mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2024-12-15 03:01:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge in latest from -current.

Browse Source
This commit is contained in:
Kurt Zeilenga 1998-10-19 19:19:48 +00:00
parent 58ea169c92
commit 76ed17f794
29 changed files with 1262 additions and 401 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CHANGES
View File

@ -2,6 +2,18 @@ OpenLDAP Change Log
Changes included in OpenLDAP Stable
CVS Tag: OPENLDAP_STABLE
Updated README, INSTALL files
Updated Linux platform defaults
Updated FreeBSD 2 & 3 platform defaults
Added SCHED_YIELD_MISSING flag
Added LDAP_ALLOW_NULL_SEARCH_BASE flag
Added core removal to tests/Make-template
Fixed slapd/acl debug trace problem
Fixed ud/auth.c bound_dn problem
Fixed back-ldbm/idl.c CLDAP include <sys/socket.h> problem.
Fixed Makefile $(CC) problem
Fixed LIBEXEC/SBIN creation problem
Fixed gmake RUNDIR not defaulting problem
Changes included in OpenLDAP Stable
CVS Tag: OPENLDAP_STABLE_980929

2
INSTALL
View File

@ -12,7 +12,7 @@ these steps:
1. untar the distribution and cd to the top:
% tar xfz ldap-stable.tgz
% tar xfz openldap-VERSION.tgz
% cd ldap
If you are reading this file, you probably have already done this!

28
clients/ud/string_to_key.c
View File

@ -1,7 +1,7 @@
#ifdef KERBEROS
#if defined(KERBEROS) && !defined(openbsd)
/*
* $Source: /usr/local/src/ldap/clients/ud/RCS/string_to_key.c,v $
* $Author: lsloan $
* $Source: /repo/OpenLDAP/pkg/ldap/clients/ud/string_to_key.c,v $
* $Author: kurt $
*
* Copyright 1985, 1986, 1987, 1988, 1989 by the Massachusetts Institute
* of Technology.
@ -24,18 +24,24 @@
* spm 8/85 MIT project athena
*/
#ifndef lint
static char rcsid_string_to_key_c[] =
"$Id: string_to_key.c,v 1.5 1995/11/09 20:29:55 lsloan Exp $";
#endif
#ifdef KERBEROS_V
#include <kerberosIV/mit-copyright.h>
#include <kerberosIV/des.h>
#else
#include <mit-copyright.h>
#include <stdio.h>
#include <des.h>
#endif /* KERBEROS_V */
#include <stdio.h>
/* #include "des_internal.h" */
#if 1
#ifdef KERBEROS_V
#include <kerberosIV/krb.h>
#else
#include <krb.h>
#endif
#endif /* KERBEROS_V */
#endif /* 1 */
extern int des_debug;
extern int des_debug_print();
@ -46,6 +52,7 @@ extern void des_fixup_key_parity();
#endif
#if defined(WORLDPEACEINOURTIME) /* Use original, not ifs version */
#ifndef KERBEROS_V
/*
* convert an arbitrary length string to a DES key
*/
@ -132,6 +139,7 @@ des_string_to_key(str,key)
*((unsigned long *) key+1));
}
#endif /* KERBEROS_V */
#else /* Use ifs version */
#if 0

4
libraries/liblthread/Makefile.in
View File

@ -4,8 +4,8 @@
LIBRARY = liblthread.a
XSRCS = version.c
SRCS = thread.c stack.c
OBJS = thread.o stack.o
SRCS = rdwr.c thread.c stack.c
OBJS = rdwr.o thread.o stack.o
LDAP_INCDIR= ../../include
LDAP_LIBDIR= ../../libraries

116
libraries/liblthread/rdwr.c Normal file
View File

@ -0,0 +1,116 @@
/*
** This basic implementation of Reader/Writer locks does not
** protect writers from starvation. That is, if a writer is
** currently waiting on a reader, any new reader will get
** the lock before the writer.
*/
/********************************************************
* An example source module to accompany...
*
* "Using POSIX Threads: Programming with Pthreads"
* by Brad nichols, Dick Buttlar, Jackie Farrell
* O'Reilly & Associates, Inc.
*
********************************************************
* rdwr.c --
*
* Library of functions implementing reader/writer locks
*/
#define DISABLE_BRIDGE
#include <portable.h>
#include <stdlib.h>
#include <lthread.h>
#include <lthread_rdwr.h>
int pthread_rdwr_init_np(pthread_rdwr_t *rdwrp, pthread_rdwrattr_t *attrp)
{
rdwrp->readers_reading = 0;
rdwrp->writer_writing = 0;
pthread_mutex_init(&(rdwrp->mutex), NULL);
pthread_cond_init(&(rdwrp->lock_free), NULL);
return 0;
}
int pthread_rdwr_rlock_np(pthread_rdwr_t *rdwrp){
pthread_mutex_lock(&(rdwrp->mutex));
while(rdwrp->writer_writing) {
pthread_cond_wait(&(rdwrp->lock_free), &(rdwrp->mutex));
}
rdwrp->readers_reading++;
pthread_mutex_unlock(&(rdwrp->mutex));
return 0;
}
int pthread_rdwr_runlock_np(pthread_rdwr_t *rdwrp)
{
pthread_mutex_lock(&(rdwrp->mutex));
if (rdwrp->readers_reading == 0) {
pthread_mutex_unlock(&(rdwrp->mutex));
return -1;
}
else {
rdwrp->readers_reading--;
if (rdwrp->readers_reading == 0) {
pthread_cond_signal(&(rdwrp->lock_free));
}
pthread_mutex_unlock(&(rdwrp->mutex));
return 0;
}
}
int pthread_rdwr_wlock_np(pthread_rdwr_t *rdwrp)
{
pthread_mutex_lock(&(rdwrp->mutex));
while(rdwrp->writer_writing || rdwrp->readers_reading) {
pthread_cond_wait(&(rdwrp->lock_free), &(rdwrp->mutex));
}
rdwrp->writer_writing++;
pthread_mutex_unlock(&(rdwrp->mutex));
return 0;
}
int pthread_rdwr_wunlock_np(pthread_rdwr_t *rdwrp)
{
pthread_mutex_lock(&(rdwrp->mutex));
if (rdwrp->writer_writing == 0) {
pthread_mutex_unlock(&(rdwrp->mutex));
return -1;
}
else {
rdwrp->writer_writing = 0;
pthread_cond_broadcast(&(rdwrp->lock_free));
pthread_mutex_unlock(&(rdwrp->mutex));
return 0;
}
}
#ifdef LDAP_DEBUG
/* just for testing,
* return 0 if false, suitable for assert(pthread_rdwr_Xchk(rdwr))
*
* Currently they don't check if the calling thread is the one
* that has the lock, just that there is a reader or writer.
*
* Basically sufficent for testing that places that should have
* a lock are caught.
*/
int pthread_rdwr_rchk_np(pthread_rdwr_t *rdwrp)
{
return(rdwrp->readers_reading!=0);
}
int pthread_rdwr_wchk_np(pthread_rdwr_t *rdwrp)
{
return(rdwrp->writer_writing!=0);
}
int pthread_rdwr_rwchk_np(pthread_rdwr_t *rdwrp)
{
return(pthread_rdwr_rchk_np(rdwrp) || pthread_rdwr_wchk_np(rdwrp));
}
#endif /* LDAP_DEBUG */

1
libraries/liblthread/thread.c
View File

@ -504,6 +504,7 @@ void pthread_yield( void )
{
sched_yield();
}
#endif /* HAVE_SCHED_YIELD */
#endif /* posix threads */

