int monitor_back_modify( Operation *op, SlapReply *rs ) { int rc = 0; monitor_info_t *mi = ( monitor_info_t * )op->o_bd->be_private; Entry *matched; Entry *e; Debug(LDAP_DEBUG_ARGS, "monitor_back_modify:\n", 0, 0, 0); /* acquire and lock entry */ monitor_cache_dn2entry( op, rs, &op->o_req_ndn, &e, &matched ); if ( e == NULL ) { rs->sr_err = LDAP_NO_SUCH_OBJECT; if ( matched ) { if ( !access_allowed_mask( op, matched, slap_schema.si_ad_entry, NULL, ACL_DISCLOSE, NULL, NULL ) ) { /* do nothing */ ; } else { rs->sr_matched = matched->e_dn; } } send_ldap_result( op, rs ); if ( matched != NULL ) { rs->sr_matched = NULL; monitor_cache_release( mi, matched ); } return rs->sr_err; } if ( !acl_check_modlist( op, e, op->orm_modlist )) { rc = LDAP_INSUFFICIENT_ACCESS; } else { assert( !SLAP_SHADOW( op->o_bd ) ); slap_mods_opattrs( op, &op->orm_modlist, 0 ); rc = monitor_entry_modify( op, rs, e ); } if ( rc != LDAP_SUCCESS ) { if ( !access_allowed_mask( op, e, slap_schema.si_ad_entry, NULL, ACL_DISCLOSE, NULL, NULL ) ) { rc = LDAP_NO_SUCH_OBJECT; } } rs->sr_err = rc; send_ldap_result( op, rs ); monitor_cache_release( mi, e ); return rs->sr_err; }
int fe_op_search( Operation *op, SlapReply *rs ) { BackendDB *bd = op->o_bd; if ( op->ors_scope == LDAP_SCOPE_BASE ) { Entry *entry = NULL; if ( BER_BVISEMPTY( &op->o_req_ndn ) ) { #ifdef LDAP_CONNECTIONLESS /* Ignore LDAPv2 CLDAP Root DSE queries */ if (op->o_protocol == LDAP_VERSION2 && op->o_conn->c_is_udp) { goto return_results; } #endif /* check restrictions */ if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) { send_ldap_result( op, rs ); goto return_results; } rs->sr_err = root_dse_info( op->o_conn, &entry, &rs->sr_text ); } else if ( bvmatch( &op->o_req_ndn, &frontendDB->be_schemandn ) ) { /* check restrictions */ if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) { send_ldap_result( op, rs ); goto return_results; } rs->sr_err = schema_info( &entry, &rs->sr_text ); } if( rs->sr_err != LDAP_SUCCESS ) { send_ldap_result( op, rs ); goto return_results; } else if ( entry != NULL ) { if ( get_assert( op ) && ( test_filter( op, entry, get_assertion( op )) != LDAP_COMPARE_TRUE )) { rs->sr_err = LDAP_ASSERTION_FAILED; goto fail1; } rs->sr_err = test_filter( op, entry, op->ors_filter ); if( rs->sr_err == LDAP_COMPARE_TRUE ) { /* note: we set no limits because either * no limit is specified, or at least 1 * is specified, and we're going to return * at most one entry */ op->ors_slimit = SLAP_NO_LIMIT; op->ors_tlimit = SLAP_NO_LIMIT; rs->sr_entry = entry; rs->sr_attrs = op->ors_attrs; rs->sr_operational_attrs = NULL; rs->sr_flags = 0; send_search_entry( op, rs ); rs->sr_entry = NULL; rs->sr_operational_attrs = NULL; } rs->sr_err = LDAP_SUCCESS; fail1: entry_free( entry ); send_ldap_result( op, rs ); goto return_results; } } if( BER_BVISEMPTY( &op->o_req_ndn ) && !BER_BVISEMPTY( &default_search_nbase ) ) { slap_sl_free( op->o_req_dn.bv_val, op->o_tmpmemctx ); slap_sl_free( op->o_req_ndn.bv_val, op->o_tmpmemctx ); ber_dupbv_x( &op->o_req_dn, &default_search_base, op->o_tmpmemctx ); ber_dupbv_x( &op->o_req_ndn, &default_search_nbase, op->o_tmpmemctx ); } /* * We could be serving multiple database backends. Select the * appropriate one, or send a referral to our "referral server" * if we don't hold it. */ op->o_bd = select_backend( &op->o_req_ndn, 1 ); if ( op->o_bd == NULL ) { rs->sr_ref = referral_rewrite( default_referral, NULL, &op->o_req_dn, op->ors_scope ); if (!rs->sr_ref) rs->sr_ref = default_referral; rs->sr_err = LDAP_REFERRAL; op->o_bd = bd; send_ldap_result( op, rs ); if (rs->sr_ref != default_referral) ber_bvarray_free( rs->sr_ref ); rs->sr_ref = NULL; goto return_results; } /* check restrictions */ if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) { send_ldap_result( op, rs ); goto return_results; } /* check for referrals */ if( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) { goto return_results; } if ( SLAP_SHADOW(op->o_bd) && get_dontUseCopy(op) ) { /* don't use shadow copy */ BerVarray defref = op->o_bd->be_update_refs ? op->o_bd->be_update_refs : default_referral; if( defref != NULL ) { rs->sr_ref = referral_rewrite( defref, NULL, &op->o_req_dn, op->ors_scope ); if( !rs->sr_ref) rs->sr_ref = defref; rs->sr_err = LDAP_REFERRAL; send_ldap_result( op, rs ); if (rs->sr_ref != defref) ber_bvarray_free( rs->sr_ref ); } else { send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, "copy not used; no referral information available" ); } } else if ( op->o_bd->be_search ) { if ( limits_check( op, rs ) == 0 ) { /* actually do the search and send the result(s) */ (op->o_bd->be_search)( op, rs ); } /* else limits_check() sends error */ } else { send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, "operation not supported within namingContext" ); } return_results:; op->o_bd = bd; return rs->sr_err; }
