Ticket 49328 - Cleanup source code

Description:  Source code cleanup:
               - ran clang-format
               - Removed all trailing white space
               - Removed all tabs

https://pagure.io/389-ds-base/issue/49328

Reviewed by: firstyear, lkrispenz, tbordaz (Thanks!!!)

.clang-format

@@ -35,7 +35,7 @@ IndentWidth:     4
 TabWidth:        4
 UseTab:          Never
 SpaceBeforeAssignmentOperators: true
-BreakBeforeBraces: Attach
+BreakBeforeBraces: Mozilla
 IndentFunctionDeclarationAfterType: false
 SpacesInParentheses: false
 SpacesInAngles:  false
@@ -44,5 +44,6 @@ SpacesInCStyleCastParentheses: false
 SpaceAfterControlStatementKeyword: true
 ContinuationIndentWidth: 4
 SortIncludes: false
+AlwaysBreakAfterReturnType: TopLevelDefinitions
 ...
 

include/base/crit.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef BASE_CRIT_H
@@ -22,9 +22,9 @@
  * crit.h: Critical section abstraction. Used in threaded servers to protect
  *         areas where two threads can interfere with each other.
  *
- *         Condvars are condition variables that are used for thread-thread 
+ *         Condvars are condition variables that are used for thread-thread
  *         synchronization.
- * 
+ *
  * Rob McCool
  */
 
@@ -43,17 +43,17 @@
 
 class NSAPI_PUBLIC CriticalSection
 {
-public:
+    public:
     CriticalSection();
     ~CriticalSection();
-    void Acquire(){PR_EnterMonitor(_crtsec);}
-    void Release(){PR_ExitMonitor(_crtsec);}
+    void Acquire() { PR_EnterMonitor(_crtsec); }
+    void Release() { PR_ExitMonitor(_crtsec); }
 
-private:
+    private:
     PRMonitor *_crtsec;
 };
 
-inline CriticalSection::CriticalSection():_crtsec(0)
+inline CriticalSection::CriticalSection() : _crtsec(0)
 {
     _crtsec = PR_NewMonitor();
     PR_ASSERT(_crtsec);
@@ -65,20 +65,21 @@ inline CriticalSection::~CriticalSection()
         PR_DestroyMonitor(_crtsec);
 }
 
-class SafeLock {
- public:
-    SafeLock (CriticalSection&);		// acquire lock
-    ~SafeLock (); 						// release lock
- private:
-    CriticalSection& lock; 
+class SafeLock
+{
+    public:
+    SafeLock(CriticalSection &);  // acquire lock
+    ~SafeLock();                  // release lock
+    private:
+    CriticalSection &lock;
 };
 
-inline SafeLock::SafeLock (CriticalSection& _lock) : lock(_lock)
+inline SafeLock::SafeLock(CriticalSection &_lock) : lock(_lock)
 {
     lock.Acquire();
 }
 
-inline SafeLock::~SafeLock ()
+inline SafeLock::~SafeLock()
 {
     lock.Release();
 }
@@ -94,7 +95,7 @@ NSPR_BEGIN_EXTERN_C
 NSAPI_PUBLIC int crit_owner_is_me(CRITICAL id);
 
 /*
- * INTcrit_init creates and returns a new critical section variable. At the 
+ * INTcrit_init creates and returns a new critical section variable. At the
  * time of creation no one has entered it.
  */
 NSAPI_PUBLIC CRITICAL INTcrit_init(void);
@@ -120,8 +121,8 @@ NSAPI_PUBLIC void INTcrit_terminate(CRITICAL id);
 
 
 /*
- * INTcondvar_init initializes and returns a new condition variable. You 
- * must provide a critical section to be associated with this condition 
+ * INTcondvar_init initializes and returns a new condition variable. You
+ * must provide a critical section to be associated with this condition
  * variable.
  */
 NSAPI_PUBLIC CONDVAR INTcondvar_init(CRITICAL id);
@@ -158,13 +159,13 @@ NSAPI_PUBLIC void INTcondvar_terminate(CONDVAR cv);
 
 
 /*
- * Create a counting semaphore.  
+ * Create a counting semaphore.
  * Return non-zero on success, 0 on failure.
  */
 NSAPI_PUBLIC COUNTING_SEMAPHORE INTcs_init(int initial_count);
 
 /*
- * Destroy a counting semaphore 
+ * Destroy a counting semaphore
  */
 NSAPI_PUBLIC void INTcs_terminate(COUNTING_SEMAPHORE csp);
 

include/base/dbtbase.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 
@@ -21,207 +21,207 @@ static char dbtbaseid[] = "$DBT: base referenced v1 $";
 #include "i18n.h"
 
 BEGIN_STR(base)
-	ResDef( DBT_LibraryID_, -1, dbtbaseid )/* extracted from dbtbase.h*/
-	ResDef( DBT_insufficientMemoryToCreateHashTa_, 1, "insufficient memory to create hash table" )/*extracted from cache.cpp*/
-	ResDef( DBT_insufficientMemoryToCreateHashTa_1, 2, "insufficient memory to create hash table" )/*extracted from cache.cpp*/
-	ResDef( DBT_cacheDestroyCacheTablesAppearCor_, 3, "cache_destroy: cache tables appear corrupt." )/*extracted from cache.cpp*/
-	ResDef( DBT_unableToAllocateHashEntry_, 4, "unable to allocate hash entry" )/*extracted from cache.cpp*/
-	ResDef( DBT_cacheInsertUnableToCreateCacheEn_, 5, "cache_insert: unable to create cache entry" )/*extracted from cache.cpp*/
-	ResDef( DBT_http10200OkNcontentTypeTextHtmlN_, 6, "HTTP/1.0 200 OK\nContent-type: text/html\n\n" )/*extracted from cache.cpp*/
-	ResDef( DBT_H2NetscapeCacheStatusReportH2N_, 7, "<H2>Cache status report</H2>\n" )/*extracted from cache.cpp*/
-	ResDef( DBT_noCachesOnSystemP_, 8, "No caches on system<P>" )/*extracted from cache.cpp*/
-	ResDef( DBT_H2SCacheH2N_, 9, "<H2>%s cache</H2>\n" )/*extracted from cache.cpp*/
-	ResDef( DBT_cacheHitRatioDDFPNPN_, 10, "Cache hit ratio: %d/%d (%f)</P>\n</P>\n" )/*extracted from cache.cpp*/
-	ResDef( DBT_cacheSizeDDPNPN_, 11, "Cache size: %d/%d</P>\n</P>\n" )/*extracted from cache.cpp*/
-	ResDef( DBT_hashTableSizeDPNPN_, 12, "Hash table size: %d</P>\n</P>\n" )/*extracted from cache.cpp*/
-	ResDef( DBT_mruDPNlruDPN_, 13, "mru       : %d</P>\nlru       : %d</P>\n" )/*extracted from cache.cpp*/
-	ResDef( DBT_UlTableBorder4ThBucketThThAddres_, 14, "<UL><TABLE BORDER=4> <TH>Bucket</TH> <TH>Address</TH> <TH>Key</TH> <TH>Access Count</TH> <TH>Delete</TH> <TH>Next</TH> <TH>LRU</TH> <TH>MRU</TH> <TH>Data</TH>\n" )/*extracted from cache.cpp*/
-	ResDef( DBT_munmapFailedS_, 15, "munmap failed (%s)" )/*extracted from buffer.cpp*/
-	ResDef( DBT_munmapFailedS_1, 16, "munmap failed (%s)" )/*extracted from buffer.cpp*/
-	ResDef( DBT_closeFailedS_, 17, "close failed (%s)" )/*extracted from buffer.cpp*/
-	ResDef( DBT_daemonUnableToForkNewProcessSN_, 18, "daemon: unable to fork new process (%s)\n" )/*extracted from daemon.cpp*/
-	ResDef( DBT_daemonSetsidFailedSN_, 19, "daemon: setsid failed (%s)\n" )/*extracted from daemon.cpp*/
-	ResDef( DBT_daemonCanTLogPidToSSN_, 20, "daemon: can't log pid to %s (%s)\n" )/*extracted from daemon.cpp*/
-	ResDef( DBT_warningCouldNotSetGroupIdToDSN_, 21, "warning: could not set group id to %d (%s)\n" )/*extracted from daemon.cpp*/
-	ResDef( DBT_warningCouldNotSetUserIdToDSN_, 22, "warning: could not set user id to %d (%s)\n" )/*extracted from daemon.cpp*/
-	ResDef( DBT_warningDaemonIsRunningAsSuperUse_, 23, "warning: daemon is running as super-user\n" )/*extracted from daemon.cpp*/
-	ResDef( DBT_couldNotDetermineCurrentUserName_, 24, "could not determine current user name\n" )/*extracted from daemon.cpp*/
-	ResDef( DBT_errorChrootToSFailedSN_, 25, "error: chroot to %s failed (%s)\n" )/*extracted from daemon.cpp*/
-	ResDef( DBT_AddressS_, 27, ", address %s" )/*extracted from daemon.cpp*/
-	ResDef( DBT_warningStatisticsDisabledSN_, 28, "warning: statistics disabled (%s)\n" )/*extracted from daemon.cpp*/
-	ResDef( DBT_securityHandshakeTimedOutForPidD_, 29, "security handshake timed out for pid %d" )/*extracted from daemon.cpp*/
-	ResDef( DBT_warningStatisticsDisabledSN_1, 30, "warning: statistics disabled (%s)\n" )/*extracted from daemon.cpp*/
-	ResDef( DBT_secureHandshakeFailedCodeDN_, 31, "secure handshake failed (code %d)\n" )/*extracted from daemon.cpp*/
-	ResDef( DBT_acceptFailedS_, 32, "accept failed (%s)" )/*extracted from daemon.cpp*/
-	ResDef( DBT_warningStatisticsDisabledSN_2, 33, "warning: statistics disabled (%s)\n" )/*extracted from daemon.cpp*/
-	ResDef( DBT_selectThreadMiss_, 34, "select thread miss" )/*extracted from daemon.cpp*/
-	ResDef( DBT_keepaliveWorkerAwokenWithNoWorkT_, 35, "keepalive worker awoken with no work to do" )/*extracted from daemon.cpp*/
-	ResDef( DBT_couldNotCreateNewThreadDS_, 36, "could not create new thread: %d (%s)" )/*extracted from daemon.cpp*/
-	ResDef( DBT_waitForSemaSucceededButNothingTo_, 37, "wait for sema succeeded, but nothing to dequeue" )/*extracted from daemon.cpp*/
-	ResDef( DBT_queueSemaCreationFailure_, 38, "queue-sema creation failure" )/*extracted from daemon.cpp*/
-	ResDef( DBT_errorGettingProcessorInfoForProc_, 39, "error getting processor info for processor %d" )/*extracted from daemon.cpp*/
-	ResDef( DBT_errorBindingToProcessorD_, 40, "Error binding to processor %d" )/*extracted from daemon.cpp*/
-	ResDef( DBT_boundProcessDToProcessorD_, 41, "bound process %d to processor %d" )/*extracted from daemon.cpp*/
-	ResDef( DBT_netscapeServerIsNotExplicitlyBin_, 42, "Server is not explicitly binding to any processors." )/*extracted from daemon.cpp*/
-	ResDef( DBT_cacheMonitorExited_, 43, "cache monitor exited" )/*extracted from daemon.cpp*/
-	ResDef( DBT_cacheBatchUpdateDaemonExited_, 44, "cache batch update daemon exited" )/*extracted from daemon.cpp*/
-	ResDef( DBT_usingSingleThreadedAccepts_, 45, "Using single threaded accepts." )/*extracted from daemon.cpp*/
-	ResDef( DBT_usingMultiThreadedAccepts_, 46, "Using multi threaded accepts." )/*extracted from daemon.cpp*/
-	ResDef( DBT_usingPartialSingleThreadedAccept_, 47, "Using partial single threaded accepts." )/*extracted from daemon.cpp*/
-	ResDef( DBT_thisMachineHasDProcessors_, 48, "This machine has %d processors." )/*extracted from daemon.cpp*/
-	ResDef( DBT_errorCallingThrSeconcurrencyDS_, 49, "Error calling thr_seconcurrency(%d)- (%s)" )/*extracted from daemon.cpp*/
-	ResDef( DBT_setConncurrencyToD_, 50, "Set conncurrency to %d." )/*extracted from daemon.cpp*/
-	ResDef( DBT_warningNetscapeExecutableAndLibr_, 51, "WARNING! executable and library have different versions.\n" )/*extracted from daemon.cpp*/
-	ResDef( DBT_seminitFailedSN_, 54, "seminit failed (%s)\n" )/*extracted from daemon.cpp*/
-	ResDef( DBT_thisBetaSoftwareHasExpiredN_, 55, "This beta software has expired.\n" )/*extracted from daemon.cpp*/
-	ResDef( DBT_cacheMonitorRespawned_, 56, "Cache monitor respawned" )/*extracted from daemon.cpp*/
-	ResDef( DBT_cacheBatchUpdateDaemonRespawned_, 57, "Cache batch update daemon respawned" )/*extracted from daemon.cpp*/
-	ResDef( DBT_canTFindEmptyStatisticsSlot_, 58, "can't find empty statistics slot" )/*extracted from daemon.cpp*/
-	ResDef( DBT_canTForkNewProcessS_, 59, "can't fork new process (%s)" )/*extracted from daemon.cpp*/
-	ResDef( DBT_assertFailedSN_, 60, "assert failed! %s\n" )/*extracted from multiplex.c*/
-	ResDef( DBT_mrTableInit_, 61, "mr_table_init()" )/*extracted from multiplex.c*/
-	ResDef( DBT_mallocFailed_, 62, "malloc failed" )/*extracted from multiplex.c*/
-	ResDef( DBT_mallocFailed_1, 63, "malloc failed!" )/*extracted from multiplex.c*/
-	ResDef( DBT_mrAddIoDTypeDFileD_, 64, "mr_add_io(%d, type %d, file %d)" )/*extracted from multiplex.c*/
-	ResDef( DBT_mrAddIoStage1_, 65, "mr_add_io - stage 1" )/*extracted from multiplex.c*/
-	ResDef( DBT_mrAddIoStage2_, 66, "mr_add_io - stage 2" )/*extracted from multiplex.c*/
-	ResDef( DBT_mrAddIoFoundInvalidIoTypeD_, 67, "mr_add_io found invalid IO type %d" )/*extracted from multiplex.c*/
-	ResDef( DBT_mrAddIoAddingTimeout_, 68, "mr_add_io - adding timeout" )/*extracted from multiplex.c*/
-	ResDef( DBT_outOfMemoryN_, 69, "Out of memory!\n" )/*extracted from multiplex.c*/
-	ResDef( DBT_doneWithMrAddIo_, 70, "done with mr_add_io" )/*extracted from multiplex.c*/
-	ResDef( DBT_mrDelIoDTypeDFileD_, 71, "mr_del_io(%d, type %d, file %d)" )/*extracted from multiplex.c*/
-	ResDef( DBT_mrDelIoFoundInvalidIoTypeD_, 72, "mr_del_io found invalid IO type %d" )/*extracted from multiplex.c*/
-	ResDef( DBT_mrLookupIoD_, 73, "mr_lookup_io(%d)" )/*extracted from multiplex.c*/
-	ResDef( DBT_mrAsyncIoDDBytesFileD_, 74, "mr_async_io(%d, %d bytes, file %d)" )/*extracted from multiplex.c*/
-	ResDef( DBT_mallocFailureAddingAsyncIo_, 75, "malloc failure adding async IO" )/*extracted from multiplex.c*/
-	ResDef( DBT_errorAddingAsyncIo_, 76, "Error adding async io!" )/*extracted from multiplex.c*/
-	ResDef( DBT_cannotSeekForRead_, 77, "Cannot seek for read!" )/*extracted from multiplex.c*/
-	ResDef( DBT_readFailureDS_, 78, "read failure! (%d, %s)" )/*extracted from multiplex.c*/
-	ResDef( DBT_doReadReadDBytesForFileD_, 79, "do_read read %d bytes for file %d" )/*extracted from multiplex.c*/
-	ResDef( DBT_cannotSeekForWrite_, 80, "Cannot seek for write!" )/*extracted from multiplex.c*/
-	ResDef( DBT_writevFailureDS_, 81, "writev failure! (%d, %s)" )/*extracted from multiplex.c*/
-	ResDef( DBT_writeFailureDS_, 82, "write failure! (%d, %s)" )/*extracted from multiplex.c*/
-	ResDef( DBT_doWriteWroteDBytesForFileD_, 83, "do_write wrote %d bytes for file %d" )/*extracted from multiplex.c*/
-	ResDef( DBT_doTimeoutMrpD_, 84, "do_timeout(mrp %d)" )/*extracted from multiplex.c*/
-	ResDef( DBT_doTimeoutFoundIoTimerDTimeD_, 85, "do_timeout: found IO (timer=%d, time=%d)" )/*extracted from multiplex.c*/
-	ResDef( DBT_errorDeletingIo_, 86, "error deleting io" )/*extracted from multiplex.c*/
-	ResDef( DBT_timeoutCallbackFailureForDN_, 87, "timeout callback failure for %d\n" )/*extracted from multiplex.c*/
-	ResDef( DBT_mrGetEventDOutstandingIoD_, 88, "mr_get_event(%d) - outstanding io %d" )/*extracted from multiplex.c*/
-	ResDef( DBT_mrGetEventWaitingForReadsOnFd_, 89, "mr_get_event: Waiting for reads on FD:" )/*extracted from multiplex.c*/
-	ResDef( DBT_mrGetEventWaitingForWritesOnFd_, 90, "mr_get_event: Waiting for writes on FD:" )/*extracted from multiplex.c*/
-	ResDef( DBT_TD_, 91, "\t%d" )/*extracted from multiplex.c*/
-	ResDef( DBT_TD_1, 92, "\t%d" )/*extracted from multiplex.c*/
-	ResDef( DBT_mrGetEventSetNoTimeout_, 93, "mr_get_event set no timeout" )/*extracted from multiplex.c*/
-	ResDef( DBT_mrGetEventSetTimeoutToDDSec_, 94, "mr_get_event set timeout to: %d.%d sec" )/*extracted from multiplex.c*/
-	ResDef( DBT_errorInSelectDS_, 95, "error in select (%d, %s)" )/*extracted from multiplex.c*/
-	ResDef( DBT_mrGetEventSelectFoundD_, 96, "mr_get_event() - select found %d" )/*extracted from multiplex.c*/
-	ResDef( DBT_errorLookingUpIoFdD_, 97, "error looking up IO fd %d" )/*extracted from multiplex.c*/
-	ResDef( DBT_readFailedForFdD_, 98, "read failed for fd %d" )/*extracted from multiplex.c*/
-	ResDef( DBT_errorDeletingIo_1, 99, "error deleting io" )/*extracted from multiplex.c*/
-	ResDef( DBT_callbackFailureForDN_, 100, "callback failure for %d\n" )/*extracted from multiplex.c*/
-	ResDef( DBT_errorLookingUpIoFdD_1, 101, "error looking up IO fd %d" )/*extracted from multiplex.c*/
-	ResDef( DBT_writingHeaderLenDWritelenDTotalD_, 102, "writing: header len %d, writelen %d, total %d" )/*extracted from multiplex.c*/
-	ResDef( DBT_writeFailedForFdD_, 103, "write failed for fd %d" )/*extracted from multiplex.c*/
-	ResDef( DBT_errorDeletingIo_2, 104, "error deleting io" )/*extracted from multiplex.c*/
-	ResDef( DBT_callbackFailureForDN_1, 105, "callback failure for %d\n" )/*extracted from multiplex.c*/
-	ResDef( DBT_errorCreatingDnsCache_, 106, "Error creating dns cache" )/*extracted from dns_cache.cpp*/
-	ResDef( DBT_dnsCacheInitHashSize0UsingD_, 107, "dns_cache_init: hash_size <= 0, using %d" )/*extracted from dns_cache.cpp*/
-	ResDef( DBT_dnsCacheInitCacheSizeDUsingD_, 108, "dns_cache_init: cache-size <= %d, using %d" )/*extracted from dns_cache.cpp*/
-	ResDef( DBT_dnsCacheInitCacheSizeIsDIsTooLar_, 109, "dns_cache_init: cache-size is %d is too large, using %d." )/*extracted from dns_cache.cpp*/
-	ResDef( DBT_dnsCacheInitExpireTime0UsingD_, 110, "dns_cache_init: expire_time <= 0, using %d" )/*extracted from dns_cache.cpp*/
-	ResDef( DBT_dnsCacheInitExpireIsDIsTooLargeU_, 111, "dns_cache_init: expire is %d is too large, using %d seconds." )/*extracted from dns_cache.cpp*/
-	ResDef( DBT_errorCreatingDnsCache_1, 112, "Error creating dns cache" )/*extracted from dns_cache.cpp*/
-	ResDef( DBT_dnsCacheInsertErrorAllocatingEnt_, 113, "dns-cache-insert: Error allocating entry" )/*extracted from dns_cache.cpp*/
-	ResDef( DBT_dnsCacheInsertMallocFailure_, 114, "dns-cache-insert: malloc failure" )/*extracted from dns_cache.cpp*/
-	ResDef( DBT_successfulServerStartup_, 115, "successful server startup" )/*extracted from ereport.cpp*/
-	ResDef( DBT_SBS_, 116, "%s B%s" )/*extracted from ereport.cpp*/
-	ResDef( DBT_netscapeExecutableAndSharedLibra_, 117, "executable and shared library have different versions" )/*extracted from ereport.cpp*/
-	ResDef( DBT_executableVersionIsS_, 118, "   executable version is %s" )/*extracted from ereport.cpp*/
-	ResDef( DBT_sharedLibraryVersionIsS_, 119, "   shared library version is %s" )/*extracted from ereport.cpp*/
-	ResDef( DBT_errorReportingShuttingDown_, 120, "error reporting shutting down" )/*extracted from ereport.cpp*/
-	ResDef( DBT_warning_, 121, "warning" )/*extracted from ereport.cpp*/
-	ResDef( DBT_config_, 122, "config" )/*extracted from ereport.cpp*/
-	ResDef( DBT_security_, 123, "security" )/*extracted from ereport.cpp*/
-	ResDef( DBT_failure_, 124, "failure" )/*extracted from ereport.cpp*/
-	ResDef( DBT_catastrophe_, 125, "catastrophe" )/*extracted from ereport.cpp*/
-	ResDef( DBT_info_, 126, "info" )/*extracted from ereport.cpp*/
-	ResDef( DBT_verbose_, 127, "verbose" )/*extracted from ereport.cpp*/
-	ResDef( DBT_eventHandlerFailedToWaitOnEvents_, 128, "event_handler:Failed to wait on events %s" )/*extracted from eventhandler.cpp*/
-	ResDef( DBT_couldNotWaitOnResumeEventEventS_, 129, "could not wait on resume event event  (%s)" )/*extracted from eventhandler.cpp*/
-	ResDef( DBT_dlopenOfSFailedS_, 130, "dlopen of %s failed (%s)" )/*extracted from LibMgr.cpp*/
-	ResDef( DBT_dlopenOfSFailedS_1, 131, "dlopen of %s failed (%s)" )/*extracted from LibMgr.cpp*/
-	ResDef( DBT_theServerIsTerminatingDueToAnErr_, 132, "The server is terminating due to an error. Check the event viewer for the error message. SERVER EXITING!" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_terminatingTheServerS_, 133, "Terminating the server %s" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_killServerCannotOpenServerEventS_, 134, "kill_server:cannot open server event %s" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_killServerCannotSetServerEventS_, 135, "kill_server:cannot set server event %s" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_errorCouldNotGetSocketSN_, 136, "error: could not get socket (%s)\n" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_errorCouldNotSetSocketOptionSN_, 137, "error: could not set socket option (%s)\n" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_terminatingServiceErrorCouldNotB_, 138, "Terminating Service:error: could not bind to address %s port %d (%s)\n" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_terminatingServiceErrorCouldNotB_1, 139, "Terminating Service:error: could not bind to port %d (%s)\n" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_sethandlenoninheritableCouldNotD_, 140, "SetHandleNonInheritable: could not duplicate socket (%s)" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_sethandlenoninheritableClosingTh_, 141, "SetHandleNonInheritable: closing the original socket failed (%s)" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_couldNotSethandleinformationS_, 142, "Could not SetHandleInformation (%s)" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_terminatingServiceFailureCouldNo_, 143, "Terminating Service:Failure: Could not open statistics file (%s)\n" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_couldNotSetThreadLocalStorageVal_, 144, "Could not set Thread Local Storage Value for thread at slot %d" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_secureHandshakeFailedCodeDN_1, 145, "secure handshake failed (code %d)\n" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_acceptFailedDS_, 146, "accept failed %d (%s)" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_failedToPulseEventDS_, 147, "Failed to pulse Event %d %s" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_failedToSendMobgrowthEventToPare_, 148, "Failed to send MobGrowth Event to parent %s" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_pulsingMobrespawnEventD_, 149, "Pulsing MobRespawn Event %d" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_respawnThreadPoolToDD_, 150, "respawn thread pool to %d (%d)" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_couldNotOpenEventToSignalRotateA_, 151, "Could not open event to signal rotate application. Could not create the MoveLog event:%s" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_failedToSendMovelogEventToRotate_, 152, "Failed to send MoveLog Event to rotate app %s" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_growingThreadPoolFromDToD_, 153, "growing thread pool from %d to %d" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_couldNotOpenTheServicecontrolman_, 154, "Could not open the ServiceControlManager, Error %d" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_startnetsiteserviceCouldNotOpenT_, 155, "StartNetsiteService:Could not open the service %s: Error %d" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_startnetsiteserviceCouldNotStart_, 156, "StartNetsiteService:Could not start the service %s" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_serviceStartupCouldNotAllocateSe_, 157, "Service Startup: Could not allocate security descriptor" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_serviceStartupCouldNotInitSecuri_, 158, "Service Startup: Could not init security descriptor" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_serviceStartupCouldNotSetTheSecu_, 159, "Service Startup: Could not set the security Dacl" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_terminatingServiceWinsockInitFai_, 160, "Terminating Service:WinSock init failed: %s" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_httpdServerStartupFailedS_, 161, "Httpd Server Startup failed: %s" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_canTFindEmptyStatisticsSlot_1, 162, "can't find empty statistics slot" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_ntDaemonCouldNotCreateNewThreadD_, 163, "NT daemon: could not create new thread %d" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_serviceStartupFailureTerminating_, 164, "Service Startup Failure. Terminating Service:Could not create event %d:%s" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_serviceStartupErrorCouldNotCreat_, 165, "Service Startup Error. Could not create the MoveLog event:%s" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_failedToWaitOnEventObjectsS_, 166, "Failed to wait on Event objects %s" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_failedToWaitOnEventObjectsS_1, 167, "Failed to wait on Event objects %s" )/*extracted from ntdaemon.cpp*/
-	ResDef( DBT_pipebufBuf2sdPipebufGrabIoErrorD_, 168, "pipebuf_buf2sd: pipebuf_grab IO_ERROR %d" )/*extracted from ntpipe.cpp*/
-	ResDef( DBT_poolInitMemoryPoolsDisabled_, 169, "pool-init: memory pools disabled" )/*extracted from pool.cpp*/
-	ResDef( DBT_poolInitFreeSize0UsingD_, 170, "pool-init: free_size <= 0, using %d" )/*extracted from pool.cpp*/
-	ResDef( DBT_poolCreateBlockOutOfMemory_, 171, "pool-create-block: out of memory" )/*extracted from pool.cpp*/
-	ResDef( DBT_poolCreateOutOfMemory_, 172, "pool-create: out of memory" )/*extracted from pool.cpp*/
-	ResDef( DBT_poolCreateOutOfMemory_1, 173, "pool-create: out of memory" )/*extracted from pool.cpp*/
-	ResDef( DBT_poolMallocOutOfMemory_, 174, "pool-malloc: out of memory" )/*extracted from pool.cpp*/
-	ResDef( DBT_freeUsedWherePermFreeShouldHaveB_, 175, "FREE() used where PERM_FREE() should have been used- problem corrected and supressing further warnings." )/*extracted from pool.cpp*/
-	ResDef( DBT_regexErrorSRegexS_, 176, "regex error: %s (regex: '%s')" )/*extracted from regexp.cpp*/
-	ResDef( DBT_canTCreateIpcPipeS_, 177, "can't create IPC pipe (%s)" )/*extracted from thrconn.cpp*/
-	ResDef( DBT_writeToWakeupPipeFailedS_, 178, "write to wakeup pipe failed (%s)" )/*extracted from thrconn.cpp*/
-	ResDef( DBT_flushingDConnectionsCurrentDTotD_, 179, "flushing %d connections; current %d; tot %d" )/*extracted from thrconn.cpp*/
-	ResDef( DBT_acceptFailedS_1, 180, "accept failed (%s)" )/*extracted from thrconn.cpp*/
-	ResDef( DBT_errorCreatingTimeCache_, 181, "Error creating time cache" )/*extracted from time_cache.cpp*/
-	ResDef( DBT_timeCacheCacheDisabled_, 182, "time-cache: cache disabled" )/*extracted from time_cache.cpp*/
-	ResDef( DBT_timeCacheInitHashSizeDUsingDefau_, 183, "time_cache_init: hash_size < %d, using default, %d" )/*extracted from time_cache.cpp*/
-	ResDef( DBT_timeCacheInitHashSizeDUsingDefau_1, 184, "time_cache_init: hash_size > %d, using default, %d" )/*extracted from time_cache.cpp*/
-	ResDef( DBT_timeCacheInitCacheSizeDUsingDefa_, 185, "time_cache_init: cache_size < %d, using default, %d" )/*extracted from time_cache.cpp*/
-	ResDef( DBT_timeCacheInitCacheSizeDUsingDefa_1, 186, "time_cache_init: cache_size > %d, using default, %d" )/*extracted from time_cache.cpp*/
-	ResDef( DBT_errorAllocatingMemoryForTimeCach_, 187, "Error allocating memory for time_cache" )/*extracted from time_cache.cpp*/
-	ResDef( DBT_errorAllocatingMemoryForTimeCach_1, 188, "Error allocating memory for time_cache entry" )/*extracted from time_cache.cpp*/
-	ResDef( DBT_errorAllocatingMemoryForTimeCach_2, 189, "Error allocating memory for time_cache entry" )/*extracted from time_cache.cpp*/
-	ResDef( DBT_errorInsertingNewTimeCacheEntry_, 190, "Error inserting new time_cache entry" )/*extracted from time_cache.cpp*/
-	ResDef( DBT_errorAllocatingMemoryForTimeCach_3, 191, "Error allocating memory for time_cache" )/*extracted from time_cache.cpp*/
-	ResDef( DBT_csTerminateFailureS_, 192, "cs-terminate failure (%s)" )/*extracted from crit.cpp*/
-	ResDef( DBT_csInitFailureS_, 193, "cs-init failure (%s)" )/*extracted from crit.cpp*/
-	ResDef( DBT_csWaitFailureS_, 194, "cs-wait failure (%s)" )/*extracted from crit.cpp*/
-	ResDef( DBT_csPostFailureS_, 195, "cs-post failure (%s)" )/*extracted from crit.cpp*/
-	ResDef( DBT_unableToCreateNonblockingSocketS_, 196, "Unable to create nonblocking socket (%s)" )/*extracted from net.cpp*/
-	ResDef( DBT_errorCouldNotSetKeepaliveSN_, 197, "error: could not set keepalive (%s)\n" )/*extracted from net.cpp*/
-	ResDef( DBT_errorCouldNotSetRecvTimeoutSN_, 198, "error: could not set recv timeout (%s)\n" )/*extracted from net.cpp*/
-	ResDef( DBT_errorCouldNotSetSendTimeoutSN_, 199, "error: could not set send timeout (%s)\n" )/*extracted from net.cpp*/
-	ResDef( DBT_unableToCreateNonblockingSocketS_1, 200, "Unable to create nonblocking socket (%s)" )/*extracted from net.cpp*/
-	ResDef( DBT_semGrabFailedS_, 201, "sem_grab failed (%s)" )/*extracted from net.cpp*/
-	ResDef( DBT_semReleaseFailedS_, 202, "sem_release failed (%s)" )/*extracted from net.cpp*/
-	ResDef( DBT_semReleaseFailedS_1, 203, "sem_release failed (%s)" )/*extracted from net.cpp*/
-	ResDef( DBT_couldNotRemoveTemporaryDirectory_, 204, "Could not remove temporary directory %s,  Error %d" )/*extracted from util.cpp*/
-	ResDef( DBT_couldNotRemoveTemporaryDirectory_1, 205, "Could not remove temporary directory %s, Error %d" )/*extracted from util.cpp*/
-END_STR(base)
+ResDef(DBT_LibraryID_, -1, dbtbaseid)                                                                                                                                                                                     /* extracted from dbtbase.h*/
+    ResDef(DBT_insufficientMemoryToCreateHashTa_, 1, "insufficient memory to create hash table")                                                                                                                          /*extracted from cache.cpp*/
+    ResDef(DBT_insufficientMemoryToCreateHashTa_1, 2, "insufficient memory to create hash table")                                                                                                                         /*extracted from cache.cpp*/
+    ResDef(DBT_cacheDestroyCacheTablesAppearCor_, 3, "cache_destroy: cache tables appear corrupt.")                                                                                                                       /*extracted from cache.cpp*/
+    ResDef(DBT_unableToAllocateHashEntry_, 4, "unable to allocate hash entry")                                                                                                                                            /*extracted from cache.cpp*/
+    ResDef(DBT_cacheInsertUnableToCreateCacheEn_, 5, "cache_insert: unable to create cache entry")                                                                                                                        /*extracted from cache.cpp*/
+    ResDef(DBT_http10200OkNcontentTypeTextHtmlN_, 6, "HTTP/1.0 200 OK\nContent-type: text/html\n\n")                                                                                                                      /*extracted from cache.cpp*/
+    ResDef(DBT_H2NetscapeCacheStatusReportH2N_, 7, "<H2>Cache status report</H2>\n")                                                                                                                                      /*extracted from cache.cpp*/
+    ResDef(DBT_noCachesOnSystemP_, 8, "No caches on system<P>")                                                                                                                                                           /*extracted from cache.cpp*/
+    ResDef(DBT_H2SCacheH2N_, 9, "<H2>%s cache</H2>\n")                                                                                                                                                                    /*extracted from cache.cpp*/
+    ResDef(DBT_cacheHitRatioDDFPNPN_, 10, "Cache hit ratio: %d/%d (%f)</P>\n</P>\n")                                                                                                                                      /*extracted from cache.cpp*/
+    ResDef(DBT_cacheSizeDDPNPN_, 11, "Cache size: %d/%d</P>\n</P>\n")                                                                                                                                                     /*extracted from cache.cpp*/
+    ResDef(DBT_hashTableSizeDPNPN_, 12, "Hash table size: %d</P>\n</P>\n")                                                                                                                                                /*extracted from cache.cpp*/
+    ResDef(DBT_mruDPNlruDPN_, 13, "mru       : %d</P>\nlru       : %d</P>\n")                                                                                                                                             /*extracted from cache.cpp*/
+    ResDef(DBT_UlTableBorder4ThBucketThThAddres_, 14, "<UL><TABLE BORDER=4> <TH>Bucket</TH> <TH>Address</TH> <TH>Key</TH> <TH>Access Count</TH> <TH>Delete</TH> <TH>Next</TH> <TH>LRU</TH> <TH>MRU</TH> <TH>Data</TH>\n") /*extracted from cache.cpp*/
+    ResDef(DBT_munmapFailedS_, 15, "munmap failed (%s)")                                                                                                                                                                  /*extracted from buffer.cpp*/
+    ResDef(DBT_munmapFailedS_1, 16, "munmap failed (%s)")                                                                                                                                                                 /*extracted from buffer.cpp*/
+    ResDef(DBT_closeFailedS_, 17, "close failed (%s)")                                                                                                                                                                    /*extracted from buffer.cpp*/
+    ResDef(DBT_daemonUnableToForkNewProcessSN_, 18, "daemon: unable to fork new process (%s)\n")                                                                                                                          /*extracted from daemon.cpp*/
+    ResDef(DBT_daemonSetsidFailedSN_, 19, "daemon: setsid failed (%s)\n")                                                                                                                                                 /*extracted from daemon.cpp*/
+    ResDef(DBT_daemonCanTLogPidToSSN_, 20, "daemon: can't log pid to %s (%s)\n")                                                                                                                                          /*extracted from daemon.cpp*/
+    ResDef(DBT_warningCouldNotSetGroupIdToDSN_, 21, "warning: could not set group id to %d (%s)\n")                                                                                                                       /*extracted from daemon.cpp*/
+    ResDef(DBT_warningCouldNotSetUserIdToDSN_, 22, "warning: could not set user id to %d (%s)\n")                                                                                                                         /*extracted from daemon.cpp*/
+    ResDef(DBT_warningDaemonIsRunningAsSuperUse_, 23, "warning: daemon is running as super-user\n")                                                                                                                       /*extracted from daemon.cpp*/
+    ResDef(DBT_couldNotDetermineCurrentUserName_, 24, "could not determine current user name\n")                                                                                                                          /*extracted from daemon.cpp*/
+    ResDef(DBT_errorChrootToSFailedSN_, 25, "error: chroot to %s failed (%s)\n")                                                                                                                                          /*extracted from daemon.cpp*/
+    ResDef(DBT_AddressS_, 27, ", address %s")                                                                                                                                                                             /*extracted from daemon.cpp*/
+    ResDef(DBT_warningStatisticsDisabledSN_, 28, "warning: statistics disabled (%s)\n")                                                                                                                                   /*extracted from daemon.cpp*/
+    ResDef(DBT_securityHandshakeTimedOutForPidD_, 29, "security handshake timed out for pid %d")                                                                                                                          /*extracted from daemon.cpp*/
+    ResDef(DBT_warningStatisticsDisabledSN_1, 30, "warning: statistics disabled (%s)\n")                                                                                                                                  /*extracted from daemon.cpp*/
+    ResDef(DBT_secureHandshakeFailedCodeDN_, 31, "secure handshake failed (code %d)\n")                                                                                                                                   /*extracted from daemon.cpp*/
+    ResDef(DBT_acceptFailedS_, 32, "accept failed (%s)")                                                                                                                                                                  /*extracted from daemon.cpp*/
+    ResDef(DBT_warningStatisticsDisabledSN_2, 33, "warning: statistics disabled (%s)\n")                                                                                                                                  /*extracted from daemon.cpp*/
+    ResDef(DBT_selectThreadMiss_, 34, "select thread miss")                                                                                                                                                               /*extracted from daemon.cpp*/
+    ResDef(DBT_keepaliveWorkerAwokenWithNoWorkT_, 35, "keepalive worker awoken with no work to do")                                                                                                                       /*extracted from daemon.cpp*/
+    ResDef(DBT_couldNotCreateNewThreadDS_, 36, "could not create new thread: %d (%s)")                                                                                                                                    /*extracted from daemon.cpp*/
+    ResDef(DBT_waitForSemaSucceededButNothingTo_, 37, "wait for sema succeeded, but nothing to dequeue")                                                                                                                  /*extracted from daemon.cpp*/
+    ResDef(DBT_queueSemaCreationFailure_, 38, "queue-sema creation failure")                                                                                                                                              /*extracted from daemon.cpp*/
+    ResDef(DBT_errorGettingProcessorInfoForProc_, 39, "error getting processor info for processor %d")                                                                                                                    /*extracted from daemon.cpp*/
+    ResDef(DBT_errorBindingToProcessorD_, 40, "Error binding to processor %d")                                                                                                                                            /*extracted from daemon.cpp*/
+    ResDef(DBT_boundProcessDToProcessorD_, 41, "bound process %d to processor %d")                                                                                                                                        /*extracted from daemon.cpp*/
+    ResDef(DBT_netscapeServerIsNotExplicitlyBin_, 42, "Server is not explicitly binding to any processors.")                                                                                                              /*extracted from daemon.cpp*/
+    ResDef(DBT_cacheMonitorExited_, 43, "cache monitor exited")                                                                                                                                                           /*extracted from daemon.cpp*/
+    ResDef(DBT_cacheBatchUpdateDaemonExited_, 44, "cache batch update daemon exited")                                                                                                                                     /*extracted from daemon.cpp*/
+    ResDef(DBT_usingSingleThreadedAccepts_, 45, "Using single threaded accepts.")                                                                                                                                         /*extracted from daemon.cpp*/
+    ResDef(DBT_usingMultiThreadedAccepts_, 46, "Using multi threaded accepts.")                                                                                                                                           /*extracted from daemon.cpp*/
+    ResDef(DBT_usingPartialSingleThreadedAccept_, 47, "Using partial single threaded accepts.")                                                                                                                           /*extracted from daemon.cpp*/
+    ResDef(DBT_thisMachineHasDProcessors_, 48, "This machine has %d processors.")                                                                                                                                         /*extracted from daemon.cpp*/
+    ResDef(DBT_errorCallingThrSeconcurrencyDS_, 49, "Error calling thr_seconcurrency(%d)- (%s)")                                                                                                                          /*extracted from daemon.cpp*/
+    ResDef(DBT_setConncurrencyToD_, 50, "Set conncurrency to %d.")                                                                                                                                                        /*extracted from daemon.cpp*/
+    ResDef(DBT_warningNetscapeExecutableAndLibr_, 51, "WARNING! executable and library have different versions.\n")                                                                                                       /*extracted from daemon.cpp*/
+    ResDef(DBT_seminitFailedSN_, 54, "seminit failed (%s)\n")                                                                                                                                                             /*extracted from daemon.cpp*/
+    ResDef(DBT_thisBetaSoftwareHasExpiredN_, 55, "This beta software has expired.\n")                                                                                                                                     /*extracted from daemon.cpp*/
+    ResDef(DBT_cacheMonitorRespawned_, 56, "Cache monitor respawned")                                                                                                                                                     /*extracted from daemon.cpp*/
+    ResDef(DBT_cacheBatchUpdateDaemonRespawned_, 57, "Cache batch update daemon respawned")                                                                                                                               /*extracted from daemon.cpp*/
+    ResDef(DBT_canTFindEmptyStatisticsSlot_, 58, "can't find empty statistics slot")                                                                                                                                      /*extracted from daemon.cpp*/
+    ResDef(DBT_canTForkNewProcessS_, 59, "can't fork new process (%s)")                                                                                                                                                   /*extracted from daemon.cpp*/
+    ResDef(DBT_assertFailedSN_, 60, "assert failed! %s\n")                                                                                                                                                                /*extracted from multiplex.c*/
+    ResDef(DBT_mrTableInit_, 61, "mr_table_init()")                                                                                                                                                                       /*extracted from multiplex.c*/
+    ResDef(DBT_mallocFailed_, 62, "malloc failed")                                                                                                                                                                        /*extracted from multiplex.c*/
+    ResDef(DBT_mallocFailed_1, 63, "malloc failed!")                                                                                                                                                                      /*extracted from multiplex.c*/
+    ResDef(DBT_mrAddIoDTypeDFileD_, 64, "mr_add_io(%d, type %d, file %d)")                                                                                                                                                /*extracted from multiplex.c*/
+    ResDef(DBT_mrAddIoStage1_, 65, "mr_add_io - stage 1")                                                                                                                                                                 /*extracted from multiplex.c*/
+    ResDef(DBT_mrAddIoStage2_, 66, "mr_add_io - stage 2")                                                                                                                                                                 /*extracted from multiplex.c*/
+    ResDef(DBT_mrAddIoFoundInvalidIoTypeD_, 67, "mr_add_io found invalid IO type %d")                                                                                                                                     /*extracted from multiplex.c*/
+    ResDef(DBT_mrAddIoAddingTimeout_, 68, "mr_add_io - adding timeout")                                                                                                                                                   /*extracted from multiplex.c*/
+    ResDef(DBT_outOfMemoryN_, 69, "Out of memory!\n")                                                                                                                                                                     /*extracted from multiplex.c*/
+    ResDef(DBT_doneWithMrAddIo_, 70, "done with mr_add_io")                                                                                                                                                               /*extracted from multiplex.c*/
+    ResDef(DBT_mrDelIoDTypeDFileD_, 71, "mr_del_io(%d, type %d, file %d)")                                                                                                                                                /*extracted from multiplex.c*/
+    ResDef(DBT_mrDelIoFoundInvalidIoTypeD_, 72, "mr_del_io found invalid IO type %d")                                                                                                                                     /*extracted from multiplex.c*/
+    ResDef(DBT_mrLookupIoD_, 73, "mr_lookup_io(%d)")                                                                                                                                                                      /*extracted from multiplex.c*/
+    ResDef(DBT_mrAsyncIoDDBytesFileD_, 74, "mr_async_io(%d, %d bytes, file %d)")                                                                                                                                          /*extracted from multiplex.c*/
+    ResDef(DBT_mallocFailureAddingAsyncIo_, 75, "malloc failure adding async IO")                                                                                                                                         /*extracted from multiplex.c*/
+    ResDef(DBT_errorAddingAsyncIo_, 76, "Error adding async io!")                                                                                                                                                         /*extracted from multiplex.c*/
+    ResDef(DBT_cannotSeekForRead_, 77, "Cannot seek for read!")                                                                                                                                                           /*extracted from multiplex.c*/
+    ResDef(DBT_readFailureDS_, 78, "read failure! (%d, %s)")                                                                                                                                                              /*extracted from multiplex.c*/
+    ResDef(DBT_doReadReadDBytesForFileD_, 79, "do_read read %d bytes for file %d")                                                                                                                                        /*extracted from multiplex.c*/
+    ResDef(DBT_cannotSeekForWrite_, 80, "Cannot seek for write!")                                                                                                                                                         /*extracted from multiplex.c*/
+    ResDef(DBT_writevFailureDS_, 81, "writev failure! (%d, %s)")                                                                                                                                                          /*extracted from multiplex.c*/
+    ResDef(DBT_writeFailureDS_, 82, "write failure! (%d, %s)")                                                                                                                                                            /*extracted from multiplex.c*/
+    ResDef(DBT_doWriteWroteDBytesForFileD_, 83, "do_write wrote %d bytes for file %d")                                                                                                                                    /*extracted from multiplex.c*/
+    ResDef(DBT_doTimeoutMrpD_, 84, "do_timeout(mrp %d)")                                                                                                                                                                  /*extracted from multiplex.c*/
+    ResDef(DBT_doTimeoutFoundIoTimerDTimeD_, 85, "do_timeout: found IO (timer=%d, time=%d)")                                                                                                                              /*extracted from multiplex.c*/
+    ResDef(DBT_errorDeletingIo_, 86, "error deleting io")                                                                                                                                                                 /*extracted from multiplex.c*/
+    ResDef(DBT_timeoutCallbackFailureForDN_, 87, "timeout callback failure for %d\n")                                                                                                                                     /*extracted from multiplex.c*/
+    ResDef(DBT_mrGetEventDOutstandingIoD_, 88, "mr_get_event(%d) - outstanding io %d")                                                                                                                                    /*extracted from multiplex.c*/
+    ResDef(DBT_mrGetEventWaitingForReadsOnFd_, 89, "mr_get_event: Waiting for reads on FD:")                                                                                                                              /*extracted from multiplex.c*/
+    ResDef(DBT_mrGetEventWaitingForWritesOnFd_, 90, "mr_get_event: Waiting for writes on FD:")                                                                                                                            /*extracted from multiplex.c*/
+    ResDef(DBT_TD_, 91, "\t%d")                                                                                                                                                                                           /*extracted from multiplex.c*/
+    ResDef(DBT_TD_1, 92, "\t%d")                                                                                                                                                                                          /*extracted from multiplex.c*/
+    ResDef(DBT_mrGetEventSetNoTimeout_, 93, "mr_get_event set no timeout")                                                                                                                                                /*extracted from multiplex.c*/
+    ResDef(DBT_mrGetEventSetTimeoutToDDSec_, 94, "mr_get_event set timeout to: %d.%d sec")                                                                                                                                /*extracted from multiplex.c*/
+    ResDef(DBT_errorInSelectDS_, 95, "error in select (%d, %s)")                                                                                                                                                          /*extracted from multiplex.c*/
+    ResDef(DBT_mrGetEventSelectFoundD_, 96, "mr_get_event() - select found %d")                                                                                                                                           /*extracted from multiplex.c*/
+    ResDef(DBT_errorLookingUpIoFdD_, 97, "error looking up IO fd %d")                                                                                                                                                     /*extracted from multiplex.c*/
+    ResDef(DBT_readFailedForFdD_, 98, "read failed for fd %d")                                                                                                                                                            /*extracted from multiplex.c*/
+    ResDef(DBT_errorDeletingIo_1, 99, "error deleting io")                                                                                                                                                                /*extracted from multiplex.c*/
+    ResDef(DBT_callbackFailureForDN_, 100, "callback failure for %d\n")                                                                                                                                                   /*extracted from multiplex.c*/
+    ResDef(DBT_errorLookingUpIoFdD_1, 101, "error looking up IO fd %d")                                                                                                                                                   /*extracted from multiplex.c*/
+    ResDef(DBT_writingHeaderLenDWritelenDTotalD_, 102, "writing: header len %d, writelen %d, total %d")                                                                                                                   /*extracted from multiplex.c*/
+    ResDef(DBT_writeFailedForFdD_, 103, "write failed for fd %d")                                                                                                                                                         /*extracted from multiplex.c*/
+    ResDef(DBT_errorDeletingIo_2, 104, "error deleting io")                                                                                                                                                               /*extracted from multiplex.c*/
+    ResDef(DBT_callbackFailureForDN_1, 105, "callback failure for %d\n")                                                                                                                                                  /*extracted from multiplex.c*/
+    ResDef(DBT_errorCreatingDnsCache_, 106, "Error creating dns cache")                                                                                                                                                   /*extracted from dns_cache.cpp*/
+    ResDef(DBT_dnsCacheInitHashSize0UsingD_, 107, "dns_cache_init: hash_size <= 0, using %d")                                                                                                                             /*extracted from dns_cache.cpp*/
+    ResDef(DBT_dnsCacheInitCacheSizeDUsingD_, 108, "dns_cache_init: cache-size <= %d, using %d")                                                                                                                          /*extracted from dns_cache.cpp*/
+    ResDef(DBT_dnsCacheInitCacheSizeIsDIsTooLar_, 109, "dns_cache_init: cache-size is %d is too large, using %d.")                                                                                                        /*extracted from dns_cache.cpp*/
+    ResDef(DBT_dnsCacheInitExpireTime0UsingD_, 110, "dns_cache_init: expire_time <= 0, using %d")                                                                                                                         /*extracted from dns_cache.cpp*/
+    ResDef(DBT_dnsCacheInitExpireIsDIsTooLargeU_, 111, "dns_cache_init: expire is %d is too large, using %d seconds.")                                                                                                    /*extracted from dns_cache.cpp*/
+    ResDef(DBT_errorCreatingDnsCache_1, 112, "Error creating dns cache")                                                                                                                                                  /*extracted from dns_cache.cpp*/
+    ResDef(DBT_dnsCacheInsertErrorAllocatingEnt_, 113, "dns-cache-insert: Error allocating entry")                                                                                                                        /*extracted from dns_cache.cpp*/
+    ResDef(DBT_dnsCacheInsertMallocFailure_, 114, "dns-cache-insert: malloc failure")                                                                                                                                     /*extracted from dns_cache.cpp*/
+    ResDef(DBT_successfulServerStartup_, 115, "successful server startup")                                                                                                                                                /*extracted from ereport.cpp*/
+    ResDef(DBT_SBS_, 116, "%s B%s")                                                                                                                                                                                       /*extracted from ereport.cpp*/
+    ResDef(DBT_netscapeExecutableAndSharedLibra_, 117, "executable and shared library have different versions")                                                                                                           /*extracted from ereport.cpp*/
+    ResDef(DBT_executableVersionIsS_, 118, "   executable version is %s")                                                                                                                                                 /*extracted from ereport.cpp*/
+    ResDef(DBT_sharedLibraryVersionIsS_, 119, "   shared library version is %s")                                                                                                                                          /*extracted from ereport.cpp*/
+    ResDef(DBT_errorReportingShuttingDown_, 120, "error reporting shutting down")                                                                                                                                         /*extracted from ereport.cpp*/
+    ResDef(DBT_warning_, 121, "warning")                                                                                                                                                                                  /*extracted from ereport.cpp*/
+    ResDef(DBT_config_, 122, "config")                                                                                                                                                                                    /*extracted from ereport.cpp*/
+    ResDef(DBT_security_, 123, "security")                                                                                                                                                                                /*extracted from ereport.cpp*/
+    ResDef(DBT_failure_, 124, "failure")                                                                                                                                                                                  /*extracted from ereport.cpp*/
+    ResDef(DBT_catastrophe_, 125, "catastrophe")                                                                                                                                                                          /*extracted from ereport.cpp*/
+    ResDef(DBT_info_, 126, "info")                                                                                                                                                                                        /*extracted from ereport.cpp*/
+    ResDef(DBT_verbose_, 127, "verbose")                                                                                                                                                                                  /*extracted from ereport.cpp*/
+    ResDef(DBT_eventHandlerFailedToWaitOnEvents_, 128, "event_handler:Failed to wait on events %s")                                                                                                                       /*extracted from eventhandler.cpp*/
+    ResDef(DBT_couldNotWaitOnResumeEventEventS_, 129, "could not wait on resume event event  (%s)")                                                                                                                       /*extracted from eventhandler.cpp*/
+    ResDef(DBT_dlopenOfSFailedS_, 130, "dlopen of %s failed (%s)")                                                                                                                                                        /*extracted from LibMgr.cpp*/
+    ResDef(DBT_dlopenOfSFailedS_1, 131, "dlopen of %s failed (%s)")                                                                                                                                                       /*extracted from LibMgr.cpp*/
+    ResDef(DBT_theServerIsTerminatingDueToAnErr_, 132, "The server is terminating due to an error. Check the event viewer for the error message. SERVER EXITING!")                                                        /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_terminatingTheServerS_, 133, "Terminating the server %s")                                                                                                                                                  /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_killServerCannotOpenServerEventS_, 134, "kill_server:cannot open server event %s")                                                                                                                         /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_killServerCannotSetServerEventS_, 135, "kill_server:cannot set server event %s")                                                                                                                           /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_errorCouldNotGetSocketSN_, 136, "error: could not get socket (%s)\n")                                                                                                                                      /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_errorCouldNotSetSocketOptionSN_, 137, "error: could not set socket option (%s)\n")                                                                                                                         /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_terminatingServiceErrorCouldNotB_, 138, "Terminating Service:error: could not bind to address %s port %d (%s)\n")                                                                                          /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_terminatingServiceErrorCouldNotB_1, 139, "Terminating Service:error: could not bind to port %d (%s)\n")                                                                                                    /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_sethandlenoninheritableCouldNotD_, 140, "SetHandleNonInheritable: could not duplicate socket (%s)")                                                                                                        /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_sethandlenoninheritableClosingTh_, 141, "SetHandleNonInheritable: closing the original socket failed (%s)")                                                                                                /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_couldNotSethandleinformationS_, 142, "Could not SetHandleInformation (%s)")                                                                                                                                /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_terminatingServiceFailureCouldNo_, 143, "Terminating Service:Failure: Could not open statistics file (%s)\n")                                                                                              /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_couldNotSetThreadLocalStorageVal_, 144, "Could not set Thread Local Storage Value for thread at slot %d")                                                                                                  /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_secureHandshakeFailedCodeDN_1, 145, "secure handshake failed (code %d)\n")                                                                                                                                 /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_acceptFailedDS_, 146, "accept failed %d (%s)")                                                                                                                                                             /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_failedToPulseEventDS_, 147, "Failed to pulse Event %d %s")                                                                                                                                                 /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_failedToSendMobgrowthEventToPare_, 148, "Failed to send MobGrowth Event to parent %s")                                                                                                                     /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_pulsingMobrespawnEventD_, 149, "Pulsing MobRespawn Event %d")                                                                                                                                              /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_respawnThreadPoolToDD_, 150, "respawn thread pool to %d (%d)")                                                                                                                                             /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_couldNotOpenEventToSignalRotateA_, 151, "Could not open event to signal rotate application. Could not create the MoveLog event:%s")                                                                        /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_failedToSendMovelogEventToRotate_, 152, "Failed to send MoveLog Event to rotate app %s")                                                                                                                   /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_growingThreadPoolFromDToD_, 153, "growing thread pool from %d to %d")                                                                                                                                      /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_couldNotOpenTheServicecontrolman_, 154, "Could not open the ServiceControlManager, Error %d")                                                                                                              /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_startnetsiteserviceCouldNotOpenT_, 155, "StartNetsiteService:Could not open the service %s: Error %d")                                                                                                     /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_startnetsiteserviceCouldNotStart_, 156, "StartNetsiteService:Could not start the service %s")                                                                                                              /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_serviceStartupCouldNotAllocateSe_, 157, "Service Startup: Could not allocate security descriptor")                                                                                                         /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_serviceStartupCouldNotInitSecuri_, 158, "Service Startup: Could not init security descriptor")                                                                                                             /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_serviceStartupCouldNotSetTheSecu_, 159, "Service Startup: Could not set the security Dacl")                                                                                                                /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_terminatingServiceWinsockInitFai_, 160, "Terminating Service:WinSock init failed: %s")                                                                                                                     /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_httpdServerStartupFailedS_, 161, "Httpd Server Startup failed: %s")                                                                                                                                        /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_canTFindEmptyStatisticsSlot_1, 162, "can't find empty statistics slot")                                                                                                                                    /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_ntDaemonCouldNotCreateNewThreadD_, 163, "NT daemon: could not create new thread %d")                                                                                                                       /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_serviceStartupFailureTerminating_, 164, "Service Startup Failure. Terminating Service:Could not create event %d:%s")                                                                                       /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_serviceStartupErrorCouldNotCreat_, 165, "Service Startup Error. Could not create the MoveLog event:%s")                                                                                                    /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_failedToWaitOnEventObjectsS_, 166, "Failed to wait on Event objects %s")                                                                                                                                   /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_failedToWaitOnEventObjectsS_1, 167, "Failed to wait on Event objects %s")                                                                                                                                  /*extracted from ntdaemon.cpp*/
+    ResDef(DBT_pipebufBuf2sdPipebufGrabIoErrorD_, 168, "pipebuf_buf2sd: pipebuf_grab IO_ERROR %d")                                                                                                                        /*extracted from ntpipe.cpp*/
+    ResDef(DBT_poolInitMemoryPoolsDisabled_, 169, "pool-init: memory pools disabled")                                                                                                                                     /*extracted from pool.cpp*/
+    ResDef(DBT_poolInitFreeSize0UsingD_, 170, "pool-init: free_size <= 0, using %d")                                                                                                                                      /*extracted from pool.cpp*/
+    ResDef(DBT_poolCreateBlockOutOfMemory_, 171, "pool-create-block: out of memory")                                                                                                                                      /*extracted from pool.cpp*/
+    ResDef(DBT_poolCreateOutOfMemory_, 172, "pool-create: out of memory")                                                                                                                                                 /*extracted from pool.cpp*/
+    ResDef(DBT_poolCreateOutOfMemory_1, 173, "pool-create: out of memory")                                                                                                                                                /*extracted from pool.cpp*/
+    ResDef(DBT_poolMallocOutOfMemory_, 174, "pool-malloc: out of memory")                                                                                                                                                 /*extracted from pool.cpp*/
+    ResDef(DBT_freeUsedWherePermFreeShouldHaveB_, 175, "FREE() used where PERM_FREE() should have been used- problem corrected and supressing further warnings.")                                                         /*extracted from pool.cpp*/
+    ResDef(DBT_regexErrorSRegexS_, 176, "regex error: %s (regex: '%s')")                                                                                                                                                  /*extracted from regexp.cpp*/
+    ResDef(DBT_canTCreateIpcPipeS_, 177, "can't create IPC pipe (%s)")                                                                                                                                                    /*extracted from thrconn.cpp*/
+    ResDef(DBT_writeToWakeupPipeFailedS_, 178, "write to wakeup pipe failed (%s)")                                                                                                                                        /*extracted from thrconn.cpp*/
+    ResDef(DBT_flushingDConnectionsCurrentDTotD_, 179, "flushing %d connections; current %d; tot %d")                                                                                                                     /*extracted from thrconn.cpp*/
+    ResDef(DBT_acceptFailedS_1, 180, "accept failed (%s)")                                                                                                                                                                /*extracted from thrconn.cpp*/
+    ResDef(DBT_errorCreatingTimeCache_, 181, "Error creating time cache")                                                                                                                                                 /*extracted from time_cache.cpp*/
+    ResDef(DBT_timeCacheCacheDisabled_, 182, "time-cache: cache disabled")                                                                                                                                                /*extracted from time_cache.cpp*/
+    ResDef(DBT_timeCacheInitHashSizeDUsingDefau_, 183, "time_cache_init: hash_size < %d, using default, %d")                                                                                                              /*extracted from time_cache.cpp*/
+    ResDef(DBT_timeCacheInitHashSizeDUsingDefau_1, 184, "time_cache_init: hash_size > %d, using default, %d")                                                                                                             /*extracted from time_cache.cpp*/
+    ResDef(DBT_timeCacheInitCacheSizeDUsingDefa_, 185, "time_cache_init: cache_size < %d, using default, %d")                                                                                                             /*extracted from time_cache.cpp*/
+    ResDef(DBT_timeCacheInitCacheSizeDUsingDefa_1, 186, "time_cache_init: cache_size > %d, using default, %d")                                                                                                            /*extracted from time_cache.cpp*/
+    ResDef(DBT_errorAllocatingMemoryForTimeCach_, 187, "Error allocating memory for time_cache")                                                                                                                          /*extracted from time_cache.cpp*/
+    ResDef(DBT_errorAllocatingMemoryForTimeCach_1, 188, "Error allocating memory for time_cache entry")                                                                                                                   /*extracted from time_cache.cpp*/
+    ResDef(DBT_errorAllocatingMemoryForTimeCach_2, 189, "Error allocating memory for time_cache entry")                                                                                                                   /*extracted from time_cache.cpp*/
+    ResDef(DBT_errorInsertingNewTimeCacheEntry_, 190, "Error inserting new time_cache entry")                                                                                                                             /*extracted from time_cache.cpp*/
+    ResDef(DBT_errorAllocatingMemoryForTimeCach_3, 191, "Error allocating memory for time_cache")                                                                                                                         /*extracted from time_cache.cpp*/
+    ResDef(DBT_csTerminateFailureS_, 192, "cs-terminate failure (%s)")                                                                                                                                                    /*extracted from crit.cpp*/
+    ResDef(DBT_csInitFailureS_, 193, "cs-init failure (%s)")                                                                                                                                                              /*extracted from crit.cpp*/
+    ResDef(DBT_csWaitFailureS_, 194, "cs-wait failure (%s)")                                                                                                                                                              /*extracted from crit.cpp*/
+    ResDef(DBT_csPostFailureS_, 195, "cs-post failure (%s)")                                                                                                                                                              /*extracted from crit.cpp*/
+    ResDef(DBT_unableToCreateNonblockingSocketS_, 196, "Unable to create nonblocking socket (%s)")                                                                                                                        /*extracted from net.cpp*/
+    ResDef(DBT_errorCouldNotSetKeepaliveSN_, 197, "error: could not set keepalive (%s)\n")                                                                                                                                /*extracted from net.cpp*/
+    ResDef(DBT_errorCouldNotSetRecvTimeoutSN_, 198, "error: could not set recv timeout (%s)\n")                                                                                                                           /*extracted from net.cpp*/
+    ResDef(DBT_errorCouldNotSetSendTimeoutSN_, 199, "error: could not set send timeout (%s)\n")                                                                                                                           /*extracted from net.cpp*/
+    ResDef(DBT_unableToCreateNonblockingSocketS_1, 200, "Unable to create nonblocking socket (%s)")                                                                                                                       /*extracted from net.cpp*/
+    ResDef(DBT_semGrabFailedS_, 201, "sem_grab failed (%s)")                                                                                                                                                              /*extracted from net.cpp*/
+    ResDef(DBT_semReleaseFailedS_, 202, "sem_release failed (%s)")                                                                                                                                                        /*extracted from net.cpp*/
+    ResDef(DBT_semReleaseFailedS_1, 203, "sem_release failed (%s)")                                                                                                                                                       /*extracted from net.cpp*/
+    ResDef(DBT_couldNotRemoveTemporaryDirectory_, 204, "Could not remove temporary directory %s,  Error %d")                                                                                                              /*extracted from util.cpp*/
+    ResDef(DBT_couldNotRemoveTemporaryDirectory_1, 205, "Could not remove temporary directory %s, Error %d")                                                                                                              /*extracted from util.cpp*/
+    END_STR(base)

include/base/ereport.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef BASE_EREPORT_H
@@ -20,7 +20,7 @@
 
 /*
  * ereport.h: Records transactions, reports errors to administrators, etc.
- * 
+ *
  * Rob McCool
  */
 
@@ -31,16 +31,16 @@
 NSPR_BEGIN_EXTERN_C
 
 /*
- * INTereport logs an error of the given degree and formats the arguments with 
- * the printf() style fmt. Returns whether the log was successful. Records 
+ * INTereport logs an error of the given degree and formats the arguments with
+ * the printf() style fmt. Returns whether the log was successful. Records
  * the current date.
  */
 
 NSAPI_PUBLIC int INTereport(int degree, char *fmt, ...)
-#ifdef __GNUC__ 
-        __attribute__ ((format (printf, 2, 3)));
+#ifdef __GNUC__
+    __attribute__((format(printf, 2, 3)));
 #else
-        ;
+    ;
 #endif
 NSAPI_PUBLIC int INTereport_v(int degree, char *fmt, va_list args);
 

include/base/file.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef BASE_FILE_H
@@ -40,7 +40,7 @@ NSAPI_PUBLIC SYS_FILE INTsystem_fopenWA(char *path);
 NSAPI_PUBLIC SYS_FILE INTsystem_fopenRW(char *path);
 NSAPI_PUBLIC SYS_FILE INTsystem_fopenWT(char *path);
 NSAPI_PUBLIC int INTsystem_fread(SYS_FILE fd, char *buf, int sz);
-NSAPI_PUBLIC int INTsystem_fwrite(SYS_FILE fd,char *buf,int sz);
+NSAPI_PUBLIC int INTsystem_fwrite(SYS_FILE fd, char *buf, int sz);
 NSAPI_PUBLIC int INTsystem_fwrite_atomic(SYS_FILE fd, char *buf, int sz);
 NSAPI_PUBLIC int INTsystem_lseek(SYS_FILE fd, int off, int wh);
 NSAPI_PUBLIC int INTsystem_fclose(SYS_FILE fd);

include/base/fsmutex.h

@@ -4,17 +4,17 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 /*
  * fsmutex: Mutexes that are filesystem-based so they're available from more
  * than one process and address space
- * 
+ *
  * Rob McCool
  */
 
@@ -24,23 +24,23 @@
 
 #include "netsite.h"
 
-typedef void * FSMUTEX;
+typedef void *FSMUTEX;
 
 
 /* ------------------------------ Prototypes ------------------------------ */
 
 NSPR_BEGIN_EXTERN_C
 
-/* 
-   Flags to fsmutex_init. 
+/*
+   Flags to fsmutex_init.
 
    FSMUTEX_VISIBLE makes a filesystem mutex which can be opened by other
    programs or processes.
 
-   FSMUTEX_NEEDCRIT specifies that the fsmutex_lock and fsmutex_unlock 
+   FSMUTEX_NEEDCRIT specifies that the fsmutex_lock and fsmutex_unlock
    functions should also use a critical section to ensure that more than
-   one thread does not acquire the mutex at a time. If this flag is not 
-   specified, it is up to the caller to ensure that only thread within a 
+   one thread does not acquire the mutex at a time. If this flag is not
+   specified, it is up to the caller to ensure that only thread within a
    process tries to acquire the lock at any given time.
  */
 #define FSMUTEX_VISIBLE 0x01
@@ -50,7 +50,7 @@ NSPR_BEGIN_EXTERN_C
 /*
    fsmutex_init creates a new filesystem-based mutex. The resulting mutex
    is part of the filesystem. The name and number parameters are used to
-   create a name for the mutex. If the FSMUTEX_VISIBLE flag is specified, 
+   create a name for the mutex. If the FSMUTEX_VISIBLE flag is specified,
    the mutex will be left in the filesystem for other programs and processes
    to access. If a mutex with the given name/number combination already
    exists, the calling process is allowed access to it. If the mutex does
@@ -61,7 +61,7 @@ NSPR_BEGIN_EXTERN_C
  */
 NSAPI_PUBLIC FSMUTEX fsmutex_init(char *name, int number, int flags);
 
-/* 
+/*
    Sets the ownership of the underlying filesystem object to the given
    uid and gid. Only effective if the server is running as root.
  */
@@ -73,15 +73,15 @@ NSAPI_PUBLIC void fsmutex_setowner(FSMUTEX fsm, uid_t uid, gid_t gid);
 
 /*
    fsmutex_terminate deletes a filesystem-based mutex. A mutex will only
-   be deleted when every process which has an open pointer to the mutex 
+   be deleted when every process which has an open pointer to the mutex
    calls this function.
  */
 NSAPI_PUBLIC void fsmutex_terminate(FSMUTEX id);
 
 /*
-   fsmutex_lock attempts to acquire the given filesystem-based mutex. If 
+   fsmutex_lock attempts to acquire the given filesystem-based mutex. If
    another process is holding the mutex, or if the FSMUTEX_NEEDCRIT flag
-   was passed to fsmutex_init and another thread in the current process is 
+   was passed to fsmutex_init and another thread in the current process is
    holding the mutex, then the calling thread will block until the mutex
    is available.
  */

include/base/plist.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef _PLIST_H
@@ -37,27 +37,31 @@
 /* Functions in plist.c */
 NSPR_BEGIN_EXTERN_C
 
-NSAPI_PUBLIC extern int PListAssignValue(PList_t plist, const char *pname,
-                            const void *pvalue, PList_t ptype);
+NSAPI_PUBLIC extern int PListAssignValue(PList_t plist, const char *pname, const void *pvalue, PList_t ptype);
 NSAPI_PUBLIC extern PList_t PListCreate(pool_handle_t *mempool,
-                           int resvprop, int maxprop, int flags);
-NSAPI_PUBLIC extern int PListDefProp(PList_t plist, int pindex, 
-                        const char *pname, const int flags);
-NSAPI_PUBLIC extern const void * PListDeleteProp(PList_t plist, int pindex, const char *pname);
+                                        int resvprop,
+                                        int maxprop,
+                                        int flags);
+NSAPI_PUBLIC extern int PListDefProp(PList_t plist, int pindex, const char *pname, const int flags);
+NSAPI_PUBLIC extern const void *PListDeleteProp(PList_t plist, int pindex, const char *pname);
 NSAPI_PUBLIC extern int PListFindValue(PList_t plist,
-                          const char *pname, void **pvalue, PList_t *type);
-NSAPI_PUBLIC extern int PListInitProp(PList_t plist, int pindex, const char *pname,
-                         const void *pvalue, PList_t ptype);
+                                       const char *pname,
+                                       void **pvalue,
+                                       PList_t *type);
+NSAPI_PUBLIC extern int PListInitProp(PList_t plist, int pindex, const char *pname, const void *pvalue, PList_t ptype);
 NSAPI_PUBLIC extern PList_t PListNew(pool_handle_t *mempool);
 NSAPI_PUBLIC extern void PListDestroy(PList_t plist);
 NSAPI_PUBLIC extern int PListGetValue(PList_t plist,
-                         int pindex, void **pvalue, PList_t *type);
+                                      int pindex,
+                                      void **pvalue,
+                                      PList_t *type);
 NSAPI_PUBLIC extern int PListNameProp(PList_t plist, int pindex, const char *pname);
 NSAPI_PUBLIC extern int PListSetType(PList_t plist, int pindex, PList_t type);
 NSAPI_PUBLIC extern int PListSetValue(PList_t plist,
-                         int pindex, const void *pvalue, PList_t type);
-NSAPI_PUBLIC extern void PListEnumerate(PList_t plist, PListFunc_t *user_func, 
-                           void *user_data);
+                                      int pindex,
+                                      const void *pvalue,
+                                      PList_t type);
+NSAPI_PUBLIC extern void PListEnumerate(PList_t plist, PListFunc_t *user_func, void *user_data);
 NSAPI_PUBLIC extern PList_t
 PListDuplicate(PList_t plist, pool_handle_t *new_mempool, int flags);
 NSAPI_PUBLIC extern pool_handle_t *PListGetPool(PList_t plist);

include/base/pool.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef BASE_POOL_H
@@ -57,17 +57,17 @@ NSAPI_PUBLIC void INTpool_destroy(pool_handle_t *pool_handle);
 
 NSAPI_PUBLIC int INTpool_enabled(void);
 
-NSAPI_PUBLIC void *INTpool_malloc(pool_handle_t *pool_handle, size_t size );
+NSAPI_PUBLIC void *INTpool_malloc(pool_handle_t *pool_handle, size_t size);
 
-NSAPI_PUBLIC void INTpool_free(pool_handle_t *pool_handle, void *ptr );
+NSAPI_PUBLIC void INTpool_free(pool_handle_t *pool_handle, void *ptr);
 
 NSAPI_PUBLIC void *INTpool_calloc(pool_handle_t *pool_handle, size_t nelem, size_t elsize);
 
-NSAPI_PUBLIC 
-void *INTpool_realloc(pool_handle_t *pool_handle, void *ptr, size_t size );
+NSAPI_PUBLIC
+void *INTpool_realloc(pool_handle_t *pool_handle, void *ptr, size_t size);
 
 NSAPI_PUBLIC
-char *INTpool_strdup(pool_handle_t *pool_handle, const char *orig_str );
+char *INTpool_strdup(pool_handle_t *pool_handle, const char *orig_str);
 
 NSPR_END_EXTERN_C
 

include/base/shexp.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef BASE_SHEXP_H
@@ -20,11 +20,11 @@
 
 /*
  * shexp.h: Defines and prototypes for shell exp. match routines
- * 
+ *
  *
  * This routine will match a string with a shell expression. The expressions
  * accepted are based loosely on the expressions accepted by zsh.
- * 
+ *
  * o * matches anything
  * o ? matches one character
  * o \ will escape a special character
@@ -37,16 +37,16 @@
  *     matching the shell expression from the match list
  * o (foo|bar) will match either the substring foo, or the substring bar.
  *             These can be shell expressions as well.
- * 
+ *
  * The public interface to these routines is documented in
  * public/base/shexp.h.
- * 
+ *
  * Rob McCool
- * 
+ *
  */
 
 /*
- * Requires that the macro MALLOC be set to a "safe" malloc that will 
+ * Requires that the macro MALLOC be set to a "safe" malloc that will
  * exit if no memory is available. If not under MCC httpd, define MALLOC
  * to be the real malloc and play with fire, or make your own function.
  */
@@ -56,7 +56,7 @@
 #endif /* !NETSITE_H */
 
 #ifndef OS_CTYPE_H
-#include <ctype.h>  /* isalnum */
+#include <ctype.h> /* isalnum */
 #define OS_CTYPE_H
 #endif /* !OS_CTYPE_H */
 

include/base/systems.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef BASE_SYSTEMS_H
@@ -20,8 +20,8 @@
 
 /*
  * systems.h: Lists of defines for systems
- * 
- * This sets what general flavor the system is (UNIX, etc.), 
+ *
+ * This sets what general flavor the system is (UNIX, etc.),
  * and defines what extra functions your particular system needs.
  */
 
@@ -58,7 +58,7 @@
 #define JAVA_STATIC_LINK
 #undef NEED_CRYPT_H
 #define NET_SOCKETS
-#define SA_HANDLER_T(x) (void (*)(int))x
+#define SA_HANDLER_T(x) (void (*)(int)) x
 /* warning: mmap doesn't work under 9.04 */
 #define SHMEM_MMAP_FLAGS MAP_FILE | MAP_VARIABLE | MAP_SHARED
 
@@ -114,8 +114,8 @@
 #define NEED_GHN_PROTO
 #endif
 #define NET_SOCKETS
-#if OSVERSION > 504 
-#define SA_HANDLER_T(x) x 
+#if OSVERSION > 504
+#define SA_HANDLER_T(x) x
 #endif
 #define SHMEM_MMAP_FLAGS MAP_SHARED
 
@@ -186,7 +186,7 @@
 #endif /* !DAEMON_LISTEN_SIZE */
 
 #ifndef SA_HANDLER_T
-#define SA_HANDLER_T(x) (void (*)())x 
+#define SA_HANDLER_T(x) (void (*)()) x
 #endif
 
 #ifdef HAS_CONSTVALUED_STRFUNCS

include/base/systhr.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef BASE_SYSTHR_H
@@ -20,7 +20,7 @@
 
 /*
  * systhr.h: Abstracted threading mechanisms
- * 
+ *
  * Rob McCool
  */
 
@@ -61,7 +61,7 @@ NSAPI_PUBLIC void *INTsysthread_getdata(int key);
 
 NSAPI_PUBLIC void INTsysthread_setdata(int key, void *data);
 
-NSAPI_PUBLIC 
+NSAPI_PUBLIC
 void INTsysthread_set_default_stacksize(unsigned long size);
 
 NSPR_END_EXTERN_C

include/base/util.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef BASE_UTIL_H
@@ -19,9 +19,9 @@
 #endif /* !NOINTNSAPI */
 
 /*
- * util.h: A hodge podge of utility functions and standard functions which 
+ * util.h: A hodge podge of utility functions and standard functions which
  *         are unavailable on certain systems
- * 
+ *
  * Rob McCool
  */
 
@@ -44,20 +44,19 @@ NSAPI_PUBLIC
 int INTutil_vsprintf(char *s, register const char *fmt, va_list args);
 
 NSAPI_PUBLIC int INTutil_sprintf(char *s, const char *fmt, ...)
-#ifdef __GNUC__ 
-        __attribute__ ((format (printf, 2, 3)));
+#ifdef __GNUC__
+    __attribute__((format(printf, 2, 3)));
 #else
-        ;
+    ;
 #endif
 
-NSAPI_PUBLIC int INTutil_vsnprintf(char *s, int n, register const char *fmt, 
-                                  va_list args);
+NSAPI_PUBLIC int INTutil_vsnprintf(char *s, int n, register const char *fmt, va_list args);
 
 NSAPI_PUBLIC int INTutil_snprintf(char *s, int n, const char *fmt, ...)
-#ifdef __GNUC__ 
-        __attribute__ ((format (printf, 3, 4)));
+#ifdef __GNUC__
+    __attribute__((format(printf, 3, 4)));
 #else
-        ;
+    ;
 #endif
 
 NSAPI_PUBLIC int INTutil_strftime(char *s, const char *format, const struct tm *t);

include/i18n.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 
@@ -28,27 +28,27 @@
 */
 typedef struct
 {
-	char *path;
-	char *package;
+    char *path;
+    char *package;
     void *propset;
 } Resource;
 
 /*******************************************************************************/
-/* 
+/*
  * this table contains library name
  * (stored in the first string entry, with id=0),
- * and the id/string pairs which are used by library  
+ * and the id/string pairs which are used by library
  */
 
 typedef struct res_RESOURCE_TABLE
 {
-  int id;
-  char *str;
+    int id;
+    char *str;
 } res_RESOURCE_TABLE;
 
 /*******************************************************************************/
 
-/* 
+/*
  * resource global contains resource table list which is used
  * to generate the database.
  * Also used for "in memory" version of XP_GetStringFromDatabase()
@@ -56,7 +56,7 @@ typedef struct res_RESOURCE_TABLE
 
 typedef struct res_RESOURCE_GLOBAL
 {
-  res_RESOURCE_TABLE  *restable;
+    res_RESOURCE_TABLE *restable;
 } res_RESOURCE_GLOBAL;
 
 /*******************************************************************************/
@@ -79,21 +79,28 @@ typedef struct res_RESOURCE_GLOBAL
  * RESOURCE_STR is used by makstrdb.c only.  It is not used by getstrdb.c or
  * in library or application source code.
  */
- 
-#ifdef  RESOURCE_STR
+
+#ifdef RESOURCE_STR
 #define BEGIN_STR(argLibraryName) \
-                          RESOURCE_TABLE argLibraryName[] = { {0, #argLibraryName},
-#define ResDef(argToken,argID,argString) \
-                          {argID, argString},
+    RESOURCE_TABLE argLibraryName[] = {{0, #argLibraryName},
+#define ResDef(argToken, argID, argString) \
+    {argID, argString},
 #define END_STR(argLibraryName) \
-                          {0, 0} };
+    {                           \
+        0, 0                    \
+    }                           \
+    }                           \
+    ;
 #else
 #define BEGIN_STR(argLibraryName) \
-                          enum {
-#define ResDef(argToken,argID,argString) \
-                          argToken = argID,
+    enum                          \
+    {
+#define ResDef(argToken, argID, argString) \
+    argToken = argID,
 #define END_STR(argLibraryName) \
-                          argLibraryName ## top };
+    argLibraryName##top         \
+    }                           \
+    ;
 #endif
 
 #endif /* COPIED_FROM_LIBADMINUTIL_RESOURCE_H */
@@ -105,23 +112,23 @@ typedef res_RESOURCE_GLOBAL RESOURCE_GLOBAL;
 /*******************************************************************************/
 
 /*
- * In accordance with the recommendations in the 
+ * In accordance with the recommendations in the
  * "Netscape Coding Standard for Server Internationalization",
  * the following aliases are defined for fprintf, et al., and
  * these aliases should be used to clearly indicate the intended
  * destination for output.
  */
 
-#define AdminFprintf  fprintf
-#define DebugFprintf  fprintf
+#define AdminFprintf fprintf
+#define DebugFprintf fprintf
 
 #define ClientSprintf sprintf
-#define AdminSprintf  sprintf
-#define DebugSprintf  sprintf
+#define AdminSprintf sprintf
+#define DebugSprintf sprintf
 
-#define ClientFputs   fputs
-#define AdminFputs    fputs
-#define DebugFputs    fputs
+#define ClientFputs fputs
+#define AdminFputs fputs
+#define DebugFputs fputs
 
 /* more #define, as needed */
 
@@ -133,8 +140,7 @@ typedef res_RESOURCE_GLOBAL RESOURCE_GLOBAL;
 
 
 #ifdef __cplusplus
-extern "C" 
-{
+extern "C" {
 #endif
 
 
@@ -143,9 +149,9 @@ extern "C"
 /******************************/
 
 NSAPI_PUBLIC
-extern const char*
-XP_GetStringFromDatabase(const char* strLibraryName,
-                         const char* strLanguage,
+extern const char *
+XP_GetStringFromDatabase(const char *strLibraryName,
+                         const char *strLanguage,
                          int iToken);
 
 #ifdef __cplusplus
@@ -175,10 +181,10 @@ extern void XP_PrintStringDatabase(void);
  * (need one argument instead of three)
  */
 
-#define XP_GetAdminStr(DBTTokenName)                   \
-        XP_GetStringFromDatabase(LIBRARY_NAME,         \
-                                 "en",   \
-                                 DBTTokenName)
+#define XP_GetAdminStr(DBTTokenName)       \
+    XP_GetStringFromDatabase(LIBRARY_NAME, \
+                             "en",         \
+                             DBTTokenName)
 
 /*******************************************************************************/
 

include/ldaputil/cert.h

@@ -4,25 +4,25 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef _LDAPU_CERT_H
 #define _LDAPU_CERT_H
 
 #ifndef NSAPI_PUBLIC
-#define NSAPI_PUBLIC 
+#define NSAPI_PUBLIC
 #endif
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
-NSAPI_PUBLIC int ldapu_get_cert (void *SSLendpoint, void **cert);
+NSAPI_PUBLIC int ldapu_get_cert(void *SSLendpoint, void **cert);
 
 #ifdef __cplusplus
 }

include/ldaputil/certmap.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #pragma once
@@ -22,12 +22,12 @@
 #endif
 
 
-#define LDAPU_ATTR_INITFN		"InitFn"
-#define LDAPU_ATTR_LIBRARY		"library"
-#define LDAPU_ATTR_DNCOMPS		"DNComps"
-#define LDAPU_ATTR_FILTERCOMPS		"FilterComps"
-#define LDAPU_ATTR_VERIFYCERT 		"VerifyCert"
-#define LDAPU_ATTR_CERTMAP_LDAP_ATTR 	"CmapLdapAttr"
+#define LDAPU_ATTR_INITFN "InitFn"
+#define LDAPU_ATTR_LIBRARY "library"
+#define LDAPU_ATTR_DNCOMPS "DNComps"
+#define LDAPU_ATTR_FILTERCOMPS "FilterComps"
+#define LDAPU_ATTR_VERIFYCERT "VerifyCert"
+#define LDAPU_ATTR_CERTMAP_LDAP_ATTR "CmapLdapAttr"
 
 
 /*
@@ -36,29 +36,28 @@
  *  called by the function ldapu_cert_to_ldap_entry.
  * Parameters:
  *  cert         -  cert to be mapped.  You can pass this to
- *		    functions ldapu_get_cert_XYZ.
- *  ld		 -  Handle to the connection to the directory server.
- *  certmap_info -  This structure contains information about the 
- *		    configuration parameters for the cert's issuer (CA).
- *		    This structure can be passed to the function
- *		    ldapu_certmap_info_attrval to get value for a particular
- *		    configuration attribute (or a property).
- *  ldapdn	 -  The mapping function should allocate memory for ldapdn
- *		    using malloc and set this variable using the 'cert' and
- *		    'certmap_info'.  This DN will be used for ldap lookup.
- *  filter	 -  The mapping function should allocate memory for filter
- *		    using malloc and set this variable using the 'cert' and
- *		    'certmap_info'.  This will be used as ldap filter for ldap
- *		    lookup of the ldapdn.
+ *            functions ldapu_get_cert_XYZ.
+ *  ld         -  Handle to the connection to the directory server.
+ *  certmap_info -  This structure contains information about the
+ *            configuration parameters for the cert's issuer (CA).
+ *            This structure can be passed to the function
+ *            ldapu_certmap_info_attrval to get value for a particular
+ *            configuration attribute (or a property).
+ *  ldapdn     -  The mapping function should allocate memory for ldapdn
+ *            using malloc and set this variable using the 'cert' and
+ *            'certmap_info'.  This DN will be used for ldap lookup.
+ *  filter     -  The mapping function should allocate memory for filter
+ *            using malloc and set this variable using the 'cert' and
+ *            'certmap_info'.  This will be used as ldap filter for ldap
+ *            lookup of the ldapdn.
  *
  * Return Value:
  *  return LDAPU_SUCCESS upon successful completion (cert is mapped)
  *  return LDAPU_FAILED there is no unexpected error but cert could not
- *		    mapped (probably because ldap entry doesn't exist).
+ *            mapped (probably because ldap entry doesn't exist).
  *  otherwise return LDAPU_CERT_MAP_FUNCTION_FAILED.
  */
-typedef int (*CertMapFn_t)(void *cert, LDAP *ld, void *certmap_info,
-			   char **ldapdn, char **filter);
+typedef int (*CertMapFn_t)(void *cert, LDAP *ld, void *certmap_info, char **ldapdn, char **filter);
 
 
 /*
@@ -68,31 +67,31 @@ typedef int (*CertMapFn_t)(void *cert, LDAP *ld, void *certmap_info,
  *  function.  The candidate 'dn' and 'filter' returned by the mapping
  *  function is passed to this function.
  *  The default search function works as follows:
- *	1.  If the 'filter' is NULL, default it to 'objectclass=*'.
- *	2.  If the 'dn' is non-NULL, do a base level search with the 'dn' and
- *	    'filter'.  If it succeeds, we are done.  If there is no serious
- *	    error (LDAP_NO_SUCH_OBJECT is not serious error yet), continue.
- *	3.  If the 'dn' is NULL, default it to 'basedn'.
- *	4.  Perform a 'subtree' search in LDAP for the 'dn' and the 'filter'.
- *	5.  Return the results of the last search.
+ *    1.  If the 'filter' is NULL, default it to 'objectclass=*'.
+ *    2.  If the 'dn' is non-NULL, do a base level search with the 'dn' and
+ *        'filter'.  If it succeeds, we are done.  If there is no serious
+ *        error (LDAP_NO_SUCH_OBJECT is not serious error yet), continue.
+ *    3.  If the 'dn' is NULL, default it to 'basedn'.
+ *    4.  Perform a 'subtree' search in LDAP for the 'dn' and the 'filter'.
+ *    5.  Return the results of the last search.
  * Parameters:
  *  cert         -  cert to be mapped.  You can pass this to
- *		    functions ldapu_get_cert_XYZ.
- *  ld		 -  Handle to the connection to the directory server.
- *  certmap_info -  This structure contains information about the 
- *		    configuration parameters for the cert's issuer (CA).
- *		    This structure can be passed to the function
- *		    ldapu_certmap_info_attrval to get value for a particular
- *		    configuration attribute (or a property).
- *  suffix	 -  If the ldapdn is empty then use this DN to begin the
- *		    search.  This is the DN of the root object in LDAP
- *		    Directory.
- *  ldapdn	 -  candidate 'dn' returned by the mapping function.
- *  filter	 -  returned by the mapping function.
- *  attrs	 -  list of attributes to return from the search.  If this is
- *		    NULL, all attributes are returned.
- *  res		 -  result of the search which is passed to the verify
- *		    function.
+ *            functions ldapu_get_cert_XYZ.
+ *  ld         -  Handle to the connection to the directory server.
+ *  certmap_info -  This structure contains information about the
+ *            configuration parameters for the cert's issuer (CA).
+ *            This structure can be passed to the function
+ *            ldapu_certmap_info_attrval to get value for a particular
+ *            configuration attribute (or a property).
+ *  suffix     -  If the ldapdn is empty then use this DN to begin the
+ *            search.  This is the DN of the root object in LDAP
+ *            Directory.
+ *  ldapdn     -  candidate 'dn' returned by the mapping function.
+ *  filter     -  returned by the mapping function.
+ *  attrs     -  list of attributes to return from the search.  If this is
+ *            NULL, all attributes are returned.
+ *  res         -  result of the search which is passed to the verify
+ *            function.
  *
  * Return Value:
  *  return LDAPU_SUCCESS upon successful completion
@@ -100,10 +99,7 @@ typedef int (*CertMapFn_t)(void *cert, LDAP *ld, void *certmap_info,
  *  'dn' and 'filter' doesn't exist.
  *  otherwise return LDAPU_CERT_SEARCH_FUNCTION_FAILED.
  */
-typedef int (*CertSearchFn_t)(void *cert, LDAP *ld, void *certmap_info,
-			      const char *suffix, const char *ldapdn,
-			      const char *filter, const char **attrs,
-			      LDAPMessage ***res);
+typedef int (*CertSearchFn_t)(void *cert, LDAP *ld, void *certmap_info, const char *suffix, const char *ldapdn, const char *filter, const char **attrs, LDAPMessage ***res);
 
 
 /*
@@ -116,29 +112,27 @@ typedef int (*CertSearchFn_t)(void *cert, LDAP *ld, void *certmap_info,
  *  and check which one is appropriate.  The pointer to that entry must be
  *  passed back in the 'LDAPMessage **entry' parameter.
  * Parameters:
- *  cert	 -  Original cert to be mapped.  You can pass this to
- *		    functions ldapu_get_cert_XYZ.
- *  ld		 -  Handle to the connection to the directory server.
- *  certmap_info -  This structure contains information about the 
- *		    configuration parameters for the cert's issuer (CA).
- *		    This structure can be passed to the function
- *		    ldapu_certmap_info_attrval to get value for a particular
- *		    configuration attribute (or a property).
- *  res		 -  cert is first mapped to ldapdn and filter.  'res' is the
- *		    result of ldap search using the ldapdn and filter.
- *		    'ld' and 'res' can be used in the calls to ldapsdk API.
- *  entry	 -  pointer to the entry from 'res' which is the correct match
- *		    according to the verify function.
- *		    
+ *  cert     -  Original cert to be mapped.  You can pass this to
+ *            functions ldapu_get_cert_XYZ.
+ *  ld         -  Handle to the connection to the directory server.
+ *  certmap_info -  This structure contains information about the
+ *            configuration parameters for the cert's issuer (CA).
+ *            This structure can be passed to the function
+ *            ldapu_certmap_info_attrval to get value for a particular
+ *            configuration attribute (or a property).
+ *  res         -  cert is first mapped to ldapdn and filter.  'res' is the
+ *            result of ldap search using the ldapdn and filter.
+ *            'ld' and 'res' can be used in the calls to ldapsdk API.
+ *  entry     -  pointer to the entry from 'res' which is the correct match
+ *            according to the verify function.
+ *
  * Return Values:
  *  return LDAPU_SUCCESS upon successful completion (cert is verified)
  *  return LDAPU_FAILED there is no unexpected error but cert could not
- *			verified (probably because it was revoked).
+ *            verified (probably because it was revoked).
  *  otherwise return LDAPU_CERT_VERIFY_FUNCTION_FAILED.
  */
-typedef int (*CertVerifyFn_t)(void *cert, LDAP *ld, void *certmap_info,
-			      LDAPMessage *res, LDAPMessage **entry);
-
+typedef int (*CertVerifyFn_t)(void *cert, LDAP *ld, void *certmap_info, LDAPMessage *res, LDAPMessage **entry);
 
 
 /*
@@ -151,31 +145,32 @@ typedef int (*CertVerifyFn_t)(void *cert, LDAP *ld, void *certmap_info,
  *  When the config file is loaded, any user defined init functions will be
  *  called with the certmap_info pertaining to the issuer (CA).
  * Parameters:
- *  certmap_info -  This structure contains information about the 
- *		    configuration parameters for the cert's issuer (CA).
- *		    This structure can be passed to the function
- *		    ldapu_certmap_info_attrval to get value for a particular
- *		    configuration attribute (or a property).
- * 
+ *  certmap_info -  This structure contains information about the
+ *            configuration parameters for the cert's issuer (CA).
+ *            This structure can be passed to the function
+ *            ldapu_certmap_info_attrval to get value for a particular
+ *            configuration attribute (or a property).
+ *
  * Return Value:
  *  return LDAPU_SUCCESS upon successful completion
  *  otherwise return LDAPU_CERT_MAP_INITFN_FAILED.  The server startup will be
  *  aborted if the return value is not LDAPU_SUCCESS.
  */
-typedef int (*CertMapInitFn_t)(void *certmap_info, const char *issuerName,
-			       const char *issuerDN, const char *libname);
+typedef int (*CertMapInitFn_t)(void *certmap_info, const char *issuerName, const char *issuerDN, const char *libname);
 
 /*
  * Refer to the description of the function ldapu_get_cert_ava_val
  */
-enum {
+enum
+{
     LDAPU_SUBJECT_DN,
     LDAPU_ISSUER_DN
 };
 
 /* end extcmap */
 
-enum {
+enum
+{
     LDAPU_STR_FILTER_DEFAULT,
     LDAPU_STR_FILTER_USER,
     LDAPU_STR_FILTER_GROUP,
@@ -190,18 +185,19 @@ enum {
 #ifdef DEFINE_LDAPU_STRINGS
 /* used only in certmap.c and ldaputil.c */
 static char *ldapu_strings[] = {
-    "objectclass=*",		/* LDAPU_STR_DEFAULT */
-    "uid=%s",			/* LDAPU_STR_FILTER_USER */
+    "objectclass=*",                                                               /* LDAPU_STR_DEFAULT */
+    "uid=%s",                                                                      /* LDAPU_STR_FILTER_USER */
     "(& (cn=%s) (| (objectclass=groupofuniquenames) (objectclass=groupofnames)))", /* LDAPU_STR_FILTER_GROUP */
-    "(| (uniquemember=%s) (member=%s))",	/* LDAPU_STR_FILTER_MEMBER */
-    "(& %s (| (objectclass=groupofuniquenames) (objectclass=groupofnames))", /* LDAPU_STR_FILTER_MEMBER_RECURSE */
-    "uid",			/* LDAPU_STR_ATTR_USER */
-    "userCertificate;binary",	/* LDAPU_STR_ATTR_CERT */
-    "userCertificate"	/* LDAPU_STR_ATTR_CERT_NOSUBTYPE */
+    "(| (uniquemember=%s) (member=%s))",                                           /* LDAPU_STR_FILTER_MEMBER */
+    "(& %s (| (objectclass=groupofuniquenames) (objectclass=groupofnames))",       /* LDAPU_STR_FILTER_MEMBER_RECURSE */
+    "uid",                                                                         /* LDAPU_STR_ATTR_USER */
+    "userCertificate;binary",                                                      /* LDAPU_STR_ATTR_CERT */
+    "userCertificate"                                                              /* LDAPU_STR_ATTR_CERT_NOSUBTYPE */
 };
 #endif /* DEFINE_LDAPU_STRINGS */
 
-typedef struct {
+typedef struct
+{
     char *str;
     int size;
     int len;
@@ -211,69 +207,66 @@ typedef struct {
 extern "C" {
 #endif
 
-NSAPI_PUBLIC int ldapu_cert_to_ldap_entry (void *cert, LDAP *ld,
-					   const char *basedn,
-					   LDAPMessage **res);
+NSAPI_PUBLIC int ldapu_cert_to_ldap_entry(void *cert, LDAP *ld, const char *basedn, LDAPMessage **res);
 
-NSAPI_PUBLIC int ldapu_set_cert_mapfn (const char *issuerDN,
-				       CertMapFn_t mapfn);
+NSAPI_PUBLIC int ldapu_set_cert_mapfn(const char *issuerDN,
+                                      CertMapFn_t mapfn);
 
 
-NSAPI_PUBLIC CertMapFn_t ldapu_get_cert_mapfn (const char *issuerDN);
+NSAPI_PUBLIC CertMapFn_t ldapu_get_cert_mapfn(const char *issuerDN);
 
-NSAPI_PUBLIC int ldapu_set_cert_searchfn (const char *issuerDN,
-					  CertSearchFn_t searchfn);
+NSAPI_PUBLIC int ldapu_set_cert_searchfn(const char *issuerDN,
+                                         CertSearchFn_t searchfn);
 
 
-NSAPI_PUBLIC CertSearchFn_t ldapu_get_cert_searchfn (const char *issuerDN);
+NSAPI_PUBLIC CertSearchFn_t ldapu_get_cert_searchfn(const char *issuerDN);
 
-NSAPI_PUBLIC int ldapu_set_cert_verifyfn (const char *issuerDN,
-					  CertVerifyFn_t verifyFn);
+NSAPI_PUBLIC int ldapu_set_cert_verifyfn(const char *issuerDN,
+                                         CertVerifyFn_t verifyFn);
 
-NSAPI_PUBLIC CertVerifyFn_t ldapu_get_cert_verifyfn (const char *issuerDN);
+NSAPI_PUBLIC CertVerifyFn_t ldapu_get_cert_verifyfn(const char *issuerDN);
 
 
-NSAPI_PUBLIC int ldapu_get_cert_subject_dn (void *cert, char **subjectDN);
+NSAPI_PUBLIC int ldapu_get_cert_subject_dn(void *cert, char **subjectDN);
 
 
-NSAPI_PUBLIC int ldapu_get_cert_issuer_dn (void *cert, char **issuerDN);
+NSAPI_PUBLIC int ldapu_get_cert_issuer_dn(void *cert, char **issuerDN);
 
 
-NSAPI_PUBLIC int ldapu_get_cert_ava_val (void *cert, int which_dn,
-					 const char *attr, char ***val);
+NSAPI_PUBLIC int ldapu_get_cert_ava_val(void *cert, int which_dn, const char *attr, char ***val);
 
 
-NSAPI_PUBLIC int ldapu_free_cert_ava_val (char **val);
+NSAPI_PUBLIC int ldapu_free_cert_ava_val(char **val);
 
 
-NSAPI_PUBLIC int ldapu_get_cert_der (void *cert, unsigned char **derCert,
-				     unsigned int *len);
+NSAPI_PUBLIC int ldapu_get_cert_der(void *cert, unsigned char **derCert, unsigned int *len);
 
 
-NSAPI_PUBLIC int ldapu_issuer_certinfo (const char *issuerDN,
-					void **certmap_info);
+NSAPI_PUBLIC int ldapu_issuer_certinfo(const char *issuerDN,
+                                       void **certmap_info);
 
 
-NSAPI_PUBLIC int ldapu_certmap_info_attrval (void *certmap_info,
-					     const char *attr, char **val);
+NSAPI_PUBLIC int ldapu_certmap_info_attrval(void *certmap_info,
+                                            const char *attr,
+                                            char **val);
 
 
-NSAPI_PUBLIC char *ldapu_err2string (int err);
+NSAPI_PUBLIC char *ldapu_err2string(int err);
 
 /* Keep the old fn for backward compatibility */
-NSAPI_PUBLIC void ldapu_free_old (char *ptr);
+NSAPI_PUBLIC void ldapu_free_old(char *ptr);
 
 
-NSAPI_PUBLIC void *ldapu_malloc (int size);
+NSAPI_PUBLIC void *ldapu_malloc(int size);
 
 
-NSAPI_PUBLIC char *ldapu_strdup (const char *ptr);
+NSAPI_PUBLIC char *ldapu_strdup(const char *ptr);
 
 
-NSAPI_PUBLIC void *ldapu_realloc (void *ptr, int size);
+NSAPI_PUBLIC void *ldapu_realloc(void *ptr, int size);
 
 
-NSAPI_PUBLIC void ldapu_free (void *ptr);
+NSAPI_PUBLIC void ldapu_free(void *ptr);
 
 
 NSAPI_PUBLIC int ldaputil_exit(void);
@@ -281,4 +274,3 @@ NSAPI_PUBLIC int ldaputil_exit(void);
 #ifdef __cplusplus
 }
 #endif
-

include/ldaputil/dbconf.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef _LDAPU_DBCONF_H
@@ -17,26 +17,29 @@
 #include <stdio.h>
 
 #ifndef NSAPI_PUBLIC
-#define NSAPI_PUBLIC 
+#define NSAPI_PUBLIC
 #endif
 
-typedef struct dbconf_propval {
-    char *prop;			    /* Property name */
-    char *val;			    /* Property value */
-    struct dbconf_propval *next;    /* Pointer to the next prop-val pair */
+typedef struct dbconf_propval
+{
+    char *prop;                  /* Property name */
+    char *val;                   /* Property value */
+    struct dbconf_propval *next; /* Pointer to the next prop-val pair */
 } DBPropVal_t;
 
-typedef struct dbconf_dbinfo {
-    char *dbname;		/* Database name */
-    char *url;			/* Database URL */
-    DBPropVal_t *firstprop;	/* pointer to first property-value pair */
-    DBPropVal_t *lastprop;	/* pointer to last property-value pair */
-    struct dbconf_dbinfo *next;	/* pointer to next db info */
+typedef struct dbconf_dbinfo
+{
+    char *dbname;               /* Database name */
+    char *url;                  /* Database URL */
+    DBPropVal_t *firstprop;     /* pointer to first property-value pair */
+    DBPropVal_t *lastprop;      /* pointer to last property-value pair */
+    struct dbconf_dbinfo *next; /* pointer to next db info */
 } DBConfDBInfo_t;
 
-typedef struct {
-    DBConfDBInfo_t *firstdb;	/* pointer to first db info */
-    DBConfDBInfo_t *lastdb;	/* pointer to last db info */
+typedef struct
+{
+    DBConfDBInfo_t *firstdb; /* pointer to first db info */
+    DBConfDBInfo_t *lastdb;  /* pointer to last db info */
 } DBConfInfo_t;
 
 #define DBCONF_DEFAULT_DBNAME "default"
@@ -45,48 +48,46 @@ typedef struct {
 extern "C" {
 #endif
 
-NSAPI_PUBLIC extern int dbconf_read_default_dbinfo (const char *file,
-						    DBConfDBInfo_t **db_info);
-NSAPI_PUBLIC extern int dbconf_read_config_file (const char *file,
-						 DBConfInfo_t **conf_info);
+NSAPI_PUBLIC extern int dbconf_read_default_dbinfo(const char *file,
+                                                   DBConfDBInfo_t **db_info);
+NSAPI_PUBLIC extern int dbconf_read_config_file(const char *file,
+                                                DBConfInfo_t **conf_info);
 
-NSAPI_PUBLIC extern int ldapu_dbinfo_attrval (DBConfDBInfo_t *db_info,
-					      const char *attr, char **val);
+NSAPI_PUBLIC extern int ldapu_dbinfo_attrval(DBConfDBInfo_t *db_info,
+                                             const char *attr,
+                                             char **val);
 
-NSAPI_PUBLIC extern void dbconf_free_confinfo (DBConfInfo_t *conf_info);
-NSAPI_PUBLIC extern void dbconf_free_dbinfo (DBConfDBInfo_t *db_info);
+NSAPI_PUBLIC extern void dbconf_free_confinfo(DBConfInfo_t *conf_info);
+NSAPI_PUBLIC extern void dbconf_free_dbinfo(DBConfDBInfo_t *db_info);
 
-extern void dbconf_free_propval (DBPropVal_t *propval);
+extern void dbconf_free_propval(DBPropVal_t *propval);
 
-extern void dbconf_print_confinfo (DBConfInfo_t *conf_info);
-extern void dbconf_print_dbinfo (DBConfDBInfo_t *db_info);
-extern void dbconf_print_propval (DBPropVal_t *propval);
+extern void dbconf_print_confinfo(DBConfInfo_t *conf_info);
+extern void dbconf_print_dbinfo(DBConfDBInfo_t *db_info);
+extern void dbconf_print_propval(DBPropVal_t *propval);
 
 
-NSAPI_PUBLIC int dbconf_output_db_directive (FILE *fp, const char *dbname,
-				       const char *url);
+NSAPI_PUBLIC int dbconf_output_db_directive(FILE *fp, const char *dbname, const char *url);
 
-NSAPI_PUBLIC int dbconf_output_propval (FILE *fp, const char *dbname,
-				  const char *prop, const char *val,
-				  const int encoded);
+NSAPI_PUBLIC int dbconf_output_propval(FILE *fp, const char *dbname, const char *prop, const char *val, const int encoded);
 
 /* Following functions are required by certmap.c file */
-extern int dbconf_read_config_file_sub (const char *file,
-					const char *directive,
-					const int directive_len,
-					DBConfInfo_t **conf_info_out);
+extern int dbconf_read_config_file_sub(const char *file,
+                                       const char *directive,
+                                       const int directive_len,
+                                       DBConfInfo_t **conf_info_out);
 
-extern int dbconf_read_default_dbinfo_sub (const char *file,
-					   const char *directive,
-					   const int directive_len,
-					   DBConfDBInfo_t **db_info_out);
+extern int dbconf_read_default_dbinfo_sub(const char *file,
+                                          const char *directive,
+                                          const int directive_len,
+                                          DBConfDBInfo_t **db_info_out);
 
-NSAPI_PUBLIC int dbconf_get_dbnames (const char *dbmap, char ***dbnames, int *cnt);
+NSAPI_PUBLIC int dbconf_get_dbnames(const char *dbmap, char ***dbnames, int *cnt);
 
-NSAPI_PUBLIC int dbconf_free_dbnames (char **dbnames);
+NSAPI_PUBLIC int dbconf_free_dbnames(char **dbnames);
 
 
-extern int ldapu_strcasecmp (const char *s1, const char *s2); 
+extern int ldapu_strcasecmp(const char *s1, const char *s2);
 
 #ifdef __cplusplus
 }

include/ldaputil/encode.h

@@ -4,18 +4,18 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef _LDAPU_ENCODE_H
 #define _LDAPU_ENCODE_H
 
 #ifndef NSAPI_PUBLIC
-#define NSAPI_PUBLIC 
+#define NSAPI_PUBLIC
 #endif
 
 #ifdef __cplusplus
@@ -24,7 +24,7 @@ extern "C" {
 
 NSAPI_PUBLIC extern char *dbconf_encodeval(const char *val);
 
-NSAPI_PUBLIC extern char *dbconf_decodeval (const char *val);
+NSAPI_PUBLIC extern char *dbconf_decodeval(const char *val);
 
 #ifdef __cplusplus
 }

include/ldaputil/errors.h

@@ -4,98 +4,97 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #pragma once
 
 #ifndef NSAPI_PUBLIC
-#define NSAPI_PUBLIC 
+#define NSAPI_PUBLIC
 #endif
 
 #ifdef DBG_PRINT
 #include <stdio.h>
 #define DBG_PRINT1(x) fprintf(stderr, x)
-#define DBG_PRINT2(x,y) fprintf(stderr, x, y)
-#define DBG_PRINT3(x,y,z) fprintf(stderr, x, y, z)
-#define DBG_PRINT4(x,y,z,a) fprintf(stderr, x, y, z, a)
+#define DBG_PRINT2(x, y) fprintf(stderr, x, y)
+#define DBG_PRINT3(x, y, z) fprintf(stderr, x, y, z)
+#define DBG_PRINT4(x, y, z, a) fprintf(stderr, x, y, z, a)
 #else
-#define DBG_PRINT1(x) 
-#define DBG_PRINT2(x,y) 
-#define DBG_PRINT3(x,y,z) 
-#define DBG_PRINT4(x,y,z,a) 
+#define DBG_PRINT1(x)
+#define DBG_PRINT2(x, y)
+#define DBG_PRINT3(x, y, z)
+#define DBG_PRINT4(x, y, z, a)
 #endif
 
 /* Common error codes */
-#define LDAPU_ERR_NOT_IMPLEMENTED	     -1000
-#define LDAPU_ERR_INTERNAL		     -1001
+#define LDAPU_ERR_NOT_IMPLEMENTED -1000
+#define LDAPU_ERR_INTERNAL -1001
 
-#define LDAPU_SUCCESS              0
-#define LDAPU_FAILED              -1
-#define LDAPU_CERT_MAP_FUNCTION_FAILED    -2
+#define LDAPU_SUCCESS 0
+#define LDAPU_FAILED -1
+#define LDAPU_CERT_MAP_FUNCTION_FAILED -2
 #define LDAPU_CERT_SEARCH_FUNCTION_FAILED -3
 #define LDAPU_CERT_VERIFY_FUNCTION_FAILED -4
-#define LDAPU_CERT_MAP_INITFN_FAILED      -5
+#define LDAPU_CERT_MAP_INITFN_FAILED -5
 
 /* Error codes returned by ldapdb.c */
-#define LDAPU_ERR_OUT_OF_MEMORY		     -110
-#define LDAPU_ERR_URL_INVALID_PREFIX	     -112
-#define LDAPU_ERR_URL_NO_BASEDN		     -113
-#define LDAPU_ERR_URL_PARSE_FAILED	     -114
-    
-#define LDAPU_ERR_LDAP_INIT_FAILED	     -120
-#define LDAPU_ERR_LCACHE_INIT_FAILED	     -121 
-#define LDAPU_ERR_LDAP_SET_OPTION_FAILED     -122 
-#define LDAPU_ERR_NO_DEFAULT_CERTDB          -123
+#define LDAPU_ERR_OUT_OF_MEMORY -110
+#define LDAPU_ERR_URL_INVALID_PREFIX -112
+#define LDAPU_ERR_URL_NO_BASEDN -113
+#define LDAPU_ERR_URL_PARSE_FAILED -114
+
+#define LDAPU_ERR_LDAP_INIT_FAILED -120
+#define LDAPU_ERR_LCACHE_INIT_FAILED -121
+#define LDAPU_ERR_LDAP_SET_OPTION_FAILED -122
+#define LDAPU_ERR_NO_DEFAULT_CERTDB -123
 
 /* Errors returned by dbconf.c */
-#define LDAPU_ERR_CANNOT_OPEN_FILE	     -141
-#define LDAPU_ERR_DBNAME_IS_MISSING	     -142
-#define LDAPU_ERR_PROP_IS_MISSING	     -143
-#define LDAPU_ERR_DIRECTIVE_IS_MISSING	     -145
-#define LDAPU_ERR_NOT_PROPVAL		     -146
-#define LDAPU_ATTR_NOT_FOUND		     -147
+#define LDAPU_ERR_CANNOT_OPEN_FILE -141
+#define LDAPU_ERR_DBNAME_IS_MISSING -142
+#define LDAPU_ERR_PROP_IS_MISSING -143
+#define LDAPU_ERR_DIRECTIVE_IS_MISSING -145
+#define LDAPU_ERR_NOT_PROPVAL -146
+#define LDAPU_ATTR_NOT_FOUND -147
 
 /* Error codes returned by certmap.c */
-#define LDAPU_ERR_NO_ISSUERDN_IN_CERT	     -181
+#define LDAPU_ERR_NO_ISSUERDN_IN_CERT -181
 #define LDAPU_ERR_NO_ISSUERDN_IN_CONFIG_FILE -182
-#define LDAPU_ERR_CERTMAP_INFO_MISSING	     -183
-#define LDAPU_ERR_MALFORMED_SUBJECT_DN	     -184
-#define LDAPU_ERR_MAPPED_ENTRY_NOT_FOUND     -185
-#define LDAPU_ERR_UNABLE_TO_LOAD_PLUGIN	     -186
-#define LDAPU_ERR_MISSING_INIT_FN_IN_LIB     -187
-#define LDAPU_ERR_MISSING_INIT_FN_IN_CONFIG  -188
-#define LDAPU_ERR_CERT_VERIFY_FAILED	     -189
-#define LDAPU_ERR_CERT_VERIFY_NO_CERTS	     -190
-#define LDAPU_ERR_MISSING_LIBNAME	     -191
-#define LDAPU_ERR_MISSING_INIT_FN_NAME	     -192
+#define LDAPU_ERR_CERTMAP_INFO_MISSING -183
+#define LDAPU_ERR_MALFORMED_SUBJECT_DN -184
+#define LDAPU_ERR_MAPPED_ENTRY_NOT_FOUND -185
+#define LDAPU_ERR_UNABLE_TO_LOAD_PLUGIN -186
+#define LDAPU_ERR_MISSING_INIT_FN_IN_LIB -187
+#define LDAPU_ERR_MISSING_INIT_FN_IN_CONFIG -188
+#define LDAPU_ERR_CERT_VERIFY_FAILED -189
+#define LDAPU_ERR_CERT_VERIFY_NO_CERTS -190
+#define LDAPU_ERR_MISSING_LIBNAME -191
+#define LDAPU_ERR_MISSING_INIT_FN_NAME -192
 
-#define LDAPU_ERR_EMPTY_LDAP_RESULT	     -193
-#define LDAPU_ERR_MULTIPLE_MATCHES	     -194
-#define LDAPU_ERR_MISSING_RES_ENTRY	     -195
-#define LDAPU_ERR_MISSING_UID_ATTR	     -196
-#define LDAPU_ERR_WRONG_ARGS		     -197
-#define LDAPU_ERR_RENAME_FILE_FAILED	     -198
+#define LDAPU_ERR_EMPTY_LDAP_RESULT -193
+#define LDAPU_ERR_MULTIPLE_MATCHES -194
+#define LDAPU_ERR_MISSING_RES_ENTRY -195
+#define LDAPU_ERR_MISSING_UID_ATTR -196
+#define LDAPU_ERR_WRONG_ARGS -197
+#define LDAPU_ERR_RENAME_FILE_FAILED -198
 
-#define LDAPU_ERR_MISSING_VERIFYCERT_VAL     -199
-#define LDAPU_ERR_CANAME_IS_MISSING	     -200
-#define LDAPU_ERR_CAPROP_IS_MISSING	     -201
-#define LDAPU_ERR_UNKNOWN_CERT_ATTR	     -202
-#define LDAPU_ERR_INVALID_ARGUMENT	     -203
-#define LDAPU_ERR_INVALID_SUFFIX	     -204
+#define LDAPU_ERR_MISSING_VERIFYCERT_VAL -199
+#define LDAPU_ERR_CANAME_IS_MISSING -200
+#define LDAPU_ERR_CAPROP_IS_MISSING -201
+#define LDAPU_ERR_UNKNOWN_CERT_ATTR -202
+#define LDAPU_ERR_INVALID_ARGUMENT -203
+#define LDAPU_ERR_INVALID_SUFFIX -204
 
 /* Error codes returned by cert.c */
-#define LDAPU_ERR_EXTRACT_SUBJECTDN_FAILED  -300
-#define LDAPU_ERR_EXTRACT_ISSUERDN_FAILED   -301
-#define LDAPU_ERR_EXTRACT_DERCERT_FAILED    -302
+#define LDAPU_ERR_EXTRACT_SUBJECTDN_FAILED -300
+#define LDAPU_ERR_EXTRACT_ISSUERDN_FAILED -301
+#define LDAPU_ERR_EXTRACT_DERCERT_FAILED -302
 
 /* Error codes returned by ldapauth.c */
-#define LDAPU_ERR_CIRCULAR_GROUPS	    -400
-#define LDAPU_ERR_INVALID_STRING	    -401
-#define LDAPU_ERR_INVALID_STRING_INDEX	    -402
-#define LDAPU_ERR_MISSING_ATTR_VAL	    -403
-
+#define LDAPU_ERR_CIRCULAR_GROUPS -400
+#define LDAPU_ERR_INVALID_STRING -401
+#define LDAPU_ERR_INVALID_STRING_INDEX -402
+#define LDAPU_ERR_MISSING_ATTR_VAL -403

include/ldaputil/init.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef _LDAPU_INIT_H
@@ -18,11 +18,11 @@
 extern "C" {
 #endif
 
-NSAPI_PUBLIC extern int ldaputil_init (const char *config_file,
-				       const char *dllname,
-				       const char *serv_root,
-				       const char *serv_type,
-				       const char *serv_id);
+NSAPI_PUBLIC extern int ldaputil_init(const char *config_file,
+                                      const char *dllname,
+                                      const char *serv_root,
+                                      const char *serv_type,
+                                      const char *serv_id);
 
 #ifdef __cplusplus
 }

include/ldaputil/ldapauth.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 
@@ -18,20 +18,16 @@
 #include <ldap.h>
 
 #ifndef NSAPI_PUBLIC
-#define NSAPI_PUBLIC 
+#define NSAPI_PUBLIC
 #endif
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
-extern int ldapu_find (LDAP *ld, const char *base, int scope,
-		       const char *filter, const char **attrs,
-		       int attrsonly, LDAPMessage **res);
+extern int ldapu_find(LDAP *ld, const char *base, int scope, const char *filter, const char **attrs, int attrsonly, LDAPMessage **res);
 
-int ldapu_find_entire_tree (LDAP *ld, int scope,
-			    const char *filter, const char **attrs,
-			    int attrsonly, LDAPMessage ***res);
+int ldapu_find_entire_tree(LDAP *ld, int scope, const char *filter, const char **attrs, int attrsonly, LDAPMessage ***res);
 
 #ifdef __cplusplus
 }

include/ldaputil/ldaputil.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef _LDAPU_LDAPUTIL_H
@@ -17,80 +17,81 @@
 #include <ldaputil/dbconf.h>
 #include <ldaputil/certmap.h>
 
-typedef struct ldapu_list_node {
-    void *info;				/* pointer to the corresponding info */
-    struct ldapu_list_node *next;	/* pointer to the next node */
-    struct ldapu_list_node *prev;	/* pointer to the prev node */
+typedef struct ldapu_list_node
+{
+    void *info;                   /* pointer to the corresponding info */
+    struct ldapu_list_node *next; /* pointer to the next node */
+    struct ldapu_list_node *prev; /* pointer to the prev node */
 } LDAPUListNode_t;
 
-typedef struct ldapu_list {
+typedef struct ldapu_list
+{
     LDAPUListNode_t *head;
     LDAPUListNode_t *tail;
 } LDAPUList_t;
 
-typedef struct {
-    char *prop;			/* property name */
-    char *val;			/* value -- only char* supported for now */
+typedef struct
+{
+    char *prop; /* property name */
+    char *val;  /* value -- only char* supported for now */
 } LDAPUPropVal_t;
 
 typedef LDAPUList_t LDAPUPropValList_t;
 
-enum {
+enum
+{
     COMPS_COMMENTED_OUT,
     COMPS_EMPTY,
     COMPS_HAS_ATTRS
 };
 
-typedef struct {
-    char *issuerName;		  /* issuer (symbolic/short) name */
-    char *issuerDN;		  /* cert issuer's DN */
-    LDAPUPropValList_t *propval;  /* pointer to the prop-val pairs list */
-    CertMapFn_t mapfn;		  /* cert to ldapdn & filter mapping func */
-    CertVerifyFn_t verifyfn;	  /* verify cert function */
-    CertSearchFn_t searchfn;	  /* search ldap entry function */
-    long dncomps;		  /* bitmask: components to form ldap dn */
-    long filtercomps;		  /* components used to form ldap filter */
-    int verifyCert;		  /* Verify the cert? */
-    char *searchAttr;		  /* LDAP attr used by the search fn */
-    int dncompsState;		  /* Empty, commented out, or attr names */
-    int filtercompsState;	  /* Empty, commented out, or attr names */
+typedef struct
+{
+    char *issuerName;            /* issuer (symbolic/short) name */
+    char *issuerDN;              /* cert issuer's DN */
+    LDAPUPropValList_t *propval; /* pointer to the prop-val pairs list */
+    CertMapFn_t mapfn;           /* cert to ldapdn & filter mapping func */
+    CertVerifyFn_t verifyfn;     /* verify cert function */
+    CertSearchFn_t searchfn;     /* search ldap entry function */
+    long dncomps;                /* bitmask: components to form ldap dn */
+    long filtercomps;            /* components used to form ldap filter */
+    int verifyCert;              /* Verify the cert? */
+    char *searchAttr;            /* LDAP attr used by the search fn */
+    int dncompsState;            /* Empty, commented out, or attr names */
+    int filtercompsState;        /* Empty, commented out, or attr names */
 } LDAPUCertMapInfo_t;
 
 typedef LDAPUList_t LDAPUCertMapListInfo_t;
 
-typedef void * (*LDAPUListNodeFn_t)(void *info, void *arg);
+typedef void *(*LDAPUListNodeFn_t)(void *info, void *arg);
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
-extern int certmap_read_default_certinfo (const char *file);
+extern int certmap_read_default_certinfo(const char *file);
 
-extern int certmap_read_certconfig_file (const char *file);
+extern int certmap_read_certconfig_file(const char *file);
 
-extern void ldapu_certinfo_free (void *certmap_info);
+extern void ldapu_certinfo_free(void *certmap_info);
 
-extern void ldapu_certmap_listinfo_free (void *certmap_listinfo);
+extern void ldapu_certmap_listinfo_free(void *certmap_listinfo);
 
-extern void ldapu_propval_list_free (void *propval_list);
+extern void ldapu_propval_list_free(void *propval_list);
 
 NSAPI_PUBLIC extern int ldaputil_exit(void);
 
-NSAPI_PUBLIC extern int ldapu_cert_to_user (void *cert, LDAP *ld,
-					    const char *basedn,
-					    LDAPMessage **res,
-					    char **user);
+NSAPI_PUBLIC extern int ldapu_cert_to_user(void *cert, LDAP *ld, const char *basedn, LDAPMessage **res, char **user);
 
-NSAPI_PUBLIC extern int ldapu_certmap_init (const char *config_file,
-					    const char *libname,
-					    LDAPUCertMapListInfo_t **certmap_list,
-					    LDAPUCertMapInfo_t
-					    **certmap_default);
+NSAPI_PUBLIC extern int ldapu_certmap_init(const char *config_file,
+                                           const char *libname,
+                                           LDAPUCertMapListInfo_t **certmap_list,
+                                           LDAPUCertMapInfo_t
+                                               **certmap_default);
 
-NSAPI_PUBLIC extern int ldapu_list_alloc (LDAPUList_t **list);
-NSAPI_PUBLIC extern int ldapu_propval_alloc (const char *prop, const char *val,
-					     LDAPUPropVal_t **propval);
-NSAPI_PUBLIC extern int ldapu_list_add_info (LDAPUList_t *list, void *info);
+NSAPI_PUBLIC extern int ldapu_list_alloc(LDAPUList_t **list);
+NSAPI_PUBLIC extern int ldapu_propval_alloc(const char *prop, const char *val, LDAPUPropVal_t **propval);
+NSAPI_PUBLIC extern int ldapu_list_add_info(LDAPUList_t *list, void *info);
 
 #ifndef DONT_USE_LDAP_SSL
 #define USE_LDAP_SSL
@@ -104,32 +105,33 @@ NSAPI_PUBLIC extern int ldapu_list_add_info (LDAPUList_t *list, void *info);
 #define LDAP_CALLBACK
 #endif
 
-typedef struct {
+typedef struct
+{
 #ifdef USE_LDAP_SSL
-    LDAP*       (LDAP_CALL LDAP_CALLBACK *ldapuV_ssl_init)         ( const char*, int, int );
+    LDAP *(LDAP_CALL LDAP_CALLBACK *ldapuV_ssl_init)(const char *, int, int);
 #else
-    LDAP*       (LDAP_CALL LDAP_CALLBACK *ldapuV_init)             ( const char*, int );
+    LDAP *(LDAP_CALL LDAP_CALLBACK *ldapuV_init)(const char *, int);
 #endif
-    int         (LDAP_CALL LDAP_CALLBACK *ldapuV_set_option)       ( LDAP*, int, const void* );
-    int         (LDAP_CALL LDAP_CALLBACK *ldapuV_simple_bind_s)    ( LDAP*, const char*, const char* );
-    int         (LDAP_CALL LDAP_CALLBACK *ldapuV_unbind)           ( LDAP* );
-    int         (LDAP_CALL LDAP_CALLBACK *ldapuV_search_s)         ( LDAP*, const char*, int, const char*, char**, int, LDAPMessage** );
-    int         (LDAP_CALL LDAP_CALLBACK *ldapuV_count_entries)    ( LDAP*, LDAPMessage* );
-    LDAPMessage*(LDAP_CALL LDAP_CALLBACK *ldapuV_first_entry)      ( LDAP*, LDAPMessage* );
-    LDAPMessage*(LDAP_CALL LDAP_CALLBACK *ldapuV_next_entry)       ( LDAP*, LDAPMessage* );
-    int         (LDAP_CALL LDAP_CALLBACK *ldapuV_msgfree)          ( LDAP*, LDAPMessage* );
-    char*       (LDAP_CALL LDAP_CALLBACK *ldapuV_get_dn)           ( LDAP*, LDAPMessage* );
-    void        (LDAP_CALL LDAP_CALLBACK *ldapuV_memfree)          ( LDAP*, void* );
-    char*       (LDAP_CALL LDAP_CALLBACK *ldapuV_first_attribute)  ( LDAP*, LDAPMessage*, BerElement** );
-    char*       (LDAP_CALL LDAP_CALLBACK *ldapuV_next_attribute)   ( LDAP*, LDAPMessage*, BerElement* );
-    void        (LDAP_CALL LDAP_CALLBACK *ldapuV_ber_free)         ( LDAP*, BerElement*, int );
-    char**      (LDAP_CALL LDAP_CALLBACK *ldapuV_get_values)       ( LDAP*, LDAPMessage*, const char* );
-    void        (LDAP_CALL LDAP_CALLBACK *ldapuV_value_free)       ( LDAP*, char** );
-    struct berval**(LDAP_CALL LDAP_CALLBACK *ldapuV_get_values_len)( LDAP*, LDAPMessage*, const char* );
-    void           (LDAP_CALL LDAP_CALLBACK *ldapuV_value_free_len)( LDAP*, struct berval** );
+    int(LDAP_CALL LDAP_CALLBACK *ldapuV_set_option)(LDAP *, int, const void *);
+    int(LDAP_CALL LDAP_CALLBACK *ldapuV_simple_bind_s)(LDAP *, const char *, const char *);
+    int(LDAP_CALL LDAP_CALLBACK *ldapuV_unbind)(LDAP *);
+    int(LDAP_CALL LDAP_CALLBACK *ldapuV_search_s)(LDAP *, const char *, int, const char *, char **, int, LDAPMessage **);
+    int(LDAP_CALL LDAP_CALLBACK *ldapuV_count_entries)(LDAP *, LDAPMessage *);
+    LDAPMessage *(LDAP_CALL LDAP_CALLBACK *ldapuV_first_entry)(LDAP *, LDAPMessage *);
+    LDAPMessage *(LDAP_CALL LDAP_CALLBACK *ldapuV_next_entry)(LDAP *, LDAPMessage *);
+    int(LDAP_CALL LDAP_CALLBACK *ldapuV_msgfree)(LDAP *, LDAPMessage *);
+    char *(LDAP_CALL LDAP_CALLBACK *ldapuV_get_dn)(LDAP *, LDAPMessage *);
+    void(LDAP_CALL LDAP_CALLBACK *ldapuV_memfree)(LDAP *, void *);
+    char *(LDAP_CALL LDAP_CALLBACK *ldapuV_first_attribute)(LDAP *, LDAPMessage *, BerElement **);
+    char *(LDAP_CALL LDAP_CALLBACK *ldapuV_next_attribute)(LDAP *, LDAPMessage *, BerElement *);
+    void(LDAP_CALL LDAP_CALLBACK *ldapuV_ber_free)(LDAP *, BerElement *, int);
+    char **(LDAP_CALL LDAP_CALLBACK *ldapuV_get_values)(LDAP *, LDAPMessage *, const char *);
+    void(LDAP_CALL LDAP_CALLBACK *ldapuV_value_free)(LDAP *, char **);
+    struct berval **(LDAP_CALL LDAP_CALLBACK *ldapuV_get_values_len)(LDAP *, LDAPMessage *, const char *);
+    void(LDAP_CALL LDAP_CALLBACK *ldapuV_value_free_len)(LDAP *, struct berval **);
 } LDAPUVTable_t;
 