391
servers/slapd/acl.c
View File

@ -6,15 +6,11 @@
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#ifdef sunos5
#include "regexpr.h"
#else
#include "regex.h"
#endif
#include <regex.h>
#include "slap.h"
extern Attribute *attr_find();
extern char *re_comp();
extern struct acl *global_acl;
extern int global_default_access;
extern char *access2str();
@ -26,7 +22,9 @@ struct acl *acl_get_applicable();
static int regex_matches();
extern pthread_mutex_t regex_mutex;
static string_expand(char *newbuf, int bufsiz, char *pattern,
char *match, regmatch_t *matches);
/*
* access_allowed - check whether dn is allowed the requested access
@ -51,15 +49,57 @@ access_allowed(
int access
)
{
int rc;
struct acl *a;
int rc;
struct acl *a;
char *edn;
regmatch_t matches[MAXREMATCHES];
int i;
int n;
if ( be == NULL ) {
return( 0 );
}
a = acl_get_applicable( be, op, e, attr );
rc = acl_access_allowed( a, be, conn, e, val, op, access );
edn = dn_normalize_case( strdup( e->e_dn ) );
Debug( LDAP_DEBUG_ACL, "\n=> access_allowed: entry (%s) attr (%s)\n",
e->e_dn, attr, 0 );
/* the lastmod attributes are ignored by ACL checking */
if ( strcasecmp( attr, "modifiersname" ) == 0 ||
strcasecmp( attr, "modifytimestamp" ) == 0 ||
strcasecmp( attr, "creatorsname" ) == 0 ||
strcasecmp( attr, "createtimestamp" ) == 0 )
{
Debug( LDAP_DEBUG_ACL, "LASTMOD attribute: %s access allowed\n",
attr, 0, 0 );
free( edn );
return(1);
}
memset(matches, 0, sizeof(matches));
a = acl_get_applicable( be, op, e, attr, edn, MAXREMATCHES, matches );
if (a) {
for (i = 0; i < MAXREMATCHES && matches[i].rm_so > 0; i++) {
Debug( LDAP_DEBUG_ARGS, "=> match[%d]: %d %d ",
i, matches[i].rm_so, matches[i].rm_eo );
if( matches[i].rm_so <= matches[0].rm_eo ) {
for ( n = matches[i].rm_so; n < matches[i].rm_eo; n++) {
Debug( LDAP_DEBUG_ARGS, "%c", edn[n], 0, 0 );
}
}
Debug( LDAP_DEBUG_ARGS, "\n", 0, 0, 0 );
}
}
rc = acl_access_allowed( a, be, conn, e, val, op, access, edn, matches );
free( edn );
Debug( LDAP_DEBUG_ACL, "\n=> access_allowed: exit (%s) attr (%s)\n",
e->e_dn, attr, 0);
return( rc );
}
@ -75,15 +115,17 @@ acl_get_applicable(
Backend *be,
Operation *op,
Entry *e,
char *attr
char *attr,
char *edn,
int nmatch,
regmatch_t *matches
)
{
int i;
int i, j;
struct acl *a;
char *edn;
Debug( LDAP_DEBUG_ACL, "=> acl_get: entry (%s) attr (%s)\n", e->e_dn,
attr, 0 );
Debug( LDAP_DEBUG_ACL, "\n=> acl_get: entry (%s) attr (%s)\n",
e->e_dn, attr, 0 );
if ( be_isroot( be, op->o_dn ) ) {
Debug( LDAP_DEBUG_ACL,
@ -92,55 +134,73 @@ acl_get_applicable(
return( NULL );
}
Debug( LDAP_DEBUG_ARGS, "=> acl_get: edn %s\n", edn, 0, 0 );
/* check for a backend-specific acl that matches the entry */
for ( i = 1, a = be->be_acl; a != NULL; a = a->acl_next, i++ ) {
if ( a->acl_dnpat != NULL ) {
edn = dn_normalize_case( strdup( e->e_dn ) );
if ( ! regex_matches( a->acl_dnpat, edn ) ) {
free( edn );
if (a->acl_dnpat != NULL) {
Debug( LDAP_DEBUG_TRACE, "=> dnpat: [%d] %s nsub: %d\n",
i, a->acl_dnpat, a->acl_dnre.re_nsub);
if (regexec(&a->acl_dnre, edn, nmatch, matches, 0))
continue;
}
free( edn );
else
Debug( LDAP_DEBUG_TRACE, "=> acl_get:[%d] backend ACL match\n",
i, 0, 0);
}
if ( a->acl_filter != NULL ) {
if ( test_filter( NULL, NULL, NULL, e, a->acl_filter )
!= 0 ) {
if ( test_filter( NULL, NULL, NULL, e, a->acl_filter ) != 0 ) {
continue;
}
}
Debug( LDAP_DEBUG_ARGS, "=> acl_get: [%d] check attr %s\n", i, attr, 0);
if ( attr == NULL || a->acl_attrs == NULL ||
charray_inlist( a->acl_attrs, attr ) ) {
Debug( LDAP_DEBUG_ACL, "<= acl_get: backend acl #%d\n",
i, e->e_dn, attr );
charray_inlist( a->acl_attrs, attr ) )
{
Debug( LDAP_DEBUG_ACL, "<= acl_get: [%d] backend acl %s attr: %s\n",
i, e->e_dn, attr );
return( a );
}
matches[0].rm_so = matches[0].rm_eo = -1;
}
/* check for a global acl that matches the entry */
for ( i = 1, a = global_acl; a != NULL; a = a->acl_next, i++ ) {
if ( a->acl_dnpat != NULL ) {
edn = dn_normalize_case( strdup( e->e_dn ) );
if ( ! regex_matches( a->acl_dnpat, edn ) ) {
free( edn );
if (a->acl_dnpat != NULL) {
Debug( LDAP_DEBUG_TRACE, "=> dnpat: [%d] %s nsub: %d\n",
i, a->acl_dnpat, a->acl_dnre.re_nsub);
if (regexec(&a->acl_dnre, edn, nmatch, matches, 0)) {
continue;
} else {
Debug( LDAP_DEBUG_TRACE, "=> acl_get: [%d] global ACL match\n",
i, 0, 0);
}
free( edn );
}
if ( a->acl_filter != NULL ) {
if ( test_filter( NULL, NULL, NULL, e, a->acl_filter )
!= 0 ) {
if ( test_filter( NULL, NULL, NULL, e, a->acl_filter ) != 0 ) {
continue;
}
}
if ( attr == NULL || a->acl_attrs == NULL || charray_inlist(
a->acl_attrs, attr ) ) {
Debug( LDAP_DEBUG_ACL, "<= acl_get: global acl #%d\n",
i, e->e_dn, attr );
Debug( LDAP_DEBUG_ARGS, "=> acl_get: [%d] check attr\n", i, 0, 0);
if ( attr == NULL || a->acl_attrs == NULL ||
charray_inlist( a->acl_attrs, attr ) )
{
Debug( LDAP_DEBUG_ACL, "<= acl_get: [%d] global acl %s attr: %s\n",
i, e->e_dn, attr );
return( a );
}
}
Debug( LDAP_DEBUG_ACL, "<= acl_get: no match\n", 0, 0, 0 );
matches[0].rm_so = matches[0].rm_eo = -1;
}
Debug( LDAP_DEBUG_ACL, "<= acl_get: no match\n", 0, 0, 0 );
return( NULL );
}
@ -161,31 +221,40 @@ acl_access_allowed(
Entry *e,
struct berval *val,
Operation *op,
int access
int access,
char *edn,
regmatch_t *matches
)
{
int i;
char *edn, *odn;
char *odn;
struct access *b;
Attribute *at;
struct berval bv;
int default_access;
Debug( LDAP_DEBUG_ACL, "=> acl: %s access to value \"%s\" by \"%s\"\n",
access2str( access ), val ? val->bv_val : "any", op->o_dn ?
op->o_dn : "" );
Debug( LDAP_DEBUG_ACL,
"\n=> acl_access_allowed: %s access to entry \"%s\"\n",
access2str( access ), e->e_dn, 0 );
Debug( LDAP_DEBUG_ACL,
"\n=> acl_access_allowed: %s access to value \"%s\" by \"%s\"\n",
access2str( access ),
val ? val->bv_val : "any",
op->o_dn ? op->o_dn : "" );
if ( be_isroot( be, op->o_dn ) ) {
Debug( LDAP_DEBUG_ACL, "<= acl: granted to database root\n",
Debug( LDAP_DEBUG_ACL,
"<= acl_access_allowed: granted to database root\n",
0, 0, 0 );
return( 1 );
}
default_access = be->be_dfltaccess ? be->be_dfltaccess :
global_default_access;
default_access = be->be_dfltaccess ? be->be_dfltaccess : global_default_access;
if ( a == NULL ) {
Debug( LDAP_DEBUG_ACL,
"<= acl: %s by default (no matching to)\n",
"<= acl_access_allowed: %s by default (no matching to)\n",
default_access >= access ? "granted" : "denied", 0, 0 );
return( default_access >= access );
}
@ -198,76 +267,78 @@ acl_access_allowed(
}
for ( i = 1, b = a->acl_access; b != NULL; b = b->a_next, i++ ) {
if ( b->a_dnpat != NULL ) {
Debug( LDAP_DEBUG_TRACE, "<= check a_dnpat: %s\n",
b->a_dnpat, 0, 0);
/*
* if access applies to the entry itself, and the
* user is bound as somebody in the same namespace as
* the entry, OR the given dn matches the dn pattern
*/
if ( strcasecmp( b->a_dnpat, "self" ) == 0 && op->o_dn
!= NULL && *(op->o_dn) && e->e_dn != NULL ) {
edn = dn_normalize_case( strdup( e->e_dn ) );
if ( strcasecmp( b->a_dnpat, "self" ) == 0 &&
op->o_dn != NULL && *(op->o_dn) && e->e_dn != NULL )
{
if ( strcasecmp( edn, op->o_dn ) == 0 ) {
free( edn );
if ( odn ) free( odn );
Debug( LDAP_DEBUG_ACL,
"<= acl: matched by clause #%d access %s\n",
"<= acl_access_allowed: matched by clause #%d access %s\n",
i, (b->a_access & ~ACL_SELF) >=
access ? "granted" : "denied", 0 );
return( (b->a_access & ~ACL_SELF)
>= access );
}
free( edn );
} else {
if ( regex_matches( b->a_dnpat, odn ) ) {
if ( odn ) free( odn );
return( (b->a_access & ~ACL_SELF) >= access );
}
} else {
if ( regex_matches( b->a_dnpat, odn, edn, matches ) ) {
Debug( LDAP_DEBUG_ACL,
"<= acl: matched by clause #%d access %s\n",
"<= acl_access_allowed: matched by clause #%d access %s\n",
i, (b->a_access & ~ACL_SELF) >= access ?
"granted" : "denied", 0 );
return( (b->a_access & ~ACL_SELF)
>= access );
if ( odn ) free( odn );
return( (b->a_access & ~ACL_SELF) >= access );
}
}
}
if ( b->a_addrpat != NULL ) {
if ( regex_matches( b->a_addrpat, conn->c_addr ) ) {
if ( odn ) free( odn );
if ( regex_matches( b->a_addrpat, conn->c_addr, edn, matches ) ) {
Debug( LDAP_DEBUG_ACL,
"<= acl: matched by clause #%d access %s\n",
"<= acl_access_allowed: matched by clause #%d access %s\n",
i, (b->a_access & ~ACL_SELF) >= access ?
"granted" : "denied", 0 );
if ( odn ) free( odn );
return( (b->a_access & ~ACL_SELF) >= access );
}
}
if ( b->a_domainpat != NULL ) {
if ( regex_matches( b->a_domainpat, conn->c_domain ) ) {
if ( odn ) free( odn );
Debug( LDAP_DEBUG_ARGS, "<= check a_domainpath: %s\n",
b->a_domainpat, 0, 0 );
if ( regex_matches( b->a_domainpat, conn->c_domain, edn, matches ) )
{
Debug( LDAP_DEBUG_ACL,
"<= acl: matched by clause #%d access %s\n",
"<= acl_access_allowed: matched by clause #%d access %s\n",
i, (b->a_access & ~ACL_SELF) >= access ?
"granted" : "denied", 0 );
if ( odn ) free( odn );
return( (b->a_access & ~ACL_SELF) >= access );
}
}
if ( b->a_dnattr != NULL && op->o_dn != NULL ) {
Debug( LDAP_DEBUG_ARGS, "<= check a_dnattr: %s\n",
b->a_dnattr, 0, 0);
/* see if asker is listed in dnattr */
if ( (at = attr_find( e->e_attrs, b->a_dnattr ))
!= NULL && value_find( at->a_vals, &bv,
at->a_syntax, 3 ) == 0 )
if ( (at = attr_find( e->e_attrs, b->a_dnattr )) != NULL &&
value_find( at->a_vals, &bv, at->a_syntax, 3 ) == 0 )
{
if ( (b->a_access & ACL_SELF) && (val == NULL
|| value_cmp( &bv, val, at->a_syntax,
2 )) ) {
if ( (b->a_access & ACL_SELF) &&
(val == NULL || value_cmp( &bv, val, at->a_syntax, 2 )) )
{
continue;
}
if ( odn ) free( odn );
Debug( LDAP_DEBUG_ACL,
"<= acl: matched by clause #%d access %s\n",
"<= acl_acces_allowed: matched by clause #%d access %s\n",
i, (b->a_access & ~ACL_SELF) >= access ?
"granted" : "denied", 0 );
@ -276,22 +347,49 @@ acl_access_allowed(
/* asker not listed in dnattr - check for self access */
if ( ! (b->a_access & ACL_SELF) || val == NULL ||
value_cmp( &bv, val, at->a_syntax, 2 ) != 0 ) {
value_cmp( &bv, val, at->a_syntax, 2 ) != 0 )
{
continue;
}
if ( odn ) free( odn );
Debug( LDAP_DEBUG_ACL,
"<= acl: matched by clause #%d (self) access %s\n",
"<= acl_access_allowed: matched by clause #%d (self) access %s\n",
i, (b->a_access & ~ACL_SELF) >= access ? "granted"
: "denied", 0 );
return( (b->a_access & ~ACL_SELF) >= access );
}
#ifdef ACLGROUP
if ( b->a_group != NULL && op->o_dn != NULL ) {
char buf[512];
/* b->a_group is an unexpanded entry name, expanded it should be an
* entry with objectclass group* and we test to see if odn is one of
* the values in the attribute uniquegroup
*/
Debug( LDAP_DEBUG_ARGS, "<= check a_group: %s\n",
b->a_group, 0, 0);
Debug( LDAP_DEBUG_ARGS, "<= check a_group: odn: %s\n",
odn, 0, 0);
/* see if asker is listed in dnattr */
string_expand(buf, sizeof(buf), b->a_group, edn, matches);
if (be_group(be, buf, odn) == 0) {
Debug( LDAP_DEBUG_ACL,
"<= acl_access_allowed: matched by clause #%d (group) access granted\n",
i, 0, 0 );
if ( odn ) free( odn );
return( (b->a_access & ~ACL_SELF) >= access );
}
}
#endif /* ACLGROUP */
}
if ( odn ) free( odn );
Debug( LDAP_DEBUG_ACL, "<= acl: %s by default (no matching by)\n",
Debug( LDAP_DEBUG_ACL,
"<= acl_access_allowed: %s by default (no matching by)\n",
default_access >= access ? "granted" : "denied", 0, 0 );
return( default_access >= access );
@ -316,14 +414,26 @@ acl_check_mods(
{
int i;
struct acl *a;
char *edn;
edn = dn_normalize_case( strdup( e->e_dn ) );
for ( ; mods != NULL; mods = mods->mod_next ) {
regmatch_t matches[MAXREMATCHES];
/* the lastmod attributes are ignored by ACL checking */
if ( strcasecmp( mods->mod_type, "modifiersname" ) == 0 ||
strcasecmp( mods->mod_type, "modifytimestamp" ) == 0 ) {
strcasecmp( mods->mod_type, "modifytimestamp" ) == 0 ||
strcasecmp( mods->mod_type, "creatorsname" ) == 0 ||
strcasecmp( mods->mod_type, "createtimestamp" ) == 0 )
{
Debug( LDAP_DEBUG_ACL, "LASTMOD attribute: %s access allowed\n",
mods->mod_type, 0, 0 );
continue;
}
a = acl_get_applicable( be, op, e, mods->mod_type );
a = acl_get_applicable( be, op, e, mods->mod_type, edn,
MAXREMATCHES, matches );
switch ( mods->mod_op & ~LDAP_MOD_BVALUES ) {
case LDAP_MOD_REPLACE:
@ -332,8 +442,10 @@ acl_check_mods(
break;
}
for ( i = 0; mods->mod_bvalues[i] != NULL; i++ ) {
if ( ! acl_access_allowed( a, be, conn, e,
mods->mod_bvalues[i], op, ACL_WRITE ) ) {
if ( ! acl_access_allowed( a, be, conn, e, mods->mod_bvalues[i],
op, ACL_WRITE, edn, matches) )
{
free(edn);
return( LDAP_INSUFFICIENT_ACCESS );
}
}
@ -342,14 +454,18 @@ acl_check_mods(
case LDAP_MOD_DELETE:
if ( mods->mod_bvalues == NULL ) {
if ( ! acl_access_allowed( a, be, conn, e,
NULL, op, ACL_WRITE ) ) {
NULL, op, ACL_WRITE, edn, matches) )
{
free(edn);
return( LDAP_INSUFFICIENT_ACCESS );
}
break;
}
for ( i = 0; mods->mod_bvalues[i] != NULL; i++ ) {
if ( ! acl_access_allowed( a, be, conn, e,
mods->mod_bvalues[i], op, ACL_WRITE ) ) {
if ( ! acl_access_allowed( a, be, conn, e, mods->mod_bvalues[i],
op, ACL_WRITE, edn, matches) )
{
free(edn);
return( LDAP_INSUFFICIENT_ACCESS );
}
}
@ -357,48 +473,95 @@ acl_check_mods(
}
}
free(edn);
return( LDAP_SUCCESS );
}
#ifdef sunos5
static int
regex_matches( char *pat, char *str )
static string_expand(
char *newbuf,
int bufsiz,
char *pat,
char *match,
regmatch_t *matches)
{
char *e;
int rc;
int size;
char *sp;
char *dp;
int flag;
if ( (e = compile( pat, NULL, NULL )) == NULL ) {
Debug( LDAP_DEBUG_ANY,
"compile( \"%s\", \"%s\") failed\n", pat, str, 0 );
return( 0 );
size = 0;
newbuf[0] = '\0';
flag = 0;
for ( dp = newbuf, sp = pat; size < 512 && *sp ; sp++) {
/* did we previously see a $ */
if (flag) {
if (*sp == '$') {
*dp++ = '$';
size++;
} else if (*sp >= '0' && *sp <= '9' ) {
int n;
int i;
char *ep;
int l;
n = *sp - '0';
*dp = '\0';
i = matches[n].rm_so;
l = matches[n].rm_eo;
for ( ; size < 512 && i < l; size++, i++ ) {
*dp++ = match[i];
size++;
}
*dp = '\0';
}
flag = 0;
} else {
if (*sp == '$') {
flag = 1;
} else {
*dp++ = *sp;
size++;
}
}
}
rc = step( str ? str : "", e );
free( e );
*dp = '\0';
return( rc );
Debug( LDAP_DEBUG_TRACE, "=> string_expand: pattern: %s\n", pat, 0, 0 );
Debug( LDAP_DEBUG_TRACE, "=> string_expand: expanded: %s\n", newbuf, 0, 0 );
}
#else /* sunos5 */
static int
regex_matches( char *pat, char *str )
regex_matches(
char *pat, /* pattern to expand and match against */
char *str, /* string to match against pattern */
char *buf, /* buffer with $N expansion variables */
regmatch_t *matches /* offsets in buffer for $N expansion variables */
)
{
char *e;
regex_t re;
char newbuf[512];
int rc;
pthread_mutex_lock( &regex_mutex );
if ( (e = re_comp( pat )) != NULL ) {
Debug( LDAP_DEBUG_ANY,
"re_comp( \"%s\", \"%s\") failed because (%s)\n", pat, str,
e );
pthread_mutex_unlock( &regex_mutex );
string_expand(newbuf, sizeof(newbuf), pat, buf, matches);
if (( rc = regcomp(&re, newbuf, REG_EXTENDED|REG_ICASE))) {
char error[512];
regerror(rc, &re, error, sizeof(error));
Debug( LDAP_DEBUG_TRACE,
"compile( \"%s\", \"%s\") failed %s\n",
pat, str, error );
return( 0 );
}
rc = re_exec( str ? str : "" );
pthread_mutex_unlock( &regex_mutex );
return( rc == 1 );
rc = regexec(&re, str, 0, NULL, 0);
regfree( &re );
Debug( LDAP_DEBUG_TRACE,
"=> regex_matches: string: %s\n", str, 0, 0 );
Debug( LDAP_DEBUG_TRACE,
"=> regex_matches: rc: %d %s\n",
rc, !rc ? "matches" : "no matches", 0 );
return( !rc );
}
#endif /* sunos5 */

