Possible bug in acl.c
by Kean Johnston
Assumption: the following ACL should result in $0 being expanded for the set:
access to dn.one="ou=hosts,dc=example,dc=com" attrs=authorizedService
by set.expand="[cn=access,$0]/member* & user" compare
by * =rsdx break
Reason for assumption: man slapd.access states:
Forms of the <what> clause other than regex may provide submatches as
well. The base(object), the sub(tree), the one(level), and the chil-
dren forms provide $0 as the match of the entire string. The
sub(tree), the one(level), and the children forms also provide $1 as
the match of the rightmost part of the DN as defined in the <what>
clause.
Bug: does not work as expected. The reason is that in slap.h slap_style_t
starts with ACL_STYLE_REGEX = 0, so any structure that uses slap_style_t
and uses memset to null out the structure will have its default style be
ACL_STYLE_REGEX. In acl.c there are 4 places where you test for
ACL_STYLE_REGEX on a->acl_attrval_style without checking if an actual
attribute value was supplied. The patch below fixes those cases. The better
(arguably) fix would be to change slap_style_t to start with ACL_STYLE_NONE
= 0, and then explicitly set the style when it is encountered in
aclparse.c. However, I did not want to change slap.h in case it changes
some ABI and the change to aclparse.c is larger.
As things currently stand, dn.expand, set.expand and group.expand will not
expand $0 and $1 as documented if you use dn.{base,one,sub,children} in the
what clause.
If my assumptions are correct and this should work, I will file a proper
bug in ITS.
Kean
--- acl.c.jkj 2010-04-13 07:06:12.000000000 -0500
+++ acl.c 2010-04-13 07:09:56.000000000 -0500
@@ -794,7 +794,8 @@
MATCHES_MEMSET( &tmp_matches );
tmp_data = &tmp_matches.dn_data[0];
- if ( a->acl_attrval_style == ACL_STYLE_REGEX )
+ if ( a->acl_attrval.bv_len &&
+ ( a->acl_attrval_style == ACL_STYLE_REGEX ) )
tmp_matchesp = matches;
else switch ( a->acl_dn_style ) {
case ACL_STYLE_REGEX:
@@ -861,7 +862,8 @@
bv.bv_val = buf;
/* Expand value regex */
- if ( a->acl_attrval_style == ACL_STYLE_REGEX )
+ if ( a->acl_attrval.bv_len &&
+ ( a->acl_attrval_style == ACL_STYLE_REGEX ) )
tmp_matchesp = matches;
else switch ( a->acl_dn_style ) {
case ACL_STYLE_REGEX:
@@ -1548,7 +1550,8 @@
rc = 0;
- if ( a->acl_attrval_style == ACL_STYLE_REGEX )
+ if ( a->acl_attrval.bv_len &&
+ ( a->acl_attrval_style == ACL_STYLE_REGEX ) )
tmp_matchesp = matches;
else switch ( a->acl_dn_style ) {
case ACL_STYLE_REGEX:
@@ -1638,7 +1641,8 @@
rc = 0;
- if ( a->acl_attrval_style == ACL_STYLE_REGEX )
+ if ( a->acl_attrval.bv_len &&
+ ( a->acl_attrval_style == ACL_STYLE_REGEX ) )
tmp_matchesp = matches;
else switch ( a->acl_dn_style ) {
case ACL_STYLE_REGEX:
13 years, 8 months
- 1
- 0
back-perl config
by Howard Chu
back-perl has not been migrated to support cn=config yet. Conversion looks
pretty straightforward, but for one detail. Currently slapd.conf will send any
unrecognized keywords to the perl module's config handler to give it a chance
to implement whatever it needs. I suggest adding a new perlconfig keyword for
this purpose instead.
Also, it's not clear that we have any way to convey dynamic config changes
(mainly deletes) to the perl module. Suggestions?
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
13 years, 8 months
- 1
- 0
Fwd: [Berkeley DB Announce] Berkeley DB 11gR2 (11.2.5.0.21) - New Release, Major Revision
by Howard Chu
Looks like the major addition is the SQLite work-alike API. Not much of
interest to us here, possibly some of the lock bugs they fixed may be relevant.
-------- Original Message --------
Subject: [Berkeley DB Announce] Berkeley DB 11gR2 (11.2.5.0.21) - New Release,
Major Revision
Date: Wed, 31 Mar 2010 14:17:56 -0700 (PDT)
From: Announcements related to the Berkeley DB product family. <bdb(a)oracle.com>
Reply-To: bdb(a)oss.oracle.com
To: bdb(a)oss.oracle.com
Berkeley DB 11gR2 (11.2.5.0.21)
http://www.oracle.com/database/berkeley-db/
http://www.oracle.com/technology/products/berkeley-db/
http://www.oracle.com/technology/products/berkeley-db/sql.html
Berkeley DB 11gR2 (11.2.5.0.21) is a major new release. Berkeley DB now
includes a SQL API for relational data storage based on SQLite. This release
uses the Oracle standard marketing naming (11gR2), however the revision
number's last three components map to the historic versioning pattern (5.0.21)
to help maintain consistency.
