j], INDEX_ATTR_SUBSTRMIDDLE)) {
- _set_attr_substrlen(INDEX_SUBSTRMIDDLE, attrValue->bv_val, &substrlens);
- do_continue = 1; /* done with j - next j */
- } else if (strstr(index_rules[j], INDEX_ATTR_SUBSTREND)) {
- _set_attr_substrlen(INDEX_SUBSTREND, attrValue->bv_val, &substrlens);
- do_continue = 1; /* done with j - next j */
- /* check if this is a simple ordering specification
- for an attribute that has no ordering matching rule */
- } else if (slapi_matchingrule_is_ordering(attrValue->bv_val, attrsyntax_oid) &&
- slapi_matchingrule_can_use_compare_fn(attrValue->bv_val) &&
- !a->ai_sattr.a_mr_ord_plugin) { /* no ordering for this attribute */
- need_compare_fn = 1; /* get compare func for this attr */
- do_continue = 1; /* done with j - next j */
- }
+ /* compute a->ai_index_rules: */
+ /* for index rules there are two uses:
+ * 1) a simple way to define an ordered index to support <= and >= searches
+ * for those attributes which do not have an ORDERING matching rule defined
+ * for them in their schema definition. The index generated is not a :RULE:
+ * index, it is a normal = EQUALITY index, with the keys ordered using the
+ * comparison function provided by the syntax plugin for the attribute. For
+ * example - the uidNumber attribute has INTEGER syntax, but the standard
+ * definition of the attribute does not specify an ORDERING matching rule.
+ * By default, this means that you cannot perform searches like
+ * (uidNumber>=501) - but many users expect to be able to perform this type of
+ * search. By specifying that you want an ordered index, using an integer
+ * matching rule, you can support indexed seaches of this type.
+ * 2) a RULE index - the index key prefix is :NAMEOROID: - this is used
+ * to support extensible match searches like (cn:fr-CA.3:=gilles), which would
+ * find the index key :fr-CA.3:gilles in the cn index.
+ * We check first to see if this is a simple ordered index - user specified an
+ * ordering matching rule compatible with the attribute syntax, and there is
+ * a compare function. If not, we assume it is a RULE index definition.
+ */
+ j = 0;
+ if (index_rules != NULL) for (; index_rules[j] != NULL; ++j);
+ if (j > 0) { /* there are some candidates */
+ char** official_rules =
+ (char**)slapi_ch_malloc ((j + 1) * sizeof (char*));
+ size_t k = 0;
+ for (j = 0; index_rules[j] != NULL; ++j) {
+ /* Check that index_rules[j] is an official OID */
+ char* officialOID = NULL;
+ IFP mrINDEX = NULL;
+ Slapi_PBlock* pb = NULL;
+ int do_continue = 0; /* can we skip the RULE parsing stuff? */
+
+ if (strstr(index_rules[j], INDEX_ATTR_SUBSTRBEGIN)) {
+ _set_attr_substrlen(INDEX_SUBSTRBEGIN, index_rules[j],
+ &substrlens);
+ do_continue = 1; /* done with j - next j */
+ } else if (strstr(index_rules[j], INDEX_ATTR_SUBSTRMIDDLE)) {
+ _set_attr_substrlen(INDEX_SUBSTRMIDDLE, index_rules[j],
+ &substrlens);
+ do_continue = 1; /* done with j - next j */
+ } else if (strstr(index_rules[j], INDEX_ATTR_SUBSTREND)) {
+ _set_attr_substrlen(INDEX_SUBSTREND, index_rules[j],
+ &substrlens);
+ do_continue = 1; /* done with j - next j */
+ /* check if this is a simple ordering specification
+ for an attribute that has no ordering matching rule */
+ } else if (slapi_matchingrule_is_ordering(index_rules[j], attrsyntax_oid) &&
+ slapi_matchingrule_can_use_compare_fn(index_rules[j]) &&
+ !a->ai_sattr.a_mr_ord_plugin) { /* no ordering for this attribute */
+ need_compare_fn = 1; /* get compare func for this attr */
+ do_continue = 1; /* done with j - next j */
+ }
- if (do_continue) {
- continue; /* done with index_rules[j] */
- }
+ if (do_continue) {
+ continue; /* done with index_rules[j] */
+ }
- /* must be a RULE specification */
- pb = slapi_pblock_new();
- /*
- * next check if this is a RULE type index
- * try to actually create an indexer and see if the indexer
- * actually has a regular INDEX_FN or an INDEX_SV_FN
- */
- if (!slapi_pblock_set (pb, SLAPI_PLUGIN_MR_OID, attrValue->bv_val) &&
+ /* must be a RULE specification */
+ pb = slapi_pblock_new();
+ /* next check if this is a RULE type index
+ try to actually create an indexer and see if the indexer
+ actually has a regular INDEX_FN or an INDEX_SV_FN */
+ if (!slapi_pblock_set (pb, SLAPI_PLUGIN_MR_OID, index_rules[j]) &&
!slapi_pblock_set (pb, SLAPI_PLUGIN_MR_TYPE, a->ai_type) &&
!slapi_mr_indexer_create (pb) &&
((!slapi_pblock_get (pb, SLAPI_PLUGIN_MR_INDEX_FN, &mrINDEX) &&
@@ -322,70 +317,76 @@ attr_index_config(
mrINDEX != NULL)) &&
!slapi_pblock_get (pb, SLAPI_PLUGIN_MR_OID, &officialOID) &&
officialOID != NULL) {
- if (!strcasecmp (index_rules[j], officialOID)) {
- official_rules[k++] = slapi_ch_strdup (officialOID);
- } else {
- char* preamble = slapi_ch_smprintf("%s: line %d", fname, lineno);
- LDAPDebug (LDAP_DEBUG_ANY, "%s: use \"%s\" instead of \"%s\" (ignored)\n",
- preamble, officialOID, attrValue->bv_val);
- slapi_ch_free((void**)&preamble);
- }
- } else { /* we don't know what this is */
- LDAPDebug (LDAP_DEBUG_ANY, "%s: line %d: "
+ if (!strcasecmp (index_rules[j], officialOID)) {
+ official_rules[k++] = slapi_ch_strdup (officialOID);
+ } else {
+ char* preamble = slapi_ch_smprintf("%s: line %d", fname, lineno);
+ LDAPDebug (LDAP_DEBUG_ANY, "%s: use \"%s\" instead of \"%s\" (ignored)\n",
+ preamble, officialOID, index_rules[j] );
+ slapi_ch_free((void**)&preamble);
+ }
+ } else { /* we don't know what this is */
+ LDAPDebug (LDAP_DEBUG_ANY, "%s: line %d: "
"unknown or invalid matching rule \"%s\" in index configuration (ignored)\n",
- fname, lineno, attrValue->bv_val);
- }
-
- { /*
- * It would improve speed to save the indexer, for future use.
