/*
* massages "in" and prettifies it into "pdn"
*
* "pdn" may be untouched if no massaging occurred and its value was not null
*/
int
rwm_dn_massage_pretty(
dncookie *dc,
struct berval *in,
struct berval *pdn )
{
int rc;
struct berval mdn = BER_BVNULL;
/* massage and pretty a DN */
rc = rwm_dn_massage( dc, in, &mdn );
if ( rc != LDAP_SUCCESS ) {
return rc;
}
if ( mdn.bv_val == in->bv_val && !BER_BVISNULL( pdn ) ) {
return rc;
}
rc = dnPretty( NULL, &mdn, pdn, NULL );
if ( mdn.bv_val != in->bv_val ) {
ch_free( mdn.bv_val );
}
return rc;
}
/*
* ldap_back_dn_massage
*
* Aliases the suffix; based on suffix_alias (servers/slapd/suffixalias.c).
*/
int
ldap_back_dn_massage(
dncookie *dc,
struct berval *odn,
struct berval *res
)
{
int i, src, dst;
struct berval pretty = {0,NULL}, *dn = odn;
assert( res != NULL );
if ( dn == NULL ) {
res->bv_val = NULL;
res->bv_len = 0;
return 0;
}
if ( dc->target->mt_rwmap.rwm_suffix_massage == NULL ) {
*res = *dn;
return 0;
}
if ( dc->tofrom ) {
src = 0 + dc->normalized;
dst = 2 + dc->normalized;
} else {
src = 2 + dc->normalized;
dst = 0 + dc->normalized;
/* DN from remote server may be in arbitrary form.
* Pretty it so we can parse reliably.
*/
dnPretty( NULL, dn, &pretty, NULL );
if (pretty.bv_val) dn = &pretty;
}
for ( i = 0;
dc->target->mt_rwmap.rwm_suffix_massage[i].bv_val != NULL;
i += 4 ) {
int aliasLength = dc->target->mt_rwmap.rwm_suffix_massage[i+src].bv_len;
int diff = dn->bv_len - aliasLength;
if ( diff < 0 ) {
/* alias is longer than dn */
continue;
} else if ( diff > 0 && ( !DN_SEPARATOR(dn->bv_val[diff-1]))) {
/* boundary is not at a DN separator */
continue;
/* At a DN Separator */
}
if ( !strcmp( dc->target->mt_rwmap.rwm_suffix_massage[i+src].bv_val, &dn->bv_val[diff] ) ) {
res->bv_len = diff + dc->target->mt_rwmap.rwm_suffix_massage[i+dst].bv_len;
res->bv_val = ch_malloc( res->bv_len + 1 );
strncpy( res->bv_val, dn->bv_val, diff );
strcpy( &res->bv_val[diff], dc->target->mt_rwmap.rwm_suffix_massage[i+dst].bv_val );
Debug( LDAP_DEBUG_ARGS,
"ldap_back_dn_massage:"
" converted \"%s\" to \"%s\"\n",
BER_BVISNULL( dn ) ? "" : dn->bv_val,
BER_BVISNULL( res ) ? "" : res->bv_val, 0 );
break;
}
}
if (pretty.bv_val) {
ch_free(pretty.bv_val);
dn = odn;
}
/* Nothing matched, just return the original DN */
if (res->bv_val == NULL) {
*res = *dn;
}
return 0;
}
static int
OpenLDAPaciPrettyNormal(
struct berval *val,
struct berval *out,
void *ctx,
int normalize )
{
struct berval oid = BER_BVNULL,
scope = BER_BVNULL,
rights = BER_BVNULL,
nrights = BER_BVNULL,
type = BER_BVNULL,
ntype = BER_BVNULL,
subject = BER_BVNULL,
nsubject = BER_BVNULL;
int idx,
rc = LDAP_SUCCESS,
freesubject = 0,
freetype = 0;
char *ptr;
BER_BVZERO( out );
if ( BER_BVISEMPTY( val ) ) {
Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: value is empty\n" );
return LDAP_INVALID_SYNTAX;
}
/* oid: if valid, it's already normalized */
if ( acl_get_part( val, 0, '#', &oid ) < 0 ||
numericoidValidate( NULL, &oid ) != LDAP_SUCCESS )
{
Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: invalid oid '%s'\n", oid.bv_val );
return LDAP_INVALID_SYNTAX;
}
/* scope: normalize by replacing with OpenLDAPaciscopes */
if ( acl_get_part( val, 1, '#', &scope ) < 0 ) {
Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: missing scope in '%s'\n", val->bv_val );
return LDAP_INVALID_SYNTAX;
}
idx = bv_getcaseidx( &scope, OpenLDAPaciscopes );
if ( idx == -1 ) {
Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: invalid scope '%s'\n", scope.bv_val );
return LDAP_INVALID_SYNTAX;
}
scope = *OpenLDAPaciscopes[ idx ];
/* rights */
if ( acl_get_part( val, 2, '#', &rights ) < 0 ) {
Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: missing rights in '%s'\n", val->bv_val );
return LDAP_INVALID_SYNTAX;
}
if ( OpenLDAPaciNormalizeRights( &rights, &nrights, ctx )
!= LDAP_SUCCESS )
{
return LDAP_INVALID_SYNTAX;
}
/* type */
if ( acl_get_part( val, 3, '#', &type ) < 0 ) {
Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: missing type in '%s'\n", val->bv_val );
rc = LDAP_INVALID_SYNTAX;
goto cleanup;
}
idx = bv_getcaseidx( &type, OpenLDAPacitypes );
if ( idx == -1 ) {
struct berval isgr;
if ( acl_get_part( &type, 0, '/', &isgr ) < 0 ) {
Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: invalid type '%s'\n", type.bv_val );
rc = LDAP_INVALID_SYNTAX;
goto cleanup;
}
idx = bv_getcaseidx( &isgr, OpenLDAPacitypes );
if ( idx == -1 || idx >= LAST_OPTIONAL ) {
Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: invalid type '%s'\n", isgr.bv_val );
rc = LDAP_INVALID_SYNTAX;
goto cleanup;
}
}
ntype = *OpenLDAPacitypes[ idx ];
/* subject */
bv_get_tail( val, &type, &subject );
if ( BER_BVISEMPTY( &subject ) || subject.bv_val[ 0 ] != '#' ) {
Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: missing subject in '%s'\n", val->bv_val );
rc = LDAP_INVALID_SYNTAX;
goto cleanup;
}
subject.bv_val++;
subject.bv_len--;
if ( idx < LAST_DNVALUED ) {
/* FIXME: pass DN syntax? */
if ( normalize ) {
rc = dnNormalize( 0, NULL, NULL,
&subject, &nsubject, ctx );
} else {
rc = dnPretty( NULL, &subject, &nsubject, ctx );
}
if ( rc == LDAP_SUCCESS ) {
freesubject = 1;
} else {
Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: invalid subject dn '%s'\n", subject.bv_val );
goto cleanup;
}
if ( OpenLDAPacitypes[ idx ] == &aci_bv[ ACI_BV_GROUP ]
|| OpenLDAPacitypes[ idx ] == &aci_bv[ ACI_BV_ROLE ] )
{
/* do {group|role}/oc/at check */
struct berval ocbv = BER_BVNULL,