NEW IN THIS RELEASE:
* SQL
* SQL/Relational access via integration with SQLite
* Support for SQL92, ODBC and JDBC
* Drop-in replacement for any SQLite-based solution
* New Documentation covering the SQL API
* SQL Performance
* 10s of thousands of INSERTS/UPDATES/DELETES per-second
* 100s of thousands of SELECTs per-second
* Approximately as fast as SQLite for reads (within 10%)
* About 3X faster than SQLite for updates/writes
* Has fine grained locking which leads to better read/write concurrency
* 6-8x more transactions/second compared to SQLite when using multiple threads
* Other Features
* Support for DTrace/SystemTap performance monitoring
* Automatic resource management: close open database and cursor handles on
environment close
* Transaction priorities
* Compact to reclaim unused spaces in hash databases to match similar
existing feature for btrees
* Log file portability across different endian machines
* High Availability
* Client-to-client synchronization
* Read-after-write consistency on replicas
* Integration with other Oracle Products
* Synchronization with Oracle Database Server using Oracle Mobile Sync Server
The complete list of changes can also be found in the change log page.
http://www.oracle.com/technology/documentation/berkeley-db/db/installatio...
QUOTES:
"Oracle Berkeley DB 11gR2 combines seamlessly the benefits of SQLite's
ubiquitous API with Berkeley DB's concurrency and performance into an
easy-to-use product. SQLite users can now benefit from enhanced concurrency
and performance, and Oracle Berkeley DB users can now benefit from an
easy-to-use SQL API."
- Dr. Richard Hipp, architect, SQLite
"Berkeley DB's new SQLite-compatible SQL API offers powerful features not only
for its users but to the SQLite community at large. Berkeley DB developers now
have a proven embedded SQL engine to make application development even easier.
SQLite users now have the option of a powerful, industry-supported storage
engine that is built from the ground up for high-concurrency, and which
includes powerful features like built-in replication and hot backups. The
combination of the two technologies provides all developers with tremendous
flexibility in that a single SQL/API can now be used across a broad spectrum
of applications ranging from the embedded space all the way up to large-scale
transaction processing. Oracle has done a fantastic job of not only
integrating the technologies, but also being an exemplary participant in the
open source community by contributing time, expertise and resources to the
SQLite project."
- Mike Owens, author of "The Definitive Guide to SQLite"
"Berkeley DB 11gR2 is a very interesting product mainly because it combines
the familiar SQLite sqlite3() API with the powerful, proven Berkeley DB data
storage technology. I was able to re-compile my SQLiteManager product against
the Berkeley DB library without any major issues in very little time. I have
now a product that is fully able to manage Berkeley DB databases without
changing a single line of my code. So far performance and concurrency are
excellent and I am thrilled to think about the future improvements of this
great product."
- Marco Bambini, CEO of SQLabs
"Berkley DB 11gR2 is, in my experience, a fully drop-in replacement for
SQLite3. I was hugely surprised at just how easy it was; I'd had zero
experience in using Berkeley DB in products before, but within a couple hours
I had my application powered by Berkeley DB. From there onwards, you can enjoy
all the benefits of Berkeley DB including concurrency and long term stability
compared to SQLite3 from an API you're already familiar with. It's quite
simply amazing."
- Liam McLoughlin, Chromium OS independent developer
DOWNLOAD:
http://www.oracle.com/technology/software/products/berkeley-db
http://www.oracle.com/technology/software/products/berkeley-db/db
Berkeley DB .tar.gz, with AES encryption
http://download.oracle.com/berkeley-db/db-5.0.21.tar.gz
Berkeley DB .zip, with AES encryption
http://download.oracle.com/berkeley-db/db-5.0.21.zip
Berkeley DB .msi Windows installer, with AES encryption
http://download.oracle.com/berkeley-db/db-5.0.21.msi
Berkeley DB NC.tar.gz , without encryption
http://download.oracle.com/berkeley-db/db-5.0.21.NC.tar.gz
Berkeley DB .NC.zip, without encryption
http://download.oracle.com/berkeley-db/db-5.0.21.NC.zip
EDUCATION:
Documentation page:
http://www.oracle.com/technology/documentation/berkeley-db/db
You may find an answer on our product FAQ page:
http://www.oracle.com/technology/products/berkeley-db/faq/db_faq.html
Join OTN today and participate in the Berkeley DB Support Forum and discussions.
General Questions
http://forums.oracle.com/forums/forum.jspa?forumID=271
Questions on HA/Replication
http://forums.oracle.com/forums/forum.jspa?forumID=272
For further information, please contact us at:
mailto:berkeleydb-info_us@oracle.com
Thank you for your support of Berkeley DB.
-greg
Greg Burd | Product Manager | Oracle Berkeley DB
_______________________________________________
BDB mailing list
BDB(a)oss.oracle.com
http://oss.oracle.com/mailman/listinfo/bdb
13 years, 8 months
- 1
- 0