diff options
author | Rich Megginson <rmeggins@redhat.com> | 2010-06-07 17:24:52 -0600 |
---|---|---|
committer | Rich Megginson <rmeggins@redhat.com> | 2010-08-31 13:35:53 -0600 |
commit | e30f96f03b95d7d7599cf7cf385de9280dcd1b48 (patch) | |
tree | 9aa618fb774f28ad0b9bd5a19e5dc0b1702e45d4 | |
parent | 36101b6491afc0a843ba50b7e506e622271e9177 (diff) | |
download | ds-e30f96f03b95d7d7599cf7cf385de9280dcd1b48.tar.gz ds-e30f96f03b95d7d7599cf7cf385de9280dcd1b48.tar.xz ds-e30f96f03b95d7d7599cf7cf385de9280dcd1b48.zip |
openldap - add support for missing controls, add ldif api, fix NSS usage
Added proxy auth control creation - mozldap has a function to do that but
not openldap
Do not use mozldap filter create function - just create one using
slapi_smprintf
Fix usage of TLS/SSL with new NSS functionality
Created ldif parse wrapper - changed code to use it
Reviewed by: nkinder (Thanks!)
Platforms tested: Fedora 14 (rawhide)
-rw-r--r-- | ldap/servers/plugins/chainingdb/cb_controls.c | 2 | ||||
-rw-r--r-- | ldap/servers/plugins/mep/mep.c | 15 | ||||
-rw-r--r-- | ldap/servers/plugins/referint/referint.c | 11 | ||||
-rw-r--r-- | ldap/servers/plugins/replication/cl5_api.c | 69 | ||||
-rw-r--r-- | ldap/servers/plugins/replication/replutil.c | 26 | ||||
-rw-r--r-- | ldap/servers/slapd/back-ldbm/import-threads.c | 20 | ||||
-rw-r--r-- | ldap/servers/slapd/back-ldbm/misc.c | 149 | ||||
-rw-r--r-- | ldap/servers/slapd/entry.c | 202 | ||||
-rw-r--r-- | ldap/servers/slapd/fedse.c | 16 | ||||
-rw-r--r-- | ldap/servers/slapd/ldaputil.c | 122 | ||||
-rw-r--r-- | ldap/servers/slapd/slapi-plugin.h | 16 | ||||
-rw-r--r-- | ldap/servers/slapd/tools/ldclt/ldapfct.c | 36 |
12 files changed, 401 insertions, 283 deletions
diff --git a/ldap/servers/plugins/chainingdb/cb_controls.c b/ldap/servers/plugins/chainingdb/cb_controls.c index 142284a9..f6b0653a 100644 --- a/ldap/servers/plugins/chainingdb/cb_controls.c +++ b/ldap/servers/plugins/chainingdb/cb_controls.c @@ -281,7 +281,7 @@ int cb_update_controls( Slapi_PBlock * pb, if (addauth) { slapi_pblock_get( pb, SLAPI_REQUESTOR_DN, &proxyDN ); - if ( ldap_create_proxyauth_control(ld, proxyDN, isabandon?0:1, &ctrls[dCount] )) { + if ( slapi_ldap_create_proxyauth_control(ld, proxyDN, isabandon?0:1, 0, &ctrls[dCount] )) { ldap_controls_free(ctrls); slapi_log_error( SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM, "LDAP_CONTROL_PROXYAUTH control encoding failed.\n"); diff --git a/ldap/servers/plugins/mep/mep.c b/ldap/servers/plugins/mep/mep.c index ba142033..716b39b0 100644 --- a/ldap/servers/plugins/mep/mep.c +++ b/ldap/servers/plugins/mep/mep.c @@ -950,8 +950,6 @@ mep_create_managed_entry(struct configEntry *config, Slapi_Entry *origin) char **vals = NULL; char *type = NULL; char *value = NULL; - int vlen = 0; - struct berval bval; Slapi_Value *sval = NULL; int found_rdn_map = 0; int i = 0; @@ -982,7 +980,9 @@ mep_create_managed_entry(struct configEntry *config, Slapi_Entry *origin) * created managed entry. */ vals = slapi_entry_attr_get_charray(template, MEP_STATIC_ATTR_TYPE); for (i = 0; vals && vals[i]; ++i) { - if (ldif_parse_line(vals[i], &type, &value, &vlen) != 0) { + struct berval bvtype = {0, NULL}, bvvalue = {0, NULL}; + int freeval = 0; + if (slapi_ldif_parse_line(vals[i], &bvtype, &bvvalue, &freeval) != 0) { slapi_log_error( SLAPI_LOG_FATAL, MEP_PLUGIN_SUBSYSTEM, "mep_create_managed_entry: Value for %s config setting " "is not in the correct format in template \"%s\". " @@ -992,14 +992,15 @@ mep_create_managed_entry(struct configEntry *config, Slapi_Entry *origin) goto done; } else { /* Create a berval and add the value to the entry. */ - bval.bv_len = vlen; - bval.bv_val = value; - sval = slapi_value_new_berval(&bval); - slapi_entry_add_value(managed_entry, type, sval); + sval = slapi_value_new_berval(&bvvalue); + slapi_entry_add_value(managed_entry, bvtype.bv_val, sval); slapi_value_free(&sval); /* Set type and value to NULL so they don't get * free'd by mep_parse_mapped_attr(). */ + if (freeval) { + slapi_ch_free_string(&bvvalue.bv_val); + } type = NULL; value = NULL; } diff --git a/ldap/servers/plugins/referint/referint.c b/ldap/servers/plugins/referint/referint.c index 0f1598db..454c5162 100644 --- a/ldap/servers/plugins/referint/referint.c +++ b/ldap/servers/plugins/referint/referint.c @@ -686,11 +686,10 @@ update_integrity(char **argv, char *origDN, for(i = 3; argv[i] != NULL; i++) { - unsigned long filtlen = strlen(argv[i]) + (strlen(origDN) * 3 ) + 5; - filter = (char *)slapi_ch_calloc( filtlen, sizeof(char )); - if (( search_result = ldap_create_filter( filter, filtlen, - "(%a=*%e)", NULL, NULL, argv[i], origDN, NULL )) - == LDAP_SUCCESS ) { + char buf[BUFSIZ]; + size_t len = strlen(origDN); + filter = slapi_ch_smprintf("(%s=*%s)", argv[i], escape_filter_value(origDN, len, buf)); + if ( filter ) { /* Need only the current attribute and its subtypes */ char *attrs[2]; @@ -778,7 +777,7 @@ update_integrity(char **argv, char *origDN, } } - slapi_ch_free((void**)&filter); + slapi_ch_free_string(&filter); if (search_result_pb) { slapi_free_search_results_internal(search_result_pb); diff --git a/ldap/servers/plugins/replication/cl5_api.c b/ldap/servers/plugins/replication/cl5_api.c index 33536086..8e152b74 100644 --- a/ldap/servers/plugins/replication/cl5_api.c +++ b/ldap/servers/plugins/replication/cl5_api.c @@ -5147,13 +5147,10 @@ static int _cl5LDIF2Operation (char *ldifEntry, slapi_operation_parameters *op, char **replGen) { int rc; -#if defined(USE_OPENLDAP) - ber_len_t vlen; -#else - int vlen; -#endif char *next, *line; - char *type, *value; + struct berval type, value; + struct berval bv_null = {0, NULL}; + int freeval = 0; Slapi_Mods *mods; char *rawDN = NULL; @@ -5170,7 +5167,9 @@ _cl5LDIF2Operation (char *ldifEntry, slapi_operation_parameters *op, char **repl } /* this call modifies ldifEntry */ - rc = ldif_parse_line(line, &type, &value, &vlen); + type = bv_null; + value = bv_null; + rc = slapi_ldif_parse_line(line, &type, &value, &freeval); if (rc != 0) { slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, @@ -5178,55 +5177,55 @@ _cl5LDIF2Operation (char *ldifEntry, slapi_operation_parameters *op, char **repl continue; } - if (strcasecmp (type, T_CHANGETYPESTR) == 0) + if (strncasecmp (type.bv_val, T_CHANGETYPESTR, type.bv_len) == 0) { - op->operation_type = _cl5Str2OperationType (value); + op->operation_type = _cl5Str2OperationType (value.bv_val); } - else if (strcasecmp (type, T_REPLGEN) == 0) + else if (strncasecmp (type.bv_val, T_REPLGEN, type.bv_len) == 0) { - *replGen = slapi_ch_strdup (value); + *replGen = slapi_ch_strdup (value.bv_val); } - else if (strcasecmp (type, T_CSNSTR) == 0) + else if (strncasecmp (type.bv_val, T_CSNSTR, type.bv_len) == 0) { - op->csn = csn_new_by_string(value); + op->csn = csn_new_by_string(value.bv_val); } - else if (strcasecmp (type, T_UNIQUEIDSTR) == 0) + else if (strncasecmp (type.bv_val, T_UNIQUEIDSTR, type.bv_len) == 0) { - op->target_address.uniqueid = slapi_ch_strdup (value); + op->target_address.uniqueid = slapi_ch_strdup (value.bv_val); } - else if (strcasecmp (type, T_DNSTR) == 0) + else if (strncasecmp (type.bv_val, T_DNSTR, type.bv_len) == 0) { PR_ASSERT (op->operation_type); if (op->operation_type == SLAPI_OPERATION_ADD) { - rawDN = slapi_ch_strdup (value); + rawDN = slapi_ch_strdup (value.bv_val); op->target_address.dn = slapi_ch_strdup(rawDN); } else - op->target_address.dn = slapi_ch_strdup (value); + op->target_address.dn = slapi_ch_strdup (value.bv_val); } - else if (strcasecmp (type, T_PARENTIDSTR) == 0) + else if (strncasecmp (type.bv_val, T_PARENTIDSTR, type.bv_len) == 0) { - op->p.p_add.parentuniqueid = slapi_ch_strdup (value); + op->p.p_add.parentuniqueid = slapi_ch_strdup (value.bv_val); } - else if (strcasecmp (type, T_NEWRDNSTR) == 0) + else if (strncasecmp (type.bv_val, T_NEWRDNSTR, type.bv_len) == 0) { - op->p.p_modrdn.modrdn_newrdn = slapi_ch_strdup (value); + op->p.p_modrdn.modrdn_newrdn = slapi_ch_strdup (value.bv_val); } - else if (strcasecmp (type, T_DRDNFLAGSTR) == 0) + else if (strncasecmp (type.bv_val, T_DRDNFLAGSTR, type.bv_len) == 0) { - op->p.p_modrdn.modrdn_deloldrdn = (strcasecmp (value, "true") ? PR_FALSE : PR_TRUE); + op->p.p_modrdn.modrdn_deloldrdn = (strncasecmp (value.bv_val, "true", value.bv_len) ? PR_FALSE : PR_TRUE); } - else if (strcasecmp (type, T_NEWSUPERIORDNSTR) == 0) + else if (strncasecmp (type.bv_val, T_NEWSUPERIORDNSTR, type.bv_len) == 0) { - op->p.p_modrdn.modrdn_newsuperior_address.dn = slapi_ch_strdup (value); + op->p.p_modrdn.modrdn_newsuperior_address.dn = slapi_ch_strdup (value.bv_val); } - else if (strcasecmp (type, T_NEWSUPERIORIDSTR) == 0) + else if (strncasecmp (type.bv_val, T_NEWSUPERIORIDSTR, type.bv_len) == 0) { - op->p.p_modrdn.modrdn_newsuperior_address.uniqueid = slapi_ch_strdup (value); + op->p.p_modrdn.modrdn_newsuperior_address.uniqueid = slapi_ch_strdup (value.bv_val); } - else if (strcasecmp (type, T_CHANGESTR) == 0) + else if (strncasecmp (type.bv_val, T_CHANGESTR, type.bv_len) == 0) { PR_ASSERT (op->operation_type); @@ -5245,7 +5244,7 @@ _cl5LDIF2Operation (char *ldifEntry, slapi_operation_parameters *op, char **repl op->operation_type); return CL5_BAD_FORMAT; } - mods = parse_changes_string(value); + mods = parse_changes_string(value.bv_val); PR_ASSERT (mods); slapi_mods2entry (&(op->p.p_add.target_entry), rawDN, slapi_mods_get_ldapmods_byref(mods)); @@ -5253,13 +5252,13 @@ _cl5LDIF2Operation (char *ldifEntry, slapi_operation_parameters *op, char **repl slapi_mods_free (&mods); break; - case SLAPI_OPERATION_MODIFY: mods = parse_changes_string(value); + case SLAPI_OPERATION_MODIFY: mods = parse_changes_string(value.bv_val); PR_ASSERT (mods); op->p.p_modify.modify_mods = slapi_mods_get_ldapmods_passout (mods); slapi_mods_free (&mods); break; - case SLAPI_OPERATION_MODRDN: mods = parse_changes_string(value); + case SLAPI_OPERATION_MODRDN: mods = parse_changes_string(value.bv_val); PR_ASSERT (mods); op->p.p_modrdn.modrdn_mods = slapi_mods_get_ldapmods_passout (mods); slapi_mods_free (&mods); @@ -5268,9 +5267,15 @@ _cl5LDIF2Operation (char *ldifEntry, slapi_operation_parameters *op, char **repl default: slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, "_cl5LDIF2Operation: invalid operation type - %lu\n", op->operation_type); + if (freeval) { + slapi_ch_free_string(&value.bv_val); + } return CL5_BAD_FORMAT; } } + if (freeval) { + slapi_ch_free_string(&value.bv_val); + } } if (IsValidOperation (op)) diff --git a/ldap/servers/plugins/replication/replutil.c b/ldap/servers/plugins/replication/replutil.c index aaa427bd..0da0f573 100644 --- a/ldap/servers/plugins/replication/replutil.c +++ b/ldap/servers/plugins/replication/replutil.c @@ -403,9 +403,9 @@ parse_changes_string(char *str) Slapi_Mods *mods; Slapi_Mod mod; char *line, *next; - char *type, *value; - int vlen; - struct berval bv; + struct berval type, value; + struct berval bv_null = {0, NULL}; + int freeval = 0; /* allocate mods array */ mods = slapi_mods_new (); @@ -438,7 +438,9 @@ parse_changes_string(char *str) break; } - rc = ldif_parse_line(line, &type, &value, &vlen); + type = bv_null; + value = bv_null; + rc = slapi_ldif_parse_line(line, &type, &value, &freeval); if (rc != 0) { /* ONREPL - log warning */ @@ -447,15 +449,15 @@ parse_changes_string(char *str) continue; } - if (strcasecmp (type, "add") == 0) + if (strncasecmp (type.bv_val, "add", type.bv_len) == 0) { slapi_mod_set_operation (&mod, LDAP_MOD_ADD | LDAP_MOD_BVALUES); } - else if (strcasecmp (type, "delete") == 0) + else if (strncasecmp (type.bv_val, "delete", type.bv_len) == 0) { slapi_mod_set_operation (&mod, LDAP_MOD_DELETE | LDAP_MOD_BVALUES); } - else if (strcasecmp (type, "replace") == 0) + else if (strncasecmp (type.bv_val, "replace", type.bv_len) == 0) { slapi_mod_set_operation (&mod, LDAP_MOD_REPLACE | LDAP_MOD_BVALUES); } @@ -464,15 +466,15 @@ parse_changes_string(char *str) /* adding first value */ if (slapi_mod_get_type (&mod) == NULL) { - slapi_mod_set_type (&mod, type); + slapi_mod_set_type (&mod, type.bv_val); } - bv.bv_val = value; - bv.bv_len = vlen; - - slapi_mod_add_value (&mod, &bv); + slapi_mod_add_value (&mod, &value); } + if (freeval) { + slapi_ch_free_string(&value.bv_val); + } line = ldif_getline (&next); } } diff --git a/ldap/servers/slapd/back-ldbm/import-threads.c b/ldap/servers/slapd/back-ldbm/import-threads.c index 7107eb41..a58ca2c7 100644 --- a/ldap/servers/slapd/back-ldbm/import-threads.c +++ b/ldap/servers/slapd/back-ldbm/import-threads.c @@ -271,17 +271,9 @@ static int import_get_version(char *str) { char *s; - char *type; - char *valuecharptr; char *mystr, *ms; int offset; -#if defined(USE_OPENLDAP) - ber_len_t valuelen; -#else - int valuelen; -#endif int my_version = 0; - int retmalloc = 0; if ((s = strstr(str, "version:")) == NULL) return 0; @@ -289,17 +281,19 @@ import_get_version(char *str) offset = s - str; mystr = ms = slapi_ch_strdup(str); while ( (s = ldif_getline( &ms )) != NULL ) { - if ( (retmalloc = ldif_parse_line( s, &type, &valuecharptr, &valuelen )) >= 0 ) { - if (!strcasecmp(type, "version")) { - my_version = atoi(valuecharptr); + struct berval type = {0, NULL}, value = {0, NULL}; + int freeval = 0; + if ( slapi_ldif_parse_line( s, &type, &value, &freeval ) >= 0 ) { + if (!PL_strncasecmp(type.bv_val, "version", type.bv_len)) { + my_version = atoi(value.bv_val); *(str + offset) = '#'; /* the memory below was not allocated by the slapi_ch_ functions */ - if (retmalloc) slapi_ch_free((void **) &valuecharptr); + if (freeval) slapi_ch_free_string(&value.bv_val); break; } } /* the memory below was not allocated by the slapi_ch_ functions */ - if (retmalloc) slapi_ch_free((void **) &valuecharptr); + if (freeval) slapi_ch_free_string(&value.bv_val); } slapi_ch_free((void **)&mystr); diff --git a/ldap/servers/slapd/back-ldbm/misc.c b/ldap/servers/slapd/back-ldbm/misc.c index 0e1dc60c..fd5cf0db 100644 --- a/ldap/servers/slapd/back-ldbm/misc.c +++ b/ldap/servers/slapd/back-ldbm/misc.c @@ -405,6 +405,39 @@ is_fullpath(char *path) return 0; } +/* the problem with getline is that it inserts \0 for every + newline \n or \r - this is a problem when you just want + to grab some value from the ldif string but do not + want to change the ldif string because it will be + parsed again in the future + openldap ldif_getline() is more of a problem because + it does this for every comment line too, whereas mozldap + ldif_getline() just skips comment lines +*/ +static void +ldif_getline_fixline(char *start, char *end) +{ + while (start && (start < end)) { + if (*start == '\0') { + /* the original ldif string will usually end with \n \0 + ldif_getline will turn this into \0 \0 + in this case, we don't want to turn it into + \r \n we want \n \0 + */ + if ((start < (end - 1)) && (*(start + 1) == '\0')) { + *start = '\r'; + start++; + } + *start = '\n'; + start++; + } else { + start++; + } + } + + return; +} + /* * Get value of type from string. * Note: this function is very primitive. It does not support multi values. @@ -420,13 +453,10 @@ get_value_from_string(const char *string, char *type, char **value) char *ptr = NULL; char *copy = NULL; char *tmpptr = NULL; - char *tmptype = NULL; - char *valueptr = NULL; -#if defined (USE_OPENLDAP) - ber_len_t valuelen; -#else - int valuelen; -#endif + char *startptr = NULL; + struct berval tmptype; + struct berval bvvalue; + int freeval = 0; if (NULL == string || NULL == type || NULL == value) { return rc; @@ -439,43 +469,46 @@ get_value_from_string(const char *string, char *type, char **value) } typelen = strlen(type); + startptr = tmpptr; while (NULL != (ptr = ldif_getline(&tmpptr))) { if ((0 != PL_strncasecmp(ptr, type, typelen)) || (*(ptr + typelen) != ';' && *(ptr + typelen) != ':')) { /* did not match */ - /* ldif_getline replaces '\n' and '\r' with '\0' */ - if ('\0' == *(tmpptr - 1)) { - *(tmpptr - 1) = '\n'; - } - if ('\0' == *(tmpptr - 2)) { - *(tmpptr - 2) = '\r'; - } + ldif_getline_fixline(startptr, tmpptr); + startptr = tmpptr; continue; } /* matched */ copy = slapi_ch_strdup(ptr); - /* ldif_getline replaces '\n' and '\r' with '\0' */ - if ('\0' == *(tmpptr - 1)) { - *(tmpptr - 1) = '\n'; - } - if ('\0' == *(tmpptr - 2)) { - *(tmpptr - 2) = '\r'; - } - rc = ldif_parse_line(copy, &tmptype, &valueptr, &valuelen); - if (0 > rc || NULL == valueptr || 0 >= valuelen) { + ldif_getline_fixline(startptr, tmpptr); + startptr = tmpptr; + rc = slapi_ldif_parse_line(copy, &tmptype, &bvvalue, &freeval); + if (0 > rc || NULL == bvvalue.bv_val || 0 >= bvvalue.bv_len) { slapi_log_error(SLAPI_LOG_FATAL, "get_value_from_string", "parse " "failed: %d\n", rc); + if (freeval) { + slapi_ch_free_string(&bvvalue.bv_val); + } goto bail; } - if (0 != strcasecmp(type, tmptype)) { + if (0 != PL_strncasecmp(type, tmptype.bv_val, tmptype.bv_len)) { slapi_log_error(SLAPI_LOG_FATAL, "get_value_from_string", "type " "does not match: %s != %s\n", - type, tmptype); + type, tmptype.bv_val); + if (freeval) { + slapi_ch_free_string(&bvvalue.bv_val); + } goto bail; } - *value = (char *)slapi_ch_malloc(valuelen + 1); - memcpy(*value, valueptr, valuelen); - *(*value + valuelen) = '\0'; + if (freeval) { + *value = bvvalue.bv_val; /* just hand off the memory */ + bvvalue.bv_val = NULL; + } else { /* make a copy */ + *value = (char *)slapi_ch_malloc(bvvalue.bv_len + 1); + memcpy(*value, bvvalue.bv_val, bvvalue.bv_len); + *(*value + bvvalue.bv_len) = '\0'; + } + slapi_ch_free_string(©); } bail: slapi_ch_free_string(©); @@ -495,13 +528,9 @@ get_values_from_string(const char *string, char *type, char ***valuearray) char *ptr = NULL; char *copy = NULL; char *tmpptr = NULL; - char *tmptype = NULL; - char *valueptr = NULL; -#if defined (USE_OPENLDAP) - ber_len_t valuelen; -#else - int valuelen; -#endif + char *startptr = NULL; + struct berval tmptype, bvvalue; + int freeval = 0; char *value = NULL; int idx = 0; #define get_values_INITIALMAXCNT 1 @@ -518,51 +547,53 @@ get_values_from_string(const char *string, char *type, char ***valuearray) } typelen = strlen(type); + startptr = tmpptr; while (NULL != (ptr = ldif_getline(&tmpptr))) { if ((0 != PL_strncasecmp(ptr, type, typelen)) || (*(ptr + typelen) != ';' && *(ptr + typelen) != ':')) { /* did not match */ - /* ldif_getline replaces '\n' and '\r' with '\0' */ - if ('\0' == *(tmpptr - 1)) { - *(tmpptr - 1) = '\n'; - } - if ('\0' == *(tmpptr - 2)) { - *(tmpptr - 