int
ldap_back_mapping ( struct ldapmap *map, struct berval *s, struct ldapmapping **m,
int remap )
{
Avlnode *tree;
struct ldapmapping fmapping;
assert( m != NULL );
/* let special attrnames slip through (ITS#5760) */
if ( bvmatch( s, slap_bv_no_attrs )
|| bvmatch( s, slap_bv_all_user_attrs )
|| bvmatch( s, slap_bv_all_operational_attrs ) )
{
*m = NULL;
return 0;
}
if ( remap == BACKLDAP_REMAP ) {
tree = map->remap;
} else {
tree = map->map;
}
fmapping.src = *s;
*m = (struct ldapmapping *)avl_find( tree, (caddr_t)&fmapping, mapping_cmp );
if ( *m == NULL ) {
return map->drop_missing;
}
return 0;
}
static int
ldap_back_monitor_update(
Operation *op,
SlapReply *rs,
Entry *e,
void *priv )
{
ldapinfo_t *li = (ldapinfo_t *)priv;
Attribute *a;
/* update olmDbURIList */
a = attr_find( e->e_attrs, ad_olmDbURIList );
if ( a != NULL ) {
struct berval bv;
assert( a->a_vals != NULL );
assert( !BER_BVISNULL( &a->a_vals[ 0 ] ) );
assert( BER_BVISNULL( &a->a_vals[ 1 ] ) );
ldap_pvt_thread_mutex_lock( &li->li_uri_mutex );
if ( li->li_uri ) {
ber_str2bv( li->li_uri, 0, 0, &bv );
if ( !bvmatch( &a->a_vals[ 0 ], &bv ) ) {
ber_bvreplace( &a->a_vals[ 0 ], &bv );
}
}
ldap_pvt_thread_mutex_unlock( &li->li_uri_mutex );
}
return SLAP_CB_CONTINUE;
}
static BerVarray
set_parent( SetCookie *cp, BerVarray set, int level )
{
int i, j, last;
struct berval bv;
BerVarray nset;
if ( set == NULL ) {
set = cp->set_op->o_tmpcalloc( 1, sizeof( struct berval ),
cp->set_op->o_tmpmemctx );
if ( set != NULL ) {
BER_BVZERO( &set[ 0 ] );
}
return set;
}
if ( BER_BVISNULL( &set[ 0 ] ) ) {
return set;
}
nset = cp->set_op->o_tmpcalloc( slap_set_size( set ) + 1, sizeof( struct berval ), cp->set_op->o_tmpmemctx );
if ( nset == NULL ) {
ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );
return NULL;
}
BER_BVZERO( &nset[ 0 ] );
last = 0;
for ( i = 0; !BER_BVISNULL( &set[ i ] ); i++ ) {
bv = set[ i ];
for ( j = 0 ; j < level ; j++ ) {
dnParent( &bv, &bv );
}
for ( j = 0; !BER_BVISNULL( &nset[ j ] ); j++ ) {
if ( bvmatch( &bv, &nset[ j ] ) )
{
break;
}
}
if ( BER_BVISNULL( &nset[ j ] ) ) {
ber_dupbv_x( &nset[ last ], &bv, cp->set_op->o_tmpmemctx );
last++;
}
}
BER_BVZERO( &nset[ last ] );
ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );
return nset;
}
static int
constraint_check_restrict( Operation *op, constraint *c, Entry *e )
{
assert( c->restrict_lud != NULL );
if ( c->restrict_lud->lud_dn != NULL ) {
int diff = e->e_nname.bv_len - c->restrict_ndn.bv_len;
if ( diff < 0 ) {
return 0;
}
if ( c->restrict_lud->lud_scope == LDAP_SCOPE_BASE ) {
return bvmatch( &e->e_nname, &c->restrict_ndn );
}
if ( !dnIsSuffix( &e->e_nname, &c->restrict_ndn ) ) {
return 0;
}
if ( c->restrict_lud->lud_scope != LDAP_SCOPE_SUBTREE ) {
struct berval pdn;
if ( diff == 0 ) {
return 0;
}
dnParent( &e->e_nname, &pdn );
if ( c->restrict_lud->lud_scope == LDAP_SCOPE_ONELEVEL
&& pdn.bv_len != c->restrict_ndn.bv_len )
{
return 0;
}
}
}
if ( c->restrict_filter != NULL ) {
int rc;
struct berval save_dn = op->o_dn, save_ndn = op->o_ndn;
op->o_dn = op->o_bd->be_rootdn;
op->o_ndn = op->o_bd->be_rootndn;
rc = test_filter( op, e, c->restrict_filter );
op->o_dn = save_dn;
op->o_ndn = save_ndn;
if ( rc != LDAP_COMPARE_TRUE ) {
return 0;
}
}
return 1;
}
static struct extop_list *
find_extop( struct extop_list *list, struct berval *oid )
{
struct extop_list *ext;
for (ext = list; ext; ext = ext->next) {
if (bvmatch(&ext->oid, oid))
return(ext);
}
return(NULL);
}
int
unload_extop(
const struct berval *ext_oid,
SLAP_EXTOP_MAIN_FN *ext_main,
unsigned flags )
{
struct berval oidm = BER_BVNULL;
struct extop_list *ext, **extp;
/* oid must be given */
if ( ext_oid == NULL || BER_BVISNULL( ext_oid ) ||
BER_BVISEMPTY( ext_oid ) )
{
return -1;
}
/* if it's not an oid, check if it's a macto */
if ( numericoidValidate( NULL, (struct berval *)ext_oid ) !=
LDAP_SUCCESS )
{
oidm.bv_val = oidm_find( ext_oid->bv_val );
if ( oidm.bv_val == NULL ) {
return -1;
}
oidm.bv_len = strlen( oidm.bv_val );
ext_oid = &oidm;
}
/* lookup the oid */
for ( extp = &supp_ext_list; *extp; extp = &(*extp)->next ) {
if ( bvmatch( ext_oid, &(*extp)->oid ) ) {
/* if ext_main is given, only remove if it matches */
if ( ext_main != NULL && (*extp)->ext_main != ext_main ) {
return -1;
}
break;
}
}
if ( *extp == NULL ) {
return -1;
}
ext = *extp;
*extp = (*extp)->next;
ch_free( ext );
return 0;
}
int
ldap_back_extended(
Operation *op,
SlapReply *rs )
{
int i;
for ( i = 0; exop_table[i].extended != NULL; i++ ) {
if ( bvmatch( &exop_table[i].oid, &op->oq_extended.rs_reqoid ) )
{
return ldap_back_extended_one( op, rs, exop_table[i].extended );
}
}
/* if we get here, the exop is known; the best that we can do
* is pass it thru as is */
/* FIXME: maybe a list of OIDs to pass thru would be safer */
return ldap_back_extended_one( op, rs, ldap_back_exop_generic );
}
static int translucent_exop(Operation *op, SlapReply *rs) {
slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
translucent_info *ov = on->on_bi.bi_private;
const struct berval bv_exop_pwmod = BER_BVC(LDAP_EXOP_MODIFY_PASSWD);
Debug(LDAP_DEBUG_TRACE, "==> translucent_exop: %s\n",
op->o_req_dn.bv_val, 0, 0);
if(ov->defer_db_open) {
send_ldap_error(op, rs, LDAP_UNAVAILABLE,
"remote DB not available");
return(rs->sr_err);
}
if ( bvmatch( &bv_exop_pwmod, &op->ore_reqoid ) ) {
return translucent_pwmod( op, rs );
}
return SLAP_CB_CONTINUE;
}
int
mdb_search( Operation *op, SlapReply *rs )
{
struct mdb_info *mdb = (struct mdb_info *) op->o_bd->be_private;
ID id, cursor;
ID lastid = NOID;
ID candidates[MDB_IDL_UM_SIZE];
ID2 *scopes;
Entry *e = NULL, *base = NULL;
Entry *matched = NULL;
AttributeName *attrs;
slap_mask_t mask;
time_t stoptime;
int manageDSAit;
int tentries = 0;
IdScopes isc;
MDB_cursor *mci;
mdb_op_info opinfo = {{{0}}}, *moi = &opinfo;
MDB_txn *ltid = NULL;
Debug( LDAP_DEBUG_TRACE, "=> " LDAP_XSTRING(mdb_search) "\n", 0, 0, 0);
attrs = op->oq_search.rs_attrs;
manageDSAit = get_manageDSAit( op );
rs->sr_err = mdb_opinfo_get( op, mdb, 1, &moi );
switch(rs->sr_err) {
case 0:
break;
default:
send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
return rs->sr_err;
}
ltid = moi->moi_txn;
rs->sr_err = mdb_cursor_open( ltid, mdb->mi_id2entry, &mci );
if ( rs->sr_err ) {
send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
return rs->sr_err;
}
scopes = scope_chunk_get( op );
isc.mt = ltid;
isc.mc = NULL;
isc.scopes = scopes;
if ( op->ors_deref & LDAP_DEREF_FINDING ) {
MDB_IDL_ZERO(candidates);
}
dn2entry_retry:
/* get entry with reader lock */
rs->sr_err = mdb_dn2entry( op, ltid, NULL, &op->o_req_ndn, &e, 1 );
switch(rs->sr_err) {
case MDB_NOTFOUND:
matched = e;
e = NULL;
break;
case 0:
break;
case LDAP_BUSY:
send_ldap_error( op, rs, LDAP_BUSY, "ldap server busy" );
goto done;
default:
send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
goto done;
}
if ( op->ors_deref & LDAP_DEREF_FINDING ) {
if ( matched && is_entry_alias( matched )) {
struct berval stub;
stub.bv_val = op->o_req_ndn.bv_val;
stub.bv_len = op->o_req_ndn.bv_len - matched->e_nname.bv_len - 1;
e = deref_base( op, rs, matched, &matched, ltid,
candidates, NULL );
if ( e ) {
build_new_dn( &op->o_req_ndn, &e->e_nname, &stub,
op->o_tmpmemctx );
mdb_entry_return(op, e);
matched = NULL;
goto dn2entry_retry;
}
} else if ( e && is_entry_alias( e )) {
e = deref_base( op, rs, e, &matched, ltid,
candidates, NULL );
}
}
if ( e == NULL ) {
struct berval matched_dn = BER_BVNULL;
if ( matched != NULL ) {
BerVarray erefs = NULL;
/* return referral only if "disclose"
* is granted on the object */
if ( ! access_allowed( op, matched,
slap_schema.si_ad_entry,
NULL, ACL_DISCLOSE, NULL ) )
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
} else {
ber_dupbv( &matched_dn, &matched->e_name );
erefs = is_entry_referral( matched )
? get_entry_referrals( op, matched )
: NULL;
if ( rs->sr_err == MDB_NOTFOUND )
rs->sr_err = LDAP_REFERRAL;
rs->sr_matched = matched_dn.bv_val;
}
mdb_entry_return(op, matched);
matched = NULL;
if ( erefs ) {
rs->sr_ref = referral_rewrite( erefs, &matched_dn,
&op->o_req_dn, op->oq_search.rs_scope );
ber_bvarray_free( erefs );
}
} else {
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, op->oq_search.rs_scope );
rs->sr_err = rs->sr_ref != NULL ? LDAP_REFERRAL : LDAP_NO_SUCH_OBJECT;
}
send_ldap_result( op, rs );
if ( rs->sr_ref ) {
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
}
if ( !BER_BVISNULL( &matched_dn ) ) {
ber_memfree( matched_dn.bv_val );
rs->sr_matched = NULL;
}
goto done;
}
/* NOTE: __NEW__ "search" access is required
* on searchBase object */
if ( ! access_allowed_mask( op, e, slap_schema.si_ad_entry,
NULL, ACL_SEARCH, NULL, &mask ) )
{
if ( !ACL_GRANT( mask, ACL_DISCLOSE ) ) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
} else {
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
}
mdb_entry_return( op,e);
send_ldap_result( op, rs );
goto done;
}
if ( !manageDSAit && is_entry_referral( e ) ) {
/* entry is a referral */
struct berval matched_dn = BER_BVNULL;
BerVarray erefs = NULL;
ber_dupbv( &matched_dn, &e->e_name );
erefs = get_entry_referrals( op, e );
rs->sr_err = LDAP_REFERRAL;
mdb_entry_return( op, e );
e = NULL;
if ( erefs ) {
rs->sr_ref = referral_rewrite( erefs, &matched_dn,
&op->o_req_dn, op->oq_search.rs_scope );
ber_bvarray_free( erefs );
if ( !rs->sr_ref ) {
rs->sr_text = "bad_referral object";
}
}
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_search) ": entry is referral\n",
0, 0, 0 );
rs->sr_matched = matched_dn.bv_val;
send_ldap_result( op, rs );
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
ber_memfree( matched_dn.bv_val );
rs->sr_matched = NULL;
goto done;
}
if ( get_assert( op ) &&
( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
{
rs->sr_err = LDAP_ASSERTION_FAILED;
mdb_entry_return( op,e);
send_ldap_result( op, rs );
goto done;
}
/* compute it anyway; root does not use it */
stoptime = op->o_time + op->ors_tlimit;
base = e;
e = NULL;
/* select candidates */
if ( op->oq_search.rs_scope == LDAP_SCOPE_BASE ) {
rs->sr_err = base_candidate( op->o_bd, base, candidates );
} else {
MDB_IDL_ZERO( candidates );
scopes[0].mid = 1;
scopes[1].mid = base->e_id;
scopes[1].mval.mv_data = NULL;
rs->sr_err = search_candidates( op, rs, base,
ltid, mci, candidates, scopes );
}
/* start cursor at beginning of candidates.