-NSAPI_PUBLIC extern void ldapu_VTable_set (LDAPUVTable_t*);
+NSAPI_PUBLIC extern void ldapu_VTable_set(LDAPUVTable_t *);
 
 #ifdef __cplusplus
 }

include/libaccess/acl.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef ACL_HEADER
@@ -24,10 +24,10 @@
 #include <libaccess/nserror.h>
 
 #ifndef FALSE
-#define	FALSE			0
+#define FALSE 0
 #endif
 #ifndef TRUE
-#define	TRUE			1
+#define TRUE 1
 #endif
 
 #ifndef PUBLIC_NSACL_ACLAPI_H
@@ -38,8 +38,8 @@
 
 NSPR_BEGIN_EXTERN_C
 
-extern	const char	*generic_rights[];
-extern	const char	*http_generic[];
+extern const char *generic_rights[];
+extern const char *http_generic[];
 
 NSPR_END_EXTERN_C
 

include/libaccess/aclerror.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef __aclerror_h
@@ -16,7 +16,7 @@
 
 /* ACL facility name string (in aclbuild.c) */
 NSPR_BEGIN_EXTERN_C
-extern const char * ACL_Program;
+extern const char *ACL_Program;
 NSPR_END_EXTERN_C
 
 /* Define error identifiers */
@@ -24,270 +24,269 @@ NSPR_END_EXTERN_C
 /* Errors generated in aclparse.c */
 
 /* aclAuthListParse() */
-#define ACLERR1000	1000	/* dynamic memory shortage */
+#define ACLERR1000 1000 /* dynamic memory shortage */
 
 /* aclAuthHostsParse() */
-#define ACLERR1100	1100	/* unsupported list of host lists */
-#define ACLERR1120	1120	/* host list name not found where expected */
-#define ACLERR1140	1140	/* undefined host list name */
-#define ACLERR1160	1160	/* *unused* */
-#define ACLERR1180	1180	/* error adding IP filter entry */
-#define ACLERR1200	1200	/* error adding DNS filter entry */
-#define ACLERR1220	1220	/* ")" missing */
+#define ACLERR1100 1100 /* unsupported list of host lists */
+#define ACLERR1120 1120 /* host list name not found where expected */
+#define ACLERR1140 1140 /* undefined host list name */
+#define ACLERR1160 1160 /* *unused* */
+#define ACLERR1180 1180 /* error adding IP filter entry */
+#define ACLERR1200 1200 /* error adding DNS filter entry */
+#define ACLERR1220 1220 /* ")" missing */
 
 /* aclAuthUsersParse() */
-#define ACLERR1300	1300	/* *unused* */
-#define ACLERR1320	1320	/* *unused* */
-#define ACLERR1340	1340	/* *unused* */
-#define ACLERR1360	1360	/* undefined user or group name */
-#define ACLERR1380	1380	/* duplicate user or group name */
-#define ACLERR1400	1400	/* ")" missing */
-#define ACLERR1420	1420	/* empty auth-user-elem */
-#define ACLERR1440	1440	/* duplicate or conflicting use of "all" */
-#define ACLERR1460	1460	/* duplicate or conflicting use of "any" */
-#define ACLERR1480	1480	/* conflicting use of "all" or "any" */
-#define ACLERR1500	1500	/* insufficient dynamic memory */
-#define ACLERR1520	1520	/* insufficient dynamic memory */
+#define ACLERR1300 1300 /* *unused* */
+#define ACLERR1320 1320 /* *unused* */
+#define ACLERR1340 1340 /* *unused* */
+#define ACLERR1360 1360 /* undefined user or group name */
+#define ACLERR1380 1380 /* duplicate user or group name */
+#define ACLERR1400 1400 /* ")" missing */
+#define ACLERR1420 1420 /* empty auth-user-elem */
+#define ACLERR1440 1440 /* duplicate or conflicting use of "all" */
+#define ACLERR1460 1460 /* duplicate or conflicting use of "any" */
+#define ACLERR1480 1480 /* conflicting use of "all" or "any" */
+#define ACLERR1500 1500 /* insufficient dynamic memory */
+#define ACLERR1520 1520 /* insufficient dynamic memory */
 
 /* aclDirectivesParse() */
-#define ACLERR1600	1600	/* dir-access missing */
-#define ACLERR1620	1620	/* invalid dir-access specification */
-#define ACLERR1640	1640	/* error adding ACD_AUTH directive to ACL */
-#define ACLERR1650	1650	/* error adding directive to ACL */
-#define ACLERR1660	1660	/* insufficient dynamic memory */
-#define ACLERR1680	1680	/* insufficient dynamic memory */
-#define ACLERR1685	1685	/* insufficient dynamic memory */
-#define ACLERR1690	1690	/* error adding directive to ACL */
-#define ACLERR1695	1695	/* error in "execute" directive */
+#define ACLERR1600 1600 /* dir-access missing */
+#define ACLERR1620 1620 /* invalid dir-access specification */
+#define ACLERR1640 1640 /* error adding ACD_AUTH directive to ACL */
+#define ACLERR1650 1650 /* error adding directive to ACL */
+#define ACLERR1660 1660 /* insufficient dynamic memory */
+#define ACLERR1680 1680 /* insufficient dynamic memory */
+#define ACLERR1685 1685 /* insufficient dynamic memory */
+#define ACLERR1690 1690 /* error adding directive to ACL */
+#define ACLERR1695 1695 /* error in "execute" directive */
 
 /* aclACLParse() */
-#define ACLERR1700	1700	/* ACL statement missing */
-#define ACLERR1720	1720	/* ACL name missing */
-#define ACLERR1740	1740	/* opening "{" missing */
-#define ACLERR1760	1760	/* closing "}" missing */
-#define ACLERR1780	1780	/* unrecognized ACL statement */
+#define ACLERR1700 1700 /* ACL statement missing */
+#define ACLERR1720 1720 /* ACL name missing */
+#define ACLERR1740 1740 /* opening "{" missing */
+#define ACLERR1760 1760 /* closing "}" missing */
+#define ACLERR1780 1780 /* unrecognized ACL statement */
 
 /* aclFileOpen() */
-#define ACLERR1900	1900	/* file open error */
-#define ACLERR1920	1920	/* memory shortage for ACLFile_t */
-#define ACLERR1940	1940	/* memory shortage for token */
-#define ACLERR1960	1960	/* memory shortage for LEX stream */
+#define ACLERR1900 1900 /* file open error */
+#define ACLERR1920 1920 /* memory shortage for ACLFile_t */
+#define ACLERR1940 1940 /* memory shortage for token */
+#define ACLERR1960 1960 /* memory shortage for LEX stream */
 
 /* aclGetDNSString() */
-#define ACLERR2100	2100	/* */
-#define ACLERR2120	2120	/* */
-#define ACLERR2140	2140	/* */
+#define ACLERR2100 2100 /* */
+#define ACLERR2120 2120 /* */
+#define ACLERR2140 2140 /* */
 
 /* aclGetIPAddr() */
-#define ACLERR2200	2200	/* */
-#define ACLERR2220	2220	/* */
-#define ACLERR2240	2240	/* */
-#define ACLERR2260	2260	/* */
-#define ACLERR2280	2280	/* */
-#define ACLERR2300	2300	/* */
-#define ACLERR2320	2320	/* */
+#define ACLERR2200 2200 /* */
+#define ACLERR2220 2220 /* */
+#define ACLERR2240 2240 /* */
+#define ACLERR2260 2260 /* */
+#define ACLERR2280 2280 /* */
+#define ACLERR2300 2300 /* */
+#define ACLERR2320 2320 /* */
 
 /* aclGetToken() */
-#define ACLERR2400	2400	/* aclGetToken() parse error */
+#define ACLERR2400 2400 /* aclGetToken() parse error */
 
 /* aclParseInit() */
 
 /* aclRealmSpecParse() */
-#define ACLERR2500	2500	/* missing realm name */
-#define ACLERR2520	2520	/* undefined realm name */
-#define ACLERR2540	2540	/* insufficient dynamic memory */
-#define ACLERR2560	2560	/* missing realm directive */
-#define ACLERR2570	2570	/* missing database filespec */
-#define ACLERR2580	2580	/* missing authentication method name */
-#define ACLERR2600	2600	/* unknown authentication method name */
-#define ACLERR2605	2605	/* realm prompt string missing */
-#define ACLERR2610	2610	/* unknown realm directive */
-#define ACLERR2620	2620	/* missing "}" */
+#define ACLERR2500 2500 /* missing realm name */
+#define ACLERR2520 2520 /* undefined realm name */
+#define ACLERR2540 2540 /* insufficient dynamic memory */
+#define ACLERR2560 2560 /* missing realm directive */
+#define ACLERR2570 2570 /* missing database filespec */
+#define ACLERR2580 2580 /* missing authentication method name */
+#define ACLERR2600 2600 /* unknown authentication method name */
+#define ACLERR2605 2605 /* realm prompt string missing */
+#define ACLERR2610 2610 /* unknown realm directive */
+#define ACLERR2620 2620 /* missing "}" */
 
 /* aclRightsParse() */
-#define ACLERR2700	2700	/* missing rights list element */
-#define ACLERR2720	2720	/* missing rights list name */
-#define ACLERR2740	2740	/* undefined rights list name */
-#define ACLERR2760	2760	/* insufficient dynamic memory */
-#define ACLERR2780	2780	/* insufficient dynamic memory */
-#define ACLERR2800	2800	/* error creating access right definition */
-#define ACLERR2820	2820	/* insufficient dynamic memory */
-#define ACLERR2840	2840	/* missing ")" */
+#define ACLERR2700 2700 /* missing rights list element */
+#define ACLERR2720 2720 /* missing rights list name */
+#define ACLERR2740 2740 /* undefined rights list name */
+#define ACLERR2760 2760 /* insufficient dynamic memory */
+#define ACLERR2780 2780 /* insufficient dynamic memory */
+#define ACLERR2800 2800 /* error creating access right definition */
+#define ACLERR2820 2820 /* insufficient dynamic memory */
+#define ACLERR2840 2840 /* missing ")" */
 
 /* aclGetFileSpec() */
-#define ACLERR2900	2900	/* skip over whitespace failed */
-#define ACLERR2920	2920	/* scan over filename failed */
-#define ACLERR2940	2940	/* missing filename */
+#define ACLERR2900 2900 /* skip over whitespace failed */
+#define ACLERR2920 2920 /* scan over filename failed */
+#define ACLERR2940 2940 /* missing filename */
 
 /* aclStringOpen() */
-#define ACLERR5000	5000	/* memory shortage for ACLFile_t */
-#define ACLERR5020	5020	/* memory shortage for token */
-#define ACLERR5040	5040	/* memory shortage for LEX stream */
+#define ACLERR5000 5000 /* memory shortage for ACLFile_t */
+#define ACLERR5020 5020 /* memory shortage for token */
+#define ACLERR5040 5040 /* memory shortage for LEX stream */
 
 /* Errors generated in aclbuild.c */
 
 /* accCreate() */
-#define ACLERR3000	3000		/* insufficient dynamic memory */
-#define ACLERR3020	3020		/* insufficient dynamic memory */
+#define ACLERR3000 3000 /* insufficient dynamic memory */
+#define ACLERR3020 3020 /* insufficient dynamic memory */
 
 /* accFileRead() */
-#define ACLERR3100	3100		/* error initializing ACL parser */
-#define ACLERR3120	3120		/* error creating ACL symbol table */
+#define ACLERR3100 3100 /* error initializing ACL parser */
+#define ACLERR3120 3120 /* error creating ACL symbol table */
 
 /* aclCreate() */
-#define ACLERR3200	3200		/* insufficient dynamic memory */
-#define ACLERR3220	3220		/* duplicate ACL name */
+#define ACLERR3200 3200 /* insufficient dynamic memory */
+#define ACLERR3220 3220 /* duplicate ACL name */
 
 /* aclAuthNameAdd() */
-#define ACLERR3400	3400		/* realm missing for user/group name */
-#define ACLERR3420	3420		/* error opening authentication DB */
-#define ACLERR3440	3440		/* error finding name in DB */
-#define ACLERR3460	3460		/* insufficient dynamic memory */
+#define ACLERR3400 3400 /* realm missing for user/group name */
+#define ACLERR3420 3420 /* error opening authentication DB */
+#define ACLERR3440 3440 /* error finding name in DB */
+#define ACLERR3460 3460 /* insufficient dynamic memory */
 
 /* aclRightDef() */
-#define ACLERR3600	3600		/* insufficient dynamic memory */
-#define ACLERR3620	3620		/* add right to symbol table failed */
+#define ACLERR3600 3600 /* insufficient dynamic memory */
+#define ACLERR3620 3620 /* add right to symbol table failed */
 
 /* ACL_ListPostParseForAuth() */
-#define ACLERR3800	3800		/* Undefined method/database */
-#define ACLERR3810	3810		/* insufficient dynamic memory */
+#define ACLERR3800 3800 /* Undefined method/database */
+#define ACLERR3810 3810 /* insufficient dynamic memory */
 
 /* Register.cpp */
-#define ACLERR3900	3900		/* Duplicate LAS registered */
+#define ACLERR3900 3900 /* Duplicate LAS registered */
 
 /* ACL_EvalBuildContext */
-#define ACLERR4000	4000		/* Unable to create context hash */
-#define ACLERR4010	4010		/* Unable to alloc cache structure */
-#define ACLERR4020	4020		/* Unable to alloc ACE entry */
-#define ACLERR4030	4030		/* Unable to alloc ACE entry */
-#define ACLERR4040	4040		/* Unable to alloc Auth Ptr Array */
-#define ACLERR4050	4050		/* Unable to alloc Auth Ptr Array */
+#define ACLERR4000 4000 /* Unable to create context hash */
+#define ACLERR4010 4010 /* Unable to alloc cache structure */
+#define ACLERR4020 4020 /* Unable to alloc ACE entry */
+#define ACLERR4030 4030 /* Unable to alloc ACE entry */
+#define ACLERR4040 4040 /* Unable to alloc Auth Ptr Array */
+#define ACLERR4050 4050 /* Unable to alloc Auth Ptr Array */
 
 /* ACL_EvalTestRights */
-#define ACLERR4100	4100		/* Interim absolute, non-allow value */
-#define ACLERR4110	4110		/* BuildContext call failed */
+#define ACLERR4100 4100 /* Interim absolute, non-allow value */
+#define ACLERR4110 4110 /* BuildContext call failed */
 
 /* ACL_ModuleRegister */
-#define ACLERR4200	4200		/* module name missing */
-#define ACLERR4210	4210		/* module registration call failed */
+#define ACLERR4200 4200 /* module name missing */
+#define ACLERR4210 4210 /* module registration call failed */
 
 /* ACL_GetAttribute */
-#define ACLERR4300	4300		/* Couldn't determine method */
-#define ACLERR4310	4310		/* Couldn't locate Getter */
-#define ACLERR4320	4320		/* Couldn't Set Attr */
-#define ACLERR4330	4330		/* Couldn't Get Attr */
-#define ACLERR4340	4340		/* All getters declined */
-#define ACLERR4350	4350		/* All getters declined */
-#define ACLERR4360	4360		/* All getters declined */
-#define ACLERR4370	4370		/* All getters declined */
-#define ACLERR4380	4380		/* Couldn't determine dbtype */
+#define ACLERR4300 4300 /* Couldn't determine method */
+#define ACLERR4310 4310 /* Couldn't locate Getter */
+#define ACLERR4320 4320 /* Couldn't Set Attr */
+#define ACLERR4330 4330 /* Couldn't Get Attr */
+#define ACLERR4340 4340 /* All getters declined */
+#define ACLERR4350 4350 /* All getters declined */
+#define ACLERR4360 4360 /* All getters declined */
+#define ACLERR4370 4370 /* All getters declined */
+#define ACLERR4380 4380 /* Couldn't determine dbtype */
 
 /* reg_dbname_internal */
-#define ACLERR4400	4400		/* dbtype not defined yet */
-#define ACLERR4410	4410		/* dbtype not defined yet */
-#define ACLERR4420	4420		/* out of memory */
+#define ACLERR4400 4400 /* dbtype not defined yet */
+#define ACLERR4410 4410 /* dbtype not defined yet */
+#define ACLERR4420 4420 /* out of memory */
 
 /* ACL_DatabaseRegister */
-#define ACLERR4500	4500		/* database name is missing */
+#define ACLERR4500 4500 /* database name is missing */
 
 /* LASDnsBuild */
-#define	ACLERR4700	4700		/* Cannot allocatae hash */
-#define	ACLERR4710	4710		/* Cannot add token to hash */
-#define	ACLERR4720	4720		/* Cannot add token to hash */
-#define	ACLERR4730	4730		/* Cannot add token to hash */
-#define	ACLERR4740	4740		/* Cannot add token to hash */
-#define	ACLERR4750	4750		/* Cannot add token to hash */
-#define	ACLERR4760	4760		/* Cannot add token to hash */
-#define	ACLERR4770	4770		/* Invalid attribute pattern */
+#define ACLERR4700 4700 /* Cannot allocatae hash */
+#define ACLERR4710 4710 /* Cannot add token to hash */
+#define ACLERR4720 4720 /* Cannot add token to hash */
+#define ACLERR4730 4730 /* Cannot add token to hash */
+#define ACLERR4740 4740 /* Cannot add token to hash */
+#define ACLERR4750 4750 /* Cannot add token to hash */
+#define ACLERR4760 4760 /* Cannot add token to hash */
+#define ACLERR4770 4770 /* Invalid attribute pattern */
 
 /* LASDnsEval */
-#define	ACLERR4800	4800		/* Wrong attribute name */
-#define	ACLERR4810	4810		/* Illegal comparator */
-#define	ACLERR4820	4820		/* Cannot allocate context struct */
-#define	ACLERR4830	4830		/* Cannot get DNS attribute */
+#define ACLERR4800 4800 /* Wrong attribute name */
+#define ACLERR4810 4810 /* Illegal comparator */
+#define ACLERR4820 4820 /* Cannot allocate context struct */
+#define ACLERR4830 4830 /* Cannot get DNS attribute */
 
 /* LASGroupEval */
-#define ACLERR4900	4900		/* wrong attribute */
-#define ACLERR4910	4910		/* bad comparator */
-#define ACLERR4920	4920		/* unable to get database name */
+#define ACLERR4900 4900 /* wrong attribute */
+#define ACLERR4910 4910 /* bad comparator */
+#define ACLERR4920 4920 /* unable to get database name */
 
 /* LASIpTreeAllocNode */
-#define	ACLERR5000	5000		/* Cannot allocate IP tree */
+#define ACLERR5000 5000 /* Cannot allocate IP tree */
 
 /* LASIpAddPattern */
-#define	ACLERR5100	5100		/* Cannot allocate IP tree node */
-#define	ACLERR5110	5110		/* Cannot allocate IP tree node */
+#define ACLERR5100 5100 /* Cannot allocate IP tree node */
+#define ACLERR5110 5110 /* Cannot allocate IP tree node */
 
 /* LASIpEval */
-#define	ACLERR5200	5200		/* Wrong attribute */
-#define	ACLERR5210	5210		/* Bad comparator */
-#define	ACLERR5220	5220		/* Cannot get session pointer */
-#define	ACLERR5230	5230		/* Cannot allocate context */
-#define	ACLERR5240	5240		/* Tested 32 bits without conclusion */
+#define ACLERR5200 5200 /* Wrong attribute */
+#define ACLERR5210 5210 /* Bad comparator */
+#define ACLERR5220 5220 /* Cannot get session pointer */
+#define ACLERR5230 5230 /* Cannot allocate context */
+#define ACLERR5240 5240 /* Tested 32 bits without conclusion */
 
 /* LASProgramEval */
-#define	ACLERR5300	5300		/* Wrong attribute */
-#define	ACLERR5310	5310		/* Bad comparator */
-#define	ACLERR5320	5320		/* Can't get request pointer */
-#define	ACLERR5330	5330		/* Invalid program expression */
-#define	ACLERR5340	5340		/* Rejecting Request */
+#define ACLERR5300 5300 /* Wrong attribute */
+#define ACLERR5310 5310 /* Bad comparator */
+#define ACLERR5320 5320 /* Can't get request pointer */
+#define ACLERR5330 5330 /* Invalid program expression */
+#define ACLERR5340 5340 /* Rejecting Request */
 
 /* LASDayOfWeekEval */
-#define	ACLERR5400	5400		/* wrong attribute */
-#define	ACLERR5410	5410		/* bad comparator */
+#define ACLERR5400 5400 /* wrong attribute */
+#define ACLERR5410 5410 /* bad comparator */
 
 /* LASTimeOfDayEval */
-#define ACLERR5600	5600		/* wrong attribute */
-#define ACLERR5610	5610		/* bad comparator */
+#define ACLERR5600 5600 /* wrong attribute */
+#define ACLERR5610 5610 /* bad comparator */
 
 /* LASUserEval */
-#define ACLERR5700	5700		/* wrong attribute */
-#define ACLERR5710	5710		/* bad comparator */
-#define ACLERR5720	5720		/* Out of memory */
+#define ACLERR5700 5700 /* wrong attribute */
+#define ACLERR5710 5710 /* bad comparator */
+#define ACLERR5720 5720 /* Out of memory */
 
 /* ldapacl.cpp */
-#define	ACLERR5800	5800		/* missing the database url */
-#define	ACLERR5810	5810		/* missing the database name */
-#define	ACLERR5820	5820		/* error parsing the db url */
-#define	ACLERR5830	5830		/* unable to get db name */
-#define ACLERR5840	5840		/* can't get parsed db name */
-#define ACLERR5850	5850		/* can't init ldap connection */
-#define ACLERR5860	5860		/* passwd check ldap error */
-#define ACLERR5870	5870		/* Out of memory */
-#define ACLERR5880	5880		/* User doesn't exist anymore */
-#define ACLERR5890	5890		/* PList error */
+#define ACLERR5800 5800 /* missing the database url */
+#define ACLERR5810 5810 /* missing the database name */
+#define ACLERR5820 5820 /* error parsing the db url */
+#define ACLERR5830 5830 /* unable to get db name */
+#define ACLERR5840 5840 /* can't get parsed db name */
+#define ACLERR5850 5850 /* can't init ldap connection */
+#define ACLERR5860 5860 /* passwd check ldap error */
+#define ACLERR5870 5870 /* Out of memory */
+#define ACLERR5880 5880 /* User doesn't exist anymore */
+#define ACLERR5890 5890 /* PList error */
 
 /* get_user_ismember_ldap */
-#define ACLERR5900	5900		/* Can't get db name */
-#define ACLERR5910	5910		/* Can't get parsed db name */
-#define	ACLERR5920	5920		/* Out of memory */
-#define	ACLERR5930	5930		/* Can't init ldap connection */
-#define	ACLERR5940	5940		/* Group doesn't exist */
-#define	ACLERR5950	5950		/* LDAP error */
+#define ACLERR5900 5900 /* Can't get db name */
+#define ACLERR5910 5910 /* Can't get parsed db name */
+#define ACLERR5920 5920 /* Out of memory */
+#define ACLERR5930 5930 /* Can't init ldap connection */
+#define ACLERR5940 5940 /* Group doesn't exist */
+#define ACLERR5950 5950 /* LDAP error */
 
 /* ACL_LDAPDatabaseHandle */
-#define ACLERR6000	6000		/* Not a registered db */
-#define ACLERR6010	6010		/* Not an LDAP db */
-#define ACLERR6020	6020		/* Out of memory */
-#define ACLERR6030	6030		/* Can't init ldap connection */
-#define ACLERR6040	6040		/* Can't bind to ldap server */
-
+#define ACLERR6000 6000 /* Not a registered db */
+#define ACLERR6010 6010 /* Not an LDAP db */
+#define ACLERR6020 6020 /* Out of memory */
+#define ACLERR6030 6030 /* Can't init ldap connection */
+#define ACLERR6040 6040 /* Can't bind to ldap server */
 
 
 /* Define error return codes */
-#define ACLERRNOMEM	-1		/* insufficient dynamic memory */
-#define ACLERROPEN	-2		/* file open error */
-#define ACLERRDUPSYM	-3		/* duplicate symbol */
-#define ACLERRSYNTAX	-4		/* syntax error */
-#define ACLERRUNDEF	-5		/* undefined symbol */
-#define ACLERRADB	-6		/* authentication DB access error */
-#define ACLERRPARSE	-7		/* ACL parsing error */
-#define ACLERRNORLM	-8		/* missing authentication realm */
-#define ACLERRIO	-9		/* IO error */
-#define ACLERRINTERNAL	-10		/* internal processing error */
-/* #define ACLERRFAIL	-11 */	/* defined in include/public/nsacl/acldef.h */
-#define ACLERRINVAL	-12		/* invalid argument */
-#define ACLERRCONFIG	-13		/* auth realms don't math acl */
+#define ACLERRNOMEM -1          /* insufficient dynamic memory */
+#define ACLERROPEN -2           /* file open error */
+#define ACLERRDUPSYM -3         /* duplicate symbol */
+#define ACLERRSYNTAX -4         /* syntax error */
+#define ACLERRUNDEF -5          /* undefined symbol */
+#define ACLERRADB -6            /* authentication DB access error */
+#define ACLERRPARSE -7          /* ACL parsing error */
+#define ACLERRNORLM -8          /* missing authentication realm */
+#define ACLERRIO -9             /* IO error */
+#define ACLERRINTERNAL -10      /* internal processing error */
+/* #define ACLERRFAIL    -11 */ /* defined in include/public/nsacl/acldef.h */
+#define ACLERRINVAL -12         /* invalid argument */
+#define ACLERRCONFIG -13        /* auth realms don't math acl */
 
 #include "nserror.h"
 
@@ -298,8 +297,10 @@ NSPR_END_EXTERN_C
 NSPR_BEGIN_EXTERN_C
 
 /* Functions in aclerror.c */
-extern void aclErrorFmt(NSErr_t * errp,
-			char * msgbuf, int maxlen, int maxdepth);
+extern void aclErrorFmt(NSErr_t *errp,
+                        char *msgbuf,
+                        int maxlen,
+                        int maxdepth);
 
 NSPR_END_EXTERN_C
 

include/libaccess/acleval.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef __acleval_h
@@ -17,7 +17,7 @@
 /*
  * Description (acleval.h)
  *
- *	This file defines the interface to the ACL evaluation module.
+ *    This file defines the interface to the ACL evaluation module.
  */
 
 #include "nserror.h"
@@ -25,19 +25,19 @@
 #include "aclstruct.h"
 
 /* Define values returned by lookup routines */
-#define ACL_NOMATCH	0		/* no match */
-#define ACL_IPMATCH	0x1		/* IP address match */
-#define ACL_DNMATCH	0x2		/* DNS name match */
-#define ACL_USMATCH	0x4		/* user name match */
-#define ACL_GRMATCH	0x8		/* user is member of group */
+#define ACL_NOMATCH 0   /* no match */
+#define ACL_IPMATCH 0x1 /* IP address match */
+#define ACL_DNMATCH 0x2 /* DNS name match */
+#define ACL_USMATCH 0x4 /* user name match */
+#define ACL_GRMATCH 0x8 /* user is member of group */
 
 NSPR_BEGIN_EXTERN_C
 
 /* Functions in acleval.c */
-extern int aclDNSLookup(DNSFilter_t * dnf, const char * dnsspec, int fqdn, const char **match);
-extern int aclIPLookup(IPFilter_t * ipf, IPAddr_t ipaddr, void **match);
-extern int aclUserLookup(UidUser_t * uup, UserObj_t * uoptr);
-extern int aclEvaluate(ACL_t * acl, USI_t arid, ClAuth_t * clauth, int * padn);
+extern int aclDNSLookup(DNSFilter_t *dnf, const char *dnsspec, int fqdn, const char **match);
+extern int aclIPLookup(IPFilter_t *ipf, IPAddr_t ipaddr, void **match);
+extern int aclUserLookup(UidUser_t *uup, UserObj_t *uoptr);
+extern int aclEvaluate(ACL_t *acl, USI_t arid, ClAuth_t *clauth, int *padn);
 
 NSPR_END_EXTERN_C
 

include/libaccess/aclglobal.h

@@ -4,53 +4,54 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 /*
-**	Header file containing global data elements.  These are duplicated
-**	when a cache flush is done.
+**    Header file containing global data elements.  These are duplicated
+**    when a cache flush is done.
 */
 
-#include	<libaccess/acl.h>
-
-struct ACLGlobal_s {
-	ACLListHandle_t	*masterlist;
-	pool_handle_t	*pool;	/* Deallocate at the start of cache flush */
-	pool_handle_t	*databasepool;
-	pool_handle_t	*methodpool;
-	PRHashTable	*urihash;
-	PRHashTable	*urigethash;
-	PRHashTable	*listhash;
-	PRHashTable	*evalhash;
-	PRHashTable	*flushhash;
-	PRHashTable	*methodhash;
-	PRHashTable	*dbtypehash;
-	PRHashTable	*dbnamehash;
-	PRHashTable	*attrgetterhash;
-	PRHashTable	*userLdbHash; /* user's LDAP handle hash */
+#include <libaccess/acl.h>
+
+struct ACLGlobal_s
+{
+    ACLListHandle_t *masterlist;
+    pool_handle_t *pool; /* Deallocate at the start of cache flush */
+    pool_handle_t *databasepool;
+    pool_handle_t *methodpool;
+    PRHashTable *urihash;
+    PRHashTable *urigethash;
+    PRHashTable *listhash;
+    PRHashTable *evalhash;
+    PRHashTable *flushhash;
+    PRHashTable *methodhash;
+    PRHashTable *dbtypehash;
+    PRHashTable *dbnamehash;
+    PRHashTable *attrgetterhash;
+    PRHashTable *userLdbHash; /* user's LDAP handle hash */
 };
 
 typedef struct ACLGlobal_s ACLGlobal_t;
 typedef struct ACLGlobal_s *ACLGlobal_p;
 
-#define acl_uri_hash_pool	ACLGlobal->pool
-#define acl_uri_hash		ACLGlobal->urihash
-#define acl_uri_get_hash	ACLGlobal->urigethash
-#define ACLListHash		ACLGlobal->listhash
-#define	ACLLasEvalHash		ACLGlobal->evalhash
-#define ACLLasFlushHash		ACLGlobal->flushhash
-#define ACLMethodHash		ACLGlobal->methodhash
-#define	ACLDbTypeHash		ACLGlobal->dbtypehash
-#define	ACLDbNameHash		ACLGlobal->dbnamehash
-#define	ACLAttrGetterHash	ACLGlobal->attrgetterhash
-#define	ACLUserLdbHash		ACLGlobal->userLdbHash
-#define ACL_DATABASE_POOL	ACLGlobal->databasepool
-#define ACL_METHOD_POOL		ACLGlobal->methodpool
+#define acl_uri_hash_pool ACLGlobal->pool
+#define acl_uri_hash ACLGlobal->urihash
+#define acl_uri_get_hash ACLGlobal->urigethash
+#define ACLListHash ACLGlobal->listhash
+#define ACLLasEvalHash ACLGlobal->evalhash
+#define ACLLasFlushHash ACLGlobal->flushhash
+#define ACLMethodHash ACLGlobal->methodhash
+#define ACLDbTypeHash ACLGlobal->dbtypehash
+#define ACLDbNameHash ACLGlobal->dbnamehash
+#define ACLAttrGetterHash ACLGlobal->attrgetterhash
+#define ACLUserLdbHash ACLGlobal->userLdbHash
+#define ACL_DATABASE_POOL ACLGlobal->databasepool
+#define ACL_METHOD_POOL ACLGlobal->methodpool
 
 NSPR_BEGIN_EXTERN_C
 

include/libaccess/aclproto.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef ACL_PROTO_HEADER
@@ -29,7 +29,7 @@ NSPR_BEGIN_EXTERN_C
 /*********************************************************************
  *  ACL language and file interfaces
  *********************************************************************/
-NSAPI_PUBLIC ACLListHandle_t * ACL_ParseString(NSErr_t *errp, char *buffer);
+NSAPI_PUBLIC ACLListHandle_t *ACL_ParseString(NSErr_t *errp, char *buffer);
 
 /*********************************************************************
  *  ACL Expression construction interfaces
@@ -51,7 +51,7 @@ NSAPI_PUBLIC int ACL_ExprGetDenyWith(NSErr_t *errp, ACLExprHandle_t *expr, char
  * ACL manipulation
  *********************************************************************/
 
-NSAPI_PUBLIC ACLHandle_t * ACL_AclNew(NSErr_t *errp, char *tag);
+NSAPI_PUBLIC ACLHandle_t *ACL_AclNew(NSErr_t *errp, char *tag);
 NSAPI_PUBLIC void ACL_AclDestroy(NSErr_t *errp, ACLHandle_t *acl);
 NSAPI_PUBLIC int ACL_ExprAppend(NSErr_t *errp, ACLHandle_t *acl, ACLExprHandle_t *expr);
 NSAPI_PUBLIC const char *ACL_AclGetTag(ACLHandle_t *acl);
@@ -60,32 +60,32 @@ NSAPI_PUBLIC const char *ACL_AclGetTag(ACLHandle_t *acl);
  * ACL list manipulation
  *********************************************************************/
 
-NSAPI_PUBLIC ACLListHandle_t * ACL_ListNew(NSErr_t *errp);
+NSAPI_PUBLIC ACLListHandle_t *ACL_ListNew(NSErr_t *errp);
 NSAPI_PUBLIC int ACL_ListConcat(NSErr_t *errp, ACLListHandle_t *acl_list1, ACLListHandle_t *acl_list2, int flags);
 NSAPI_PUBLIC int ACL_ListAppend(NSErr_t *errp, ACLListHandle_t *acllist, ACLHandle_t *acl, int flags);
 NSAPI_PUBLIC void ACL_ListDestroy(NSErr_t *errp, ACLListHandle_t *acllist);
-NSAPI_PUBLIC ACLHandle_t * ACL_ListFind(NSErr_t *errp, ACLListHandle_t *acllist, char *aclname, int flags);
+NSAPI_PUBLIC ACLHandle_t *ACL_ListFind(NSErr_t *errp, ACLListHandle_t *acllist, char *aclname, int flags);
 NSAPI_PUBLIC int ACL_ListAclDelete(NSErr_t *errp, ACLListHandle_t *acl_list, char *acl_name, int flags);
 NSAPI_PUBLIC int ACL_ListGetNameList(NSErr_t *errp, ACLListHandle_t *acl_list, char ***name_list);
 NSAPI_PUBLIC int ACL_NameListDestroy(NSErr_t *errp, char **name_list);
 NSAPI_PUBLIC ACLHandle_t *ACL_ListGetFirst(ACLListHandle_t *acl_list,
                                            ACLListEnum_t *acl_enum);
 NSAPI_PUBLIC ACLHandle_t *ACL_ListGetNext(ACLListHandle_t *acl_list,
-                                           ACLListEnum_t *acl_enum);
+                                          ACLListEnum_t *acl_enum);
 
 /* Only used for asserts.  Probably shouldn't be publicly advertized */
-extern int ACL_AssertAcllist( ACLListHandle_t *acllist );
+extern int ACL_AssertAcllist(ACLListHandle_t *acllist);
 
 /* Need to be ACL_LIB_INTERNAL */
 NSAPI_PUBLIC int ACL_ListPostParseForAuth(NSErr_t *errp, ACLListHandle_t *acl_list);
 
 /*********************************************************************
- * ACL evaluation 
+ * ACL evaluation
  *********************************************************************/
 
 NSAPI_PUBLIC int ACL_EvalTestRights(NSErr_t *errp, ACLEvalHandle_t *acleval, const char **rights, const char **map_generic, char **deny_type, char **deny_response, char **acl_tag, int *expr_num);
 NSAPI_PUBLIC int ACL_CachableAclList(ACLListHandle_t *acllist);
-NSAPI_PUBLIC ACLEvalHandle_t * ACL_EvalNew(NSErr_t *errp, pool_handle_t *pool);
+NSAPI_PUBLIC ACLEvalHandle_t *ACL_EvalNew(NSErr_t *errp, pool_handle_t *pool);
 NSAPI_PUBLIC void ACL_EvalDestroy(NSErr_t *errp, pool_handle_t *pool, ACLEvalHandle_t *acleval);
 NSAPI_PUBLIC void ACL_EvalDestroyNoDecrement(NSErr_t *errp, pool_handle_t *pool, ACLEvalHandle_t *acleval);
 NSAPI_PUBLIC int ACL_ListDecrement(NSErr_t *errp, ACLListHandle_t *acllist);
@@ -96,13 +96,13 @@ NSAPI_PUBLIC PList_t ACL_EvalGetResource(NSErr_t *errp, ACLEvalHandle_t *acleval
 NSAPI_PUBLIC int ACL_EvalSetResource(NSErr_t *errp, ACLEvalHandle_t *acleval, PList_t resource);
 
 /*
- *	The following entities are only meant to be called by whole server
- *	products that include libaccess.  E.g. the HTTP server, the Directory
- *	server etc.  They should not be called by ACL callers, LASs etc.
+ *    The following entities are only meant to be called by whole server
+ *    products that include libaccess.  E.g. the HTTP server, the Directory
+ *    server etc.  They should not be called by ACL callers, LASs etc.
  */
 
 /*********************************************************************
- * ACL misc routines 
+ * ACL misc routines
  *********************************************************************/
 
 NSAPI_PUBLIC int ACL_Init(void);
@@ -124,7 +124,7 @@ NSAPI_PUBLIC void ACL_Destroy(void);
 NSAPI_PUBLIC void ACL_DestroyPools(void);
 
 /*********************************************************************
- * ACL cache and flush utility 
+ * ACL cache and flush utility
  *********************************************************************/
 
 NSAPI_PUBLIC int ACL_CacheCheck(char *uri, ACLListHandle_t **acllist_p);
@@ -150,4 +150,3 @@ NSPR_END_EXTERN_C
 #endif /* INTNSACL */
 
 #endif
-

include/libaccess/aclstruct.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef __aclstruct_h
@@ -17,16 +17,16 @@
 /*
  * Description (aclstruct.h)
  *
- *	This file defines types and data structures used to construct
- *	representations of Access Control Lists (ACLs) in memory.
+ *    This file defines types and data structures used to construct
+ *    representations of Access Control Lists (ACLs) in memory.
  */
 
 #include "base/systems.h"
 #include "base/file.h"
-#include "nsauth.h"		/* authentication types */
-#include "symbols.h"		/* typed symbol support */
-#include "ipfstruct.h"		/* IP address filter structures */
-#include "dnfstruct.h"		/* DNS name filter structures */
+#include "nsauth.h"    /* authentication types */
+#include "symbols.h"   /* typed symbol support */
+#include "ipfstruct.h" /* IP address filter structures */
+#include "dnfstruct.h" /* DNS name filter structures */
 
 
 NSPR_BEGIN_EXTERN_C
@@ -37,232 +37,246 @@ typedef struct ACL_s ACL_t;
 /*
  * Description (InetHost_t)
  *
- *	This type defines a structure which represents a list of Internet
- *	hosts by IP address and netmask, or by fully or partially
- *	qualified DNS name.
+ *    This type defines a structure which represents a list of Internet
+ *    hosts by IP address and netmask, or by fully or partially
+ *    qualified DNS name.
  */
 
 typedef struct InetHost_s InetHost_t;
-struct InetHost_s {
-    IPFilter_t inh_ipf;			/* reference to IP filter */
-    DNSFilter_t inh_dnf;		/* reference to DNS filter */
+struct InetHost_s
+{
+    IPFilter_t inh_ipf;  /* reference to IP filter */
+    DNSFilter_t inh_dnf; /* reference to DNS filter */
 };
 
 /*
  * Description (HostSpec_t)
  *
- *	This type describes a named list of hosts.
+ *    This type describes a named list of hosts.
  */
 
 typedef struct HostSpec_s HostSpec_t;
-struct HostSpec_s {
-    Symbol_t hs_sym;			/* symbol name, type ACLSYMHOST */
-    InetHost_t hs_host;			/* host information */
+struct HostSpec_s
+{
+    Symbol_t hs_sym;    /* symbol name, type ACLSYMHOST */
+    InetHost_t hs_host; /* host information */
 };
 
 /*
  * Description (UidUser_t)
  *
- *	This type represents a list of users and groups using unique
- *	integer identifiers.
+ *    This type represents a list of users and groups using unique
+ *    integer identifiers.
  */
 
 typedef struct UidUser_s UidUser_t;
-struct UidUser_s {
-    USIList_t uu_user;			/* list of user ids */
-    USIList_t uu_group;			/* list of group ids */
+struct UidUser_s
+{
+    USIList_t uu_user;  /* list of user ids */
+    USIList_t uu_group; /* list of group ids */
 };
 
 /*
  * Description (UserSpec_t)
  *
- *	This type describes a named list of users and groups.
+ *    This type describes a named list of users and groups.
  */
 
 typedef struct UserSpec_s UserSpec_t;
-struct UserSpec_s {
-    Symbol_t us_sym;			/* list name, type ACLSYMUSER */
-    int us_flags;			/* bit flags */
-#define ACL_USALL	0x1		/* any authenticated user */
+struct UserSpec_s
+{
+    Symbol_t us_sym;  /* list name, type ACLSYMUSER */
+    int us_flags;     /* bit flags */
+#define ACL_USALL 0x1 /* any authenticated user */
 
-    UidUser_t us_user;			/* user list structure */
+    UidUser_t us_user; /* user list structure */
 };
 
 /*
  * Description (ACClients_t)
  *
- *	This type defines the structure of action-specific information
- *	for access control directives with action codes ACD_ALLOW and
- *	ACD_DENY.  These directives specify access control constraints
- *	on users/groups and hosts.
+ *    This type defines the structure of action-specific information
+ *    for access control directives with action codes ACD_ALLOW and
+ *    ACD_DENY.  These directives specify access control constraints
+ *    on users/groups and hosts.
  */
 
 typedef struct ACClients_s ACClients_t;
-struct ACClients_s {
-    ACClients_t * cl_next;		/* list link */
-    HostSpec_t * cl_host;		/* host specification pointer */
-    UserSpec_t * cl_user;		/* user list pointer */
+struct ACClients_s
+{
+    ACClients_t *cl_next; /* list link */
+    HostSpec_t *cl_host;  /* host specification pointer */
+    UserSpec_t *cl_user;  /* user list pointer */
 };
 
 /*
  * Description (RealmSpec_t)
  *
- *	This type describes a named realm.
+ *    This type describes a named realm.
  */
 
 typedef struct RealmSpec_s RealmSpec_t;
-struct RealmSpec_s {
-    Symbol_t rs_sym;			/* realm name, type ACLSYMREALM */
-    Realm_t rs_realm;			/* realm information */
+struct RealmSpec_s
+{
+    Symbol_t rs_sym;  /* realm name, type ACLSYMREALM */
+    Realm_t rs_realm; /* realm information */
 };
 
 /*
  * Description (ACAuth_t)
  *
- *	This type defines the structure of action-specific information
- *	for an access control directive with action code ACD_AUTH,
- *	which specifies information about authentication requirements.
+ *    This type defines the structure of action-specific information
+ *    for an access control directive with action code ACD_AUTH,
+ *    which specifies information about authentication requirements.
  */
 
 typedef struct ACAuth_s ACAuth_t;
-struct ACAuth_s {
-    RealmSpec_t * au_realm;		/* pointer to realm information */
+struct ACAuth_s
+{
+    RealmSpec_t *au_realm; /* pointer to realm information */
 };
 
 /*
  * Description (ACDirective_t)
  *
- *	This type defines a structure which represents an access control
- *	directive.  Each directive specifies an access control action
- *	to be taken during ACL evaluation.  The ACDirective_t structure
- *	begins an action-specific structure which contains the
- *	parameters for an action.
+ *    This type defines a structure which represents an access control
+ *    directive.  Each directive specifies an access control action
+ *    to be taken during ACL evaluation.  The ACDirective_t structure
+ *    begins an action-specific structure which contains the
+ *    parameters for an action.
  */
 
 typedef struct ACDirective_s ACDirective_t;
-struct ACDirective_s {
-    ACDirective_t * acd_next;		/* next directive in ACL */
-    short acd_action;			/* directive action code */
-    short acd_flags;			/* action modifier flags */
+struct ACDirective_s
+{
+    ACDirective_t *acd_next; /* next directive in ACL */
+    short acd_action;        /* directive action code */
+    short acd_flags;         /* action modifier flags */
 
     /* Begin action-specific information */
-    union {
-	ACClients_t * acu_cl;		/* ACD_ALLOW, ACD_DENY */
-	ACAuth_t acu_auth;		/* ACD_AUTH */
+    union
+    {
+        ACClients_t *acu_cl; /* ACD_ALLOW, ACD_DENY */
+        ACAuth_t acu_auth;   /* ACD_AUTH */
     } acd_u;
 };
 
-#define acd_cl		acd_u.acu_cl
-#define acd_auth	acd_u.acu_auth
+#define acd_cl acd_u.acu_cl
+#define acd_auth acd_u.acu_auth
 
 /* Define acd_action codes */
-#define ACD_ALLOW	1		/* allow access */
-#define ACD_DENY	2		/* deny access */
-#define ACD_AUTH	3		/* specify authentication realm */
-#define ACD_EXEC	4		/* execute (conditionally) */
+#define ACD_ALLOW 1 /* allow access */
+#define ACD_DENY 2  /* deny access */
+#define ACD_AUTH 3  /* specify authentication realm */
+#define ACD_EXEC 4  /* execute (conditionally) */
 
 /* Define acd_flags values */
-#define ACD_ACTION	0xf		/* bits reserved for acd_action */
-#define ACD_FORCE	0x10		/* force of action */
-#define ACD_DEFAULT	0		/* default action */
-#define ACD_ALWAYS	ACD_FORCE	/* immediate action */
-#define ACD_EXALLOW	0x20		/* execute if allow */
-#define ACD_EXDENY	0x40		/* execute if deny */
-#define ACD_EXAUTH	0x80		/* execute if authenticate */
+#define ACD_ACTION 0xf       /* bits reserved for acd_action */
+#define ACD_FORCE 0x10       /* force of action */
+#define ACD_DEFAULT 0        /* default action */
+#define ACD_ALWAYS ACD_FORCE /* immediate action */
+#define ACD_EXALLOW 0x20     /* execute if allow */
+#define ACD_EXDENY 0x40      /* execute if deny */
+#define ACD_EXAUTH 0x80      /* execute if authenticate */
 
 /*
  * Description (RightDef_t)
  *
- *	This type describes a named access right.  Each access right has
- *	an associated unique integer id.  A list of all access rights
- *	known in an ACL context is maintained, with its head in the
- *	ACContext_t structure.
+ *    This type describes a named access right.  Each access right has
+ *    an associated unique integer id.  A list of all access rights
+ *    known in an ACL context is maintained, with its head in the
+ *    ACContext_t structure.
  */
 
 typedef struct RightDef_s RightDef_t;
-struct RightDef_s {
-    Symbol_t rd_sym;			/* right name, type ACLSYMRIGHT */
-    RightDef_t * rd_next;		/* next on ACContext_t list */
-    USI_t rd_id;			/* unique id */
+struct RightDef_s
+{
+    Symbol_t rd_sym;     /* right name, type ACLSYMRIGHT */
+    RightDef_t *rd_next; /* next on ACContext_t list */
+    USI_t rd_id;         /* unique id */
 };
 
 /*
  * Description (RightSpec_t)
  *
- *	This type describes a named list of access rights.
+ *    This type describes a named list of access rights.
  */
 
 typedef struct RightSpec_s RightSpec_t;
-struct RightSpec_s {
-    Symbol_t rs_sym;			/* list name, type ACLSYMRDEF */
-    USIList_t rs_list;			/* list of right ids */
+struct RightSpec_s
+{
+    Symbol_t rs_sym;   /* list name, type ACLSYMRDEF */
+    USIList_t rs_list; /* list of right ids */
 };
 
 /*
  * Description (ACContext_t)
  *
- *	This type defines a structure that defines a context for a set
- *	of Access Control Lists.  This includes references to an
- *	authentication database, if any, and a symbol table containing
- *	access right definitions.  It also serves as a list head for the
- *	ACLs which are defined in the specified context.
+ *    This type defines a structure that defines a context for a set
+ *    of Access Control Lists.  This includes references to an
+ *    authentication database, if any, and a symbol table containing
+ *    access right definitions.  It also serves as a list head for the
+ *    ACLs which are defined in the specified context.
  */
 
 typedef struct ACContext_s ACContext_t;
-struct ACContext_s {
-    void * acc_stp;			/* symbol table handle */
-    ACL_t * acc_acls;			/* list of ACLs */
-    RightDef_t * acc_rights;		/* list of access right definitions */
-    int acc_refcnt;			/* reference count */
+struct ACContext_s
+{
+    void *acc_stp;          /* symbol table handle */
+    ACL_t *acc_acls;        /* list of ACLs */
+    RightDef_t *acc_rights; /* list of access right definitions */
+    int acc_refcnt;         /* reference count */
 };
 
 /*
  * Description (ACL_t)
  *
- *	This type defines the structure that represents an Access Control
- *	List (ACL).  An ACL has a user-assigned name and an internally
- *	assigned identifier (which is an index in an object directory).
- *	It references a list of access rights which are to be allowed or
- *	denied, according to the ACL specifications.  It references an
- *	ordered list of ACL directives, which specify who has and who does
- *	not have the associated access rights.
+ *    This type defines the structure that represents an Access Control
+ *    List (ACL).  An ACL has a user-assigned name and an internally
+ *    assigned identifier (which is an index in an object directory).
+ *    It references a list of access rights which are to be allowed or
+ *    denied, according to the ACL specifications.  It references an
+ *    ordered list of ACL directives, which specify who has and who does
+ *    not have the associated access rights.
  */
 
-struct ACL_s {
-    Symbol_t acl_sym;			/* ACL name, type ACLSYMACL */
-    ACL_t * acl_next;			/* next ACL on a list */
-    ACContext_t * acl_acc;		/* context for this ACL */
-    USI_t acl_id;			/* id of this ACL */
-    int acl_refcnt;			/* reference count */
-    RightSpec_t * acl_rights;		/* access rights list */
-    ACDirective_t * acl_dirf;		/* first directive pointer */
-    ACDirective_t * acl_dirl;		/* last directive pointer */
+struct ACL_s
+{
+    Symbol_t acl_sym;        /* ACL name, type ACLSYMACL */
+    ACL_t *acl_next;         /* next ACL on a list */
+    ACContext_t *acl_acc;    /* context for this ACL */
+    USI_t acl_id;            /* id of this ACL */
+    int acl_refcnt;          /* reference count */
+    RightSpec_t *acl_rights; /* access rights list */
+    ACDirective_t *acl_dirf; /* first directive pointer */
+    ACDirective_t *acl_dirl; /* last directive pointer */
 };
 
 /* Define symbol type codes */
-#define ACLSYMACL	0		/* ACL */
-#define ACLSYMRIGHT	1		/* access right */
-#define ACLSYMRDEF	2		/* access rights list */
-#define ACLSYMREALM	3		/* realm name */
-#define ACLSYMHOST	4		/* host specifications */
-#define ACLSYMUSER	5		/* user/group list */
+#define ACLSYMACL 0   /* ACL */
+#define ACLSYMRIGHT 1 /* access right */
+#define ACLSYMRDEF 2  /* access rights list */
+#define ACLSYMREALM 3 /* realm name */
+#define ACLSYMHOST 4  /* host specifications */
+#define ACLSYMUSER 5  /* user/group list */
 
 /*
  * Description (ACLFile_t)
  *
- *	This type describes a structure containing information about
- *	an open ACL description file.
+ *    This type describes a structure containing information about
+ *    an open ACL description file.
  */
 
 typedef struct ACLFile_s ACLFile_t;
-struct ACLFile_s {
-    ACLFile_t * acf_next;		/* list link */
-    char * acf_filename;		/* pointer to filename string */
-    SYS_FILE acf_fd;			/* file descriptor */
-    int acf_flags;			/* bit flags (unused) */
-    int acf_lineno;			/* current line number */
-    void * acf_token;			/* LEX token handle */
-    int acf_ttype;			/* current token type */
+struct ACLFile_s
+{
+    ACLFile_t *acf_next; /* list link */
+    char *acf_filename;  /* pointer to filename string */
+    SYS_FILE acf_fd;     /* file descriptor */
+    int acf_flags;       /* bit flags (unused) */
+    int acf_lineno;      /* current line number */
+    void *acf_token;     /* LEX token handle */
+    int acf_ttype;       /* current token type */
 };
 
 NSPR_END_EXTERN_C

include/libaccess/attrec.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef __attrec_h
@@ -17,41 +17,41 @@
 /*
  * Description (attrec.h)
  *
- *	This file describes the encoding and decoding of attribute
- *	records.  Attribute records consist of a sequence of items
- *	of the form:
- *
- *		<tag><length><contents>
- *
- *	The <tag> is an integer code which identifies a particular
- *	attribute.  The <length> is the integer length in bytes of
- *	the <contents>.  The encoding of the contents is determined
- *	by the <tag>, and is application-specific.
- *
- *	Primitive data types currently supported are unsigned
- *	integers (USI) and null-terminated strings (NTS).  The
- *	encoding of USI values less than 128 is simply an octet
- *	containing the value.  For values 128 or greater, the first
- *	octet is 0x80 plus the length of the value, in octets.
- *	This octet is followed by the indicated number of octets,
- *	containing the USI value, with the most significant bits in
- *	the first octet, and the least significant bits in the last
- *	octet.
- *
- *	Examples of USI encoding:
- *
- *		Value		Encoding (each value is an octet)
- *		    4		0x04
- *		  127		0x7f
- *		   -1		(this is not a USI)
- *		  128		0x81 0x80
- *		 1023		0x82 0x03 0xff
- *
- *	The encoding of a null-terminated string (NTS) is simply the
- *	sequence of octets which comprise the string, including the
- *	terminating null (0x00) octet.  The terminating null octet is
- *	the only null value in the string.  The character set used to
- *	encode the other string octets is ASCII.
+ *    This file describes the encoding and decoding of attribute
+ *    records.  Attribute records consist of a sequence of items
+ *    of the form:
+ *
+ *        <tag><length><contents>
+ *
+ *    The <tag> is an integer code which identifies a particular
+ *    attribute.  The <length> is the integer length in bytes of
+ *    the <contents>.  The encoding of the contents is determined
+ *    by the <tag>, and is application-specific.
+ *
+ *    Primitive data types currently supported are unsigned
+ *    integers (USI) and null-terminated strings (NTS).  The
+ *    encoding of USI values less than 128 is simply an octet
+ *    containing the value.  For values 128 or greater, the first
+ *    octet is 0x80 plus the length of the value, in octets.
+ *    This octet is followed by the indicated number of octets,
+ *    containing the USI value, with the most significant bits in
+ *    the first octet, and the least significant bits in the last
+ *    octet.
+ *
+ *    Examples of USI encoding:
+ *
+ *        Value        Encoding (each value is an octet)
+ *            4        0x04
+ *          127        0x7f
+ *           -1        (this is not a USI)
+ *          128        0x81 0x80
+ *         1023        0x82 0x03 0xff
+ *
+ *    The encoding of a null-terminated string (NTS) is simply the
+ *    sequence of octets which comprise the string, including the
+ *    terminating null (0x00) octet.  The terminating null octet is
+ *    the only null value in the string.  The character set used to
+ *    encode the other string octets is ASCII.
  */
 
 #include "usi.h"
@@ -59,46 +59,46 @@
 NSPR_BEGIN_EXTERN_C
 
 /* Define a type to reference an attribute record */
-typedef unsigned char * ATR_t;
+typedef unsigned char *ATR_t;
 
 /*
  * Description (USILENGTH)
  *
- *	This macro returns the length of the USI encoding for a specified
- *	unsigned integer value.  The length is the number of octets
- *	required.  It will be greater than zero, and less than or equal
- *	to USIALLOC().  This is a partial inline optimization of
- *	USI_Length().
+ *    This macro returns the length of the USI encoding for a specified
+ *    unsigned integer value.  The length is the number of octets
+ *    required.  It will be greater than zero, and less than or equal
+ *    to USIALLOC().  This is a partial inline optimization of
+ *    USI_Length().
  */
 
-#define USILENGTH(val)	(((USI_t)(val) <= 0x7f) ? 1 : USI_Length((USI_t)(val)))
+#define USILENGTH(val) (((USI_t)(val) <= 0x7f) ? 1 : USI_Length((USI_t)(val)))
 
 /*
  * Description (USIALLOC)
  *
- *	This macro returns the maximum length of an unsigned integer
- *	encoding.
+ *    This macro returns the maximum length of an unsigned integer
+ *    encoding.
  */
 
-#define USIALLOC()	(5)
+#define USIALLOC() (5)
 
 /*
  * Description (USIENCODE)
  *
- *	This macro encodes a USI value into a specified buffer.  It
- *	returns a pointer to the first octet after the encoding.
- *	This is a partial inline optimization for USI_Encode().
+ *    This macro encodes a USI value into a specified buffer.  It
+ *    returns a pointer to the first octet after the encoding.
+ *    This is a partial inline optimization for USI_Encode().
  */
 
-#define USIENCODE(cp, val) (((USI_t)(val) <= 0x7f) ? (*(cp) = (val), (cp)+1) \
-						   : USI_Encode((cp), (val)))
+#define USIENCODE(cp, val) (((USI_t)(val) <= 0x7f) ? (*(cp) = (val), (cp) + 1) \
+                                                   : USI_Encode((cp), (val)))
 
 /*
  * Description (USIINSERT)
  *
- *	This macro performs a variation of USIENCODE which always
- *	generates the maximum-sized USI encoding, i.e. the number of
- *	octets indicated by USIALLOC().
+ *    This macro performs a variation of USIENCODE which always
+ *    generates the maximum-sized USI encoding, i.e. the number of
+ *    octets indicated by USIALLOC().
  */
 
 #define USIINSERT(cp, val) USI_Insert((ATR_t)(cp), (USI_t)(val))
@@ -106,23 +106,23 @@ typedef unsigned char * ATR_t;
 /*
  * Description (USIDECODE)
  *
- *	This macro decodes a USI value from a specified buffer.  It
- *	returns a pointer to the first octet after the encoding.
- *	This is a partial inline optimization for USI_Decode().
+ *    This macro decodes a USI value from a specified buffer.  It
+ *    returns a pointer to the first octet after the encoding.
+ *    This is a partial inline optimization for USI_Decode().
  */
 
-#define USIDECODE(cp, pval) \
-	((*(cp) & 0x80) ? USI_Decode((cp), (pval)) \
-			: (((pval) ? (*(pval) = *(cp)) : 0), (cp)+1))
+#define USIDECODE(cp, pval)                  \
+    ((*(cp)&0x80) ? USI_Decode((cp), (pval)) \
+                  : (((pval) ? (*(pval) = *(cp)) : 0), (cp) + 1))
 
 /* Define a type to reference a null-terminated string */
-typedef unsigned char * NTS_t;
+typedef unsigned char *NTS_t;
 
 /*
  * Decription (NTSLENGTH)
  *
- *	Return the length, in octets, of a null-terminated string.
- *	It includes the terminating null octet.
+ *    Return the length, in octets, of a null-terminated string.
+ *    It includes the terminating null octet.
  */
 
 #define NTSLENGTH(nts) ((nts) ? strlen((char *)(nts)) + 1 : 1)
@@ -130,32 +130,32 @@ typedef unsigned char * NTS_t;
 /*
  * Description (NTSENCODE)
  *
- *	This macro copies a null-terminated string to a specified
- *	attribute record buffer.  It returns a pointer to the octet
- *	following the NTS in the buffer.
+ *    This macro copies a null-terminated string to a specified
+ *    attribute record buffer.  It returns a pointer to the octet
+ *    following the NTS in the buffer.
  */
 
-#define NTSENCODE(cp, nts) \
-	((ATR_t)memccpy((void *)(cp), \
-			(void *)((nts) ? (NTS_t)(nts) : (NTS_t)""), \
-			0, NTSLENGTH(nts)))
+#define NTSENCODE(cp, nts)                                       \
+    ((ATR_t)memccpy((void *)(cp),                                \
+                    (void *)((nts) ? (NTS_t)(nts) : (NTS_t) ""), \
+                    0, NTSLENGTH(nts)))
 
 /*
  * Description (NTSDECODE)
  *
- *	This macro decodes a null-terminated string in a specified
- *	attribute record buffer into a dynamically allocated buffer.
- *	It returns a pointer to the first octet after the NTS in the
- *	attribute record buffer.
+ *    This macro decodes a null-terminated string in a specified
+ *    attribute record buffer into a dynamically allocated buffer.
+ *    It returns a pointer to the first octet after the NTS in the
+ *    attribute record buffer.
  */
 
 #define NTSDECODE(cp, pnts) NTS_Decode((cp), (pnts))
 
 /* Functions in attrec.c */
 extern int NTS_Length(NTS_t ntsp);
-extern ATR_t NTS_Decode(ATR_t cp, NTS_t * pnts);
+extern ATR_t NTS_Decode(ATR_t cp, NTS_t *pnts);
 extern ATR_t NTS_Encode(ATR_t cp, NTS_t nts);
-extern ATR_t USI_Decode(ATR_t cp, USI_t * pval);
+extern ATR_t USI_Decode(ATR_t cp, USI_t *pval);
 extern ATR_t USI_Encode(ATR_t cp, USI_t val);
 extern ATR_t USI_Insert(ATR_t cp, USI_t val);
 extern int USI_Length(USI_t val);

include/libaccess/authdb.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef AUTHDB_H
@@ -18,10 +18,11 @@
 #include <libaccess/nserror.h>
 #include <libaccess/las.h>
 
-#define URL_PREFIX_LDAP		    "ldap"
-#define URL_PREFIX_LDAP_LEN	    4
+#define URL_PREFIX_LDAP "ldap"
+#define URL_PREFIX_LDAP_LEN 4
 
-typedef struct {
+typedef struct
+{
     char *dbname;
     ACLDbType_t dbtype;
     void *dbinfo;

include/libaccess/dbtlibaccess.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 
@@ -21,152 +21,152 @@ static char dbtlibaccessid[] = "$DBT: libaccess referenced v1 $";
 #include "i18n.h"
 
 BEGIN_STR(libaccess)
-	ResDef( DBT_LibraryID_, -1, dbtlibaccessid )/* extracted from dbtlibaccess.h*/
-	ResDef( DBT_basicNcsa_, 1, "basic-ncsa" )/*extracted from userauth.cpp*/
-	ResDef( DBT_cannotOpenDatabaseS_, 2, "cannot open database %s" )/*extracted from userauth.cpp*/
-	ResDef( DBT_basicNcsa_1, 3, "basic-ncsa" )/*extracted from userauth.cpp*/
-	ResDef( DBT_userSPasswordDidNotMatchDatabase_, 4, "user %s password did not match database %s" )/*extracted from userauth.cpp*/
-	ResDef( DBT_basicNcsa_2, 5, "basic-ncsa" )/*extracted from userauth.cpp*/
-	ResDef( DBT_cannotOpenConnectionToLdapServer_, 6, "cannot open connection to LDAP server on %s:%d" )/*NOT USED - extracted from userauth.cpp*/
-	ResDef( DBT_basicNcsa_3, 7, "basic-ncsa" )/*extracted from userauth.cpp*/
-	ResDef( DBT_userSPasswordDidNotMatchLdapOnSD_, 8, "user %s password did not match LDAP on %s:%d" )/*NOT USED - extracted from userauth.cpp*/
-	ResDef( DBT_aclState_, 9, "acl-state" )/*extracted from userauth.cpp*/
-	ResDef( DBT_missingRealm_, 10, "missing realm" )/*extracted from userauth.cpp*/
-	ResDef( DBT_unableToAllocateAclListHashN_, 11, "Unable to allocate ACL List Hash\n" )/*extracted from cache.cpp*/
-	ResDef( DBT_aclevalbuildcontextUnableToPermM_, 12, "ACLEvalBuildContext unable to PERM_MALLOC cache structure\n" )/*extracted from eval.cpp*/
-	ResDef( DBT_aclevalbuildcontextUnableToCreat_, 13, "ACLEvalBuildContext unable to create hash table\n" )/*extracted from eval.cpp*/
-	ResDef( DBT_aclevalbuildcontextUnableToAlloc_, 14, "ACLEvalBuildContext unable to allocate ACE Entry\n" )/*extracted from eval.cpp*/
-	ResDef( DBT_aclevalbuildcontextUnableToAlloc_1, 15, "ACLEvalBuildContext unable to allocate ACE entry\n" )/*extracted from eval.cpp*/
-	ResDef( DBT_aclevalbuildcontextUnableToAlloc_2, 16, "ACLEvalBuildContext unable to allocate Boundary Entry\n" )/*extracted from eval.cpp*/
-	ResDef( DBT_aclevalbuildcontextFailedN_, 17, "ACLEvalBuildContext failed.\n" )/*extracted from eval.cpp*/
-	ResDef( DBT_aclEvaltestrightsAnInterimAbsolu_, 18, "ACL_EvalTestRights: an interim, absolute non-allow value was encountered. right=%s, value=%d\n" )/*NOT USED - extracted from eval.cpp*/
-	ResDef( DBT_lasdnsbuildUnableToAllocateHashT_, 19, "LASDnsBuild unable to allocate hash table header\n" )/*extracted from lasdns.cpp*/
-	ResDef( DBT_lasdnsbuildUnableToAddKeySN_, 20, "LASDnsBuild unable to add key %s\n" )/*extracted from lasdns.cpp*/
-	ResDef( DBT_lasdnsbuildUnableToAddKeySN_1, 21, "LASDnsBuild unable to add key %s\n" )/*extracted from lasdns.cpp*/
-	ResDef( DBT_lasdnsbuildUnableToAddKeySN_2, 22, "LASDnsBuild unable to add key %s\n" )/*extracted from lasdns.cpp*/
-	ResDef( DBT_lasdnsbuildUnableToAddKeySN_3, 23, "LASDnsBuild unable to add key %s\n" )/*extracted from lasdns.cpp*/
-	ResDef( DBT_lasdnsbuildUnableToAddKeySN_4, 24, "LASDnsBuild unable to add key %s\n" )/*extracted from lasdns.cpp*/
-	ResDef( DBT_lasDnsBuildReceivedRequestForAtt_, 25, "LAS DNS build received request for attribute %s\n" )/*extracted from lasdns.cpp*/
-	ResDef( DBT_lasdnsevalIllegalComparatorDN_, 26, "LASDnsEval - illegal comparator %s\n" )/*extracted from lasdns.cpp*/
-	ResDef( DBT_lasdnsevalUnableToAllocateContex_, 27, "LASDnsEval unable to allocate Context struct\n\n" )/*extracted from lasdns.cpp*/
-	ResDef( DBT_lasdnsevalUnableToGetSessionAddr_, 28, "LASDnsEval unable to get session address %d\n" )/*NOT USED - extracted from lasdns.cpp*/
-	ResDef( DBT_lasdnsevalUnableToGetDnsErrorDN_, 29, "LASDnsEval unable to get DNS - error=%s\n" )/*extracted from lasdns.cpp*/
-	ResDef( DBT_lasGroupEvalReceivedRequestForAt_, 30, "LAS Group Eval received request for attribute %s\n" )/*extracted from lasgroup.cpp*/
-	ResDef( DBT_lasgroupevalIllegalComparatorDN_, 31, "LASGroupEval - illegal comparator %s\n" )/*extracted from lasgroup.cpp*/
-	ResDef( DBT_lasgroupevalRanOutOfMemoryN_, 32, "LASGroupEval - ran out of memory\n" )/*extracted from lasgroup.cpp*/
-	ResDef( DBT_lasgroupevalUnableToGetSessionAd_, 33, "LASGroupEval unable to get session address %d\n" )/*NOT USED - extracted from lasgroup.cpp*/
-	ResDef( DBT_lasgroupevalUnableToGetSessionAd_1, 34, "LASGroupEval unable to get session address %d\n" )/*NOT USED - extracted from lasgroup.cpp*/
-	ResDef( DBT_lasgroupevalCouldnTLocateGetterF_, 35, "LASGroupEval - couldn't locate getter for auth-user\n" )/*extracted from lasgroup.cpp*/
-	ResDef( DBT_lasgroupevalAttributeGetterForAu_, 36, "LASGroupEval - Attribute getter for auth-user failed\n" )/*extracted from lasgroup.cpp*/
-	ResDef( DBT_lasgroupevalAttributeGetterDidnT_, 37, "LASGroupEval - Attribute getter didn't set auth-user\n" )/*extracted from lasgroup.cpp*/
-	ResDef( DBT_checkGroupMembershipOfUserSForGr_, 38, "Check group membership of user \"%s\" for group \"%s\"\n" )/*extracted from lasgroup.cpp*/
-	ResDef( DBT_ldapuSuccessForGroupSN_, 39, "LDAPU_SUCCESS for group \"%s\"\n" )/*extracted from lasgroup.cpp*/
-	ResDef( DBT_ldapuFailedForGroupSN_, 40, "LDAPU_FAILED for group \"%s\"\n" )/*extracted from lasgroup.cpp*/
-	ResDef( DBT_lasEvalFalseN_, 41, "LAS_EVAL_FALSE\n" )/*extracted from lasgroup.cpp*/
-	ResDef( DBT_lasEvalTrueN_, 42, "LAS_EVAL_TRUE\n" )/*extracted from lasgroup.cpp*/
-	ResDef( DBT_lasiptreeallocNoMemoryN_, 43, "LASIpTreeAlloc - no memory\n" )/*extracted from lasip.cpp*/
-	ResDef( DBT_ipLasUnableToAllocateTreeNodeN_, 44, "IP LAS unable to allocate tree node\n" )/*extracted from lasip.cpp*/
-	ResDef( DBT_ipLasUnableToAllocateTreeNodeN_1, 45, "IP LAS unable to allocate tree node\n" )/*extracted from lasip.cpp*/
-	ResDef( DBT_lasIpBuildReceivedRequestForAttr_, 46, "LAS IP build received request for attribute %s\n" )/*extracted from lasip.cpp*/
-	ResDef( DBT_lasipevalIllegalComparatorDN_, 47, "LASIpEval - illegal comparator %s\n" )/*extracted from lasip.cpp*/
-	ResDef( DBT_lasipevalUnableToGetSessionAddre_, 48, "LASIpEval unable to get session address - error=%s\n" )/*extracted from lasip.cpp*/
-	ResDef( DBT_lasipevalUnableToAllocateContext_, 49, "LASIpEval unable to allocate Context struct\n\n" )/*extracted from lasip.cpp*/
-	ResDef( DBT_lasipevalReach32BitsWithoutConcl_, 50, "LASIpEval - reach 32 bits without conclusion value=%s" )/*extracted from lasip.cpp*/
-	ResDef( DBT_lasProgramEvalReceivedRequestFor_, 51, "LAS Program Eval received request for attribute %s\n" )/*extracted from lasprogram.cpp*/
-	ResDef( DBT_lasprogramevalIllegalComparatorD_, 52, "LASProgramEval - illegal comparator %s\n" )/*extracted from lasprogram.cpp*/
-	ResDef( DBT_lasprogramUnableToGetSessionAddr_, 53, "LASProgram unable to get session address %d\n" )/*NOT USED - extracted from lasprogram.cpp*/
-	ResDef( DBT_bin_, 54, "bin" )/*extracted from lasprogram.cpp*/
-	ResDef( DBT_lasprogramevalRequestNotOfTypeAd_, 55, "LASProgramEval: request not of type admin or bin, passing.\n" )/*extracted from lasprogram.cpp*/
-	ResDef( DBT_lasprogramevalCheckIfProgramSMat_, 56, "LASProgramEval: check if program %s matches pattern %s.\n" )/*extracted from lasprogram.cpp*/
-	ResDef( DBT_lasprogramevalInvalidWildcardExp_, 57, "LASProgramEval: Invalid wildcard expression %s.\n" )/*extracted from lasprogram.cpp*/
-	ResDef( DBT_lasEvalFalseN_1, 58, "LAS_EVAL_FALSE\n" )/*extracted from lasprogram.cpp*/
-	ResDef( DBT_lasEvalTrueN_1, 59, "LAS_EVAL_TRUE\n" )/*extracted from lasprogram.cpp*/
-	ResDef( DBT_unexpectedAttributeInDayofweekSN_, 60, "Unexpected attribute in dayOfWeek - %s\n" )/*extracted from lastod.cpp*/
-	ResDef( DBT_illegalComparatorForDayofweekDN_, 61, "Illegal comparator for dayOfWeek - %s\n" )/*extracted from lastod.cpp*/
-	ResDef( DBT_unexpectedAttributeInTimeofdaySN_, 62, "Unexpected attribute in timeOfDay - %s\n" )/*extracted from lastod.cpp*/
-	ResDef( DBT_lasUserEvalReceivedRequestForAtt_, 63, "LAS User Eval received request for attribute %s\n" )/*extracted from lasuser.cpp*/
-	ResDef( DBT_lasuserevalIllegalComparatorDN_, 64, "LASUserEval - illegal comparator %s\n" )/*extracted from lasuser.cpp*/
-	ResDef( DBT_lasuserevalRanOutOfMemoryN_, 65, "LASUserEval - ran out of memory\n" )/*extracted from lasuser.cpp*/
-	ResDef( DBT_lasuserevalUnableToGetSessionAdd_, 66, "LASUserEval unable to get session address %d\n" )/*NOT USED - extracted from lasuser.cpp*/
-	ResDef( DBT_lasuserevalUnableToGetSessionAdd_1, 67, "LASUserEval unable to get session address %d\n" )/*NOT USED - extracted from lasuser.cpp*/
-	ResDef( DBT_lasgroupevalCouldnTLocateGetterF_1, 68, "LASGroupEval - couldn't locate getter for auth-user\n" )/*extracted from lasuser.cpp*/
-	ResDef( DBT_lasgroupevalAttributeGetterForAu_1, 69, "LASGroupEval - Attribute getter for auth-user failed\n" )/*extracted from lasuser.cpp*/
-	ResDef( DBT_lasgroupevalAttributeGetterDidnT_1, 70, "LASGroupEval - Attribute getter didn't set auth-user\n" )/*extracted from lasuser.cpp*/
-	ResDef( DBT_checkIfUidUserIECheckSSN_, 71, "Check if uid == user (i.e. check \"%s\" == \"%s)\"\n" )/*extracted from lasuser.cpp*/
-	ResDef( DBT_successForUserSN_, 72, "SUCCESS for user \"%s\"\n" )/*extracted from lasuser.cpp*/
-	ResDef( DBT_failedForUserSN_, 73, "FAILED for user \"%s\"\n" )/*extracted from lasuser.cpp*/
-	ResDef( DBT_lasEvalFalseN_2, 74, "LAS_EVAL_FALSE\n" )/*extracted from lasuser.cpp*/
-	ResDef( DBT_lasEvalTrueN_2, 75, "LAS_EVAL_TRUE\n" )/*extracted from lasuser.cpp*/
-	ResDef( DBT_Unused76, 76, "")
-	ResDef( DBT_lasProgramUnableToGetRequest_, 77, "LASProgram unable to get request address - error=%s" ) /*extracted from lasprogram.cpp*/
-	ResDef( DBT_lasProgramRejectingRequestForProgram_, 78, "LASProgram rejecting request for program %s from pattern %s" ) /*extracted from lasprogram.cpp*/
-	ResDef( DBT_aclcacheflushCannotParseFile, 79, "ACL_CacheFlush: unable to parse file \"%s\"\n" )
-	ResDef( DBT_aclcacheflushCannotConcatList, 80, "ACL_CacheFlush: unable to concatenate ACL list \"%s\"\n" )
-	ResDef( DBT_aclcacheflushCannotOpenMagnus, 81, "ACL_CacheFlush: unable to open and process the magnus file \"%s\"\n" )
-	ResDef( DBT_illegalComparatorForTimeOfDayDN_, 82, "Illegal comparator for timeOfDay - %s\n" )/*extracted from lastod.cpp*/
-	ResDef( DBT_EvalBuildContextUnableToCreateHash, 83, "ACL_EvalBuildContext unable to create hash table\n")
-	ResDef( DBT_EvalBuildContextUnableToAllocCache, 84, "ACL_EvalBuildContext unable to PERM_CALLOC cache structure\n")
-	ResDef( DBT_EvalBuildContextUnableToAllocAceEntry, 85, "ACL_EvalBuildContext unable to allocate ACE entry\n")
-	ResDef( DBT_EvalBuildContextUnableToAllocAuthPointerArray, 86, "ACL_EvalBuildContext unable to allocate auth pointer array\n")
-	ResDef( DBT_EvalBuildContextUnableToAllocAuthPlist, 87, "ACL_EvalBuildContext unable to allocate auth plist\n")
-	ResDef( DBT_EvalTestRightsInterimAbsoluteNonAllowValue, 88, "ACL_EvalTestRights: an interim, absolute non-allow value was encountered. right=%s, value=%s\n")
-	ResDef( DBT_EvalTestRightsEvalBuildContextFailed, 89, "ACL_INTEvalTestRights: call to ACL_EvalBuildContext returned failure status\n")
-	ResDef( DBT_ModuleRegisterModuleNameMissing, 90, "ACL_ModuleRegister: module name is missing\n")
-	ResDef( DBT_ModuleRegisterFailed, 91, "ACL_ModuleRegister: call to module init function returned a failed status\n")
-	ResDef( DBT_GetAttributeCouldntDetermineMethod, 92, "ACL_GetAttribute: couldn't determine method for %s\n")
-	ResDef( DBT_GetAttributeCouldntLocateGetter, 93,  "ACL_GetAttribute: couldn't locate getter for %s")
-	ResDef( DBT_GetAttributeDidntGetAttr, 94, "ACL_GetAttribute: attr getter failed to get %s")
-	ResDef( DBT_GetAttributeDidntSetAttr, 95, "ACL_GetAttribute: attr getter failed to get %s")
-	ResDef( DBT_GetAttributeAllGettersDeclined, 96, "ACL_GetAttribute: All attribute getters declined for attr %s")
-	ResDef( DBT_DbtypeNoteDefinedYet, 97, "ACL_DatabaseRegister: dbtype for database \"%s\" is not defined yet!")
-	ResDef( DBT_DatabaseRegisterDatabaseNameMissing, 98, "ACL_DatabaseRegister: database name is missing")
-	ResDef( DBT_ReadDbMapFileErrorReadingFile, 99,  "Error reading the DB Map File: %s. Reason: %s")
-	ResDef( DBT_ReadDbMapFileMissingUrl, 100, "URL is missing for database %s")
-	ResDef( DBT_ReadDbMapFileInvalidPropertyPair, 101,  "Invalid property value pair for database %s")
-	ResDef( DBT_ReadDbMapFileDefaultDatabaseNotLdap, 102,  "\"default\" database must be an LDAP database")
-	ResDef( DBT_ReadDbMapFileMultipleDefaultDatabases, 103, "Multiple \"default\" databases are being registered")
-	ResDef( DBT_ReadDbMapFileMissingDefaultDatabase, 104, "\"default\" LDAP database must be registered")
-	ResDef( DBT_lasGroupEvalUnableToGetDatabaseName, 105, "LASGroupEval unable to get database name - error= %s")
-	ResDef( DBT_lasProgramReceivedInvalidProgramExpression, 106, "received invalid program expression %s")
-	ResDef( DBT_ldapaclDatabaseUrlIsMissing, 107, "parse_ldap_url: database url is missing")
-	ResDef( DBT_ldapaclDatabaseNameIsMissing, 108, "parse_ldap_url: database name is missing")
- 	ResDef( DBT_ldapaclErrorParsingLdapUrl, 109, "parse_ldap_url: error in parsing ldap url. Reason: %s")
-	ResDef( DBT_ldapaclUnableToGetDatabaseName, 110,  "ldap password check: unable to get database name - error=%s")
-	ResDef( DBT_ldapaclUnableToGetParsedDatabaseName, 111, "ldap password check: unable to get parsed database %s")
-	ResDef( DBT_ldapaclCoudlntInitializeConnectionToLdap, 112, "ldap password check: couldn't initialize connection to LDAP. Reason: %s")
-	ResDef( DBT_ldapaclPassworkCheckLdapError, 113, "ldap password check: LDAP error: \"%s\"")
-	ResDef( DBT_GetUserIsMemberLdapUnabelToGetDatabaseName, 114, "get_user_ismember_ldap unable to get database name - error=%s")
-	ResDef( DBT_GetUserIsMemberLdapUnableToGetParsedDatabaseName, 115, "get_user_ismember_ldap unable to get parsed database %s")
-	ResDef( DBT_GetUserIsMemberLdapCouldntInitializeConnectionToLdap, 116, "ldap password check: couldn't initialize connection to LDAP. Reason: %s")
-	ResDef( DBT_GetUserIsMemberLdapGroupDoesntExist, 117, "get_user_ismember_ldap: group %s does not exist")
-	ResDef( DBT_GetUserIsMemberLdapError, 118, "get_user_ismember_ldap: LDAP error: \"%s\"")
-	ResDef( DBT_LdapDatabaseHandleNotARegisteredDatabase, 119, "ACL_LDAPDatabaseHandle: %s is not a registered database")
-	ResDef( DBT_LdapDatabaseHandleNotAnLdapDatabase, 120, "ACL_LDAPDatabaseHandle: %s is not an LDAP database")
-	ResDef( DBT_LdapDatabaseHandleOutOfMemory, 121, "ACL_LDAPDatabaseHandle: out of memory")
-	ResDef( DBT_LdapDatabaseHandleCouldntInitializeConnectionToLdap, 122, "ACL_LDAPDatabaseHandle: couldn't initialize connection to LDAP. Reason: %s")
-	ResDef(  DBT_LdapDatabaseHandleCouldntBindToLdapServer, 123,  "ACL_LDAPDatabaseHandle: couldn't bind to LDAP server. Reason: %s")
-	ResDef( DBT_AclerrfmtAclerrnomem, 124, "insufficient dynamic memory")
-	ResDef( DBT_AclerrfmtAclerropen, 125, "error opening file, %s: %s")
-	ResDef( DBT_AclerrfmtAclerrdupsym1, 126, "duplicate definition of %s")
-	ResDef( DBT_AclerrfmtAclerrdupsym3, 127,  "file %s, line %s: duplicate definition of %s")
-	ResDef( DBT_AclerrfmtAclerrsyntax, 128, "file %s, line %s: syntax error")
-	ResDef( DBT_AclerrfmtAclerrundef, 129, "file %s, line %s: %s is undefined")
-	ResDef( DBT_AclerrfmtAclaclundef, 130, "in acl %s, %s %s is undefined")
-	ResDef( DBT_AclerrfmtAclerradb, 131, "database %s: error accessing %s")
-	ResDef( DBT_AclerrfmtAclerrparse1, 132, "%s")
-	ResDef( DBT_AclerrfmtAclerrparse2, 133, "file %s, line %s: invalid syntax")
-	ResDef( DBT_AclerrfmtAclerrparse3, 134, "file %s, line %s: syntax error at \"%s\"")
-	ResDef( DBT_AclerrfmtAclerrnorlm, 135, "realm %s is not defined")
-	ResDef( DBT_AclerrfmtUnknownerr, 136, "error code = %d")
-	ResDef( DBT_AclerrfmtAclerrinternal, 137, "internal ACL error")
-	ResDef( DBT_AclerrfmtAclerrinval, 138, "invalid argument")
-	ResDef( DBT_DbtypeNotDefinedYet, 139, "ACL_DatabaseRegister: dbtype for database \"%s\" is not defined yet!")
-	ResDef( DBT_ReadDbMapFileCouldntDetermineDbtype, 140, "couldn't determine dbtype from: %s")
-	ResDef( DBT_ReadDbMapFileRegisterDatabaseFailed, 141,  "Failed to register database %s")
-	ResDef( DBT_AclerrfmtAclerrfail, 142, "ACL call returned failed status")
-	ResDef( DBT_AclerrfmtAclerrio, 143, "file %s: ACL IO error - %s")
-	ResDef( DBT_AclUserExistsOutOfMemory, 144, "acl_user_exists: out of memory")
-	ResDef( DBT_AclUserExistsNot, 145, "acl_user_exists: user doesn't exist anymore")
-	ResDef( DBT_AclUserPlistError, 146, "acl_user_exists: plist error")
-	ResDef( DBT_lasdnsbuildInvalidAttributePattern_, 147, "LASDnsBuild invalid attribute pattern\n" )
-END_STR(libaccess)
+ResDef(DBT_LibraryID_, -1, dbtlibaccessid)                                                                                                              /* extracted from dbtlibaccess.h*/
+    ResDef(DBT_basicNcsa_, 1, "basic-ncsa")                                                                                                             /*extracted from userauth.cpp*/
+    ResDef(DBT_cannotOpenDatabaseS_, 2, "cannot open database %s")                                                                                      /*extracted from userauth.cpp*/
+    ResDef(DBT_basicNcsa_1, 3, "basic-ncsa")                                                                                                            /*extracted from userauth.cpp*/
+    ResDef(DBT_userSPasswordDidNotMatchDatabase_, 4, "user %s password did not match database %s")                                                      /*extracted from userauth.cpp*/
+    ResDef(DBT_basicNcsa_2, 5, "basic-ncsa")                                                                                                            /*extracted from userauth.cpp*/
+    ResDef(DBT_cannotOpenConnectionToLdapServer_, 6, "cannot open connection to LDAP server on %s:%d")                                                  /*NOT USED - extracted from userauth.cpp*/
+    ResDef(DBT_basicNcsa_3, 7, "basic-ncsa")                                                                                                            /*extracted from userauth.cpp*/
+    ResDef(DBT_userSPasswordDidNotMatchLdapOnSD_, 8, "user %s password did not match LDAP on %s:%d")                                                    /*NOT USED - extracted from userauth.cpp*/
+    ResDef(DBT_aclState_, 9, "acl-state")                                                                                                               /*extracted from userauth.cpp*/
+    ResDef(DBT_missingRealm_, 10, "missing realm")                                                                                                      /*extracted from userauth.cpp*/
+    ResDef(DBT_unableToAllocateAclListHashN_, 11, "Unable to allocate ACL List Hash\n")                                                                 /*extracted from cache.cpp*/
+    ResDef(DBT_aclevalbuildcontextUnableToPermM_, 12, "ACLEvalBuildContext unable to PERM_MALLOC cache structure\n")                                    /*extracted from eval.cpp*/
+    ResDef(DBT_aclevalbuildcontextUnableToCreat_, 13, "ACLEvalBuildContext unable to create hash table\n")                                              /*extracted from eval.cpp*/
+    ResDef(DBT_aclevalbuildcontextUnableToAlloc_, 14, "ACLEvalBuildContext unable to allocate ACE Entry\n")                                             /*extracted from eval.cpp*/
+    ResDef(DBT_aclevalbuildcontextUnableToAlloc_1, 15, "ACLEvalBuildContext unable to allocate ACE entry\n")                                            /*extracted from eval.cpp*/
+    ResDef(DBT_aclevalbuildcontextUnableToAlloc_2, 16, "ACLEvalBuildContext unable to allocate Boundary Entry\n")                                       /*extracted from eval.cpp*/
+    ResDef(DBT_aclevalbuildcontextFailedN_, 17, "ACLEvalBuildContext failed.\n")                                                                        /*extracted from eval.cpp*/
+    ResDef(DBT_aclEvaltestrightsAnInterimAbsolu_, 18, "ACL_EvalTestRights: an interim, absolute non-allow value was encountered. right=%s, value=%d\n") /*NOT USED - extracted from eval.cpp*/
+    ResDef(DBT_lasdnsbuildUnableToAllocateHashT_, 19, "LASDnsBuild unable to allocate hash table header\n")                                             /*extracted from lasdns.cpp*/
+    ResDef(DBT_lasdnsbuildUnableToAddKeySN_, 20, "LASDnsBuild unable to add key %s\n")                                                                  /*extracted from lasdns.cpp*/
+    ResDef(DBT_lasdnsbuildUnableToAddKeySN_1, 21, "LASDnsBuild unable to add key %s\n")                                                                 /*extracted from lasdns.cpp*/
+    ResDef(DBT_lasdnsbuildUnableToAddKeySN_2, 22, "LASDnsBuild unable to add key %s\n")                                                                 /*extracted from lasdns.cpp*/
+    ResDef(DBT_lasdnsbuildUnableToAddKeySN_3, 23, "LASDnsBuild unable to add key %s\n")                                                                 /*extracted from lasdns.cpp*/
+    ResDef(DBT_lasdnsbuildUnableToAddKeySN_4, 24, "LASDnsBuild unable to add key %s\n")                                                                 /*extracted from lasdns.cpp*/
+    ResDef(DBT_lasDnsBuildReceivedRequestForAtt_, 25, "LAS DNS build received request for attribute %s\n")                                              /*extracted from lasdns.cpp*/
+    ResDef(DBT_lasdnsevalIllegalComparatorDN_, 26, "LASDnsEval - illegal comparator %s\n")                                                              /*extracted from lasdns.cpp*/
+    ResDef(DBT_lasdnsevalUnableToAllocateContex_, 27, "LASDnsEval unable to allocate Context struct\n\n")                                               /*extracted from lasdns.cpp*/
+    ResDef(DBT_lasdnsevalUnableToGetSessionAddr_, 28, "LASDnsEval unable to get session address %d\n")                                                  /*NOT USED - extracted from lasdns.cpp*/
+    ResDef(DBT_lasdnsevalUnableToGetDnsErrorDN_, 29, "LASDnsEval unable to get DNS - error=%s\n")                                                       /*extracted from lasdns.cpp*/
+    ResDef(DBT_lasGroupEvalReceivedRequestForAt_, 30, "LAS Group Eval received request for attribute %s\n")                                             /*extracted from lasgroup.cpp*/
+    ResDef(DBT_lasgroupevalIllegalComparatorDN_, 31, "LASGroupEval - illegal comparator %s\n")                                                          /*extracted from lasgroup.cpp*/
+    ResDef(DBT_lasgroupevalRanOutOfMemoryN_, 32, "LASGroupEval - ran out of memory\n")                                                                  /*extracted from lasgroup.cpp*/
+    ResDef(DBT_lasgroupevalUnableToGetSessionAd_, 33, "LASGroupEval unable to get session address %d\n")                                                /*NOT USED - extracted from lasgroup.cpp*/
+    ResDef(DBT_lasgroupevalUnableToGetSessionAd_1, 34, "LASGroupEval unable to get session address %d\n")                                               /*NOT USED - extracted from lasgroup.cpp*/
+    ResDef(DBT_lasgroupevalCouldnTLocateGetterF_, 35, "LASGroupEval - couldn't locate getter for auth-user\n")                                          /*extracted from lasgroup.cpp*/
+    ResDef(DBT_lasgroupevalAttributeGetterForAu_, 36, "LASGroupEval - Attribute getter for auth-user failed\n")                                         /*extracted from lasgroup.cpp*/
+    ResDef(DBT_lasgroupevalAttributeGetterDidnT_, 37, "LASGroupEval - Attribute getter didn't set auth-user\n")                                         /*extracted from lasgroup.cpp*/
+    ResDef(DBT_checkGroupMembershipOfUserSForGr_, 38, "Check group membership of user \"%s\" for group \"%s\"\n")                                       /*extracted from lasgroup.cpp*/
+    ResDef(DBT_ldapuSuccessForGroupSN_, 39, "LDAPU_SUCCESS for group \"%s\"\n")                                                                         /*extracted from lasgroup.cpp*/
+    ResDef(DBT_ldapuFailedForGroupSN_, 40, "LDAPU_FAILED for group \"%s\"\n")                                                                           /*extracted from lasgroup.cpp*/
+    ResDef(DBT_lasEvalFalseN_, 41, "LAS_EVAL_FALSE\n")                                                                                                  /*extracted from lasgroup.cpp*/
+    ResDef(DBT_lasEvalTrueN_, 42, "LAS_EVAL_TRUE\n")                                                                                                    /*extracted from lasgroup.cpp*/
+    ResDef(DBT_lasiptreeallocNoMemoryN_, 43, "LASIpTreeAlloc - no memory\n")                                                                            /*extracted from lasip.cpp*/
+    ResDef(DBT_ipLasUnableToAllocateTreeNodeN_, 44, "IP LAS unable to allocate tree node\n")                                                            /*extracted from lasip.cpp*/
+    ResDef(DBT_ipLasUnableToAllocateTreeNodeN_1, 45, "IP LAS unable to allocate tree node\n")                                                           /*extracted from lasip.cpp*/
+    ResDef(DBT_lasIpBuildReceivedRequestForAttr_, 46, "LAS IP build received request for attribute %s\n")                                               /*extracted from lasip.cpp*/
+    ResDef(DBT_lasipevalIllegalComparatorDN_, 47, "LASIpEval - illegal comparator %s\n")                                                                /*extracted from lasip.cpp*/
+    ResDef(DBT_lasipevalUnableToGetSessionAddre_, 48, "LASIpEval unable to get session address - error=%s\n")                                           /*extracted from lasip.cpp*/
+    ResDef(DBT_lasipevalUnableToAllocateContext_, 49, "LASIpEval unable to allocate Context struct\n\n")                                                /*extracted from lasip.cpp*/
+    ResDef(DBT_lasipevalReach32BitsWithoutConcl_, 50, "LASIpEval - reach 32 bits without conclusion value=%s")                                          /*extracted from lasip.cpp*/
+    ResDef(DBT_lasProgramEvalReceivedRequestFor_, 51, "LAS Program Eval received request for attribute %s\n")                                           /*extracted from lasprogram.cpp*/
+    ResDef(DBT_lasprogramevalIllegalComparatorD_, 52, "LASProgramEval - illegal comparator %s\n")                                                       /*extracted from lasprogram.cpp*/
+    ResDef(DBT_lasprogramUnableToGetSessionAddr_, 53, "LASProgram unable to get session address %d\n")                                                  /*NOT USED - extracted from lasprogram.cpp*/
+    ResDef(DBT_bin_, 54, "bin")                                                                                                                         /*extracted from lasprogram.cpp*/
+    ResDef(DBT_lasprogramevalRequestNotOfTypeAd_, 55, "LASProgramEval: request not of type admin or bin, passing.\n")                                   /*extracted from lasprogram.cpp*/
+    ResDef(DBT_lasprogramevalCheckIfProgramSMat_, 56, "LASProgramEval: check if program %s matches pattern %s.\n")                                      /*extracted from lasprogram.cpp*/
+    ResDef(DBT_lasprogramevalInvalidWildcardExp_, 57, "LASProgramEval: Invalid wildcard expression %s.\n")                                              /*extracted from lasprogram.cpp*/
+    ResDef(DBT_lasEvalFalseN_1, 58, "LAS_EVAL_FALSE\n")                                                                                                 /*extracted from lasprogram.cpp*/
+    ResDef(DBT_lasEvalTrueN_1, 59, "LAS_EVAL_TRUE\n")                                                                                                   /*extracted from lasprogram.cpp*/
+    ResDef(DBT_unexpectedAttributeInDayofweekSN_, 60, "Unexpected attribute in dayOfWeek - %s\n")                                                       /*extracted from lastod.cpp*/
+    ResDef(DBT_illegalComparatorForDayofweekDN_, 61, "Illegal comparator for dayOfWeek - %s\n")                                                         /*extracted from lastod.cpp*/
+    ResDef(DBT_unexpectedAttributeInTimeofdaySN_, 62, "Unexpected attribute in timeOfDay - %s\n")                                                       /*extracted from lastod.cpp*/
+    ResDef(DBT_lasUserEvalReceivedRequestForAtt_, 63, "LAS User Eval received request for attribute %s\n")                                              /*extracted from lasuser.cpp*/
+    ResDef(DBT_lasuserevalIllegalComparatorDN_, 64, "LASUserEval - illegal comparator %s\n")                                                            /*extracted from lasuser.cpp*/
+    ResDef(DBT_lasuserevalRanOutOfMemoryN_, 65, "LASUserEval - ran out of memory\n")                                                                    /*extracted from lasuser.cpp*/
+    ResDef(DBT_lasuserevalUnableToGetSessionAdd_, 66, "LASUserEval unable to get session address %d\n")                                                 /*NOT USED - extracted from lasuser.cpp*/
+    ResDef(DBT_lasuserevalUnableToGetSessionAdd_1, 67, "LASUserEval unable to get session address %d\n")                                                /*NOT USED - extracted from lasuser.cpp*/
+    ResDef(DBT_lasgroupevalCouldnTLocateGetterF_1, 68, "LASGroupEval - couldn't locate getter for auth-user\n")                                         /*extracted from lasuser.cpp*/
+    ResDef(DBT_lasgroupevalAttributeGetterForAu_1, 69, "LASGroupEval - Attribute getter for auth-user failed\n")                                        /*extracted from lasuser.cpp*/
+    ResDef(DBT_lasgroupevalAttributeGetterDidnT_1, 70, "LASGroupEval - Attribute getter didn't set auth-user\n")                                        /*extracted from lasuser.cpp*/
+    ResDef(DBT_checkIfUidUserIECheckSSN_, 71, "Check if uid == user (i.e. check \"%s\" == \"%s)\"\n")                                                   /*extracted from lasuser.cpp*/
+    ResDef(DBT_successForUserSN_, 72, "SUCCESS for user \"%s\"\n")                                                                                      /*extracted from lasuser.cpp*/
+    ResDef(DBT_failedForUserSN_, 73, "FAILED for user \"%s\"\n")                                                                                        /*extracted from lasuser.cpp*/
+    ResDef(DBT_lasEvalFalseN_2, 74, "LAS_EVAL_FALSE\n")                                                                                                 /*extracted from lasuser.cpp*/
+    ResDef(DBT_lasEvalTrueN_2, 75, "LAS_EVAL_TRUE\n")                                                                                                   /*extracted from lasuser.cpp*/
+    ResDef(DBT_Unused76, 76, "")
+        ResDef(DBT_lasProgramUnableToGetRequest_, 77, "LASProgram unable to get request address - error=%s")             /*extracted from lasprogram.cpp*/
+    ResDef(DBT_lasProgramRejectingRequestForProgram_, 78, "LASProgram rejecting request for program %s from pattern %s") /*extracted from lasprogram.cpp*/
+    ResDef(DBT_aclcacheflushCannotParseFile, 79, "ACL_CacheFlush: unable to parse file \"%s\"\n")
+        ResDef(DBT_aclcacheflushCannotConcatList, 80, "ACL_CacheFlush: unable to concatenate ACL list \"%s\"\n")
+            ResDef(DBT_aclcacheflushCannotOpenMagnus, 81, "ACL_CacheFlush: unable to open and process the magnus file \"%s\"\n")
+                ResDef(DBT_illegalComparatorForTimeOfDayDN_, 82, "Illegal comparator for timeOfDay - %s\n") /*extracted from lastod.cpp*/
+    ResDef(DBT_EvalBuildContextUnableToCreateHash, 83, "ACL_EvalBuildContext unable to create hash table\n")
+        ResDef(DBT_EvalBuildContextUnableToAllocCache, 84, "ACL_EvalBuildContext unable to PERM_CALLOC cache structure\n")
+            ResDef(DBT_EvalBuildContextUnableToAllocAceEntry, 85, "ACL_EvalBuildContext unable to allocate ACE entry\n")
+                ResDef(DBT_EvalBuildContextUnableToAllocAuthPointerArray, 86, "ACL_EvalBuildContext unable to allocate auth pointer array\n")
+                    ResDef(DBT_EvalBuildContextUnableToAllocAuthPlist, 87, "ACL_EvalBuildContext unable to allocate auth plist\n")
+                        ResDef(DBT_EvalTestRightsInterimAbsoluteNonAllowValue, 88, "ACL_EvalTestRights: an interim, absolute non-allow value was encountered. right=%s, value=%s\n")
+                            ResDef(DBT_EvalTestRightsEvalBuildContextFailed, 89, "ACL_INTEvalTestRights: call to ACL_EvalBuildContext returned failure status\n")
+                                ResDef(DBT_ModuleRegisterModuleNameMissing, 90, "ACL_ModuleRegister: module name is missing\n")
+                                    ResDef(DBT_ModuleRegisterFailed, 91, "ACL_ModuleRegister: call to module init function returned a failed status\n")
+                                        ResDef(DBT_GetAttributeCouldntDetermineMethod, 92, "ACL_GetAttribute: couldn't determine method for %s\n")
+                                            ResDef(DBT_GetAttributeCouldntLocateGetter, 93, "ACL_GetAttribute: couldn't locate getter for %s")
+                                                ResDef(DBT_GetAttributeDidntGetAttr, 94, "ACL_GetAttribute: attr getter failed to get %s")
+                                                    ResDef(DBT_GetAttributeDidntSetAttr, 95, "ACL_GetAttribute: attr getter failed to get %s")
+                                                        ResDef(DBT_GetAttributeAllGettersDeclined, 96, "ACL_GetAttribute: All attribute getters declined for attr %s")
+                                                            ResDef(DBT_DbtypeNoteDefinedYet, 97, "ACL_DatabaseRegister: dbtype for database \"%s\" is not defined yet!")
+                                                                ResDef(DBT_DatabaseRegisterDatabaseNameMissing, 98, "ACL_DatabaseRegister: database name is missing")
+                                                                    ResDef(DBT_ReadDbMapFileErrorReadingFile, 99, "Error reading the DB Map File: %s. Reason: %s")
+                                                                        ResDef(DBT_ReadDbMapFileMissingUrl, 100, "URL is missing for database %s")
+                                                                            ResDef(DBT_ReadDbMapFileInvalidPropertyPair, 101, "Invalid property value pair for database %s")
+                                                                                ResDef(DBT_ReadDbMapFileDefaultDatabaseNotLdap, 102, "\"default\" database must be an LDAP database")
+                                                                                    ResDef(DBT_ReadDbMapFileMultipleDefaultDatabases, 103, "Multiple \"default\" databases are being registered")
+                                                                                        ResDef(DBT_ReadDbMapFileMissingDefaultDatabase, 104, "\"default\" LDAP database must be registered")
+                                                                                            ResDef(DBT_lasGroupEvalUnableToGetDatabaseName, 105, "LASGroupEval unable to get database name - error= %s")
+                                                                                                ResDef(DBT_lasProgramReceivedInvalidProgramExpression, 106, "received invalid program expression %s")
+                                                                                                    ResDef(DBT_ldapaclDatabaseUrlIsMissing, 107, "parse_ldap_url: database url is missing")
+                                                                                                        ResDef(DBT_ldapaclDatabaseNameIsMissing, 108, "parse_ldap_url: database name is missing")
+                                                                                                            ResDef(DBT_ldapaclErrorParsingLdapUrl, 109, "parse_ldap_url: error in parsing ldap url. Reason: %s")
+                                                                                                                ResDef(DBT_ldapaclUnableToGetDatabaseName, 110, "ldap password check: unable to get database name - error=%s")
+                                                                                                                    ResDef(DBT_ldapaclUnableToGetParsedDatabaseName, 111, "ldap password check: unable to get parsed database %s")
+                                                                                                                        ResDef(DBT_ldapaclCoudlntInitializeConnectionToLdap, 112, "ldap password check: couldn't initialize connection to LDAP. Reason: %s")
+                                                                                                                            ResDef(DBT_ldapaclPassworkCheckLdapError, 113, "ldap password check: LDAP error: \"%s\"")
+                                                                                                                                ResDef(DBT_GetUserIsMemberLdapUnabelToGetDatabaseName, 114, "get_user_ismember_ldap unable to get database name - error=%s")
+                                                                                                                                    ResDef(DBT_GetUserIsMemberLdapUnableToGetParsedDatabaseName, 115, "get_user_ismember_ldap unable to get parsed database %s")
+                                                                                                                                        ResDef(DBT_GetUserIsMemberLdapCouldntInitializeConnectionToLdap, 116, "ldap password check: couldn't initialize connection to LDAP. Reason: %s")
+                                                                                                                                            ResDef(DBT_GetUserIsMemberLdapGroupDoesntExist, 117, "get_user_ismember_ldap: group %s does not exist")
+                                                                                                                                                ResDef(DBT_GetUserIsMemberLdapError, 118, "get_user_ismember_ldap: LDAP error: \"%s\"")
+                                                                                                                                                    ResDef(DBT_LdapDatabaseHandleNotARegisteredDatabase, 119, "ACL_LDAPDatabaseHandle: %s is not a registered database")
+                                                                                                                                                        ResDef(DBT_LdapDatabaseHandleNotAnLdapDatabase, 120, "ACL_LDAPDatabaseHandle: %s is not an LDAP database")
+                                                                                                                                                            ResDef(DBT_LdapDatabaseHandleOutOfMemory, 121, "ACL_LDAPDatabaseHandle: out of memory")
+                                                                                                                                                                ResDef(DBT_LdapDatabaseHandleCouldntInitializeConnectionToLdap, 122, "ACL_LDAPDatabaseHandle: couldn't initialize connection to LDAP. Reason: %s")
+                                                                                                                                                                    ResDef(DBT_LdapDatabaseHandleCouldntBindToLdapServer, 123, "ACL_LDAPDatabaseHandle: couldn't bind to LDAP server. Reason: %s")
+                                                                                                                                                                        ResDef(DBT_AclerrfmtAclerrnomem, 124, "insufficient dynamic memory")
+                                                                                                                                                                            ResDef(DBT_AclerrfmtAclerropen, 125, "error opening file, %s: %s")
+                                                                                                                                                                                ResDef(DBT_AclerrfmtAclerrdupsym1, 126, "duplicate definition of %s")
+                                                                                                                                                                                    ResDef(DBT_AclerrfmtAclerrdupsym3, 127, "file %s, line %s: duplicate definition of %s")
+                                                                                                                                                                                        ResDef(DBT_AclerrfmtAclerrsyntax, 128, "file %s, line %s: syntax error")
+                                                                                                                                                                                            ResDef(DBT_AclerrfmtAclerrundef, 129, "file %s, line %s: %s is undefined")
+                                                                                                                                                                                                ResDef(DBT_AclerrfmtAclaclundef, 130, "in acl %s, %s %s is undefined")
+                                                                                                                                                                                                    ResDef(DBT_AclerrfmtAclerradb, 131, "database %s: error accessing %s")
+                                                                                                                                                                                                        ResDef(DBT_AclerrfmtAclerrparse1, 132, "%s")
+                                                                                                                                                                                                            ResDef(DBT_AclerrfmtAclerrparse2, 133, "file %s, line %s: invalid syntax")
+                                                                                                                                                                                                                ResDef(DBT_AclerrfmtAclerrparse3, 134, "file %s, line %s: syntax error at \"%s\"")
+                                                                                                                                                                                                                    ResDef(DBT_AclerrfmtAclerrnorlm, 135, "realm %s is not defined")
+                                                                                                                                                                                                                        ResDef(DBT_AclerrfmtUnknownerr, 136, "error code = %d")
+                                                                                                                                                                                                                            ResDef(DBT_AclerrfmtAclerrinternal, 137, "internal ACL error")
+                                                                                                                                                                                                                                ResDef(DBT_AclerrfmtAclerrinval, 138, "invalid argument")
+                                                                                                                                                                                                                                    ResDef(DBT_DbtypeNotDefinedYet, 139, "ACL_DatabaseRegister: dbtype for database \"%s\" is not defined yet!")
+                                                                                                                                                                                                                                        ResDef(DBT_ReadDbMapFileCouldntDetermineDbtype, 140, "couldn't determine dbtype from: %s")
+                                                                                                                                                                                                                                            ResDef(DBT_ReadDbMapFileRegisterDatabaseFailed, 141, "Failed to register database %s")
+                                                                                                                                                                                                                                                ResDef(DBT_AclerrfmtAclerrfail, 142, "ACL call returned failed status")
+                                                                                                                                                                                                                                                    ResDef(DBT_AclerrfmtAclerrio, 143, "file %s: ACL IO error - %s")
+                                                                                                                                                                                                                                                        ResDef(DBT_AclUserExistsOutOfMemory, 144, "acl_user_exists: out of memory")
+                                                                                                                                                                                                                                                            ResDef(DBT_AclUserExistsNot, 145, "acl_user_exists: user doesn't exist anymore")
+                                                                                                                                                                                                                                                                ResDef(DBT_AclUserPlistError, 146, "acl_user_exists: plist error")
+                                                                                                                                                                                                                                                                    ResDef(DBT_lasdnsbuildInvalidAttributePattern_, 147, "LASDnsBuild invalid attribute pattern\n")
+                                                                                                                                                                                                                                                                        END_STR(libaccess)

include/libaccess/dnfstruct.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef __dnfstruct_h
@@ -17,11 +17,11 @@
 /*
  * Description (dnfstruct_h)
  *
- *	This file defines types and structures used to represent a DNS
- *	name filter in memory.  A DNS name filter contains specifications
- *	of fully or partially qualified DNS names.  Each of these
- *	specifications can be associated with whatever information is
- *	appropriate for a particular use of a DNS name filter.
+ *    This file defines types and structures used to represent a DNS
+ *    name filter in memory.  A DNS name filter contains specifications
+ *    of fully or partially qualified DNS names.  Each of these
+ *    specifications can be associated with whatever information is
+ *    appropriate for a particular use of a DNS name filter.
  */
 
 #include "nspr.h"
@@ -32,26 +32,28 @@ NSPR_BEGIN_EXTERN_C
 /*
  * Description (DNSLeaf_t)
  *
- *	This type describes the structure of information associated with
- *	an entry in a DNS filter.  The filter itself is implemented as a
- *	hash table, keyed by the DNS name specification string.  The
- *	value associated with a key is a pointer to a DNSLeaf_t structure.
+ *    This type describes the structure of information associated with
+ *    an entry in a DNS filter.  The filter itself is implemented as a
+ *    hash table, keyed by the DNS name specification string.  The
+ *    value associated with a key is a pointer to a DNSLeaf_t structure.
  */
 
 typedef struct DNSLeaf_s DNSLeaf_t;
-struct DNSLeaf_s {
-    PLHashEntry dnl_he;		/* NSPR hash table entry */
+struct DNSLeaf_s
+{
+    PLHashEntry dnl_he; /* NSPR hash table entry */
 };
 
-#define dnl_next dnl_he.next		/* hash table collision link */
-#define dnl_keyhash dnl_he.keyHash	/* symbol hash value */
-#define dnl_key dnl_he.key		/* pointer to Symbol_t structure */
-#define dnl_ref dnl_he.value		/* pointer to named structure */
+#define dnl_next dnl_he.next       /* hash table collision link */
+#define dnl_keyhash dnl_he.keyHash /* symbol hash value */
+#define dnl_key dnl_he.key         /* pointer to Symbol_t structure */
+#define dnl_ref dnl_he.value       /* pointer to named structure */
 
 typedef struct DNSFilter_s DNSFilter_t;
-struct DNSFilter_s {
-    DNSFilter_t * dnf_next;	/* link to next filter */
-    void * dnf_hash;		/* pointer to constructed hash table */
+struct DNSFilter_s
+{
+    DNSFilter_t *dnf_next; /* link to next filter */
+    void *dnf_hash;        /* pointer to constructed hash table */
 };
 
 NSPR_END_EXTERN_C

include/libaccess/ipfstruct.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef __ipfstruct_h
@@ -17,11 +17,11 @@
 /*
  * Description (ipfstruct.h)
  *
- *	This file defines types and structures used to represent an
- *	IP address filter in memory.  An IP address filter contains
- *	specifications of IP host and network addresses.  Each of
- *	these specifications can be associated with whatever information
- *	is appropriate for a particular use of an IP address filter.
+ *    This file defines types and structures used to represent an
+ *    IP address filter in memory.  An IP address filter contains
+ *    specifications of IP host and network addresses.  Each of
+ *    these specifications can be associated with whatever information
+ *    is appropriate for a particular use of an IP address filter.
  */
 
 /* Define a scalar IP address value */
@@ -43,26 +43,27 @@ typedef unsigned long IPAddr_t;
  */
 
 /* Define indices of links in an IPNode_t */
-#define IPN_CLEAR	0	/* link to node with ipn_bit clear */
-#define IPN_SET		1	/* link to node with ipn_bit set */
-#define IPN_MASKED	2	/* link to node with ipn_bit masked out */
-#define IPN_NLINKS	3	/* number of links */
+#define IPN_CLEAR 0  /* link to node with ipn_bit clear */
+#define IPN_SET 1    /* link to node with ipn_bit set */
+#define IPN_MASKED 2 /* link to node with ipn_bit masked out */
+#define IPN_NLINKS 3 /* number of links */
 
 typedef struct IPNode_s IPNode_t;
-struct IPNode_s {
-    char ipn_type;		/* node type */
-#define IPN_LEAF	0	/* leaf node */
-#define IPN_NODE	1	/* internal node */
+struct IPNode_s
+{
+    char ipn_type; /* node type */
+#define IPN_LEAF 0 /* leaf node */
+#define IPN_NODE 1 /* internal node */
 
-    char ipn_bit;		/* bit number (31-0) to test */
-    IPNode_t * ipn_parent;	/* link to parent node */
-    IPNode_t * ipn_links[IPN_NLINKS];	
+    char ipn_bit;         /* bit number (31-0) to test */
+    IPNode_t *ipn_parent; /* link to parent node */
+    IPNode_t *ipn_links[IPN_NLINKS];
 };
 
 /* Helper definitions */
-#define ipn_clear	ipn_links[IPN_CLEAR]
-#define ipn_set		ipn_links[IPN_SET]
-#define ipn_masked	ipn_links[IPN_MASKED]
+#define ipn_clear ipn_links[IPN_CLEAR]
+#define ipn_set ipn_links[IPN_SET]
+#define ipn_masked ipn_links[IPN_MASKED]
 
 /*
  * Description (IPLeaf_t)
@@ -74,16 +75,18 @@ struct IPNode_s {
  */
 
 typedef struct IPLeaf_s IPLeaf_t;
-struct IPLeaf_s {
-    char ipl_type;		/* see ipn_type in IPNode_t */
-    IPAddr_t ipl_netmask;	/* IP network mask */
-    IPAddr_t ipl_ipaddr;	/* IP address of host or network */
+struct IPLeaf_s
+{
+    char ipl_type;        /* see ipn_type in IPNode_t */
+    IPAddr_t ipl_netmask; /* IP network mask */
+    IPAddr_t ipl_ipaddr;  /* IP address of host or network */
 };
 
 typedef struct IPFilter_s IPFilter_t;
-struct IPFilter_s {
-    IPFilter_t * ipf_next;	/* link to next filter */
-    IPNode_t * ipf_tree;	/* pointer to radix tree structure */
+struct IPFilter_s
+{
+    IPFilter_t *ipf_next; /* link to next filter */
+    IPNode_t *ipf_tree;   /* pointer to radix tree structure */
 };
 
 #endif /* __ipfstruct_h */

include/libaccess/las.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 
@@ -20,7 +20,7 @@
 #endif /* !NOINTNSACL */
 
 /* #include <prhash.h>  */
-#include <plhash.h> 
+#include <plhash.h>
 #include <prclist.h>
 
 #include <base/plist.h>
@@ -31,159 +31,134 @@
 #include "public/nsacl/acldef.h"
 #endif /* !PUBLIC_NSACL_ACLDEF_H */
 
-#define	ACL_MAX_METHOD		32
-#define	ACL_MAX_DBTYPE		32
+#define ACL_MAX_METHOD 32
+#define ACL_MAX_DBTYPE 32
 
-struct ACLAttrGetter {
-	PRCList			list;	/* must be first */
-	ACLMethod_t		method;
-	ACLDbType_t		dbtype;
-	ACLAttrGetterFn_t	fn;
-	void			*arg;
+struct ACLAttrGetter
+{
+    PRCList list; /* must be first */
+    ACLMethod_t method;
+    ACLDbType_t dbtype;
+    ACLAttrGetterFn_t fn;
+    void *arg;
 };
 
 NSPR_BEGIN_EXTERN_C
 
 NSAPI_PUBLIC extern int
-	ACL_LasRegister(NSErr_t *errp, const char *attr_name, LASEvalFunc_t
-	eval_func, LASFlushFunc_t flush_func);
+ACL_LasRegister(NSErr_t *errp, const char *attr_name, LASEvalFunc_t eval_func, LASFlushFunc_t flush_func);
 NSAPI_PUBLIC extern int
-	ACL_LasFindEval(NSErr_t *errp, char *attr_name, LASEvalFunc_t
-	*eval_funcp);
+ACL_LasFindEval(NSErr_t *errp, char *attr_name, LASEvalFunc_t *eval_funcp);
 NSAPI_PUBLIC extern int
-	ACL_LasFindFlush(NSErr_t *errp, char *attr_name, LASFlushFunc_t
-	*flush_funcp);
+ACL_LasFindFlush(NSErr_t *errp, char *attr_name, LASFlushFunc_t *flush_funcp);
 extern void
-	ACL_LasHashInit(void);
+ACL_LasHashInit(void);
 extern void
-	ACL_LasHashDestroy(void);
+ACL_LasHashDestroy(void);
 extern void
-	ACL_AttrGetterHashDestroy(void);
+ACL_AttrGetterHashDestroy(void);
 extern void
-	ACL_MethodHashDestroy(void);
+ACL_MethodHashDestroy(void);
 
 /*
- *	Revised, normalized method/dbtype registration routines
+ *    Revised, normalized method/dbtype registration routines
  */
 NSAPI_PUBLIC extern int
-	ACL_MethodRegister(NSErr_t *errp, const char *name, ACLMethod_t *t);
+ACL_MethodRegister(NSErr_t *errp, const char *name, ACLMethod_t *t);
 NSAPI_PUBLIC extern int
-	ACL_MethodIsEqual(NSErr_t *errp, const ACLMethod_t t1, const ACLMethod_t t2);
+ACL_MethodIsEqual(NSErr_t *errp, const ACLMethod_t t1, const ACLMethod_t t2);
 NSAPI_PUBLIC extern int
-	ACL_MethodNameIsEqual(NSErr_t *errp, const ACLMethod_t t, const char *name);
+ACL_MethodNameIsEqual(NSErr_t *errp, const ACLMethod_t t, const char *name);
 NSAPI_PUBLIC extern int
-	ACL_MethodFind(NSErr_t *errp, const char *name, ACLMethod_t *t);
+ACL_MethodFind(NSErr_t *errp, const char *name, ACLMethod_t *t);
 NSAPI_PUBLIC extern ACLMethod_t
-	ACL_MethodGetDefault(NSErr_t *errp);
+ACL_MethodGetDefault(NSErr_t *errp);
 NSAPI_PUBLIC extern int
-	ACL_MethodSetDefault(NSErr_t *errp, const ACLMethod_t t);
+ACL_MethodSetDefault(NSErr_t *errp, const ACLMethod_t t);
 NSAPI_PUBLIC extern int
-	ACL_AuthInfoGetMethod(NSErr_t *errp, PList_t auth_info, ACLMethod_t *t);
+ACL_AuthInfoGetMethod(NSErr_t *errp, PList_t auth_info, ACLMethod_t *t);
 NSAPI_PUBLIC extern int
-	ACL_AuthInfoSetMethod(NSErr_t *errp, PList_t auth_info, ACLMethod_t t);
+ACL_AuthInfoSetMethod(NSErr_t *errp, PList_t auth_info, ACLMethod_t t);
 NSAPI_PUBLIC extern int
-	ACL_DbTypeRegister(NSErr_t *errp, const char *name, DbParseFn_t func, ACLDbType_t *t);
+ACL_DbTypeRegister(NSErr_t *errp, const char *name, DbParseFn_t func, ACLDbType_t *t);
 NSAPI_PUBLIC extern int
-	ACL_DbTypeIsEqual(NSErr_t *errp, const ACLDbType_t t1, const ACLDbType_t t2);
+ACL_DbTypeIsEqual(NSErr_t *errp, const ACLDbType_t t1, const ACLDbType_t t2);
 NSAPI_PUBLIC extern int
-	ACL_DbTypeNameIsEqual(NSErr_t *errp, const ACLDbType_t t, const char *name);
+ACL_DbTypeNameIsEqual(NSErr_t *errp, const ACLDbType_t t, const char *name);
 NSAPI_PUBLIC extern int
-	ACL_DbTypeFind(NSErr_t *errp, const char *name, ACLDbType_t *t);
+ACL_DbTypeFind(NSErr_t *errp, const char *name, ACLDbType_t *t);
 NSAPI_PUBLIC extern ACLDbType_t
-	ACL_DbTypeGetDefault(NSErr_t *errp);
+ACL_DbTypeGetDefault(NSErr_t *errp);
 NSAPI_PUBLIC extern const char *
-	ACL_DatabaseGetDefault(NSErr_t *errp);
+ACL_DatabaseGetDefault(NSErr_t *errp);
 NSAPI_PUBLIC extern int
-	ACL_DatabaseSetDefault(NSErr_t *errp, const char *dbname);
+ACL_DatabaseSetDefault(NSErr_t *errp, const char *dbname);
 NSAPI_PUBLIC extern int
-	ACL_AuthInfoGetDbType(NSErr_t *errp, PList_t auth_info, ACLDbType_t *t);
+ACL_AuthInfoGetDbType(NSErr_t *errp, PList_t auth_info, ACLDbType_t *t);
 NSAPI_PUBLIC extern int
-	ACL_DbTypeIsRegistered(NSErr_t *errp, const ACLDbType_t dbtype);
+ACL_DbTypeIsRegistered(NSErr_t *errp, const ACLDbType_t dbtype);
 NSAPI_PUBLIC extern int
-	ACL_AttrGetterRegister(NSErr_t *errp, const char *attr,
-                               ACLAttrGetterFn_t fn, ACLMethod_t m,
-                               ACLDbType_t d, int position, void *arg);
+ACL_AttrGetterRegister(NSErr_t *errp, const char *attr, ACLAttrGetterFn_t fn, ACLMethod_t m, ACLDbType_t d, int position, void *arg);
 
 extern ACLDbType_t ACL_DbTypeLdap;
 
 NSAPI_PUBLIC extern int
-	ACL_DbTypeSetDefault(NSErr_t *errp, ACLDbType_t t);
+ACL_DbTypeSetDefault(NSErr_t *errp, ACLDbType_t t);
 NSAPI_PUBLIC extern DbParseFn_t
-	ACL_DbTypeParseFn(NSErr_t *errp, const ACLDbType_t dbtype);
+ACL_DbTypeParseFn(NSErr_t *errp, const ACLDbType_t dbtype);
 NSAPI_PUBLIC extern int
-	ACL_AttrGetterFind(NSErr_t *errp, const char *attr,
-			   ACLAttrGetterList_t *getters);
+ACL_AttrGetterFind(NSErr_t *errp, const char *attr, ACLAttrGetterList_t *getters);
 NSAPI_PUBLIC extern ACLAttrGetter_t *
-	ACL_AttrGetterFirst(ACLAttrGetterList_t *getters);
+ACL_AttrGetterFirst(ACLAttrGetterList_t *getters);
 NSAPI_PUBLIC extern ACLAttrGetter_t *
-	ACL_AttrGetterNext(ACLAttrGetterList_t *getters,
-			   ACLAttrGetter_t *last);
+ACL_AttrGetterNext(ACLAttrGetterList_t *getters,
+                   ACLAttrGetter_t *last);
 
 /* typedef PRHashTable AttrGetterTable_t; */
 typedef PLHashTable AttrGetterTable_t;
 
-typedef struct {
+typedef struct
+{
     char *method;
     char *authtype;
     char *dbtype;
     AttrGetterTable_t *attrGetters;
 } MethodInfo_t;
 
-NSAPI_PUBLIC int ACL_ModuleRegister (NSErr_t *errp, const char *moduleName, AclModuleInitFunc func);
+NSAPI_PUBLIC int ACL_ModuleRegister(NSErr_t *errp, const char *moduleName, AclModuleInitFunc func);
 
 NSAPI_PUBLIC int ACL_GetAttribute(NSErr_t *errp, const char *attr, void **val, PList_t subject, PList_t resource, PList_t auth_info, PList_t global_auth);
 
 NSAPI_PUBLIC int ACL_DatabaseRegister(NSErr_t *errp, ACLDbType_t dbtype, const char *dbname, const char *url, PList_t plist);
 
 NSAPI_PUBLIC int ACL_RegisterDbFromACL(NSErr_t *errp, const char *url, ACLDbType_t *dbtype);
-NSAPI_PUBLIC int ACL_DatabaseFind(NSErr_t *errp, const char *dbname,
-				  ACLDbType_t *dbtype, void **db);
-NSAPI_PUBLIC int ACL_LDAPDatabaseHandle (NSErr_t *errp,
-                                         const char *dbname, LDAP **ld,
-					 char **basedn);
-NSAPI_PUBLIC int ACL_AuthInfoGetDbname (PList_t auth_info, char **dbname);
-NSAPI_PUBLIC int ACL_AuthInfoSetDbname (NSErr_t *errp, PList_t auth_info,
-					const char *dbname);
+NSAPI_PUBLIC int ACL_DatabaseFind(NSErr_t *errp, const char *dbname, ACLDbType_t *dbtype, void **db);
+NSAPI_PUBLIC int ACL_LDAPDatabaseHandle(NSErr_t *errp,
+                                        const char *dbname,
+                                        LDAP **ld,
+                                        char **basedn);
+NSAPI_PUBLIC int ACL_AuthInfoGetDbname(PList_t auth_info, char **dbname);
+NSAPI_PUBLIC int ACL_AuthInfoSetDbname(NSErr_t *errp, PList_t auth_info, const char *dbname);
 NSAPI_PUBLIC int ACL_CacheFlushRegister(AclCacheFlushFunc_t func);
-NSAPI_PUBLIC int ACL_SetDefaultResult (NSErr_t *errp,
-				       ACLEvalHandle_t *acleval,
-				       int result);
-NSAPI_PUBLIC int ACL_GetDefaultResult (ACLEvalHandle_t *acleval);
-
-struct program_groups {
-	char *type;
-	char **groups;
-	char **programs;
+NSAPI_PUBLIC int ACL_SetDefaultResult(NSErr_t *errp,
+                                      ACLEvalHandle_t *acleval,
+                                      int result);
+NSAPI_PUBLIC int ACL_GetDefaultResult(ACLEvalHandle_t *acleval);
+
+struct program_groups
+{
+    char *type;
+    char **groups;
+    char **programs;
 };
 