30
servers/slapd/add.c
View File

@ -53,6 +53,8 @@ do_add( conn, op )
*/
e = (Entry *) ch_calloc( 1, sizeof(Entry) );
/* initialize reader/writer lock */
entry_rdwr_init(e);
/* get the name */
if ( ber_scanf( ber, "{a", &dn ) == LBER_ERROR ) {
@ -117,21 +119,25 @@ do_add( conn, op )
*/
if ( be->be_add != NULL ) {
/* do the update here */
if ( be->be_updatedn == NULL || strcasecmp( be->be_updatedn,
op->o_dn ) == 0 ) {
if ( (be->be_lastmod == ON || be->be_lastmod == 0 &&
global_lastmod == ON) && be->be_updatedn == NULL ) {
if ( be->be_updatedn == NULL ||
strcasecmp( be->be_updatedn, op->o_dn ) == 0 ) {
if ( (be->be_lastmod == ON || (be->be_lastmod == UNDEFINED &&
global_lastmod == ON)) && be->be_updatedn == NULL ) {
add_created_attrs( op, e );
}
if ( (*be->be_add)( be, conn, op, e ) == 0 ) {
replog( be, LDAP_REQ_ADD, e->e_dn, e, 0 );
}
} else {
entry_free( e );
send_ldap_result( conn, op, LDAP_PARTIAL_RESULTS, NULL,
default_referral );
}
} else {
Debug( LDAP_DEBUG_ARGS, " do_add: HHH\n", 0, 0, 0 );
entry_free( e );
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM, NULL,
"Function not implemented" );
@ -141,7 +147,7 @@ do_add( conn, op )
static void
add_created_attrs( Operation *op, Entry *e )
{
char buf[20];
char buf[22];
struct berval bv;
struct berval *bvals[2];
Attribute **a, **next;
@ -155,8 +161,10 @@ add_created_attrs( Operation *op, Entry *e )
/* remove any attempts by the user to add these attrs */
for ( a = &e->e_attrs; *a != NULL; a = next ) {
if ( strcasecmp( (*a)->a_type, "createtimestamp" ) == 0
|| strcasecmp( (*a)->a_type, "creatorsname" ) == 0 ) {
if ( strcasecmp( (*a)->a_type, "modifiersname" ) == 0 ||
strcasecmp( (*a)->a_type, "modifytimestamp" ) == 0 ||
strcasecmp( (*a)->a_type, "creatorsname" ) == 0 ||
strcasecmp( (*a)->a_type, "createtimestamp" ) == 0 ) {
tmp = *a;
*a = (*a)->a_next;
attr_free( tmp );
@ -176,8 +184,12 @@ add_created_attrs( Operation *op, Entry *e )
attr_merge( e, "creatorsname", bvals );
pthread_mutex_lock( &currenttime_mutex );
ltm = localtime( &currenttime );
strftime( buf, sizeof(buf), "%y%m%d%H%M%SZ", ltm );
ltm = localtime( &currenttime );
#ifdef LDAP_Y2K
strftime( buf, sizeof(buf), "%Y%m%d%H%M%SZ", ltm );
#else
strftime( buf, sizeof(buf), "%y%m%d%H%M%SZ", ltm );
#endif
pthread_mutex_unlock( &currenttime_mutex );
bv.bv_val = buf;

97
servers/slapd/back-ldbm/add.c
View File

@ -6,11 +6,11 @@
#include <sys/socket.h>
#include "slap.h"
#include "back-ldbm.h"
#include "proto-back-ldbm.h"
extern int global_schemacheck;
extern char *dn_parent();
extern char *dn_normalize();
extern Entry *dn2entry();
int
ldbm_back_add(
@ -21,27 +21,30 @@ ldbm_back_add(
)
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
char *matched;
char *dn = NULL, *pdn = NULL;
Entry *p;
Entry *p = NULL;
int rc;
dn = dn_normalize( strdup( e->e_dn ) );
matched = NULL;
if ( (p = dn2entry( be, dn, &matched )) != NULL ) {
cache_return_entry( &li->li_cache, p );
Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_add: %s\n", dn, 0, 0);
if ( ( dn2id( be, dn ) ) != NOID ) {
entry_free( e );
free( dn );
send_ldap_result( conn, op, LDAP_ALREADY_EXISTS, "", "" );
return( -1 );
}
if ( matched != NULL ) {
free( matched );
}
/* XXX race condition here til we cache_add_entry_lock below XXX */
if ( global_schemacheck && oc_schema_check( e ) != 0 ) {
Debug( LDAP_DEBUG_TRACE, "entry failed schema check\n", 0, 0,
0 );
Debug( LDAP_DEBUG_TRACE, "entry failed schema check\n",
0, 0, 0 );
/* XXX this should be ok, no other thread should have access
* because e hasn't been added to the cache yet
*/
entry_free( e );
free( dn );
send_ldap_result( conn, op, LDAP_OBJECT_CLASS_VIOLATION, "",
@ -61,6 +64,10 @@ ldbm_back_add(
Debug( LDAP_DEBUG_ANY, "cache_add_entry_lock failed\n", 0, 0,
0 );
next_id_return( be, e->e_id );
/* XXX this should be ok, no other thread should have access
* because e hasn't been added to the cache yet
*/
entry_free( e );
free( dn );
send_ldap_result( conn, op, LDAP_ALREADY_EXISTS, "", "" );
@ -74,17 +81,22 @@ ldbm_back_add(
*/
if ( (pdn = dn_parent( be, dn )) != NULL ) {
char *matched;
/* no parent */
matched = NULL;
if ( (p = dn2entry( be, pdn, &matched )) == NULL ) {
/* get entry with reader lock */
if ( (p = dn2entry_r( be, pdn, &matched )) == NULL ) {
Debug( LDAP_DEBUG_TRACE, "parent does not exist\n", 0,
0, 0 );
send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT,
matched, "" );
if ( matched != NULL ) {
free( matched );
}
Debug( LDAP_DEBUG_TRACE, "parent does not exist\n", 0,
0, 0 );
goto error_return;
rc = -1;
goto return_results;
}
if ( matched != NULL ) {
free( matched );
@ -96,7 +108,9 @@ ldbm_back_add(
0, 0 );
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
"", "" );
goto error_return;
rc = -1;
goto return_results;
}
} else {
if ( ! be_isroot( be, op->o_dn ) ) {
@ -104,9 +118,10 @@ ldbm_back_add(
0, 0 );
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
"", "" );
goto error_return;
rc = -1;
goto return_results;
}
p = NULL;
}
/*
@ -116,9 +131,10 @@ ldbm_back_add(
if ( id2children_add( be, p, e ) != 0 ) {
Debug( LDAP_DEBUG_TRACE, "id2children_add failed\n", 0,
0, 0 );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, "",
"" );
goto error_return;
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, "", "" );
rc = -1;
goto return_results;
}
/*
@ -131,7 +147,9 @@ ldbm_back_add(
Debug( LDAP_DEBUG_TRACE, "index_add_entry failed\n", 0,
0, 0 );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, "", "" );
goto error_return;
rc = -1;
goto return_results;
}
/* dn2id index */
@ -139,35 +157,44 @@ ldbm_back_add(
Debug( LDAP_DEBUG_TRACE, "dn2id_add failed\n", 0,
0, 0 );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, "", "" );
goto error_return;
rc = -1;
goto return_results;
}
/* acquire writer lock */
entry_rdwr_lock(e, 1);
/* id2entry index */
if ( id2entry_add( be, e ) != 0 ) {
Debug( LDAP_DEBUG_TRACE, "id2entry_add failed\n", 0,
0, 0 );
(void) dn2id_delete( be, dn );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, "", "" );
goto error_return;
rc = -1;
goto return_results;
}
send_ldap_result( conn, op, LDAP_SUCCESS, "", "" );
rc = 0;
return_results:;
if ( dn != NULL )
free( dn );
if ( pdn != NULL )
free( pdn );
cache_set_state( &li->li_cache, e, 0 );
cache_return_entry( &li->li_cache, e );
return( 0 );
error_return:;
if ( dn != NULL )
free( dn );
if ( pdn != NULL )
free( pdn );
next_id_return( be, e->e_id );
cache_delete_entry( &li->li_cache, e );
cache_return_entry( &li->li_cache, e );
/* free entry and writer lock */
cache_return_entry_w( &li->li_cache, e );
return( -1 );
/* free entry and reader lock */
if (p != NULL) {
cache_return_entry_r( &li->li_cache, p );
}
return( rc );
}