*/
cursor = 0;
if ( candidates[0] == 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_search) ": no candidates\n",
0, 0, 0 );
goto nochange;
}
/* if not root and candidates exceed to-be-checked entries, abort */
if ( op->ors_limit /* isroot == FALSE */ &&
op->ors_limit->lms_s_unchecked != -1 &&
MDB_IDL_N(candidates) > (unsigned) op->ors_limit->lms_s_unchecked )
{
rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
send_ldap_result( op, rs );
rs->sr_err = LDAP_SUCCESS;
goto done;
}
if ( op->ors_limit == NULL /* isroot == TRUE */ ||
!op->ors_limit->lms_s_pr_hide )
{
tentries = MDB_IDL_N(candidates);
}
if ( get_pagedresults( op ) > SLAP_CONTROL_IGNORED ) {
PagedResultsState *ps = op->o_pagedresults_state;
/* deferred cookie parsing */
rs->sr_err = parse_paged_cookie( op, rs );
if ( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto done;
}
cursor = (ID) ps->ps_cookie;
if ( cursor && ps->ps_size == 0 ) {
rs->sr_err = LDAP_SUCCESS;
rs->sr_text = "search abandoned by pagedResult size=0";
send_ldap_result( op, rs );
goto done;
}
id = mdb_idl_first( candidates, &cursor );
if ( id == NOID ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_search)
": no paged results candidates\n",
0, 0, 0 );
send_paged_response( op, rs, &lastid, 0 );
rs->sr_err = LDAP_OTHER;
goto done;
}
if ( id == (ID)ps->ps_cookie )
id = mdb_idl_next( candidates, &cursor );
goto loop_begin;
}
for ( id = mdb_idl_first( candidates, &cursor );
id != NOID ; id = mdb_idl_next( candidates, &cursor ) )
{
int scopeok;
MDB_val edata;
loop_begin:
/* check for abandon */
if ( op->o_abandon ) {
rs->sr_err = SLAPD_ABANDON;
send_ldap_result( op, rs );
goto done;
}
/* mostly needed by internal searches,
* e.g. related to syncrepl, for whom
* abandon does not get set... */
if ( slapd_shutdown ) {
rs->sr_err = LDAP_UNAVAILABLE;
send_ldap_disconnect( op, rs );
goto done;
}
/* check time limit */
if ( op->ors_tlimit != SLAP_NO_LIMIT
&& slap_get_time() > stoptime )
{
rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
rs->sr_ref = rs->sr_v2ref;
send_ldap_result( op, rs );
rs->sr_err = LDAP_SUCCESS;
goto done;
}
if ( id == base->e_id ) {
e = base;
} else {
/* get the entry */
rs->sr_err = mdb_id2edata( op, mci, id, &edata );
if ( rs->sr_err == MDB_NOTFOUND ) {
if( !MDB_IDL_IS_RANGE(candidates) ) {
/* only complain for non-range IDLs */
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_search)
": candidate %ld not found\n",
(long) id, 0, 0 );
} else {
/* get the next ID from the DB */
rs->sr_err = mdb_get_nextid( mci, &cursor );
if ( rs->sr_err == MDB_NOTFOUND ) {
break;
}
if ( rs->sr_err ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error in get_nextid";
send_ldap_result( op, rs );
goto done;
}
cursor--;
}
goto loop_continue;
} else if ( rs->sr_err ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error in mdb_id2edata";
send_ldap_result( op, rs );
goto done;
}
}
/* Does this candidate actually satisfy the search scope?
*/
scopeok = 0;
isc.numrdns = 0;
switch( op->ors_scope ) {
case LDAP_SCOPE_BASE:
/* This is always true, yes? */
if ( id == base->e_id ) scopeok = 1;
break;
#ifdef LDAP_SCOPE_CHILDREN
case LDAP_SCOPE_CHILDREN:
if ( id == base->e_id ) break;
/* Fall-thru */
#endif
case LDAP_SCOPE_SUBTREE:
if ( id == base->e_id ) {
scopeok = 1;
break;
}
/* Fall-thru */
case LDAP_SCOPE_ONELEVEL:
isc.id = id;
if ( mdb_idscopes( op, &isc ) == MDB_SUCCESS ) scopeok = 1;
break;
}
/* Not in scope, ignore it */
if ( !scopeok )
{
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_search)
": %ld scope not okay\n",
(long) id, 0, 0 );
goto loop_continue;
}
if ( id != base->e_id ) {
rs->sr_err = mdb_entry_decode( op, &edata, &e );
if ( rs->sr_err ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error in mdb_entry_decode";
send_ldap_result( op, rs );
goto done;
}
e->e_id = id;
e->e_name.bv_val = NULL;
e->e_nname.bv_val = NULL;
}
if ( is_entry_subentry( e ) ) {
if( op->oq_search.rs_scope != LDAP_SCOPE_BASE ) {
if(!get_subentries_visibility( op )) {
/* only subentries are visible */
goto loop_continue;
}
} else if ( get_subentries( op ) &&
!get_subentries_visibility( op ))
{
/* only subentries are visible */
goto loop_continue;
}
} else if ( get_subentries_visibility( op )) {
/* only subentries are visible */
goto loop_continue;
}
/* aliases were already dereferenced in candidate list */
if ( op->ors_deref & LDAP_DEREF_SEARCHING ) {
/* but if the search base is an alias, and we didn't
* deref it when finding, return it.
*/
if ( is_entry_alias(e) &&
((op->ors_deref & LDAP_DEREF_FINDING) ||
!bvmatch(&e->e_nname, &op->o_req_ndn)))
{
goto loop_continue;
}
}
if ( !manageDSAit && is_entry_glue( e )) {
goto loop_continue;
}
if (e != base) {
struct berval pdn, pndn;
char *d, *n;
int i;
/* child of base, just append RDNs to base->e_name */
if ( isc.nscope == 1 ) {
pdn = base->e_name;
pndn = base->e_nname;
} else {
mdb_id2name( op, ltid, &isc.mc, scopes[isc.nscope].mid, &pdn, &pndn );
}
e->e_name.bv_len = pdn.bv_len;
e->e_nname.bv_len = pndn.bv_len;
for (i=0; i<isc.numrdns; i++) {
e->e_name.bv_len += isc.rdns[i].bv_len + 1;
e->e_nname.bv_len += isc.nrdns[i].bv_len + 1;
}
e->e_name.bv_val = op->o_tmpalloc(e->e_name.bv_len + 1, op->o_tmpmemctx);
e->e_nname.bv_val = op->o_tmpalloc(e->e_nname.bv_len + 1, op->o_tmpmemctx);
d = e->e_name.bv_val;
n = e->e_nname.bv_val;
for (i=0; i<isc.numrdns; i++) {
memcpy(d, isc.rdns[i].bv_val, isc.rdns[i].bv_len);
d += isc.rdns[i].bv_len;
*d++ = ',';
memcpy(n, isc.nrdns[i].bv_val, isc.nrdns[i].bv_len);
n += isc.nrdns[i].bv_len;
*n++ = ',';
}
if (pdn.bv_len) {
memcpy(d, pdn.bv_val, pdn.bv_len+1);
memcpy(n, pndn.bv_val, pndn.bv_len+1);
} else {
*--d = '\0';
*--n = '\0';
e->e_name.bv_len--;
e->e_nname.bv_len--;
}
if (isc.nscope != 1) {
op->o_tmpfree(pndn.bv_val, op->o_tmpmemctx);
op->o_tmpfree(pdn.bv_val, op->o_tmpmemctx);
}
}
/*
* if it's a referral, add it to the list of referrals. only do
* this for non-base searches, and don't check the filter
* explicitly here since it's only a candidate anyway.
*/
if ( !manageDSAit && op->oq_search.rs_scope != LDAP_SCOPE_BASE
&& is_entry_referral( e ) )
{
BerVarray erefs = get_entry_referrals( op, e );
rs->sr_ref = referral_rewrite( erefs, &e->e_name, NULL,
op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL
? LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE );
rs->sr_entry = e;
rs->sr_flags = 0;
send_search_reference( op, rs );
mdb_entry_return( op, e );
rs->sr_entry = NULL;
e = NULL;
ber_bvarray_free( rs->sr_ref );
ber_bvarray_free( erefs );
rs->sr_ref = NULL;
goto loop_continue;
}
/* if it matches the filter and scope, send it */
rs->sr_err = test_filter( op, e, op->oq_search.rs_filter );
if ( rs->sr_err == LDAP_COMPARE_TRUE ) {
/* check size limit */
if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) {
if ( rs->sr_nentries >= ((PagedResultsState *)op->o_pagedresults_state)->ps_size ) {
mdb_entry_return( op, e );
e = NULL;
send_paged_response( op, rs, &lastid, tentries );
goto done;
}
lastid = id;
}
if (e) {
/* safe default */
rs->sr_attrs = op->oq_search.rs_attrs;
rs->sr_operational_attrs = NULL;
rs->sr_ctrls = NULL;
rs->sr_entry = e;
RS_ASSERT( e->e_private != NULL );
rs->sr_flags = 0;
rs->sr_err = LDAP_SUCCESS;
rs->sr_err = send_search_entry( op, rs );
rs->sr_attrs = NULL;
rs->sr_entry = NULL;
if (e != base)
mdb_entry_return( op, e );
e = NULL;
switch ( rs->sr_err ) {
case LDAP_SUCCESS: /* entry sent ok */
break;
default: /* entry not sent */
break;
case LDAP_UNAVAILABLE:
case LDAP_SIZELIMIT_EXCEEDED:
if ( rs->sr_err == LDAP_SIZELIMIT_EXCEEDED ) {
rs->sr_ref = rs->sr_v2ref;
send_ldap_result( op, rs );
rs->sr_err = LDAP_SUCCESS;
} else {
rs->sr_err = LDAP_OTHER;
}
goto done;
}
}
} else {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_search)
": %ld does not match filter\n",
(long) id, 0, 0 );
}
loop_continue:
if( e != NULL ) {
if ( e != base )
mdb_entry_return( op, e );
RS_ASSERT( rs->sr_entry == NULL );
e = NULL;
rs->sr_entry = NULL;
}
}
nochange:
rs->sr_ctrls = NULL;
rs->sr_ref = rs->sr_v2ref;
rs->sr_err = (rs->sr_v2ref == NULL) ? LDAP_SUCCESS : LDAP_REFERRAL;
rs->sr_rspoid = NULL;
if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) {
send_paged_response( op, rs, NULL, 0 );
} else {
send_ldap_result( op, rs );
}
rs->sr_err = LDAP_SUCCESS;
done:
if( isc.mc )
mdb_cursor_close( isc.mc );
if (mci)
mdb_cursor_close( mci );
if ( moi == &opinfo ) {
mdb_txn_reset( moi->moi_txn );
LDAP_SLIST_REMOVE( &op->o_extra, &moi->moi_oe, OpExtra, oe_next );
}
if( rs->sr_v2ref ) {
ber_bvarray_free( rs->sr_v2ref );
rs->sr_v2ref = NULL;
}
if (base)
mdb_entry_return( op,base);
scope_chunk_ret( op, scopes );
return rs->sr_err;
}
int
load_extop2(
const struct berval *ext_oid,
slap_mask_t ext_flags,
SLAP_EXTOP_MAIN_FN *ext_main,
unsigned flags )
{
struct berval oidm = BER_BVNULL;
struct extop_list *ext;
int insertme = 0;
if ( !ext_main ) {
return -1;
}
if ( ext_oid == NULL || BER_BVISNULL( ext_oid ) ||
BER_BVISEMPTY( ext_oid ) )
{
return -1;
}
if ( numericoidValidate( NULL, (struct berval *)ext_oid ) !=
LDAP_SUCCESS )
{
oidm.bv_val = oidm_find( ext_oid->bv_val );
if ( oidm.bv_val == NULL ) {
return -1;
}
oidm.bv_len = strlen( oidm.bv_val );
ext_oid = &oidm;
}
for ( ext = supp_ext_list; ext; ext = ext->next ) {
if ( bvmatch( ext_oid, &ext->oid ) ) {
if ( flags == 1 ) {
break;
}
return -1;
}
}
if ( flags == 0 || ext == NULL ) {
ext = ch_calloc( 1, sizeof(struct extop_list) + ext_oid->bv_len + 1 );
if ( ext == NULL ) {
return(-1);
}
ext->oid.bv_val = (char *)(ext + 1);
AC_MEMCPY( ext->oid.bv_val, ext_oid->bv_val, ext_oid->bv_len );
ext->oid.bv_len = ext_oid->bv_len;
ext->oid.bv_val[ext->oid.bv_len] = '\0';
insertme = 1;
}
ext->flags = ext_flags;
ext->ext_main = ext_main;
if ( insertme ) {
ext->next = supp_ext_list;
supp_ext_list = ext;
}
return(0);
}
int
fe_op_modrdn( Operation *op, SlapReply *rs )
{
struct berval dest_ndn = BER_BVNULL, dest_pndn, pdn = BER_BVNULL;
BackendDB *op_be, *bd = op->o_bd;
ber_slen_t diff;
if( op->o_req_ndn.bv_len == 0 ) {
Debug( LDAP_DEBUG_ANY, "%s do_modrdn: root dse!\n",
op->o_log_prefix, 0, 0 );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"cannot rename the root DSE" );
goto cleanup;
} else if ( bvmatch( &op->o_req_ndn, &frontendDB->be_schemandn ) ) {
Debug( LDAP_DEBUG_ANY, "%s do_modrdn: subschema subentry: %s (%ld)\n",
op->o_log_prefix, frontendDB->be_schemandn.bv_val, (long)frontendDB->be_schemandn.bv_len );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"cannot rename subschema subentry" );
goto cleanup;
}
if( op->orr_nnewSup ) {
dest_pndn = *op->orr_nnewSup;
} else {
dnParent( &op->o_req_ndn, &dest_pndn );
}
build_new_dn( &dest_ndn, &dest_pndn, &op->orr_nnewrdn, op->o_tmpmemctx );
diff = (ber_slen_t) dest_ndn.bv_len - (ber_slen_t) op->o_req_ndn.bv_len;
if ( diff > 0 ? dnIsSuffix( &dest_ndn, &op->o_req_ndn )
: diff < 0 && dnIsSuffix( &op->o_req_ndn, &dest_ndn ) )
{
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
diff > 0 ? "cannot place an entry below itself"
: "cannot place an entry above itself" );
goto cleanup;
}
/*
* We could be serving multiple database backends. Select the
* appropriate one, or send a referral to our "referral server"
* if we don't hold it.
*/
op->o_bd = select_backend( &op->o_req_ndn, 1 );
if ( op->o_bd == NULL ) {
op->o_bd = bd;
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
if (!rs->sr_ref) rs->sr_ref = default_referral;
if ( rs->sr_ref != NULL ) {
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
if (rs->sr_ref != default_referral) ber_bvarray_free( rs->sr_ref );
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"no global superior knowledge" );
}
goto cleanup;
}
/* If we've got a glued backend, check the real backend */
op_be = op->o_bd;
if ( SLAP_GLUE_INSTANCE( op->o_bd )) {
op->o_bd = select_backend( &op->o_req_ndn, 0 );
}
/* check restrictions */
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
/* check for referrals */
if ( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) {
goto cleanup;
}
/* check that destination DN is in the same backend as source DN */
if ( select_backend( &dest_ndn, 0 ) != op->o_bd ) {
send_ldap_error( op, rs, LDAP_AFFECTS_MULTIPLE_DSAS,
"cannot rename between DSAs" );
goto cleanup;
}
/*
* do the modrdn if 1 && (2 || 3)
* 1) there is a modrdn function implemented in this backend;
* 2) this backend is master for what it holds;
* 3) it's a replica and the dn supplied is the update_ndn.