atbv = BER_BVNULL;
ocbv.bv_val = ber_bvchr( &type, '/' );
if ( ocbv.bv_val != NULL ) {
ObjectClass *oc = NULL;
AttributeDescription *ad = NULL;
const char *text = NULL;
int rc;
struct berval bv;
bv.bv_len = ntype.bv_len;
ocbv.bv_val++;
ocbv.bv_len = type.bv_len - ( ocbv.bv_val - type.bv_val );
atbv.bv_val = ber_bvchr( &ocbv, '/' );
if ( atbv.bv_val != NULL ) {
atbv.bv_val++;
atbv.bv_len = type.bv_len
- ( atbv.bv_val - type.bv_val );
ocbv.bv_len = atbv.bv_val - ocbv.bv_val - 1;
rc = slap_bv2ad( &atbv, &ad, &text );
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: unknown group attribute '%s'\n", atbv.bv_val );
rc = LDAP_INVALID_SYNTAX;
goto cleanup;
}
bv.bv_len += STRLENOF( "/" ) + ad->ad_cname.bv_len;
}
oc = oc_bvfind( &ocbv );
if ( oc == NULL ) {
Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: invalid group '%s'\n", ocbv.bv_val );
rc = LDAP_INVALID_SYNTAX;
goto cleanup;
}
bv.bv_len += STRLENOF( "/" ) + oc->soc_cname.bv_len;
bv.bv_val = ber_memalloc_x( bv.bv_len + 1, ctx );
ptr = bv.bv_val;
ptr = lutil_strncopy( ptr, ntype.bv_val, ntype.bv_len );
ptr[ 0 ] = '/';
ptr++;
ptr = lutil_strncopy( ptr,
oc->soc_cname.bv_val,
oc->soc_cname.bv_len );
if ( ad != NULL ) {
ptr[ 0 ] = '/';
ptr++;
ptr = lutil_strncopy( ptr,
ad->ad_cname.bv_val,
ad->ad_cname.bv_len );
}
ptr[ 0 ] = '\0';
ntype = bv;
freetype = 1;
}
}
} else if ( OpenLDAPacitypes[ idx ] == &aci_bv[ ACI_BV_DNATTR ] ) {
AttributeDescription *ad = NULL;
const char *text = NULL;
int rc;
rc = slap_bv2ad( &subject, &ad, &text );
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: unknown dn attribute '%s'\n", subject.bv_val );
rc = LDAP_INVALID_SYNTAX;
goto cleanup;
}
if ( ad->ad_type->sat_syntax != slap_schema.si_syn_distinguishedName ) {
/* FIXME: allow nameAndOptionalUID? */
Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: wrong syntax for dn attribute '%s'\n", subject.bv_val );
rc = LDAP_INVALID_SYNTAX;
goto cleanup;
}
nsubject = ad->ad_cname;
} else if ( OpenLDAPacitypes[ idx ] == &aci_bv[ ACI_BV_SET ]
|| OpenLDAPacitypes[ idx ] == &aci_bv[ ACI_BV_SET_REF ] )
{
/* NOTE: dunno how to normalize it... */
nsubject = subject;
}
out->bv_len =
oid.bv_len + STRLENOF( "#" )
+ scope.bv_len + STRLENOF( "#" )
+ nrights.bv_len + STRLENOF( "#" )
+ ntype.bv_len + STRLENOF( "#" )
+ nsubject.bv_len;
out->bv_val = ber_memalloc_x( out->bv_len + 1, ctx );
ptr = lutil_strncopy( out->bv_val, oid.bv_val, oid.bv_len );
ptr[ 0 ] = '#';
ptr++;
ptr = lutil_strncopy( ptr, scope.bv_val, scope.bv_len );
ptr[ 0 ] = '#';
ptr++;
ptr = lutil_strncopy( ptr, nrights.bv_val, nrights.bv_len );
ptr[ 0 ] = '#';
ptr++;
ptr = lutil_strncopy( ptr, ntype.bv_val, ntype.bv_len );
ptr[ 0 ] = '#';
ptr++;
if ( !BER_BVISNULL( &nsubject ) ) {
ptr = lutil_strncopy( ptr, nsubject.bv_val, nsubject.bv_len );
}
ptr[ 0 ] = '\0';
cleanup:;
if ( freesubject ) {
ber_memfree_x( nsubject.bv_val, ctx );
}
if ( freetype ) {
ber_memfree_x( ntype.bv_val, ctx );
}
if ( !BER_BVISNULL( &nrights ) ) {
ber_memfree_x( nrights.bv_val, ctx );
}
return rc;
}
/*
* This routine generates the DN appropriate to return in
* an LDAP referral.
*/
static char * referral_dn_muck(
const char * refDN,
struct berval * baseDN,
struct berval * targetDN )
{
int rc;
struct berval bvin;
struct berval nrefDN = BER_BVNULL;
struct berval nbaseDN = BER_BVNULL;
struct berval ntargetDN = BER_BVNULL;
if( !baseDN ) {
/* no base, return target */
return targetDN ? ch_strdup( targetDN->bv_val ) : NULL;
}
if( refDN ) {
bvin.bv_val = (char *)refDN;
bvin.bv_len = strlen( refDN );
rc = dnPretty( NULL, &bvin, &nrefDN, NULL );
if( rc != LDAP_SUCCESS ) {
/* Invalid refDN */
return NULL;
}
}
if( !targetDN ) {
/* continuation reference
* if refDN present return refDN
* else return baseDN
*/
return nrefDN.bv_len ? nrefDN.bv_val : ch_strdup( baseDN->bv_val );
}
rc = dnPretty( NULL, targetDN, &ntargetDN, NULL );
if( rc != LDAP_SUCCESS ) {
/* Invalid targetDN */
ch_free( nrefDN.bv_val );
return NULL;
}
if( nrefDN.bv_len ) {
rc = dnPretty( NULL, baseDN, &nbaseDN, NULL );
if( rc != LDAP_SUCCESS ) {
/* Invalid baseDN */
ch_free( nrefDN.bv_val );
ch_free( ntargetDN.bv_val );
return NULL;
}
if( dn_match( &nbaseDN, &nrefDN ) ) {
ch_free( nrefDN.bv_val );
ch_free( nbaseDN.bv_val );
return ntargetDN.bv_val;
}
{
struct berval muck;
if( ntargetDN.bv_len < nbaseDN.bv_len ) {
ch_free( nrefDN.bv_val );
ch_free( nbaseDN.bv_val );
return ntargetDN.bv_val;
}
rc = strcasecmp(
&ntargetDN.bv_val[ntargetDN.bv_len-nbaseDN.bv_len],
nbaseDN.bv_val );
if( rc ) {
/* target not subordinate to base */
ch_free( nrefDN.bv_val );
ch_free( nbaseDN.bv_val );
return ntargetDN.bv_val;
}
muck.bv_len = ntargetDN.bv_len + nrefDN.bv_len - nbaseDN.bv_len;
muck.bv_val = ch_malloc( muck.bv_len + 1 );
strncpy( muck.bv_val, ntargetDN.bv_val,
ntargetDN.bv_len-nbaseDN.bv_len );
strcpy( &muck.bv_val[ntargetDN.bv_len-nbaseDN.bv_len],
nrefDN.bv_val );
ch_free( nrefDN.bv_val );
ch_free( nbaseDN.bv_val );
ch_free( ntargetDN.bv_val );
return muck.bv_val;
}
}
ch_free( nrefDN.bv_val );
return ntargetDN.bv_val;
}
static int
rc_cf_gen( ConfigArgs *c )
{
slap_overinst *on = (slap_overinst *)c->bi;
retcode_t *rd = (retcode_t *)on->on_bi.bi_private;
int rc = ARG_BAD_CONF;
if ( c->op == SLAP_CONFIG_EMIT ) {
switch( c->type ) {
case RC_PARENT:
if ( !BER_BVISEMPTY( &rd->rd_pdn )) {
rc = value_add_one( &c->rvalue_vals,
&rd->rd_pdn );
if ( rc == 0 ) {
rc = value_add_one( &c->rvalue_nvals,
&rd->rd_npdn );
}
return rc;
}
rc = 0;
break;
case RC_ITEM: {