-extern int LASTimeOfDayEval(NSErr_t *errp, char *attribute, CmpOp_t comparator,
-			char *pattern, ACLCachable_t *cachable, void **las_cookie,
-			PList_t subject, PList_t resource, PList_t auth_info,
-			PList_t global_auth);
-extern int LASDayOfWeekEval(NSErr_t *errp, char *attribute, CmpOp_t comparator,
-			char *pattern, ACLCachable_t *cachable, void **las_cookie,
-			PList_t subject, PList_t resource, PList_t auth_info,
-			PList_t global_auth);
-extern int LASIpEval(NSErr_t *errp, char *attribute, CmpOp_t comparator,
-			char *pattern, ACLCachable_t *cachable, void **las_cookie,
-			PList_t subject, PList_t resource, PList_t auth_info,
-			PList_t global_auth);
-extern int LASDnsEval(NSErr_t *errp, char *attribute, CmpOp_t comparator,
-			char *pattern, ACLCachable_t *cachable, void **las_cookie,
-			PList_t subject, PList_t resource, PList_t auth_info,
-			PList_t global_auth);
-extern int LASGroupEval(NSErr_t *errp, char *attribute, CmpOp_t comparator,
-			char *pattern, ACLCachable_t *cachable, void **las_cookie,
-			PList_t subject, PList_t resource, PList_t auth_info,
-			PList_t global_auth);
-extern int LASUserEval(NSErr_t *errp, char *attribute, CmpOp_t comparator,
-			char *pattern, ACLCachable_t *cachable, void **las_cookie,
-			PList_t subject, PList_t resource, PList_t auth_info,
-			PList_t global_auth);
-extern int LASProgramEval(NSErr_t *errp, char *attribute, CmpOp_t comparator,
-			char *pattern, ACLCachable_t *cachable, void **las_cookie,
-			PList_t subject, PList_t resource, PList_t auth_info,
-			PList_t global_auth);
+extern int LASTimeOfDayEval(NSErr_t *errp, char *attribute, CmpOp_t comparator, char *pattern, ACLCachable_t *cachable, void **las_cookie, PList_t subject, PList_t resource, PList_t auth_info, PList_t global_auth);
+extern int LASDayOfWeekEval(NSErr_t *errp, char *attribute, CmpOp_t comparator, char *pattern, ACLCachable_t *cachable, void **las_cookie, PList_t subject, PList_t resource, PList_t auth_info, PList_t global_auth);
+extern int LASIpEval(NSErr_t *errp, char *attribute, CmpOp_t comparator, char *pattern, ACLCachable_t *cachable, void **las_cookie, PList_t subject, PList_t resource, PList_t auth_info, PList_t global_auth);
+extern int LASDnsEval(NSErr_t *errp, char *attribute, CmpOp_t comparator, char *pattern, ACLCachable_t *cachable, void **las_cookie, PList_t subject, PList_t resource, PList_t auth_info, PList_t global_auth);
+extern int LASGroupEval(NSErr_t *errp, char *attribute, CmpOp_t comparator, char *pattern, ACLCachable_t *cachable, void **las_cookie, PList_t subject, PList_t resource, PList_t auth_info, PList_t global_auth);
+extern int LASUserEval(NSErr_t *errp, char *attribute, CmpOp_t comparator, char *pattern, ACLCachable_t *cachable, void **las_cookie, PList_t subject, PList_t resource, PList_t auth_info, PList_t global_auth);
+extern int LASProgramEval(NSErr_t *errp, char *attribute, CmpOp_t comparator, char *pattern, ACLCachable_t *cachable, void **las_cookie, PList_t subject, PList_t resource, PList_t auth_info, PList_t global_auth);
 
 extern void LASTimeOfDayFlush(void **cookie);
 extern void LASDayOfWeekFlush(void **cookie);
@@ -192,4 +167,4 @@ extern void LASDnsFlush(void **cookie);
 
 NSPR_END_EXTERN_C
 
-#endif	/* ACL_LAS_HEADER */
+#endif /* ACL_LAS_HEADER */

include/libaccess/nsauth.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef __nsauth_h
@@ -17,21 +17,21 @@
 /*
  * Description (nsauth.h)
  *
- *	This file defines types and interfaces which pertain to client
- *	authentication.  The key types are Realm_t, which describes a
- *	context for authentication, and ClAuth_t, which is used to
- *	pass authentication information about a particular client
- *	into and out of authentication interface functions.
+ *    This file defines types and interfaces which pertain to client
+ *    authentication.  The key types are Realm_t, which describes a
+ *    context for authentication, and ClAuth_t, which is used to
+ *    pass authentication information about a particular client
+ *    into and out of authentication interface functions.
  */
 
 #include "ssl.h"
 
-#include "cert.h"               /* CERTCertificate for new ns security bin */
+#include "cert.h" /* CERTCertificate for new ns security bin */
 
-#include "usi.h"		/* identifier list support */
-#include "attrec.h"		/* attribute record types */
-#include "nserror.h"		/* error frame list support */
-#include "nsautherr.h"		/* authentication error codes */
+#include "usi.h"       /* identifier list support */
+#include "attrec.h"    /* attribute record types */
+#include "nserror.h"   /* error frame list support */
+#include "nsautherr.h" /* authentication error codes */
 
 /* Define a scalar IP address value */
 #ifndef __IPADDR_T_
@@ -42,242 +42,256 @@ typedef unsigned long IPAddr_t;
 /*
  * Description (UserObj_t)
  *
- *	This type defines the structure of a user object.  A user object
- *	contains information about a user which might be contained in
- *	an authentication database, including user name, password, user id,
- *	and group membership.
+ *    This type defines the structure of a user object.  A user object
+ *    contains information about a user which might be contained in
+ *    an authentication database, including user name, password, user id,
+ *    and group membership.
  */
 
 typedef struct UserObj_s UserObj_t;
-struct UserObj_s {
-    NTS_t uo_name;		/* user account name */
-    NTS_t uo_pwd;		/* encrypted password */
-    USI_t uo_uid;		/* user id */
-    USI_t uo_flags;		/* bit flags */
-#define UOF_DBFLAGS	0x1f	/* mask for flags stored in DB file */
-#define UOF_ERROR	0x20	/* error on last operation */
-#define UOF_NEW		0x40	/* new user object */
-#define UOF_MODIFIED	0x80	/* internal object modified */
-#define UOF_DELPEND	0x100	/* delete pending */
+struct UserObj_s
+{
+    NTS_t uo_name;        /* user account name */
+    NTS_t uo_pwd;         /* encrypted password */
+    USI_t uo_uid;         /* user id */
+    USI_t uo_flags;       /* bit flags */
+#define UOF_DBFLAGS 0x1f  /* mask for flags stored in DB file */
+#define UOF_ERROR 0x20    /* error on last operation */
+#define UOF_NEW 0x40      /* new user object */
+#define UOF_MODIFIED 0x80 /* internal object modified */
+#define UOF_DELPEND 0x100 /* delete pending */
 
-    NTS_t uo_rname;		/* real user name (gecos string) */
-    USIList_t uo_groups;	/* list of group ids containing user */
+    NTS_t uo_rname;      /* real user name (gecos string) */
+    USIList_t uo_groups; /* list of group ids containing user */
 };
 
 /*
  * Description (GroupObj_t)
  *
- *	This type defines the structure of a group object.  A group object
- *	contains information about a group which might be contained in
- *	an authentication database, including group name, group id, and
- *	relationships to other groups.
+ *    This type defines the structure of a group object.  A group object
+ *    contains information about a group which might be contained in
+ *    an authentication database, including group name, group id, and
+ *    relationships to other groups.
  */
 
 typedef struct GroupObj_s GroupObj_t;
-struct GroupObj_s {
-    NTS_t go_name;		/* group name */
-    USI_t go_gid;		/* group id */
-    USI_t go_flags;		/* bit flags */
-#define GOF_DBFLAGS	0x3f	/* mask for flags stored in DB file */
-#define GOF_NEW		0x40	/* new group object */
-#define GOF_MODIFIED	0x80	/* internal object modified */
-#define GOF_DELPEND	0x100	/* delete pending */
+struct GroupObj_s
+{
+    NTS_t go_name;        /* group name */
+    USI_t go_gid;         /* group id */
+    USI_t go_flags;       /* bit flags */
+#define GOF_DBFLAGS 0x3f  /* mask for flags stored in DB file */
+#define GOF_NEW 0x40      /* new group object */
+#define GOF_MODIFIED 0x80 /* internal object modified */
+#define GOF_DELPEND 0x100 /* delete pending */
 
-    NTS_t go_desc;		/* group description */
-    USIList_t go_users;		/* list of user members (uids) */
-    USIList_t go_groups;	/* list of group members (gids) */
-    USIList_t go_pgroups;	/* list of parent groups (gids) */
+    NTS_t go_desc;        /* group description */
+    USIList_t go_users;   /* list of user members (uids) */
+    USIList_t go_groups;  /* list of group members (gids) */
+    USIList_t go_pgroups; /* list of parent groups (gids) */
 };
 
 /*
  * Description (AuthIF_t)
  *
- *	This type describes a structure containing pointers to functions
- *	which provide a standard interface to an authentication database.
- *	The functions are described below.
+ *    This type describes a structure containing pointers to functions
+ *    which provide a standard interface to an authentication database.
+ *    The functions are described below.
  *
  *   Description (aif_close)
  *
- *	The referenced function closes an authentication database which
- *	was previously opened via the aif_open function.
+ *    The referenced function closes an authentication database which
+ *    was previously opened via the aif_open function.
  *
  *   Arguments:
  *
- *	authdb			- handle for database returned by aif_open
- *	flags			- close flags (unused - must be zero)
+ *    authdb            - handle for database returned by aif_open
+ *    flags            - close flags (unused - must be zero)
  *
  *
  *   Description (aif_findid)
  *
- *	The referenced function looks up a specified user or group id
- *	in a given authentication database.  Flags can be specified to
- *	search for only matching user ids, only matching group ids,
- *	or both.  The result value for a successful search indicates
- *	whether a matching user or group id was found, and a pointer to
- *	a user or group object is returned accordingly.
+ *    The referenced function looks up a specified user or group id
+ *    in a given authentication database.  Flags can be specified to
+ *    search for only matching user ids, only matching group ids,
+ *    or both.  The result value for a successful search indicates
+ *    whether a matching user or group id was found, and a pointer to
+ *    a user or group object is returned accordingly.
  *
  *   Arguments:
  *
- *	authdb			- handle for database returned by aif_open
- *	id			- user/group id value
- *	flags			- bit flags to control search
- *	rptr			- pointer to returned user or group object
- *				  pointer (may be null)
+ *    authdb            - handle for database returned by aif_open
+ *    id            - user/group id value
+ *    flags            - bit flags to control search
+ *    rptr            - pointer to returned user or group object
+ *                  pointer (may be null)
  *
  *   Returns:
  *
- *	If successful, the result value is greater than zero, and contains
- *	a subset of the search flags, indicating what was found, and a user
- *	or group object pointer is returned through 'rptr' if it is non-null.
- *	An unsuccessful search is indicated by a return value of zero.  An
- *	error is indicated by a negative return value (defined in
- *	nsautherr.h).
+ *    If successful, the result value is greater than zero, and contains
+ *    a subset of the search flags, indicating what was found, and a user
+ *    or group object pointer is returned through 'rptr' if it is non-null.
+ *    An unsuccessful search is indicated by a return value of zero.  An
+ *    error is indicated by a negative return value (defined in
+ *    nsautherr.h).
  *
  *
  *   Description (aif_findname)
  *
- *	The referenced function looks up a specified user or group name
- *	in a given authentication database.  Flags can be specified to
- *	search for only matching user names, only matching group names,
- *	or both.  The result value for a successful search indicates
- *	whether a matching user or group was found, and a pointer to a
- *	user or group object is returned accordingly.
+ *    The referenced function looks up a specified user or group name
+ *    in a given authentication database.  Flags can be specified to
+ *    search for only matching user names, only matching group names,
+ *    or both.  The result value for a successful search indicates
+ *    whether a matching user or group was found, and a pointer to a
+ *    user or group object is returned accordingly.
  *
  *   Arguments:
  *
- *	authdb			- handle for database returned by aif_open
- *	name			- user/group name string pointer
- *	flags			- bit flags to control search
- *	rptr			- pointer to returned user or group object
- *				  pointer (may be null)
+ *    authdb            - handle for database returned by aif_open
+ *    name            - user/group name string pointer
+ *    flags            - bit flags to control search
+ *    rptr            - pointer to returned user or group object
+ *                  pointer (may be null)
  *
  *   Returns:
  *
- *	If successful, the result value is greater than zero, and contains
- *	a subset of the search flags, indicating what was found, and a user
- *	or group object pointer is returned through 'rptr' if it is non-null.
- *	An unsuccessful search is indicated by a return value of zero.  An
- *	error is indicated by a negative return value (defined in
- *	nsautherr.h).
+ *    If successful, the result value is greater than zero, and contains
+ *    a subset of the search flags, indicating what was found, and a user
+ *    or group object pointer is returned through 'rptr' if it is non-null.
+ *    An unsuccessful search is indicated by a return value of zero.  An
+ *    error is indicated by a negative return value (defined in
+ *    nsautherr.h).
  *
  *
  *   Description (aif_idtoname)
  *
- *	The referenced function looks up a specified user or group id
- *	in a given authentication database, and returns the associated
- *	user or group name.  Flags can be specified to search for only
- *	matching user ids, only matching group ids, or both.  The result
- *	value for a successful search indicates whether a matching user
- *	or group id was found, and a pointer to the user or group name
- *	is returned accordingly.
+ *    The referenced function looks up a specified user or group id
+ *    in a given authentication database, and returns the associated
+ *    user or group name.  Flags can be specified to search for only
+ *    matching user ids, only matching group ids, or both.  The result
+ *    value for a successful search indicates whether a matching user
+ *    or group id was found, and a pointer to the user or group name
+ *    is returned accordingly.
  *
  *   Arguments:
  *
- *	authdb			- handle for database returned by aif_open
- *	id			- user/group id value
- *	flags			- bit flags to control search
- *	rptr			- pointer to returned user or group name
- *				  pointer (may be null)
+ *    authdb            - handle for database returned by aif_open
+ *    id            - user/group id value
+ *    flags            - bit flags to control search
+ *    rptr            - pointer to returned user or group name
+ *                  pointer (may be null)
  *
  *   Returns:
  *
- *	If successful, the result value is greater than zero, and contains
- *	a subset of the search flags, indicating what was found, and a user
- *	or group name pointer is returned through 'rptr' if it is non-null.
- *	An unsuccessful search is indicated by a return value of zero.  An
- *	error is indicated by a negative return value (defined in
- *	nsautherr.h).
+ *    If successful, the result value is greater than zero, and contains
+ *    a subset of the search flags, indicating what was found, and a user
+ *    or group name pointer is returned through 'rptr' if it is non-null.
+ *    An unsuccessful search is indicated by a return value of zero.  An
+ *    error is indicated by a negative return value (defined in
+ *    nsautherr.h).
  *
  *
  *   Description (aif_open)
  *
- *	The referenced function opens a named authentication database of
- *	the type supported by this interface.  The actual effect of the
- *	open function depends on the particular type of database, but a
- *	call to the aif_open function should generally be followed by a
- *	call to the aif_close function at some point.
+ *    The referenced function opens a named authentication database of
+ *    the type supported by this interface.  The actual effect of the
+ *    open function depends on the particular type of database, but a
+ *    call to the aif_open function should generally be followed by a
+ *    call to the aif_close function at some point.
  *
  *   Arguments:
  *
- *	adbname			- authentication database name string pointer
- *	flags			- open flags (definitions below)
- *	rptr			- pointer to returned handle for the database
+ *    adbname            - authentication database name string pointer
+ *    flags            - open flags (definitions below)
+ *    rptr            - pointer to returned handle for the database
  *
  *   Returns:
  *
- *	The return value is zero if the operation is successful, and a
- *	handle for the authentication database is returned through 'rptr'.
- *	An error is indicated by a negative return value (defined in
- *	nsautherr.h).
+ *    The return value is zero if the operation is successful, and a
+ *    handle for the authentication database is returned through 'rptr'.
+ *    An error is indicated by a negative return value (defined in
+ *    nsautherr.h).
  */
 
 typedef struct AuthIF_s AuthIF_t;
-struct AuthIF_s {
-    int (*aif_findid)(NSErr_t * errp,
-		      void * authdb, USI_t id, int flags, void **rptr);
-    int (*aif_findname)(NSErr_t * errp,
-			void * authdb, char * name, int flags, void **rptr);
-    int (*aif_idtoname)(NSErr_t * errp,
-			void * authdb, USI_t id, int flags, char **rptr);
-    int (*aif_open)(NSErr_t * errp, char * adbname, int flags, void **rptr);
-    void (*aif_close)(void * authdb, int flags);
-    int (*aif_addmember)(void **pmlist, char * name, int flags);
-    int (*aif_ismember)(void * mlist, char * name, int flags);
+struct AuthIF_s
+{
+    int (*aif_findid)(NSErr_t *errp,
+                      void *authdb,
+                      USI_t id,
+                      int flags,
+                      void **rptr);
+    int (*aif_findname)(NSErr_t *errp,
+                        void *authdb,
+                        char *name,
+                        int flags,
+                        void **rptr);
+    int (*aif_idtoname)(NSErr_t *errp,
+                        void *authdb,
+                        USI_t id,
+                        int flags,
+                        char **rptr);
+    int (*aif_open)(NSErr_t *errp, char *adbname, int flags, void **rptr);
+    void (*aif_close)(void *authdb, int flags);
+    int (*aif_addmember)(void **pmlist, char *name, int flags);
+    int (*aif_ismember)(void *mlist, char *name, int flags);
 };
 
 /* Define flags for the aif_open function */
-#define AIF_CREATE	0x1		/* new database (create it) */
+#define AIF_CREATE 0x1 /* new database (create it) */
 
 /*
  * Define bits for flags and return value of aif_findid, aif_findid,
  * and aif_idtoname functions.
  */
-#define AIF_NONE	0		/* no matching group or user name */
-#define AIF_GROUP	0x1		/* matching group name/id found */
-#define AIF_USER	0x2		/* matching user name/id found */
+#define AIF_NONE 0    /* no matching group or user name */
+#define AIF_GROUP 0x1 /* matching group name/id found */
+#define AIF_USER 0x2  /* matching user name/id found */
 
 /*
  * Description (Realm_t)
  *
- *	This type defines a structure which represents an authentication
- *	realm.  Each realm has a unique name, which is accessed through
- *	a Symbol_t structure, which in turn references a Realm_t as the
- *	symbol value.  This structure specifies an authentication
- *	method and an authentication database.
+ *    This type defines a structure which represents an authentication
+ *    realm.  Each realm has a unique name, which is accessed through
+ *    a Symbol_t structure, which in turn references a Realm_t as the
+ *    symbol value.  This structure specifies an authentication
+ *    method and an authentication database.
  */
 
 typedef struct Realm_s Realm_t;
-struct Realm_s {
-    int rlm_ameth;		/* authentication method type */
-    char * rlm_dbname;		/* authentication database name */
-    AuthIF_t * rlm_aif;		/* authentication interface pointer */
-    void * rlm_authdb;		/* authentication database handle */
-    char * rlm_prompt;		/* realm prompt string */
+struct Realm_s
+{
+    int rlm_ameth;     /* authentication method type */
+    char *rlm_dbname;  /* authentication database name */
+    AuthIF_t *rlm_aif; /* authentication interface pointer */
+    void *rlm_authdb;  /* authentication database handle */
+    char *rlm_prompt;  /* realm prompt string */
 };
 
 /* Define supported authentication method codes for rlm_ameth */
-#define AUTH_METHOD_BASIC	1	/* basic authentication */
-#define AUTH_METHOD_SSL		2	/* SSL client authentication */
+#define AUTH_METHOD_BASIC 1 /* basic authentication */
+#define AUTH_METHOD_SSL 2   /* SSL client authentication */
 
 /*
  * Description (ClAuth_t)
  *
- *	This type describes a structure containing information about a
- *	particular client.  It is used to pass information into and out
- *	of authentication support functions, as well as to other functions
- *	needing access to client authentication information.
+ *    This type describes a structure containing information about a
+ *    particular client.  It is used to pass information into and out
+ *    of authentication support functions, as well as to other functions
+ *    needing access to client authentication information.
  * FUTURE:
- *	- add client certificate pointer
+ *    - add client certificate pointer
  */
 
 typedef struct ClAuth_s ClAuth_t;
-struct ClAuth_s {
-    Realm_t * cla_realm;	/* authentication realm pointer */
-    IPAddr_t cla_ipaddr;	/* IP address */
-    char * cla_dns;		/* DNS name string pointer */
-    UserObj_t * cla_uoptr;	/* authenticated user object pointer */
-    GroupObj_t * cla_goptr;	/* pointer to list of group objects */
-    CERTCertificate * cla_cert;	/* certificate from SSL client auth */
+struct ClAuth_s
+{
+    Realm_t *cla_realm;        /* authentication realm pointer */
+    IPAddr_t cla_ipaddr;       /* IP address */
+    char *cla_dns;             /* DNS name string pointer */
+    UserObj_t *cla_uoptr;      /* authenticated user object pointer */
+    GroupObj_t *cla_goptr;     /* pointer to list of group objects */
+    CERTCertificate *cla_cert; /* certificate from SSL client auth */
 };
 
 #endif /* __nsauth_h */

include/libaccess/nsautherr.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef __nsautherr_h
@@ -19,83 +19,85 @@
 /* Define error ids generated by nsumgmt.c */
 
 /* userRename() */
-#define NSAUERR1000	1000		/* insufficient dynamic memory */
+#define NSAUERR1000 1000 /* insufficient dynamic memory */
 
 /* userStore() */
-#define NSAUERR1100	1100		/* insufficient dynamic memory */
+#define NSAUERR1100 1100 /* insufficient dynamic memory */
 
 /* Define error ids generated by nsgmgmt.c */
 
 /* groupStore() */
-#define NSAUERR2000	2000		/* insufficient dynamic memory */
+#define NSAUERR2000 2000 /* insufficient dynamic memory */
 
 /* Define error ids generated by nsadb.c */
 
 /* nsadbOpen() */
-#define NSAUERR3000	3000		/* invalid function argument */
-#define NSAUERR3020	3020		/* insufficient dynamic memory */
-#define NSAUERR3040	3040		/* create directory operation failed */
-#define NSAUERR3060	3060		/* open directory operation failed */
+#define NSAUERR3000 3000 /* invalid function argument */
+#define NSAUERR3020 3020 /* insufficient dynamic memory */
+#define NSAUERR3040 3040 /* create directory operation failed */
+#define NSAUERR3060 3060 /* open directory operation failed */
 
 /* nsadbOpenUsers() */
-#define NSAUERR3200	3200		/* invalid function argument */
-#define NSAUERR3220	3220		/* insufficient dynamic memory */
-#define NSAUERR3240	3240		/* error opening user database */
+#define NSAUERR3200 3200 /* invalid function argument */
+#define NSAUERR3220 3220 /* insufficient dynamic memory */
+#define NSAUERR3240 3240 /* error opening user database */
 
 /* nsadbOpenGroups() */
-#define NSAUERR3300	3300		/* invalid function argument */
-#define NSAUERR3320	3320		/* insufficient dynamic memory */
-#define NSAUERR3340	3340		/* error opening group database */
+#define NSAUERR3300 3300 /* invalid function argument */
+#define NSAUERR3320 3320 /* insufficient dynamic memory */
+#define NSAUERR3340 3340 /* error opening group database */
 
 /* nsadbOpenClients() */
-#define NSAUERR3400	3400		/* invalid function argument */
-#define NSAUERR3420	3420		/* insufficient dynamic memory */
-#define NSAUERR3430	3430		/* error initializing DB lock */
-#define NSAUERR3440	3440		/* error opening group database */
+#define NSAUERR3400 3400 /* invalid function argument */
+#define NSAUERR3420 3420 /* insufficient dynamic memory */
+#define NSAUERR3430 3430 /* error initializing DB lock */
+#define NSAUERR3440 3440 /* error opening group database */
 
 /* nsadbPutUserByCert() */
-#define NSAUERR3500	3500		/* invalid username length */
-#define NSAUERR3520	3520		/* user-to-cert map already exists */
+#define NSAUERR3500 3500 /* invalid username length */
+#define NSAUERR3520 3520 /* user-to-cert map already exists */
 
 /* nsadbOpenCertUsers() */
-#define NSAUERR3600	3600		/* error opening user-to-cert id DB */
+#define NSAUERR3600 3600 /* error opening user-to-cert id DB */
 
 /* nsadbFindCertUser() */
-#define NSAUERR3700	3700		/* specified user name not found */
+#define NSAUERR3700 3700 /* specified user name not found */
 
 /* nsadbAddCertUser() */
-#define NSAUERR3800	3800		/* error adding entry to database */
+#define NSAUERR3800 3800 /* error adding entry to database */
 
 /* nsadbRemoveCertUser() */
-#define NSAUERR3900	3900		/* error deleting entry in database */
+#define NSAUERR3900 3900 /* error deleting entry in database */
 
 /* Define error ids generated by nsamgmt.c */
 
 /* nsadbRemoveUser() */
-#define NSAUERR4000	4000		/* user name not found */
+#define NSAUERR4000 4000 /* user name not found */
 
 /* nsadbRemoveGroup() */
-#define NSAUERR4100	4100		/* group name not found */
+#define NSAUERR4100 4100 /* group name not found */
 
 /* Define error codes */
-#define NSAERRNOMEM	-1		/* insufficient dynamic memory */
-#define NSAERRINVAL	-2		/* invalid function argument */
-#define NSAERROPEN	-3		/* error opening database */
-#define NSAERRMKDIR	-4		/* error creating database directory */
-#define NSAERRNAME	-5		/* user or group name not found */
-#define NSAERRPUT	-6		/* error writing record to database */
-#define NSAERRCMAP	-7		/* certificate map already exists */
-#define NSAERRDEL	-8		/* error deleting database entry */
-#define NSAERRLOCK	-9		/* error initializing DB lock */
+#define NSAERRNOMEM -1 /* insufficient dynamic memory */
+#define NSAERRINVAL -2 /* invalid function argument */
+#define NSAERROPEN -3  /* error opening database */
+#define NSAERRMKDIR -4 /* error creating database directory */
+#define NSAERRNAME -5  /* user or group name not found */
+#define NSAERRPUT -6   /* error writing record to database */
+#define NSAERRCMAP -7  /* certificate map already exists */
+#define NSAERRDEL -8   /* error deleting database entry */
+#define NSAERRLOCK -9  /* error initializing DB lock */
 
 NSPR_BEGIN_EXTERN_C
 
 /* Authentication facility name in nsuser.c */
-extern const char * NSAuth_Program;
+extern const char *NSAuth_Program;
 
-    /* Functions in nsautherr.c */
-extern NSAPI_PUBLIC void nsadbErrorFmt(NSErr_t * errp,
-			  char * msgbuf, int maxlen, int maxdepth);
+/* Functions in nsautherr.c */
+extern NSAPI_PUBLIC void nsadbErrorFmt(NSErr_t *errp,
+                                       char *msgbuf,
+                                       int maxlen,
+                                       int maxdepth);
 
 NSPR_END_EXTERN_C
 

include/libaccess/nserror.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef __nserror_h
@@ -21,12 +21,12 @@
 /*
  * Description (nserror.h)
  *
- *	This file describes the interface to an error handling mechanism
- *	that is intended for general use.  This mechanism uses a data
- *	structure known as an "error frame" to capture information about
- *	an error.  Multiple error frames are used in nested function calls
- *	to capture the interpretation of an error at the different levels
- *	of a nested call.
+ *    This file describes the interface to an error handling mechanism
+ *    that is intended for general use.  This mechanism uses a data
+ *    structure known as an "error frame" to capture information about
+ *    an error.  Multiple error frames are used in nested function calls
+ *    to capture the interpretation of an error at the different levels
+ *    of a nested call.
  */
 
 #include <stdarg.h>
@@ -38,15 +38,14 @@
 NSPR_BEGIN_EXTERN_C
 
 /* Functions in nseframe.c */
-extern void nserrDispose(NSErr_t * errp);
-extern NSEFrame_t * nserrFAlloc(NSErr_t * errp);
-extern void nserrFFree(NSErr_t * errp, NSEFrame_t * efp);
-extern NSEFrame_t * nserrGenerate(NSErr_t * errp, long retcode, long errorid,
-				  const char * program, int errc, ...);
+extern void nserrDispose(NSErr_t *errp);
+extern NSEFrame_t *nserrFAlloc(NSErr_t *errp);
+extern void nserrFFree(NSErr_t *errp, NSEFrame_t *efp);
+extern NSEFrame_t *nserrGenerate(NSErr_t *errp, long retcode, long errorid, const char *program, int errc, ...);
 
 /* Functions in nserrmsg.c */
-extern char * nserrMessage(NSEFrame_t * efp, int flags);
-extern char * nserrRetrieve(NSEFrame_t * efp, int flags);
+extern char *nserrMessage(NSEFrame_t *efp, int flags);
+extern char *nserrRetrieve(NSEFrame_t *efp, int flags);
 
 NSPR_END_EXTERN_C
 

include/libaccess/symbols.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef __symbols_h
@@ -17,10 +17,10 @@
 /*
  * Description (symbols.h)
  *
- *	This file describes the interface to an ACL symbol table
- *	implementation.  The symbol table provides for storing symbols
- *	keyed by name and type, creating a separate name space for
- *	each symbol type.
+ *    This file describes the interface to an ACL symbol table
+ *    implementation.  The symbol table provides for storing symbols
+ *    keyed by name and type, creating a separate name space for
+ *    each symbol type.
  */
 
 #ifdef __PRIVATE_SYMBOLS
@@ -31,16 +31,17 @@
 /*
  * Description (SymTable_t)
  *
- *	This type describes a symbols table.  It contains a pointer to
- *	an NSPR hash table and a pointer to a monitor.  The monitor is
- *	needed even for read access to the symbol table because NSPR
- *	modifies the list for a hash bucket when a name is looked up.
+ *    This type describes a symbols table.  It contains a pointer to
+ *    an NSPR hash table and a pointer to a monitor.  The monitor is
+ *    needed even for read access to the symbol table because NSPR
+ *    modifies the list for a hash bucket when a name is looked up.
  */
 
 typedef struct SymTable_s SymTable_t;
-struct SymTable_s {
-    CRITICAL stb_crit;			/* monitor pointer */
-    PLHashTable * stb_ht;		/* hash table pointer */
+struct SymTable_s
+{
+    CRITICAL stb_crit;   /* monitor pointer */
+    PLHashTable *stb_ht; /* hash table pointer */
 };
 
 
@@ -59,39 +60,38 @@ static void symFreeTable(void * pool, void * item);
 /*
  * Description (Symbol_t)
  *
- *	This type describes a symbol table entry.  A symbol is
- *	identified by the combination of its name and type.  This
- *	structure is normally embedded in a structure for a particular
- *	symbol type, which will contain the symbol "value" information
- *	as well.
+ *    This type describes a symbol table entry.  A symbol is
+ *    identified by the combination of its name and type.  This
+ *    structure is normally embedded in a structure for a particular
+ *    symbol type, which will contain the symbol "value" information
+ *    as well.
  */
 
 typedef struct Symbol_s Symbol_t;
-struct Symbol_s {
-    const char * sym_name;			/* pointer to symbol name string */
-    int sym_type;			/* symbol type */
-    void *sym_data;			/* symbol data storage */
+struct Symbol_s
+{
+    const char *sym_name; /* pointer to symbol name string */
+    int sym_type;         /* symbol type */
+    void *sym_data;       /* symbol data storage */
 };
 
 /* Define error return codes */
-#define SYMERRNOMEM	-1		/* insufficient dynamic memory */
-#define SYMERRDUPSYM	-2		/* duplicate symbol name and type */
-#define SYMERRNOSYM	-3		/* symbol name and type not found */
+#define SYMERRNOMEM -1  /* insufficient dynamic memory */
+#define SYMERRDUPSYM -2 /* duplicate symbol name and type */
+#define SYMERRNOSYM -3  /* symbol name and type not found */
 
 /* Define return flags for symTableEnumerate() func() */
-#define SYMENUMSTOP	0x1		/* terminate enumeration */
-#define SYMENUMREMOVE	0x2		/* remove entry from symbol table */
+#define SYMENUMSTOP 0x1   /* terminate enumeration */
+#define SYMENUMREMOVE 0x2 /* remove entry from symbol table */
 
 NSPR_BEGIN_EXTERN_C
 
 /* Public functions defined in symbols.c */
-extern int symTableAddSym(void * table, Symbol_t * newsym, void * symref);
-extern void symTableRemoveSym(void * table, Symbol_t * sym);
-extern void symTableDestroy(void * table, int flags);
-extern void symTableEnumerate(void * table, void * argp,
-                              int (*func)(Symbol_t * sym, void * parg));
-extern int symTableFindSym(void * table, const char * symname,
-			   int symtype, void **psymref);
+extern int symTableAddSym(void *table, Symbol_t *newsym, void *symref);
+extern void symTableRemoveSym(void *table, Symbol_t *sym);
+extern void symTableDestroy(void *table, int flags);
+extern void symTableEnumerate(void *table, void *argp, int (*func)(Symbol_t *sym, void *parg));
+extern int symTableFindSym(void *table, const char *symname, int symtype, void **psymref);
 extern int symTableNew(void **ptable);
 
 NSPR_END_EXTERN_C

include/libaccess/userauth.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef USERAUTH_H

include/libaccess/usi.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef __usi_h
@@ -17,11 +17,11 @@
 /*
  * Description (usi.h)
  *
- *	This file defines the interface to an unsigned integer datatype.
- *	Unsigned integers are used to represent object identifiers of
- *	various sorts, including user ids and group ids.  Functions
- *	for manipulating lists of USIs are also provided in this
- *	interface.
+ *    This file defines the interface to an unsigned integer datatype.
+ *    Unsigned integers are used to represent object identifiers of
+ *    various sorts, including user ids and group ids.  Functions
+ *    for manipulating lists of USIs are also provided in this
+ *    interface.
  */
 
 /* Define a type to contain an unsigned integer value */
@@ -29,44 +29,45 @@ typedef unsigned int USI_t;
 
 /* Define a type to describe a list of USI_t values */
 typedef struct USIList_s USIList_t;
-struct USIList_s {
-    int uil_count;		/* number of active values in list */
-    int uil_size;		/* current size of list area in USI_t */
-    USI_t * uil_list;		/* pointer to array of values */
+struct USIList_s
+{
+    int uil_count;   /* number of active values in list */
+    int uil_size;    /* current size of list area in USI_t */
+    USI_t *uil_list; /* pointer to array of values */
 };
 
 /* Define macro to initialize a USIList_t structure */
-#define UILINIT(uilptr) \
-	{ \
-	    (uilptr)->uil_count = 0; \
-	    (uilptr)->uil_size = 0; \
-	    (uilptr)->uil_list = 0; \
-	}
+#define UILINIT(uilptr)          \
+    {                            \
+        (uilptr)->uil_count = 0; \
+        (uilptr)->uil_size = 0;  \
+        (uilptr)->uil_list = 0;  \
+    }
 
 /* Define a macro to replace the contents of one USIList_t with another's */
-#define UILREPLACE(dst, src) \
-	{ \
-	    if ((dst)->uil_size > 0) { \
-		FREE((dst)->uil_list); \
-	    } \
-	    (dst)->uil_count = (src)->uil_count; \
-	    (dst)->uil_size = (src)->uil_size; \
-	    (dst)->uil_list = (src)->uil_list; \
-	    (src)->uil_count = 0; \
-	    (src)->uil_size = 0; \
-	    (src)->uil_list = 0; \
-	}
+#define UILREPLACE(dst, src)                 \
+    {                                        \
+        if ((dst)->uil_size > 0) {           \
+            FREE((dst)->uil_list);           \
+        }                                    \
+        (dst)->uil_count = (src)->uil_count; \
+        (dst)->uil_size = (src)->uil_size;   \
+        (dst)->uil_list = (src)->uil_list;   \
+        (src)->uil_count = 0;                \
+        (src)->uil_size = 0;                 \
+        (src)->uil_list = 0;                 \
+    }
 
 /* Define a variation of UILINIT() that frees any allocated space */
-#define UILFREE(uilptr) \
-	{ \
-	    if ((uilptr)->uil_size > 0) { \
-		FREE((uilptr)->uil_list); \
-	    } \
-	    (uilptr)->uil_count = 0; \
-	    (uilptr)->uil_size = 0; \
-	    (uilptr)->uil_list = 0; \
-	}
+#define UILFREE(uilptr)               \
+    {                                 \
+        if ((uilptr)->uil_size > 0) { \
+            FREE((uilptr)->uil_list); \
+        }                             \
+        (uilptr)->uil_count = 0;      \
+        (uilptr)->uil_size = 0;       \
+        (uilptr)->uil_list = 0;       \
+    }
 
 /* Define a macro to extract the current number of items in a USIList_t */
 #define UILCOUNT(uilptr) ((uilptr)->uil_count)
@@ -77,12 +78,12 @@ struct USIList_s {
 NSPR_BEGIN_EXTERN_C
 
 /* Define functions in usi.c */
-extern USI_t * usiAlloc(USIList_t * uilptr, int count);
-extern int usiInsert(USIList_t * uilptr, USI_t usi);
-extern int usiPresent(USIList_t * uilptr, USI_t usi);
-extern int usiRemove(USIList_t * uilptr, USI_t usi);
-extern int uilDuplicate(USIList_t * dstptr, USIList_t * srcptr);
-extern int uilMerge(USIList_t * dstptr, USIList_t * srcptr);
+extern USI_t *usiAlloc(USIList_t *uilptr, int count);
+extern int usiInsert(USIList_t *uilptr, USI_t usi);
+extern int usiPresent(USIList_t *uilptr, USI_t usi);
+extern int usiRemove(USIList_t *uilptr, USI_t usi);
+extern int uilDuplicate(USIList_t *dstptr, USIList_t *srcptr);
+extern int uilMerge(USIList_t *dstptr, USIList_t *srcptr);
 
 NSPR_END_EXTERN_C
 

include/libaccess/usrcache.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 
@@ -26,81 +26,61 @@
 #include <cert.h>
 #include <prclist.h>
 
-typedef struct {
-    PRCList list;		/* pointer to next & prev obj */
-    char *uid;			/* unique within a database */
-    char *userdn;		/* LDAP DN if using LDAP db */
-    char *passwd;		/* password */
-    SECItem *derCert;		/* raw certificate data */
-    char *group;		/* group recently checked for membership */
-    time_t time;		/* last time when the cache was validated */
-    PRHashTable *hashtable;	/* hash table where this obj is being used */
+typedef struct
+{
+    PRCList list;           /* pointer to next & prev obj */
+    char *uid;              /* unique within a database */
+    char *userdn;           /* LDAP DN if using LDAP db */
+    char *passwd;           /* password */
+    SECItem *derCert;       /* raw certificate data */
+    char *group;            /* group recently checked for membership */
+    time_t time;            /* last time when the cache was validated */
+    PRHashTable *hashtable; /* hash table where this obj is being used */
 } UserCacheObj;
 
 NSPR_BEGIN_EXTERN_C
 
 /* Set the number of seconds the cache is valid */
-extern int acl_usr_cache_set_timeout (const int nsec);
+extern int acl_usr_cache_set_timeout(const int nsec);
 
 /* Is the cache enabled? */
 extern int acl_usr_cache_enabled();
 
 /* initialize user cache */
-extern int acl_usr_cache_init ();
+extern int acl_usr_cache_init();
 
 /* Creates a new user obj entry */
-extern int acl_usr_cache_insert (const char *uid, const char *dbname,
-				 const char *dn, const char *passwd,
-				 const char *group, const SECItem *derCert,
-				 const time_t time);
+extern int acl_usr_cache_insert(const char *uid, const char *dbname, const char *dn, const char *passwd, const char *group, const SECItem *derCert, const time_t time);
 
 /* Add group to the user's cache obj. */
-extern int acl_usr_cache_set_group (const char *uid, const char *dbname,
-				    const char *group, const time_t time);
+extern int acl_usr_cache_set_group(const char *uid, const char *dbname, const char *group, const time_t time);
 
 /* Add userdn to the user's cache obj. */
-extern int acl_usr_cache_set_userdn (const char *uid, const char *dbname,
-				     const char *userdn, const time_t time);
+extern int acl_usr_cache_set_userdn(const char *uid, const char *dbname, const char *userdn, const time_t time);
 
 /* Returns LAS_EVAL_TRUE if the user's password matches -- also returns the dn */
-extern int acl_usr_cache_passwd_check (const char *uid, const char *dbname,
-				       const char *passwd,
-				       const time_t time, char **dn,
-				       pool_handle_t *pool);
+extern int acl_usr_cache_passwd_check(const char *uid, const char *dbname, const char *passwd, const time_t time, char **dn, pool_handle_t *pool);
 
 /* Returns LAS_EVAL_TRUE if the user is a member of the group */
-extern int acl_usr_cache_group_check (const char *uid, const char *dbname,
-				      const char *group, const time_t time);
+extern int acl_usr_cache_group_check(const char *uid, const char *dbname, const char *group, const time_t time);
 
 /* Returns LAS_EVAL_TRUE if the user is a member of the group */
-extern int acl_usr_cache_group_len_check (const char *uid, const char *dbname,
-					  const char *group,
-					  const int len,
-					  const time_t time);
+extern int acl_usr_cache_group_len_check(const char *uid, const char *dbname, const char *group, const int len, const time_t time);
 
 /* Returns LAS_EVAL_TRUE if the user's cache is valid and has a group */
-extern int acl_usr_cache_get_group (const char *uid, const char *dbname,
-				    const time_t time, char **group,
-				    pool_handle_t *pool);
+extern int acl_usr_cache_get_group(const char *uid, const char *dbname, const time_t time, char **group, pool_handle_t *pool);
 
 /* Returns LAS_EVAL_TRUE if the user is a member of the group */
-extern int acl_usr_cache_userdn_check (const char *uid, const char *dbname,
-				       const char *userdn, const time_t time);
+extern int acl_usr_cache_userdn_check(const char *uid, const char *dbname, const char *userdn, const time_t time);
 
 /* Returns LAS_EVAL_TRUE if the user's cache is valid and has userdn */
-extern int acl_usr_cache_get_userdn (const char *uid, const char *dbname,
-				     const time_t time, char **userdn,
-				     pool_handle_t *pool);
+extern int acl_usr_cache_get_userdn(const char *uid, const char *dbname, const time_t time, char **userdn, pool_handle_t *pool);
 
 /* Creates a new user obj entry for cert to user mapping */
-extern int acl_cert_cache_insert (void *cert, const char *dbname,
-				  const char *uid, const char *dn,
-				  const time_t time);
+extern int acl_cert_cache_insert(void *cert, const char *dbname, const char *uid, const char *dn, const time_t time);
 
 /* Returns LAS_EVAL_TRUE if the user's cache is valid and returns uid */
-extern int acl_cert_cache_get_uid (void *cert, const char *dbname,
-				   const time_t time, char **uid,
-				   char **dn, pool_handle_t *pool);
+extern int acl_cert_cache_get_uid(void *cert, const char *dbname, const time_t time, char **uid, char **dn, pool_handle_t *pool);
 
 NSPR_END_EXTERN_C
 

include/libadmin/dbtlibadmin.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 
@@ -19,10 +19,10 @@ static char dbtlibadminid[] = "$DBT: libadmin referenced v1 $";
 #include "i18n.h"
 
 BEGIN_STR(libadmin)
-	ResDef( DBT_LibraryID_, -1, dbtlibadminid )/* extracted from dbtlibadmin.h*/
-	ResDef( DBT_help_, 1, "  Help  " )/*extracted from template.c*/
-	ResDef( DBT_ok_, 2, "   OK   " )/*extracted from template.c*/
-	ResDef( DBT_reset_, 3, " Reset " )/*extracted from template.c*/
-	ResDef( DBT_done_, 4, "  Done  " )/*extracted from template.c*/
-	ResDef( DBT_cancel_, 5, " Cancel " )/*extracted from template.c*/
-END_STR(libadmin)
+ResDef(DBT_LibraryID_, -1, dbtlibadminid) /* extracted from dbtlibadmin.h*/
+    ResDef(DBT_help_, 1, "  Help  ")      /*extracted from template.c*/
+    ResDef(DBT_ok_, 2, "   OK   ")        /*extracted from template.c*/
+    ResDef(DBT_reset_, 3, " Reset ")      /*extracted from template.c*/
+    ResDef(DBT_done_, 4, "  Done  ")      /*extracted from template.c*/
+    ResDef(DBT_cancel_, 5, " Cancel ")    /*extracted from template.c*/
+    END_STR(libadmin)

include/libadmin/libadmin.h

@@ -4,21 +4,21 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
-/* 
+/*
  * libadmin.h - All functions contained in libadmin.a
  *
  * All blame goes to Mike McCool
  */
 
-#ifndef	libadmin_h
-#define	libadmin_h
+#ifndef libadmin_h
+#define libadmin_h
 
 #include <stdio.h>
 #include <limits.h>
@@ -62,12 +62,12 @@ NSAPI_PUBLIC int ADM_Init(void);
 /* Since everyone seems to be doing this independently, at least centralize
    the code.  Useful for onClicks and automatic help */
 NSAPI_PUBLIC char *helpJavaScript(void);
-NSAPI_PUBLIC char *helpJavaScriptForTopic( char *topic );
+NSAPI_PUBLIC char *helpJavaScriptForTopic(char *topic);
 
-/* Report an error.  Takes 3 args: 1. Category of error 
+/* Report an error.  Takes 3 args: 1. Category of error
  *                                 2. Some more specific category info (opt)
- *                                 3. A short explanation of the error. 
- * 
+ *                                 3. A short explanation of the error.
+ *
  * report_warning: same thing except doesn't exit when done whining
  */
 /* error.c */
@@ -76,7 +76,7 @@ NSAPI_PUBLIC void report_error(int type, char *info, char *details);
 NSAPI_PUBLIC void report_warning(int type, char *info, char *details);
 
 /* Word wrap a string to fit into a JavaScript alert box. */
-/* str is the string, width is the width to wrap to, linefeed is the string 
+/* str is the string, width is the width to wrap to, linefeed is the string
  * to use as a linefeed. */
 /* util.c */
 #define WORD_WRAP_WIDTH 80
@@ -86,8 +86,8 @@ NSAPI_PUBLIC char *alert_word_wrap(char *str, int width, char *linefeed);
 /* util.c */
 NSAPI_PUBLIC char *get_userdb_dir(void);
 
-NSAPI_PUBLIC char *cookieValue( char *, char * );
+NSAPI_PUBLIC char *cookieValue(char *, char *);
 
 NSPR_END_EXTERN_C
 
-#endif	/* libadmin_h */
+#endif /* libadmin_h */

include/netsite.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef NETSITE_H
@@ -28,8 +28,8 @@
 */
 #ifndef NSPR_BEGIN_EXTERN_C
 #ifdef __cplusplus
-#define NSPR_BEGIN_EXTERN_C	extern "C" {
-#define NSPR_END_EXTERN_C	}
+#define NSPR_BEGIN_EXTERN_C extern "C" {
+#define NSPR_END_EXTERN_C }
 #else
 #define NSPR_BEGIN_EXTERN_C
 #define NSPR_END_EXTERN_C
@@ -49,12 +49,12 @@
 #define VOID void
 #endif
 
-#if !defined (boolean) && !defined (__GNUC__)
-typedef int                  boolean;
+#if !defined(boolean) && !defined(__GNUC__)
+typedef int boolean;
 #endif
 
-#define NS_TRUE              1
-#define NS_FALSE             0
+#define NS_TRUE 1
+#define NS_FALSE 0
 
 NSPR_BEGIN_EXTERN_C
 
@@ -84,7 +84,7 @@ NSAPI_PUBLIC void *INTsystem_calloc_perm(int size, int line, char *file);
 #define PERM_REALLOC(ptr, size) INTsystem_realloc_perm(ptr, size, __LINE__, __FILE__)
 NSAPI_PUBLIC void *INTsystem_realloc_perm(void *ptr, int size, int line, char *file);
 
-#define PERM_FREE(ptr) INTsystem_free_perm((void *) ptr, __LINE__, __FILE__)
+#define PERM_FREE(ptr) INTsystem_free_perm((void *)ptr, __LINE__, __FILE__)
 NSAPI_PUBLIC void INTsystem_free_perm(void *ptr, int line, char *file);
 
 #define PERM_STRDUP(ptr) INTsystem_strdup_perm(ptr, __LINE__, __FILE__)
@@ -98,7 +98,7 @@ NSAPI_PUBLIC char *INTsystem_strdup_perm(const char *ptr, int line, char *file);
 void setThreadMallocKey(int key);
 
 /* This probably belongs somewhere else, perhaps with a different name */
-NSAPI_PUBLIC char *INTdns_guess_domain(char * hname);
+NSAPI_PUBLIC char *INTdns_guess_domain(char *hname);
 
 /* --- Begin public functions --- */
 
@@ -107,9 +107,9 @@ NSAPI_PUBLIC char *INTdns_guess_domain(char * hname);
 NSAPI_PUBLIC char *INTsystem_version(void);
 
 /*
-   Depending on the system, memory allocated via these macros may come from 
-   an arena. If these functions are called from within an Init function, they 
-   will be allocated from permanent storage. Otherwise, they will be freed 
+   Depending on the system, memory allocated via these macros may come from
+   an arena. If these functions are called from within an Init function, they
+   will be allocated from permanent storage. Otherwise, they will be freed
    when the current request is finished.
  */
 
@@ -122,7 +122,7 @@ NSAPI_PUBLIC void *INTsystem_calloc(int size);
 #define REALLOC(ptr, size) INTsystem_realloc(ptr, size)
 NSAPI_PUBLIC void *INTsystem_realloc(void *ptr, int size);
 
-#define FREE(ptr) INTsystem_free((void *) ptr)
+#define FREE(ptr) INTsystem_free((void *)ptr)
 NSAPI_PUBLIC void INTsystem_free(void *ptr);
 
 #define STRDUP(ptr) INTsystem_strdup(ptr)
@@ -144,7 +144,7 @@ NSAPI_PUBLIC void *INTsystem_calloc_perm(int size);
 #define PERM_REALLOC(ptr, size) INTsystem_realloc_perm(ptr, size)
 NSAPI_PUBLIC void *INTsystem_realloc_perm(void *ptr, int size);
 
-#define PERM_FREE(ptr) INTsystem_free_perm((void *) ptr)
+#define PERM_FREE(ptr) INTsystem_free_perm((void *)ptr)
 NSAPI_PUBLIC void INTsystem_free_perm(void *ptr);
 
 #define PERM_STRDUP(ptr) INTsystem_strdup_perm(ptr)

include/public/base/systems.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef PUBLIC_BASE_SYSTEMS_H
@@ -16,7 +16,7 @@
 
 /*
  * File:        systems.h
- * 
+ *
  * Description:
  *
  *      This file defines various platform-dependent symbols, which are
@@ -33,18 +33,18 @@
 #define SEM_FLOCK
 /* warning: mmap doesn't work under 9.04 */
 #define SHMEM_UNIX_MMAP
-#define ZERO(ptr,len) memset(ptr,0,len)
+#define ZERO(ptr, len) memset(ptr, 0, len)
 
-#elif defined(SOLARIS) || defined (SOLARISx86)
+#elif defined(SOLARIS) || defined(SOLARISx86)
 
-#undef	FILE_UNIX	/* avoid redefinition message */
+#undef FILE_UNIX /* avoid redefinition message */
 #define FILE_UNIX
 #define FILE_UNIX_MMAP
 #define MALLOC_POOLS
 /* The Solaris routines return ENOSPC when too many semaphores are SEM_UNDO. */
 #define SEM_FLOCK
 #define SHMEM_UNIX_MMAP
-#define ZERO(ptr,len) memset(ptr,0,len)
+#define ZERO(ptr, len) memset(ptr, 0, len)
 
 #elif defined(SUNOS4)
 
@@ -54,7 +54,7 @@
 #define MALLOC_POOLS
 #define SEM_FLOCK
 #define SHMEM_UNIX_MMAP
-#define ZERO(ptr,len) memset(ptr,0,len)
+#define ZERO(ptr, len) memset(ptr, 0, len)
 
 #elif defined(LINUX)
 
@@ -63,7 +63,7 @@
 #define MALLOC_POOLS
 #define SEM_FLOCK
 #define SHMEM_UNIX_MMAP
-#define ZERO(ptr,len) memset(ptr,0,len)
+#define ZERO(ptr, len) memset(ptr, 0, len)
 
 #elif defined(__FreeBSD__)
 
@@ -72,7 +72,7 @@
 #define MALLOC_POOLS
 #define SEM_FLOCK
 #define SHMEM_UNIX_MMAP
-#define ZERO(ptr,len) memset(ptr,0,len)
+#define ZERO(ptr, len) memset(ptr, 0, len)
 
 #else
 #error "Missing defines in ns/netsite/include/public/base/systems.h"
@@ -80,8 +80,8 @@
 
 #ifndef NSPR_BEGIN_EXTERN_C
 #ifdef __cplusplus
-#define NSPR_BEGIN_EXTERN_C	extern "C" {
-#define NSPR_END_EXTERN_C	}
+#define NSPR_BEGIN_EXTERN_C extern "C" {
+#define NSPR_END_EXTERN_C }
 #else
 #define NSPR_BEGIN_EXTERN_C
 #define NSPR_END_EXTERN_C

include/public/netsite.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef PUBLIC_NETSITE_H

include/public/nsacl/aclapi.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef PUBLIC_NSACL_ACLAPI_H
@@ -41,125 +41,120 @@
 NSPR_BEGIN_EXTERN_C
 
 typedef struct ACLDispatchVector ACLDispatchVector_t;
-struct ACLDispatchVector {
+struct ACLDispatchVector
+{
 
     /* Error frame stack support */
 
-    void (*f_nserrDispose)(NSErr_t * errp);
-    NSEFrame_t *(*f_nserrFAlloc)(NSErr_t * errp);
-    void (*f_nserrFFree)(NSErr_t * errp, NSEFrame_t * efp);
-    NSEFrame_t *(*f_nserrGenerate)(NSErr_t * errp, long retcode,
-                                   long errorid, const char * program,
-                                   int errc, ...);
+    void (*f_nserrDispose)(NSErr_t *errp);
+    NSEFrame_t *(*f_nserrFAlloc)(NSErr_t *errp);
+    void (*f_nserrFFree)(NSErr_t *errp, NSEFrame_t *efp);
+    NSEFrame_t *(*f_nserrGenerate)(NSErr_t *errp, long retcode, long errorid, const char *program, int errc, ...);
 
-    /* Property list support 
-     * The Property List facility makes extensive use of pointers to 
+    /* Property list support
+     * The Property List facility makes extensive use of pointers to
      * opaque structures.  As such, PLists cannot be marshalled.  WAI-style
      * ACL APIs in future releases will therefore not be using PLists.
      * However the C API documented here may continue to be supported
      * in future releases.
      */
 
-    int (*f_PListAssignValue)(PList_t plist, const char *pname,
-                              const void *pvalue, PList_t ptype);
+    int (*f_PListAssignValue)(PList_t plist, const char *pname, const void *pvalue, PList_t ptype);
     PList_t (*f_PListCreate)(pool_handle_t *mempool,
-                             int resvprop, int maxprop, int flags);
-    int (*f_PListDefProp)(PList_t plist, int pindex, 
-                          const char *pname, const int flags);
-    const void * (*f_PListDeleteProp)(PList_t plist, int pindex,
-                                      const char *pname);
+                             int resvprop,
+                             int maxprop,
+                             int flags);
+    int (*f_PListDefProp)(PList_t plist, int pindex, const char *pname, const int flags);
+    const void *(*f_PListDeleteProp)(PList_t plist, int pindex, const char *pname);
     int (*f_PListFindValue)(PList_t plist,
-                            const char *pname, void **pvalue, PList_t *type);
-    int (*f_PListInitProp)(PList_t plist, int pindex, const char *pname,
-                           const void *pvalue, PList_t ptype);
+                            const char *pname,
+                            void **pvalue,
+                            PList_t *type);
+    int (*f_PListInitProp)(PList_t plist, int pindex, const char *pname, const void *pvalue, PList_t ptype);
     PList_t (*f_PListNew)(pool_handle_t *mempool);
     void (*f_PListDestroy)(PList_t plist);
     int (*f_PListGetValue)(PList_t plist,
-                           int pindex, void **pvalue, PList_t *type);
+                           int pindex,
+                           void **pvalue,
+                           PList_t *type);
     int (*f_PListNameProp)(PList_t plist, int pindex, const char *pname);
     int (*f_PListSetType)(PList_t plist, int pindex, PList_t type);
     int (*f_PListSetValue)(PList_t plist,
-                           int pindex, const void *pvalue, PList_t type);
-    void (*f_PListEnumerate)(PList_t plist, PListFunc_t *user_func, 
-                             void *user_data);
+                           int pindex,
+                           const void *pvalue,
+                           PList_t type);
+    void (*f_PListEnumerate)(PList_t plist, PListFunc_t *user_func, void *user_data);
     PList_t (*f_PListDuplicate)(PList_t plist,
-                                pool_handle_t *new_mempool, int flags);
+                                pool_handle_t *new_mempool,
+                                int flags);
     pool_handle_t *(*f_PListGetPool)(PList_t plist);
 
     /* ACL attribute handling */
 
-    int (*f_ACL_LasRegister)(NSErr_t *errp, const char *attr_name,
-                             LASEvalFunc_t eval_func,
-                             LASFlushFunc_t flush_func);
+    int (*f_ACL_LasRegister)(NSErr_t *errp, const char *attr_name, LASEvalFunc_t eval_func, LASFlushFunc_t flush_func);
 
     /* method/dbtype registration routines */
 
-    int (*f_ACL_MethodRegister)(NSErr_t *errp, const char *name,
-                                ACLMethod_t *t);
+    int (*f_ACL_MethodRegister)(NSErr_t *errp, const char *name, ACLMethod_t *t);
     int (*f_ACL_MethodIsEqual)(NSErr_t *errp,
-                               const ACLMethod_t t1, const ACLMethod_t t2);
+                               const ACLMethod_t t1,
+                               const ACLMethod_t t2);
     int (*f_ACL_MethodNameIsEqual)(NSErr_t *errp,
-                                   const ACLMethod_t t, const char *name);
+                                   const ACLMethod_t t,
+                                   const char *name);
     int (*f_ACL_MethodFind)(NSErr_t *errp, const char *name, ACLMethod_t *t);
     ACLMethod_t (*f_ACL_MethodGetDefault)(NSErr_t *errp);
     int (*f_ACL_MethodSetDefault)(NSErr_t *errp, const ACLMethod_t t);
     int (*f_ACL_AuthInfoGetMethod)(NSErr_t *errp,
-                                   PList_t auth_info, ACLMethod_t *t);
+                                   PList_t auth_info,
+                                   ACLMethod_t *t);
 
-    int (*f_ACL_DbTypeRegister)(NSErr_t *errp, const char *name,
-                                DbParseFn_t func, ACLDbType_t *t);
+    int (*f_ACL_DbTypeRegister)(NSErr_t *errp, const char *name, DbParseFn_t func, ACLDbType_t *t);
     int (*f_ACL_DbTypeIsEqual)(NSErr_t *errp,
-                               const ACLDbType_t t1, const ACLDbType_t t2);
-    int (*f_ACL_DbTypeNameIsEqual)(NSErr_t * errp,
-                                   const ACLDbType_t t, const char *name);
+                               const ACLDbType_t t1,
+                               const ACLDbType_t t2);
+    int (*f_ACL_DbTypeNameIsEqual)(NSErr_t *errp,
+                                   const ACLDbType_t t,
+                                   const char *name);
     int (*f_ACL_DbTypeFind)(NSErr_t *errp, const char *name, ACLDbType_t *t);
     ACLDbType_t (*f_ACL_DbTypeGetDefault)(NSErr_t *errp);
     int (*f_ACL_AuthInfoGetDbType)(NSErr_t *errp,
-                                   PList_t auth_info, ACLDbType_t *t);
+                                   PList_t auth_info,
+                                   ACLDbType_t *t);
     int (*f_ACL_DbTypeIsRegistered)(NSErr_t *errp, const ACLDbType_t dbtype);
     DbParseFn_t (*f_ACL_DbTypeParseFn)(NSErr_t *errp,
                                        const ACLDbType_t dbtype);
 
     int (*f_ACL_AttrGetterRegister)(NSErr_t *errp,
-                                    const char *attr, ACLAttrGetterFn_t fn,
-                                    ACLMethod_t m, ACLDbType_t d,
-                                    int position, void *arg);
-
-    int (*f_ACL_ModuleRegister)(NSErr_t *errp, const char *moduleName,
-                                AclModuleInitFunc func);
-    int (*f_ACL_GetAttribute)(NSErr_t *errp, const char *attr, void **val,
-                              PList_t subject, PList_t resource,
-                              PList_t auth_info, PList_t global_auth);
-    int (*f_ACL_DatabaseRegister)(NSErr_t *errp, ACLDbType_t dbtype,
-                                const char *dbname, const char *url,
-                                PList_t plist);
-    int (*f_ACL_DatabaseFind)(NSErr_t *errp, const char *dbname,
-                              ACLDbType_t *dbtype, void **db);
+                                    const char *attr,
+                                    ACLAttrGetterFn_t fn,
+                                    ACLMethod_t m,
+                                    ACLDbType_t d,
+                                    int position,
+                                    void *arg);
+
+    int (*f_ACL_ModuleRegister)(NSErr_t *errp, const char *moduleName, AclModuleInitFunc func);
+    int (*f_ACL_GetAttribute)(NSErr_t *errp, const char *attr, void **val, PList_t subject, PList_t resource, PList_t auth_info, PList_t global_auth);
+    int (*f_ACL_DatabaseRegister)(NSErr_t *errp, ACLDbType_t dbtype, const char *dbname, const char *url, PList_t plist);
+    int (*f_ACL_DatabaseFind)(NSErr_t *errp, const char *dbname, ACLDbType_t *dbtype, void **db);
     int (*f_ACL_DatabaseSetDefault)(NSErr_t *errp, const char *dbname);
-    int (*f_ACL_LDAPDatabaseHandle )(NSErr_t *errp, const char *dbname,
-                                     LDAP **ld, char **basedn);
+    int (*f_ACL_LDAPDatabaseHandle)(NSErr_t *errp, const char *dbname, LDAP **ld, char **basedn);
     int (*f_ACL_AuthInfoGetDbname)(PList_t auth_info, char **dbname);
     int (*f_ACL_CacheFlushRegister)(AclCacheFlushFunc_t func);
     int (*f_ACL_CacheFlush)(void);
 
     /*  ACL language and file interfaces */
 
-    ACLListHandle_t * (*f_ACL_ParseFile)(NSErr_t *errp, char *filename);
-    ACLListHandle_t * (*f_ACL_ParseString)(NSErr_t *errp, char *buffer);
-    int (*f_ACL_WriteString)(NSErr_t *errp, char **acl,
-                             ACLListHandle_t *acllist);
-    int (*f_ACL_WriteFile)(NSErr_t *errp, char *filename,
-                           ACLListHandle_t *acllist);
-    int (*f_ACL_FileRenameAcl)(NSErr_t *errp, char *filename,
-                               char *acl_name, char *new_acl_name, int flags);
-    int (*f_ACL_FileDeleteAcl)(NSErr_t *errp, char *filename,
-                               char *acl_name, int flags);
-    int (*f_ACL_FileGetAcl)(NSErr_t *errp, char *filename,
-                            char *acl_name, char **acl_text, int flags);
-    int (*f_ACL_FileSetAcl)(NSErr_t *errp, char *filename,
-                            char *acl_text, int flags);
-
-    /*  ACL Expression construction interfaces  
+    ACLListHandle_t *(*f_ACL_ParseFile)(NSErr_t *errp, char *filename);
+    ACLListHandle_t *(*f_ACL_ParseString)(NSErr_t *errp, char *buffer);
+    int (*f_ACL_WriteString)(NSErr_t *errp, char **acl, ACLListHandle_t *acllist);
+    int (*f_ACL_WriteFile)(NSErr_t *errp, char *filename, ACLListHandle_t *acllist);
+    int (*f_ACL_FileRenameAcl)(NSErr_t *errp, char *filename, char *acl_name, char *new_acl_name, int flags);
+    int (*f_ACL_FileDeleteAcl)(NSErr_t *errp, char *filename, char *acl_name, int flags);
+    int (*f_ACL_FileGetAcl)(NSErr_t *errp, char *filename, char *acl_name, char **acl_text, int flags);
+    int (*f_ACL_FileSetAcl)(NSErr_t *errp, char *filename, char *acl_text, int flags);
+
+    /*  ACL Expression construction interfaces
      *  These are low-level interfaces that may be useful to those who are not
      *  using the ONE ACL syntax, but want to use the ONE ACL evaluation
      *  routines.  By their low-level nature, future support of these APIs
@@ -170,61 +165,53 @@ struct ACLDispatchVector {
     ACLExprHandle_t *(*f_ACL_ExprNew)(const ACLExprType_t expr_type);
     void (*f_ACL_ExprDestroy)(ACLExprHandle_t *expr);
     int (*f_ACL_ExprSetPFlags)(NSErr_t *errp,
-                               ACLExprHandle_t *expr, PFlags_t flags);
+                               ACLExprHandle_t *expr,
+                               PFlags_t flags);
     int (*f_ACL_ExprClearPFlags)(NSErr_t *errp, ACLExprHandle_t *expr);
-    int (*f_ACL_ExprTerm)(NSErr_t *errp, ACLExprHandle_t *acl_expr,
-                          const char *attr_name, CmpOp_t cmp,
-                          char *attr_pattern);
+    int (*f_ACL_ExprTerm)(NSErr_t *errp, ACLExprHandle_t *acl_expr, const char *attr_name, CmpOp_t cmp, char *attr_pattern);
     int (*f_ACL_ExprNot)(NSErr_t *errp, ACLExprHandle_t *acl_expr);
     int (*f_ACL_ExprAnd)(NSErr_t *errp, ACLExprHandle_t *acl_expr);
     int (*f_ACL_ExprOr)(NSErr_t *errp, ACLExprHandle_t *acl_expr);
     int (*f_ACL_ExprAddAuthInfo)(ACLExprHandle_t *expr, PList_t auth_info);
     int (*f_ACL_ExprAddArg)(NSErr_t *errp, ACLExprHandle_t *expr, const char *arg);
-    int (*f_ACL_ExprSetDenyWith)(NSErr_t *errp, ACLExprHandle_t *expr,
-                                 char *deny_type, char *deny_response);
-    int (*f_ACL_ExprGetDenyWith)(NSErr_t *errp, ACLExprHandle_t *expr,
-                                 char **deny_type, char **deny_response);
+    int (*f_ACL_ExprSetDenyWith)(NSErr_t *errp, ACLExprHandle_t *expr, char *deny_type, char *deny_response);
+    int (*f_ACL_ExprGetDenyWith)(NSErr_t *errp, ACLExprHandle_t *expr, char **deny_type, char **deny_response);
     int (*f_ACL_ExprAppend)(NSErr_t *errp,
-                            ACLHandle_t *acl, ACLExprHandle_t *expr);
+                            ACLHandle_t *acl,
+                            ACLExprHandle_t *expr);
 
     /* ACL manipulation */
 
-    ACLHandle_t * (*f_ACL_AclNew)(NSErr_t *errp, char *tag);
+    ACLHandle_t *(*f_ACL_AclNew)(NSErr_t *errp, char *tag);
     void (*f_ACL_AclDestroy)(NSErr_t *errp, ACLHandle_t *acl);
 
     /* ACL list manipulation */
 
-    ACLListHandle_t * (*f_ACL_ListNew)(NSErr_t *errp);
-    int (*f_ACL_ListConcat)(NSErr_t *errp, ACLListHandle_t *acl_list1,
-                            ACLListHandle_t *acl_list2, int flags);
-    int (*f_ACL_ListAppend)(NSErr_t *errp, ACLListHandle_t *acllist,
-                            ACLHandle_t *acl, int flags);
+    ACLListHandle_t *(*f_ACL_ListNew)(NSErr_t *errp);
+    int (*f_ACL_ListConcat)(NSErr_t *errp, ACLListHandle_t *acl_list1, ACLListHandle_t *acl_list2, int flags);
+    int (*f_ACL_ListAppend)(NSErr_t *errp, ACLListHandle_t *acllist, ACLHandle_t *acl, int flags);
     void (*f_ACL_ListDestroy)(NSErr_t *errp, ACLListHandle_t *acllist);
-    ACLHandle_t * (*f_ACL_ListFind)(NSErr_t *errp, ACLListHandle_t *acllist,
-                                    char *aclname, int flags);
-    int (*f_ACL_ListAclDelete)(NSErr_t *errp, ACLListHandle_t *acl_list,
-                           char *acl_name, int flags);
-    int (*f_ACL_ListGetNameList)(NSErr_t *errp, ACLListHandle_t *acl_list,
-                                 char ***name_list);
+    ACLHandle_t *(*f_ACL_ListFind)(NSErr_t *errp, ACLListHandle_t *acllist, char *aclname, int flags);
+    int (*f_ACL_ListAclDelete)(NSErr_t *errp, ACLListHandle_t *acl_list, char *acl_name, int flags);
+    int (*f_ACL_ListGetNameList)(NSErr_t *errp, ACLListHandle_t *acl_list, char ***name_list);
     int (*f_ACL_NameListDestroy)(NSErr_t *errp, char **name_list);
 
     /* ACL evaluation */
 
-    int (*f_ACL_EvalTestRights)(NSErr_t *errp, ACLEvalHandle_t *acleval,
-                                const char **rights, const char **map_generic,
-                                char **deny_type, char **deny_response,
-                                char **acl_tag, int *expr_num);
-    ACLEvalHandle_t * (*f_ACL_EvalNew)(NSErr_t *errp, pool_handle_t *pool);
+    int (*f_ACL_EvalTestRights)(NSErr_t *errp, ACLEvalHandle_t *acleval, const char **rights, const char **map_generic, char **deny_type, char **deny_response, char **acl_tag, int *expr_num);
+    ACLEvalHandle_t *(*f_ACL_EvalNew)(NSErr_t *errp, pool_handle_t *pool);
     void (*f_ACL_EvalDestroy)(NSErr_t *errp,
-                              pool_handle_t *pool, ACLEvalHandle_t *acleval);
-    int (*f_ACL_EvalSetACL)(NSErr_t *errp, ACLEvalHandle_t *acleval,
-                            ACLListHandle_t *acllist);
+                              pool_handle_t *pool,
+                              ACLEvalHandle_t *acleval);
+    int (*f_ACL_EvalSetACL)(NSErr_t *errp, ACLEvalHandle_t *acleval, ACLListHandle_t *acllist);
     PList_t (*f_ACL_EvalGetSubject)(NSErr_t *errp, ACLEvalHandle_t *acleval);
     int (*f_ACL_EvalSetSubject)(NSErr_t *errp,
-                                ACLEvalHandle_t *acleval, PList_t subject);
+                                ACLEvalHandle_t *acleval,
+                                PList_t subject);
     PList_t (*f_ACL_EvalGetResource)(NSErr_t *errp, ACLEvalHandle_t *acleval);
     int (*f_ACL_EvalSetResource)(NSErr_t *errp,
-                                 ACLEvalHandle_t *acleval, PList_t resource);
+                                 ACLEvalHandle_t *acleval,
+                                 PList_t resource);
 
     /* Access to critical section for ACL cache */
 
@@ -232,16 +219,15 @@ struct ACLDispatchVector {
     void (*f_ACL_CritExit)(void);
 
     /* Miscellaneous functions */
-    const char * (*f_ACL_AclGetTag)(ACLHandle_t *acl);
-    ACLHandle_t * (*f_ACL_ListGetFirst)(ACLListHandle_t *acl_list,
-                                        ACLListEnum_t *acl_enum);
-    ACLHandle_t * (*f_ACL_ListGetNext)(ACLListHandle_t *acl_list,
+    const char *(*f_ACL_AclGetTag)(ACLHandle_t *acl);
+    ACLHandle_t *(*f_ACL_ListGetFirst)(ACLListHandle_t *acl_list,
                                        ACLListEnum_t *acl_enum);
+    ACLHandle_t *(*f_ACL_ListGetNext)(ACLListHandle_t *acl_list,
+                                      ACLListEnum_t *acl_enum);
 
     /* Functions added after ES 3.0 release */
-    const char * (*f_ACL_DatabaseGetDefault)(NSErr_t *errp);
-    int (*f_ACL_SetDefaultResult)(NSErr_t *errp, ACLEvalHandle_t *acleval,
-				  int result);
+    const char *(*f_ACL_DatabaseGetDefault)(NSErr_t *errp);
+    int (*f_ACL_SetDefaultResult)(NSErr_t *errp, ACLEvalHandle_t *acleval, int result);
     int (*f_ACL_GetDefaultResult)(ACLEvalHandle_t *acleval);
 };
 
@@ -255,8 +241,8 @@ NSAPI_PUBLIC extern ACLDispatchVector_t *__nsacl_table;
 #define nserrFFree (*__nsacl_table->f_nserrFFree)
 #define nserrGenerate (*__nsacl_table->f_nserrGenerate)
 
-    /* Property list support 
-     * The Property List facility makes extensive use of pointers to 
+/* Property list support
+     * The Property List facility makes extensive use of pointers to
      * opaque structures.  As such, PLists cannot be marshalled.  WAI-style
      * ACL APIs in future releases will therefore not be using PLists.
      * However the C API documented here may continue to be supported
@@ -279,11 +265,11 @@ NSAPI_PUBLIC extern ACLDispatchVector_t *__nsacl_table;
 #define PListDuplicate (*__nsacl_table->f_PListDuplicate)
 #define PListGetPool (*__nsacl_table->f_PListGetPool)
 
-    /* ACL attribute handling */
+/* ACL attribute handling */
 
 #define ACL_LasRegister (*__nsacl_table->f_ACL_LasRegister)
 
-    /* method/dbtype registration routines */
+/* method/dbtype registration routines */
 
 #define ACL_MethodRegister (*__nsacl_table->f_ACL_MethodRegister)
 #define ACL_MethodIsEqual (*__nsacl_table->f_ACL_MethodIsEqual)
@@ -306,16 +292,16 @@ NSAPI_PUBLIC extern ACLDispatchVector_t *__nsacl_table;
 #define ACL_DatabaseRegister (*__nsacl_table->f_ACL_DatabaseRegister)
 #define ACL_DatabaseFind (*__nsacl_table->f_ACL_DatabaseFind)
 #define ACL_DatabaseSetDefault (*__nsacl_table->f_ACL_DatabaseSetDefault)
-#define ACL_LDAPDatabaseHandle  (*__nsacl_table->f_ACL_LDAPDatabaseHandle)
+#define ACL_LDAPDatabaseHandle (*__nsacl_table->f_ACL_LDAPDatabaseHandle)
 #define ACL_AuthInfoGetDbname (*__nsacl_table->f_ACL_AuthInfoGetDbname)
 #define ACL_CacheFlushRegister (*__nsacl_table->f_ACL_CacheFlushRegister)
 #define ACL_CacheFlush (*__nsacl_table->f_ACL_CacheFlush)
 
-    /*  ACL language and file interfaces */
+/*  ACL language and file interfaces */
 
 #define ACL_ParseString (*__nsacl_table->f_ACL_ParseString)
 
-    /*  ACL Expression construction interfaces  
+/*  ACL Expression construction interfaces
      *  These are low-level interfaces that may be useful to those who are not
      *  using the ONE ACL syntax, but want to use the ONE ACL evaluation
      *  routines.  By their low-level nature, future support of these APIs
@@ -337,12 +323,12 @@ NSAPI_PUBLIC extern ACLDispatchVector_t *__nsacl_table;
 #define ACL_ExprGetDenyWith (*__nsacl_table->f_ACL_ExprGetDenyWith)
 #define ACL_ExprAppend (*__nsacl_table->f_ACL_ExprAppend)
 
-    /* ACL manipulation */
+/* ACL manipulation */
 
 #define ACL_AclNew (*__nsacl_table->f_ACL_AclNew)
 #define ACL_AclDestroy (*__nsacl_table->f_ACL_AclDestroy)
 
-    /* ACL list manipulation */
+/* ACL list manipulation */
 
 #define ACL_ListNew (*__nsacl_table->f_ACL_ListNew)
 #define ACL_ListConcat (*__nsacl_table->f_ACL_ListConcat)
@@ -353,7 +339,7 @@ NSAPI_PUBLIC extern ACLDispatchVector_t *__nsacl_table;
 #define ACL_ListGetNameList (*__nsacl_table->f_ACL_ListGetNameList)
 #define ACL_NameListDestroy (*__nsacl_table->f_ACL_NameListDestroy)
 
-    /* ACL evaluation */
+/* ACL evaluation */
 
 #define ACL_EvalTestRights (*__nsacl_table->f_ACL_EvalTestRights)
 #define ACL_EvalNew (*__nsacl_table->f_ACL_EvalNew)
@@ -364,18 +350,18 @@ NSAPI_PUBLIC extern ACLDispatchVector_t *__nsacl_table;
 #define ACL_EvalGetResource (*__nsacl_table->f_ACL_EvalGetResource)
 #define ACL_EvalSetResource (*__nsacl_table->f_ACL_EvalSetResource)
 
-    /* Access to critical section for ACL cache */
+/* Access to critical section for ACL cache */
 
 #define ACL_CritEnter (*__nsacl_table->f_ACL_CritEnter)
 #define ACL_CritExit (*__nsacl_table->f_ACL_CritExit)
 
-    /* Miscellaneous functions */
+/* Miscellaneous functions */
 
 #define ACL_AclGetTag (*__nsacl_table->f_ACL_AclGetTag)
 #define ACL_ListGetFirst (*__nsacl_table->f_ACL_ListGetFirst)
 #define ACL_ListGetNext (*__nsacl_table->f_ACL_ListGetNext)
 
-    /* Functions added after ES 3.0 release */
+/* Functions added after ES 3.0 release */
 #define ACL_DatabaseGetDefault (*__nsacl_table->f_ACL_DatabaseGetDefault)
 #define ACL_SetDefaultResult (*__nsacl_table->f_ACL_SetDefaultResult)
 #define ACL_GetDefaultResult (*__nsacl_table->f_ACL_GetDefaultResult)

include/public/nsacl/acldef.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef PUBLIC_NSACL_ACLDEF_H
@@ -46,8 +46,8 @@ NSPR_BEGIN_EXTERN_C
 
 typedef unsigned long ACLCachable_t;
 
-#define ACL_NOT_CACHABLE        0
-#define ACL_INDEF_CACHABLE      ((unsigned long)(-1))
+#define ACL_NOT_CACHABLE 0
+#define ACL_INDEF_CACHABLE ((unsigned long)(-1))
 
 /*
  * Type:        ACLListHandle_t
@@ -60,7 +60,7 @@ typedef unsigned long ACLCachable_t;
 typedef struct ACLListHandle ACLListHandle_t;
 
 /* The object has been checked for ACLs and has none attached */
-#define	ACL_LIST_NO_ACLS	((ACLListHandle_t *)-1)
+#define ACL_LIST_NO_ACLS ((ACLListHandle_t *)-1)
 
 /*
  * Type:        ACLHandle_t
@@ -112,13 +112,13 @@ typedef struct ACLEvalHandle ACLEvalHandle_t;
  */
 typedef int PFlags_t;
 
-#define ACL_PFLAG_ABSOLUTE  	0x1
-#define ACL_PFLAG_TERMINAL  	0x2
-#define ACL_PFLAG_CONTENT  	0x4
+#define ACL_PFLAG_ABSOLUTE 0x1
+#define ACL_PFLAG_TERMINAL 0x2
+#define ACL_PFLAG_CONTENT 0x4
 
-#define IS_ABSOLUTE(x)		((x) & ACL_PFLAG_ABSOLUTE)
-#define IS_STATIC(x)		((x) & ACL_PFLAG_STATIC)
-#define IS_CONTENT(x)		((x) & ACL_PFLAG_CONTENT)
+#define IS_ABSOLUTE(x) ((x)&ACL_PFLAG_ABSOLUTE)
+#define IS_STATIC(x) ((x)&ACL_PFLAG_STATIC)
+#define IS_CONTENT(x) ((x)&ACL_PFLAG_CONTENT)
 
 /*
  * Type:        CmpOp_t
@@ -128,14 +128,14 @@ typedef int PFlags_t;
  *      This type represents a comparison operator in an ACL attribute
  *      expression.
  */
-typedef enum	{
-		CMP_OP_EQ,
-		CMP_OP_NE,
-		CMP_OP_GT,
-		CMP_OP_LT,
-		CMP_OP_GE,
-		CMP_OP_LE
-		} CmpOp_t;
+typedef enum {
+    CMP_OP_EQ,
+    CMP_OP_NE,
+    CMP_OP_GT,
+    CMP_OP_LT,
+    CMP_OP_GE,
+    CMP_OP_LE
+} CmpOp_t;
 
 /*
  * Type:        ACLExprType_t
@@ -144,12 +144,12 @@ typedef enum	{
  *
  *      This type represents the type of an ACL entry.
  */
-typedef enum 	{
-		ACL_EXPR_TYPE_ALLOW,
-		ACL_EXPR_TYPE_DENY,
-		ACL_EXPR_TYPE_AUTH,
-		ACL_EXPR_TYPE_RESPONSE
-		} ACLExprType_t;
+typedef enum {
+    ACL_EXPR_TYPE_ALLOW,
+    ACL_EXPR_TYPE_DENY,
+    ACL_EXPR_TYPE_AUTH,
+    ACL_EXPR_TYPE_RESPONSE
+} ACLExprType_t;
 
 /*
  * Type:        ACLEvalRes_t
@@ -158,13 +158,13 @@ typedef enum 	{
  *
  *      This type represents the result of ACL evaluation.
  */
-typedef enum	{
-		ACL_RES_ALLOW,
-		ACL_RES_DENY,
-		ACL_RES_FAIL,
-		ACL_RES_INVALID,
-		ACL_RES_NONE
-		} ACLEvalRes_t;
+typedef enum {
+    ACL_RES_ALLOW,
+    ACL_RES_DENY,
+    ACL_RES_FAIL,
+    ACL_RES_INVALID,
+    ACL_RES_NONE
+} ACLEvalRes_t;
 
 /*
  * Type:        ACLMethod_t
@@ -173,10 +173,10 @@ typedef enum	{
  *
  *      This type represents a reference to an authentication method.
  */
-typedef	void * ACLMethod_t;
+typedef void *ACLMethod_t;
 
-#define	ACL_METHOD_ANY		((ACLMethod_t)-1)
-#define	ACL_METHOD_INVALID	((ACLMethod_t)-2)
+#define ACL_METHOD_ANY ((ACLMethod_t)-1)
+#define ACL_METHOD_INVALID ((ACLMethod_t)-2)
 
 /*
  * Type:        ACLDbType_t
@@ -186,10 +186,10 @@ typedef	void * ACLMethod_t;
  *      This type represents a reference to a type of authentication
  *      database.
  */
-typedef	void * ACLDbType_t;
+typedef void *ACLDbType_t;
 
-#define	ACL_DBTYPE_ANY		((ACLDbType_t)-1)
-#define	ACL_DBTYPE_INVALID	((ACLDbType_t)-2)
+#define ACL_DBTYPE_ANY ((ACLDbType_t)-1)
+#define ACL_DBTYPE_INVALID ((ACLDbType_t)-2)
 
 /*
  * Type:        ACLAttrGetterFn_t
@@ -200,9 +200,7 @@ typedef	void * ACLDbType_t;
  *      a value for an ACL attribute and enters the attribute and value
  *      into the subject property list.
  */
-typedef int (*ACLAttrGetterFn_t)(NSErr_t *errp, PList_t subject,
-                                 PList_t resource, PList_t auth_info,
-                                 PList_t global_auth, void *arg);
+typedef int (*ACLAttrGetterFn_t)(NSErr_t *errp, PList_t subject, PList_t resource, PList_t auth_info, PList_t global_auth, void *arg);
 
 typedef struct ACLAttrGetter ACLAttrGetter_t;
 typedef void *ACLAttrGetterList_t;
@@ -214,8 +212,8 @@ typedef void *ACLAttrGetterList_t;
  *
  *      This type describes a kind of callback function that is
  *      specified to ACL_ModuleRegister() and called from there.
- *	The function should return 0 on success and non-zero on
- *	failure.
+ *    The function should return 0 on success and non-zero on
+ *    failure.
  */
 typedef int (*AclModuleInitFunc)(NSErr_t *errp);
 
@@ -228,12 +226,10 @@ typedef int (*AclModuleInitFunc)(NSErr_t *errp);
  *      a reference to an authentication database of a particular
  *      database type.  It is called when ACL_DatabaseRegister() is
  *      called for a database which is that database type.
- *	The function should return 0 on success and non-zero on
- *	failure.
+ *    The function should return 0 on success and non-zero on
+ *    failure.
  */
-typedef int (*DbParseFn_t)(NSErr_t *errp, ACLDbType_t dbtype,
-			   const char *name, const char *url,
-			   PList_t plist, void **db);
+typedef int (*DbParseFn_t)(NSErr_t *errp, ACLDbType_t dbtype, const char *name, const char *url, PList_t plist, void **db);
 
 /*
  * Type:        AclCacheFlushFunc_t
@@ -253,11 +249,7 @@ typedef int (*AclCacheFlushFunc_t)(void);
  *      This type describes a kind of callback function that is called
  *      to evaluate an attribute value expression in an ACL statement.
  */
-typedef int (*LASEvalFunc_t)(NSErr_t *errp, char *attr_name,
-                             CmpOp_t comparator, char *attr_pattern,
-                             ACLCachable_t *cachable, void **cookie,
-                             PList_t subject, PList_t resource,
-                             PList_t auth_info, PList_t global_auth);
+typedef int (*LASEvalFunc_t)(NSErr_t *errp, char *attr_name, CmpOp_t comparator, char *attr_pattern, ACLCachable_t *cachable, void **cookie, PList_t subject, PList_t resource, PList_t auth_info, PList_t global_auth);
 
 /*
  * Type:        LASFlushFunc_t
@@ -277,8 +269,8 @@ typedef void (*LASFlushFunc_t)(void **cookie);
  *
  *      This is an opaque type that represents an open LDAP connection.
  *      It is used mostly via the LDAP SDK API.
- *	Include the <ldap.h> file before including this file if you wish to
- *	use the function ACL_LDAPDatabaseHandle.
+ *    Include the <ldap.h> file before including this file if you wish to
+ *    use the function ACL_LDAPDatabaseHandle.
  */
 #ifndef _LDAP_H
 typedef struct ldap LDAP;
@@ -286,187 +278,187 @@ typedef struct ldap LDAP;
 
 
 /*  Flags to ACL_ListFind  */
-#define ACL_CASE_INSENSITIVE	 0x1
-#define ACL_CASE_SENSITIVE	 0x2
+#define ACL_CASE_INSENSITIVE 0x1
+#define ACL_CASE_SENSITIVE 0x2
 
-#define	ACL_MAX_TEST_RIGHTS	32
-#define	ACL_MAX_GENERIC		32
+#define ACL_MAX_TEST_RIGHTS 32
+#define ACL_MAX_GENERIC 32
 
 /*
  * ACLERRFAIL -- Use this as an 'retcode' argument to nserrGenerate.
  */
-#define ACLERRFAIL	-11
+#define ACLERRFAIL -11
 
 
 /*
- *	Command values for the "position" argument to ACL_RegisterGetter
- *	Any positive >0 value is the specific position in the list to insert
- *	the new function.
+ *    Command values for the "position" argument to ACL_RegisterGetter
+ *    Any positive >0 value is the specific position in the list to insert
+ *    the new function.
  */
-#define	ACL_AT_FRONT		0
-#define	ACL_AT_END		-1
-#define	ACL_REPLACE_ALL 	-2
-#define	ACL_REPLACE_MATCHING	-3
+#define ACL_AT_FRONT 0
+#define ACL_AT_END -1
+#define ACL_REPLACE_ALL -2
+#define ACL_REPLACE_MATCHING -3
 
-#define ACL_ATTR_GROUP          "group"
-#define ACL_ATTR_GROUP_INDEX		1
+#define ACL_ATTR_GROUP "group"
+#define ACL_ATTR_GROUP_INDEX 1
 #define ACL_ATTR_RAW_USER_LOGIN "user-login"
-#define ACL_ATTR_RAW_USER_LOGIN_INDEX	2
-#define ACL_ATTR_AUTH_USER	"auth-user"
-#define ACL_ATTR_AUTH_USER_INDEX	3
-#define ACL_ATTR_AUTH_TYPE	"auth-type"
-#define ACL_ATTR_AUTH_TYPE_INDEX	4
-#define ACL_ATTR_AUTH_DB	"auth-db"
-#define ACL_ATTR_AUTH_DB_INDEX		5
-#define ACL_ATTR_AUTH_PASSWORD  "auth-password"
-#define ACL_ATTR_AUTH_PASSWORD_INDEX	6
-#define ACL_ATTR_USER	        "user"
-#define ACL_ATTR_USER_INDEX		7
-#define ACL_ATTR_PASSWORD	"pw"
-#define ACL_ATTR_PASSWORD_INDEX		8
-#define ACL_ATTR_USERDN	        "userdn"
-#define ACL_ATTR_USERDN_INDEX		9
-#define ACL_ATTR_RAW_USER	"raw-user"
-#define ACL_ATTR_RAW_USER_INDEX		10
-#define ACL_ATTR_RAW_PASSWORD   "raw-pw"
-#define ACL_ATTR_RAW_PASSWORD_INDEX	11
-#define ACL_ATTR_USER_ISMEMBER  "user-ismember"
-#define ACL_ATTR_USER_ISMEMBER_INDEX	12
-#define ACL_ATTR_DATABASE	"database"
-#define ACL_ATTR_DATABASE_INDEX		13
-#define ACL_ATTR_DBTYPE	        "dbtype"
-#define ACL_ATTR_DBTYPE_INDEX		14
-#define ACL_ATTR_DBNAME	        "dbname"
-#define ACL_ATTR_DBNAME_INDEX		15
-#define ACL_ATTR_DATABASE_URL   "url"
-#define ACL_ATTR_DATABASE_URL_INDEX	16
-#define ACL_ATTR_METHOD	        "method"
-#define ACL_ATTR_METHOD_INDEX		17
-#define ACL_ATTR_AUTHTYPE	"authtype"
-#define ACL_ATTR_AUTHTYPE_INDEX		18
-#define ACL_ATTR_AUTHORIZATION  "authorization"
-#define ACL_ATTR_AUTHORIZATION_INDEX	19
-#define ACL_ATTR_PARSEFN	"parsefn"
-#define ACL_ATTR_PARSEFN_INDEX		20
-#define ACL_ATTR_ATTRIBUTE	"attr"
-#define ACL_ATTR_ATTRIBUTE_INDEX	21
-#define ACL_ATTR_GETTERFN	"getterfunc"
-#define ACL_ATTR_GETTERFN_INDEX		22
-#define ACL_ATTR_IP		"ip"
-#define ACL_ATTR_IP_INDEX		23
-#define ACL_ATTR_DNS	        "dns"
-#define ACL_ATTR_DNS_INDEX		24
-#define ACL_ATTR_MODULE	        "module"
-#define ACL_ATTR_MODULE_INDEX		25
-#define ACL_ATTR_MODULEFUNC	"func"
-#define ACL_ATTR_MODULEFUNC_INDEX	26
-#define ACL_ATTR_GROUPS	        "groups"
-#define ACL_ATTR_GROUPS_INDEX		27
+#define ACL_ATTR_RAW_USER_LOGIN_INDEX 2
+#define ACL_ATTR_AUTH_USER "auth-user"
+#define ACL_ATTR_AUTH_USER_INDEX 3
+#define ACL_ATTR_AUTH_TYPE "auth-type"
+#define ACL_ATTR_AUTH_TYPE_INDEX 4
+#define ACL_ATTR_AUTH_DB "auth-db"
+#define ACL_ATTR_AUTH_DB_INDEX 5
+#define ACL_ATTR_AUTH_PASSWORD "auth-password"
+#define ACL_ATTR_AUTH_PASSWORD_INDEX 6
+#define ACL_ATTR_USER "user"
+#define ACL_ATTR_USER_INDEX 7
+#define ACL_ATTR_PASSWORD "pw"
+#define ACL_ATTR_PASSWORD_INDEX 8
+#define ACL_ATTR_USERDN "userdn"
+#define ACL_ATTR_USERDN_INDEX 9
+#define ACL_ATTR_RAW_USER "raw-user"
+#define ACL_ATTR_RAW_USER_INDEX 10
+#define ACL_ATTR_RAW_PASSWORD "raw-pw"
+#define ACL_ATTR_RAW_PASSWORD_INDEX 11
+#define ACL_ATTR_USER_ISMEMBER "user-ismember"
+#define ACL_ATTR_USER_ISMEMBER_INDEX 12
+#define ACL_ATTR_DATABASE "database"
+#define ACL_ATTR_DATABASE_INDEX 13
+#define ACL_ATTR_DBTYPE "dbtype"
+#define ACL_ATTR_DBTYPE_INDEX 14
+#define ACL_ATTR_DBNAME "dbname"
+#define ACL_ATTR_DBNAME_INDEX 15
+#define ACL_ATTR_DATABASE_URL "url"
+#define ACL_ATTR_DATABASE_URL_INDEX 16
+#define ACL_ATTR_METHOD "method"
+#define ACL_ATTR_METHOD_INDEX 17
+#define ACL_ATTR_AUTHTYPE "authtype"
+#define ACL_ATTR_AUTHTYPE_INDEX 18
+#define ACL_ATTR_AUTHORIZATION "authorization"
+#define ACL_ATTR_AUTHORIZATION_INDEX 19
+#define ACL_ATTR_PARSEFN "parsefn"
+#define ACL_ATTR_PARSEFN_INDEX 20
+#define ACL_ATTR_ATTRIBUTE "attr"
+#define ACL_ATTR_ATTRIBUTE_INDEX 21
+#define ACL_ATTR_GETTERFN "getterfunc"
+#define ACL_ATTR_GETTERFN_INDEX 22
+#define ACL_ATTR_IP "ip"
+#define ACL_ATTR_IP_INDEX 23
+#define ACL_ATTR_DNS "dns"
+#define ACL_ATTR_DNS_INDEX 24
+#define ACL_ATTR_MODULE "module"
+#define ACL_ATTR_MODULE_INDEX 25
+#define ACL_ATTR_MODULEFUNC "func"
+#define ACL_ATTR_MODULEFUNC_INDEX 26
+#define ACL_ATTR_GROUPS "groups"
+#define ACL_ATTR_GROUPS_INDEX 27
 #define ACL_ATTR_IS_VALID_PASSWORD "isvalid-password"
-#define ACL_ATTR_IS_VALID_PASSWORD_INDEX	28
-#define ACL_ATTR_CERT2USER	"cert2user"
-#define ACL_ATTR_CERT2USER_INDEX	29
-#define ACL_ATTR_USER_CERT	"cert"
-#define ACL_ATTR_USER_CERT_INDEX	30
-#define ACL_ATTR_PROMPT	        "prompt"
-#define ACL_ATTR_PROMPT_INDEX		31
-#define ACL_ATTR_TIME	        "time"
-#define ACL_ATTR_TIME_INDEX		32
-#define ACL_ATTR_USERS_GROUP    "users-group"
-#define ACL_ATTR_USERS_GROUP_INDEX	33
-#define	ACL_ATTR_SESSION		"session"       /* subject property */
-#define ACL_ATTR_SESSION_INDEX		34
-#define	ACL_ATTR_REQUEST		"request"       /* resource property */
-#define ACL_ATTR_REQUEST_INDEX		35
-#define ACL_ATTR_ERROR		"error"
-#define	ACL_ATTR_ERROR_INDEX		36
-#define ACL_ATTR_PROGRAMS		"programs"      /* resource property */
-#define	ACL_ATTR_PROGRAMS_INDEX		37
-#define ACL_ATTR_ACCEL_AUTH		"accel-authorization"
-#define ACL_ATTR_ACCEL_AUTH_INDEX	38
-#define ACL_ATTR_WWW_AUTH_PROMPT	"www-auth-prompt"
-#define ACL_ATTR_WWW_AUTH_PROMPT_INDEX	39
-#define ACL_ATTR_OWNER			"owner"
-#define ACL_ATTR_OWNER_INDEX		40
-#define ACL_ATTR_IS_OWNER		"is-owner"
-#define ACL_ATTR_IS_OWNER_INDEX		41
-#define ACL_ATTR_CACHED_USER		"cached-user"
-#define ACL_ATTR_CACHED_USER_INDEX	42
-#define ACL_ATTR_USER_EXISTS		"user-exists"
-#define ACL_ATTR_USER_EXISTS_INDEX	43
-
-/*	Must be 1 larger than the highest index used	*/
-#define	ACL_ATTR_INDEX_MAX		44
-
-#ifdef	ALLOCATE_ATTR_TABLE
+#define ACL_ATTR_IS_VALID_PASSWORD_INDEX 28
+#define ACL_ATTR_CERT2USER "cert2user"
+#define ACL_ATTR_CERT2USER_INDEX 29
+#define ACL_ATTR_USER_CERT "cert"
+#define ACL_ATTR_USER_CERT_INDEX 30
+#define ACL_ATTR_PROMPT "prompt"
+#define ACL_ATTR_PROMPT_INDEX 31
+#define ACL_ATTR_TIME "time"
+#define ACL_ATTR_TIME_INDEX 32
+#define ACL_ATTR_USERS_GROUP "users-group"
+#define ACL_ATTR_USERS_GROUP_INDEX 33
+#define ACL_ATTR_SESSION "session" /* subject property */
+#define ACL_ATTR_SESSION_INDEX 34
+#define ACL_ATTR_REQUEST "request" /* resource property */
+#define ACL_ATTR_REQUEST_INDEX 35
+#define ACL_ATTR_ERROR "error"
+#define ACL_ATTR_ERROR_INDEX 36
+#define ACL_ATTR_PROGRAMS "programs" /* resource property */
+#define ACL_ATTR_PROGRAMS_INDEX 37
+#define ACL_ATTR_ACCEL_AUTH "accel-authorization"
+#define ACL_ATTR_ACCEL_AUTH_INDEX 38
+#define ACL_ATTR_WWW_AUTH_PROMPT "www-auth-prompt"
+#define ACL_ATTR_WWW_AUTH_PROMPT_INDEX 39
+#define ACL_ATTR_OWNER "owner"
+#define ACL_ATTR_OWNER_INDEX 40
+#define ACL_ATTR_IS_OWNER "is-owner"
+#define ACL_ATTR_IS_OWNER_INDEX 41
+#define ACL_ATTR_CACHED_USER "cached-user"
+#define ACL_ATTR_CACHED_USER_INDEX 42
+#define ACL_ATTR_USER_EXISTS "user-exists"
+#define ACL_ATTR_USER_EXISTS_INDEX 43
+
+/*    Must be 1 larger than the highest index used    */
+#define ACL_ATTR_INDEX_MAX 44
+
+#ifdef ALLOCATE_ATTR_TABLE
 /* Must be in the same order as the index numbers */
-const char	*ACLAttrTable[] = {
-		 NULL,				/*  0 */
-/* Don't have one numbered 0 */
-		 ACL_ATTR_GROUP,		/*  1 */
-		 ACL_ATTR_RAW_USER_LOGIN,	/*  2 */
-		 ACL_ATTR_AUTH_USER,		/*  3 */
-		 ACL_ATTR_AUTH_TYPE,		/*  4 */
-		 ACL_ATTR_AUTH_DB,		/*  5 */
-		 ACL_ATTR_AUTH_PASSWORD,	/*  6 */
-		 ACL_ATTR_USER,			/*  7 */
-		 ACL_ATTR_PASSWORD,		/*  8 */
-		 ACL_ATTR_USERDN,		/*  9 */
-		 ACL_ATTR_RAW_USER,		/* 10 */
-		 ACL_ATTR_RAW_PASSWORD,		/* 11 */
-		 ACL_ATTR_USER_ISMEMBER,	/* 12 */
-		 ACL_ATTR_DATABASE,		/* 13 */
-		 ACL_ATTR_DBTYPE,		/* 14 */
-		 ACL_ATTR_DBNAME,		/* 15 */
-		 ACL_ATTR_DATABASE_URL,		/* 16 */
-		 ACL_ATTR_METHOD,		/* 17 */
-		 ACL_ATTR_AUTHTYPE,		/* 18 */
-		 ACL_ATTR_AUTHORIZATION,	/* 19 */
-		 ACL_ATTR_PARSEFN,		/* 20 */
-		 ACL_ATTR_ATTRIBUTE,		/* 21 */
-		 ACL_ATTR_GETTERFN,		/* 22 */
-		 ACL_ATTR_IP,			/* 23 */
-		 ACL_ATTR_DNS,			/* 24 */
-		 ACL_ATTR_MODULE,		/* 25 */
-		 ACL_ATTR_MODULEFUNC,		/* 26 */
-		 ACL_ATTR_GROUPS,		/* 27 */
-		 ACL_ATTR_IS_VALID_PASSWORD,	/* 28 */
-		 ACL_ATTR_CERT2USER,		/* 29 */
-		 ACL_ATTR_USER_CERT,		/* 30 */
-		 ACL_ATTR_PROMPT,		/* 31 */
-		 ACL_ATTR_TIME,			/* 32 */
-		 ACL_ATTR_USERS_GROUP,		/* 33 */
-		 ACL_ATTR_SESSION,		/* 34 */
-		 ACL_ATTR_REQUEST,		/* 35 */
-		 ACL_ATTR_ERROR,		/* 36 */
-		 ACL_ATTR_PROGRAMS,		/* 37 */
-		 ACL_ATTR_ACCEL_AUTH,		/* 38 */
-		 ACL_ATTR_WWW_AUTH_PROMPT,	/* 39 */
-		 ACL_ATTR_OWNER,		/* 40 */
-		 ACL_ATTR_IS_OWNER,		/* 41 */
-		 ACL_ATTR_CACHED_USER,		/* 42 */
-		 ACL_ATTR_USER_EXISTS		/* 43 */
+const char *ACLAttrTable[] = {
+    NULL,                       /*  0 */
+                                /* Don't have one numbered 0 */
+    ACL_ATTR_GROUP,             /*  1 */
+    ACL_ATTR_RAW_USER_LOGIN,    /*  2 */
+    ACL_ATTR_AUTH_USER,         /*  3 */
+    ACL_ATTR_AUTH_TYPE,         /*  4 */
+    ACL_ATTR_AUTH_DB,           /*  5 */
+    ACL_ATTR_AUTH_PASSWORD,     /*  6 */
+    ACL_ATTR_USER,              /*  7 */
+    ACL_ATTR_PASSWORD,          /*  8 */
+    ACL_ATTR_USERDN,            /*  9 */
+    ACL_ATTR_RAW_USER,          /* 10 */
+    ACL_ATTR_RAW_PASSWORD,      /* 11 */
+    ACL_ATTR_USER_ISMEMBER,     /* 12 */
+    ACL_ATTR_DATABASE,          /* 13 */
+    ACL_ATTR_DBTYPE,            /* 14 */
+    ACL_ATTR_DBNAME,            /* 15 */
+    ACL_ATTR_DATABASE_URL,      /* 16 */
+    ACL_ATTR_METHOD,            /* 17 */
+    ACL_ATTR_AUTHTYPE,          /* 18 */
+    ACL_ATTR_AUTHORIZATION,     /* 19 */
+    ACL_ATTR_PARSEFN,           /* 20 */
+    ACL_ATTR_ATTRIBUTE,         /* 21 */
+    ACL_ATTR_GETTERFN,          /* 22 */
+    ACL_ATTR_IP,                /* 23 */
+    ACL_ATTR_DNS,               /* 24 */
+    ACL_ATTR_MODULE,            /* 25 */
+    ACL_ATTR_MODULEFUNC,        /* 26 */
+    ACL_ATTR_GROUPS,            /* 27 */
+    ACL_ATTR_IS_VALID_PASSWORD, /* 28 */
+    ACL_ATTR_CERT2USER,         /* 29 */
+    ACL_ATTR_USER_CERT,         /* 30 */
+    ACL_ATTR_PROMPT,            /* 31 */
+    ACL_ATTR_TIME,              /* 32 */
+    ACL_ATTR_USERS_GROUP,       /* 33 */
+    ACL_ATTR_SESSION,           /* 34 */
+    ACL_ATTR_REQUEST,           /* 35 */
+    ACL_ATTR_ERROR,             /* 36 */
+    ACL_ATTR_PROGRAMS,          /* 37 */
+    ACL_ATTR_ACCEL_AUTH,        /* 38 */
+    ACL_ATTR_WWW_AUTH_PROMPT,   /* 39 */
+    ACL_ATTR_OWNER,             /* 40 */
+    ACL_ATTR_IS_OWNER,          /* 41 */
+    ACL_ATTR_CACHED_USER,       /* 42 */
+    ACL_ATTR_USER_EXISTS        /* 43 */
 };
 #endif
 
 
-#define ACL_DBTYPE_LDAP         "ldap"
+#define ACL_DBTYPE_LDAP "ldap"
 
-#define METHOD_DEFAULT          "default"
+#define METHOD_DEFAULT "default"
 
 /*  Errors must be < 0 */
-#define ACL_RES_ERROR      	-1
+#define ACL_RES_ERROR -1
 
 /* LAS return codes - Must all be negative numbers */
-#define	LAS_EVAL_TRUE		-1
-#define	LAS_EVAL_FALSE		-2
-#define	LAS_EVAL_DECLINE	-3
-#define	LAS_EVAL_FAIL		-4
-#define	LAS_EVAL_INVALID	-5
-#define	LAS_EVAL_NEED_MORE_INFO	-6
+#define LAS_EVAL_TRUE -1
+#define LAS_EVAL_FALSE -2
+#define LAS_EVAL_DECLINE -3
+#define LAS_EVAL_FAIL -4
+#define LAS_EVAL_INVALID -5
+#define LAS_EVAL_NEED_MORE_INFO -6
 
 /* Max pathlength.  Intended to match REQ_MAX_LEN */
-#define ACL_PATH_MAX	4096
+#define ACL_PATH_MAX 4096
 
 NSPR_END_EXTERN_C
 

include/public/nsacl/nserrdef.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef PUBLIC_NSACL_NSERRDEF_H
@@ -19,82 +19,87 @@
  *
  * Description:
  *
- *	This type describes the structure of an error frame.  An error
- *	frame contains the following items:
+ *    This type describes the structure of an error frame.  An error
+ *    frame contains the following items:
  *
- *	ef_retcode	- This is a copy of the traditional error code,
- *			  as might be returned as a function value to
- *			  indicate an error.  The purpose of the error
- *			  code is to provide the caller of a function
- *			  with sufficient information to determine how
- *			  to process the error.  That is, it does not
- *			  need to identify a specific error, but only
- *			  has to distinguish between classes of errors
- *			  as needed by the caller to respond differently.
- *			  Usually this should be a small number of values.
+ *    ef_retcode    - This is a copy of the traditional error code,
+ *              as might be returned as a function value to
+ *              indicate an error.  The purpose of the error
+ *              code is to provide the caller of a function
+ *              with sufficient information to determine how
+ *              to process the error.  That is, it does not
+ *              need to identify a specific error, but only
+ *              has to distinguish between classes of errors
+ *              as needed by the caller to respond differently.
+ *              Usually this should be a small number of values.
  *
- *	ef_errorid	- This is an integer identifier which uniquely
- *			  identifies errors in a module or library.
- *			  That is, there should be only one place in
- *			  the source code of the module or library which
- *			  generates a particular error id.  The error id
- *			  is used to select an error message in an error
- *			  message file.
+ *    ef_errorid    - This is an integer identifier which uniquely
+ *              identifies errors in a module or library.
+ *              That is, there should be only one place in
+ *              the source code of the module or library which
+ *              generates a particular error id.  The error id
+ *              is used to select an error message in an error
+ *              message file.
  *
- *	ef_program	- This is a pointer to a string which identifies
- *			  the module or library context of ef_errorid.
- *			  The string is used to construct the name of
- *			  the message file in which an error message for
- *			  ef_errorid can be found.
+ *    ef_program    - This is a pointer to a string which identifies
+ *              the module or library context of ef_errorid.
+ *              The string is used to construct the name of
+ *              the message file in which an error message for
+ *              ef_errorid can be found.
  *
- *	ef_errc		- This is the number of values stored in ef_errc[]
- *			  for the current error id.
+ *    ef_errc        - This is the number of values stored in ef_errc[]
+ *              for the current error id.
  *
- *	ef_errv		- This is an array of strings which are relevant
- *			  to a particular error id.  These strings can
- *			  be included in an error message retrieved from
- *			  a message file.  The strings in a message file
- *			  can contain "%s" sprintf() format codes.  The
- *			  ef_errv[] strings are passed to sprintf() along
- *			  with the error message string.
+ *    ef_errv        - This is an array of strings which are relevant
+ *              to a particular error id.  These strings can
+ *              be included in an error message retrieved from
+ *              a message file.  The strings in a message file
+ *              can contain "%s" sprintf() format codes.  The
+ *              ef_errv[] strings are passed to sprintf() along
+ *              with the error message string.
  */
 
-#define NSERRMAXARG	8	/* size of ef_errv[] */
+#define NSERRMAXARG 8 /* size of ef_errv[] */
 
 typedef struct NSEFrame_s NSEFrame_t;
-struct NSEFrame_s {
-    NSEFrame_t * ef_next;	/* next error frame on NSErr_t list */
-    long ef_retcode;		/* error return code */
-    long ef_errorid;		/* error unique identifier */
-    const char * ef_program;	/* context for ef_errorid */
-    int ef_errc;		/* number of strings in ef_errv[] */
-    char * ef_errv[NSERRMAXARG];/* arguments for formatting error message */
+struct NSEFrame_s
+{
+    NSEFrame_t *ef_next;        /* next error frame on NSErr_t list */
+    long ef_retcode;            /* error return code */
+    long ef_errorid;            /* error unique identifier */
+    const char *ef_program;     /* context for ef_errorid */
+    int ef_errc;                /* number of strings in ef_errv[] */
+    char *ef_errv[NSERRMAXARG]; /* arguments for formatting error message */
 };
 
 /*
  * Description (NSErr_t)
  *
- *	This type describes the structure of a header for a list of
- *	error frames.  The header contains a pointer to the first
- *	and last error frames on the list.  The first error frame
- *	is normally the one most recently generated, which usually
- *	represents the highest-level interpretation available for an
- *	error that is propogating upward in a call chain.  These
- *	structures are generally allocated as automatic or static
- *	variables.
+ *    This type describes the structure of a header for a list of
+ *    error frames.  The header contains a pointer to the first
+ *    and last error frames on the list.  The first error frame
+ *    is normally the one most recently generated, which usually
+ *    represents the highest-level interpretation available for an
+ *    error that is propogating upward in a call chain.  These
+ *    structures are generally allocated as automatic or static
+ *    variables.
  */
 
 typedef struct NSErr_s NSErr_t;
-struct NSErr_s {
-    NSEFrame_t * err_first;			/* first error frame */
-    NSEFrame_t * err_last;			/* last error frame */
-    NSEFrame_t *(*err_falloc)(NSErr_t * errp);	/* error frame allocator */
-    void (*err_ffree)(NSErr_t * errp,
-		      NSEFrame_t * efp);	/* error frame deallocator */
+struct NSErr_s
+{
+    NSEFrame_t *err_first;                    /* first error frame */
+    NSEFrame_t *err_last;                     /* last error frame */
+    NSEFrame_t *(*err_falloc)(NSErr_t *errp); /* error frame allocator */
+    void (*err_ffree)(NSErr_t *errp,
+                      NSEFrame_t *efp); /* error frame deallocator */
 };
 
 /* Define an initializer for an NSErr_t */
-#define NSERRINIT	{ 0, 0, 0, 0 }
+#define NSERRINIT  \
+    {              \
+        0, 0, 0, 0 \
+    }
 
 #ifndef INTNSACL
 

include/public/nsacl/plistdef.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef PUBLIC_NSACL_PLISTDEF_H
@@ -31,21 +31,21 @@ typedef struct PListStruct_s *PList_t;
 
 /* Define error codes returned from property list routines */
 
-#define ERRPLINVPI      -1      /* invalid property index */
-#define ERRPLEXIST      -2      /* property already exists */
-#define ERRPLFULL       -3      /* property list is full */
-#define ERRPLNOMEM      -4      /* insufficient dynamic memory */
-#define ERRPLUNDEF      -5      /* undefined property name */
+#define ERRPLINVPI -1 /* invalid property index */
+#define ERRPLEXIST -2 /* property already exists */
+#define ERRPLFULL -3  /* property list is full */
+#define ERRPLNOMEM -4 /* insufficient dynamic memory */
+#define ERRPLUNDEF -5 /* undefined property name */
 
-#define PLFLG_OLD_MPOOL	0	/* use the plist memory pool */
-#define PLFLG_NEW_MPOOL	1	/* use the input memory pool */
-#define PLFLG_IGN_RES	2	/* ignore the reserved properties */
-#define PLFLG_USE_RES	3	/* use the reserved properties */
+#define PLFLG_OLD_MPOOL 0 /* use the plist memory pool */
+#define PLFLG_NEW_MPOOL 1 /* use the input memory pool */
+#define PLFLG_IGN_RES 2   /* ignore the reserved properties */
+#define PLFLG_USE_RES 3   /* use the reserved properties */
 
 #ifdef __cplusplus
-typedef void (PListFunc_t)(char*, const void*, void*);
+typedef void(PListFunc_t)(char *, const void *, void *);
 #else
-typedef void (PListFunc_t)(void);
+typedef void(PListFunc_t)(void);
 #endif
 
 #ifndef INTNSACL

include/public/nsapi.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef PUBLIC_NSAPI_H
@@ -45,13 +45,13 @@
 /* A warning is a minor mishap, such as a 404 being issued. */
 #define LOG_WARN 0
 
-/* 
+/*
  * A misconfig is when there is a syntax error or permission violation in
  * a config. file.
  */
 #define LOG_MISCONFIG 1
 
-/* 
+/*
  * Security warnings are issued when authentication fails, or a host is
  * given a 403 return code.
  */
@@ -59,14 +59,14 @@
 
 /*
  * A failure is when a request could not be fulfilled due to an internal
- * problem, such as a CGI script exiting prematurely, or a filesystem 
+ * problem, such as a CGI script exiting prematurely, or a filesystem
  * permissions problem.
  */
 #define LOG_FAILURE 3
 
 /*
  * A catastrophe is a fatal server error such as running out of
- * memory or processes, or a system call failing, or even a server crash. 
+ * memory or processes, or a system call failing, or even a server crash.
  * The server child cannot recover from a catastrophe.
  */
 #define LOG_CATASTROPHE 4
@@ -106,28 +106,28 @@
 
 
 /* WILDPAT uses shell expressions */
-#define WILDPAT_VALID(exp)              shexp_valid(exp)
-#define WILDPAT_MATCH(str, exp)         shexp_match(str, exp)
-#define WILDPAT_CMP(str, exp)           shexp_cmp(str, exp)
-#define WILDPAT_CASECMP(str, exp)       shexp_casecmp(str, exp)
-#define WILDPAT_USES_SHEXP              1
+#define WILDPAT_VALID(exp) shexp_valid(exp)
+#define WILDPAT_MATCH(str, exp) shexp_match(str, exp)
+#define WILDPAT_CMP(str, exp) shexp_cmp(str, exp)
+#define WILDPAT_CASECMP(str, exp) shexp_casecmp(str, exp)
+#define WILDPAT_USES_SHEXP 1
 
 /* Define return codes from WILDPAT_VALID */
-#define NON_WILDPAT     -1              /* exp is ordinary string */
-#define INVALID_WILDPAT -2              /* exp is an invalid pattern */
-#define VALID_WILDPAT   1               /* exp is a valid pattern */
+#define NON_WILDPAT -1     /* exp is ordinary string */
+#define INVALID_WILDPAT -2 /* exp is an invalid pattern */
+#define VALID_WILDPAT 1    /* exp is a valid pattern */
 
 /* Define return codes from regexp_valid and shexp_valid */
-#define NON_SXP         NON_WILDPAT     /* exp is an ordinary string */
-#define INVALID_SXP     INVALID_WILDPAT /* exp is an invalid shell exp */
-#define VALID_SXP       VALID_WILDPAT   /* exp is a valid shell exp */
+#define NON_SXP NON_WILDPAT         /* exp is an ordinary string */
+#define INVALID_SXP INVALID_WILDPAT /* exp is an invalid shell exp */
+#define VALID_SXP VALID_WILDPAT     /* exp is a valid shell exp */
 
 #define SYSTHREAD_DEFAULT_PRIORITY 16
 
 /* --- Begin native platform includes --- */
 
 #if defined(FILE_UNIX) || defined(FILE_UNIX_MMAP)
-#include <sys/types.h>                  /* caddr_t */
+#include <sys/types.h> /* caddr_t */
 #include <sys/file.h>
 #include <fcntl.h>
 #include <unistd.h>
@@ -136,12 +136,12 @@
 #if !defined(SUNOS4) && !defined(HPUX) && !defined(LINUX)
 #include <sys/select.h>
 #endif
-#include <sys/time.h>    /* struct timeval */
+#include <sys/time.h> /* struct timeval */
 #include <sys/socket.h>
 #include <netinet/in.h> /* sockaddr and in_addr */
 #include <sys/uio.h>
 #include <sys/stat.h>
-#include <ctype.h>  /* isspace */
+#include <ctype.h> /* isspace */
 #include <stdio.h>
 #include <stdarg.h>
 #include <stdlib.h>
@@ -149,7 +149,7 @@
 #include <errno.h>
 #include <time.h>
 #include <dirent.h>
-#include <pwd.h>                /* struct passwd */
+#include <pwd.h> /* struct passwd */
 
 #ifndef BIG_LINE
 #define BIG_LINE 1024
@@ -167,22 +167,25 @@ typedef void *SYS_FILE;
 
 #define SYS_ERROR_FD ((SYS_FILE)-1)
 
-typedef void* CONDVAR;
+typedef void *CONDVAR;
 typedef void *COUNTING_SEMAPHORE;
-typedef void* CRITICAL;
-typedef DIR* SYS_DIR;
+typedef void *CRITICAL;
+typedef DIR *SYS_DIR;
 typedef struct dirent SYS_DIRENT;
 
-typedef struct {
-    char *name,*value;
+typedef struct
+{
+    char *name, *value;
 } pb_param;
 
-struct pb_entry {
+struct pb_entry
+{
     pb_param *param;
     struct pb_entry *next;
 };
 
-typedef struct {
+typedef struct
+{
     int hsize;
     struct pb_entry **ht;
 } pblock;
@@ -196,7 +199,7 @@ typedef struct PListStruct_s PListStruct_s;
 typedef struct ACLListHandle ACLListHandle;
 
 /* Define a handle for a thread */
-typedef void* SYS_THREAD;
+typedef void *SYS_THREAD;
 
 /* Define an error value for the thread handle */
 #define SYS_THREAD_ERROR NULL
@@ -204,8 +207,8 @@ typedef void* SYS_THREAD;
 /*
  * Hierarchy of httpd_object
  *
- * An object contains dtables. 
- * 
+ * An object contains dtables.
+ *
  * Each dtable is a table of directives that were entered of a certain type.
  * There is one dtable for each unique type of directive.
  *
@@ -225,7 +228,8 @@ typedef void* SYS_THREAD;
  * param is the parameters, client is the protection.
  */
 
-typedef struct {
+typedef struct
+{
     pblock *param;
     pblock *client;
 } directive;
@@ -246,7 +250,7 @@ typedef struct {
 #define dir_create(path) mkdir(path, 0755)
 #define dir_remove rmdir
 #define system_chdir chdir
-#define file_unix2local(path,p2) strcpy(p2,path)
+#define file_unix2local(path, p2) strcpy(p2, path)
 
 /*
  * Thread-safe variant of localtime

ldap/include/avl.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 /* avl.h - avl tree definitions */
@@ -32,11 +32,12 @@
  * this structure represents a generic avl tree node.
  */
 
-typedef struct avlnode {
-	caddr_t		avl_data;
-	signed char	avl_bf;
-	struct avlnode	*avl_left;
-	struct avlnode	*avl_right;
+typedef struct avlnode
+{
+    caddr_t avl_data;
+    signed char avl_bf;
+    struct avlnode *avl_left;
+    struct avlnode *avl_right;
 } Avlnode;
 
 #if defined(__GNUC__) && (((__GNUC__ == 4) && (__GNUC_MINOR__ >= 4)) || (__GNUC__ > 4))
@@ -53,32 +54,32 @@ typedef int (*IFP)(); /* takes undefined arguments */
 #pragma GCC diagnostic pop
 #endif
 
-#define NULLAVL	((Avlnode *) NULL)
+#define NULLAVL ((Avlnode *)NULL)
 
 /* balance factor values */
-#define LH 	-1
-#define EH 	0
-#define RH 	1
+#define LH -1
+#define EH 0
+#define RH 1
 
 /* avl routines */
-#define avl_getone(x)	(x == 0 ? 0 : (x)->avl_data)
-#define avl_onenode(x)	(x == 0 || ((x)->avl_left == 0 && (x)->avl_right == 0))
+#define avl_getone(x) (x == 0 ? 0 : (x)->avl_data)
+#define avl_onenode(x) (x == 0 || ((x)->avl_left == 0 && (x)->avl_right == 0))
 extern int avl_insert(Avlnode **root, void *data, IFP fcmp, IFP fdup);
-extern caddr_t avl_delete(Avlnode **root, void *data, IFP fcmp );
-extern caddr_t avl_find(Avlnode *root, void *data, IFP fcmp );
-extern caddr_t avl_getfirst(Avlnode *root );
+extern caddr_t avl_delete(Avlnode **root, void *data, IFP fcmp);
+extern caddr_t avl_find(Avlnode *root, void *data, IFP fcmp);
+extern caddr_t avl_getfirst(Avlnode *root);
 extern caddr_t avl_getnext(void);
 extern int avl_dup_error(void);
 extern int avl_apply(Avlnode *root, IFP fn, void *arg, int stopflag, int type);
 extern int avl_free(Avlnode *root, IFP dfree);
 
 /* apply traversal types */
-#define AVL_PREORDER	1
-#define AVL_INORDER	2
-#define AVL_POSTORDER	3
+#define AVL_PREORDER 1
+#define AVL_INORDER 2
+#define AVL_POSTORDER 3
 /* what apply returns if it ran out of nodes */
-#define AVL_NOMORE	-6
+#define AVL_NOMORE -6
 
-caddr_t avl_find_lin( Avlnode *root, caddr_t data, IFP fcmp );
+caddr_t avl_find_lin(Avlnode *root, caddr_t data, IFP fcmp);
 
 #endif /* _AVL */

ldap/include/dblayer.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 

ldap/include/disptmpl.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 /*
@@ -41,55 +41,55 @@ extern "C" {
 #define LDAP_CALL
 #endif /* LDAP_CALL */
 
-#define LDAP_TEMPLATE_VERSION	1
+#define LDAP_TEMPLATE_VERSION 1
 
 /*
  * general types of items (confined to most significant byte)
  */
-#define LDAP_SYN_TYPE_TEXT		0x01000000L
-#define LDAP_SYN_TYPE_IMAGE		0x02000000L
-#define LDAP_SYN_TYPE_BOOLEAN		0x04000000L
-#define LDAP_SYN_TYPE_BUTTON		0x08000000L
-#define LDAP_SYN_TYPE_ACTION		0x10000000L
+#define LDAP_SYN_TYPE_TEXT 0x01000000L
+#define LDAP_SYN_TYPE_IMAGE 0x02000000L
+#define LDAP_SYN_TYPE_BOOLEAN 0x04000000L
+#define LDAP_SYN_TYPE_BUTTON 0x08000000L
+#define LDAP_SYN_TYPE_ACTION 0x10000000L
 
 
 /*
  * syntax options (confined to second most significant byte)
  */
-#define LDAP_SYN_OPT_DEFER		0x00010000L
+#define LDAP_SYN_OPT_DEFER 0x00010000L
 
 
-/* 
+/*
  * display template item syntax ids (defined by common agreement)
  * these are the valid values for the ti_syntaxid of the tmplitem
  * struct (defined below).  A general type is encoded in the
  * most-significant 8 bits, and some options are encoded in the next
  * 8 bits.  The lower 16 bits are reserved for the distinct types.
  */
-#define LDAP_SYN_CASEIGNORESTR	( 1 | LDAP_SYN_TYPE_TEXT )
-#define LDAP_SYN_MULTILINESTR	( 2 | LDAP_SYN_TYPE_TEXT )
-#define LDAP_SYN_DN		( 3 | LDAP_SYN_TYPE_TEXT )
-#define LDAP_SYN_BOOLEAN	( 4 | LDAP_SYN_TYPE_BOOLEAN )
-#define LDAP_SYN_JPEGIMAGE	( 5 | LDAP_SYN_TYPE_IMAGE )
-#define LDAP_SYN_JPEGBUTTON	( 6 | LDAP_SYN_TYPE_BUTTON | LDAP_SYN_OPT_DEFER )
-#define LDAP_SYN_FAXIMAGE	( 7 | LDAP_SYN_TYPE_IMAGE )
-#define LDAP_SYN_FAXBUTTON	( 8 | LDAP_SYN_TYPE_BUTTON | LDAP_SYN_OPT_DEFER )
-#define LDAP_SYN_AUDIOBUTTON	( 9 | LDAP_SYN_TYPE_BUTTON | LDAP_SYN_OPT_DEFER )
-#define LDAP_SYN_TIME		( 10 | LDAP_SYN_TYPE_TEXT )
-#define LDAP_SYN_DATE		( 11 | LDAP_SYN_TYPE_TEXT )
-#define LDAP_SYN_LABELEDURL	( 12 | LDAP_SYN_TYPE_TEXT )
-#define LDAP_SYN_SEARCHACTION	( 13 | LDAP_SYN_TYPE_ACTION )
-#define LDAP_SYN_LINKACTION	( 14 | LDAP_SYN_TYPE_ACTION )
-#define LDAP_SYN_ADDDNACTION	( 15 | LDAP_SYN_TYPE_ACTION )
-#define LDAP_SYN_VERIFYDNACTION ( 16 | LDAP_SYN_TYPE_ACTION )
-#define LDAP_SYN_RFC822ADDR	( 17 | LDAP_SYN_TYPE_TEXT )
+#define LDAP_SYN_CASEIGNORESTR (1 | LDAP_SYN_TYPE_TEXT)
+#define LDAP_SYN_MULTILINESTR (2 | LDAP_SYN_TYPE_TEXT)
+#define LDAP_SYN_DN (3 | LDAP_SYN_TYPE_TEXT)
+#define LDAP_SYN_BOOLEAN (4 | LDAP_SYN_TYPE_BOOLEAN)
+#define LDAP_SYN_JPEGIMAGE (5 | LDAP_SYN_TYPE_IMAGE)
+#define LDAP_SYN_JPEGBUTTON (6 | LDAP_SYN_TYPE_BUTTON | LDAP_SYN_OPT_DEFER)
+#define LDAP_SYN_FAXIMAGE (7 | LDAP_SYN_TYPE_IMAGE)
+#define LDAP_SYN_FAXBUTTON (8 | LDAP_SYN_TYPE_BUTTON | LDAP_SYN_OPT_DEFER)
+#define LDAP_SYN_AUDIOBUTTON (9 | LDAP_SYN_TYPE_BUTTON | LDAP_SYN_OPT_DEFER)
+#define LDAP_SYN_TIME (10 | LDAP_SYN_TYPE_TEXT)
+#define LDAP_SYN_DATE (11 | LDAP_SYN_TYPE_TEXT)
+#define LDAP_SYN_LABELEDURL (12 | LDAP_SYN_TYPE_TEXT)
+#define LDAP_SYN_SEARCHACTION (13 | LDAP_SYN_TYPE_ACTION)
+#define LDAP_SYN_LINKACTION (14 | LDAP_SYN_TYPE_ACTION)
+#define LDAP_SYN_ADDDNACTION (15 | LDAP_SYN_TYPE_ACTION)
+#define LDAP_SYN_VERIFYDNACTION (16 | LDAP_SYN_TYPE_ACTION)
+#define LDAP_SYN_RFC822ADDR (17 | LDAP_SYN_TYPE_TEXT)
 