*/
if ( op->o_bd->be_modrdn ) {
/* do the update here */
int repl_user = be_isupdate( op );
if ( !SLAP_SINGLE_SHADOW(op->o_bd) || repl_user )
{
op->o_bd = op_be;
op->o_bd->be_modrdn( op, rs );
if ( op->o_bd->be_delete ) {
struct berval org_req_dn = BER_BVNULL;
struct berval org_req_ndn = BER_BVNULL;
struct berval org_dn = BER_BVNULL;
struct berval org_ndn = BER_BVNULL;
int org_managedsait;
org_req_dn = op->o_req_dn;
org_req_ndn = op->o_req_ndn;
org_dn = op->o_dn;
org_ndn = op->o_ndn;
org_managedsait = get_manageDSAit( op );
op->o_dn = op->o_bd->be_rootdn;
op->o_ndn = op->o_bd->be_rootndn;
op->o_managedsait = SLAP_CONTROL_NONCRITICAL;
while ( rs->sr_err == LDAP_SUCCESS &&
op->o_delete_glue_parent ) {
op->o_delete_glue_parent = 0;
if ( !be_issuffix( op->o_bd, &op->o_req_ndn )) {
slap_callback cb = { NULL };
cb.sc_response = slap_null_cb;
dnParent( &op->o_req_ndn, &pdn );
op->o_req_dn = pdn;
op->o_req_ndn = pdn;
op->o_callback = &cb;
op->o_bd->be_delete( op, rs );
} else {
break;
}
}
op->o_managedsait = org_managedsait;
op->o_dn = org_dn;
op->o_ndn = org_ndn;
op->o_req_dn = org_req_dn;
op->o_req_ndn = org_req_ndn;
op->o_delete_glue_parent = 0;
}
} else {
BerVarray defref = op->o_bd->be_update_refs
? op->o_bd->be_update_refs : default_referral;
if ( defref != NULL ) {
rs->sr_ref = referral_rewrite( defref,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
if (!rs->sr_ref) rs->sr_ref = defref;
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
if (rs->sr_ref != defref) ber_bvarray_free( rs->sr_ref );
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"shadow context; no update referral" );
}
}
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported within namingContext" );
}
cleanup:;
if ( dest_ndn.bv_val != NULL )
ber_memfree_x( dest_ndn.bv_val, op->o_tmpmemctx );
op->o_bd = bd;
return rs->sr_err;
}
int
fe_op_modify( Operation *op, SlapReply *rs )
{
BackendDB *op_be, *bd = op->o_bd;
char textbuf[ SLAP_TEXT_BUFLEN ];
size_t textlen = sizeof( textbuf );
if ( BER_BVISEMPTY( &op->o_req_ndn ) ) {
Debug( LDAP_DEBUG_ANY, "%s do_modify: root dse!\n",
op->o_log_prefix, 0, 0 );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"modify upon the root DSE not supported" );
goto cleanup;
} else if ( bvmatch( &op->o_req_ndn, &frontendDB->be_schemandn ) ) {
Debug( LDAP_DEBUG_ANY, "%s do_modify: subschema subentry!\n",
op->o_log_prefix, 0, 0 );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"modification of subschema subentry not supported" );
goto cleanup;
}
/*
* We could be serving multiple database backends. Select the
* appropriate one, or send a referral to our "referral server"
* if we don't hold it.
*/
op->o_bd = select_backend( &op->o_req_ndn, 1 );
if ( op->o_bd == NULL ) {
op->o_bd = bd;
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
if ( !rs->sr_ref ) {
rs->sr_ref = default_referral;
}
if ( rs->sr_ref != NULL ) {
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
if ( rs->sr_ref != default_referral ) {
ber_bvarray_free( rs->sr_ref );
}
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"no global superior knowledge" );
}
goto cleanup;
}
/* If we've got a glued backend, check the real backend */
op_be = op->o_bd;
if ( SLAP_GLUE_INSTANCE( op->o_bd )) {
op->o_bd = select_backend( &op->o_req_ndn, 0 );
}
/* check restrictions */
if ( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
/* check for referrals */
if ( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) {
goto cleanup;
}
rs->sr_err = slap_mods_obsolete_check( op, op->orm_modlist,
&rs->sr_text, textbuf, textlen );
if ( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
/* check for modify/increment support */
if ( op->orm_increment && !SLAP_INCREMENT( op->o_bd ) ) {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"modify/increment not supported in context" );
goto cleanup;
}
/*
* do the modify if 1 && (2 || 3)
* 1) there is a modify function implemented in this backend;
* 2) this backend is master for what it holds;
* 3) it's a replica and the dn supplied is the update_ndn.
*/
if ( op->o_bd->be_modify ) {
/* do the update here */
int repl_user = be_isupdate( op );
/*
* Multimaster slapd does not have to check for replicator dn
* because it accepts each modify request
*/
if ( !SLAP_SINGLE_SHADOW(op->o_bd) || repl_user ) {
int update = !BER_BVISEMPTY( &op->o_bd->be_update_ndn );
op->o_bd = op_be;
if ( !update ) {
rs->sr_err = slap_mods_no_user_mod_check( op, op->orm_modlist,
&rs->sr_text, textbuf, textlen );
if ( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
}
op->o_bd->be_modify( op, rs );
} else { /* send a referral */
BerVarray defref = op->o_bd->be_update_refs
? op->o_bd->be_update_refs : default_referral;
if ( defref != NULL ) {
rs->sr_ref = referral_rewrite( defref,
NULL, &op->o_req_dn,
LDAP_SCOPE_DEFAULT );
if ( rs->sr_ref == NULL ) {
/* FIXME: must duplicate, because
* overlays may muck with it */
rs->sr_ref = defref;
}
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
if ( rs->sr_ref != defref ) {
ber_bvarray_free( rs->sr_ref );
}
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"shadow context; no update referral" );
}
}
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported within namingContext" );
}
cleanup:;
op->o_bd = bd;
return rs->sr_err;
}
int
ndb_back_modrdn( Operation *op, SlapReply *rs )
{
struct ndb_info *ni = (struct ndb_info *) op->o_bd->be_private;
AttributeDescription *children = slap_schema.si_ad_children;
AttributeDescription *entry = slap_schema.si_ad_entry;
struct berval new_dn = BER_BVNULL, new_ndn = BER_BVNULL;
Entry e = {0};
Entry e2 = {0};
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof textbuf;
struct berval *np_dn = NULL; /* newSuperior dn */
struct berval *np_ndn = NULL; /* newSuperior ndn */
int manageDSAit = get_manageDSAit( op );
int num_retries = 0;
NdbArgs NA, NA2;
NdbRdns rdns, rdn2;
struct berval matched;
LDAPControl **preread_ctrl = NULL;
LDAPControl **postread_ctrl = NULL;
LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
int num_ctrls = 0;
int rc;
Debug( LDAP_DEBUG_ARGS, "==>" LDAP_XSTRING(ndb_back_modrdn) "(%s,%s,%s)\n",
op->o_req_dn.bv_val,op->oq_modrdn.rs_newrdn.bv_val,
op->oq_modrdn.rs_newSup ? op->oq_modrdn.rs_newSup->bv_val : "NULL" );
ctrls[num_ctrls] = NULL;
slap_mods_opattrs( op, &op->orr_modlist, 1 );
e.e_name = op->o_req_dn;
e.e_nname = op->o_req_ndn;
/* Get our NDB handle */
rs->sr_err = ndb_thread_handle( op, &NA.ndb );
rdns.nr_num = 0;
NA.rdns = &rdns;
NA.e = &e;
NA2.ndb = NA.ndb;
NA2.e = &e2;
NA2.rdns = &rdn2;
if( 0 ) {
retry: /* transaction retry */
NA.txn->close();
NA.txn = NULL;
if ( e.e_attrs ) {
attrs_free( e.e_attrs );
e.e_attrs = NULL;
}
Debug( LDAP_DEBUG_TRACE, "==>" LDAP_XSTRING(ndb_back_modrdn)
": retrying...\n", 0, 0, 0 );
if ( op->o_abandon ) {
rs->sr_err = SLAPD_ABANDON;
goto return_results;
}
if ( NA2.ocs ) {
ber_bvarray_free_x( NA2.ocs, op->o_tmpmemctx );
}
if ( NA.ocs ) {
ber_bvarray_free_x( NA.ocs, op->o_tmpmemctx );
}
ndb_trans_backoff( ++num_retries );
}
NA.ocs = NULL;
NA2.ocs = NULL;
/* begin transaction */
NA.txn = NA.ndb->startTransaction();
rs->sr_text = NULL;
if( !NA.txn ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_modrdn) ": startTransaction failed: %s (%d)\n",
NA.ndb->getNdbError().message, NA.ndb->getNdbError().code, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
NA2.txn = NA.txn;
/* get entry */
rs->sr_err = ndb_entry_get_info( op, &NA, 1, &matched );
switch( rs->sr_err ) {
case 0:
break;
case LDAP_NO_SUCH_OBJECT:
Debug( LDAP_DEBUG_ARGS,
"<=- ndb_back_modrdn: no such object %s\n",
op->o_req_dn.bv_val, 0, 0 );
rs->sr_matched = matched.bv_val;
if ( NA.ocs )
ndb_check_referral( op, rs, &NA );
goto return_results;
#if 0
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
#endif
case LDAP_BUSY:
rs->sr_text = "ldap server busy";
goto return_results;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
/* acquire and lock entry */
rs->sr_err = ndb_entry_get_data( op, &NA, 1 );
if ( rs->sr_err )
goto return_results;
if ( !manageDSAit && is_entry_glue( &e )) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
goto return_results;
}
if ( get_assert( op ) &&
( test_filter( op, &e, (Filter *)get_assertion( op )) != LDAP_COMPARE_TRUE ))
{
rs->sr_err = LDAP_ASSERTION_FAILED;
goto return_results;
}
/* check write on old entry */
rs->sr_err = access_allowed( op, &e, entry, NULL, ACL_WRITE, NULL );
if ( ! rs->sr_err ) {
Debug( LDAP_DEBUG_TRACE, "no access to entry\n", 0,
0, 0 );
rs->sr_text = "no write access to old entry";
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
/* Can't do it if we have kids */
rs->sr_err = ndb_has_children( &NA, &rc );
if ( rs->sr_err ) {
Debug(LDAP_DEBUG_ARGS,
"<=- " LDAP_XSTRING(ndb_back_modrdn)
": has_children failed: %s (%d)\n",
NA.txn->getNdbError().message, NA.txn->getNdbError().code, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
if ( rc == LDAP_COMPARE_TRUE ) {
Debug(LDAP_DEBUG_ARGS,
"<=- " LDAP_XSTRING(ndb_back_modrdn)
": non-leaf %s\n",
op->o_req_dn.bv_val, 0, 0);
rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF;
rs->sr_text = "subtree rename not supported";
goto return_results;
}
if (!manageDSAit && is_entry_referral( &e ) ) {
/* entry is a referral, don't allow modrdn */
rs->sr_ref = get_entry_referrals( op, &e );
Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(ndb_back_modrdn)
": entry %s is referral\n", e.e_dn, 0, 0 );
rs->sr_err = LDAP_REFERRAL,
rs->sr_matched = op->o_req_dn.bv_val;
rs->sr_flags = REP_REF_MUSTBEFREED;
goto return_results;
}
if ( be_issuffix( op->o_bd, &e.e_nname ) ) {
/* There can only be one suffix entry */
rs->sr_err = LDAP_NAMING_VIOLATION;
rs->sr_text = "cannot rename suffix entry";
goto return_results;
} else {
dnParent( &e.e_nname, &e2.e_nname );
dnParent( &e.e_name, &e2.e_name );
}
/* check parent for "children" acl */
rs->sr_err = access_allowed( op, &e2,
children, NULL,
op->oq_modrdn.rs_newSup == NULL ?