retcode_item_t *rdi;
int i;
for ( rdi = rd->rd_item, i = 0; rdi; rdi = rdi->rdi_next, i++ ) {
char buf[4096];
struct berval bv;
char *ptr;
bv.bv_len = snprintf( buf, sizeof( buf ), SLAP_X_ORDERED_FMT, i );
bv.bv_len += rdi->rdi_line.bv_len;
ptr = bv.bv_val = ch_malloc( bv.bv_len + 1 );
ptr = lutil_strcopy( ptr, buf );
ptr = lutil_strncopy( ptr, rdi->rdi_line.bv_val, rdi->rdi_line.bv_len );
ber_bvarray_add( &c->rvalue_vals, &bv );
}
rc = 0;
} break;
default:
LDAP_BUG();
break;
}
return rc;
} else if ( c->op == LDAP_MOD_DELETE ) {
switch( c->type ) {
case RC_PARENT:
if ( rd->rd_pdn.bv_val ) {
ber_memfree ( rd->rd_pdn.bv_val );
rc = 0;
}
if ( rd->rd_npdn.bv_val ) {
ber_memfree ( rd->rd_npdn.bv_val );
}
break;
case RC_ITEM:
if ( c->valx == -1 ) {
retcode_item_t *rdi, *next;
for ( rdi = rd->rd_item; rdi != NULL; rdi = next ) {
next = rdi->rdi_next;
retcode_item_destroy( rdi );
}
} else {
retcode_item_t **rdip, *rdi;
int i;
for ( rdip = &rd->rd_item, i = 0; i <= c->valx && *rdip; i++, rdip = &(*rdip)->rdi_next )
;
if ( *rdip == NULL ) {
return 1;
}
rdi = *rdip;
*rdip = rdi->rdi_next;
retcode_item_destroy( rdi );
}
rc = 0;
break;
default:
LDAP_BUG();
break;
}
return rc; /* FIXME */
}
switch( c->type ) {
case RC_PARENT:
if ( rd->rd_pdn.bv_val ) {
ber_memfree ( rd->rd_pdn.bv_val );
}
if ( rd->rd_npdn.bv_val ) {
ber_memfree ( rd->rd_npdn.bv_val );
}
rd->rd_pdn = c->value_dn;
rd->rd_npdn = c->value_ndn;
rc = 0;
break;
case RC_ITEM: {
retcode_item_t rdi = { BER_BVNULL }, **rdip;
struct berval bv, rdn, nrdn;
char *next = NULL;
int i;
if ( c->argc < 3 ) {
snprintf( c->cr_msg, sizeof(c->cr_msg),
"\"retcode-item <RDN> <retcode> [<text>]\": "
"missing args" );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
return ARG_BAD_CONF;
}
ber_str2bv( c->argv[ 1 ], 0, 0, &bv );
rc = dnPrettyNormal( NULL, &bv, &rdn, &nrdn, NULL );
if ( rc != LDAP_SUCCESS ) {
snprintf( c->cr_msg, sizeof(c->cr_msg),
"unable to normalize RDN \"%s\": %d",
c->argv[ 1 ], rc );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
return ARG_BAD_CONF;
}
if ( !dnIsOneLevelRDN( &nrdn ) ) {
snprintf( c->cr_msg, sizeof(c->cr_msg),
"value \"%s\" is not a RDN",
c->argv[ 1 ] );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
return ARG_BAD_CONF;
}
if ( BER_BVISNULL( &rd->rd_npdn ) ) {
/* FIXME: we use the database suffix */
if ( c->be->be_nsuffix == NULL ) {
snprintf( c->cr_msg, sizeof(c->cr_msg),
"either \"retcode-parent\" "
"or \"suffix\" must be defined" );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
return ARG_BAD_CONF;
}
ber_dupbv( &rd->rd_pdn, &c->be->be_suffix[ 0 ] );
ber_dupbv( &rd->rd_npdn, &c->be->be_nsuffix[ 0 ] );
}
build_new_dn( &rdi.rdi_dn, &rd->rd_pdn, &rdn, NULL );
build_new_dn( &rdi.rdi_ndn, &rd->rd_npdn, &nrdn, NULL );
ch_free( rdn.bv_val );
ch_free( nrdn.bv_val );
rdi.rdi_err = strtol( c->argv[ 2 ], &next, 0 );
if ( next == c->argv[ 2 ] || next[ 0 ] != '\0' ) {
snprintf( c->cr_msg, sizeof(c->cr_msg),
"unable to parse return code \"%s\"",
c->argv[ 2 ] );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
return ARG_BAD_CONF;
}
rdi.rdi_mask = SN_DG_OP_ALL;
if ( c->argc > 3 ) {
for ( i = 3; i < c->argc; i++ ) {
if ( strncasecmp( c->argv[ i ], "op=", STRLENOF( "op=" ) ) == 0 )
{
char **ops;
int j;
ops = ldap_str2charray( &c->argv[ i ][ STRLENOF( "op=" ) ], "," );
assert( ops != NULL );
rdi.rdi_mask = SN_DG_OP_NONE;
for ( j = 0; ops[ j ] != NULL; j++ ) {
if ( strcasecmp( ops[ j ], "add" ) == 0 ) {
rdi.rdi_mask |= SN_DG_OP_ADD;
} else if ( strcasecmp( ops[ j ], "bind" ) == 0 ) {
rdi.rdi_mask |= SN_DG_OP_BIND;
} else if ( strcasecmp( ops[ j ], "compare" ) == 0 ) {
rdi.rdi_mask |= SN_DG_OP_COMPARE;
} else if ( strcasecmp( ops[ j ], "delete" ) == 0 ) {
rdi.rdi_mask |= SN_DG_OP_DELETE;
} else if ( strcasecmp( ops[ j ], "modify" ) == 0 ) {
rdi.rdi_mask |= SN_DG_OP_MODIFY;
} else if ( strcasecmp( ops[ j ], "rename" ) == 0
|| strcasecmp( ops[ j ], "modrdn" ) == 0 )
{
rdi.rdi_mask |= SN_DG_OP_RENAME;
} else if ( strcasecmp( ops[ j ], "search" ) == 0 ) {
rdi.rdi_mask |= SN_DG_OP_SEARCH;
} else if ( strcasecmp( ops[ j ], "extended" ) == 0 ) {
rdi.rdi_mask |= SN_DG_EXTENDED;
} else if ( strcasecmp( ops[ j ], "auth" ) == 0 ) {
rdi.rdi_mask |= SN_DG_OP_AUTH;
} else if ( strcasecmp( ops[ j ], "read" ) == 0 ) {
rdi.rdi_mask |= SN_DG_OP_READ;
} else if ( strcasecmp( ops[ j ], "write" ) == 0 ) {
rdi.rdi_mask |= SN_DG_OP_WRITE;
} else if ( strcasecmp( ops[ j ], "all" ) == 0 ) {
rdi.rdi_mask |= SN_DG_OP_ALL;
} else {
snprintf( c->cr_msg, sizeof(c->cr_msg),
"unknown op \"%s\"",
ops[ j ] );
ldap_charray_free( ops );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
return ARG_BAD_CONF;
}
}
ldap_charray_free( ops );
} else if ( strncasecmp( c->argv[ i ], "text=", STRLENOF( "text=" ) ) == 0 )
{
if ( !BER_BVISNULL( &rdi.rdi_text ) ) {
snprintf( c->cr_msg, sizeof(c->cr_msg),
"\"text\" already provided" );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
return ARG_BAD_CONF;
}
ber_str2bv( &c->argv[ i ][ STRLENOF( "text=" ) ], 0, 1, &rdi.rdi_text );
} else if ( strncasecmp( c->argv[ i ], "matched=", STRLENOF( "matched=" ) ) == 0 )
{
struct berval dn;
if ( !BER_BVISNULL( &rdi.rdi_matched ) ) {
snprintf( c->cr_msg, sizeof(c->cr_msg),
"\"matched\" already provided" );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
return ARG_BAD_CONF;
}
ber_str2bv( &c->argv[ i ][ STRLENOF( "matched=" ) ], 0, 0, &dn );
if ( dnPretty( NULL, &dn, &rdi.rdi_matched, NULL ) != LDAP_SUCCESS ) {
