Import latest changes from devel including connection deadlock fix,

TLS fixes, man page updates, and updated NIS schema validators.
2025-04-12 15:10:31 +08:00 · 2000-09-03 18:17:30 +00:00 · 2000-09-03 18:17:30 +00:00 · 95d62e1528
commit 95d62e1528
parent daca87903c
12 changed files with 168 additions and 33 deletions
--- a/doc/man/man3/ldap_get_dn.3
+++ b/doc/man/man3/ldap_get_dn.3
@ -34,9 +34,9 @@ char *dn;
 .SH DESCRIPTION
 These routines allow LDAP entry names (Distinguished Names, or DNs)
 to be obtained, parsed, converted to a user-friendly form, and tested.
-A DN has the form described in RFC 1779 "A String Representation of
-Distinguished Names", unless it is an experimental DNS-style DN
-which takes the form of an RFC 822 mail address.
+A DN has the form described in
+RFC 2253 "Lightweight Directory Access Protocol (v3):
+UTF-8 String Representation of Distinguished Names".
 .LP
 The
 .B ldap_get_dn()
--- a/doc/man/man3/ldap_schema.3
+++ b/doc/man/man3/ldap_schema.3
@ -114,13 +114,13 @@ char * ldap_scherr2str(code)
 int code;
 .SH DESCRIPTION
 These routines are used to parse schema definitions in the syntax
-defined in RFC2252 into structs and handle these structs.  These
+defined in RFC 2252 into structs and handle these structs.  These
 routines handle four kinds of definitions: syntaxes, matching rules,
 attribute types and objectclasses.  For each definition kind, four
 routines are provided.
 .LP
 .B ldap_str2xxx()
-takes a definition in RFC2252 format in argument
+takes a definition in RFC 2252 format in argument
 .IR s
 as a NUL-terminated string and returns, if possible, a pointer to a
 newly allocated struct of the appropriate kind.  The caller is
@ -142,7 +142,7 @@ is a bit mask of parsing options controlling the relaxation of the
 syntax recognized.  The following values are defined:
 .TP
 .B LDAP_SCHEMA_ALLOW_NONE
-strict parsing according to RFC2252.
+strict parsing according to RFC 2252.
 .TP
 .B LDAP_SCHEMA_ALLOW_NO_OID
 permit definitions that do not contain an initial OID.
@ -275,7 +275,7 @@ return a canonical name for the definition.
 .LP
 Routines
 .B ldap_xxx2str()
-return a string representation in the format described by RFC2252 of
+return a string representation in the format described by RFC 2252 of
 the struct passed in the argument.  The string is a newly allocated
 string that must be freed by the caller.  These routines may return
 NULL if no memory can be allocated for the string.
--- a/doc/man/man3/ldap_search.3
+++ b/doc/man/man3/ldap_search.3
@ -75,7 +75,7 @@ BNF:
 .LP
 The '~=' construct is used to specify approximate matching.  The
 representation for <attributetype> and <attributevalue> are as
-described in RFC 1778.  In addition, <attributevalue> can be a single *
+described in RFC 2254.  In addition, <attributevalue> can be a single *
 to achieve an attribute existence test, or can contain text and *'s
 interspersed to achieve substring matching.
 .LP
@ -83,7 +83,7 @@ For example, the filter "mail=*" will find any entries that have a mail
 attribute.  The filter "mail=*@terminator.rs.itd.umich.edu" will find
 any entries that have a mail attribute ending in the specified string.
 To put parentheses in a filter, escape them with a backslash '\\'
-character.  See RFC 1588 for a more complete description of allowable
+character.  See RFC 2254 for a more complete description of allowable
 filters.  See
 .BR ldap_getfilter (3)
 for routines to help in constructing search filters automatically.
--- a/doc/man/man8/go500gw.8
+++ b/doc/man/man8/go500gw.8
@ -91,7 +91,7 @@ file is given below, with the things you should change given in <>'s:
 	Name=<Label of your choice>
 	Type=1
 	Port=7777
-	Path=1<optional RFC 1779-format DN at which to start browsing>
+	Path=1<optional RFC 2253-format DN at which to start browsing>
 	Host=<host.running.go500gw.here>
 .ft
 .fi
--- a/libraries/libldap/ldap-int.h
+++ b/libraries/libldap/ldap-int.h
@ -496,7 +496,8 @@ LDAP_F (int) ldap_url_parselist LDAP_P((

 LDAP_F (int) ldap_url_parsehosts LDAP_P((
 	LDAPURLDesc **ludlist,
-	const char *hosts ));
+	const char *hosts,
+	int port ));

 LDAP_F (char *) ldap_url_list2hosts LDAP_P((
 	LDAPURLDesc *ludlist ));
--- a/libraries/libldap/open.c
+++ b/libraries/libldap/open.c
@ -257,19 +257,17 @@ ldap_int_open_connection(