ACL_WRITE : ACL_WDEL,
NULL );
if ( ! rs->sr_err ) {
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
0, 0 );
rs->sr_text = "no write access to old parent's children";
goto return_results;
}
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_modrdn) ": wr to children "
"of entry %s OK\n", e2.e_name.bv_val, 0, 0 );
if ( op->oq_modrdn.rs_newSup != NULL ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_modrdn)
": new parent \"%s\" requested...\n",
op->oq_modrdn.rs_newSup->bv_val, 0, 0 );
/* newSuperior == oldParent? */
if( dn_match( &e2.e_nname, op->oq_modrdn.rs_nnewSup ) ) {
Debug( LDAP_DEBUG_TRACE, "bdb_back_modrdn: "
"new parent \"%s\" same as the old parent \"%s\"\n",
op->oq_modrdn.rs_newSup->bv_val, e2.e_name.bv_val, 0 );
op->oq_modrdn.rs_newSup = NULL; /* ignore newSuperior */
}
}
if ( op->oq_modrdn.rs_newSup != NULL ) {
if ( op->oq_modrdn.rs_newSup->bv_len ) {
rdn2.nr_num = 0;
np_dn = op->oq_modrdn.rs_newSup;
np_ndn = op->oq_modrdn.rs_nnewSup;
/* newSuperior == oldParent? - checked above */
/* newSuperior == entry being moved?, if so ==> ERROR */
if ( dnIsSuffix( np_ndn, &e.e_nname )) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
rs->sr_text = "new superior not found";
goto return_results;
}
/* Get Entry with dn=newSuperior. Does newSuperior exist? */
e2.e_name = *np_dn;
e2.e_nname = *np_ndn;
rs->sr_err = ndb_entry_get_info( op, &NA2, 1, NULL );
switch( rs->sr_err ) {
case 0:
break;
case LDAP_NO_SUCH_OBJECT:
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_modrdn)
": newSup(ndn=%s) not here!\n",
np_ndn->bv_val, 0, 0);
rs->sr_text = "new superior not found";
goto return_results;
#if 0
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
#endif
case LDAP_BUSY:
rs->sr_text = "ldap server busy";
goto return_results;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
if ( NA2.ocs ) {
Attribute a;
int i;
for ( i=0; !BER_BVISNULL( &NA2.ocs[i] ); i++);
a.a_numvals = i;
a.a_desc = slap_schema.si_ad_objectClass;
a.a_vals = NA2.ocs;
a.a_nvals = NA2.ocs;
a.a_next = NULL;
e2.e_attrs = &a;
if ( is_entry_alias( &e2 )) {
/* parent is an alias, don't allow move */
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_modrdn)
": entry is alias\n",
0, 0, 0 );
rs->sr_text = "new superior is an alias";
rs->sr_err = LDAP_ALIAS_PROBLEM;
goto return_results;
}
if ( is_entry_referral( &e2 ) ) {
/* parent is a referral, don't allow move */
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_modrdn)
": entry is referral\n",
0, 0, 0 );
rs->sr_text = "new superior is a referral";
rs->sr_err = LDAP_OTHER;
goto return_results;
}
}
}
/* check newSuperior for "children" acl */
rs->sr_err = access_allowed( op, &e2, children,
NULL, ACL_WADD, NULL );
if( ! rs->sr_err ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_modrdn)
": no wr to newSup children\n",
0, 0, 0 );
rs->sr_text = "no write access to new superior's children";
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_modrdn)
": wr to new parent OK id=%ld\n",
(long) e2.e_id, 0, 0 );
}
/* Build target dn and make sure target entry doesn't exist already. */
if (!new_dn.bv_val) {
build_new_dn( &new_dn, &e2.e_name, &op->oq_modrdn.rs_newrdn, NULL );
}
if (!new_ndn.bv_val) {
build_new_dn( &new_ndn, &e2.e_nname, &op->oq_modrdn.rs_nnewrdn, NULL );
}
Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(ndb_back_modrdn) ": new ndn=%s\n",
new_ndn.bv_val, 0, 0 );
/* Allow rename to same DN */
if ( !bvmatch ( &new_ndn, &e.e_nname )) {
rdn2.nr_num = 0;
e2.e_name = new_dn;
e2.e_nname = new_ndn;
NA2.ocs = &matched;
rs->sr_err = ndb_entry_get_info( op, &NA2, 1, NULL );
NA2.ocs = NULL;
switch( rs->sr_err ) {
#if 0
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
#endif
case LDAP_NO_SUCH_OBJECT:
break;
case 0:
rs->sr_err = LDAP_ALREADY_EXISTS;
goto return_results;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
}
assert( op->orr_modlist != NULL );
if( op->o_preread ) {
if( preread_ctrl == NULL ) {
preread_ctrl = &ctrls[num_ctrls++];
ctrls[num_ctrls] = NULL;
}
if( slap_read_controls( op, rs, &e,
&slap_pre_read_bv, preread_ctrl ) )
{
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(ndb_back_modrdn)
": pre-read failed!\n", 0, 0, 0 );
if ( op->o_preread & SLAP_CONTROL_CRITICAL ) {
/* FIXME: is it correct to abort
* operation if control fails? */
goto return_results;
}
}
}
/* delete old DN */
rs->sr_err = ndb_entry_del_info( op->o_bd, &NA );
if ( rs->sr_err != 0 ) {
Debug(LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(ndb_back_modrdn)
": dn2id del failed: %s (%d)\n",
NA.txn->getNdbError().message, NA.txn->getNdbError().code, 0 );
#if 0
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
#endif
rs->sr_err = LDAP_OTHER;
rs->sr_text = "DN index delete fail";
goto return_results;
}
/* copy entry fields */
e2.e_attrs = e.e_attrs;
e2.e_id = e.e_id;
/* add new DN */
rs->sr_err = ndb_entry_put_info( op->o_bd, &NA2, 0 );
if ( rs->sr_err != 0 ) {
Debug(LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(ndb_back_modrdn)
": dn2id add failed: %s (%d)\n",
NA.txn->getNdbError().message, NA.txn->getNdbError().code, 0 );
#if 0
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
#endif
rs->sr_err = LDAP_OTHER;
rs->sr_text = "DN index add failed";
goto return_results;
}
/* modify entry */
rs->sr_err = ndb_modify_internal( op, &NA2,
&rs->sr_text, textbuf, textlen );
if( rs->sr_err != LDAP_SUCCESS ) {
Debug(LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(ndb_back_modrdn)
": modify failed: %s (%d)\n",
NA.txn->getNdbError().message, NA.txn->getNdbError().code, 0 );
#if 0
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
#endif
goto return_results;
}
e.e_attrs = e2.e_attrs;
if( op->o_postread ) {
if( postread_ctrl == NULL ) {
postread_ctrl = &ctrls[num_ctrls++];
ctrls[num_ctrls] = NULL;
}
if( slap_read_controls( op, rs, &e2,
&slap_post_read_bv, postread_ctrl ) )
{
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(ndb_back_modrdn)
": post-read failed!\n", 0, 0, 0 );
if ( op->o_postread & SLAP_CONTROL_CRITICAL ) {
/* FIXME: is it correct to abort
* operation if control fails? */
goto return_results;
}
}
}
if( op->o_noop ) {
if (( rs->sr_err=NA.txn->execute( NdbTransaction::Rollback,
NdbOperation::AbortOnError, 1 )) != 0 ) {
rs->sr_text = "txn_abort (no-op) failed";
} else {
rs->sr_err = LDAP_X_NO_OPERATION;
}
} else {
if (( rs->sr_err=NA.txn->execute( NdbTransaction::Commit,
NdbOperation::AbortOnError, 1 )) != 0 ) {
rs->sr_text = "txn_commit failed";
} else {
rs->sr_err = LDAP_SUCCESS;
}
}
if( rs->sr_err != LDAP_SUCCESS && rs->sr_err != LDAP_X_NO_OPERATION ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_modrdn) ": txn_%s failed: %s (%d)\n",
op->o_noop ? "abort (no-op)" : "commit",
NA.txn->getNdbError().message, NA.txn->getNdbError().code );
rs->sr_err = LDAP_OTHER;
goto return_results;
}
NA.txn->close();
NA.txn = NULL;
Debug(LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_modrdn)
": rdn modified%s id=%08lx dn=\"%s\"\n",
op->o_noop ? " (no-op)" : "",
e.e_id, op->o_req_dn.bv_val );
rs->sr_err = LDAP_SUCCESS;
rs->sr_text = NULL;
if( num_ctrls ) rs->sr_ctrls = ctrls;
return_results:
if ( NA2.ocs ) {
ber_bvarray_free_x( NA2.ocs, op->o_tmpmemctx );
NA2.ocs = NULL;
}
if ( NA.ocs ) {
ber_bvarray_free_x( NA.ocs, op->o_tmpmemctx );
NA.ocs = NULL;
}
if ( e.e_attrs ) {
attrs_free( e.e_attrs );
e.e_attrs = NULL;
}
if( NA.txn != NULL ) {
NA.txn->execute( Rollback );
NA.txn->close();
}
send_ldap_result( op, rs );
slap_graduate_commit_csn( op );
if( new_dn.bv_val != NULL ) free( new_dn.bv_val );
if( new_ndn.bv_val != NULL ) free( new_ndn.bv_val );
if( preread_ctrl != NULL && (*preread_ctrl) != NULL ) {
slap_sl_free( (*preread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
slap_sl_free( *preread_ctrl, op->o_tmpmemctx );
}
if( postread_ctrl != NULL && (*postread_ctrl) != NULL ) {
slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
slap_sl_free( *postread_ctrl, op->o_tmpmemctx );
}
rs->sr_text = NULL;
return rs->sr_err;
}
int
fe_op_bind( Operation *op, SlapReply *rs )
{
BackendDB *bd = op->o_bd;
/* check for inappropriate controls */
if( get_manageDSAit( op ) == SLAP_CONTROL_CRITICAL ) {
send_ldap_error( op, rs,
LDAP_UNAVAILABLE_CRITICAL_EXTENSION,
"manageDSAit control inappropriate" );
goto cleanup;
}
if ( op->orb_method == LDAP_AUTH_SASL ) {
if ( op->o_protocol < LDAP_VERSION3 ) {
Debug( LDAP_DEBUG_ANY, "do_bind: sasl with LDAPv%ld\n",
(unsigned long)op->o_protocol );
send_ldap_discon( op, rs,
LDAP_PROTOCOL_ERROR, "SASL bind requires LDAPv3" );
rs->sr_err = SLAPD_DISCONNECT;
goto cleanup;
}
if( BER_BVISNULL( &op->orb_mech ) || BER_BVISEMPTY( &op->orb_mech ) ) {
Debug( LDAP_DEBUG_ANY,
"do_bind: no sasl mechanism provided\n" );
send_ldap_error( op, rs, LDAP_AUTH_METHOD_NOT_SUPPORTED,
"no SASL mechanism provided" );
goto cleanup;
}
/* check restrictions */
if( backend_check_restrictions( op, rs, &op->orb_mech ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
if ( op->o_conn->c_sasl_bind_in_progress ) {
if( !bvmatch( &op->o_conn->c_sasl_bind_mech, &op->orb_mech ) ) {
/* mechanism changed between bind steps */
slap_sasl_reset(op->o_conn);
}
} else {
ber_dupbv(&op->o_conn->c_sasl_bind_mech, &op->orb_mech);
}
/* Set the bindop for the benefit of in-directory SASL lookups */
op->o_conn->c_sasl_bindop = op;
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
rs->sr_err = slap_sasl_bind( op, rs );
goto cleanup;
} else {
/* Not SASL, cancel any in-progress bind */
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
if ( !BER_BVISNULL( &op->o_conn->c_sasl_bind_mech ) ) {
free( op->o_conn->c_sasl_bind_mech.bv_val );
BER_BVZERO( &op->o_conn->c_sasl_bind_mech );
}
op->o_conn->c_sasl_bind_in_progress = 0;
slap_sasl_reset( op->o_conn );
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
}
if ( op->orb_method == LDAP_AUTH_SIMPLE ) {
BER_BVSTR( &op->orb_mech, "SIMPLE" );
/* accept "anonymous" binds */
if ( BER_BVISEMPTY( &op->orb_cred ) || BER_BVISEMPTY( &op->o_req_ndn ) ) {
rs->sr_err = LDAP_SUCCESS;
if( !BER_BVISEMPTY( &op->orb_cred ) &&
!( global_allows & SLAP_ALLOW_BIND_ANON_CRED ))
{
/* cred is not empty, disallow */
rs->sr_err = LDAP_INVALID_CREDENTIALS;
} else if ( !BER_BVISEMPTY( &op->o_req_ndn ) &&
!( global_allows & SLAP_ALLOW_BIND_ANON_DN ))
{
/* DN is not empty, disallow */
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
rs->sr_text =
"unauthenticated bind (DN with no password) disallowed";
} else if ( global_disallows & SLAP_DISALLOW_BIND_ANON ) {
/* disallow */
rs->sr_err = LDAP_INAPPROPRIATE_AUTH;
rs->sr_text = "anonymous bind disallowed";
} else {
backend_check_restrictions( op, rs, &op->orb_mech );
}
/*
* we already forced connection to "anonymous",
* just need to send success
*/
send_ldap_result( op, rs );
Debug( LDAP_DEBUG_TRACE, "do_bind: v%d anonymous bind\n",
op->o_protocol );
goto cleanup;
} else if ( global_disallows & SLAP_DISALLOW_BIND_SIMPLE ) {
/* disallow simple authentication */
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
rs->sr_text = "unwilling to perform simple authentication";
send_ldap_result( op, rs );
Debug( LDAP_DEBUG_TRACE,
"do_bind: v%d simple bind(%s) disallowed\n",
op->o_protocol, op->o_req_ndn.bv_val );
goto cleanup;
}
} else {
rs->sr_err = LDAP_AUTH_METHOD_NOT_SUPPORTED;
rs->sr_text = "unknown authentication method";
send_ldap_result( op, rs );
Debug( LDAP_DEBUG_TRACE,
"do_bind: v%d unknown authentication method (%d)\n",
op->o_protocol, op->orb_method );
goto cleanup;
}
/*
* We could be serving multiple database backends. Select the
* appropriate one, or send a referral to our "referral server"
* if we don't hold it.
*/
if ( (op->o_bd = select_backend( &op->o_req_ndn, 0 )) == NULL ) {
/* don't return referral for bind requests */
/* noSuchObject is not allowed to be returned by bind */
rs->sr_err = LDAP_INVALID_CREDENTIALS;
op->o_bd = bd;
send_ldap_result( op, rs );
goto cleanup;
}
/* check restrictions */
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
if( op->o_bd->be_bind ) {
op->o_conn->c_authz_cookie = NULL;
rs->sr_err = (op->o_bd->be_bind)( op, rs );
if ( rs->sr_err == 0 ) {
(void)fe_op_bind_success( op, rs );
} else if ( !BER_BVISNULL( &op->orb_edn ) ) {
free( op->orb_edn.bv_val );
BER_BVZERO( &op->orb_edn );
}
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported within naming context" );
}
cleanup:;
op->o_bd = bd;
return rs->sr_err;
}
int
do_delete(
Operation *op,
SlapReply *rs )
{
struct berval dn = BER_BVNULL;
Debug( LDAP_DEBUG_TRACE, "%s do_delete\n",
op->o_log_prefix, 0, 0 );
/*
* Parse the delete request. It looks like this:
*
* DelRequest := DistinguishedName
*/
if ( ber_scanf( op->o_ber, "m", &dn ) == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, "%s do_delete: ber_scanf failed\n",
op->o_log_prefix, 0, 0 );
send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
return SLAPD_DISCONNECT;
}
if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "%s do_delete: get_ctrls failed\n",
op->o_log_prefix, 0, 0 );
goto cleanup;
}
rs->sr_err = dnPrettyNormal( NULL, &dn, &op->o_req_dn, &op->o_req_ndn,
op->o_tmpmemctx );
if( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "%s do_delete: invalid dn (%s)\n",
op->o_log_prefix, dn.bv_val, 0 );
send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid DN" );
goto cleanup;
}
Statslog( LDAP_DEBUG_STATS, "%s DEL dn=\"%s\"\n",
op->o_log_prefix, op->o_req_dn.bv_val, 0, 0, 0 );
if( op->o_req_ndn.bv_len == 0 ) {
Debug( LDAP_DEBUG_ANY, "%s do_delete: root dse!\n",
op->o_log_prefix, 0, 0 );
/* protocolError would likely be a more appropriate error */
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"cannot delete the root DSE" );
goto cleanup;
} else if ( bvmatch( &op->o_req_ndn, &frontendDB->be_schemandn ) ) {
Debug( LDAP_DEBUG_ANY, "%s do_delete: subschema subentry!\n",
op->o_log_prefix, 0, 0 );
/* protocolError would likely be a more appropriate error */
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"cannot delete the root DSE" );
goto cleanup;
}
op->o_bd = frontendDB;
rs->sr_err = frontendDB->be_delete( op, rs );
#ifdef LDAP_X_TXN
if( rs->sr_err == LDAP_X_TXN_SPECIFY_OKAY ) {
/* skip cleanup */
return rs->sr_err;
}
#endif
cleanup:;
op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
return rs->sr_err;
}
int
fe_op_search( Operation *op, SlapReply *rs )
{
BackendDB *bd = op->o_bd;
if ( op->ors_scope == LDAP_SCOPE_BASE ) {
Entry *entry = NULL;
if ( BER_BVISEMPTY( &op->o_req_ndn ) ) {
#ifdef LDAP_CONNECTIONLESS
/* Ignore LDAPv2 CLDAP Root DSE queries */
if (op->o_protocol == LDAP_VERSION2 && op->o_conn->c_is_udp) {
goto return_results;
}
#endif
/* check restrictions */
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto return_results;
}
rs->sr_err = root_dse_info( op->o_conn, &entry, &rs->sr_text );
} else if ( bvmatch( &op->o_req_ndn, &frontendDB->be_schemandn ) ) {
/* check restrictions */
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto return_results;
}
rs->sr_err = schema_info( &entry, &rs->sr_text );
}
if( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto return_results;
} else if ( entry != NULL ) {
if ( get_assert( op ) &&
( test_filter( op, entry, get_assertion( op )) != LDAP_COMPARE_TRUE )) {
rs->sr_err = LDAP_ASSERTION_FAILED;
goto fail1;
}
rs->sr_err = test_filter( op, entry, op->ors_filter );
if( rs->sr_err == LDAP_COMPARE_TRUE ) {
/* note: we set no limits because either
* no limit is specified, or at least 1
* is specified, and we're going to return
* at most one entry */
op->ors_slimit = SLAP_NO_LIMIT;
op->ors_tlimit = SLAP_NO_LIMIT;
rs->sr_entry = entry;
rs->sr_attrs = op->ors_attrs;
rs->sr_operational_attrs = NULL;
rs->sr_flags = 0;
send_search_entry( op, rs );
rs->sr_entry = NULL;
rs->sr_operational_attrs = NULL;
}
rs->sr_err = LDAP_SUCCESS;
fail1:
entry_free( entry );
send_ldap_result( op, rs );
goto return_results;
}
}
if( BER_BVISEMPTY( &op->o_req_ndn ) && !BER_BVISEMPTY( &default_search_nbase ) ) {
slap_sl_free( op->o_req_dn.bv_val, op->o_tmpmemctx );
slap_sl_free( op->o_req_ndn.bv_val, op->o_tmpmemctx );
ber_dupbv_x( &op->o_req_dn, &default_search_base, op->o_tmpmemctx );
ber_dupbv_x( &op->o_req_ndn, &default_search_nbase, op->o_tmpmemctx );
}
/*
* We could be serving multiple database backends. Select the
* appropriate one, or send a referral to our "referral server"
* if we don't hold it.