snprintf( c->cr_msg, sizeof(c->cr_msg),
"unable to prettify matched DN \"%s\"",
&c->argv[ i ][ STRLENOF( "matched=" ) ] );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
return ARG_BAD_CONF;
}
} else if ( strncasecmp( c->argv[ i ], "ref=", STRLENOF( "ref=" ) ) == 0 )
{
char **refs;
int j;
if ( rdi.rdi_ref != NULL ) {
snprintf( c->cr_msg, sizeof(c->cr_msg),
"\"ref\" already provided" );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
return ARG_BAD_CONF;
}
if ( rdi.rdi_err != LDAP_REFERRAL ) {
snprintf( c->cr_msg, sizeof(c->cr_msg),
"providing \"ref\" "
"along with a non-referral "
"resultCode may cause slapd failures "
"related to internal checks" );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
}
refs = ldap_str2charray( &c->argv[ i ][ STRLENOF( "ref=" ) ], " " );
assert( refs != NULL );
for ( j = 0; refs[ j ] != NULL; j++ ) {
struct berval bv;
ber_str2bv( refs[ j ], 0, 1, &bv );
ber_bvarray_add( &rdi.rdi_ref, &bv );
}
ldap_charray_free( refs );
} else if ( strncasecmp( c->argv[ i ], "sleeptime=", STRLENOF( "sleeptime=" ) ) == 0 )
{
if ( rdi.rdi_sleeptime != 0 ) {
snprintf( c->cr_msg, sizeof(c->cr_msg),
"\"sleeptime\" already provided" );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
return ARG_BAD_CONF;
}
if ( lutil_atoi( &rdi.rdi_sleeptime, &c->argv[ i ][ STRLENOF( "sleeptime=" ) ] ) ) {
snprintf( c->cr_msg, sizeof(c->cr_msg),
"unable to parse \"sleeptime=%s\"",
&c->argv[ i ][ STRLENOF( "sleeptime=" ) ] );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
return ARG_BAD_CONF;
}
} else if ( strncasecmp( c->argv[ i ], "unsolicited=", STRLENOF( "unsolicited=" ) ) == 0 )
{
char *data;
if ( !BER_BVISNULL( &rdi.rdi_unsolicited_oid ) ) {
snprintf( c->cr_msg, sizeof(c->cr_msg),
"\"unsolicited\" already provided" );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
return ARG_BAD_CONF;
}
data = strchr( &c->argv[ i ][ STRLENOF( "unsolicited=" ) ], ':' );
if ( data != NULL ) {
struct berval oid;
if ( ldif_parse_line2( &c->argv[ i ][ STRLENOF( "unsolicited=" ) ],
&oid, &rdi.rdi_unsolicited_data, NULL ) )
{
snprintf( c->cr_msg, sizeof(c->cr_msg),
"unable to parse \"unsolicited\"" );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
return ARG_BAD_CONF;
}
ber_dupbv( &rdi.rdi_unsolicited_oid, &oid );
} else {
ber_str2bv( &c->argv[ i ][ STRLENOF( "unsolicited=" ) ], 0, 1,
&rdi.rdi_unsolicited_oid );
}
} else if ( strncasecmp( c->argv[ i ], "flags=", STRLENOF( "flags=" ) ) == 0 )
{
char *arg = &c->argv[ i ][ STRLENOF( "flags=" ) ];
if ( strcasecmp( arg, "disconnect" ) == 0 ) {
rdi.rdi_flags |= RDI_PRE_DISCONNECT;
} else if ( strcasecmp( arg, "pre-disconnect" ) == 0 ) {
rdi.rdi_flags |= RDI_PRE_DISCONNECT;
} else if ( strcasecmp( arg, "post-disconnect" ) == 0 ) {
rdi.rdi_flags |= RDI_POST_DISCONNECT;
} else {
snprintf( c->cr_msg, sizeof(c->cr_msg),
"unknown flag \"%s\"", arg );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
return ARG_BAD_CONF;
}
} else {
snprintf( c->cr_msg, sizeof(c->cr_msg),
"unknown option \"%s\"",
c->argv[ i ] );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
return ARG_BAD_CONF;
}
}
}
rdi.rdi_line.bv_len = 2*(c->argc - 1) + c->argc - 2;
for ( i = 1; i < c->argc; i++ ) {
rdi.rdi_line.bv_len += strlen( c->argv[ i ] );
}
next = rdi.rdi_line.bv_val = ch_malloc( rdi.rdi_line.bv_len + 1 );
for ( i = 1; i < c->argc; i++ ) {
*next++ = '"';
next = lutil_strcopy( next, c->argv[ i ] );
*next++ = '"';
*next++ = ' ';
}
*--next = '\0';
for ( rdip = &rd->rd_item; *rdip; rdip = &(*rdip)->rdi_next )
/* go to last */ ;
*rdip = ( retcode_item_t * )ch_malloc( sizeof( retcode_item_t ) );
*(*rdip) = rdi;
rc = 0;
} break;
default:
rc = SLAP_CONF_UNKNOWN;
break;
}
return rc;
}
static void
asyncmeta_search_last_result(a_metaconn_t *mc, bm_context_t *bc, int candidate, int sres)
{
a_metainfo_t *mi = mc->mc_info;
Operation *op = bc->op;
SlapReply *rs = &bc->rs;
int i;
SlapReply *candidates = bc->candidates;
char *matched = NULL;
if ( bc->candidate_match > 0 ) {
struct berval pmatched = BER_BVNULL;
/* we use the first one */
for ( i = 0; i < mi->mi_ntargets; i++ ) {
if ( META_IS_CANDIDATE( &candidates[ i ] )
&& candidates[ i ].sr_matched != NULL )
{
struct berval bv, pbv;
int rc;
/* if we got success, and this target
* returned noSuchObject, and its suffix
* is a superior of the searchBase,
* ignore the matchedDN */
if ( sres == LDAP_SUCCESS
&& candidates[ i ].sr_err == LDAP_NO_SUCH_OBJECT
&& op->o_req_ndn.bv_len > mi->mi_targets[ i ]->mt_nsuffix.bv_len )
{
free( (char *)candidates[ i ].sr_matched );
candidates[ i ].sr_matched = NULL;
continue;
}
ber_str2bv( candidates[ i ].sr_matched, 0, 0, &bv );
rc = dnPretty( NULL, &bv, &pbv, op->o_tmpmemctx );
if ( rc == LDAP_SUCCESS ) {
/* NOTE: if they all are superiors
* of the baseDN, the shorter is also
* superior of the longer... */
if ( pbv.bv_len > pmatched.bv_len ) {
if ( !BER_BVISNULL( &pmatched ) ) {
op->o_tmpfree( pmatched.bv_val, op->o_tmpmemctx );
}
pmatched = pbv;
} else {
op->o_tmpfree( pbv.bv_val, op->o_tmpmemctx );
}
}
if ( candidates[ i ].sr_matched != NULL ) {
free( (char *)candidates[ i ].sr_matched );
candidates[ i ].sr_matched = NULL;
}
}
}
if ( !BER_BVISNULL( &pmatched ) ) {
matched = pmatched.bv_val;
}
} else if ( sres == LDAP_NO_SUCH_OBJECT ) {
matched = mi->mi_suffix.bv_val;
}
/*
* In case we returned at least one entry, we return LDAP_SUCCESS
* otherwise, the latter error code we got
*/
if ( sres == LDAP_SUCCESS ) {
if ( rs->sr_v2ref ) {
sres = LDAP_REFERRAL;