 
 /*
  * handy macros
  */
-#define LDAP_GET_SYN_TYPE( syid )	((syid) & 0xFF000000L )
-#define LDAP_GET_SYN_OPTIONS( syid )	((syid) & 0x00FF0000L )
+#define LDAP_GET_SYN_TYPE(syid) ((syid)&0xFF000000L)
+#define LDAP_GET_SYN_OPTIONS(syid) ((syid)&0x00FF0000L)
 
 
 /*
@@ -99,86 +99,88 @@ extern "C" {
  * use calculated label width (based on length of longest label in
  * template) instead of contant width
  */
-#define LDAP_DISP_OPT_AUTOLABELWIDTH	0x00000001L
-#define LDAP_DISP_OPT_HTMLBODYONLY	0x00000002L
+#define LDAP_DISP_OPT_AUTOLABELWIDTH 0x00000001L
+#define LDAP_DISP_OPT_HTMLBODYONLY 0x00000002L
 
 /*
- * perform search actions (applies to ldap_entry2text_search only) 
+ * perform search actions (applies to ldap_entry2text_search only)
  */
-#define LDAP_DISP_OPT_DOSEARCHACTIONS	0x00000002L
+#define LDAP_DISP_OPT_DOSEARCHACTIONS 0x00000002L
 
 /*
  * include additional info. relevant to "non leaf" entries only
  * used by ldap_entry2html and ldap_entry2html_search to include "Browse"
  * and "Move Up" HREFs
  */
-#define LDAP_DISP_OPT_NONLEAF		0x00000004L
+#define LDAP_DISP_OPT_NONLEAF 0x00000004L
 
 
 /*
  * display template item options (may not apply to all types)
  * if this bit is set in ti_options, it applies.
  */
-#define LDAP_DITEM_OPT_READONLY		0x00000001L
-#define LDAP_DITEM_OPT_SORTVALUES	0x00000002L
-#define LDAP_DITEM_OPT_SINGLEVALUED	0x00000004L
-#define LDAP_DITEM_OPT_HIDEIFEMPTY	0x00000008L
-#define LDAP_DITEM_OPT_VALUEREQUIRED	0x00000010L
-#define LDAP_DITEM_OPT_HIDEIFFALSE	0x00000020L	/* booleans only */
-
+#define LDAP_DITEM_OPT_READONLY 0x00000001L
+#define LDAP_DITEM_OPT_SORTVALUES 0x00000002L
+#define LDAP_DITEM_OPT_SINGLEVALUED 0x00000004L
+#define LDAP_DITEM_OPT_HIDEIFEMPTY 0x00000008L
+#define LDAP_DITEM_OPT_VALUEREQUIRED 0x00000010L
+#define LDAP_DITEM_OPT_HIDEIFFALSE 0x00000020L /* booleans only */
 
 
 /*
  * display template item structure
  */
-struct ldap_tmplitem {
-    unsigned long		ti_syntaxid;
-    unsigned long		ti_options;
-    char  			*ti_attrname;
-    char			*ti_label;
-    char			**ti_args;
-    struct ldap_tmplitem	*ti_next_in_row;
-    struct ldap_tmplitem	*ti_next_in_col;
-    void			*ti_appdata;
+struct ldap_tmplitem
+{
+    unsigned long ti_syntaxid;
+    unsigned long ti_options;
+    char *ti_attrname;
+    char *ti_label;
+    char **ti_args;
+    struct ldap_tmplitem *ti_next_in_row;
+    struct ldap_tmplitem *ti_next_in_col;
+    void *ti_appdata;
 };
 
 
-#define NULLTMPLITEM	((struct ldap_tmplitem *)0)
+#define NULLTMPLITEM ((struct ldap_tmplitem *)0)
 
-#define LDAP_SET_TMPLITEM_APPDATA( ti, datap )	\
-	(ti)->ti_appdata = (void *)(datap)
+#define LDAP_SET_TMPLITEM_APPDATA(ti, datap) \
+    (ti)->ti_appdata = (void *)(datap)
 
-#define LDAP_GET_TMPLITEM_APPDATA( ti, type )	\
-	(type)((ti)->ti_appdata)
+#define LDAP_GET_TMPLITEM_APPDATA(ti, type) \
+    (type)((ti)->ti_appdata)
 
-#define LDAP_IS_TMPLITEM_OPTION_SET( ti, option )	\
-	(((ti)->ti_options & option ) != 0 )
+#define LDAP_IS_TMPLITEM_OPTION_SET(ti, option) \
+    (((ti)->ti_options & option) != 0)
 
 
 /*
  * object class array structure
  */
-struct ldap_oclist {
-    char		**oc_objclasses;
-    struct ldap_oclist	*oc_next;
+struct ldap_oclist
+{
+    char **oc_objclasses;
+    struct ldap_oclist *oc_next;
 };
 
-#define NULLOCLIST	((struct ldap_oclist *)0)
+#define NULLOCLIST ((struct ldap_oclist *)0)
 
 
 /*
  * add defaults list
  */
-struct ldap_adddeflist {
-    int			ad_source;
-#define LDAP_ADSRC_CONSTANTVALUE	1
-#define LDAP_ADSRC_ADDERSDN		2
-    char		*ad_attrname;
-    char		*ad_value;
-    struct ldap_adddeflist	*ad_next;
+struct ldap_adddeflist
+{
+    int ad_source;
+#define LDAP_ADSRC_CONSTANTVALUE 1
+#define LDAP_ADSRC_ADDERSDN 2
+    char *ad_attrname;
+    char *ad_value;
+    struct ldap_adddeflist *ad_next;
 };
 
-#define NULLADLIST	((struct ldap_adddeflist *)0)
+#define NULLADLIST ((struct ldap_adddeflist *)0)
 
 
 /*
@@ -188,155 +190,137 @@ struct ldap_adddeflist {
 /*
  * users should be allowed to try to add objects of these entries
  */
-#define LDAP_DTMPL_OPT_ADDABLE		0x00000001L
+#define LDAP_DTMPL_OPT_ADDABLE 0x00000001L
 
 /*
  * users should be allowed to do "modify RDN" operation of these entries
  */
-#define LDAP_DTMPL_OPT_ALLOWMODRDN	0x00000002L
+#define LDAP_DTMPL_OPT_ALLOWMODRDN 0x00000002L
 
 /*
  * this template is an alternate view, not a primary view
  */
-#define LDAP_DTMPL_OPT_ALTVIEW		0x00000004L
+#define LDAP_DTMPL_OPT_ALTVIEW 0x00000004L
 
 
 /*
  * display template structure
  */
-struct ldap_disptmpl {
-    char			*dt_name;
-    char			*dt_pluralname;
-    char			*dt_iconname;
-    unsigned long		dt_options;
-    char			*dt_authattrname;
-    char			*dt_defrdnattrname;
-    char			*dt_defaddlocation;
-    struct ldap_oclist		*dt_oclist;
-    struct ldap_adddeflist	*dt_adddeflist;
-    struct ldap_tmplitem	*dt_items;
-    void			*dt_appdata;
-    struct ldap_disptmpl	*dt_next;
+struct ldap_disptmpl
+{
+    char *dt_name;
+    char *dt_pluralname;
+    char *dt_iconname;
+    unsigned long dt_options;
+    char *dt_authattrname;
+    char *dt_defrdnattrname;
+    char *dt_defaddlocation;
+    struct ldap_oclist *dt_oclist;
+    struct ldap_adddeflist *dt_adddeflist;
+    struct ldap_tmplitem *dt_items;
+    void *dt_appdata;
+    struct ldap_disptmpl *dt_next;
 };
 
-#define NULLDISPTMPL	((struct ldap_disptmpl *)0)
+#define NULLDISPTMPL ((struct ldap_disptmpl *)0)
 
-#define LDAP_SET_DISPTMPL_APPDATA( dt, datap )	\
-	(dt)->dt_appdata = (void *)(datap)
+#define LDAP_SET_DISPTMPL_APPDATA(dt, datap) \
+    (dt)->dt_appdata = (void *)(datap)
 
-#define LDAP_GET_DISPTMPL_APPDATA( dt, type )	\
-	(type)((dt)->dt_appdata)
+#define LDAP_GET_DISPTMPL_APPDATA(dt, type) \
+    (type)((dt)->dt_appdata)
 
-#define LDAP_IS_DISPTMPL_OPTION_SET( dt, option )	\
-	(((dt)->dt_options & option ) != 0 )
+#define LDAP_IS_DISPTMPL_OPTION_SET(dt, option) \
+    (((dt)->dt_options & option) != 0)
 
-#define LDAP_TMPL_ERR_VERSION	1
-#define LDAP_TMPL_ERR_MEM	2
-#define LDAP_TMPL_ERR_SYNTAX	3
-#define LDAP_TMPL_ERR_FILE	4
+#define LDAP_TMPL_ERR_VERSION 1
+#define LDAP_TMPL_ERR_MEM 2
+#define LDAP_TMPL_ERR_SYNTAX 3
+#define LDAP_TMPL_ERR_FILE 4
 
 /*
  * buffer size needed for entry2text and vals2text
  */
-#define LDAP_DTMPL_BUFSIZ	8192
+#define LDAP_DTMPL_BUFSIZ 8192
 
-typedef int (*writeptype)( void *writeparm, char *p, int len );
+typedef int (*writeptype)(void *writeparm, char *p, int len);
 
 LDAP_API(int)
 LDAP_CALL
-ldap_init_templates( char *file, struct ldap_disptmpl **tmpllistp );
+ldap_init_templates(char *file, struct ldap_disptmpl **tmpllistp);
 
 LDAP_API(int)
 LDAP_CALL
-ldap_init_templates_buf( char *buf, long buflen,
-	struct ldap_disptmpl **tmpllistp );
+ldap_init_templates_buf(char *buf, long buflen, struct ldap_disptmpl **tmpllistp);
 
 LDAP_API(void)
 LDAP_CALL
-ldap_free_templates( struct ldap_disptmpl *tmpllist );
+ldap_free_templates(struct ldap_disptmpl *tmpllist);
 
 LDAP_API(struct ldap_disptmpl *)
 LDAP_CALL
-ldap_first_disptmpl( struct ldap_disptmpl *tmpllist );
+ldap_first_disptmpl(struct ldap_disptmpl *tmpllist);
 
 LDAP_API(struct ldap_disptmpl *)
 LDAP_CALL
-ldap_next_disptmpl( struct ldap_disptmpl *tmpllist,
-	struct ldap_disptmpl *tmpl );
+ldap_next_disptmpl(struct ldap_disptmpl *tmpllist,
+                   struct ldap_disptmpl *tmpl);
 
 LDAP_API(struct ldap_disptmpl *)
 LDAP_CALL
-ldap_name2template( char *name, struct ldap_disptmpl *tmpllist );
+ldap_name2template(char *name, struct ldap_disptmpl *tmpllist);
 
 LDAP_API(struct ldap_disptmpl *)
 LDAP_CALL
-ldap_oc2template( char **oclist, struct ldap_disptmpl *tmpllist );
+ldap_oc2template(char **oclist, struct ldap_disptmpl *tmpllist);
 
 LDAP_API(char **)
 LDAP_CALL
-ldap_tmplattrs( struct ldap_disptmpl *tmpl, char **includeattrs, int exclude,
-	 unsigned long syntaxmask );
+ldap_tmplattrs(struct ldap_disptmpl *tmpl, char **includeattrs, int exclude, unsigned long syntaxmask);
 
 LDAP_API(struct ldap_tmplitem *)
 LDAP_CALL
-ldap_first_tmplrow( struct ldap_disptmpl *tmpl );
+ldap_first_tmplrow(struct ldap_disptmpl *tmpl);
 
 LDAP_API(struct ldap_tmplitem *)
 LDAP_CALL
-ldap_next_tmplrow( struct ldap_disptmpl *tmpl, struct ldap_tmplitem *row );
+ldap_next_tmplrow(struct ldap_disptmpl *tmpl, struct ldap_tmplitem *row);
 
 LDAP_API(struct ldap_tmplitem *)
 LDAP_CALL
-ldap_first_tmplcol( struct ldap_disptmpl *tmpl, struct ldap_tmplitem *row );
+ldap_first_tmplcol(struct ldap_disptmpl *tmpl, struct ldap_tmplitem *row);
 
 LDAP_API(struct ldap_tmplitem *)
 LDAP_CALL
-ldap_next_tmplcol( struct ldap_disptmpl *tmpl, struct ldap_tmplitem *row,
-	struct ldap_tmplitem *col );
+ldap_next_tmplcol(struct ldap_disptmpl *tmpl, struct ldap_tmplitem *row, struct ldap_tmplitem *col);
 
 LDAP_API(int)
 LDAP_CALL
-ldap_entry2text( LDAP *ld, char *buf, LDAPMessage *entry,
-	struct ldap_disptmpl *tmpl, char **defattrs, char ***defvals,
-	writeptype writeproc, void *writeparm, char *eol, int rdncount,
-	unsigned long opts );
+ldap_entry2text(LDAP *ld, char *buf, LDAPMessage *entry, struct ldap_disptmpl *tmpl, char **defattrs, char ***defvals, writeptype writeproc, void *writeparm, char *eol, int rdncount, unsigned long opts);
 
 LDAP_API(int)
 LDAP_CALL
-ldap_vals2text( LDAP *ld, char *buf, char **vals, char *label, int labelwidth,
-	unsigned long syntaxid, writeptype writeproc, void *writeparm,
-	char *eol, int rdncount );
+ldap_vals2text(LDAP *ld, char *buf, char **vals, char *label, int labelwidth, unsigned long syntaxid, writeptype writeproc, void *writeparm, char *eol, int rdncount);
 
 LDAP_API(int)
 LDAP_CALL
-ldap_entry2text_search( LDAP *ld, char *dn, char *base, LDAPMessage *entry,
-	struct ldap_disptmpl *tmpllist, char **defattrs, char ***defvals,
-	writeptype writeproc, void *writeparm, char *eol, int rdncount,
-	unsigned long opts );
+ldap_entry2text_search(LDAP *ld, char *dn, char *base, LDAPMessage *entry, struct ldap_disptmpl *tmpllist, char **defattrs, char ***defvals, writeptype writeproc, void *writeparm, char *eol, int rdncount, unsigned long opts);
 
 LDAP_API(int)
 LDAP_CALL
-ldap_entry2html( LDAP *ld, char *buf, LDAPMessage *entry,
-	struct ldap_disptmpl *tmpl, char **defattrs, char ***defvals,
-	writeptype writeproc, void *writeparm, char *eol, int rdncount,
-	unsigned long opts, char *urlprefix, char *base );
+ldap_entry2html(LDAP *ld, char *buf, LDAPMessage *entry, struct ldap_disptmpl *tmpl, char **defattrs, char ***defvals, writeptype writeproc, void *writeparm, char *eol, int rdncount, unsigned long opts, char *urlprefix, char *base);
 
 LDAP_API(int)
 LDAP_CALL
-ldap_vals2html( LDAP *ld, char *buf, char **vals, char *label, int labelwidth,
-	unsigned long syntaxid, writeptype writeproc, void *writeparm,
-	char *eol, int rdncount, char *urlprefix );
+ldap_vals2html(LDAP *ld, char *buf, char **vals, char *label, int labelwidth, unsigned long syntaxid, writeptype writeproc, void *writeparm, char *eol, int rdncount, char *urlprefix);
 
 LDAP_API(int)
 LDAP_CALL
-ldap_entry2html_search( LDAP *ld, char *dn, char *base, LDAPMessage *entry,
-	struct ldap_disptmpl *tmpllist, char **defattrs, char ***defvals,
-	writeptype writeproc, void *writeparm, char *eol, int rdncount,
-	unsigned long opts, char *urlprefix );
+ldap_entry2html_search(LDAP *ld, char *dn, char *base, LDAPMessage *entry, struct ldap_disptmpl *tmpllist, char **defattrs, char ***defvals, writeptype writeproc, void *writeparm, char *eol, int rdncount, unsigned long opts, char *urlprefix);
 
 LDAP_API(char *)
 LDAP_CALL
-ldap_tmplerr2string( int err );
+ldap_tmplerr2string(int err);
 
 #ifdef __cplusplus
 }

ldap/include/ldaprot.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef _LDAPROT_H
@@ -19,16 +19,16 @@ extern "C" {
 #endif
 
 #ifndef LDAP_VERSION1
-#define LDAP_VERSION1	1
+#define LDAP_VERSION1 1
 #endif
 #ifndef LDAP_VERSION2
-#define LDAP_VERSION2	2
+#define LDAP_VERSION2 2
 #endif
 #ifndef LDAP_VERSION3
-#define LDAP_VERSION3	3
+#define LDAP_VERSION3 3
 #endif
 #ifndef LDAP_VERSION
-#define LDAP_VERSION	LDAP_VERSION2
+#define LDAP_VERSION LDAP_VERSION2
 #endif
 
 #define COMPAT20
@@ -37,238 +37,238 @@ extern "C" {
 #define COMPAT
 #endif
 
-#define LDAP_URL_PREFIX		"ldap://"
-#define LDAP_URL_PREFIX_LEN	7
-#define LDAPS_URL_PREFIX	"ldaps://"
-#define LDAPS_URL_PREFIX_LEN	8
-#define LDAP_REF_STR		"Referral:\n"
-#define LDAP_REF_STR_LEN	10
+#define LDAP_URL_PREFIX "ldap://"
+#define LDAP_URL_PREFIX_LEN 7
+#define LDAPS_URL_PREFIX "ldaps://"
+#define LDAPS_URL_PREFIX_LEN 8
+#define LDAP_REF_STR "Referral:\n"
+#define LDAP_REF_STR_LEN 10
 
-/* 
+/*
  * specific LDAP instantiations of BER types we know about
  */
 
 /* general stuff */
 #ifndef LDAP_TAG_MESSAGE
-#define LDAP_TAG_MESSAGE	0x30L	/* tag is 16 + constructed bit */
+#define LDAP_TAG_MESSAGE 0x30L /* tag is 16 + constructed bit */
 #endif
 #ifndef OLD_LDAP_TAG_MESSAGE
-#define OLD_LDAP_TAG_MESSAGE	0x10L	/* forgot the constructed bit  */
+#define OLD_LDAP_TAG_MESSAGE 0x10L /* forgot the constructed bit  */
 #endif
 #ifndef LDAP_TAG_MSGID
-#define LDAP_TAG_MSGID		0x02L   /* INTEGER */
+#define LDAP_TAG_MSGID 0x02L /* INTEGER */
 #endif
 #ifndef LDAP_TAG_LDAPDN
-#define LDAP_TAG_LDAPDN		0x04L	/* OCTET STRING */
+#define LDAP_TAG_LDAPDN 0x04L /* OCTET STRING */
 #endif
 #ifndef LDAP_TAG_CONTROLS
-#define LDAP_TAG_CONTROLS	0xa0L	/* context specific + constructed + 0 */
+#define LDAP_TAG_CONTROLS 0xa0L /* context specific + constructed + 0 */
 #endif
 #ifndef LDAP_TAG_REFERRAL
-#define LDAP_TAG_REFERRAL	0xa3L	/* context specific + constructed */
+#define LDAP_TAG_REFERRAL 0xa3L /* context specific + constructed */
 #endif
 #ifndef LDAP_TAG_NEWSUPERIOR
-#define LDAP_TAG_NEWSUPERIOR	0x80L	/* context specific + primitive */
+#define LDAP_TAG_NEWSUPERIOR 0x80L /* context specific + primitive */
 #endif
 #ifndef LDAP_TAG_MRA_OID
-#define LDAP_TAG_MRA_OID	0x81L	/* context specific + primitive */
+#define LDAP_TAG_MRA_OID 0x81L /* context specific + primitive */
 #endif
 #ifndef LDAP_TAG_MRA_TYPE
-#define LDAP_TAG_MRA_TYPE	0x82L	/* context specific + primitive */
+#define LDAP_TAG_MRA_TYPE 0x82L /* context specific + primitive */
 #endif
 #ifndef LDAP_TAG_MRA_VALUE
-#define LDAP_TAG_MRA_VALUE	0x83L	/* context specific + primitive */
+#define LDAP_TAG_MRA_VALUE 0x83L /* context specific + primitive */
 #endif
 #ifndef LDAP_TAG_MRA_DNATTRS
-#define LDAP_TAG_MRA_DNATTRS	0x84L	/* context specific + primitive */
+#define LDAP_TAG_MRA_DNATTRS 0x84L /* context specific + primitive */
 #endif
 #ifndef LDAP_TAG_EXOP_REQ_OID
-#define LDAP_TAG_EXOP_REQ_OID	0x80L	/* context specific + primitive */
+#define LDAP_TAG_EXOP_REQ_OID 0x80L /* context specific + primitive */
 #endif
 #ifndef LDAP_TAG_EXOP_REQ_VALUE
-#define LDAP_TAG_EXOP_REQ_VALUE	0x81L	/* context specific + primitive */
+#define LDAP_TAG_EXOP_REQ_VALUE 0x81L /* context specific + primitive */
 #endif
 #ifndef LDAP_TAG_EXOP_RES_OID
-#define LDAP_TAG_EXOP_RES_OID	0x8aL	/* context specific + primitive + 10 */
+#define LDAP_TAG_EXOP_RES_OID 0x8aL /* context specific + primitive + 10 */
 #endif
 #ifndef LDAP_TAG_EXOP_RES_VALUE
-#define LDAP_TAG_EXOP_RES_VALUE	0x8bL	/* context specific + primitive + 11 */
+#define LDAP_TAG_EXOP_RES_VALUE 0x8bL /* context specific + primitive + 11 */
 #endif
 #ifndef LDAP_TAG_SK_MATCHRULE
-#define LDAP_TAG_SK_MATCHRULE   0x80L   /* context specific + primitive */
+#define LDAP_TAG_SK_MATCHRULE 0x80L /* context specific + primitive */
 #endif
 #ifndef LDAP_TAG_SK_REVERSE
-#define LDAP_TAG_SK_REVERSE 	0x81L	/* context specific + primitive */
+#define LDAP_TAG_SK_REVERSE 0x81L /* context specific + primitive */
 #endif
 #ifndef LDAP_TAG_SR_ATTRTYPE
-#define LDAP_TAG_SR_ATTRTYPE    0x80L   /* context specific + primitive */
+#define LDAP_TAG_SR_ATTRTYPE 0x80L /* context specific + primitive */
 #endif
 #ifndef LDAP_TAG_SASL_RES_CREDS
-#define LDAP_TAG_SASL_RES_CREDS	0x87L	/* context specific + primitive */
+#define LDAP_TAG_SASL_RES_CREDS 0x87L /* context specific + primitive */
 #endif
 #ifndef LDAP_TAG_VLV_BY_INDEX
-#define LDAP_TAG_VLV_BY_INDEX	0xa0L	/* context specific + constructed + 0 */
+#define LDAP_TAG_VLV_BY_INDEX 0xa0L /* context specific + constructed + 0 */
 #endif
 #ifndef LDAP_TAG_VLV_BY_VALUE
-#define LDAP_TAG_VLV_BY_VALUE	0x81L	/* context specific + primitive + 1 */
+#define LDAP_TAG_VLV_BY_VALUE 0x81L /* context specific + primitive + 1 */
 #endif
 #ifndef LDAP_TAG_PWP_WARNING
-#define LDAP_TAG_PWP_WARNING	0xA0	/* context specific + constructed + 0 */
+#define LDAP_TAG_PWP_WARNING 0xA0 /* context specific + constructed + 0 */
 #endif
 #ifndef LDAP_TAG_PWP_SECSLEFT
-#define LDAP_TAG_PWP_SECSLEFT	0x80L   /* context specific + primitive */
+#define LDAP_TAG_PWP_SECSLEFT 0x80L /* context specific + primitive */
 #endif
 #ifndef LDAP_TAG_PWP_GRCLOGINS
-#define LDAP_TAG_PWP_GRCLOGINS	0x81L   /* context specific + primitive + 1 */
+#define LDAP_TAG_PWP_GRCLOGINS 0x81L /* context specific + primitive + 1 */
 #endif
 #ifndef LDAP_TAG_PWP_ERROR
-#define LDAP_TAG_PWP_ERROR	0x81L   /* context specific + primitive + 1 */
+#define LDAP_TAG_PWP_ERROR 0x81L /* context specific + primitive + 1 */
 #endif
 
 /* possible operations a client can invoke */
 #ifndef LDAP_REQ_BIND
-#define LDAP_REQ_BIND			0x60L	/* application + constructed */
+#define LDAP_REQ_BIND 0x60L /* application + constructed */
 #endif
 #ifndef LDAP_REQ_UNBIND
-#define LDAP_REQ_UNBIND			0x42L	/* application + primitive   */
+#define LDAP_REQ_UNBIND 0x42L /* application + primitive   */
 #endif
 #ifndef LDAP_REQ_SEARCH
-#define LDAP_REQ_SEARCH			0x63L	/* application + constructed */
+#define LDAP_REQ_SEARCH 0x63L /* application + constructed */
 #endif
 #ifndef LDAP_REQ_MODIFY
-#define LDAP_REQ_MODIFY			0x66L	/* application + constructed */
+#define LDAP_REQ_MODIFY 0x66L /* application + constructed */
 #endif
 #ifndef LDAP_REQ_ADD
-#define LDAP_REQ_ADD			0x68L	/* application + constructed */
+#define LDAP_REQ_ADD 0x68L /* application + constructed */
 #endif
 #ifndef LDAP_REQ_DELETE
-#define LDAP_REQ_DELETE			0x4aL	/* application + primitive   */
+#define LDAP_REQ_DELETE 0x4aL /* application + primitive   */
 #endif
 #ifndef LDAP_REQ_MODRDN
-#define LDAP_REQ_MODRDN			0x6cL	/* application + constructed */
+#define LDAP_REQ_MODRDN 0x6cL /* application + constructed */
 #endif
 #ifndef LDAP_REQ_MODDN
-#define LDAP_REQ_MODDN			0x6cL	/* application + constructed */  
+#define LDAP_REQ_MODDN 0x6cL /* application + constructed */
 #endif
 #ifndef LDAP_REQ_RENAME
-#define LDAP_REQ_RENAME			0x6cL	/* application + constructed */  
+#define LDAP_REQ_RENAME 0x6cL /* application + constructed */
 #endif
 #ifndef LDAP_REQ_COMPARE
-#define LDAP_REQ_COMPARE		0x6eL	/* application + constructed */
+#define LDAP_REQ_COMPARE 0x6eL /* application + constructed */
 #endif
 #ifndef LDAP_REQ_ABANDON
-#define LDAP_REQ_ABANDON		0x50L	/* application + primitive   */
+#define LDAP_REQ_ABANDON 0x50L /* application + primitive   */
 #endif
 #ifndef LDAP_REQ_EXTENDED
-#define LDAP_REQ_EXTENDED		0x77L	/* application + constructed */
+#define LDAP_REQ_EXTENDED 0x77L /* application + constructed */
 #endif
 
 /* version 3.0 compatibility stuff */
 #ifndef LDAP_REQ_UNBIND_30
-#define LDAP_REQ_UNBIND_30		0x62L
+#define LDAP_REQ_UNBIND_30 0x62L
 #endif
 #ifndef LDAP_REQ_DELETE_30
-#define LDAP_REQ_DELETE_30		0x6aL
+#define LDAP_REQ_DELETE_30 0x6aL
 #endif
 #ifndef LDAP_REQ_ABANDON_30
-#define LDAP_REQ_ABANDON_30		0x70L
+#define LDAP_REQ_ABANDON_30 0x70L
 #endif
 
-/* 
+/*
  * old broken stuff for backwards compatibility - forgot application tag
  * and constructed/primitive bit
  */
-#define OLD_LDAP_REQ_BIND		0x00L
-#define OLD_LDAP_REQ_UNBIND		0x02L
-#define OLD_LDAP_REQ_SEARCH		0x03L
-#define OLD_LDAP_REQ_MODIFY		0x06L
-#define OLD_LDAP_REQ_ADD		0x08L
-#define OLD_LDAP_REQ_DELETE		0x0aL
-#define OLD_LDAP_REQ_MODRDN		0x0cL
-#define OLD_LDAP_REQ_MODDN		0x0cL
-#define OLD_LDAP_REQ_COMPARE		0x0eL
-#define OLD_LDAP_REQ_ABANDON		0x10L
+#define OLD_LDAP_REQ_BIND 0x00L
+#define OLD_LDAP_REQ_UNBIND 0x02L
+#define OLD_LDAP_REQ_SEARCH 0x03L
+#define OLD_LDAP_REQ_MODIFY 0x06L
+#define OLD_LDAP_REQ_ADD 0x08L
+#define OLD_LDAP_REQ_DELETE 0x0aL
+#define OLD_LDAP_REQ_MODRDN 0x0cL
+#define OLD_LDAP_REQ_MODDN 0x0cL
+#define OLD_LDAP_REQ_COMPARE 0x0eL
+#define OLD_LDAP_REQ_ABANDON 0x10L
 
 /* old broken stuff for backwards compatibility */
-#define OLD_LDAP_RES_BIND		0x01L
-#define OLD_LDAP_RES_SEARCH_ENTRY	0x04L
-#define OLD_LDAP_RES_SEARCH_RESULT	0x05L
-#define OLD_LDAP_RES_MODIFY		0x07L
-#define OLD_LDAP_RES_ADD		0x09L
-#define OLD_LDAP_RES_DELETE		0x0bL
-#define OLD_LDAP_RES_MODRDN		0x0dL
-#define OLD_LDAP_RES_MODDN		0x0dL
-#define OLD_LDAP_RES_COMPARE		0x0fL
+#define OLD_LDAP_RES_BIND 0x01L
+#define OLD_LDAP_RES_SEARCH_ENTRY 0x04L
+#define OLD_LDAP_RES_SEARCH_RESULT 0x05L
+#define OLD_LDAP_RES_MODIFY 0x07L
+#define OLD_LDAP_RES_ADD 0x09L
+#define OLD_LDAP_RES_DELETE 0x0bL
+#define OLD_LDAP_RES_MODRDN 0x0dL
+#define OLD_LDAP_RES_MODDN 0x0dL
+#define OLD_LDAP_RES_COMPARE 0x0fL
 
 /* 3.0 compatibility auth methods */
-#define LDAP_AUTH_SIMPLE_30	0xa0L	/* context specific + constructed */
-#define LDAP_AUTH_KRBV41_30	0xa1L	/* context specific + constructed */
-#define LDAP_AUTH_KRBV42_30	0xa2L	/* context specific + constructed */
+#define LDAP_AUTH_SIMPLE_30 0xa0L /* context specific + constructed */
+#define LDAP_AUTH_KRBV41_30 0xa1L /* context specific + constructed */
+#define LDAP_AUTH_KRBV42_30 0xa2L /* context specific + constructed */
 
 /* old broken stuff */
-#define OLD_LDAP_AUTH_SIMPLE	0x00L
-#define OLD_LDAP_AUTH_KRBV4	0x01L
-#define OLD_LDAP_AUTH_KRBV42	0x02L
+#define OLD_LDAP_AUTH_SIMPLE 0x00L
+#define OLD_LDAP_AUTH_KRBV4 0x01L
+#define OLD_LDAP_AUTH_KRBV42 0x02L
 
 /* 3.0 compatibility filter types */
-#define LDAP_FILTER_PRESENT_30	0xa7L	/* context specific + constructed */
+#define LDAP_FILTER_PRESENT_30 0xa7L /* context specific + constructed */
 
 /* filter types */
 #ifndef LDAP_FILTER_AND
-#define LDAP_FILTER_AND		0xa0L	/* context specific + constructed */
+#define LDAP_FILTER_AND 0xa0L /* context specific + constructed */
 #endif
 #ifndef LDAP_FILTER_OR
-#define LDAP_FILTER_OR		0xa1L	/* context specific + constructed */
+#define LDAP_FILTER_OR 0xa1L /* context specific + constructed */
 #endif
 #ifndef LDAP_FILTER_NOT
-#define LDAP_FILTER_NOT		0xa2L	/* context specific + constructed */
+#define LDAP_FILTER_NOT 0xa2L /* context specific + constructed */
 #endif
 #ifndef LDAP_FILTER_EQUALITY
-#define LDAP_FILTER_EQUALITY	0xa3L	/* context specific + constructed */
+#define LDAP_FILTER_EQUALITY 0xa3L /* context specific + constructed */
 #endif
 #ifndef LDAP_FILTER_SUBSTRINGS
-#define LDAP_FILTER_SUBSTRINGS	0xa4L	/* context specific + constructed */
+#define LDAP_FILTER_SUBSTRINGS 0xa4L /* context specific + constructed */
 #endif
 #ifndef LDAP_FILTER_GE
-#define LDAP_FILTER_GE		0xa5L	/* context specific + constructed */
+#define LDAP_FILTER_GE 0xa5L /* context specific + constructed */
 #endif
 #ifndef LDAP_FILTER_LE
-#define LDAP_FILTER_LE		0xa6L	/* context specific + constructed */
+#define LDAP_FILTER_LE 0xa6L /* context specific + constructed */
 #endif
 #ifndef LDAP_FILTER_PRESENT
-#define LDAP_FILTER_PRESENT	0x87L	/* context specific + primitive   */
+#define LDAP_FILTER_PRESENT 0x87L /* context specific + primitive   */
 #endif
 #ifndef LDAP_FILTER_APPROX
-#define LDAP_FILTER_APPROX	0xa8L	/* context specific + constructed */
+#define LDAP_FILTER_APPROX 0xa8L /* context specific + constructed */
 #endif
 #ifndef LDAP_FILTER_EXTENDED
 #ifdef LDAP_FILTER_EXT
-#define LDAP_FILTER_EXTENDED	LDAP_FILTER_EXT
+#define LDAP_FILTER_EXTENDED LDAP_FILTER_EXT
 #else
 #define LDAP_FILTER_EXTENDED 0xa9L
 #endif
 #endif
 
 /* old broken stuff */
-#define OLD_LDAP_FILTER_AND		0x00L
-#define OLD_LDAP_FILTER_OR		0x01L
-#define OLD_LDAP_FILTER_NOT		0x02L
-#define OLD_LDAP_FILTER_EQUALITY	0x03L
-#define OLD_LDAP_FILTER_SUBSTRINGS	0x04L
-#define OLD_LDAP_FILTER_GE		0x05L
-#define OLD_LDAP_FILTER_LE		0x06L
-#define OLD_LDAP_FILTER_PRESENT		0x07L
-#define OLD_LDAP_FILTER_APPROX		0x08L
+#define OLD_LDAP_FILTER_AND 0x00L
+#define OLD_LDAP_FILTER_OR 0x01L
+#define OLD_LDAP_FILTER_NOT 0x02L
+#define OLD_LDAP_FILTER_EQUALITY 0x03L
+#define OLD_LDAP_FILTER_SUBSTRINGS 0x04L
+#define OLD_LDAP_FILTER_GE 0x05L
+#define OLD_LDAP_FILTER_LE 0x06L
+#define OLD_LDAP_FILTER_PRESENT 0x07L
+#define OLD_LDAP_FILTER_APPROX 0x08L
 
 /* substring filter component types */
 #ifndef LDAP_SUBSTRING_INITIAL
-#define LDAP_SUBSTRING_INITIAL	0x80L	/* context specific */
+#define LDAP_SUBSTRING_INITIAL 0x80L /* context specific */
 #endif
 #ifndef LDAP_SUBSTRING_ANY
-#define LDAP_SUBSTRING_ANY	0x81L	/* context specific */
+#define LDAP_SUBSTRING_ANY 0x81L /* context specific */
 #endif
 #ifndef LDAP_SUBSTRING_FINAL
-#define LDAP_SUBSTRING_FINAL	0x82L	/* context specific */
+#define LDAP_SUBSTRING_FINAL 0x82L /* context specific */
 #endif
 
 /* extended filter component types */
@@ -276,40 +276,40 @@ extern "C" {
 #ifdef LDAP_FILTER_EXT_OID
 #define LDAP_FILTER_EXTENDED_OID LDAP_FILTER_EXT_OID
 #else
-#define LDAP_FILTER_EXTENDED_OID	0x81L	/* context specific */
+#define LDAP_FILTER_EXTENDED_OID 0x81L /* context specific */
 #endif
 #endif
 #ifndef LDAP_FILTER_EXTENDED_TYPE
 #ifdef LDAP_FILTER_EXT_TYPE
 #define LDAP_FILTER_EXTENDED_TYPE LDAP_FILTER_EXT_TYPE
 #else
-#define LDAP_FILTER_EXTENDED_TYPE	0x82L	/* context specific */
+#define LDAP_FILTER_EXTENDED_TYPE 0x82L /* context specific */
 #endif
 #endif
 #ifndef LDAP_FILTER_EXTENDED_VALUE
 #ifdef LDAP_FILTER_EXT_VALUE
 #define LDAP_FILTER_EXTENDED_VALUE LDAP_FILTER_EXT_VALUE
 #else
-#define LDAP_FILTER_EXTENDED_VALUE	0x83L	/* context specific */
+#define LDAP_FILTER_EXTENDED_VALUE 0x83L /* context specific */
 #endif
 #endif
 #ifndef LDAP_FILTER_EXTENDED_DNATTRS
 #ifdef LDAP_FILTER_EXT_DNATTRS
 #define LDAP_FILTER_EXTENDED_DNATTRS LDAP_FILTER_EXT_DNATTRS
 #else
-#define LDAP_FILTER_EXTENDED_DNATTRS	0x84L	/* context specific */
+#define LDAP_FILTER_EXTENDED_DNATTRS 0x84L /* context specific */
 #endif
 #endif
 
 /* 3.0 compatibility substring filter component types */
-#define LDAP_SUBSTRING_INITIAL_30	0xa0L	/* context specific */
-#define LDAP_SUBSTRING_ANY_30		0xa1L	/* context specific */
-#define LDAP_SUBSTRING_FINAL_30		0xa2L	/* context specific */
+#define LDAP_SUBSTRING_INITIAL_30 0xa0L /* context specific */
+#define LDAP_SUBSTRING_ANY_30 0xa1L     /* context specific */
+#define LDAP_SUBSTRING_FINAL_30 0xa2L   /* context specific */
 
 /* old broken stuff */
-#define OLD_LDAP_SUBSTRING_INITIAL	0x00L
-#define OLD_LDAP_SUBSTRING_ANY		0x01L
-#define OLD_LDAP_SUBSTRING_FINAL	0x02L
+#define OLD_LDAP_SUBSTRING_INITIAL 0x00L
+#define OLD_LDAP_SUBSTRING_ANY 0x01L
+#define OLD_LDAP_SUBSTRING_FINAL 0x02L
 
 #ifdef __cplusplus
 }

ldap/include/ldbm.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 /* ldbm.h - ldap dbm compatibility routine header file */
@@ -16,7 +16,7 @@
 #error "Hmm, shoudn't be here"
 /* Deprecated header, why are you including it ??? */
 
-#if 1		
+#if 1
 
 #ifndef _LDBM_H_
 #define _LDBM_H_
@@ -36,25 +36,25 @@
 
 #include <gdbm.h>
 
-typedef datum		Datum;
+typedef datum Datum;
 
-typedef GDBM_FILE	LDBM;
+typedef GDBM_FILE LDBM;
 
-extern gdbm_error	gdbm_errno;
+extern gdbm_error gdbm_errno;
 
 /* for ldbm_open */
-#define LDBM_READER	GDBM_READER
-#define LDBM_WRITER	GDBM_WRITER
-#define LDBM_WRCREAT	GDBM_WRCREAT
-#define LDBM_NEWDB	GDBM_NEWDB
-#define LDBM_FAST	GDBM_FAST
+#define LDBM_READER GDBM_READER
+#define LDBM_WRITER GDBM_WRITER
+#define LDBM_WRCREAT GDBM_WRCREAT
+#define LDBM_NEWDB GDBM_NEWDB
+#define LDBM_FAST GDBM_FAST
 
-#define LDBM_SUFFIX	".gdbm"
+#define LDBM_SUFFIX ".gdbm"
 
 /* for ldbm_insert */
-#define LDBM_INSERT	GDBM_INSERT
-#define LDBM_REPLACE	GDBM_REPLACE
-#define LDBM_SYNC	0x80000000
+#define LDBM_INSERT GDBM_INSERT
+#define LDBM_REPLACE GDBM_REPLACE
+#define LDBM_SYNC 0x80000000
 
 #else /* end of gdbm */
 
@@ -72,27 +72,27 @@ extern gdbm_error	gdbm_errno;
 #include <errno.h>
 #include <db.h>
 
-typedef DBT	Datum;
-#define dsize	size
-#define dptr	data
+typedef DBT Datum;
+#define dsize size
+#define dptr data
 
-typedef DB	*LDBM;
+typedef DB *LDBM;
 
-#define DB_TYPE		DB_HASH
+#define DB_TYPE DB_HASH
 
 /* for ldbm_open */
-#define LDBM_READER	O_RDONLY
-#define LDBM_WRITER	O_RDWR
-#define LDBM_WRCREAT	(O_RDWR|O_CREAT)
-#define LDBM_NEWDB	(O_RDWR|O_TRUNC|O_CREAT)
-#define LDBM_FAST	0
+#define LDBM_READER O_RDONLY
+#define LDBM_WRITER O_RDWR
+#define LDBM_WRCREAT (O_RDWR | O_CREAT)
+#define LDBM_NEWDB (O_RDWR | O_TRUNC | O_CREAT)
+#define LDBM_FAST 0
 
-#define LDBM_SUFFIX	".dbh"
+#define LDBM_SUFFIX ".dbh"
 
 /* for ldbm_insert */
-#define LDBM_INSERT	R_NOOVERWRITE
-#define LDBM_REPLACE	0
-#define LDBM_SYNC	0x80000000
+#define LDBM_INSERT R_NOOVERWRITE
+#define LDBM_REPLACE 0
+#define LDBM_SYNC 0x80000000
 
 #else /* end of db hash */
 
@@ -112,68 +112,70 @@ typedef DB	*LDBM;
 #endif
 
 #ifdef HPUX11
-#define	__BIT_TYPES_DEFINED__
+#define __BIT_TYPES_DEFINED__
 typedef unsigned char u_int8_t;
 typedef unsigned int u_int32_t;
 typedef unsigned short u_int16_t;
 #endif
 #include <db.h>
 
-#define DB_TYPE		DB_BTREE
+#define DB_TYPE DB_BTREE
 
-#define LDBM_ORDERED	1
+#define LDBM_ORDERED 1
 
 #ifdef LDAP_USE_DB20
 
 /* pull in parts of the new interface , this comes from dblayer.h */
 
-typedef struct _tag_dblayer_session{
-	DB_ENV	db_env;
-} *dblayer_session, dblayer_session_struct;
+typedef struct _tag_dblayer_session
+{
+    DB_ENV db_env;
+} * dblayer_session, dblayer_session_struct;
 
 
 /* for ldbm_insert */
-#define LDBM_INSERT	DB_NOOVERWRITE
+#define LDBM_INSERT DB_NOOVERWRITE
 #define LDBM_REPLACE 0 /* Db2.0 default is to replace */
-#define LDBM_SYNC	0x80000000
+#define LDBM_SYNC 0x80000000
 
 typedef DBT Datum;
-#define dsize	size
-#define dptr	data
+#define dsize size
+#define dptr data
 
-typedef struct _ldbm {
-	DB	*pReal_DB;
-	DBC	*pCursor;
+typedef struct _ldbm
+{
+    DB *pReal_DB;
+    DBC *pCursor;
 } _ldbmstruct, *LDBM;
 
 /* for ldbm_open */
-#define LDBM_READER	DB_RDONLY
-#define LDBM_WRITER	0
-#define LDBM_WRCREAT	DB_CREATE
-#define LDBM_NEWDB	(DB_TRUNCATE | DB_CREATE)
-#define LDBM_FAST	0
+#define LDBM_READER DB_RDONLY
+#define LDBM_WRITER 0
+#define LDBM_WRCREAT DB_CREATE
+#define LDBM_NEWDB (DB_TRUNCATE | DB_CREATE)
+#define LDBM_FAST 0
 
-#define LDBM_SUFFIX	".db2"
+#define LDBM_SUFFIX ".db2"
 #else /* DB 1.85 */
 
 /* for ldbm_insert */
-#define LDBM_INSERT	R_NOOVERWRITE
-#define LDBM_REPLACE	0
-#define LDBM_SYNC	0x80000000
+#define LDBM_INSERT R_NOOVERWRITE
+#define LDBM_REPLACE 0
+#define LDBM_SYNC 0x80000000
 
-typedef DBT	Datum;
-#define dsize	size
-#define dptr	data
+typedef DBT Datum;
+#define dsize size
+#define dptr data
 
-typedef DB	*LDBM;
+typedef DB *LDBM;
 /* for ldbm_open */
-#define LDBM_READER	O_RDONLY
-#define LDBM_WRITER	O_RDWR
-#define LDBM_WRCREAT	(O_RDWR|O_CREAT)
-#define LDBM_NEWDB	(O_RDWR|O_TRUNC|O_CREAT)
-#define LDBM_FAST	0
+#define LDBM_READER O_RDONLY
+#define LDBM_WRITER O_RDWR
+#define LDBM_WRCREAT (O_RDWR | O_CREAT)
+#define LDBM_NEWDB (O_RDWR | O_TRUNC | O_CREAT)
+#define LDBM_FAST 0
 
-#define LDBM_SUFFIX	".dbb"
+#define LDBM_SUFFIX ".dbb"
 #endif /* LDAP_USE_DB20 */
 
 #else /* end of db btree */
@@ -191,23 +193,23 @@ typedef DB	*LDBM;
 #include <fcntl.h>
 #endif
 
-typedef datum	Datum;
+typedef datum Datum;
 
-typedef DBM	*LDBM;
+typedef DBM *LDBM;
 
 /* for ldbm_open */
-#define LDBM_READER	O_RDONLY
-#define LDBM_WRITER	O_WRONLY
-#define LDBM_WRCREAT	(O_RDWR|O_CREAT)
-#define LDBM_NEWDB	(O_RDWR|O_TRUNC|O_CREAT)
-#define LDBM_FAST	0
+#define LDBM_READER O_RDONLY
+#define LDBM_WRITER O_WRONLY
+#define LDBM_WRCREAT (O_RDWR | O_CREAT)
+#define LDBM_NEWDB (O_RDWR | O_TRUNC | O_CREAT)
+#define LDBM_FAST 0
 
-#define LDBM_SUFFIX	".ndbm"
+#define LDBM_SUFFIX ".ndbm"
 
 /* for ldbm_insert */
-#define LDBM_INSERT	DBM_INSERT
-#define LDBM_REPLACE	DBM_REPLACE
-#define LDBM_SYNC	0
+#define LDBM_INSERT DBM_INSERT
+#define LDBM_REPLACE DBM_REPLACE
+#define LDBM_SYNC 0
 
 #else /* end of ndbm */
 
@@ -225,36 +227,38 @@ typedef DBM	*LDBM;
 #include <fcntl.h>
 #include "isam.h"
 
-extern int	errno;
+extern int errno;
 
-struct datum {
-	void    *dptr;                  /* data */
-        size_t   dsize;                 /* data length */
+struct datum
+{
+    void *dptr;   /* data */
+    size_t dsize; /* data length */
 };
 
-typedef struct datum	Datum;
+typedef struct datum Datum;
 
-struct ldbm {
-	int	fd;			/* all callers expect a ptr */
-	int	cur_recnum;		/* for reading sequentially */
+struct ldbm
+{
+    int fd;         /* all callers expect a ptr */
+    int cur_recnum; /* for reading sequentially */
 };
 
-typedef struct ldbm	*LDBM;
+typedef struct ldbm *LDBM;
 
 /* for ldbm_open */
-#define LDBM_READER	(ISINPUT | ISVARLEN | ISMANULOCK)
-#define LDBM_WRITER	(ISINOUT | ISVARLEN | ISMANULOCK)
-#define LDBM_WRCREAT	(ISINOUT | ISVARLEN | ISMANULOCK | ISEXCLLOCK)
-#define LDBM_NEWDB	(ISINOUT | ISVARLEN | ISMANULOCK | ISEXCLLOCK)
-#define LDBM_FAST	0
+#define LDBM_READER (ISINPUT | ISVARLEN | ISMANULOCK)
+#define LDBM_WRITER (ISINOUT | ISVARLEN | ISMANULOCK)
+#define LDBM_WRCREAT (ISINOUT | ISVARLEN | ISMANULOCK | ISEXCLLOCK)
+#define LDBM_NEWDB (ISINOUT | ISVARLEN | ISMANULOCK | ISEXCLLOCK)
+#define LDBM_FAST 0
 
-#define LDBM_SUFFIX	""
-#define LDBM_ORDERED	1
+#define LDBM_SUFFIX ""
+#define LDBM_ORDERED 1
 
 /* for ldbm_insert */
-#define LDBM_INSERT	1
-#define LDBM_REPLACE	0
-#define LDBM_SYNC	0x80000000
+#define LDBM_INSERT 1
+#define LDBM_REPLACE 0
+#define LDBM_SYNC 0x80000000
 
 #else /* end of cisam */
 
@@ -272,33 +276,34 @@ typedef struct ldbm	*LDBM;
 #include <fcntl.h>
 #include "cndx.h"
 
-#define	CRDCREAT	0x100
+#define CRDCREAT 0x100
 
-extern int	errno;
+extern int errno;
 
-struct datum {
-	void    *dptr;                  /* data */
-        size_t   dsize;                 /* data length */
+struct datum
+{
+    void *dptr;   /* data */
+    size_t dsize; /* data length */
 };
 
-typedef struct datum	Datum;
+typedef struct datum Datum;
 
-typedef CFILE		*LDBM;
+typedef CFILE *LDBM;
 
 /* for ldbm_open */
-#define LDBM_READER	(CRDONLY)
-#define LDBM_WRITER	(CRDWRITE)
-#define LDBM_WRCREAT	(CRDWRITE | CRDCREAT)
-#define LDBM_NEWDB	(CRDWRITE | CRDCREAT)
-#define LDBM_FAST	0
+#define LDBM_READER (CRDONLY)
+#define LDBM_WRITER (CRDWRITE)
+#define LDBM_WRCREAT (CRDWRITE | CRDCREAT)
+#define LDBM_NEWDB (CRDWRITE | CRDCREAT)
+#define LDBM_FAST 0
 
-#define LDBM_SUFFIX	".c2i"
-#define LDBM_ORDERED	1
+#define LDBM_SUFFIX ".c2i"
+#define LDBM_ORDERED 1
 
 /* for ldbm_insert */
-#define LDBM_INSERT	1
-#define LDBM_REPLACE	0
-#define LDBM_SYNC	0x80000000
+#define LDBM_INSERT 1
+#define LDBM_REPLACE 0
+#define LDBM_SYNC 0x80000000
 
 
 #else /* end of trio */
@@ -322,30 +327,31 @@ typedef CFILE		*LDBM;
 #include "ctdecl.h"
 #include "cterrc.h"
 
-extern int	errno;
+extern int errno;
 
-struct datum {
-	void    *dptr;                  /* data */
-        size_t   dsize;                 /* data length */
+struct datum
+{
+    void *dptr;   /* data */
+    size_t dsize; /* data length */
 };
 
-typedef struct datum	Datum;
-typedef IFIL	*LDBM;
+typedef struct datum Datum;
+typedef IFIL *LDBM;
 
 /* for ldbm_open */
-#define LDBM_READER	0
-#define LDBM_WRITER	0
-#define LDBM_WRCREAT	1
-#define LDBM_NEWDB	1
-#define LDBM_FAST	0
+#define LDBM_READER 0
+#define LDBM_WRITER 0
+#define LDBM_WRCREAT 1
+#define LDBM_NEWDB 1
+#define LDBM_FAST 0
 
-#define LDBM_SUFFIX	""
-#define LDBM_ORDERED	1
+#define LDBM_SUFFIX ""
+#define LDBM_ORDERED 1
 
 /* for ldbm_insert */
-#define LDBM_INSERT	1
-#define LDBM_REPLACE	0
-#define LDBM_SYNC	0x80000000
+#define LDBM_INSERT 1
+#define LDBM_REPLACE 0
+#define LDBM_SYNC 0x80000000
 
 #endif /* ctree */
 #endif /* trio */
@@ -361,27 +367,27 @@ typedef IFIL	*LDBM;
  * mode: this has the desired permissions mode on the file
  * dbcachesize: advisory cache size in bytes
  */
-LDBM	ldbm_open( char *name, int rw, int mode, int dbcachesize );
+LDBM ldbm_open(char *name, int rw, int mode, int dbcachesize);
 #ifdef LDAP_USE_DB20
 /* This is a stopgap measure to allow us to associate a session with ldbm_ calls */
-LDBM	ldbm_open2( dblayer_session session, char *name, int rw, int mode);
+LDBM ldbm_open2(dblayer_session session, char *name, int rw, int mode);
 /* These are stolen from beta2's dblayer.h */
-int dblayer_session_open(char *home_dir, char* log_dir, char* temp_dir, int cachesize, dblayer_session session) ;
-int dblayer_session_terminate(dblayer_session session) ;
+int dblayer_session_open(char *home_dir, char *log_dir, char *temp_dir, int cachesize, dblayer_session session);
+int dblayer_session_terminate(dblayer_session session);
 #endif
-int	ldbm_close( LDBM ldbm );
-void	ldbm_sync( LDBM ldbm );
-void	ldbm_datum_free( LDBM ldbm, Datum data );
-Datum	ldbm_datum_dup( LDBM ldbm, Datum data );
-Datum	ldbm_fetch( LDBM ldbm, Datum key );
-int	ldbm_store( LDBM ldbm, Datum key, Datum data, int flags );
-int	ldbm_delete( LDBM ldbm, Datum key );
-Datum	ldbm_firstkey( LDBM ldbm );
-Datum	ldbm_nextkey( LDBM ldbm, Datum key );
-Datum	ldbm_prevkey( LDBM ldbm, Datum key );
-Datum	ldbm_lastkey( LDBM ldbm );
-Datum	ldbm_cursorkey( LDBM ldbm, Datum key );
-int	ldbm_errno( LDBM ldbm );
+int ldbm_close(LDBM ldbm);
+void ldbm_sync(LDBM ldbm);
+void ldbm_datum_free(LDBM ldbm, Datum data);
+Datum ldbm_datum_dup(LDBM ldbm, Datum data);
+Datum ldbm_fetch(LDBM ldbm, Datum key);
+int ldbm_store(LDBM ldbm, Datum key, Datum data, int flags);
+int ldbm_delete(LDBM ldbm, Datum key);
+Datum ldbm_firstkey(LDBM ldbm);
+Datum ldbm_nextkey(LDBM ldbm, Datum key);
+Datum ldbm_prevkey(LDBM ldbm, Datum key);
+Datum ldbm_lastkey(LDBM ldbm);
+Datum ldbm_cursorkey(LDBM ldbm, Datum key);
+int ldbm_errno(LDBM ldbm);
 
 #endif /* _ldbm_h_ */
 

ldap/include/portable.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 /*
@@ -35,7 +35,7 @@
  */
 
 #ifndef SYSV
-#if defined( hpux ) || defined( sunos5 ) || defined ( sgi ) || defined( SVR4 )
+#if defined(hpux) || defined(sunos5) || defined(sgi) || defined(SVR4)
 #define SYSV
 #endif
 #endif
@@ -43,7 +43,7 @@
 /*
  * under System V, use sysconf() instead of getdtablesize
  */
-#if !defined( USE_SYSCONF ) && defined( SYSV )
+#if !defined(USE_SYSCONF) && defined(SYSV)
 #define USE_SYSCONF
 #endif
 
@@ -51,56 +51,56 @@
  * under System V, daemons should use setsid() instead of detaching from their
  * tty themselves
  */
-#if !defined( USE_SETSID ) && defined( SYSV )
+#if !defined(USE_SETSID) && defined(SYSV)
 #define USE_SETSID
 #endif
 
 /*
  * System V has socket options in filio.h
  */
-#if !defined( NEED_FILIO ) && defined( SYSV ) && !defined( hpux ) && !defined( AIX )
+#if !defined(NEED_FILIO) && defined(SYSV) && !defined(hpux) && !defined(AIX)
 #define NEED_FILIO
 #endif
 
 /*
  * use lockf() under System V
  */
-#if !defined( USE_LOCKF ) && ( defined( SYSV ) || defined( aix ))
+#if !defined(USE_LOCKF) && (defined(SYSV) || defined(aix))
 #define USE_LOCKF
 #endif
 
 /*
  * on many systems, we should use waitpid() instead of waitN()
  */
-#if !defined( USE_WAITPID ) && ( defined( SYSV ) || defined( sunos4 ) || defined( ultrix ) || defined( aix ))
+#if !defined(USE_WAITPID) && (defined(SYSV) || defined(sunos4) || defined(ultrix) || defined(aix))
 #define USE_WAITPID
 #endif
 
 /*
  * define the wait status argument type
  */
-#if ( defined( SunOS ) && SunOS < 40 ) || defined( nextstep )
-#define WAITSTATUSTYPE	union wait
+#if (defined(SunOS) && SunOS < 40) || defined(nextstep)
+#define WAITSTATUSTYPE union wait
 #else
-#define WAITSTATUSTYPE	int
+#define WAITSTATUSTYPE int
 #endif
 
 /*
  * define the flags for wait
  */
 #ifdef sunos5
-#define WAIT_FLAGS	( WNOHANG | WUNTRACED | WCONTINUED )
+#define WAIT_FLAGS (WNOHANG | WUNTRACED | WCONTINUED)
 #else
-#define WAIT_FLAGS	( WNOHANG | WUNTRACED )
+#define WAIT_FLAGS (WNOHANG | WUNTRACED)
 #endif
 
 /*
  * defined the options for openlog (syslog)
  */
 #ifdef ultrix
-#define OPENLOG_OPTIONS		LOG_PID
+#define OPENLOG_OPTIONS LOG_PID
 #else
-#define OPENLOG_OPTIONS		( LOG_PID | LOG_NOWAIT )
+#define OPENLOG_OPTIONS (LOG_PID | LOG_NOWAIT)
 #endif
 
 /*
@@ -115,7 +115,7 @@
  * enable use for those systems we know have it.
  */
 #ifndef HAVE_SETPWFILE
-#if defined( sunos4 ) || defined( ultrix ) || defined( OSF1 )
+#if defined(sunos4) || defined(ultrix) || defined(OSF1)
 #define HAVE_SETPWFILE
 #endif
 #endif
@@ -124,7 +124,7 @@
  * Are sys_errlist and sys_nerr declared in stdio.h?
  */
 #ifndef SYSERRLIST_IN_STDIO
-#if defined( __FreeBSD__ ) || defined(LINUX)
+#if defined(__FreeBSD__) || defined(LINUX)
 #define SYSERRLIST_IN_STDIO
 #endif
 #endif
@@ -139,12 +139,12 @@
 #include <sys/select.h>
 #endif
 #if !defined(FD_SET)
-#define NFDBITS         32
-#define FD_SETSIZE      32
-#define FD_SET(n, p)    ((p)->fds_bits[(n)/NFDBITS] |= (1 << ((n) % NFDBITS)))
-#define FD_CLR(n, p)    ((p)->fds_bits[(n)/NFDBITS] &= ~(1 << ((n) % NFDBITS)))
-#define FD_ISSET(n, p)  ((p)->fds_bits[(n)/NFDBITS] & (1 << ((n) % NFDBITS)))
-#define FD_ZERO(p)      bzero((char *)(p), sizeof(*(p)))
+#define NFDBITS 32
+#define FD_SETSIZE 32
+#define FD_SET(n, p) ((p)->fds_bits[(n) / NFDBITS] |= (1 << ((n) % NFDBITS)))
+#define FD_CLR(n, p) ((p)->fds_bits[(n) / NFDBITS] &= ~(1 << ((n) % NFDBITS)))
+#define FD_ISSET(n, p) ((p)->fds_bits[(n) / NFDBITS] & (1 << ((n) % NFDBITS)))
+#define FD_ZERO(p) bzero((char *)(p), sizeof(*(p)))
 #endif /* !FD_SET */
 #endif /* !WINSOCK && !_WINDOWS && !macintosh */
 
@@ -154,7 +154,7 @@
  * is necessary on some buggy UNIXes.
  */
 #if !defined(LDAP_CONNECT_MUST_NOT_BE_INTERRUPTED) && \
-	( defined(AIX) || defined(IRIX) || defined(HPUX) || defined(SUNOS4))
+    (defined(AIX) || defined(IRIX) || defined(HPUX) || defined(SUNOS4))
 #define LDAP_CONNECT_MUST_NOT_BE_INTERRUPTED
 #endif
 
@@ -170,63 +170,62 @@
 #endif
 
 
-
 /*
  * for signal() -- what do signal handling functions return?
  */
 #ifndef SIG_FN
 #ifdef sunos5
-#   define SIG_FN void          /* signal-catching functions return void */
-#else /* sunos5 */
-# ifdef BSD
-#  if (BSD >= 199006) || defined(NeXT) || defined(OSF1) || defined(sun) || defined(ultrix) || defined(apollo) || defined(POSIX_SIGNALS)
-#   define SIG_FN void          /* signal-catching functions return void */
-#  else
-#   define SIG_FN int           /* signal-catching functions return int */
-#  endif
-# else /* BSD */
-#  define SIG_FN void           /* signal-catching functions return void */
-# endif /* BSD */
-#endif /* sunos5 */
-#endif /* SIG_FN */
+#define SIG_FN void /* signal-catching functions return void */
+#else               /* sunos5 */
+#ifdef BSD
+#if (BSD >= 199006) || defined(NeXT) || defined(OSF1) || defined(sun) || defined(ultrix) || defined(apollo) || defined(POSIX_SIGNALS)
+#define SIG_FN void /* signal-catching functions return void */
+#else
+#define SIG_FN int /* signal-catching functions return int */
+#endif
+#else               /* BSD */
+#define SIG_FN void /* signal-catching functions return void */
+#endif              /* BSD */
+#endif              /* sunos5 */
+#endif              /* SIG_FN */
 
 /*
  * toupper and tolower macros are different under bsd and sys v
  */
-#if defined( SYSV ) && !defined( hpux )
-#define TOUPPER(c)	(isascii(c) && islower(c) ? _toupper(c) : c)
-#define TOLOWER(c)	(isascii(c) && isupper(c) ? _tolower(c) : c)
+#if defined(SYSV) && !defined(hpux)
+#define TOUPPER(c) (isascii(c) && islower(c) ? _toupper(c) : c)
+#define TOLOWER(c) (isascii(c) && isupper(c) ? _tolower(c) : c)
 #else
-#define TOUPPER(c)	(isascii(c) && islower(c) ? toupper(c) : c)
-#define TOLOWER(c)	(isascii(c) && isupper(c) ? tolower(c) : c)
+#define TOUPPER(c) (isascii(c) && islower(c) ? toupper(c) : c)
+#define TOLOWER(c) (isascii(c) && isupper(c) ? tolower(c) : c)
 #endif
 
 /*
  * put a cover on the tty-related ioctl calls we need to use
  */
-#if defined( NeXT ) || (defined(SunOS) && SunOS < 40)
+#if defined(NeXT) || (defined(SunOS) && SunOS < 40)
 #define TERMIO_TYPE struct sgttyb
 #define TERMFLAG_TYPE int
-#define GETATTR( fd, tiop )	ioctl((fd), TIOCGETP, (caddr_t)(tiop))
-#define SETATTR( fd, tiop )	ioctl((fd), TIOCSETP, (caddr_t)(tiop))
-#define GETFLAGS( tio )		(tio).sg_flags
-#define SETFLAGS( tio, flags )	(tio).sg_flags = (flags)
+#define GETATTR(fd, tiop) ioctl((fd), TIOCGETP, (caddr_t)(tiop))
+#define SETATTR(fd, tiop) ioctl((fd), TIOCSETP, (caddr_t)(tiop))
+#define GETFLAGS(tio) (tio).sg_flags
+#define SETFLAGS(tio, flags) (tio).sg_flags = (flags)
 #else
 #define USE_TERMIOS
 #define TERMIO_TYPE struct termios
 #define TERMFLAG_TYPE tcflag_t
-#define GETATTR( fd, tiop )	tcgetattr((fd), (tiop))
-#define SETATTR( fd, tiop )	tcsetattr((fd), TCSANOW /* 0 */, (tiop))
-#define GETFLAGS( tio )		(tio).c_lflag
-#define SETFLAGS( tio, flags )	(tio).c_lflag = (flags)
+#define GETATTR(fd, tiop) tcgetattr((fd), (tiop))
+#define SETATTR(fd, tiop) tcsetattr((fd), TCSANOW /* 0 */, (tiop))
+#define GETFLAGS(tio) (tio).c_lflag
+#define SETFLAGS(tio, flags) (tio).c_lflag = (flags)
 #endif
 
-#if ( !defined( HPUX9 )) && ( !defined( sunos4 )) && ( !defined( SNI )) && \
-	( !defined( HAVE_TIME_R ) )
+#if (!defined(HPUX9)) && (!defined(sunos4)) && (!defined(SNI)) && \
+    (!defined(HAVE_TIME_R))
 #define HAVE_TIME_R
 #endif
 
-#if defined( sunos5 ) || defined( aix )
+#if defined(sunos5) || defined(aix)
 #define HAVE_GETPWNAM_R
 #define HAVE_GETGRNAM_R
 #endif
@@ -242,87 +241,86 @@ int strncasecmp(const char *, const char *, size_t);
 #endif /* SNI || LINUX1_2 */
 
 #if defined(_WINDOWS) || defined(macintosh)
-#define GETHOSTBYNAME( n, r, b, l, e )  gethostbyname( n )
-#define CTIME( c, b, l )		ctime( c )
-#define STRTOK( s1, s2, l )		strtok( s1, s2 )
+#define GETHOSTBYNAME(n, r, b, l, e) gethostbyname(n)
+#define CTIME(c, b, l) ctime(c)
+#define STRTOK(s1, s2, l) strtok(s1, s2)
 #else /* UNIX */
 #if defined(sgi) || defined(HPUX9) || defined(LINUX1_2) || defined(SCOOS) || \
     defined(UNIXWARE) || defined(SUNOS4) || defined(SNI) || defined(BSDI) || \
-    defined(NCR) || defined(OSF1) || defined(NEC) || \
-    ( defined(HPUX10) && !defined(_REENTRANT)) || defined(HPUX11) || \
-    defined(UnixWare) || defined(LINUX) || defined (__FreeBSD__)
-#define GETHOSTBYNAME( n, r, b, l, e )  gethostbyname( n )
+    defined(NCR) || defined(OSF1) || defined(NEC) ||                         \
+    (defined(HPUX10) && !defined(_REENTRANT)) || defined(HPUX11) ||          \
+    defined(UnixWare) || defined(LINUX) || defined(__FreeBSD__)
+#define GETHOSTBYNAME(n, r, b, l, e) gethostbyname(n)
 #elif defined(AIX)
 #define GETHOSTBYNAME_BUF_T struct hostent_data
-#define GETHOSTBYNAME( n, r, b, l, e ) \
-	(memset (&b, 0, l), gethostbyname_r (n, r, &b) ? NULL : r)
+#define GETHOSTBYNAME(n, r, b, l, e) \
+    (memset(&b, 0, l), gethostbyname_r(n, r, &b) ? NULL : r)
 #elif defined(HPUX10)
 #define GETHOSTBYNAME_BUF_T struct hostent_data
-#define GETHOSTBYNAME( n, r, b, l, e )	nsldapi_compat_gethostbyname_r( n, r, (char *)&b, l, e )
+#define GETHOSTBYNAME(n, r, b, l, e) nsldapi_compat_gethostbyname_r(n, r, (char *)&b, l, e)
 #else
 #include <stdio.h> /* BUFSIZ */
-typedef char GETHOSTBYNAME_buf_t [BUFSIZ /* XXX might be too small */];
+typedef char GETHOSTBYNAME_buf_t[BUFSIZ /* XXX might be too small */];
 #define GETHOSTBYNAME_BUF_T GETHOSTBYNAME_buf_t
-#define GETHOSTBYNAME( n, r, b, l, e )  gethostbyname_r( n, r, b, l, e )
+#define GETHOSTBYNAME(n, r, b, l, e) gethostbyname_r(n, r, b, l, e)
 #endif
 
 /*
  * XXXmcs: GETHOSTBYADDR() is only defined for IRIX/SGI and Solaris for now.
  */
 #if defined(sgi)
-#define GETHOSTBYADDR( a, al, t, h, b, bl, e ) \
-		 gethostbyaddr( a, al, t )
+#define GETHOSTBYADDR(a, al, t, h, b, bl, e) \
+    gethostbyaddr(a, al, t)
 #elif defined(SOLARIS)
 #include <stdio.h> /* BUFSIZ */
-typedef char GETHOSTBYADDR_buf_t [BUFSIZ];
+typedef char GETHOSTBYADDR_buf_t[BUFSIZ];
 #define GETHOSTBYADDR_BUF_T GETHOSTBYADDR_buf_t
-#define GETHOSTBYADDR( a, al, t, h, b, bl, e ) \
-		gethostbyaddr_r( a, al, t, h, b, bl, e )
+#define GETHOSTBYADDR(a, al, t, h, b, bl, e) \
+    gethostbyaddr_r(a, al, t, h, b, bl, e)
 #endif
 
 
-#if defined(HPUX9) || defined(LINUX1_2) || defined(SUNOS4) || defined(SNI) || \
-    defined(SCOOS) || defined(BSDI) || defined(NCR) || defined (__FreeBSD__) || \
-    defined(NEC) || ( defined(HPUX10) && !defined(_REENTRANT)) 
-#define CTIME( c, b, l )		ctime( c )
-#elif defined( hpux10 )
-#define CTIME( c, b, l )		nsldapi_compat_ctime_r( c, b, l )
-#elif defined( IRIX ) || defined(UNIXWARE) || defined(LINUX) \
-	|| defined(OSF1V4) || defined(AIX) || defined(UnixWare) || defined (HPUX11)
-#define CTIME( c, b, l )                ctime_r( c, b )
-#elif defined( OSF1V3 )
-#define CTIME( c, b, l )		(ctime_r( c, b, l ) ? NULL : b)
+#if defined(HPUX9) || defined(LINUX1_2) || defined(SUNOS4) || defined(SNI) ||  \
+    defined(SCOOS) || defined(BSDI) || defined(NCR) || defined(__FreeBSD__) || \
+    defined(NEC) || (defined(HPUX10) && !defined(_REENTRANT))
+#define CTIME(c, b, l) ctime(c)
+#elif defined(hpux10)
+#define CTIME(c, b, l) nsldapi_compat_ctime_r(c, b, l)
+#elif defined(IRIX) || defined(UNIXWARE) || defined(LINUX) || defined(OSF1V4) || defined(AIX) || defined(UnixWare) || defined(HPUX11)
+#define CTIME(c, b, l) ctime_r(c, b)
+#elif defined(OSF1V3)
+#define CTIME(c, b, l) (ctime_r(c, b, l) ? NULL : b)
 #else
-#define CTIME( c, b, l )		ctime_r( c, b, l )
+#define CTIME(c, b, l) ctime_r(c, b, l)
 #endif
 #if defined(hpux9) || defined(LINUX1_2) || defined(SUNOS4) || defined(SNI) || \
-    defined(SCOOS) || defined(BSDI) || defined(NCR) || \
+    defined(SCOOS) || defined(BSDI) || defined(NCR) ||                        \
     defined(NEC) || defined(LINUX)
-/* strtok() is not MT safe, but it is okay to call here because used in mmt_protocol.xs which 
+/* strtok() is not MT safe, but it is okay to call here because used in mmt_protocol.xs which
    has been moved in the tetframewrok */
-#define STRTOK( s1, s2, l )		strtok( s1, s2 )
+#define STRTOK(s1, s2, l) strtok(s1, s2)
 #else
 #define HAVE_STRTOK_R
 char *strtok_r(char *, const char *, char **);
-#define STRTOK( s1, s2, l )		(char *)strtok_r( s1, s2, l )
+#define STRTOK(s1, s2, l) (char *)strtok_r(s1, s2, l)
 #endif /* STRTOK */
 #endif /* UNIX */
 
-#if defined( ultrix ) || defined( nextstep )
+#if defined(ultrix) || defined(nextstep)
 extern char *strdup();
 #endif /* ultrix || nextstep */
 
-#if defined( sunos4 ) || defined( OSF1 ) || defined (__FreeBSD__)
-#define	BSD_TIME	1	/* for servers/slapd/log.h */
-#endif /* sunos4 || osf */
+#if defined(sunos4) || defined(OSF1) || defined(__FreeBSD__)
+#define BSD_TIME 1 /* for servers/slapd/log.h */
+#endif             /* sunos4 || osf */
 
 #ifdef SOLARIS
 #include <netinet/in.h>
-#include <arpa/inet.h>	/* for inet_addr() */
-#endif /* SOLARIS */
+#include <arpa/inet.h> /* for inet_addr() */
+#endif                 /* SOLARIS */
 
 #ifdef SUNOS4
-#include <pcfs/pc_dir.h>	/* for toupper() */
+#include <pcfs/pc_dir.h> /* for toupper() */
 int fprintf(FILE *, char *, ...);
 int fseek(FILE *, long, int);
 int fread(char *, int, int, FILE *);
@@ -340,7 +338,7 @@ int LDAP_CALL re_exec(char *);
 int socket(int, int, int);
 void bzero(char *, int);
 unsigned long inet_addr(char *);
-char * inet_ntoa(struct in_addr);
+char *inet_ntoa(struct in_addr);
 int getdtablesize();
 int connect(int, struct sockaddr *, int);
 #endif /* SUNOS4 */
@@ -354,12 +352,12 @@ int select(int, fd_set *, fd_set *, fd_set *, struct timeval *);
  * SAFEMEMCPY is an overlap-safe copy from s to d of n bytes
  */
 #ifdef macintosh
-#define SAFEMEMCPY( d, s, n )	BlockMoveData( (Ptr)s, (Ptr)d, n )
+#define SAFEMEMCPY(d, s, n) BlockMoveData((Ptr)s, (Ptr)d, n)
 #else /* macintosh */
 #ifdef sunos4
-#define SAFEMEMCPY( d, s, n )	bcopy( s, d, n )
+#define SAFEMEMCPY(d, s, n) bcopy(s, d, n)
 #else /* sunos4 */
-#define SAFEMEMCPY( d, s, n )	memmove( d, s, n )
+#define SAFEMEMCPY(d, s, n) memmove(d, s, n)
 #endif /* sunos4 */
 #endif /* macintosh */
 
@@ -369,11 +367,11 @@ int select(int, fd_set *, fd_set *, fd_set *, struct timeval *);
 #define strcasecmp strcmpi
 #undef strncasecmp
 #define strncasecmp _strnicmp
-#define bzero(a, b) memset( a, 0, b )
+#define bzero(a, b) memset(a, 0, b)
 #define getpid _getpid
 #define ioctl ioctlsocket
 #undef sleep
-#define sleep(a) Sleep( a*1000 )
+#define sleep(a) Sleep(a * 1000)
 
 #define EMSGSIZE WSAEMSGSIZE
 #define EWOULDBLOCK WSAEWOULDBLOCK

ldap/include/regex.h

@@ -4,14 +4,14 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
-#if defined( macintosh ) || defined( NEED_BSDREGEX )
+#if defined(macintosh) || defined(NEED_BSDREGEX)
 /*
  * Copyright (c) 1993 Regents of the University of Michigan.
  * All rights reserved.
@@ -32,13 +32,13 @@
 extern "C" {
 #endif
 
-#include "ldap.h" 
+#include "ldap.h"
 
-#if !defined( NEEDPROTOS ) && defined( __STDC__ )
+#if !defined(NEEDPROTOS) && defined(__STDC__)
 #define NEEDPROTOS
 #endif
 
-#ifdef _SLDAPD_H_	/* server build: no need to use LDAP_CALL stuff */
+#ifdef _SLDAPD_H_ /* server build: no need to use LDAP_CALL stuff */
 #ifdef LDAP_CALL
 #undef LDAP_CALL
 #define LDAP_CALL
@@ -46,24 +46,24 @@ extern "C" {
 #endif
 
 #ifdef NEEDPROTOS
-int re_init( void );
-void re_lock( void );
-int re_unlock( void );
-char *  re_comp( char *pat );
-int re_exec( char *lp );
-void  re_modw( char *s );
-int  re_subs( char *src, char *dst );
-#else /* NEEDPROTOS */
+int re_init(void);
+void re_lock(void);
+int re_unlock(void);
+char *re_comp(char *pat);
+int re_exec(char *lp);
+void re_modw(char *s);
+int re_subs(char *src, char *dst);
+#else  /* NEEDPROTOS */
 int re_init();
 void re_lock();
 int re_unlock();
-char *  re_comp();
-int  re_exec();
-void  re_modw();
-int  re_subs();
+char *re_comp();
+int re_exec();
+void re_modw();
+int re_subs();
 #endif /* NEEDPROTOS */
 
-#define re_fail( m, p )
+#define re_fail(m, p)
 
 #ifdef __cplusplus
 }

ldap/include/srchpref.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 /*
@@ -42,76 +42,78 @@ extern "C" {
 #define LDAP_CALL
 #endif /* LDAP_CALL */
 
-struct ldap_searchattr {
-	char				*sa_attrlabel;
-	char				*sa_attr;
-					/* max 32 matchtypes for now */
-	unsigned long			sa_matchtypebitmap;
-	char				*sa_selectattr;
-	char				*sa_selecttext;
-	struct ldap_searchattr		*sa_next;
+struct ldap_searchattr
+{
+    char *sa_attrlabel;
+    char *sa_attr;
+    /* max 32 matchtypes for now */
+    unsigned long sa_matchtypebitmap;
+    char *sa_selectattr;
+    char *sa_selecttext;
+    struct ldap_searchattr *sa_next;
 };
 
-struct ldap_searchmatch {
-	char				*sm_matchprompt;
-	char				*sm_filter;
-	struct ldap_searchmatch		*sm_next;
+struct ldap_searchmatch
+{
+    char *sm_matchprompt;
+    char *sm_filter;
+    struct ldap_searchmatch *sm_next;
 };
 
-struct ldap_searchobj {
-	char				*so_objtypeprompt;
-	unsigned long			so_options;
-	char				*so_prompt;
-	short				so_defaultscope;
-	char				*so_filterprefix;
-	char				*so_filtertag;
-	char				*so_defaultselectattr;
-	char				*so_defaultselecttext;
-	struct ldap_searchattr		*so_salist;
-	struct ldap_searchmatch		*so_smlist;
-	struct ldap_searchobj		*so_next;
+struct ldap_searchobj
+{
+    char *so_objtypeprompt;
+    unsigned long so_options;
+    char *so_prompt;
+    short so_defaultscope;
+    char *so_filterprefix;
+    char *so_filtertag;
+    char *so_defaultselectattr;
+    char *so_defaultselecttext;
+    struct ldap_searchattr *so_salist;
+    struct ldap_searchmatch *so_smlist;
+    struct ldap_searchobj *so_next;
 };
 
-#define NULLSEARCHOBJ			((struct ldap_searchobj *)0)
+#define NULLSEARCHOBJ ((struct ldap_searchobj *)0)
 
 /*
  * global search object options
  */
-#define LDAP_SEARCHOBJ_OPT_INTERNAL	0x00000001
+#define LDAP_SEARCHOBJ_OPT_INTERNAL 0x00000001
 
-#define LDAP_IS_SEARCHOBJ_OPTION_SET( so, option )	\
-	(((so)->so_options & option ) != 0 )
+#define LDAP_IS_SEARCHOBJ_OPTION_SET(so, option) \
+    (((so)->so_options & option) != 0)
 
-#define LDAP_SEARCHPREF_VERSION_ZERO	0
-#define LDAP_SEARCHPREF_VERSION		1
+#define LDAP_SEARCHPREF_VERSION_ZERO 0
+#define LDAP_SEARCHPREF_VERSION 1
 
-#define LDAP_SEARCHPREF_ERR_VERSION	1
-#define LDAP_SEARCHPREF_ERR_MEM		2
-#define LDAP_SEARCHPREF_ERR_SYNTAX	3
-#define LDAP_SEARCHPREF_ERR_FILE	4
+#define LDAP_SEARCHPREF_ERR_VERSION 1
+#define LDAP_SEARCHPREF_ERR_MEM 2
+#define LDAP_SEARCHPREF_ERR_SYNTAX 3
+#define LDAP_SEARCHPREF_ERR_FILE 4
 
 
 LDAP_API(int)
 LDAP_CALL
-ldap_init_searchprefs( char *file, struct ldap_searchobj **solistp );
+ldap_init_searchprefs(char *file, struct ldap_searchobj **solistp);
 
 LDAP_API(int)
 LDAP_CALL
-ldap_init_searchprefs_buf( char *buf, long buflen,
-	struct ldap_searchobj **solistp );
+ldap_init_searchprefs_buf(char *buf, long buflen, struct ldap_searchobj **solistp);
 
 LDAP_API(void)
 LDAP_CALL
-ldap_free_searchprefs( struct ldap_searchobj *solist );
+ldap_free_searchprefs(struct ldap_searchobj *solist);
 
 LDAP_API(struct ldap_searchobj *)
 LDAP_CALL
-ldap_first_searchobj( struct ldap_searchobj *solist );
+ldap_first_searchobj(struct ldap_searchobj *solist);
 
 LDAP_API(struct ldap_searchobj *)
 LDAP_CALL
-ldap_next_searchobj( struct ldap_searchobj *sollist,
-	struct ldap_searchobj *so );
+ldap_next_searchobj(struct ldap_searchobj *sollist,
+                    struct ldap_searchobj *so);
 
 #ifdef __cplusplus
 }

ldap/include/sysexits-compat.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 /*
@@ -27,89 +27,89 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- *	@(#)sysexits.h	4.5 (Berkeley) 7/6/88
+ *    @(#)sysexits.h    4.5 (Berkeley) 7/6/88
  */
 
 /*
 **  SYSEXITS.H -- Exit status codes for system programs.
 **
-**	This include file attempts to categorize possible error
-**	exit statuses for system programs, notably delivermail
-**	and the Berkeley network.
+**    This include file attempts to categorize possible error
+**    exit statuses for system programs, notably delivermail
+**    and the Berkeley network.
 **
-**	Error numbers begin at EX__BASE to reduce the possibility of
-**	clashing with other exit statuses that random programs may
-**	already return.  The meaning of the codes is approximately
-**	as follows:
+**    Error numbers begin at EX__BASE to reduce the possibility of
+**    clashing with other exit statuses that random programs may
+**    already return.  The meaning of the codes is approximately
+**    as follows:
 **
-**	EX_USAGE -- The command was used incorrectly, e.g., with
-**		the wrong number of arguments, a bad flag, a bad
-**		syntax in a parameter, or whatever.
-**	EX_DATAERR -- The input data was incorrect in some way.
-**		This should only be used for user's data & not
-**		system files.
-**	EX_NOINPUT -- An input file (not a system file) did not
-**		exist or was not readable.  This could also include
-**		errors like "No message" to a mailer (if it cared
-**		to catch it).
-**	EX_NOUSER -- The user specified did not exist.  This might
-**		be used for mail addresses or remote logins.
-**	EX_NOHOST -- The host specified did not exist.  This is used
-**		in mail addresses or network requests.
-**	EX_UNAVAILABLE -- A service is unavailable.  This can occur
-**		if a support program or file does not exist.  This
-**		can also be used as a catchall message when something
-**		you wanted to do doesn't work, but you don't know
-**		why.
-**	EX_SOFTWARE -- An internal software error has been detected.
-**		This should be limited to non-operating system related
-**		errors as possible.
-**	EX_OSERR -- An operating system error has been detected.
-**		This is intended to be used for such things as "cannot
-**		fork", "cannot create pipe", or the like.  It includes
-**		things like getuid returning a user that does not
-**		exist in the passwd file.
-**	EX_OSFILE -- Some system file (e.g., /etc/passwd, /etc/utmp,
-**		etc.) does not exist, cannot be opened, or has some
-**		sort of error (e.g., syntax error).
-**	EX_CANTCREAT -- A (user specified) output file cannot be
-**		created.
-**	EX_IOERR -- An error occurred while doing I/O on some file.
-**	EX_TEMPFAIL -- temporary failure, indicating something that
-**		is not really an error.  In sendmail, this means
-**		that a mailer (e.g.) could not create a connection,
-**		and the request should be reattempted later.
-**	EX_PROTOCOL -- the remote system returned something that
-**		was "not possible" during a protocol exchange.
-**	EX_NOPERM -- You did not have sufficient permission to
-**		perform the operation.  This is not intended for
-**		file system problems, which should use NOINPUT or
-**		CANTCREAT, but rather for higher level permissions.
-**		For example, kre uses this to restrict who students
-**		can send mail to.
+**    EX_USAGE -- The command was used incorrectly, e.g., with
+**        the wrong number of arguments, a bad flag, a bad
+**        syntax in a parameter, or whatever.
+**    EX_DATAERR -- The input data was incorrect in some way.
+**        This should only be used for user's data & not
+**        system files.
+**    EX_NOINPUT -- An input file (not a system file) did not
+**        exist or was not readable.  This could also include
+**        errors like "No message" to a mailer (if it cared
+**        to catch it).
+**    EX_NOUSER -- The user specified did not exist.  This might
+**        be used for mail addresses or remote logins.
+**    EX_NOHOST -- The host specified did not exist.  This is used
+**        in mail addresses or network requests.
+**    EX_UNAVAILABLE -- A service is unavailable.  This can occur
+**        if a support program or file does not exist.  This
+**        can also be used as a catchall message when something
+**        you wanted to do doesn't work, but you don't know
+**        why.
+**    EX_SOFTWARE -- An internal software error has been detected.
+**        This should be limited to non-operating system related
+**        errors as possible.
+**    EX_OSERR -- An operating system error has been detected.
+**        This is intended to be used for such things as "cannot
+**        fork", "cannot create pipe", or the like.  It includes
+**        things like getuid returning a user that does not
+**        exist in the passwd file.
+**    EX_OSFILE -- Some system file (e.g., /etc/passwd, /etc/utmp,
+**        etc.) does not exist, cannot be opened, or has some
+**        sort of error (e.g., syntax error).
+**    EX_CANTCREAT -- A (user specified) output file cannot be
+**        created.
+**    EX_IOERR -- An error occurred while doing I/O on some file.
+**    EX_TEMPFAIL -- temporary failure, indicating something that
+**        is not really an error.  In sendmail, this means
+**        that a mailer (e.g.) could not create a connection,
+**        and the request should be reattempted later.
+**    EX_PROTOCOL -- the remote system returned something that
+**        was "not possible" during a protocol exchange.
+**    EX_NOPERM -- You did not have sufficient permission to
+**        perform the operation.  This is not intended for
+**        file system problems, which should use NOINPUT or
+**        CANTCREAT, but rather for higher level permissions.
+**        For example, kre uses this to restrict who students
+**        can send mail to.
 **
-**	Maintained by Eric Allman (eric@berkeley, ucbvax!eric) --
-**		please mail changes to me.
+**    Maintained by Eric Allman (eric@berkeley, ucbvax!eric) --
+**        please mail changes to me.
 **
-**			@(#)sysexits.h	4.5		7/6/88
+**            @(#)sysexits.h    4.5        7/6/88
 */
 
-# define EX_OK		0	/* successful termination */
+#define EX_OK 0 /* successful termination */
 
-# define EX__BASE	64	/* base value for error messages */
+#define EX__BASE 64 /* base value for error messages */
 
-# define EX_USAGE	64	/* command line usage error */
-# define EX_DATAERR	65	/* data format error */
-# define EX_NOINPUT	66	/* cannot open input */
-# define EX_NOUSER	67	/* addressee unknown */
-# define EX_NOHOST	68	/* host name unknown */
-# define EX_UNAVAILABLE	69	/* service unavailable */
-# define EX_SOFTWARE	70	/* internal software error */
-# define EX_OSERR	71	/* system error (e.g., can't fork) */
-# define EX_OSFILE	72	/* critical OS file missing */
-# define EX_CANTCREAT	73	/* can't create (user) output file */
-# define EX_IOERR	74	/* input/output error */
-# define EX_TEMPFAIL	75	/* temp failure; user is invited to retry */
-# define EX_PROTOCOL	76	/* remote error in protocol */
-# define EX_NOPERM	77	/* permission denied */
-# define EX_CONFIG	78	/* configuration error */
+#define EX_USAGE 64       /* command line usage error */
+#define EX_DATAERR 65     /* data format error */
+#define EX_NOINPUT 66     /* cannot open input */
+#define EX_NOUSER 67      /* addressee unknown */
+#define EX_NOHOST 68      /* host name unknown */
+#define EX_UNAVAILABLE 69 /* service unavailable */
+#define EX_SOFTWARE 70    /* internal software error */
+#define EX_OSERR 71       /* system error (e.g., can't fork) */
+#define EX_OSFILE 72      /* critical OS file missing */
+#define EX_CANTCREAT 73   /* can't create (user) output file */
+#define EX_IOERR 74       /* input/output error */
+#define EX_TEMPFAIL 75    /* temp failure; user is invited to retry */
+#define EX_PROTOCOL 76    /* remote error in protocol */
+#define EX_NOPERM 77      /* permission denied */
+#define EX_CONFIG 78      /* configuration error */

ldap/libraries/libavl/testavl.c

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 /* testavl.c - Test Tim Howes AVL code */
@@ -16,115 +16,112 @@
 #include <stdio.h>
 #include "avl.h"
 
-char *strdup( s )
-char	*s;
+char *strdup(s) char *s;
 {
-	char	*new;
+    char *new;
 
-	if ( (new = (char *) malloc( strlen( s ) + 1 )) == NULL )
-		return( NULL );
+    if ((new = (char *)malloc(strlen(s) + 1)) == NULL)
+        return (NULL);
 
-	strcpy( new, s );
+    strcpy(new, s);
 
-	return( new );
+    return (new);
 }
 
-main( argc, argv )
-int	argc;
-char	**argv;
+main(argc, argv) int argc;
+char **argv;
 {
-	Avlnode	*tree = NULLAVL;
-	char	command[ 10 ];
-	char	name[ 80 ];
-	char	*p;
-	int	free(), strcmp();
-
-	printf( "> " );
-	while ( fgets( command, sizeof( command ), stdin ) != NULL ) {
-		switch( *command ) {
-		case 'n':	/* new tree */
-			( void ) avl_free( tree, free );
-			tree = NULLAVL;
-			break;
-		case 'p':	/* print */
-			( void ) myprint( tree );
-			break;
-		case 't':	/* traverse with first, next */
-			printf( "***\n" );
-			for ( p = (char * ) avl_getfirst( tree );
-			    p != NULL; p = (char *) avl_getnext( tree, p ) )
-				printf( "%s\n", p );
-			printf( "***\n" );
-			break;
-		case 'f':	/* find */
-			printf( "data? " );
-			if ( fgets( name, sizeof( name ), stdin ) == NULL )
-				exit( 0 );
-			name[ strlen( name ) - 1 ] = '\0';
-			if ( (p = (char *) avl_find( tree, name, strcmp ))
-			    == NULL )
-				printf( "Not found.\n\n" );
-			else
-				printf( "%s\n\n", p );
-			break;
-		case 'i':	/* insert */
-			printf( "data? " );
-			if ( fgets( name, sizeof( name ), stdin ) == NULL )
-				exit( 0 );
-			name[ strlen( name ) - 1 ] = '\0';
-			if ( avl_insert( &tree, strdup( name ), strcmp, 
-			    avl_dup_error ) != OK )
-				printf( "\nNot inserted!\n" );
-			break;
-		case 'd':	/* delete */
-			printf( "data? " );
-			if ( fgets( name, sizeof( name ), stdin ) == NULL )
-				exit( 0 );
-			name[ strlen( name ) - 1 ] = '\0';
-			if ( avl_delete( &tree, name, strcmp ) == NULL )
-				printf( "\nNot found!\n" );
-			break;
-		case 'q':	/* quit */
-			exit( 0 );
-			break;
-		case '\n':
-			break;
-		default:
-			printf("Commands: insert, delete, print, new, quit\n");
-		}
-
-		printf( "> " );
-	}
-	/* NOTREACHED */
+    Avlnode *tree = NULLAVL;
+    char command[10];
+    char name[80];
+    char *p;
+    int free(), strcmp();
+
+    printf("> ");
+    while (fgets(command, sizeof(command), stdin) != NULL) {
+        switch (*command) {
+        case 'n': /* new tree */
+            (void)avl_free(tree, free);
+            tree = NULLAVL;
+            break;
+        case 'p': /* print */
+            (void)myprint(tree);
+            break;
+        case 't': /* traverse with first, next */
+            printf("***\n");
+            for (p = (char *)avl_getfirst(tree);
+                 p != NULL; p = (char *)avl_getnext(tree, p))
+                printf("%s\n", p);
+            printf("***\n");
+            break;
+        case 'f': /* find */
+            printf("data? ");
+            if (fgets(name, sizeof(name), stdin) == NULL)
+                exit(0);
+            name[strlen(name) - 1] = '\0';
+            if ((p = (char *)avl_find(tree, name, strcmp)) == NULL)
+                printf("Not found.\n\n");
+            else
+                printf("%s\n\n", p);
+            break;
+        case 'i': /* insert */
+            printf("data? ");
+            if (fgets(name, sizeof(name), stdin) == NULL)
+                exit(0);
+            name[strlen(name) - 1] = '\0';
+            if (avl_insert(&tree, strdup(name), strcmp,
+                           avl_dup_error) != OK)
+                printf("\nNot inserted!\n");
+            break;
+        case 'd': /* delete */
+            printf("data? ");
+            if (fgets(name, sizeof(name), stdin) == NULL)
+                exit(0);
+            name[strlen(name) - 1] = '\0';
+            if (avl_delete(&tree, name, strcmp) == NULL)
+                printf("\nNot found!\n");
+            break;
+        case 'q': /* quit */
+            exit(0);
+            break;
+        case '\n':
+            break;
+        default:
+            printf("Commands: insert, delete, print, new, quit\n");
+        }
+
+        printf("> ");
+    }
+    /* NOTREACHED */
 }
 
-static ravl_print( root, depth )
-Avlnode	*root;
-int	depth;
+static ravl_print(root, depth)
+    Avlnode *root;
+int depth;
 {
-	int	i;
+    int i;
 
-	if ( root == 0 )
-		return;
+    if (root == 0)
+        return;
 
-	ravl_print( root->avl_right, depth+1 );
+    ravl_print(root->avl_right, depth + 1);
 
-	for ( i = 0; i < depth; i++ )
-		printf( "   " );
-	printf( "%s %d\n", root->avl_data, root->avl_bf );
+    for (i = 0; i < depth; i++)
+        printf("   ");
+    printf("%s %d\n", root->avl_data, root->avl_bf);
 
-	ravl_print( root->avl_left, depth+1 );
+    ravl_print(root->avl_left, depth + 1);
 }
 
-myprint( root )
-Avlnode	*root;
+myprint(root)
+    Avlnode *root;
 {
-	printf( "********\n" );
+    printf("********\n");
 
-	if ( root == 0 )
-		printf( "\tNULL\n" );
-	else
-		( void ) ravl_print( root, 0 );
+    if (root == 0)
+        printf("\tNULL\n");
+    else
+        (void)ravl_print(root, 0);
 
-	printf( "********\n" );
+    printf("********\n");
 }

ldap/servers/plugins/acct_usability/acct_usability.c

@@ -3,11 +3,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 /*
@@ -25,22 +25,22 @@
 static void *_PluginID = NULL;
 static char *_PluginDN = NULL;
 
-static Slapi_PluginDesc pdesc = { AUC_FEATURE_DESC,
-                                  VENDOR,
-                                  DS_PACKAGE_VERSION,
-                                  AUC_PLUGIN_DESC };
+static Slapi_PluginDesc pdesc = {AUC_FEATURE_DESC,
+                                 VENDOR,
+                                 DS_PACKAGE_VERSION,
+                                 AUC_PLUGIN_DESC};
 
 /*
  * Plug-in management functions
  */
-int auc_init(Slapi_PBlock * pb);
-static int auc_start(Slapi_PBlock * pb);
-static int auc_close(Slapi_PBlock * pb);
+int auc_init(Slapi_PBlock *pb);
+static int auc_start(Slapi_PBlock *pb);
+static int auc_close(Slapi_PBlock *pb);
 
 /*
  * Operation callbacks (where the real work is done)
  */
-static int auc_pre_search(Slapi_PBlock * pb);
+static int auc_pre_search(Slapi_PBlock *pb);
 static int auc_pre_entry(Slapi_PBlock *pb);
 
 /*
@@ -80,7 +80,7 @@ auc_init(Slapi_PBlock *pb)
     char *plugin_identity = NULL;
 
     slapi_log_err(SLAPI_LOG_TRACE, AUC_PLUGIN_SUBSYSTEM,
-                    "--> auc_init\n");
+                  "--> auc_init\n");
 
     /* Store the plugin identity for later use.
      * Used for internal operations. */
@@ -92,18 +92,17 @@ auc_init(Slapi_PBlock *pb)
     if (slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION,
                          SLAPI_PLUGIN_VERSION_01) != 0 ||
         slapi_pblock_set(pb, SLAPI_PLUGIN_START_FN,
-                         (void *) auc_start) != 0 ||
+                         (void *)auc_start) != 0 ||
         slapi_pblock_set(pb, SLAPI_PLUGIN_CLOSE_FN,
-                         (void *) auc_close) != 0 ||
+                         (void *)auc_close) != 0 ||
         slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION,
-                         (void *) &pdesc) != 0 ||
+                         (void *)&pdesc) != 0 ||
         slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_SEARCH_FN,
-                         (void *) auc_pre_search) != 0 ||
+                         (void *)auc_pre_search) != 0 ||
         slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_ENTRY_FN,
-                         (void *) auc_pre_entry) != 0
-        ) {
+                         (void *)auc_pre_entry) != 0) {
         slapi_log_err(SLAPI_LOG_ERR, AUC_PLUGIN_SUBSYSTEM,
-                        "auc_init - Failed to register plugin\n");
+                      "auc_init - Failed to register plugin\n");
         status = -1;
     }
 
@@ -112,7 +111,7 @@ auc_init(Slapi_PBlock *pb)
     }
 
     slapi_log_err(SLAPI_LOG_TRACE, AUC_PLUGIN_SUBSYSTEM,
-                    "<-- auc_init\n");
+                  "<-- auc_init\n");
     return status;
 }
 
@@ -121,16 +120,16 @@ auc_init(Slapi_PBlock *pb)
  * auc_start()
  */
 static int
-auc_start(Slapi_PBlock * pb __attribute__((unused)))
+auc_start(Slapi_PBlock *pb __attribute__((unused)))
 {
     slapi_log_err(SLAPI_LOG_TRACE, AUC_PLUGIN_SUBSYSTEM,
-                    "--> auc_start\n");
+                  "--> auc_start\n");
 
     slapi_log_err(SLAPI_LOG_PLUGIN, AUC_PLUGIN_SUBSYSTEM,
-                    "auc_start - Account usability control plug-in: ready for service\n");
+                  "auc_start - Account usability control plug-in: ready for service\n");
 
     slapi_log_err(SLAPI_LOG_TRACE, AUC_PLUGIN_SUBSYSTEM,
-                    "<-- auc_start\n");
+                  "<-- auc_start\n");
 
     return 0;
 }
@@ -139,13 +138,13 @@ auc_start(Slapi_PBlock * pb __attribute__((unused)))
  * auc_close()
  */
 static int
-auc_close(Slapi_PBlock * pb __attribute__((unused)))
+auc_close(Slapi_PBlock *pb __attribute__((unused)))
 {
     slapi_log_err(SLAPI_LOG_TRACE, AUC_PLUGIN_SUBSYSTEM,
-                    "--> auc_close\n");
+                  "--> auc_close\n");
 
     slapi_log_err(SLAPI_LOG_TRACE, AUC_PLUGIN_SUBSYSTEM,
-                    "<-- auc_close\n");
+                  "<-- auc_close\n");
 
     return 0;
 }
@@ -181,9 +180,10 @@ auc_incompatible_ctrl(const char *oid __attribute__((unused)))
  *       reset                  [1] BOOLEAN DEFAULT FALSE,
  *       expired                [2] BOOLEAN DEFAULT_FALSE,
  *       remaining_grace        [3] INTEGER OPTIONAL,
- *       seconds_before_unlock  [4] INTEGER OPTIONAL } 
+ *       seconds_before_unlock  [4] INTEGER OPTIONAL }
  */
-static LDAPControl *auc_create_response_ctrl(Slapi_Entry *e)
+static LDAPControl *
+auc_create_response_ctrl(Slapi_Entry *e)
 {
     BerElement *ctrlber = NULL;
     LDAPControl *ctrl = NULL;
@@ -201,7 +201,7 @@ static LDAPControl *auc_create_response_ctrl(Slapi_Entry *e)
 
     if (!e) {
         slapi_log_err(SLAPI_LOG_PLUGIN, AUC_PLUGIN_SUBSYSTEM,
-                        "auc_create_response_ctrl - NULL entry specified.\n");
+                      "auc_create_response_ctrl - NULL entry specified.\n");
         goto bail;
     }
 
@@ -236,7 +236,7 @@ static LDAPControl *auc_create_response_ctrl(Slapi_Entry *e)
         /* Fill in reason account is not available */
         ber_printf(ctrlber, "t{", AUC_TAG_NOT_AVAILABLE);
         ber_printf(ctrlber, "tb", AUC_TAG_INACTIVE, inactive);
-        ber_printf(ctrlber, "tb", AUC_TAG_RESET, reset); 
+        ber_printf(ctrlber, "tb", AUC_TAG_RESET, reset);
         ber_printf(ctrlber, "tb", AUC_TAG_EXPIRED, expired);
 
         if (expired) {
@@ -282,12 +282,12 @@ auc_pre_search(Slapi_PBlock *pb)
     int ii;
 
     slapi_log_err(SLAPI_LOG_TRACE, AUC_PLUGIN_SUBSYSTEM,
-                    "--> auc_pre_search\n");
+                  "--> auc_pre_search\n");
 
     /* See if the requestor is the root DN. */
-    slapi_pblock_get( pb, SLAPI_REQUESTOR_ISROOT, &isroot );
+    slapi_pblock_get(pb, SLAPI_REQUESTOR_ISROOT, &isroot);
 
-    /* see if the auc request control is in the list of 
+    /* see if the auc request control is in the list of
        controls - if so, validate it */
     slapi_pblock_get(pb, SLAPI_REQCONTROLS, &reqctrls);
     for (ii = 0; (ldapcode == LDAP_SUCCESS) && reqctrls && reqctrls[ii]; ++ii) {
@@ -295,14 +295,14 @@ auc_pre_search(Slapi_PBlock *pb)
         if (!strcmp(ctrl->ldctl_oid, AUC_OID)) {
             if (aucctrl) { /* already specified */
                 slapi_log_err(SLAPI_LOG_ERR, AUC_PLUGIN_SUBSYSTEM,
-                                "auc_pre_search - The account usability control was specified more than "
-                                "once - it must be specified only once in the search request\n");
+                              "auc_pre_search - The account usability control was specified more than "
+                              "once - it must be specified only once in the search request\n");
                 ldapcode = LDAP_PROTOCOL_ERROR;
                 ldaperrtext = "The account usability control cannot be specified more than once";
                 aucctrl = NULL;
             } else if (ctrl->ldctl_value.bv_len > 0) {
                 slapi_log_err(SLAPI_LOG_ERR, AUC_PLUGIN_SUBSYSTEM,
-                                "Non-null control value specified for account usability control\n");
+                              "Non-null control value specified for account usability control\n");
                 ldapcode = LDAP_PROTOCOL_ERROR;
                 ldaperrtext = "The account usability control must not have a value";
             } else {
@@ -315,8 +315,9 @@ auc_pre_search(Slapi_PBlock *pb)
 
     if (aucctrl && incompatible) {
         slapi_log_err(SLAPI_LOG_ERR, AUC_PLUGIN_SUBSYSTEM,
-                "auc_pre_search - Cannot use the account usability control and control "
-                "[%s] for the same search operation\n", incompatible);
+                      "auc_pre_search - Cannot use the account usability control and control "
+                      "[%s] for the same search operation\n",
+                      incompatible);
         /* not sure if this is a hard failure - the current spec says:
            The semantics of the criticality field are specified in [RFC4511].
            In detail, the criticality of the control determines whether the
@@ -341,7 +342,7 @@ auc_pre_search(Slapi_PBlock *pb)
 
         /* Fetch the feature entry and see if the requestor is allowed access. */
         PR_snprintf(dn, sizeof(dn), "dn: oid=%s,cn=features,cn=config", AUC_OID);
-        if ((feature = slapi_str2entry(dn,0)) != NULL) {
+        if ((feature = slapi_str2entry(dn, 0)) != NULL) {
             char *dummy_attr = "1.1";
 
             ldapcode = slapi_access_allowed(pb, feature, dummy_attr, NULL, SLAPI_ACL_READ);
@@ -363,7 +364,7 @@ auc_pre_search(Slapi_PBlock *pb)
     }
 
     slapi_log_err(SLAPI_LOG_TRACE, AUC_PLUGIN_SUBSYSTEM,
-                    "<-- auc_pre_op\n");
+                  "<-- auc_pre_op\n");
 
     return ldapcode;
 }
@@ -395,7 +396,7 @@ auc_pre_entry(Slapi_PBlock *pb)
         slapi_pblock_get(pb, SLAPI_SEARCH_ENTRY_ORIG, &e);
         if (!e) {
             slapi_log_err(SLAPI_LOG_ERR, AUC_PLUGIN_SUBSYSTEM,
-                            "auc_pre_entry - Unable to fetch entry.\n");
+                          "auc_pre_entry - Unable to fetch entry.\n");
             goto bail;
         }
 
@@ -403,8 +404,8 @@ auc_pre_entry(Slapi_PBlock *pb)
         ctrl = auc_create_response_ctrl(e);
         if (!ctrl) {
             slapi_log_err(SLAPI_LOG_ERR, AUC_PLUGIN_SUBSYSTEM,
-                "auc_pre_entry - Error creating response control for entry \"%s\".\n",
-                slapi_entry_get_ndn(e) ? slapi_entry_get_ndn(e) : "null");
+                          "auc_pre_entry - Error creating response control for entry \"%s\".\n",
+                          slapi_entry_get_ndn(e) ? slapi_entry_get_ndn(e) : "null");
             goto bail;
         }
 
@@ -425,4 +426,3 @@ auc_pre_entry(Slapi_PBlock *pb)
 bail:
     return 0;
 }
-

ldap/servers/plugins/acct_usability/acct_usability.h

@@ -3,11 +3,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 /*
@@ -19,17 +19,17 @@
 /*
  * Plug-in defines
  */
-#define AUC_PLUGIN_SUBSYSTEM  "account-usability-plugin"
-#define AUC_FEATURE_DESC      "Account Usability Control"
-#define AUC_PLUGIN_DESC       "Account Usability Control plugin"
-#define AUC_PREOP_DESC        "Account Usability Control preop plugin"
+#define AUC_PLUGIN_SUBSYSTEM "account-usability-plugin"
+#define AUC_FEATURE_DESC "Account Usability Control"
+#define AUC_PLUGIN_DESC "Account Usability Control plugin"
+#define AUC_PREOP_DESC "Account Usability Control preop plugin"
 
-#define	AUC_OID               "1.3.6.1.4.1.42.2.27.9.5.8"
+#define AUC_OID "1.3.6.1.4.1.42.2.27.9.5.8"
 
-#define AUC_TAG_AVAILABLE     0x80L   /* context specific + primitive */
-#define AUC_TAG_NOT_AVAILABLE 0xA1L   /* context specific + constructed + 1 */
-#define AUC_TAG_INACTIVE      0x80L   /* context specific + primitive */
-#define AUC_TAG_RESET         0x81L   /* context specific + primitive + 1 */
-#define AUC_TAG_EXPIRED       0x82L   /* context specific + primitive + 2 */
-#define AUC_TAG_GRACE         0x83L   /* context specific + primitive + 3 */
-#define AUC_TAG_UNLOCK        0x84L   /* context specific + primitive + 4 */
+#define AUC_TAG_AVAILABLE 0x80L     /* context specific + primitive */
+#define AUC_TAG_NOT_AVAILABLE 0xA1L /* context specific + constructed + 1 */
+#define AUC_TAG_INACTIVE 0x80L      /* context specific + primitive */
+#define AUC_TAG_RESET 0x81L         /* context specific + primitive + 1 */
+#define AUC_TAG_EXPIRED 0x82L       /* context specific + primitive + 2 */
+#define AUC_TAG_GRACE 0x83L         /* context specific + primitive + 3 */
+#define AUC_TAG_UNLOCK 0x84L        /* context specific + primitive + 4 */

ldap/servers/plugins/acctpolicy/acct_config.c

@@ -28,40 +28,41 @@ Hewlett-Packard Development Company, L.P.
 static acctPluginCfg globalcfg;
 
 /* Local function prototypes */
-static int acct_policy_entry2config( Slapi_Entry *e,
-	acctPluginCfg *newcfg );
+static int acct_policy_entry2config(Slapi_Entry *e,
+                                    acctPluginCfg *newcfg);
 
 /*
   Creates global config structure from config entry at plugin startup
 */
 int
-acct_policy_load_config_startup( Slapi_PBlock* pb __attribute__((unused)), void* plugin_id ) {
-	acctPluginCfg *newcfg;
-	Slapi_Entry *config_entry = NULL;
-	Slapi_DN *config_sdn = NULL;
-	int rc;
-
-	/* Retrieve the config entry */
-	config_sdn = slapi_sdn_new_normdn_byref( PLUGIN_CONFIG_DN );
-	rc = slapi_search_internal_get_entry( config_sdn, NULL, &config_entry,
-		plugin_id);
-	slapi_sdn_free( &config_sdn );
-
-	if( rc != LDAP_SUCCESS || config_entry == NULL ) {
-		slapi_log_err(SLAPI_LOG_ERR, PLUGIN_NAME,
-			"acct_policy_load_config_startup - Failed to retrieve configuration entry %s: %d\n",
-			PLUGIN_CONFIG_DN, rc );
-		return( -1 );
-	}
-	config_wr_lock();
-	free_config();
-	newcfg = get_config();
-	rc = acct_policy_entry2config( config_entry, newcfg );
-	config_unlock();
-
-	slapi_entry_free( config_entry );
-
-	return( rc );
+acct_policy_load_config_startup(Slapi_PBlock *pb __attribute__((unused)), void *plugin_id)
+{
+    acctPluginCfg *newcfg;
+    Slapi_Entry *config_entry = NULL;
+    Slapi_DN *config_sdn = NULL;
+    int rc;
+
+    /* Retrieve the config entry */
+    config_sdn = slapi_sdn_new_normdn_byref(PLUGIN_CONFIG_DN);
+    rc = slapi_search_internal_get_entry(config_sdn, NULL, &config_entry,
+                                         plugin_id);
+    slapi_sdn_free(&config_sdn);
+
+    if (rc != LDAP_SUCCESS || config_entry == NULL) {
+        slapi_log_err(SLAPI_LOG_ERR, PLUGIN_NAME,
+                      "acct_policy_load_config_startup - Failed to retrieve configuration entry %s: %d\n",
+                      PLUGIN_CONFIG_DN, rc);
+        return (-1);
+    }
+    config_wr_lock();
+    free_config();
+    newcfg = get_config();
+    rc = acct_policy_entry2config(config_entry, newcfg);
+    config_unlock();
+
+    slapi_entry_free(config_entry);
+
+    return (rc);
 }
 
 /*
@@ -69,107 +70,108 @@ acct_policy_load_config_startup( Slapi_PBlock* pb __attribute__((unused)), void*
    allocating the config structure memory
 */
 static int
-acct_policy_entry2config( Slapi_Entry *e, acctPluginCfg *newcfg ) {
-	char *config_val;
-	int rc = 0;
-
-	if( newcfg == NULL ) {
-		slapi_log_err(SLAPI_LOG_ERR, PLUGIN_NAME,
-			"acct_policy_entry2config - Failed to allocate configuration structure\n" );
-		return( -1 );
-	}
-
-	memset( newcfg, 0, sizeof( acctPluginCfg ) );
-
-	newcfg->state_attr_name = get_attr_string_val( e, CFG_LASTLOGIN_STATE_ATTR );
-	if( newcfg->state_attr_name == NULL ) {
-		newcfg->state_attr_name = slapi_ch_strdup( DEFAULT_LASTLOGIN_STATE_ATTR );
-	} else if (!update_is_allowed_attr(newcfg->state_attr_name)) {
-		/* log a warning that this attribute cannot be updated */
-		slapi_log_err(SLAPI_LOG_ERR, PLUGIN_NAME,
-			"acct_policy_entry2config - The configured state attribute [%s] cannot be updated, accounts will always become inactive.\n",
-			newcfg->state_attr_name );
-	}
-
-	newcfg->alt_state_attr_name = get_attr_string_val( e, CFG_ALT_LASTLOGIN_STATE_ATTR );
-	/* alt_state_attr_name should be optional, but for backward compatibility, 
-	 * if not specified use a default. If the attribute is "1.1", no fallback 
-	 * will be used
-	 */ 
-	if( newcfg->alt_state_attr_name == NULL ) {
-		newcfg->alt_state_attr_name = slapi_ch_strdup( DEFAULT_ALT_LASTLOGIN_STATE_ATTR );
-	} else if ( !strcmp( newcfg->alt_state_attr_name, "1.1" ) ) {
-                 slapi_ch_free_string( &newcfg->alt_state_attr_name ); /*none - NULL */
-	} /* else use configured value */
-
-	newcfg->always_record_login_attr = get_attr_string_val( e, CFG_RECORD_LOGIN_ATTR );
-	/* What user attribute will store the last login time 
-	 * of a user. If empty, should have the same value as 
-	 * stateattrname. default value: empty
-	 */
-	if( newcfg->always_record_login_attr == NULL ) {
-		newcfg->always_record_login_attr = slapi_ch_strdup( newcfg->state_attr_name );
-	}
-
-	newcfg->spec_attr_name = get_attr_string_val( e, CFG_SPEC_ATTR );
-	if( newcfg->spec_attr_name == NULL ) {
-		newcfg->spec_attr_name = slapi_ch_strdup( DEFAULT_SPEC_ATTR );
-	}
-
-	newcfg->limit_attr_name = get_attr_string_val( e, CFG_INACT_LIMIT_ATTR );
-	if( newcfg->limit_attr_name == NULL ) {
-		newcfg->limit_attr_name = slapi_ch_strdup( DEFAULT_INACT_LIMIT_ATTR );
-	}
-
-	config_val = get_attr_string_val( e, CFG_RECORD_LOGIN );
-	if( config_val &&
-		( strcasecmp( config_val, "true" ) == 0 ||
-		  strcasecmp( config_val, "yes" ) == 0 ||
-		  strcasecmp( config_val, "on" ) == 0 ||
-		  strcasecmp( config_val, "1" ) == 0 ) ) {
-		newcfg->always_record_login = 1;
-	} else {
-		newcfg->always_record_login = 0;
-	}
-	slapi_ch_free_string(&config_val);
-
-	/* the default limit if not set in the acctPolicySubentry */
-	config_val = get_attr_string_val( e, newcfg->limit_attr_name );
-	if( config_val ) {
-		char *endptr = NULL;
-		newcfg->inactivitylimit = strtoul(config_val, &endptr, 10);
-		if (endptr && (*endptr != '\0')) {
-			slapi_log_err(SLAPI_LOG_ERR, PLUGIN_NAME,
-							 "acct_policy_entry2config - Failed to parse [%s] from the config entry: [%s] is not a valid unsigned long value\n",
-							 newcfg->limit_attr_name, config_val );
-
-			rc = -1;
-			newcfg->inactivitylimit = ULONG_MAX;
-		}
-	} else {
-		newcfg->inactivitylimit = ULONG_MAX;
-	}
-	slapi_ch_free_string(&config_val);
-
-	return( rc );
+acct_policy_entry2config(Slapi_Entry *e, acctPluginCfg *newcfg)
+{
+    char *config_val;
+    int rc = 0;
+
+    if (newcfg == NULL) {
+        slapi_log_err(SLAPI_LOG_ERR, PLUGIN_NAME,
+                      "acct_policy_entry2config - Failed to allocate configuration structure\n");
+        return (-1);
+    }
+
+    memset(newcfg, 0, sizeof(acctPluginCfg));
+
+    newcfg->state_attr_name = get_attr_string_val(e, CFG_LASTLOGIN_STATE_ATTR);
+    if (newcfg->state_attr_name == NULL) {
+        newcfg->state_attr_name = slapi_ch_strdup(DEFAULT_LASTLOGIN_STATE_ATTR);
+    } else if (!update_is_allowed_attr(newcfg->state_attr_name)) {
+        /* log a warning that this attribute cannot be updated */
+        slapi_log_err(SLAPI_LOG_ERR, PLUGIN_NAME,
+                      "acct_policy_entry2config - The configured state attribute [%s] cannot be updated, accounts will always become inactive.\n",
+                      newcfg->state_attr_name);
+    }
+
+    newcfg->alt_state_attr_name = get_attr_string_val(e, CFG_ALT_LASTLOGIN_STATE_ATTR);
+    /* alt_state_attr_name should be optional, but for backward compatibility,
+     * if not specified use a default. If the attribute is "1.1", no fallback
+     * will be used
+     */
+    if (newcfg->alt_state_attr_name == NULL) {
+        newcfg->alt_state_attr_name = slapi_ch_strdup(DEFAULT_ALT_LASTLOGIN_STATE_ATTR);
+    } else if (!strcmp(newcfg->alt_state_attr_name, "1.1")) {
+        slapi_ch_free_string(&newcfg->alt_state_attr_name); /*none - NULL */
+    }                                                       /* else use configured value */
+
+    newcfg->always_record_login_attr = get_attr_string_val(e, CFG_RECORD_LOGIN_ATTR);
+    /* What user attribute will store the last login time
+     * of a user. If empty, should have the same value as
+     * stateattrname. default value: empty
+     */
+    if (newcfg->always_record_login_attr == NULL) {
+        newcfg->always_record_login_attr = slapi_ch_strdup(newcfg->state_attr_name);
+    }
+
+    newcfg->spec_attr_name = get_attr_string_val(e, CFG_SPEC_ATTR);
+    if (newcfg->spec_attr_name == NULL) {
+        newcfg->spec_attr_name = slapi_ch_strdup(DEFAULT_SPEC_ATTR);
+    }
+
+    newcfg->limit_attr_name = get_attr_string_val(e, CFG_INACT_LIMIT_ATTR);
+    if (newcfg->limit_attr_name == NULL) {
+        newcfg->limit_attr_name = slapi_ch_strdup(DEFAULT_INACT_LIMIT_ATTR);
+    }
+
+    config_val = get_attr_string_val(e, CFG_RECORD_LOGIN);
+    if (config_val &&
+        (strcasecmp(config_val, "true") == 0 ||
+         strcasecmp(config_val, "yes") == 0 ||
+         strcasecmp(config_val, "on") == 0 ||
+         strcasecmp(config_val, "1") == 0)) {
+        newcfg->always_record_login = 1;
+    } else {
+        newcfg->always_record_login = 0;
+    }
+    slapi_ch_free_string(&config_val);
+
+    /* the default limit if not set in the acctPolicySubentry */
+    config_val = get_attr_string_val(e, newcfg->limit_attr_name);
+    if (config_val) {
+        char *endptr = NULL;
+        newcfg->inactivitylimit = strtoul(config_val, &endptr, 10);
+        if (endptr && (*endptr != '\0')) {
+            slapi_log_err(SLAPI_LOG_ERR, PLUGIN_NAME,
+                          "acct_policy_entry2config - Failed to parse [%s] from the config entry: [%s] is not a valid unsigned long value\n",
+                          newcfg->limit_attr_name, config_val);
+
+            rc = -1;
+            newcfg->inactivitylimit = ULONG_MAX;
+        }
+    } else {
+        newcfg->inactivitylimit = ULONG_MAX;
+    }
+    slapi_ch_free_string(&config_val);
+
+    return (rc);
 }
 
 /*
   Returns a pointer to config structure for use by any code needing to look
   at, for example, attribute mappings
 */
-acctPluginCfg*
-get_config() {
-	return( &globalcfg );
+acctPluginCfg *
+get_config()
+{
+    return (&globalcfg);
 }
 
 void
 free_config()
 {
-	slapi_ch_free_string(&globalcfg.state_attr_name);
-	slapi_ch_free_string(&globalcfg.alt_state_attr_name);
-	slapi_ch_free_string(&globalcfg.spec_attr_name);
-	slapi_ch_free_string(&globalcfg.limit_attr_name);
-	slapi_ch_free_string(&globalcfg.always_record_login_attr);
+    slapi_ch_free_string(&globalcfg.state_attr_name);
+    slapi_ch_free_string(&globalcfg.alt_state_attr_name);
+    slapi_ch_free_string(&globalcfg.spec_attr_name);
+    slapi_ch_free_string(&globalcfg.limit_attr_name);
+    slapi_ch_free_string(&globalcfg.always_record_login_attr);
 }
-

ldap/servers/plugins/acctpolicy/acct_init.c

@@ -47,21 +47,21 @@ limitattrname: accountInactivityLimit
 #include "acctpolicy.h"
 #include "slapi-plugin.h"
 
-static Slapi_PluginDesc plugin_desc = { PLUGIN_NAME, PLUGIN_VENDOR,
-				PLUGIN_VERSION, PLUGIN_DESC };
-static Slapi_PluginDesc pre_plugin_desc = { PRE_PLUGIN_NAME, PLUGIN_VENDOR,
-				PLUGIN_VERSION, PLUGIN_DESC };
-static Slapi_PluginDesc post_plugin_desc = { PRE_PLUGIN_NAME, PLUGIN_VENDOR,
-				PLUGIN_VERSION, PLUGIN_DESC };
+static Slapi_PluginDesc plugin_desc = {PLUGIN_NAME, PLUGIN_VENDOR,
+                                       PLUGIN_VERSION, PLUGIN_DESC};
+static Slapi_PluginDesc pre_plugin_desc = {PRE_PLUGIN_NAME, PLUGIN_VENDOR,
+                                           PLUGIN_VERSION, PLUGIN_DESC};
+static Slapi_PluginDesc post_plugin_desc = {PRE_PLUGIN_NAME, PLUGIN_VENDOR,
+                                            PLUGIN_VERSION, PLUGIN_DESC};
 
 /* Local function prototypes */
-int acct_policy_start( Slapi_PBlock *pb );
-int acct_policy_close( Slapi_PBlock *pb );
-int acct_policy_init( Slapi_PBlock *pb );
-int acct_preop_init( Slapi_PBlock *pb );
-int acct_postop_init( Slapi_PBlock *pb );
-int acct_bind_preop( Slapi_PBlock *pb );
-int acct_bind_postop( Slapi_PBlock *pb );
+int acct_policy_start(Slapi_PBlock *pb);
+int acct_policy_close(Slapi_PBlock *pb);
+int acct_policy_init(Slapi_PBlock *pb);
+int acct_preop_init(Slapi_PBlock *pb);
+int acct_postop_init(Slapi_PBlock *pb);
+int acct_bind_preop(Slapi_PBlock *pb);
+int acct_bind_postop(Slapi_PBlock *pb);
 
 static void *_PluginID = NULL;
 static Slapi_DN *_PluginDN = NULL;
@@ -108,51 +108,51 @@ acct_policy_get_config_area()
   Master init function for the account plugin
 */
 int
-acct_policy_init( Slapi_PBlock *pb )
+acct_policy_init(Slapi_PBlock *pb)
 {
-	void *plugin_id;
-	int enabled;
-
-	slapi_pblock_get(pb, SLAPI_PLUGIN_ENABLED, &enabled);
-
-	if (!enabled) {
-		/* not enabled */
-		return( CALLBACK_OK );
-	}
-
-
-	if ( slapi_pblock_set( pb, SLAPI_PLUGIN_VERSION,
-				SLAPI_PLUGIN_VERSION_01 ) != 0 ||
-		slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION,
-				(void *)&plugin_desc ) != 0 || 
-		slapi_pblock_set( pb, SLAPI_PLUGIN_CLOSE_FN,
-				(void *)&acct_policy_close ) != 0 ||
-		slapi_pblock_set( pb, SLAPI_PLUGIN_START_FN,
-				(void *)acct_policy_start ) != 0 ) {
-			slapi_log_err(SLAPI_LOG_ERR, PLUGIN_NAME,
-					"acct_policy_init - Registration failed\n" );
-			return( CALLBACK_ERR );
-	}
-
-	if( slapi_pblock_get( pb, SLAPI_PLUGIN_IDENTITY, &plugin_id ) != 0 ) {
-		slapi_log_err(SLAPI_LOG_ERR, PLUGIN_NAME,
-				"acct_policy_init - Failed to get plugin identity\n" );
-		return( CALLBACK_ERR );
-	}
-
-	set_identity( plugin_id );
-
-	/* Register the pre and postop plugins */
-	if( slapi_register_plugin("preoperation", 1, "acct_preop_init",
-		acct_preop_init, PRE_PLUGIN_DESC, NULL, plugin_id) != 0 ||
-		slapi_register_plugin("postoperation", 1, "acct_postop_init",
-		acct_postop_init, POST_PLUGIN_DESC, NULL, plugin_id) != 0 ) {
-		slapi_log_err(SLAPI_LOG_ERR, PLUGIN_NAME,
-			"acct_policy_init  - Failed to register callbacks\n" );
-		return( CALLBACK_ERR );
-	}
-
-	return( CALLBACK_OK );
+    void *plugin_id;
+    int enabled;
+
+    slapi_pblock_get(pb, SLAPI_PLUGIN_ENABLED, &enabled);
+
+    if (!enabled) {
+        /* not enabled */
+        return (CALLBACK_OK);
+    }
+
+
+    if (slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION,
+                         SLAPI_PLUGIN_VERSION_01) != 0 ||
+        slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION,
+                         (void *)&plugin_desc) != 0 ||
+        slapi_pblock_set(pb, SLAPI_PLUGIN_CLOSE_FN,
+                         (void *)&acct_policy_close) != 0 ||
+        slapi_pblock_set(pb, SLAPI_PLUGIN_START_FN,
+                         (void *)acct_policy_start) != 0) {
+        slapi_log_err(SLAPI_LOG_ERR, PLUGIN_NAME,
+                      "acct_policy_init - Registration failed\n");
+        return (CALLBACK_ERR);
+    }
+
+    if (slapi_pblock_get(pb, SLAPI_PLUGIN_IDENTITY, &plugin_id) != 0) {
+        slapi_log_err(SLAPI_LOG_ERR, PLUGIN_NAME,
+                      "acct_policy_init - Failed to get plugin identity\n");
+        return (CALLBACK_ERR);
+    }
+
+    set_identity(plugin_id);
+
+    /* Register the pre and postop plugins */
+    if (slapi_register_plugin("preoperation", 1, "acct_preop_init",
+                              acct_preop_init, PRE_PLUGIN_DESC, NULL, plugin_id) != 0 ||
+        slapi_register_plugin("postoperation", 1, "acct_postop_init",
+                              acct_postop_init, POST_PLUGIN_DESC, NULL, plugin_id) != 0) {
+        slapi_log_err(SLAPI_LOG_ERR, PLUGIN_NAME,
+                      "acct_policy_init  - Failed to register callbacks\n");
+        return (CALLBACK_ERR);
+    }
+
+    return (CALLBACK_OK);
 }
 