int fe_op_compare( Operation *op, SlapReply *rs ) { Entry *entry = NULL; AttributeAssertion *ava = op->orc_ava; BackendDB *bd = op->o_bd; if( strcasecmp( op->o_req_ndn.bv_val, LDAP_ROOT_DSE ) == 0 ) { if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) { send_ldap_result( op, rs ); goto cleanup; } rs->sr_err = root_dse_info( op->o_conn, &entry, &rs->sr_text ); if( rs->sr_err != LDAP_SUCCESS ) { send_ldap_result( op, rs ); goto cleanup; } } else if ( bvmatch( &op->o_req_ndn, &frontendDB->be_schemandn ) ) { if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) { send_ldap_result( op, rs ); rs->sr_err = 0; goto cleanup; } rs->sr_err = schema_info( &entry, &rs->sr_text ); if( rs->sr_err != LDAP_SUCCESS ) { send_ldap_result( op, rs ); rs->sr_err = 0; goto cleanup; } } if( entry ) { rs->sr_err = slap_compare_entry( op, entry, ava ); entry_free( entry ); send_ldap_result( op, rs ); if( rs->sr_err == LDAP_COMPARE_TRUE || rs->sr_err == LDAP_COMPARE_FALSE ) { rs->sr_err = LDAP_SUCCESS; } goto cleanup; } /* * We could be serving multiple database backends. Select the * appropriate one, or send a referral to our "referral server" * if we don't hold it. */ op->o_bd = select_backend( &op->o_req_ndn, 0 ); if ( op->o_bd == NULL ) { rs->sr_ref = referral_rewrite( default_referral, NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT ); rs->sr_err = LDAP_REFERRAL; if (!rs->sr_ref) rs->sr_ref = default_referral; op->o_bd = bd; send_ldap_result( op, rs ); if (rs->sr_ref != default_referral) ber_bvarray_free( rs->sr_ref ); rs->sr_err = 0; goto cleanup; } /* check restrictions */ if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) { send_ldap_result( op, rs ); goto cleanup; } /* check for referrals */ if( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) { goto cleanup; } if ( SLAP_SHADOW(op->o_bd) && get_dontUseCopy(op) ) { /* don't use shadow copy */ send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, "copy not used" ); } else if ( ava->aa_desc == slap_schema.si_ad_entryDN ) { send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, "entryDN compare not supported" ); } else if ( ava->aa_desc == slap_schema.si_ad_subschemaSubentry ) { send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, "subschemaSubentry compare not supported" ); #ifndef SLAP_COMPARE_IN_FRONTEND } else if ( ava->aa_desc == slap_schema.si_ad_hasSubordinates && op->o_bd->be_has_subordinates ) { int rc, hasSubordinates = LDAP_SUCCESS; rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &entry ); if ( rc == 0 && entry ) { if ( ! access_allowed( op, entry, ava->aa_desc, &ava->aa_value, ACL_COMPARE, NULL ) ) { rc = rs->sr_err = LDAP_INSUFFICIENT_ACCESS; } else { rc = rs->sr_err = op->o_bd->be_has_subordinates( op, entry, &hasSubordinates ); be_entry_release_r( op, entry ); } } if ( rc == 0 ) { int asserted; asserted = bvmatch( &ava->aa_value, &slap_true_bv ) ? LDAP_COMPARE_TRUE : LDAP_COMPARE_FALSE; if ( hasSubordinates == asserted ) { rs->sr_err = LDAP_COMPARE_TRUE; } else { rs->sr_err = LDAP_COMPARE_FALSE; } } else { /* return error only if "disclose" * is granted on the object */ if ( backend_access( op, NULL, &op->o_req_ndn, slap_schema.si_ad_entry, NULL, ACL_DISCLOSE, NULL ) == LDAP_INSUFFICIENT_ACCESS ) { rs->sr_err = LDAP_NO_SUCH_OBJECT; } } send_ldap_result( op, rs ); if ( rc == 0 ) { rs->sr_err = LDAP_SUCCESS; } } else if ( op->o_bd->be_compare ) { rs->sr_err = op->o_bd->be_compare( op, rs ); #endif /* ! SLAP_COMPARE_IN_FRONTEND */ } else { rs->sr_err = SLAP_CB_CONTINUE; } if ( rs->sr_err == SLAP_CB_CONTINUE ) { /* do our best to compare that AVA * * NOTE: this code is used only * if SLAP_COMPARE_IN_FRONTEND * is #define'd (it's not by default) * or if op->o_bd->be_compare is NULL. * * FIXME: one potential issue is that * if SLAP_COMPARE_IN_FRONTEND overlays * are not executed for compare. */ BerVarray vals = NULL; int rc = LDAP_OTHER; rs->sr_err = backend_attribute( op, NULL, &op->o_req_ndn, ava->aa_desc, &vals, ACL_COMPARE ); switch ( rs->sr_err ) { default: /* return error only if "disclose" * is granted on the object */ if ( backend_access( op, NULL, &op->o_req_ndn, slap_schema.si_ad_entry, NULL, ACL_DISCLOSE, NULL ) == LDAP_INSUFFICIENT_ACCESS ) { rs->sr_err = LDAP_NO_SUCH_OBJECT; } break; case LDAP_SUCCESS: if ( value_find_ex( op->oq_compare.rs_ava->aa_desc, SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH | SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH, vals, &ava->aa_value, op->o_tmpmemctx ) == 0 ) { rs->sr_err = LDAP_COMPARE_TRUE; break; } else { rs->sr_err = LDAP_COMPARE_FALSE; } rc = LDAP_SUCCESS; break; } send_ldap_result( op, rs ); if ( rc == 0 ) { rs->sr_err = LDAP_SUCCESS; } if ( vals ) { ber_bvarray_free_x( vals, op->o_tmpmemctx ); } } cleanup:; op->o_bd = bd; return rs->sr_err; }
int bdb_delete( Operation *op, SlapReply *rs ) { struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private; Entry *matched = NULL; struct berval pdn = {0, NULL}; Entry *e = NULL; Entry *p = NULL; EntryInfo *ei = NULL, *eip = NULL; int manageDSAit = get_manageDSAit( op ); AttributeDescription *children = slap_schema.si_ad_children; AttributeDescription *entry = slap_schema.si_ad_entry; DB_TXN *ltid = NULL, *lt2; struct bdb_op_info opinfo = {{{ 0 }}}; ID eid; DB_LOCK lock, plock; int num_retries = 0; int rc; LDAPControl **preread_ctrl = NULL; LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS]; int num_ctrls = 0; int parent_is_glue = 0; int parent_is_leaf = 0; #ifdef LDAP_X_TXN int settle = 0; #endif Debug( LDAP_DEBUG_ARGS, "==> " LDAP_XSTRING(bdb_delete) ": %s\n", op->o_req_dn.bv_val, 0, 0 ); #ifdef LDAP_X_TXN if( op->o_txnSpec ) { /* acquire connection lock */ ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex ); if( op->o_conn->c_txn == CONN_TXN_INACTIVE ) { rs->sr_text = "invalid transaction identifier"; rs->sr_err = LDAP_X_TXN_ID_INVALID; goto txnReturn; } else if( op->o_conn->c_txn == CONN_TXN_SETTLE ) { settle=1; goto txnReturn; } if( op->o_conn->c_txn_backend == NULL ) { op->o_conn->c_txn_backend = op->o_bd; } else if( op->o_conn->c_txn_backend != op->o_bd ) { rs->sr_text = "transaction cannot span multiple database contexts"; rs->sr_err = LDAP_AFFECTS_MULTIPLE_DSAS; goto txnReturn; } /* insert operation into transaction */ rs->sr_text = "transaction specified"; rs->sr_err = LDAP_X_TXN_SPECIFY_OKAY; txnReturn: /* release connection lock */ ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex ); if( !settle ) { send_ldap_result( op, rs ); return rs->sr_err; } } #endif ctrls[num_ctrls] = 0; /* allocate CSN */ if ( BER_BVISNULL( &op->o_csn ) ) { struct berval csn; char csnbuf[LDAP_PVT_CSNSTR_BUFSIZE]; csn.bv_val = csnbuf; csn.bv_len = sizeof(csnbuf); slap_get_csn( op, &csn, 1 ); } if( 0 ) { retry: /* transaction retry */ if( e != NULL ) { bdb_unlocked_cache_return_entry_w(&bdb->bi_cache, e); e = NULL; } if( p != NULL ) { bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, p); p = NULL; } Debug( LDAP_DEBUG_TRACE, "==> " LDAP_XSTRING(bdb_delete) ": retrying...\n", 0, 0, 0 ); rs->sr_err = TXN_ABORT( ltid ); ltid = NULL; LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next ); opinfo.boi_oe.oe_key = NULL; op->o_do_not_cache = opinfo.boi_acl_cache; if( rs->sr_err != 0 ) { rs->sr_err = LDAP_OTHER; rs->sr_text = "internal error"; goto return_results; } if ( op->o_abandon ) { rs->sr_err = SLAPD_ABANDON; goto return_results; } parent_is_glue = 0; parent_is_leaf = 0; bdb_trans_backoff( ++num_retries ); } /* begin transaction */ rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, NULL, <id, bdb->bi_db_opflags ); rs->sr_text = NULL; if( rs->sr_err != 0 ) { Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_delete) ": txn_begin failed: " "%s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 ); rs->sr_err = LDAP_OTHER; rs->sr_text = "internal error"; goto return_results; } opinfo.boi_oe.oe_key = bdb; opinfo.boi_txn = ltid; opinfo.boi_err = 0; opinfo.boi_acl_cache = op->o_do_not_cache; LDAP_SLIST_INSERT_HEAD( &op->o_extra, &opinfo.boi_oe, oe_next ); if ( !be_issuffix( op->o_bd, &op->o_req_ndn ) ) { dnParent( &op->o_req_ndn, &pdn ); } /* get entry */ rs->sr_err = bdb_dn2entry( op, ltid, &op->o_req_ndn, &ei, 1, &lock ); switch( rs->sr_err ) { case 0: case DB_NOTFOUND: break; case DB_LOCK_DEADLOCK: case DB_LOCK_NOTGRANTED: goto retry; case LDAP_BUSY: rs->sr_text = "ldap server busy"; goto return_results; default: rs->sr_err = LDAP_OTHER; rs->sr_text = "internal error"; goto return_results; } if ( rs->sr_err == 0 ) { e = ei->bei_e; eip = ei->bei_parent; } else { matched = ei->bei_e; } /* FIXME : dn2entry() should return non-glue entry */ if ( e == NULL || ( !manageDSAit && is_entry_glue( e ))) { Debug( LDAP_DEBUG_ARGS, "<=- " LDAP_XSTRING(bdb_delete) ": no such object %s\n", op->o_req_dn.bv_val, 0, 0); if ( matched != NULL ) { rs->sr_matched = ch_strdup( matched->e_dn ); rs->sr_ref = is_entry_referral( matched ) ? get_entry_referrals( op, matched ) : NULL; bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, matched); matched = NULL; } else { rs->sr_ref = referral_rewrite( default_referral, NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT ); } rs->sr_err = LDAP_REFERRAL; rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED; goto return_results; } rc = bdb_cache_find_id( op, ltid, eip->bei_id, &eip, 0, &plock ); switch( rc ) { case DB_LOCK_DEADLOCK: case DB_LOCK_NOTGRANTED: goto retry; case 0: case DB_NOTFOUND: break; default: rs->sr_err = LDAP_OTHER; rs->sr_text = "internal error"; goto return_results; } if ( eip ) p = eip->bei_e; if ( pdn.bv_len != 0 ) { if( p == NULL || !bvmatch( &pdn, &p->e_nname )) { Debug( LDAP_DEBUG_TRACE, "<=- " LDAP_XSTRING(bdb_delete) ": parent " "does not exist\n", 0, 0, 0 ); rs->sr_err = LDAP_OTHER; rs->sr_text = "could not locate parent of entry"; goto return_results; } /* check parent for "children" acl */ rs->sr_err = access_allowed( op, p, children, NULL, ACL_WDEL, NULL ); if ( !rs->sr_err ) { switch( opinfo.boi_err ) { case DB_LOCK_DEADLOCK: case DB_LOCK_NOTGRANTED: goto retry; } Debug( LDAP_DEBUG_TRACE, "<=- " LDAP_XSTRING(bdb_delete) ": no write " "access to parent\n", 0, 0, 0 ); rs->sr_err = LDAP_INSUFFICIENT_ACCESS; rs->sr_text = "no write access to parent"; goto return_results; } } else { /* no parent, must be root to delete */ if( ! be_isroot( op ) ) { if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv ) || be_shadow_update( op ) ) { p = (Entry *)&slap_entry_root; /* check parent for "children" acl */ rs->sr_err = access_allowed( op, p, children, NULL, ACL_WDEL, NULL ); p = NULL; if ( !rs->sr_err ) { switch( opinfo.boi_err ) { case DB_LOCK_DEADLOCK: case DB_LOCK_NOTGRANTED: goto retry; } Debug( LDAP_DEBUG_TRACE, "<=- " LDAP_XSTRING(bdb_delete) ": no access to parent\n", 0, 0, 0 ); rs->sr_err = LDAP_INSUFFICIENT_ACCESS; rs->sr_text = "no write access to parent"; goto return_results; } } else { Debug( LDAP_DEBUG_TRACE, "<=- " LDAP_XSTRING(bdb_delete) ": no parent and not root\n", 0, 0, 0 ); rs->sr_err = LDAP_INSUFFICIENT_ACCESS; goto return_results; } } } if ( get_assert( op ) && ( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE )) { rs->sr_err = LDAP_ASSERTION_FAILED; goto return_results; } rs->sr_err = access_allowed( op, e, entry, NULL, ACL_WDEL, NULL ); if ( !rs->sr_err ) { switch( opinfo.boi_err ) { case DB_LOCK_DEADLOCK: case DB_LOCK_NOTGRANTED: goto retry; } Debug( LDAP_DEBUG_TRACE, "<=- " LDAP_XSTRING(bdb_delete) ": no write access " "to entry\n", 0, 0, 0 ); rs->sr_err = LDAP_INSUFFICIENT_ACCESS; rs->sr_text = "no write access to entry"; goto return_results; } if ( !manageDSAit && is_entry_referral( e ) ) { /* entry is a referral, don't allow delete */ rs->sr_ref = get_entry_referrals( op, e ); Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_delete) ": entry is referral\n", 0, 0, 0 ); rs->sr_err = LDAP_REFERRAL; rs->sr_matched = ch_strdup( e->e_name.bv_val ); rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED; goto return_results; } /* pre-read */ if( op->o_preread ) { if( preread_ctrl == NULL ) { preread_ctrl = &ctrls[num_ctrls++]; ctrls[num_ctrls] = NULL; } if( slap_read_controls( op, rs, e, &slap_pre_read_bv, preread_ctrl ) ) { Debug( LDAP_DEBUG_TRACE, "<=- " LDAP_XSTRING(bdb_delete) ": pre-read " "failed!