71
servers/slapd/back-ldbm/bind.c
View File

@ -6,6 +6,7 @@
#include <sys/socket.h>
#include "slap.h"
#include "back-ldbm.h"
#include "proto-back-ldbm.h"
#ifdef KERBEROS
#ifdef KERBEROS_V
#include <kerberosIV/krb.h>
@ -32,7 +33,6 @@ extern char *crypt (char *key, char *salt);
#include <lutil.h>
extern Entry *dn2entry();
extern Attribute *attr_find();
#ifdef KERBEROS
@ -140,7 +140,10 @@ ldbm_back_bind(
AUTH_DAT ad;
#endif
if ( (e = dn2entry( be, dn, &matched )) == NULL ) {
Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_bind: dn: %s\n", dn, 0, 0);
/* get entry with reader lock */
if ( (e = dn2entry_r( be, dn, &matched )) == NULL ) {
/* allow noauth binds */
if ( method == LDAP_AUTH_SIMPLE && cred->bv_len == 0 ) {
/*
@ -153,8 +156,7 @@ ldbm_back_bind(
/* front end will send result */
rc = 0;
} else {
send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT,
matched, NULL );
send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT, matched, NULL );
rc = 1;
}
if ( matched != NULL ) {
@ -163,25 +165,32 @@ ldbm_back_bind(
return( rc );
}
/* check for deleted */
switch ( method ) {
case LDAP_AUTH_SIMPLE:
if ( cred->bv_len == 0 ) {
send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL );
return( 1 );
/* stop front end from sending result */
rc = 1;
goto return_results;
} else if ( be_isroot_pw( be, dn, cred ) ) {
/* front end will send result */
return( 0 );
rc = 0;
goto return_results;
}
if ( (a = attr_find( e->e_attrs, "userpassword" )) == NULL ) {
if ( be_isroot_pw( be, dn, cred ) ) {
/* front end will send result */
return( 0 );
rc = 0;
goto return_results;
}
send_ldap_result( conn, op, LDAP_INAPPROPRIATE_AUTH,
NULL, NULL );
cache_return_entry( &li->li_cache, e );
return( 1 );
rc = 1;
goto return_results;
}
#ifdef LDAP_CRYPT
@ -189,16 +198,18 @@ ldbm_back_bind(
#else
if ( value_find( a->a_vals, cred, a->a_syntax, 0 ) != 0 )
#endif
{
{
if ( be_isroot_pw( be, dn, cred ) ) {
/* front end will send result */
return( 0 );
rc = 0;
goto return_results;
}
send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
NULL, NULL );
cache_return_entry( &li->li_cache, e );
return( 1 );
rc = 1;
goto return_results;
}
rc = 0;
break;
#ifdef KERBEROS
@ -206,8 +217,8 @@ ldbm_back_bind(
if ( krbv4_ldap_auth( be, cred, &ad ) != LDAP_SUCCESS ) {
send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
NULL, NULL );
cache_return_entry( &li->li_cache, e );
return( 1 );
rc = 0;
goto return_results;
}
sprintf( krbname, "%s%s%s@%s", ad.pname, *ad.pinst ? "."
: "", ad.pinst, ad.prealm );
@ -216,43 +227,47 @@ ldbm_back_bind(
* no krbName values present: check against DN
*/
if ( strcasecmp( dn, krbname ) == 0 ) {
rc = 0; /* XXX wild ass guess */
break;
}
send_ldap_result( conn, op, LDAP_INAPPROPRIATE_AUTH,
NULL, NULL );
cache_return_entry( &li->li_cache, e );
return( 1 );
rc = 1;
goto return_results;
} else { /* look for krbName match */
struct berval krbval;
krbval.bv_val = krbname;
krbval.bv_len = strlen( krbname );
if ( value_find( a->a_vals, &krbval, a->a_syntax, 3 )
!= 0 ) {
if ( value_find( a->a_vals, &krbval, a->a_syntax, 3 ) != 0 ) {
send_ldap_result( conn, op,
LDAP_INVALID_CREDENTIALS, NULL, NULL );
cache_return_entry( &li->li_cache, e );
return( 1 );
rc = 1;
goto return_results;
}
}
break;
case LDAP_AUTH_KRBV42:
send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL );
cache_return_entry( &li->li_cache, e );
return( 1 );
/* stop front end from sending result */
rc = 1;
goto return_results;
#endif
default:
send_ldap_result( conn, op, LDAP_STRONG_AUTH_NOT_SUPPORTED,
NULL, "auth method not supported" );
cache_return_entry( &li->li_cache, e );
return( 1 );
rc = 1;
goto return_results;
}
cache_return_entry( &li->li_cache, e );
return_results:;
/* free entry and reader lock */
cache_return_entry_r( &li->li_cache, e );
/* success: front end will send result */
return( 0 );
/* front end with send result on success (rc==0) */
return( rc );
}

137
servers/slapd/back-ldbm/cache.c
View File

@ -52,7 +52,7 @@ cache_set_state( struct cache *cache, Entry *e, int state )
pthread_mutex_unlock( &cache->c_mutex );
}
void
static void
cache_return_entry( struct cache *cache, Entry *e )
{
/* set cache mutex */
@ -66,6 +66,28 @@ cache_return_entry( struct cache *cache, Entry *e )
pthread_mutex_unlock( &cache->c_mutex );
}
static void
cache_return_entry_rw( struct cache *cache, Entry *e, int rw )
{
Debug( LDAP_DEBUG_TRACE, "====> cache_return_entry_%s\n",
rw ? "w" : "r", 0, 0);
entry_rdwr_unlock(e, rw);;
cache_return_entry(cache, e);
}
void
cache_return_entry_r( struct cache *cache, Entry *e )
{
cache_return_entry_rw(cache, e, 0);
}
void
cache_return_entry_w( struct cache *cache, Entry *e )
{
cache_return_entry_rw(cache, e, 1);
}
#define LRU_DELETE( cache, e ) { \
if ( e->e_lruprev != NULL ) { \
e->e_lruprev->e_lrunext = e->e_lrunext; \
@ -114,8 +136,8 @@ cache_add_entry_lock(
cache_entrydn_cmp, avl_dup_error ) != 0 )
{
Debug( LDAP_DEBUG_TRACE,
"entry %20s id %d already in dn cache\n", e->e_dn,
e->e_id, 0 );
"====> cache_add_entry lock: entry %20s id %d already in dn cache\n",
e->e_dn, e->e_id, 0 );
/* free cache mutex */
pthread_mutex_unlock( &cache->c_mutex );
@ -126,14 +148,15 @@ cache_add_entry_lock(
if ( avl_insert( &cache->c_idtree, (caddr_t) e,
cache_entryid_cmp, avl_dup_error ) != 0 )
{
Debug( LDAP_DEBUG_ANY, "entry %20s id %d already in id cache\n",
Debug( LDAP_DEBUG_ANY,
"====> entry %20s id %d already in id cache\n",
e->e_dn, e->e_id, 0 );
/* delete from dn tree inserted above */
if ( avl_delete( &cache->c_dntree, (caddr_t) e,
cache_entrydn_cmp ) == NULL )
{
Debug( LDAP_DEBUG_ANY, "can't delete from dn cache\n",
Debug( LDAP_DEBUG_ANY, "====> can't delete from dn cache\n",
0, 0, 0 );
}
@ -171,6 +194,9 @@ cache_add_entry_lock(
== 0 && cache->c_cursize > cache->c_maxsize ) {
e = cache->c_lrutail;
/* XXX check for writer lock - should also check no readers pending */
assert(pthread_rdwr_wchk_np(&e->e_rdwr));
/* delete from cache and lru q */
rc = cache_delete_entry_internal( cache, e );
@ -184,45 +210,85 @@ cache_add_entry_lock(
}
/*
* cache_find_entry_dn - find an entry in the cache, given dn
* cache_find_entry_dn2id - find an entry in the cache, given dn
*/
Entry *
cache_find_entry_dn(
ID
cache_find_entry_dn2id(
Backend *be,
struct cache *cache,
char *dn
)
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
Entry e, *ep;
ID id;
/* set cache mutex */
pthread_mutex_lock( &cache->c_mutex );
e.e_dn = dn;
if ( (ep = (Entry *) avl_find( cache->c_dntree, (caddr_t) &e,
cache_entrydn_cmp )) != NULL )
{
Debug(LDAP_DEBUG_TRACE, "====> cache_find_entry_dn2id: found dn: %s\n",
dn, 0, 0);
/*
* entry is deleted or not fully created yet
*/
if ( ep->e_state == ENTRY_STATE_DELETED ||
ep->e_state == ENTRY_STATE_CREATING )
ep->e_state == ENTRY_STATE_CREATING )
{
/* free cache mutex */
pthread_mutex_unlock( &cache->c_mutex );
return( NULL );
return( NOID );
}
/* XXX is this safe without writer lock? */
ep->e_refcnt++;
/* lru */
LRU_DELETE( cache, ep );
LRU_ADD( cache, ep );
/* acquire reader lock */
entry_rdwr_lock(ep, 0);
/* re-check */
if ( ep->e_state == ENTRY_STATE_DELETED ||
ep->e_state == ENTRY_STATE_CREATING )
{
/* XXX check that is is required */
ep->e_refcnt--;
/* free reader lock */
entry_rdwr_unlock(ep, 0);
/* free cache mutex */
pthread_mutex_unlock( &cache->c_mutex );
return( NOID );
}
/* save id */
id = ep->e_id;
/* free reader lock */
entry_rdwr_unlock(ep, 0);
/* free cache mutex */
pthread_mutex_unlock( &cache->c_mutex );
cache_return_entry( &li->li_cache, ep );
return( id );
}
/* free cache mutex */
pthread_mutex_unlock( &cache->c_mutex );
return( ep );
return( NOID );
}
/*
@ -231,8 +297,9 @@ cache_find_entry_dn(
Entry *
cache_find_entry_id(
struct cache *cache,
ID id
struct cache *cache,
ID id,
int rw
)
{
Entry e;
@ -242,30 +309,64 @@ cache_find_entry_id(
pthread_mutex_lock( &cache->c_mutex );
e.e_id = id;
if ( (ep = (Entry *) avl_find( cache->c_idtree, (caddr_t) &e,
cache_entryid_cmp )) != NULL )
{
Debug(LDAP_DEBUG_TRACE,
"====> cache_find_entry_dn2id: found id: %ld rw: %d\n",
id, rw, 0);
/*
* entry is deleted or not fully created yet
*/
if ( ep->e_state == ENTRY_STATE_DELETED ||
ep->e_state == ENTRY_STATE_CREATING )
ep->e_state == ENTRY_STATE_CREATING )
{
/* free cache mutex */
pthread_mutex_unlock( &cache->c_mutex );
return( NULL );
}
/* XXX is this safe without writer lock? */
ep->e_refcnt++;
/* lru */
LRU_DELETE( cache, ep );
LRU_ADD( cache, ep );
/* acquire reader lock */
entry_rdwr_lock(ep, 0);
/* re-check */
if ( ep->e_state == ENTRY_STATE_DELETED ||
ep->e_state == ENTRY_STATE_CREATING ) {
/* XXX check that is is required */
ep->e_refcnt--;
/* free reader lock */
entry_rdwr_unlock(ep, 0);
/* free cache mutex */
pthread_mutex_unlock( &cache->c_mutex );
return( NULL );
}
if ( rw ) {
entry_rdwr_unlock(ep, 0);
entry_rdwr_lock(ep, 1);
}
/* free cache mutex */
pthread_mutex_unlock( &cache->c_mutex );
return( ep );
}
/* free cache mutex */
pthread_mutex_unlock( &cache->c_mutex );
return( ep );
return( NULL );
}
/*
@ -287,6 +388,11 @@ cache_delete_entry(
{
int rc;
Debug( LDAP_DEBUG_TRACE, "====> cache_delete_entry:\n", 0, 0, 0 );
/* XXX check for writer lock - should also check no readers pending */
assert(pthread_rdwr_wchk_np(&e->e_rdwr));
/* set cache mutex */
pthread_mutex_lock( &cache->c_mutex );
@ -349,3 +455,4 @@ lru_print( struct cache *cache )
}
#endif