- * But, for simplicity, we destroy it now:
- */
- IFP mrDESTROY = NULL;
- if (!slapi_pblock_get (pb, SLAPI_PLUGIN_DESTROY_FN, &mrDESTROY) &&
- mrDESTROY != NULL) {
- mrDESTROY (pb);
+ fname, lineno, index_rules[j] );
+ }
+ {/* It would improve speed to save the indexer, for future use.
+ But, for simplicity, we destroy it now: */
+ IFP mrDESTROY = NULL;
+ if (!slapi_pblock_get (pb, SLAPI_PLUGIN_DESTROY_FN, &mrDESTROY) &&
+ mrDESTROY != NULL) {
+ mrDESTROY (pb);
+ }
}
+ slapi_pblock_destroy (pb);
+ }
+ official_rules[k] = NULL;
+ a->ai_substr_lens = substrlens;
+ if (k > 0) {
+ a->ai_index_rules = official_rules;
+ a->ai_indexmask |= INDEX_RULES;
+ } else {
+ slapi_ch_free((void**)&official_rules);
}
- slapi_pblock_destroy (pb);
- }
- official_rules[k] = NULL;
- a->ai_substr_lens = substrlens;
- if (k > 0) {
- a->ai_index_rules = official_rules;
- a->ai_indexmask |= INDEX_RULES;
- } else {
- slapi_ch_free((void**)&official_rules);
}
- }
- /* initialize the IDL code's private data */
- return_value = idl_init_private(be, a);
- if (0 != return_value) {
- /* fatal error, exit */
- LDAPDebug(LDAP_DEBUG_ANY,"%s: line %d:Fatal Error: Failed to initialize attribute structure\n",
+ /* initialize the IDL code's private data */
+ return_value = idl_init_private(be, a);
+ if (0 != return_value) {
+ /* fatal error, exit */
+ LDAPDebug(LDAP_DEBUG_ANY,"%s: line %d:Fatal Error: Failed to initialize attribute structure\n",
fname, lineno, 0);
- exit( 1 );
- }
+ exit( 1 );
+ }
- /* if user didn't specify an ordering rule in the index config,
- see if the schema def for the attr defines one */
- if (!need_compare_fn && a->ai_sattr.a_mr_ord_plugin) {
- need_compare_fn = 1;
- }
+ /* if user didn't specify an ordering rule in the index config,
+ see if the schema def for the attr defines one */
+ if (!need_compare_fn && a->ai_sattr.a_mr_ord_plugin) {
+ need_compare_fn = 1;
+ }
- if (need_compare_fn) {
- int rc = attr_get_value_cmp_fn( &a->ai_sattr, &a->ai_key_cmp_fn );
- if (rc != LDAP_SUCCESS) {
- LDAPDebug(LDAP_DEBUG_ANY,
+ if (need_compare_fn) {
+ int rc = attr_get_value_cmp_fn( &a->ai_sattr, &a->ai_key_cmp_fn );
+ if (rc != LDAP_SUCCESS) {
+ LDAPDebug(LDAP_DEBUG_ANY,
"The attribute [%s] does not have a valid ORDERING matching rule - error %d:s\n",
a->ai_type, rc, ldap_err2string(rc));
- a->ai_key_cmp_fn = NULL;
+ a->ai_key_cmp_fn = NULL;
+ }
}
- }
- if ( avl_insert( &inst->inst_attrs, a, ainfo_cmp, ainfo_dup ) != 0 ) {
- /* duplicate - existing version updated */
- attrinfo_delete(&a);
+ if ( avl_insert( &inst->inst_attrs, a, ainfo_cmp, ainfo_dup ) != 0 ) {
+ /* duplicate - existing version updated */
+ attrinfo_delete(&a);
+ }
+ }
+done:
+ charray_free( attrs );
+ if ( indexes != NULL ) {
+ charray_free( indexes );
+ }
+ if ( index_rules != NULL ) {
+ charray_free( index_rules );
}
}
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_config.h b/ldap/servers/slapd/back-ldbm/ldbm_config.h
index 36b8f60..e41b623 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_config.h
+++ b/ldap/servers/slapd/back-ldbm/ldbm_config.h
@@ -170,7 +170,8 @@ int ldbm_config_ignored_attr(char *attr_name);
/* Functions in ldbm_instance_config.c used in ldbm_config.c */
int ldbm_instance_config_load_dse_info(ldbm_instance *inst);
-int ldbm_instance_config_add_index_entry(ldbm_instance *inst, Slapi_Entry *e, int flags);
+int ldbm_instance_config_add_index_entry(ldbm_instance *inst, int argc,
+ char **argv, int flags);
int
ldbm_instance_index_config_enable_index(ldbm_instance *inst, Slapi_Entry* e);
int ldbm_instance_create_default_user_indexes(ldbm_instance *inst);
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_index_config.c b/ldap/servers/slapd/back-ldbm/ldbm_index_config.c