}
if ( META_BACK_ONERR_REPORT( mi ) ) {
/*
* Report errors, if any
*
* FIXME: we should handle error codes and return the more
* important/reasonable
*/
for ( i = 0; i < mi->mi_ntargets; i++ ) {
if ( !META_IS_CANDIDATE( &candidates[ i ] ) ) {
continue;
}
if ( candidates[ i ].sr_err != LDAP_SUCCESS
&& candidates[ i ].sr_err != LDAP_NO_SUCH_OBJECT )
{
sres = candidates[ i ].sr_err;
break;
}
}
}
}
Debug( LDAP_DEBUG_TRACE,
"%s asyncmeta_search_last_result(\"%d\"): "
".\n",
op->o_log_prefix, candidate );
rs->sr_err = sres;
rs->sr_matched = ( sres == LDAP_SUCCESS ? NULL : matched );
rs->sr_text = ( sres == LDAP_SUCCESS ? NULL : candidates[candidate].sr_text );
rs->sr_ref = ( sres == LDAP_REFERRAL ? rs->sr_v2ref : NULL );
asyncmeta_send_ldap_result(bc, op, rs);
rs->sr_text = NULL;
rs->sr_matched = NULL;
rs->sr_ref = NULL;
}
int asyncmeta_handle_common_result(LDAPMessage *msg, a_metaconn_t *mc, bm_context_t *bc, int candidate)
{
a_metainfo_t *mi;
a_metatarget_t *mt;
a_metasingleconn_t *msc;
const char *save_text = NULL,
*save_matched = NULL;
BerVarray save_ref = NULL;
LDAPControl **save_ctrls = NULL;
void *matched_ctx = NULL;
char *matched = NULL;
char *text = NULL;
char **refs = NULL;
LDAPControl **ctrls = NULL;
Operation *op;
SlapReply *rs;
int rc;
mi = mc->mc_info;
mt = mi->mi_targets[ candidate ];
msc = &mc->mc_conns[ candidate ];
op = bc->op;
rs = &bc->rs;
save_text = rs->sr_text,
save_matched = rs->sr_matched;
save_ref = rs->sr_ref;
save_ctrls = rs->sr_ctrls;
rs->sr_text = NULL;
rs->sr_matched = NULL;
rs->sr_ref = NULL;
rs->sr_ctrls = NULL;
/* only touch when activity actually took place... */
if ( mi->mi_idle_timeout != 0 ) {
asyncmeta_set_msc_time(msc);
}
rc = ldap_parse_result( msc->msc_ldr, msg, &rs->sr_err,
&matched, &text, &refs, &ctrls, 0 );
if ( rc == LDAP_SUCCESS ) {
rs->sr_text = text;
} else {
rs->sr_err = rc;
}
rs->sr_err = slap_map_api2result( rs );
/* RFC 4511: referrals can only appear
* if result code is LDAP_REFERRAL */
if ( refs != NULL
&& refs[ 0 ] != NULL
&& refs[ 0 ][ 0 ] != '\0' )
{
if ( rs->sr_err != LDAP_REFERRAL ) {
Debug( LDAP_DEBUG_ANY,
"%s asyncmeta_handle_common_result[%d]: "
"got referrals with err=%d\n",
op->o_log_prefix,
candidate, rs->sr_err );
} else {
int i;
for ( i = 0; refs[ i ] != NULL; i++ )
/* count */ ;
rs->sr_ref = op->o_tmpalloc( sizeof( struct berval ) * ( i + 1 ),
op->o_tmpmemctx );
for ( i = 0; refs[ i ] != NULL; i++ ) {
ber_str2bv( refs[ i ], 0, 0, &rs->sr_ref[ i ] );
}
BER_BVZERO( &rs->sr_ref[ i ] );
}
} else if ( rs->sr_err == LDAP_REFERRAL ) {
Debug( LDAP_DEBUG_ANY,
"%s asyncmeta_handle_common_result[%d]: "
"got err=%d with null "
"or empty referrals\n",
op->o_log_prefix,
candidate, rs->sr_err );
rs->sr_err = LDAP_NO_SUCH_OBJECT;
}
if ( ctrls != NULL ) {
rs->sr_ctrls = ctrls;
}
/* if the error in the reply structure is not
* LDAP_SUCCESS, try to map it from client
* to server error */
if ( !LDAP_ERR_OK( rs->sr_err ) ) {
rs->sr_err = slap_map_api2result( rs );
/* internal ops ( op->o_conn == NULL )
* must not reply to client */
if ( op->o_conn && !op->o_do_not_cache && matched ) {
/* record the (massaged) matched
* DN into the reply structure */
rs->sr_matched = matched;
}
}
if ( META_BACK_TGT_QUARANTINE( mt ) ) {
asyncmeta_quarantine( op, mi, rs, candidate );
}
if ( matched != NULL ) {
struct berval dn, pdn;
ber_str2bv( matched, 0, 0, &dn );
if ( dnPretty( NULL, &dn, &pdn, op->o_tmpmemctx ) == LDAP_SUCCESS ) {
ldap_memfree( matched );
matched_ctx = op->o_tmpmemctx;
matched = pdn.bv_val;
}
rs->sr_matched = matched;
}
if ( rs->sr_err == LDAP_UNAVAILABLE || rs->sr_err == LDAP_SERVER_DOWN ) {
if ( rs->sr_text == NULL ) {
rs->sr_text = "Target is unavailable";
}
}
ldap_pvt_thread_mutex_lock( &mc->mc_om_mutex );
asyncmeta_drop_bc( mc, bc);
ldap_pvt_thread_mutex_unlock( &mc->mc_om_mutex );
if ( op->o_conn ) {
asyncmeta_send_ldap_result(bc, op, rs);
}
if ( matched ) {
op->o_tmpfree( (char *)rs->sr_matched, matched_ctx );
}
if ( text ) {
ldap_memfree( text );
}
if ( rs->sr_ref ) {
op->o_tmpfree( rs->sr_ref, op->o_tmpmemctx );
rs->sr_ref = NULL;
}
if ( refs ) {
ber_memvfree( (void **)refs );
}
if ( ctrls ) {
assert( rs->sr_ctrls != NULL );
ldap_controls_free( ctrls );
}
rs->sr_text = save_text;
rs->sr_matched = save_matched;
rs->sr_ref = save_ref;
rs->sr_ctrls = save_ctrls;
rc = (LDAP_ERR_OK( rs->sr_err ) ? LDAP_SUCCESS : rs->sr_err);
ldap_pvt_thread_mutex_lock( &mc->mc_om_mutex );
asyncmeta_clear_bm_context(bc);
ldap_pvt_thread_mutex_unlock( &mc->mc_om_mutex );
return rc;
}
/*
* FIXME: error return must be handled in a cleaner way ...
*/
int
meta_back_op_result(
metaconn_t *mc,
Operation *op,
SlapReply *rs,
int candidate,
ber_int_t msgid,
time_t timeout,
ldap_back_send_t sendok )
{
metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
const char *save_text = rs->sr_text,
*save_matched = rs->sr_matched;
BerVarray save_ref = rs->sr_ref;
LDAPControl **save_ctrls = rs->sr_ctrls;
void *matched_ctx = NULL;
char *matched = NULL;
char *text = NULL;
char **refs = NULL;
LDAPControl **ctrls = NULL;
assert( mc != NULL );
rs->sr_text = NULL;
rs->sr_matched = NULL;
rs->sr_ref = NULL;
rs->sr_ctrls = NULL;
if ( candidate != META_TARGET_NONE ) {
metatarget_t *mt = mi->mi_targets[ candidate ];
metasingleconn_t *msc = &mc->mc_conns[ candidate ];
if ( LDAP_ERR_OK( rs->sr_err ) ) {
int rc;
struct timeval tv;
LDAPMessage *res = NULL;
time_t stoptime = (time_t)(-1);
int timeout_err = op->o_protocol >= LDAP_VERSION3 ?