*/
op->o_bd = select_backend( &op->o_req_ndn, 1 );
if ( op->o_bd == NULL ) {
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, op->ors_scope );
if (!rs->sr_ref) rs->sr_ref = default_referral;
rs->sr_err = LDAP_REFERRAL;
op->o_bd = bd;
send_ldap_result( op, rs );
if (rs->sr_ref != default_referral)
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
goto return_results;
}
/* check restrictions */
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto return_results;
}
/* check for referrals */
if( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) {
goto return_results;
}
if ( SLAP_SHADOW(op->o_bd) && get_dontUseCopy(op) ) {
/* don't use shadow copy */
BerVarray defref = op->o_bd->be_update_refs
? op->o_bd->be_update_refs : default_referral;
if( defref != NULL ) {
rs->sr_ref = referral_rewrite( defref,
NULL, &op->o_req_dn, op->ors_scope );
if( !rs->sr_ref) rs->sr_ref = defref;
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
if (rs->sr_ref != defref) ber_bvarray_free( rs->sr_ref );
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"copy not used; no referral information available" );
}
} else if ( op->o_bd->be_search ) {
if ( limits_check( op, rs ) == 0 ) {
/* actually do the search and send the result(s) */
(op->o_bd->be_search)( op, rs );
}
/* else limits_check() sends error */
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported within namingContext" );
}
return_results:;
op->o_bd = bd;
return rs->sr_err;
}
/* Join two sets according to operator op and flags op_flags.
* op can be:
* '|' (or): the union between the two sets is returned,
* eliminating duplicates
* '&' (and): the intersection between the two sets
* is returned
* '+' (add): the inner product of the two sets is returned,
* namely a set containing the concatenation of
* all combinations of the two sets members,
* except for duplicates.
* The two sets are disposed of according to the flags as described
* for slap_set_dispose().
*/
BerVarray
slap_set_join(
SetCookie *cp,
BerVarray lset,
unsigned op_flags,
BerVarray rset )
{
BerVarray set;
long i, j, last, rlast;
unsigned op = ( op_flags & SLAP_SET_OPMASK );
set = NULL;
switch ( op ) {
case '|': /* union */
if ( lset == NULL || BER_BVISNULL( &lset[ 0 ] ) ) {
if ( rset == NULL ) {
if ( lset == NULL ) {
set = cp->set_op->o_tmpcalloc( 1,
sizeof( struct berval ),
cp->set_op->o_tmpmemctx );
BER_BVZERO( &set[ 0 ] );
goto done2;
}
set = set_dup( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
goto done2;
}
slap_set_dispose( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
set = set_dup( cp, rset, SLAP_SET_RREF2REF( op_flags ) );
goto done2;
}
if ( rset == NULL || BER_BVISNULL( &rset[ 0 ] ) ) {
slap_set_dispose( cp, rset, SLAP_SET_RREF2REF( op_flags ) );
set = set_dup( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
goto done2;
}
/* worst scenario: no duplicates */
rlast = slap_set_size( rset );
i = slap_set_size( lset ) + rlast + 1;
set = cp->set_op->o_tmpcalloc( i, sizeof( struct berval ), cp->set_op->o_tmpmemctx );
if ( set != NULL ) {
/* set_chase() depends on this routine to
* keep the first elements of the result
* set the same (and in the same order)
* as the left-set.
*/
for ( i = 0; !BER_BVISNULL( &lset[ i ] ); i++ ) {
if ( op_flags & SLAP_SET_LREFVAL ) {
ber_dupbv_x( &set[ i ], &lset[ i ], cp->set_op->o_tmpmemctx );
} else {
set[ i ] = lset[ i ];
}
}
/* pointers to values have been used in set - don't free twice */
op_flags |= SLAP_SET_LREFVAL;
last = i;
for ( i = 0; !BER_BVISNULL( &rset[ i ] ); i++ ) {
int exists = 0;
for ( j = 0; !BER_BVISNULL( &set[ j ] ); j++ ) {
if ( bvmatch( &rset[ i ], &set[ j ] ) )
{
if ( !( op_flags & SLAP_SET_RREFVAL ) ) {
cp->set_op->o_tmpfree( rset[ i ].bv_val, cp->set_op->o_tmpmemctx );
rset[ i ] = rset[ --rlast ];
BER_BVZERO( &rset[ rlast ] );
i--;
}
exists = 1;
break;
}
}
if ( !exists ) {
if ( op_flags & SLAP_SET_RREFVAL ) {
ber_dupbv_x( &set[ last ], &rset[ i ], cp->set_op->o_tmpmemctx );
} else {
set[ last ] = rset[ i ];
}
last++;
}
}
/* pointers to values have been used in set - don't free twice */
op_flags |= SLAP_SET_RREFVAL;
BER_BVZERO( &set[ last ] );
}
break;
case '&': /* intersection */
if ( lset == NULL || BER_BVISNULL( &lset[ 0 ] )
|| rset == NULL || BER_BVISNULL( &rset[ 0 ] ) )
{
set = cp->set_op->o_tmpcalloc( 1, sizeof( struct berval ),
cp->set_op->o_tmpmemctx );
BER_BVZERO( &set[ 0 ] );
break;
} else {
long llen, rlen;
BerVarray sset;
llen = slap_set_size( lset );
rlen = slap_set_size( rset );
/* dup the shortest */
if ( llen < rlen ) {
last = llen;
set = set_dup( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
lset = NULL;
sset = rset;
} else {
last = rlen;
set = set_dup( cp, rset, SLAP_SET_RREF2REF( op_flags ) );
rset = NULL;
sset = lset;
}
if ( set == NULL ) {
break;
}
for ( i = 0; !BER_BVISNULL( &set[ i ] ); i++ ) {
for ( j = 0; !BER_BVISNULL( &sset[ j ] ); j++ ) {
if ( bvmatch( &set[ i ], &sset[ j ] ) ) {
break;
}
}
if ( BER_BVISNULL( &sset[ j ] ) ) {
cp->set_op->o_tmpfree( set[ i ].bv_val, cp->set_op->o_tmpmemctx );
set[ i ] = set[ --last ];
BER_BVZERO( &set[ last ] );
i--;
}
}
}
break;
case '+': /* string concatenation */
i = slap_set_size( rset );
j = slap_set_size( lset );
/* handle empty set cases */
if ( i == 0 || j == 0 ) {
set = cp->set_op->o_tmpcalloc( 1, sizeof( struct berval ),
cp->set_op->o_tmpmemctx );
if ( set == NULL ) {
break;
}
BER_BVZERO( &set[ 0 ] );
break;
}
set = cp->set_op->o_tmpcalloc( i * j + 1, sizeof( struct berval ),
cp->set_op->o_tmpmemctx );
if ( set == NULL ) {
break;
}
for ( last = 0, i = 0; !BER_BVISNULL( &lset[ i ] ); i++ ) {
for ( j = 0; !BER_BVISNULL( &rset[ j ] ); j++ ) {
struct berval bv;
long k;
/* don't concatenate with the empty string */
if ( BER_BVISEMPTY( &lset[ i ] ) ) {
ber_dupbv_x( &bv, &rset[ j ], cp->set_op->o_tmpmemctx );
if ( bv.bv_val == NULL ) {
ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );
set = NULL;
goto done;
}
} else if ( BER_BVISEMPTY( &rset[ j ] ) ) {
ber_dupbv_x( &bv, &lset[ i ], cp->set_op->o_tmpmemctx );
if ( bv.bv_val == NULL ) {
ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );
set = NULL;
goto done;
}
} else {
bv.bv_len = lset[ i ].bv_len + rset[ j ].bv_len;
bv.bv_val = cp->set_op->o_tmpalloc( bv.bv_len + 1,
cp->set_op->o_tmpmemctx );
if ( bv.bv_val == NULL ) {
ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );
set = NULL;
goto done;
}
AC_MEMCPY( bv.bv_val, lset[ i ].bv_val, lset[ i ].bv_len );
AC_MEMCPY( &bv.bv_val[ lset[ i ].bv_len ], rset[ j ].bv_val, rset[ j ].bv_len );
bv.bv_val[ bv.bv_len ] = '\0';
}
for ( k = 0; k < last; k++ ) {
if ( bvmatch( &set[ k ], &bv ) ) {
cp->set_op->o_tmpfree( bv.bv_val, cp->set_op->o_tmpmemctx );
break;
}
}
if ( k == last ) {
set[ last++ ] = bv;
}
}
}
BER_BVZERO( &set[ last ] );
break;
default:
break;
}
done:;
if ( lset ) slap_set_dispose( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
if ( rset ) slap_set_dispose( cp, rset, SLAP_SET_RREF2REF( op_flags ) );
done2:;
if ( LogTest( LDAP_DEBUG_ACL ) ) {
if ( BER_BVISNULL( set ) ) {
Debug( LDAP_DEBUG_ACL, " ACL set: empty\n", 0, 0, 0 );
} else {
for ( i = 0; !BER_BVISNULL( &set[ i ] ); i++ ) {
Debug( LDAP_DEBUG_ACL, " ACL set[%ld]=%s\n", i, set[i].bv_val, 0 );
}
}
}
return set;
}
static int
dupent_parseCtrl (
Operation *op,
SlapReply *rs,
LDAPControl *ctrl )
{
ber_tag_t tag;
BerElementBuffer berbuf;
BerElement *ber = (BerElement *)&berbuf;
ber_len_t len;
BerVarray AttributeDescriptionList = NULL;
ber_len_t cnt = sizeof(struct berval);
ber_len_t off = 0;
ber_int_t PartialApplicationAllowed = 1;
dupent_t *ds = NULL;
int i;
if ( op->o_dupent != SLAP_CONTROL_NONE ) {
rs->sr_text = "Dupent control specified multiple times";
return LDAP_PROTOCOL_ERROR;
}
if ( BER_BVISNULL( &ctrl->ldctl_value ) ) {
rs->sr_text = "Dupent control value is absent";
return LDAP_PROTOCOL_ERROR;
}
if ( BER_BVISEMPTY( &ctrl->ldctl_value ) ) {
rs->sr_text = "Dupent control value is empty";
return LDAP_PROTOCOL_ERROR;
}
ber_init2( ber, &ctrl->ldctl_value, 0 );
/*
DuplicateEntryRequest ::= SEQUENCE {
AttributeDescriptionList, -- from [RFC2251]
PartialApplicationAllowed BOOLEAN DEFAULT TRUE }
AttributeDescriptionList ::= SEQUENCE OF
AttributeDescription
AttributeDescription ::= LDAPString
attributeDescription = AttributeType [ ";" <options> ]
*/
tag = ber_skip_tag( ber, &len );
if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
if ( ber_scanf( ber, "{M}", &AttributeDescriptionList, &cnt, off )
== LBER_ERROR )
{
rs->sr_text = "Dupent control: dupentSpec decoding error";
rs->sr_err = LDAP_PROTOCOL_ERROR;
goto done;
}
tag = ber_skip_tag( ber, &len );
if ( tag == LBER_BOOLEAN ) {
/* NOTE: PartialApplicationAllowed is ignored, since the control
* can always be honored
*/
if ( ber_scanf( ber, "b", &PartialApplicationAllowed ) == LBER_ERROR )
{
rs->sr_text = "Dupent control: dupentSpec decoding error";
rs->sr_err = LDAP_PROTOCOL_ERROR;
goto done;
}
tag = ber_skip_tag( ber, &len );
}
if ( len || tag != LBER_DEFAULT ) {
rs->sr_text = "Dupent control: dupentSpec decoding error";
rs->sr_err = LDAP_PROTOCOL_ERROR;
goto done;
}
ds = (dupent_t *)op->o_tmpcalloc( 1,
sizeof(dupent_t) + sizeof(AttributeName)*cnt,
op->o_tmpmemctx );
ds->ds_paa = PartialApplicationAllowed;
if ( cnt == 0 ) {
ds->ds_flags |= SLAP_USERATTRS_YES;
} else {
int c;
ds->ds_an = (AttributeName *)&ds[ 1 ];
for ( i = 0, c = 0; i < cnt; i++ ) {
const char *text;
int j;
int rc;
AttributeDescription *ad = NULL;
if ( bvmatch( &AttributeDescriptionList[i],
slap_bv_all_user_attrs ) )
{
if ( ds->ds_flags & SLAP_USERATTRS_YES ) {
rs->sr_text = "Dupent control: AttributeDescription decoding error";
rs->sr_err = LDAP_PROTOCOL_ERROR;
goto done;
}
ds->ds_flags |= SLAP_USERATTRS_YES;
continue;
}
rc = slap_bv2ad( &AttributeDescriptionList[i], &ad, &text );
if ( rc != LDAP_SUCCESS ) {
continue;
}
ds->ds_an[c].an_desc = ad;
ds->ds_an[c].an_name = ad->ad_cname;
/* FIXME: not specified; consider this an error, just in case */
for ( j = 0; j < c; j++ ) {
if ( ds->ds_an[c].an_desc == ds->ds_an[j].an_desc ) {
rs->sr_text = "Dupent control: AttributeDescription must be unique within AttributeDescriptionList";
rs->sr_err = LDAP_PROTOCOL_ERROR;
goto done;
}
}
c++;
}
ds->ds_nattrs = c;
if ( ds->ds_flags & SLAP_USERATTRS_YES ) {
/* purge user attrs */
for ( i = 0; i < ds->ds_nattrs; ) {
if ( is_at_operational( ds->ds_an[i].an_desc->ad_type ) ) {
i++;
continue;
}
ds->ds_nattrs--;
if ( i < ds->ds_nattrs ) {
ds->ds_an[i] = ds->ds_an[ds->ds_nattrs];
}
}
}
}
op->o_ctrldupent = (void *)ds;
op->o_dupent = ctrl->ldctl_iscritical
? SLAP_CONTROL_CRITICAL
: SLAP_CONTROL_NONCRITICAL;
rs->sr_err = LDAP_SUCCESS;
done:;
if ( rs->sr_err != LDAP_SUCCESS ) {
op->o_tmpfree( ds, op->o_tmpmemctx );
}
if ( AttributeDescriptionList != NULL ) {
ber_memfree_x( AttributeDescriptionList, op->o_tmpmemctx );
}
return rs->sr_err;
}
int
backsql_id2entry( backsql_srch_info *bsi, backsql_entryID *eid )
{
Operation *op = bsi->bsi_op;
backsql_info *bi = (backsql_info *)op->o_bd->be_private;
int i;
int rc;
Debug( LDAP_DEBUG_TRACE, "==>backsql_id2entry()\n", 0, 0, 0 );
assert( bsi->bsi_e != NULL );
memset( bsi->bsi_e, 0, sizeof( Entry ) );
if ( bi->sql_baseObject && BACKSQL_IS_BASEOBJECT_ID( &eid->eid_id ) ) {
Entry *e;
e = entry_dup( bi->sql_baseObject );
if ( e == NULL ) {
return LDAP_NO_MEMORY;
}
*bsi->bsi_e = *e;
free( e );
goto done;
}
ber_dupbv_x( &bsi->bsi_e->e_name, &eid->eid_dn, op->o_tmpmemctx );
ber_dupbv_x( &bsi->bsi_e->e_nname, &eid->eid_ndn, op->o_tmpmemctx );
bsi->bsi_e->e_attrs = NULL;
bsi->bsi_e->e_private = NULL;
if ( eid->eid_oc == NULL ) {
