Re: password policy module

["Pierangelo Masarati" <ando@sys-net.it>]

> I've committed our implementation of the LDAP Password Policy code,
> based on draft-behera-ldap-password-policy-07, more or less. The draft
> still has a lot of holes in it, and the code has a few as well, though
> it should at least work without segfaulting.
>
> I noticed the distinct need for a function "slap_add_control()" to add a
> control to the list of response controls. Currently most code that
> touches SlapReply->sr_ctrls assumes it is the only thing setting a
> control, so things will break whenever multiple controls are applicable
> to a single response. This should be a simple thing to fix.

I was planning to add a set of flags that mark whether any of the fields
in the response should be freed or safely ignored while replacing them. 
This is useful when functions that set them don't see them back; callbacks
on the way can know whether they need to free data structures or safely
ignore them.

I got stuck on the huge number of memory handling functions we currently
need to deal with; this change would also require to rewrite a lot of code
that sets the values in many different ways; it's too big an effort for me
because I don't think I have time and the deep knowledge of many parts of
code that would be required.  The safest way to do this would be to
implement helpers that add/remove data from the response structure,
dealing with existing stuff in the most appropriate way and taking care of
the flags as well; a sort of:

slap_reply_add_freeable_entry(SlapReply *rs, Entry *e)
slap_reply_add_nonfreeable_entry(SlapReply *rs, Entry *e)
slap_reply_add_freeable_controls(SlapReply *rs, BerVarray bva)
slap_reply_add_nonfreeable_controls(SlapReply *rs, BerVarray bva)
slap_reply_add_freeable_message(SlapReply *rs, char *msg)
slap_reply_add_nonfreeable_message(SlapReply *rs, char *msg)
...
and so for referrals.

Ando.
-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it