index 3786a44..aa47584 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_index_config.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_index_config.c
@@ -51,7 +51,7 @@
int ldbm_instance_index_config_add_callback(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e, int *returncode, char *returntext, void *arg);
int ldbm_instance_index_config_delete_callback(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e, int *returncode, char *returntext, void *arg);
-#define INDEXTYPE_NONE 1
+
@@ -104,28 +104,50 @@ static char *attrinfo2ConfIndexes (struct attrinfo *pai)
}
-/*
- * attrinfo2ConfMatchingRules: returns an array of matching rules
+/* attrinfo2ConfMatchingRules: converts attrinfo into matching rule oids, as
+ * seen in index entries within dse.ldif
*/
-static char **attrinfo2ConfMatchingRules (struct attrinfo *pai)
+static char *attrinfo2ConfMatchingRules (struct attrinfo *pai)
{
int i;
- char **value = NULL;
+ char buffer[1024];
+
+ buffer[0] = '\0';
if (pai->ai_index_rules) {
- for (i = 0; pai->ai_index_rules[i]; i++) {
- charray_add(&value,slapi_ch_strdup(pai->ai_index_rules[i]));
- }
+ strcat (buffer, "\t");
+ for (i = 0; pai->ai_index_rules[i]; i++) {
+ PL_strcatn (buffer, sizeof(buffer), pai->ai_index_rules[i]);
+ if (pai->ai_index_rules[i+1]) {
+ PL_strcatn (buffer, sizeof(buffer), ",");
+ }
+ }
}
- return (value);
+ return (slapi_ch_strdup (buffer) );
}
+
+/* used by the two callbacks below, to parse an index entry into something
+ * awkward that we can pass to attr_index_config().
+ */
+#define MAX_TMPBUF 1024
+#define ZCAT_SAFE(_buf, _x1, _x2) do { \
+ if (strlen(_buf) + strlen(_x1) + strlen(_x2) + 2 < MAX_TMPBUF) { \
+ strcat(_buf, _x1); \
+ strcat(_buf, _x2); \
+ } \
+} while (0)
static int ldbm_index_parse_entry(ldbm_instance *inst, Slapi_Entry *e,
- const char *trace_string, char **index_name)
+ const char *trace_string,
+ char **index_name)
{
+ char *arglist[] = { NULL, NULL, NULL, NULL };
+ int argc = 0, i;
+ int isFirst;
Slapi_Attr *attr;
const struct berval *attrValue;
Slapi_Value *sval;
+ char tmpBuf[MAX_TMPBUF];
/* Get the name of the attribute to index which will be the value
* of the cn attribute. */
@@ -143,28 +165,121 @@ static int ldbm_index_parse_entry(ldbm_instance *inst, Slapi_Entry *e,
slapi_entry_get_dn(e), 0, 0);
return LDAP_OPERATIONS_ERROR;
}
-
- if(index_name != NULL){
- *index_name = slapi_ch_strdup(attrValue->bv_val);
+ arglist[argc++] = slapi_ch_strdup(attrValue->bv_val);
+ if (index_name != NULL) {
+ *index_name = slapi_ch_strdup(attrValue->bv_val);
}
- /* check and see if we have the required indexType */
+ /* Get the list of index types from the entry. */
if (0 == slapi_entry_attr_find(e, "nsIndexType", &attr)) {
- slapi_attr_first_value(attr, &sval);
- attrValue = slapi_value_get_berval(sval);
- if (NULL == attrValue->bv_val || strlen(attrValue->bv_val) == 0) {
- /* missing the index type, error out */
+ tmpBuf[0] = 0;
+ isFirst = 1;
+ for (i = slapi_attr_first_value(attr, &sval); i != -1;
+ i = slapi_attr_next_value(attr, i, &sval)) {
+ attrValue = slapi_value_get_berval(sval);
+ if (NULL != attrValue->bv_val && strlen(attrValue->bv_val) > 0) {
+ if (isFirst) {
+ ZCAT_SAFE(tmpBuf, "", attrValue->bv_val);
+ isFirst = 0;
+ } else {
+ ZCAT_SAFE(tmpBuf, ",", attrValue->bv_val);
+ }
+ }
+ }
+ if (0 == tmpBuf[0]) {
LDAPDebug(LDAP_DEBUG_ANY,
"Warning: malformed index entry %s -- empty nsIndexType\n",
slapi_entry_get_dn(e), 0, 0);
slapi_ch_free_string(index_name);
+ for (i = 0; i < argc; i++) {
+ slapi_ch_free((void **)&arglist[i]);
+ }
return LDAP_OPERATIONS_ERROR;
}