eid->eid_oc = backsql_id2oc( bsi->bsi_op->o_bd->be_private,
eid->eid_oc_id );
}
bsi->bsi_oc = eid->eid_oc;
bsi->bsi_c_eid = eid;
#ifndef BACKSQL_ARBITRARY_KEY
/* FIXME: unused */
bsi->bsi_e->e_id = eid->eid_id;
#endif /* ! BACKSQL_ARBITRARY_KEY */
rc = attr_merge_normalize_one( bsi->bsi_e,
slap_schema.si_ad_objectClass,
&bsi->bsi_oc->bom_oc->soc_cname,
bsi->bsi_op->o_tmpmemctx );
if ( rc != LDAP_SUCCESS ) {
backsql_entry_clean( op, bsi->bsi_e );
return rc;
}
if ( bsi->bsi_attrs == NULL || ( bsi->bsi_flags & BSQL_SF_ALL_USER ) )
{
Debug( LDAP_DEBUG_TRACE, "backsql_id2entry(): "
"retrieving all attributes\n", 0, 0, 0 );
avl_apply( bsi->bsi_oc->bom_attrs, backsql_get_attr_vals,
bsi, 0, AVL_INORDER );
} else {
Debug( LDAP_DEBUG_TRACE, "backsql_id2entry(): "
"custom attribute list\n", 0, 0, 0 );
for ( i = 0; !BER_BVISNULL( &bsi->bsi_attrs[ i ].an_name ); i++ ) {
backsql_at_map_rec **vat;
AttributeName *an = &bsi->bsi_attrs[ i ];
int j;
/* if one of the attributes listed here is
* a subtype of another, it must be ignored,
* because subtypes are already dealt with
* by backsql_supad2at()
*/
for ( j = 0; !BER_BVISNULL( &bsi->bsi_attrs[ j ].an_name ); j++ ) {
/* skip self */
if ( j == i ) {
continue;
}
/* skip subtypes */
if ( is_at_subtype( an->an_desc->ad_type,
bsi->bsi_attrs[ j ].an_desc->ad_type ) )
{
goto next;
}
}
rc = backsql_supad2at( bsi->bsi_oc, an->an_desc, &vat );
if ( rc != 0 || vat == NULL ) {
Debug( LDAP_DEBUG_TRACE, "backsql_id2entry(): "
"attribute \"%s\" is not defined "
"for objectlass \"%s\"\n",
an->an_name.bv_val,
BACKSQL_OC_NAME( bsi->bsi_oc ), 0 );
continue;
}
for ( j = 0; vat[j]; j++ ) {
backsql_get_attr_vals( vat[j], bsi );
}
ch_free( vat );
next:;
}
}
if ( bsi->bsi_flags & BSQL_SF_RETURN_ENTRYUUID ) {
Attribute *a_entryUUID,
**ap;
a_entryUUID = backsql_operational_entryUUID( bi, eid );
if ( a_entryUUID != NULL ) {
for ( ap = &bsi->bsi_e->e_attrs;
*ap;
ap = &(*ap)->a_next );
*ap = a_entryUUID;
}
}
if ( ( bsi->bsi_flags & BSQL_SF_ALL_OPER )
|| an_find( bsi->bsi_attrs, slap_bv_all_operational_attrs )
|| an_find( bsi->bsi_attrs, &slap_schema.si_ad_structuralObjectClass->ad_cname ) )
{
ObjectClass *soc = NULL;
if ( BACKSQL_CHECK_SCHEMA( bi ) ) {
Attribute *a;
const char *text = NULL;
char textbuf[ 1024 ];
size_t textlen = sizeof( textbuf );
struct berval bv[ 2 ],
*nvals;
int rc = LDAP_SUCCESS;
a = attr_find( bsi->bsi_e->e_attrs,
slap_schema.si_ad_objectClass );
if ( a != NULL ) {
nvals = a->a_nvals;
} else {
bv[ 0 ] = bsi->bsi_oc->bom_oc->soc_cname;
BER_BVZERO( &bv[ 1 ] );
nvals = bv;
}
rc = structural_class( nvals, &soc, NULL,
&text, textbuf, textlen, op->o_tmpmemctx );
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, "backsql_id2entry(%s): "
"structural_class() failed %d (%s)\n",
bsi->bsi_e->e_name.bv_val,
rc, text ? text : "" );
backsql_entry_clean( op, bsi->bsi_e );
return rc;
}
if ( !bvmatch( &soc->soc_cname, &bsi->bsi_oc->bom_oc->soc_cname ) ) {
if ( !is_object_subclass( bsi->bsi_oc->bom_oc, soc ) ) {
Debug( LDAP_DEBUG_TRACE, "backsql_id2entry(%s): "
"computed structuralObjectClass %s "
"does not match objectClass %s associated "
"to entry\n",
bsi->bsi_e->e_name.bv_val, soc->soc_cname.bv_val,
bsi->bsi_oc->bom_oc->soc_cname.bv_val );
backsql_entry_clean( op, bsi->bsi_e );
return rc;
}
Debug( LDAP_DEBUG_TRACE, "backsql_id2entry(%s): "
"computed structuralObjectClass %s "
"is subclass of objectClass %s associated "
"to entry\n",
bsi->bsi_e->e_name.bv_val, soc->soc_cname.bv_val,
bsi->bsi_oc->bom_oc->soc_cname.bv_val );
}
} else {
soc = bsi->bsi_oc->bom_oc;
}
rc = attr_merge_normalize_one( bsi->bsi_e,
slap_schema.si_ad_structuralObjectClass,
&soc->soc_cname,
bsi->bsi_op->o_tmpmemctx );
if ( rc != LDAP_SUCCESS ) {
backsql_entry_clean( op, bsi->bsi_e );
return rc;
}
}
done:;
Debug( LDAP_DEBUG_TRACE, "<==backsql_id2entry()\n", 0, 0, 0 );
return LDAP_SUCCESS;
}
int
bdb_delete( Operation *op, SlapReply *rs )
{
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
Entry *matched = NULL;
struct berval pdn = {0, NULL};
Entry *e = NULL;
Entry *p = NULL;
EntryInfo *ei = NULL, *eip = NULL;
int manageDSAit = get_manageDSAit( op );
AttributeDescription *children = slap_schema.si_ad_children;
AttributeDescription *entry = slap_schema.si_ad_entry;
DB_TXN *ltid = NULL, *lt2;
struct bdb_op_info opinfo = {{{ 0 }}};
ID eid;
DB_LOCK lock, plock;
int num_retries = 0;
int rc;
LDAPControl **preread_ctrl = NULL;
LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
int num_ctrls = 0;
int parent_is_glue = 0;
int parent_is_leaf = 0;
#ifdef LDAP_X_TXN
int settle = 0;
#endif
Debug( LDAP_DEBUG_ARGS, "==> " LDAP_XSTRING(bdb_delete) ": %s\n",
op->o_req_dn.bv_val, 0, 0 );
#ifdef LDAP_X_TXN
if( op->o_txnSpec ) {
/* acquire connection lock */
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
if( op->o_conn->c_txn == CONN_TXN_INACTIVE ) {
rs->sr_text = "invalid transaction identifier";
rs->sr_err = LDAP_X_TXN_ID_INVALID;
goto txnReturn;
} else if( op->o_conn->c_txn == CONN_TXN_SETTLE ) {
settle=1;
goto txnReturn;
}
if( op->o_conn->c_txn_backend == NULL ) {
op->o_conn->c_txn_backend = op->o_bd;
} else if( op->o_conn->c_txn_backend != op->o_bd ) {
rs->sr_text = "transaction cannot span multiple database contexts";
rs->sr_err = LDAP_AFFECTS_MULTIPLE_DSAS;
goto txnReturn;
}
/* insert operation into transaction */
rs->sr_text = "transaction specified";
rs->sr_err = LDAP_X_TXN_SPECIFY_OKAY;
txnReturn:
/* release connection lock */
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
if( !settle ) {
send_ldap_result( op, rs );
return rs->sr_err;
}
}
#endif
ctrls[num_ctrls] = 0;
/* allocate CSN */
if ( BER_BVISNULL( &op->o_csn ) ) {
struct berval csn;
char csnbuf[LDAP_PVT_CSNSTR_BUFSIZE];
csn.bv_val = csnbuf;
csn.bv_len = sizeof(csnbuf);
slap_get_csn( op, &csn, 1 );
}
if( 0 ) {
retry: /* transaction retry */
if( e != NULL ) {
bdb_unlocked_cache_return_entry_w(&bdb->bi_cache, e);
e = NULL;
}
if( p != NULL ) {
bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, p);
p = NULL;
}
Debug( LDAP_DEBUG_TRACE,
"==> " LDAP_XSTRING(bdb_delete) ": retrying...\n",
0, 0, 0 );
rs->sr_err = TXN_ABORT( ltid );
ltid = NULL;
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
opinfo.boi_oe.oe_key = NULL;
op->o_do_not_cache = opinfo.boi_acl_cache;
if( rs->sr_err != 0 ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
if ( op->o_abandon ) {
rs->sr_err = SLAPD_ABANDON;
goto return_results;
}
parent_is_glue = 0;
parent_is_leaf = 0;
bdb_trans_backoff( ++num_retries );
}
/* begin transaction */
rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, NULL, <id,
bdb->bi_db_opflags );
rs->sr_text = NULL;
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_delete) ": txn_begin failed: "
"%s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
opinfo.boi_oe.oe_key = bdb;
opinfo.boi_txn = ltid;
opinfo.boi_err = 0;
opinfo.boi_acl_cache = op->o_do_not_cache;
LDAP_SLIST_INSERT_HEAD( &op->o_extra, &opinfo.boi_oe, oe_next );
if ( !be_issuffix( op->o_bd, &op->o_req_ndn ) ) {
dnParent( &op->o_req_ndn, &pdn );
}
/* get entry */
rs->sr_err = bdb_dn2entry( op, ltid, &op->o_req_ndn, &ei, 1,
&lock );
switch( rs->sr_err ) {
case 0:
case DB_NOTFOUND:
break;
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
case LDAP_BUSY:
rs->sr_text = "ldap server busy";
goto return_results;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
if ( rs->sr_err == 0 ) {
e = ei->bei_e;
eip = ei->bei_parent;
} else {
matched = ei->bei_e;
}
/* FIXME : dn2entry() should return non-glue entry */
if ( e == NULL || ( !manageDSAit && is_entry_glue( e ))) {
Debug( LDAP_DEBUG_ARGS,
"<=- " LDAP_XSTRING(bdb_delete) ": no such object %s\n",
op->o_req_dn.bv_val, 0, 0);
if ( matched != NULL ) {
rs->sr_matched = ch_strdup( matched->e_dn );
rs->sr_ref = is_entry_referral( matched )
? get_entry_referrals( op, matched )
: NULL;
bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, matched);
matched = NULL;
} else {
rs->sr_ref = referral_rewrite( default_referral, NULL,
&op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
rs->sr_err = LDAP_REFERRAL;
rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
goto return_results;
}
rc = bdb_cache_find_id( op, ltid, eip->bei_id, &eip, 0, &plock );
switch( rc ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
case 0:
case DB_NOTFOUND:
break;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
if ( eip ) p = eip->bei_e;
if ( pdn.bv_len != 0 ) {
if( p == NULL || !bvmatch( &pdn, &p->e_nname )) {
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_delete) ": parent "
"does not exist\n", 0, 0, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "could not locate parent of entry";
goto return_results;
}
/* check parent for "children" acl */
rs->sr_err = access_allowed( op, p,
children, NULL, ACL_WDEL, NULL );
if ( !rs->sr_err ) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_delete) ": no write "
"access to parent\n", 0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to parent";
goto return_results;
}
} else {
/* no parent, must be root to delete */
if( ! be_isroot( op ) ) {
if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
|| be_shadow_update( op ) ) {
p = (Entry *)&slap_entry_root;
/* check parent for "children" acl */
rs->sr_err = access_allowed( op, p,
children, NULL, ACL_WDEL, NULL );
p = NULL;
if ( !rs->sr_err ) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_delete)
": no access to parent\n",
0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to parent";
goto return_results;
}
} else {
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_delete)
": no parent and not root\n", 0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
}
}
if ( get_assert( op ) &&
( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
{
rs->sr_err = LDAP_ASSERTION_FAILED;
goto return_results;
}
rs->sr_err = access_allowed( op, e,
entry, NULL, ACL_WDEL, NULL );
if ( !rs->sr_err ) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_delete) ": no write access "
"to entry\n", 0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to entry";
goto return_results;
}
if ( !manageDSAit && is_entry_referral( e ) ) {
/* entry is a referral, don't allow delete */
rs->sr_ref = get_entry_referrals( op, e );
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_delete) ": entry is referral\n",
0, 0, 0 );
rs->sr_err = LDAP_REFERRAL;
rs->sr_matched = ch_strdup( e->e_name.bv_val );
rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
goto return_results;
}
/* pre-read */
if( op->o_preread ) {
if( preread_ctrl == NULL ) {
preread_ctrl = &ctrls[num_ctrls++];
ctrls[num_ctrls] = NULL;
}
if( slap_read_controls( op, rs, e,
&slap_pre_read_bv, preread_ctrl ) )
{
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_delete) ": pre-read "
"failed!\n", 0, 0, 0 );
if ( op->o_preread & SLAP_CONTROL_CRITICAL ) {
/* FIXME: is it correct to abort
* operation if control fails? */
goto return_results;
}
}
}
/* nested transaction */
rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, ltid, <2,
bdb->bi_db_opflags );
rs->sr_text = NULL;
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_delete) ": txn_begin(2) failed: "
"%s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
BDB_LOG_PRINTF( bdb->bi_dbenv, lt2, "slapd Starting delete %s(%d)",
e->e_nname.bv_val, e->e_id );
/* Can't do it if we have kids */
rs->sr_err = bdb_cache_children( op, lt2, e );
if( rs->sr_err != DB_NOTFOUND ) {
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
case 0:
Debug(LDAP_DEBUG_ARGS,
"<=- " LDAP_XSTRING(bdb_delete)
": non-leaf %s\n",
op->o_req_dn.bv_val, 0, 0);
rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF;