 /*
@@ -161,120 +161,119 @@ acct_policy_init( Slapi_PBlock *pb )
   which is needed to retrieve the plugin configuration
 */
 int
-acct_policy_start( Slapi_PBlock *pb )
+acct_policy_start(Slapi_PBlock *pb)
 {
-	acctPluginCfg *cfg;
-	void *plugin_id = get_identity();
-	Slapi_DN *plugindn = NULL;
-	char *config_area = NULL;
-
-	if(slapi_plugin_running(pb)){
-		return 0;
-	}
-
-	slapi_pblock_get(pb, SLAPI_TARGET_SDN, &plugindn);
-	acct_policy_set_plugin_sdn(slapi_sdn_dup(plugindn));
-
-	/* Set the alternate config area if one is defined. */
-	slapi_pblock_get(pb, SLAPI_PLUGIN_CONFIG_AREA, &config_area);
-	if (config_area) {
-		acct_policy_set_config_area(slapi_sdn_new_normdn_byval(config_area));
-	}
-
-	if(config_rwlock == NULL){
-		if((config_rwlock = slapi_new_rwlock()) == NULL){
-			return( CALLBACK_ERR );
-		}
-	}
-
-	/* Load plugin configuration */
-	if( acct_policy_load_config_startup( pb, plugin_id ) ) {
-		slapi_log_err(SLAPI_LOG_ERR, PLUGIN_NAME,
-			"acct_policy_start failed to load configuration\n" );
-		return( CALLBACK_ERR );
-	}
-
-	/* Show the configuration */
-	cfg = get_config();
-	slapi_log_err(SLAPI_LOG_PLUGIN, PLUGIN_NAME, "acct_policy_start - config: "
-		"stateAttrName=%s altStateAttrName=%s specAttrName=%s limitAttrName=%s "
-		"alwaysRecordLogin=%d\n",
-		cfg->state_attr_name, cfg->alt_state_attr_name?cfg->alt_state_attr_name:"not configured", cfg->spec_attr_name,
-		cfg->limit_attr_name, cfg->always_record_login);
-
-	return( CALLBACK_OK );
+    acctPluginCfg *cfg;
+    void *plugin_id = get_identity();
+    Slapi_DN *plugindn = NULL;
+    char *config_area = NULL;
+
+    if (slapi_plugin_running(pb)) {
+        return 0;
+    }
+
+    slapi_pblock_get(pb, SLAPI_TARGET_SDN, &plugindn);
+    acct_policy_set_plugin_sdn(slapi_sdn_dup(plugindn));
+
+    /* Set the alternate config area if one is defined. */
+    slapi_pblock_get(pb, SLAPI_PLUGIN_CONFIG_AREA, &config_area);
+    if (config_area) {
+        acct_policy_set_config_area(slapi_sdn_new_normdn_byval(config_area));
+    }
+
+    if (config_rwlock == NULL) {
+        if ((config_rwlock = slapi_new_rwlock()) == NULL) {
+            return (CALLBACK_ERR);
+        }
+    }
+
+    /* Load plugin configuration */
+    if (acct_policy_load_config_startup(pb, plugin_id)) {
+        slapi_log_err(SLAPI_LOG_ERR, PLUGIN_NAME,
+                      "acct_policy_start failed to load configuration\n");
+        return (CALLBACK_ERR);
+    }
+
+    /* Show the configuration */
+    cfg = get_config();
+    slapi_log_err(SLAPI_LOG_PLUGIN, PLUGIN_NAME, "acct_policy_start - config: "
+                                                 "stateAttrName=%s altStateAttrName=%s specAttrName=%s limitAttrName=%s "
+                                                 "alwaysRecordLogin=%d\n",
+                  cfg->state_attr_name, cfg->alt_state_attr_name ? cfg->alt_state_attr_name : "not configured", cfg->spec_attr_name,
+                  cfg->limit_attr_name, cfg->always_record_login);
+
+    return (CALLBACK_OK);
 }
 
 int
-acct_policy_close( Slapi_PBlock *pb __attribute__((unused)))
+acct_policy_close(Slapi_PBlock *pb __attribute__((unused)))
 {
-	int rc = 0;
+    int rc = 0;
 
-	slapi_destroy_rwlock(config_rwlock);
-	config_rwlock = NULL;
-	slapi_sdn_free(&_PluginDN);
-	slapi_sdn_free(&_ConfigAreaDN);
-	free_config();
+    slapi_destroy_rwlock(config_rwlock);
+    config_rwlock = NULL;
+    slapi_sdn_free(&_PluginDN);
+    slapi_sdn_free(&_ConfigAreaDN);
+    free_config();
 
-	return rc;
+    return rc;
 }
 
 int
-acct_preop_init( Slapi_PBlock *pb ) {
-	/* Which slapi plugin API we're compatible with. */
-	if ( slapi_pblock_set( pb, SLAPI_PLUGIN_VERSION,
-			SLAPI_PLUGIN_VERSION_01 ) != 0 ||
-		slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION,
-					(void *)&pre_plugin_desc ) != 0 ) {
-		slapi_log_err(SLAPI_LOG_ERR, PRE_PLUGIN_NAME,
-					"Failed to set plugin version or description\n" );
-		return( CALLBACK_ERR );
-	}
-
-	if ( slapi_pblock_set( pb, SLAPI_PLUGIN_PRE_BIND_FN, (void *) acct_bind_preop ) != 0 ||
-	     slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_ADD_FN, (void *) acct_add_pre_op) != 0 ||
-	     slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_MODIFY_FN, (void *) acct_mod_pre_op) != 0 ||
-	     slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_DELETE_FN, (void *) acct_del_pre_op) != 0)
-	{
-		slapi_log_err(SLAPI_LOG_ERR, PRE_PLUGIN_NAME,
-				"acct_preop_init - Failed to set plugin callback function\n" );
-		return( CALLBACK_ERR );
-	}
-
-	return( CALLBACK_OK );
+acct_preop_init(Slapi_PBlock *pb)
+{
+    /* Which slapi plugin API we're compatible with. */
+    if (slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION,
+                         SLAPI_PLUGIN_VERSION_01) != 0 ||
+        slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION,
+                         (void *)&pre_plugin_desc) != 0) {
+        slapi_log_err(SLAPI_LOG_ERR, PRE_PLUGIN_NAME,
+                      "Failed to set plugin version or description\n");
+        return (CALLBACK_ERR);
+    }
+
+    if (slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_BIND_FN, (void *)acct_bind_preop) != 0 ||
+        slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_ADD_FN, (void *)acct_add_pre_op) != 0 ||
+        slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_MODIFY_FN, (void *)acct_mod_pre_op) != 0 ||
+        slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_DELETE_FN, (void *)acct_del_pre_op) != 0) {
+        slapi_log_err(SLAPI_LOG_ERR, PRE_PLUGIN_NAME,
+                      "acct_preop_init - Failed to set plugin callback function\n");
+        return (CALLBACK_ERR);
+    }
+
+    return (CALLBACK_OK);
 }
 
 int
-acct_postop_init( Slapi_PBlock *pb )
+acct_postop_init(Slapi_PBlock *pb)
 {
-	void *plugin_id = get_identity();
-
-	if ( slapi_pblock_set( pb, SLAPI_PLUGIN_VERSION,
-				SLAPI_PLUGIN_VERSION_01 ) != 0 ||
-		slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION,
-					(void *)&post_plugin_desc ) != 0 ) {
-			slapi_log_err(SLAPI_LOG_ERR, POST_PLUGIN_NAME,
-						"acct_postop_init - Failed to set plugin version or name\n" );
-			return( CALLBACK_ERR );
-	}
-
-
-	if ( slapi_pblock_set( pb, SLAPI_PLUGIN_POST_BIND_FN, (void *)acct_bind_postop ) != 0 ||
-	     slapi_pblock_set(pb, SLAPI_PLUGIN_POST_ADD_FN, (void *) acct_post_op) != 0 ||
-		 slapi_pblock_set(pb, SLAPI_PLUGIN_POST_MODIFY_FN, (void *) acct_post_op) != 0)
-	{
-		slapi_log_err(SLAPI_LOG_ERR, POST_PLUGIN_NAME,
-				"acct_postop_init - Failed to set plugin callback function\n" );
-		return( CALLBACK_ERR );
-	}
-
-	if( slapi_pblock_get( pb, SLAPI_PLUGIN_IDENTITY, &plugin_id ) != 0 ) {
-		slapi_log_err(SLAPI_LOG_ERR, POST_PLUGIN_NAME,
-				"acct_postop_init - Failed to get plugin identity\n" );
-		return( CALLBACK_ERR );
-	}
-
-	return( CALLBACK_OK );
+    void *plugin_id = get_identity();
+
+    if (slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION,
+                         SLAPI_PLUGIN_VERSION_01) != 0 ||
+        slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION,
+                         (void *)&post_plugin_desc) != 0) {
+        slapi_log_err(SLAPI_LOG_ERR, POST_PLUGIN_NAME,
+                      "acct_postop_init - Failed to set plugin version or name\n");
+        return (CALLBACK_ERR);
+    }
+
+
+    if (slapi_pblock_set(pb, SLAPI_PLUGIN_POST_BIND_FN, (void *)acct_bind_postop) != 0 ||
+        slapi_pblock_set(pb, SLAPI_PLUGIN_POST_ADD_FN, (void *)acct_post_op) != 0 ||
+        slapi_pblock_set(pb, SLAPI_PLUGIN_POST_MODIFY_FN, (void *)acct_post_op) != 0) {
+        slapi_log_err(SLAPI_LOG_ERR, POST_PLUGIN_NAME,
+                      "acct_postop_init - Failed to set plugin callback function\n");
+        return (CALLBACK_ERR);
+    }
+
+    if (slapi_pblock_get(pb, SLAPI_PLUGIN_IDENTITY, &plugin_id) != 0) {
+        slapi_log_err(SLAPI_LOG_ERR, POST_PLUGIN_NAME,
+                      "acct_postop_init - Failed to get plugin identity\n");
+        return (CALLBACK_ERR);
+    }
+
+    return (CALLBACK_OK);
 }
 
 /*
@@ -283,17 +282,17 @@ acct_postop_init( Slapi_PBlock *pb )
 void
 config_rd_lock()
 {
-	slapi_rwlock_rdlock(config_rwlock);
+    slapi_rwlock_rdlock(config_rwlock);
 }
 
 void
 config_wr_lock()
 {
-	slapi_rwlock_wrlock(config_rwlock);
+    slapi_rwlock_wrlock(config_rwlock);
 }
 
 void
 config_unlock()
 {
-	slapi_rwlock_unlock(config_rwlock);
+    slapi_rwlock_unlock(config_rwlock);
 }

ldap/servers/plugins/acctpolicy/acct_plugin.c

@@ -38,7 +38,7 @@ acct_policy_dn_is_config(Slapi_DN *sdn)
     int ret = 0;
 
     slapi_log_err(SLAPI_LOG_TRACE, PLUGIN_NAME,
-                    "--> acct_policy_dn_is_config\n");
+                  "--> acct_policy_dn_is_config\n");
 
     if (sdn == NULL) {
         goto bail;
@@ -62,7 +62,7 @@ acct_policy_dn_is_config(Slapi_DN *sdn)
 
 bail:
     slapi_log_err(SLAPI_LOG_TRACE, PLUGIN_NAME,
-                    "<-- acct_policy_dn_is_config\n");
+                  "<-- acct_policy_dn_is_config\n");
 
     return ret;
 }
@@ -72,61 +72,62 @@ bail:
   login time plus the limit to decide whether to deny the bind.
 */
 static int
-acct_inact_limit( Slapi_PBlock *pb, const char *dn, Slapi_Entry *target_entry, acctPolicy *policy )
+acct_inact_limit(Slapi_PBlock *pb, const char *dn, Slapi_Entry *target_entry, acctPolicy *policy)
 {
-	char *lasttimestr = NULL;
-	time_t lim_t, last_t, cur_t;
-	int rc = 0; /* Optimistic default */
-	acctPluginCfg *cfg;
-
-	config_rd_lock();
-	cfg = get_config();
-	if( ( lasttimestr = get_attr_string_val( target_entry,
-		cfg->state_attr_name ) ) != NULL ) {
-		slapi_log_err(SLAPI_LOG_PLUGIN, PRE_PLUGIN_NAME,
-			"acct_inact_limit - \"%s\" login timestamp is %s\n", dn, lasttimestr );
-	} else if( cfg->alt_state_attr_name && (( lasttimestr = get_attr_string_val( target_entry,
-		cfg->alt_state_attr_name ) ) != NULL) ) {
-		slapi_log_err(SLAPI_LOG_PLUGIN, PRE_PLUGIN_NAME,
-			"acct_inact_limit - \"%s\" alternate timestamp is %s\n", dn, lasttimestr );
-	} else {
-		/* the primary or alternate attribute might not yet exist eg. 
-		 * if only lastlogintime is specified and it id the first login
-		 */
-		slapi_log_err(SLAPI_LOG_PLUGIN, PRE_PLUGIN_NAME,
-			"acct_inact_limit - \"%s\" has no value for stateattr or altstateattr \n", dn );
-		goto done;
-	}
-
-	last_t = gentimeToEpochtime( lasttimestr );
-	cur_t = slapi_current_utc_time();
-	lim_t = policy->inactivitylimit;
-
-	/* Finally do the time comparison */
-	if( cur_t > last_t + lim_t ) {
-		slapi_log_err(SLAPI_LOG_PLUGIN, PRE_PLUGIN_NAME,
-			"acct_inact_limit - \"%s\" has exceeded inactivity limit  (%ld > (%ld + %ld))\n",
-			dn, cur_t, last_t, lim_t );
-		rc = 1;
-		goto done;
-	} else {
-		slapi_log_err(SLAPI_LOG_PLUGIN, PRE_PLUGIN_NAME,
-			"acct_inact_limit - \"%s\" is within inactivity limit (%ld < (%ld + %ld))\n",
-			dn, cur_t, last_t, lim_t );
-	}
+    char *lasttimestr = NULL;
+    time_t lim_t, last_t, cur_t;
+    int rc = 0; /* Optimistic default */
+    acctPluginCfg *cfg;
+
+    config_rd_lock();
+    cfg = get_config();
+    if ((lasttimestr = get_attr_string_val(target_entry,
+                                           cfg->state_attr_name)) != NULL) {
+        slapi_log_err(SLAPI_LOG_PLUGIN, PRE_PLUGIN_NAME,
+                      "acct_inact_limit - \"%s\" login timestamp is %s\n", dn, lasttimestr);
+    } else if (cfg->alt_state_attr_name && ((lasttimestr = get_attr_string_val(target_entry,
+                                                                               cfg->alt_state_attr_name)) != NULL)) {
+        slapi_log_err(SLAPI_LOG_PLUGIN, PRE_PLUGIN_NAME,
+                      "acct_inact_limit - \"%s\" alternate timestamp is %s\n", dn, lasttimestr);
+    } else {
+        /* the primary or alternate attribute might not yet exist eg.
+     * if only lastlogintime is specified and it id the first login
+     */
+        slapi_log_err(SLAPI_LOG_PLUGIN, PRE_PLUGIN_NAME,
+                      "acct_inact_limit - \"%s\" has no value for stateattr or altstateattr \n", dn);
+        goto done;
+    }
+
+    last_t = gentimeToEpochtime(lasttimestr);
+    cur_t = slapi_current_utc_time();
+    lim_t = policy->inactivitylimit;
+
+    /* Finally do the time comparison */
+    if (cur_t > last_t + lim_t) {
+        slapi_log_err(SLAPI_LOG_PLUGIN, PRE_PLUGIN_NAME,
+                      "acct_inact_limit - \"%s\" has exceeded inactivity limit  (%ld > (%ld + %ld))\n",
+                      dn, cur_t, last_t, lim_t);
+        rc = 1;
+        goto done;
+    } else {
+        slapi_log_err(SLAPI_LOG_PLUGIN, PRE_PLUGIN_NAME,
+                      "acct_inact_limit - \"%s\" is within inactivity limit (%ld < (%ld + %ld))\n",
+                      dn, cur_t, last_t, lim_t);
+    }
 
 done:
-	config_unlock();
-	/* Deny bind; the account has exceeded the inactivity limit */
-	if( rc == 1 ) {
-		slapi_send_ldap_result( pb, LDAP_CONSTRAINT_VIOLATION, NULL,
-			"Account inactivity limit exceeded."
-			" Contact system administrator to reset.", 0, NULL );
-	}
+    config_unlock();
+    /* Deny bind; the account has exceeded the inactivity limit */
+    if (rc == 1) {
+        slapi_send_ldap_result(pb, LDAP_CONSTRAINT_VIOLATION, NULL,
+                               "Account inactivity limit exceeded."
+                               " Contact system administrator to reset.",
+                               0, NULL);
+    }
 
-    slapi_ch_free_string( &lasttimestr );
+    slapi_ch_free_string(&lasttimestr);
 
-	return( rc );
+    return (rc);
 }
 
 /*
@@ -134,154 +135,154 @@ done:
   with the current time.
 */
 static int
-acct_record_login( const char *dn )
+acct_record_login(const char *dn)
 {
-	int ldrc;
-	int rc = 0; /* Optimistic default */
-	LDAPMod *mods[2];
-	LDAPMod mod;
-	struct berval *vals[2];
-	struct berval val;
-	char *timestr = NULL;
-	acctPluginCfg *cfg;
-	void *plugin_id;
-	Slapi_PBlock *modpb = NULL;
-	int skip_mod_attrs = 1; /* value doesn't matter as long as not NULL */
-
-	config_rd_lock();
-	cfg = get_config();
-
-	/* if we are not allowed to modify the state attr we're done
+    int ldrc;
+    int rc = 0; /* Optimistic default */
+    LDAPMod *mods[2];
+    LDAPMod mod;
+    struct berval *vals[2];
+    struct berval val;
+    char *timestr = NULL;
+    acctPluginCfg *cfg;
+    void *plugin_id;
+    Slapi_PBlock *modpb = NULL;
+    int skip_mod_attrs = 1; /* value doesn't matter as long as not NULL */
+
+    config_rd_lock();
+    cfg = get_config();
+
+    /* if we are not allowed to modify the state attr we're done
          * this could be intentional, so just return
          */
-	if (! update_is_allowed_attr(cfg->always_record_login_attr) )
-		goto done;
- 
-	plugin_id = get_identity();
-
-	timestr = epochtimeToGentime( slapi_current_utc_time() );
-	val.bv_val = timestr;
-	val.bv_len = strlen( val.bv_val );
-
-	vals [0] = &val;
-	vals [1] = NULL;
-
-	mod.mod_op = LDAP_MOD_REPLACE | LDAP_MOD_BVALUES;
-	mod.mod_type = cfg->always_record_login_attr;
-	mod.mod_bvalues = vals;
-
-	mods[0] = &mod;
-	mods[1] = NULL;
-
-	modpb = slapi_pblock_new();
-
-	slapi_modify_internal_set_pb( modpb, dn, mods, NULL, NULL,
-	 	plugin_id, SLAPI_OP_FLAG_NO_ACCESS_CHECK |
-			SLAPI_OP_FLAG_BYPASS_REFERRALS );
-	slapi_pblock_set( modpb, SLAPI_SKIP_MODIFIED_ATTRS, &skip_mod_attrs );
-	slapi_modify_internal_pb( modpb );
-
-	slapi_pblock_get( modpb, SLAPI_PLUGIN_INTOP_RESULT, &ldrc );
-
-	if (ldrc != LDAP_SUCCESS) {
-		slapi_log_err(SLAPI_LOG_ERR, POST_PLUGIN_NAME,
-			"acct_record_login - Recording %s=%s failed on \"%s\" err=%d\n", cfg->always_record_login_attr,
-			timestr, dn, ldrc );
-		rc = -1;
-		goto done;
-	} else {
-		slapi_log_err(SLAPI_LOG_PLUGIN, POST_PLUGIN_NAME,
-			"acct_record_login - Recorded %s=%s on \"%s\"\n", cfg->always_record_login_attr, timestr, dn );
-	}
+    if (!update_is_allowed_attr(cfg->always_record_login_attr))
+        goto done;
+
+    plugin_id = get_identity();
+
+    timestr = epochtimeToGentime(slapi_current_utc_time());
+    val.bv_val = timestr;
+    val.bv_len = strlen(val.bv_val);
+
+    vals[0] = &val;
+    vals[1] = NULL;
+
+    mod.mod_op = LDAP_MOD_REPLACE | LDAP_MOD_BVALUES;
+    mod.mod_type = cfg->always_record_login_attr;
+    mod.mod_bvalues = vals;
+
+    mods[0] = &mod;
+    mods[1] = NULL;
+
+    modpb = slapi_pblock_new();
+
+    slapi_modify_internal_set_pb(modpb, dn, mods, NULL, NULL,
+                                 plugin_id, SLAPI_OP_FLAG_NO_ACCESS_CHECK |
+                                                SLAPI_OP_FLAG_BYPASS_REFERRALS);
+    slapi_pblock_set(modpb, SLAPI_SKIP_MODIFIED_ATTRS, &skip_mod_attrs);
+    slapi_modify_internal_pb(modpb);
+
+    slapi_pblock_get(modpb, SLAPI_PLUGIN_INTOP_RESULT, &ldrc);
+
+    if (ldrc != LDAP_SUCCESS) {
+        slapi_log_err(SLAPI_LOG_ERR, POST_PLUGIN_NAME,
+                      "acct_record_login - Recording %s=%s failed on \"%s\" err=%d\n", cfg->always_record_login_attr,
+                      timestr, dn, ldrc);
+        rc = -1;
+        goto done;
+    } else {
+        slapi_log_err(SLAPI_LOG_PLUGIN, POST_PLUGIN_NAME,
+                      "acct_record_login - Recorded %s=%s on \"%s\"\n", cfg->always_record_login_attr, timestr, dn);
+    }
 
 done:
-	config_unlock();
-	slapi_pblock_destroy( modpb );
-	slapi_ch_free_string( &timestr );
+    config_unlock();
+    slapi_pblock_destroy(modpb);
+    slapi_ch_free_string(&timestr);
 
-	return( rc );
+    return (rc);
 }
 
 /*
   Handles bind preop callbacks
 */
 int
-acct_bind_preop( Slapi_PBlock *pb )
+acct_bind_preop(Slapi_PBlock *pb)
 {
-	const char *dn = NULL;
-	Slapi_DN *sdn = NULL;
-	Slapi_Entry *target_entry = NULL;
-	int rc = 0; /* Optimistic default */
-	int ldrc;
-	acctPolicy *policy = NULL;
-	void *plugin_id;
-
-	slapi_log_err(SLAPI_LOG_PLUGIN, PRE_PLUGIN_NAME,
-		"=> acct_bind_preop\n" );
-
-	plugin_id = get_identity();
-
-	/* This does not give a copy, so don't free it */
-	if( slapi_pblock_get( pb, SLAPI_BIND_TARGET_SDN, &sdn ) != 0 ) {
-		slapi_log_err(SLAPI_LOG_ERR, PRE_PLUGIN_NAME,
-			"acct_bind_preop - Error retrieving target DN\n" );
-		rc = -1;
-		goto done;
-	}
-	dn = slapi_sdn_get_dn(sdn);
-
-	/* The plugin wouldn't get called for anonymous binds but let's check */
-	if ( dn == NULL ) {
-		goto done;
-	}
-
-	ldrc = slapi_search_internal_get_entry( sdn, NULL, &target_entry,
-		plugin_id );
-
-	/* There was a problem retrieving the entry */
-	if( ldrc != LDAP_SUCCESS ) {
-		if( ldrc != LDAP_NO_SUCH_OBJECT ) {
-			/* The problem is not a bad bind or virtual entry; halt bind */
-			slapi_log_err(SLAPI_LOG_ERR, PRE_PLUGIN_NAME,
-				"acct_bind_preop - Failed to retrieve entry \"%s\": %d\n", dn, ldrc );
-			rc = -1;
-		}
-		goto done;
-	}
-
-	if( get_acctpolicy( pb, target_entry, plugin_id, &policy ) ) {
-		slapi_log_err(SLAPI_LOG_ERR, PRE_PLUGIN_NAME,
-			"acct_bind_preop - Account Policy object for \"%s\" is missing\n", dn );
-		rc = -1;
-		goto done;
-	}
-
-	/* Null policy means target isnt's under the influence of a policy */
-	if( policy == NULL ) {
-		slapi_log_err(SLAPI_LOG_PLUGIN, PRE_PLUGIN_NAME,
-			"acct_bind_preop - \"%s\" is not governed by an account policy\n", dn);
-		goto done;
-	}
-
-	/* Check whether the account is in violation of inactivity limit */
-	rc = acct_inact_limit( pb, dn, target_entry, policy );
-
-	/* ...Any additional account policy enforcement goes here... */
+    const char *dn = NULL;
+    Slapi_DN *sdn = NULL;
+    Slapi_Entry *target_entry = NULL;
+    int rc = 0; /* Optimistic default */
+    int ldrc;
+    acctPolicy *policy = NULL;
+    void *plugin_id;
+
+    slapi_log_err(SLAPI_LOG_PLUGIN, PRE_PLUGIN_NAME,
+                  "=> acct_bind_preop\n");
+
+    plugin_id = get_identity();
+
+    /* This does not give a copy, so don't free it */
+    if (slapi_pblock_get(pb, SLAPI_BIND_TARGET_SDN, &sdn) != 0) {
+        slapi_log_err(SLAPI_LOG_ERR, PRE_PLUGIN_NAME,
+                      "acct_bind_preop - Error retrieving target DN\n");
+        rc = -1;
+        goto done;
+    }
+    dn = slapi_sdn_get_dn(sdn);
+
+    /* The plugin wouldn't get called for anonymous binds but let's check */
+    if (dn == NULL) {
+        goto done;
+    }
+
+    ldrc = slapi_search_internal_get_entry(sdn, NULL, &target_entry,
+                                           plugin_id);
+
+    /* There was a problem retrieving the entry */
+    if (ldrc != LDAP_SUCCESS) {
+        if (ldrc != LDAP_NO_SUCH_OBJECT) {
+            /* The problem is not a bad bind or virtual entry; halt bind */
+            slapi_log_err(SLAPI_LOG_ERR, PRE_PLUGIN_NAME,
+                          "acct_bind_preop - Failed to retrieve entry \"%s\": %d\n", dn, ldrc);
+            rc = -1;
+        }
+        goto done;
+    }
+
+    if (get_acctpolicy(pb, target_entry, plugin_id, &policy)) {
+        slapi_log_err(SLAPI_LOG_ERR, PRE_PLUGIN_NAME,
+                      "acct_bind_preop - Account Policy object for \"%s\" is missing\n", dn);
+        rc = -1;
+        goto done;
+    }
+
+    /* Null policy means target isnt's under the influence of a policy */
+    if (policy == NULL) {
+        slapi_log_err(SLAPI_LOG_PLUGIN, PRE_PLUGIN_NAME,
+                      "acct_bind_preop - \"%s\" is not governed by an account policy\n", dn);
+        goto done;
+    }
+
+    /* Check whether the account is in violation of inactivity limit */
+    rc = acct_inact_limit(pb, dn, target_entry, policy);
+
+/* ...Any additional account policy enforcement goes here... */
 
 done:
-	/* Internal error */
-	if( rc == -1 ) {
-		slapi_send_ldap_result( pb, LDAP_UNWILLING_TO_PERFORM, NULL, NULL, 0, NULL );
-	}
+    /* Internal error */
+    if (rc == -1) {
+        slapi_send_ldap_result(pb, LDAP_UNWILLING_TO_PERFORM, NULL, NULL, 0, NULL);
+    }
 
-	slapi_entry_free( target_entry );
+    slapi_entry_free(target_entry);
 
-	free_acctpolicy( &policy );
+    free_acctpolicy(&policy);
 
-	slapi_log_err(SLAPI_LOG_PLUGIN, PRE_PLUGIN_NAME,
-		"<= acct_bind_preop\n" );
+    slapi_log_err(SLAPI_LOG_PLUGIN, PRE_PLUGIN_NAME,
+                  "<= acct_bind_preop\n");
 
-	return( rc == 0 ? CALLBACK_OK : CALLBACK_ERR );
+    return (rc == 0 ? CALLBACK_OK : CALLBACK_ERR);
 }
 
 /*
@@ -290,208 +291,208 @@ done:
   specifier.
 */
 int
-acct_bind_postop( Slapi_PBlock *pb )
+acct_bind_postop(Slapi_PBlock *pb)
 {
-	char *dn = NULL;
-	int ldrc, tracklogin = 0;
-	int rc = 0; /* Optimistic default */
-	Slapi_DN *sdn = NULL;
-	Slapi_Entry *target_entry = NULL;
-	acctPluginCfg *cfg;
-	void *plugin_id;
-
-	slapi_log_err(SLAPI_LOG_PLUGIN, POST_PLUGIN_NAME,
-		"=> acct_bind_postop\n" );
-
-	plugin_id = get_identity();
-
-	/* Retrieving SLAPI_CONN_DN from the pb gives a copy */
-	if( slapi_pblock_get( pb, SLAPI_CONN_DN, &dn ) != 0 ) {
-		slapi_log_err(SLAPI_LOG_ERR, POST_PLUGIN_NAME,
-			"acct_bind_postop - Error retrieving bind DN\n" );
-		rc = -1;
-		goto done;
-	}
-
-	/* Client is anonymously bound */
-	if( dn == NULL ) {
-		goto done;
-	}
-
-	config_rd_lock();
-	cfg = get_config();
-	tracklogin = cfg->always_record_login;
-
-	/* We're not always tracking logins, so check whether the entry is
-	   covered by an account policy to decide whether we should track */
-	if( tracklogin == 0 ) {
-		sdn = slapi_sdn_new_normdn_byref( dn );
-		ldrc = slapi_search_internal_get_entry( sdn, NULL, &target_entry,
-			plugin_id );
-
-		if( ldrc != LDAP_SUCCESS ) {
-			slapi_log_err(SLAPI_LOG_ERR, POST_PLUGIN_NAME,
-				"acct_bind_postop - Failed to retrieve entry \"%s\": %d\n", dn, ldrc );
-			rc = -1;
-			goto done;
-		} else {
-			if( target_entry && has_attr( target_entry,
-				cfg->spec_attr_name, NULL ) ) {
-				tracklogin = 1;
-			}
-		}
-	}
-	config_unlock();
-
-	if( tracklogin ) {
-		rc = acct_record_login( dn );
-	}
-
-	/* ...Any additional account policy postops go here... */
+    char *dn = NULL;
+    int ldrc, tracklogin = 0;
+    int rc = 0; /* Optimistic default */
+    Slapi_DN *sdn = NULL;
+    Slapi_Entry *target_entry = NULL;
+    acctPluginCfg *cfg;
+    void *plugin_id;
+
+    slapi_log_err(SLAPI_LOG_PLUGIN, POST_PLUGIN_NAME,
+                  "=> acct_bind_postop\n");
+
+    plugin_id = get_identity();
+
+    /* Retrieving SLAPI_CONN_DN from the pb gives a copy */
+    if (slapi_pblock_get(pb, SLAPI_CONN_DN, &dn) != 0) {
+        slapi_log_err(SLAPI_LOG_ERR, POST_PLUGIN_NAME,
+                      "acct_bind_postop - Error retrieving bind DN\n");
+        rc = -1;
+        goto done;
+    }
+
+    /* Client is anonymously bound */
+    if (dn == NULL) {
+        goto done;
+    }
+
+    config_rd_lock();
+    cfg = get_config();
+    tracklogin = cfg->always_record_login;
+
+    /* We're not always tracking logins, so check whether the entry is
+       covered by an account policy to decide whether we should track */
+    if (tracklogin == 0) {
+        sdn = slapi_sdn_new_normdn_byref(dn);
+        ldrc = slapi_search_internal_get_entry(sdn, NULL, &target_entry,
+                                               plugin_id);
+
+        if (ldrc != LDAP_SUCCESS) {
+            slapi_log_err(SLAPI_LOG_ERR, POST_PLUGIN_NAME,
+                          "acct_bind_postop - Failed to retrieve entry \"%s\": %d\n", dn, ldrc);
+            rc = -1;
+            goto done;
+        } else {
+            if (target_entry && has_attr(target_entry,
+                                         cfg->spec_attr_name, NULL)) {
+                tracklogin = 1;
+            }
+        }
+    }
+    config_unlock();
+
+    if (tracklogin) {
+        rc = acct_record_login(dn);
+    }
+
+/* ...Any additional account policy postops go here... */
 
 done:
-	if( rc == -1 ) {
-		slapi_send_ldap_result( pb, LDAP_UNWILLING_TO_PERFORM, NULL, NULL, 0, NULL );
-	}
+    if (rc == -1) {
+        slapi_send_ldap_result(pb, LDAP_UNWILLING_TO_PERFORM, NULL, NULL, 0, NULL);
+    }
 
-	slapi_entry_free( target_entry );
+    slapi_entry_free(target_entry);
 
-	slapi_sdn_free( &sdn );
+    slapi_sdn_free(&sdn);
 
-	slapi_ch_free_string( &dn );
+    slapi_ch_free_string(&dn);
 
-	slapi_log_err(SLAPI_LOG_PLUGIN, POST_PLUGIN_NAME,
-		"<= acct_bind_postop\n" );
+    slapi_log_err(SLAPI_LOG_PLUGIN, POST_PLUGIN_NAME,
+                  "<= acct_bind_postop\n");
 
-	return( rc == 0 ? CALLBACK_OK : CALLBACK_ERR );
+    return (rc == 0 ? CALLBACK_OK : CALLBACK_ERR);
 }
 
-static int acct_pre_op( Slapi_PBlock *pb, int modop )
+static int
+acct_pre_op(Slapi_PBlock *pb, int modop)
 {
-	Slapi_DN *sdn = 0;
-	Slapi_Entry *e = 0;
-	Slapi_Mods *smods = 0;
-	LDAPMod **mods;
-	int free_entry = 0;
-	char *errstr = NULL;
-	int ret = SLAPI_PLUGIN_SUCCESS;
-
-	slapi_log_err(SLAPI_LOG_TRACE, PRE_PLUGIN_NAME, "--> acct_pre_op\n");
-
-	slapi_pblock_get(pb, SLAPI_TARGET_SDN, &sdn);
-
-	if (acct_policy_dn_is_config(sdn)) {
-		/* Validate config changes, but don't apply them.
-		 * This allows us to reject invalid config changes
-		 * here at the pre-op stage.  Applying the config
-		 * needs to be done at the post-op stage. */
-
-		if (LDAP_CHANGETYPE_ADD == modop) {
-			slapi_pblock_get(pb, SLAPI_ADD_ENTRY, &e);
-
-			/* If the entry doesn't exist, just bail and
-			 * let the server handle it. */
-			if (e == NULL) {
-				goto bail;
-			}
-		} else if (LDAP_CHANGETYPE_MODIFY == modop) {
-			/* Fetch the entry being modified so we can
-			 * create the resulting entry for validation. */
-			if (sdn) {
-				slapi_search_internal_get_entry(sdn, 0, &e, get_identity());
-				free_entry = 1;
-			}
-
-			/* If the entry doesn't exist, just bail and
-			 * let the server handle it. */
-			if (e == NULL) {
-				goto bail;
-			}
-
-			/* Grab the mods. */
-			slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &mods);
-			smods = slapi_mods_new();
-			slapi_mods_init_byref(smods, mods);
-
-			/* Apply the  mods to create the resulting entry. */
-			if (mods && (slapi_entry_apply_mods(e, mods) != LDAP_SUCCESS)) {
-				/* The mods don't apply cleanly, so we just let this op go
-				 * to let the main server handle it. */
-				goto bailmod;
-			}
-		} else if (modop == LDAP_CHANGETYPE_DELETE){
-				ret = LDAP_UNWILLING_TO_PERFORM;
-				slapi_log_err(SLAPI_LOG_ERR, PRE_PLUGIN_NAME,
-					"acct_pre_op - Can not delete plugin config entry [%d]\n", ret);
-		} else {
-			errstr = slapi_ch_smprintf("acct_pre_op - Invalid op type %d", modop);
-			ret = LDAP_PARAM_ERROR;
-			goto bail;
-		}
-	}
-
-	bailmod:
-	/* Clean up smods. */
-	if (LDAP_CHANGETYPE_MODIFY == modop) {
-		slapi_mods_free(&smods);
-	}
-
-	bail:
-	if (free_entry && e)
-		slapi_entry_free(e);
-
-	if (ret) {
-		slapi_log_err(SLAPI_LOG_PLUGIN, PRE_PLUGIN_NAME,
-						"acct_pre_op - Operation failure [%d]\n", ret);
-		slapi_send_ldap_result(pb, ret, NULL, errstr, 0, NULL);
-		slapi_ch_free((void **)&errstr);
-		slapi_pblock_set(pb, SLAPI_RESULT_CODE, &ret);
-		ret = SLAPI_PLUGIN_FAILURE;
-	}
-
-	slapi_log_err(SLAPI_LOG_TRACE, PRE_PLUGIN_NAME, "<-- acct_pre_op\n");
-
-	return ret;
+    Slapi_DN *sdn = 0;
+    Slapi_Entry *e = 0;
+    Slapi_Mods *smods = 0;
+    LDAPMod **mods;
+    int free_entry = 0;
+    char *errstr = NULL;
+    int ret = SLAPI_PLUGIN_SUCCESS;
+
+    slapi_log_err(SLAPI_LOG_TRACE, PRE_PLUGIN_NAME, "--> acct_pre_op\n");
+
+    slapi_pblock_get(pb, SLAPI_TARGET_SDN, &sdn);
+
+    if (acct_policy_dn_is_config(sdn)) {
+        /* Validate config changes, but don't apply them.
+     * This allows us to reject invalid config changes
+     * here at the pre-op stage.  Applying the config
+     * needs to be done at the post-op stage. */
+
+        if (LDAP_CHANGETYPE_ADD == modop) {
+            slapi_pblock_get(pb, SLAPI_ADD_ENTRY, &e);
+
+            /* If the entry doesn't exist, just bail and
+     * let the server handle it. */
+            if (e == NULL) {
+                goto bail;
+            }
+        } else if (LDAP_CHANGETYPE_MODIFY == modop) {
+            /* Fetch the entry being modified so we can
+     * create the resulting entry for validation. */
+            if (sdn) {
+                slapi_search_internal_get_entry(sdn, 0, &e, get_identity());
+                free_entry = 1;
+            }
+
+            /* If the entry doesn't exist, just bail and
+     * let the server handle it. */
+            if (e == NULL) {
+                goto bail;
+            }
+
+            /* Grab the mods. */
+            slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &mods);
+            smods = slapi_mods_new();
+            slapi_mods_init_byref(smods, mods);
+
+            /* Apply the  mods to create the resulting entry. */
+            if (mods && (slapi_entry_apply_mods(e, mods) != LDAP_SUCCESS)) {
+                /* The mods don't apply cleanly, so we just let this op go
+     * to let the main server handle it. */
+                goto bailmod;
+            }
+        } else if (modop == LDAP_CHANGETYPE_DELETE) {
+            ret = LDAP_UNWILLING_TO_PERFORM;
+            slapi_log_err(SLAPI_LOG_ERR, PRE_PLUGIN_NAME,
+                          "acct_pre_op - Can not delete plugin config entry [%d]\n", ret);
+        } else {
+            errstr = slapi_ch_smprintf("acct_pre_op - Invalid op type %d", modop);
+            ret = LDAP_PARAM_ERROR;
+            goto bail;
+        }
+    }
+
+bailmod:
+    /* Clean up smods. */
+    if (LDAP_CHANGETYPE_MODIFY == modop) {
+        slapi_mods_free(&smods);
+    }
+
+bail:
+    if (free_entry && e)
+        slapi_entry_free(e);
+
+    if (ret) {
+        slapi_log_err(SLAPI_LOG_PLUGIN, PRE_PLUGIN_NAME,
+                      "acct_pre_op - Operation failure [%d]\n", ret);
+        slapi_send_ldap_result(pb, ret, NULL, errstr, 0, NULL);
+        slapi_ch_free((void **)&errstr);
+        slapi_pblock_set(pb, SLAPI_RESULT_CODE, &ret);
+        ret = SLAPI_PLUGIN_FAILURE;
+    }
+
+    slapi_log_err(SLAPI_LOG_TRACE, PRE_PLUGIN_NAME, "<-- acct_pre_op\n");
+
+    return ret;
 }
 
 int
-acct_add_pre_op( Slapi_PBlock *pb )
+acct_add_pre_op(Slapi_PBlock *pb)
 {
-	return acct_pre_op(pb, LDAP_CHANGETYPE_ADD);
+    return acct_pre_op(pb, LDAP_CHANGETYPE_ADD);
 }
 
 int
-acct_mod_pre_op( Slapi_PBlock *pb )
+acct_mod_pre_op(Slapi_PBlock *pb)
 {
-	return acct_pre_op(pb, LDAP_CHANGETYPE_MODIFY);
+    return acct_pre_op(pb, LDAP_CHANGETYPE_MODIFY);
 }
 
 int
-acct_del_pre_op( Slapi_PBlock *pb )
+acct_del_pre_op(Slapi_PBlock *pb)
 {
-	return acct_pre_op(pb, LDAP_CHANGETYPE_DELETE);
+    return acct_pre_op(pb, LDAP_CHANGETYPE_DELETE);
 }
 
 int
 acct_post_op(Slapi_PBlock *pb)
 {
-	Slapi_DN *sdn = NULL;
+    Slapi_DN *sdn = NULL;
 
-	slapi_log_err(SLAPI_LOG_TRACE, POST_PLUGIN_NAME,
-		"--> acct_policy_post_op\n");
+    slapi_log_err(SLAPI_LOG_TRACE, POST_PLUGIN_NAME,
+                  "--> acct_policy_post_op\n");
 
-	slapi_pblock_get(pb, SLAPI_TARGET_SDN, &sdn);
-	if (acct_policy_dn_is_config(sdn)){
-		if( acct_policy_load_config_startup( pb, get_identity() ) ) {
-			slapi_log_err(SLAPI_LOG_ERR, PLUGIN_NAME,
-				"acct_post_op - Failed to load configuration\n" );
-			return( CALLBACK_ERR );
-		}
-	}
+    slapi_pblock_get(pb, SLAPI_TARGET_SDN, &sdn);
+    if (acct_policy_dn_is_config(sdn)) {
+        if (acct_policy_load_config_startup(pb, get_identity())) {
+            slapi_log_err(SLAPI_LOG_ERR, PLUGIN_NAME,
+                          "acct_post_op - Failed to load configuration\n");
+            return (CALLBACK_ERR);
+        }
+    }
 
-	slapi_log_err(SLAPI_LOG_TRACE, POST_PLUGIN_NAME,
-		"<-- acct_policy_mod_post_op\n");
+    slapi_log_err(SLAPI_LOG_TRACE, POST_PLUGIN_NAME,
+                  "<-- acct_policy_mod_post_op\n");
 
-	return SLAPI_PLUGIN_SUCCESS;
+    return SLAPI_PLUGIN_SUCCESS;
 }
-

ldap/servers/plugins/acctpolicy/acct_util.c

@@ -27,10 +27,10 @@ Hewlett-Packard Development Company, L.P.
 #include "slapi-plugin.h"
 
 /* Globals */
-static void* plugin_id = NULL;
+static void *plugin_id = NULL;
 /* attributes that no clients are allowed to add or modify */
-static char *protected_attrs_login_recording [] = { "createTimestamp",
-                                        NULL };
+static char *protected_attrs_login_recording[] = {"createTimestamp",
+                                                  NULL};
 
 
 /*
@@ -39,40 +39,42 @@ static char *protected_attrs_login_recording [] = { "createTimestamp",
    the first value it finds.
 */
 int
-has_attr( Slapi_Entry* target_entry, char* attr_name, char** val ) {
-	Slapi_ValueSet *values = NULL;
-	Slapi_Value* sval;
-	char *actual_type_name = NULL;
-	int type_name_disposition = 0, attr_free_flags = 0, rc = 0;
-
-	/* Use vattr interface to support virtual attributes, e.g.
-	   acctPolicySubentry has a good chance of being supplied by CoS */
-	if ( slapi_vattr_values_get( target_entry, attr_name, &values, &type_name_disposition, &actual_type_name, 0, &attr_free_flags) == 0) {
-		if( slapi_valueset_first_value( values, &sval ) == -1 ) {
-			rc = 0;
-		} else {
-			rc = 1;
-			if( val ) {
-				/* Caller wants a copy of the found attribute's value */
-				*val = slapi_ch_strdup( slapi_value_get_string( sval ) );
-			}
-		}
-	} else {
-		rc = 0;
-	}
-
-	slapi_vattr_values_free(&values, &actual_type_name, attr_free_flags);
-	return( rc );
+has_attr(Slapi_Entry *target_entry, char *attr_name, char **val)
+{
+    Slapi_ValueSet *values = NULL;
+    Slapi_Value *sval;
+    char *actual_type_name = NULL;
+    int type_name_disposition = 0, attr_free_flags = 0, rc = 0;
+
+    /* Use vattr interface to support virtual attributes, e.g.
+       acctPolicySubentry has a good chance of being supplied by CoS */
+    if (slapi_vattr_values_get(target_entry, attr_name, &values, &type_name_disposition, &actual_type_name, 0, &attr_free_flags) == 0) {
+        if (slapi_valueset_first_value(values, &sval) == -1) {
+            rc = 0;
+        } else {
+            rc = 1;
+            if (val) {
+                /* Caller wants a copy of the found attribute's value */
+                *val = slapi_ch_strdup(slapi_value_get_string(sval));
+            }
+        }
+    } else {
+        rc = 0;
+    }
+
+    slapi_vattr_values_free(&values, &actual_type_name, attr_free_flags);
+    return (rc);
 }
 
 /*
   Lazy wrapper for has_attr()
 */
-char*
-get_attr_string_val( Slapi_Entry* target_entry, char* attr_name ) {
-	char* ret = NULL;
-	has_attr( target_entry, attr_name, &ret );
-	return( ret );
+char *
+get_attr_string_val(Slapi_Entry *target_entry, char *attr_name)
+{
+    char *ret = NULL;
+    has_attr(target_entry, attr_name, &ret);
+    return (ret);
 }
 
 /*
@@ -81,109 +83,113 @@ get_attr_string_val( Slapi_Entry* target_entry, char* attr_name ) {
   not an error; the entry is simply not covered by a policy.
 */
 int
-get_acctpolicy( Slapi_PBlock *pb __attribute__((unused)), Slapi_Entry *target_entry, void *plugin_id,
-		acctPolicy **policy )
+get_acctpolicy(Slapi_PBlock *pb __attribute__((unused)), Slapi_Entry *target_entry, void *plugin_id, acctPolicy **policy)
 {
-	Slapi_DN *sdn = NULL;
-	Slapi_Entry *policy_entry = NULL;
-	Slapi_Attr *attr;
-	Slapi_Value *sval = NULL;
-	int ldrc;
-	char *attr_name;
-	char *policy_dn = NULL;
-	acctPluginCfg *cfg;
+    Slapi_DN *sdn = NULL;
+    Slapi_Entry *policy_entry = NULL;
+    Slapi_Attr *attr;
+    Slapi_Value *sval = NULL;
+    int ldrc;
+    char *attr_name;
+    char *policy_dn = NULL;
+    acctPluginCfg *cfg;
     int rc = 0;
 
-	if( policy == NULL ) {
-		/* Bad parameter */
-		return( -1 );
-	}
-
-	*policy = NULL;
-
-	config_rd_lock();
-	cfg = get_config();
-	/* Return success and NULL policy */
-	policy_dn = get_attr_string_val( target_entry, cfg->spec_attr_name );
-	if( policy_dn == NULL ) {
-		slapi_log_err(SLAPI_LOG_PLUGIN, PLUGIN_NAME,
-				"get_acctpolicy - \"%s\" is not governed by an account inactivity "
-				"policy subentry\n", slapi_entry_get_ndn( target_entry ) );
-		if (cfg->inactivitylimit != ULONG_MAX) {
-			goto dopolicy;
-		}
-		slapi_log_err(SLAPI_LOG_PLUGIN, PLUGIN_NAME,
-				"get_acctpolicy - \"%s\" is not governed by an account inactivity "
-				"global policy\n", slapi_entry_get_ndn( target_entry ) );
-		config_unlock();
-		return rc;
-	}
-
-	sdn = slapi_sdn_new_dn_byref( policy_dn );
-	ldrc = slapi_search_internal_get_entry( sdn, NULL, &policy_entry,
-		plugin_id );
-	slapi_sdn_free( &sdn );
-
-	/* There should be a policy but it can't be retrieved; fatal error */
-	if( policy_entry == NULL ) {
-		if( ldrc != LDAP_NO_SUCH_OBJECT ) {
-			slapi_log_err(SLAPI_LOG_ERR, PLUGIN_NAME,
-				"get_acctpolicy - Error retrieving policy entry \"%s\": %d\n", policy_dn, ldrc );
-		} else {
-			slapi_log_err(SLAPI_LOG_PLUGIN, PLUGIN_NAME,
-				"get_acctpolicy - Policy entry \"%s\" is missing: %d\n", policy_dn, ldrc );
-		}
-		rc = -1;
+    if (policy == NULL) {
+        /* Bad parameter */
+        return (-1);
+    }
+
+    *policy = NULL;
+
+    config_rd_lock();
+    cfg = get_config();
+    /* Return success and NULL policy */
+    policy_dn = get_attr_string_val(target_entry, cfg->spec_attr_name);
+    if (policy_dn == NULL) {
+        slapi_log_err(SLAPI_LOG_PLUGIN, PLUGIN_NAME,
+                      "get_acctpolicy - \"%s\" is not governed by an account inactivity "
+                      "policy subentry\n",
+                      slapi_entry_get_ndn(target_entry));
+        if (cfg->inactivitylimit != ULONG_MAX) {
+            goto dopolicy;
+        }
+        slapi_log_err(SLAPI_LOG_PLUGIN, PLUGIN_NAME,
+                      "get_acctpolicy - \"%s\" is not governed by an account inactivity "
+                      "global policy\n",
+                      slapi_entry_get_ndn(target_entry));
+        config_unlock();
+        return rc;
+    }
+
+    sdn = slapi_sdn_new_dn_byref(policy_dn);
+    ldrc = slapi_search_internal_get_entry(sdn, NULL, &policy_entry,
+                                           plugin_id);
+    slapi_sdn_free(&sdn);
+
+    /* There should be a policy but it can't be retrieved; fatal error */
+    if (policy_entry == NULL) {
+        if (ldrc != LDAP_NO_SUCH_OBJECT) {
+            slapi_log_err(SLAPI_LOG_ERR, PLUGIN_NAME,
+                          "get_acctpolicy - Error retrieving policy entry \"%s\": %d\n", policy_dn, ldrc);
+        } else {
+            slapi_log_err(SLAPI_LOG_PLUGIN, PLUGIN_NAME,
+                          "get_acctpolicy - Policy entry \"%s\" is missing: %d\n", policy_dn, ldrc);
+        }
+        rc = -1;
         goto done;
-	}
+    }
 
 dopolicy:
-	*policy = (acctPolicy *)slapi_ch_calloc( 1, sizeof( acctPolicy ) );
-
-	if ( !policy_entry ) { /* global policy */
-		(*policy)->inactivitylimit = cfg->inactivitylimit;
-		goto done;
-	}
-
-	for( slapi_entry_first_attr( policy_entry, &attr ); attr != NULL;
-			slapi_entry_next_attr( policy_entry, attr, &attr ) ) {
-		slapi_attr_get_type(attr, &attr_name);
-		if( !strcasecmp( attr_name, cfg->limit_attr_name ) ) {
-			if( slapi_attr_first_value( attr, &sval ) == 0 ) {
-				(*policy)->inactivitylimit = slapi_value_get_ulong( sval );
-			}
-		}
-	}
+    *policy = (acctPolicy *)slapi_ch_calloc(1, sizeof(acctPolicy));
+
+    if (!policy_entry) { /* global policy */
+        (*policy)->inactivitylimit = cfg->inactivitylimit;
+        goto done;
+    }
+
+    for (slapi_entry_first_attr(policy_entry, &attr); attr != NULL;
+         slapi_entry_next_attr(policy_entry, attr, &attr)) {
+        slapi_attr_get_type(attr, &attr_name);
+        if (!strcasecmp(attr_name, cfg->limit_attr_name)) {
+            if (slapi_attr_first_value(attr, &sval) == 0) {
+                (*policy)->inactivitylimit = slapi_value_get_ulong(sval);
+            }
+        }
+    }
 done:
-	config_unlock();
-	slapi_ch_free_string( &policy_dn );
-	slapi_entry_free( policy_entry );
-	return( rc );
+    config_unlock();
+    slapi_ch_free_string(&policy_dn);
+    slapi_entry_free(policy_entry);
+    return (rc);
 }
 
 /*
   Frees an account policy allocated by get_acctpolicy()
 */
 void
-free_acctpolicy( acctPolicy **policy ) {
-	slapi_ch_free( (void**)policy );
-	return;
+free_acctpolicy(acctPolicy **policy)
+{
+    slapi_ch_free((void **)policy);
+    return;
 }
 
 /*
   Plugin plumbing
 */
 void
-set_identity(void *identity) {
-	plugin_id = identity;
+set_identity(void *identity)
+{
+    plugin_id = identity;
 }
 
 /*
   Plugin plumbing
 */
-void*
-get_identity() {
-	return( plugin_id );
+void *
+get_identity()
+{
+    return (plugin_id);
 }
 
 /*
@@ -192,22 +198,23 @@ get_identity() {
   which doesn't affect our time parsing.
 */
 int
-antoi( char *src, int offset, int len ) {
-	int pow = 1, res = 0;
-
-	if( len < 0 ) {
-		return( -1 );
-	}
-	while( --len != -1 ) {
-		if( !isdigit( src[offset+len] ) ) {
-			res = -1;
-			break;
-		} else {
-			res += ( src[offset+len] - '0' ) * pow ;
-			pow *= 10;
-		}
-	}
-	return( res );
+antoi(char *src, int offset, int len)
+{
+    int pow = 1, res = 0;
+
+    if (len < 0) {
+        return (-1);
+    }
+    while (--len != -1) {
+        if (!isdigit(src[offset + len])) {
+            res = -1;
+            break;
+        } else {
+            res += (src[offset + len] - '0') * pow;
+            pow *= 10;
+        }
+    }
+    return (res);
 }
 
 /*
@@ -215,63 +222,66 @@ antoi( char *src, int offset, int len ) {
   "20060807211257Z" -> 1154981577
 */
 time_t
-gentimeToEpochtime( char *gentimestr ) {
-	time_t epochtime, cur_local_epochtime, cur_gm_epochtime, zone_offset;
-	struct tm t, *cur_gm_time;
-
-	/* Find the local offset from GMT */
-	cur_gm_time = (struct tm*)slapi_ch_calloc( 1, sizeof( struct tm ) );
-	cur_local_epochtime = slapi_current_utc_time();
-	gmtime_r( &cur_local_epochtime, cur_gm_time );
-	cur_gm_epochtime = mktime( cur_gm_time );
-	free( cur_gm_time );
-	zone_offset = cur_gm_epochtime - cur_local_epochtime;
-
-	/* Parse generalizedtime string into a tm struct */
-	t.tm_year = antoi( gentimestr, 0, 4 ) - 1900;
-	t.tm_mon = antoi( gentimestr, 4, 2 ) - 1;
-	t.tm_mday = antoi( gentimestr, 6, 2 );
-	t.tm_hour = antoi( gentimestr, 8, 2 );
-	t.tm_min = antoi( gentimestr, 10, 2 );
-	t.tm_sec = antoi( gentimestr, 12, 2 );
-	t.tm_isdst = 0; /* DST does not apply to UTC */
-
-	/* Turn tm object into local epoch time */
-	epochtime = mktime( &t );
-
-	/* Turn local epoch time into GMT epoch time */
-	epochtime -= zone_offset;
-
-	return( epochtime );
+gentimeToEpochtime(char *gentimestr)
+{
+    time_t epochtime, cur_local_epochtime, cur_gm_epochtime, zone_offset;
+    struct tm t, *cur_gm_time;
+
+    /* Find the local offset from GMT */
+    cur_gm_time = (struct tm *)slapi_ch_calloc(1, sizeof(struct tm));
+    cur_local_epochtime = slapi_current_utc_time();
+    gmtime_r(&cur_local_epochtime, cur_gm_time);
+    cur_gm_epochtime = mktime(cur_gm_time);
+    free(cur_gm_time);
+    zone_offset = cur_gm_epochtime - cur_local_epochtime;
+
+    /* Parse generalizedtime string into a tm struct */
+    t.tm_year = antoi(gentimestr, 0, 4) - 1900;
+    t.tm_mon = antoi(gentimestr, 4, 2) - 1;
+    t.tm_mday = antoi(gentimestr, 6, 2);
+    t.tm_hour = antoi(gentimestr, 8, 2);
+    t.tm_min = antoi(gentimestr, 10, 2);
+    t.tm_sec = antoi(gentimestr, 12, 2);
+    t.tm_isdst = 0; /* DST does not apply to UTC */
+
+    /* Turn tm object into local epoch time */
+    epochtime = mktime(&t);
+
+    /* Turn local epoch time into GMT epoch time */
+    epochtime -= zone_offset;
+
+    return (epochtime);
 }
 
 /*
   Converts UNIX time to generalized time.  For example:
   1154981577 -> "20060807211257Z"
 */
-char*
-epochtimeToGentime( time_t epochtime ) {
-	char *gentimestr;
-	struct tm t;
+char *
+epochtimeToGentime(time_t epochtime)
+{
+    char *gentimestr;
+    struct tm t;
 
-	gmtime_r( &epochtime, &t );
-	gentimestr = slapi_ch_malloc(SLAPI_TIMESTAMP_BUFSIZE);
-	/* Format is YYYYmmddHHMMSSZ (15+1 chars) */
-	strftime( gentimestr, SLAPI_TIMESTAMP_BUFSIZE, "%Y%m%d%H%M%SZ", &t );
+    gmtime_r(&epochtime, &t);
+    gentimestr = slapi_ch_malloc(SLAPI_TIMESTAMP_BUFSIZE);
+    /* Format is YYYYmmddHHMMSSZ (15+1 chars) */
+    strftime(gentimestr, SLAPI_TIMESTAMP_BUFSIZE, "%Y%m%d%H%M%SZ", &t);
 
-	return( gentimestr );
+    return (gentimestr);
 }
 
-int update_is_allowed_attr (const char *attr)
+int
+update_is_allowed_attr(const char *attr)
 {
-	int i;
+    int i;
 
-        /* check list of attributes that cannot be used for login recording */
-        for (i = 0; protected_attrs_login_recording[i]; i ++) {
-            if (strcasecmp (attr, protected_attrs_login_recording[i]) == 0) {
-                /* this attribute is not allowed */
-                return 0;
-            }
+    /* check list of attributes that cannot be used for login recording */
+    for (i = 0; protected_attrs_login_recording[i]; i++) {
+        if (strcasecmp(attr, protected_attrs_login_recording[i]) == 0) {
+            /* this attribute is not allowed */
+            return 0;
         }
-	return 1;
+    }
+    return 1;
 }

ldap/servers/plugins/acctpolicy/acctpolicy.h

@@ -50,50 +50,49 @@ Hewlett-Packard Development Company, L.P.
 #define CALLBACK_ERR -1
 #define CALLBACK_HANDLED 1
 
-typedef struct acct_plugin_cfg {
-	char* state_attr_name;
-	char* alt_state_attr_name;
-	char* spec_attr_name;
-	char* limit_attr_name;
-	int always_record_login;
-	char* always_record_login_attr;
-	unsigned long inactivitylimit;
+typedef struct acct_plugin_cfg
+{
+    char *state_attr_name;
+    char *alt_state_attr_name;
+    char *spec_attr_name;
+    char *limit_attr_name;
+    int always_record_login;
+    char *always_record_login_attr;
+    unsigned long inactivitylimit;
 } acctPluginCfg;
 
-typedef struct accountpolicy {
-	unsigned long inactivitylimit;
+typedef struct accountpolicy
+{
+    unsigned long inactivitylimit;
 } acctPolicy;
 
 /* acct_util.c */
-int get_acctpolicy( Slapi_PBlock *pb, Slapi_Entry *target_entry,
-	void *plugin_id, acctPolicy **policy );
-void free_acctpolicy( acctPolicy **policy );
-int has_attr( Slapi_Entry* target_entry, char* attr_name, char** val );
-char* get_attr_string_val( Slapi_Entry* e, char* attr_name );
-void* get_identity(void);
-void set_identity(void*);
-time_t gentimeToEpochtime( char *gentimestr );
-char* epochtimeToGentime( time_t epochtime ); 
-int update_is_allowed_attr (const char *attr);
+int get_acctpolicy(Slapi_PBlock *pb, Slapi_Entry *target_entry, void *plugin_id, acctPolicy **policy);
+void free_acctpolicy(acctPolicy **policy);
+int has_attr(Slapi_Entry *target_entry, char *attr_name, char **val);
+char *get_attr_string_val(Slapi_Entry *e, char *attr_name);
+void *get_identity(void);
+void set_identity(void *);
+time_t gentimeToEpochtime(char *gentimestr);
+char *epochtimeToGentime(time_t epochtime);
+int update_is_allowed_attr(const char *attr);
 
 /* acct_config.c */
-int acct_policy_load_config_startup( Slapi_PBlock* pb, void* plugin_id );
-acctPluginCfg* get_config(void);
+int acct_policy_load_config_startup(Slapi_PBlock *pb, void *plugin_id);
+acctPluginCfg *get_config(void);
 void free_config(void);
 
 /* acct_init.c */
 void acct_policy_set_plugin_sdn(Slapi_DN *pluginDN);
-Slapi_DN * acct_policy_get_plugin_sdn(void);
+Slapi_DN *acct_policy_get_plugin_sdn(void);
 void acct_policy_set_config_area(Slapi_DN *sdn);
-Slapi_DN * acct_policy_get_config_area(void);
+Slapi_DN *acct_policy_get_config_area(void);
 void config_rd_lock(void);
 void config_wr_lock(void);
 void config_unlock(void);
 
 /* acc_plugins.c */
-int acct_add_pre_op( Slapi_PBlock *pb );
-int acct_mod_pre_op( Slapi_PBlock *pb );
-int acct_del_pre_op( Slapi_PBlock *pb );
-int acct_post_op( Slapi_PBlock *pb );
-
-
+int acct_add_pre_op(Slapi_PBlock *pb);
+int acct_mod_pre_op(Slapi_PBlock *pb);
+int acct_del_pre_op(Slapi_PBlock *pb);
+int acct_post_op(Slapi_PBlock *pb);

ldap/servers/plugins/acl/aclanom.c

@@ -4,68 +4,70 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
-#include 	"acl.h"
+#include "acl.h"
 
 /************************************************************************
-Anonymous profile 
+Anonymous profile
 **************************************************************************/
 
-struct  anom_targetacl {
-	int				anom_type;				/* defines for anom types same as aci_type */
-	int				anom_access;
-    Slapi_DN		*anom_target;			/* target of the ACL */
-	Slapi_Filter	*anom_filter;			/* targetfilter part */
-	char			**anom_targetAttrs;		/* list of attrs */
+struct anom_targetacl
+{
+    int anom_type; /* defines for anom types same as aci_type */
+    int anom_access;
+    Slapi_DN *anom_target;     /* target of the ACL */
+    Slapi_Filter *anom_filter; /* targetfilter part */
+    char **anom_targetAttrs;   /* list of attrs */
 };
 
 
-struct anom_profile {
-	short				anom_signature;
-	short				anom_numacls;
-	struct anom_targetacl anom_targetinfo[ACL_ANOM_MAX_ACL];
+struct anom_profile
+{
+    short anom_signature;
+    short anom_numacls;
+    struct anom_targetacl anom_targetinfo[ACL_ANOM_MAX_ACL];
 };
 
 static struct anom_profile *acl_anom_profile = NULL;
 
 static Slapi_RWLock *anom_rwlock = NULL;
-#define ANOM_LOCK_READ()     slapi_rwlock_rdlock  (anom_rwlock )
-#define ANOM_UNLOCK_READ()   slapi_rwlock_unlock (anom_rwlock )
-#define ANOM_LOCK_WRITE()    slapi_rwlock_wrlock  (anom_rwlock )
-#define ANOM_UNLOCK_WRITE()  slapi_rwlock_unlock (anom_rwlock )
+#define ANOM_LOCK_READ() slapi_rwlock_rdlock(anom_rwlock)
+#define ANOM_UNLOCK_READ() slapi_rwlock_unlock(anom_rwlock)
+#define ANOM_LOCK_WRITE() slapi_rwlock_wrlock(anom_rwlock)
+#define ANOM_UNLOCK_WRITE() slapi_rwlock_unlock(anom_rwlock)
 
 /*
  * aclanom_init ();
- *	Generate a profile for the anonymous user.  We can use this profile
- *	later to determine what resources the client is allowed to.
+ *    Generate a profile for the anonymous user.  We can use this profile
+ *    later to determine what resources the client is allowed to.
  *
  * Dependency:
- * 		Before calling this, it is assumed that all the ACLs have been read
- *		and parsed. 
+ *         Before calling this, it is assumed that all the ACLs have been read
+ *        and parsed.
  *
- *		We will go thru all the ACL and pick the ANYONE ACL and generate the anom 
- *		profile.
+ *        We will go thru all the ACL and pick the ANYONE ACL and generate the anom
+ *        profile.
  *
  */
 int
-aclanom_init ()
+aclanom_init()
 {
 
-	acl_anom_profile = (struct anom_profile * )
-                slapi_ch_calloc (1, sizeof ( struct anom_profile ) );
+    acl_anom_profile = (struct anom_profile *)
+        slapi_ch_calloc(1, sizeof(struct anom_profile));
 
-	if (( anom_rwlock = slapi_new_rwlock()) == NULL ) {
-		slapi_log_err(SLAPI_LOG_ERR, plugin_name,
-				"aclanom_init - Failed in getting the ANOM rwlock\n" );
-		return 1;
-	}
-	return 0;
+    if ((anom_rwlock = slapi_new_rwlock()) == NULL) {
+        slapi_log_err(SLAPI_LOG_ERR, plugin_name,
+                      "aclanom_init - Failed in getting the ANOM rwlock\n");
+        return 1;
+    }
+    return 0;
 }
 
 /*
@@ -73,268 +75,265 @@ aclanom_init ()
  * acicache read lock.
 */
 void
-aclanom_gen_anomProfile (acl_lock_flag_t lock_flag)
+aclanom_gen_anomProfile(acl_lock_flag_t lock_flag)
 {
-	aci_t					*aci = NULL;
-	int						i;
-	Targetattr				**srcattrArray;
-	Targetattr				*attr;
-	struct	anom_profile	*a_profile;
-	PRUint32				cookie;
-
-	PR_ASSERT( lock_flag == DO_TAKE_ACLCACHE_READLOCK ||
-				lock_flag == DONT_TAKE_ACLCACHE_READLOCK);
-
-	/*
-	 * This routine requires two locks:
-	 * the one for the global cache in acllist_acicache_READ_LOCK() and
-	 * the one for the anom profile.
-	 * They _must_ be taken in the order presented here or there
-	 * is a deadlock scenario with acllist_remove_aci_needsLock() which
-	 * takes them is this order.
-	*/
-
-	if ( lock_flag == DO_TAKE_ACLCACHE_READLOCK ) {
-		acllist_acicache_READ_LOCK();
-	}
-	ANOM_LOCK_WRITE  ();
-	a_profile = acl_anom_profile;
-
-	if ( (!acl_get_aclsignature()) || ( !a_profile) ||
-			(a_profile->anom_signature ==  acl_get_aclsignature()) ) {
-		ANOM_UNLOCK_WRITE ();
-		if ( lock_flag == DO_TAKE_ACLCACHE_READLOCK ) {
-			acllist_acicache_READ_UNLOCK();
-		}
-		return;
-	}
-
-	/* D0 we have one already. If we do, then clean it up */
-	aclanom__del_profile(0);
-
-	/* We have a new signature now */
-	a_profile->anom_signature =  acl_get_aclsignature();
-
-	slapi_log_err(SLAPI_LOG_ACL, plugin_name, "aclanom_gen_anomProfile - GENERATING ANOM USER PROFILE\n");
-	/*
-	** Go thru the ACL list and find all the ACLs  which apply to the 
-	** anonymous user i.e anyone. we can generate a profile for that.
-	** We will llok at the simple case i.e it matches 
-	** cases not handled:
-	**  1) When there is a mix if rule types ( allows & denies )
-	**
-	*/
-
-	aci = acllist_get_first_aci ( NULL, &cookie );	
-	while ( aci ) {
-		int			a_numacl;
-		struct slapi_filter	*f;
-		char			**destattrArray;
-
-
-		/* 
-		 * We must not have a  rule like:  deny ( all )  userdn != "xyz" 
-		 * or groupdn !=
-		*/
-		if ( (aci->aci_type &  ACI_HAS_DENY_RULE) &&
-			( (aci->aci_type & ACI_CONTAIN_NOT_USERDN ) ||
-			  (aci->aci_type & ACI_CONTAIN_NOT_GROUPDN)	||
-				(aci->aci_type & ACI_CONTAIN_NOT_ROLEDN)) ){
-			slapi_log_err(SLAPI_LOG_ACL, plugin_name, 
-				"aclanom_gen_anomProfile - CANCELLING ANOM USER PROFILE BECAUSE OF DENY RULE\n");
-			goto cleanup;
-		}
-
-		/* Must be a anyone rule */
-		if ( aci->aci_elevel != ACI_ELEVEL_USERDN_ANYONE ) {
-			aci =  acllist_get_next_aci ( NULL, aci, &cookie);
-			continue;
-		}
-		if (! (aci->aci_access &  ( SLAPI_ACL_READ | SLAPI_ACL_SEARCH)) ) {
-			aci =  acllist_get_next_aci ( NULL, aci, &cookie);
-			continue;
-		}
-		/* If the rule has anything other than userdn = "ldap:///anyone"
-		** let's not consider complex rules - let's make this lean.
-		*/
-		if ( aci->aci_ruleType & ~ACI_USERDN_RULE ){
-			slapi_log_err(SLAPI_LOG_ACL, plugin_name, 
-				"aclanom_gen_anomProfile - CANCELLING ANOM USER PROFILE BECAUSE OF COMPLEX RULE\n");
-			goto cleanup;
-		}
-
-		/* Must not be a or have a 
-		** 1 ) DENY RULE   2) targetfilter
-		** 3) no target pattern ( skip monitor acl  )
-		*/
-		if ( aci->aci_type & ( ACI_HAS_DENY_RULE  | ACI_TARGET_PATTERN |
-					ACI_TARGET_NOT | ACI_TARGET_FILTER_NOT )) {
-			const char	*dn = slapi_sdn_get_dn ( aci->aci_sdn );
-
-			/* see if this is a monitor acl */
-			if (( strcasecmp ( dn, "cn=monitor") == 0 )  ||
-			    /* cn=monitor,cn=ldbm: No such object */
-			    ( strcasecmp ( dn, "cn=monitor,cn=ldbm") == 0 )) {
-				aci =  acllist_get_next_aci ( NULL, aci, &cookie);
-				continue;
-			} else {
-				/* clean up before leaving */
-				slapi_log_err(SLAPI_LOG_ACL, plugin_name, 
-					"aclanom_gen_anomProfile - CANCELLING ANOM USER PROFILE 1\n");
-				goto cleanup;
-			}
-
-		}
-
-		/* Now we have an ALLOW ACL which applies to anyone */
-		a_numacl = a_profile->anom_numacls++;
-
-		if ( a_profile->anom_numacls == ACL_ANOM_MAX_ACL ) {
-			slapi_log_err(SLAPI_LOG_ACL, plugin_name, "aclanom_gen_anomProfile - CANCELLING ANOM USER PROFILE 2\n");
-			goto cleanup;
-		}
-
-		if ( (f = aci->target) != NULL ) {
-			char            *avaType;
-			struct berval   *avaValue;
-			slapi_filter_get_ava ( f, &avaType, &avaValue );
-
-			a_profile->anom_targetinfo[a_numacl].anom_target = 
-						slapi_sdn_new_dn_byval ( avaValue->bv_val );
-		} else {
-			a_profile->anom_targetinfo[a_numacl].anom_target = 
-						slapi_sdn_dup ( aci->aci_sdn );
-		}
-
-		a_profile->anom_targetinfo[a_numacl].anom_filter =  NULL;
-		if ( aci->targetFilterStr ) {
-			a_profile->anom_targetinfo[a_numacl].anom_filter =  slapi_str2filter ( aci->targetFilterStr );
-			if (NULL == a_profile->anom_targetinfo[a_numacl].anom_filter) {
-				const char	*dn = slapi_sdn_get_dn ( aci->aci_sdn );
-				slapi_log_err(SLAPI_LOG_ERR, plugin_name,
-								"aclanom_gen_anomProfile - Invalid filter [%s] in anonymous aci in entry [%s]\n",
-								aci->targetFilterStr, dn);
-				goto cleanup;
-			}
-		}				
-
-		i = 0;
-		srcattrArray = aci->targetAttr;
-		while ( srcattrArray[i])
-			i++;
-
-		a_profile->anom_targetinfo[a_numacl].anom_targetAttrs = 
-					(char **) slapi_ch_calloc ( 1, (i+1) * sizeof(char *));
-
-		srcattrArray = aci->targetAttr;
-		destattrArray = a_profile->anom_targetinfo[a_numacl].anom_targetAttrs;
-
-		i = 0;
-		while ( srcattrArray[i] ) {
-			attr = srcattrArray[i];
-			if ( attr->attr_type & ACL_ATTR_FILTER ) {
-				/* Do'nt want to support these kind now */
-				destattrArray[i] = NULL;
-				/* clean up before leaving */
-				aclanom__del_profile (0);
-				slapi_log_err(SLAPI_LOG_ACL, plugin_name, 
-					"aclanom_gen_anomProfile - CANCELLING ANOM USER PROFILE 3\n");
-				goto cleanup;
-			}
-
-			destattrArray[i] = slapi_ch_strdup ( attr->u.attr_str );
-			i++;
-		}	
-
-		destattrArray[i] = NULL;
-
-		aclutil_print_aci ( aci, "anom" );	
-		/*  Here we are storing att the info from the acls. However
-		** we are only interested in a few things like ACI_TARGETATTR_NOT.
-		*/
-		a_profile->anom_targetinfo[a_numacl].anom_type = aci->aci_type;
-		a_profile->anom_targetinfo[a_numacl].anom_access = aci->aci_access;
-		
-		aci =  acllist_get_next_aci ( NULL, aci, &cookie);
-	}
-
-	ANOM_UNLOCK_WRITE ();
-	if ( lock_flag == DO_TAKE_ACLCACHE_READLOCK ) {
-		acllist_acicache_READ_UNLOCK();
-	}
-	return;
+    aci_t *aci = NULL;
+    int i;
+    Targetattr **srcattrArray;
+    Targetattr *attr;
+    struct anom_profile *a_profile;
+    PRUint32 cookie;
+
+    PR_ASSERT(lock_flag == DO_TAKE_ACLCACHE_READLOCK ||
+              lock_flag == DONT_TAKE_ACLCACHE_READLOCK);
+
+    /*
+     * This routine requires two locks:
+     * the one for the global cache in acllist_acicache_READ_LOCK() and
+     * the one for the anom profile.
+     * They _must_ be taken in the order presented here or there
+     * is a deadlock scenario with acllist_remove_aci_needsLock() which
+     * takes them is this order.
+    */
+
+    if (lock_flag == DO_TAKE_ACLCACHE_READLOCK) {
+        acllist_acicache_READ_LOCK();
+    }
+    ANOM_LOCK_WRITE();
+    a_profile = acl_anom_profile;
+
+    if ((!acl_get_aclsignature()) || (!a_profile) ||
+        (a_profile->anom_signature == acl_get_aclsignature())) {
+        ANOM_UNLOCK_WRITE();
+        if (lock_flag == DO_TAKE_ACLCACHE_READLOCK) {
+            acllist_acicache_READ_UNLOCK();
+        }
+        return;
+    }
+
+    /* D0 we have one already. If we do, then clean it up */
+    aclanom__del_profile(0);
+
+    /* We have a new signature now */
+    a_profile->anom_signature = acl_get_aclsignature();
+
+    slapi_log_err(SLAPI_LOG_ACL, plugin_name, "aclanom_gen_anomProfile - GENERATING ANOM USER PROFILE\n");
+    /*
+    ** Go thru the ACL list and find all the ACLs  which apply to the
+    ** anonymous user i.e anyone. we can generate a profile for that.
+    ** We will llok at the simple case i.e it matches
+    ** cases not handled:
+    **  1) When there is a mix if rule types ( allows & denies )
+    **
+    */
+
+    aci = acllist_get_first_aci(NULL, &cookie);
+    while (aci) {
+        int a_numacl;
+        struct slapi_filter *f;
+        char **destattrArray;
+
+
+        /*
+         * We must not have a  rule like:  deny ( all )  userdn != "xyz"
+         * or groupdn !=
+        */
+        if ((aci->aci_type & ACI_HAS_DENY_RULE) &&
+            ((aci->aci_type & ACI_CONTAIN_NOT_USERDN) ||
+             (aci->aci_type & ACI_CONTAIN_NOT_GROUPDN) ||
+             (aci->aci_type & ACI_CONTAIN_NOT_ROLEDN))) {
+            slapi_log_err(SLAPI_LOG_ACL, plugin_name,
+                          "aclanom_gen_anomProfile - CANCELLING ANOM USER PROFILE BECAUSE OF DENY RULE\n");
+            goto cleanup;
+        }
+
+        /* Must be a anyone rule */
+        if (aci->aci_elevel != ACI_ELEVEL_USERDN_ANYONE) {
+            aci = acllist_get_next_aci(NULL, aci, &cookie);
+            continue;
+        }
+        if (!(aci->aci_access & (SLAPI_ACL_READ | SLAPI_ACL_SEARCH))) {
+            aci = acllist_get_next_aci(NULL, aci, &cookie);
+            continue;
+        }
+        /* If the rule has anything other than userdn = "ldap:///anyone"
+        ** let's not consider complex rules - let's make this lean.
+        */
+        if (aci->aci_ruleType & ~ACI_USERDN_RULE) {
+            slapi_log_err(SLAPI_LOG_ACL, plugin_name,
+                          "aclanom_gen_anomProfile - CANCELLING ANOM USER PROFILE BECAUSE OF COMPLEX RULE\n");
+            goto cleanup;
+        }
+
+        /* Must not be a or have a
+        ** 1 ) DENY RULE   2) targetfilter
+        ** 3) no target pattern ( skip monitor acl  )
+        */
+        if (aci->aci_type & (ACI_HAS_DENY_RULE | ACI_TARGET_PATTERN |
+                             ACI_TARGET_NOT | ACI_TARGET_FILTER_NOT)) {
+            const char *dn = slapi_sdn_get_dn(aci->aci_sdn);
+
+            /* see if this is a monitor acl */
+            if ((strcasecmp(dn, "cn=monitor") == 0) ||
+                /* cn=monitor,cn=ldbm: No such object */
+                (strcasecmp(dn, "cn=monitor,cn=ldbm") == 0)) {
+                aci = acllist_get_next_aci(NULL, aci, &cookie);
+                continue;
+            } else {
+                /* clean up before leaving */
+                slapi_log_err(SLAPI_LOG_ACL, plugin_name,
+                              "aclanom_gen_anomProfile - CANCELLING ANOM USER PROFILE 1\n");
+                goto cleanup;
+            }
+        }
+
+        /* Now we have an ALLOW ACL which applies to anyone */
+        a_numacl = a_profile->anom_numacls++;
+
+        if (a_profile->anom_numacls == ACL_ANOM_MAX_ACL) {
+            slapi_log_err(SLAPI_LOG_ACL, plugin_name, "aclanom_gen_anomProfile - CANCELLING ANOM USER PROFILE 2\n");
+            goto cleanup;
+        }
+
+        if ((f = aci->target) != NULL) {
+            char *avaType;
+            struct berval *avaValue;
+            slapi_filter_get_ava(f, &avaType, &avaValue);
+
+            a_profile->anom_targetinfo[a_numacl].anom_target =
+                slapi_sdn_new_dn_byval(avaValue->bv_val);
+        } else {
+            a_profile->anom_targetinfo[a_numacl].anom_target =
+                slapi_sdn_dup(aci->aci_sdn);
+        }
+
+        a_profile->anom_targetinfo[a_numacl].anom_filter = NULL;
+        if (aci->targetFilterStr) {
+            a_profile->anom_targetinfo[a_numacl].anom_filter = slapi_str2filter(aci->targetFilterStr);
+            if (NULL == a_profile->anom_targetinfo[a_numacl].anom_filter) {
+                const char *dn = slapi_sdn_get_dn(aci->aci_sdn);
+                slapi_log_err(SLAPI_LOG_ERR, plugin_name,
+                              "aclanom_gen_anomProfile - Invalid filter [%s] in anonymous aci in entry [%s]\n",
+                              aci->targetFilterStr, dn);
+                goto cleanup;
+            }
+        }
+
+        i = 0;
+        srcattrArray = aci->targetAttr;
+        while (srcattrArray[i])
+            i++;
+
+        a_profile->anom_targetinfo[a_numacl].anom_targetAttrs =
+            (char **)slapi_ch_calloc(1, (i + 1) * sizeof(char *));
+
+        srcattrArray = aci->targetAttr;
+        destattrArray = a_profile->anom_targetinfo[a_numacl].anom_targetAttrs;
+
+        i = 0;
+        while (srcattrArray[i]) {
+            attr = srcattrArray[i];
+            if (attr->attr_type & ACL_ATTR_FILTER) {
+                /* Do'nt want to support these kind now */
+                destattrArray[i] = NULL;
+                /* clean up before leaving */
+                aclanom__del_profile(0);
+                slapi_log_err(SLAPI_LOG_ACL, plugin_name,
+                              "aclanom_gen_anomProfile - CANCELLING ANOM USER PROFILE 3\n");
+                goto cleanup;
+            }
+
+            destattrArray[i] = slapi_ch_strdup(attr->u.attr_str);
+            i++;
+        }
+
+        destattrArray[i] = NULL;
+
+        aclutil_print_aci(aci, "anom");
+        /*  Here we are storing att the info from the acls. However
+        ** we are only interested in a few things like ACI_TARGETATTR_NOT.
+        */
+        a_profile->anom_targetinfo[a_numacl].anom_type = aci->aci_type;
+        a_profile->anom_targetinfo[a_numacl].anom_access = aci->aci_access;
+
+        aci = acllist_get_next_aci(NULL, aci, &cookie);
+    }
+
+    ANOM_UNLOCK_WRITE();
+    if (lock_flag == DO_TAKE_ACLCACHE_READLOCK) {
+        acllist_acicache_READ_UNLOCK();
+    }
+    return;
 
 cleanup:
-	aclanom__del_profile (0);
-	ANOM_UNLOCK_WRITE ();
-	if ( lock_flag == DO_TAKE_ACLCACHE_READLOCK ) {
-		acllist_acicache_READ_UNLOCK();
-	}
+    aclanom__del_profile(0);
+    ANOM_UNLOCK_WRITE();
+    if (lock_flag == DO_TAKE_ACLCACHE_READLOCK) {
+        acllist_acicache_READ_UNLOCK();
+    }
 }
 
 
 void
-aclanom_invalidateProfile ()
+aclanom_invalidateProfile()
 {
-	ANOM_LOCK_WRITE();
-	if ( acl_anom_profile && acl_anom_profile->anom_numacls )
-		acl_anom_profile->anom_signature = 0;
-	ANOM_UNLOCK_WRITE();
-
-
+    ANOM_LOCK_WRITE();
+    if (acl_anom_profile && acl_anom_profile->anom_numacls)
+        acl_anom_profile->anom_signature = 0;
+    ANOM_UNLOCK_WRITE();
 }
 
 /*
  * __aclanom_del_profile
  *
- *	Cleanup the anonymous user's profile we have.
- * 
- *	ASSUMPTION: A WRITE LOCK HAS BEEN OBTAINED
+ *    Cleanup the anonymous user's profile we have.
+ *
+ *    ASSUMPTION: A WRITE LOCK HAS BEEN OBTAINED
  *
  */
 void
-aclanom__del_profile (int closing)
+aclanom__del_profile(int closing)
 {
-	int						i;
-	struct	anom_profile	*a_profile;
-
-
-	if ( (a_profile = acl_anom_profile) == NULL ) {
-		return;
-	}
-
-	for ( i=0; i < a_profile->anom_numacls; i++ ) {
-		int	j = 0;
-		char	**destArray = a_profile->anom_targetinfo[i].anom_targetAttrs;
-
-		/* Deallocate target */
-		slapi_sdn_free ( &a_profile->anom_targetinfo[i].anom_target );
-		
-		/* Deallocate filter */
-		if ( a_profile->anom_targetinfo[i].anom_filter )
-			slapi_filter_free ( a_profile->anom_targetinfo[i].anom_filter, 1 );
-
-		/* Deallocate attrs */
-		if ( destArray ) {
-			while ( destArray[j] ) {
-				slapi_ch_free ( (void **) &destArray[j] );
-				j++;
-			}
-			slapi_ch_free ( (void **) &destArray );
-		}
-		a_profile->anom_targetinfo[i].anom_targetAttrs = NULL;
-		a_profile->anom_targetinfo[i].anom_type = 0;
+    int i;
+    struct anom_profile *a_profile;
+
+
+    if ((a_profile = acl_anom_profile) == NULL) {
+        return;
+    }
+
+    for (i = 0; i < a_profile->anom_numacls; i++) {
+        int j = 0;
+        char **destArray = a_profile->anom_targetinfo[i].anom_targetAttrs;
+
+        /* Deallocate target */
+        slapi_sdn_free(&a_profile->anom_targetinfo[i].anom_target);
+
+        /* Deallocate filter */
+        if (a_profile->anom_targetinfo[i].anom_filter)
+            slapi_filter_free(a_profile->anom_targetinfo[i].anom_filter, 1);
+
+        /* Deallocate attrs */
+        if (destArray) {
+            while (destArray[j]) {
+                slapi_ch_free((void **)&destArray[j]);
+                j++;
+            }
+            slapi_ch_free((void **)&destArray);
+        }
+        a_profile->anom_targetinfo[i].anom_targetAttrs = NULL;
+        a_profile->anom_targetinfo[i].anom_type = 0;
         a_profile->anom_targetinfo[i].anom_access = 0;
-	}
-	a_profile->anom_numacls = 0;
+    }
+    a_profile->anom_numacls = 0;
 
-	if(closing){
-		slapi_destroy_rwlock(anom_rwlock);
-		anom_rwlock = NULL;
-		slapi_ch_free((void **)&acl_anom_profile);
-	}
+    if (closing) {
+        slapi_destroy_rwlock(anom_rwlock);
+        anom_rwlock = NULL;
+        slapi_ch_free((void **)&acl_anom_profile);
+    }
 
-	/* Don't clean the signatue */
+    /* Don't clean the signatue */
 }
 
 /*
@@ -348,7 +347,7 @@ aclanom__del_profile (int closing)
  * attribute.  So, we call this in acl_access_allowed() before calling
  * aclanom_match_profile()--therafter, aclanom_match_profile() uses the
  * context to evaluate access to the entry and attributes.
- * 
+ *
  * If there are no anom profiles, or the anom profiles get cancelled
  * due to complex anon acis, then that's OK, aclanom_match_profile()
  * returns -1 and the mainline acl code kicks in.
@@ -358,221 +357,219 @@ aclanom__del_profile (int closing)
  * So, if for an example an entry changes and a given anom profile entry
  * no longer applies, we will not notice until the next round of access
  * control checking on the entry--this is acceptable.
- * 
+ *
  * The gain on doing this factoring in the following type of search
  * was approx 6%:
- * anon bind, 20 threads, exact match, ~20 attributes returned, 
+ * anon bind, 20 threads, exact match, ~20 attributes returned,
  * (searchrate & DirectoryMark).
- * 
+ *
 */
 void
 aclanom_get_suffix_info(Slapi_Entry *e,
-							struct acl_pblock *aclpb ) {
-	int i;
-	char     *ndn = NULL;
-	Slapi_DN    *e_sdn;
-	const char    *aci_ndn;
-	struct scoped_entry_anominfo *s_e_anominfo =
-			&aclpb->aclpb_scoped_entry_anominfo;
-
-	ANOM_LOCK_READ ();
-		
-	s_e_anominfo->anom_e_nummatched=0;
-
-	ndn = slapi_entry_get_ndn ( e ) ;
-	e_sdn= slapi_entry_get_sdn ( e ) ;
-	for (i=acl_anom_profile->anom_numacls-1; i >= 0; i-- ) {
-		aci_ndn = slapi_sdn_get_ndn (acl_anom_profile->anom_targetinfo[i].anom_target);
-		if (!slapi_sdn_issuffix(e_sdn,acl_anom_profile->anom_targetinfo[i].anom_target)
-				|| (!slapi_is_rootdse(ndn) && slapi_is_rootdse(aci_ndn)))
-						continue;
-		if ( acl_anom_profile->anom_targetinfo[i].anom_filter ) {
-			if ( slapi_vattr_filter_test( aclpb->aclpb_pblock, e,
-                               		acl_anom_profile->anom_targetinfo[i].anom_filter, 
-					0 /*don't do acess chk*/)  != 0)
-				continue;
-		}
-		s_e_anominfo->anom_e_targetInfo[s_e_anominfo->anom_e_nummatched]=i;
-		s_e_anominfo->anom_e_nummatched++;
-	}
-	ANOM_UNLOCK_READ (); 
+                        struct acl_pblock *aclpb)
+{
+    int i;
+    char *ndn = NULL;
+    Slapi_DN *e_sdn;
+    const char *aci_ndn;
+    struct scoped_entry_anominfo *s_e_anominfo =
+        &aclpb->aclpb_scoped_entry_anominfo;
+
+    ANOM_LOCK_READ();
+
+    s_e_anominfo->anom_e_nummatched = 0;
+
+    ndn = slapi_entry_get_ndn(e);
+    e_sdn = slapi_entry_get_sdn(e);
+    for (i = acl_anom_profile->anom_numacls - 1; i >= 0; i--) {
+        aci_ndn = slapi_sdn_get_ndn(acl_anom_profile->anom_targetinfo[i].anom_target);
+        if (!slapi_sdn_issuffix(e_sdn, acl_anom_profile->anom_targetinfo[i].anom_target) || (!slapi_is_rootdse(ndn) && slapi_is_rootdse(aci_ndn)))
+            continue;
+        if (acl_anom_profile->anom_targetinfo[i].anom_filter) {
+            if (slapi_vattr_filter_test(aclpb->aclpb_pblock, e,
+                                        acl_anom_profile->anom_targetinfo[i].anom_filter,
+                                        0 /*don't do acess chk*/) != 0)
+                continue;
+        }
+        s_e_anominfo->anom_e_targetInfo[s_e_anominfo->anom_e_nummatched] = i;
+        s_e_anominfo->anom_e_nummatched++;
+    }
+    ANOM_UNLOCK_READ();
 }
 
 
 /*
  * aclanom_match_profile
- *	Look at the anonymous profile and see if we can use it or not.
+ *    Look at the anonymous profile and see if we can use it or not.
  *
  *
- *	Inputs:
- *		Slapi_Pblock			- The Pblock
- *		Slapi_Entry *e			- The entry for which we are asking permission.
- *		char *attr			- Attribute name
- *		int  access			- access type
+ *    Inputs:
+ *        Slapi_Pblock            - The Pblock
+ *        Slapi_Entry *e            - The entry for which we are asking permission.
+ *        char *attr            - Attribute name
+ *        int  access            - access type
  *
- *	Return:
- *		LDAP_SUCCESS ( 0 )		- acess is allowed.
- *		LDAP_INSUFFICIENT_ACCESS (50 )  - access denied.
- *		-1			        - didn't match the targets
+ *    Return:
+ *        LDAP_SUCCESS ( 0 )        - acess is allowed.
+ *        LDAP_INSUFFICIENT_ACCESS (50 )  - access denied.
+ *        -1                    - didn't match the targets
  *
  * Assumptions:
- * 	The caller of this module has to make sure that the client is 
- *	an anonymous client.
+ *     The caller of this module has to make sure that the client is
+ *    an anonymous client.
  */
 int
-aclanom_match_profile (Slapi_PBlock *pb, struct acl_pblock *aclpb, Slapi_Entry *e,
-						char *attr, int access ) 
+aclanom_match_profile(Slapi_PBlock *pb, struct acl_pblock *aclpb, Slapi_Entry *e, char *attr, int access)
 {
 
-	struct	anom_profile	*a_profile;
-	int						result, i, k;
-	char					**destArray;
-	int						tmatched = 0;
-	int						loglevel;
-	struct scoped_entry_anominfo *s_e_anominfo =
-			&aclpb->aclpb_scoped_entry_anominfo;
-
-	loglevel = slapi_is_loglevel_set(SLAPI_LOG_ACL) ? SLAPI_LOG_ACL : SLAPI_LOG_ACLSUMMARY;
-
-	/* WE are only interested for READ/SEARCH  */
-	if (  !(access & ( SLAPI_ACL_SEARCH | SLAPI_ACL_READ)) )
-		return -1;
-
-	/* If we are here means, the client is doing a anonymous read/search */
-	if ((a_profile = acl_anom_profile) == NULL ) {
-		return -1;
-	}		
-
-	ANOM_LOCK_READ ();
-	/* Check the signature first */
-	if ( a_profile->anom_signature != acl_get_aclsignature () ) {
-		/* Need to regenrate the signature.
-	 	 * Need a WRITE lock to generate the anom profile  -
-	 	 * which is obtained in acl__gen_anom_user_profile (). Since
-	 	 * I don't have upgrade lock -- I have to do this way.
-	 	 */
-		ANOM_UNLOCK_READ ();
-		aclanom_gen_anomProfile (DO_TAKE_ACLCACHE_READLOCK);
-		aclanom_get_suffix_info(e, aclpb );
-		ANOM_LOCK_READ ();
-	}
-
-	/* doing this early saves use a malloc/free/normalize cost */
-	if ( !a_profile->anom_numacls ) {
-		ANOM_UNLOCK_READ ();
-		return -1;
-	}
-
-	result = LDAP_INSUFFICIENT_ACCESS;
-
-	for ( k=0; k<s_e_anominfo->anom_e_nummatched; k++ ) {
-		short	matched = 0;
-		short	j = 0;	
-	
-		i = s_e_anominfo->anom_e_targetInfo[k];
-	
-		/* Check for right */
-		if ( !(a_profile->anom_targetinfo[i].anom_access & access) )
-			continue;
-		
-		/*
-		 * XXX rbyrne Don't really understand the role of this
-		 * but not causing any obvious bugs...get back to it.
-		*/		
-		tmatched++;
-		
-		if ( attr == NULL ) {
-			result = LDAP_SUCCESS;
-			break;
-		}
-
-		destArray = a_profile->anom_targetinfo[i].anom_targetAttrs;
-		while ( destArray[j] ) {
-			if ( strcasecmp ( destArray[j], "*") == 0 ||
-				slapi_attr_type_cmp ( attr, destArray[j], 1 ) == 0 ) {
-				matched = 1;
-				break;
-			}
-			j++;
-		}
-		
-		if ( a_profile->anom_targetinfo[i].anom_type  & ACI_TARGET_ATTR_NOT )
-			result = matched ? LDAP_INSUFFICIENT_ACCESS : LDAP_SUCCESS;
-		else 
-			result = matched ? LDAP_SUCCESS : LDAP_INSUFFICIENT_ACCESS;
-	
-		if ( result == LDAP_SUCCESS )
-			break;
-	} /* for */
-
-	if ( slapi_is_loglevel_set(loglevel) ) {
-		char					*ndn = NULL;
-		Slapi_Operation			*op = NULL;
-		PRUint64 o_connid = 0xffffffffffffffff; /* no op */
-		int o_opid = -1; /* no op */
- 
-		ndn = slapi_entry_get_ndn ( e ) ;
-		slapi_pblock_get(pb, SLAPI_OPERATION, &op);
-		if (op) {
-			o_connid = op->o_connid;
-			o_opid = op->o_opid;
-		}
-
-		if ( result == LDAP_SUCCESS) {
-			const char				*aci_ndn;
-			aci_ndn = slapi_sdn_get_ndn (acl_anom_profile->anom_targetinfo[i].anom_target);
-			if (access & SLAPI_ACL_MODDN) {
-				slapi_log_err(loglevel, plugin_name, 
-					"aclanom_match_profile - conn=%" PRIu64 " op=%d: Allow access on entry(%s).attr(%s) (from %s) to anonymous: acidn=\"%s\"\n",
-					o_connid, o_opid,
-					ndn,
-					attr ? attr:"NULL",
-					aclpb->aclpb_moddn_source_sdn ? slapi_sdn_get_dn(aclpb->aclpb_moddn_source_sdn) : "NULL",
-					aci_ndn);
-				
-			} else {
-				slapi_log_err(loglevel, plugin_name, 
-					"aclanom_match_profile - conn=%" PRIu64 " op=%d: Allow access on entry(%s).attr(%s) to anonymous: acidn=\"%s\"\n",
-					o_connid, o_opid,
-					ndn,
-					attr ? attr:"NULL",
-					aci_ndn);
-			}
-		} else {
-			if (access & SLAPI_ACL_MODDN) {
-				slapi_log_err(loglevel, plugin_name,
-					"aclanom_match_profile - conn=%" PRIu64 " op=%d: Deny access on entry(%s).attr(%s) (from %s) to anonymous\n",
-					o_connid, o_opid,
-					ndn, attr ? attr:"NULL" ,
-					aclpb->aclpb_moddn_source_sdn ? slapi_sdn_get_dn(aclpb->aclpb_moddn_source_sdn) : "NULL");
-			} else {
-				slapi_log_err(loglevel, plugin_name,
-					"aclanom_match_profile - conn=%" PRIu64 " op=%d: Deny access on entry(%s).attr(%s) to anonymous\n",
-					o_connid, o_opid,
-					ndn, attr ? attr:"NULL" );
-			}
-		}
-	}
-
-	ANOM_UNLOCK_READ ();
-	if ( tmatched == 0) 
-		return -1;
-	else 
-		return result;
+    struct anom_profile *a_profile;
+    int result, i, k;
+    char **destArray;
+    int tmatched = 0;
+    int loglevel;
+    struct scoped_entry_anominfo *s_e_anominfo =
+        &aclpb->aclpb_scoped_entry_anominfo;
+
+    loglevel = slapi_is_loglevel_set(SLAPI_LOG_ACL) ? SLAPI_LOG_ACL : SLAPI_LOG_ACLSUMMARY;
+
+    /* WE are only interested for READ/SEARCH  */
+    if (!(access & (SLAPI_ACL_SEARCH | SLAPI_ACL_READ)))
+        return -1;
+
+    /* If we are here means, the client is doing a anonymous read/search */
+    if ((a_profile = acl_anom_profile) == NULL) {
+        return -1;
+    }
+
+    ANOM_LOCK_READ();
+    /* Check the signature first */
+    if (a_profile->anom_signature != acl_get_aclsignature()) {
+        /* Need to regenrate the signature.
+          * Need a WRITE lock to generate the anom profile  -
+          * which is obtained in acl__gen_anom_user_profile (). Since
+          * I don't have upgrade lock -- I have to do this way.
+          */
+        ANOM_UNLOCK_READ();
+        aclanom_gen_anomProfile(DO_TAKE_ACLCACHE_READLOCK);
+        aclanom_get_suffix_info(e, aclpb);
+        ANOM_LOCK_READ();
+    }
+
+    /* doing this early saves use a malloc/free/normalize cost */
+    if (!a_profile->anom_numacls) {
+        ANOM_UNLOCK_READ();
+        return -1;
+    }
+
+    result = LDAP_INSUFFICIENT_ACCESS;
+
+    for (k = 0; k < s_e_anominfo->anom_e_nummatched; k++) {
+        short matched = 0;
+        short j = 0;
+
+        i = s_e_anominfo->anom_e_targetInfo[k];
+
+        /* Check for right */
+        if (!(a_profile->anom_targetinfo[i].anom_access & access))
+            continue;
+
+        /*
+         * XXX rbyrne Don't really understand the role of this
+         * but not causing any obvious bugs...get back to it.
+        */
+        tmatched++;
+
+        if (attr == NULL) {
+            result = LDAP_SUCCESS;
+            break;
+        }
+
+        destArray = a_profile->anom_targetinfo[i].anom_targetAttrs;
+        while (destArray[j]) {
+            if (strcasecmp(destArray[j], "*") == 0 ||
+                slapi_attr_type_cmp(attr, destArray[j], 1) == 0) {
+                matched = 1;
+                break;
+            }
+            j++;
+        }
+
+        if (a_profile->anom_targetinfo[i].anom_type & ACI_TARGET_ATTR_NOT)
+            result = matched ? LDAP_INSUFFICIENT_ACCESS : LDAP_SUCCESS;
+        else
+            result = matched ? LDAP_SUCCESS : LDAP_INSUFFICIENT_ACCESS;
+
+        if (result == LDAP_SUCCESS)
+            break;
+    } /* for */
+
+    if (slapi_is_loglevel_set(loglevel)) {
+        char *ndn = NULL;
+        Slapi_Operation *op = NULL;
+        PRUint64 o_connid = 0xffffffffffffffff; /* no op */
+        int o_opid = -1;                        /* no op */
+
+        ndn = slapi_entry_get_ndn(e);
+        slapi_pblock_get(pb, SLAPI_OPERATION, &op);
+        if (op) {
+            o_connid = op->o_connid;
+            o_opid = op->o_opid;
+        }
+
+        if (result == LDAP_SUCCESS) {
+            const char *aci_ndn;
+            aci_ndn = slapi_sdn_get_ndn(acl_anom_profile->anom_targetinfo[i].anom_target);
+            if (access & SLAPI_ACL_MODDN) {
+                slapi_log_err(loglevel, plugin_name,
+                              "aclanom_match_profile - conn=%" PRIu64 " op=%d: Allow access on entry(%s).attr(%s) (from %s) to anonymous: acidn=\"%s\"\n",
+                              o_connid, o_opid,
+                              ndn,
+                              attr ? attr : "NULL",
+                              aclpb->aclpb_moddn_source_sdn ? slapi_sdn_get_dn(aclpb->aclpb_moddn_source_sdn) : "NULL",
+                              aci_ndn);
+
+            } else {
+                slapi_log_err(loglevel, plugin_name,
+                              "aclanom_match_profile - conn=%" PRIu64 " op=%d: Allow access on entry(%s).attr(%s) to anonymous: acidn=\"%s\"\n",
+                              o_connid, o_opid,
+                              ndn,
+                              attr ? attr : "NULL",
+                              aci_ndn);
+            }
+        } else {
+            if (access & SLAPI_ACL_MODDN) {
+                slapi_log_err(loglevel, plugin_name,
+                              "aclanom_match_profile - conn=%" PRIu64 " op=%d: Deny access on entry(%s).attr(%s) (from %s) to anonymous\n",
+                              o_connid, o_opid,
+                              ndn, attr ? attr : "NULL",
+                              aclpb->aclpb_moddn_source_sdn ? slapi_sdn_get_dn(aclpb->aclpb_moddn_source_sdn) : "NULL");
+            } else {
+                slapi_log_err(loglevel, plugin_name,
+                              "aclanom_match_profile - conn=%" PRIu64 " op=%d: Deny access on entry(%s).attr(%s) to anonymous\n",
+                              o_connid, o_opid,
+                              ndn, attr ? attr : "NULL");
+            }
+        }
+    }
+
+    ANOM_UNLOCK_READ();
+    if (tmatched == 0)
+        return -1;
+    else
+        return result;
 }
 
 int
-aclanom_is_client_anonymous ( Slapi_PBlock *pb )
+aclanom_is_client_anonymous(Slapi_PBlock *pb)
 {
-	char		*clientDn;
+    char *clientDn;
 
 
-	slapi_pblock_get ( pb, SLAPI_REQUESTOR_DN, &clientDn );
-	if (acl_anom_profile->anom_numacls  && 
-			acl_anom_profile->anom_signature  &&  
-			(( NULL == clientDn) || (clientDn && *clientDn == '\0')) )
-		return 1;
+    slapi_pblock_get(pb, SLAPI_REQUESTOR_DN, &clientDn);
+    if (acl_anom_profile->anom_numacls &&
+        acl_anom_profile->anom_signature &&
+        ((NULL == clientDn) || (clientDn && *clientDn == '\0')))
+        return 1;
 
-	return 0;
+    return 0;
 }
-

ldap/servers/plugins/acl/acleffectiverights.c

@@ -3,11 +3,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 
@@ -20,367 +20,339 @@
 /* capacity is the capacity of the gerstr, size is the current length */
 static void
 _append_gerstr(
-	char **gerstr,
-	size_t *capacity,
-	size_t *size,
-	const char *news,
-	const char *news2
-	)
+    char **gerstr,
+    size_t *capacity,
+    size_t *size,
+    const char *news,
+    const char *news2)
 {
-	size_t len;
-	size_t increment = 128;
-	size_t fornull;
-
-	if (!news) {
-		return;
-	}
-
-	/* find out how much space we need */
-	len = strlen(news);
-	fornull = 1;
-	if (news2) {
-		len += strlen(news2);
-		fornull++;
-	}
-
-	/* increase space if needed */
-	while ((*size + len + fornull) > *capacity) {
-		if ((len + fornull) > increment) {
-			*capacity += len + fornull; /* just go ahead and grow the string enough */
-		} else {
-			*capacity += increment; /* rather than having lots of small increments */
-		}
-	}
-
-	if (!*gerstr) {
-		*gerstr = slapi_ch_malloc(*capacity);
-		**gerstr = 0;
-	} else {
-		*gerstr = slapi_ch_realloc(*gerstr, *capacity);
-	}
-	strcat(*gerstr, news);
-	if (news2) {
-		strcat(*gerstr, news2);
-	}
-
-	*size += len;
-
-	return;
+    size_t len;
+    size_t increment = 128;
+    size_t fornull;
+
+    if (!news) {
+        return;
+    }
+
+    /* find out how much space we need */
+    len = strlen(news);
+    fornull = 1;
+    if (news2) {
+        len += strlen(news2);
+        fornull++;
+    }
+
+    /* increase space if needed */
+    while ((*size + len + fornull) > *capacity) {
+        if ((len + fornull) > increment) {
+            *capacity += len + fornull; /* just go ahead and grow the string enough */
+        } else {
+            *capacity += increment; /* rather than having lots of small increments */
+        }
+    }
+
+    if (!*gerstr) {
+        *gerstr = slapi_ch_malloc(*capacity);
+        **gerstr = 0;
+    } else {
+        *gerstr = slapi_ch_realloc(*gerstr, *capacity);
+    }
+    strcat(*gerstr, news);
+    if (news2) {
+        strcat(*gerstr, news2);
+    }
+
+    *size += len;
+
+    return;
 }
 
 static int
-_ger_g_permission_granted (
-	Slapi_PBlock *pb,
-	Slapi_Entry *e,
-	const char *subjectdn,
-	char **errbuf
-	)
+_ger_g_permission_granted(
+    Slapi_PBlock *pb,
+    Slapi_Entry *e,
+    const char *subjectdn,
+    char **errbuf)
 {
-	char *proxydn = NULL;
-	Slapi_DN *requestor_sdn, *entry_sdn;
-	char *errtext = NULL;
-	int isroot;
-	int rc;
-
-	/*
-	 * Theorically, we should check if the entry has "g"
-	 * permission granted to the requestor. If granted,
-	 * allows the effective rights on that entry and its
-	 * attributes within the entry to be returned for
-	 * ANY subject.
-	 *
-	 * "G" permission granting has not been implemented yet,
-	 * the current release assumes that "g" permission be 
-	 * granted to root and owner of any entry.
-	 */
-
-	/*
-	 * The requestor may be either the bind dn or a proxy dn
-	 */
-	if ((proxyauth_get_dn( pb, &proxydn, &errtext ) == LDAP_SUCCESS) && ( proxydn != NULL ))
-	{
-		requestor_sdn = slapi_sdn_new_dn_passin ( proxydn );
-	}
-	else
-	{
-		slapi_ch_free_string(&proxydn); /* this could still have been set - free it */
-		Operation   *pb_op;
-		slapi_pblock_get(pb, SLAPI_OPERATION, &pb_op);
-		requestor_sdn = &(pb_op->o_sdn);
-	}
-	if ( slapi_sdn_get_dn (requestor_sdn) == NULL )
-	{
-		slapi_log_err(SLAPI_LOG_ACL, plugin_name,
-				"_ger_g_permission_granted - Anonymous has no g permission\n" );
-		rc = LDAP_INSUFFICIENT_ACCESS;
-		goto bailout;
-	}
-	isroot = slapi_dn_isroot ( slapi_sdn_get_dn (requestor_sdn) );
-	if ( isroot )
-	{
-		/* Root has "g" permission on any entry */
-		rc = LDAP_SUCCESS;
-		goto bailout;
-	}
-
-	entry_sdn = slapi_entry_get_sdn ( e );
-	if ( entry_sdn == NULL || slapi_sdn_get_dn (entry_sdn) == NULL )
-	{
-		rc = LDAP_SUCCESS;
-		goto bailout;
-	}
-
-	if ( slapi_sdn_compare ( requestor_sdn, entry_sdn ) == 0 )
-	{
-		/* Owner has "g" permission on his own entry */
-		rc = LDAP_SUCCESS;
-		goto bailout;
-	}
-
-	/* if the requestor and the subject user are identical, let's grant it */
-	if ( strcasecmp ( slapi_sdn_get_ndn(requestor_sdn), subjectdn ) == 0)
-	{
-		/* Requestor should see his own permission rights on any entry */
-		rc = LDAP_SUCCESS;
-		goto bailout;
-	}
-
-	aclutil_str_append ( errbuf, "get-effective-rights: requestor has no g permission on the entry" );
-	slapi_log_err(SLAPI_LOG_ACL, plugin_name,
-				"_ger_g_permission_granted - %s\n", *errbuf);
-	rc = LDAP_INSUFFICIENT_ACCESS;
+    char *proxydn = NULL;
+    Slapi_DN *requestor_sdn, *entry_sdn;
+    char *errtext = NULL;
+    int isroot;
+    int rc;
+
+    /*
+     * Theorically, we should check if the entry has "g"
+     * permission granted to the requestor. If granted,
+     * allows the effective rights on that entry and its
+     * attributes within the entry to be returned for
+     * ANY subject.
+     *
+     * "G" permission granting has not been implemented yet,
+     * the current release assumes that "g" permission be
+     * granted to root and owner of any entry.
+     */
+
+    /*
+     * The requestor may be either the bind dn or a proxy dn
+     */
+    if ((proxyauth_get_dn(pb, &proxydn, &errtext) == LDAP_SUCCESS) && (proxydn != NULL)) {
+        requestor_sdn = slapi_sdn_new_dn_passin(proxydn);
+    } else {
+        slapi_ch_free_string(&proxydn); /* this could still have been set - free it */
+        Operation *pb_op;
+        slapi_pblock_get(pb, SLAPI_OPERATION, &pb_op);
+        requestor_sdn = &(pb_op->o_sdn);
+    }
+    if (slapi_sdn_get_dn(requestor_sdn) == NULL) {
+        slapi_log_err(SLAPI_LOG_ACL, plugin_name,
+                      "_ger_g_permission_granted - Anonymous has no g permission\n");
+        rc = LDAP_INSUFFICIENT_ACCESS;
+        goto bailout;
+    }
+    isroot = slapi_dn_isroot(slapi_sdn_get_dn(requestor_sdn));
+    if (isroot) {
+        /* Root has "g" permission on any entry */
+        rc = LDAP_SUCCESS;
+        goto bailout;
+    }
+
+    entry_sdn = slapi_entry_get_sdn(e);
+    if (entry_sdn == NULL || slapi_sdn_get_dn(entry_sdn) == NULL) {
+        rc = LDAP_SUCCESS;
+        goto bailout;
+    }
+
+    if (slapi_sdn_compare(requestor_sdn, entry_sdn) == 0) {
+        /* Owner has "g" permission on his own entry */
+        rc = LDAP_SUCCESS;
+        goto bailout;
+    }
+
+    /* if the requestor and the subject user are identical, let's grant it */
+    if (strcasecmp(slapi_sdn_get_ndn(requestor_sdn), subjectdn) == 0) {
+        /* Requestor should see his own permission rights on any entry */
+        rc = LDAP_SUCCESS;
+        goto bailout;
+    }
+
+    aclutil_str_append(errbuf, "get-effective-rights: requestor has no g permission on the entry");
+    slapi_log_err(SLAPI_LOG_ACL, plugin_name,
+                  "_ger_g_permission_granted - %s\n", *errbuf);
+    rc = LDAP_INSUFFICIENT_ACCESS;
 
 bailout:
-	if ( proxydn )
-	{
-		/* The ownership of proxydn has passed to requestor_sdn */ 
-		slapi_sdn_free ( &requestor_sdn );
-	}
-	return rc;
+    if (proxydn) {
+        /* The ownership of proxydn has passed to requestor_sdn */
+        slapi_sdn_free(&requestor_sdn);
+    }
+    return rc;
 }
 
 static int
-_ger_parse_control (
-	Slapi_PBlock *pb,
-	char **subjectndn,
-	int *iscritical,
-	char **errbuf
-	)
+_ger_parse_control(
+    Slapi_PBlock *pb,
+    char **subjectndn,
+    int *iscritical,
+    char **errbuf)
 {
-	LDAPControl **requestcontrols;
-	struct berval *subjectber;
-	BerElement *ber;
-	size_t subjectndnlen = 0;
-	char *orig = NULL;
-	char *normed = NULL;
-
-	if (NULL == subjectndn)
-	{
-		return LDAP_OPERATIONS_ERROR;
-	}
-
-	*subjectndn = NULL;
-
-	/*
-	 * Get the control
-	 */
-	slapi_pblock_get ( pb, SLAPI_REQCONTROLS, (void *) &requestcontrols );
-	slapi_control_present ( requestcontrols,
-							LDAP_CONTROL_GET_EFFECTIVE_RIGHTS,
-							&subjectber,
-							iscritical );
-	if ( subjectber == NULL || subjectber->bv_val == NULL ||
-		 subjectber->bv_len == 0 )
-	{
-		aclutil_str_append ( errbuf, "get-effective-rights: missing subject" );
-		slapi_log_err(SLAPI_LOG_ERR, plugin_name, "_ger_parse_control - %s\n", *errbuf );
-                if (iscritical)
-                    return LDAP_UNAVAILABLE_CRITICAL_EXTENSION; /* RFC 4511 4.1.11 */
-                else
-                    return LDAP_INVALID_SYNTAX;
-	}
-
-	if ( strncasecmp ( "dn:", subjectber->bv_val, 3 ) == 0 )
-	{
-		/*
-		 * This is a non-standard support to allow the subject being a plain
-		 * or base64 encoding string. Hence users using -J option in
-		 * ldapsearch don't have to do BER encoding for the subject.
-		 */
-		orig = slapi_ch_malloc ( subjectber->bv_len + 1 );
-		strncpy ( orig, subjectber->bv_val, subjectber->bv_len );
-		*(orig + subjectber->bv_len) = '\0';
-	}
-	else
-	{
-		ber = ber_init (subjectber);
-		if ( ber == NULL )
-		{
-			aclutil_str_append ( errbuf, "get-effective-rights: ber_init failed for the subject" );
-			slapi_log_err(SLAPI_LOG_ERR, plugin_name, "_ger_parse_control - %s\n", *errbuf );
-                        if (iscritical)
-                            return LDAP_UNAVAILABLE_CRITICAL_EXTENSION; /* RFC 4511 4.1.11 */
-                        else
-                            return LDAP_OPERATIONS_ERROR;
-		}
-		/* "a" means to allocate storage as needed for octet string */
-		if ( ber_scanf (ber, "a", &orig) == LBER_ERROR )
-		{
-			aclutil_str_append ( errbuf, "get-effective-rights: invalid ber tag in the subject" );
-			slapi_log_err(SLAPI_LOG_ERR, plugin_name, "_ger_parse_control - %s\n", *errbuf );
-			ber_free ( ber, 1 );
-                        if (iscritical)
-                            return LDAP_UNAVAILABLE_CRITICAL_EXTENSION; /* RFC 4511 4.1.11 */
-                        else
-                            return LDAP_INVALID_SYNTAX;
-		}
-		ber_free ( ber, 1 );
-	}
-
-	/*
-	 * The current implementation limits the subject to authorization ID
-	 * (see section 9 of RFC 2829) only. It also only supports the "dnAuthzId"
-	 * flavor, which looks like "dn:<DN>" where null <DN> is for anonymous.
-	 */
-	subjectndnlen = orig ? strlen(orig) : 0;
-	if ( NULL == orig || subjectndnlen < 3 || strncasecmp ( "dn:", orig, 3 ) != 0 )
-	{
-		aclutil_str_append ( errbuf, "get-effective-rights: subject is not dnAuthzId" );
-		slapi_log_err(SLAPI_LOG_ERR, plugin_name, "_ger_parse_control - %s\n", *errbuf );
-		slapi_ch_free_string(&orig);
-                if (iscritical)
-                    return LDAP_UNAVAILABLE_CRITICAL_EXTENSION; /* RFC 4511 4.1.11 */
-                else
-                    return LDAP_INVALID_SYNTAX;
-	}
-
-	/* memmove is safe for overlapping copy */
-	normed = slapi_create_dn_string("%s", orig + 3);
-	if (NULL == normed) {
-		aclutil_str_append (errbuf, "get-effective-rights: failed to normalize dn: ");
-		aclutil_str_append (errbuf, orig);
-		slapi_log_err(SLAPI_LOG_ERR, plugin_name, "_ger_parse_control - %s\n", *errbuf);
-		slapi_ch_free_string(&orig);
-                if (iscritical)
-                    return LDAP_UNAVAILABLE_CRITICAL_EXTENSION;  /* RFC 4511 4.1.11 */
-                else
-                    return LDAP_INVALID_SYNTAX;
-	}
-	slapi_ch_free_string(&orig);
-	*subjectndn = normed;
-	slapi_dn_ignore_case(*subjectndn);
-	return LDAP_SUCCESS;
+    LDAPControl **requestcontrols;
+    struct berval *subjectber;
+    BerElement *ber;
+    size_t subjectndnlen = 0;
+    char *orig = NULL;
+    char *normed = NULL;
+
+    if (NULL == subjectndn) {
+        return LDAP_OPERATIONS_ERROR;
+    }
+
+    *subjectndn = NULL;
+
+    /*
+     * Get the control
+     */
+    slapi_pblock_get(pb, SLAPI_REQCONTROLS, (void *)&requestcontrols);
+    slapi_control_present(requestcontrols,
+                          LDAP_CONTROL_GET_EFFECTIVE_RIGHTS,
+                          &subjectber,
+                          iscritical);
+    if (subjectber == NULL || subjectber->bv_val == NULL ||
+        subjectber->bv_len == 0) {
+        aclutil_str_append(errbuf, "get-effective-rights: missing subject");
+        slapi_log_err(SLAPI_LOG_ERR, plugin_name, "_ger_parse_control - %s\n", *errbuf);
+        if (iscritical)
+            return LDAP_UNAVAILABLE_CRITICAL_EXTENSION; /* RFC 4511 4.1.11 */
+        else
+            return LDAP_INVALID_SYNTAX;
+    }
+
+    if (strncasecmp("dn:", subjectber->bv_val, 3) == 0) {
+        /*
+         * This is a non-standard support to allow the subject being a plain
+         * or base64 encoding string. Hence users using -J option in
+         * ldapsearch don't have to do BER encoding for the subject.
+         */
+        orig = slapi_ch_malloc(subjectber->bv_len + 1);
+        strncpy(orig, subjectber->bv_val, subjectber->bv_len);
+        *(orig + subjectber->bv_len) = '\0';
+    } else {
+        ber = ber_init(subjectber);
+        if (ber == NULL) {
+            aclutil_str_append(errbuf, "get-effective-rights: ber_init failed for the subject");
+            slapi_log_err(SLAPI_LOG_ERR, plugin_name, "_ger_parse_control - %s\n", *errbuf);
+            if (iscritical)
+                return LDAP_UNAVAILABLE_CRITICAL_EXTENSION; /* RFC 4511 4.1.11 */
+            else
+                return LDAP_OPERATIONS_ERROR;
+        }
+        /* "a" means to allocate storage as needed for octet string */
+        if (ber_scanf(ber, "a", &orig) == LBER_ERROR) {
+            aclutil_str_append(errbuf, "get-effective-rights: invalid ber tag in the subject");
+            slapi_log_err(SLAPI_LOG_ERR, plugin_name, "_ger_parse_control - %s\n", *errbuf);
+            ber_free(ber, 1);
+            if (iscritical)
+                return LDAP_UNAVAILABLE_CRITICAL_EXTENSION; /* RFC 4511 4.1.11 */
+            else
+                return LDAP_INVALID_SYNTAX;
+        }
+        ber_free(ber, 1);
+    }
+
+    /*
+     * The current implementation limits the subject to authorization ID
+     * (see section 9 of RFC 2829) only. It also only supports the "dnAuthzId"
+     * flavor, which looks like "dn:<DN>" where null <DN> is for anonymous.
+     */
+    subjectndnlen = orig ? strlen(orig) : 0;
+    if (NULL == orig || subjectndnlen < 3 || strncasecmp("dn:", orig, 3) != 0) {
+        aclutil_str_append(errbuf, "get-effective-rights: subject is not dnAuthzId");
+        slapi_log_err(SLAPI_LOG_ERR, plugin_name, "_ger_parse_control - %s\n", *errbuf);
+        slapi_ch_free_string(&orig);
+        if (iscritical)
+            return LDAP_UNAVAILABLE_CRITICAL_EXTENSION; /* RFC 4511 4.1.11 */
+        else
+            return LDAP_INVALID_SYNTAX;
+    }
+
+    /* memmove is safe for overlapping copy */
+    normed = slapi_create_dn_string("%s", orig + 3);
+    if (NULL == normed) {
+        aclutil_str_append(errbuf, "get-effective-rights: failed to normalize dn: ");
+        aclutil_str_append(errbuf, orig);
+        slapi_log_err(SLAPI_LOG_ERR, plugin_name, "_ger_parse_control - %s\n", *errbuf);
+        slapi_ch_free_string(&orig);
+        if (iscritical)
+            return LDAP_UNAVAILABLE_CRITICAL_EXTENSION; /* RFC 4511 4.1.11 */
+        else
+            return LDAP_INVALID_SYNTAX;
+    }
+    slapi_ch_free_string(&orig);
+    *subjectndn = normed;
+    slapi_dn_ignore_case(*subjectndn);
+    return LDAP_SUCCESS;
 }
 
 static void
-_ger_release_gerpb (
-	Slapi_PBlock **gerpb,
-	void		 **aclcb,	/* original aclcb */
-	Slapi_PBlock *pb		/* original pb */
-	)
+_ger_release_gerpb(
+    Slapi_PBlock **gerpb,
+    void **aclcb,    /* original aclcb */
+    Slapi_PBlock *pb /* original pb */
+    )
 {
-	if ( *gerpb )
-	{
-		slapi_pblock_destroy ( *gerpb );
-		*gerpb = NULL;
-	}
-
-	/* Put the original aclcb back to pb */
-	if ( *aclcb )
-	{
-		Connection *conn = NULL;
-		slapi_pblock_get ( pb, SLAPI_CONNECTION, &conn );
-		if (conn)
-		{
-			struct aclcb *geraclcb;
-			geraclcb = (struct aclcb *) acl_get_ext ( ACL_EXT_CONNECTION, conn );
-			acl_conn_ext_destructor ( geraclcb, NULL, NULL );
-			acl_set_ext ( ACL_EXT_CONNECTION, conn, *aclcb );
-			*aclcb = NULL;
-		}
-	}
+    if (*gerpb) {
+        slapi_pblock_destroy(*gerpb);
+        *gerpb = NULL;
+    }
+
+    /* Put the original aclcb back to pb */
+    if (*aclcb) {
+        Connection *conn = NULL;
+        slapi_pblock_get(pb, SLAPI_CONNECTION, &conn);
+        if (conn) {
+            struct aclcb *geraclcb;
+            geraclcb = (struct aclcb *)acl_get_ext(ACL_EXT_CONNECTION, conn);
+            acl_conn_ext_destructor(geraclcb, NULL, NULL);
+            acl_set_ext(ACL_EXT_CONNECTION, conn, *aclcb);
+            *aclcb = NULL;
+        }
+    }
 }
 
 static int
-_ger_new_gerpb (
-	Slapi_PBlock    *pb,
-	Slapi_Entry	    *e __attribute__((unused)),
-	const char 		*subjectndn,
-	Slapi_PBlock	**gerpb,
-	void			**aclcb,	/* original aclcb */
-	char			**errbuf __attribute__((unused))
-	)
+_ger_new_gerpb(
+    Slapi_PBlock *pb,
+    Slapi_Entry *e __attribute__((unused)),
+    const char *subjectndn,
+    Slapi_PBlock **gerpb,
+    void **aclcb, /* original aclcb */
+    char **errbuf __attribute__((unused)))
 {
-	Connection *conn;
-	struct acl_cblock *geraclcb;
-	Acl_PBlock *geraclpb;
-	Operation *gerop;
-	int rc = LDAP_SUCCESS;
-
-	*aclcb = NULL;
-	*gerpb = slapi_pblock_new ();
-	if ( *gerpb == NULL )
-	{
-		rc = LDAP_NO_MEMORY;
-		goto bailout;
-	}
-
-	{
-		/* aclpb initialization needs the backend */
-		Slapi_Backend *be;
-		slapi_pblock_get ( pb, SLAPI_BACKEND, &be );
-		slapi_pblock_set ( *gerpb, SLAPI_BACKEND, be );
-	}
-
-	{
-		int isroot = slapi_dn_isroot ( subjectndn );
-		slapi_pblock_set ( *gerpb, SLAPI_REQUESTOR_ISROOT, &isroot );
-	}
-
-	/* Save requestor's aclcb and set subjectdn's one */
-	{
-		slapi_pblock_get ( pb, SLAPI_CONNECTION, &conn );
-		slapi_pblock_set ( *gerpb, SLAPI_CONNECTION, conn );
-
-		/* Can't share the conn->aclcb because of different context */
-		geraclcb = (struct acl_cblock *) acl_conn_ext_constructor ( NULL, NULL);
-		if ( geraclcb == NULL )
-		{
-			rc = LDAP_NO_MEMORY;
-			goto bailout;
-		}
-		slapi_sdn_set_ndn_byval ( geraclcb->aclcb_sdn, subjectndn );
-		*aclcb = acl_get_ext ( ACL_EXT_CONNECTION, conn );
-		acl_set_ext ( ACL_EXT_CONNECTION, conn, (void *) geraclcb );
-	}
-
-	{
-		gerop = operation_new ( OP_FLAG_INTERNAL );
-		if ( gerop == NULL )
-		{
-			rc = LDAP_NO_MEMORY;
-			goto bailout;
-		}
-		/*
-		 * conn is a no-use parameter in the functions
-		 * chained down from factory_create_extension
-		 */
-		gerop->o_extension = factory_create_extension ( get_operation_object_type(), (void *)gerop, (void *)conn );
-		slapi_pblock_set ( *gerpb, SLAPI_OPERATION, gerop );
-		slapi_sdn_set_ndn_byval ( &gerop->o_sdn, subjectndn );
-		geraclpb = acl_get_ext ( ACL_EXT_OPERATION, (void *)gerop);
-		acl_init_aclpb ( *gerpb, geraclpb, subjectndn, 0 );
-		geraclpb->aclpb_res_type |= ACLPB_EFFECTIVE_RIGHTS;
-	}
+    Connection *conn;
+    struct acl_cblock *geraclcb;
+    Acl_PBlock *geraclpb;
+    Operation *gerop;
+    int rc = LDAP_SUCCESS;
+
+    *aclcb = NULL;
+    *gerpb = slapi_pblock_new();
+    if (*gerpb == NULL) {
+        rc = LDAP_NO_MEMORY;
+        goto bailout;
+    }
+
+    {
+        /* aclpb initialization needs the backend */
+        Slapi_Backend *be;
+        slapi_pblock_get(pb, SLAPI_BACKEND, &be);
+        slapi_pblock_set(*gerpb, SLAPI_BACKEND, be);
+    }
+
+    {
+        int isroot = slapi_dn_isroot(subjectndn);
+        slapi_pblock_set(*gerpb, SLAPI_REQUESTOR_ISROOT, &isroot);
+    }
+
+    /* Save requestor's aclcb and set subjectdn's one */
+    {
+        slapi_pblock_get(pb, SLAPI_CONNECTION, &conn);
+        slapi_pblock_set(*gerpb, SLAPI_CONNECTION, conn);
+
+        /* Can't share the conn->aclcb because of different context */
+        geraclcb = (struct acl_cblock *)acl_conn_ext_constructor(NULL, NULL);
+        if (geraclcb == NULL) {
+            rc = LDAP_NO_MEMORY;
+            goto bailout;
+        }
+        slapi_sdn_set_ndn_byval(geraclcb->aclcb_sdn, subjectndn);
+        *aclcb = acl_get_ext(ACL_EXT_CONNECTION, conn);
+        acl_set_ext(ACL_EXT_CONNECTION, conn, (void *)geraclcb);
+    }
+
+    {
+        gerop = operation_new(OP_FLAG_INTERNAL);
+        if (gerop == NULL) {
+            rc = LDAP_NO_MEMORY;
+            goto bailout;
+        }
+        /*
+         * conn is a no-use parameter in the functions
+         * chained down from factory_create_extension
+         */
+        gerop->o_extension = factory_create_extension(get_operation_object_type(), (void *)gerop, (void *)conn);
+        slapi_pblock_set(*gerpb, SLAPI_OPERATION, gerop);
+        slapi_sdn_set_ndn_byval(&gerop->o_sdn, subjectndn);
+        geraclpb = acl_get_ext(ACL_EXT_OPERATION, (void *)gerop);
+        acl_init_aclpb(*gerpb, geraclpb, subjectndn, 0);
+        geraclpb->aclpb_res_type |= ACLPB_EFFECTIVE_RIGHTS;
+    }
 
 
 bailout:
-	if ( rc != LDAP_SUCCESS )
-	{
-		_ger_release_gerpb ( gerpb, aclcb, pb );
-	}
+    if (rc != LDAP_SUCCESS) {
+        _ger_release_gerpb(gerpb, aclcb, pb);
+    }
 