\n", 0, 0, 0 ); if ( op->o_preread & SLAP_CONTROL_CRITICAL ) { /* FIXME: is it correct to abort * operation if control fails? */ goto return_results; } } } /* nested transaction */ rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, ltid, <2, bdb->bi_db_opflags ); rs->sr_text = NULL; if( rs->sr_err != 0 ) { Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_delete) ": txn_begin(2) failed: " "%s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 ); rs->sr_err = LDAP_OTHER; rs->sr_text = "internal error"; goto return_results; } BDB_LOG_PRINTF( bdb->bi_dbenv, lt2, "slapd Starting delete %s(%d)", e->e_nname.bv_val, e->e_id ); /* Can't do it if we have kids */ rs->sr_err = bdb_cache_children( op, lt2, e ); if( rs->sr_err != DB_NOTFOUND ) { switch( rs->sr_err ) { case DB_LOCK_DEADLOCK: case DB_LOCK_NOTGRANTED: goto retry; case 0: Debug(LDAP_DEBUG_ARGS, "<=- " LDAP_XSTRING(bdb_delete) ": non-leaf %s\n", op->o_req_dn.bv_val, 0, 0); rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF; rs->sr_text = "subordinate objects must be deleted first"; break; default: Debug(LDAP_DEBUG_ARGS, "<=- " LDAP_XSTRING(bdb_delete) ": has_children failed: %s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 ); rs->sr_err = LDAP_OTHER; rs->sr_text = "internal error"; } goto return_results; } /* delete from dn2id */ rs->sr_err = bdb_dn2id_delete( op, lt2, eip, e ); if ( rs->sr_err != 0 ) { Debug(LDAP_DEBUG_TRACE, "<=- " LDAP_XSTRING(bdb_delete) ": dn2id failed: " "%s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 ); switch( rs->sr_err ) { case DB_LOCK_DEADLOCK: case DB_LOCK_NOTGRANTED: goto retry; } rs->sr_text = "DN index delete failed"; rs->sr_err = LDAP_OTHER; goto return_results; } /* delete indices for old attributes */ rs->sr_err = bdb_index_entry_del( op, lt2, e ); if ( rs->sr_err != LDAP_SUCCESS ) { Debug(LDAP_DEBUG_TRACE, "<=- " LDAP_XSTRING(bdb_delete) ": index failed: " "%s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 ); switch( rs->sr_err ) { case DB_LOCK_DEADLOCK: case DB_LOCK_NOTGRANTED: goto retry; } rs->sr_text = "entry index delete failed"; rs->sr_err = LDAP_OTHER; goto return_results; } /* fixup delete CSN */ if ( !SLAP_SHADOW( op->o_bd )) { struct berval vals[2]; assert( !BER_BVISNULL( &op->o_csn ) ); vals[0] = op->o_csn; BER_BVZERO( &vals[1] ); rs->sr_err = bdb_index_values( op, lt2, slap_schema.si_ad_entryCSN, vals, 0, SLAP_INDEX_ADD_OP ); if ( rs->sr_err != LDAP_SUCCESS ) { switch( rs->sr_err ) { case DB_LOCK_DEADLOCK: case DB_LOCK_NOTGRANTED: goto retry; } rs->sr_text = "entryCSN index update failed"; rs->sr_err = LDAP_OTHER; goto return_results; } } /* delete from id2entry */ rs->sr_err = bdb_id2entry_delete( op->o_bd, lt2, e ); if ( rs->sr_err != 0 ) { Debug( LDAP_DEBUG_TRACE, "<=- " LDAP_XSTRING(bdb_delete) ": id2entry failed: " "%s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 ); switch( rs->sr_err ) { case DB_LOCK_DEADLOCK: case DB_LOCK_NOTGRANTED: goto retry; } rs->sr_text = "entry delete failed"; rs->sr_err = LDAP_OTHER; goto return_results; } if ( pdn.bv_len != 0 ) { parent_is_glue = is_entry_glue(p); rs->sr_err = bdb_cache_children( op, lt2, p ); if ( rs->sr_err != DB_NOTFOUND ) { switch( rs->sr_err ) { case DB_LOCK_DEADLOCK: case DB_LOCK_NOTGRANTED: goto retry; case 0: break; default: Debug(LDAP_DEBUG_ARGS, "<=- " LDAP_XSTRING(bdb_delete) ": has_children failed: %s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 ); rs->sr_err = LDAP_OTHER; rs->sr_text = "internal error"; goto return_results; } parent_is_leaf = 1; } bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, p); p = NULL; } BDB_LOG_PRINTF( bdb->bi_dbenv, lt2, "slapd Commit1 delete %s(%d)", e->e_nname.bv_val, e->e_id ); if ( TXN_COMMIT( lt2, 0 ) != 0 ) { rs->sr_err = LDAP_OTHER; rs->sr_text = "txn_commit(2) failed"; goto return_results; } eid = e->e_id; #if 0 /* Do we want to reclaim deleted IDs? */ ldap_pvt_thread_mutex_lock( &bdb->bi_lastid_mutex ); if ( e->e_id == bdb->bi_lastid ) { bdb_last_id( op->o_bd, ltid ); } ldap_pvt_thread_mutex_unlock( &bdb->bi_lastid_mutex ); #endif if( op->o_noop ) { if ( ( rs->sr_err = TXN_ABORT( ltid ) ) != 0 ) { rs->sr_text = "txn_abort (no-op) failed"; } else { rs->sr_err = LDAP_X_NO_OPERATION; ltid = NULL; goto return_results; } } else { BDB_LOG_PRINTF( bdb->bi_dbenv, ltid, "slapd Cache delete %s(%d)", e->e_nname.bv_val, e->e_id ); rc = bdb_cache_delete( bdb, e, ltid, &lock ); switch( rc ) { case DB_LOCK_DEADLOCK: case DB_LOCK_NOTGRANTED: goto retry; } rs->sr_err = TXN_COMMIT( ltid, 0 ); } ltid = NULL; LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next ); opinfo.boi_oe.oe_key = NULL; BDB_LOG_PRINTF( bdb->bi_dbenv, NULL, "slapd Committed delete %s(%d)", e->e_nname.bv_val, e->e_id ); if( rs->sr_err != 0 ) { Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_delete) ": txn_%s