rs->sr_text = "subordinate objects must be deleted first";
break;
default:
Debug(LDAP_DEBUG_ARGS,
"<=- " LDAP_XSTRING(bdb_delete)
": has_children failed: %s (%d)\n",
db_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
}
goto return_results;
}
/* delete from dn2id */
rs->sr_err = bdb_dn2id_delete( op, lt2, eip, e );
if ( rs->sr_err != 0 ) {
Debug(LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_delete) ": dn2id failed: "
"%s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 );
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
rs->sr_text = "DN index delete failed";
rs->sr_err = LDAP_OTHER;
goto return_results;
}
/* delete indices for old attributes */
rs->sr_err = bdb_index_entry_del( op, lt2, e );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug(LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_delete) ": index failed: "
"%s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 );
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
rs->sr_text = "entry index delete failed";
rs->sr_err = LDAP_OTHER;
goto return_results;
}
/* fixup delete CSN */
if ( !SLAP_SHADOW( op->o_bd )) {
struct berval vals[2];
assert( !BER_BVISNULL( &op->o_csn ) );
vals[0] = op->o_csn;
BER_BVZERO( &vals[1] );
rs->sr_err = bdb_index_values( op, lt2, slap_schema.si_ad_entryCSN,
vals, 0, SLAP_INDEX_ADD_OP );
if ( rs->sr_err != LDAP_SUCCESS ) {
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
rs->sr_text = "entryCSN index update failed";
rs->sr_err = LDAP_OTHER;
goto return_results;
}
}
/* delete from id2entry */
rs->sr_err = bdb_id2entry_delete( op->o_bd, lt2, e );
if ( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_delete) ": id2entry failed: "
"%s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 );
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
rs->sr_text = "entry delete failed";
rs->sr_err = LDAP_OTHER;
goto return_results;
}
if ( pdn.bv_len != 0 ) {
parent_is_glue = is_entry_glue(p);
rs->sr_err = bdb_cache_children( op, lt2, p );
if ( rs->sr_err != DB_NOTFOUND ) {
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
case 0:
break;
default:
Debug(LDAP_DEBUG_ARGS,
"<=- " LDAP_XSTRING(bdb_delete)
": has_children failed: %s (%d)\n",
db_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
parent_is_leaf = 1;
}
bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, p);
p = NULL;
}
BDB_LOG_PRINTF( bdb->bi_dbenv, lt2, "slapd Commit1 delete %s(%d)",
e->e_nname.bv_val, e->e_id );
if ( TXN_COMMIT( lt2, 0 ) != 0 ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "txn_commit(2) failed";
goto return_results;
}
eid = e->e_id;
#if 0 /* Do we want to reclaim deleted IDs? */
ldap_pvt_thread_mutex_lock( &bdb->bi_lastid_mutex );
if ( e->e_id == bdb->bi_lastid ) {
bdb_last_id( op->o_bd, ltid );
}
ldap_pvt_thread_mutex_unlock( &bdb->bi_lastid_mutex );
#endif
if( op->o_noop ) {
if ( ( rs->sr_err = TXN_ABORT( ltid ) ) != 0 ) {
rs->sr_text = "txn_abort (no-op) failed";
} else {
rs->sr_err = LDAP_X_NO_OPERATION;
ltid = NULL;
goto return_results;
}
} else {
BDB_LOG_PRINTF( bdb->bi_dbenv, ltid, "slapd Cache delete %s(%d)",
e->e_nname.bv_val, e->e_id );
rc = bdb_cache_delete( bdb, e, ltid, &lock );
switch( rc ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
rs->sr_err = TXN_COMMIT( ltid, 0 );
}
ltid = NULL;
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
opinfo.boi_oe.oe_key = NULL;
BDB_LOG_PRINTF( bdb->bi_dbenv, NULL, "slapd Committed delete %s(%d)",
e->e_nname.bv_val, e->e_id );
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_delete) ": txn_%s failed: %s (%d)\n",
op->o_noop ? "abort (no-op)" : "commit",
db_strerror(rs->sr_err), rs->sr_err );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "commit failed";
goto return_results;
}
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_delete) ": deleted%s id=%08lx dn=\"%s\"\n",
op->o_noop ? " (no-op)" : "",
eid, op->o_req_dn.bv_val );
rs->sr_err = LDAP_SUCCESS;
rs->sr_text = NULL;
if( num_ctrls ) rs->sr_ctrls = ctrls;
return_results:
if ( rs->sr_err == LDAP_SUCCESS && parent_is_glue && parent_is_leaf ) {
op->o_delete_glue_parent = 1;
}
if ( p )
bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, p);
/* free entry */
if( e != NULL ) {
if ( rs->sr_err == LDAP_SUCCESS ) {
/* Free the EntryInfo and the Entry */
bdb_cache_entryinfo_lock( BEI(e) );
bdb_cache_delete_cleanup( &bdb->bi_cache, BEI(e) );
} else {
bdb_unlocked_cache_return_entry_w(&bdb->bi_cache, e);
}
}
if( ltid != NULL ) {
TXN_ABORT( ltid );
}
if ( opinfo.boi_oe.oe_key ) {
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
}
send_ldap_result( op, rs );
slap_graduate_commit_csn( op );
if( preread_ctrl != NULL && (*preread_ctrl) != NULL ) {
slap_sl_free( (*preread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
slap_sl_free( *preread_ctrl, op->o_tmpmemctx );
}
if( rs->sr_err == LDAP_SUCCESS && bdb->bi_txn_cp_kbyte ) {
TXN_CHECKPOINT( bdb->bi_dbenv,
bdb->bi_txn_cp_kbyte, bdb->bi_txn_cp_min, 0 );
}
return rs->sr_err;
}
static int
slap_auxprop_store(
void *glob_context,
sasl_server_params_t *sparams,
struct propctx *prctx,
const char *user,
unsigned ulen)
{
Operation op = {0};
Opheader oph;
int rc, i;
unsigned j;
Connection *conn = NULL;
const struct propval *pr;
Modifications *modlist = NULL, **modtail = &modlist, *mod;
slap_callback cb = { NULL, slap_null_cb, NULL, NULL };
char textbuf[SLAP_TEXT_BUFLEN];
const char *text;
size_t textlen = sizeof(textbuf);
#ifdef SLAP_AUXPROP_DONTUSECOPY
int dontUseCopy = 0;
BackendDB *dontUseCopy_bd = NULL;
#endif /* SLAP_AUXPROP_DONTUSECOPY */
/* just checking if we are enabled */
if (!prctx) return SASL_OK;
if (!sparams || !user) return SASL_BADPARAM;
pr = sparams->utils->prop_get( sparams->propctx );
/* Find our DN and conn first */
for( i = 0; pr[i].name; i++ ) {
if ( pr[i].name[0] == '*' ) {
if ( !strcmp( pr[i].name, slap_propnames[SLAP_SASL_PROP_CONN] ) ) {
if ( pr[i].values && pr[i].values[0] )
AC_MEMCPY( &conn, pr[i].values[0], sizeof( conn ) );
continue;
}
if ( !strcmp( pr[i].name, slap_propnames[SLAP_SASL_PROP_AUTHCLEN] )) {
if ( pr[i].values && pr[i].values[0] )
AC_MEMCPY( &op.o_req_ndn.bv_len, pr[i].values[0],
sizeof( op.o_req_ndn.bv_len ) );
} else if ( !strcmp( pr[i].name, slap_propnames[SLAP_SASL_PROP_AUTHC] ) ) {
if ( pr[i].values )
op.o_req_ndn.bv_val = (char *)pr[i].values[0];
}
#ifdef SLAP_AUXPROP_DONTUSECOPY
if ( slap_dontUseCopy_propnames != NULL ) {
struct berval bv;
ber_str2bv( &pr[i].name[1], 0, 1, &bv );
for ( j = 0; !BER_BVISNULL( &slap_dontUseCopy_propnames[ j ] ); j++ ) {
if ( bvmatch( &bv, &slap_dontUseCopy_propnames[ j ] ) ) {
dontUseCopy = 1;
break;
}
}
}
#endif /* SLAP_AUXPROP_DONTUSECOPY */
}
}
if (!conn || !op.o_req_ndn.bv_val) return SASL_BADPARAM;
op.o_bd = select_backend( &op.o_req_ndn, 1 );
if ( !op.o_bd || !op.o_bd->be_modify ) return SASL_FAIL;
#ifdef SLAP_AUXPROP_DONTUSECOPY
if ( SLAP_SHADOW( op.o_bd ) && dontUseCopy ) {
dontUseCopy_bd = op.o_bd;
op.o_bd = frontendDB;
op.o_dontUseCopy = SLAP_CONTROL_CRITICAL;
}
#endif /* SLAP_AUXPROP_DONTUSECOPY */
pr = sparams->utils->prop_get( prctx );
if (!pr) return SASL_BADPARAM;
for (i=0; pr[i].name; i++);
if (!i) return SASL_BADPARAM;
for (i=0; pr[i].name; i++) {
mod = (Modifications *)ch_malloc( sizeof(Modifications) );
mod->sml_op = LDAP_MOD_REPLACE;
mod->sml_flags = 0;
ber_str2bv( pr[i].name, 0, 0, &mod->sml_type );
mod->sml_numvals = pr[i].nvalues;
mod->sml_values = (struct berval *)ch_malloc( (pr[i].nvalues + 1) *
sizeof(struct berval));
for (j=0; j<pr[i].nvalues; j++) {
ber_str2bv( pr[i].values[j], 0, 1, &mod->sml_values[j]);
}
BER_BVZERO( &mod->sml_values[j] );
mod->sml_nvalues = NULL;
mod->sml_desc = NULL;
*modtail = mod;
modtail = &mod->sml_next;
}
*modtail = NULL;
rc = slap_mods_check( &op, modlist, &text, textbuf, textlen, NULL );
if ( rc == LDAP_SUCCESS ) {
rc = slap_mods_no_user_mod_check( &op, modlist,
&text, textbuf, textlen );
if ( rc == LDAP_SUCCESS ) {
if ( conn->c_sasl_bindop ) {
op.o_hdr = conn->c_sasl_bindop->o_hdr;
} else {
op.o_hdr = &oph;
memset( &oph, 0, sizeof(oph) );
operation_fake_init( conn, &op, ldap_pvt_thread_pool_context(), 0 );
}
op.o_tag = LDAP_REQ_MODIFY;
op.o_ndn = op.o_req_ndn;
op.o_callback = &cb;
slap_op_time( &op.o_time, &op.o_tincr );
op.o_do_not_cache = 1;
op.o_is_auth_check = 1;
op.o_req_dn = op.o_req_ndn;
op.orm_modlist = modlist;
for (;;) {
SlapReply rs = {REP_RESULT};
rc = op.o_bd->be_modify( &op, &rs );
#ifdef SLAP_AUXPROP_DONTUSECOPY
if ( dontUseCopy &&
rs.sr_err == LDAP_UNAVAILABLE &&
slap_dontUseCopy_ignore )
{
op.o_bd = dontUseCopy_bd;
op.o_dontUseCopy = SLAP_CONTROL_NONE;
dontUseCopy = 0;
continue;
}
#endif /* SLAP_AUXPROP_DONTUSECOPY */
break;
}
}
}
slap_mods_free( modlist, 1 );
return rc != LDAP_SUCCESS ? SASL_FAIL : SASL_OK;
}
int
mdb_add(Operation *op, SlapReply *rs )
{
struct mdb_info *mdb = (struct mdb_info *) op->o_bd->be_private;
struct berval pdn;
Entry *p = NULL, *oe = op->ora_e;
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof textbuf;
AttributeDescription *children = slap_schema.si_ad_children;
AttributeDescription *entry = slap_schema.si_ad_entry;
MDB_txn *txn = NULL;
MDB_cursor *mc = NULL;
MDB_cursor *mcd;
ID eid, pid = 0;
mdb_op_info opinfo = {{{ 0 }}}, *moi = &opinfo;
int subentry;
int numads = mdb->mi_numads;
int success;
LDAPControl **postread_ctrl = NULL;
LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
int num_ctrls = 0;
#ifdef LDAP_X_TXN
int settle = 0;
#endif
Debug(LDAP_DEBUG_ARGS, "==> " LDAP_XSTRING(mdb_add) ": %s\n",
op->ora_e->e_name.bv_val, 0, 0);
#ifdef LDAP_X_TXN
if( op->o_txnSpec ) {
/* acquire connection lock */
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
if( op->o_conn->c_txn == CONN_TXN_INACTIVE ) {
rs->sr_text = "invalid transaction identifier";
rs->sr_err = LDAP_X_TXN_ID_INVALID;
goto txnReturn;
} else if( op->o_conn->c_txn == CONN_TXN_SETTLE ) {
settle=1;
goto txnReturn;
}
if( op->o_conn->c_txn_backend == NULL ) {
op->o_conn->c_txn_backend = op->o_bd;
} else if( op->o_conn->c_txn_backend != op->o_bd ) {
rs->sr_text = "transaction cannot span multiple database contexts";
rs->sr_err = LDAP_AFFECTS_MULTIPLE_DSAS;
goto txnReturn;
}
/* insert operation into transaction */
rs->sr_text = "transaction specified";
rs->sr_err = LDAP_X_TXN_SPECIFY_OKAY;
txnReturn:
/* release connection lock */
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
if( !settle ) {
send_ldap_result( op, rs );
return rs->sr_err;
}
}
#endif
ctrls[num_ctrls] = 0;
/* check entry's schema */
rs->sr_err = entry_schema_check( op, op->ora_e, NULL,
get_relax(op), 1, NULL, &rs->sr_text, textbuf, textlen );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": entry failed schema check: "
"%s (%d)\n", rs->sr_text, rs->sr_err, 0 );
goto return_results;
}
/* begin transaction */
rs->sr_err = mdb_opinfo_get( op, mdb, 0, &moi );
rs->sr_text = NULL;
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": txn_begin failed: %s (%d)\n",
mdb_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
txn = moi->moi_txn;
/* add opattrs to shadow as well, only missing attrs will actually
* be added; helps compatibility with older OL versions */
rs->sr_err = slap_add_opattrs( op, &rs->sr_text, textbuf, textlen, 1 );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": entry failed op attrs add: "
"%s (%d)\n", rs->sr_text, rs->sr_err, 0 );
goto return_results;
}
if ( get_assert( op ) &&
( test_filter( op, op->ora_e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
{
rs->sr_err = LDAP_ASSERTION_FAILED;
goto return_results;
}
subentry = is_entry_subentry( op->ora_e );
/*
* Get the parent dn and see if the corresponding entry exists.