2) = '\r'; - } + ldif_getline_fixline(startptr, tmpptr); + startptr = tmpptr; continue; } /* matched */ copy = slapi_ch_strdup(ptr); - /* ldif_getline replaces '\n' and '\r' with '\0' */ - if ('\0' == *(tmpptr - 1)) { - *(tmpptr - 1) = '\n'; - } - if ('\0' == *(tmpptr - 2)) { - *(tmpptr - 2) = '\r'; - } - rc = ldif_parse_line(copy, &tmptype, &valueptr, &valuelen); - if (0 > rc || NULL == valueptr || 0 >= valuelen) { + ldif_getline_fixline(startptr, tmpptr); + startptr = tmpptr; + rc = slapi_ldif_parse_line(copy, &tmptype, &bvvalue, &freeval); + if (0 > rc || NULL == bvvalue.bv_val || 0 >= bvvalue.bv_len) { continue; } - if (0 != strcasecmp(type, tmptype)) { - char *p = PL_strchr(tmptype, ';'); /* subtype ? */ + if (0 != PL_strncasecmp(type, tmptype.bv_val, tmptype.bv_len)) { + char *p = PL_strchr(tmptype.bv_val, ';'); /* subtype ? */ if (p) { - if (0 != strncasecmp(type, tmptype, p - tmptype)) { + if (0 != strncasecmp(type, tmptype.bv_val, p - tmptype.bv_val)) { slapi_log_error(SLAPI_LOG_FATAL, "get_values_from_string", "type does not match: %s != %s\n", - type, tmptype); + type, tmptype.bv_val); + if (freeval) { + slapi_ch_free_string(&bvvalue.bv_val); + } goto bail; } } else { slapi_log_error(SLAPI_LOG_FATAL, "get_values_from_string", "type does not match: %s != %s\n", - type, tmptype); + type, tmptype.bv_val); + if (freeval) { + slapi_ch_free_string(&bvvalue.bv_val); + } goto bail; } } - value = (char *)slapi_ch_malloc(valuelen + 1); - memcpy(value, valueptr, valuelen); - *(value + valuelen) = '\0'; + if (freeval) { + value = bvvalue.bv_val; /* just hand off memory */ + bvvalue.bv_val = NULL; + } else { /* copy */ + value = (char *)slapi_ch_malloc(bvvalue.bv_len + 1); + memcpy(value, bvvalue.bv_val, bvvalue.bv_len); + *(value + bvvalue.bv_len) = '\0'; + } if ((get_values_INITIALMAXCNT == maxcnt) || !valuearray || (idx + 1 >= maxcnt)) { maxcnt *= 2; diff --git a/ldap/servers/slapd/entry.c b/ldap/servers/slapd/entry.c index 59606041..04d02704 100644 --- a/ldap/servers/slapd/entry.c +++ b/ldap/servers/slapd/entry.c @@ -158,7 +158,6 @@ str2entry_fast( const char *rawdn, char *s, int flags, int read_stateinfo ) char *next, *ptype=NULL; int nvals= 0; int del_nvals= 0; - int retmalloc = 0; unsigned long attr_val_cnt = 0; CSN *attributedeletioncsn= NULL; /* Moved to this level so that the JCM csn_free call below gets useful */ CSNSet *valuecsnset= NULL; /* Moved to this level so that the JCM csn_free call below gets useful */ @@ -207,33 +206,23 @@ str2entry_fast( const char *rawdn, char *s, int flags, int read_stateinfo ) while ( (s = ldif_getline( &next )) != NULL && attr_val_cnt < ENTRY_MAX_ATTRIBUTE_VALUE_COUNT ) { - char *valuecharptr=NULL; -#if defined(USE_OPENLDAP) - ber_len_t valuelen; -#else - int valuelen; -#endif + struct berval type = {0, NULL}; + struct berval value = {0, NULL}; + int freeval = 0; int value_state= VALUE_NOTFOUND; int attr_state= ATTRIBUTE_NOTFOUND; int maxvals; int del_maxvals; - char *type; - int freetype = 0; if ( *s == '\n' || *s == '\0' ) { break; } - if ( (retmalloc = ldif_parse_line( s, &type, &valuecharptr, &valuelen )) < 0 ) { + if ( slapi_ldif_parse_line( s, &type, &value, &freeval ) < 0 ) { LDAPDebug( LDAP_DEBUG_TRACE, "<= str2entry_fast NULL (parse_line)\n", 0, 0, 0 ); continue; } -#if defined(USE_OPENLDAP) - /* openldap always mallocs the type and value arguments to ldap_parse_line */ - retmalloc = 1; - freetype = 1; -#endif /* * Extract the attribute and value CSNs from the attribute type. @@ -242,7 +231,7 @@ str2entry_fast( const char *rawdn, char *s, int flags, int read_stateinfo ) csnset_free(&valuecsnset); value_state= VALUE_NOTFOUND; attr_state= ATTRIBUTE_NOTFOUND; - str2entry_state_information_from_type(type,&valuecsnset,&attributedeletioncsn,&maxcsn,&value_state,&attr_state); + str2entry_state_information_from_type(type.bv_val,&valuecsnset,&attributedeletioncsn,&maxcsn,&value_state,&attr_state); if(!read_stateinfo) { /* We are not maintaining state information */ @@ -250,8 +239,7 @@ str2entry_fast( const char *rawdn, char *s, int flags, int read_stateinfo ) { /* ignore deleted values and attributes */ /* the memory below was not allocated by the slapi_ch_ functions */ - if (retmalloc) slapi_ch_free_string(&valuecharptr); - if (freetype) slapi_ch_free_string(&type); + if (freeval) slapi_ch_free_string(&value.bv_val); continue; } /* Ignore CSNs */ @@ -261,10 +249,10 @@ str2entry_fast( const char *rawdn, char *s, int flags, int read_stateinfo ) /* * We cache some stuff as we go around the loop. */ - if((ptype==NULL)||(strcasecmp(type,ptype) != 0)) + if((ptype==NULL)||(PL_strncasecmp(type.bv_val,ptype,type.bv_len) != 0)) { slapi_ch_free_string(&ptype); - ptype=slapi_ch_strdup(type); + ptype=PL_strndup(type.bv_val, type.bv_len); nvals = 0; maxvals = 0; del_nvals = 0; @@ -283,8 +271,7 @@ str2entry_fast( const char *rawdn, char *s, int flags, int read_stateinfo ) LDAPDebug1Arg(LDAP_DEBUG_TRACE, "str2entry_fast: Invalid DN: %s\n", rawdn); slapi_entry_free( e ); - if (retmalloc) slapi_ch_free_string(&valuecharptr); - if (freetype) slapi_ch_free_string(&type); + if (freeval) slapi_ch_free_string(&value.bv_val); e = NULL; goto done; } @@ -306,8 +293,7 @@ str2entry_fast( const char *rawdn, char *s, int flags, int read_stateinfo ) LDAPDebug1Arg(LDAP_DEBUG_TRACE, "str2entry_fast: Invalid DN: %s\n", rawdn); slapi_entry_free( e ); - if (retmalloc) slapi_ch_free_string(&valuecharptr); - if (freetype) slapi_ch_free_string(&type); + if (freeval) slapi_ch_free_string(&value.bv_val); e = NULL; goto done; } @@ -320,31 +306,31 @@ str2entry_fast( const char *rawdn, char *s, int flags, int read_stateinfo ) rawdn = NULL; /* Set once in the loop. This won't affect the caller's passed address. */ } - if ( strcasecmp( type, "dn" ) == 0 ) { + if ( PL_strncasecmp( type.bv_val, "dn", type.bv_len ) == 0 ) { if ( slapi_entry_get_dn_const(e)!