-	return rc;
+    return rc;
 }
 
 /*
@@ -388,57 +360,53 @@ bailout:
  * "entryLevelRights: adnvxxx\n".
  */
 unsigned long
-_ger_get_entry_rights (
-	Slapi_PBlock *gerpb,
-	Slapi_Entry *e,
-	const char *subjectndn __attribute__((unused)),
-	char **gerstr,
-	size_t *gerstrsize,
-	size_t *gerstrcap,
-	char **errbuf __attribute__((unused))
-	)
+_ger_get_entry_rights(
+    Slapi_PBlock *gerpb,
+    Slapi_Entry *e,
+    const char *subjectndn __attribute__((unused)),
+    char **gerstr,
+    size_t *gerstrsize,
+    size_t *gerstrcap,
+    char **errbuf __attribute__((unused)))
 {
-	unsigned long entryrights = 0;
-	Slapi_RDN *rdn = NULL;
-	char *rdntype = NULL;
-	char *rdnvalue = NULL;
-
-	_append_gerstr(gerstr, gerstrsize, gerstrcap, "entryLevelRights: ", NULL);
-
-	slapi_log_err(SLAPI_LOG_ACL, plugin_name,
-		"_ger_get_entry_rights - SLAPI_ACL_READ\n" );
-	if (acl_access_allowed(gerpb, e, "*", NULL, SLAPI_ACL_READ) == LDAP_SUCCESS)
-	{
-		/* v - view e */
-		entryrights |= SLAPI_ACL_READ;
-		_append_gerstr(gerstr, gerstrsize, gerstrcap, "v", NULL);
-	}
-	slapi_log_err(SLAPI_LOG_ACL, plugin_name,
-		"_ger_get_entry_rights - SLAPI_ACL_ADD\n" );
-	if (acl_access_allowed(gerpb, e, NULL, NULL, SLAPI_ACL_ADD) == LDAP_SUCCESS)
-	{
-		/* a - add child entry below e */
-		entryrights |= SLAPI_ACL_ADD;
-		_append_gerstr(gerstr, gerstrsize, gerstrcap, "a", NULL);
-	}
-	slapi_log_err(SLAPI_LOG_ACL, plugin_name,
-		"_ger_get_entry_rights - SLAPI_ACL_DELETE\n" );
-	if (acl_access_allowed(gerpb, e, NULL, NULL, SLAPI_ACL_DELETE) == LDAP_SUCCESS)
-	{
-		/* d - delete e */
-		entryrights |= SLAPI_ACL_DELETE;
-		_append_gerstr(gerstr, gerstrsize, gerstrcap, "d", NULL);
-	}
-    
+    unsigned long entryrights = 0;
+    Slapi_RDN *rdn = NULL;
+    char *rdntype = NULL;
+    char *rdnvalue = NULL;
+
+    _append_gerstr(gerstr, gerstrsize, gerstrcap, "entryLevelRights: ", NULL);
+
+    slapi_log_err(SLAPI_LOG_ACL, plugin_name,
+                  "_ger_get_entry_rights - SLAPI_ACL_READ\n");
+    if (acl_access_allowed(gerpb, e, "*", NULL, SLAPI_ACL_READ) == LDAP_SUCCESS) {
+        /* v - view e */
+        entryrights |= SLAPI_ACL_READ;
+        _append_gerstr(gerstr, gerstrsize, gerstrcap, "v", NULL);
+    }
+    slapi_log_err(SLAPI_LOG_ACL, plugin_name,
+                  "_ger_get_entry_rights - SLAPI_ACL_ADD\n");
+    if (acl_access_allowed(gerpb, e, NULL, NULL, SLAPI_ACL_ADD) == LDAP_SUCCESS) {
+        /* a - add child entry below e */
+        entryrights |= SLAPI_ACL_ADD;
+        _append_gerstr(gerstr, gerstrsize, gerstrcap, "a", NULL);
+    }
+    slapi_log_err(SLAPI_LOG_ACL, plugin_name,
+                  "_ger_get_entry_rights - SLAPI_ACL_DELETE\n");
+    if (acl_access_allowed(gerpb, e, NULL, NULL, SLAPI_ACL_DELETE) == LDAP_SUCCESS) {
+        /* d - delete e */
+        entryrights |= SLAPI_ACL_DELETE;
+        _append_gerstr(gerstr, gerstrsize, gerstrcap, "d", NULL);
+    }
+
     if (config_get_moddn_aci()) {
         /* The server enforces the new MODDN aci right.
          * So the status 'n' is set if this right is granted.
-         * Opposed to the legacy mode where this flag is set if 
+         * Opposed to the legacy mode where this flag is set if
          * WRITE was granted on rdn attrbibute
          */
         if (acl_access_allowed(gerpb, e, NULL, NULL, SLAPI_ACL_MODDN) == LDAP_SUCCESS) {
             slapi_log_err(SLAPI_LOG_ACL, plugin_name,
-                    "_ger_get_entry_rights - SLAPI_ACL_MODDN %s\n", slapi_entry_get_ndn(e));
+                          "_ger_get_entry_rights - SLAPI_ACL_MODDN %s\n", slapi_entry_get_ndn(e));
             /* n - rename e */
             entryrights |= SLAPI_ACL_MODDN;
             _append_gerstr(gerstr, gerstrsize, gerstrcap, "n", NULL);
@@ -456,11 +424,11 @@ _ger_get_entry_rights (
         slapi_rdn_get_first(rdn, &rdntype, &rdnvalue);
         if (NULL != rdntype) {
             slapi_log_err(SLAPI_LOG_ACL, plugin_name,
-                    "_ger_get_entry_rights - SLAPI_ACL_WRITE_DEL & _ADD %s\n", rdntype);
+                          "_ger_get_entry_rights - SLAPI_ACL_WRITE_DEL & _ADD %s\n", rdntype);
             if (acl_access_allowed(gerpb, e, rdntype, NULL,
-                    ACLPB_SLAPI_ACL_WRITE_DEL) == LDAP_SUCCESS &&
-                    acl_access_allowed(gerpb, e, rdntype, NULL,
-                    ACLPB_SLAPI_ACL_WRITE_ADD) == LDAP_SUCCESS) {
+                                   ACLPB_SLAPI_ACL_WRITE_DEL) == LDAP_SUCCESS &&
+                acl_access_allowed(gerpb, e, rdntype, NULL,
+                                   ACLPB_SLAPI_ACL_WRITE_ADD) == LDAP_SUCCESS) {
                 /* n - rename e */
                 entryrights |= SLAPI_ACL_WRITE;
                 _append_gerstr(gerstr, gerstrsize, gerstrcap, "n", NULL);
@@ -468,14 +436,13 @@ _ger_get_entry_rights (
         }
         slapi_rdn_free(&rdn);
     }
-	if ( entryrights == 0 )
-	{
-		_append_gerstr(gerstr, gerstrsize, gerstrcap, "none", NULL);
-	}
+    if (entryrights == 0) {
+        _append_gerstr(gerstr, gerstrsize, gerstrcap, "none", NULL);
+    }
 
-	_append_gerstr(gerstr, gerstrsize, gerstrcap, "\n", NULL);
+    _append_gerstr(gerstr, gerstrsize, gerstrcap, "\n", NULL);
 
-	return entryrights;
+    return entryrights;
 }
 
 /*
@@ -483,640 +450,558 @@ _ger_get_entry_rights (
  * to expand dynamically.
  */
 unsigned long
-_ger_get_attr_rights (
-	Slapi_PBlock *gerpb,
-	Slapi_Entry *e,
-	const char *subjectndn,
-	char *type,
-	char **gerstr,
-	size_t *gerstrsize,
-	size_t *gerstrcap,
-	int isfirstattr,
-	char **errbuf
-	)
+_ger_get_attr_rights(
+    Slapi_PBlock *gerpb,
+    Slapi_Entry *e,
+    const char *subjectndn,
+    char *type,
+    char **gerstr,
+    size_t *gerstrsize,
+    size_t *gerstrcap,
+    int isfirstattr,
+    char **errbuf)
 {
-	unsigned long attrrights = 0;
-
-	if (!isfirstattr)
-	{
-		_append_gerstr(gerstr, gerstrsize, gerstrcap, ", ", NULL);
-	}
-	_append_gerstr(gerstr, gerstrsize, gerstrcap, type, ":");
-
-	slapi_log_err(SLAPI_LOG_ACL, plugin_name,
-		"_ger_get_attr_rights - SLAPI_ACL_READ %s\n", type );
-	if (acl_access_allowed(gerpb, e, type, NULL, SLAPI_ACL_READ) == LDAP_SUCCESS)
-	{
-		/* r - read the values of type */
-		attrrights |= SLAPI_ACL_READ;
-		_append_gerstr(gerstr, gerstrsize, gerstrcap, "r", NULL);
-	}
-	slapi_log_err(SLAPI_LOG_ACL, plugin_name,
-		"_ger_get_attr_rights -  SLAPI_ACL_SEARCH %s\n", type );
-	if (acl_access_allowed(gerpb, e, type, NULL, SLAPI_ACL_SEARCH) == LDAP_SUCCESS)
-	{
-		/* s - search the values of type */
-		attrrights |= SLAPI_ACL_SEARCH;
-		_append_gerstr(gerstr, gerstrsize, gerstrcap, "s", NULL);
-	}
-	slapi_log_err(SLAPI_LOG_ACL, plugin_name,
-		"_ger_get_attr_rights - SLAPI_ACL_COMPARE %s\n", type );
-	if (acl_access_allowed(gerpb, e, type, NULL, SLAPI_ACL_COMPARE) == LDAP_SUCCESS)
-	{
-		/* c - compare the values of type */
-		attrrights |= SLAPI_ACL_COMPARE;
-		_append_gerstr(gerstr, gerstrsize, gerstrcap, "c", NULL);
-	}
-	slapi_log_err(SLAPI_LOG_ACL, plugin_name,
-		"_ger_get_attr_rights - SLAPI_ACL_WRITE_ADD %s\n", type );
-	if (acl_access_allowed(gerpb, e, type, NULL, ACLPB_SLAPI_ACL_WRITE_ADD) == LDAP_SUCCESS)
-	{
-		/* w - add the values of type */
-		attrrights |= ACLPB_SLAPI_ACL_WRITE_ADD;
-		_append_gerstr(gerstr, gerstrsize, gerstrcap, "w", NULL);
-	}
-	slapi_log_err(SLAPI_LOG_ACL, plugin_name,
-		"_ger_get_attr_rights - SLAPI_ACL_WRITE_DEL %s\n", type );
-	if (acl_access_allowed(gerpb, e, type, NULL, ACLPB_SLAPI_ACL_WRITE_DEL) == LDAP_SUCCESS)
-	{
-		/* o - delete the values of type */
-		attrrights |= ACLPB_SLAPI_ACL_WRITE_DEL;
-		_append_gerstr(gerstr, gerstrsize, gerstrcap, "o", NULL);
-	}
-	/* If subjectdn has no general write right, check for self write */
-	if ( 0 == (attrrights & (ACLPB_SLAPI_ACL_WRITE_DEL | ACLPB_SLAPI_ACL_WRITE_ADD)) )
-	{
-		struct berval val;
-
-		val.bv_val = (char *)subjectndn;
-		val.bv_len = strlen (subjectndn);
-
-		if (acl_access_allowed(gerpb, e, type, &val, ACLPB_SLAPI_ACL_WRITE_ADD) == LDAP_SUCCESS)
-		{
-			/* W - add self to the attribute */
-			attrrights |= ACLPB_SLAPI_ACL_WRITE_ADD;
-			_append_gerstr(gerstr, gerstrsize, gerstrcap, "W", NULL);
-		}
-		if (acl_access_allowed(gerpb, e, type, &val, ACLPB_SLAPI_ACL_WRITE_DEL) == LDAP_SUCCESS)
-		{
-			/* O - delete self from the attribute */
-			attrrights |= ACLPB_SLAPI_ACL_WRITE_DEL;
-			_append_gerstr(gerstr, gerstrsize, gerstrcap, "O", NULL);
-		}
-	}
-
-	if ( attrrights == 0 )
-	{
-		_append_gerstr(gerstr, gerstrsize, gerstrcap, "none", NULL);
-	}
-
-	return attrrights;
+    unsigned long attrrights = 0;
+
+    if (!isfirstattr) {
+        _append_gerstr(gerstr, gerstrsize, gerstrcap, ", ", NULL);
+    }
+    _append_gerstr(gerstr, gerstrsize, gerstrcap, type, ":");
+
+    slapi_log_err(SLAPI_LOG_ACL, plugin_name,
+                  "_ger_get_attr_rights - SLAPI_ACL_READ %s\n", type);
+    if (acl_access_allowed(gerpb, e, type, NULL, SLAPI_ACL_READ) == LDAP_SUCCESS) {
+        /* r - read the values of type */
+        attrrights |= SLAPI_ACL_READ;
+        _append_gerstr(gerstr, gerstrsize, gerstrcap, "r", NULL);
+    }
+    slapi_log_err(SLAPI_LOG_ACL, plugin_name,
+                  "_ger_get_attr_rights -  SLAPI_ACL_SEARCH %s\n", type);
+    if (acl_access_allowed(gerpb, e, type, NULL, SLAPI_ACL_SEARCH) == LDAP_SUCCESS) {
+        /* s - search the values of type */
+        attrrights |= SLAPI_ACL_SEARCH;
+        _append_gerstr(gerstr, gerstrsize, gerstrcap, "s", NULL);
+    }
+    slapi_log_err(SLAPI_LOG_ACL, plugin_name,
+                  "_ger_get_attr_rights - SLAPI_ACL_COMPARE %s\n", type);
+    if (acl_access_allowed(gerpb, e, type, NULL, SLAPI_ACL_COMPARE) == LDAP_SUCCESS) {
+        /* c - compare the values of type */
+        attrrights |= SLAPI_ACL_COMPARE;
+        _append_gerstr(gerstr, gerstrsize, gerstrcap, "c", NULL);
+    }
+    slapi_log_err(SLAPI_LOG_ACL, plugin_name,
+                  "_ger_get_attr_rights - SLAPI_ACL_WRITE_ADD %s\n", type);
+    if (acl_access_allowed(gerpb, e, type, NULL, ACLPB_SLAPI_ACL_WRITE_ADD) == LDAP_SUCCESS) {
+        /* w - add the values of type */
+        attrrights |= ACLPB_SLAPI_ACL_WRITE_ADD;
+        _append_gerstr(gerstr, gerstrsize, gerstrcap, "w", NULL);
+    }
+    slapi_log_err(SLAPI_LOG_ACL, plugin_name,
+                  "_ger_get_attr_rights - SLAPI_ACL_WRITE_DEL %s\n", type);
+    if (acl_access_allowed(gerpb, e, type, NULL, ACLPB_SLAPI_ACL_WRITE_DEL) == LDAP_SUCCESS) {
+        /* o - delete the values of type */
+        attrrights |= ACLPB_SLAPI_ACL_WRITE_DEL;
+        _append_gerstr(gerstr, gerstrsize, gerstrcap, "o", NULL);
+    }
+    /* If subjectdn has no general write right, check for self write */
+    if (0 == (attrrights & (ACLPB_SLAPI_ACL_WRITE_DEL | ACLPB_SLAPI_ACL_WRITE_ADD))) {
+        struct berval val;
+
+        val.bv_val = (char *)subjectndn;
+        val.bv_len = strlen(subjectndn);
+
+        if (acl_access_allowed(gerpb, e, type, &val, ACLPB_SLAPI_ACL_WRITE_ADD) == LDAP_SUCCESS) {
+            /* W - add self to the attribute */
+            attrrights |= ACLPB_SLAPI_ACL_WRITE_ADD;
+            _append_gerstr(gerstr, gerstrsize, gerstrcap, "W", NULL);
+        }
+        if (acl_access_allowed(gerpb, e, type, &val, ACLPB_SLAPI_ACL_WRITE_DEL) == LDAP_SUCCESS) {
+            /* O - delete self from the attribute */
+            attrrights |= ACLPB_SLAPI_ACL_WRITE_DEL;
+            _append_gerstr(gerstr, gerstrsize, gerstrcap, "O", NULL);
+        }
+    }
+
+    if (attrrights == 0) {
+        _append_gerstr(gerstr, gerstrsize, gerstrcap, "none", NULL);
+    }
+
+    return attrrights;
 }
 
-#define GER_GET_ATTR_RIGHTS(attrs) \
-	for (thisattr = (attrs); thisattr && *thisattr; thisattr++) \
-	{ \
-		_ger_get_attr_rights (gerpb, e, subjectndn, *thisattr, \
-						gerstr, gerstrsize, gerstrcap, isfirstattr, errbuf); \
-		isfirstattr = 0; \
-	} \
-
-#define GER_GET_ATTR_RIGHTA_EXT(c, inattrs, exattrs); \
-	for ( i = 0; attrs[i]; i++ ) \
-	{ \
-		if ((c) != *attrs[i] && charray_inlist((inattrs), attrs[i]) && \
-				!charray_inlist((exattrs), attrs[i])) \
-		{ \
-			_ger_get_attr_rights ( gerpb, e, subjectndn, attrs[i], \
-				gerstr, gerstrsize, gerstrcap, isfirstattr, errbuf ); \
-			isfirstattr = 0; \
-		} \
-	}
+#define GER_GET_ATTR_RIGHTS(attrs)                                                \
+    for (thisattr = (attrs); thisattr && *thisattr; thisattr++) {                 \
+        _ger_get_attr_rights(gerpb, e, subjectndn, *thisattr,                     \
+                             gerstr, gerstrsize, gerstrcap, isfirstattr, errbuf); \
+        isfirstattr = 0;                                                          \
+    }
+
+#define GER_GET_ATTR_RIGHTA_EXT(c, inattrs, exattrs)                                  \
+    ;                                                                                 \
+    for (i = 0; attrs[i]; i++) {                                                      \
+        if ((c) != *attrs[i] && charray_inlist((inattrs), attrs[i]) &&                \
+            !charray_inlist((exattrs), attrs[i])) {                                   \
+            _ger_get_attr_rights(gerpb, e, subjectndn, attrs[i],                      \
+                                 gerstr, gerstrsize, gerstrcap, isfirstattr, errbuf); \
+            isfirstattr = 0;                                                          \
+        }                                                                             \
+    }
 
 void
-_ger_get_attrs_rights (
-	Slapi_PBlock *gerpb,
-	Slapi_Entry *e,
-	const char *subjectndn,
-	char **attrs,
-	char **gerstr,
-	size_t *gerstrsize,
-	size_t *gerstrcap,
-	char **errbuf
-	)
+_ger_get_attrs_rights(
+    Slapi_PBlock *gerpb,
+    Slapi_Entry *e,
+    const char *subjectndn,
+    char **attrs,
+    char **gerstr,
+    size_t *gerstrsize,
+    size_t *gerstrcap,
+    char **errbuf)
 {
-	int isfirstattr = 1;
-
-	/* gerstr was initially allocated with enough space for one more line */
-	_append_gerstr(gerstr, gerstrsize, gerstrcap, "attributeLevelRights: ", NULL);
-
-	/* 
-	 * If it's stated attribute list is given,
-	 * the first attr in the list should not be empty.
-	 * Otherwise, it's considered the list is not given.
-	 */
-	if (attrs && *attrs && (strlen(*attrs) > 0))
-	{
-		int i = 0;
-		char **allattrs = NULL;
-		char **opattrs = NULL;
-		char **noexpattrs = NULL; /* attrs not to expose */
-		char **myattrs = NULL;
-		char **thisattr = NULL;
-		int hasstar = charray_inlist(attrs, "*");
-		int hasplus = charray_inlist(attrs, "+");
-		Slapi_Attr *objclasses = NULL;
-		Slapi_ValueSet *objclassvals = NULL;
-		int isextensibleobj = 0;
-
-		/* get all attrs available for the entry */
-		slapi_entry_attr_find(e, "objectclass", &objclasses);
-		if (NULL != objclasses) {
-			Slapi_Value *v;
-			slapi_attr_get_valueset(objclasses, &objclassvals);
-			i = slapi_valueset_first_value(objclassvals, &v);
-			if (-1 != i)
-			{
-				const char *ocname = NULL;
-				allattrs = slapi_schema_list_objectclass_attributes(
-							(const char *)v->bv.bv_val,
-							SLAPI_OC_FLAG_REQUIRED|SLAPI_OC_FLAG_ALLOWED);
-				/* check if this entry is an extensble object or not */
-				ocname = slapi_value_get_string(v);
-				if ( strcasecmp( ocname, "extensibleobject" ) == 0 )
-				{
-					isextensibleobj = 1;
-				}
-				/* add "aci" to the allattrs to adjust to do_search */
-				charray_add(&allattrs, slapi_attr_syntax_normalize("aci"));
-				while (-1 != i)
-				{
-					i = slapi_valueset_next_value(objclassvals, i, &v);
-					if (-1 != i)
-					{
-						myattrs = slapi_schema_list_objectclass_attributes(
-							(const char *)v->bv.bv_val,
-							SLAPI_OC_FLAG_REQUIRED|SLAPI_OC_FLAG_ALLOWED);
-						/* check if this entry is an extensble object or not */
-						ocname = slapi_value_get_string(v);
-						if ( strcasecmp( ocname, "extensibleobject" ) == 0 )
-						{
-							isextensibleobj = 1;
-						}
-						charray_merge_nodup(&allattrs, myattrs, 1/*copy_strs*/);
-						charray_free(myattrs);
-					}
-				}
-			}
-			slapi_valueset_free(objclassvals);
-		}
-
-		/* get operational attrs */
-		opattrs = slapi_schema_list_attribute_names(SLAPI_ATTR_FLAG_OPATTR);
-		noexpattrs = slapi_schema_list_attribute_names(SLAPI_ATTR_FLAG_NOEXPOSE);
-		/* subtract no expose attrs from opattrs (e.g., unhashed pw) */
-		charray_subtract(opattrs, noexpattrs, NULL);
-
-		if (isextensibleobj)
-		{
-			for ( i = 0; attrs[i]; i++ )
-			{
-				if ('\0' == *attrs[i]) {
-					continue; /* skip an empty attr */
-				}
-				_ger_get_attr_rights ( gerpb, e, subjectndn, attrs[i], gerstr, 
-								gerstrsize, gerstrcap, isfirstattr, errbuf );
-				isfirstattr = 0;
-			}
-		}
-		else
-		{
-			if (hasstar && hasplus)
-			{
-				GER_GET_ATTR_RIGHTS(allattrs);
-				GER_GET_ATTR_RIGHTS(opattrs);
-			}
-			else if (hasstar)
-			{
-				GER_GET_ATTR_RIGHTS(allattrs);
-				GER_GET_ATTR_RIGHTA_EXT('*', opattrs, allattrs);
-			}
-			else if (hasplus)
-			{
-				GER_GET_ATTR_RIGHTS(opattrs);
-				GER_GET_ATTR_RIGHTA_EXT('+', allattrs, opattrs);
-			}
-			else
-			{
-				for ( i = 0; attrs[i]; i++ )
-				{
-					if ('\0' == *attrs[i]) {
-						continue; /* skip an empty attr */
-					}
-					if (charray_inlist(noexpattrs, attrs[i]))
-					{
-						continue;
-					}
-					else if (charray_inlist(allattrs, attrs[i]) ||
-						charray_inlist(opattrs, attrs[i]) ||
-						(0 == strcasecmp(attrs[i], "dn")) ||
-						(0 == strcasecmp(attrs[i], "distinguishedName")))
-					{
-						_ger_get_attr_rights ( gerpb, e, subjectndn, attrs[i],
-							gerstr, gerstrsize, gerstrcap, isfirstattr, errbuf );
-						isfirstattr = 0;
-					}
-					else
-					{
-						/* if the attr does not belong to the entry,
-						   "<attr>:none" is returned */
-						if (!isfirstattr)
-						{
-							_append_gerstr(gerstr, gerstrsize, gerstrcap, ", ", NULL);
-						}
-						_append_gerstr(gerstr, gerstrsize, gerstrcap, attrs[i], ":");
-						_append_gerstr(gerstr, gerstrsize, gerstrcap, "none", NULL);
-						isfirstattr = 0;
-					}
-				}
-			}
-		}
-		charray_free(allattrs);
-		charray_free(opattrs);
-	}
-	else
-	{
-		Slapi_Attr *prevattr = NULL, *attr;
-		char *type;
-
-		while ( slapi_entry_next_attr ( e, prevattr, &attr ) == 0 )
-		{
-			if ( ! slapi_attr_flag_is_set (attr, SLAPI_ATTR_FLAG_OPATTR) )
-			{
-				slapi_attr_get_type ( attr, &type );
-				_ger_get_attr_rights ( gerpb, e, subjectndn, type, gerstr,
-								gerstrsize, gerstrcap, isfirstattr, errbuf );
-				isfirstattr = 0;
-			}
-			prevattr = attr;
-		}
-	}
-
-	if ( isfirstattr )
-	{
-		/* not a single attribute was retrived or specified */
-		_append_gerstr(gerstr, gerstrsize, gerstrcap, "*:none", NULL);
-	}
-	return;
+    int isfirstattr = 1;
+
+    /* gerstr was initially allocated with enough space for one more line */
+    _append_gerstr(gerstr, gerstrsize, gerstrcap, "attributeLevelRights: ", NULL);
+
+    /*
+     * If it's stated attribute list is given,
+     * the first attr in the list should not be empty.
+     * Otherwise, it's considered the list is not given.
+     */
+    if (attrs && *attrs && (strlen(*attrs) > 0)) {
+        int i = 0;
+        char **allattrs = NULL;
+        char **opattrs = NULL;
+        char **noexpattrs = NULL; /* attrs not to expose */
+        char **myattrs = NULL;
+        char **thisattr = NULL;
+        int hasstar = charray_inlist(attrs, "*");
+        int hasplus = charray_inlist(attrs, "+");
+        Slapi_Attr *objclasses = NULL;
+        Slapi_ValueSet *objclassvals = NULL;
+        int isextensibleobj = 0;
+
+        /* get all attrs available for the entry */
+        slapi_entry_attr_find(e, "objectclass", &objclasses);
+        if (NULL != objclasses) {
+            Slapi_Value *v;
+            slapi_attr_get_valueset(objclasses, &objclassvals);
+            i = slapi_valueset_first_value(objclassvals, &v);
+            if (-1 != i) {
+                const char *ocname = NULL;
+                allattrs = slapi_schema_list_objectclass_attributes(
+                    (const char *)v->bv.bv_val,
+                    SLAPI_OC_FLAG_REQUIRED | SLAPI_OC_FLAG_ALLOWED);
+                /* check if this entry is an extensble object or not */
+                ocname = slapi_value_get_string(v);
+                if (strcasecmp(ocname, "extensibleobject") == 0) {
+                    isextensibleobj = 1;
+                }
+                /* add "aci" to the allattrs to adjust to do_search */
+                charray_add(&allattrs, slapi_attr_syntax_normalize("aci"));
+                while (-1 != i) {
+                    i = slapi_valueset_next_value(objclassvals, i, &v);
+                    if (-1 != i) {
+                        myattrs = slapi_schema_list_objectclass_attributes(
+                            (const char *)v->bv.bv_val,
+                            SLAPI_OC_FLAG_REQUIRED | SLAPI_OC_FLAG_ALLOWED);
+                        /* check if this entry is an extensble object or not */
+                        ocname = slapi_value_get_string(v);
+                        if (strcasecmp(ocname, "extensibleobject") == 0) {
+                            isextensibleobj = 1;
+                        }
+                        charray_merge_nodup(&allattrs, myattrs, 1 /*copy_strs*/);
+                        charray_free(myattrs);
+                    }
+                }
+            }
+            slapi_valueset_free(objclassvals);
+        }
+
+        /* get operational attrs */
+        opattrs = slapi_schema_list_attribute_names(SLAPI_ATTR_FLAG_OPATTR);
+        noexpattrs = slapi_schema_list_attribute_names(SLAPI_ATTR_FLAG_NOEXPOSE);
+        /* subtract no expose attrs from opattrs (e.g., unhashed pw) */
+        charray_subtract(opattrs, noexpattrs, NULL);
+
+        if (isextensibleobj) {
+            for (i = 0; attrs[i]; i++) {
+                if ('\0' == *attrs[i]) {
+                    continue; /* skip an empty attr */
+                }
+                _ger_get_attr_rights(gerpb, e, subjectndn, attrs[i], gerstr,
+                                     gerstrsize, gerstrcap, isfirstattr, errbuf);
+                isfirstattr = 0;
+            }
+        } else {
+            if (hasstar && hasplus) {
+                GER_GET_ATTR_RIGHTS(allattrs);
+                GER_GET_ATTR_RIGHTS(opattrs);
+            } else if (hasstar) {
+                GER_GET_ATTR_RIGHTS(allattrs);
+                GER_GET_ATTR_RIGHTA_EXT('*', opattrs, allattrs);
+            } else if (hasplus) {
+                GER_GET_ATTR_RIGHTS(opattrs);
+                GER_GET_ATTR_RIGHTA_EXT('+', allattrs, opattrs);
+            } else {
+                for (i = 0; attrs[i]; i++) {
+                    if ('\0' == *attrs[i]) {
+                        continue; /* skip an empty attr */
+                    }
+                    if (charray_inlist(noexpattrs, attrs[i])) {
+                        continue;
+                    } else if (charray_inlist(allattrs, attrs[i]) ||
+                               charray_inlist(opattrs, attrs[i]) ||
+                               (0 == strcasecmp(attrs[i], "dn")) ||
+                               (0 == strcasecmp(attrs[i], "distinguishedName"))) {
+                        _ger_get_attr_rights(gerpb, e, subjectndn, attrs[i],
+                                             gerstr, gerstrsize, gerstrcap, isfirstattr, errbuf);
+                        isfirstattr = 0;
+                    } else {
+                        /* if the attr does not belong to the entry,
+                           "<attr>:none" is returned */
+                        if (!isfirstattr) {
+                            _append_gerstr(gerstr, gerstrsize, gerstrcap, ", ", NULL);
+                        }
+                        _append_gerstr(gerstr, gerstrsize, gerstrcap, attrs[i], ":");
+                        _append_gerstr(gerstr, gerstrsize, gerstrcap, "none", NULL);
+                        isfirstattr = 0;
+                    }
+                }
+            }
+        }
+        charray_free(allattrs);
+        charray_free(opattrs);
+    } else {
+        Slapi_Attr *prevattr = NULL, *attr;
+        char *type;
+
+        while (slapi_entry_next_attr(e, prevattr, &attr) == 0) {
+            if (!slapi_attr_flag_is_set(attr, SLAPI_ATTR_FLAG_OPATTR)) {
+                slapi_attr_get_type(attr, &type);
+                _ger_get_attr_rights(gerpb, e, subjectndn, type, gerstr,
+                                     gerstrsize, gerstrcap, isfirstattr, errbuf);
+                isfirstattr = 0;
+            }
+            prevattr = attr;
+        }
+    }
+
+    if (isfirstattr) {
+        /* not a single attribute was retrived or specified */
+        _append_gerstr(gerstr, gerstrsize, gerstrcap, "*:none", NULL);
+    }
+    return;
 }
 
 /*
  * controlType = LDAP_CONTROL_GET_EFFECTIVE_RIGHTS;
  * criticality = n/a;
  * controlValue = OCTET STRING of BER encoding of the SEQUENCE of
- *				  ENUMERATED LDAP code
+ *                  ENUMERATED LDAP code
  */
 void
-_ger_set_response_control (
-	Slapi_PBlock	*pb,
-	int				iscritical,
-	int				rc
-	)
+_ger_set_response_control(
+    Slapi_PBlock *pb,
+    int iscritical,
+    int rc)
 {
-	LDAPControl **resultctrls = NULL;
-	LDAPControl gerrespctrl;
-	BerElement *ber = NULL;
-	struct berval *berval = NULL;
-	int found = 0;
-	int i;
-
-	if ( (ber = der_alloc ()) == NULL )
-	{
-		goto bailout;
-	}
-
-	/* begin sequence, enumeration, end sequence */
-	ber_printf ( ber, "{e}", rc );
-	if ( ber_flatten ( ber, &berval ) != LDAP_SUCCESS )
-	{
-		goto bailout;
-	}
-	gerrespctrl.ldctl_oid = LDAP_CONTROL_GET_EFFECTIVE_RIGHTS;
-	gerrespctrl.ldctl_iscritical = iscritical;
-	gerrespctrl.ldctl_value.bv_val = berval->bv_val;
-	gerrespctrl.ldctl_value.bv_len = berval->bv_len;
-
-	slapi_pblock_get ( pb, SLAPI_RESCONTROLS, &resultctrls );
-	for (i = 0; resultctrls && resultctrls[i]; i++)
-	{
-		if (strcmp(resultctrls[i]->ldctl_oid, LDAP_CONTROL_GET_EFFECTIVE_RIGHTS) == 0)
-		{
-			/*
-			 * We get here if search returns more than one entry
-			 * and this is not the first entry.
-			 */
-			ldap_control_free ( resultctrls[i] );
-			resultctrls[i] = slapi_dup_control (&gerrespctrl);
-			found = 1;
-			break;
-		}
-	}
-
-	if ( !found )
-	{
-		/* slapi_pblock_set() will dup the control */
-		slapi_pblock_set ( pb, SLAPI_ADD_RESCONTROL, &gerrespctrl );
-	}
+    LDAPControl **resultctrls = NULL;
+    LDAPControl gerrespctrl;
+    BerElement *ber = NULL;
+    struct berval *berval = NULL;
+    int found = 0;
+    int i;
+
+    if ((ber = der_alloc()) == NULL) {
+        goto bailout;
+    }
+
+    /* begin sequence, enumeration, end sequence */
+    ber_printf(ber, "{e}", rc);
+    if (ber_flatten(ber, &berval) != LDAP_SUCCESS) {
+        goto bailout;
+    }
+    gerrespctrl.ldctl_oid = LDAP_CONTROL_GET_EFFECTIVE_RIGHTS;
+    gerrespctrl.ldctl_iscritical = iscritical;
+    gerrespctrl.ldctl_value.bv_val = berval->bv_val;
+    gerrespctrl.ldctl_value.bv_len = berval->bv_len;
+
+    slapi_pblock_get(pb, SLAPI_RESCONTROLS, &resultctrls);
+    for (i = 0; resultctrls && resultctrls[i]; i++) {
+        if (strcmp(resultctrls[i]->ldctl_oid, LDAP_CONTROL_GET_EFFECTIVE_RIGHTS) == 0) {
+            /*
+             * We get here if search returns more than one entry
+             * and this is not the first entry.
+             */
+            ldap_control_free(resultctrls[i]);
+            resultctrls[i] = slapi_dup_control(&gerrespctrl);
+            found = 1;
+            break;
+        }
+    }
+
+    if (!found) {
+        /* slapi_pblock_set() will dup the control */
+        slapi_pblock_set(pb, SLAPI_ADD_RESCONTROL, &gerrespctrl);
+    }
 
 bailout:
-	ber_free ( ber, 1 );	/* ber_free() checks for NULL param */
-	ber_bvfree ( berval );	/* ber_bvfree() checks for NULL param */
+    ber_free(ber, 1);   /* ber_free() checks for NULL param */
+    ber_bvfree(berval); /* ber_bvfree() checks for NULL param */
 }
 
 int
-_ger_generate_template_entry (
-	Slapi_PBlock    *pb
-	)
+_ger_generate_template_entry(
+    Slapi_PBlock *pb)
 {
-	Slapi_Entry	*e = NULL;
-	char **gerattrs = NULL;
-	char **attrs = NULL;
-	char **allowedattrs = NULL;
-	char *templateentry = NULL;
-	char *object = NULL;
-	char *superior = NULL;
-	char *p = NULL;
-	const char *dn = NULL;
-	Slapi_DN *sdn = NULL;
-	char *dntype = NULL;
-	int siz = 0;
-	int len = 0;
-	int i = 0;
-	int notfirst = 0;
-	int rc = LDAP_SUCCESS;
-
-	slapi_pblock_get( pb, SLAPI_SEARCH_GERATTRS, &gerattrs );
-	if (NULL == gerattrs)
-	{
-		slapi_log_err(SLAPI_LOG_ERR, plugin_name,
-						"_ger_generate_template_entry - Objectclass info is expected "
-						"in the attr list, e.g., \"*@person\"\n");
-		rc = LDAP_SUCCESS;
-		goto bailout;
-	}
-	for (i = 0; gerattrs && gerattrs[i]; i++)
-	{
-		object = strchr(gerattrs[i], '@');
-		if (NULL != object && '\0' != *(++object))
-		{
-			break;
-		}
-	}
-	if (NULL == object)
-	{
-		rc = LDAP_SUCCESS;	/* no objectclass info; ok to return */
-		goto bailout;
-	}
-	/* 
-	 * Either @objectclass or @objectclass:dntype is accepted.
-	 * If @objectclass, the first MUST attributetype (or the first MAY
-	 * attributetype if MUST does not exist) is used for the attribute
-	 * type in the leaf RDN.
-	 * If @objectclass:dntype, dntype is used for the attribute type in the
-	 * leaf RDN.
-	 */
-	dntype = strchr(object, ':');
-	if (dntype) { /* @objectclasse:dntype */
-		*dntype++ = '\0';
-	}
-
-	attrs = slapi_schema_list_objectclass_attributes(
-						(const char *)object, SLAPI_OC_FLAG_REQUIRED);
-	allowedattrs = slapi_schema_list_objectclass_attributes(
-						(const char *)object, SLAPI_OC_FLAG_ALLOWED);
-	charray_merge(&attrs, allowedattrs, 0 /* no copy */);
-	slapi_ch_free((void **)&allowedattrs); /* free just allowedattrs */
-	if (NULL == attrs) {
-		rc = LDAP_SUCCESS;	/* bogus objectclass info; ok to return */
-		goto bailout;
-	}
-	for (i = 0; attrs[i]; i++)
-	{
-		if (0 == strcasecmp(attrs[i], "objectclass"))
-		{
-			/* <*attrp>: <object>\n\0 */
-			siz += strlen(attrs[i]) + 4 + strlen(object);
-		}
-		else
-		{
-			/* <*attrp>: (template_attribute)\n\0 */
-			siz += strlen(attrs[i]) + 4 + 20;
-		}
-	}
-	/* get the target dn where the template entry is located */
-	slapi_pblock_get( pb, SLAPI_TARGET_SDN, &sdn );
-	dn = slapi_sdn_get_dn(sdn);
-	if (dn)
-	{
-		/* dn: <attr>=<template_name>,<dn>\n\0 */
-		if (dntype) {
-			siz += strlen(dntype) + 30 + strlen(object) + strlen(dn);
-		} else {
-			siz += strlen(attrs[0]) + 30 + strlen(object) + strlen(dn);
-		}
-	}
-	else
-	{
-		/* dn: <attr>=<template_name>\n\0 */
-		if (dntype) {
-			siz += strlen(dntype) + 30 + strlen(object);
-		} else {
-			siz += strlen(attrs[0]) + 30 + strlen(object);
-		}
-	}
-	templateentry = (char *)slapi_ch_malloc(siz);
-	if (NULL != dn && strlen(dn) > 0)
-	{
-		PR_snprintf(templateentry, siz,
-		            "dn: %s=template_%s_objectclass,%s\n",
-		            dntype?dntype:attrs[0], object, dn);
-	}
-	else
-	{
-		PR_snprintf(templateentry, siz,
-		            "dn: %s=template_%s_objectclass\n",
-		            dntype?dntype:attrs[0], object);
-	}
-	for (--i; i >= 0; i--)
-	{
-		len = strlen(templateentry);
-		p = templateentry + len;
-		if (0 == strcasecmp(attrs[i], "objectclass"))
-		{
-			PR_snprintf(p, siz - len, "%s: %s\n", attrs[i], object);
-		}
-		else
-		{
-			PR_snprintf(p, siz - len, "%s: (template_attribute)\n", attrs[i]);
-		}
-	}
-	charray_free(attrs);
-
-	while ((superior = slapi_schema_get_superior_name(object)) &&
-			(0 != strcasecmp(superior, "top")))
-	{
-		if (notfirst)
-		{
-			slapi_ch_free_string(&object);
-		}
-		notfirst = 1;
-		object = superior;
-		attrs = slapi_schema_list_objectclass_attributes(
-						(const char *)superior, SLAPI_OC_FLAG_REQUIRED);
-		for (i = 0; attrs && attrs[i]; i++)
-		{
-			if (0 == strcasecmp(attrs[i], "objectclass"))
-			{
-				/* <*attrp>: <object>\n\0 */
-				siz += strlen(attrs[i]) + 4 + strlen(object);
-			}
-		}
-		templateentry = (char *)slapi_ch_realloc(templateentry, siz);
-		for (--i; i >= 0; i--)
-		{
-			len = strlen(templateentry);
-			p = templateentry + len;
-			if (0 == strcasecmp(attrs[i], "objectclass"))
-			{
-				PR_snprintf(p, siz - len, "%s: %s\n", attrs[i], object);
-			}
-		}
-		charray_free(attrs);
-	}
-	if (notfirst)
-	{
-		slapi_ch_free_string(&object);
-	}
-	slapi_ch_free_string(&superior);
-	siz += 18; /* objectclass: top\n\0 */
-	len = strlen(templateentry);
-	templateentry = (char *)slapi_ch_realloc(templateentry, siz);
-	p = templateentry + len;
-	PR_snprintf(p, siz - len, "objectclass: top\n");
-
-	e = slapi_str2entry(templateentry, SLAPI_STR2ENTRY_NOT_WELL_FORMED_LDIF);
-	/* set the template entry to send the result to clients */
-	slapi_pblock_set(pb, SLAPI_SEARCH_RESULT_ENTRY, e);
+    Slapi_Entry *e = NULL;
+    char **gerattrs = NULL;
+    char **attrs = NULL;
+    char **allowedattrs = NULL;
+    char *templateentry = NULL;
+    char *object = NULL;
+    char *superior = NULL;
+    char *p = NULL;
+    const char *dn = NULL;
+    Slapi_DN *sdn = NULL;
+    char *dntype = NULL;
+    int siz = 0;
+    int len = 0;
+    int i = 0;
+    int notfirst = 0;
+    int rc = LDAP_SUCCESS;
+
+    slapi_pblock_get(pb, SLAPI_SEARCH_GERATTRS, &gerattrs);
+    if (NULL == gerattrs) {
+        slapi_log_err(SLAPI_LOG_ERR, plugin_name,
+                      "_ger_generate_template_entry - Objectclass info is expected "
+                      "in the attr list, e.g., \"*@person\"\n");
+        rc = LDAP_SUCCESS;
+        goto bailout;
+    }
+    for (i = 0; gerattrs && gerattrs[i]; i++) {
+        object = strchr(gerattrs[i], '@');
+        if (NULL != object && '\0' != *(++object)) {
+            break;
+        }
+    }
+    if (NULL == object) {
+        rc = LDAP_SUCCESS; /* no objectclass info; ok to return */
+        goto bailout;
+    }
+    /*
+     * Either @objectclass or @objectclass:dntype is accepted.
+     * If @objectclass, the first MUST attributetype (or the first MAY
+     * attributetype if MUST does not exist) is used for the attribute
+     * type in the leaf RDN.
+     * If @objectclass:dntype, dntype is used for the attribute type in the
+     * leaf RDN.
+     */
+    dntype = strchr(object, ':');
+    if (dntype) { /* @objectclasse:dntype */
+        *dntype++ = '\0';
+    }
+
+    attrs = slapi_schema_list_objectclass_attributes(
+        (const char *)object, SLAPI_OC_FLAG_REQUIRED);
+    allowedattrs = slapi_schema_list_objectclass_attributes(
+        (const char *)object, SLAPI_OC_FLAG_ALLOWED);
+    charray_merge(&attrs, allowedattrs, 0 /* no copy */);
+    slapi_ch_free((void **)&allowedattrs); /* free just allowedattrs */
+    if (NULL == attrs) {
+        rc = LDAP_SUCCESS; /* bogus objectclass info; ok to return */
+        goto bailout;
+    }
+    for (i = 0; attrs[i]; i++) {
+        if (0 == strcasecmp(attrs[i], "objectclass")) {
+            /* <*attrp>: <object>\n\0 */
+            siz += strlen(attrs[i]) + 4 + strlen(object);
+        } else {
+            /* <*attrp>: (template_attribute)\n\0 */
+            siz += strlen(attrs[i]) + 4 + 20;
+        }
+    }
+    /* get the target dn where the template entry is located */
+    slapi_pblock_get(pb, SLAPI_TARGET_SDN, &sdn);
+    dn = slapi_sdn_get_dn(sdn);
+    if (dn) {
+        /* dn: <attr>=<template_name>,<dn>\n\0 */
+        if (dntype) {
+            siz += strlen(dntype) + 30 + strlen(object) + strlen(dn);
+        } else {
+            siz += strlen(attrs[0]) + 30 + strlen(object) + strlen(dn);
+        }
+    } else {
+        /* dn: <attr>=<template_name>\n\0 */
+        if (dntype) {
+            siz += strlen(dntype) + 30 + strlen(object);
+        } else {
+            siz += strlen(attrs[0]) + 30 + strlen(object);
+        }
+    }
+    templateentry = (char *)slapi_ch_malloc(siz);
+    if (NULL != dn && strlen(dn) > 0) {
+        PR_snprintf(templateentry, siz,
+                    "dn: %s=template_%s_objectclass,%s\n",
+                    dntype ? dntype : attrs[0], object, dn);
+    } else {
+        PR_snprintf(templateentry, siz,
+                    "dn: %s=template_%s_objectclass\n",
+                    dntype ? dntype : attrs[0], object);
+    }
+    for (--i; i >= 0; i--) {
+        len = strlen(templateentry);
+        p = templateentry + len;
+        if (0 == strcasecmp(attrs[i], "objectclass")) {
+            PR_snprintf(p, siz - len, "%s: %s\n", attrs[i], object);
+        } else {
+            PR_snprintf(p, siz - len, "%s: (template_attribute)\n", attrs[i]);
+        }
+    }
+    charray_free(attrs);
+
+    while ((superior = slapi_schema_get_superior_name(object)) &&
+           (0 != strcasecmp(superior, "top"))) {
+        if (notfirst) {
+            slapi_ch_free_string(&object);
+        }
+        notfirst = 1;
+        object = superior;
+        attrs = slapi_schema_list_objectclass_attributes(
+            (const char *)superior, SLAPI_OC_FLAG_REQUIRED);
+        for (i = 0; attrs && attrs[i]; i++) {
+            if (0 == strcasecmp(attrs[i], "objectclass")) {
+                /* <*attrp>: <object>\n\0 */
+                siz += strlen(attrs[i]) + 4 + strlen(object);
+            }
+        }
+        templateentry = (char *)slapi_ch_realloc(templateentry, siz);
+        for (--i; i >= 0; i--) {
+            len = strlen(templateentry);
+            p = templateentry + len;
+            if (0 == strcasecmp(attrs[i], "objectclass")) {
+                PR_snprintf(p, siz - len, "%s: %s\n", attrs[i], object);
+            }
+        }
+        charray_free(attrs);
+    }
+    if (notfirst) {
+        slapi_ch_free_string(&object);
+    }
+    slapi_ch_free_string(&superior);
+    siz += 18; /* objectclass: top\n\0 */
+    len = strlen(templateentry);
+    templateentry = (char *)slapi_ch_realloc(templateentry, siz);
+    p = templateentry + len;
+    PR_snprintf(p, siz - len, "objectclass: top\n");
+
+    e = slapi_str2entry(templateentry, SLAPI_STR2ENTRY_NOT_WELL_FORMED_LDIF);
+    /* set the template entry to send the result to clients */
+    slapi_pblock_set(pb, SLAPI_SEARCH_RESULT_ENTRY, e);
 bailout:
-	slapi_ch_free_string(&templateentry);
-	return rc;
+    slapi_ch_free_string(&templateentry);
+    return rc;
 }
 
 int
-acl_get_effective_rights (
-	Slapi_PBlock    *pb,
-	Slapi_Entry	    *e,			/* target entry */
-	char			**attrs,	/* Attribute of	the entry */
-	struct berval   *val __attribute__((unused)),		/* value of attr. NOT USED */
-	int		    	access __attribute__((unused)),		/* requested access rights */
-	char			**errbuf
-	)
+acl_get_effective_rights(
+    Slapi_PBlock *pb,
+    Slapi_Entry *e,                             /* target entry */
+    char **attrs,                               /* Attribute of    the entry */
+    struct berval *val __attribute__((unused)), /* value of attr. NOT USED */
+    int access __attribute__((unused)),         /* requested access rights */
+    char **errbuf)
 {
-	Slapi_PBlock *gerpb = NULL;
-	void *aclcb = NULL;
-	char *subjectndn = NULL;
-	char *gerstr = NULL;
-	size_t gerstrsize = 0;
-	size_t gerstrcap = 0;
-	int iscritical = 0; /* critical may be missing or false http://tools.ietf.org/html/draft-ietf-ldapext-acl-model-08 */
-	int rc = LDAP_SUCCESS;
-
-	*errbuf = NULL;
-
-	if (NULL == e)	/* create a template entry from SLAPI_SEARCH_GERATTRS */
-	{
-		rc = _ger_generate_template_entry ( pb );
-		slapi_pblock_get ( pb, SLAPI_SEARCH_RESULT_ENTRY, &e );
-		if ( rc != LDAP_SUCCESS || NULL == e )
-		{
-			goto bailout;
-		}
-	}
-
-	/*
-	 * Get the subject
-	 */
-	rc = _ger_parse_control (pb, &subjectndn, &iscritical, errbuf );
-	if ( rc != LDAP_SUCCESS )
-	{
-		goto bailout;
-	}
-
-	/*
-	 * The requestor should have g permission on the entry
-	 * to get the effective rights.
-	 */
-	rc = _ger_g_permission_granted (pb, e, subjectndn, errbuf);
-	if ( rc != LDAP_SUCCESS )
-	{
-		goto bailout;
-	}
-
-	/*
-	 * Construct a new pb
-	 */
-	rc = _ger_new_gerpb ( pb, e, subjectndn, &gerpb, &aclcb, errbuf );
-	if ( rc != LDAP_SUCCESS )
-	{
-		goto bailout;
-	}
-
-	/* Get entry level effective rights */
-	_ger_get_entry_rights ( gerpb, e, subjectndn, &gerstr, &gerstrsize, &gerstrcap, errbuf );
-
-	/*
-	 * Attribute level effective rights may not be NULL
-	 * even if entry level's is.
-	 */
-	_ger_get_attrs_rights ( gerpb, e, subjectndn, attrs, &gerstr, &gerstrsize, &gerstrcap, errbuf );
+    Slapi_PBlock *gerpb = NULL;
+    void *aclcb = NULL;
+    char *subjectndn = NULL;
+    char *gerstr = NULL;
+    size_t gerstrsize = 0;
+    size_t gerstrcap = 0;
+    int iscritical = 0; /* critical may be missing or false http://tools.ietf.org/html/draft-ietf-ldapext-acl-model-08 */
+    int rc = LDAP_SUCCESS;
+
+    *errbuf = NULL;
+
+    if (NULL == e) /* create a template entry from SLAPI_SEARCH_GERATTRS */
+    {
+        rc = _ger_generate_template_entry(pb);
+        slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_ENTRY, &e);
+        if (rc != LDAP_SUCCESS || NULL == e) {
+            goto bailout;
+        }
+    }
+
+    /*
+     * Get the subject
+     */
+    rc = _ger_parse_control(pb, &subjectndn, &iscritical, errbuf);
+    if (rc != LDAP_SUCCESS) {
+        goto bailout;
+    }
+
+    /*
+     * The requestor should have g permission on the entry
+     * to get the effective rights.
+     */
+    rc = _ger_g_permission_granted(pb, e, subjectndn, errbuf);
+    if (rc != LDAP_SUCCESS) {
+        goto bailout;
+    }
+
+    /*
+     * Construct a new pb
+     */
+    rc = _ger_new_gerpb(pb, e, subjectndn, &gerpb, &aclcb, errbuf);
+    if (rc != LDAP_SUCCESS) {
+        goto bailout;
+    }
+
+    /* Get entry level effective rights */
+    _ger_get_entry_rights(gerpb, e, subjectndn, &gerstr, &gerstrsize, &gerstrcap, errbuf);
+
+    /*
+     * Attribute level effective rights may not be NULL
+     * even if entry level's is.
+     */
+    _ger_get_attrs_rights(gerpb, e, subjectndn, attrs, &gerstr, &gerstrsize, &gerstrcap, errbuf);
 
 bailout:
-	/*
-	 * Now construct the response control
-	 */
-	_ger_set_response_control ( pb, iscritical, rc );
-
-	if ( rc != LDAP_SUCCESS )
-	{
-		gerstr = slapi_ch_smprintf("entryLevelRights: %d\nattributeLevelRights: *:%d", rc, rc );
-	}
-
-	slapi_log_err(SLAPI_LOG_ACLSUMMARY, plugin_name,
-		"###### Effective Rights on Entry (%s) for Subject (%s) ######\n",
-		e?slapi_entry_get_ndn(e):"null", subjectndn?subjectndn:"null");
-	slapi_log_err(SLAPI_LOG_ACLSUMMARY, plugin_name, "%s\n", gerstr);
-
-	/* Restore pb */
-	_ger_release_gerpb ( &gerpb, &aclcb, pb );
-
-	/*
-	 * General plugin uses SLAPI_RESULT_TEXT for error text. Here
-	 * SLAPI_PB_RESULT_TEXT is exclusively shared with add, dse and schema.
-	 * slapi_pblock_set() will free any previous data, and
-	 * pblock_done() will free SLAPI_PB_RESULT_TEXT.
-	 */
-	slapi_pblock_set (pb, SLAPI_PB_RESULT_TEXT, gerstr);
-
-	if ( !iscritical )
-	{
-		/*
-		 * If return code is not LDAP_SUCCESS, the server would
-		 * abort sending the data of the entry to the client.
-		 */
-		rc = LDAP_SUCCESS;
-	}
-
-	slapi_ch_free ( (void **) &subjectndn );
-	slapi_ch_free ( (void **) &gerstr );
-	return rc;
+    /*
+     * Now construct the response control
+     */
+    _ger_set_response_control(pb, iscritical, rc);
+
+    if (rc != LDAP_SUCCESS) {
+        gerstr = slapi_ch_smprintf("entryLevelRights: %d\nattributeLevelRights: *:%d", rc, rc);
+    }
+
+    slapi_log_err(SLAPI_LOG_ACLSUMMARY, plugin_name,
+                  "###### Effective Rights on Entry (%s) for Subject (%s) ######\n",
+                  e ? slapi_entry_get_ndn(e) : "null", subjectndn ? subjectndn : "null");
+    slapi_log_err(SLAPI_LOG_ACLSUMMARY, plugin_name, "%s\n", gerstr);
+
+    /* Restore pb */
+    _ger_release_gerpb(&gerpb, &aclcb, pb);
+
+    /*
+     * General plugin uses SLAPI_RESULT_TEXT for error text. Here
+     * SLAPI_PB_RESULT_TEXT is exclusively shared with add, dse and schema.
+     * slapi_pblock_set() will free any previous data, and
+     * pblock_done() will free SLAPI_PB_RESULT_TEXT.
+     */
+    slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, gerstr);
+
+    if (!iscritical) {
+        /*
+         * If return code is not LDAP_SUCCESS, the server would
+         * abort sending the data of the entry to the client.
+         */
+        rc = LDAP_SUCCESS;
+    }
+
+    slapi_ch_free((void **)&subjectndn);
+    slapi_ch_free((void **)&gerstr);
+    return rc;
 }

ldap/servers/plugins/acl/aclgroup.c

@@ -4,17 +4,17 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #include "acl.h"
 
 /***************************************************************************
- * 
+ *
  * This module deals with the global user group cache.
  *
  * A LRU queue mechanism is used to maintain the groups the user currently in.
@@ -23,28 +23,28 @@
  * However to accomplish that will require quite a bit of work which may not be
  * cost-efftive.
  **************************************************************************/
-static aclGroupCache   *aclUserGroups;
+static aclGroupCache *aclUserGroups;
 #define ACL_MAXCACHE_USERGROUPS 200
 
-#define ACLG_LOCK_GROUPCACHE_READ()      slapi_rwlock_rdlock ( aclUserGroups->aclg_rwlock )
-#define ACLG_LOCK_GROUPCACHE_WRITE()     slapi_rwlock_wrlock ( aclUserGroups->aclg_rwlock )
-#define ACLG_ULOCK_GROUPCACHE_WRITE()    slapi_rwlock_unlock ( aclUserGroups->aclg_rwlock )
-#define ACLG_ULOCK_GROUPCACHE_READ()     slapi_rwlock_unlock ( aclUserGroups->aclg_rwlock )
+#define ACLG_LOCK_GROUPCACHE_READ() slapi_rwlock_rdlock(aclUserGroups->aclg_rwlock)
+#define ACLG_LOCK_GROUPCACHE_WRITE() slapi_rwlock_wrlock(aclUserGroups->aclg_rwlock)
+#define ACLG_ULOCK_GROUPCACHE_WRITE() slapi_rwlock_unlock(aclUserGroups->aclg_rwlock)
+#define ACLG_ULOCK_GROUPCACHE_READ() slapi_rwlock_unlock(aclUserGroups->aclg_rwlock)
 
 
-static void		__aclg__delete_userGroup ( aclUserGroup *u_group );
+static void __aclg__delete_userGroup(aclUserGroup *u_group);
 
 
-int 
-aclgroup_init ()
+int
+aclgroup_init()
 {
 
-	aclUserGroups = ( aclGroupCache * ) slapi_ch_calloc (1, sizeof ( aclGroupCache ) );
-	if ( NULL ==  (aclUserGroups->aclg_rwlock = slapi_new_rwlock())) {
-		slapi_log_err(SLAPI_LOG_ERR, plugin_name, "Unable to allocate RWLOCK for group cache\n");
-		return 1;
-	}
-	return 0;
+    aclUserGroups = (aclGroupCache *)slapi_ch_calloc(1, sizeof(aclGroupCache));
+    if (NULL == (aclUserGroups->aclg_rwlock = slapi_new_rwlock())) {
+        slapi_log_err(SLAPI_LOG_ERR, plugin_name, "Unable to allocate RWLOCK for group cache\n");
+        return 1;
+    }
+    return 0;
 }
 
 void
@@ -57,7 +57,7 @@ aclgroup_free()
 /*
  *  aclg_init_userGroup
  *
- * Go thru the Global Group CACHE and see if we have group information for 
+ * Go thru the Global Group CACHE and see if we have group information for
  * the user.  The user's group cache is invalidated when a group is modified
  * (in which case ALL usergroups are invalidated) or when the user's entry
  * is modified in which case just his is invalidated.
@@ -65,123 +65,128 @@ aclgroup_free()
  * We need to scan the whole cache looking for a valid entry that matches
  * this user.  If we find invalid entries along the way.
  *
- *	If we don't have anything it's fine. we will allocate a space when we
- * 	need it i.e during  the group evaluation.
+ *    If we don't have anything it's fine. we will allocate a space when we
+ *     need it i.e during  the group evaluation.
  *
- * 	Inputs:
- *		struct acl_pblock		- ACL private block
- *		char *dn			- the client's dn
- *		int got_lock			- 1: already obtained WRITE Lock
- *						- 0: Nope; get one 
- *	Returns:
- *		None.
+ *     Inputs:
+ *        struct acl_pblock        - ACL private block
+ *        char *dn            - the client's dn
+ *        int got_lock            - 1: already obtained WRITE Lock
+ *                        - 0: Nope; get one
+ *    Returns:
+ *        None.
  */
 
 void
-aclg_init_userGroup ( struct acl_pblock *aclpb, const char *n_dn , int got_lock )
+aclg_init_userGroup(struct acl_pblock *aclpb, const char *n_dn, int got_lock)
 {
-	aclUserGroup		*u_group = NULL;
-	aclUserGroup		*next_ugroup = NULL;
-	aclUserGroup		*p_group, *n_group;	
-	int found = 0;
-		
-	/* Check for Anonymous  user */
-	if ( n_dn && *n_dn == '\0') return;
-
-	if ( !got_lock ) ACLG_LOCK_GROUPCACHE_WRITE ();
-	u_group = aclUserGroups->aclg_first;
-	aclpb->aclpb_groupinfo = NULL;
-
-	while ( u_group != NULL ) {
-		next_ugroup = u_group->aclug_next;
-		if ( aclUserGroups->aclg_signature != u_group->aclug_signature) {
-			/*
-			 * This means that this usergroup is no longer valid and
-			 * this operation so delete this one if no one is using it.
-			*/
-			
-			if ( !u_group->aclug_refcnt ) {
-				slapi_log_err(SLAPI_LOG_ACL, plugin_name, 
-					"aclg_init_userGroup - In traversal group deallocation\n" );
-				__aclg__delete_userGroup (u_group);								
-			}			
-		} else {
-
-			/*
-			 * Here, u_group is valid--if it matches then take it.
-			*/
-			if ( slapi_utf8casecmp((ACLUCHP)u_group->aclug_ndn, 
-										(ACLUCHP)n_dn ) == 0 ) {
-					u_group->aclug_refcnt++;
-					aclpb->aclpb_groupinfo = u_group;
-					found = 1;
-					break;
-			}
-		}
-		u_group = next_ugroup;
-	}
-	
-	/* Move the new one to the top of the queue */
-	if ( found )  {
-		p_group  = u_group->aclug_prev;
-		n_group = u_group->aclug_next;
-
-		if ( p_group )  {
-			aclUserGroup	*t_group = NULL;
-
-			p_group->aclug_next = n_group;
-			if ( n_group ) n_group->aclug_prev = p_group;
-
-			t_group = aclUserGroups->aclg_first;
-			if ( t_group ) t_group->aclug_prev = u_group;
-
-			u_group->aclug_prev = NULL;
-			u_group->aclug_next = t_group;
-			aclUserGroups->aclg_first = u_group;
-
-			if ( u_group == aclUserGroups->aclg_last )
-				aclUserGroups->aclg_last = p_group;
-		}
-		slapi_log_err(SLAPI_LOG_ACL, plugin_name, "acl_init_userGroup - Found in cache for dn:%s\n", n_dn);
-	}
-	if (!got_lock ) ACLG_ULOCK_GROUPCACHE_WRITE ();
+    aclUserGroup *u_group = NULL;
+    aclUserGroup *next_ugroup = NULL;
+    aclUserGroup *p_group, *n_group;
+    int found = 0;
+
+    /* Check for Anonymous  user */
+    if (n_dn && *n_dn == '\0')
+        return;
+
+    if (!got_lock)
+        ACLG_LOCK_GROUPCACHE_WRITE();
+    u_group = aclUserGroups->aclg_first;
+    aclpb->aclpb_groupinfo = NULL;
+
+    while (u_group != NULL) {
+        next_ugroup = u_group->aclug_next;
+        if (aclUserGroups->aclg_signature != u_group->aclug_signature) {
+            /*
+             * This means that this usergroup is no longer valid and
+             * this operation so delete this one if no one is using it.
+            */
+
+            if (!u_group->aclug_refcnt) {
+                slapi_log_err(SLAPI_LOG_ACL, plugin_name,
+                              "aclg_init_userGroup - In traversal group deallocation\n");
+                __aclg__delete_userGroup(u_group);
+            }
+        } else {
+
+            /*
+             * Here, u_group is valid--if it matches then take it.
+            */
+            if (slapi_utf8casecmp((ACLUCHP)u_group->aclug_ndn,
+                                  (ACLUCHP)n_dn) == 0) {
+                u_group->aclug_refcnt++;
+                aclpb->aclpb_groupinfo = u_group;
+                found = 1;
+                break;
+            }
+        }
+        u_group = next_ugroup;
+    }
+
+    /* Move the new one to the top of the queue */
+    if (found) {
+        p_group = u_group->aclug_prev;
+        n_group = u_group->aclug_next;
+
+        if (p_group) {
+            aclUserGroup *t_group = NULL;
+
+            p_group->aclug_next = n_group;
+            if (n_group)
+                n_group->aclug_prev = p_group;
+
+            t_group = aclUserGroups->aclg_first;
+            if (t_group)
+                t_group->aclug_prev = u_group;
+
+            u_group->aclug_prev = NULL;
+            u_group->aclug_next = t_group;
+            aclUserGroups->aclg_first = u_group;
+
+            if (u_group == aclUserGroups->aclg_last)
+                aclUserGroups->aclg_last = p_group;
+        }
+        slapi_log_err(SLAPI_LOG_ACL, plugin_name, "acl_init_userGroup - Found in cache for dn:%s\n", n_dn);
+    }
+    if (!got_lock)
+        ACLG_ULOCK_GROUPCACHE_WRITE();
 }
 
 
 /*
  *
  * aclg_reset_userGroup
- *	Reset the reference count to the user's group.
+ *    Reset the reference count to the user's group.
  *
- *	Inputs:
- *		struct	acl_pblock		-- The acl private block.
- *	Returns:
- *		None.
+ *    Inputs:
+ *        struct    acl_pblock        -- The acl private block.
+ *    Returns:
+ *        None.
  *
- *	Note: A WRITE Lock on the GroupCache is obtained during the change:
+ *    Note: A WRITE Lock on the GroupCache is obtained during the change:
  */
 void
-aclg_reset_userGroup ( struct acl_pblock *aclpb )
+aclg_reset_userGroup(struct acl_pblock *aclpb)
 {
 
-	aclUserGroup	*u_group;
+    aclUserGroup *u_group;
 
-	ACLG_LOCK_GROUPCACHE_WRITE();
+    ACLG_LOCK_GROUPCACHE_WRITE();
 
-	if ( (u_group = aclpb->aclpb_groupinfo) != NULL ) {
-		u_group->aclug_refcnt--;
+    if ((u_group = aclpb->aclpb_groupinfo) != NULL) {
+        u_group->aclug_refcnt--;
 
-		/* If I am the last one but I was using an invalid group cache
-		** in the meantime, it is time now to get rid of it so that we will
-		** not have duplicate cache.
-		*/
-		if ( !u_group->aclug_refcnt && 
-			( aclUserGroups->aclg_signature != u_group->aclug_signature )) {
-			__aclg__delete_userGroup ( u_group );
-		}
-	}
-	ACLG_ULOCK_GROUPCACHE_WRITE();
-	aclpb->aclpb_groupinfo = NULL;
+        /* If I am the last one but I was using an invalid group cache
+        ** in the meantime, it is time now to get rid of it so that we will
+        ** not have duplicate cache.
+        */
+        if (!u_group->aclug_refcnt &&
+            (aclUserGroups->aclg_signature != u_group->aclug_signature)) {
+            __aclg__delete_userGroup(u_group);
+        }
+    }
+    ACLG_ULOCK_GROUPCACHE_WRITE();
+    aclpb->aclpb_groupinfo = NULL;
 }
 
 /*
@@ -190,30 +195,31 @@ aclg_reset_userGroup ( struct acl_pblock *aclpb )
  * another thread freeing it underneath us.
 */
 
-aclUserGroup*
+aclUserGroup *
 aclg_find_userGroup(const char *n_dn)
 {
-	aclUserGroup		*u_group = NULL;	
-	int			i;
-
-	/* Check for Anonymous  user */
-	if ( n_dn && *n_dn == '\0') return (NULL) ;
-
-	ACLG_LOCK_GROUPCACHE_READ ();
-		u_group = aclUserGroups->aclg_first;
-	
-		for ( i=0; i < aclUserGroups->aclg_num_userGroups; i++ ) {
-			if ( aclUserGroups->aclg_signature == u_group->aclug_signature &&
-							slapi_utf8casecmp((ACLUCHP)u_group->aclug_ndn, 
-													(ACLUCHP)n_dn ) == 0 ) {					
-				aclg_reader_incr_ugroup_refcnt(u_group);
-				break;
-			}
-			u_group = u_group->aclug_next;
-		}
-	
-	ACLG_ULOCK_GROUPCACHE_READ ();
-	return(u_group);
+    aclUserGroup *u_group = NULL;
+    int i;
+
+    /* Check for Anonymous  user */
+    if (n_dn && *n_dn == '\0')
+        return (NULL);
+
+    ACLG_LOCK_GROUPCACHE_READ();
+    u_group = aclUserGroups->aclg_first;
+
+    for (i = 0; i < aclUserGroups->aclg_num_userGroups; i++) {
+        if (aclUserGroups->aclg_signature == u_group->aclug_signature &&
+            slapi_utf8casecmp((ACLUCHP)u_group->aclug_ndn,
+                              (ACLUCHP)n_dn) == 0) {
+            aclg_reader_incr_ugroup_refcnt(u_group);
+            break;
+        }
+        u_group = u_group->aclug_next;
+    }
+
+    ACLG_ULOCK_GROUPCACHE_READ();
+    return (u_group);
 }
 
 /*
@@ -222,217 +228,220 @@ aclg_find_userGroup(const char *n_dn)
  * that finds it.
 */
 void
-aclg_markUgroupForRemoval ( aclUserGroup* u_group) {		
+aclg_markUgroupForRemoval(aclUserGroup *u_group)
+{
 
-	ACLG_LOCK_GROUPCACHE_WRITE ();					
-		aclg_regen_ugroup_signature(u_group);
-		u_group->aclug_refcnt--;
-	ACLG_ULOCK_GROUPCACHE_WRITE ();	
+    ACLG_LOCK_GROUPCACHE_WRITE();
+    aclg_regen_ugroup_signature(u_group);
+    u_group->aclug_refcnt--;
+    ACLG_ULOCK_GROUPCACHE_WRITE();
 }
 
 /*
  *
  * aclg_get_usersGroup
  *
- *	If we already have a the group info then we are done. If we
- *	don't, then allocate a new one and attach it.
+ *    If we already have a the group info then we are done. If we
+ *    don't, then allocate a new one and attach it.
  *
- *	Inputs:
- *		struct	acl_pblock		-- The acl private block.
- *		char *n_dn			- normalized client's DN
+ *    Inputs:
+ *        struct    acl_pblock        -- The acl private block.
+ *        char *n_dn            - normalized client's DN
  *
- *	Returns:
- *		aclUserGroup			- The Group info block.
+ *    Returns:
+ *        aclUserGroup            - The Group info block.
  *
  */
 aclUserGroup *
-aclg_get_usersGroup ( struct acl_pblock *aclpb , char *n_dn) 
+aclg_get_usersGroup(struct acl_pblock *aclpb, char *n_dn)
 {
 
-	aclUserGroup		*u_group, *f_group;
-
-	if ( !aclpb ) {
-		slapi_log_err(SLAPI_LOG_ACL, plugin_name, "aclg_get_usersGroup - NULL acl pblock\n" );
-		return NULL;
-	}
-
-	if ( aclpb->aclpb_groupinfo )
-		return aclpb->aclpb_groupinfo;
-
-	ACLG_LOCK_GROUPCACHE_WRITE();
-
-	/* try it one more time. We might have one in the meantime */
-	aclg_init_userGroup  (aclpb, n_dn , 1 /* got the lock */);
-	if ( aclpb->aclpb_groupinfo ) {
-		ACLG_ULOCK_GROUPCACHE_WRITE();
-		return aclpb->aclpb_groupinfo;
-	}
-
-	/*
-	 * It is possible at this point that we already have a group cache for the user
-	 * but is is invalid. We can't use it anyway. So, we march along and allocate a new one.
-	 * That's fine as the invalid one will be deallocated when done.
-	 */
-
-	slapi_log_err(SLAPI_LOG_ACL, plugin_name, "aclg_get_usersGroup - ALLOCATING GROUP FOR:%s\n", n_dn );
-	u_group = ( aclUserGroup * ) slapi_ch_calloc ( 1, sizeof ( aclUserGroup ) );
-	
-	u_group->aclug_refcnt = 1;
-	if ( (u_group->aclug_refcnt_mutex = PR_NewLock()) == NULL ) {
-		slapi_ch_free((void **)&u_group);
-		ACLG_ULOCK_GROUPCACHE_WRITE();
-		return(NULL);
-	}
-
-	u_group->aclug_member_groups = (char **)
-					slapi_ch_calloc ( 1, 
-					    (ACLUG_INCR_GROUPS_LIST * sizeof (char *)));
-	u_group->aclug_member_group_size = ACLUG_INCR_GROUPS_LIST;
-	u_group->aclug_numof_member_group = 0;
-
-	u_group->aclug_notmember_groups = (char **)
-					slapi_ch_calloc ( 1,
-					   (ACLUG_INCR_GROUPS_LIST * sizeof (char *)));
-	u_group->aclug_notmember_group_size = ACLUG_INCR_GROUPS_LIST;
-	u_group->aclug_numof_notmember_group = 0;
-
-	u_group->aclug_ndn = slapi_ch_strdup ( n_dn ) ;	
-	
-	u_group->aclug_signature = aclUserGroups->aclg_signature;
-
-	/* Do we have already the max number. If we have then delete the last one */
-	if ( aclUserGroups->aclg_num_userGroups >= ACL_MAXCACHE_USERGROUPS - 5 ) {
-		aclUserGroup		*d_group;
-		
-		/* We need to traverse thru  backwards and delete the one with a refcnt = 0 */
-		d_group = aclUserGroups->aclg_last;
-		while ( d_group ) {
-			if ( !d_group->aclug_refcnt ) {
-				__aclg__delete_userGroup ( d_group );
-				break;
-			} else {
-				d_group = d_group->aclug_prev;
-			}
-		}
-
-		/* If we didn't find any, which should be never, 
-		** we have 5 more tries to do it.
-		*/
-	} 
-	f_group = aclUserGroups->aclg_first;
-	u_group->aclug_next = f_group;
-	if ( f_group ) f_group->aclug_prev = u_group;
-		
-	aclUserGroups->aclg_first =  u_group;
-	if ( aclUserGroups->aclg_last == NULL )
-		aclUserGroups->aclg_last = u_group;
-
-	aclUserGroups->aclg_num_userGroups++;
-
-	/* Put it in the queue */
-	ACLG_ULOCK_GROUPCACHE_WRITE();
-
-	/* Now hang on to it */
-	aclpb->aclpb_groupinfo = u_group;
-	return u_group;
+    aclUserGroup *u_group, *f_group;
+
+    if (!aclpb) {
+        slapi_log_err(SLAPI_LOG_ACL, plugin_name, "aclg_get_usersGroup - NULL acl pblock\n");
+        return NULL;
+    }
+
+    if (aclpb->aclpb_groupinfo)
+        return aclpb->aclpb_groupinfo;
+
+    ACLG_LOCK_GROUPCACHE_WRITE();
+
+    /* try it one more time. We might have one in the meantime */
+    aclg_init_userGroup(aclpb, n_dn, 1 /* got the lock */);
+    if (aclpb->aclpb_groupinfo) {
+        ACLG_ULOCK_GROUPCACHE_WRITE();
+        return aclpb->aclpb_groupinfo;
+    }
+
+    /*
+     * It is possible at this point that we already have a group cache for the user
+     * but is is invalid. We can't use it anyway. So, we march along and allocate a new one.
+     * That's fine as the invalid one will be deallocated when done.
+     */
+
+    slapi_log_err(SLAPI_LOG_ACL, plugin_name, "aclg_get_usersGroup - ALLOCATING GROUP FOR:%s\n", n_dn);
+    u_group = (aclUserGroup *)slapi_ch_calloc(1, sizeof(aclUserGroup));
+
+    u_group->aclug_refcnt = 1;
+    if ((u_group->aclug_refcnt_mutex = PR_NewLock()) == NULL) {
+        slapi_ch_free((void **)&u_group);
+        ACLG_ULOCK_GROUPCACHE_WRITE();
+        return (NULL);
+    }
+
+    u_group->aclug_member_groups = (char **)
+        slapi_ch_calloc(1,
+                        (ACLUG_INCR_GROUPS_LIST * sizeof(char *)));
+    u_group->aclug_member_group_size = ACLUG_INCR_GROUPS_LIST;
+    u_group->aclug_numof_member_group = 0;
+
+    u_group->aclug_notmember_groups = (char **)
+        slapi_ch_calloc(1,
+                        (ACLUG_INCR_GROUPS_LIST * sizeof(char *)));
+    u_group->aclug_notmember_group_size = ACLUG_INCR_GROUPS_LIST;
+    u_group->aclug_numof_notmember_group = 0;
+
+    u_group->aclug_ndn = slapi_ch_strdup(n_dn);
+
+    u_group->aclug_signature = aclUserGroups->aclg_signature;
+
+    /* Do we have already the max number. If we have then delete the last one */
+    if (aclUserGroups->aclg_num_userGroups >= ACL_MAXCACHE_USERGROUPS - 5) {
+        aclUserGroup *d_group;
+
+        /* We need to traverse thru  backwards and delete the one with a refcnt = 0 */
+        d_group = aclUserGroups->aclg_last;
+        while (d_group) {
+            if (!d_group->aclug_refcnt) {
+                __aclg__delete_userGroup(d_group);
+                break;
+            } else {
+                d_group = d_group->aclug_prev;
+            }
+        }
+
+        /* If we didn't find any, which should be never,
+        ** we have 5 more tries to do it.
+        */
+    }
+    f_group = aclUserGroups->aclg_first;
+    u_group->aclug_next = f_group;
+    if (f_group)
+        f_group->aclug_prev = u_group;
+
+    aclUserGroups->aclg_first = u_group;
+    if (aclUserGroups->aclg_last == NULL)
+        aclUserGroups->aclg_last = u_group;
+
+    aclUserGroups->aclg_num_userGroups++;
+
+    /* Put it in the queue */
+    ACLG_ULOCK_GROUPCACHE_WRITE();
+
+    /* Now hang on to it */
+    aclpb->aclpb_groupinfo = u_group;
+    return u_group;
 }
 
 /*
- * 
+ *
  * __aclg__delete_userGroup
  *
- *	Delete the User's Group cache.
+ *    Delete the User's Group cache.
  *
- *	Inputs:
- * 		aclUserGroup		- remove this one
- *	Returns:
- *		None.
+ *    Inputs:
+ *         aclUserGroup        - remove this one
+ *    Returns:
+ *        None.
  *
- *	Note: A WRITE Lock on the GroupCache is obtained by the caller
- */ 
+ *    Note: A WRITE Lock on the GroupCache is obtained by the caller
+ */
 static void
-__aclg__delete_userGroup ( aclUserGroup *u_group )
+__aclg__delete_userGroup(aclUserGroup *u_group)
 {
 
-	aclUserGroup		*next_group, *prev_group;
-	int			i;
-
-	if ( !u_group ) return;
-
-	prev_group = u_group->aclug_prev;
-	next_group = u_group->aclug_next;
-
-	/*
-	 * At this point we must have a 0 refcnt or else we are in a bad shape.
-	 * If we don't have one then at least remove the user's dn so that it will
-	 * be in a condemned state and later deleted.
-	 */
-	
-	slapi_log_err(SLAPI_LOG_ACL, plugin_name, "__aclg__delete_userGroup - DEALLOCATING GROUP FOR:%s\n", u_group->aclug_ndn );
-
-	slapi_ch_free ( (void **) &u_group->aclug_ndn );
-
-	PR_DestroyLock(u_group->aclug_refcnt_mutex);
-
-	/* Remove the member GROUPS */
-	for (i=0; i < u_group->aclug_numof_member_group; i++ )
-		slapi_ch_free ( (void **) &u_group->aclug_member_groups[i] );
-	slapi_ch_free ( (void **) &u_group->aclug_member_groups );
-
-	/* Remove the NOT member GROUPS */
-	for (i=0; i < u_group->aclug_numof_notmember_group; i++ )
-		slapi_ch_free ( (void **) &u_group->aclug_notmember_groups[i] );
-	slapi_ch_free ( (void **) &u_group->aclug_notmember_groups );
-
-	slapi_ch_free ( (void **) &u_group );
-
-	if ( prev_group == NULL && next_group == NULL ) {
-		aclUserGroups->aclg_first = NULL;
-		aclUserGroups->aclg_last = NULL;
-	} else if ( prev_group == NULL ) {
-		next_group->aclug_prev = NULL;
-		aclUserGroups->aclg_first = next_group;
-	} else {
-		prev_group->aclug_next = next_group;
-		if ( next_group ) 
-			next_group->aclug_prev = prev_group;
-		else 
-			aclUserGroups->aclg_last = prev_group;
-	}
-	aclUserGroups->aclg_num_userGroups--;
+    aclUserGroup *next_group, *prev_group;
+    int i;
+
+    if (!u_group)
+        return;
+
+    prev_group = u_group->aclug_prev;
+    next_group = u_group->aclug_next;
+
+    /*
+     * At this point we must have a 0 refcnt or else we are in a bad shape.
+     * If we don't have one then at least remove the user's dn so that it will
+     * be in a condemned state and later deleted.
+     */
+
+    slapi_log_err(SLAPI_LOG_ACL, plugin_name, "__aclg__delete_userGroup - DEALLOCATING GROUP FOR:%s\n", u_group->aclug_ndn);
+
+    slapi_ch_free((void **)&u_group->aclug_ndn);
+
+    PR_DestroyLock(u_group->aclug_refcnt_mutex);
+
+    /* Remove the member GROUPS */
+    for (i = 0; i < u_group->aclug_numof_member_group; i++)
+        slapi_ch_free((void **)&u_group->aclug_member_groups[i]);
+    slapi_ch_free((void **)&u_group->aclug_member_groups);
+
+    /* Remove the NOT member GROUPS */
+    for (i = 0; i < u_group->aclug_numof_notmember_group; i++)
+        slapi_ch_free((void **)&u_group->aclug_notmember_groups[i]);
+    slapi_ch_free((void **)&u_group->aclug_notmember_groups);
+
+    slapi_ch_free((void **)&u_group);
+
+    if (prev_group == NULL && next_group == NULL) {
+        aclUserGroups->aclg_first = NULL;
+        aclUserGroups->aclg_last = NULL;
+    } else if (prev_group == NULL) {
+        next_group->aclug_prev = NULL;
+        aclUserGroups->aclg_first = next_group;
+    } else {
+        prev_group->aclug_next = next_group;
+        if (next_group)
+            next_group->aclug_prev = prev_group;
+        else
+            aclUserGroups->aclg_last = prev_group;
+    }
+    aclUserGroups->aclg_num_userGroups--;
 }
 
 void
-aclg_regen_group_signature( )
+aclg_regen_group_signature()
 {
-	aclUserGroups->aclg_signature = aclutil_gen_signature ( aclUserGroups->aclg_signature );
+    aclUserGroups->aclg_signature = aclutil_gen_signature(aclUserGroups->aclg_signature);
 }
 
 void
-aclg_regen_ugroup_signature( aclUserGroup *ugroup)
+aclg_regen_ugroup_signature(aclUserGroup *ugroup)
 {
-	ugroup->aclug_signature =
-		aclutil_gen_signature ( ugroup->aclug_signature );
+    ugroup->aclug_signature =
+        aclutil_gen_signature(ugroup->aclug_signature);
 }
 
-void 
-aclg_lock_groupCache ( int type /* 1 for reader and 2 for writer */)
+void
+aclg_lock_groupCache(int type /* 1 for reader and 2 for writer */)
 {
 
-	if (type == 1 )
-		ACLG_LOCK_GROUPCACHE_READ();
-	else
-		ACLG_LOCK_GROUPCACHE_WRITE();
+    if (type == 1)
+        ACLG_LOCK_GROUPCACHE_READ();
+    else
+        ACLG_LOCK_GROUPCACHE_WRITE();
 }
 
-void 
-aclg_unlock_groupCache ( int type /* 1 for reader and 2 for writer */)
+void
+aclg_unlock_groupCache(int type /* 1 for reader and 2 for writer */)
 {
 
-	if (type == 1 )
-		ACLG_ULOCK_GROUPCACHE_READ();
-	else
-		ACLG_ULOCK_GROUPCACHE_WRITE();
+    if (type == 1)
+        ACLG_ULOCK_GROUPCACHE_READ();
+    else
+        ACLG_ULOCK_GROUPCACHE_WRITE();
 }
 
 
@@ -446,17 +455,18 @@ aclg_unlock_groupCache ( int type /* 1 for reader and 2 for writer */)
 */
 
 void
-aclg_reader_incr_ugroup_refcnt(aclUserGroup* u_group) {
-	
-	PR_Lock(u_group->aclug_refcnt_mutex);
-		u_group->aclug_refcnt++;
-	PR_Unlock(u_group->aclug_refcnt_mutex);
+aclg_reader_incr_ugroup_refcnt(aclUserGroup *u_group)
+{
+
+    PR_Lock(u_group->aclug_refcnt_mutex);
+    u_group->aclug_refcnt++;
+    PR_Unlock(u_group->aclug_refcnt_mutex);
 }
 
 /* You need the usergroups read lock to call this routine*/
 int
-aclg_numof_usergroups(void) {
-	
-	return(aclUserGroups->aclg_num_userGroups);
-}
+aclg_numof_usergroups(void)
+{
 
+    return (aclUserGroups->aclg_num_userGroups);
+}

ldap/servers/plugins/acl/aclinit.c

@@ -4,178 +4,171 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
-#include    "acl.h"
+#include "acl.h"
 
-static int 		__aclinit__RegisterLases(void);
-static int 		__aclinit__RegisterAttributes(void);
-static int		__aclinit_handler(Slapi_Entry *e, void *callback_data);
+static int __aclinit__RegisterLases(void);
+static int __aclinit__RegisterAttributes(void);
+static int __aclinit_handler(Slapi_Entry *e, void *callback_data);
 
 /***************************************************************************
 *
 * aclinit_main()
-*	Main routine which is called at the server boot up time. 
+*    Main routine which is called at the server boot up time.
 *
-*	1) Reads all the ACI entries from the database and creates
-*	   the ACL list.
+*    1) Reads all the ACI entries from the database and creates
+*       the ACL list.
 *   2) Registers all the LASes and the GetAttrs supported by the DS.
-*	3) Generates anonymous profiles.
+*    3) Generates anonymous profiles.
 *   4) Registers proxy control
-* 	5) Creates aclpb pool 
+*     5) Creates aclpb pool
 *
 * Input:
-*	None.
+*    None.
 *
 * Returns:
-*	0		-- no error
-*	1		-- Error
+*    0        -- no error
+*    1        -- Error
 *
 * Error Handling:
-*	If any error found during the ACL generation, error is logged.
+*    If any error found during the ACL generation, error is logged.
 *
 **************************************************************************/
 static int acl_initialized = 0;
 int
 aclinit_main()
 {
-	Slapi_PBlock		*pb;
-	int					rv;
-	Slapi_DN			*sdn;
-	void 				*node;
-
-	if (acl_initialized) {
-		/* There is no need to do anything more */
-		return 0;
-	}
-
-	/* Initialize the LIBACCESS ACL library */
-	if (ACL_Init() != 0) {
-		slapi_log_err(SLAPI_LOG_ERR, plugin_name,
-			 "aclinit_main - ACL Library Initialization failed\n");
-		return 1;
-	}
-	
-	/* register all the LASes supported by the DS */
-	if (ACL_ERR == __aclinit__RegisterLases()) {
-		/* Error is already logged */
-		return 1;
-	}
-
-	/* Register all the Attrs */
-	if (ACL_ERR == __aclinit__RegisterAttributes()) {
-		/* Error is already logged */
-		return 1;
-	}
-
-	/*
-	 * Register to get backend state changes so we can add/remove
-	 * acis from backends that come up and go down.
-	*/
-
-	slapi_register_backend_state_change((void *) NULL, acl_be_state_change_fnc);
-	
-
-	/* register the extensions */
-	/* ONREPL Moved to the acl_init function because extensions
+    Slapi_PBlock *pb;
+    int rv;
+    Slapi_DN *sdn;
+    void *node;
+
+    if (acl_initialized) {
+        /* There is no need to do anything more */
+        return 0;
+    }
+
+    /* Initialize the LIBACCESS ACL library */
+    if (ACL_Init() != 0) {
+        slapi_log_err(SLAPI_LOG_ERR, plugin_name,
+                      "aclinit_main - ACL Library Initialization failed\n");
+        return 1;
+    }
+
+    /* register all the LASes supported by the DS */
+    if (ACL_ERR == __aclinit__RegisterLases()) {
+        /* Error is already logged */
+        return 1;
+    }
+
+    /* Register all the Attrs */
+    if (ACL_ERR == __aclinit__RegisterAttributes()) {
+        /* Error is already logged */
+        return 1;
+    }
+
+    /*
+     * Register to get backend state changes so we can add/remove
+     * acis from backends that come up and go down.
+    */
+
+    slapi_register_backend_state_change((void *)NULL, acl_be_state_change_fnc);
+
+
+    /* register the extensions */
+    /* ONREPL Moved to the acl_init function because extensions
        need to be registered before any operations are issued
     if  ( 0 != acl_init_ext() ) {
-		slapi_log_err(SLAPI_LOG_ERR, plugin_name,
-			"Unable to initialize the extensions\n");
-		return 1;
-	} */
-
-	/* create the mutex array */
-	if ( 0 != aclext_alloc_lockarray ( ) ) {
-		slapi_log_err(SLAPI_LOG_ERR, plugin_name,
-			"aclinit_main - Unable to create the mutext array\n");
-		return 1;
-	}
+        slapi_log_err(SLAPI_LOG_ERR, plugin_name,
+            "Unable to initialize the extensions\n");
+        return 1;
+    } */
+
+    /* create the mutex array */
+    if (0 != aclext_alloc_lockarray()) {
+        slapi_log_err(SLAPI_LOG_ERR, plugin_name,
+                      "aclinit_main - Unable to create the mutext array\n");
+        return 1;
+    }
 
     /* Allocate the pool */
-	if ( 0 != acl_create_aclpb_pool () ) {
-		slapi_log_err(SLAPI_LOG_ERR, plugin_name,
-			"aclinit_main - Unable to create the acl private pool\n");
-		return 1;
-	}
-
-	/*
-	 * Now read all the ACLs from all the backends and put it
-	 * in a list
-	 */
-	/* initialize the ACLLIST sub-system */
-	if ( 0 != (rv = acllist_init ( ))) {
-		slapi_log_err(SLAPI_LOG_ERR, plugin_name,
-			"aclinit_main - Unable to initialize the plugin:%d\n", rv );
-		return 1;
-	}
-
-	/* Initialize the anonymous profile i.e., generate it */
-	rv = aclanom_init ();
-
-	pb = slapi_pblock_new();
-	
-	/*
-	 * search for the aci_attr_type attributes of all entries.
-	 *
-	 * slapi_get_fist_suffix() and slapi_get_next_suffix() do not return the 
-	 * rootdse entry so we search for acis in there explicitly here.
-	*/
-
-	sdn = slapi_sdn_new_ndn_byval("");
-	slapi_log_err(SLAPI_LOG_ACL, plugin_name,
-				"aclinit_main - Searching for all acis(scope base) at suffix ''\n");
-	aclinit_search_and_update_aci ( 0,		/* thisbeonly */
-										sdn,	/* base */
-										NULL,	/* be name*/
-										LDAP_SCOPE_BASE, ACL_ADD_ACIS,
-										DO_TAKE_ACLCACHE_WRITELOCK);
-	slapi_sdn_free(&sdn);	
-
-	sdn = slapi_get_first_suffix( &node, 1 );
-	while (sdn)
-	{
-		slapi_log_err(SLAPI_LOG_ACL, plugin_name,
-				"aclinit_main - Searching for all acis(scope subtree) at suffix '%s'\n", 
-					slapi_sdn_get_dn(sdn) );
-		aclinit_search_and_update_aci ( 0,		/* thisbeonly */
-										sdn,	/* base */
-										NULL,	/* be name*/
-										LDAP_SCOPE_SUBTREE, ACL_ADD_ACIS,
-										DO_TAKE_ACLCACHE_WRITELOCK);
-		sdn = slapi_get_next_suffix( &node, 1 );
-	}
-
-	/* Initialize it. */
-	acl_initialized = 1;
-
-	/* generate the signatures */
-	acl_set_aclsignature ( aclutil_gen_signature ( 100 ) );
-
-	/* Initialize the user-group cache */
-	rv = aclgroup_init ( );
-
-	aclanom_gen_anomProfile (DO_TAKE_ACLCACHE_READLOCK);
-
-	/* Register both of the proxied authorization controls (version 1 and 2) */
-	slapi_register_supported_control( LDAP_CONTROL_PROXYAUTH,
-			SLAPI_OPERATION_SEARCH | SLAPI_OPERATION_COMPARE
-			| SLAPI_OPERATION_ADD | SLAPI_OPERATION_DELETE
-			| SLAPI_OPERATION_MODIFY | SLAPI_OPERATION_MODDN
-			| SLAPI_OPERATION_EXTENDED );
-	slapi_register_supported_control( LDAP_CONTROL_PROXIEDAUTH,
-			SLAPI_OPERATION_SEARCH | SLAPI_OPERATION_COMPARE
-			| SLAPI_OPERATION_ADD | SLAPI_OPERATION_DELETE
-			| SLAPI_OPERATION_MODIFY | SLAPI_OPERATION_MODDN
-			| SLAPI_OPERATION_EXTENDED );
-
-	slapi_pblock_destroy ( pb );
-	return 0;
+    if (0 != acl_create_aclpb_pool()) {
+        slapi_log_err(SLAPI_LOG_ERR, plugin_name,
+                      "aclinit_main - Unable to create the acl private pool\n");
+        return 1;
+    }
+
+    /*
+     * Now read all the ACLs from all the backends and put it
+     * in a list
+     */
+    /* initialize the ACLLIST sub-system */
+    if (0 != (rv = acllist_init())) {
+        slapi_log_err(SLAPI_LOG_ERR, plugin_name,
+                      "aclinit_main - Unable to initialize the plugin:%d\n", rv);
+        return 1;
+    }
+
+    /* Initialize the anonymous profile i.e., generate it */
+    rv = aclanom_init();
+
+    pb = slapi_pblock_new();
+
+    /*
+     * search for the aci_attr_type attributes of all entries.
+     *
+     * slapi_get_fist_suffix() and slapi_get_next_suffix() do not return the
+     * rootdse entry so we search for acis in there explicitly here.
+    */
+
+    sdn = slapi_sdn_new_ndn_byval("");
+    slapi_log_err(SLAPI_LOG_ACL, plugin_name,
+                  "aclinit_main - Searching for all acis(scope base) at suffix ''\n");
+    aclinit_search_and_update_aci(0,    /* thisbeonly */
+                                  sdn,  /* base */
+                                  NULL, /* be name*/
+                                  LDAP_SCOPE_BASE, ACL_ADD_ACIS,
+                                  DO_TAKE_ACLCACHE_WRITELOCK);
+    slapi_sdn_free(&sdn);
+
+    sdn = slapi_get_first_suffix(&node, 1);
+    while (sdn) {
+        slapi_log_err(SLAPI_LOG_ACL, plugin_name,
+                      "aclinit_main - Searching for all acis(scope subtree) at suffix '%s'\n",
+                      slapi_sdn_get_dn(sdn));
+        aclinit_search_and_update_aci(0,    /* thisbeonly */
+                                      sdn,  /* base */
+                                      NULL, /* be name*/
+                                      LDAP_SCOPE_SUBTREE, ACL_ADD_ACIS,
+                                      DO_TAKE_ACLCACHE_WRITELOCK);
+        sdn = slapi_get_next_suffix(&node, 1);
+    }
+
+    /* Initialize it. */
+    acl_initialized = 1;
+
+    /* generate the signatures */
+    acl_set_aclsignature(aclutil_gen_signature(100));
+
+    /* Initialize the user-group cache */
+    rv = aclgroup_init();
+
+    aclanom_gen_anomProfile(DO_TAKE_ACLCACHE_READLOCK);
+
+    /* Register both of the proxied authorization controls (version 1 and 2) */
+    slapi_register_supported_control(LDAP_CONTROL_PROXYAUTH,
+                                     SLAPI_OPERATION_SEARCH | SLAPI_OPERATION_COMPARE | SLAPI_OPERATION_ADD | SLAPI_OPERATION_DELETE | SLAPI_OPERATION_MODIFY | SLAPI_OPERATION_MODDN | SLAPI_OPERATION_EXTENDED);
+    slapi_register_supported_control(LDAP_CONTROL_PROXIEDAUTH,
+                                     SLAPI_OPERATION_SEARCH | SLAPI_OPERATION_COMPARE | SLAPI_OPERATION_ADD | SLAPI_OPERATION_DELETE | SLAPI_OPERATION_MODIFY | SLAPI_OPERATION_MODDN | SLAPI_OPERATION_EXTENDED);
+
+    slapi_pblock_destroy(pb);
+    return 0;
 }
 /*
  * This routine is the one that scans for acis and either adds them
@@ -195,355 +188,350 @@ aclinit_main()
 */
 
 int
-aclinit_search_and_update_aci ( int thisbeonly, const Slapi_DN *base,
-								char *be_name, int scope, int op,
-								acl_lock_flag_t lock_flag )
+aclinit_search_and_update_aci(int thisbeonly, const Slapi_DN *base, char *be_name, int scope, int op, acl_lock_flag_t lock_flag)
 {
-	char				*attrs[2] = { "aci", NULL };
-	 /* Tell __aclinit_handler whether it's an add or a delete */
-	Slapi_PBlock 	*aPb;
-	LDAPControl		**ctrls=NULL;
-	struct berval	*bval;
-	aclinit_handler_callback_data_t call_back_data;
-
-	PR_ASSERT( lock_flag == DONT_TAKE_ACLCACHE_WRITELOCK ||
-				lock_flag == DO_TAKE_ACLCACHE_WRITELOCK);
-
-	if ( thisbeonly && be_name == NULL) {
-		slapi_log_err(SLAPI_LOG_ERR, plugin_name, 
-						"aclinit_search_and_update_aci - be_name must be specified.\n");
-		return -1;
-	}
-
-
-	/*
-	 * We need to explicitly request (objectclass=ldapsubentry)
-	 * in order to get all the subentry acis too.
-	 * Note that subentries can be added under subentries (although its not
-	 * recommended) so that
-	 * there may be non-trivial acis under a subentry.
-	*/ 
-
-	/* Use new search internal API                 */
-	/* and never retrieve aci from a remote server */
-	aPb = slapi_pblock_new ();
-		
-	/*
-	 * Set up the control to say "Only get acis from this Backend--
-	 * there may be more backends under this one.
-	*/
-
-	if ( thisbeonly ) {		
-		
-		bval = (struct berval *)slapi_ch_malloc(sizeof(struct berval));
-		bval->bv_len = strlen(be_name) + 1;
-		bval->bv_val = slapi_ch_strdup(be_name);
-
-		ctrls = (LDAPControl **)slapi_ch_calloc( 2, sizeof(LDAPControl *));
-		ctrls[0] = NULL;
-		ctrls[1] = NULL;
-	
-		slapi_build_control_from_berval(
-										MTN_CONTROL_USE_ONE_BACKEND_OID,
-                						bval,
-										1 /* is critical */, 
-										ctrls);
-
-	}	
-
-	slapi_search_internal_set_pb (	aPb,
-					slapi_sdn_get_dn(base),
-					scope,
-					"(|(aci=*)(objectclass=ldapsubentry))",
-					attrs,
-					0 /* attrsonly */,
-					ctrls /* controls: SLAPI_ARGCONTROLS */,
-					NULL /* uniqueid */,
-					aclplugin_get_identity (ACL_PLUGIN_IDENTITY),
-					SLAPI_OP_FLAG_NEVER_CHAIN /* actions : get local aci only */);
-	
-	if (thisbeonly) {
-		slapi_pblock_set(aPb, SLAPI_REQCONTROLS, ctrls);
-	}
-
-	call_back_data.op = op;
-	call_back_data.retCode = 0;
-	call_back_data.lock_flag = lock_flag;
-
-	slapi_search_internal_callback_pb(aPb,
-					  &call_back_data /* callback_data */,
-					  NULL/* result_callback */,
-					  __aclinit_handler,
-					  NULL /* referral_callback */);
-
-	if (thisbeonly) {				
-		slapi_ch_free((void **)&bval);				
-	}	
-
-	/*
-	 * This frees the control oid, the bv_val and the control itself and the 
-	 * ctrls array mem by caling ldap_controls_free()--so we
-	 * don't need to do it ourselves.
-	*/
-	slapi_pblock_destroy (aPb);
-	
-	return call_back_data.retCode; 
-
+    char *attrs[2] = {"aci", NULL};
+    /* Tell __aclinit_handler whether it's an add or a delete */
+    Slapi_PBlock *aPb;
+    LDAPControl **ctrls = NULL;
+    struct berval *bval;
+    aclinit_handler_callback_data_t call_back_data;
+
+    PR_ASSERT(lock_flag == DONT_TAKE_ACLCACHE_WRITELOCK ||
+              lock_flag == DO_TAKE_ACLCACHE_WRITELOCK);
+
+    if (thisbeonly && be_name == NULL) {
+        slapi_log_err(SLAPI_LOG_ERR, plugin_name,
+                      "aclinit_search_and_update_aci - be_name must be specified.\n");
+        return -1;
+    }
+
+
+    /*
+     * We need to explicitly request (objectclass=ldapsubentry)
+     * in order to get all the subentry acis too.
+     * Note that subentries can be added under subentries (although its not
+     * recommended) so that
+     * there may be non-trivial acis under a subentry.
+    */
+
+    /* Use new search internal API                 */
+    /* and never retrieve aci from a remote server */
+    aPb = slapi_pblock_new();
+
+    /*
+     * Set up the control to say "Only get acis from this Backend--
+     * there may be more backends under this one.
+    */
+
+    if (thisbeonly) {
+
+        bval = (struct berval *)slapi_ch_malloc(sizeof(struct berval));
+        bval->bv_len = strlen(be_name) + 1;
+        bval->bv_val = slapi_ch_strdup(be_name);
+
+        ctrls = (LDAPControl **)slapi_ch_calloc(2, sizeof(LDAPControl *));
+        ctrls[0] = NULL;
+        ctrls[1] = NULL;
+
+        slapi_build_control_from_berval(
+            MTN_CONTROL_USE_ONE_BACKEND_OID,
+            bval,
+            1 /* is critical */,
+            ctrls);
+    }
+
+    slapi_search_internal_set_pb(aPb,
+                                 slapi_sdn_get_dn(base),
+                                 scope,
+                                 "(|(aci=*)(objectclass=ldapsubentry))",
+                                 attrs,
+                                 0 /* attrsonly */,
+                                 ctrls /* controls: SLAPI_ARGCONTROLS */,
+                                 NULL /* uniqueid */,
+                                 aclplugin_get_identity(ACL_PLUGIN_IDENTITY),
+                                 SLAPI_OP_FLAG_NEVER_CHAIN /* actions : get local aci only */);
+
+    if (thisbeonly) {
+        slapi_pblock_set(aPb, SLAPI_REQCONTROLS, ctrls);
+    }
+
+    call_back_data.op = op;
+    call_back_data.retCode = 0;
+    call_back_data.lock_flag = lock_flag;
+
+    slapi_search_internal_callback_pb(aPb,
+                                      &call_back_data /* callback_data */,
+                                      NULL /* result_callback */,
+                                      __aclinit_handler,
+                                      NULL /* referral_callback */);
+
+    if (thisbeonly) {
+        slapi_ch_free((void **)&bval);
+    }
+
+    /*
+     * This frees the control oid, the bv_val and the control itself and the
+     * ctrls array mem by caling ldap_controls_free()--so we
+     * don't need to do it ourselves.
+    */
+    slapi_pblock_destroy(aPb);
+
+    return call_back_data.retCode;
 }
-
+
 /***************************************************************************
 *
 * __aclinit_handler
 *
-*	For each entry, finds if there is any ACL in that entry. If there is
-*	then the ACL is processed and stored in the ACL LIST.
+*    For each entry, finds if there is any ACL in that entry. If there is
+*    then the ACL is processed and stored in the ACL LIST.
 *
 *
 * Input:
 *
 *
 * Returns:
-*	None.
+*    None.
 *
 * Error Handling:
-*	If any error found during the ACL generation, the ACL is
-*	logged.  Also, set in the callback_data so that caller can act upon it.
+*    If any error found during the ACL generation, the ACL is
+*    logged.  Also, set in the callback_data so that caller can act upon it.
 *
 **************************************************************************/
 static int
-__aclinit_handler ( Slapi_Entry *e, void *callback_data)	
+__aclinit_handler(Slapi_Entry *e, void *callback_data)
 {
-    Slapi_Attr 		*attr;
-	aclinit_handler_callback_data_t *call_back_data = 
-		(aclinit_handler_callback_data_t*)callback_data;	
-	Slapi_DN			*e_sdn;
-	int					rv;
-	Slapi_Value 		*sval=NULL;
-
-	call_back_data->retCode = 0;		 /* assume success--if there's an error we overwrite it */
-    if (e != NULL) {		
-
-		e_sdn = slapi_entry_get_sdn ( e );	
-
-		/*
-	 	 * Take the write lock around all the mods--so that
-	 	 * other operations will see the acicache either before the whole mod
-		 * or after but not, as it was before, during the mod.
-		 * This is in line with the LDAP concept of the operation
-		 * on the whole entry being the atomic unit.
-	 	 * 
-		*/
-		
-		if ( call_back_data->op == ACL_ADD_ACIS ) {
-			slapi_log_err(SLAPI_LOG_ACL, plugin_name,
-				"Adding acis for entry '%s'\n", slapi_sdn_get_dn(e_sdn));
-			slapi_entry_attr_find ( e, aci_attr_type, &attr );
-
-			if ( attr ) {
-				
-				const struct berval	*attrValue;				
-				
-				int i;
-				if ( call_back_data->lock_flag == DO_TAKE_ACLCACHE_WRITELOCK) {
-					acllist_acicache_WRITE_LOCK();
-				}
-				i= slapi_attr_first_value ( attr, &sval );
-				while(i != -1) {
-		        	attrValue = slapi_value_get_berval(sval);									
-					
-						if ( 0 != (rv=acllist_insert_aci_needsLock (e_sdn, attrValue))) {
-							aclutil_print_err(rv, e_sdn, attrValue, NULL); 
-
-							/* We got an error; Log it  and then march along */
-							slapi_log_err(SLAPI_LOG_ERR, plugin_name, 
-									  "__aclinit_handler - This  (%s) ACL will not be considered for evaluation"
-									  " because of syntax errors.\n", 
-									  attrValue->bv_val ? attrValue->bv_val: "NULL");
-							call_back_data->retCode = rv;
-						}				
-					i= slapi_attr_next_value( attr, i, &sval );
-				}/* while */
-				if ( call_back_data->lock_flag == DO_TAKE_ACLCACHE_WRITELOCK) {
-					acllist_acicache_WRITE_UNLOCK();
-				}
-			}
-		} else if (call_back_data->op == ACL_REMOVE_ACIS) {
-
-			/* Here we are deleting the acis. */
-				slapi_log_err(SLAPI_LOG_ACL, plugin_name, "__aclinit_handler - Removing acis\n");
-				if ( call_back_data->lock_flag == DO_TAKE_ACLCACHE_WRITELOCK) {
-					acllist_acicache_WRITE_LOCK();
-				}	
-				if ( 0 != (rv=acllist_remove_aci_needsLock(e_sdn, NULL))) {
-					aclutil_print_err(rv, e_sdn, NULL, NULL); 
-
-					/* We got an error; Log it  and then march along */
-					slapi_log_err(SLAPI_LOG_ERR, plugin_name, 
-									  "__aclinit_handler - ACLs not deleted from %s\n",
-                                      slapi_sdn_get_dn(e_sdn));
-					call_back_data->retCode = rv;
-				}
-				if ( call_back_data->lock_flag == DO_TAKE_ACLCACHE_WRITELOCK) {
-					acllist_acicache_WRITE_UNLOCK();
-				}
-		}
-		
-	}
-
-	/*
-	 * If we get here it's success.
-	 * The call_back_data->error is the error code that counts as it's the
-	 * one that the original caller will see--this routine is called off a callbacl.
-	*/
-	
-    return ACL_FALSE;	/* "local" error code--it's 0 */
+    Slapi_Attr *attr;
+    aclinit_handler_callback_data_t *call_back_data =
+        (aclinit_handler_callback_data_t *)callback_data;
+    Slapi_DN *e_sdn;
+    int rv;
+    Slapi_Value *sval = NULL;
+
+    call_back_data->retCode = 0; /* assume success--if there's an error we overwrite it */
+    if (e != NULL) {
+
+        e_sdn = slapi_entry_get_sdn(e);
+
+        /*
+          * Take the write lock around all the mods--so that
+          * other operations will see the acicache either before the whole mod
+         * or after but not, as it was before, during the mod.
+         * This is in line with the LDAP concept of the operation
+         * on the whole entry being the atomic unit.
+          *
+        */
+
+        if (call_back_data->op == ACL_ADD_ACIS) {
+            slapi_log_err(SLAPI_LOG_ACL, plugin_name,
+                          "Adding acis for entry '%s'\n", slapi_sdn_get_dn(e_sdn));
+            slapi_entry_attr_find(e, aci_attr_type, &attr);
+
+            if (attr) {
+
+                const struct berval *attrValue;
+
+                int i;
+                if (call_back_data->lock_flag == DO_TAKE_ACLCACHE_WRITELOCK) {
+                    acllist_acicache_WRITE_LOCK();
+                }
+                i = slapi_attr_first_value(attr, &sval);
+                while (i != -1) {
+                    attrValue = slapi_value_get_berval(sval);
+
+                    if (0 != (rv = acllist_insert_aci_needsLock(e_sdn, attrValue))) {
+                        aclutil_print_err(rv, e_sdn, attrValue, NULL);
+
+                        /* We got an error; Log it  and then march along */
+                        slapi_log_err(SLAPI_LOG_ERR, plugin_name,
+                                      "__aclinit_handler - This  (%s) ACL will not be considered for evaluation"
+                                      " because of syntax errors.\n",
+                                      attrValue->bv_val ? attrValue->bv_val : "NULL");
+                        call_back_data->retCode = rv;
+                    }
+                    i = slapi_attr_next_value(attr, i, &sval);
+                } /* while */
+                if (call_back_data->lock_flag == DO_TAKE_ACLCACHE_WRITELOCK) {
+                    acllist_acicache_WRITE_UNLOCK();
+                }
+            }
+        } else if (call_back_data->op == ACL_REMOVE_ACIS) {
+
+            /* Here we are deleting the acis. */
+            slapi_log_err(SLAPI_LOG_ACL, plugin_name, "__aclinit_handler - Removing acis\n");
+            if (call_back_data->lock_flag == DO_TAKE_ACLCACHE_WRITELOCK) {
+                acllist_acicache_WRITE_LOCK();
+            }
+            if (0 != (rv = acllist_remove_aci_needsLock(e_sdn, NULL))) {
+                aclutil_print_err(rv, e_sdn, NULL, NULL);
+
+                /* We got an error; Log it  and then march along */
+                slapi_log_err(SLAPI_LOG_ERR, plugin_name,
+                              "__aclinit_handler - ACLs not deleted from %s\n",
+                              slapi_sdn_get_dn(e_sdn));
+                call_back_data->retCode = rv;
+            }
+            if (call_back_data->lock_flag == DO_TAKE_ACLCACHE_WRITELOCK) {
+                acllist_acicache_WRITE_UNLOCK();
+            }
+        }
+    }
+
+    /*
+     * If we get here it's success.
+     * The call_back_data->error is the error code that counts as it's the
+     * one that the original caller will see--this routine is called off a callbacl.
+    */
+
+    return ACL_FALSE; /* "local" error code--it's 0 */
 }
 /***************************************************************************
 *
 * __acl__RegisterAttributes
 *
-*	Register all the attributes supported by the DS.
+*    Register all the attributes supported by the DS.
 *
 * Input:
-*	None.
+*    None.
 *
 * Returns:
-*	ACL_OK		- No error
-*	ACL_ERR		- in case of errror
+*    ACL_OK        - No error
+*    ACL_ERR        - in case of errror
 *
 * Error Handling:
-*	None.
+*    None.
 *
 **************************************************************************/
 static int
 __aclinit__RegisterAttributes(void)
 {
 
-	ACLMethod_t	methodinfo;
-	NSErr_t		errp;
-	int		rv;
-
-	memset (&errp, 0, sizeof(NSErr_t));
-	
-	rv = ACL_MethodRegister(&errp, DS_METHOD, &methodinfo);
-	if (rv < 0) {
-		acl_print_acllib_err(&errp, NULL);
-		slapi_log_err(SLAPI_LOG_ERR, plugin_name, 
-			  "__aclinit__RegisterAttributes - Unable to Register the methods\n");
-		return ACL_ERR;
-	}
-	rv = ACL_MethodSetDefault (&errp,  methodinfo);
-	if (rv < 0) {
-		acl_print_acllib_err(&errp, NULL);
-		slapi_log_err(SLAPI_LOG_ERR, plugin_name, 
-			  "__aclinit__RegisterAttributes - Unable to Set the default method\n");
-		return ACL_ERR;
-	}
-        rv = ACL_AttrGetterRegister(&errp, ACL_ATTR_IP, DS_LASIpGetter,
-				methodinfo, ACL_DBTYPE_ANY, ACL_AT_FRONT, NULL);
-	if (rv < 0) {
-		acl_print_acllib_err(&errp, NULL);
-		slapi_log_err(SLAPI_LOG_ERR, plugin_name, 
-			  "__aclinit__RegisterAttributes - Unable to Register Attr ip\n");
-		return ACL_ERR;
-	}
-        rv = ACL_AttrGetterRegister(&errp, ACL_ATTR_DNS, DS_LASDnsGetter,
-				methodinfo, ACL_DBTYPE_ANY, ACL_AT_FRONT, NULL);
-	if (rv < 0) {
-		acl_print_acllib_err(&errp, NULL);
-		slapi_log_err(SLAPI_LOG_ERR, plugin_name, 
-			  "__aclinit__RegisterAttributes - Unable to Register Attr dns\n");
-		return ACL_ERR;
-	}
-	return ACL_OK;
+    ACLMethod_t methodinfo;
+    NSErr_t errp;
+    int rv;
+
+    memset(&errp, 0, sizeof(NSErr_t));
+
+    rv = ACL_MethodRegister(&errp, DS_METHOD, &methodinfo);
+    if (rv < 0) {
+        acl_print_acllib_err(&errp, NULL);
+        slapi_log_err(SLAPI_LOG_ERR, plugin_name,
+                      "__aclinit__RegisterAttributes - Unable to Register the methods\n");
+        return ACL_ERR;
+    }
+    rv = ACL_MethodSetDefault(&errp, methodinfo);
+    if (rv < 0) {
+        acl_print_acllib_err(&errp, NULL);
+        slapi_log_err(SLAPI_LOG_ERR, plugin_name,
+                      "__aclinit__RegisterAttributes - Unable to Set the default method\n");
+        return ACL_ERR;
+    }
+    rv = ACL_AttrGetterRegister(&errp, ACL_ATTR_IP, DS_LASIpGetter,
+                                methodinfo, ACL_DBTYPE_ANY, ACL_AT_FRONT, NULL);
+    if (rv < 0) {
+        acl_print_acllib_err(&errp, NULL);
+        slapi_log_err(SLAPI_LOG_ERR, plugin_name,
+                      "__aclinit__RegisterAttributes - Unable to Register Attr ip\n");
+        return ACL_ERR;
+    }
+    rv = ACL_AttrGetterRegister(&errp, ACL_ATTR_DNS, DS_LASDnsGetter,
+                                methodinfo, ACL_DBTYPE_ANY, ACL_AT_FRONT, NULL);
+    if (rv < 0) {
+        acl_print_acllib_err(&errp, NULL);
+        slapi_log_err(SLAPI_LOG_ERR, plugin_name,
+                      "__aclinit__RegisterAttributes - Unable to Register Attr dns\n");
+        return ACL_ERR;
+    }
+    return ACL_OK;
 }
-
+
 /***************************************************************************
 *
 * __acl__RegisterLases
-*	Register all the LASes supported by the DS.
+*    Register all the LASes supported by the DS.
 *
-*	The DS doesnot support user/group. We have defined our own LAS
-*	so that we can display/print an error when the LAS is invoked.
+*    The DS doesnot support user/group. We have defined our own LAS
+*    so that we can display/print an error when the LAS is invoked.
 * Input:
-*	None.
+*    None.
 *
 * Returns:
-*	ACL_OK		- No error
-*	ACL_ERR		- in case of errror
+*    ACL_OK        - No error
+*    ACL_ERR        - in case of errror
 *
 * Error Handling:
-*	None.
+*    None.
 *
 **************************************************************************/
 static int
 __aclinit__RegisterLases(void)
 {
 
-	if (ACL_LasRegister(NULL, DS_LAS_USER, (LASEvalFunc_t) DS_LASUserEval, 
-				(LASFlushFunc_t) NULL) <  0) {
-		slapi_log_err(SLAPI_LOG_ERR, plugin_name,
-				"__aclinit__RegisterLases - Unable to register USER Las\n");
-		return ACL_ERR;
-	}
-	if (ACL_LasRegister(NULL, DS_LAS_GROUP, (LASEvalFunc_t) DS_LASGroupEval, 
-				(LASFlushFunc_t) NULL) <  0) {
-		slapi_log_err(SLAPI_LOG_ERR, plugin_name,
-				"__aclinit__RegisterLases - Unable to register GROUP Las\n");
-		return ACL_ERR;
-	}
-	if (ACL_LasRegister(NULL, DS_LAS_GROUPDN, (LASEvalFunc_t)DS_LASGroupDnEval, 
-				(LASFlushFunc_t)NULL) < 0) {
-		slapi_log_err(SLAPI_LOG_ERR, plugin_name,
-				"__aclinit__RegisterLases - Unable to register GROUPDN Las\n");
-		return ACL_ERR;
-	}
-	if (ACL_LasRegister(NULL, DS_LAS_ROLEDN, (LASEvalFunc_t)DS_LASRoleDnEval, 
-				(LASFlushFunc_t)NULL) < 0) {
-		slapi_log_err(SLAPI_LOG_ERR, plugin_name,
-				"__aclinit__RegisterLases - Unable to register ROLEDN Las\n");
-		return ACL_ERR;
-	}
-	if (ACL_LasRegister(NULL, DS_LAS_USERDN, (LASEvalFunc_t)DS_LASUserDnEval, 
-				(LASFlushFunc_t)NULL) < 0) {
-		slapi_log_err(SLAPI_LOG_ERR, plugin_name,
-				"__aclinit__RegisterLases - Unable to register USERDN Las\n");
-		return ACL_ERR;
-	}
-	if (ACL_LasRegister(NULL, DS_LAS_USERDNATTR, 
-				(LASEvalFunc_t)DS_LASUserDnAttrEval, 
-				(LASFlushFunc_t)NULL) < 0) {
-		slapi_log_err(SLAPI_LOG_ERR, plugin_name,
-				"__aclinit__RegisterLases - Unable to register USERDNATTR Las\n");
-		return ACL_ERR;
-	}
-	if (ACL_LasRegister(NULL, DS_LAS_AUTHMETHOD, 
-				(LASEvalFunc_t)DS_LASAuthMethodEval,
-				(LASFlushFunc_t)NULL) < 0) {
-		slapi_log_err(SLAPI_LOG_ERR, plugin_name,
-			"__aclinit__RegisterLases - Unable to register CLIENTAUTHTYPE Las\n");
-		return ACL_ERR;
-	}
-	if (ACL_LasRegister(NULL, DS_LAS_GROUPDNATTR,
-				(LASEvalFunc_t)DS_LASGroupDnAttrEval,
-				(LASFlushFunc_t)NULL) < 0) {
-		slapi_log_err(SLAPI_LOG_ERR, plugin_name,
-				"__aclinit__RegisterLases - Unable to register GROUPDNATTR Las\n");
-		return ACL_ERR;
-	}
-	if (ACL_LasRegister(NULL, DS_LAS_USERATTR,
-				(LASEvalFunc_t)DS_LASUserAttrEval,
-				(LASFlushFunc_t)NULL) < 0) {
-		slapi_log_err(SLAPI_LOG_ERR, plugin_name,
-				"__aclinit__RegisterLases - Unable to register USERATTR Las\n");
-		return ACL_ERR;
-	}
-	if (ACL_LasRegister(NULL, DS_LAS_SSF,
-				(LASEvalFunc_t)DS_LASSSFEval,
-				(LASFlushFunc_t)NULL) < 0) {
-		slapi_log_err(SLAPI_LOG_ERR, plugin_name,
-			"__aclinit__RegisterLases - Unable to register SSF Las\n");
-		return ACL_ERR;
-	}
-	return ACL_OK;
+    if (ACL_LasRegister(NULL, DS_LAS_USER, (LASEvalFunc_t)DS_LASUserEval,
+                        (LASFlushFunc_t)NULL) < 0) {
+        slapi_log_err(SLAPI_LOG_ERR, plugin_name,
+                      "__aclinit__RegisterLases - Unable to register USER Las\n");
+        return ACL_ERR;
+    }
+    if (ACL_LasRegister(NULL, DS_LAS_GROUP, (LASEvalFunc_t)DS_LASGroupEval,
+                        (LASFlushFunc_t)NULL) < 0) {
+        slapi_log_err(SLAPI_LOG_ERR, plugin_name,
+                      "__aclinit__RegisterLases - Unable to register GROUP Las\n");
+        return ACL_ERR;
+    }
+    if (ACL_LasRegister(NULL, DS_LAS_GROUPDN, (LASEvalFunc_t)DS_LASGroupDnEval,
+                        (LASFlushFunc_t)NULL) < 0) {
+        slapi_log_err(SLAPI_LOG_ERR, plugin_name,
+                      "__aclinit__RegisterLases - Unable to register GROUPDN Las\n");
+        return ACL_ERR;
+    }
+    if (ACL_LasRegister(NULL, DS_LAS_ROLEDN, (LASEvalFunc_t)DS_LASRoleDnEval,
+                        (LASFlushFunc_t)NULL) < 0) {
+        slapi_log_err(SLAPI_LOG_ERR, plugin_name,
+                      "__aclinit__RegisterLases - Unable to register ROLEDN Las\n");
+        return ACL_ERR;
+    }
+    if (ACL_LasRegister(NULL, DS_LAS_USERDN, (LASEvalFunc_t)DS_LASUserDnEval,
+                        (LASFlushFunc_t)NULL) < 0) {
+        slapi_log_err(SLAPI_LOG_ERR, plugin_name,
+                      "__aclinit__RegisterLases - Unable to register USERDN Las\n");
+        return ACL_ERR;
+    }
+    if (ACL_LasRegister(NULL, DS_LAS_USERDNATTR,
+                        (LASEvalFunc_t)DS_LASUserDnAttrEval,
+                        (LASFlushFunc_t)NULL) < 0) {
+        slapi_log_err(SLAPI_LOG_ERR, plugin_name,
+                      "__aclinit__RegisterLases - Unable to register USERDNATTR Las\n");
+        return ACL_ERR;
+    }
+    if (ACL_LasRegister(NULL, DS_LAS_AUTHMETHOD,
+                        (LASEvalFunc_t)DS_LASAuthMethodEval,
+                        (LASFlushFunc_t)NULL) < 0) {
+        slapi_log_err(SLAPI_LOG_ERR, plugin_name,
+                      "__aclinit__RegisterLases - Unable to register CLIENTAUTHTYPE Las\n");
+        return ACL_ERR;
+    }
+    if (ACL_LasRegister(NULL, DS_LAS_GROUPDNATTR,
+                        (LASEvalFunc_t)DS_LASGroupDnAttrEval,
+                        (LASFlushFunc_t)NULL) < 0) {
+        slapi_log_err(SLAPI_LOG_ERR, plugin_name,
+                      "__aclinit__RegisterLases - Unable to register GROUPDNATTR Las\n");
+        return ACL_ERR;
+    }
+    if (ACL_LasRegister(NULL, DS_LAS_USERATTR,
+                        (LASEvalFunc_t)DS_LASUserAttrEval,
+                        (LASFlushFunc_t)NULL) < 0) {
+        slapi_log_err(SLAPI_LOG_ERR, plugin_name,
+                      "__aclinit__RegisterLases - Unable to register USERATTR Las\n");
+        return ACL_ERR;
+    }
+    if (ACL_LasRegister(NULL, DS_LAS_SSF,
+                        (LASEvalFunc_t)DS_LASSSFEval,
+                        (LASFlushFunc_t)NULL) < 0) {
+        slapi_log_err(SLAPI_LOG_ERR, plugin_name,
+                      "__aclinit__RegisterLases - Unable to register SSF Las\n");
+        return ACL_ERR;
+    }
+    return ACL_OK;
 }

ldap/servers/plugins/acl/aclplugin.c

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 /*
@@ -18,38 +18,38 @@
  */
 #include "acl.h"
 
-static Slapi_PluginDesc pdesc = { "acl", VENDOR, DS_PACKAGE_VERSION, "acl access check plugin" };
+static Slapi_PluginDesc pdesc = {"acl", VENDOR, DS_PACKAGE_VERSION, "acl access check plugin"};
 char *plugin_name = ACL_PLUGIN_NAME;
 
 /* Prototypes */
 
-static int aclplugin_preop_search ( Slapi_PBlock *pb );
-static int aclplugin_preop_modify ( Slapi_PBlock *pb );
-int aclplugin_preop_common ( Slapi_PBlock *pb );
+static int aclplugin_preop_search(Slapi_PBlock *pb);
+static int aclplugin_preop_modify(Slapi_PBlock *pb);
+int aclplugin_preop_common(Slapi_PBlock *pb);
 