failed: %s (%d)\n", op->o_noop ? "abort (no-op)" : "commit", db_strerror(rs->sr_err), rs->sr_err ); rs->sr_err = LDAP_OTHER; rs->sr_text = "commit failed"; goto return_results; } Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_delete) ": deleted%s id=%08lx dn=\"%s\"\n", op->o_noop ? " (no-op)" : "", eid, op->o_req_dn.bv_val ); rs->sr_err = LDAP_SUCCESS; rs->sr_text = NULL; if( num_ctrls ) rs->sr_ctrls = ctrls; return_results: if ( rs->sr_err == LDAP_SUCCESS && parent_is_glue && parent_is_leaf ) { op->o_delete_glue_parent = 1; } if ( p ) bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, p); /* free entry */ if( e != NULL ) { if ( rs->sr_err == LDAP_SUCCESS ) { /* Free the EntryInfo and the Entry */ bdb_cache_entryinfo_lock( BEI(e) ); bdb_cache_delete_cleanup( &bdb->bi_cache, BEI(e) ); } else { bdb_unlocked_cache_return_entry_w(&bdb->bi_cache, e); } } if( ltid != NULL ) { TXN_ABORT( ltid ); } if ( opinfo.boi_oe.oe_key ) { LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next ); } send_ldap_result( op, rs ); slap_graduate_commit_csn( op ); if( preread_ctrl != NULL && (*preread_ctrl) != NULL ) { slap_sl_free( (*preread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx ); slap_sl_free( *preread_ctrl, op->o_tmpmemctx ); } if( rs->sr_err == LDAP_SUCCESS && bdb->bi_txn_cp_kbyte ) { TXN_CHECKPOINT( bdb->bi_dbenv, bdb->bi_txn_cp_kbyte, bdb->bi_txn_cp_min, 0 ); } return rs->sr_err; }
static int slap_auxprop_store( void *glob_context, sasl_server_params_t *sparams, struct propctx *prctx, const char *user, unsigned ulen) { Operation op = {0}; Opheader oph; int rc, i; unsigned j; Connection *conn = NULL; const struct propval *pr; Modifications *modlist = NULL, **modtail = &modlist, *mod; slap_callback cb = { NULL, slap_null_cb, NULL, NULL }; char textbuf[SLAP_TEXT_BUFLEN]; const char *text; size_t textlen = sizeof(textbuf); #ifdef SLAP_AUXPROP_DONTUSECOPY int dontUseCopy = 0; BackendDB *dontUseCopy_bd = NULL; #endif /* SLAP_AUXPROP_DONTUSECOPY */ /* just checking if we are enabled */ if (!prctx) return SASL_OK; if (!sparams || !user) return SASL_BADPARAM; pr = sparams->utils->prop_get( sparams->propctx ); /* Find our DN and conn first */ for( i = 0; pr[i].name; i++ ) { if ( pr[i].name[0] == '*' ) { if ( !strcmp( pr[i].name, slap_propnames[SLAP_SASL_PROP_CONN] ) ) { if ( pr[i].values && pr[i].values[0] ) AC_MEMCPY( &conn, pr[i].values[0], sizeof( conn ) ); continue; } if ( !strcmp( pr[i].name, slap_propnames[SLAP_SASL_PROP_AUTHCLEN] )) { if ( pr[i].values && pr[i].values[0] ) AC_MEMCPY( &op.o_req_ndn.bv_len, pr[i].values[0], sizeof( op.o_req_ndn.bv_len ) ); } else if ( !strcmp( pr[i].name, slap_propnames[SLAP_SASL_PROP_AUTHC] ) ) { if ( pr[i].values ) op.o_req_ndn.bv_val = (char *)pr[i].values[0]; } #ifdef SLAP_AUXPROP_DONTUSECOPY if ( slap_dontUseCopy_propnames != NULL ) { struct berval bv; ber_str2bv( &pr[i].name[1], 0, 1, &bv ); for ( j = 0; !BER_BVISNULL( &slap_dontUseCopy_propnames[ j ] ); j++ ) { if ( bvmatch( &bv, &slap_dontUseCopy_propnames[ j ] ) ) { dontUseCopy = 1; break; } } } #endif /* SLAP_AUXPROP_DONTUSECOPY */ } } if (!conn || !op.o_req_ndn.bv_val) return SASL_BADPARAM; op.o_bd = select_backend( &op.o_req_ndn, 1 ); if ( !op.o_bd || !op.o_bd->be_modify ) return SASL_FAIL; #ifdef SLAP_AUXPROP_DONTUSECOPY if ( SLAP_SHADOW( op.o_bd ) && dontUseCopy ) { dontUseCopy_bd = op.o_bd; op.o_bd = frontendDB; op.o_dontUseCopy = SLAP_CONTROL_CRITICAL; } #endif /* SLAP_AUXPROP_DONTUSECOPY */ pr = sparams->utils->prop_get( prctx ); if (!pr) return SASL_BADPARAM; for (i=0; pr[i].name; i++); if (!i) return SASL_BADPARAM; for (i=0; pr[i].name; i++) { mod = (Modifications *)ch_malloc( sizeof(Modifications) ); mod->sml_op = LDAP_MOD_REPLACE; mod->sml_flags = 0; ber_str2bv( pr[i].name, 0, 0, &mod->sml_type ); mod->sml_numvals = pr[i].nvalues; mod->sml_values = (struct berval *)ch_malloc( (pr[i].nvalues + 1) * sizeof(struct berval)); for (j=0; j<pr[i].nvalues; j++) { ber_str2bv( pr[i].values[j], 0, 1, &mod->sml_values[j]); } BER_BVZERO( &mod->sml_values[j] ); mod->sml_nvalues = NULL; mod->sml_desc = NULL; *modtail = mod; modtail = &mod->sml_next; } *modtail = NULL; rc = slap_mods_check( &op, modlist, &text, textbuf, textlen, NULL ); if ( rc == LDAP_SUCCESS ) { rc = slap_mods_no_user_mod_check( &op, modlist, &text, textbuf, textlen ); if ( rc == LDAP_SUCCESS ) { if ( conn->c_sasl_bindop ) { op.o_hdr = conn->c_sasl_bindop->o_hdr; } else { op.o_hdr = &oph; memset( &oph, 0, sizeof(oph) ); operation_fake_init( conn, &op, ldap_pvt_thread_pool_context(), 0 ); } op.o_tag = LDAP_REQ_MODIFY; op.o_ndn = op.o_req_ndn; op.o_callback = &cb; slap_op_time( &op.o_time, &op.o_tincr ); op.o_do_not_cache = 1; op.o_is_auth_check = 1; op.o_req_dn = op.o_req_ndn; op.orm_modlist = modlist; for (;;) { SlapReply rs = {REP_RESULT}; rc = op.o_bd->be_modify( &op, &rs ); #ifdef SLAP_AUXPROP_DONTUSECOPY if ( dontUseCopy && rs.sr_err == LDAP_UNAVAILABLE && slap_dontUseCopy_ignore ) { op.o_bd = dontUseCopy_bd; op.o_dontUseCopy = SLAP_CONTROL_NONE; dontUseCopy = 0; continue; } #endif /* SLAP_AUXPROP_DONTUSECOPY */ break; } } } slap_mods_free( modlist, 1 ); return rc != LDAP_SUCCESS ? SASL_FAIL : SASL_OK; }