+ arglist[argc++] = slapi_ch_strdup(tmpBuf);
+ }
+
+ tmpBuf[0] = 0;
+ /* Get the list of matching rules from the entry. */
+ if (0 == slapi_entry_attr_find(e, "nsMatchingRule", &attr)) {
+ for (i = slapi_attr_first_value(attr, &sval); i != -1;
+ i = slapi_attr_next_value(attr, i, &sval)) {
+ attrValue = slapi_value_get_berval(sval);
+ if (NULL != attrValue->bv_val && strlen(attrValue->bv_val) > 0) {
+ if (0 == tmpBuf[0]) {
+ ZCAT_SAFE(tmpBuf, "", attrValue->bv_val);
+ } else {
+ ZCAT_SAFE(tmpBuf, ",", attrValue->bv_val);
+ }
+ }
+ }
}
- /* ok the entry is good to process, pass it to attr_index_config */
- attr_index_config(inst->inst_be, (char *)trace_string, 0, e, 0, 0);
+ /* Get the substr begin length. note: pick the first value. */
+ if (0 == slapi_entry_attr_find(e, INDEX_ATTR_SUBSTRBEGIN, &attr)) {
+ i = slapi_attr_first_value(attr, &sval);
+ if (-1 != i) {
+ attrValue = slapi_value_get_berval(sval);
+ if (NULL != attrValue->bv_val && strlen(attrValue->bv_val) > 0) {
+ if (0 == tmpBuf[0]) {
+ PR_snprintf(tmpBuf, MAX_TMPBUF, "%s=%s",
+ INDEX_ATTR_SUBSTRBEGIN, attrValue->bv_val);
+ } else {
+ int tmpbuflen = strlen(tmpBuf);
+ char *p = tmpBuf + tmpbuflen;
+ PR_snprintf(p, MAX_TMPBUF - tmpbuflen, ",%s=%s",
+ INDEX_ATTR_SUBSTRBEGIN, attrValue->bv_val);
+ }
+ }
+ }
+ }
+ /* Get the substr middle length. note: pick the first value. */
+ if (0 == slapi_entry_attr_find(e, INDEX_ATTR_SUBSTRMIDDLE, &attr)) {
+ i = slapi_attr_first_value(attr, &sval);
+ if (-1 != i) {
+ attrValue = slapi_value_get_berval(sval);
+ if (NULL != attrValue->bv_val && strlen(attrValue->bv_val) > 0) {
+ if (0 == tmpBuf[0]) {
+ PR_snprintf(tmpBuf, MAX_TMPBUF, "%s=%s",
+ INDEX_ATTR_SUBSTRMIDDLE, attrValue->bv_val);
+ } else {
+ int tmpbuflen = strlen(tmpBuf);
+ char *p = tmpBuf + tmpbuflen;
+ PR_snprintf(p, MAX_TMPBUF - tmpbuflen, ",%s=%s",
+ INDEX_ATTR_SUBSTRMIDDLE, attrValue->bv_val);
+ }
+ }
+ }
+ }
+
+ /* Get the substr end length. note: pick the first value. */
+ if (0 == slapi_entry_attr_find(e, INDEX_ATTR_SUBSTREND, &attr)) {
+ i = slapi_attr_first_value(attr, &sval);
+ if (-1 != i) {
+ attrValue = slapi_value_get_berval(sval);
+ if (NULL != attrValue->bv_val && strlen(attrValue->bv_val) > 0) {
+ if (0 == tmpBuf[0]) {
+ PR_snprintf(tmpBuf, MAX_TMPBUF, "%s=%s",
+ INDEX_ATTR_SUBSTREND, attrValue->bv_val);
+ } else {
+ int tmpbuflen = strlen(tmpBuf);
+ char *p = tmpBuf + tmpbuflen;
+ PR_snprintf(p, MAX_TMPBUF - tmpbuflen, ",%s=%s",
+ INDEX_ATTR_SUBSTREND, attrValue->bv_val);
+ }
+ }
+ }
+ }
+ if (0 != tmpBuf[0]) {
+ arglist[argc++] = slapi_ch_strdup(tmpBuf);
+ }
+
+ arglist[argc] = NULL;
+ attr_index_config(inst->inst_be, (char *)trace_string, 0, argc, arglist, 0);
+ for (i = 0; i < argc; i++) {
+ slapi_ch_free((void **)&arglist[i]);
+ }
return LDAP_SUCCESS;
}
@@ -179,7 +294,8 @@ ldbm_index_init_entry_callback(Slapi_PBlock *pb, Slapi_Entry* e, Slapi_Entry* en
ldbm_instance *inst = (ldbm_instance *) arg;
returntext[0] = '\0';
- *returncode = ldbm_index_parse_entry(inst, e, "from ldbm instance init", NULL);
+ *returncode = ldbm_index_parse_entry(inst, e, "from ldbm instance init",
+ NULL);
if (*returncode == LDAP_SUCCESS) {
return SLAPI_DSE_CALLBACK_OK;
} else {
@@ -202,15 +318,16 @@ ldbm_instance_index_config_add_callback(Slapi_PBlock *pb, Slapi_Entry* e, Slapi_
*returncode = ldbm_index_parse_entry(inst, e, "from DSE add", &index_name);
if (*returncode == LDAP_SUCCESS) {
struct attrinfo *ai = NULL;
+
/* if the index is a "system" index, we assume it's being added by
* by the server, and it's okay for the index to go online immediately.
* if not, we set the index "offline" so it won't actually be used
* until someone runs db2index on it.