LDAP_ADMINLIMIT_EXCEEDED : LDAP_OTHER;
const char *timeout_text = "Operation timed out";
/* if timeout is not specified, compute and use
* the one specific to the ongoing operation */
if ( timeout == (time_t)(-1) ) {
slap_op_t opidx = slap_req2op( op->o_tag );
if ( opidx == SLAP_OP_SEARCH ) {
if ( op->ors_tlimit <= 0 ) {
timeout = 0;
} else {
timeout = op->ors_tlimit;
timeout_err = LDAP_TIMELIMIT_EXCEEDED;
timeout_text = NULL;
}
} else {
timeout = mt->mt_timeout[ opidx ];
}
}
/* better than nothing :) */
if ( timeout == 0 ) {
if ( mi->mi_idle_timeout ) {
timeout = mi->mi_idle_timeout;
} else if ( mi->mi_conn_ttl ) {
timeout = mi->mi_conn_ttl;
}
}
if ( timeout ) {
stoptime = op->o_time + timeout;
}
LDAP_BACK_TV_SET( &tv );
retry:;
rc = ldap_result( msc->msc_ld, msgid, LDAP_MSG_ALL, &tv, &res );
switch ( rc ) {
case 0:
if ( timeout && slap_get_time() > stoptime ) {
(void)meta_back_cancel( mc, op, rs, msgid, candidate, sendok );
rs->sr_err = timeout_err;
rs->sr_text = timeout_text;
break;
}
LDAP_BACK_TV_SET( &tv );
ldap_pvt_thread_yield();
goto retry;
case -1:
ldap_get_option( msc->msc_ld, LDAP_OPT_RESULT_CODE,
&rs->sr_err );
break;
/* otherwise get the result; if it is not
* LDAP_SUCCESS, record it in the reply
* structure (this includes
* LDAP_COMPARE_{TRUE|FALSE}) */
default:
/* only touch when activity actually took place... */
if ( mi->mi_idle_timeout != 0 && msc->msc_time < op->o_time ) {
msc->msc_time = op->o_time;
}
rc = ldap_parse_result( msc->msc_ld, res, &rs->sr_err,
&matched, &text, &refs, &ctrls, 1 );
res = NULL;
if ( rc == LDAP_SUCCESS ) {
rs->sr_text = text;
} else {
rs->sr_err = rc;
}
rs->sr_err = slap_map_api2result( rs );
/* RFC 4511: referrals can only appear
* if result code is LDAP_REFERRAL */
if ( refs != NULL
&& refs[ 0 ] != NULL
&& refs[ 0 ][ 0 ] != '\0' )
{
if ( rs->sr_err != LDAP_REFERRAL ) {
Debug( LDAP_DEBUG_ANY,
"%s meta_back_op_result[%d]: "
"got referrals with err=%d\n",
op->o_log_prefix,
candidate, rs->sr_err );
} else {
int i;
for ( i = 0; refs[ i ] != NULL; i++ )
/* count */ ;
rs->sr_ref = op->o_tmpalloc( sizeof( struct berval ) * ( i + 1 ),
op->o_tmpmemctx );
for ( i = 0; refs[ i ] != NULL; i++ ) {
ber_str2bv( refs[ i ], 0, 0, &rs->sr_ref[ i ] );
}
BER_BVZERO( &rs->sr_ref[ i ] );
}
} else if ( rs->sr_err == LDAP_REFERRAL ) {
Debug( LDAP_DEBUG_ANY,
"%s meta_back_op_result[%d]: "
"got err=%d with null "
"or empty referrals\n",
op->o_log_prefix,
candidate, rs->sr_err );
rs->sr_err = LDAP_NO_SUCH_OBJECT;
}
if ( ctrls != NULL ) {
rs->sr_ctrls = ctrls;
}
}
assert( res == NULL );
}
/* if the error in the reply structure is not
* LDAP_SUCCESS, try to map it from client
* to server error */
if ( !LDAP_ERR_OK( rs->sr_err ) ) {
rs->sr_err = slap_map_api2result( rs );
/* internal ops ( op->o_conn == NULL )
* must not reply to client */
if ( op->o_conn && !op->o_do_not_cache && matched ) {
/* record the (massaged) matched
* DN into the reply structure */
rs->sr_matched = matched;
}
}
if ( META_BACK_TGT_QUARANTINE( mt ) ) {
meta_back_quarantine( op, rs, candidate );
}
} else {
int i,
err = rs->sr_err;
for ( i = 0; i < mi->mi_ntargets; i++ ) {
metasingleconn_t *msc = &mc->mc_conns[ i ];
char *xtext = NULL;
char *xmatched = NULL;
if ( msc->msc_ld == NULL ) {
continue;
}
rs->sr_err = LDAP_SUCCESS;
ldap_get_option( msc->msc_ld, LDAP_OPT_RESULT_CODE, &rs->sr_err );
if ( rs->sr_err != LDAP_SUCCESS ) {
/*
* better check the type of error. In some cases
* (search ?) it might be better to return a
* success if at least one of the targets gave
* positive result ...
*/
ldap_get_option( msc->msc_ld,
LDAP_OPT_DIAGNOSTIC_MESSAGE, &xtext );
if ( xtext != NULL && xtext [ 0 ] == '\0' ) {
ldap_memfree( xtext );
xtext = NULL;
}
ldap_get_option( msc->msc_ld,
LDAP_OPT_MATCHED_DN, &xmatched );
if ( xmatched != NULL && xmatched[ 0 ] == '\0' ) {
ldap_memfree( xmatched );
xmatched = NULL;
}
rs->sr_err = slap_map_api2result( rs );
if ( LogTest( LDAP_DEBUG_ANY ) ) {
char buf[ SLAP_TEXT_BUFLEN ];
snprintf( buf, sizeof( buf ),
"meta_back_op_result[%d] "
"err=%d text=\"%s\" matched=\"%s\"",
i, rs->sr_err,
( xtext ? xtext : "" ),
( xmatched ? xmatched : "" ) );
Debug( LDAP_DEBUG_ANY, "%s %s.\n",
op->o_log_prefix, buf );
}
/*
* FIXME: need to rewrite "match" (need rwinfo)
*/
switch ( rs->sr_err ) {
default:
err = rs->sr_err;
if ( xtext != NULL ) {
if ( text ) {
ldap_memfree( text );
}
text = xtext;
xtext = NULL;
}
if ( xmatched != NULL ) {
if ( matched ) {
ldap_memfree( matched );
}
matched = xmatched;
xmatched = NULL;
}
break;
}
if ( xtext ) {
ldap_memfree( xtext );
}
if ( xmatched ) {
ldap_memfree( xmatched );
}
}
if ( META_BACK_TGT_QUARANTINE( mi->mi_targets[ i ] ) ) {
meta_back_quarantine( op, rs, i );
}
}
if ( err != LDAP_SUCCESS ) {
rs->sr_err = err;
}
}
if ( matched != NULL ) {
struct berval dn, pdn;
ber_str2bv( matched, 0, 0, &dn );
if ( dnPretty( NULL, &dn, &pdn, op->o_tmpmemctx ) == LDAP_SUCCESS ) {
ldap_memfree( matched );
matched_ctx = op->o_tmpmemctx;
matched = pdn.bv_val;
}
rs->sr_matched = matched;
}
if ( rs->sr_err == LDAP_UNAVAILABLE ) {
if ( !( sendok & LDAP_BACK_RETRYING ) ) {
if ( op->o_conn && ( sendok & LDAP_BACK_SENDERR ) ) {
if ( rs->sr_text == NULL ) rs->sr_text = "Proxy operation retry failed";
send_ldap_result( op, rs );
}
}
} else if ( op->o_conn &&
( ( ( sendok & LDAP_BACK_SENDOK ) && LDAP_ERR_OK( rs->sr_err ) )
|| ( ( sendok & LDAP_BACK_SENDERR ) && !LDAP_ERR_OK( rs->sr_err ) ) ) )
{
send_ldap_result( op, rs );
}
if ( matched ) {
op->o_tmpfree( (char *)rs->sr_matched, matched_ctx );
}
if ( text ) {
ldap_memfree( text );
}
if ( rs->sr_ref ) {
op->o_tmpfree( rs->sr_ref, op->o_tmpmemctx );
rs->sr_ref = NULL;
}
if ( refs ) {
ber_memvfree( (void **)refs );
}
if ( ctrls ) {
assert( rs->sr_ctrls != NULL );
ldap_controls_free( ctrls );
}
rs->sr_text = save_text;
rs->sr_matched = save_matched;
rs->sr_ref = save_ref;
rs->sr_ctrls = save_ctrls;
return( LDAP_ERR_OK( rs->sr_err ) ? LDAP_SUCCESS : rs->sr_err );
}
int
ldap_back_search(
Operation *op,
SlapReply *rs )
{
ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
ldapconn_t *lc = NULL;
struct timeval tv;
time_t stoptime = (time_t)(-1);
LDAPMessage *res,
*e;
int rc = 0,
msgid;
struct berval match = BER_BVNULL,
filter = BER_BVNULL;
int i, x;
char **attrs = NULL;
int freetext = 0, filter_undef = 0;
int do_retry = 1, dont_retry = 0;
LDAPControl **ctrls = NULL;
char **references = NULL;
rs_assert_ready( rs );
rs->sr_flags &= ~REP_ENTRY_MASK; /* paranoia, we can set rs = non-entry */
if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
return rs->sr_err;
}
/*
* FIXME: in case of values return filter, we might want
* to map attrs and maybe rewrite value
*/
if ( op->ors_tlimit != SLAP_NO_LIMIT ) {
tv.tv_sec = op->ors_tlimit;
tv.tv_usec = 0;
stoptime = op->o_time + op->ors_tlimit;
} else {
LDAP_BACK_TV_SET( &tv );
}
i = 0;
if ( op->ors_attrs ) {
for ( ; !BER_BVISNULL( &op->ors_attrs[i].an_name ); i++ )
/* just count attrs */ ;
}
x = 0;
if ( op->o_bd->be_extra_anlist ) {
for ( ; !BER_BVISNULL( &op->o_bd->be_extra_anlist[x].an_name ); x++ )
/* just count attrs */ ;
}
if ( i > 0 || x > 0 ) {
int j = 0;
attrs = op->o_tmpalloc( ( i + x + 1 )*sizeof( char * ),
op->o_tmpmemctx );
if ( attrs == NULL ) {
rs->sr_err = LDAP_NO_MEMORY;
rc = -1;
goto finish;
}
if ( i > 0 ) {
for ( i = 0; !BER_BVISNULL( &op->ors_attrs[i].an_name ); i++, j++ ) {
attrs[ j ] = op->ors_attrs[i].an_name.bv_val;
}
}
if ( x > 0 ) {
for ( x = 0; !BER_BVISNULL( &op->o_bd->be_extra_anlist[x].an_name ); x++, j++ ) {
if ( op->o_bd->be_extra_anlist[x].an_desc &&
ad_inlist( op->o_bd->be_extra_anlist[x].an_desc, op->ors_attrs ) )
{
continue;
}
attrs[ j ] = op->o_bd->be_extra_anlist[x].an_name.bv_val;
}
}
attrs[ j ] = NULL;
}
ctrls = op->o_ctrls;
rc = ldap_back_controls_add( op, rs, lc, &ctrls );
if ( rc != LDAP_SUCCESS ) {
goto finish;
}
/* deal with <draft-zeilenga-ldap-t-f> filters */
filter = op->ors_filterstr;
retry:
/* this goes after retry because ldap_back_munge_filter()
* optionally replaces RFC 4526 T-F filters (&) (|)
* if already computed, they will be re-installed
* by filter2bv_undef_x() later */
if ( !LDAP_BACK_T_F( li ) ) {
ldap_back_munge_filter( op, &filter );
}
rs->sr_err = ldap_pvt_search( lc->lc_ld, op->o_req_dn.bv_val,
op->ors_scope, filter.bv_val,
attrs, op->ors_attrsonly, ctrls, NULL,
tv.tv_sec ? &tv : NULL,
op->ors_slimit, op->ors_deref, &msgid );
ldap_pvt_thread_mutex_lock( &li->li_counter_mutex );
ldap_pvt_mp_add( li->li_ops_completed[ SLAP_OP_SEARCH ], 1 );
ldap_pvt_thread_mutex_unlock( &li->li_counter_mutex );
if ( rs->sr_err != LDAP_SUCCESS ) {
switch ( rs->sr_err ) {
case LDAP_SERVER_DOWN:
if ( do_retry ) {
do_retry = 0;
if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_DONTSEND ) ) {
goto retry;
}
}
if ( lc == NULL ) {
/* reset by ldap_back_retry ... */
rs->sr_err = slap_map_api2result( rs );
} else {
rc = ldap_back_op_result( lc, op, rs, msgid, 0, LDAP_BACK_DONTSEND );
}
goto finish;
case LDAP_FILTER_ERROR:
/* first try? */
if ( !filter_undef &&
strstr( filter.bv_val, "(?" ) &&
!LDAP_BACK_NOUNDEFFILTER( li ) )
{
BER_BVZERO( &filter );
filter2bv_undef_x( op, op->ors_filter, 1, &filter );
filter_undef = 1;
goto retry;
}
/* invalid filters return success with no data */
rs->sr_err = LDAP_SUCCESS;
rs->sr_text = NULL;
goto finish;
default:
rs->sr_err = slap_map_api2result( rs );
rs->sr_text = NULL;
goto finish;
}
}
/* if needed, initialize timeout */
if ( li->li_timeout[ SLAP_OP_SEARCH ] ) {
if ( tv.tv_sec == 0 || tv.tv_sec > li->li_timeout[ SLAP_OP_SEARCH ] ) {
tv.tv_sec = li->li_timeout[ SLAP_OP_SEARCH ];
tv.tv_usec = 0;
}
}
/* We pull apart the ber result, stuff it into a slapd entry, and
* let send_search_entry stuff it back into ber format. Slow & ugly,
* but this is necessary for version matching, and for ACL processing.
*/
for ( rc = -2; rc != -1; rc = ldap_result( lc->lc_ld, msgid, LDAP_MSG_ONE, &tv, &res ) )
{
/* check for abandon */
if ( op->o_abandon || LDAP_BACK_CONN_ABANDON( lc ) ) {
if ( rc > 0 ) {
ldap_msgfree( res );
}
(void)ldap_back_cancel( lc, op, rs, msgid, LDAP_BACK_DONTSEND );
rc = SLAPD_ABANDON;
goto finish;
}
if ( rc == 0 || rc == -2 ) {
ldap_pvt_thread_yield();
/* check timeout */
if ( li->li_timeout[ SLAP_OP_SEARCH ] ) {
if ( rc == 0 ) {
(void)ldap_back_cancel( lc, op, rs, msgid, LDAP_BACK_DONTSEND );
rs->sr_text = "Operation timed out";
rc = rs->sr_err = op->o_protocol >= LDAP_VERSION3 ?
LDAP_ADMINLIMIT_EXCEEDED : LDAP_OTHER;
goto finish;
}
} else {
LDAP_BACK_TV_SET( &tv );
}
/* check time limit */
if ( op->ors_tlimit != SLAP_NO_LIMIT
&& slap_get_time() > stoptime )
{
(void)ldap_back_cancel( lc, op, rs, msgid, LDAP_BACK_DONTSEND );
rc = rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
goto finish;
}
continue;
} else {
/* only touch when activity actually took place... */
if ( li->li_idle_timeout && lc ) {
lc->lc_time = op->o_time;
}
/* don't retry any more */
dont_retry = 1;
}
if ( rc == LDAP_RES_SEARCH_ENTRY ) {
Entry ent = { 0 };
struct berval bdn = BER_BVNULL;
do_retry = 0;
e = ldap_first_entry( lc->lc_ld, res );
rc = ldap_build_entry( op, e, &ent, &bdn );
if ( rc == LDAP_SUCCESS ) {
ldap_get_entry_controls( lc->lc_ld, res, &rs->sr_ctrls );
rs->sr_entry = &ent;
rs->sr_attrs = op->ors_attrs;
rs->sr_operational_attrs = NULL;
rs->sr_flags = 0;
rs->sr_err = LDAP_SUCCESS;
rc = rs->sr_err = send_search_entry( op, rs );
if ( rs->sr_ctrls ) {
ldap_controls_free( rs->sr_ctrls );
rs->sr_ctrls = NULL;
}
rs->sr_entry = NULL;
rs->sr_flags = 0;
if ( !BER_BVISNULL( &ent.e_name ) ) {
assert( ent.e_name.bv_val != bdn.bv_val );
op->o_tmpfree( ent.e_name.bv_val, op->o_tmpmemctx );
BER_BVZERO( &ent.e_name );
}
if ( !BER_BVISNULL( &ent.e_nname ) ) {
op->o_tmpfree( ent.e_nname.bv_val, op->o_tmpmemctx );
BER_BVZERO( &ent.e_nname );
}
entry_clean( &ent );
}
ldap_msgfree( res );
switch ( rc ) {
case LDAP_SUCCESS:
case LDAP_INSUFFICIENT_ACCESS:
break;
default:
if ( rc == LDAP_UNAVAILABLE ) {
rc = rs->sr_err = LDAP_OTHER;
} else {
(void)ldap_back_cancel( lc, op, rs, msgid, LDAP_BACK_DONTSEND );