static int #else static void #endif slap_auxprop_lookup( void *glob_context, sasl_server_params_t *sparams, unsigned flags, const char *user, unsigned ulen) { OperationBuffer opbuf = {{ NULL }}; Operation *op = (Operation *)&opbuf; int i, doit = 0; Connection *conn = NULL; lookup_info sl; int rc = LDAP_SUCCESS; #ifdef SLAP_AUXPROP_DONTUSECOPY int dontUseCopy = 0; BackendDB *dontUseCopy_bd = NULL; #endif /* SLAP_AUXPROP_DONTUSECOPY */ sl.list = sparams->utils->prop_get( sparams->propctx ); sl.sparams = sparams; sl.flags = flags; /* Find our DN and conn first */ for( i = 0; sl.list[i].name; i++ ) { if ( sl.list[i].name[0] == '*' ) { if ( !strcmp( sl.list[i].name, slap_propnames[SLAP_SASL_PROP_CONN] ) ) { if ( sl.list[i].values && sl.list[i].values[0] ) AC_MEMCPY( &conn, sl.list[i].values[0], sizeof( conn ) ); continue; } if ( flags & SASL_AUXPROP_AUTHZID ) { if ( !strcmp( sl.list[i].name, slap_propnames[SLAP_SASL_PROP_AUTHZLEN] )) { if ( sl.list[i].values && sl.list[i].values[0] ) AC_MEMCPY( &op->o_req_ndn.bv_len, sl.list[i].values[0], sizeof( op->o_req_ndn.bv_len ) ); } else if ( !strcmp( sl.list[i].name, slap_propnames[SLAP_SASL_PROP_AUTHZ] )) { if ( sl.list[i].values ) op->o_req_ndn.bv_val = (char *)sl.list[i].values[0]; break; } } if ( !strcmp( sl.list[i].name, slap_propnames[SLAP_SASL_PROP_AUTHCLEN] )) { if ( sl.list[i].values && sl.list[i].values[0] ) AC_MEMCPY( &op->o_req_ndn.bv_len, sl.list[i].values[0], sizeof( op->o_req_ndn.bv_len ) ); } else if ( !strcmp( sl.list[i].name, slap_propnames[SLAP_SASL_PROP_AUTHC] ) ) { if ( sl.list[i].values ) { op->o_req_ndn.bv_val = (char *)sl.list[i].values[0]; if ( !(flags & SASL_AUXPROP_AUTHZID) ) break; } } #ifdef SLAP_AUXPROP_DONTUSECOPY if ( slap_dontUseCopy_propnames != NULL ) { int j; struct berval bv; ber_str2bv( &sl.list[i].name[1], 0, 1, &bv ); for ( j = 0; !BER_BVISNULL( &slap_dontUseCopy_propnames[ j ]); j++ ) { if ( bvmatch( &bv, &slap_dontUseCopy_propnames[ j ] ) ) { dontUseCopy = 1; break; } } } #endif /* SLAP_AUXPROP_DONTUSECOPY */ } } /* Now see what else needs to be fetched */ for( i = 0; sl.list[i].name; i++ ) { const char *name = sl.list[i].name; if ( name[0] == '*' ) { if ( flags & SASL_AUXPROP_AUTHZID ) continue; /* Skip our private properties */ if ( !strcmp( name, slap_propnames[0] )) { i += SLAP_SASL_PROP_COUNT - 1; continue; } name++; } else if ( !(flags & SASL_AUXPROP_AUTHZID ) ) continue; if ( sl.list[i].values ) { if ( !(flags & SASL_AUXPROP_OVERRIDE) ) continue; } doit = 1; break; } if (doit) { slap_callback cb = { NULL, sasl_ap_lookup, NULL, NULL }; cb.sc_private = &sl; op->o_bd = select_backend( &op->o_req_ndn, 1 ); if ( op->o_bd ) { /* For rootdn, see if we can use the rootpw */ if ( be_isroot_dn( op->o_bd, &op->o_req_ndn ) && !BER_BVISEMPTY( &op->o_bd->be_rootpw )) { struct berval cbv = BER_BVNULL; /* If there's a recognized scheme, see if it's CLEARTEXT */ if ( lutil_passwd_scheme( op->o_bd->be_rootpw.bv_val )) { if ( !strncasecmp( op->o_bd->be_rootpw.bv_val, sc_cleartext.bv_val, sc_cleartext.bv_len )) { /* If it's CLEARTEXT, skip past scheme spec */ cbv.bv_len = op->o_bd->be_rootpw.bv_len - sc_cleartext.bv_len; if ( cbv.bv_len ) { cbv.bv_val = op->o_bd->be_rootpw.bv_val + sc_cleartext.bv_len; } } /* No scheme, use the whole value */ } else { cbv = op->o_bd->be_rootpw; } if ( !BER_BVISEMPTY( &cbv )) { for( i = 0; sl.list[i].name; i++ ) { const char *name = sl.list[i].name; if ( name[0] == '*' ) { if ( flags & SASL_AUXPROP_AUTHZID ) continue; name++; } else if ( !(flags & SASL_AUXPROP_AUTHZID ) ) continue; if ( !strcasecmp(name,"userPassword") ) { sl.sparams->utils->prop_set( sl.sparams->propctx, sl.list[i].name, cbv.bv_val, cbv.bv_len ); break; } } } } #ifdef SLAP_AUXPROP_DONTUSECOPY if ( SLAP_SHADOW( op->o_bd ) && dontUseCopy ) { dontUseCopy_bd = op->o_bd; op->o_bd = frontendDB; } retry_dontUseCopy:; #endif /* SLAP_AUXPROP_DONTUSECOPY */ if ( op->o_bd->be_search ) { SlapReply rs = {REP_RESULT}; #ifdef SLAP_AUXPROP_DONTUSECOPY LDAPControl **save_ctrls = NULL, c; int save_dontUseCopy; #endif /* SLAP_AUXPROP_DONTUSECOPY */ op->o_hdr = conn->c_sasl_bindop->o_hdr; op->o_controls = opbuf.ob_controls; op->o_tag = LDAP_REQ_SEARCH; op->o_dn = conn->c_ndn; op->o_ndn = conn->c_ndn; op->o_callback = &cb; slap_op_time( &op->o_time, &op->o_tincr ); op->o_do_not_cache = 1; op->o_is_auth_check = 1; op->o_req_dn = op->o_req_ndn; op->ors_scope = LDAP_SCOPE_BASE; op->ors_deref = LDAP_DEREF_NEVER; op->ors_tlimit = SLAP_NO_LIMIT; op->ors_slimit = 1; op->ors_filter = &generic_filter; op->ors_filterstr = generic_filterstr; op->o_authz = conn->c_authz; /* FIXME: we want all attributes, right? */ op->ors_attrs = NULL; #ifdef SLAP_AUXPROP_DONTUSECOPY if ( dontUseCopy ) { save_dontUseCopy = op->o_dontUseCopy; if ( !op->o_dontUseCopy ) { int cnt = 0; save_ctrls = op->o_ctrls; if ( op->o_ctrls ) { for ( ; op->o_ctrls[ cnt ]; cnt++ ) ; } op->o_ctrls = op->o_tmpcalloc( sizeof(LDAPControl *), cnt + 2, op->o_tmpmemctx ); if ( cnt ) { for ( cnt = 0; save_ctrls[ cnt ]; cnt++ ) { op->o_ctrls[ cnt ] = save_ctrls[ cnt ]; } } c.ldctl_oid = LDAP_CONTROL_DONTUSECOPY; c.ldctl_iscritical = 1; BER_BVZERO( &c.ldctl_value ); op->o_ctrls[ cnt ] = &c; } op->o_dontUseCopy = SLAP_CONTROL_CRITICAL; } #endif /* SLAP_AUXPROP_DONTUSECOPY */ rc = op->o_bd->be_search( op, &rs ); #ifdef SLAP_AUXPROP_DONTUSECOPY if ( dontUseCopy ) { if ( save_ctrls != op->o_ctrls ) { op->o_tmpfree( op->o_ctrls, op->o_tmpmemctx ); op->o_ctrls = save_ctrls; op->o_dontUseCopy = save_dontUseCopy; } if ( rs.sr_err == LDAP_UNAVAILABLE && slap_dontUseCopy_ignore ) { op->o_bd = dontUseCopy_bd; dontUseCopy = 0; goto retry_dontUseCopy; } } #endif /* SLAP_AUXPROP_DONTUSECOPY */ } } } #if SASL_VERSION_FULL >= 0x020118 return rc != LDAP_SUCCESS ? SASL_FAIL : SASL_OK; #endif }