31
servers/slapd/back-ldbm/compare.c
View File

@ -6,8 +6,8 @@
#include <sys/socket.h>
#include "slap.h"
#include "back-ldbm.h"
#include "proto-back-ldbm.h"
extern Entry *dn2entry();
extern Attribute *attr_find();
int
@ -23,33 +23,36 @@ ldbm_back_compare(
char *matched;
Entry *e;
Attribute *a;
int i;
int i, rc;
if ( (e = dn2entry( be, dn, &matched )) == NULL ) {
/* get entry with reader lock */
if ( (e = dn2entry_r( be, dn, &matched )) == NULL ) {
send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT, matched, "" );
return( 1 );
}
/* check for deleted */
if ( ! access_allowed( be, conn, op, e, ava->ava_type, &ava->ava_value,
op->o_dn, ACL_COMPARE ) ) {
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS, "", "" );
cache_return_entry( &li->li_cache, e );
return( 1 );
rc = 1;
goto return_results;
}
if ( (a = attr_find( e->e_attrs, ava->ava_type )) == NULL ) {
send_ldap_result( conn, op, LDAP_NO_SUCH_ATTRIBUTE, "", "" );
cache_return_entry( &li->li_cache, e );
return( 1 );
rc = 1;
goto return_results;
}
if ( value_find( a->a_vals, &ava->ava_value, a->a_syntax, 1 ) == 0 ) {
if ( value_find( a->a_vals, &ava->ava_value, a->a_syntax, 1 ) == 0 )
send_ldap_result( conn, op, LDAP_COMPARE_TRUE, "", "" );
cache_return_entry( &li->li_cache, e );
return( 0 );
}
else
send_ldap_result( conn, op, LDAP_COMPARE_FALSE, "", "" );
send_ldap_result( conn, op, LDAP_COMPARE_FALSE, "", "" );
cache_return_entry( &li->li_cache, e );
return( 0 );
rc = 0;
return_results:;
cache_return_entry_r( &li->li_cache, e );
return( rc );
}

52
servers/slapd/back-ldbm/delete.c
View File

@ -6,8 +6,8 @@
#include <sys/socket.h>
#include "slap.h"
#include "back-ldbm.h"
#include "proto-back-ldbm.h"
extern Entry *dn2entry();
extern Attribute *attr_find();
int
@ -22,7 +22,12 @@ ldbm_back_delete(
char *matched = NULL;
Entry *e;
if ( (e = dn2entry( be, dn, &matched )) == NULL ) {
Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_delete: %s\n", dn, 0, 0);
/* get entry with writer lock */
if ( (e = dn2entry_w( be, dn, &matched )) == NULL ) {
Debug(LDAP_DEBUG_ARGS, "<=- ldbm_back_delete: no such object %s\n",
dn, 0, 0);
send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT, matched, "" );
if ( matched != NULL ) {
free( matched );
@ -30,38 +35,63 @@ ldbm_back_delete(
return( -1 );
}
Debug (LDAP_DEBUG_TRACE,
"rdwr_Xchk: readers_reading: %d writer_writing: %d\n",
e->e_rdwr.readers_reading, e->e_rdwr.writer_writing, 0);
/* check for deleted */
if ( has_children( be, e ) ) {
Debug(LDAP_DEBUG_ARGS, "<=- ldbm_back_delete: non leaf %s\n",
dn, 0, 0);
send_ldap_result( conn, op, LDAP_NOT_ALLOWED_ON_NONLEAF, "",
"" );
cache_return_entry( &li->li_cache, e );
return( -1 );
goto error_return;
}
if ( ! access_allowed( be, conn, op, e, "entry", NULL, op->o_dn,
ACL_WRITE ) ) {
Debug(LDAP_DEBUG_ARGS,
"<=- ldbm_back_delete: insufficient access %s\n",
dn, 0, 0);
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS, "", "" );
cache_return_entry( &li->li_cache, e );
return( -1 );
goto error_return;
}
Debug (LDAP_DEBUG_TRACE,
"rdwr_Xchk: readers_reading: %d writer_writing: %d\n",
e->e_rdwr.readers_reading, e->e_rdwr.writer_writing, 0);
/* XXX delete from parent's id2children entry XXX */
/* delete from dn2id mapping */
if ( dn2id_delete( be, e->e_dn ) != 0 ) {
Debug(LDAP_DEBUG_ARGS,
"<=- ldbm_back_delete: operations error %s\n",
dn, 0, 0);
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, "", "" );
cache_return_entry( &li->li_cache, e );
return( -1 );
goto error_return;
}
/* delete from disk and cache */
if ( id2entry_delete( be, e ) != 0 ) {
Debug(LDAP_DEBUG_ARGS,
"<=- ldbm_back_delete: operations error %s\n",
dn, 0, 0);
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, "", "" );
cache_return_entry( &li->li_cache, e );
return( -1 );
goto error_return;
}
cache_return_entry( &li->li_cache, e );
/* free entry and writer lock */
cache_return_entry_w( &li->li_cache, e );
send_ldap_result( conn, op, LDAP_SUCCESS, "", "" );
return( 0 );
error_return:;
/* free entry and writer lock */
cache_return_entry_w( &li->li_cache, e );
return( -1 );
}

95
servers/slapd/back-ldbm/dn2id.c
View File

@ -6,10 +6,9 @@
#include <sys/socket.h>
#include "slap.h"
#include "back-ldbm.h"
#include "proto-back-ldbm.h"
extern struct dbcache *ldbm_cache_open();
extern Entry *cache_find_entry_dn();
extern Entry *id2entry();
extern char *dn_parent();
extern Datum ldbm_cache_fetch();
@ -20,9 +19,15 @@ dn2id_add(
ID id
)
{
int rc;
int rc, flags;
struct dbcache *db;
Datum key, data;
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
#ifdef LDBM_USE_DB2
memset( &key, 0, sizeof( key ) );
memset( &data, 0, sizeof( data ) );
#endif
Debug( LDAP_DEBUG_TRACE, "=> dn2id_add( \"%s\", %ld )\n", dn, id, 0 );
@ -41,7 +46,10 @@ dn2id_add(
data.dptr = (char *) &id;
data.dsize = sizeof(ID);
rc = ldbm_cache_store( db, key, data, LDBM_INSERT );
flags = LDBM_INSERT;
if ( li->li_flush_wrt ) flags |= LDBM_SYNC;
rc = ldbm_cache_store( db, key, data, flags );
free( dn );
ldbm_cache_close( be, db );
@ -58,31 +66,31 @@ dn2id(
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
struct dbcache *db;
Entry *e;
ID id;
Datum key, data;
Debug( LDAP_DEBUG_TRACE, "=> dn2id( \"%s\" )\n", dn, 0, 0 );
#ifdef LDBM_USE_DB2
memset( &key, 0, sizeof( key ) );
memset( &data, 0, sizeof( data ) );
#endif
dn = strdup( dn );
Debug( LDAP_DEBUG_TRACE, "=> dn2id( \"%s\" )\n", dn, 0, 0 );
dn_normalize_case( dn );
/* first check the cache */
if ( (e = cache_find_entry_dn( &li->li_cache, dn )) != NULL ) {
id = e->e_id;
if ( (id = cache_find_entry_dn2id( be, &li->li_cache, dn )) != NOID ) {
free( dn );
Debug( LDAP_DEBUG_TRACE, "<= dn2id %d (in cache)\n", e->e_id,
0, 0 );
cache_return_entry( &li->li_cache, e );
Debug( LDAP_DEBUG_TRACE, "<= dn2id %d (in cache)\n", id,
0, 0 );
return( id );
}
if ( (db = ldbm_cache_open( be, "dn2id", LDBM_SUFFIX, LDBM_WRCREAT ))
== NULL ) {
== NULL ) {
free( dn );
Debug( LDAP_DEBUG_ANY, "<= dn2id could not open dn2id%s\n",
LDBM_SUFFIX, 0, 0 );
LDBM_SUFFIX, 0, 0 );
return( NOID );
}
@ -118,6 +126,10 @@ dn2id_delete(
Datum key;
int rc;
#ifdef LDBM_USE_DB2
memset( &key, 0, sizeof( key ) );
#endif
Debug( LDAP_DEBUG_TRACE, "=> dn2id_delete( \"%s\" )\n", dn, 0, 0 );
if ( (db = ldbm_cache_open( be, "dn2id", LDBM_SUFFIX, LDBM_WRCREAT ))
@ -145,11 +157,12 @@ dn2id_delete(
* entry.
*/
Entry *
static Entry *
dn2entry(
Backend *be,
char *dn,
char **matched
char **matched,
int rw
)
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
@ -157,8 +170,12 @@ dn2entry(
Entry *e;
char *pdn;
if ( (id = dn2id( be, dn )) != NOID && (e = id2entry( be, id ))
!= NULL ) {
Debug(LDAP_DEBUG_TRACE, "dn2entry_%s: dn: %s\n",
rw ? "w" : "r", dn, 0);
if ( (id = dn2id( be, dn )) != NOID &&
(e = id2entry( be, id, rw )) != NULL )
{
return( e );
}
*matched = NULL;
@ -170,9 +187,11 @@ dn2entry(
/* entry does not exist - see how much of the dn does exist */
if ( (pdn = dn_parent( be, dn )) != NULL ) {
if ( (e = dn2entry( be, pdn, matched )) != NULL ) {
/* get entry with reader lock */
if ( (e = dn2entry_r( be, pdn, matched )) != NULL ) {
*matched = pdn;
cache_return_entry( &li->li_cache, e );
/* free entry with reader lock */
cache_return_entry_r( &li->li_cache, e );
} else {
free( pdn );
}
@ -180,3 +199,39 @@ dn2entry(
return( NULL );
}
#if 0
if (e->e_state == ENTRY_STATE_DELETED)
continue;
if (strcmp(dn, e->e_dn) != 0)
continue;
/* return locked entry entry */
return(e);
}
}
#endif
Entry *
dn2entry_r(
Backend *be,
char *dn,
char **matched
)
{
return( dn2entry( be, dn, matched, 0 ) );
}
Entry *
dn2entry_w(
Backend *be,
char *dn,
char **matched
)
{
return( dn2entry( be, dn, matched, 1 ) );
}

91
servers/slapd/back-ldbm/group.c Normal file
View File

@ -0,0 +1,91 @@
/* compare.c - ldbm backend compare routine */
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include "slap.h"
#include "back-ldbm.h"
#include "proto-back-ldbm.h"
extern Attribute *attr_find();
#ifdef ACLGROUP
/* return 0 IFF edn is a value in uniqueMember attribute
* of entry with bdn AND that entry has an objectClass
* value of groupOfUniqueNames
*/
int
ldbm_back_group(
Backend *be,
char *bdn,
char *edn
)
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
Entry *e;
char *matched;
Attribute *objectClass;
Attribute *uniqueMember;
int rc;
Debug( LDAP_DEBUG_TRACE, "=> ldbm_back_group: bdn: %s\n", bdn, 0, 0 );
Debug( LDAP_DEBUG_TRACE, "=> ldbm_back_group: edn: %s\n", edn, 0, 0 );
/* can we find bdn entry with reader lock */
if ((e = dn2entry_r(be, bdn, &matched )) == NULL) {
Debug( LDAP_DEBUG_TRACE, "=> ldbm_back_group: cannot find bdn: %s matched: %x\n", bdn, matched, 0 );
if (matched != NULL)
free(matched);
return( 1 );
}
Debug( LDAP_DEBUG_ARGS, "=> ldbm_back_group: found bdn: %s matched: %x\n", bdn, matched, 0 );
/* check for deleted */
/* find it's objectClass and uniqueMember attribute values
* make sure this is a group entry
* finally test if we can find edn in the uniqueMember attribute value list *
*/
rc = 1;
if ((objectClass = attr_find(e->e_attrs, "objectclass")) == NULL) {
Debug( LDAP_DEBUG_TRACE, "<= ldbm_back_group: failed to find objectClass\n", 0, 0, 0 );
}
else if ((uniqueMember = attr_find(e->e_attrs, "uniquemember")) == NULL) {
Debug( LDAP_DEBUG_TRACE, "<= ldbm_back_group: failed to find uniqueMember\n", 0, 0, 0 );
}
else {
struct berval bvObjectClass;
struct berval bvUniqueMembers;
Debug( LDAP_DEBUG_ARGS, "<= ldbm_back_group: found objectClass and uniqueMembers\n", 0, 0, 0 );
bvObjectClass.bv_val = "groupofuniquenames";
bvObjectClass.bv_len = strlen( bvObjectClass.bv_val );
bvUniqueMembers.bv_val = edn;
bvUniqueMembers.bv_len = strlen( edn );
if (value_find(objectClass->a_vals, &bvObjectClass, SYNTAX_CIS, 1) != 0) {
Debug( LDAP_DEBUG_TRACE, "<= ldbm_back_group: failed to find objectClass in groupOfUniqueNames\n",
0, 0, 0 );
}
else if (value_find(uniqueMember->a_vals, &bvUniqueMembers, SYNTAX_CIS, 1) != 0) {
Debug( LDAP_DEBUG_ACL, "<= ldbm_back_group: %s not in %s: groupOfUniqueNames\n",
edn, bdn, 0 );
}
else {
Debug( LDAP_DEBUG_ACL, "<= ldbm_back_group: %s is in %s: groupOfUniqueNames\n",
edn, bdn, 0 );
rc = 0;
}
}
/* free entry and reader lock */
cache_return_entry_r( &li->li_cache, e );
Debug( LDAP_DEBUG_ARGS, "ldbm_back_group: rc: %d\n", rc, 0, 0 );
return(rc);
}
#endif