 /*******************************************************************************
  *  ACL PLUGIN Architecture
  *
- *	There are 3 registered plugins:
+ *    There are 3 registered plugins:
  *
- *	1) PREOP ACL Plugin
- *		The preop plugin does all the initialization. It allocate the ACL
- *		PBlock and copies stuff from the connection if it needs to.
- *	
- *	2) POSTOP ACL Plugin
- *		The Postop plugin cleans up the ACL PBlock. It copies Back to the
- *		connection struct. The Postop bind & Unbind  cleans up the 
- *		ACL CBlock ( struct hanging from conn struct ).
+ *    1) PREOP ACL Plugin
+ *        The preop plugin does all the initialization. It allocate the ACL
+ *        PBlock and copies stuff from the connection if it needs to.
  *
- *	3) ACCESSCONTROL Plugin
- *		Main module which does the access check. There are 5 entry point
- *		from this plugin 
- *		a) Initilize the ACL system i.e read all the ACLs and generate the
- *		   the ACL List.
- *		b) Check for ACI syntax.
- *		c) Check for normal access.
- *		d) Check for access to a mod request.
- *		e) Update the in-memory ACL List.
+ *    2) POSTOP ACL Plugin
+ *        The Postop plugin cleans up the ACL PBlock. It copies Back to the
+ *        connection struct. The Postop bind & Unbind  cleans up the
+ *        ACL CBlock ( struct hanging from conn struct ).
+ *
+ *    3) ACCESSCONTROL Plugin
+ *        Main module which does the access check. There are 5 entry point
+ *        from this plugin
+ *        a) Initilize the ACL system i.e read all the ACLs and generate the
+ *           the ACL List.
+ *        b) Check for ACI syntax.
+ *        c) Check for normal access.
+ *        d) Check for access to a mod request.
+ *        e) Update the in-memory ACL List.
  *
  *******************************************************************************/
 
@@ -57,112 +57,112 @@ int aclplugin_preop_common ( Slapi_PBlock *pb );
  * PREOP
  *******************************************************************************/
 
-/* Plugin identity is passed by the server in the plugin init function and must 
+/* Plugin identity is passed by the server in the plugin init function and must
    be supplied by the plugin to all internal operations it initiates
  */
-void* g_acl_preop_plugin_identity;
+void *g_acl_preop_plugin_identity;
 
 int
-acl_preopInit (Slapi_PBlock *pb)
+acl_preopInit(Slapi_PBlock *pb)
 {
-	int rc = 0;
-	
-	/* save plugin identity to later pass to internal operations */
-	rc = slapi_pblock_get (pb, SLAPI_PLUGIN_IDENTITY, &g_acl_preop_plugin_identity);
+    int rc = 0;
+
+    /* save plugin identity to later pass to internal operations */
+    rc = slapi_pblock_get(pb, SLAPI_PLUGIN_IDENTITY, &g_acl_preop_plugin_identity);
 
-	/* Declare plugin version */
-	rc = slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION, SLAPI_PLUGIN_VERSION_01);
+    /* Declare plugin version */
+    rc = slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION, SLAPI_PLUGIN_VERSION_01);
 
-    	/* Provide descriptive information */
-	rc |=  slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION, (void*)&pdesc);
+    /* Provide descriptive information */
+    rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION, (void *)&pdesc);
 
-	/* Register functions */
-	rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_SEARCH_FN, (void*)aclplugin_preop_search);
-	rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_COMPARE_FN, (void*)aclplugin_preop_search);
-	rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_ADD_FN,    (void*)aclplugin_preop_modify);
-	rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_MODIFY_FN, (void*)aclplugin_preop_modify);
-	rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_MODRDN_FN, (void*)aclplugin_preop_modify);
-	rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_DELETE_FN, (void*)aclplugin_preop_modify);
+    /* Register functions */
+    rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_SEARCH_FN, (void *)aclplugin_preop_search);
+    rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_COMPARE_FN, (void *)aclplugin_preop_search);
+    rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_ADD_FN, (void *)aclplugin_preop_modify);
+    rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_MODIFY_FN, (void *)aclplugin_preop_modify);
+    rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_MODRDN_FN, (void *)aclplugin_preop_modify);
+    rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_DELETE_FN, (void *)aclplugin_preop_modify);
 
 #if 0
-	/*
-	 * XXXmcs: In order to support access control checking from
-	 * extended operations, we need a SLAPI_PLUGIN_PRE_EXTENDED_FN hook.
-	 * But today no such entry point exists.
-	 */
-	rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_EXTENDED_FN, (void*)aclplugin_preop_modify);
+    /*
+     * XXXmcs: In order to support access control checking from
+     * extended operations, we need a SLAPI_PLUGIN_PRE_EXTENDED_FN hook.
+     * But today no such entry point exists.
+     */
+    rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_EXTENDED_FN, (void*)aclplugin_preop_modify);
 #endif
 
 
-        slapi_log_err(SLAPI_LOG_PLUGIN, plugin_name, "<= acl_preop_Init %d\n", rc );
-        return( rc );
+    slapi_log_err(SLAPI_LOG_PLUGIN, plugin_name, "<= acl_preop_Init %d\n", rc);
+    return (rc);
 }
 
 /* For preop search we do two things:
  * 1) based on the search base, we preselect the acls.
- * 2) also get hold of a acl_pblock for use 
+ * 2) also get hold of a acl_pblock for use
  */
 static int
-aclplugin_preop_search ( Slapi_PBlock *pb )
+aclplugin_preop_search(Slapi_PBlock *pb)
 {
-	int 		scope;
-	const char	*base = NULL;
-	Slapi_DN	*sdn = NULL;
-	int			optype;
-	int			isRoot;
-	int			isProxy = 0;
-	int			rc = 0;
-	char *errtxt = NULL;
-	char *proxy_dn = NULL;
-			
-	TNF_PROBE_0_DEBUG(aclplugin_preop_search_start ,"ACL","");
-
-	slapi_pblock_get ( pb, SLAPI_OPERATION_TYPE, &optype );
-	slapi_pblock_get ( pb, SLAPI_REQUESTOR_ISROOT, &isRoot );
-
-	if (LDAP_SUCCESS == proxyauth_get_dn(pb, &proxy_dn, &errtxt) && proxy_dn) {
-		isProxy = 1;
-	}
-	slapi_ch_free_string(&proxy_dn);
-
-	if ( isRoot && !isProxy) {
-		TNF_PROBE_1_DEBUG(aclplugin_preop_search_end ,"ACL","",
-							tnf_string,isroot,"");
-		return rc;
-	}
-
-	slapi_pblock_get( pb, SLAPI_SEARCH_TARGET_SDN, &sdn );
-	base = slapi_sdn_get_dn(sdn);
-	/* For anonymous client  doing search nothing needs to be set up */
-	if ( optype == SLAPI_OPERATION_SEARCH && aclanom_is_client_anonymous ( pb )  &&
-			! slapi_dn_issuffix( base, "cn=monitor") ) {
-				TNF_PROBE_1_DEBUG(aclplugin_preop_search_end ,"ACL","",
-									tnf_string,anon,"");
-		return rc;
-	}
-
-	if ( 0 == ( rc = aclplugin_preop_common( pb ))) {
-		slapi_pblock_get( pb, SLAPI_SEARCH_SCOPE, &scope );
-		acllist_init_scan ( pb, scope, base );
-	}
-
-	TNF_PROBE_0_DEBUG(aclplugin_preop_search_end ,"ACL","");
-
-	return rc;
+    int scope;
+    const char *base = NULL;
+    Slapi_DN *sdn = NULL;
+    int optype;
+    int isRoot;
+    int isProxy = 0;
+    int rc = 0;
+    char *errtxt = NULL;
+    char *proxy_dn = NULL;
+
+    TNF_PROBE_0_DEBUG(aclplugin_preop_search_start, "ACL", "");
+
+    slapi_pblock_get(pb, SLAPI_OPERATION_TYPE, &optype);
+    slapi_pblock_get(pb, SLAPI_REQUESTOR_ISROOT, &isRoot);
+
+    if (LDAP_SUCCESS == proxyauth_get_dn(pb, &proxy_dn, &errtxt) && proxy_dn) {
+        isProxy = 1;
+    }
+    slapi_ch_free_string(&proxy_dn);
+
+    if (isRoot && !isProxy) {
+        TNF_PROBE_1_DEBUG(aclplugin_preop_search_end, "ACL", "",
+                          tnf_string, isroot, "");
+        return rc;
+    }
+
+    slapi_pblock_get(pb, SLAPI_SEARCH_TARGET_SDN, &sdn);
+    base = slapi_sdn_get_dn(sdn);
+    /* For anonymous client  doing search nothing needs to be set up */
+    if (optype == SLAPI_OPERATION_SEARCH && aclanom_is_client_anonymous(pb) &&
+        !slapi_dn_issuffix(base, "cn=monitor")) {
+        TNF_PROBE_1_DEBUG(aclplugin_preop_search_end, "ACL", "",
+                          tnf_string, anon, "");
+        return rc;
+    }
+
+    if (0 == (rc = aclplugin_preop_common(pb))) {
+        slapi_pblock_get(pb, SLAPI_SEARCH_SCOPE, &scope);
+        acllist_init_scan(pb, scope, base);
+    }
+
+    TNF_PROBE_0_DEBUG(aclplugin_preop_search_end, "ACL", "");
+
+    return rc;
 }
 
-/* 
+/*
  * For rest of the opertion type, we get a hold of the acl
  * private Block.
  */
 static int
-aclplugin_preop_modify ( Slapi_PBlock *pb )
+aclplugin_preop_modify(Slapi_PBlock *pb)
 {
-	/*
-	 * Note: since we don't keep the anom profile for modifies, we have to go
-	 * through the regular process to check the access.
-	*/
-	return aclplugin_preop_common( pb );
+    /*
+     * Note: since we don't keep the anom profile for modifies, we have to go
+     * through the regular process to check the access.
+    */
+    return aclplugin_preop_common(pb);
 }
 
 /*
@@ -170,76 +170,76 @@ aclplugin_preop_modify ( Slapi_PBlock *pb )
  * aclplugin_preop_modify().
  *
  * Return values:
- *	0 - all is well; proceed.
+ *    0 - all is well; proceed.
  *  1 - fatal error; result has been sent to client.
- */ 
+ */
 int
-aclplugin_preop_common( Slapi_PBlock *pb )
+aclplugin_preop_common(Slapi_PBlock *pb)
 {
-	char		*proxy_dn = NULL;	/* id being assumed */
-	char		*dn;		/* proxy master */
-	char		*errtext = NULL;
-	int			lderr;
-	Acl_PBlock	*aclpb;
-
-	TNF_PROBE_0_DEBUG(aclplugin_preop_common_start ,"ACL","");
-
-	aclpb = acl_get_aclpb ( pb, ACLPB_BINDDN_PBLOCK );
-
-	if (aclpb == NULL) {
-		slapi_log_err(SLAPI_LOG_ACL, plugin_name, "aclplugin_preop_common - Error: aclpb is NULL\n" );
-		slapi_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL, NULL, 0, NULL );
-		return 1;
-	}
-
-        /* See if we have initialized already */
-        if ( aclpb->aclpb_state & ACLPB_INITIALIZED ) goto done;
-
-	/*
-	 * The following mallocs memory for proxy_dn, but not the dn.
-	 * The proxy_dn is the id being assumed, while dn
-	 * is the "proxy master".
-	*/
-	if ( LDAP_SUCCESS != ( lderr = proxyauth_get_dn( pb, &proxy_dn, &errtext ))) {
-		/*
-		 * Fatal error -- send a result to the client and arrange to skip
-		 * any further processing.
-		 */
-		slapi_send_ldap_result( pb, lderr, NULL, errtext, 0, NULL );
-		TNF_PROBE_1_DEBUG(aclplugin_preop_common_end ,"ACL","",
-						tnf_string,proxid_error,"");
-		slapi_ch_free_string(&proxy_dn);
-		return 1;	/* skip any further processing */
-	}
-	slapi_pblock_get ( pb, SLAPI_REQUESTOR_DN, &dn );
-
-
-	/*
-	 * The dn is copied into the aclpb during initialization.
-	*/
-	if ( proxy_dn) {
-		TNF_PROBE_0_DEBUG(proxyacpb_init_start,"ACL","");
-
-		slapi_log_err(SLAPI_LOG_ACL, plugin_name,
-				"aclplugin_preop_common - Proxied authorization dn is (%s)\n", proxy_dn );
-		acl_init_aclpb ( pb, aclpb, proxy_dn, 1 );
-		aclpb = acl_new_proxy_aclpb ( pb );
-		acl_init_aclpb ( pb, aclpb, dn, 0 );
-		slapi_ch_free ( (void **) &proxy_dn );
-		
-		TNF_PROBE_0_DEBUG(proxyacpb_init_end,"ACL","");
- 
-	} else {
-		TNF_PROBE_0_DEBUG(aclpb_init_start,"ACL","");
-		acl_init_aclpb ( pb, aclpb, dn, 1 );
-		TNF_PROBE_0_DEBUG(aclpb_init_end,"ACL","");
-
-	}
+    char *proxy_dn = NULL; /* id being assumed */
+    char *dn;              /* proxy master */
+    char *errtext = NULL;
+    int lderr;
+    Acl_PBlock *aclpb;
+
+    TNF_PROBE_0_DEBUG(aclplugin_preop_common_start, "ACL", "");
+
+    aclpb = acl_get_aclpb(pb, ACLPB_BINDDN_PBLOCK);
+
+    if (aclpb == NULL) {
+        slapi_log_err(SLAPI_LOG_ACL, plugin_name, "aclplugin_preop_common - Error: aclpb is NULL\n");
+        slapi_send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, NULL, 0, NULL);
+        return 1;
+    }
+
+    /* See if we have initialized already */
+    if (aclpb->aclpb_state & ACLPB_INITIALIZED)
+        goto done;
+
+    /*
+     * The following mallocs memory for proxy_dn, but not the dn.
+     * The proxy_dn is the id being assumed, while dn
+     * is the "proxy master".
+    */
+    if (LDAP_SUCCESS != (lderr = proxyauth_get_dn(pb, &proxy_dn, &errtext))) {
+        /*
+         * Fatal error -- send a result to the client and arrange to skip
+         * any further processing.
+         */
+        slapi_send_ldap_result(pb, lderr, NULL, errtext, 0, NULL);
+        TNF_PROBE_1_DEBUG(aclplugin_preop_common_end, "ACL", "",
+                          tnf_string, proxid_error, "");
+        slapi_ch_free_string(&proxy_dn);
+        return 1; /* skip any further processing */
+    }
+    slapi_pblock_get(pb, SLAPI_REQUESTOR_DN, &dn);
+
+
+    /*
+     * The dn is copied into the aclpb during initialization.
+    */
+    if (proxy_dn) {
+        TNF_PROBE_0_DEBUG(proxyacpb_init_start, "ACL", "");
+
+        slapi_log_err(SLAPI_LOG_ACL, plugin_name,
+                      "aclplugin_preop_common - Proxied authorization dn is (%s)\n", proxy_dn);
+        acl_init_aclpb(pb, aclpb, proxy_dn, 1);
+        aclpb = acl_new_proxy_aclpb(pb);
+        acl_init_aclpb(pb, aclpb, dn, 0);
+        slapi_ch_free((void **)&proxy_dn);
+
+        TNF_PROBE_0_DEBUG(proxyacpb_init_end, "ACL", "");
+
+    } else {
+        TNF_PROBE_0_DEBUG(aclpb_init_start, "ACL", "");
+        acl_init_aclpb(pb, aclpb, dn, 1);
+        TNF_PROBE_0_DEBUG(aclpb_init_end, "ACL", "");
+    }
 
 done:
-	TNF_PROBE_0_DEBUG(aclplugin_preop_common_end ,"ACL","");
+    TNF_PROBE_0_DEBUG(aclplugin_preop_common_end, "ACL", "");
 
-	return 0;
+    return 0;
 }
 
 /*******************************************************************************
@@ -250,137 +250,138 @@ done:
  * ACCESSCONTROL PLUGIN
  *******************************************************************************/
 
-void* g_acl_plugin_identity;
+void *g_acl_plugin_identity;
 
 /* For now, the acl component is implemented as 2 different plugins */
-/* Return the right plugin identity 				    */
-void * aclplugin_get_identity(int plug) {
-        if (plug == ACL_PLUGIN_IDENTITY)
-                return g_acl_plugin_identity;
-        if (plug == ACL_PREOP_PLUGIN_IDENTITY)
-                return g_acl_preop_plugin_identity;
-        return NULL;
+/* Return the right plugin identity                     */
+void *
+aclplugin_get_identity(int plug)
+{
+    if (plug == ACL_PLUGIN_IDENTITY)
+        return g_acl_plugin_identity;
+    if (plug == ACL_PREOP_PLUGIN_IDENTITY)
+        return g_acl_preop_plugin_identity;
+    return NULL;
 }
 
 int
-aclplugin_init (Slapi_PBlock *pb __attribute__((unused)))
+aclplugin_init(Slapi_PBlock *pb __attribute__((unused)))
 {
 
-	int rc = 0; /* OK */
-       rc = aclinit_main();
-
-	return  rc;
+    int rc = 0; /* OK */
+    rc = aclinit_main();
 
+    return rc;
 }
 int
-aclplugin_stop ( Slapi_PBlock *pb __attribute__((unused)))
+aclplugin_stop(Slapi_PBlock *pb __attribute__((unused)))
 {
-	int rc = 0; /* OK */
-
-	free_acl_avl_list();
-	ACL_Destroy();
-	acl_destroy_aclpb_pool();
-	acl_remove_ext();
-	ACL_AttrGetterHashDestroy();
-	ACL_MethodHashDestroy();
-	ACL_DestroyPools();
-	aclanom__del_profile(1);
-	aclgroup_free();
-	//aclext_free_lockarray();
-	acllist_free();
-
-	return  rc;
+    int rc = 0; /* OK */
+
+    free_acl_avl_list();
+    ACL_Destroy();
+    acl_destroy_aclpb_pool();
+    acl_remove_ext();
+    ACL_AttrGetterHashDestroy();
+    ACL_MethodHashDestroy();
+    ACL_DestroyPools();
+    aclanom__del_profile(1);
+    aclgroup_free();
+    //aclext_free_lockarray();
+    acllist_free();
+
+    return rc;
 }
 
 int
-acl_init( Slapi_PBlock *pb )
+acl_init(Slapi_PBlock *pb)
 {
-        int     rc =0;
-
-        slapi_log_err(SLAPI_LOG_PLUGIN, plugin_name, "=> acl_init\n" );
-
-        if  ( 0 != acl_init_ext() ) {
-		    slapi_log_err(SLAPI_LOG_ERR, plugin_name,
-			    "acl_init - Unable to initialize the extensions\n");
-		    return 1;
-	    }
-
-		/* save plugin identity to later pass to internal operations */
-		rc = slapi_pblock_get (pb, SLAPI_PLUGIN_IDENTITY, &g_acl_plugin_identity);
-
-        rc = slapi_pblock_set( pb, SLAPI_PLUGIN_VERSION,
-            (void *) SLAPI_PLUGIN_VERSION_01 );
-        rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION,
-            (void *)&pdesc );
-
-		rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_START_FN, (void *) aclplugin_init );
-		rc = slapi_pblock_set( pb, SLAPI_PLUGIN_CLOSE_FN, (void *) aclplugin_stop );
-        rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_ACL_SYNTAX_CHECK, 
-            (void *) acl_verify_aci_syntax );
-        rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_ACL_ALLOW_ACCESS,
-            (void *) acl_access_allowed_main );
-        rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_ACL_MODS_ALLOWED,
-            (void *) acl_check_mods );
-        rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_ACL_MODS_UPDATE,
-            (void *) acl_modified );
-
-        slapi_log_err(SLAPI_LOG_PLUGIN, plugin_name, "<= acl_init %d\n", rc);
-        return( rc );
+    int rc = 0;
+
+    slapi_log_err(SLAPI_LOG_PLUGIN, plugin_name, "=> acl_init\n");
+
+    if (0 != acl_init_ext()) {
+        slapi_log_err(SLAPI_LOG_ERR, plugin_name,
+                      "acl_init - Unable to initialize the extensions\n");
+        return 1;
+    }
+
+    /* save plugin identity to later pass to internal operations */
+    rc = slapi_pblock_get(pb, SLAPI_PLUGIN_IDENTITY, &g_acl_plugin_identity);
+
+    rc = slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION,
+                          (void *)SLAPI_PLUGIN_VERSION_01);
+    rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION,
+                           (void *)&pdesc);
+
+    rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_START_FN, (void *)aclplugin_init);
+    rc = slapi_pblock_set(pb, SLAPI_PLUGIN_CLOSE_FN, (void *)aclplugin_stop);
+    rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_ACL_SYNTAX_CHECK,
+                           (void *)acl_verify_aci_syntax);
+    rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_ACL_ALLOW_ACCESS,
+                           (void *)acl_access_allowed_main);
+    rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_ACL_MODS_ALLOWED,
+                           (void *)acl_check_mods);
+    rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_ACL_MODS_UPDATE,
+                           (void *)acl_modified);
+
+    slapi_log_err(SLAPI_LOG_PLUGIN, plugin_name, "<= acl_init %d\n", rc);
+    return (rc);
 }
 
 /*
  *
  * acl_access_allowed_main
- *	Main interface to the plugin. Calls different access check functions
- *	based on the flag.
+ *    Main interface to the plugin. Calls different access check functions
+ *    based on the flag.
+ *
  *
- *	
  *  Returns:
- *	LDAP_SUCCESS			-- access is granted
- *	LDAP_INSUFFICIENT_ACCESS	-- access denied
- *	<other ldap error>		-- ex: opererations error
+ *    LDAP_SUCCESS            -- access is granted
+ *    LDAP_INSUFFICIENT_ACCESS    -- access denied
+ *    <other ldap error>        -- ex: opererations error
  *
  */
 int
-acl_access_allowed_main ( Slapi_PBlock *pb, Slapi_Entry *e, char **attrs, 
-			  struct berval *val, int access , int flags, char **errbuf)
+acl_access_allowed_main(Slapi_PBlock *pb, Slapi_Entry *e, char **attrs, struct berval *val, int access, int flags, char **errbuf)
 {
-	int	rc =0;
-	char	*attr = NULL;
-
-	TNF_PROBE_0_DEBUG(acl_access_allowed_main_start,"ACL","");
-
-	if (attrs && *attrs) attr = attrs[0];
-
-	if (ACLPLUGIN_ACCESS_READ_ON_ENTRY == flags) {
-		rc = acl_read_access_allowed_on_entry ( pb, e, attrs, access);
-	} else if ( ACLPLUGIN_ACCESS_READ_ON_ATTR == flags) {
-		if (attr == NULL) {
-			slapi_log_err(SLAPI_LOG_PLUGIN, plugin_name, "acl_access_allowed_main - Missing attribute\n" );
-			rc = LDAP_OPERATIONS_ERROR;
-		} else {
-			rc = acl_read_access_allowed_on_attr ( pb, e, attr, val, access);
-		}
-	} else if ( ACLPLUGIN_ACCESS_READ_ON_VLV == flags)
-		rc =  acl_access_allowed_disjoint_resource ( pb, e, attr, val, access);
-	else if ( ACLPLUGIN_ACCESS_MODRDN == flags)
-		rc =  acl_access_allowed_modrdn ( pb, e, attr, val, access);
-	else if ( ACLPLUGIN_ACCESS_GET_EFFECTIVE_RIGHTS == flags)
-		rc =  acl_get_effective_rights ( pb, e, attrs, val, access, errbuf );
-	else
-		rc = acl_access_allowed ( pb, e, attr, val, access);
-
-	/* generate the appropriate error message */
-	if ( ( rc != LDAP_SUCCESS ) && errbuf && 
-		 ( ACLPLUGIN_ACCESS_GET_EFFECTIVE_RIGHTS != flags ) &&
-		 ( access & ( SLAPI_ACL_WRITE | SLAPI_ACL_ADD | SLAPI_ACL_DELETE | SLAPI_ACL_MODDN ))) {
-
-		char	*edn  = slapi_entry_get_dn ( e );
-
-		acl_gen_err_msg(access, edn, attr, errbuf);
-	}
-	
-	TNF_PROBE_0_DEBUG(acl_access_allowed_main_end,"ACL","");
-
-	return rc;
+    int rc = 0;
+    char *attr = NULL;
+
+    TNF_PROBE_0_DEBUG(acl_access_allowed_main_start, "ACL", "");
+
+    if (attrs && *attrs)
+        attr = attrs[0];
+
+    if (ACLPLUGIN_ACCESS_READ_ON_ENTRY == flags) {
+        rc = acl_read_access_allowed_on_entry(pb, e, attrs, access);
+    } else if (ACLPLUGIN_ACCESS_READ_ON_ATTR == flags) {
+        if (attr == NULL) {
+            slapi_log_err(SLAPI_LOG_PLUGIN, plugin_name, "acl_access_allowed_main - Missing attribute\n");
+            rc = LDAP_OPERATIONS_ERROR;
+        } else {
+            rc = acl_read_access_allowed_on_attr(pb, e, attr, val, access);
+        }
+    } else if (ACLPLUGIN_ACCESS_READ_ON_VLV == flags)
+        rc = acl_access_allowed_disjoint_resource(pb, e, attr, val, access);
+    else if (ACLPLUGIN_ACCESS_MODRDN == flags)
+        rc = acl_access_allowed_modrdn(pb, e, attr, val, access);
+    else if (ACLPLUGIN_ACCESS_GET_EFFECTIVE_RIGHTS == flags)
+        rc = acl_get_effective_rights(pb, e, attrs, val, access, errbuf);
+    else
+        rc = acl_access_allowed(pb, e, attr, val, access);
+
+    /* generate the appropriate error message */
+    if ((rc != LDAP_SUCCESS) && errbuf &&
+        (ACLPLUGIN_ACCESS_GET_EFFECTIVE_RIGHTS != flags) &&
+        (access & (SLAPI_ACL_WRITE | SLAPI_ACL_ADD | SLAPI_ACL_DELETE | SLAPI_ACL_MODDN))) {
+
+        char *edn = slapi_entry_get_dn(e);
+
+        acl_gen_err_msg(access, edn, attr, errbuf);
+    }
+
+    TNF_PROBE_0_DEBUG(acl_access_allowed_main_end, "ACL", "");
+
+    return rc;
 }

ldap/servers/plugins/addn/addn.c

@@ -3,11 +3,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 /*
@@ -23,15 +23,14 @@
 /* is there a better type we can use here? */
 #define ADDN_FAILURE 1
 
-static void* plugin_identity = NULL;
+static void *plugin_identity = NULL;
 static char *plugin_name = "addn_plugin";
 
 static Slapi_PluginDesc addn_description = {
     "addn",
     VENDOR,
     DS_PACKAGE_VERSION,
-    "Allow AD DN style bind names to LDAP"
-};
+    "Allow AD DN style bind names to LDAP"};
 
 int
 addn_filter_validate(char *config_filter)
@@ -102,7 +101,7 @@ addn_get_subconfig(Slapi_PBlock *pb, char *identifier)
 
     slapi_search_internal_set_pb_ext(search_pblock, config_sdn, LDAP_SCOPE_ONELEVEL,
                                      filter, NULL, 0 /* attrs only */,
-                                     NULL /* controls */, NULL /* uniqueid */, 
+                                     NULL /* controls */, NULL /* uniqueid */,
                                      plugin_identity, 0 /* actions */);
     slapi_search_internal_pb(search_pblock);
 
@@ -179,7 +178,7 @@ addn_prebind(Slapi_PBlock *pb)
     char *config_filter = NULL;
     char *filter = NULL;
     int result = 0;
-    static char *attrs[] = { "dn", NULL };
+    static char *attrs[] = {"dn", NULL};
 
     Slapi_PBlock *search_pblock = NULL;
     int search_result = 0;
@@ -288,7 +287,7 @@ addn_prebind(Slapi_PBlock *pb)
 
     slapi_search_internal_set_pb_ext(search_pblock, be_suffix_dn, LDAP_SCOPE_SUBTREE,
                                      filter, attrs, 0 /* attrs only */,
-                                     NULL /* controls */, NULL /* uniqueid */, 
+                                     NULL /* controls */, NULL /* uniqueid */,
                                      plugin_identity, 0 /* actions */);
     slapi_search_internal_pb(search_pblock);
 
@@ -416,8 +415,8 @@ addn_start(Slapi_PBlock *pb)
 
     if (domain == NULL) {
         slapi_log_err(SLAPI_LOG_ERR, plugin_name,
-                "addn_start: No default domain in configuration, you must set addn_default_domain!\n");
-        slapi_ch_free((void**)&config);
+                      "addn_start: No default domain in configuration, you must set addn_default_domain!\n");
+        slapi_ch_free((void **)&config);
         return SLAPI_PLUGIN_FAILURE;
     }
 
@@ -425,7 +424,7 @@ addn_start(Slapi_PBlock *pb)
     config->default_domain_len = strlen(config->default_domain);
 
     /* Set into the pblock */
-    slapi_pblock_set(pb, SLAPI_PLUGIN_PRIVATE, (void *) config);
+    slapi_pblock_set(pb, SLAPI_PLUGIN_PRIVATE, (void *)config);
 
     slapi_log_err(SLAPI_LOG_PLUGIN, plugin_name, "addn_start: startup complete\n");
 
@@ -447,7 +446,7 @@ addn_close(Slapi_PBlock *pb)
     slapi_pblock_get(pb, SLAPI_PLUGIN_PRIVATE, &config);
     if (config != NULL) {
         slapi_ch_free_string(&config->default_domain);
-        slapi_ch_free((void **) &config);
+        slapi_ch_free((void **)&config);
         slapi_pblock_set(pb, SLAPI_PLUGIN_PRIVATE, NULL);
     }
 
@@ -473,24 +472,24 @@ addn_init(Slapi_PBlock *pb)
     }
 
     /* Get and stash our plugin identity */
-    slapi_pblock_get (pb, SLAPI_PLUGIN_IDENTITY, &plugin_identity);
+    slapi_pblock_get(pb, SLAPI_PLUGIN_IDENTITY, &plugin_identity);
 
-    result = slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION, (void*)&addn_description);
+    result = slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION, (void *)&addn_description);
     if (result != LDAP_SUCCESS) {
         goto out;
     }
 
-    result = slapi_pblock_set(pb, SLAPI_PLUGIN_START_FN, (void*)addn_start);
+    result = slapi_pblock_set(pb, SLAPI_PLUGIN_START_FN, (void *)addn_start);
     if (result != LDAP_SUCCESS) {
         goto out;
     }
 
-    result = slapi_pblock_set(pb, SLAPI_PLUGIN_CLOSE_FN, (void*)addn_close);
+    result = slapi_pblock_set(pb, SLAPI_PLUGIN_CLOSE_FN, (void *)addn_close);
     if (result != LDAP_SUCCESS) {
         goto out;
     }
 
-    result = slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_BIND_FN, (void*)addn_prebind);
+    result = slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_BIND_FN, (void *)addn_prebind);
     if (result != LDAP_SUCCESS) {
         goto out;
     }
@@ -504,5 +503,3 @@ out:
     }
     return result;
 }
-
-

ldap/servers/plugins/addn/addn.h

@@ -3,11 +3,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 /*
@@ -19,7 +19,8 @@
 #include "slapi-private.h"
 #include <plstr.h>
 
-struct addn_config {
+struct addn_config
+{
     char *default_domain;
     size_t default_domain_len;
 };

ldap/servers/plugins/automember/automember.h

@@ -3,11 +3,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 /*
@@ -27,36 +27,37 @@
 /*
  * Plug-in defines
  */
-#define AUTOMEMBER_PLUGIN_SUBSYSTEM  "auto-membership-plugin"
-#define AUTOMEMBER_FEATURE_DESC      "Auto Membership"
-#define AUTOMEMBER_PLUGIN_DESC       "Auto Membership plugin"
-#define AUTOMEMBER_INT_POSTOP_DESC   "Auto Membership internal postop plugin"
-#define AUTOMEMBER_POSTOP_DESC       "Auto Membership postop plugin"
+#define AUTOMEMBER_PLUGIN_SUBSYSTEM "auto-membership-plugin"
+#define AUTOMEMBER_FEATURE_DESC "Auto Membership"
+#define AUTOMEMBER_PLUGIN_DESC "Auto Membership plugin"
+#define AUTOMEMBER_INT_POSTOP_DESC "Auto Membership internal postop plugin"
+#define AUTOMEMBER_POSTOP_DESC "Auto Membership postop plugin"
 
 /*
  * Config type defines
  */
-#define AUTOMEMBER_SCOPE_TYPE         "autoMemberScope"
-#define AUTOMEMBER_FILTER_TYPE        "autoMemberFilter"
-#define AUTOMEMBER_EXC_REGEX_TYPE     "autoMemberExclusiveRegex"
-#define AUTOMEMBER_INC_REGEX_TYPE     "autoMemberInclusiveRegex"
+#define AUTOMEMBER_SCOPE_TYPE "autoMemberScope"
+#define AUTOMEMBER_FILTER_TYPE "autoMemberFilter"
+#define AUTOMEMBER_EXC_REGEX_TYPE "autoMemberExclusiveRegex"
+#define AUTOMEMBER_INC_REGEX_TYPE "autoMemberInclusiveRegex"
 #define AUTOMEMBER_DEFAULT_GROUP_TYPE "autoMemberDefaultGroup"
 #define AUTOMEMBER_GROUPING_ATTR_TYPE "autoMemberGroupingAttr"
-#define AUTOMEMBER_DISABLED_TYPE      "autoMemberDisabled"
-#define AUTOMEMBER_TARGET_GROUP_TYPE  "autoMemberTargetGroup"
+#define AUTOMEMBER_DISABLED_TYPE "autoMemberDisabled"
+#define AUTOMEMBER_TARGET_GROUP_TYPE "autoMemberTargetGroup"
 
 /*
  * Config loading filters
  */
-#define AUTOMEMBER_DEFINITION_FILTER  "objectclass=autoMemberDefinition"
-#define AUTOMEMBER_REGEX_RULE_FILTER  "objectclass=autoMemberRegexRule"
+#define AUTOMEMBER_DEFINITION_FILTER "objectclass=autoMemberDefinition"
+#define AUTOMEMBER_REGEX_RULE_FILTER "objectclass=autoMemberRegexRule"
 
 /*
  * Helper defines
  */
-#define IS_ATTRDESC_CHAR(c) ( isalnum(c) || (c == '.') || (c == ';') || (c == '-') )
+#define IS_ATTRDESC_CHAR(c) (isalnum(c) || (c == '.') || (c == ';') || (c == '-'))
 
-struct automemberRegexRule {
+struct automemberRegexRule
+{
     PRCList list;
     Slapi_DN *target_group_dn;
     char *attr;
@@ -64,7 +65,8 @@ struct automemberRegexRule {
     Slapi_Regex *regex;
 };
 
-struct automemberDNListItem {
+struct automemberDNListItem
+{
     PRCList list;
     Slapi_DN *dn;
 };
@@ -72,7 +74,8 @@ struct automemberDNListItem {
 /*
  * Linked list of config entries.
  */
-struct configEntry {
+struct configEntry
+{
     PRCList list;
     char *dn;
     char *scope;
@@ -103,4 +106,3 @@ void automember_set_plugin_id(void *pluginID);
 void *automember_get_plugin_id(void);
 void automember_set_plugin_dn(char *pluginDN);
 char *automember_get_plugin_dn(void);
-

ldap/servers/plugins/bitwise/bitwise.c

@@ -3,17 +3,17 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 /* orfilter.c - implementation of ordering rule filter */
 
-#include <ldap.h> /* LDAP_UTF8INC */
-#include <slap.h> /* for debug macros */
+#include <ldap.h>         /* LDAP_UTF8INC */
+#include <slap.h>         /* for debug macros */
 #include <slapi-plugin.h> /* slapi_berval_cmp, SLAPI_BERVAL_EQ */
 
 #ifdef HPUX11
@@ -24,8 +24,9 @@
    filter - this is unfortunately not passed into the match fn, so we
    have to keep track of this
 */
-struct bitwise_match_cb {
-    char *type; /* the attribute type from the filter ava */
+struct bitwise_match_cb
+{
+    char *type;         /* the attribute type from the filter ava */
     struct berval *val; /* the value from the filter ava */
 };
 
@@ -54,26 +55,26 @@ delete_bitwise_match_cb(struct bitwise_match_cb *bmc)
 }
 
 static void
-bitwise_filter_destroy(Slapi_PBlock* pb)
+bitwise_filter_destroy(Slapi_PBlock *pb)
 {
     void *obj = NULL;
     slapi_pblock_get(pb, SLAPI_PLUGIN_OBJECT, &obj);
     if (obj) {
-	struct bitwise_match_cb *bmc = (struct bitwise_match_cb *)obj;
-	delete_bitwise_match_cb(bmc);
-	obj = NULL;
-	slapi_pblock_set(pb, SLAPI_PLUGIN_OBJECT, obj);
+        struct bitwise_match_cb *bmc = (struct bitwise_match_cb *)obj;
+        delete_bitwise_match_cb(bmc);
+        obj = NULL;
+        slapi_pblock_set(pb, SLAPI_PLUGIN_OBJECT, obj);
     }
 }
 
-#define BITWISE_OP_AND  0
-#define BITWISE_OP_OR   1
+#define BITWISE_OP_AND 0
+#define BITWISE_OP_OR 1
 
 static int
-internal_bitwise_filter_match(void* obj, Slapi_Entry* entry, Slapi_Attr* attr __attribute__((unused)), int op)
+internal_bitwise_filter_match(void *obj, Slapi_Entry *entry, Slapi_Attr *attr __attribute__((unused)), int op)
 /* returns:  0  filter matched
- *	    -1  filter did not match
- *	    >0  an LDAP error code
+ *        -1  filter did not match
+ *        >0  an LDAP error code
  */
 {
     struct bitwise_match_cb *bmc = obj;
@@ -85,109 +86,109 @@ internal_bitwise_filter_match(void* obj, Slapi_Entry* entry, Slapi_Attr* attr __
 
     /* look through all values until we find a match */
     for (ii = 0; (rc == -1) && ary && ary[ii]; ++ii) {
-	unsigned long long a, b;
-	char *val_from_entry = ary[ii];
-	errno = 0;
-	a = strtoull(val_from_entry, NULL, 10);
-	if (errno != ERANGE) {
-	    errno = 0;
-	    b = strtoull(bmc->val->bv_val, NULL, 10);
-	    if (errno == ERANGE) {
-		rc = LDAP_CONSTRAINT_VIOLATION;
-	    } else {
-		int result = 0;
-		/* The Microsoft Windows AD bitwise operators do not work exactly
-		   as the plain old C bitwise operators work.  For the AND case
-		   the matching rule is true only if all bits from the given value
-		   match the value from the entry.  For the OR case, the matching
-		   rule is true if any bits from the given value match the value
-		   from the entry.
-		   For the AND case, this means that even though (a & b) is True,
-		   if (a & b) != b, the matching rule will return False.
-		   For the OR case, this means that even though (a | b) is True,
-		   this may be because there are bits in a.  But we only care
-		   about bits in a that are also in b.  So we do (a & b) - this
-		   will return what we want, which is to return True if any of
-		   the bits in b are also in a.
-		*/
-		if (op == BITWISE_OP_AND) {
-		    result = ((a & b) == b); /* all the bits in the given value are found in the value from the entry */
-		} else if (op == BITWISE_OP_OR) {
-		    result = (a & b); /* any of the bits in b are also in a */
-		}
-		if (result) {
-		    rc = 0;
-		}
-	    }
-	}
+        unsigned long long a, b;
+        char *val_from_entry = ary[ii];
+        errno = 0;
+        a = strtoull(val_from_entry, NULL, 10);
+        if (errno != ERANGE) {
+            errno = 0;
+            b = strtoull(bmc->val->bv_val, NULL, 10);
+            if (errno == ERANGE) {
+                rc = LDAP_CONSTRAINT_VIOLATION;
+            } else {
+                int result = 0;
+                /* The Microsoft Windows AD bitwise operators do not work exactly
+           as the plain old C bitwise operators work.  For the AND case
+           the matching rule is true only if all bits from the given value
+           match the value from the entry.  For the OR case, the matching
+           rule is true if any bits from the given value match the value
+           from the entry.
+           For the AND case, this means that even though (a & b) is True,
+           if (a & b) != b, the matching rule will return False.
+           For the OR case, this means that even though (a | b) is True,
+           this may be because there are bits in a.  But we only care
+           about bits in a that are also in b.  So we do (a & b) - this
+           will return what we want, which is to return True if any of
+           the bits in b are also in a.
+        */
+                if (op == BITWISE_OP_AND) {
+                    result = ((a & b) == b); /* all the bits in the given value are found in the value from the entry */
+                } else if (op == BITWISE_OP_OR) {
+                    result = (a & b); /* any of the bits in b are also in a */
+                }
+                if (result) {
+                    rc = 0;
+                }
+            }
+        }
     }
     slapi_ch_array_free(ary);
     return rc;
 }
 
 static int
-bitwise_filter_match_and (void* obj, Slapi_Entry* entry, Slapi_Attr* attr)
+bitwise_filter_match_and(void *obj, Slapi_Entry *entry, Slapi_Attr *attr)
 /* returns:  0  filter matched
- *	    -1  filter did not match
- *	    >0  an LDAP error code
+ *        -1  filter did not match
+ *        >0  an LDAP error code
  */
 {
     return internal_bitwise_filter_match(obj, entry, attr, BITWISE_OP_AND);
 }
 
 static int
-bitwise_filter_match_or (void* obj, Slapi_Entry* entry, Slapi_Attr* attr)
+bitwise_filter_match_or(void *obj, Slapi_Entry *entry, Slapi_Attr *attr)
 /* returns:  0  filter matched
- *	    -1  filter did not match
- *	    >0  an LDAP error code
+ *        -1  filter did not match
+ *        >0  an LDAP error code
  */
 {
     return internal_bitwise_filter_match(obj, entry, attr, BITWISE_OP_OR);
 }
 
 static int
-bitwise_filter_create (Slapi_PBlock* pb)
+bitwise_filter_create(Slapi_PBlock *pb)
 {
     auto int rc = LDAP_UNAVAILABLE_CRITICAL_EXTENSION; /* failed to initialize */
-    auto char* mrOID = NULL;
-    auto char* mrTYPE = NULL;
-    auto struct berval* mrVALUE = NULL;
-
-    if (!slapi_pblock_get (pb, SLAPI_PLUGIN_MR_OID, &mrOID) && mrOID != NULL &&
-	!slapi_pblock_get (pb, SLAPI_PLUGIN_MR_TYPE, &mrTYPE) && mrTYPE != NULL &&
-	!slapi_pblock_get (pb, SLAPI_PLUGIN_MR_VALUE, &mrVALUE) && mrVALUE != NULL) {
-
-	struct bitwise_match_cb *bmc = NULL;
-	if (strcmp(mrOID, "1.2.840.113556.1.4.803") == 0) {
-	    slapi_pblock_set (pb, SLAPI_PLUGIN_MR_FILTER_MATCH_FN, (void*)bitwise_filter_match_and);
-	} else if (strcmp(mrOID, "1.2.840.113556.1.4.804") == 0) {
-	    slapi_pblock_set (pb, SLAPI_PLUGIN_MR_FILTER_MATCH_FN, (void*)bitwise_filter_match_or);
-	} else { /* this oid not handled by this plugin */
-	    slapi_log_err(SLAPI_LOG_FILTER, "bitwise_filter_create", "OID (%s) not handled\n", mrOID);
-	    return rc;
-	}
-	bmc = new_bitwise_match_cb(mrTYPE, mrVALUE);
-	slapi_pblock_set (pb, SLAPI_PLUGIN_OBJECT, bmc);
-	slapi_pblock_set (pb, SLAPI_PLUGIN_DESTROY_FN, (void*)bitwise_filter_destroy);
-	rc = LDAP_SUCCESS;
+    auto char *mrOID = NULL;
+    auto char *mrTYPE = NULL;
+    auto struct berval *mrVALUE = NULL;
+
+    if (!slapi_pblock_get(pb, SLAPI_PLUGIN_MR_OID, &mrOID) && mrOID != NULL &&
+        !slapi_pblock_get(pb, SLAPI_PLUGIN_MR_TYPE, &mrTYPE) && mrTYPE != NULL &&
+        !slapi_pblock_get(pb, SLAPI_PLUGIN_MR_VALUE, &mrVALUE) && mrVALUE != NULL) {
+
+        struct bitwise_match_cb *bmc = NULL;
+        if (strcmp(mrOID, "1.2.840.113556.1.4.803") == 0) {
+            slapi_pblock_set(pb, SLAPI_PLUGIN_MR_FILTER_MATCH_FN, (void *)bitwise_filter_match_and);
+        } else if (strcmp(mrOID, "1.2.840.113556.1.4.804") == 0) {
+            slapi_pblock_set(pb, SLAPI_PLUGIN_MR_FILTER_MATCH_FN, (void *)bitwise_filter_match_or);
+        } else { /* this oid not handled by this plugin */
+            slapi_log_err(SLAPI_LOG_FILTER, "bitwise_filter_create", "OID (%s) not handled\n", mrOID);
+            return rc;
+        }
+        bmc = new_bitwise_match_cb(mrTYPE, mrVALUE);
+        slapi_pblock_set(pb, SLAPI_PLUGIN_OBJECT, bmc);
+        slapi_pblock_set(pb, SLAPI_PLUGIN_DESTROY_FN, (void *)bitwise_filter_destroy);
+        rc = LDAP_SUCCESS;
     } else {
-	slapi_log_err(SLAPI_LOG_FILTER, "bitwise_filter_create", "missing parameter(s)\n");
+        slapi_log_err(SLAPI_LOG_FILTER, "bitwise_filter_create", "missing parameter(s)\n");
     }
     slapi_log_err(SLAPI_LOG_FILTER, "bitwise_filter_create", "%i\n", rc);
     return LDAP_SUCCESS;
 }
 
-static Slapi_PluginDesc pdesc = { "bitwise", VENDOR, DS_PACKAGE_VERSION,
-              "bitwise match plugin" };
+static Slapi_PluginDesc pdesc = {"bitwise", VENDOR, DS_PACKAGE_VERSION,
+                                 "bitwise match plugin"};
 
 int /* LDAP error code */
-bitwise_init (Slapi_PBlock* pb)
+    bitwise_init(Slapi_PBlock *pb)
 {
     int rc;
 
-    rc = slapi_pblock_set (pb, SLAPI_PLUGIN_MR_FILTER_CREATE_FN, (void*)bitwise_filter_create);
-    if ( rc == 0 ) {
-	rc = slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION, (void *)&pdesc );
+    rc = slapi_pblock_set(pb, SLAPI_PLUGIN_MR_FILTER_CREATE_FN, (void *)bitwise_filter_create);
+    if (rc == 0) {
+        rc = slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION, (void *)&pdesc);
     }
     slapi_log_err(SLAPI_LOG_FILTER, "bitwise_init", "%i\n", rc);
     return rc;

ldap/servers/plugins/chainingdb/cb.h

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #ifndef CBHFILE
@@ -26,90 +26,90 @@
 
 /* Constants */
 
-#define CB_DIRECTORY_MANAGER_DN		"cn=directory manager"
-#define CB_CHAINING_BACKEND_TYPE  	"chaining database"
-#define CB_PLUGIN_NAME			"chaining database"
-#define CB_PLUGIN_SUBSYSTEM		"chaining database"
-#define CB_PLUGIN_DESCRIPTION		"LDAP chaining backend database plugin"
+#define CB_DIRECTORY_MANAGER_DN "cn=directory manager"
+#define CB_CHAINING_BACKEND_TYPE "chaining database"
+#define CB_PLUGIN_NAME "chaining database"
+#define CB_PLUGIN_SUBSYSTEM "chaining database"
+#define CB_PLUGIN_DESCRIPTION "LDAP chaining backend database plugin"
 
-#define CB_LDAP_SECURE_PORT		636
-#define CB_BUFSIZE			2048
+#define CB_LDAP_SECURE_PORT 636
+#define CB_BUFSIZE 2048
 
 
 /* Macros */
 
-#define CB_LDAP_CONN_ERROR( err ) ( (err) == LDAP_SERVER_DOWN || \
-                                    (err) == LDAP_CONNECT_ERROR )
-#define CB_ASSERT( expr )         PR_ASSERT( expr )
+#define CB_LDAP_CONN_ERROR(err) ((err) == LDAP_SERVER_DOWN || \
+                                 (err) == LDAP_CONNECT_ERROR)
+#define CB_ASSERT(expr) PR_ASSERT(expr)
 
 /* Innosoft chaining extension for loop detection */
 
-#define CB_LDAP_CONTROL_CHAIN_SERVER	"1.3.6.1.4.1.1466.29539.12"
+#define CB_LDAP_CONTROL_CHAIN_SERVER "1.3.6.1.4.1.1466.29539.12"
 
 /* Chaining backend configuration attributes */
 
 /* Monitor entry */
-#define CB_MONITOR_EXTENSIBLEOCL		"extensibleObject"
-#define CB_MONITOR_INSTNAME			"cn"
-#define CB_MONITOR_ADDCOUNT			"nsAddCount"
-#define CB_MONITOR_DELETECOUNT			"nsDeleteCount"
-#define CB_MONITOR_MODIFYCOUNT			"nsModifyCount"
-#define CB_MONITOR_MODRDNCOUNT			"nsRenameCount"
-#define CB_MONITOR_SEARCHBASECOUNT		"nsSearchBaseCount"
-#define CB_MONITOR_SEARCHONELEVELCOUNT		"nsSearchOneLevelCount"
-#define CB_MONITOR_SEARCHSUBTREECOUNT		"nsSearchSubtreeCount"
-#define CB_MONITOR_ABANDONCOUNT			"nsAbandonCount"
-#define CB_MONITOR_BINDCOUNT			"nsBindCount"
-#define CB_MONITOR_UNBINDCOUNT			"nsUnbindCount"
-#define CB_MONITOR_COMPARECOUNT			"nsCompareCount"
-#define CB_MONITOR_OUTGOINGCONN			"nsOpenOpConnectionCount"
-#define CB_MONITOR_OUTGOINGBINDCOUNT		"nsOpenBindConnectionCount"
+#define CB_MONITOR_EXTENSIBLEOCL "extensibleObject"
+#define CB_MONITOR_INSTNAME "cn"
+#define CB_MONITOR_ADDCOUNT "nsAddCount"
+#define CB_MONITOR_DELETECOUNT "nsDeleteCount"
+#define CB_MONITOR_MODIFYCOUNT "nsModifyCount"
+#define CB_MONITOR_MODRDNCOUNT "nsRenameCount"
+#define CB_MONITOR_SEARCHBASECOUNT "nsSearchBaseCount"
+#define CB_MONITOR_SEARCHONELEVELCOUNT "nsSearchOneLevelCount"
+#define CB_MONITOR_SEARCHSUBTREECOUNT "nsSearchSubtreeCount"
+#define CB_MONITOR_ABANDONCOUNT "nsAbandonCount"
+#define CB_MONITOR_BINDCOUNT "nsBindCount"
+#define CB_MONITOR_UNBINDCOUNT "nsUnbindCount"
+#define CB_MONITOR_COMPARECOUNT "nsCompareCount"
+#define CB_MONITOR_OUTGOINGCONN "nsOpenOpConnectionCount"
+#define CB_MONITOR_OUTGOINGBINDCOUNT "nsOpenBindConnectionCount"
 
 /* Global configuration */
-#define CB_CONFIG_GLOBAL_FORWARD_CTRLS		"nsTransmittedControls"
-#define CB_CONFIG_GLOBAL_CHAINING_COMPONENTS	"nsActiveChainingComponents"	
-#define CB_CONFIG_GLOBAL_CHAINABLE_COMPONENTS	"nsPossibleChainingComponents"
+#define CB_CONFIG_GLOBAL_FORWARD_CTRLS "nsTransmittedControls"
+#define CB_CONFIG_GLOBAL_CHAINING_COMPONENTS "nsActiveChainingComponents"
+#define CB_CONFIG_GLOBAL_CHAINABLE_COMPONENTS "nsPossibleChainingComponents"
 /* not documented */
-#define CB_CONFIG_GLOBAL_DEBUG			"nsDebug"
+#define CB_CONFIG_GLOBAL_DEBUG "nsDebug"
 
 
 /* Instance-specific configuration */
-#define CB_CONFIG_CHAINING_COMPONENTS		CB_CONFIG_GLOBAL_CHAINING_COMPONENTS
-#define CB_CONFIG_EXTENSIBLEOCL			"extensibleObject"
+#define CB_CONFIG_CHAINING_COMPONENTS CB_CONFIG_GLOBAL_CHAINING_COMPONENTS
+#define CB_CONFIG_EXTENSIBLEOCL "extensibleObject"
 /* XXXSD to be changed */
-#define CB_CONFIG_INSTANCE_FILTER		"(objectclass=nsBackendInstance)"
-#define CB_CONFIG_INSTNAME			"cn"
-#define CB_CONFIG_SUFFIX			"nsslapd-suffix"
-#define CB_CONFIG_SIZELIMIT			"nsslapd-sizelimit"
-#define CB_CONFIG_TIMELIMIT			"nsslapd-timelimit"
-#define CB_CONFIG_HOSTURL			"nsFarmServerURL"
-#define CB_CONFIG_STARTTLS			"nsUseStartTLS"
-
-#define CB_CONFIG_BINDUSER			"nsMultiplexorBindDn"	
-#define CB_CONFIG_BINDMECH			"nsBindMechanism"
-#define CB_CONFIG_USERPASSWORD			"nsMultiplexorCredentials"	
-#define CB_CONFIG_MAXBINDCONNECTIONS		"nsBindConnectionsLimit"
-#define CB_CONFIG_MAXCONNECTIONS		"nsOperationConnectionsLimit"
-#define CB_CONFIG_MAXCONCURRENCY		"nsConcurrentOperationsLimit"
-#define CB_CONFIG_MAXBINDCONCURRENCY		"nsConcurrentBindLimit"
-
-#define CB_CONFIG_IMPERSONATION			"nsProxiedAuthorization"
-
-#define CB_CONFIG_BINDTIMEOUT			"nsBindTimeout"
-#define CB_CONFIG_TIMEOUT			"nsOperationTimeout"
-#define CB_CONFIG_MAX_IDLE_TIME			"nsMaxResponseDelay"
-#define CB_CONFIG_MAX_TEST_TIME			"nsMaxTestResponseDelay"
-
-#define CB_CONFIG_REFERRAL			"nsReferralOnScopedSearch"
-
-#define CB_CONFIG_CONNLIFETIME			"nsConnectionLife"
-#define CB_CONFIG_ABANDONTIMEOUT		"nsAbandonedSearchCheckInterval "
-#define CB_CONFIG_BINDRETRY			"nsBindRetryLimit"
-#define CB_CONFIG_LOCALACL			"nsCheckLocalACI"
-#define CB_CONFIG_HOPLIMIT			"nsHopLimit"
+#define CB_CONFIG_INSTANCE_FILTER "(objectclass=nsBackendInstance)"
+#define CB_CONFIG_INSTNAME "cn"
+#define CB_CONFIG_SUFFIX "nsslapd-suffix"
+#define CB_CONFIG_SIZELIMIT "nsslapd-sizelimit"
+#define CB_CONFIG_TIMELIMIT "nsslapd-timelimit"
+#define CB_CONFIG_HOSTURL "nsFarmServerURL"
+#define CB_CONFIG_STARTTLS "nsUseStartTLS"
+
+#define CB_CONFIG_BINDUSER "nsMultiplexorBindDn"
+#define CB_CONFIG_BINDMECH "nsBindMechanism"
+#define CB_CONFIG_USERPASSWORD "nsMultiplexorCredentials"
+#define CB_CONFIG_MAXBINDCONNECTIONS "nsBindConnectionsLimit"
+#define CB_CONFIG_MAXCONNECTIONS "nsOperationConnectionsLimit"
+#define CB_CONFIG_MAXCONCURRENCY "nsConcurrentOperationsLimit"
+#define CB_CONFIG_MAXBINDCONCURRENCY "nsConcurrentBindLimit"
+
+#define CB_CONFIG_IMPERSONATION "nsProxiedAuthorization"
+
+#define CB_CONFIG_BINDTIMEOUT "nsBindTimeout"
+#define CB_CONFIG_TIMEOUT "nsOperationTimeout"
+#define CB_CONFIG_MAX_IDLE_TIME "nsMaxResponseDelay"
+#define CB_CONFIG_MAX_TEST_TIME "nsMaxTestResponseDelay"
+
+#define CB_CONFIG_REFERRAL "nsReferralOnScopedSearch"
+
+#define CB_CONFIG_CONNLIFETIME "nsConnectionLife"
+#define CB_CONFIG_ABANDONTIMEOUT "nsAbandonedSearchCheckInterval "
+#define CB_CONFIG_BINDRETRY "nsBindRetryLimit"
+#define CB_CONFIG_LOCALACL "nsCheckLocalACI"
+#define CB_CONFIG_HOPLIMIT "nsHopLimit"
 
 /* not documented */
-#define CB_CONFIG_ILLEGAL_ATTRS			"nsServerDefinedAttributes"
+#define CB_CONFIG_ILLEGAL_ATTRS "nsServerDefinedAttributes"
 
 /* Default configuration values (as string) */
 
@@ -118,41 +118,42 @@
  * Reduced CB_DEF_MAXCONCURRENCY to 2 to workaround bug 623793 -
  * err=1 in accesslogs and ber parsing errors in errors logs.
  */
-#define CB_DEF_MAXCONNECTIONS			"20" 	/* CB_CONFIG_MAXCONNECTIONS */
-#define CB_DEF_MAXCONCURRENCY			"2"	/* CB_CONFIG_MAXCONCURRENCY */
-#define CB_DEF_BIND_MAXCONNECTIONS		"3"	/* CB_CONFIG_MAXBINDCONNECTIONS */
-#define CB_DEF_BIND_MAXCONCURRENCY		"10"	/* CB_CONFIG_MAXBINDCONCURRENCY */
-#define CB_DEF_BINDTIMEOUT			"15"	/* CB_CONFIG_BINDTIMEOUT */
-#define CB_DEF_CONNLIFETIME			"0"	/* CB_CONFIG_CONNLIFETIME */
-#define CB_DEF_IMPERSONATION			"on"	/* CB_CONFIG_IMPERSONATION */
-#define CB_DEF_SEARCHREFERRAL			"off"	/* CB_CONFIG_REFERRAL */
-#define CB_DEF_ABANDON_TIMEOUT			"1"	/* CB_CONFIG_ABANDONTIMEOUT */
-#define CB_DEF_BINDRETRY			"3"	/* CB_CONFIG_BINDRETRY */
-#define CB_DEF_LOCALACL				"off"	/* CB_CONFIG_LOCALACL */
-#define CB_DEF_TIMELIMIT			"3600"
-#define CB_DEF_SIZELIMIT			"2000"
-#define CB_DEF_HOPLIMIT				"10"	/* CB_CONFIG_HOPLIMIT */
-#define CB_DEF_MAX_IDLE_TIME			"60"	/* CB_CONFIG_MAX_IDLE_TIME */
-#define CB_DEF_MAX_TEST_TIME			"15"	/* CB_CONFIG_MAX_TEST_TIME */
-#define CB_DEF_STARTTLS			"off"	/* CB_CONFIG_STARTTLS */
-#define CB_DEF_BINDMECH			LDAP_SASL_SIMPLE	/* CB_CONFIG_BINDMECH */
-
-#define CB_SIMPLE_BINDMECH			"SIMPLE" /* will be translated to LDAP_SASL_SIMPLE */
+#define CB_DEF_MAXCONNECTIONS "20"      /* CB_CONFIG_MAXCONNECTIONS */
+#define CB_DEF_MAXCONCURRENCY "2"       /* CB_CONFIG_MAXCONCURRENCY */
+#define CB_DEF_BIND_MAXCONNECTIONS "3"  /* CB_CONFIG_MAXBINDCONNECTIONS */
+#define CB_DEF_BIND_MAXCONCURRENCY "10" /* CB_CONFIG_MAXBINDCONCURRENCY */
+#define CB_DEF_BINDTIMEOUT "15"         /* CB_CONFIG_BINDTIMEOUT */
+#define CB_DEF_CONNLIFETIME "0"         /* CB_CONFIG_CONNLIFETIME */
+#define CB_DEF_IMPERSONATION "on"       /* CB_CONFIG_IMPERSONATION */
+#define CB_DEF_SEARCHREFERRAL "off"     /* CB_CONFIG_REFERRAL */
+#define CB_DEF_ABANDON_TIMEOUT "1"      /* CB_CONFIG_ABANDONTIMEOUT */
+#define CB_DEF_BINDRETRY "3"            /* CB_CONFIG_BINDRETRY */
+#define CB_DEF_LOCALACL "off"           /* CB_CONFIG_LOCALACL */
+#define CB_DEF_TIMELIMIT "3600"
+#define CB_DEF_SIZELIMIT "2000"
+#define CB_DEF_HOPLIMIT "10"             /* CB_CONFIG_HOPLIMIT */
+#define CB_DEF_MAX_IDLE_TIME "60"        /* CB_CONFIG_MAX_IDLE_TIME */
+#define CB_DEF_MAX_TEST_TIME "15"        /* CB_CONFIG_MAX_TEST_TIME */
+#define CB_DEF_STARTTLS "off"            /* CB_CONFIG_STARTTLS */
+#define CB_DEF_BINDMECH LDAP_SASL_SIMPLE /* CB_CONFIG_BINDMECH */
+
+#define CB_SIMPLE_BINDMECH "SIMPLE" /* will be translated to LDAP_SASL_SIMPLE */
 
 typedef void *cb_config_get_fn_t(void *arg);
 typedef int cb_config_set_fn_t(void *arg, void *value, char *errorbuf, int phase, int apply);
-typedef struct _cb_instance_config_info {
-        char *config_name;
-        int config_type;
-        char *config_default_value;
-        cb_config_get_fn_t *config_get_fn;
-        cb_config_set_fn_t *config_set_fn;
-        int config_flags;
+typedef struct _cb_instance_config_info
+{
+    char *config_name;
+    int config_type;
+    char *config_default_value;
+    cb_config_get_fn_t *config_get_fn;
+    cb_config_set_fn_t *config_set_fn;
+    int config_flags;
 } cb_instance_config_info;
- 
+
 #define CB_CONFIG_TYPE_ONOFF 1     /* val = (int) value */
-#define CB_CONFIG_TYPE_STRING 2    /* val = (char *) value - The get functions
-                                 * for this type must return alloced memory
+#define CB_CONFIG_TYPE_STRING 2    /* val = (char *) value - The get functions \
+                                 * for this type must return alloced memory    \
                                  * that should be freed by the caller. */
 #define CB_CONFIG_TYPE_INT 3       /* val = (int) value */
 #define CB_CONFIG_TYPE_LONG 4      /* val = (long) value */
@@ -165,314 +166,312 @@ typedef struct _cb_instance_config_info {
 #define CB_CONFIG_PHASE_INTERNAL 4
 
 /*jarnou: default amount of time in seconds during wich the chaining backend will be unavailable */
-#define CB_UNAVAILABLE_PERIOD			30 /* CB_CONFIG_UNAVAILABLE_PERIOD */
-#define CB_INFINITE_TIME                        360000 /* must be enough ... */
+#define CB_UNAVAILABLE_PERIOD 30 /* CB_CONFIG_UNAVAILABLE_PERIOD */
+#define CB_INFINITE_TIME 360000  /* must be enough ... */
 /*jarnou: default number of connections failed from which the farm is declared unavailable  */
-#define CB_NUM_CONN_BEFORE_UNAVAILABILITY	1 
-#define FARMSERVER_UNAVAILABLE			1
-#define FARMSERVER_AVAILABLE			0
+#define CB_NUM_CONN_BEFORE_UNAVAILABILITY 1
+#define FARMSERVER_UNAVAILABLE 1
+#define FARMSERVER_AVAILABLE 0
 
 /* Internal data structures */
 
 /* cb_backend represents the chaining backend type. */
 /* Only one instance is created when the plugin is  */
-/* loaded. Contain global conf			    */
-typedef struct _cb_backend {
+/* loaded. Contain global conf                */
+typedef struct _cb_backend
+{
 
-	/*
-	** keep track of plugin identity.
-	** Used for internal operations
-	*/
+    /*
+    ** keep track of plugin identity.
+    ** Used for internal operations
+    */
 
-	void 		*identity;
-	char *		pluginDN;
-	char *		configDN;
+    void *identity;
+    char *pluginDN;
+    char *configDN;
 
- 	/*
-	** There are times when we need a pointer to the chaining database
+    /*
+    ** There are times when we need a pointer to the chaining database
         ** plugin, so we will store a pointer to it here.  Examples of
         ** when we need it are when we create a new instance and when
         ** we need the name of the plugin to do internal ops.
-	*/
-	
-        struct slapdplugin      *plugin;
-
-	/*
-	** Global config. shared by all chaining db instances 
-	*/
-
-	struct {
-		char ** forward_ctrls;		/* List of forwardable controls    */
-		char ** chaining_components;	/* List of plugins that chains	   */
-		char ** chainable_components;	/* List of plugins allowed to chain*/
-						/* internal operations.            */
-		Slapi_RWLock *rwl_config_lock;	/* Protect the global config	   */
-	} config;
-
-	int started;				/* TRUE when started		   */
-	
+    */
+
+    struct slapdplugin *plugin;
+
+    /*
+    ** Global config. shared by all chaining db instances
+    */
+
+    struct
+    {
+        char **forward_ctrls;          /* List of forwardable controls    */
+        char **chaining_components;    /* List of plugins that chains       */
+        char **chainable_components;   /* List of plugins allowed to chain*/
+                                       /* internal operations.            */
+        Slapi_RWLock *rwl_config_lock; /* Protect the global config       */
+    } config;
+
+    int started; /* TRUE when started           */
+
 } cb_backend;
 
 
 /* Connection management */
 
 /* states */
-#define CB_CONNSTATUS_OK		1	/* Open */
-#define CB_CONNSTATUS_DOWN		2	/* Down */
-#define CB_CONNSTATUS_STALE		3	
+#define CB_CONNSTATUS_OK 1   /* Open */
+#define CB_CONNSTATUS_DOWN 2 /* Down */
+#define CB_CONNSTATUS_STALE 3
 
-#define ENABLE_MULTITHREAD_PER_CONN 1	/* to allow multiple threads to perform LDAP operations on a connection */
-#define DISABLE_MULTITHREAD_PER_CONN 0	/* to allow only one thread to perform LDAP operations on a connection */
+#define ENABLE_MULTITHREAD_PER_CONN 1  /* to allow multiple threads to perform LDAP operations on a connection */
+#define DISABLE_MULTITHREAD_PER_CONN 0 /* to allow only one thread to perform LDAP operations on a connection */
 
 /**************  WARNING: Be careful if you want to change this constant. It is used in hexadecimal in cb_conn_stateless.c in the function PR_ThreadSelf() ************/
 #define MAX_CONN_ARRAY 2048 /* we suppose the number of threads in the server not to exceed this limit*/
 /**********************************************************************************************************/
-typedef struct _cb_outgoing_conn{
-	LDAP 				*ld;
-	unsigned long			refcount;
-	struct _cb_outgoing_conn 	*next;
-	time_t				opentime;
-	int 				status;
-        int                             ThreadId ; /* usefull to identify the thread when SSL is enabled */
+typedef struct _cb_outgoing_conn
+{
+    LDAP *ld;
+    unsigned long refcount;
+    struct _cb_outgoing_conn *next;
+    time_t opentime;
+    int status;
+    int ThreadId; /* usefull to identify the thread when SSL is enabled */
 } cb_outgoing_conn;
 
-typedef struct  {
-	char 		*hostname;	/* Farm server name */
-	char 		*url;
-	unsigned int 	port;
-	int 		secure;	
-	char 		*binddn;	/* normalized */
-	char 		*binddn2;	/* not normalized, value returned to the client */
-	char 		*password;
-	int 		bindit;		/* If true, open AND bind */
-	char 		** waste_basket; /* stale char *   */
-
-	struct {
-		unsigned int 		maxconnections;
-		unsigned int 		maxconcurrency;
-		unsigned int 		connlifetime;
-		struct timeval 		op_timeout;
-		struct timeval 		bind_timeout;
-
-		Slapi_Mutex		*conn_list_mutex;
-		Slapi_CondVar		*conn_list_cv;
-		cb_outgoing_conn 	*conn_list;
-		unsigned int 		conn_list_count;
-
-	} conn;
-
-	cb_outgoing_conn  *connarray[MAX_CONN_ARRAY]; /* array of secure connections */
-
-	/* To protect the config set by LDAP */
-	Slapi_RWLock	* rwl_config_lock;
-	int		starttls; /* use starttls with connection */
-	char		*mech; /* plain, external, or a sasl mech */
+typedef struct
+{
+    char *hostname; /* Farm server name */
+    char *url;
+    unsigned int port;
+    int secure;
+    char *binddn;  /* normalized */
+    char *binddn2; /* not normalized, value returned to the client */
+    char *password;
+    int bindit;          /* If true, open AND bind */
+    char **waste_basket; /* stale char *   */
+
+    struct
+    {
+        unsigned int maxconnections;
+        unsigned int maxconcurrency;
+        unsigned int connlifetime;
+        struct timeval op_timeout;
+        struct timeval bind_timeout;
+
+        Slapi_Mutex *conn_list_mutex;
+        Slapi_CondVar *conn_list_cv;
+        cb_outgoing_conn *conn_list;
+        unsigned int conn_list_count;
+
+    } conn;
+
+    cb_outgoing_conn *connarray[MAX_CONN_ARRAY]; /* array of secure connections */
+
+    /* To protect the config set by LDAP */
+    Slapi_RWLock *rwl_config_lock;
+    int starttls; /* use starttls with connection */
+    char *mech;   /* plain, external, or a sasl mech */
 } cb_conn_pool;
 
 
 /* _cb_backend_instance represents a instance of the chaining */
-/* backend.						      */
-
-typedef struct _cb_backend_instance {
-	
-	char 			*inst_name;		/* Unique name */
-	Slapi_Backend		*inst_be;		/* Slapi_Bakedn associated with it */
-	cb_backend		*backend_type;		/* pointer to the backend type */
-
-	/* configuration */
-
-	Slapi_RWLock		*rwl_config_lock;	/* protect the config */
-	char 			*configDn;		/* config entry dn */
-	char 			*monitorDn;		/* monitor entry dn */
-	int 		  	local_acl;		/* True if local acl evaluation */
-	/* sometimes a chaining backend may be associated with a local backend
-	   1) The chaining backend is the backend of a sub suffix, and the
-	      parent suffix has a local backend
-	   2) Entry distribution is being used to distribute write operations to
+/* backend.                              */
+
+typedef struct _cb_backend_instance
+{
+
+    char *inst_name;          /* Unique name */
+    Slapi_Backend *inst_be;   /* Slapi_Bakedn associated with it */
+    cb_backend *backend_type; /* pointer to the backend type */
+
+    /* configuration */
+
+    Slapi_RWLock *rwl_config_lock; /* protect the config */
+    char *configDn;                /* config entry dn */
+    char *monitorDn;               /* monitor entry dn */
+    int local_acl;                 /* True if local acl evaluation */
+    /* sometimes a chaining backend may be associated with a local backend
+       1) The chaining backend is the backend of a sub suffix, and the
+          parent suffix has a local backend
+       2) Entry distribution is being used to distribute write operations to
           a chaining backend and other operations to a local backend
-		  (e.g. a replication hub or consumer)
-	   If the associated local backend is being initialized (import), it will be
-	   disabled, and it will be impossible to evaluate local acls.  In this case,
-	   we still want to be able to chain operations to a farm server or another
-	   database chain.  But the current code will not allow cascading without
-	   local acl evaluation (cb_controls.c).  The following variable allows us to relax that
-	   restriction while the associated backend is disabled
-	*/
-	int             associated_be_is_disabled; /* true if associated backend is disabled */
-	int 		  	isconfigured;		/* True when valid config entry */
-	int 			impersonate;		/* TRUE to impersonate users */
-	int 			searchreferral;		/* TRUE to return referral for scoped searches */
-	int 			bind_retry;
-	struct timeval		abandon_timeout;	/* check for abandoned op periodically */
-	struct timeval  	op_timeout;
-	char 			**url_array;		/* list of urls to farm servers */
-        char 			**chaining_components;  /* List of plugins using chaining  */
-	char 			**illegal_attributes;	/* Attributes not forwarded */
-	char 			**every_attribute;	/* attr list to get every attr, including op attrs */
-	int			sizelimit;
-	int			timelimit;
-	int			hoplimit;
-	int 			max_idle_time;		/* how long we wait before pinging the farm server */
-	int 			max_test_time;		/* how long we wait during ping */
-
-	cb_conn_pool 		*pool;			/* Operation cnx pool */
-	cb_conn_pool 		*bind_pool;		/* Bind cnx pool */
-
-	Slapi_Eq_Context	eq_ctx;			/* Use to identify the function put in the queue */
-
-	/* Monitoring */
-
-	struct {
-		Slapi_Mutex		*mutex;
-		unsigned 		long addcount;
-		unsigned 		long deletecount;
-		unsigned 		long modifycount;
-		unsigned 		long modrdncount;
-		unsigned 		long searchbasecount;
-		unsigned 		long searchonelevelcount;
-		unsigned 		long searchsubtreecount;
-		unsigned 		long abandoncount;
-		unsigned 		long bindcount;
-		unsigned 		long unbindcount;
-		unsigned 		long comparecount;
-	} monitor;
-
-	/* Monitoring the chaining BE availability */
-	/* Principle: as soon as we detect an abnormal pb with an ldap operation, and we close the connection
-	or if we can't open a connection, we increment a counter (cpt). This counter represents the number of
-	continuously pbs we can notice. Before forwarding an LDAP operation, wether the farmserver is available or not,
-	through the value of the counter. If the farmserver is not available, we just return an error msg to the client */
-
-	struct {
-		int		unavailable_period  ;		/* how long we wait as soon as the farm is declared unavailable */
-		int		max_num_conn_failed ;	/* max number of consecutive failed/aborted connections before we declared the farm as unreachable */
-		time_t          unavailableTimeLimit ;		/* time from which the chaining BE becomes available */
-		int		farmserver_state ;			/* FARMSERVER_AVAILABLE if the chaining is available, FARMSERVER_UNAVAILABLE else */
-		int		cpt ;						/* count the number of consecutive failed/aborted connexions */
-		Slapi_Mutex	*cpt_lock ;					/* lock to protect the counter cpt */
-	        Slapi_Mutex     *lock_timeLimit ;               /* lock to protect the unavailableTimeLimit variable*/
-	} monitor_availability;
-
-		
+          (e.g. a replication hub or consumer)
+       If the associated local backend is being initialized (import), it will be
+       disabled, and it will be impossible to evaluate local acls.  In this case,
+       we still want to be able to chain operations to a farm server or another
+       database chain.  But the current code will not allow cascading without
+       local acl evaluation (cb_controls.c).  The following variable allows us to relax that
+       restriction while the associated backend is disabled
+    */
+    int associated_be_is_disabled; /* true if associated backend is disabled */
+    int isconfigured;              /* True when valid config entry */
+    int impersonate;               /* TRUE to impersonate users */
+    int searchreferral;            /* TRUE to return referral for scoped searches */
+    int bind_retry;
+    struct timeval abandon_timeout; /* check for abandoned op periodically */
+    struct timeval op_timeout;
+    char **url_array;           /* list of urls to farm servers */
+    char **chaining_components; /* List of plugins using chaining  */
+    char **illegal_attributes;  /* Attributes not forwarded */
+    char **every_attribute;     /* attr list to get every attr, including op attrs */
+    int sizelimit;
+    int timelimit;
+    int hoplimit;
+    int max_idle_time; /* how long we wait before pinging the farm server */
+    int max_test_time; /* how long we wait during ping */
+
+    cb_conn_pool *pool;      /* Operation cnx pool */
+    cb_conn_pool *bind_pool; /* Bind cnx pool */
+
+    Slapi_Eq_Context eq_ctx; /* Use to identify the function put in the queue */
+
+    /* Monitoring */
+
+    struct
+    {
+        Slapi_Mutex *mutex;
+        unsigned long addcount;
+        unsigned long deletecount;
+        unsigned long modifycount;
+        unsigned long modrdncount;
+        unsigned long searchbasecount;
+        unsigned long searchonelevelcount;
+        unsigned long searchsubtreecount;
+        unsigned long abandoncount;
+        unsigned long bindcount;
+        unsigned long unbindcount;
+        unsigned long comparecount;
+    } monitor;
+
+    /* Monitoring the chaining BE availability */
+    /* Principle: as soon as we detect an abnormal pb with an ldap operation, and we close the connection
+    or if we can't open a connection, we increment a counter (cpt). This counter represents the number of
+    continuously pbs we can notice. Before forwarding an LDAP operation, wether the farmserver is available or not,
+    through the value of the counter. If the farmserver is not available, we just return an error msg to the client */
+
+    struct
+    {
+        int unavailable_period;      /* how long we wait as soon as the farm is declared unavailable */
+        int max_num_conn_failed;     /* max number of consecutive failed/aborted connections before we declared the farm as unreachable */
+        time_t unavailableTimeLimit; /* time from which the chaining BE becomes available */
+        int farmserver_state;        /* FARMSERVER_AVAILABLE if the chaining is available, FARMSERVER_UNAVAILABLE else */
+        int cpt;                     /* count the number of consecutive failed/aborted connexions */
+        Slapi_Mutex *cpt_lock;       /* lock to protect the counter cpt */
+        Slapi_Mutex *lock_timeLimit; /* lock to protect the unavailableTimeLimit variable*/
+    } monitor_availability;
+
+
 } cb_backend_instance;
 
 /* Data structure for the search operation to carry candidates */
 
-#define CB_SEARCHCONTEXT_ENTRY 	2
-
-typedef struct _cb_searchContext {
-        int 		type;
-	void 		*data;
-	int		msgid;
-	LDAP 		*ld;
-	cb_outgoing_conn	*cnx;
-	Slapi_Entry	*tobefreed;
-	LDAPMessage	*pending_result;
-	int 		pending_result_type;
-	Slapi_Entry	*readahead;
+#define CB_SEARCHCONTEXT_ENTRY 2
+
+typedef struct _cb_searchContext
+{
+    int type;
+    void *data;
+    int msgid;
+    LDAP *ld;
+    cb_outgoing_conn *cnx;
+    Slapi_Entry *tobefreed;
+    LDAPMessage *pending_result;
+    int pending_result_type;
+    Slapi_Entry *readahead;
 } cb_searchContext;
 
-#define CB_REOPEN_CONN		-1968	/* Different from any LDAP_XXX errors */
+#define CB_REOPEN_CONN -1968 /* Different from any LDAP_XXX errors */
 
 /* Forward declarations */
 
 /* for ctrl_flags on cb_update_controls */
-#define CB_UPDATE_CONTROLS_ADDAUTH   1
+#define CB_UPDATE_CONTROLS_ADDAUTH 1
 #define CB_UPDATE_CONTROLS_ISABANDON 2
 
 
-int cb_get_connection(cb_conn_pool * pool, LDAP ** ld, cb_outgoing_conn ** cnx, struct timespec *expire_time, char **errmsg);
-int cb_config(cb_backend_instance * cb, int argc, char ** argv );
-int cb_update_controls( Slapi_PBlock *pb, LDAP * ld, LDAPControl *** controls, int ctrl_flags);
-int cb_is_control_forwardable(cb_backend * cb, char *controloid);
-int cb_access_allowed (Slapi_PBlock *pb,Slapi_Entry *e,char *type,struct berval * bval, int op, char ** buf);
-int cb_forward_operation(Slapi_PBlock * op);
-int cb_parse_instance_config_entry(cb_backend * cb, Slapi_Entry * e);
-int cb_abandon_connection(cb_backend_instance * cb, Slapi_PBlock * pb, LDAP ** ld);
+int cb_get_connection(cb_conn_pool *pool, LDAP **ld, cb_outgoing_conn **cnx, struct timespec *expire_time, char **errmsg);
+int cb_config(cb_backend_instance *cb, int argc, char **argv);
+int cb_update_controls(Slapi_PBlock *pb, LDAP *ld, LDAPControl ***controls, int ctrl_flags);
+int cb_is_control_forwardable(cb_backend *cb, char *controloid);
+int cb_access_allowed(Slapi_PBlock *pb, Slapi_Entry *e, char *type, struct berval *bval, int op, char **buf);
+int cb_forward_operation(Slapi_PBlock *op);
+int cb_parse_instance_config_entry(cb_backend *cb, Slapi_Entry *e);
+int cb_abandon_connection(cb_backend_instance *cb, Slapi_PBlock *pb, LDAP **ld);
 int cb_atoi(char *str);
-int cb_check_forward_abandon(cb_backend_instance * cb,Slapi_PBlock * pb, LDAP * ld, int msgid );
-int cb_search_monitor_callback(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *e2, int *ret, char *t,void *a);
-int cb_config_load_dse_info(Slapi_PBlock * pb);
+int cb_check_forward_abandon(cb_backend_instance *cb, Slapi_PBlock *pb, LDAP *ld, int msgid);
+int cb_search_monitor_callback(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *e2, int *ret, char *t, void *a);
+int cb_config_load_dse_info(Slapi_PBlock *pb);
 int cb_config_add_dse_entries(cb_backend *cb, char **entries, char *string1, char *string2, char *string3);
 int cb_add_suffix(cb_backend_instance *inst, struct berval **bvals, int apply_mod, char *returntext);
-int cb_create_default_backend_instance_config(cb_backend * cb);
-int cb_build_backend_instance_config(cb_backend_instance *inst, Slapi_Entry * conf,int apply);
-int cb_instance_delete_config_callback(Slapi_PBlock *pb, Slapi_Entry* e, Slapi_Entry* e2,
-       int *returncode, char *returntext, void *arg);
-int cb_instance_search_config_callback(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e,
-        int *returncode, char *returntext, void *arg);
-int cb_instance_add_config_callback(Slapi_PBlock *pb, Slapi_Entry* e, Slapi_Entry* e2,
-       int *returncode, char *returntext, void *arg);
-int cb_instance_modify_config_callback(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e,
-        int *returncode, char *returntext, void *arg);
-int cb_dont_allow_that(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e,
-        int *returncode, char *returntext, void *arg);
-int cb_config_search_callback(Slapi_PBlock *pb, Slapi_Entry* e1, Slapi_Entry* e2, int *returncode,
-        char *returntext, void *arg);
-int cb_config_add_callback(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e, int *returncode, char *returntext, void *arg);
-int cb_config_delete_instance_callback(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e, int *returncode, char *returntext, void *arg);
-int cb_config_modify_callback(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e, int *returncode, char *returntext, void *arg);
-int cb_config_add_instance_callback(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e, int *returncode, char *returntext, void *arg);
-int cb_delete_monitor_callback(Slapi_PBlock * pb, Slapi_Entry * e, Slapi_Entry * entryAfter, int * returnCode, char * returnText, void * arg);
-int cb_config_add_check_callback(Slapi_PBlock *pb, Slapi_Entry* e, Slapi_Entry* e2, int *returncode,
-        char *returntext, void *arg);
-int cb_instance_add_config_check_callback(Slapi_PBlock *pb, Slapi_Entry* e, Slapi_Entry* e2,
-       int *returncode, char *returntext, void *arg);
-int cb_config_modify_check_callback(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e, int *returncode,
-        char *returntext, void *arg);
-
-void cb_eliminate_illegal_attributes(cb_backend_instance * inst, Slapi_Entry * e);
-void cb_release_op_connection(cb_conn_pool * pool, LDAP *ldd, int dispose);
-void cb_register_supported_control( cb_backend * cb, char *controloid, unsigned long controlops );
-void cb_unregister_all_supported_control( cb_backend * cb );
-void cb_register_supported_control( cb_backend * cb, char *controloid, unsigned long controlops );
-void cb_unregister_supported_control( cb_backend * cb, char *controloid, unsigned long controlops );
+int cb_create_default_backend_instance_config(cb_backend *cb);
+int cb_build_backend_instance_config(cb_backend_instance *inst, Slapi_Entry *conf, int apply);
+int cb_instance_delete_config_callback(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *e2, int *returncode, char *returntext, void *arg);
+int cb_instance_search_config_callback(Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry *e, int *returncode, char *returntext, void *arg);
+int cb_instance_add_config_callback(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *e2, int *returncode, char *returntext, void *arg);
+int cb_instance_modify_config_callback(Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry *e, int *returncode, char *returntext, void *arg);
+int cb_dont_allow_that(Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry *e, int *returncode, char *returntext, void *arg);
+int cb_config_search_callback(Slapi_PBlock *pb, Slapi_Entry *e1, Slapi_Entry *e2, int *returncode, char *returntext, void *arg);
+int cb_config_add_callback(Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry *e, int *returncode, char *returntext, void *arg);
+int cb_config_delete_instance_callback(Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry *e, int *returncode, char *returntext, void *arg);
+int cb_config_modify_callback(Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry *e, int *returncode, char *returntext, void *arg);
+int cb_config_add_instance_callback(Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry *e, int *returncode, char *returntext, void *arg);
+int cb_delete_monitor_callback(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *entryAfter, int *returnCode, char *returnText, void *arg);
+int cb_config_add_check_callback(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *e2, int *returncode, char *returntext, void *arg);
+int cb_instance_add_config_check_callback(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *e2, int *returncode, char *returntext, void *arg);
+int cb_config_modify_check_callback(Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry *e, int *returncode, char *returntext, void *arg);
+
+void cb_eliminate_illegal_attributes(cb_backend_instance *inst, Slapi_Entry *e);
+void cb_release_op_connection(cb_conn_pool *pool, LDAP *ldd, int dispose);
+void cb_register_supported_control(cb_backend *cb, char *controloid, unsigned long controlops);
+void cb_unregister_all_supported_control(cb_backend *cb);
+void cb_register_supported_control(cb_backend *cb, char *controloid, unsigned long controlops);
+void cb_unregister_supported_control(cb_backend *cb, char *controloid, unsigned long controlops);
 void cb_set_acl_policy(Slapi_PBlock *pb);
-void cb_close_conn_pool(cb_conn_pool * pool);
-void cb_update_monitor_info(Slapi_PBlock * pb, cb_backend_instance * inst,int op);
-void cb_send_ldap_result(Slapi_PBlock *pb, int err, char *m,char *t, int ne, struct berval **urls );
-void cb_stale_all_connections( cb_backend_instance * be);
-int cb_config_add_instance_check_callback(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e,
-        int *returncode, char *returntext, void *arg);
-int cb_instance_modify_config_check_callback(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e,
-        int *returncode, char *returntext, void *arg);
-
-
-int chaining_back_add 	( Slapi_PBlock *pb );
-int chaining_back_delete ( Slapi_PBlock *pb );
-int chaining_back_compare ( Slapi_PBlock *pb );
-int chaining_back_modify ( Slapi_PBlock *pb );
-int chaining_back_modrdn ( Slapi_PBlock *pb );
-int chaining_back_abandon ( Slapi_PBlock *pb );
-int chaining_back_entry_release ( Slapi_PBlock *pb );
-int chainingdb_next_search_entry( Slapi_PBlock *pb );
-int chainingdb_build_candidate_list ( Slapi_PBlock *pb );
-int chainingdb_start (Slapi_PBlock *pb );
-int chainingdb_bind (Slapi_PBlock *pb );
-int cb_db_size (Slapi_PBlock *pb );
-int cb_back_close (Slapi_PBlock *pb );
-int cb_back_cleanup (Slapi_PBlock *pb );
-void chaining_back_search_results_release( void **sr );
-void chainingdb_prev_search_results ( Slapi_PBlock *pb );
+void cb_close_conn_pool(cb_conn_pool *pool);
+void cb_update_monitor_info(Slapi_PBlock *pb, cb_backend_instance *inst, int op);
+void cb_send_ldap_result(Slapi_PBlock *pb, int err, char *m, char *t, int ne, struct berval **urls);
+void cb_stale_all_connections(cb_backend_instance *be);
+int cb_config_add_instance_check_callback(Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry *e, int *returncode, char *returntext, void *arg);
+int cb_instance_modify_config_check_callback(Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry *e, int *returncode, char *returntext, void *arg);
+
+
+int chaining_back_add(Slapi_PBlock *pb);
+int chaining_back_delete(Slapi_PBlock *pb);
+int chaining_back_compare(Slapi_PBlock *pb);
+int chaining_back_modify(Slapi_PBlock *pb);
+int chaining_back_modrdn(Slapi_PBlock *pb);
+int chaining_back_abandon(Slapi_PBlock *pb);
+int chaining_back_entry_release(Slapi_PBlock *pb);
+int chainingdb_next_search_entry(Slapi_PBlock *pb);
+int chainingdb_build_candidate_list(Slapi_PBlock *pb);
+int chainingdb_start(Slapi_PBlock *pb);
+int chainingdb_bind(Slapi_PBlock *pb);
+int cb_db_size(Slapi_PBlock *pb);
+int cb_back_close(Slapi_PBlock *pb);
+int cb_back_cleanup(Slapi_PBlock *pb);
+void chaining_back_search_results_release(void **sr);
+void chainingdb_prev_search_results(Slapi_PBlock *pb);
 
 long cb_atol(char *str);
 
-Slapi_Entry * cb_LDAPMessage2Entry(LDAP * ctx, LDAPMessage * msg, int attrsonly);
-char * cb_get_rootdn(void);
-struct berval ** referrals2berval(char ** referrals);
-cb_backend_instance * cb_get_instance(Slapi_Backend * be);
-cb_backend * cb_get_backend_type(void);
+Slapi_Entry *cb_LDAPMessage2Entry(LDAP *ctx, LDAPMessage *msg, int attrsonly);
+char *cb_get_rootdn(void);
+struct berval **referrals2berval(char **referrals);
+cb_backend_instance *cb_get_instance(Slapi_Backend *be);
+cb_backend *cb_get_backend_type(void);
 int cb_debug_on(void);
 void cb_set_debug(int on);
-int cb_ping_farm(cb_backend_instance *cb,cb_outgoing_conn * cnx,time_t end);
-void cb_update_failed_conn_cpt ( cb_backend_instance *cb ) ;
-void cb_reset_conn_cpt( cb_backend_instance *cb ) ;
-int  cb_check_availability( cb_backend_instance *cb, Slapi_PBlock *pb ) ;
+int cb_ping_farm(cb_backend_instance *cb, cb_outgoing_conn *cnx, time_t end);
+void cb_update_failed_conn_cpt(cb_backend_instance *cb);
+void cb_reset_conn_cpt(cb_backend_instance *cb);
+int cb_check_availability(cb_backend_instance *cb, Slapi_PBlock *pb);
 
-char* get_localhost_DNS(void);
+char *get_localhost_DNS(void);
 
 /* this function is called when state of a backend changes */
-void cb_be_state_change (void *handle, char *be_name, int old_be_state, int new_be_state);
+void cb_be_state_change(void *handle, char *be_name, int old_be_state, int new_be_state);
 
 #define ENDUSERMSG "database configuration error - please contact the system administrator"
 

ldap/servers/plugins/chainingdb/cb_abandon.c

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #include "cb.h"
@@ -23,7 +23,7 @@
  */
 
 int
-chaining_back_abandon ( Slapi_PBlock *pb __attribute__((unused)) )
+chaining_back_abandon(Slapi_PBlock *pb __attribute__((unused)))
 {
     /*
      * Abandon forwarded to the farm server for scoped
@@ -32,25 +32,27 @@ chaining_back_abandon ( Slapi_PBlock *pb __attribute__((unused)) )
     return 0;
 }
 
-int cb_check_forward_abandon(cb_backend_instance * cb,Slapi_PBlock * pb, LDAP * ld, int msgid ) {
-    
+int
+cb_check_forward_abandon(cb_backend_instance *cb, Slapi_PBlock *pb, LDAP *ld, int msgid)
+{
+
     int rc;
-    LDAPControl ** ctrls=NULL;
+    LDAPControl **ctrls = NULL;
 
-    if (slapi_op_abandoned( pb )) {
+    if (slapi_op_abandoned(pb)) {
 
-        if ((rc=cb_forward_operation(pb)) != LDAP_SUCCESS ) {
+        if ((rc = cb_forward_operation(pb)) != LDAP_SUCCESS) {
             return 0;
         }
-        
-        if ((rc = cb_update_controls( pb,ld,&ctrls,CB_UPDATE_CONTROLS_ISABANDON )) != LDAP_SUCCESS ) { 
-            if ( NULL != ctrls)
+
+        if ((rc = cb_update_controls(pb, ld, &ctrls, CB_UPDATE_CONTROLS_ISABANDON)) != LDAP_SUCCESS) {
+            if (NULL != ctrls)
                 ldap_controls_free(ctrls);
             return 0;
         }
-        rc = ldap_abandon_ext(ld, msgid, ctrls, NULL );
-        cb_release_op_connection(cb->pool,ld,CB_LDAP_CONN_ERROR(rc));
-        if ( NULL != ctrls)
+        rc = ldap_abandon_ext(ld, msgid, ctrls, NULL);
+        cb_release_op_connection(cb->pool, ld, CB_LDAP_CONN_ERROR(rc));
+        if (NULL != ctrls)
             ldap_controls_free(ctrls);
         return 1;
     }

ldap/servers/plugins/chainingdb/cb_acl.c

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #include "cb.h"
@@ -18,51 +18,53 @@
 ** Turn off acl eval on front-end when needed
 */
 
-void cb_set_acl_policy(Slapi_PBlock *pb) {
-        Slapi_Backend *be;
-        cb_backend_instance *cb;
-        int noacl;
+void
+cb_set_acl_policy(Slapi_PBlock *pb)
+{
+    Slapi_Backend *be;
+    cb_backend_instance *cb;
+    int noacl;
 
-        slapi_pblock_get( pb, SLAPI_BACKEND, &be );
-        cb = cb_get_instance(be);
+    slapi_pblock_get(pb, SLAPI_BACKEND, &be);
+    cb = cb_get_instance(be);
 
-        /* disable acl checking if the local_acl flag is not set
+    /* disable acl checking if the local_acl flag is not set
            or if the associated backend is disabled */
-        noacl=!(cb->local_acl) || cb->associated_be_is_disabled;
+    noacl = !(cb->local_acl) || cb->associated_be_is_disabled;
 
-        /* These branches are identical. Can we remove the if condition? */
-        if (noacl) {
-                slapi_pblock_set(pb, SLAPI_PLUGIN_DB_NO_ACL, &noacl);
-        } else {
-                /* Be very conservative about acl evaluation */
-                slapi_pblock_set(pb, SLAPI_PLUGIN_DB_NO_ACL, &noacl);
-        }
+    /* These branches are identical. Can we remove the if condition? */
+    if (noacl) {
+        slapi_pblock_set(pb, SLAPI_PLUGIN_DB_NO_ACL, &noacl);
+    } else {
+        /* Be very conservative about acl evaluation */
+        slapi_pblock_set(pb, SLAPI_PLUGIN_DB_NO_ACL, &noacl);
+    }
 }
 
-int cb_access_allowed(
-        Slapi_PBlock        *pb,
-        Slapi_Entry         *e,                 /* The Slapi_Entry */
-        char                *attr,              /* Attribute of the entry */
-        struct berval       *val,               /* value of attr. NOT USED */
-        int                 access,              /* access rights */
-        char                **errbuf __attribute__((unused))
-        )
+int
+cb_access_allowed(
+    Slapi_PBlock *pb,
+    Slapi_Entry *e,     /* The Slapi_Entry */
+    char *attr,         /* Attribute of the entry */
+    struct berval *val, /* value of attr. NOT USED */
+    int access,         /* access rights */
+    char **errbuf __attribute__((unused)))
 
 {
 
-switch (access) {
+    switch (access) {
 
-	case SLAPI_ACL_ADD:
-	case SLAPI_ACL_DELETE:
-	case SLAPI_ACL_COMPARE:
-	case SLAPI_ACL_WRITE:
-	case SLAPI_ACL_PROXY:
+    case SLAPI_ACL_ADD:
+    case SLAPI_ACL_DELETE:
+    case SLAPI_ACL_COMPARE:
+    case SLAPI_ACL_WRITE:
+    case SLAPI_ACL_PROXY:
 
-		/* Keep in mind some entries are NOT */
-		/* available for acl evaluation      */
+        /* Keep in mind some entries are NOT */
+        /* available for acl evaluation      */
 
-		return slapi_access_allowed(pb,e,attr,val,access);
-	default:
-		return LDAP_INSUFFICIENT_ACCESS;
-}
+        return slapi_access_allowed(pb, e, attr, val, access);
+    default:
+        return LDAP_INSUFFICIENT_ACCESS;
+    }
 }

ldap/servers/plugins/chainingdb/cb_add.c

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #include "cb.h"
@@ -23,249 +23,249 @@
  */
 
 int
-chaining_back_add ( Slapi_PBlock *pb )
+chaining_back_add(Slapi_PBlock *pb)
 {
-	cb_outgoing_conn    *cnx;
-	Slapi_Backend       *be;
-	Slapi_Entry         *e;
-	cb_backend_instance *cb;
-	LDAPControl         **serverctrls = NULL;
-	LDAPControl         **ctrls = NULL;
-	LDAPMod             **mods;
-	LDAPMessage         *res;
-	LDAP                *ld = NULL;
-	Slapi_DN            *sdn = NULL;
-	const char          *dn = NULL;
-	char                **referrals = NULL;
-	char                *matched_msg, *error_msg;
-	char                *cnxerrbuf = NULL;
-	time_t              endtime = 0;
-	int                 rc, parse_rc, msgid, i;
-	
-	if ( (rc=cb_forward_operation(pb)) != LDAP_SUCCESS ) {
-		cb_send_ldap_result( pb, rc, NULL, "Remote data access disabled", 0, NULL );
-		return -1;
-	}
-
-	slapi_pblock_get( pb, SLAPI_BACKEND, &be );
-	cb = cb_get_instance(be);
-
-	/* Update monitor info */
-	cb_update_monitor_info(pb,cb,SLAPI_OPERATION_ADD);
-
-	/* Check wether the chaining BE is available or not */
-	if ( cb_check_availability( cb, pb ) == FARMSERVER_UNAVAILABLE ){
-		return -1;
-	}
-
-	slapi_pblock_get( pb, SLAPI_ADD_TARGET_SDN, &sdn );
-	slapi_pblock_get( pb, SLAPI_ADD_ENTRY, &e );
-
-	dn = slapi_sdn_get_dn(sdn);
-
-	/* Check local access controls */
-	if (cb->local_acl && !cb->associated_be_is_disabled) {
-		char * errbuf=NULL;
-		rc = cb_access_allowed (pb, e, NULL, NULL, SLAPI_ACL_ADD, &errbuf);
-		if ( rc != LDAP_SUCCESS ) {
-			cb_send_ldap_result( pb, rc, NULL, errbuf, 0, NULL );
-			slapi_ch_free((void **)&errbuf);
-			return -1;
-		}
-	}
-
-	/* Build LDAPMod from the SLapi_Entry */
-	cb_eliminate_illegal_attributes(cb,e);
-
-	if ((rc = slapi_entry2mods ((const Slapi_Entry *)e, NULL, &mods)) != LDAP_SUCCESS) {
-		cb_send_ldap_result( pb, rc,NULL,NULL, 0, NULL);
-		return -1;
-	}
-
-	/* Grab a connection handle */
-	rc = cb_get_connection(cb->pool, &ld, &cnx, NULL, &cnxerrbuf);
-	if (LDAP_SUCCESS != rc) {
-		static int warned_get_conn = 0;
-		if (!warned_get_conn) {
-			slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM,
-				"chaining_back_add - cb_get_connection failed (%d) %s\n",
-				rc, ldap_err2string(rc));
-			warned_get_conn = 1;
-		}
-		cb_send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, cnxerrbuf, 0, NULL);
-		ldap_mods_free(mods, 1);
-		slapi_ch_free_string(&cnxerrbuf);
-		/* ping the farm.
-		 * If the farm is unreachable, we increment the counter */
-		cb_ping_farm(cb, NULL, 0);
-
-		return -1;
-	}
-	
-	/* Control management */
-	if ( (rc = cb_update_controls( pb,ld,&ctrls,CB_UPDATE_CONTROLS_ADDAUTH)) != LDAP_SUCCESS ) {
-		cb_send_ldap_result( pb, rc, NULL,NULL, 0, NULL);
-		cb_release_op_connection(cb->pool,ld,CB_LDAP_CONN_ERROR(rc));
-		ldap_mods_free(mods,1);
-		return -1;
-	}
-
-	if ( slapi_op_abandoned( pb )) {
-		cb_release_op_connection(cb->pool,ld,0);
-		ldap_mods_free(mods,1);
-		ldap_controls_free(ctrls);
-		return -1;
-	}
-
-	/*
-	 * Call the backend preoperation plugins
-	 */
-	if((rc = slapi_plugin_call_preop_be_plugins(pb, SLAPI_PLUGIN_ADD_OP))){
-		slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM, "chaining_back_add - add (%s): pre betxn failed, error (%d)\n",dn,rc);
-		cb_release_op_connection(cb->pool,ld,0);
-		ldap_mods_free(mods,1);
-		ldap_controls_free(ctrls);
-		return -1;
-	}
-
-	/* heart-beat management */
-	if (cb->max_idle_time>0) {
-		endtime=slapi_current_utc_time() + cb->max_idle_time;
-	}
-
-	/* Send LDAP operation to the remote host */
-	rc = ldap_add_ext( ld, dn, mods, ctrls, NULL, &msgid );
-	
-	ldap_controls_free(ctrls);
-
-	if ( rc != LDAP_SUCCESS ) {
-		slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM,
-			"ldap_add_ext failed -- %s\n", ldap_err2string(rc) );
-
-		cb_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL, ENDUSERMSG, 0, NULL );
-		cb_release_op_connection(cb->pool,ld,CB_LDAP_CONN_ERROR(rc));
-		ldap_mods_free(mods,1);
-		return -1;
-	}
-
-	/* 
-	 * Poll the server for the results of the add operation.
-	 * Check for abandoned operation regularly.
-	 */
-	while ( 1 ) {
-
-		if (cb_check_forward_abandon(cb,pb,ld,msgid)) {
-			/* connection handle released in cb_check_forward_abandon() */
-			ldap_mods_free(mods,1);
-			return -1;
-		}
-
-		rc = ldap_result( ld, msgid, 0, &cb->abandon_timeout, &res );
-		switch ( rc ) {
-		case -1:
-			cb_send_ldap_result(pb,LDAP_OPERATIONS_ERROR, NULL, ldap_err2string(rc), 0, NULL);
-			cb_release_op_connection(cb->pool,ld,CB_LDAP_CONN_ERROR(rc));
-			ldap_mods_free(mods,1);
-			ldap_msgfree(res);
-			return -1;
-
-		case 0:
-			if ((rc=cb_ping_farm(cb,cnx,endtime)) != LDAP_SUCCESS) {
-				/*
-				 * does not respond. give up and return a
-				 * error to the client.
-				 */
-
-				/*cb_send_ldap_result(pb,LDAP_OPERATIONS_ERROR, NULL,
-					ldap_err2string(rc), 0, NULL);*/
-				cb_send_ldap_result(pb,LDAP_OPERATIONS_ERROR, NULL, "FARM SERVER TEMPORARY UNAVAILABLE", 0, NULL);
-				cb_release_op_connection(cb->pool,ld,CB_LDAP_CONN_ERROR(rc));
-				ldap_mods_free(mods,1);
-				ldap_msgfree(res);
-				return -1;
-			}
+    cb_outgoing_conn *cnx;
+    Slapi_Backend *be;
+    Slapi_Entry *e;
+    cb_backend_instance *cb;
+    LDAPControl **serverctrls = NULL;
+    LDAPControl **ctrls = NULL;
+    LDAPMod **mods;
+    LDAPMessage *res;
+    LDAP *ld = NULL;
+    Slapi_DN *sdn = NULL;
+    const char *dn = NULL;
+    char **referrals = NULL;
+    char *matched_msg, *error_msg;
+    char *cnxerrbuf = NULL;
+    time_t endtime = 0;
+    int rc, parse_rc, msgid, i;
+
+    if ((rc = cb_forward_operation(pb)) != LDAP_SUCCESS) {
+        cb_send_ldap_result(pb, rc, NULL, "Remote data access disabled", 0, NULL);
+        return -1;
+    }
+
+    slapi_pblock_get(pb, SLAPI_BACKEND, &be);
+    cb = cb_get_instance(be);
+
+    /* Update monitor info */
+    cb_update_monitor_info(pb, cb, SLAPI_OPERATION_ADD);
+
+    /* Check wether the chaining BE is available or not */
+    if (cb_check_availability(cb, pb) == FARMSERVER_UNAVAILABLE) {
+        return -1;
+    }
+
+    slapi_pblock_get(pb, SLAPI_ADD_TARGET_SDN, &sdn);
+    slapi_pblock_get(pb, SLAPI_ADD_ENTRY, &e);
+
+    dn = slapi_sdn_get_dn(sdn);
+
+    /* Check local access controls */
+    if (cb->local_acl && !cb->associated_be_is_disabled) {
+        char *errbuf = NULL;
+        rc = cb_access_allowed(pb, e, NULL, NULL, SLAPI_ACL_ADD, &errbuf);
+        if (rc != LDAP_SUCCESS) {
+            cb_send_ldap_result(pb, rc, NULL, errbuf, 0, NULL);
+            slapi_ch_free((void **)&errbuf);
+            return -1;
+        }
+    }
+
+    /* Build LDAPMod from the SLapi_Entry */
+    cb_eliminate_illegal_attributes(cb, e);
+
+    if ((rc = slapi_entry2mods((const Slapi_Entry *)e, NULL, &mods)) != LDAP_SUCCESS) {
+        cb_send_ldap_result(pb, rc, NULL, NULL, 0, NULL);
+        return -1;
+    }
+
+    /* Grab a connection handle */
+    rc = cb_get_connection(cb->pool, &ld, &cnx, NULL, &cnxerrbuf);
+    if (LDAP_SUCCESS != rc) {
+        static int warned_get_conn = 0;
+        if (!warned_get_conn) {
+            slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM,
+                          "chaining_back_add - cb_get_connection failed (%d) %s\n",
+                          rc, ldap_err2string(rc));
+            warned_get_conn = 1;
+        }
+        cb_send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, cnxerrbuf, 0, NULL);
+        ldap_mods_free(mods, 1);
+        slapi_ch_free_string(&cnxerrbuf);
+        /* ping the farm.
+         * If the farm is unreachable, we increment the counter */
+        cb_ping_farm(cb, NULL, 0);
+
+        return -1;
+    }
+
+    /* Control management */
+    if ((rc = cb_update_controls(pb, ld, &ctrls, CB_UPDATE_CONTROLS_ADDAUTH)) != LDAP_SUCCESS) {
+        cb_send_ldap_result(pb, rc, NULL, NULL, 0, NULL);
+        cb_release_op_connection(cb->pool, ld, CB_LDAP_CONN_ERROR(rc));
+        ldap_mods_free(mods, 1);
+        return -1;
+    }
+
+    if (slapi_op_abandoned(pb)) {
+        cb_release_op_connection(cb->pool, ld, 0);
+        ldap_mods_free(mods, 1);
+        ldap_controls_free(ctrls);
+        return -1;
+    }
+
+    /*
+     * Call the backend preoperation plugins
+     */
+    if ((rc = slapi_plugin_call_preop_be_plugins(pb, SLAPI_PLUGIN_ADD_OP))) {
+        slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM, "chaining_back_add - add (%s): pre betxn failed, error (%d)\n", dn, rc);
+        cb_release_op_connection(cb->pool, ld, 0);
+        ldap_mods_free(mods, 1);
+        ldap_controls_free(ctrls);
+        return -1;
+    }
+
+    /* heart-beat management */
+    if (cb->max_idle_time > 0) {
+        endtime = slapi_current_utc_time() + cb->max_idle_time;
+    }
+
+    /* Send LDAP operation to the remote host */
+    rc = ldap_add_ext(ld, dn, mods, ctrls, NULL, &msgid);
+
+    ldap_controls_free(ctrls);
+
+    if (rc != LDAP_SUCCESS) {
+        slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM,
+                      "ldap_add_ext failed -- %s\n", ldap_err2string(rc));
+
+        cb_send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, ENDUSERMSG, 0, NULL);
+        cb_release_op_connection(cb->pool, ld, CB_LDAP_CONN_ERROR(rc));
+        ldap_mods_free(mods, 1);
+        return -1;
+    }
+
+    /*
+     * Poll the server for the results of the add operation.
+     * Check for abandoned operation regularly.
+     */
+    while (1) {
+
+        if (cb_check_forward_abandon(cb, pb, ld, msgid)) {
+            /* connection handle released in cb_check_forward_abandon() */
+            ldap_mods_free(mods, 1);
+            return -1;
+        }
+
+        rc = ldap_result(ld, msgid, 0, &cb->abandon_timeout, &res);
+        switch (rc) {
+        case -1:
+            cb_send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, ldap_err2string(rc), 0, NULL);
+            cb_release_op_connection(cb->pool, ld, CB_LDAP_CONN_ERROR(rc));
+            ldap_mods_free(mods, 1);
+            ldap_msgfree(res);
+            return -1;
+
+        case 0:
+            if ((rc = cb_ping_farm(cb, cnx, endtime)) != LDAP_SUCCESS) {
+                /*
+                 * does not respond. give up and return a
+                 * error to the client.
+                 */
+
+                /*cb_send_ldap_result(pb,LDAP_OPERATIONS_ERROR, NULL,
+                    ldap_err2string(rc), 0, NULL);*/
+                cb_send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, "FARM SERVER TEMPORARY UNAVAILABLE", 0, NULL);
+                cb_release_op_connection(cb->pool, ld, CB_LDAP_CONN_ERROR(rc));
+                ldap_mods_free(mods, 1);
+                ldap_msgfree(res);
+                return -1;
+            }
 #ifdef CB_YIELD
-			DS_Sleep(PR_INTERVAL_NO_WAIT);
+            DS_Sleep(PR_INTERVAL_NO_WAIT);
 #endif
-			break;
-
-		default:
-			serverctrls=NULL;
-			matched_msg=error_msg=NULL;
-			referrals=NULL;
-
-			parse_rc = ldap_parse_result( ld, res, &rc, &matched_msg, 
-					&error_msg, &referrals, &serverctrls, 1 );
-
-			if ( parse_rc != LDAP_SUCCESS ) {
-				static int warned_parse_rc = 0;
-				if (!warned_parse_rc) {
-					slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM,
-						"chaining_back_add - %s%s%s\n",
-						matched_msg?matched_msg:"",
-						(matched_msg&&(*matched_msg!='\0'))?": ":"",
-						ldap_err2string(parse_rc));
-					warned_parse_rc = 1;
-				}
-				cb_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL, ENDUSERMSG, 0, NULL );
-				cb_release_op_connection(cb->pool,ld,CB_LDAP_CONN_ERROR(parse_rc));
-				ldap_mods_free(mods,1);
-				slapi_ch_free_string(&matched_msg);
-				slapi_ch_free_string(&error_msg);
-				ldap_controls_free(serverctrls);
-				charray_free(referrals);
-				return -1;
-			}
-
-			if ( rc != LDAP_SUCCESS ) {
-				struct berval ** refs =  referrals2berval(referrals); 
-				static int warned_rc = 0;
-				if (!warned_rc && error_msg) {
-					slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM,
-						"chaining_back_add - %s%s%s\n",
-						matched_msg?matched_msg:"",
-						(matched_msg&&(*matched_msg!='\0'))?": ":"",
-						error_msg );
-					warned_rc = 1;
-				}
-				cb_send_ldap_result( pb, rc, matched_msg, ENDUSERMSG, 0, refs);
-				cb_release_op_connection(cb->pool,ld,CB_LDAP_CONN_ERROR(rc));
-				ldap_mods_free(mods,1);
-				slapi_ch_free_string(&matched_msg);
-				slapi_ch_free_string(&error_msg);
-				if (refs) 
-					ber_bvecfree(refs);
-				charray_free(referrals);
-				ldap_controls_free(serverctrls);
-				return -1;
-			}
-
-			/* Success */
-			ldap_mods_free(mods,1 );
-			cb_release_op_connection(cb->pool,ld,0);
-
-			/* Call the backend postoperation plugins */
-			if((rc = slapi_plugin_call_postop_be_plugins(pb, SLAPI_PLUGIN_ADD_OP))){
-				slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM, "chaining_back_add - add (%s): post betxn failed, error (%d)\n",dn,rc);
-			}
-
-			/* Add control response sent by the farm server */
-			for (i=0; serverctrls && serverctrls[i];i++)
-				slapi_pblock_set( pb, SLAPI_ADD_RESCONTROL, serverctrls[i]);
-			if (serverctrls)
-				ldap_controls_free(serverctrls);
-			slapi_ch_free_string(&matched_msg);
-			slapi_ch_free_string(&error_msg);
-			charray_free(referrals);
-			cb_send_ldap_result( pb, rc, NULL, NULL, 0, NULL );
-			if(rc == LDAP_SUCCESS){
-				slapi_entry_free(e);
-				slapi_pblock_set( pb, SLAPI_ADD_ENTRY, NULL );
-				return 0;
-			} else {
-				return -1;
-			}
-		}
-	}
-	/* Never reached */
+            break;
+
+        default:
+            serverctrls = NULL;
+            matched_msg = error_msg = NULL;
+            referrals = NULL;
+
+            parse_rc = ldap_parse_result(ld, res, &rc, &matched_msg,
+                                         &error_msg, &referrals, &serverctrls, 1);
+
+            if (parse_rc != LDAP_SUCCESS) {
+                static int warned_parse_rc = 0;
+                if (!warned_parse_rc) {
+                    slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM,
+                                  "chaining_back_add - %s%s%s\n",
+                                  matched_msg ? matched_msg : "",
+                                  (matched_msg && (*matched_msg != '\0')) ? ": " : "",
+                                  ldap_err2string(parse_rc));
+                    warned_parse_rc = 1;
+                }
+                cb_send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, ENDUSERMSG, 0, NULL);
+                cb_release_op_connection(cb->pool, ld, CB_LDAP_CONN_ERROR(parse_rc));
+                ldap_mods_free(mods, 1);
+                slapi_ch_free_string(&matched_msg);
+                slapi_ch_free_string(&error_msg);
+                ldap_controls_free(serverctrls);
+                charray_free(referrals);
+                return -1;
+            }
+
+            if (rc != LDAP_SUCCESS) {
+                struct berval **refs = referrals2berval(referrals);
+                static int warned_rc = 0;
+                if (!warned_rc && error_msg) {
+                    slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM,
+                                  "chaining_back_add - %s%s%s\n",
+                                  matched_msg ? matched_msg : "",
+                                  (matched_msg && (*matched_msg != '\0')) ? ": " : "",
+                                  error_msg);
+                    warned_rc = 1;
+                }
+                cb_send_ldap_result(pb, rc, matched_msg, ENDUSERMSG, 0, refs);
+                cb_release_op_connection(cb->pool, ld, CB_LDAP_CONN_ERROR(rc));
+                ldap_mods_free(mods, 1);
+                slapi_ch_free_string(&matched_msg);
+                slapi_ch_free_string(&error_msg);
+                if (refs)
+                    ber_bvecfree(refs);
+                charray_free(referrals);
+                ldap_controls_free(serverctrls);
+                return -1;
+            }
+
+            /* Success */
+            ldap_mods_free(mods, 1);
+            cb_release_op_connection(cb->pool, ld, 0);
+
+            /* Call the backend postoperation plugins */
+            if ((rc = slapi_plugin_call_postop_be_plugins(pb, SLAPI_PLUGIN_ADD_OP))) {
+                slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM, "chaining_back_add - add (%s): post betxn failed, error (%d)\n", dn, rc);
+            }
+
+            /* Add control response sent by the farm server */
+            for (i = 0; serverctrls && serverctrls[i]; i++)
+                slapi_pblock_set(pb, SLAPI_ADD_RESCONTROL, serverctrls[i]);
+            if (serverctrls)
+                ldap_controls_free(serverctrls);
+            slapi_ch_free_string(&matched_msg);
+            slapi_ch_free_string(&error_msg);
+            charray_free(referrals);
+            cb_send_ldap_result(pb, rc, NULL, NULL, 0, NULL);
+            if (rc == LDAP_SUCCESS) {
+                slapi_entry_free(e);
+                slapi_pblock_set(pb, SLAPI_ADD_ENTRY, NULL);
+                return 0;
+            } else {
+                return -1;
+            }
+        }
+    }
+    /* Never reached */
 }

ldap/servers/plugins/chainingdb/cb_bind.c

@@ -4,25 +4,21 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #include "cb.h"
 
 static void
-cb_free_bervals( struct berval **bvs );
+cb_free_bervals(struct berval **bvs);
 
 
 static int
-cb_sasl_bind_once_s( cb_conn_pool *pool, const char *dn, ber_tag_t method, 
-                     char * mechanism, struct berval *creds, 
-                     LDAPControl **reqctrls, char **matcheddnp, 
-                     char **errmsgp, struct berval ***refurlsp,
-                     LDAPControl ***resctrlsp , int * status);
+cb_sasl_bind_once_s(cb_conn_pool *pool, const char *dn, ber_tag_t method, char *mechanism, struct berval *creds, LDAPControl **reqctrls, char **matcheddnp, char **errmsgp, struct berval ***refurlsp, LDAPControl ***resctrlsp, int *status);
 
 /*
  * Attempt to chain a bind request off to "srvr." We return an LDAP error
@@ -38,48 +34,40 @@ cb_sasl_bind_once_s( cb_conn_pool *pool, const char *dn, ber_tag_t method,
  */
 
 static int
-cb_sasl_bind_s(Slapi_PBlock * pb, cb_conn_pool *pool, int tries,
-               const char *dn, ber_tag_t method, char * mechanism, 
-               struct berval *creds, LDAPControl **reqctrls,
-               char **matcheddnp, char **errmsgp, struct berval ***refurlsp,
-               LDAPControl ***resctrlsp ,int *status)
+cb_sasl_bind_s(Slapi_PBlock *pb, cb_conn_pool *pool, int tries, const char *dn, ber_tag_t method, char *mechanism, struct berval *creds, LDAPControl **reqctrls, char **matcheddnp, char **errmsgp, struct berval ***refurlsp, LDAPControl ***resctrlsp, int *status)
 {
-    int         rc;
+    int rc;
 
     do {
-         /* check to see if operation has been abandoned...*/
+        /* check to see if operation has been abandoned...*/
 
-        if (LDAP_AUTH_SIMPLE!=method) {
+        if (LDAP_AUTH_SIMPLE != method) {
             return LDAP_AUTH_METHOD_NOT_SUPPORTED;
         }
 
-        if ( slapi_op_abandoned( pb )) {
+        if (slapi_op_abandoned(pb)) {
             rc = LDAP_USER_CANCELLED;
         } else {
-            rc = cb_sasl_bind_once_s( pool, dn, method, mechanism, creds, reqctrls,
-                     matcheddnp, errmsgp, refurlsp, resctrlsp ,status);
+            rc = cb_sasl_bind_once_s(pool, dn, method, mechanism, creds, reqctrls,
+                                     matcheddnp, errmsgp, refurlsp, resctrlsp, status);
         }
-    } while ( CB_LDAP_CONN_ERROR( rc ) && --tries > 0 );
+    } while (CB_LDAP_CONN_ERROR(rc) && --tries > 0);
 
-    return( rc );
+    return (rc);
 }
 
 static int
-cb_sasl_bind_once_s( cb_conn_pool *pool, const char *dn, ber_tag_t method __attribute__((unused)),
-                     char * mechanism __attribute__((unused)), struct berval *creds,
-                     LDAPControl **reqctrls, char **matcheddnp,
-                     char **errmsgp, struct berval ***refurlsp,
-                     LDAPControl ***resctrlsp , int * status )
+cb_sasl_bind_once_s(cb_conn_pool *pool, const char *dn, ber_tag_t method __attribute__((unused)), char *mechanism __attribute__((unused)), struct berval *creds, LDAPControl **reqctrls, char **matcheddnp, char **errmsgp, struct berval ***refurlsp, LDAPControl ***resctrlsp, int *status)
 {
-    int                 rc, msgid;
-    char                **referrals;
-    struct timeval      timeout_copy, *timeout;
-    LDAPMessage         *result=NULL;
-    LDAP                *ld=NULL;
-    char 		*cnxerrbuf=NULL;
-    cb_outgoing_conn	*cnx;
-    int version=LDAP_VERSION3;
-	
+    int rc, msgid;
+    char **referrals;
+    struct timeval timeout_copy, *timeout;
+    LDAPMessage *result = NULL;
+    LDAP *ld = NULL;
+    char *cnxerrbuf = NULL;
+    cb_outgoing_conn *cnx;
+    int version = LDAP_VERSION3;
+
     /* Grab an LDAP connection to use for this bind. */
 
     slapi_rwlock_rdlock(pool->rwl_config_lock);
@@ -87,241 +75,239 @@ cb_sasl_bind_once_s( cb_conn_pool *pool, const char *dn, ber_tag_t method __attr
     timeout_copy.tv_usec = pool->conn.bind_timeout.tv_usec;
     slapi_rwlock_unlock(pool->rwl_config_lock);
 
-	rc = cb_get_connection(pool, &ld, &cnx, NULL, &cnxerrbuf);
-	if (LDAP_SUCCESS != rc) {
-		static int warned_get_conn = 0;
-		if (!warned_get_conn) {
-			slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM,
-			                "cb_sasl_bind_once_s - cb_get_connection failed (%d) %s\n",
-			                rc, ldap_err2string(rc));
-			warned_get_conn = 1;
-		}
-		*errmsgp = cnxerrbuf;
-		goto release_and_return;
-	}
-       
+    rc = cb_get_connection(pool, &ld, &cnx, NULL, &cnxerrbuf);
+    if (LDAP_SUCCESS != rc) {
+        static int warned_get_conn = 0;
+        if (!warned_get_conn) {
+            slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM,
+                          "cb_sasl_bind_once_s - cb_get_connection failed (%d) %s\n",
+                          rc, ldap_err2string(rc));
+            warned_get_conn = 1;
+        }
+        *errmsgp = cnxerrbuf;
+        goto release_and_return;
+    }
+
     /* Send the bind operation (need to retry on LDAP_SERVER_DOWN) */
-    
-    ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version );
 
-    if (( rc = ldap_sasl_bind( ld, dn, LDAP_SASL_SIMPLE, creds, reqctrls,
-                NULL, &msgid )) != LDAP_SUCCESS ) {
+    ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);
+
+    if ((rc = ldap_sasl_bind(ld, dn, LDAP_SASL_SIMPLE, creds, reqctrls,
+                             NULL, &msgid)) != LDAP_SUCCESS) {
         goto release_and_return;
     }
 
-	/* XXXSD what is the exact semantics of bind_to ? it is used to get a
-	connection handle and later to bind ==> bind op may last 2*bind_to
-	from the user point of view 
-	confusion comes from teh fact that bind to is used 2for 3 differnt thinks,	
-	*/
+    /* XXXSD what is the exact semantics of bind_to ? it is used to get a
+    connection handle and later to bind ==> bind op may last 2*bind_to
+    from the user point of view
+    confusion comes from teh fact that bind to is used 2for 3 differnt thinks,
+    */
 
     /*
      * determine timeout value (how long we will wait for a response)
      * if timeout is zero'd, we wait indefinitely.
      */
-    if ( timeout_copy.tv_sec == 0 && timeout_copy.tv_usec == 0 ) {
+    if (timeout_copy.tv_sec == 0 && timeout_copy.tv_usec == 0) {
         timeout = NULL;
     } else {
-	timeout = &timeout_copy;
+        timeout = &timeout_copy;
     }
-       
+
     /*
      * Wait for a result.
      */
-    rc = ldap_result( ld, msgid, 1, timeout, &result );
- 
+    rc = ldap_result(ld, msgid, 1, timeout, &result);
+
     /*
      * Interpret the result.
      */
 
-   if ( rc == 0 ) {            /* timeout */
+    if (rc == 0) { /* timeout */
         /*
          * Timed out waiting for a reply from the server.
          */
         rc = LDAP_TIMEOUT;
-    } else if ( rc < 0 ) {
+    } else if (rc < 0) {
 
         /* Some other error occurred (no result received). */
-	char * matcheddnp2, * errmsgp2;
-	matcheddnp2=errmsgp2=NULL;
-
-	rc = slapi_ldap_get_lderrno( ld, &matcheddnp2, &errmsgp2 );
-
-	/* Need to allocate errmsgs */
-	if (matcheddnp2)
-		*matcheddnp=slapi_ch_strdup(matcheddnp2);
-	if (errmsgp2)
-		*errmsgp=slapi_ch_strdup(errmsgp2);
-	
-	if ( LDAP_SUCCESS != rc )  {
-		static int warned_bind_once = 0;
-		if (!warned_bind_once) {
-			int hasmatched = (matcheddnp && *matcheddnp && (**matcheddnp != '\0'));
-			slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM,
-			                "cb_sasl_bind_once_s - Failed (%s%s%s)\n",
-			                hasmatched ? *matcheddnp : "", 
-			                hasmatched ? ": " : "",
-			                ldap_err2string(rc));
-			warned_bind_once = 1;
-		}
-	}
+        char *matcheddnp2, *errmsgp2;
+        matcheddnp2 = errmsgp2 = NULL;
+
+        rc = slapi_ldap_get_lderrno(ld, &matcheddnp2, &errmsgp2);
+
+        /* Need to allocate errmsgs */
+        if (matcheddnp2)
+            *matcheddnp = slapi_ch_strdup(matcheddnp2);
+        if (errmsgp2)
+            *errmsgp = slapi_ch_strdup(errmsgp2);
+
+        if (LDAP_SUCCESS != rc) {
+            static int warned_bind_once = 0;
+            if (!warned_bind_once) {
+                int hasmatched = (matcheddnp && *matcheddnp && (**matcheddnp != '\0'));
+                slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM,
+                              "cb_sasl_bind_once_s - Failed (%s%s%s)\n",
+                              hasmatched ? *matcheddnp : "",
+                              hasmatched ? ": " : "",
+                              ldap_err2string(rc));
+                warned_bind_once = 1;
+            }
+        }
     } else {
 