int mdb_delete( Operation *op, SlapReply *rs ) { struct mdb_info *mdb = (struct mdb_info *) op->o_bd->be_private; struct berval pdn = {0, NULL}; Entry *e = NULL; Entry *p = NULL; int manageDSAit = get_manageDSAit( op ); AttributeDescription *children = slap_schema.si_ad_children; AttributeDescription *entry = slap_schema.si_ad_entry; MDB_txn *txn = NULL; MDB_cursor *mc; mdb_op_info opinfo = {{{ 0 }}}, *moi = &opinfo; LDAPControl **preread_ctrl = NULL; LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS]; int num_ctrls = 0; int parent_is_glue = 0; int parent_is_leaf = 0; #ifdef LDAP_X_TXN int settle = 0; #endif Debug( LDAP_DEBUG_ARGS, "==> " LDAP_XSTRING(mdb_delete) ": %s\n", op->o_req_dn.bv_val, 0, 0 ); #ifdef LDAP_X_TXN if( op->o_txnSpec ) { /* acquire connection lock */ ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex ); if( op->o_conn->c_txn == CONN_TXN_INACTIVE ) { rs->sr_text = "invalid transaction identifier"; rs->sr_err = LDAP_X_TXN_ID_INVALID; goto txnReturn; } else if( op->o_conn->c_txn == CONN_TXN_SETTLE ) { settle=1; goto txnReturn; } if( op->o_conn->c_txn_backend == NULL ) { op->o_conn->c_txn_backend = op->o_bd; } else if( op->o_conn->c_txn_backend != op->o_bd ) { rs->sr_text = "transaction cannot span multiple database contexts"; rs->sr_err = LDAP_AFFECTS_MULTIPLE_DSAS; goto txnReturn; } /* insert operation into transaction */ rs->sr_text = "transaction specified"; rs->sr_err = LDAP_X_TXN_SPECIFY_OKAY; txnReturn: /* release connection lock */ ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex ); if( !settle ) { send_ldap_result( op, rs ); return rs->sr_err; } } #endif ctrls[num_ctrls] = 0; /* begin transaction */ rs->sr_err = mdb_opinfo_get( op, mdb, 0, &moi ); rs->sr_text = NULL; if( rs->sr_err != 0 ) { Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(mdb_delete) ": txn_begin failed: " "%s (%d)\n", mdb_strerror(rs->sr_err), rs->sr_err, 0 ); rs->sr_err = LDAP_OTHER; rs->sr_text = "internal error"; goto return_results; } txn = moi->moi_txn; /* allocate CSN */ if ( BER_BVISNULL( &op->o_csn ) ) { struct berval csn; char csnbuf[LDAP_PVT_CSNSTR_BUFSIZE]; csn.bv_val = csnbuf; csn.bv_len = sizeof(csnbuf); slap_get_csn( op, &csn, 1 ); } if ( !be_issuffix( op->o_bd, &op->o_req_ndn ) ) { dnParent( &op->o_req_ndn, &pdn ); } rs->sr_err = mdb_cursor_open( txn, mdb->mi_dn2id, &mc ); if ( rs->sr_err ) { rs->sr_err = LDAP_OTHER; rs->sr_text = "internal error"; goto return_results; } /* get parent */ rs->sr_err = mdb_dn2entry( op, txn, mc, &pdn, &p, NULL, 1 ); switch( rs->sr_err ) { case 0: case MDB_NOTFOUND: break; case LDAP_BUSY: rs->sr_text = "ldap server busy"; goto return_results; default: rs->sr_err = LDAP_OTHER; rs->sr_text = "internal error"; goto return_results; } if ( rs->sr_err == MDB_NOTFOUND ) { Debug( LDAP_DEBUG_ARGS, "<=- " LDAP_XSTRING(mdb_delete) ": no such object %s\n", op->o_req_dn.bv_val, 0, 0); if ( p && !BER_BVISEMPTY( &p->e_name )) { rs->sr_matched = ch_strdup( p->e_name.bv_val ); if ( is_entry_referral( p )) { BerVarray ref = get_entry_referrals( op, p ); rs->sr_ref = referral_rewrite( ref, &p->e_name, &op->o_req_dn, LDAP_SCOPE_DEFAULT ); ber_bvarray_free( ref ); } else { rs->sr_ref = NULL; } } else { rs->sr_ref = referral_rewrite( default_referral, NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT ); } if ( p ) { mdb_entry_return( op, p ); p = NULL; } rs->sr_err = LDAP_REFERRAL; rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED; goto return_results; } /* get entry */ rs->sr_err = mdb_dn2entry( op, txn, mc, &op->o_req_ndn, &e, NULL, 0 ); switch( rs->sr_err ) { case MDB_NOTFOUND: e = p; p = NULL; case 0: break; case LDAP_BUSY: rs->sr_text = "ldap server busy"; goto return_results; default: rs->sr_err = LDAP_OTHER; rs->sr_text = "internal error"; goto return_results; } /* FIXME : dn2entry() should return non-glue entry */ if ( rs->sr_err == MDB_NOTFOUND || ( !manageDSAit && is_entry_glue( e ))) { Debug( LDAP_DEBUG_ARGS, "<=- " LDAP_XSTRING(mdb_delete) ": no such object %s\n", op->o_req_dn.bv_val, 0, 0); rs->sr_matched = ch_strdup( e->e_dn ); if ( is_entry_referral( e )) { BerVarray ref = get_entry_referrals( op, e ); rs->sr_ref = referral_rewrite( ref, &e->e_name, &op->o_req_dn, LDAP_SCOPE_DEFAULT ); ber_bvarray_free( ref ); } else { rs->sr_ref = NULL; } mdb_entry_return( op, e ); e = NULL; rs->sr_err = LDAP_REFERRAL; rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED; goto return_results; } if ( pdn.bv_len != 0 ) { /* check parent for "children" acl */ rs->sr_err = access_allowed( op, p, children, NULL, ACL_WDEL, NULL ); if ( !rs->sr_err ) { Debug( LDAP_DEBUG_TRACE, "<=- " LDAP_XSTRING(mdb_delete) ": no write " "access to parent\n", 0, 0, 0 ); rs->sr_err = LDAP_INSUFFICIENT_ACCESS; rs->sr_text = "no write access to parent"; goto return_results; } } else { /* no parent, must be root to delete */ if( ! be_isroot( op ) ) { if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv ) || be_shadow_update( op ) ) { p = (Entry *)&slap_entry_root; /* check parent for "children" acl */ rs->sr_err = access_allowed( op, p, children, NULL, ACL_WDEL, NULL ); p = NULL; if ( !rs->sr_err ) { Debug( LDAP_DEBUG_TRACE, "<=- " LDAP_XSTRING(mdb_delete) ": no access to parent\n", 0, 0, 0 ); rs->sr_err = LDAP_INSUFFICIENT_ACCESS; rs->sr_text = "no write access to parent"; goto return_results; } } else { Debug( LDAP_DEBUG_TRACE, "<=- " LDAP_XSTRING(mdb_delete) ": no parent and not root\n", 0, 0, 0 ); rs->sr_err = LDAP_INSUFFICIENT_ACCESS; goto