90
servers/slapd/back-ldbm/id2entry.c
View File

@ -10,7 +10,6 @@ extern struct dbcache *ldbm_cache_open();
extern Datum ldbm_cache_fetch();
extern char *dn_parent();
extern Entry *str2entry();
extern Entry *cache_find_entry_id();
extern char *entry2str();
extern pthread_mutex_t entry2str_mutex;
@ -20,7 +19,12 @@ id2entry_add( Backend *be, Entry *e )
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
struct dbcache *db;
Datum key, data;
int len, rc;
int len, rc, flags;
#ifdef LDBM_USE_DB2
memset( &key, 0, sizeof( key ) );
memset( &data, 0, sizeof( data ) );
#endif
Debug( LDAP_DEBUG_TRACE, "=> id2entry_add( %d, \"%s\" )\n", e->e_id,
e->e_dn, 0 );
@ -39,8 +43,10 @@ id2entry_add( Backend *be, Entry *e )
data.dptr = entry2str( e, &len, 1 );
data.dsize = len + 1;
/* store it - LDBM_SYNC ensures id2entry is always consistent */
rc = ldbm_cache_store( db, key, data, LDBM_REPLACE|LDBM_SYNC );
/* store it */
flags = LDBM_REPLACE;
if ( li->li_flush_wrt ) flags != LDBM_SYNC;
rc = ldbm_cache_store( db, key, data, flags );
pthread_mutex_unlock( &entry2str_mutex );
@ -48,6 +54,8 @@ id2entry_add( Backend *be, Entry *e )
(void) cache_add_entry_lock( &li->li_cache, e, 0 );
Debug( LDAP_DEBUG_TRACE, "<= id2entry_add %d\n", rc, 0, 0 );
/* XXX should entries be born locked, i.e. apply writer lock here? */
return( rc );
}
@ -62,8 +70,20 @@ id2entry_delete( Backend *be, Entry *e )
Debug( LDAP_DEBUG_TRACE, "=> id2entry_delete( %d, \"%s\" )\n", e->e_id,
e->e_dn, 0 );
/* XXX - check for writer lock - should also check no reader pending */
assert(pthread_rdwr_wchk_np(&e->e_rdwr));
#ifdef LDBM_USE_DB2
memset( &key, 0, sizeof( key ) );
#endif
/* XXX - check for writer lock - should also check no reader pending */
Debug (LDAP_DEBUG_TRACE,
"rdwr_Xchk: readers_reading: %d writer_writing: %d\n",
e->e_rdwr.readers_reading, e->e_rdwr.writer_writing, 0);
if ( (db = ldbm_cache_open( be, "id2entry", LDBM_SUFFIX, LDBM_WRCREAT ))
== NULL ) {
== NULL ) {
Debug( LDAP_DEBUG_ANY, "Could not open/create id2entry%s\n",
LDBM_SUFFIX, 0, 0 );
return( -1 );
@ -85,24 +105,31 @@ id2entry_delete( Backend *be, Entry *e )
return( rc );
}
/* XXX returns entry with reader/writer lock */
Entry *
id2entry( Backend *be, ID id )
id2entry( Backend *be, ID id, int rw )
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
struct dbcache *db;
Datum key, data;
Entry *e;
Debug( LDAP_DEBUG_TRACE, "=> id2entry( %ld )\n", id, 0, 0 );
#ifdef LDBM_USE_DB2
memset( &key, 0, sizeof( key ) );
memset( &data, 0, sizeof( data ) );
#endif
if ( (e = cache_find_entry_id( &li->li_cache, id )) != NULL ) {
Debug( LDAP_DEBUG_TRACE, "<= id2entry 0x%x (cache)\n", e, 0,
0 );
Debug( LDAP_DEBUG_TRACE, "=> id2entry_%s( %ld )\n",
rw ? "w" : "r", id, 0 );
if ( (e = cache_find_entry_id( &li->li_cache, id, rw )) != NULL ) {
Debug( LDAP_DEBUG_TRACE, "<= id2entry_%s 0x%x (cache)\n",
rw ? "w" : "r", e, 0 );
return( e );
}
if ( (db = ldbm_cache_open( be, "id2entry", LDBM_SUFFIX, LDBM_WRCREAT ))
== NULL ) {
== NULL ) {
Debug( LDAP_DEBUG_ANY, "Could not open id2entry%s\n",
LDBM_SUFFIX, 0, 0 );
return( NULL );
@ -114,20 +141,47 @@ id2entry( Backend *be, ID id )
data = ldbm_cache_fetch( db, key );
if ( data.dptr == NULL ) {
Debug( LDAP_DEBUG_TRACE, "<= id2entry( %ld ) not found\n", id,
0, 0 );
Debug( LDAP_DEBUG_TRACE, "<= id2entry_%s( %ld ) not found\n",
rw ? "w" : "r", id, 0 );
ldbm_cache_close( be, db );
return( NULL );
}
if ( (e = str2entry( data.dptr )) != NULL ) {
e->e_id = id;
(void) cache_add_entry_lock( &li->li_cache, e, 0 );
}
e = str2entry( data.dptr );
ldbm_datum_free( db->dbc_db, data );
ldbm_cache_close( be, db );
Debug( LDAP_DEBUG_TRACE, "<= id2entry( %ld ) 0x%x (disk)\n", id, e, 0 );
if ( e == NULL ) {
Debug( LDAP_DEBUG_TRACE, "<= id2entry_%s( %ld ) (failed)\n",
rw ? "w" : "r", id, 0 );
return( NULL );
}
/* acquire required reader/writer lock */
if (entry_rdwr_lock(e, rw)) {
/* XXX set DELETE flag?? */
entry_free(e);
return(NULL);
}
e->e_id = id;
(void) cache_add_entry_lock( &li->li_cache, e, 0 );
Debug( LDAP_DEBUG_TRACE, "<= id2entry_%s( %ld ) (disk)\n",
rw ? "w" : "r", id, 0 );
return( e );
}
Entry *
id2entry_r( Backend *be, ID id )
{
return( id2entry( be, id, 0 ) );
}
Entry *
id2entry_2( Backend *be, ID id )
{
return( id2entry( be, id, 1 ) );
}

7
servers/slapd/back-ldbm/kerberos.c
View File

@ -8,12 +8,15 @@
#include "back-ldbm.h"
#ifdef KERBEROS
#include "krb.h"
#ifdef KERBEROS_V
#include <kerberosIV/krb.h>
#else
#include <krb.h>
#endif /* KERBEROS_V */
#define LDAP_KRB_PRINCIPAL "ldapserver"
extern char *ldap_srvtab;
extern Entry *dn2entry();
extern Attribute *attr_find();
krbv4_ldap_auth(

49
servers/slapd/back-ldbm/modify.c
View File

@ -6,9 +6,9 @@
#include <sys/socket.h>
#include "slap.h"
#include "back-ldbm.h"
#include "proto-back-ldbm.h"
extern int global_schemacheck;
extern Entry *dn2entry();
extern Attribute *attr_find();
static int add_values();
@ -30,7 +30,9 @@ ldbm_back_modify(
int i, err, modtype;
LDAPMod *mod;
if ( (e = dn2entry( be, dn, &matched )) == NULL ) {
Debug(LDAP_DEBUG_ARGS, "ldbm_back_modify:\n", 0, 0, 0);
if ( (e = dn2entry_w( be, dn, &matched )) == NULL ) {
send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT, matched,
NULL );
if ( matched != NULL ) {
@ -38,12 +40,14 @@ ldbm_back_modify(
}
return( -1 );
}
/* check for deleted */
/* lock entry */
if ( (err = acl_check_mods( be, conn, op, e, mods )) != LDAP_SUCCESS ) {
send_ldap_result( conn, op, err, NULL, NULL );
cache_return_entry( &li->li_cache, e );
return( -1 );
goto error_return;
}
for ( mod = mods; mod != NULL; mod = mod->mod_next ) {
@ -64,55 +68,52 @@ ldbm_back_modify(
if ( err != LDAP_SUCCESS ) {
/* unlock entry, delete from cache */
send_ldap_result( conn, op, err, NULL, NULL );
cache_return_entry( &li->li_cache, e );
return( -1 );
goto error_return;
}
}
/* check that the entry still obeys the schema */
if ( global_schemacheck && oc_schema_check( e ) != 0 ) {
Debug( LDAP_DEBUG_ANY, "entry failed schema check\n", 0, 0, 0 );
send_ldap_result( conn, op, LDAP_OBJECT_CLASS_VIOLATION, NULL, NULL );
goto error_return;
}
/* check for abandon */
pthread_mutex_lock( &op->o_abandonmutex );
if ( op->o_abandon ) {
pthread_mutex_unlock( &op->o_abandonmutex );
cache_return_entry( &li->li_cache, e );
return( -1 );
goto error_return;
}
pthread_mutex_unlock( &op->o_abandonmutex );
/* check that the entry still obeys the schema */
if ( global_schemacheck && oc_schema_check( e ) != 0 ) {
send_ldap_result( conn, op, LDAP_OBJECT_CLASS_VIOLATION, NULL,
NULL );
cache_return_entry( &li->li_cache, e );
return( -1 );
}
/* modify indexes */
if ( index_add_mods( be, mods, e->e_id ) != 0 ) {
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL, NULL );
cache_return_entry( &li->li_cache, e );
return( -1 );
goto error_return;
}
/* check for abandon */
pthread_mutex_lock( &op->o_abandonmutex );
if ( op->o_abandon ) {
pthread_mutex_unlock( &op->o_abandonmutex );
cache_return_entry( &li->li_cache, e );
return( -1 );
goto error_return;
}
pthread_mutex_unlock( &op->o_abandonmutex );
/* change the entry itself */
if ( id2entry_add( be, e ) != 0 ) {
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL, NULL );
cache_return_entry( &li->li_cache, e );
return( -1 );
goto error_return;
}
send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL );
cache_return_entry( &li->li_cache, e );
cache_return_entry_w( &li->li_cache, e );
return( 0 );
error_return:;
cache_return_entry_w( &li->li_cache, e );
return( -1 );
}
static int

41
servers/slapd/back-ldbm/modrdn.c
View File

@ -6,8 +6,8 @@
#include <sys/socket.h>
#include "slap.h"
#include "back-ldbm.h"
#include "proto-back-ldbm.h"
extern Entry *dn2entry();
extern char *dn_parent();
int
@ -24,10 +24,12 @@ ldbm_back_modrdn(
char *matched;
char *pdn, *newdn, *p;
char sep[2];
Entry *e, *e2;
Entry *e;
matched = NULL;
if ( (e = dn2entry( be, dn, &matched )) == NULL ) {
/* get entry with writer lock */
if ( (e = dn2entry_w( be, dn, &matched )) == NULL ) {
send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT, matched, "" );
if ( matched != NULL ) {
free( matched );
@ -61,17 +63,12 @@ ldbm_back_modrdn(
}
(void) dn_normalize( newdn );
matched = NULL;
if ( (e2 = dn2entry( be, newdn, &matched )) != NULL ) {
/* get entry with writer lock */
if ( (dn2id ( be, newdn ) ) != NOID ) {
free( newdn );
free( pdn );
send_ldap_result( conn, op, LDAP_ALREADY_EXISTS, NULL, NULL );
cache_return_entry( &li->li_cache, e2 );
cache_return_entry( &li->li_cache, e );
return( -1 );
}
if ( matched != NULL ) {
free( matched );
goto error_return;
}
/* check for abandon */
@ -80,9 +77,7 @@ ldbm_back_modrdn(
pthread_mutex_unlock( &op->o_abandonmutex );
free( newdn );
free( pdn );
cache_return_entry( &li->li_cache, e2 );
cache_return_entry( &li->li_cache, e );
return( -1 );
goto error_return;
}
pthread_mutex_unlock( &op->o_abandonmutex );
@ -91,8 +86,7 @@ ldbm_back_modrdn(
free( newdn );
free( pdn );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL, NULL );
cache_return_entry( &li->li_cache, e );
return( -1 );
goto error_return;
}
/* delete old one */
@ -100,8 +94,7 @@ ldbm_back_modrdn(
free( newdn );
free( pdn );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL, NULL );
cache_return_entry( &li->li_cache, e );
return( -1 );
goto error_return;
}
(void) cache_delete_entry( &li->li_cache, e );
@ -120,13 +113,19 @@ ldbm_back_modrdn(
/* id2entry index */
if ( id2entry_add( be, e ) != 0 ) {
entry_free( e );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, "", "" );
return( -1 );
goto error_return;
}
free( pdn );
cache_return_entry( &li->li_cache, e );
/* free entry and writer lock */
cache_return_entry_w( &li->li_cache, e );
send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL );
return( 0 );
error_return:
/* free entry and writer lock */
cache_return_entry_w( &li->li_cache, e );
return( -1 );
}