*/
if (! ldbm_attribute_always_indexed(index_name)) {
- ainfo_get(inst->inst_be, index_name, &ai);
- PR_ASSERT(ai != NULL);
- ai->ai_indexmask |= INDEX_OFFLINE;
+ ainfo_get(inst->inst_be, index_name, &ai);
+ PR_ASSERT(ai != NULL);
+ ai->ai_indexmask |= INDEX_OFFLINE;
}
slapi_ch_free((void **)&index_name);
return SLAPI_DSE_CALLBACK_OK;
@@ -226,9 +343,11 @@ int
ldbm_instance_index_config_delete_callback(Slapi_PBlock *pb, Slapi_Entry* e, Slapi_Entry* entryAfter, int *returncode, char *returntext, void *arg)
{
ldbm_instance *inst = (ldbm_instance *) arg;
+ char *arglist[4];
Slapi_Attr *attr;
Slapi_Value *sval;
const struct berval *attrValue;
+ int argc = 0;
int rc = SLAPI_DSE_CALLBACK_OK;
struct attrinfo *ainfo = NULL;
@@ -239,7 +358,12 @@ ldbm_instance_index_config_delete_callback(Slapi_PBlock *pb, Slapi_Entry* e, Sla
slapi_attr_first_value(attr, &sval);
attrValue = slapi_value_get_berval(sval);
- attr_index_config(inst->inst_be, "From DSE delete", 0, e, 0, INDEXTYPE_NONE);
+ arglist[argc++] = slapi_ch_strdup(attrValue->bv_val);
+ arglist[argc++] = slapi_ch_strdup("none");
+ arglist[argc] = NULL;
+ attr_index_config(inst->inst_be, "From DSE delete", 0, argc, arglist, 0);
+ slapi_ch_free((void **)&arglist[0]);
+ slapi_ch_free((void **)&arglist[1]);
ainfo_get(inst->inst_be, attrValue->bv_val, &ainfo);
@@ -266,18 +390,15 @@ ldbm_instance_index_config_modify_callback(Slapi_PBlock *pb, Slapi_Entry *e,
Slapi_Entry *entryAfter, int *returncode, char *returntext, void *arg)
{
ldbm_instance *inst = (ldbm_instance *)arg;
- Slapi_Entry *modEntry;
- Slapi_Attr *modAttr = NULL;
- Slapi_Attr *indexTypeAttr;
- Slapi_Attr *matchingRuleAttr;
Slapi_Attr *attr;
- Slapi_Value *modValue;
Slapi_Value *sval;
const struct berval *attrValue;
struct attrinfo *ainfo = NULL;
LDAPMod **mods;
+ char *arglist[4] = {0};
char *config_attr;
char *origIndexTypes = NULL;
+ char *origMatchingRules = NULL;
char **origIndexTypesArray = NULL;
char **origMatchingRulesArray = NULL;
char **addIndexTypesArray = NULL;
@@ -286,6 +407,7 @@ ldbm_instance_index_config_modify_callback(Slapi_PBlock *pb, Slapi_Entry *e,
char **deleteMatchingRulesArray = NULL;
int i, j;
int dodeletes = 0;
+ char tmpBuf[MAX_TMPBUF];
int rc = SLAPI_DSE_CALLBACK_OK;
returntext[0] = '\0';
@@ -308,13 +430,23 @@ ldbm_instance_index_config_modify_callback(Slapi_PBlock *pb, Slapi_Entry *e,
goto out;
}
+ origMatchingRules = attrinfo2ConfMatchingRules(ainfo);
+ if (NULL == origMatchingRules) {
+ rc = SLAPI_DSE_CALLBACK_ERROR;
+ goto out;
+ }
+
origIndexTypesArray = slapi_str2charray(origIndexTypes, ",");
if (NULL == origIndexTypesArray) {
rc = SLAPI_DSE_CALLBACK_ERROR;
goto out;
}
- origMatchingRulesArray = attrinfo2ConfMatchingRules(ainfo);
+ origMatchingRulesArray = slapi_str2charray(origMatchingRules, ",");
+ if (NULL == origMatchingRulesArray) {
+ rc = SLAPI_DSE_CALLBACK_ERROR;
+ goto out;
+ }
for (i = 0; mods[i] != NULL; i++) {
config_attr = (char *)mods[i]->mod_type;
@@ -424,53 +556,48 @@ ldbm_instance_index_config_modify_callback(Slapi_PBlock *pb, Slapi_Entry *e,
}
if (dodeletes) {
- attr_index_config(inst->inst_be, "from DSE modify", 0, e, 0, INDEXTYPE_NONE);
- }
+ i = 0;
+ arglist[i++] = slapi_ch_strdup(attrValue->bv_val);
+ arglist[i++] = slapi_ch_strdup("none");
+ arglist[i] = NULL;
+ attr_index_config(inst->inst_be, "from DSE modify", 0, i, arglist, 0);
- /* create a new entry with the correct attr values */
- modEntry = slapi_entry_alloc();
+ /* Free args */
+ slapi_ch_free((void **)&arglist[0]);
+ slapi_ch_free((void **)&arglist[1]);
+ }
- /* index types */
+ i = 0;
+ arglist[i++] = slapi_ch_strdup(attrValue->bv_val);
if (origIndexTypesArray && origIndexTypesArray[0]) {
- indexTypeAttr = slapi_attr_new();
- slapi_attr_init(indexTypeAttr, "nsIndexType");
- for (j = 0; origIndexTypesArray[j] != NULL; j++) {
- /* add attr value */
- modValue = slapi_value_new_string(origIndexTypesArray[j]);
- slapi_attr_add_value(indexTypeAttr,modValue);
- slapi_value_free(&modValue);
- }
+ tmpBuf[0] = 0;
+ ZCAT_SAFE(tmpBuf, "", origIndexTypesArray[0]);
+ for (j = 1; origIndexTypesArray[j] != NULL; j++) {