         /* Got a result from remote server -- parse it.*/
 
-	char * matcheddnp2, * errmsgp2;
-	matcheddnp2=errmsgp2=NULL;
-	*resctrlsp=NULL;
-        rc = ldap_parse_result( ld, result, status, &matcheddnp2, &errmsgp2,
-                &referrals, resctrlsp, 1 );
-        if ( referrals != NULL ) {
-            *refurlsp = referrals2berval( referrals );
-            slapi_ldap_value_free( referrals );
+        char *matcheddnp2, *errmsgp2;
+        matcheddnp2 = errmsgp2 = NULL;
+        *resctrlsp = NULL;
+        rc = ldap_parse_result(ld, result, status, &matcheddnp2, &errmsgp2,
+                               &referrals, resctrlsp, 1);
+        if (referrals != NULL) {
+            *refurlsp = referrals2berval(referrals);
+            slapi_ldap_value_free(referrals);
+        }
+        /* realloc matcheddn & errmsg because the mem alloc model */
+        /* may differ from malloc                  */
+        if (matcheddnp2) {
+            *matcheddnp = slapi_ch_strdup(matcheddnp2);
+            ldap_memfree(matcheddnp2);
+        }
+        if (errmsgp2) {
+            *errmsgp = slapi_ch_strdup(errmsgp2);
+            ldap_memfree(errmsgp2);
         }
-	/* realloc matcheddn & errmsg because the mem alloc model */
-	/* may differ from malloc				  */
-	if (matcheddnp2) {
-		*matcheddnp=slapi_ch_strdup(matcheddnp2);
-		ldap_memfree(matcheddnp2);
-	}
-	if (errmsgp2) {
-		*errmsgp=slapi_ch_strdup(errmsgp2);
-		ldap_memfree(errmsgp2);
-	}
-
     }
 
 release_and_return:
-    if ( ld != NULL ) {
-        cb_release_op_connection( pool, ld, CB_LDAP_CONN_ERROR( rc ));
+    if (ld != NULL) {
+        cb_release_op_connection(pool, ld, CB_LDAP_CONN_ERROR(rc));
     }
-       
-    return( rc );
+
+    return (rc);
 }
 
 int
-chainingdb_bind( Slapi_PBlock *pb )
+chainingdb_bind(Slapi_PBlock *pb)
 {
-	cb_backend_instance *cb;
-	Slapi_Backend *be;
-	struct berval *creds = NULL, **urls = NULL;
-	const char *dn = NULL;
-	Slapi_DN *sdn = NULL;
-	Slapi_DN *mysdn = NULL;
-	char *matcheddn = NULL, *errmsg = NULL;
-	LDAPControl **reqctrls = NULL, **resctrls = NULL, **ctrls = NULL;
-	char *mechanism = NULL;
-	int status=LDAP_SUCCESS;
-	int allocated_errmsg = 0;
-	int rc = LDAP_SUCCESS;
-	int freectrls = 1;
-	int bind_retry;
-	ber_tag_t method;
-	
-	if ( LDAP_SUCCESS != (rc = cb_forward_operation(pb) )) {
-		cb_send_ldap_result( pb, rc, NULL, "Chaining forbidden", 0, NULL );
-		return SLAPI_BIND_FAIL;
-	}
-
-	/* don't add proxy auth control. use this call to check for supported   */
-	/* controls only.							*/
-	if ( LDAP_SUCCESS != ( rc = cb_update_controls( pb, NULL, &ctrls, 0 )) ) {
-		cb_send_ldap_result( pb, rc, NULL, NULL, 0, NULL );
-		if (ctrls)
-			ldap_controls_free(ctrls);
-		return SLAPI_BIND_FAIL;
-	}
-	if (ctrls)
-		ldap_controls_free(ctrls);
-
-	slapi_pblock_get( pb, SLAPI_BACKEND, &be );
-	slapi_pblock_get( pb, SLAPI_BIND_TARGET_SDN, &sdn );
-	slapi_pblock_get( pb, SLAPI_BIND_METHOD, &method );
-	slapi_pblock_get( pb, SLAPI_BIND_SASLMECHANISM, &mechanism);
-	slapi_pblock_get( pb, SLAPI_BIND_CREDENTIALS, &creds );
-	if (NULL == creds) {
-		cb_send_ldap_result( pb, rc, NULL, "No credentials", 0, NULL );
-		return SLAPI_BIND_FAIL;
-	}
-	slapi_pblock_get( pb, SLAPI_REQCONTROLS, &reqctrls );
-	cb = cb_get_instance(be);
-
-	if ( NULL == sdn ) {
-		sdn = mysdn = slapi_sdn_new_ndn_byval("");
-	}
-	dn = slapi_sdn_get_ndn(sdn);
-
-	/* always allow noauth simple binds */
-	if ((method == LDAP_AUTH_SIMPLE) && (creds->bv_len == 0)) {
-		slapi_sdn_free(&mysdn);
-		return( SLAPI_BIND_ANONYMOUS );
-	}
-
-	cb_update_monitor_info(pb,cb,SLAPI_OPERATION_BIND);
-
-	/* Check wether the chaining BE is available or not */
-	if ( cb_check_availability( cb, pb ) == FARMSERVER_UNAVAILABLE ){
-		slapi_sdn_free(&mysdn);
-		return -1;
-	}
-
-	slapi_rwlock_rdlock(cb->rwl_config_lock);
-	bind_retry=cb->bind_retry;
-	slapi_rwlock_unlock(cb->rwl_config_lock);
-
-	rc = cb_sasl_bind_s(pb, cb->bind_pool, bind_retry, dn, method, 
-	                    mechanism, creds, reqctrls, &matcheddn, &errmsg, 
-	                    &urls, &resctrls, &status);
-	if ( LDAP_SUCCESS == rc ) {
-		rc = status;
-		allocated_errmsg = 1;
-	} else if ( LDAP_USER_CANCELLED != rc ) {
-		slapi_ch_free_string(&errmsg);
-		errmsg = ldap_err2string( rc );
-		if (rc == LDAP_TIMEOUT) {
-			cb_ping_farm(cb,NULL,0);
-		}
-		rc = LDAP_OPERATIONS_ERROR;
-	} else {
-		allocated_errmsg = 1;
-	}
-
-	if ( rc != LDAP_USER_CANCELLED ) {  /* not abandoned */
-		if ( resctrls != NULL ) {
-			slapi_pblock_set( pb, SLAPI_RESCONTROLS, resctrls );
-			freectrls = 0;
-		}
-
-		if ( rc != LDAP_SUCCESS ) {
-			cb_send_ldap_result( pb, rc, matcheddn, errmsg, 0, urls );
-		}
-	}
-
-	if ( urls != NULL ) {
-		cb_free_bervals( urls );
-	}
-	if ( freectrls && ( resctrls != NULL )) {
-		ldap_controls_free( resctrls );
-	}
-	slapi_ch_free_string(&matcheddn);
-	if ( allocated_errmsg ) {
-		slapi_ch_free_string(&errmsg);
-	}
-
-	slapi_sdn_free(&mysdn);
-	return ((rc == LDAP_SUCCESS ) ? SLAPI_BIND_SUCCESS : SLAPI_BIND_FAIL );
+    cb_backend_instance *cb;
+    Slapi_Backend *be;
+    struct berval *creds = NULL, **urls = NULL;
+    const char *dn = NULL;
+    Slapi_DN *sdn = NULL;
+    Slapi_DN *mysdn = NULL;
+    char *matcheddn = NULL, *errmsg = NULL;
+    LDAPControl **reqctrls = NULL, **resctrls = NULL, **ctrls = NULL;
+    char *mechanism = NULL;
+    int status = LDAP_SUCCESS;
+    int allocated_errmsg = 0;
+    int rc = LDAP_SUCCESS;
+    int freectrls = 1;
+    int bind_retry;
+    ber_tag_t method;
+
+    if (LDAP_SUCCESS != (rc = cb_forward_operation(pb))) {
+        cb_send_ldap_result(pb, rc, NULL, "Chaining forbidden", 0, NULL);
+        return SLAPI_BIND_FAIL;
+    }
+
+    /* don't add proxy auth control. use this call to check for supported   */
+    /* controls only.                            */
+    if (LDAP_SUCCESS != (rc = cb_update_controls(pb, NULL, &ctrls, 0))) {
+        cb_send_ldap_result(pb, rc, NULL, NULL, 0, NULL);
+        if (ctrls)
+            ldap_controls_free(ctrls);
+        return SLAPI_BIND_FAIL;
+    }
+    if (ctrls)
+        ldap_controls_free(ctrls);
+
+    slapi_pblock_get(pb, SLAPI_BACKEND, &be);
+    slapi_pblock_get(pb, SLAPI_BIND_TARGET_SDN, &sdn);
+    slapi_pblock_get(pb, SLAPI_BIND_METHOD, &method);
+    slapi_pblock_get(pb, SLAPI_BIND_SASLMECHANISM, &mechanism);
+    slapi_pblock_get(pb, SLAPI_BIND_CREDENTIALS, &creds);
+    if (NULL == creds) {
+        cb_send_ldap_result(pb, rc, NULL, "No credentials", 0, NULL);
+        return SLAPI_BIND_FAIL;
+    }
+    slapi_pblock_get(pb, SLAPI_REQCONTROLS, &reqctrls);
+    cb = cb_get_instance(be);
+
+    if (NULL == sdn) {
+        sdn = mysdn = slapi_sdn_new_ndn_byval("");
+    }
+    dn = slapi_sdn_get_ndn(sdn);
+
+    /* always allow noauth simple binds */
+    if ((method == LDAP_AUTH_SIMPLE) && (creds->bv_len == 0)) {
+        slapi_sdn_free(&mysdn);
+        return (SLAPI_BIND_ANONYMOUS);
+    }
+
+    cb_update_monitor_info(pb, cb, SLAPI_OPERATION_BIND);
+
+    /* Check wether the chaining BE is available or not */
+    if (cb_check_availability(cb, pb) == FARMSERVER_UNAVAILABLE) {
+        slapi_sdn_free(&mysdn);
+        return -1;
+    }
+
+    slapi_rwlock_rdlock(cb->rwl_config_lock);
+    bind_retry = cb->bind_retry;
+    slapi_rwlock_unlock(cb->rwl_config_lock);
+
+    rc = cb_sasl_bind_s(pb, cb->bind_pool, bind_retry, dn, method,
+                        mechanism, creds, reqctrls, &matcheddn, &errmsg,
+                        &urls, &resctrls, &status);
+    if (LDAP_SUCCESS == rc) {
+        rc = status;
+        allocated_errmsg = 1;
+    } else if (LDAP_USER_CANCELLED != rc) {
+        slapi_ch_free_string(&errmsg);
+        errmsg = ldap_err2string(rc);
+        if (rc == LDAP_TIMEOUT) {
+            cb_ping_farm(cb, NULL, 0);
+        }
+        rc = LDAP_OPERATIONS_ERROR;
+    } else {
+        allocated_errmsg = 1;
+    }
+
+    if (rc != LDAP_USER_CANCELLED) { /* not abandoned */
+        if (resctrls != NULL) {
+            slapi_pblock_set(pb, SLAPI_RESCONTROLS, resctrls);
+            freectrls = 0;
+        }
+
+        if (rc != LDAP_SUCCESS) {
+            cb_send_ldap_result(pb, rc, matcheddn, errmsg, 0, urls);
+        }
+    }
+
+    if (urls != NULL) {
+        cb_free_bervals(urls);
+    }
+    if (freectrls && (resctrls != NULL)) {
+        ldap_controls_free(resctrls);
+    }
+    slapi_ch_free_string(&matcheddn);
+    if (allocated_errmsg) {
+        slapi_ch_free_string(&errmsg);
+    }
+
+    slapi_sdn_free(&mysdn);
+    return ((rc == LDAP_SUCCESS) ? SLAPI_BIND_SUCCESS : SLAPI_BIND_FAIL);
 }
 
 static void
-cb_free_bervals( struct berval **bvs )
+cb_free_bervals(struct berval **bvs)
 {
-    int         i;
+    int i;
 
-    if ( bvs != NULL ) {
-        for ( i = 0; bvs[ i ] != NULL; ++i ) {
-            slapi_ch_free( (void **)&bvs[ i ] );
+    if (bvs != NULL) {
+        for (i = 0; bvs[i] != NULL; ++i) {
+            slapi_ch_free((void **)&bvs[i]);
         }
-    }    
-    slapi_ch_free( (void **)&bvs );
+    }
+    slapi_ch_free((void **)&bvs);
 }
-

ldap/servers/plugins/chainingdb/cb_cleanup.c

@@ -4,20 +4,21 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
-#include "cb.h" 
+#include "cb.h"
 
 /*
 ** cLeanup a chaining backend instance
 */
 
-int cb_back_cleanup( Slapi_PBlock *pb __attribute__((unused)))
+int
+cb_back_cleanup(Slapi_PBlock *pb __attribute__((unused)))
 {
 
     /*
@@ -27,4 +28,3 @@ int cb_back_cleanup( Slapi_PBlock *pb __attribute__((unused)))
 
     return 0;
 }
-

ldap/servers/plugins/chainingdb/cb_close.c

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #include "cb.h"
@@ -22,7 +22,7 @@
 static void
 free_cb_backend(cb_backend *cb)
 {
-    if(cb){
+    if (cb) {
         slapi_destroy_rwlock(cb->config.rwl_config_lock);
         slapi_ch_free_string(&cb->pluginDN);
         slapi_ch_free_string(&cb->configDN);
@@ -33,61 +33,62 @@ free_cb_backend(cb_backend *cb)
     }
 }
 
-int cb_back_close( Slapi_PBlock *pb )
+int
+cb_back_close(Slapi_PBlock *pb)
 {
-	Slapi_Backend *be;
-	cb_backend_instance *inst;
-	cb_backend *cb = cb_get_backend_type();
-	int rc;
+    Slapi_Backend *be;
+    cb_backend_instance *inst;
+    cb_backend *cb = cb_get_backend_type();
+    int rc;
 
-	slapi_pblock_get( pb, SLAPI_BACKEND, &be );
-	if (be == NULL) {
+    slapi_pblock_get(pb, SLAPI_BACKEND, &be);
+    if (be == NULL) {
 
-		CB_ASSERT(cb!=NULL);
+        CB_ASSERT(cb != NULL);
 
-		slapi_config_remove_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_POSTOP, cb->configDN, LDAP_SCOPE_BASE,
-		                             "(objectclass=*)",cb_config_modify_callback);
-		slapi_config_remove_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP, cb->configDN, LDAP_SCOPE_BASE,
-		                             "(objectclass=*)",cb_config_modify_check_callback);
-		slapi_config_remove_callback(SLAPI_OPERATION_ADD, DSE_FLAG_POSTOP, cb->configDN, LDAP_SCOPE_BASE,
-		                             "(objectclass=*)",cb_config_add_callback);
-		slapi_config_remove_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, cb->configDN, LDAP_SCOPE_BASE,
-		                             "(objectclass=*)",cb_config_add_check_callback);
-		slapi_config_remove_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP, cb->configDN, LDAP_SCOPE_BASE,
-		                             "(objectclass=*)",cb_config_search_callback);
-		slapi_config_remove_callback(SLAPI_OPERATION_ADD, DSE_FLAG_POSTOP, cb->pluginDN,
-		                             LDAP_SCOPE_SUBTREE, CB_CONFIG_INSTANCE_FILTER,
-		                             cb_config_add_instance_callback);
-		slapi_config_remove_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, cb->pluginDN,
-		                             LDAP_SCOPE_SUBTREE, CB_CONFIG_INSTANCE_FILTER,
-		                             cb_config_add_instance_check_callback);
-		free_cb_backend(cb);
+        slapi_config_remove_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_POSTOP, cb->configDN, LDAP_SCOPE_BASE,
+                                     "(objectclass=*)", cb_config_modify_callback);
+        slapi_config_remove_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP, cb->configDN, LDAP_SCOPE_BASE,
+                                     "(objectclass=*)", cb_config_modify_check_callback);
+        slapi_config_remove_callback(SLAPI_OPERATION_ADD, DSE_FLAG_POSTOP, cb->configDN, LDAP_SCOPE_BASE,
+                                     "(objectclass=*)", cb_config_add_callback);
+        slapi_config_remove_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, cb->configDN, LDAP_SCOPE_BASE,
+                                     "(objectclass=*)", cb_config_add_check_callback);
+        slapi_config_remove_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP, cb->configDN, LDAP_SCOPE_BASE,
+                                     "(objectclass=*)", cb_config_search_callback);
+        slapi_config_remove_callback(SLAPI_OPERATION_ADD, DSE_FLAG_POSTOP, cb->pluginDN,
+                                     LDAP_SCOPE_SUBTREE, CB_CONFIG_INSTANCE_FILTER,
+                                     cb_config_add_instance_callback);
+        slapi_config_remove_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, cb->pluginDN,
+                                     LDAP_SCOPE_SUBTREE, CB_CONFIG_INSTANCE_FILTER,
+                                     cb_config_add_instance_check_callback);
+        free_cb_backend(cb);
 
-		return 0;
-	}
+        return 0;
+    }
 
-	/* XXXSD: temp fix . Sometimes, this functions */
-	/* gets called with a ldbm backend instance... */
+    /* XXXSD: temp fix . Sometimes, this functions */
+    /* gets called with a ldbm backend instance... */
 
-	{
-		const char *betype = slapi_be_gettype(be);
-		if (!betype || strcasecmp(betype,CB_CHAINING_BACKEND_TYPE)) {
-			slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM, "cb_back_close - Wrong database type.\n");
-			free_cb_backend(cb);
-			return 0;
-		}
-	}
+    {
+        const char *betype = slapi_be_gettype(be);
+        if (!betype || strcasecmp(betype, CB_CHAINING_BACKEND_TYPE)) {
+            slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM, "cb_back_close - Wrong database type.\n");
+            free_cb_backend(cb);
+            return 0;
+        }
+    }
 
-	inst = cb_get_instance(be);
-	CB_ASSERT( inst != NULL );
+    inst = cb_get_instance(be);
+    CB_ASSERT(inst != NULL);
 
-	slapi_log_err(SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM,"cb_back_close - Stopping chaining database instance %s\n",
-			inst->configDn);
-	/*
-	 * emulate a backend instance deletion to clean up everything
-	 */
-	cb_instance_delete_config_callback(NULL, NULL,NULL, &rc, NULL, inst);
-	free_cb_backend(cb);
+    slapi_log_err(SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM, "cb_back_close - Stopping chaining database instance %s\n",
+                  inst->configDn);
+    /*
+     * emulate a backend instance deletion to clean up everything
+     */
+    cb_instance_delete_config_callback(NULL, NULL, NULL, &rc, NULL, inst);
+    free_cb_backend(cb);
 
-	return 0;
+    return 0;
 }

ldap/servers/plugins/chainingdb/cb_compare.c

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #include "cb.h"
@@ -23,228 +23,228 @@
  */
 
 int
-chaining_back_compare ( Slapi_PBlock *pb )
+chaining_back_compare(Slapi_PBlock *pb)
 {
 
-	Slapi_Backend		* be;
-	cb_backend_instance 	*cb=NULL;
-        struct berval           *bval=NULL;
-	LDAPControl 		**ctrls, **serverctrls;
-	int 			rc,parse_rc,msgid,i,checkacl;
-	LDAP 			*ld=NULL;
-	char         		**referrals=NULL;
-	LDAPMessage		* res;
-	char 			*type, *matched_msg, *error_msg;
-	const char 		*dn = NULL;
-	Slapi_DN		*sdn = NULL; 
-	char 			*cnxerrbuf=NULL;
-	time_t 			endtime = 0;
-	cb_outgoing_conn	*cnx;
-
-	if ( LDAP_SUCCESS != (rc=cb_forward_operation(pb) )) {
-		cb_send_ldap_result( pb, rc, NULL, "Chaining forbidden", 0, NULL );
-		return -1;
-	}
-
-	slapi_pblock_get( pb, SLAPI_BACKEND, &be );
-	cb = cb_get_instance(be);
-
-	cb_update_monitor_info(pb,cb,SLAPI_OPERATION_COMPARE);
-
-	/* Check wether the chaining BE is available or not */
-	if ( cb_check_availability( cb, pb ) == FARMSERVER_UNAVAILABLE ){
-		return -1;
-	}
-
-	slapi_pblock_get( pb, SLAPI_COMPARE_TYPE, &type );
-	slapi_pblock_get( pb, SLAPI_COMPARE_VALUE, &bval );
-	slapi_pblock_get( pb, SLAPI_COMPARE_TARGET_SDN, &sdn );
-	if (NULL == sdn) {
-		cb_send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX, NULL, "Null target DN", 0, NULL );
-		return -1;
-	}
-	dn = slapi_sdn_get_dn(sdn);
-
-	/* 
-	 * Check local acls
-	 * No need to lock the config to access cb->local_acl
-	 */
-
-	checkacl=cb->local_acl && !cb->associated_be_is_disabled;
-
-	if (checkacl) {
-		char * errbuf=NULL;
-		Slapi_Entry *te = slapi_entry_alloc();
-		slapi_entry_set_sdn(te, sdn); /* sdn: copied */
-		rc = cb_access_allowed (pb, te, type, bval, SLAPI_ACL_COMPARE,&errbuf);
-		slapi_entry_free(te);
-
-		if ( rc != LDAP_SUCCESS ) {
-			cb_send_ldap_result( pb, rc, NULL, errbuf, 0, NULL );
-			slapi_ch_free((void **) &errbuf);
-			return 1;
-		}
-	}
-
-	/*
-	 * Grab a connection handle
-	 */
-	rc = cb_get_connection(cb->pool, &ld, &cnx, NULL, &cnxerrbuf);
-	if (LDAP_SUCCESS != rc) {
-		static int warned_get_conn = 0;
-		if (!warned_get_conn) {
-			slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM,
-			                "chaining_back_compare - cb_get_connection failed (%d) %s\n",
-			                rc, ldap_err2string(rc));
-			warned_get_conn = 1;
-		}
-		cb_send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, 
-		                    cnxerrbuf, 0, NULL);
-		slapi_ch_free_string(&cnxerrbuf);
-		/* ping the farm. 
-		 * If the farm is unreachable, we increment the counter */
-		cb_ping_farm(cb, NULL, 0);
-		return 1;
-	}
-
- 	/*
+    Slapi_Backend *be;
+    cb_backend_instance *cb = NULL;
+    struct berval *bval = NULL;
+    LDAPControl **ctrls, **serverctrls;
+    int rc, parse_rc, msgid, i, checkacl;
+    LDAP *ld = NULL;
+    char **referrals = NULL;
+    LDAPMessage *res;
+    char *type, *matched_msg, *error_msg;
+    const char *dn = NULL;
+    Slapi_DN *sdn = NULL;
+    char *cnxerrbuf = NULL;
+    time_t endtime = 0;
+    cb_outgoing_conn *cnx;
+
+    if (LDAP_SUCCESS != (rc = cb_forward_operation(pb))) {
+        cb_send_ldap_result(pb, rc, NULL, "Chaining forbidden", 0, NULL);
+        return -1;
+    }
+
+    slapi_pblock_get(pb, SLAPI_BACKEND, &be);
+    cb = cb_get_instance(be);
+
+    cb_update_monitor_info(pb, cb, SLAPI_OPERATION_COMPARE);
+
+    /* Check wether the chaining BE is available or not */
+    if (cb_check_availability(cb, pb) == FARMSERVER_UNAVAILABLE) {
+        return -1;
+    }
+
+    slapi_pblock_get(pb, SLAPI_COMPARE_TYPE, &type);
+    slapi_pblock_get(pb, SLAPI_COMPARE_VALUE, &bval);
+    slapi_pblock_get(pb, SLAPI_COMPARE_TARGET_SDN, &sdn);
+    if (NULL == sdn) {
+        cb_send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX, NULL, "Null target DN", 0, NULL);
+        return -1;
+    }
+    dn = slapi_sdn_get_dn(sdn);
+
+    /*
+     * Check local acls
+     * No need to lock the config to access cb->local_acl
+     */
+
+    checkacl = cb->local_acl && !cb->associated_be_is_disabled;
+
+    if (checkacl) {
+        char *errbuf = NULL;
+        Slapi_Entry *te = slapi_entry_alloc();
+        slapi_entry_set_sdn(te, sdn); /* sdn: copied */
+        rc = cb_access_allowed(pb, te, type, bval, SLAPI_ACL_COMPARE, &errbuf);
+        slapi_entry_free(te);
+
+        if (rc != LDAP_SUCCESS) {
+            cb_send_ldap_result(pb, rc, NULL, errbuf, 0, NULL);
+            slapi_ch_free((void **)&errbuf);
+            return 1;
+        }
+    }
+
+    /*
+     * Grab a connection handle
+     */
+    rc = cb_get_connection(cb->pool, &ld, &cnx, NULL, &cnxerrbuf);
+    if (LDAP_SUCCESS != rc) {
+        static int warned_get_conn = 0;
+        if (!warned_get_conn) {
+            slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM,
+                          "chaining_back_compare - cb_get_connection failed (%d) %s\n",
+                          rc, ldap_err2string(rc));
+            warned_get_conn = 1;
+        }
+        cb_send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL,
+                            cnxerrbuf, 0, NULL);
+        slapi_ch_free_string(&cnxerrbuf);
+        /* ping the farm.
+         * If the farm is unreachable, we increment the counter */
+        cb_ping_farm(cb, NULL, 0);
+        return 1;
+    }
+
+    /*
          * Control management
          */
 
-        if ( (rc = cb_update_controls( pb,ld,&ctrls,CB_UPDATE_CONTROLS_ADDAUTH )) != LDAP_SUCCESS ) {
-                cb_send_ldap_result( pb, rc, NULL,NULL, 0, NULL);
-                cb_release_op_connection(cb->pool,ld,CB_LDAP_CONN_ERROR(rc));
-                return 1;
-        }
-
-        if ( slapi_op_abandoned( pb )) { 
-                cb_release_op_connection(cb->pool,ld,0);
-		if ( NULL != ctrls)
-                	ldap_controls_free(ctrls);
-                return -1;
+    if ((rc = cb_update_controls(pb, ld, &ctrls, CB_UPDATE_CONTROLS_ADDAUTH)) != LDAP_SUCCESS) {
+        cb_send_ldap_result(pb, rc, NULL, NULL, 0, NULL);
+        cb_release_op_connection(cb->pool, ld, CB_LDAP_CONN_ERROR(rc));
+        return 1;
+    }
+
+    if (slapi_op_abandoned(pb)) {
+        cb_release_op_connection(cb->pool, ld, 0);
+        if (NULL != ctrls)
+            ldap_controls_free(ctrls);
+        return -1;
+    }
+
+    /* heart-beat management */
+    if (cb->max_idle_time > 0) {
+        endtime = slapi_current_utc_time() + cb->max_idle_time;
+    }
+
+    /*
+     * Send LDAP operation to the remote host
+     */
+
+    rc = ldap_compare_ext(ld, dn, type, bval, ctrls, NULL, &msgid);
+    if (NULL != ctrls)
+        ldap_controls_free(ctrls);
+
+    if (rc != LDAP_SUCCESS) {
+        cb_send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL,
+                            ldap_err2string(rc), 0, NULL);
+        cb_release_op_connection(cb->pool, ld, CB_LDAP_CONN_ERROR(rc));
+        return 1;
+    }
+
+    while (1) {
+
+        if (cb_check_forward_abandon(cb, pb, ld, msgid)) {
+            return -1;
         }
 
-	/* heart-beat management */
-	if (cb->max_idle_time>0) {
-			endtime=slapi_current_utc_time() + cb->max_idle_time;
-	}
-
-	/*
-	 * Send LDAP operation to the remote host
-	 */
-
-	rc = ldap_compare_ext( ld, dn, type, bval, ctrls, NULL, &msgid );
-	if ( NULL != ctrls)
-                ldap_controls_free(ctrls);
-
-	if ( rc != LDAP_SUCCESS ) {
-                cb_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL,
-                        ldap_err2string(rc), 0, NULL);
-		cb_release_op_connection(cb->pool,ld,CB_LDAP_CONN_ERROR(rc));
+        /* No need to lock the config to access cb->abandon_timeout */
+        rc = ldap_result(ld, msgid, 0, &cb->abandon_timeout, &res);
+        switch (rc) {
+        case -1:
+            cb_send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL,
+                                ldap_err2string(rc), 0, NULL);
+            cb_release_op_connection(cb->pool, ld, CB_LDAP_CONN_ERROR(rc));
+            if (res)
+                ldap_msgfree(res);
+            return 1;
+        case 0:
+            if ((rc = cb_ping_farm(cb, cnx, endtime)) != LDAP_SUCCESS) {
+
+                /* does not respond. give up and return a*/
+                /* error to the client.             */
+
+                /*cb_send_ldap_result(pb,LDAP_OPERATIONS_ERROR, NULL,
+                    ldap_err2string(rc), 0, NULL);*/
+                cb_send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, "FARM SERVER TEMPORARY UNAVAILABLE", 0, NULL);
+                cb_release_op_connection(cb->pool, ld, CB_LDAP_CONN_ERROR(rc));
+                if (res)
+                    ldap_msgfree(res);
                 return 1;
-	}
-
-	while ( 1 ) {
-
-                if (cb_check_forward_abandon(cb,pb,ld,msgid)) {
-			return -1;
-		}
-
-		/* No need to lock the config to access cb->abandon_timeout */
-   		rc = ldap_result( ld, msgid, 0, &cb->abandon_timeout, &res );
-   		switch ( rc ) {
-   		case -1:
-                	cb_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL,
-                        	ldap_err2string(rc), 0, NULL);
-			cb_release_op_connection(cb->pool,ld,CB_LDAP_CONN_ERROR(rc));
-			if (res)
-				ldap_msgfree(res);
-                	return 1;
-		case 0:
-			if ((rc=cb_ping_farm(cb,cnx,endtime)) != LDAP_SUCCESS) {
-
-				/* does not respond. give up and return a*/
-				/* error to the client.			 */
-
-               			/*cb_send_ldap_result(pb,LDAP_OPERATIONS_ERROR, NULL,
-					ldap_err2string(rc), 0, NULL);*/
-				cb_send_ldap_result(pb,LDAP_OPERATIONS_ERROR, NULL, "FARM SERVER TEMPORARY UNAVAILABLE", 0, NULL);
-				cb_release_op_connection(cb->pool,ld,CB_LDAP_CONN_ERROR(rc));
-				if (res)
-					ldap_msgfree(res);
-               			return 1;
-			}
+            }
 #ifdef CB_YIELD
-                        DS_Sleep(PR_INTERVAL_NO_WAIT);
+            DS_Sleep(PR_INTERVAL_NO_WAIT);
 #endif
-                        break;
-		default:
-			matched_msg=error_msg=NULL;
-			parse_rc = ldap_parse_result( ld, res, &rc, &matched_msg, 
-			                          &error_msg, &referrals, &serverctrls, 1 );
-			if ( parse_rc != LDAP_SUCCESS ) {
-				static int warned_parse_rc = 0;
-				if (!warned_parse_rc) {
-					slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM,
-						            "chaining_back_compare - %s%s%s\n", 
-						            matched_msg?matched_msg:"",
-						            (matched_msg&&(*matched_msg!='\0'))?": ":"",
-					                ldap_err2string(parse_rc));
-					warned_parse_rc = 1;
-				}
-				cb_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL,
-				                     ENDUSERMSG, 0, NULL );
-				cb_release_op_connection(cb->pool,ld,CB_LDAP_CONN_ERROR(parse_rc));
-				slapi_ch_free((void **)&matched_msg);
-				slapi_ch_free((void **)&error_msg);
-				if (serverctrls)
-					ldap_controls_free(serverctrls);
-				/* jarnou: free referrals */
-				if (referrals)
-					charray_free(referrals);
-				return 1;
-			}
-
-			switch ( rc ) {
-
-				case LDAP_COMPARE_TRUE:
-				case LDAP_COMPARE_FALSE:
-					break;
-				default: {
-					struct berval ** refs =  referrals2berval(referrals); 
-
-                    cb_send_ldap_result( pb, rc, matched_msg, error_msg, 0, refs);
-					cb_release_op_connection(cb->pool,ld,CB_LDAP_CONN_ERROR(rc));
-			       		slapi_ch_free((void **)&matched_msg);
-			       		slapi_ch_free((void **)&error_msg);
-					if (refs) 
-						ber_bvecfree(refs);
-					if (referrals) 
-						charray_free(referrals);
-					if (serverctrls)
-	                                	ldap_controls_free(serverctrls);
-                			return 1;
-				}
-			}
-
-			/* Add control response sent by the farm server */
-
-			for (i=0; serverctrls && serverctrls[i];i++)
-        			slapi_pblock_set( pb, SLAPI_ADD_RESCONTROL, serverctrls[i]);
-			if (serverctrls)
-	                	ldap_controls_free(serverctrls);
-			/* jarnou: free matched_msg, error_msg, and referrals if necessary */
-		       	slapi_ch_free((void **)&matched_msg);
-		       	slapi_ch_free((void **)&error_msg);
-		       	if (referrals) 
-		       		charray_free(referrals);
-	
-        		cb_send_ldap_result( pb, rc , NULL, NULL, 0, NULL );
-			cb_release_op_connection(cb->pool,ld,0);
-			return 0;
-		}
-	}
-
-	/* Never reached */
-	/* return 0; */
+            break;
+        default:
+            matched_msg = error_msg = NULL;
+            parse_rc = ldap_parse_result(ld, res, &rc, &matched_msg,
+                                         &error_msg, &referrals, &serverctrls, 1);
+            if (parse_rc != LDAP_SUCCESS) {
+                static int warned_parse_rc = 0;
+                if (!warned_parse_rc) {
+                    slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM,
+                                  "chaining_back_compare - %s%s%s\n",
+                                  matched_msg ? matched_msg : "",
+                                  (matched_msg && (*matched_msg != '\0')) ? ": " : "",
+                                  ldap_err2string(parse_rc));
+                    warned_parse_rc = 1;
+                }
+                cb_send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL,
+                                    ENDUSERMSG, 0, NULL);
+                cb_release_op_connection(cb->pool, ld, CB_LDAP_CONN_ERROR(parse_rc));
+                slapi_ch_free((void **)&matched_msg);
+                slapi_ch_free((void **)&error_msg);
+                if (serverctrls)
+                    ldap_controls_free(serverctrls);
+                /* jarnou: free referrals */
+                if (referrals)
+                    charray_free(referrals);
+                return 1;
+            }
+
+            switch (rc) {
+
+            case LDAP_COMPARE_TRUE:
+            case LDAP_COMPARE_FALSE:
+                break;
+            default: {
+                struct berval **refs = referrals2berval(referrals);
+
+                cb_send_ldap_result(pb, rc, matched_msg, error_msg, 0, refs);
+                cb_release_op_connection(cb->pool, ld, CB_LDAP_CONN_ERROR(rc));
+                slapi_ch_free((void **)&matched_msg);
+                slapi_ch_free((void **)&error_msg);
+                if (refs)
+                    ber_bvecfree(refs);
+                if (referrals)
+                    charray_free(referrals);
+                if (serverctrls)
+                    ldap_controls_free(serverctrls);
+                return 1;
+            }
+            }
+
+            /* Add control response sent by the farm server */
+
+            for (i = 0; serverctrls && serverctrls[i]; i++)
+                slapi_pblock_set(pb, SLAPI_ADD_RESCONTROL, serverctrls[i]);
+            if (serverctrls)
+                ldap_controls_free(serverctrls);
+            /* jarnou: free matched_msg, error_msg, and referrals if necessary */
+            slapi_ch_free((void **)&matched_msg);
+            slapi_ch_free((void **)&error_msg);
+            if (referrals)
+                charray_free(referrals);
+
+            cb_send_ldap_result(pb, rc, NULL, NULL, 0, NULL);
+            cb_release_op_connection(cb->pool, ld, 0);
+            return 0;
+        }
+    }
+
+    /* Never reached */
+    /* return 0; */
 }

ldap/servers/plugins/chainingdb/cb_config.c

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #include "cb.h"
@@ -16,7 +16,7 @@
 
 /* Forward declarations */
 
-static int cb_parse_config_entry(cb_backend * cb, Slapi_Entry *e);
+static int cb_parse_config_entry(cb_backend *cb, Slapi_Entry *e);
 
 /* body starts here */
 
@@ -26,33 +26,34 @@ static int cb_parse_config_entry(cb_backend * cb, Slapi_Entry *e);
 */
 
 
-int cb_config_add_dse_entries(cb_backend *cb, char **entries, char *string1, char *string2, char *string3)
+int
+cb_config_add_dse_entries(cb_backend *cb, char **entries, char *string1, char *string2, char *string3)
 {
-        int x;
-        Slapi_Entry *e;
-        Slapi_PBlock *util_pb = NULL;
-        int res, rc = 0;
-        char entry_string[CB_BUFSIZE];
-
-        for(x = 0; strlen(entries[x]) > 0; x++) {
-                util_pb = slapi_pblock_new();
-                PR_snprintf(entry_string, sizeof(entry_string), entries[x], string1, string2, string3);
-                e = slapi_str2entry(entry_string, 0);
-                slapi_add_entry_internal_set_pb(util_pb, e, NULL, cb->identity, 0);
-		slapi_add_internal_pb(util_pb);
-		slapi_pblock_get(util_pb, SLAPI_PLUGIN_INTOP_RESULT, &res);
-		if ( LDAP_SUCCESS != res && LDAP_ALREADY_EXISTS != res ) {
-		  slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM, 
-				  "cb_config_add_dse_entries - Unable to add config entry (%s) to the DSE: %s\n",
-				  slapi_entry_get_dn(e),
-				  ldap_err2string(res));
-		  rc = res;
-		  slapi_pblock_destroy(util_pb);
-		  break;
-		}
-		slapi_pblock_destroy(util_pb);
+    int x;
+    Slapi_Entry *e;
+    Slapi_PBlock *util_pb = NULL;
+    int res, rc = 0;
+    char entry_string[CB_BUFSIZE];
+
+    for (x = 0; strlen(entries[x]) > 0; x++) {
+        util_pb = slapi_pblock_new();
+        PR_snprintf(entry_string, sizeof(entry_string), entries[x], string1, string2, string3);
+        e = slapi_str2entry(entry_string, 0);
+        slapi_add_entry_internal_set_pb(util_pb, e, NULL, cb->identity, 0);
+        slapi_add_internal_pb(util_pb);
+        slapi_pblock_get(util_pb, SLAPI_PLUGIN_INTOP_RESULT, &res);
+        if (LDAP_SUCCESS != res && LDAP_ALREADY_EXISTS != res) {
+            slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM,
+                          "cb_config_add_dse_entries - Unable to add config entry (%s) to the DSE: %s\n",
+                          slapi_entry_get_dn(e),
+                          ldap_err2string(res));
+            rc = res;
+            slapi_pblock_destroy(util_pb);
+            break;
         }
-        return rc;
+        slapi_pblock_destroy(util_pb);
+    }
+    return rc;
 }
 
 /*
@@ -62,164 +63,166 @@ int cb_config_add_dse_entries(cb_backend *cb, char **entries, char *string1, cha
 ** The default configuration is taken from the default entry if it exists
 */
 
-int cb_config_load_dse_info(Slapi_PBlock * pb) {
-
-	Slapi_PBlock 	*search_pb,*default_pb;
-        Slapi_Entry 	**entries = NULL;
-	Slapi_Entry 	*configEntry=NULL;
-        int 		res,default_res,i;
-	char		defaultDn[CB_BUFSIZE];
-	cb_backend 	*cb;
-
-        slapi_pblock_get( pb, SLAPI_PLUGIN_PRIVATE, &cb );
-
-	/* Get global configuration entry */
-        search_pb = slapi_pblock_new();
-        slapi_search_internal_set_pb(search_pb, cb->configDN, LDAP_SCOPE_BASE,
-                "objectclass=*", NULL, 0, NULL, NULL, cb->identity, 0);
-        slapi_search_internal_pb (search_pb);
-        slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_RESULT, &res);
-
-	if ( LDAP_SUCCESS == res ) {
-                slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
-                if (NULL == entries || entries[0] == NULL) {
-                        slapi_log_err(SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM, 
-				"cb_config_load_dse_info - Error accessing entry <%s>\n",cb->configDN);
-                	slapi_free_search_results_internal(search_pb);
-                	slapi_pblock_destroy(search_pb);
-                        return 1;
-		}
-		configEntry=entries[0];
-	} else
-  	if ( LDAP_NO_SUCH_OBJECT == res ) {
-		/* Don't do anything. The default conf is used */
-		configEntry=NULL;
-        } else {
-                slapi_free_search_results_internal(search_pb);
-                slapi_pblock_destroy(search_pb);
-		slapi_log_err(SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM,
-			"cb_config_load_dse_info - Error accessing entry <%s> (%s)\n",cb->configDN,ldap_err2string(res));
-                return 1;
-        } 
+int
+cb_config_load_dse_info(Slapi_PBlock *pb)
+{
 
-        /* Parse the configuration entry        */
-        /* Default config if configEntry is NULL*/
+    Slapi_PBlock *search_pb, *default_pb;
+    Slapi_Entry **entries = NULL;
+    Slapi_Entry *configEntry = NULL;
+    int res, default_res, i;
+    char defaultDn[CB_BUFSIZE];
+    cb_backend *cb;
 
-        cb_parse_config_entry(cb, configEntry);
+    slapi_pblock_get(pb, SLAPI_PLUGIN_PRIVATE, &cb);
+
+    /* Get global configuration entry */
+    search_pb = slapi_pblock_new();
+    slapi_search_internal_set_pb(search_pb, cb->configDN, LDAP_SCOPE_BASE,
+                                 "objectclass=*", NULL, 0, NULL, NULL, cb->identity, 0);
+    slapi_search_internal_pb(search_pb);
+    slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_RESULT, &res);
+
+    if (LDAP_SUCCESS == res) {
+        slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
+        if (NULL == entries || entries[0] == NULL) {
+            slapi_log_err(SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM,
+                          "cb_config_load_dse_info - Error accessing entry <%s>\n", cb->configDN);
+            slapi_free_search_results_internal(search_pb);
+            slapi_pblock_destroy(search_pb);
+            return 1;
+        }
+        configEntry = entries[0];
+    } else if (LDAP_NO_SUCH_OBJECT == res) {
+        /* Don't do anything. The default conf is used */
+        configEntry = NULL;
+    } else {
         slapi_free_search_results_internal(search_pb);
         slapi_pblock_destroy(search_pb);
+        slapi_log_err(SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM,
+                      "cb_config_load_dse_info - Error accessing entry <%s> (%s)\n", cb->configDN, ldap_err2string(res));
+        return 1;
+    }
+
+    /* Parse the configuration entry        */
+    /* Default config if configEntry is NULL*/
+
+    cb_parse_config_entry(cb, configEntry);
+    slapi_free_search_results_internal(search_pb);
+    slapi_pblock_destroy(search_pb);
+
+    /*
+    ** Parse the chaining backend instances
+    ** Immediate subordinates of cn=<plugin name>,cn=plugins,cn=config
+    */
+
+    search_pb = slapi_pblock_new();
+
+    slapi_search_internal_set_pb(search_pb, cb->pluginDN, LDAP_SCOPE_ONELEVEL,
+                                 CB_CONFIG_INSTANCE_FILTER, NULL, 0, NULL, NULL, cb->identity, 0);
+    slapi_search_internal_pb(search_pb);
+    slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_RESULT, &res);
+    if (res != LDAP_SUCCESS) {
+        slapi_log_err(SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM,
+                      "cb_config_load_dse_info - Error accessing the config DSE (%s)\n", ldap_err2string(res));
+        slapi_free_search_results_internal(search_pb);
+        slapi_pblock_destroy(search_pb);
+        return 1;
+    }
 
-	/*
-	** Parse the chaining backend instances
-	** Immediate subordinates of cn=<plugin name>,cn=plugins,cn=config
-	*/
-
-        search_pb = slapi_pblock_new();
-
-        slapi_search_internal_set_pb(search_pb, cb->pluginDN, LDAP_SCOPE_ONELEVEL,
-                CB_CONFIG_INSTANCE_FILTER,NULL,0,NULL,NULL,cb->identity, 0);
-        slapi_search_internal_pb (search_pb);
-        slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_RESULT, &res);
-        if (res != LDAP_SUCCESS) {
-                slapi_log_err(SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM, 
-			"cb_config_load_dse_info - Error accessing the config DSE (%s)\n",ldap_err2string(res));
-                slapi_free_search_results_internal(search_pb);
-                slapi_pblock_destroy(search_pb);
-                return 1;
-	}
-
-	/* Get the default instance value entry if it exists */
-	/* else create it 				     */
-	/* This dn is already normalized */
-	PR_snprintf(defaultDn,sizeof(defaultDn),"cn=default instance config,%s",cb->pluginDN);
-
-        default_pb = slapi_pblock_new();
-        slapi_search_internal_set_pb(default_pb, defaultDn, LDAP_SCOPE_BASE,
-                "objectclass=*", NULL, 0, NULL, NULL, cb->identity, 0);
-        slapi_search_internal_pb (default_pb);
-        slapi_pblock_get(default_pb, SLAPI_PLUGIN_INTOP_RESULT, &default_res);
-	if (LDAP_SUCCESS != default_res) {
-		cb_create_default_backend_instance_config(cb);
-	}
-
-        slapi_free_search_results_internal(default_pb);
-        slapi_pblock_destroy(default_pb);
+    /* Get the default instance value entry if it exists */
+    /* else create it                      */
+    /* This dn is already normalized */
+    PR_snprintf(defaultDn, sizeof(defaultDn), "cn=default instance config,%s", cb->pluginDN);
 
-        slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
-	for (i=0; entries && entries[i]; i++) {
-		int retcode;
-		char * aDn=slapi_entry_get_dn(entries[i]);
-		slapi_dn_normalize(aDn);
+    default_pb = slapi_pblock_new();
+    slapi_search_internal_set_pb(default_pb, defaultDn, LDAP_SCOPE_BASE,
+                                 "objectclass=*", NULL, 0, NULL, NULL, cb->identity, 0);
+    slapi_search_internal_pb(default_pb);
+    slapi_pblock_get(default_pb, SLAPI_PLUGIN_INTOP_RESULT, &default_res);
+    if (LDAP_SUCCESS != default_res) {
+        cb_create_default_backend_instance_config(cb);
+    }
 
-		cb_instance_add_config_callback(pb,entries[i],NULL,&retcode,NULL,cb);
-	}
+    slapi_free_search_results_internal(default_pb);
+    slapi_pblock_destroy(default_pb);
 
-        slapi_free_search_results_internal(search_pb);
-        slapi_pblock_destroy(search_pb);
+    slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
+    for (i = 0; entries && entries[i]; i++) {
+        int retcode;
+        char *aDn = slapi_entry_get_dn(entries[i]);
+        slapi_dn_normalize(aDn);
+
+        cb_instance_add_config_callback(pb, entries[i], NULL, &retcode, NULL, cb);
+    }
+
+    slapi_free_search_results_internal(search_pb);
+    slapi_pblock_destroy(search_pb);
 
 
-	/* Add callbacks */
-        slapi_config_register_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP, cb->configDN, 
-		LDAP_SCOPE_BASE, "(objectclass=*)",cb_config_modify_check_callback, (void *) cb);
-        slapi_config_register_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_POSTOP, cb->configDN, 
-		LDAP_SCOPE_BASE, "(objectclass=*)",cb_config_modify_callback, (void *) cb);
+    /* Add callbacks */
+    slapi_config_register_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP, cb->configDN,
+                                   LDAP_SCOPE_BASE, "(objectclass=*)", cb_config_modify_check_callback, (void *)cb);
+    slapi_config_register_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_POSTOP, cb->configDN,
+                                   LDAP_SCOPE_BASE, "(objectclass=*)", cb_config_modify_callback, (void *)cb);
 
-        slapi_config_register_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, cb->configDN, 
-		LDAP_SCOPE_BASE, "(objectclass=*)",cb_config_add_check_callback, (void *) cb);
-        slapi_config_register_callback(SLAPI_OPERATION_ADD, DSE_FLAG_POSTOP, cb->configDN, 
-		LDAP_SCOPE_BASE, "(objectclass=*)",cb_config_add_callback, (void *) cb);
+    slapi_config_register_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, cb->configDN,
+                                   LDAP_SCOPE_BASE, "(objectclass=*)", cb_config_add_check_callback, (void *)cb);
+    slapi_config_register_callback(SLAPI_OPERATION_ADD, DSE_FLAG_POSTOP, cb->configDN,
+                                   LDAP_SCOPE_BASE, "(objectclass=*)", cb_config_add_callback, (void *)cb);
 
-        slapi_config_register_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP, cb->configDN,
-		 LDAP_SCOPE_BASE, "(objectclass=*)",cb_config_search_callback, (void *) cb);
+    slapi_config_register_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP, cb->configDN,
+                                   LDAP_SCOPE_BASE, "(objectclass=*)", cb_config_search_callback, (void *)cb);
 
-	/* instance creation */
-        slapi_config_register_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, cb->pluginDN, 
-		LDAP_SCOPE_SUBTREE, CB_CONFIG_INSTANCE_FILTER, cb_config_add_instance_check_callback, (void *) cb);
+    /* instance creation */
+    slapi_config_register_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, cb->pluginDN,
+                                   LDAP_SCOPE_SUBTREE, CB_CONFIG_INSTANCE_FILTER, cb_config_add_instance_check_callback, (void *)cb);
 
-        slapi_config_register_callback(SLAPI_OPERATION_ADD, DSE_FLAG_POSTOP, cb->pluginDN, 
-		LDAP_SCOPE_SUBTREE, CB_CONFIG_INSTANCE_FILTER, cb_config_add_instance_callback, (void *) cb);
+    slapi_config_register_callback(SLAPI_OPERATION_ADD, DSE_FLAG_POSTOP, cb->pluginDN,
+                                   LDAP_SCOPE_SUBTREE, CB_CONFIG_INSTANCE_FILTER, cb_config_add_instance_callback, (void *)cb);
 
-	return 0;
+    return 0;
 }
 
 /* Check validity of the modification */
 
-int cb_config_add_check_callback(Slapi_PBlock *pb __attribute__((unused)),
-                                 Slapi_Entry* e,
-                                 Slapi_Entry* e2 __attribute__((unused)),
-                                 int *returncode,
-                                 char *returntext __attribute__((unused)),
-                                 void *arg)
+int
+cb_config_add_check_callback(Slapi_PBlock *pb __attribute__((unused)),
+                             Slapi_Entry *e,
+                             Slapi_Entry *e2 __attribute__((unused)),
+                             int *returncode,
+                             char *returntext __attribute__((unused)),
+                             void *arg)
 {
-        Slapi_Attr              *attr = NULL;
-        Slapi_Value             *sval;
-        struct berval *          bval;
-        int                     i;
-        cb_backend      *cb = (cb_backend *) arg;
- 
-        CB_ASSERT (cb!=NULL);
-
-        for (slapi_entry_first_attr(e, &attr); attr; slapi_entry_next_attr(e, attr, &attr)) {
-                char * attr_name=NULL;
-                slapi_attr_get_type(attr, &attr_name);
- 
-                if ( !strcasecmp ( attr_name, CB_CONFIG_GLOBAL_FORWARD_CTRLS )) {
-                        /* First, parse the values to make sure they are valid */
-                        i = slapi_attr_first_value(attr, &sval);
-                        while (i != -1 ) {
-                                bval = (struct berval *) slapi_value_get_berval(sval);
-                                if (!cb_is_control_forwardable(cb,bval->bv_val)) {
-                                        slapi_log_err(SLAPI_LOG_PLUGIN,CB_PLUGIN_SUBSYSTEM,
-                                                "cb_config_add_check_callback - Control %s can't be forwarded.\n",bval->bv_val);
-                                        *returncode=LDAP_CONSTRAINT_VIOLATION;
-                                        return SLAPI_DSE_CALLBACK_ERROR;
-                                }
-                                i = slapi_attr_next_value(attr, i, &sval);
-                        }
+    Slapi_Attr *attr = NULL;
+    Slapi_Value *sval;
+    struct berval *bval;
+    int i;
+    cb_backend *cb = (cb_backend *)arg;
+
+    CB_ASSERT(cb != NULL);
+
+    for (slapi_entry_first_attr(e, &attr); attr; slapi_entry_next_attr(e, attr, &attr)) {
+        char *attr_name = NULL;
+        slapi_attr_get_type(attr, &attr_name);
+
+        if (!strcasecmp(attr_name, CB_CONFIG_GLOBAL_FORWARD_CTRLS)) {
+            /* First, parse the values to make sure they are valid */
+            i = slapi_attr_first_value(attr, &sval);
+            while (i != -1) {
+                bval = (struct berval *)slapi_value_get_berval(sval);
+                if (!cb_is_control_forwardable(cb, bval->bv_val)) {
+                    slapi_log_err(SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM,
+                                  "cb_config_add_check_callback - Control %s can't be forwarded.\n", bval->bv_val);
+                    *returncode = LDAP_CONSTRAINT_VIOLATION;
+                    return SLAPI_DSE_CALLBACK_ERROR;
                 }
+                i = slapi_attr_next_value(attr, i, &sval);
+            }
         }
-        *returncode=LDAP_SUCCESS;
-        return SLAPI_DSE_CALLBACK_OK;
+    }
+    *returncode = LDAP_SUCCESS;
+    return SLAPI_DSE_CALLBACK_OK;
 }
 
 /*
@@ -227,303 +230,304 @@ int cb_config_add_check_callback(Slapi_PBlock *pb __attribute__((unused)),
 ** Take the new values into account
 */
 
-int 
+int
 cb_config_add_callback(Slapi_PBlock *pb __attribute__((unused)),
-                       Slapi_Entry* e,
-                       Slapi_Entry* e2 __attribute__((unused)),
+                       Slapi_Entry *e,
+                       Slapi_Entry *e2 __attribute__((unused)),
                        int *returncode,
                        char *returntext __attribute__((unused)),
                        void *arg)
 {
-        Slapi_Attr              *attr = NULL;
-        Slapi_Value             *sval;
-        struct berval *          bval;
-        int                     i;
-        cb_backend      *cb = (cb_backend *) arg;
-
-        CB_ASSERT (cb!=NULL);
-
-        for (slapi_entry_first_attr(e, &attr); attr; slapi_entry_next_attr(e, attr, &attr)) {
-                char * attr_name=NULL;
-                slapi_attr_get_type(attr, &attr_name);
-
-                if ( !strcasecmp ( attr_name, CB_CONFIG_GLOBAL_FORWARD_CTRLS )) {
-			/* First, parse the values to make sure they are valid */
-                	i = slapi_attr_first_value(attr, &sval);
-                        while (i != -1 ) {
-                        	bval = (struct berval *) slapi_value_get_berval(sval);
-                                if (!cb_is_control_forwardable(cb,bval->bv_val)) {
-                                        slapi_log_err(SLAPI_LOG_PLUGIN,CB_PLUGIN_SUBSYSTEM,
-                                                "cb_config_add_callback - control %s can't be forwarded.\n",bval->bv_val);
-                                        *returncode=LDAP_CONSTRAINT_VIOLATION;
-                                        return SLAPI_DSE_CALLBACK_ERROR;
-				}
-                                i = slapi_attr_next_value(attr, i, &sval);
-                        }
-			/* second pass. apply changes */
-			cb_unregister_all_supported_control(cb);
-                	i = slapi_attr_first_value(attr, &sval);
-                        while (i != -1 ) {
-                        	bval = (struct berval *) slapi_value_get_berval(sval);
-				cb_register_supported_control(cb,bval->bv_val,0);
-                                i = slapi_attr_next_value(attr, i, &sval);
-                        }
-		}
-	}
-	*returncode=LDAP_SUCCESS;
-	return SLAPI_DSE_CALLBACK_OK;
+    Slapi_Attr *attr = NULL;
+    Slapi_Value *sval;
+    struct berval *bval;
+    int i;
+    cb_backend *cb = (cb_backend *)arg;
+
+    CB_ASSERT(cb != NULL);
+
+    for (slapi_entry_first_attr(e, &attr); attr; slapi_entry_next_attr(e, attr, &attr)) {
+        char *attr_name = NULL;
+        slapi_attr_get_type(attr, &attr_name);
+
+        if (!strcasecmp(attr_name, CB_CONFIG_GLOBAL_FORWARD_CTRLS)) {
+            /* First, parse the values to make sure they are valid */
+            i = slapi_attr_first_value(attr, &sval);
+            while (i != -1) {
+                bval = (struct berval *)slapi_value_get_berval(sval);
+                if (!cb_is_control_forwardable(cb, bval->bv_val)) {
+                    slapi_log_err(SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM,
+                                  "cb_config_add_callback - control %s can't be forwarded.\n", bval->bv_val);
+                    *returncode = LDAP_CONSTRAINT_VIOLATION;
+                    return SLAPI_DSE_CALLBACK_ERROR;
+                }
+                i = slapi_attr_next_value(attr, i, &sval);
+            }
+            /* second pass. apply changes */
+            cb_unregister_all_supported_control(cb);
+            i = slapi_attr_first_value(attr, &sval);
+            while (i != -1) {
+                bval = (struct berval *)slapi_value_get_berval(sval);
+                cb_register_supported_control(cb, bval->bv_val, 0);
+                i = slapi_attr_next_value(attr, i, &sval);
+            }
+        }
+    }
+    *returncode = LDAP_SUCCESS;
+    return SLAPI_DSE_CALLBACK_OK;
 }
 
 int
 cb_config_search_callback(Slapi_PBlock *pb __attribute__((unused)),
-                          Slapi_Entry* e,
-                          Slapi_Entry* e2 __attribute__((unused)),
+                          Slapi_Entry *e,
+                          Slapi_Entry *e2 __attribute__((unused)),
                           int *returncode,
                           char *returntext __attribute__((unused)),
-                          void *arg)  {
-
-        cb_backend 	*cb = (cb_backend *) arg;
-        struct berval           val;
-        struct berval           *vals[2];
-        int                     i = 0;
-
-	CB_ASSERT (cb!=NULL);
-
-        vals[0] = &val;
-        vals[1] = NULL;
-
-        /* naming attribute */
-        val.bv_val = "config";
-        val.bv_len = strlen( val.bv_val );
-        slapi_entry_attr_replace( e, "cn", (struct berval **)vals );
-
-        /* objectclass attribute */
-        val.bv_val = "top";
-        val.bv_len = strlen( val.bv_val );
-        slapi_entry_attr_replace( e, "objectclass", (struct berval **)vals );
-        val.bv_val = CB_CONFIG_EXTENSIBLEOCL;
-        val.bv_len = strlen( val.bv_val );
-        slapi_entry_attr_merge( e, "objectclass", (struct berval **)vals );
- 
-	/* other attributes */
-
-        slapi_rwlock_rdlock(cb->config.rwl_config_lock);
-
-	for (i=0; cb->config.forward_ctrls && cb->config.forward_ctrls[i] ; i++) {
-		val.bv_val=cb->config.forward_ctrls[i];
-        	val.bv_len = strlen( val.bv_val );
-		if (i==0)
-        		slapi_entry_attr_replace( e, CB_CONFIG_GLOBAL_FORWARD_CTRLS, (struct berval **)vals ); 
-		else
-        		slapi_entry_attr_merge( e, CB_CONFIG_GLOBAL_FORWARD_CTRLS, (struct berval **)vals ); 
-	}
-
-	for (i=0;cb->config.chaining_components && cb->config.chaining_components[i];i++) {
-		val.bv_val=cb->config.chaining_components[i];
-        	val.bv_len = strlen( val.bv_val );
-		if (i==0)
-        		slapi_entry_attr_replace( e, CB_CONFIG_GLOBAL_CHAINING_COMPONENTS, 
-				(struct berval **)vals ); 
-		else
-        		slapi_entry_attr_merge( e, CB_CONFIG_GLOBAL_CHAINING_COMPONENTS, 
-				(struct berval **)vals ); 
-	}
-
-     	for (i=0; cb->config.chainable_components && cb->config.chainable_components[i]; i++) {
-                val.bv_val=cb->config.chainable_components[i];
-                val.bv_len = strlen( val.bv_val );
-                if (i==0)
-                        slapi_entry_attr_replace( e, CB_CONFIG_GLOBAL_CHAINABLE_COMPONENTS,
-                                (struct berval **)vals );
-                else
-                        slapi_entry_attr_merge( e, CB_CONFIG_GLOBAL_CHAINABLE_COMPONENTS,
-                                (struct berval **)vals );
-        }
-
-
-        slapi_rwlock_unlock(cb->config.rwl_config_lock);
+                          void *arg)
+{
 
-        *returncode = LDAP_SUCCESS;
-        return SLAPI_DSE_CALLBACK_OK;
+    cb_backend *cb = (cb_backend *)arg;
+    struct berval val;
+    struct berval *vals[2];
+    int i = 0;
+
+    CB_ASSERT(cb != NULL);
+
+    vals[0] = &val;
+    vals[1] = NULL;
+
+    /* naming attribute */
+    val.bv_val = "config";
+    val.bv_len = strlen(val.bv_val);
+    slapi_entry_attr_replace(e, "cn", (struct berval **)vals);
+
+    /* objectclass attribute */
+    val.bv_val = "top";
+    val.bv_len = strlen(val.bv_val);
+    slapi_entry_attr_replace(e, "objectclass", (struct berval **)vals);
+    val.bv_val = CB_CONFIG_EXTENSIBLEOCL;
+    val.bv_len = strlen(val.bv_val);
+    slapi_entry_attr_merge(e, "objectclass", (struct berval **)vals);
+
+    /* other attributes */
+
+    slapi_rwlock_rdlock(cb->config.rwl_config_lock);
+
+    for (i = 0; cb->config.forward_ctrls && cb->config.forward_ctrls[i]; i++) {
+        val.bv_val = cb->config.forward_ctrls[i];
+        val.bv_len = strlen(val.bv_val);
+        if (i == 0)
+            slapi_entry_attr_replace(e, CB_CONFIG_GLOBAL_FORWARD_CTRLS, (struct berval **)vals);
+        else
+            slapi_entry_attr_merge(e, CB_CONFIG_GLOBAL_FORWARD_CTRLS, (struct berval **)vals);
+    }
+
+    for (i = 0; cb->config.chaining_components && cb->config.chaining_components[i]; i++) {
+        val.bv_val = cb->config.chaining_components[i];
+        val.bv_len = strlen(val.bv_val);
+        if (i == 0)
+            slapi_entry_attr_replace(e, CB_CONFIG_GLOBAL_CHAINING_COMPONENTS,
+                                     (struct berval **)vals);
+        else
+            slapi_entry_attr_merge(e, CB_CONFIG_GLOBAL_CHAINING_COMPONENTS,
+                                   (struct berval **)vals);
+    }
+
+    for (i = 0; cb->config.chainable_components && cb->config.chainable_components[i]; i++) {
+        val.bv_val = cb->config.chainable_components[i];
+        val.bv_len = strlen(val.bv_val);
+        if (i == 0)
+            slapi_entry_attr_replace(e, CB_CONFIG_GLOBAL_CHAINABLE_COMPONENTS,
+                                     (struct berval **)vals);
+        else
+            slapi_entry_attr_merge(e, CB_CONFIG_GLOBAL_CHAINABLE_COMPONENTS,
+                                   (struct berval **)vals);
+    }
+
+
+    slapi_rwlock_unlock(cb->config.rwl_config_lock);
+
+    *returncode = LDAP_SUCCESS;
+    return SLAPI_DSE_CALLBACK_OK;
 }
 
 /* Check validity of the modification */
 
 int
 cb_config_modify_check_callback(Slapi_PBlock *pb,
-                                Slapi_Entry* entryBefore __attribute__((unused)),
-                                Slapi_Entry* e __attribute__((unused)),
+                                Slapi_Entry *entryBefore __attribute__((unused)),
+                                Slapi_Entry *e __attribute__((unused)),
                                 int *returncode,
                                 char *returntext __attribute__((unused)),
                                 void *arg)
 {
-        LDAPMod         **mods;
-        char            *attr_name;
-        int             i,j;
-        cb_backend      *cb = (cb_backend *) arg;
- 
-        CB_ASSERT (cb!=NULL);
- 
-        slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &mods );
- 
-  	for (i = 0; mods && mods[i] ; i++) {
-                attr_name = mods[i]->mod_type;
- 
-                if ( !strcasecmp ( attr_name, CB_CONFIG_GLOBAL_FORWARD_CTRLS )) {
-                        char * config_attr_value;
-                        for (j = 0; mods[i]->mod_bvalues && mods[i]->mod_bvalues[j]; j++) {
-                                config_attr_value = (char *) mods[i]->mod_bvalues[j]->bv_val;
-                                if (!cb_is_control_forwardable(cb,config_attr_value)) {
-                                        slapi_log_err(SLAPI_LOG_PLUGIN,CB_PLUGIN_SUBSYSTEM,
-                                                "cb_config_modify_check_callback - control %s can't be forwarded.\n",config_attr_value);
-                                        *returncode=LDAP_CONSTRAINT_VIOLATION;
-                                        return SLAPI_DSE_CALLBACK_ERROR;
-                                }
-			}
-		}
-	}
-	*returncode=LDAP_SUCCESS;
-        return SLAPI_DSE_CALLBACK_OK;
+    LDAPMod **mods;
+    char *attr_name;
+    int i, j;
+    cb_backend *cb = (cb_backend *)arg;
+
+    CB_ASSERT(cb != NULL);
+
+    slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &mods);
+
+    for (i = 0; mods && mods[i]; i++) {
+        attr_name = mods[i]->mod_type;
+
+        if (!strcasecmp(attr_name, CB_CONFIG_GLOBAL_FORWARD_CTRLS)) {
+            char *config_attr_value;
+            for (j = 0; mods[i]->mod_bvalues && mods[i]->mod_bvalues[j]; j++) {
+                config_attr_value = (char *)mods[i]->mod_bvalues[j]->bv_val;
+                if (!cb_is_control_forwardable(cb, config_attr_value)) {
+                    slapi_log_err(SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM,
+                                  "cb_config_modify_check_callback - control %s can't be forwarded.\n", config_attr_value);
+                    *returncode = LDAP_CONSTRAINT_VIOLATION;
+                    return SLAPI_DSE_CALLBACK_ERROR;
+                }
+            }
+        }
+    }
+    *returncode = LDAP_SUCCESS;
+    return SLAPI_DSE_CALLBACK_OK;
 }
 
 int
 cb_config_modify_callback(Slapi_PBlock *pb,
-                          Slapi_Entry* entryBefore __attribute__((unused)),
-                          Slapi_Entry* e __attribute__((unused)),
+                          Slapi_Entry *entryBefore __attribute__((unused)),
+                          Slapi_Entry *e __attribute__((unused)),
                           int *returncode,
                           char *returntext __attribute__((unused)),
                           void *arg)
 {
-	LDAPMod 	**mods;
-	char 		*attr_name;
-	int 		i,j;
-	cb_backend 	*cb = (cb_backend *) arg;
-
-	CB_ASSERT (cb!=NULL);
-
-	slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &mods );
-
-	for (i = 0; mods && mods[i] ; i++) {
-		attr_name = mods[i]->mod_type;
-
-		if ( !strcasecmp ( attr_name, CB_CONFIG_GLOBAL_FORWARD_CTRLS )) {
-			char * config_attr_value;
-			int done=0;
-        	for (j = 0; mods[i]->mod_bvalues && mods[i]->mod_bvalues[j]; j++) {
-        		config_attr_value = (char *) mods[i]->mod_bvalues[j]->bv_val;
-				if (!cb_is_control_forwardable(cb,config_attr_value)) {
-				        slapi_log_err(SLAPI_LOG_PLUGIN,CB_PLUGIN_SUBSYSTEM,
-						"cb_config_modify_callback - control %s can't be forwarded.\n",config_attr_value);
-					*returncode=LDAP_CONSTRAINT_VIOLATION;
-					return SLAPI_DSE_CALLBACK_ERROR;
-				}
-
-				if(SLAPI_IS_MOD_REPLACE(mods[i]->mod_op)) {
-					if (!done) {
-						cb_unregister_all_supported_control(cb);
-						done=1;
-					}
-					cb_register_supported_control(cb,config_attr_value,0);
-				} else {
-			        if (SLAPI_IS_MOD_ADD(mods[i]->mod_op)) {
-			        	cb_register_supported_control(cb,config_attr_value,0);
-			        } else {
-			        	if (SLAPI_IS_MOD_DELETE(mods[i]->mod_op)) {
-			        		cb_unregister_supported_control(cb,config_attr_value,0);
-			        	}
-			        }
-				}
-			}
-			if (NULL == mods[i]->mod_bvalues){
-				cb_unregister_all_supported_control(cb);
-			}
-		} else {
-			if ( !strcasecmp ( attr_name, CB_CONFIG_GLOBAL_DEBUG )) {
-				/* assume single-valued */
-				if (mods[i]->mod_op & LDAP_MOD_DELETE){
-					cb_set_debug(0);
-				} else if (SLAPI_IS_MOD_ADD(mods[i]->mod_op)) {
-					cb_set_debug(1);
-				}
-			} else {
-				if ( !strcasecmp ( attr_name, CB_CONFIG_GLOBAL_CHAINING_COMPONENTS )) {
-					char * config_attr_value;
-					int done=0;
-
-					slapi_rwlock_wrlock(cb->config.rwl_config_lock);
-
-					for (j = 0; mods[i]->mod_bvalues && mods[i]->mod_bvalues[j]; j++) {
-						config_attr_value = (char *) mods[i]->mod_bvalues[j]->bv_val;
-						if (SLAPI_IS_MOD_REPLACE(mods[i]->mod_op)) {
-							if (!done) {
-								charray_free(cb->config.chaining_components);
-								cb->config.chaining_components=NULL;
-								done=1;
-							}
-							/* XXXSD assume dn. Normalize it */
-							charray_add(&cb->config.chaining_components,
-							        slapi_dn_normalize(slapi_ch_strdup(config_attr_value)));
-						} else {
-							if (SLAPI_IS_MOD_ADD(mods[i]->mod_op)) {
-								charray_add(&cb->config.chaining_components,
-								        slapi_dn_normalize(slapi_ch_strdup(config_attr_value)));
-							} else {
-								if (SLAPI_IS_MOD_DELETE(mods[i]->mod_op)) {
-									char *remove_val = slapi_ch_strdup(config_attr_value);
-									charray_remove(cb->config.chaining_components,
-									        slapi_dn_normalize(remove_val),	0 /* freeit */);
-									slapi_ch_free_string(&remove_val);
-								}
-							}
-						}
-					}
-					if (NULL == mods[i]->mod_bvalues) {
-						charray_free(cb->config.chaining_components);
-						cb->config.chaining_components=NULL;
-					}
-
-					slapi_rwlock_unlock(cb->config.rwl_config_lock);
-				} else {
-					if ( !strcasecmp ( attr_name, CB_CONFIG_GLOBAL_CHAINABLE_COMPONENTS )) {
-						char *config_attr_value;
-						char *attr_val;
-						int done=0;
-
-						slapi_rwlock_wrlock(cb->config.rwl_config_lock);
-
-						for (j = 0; mods[i]->mod_bvalues && mods[i]->mod_bvalues[j]; j++) {
-							config_attr_value = (char *) mods[i]->mod_bvalues[j]->bv_val;
-							if (SLAPI_IS_MOD_REPLACE(mods[i]->mod_op)) {
-								if (!done) {
-									charray_free(cb->config.chainable_components);
-									cb->config.chainable_components=NULL;
-									done=1;
-								}
-								charray_add(&cb->config.chainable_components,
-								        slapi_dn_normalize(slapi_ch_strdup(config_attr_value)));
-							} else if (SLAPI_IS_MOD_ADD(mods[i]->mod_op)) {
-								charray_add(&cb->config.chainable_components,
-								        slapi_dn_normalize(slapi_ch_strdup(config_attr_value)));
-							} else if (SLAPI_IS_MOD_DELETE(mods[i]->mod_op)) {
-								attr_val = slapi_dn_normalize(slapi_ch_strdup(config_attr_value));
-								charray_remove(cb->config.chainable_components, attr_val, 0 /* freeit */);
-								slapi_ch_free_string(&attr_val);
-							}
-						}
-						if (NULL == mods[i]->mod_bvalues) {
-							charray_free(cb->config.chainable_components);
-							cb->config.chainable_components=NULL;
-						}
-
-						slapi_rwlock_unlock(cb->config.rwl_config_lock);
-					}
-				}
-			}
-		}
-	}
-	*returncode=LDAP_SUCCESS;
-
-	return SLAPI_DSE_CALLBACK_OK;
+    LDAPMod **mods;
+    char *attr_name;
+    int i, j;
+    cb_backend *cb = (cb_backend *)arg;
+
+    CB_ASSERT(cb != NULL);
+
+    slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &mods);
+
+    for (i = 0; mods && mods[i]; i++) {
+        attr_name = mods[i]->mod_type;
+
+        if (!strcasecmp(attr_name, CB_CONFIG_GLOBAL_FORWARD_CTRLS)) {
+            char *config_attr_value;
+            int done = 0;
+            for (j = 0; mods[i]->mod_bvalues && mods[i]->mod_bvalues[j]; j++) {
+                config_attr_value = (char *)mods[i]->mod_bvalues[j]->bv_val;
+                if (!cb_is_control_forwardable(cb, config_attr_value)) {
+                    slapi_log_err(SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM,
+                                  "cb_config_modify_callback - control %s can't be forwarded.\n", config_attr_value);
+                    *returncode = LDAP_CONSTRAINT_VIOLATION;
+                    return SLAPI_DSE_CALLBACK_ERROR;
+                }
+
+                if (SLAPI_IS_MOD_REPLACE(mods[i]->mod_op)) {
+                    if (!done) {
+                        cb_unregister_all_supported_control(cb);
+                        done = 1;
+                    }
+                    cb_register_supported_control(cb, config_attr_value, 0);
+                } else {
+                    if (SLAPI_IS_MOD_ADD(mods[i]->mod_op)) {
+                        cb_register_supported_control(cb, config_attr_value, 0);
+                    } else {
+                        if (SLAPI_IS_MOD_DELETE(mods[i]->mod_op)) {
+                            cb_unregister_supported_control(cb, config_attr_value, 0);
+                        }
+                    }
+                }
+            }
+            if (NULL == mods[i]->mod_bvalues) {
+                cb_unregister_all_supported_control(cb);
+            }
+        } else {
+            if (!strcasecmp(attr_name, CB_CONFIG_GLOBAL_DEBUG)) {
+                /* assume single-valued */
+                if (mods[i]->mod_op & LDAP_MOD_DELETE) {
+                    cb_set_debug(0);
+                } else if (SLAPI_IS_MOD_ADD(mods[i]->mod_op)) {
+                    cb_set_debug(1);
+                }
+            } else {
+                if (!strcasecmp(attr_name, CB_CONFIG_GLOBAL_CHAINING_COMPONENTS)) {
+                    char *config_attr_value;
+                    int done = 0;
+
+                    slapi_rwlock_wrlock(cb->config.rwl_config_lock);
+
+                    for (j = 0; mods[i]->mod_bvalues && mods[i]->mod_bvalues[j]; j++) {
+                        config_attr_value = (char *)mods[i]->mod_bvalues[j]->bv_val;
+                        if (SLAPI_IS_MOD_REPLACE(mods[i]->mod_op)) {
+                            if (!done) {
+                                charray_free(cb->config.chaining_components);
+                                cb->config.chaining_components = NULL;
+                                done = 1;
+                            }
+                            /* XXXSD assume dn. Normalize it */
+                            charray_add(&cb->config.chaining_components,
+                                        slapi_dn_normalize(slapi_ch_strdup(config_attr_value)));
+                        } else {
+                            if (SLAPI_IS_MOD_ADD(mods[i]->mod_op)) {
+                                charray_add(&cb->config.chaining_components,
+                                            slapi_dn_normalize(slapi_ch_strdup(config_attr_value)));
+                            } else {
+                                if (SLAPI_IS_MOD_DELETE(mods[i]->mod_op)) {
+                                    char *remove_val = slapi_ch_strdup(config_attr_value);
+                                    charray_remove(cb->config.chaining_components,
+                                                   slapi_dn_normalize(remove_val), 0 /* freeit */);
+                                    slapi_ch_free_string(&remove_val);
+                                }
+                            }
+                        }
+                    }
+                    if (NULL == mods[i]->mod_bvalues) {
+                        charray_free(cb->config.chaining_components);
+                        cb->config.chaining_components = NULL;
+                    }
+
+                    slapi_rwlock_unlock(cb->config.rwl_config_lock);
+                } else {
+                    if (!strcasecmp(attr_name, CB_CONFIG_GLOBAL_CHAINABLE_COMPONENTS)) {
+                        char *config_attr_value;
+                        char *attr_val;
+                        int done = 0;
+
+                        slapi_rwlock_wrlock(cb->config.rwl_config_lock);
+
+                        for (j = 0; mods[i]->mod_bvalues && mods[i]->mod_bvalues[j]; j++) {
+                            config_attr_value = (char *)mods[i]->mod_bvalues[j]->bv_val;
+                            if (SLAPI_IS_MOD_REPLACE(mods[i]->mod_op)) {
+                                if (!done) {
+                                    charray_free(cb->config.chainable_components);
+                                    cb->config.chainable_components = NULL;
+                                    done = 1;
+                                }
+                                charray_add(&cb->config.chainable_components,
+                                            slapi_dn_normalize(slapi_ch_strdup(config_attr_value)));
+                            } else if (SLAPI_IS_MOD_ADD(mods[i]->mod_op)) {
+                                charray_add(&cb->config.chainable_components,
+                                            slapi_dn_normalize(slapi_ch_strdup(config_attr_value)));
+                            } else if (SLAPI_IS_MOD_DELETE(mods[i]->mod_op)) {
+                                attr_val = slapi_dn_normalize(slapi_ch_strdup(config_attr_value));
+                                charray_remove(cb->config.chainable_components, attr_val, 0 /* freeit */);
+                                slapi_ch_free_string(&attr_val);
+                            }
+                        }
+                        if (NULL == mods[i]->mod_bvalues) {
+                            charray_free(cb->config.chainable_components);
+                            cb->config.chainable_components = NULL;
+                        }
+
+                        slapi_rwlock_unlock(cb->config.rwl_config_lock);
+                    }
+                }
+            }
+        }
+    }
+    *returncode = LDAP_SUCCESS;
+
+    return SLAPI_DSE_CALLBACK_OK;
 }
 
 /*
@@ -532,109 +536,107 @@ cb_config_modify_callback(Slapi_PBlock *pb,
 
 int
 cb_config_add_instance_callback(Slapi_PBlock *pb,
-                                Slapi_Entry* entryBefore,
-                                Slapi_Entry* e __attribute__((unused)),
+                                Slapi_Entry *entryBefore,
+                                Slapi_Entry *e __attribute__((unused)),
                                 int *returncode,
                                 char *returntext,
                                 void *arg)
 {
-        cb_backend      *cb=(cb_backend *)arg;
-	CB_ASSERT(cb!=NULL);
-        cb_instance_add_config_callback(pb,entryBefore,NULL,returncode,returntext,cb);
-	return SLAPI_DSE_CALLBACK_OK;
+    cb_backend *cb = (cb_backend *)arg;
+    CB_ASSERT(cb != NULL);
+    cb_instance_add_config_callback(pb, entryBefore, NULL, returncode, returntext, cb);
+    return SLAPI_DSE_CALLBACK_OK;
 }
 
 int
 cb_config_add_instance_check_callback(Slapi_PBlock *pb,
-                                      Slapi_Entry* entryBefore,
-                                      Slapi_Entry* e __attribute__((unused)),
+                                      Slapi_Entry *entryBefore,
+                                      Slapi_Entry *e __attribute__((unused)),
                                       int *returncode,
                                       char *returntext,
                                       void *arg)
 {
-        cb_backend      *cb=(cb_backend *)arg;
-	CB_ASSERT(cb!=NULL);
-        return cb_instance_add_config_check_callback(pb,entryBefore,NULL,returncode,returntext,cb);
+    cb_backend *cb = (cb_backend *)arg;
+    CB_ASSERT(cb != NULL);
+    return cb_instance_add_config_check_callback(pb, entryBefore, NULL, returncode, returntext, cb);
 }
 
 /*
 ** Parse the global chaining backend configuration
 */
 
-static int cb_parse_config_entry(cb_backend * cb, Slapi_Entry *e)
+static int
+cb_parse_config_entry(cb_backend *cb, Slapi_Entry *e)
 {
-        Slapi_Attr              *attr = NULL;
-        Slapi_Value             *sval;
-        struct berval 		*bval;
-	int 			i;
-
-	if (e == NULL)
-		return LDAP_SUCCESS;
-
-	cb_set_debug(0);
-
-        for (slapi_entry_first_attr(e, &attr); attr; slapi_entry_next_attr(e, attr, &attr)) {
-                char * attr_name=NULL;
-                slapi_attr_get_type(attr, &attr_name);
-
-                if ( !strcasecmp ( attr_name, CB_CONFIG_GLOBAL_FORWARD_CTRLS )) {
-                	i = slapi_attr_first_value(attr, &sval);
-
-		        slapi_rwlock_wrlock(cb->config.rwl_config_lock);
-			if (cb->config.forward_ctrls) {
-				charray_free(cb->config.forward_ctrls);
-				cb->config.forward_ctrls=NULL;
-			}
-		        slapi_rwlock_unlock(cb->config.rwl_config_lock);
-
-                        while (i != -1 ) {
-                        	bval = (struct berval *) slapi_value_get_berval(sval);
-				/* For now, don't support operation type */
-				cb_register_supported_control(cb,bval->bv_val,
-					SLAPI_OPERATION_SEARCH | SLAPI_OPERATION_COMPARE | 
-					SLAPI_OPERATION_ADD | SLAPI_OPERATION_DELETE |
-					SLAPI_OPERATION_MODIFY | SLAPI_OPERATION_MODDN);
-                                i = slapi_attr_next_value(attr, i, &sval);
-                        }
-		} else 
-                if ( !strcasecmp ( attr_name, CB_CONFIG_GLOBAL_CHAINING_COMPONENTS )) {
-                	i = slapi_attr_first_value(attr, &sval);
-		        slapi_rwlock_wrlock(cb->config.rwl_config_lock);
-			if (cb->config.chaining_components) {
-				charray_free(cb->config.chaining_components);
-				cb->config.chaining_components=NULL;
-			}
-                        while (i != -1 ) {
-                        	bval = (struct berval *) slapi_value_get_berval(sval);
-				/* XXXSD assume dn. Normalize it */
-				charray_add( &cb->config.chaining_components,
-					slapi_dn_normalize(slapi_ch_strdup(bval->bv_val)));
-                                i = slapi_attr_next_value(attr, i, &sval);
-                        }
-		        slapi_rwlock_unlock(cb->config.rwl_config_lock);
-		} else
-		if ( !strcasecmp ( attr_name, CB_CONFIG_GLOBAL_CHAINABLE_COMPONENTS )) {
-                        i = slapi_attr_first_value(attr, &sval);
-                        slapi_rwlock_wrlock(cb->config.rwl_config_lock);
-                        if (cb->config.chainable_components) {
-                                charray_free(cb->config.chainable_components);
-                                cb->config.chainable_components=NULL;
-                        }
-                        while (i != -1 ) {
-                                bval = (struct berval *) slapi_value_get_berval(sval);
-                                charray_add( &cb->config.chainable_components,
-                                        slapi_dn_normalize(slapi_ch_strdup(bval->bv_val)));
-                                i = slapi_attr_next_value(attr, i, &sval);
-                        }
-                        slapi_rwlock_unlock(cb->config.rwl_config_lock);
-                } else
-                if ( !strcasecmp ( attr_name, CB_CONFIG_GLOBAL_DEBUG )) {
-                        i = slapi_attr_first_value(attr, &sval);
-                        if ((i != -1) && slapi_value_get_berval(sval)) {
-				/* any value */
-				cb_set_debug(1);
-                        }
-		}
-	}
-	return LDAP_SUCCESS;
+    Slapi_Attr *attr = NULL;
+    Slapi_Value *sval;
+    struct berval *bval;
+    int i;
+
+    if (e == NULL)
+        return LDAP_SUCCESS;
+
+    cb_set_debug(0);
+
+    for (slapi_entry_first_attr(e, &attr); attr; slapi_entry_next_attr(e, attr, &attr)) {
+        char *attr_name = NULL;
+        slapi_attr_get_type(attr, &attr_name);
+
+        if (!strcasecmp(attr_name, CB_CONFIG_GLOBAL_FORWARD_CTRLS)) {
+            i = slapi_attr_first_value(attr, &sval);
+
+            slapi_rwlock_wrlock(cb->config.rwl_config_lock);
+            if (cb->config.forward_ctrls) {
+                charray_free(cb->config.forward_ctrls);
+                cb->config.forward_ctrls = NULL;
+            }
+            slapi_rwlock_unlock(cb->config.rwl_config_lock);
+
+            while (i != -1) {
+                bval = (struct berval *)slapi_value_get_berval(sval);
+                /* For now, don't support operation type */
+                cb_register_supported_control(cb, bval->bv_val,
+                                              SLAPI_OPERATION_SEARCH | SLAPI_OPERATION_COMPARE |
+                                                  SLAPI_OPERATION_ADD | SLAPI_OPERATION_DELETE |
+                                                  SLAPI_OPERATION_MODIFY | SLAPI_OPERATION_MODDN);
+                i = slapi_attr_next_value(attr, i, &sval);
+            }
+        } else if (!strcasecmp(attr_name, CB_CONFIG_GLOBAL_CHAINING_COMPONENTS)) {
+            i = slapi_attr_first_value(attr, &sval);
+            slapi_rwlock_wrlock(cb->config.rwl_config_lock);
+            if (cb->config.chaining_components) {
+                charray_free(cb->config.chaining_components);
+                cb->config.chaining_components = NULL;
+            }
+            while (i != -1) {
+                bval = (struct berval *)slapi_value_get_berval(sval);
+                /* XXXSD assume dn. Normalize it */
+                charray_add(&cb->config.chaining_components,
+                            slapi_dn_normalize(slapi_ch_strdup(bval->bv_val)));
+                i = slapi_attr_next_value(attr, i, &sval);
+            }
+            slapi_rwlock_unlock(cb->config.rwl_config_lock);
+        } else if (!strcasecmp(attr_name, CB_CONFIG_GLOBAL_CHAINABLE_COMPONENTS)) {
+            i = slapi_attr_first_value(attr, &sval);
+            slapi_rwlock_wrlock(cb->config.rwl_config_lock);
+            if (cb->config.chainable_components) {
+                charray_free(cb->config.chainable_components);
+                cb->config.chainable_components = NULL;
+            }
+            while (i != -1) {
+                bval = (struct berval *)slapi_value_get_berval(sval);
+                charray_add(&cb->config.chainable_components,
+                            slapi_dn_normalize(slapi_ch_strdup(bval->bv_val)));
+                i = slapi_attr_next_value(attr, i, &sval);
+            }
+            slapi_rwlock_unlock(cb->config.rwl_config_lock);
+        } else if (!strcasecmp(attr_name, CB_CONFIG_GLOBAL_DEBUG)) {
+            i = slapi_attr_first_value(attr, &sval);
+            if ((i != -1) && slapi_value_get_berval(sval)) {
+                /* any value */
+                cb_set_debug(1);
+            }
+        }
+    }
+    return LDAP_SUCCESS;
 }

ldap/servers/plugins/chainingdb/cb_controls.c

@@ -4,124 +4,128 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #include "cb.h"
 
 /*
-** Controls that can't be forwarded due to the current implementation 
+** Controls that can't be forwarded due to the current implementation
 */
 
-static char * unsupported_ctrls[] = {LDAP_CONTROL_PERSISTENTSEARCH,NULL};
+static char *unsupported_ctrls[] = {LDAP_CONTROL_PERSISTENTSEARCH, NULL};
 
-int cb_is_control_forwardable(cb_backend * cb __attribute__((unused)), char *controloid) {
-    return (!(charray_inlist(unsupported_ctrls,controloid)));
+int
+cb_is_control_forwardable(cb_backend *cb __attribute__((unused)), char *controloid)
+{
+    return (!(charray_inlist(unsupported_ctrls, controloid)));
 }
 
 void
-cb_register_supported_control( cb_backend * cb, char *controloid, unsigned long controlops __attribute__((unused)))
+cb_register_supported_control(cb_backend *cb, char *controloid, unsigned long controlops __attribute__((unused)))
 {
     /* For now, ignore controlops */
-    if ( controloid != NULL ) {
+    if (controloid != NULL) {
         slapi_rwlock_wrlock(cb->config.rwl_config_lock);
-                   charray_add( &cb->config.forward_ctrls,slapi_ch_strdup( controloid ));
+        charray_add(&cb->config.forward_ctrls, slapi_ch_strdup(controloid));
         slapi_rwlock_unlock(cb->config.rwl_config_lock);
-        }
+    }
 }
 
 
 void
-cb_unregister_all_supported_control( cb_backend * cb ) {
+cb_unregister_all_supported_control(cb_backend *cb)
+{
 
     slapi_rwlock_wrlock(cb->config.rwl_config_lock);
     charray_free(cb->config.forward_ctrls);
-    cb->config.forward_ctrls=NULL;
+    cb->config.forward_ctrls = NULL;
     slapi_rwlock_unlock(cb->config.rwl_config_lock);
 }
 
 void
-cb_unregister_supported_control( cb_backend * cb, char *controloid, unsigned long controlops )
+cb_unregister_supported_control(cb_backend *cb, char *controloid, unsigned long controlops)
 {
 
     /* For now, ignore controlops */
-    if ( controloid != NULL ) {
+    if (controloid != NULL) {
         int i;
         slapi_rwlock_wrlock(cb->config.rwl_config_lock);
-        for ( i = 0; cb->config.forward_ctrls != NULL && cb->config.forward_ctrls[i] != NULL; ++i ) {
-            if ( strcmp( cb->config.forward_ctrls[i], controloid ) == 0 ) {
+        for (i = 0; cb->config.forward_ctrls != NULL && cb->config.forward_ctrls[i] != NULL; ++i) {
+            if (strcmp(cb->config.forward_ctrls[i], controloid) == 0) {
                 break;
             }
         }
-        if ( cb->config.forward_ctrls == NULL || cb->config.forward_ctrls[i] == NULL) {
+        if (cb->config.forward_ctrls == NULL || cb->config.forward_ctrls[i] == NULL) {
             slapi_rwlock_unlock(cb->config.rwl_config_lock);
             return;
         }
-        if ( controlops == 0 ) {
-            charray_remove(cb->config.forward_ctrls,controloid,0/* free it */);
+        if (controlops == 0) {
+            charray_remove(cb->config.forward_ctrls, controloid, 0 /* free it */);
         }
         slapi_rwlock_unlock(cb->config.rwl_config_lock);
     }
 }
 
-int cb_create_loop_control (
-     const ber_int_t hops,
-     LDAPControl **ctrlp)
+int
+cb_create_loop_control(
+    const ber_int_t hops,
+    LDAPControl **ctrlp)
 
 {
-    BerElement      *ber;
-    int             rc;
+    BerElement *ber;
+    int rc;
 
     if ((ber = ber_alloc()) == NULL)
         return -1;
 
-    if ( ber_printf( ber, "i", hops ) < 0) {
-        ber_free(ber,1);
+    if (ber_printf(ber, "i", hops) < 0) {
+        ber_free(ber, 1);
         return -1;
     }
 
-    rc = slapi_build_control( CB_LDAP_CONTROL_CHAIN_SERVER, ber, 0, ctrlp);
+    rc = slapi_build_control(CB_LDAP_CONTROL_CHAIN_SERVER, ber, 0, ctrlp);
 
-    ber_free(ber,1);
+    ber_free(ber, 1);
 
     return rc;
 }
 
 /*
-** Return the controls to be passed to the remote 
+** Return the controls to be passed to the remote
 ** farm server and the LDAP error to return.
 **
 ** Add the Proxied Authorization control when impersonation
-** is enabled. Other controls present in the request are added 
+** is enabled. Other controls present in the request are added
 ** to the control list
 **
 ** #622885 .abandon should not inherit the to-be-abandoned-operation's controls
 **         .controls attached to abandon should not be critical
 */
 
-int cb_update_controls( Slapi_PBlock * pb, 
-                        LDAP         * ld,
-                        LDAPControl  *** controls,
-                        int          ctrl_flags
-                      )
+int
+cb_update_controls(Slapi_PBlock *pb,
+                   LDAP *ld,
+                   LDAPControl ***controls,
+                   int ctrl_flags)
 {
 
-    int cCount=0;
-    int dCount=0;
+    int cCount = 0;
+    int dCount = 0;
     int i;
-    char * proxyDN=NULL;
-    LDAPControl ** reqControls = NULL;
-    LDAPControl ** ctrls = NULL;
-    cb_backend_instance  * cb;
-    cb_backend           * cbb;
-    Slapi_Backend        * be;
-    int rc=LDAP_SUCCESS;
-    ber_int_t hops=0;
-    int useloop=0;
+    char *proxyDN = NULL;
+    LDAPControl **reqControls = NULL;
+    LDAPControl **ctrls = NULL;
+    cb_backend_instance *cb;
+    cb_backend *cbb;
+    Slapi_Backend *be;
+    int rc = LDAP_SUCCESS;
+    ber_int_t hops = 0;
+    int useloop = 0;
     int addauth = (ctrl_flags & CB_UPDATE_CONTROLS_ADDAUTH);
     int isabandon = (ctrl_flags & CB_UPDATE_CONTROLS_ISABANDON);
     int op_type = 0;
@@ -130,10 +134,10 @@ int cb_update_controls( Slapi_PBlock * pb,
     slapi_pblock_get(pb, SLAPI_OPERATION_TYPE, &op_type);
     if (!isabandon || op_type == SLAPI_OPERATION_ABANDON) {
         /* if not abandon or abandon sent by client */
-        slapi_pblock_get( pb, SLAPI_REQCONTROLS, &reqControls );
+        slapi_pblock_get(pb, SLAPI_REQCONTROLS, &reqControls);
     }
-    slapi_pblock_get( pb, SLAPI_BACKEND, &be );
-    slapi_pblock_get( pb, SLAPI_PLUGIN_PRIVATE, &cbb );
+    slapi_pblock_get(pb, SLAPI_BACKEND, &be);
+    slapi_pblock_get(pb, SLAPI_PLUGIN_PRIVATE, &cbb);
     cb = cb_get_instance(be);
 
     /*****************************************/
@@ -142,25 +146,26 @@ int cb_update_controls( Slapi_PBlock * pb,
     /* else remove it from the control list  */
     /*****************************************/
 
-    for ( cCount=0; reqControls && reqControls[cCount]; cCount++ );
-    ctrls = (LDAPControl **)slapi_ch_calloc(1,sizeof(LDAPControl *) * (cCount +3));
+    for (cCount = 0; reqControls && reqControls[cCount]; cCount++)
+        ;
+    ctrls = (LDAPControl **)slapi_ch_calloc(1, sizeof(LDAPControl *) * (cCount + 3));
 
     slapi_rwlock_rdlock(cbb->config.rwl_config_lock);
 
-    for ( cCount=0; reqControls && reqControls[cCount]; cCount++ ) {
+    for (cCount = 0; reqControls && reqControls[cCount]; cCount++) {
 
         /* XXXSD CASCADING */
         /* For now, allow PROXY_AUTH control forwarding only when       */
         /* local acl evaluation to prevent unauthorized access          */
 
-        if (!strcmp(reqControls[cCount]->ldctl_oid,LDAP_CONTROL_PROXYAUTH)) {
+        if (!strcmp(reqControls[cCount]->ldctl_oid, LDAP_CONTROL_PROXYAUTH)) {
 
             /* we have to force remote acl checking if the associated backend to this
             chaining backend is disabled - disabled == no acl check possible */
             if (!cb->local_acl && !cb->associated_be_is_disabled) {
-                slapi_log_err(SLAPI_LOG_PLUGIN,CB_PLUGIN_SUBSYSTEM,
-                    "local aci check required to handle proxied auth control. Deny access.\n");
-                    rc= LDAP_INSUFFICIENT_ACCESS;
+                slapi_log_err(SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM,
+                              "local aci check required to handle proxied auth control. Deny access.\n");
+                rc = LDAP_INSUFFICIENT_ACCESS;
                 break;
             }
 
@@ -168,18 +173,18 @@ int cb_update_controls( Slapi_PBlock * pb,
             /* checked earlier when impersonation is on                           */
 
             if (!cb->impersonate) {
-                char * requestor,*rootdn;
-                char * requestorCopy=NULL;
+                char *requestor, *rootdn;
+                char *requestorCopy = NULL;
 
                 rootdn = cb_get_rootdn();
-                slapi_pblock_get( pb, SLAPI_REQUESTOR_NDN, &requestor );
+                slapi_pblock_get(pb, SLAPI_REQUESTOR_NDN, &requestor);
                 requestorCopy = slapi_ch_strdup(requestor);
                 slapi_dn_ignore_case(requestorCopy);
 
-                if (!strcmp( requestorCopy, rootdn )) {    /* UTF8- aware */
-                    slapi_log_err(SLAPI_LOG_PLUGIN,CB_PLUGIN_SUBSYSTEM,
-                            "Use of user <%s> incompatible with proxied auth. control\n",
-                            rootdn);
+                if (!strcmp(requestorCopy, rootdn)) { /* UTF8- aware */
+                    slapi_log_err(SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM,
+                                  "Use of user <%s> incompatible with proxied auth. control\n",
+                                  rootdn);
                     rc = LDAP_UNAVAILABLE_CRITICAL_EXTENSION;
                     slapi_ch_free_string(&rootdn);
                     slapi_ch_free_string(&requestorCopy);
@@ -189,45 +194,44 @@ int cb_update_controls( Slapi_PBlock * pb,
                 slapi_ch_free_string(&requestorCopy);
             }
 
-            addauth=0;
-            ctrls[dCount]=slapi_dup_control(reqControls[cCount]);
+            addauth = 0;
+            ctrls[dCount] = slapi_dup_control(reqControls[cCount]);
             dCount++;
 
-        } else if (!strcmp(reqControls[cCount]->ldctl_oid,CB_LDAP_CONTROL_CHAIN_SERVER) &&
+        } else if (!strcmp(reqControls[cCount]->ldctl_oid, CB_LDAP_CONTROL_CHAIN_SERVER) &&
                    BV_HAS_DATA((&(reqControls[cCount]->ldctl_value)))) {
             /* Max hop count reached ?                 */
             /* Checked earlier by a call to cb_forward_operation()  */
 
-            BerElement      *ber = NULL;
+            BerElement *ber = NULL;
 
             ber = ber_init(&(reqControls[cCount]->ldctl_value));
-            if (LBER_ERROR == ber_scanf(ber,"i",&hops)) {
-                slapi_log_err(SLAPI_LOG_PLUGIN,CB_PLUGIN_SUBSYSTEM,
-                                 "Unable to get number of hops from the chaining control\n");
+            if (LBER_ERROR == ber_scanf(ber, "i", &hops)) {
+                slapi_log_err(SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM,
+                              "Unable to get number of hops from the chaining control\n");
             }
-            ber_free(ber,1);
-            useloop=1;
+            ber_free(ber, 1);
+            useloop = 1;
 
             /* Add to the control list later */
 
         } else {
 
             int i;
-            for ( i = 0; cbb->config.forward_ctrls != NULL
-                && cbb->config.forward_ctrls[i] != NULL; ++i ) {
-                if ( strcmp( cbb->config.forward_ctrls[i], reqControls[cCount]->ldctl_oid ) == 0 ) {
+            for (i = 0; cbb->config.forward_ctrls != NULL && cbb->config.forward_ctrls[i] != NULL; ++i) {
+                if (strcmp(cbb->config.forward_ctrls[i], reqControls[cCount]->ldctl_oid) == 0) {
                     break;
                 }
             }
             /* For now, ignore optype */
-            if ( cbb->config.forward_ctrls == NULL || cbb->config.forward_ctrls[i] == NULL) {
+            if (cbb->config.forward_ctrls == NULL || cbb->config.forward_ctrls[i] == NULL) {
                 if (reqControls[cCount]->ldctl_iscritical) {
                     rc = LDAP_UNAVAILABLE_CRITICAL_EXTENSION;
                     break;
                 }
                 /* Skip it */
             } else {
-                ctrls[dCount]=slapi_dup_control(reqControls[cCount]);
+                ctrls[dCount] = slapi_dup_control(reqControls[cCount]);
                 dCount++;
             }
         }
@@ -244,19 +248,19 @@ int cb_update_controls( Slapi_PBlock * pb,
     /* add impersonation control if needed */
     /***************************************/
 
-    if ( !(cb->impersonate) ) {
+    if (!(cb->impersonate)) {
 
         /* don't add proxy control */
-        addauth=0;
+        addauth = 0;
     }
-        
+
     if (addauth) {
-        slapi_pblock_get( pb, SLAPI_REQUESTOR_DN, &proxyDN );
+        slapi_pblock_get(pb, SLAPI_REQUESTOR_DN, &proxyDN);
 
-        if ( slapi_ldap_create_proxyauth_control(ld, proxyDN, isabandon?0:1, 0, &ctrls[dCount] )) {
+        if (slapi_ldap_create_proxyauth_control(ld, proxyDN, isabandon ? 0 : 1, 0, &ctrls[dCount])) {
             ldap_controls_free(ctrls);
-                slapi_log_err(SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM,
-                "LDAP_CONTROL_PROXYAUTH control encoding failed.\n");
+            slapi_log_err(SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM,
+                          "LDAP_CONTROL_PROXYAUTH control encoding failed.\n");
             return LDAP_OPERATIONS_ERROR;
         }
         dCount++;
@@ -268,34 +272,32 @@ int cb_update_controls( Slapi_PBlock * pb,
     /***********************************************************/
 
     if (!useloop) {
-        for ( i = 0; cbb->config.forward_ctrls != NULL
-                && cbb->config.forward_ctrls[i] != NULL; ++i ) {
-            if ( strcmp( cbb->config.forward_ctrls[i], 
-                CB_LDAP_CONTROL_CHAIN_SERVER) == 0 ) {
+        for (i = 0; cbb->config.forward_ctrls != NULL && cbb->config.forward_ctrls[i] != NULL; ++i) {
+            if (strcmp(cbb->config.forward_ctrls[i],
+                       CB_LDAP_CONTROL_CHAIN_SERVER) == 0) {
                 break;
             }
         }
     }
-    if ( useloop || (cbb->config.forward_ctrls !=NULL && cbb->config.forward_ctrls[i] !=NULL)){
-        
+    if (useloop || (cbb->config.forward_ctrls != NULL && cbb->config.forward_ctrls[i] != NULL)) {
+
         if (hops > 0) {
             hops--;
         } else {
             hops = cb->hoplimit;
         }
 
-        /* loop control's critical flag is 0; 
+        /* loop control's critical flag is 0;
          * no special treatment is needed for abandon */
-        cb_create_loop_control(hops,&ctrls[dCount]); 
+        cb_create_loop_control(hops, &ctrls[dCount]);
         dCount++;
     }
 
-    if (dCount==0) {
+    if (dCount == 0) {
         ldap_controls_free(ctrls);
     } else {
         *controls = ctrls;
     }
 
     return LDAP_SUCCESS;
-
 }

ldap/servers/plugins/chainingdb/cb_debug.c

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 /*
@@ -19,4 +19,3 @@
 #include <string.h>
 #include <sys/types.h>
 #include "cb.h"
-

ldap/servers/plugins/chainingdb/cb_delete.c

@@ -4,11 +4,11 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #include "cb.h"
@@ -23,219 +23,219 @@
  */
 
 int
-chaining_back_delete ( Slapi_PBlock *pb )
+chaining_back_delete(Slapi_PBlock *pb)
 {
-	cb_outgoing_conn    *cnx;
-	Slapi_Backend       *be;
-	cb_backend_instance *cb;
-	LDAPControl         **ctrls, **serverctrls;
-	LDAPMessage         *res;
-	LDAP                *ld = NULL;
-	Slapi_DN            *sdn = NULL;
-	const char          *dn = NULL;
-	char                **referrals = NULL;
-	char                *matched_msg, *error_msg;
-	char                *cnxerrbuf = NULL;
-	time_t              endtime = 0;
-	int                 rc, parse_rc, msgid, i;
-
-	if ( LDAP_SUCCESS != (rc=cb_forward_operation(pb) )) {
-		cb_send_ldap_result( pb, rc, NULL, "Chaining forbidden", 0, NULL );
-		return -1;
-	}
-
-	slapi_pblock_get( pb, SLAPI_BACKEND, &be );
-	cb = cb_get_instance(be);
-
-	cb_update_monitor_info(pb,cb,SLAPI_OPERATION_DELETE);
-
-	/* Check wether the chaining BE is available or not */
-	if ( cb_check_availability( cb, pb ) == FARMSERVER_UNAVAILABLE ){
-		return -1;
-	}
-
-	slapi_pblock_get( pb, SLAPI_DELETE_TARGET_SDN, &sdn );
-	if (NULL == sdn) {
-		cb_send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX, NULL, "Null target DN", 0, NULL);
-		return -1;
-	}
-	dn = slapi_sdn_get_dn(sdn);
-	/* 
-	 * Check local acls
-	 */
-
-	if (cb->local_acl && !cb->associated_be_is_disabled) {
-		char * errbuf=NULL;
-		Slapi_Entry *te = slapi_entry_alloc();
-
-		slapi_entry_set_sdn(te, sdn); /* sdn: copied */
-		rc = cb_access_allowed (pb, te, NULL, NULL, SLAPI_ACL_DELETE,&errbuf);
-		slapi_entry_free(te);
-
-		if ( rc != LDAP_SUCCESS ) {
-			cb_send_ldap_result( pb, rc, NULL, errbuf, 0, NULL );
-			slapi_ch_free((void **)&errbuf);
-			return -1;
-		}
-	}
-
-	/*
-	 * Grab a connection handle
-	 */
-	rc = cb_get_connection(cb->pool, &ld, &cnx, NULL, &cnxerrbuf);
-	if (LDAP_SUCCESS != rc) {
-		static int warned_get_conn = 0;
-		if (!warned_get_conn) {
-			slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM,
-			                "chaining_back_delete - connection failed (%d) %s\n",
-			                rc, ldap_err2string(rc));
-			warned_get_conn = 1;
-		}
-		cb_send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL,
-		                    cnxerrbuf, 0, NULL);
-		slapi_ch_free_string(&cnxerrbuf);
-		/* ping the farm.
-		 * If the farm is unreachable, we increment the counter */
-		cb_ping_farm(cb, NULL, 0);
-		return -1;
-	}
-
-	/*
-	 * Control management
-	 */
-	if ( (rc = cb_update_controls( pb,ld,&ctrls,CB_UPDATE_CONTROLS_ADDAUTH )) != LDAP_SUCCESS ) {
-		cb_send_ldap_result( pb, rc, NULL,NULL, 0, NULL);
-		cb_release_op_connection(cb->pool,ld,CB_LDAP_CONN_ERROR(rc));
-		return -1;
-	}
-
-	if ( slapi_op_abandoned( pb )) {
-		cb_release_op_connection(cb->pool,ld,0);
-		ldap_controls_free(ctrls);
-		return -1;
-	}
-
-	/* heart-beat management */
-	if (cb->max_idle_time>0) {
-		endtime=slapi_current_utc_time() + cb->max_idle_time;
-	}
-
-	/*
-	 * Call the backend preoperation plugins
-	 */
-	if((rc = slapi_plugin_call_preop_be_plugins(pb, SLAPI_PLUGIN_DEL_OP))){
-		slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM, "chaining_back_delete - delete (%s): pre betxn failed, error (%d)\n",dn,rc);
-		cb_release_op_connection(cb->pool,ld,0);
-		ldap_controls_free(ctrls);
-		return -1;
-	}
-
-	/*
-	 * Send LDAP operation to the remote host
-	 */
-	rc = ldap_delete_ext( ld, dn, ctrls, NULL, &msgid );
-	ldap_controls_free(ctrls);
-	if ( rc != LDAP_SUCCESS ) {
-		cb_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL,
-			ldap_err2string(rc), 0, NULL);
-		cb_release_op_connection(cb->pool,ld,CB_LDAP_CONN_ERROR(rc));
-		return -1;
-	}
-
-	while ( 1 ) {
-		if (cb_check_forward_abandon(cb,pb,ld,msgid)) {
-			return -1;
-		}
-
-		rc = ldap_result( ld, msgid, 0, &cb->abandon_timeout, &res );
-		switch ( rc ) {
-		case -1:
-			cb_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL,
-				ldap_err2string(rc), 0, NULL);
-			cb_release_op_connection(cb->pool,ld,CB_LDAP_CONN_ERROR(rc));
-			ldap_msgfree(res);
-			return -1;
-		case 0:
-			if ((rc=cb_ping_farm(cb,cnx,endtime)) != LDAP_SUCCESS) {
-				/* does not respond. give up and return a error to the client. */
-
-				/*cb_send_ldap_result(pb,LDAP_OPERATIONS_ERROR, NULL,
-					ldap_err2string(rc), 0, NULL);*/
-				cb_send_ldap_result(pb,LDAP_OPERATIONS_ERROR, NULL,"FARM SERVER TEMPORARY UNAVAILABLE", 0, NULL);
-				cb_release_op_connection(cb->pool,ld,CB_LDAP_CONN_ERROR(rc));
-				ldap_msgfree(res);
-				return -1;
-			}
+    cb_outgoing_conn *cnx;
+    Slapi_Backend *be;
+    cb_backend_instance *cb;
+    LDAPControl **ctrls, **serverctrls;
+    LDAPMessage *res;
+    LDAP *ld = NULL;
+    Slapi_DN *sdn = NULL;
+    const char *dn = NULL;
+    char **referrals = NULL;
+    char *matched_msg, *error_msg;
+    char *cnxerrbuf = NULL;
+    time_t endtime = 0;
+    int rc, parse_rc, msgid, i;
+
+    if (LDAP_SUCCESS != (rc = cb_forward_operation(pb))) {
+        cb_send_ldap_result(pb, rc, NULL, "Chaining forbidden", 0, NULL);
+        return -1;
+    }
+
+    slapi_pblock_get(pb, SLAPI_BACKEND, &be);
+    cb = cb_get_instance(be);
+
+    cb_update_monitor_info(pb, cb, SLAPI_OPERATION_DELETE);
+
+    /* Check wether the chaining BE is available or not */
+    if (cb_check_availability(cb, pb) == FARMSERVER_UNAVAILABLE) {
+        return -1;
+    }
+
+    slapi_pblock_get(pb, SLAPI_DELETE_TARGET_SDN, &sdn);
+    if (NULL == sdn) {
+        cb_send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX, NULL, "Null target DN", 0, NULL);
+        return -1;
+    }
+    dn = slapi_sdn_get_dn(sdn);
+    /*
+     * Check local acls
+     */
+
+    if (cb->local_acl && !cb->associated_be_is_disabled) {
+        char *errbuf = NULL;
+        Slapi_Entry *te = slapi_entry_alloc();
+
+        slapi_entry_set_sdn(te, sdn); /* sdn: copied */
+        rc = cb_access_allowed(pb, te, NULL, NULL, SLAPI_ACL_DELETE, &errbuf);
+        slapi_entry_free(te);
+
+        if (rc != LDAP_SUCCESS) {
+            cb_send_ldap_result(pb, rc, NULL, errbuf, 0, NULL);
+            slapi_ch_free((void **)&errbuf);
+            return -1;
+        }
+    }
+
+    /*
+     * Grab a connection handle
+     */
+    rc = cb_get_connection(cb->pool, &ld, &cnx, NULL, &cnxerrbuf);
+    if (LDAP_SUCCESS != rc) {
+        static int warned_get_conn = 0;
+        if (!warned_get_conn) {
+            slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM,
+                          "chaining_back_delete - connection failed (%d) %s\n",
+                          rc, ldap_err2string(rc));
+            warned_get_conn = 1;
+        }
+        cb_send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL,
+                            cnxerrbuf, 0, NULL);
+        slapi_ch_free_string(&cnxerrbuf);
+        /* ping the farm.
+         * If the farm is unreachable, we increment the counter */
+        cb_ping_farm(cb, NULL, 0);
+        return -1;
+    }
+
+    /*
+     * Control management
+     */
+    if ((rc = cb_update_controls(pb, ld, &ctrls, CB_UPDATE_CONTROLS_ADDAUTH)) != LDAP_SUCCESS) {
+        cb_send_ldap_result(pb, rc, NULL, NULL, 0, NULL);
+        cb_release_op_connection(cb->pool, ld, CB_LDAP_CONN_ERROR(rc));
+        return -1;
+    }
+
+    if (slapi_op_abandoned(pb)) {
+        cb_release_op_connection(cb->pool, ld, 0);
+        ldap_controls_free(ctrls);
+        return -1;
+    }
+
+    /* heart-beat management */
+    if (cb->max_idle_time > 0) {
+        endtime = slapi_current_utc_time() + cb->max_idle_time;
+    }
+
+    /*
+     * Call the backend preoperation plugins
+     */
+    if ((rc = slapi_plugin_call_preop_be_plugins(pb, SLAPI_PLUGIN_DEL_OP))) {
+        slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM, "chaining_back_delete - delete (%s): pre betxn failed, error (%d)\n", dn, rc);
+        cb_release_op_connection(cb->pool, ld, 0);
+        ldap_controls_free(ctrls);
+        return -1;
+    }
+
+    /*
+     * Send LDAP operation to the remote host
+     */
+    rc = ldap_delete_ext(ld, dn, ctrls, NULL, &msgid);
+    ldap_controls_free(ctrls);
+    if (rc != LDAP_SUCCESS) {
+        cb_send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL,
+                            ldap_err2string(rc), 0, NULL);
+        cb_release_op_connection(cb->pool, ld, CB_LDAP_CONN_ERROR(rc));
+        return -1;
+    }
+
+    while (1) {
+        if (cb_check_forward_abandon(cb, pb, ld, msgid)) {
+            return -1;
+        }
+
+        rc = ldap_result(ld, msgid, 0, &cb->abandon_timeout, &res);
+        switch (rc) {
+        case -1:
+            cb_send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL,
+                                ldap_err2string(rc), 0, NULL);
+            cb_release_op_connection(cb->pool, ld, CB_LDAP_CONN_ERROR(rc));
+            ldap_msgfree(res);
+            return -1;
+        case 0:
+            if ((rc = cb_ping_farm(cb, cnx, endtime)) != LDAP_SUCCESS) {
+                /* does not respond. give up and return a error to the client. */
+
+                /*cb_send_ldap_result(pb,LDAP_OPERATIONS_ERROR, NULL,
+                    ldap_err2string(rc), 0, NULL);*/
+                cb_send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, "FARM SERVER TEMPORARY UNAVAILABLE", 0, NULL);
+                cb_release_op_connection(cb->pool, ld, CB_LDAP_CONN_ERROR(rc));
+                ldap_msgfree(res);
+                return -1;
+            }
 #ifdef CB_YIELD
-                        DS_Sleep(PR_INTERVAL_NO_WAIT);
+            DS_Sleep(PR_INTERVAL_NO_WAIT);
 #endif
-			break;
-		default:
-			matched_msg=error_msg=NULL;
-			parse_rc = ldap_parse_result( ld, res, &rc, &matched_msg, 
-			                              &error_msg, &referrals, &serverctrls, 1 );
-			if ( parse_rc != LDAP_SUCCESS ) {
-				static int warned_parse_rc = 0;
-				if (!warned_parse_rc) {
-					slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM,
-						"chaining_back_delete - %s%s%s\n",
-						matched_msg?matched_msg:"",
-						(matched_msg&&(*matched_msg!='\0'))?": ":"",
-						ldap_err2string(parse_rc) );
-					warned_parse_rc = 1;
-				}
-				cb_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL,
-				                     ENDUSERMSG, 0, NULL );
-				cb_release_op_connection(cb->pool,ld,CB_LDAP_CONN_ERROR(parse_rc));
-				slapi_ch_free_string(&matched_msg);
-				slapi_ch_free_string(&error_msg);
-				ldap_controls_free(serverctrls);
-				charray_free(referrals);
-				return -1;
-			}
-
-			if ( rc != LDAP_SUCCESS ) {
-				struct berval ** refs =  referrals2berval(referrals); 
-				static int warned_rc = 0;
-				if (!warned_rc && error_msg) {
-					slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM,
-						"chaining_back_delete - %s%s%s\n",
-						matched_msg?matched_msg:"",
-						(matched_msg&&(*matched_msg!='\0'))?": ":"",
-						error_msg );
-					warned_rc = 1;
-				}
-				cb_send_ldap_result( pb, rc, matched_msg, ENDUSERMSG, 0, refs);
-				cb_release_op_connection(cb->pool,ld,CB_LDAP_CONN_ERROR(rc));
-				slapi_ch_free_string(&matched_msg);
-				slapi_ch_free_string(&error_msg);
-				if (refs) 
-					ber_bvecfree(refs);
-				charray_free(referrals);
-				ldap_controls_free(serverctrls);
-				return -1;
-			}
-
-			cb_release_op_connection(cb->pool,ld,0);
-
-			/* Call the backend postoperation plugins */
-			if((rc = slapi_plugin_call_postop_be_plugins(pb, SLAPI_PLUGIN_DEL_OP))){
-				slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM, "chaining_back_delete - delete (%s): post betxn failed, error (%d)\n",dn,rc);
-			}
-
-			/* Add control response sent by the farm server */
-			for (i=0; serverctrls && serverctrls[i];i++)
-				slapi_pblock_set( pb, SLAPI_ADD_RESCONTROL, serverctrls[i]);
-			ldap_controls_free(serverctrls);
-			slapi_ch_free_string(&matched_msg);
-			slapi_ch_free_string(&error_msg);
-			charray_free(referrals);
-			cb_send_ldap_result( pb, LDAP_SUCCESS, NULL, NULL, 0, NULL );
-
-			return 0;
-		}
-	}
-
-	/* Never reached */
-	/* return 0; */
+            break;
+        default:
+            matched_msg = error_msg = NULL;
+            parse_rc = ldap_parse_result(ld, res, &rc, &matched_msg,
+                                         &error_msg, &referrals, &serverctrls, 1);
+            if (parse_rc != LDAP_SUCCESS) {
+                static int warned_parse_rc = 0;
+                if (!warned_parse_rc) {
+                    slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM,
+                                  "chaining_back_delete - %s%s%s\n",
+                                  matched_msg ? matched_msg : "",
+                                  (matched_msg && (*matched_msg != '\0')) ? ": " : "",
+                                  ldap_err2string(parse_rc));
+                    warned_parse_rc = 1;
+                }
+                cb_send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL,
+                                    ENDUSERMSG, 0, NULL);
+                cb_release_op_connection(cb->pool, ld, CB_LDAP_CONN_ERROR(parse_rc));
+                slapi_ch_free_string(&matched_msg);
+                slapi_ch_free_string(&error_msg);
+                ldap_controls_free(serverctrls);
+                charray_free(referrals);
+                return -1;
+            }
+
+            if (rc != LDAP_SUCCESS) {
+                struct berval **refs = referrals2berval(referrals);
+                static int warned_rc = 0;
+                if (!warned_rc && error_msg) {
+                    slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM,
+                                  "chaining_back_delete - %s%s%s\n",
+                                  matched_msg ? matched_msg : "",
+                                  (matched_msg && (*matched_msg != '\0')) ? ": " : "",
+                                  error_msg);
+                    warned_rc = 1;
+                }
+                cb_send_ldap_result(pb, rc, matched_msg, ENDUSERMSG, 0, refs);
+                cb_release_op_connection(cb->pool, ld, CB_LDAP_CONN_ERROR(rc));
+                slapi_ch_free_string(&matched_msg);
+                slapi_ch_free_string(&error_msg);
+                if (refs)
+                    ber_bvecfree(refs);
+                charray_free(referrals);
+                ldap_controls_free(serverctrls);
+                return -1;
+            }
+
+            cb_release_op_connection(cb->pool, ld, 0);
+
+            /* Call the backend postoperation plugins */
+            if ((rc = slapi_plugin_call_postop_be_plugins(pb, SLAPI_PLUGIN_DEL_OP))) {
+                slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM, "chaining_back_delete - delete (%s): post betxn failed, error (%d)\n", dn, rc);
+            }
+
+            /* Add control response sent by the farm server */
+            for (i = 0; serverctrls && serverctrls[i]; i++)
+                slapi_pblock_set(pb, SLAPI_ADD_RESCONTROL, serverctrls[i]);
+            ldap_controls_free(serverctrls);
+            slapi_ch_free_string(&matched_msg);
+            slapi_ch_free_string(&error_msg);
+            charray_free(referrals);
+            cb_send_ldap_result(pb, LDAP_SUCCESS, NULL, NULL, 0, NULL);
+
+            return 0;
+        }
+    }
+
+    /* Never reached */
+    /* return 0; */
 }

ldap/servers/plugins/chainingdb/cb_init.c

@@ -4,93 +4,97 @@
  * All rights reserved.
  *
  * License: GPL (version 3 or any later version).
- * See LICENSE for details. 
+ * See LICENSE for details.
  * END COPYRIGHT BLOCK **/
 
 #ifdef HAVE_CONFIG_H
-#  include <config.h>
+#include <config.h>
 #endif
 
 #include "cb.h"
 
-Slapi_PluginDesc chainingdbdesc = { CB_PLUGIN_NAME,
-				    VENDOR,
-				    DS_PACKAGE_VERSION,
-				    CB_PLUGIN_DESCRIPTION };
+Slapi_PluginDesc chainingdbdesc = {CB_PLUGIN_NAME,
+                                   VENDOR,
+                                   DS_PACKAGE_VERSION,
+                                   CB_PLUGIN_DESCRIPTION};
 
 
-static cb_backend * cb_backend_type=NULL;
+static cb_backend *cb_backend_type = NULL;
 
-cb_backend * cb_get_backend_type() {
-	return cb_backend_type;
+cb_backend *
+cb_get_backend_type()
+{
+    return cb_backend_type;
 }
 
-static void cb_set_backend_type(cb_backend * cb) {
-	cb_backend_type=cb;
+static void
+cb_set_backend_type(cb_backend *cb)
+{
+    cb_backend_type = cb;
 }
 
 /* Initialization function */
 int
-chaining_back_init( Slapi_PBlock *pb )
+chaining_back_init(Slapi_PBlock *pb)
 {
 
-	int 			rc=0;
-	cb_backend 		*cb;
-        struct slapdplugin 	*p;
-
-	cb = (cb_backend *) slapi_ch_calloc( 1, sizeof(cb_backend));
-
-	/*  Record the identity of the chaining plugin. used during internal ops.*/
-        slapi_pblock_get(pb, SLAPI_PLUGIN_IDENTITY, &(cb->identity));
-
-	/* keep a pointer back to the plugin */
-        slapi_pblock_get(pb, SLAPI_PLUGIN, &p);
-        cb->plugin = p;
-
-	/* Initialize misc. fields */
-	cb->config.rwl_config_lock = slapi_new_rwlock();
-	rc = slapi_pblock_set( pb, SLAPI_PLUGIN_PRIVATE, (void *) cb );
-
-	/* These DNs are already normalized */
-	cb->pluginDN=slapi_ch_smprintf("cn=%s,%s",CB_PLUGIN_NAME,PLUGIN_BASE_DN);
-
-	cb->configDN=slapi_ch_smprintf("cn=config,%s",cb->pluginDN);
-
-	/* Set backend callback functions */
-	rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_VERSION, SLAPI_PLUGIN_VERSION_03 );
-	rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION, (void *)&chainingdbdesc );
-	rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_DB_SEARCH_FN, 
-		(void *) chainingdb_build_candidate_list );
-	rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_DB_NEXT_SEARCH_ENTRY_FN, 
-		(void *) chainingdb_next_search_entry );
-	rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_DB_PREV_SEARCH_RESULTS_FN, 
-		(void *) chainingdb_prev_search_results );
-	rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_DB_SEARCH_RESULTS_RELEASE_FN, 
-		(void *) chaining_back_search_results_release );
-	rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_START_FN, 
-		(void *) chainingdb_start ) ;
-	rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_DB_BIND_FN, 
-		(void *) chainingdb_bind ) ;
-	rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_DB_ADD_FN, 
-		(void *) chaining_back_add );
-	rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_DB_DELETE_FN, 
-		(void *) chaining_back_delete );
-	rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_DB_COMPARE_FN, 
-		(void *) chaining_back_compare );
-	rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_DB_MODIFY_FN, 
-		(void *) chaining_back_modify );
-	rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_DB_MODRDN_FN, 
-		(void *) chaining_back_modrdn );
-	rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_DB_ABANDON_FN, 
-		(void *) chaining_back_abandon );
-        rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_DB_SIZE_FN,
-            (void *) cb_db_size );
-        rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_CLOSE_FN,
-            (void *) cb_back_close );
-        rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_CLEANUP_FN,
-            (void *) cb_back_cleanup );
-
-/****
+    int rc = 0;
+    cb_backend *cb;
+    struct slapdplugin *p;
+
+    cb = (cb_backend *)slapi_ch_calloc(1, sizeof(cb_backend));
+
+    /*  Record the identity of the chaining plugin. used during internal ops.*/
+    slapi_pblock_get(pb, SLAPI_PLUGIN_IDENTITY, &(cb->identity));
+
+    /* keep a pointer back to the plugin */
+    slapi_pblock_get(pb, SLAPI_PLUGIN, &p);
+    cb->plugin = p;
+
+    /* Initialize misc. fields */
+    cb->config.rwl_config_lock = slapi_new_rwlock();
+    rc = slapi_pblock_set(pb, SLAPI_PLUGIN_PRIVATE, (void *)cb);
+
+    /* These DNs are already normalized */
+    cb->pluginDN = slapi_ch_smprintf("cn=%s,%s", CB_PLUGIN_NAME, PLUGIN_BASE_DN);
+
+    cb->configDN = slapi_ch_smprintf("cn=config,%s", cb->pluginDN);
+
+    /* Set backend callback functions */
+    rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION, SLAPI_PLUGIN_VERSION_03);
+    rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION, (void *)&chainingdbdesc);
+    rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_DB_SEARCH_FN,
+                           (void *)chainingdb_build_candidate_list);
+    rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_DB_NEXT_SEARCH_ENTRY_FN,
+                           (void *)chainingdb_next_search_entry);
+    rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_DB_PREV_SEARCH_RESULTS_FN,
+                           (void *)chainingdb_prev_search_results);
+    rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_DB_SEARCH_RESULTS_RELEASE_FN,
+                           (void *)chaining_back_search_results_release);
+    rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_START_FN,
+                           (void *)chainingdb_start);
+    rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_DB_BIND_FN,
+                           (void *)chainingdb_bind);
+    rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_DB_ADD_FN,
+                           (void *)chaining_back_add);
+    rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_DB_DELETE_FN,
+                           (void *)chaining_back_delete);
+    rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_DB_COMPARE_FN,
+                           (void *)chaining_back_compare);
+    rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_DB_MODIFY_FN,
+                           (void *)chaining_back_modify);
+    rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_DB_MODRDN_FN,
+                           (void *)chaining_back_modrdn);
+    rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_DB_ABANDON_FN,
+                           (void *)chaining_back_abandon);
+    rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_DB_SIZE_FN,
+                           (void *)cb_db_size);
+    rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_CLOSE_FN,
+                           (void *)cb_back_close);
+    rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_CLEANUP_FN,
+                           (void *)cb_back_cleanup);
+
+    /****
         rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_DB_ENTRY_RELEASE_FN,
             (void *) chaining_back_entry_release );
         rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_DB_INIT_INSTANCE_FN,
@@ -99,30 +103,29 @@ chaining_back_init( Slapi_PBlock *pb )
             (void *) cb_back_test );
 ****/
 
-	/*
-	** The following callbacks are not implemented
-	** by the chaining backend
-	**	- SLAPI_PLUGIN_DB_FLUSH_FN
-	** 	- SLAPI_PLUGIN_DB_SEQ_FN
-	**      - SLAPI_PLUGIN_DB_RMDB_FN
-	** 	- SLAPI_PLUGIN_DB_DB2INDEX_FN
-	** 	- SLAPI_PLUGIN_DB_LDIF2DB_FN
-	** 	- SLAPI_PLUGIN_DB_DB2LDIF_FN
-	** 	- SLAPI_PLUGIN_DB_ARCHIVE2DB_FN
-	**	- SLAPI_PLUGIN_DB_DB2ARCHIVE_FN
-	** 	- SLAPI_PLUGIN_DB_BEGIN_FN
-	**	- SLAPI_PLUGIN_DB_COMMIT_FN
-	** 	- SLAPI_PLUGIN_DB_ABORT_FN
-	** 	- SLAPI_PLUGIN_DB_NEXT_SEARCH_ENTRY_EXT_FN
-	*/
-
- 	if ( rc != 0 ) {
-        	slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM, "chaining_back_init - Failed\n");
-                return( -1 );
-        }
-
-	cb_set_backend_type(cb);
-
-	return (0);
+    /*
+    ** The following callbacks are not implemented
+    ** by the chaining backend
+    **    - SLAPI_PLUGIN_DB_FLUSH_FN
+    **     - SLAPI_PLUGIN_DB_SEQ_FN
+    **      - SLAPI_PLUGIN_DB_RMDB_FN
+    **     - SLAPI_PLUGIN_DB_DB2INDEX_FN
+    **     - SLAPI_PLUGIN_DB_LDIF2DB_FN
+    **     - SLAPI_PLUGIN_DB_DB2LDIF_FN
+    **     - SLAPI_PLUGIN_DB_ARCHIVE2DB_FN
+    **    - SLAPI_PLUGIN_DB_DB2ARCHIVE_FN
+    **     - SLAPI_PLUGIN_DB_BEGIN_FN
+    **    - SLAPI_PLUGIN_DB_COMMIT_FN
+    **     - SLAPI_PLUGIN_DB_ABORT_FN
+    **     - SLAPI_PLUGIN_DB_NEXT_SEARCH_ENTRY_EXT_FN
+    */
+
+    if (rc != 0) {
+        slapi_log_err(SLAPI_LOG_ERR, CB_PLUGIN_SUBSYSTEM, "chaining_back_init - Failed\n");
+        return (-1);
+    }
+
+    cb_set_backend_type(cb);
+
+    return (0);
 }
-