 	Debug( LDAP_DEBUG_TRACE, "ldap_int_open_connection\n", 0, 0, 0 );

-	port = srv->lud_port;
-	if (port == 0)
-		port = ld->ld_options.ldo_defport;
-	port = htons( (short) port );
-
-	addr = 0;
-	if ( srv->lud_host == NULL || *srv->lud_host == 0 )
-		addr = htonl( INADDR_LOOPBACK );
-
 	switch ( ldap_pvt_url_scheme2proto( srv->lud_scheme ) ) {
 		case LDAP_PROTO_TCP:
+			port = htons( (short) srv->lud_port );
+
+			addr = 0;
+			if ( srv->lud_host == NULL || *srv->lud_host == 0 )
+				addr = htonl( INADDR_LOOPBACK );
+
 			rc = ldap_connect_to_host( ld, conn->lconn_sb, 0,
 				srv->lud_host, addr, port, async );
+
 			if ( rc == -1 ) return rc;
 			ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_tcp,
 				LBER_SBIOD_LEVEL_PROVIDER, NULL );
@ -317,8 +315,10 @@ ldap_int_open_connection(
 	{
 		rc = ldap_pvt_tls_start( ld, conn->lconn_sb,
 			ld->ld_options.ldo_tls_ctx );
-		if (rc != LDAP_SUCCESS)
-			return rc;
+
+		if (rc != LDAP_SUCCESS) {
+			return -1;
+		}
 	}
 #endif

--- a/libraries/libldap/options.c
+++ b/libraries/libldap/options.c
@ -465,7 +465,8 @@ ldap_set_option(
 			int rc = LDAP_OPT_SUCCESS;

 			if(host != NULL) {
-				rc = ldap_url_parsehosts(&ludlist, host);
+				rc = ldap_url_parsehosts( &ludlist, host,
+					lo->ldo_defport ? lo->ldo_defport : LDAP_PORT );

 			} else if(ld == NULL) {
 				/*
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@ -199,9 +199,11 @@ ldap_pvt_tls_init_def_ctx( void )
 		if ( tls_opt_trace ) {
 			SSL_CTX_set_info_callback( tls_def_ctx, tls_info_cb );
 		}
-		SSL_CTX_set_verify( tls_def_ctx, (tls_opt_require_cert) ?
+		SSL_CTX_set_verify( tls_def_ctx,
+			tls_opt_require_cert ?
 			(SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT) :
-			SSL_VERIFY_PEER, tls_verify_cb );
+			SSL_VERIFY_NONE,
+			tls_verify_cb );
 		SSL_CTX_set_tmp_rsa_callback( tls_def_ctx, tls_tmp_rsa_cb );
 		/* SSL_CTX_set_tmp_dh_callback( tls_def_ctx, tls_tmp_dh_cb ); */
 	}
--- a/libraries/libldap/url.c
+++ b/libraries/libldap/url.c
@ -272,7 +272,7 @@ ldap_url_parse( LDAP_CONST char *url_in, LDAPURLDesc **ludpp )

 	ludp->lud_next = NULL;
 	ludp->lud_host = NULL;
-	ludp->lud_port = 0;
+	ludp->lud_port = LDAP_PORT;
 	ludp->lud_dn = NULL;
 	ludp->lud_attrs = NULL;
 	ludp->lud_filter = NULL;
@ -287,6 +287,10 @@ ldap_url_parse( LDAP_CONST char *url_in, LDAPURLDesc **ludpp )
 		return LDAP_URL_ERR_MEM;
 	}

+	if( strcasecmp( ludp->lud_scheme, "ldaps" ) == 0 ) {
+		ludp->lud_port = LDAPS_PORT;
+	}
+
 	/* scan forward for '/' that marks end of hostport and begin. of dn */
 	p = strchr( url, '/' );

@ -659,7 +663,10 @@ ldap_url_parselist (LDAPURLDesc **ludlist, const char *url )
 }

 int
-ldap_url_parsehosts (LDAPURLDesc **ludlist, const char *hosts )
+ldap_url_parsehosts(
+	LDAPURLDesc **ludlist,
+	const char *hosts,
+	int port )
 {
 	int i;
 	LDAPURLDesc *ludp;
@ -686,6 +693,7 @@ ldap_url_parsehosts (LDAPURLDesc **ludlist, const char *hosts )
 			*ludlist = NULL;
 			return LDAP_NO_MEMORY;
 		}
+		ludp->lud_port = port;
 		ludp->lud_host = specs[i];
 		specs[i] = NULL;
 		p = strchr(ludp->lud_host, ':');
--- a/servers/slapd/config.c
+++ b/servers/slapd/config.c
@ -16,7 +16,7 @@
 #include "ldap_pvt.h"
 #include "slap.h"