15
servers/slapd/back-ldbm/proto-back-ldbm.h
View File

@ -15,10 +15,11 @@ void attr_index_config( struct ldbminfo *li, char *fname, int lineno,
*/
void cache_set_state( struct cache *cache, Entry *e, int state );
void cache_return_entry( struct cache *cache, Entry *e );
void cache_return_entry_r( struct cache *cache, Entry *e );
void cache_return_entry_w( struct cache *cache, Entry *e );
int cache_add_entry_lock( struct cache *cache, Entry *e, int state );
Entry * cache_find_entry_dn( struct cache *cache, char *dn );
Entry * cache_find_entry_id( struct cache *cache, ID id );
ID cache_find_entry_dn2id( Backend *be, struct cache *cache, char *dn );
Entry * cache_find_entry_id( struct cache *cache, ID id, int rw );
int cache_delete_entry( struct cache *cache, Entry *e );
/*
@ -40,7 +41,9 @@ int ldbm_cache_delete( struct dbcache *db, Datum key );
int dn2id_add( Backend *be, char *dn, ID id );
ID dn2id( Backend *be, char *dn );
int dn2id_delete( Backend *be, char *dn );
Entry * dn2entry( Backend *be, char *dn, char **matched );
/*Entry * dn2entry( Backend *be, char *dn, char **matched );*/
Entry * dn2entry_r( Backend *be, char *dn, char **matched );
Entry * dn2entry_w( Backend *be, char *dn, char **matched );
/*
* filterindex.c
@ -61,7 +64,9 @@ int has_children( Backend *be, Entry *p );
int id2entry_add( Backend *be, Entry *e );
int id2entry_delete( Backend *be, Entry *e );
Entry * id2entry( Backend *be, ID id );
Entry * id2entry( Backend *be, ID id, int rw );
Entry * id2entry_r( Backend *be, ID id );
Entry * id2entry_w( Backend *be, ID id );
/*
* idl.c

72
servers/slapd/back-ldbm/search.c
View File

@ -6,14 +6,12 @@
#include <sys/socket.h>
#include "slap.h"
#include "back-ldbm.h"
#include "proto-back-ldbm.h"
extern time_t currenttime;
extern pthread_mutex_t currenttime_mutex;
extern ID dn2id();
extern IDList *idl_alloc();
extern Entry *id2entry();
extern Entry *dn2entry();
extern Attribute *attr_find();
extern IDList *filter_candidates();
extern char *ch_realloc();
@ -62,6 +60,8 @@ ldbm_back_search(
char *rbuf, *rcur, *r;
int nentries = 0;
Debug(LDAP_DEBUG_ARGS, "=> ldbm_back_search\n", 0, 0, 0);
if ( tlimit == 0 && be_isroot( be, op->o_dn ) ) {
tlimit = -1; /* allow root to set no limit */
} else {
@ -139,10 +139,9 @@ ldbm_back_search(
}
pthread_mutex_unlock( &currenttime_mutex );
/* get the entry */
if ( (e = id2entry( be, id )) == NULL ) {
Debug( LDAP_DEBUG_ARGS, "candidate %d not found\n", id,
0, 0 );
/* get the entry with reader lock */
if ( (e = id2entry_r( be, id )) == NULL ) {
Debug( LDAP_DEBUG_ARGS, "candidate %d not found\n", id, 0, 0 );
continue;
}
@ -152,14 +151,14 @@ ldbm_back_search(
* here since it's only a candidate anyway.
*/
if ( e->e_dn != NULL && strncasecmp( e->e_dn, "ref=", 4 )
== 0 && (ref = attr_find( e->e_attrs, "ref" )) != NULL &&
scope == LDAP_SCOPE_SUBTREE )
== 0 && (ref = attr_find( e->e_attrs, "ref" )) != NULL &&
scope == LDAP_SCOPE_SUBTREE )
{
int i, len;
if ( ref->a_vals == NULL ) {
Debug( LDAP_DEBUG_ANY, "null ref in (%s)\n", 0,
0, 0 );
0, 0 );
} else {
for ( i = 0; ref->a_vals[i] != NULL; i++ ) {
/* referral + newline + null */
@ -200,7 +199,7 @@ ldbm_back_search(
if ( scopeok ) {
/* check size limit */
if ( --slimit == -1 ) {
cache_return_entry( &li->li_cache, e );
cache_return_entry_r( &li->li_cache, e );
send_ldap_search_result( conn, op,
LDAP_SIZELIMIT_EXCEEDED, NULL,
nrefs > 0 ? rbuf : NULL, nentries );
@ -217,7 +216,7 @@ ldbm_back_search(
case 1: /* entry not sent */
break;
case -1: /* connection closed */
cache_return_entry( &li->li_cache, e );
cache_return_entry_r( &li->li_cache, e );
idl_free( candidates );
free( rbuf );
return( 0 );
@ -226,7 +225,10 @@ ldbm_back_search(
}
}
cache_return_entry( &li->li_cache, e );
if( e == NULL ) {
/* free reader lock */
cache_return_entry_r( &li->li_cache, e );
}
pthread_yield();
}
@ -262,16 +264,24 @@ base_candidates(
IDList *idl;
Entry *e;
Debug(LDAP_DEBUG_TRACE, "base_candidates: base: %s\n", base, 0, 0);
*err = LDAP_SUCCESS;
if ( (e = dn2entry( be, base, matched )) == NULL ) {
/* get entry with reader lock */
if ( (e = dn2entry_r( be, base, matched )) == NULL ) {
*err = LDAP_NO_SUCH_OBJECT;
return( NULL );
}
/* check for deleted */
idl = idl_alloc( 1 );
idl_insert( &idl, e->e_id, 1 );
cache_return_entry( &li->li_cache, e );
/* free reader lock */
cache_return_entry_r( &li->li_cache, e );
return( idl );
}
@ -295,11 +305,14 @@ onelevel_candidates(
char buf[20];
IDList *candidates;
Debug(LDAP_DEBUG_TRACE, "onelevel_candidates: base: %s\n", base, 0, 0);
*err = LDAP_SUCCESS;
e = NULL;
/* get the base object */
if ( base != NULL && *base != '\0' && (e = dn2entry( be, base,
matched )) == NULL ) {
/* get the base object with reader lock */
if ( base != NULL && *base != '\0' &&
(e = dn2entry_r( be, base, matched )) == NULL )
{
*err = LDAP_NO_SUCH_OBJECT;
return( NULL );
}
@ -329,6 +342,8 @@ onelevel_candidates(
f->f_and->f_next = NULL;
filter_free( f );
/* free entry and reader lock */
cache_return_entry_r( &li->li_cache, e );
return( candidates );
}
@ -351,6 +366,9 @@ subtree_candidates(
Filter *f;
IDList *candidates;
Debug(LDAP_DEBUG_TRACE, "subtree_candidates: base: %s\n",
base ? base : "NULL", 0, 0);
/*
* get the base object - unless we already have it (from one-level).
* also, unless this is a one-level search or a subtree search
@ -365,20 +383,26 @@ subtree_candidates(
*err = LDAP_SUCCESS;
f = NULL;
if ( lookupbase ) {
if ( base != NULL && *base != '\0' && (e = dn2entry( be, base,
matched )) == NULL ) {
if ( base != NULL && *base != '\0' &&
(e = dn2entry_r( be, base, matched )) == NULL )
{
*err = LDAP_NO_SUCH_OBJECT;
return( NULL );
}
if (e) {
cache_return_entry_r( &li->li_cache, e );
}
f = (Filter *) ch_malloc( sizeof(Filter) );
f->f_next = NULL;
f->f_choice = LDAP_FILTER_OR;
f->f_or = (Filter *) ch_malloc( sizeof(Filter) );
f->f_or->f_choice = LDAP_FILTER_EQUALITY;
f->f_or->f_avtype = strdup( "objectclass" );
f->f_or->f_avvalue.bv_val = strdup( "referral" );
f->f_or->f_avvalue.bv_len = strlen( "referral" );
/* Patch to use normalized uppercase */
f->f_or->f_avvalue.bv_val = strdup( "REFERRAL" );
f->f_or->f_avvalue.bv_len = strlen( "REFERRAL" );
f->f_or->f_next = filter;
filter = f;
@ -406,9 +430,5 @@ subtree_candidates(
filter_free( f );
}
if ( e != NULL ) {
cache_return_entry( &li->li_cache, e );
}
return( candidates );
}

3
servers/slapd/configinfo.c
View File

@ -40,6 +40,9 @@ config_info( Connection *conn, Operation *op )
vals[1] = NULL;
e = (Entry *) ch_calloc( 1, sizeof(Entry) );
/* initialize reader/writer lock */
entry_rdwr_init(e);
e->e_attrs = NULL;
e->e_dn = strdup( SLAPD_CONFIG_DN );

5
servers/slapd/daemon.c
View File

@ -198,6 +198,9 @@ slapd_daemon(
FD_ZERO( &readfds );
FD_SET( tcps, &readfds );
zero.tv_sec = 0;
zero.tv_usec = 0;
pthread_mutex_lock( &active_threads_mutex );
Debug( LDAP_DEBUG_CONNS,
"listening for connections on %d, activity on:",
@ -218,8 +221,6 @@ slapd_daemon(
Debug( LDAP_DEBUG_CONNS, "\n", 0, 0, 0 );
pthread_mutex_unlock( &new_conn_mutex );
zero.tv_sec = 0;
zero.tv_usec = 0;
Debug( LDAP_DEBUG_CONNS, "before select active_threads %d\n",
active_threads, 0, 0 );
#if defined(THREAD_PREEMPTIVE) || defined(NO_THREADS)

63
servers/slapd/entry.c
View File

@ -43,9 +43,12 @@ str2entry( char *s )
* or newline.
*/
Debug( LDAP_DEBUG_TRACE, "=> str2entry\n", s, 0, 0 );
Debug( LDAP_DEBUG_TRACE, "=> str2entry\n",
s ? s : "NULL", 0, 0 );
e = (Entry *) ch_calloc( 1, sizeof(Entry) );
/* initialize reader/writer lock */
entry_rdwr_init(e);
/* check to see if there's an id included */
next = s;
@ -112,6 +115,7 @@ str2entry( char *s )
}
Debug( LDAP_DEBUG_TRACE, "<= str2entry 0x%x\n", e, 0, 0 );
return( e );
}
@ -187,6 +191,10 @@ entry_free( Entry *e )
int i;
Attribute *a, *next;
/* XXX check that no reader/writer locks exist */
assert( !pthread_rdwr_wchk_np(&e->e_rdwr) &&
!pthread_rdwr_rchk_np(&e->e_rdwr) );
if ( e->e_dn != NULL ) {
free( e->e_dn );
}
@ -196,3 +204,56 @@ entry_free( Entry *e )
}
free( e );
}
int
entry_rdwr_lock(Entry *e, int rw)
{
Debug( LDAP_DEBUG_ARGS, "entry_rdwr_%slock: ID: %ld\n",
rw ? "w" : "r", e->e_id, 0);
if (rw)
return pthread_rdwr_wlock_np(&e->e_rdwr);
else
return pthread_rdwr_rlock_np(&e->e_rdwr);
}
int
entry_rdwr_rlock(Entry *e)
{
return entry_rdwr_lock( e, 0 );
}
int
entry_rdwr_wlock(Entry *e)
{
return entry_rdwr_lock( e, 1 );
}
int
entry_rdwr_unlock(Entry *e, int rw)
{
Debug( LDAP_DEBUG_ARGS, "entry_rdwr_%sunlock: ID: %ld\n",
rw ? "w" : "r", e->e_id, 0);
if (rw)
return pthread_rdwr_wunlock_np(&e->e_rdwr);
else
return pthread_rdwr_runlock_np(&e->e_rdwr);
}
int
entry_rdwr_runlock(Entry *e)
{
return entry_rdwr_unlock( e, 0 );
}
int
entry_rdwr_wunlock(Entry *e)
{
return entry_rdwr_unlock( e, 1 );
}
int
entry_rdwr_init(Entry *e)
{
return pthread_rdwr_init_np(&e->e_rdwr, NULL);
}