=NULL ) { - char ebuf[ BUFSIZ ]; + char ebuf[ BUFSIZ ], ebuf2[ BUFSIZ ]; LDAPDebug( LDAP_DEBUG_TRACE, "str2entry_fast: entry has multiple dns \"%s\" and " "\"%s\" (second ignored)\n", escape_string( slapi_entry_get_dn_const(e), ebuf ), - escape_string( valuecharptr, ebuf ), 0 ); + escape_string( value.bv_val, ebuf2 ), 0 ); /* the memory below was not allocated by the slapi_ch_ functions */ - if (retmalloc) slapi_ch_free_string(&valuecharptr); - if (freetype) slapi_ch_free_string(&type); + if (freeval) slapi_ch_free_string(&value.bv_val); continue; } if (flags & SLAPI_STR2ENTRY_USE_OBSOLETE_DNFORMAT) { normdn = - slapi_ch_strdup(slapi_dn_normalize_original(valuecharptr)); + slapi_ch_strdup(slapi_dn_normalize_original(value.bv_val)); } else { - normdn = slapi_create_dn_string("%s", valuecharptr); + normdn = slapi_create_dn_string("%s", value.bv_val); } if (NULL == normdn) { + char ebuf[ BUFSIZ ]; LDAPDebug1Arg(LDAP_DEBUG_TRACE, - "str2entry_fast: Invalid DN: %s\n", valuecharptr); + "str2entry_fast: Invalid DN: %s\n", + escape_string( value.bv_val, ebuf )); slapi_entry_free( e ); - if (retmalloc) slapi_ch_free_string(&valuecharptr); - if (freetype) slapi_ch_free_string(&type); + if (freeval) slapi_ch_free_string(&value.bv_val); e = NULL; goto done; } @@ -352,134 +338,126 @@ str2entry_fast( const char *rawdn, char *s, int flags, int read_stateinfo ) slapi_entry_set_dn(e, normdn); /* the memory below was not allocated by the slapi_ch_ functions */ - if (retmalloc) slapi_ch_free_string(&valuecharptr); - if (freetype) slapi_ch_free_string(&type); + if (freeval) slapi_ch_free_string(&value.bv_val); continue; } - if ( strcasecmp( type, "rdn" ) == 0 ) { + if ( PL_strncasecmp( type.bv_val, "rdn", type.bv_len ) == 0 ) { if ( NULL == slapi_entry_get_rdn_const( e )) { - slapi_entry_set_rdn( e, valuecharptr ); + slapi_entry_set_rdn( e, value.bv_val ); } /* the memory below was not allocated by the slapi_ch_ functions */ - if (retmalloc) slapi_ch_free_string(&valuecharptr); - if (freetype) slapi_ch_free_string(&type); + if (freeval) slapi_ch_free_string(&value.bv_val); continue; } /* retrieve uniqueid */ - if ( strcasecmp (type, SLAPI_ATTR_UNIQUEID) == 0 ){ + if ( PL_strncasecmp (type.bv_val, SLAPI_ATTR_UNIQUEID, type.bv_len) == 0 ){ if (e->e_uniqueid != NULL){ LDAPDebug (LDAP_DEBUG_TRACE, "str2entry_fast: entry has multiple uniqueids %s " "and %s (second ignored)\n", - e->e_uniqueid, valuecharptr, 0); + e->e_uniqueid, value.bv_val, 0); }else{ /* name2asi will be locked in slapi_entry_set_uniqueid */ attr_syntax_unlock_read(); - slapi_entry_set_uniqueid (e, slapi_ch_strdup(valuecharptr)); + slapi_entry_set_uniqueid (e, PL_strndup(value.bv_val, value.bv_len)); attr_syntax_read_lock(); } /* the memory below was not allocated by the slapi_ch_ functions */ - if (retmalloc) slapi_ch_free_string(&valuecharptr); - if (freetype) slapi_ch_free_string(&type); + if (freeval) slapi_ch_free_string(&value.bv_val); continue; } - if (strcasecmp(type,"objectclass") == 0) { - if (strcasecmp(valuecharptr,"ldapsubentry") == 0) + if (PL_strncasecmp(type.bv_val,"objectclass",type.bv_len) == 0) { + if (PL_strncasecmp(value.bv_val,"ldapsubentry",value.bv_len) == 0) e->e_flags |= SLAPI_ENTRY_LDAPSUBENTRY; - if (strcasecmp(valuecharptr, SLAPI_ATTR_VALUE_TOMBSTONE) == 0) + if (PL_strncasecmp(value.bv_val, SLAPI_ATTR_VALUE_TOMBSTONE,value.bv_len) == 0) e->e_flags |= SLAPI_ENTRY_FLAG_TOMBSTONE; } { - Slapi_Value *value = NULL; + Slapi_Value *svalue = NULL; if(a==NULL) { switch(attr_state) { case ATTRIBUTE_PRESENT: - if(attrlist_find_or_create_locking_optional(&e->e_attrs, type, &a, PR_FALSE)==0 /* Found */) + if(attrlist_find_or_create_locking_optional(&e->e_attrs, type.bv_val, &a, PR_FALSE)==0 /* Found */) { - LDAPDebug (LDAP_DEBUG_ANY, "str2entry_fast: Error. Non-contiguous attribute values for %s\n", type, 0, 0); + LDAPDebug (LDAP_DEBUG_ANY, "str2entry_fast: Error. Non-contiguous attribute values for %s\n", type.bv_val, 0, 0); PR_ASSERT(0); - if (freetype) slapi_ch_free_string(&type); continue; } break; case ATTRIBUTE_DELETED: - if(attrlist_find_or_create_locking_optional(&e->e_deleted_attrs, type, &a, PR_FALSE)==0 /* Found */) + if(attrlist_find_or_create_locking_optional(&e->e_deleted_attrs, type.bv_val, &a, PR_FALSE)==0 /* Found */) { - LDAPDebug (LDAP_DEBUG_ANY, "str2entry_fast: Error. Non-contiguous deleted attribute values for %s\n", type, 0, 0); + LDAPDebug (LDAP_DEBUG_ANY, "str2entry_fast: Error. Non-contiguous deleted attribute values for %s\n", type.bv_val, 0, 0); PR_ASSERT(0); - if (freetype) slapi_ch_free_string(&type); continue; } break; case ATTRIBUTE_NOTFOUND: - LDAPDebug (LDAP_DEBUG_ANY, "str2entry_fast: Error. Non-contiguous deleted attribute values for %s\n", type, 0, 0); + LDAPDebug (LDAP_DEBUG_ANY, "str2entry_fast: Error. Non-contiguous deleted attribute values for %s\n", type.bv_val, 0, 0); PR_ASSERT(0); - if (freetype) slapi_ch_free_string(&type); continue; /* break; ??? */ } } /* moved the value setting code here to check Slapi_Attr 'a' * to retrieve the attribute syntax info */ - value = value_new(NULL, CSN_TYPE_NONE, NULL); + svalue = value_new(NULL, CSN_TYPE_NONE, NULL); if (slapi_attr_is_dn_syntax_attr(*a)) { int rc = 0; char *dn_aval = NULL; size_t dnlen = 0; if (strict) { /* check that the dn is formatted correctly */ - rc = slapi_dn_syntax_check(NULL, valuecharptr, 1); + rc = slapi_dn_syntax_check(NULL, value.bv_val, 1); if (rc) { /* syntax check failed */ LDAPDebug2Args(LDAP_DEBUG_TRACE, "str2entry_fast: strict: Invalid DN value: %s: %s\n", - type, valuecharptr); + type.bv_val, value.bv_val); slapi_entry_free( e ); - if (retmalloc) slapi_ch_free_string(&valuecharptr); - if (freetype) slapi_ch_free_string(&type); + if (freeval) slapi_ch_free_string(&value.bv_val); e = NULL; goto done; } } if (flags & SLAPI_STR2ENTRY_USE_OBSOLETE_DNFORMAT) { - dn_aval = slapi_dn_normalize_original(valuecharptr); - slapi_value_set(value, dn_aval, strlen(dn_aval)); + dn_aval = slapi_dn_normalize_original(value.bv_val); + slapi_value_set(svalue, dn_aval, strlen(dn_aval)); } else { - rc = slapi_dn_normalize_ext(valuecharptr, - 0, &dn_aval, &dnlen); + rc = slapi_dn_normalize_ext(value.bv_val, + value.bv_len, &dn_aval, &dnlen); if (rc < 0) { /* Give up normalizing the attribute value */ LDAPDebug2Args(LDAP_DEBUG_TRACE, "str2entry_fast: Invalid DN value: %s: %s\n", type, valuecharptr); - dn_aval = valuecharptr; - dnlen = valuelen; - } - slapi_value_set(value, dn_aval, dnlen); - if (rc > 0) { /* if rc == 0, valuecharptr is passed in */ - slapi_ch_free_string(&dn_aval); + dn_aval = value.bv_val; + dnlen = value.bv_len; } else if (rc == 0) { /* rc == 0; valuecharptr is passed in; not null terminated */ *(dn_aval + dnlen) = '\0'; } + slapi_value_set(svalue, dn_aval, dnlen); + if (rc > 0) { /* if rc == 0, valuecharptr is passed in */ + slapi_ch_free_string(&dn_aval); + } } } else { - slapi_value_set(value, valuecharptr, valuelen); + slapi_value_set_berval(svalue, &value); } - if (freetype) slapi_ch_free_string(&type); /* don't need type anymore */ /* the memory below was not allocated by the slapi_ch_ functions */ - if (retmalloc) slapi_ch_free_string(&valuecharptr); - value->v_csnset = valuecsnset; + if (freeval) slapi_ch_free_string(&value.bv_val); + svalue->v_csnset = valuecsnset; valuecsnset = NULL; { - const CSN *distinguishedcsn= csnset_get_csn_of_type(value->v_csnset,CSN_TYPE_VALUE_DISTINGUISHED); + const CSN *distinguishedcsn= csnset_get_csn_of_type(svalue->v_csnset,CSN_TYPE_VALUE_DISTINGUISHED); if(distinguishedcsn!=NULL) { entry_add_dncsn_ext(e,distinguishedcsn, ENTRY_DNCSN_INCREASING); @@ -490,7 +468,7 @@ str2entry_fast( const char *rawdn, char *s, int flags, int read_stateinfo ) /* consumes the value */ valuearray_add_value_fast( &(*a)->a_deleted_values.va, /* JCM .va is private */ - value, + svalue, del_nvals, &del_maxvals, 0/*!Exact*/, @@ -502,7 +480,7 @@ str2entry_fast( const char *rawdn, char *s, int flags, int read_stateinfo ) /* consumes the value */ valuearray_add_value_fast( &(*a)->a_present_values.va, /* JCM .va is private */ - value, + svalue, nvals, &maxvals, 0 /*!Exact*/, @@ -722,11 +700,12 @@ str2entry_dupcheck( const char *rawdn, char *s, int flags, int read_stateinfo ) int nattrs; int maxattrs = STR2ENTRY_SMALL_BUFFER_SIZE; char *type; + struct berval bvtype; str2entry_attr *sa; int i, j; char *next=NULL; char *valuecharptr=NULL; - int retmalloc = 0; + struct berval bvvalue; int rc; int fast_dup_check = 0; entry_attrs *ea = NULL; @@ -759,27 +738,23 @@ str2entry_dupcheck( const char *rawdn, char *s, int flags, int read_stateinfo ) CSNSet *valuecsnset= NULL; int value_state= VALUE_NOTFOUND; int attr_state= VALUE_NOTFOUND; - int freetype = 0; -#if defined(USE_OPENLDAP) - ber_len_t valuelen; -#else - int valuelen; -#endif + int freeval = 0; + struct berval bv_null = {0, NULL}; if ( *s == '\n' || *s == '\0' ) { break; } - if ( (retmalloc = ldif_parse_line( s, &type, &valuecharptr, &valuelen )) < 0 ) { + bvtype = bv_null; + bvvalue = bv_null; + if ( slapi_ldif_parse_line( s, &bvtype, &bvvalue, &freeval ) < 0 ) { LDAPDebug( LDAP_DEBUG_TRACE, "<= str2entry_dupcheck NULL (parse_line)\n", 0, 0, 0 ); continue; } -#if defined(USE_OPENLDAP) - /* openldap always mallocs type and value */ - retmalloc = 1; - freetype = 1; -#endif + type = bvtype.bv_val; + valuecharptr = bvvalue.bv_val; + /* * Extract the attribute and value CSNs from the attribute type. */ @@ -795,8 +770,7 @@ str2entry_dupcheck( const char *rawdn, char *s, int flags, int read_stateinfo ) { /* ignore deleted values and attributes */ /* the memory below was not allocated by the slapi_ch_ functions */ - if (retmalloc) slapi_ch_free_string(&valuecharptr); - if (freetype) slapi_ch_free_string(&type); + if (freeval) slapi_ch_free_string(&bvvalue.bv_val); csn_free(&attributedeletioncsn); continue; } @@ -812,8 +786,7 @@ str2entry_dupcheck( const char *rawdn, char *s, int flags, int read_stateinfo ) LDAPDebug1Arg(LDAP_DEBUG_TRACE, "str2entry_dupcheck: Invalid DN: %s\n", rawdn); slapi_entry_free( e ); - if (retmalloc) slapi_ch_free_string(&valuecharptr); - if (freetype) slapi_ch_free_string(&type); + if (freeval) slapi_ch_free_string(&bvvalue.bv_val); csn_free(&attributedeletioncsn); return NULL; } @@ -830,8 +803,7 @@ str2entry_dupcheck( const char *rawdn, char *s, int flags, int read_stateinfo ) LDAPDebug1Arg(LDAP_DEBUG_TRACE, "str2entry_fast: Invalid DN: %s\n", rawdn); slapi_entry_free( e ); - if (retmalloc) slapi_ch_free_string(&valuecharptr); - if (freetype) slapi_ch_free_string(&type); + if (freeval) slapi_ch_free_string(&bvvalue.bv_val); csn_free(&attributedeletioncsn); return NULL; } @@ -845,15 +817,14 @@ str2entry_dupcheck( const char *rawdn, char *s, int flags, int read_stateinfo ) } if ( strcasecmp( type, "dn" ) == 0 ) { if ( slapi_entry_get_dn_const(e)!=NULL ) { - char ebuf[ BUFSIZ ]; + char ebuf[ BUFSIZ ], ebuf2[ BUFSIZ ]; LDAPDebug( LDAP_DEBUG_TRACE, "str2entry_dupcheck: entry has multiple dns \"%s\" " "and \"%s\" (second ignored)\n", escape_string( slapi_entry_get_dn_const(e), ebuf ), - escape_string( valuecharptr, ebuf ), 0 ); + escape_string( valuecharptr, ebuf2 ), 0 ); /* the memory below was not allocated by the slapi_ch_ functions */ - if (retmalloc) slapi_ch_free_string(&valuecharptr); - if (freetype) slapi_ch_free_string(&type); + if (freeval) slapi_ch_free_string(&bvvalue.bv_val); csn_free(&attributedeletioncsn); continue; } @@ -862,15 +833,13 @@ str2entry_dupcheck( const char *rawdn, char *s, int flags, int read_stateinfo ) LDAPDebug1Arg(LDAP_DEBUG_TRACE, "str2entry_dupcheck: Invalid DN: %s\n", valuecharptr); slapi_entry_free( e ); e = NULL; - if (retmalloc) slapi_ch_free_string(&valuecharptr); - if (freetype) slapi_ch_free_string(&type); + if (freeval) slapi_ch_free_string(&bvvalue.bv_val); goto free_and_return; } /* normdn is consumed in e */ slapi_entry_set_dn(e, normdn); /* the memory below was not allocated by the slapi_ch_ functions */ - if (retmalloc) slapi_ch_free_string(&valuecharptr); - if (freetype) slapi_ch_free_string(&type); + if (freeval) slapi_ch_free_string(&bvvalue.bv_val); csn_free(&attributedeletioncsn); continue; } @@ -880,8 +849,7 @@ str2entry_dupcheck( const char *rawdn, char *s, int flags, int read_stateinfo ) slapi_entry_set_rdn( e, valuecharptr ); } /* the memory below was not allocated by the slapi_ch_ functions */ - if (retmalloc) slapi_ch_free_string(&valuecharptr); - if (freetype) slapi_ch_free_string(&type); + if (freeval) slapi_ch_free_string(&bvvalue.bv_val); csn_free(&attributedeletioncsn); continue; } @@ -898,8 +866,7 @@ str2entry_dupcheck( const char *rawdn, char *s, int flags, int read_stateinfo ) slapi_entry_set_uniqueid (e, slapi_ch_strdup(valuecharptr)); } /* the memory below was not allocated by the slapi_ch_ functions */ - if (retmalloc) slapi_ch_free_string(&valuecharptr); - if (freetype) slapi_ch_free_string(&type); + if (freeval) slapi_ch_free_string(&bvvalue.bv_val); csn_free(&attributedeletioncsn); continue; } @@ -942,8 +909,7 @@ str2entry_dupcheck( const char *rawdn, char *s, int flags, int read_stateinfo ) if (0 != entry_attrs_new(&ea)) { /* Something very bad happened */ - if (retmalloc) slapi_ch_free_string(&valuecharptr); - if (freetype) slapi_ch_free_string(&type); + if (freeval) slapi_ch_free_string(&bvvalue.bv_val); csn_free(&attributedeletioncsn); return NULL; } @@ -1029,20 +995,19 @@ str2entry_dupcheck( const char *rawdn, char *s, int flags, int read_stateinfo ) "str2entry_dupcheck: strict: Invalid DN value: %s: %s\n", type, valuecharptr); slapi_entry_free( e ); e = NULL; - if (retmalloc) slapi_ch_free_string(&valuecharptr); - if (freetype) slapi_ch_free_string(&type); + if (freeval) slapi_ch_free_string(&bvvalue.bv_val); csn_free(&attributedeletioncsn); goto free_and_return; } } - rc = slapi_dn_normalize_ext(valuecharptr, 0, &dn_aval, &dnlen); + rc = slapi_dn_normalize_ext(bvvalue.bv_val, bvvalue.bv_len, &dn_aval, &dnlen); if (rc < 0) { /* Give up normalizing the attribute value */ LDAPDebug2Args(LDAP_DEBUG_TRACE, "str2entry_dupcheck: Invalid DN value: %s: %s\n", type, valuecharptr); dn_aval = valuecharptr; - dnlen = valuelen; + dnlen = bvvalue.bv_len; } slapi_value_set(value, dn_aval, dnlen); if (rc > 0) { /* if rc == 0, valuecharptr is passed in */ @@ -1052,11 +1017,10 @@ str2entry_dupcheck( const char *rawdn, char *s, int flags, int read_stateinfo ) *(dn_aval + dnlen) = '\0'; } } else { - slapi_value_set(value, valuecharptr, valuelen); + slapi_value_set_berval(value, &bvvalue); } - if (freetype) slapi_ch_free_string(&type); /* the memory below was not allocated by the slapi_ch_ functions */ - if (retmalloc) slapi_ch_free_string(&valuecharptr); + if (freeval) slapi_ch_free_string(&bvvalue.bv_val); value->v_csnset= valuecsnset; valuecsnset= NULL; { diff --git a/ldap/servers/slapd/fedse.c b/ldap/servers/slapd/fedse.c index 642b6af9..74fe0de2 100644 --- a/ldap/servers/slapd/fedse.c +++ b/ldap/servers/slapd/fedse.c @@ -1721,20 +1721,16 @@ int search_easter_egg( Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry *entryAfter, int *returncode, char *returntext, void *arg) { char *fstr= NULL; - int retmalloc= 0; char eggfilter[64]; PR_snprintf(eggfilter,sizeof(eggfilter),"(objectclass=%s)",EGG_OBJECT_CLASS); slapi_pblock_get( pb, SLAPI_SEARCH_STRFILTER, &fstr ); if(fstr!=NULL && strcasecmp(fstr,eggfilter)==0) { static int twiddle= -1; - char *type, *value, *copy; -#if defined(USE_OPENLDAP) - ber_len_t vlen; -#else - int vlen; -#endif + char *copy; + struct berval bvtype; struct berval bv; + int freeval = 0; struct berval *bvals[2]; if (twiddle < 0) { twiddle = slapi_rand(); @@ -1742,17 +1738,15 @@ search_easter_egg( Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry *entr bvals[0] = &bv; bvals[1] = NULL; copy= slapi_ch_strdup(easter_egg_photos[twiddle%NUM_EASTER_EGG_PHOTOS]); - if ( (retmalloc = ldif_parse_line(copy, &type, &value, &vlen)) < 0 ) { + if ( slapi_ldif_parse_line(copy, &bvtype, &bv, &freeval) < 0 ) { return SLAPI_DSE_CALLBACK_ERROR; } - bv.bv_val = value; - bv.bv_len = vlen; slapi_entry_attr_delete(entryBefore, "jpegphoto"); slapi_entry_attr_merge(entryBefore, "jpegphoto", bvals); slapi_ch_free((void**)©); twiddle++; /* the memory below was not allocated by the slapi_ch_ functions */ - if (retmalloc) slapi_ch_free( (void**)&value ); + if (freeval) slapi_ch_free_string(&bv.bv_val); return SLAPI_DSE_CALLBACK_OK; } return SLAPI_DSE_CALLBACK_ERROR; diff --git a/ldap/servers/slapd/ldaputil.c b/ldap/servers/slapd/ldaputil.c index b5c162a9..92b06954 100644 --- a/ldap/servers/slapd/ldaputil.c +++ b/ldap/servers/slapd/ldaputil.c @@ -252,6 +252,91 @@ slapi_ldap_count_values( char **vals ) #endif } +int +slapi_ldap_create_proxyauth_control ( + LDAP *ld, /* only used to get current ber options */ + const char *dn, /* proxy dn */ + const char ctl_iscritical, + int usev2, /* use the v2 (.18) control instead */ + LDAPControl **ctrlp /* value to return */ +) +{ + BerElement *ber = NULL; + int rc = 0; + int beropts = 0; + char *berfmtstr = NULL; + char *ctrloid = NULL; + struct berval *bv = NULL; + + /* note - there is currently no way to get the beroptions from the ld*, + so we just hard code it here */ +#if defined(USE_OPENLDAP) + beropts = LBER_USE_DER; /* openldap seems to use DER by default */ +#endif + if (ctrlp == NULL) { + return LDAP_PARAM_ERROR; + } + if (NULL == dn) { + dn = ""; + } + + if (NULL == (ber = ber_alloc_t(beropts))) { + return LDAP_NO_MEMORY; + } + + if (usev2) { + berfmtstr = "s"; + ctrloid = LDAP_CONTROL_PROXIEDAUTH; + } else { + berfmtstr = "{s}"; + ctrloid = LDAP_CONTROL_PROXYAUTH; + } + + if (LBER_ERROR == ber_printf(ber, berfmtstr, dn)) { + ber_free(ber, 1); + return LDAP_ENCODING_ERROR; + } + + if (LBER_ERROR == ber_flatten(ber, &bv)) { + ber_bvfree(bv); + ber_free(ber, 1); + return LDAP_ENCODING_ERROR; + } + + if (NULL == bv) { + ber_free(ber, 1); + return LDAP_NO_MEMORY; + } + + rc = ldap_control_create(ctrloid, ctl_iscritical, bv, 1, ctrlp); + ber_bvfree(bv); + ber_free(ber, 1); + + return rc; +} + +int +slapi_ldif_parse_line( + char *line, + struct berval *type, + struct berval *value, + int *freeval +) +{ + int rc; +#if defined(USE_OPENLDAP) + rc = ldif_parse_line2(line, type, value, freeval); + /* check that type and value are null terminated */ +#else + int vlen; + rc = ldif_parse_line(line, &type->bv_val, &value->bv_val, &vlen); + type->bv_len = type->bv_val ? strlen(type->bv_val) : 0; + value->bv_len = vlen; + *freeval = 0; /* always returns in place */ +#endif + return rc; +} + /* Perform LDAP init and return an LDAP* handle. If ldapurl is given, that is used as the basis for the protocol, host, port, and whether @@ -462,9 +547,11 @@ slapi_ldap_init_ext( * Set SSL strength (server certificate