}
goto finish;
}
} else if ( rc == LDAP_RES_SEARCH_REFERENCE ) {
if ( LDAP_BACK_NOREFS( li ) ) {
ldap_msgfree( res );
continue;
}
do_retry = 0;
rc = ldap_parse_reference( lc->lc_ld, res,
&references, &rs->sr_ctrls, 1 );
if ( rc != LDAP_SUCCESS ) {
continue;
}
/* FIXME: there MUST be at least one */
if ( references && references[ 0 ] && references[ 0 ][ 0 ] ) {
int cnt;
for ( cnt = 0; references[ cnt ]; cnt++ )
/* NO OP */ ;
/* FIXME: there MUST be at least one */
rs->sr_ref = op->o_tmpalloc( ( cnt + 1 ) * sizeof( struct berval ),
op->o_tmpmemctx );
for ( cnt = 0; references[ cnt ]; cnt++ ) {
ber_str2bv( references[ cnt ], 0, 0, &rs->sr_ref[ cnt ] );
}
BER_BVZERO( &rs->sr_ref[ cnt ] );
/* ignore return value by now */
RS_ASSERT( !(rs->sr_flags & REP_ENTRY_MASK) );
rs->sr_entry = NULL;
( void )send_search_reference( op, rs );
} else {
Debug( LDAP_DEBUG_ANY,
"%s ldap_back_search: "
"got SEARCH_REFERENCE "
"with no referrals\n",
op->o_log_prefix, 0, 0 );
}
/* cleanup */
if ( references ) {
ber_memvfree( (void **)references );
op->o_tmpfree( rs->sr_ref, op->o_tmpmemctx );
rs->sr_ref = NULL;
references = NULL;
}
if ( rs->sr_ctrls ) {
ldap_controls_free( rs->sr_ctrls );
rs->sr_ctrls = NULL;
}
} else if ( rc == LDAP_RES_INTERMEDIATE ) {
/* FIXME: response controls
* are passed without checks */
rc = ldap_parse_intermediate( lc->lc_ld,
res,
(char **)&rs->sr_rspoid,
&rs->sr_rspdata,
&rs->sr_ctrls,
0 );
if ( rc != LDAP_SUCCESS ) {
continue;
}
slap_send_ldap_intermediate( op, rs );
if ( rs->sr_rspoid != NULL ) {
ber_memfree( (char *)rs->sr_rspoid );
rs->sr_rspoid = NULL;
}
if ( rs->sr_rspdata != NULL ) {
ber_bvfree( rs->sr_rspdata );
rs->sr_rspdata = NULL;
}
if ( rs->sr_ctrls != NULL ) {
ldap_controls_free( rs->sr_ctrls );
rs->sr_ctrls = NULL;
}
} else {
char *err = NULL;
rc = ldap_parse_result( lc->lc_ld, res, &rs->sr_err,
&match.bv_val, &err,
&references, &rs->sr_ctrls, 1 );
if ( rc == LDAP_SUCCESS ) {
if ( err ) {
rs->sr_text = err;
freetext = 1;
}
} else {
rs->sr_err = rc;
}
rs->sr_err = slap_map_api2result( rs );
/* RFC 4511: referrals can only appear
* if result code is LDAP_REFERRAL */
if ( references
&& references[ 0 ]
&& references[ 0 ][ 0 ] )
{
if ( rs->sr_err != LDAP_REFERRAL ) {
Debug( LDAP_DEBUG_ANY,
"%s ldap_back_search: "
"got referrals with err=%d\n",
op->o_log_prefix,
rs->sr_err, 0 );
} else {
int cnt;
for ( cnt = 0; references[ cnt ]; cnt++ )
/* NO OP */ ;
rs->sr_ref = op->o_tmpalloc( ( cnt + 1 ) * sizeof( struct berval ),
op->o_tmpmemctx );
for ( cnt = 0; references[ cnt ]; cnt++ ) {
/* duplicating ...*/
ber_str2bv( references[ cnt ], 0, 0, &rs->sr_ref[ cnt ] );
}
BER_BVZERO( &rs->sr_ref[ cnt ] );
}
} else if ( rs->sr_err == LDAP_REFERRAL ) {
Debug( LDAP_DEBUG_ANY,
"%s ldap_back_search: "
"got err=%d with null "
"or empty referrals\n",
op->o_log_prefix,
rs->sr_err, 0 );
rs->sr_err = LDAP_NO_SUCH_OBJECT;
}
if ( match.bv_val != NULL ) {
match.bv_len = strlen( match.bv_val );
}
rc = 0;
break;
}
/* if needed, restore timeout */
if ( li->li_timeout[ SLAP_OP_SEARCH ] ) {
if ( tv.tv_sec == 0 || tv.tv_sec > li->li_timeout[ SLAP_OP_SEARCH ] ) {
tv.tv_sec = li->li_timeout[ SLAP_OP_SEARCH ];
tv.tv_usec = 0;
}
}
}
if ( rc == -1 ) {
if ( dont_retry == 0 ) {
if ( do_retry ) {
do_retry = 0;
if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_DONTSEND ) ) {
goto retry;
}
}
rs->sr_err = LDAP_SERVER_DOWN;
rs->sr_err = slap_map_api2result( rs );
goto finish;
} else if ( LDAP_BACK_ONERR_STOP( li ) ) {
/* if onerr == STOP */
rs->sr_err = LDAP_SERVER_DOWN;
rs->sr_err = slap_map_api2result( rs );
goto finish;
}
}
/*
* Rewrite the matched portion of the search base, if required
*/
if ( !BER_BVISNULL( &match ) && !BER_BVISEMPTY( &match ) ) {
struct berval pmatch;
if ( dnPretty( NULL, &match, &pmatch, op->o_tmpmemctx ) != LDAP_SUCCESS ) {
pmatch.bv_val = match.bv_val;
match.bv_val = NULL;
}
rs->sr_matched = pmatch.bv_val;
rs->sr_flags |= REP_MATCHED_MUSTBEFREED;
}
finish:;
if ( !BER_BVISNULL( &match ) ) {
ber_memfree( match.bv_val );
}
if ( rs->sr_v2ref ) {
rs->sr_err = LDAP_REFERRAL;
}
if ( LDAP_BACK_QUARANTINE( li ) ) {
ldap_back_quarantine( op, rs );
}
if ( filter.bv_val != op->ors_filterstr.bv_val ) {
op->o_tmpfree( filter.bv_val, op->o_tmpmemctx );
}
#if 0
/* let send_ldap_result play cleanup handlers (ITS#4645) */
if ( rc != SLAPD_ABANDON )
#endif
{
send_ldap_result( op, rs );
}
(void)ldap_back_controls_free( op, rs, &ctrls );
if ( rs->sr_ctrls ) {
ldap_controls_free( rs->sr_ctrls );
rs->sr_ctrls = NULL;
}
if ( rs->sr_text ) {
if ( freetext ) {
ber_memfree( (char *)rs->sr_text );
}
rs->sr_text = NULL;
}
if ( rs->sr_ref ) {
op->o_tmpfree( rs->sr_ref, op->o_tmpmemctx );
rs->sr_ref = NULL;
}
if ( references ) {
ber_memvfree( (void **)references );
}
if ( attrs ) {
op->o_tmpfree( attrs, op->o_tmpmemctx );
}
if ( lc != NULL ) {
ldap_back_release_conn( li, lc );
}
return rs->sr_err;
}
int
slapdn( int argc, char **argv )
{
int rc = 0;
const char *progname = "slapdn";
slap_tool_init( progname, SLAPDN, argc, argv );
argv = &argv[ optind ];
argc -= optind;
for ( ; argc--; argv++ ) {
struct berval dn,
pdn = BER_BVNULL,
ndn = BER_BVNULL;
ber_str2bv( argv[ 0 ], 0, 0, &dn );
switch ( dn_mode ) {
case SLAP_TOOL_LDAPDN_PRETTY:
rc = dnPretty( NULL, &dn, &pdn, NULL );
break;
case SLAP_TOOL_LDAPDN_NORMAL:
rc = dnNormalize( 0, NULL, NULL, &dn, &ndn, NULL );
break;
default:
rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn, NULL );
break;
}
if ( rc != LDAP_SUCCESS ) {
fprintf( stderr, "DN: <%s> check failed %d (%s)\n",
dn.bv_val, rc,
ldap_err2string( rc ) );
if ( !continuemode ) {
rc = -1;
break;
}
} else {
switch ( dn_mode ) {
case SLAP_TOOL_LDAPDN_PRETTY:
printf( "%s\n", pdn.bv_val );
break;
case SLAP_TOOL_LDAPDN_NORMAL:
printf( "%s\n", ndn.bv_val );
break;
default:
printf( "DN: <%s> check succeeded\n"
"normalized: <%s>\n"
"pretty: <%s>\n",
dn.bv_val,
ndn.bv_val, pdn.bv_val );
break;
}
ch_free( ndn.bv_val );
ch_free( pdn.bv_val );
}
}
if ( slap_tool_destroy())
rc = EXIT_FAILURE;
return rc;
}