55
servers/slapd/modify.c
View File

@ -155,14 +155,14 @@ do_modify(
*/
if ( be->be_modify != NULL ) {
/* do the update here */
if ( be->be_updatedn == NULL || strcasecmp( be->be_updatedn,
op->o_dn ) == 0 ) {
if ( (be->be_lastmod == ON || be->be_lastmod == 0 &&
global_lastmod == ON) && be->be_updatedn == NULL ) {
if ( be->be_updatedn == NULL ||
strcasecmp( be->be_updatedn, op->o_dn ) == 0 ) {
if ( (be->be_lastmod == ON || ( be->be_lastmod == UNDEFINED &&
global_lastmod == ON ) ) && be->be_updatedn == NULL ) {
add_lastmods( op, &mods );
}
if ( (*be->be_modify)( be, conn, op, odn, mods )
== 0 ) {
if ( (*be->be_modify)( be, conn, op, odn, mods ) == 0 ) {
replog( be, LDAP_REQ_MODIFY, dn, mods, 0 );
}
@ -200,7 +200,7 @@ modlist_free(
static void
add_lastmods( Operation *op, LDAPMod **mods )
{
char buf[20];
char buf[22];
struct berval bv;
struct berval *bvals[2];
LDAPMod **m;
@ -214,17 +214,25 @@ add_lastmods( Operation *op, LDAPMod **mods )
/* remove any attempts by the user to modify these attrs */
for ( m = mods; *m != NULL; m = &(*m)->mod_next ) {
if ( strcasecmp( (*m)->mod_type, "modifytimestamp" ) == 0
|| strcasecmp( (*m)->mod_type, "modifiersname" ) == 0 ) {
tmp = *m;
*m = (*m)->mod_next;
free( tmp->mod_type );
if ( tmp->mod_bvalues != NULL ) {
ber_bvecfree( tmp->mod_bvalues );
}
free( tmp );
}
}
if ( strcasecmp( (*m)->mod_type, "modifytimestamp" ) == 0 ||
strcasecmp( (*m)->mod_type, "modifiersname" ) == 0 ||
strcasecmp( (*m)->mod_type, "createtimestamp" ) == 0 ||
strcasecmp( (*m)->mod_type, "creatorsname" ) == 0 ) {
Debug( LDAP_DEBUG_TRACE,
"add_lastmods: found lastmod attr: %s\n",
(*m)->mod_type, 0, 0 );
tmp = *m;
*m = (*m)->mod_next;
free( tmp->mod_type );
if ( tmp->mod_bvalues != NULL ) {
ber_bvecfree( tmp->mod_bvalues );
}
free( tmp );
if (!*m)
break;
}
}
if ( op->o_dn == NULL || op->o_dn[0] == '\0' ) {
bv.bv_val = "NULLDN";
@ -243,16 +251,19 @@ add_lastmods( Operation *op, LDAPMod **mods )
*mods = tmp;
pthread_mutex_lock( &currenttime_mutex );
ltm = localtime( &currenttime );
strftime( buf, sizeof(buf), "%y%m%d%H%M%SZ", ltm );
ltm = localtime( &currenttime );
#ifdef LDAP_Y2K
strftime( buf, sizeof(buf), "%Y%m%d%H%M%SZ", ltm );
#else
strftime( buf, sizeof(buf), "%y%m%d%H%M%SZ", ltm );
#endif
pthread_mutex_unlock( &currenttime_mutex );
bv.bv_val = buf;
bv.bv_len = strlen( bv.bv_val );
tmp = (LDAPMod *) ch_calloc( 1, sizeof(LDAPMod) );
tmp->mod_type = strdup( "modifytimestamp" );
tmp->mod_op = LDAP_MOD_REPLACE;
tmp->mod_bvalues = (struct berval **) ch_calloc( 1,
2 * sizeof(struct berval *) );
tmp->mod_bvalues = (struct berval **) ch_calloc( 1, 2 * sizeof(struct berval *) );
tmp->mod_bvalues[0] = ber_bvdup( &bv );
tmp->mod_next = *mods;
*mods = tmp;

49
servers/slapd/monitor.c
View File

@ -10,8 +10,16 @@
* is provided ``as is'' without express or implied warranty.
*/
/* Revision history
*
* 5-Jun-96 jeff.hodges@stanford.edu
* Added locking of new_conn_mutex when traversing the c[] array.
* Added locking of currenttime_mutex to protect call(s) to localtime().
*/
#include <stdio.h>
#include <string.h>
#include <time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include "slap.h"
@ -32,18 +40,16 @@ extern time_t currenttime;
extern time_t starttime;
extern int num_conns;
extern pthread_mutex_t new_conn_mutex;
extern pthread_mutex_t currenttime_mutex;
extern char Versionstr[];
/*
* no mutex protection in here - take our chances!
*/
void
monitor_info( Connection *conn, Operation *op )
{
Entry *e;
char buf[BUFSIZ], buf2[20];
char buf[BUFSIZ], buf2[22];
struct berval val;
struct berval *vals[2];
int i, nconns, nwritewaiters, nreadwaiters;
@ -54,6 +60,8 @@ monitor_info( Connection *conn, Operation *op )
vals[1] = NULL;
e = (Entry *) ch_calloc( 1, sizeof(Entry) );
/* initialize reader/writer lock */
entry_rdwr_init(e);
e->e_attrs = NULL;
e->e_dn = strdup( SLAPD_MONITOR_DN );
@ -73,6 +81,8 @@ monitor_info( Connection *conn, Operation *op )
nconns = 0;
nwritewaiters = 0;
nreadwaiters = 0;
pthread_mutex_lock( &new_conn_mutex );
for ( i = 0; i < dtblsize; i++ ) {
if ( c[i].c_sb.sb_sd != -1 ) {
nconns++;
@ -82,8 +92,15 @@ monitor_info( Connection *conn, Operation *op )
if ( c[i].c_gettingber ) {
nreadwaiters++;
}
pthread_mutex_lock( &currenttime_mutex );
ltm = localtime( &c[i].c_starttime );
#ifdef LDAP_Y2K
strftime( buf2, sizeof(buf2), "%Y%m%d%H%M%SZ", ltm );
#else
strftime( buf2, sizeof(buf2), "%y%m%d%H%M%SZ", ltm );
#endif
pthread_mutex_unlock( &currenttime_mutex );
pthread_mutex_lock( &c[i].c_dnmutex );
sprintf( buf, "%d : %s : %ld : %ld : %s : %s%s", i,
buf2, c[i].c_opsinitiated, c[i].c_opscompleted,
@ -96,6 +113,8 @@ monitor_info( Connection *conn, Operation *op )
attr_merge( e, "connection", vals );
}
}
pthread_mutex_unlock( &new_conn_mutex );
sprintf( buf, "%d", nconns );
val.bv_val = buf;
val.bv_len = strlen( buf );
@ -141,14 +160,26 @@ monitor_info( Connection *conn, Operation *op )
val.bv_len = strlen( buf );
attr_merge( e, "bytessent", vals );
ltm = localtime( &currenttime );
strftime( buf, sizeof(buf), "%y%m%d%H%M%SZ", ltm );
pthread_mutex_lock( &currenttime_mutex );
ltm = localtime( &currenttime );
#ifdef LDAP_Y2K
strftime( buf, sizeof(buf), "%Y%m%d%H%M%SZ", ltm );
#else
strftime( buf, sizeof(buf), "%y%m%d%H%M%SZ", ltm );
#endif
pthread_mutex_unlock( &currenttime_mutex );
val.bv_val = buf;
val.bv_len = strlen( buf );
attr_merge( e, "currenttime", vals );
ltm = localtime( &starttime );
strftime( buf, sizeof(buf), "%y%m%d%H%M%SZ", ltm );
pthread_mutex_lock( &currenttime_mutex );
ltm = localtime( &starttime );
#ifdef LDAP_Y2K
strftime( buf, sizeof(buf), "%Y%m%d%H%M%SZ", ltm );
#else
strftime( buf, sizeof(buf), "%y%m%d%H%M%SZ", ltm );
#endif
pthread_mutex_unlock( &currenttime_mutex );
val.bv_val = buf;
val.bv_len = strlen( buf );
attr_merge( e, "starttime", vals );

15
servers/slapd/proto-slap.h
View File

@ -7,10 +7,13 @@
int access_allowed( Backend *be, Connection *conn, Operation *op, Entry *e,
char *attr, struct berval *val, char *dn, int access );
struct acl * acl_get_applicable( Backend *be, Operation *op, Entry *e,
char *attr );
char *attr, char *edn, int nmatches, regmatch_t *matches );
int acl_access_allowed( struct acl *a, Backend *be, Connection *conn, Entry *e,
struct berval *val, Operation *op, int access );
struct berval *val, Operation *op, int access, char *edn,
regmatch_t *matches );
int acl_check_mods( Backend *be, Connection *conn, Operation *op, Entry *e,
LDAPMod *mods );
@ -104,6 +107,14 @@ Entry * str2entry( char *s );
char * entry2str( Entry *e, int *len, int printid );
void entry_free( Entry *e );
int entry_rdwr_lock( Entry *e, int rw );
int entry_rdwr_rlock( Entry *e );
int entry_rdwr_wlock( Entry *e );
int entry_rdwr_unlock( Entry *e, int rw );
int entry_rdwr_runlock( Entry *e );
int entry_rdwr_wunlock( Entry *e );
int entry_rdwr_init( Entry *e );
/*
* filter.c
*/

19
servers/slapd/result.c
View File

@ -224,8 +224,7 @@ send_search_entry(
Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL,
"ber_alloc" );
free(edn);
return( 1 );
goto error_return;
}
#ifdef COMPAT30
@ -244,8 +243,7 @@ send_search_entry(
ber_free( ber, 1 );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL,
"ber_printf dn" );
free(edn);
return( 1 );
goto error_return;
}
for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
@ -280,8 +278,7 @@ send_search_entry(
ber_free( ber, 1 );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
NULL, "ber_printf type" );
free(edn);
return( 1 );
goto error_return;
}
if ( ! attrsonly ) {
@ -303,8 +300,7 @@ send_search_entry(
send_ldap_result( conn, op,
LDAP_OPERATIONS_ERROR, NULL,
"ber_printf value" );
free(edn);
return( 1 );
goto error_return;
}
}
}
@ -314,8 +310,7 @@ send_search_entry(
ber_free( ber, 1 );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
NULL, "ber_printf type end" );
free(edn);
return( 1 );
goto error_return;
}
}
@ -393,6 +388,10 @@ send_search_entry(
Debug( LDAP_DEBUG_TRACE, "<= send_search_entry\n", 0, 0, 0 );
return( rc );
error_return:;
free(edn);
return( 1 );
}
int

22
servers/slapd/slap.h
View File

@ -6,10 +6,16 @@
#define LDAP_SYSLOG
#include <syslog.h>
#include <sys/types.h>
#include <regex.h>
#undef NDEBUG
#include <assert.h>
#include "avl.h"
#include "lber.h"
#include "ldap.h"
#include "lthread.h"
#include "lthread_rdwr.h"
#include "ldif.h"
#define DN_DNS 0
@ -17,6 +23,9 @@
#define ON 1
#define OFF (-1)
#define UNDEFINED 0
#define MAXREMATCHES 10
/*
* represents an attribute value assertion (i.e., attr=value)
@ -103,6 +112,9 @@ typedef struct entry {
ID e_id; /* id of this entry - this should */
/* really be private to back-ldbm */
char e_state; /* for the cache */
pthread_rdwr_t e_rdwr; /* reader/writer lock */
#define ENTRY_STATE_DELETED 1
#define ENTRY_STATE_CREATING 2
int e_refcnt; /* # threads ref'ing this entry */
@ -121,6 +133,11 @@ struct access {
char *a_domainpat;
char *a_dnattr;
long a_access;
#ifdef ACLGROUP
char *a_group;
#endif
#define ACL_NONE 0x01
#define ACL_COMPARE 0x02
#define ACL_SEARCH 0x04
@ -134,6 +151,7 @@ struct access {
struct acl {
/* "to" part: the entries this acl applies to */
Filter *acl_filter;
regex_t acl_dnre;
char *acl_dnpat;
char **acl_attrs;
@ -187,6 +205,10 @@ typedef struct backend {
IFP be_config; /* backend config routine */
IFP be_init; /* backend init routine */
IFP be_close; /* backend close routine */
#ifdef ACLGROUP
IFP be_group; /* backend group member test */
#endif
} Backend;
/*