+ ZCAT_SAFE(tmpBuf, ",", origIndexTypesArray[j]);
+ }
+ arglist[i++] = slapi_ch_strdup(tmpBuf);
} else {
- indexTypeAttr = slapi_attr_new();
- slapi_attr_init(indexTypeAttr, "nsIndexType");
- modValue = slapi_value_new_string("none");
- slapi_attr_add_value(indexTypeAttr,modValue);
- slapi_value_free(&modValue);
+ arglist[i++] = slapi_ch_strdup("none");
}
- /* add indexType attribute values */
- attrlist_add(&modAttr,indexTypeAttr);
-
- /* matching rules */
if (origMatchingRulesArray && origMatchingRulesArray[0]) {
- matchingRuleAttr = slapi_attr_new();
- slapi_attr_init(matchingRuleAttr, "nsMatchingRule");
- for (j = 0; origMatchingRulesArray[j] != NULL; j++) {
- /* add attr value */
- modValue = slapi_value_new_string(origMatchingRulesArray[j]);
- slapi_attr_add_value(matchingRuleAttr,modValue);
- slapi_value_free(&modValue);
+ tmpBuf[0] = 0;
+ ZCAT_SAFE(tmpBuf, "", origMatchingRulesArray[0]);
+ for (j = 1; origMatchingRulesArray[j] != NULL; j++) {
+ ZCAT_SAFE(tmpBuf, ",", origMatchingRulesArray[j]);
}
-
- /* add the matchingRule attribute values */
- attrlist_add(&modAttr,matchingRuleAttr);
+ arglist[i++] = slapi_ch_strdup(tmpBuf);
}
- slapi_entry_init_ext(modEntry, NULL, modAttr);
- attr_index_config(inst->inst_be, "from DSE modify", 0, modEntry, 0, 0);
- slapi_entry_free(modEntry);
+ arglist[i] = NULL;
+ attr_index_config(inst->inst_be, "from DSE modify", 0, i, arglist, 0);
out:
+ /* Free args */
+ for (i=0; arglist[i]; i++) {
+ slapi_ch_free((void **)&arglist[i]);
+ }
+
if(origIndexTypesArray) {
charray_free(origIndexTypesArray);
}
@@ -492,6 +619,9 @@ out:
if (origIndexTypes) {
slapi_ch_free ((void **)&origIndexTypes);
}
+ if (origMatchingRules) {
+ slapi_ch_free ((void **)&origMatchingRules);
+ }
return rc;
}
@@ -499,92 +629,90 @@ out:
/* add index entries to the per-instance DSE (used only from instance.c) */
int ldbm_instance_config_add_index_entry(
ldbm_instance *inst,
- Slapi_Entry *e,
+ int argc,
+ char **argv,
int flags
)
{
+ char **attrs = NULL;
+ char **indexes = NULL;
+ char **matchingRules = NULL;
char *eBuf;
+ int i = 0;
int j = 0;
char *basetype = NULL;
+ char tmpAttrsStr[256];
+ char tmpIndexesStr[256];
+ char tmpMatchingRulesStr[1024];
struct ldbminfo *li = inst->inst_li;
char *dn = NULL;
- Slapi_Attr *attr;
- const struct berval *attrValue;
- Slapi_Value *sval;
int rc = 0;
- /* get the cn value */
- if (slapi_entry_attr_find(e, "cn", &attr) != 0) {
- LDAPDebug(LDAP_DEBUG_ANY, "Warning: malformed index entry %s\n",
- slapi_entry_get_dn(e), 0, 0);
- return -1;
+ if ((argc < 2) || (NULL == argv) || (NULL == argv[0]) ||
+ (NULL == argv[1])) {
+ return(-1);
}
- slapi_attr_first_value(attr, &sval);
- attrValue = slapi_value_get_berval(sval);
- if (NULL == attrValue->bv_val || 0 == strlen(attrValue->bv_val)) {
- LDAPDebug(LDAP_DEBUG_ANY,
- "Warning: malformed index entry %s -- empty index name\n",
- slapi_entry_get_dn(e), 0, 0);
- return -1;
+ PL_strncpyz(tmpAttrsStr,argv[0], sizeof(tmpAttrsStr));
+ attrs = slapi_str2charray( tmpAttrsStr, "," );
+ PL_strncpyz(tmpIndexesStr,argv[1], sizeof(tmpIndexesStr));
+ indexes = slapi_str2charray( tmpIndexesStr, ",");
+
+ if(argc > 2) {
+ PL_strncpyz(tmpMatchingRulesStr,argv[2], sizeof(tmpMatchingRulesStr));
+ matchingRules = slapi_str2charray( tmpMatchingRulesStr, ",");
}
- basetype = slapi_attr_basetype(attrValue->bv_val, NULL, 0);
- dn = slapi_create_dn_string("cn=%s,cn=index,cn=%s,cn=%s,cn=plugins,cn=config",
+ for(i=0; attrs && attrs[i] !=NULL; i++)
+ {
+ if('\0' == attrs[i][0]) continue;
+ basetype = slapi_attr_basetype(attrs[i], NULL, 0);
+ dn = slapi_create_dn_string("cn=%s,cn=index,cn=%s,cn=%s,cn=plugins,cn=config",
basetype, inst->inst_name, li->li_plugin->plg_name);
- if (NULL == dn) {
- LDAPDebug(LDAP_DEBUG_ANY,
- "ldbm_instance_config_add_index_entry: "
- "failed create index dn with type %s for plugin %s, "
- "instance %s\n",
- basetype, inst->inst_li->li_plugin->plg_name,
- inst->inst_name);
- slapi_ch_free((void**)&basetype);
- return -1;
- }
-
- eBuf = PR_smprintf(
- "dn: %s\n"
- "objectclass: top\n"
- "objectclass: nsIndex\n"
- "cn: %s\n"
- "nsSystemIndex: %s\n",
+ if (NULL == dn) {