-#define MAXARGS	128
+#define MAXARGS	200

 /*
 * defaults for various global variables
--- a/servers/slapd/connection.c
+++ b/servers/slapd/connection.c
@ -1099,14 +1099,33 @@ connection_resched( Connection *conn )

 	if( conn->c_conn_state == SLAP_C_CLOSING ) {
 		ber_socket_t	sd;
-
 		ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_GET_FD, &sd );
+
 		Debug( LDAP_DEBUG_TRACE,
-			"connection_resched: attempting closing conn=%ld sd=%d\n",
+			"connection_resched: reaquiring locks conn=%ld sd=%d\n",
 			conn->c_connid, sd, 0 );

+		/* reaquire locks in the right order... this may
+		 * allow another thread to close this connection,
+		 * so recheck state
+		 */
+		ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
 		ldap_pvt_thread_mutex_lock( &connections_mutex );
-		connection_close( conn );
+		ldap_pvt_thread_mutex_lock( &conn->c_mutex );
+
+		if( conn->c_conn_state != SLAP_C_CLOSING ) {
+			Debug( LDAP_DEBUG_TRACE,
+				"connection_resched: closed by other thread conn=%ld sd=%d\n",
+				conn->c_connid, sd, 0 );
+
+		} else {
+			Debug( LDAP_DEBUG_TRACE,
+				"connection_resched: attempting closing conn=%ld sd=%d\n",
+				conn->c_connid, sd, 0 );
+
+			connection_close( conn );
+		}
+
 		ldap_pvt_thread_mutex_unlock( &connections_mutex );
 		return 0;
 	}
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@ -19,8 +19,6 @@

 /* recycled validatation routines */
 #define berValidate						blobValidate
-#define nisNetgroupTripleValidate		printableStringValidate
-#define bootParameterValidate			printableStringValidate

 /* unimplemented validators */
 #define bitStringValidate				NULL
@ -2159,6 +2157,112 @@ generalizedTimeNormalize(
 	return LDAP_SUCCESS;
 }

+static int
+nisNetgroupTripleValidate(
+	Syntax *syntax,
+	struct berval *val )
+{
+	char *p, *e;
+	int commas = 0;
+
+	if ( val->bv_len == 0 ) {
+		return LDAP_INVALID_SYNTAX;
+	}
+
+	p = (char *)val->bv_val;
+	e = p + val->bv_len;
+
+#if 0
+	/* syntax does not allow leading white space */
+	/* Ignore initial whitespace */
+	while ( ( p < e ) && ASCII_SPACE( *p ) ) {
+		p++;
+	}
+#endif
+
+	if ( *p != '(' /*')'*/ ) {
+		return LDAP_INVALID_SYNTAX;
+	}
+
+	for ( p++; ( p < e ) && ( *p != ')' ); p++ ) {
+		if ( *p == ',' ) {
+			commas++;
+			if ( commas > 2 ) {
+				return LDAP_INVALID_SYNTAX;
+			}
+
+		} else if ( !ATTR_CHAR( *p ) ) {
+			return LDAP_INVALID_SYNTAX;
+		}
+	}
+
+	if ( ( commas != 2 ) || ( *p != /*'('*/ ')' ) ) {
+		return LDAP_INVALID_SYNTAX;
+	}
+
+	p++;
+
+#if 0
+	/* syntax does not allow trailing white space */
+	/* Ignore trailing whitespace */
+	while ( ( p < e ) && ASCII_SPACE( *p ) ) {
+		p++;
+	}
+#endif
+
+	if (p != e) {
+		return LDAP_INVALID_SYNTAX;
+	}
+
+	return LDAP_SUCCESS;
+}
+
+static int
+bootParameterValidate(
+	Syntax *syntax,
+	struct berval *val )
+{
+	char *p, *e;
+
+	if ( val->bv_len == 0 ) {
+		return LDAP_INVALID_SYNTAX;
+	}
+
+	p = (char *)val->bv_val;
+	e = p + val->bv_len;
+
+	/* key */
+	for (; ( p < e ) && ( *p != '=' ); p++ ) {
+		if ( !ATTR_CHAR( *p ) ) {
+			return LDAP_INVALID_SYNTAX;
+		}
+	}
+
+	if ( *p != '=' ) {
+		return LDAP_INVALID_SYNTAX;
+	}
+
+	/* server */
+	for ( p++; ( p < e ) && ( *p != ':' ); p++ ) {
+		if ( !ATTR_CHAR( *p ) ) {
+			return LDAP_INVALID_SYNTAX;
+		}
+	}
+
+	if ( *p != ':' ) {
+		return LDAP_INVALID_SYNTAX;
+	}
+
+	/* path */
+	for ( p++; p < e; p++ ) {
+		if ( !ATTR_CHAR( *p ) ) {
+			return LDAP_INVALID_SYNTAX;
+		}
+	}
+
+	return LDAP_SUCCESS;
+}
+
 struct syntax_defs_rec {
 	char *sd_desc;
 	int sd_flags;