return_results; } } } if ( get_assert( op ) && ( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE )) { rs->sr_err = LDAP_ASSERTION_FAILED; goto return_results; } rs->sr_err = access_allowed( op, e, entry, NULL, ACL_WDEL, NULL ); if ( !rs->sr_err ) { Debug( LDAP_DEBUG_TRACE, "<=- " LDAP_XSTRING(mdb_delete) ": no write access " "to entry\n", 0, 0, 0 ); rs->sr_err = LDAP_INSUFFICIENT_ACCESS; rs->sr_text = "no write access to entry"; goto return_results; } if ( !manageDSAit && is_entry_referral( e ) ) { /* entry is a referral, don't allow delete */ rs->sr_ref = get_entry_referrals( op, e ); Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(mdb_delete) ": entry is referral\n", 0, 0, 0 ); rs->sr_err = LDAP_REFERRAL; rs->sr_matched = ch_strdup( e->e_name.bv_val ); rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED; goto return_results; } /* pre-read */ if( op->o_preread ) { if( preread_ctrl == NULL ) { preread_ctrl = &ctrls[num_ctrls++]; ctrls[num_ctrls] = NULL; } if( slap_read_controls( op, rs, e, &slap_pre_read_bv, preread_ctrl ) ) { Debug( LDAP_DEBUG_TRACE, "<=- " LDAP_XSTRING(mdb_delete) ": pre-read " "failed!\n", 0, 0, 0 ); if ( op->o_preread & SLAP_CONTROL_CRITICAL ) { /* FIXME: is it correct to abort * operation if control fails? */ goto return_results; } } } rs->sr_text = NULL; /* Can't do it if we have kids */ rs->sr_err = mdb_dn2id_children( op, txn, e ); if( rs->sr_err != MDB_NOTFOUND ) { switch( rs->sr_err ) { case 0: Debug(LDAP_DEBUG_ARGS, "<=- " LDAP_XSTRING(mdb_delete) ": non-leaf %s\n", op->o_req_dn.bv_val, 0, 0); rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF; rs->sr_text = "subordinate objects must be deleted first"; break; default: Debug(LDAP_DEBUG_ARGS, "<=- " LDAP_XSTRING(mdb_delete) ": has_children failed: %s (%d)\n", mdb_strerror(rs->sr_err), rs->sr_err, 0 ); rs->sr_err = LDAP_OTHER; rs->sr_text = "internal error"; } goto return_results; } /* delete from dn2id */ rs->sr_err = mdb_dn2id_delete( op, mc, e->e_id, 1 ); mdb_cursor_close( mc ); if ( rs->sr_err != 0 ) { Debug(LDAP_DEBUG_TRACE, "<=- " LDAP_XSTRING(mdb_delete) ": dn2id failed: " "%s (%d)\n", mdb_strerror(rs->sr_err), rs->sr_err, 0 ); rs->sr_text = "DN index delete failed"; rs->sr_err = LDAP_OTHER; goto return_results; } /* delete indices for old attributes */ rs->sr_err = mdb_index_entry_del( op, txn, e ); if ( rs->sr_err != LDAP_SUCCESS ) { Debug(LDAP_DEBUG_TRACE, "<=- " LDAP_XSTRING(mdb_delete) ": index failed: " "%s (%d)\n", mdb_strerror(rs->sr_err), rs->sr_err, 0 ); rs->sr_text = "entry index delete failed"; rs->sr_err = LDAP_OTHER; goto return_results; } /* fixup delete CSN */ if ( !SLAP_SHADOW( op->o_bd )) { struct berval vals[2]; assert( !BER_BVISNULL( &op->o_csn ) ); vals[0] = op->o_csn; BER_BVZERO( &vals[1] ); rs->sr_err = mdb_index_values( op, txn, slap_schema.si_ad_entryCSN, vals, 0, SLAP_INDEX_ADD_OP ); if ( rs->sr_err != LDAP_SUCCESS ) { rs->sr_text = "entryCSN index update failed"; rs->sr_err = LDAP_OTHER; goto return_results; } } /* delete from id2entry */ rs->sr_err = mdb_id2entry_delete( op->o_bd, txn, e ); if ( rs->sr_err != 0 ) { Debug( LDAP_DEBUG_TRACE, "<=- " LDAP_XSTRING(mdb_delete) ": id2entry failed: " "%s (%d)\n", mdb_strerror(rs->sr_err), rs->sr_err, 0 ); rs->sr_text = "entry delete failed"; rs->sr_err = LDAP_OTHER; goto return_results; } if ( pdn.bv_len != 0 ) { parent_is_glue = is_entry_glue(p); rs->sr_err = mdb_dn2id_children( op, txn, p ); if ( rs->sr_err != MDB_NOTFOUND ) { switch( rs->sr_err ) { case 0: break; default: Debug(LDAP_DEBUG_ARGS, "<=- " LDAP_XSTRING(mdb_delete) ": has_children failed: %s (%d)\n", mdb_strerror(rs->sr_err), rs->sr_err, 0 ); rs->sr_err = LDAP_OTHER; rs->sr_text = "internal error"; goto return_results; } parent_is_leaf = 1; } mdb_entry_return( op, p ); p = NULL; } if( moi == &opinfo ) { LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.moi_oe, OpExtra, oe_next ); opinfo.moi_oe.oe_key = NULL; if( op->o_noop ) { mdb_txn_abort( txn ); rs->sr_err = LDAP_X_NO_OPERATION; txn = NULL; goto return_results; } else { rs->sr_err = mdb_txn_commit( txn ); } txn = NULL; } if( rs->sr_err != 0 ) { Debug( LDAP_DEBUG_ANY, LDAP_XSTRING(mdb_delete) ": txn_%s failed: %s (%d)\n", op->o_noop ? "abort (no-op)" : "commit", mdb_strerror(rs->sr_err), rs->sr_err ); rs->sr_err = LDAP_OTHER; rs->sr_text = "commit failed"; goto return_results; } Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(mdb_delete) ": deleted%s id=%08lx dn=\"%s\"\n", op->o_noop ? " (no-op)" : "", e->e_id, op->o_req_dn.bv_val ); rs->sr_err = LDAP_SUCCESS; rs->sr_text = NULL; if( num_ctrls ) rs->sr_ctrls = ctrls; return_results: if ( rs->sr_err == LDAP_SUCCESS && parent_is_glue && parent_is_leaf ) { op->o_delete_glue_parent = 1; } if ( p != NULL ) { mdb_entry_return( op, p ); } /* free entry */ if( e != NULL ) { mdb_entry_return( op, e ); } if( moi == &opinfo ) { if( txn != NULL ) { mdb_txn_abort( txn ); } if ( opinfo.moi_oe.oe_key ) { LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.moi_oe, OpExtra, oe_next ); } } else { moi->moi_ref--; } send_ldap_result( op, rs ); slap_graduate_commit_csn( op ); if( preread_ctrl != NULL && (*preread_ctrl) != NULL ) { slap_sl_free( (*preread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx ); slap_sl_free( *preread_ctrl, op->o_tmpmemctx ); } #if 0 if( rs->sr_err == LDAP_SUCCESS && mdb->bi_txn_cp_kbyte ) { TXN_CHECKPOINT( mdb->bi_dbenv, mdb->bi_txn_cp_kbyte, mdb->bi_txn_cp_min, 0 ); } #endif return rs->sr_err; }