+ LDAPDebug(LDAP_DEBUG_ANY,
+ "ldbm_instance_config_add_index_entry: "
+ "failed create index dn with type %s for plugin %s, "
+ "instance %s\n",
+ basetype, inst->inst_li->li_plugin->plg_name,
+ inst->inst_name);
+ slapi_ch_free((void**)&basetype);
+ rc = -1;
+ goto done;
+ }
+ eBuf = PR_smprintf(
+ "dn: %s\n"
+ "objectclass: top\n"
+ "objectclass: nsIndex\n"
+ "cn: %s\n"
+ "nsSystemIndex: %s\n",
dn, basetype,
(ldbm_attribute_always_indexed(basetype)?"true":"false"));
- slapi_ch_free_string(&dn);
-
- /* get nsIndexType and its values, and add them */
- if( 0 == slapi_entry_attr_find(e, "nsIndexType", &attr)){
- for (j = slapi_attr_first_value(attr, &sval); j != -1;j = slapi_attr_next_value(attr, j, &sval)) {
- attrValue = slapi_value_get_berval(sval);
- eBuf = PR_sprintf_append(eBuf, "nsIndexType: %s\n", attrValue->bv_val);
- }
- } else {
- LDAPDebug(LDAP_DEBUG_ANY,
- "ldbm_instance_config_add_index_entry: "
- "failed create index dn with type %s for plugin %s, "
- "instance %s. Missing nsIndexType\n",
- basetype, inst->inst_li->li_plugin->plg_name,
- inst->inst_name);
- slapi_ch_free((void**)&basetype);
- return -1;
- }
+ slapi_ch_free_string(&dn);
+ for(j=0; indexes && indexes[j] != NULL; j++)
+ {
+ eBuf = PR_sprintf_append(eBuf, "nsIndexType:%s\n", indexes[j]);
+ }
+ if((argc>2)&&(argv[2]))
+ {
+ for(j=0; matchingRules && matchingRules[j] != NULL; j++)
+ {
+ eBuf = PR_sprintf_append(eBuf, "nsMatchingRule:%s\n", matchingRules[j]);
+ }
+ }
- /* get nsMatchingRule and its values, and add them */
- if(0 == slapi_entry_attr_find(e, "nsMatchingRule", &attr)) {
- for (j = slapi_attr_first_value(attr, &sval); j != -1;j = slapi_attr_next_value(attr, j, &sval)) {
- attrValue = slapi_value_get_berval(sval);
- eBuf = PR_sprintf_append(eBuf, "nsMatchingRule: %s\n", attrValue->bv_val);
- }
- }
-
- ldbm_config_add_dse_entry(li, eBuf, flags);
- if (eBuf) {
- PR_smprintf_free(eBuf);
- }
+ ldbm_config_add_dse_entry(li, eBuf, flags);
+ if (eBuf) {
+ PR_smprintf_free(eBuf);
+ }
- slapi_ch_free((void**)&basetype);
+ slapi_ch_free((void**)&basetype);
+ }
+done:
+ charray_free(attrs);
+ charray_free(indexes);
+ charray_free(matchingRules);
return rc;
}
@@ -596,9 +724,10 @@ ldbm_instance_index_config_enable_index(ldbm_instance *inst, Slapi_Entry* e)
rc=ldbm_index_parse_entry(inst, e, "from DSE add", &index_name);
if (rc == LDAP_SUCCESS) {
- /* Assume the caller knows if it is OK to go online immediately */
struct attrinfo *ai = NULL;
+ /* Assume the caller knows if it is OK to go online immediatly */
+
ainfo_get(inst->inst_be, index_name, &ai);
PR_ASSERT(ai != NULL);
ai->ai_indexmask &= ~INDEX_OFFLINE;
@@ -607,19 +736,30 @@ ldbm_instance_index_config_enable_index(ldbm_instance *inst, Slapi_Entry* e)
return rc;
}
+
/*
-** Create the default user-defined indexes
-**
-** Search for user-defined default indexes and add them
-** to the backend instance being created.
+** create the default user-defined indexes
*/
int ldbm_instance_create_default_user_indexes(ldbm_instance *inst)
{
+
+ /*
+ ** Search for user-defined default indexes and add them
+ ** to the backend instance beeing created.
+ */
+
Slapi_PBlock *aPb;
Slapi_Entry **entries = NULL;
Slapi_Attr *attr;
+ Slapi_Value *sval = NULL;
+ const struct berval *attrValue;
+ char *argv[ 8 ];
+ char tmpBuf[MAX_TMPBUF];
+ char tmpBuf2[MAX_TMPBUF];
+ int argc;
char *basedn = NULL;
+
struct ldbminfo *li;
/* write the dse file only on the final index */
@@ -632,6 +772,7 @@ int ldbm_instance_create_default_user_indexes(ldbm_instance *inst)
}
li = inst->inst_li;
+ strcpy(tmpBuf,"");
/* Construct the base dn of the subtree that holds the default user indexes. */
basedn = slapi_create_dn_string("cn=default indexes,cn=config,cn=%s,cn=plugins,cn=config",
@@ -651,27 +792,69 @@ int ldbm_instance_create_default_user_indexes(ldbm_instance *inst)
slapi_search_internal_pb (aPb);
slapi_pblock_get(aPb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
if (entries!=NULL) {
- int i;
+ int i,j;
for (i=0; entries[i]!=NULL; i++) {
- /*
- * Get the name of the attribute to index which will be the value
- * of the cn attribute.