validity checking). */ if (secure > 0) { -#if !defined(USE_OPENLDAP) +#if defined(USE_OPENLDAP) + char *certdir = config_get_certdir(); + int optval = 0; +#endif /* !USE_OPENLDAP */ int ssl_strength = 0; -#endif LDAP *myld = NULL; /* we can only use the set functions below with a real @@ -477,30 +564,39 @@ slapi_ldap_init_ext( if (config_get_ssl_check_hostname()) { /* check hostname against name in certificate */ #if defined(USE_OPENLDAP) - if ((rc = ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT, "hard"))) { - slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_init_ext", - "failed: unable to set REQUIRE_CERT option to hard\n"); - } + ssl_strength = LDAP_OPT_X_TLS_HARD; #else /* !USE_OPENLDAP */ ssl_strength = LDAPSSL_AUTH_CNCHECK; #endif /* !USE_OPENLDAP */ } else { /* verify certificate only */ #if defined(USE_OPENLDAP) - if ((rc = ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT, "allow"))) { - slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_init_ext", - "failed: unable to set REQUIRE_CERT option to allow\n"); - } + ssl_strength = LDAP_OPT_X_TLS_ALLOW; #else /* !USE_OPENLDAP */ ssl_strength = LDAPSSL_AUTH_CERT; #endif /* !USE_OPENLDAP */ } #if defined(USE_OPENLDAP) + if ((rc = ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, &optval))) { + slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_init_ext", + "failed: unable to create new TLS context\n"); + } + if ((rc = ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &ssl_strength))) { + slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_init_ext", + "failed: unable to set REQUIRE_CERT option to %d\n", ssl_strength); + } + /* tell it where our cert db is */ + if ((rc = ldap_set_option(ld, LDAP_OPT_X_TLS_CACERTDIR, certdir))) { + slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_init_ext", + "failed: unable to set CACERTDIR option to %s\n", certdir); + } + slapi_ch_free_string(&certdir); #if defined(LDAP_OPT_X_TLS_PROTOCOL_MIN) - if ((rc = ldap_set_option(ld, LDAP_OPT_X_TLS_PROTOCOL_MIN, LDAP_OPT_X_TLS_PROTOCOL_SSL3))) { + optval = LDAP_OPT_X_TLS_PROTOCOL_SSL3; + if ((rc = ldap_set_option(ld, LDAP_OPT_X_TLS_PROTOCOL_MIN, &optval))) { slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_init_ext", - "failed: unable to set minimum TLS protocol level to SSL3n"); + "failed: unable to set minimum TLS protocol level to SSL3\n"); } #endif /* LDAP_OPT_X_TLS_PROTOCOL_MIN */ #else /* !USE_OPENLDAP */ @@ -512,7 +608,7 @@ slapi_ldap_init_ext( slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_init_ext", "failed: unable to set SSL options (" - SLAPI_COMPONENT_NAME_NSPR " error %d - %s)", + SLAPI_COMPONENT_NAME_NSPR " error %d - %s)\n", prerr, slapd_pr_strerror(prerr)); } diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h index 87125e25..5ac1fa1c 100644 --- a/ldap/servers/slapd/slapi-plugin.h +++ b/ldap/servers/slapd/slapi-plugin.h @@ -5062,6 +5062,22 @@ slapi_ldap_bind( int *msgidp /* pass in non-NULL for async handling */ ); +int +slapi_ldap_create_proxyauth_control ( + LDAP *ld, /* only used to get current ber options */ + const char *dn, /* proxy dn */ + const char ctl_iscritical, + int usev2, /* use the v2 (.18) control instead */ + LDAPControl **ctrlp /* value to return */ +); + +int +slapi_ldif_parse_line( + char *line, /* line to parse */ + struct berval *type, /* attribute type to return */ + struct berval *value, /* attribute value to return */ + int *freeval /* values will usually be returned in place as pointers into line - if the value is a url, the value will be malloced and must be freed by the caller */ +); /* * computed attributes diff --git a/ldap/servers/slapd/tools/ldclt/ldapfct.c b/ldap/servers/slapd/tools/ldclt/ldapfct.c index aeecf4b9..efd64ed5 100644 --- a/ldap/servers/slapd/tools/ldclt/ldapfct.c +++ b/ldap/servers/slapd/tools/ldclt/ldapfct.c @@ -267,8 +267,9 @@ int ldclt_create_deref_control( LDAP *ld, char *derefAttr, char **attrs, LDAPCon #if !defined(USE_OPENLDAP) int ldclt_build_control( char *oid, BerElement *ber, int freeber, char iscritical, LDAPControl **ctrlp ); -int ldclt_alloc_ber( LDAP *ld, BerElement **berp ); #endif +int ldclt_alloc_ber( LDAP *ld, BerElement **berp ); + /* **************************************************************************** FUNCTION : my_ldap_err2string @@ -4233,6 +4234,9 @@ ldclt_create_deref_control( { BerElement *ber; int rc; +#if defined(USE_OPENLDAP) + struct berval *bv = NULL; +#endif if (ld == 0) { return( LDAP_PARAM_ERROR ); @@ -4243,12 +4247,7 @@ ldclt_create_deref_control( return ( LDAP_PARAM_ERROR ); } - /* create a ber package to hold the controlValue */ -#if defined(USE_OPENLDAP) - if ( NULL == ( ber = ldap_alloc_ber_with_options( ld ) ) ) -#else if ( LDAP_SUCCESS != ldclt_alloc_ber( ld, &ber ) ) -#endif { return( LDAP_NO_MEMORY ); } @@ -4260,9 +4259,21 @@ ldclt_create_deref_control( } #if defined(USE_OPENLDAP) - rc = ldap_create_control( LDAP_CONTROL_X_DEREF, ber, 1, ctrlp ); + if ( LBER_ERROR == ber_flatten(ber, &bv) ) { + ber_bvfree( bv ); + ber_free( ber, 1 ); + return( LDAP_ENCODING_ERROR ); + } + if ( NULL == bv ) { + ber_free( ber, 1 ); + return( LDAP_NO_MEMORY ); + } + rc = ldap_control_create( LDAP_CONTROL_X_DEREF, 1, bv, 1, ctrlp ); + ber_bvfree( bv ); + ber_free( ber, 1 ); #else rc = ldclt_build_control( LDAP_CONTROL_X_DEREF, ber, 1, 1, ctrlp ); + ber_free( ber, 1 ); #endif return( rc ); @@ -4323,6 +4334,7 @@ ldclt_build_control( char *oid, BerElement *ber, int freeber, char iscritical, return( LDAP_SUCCESS ); } +#endif /* * Duplicated nsldapi_build_control from @@ -4334,9 +4346,14 @@ int ldclt_alloc_ber( LDAP *ld, BerElement **berp ) { int err; - + int beropt; +#if defined(USE_OPENLDAP) + beropt = LBER_USE_DER; +#else + beropt = LBER_OPT_USE_DER; +#endif /* We use default lberoptions since the value is not public in mozldap. */ - if (( *berp = ber_alloc_t( LBER_OPT_USE_DER )) == (BerElement *)NULL ) { + if (( *berp = ber_alloc_t( beropt )) == (BerElement *)NULL ) { err = LDAP_NO_MEMORY; } else { err = LDAP_SUCCESS; @@ -4344,6 +4361,5 @@ ldclt_alloc_ber( LDAP *ld, BerElement **berp ) return( err ); } -#endif /* End of file */ |