- */
+
+ /* Get the name of the attribute to index which will be the value
+ * of the cn attribute. */
+
if (slapi_entry_attr_find(entries[i], "cn", &attr) != 0) {
LDAPDebug(LDAP_DEBUG_ANY,"Warning: malformed index entry %s. Index ignored.\n",
slapi_entry_get_dn(entries[i]), 0, 0);
continue;
}
+ slapi_attr_first_value(attr, &sval);
+ attrValue = slapi_value_get_berval(sval);
+ argv[0] = attrValue->bv_val;
+ argc=1;
+
+ /* Get the list of index types from the entry. */
+
+ if (0 == slapi_entry_attr_find(entries[i], "nsIndexType", &attr)) {
+ for (j = slapi_attr_first_value(attr, &sval); j != -1;
+ j = slapi_attr_next_value(attr, j, &sval)) {
+ attrValue = slapi_value_get_berval(sval);
+ if (0 == j) {
+ tmpBuf[0] = 0;
+ ZCAT_SAFE(tmpBuf, "", attrValue->bv_val);
+ } else {
+ ZCAT_SAFE(tmpBuf, ",", attrValue->bv_val);
+ }
+ }
+ argv[argc]=tmpBuf;
+ argc++;
+ }
+
+ /* Get the list of matching rules from the entry. */
+
+ if (0 == slapi_entry_attr_find(entries[i], "nsMatchingRule", &attr)) {
+ for (j = slapi_attr_first_value(attr, &sval); j != -1;
+ j = slapi_attr_next_value(attr, j, &sval)) {
+ attrValue = slapi_value_get_berval(sval);
+ if (0 == j) {
+ tmpBuf2[0] = 0;
+ ZCAT_SAFE(tmpBuf2, "", attrValue->bv_val);
+ } else {
+ ZCAT_SAFE(tmpBuf2, ",", attrValue->bv_val);
+ }
+ }
+ argv[argc]=tmpBuf2;
+ argc++;
+ }
+
+ argv[argc]=NULL;
/* Create the index entry in the backend */
+
if (entries[i+1] == NULL) {
/* write the dse file only on the final index */
flags = 0;
}
- ldbm_instance_config_add_index_entry(inst, entries[i], flags);
+ ldbm_instance_config_add_index_entry(inst, argc, argv, flags);
/* put the index online */
+
ldbm_instance_index_config_enable_index(inst, entries[i]);
}
}
diff --git a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
index 2e18c53..b430f9a 100644
--- a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
+++ b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
@@ -2474,56 +2474,32 @@ db2index_add_indexed_attr(backend *be, char *attrString)
{
char *iptr = NULL;
char *mptr = NULL;
- Slapi_Entry *e;
- Slapi_Value *sval;
- Slapi_Attr *indextype_attr;
- Slapi_Attr *cn_attr;
- Slapi_Attr *mr_attr;
- Slapi_Attr *attrs;
+ char *nsslapd_index_value[4];
+ int argc = 0;
+ int i;
if (NULL == (iptr = strchr(attrString, ':'))) {
return(0);
}
- e = slapi_entry_alloc();
- attrs = slapi_attr_new();
iptr[0] = '\0';
iptr++;
-
- /* set the index name */
- cn_attr = slapi_attr_new();
- slapi_attr_init(cn_attr, "cn");
- sval = slapi_value_new_string(slapi_ch_strdup(attrString+1));
- slapi_attr_add_value(cn_attr,sval);
- attrlist_add(&attrs,cn_attr);
- slapi_value_free(&sval);
-
+
+ nsslapd_index_value[argc++] = slapi_ch_strdup(attrString+1);
+
if (NULL != (mptr = strchr(iptr, ':'))) {
mptr[0] = '\0';
mptr++;
}
-
- /* set the index type */
- indextype_attr = slapi_attr_new();
- slapi_attr_init(indextype_attr, "nsIndexType");
- sval = slapi_value_new_string(slapi_ch_strdup(iptr));
- slapi_attr_add_value(indextype_attr,sval);
- attrlist_add(&attrs,indextype_attr);
- slapi_value_free(&sval);
-
+ nsslapd_index_value[argc++] = slapi_ch_strdup(iptr);
if (NULL != mptr) {
- /* set the matching rule */
- mr_attr = slapi_attr_new();
- slapi_attr_init(mr_attr, "nsMatchingRule");
- sval = slapi_value_new_string(slapi_ch_strdup(mptr));
- slapi_attr_add_value(mr_attr,sval);
- attrlist_add(&attrs,mr_attr);
- slapi_value_free(&sval);
+ nsslapd_index_value[argc++] = slapi_ch_strdup(mptr);
}
+ nsslapd_index_value[argc] = NULL;
+ attr_index_config(be, "from db2index()", 0, argc, nsslapd_index_value, 0);
- slapi_entry_init_ext(e, NULL, attrs);
- attr_index_config(be, "from db2index()", 0, e, 0, 0);
- slapi_entry_free(e);
-
+ for ( i=0; i<argc; i++ ) {
+ slapi_ch_free_string(&nsslapd_index_value[i]);
+ }
return(0);
}
diff --git a/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h b/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h
index 0734162..f286377 100644
--- a/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h
+++ b/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h
@@ -55,7 +55,7 @@ void attr_masks( backend *be, char *type, int *indexmask,
void attr_masks_ex( backend *be, char *type, int *indexmask,
int *syntaxmask, struct attrinfo **at );
void attr_index_config( backend *be, char *fname, int lineno,
- Slapi_Entry *e, int init, int none );
+ int argc, char **argv, int init );
int ldbm_compute_init();
void attrinfo_deletetree(ldbm_instance *inst);
void attr_create_empty(backend *be,char *type,struct attrinfo **ai);
commit dbde3135242ff72759d1633d72c3180c3859e30b
Author: Mark Reynolds <mareynol(a)redhat.com>
Date: Fri Jan 27 17:35:56 2012 -0500
Revert "Ticket #140 - incorrect memset parameters"
This reverts commit 2f86ad935e00209a3ea06b9a1463fab575ee89b7.
diff --git a/ldap/servers/slapd/back-ldbm/perfctrs.c b/ldap/servers/slapd/back-ldbm/perfctrs.c
index 86b3bb1..27efb7d 100644
--- a/ldap/servers/slapd/back-ldbm/perfctrs.c
+++ b/ldap/servers/slapd/back-ldbm/perfctrs.c
@@ -101,7 +101,7 @@ static void init_shared_memory(perfctrs_private *priv)
{
performance_counters *perf = (performance_counters*)priv->memory;
if (NULL != perf) {
- memset(perf,sizeof(performance_counters),0);
+ memset(perf,0,sizeof(performance_counters));
}
}
11 years, 10 months