*/
if ( be_issuffix( op->o_bd, &op->ora_e->e_nname ) ) {
pdn = slap_empty_bv;
} else {
dnParent( &op->ora_e->e_nname, &pdn );
}
rs->sr_err = mdb_cursor_open( txn, mdb->mi_dn2id, &mcd );
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": mdb_cursor_open failed (%d)\n",
rs->sr_err, 0, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
/* get entry or parent */
rs->sr_err = mdb_dn2entry( op, txn, mcd, &op->ora_e->e_nname, &p, NULL, 1 );
switch( rs->sr_err ) {
case 0:
rs->sr_err = LDAP_ALREADY_EXISTS;
mdb_entry_return( op, p );
p = NULL;
goto return_results;
case MDB_NOTFOUND:
break;
case LDAP_BUSY:
rs->sr_text = "ldap server busy";
goto return_results;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
if ( !p )
p = (Entry *)&slap_entry_root;
if ( !bvmatch( &pdn, &p->e_nname ) ) {
rs->sr_matched = ber_strdup_x( p->e_name.bv_val,
op->o_tmpmemctx );
if ( p != (Entry *)&slap_entry_root && is_entry_referral( p )) {
BerVarray ref = get_entry_referrals( op, p );
rs->sr_ref = referral_rewrite( ref, &p->e_name,
&op->o_req_dn, LDAP_SCOPE_DEFAULT );
ber_bvarray_free( ref );
} else {
rs->sr_ref = NULL;
}
if ( p != (Entry *)&slap_entry_root )
mdb_entry_return( op, p );
p = NULL;
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": parent "
"does not exist\n", 0, 0, 0 );
rs->sr_err = LDAP_REFERRAL;
rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
goto return_results;
}
rs->sr_err = access_allowed( op, p,
children, NULL, ACL_WADD, NULL );
if ( ! rs->sr_err ) {
if ( p != (Entry *)&slap_entry_root )
mdb_entry_return( op, p );
p = NULL;
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": no write access to parent\n",
0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to parent";
goto return_results;;
}
if ( p != (Entry *)&slap_entry_root ) {
if ( is_entry_subentry( p ) ) {
mdb_entry_return( op, p );
p = NULL;
/* parent is a subentry, don't allow add */
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": parent is subentry\n",
0, 0, 0 );
rs->sr_err = LDAP_OBJECT_CLASS_VIOLATION;
rs->sr_text = "parent is a subentry";
goto return_results;;
}
if ( is_entry_alias( p ) ) {
mdb_entry_return( op, p );
p = NULL;
/* parent is an alias, don't allow add */
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": parent is alias\n",
0, 0, 0 );
rs->sr_err = LDAP_ALIAS_PROBLEM;
rs->sr_text = "parent is an alias";
goto return_results;;
}
if ( is_entry_referral( p ) ) {
BerVarray ref = get_entry_referrals( op, p );
/* parent is a referral, don't allow add */
rs->sr_matched = ber_strdup_x( p->e_name.bv_val,
op->o_tmpmemctx );
rs->sr_ref = referral_rewrite( ref, &p->e_name,
&op->o_req_dn, LDAP_SCOPE_DEFAULT );
ber_bvarray_free( ref );
mdb_entry_return( op, p );
p = NULL;
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": parent is referral\n",
0, 0, 0 );
rs->sr_err = LDAP_REFERRAL;
rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
goto return_results;
}
}
if ( subentry ) {
/* FIXME: */
/* parent must be an administrative point of the required kind */
}
/* free parent */
if ( p != (Entry *)&slap_entry_root ) {
pid = p->e_id;
if ( p->e_nname.bv_len ) {
struct berval ppdn;
/* ITS#5326: use parent's DN if differs from provided one */
dnParent( &op->ora_e->e_name, &ppdn );
if ( !dn_match( &p->e_name, &ppdn ) ) {
struct berval rdn;
struct berval newdn;
dnRdn( &op->ora_e->e_name, &rdn );
build_new_dn( &newdn, &p->e_name, &rdn, NULL );
if ( op->ora_e->e_name.bv_val != op->o_req_dn.bv_val )
ber_memfree( op->ora_e->e_name.bv_val );
op->ora_e->e_name = newdn;
/* FIXME: should check whether
* dnNormalize(newdn) == e->e_nname ... */
}
}
mdb_entry_return( op, p );
}
p = NULL;
rs->sr_err = access_allowed( op, op->ora_e,
entry, NULL, ACL_WADD, NULL );
if ( ! rs->sr_err ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": no write access to entry\n",
0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to entry";
goto return_results;;
}
/*
* Check ACL for attribute write access
*/
if (!acl_check_modlist(op, oe, op->ora_modlist)) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": no write access to attribute\n",
0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to attribute";
goto return_results;;
}
rs->sr_err = mdb_cursor_open( txn, mdb->mi_id2entry, &mc );
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": mdb_cursor_open failed (%d)\n",
rs->sr_err, 0, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
rs->sr_err = mdb_next_id( op->o_bd, mc, &eid );
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": next_id failed (%d)\n",
rs->sr_err, 0, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
op->ora_e->e_id = eid;
/* dn2id index */
rs->sr_err = mdb_dn2id_add( op, mcd, mcd, pid, 1, 1, op->ora_e );
mdb_cursor_close( mcd );
if ( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": dn2id_add failed: %s (%d)\n",
mdb_strerror(rs->sr_err), rs->sr_err, 0 );
switch( rs->sr_err ) {
case MDB_KEYEXIST:
rs->sr_err = LDAP_ALREADY_EXISTS;
break;
default:
rs->sr_err = LDAP_OTHER;
}
goto return_results;
}
/* attribute indexes */
rs->sr_err = mdb_index_entry_add( op, txn, op->ora_e );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": index_entry_add failed\n",
0, 0, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "index generation failed";
goto return_results;
}
/* id2entry index */
rs->sr_err = mdb_id2entry_add( op, txn, mc, op->ora_e );
if ( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": id2entry_add failed\n",
0, 0, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "entry store failed";
goto return_results;
}
/* post-read */
if( op->o_postread ) {
if( postread_ctrl == NULL ) {
postread_ctrl = &ctrls[num_ctrls++];
ctrls[num_ctrls] = NULL;
}
if ( slap_read_controls( op, rs, op->ora_e,
&slap_post_read_bv, postread_ctrl ) )
{
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(mdb_add) ": post-read "
"failed!\n", 0, 0, 0 );
if ( op->o_postread & SLAP_CONTROL_CRITICAL ) {
/* FIXME: is it correct to abort
* operation if control fails? */
goto return_results;
}
}
}
if ( moi == &opinfo ) {
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.moi_oe, OpExtra, oe_next );
opinfo.moi_oe.oe_key = NULL;
if ( op->o_noop ) {
mdb->mi_numads = numads;
mdb_txn_abort( txn );
rs->sr_err = LDAP_X_NO_OPERATION;
txn = NULL;
goto return_results;
}
rs->sr_err = mdb_txn_commit( txn );
txn = NULL;
if ( rs->sr_err != 0 ) {
mdb->mi_numads = numads;
rs->sr_text = "txn_commit failed";
Debug( LDAP_DEBUG_ANY,
LDAP_XSTRING(mdb_add) ": %s : %s (%d)\n",
rs->sr_text, mdb_strerror(rs->sr_err), rs->sr_err );
rs->sr_err = LDAP_OTHER;
goto return_results;
}
}
Debug(LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": added%s id=%08lx dn=\"%s\"\n",
op->o_noop ? " (no-op)" : "",
op->ora_e->e_id, op->ora_e->e_dn );
rs->sr_text = NULL;
if( num_ctrls ) rs->sr_ctrls = ctrls;
return_results:
success = rs->sr_err;
send_ldap_result( op, rs );
if( moi == &opinfo ) {
if( txn != NULL ) {
mdb->mi_numads = numads;
mdb_txn_abort( txn );
}
if ( opinfo.moi_oe.oe_key ) {
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.moi_oe, OpExtra, oe_next );
}
} else {
moi->moi_ref--;
}
if( success == LDAP_SUCCESS ) {
#if 0
if ( mdb->bi_txn_cp_kbyte ) {
TXN_CHECKPOINT( mdb->bi_dbenv,
mdb->bi_txn_cp_kbyte, mdb->bi_txn_cp_min, 0 );
}
#endif
}
slap_graduate_commit_csn( op );
if( postread_ctrl != NULL && (*postread_ctrl) != NULL ) {
slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
slap_sl_free( *postread_ctrl, op->o_tmpmemctx );
}
return rs->sr_err;
}
static int
retcode_entry_response( Operation *op, SlapReply *rs, BackendInfo *bi, Entry *e )
{
Attribute *a;
int err;
char *next;
int disconnect = 0;
if ( get_manageDSAit( op ) ) {
return SLAP_CB_CONTINUE;
}
if ( !is_entry_objectclass_or_sub( e, oc_errAbsObject ) ) {
return SLAP_CB_CONTINUE;
}
/* operation */
a = attr_find( e->e_attrs, ad_errOp );
if ( a != NULL ) {
int i,
gotit = 0;
struct berval bv = BER_BVNULL;
(void)retcode_op2str( op->o_tag, &bv );
if ( BER_BVISNULL( &bv ) ) {
return SLAP_CB_CONTINUE;
}
for ( i = 0; !BER_BVISNULL( &a->a_nvals[ i ] ); i++ ) {
if ( bvmatch( &a->a_nvals[ i ], &bv ) ) {
gotit = 1;
break;
}
}
if ( !gotit ) {
return SLAP_CB_CONTINUE;
}
}
/* disconnect */
a = attr_find( e->e_attrs, ad_errDisconnect );
if ( a != NULL ) {
if ( bvmatch( &a->a_nvals[ 0 ], &slap_true_bv ) ) {
return rs->sr_err = SLAPD_DISCONNECT;
}
disconnect = 1;
}
/* error code */
a = attr_find( e->e_attrs, ad_errCode );
if ( a == NULL ) {
return SLAP_CB_CONTINUE;
}
err = strtol( a->a_nvals[ 0 ].bv_val, &next, 0 );
if ( next == a->a_nvals[ 0 ].bv_val || next[ 0 ] != '\0' ) {
return SLAP_CB_CONTINUE;
}
rs->sr_err = err;
/* sleep time */
a = attr_find( e->e_attrs, ad_errSleepTime );
if ( a != NULL && a->a_nvals[ 0 ].bv_val[ 0 ] != '-' ) {
int sleepTime;
if ( lutil_atoi( &sleepTime, a->a_nvals[ 0 ].bv_val ) == 0 ) {
retcode_sleep( sleepTime );
}
}
if ( rs->sr_err != LDAP_SUCCESS && !LDAP_API_ERROR( rs->sr_err )) {
BackendDB db = *op->o_bd,
*o_bd = op->o_bd;
void *o_callback = op->o_callback;
/* message text */
a = attr_find( e->e_attrs, ad_errText );
if ( a != NULL ) {
rs->sr_text = a->a_vals[ 0 ].bv_val;
}
/* matched DN */
a = attr_find( e->e_attrs, ad_errMatchedDN );
if ( a != NULL ) {
rs->sr_matched = a->a_vals[ 0 ].bv_val;
}
if ( bi == NULL ) {
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
bi = on->on_info->oi_orig;
}
db.bd_info = bi;
op->o_bd = &db;
op->o_callback = NULL;
/* referral */
if ( rs->sr_err == LDAP_REFERRAL ) {
BerVarray refs = default_referral;
a = attr_find( e->e_attrs, slap_schema.si_ad_ref );
if ( a != NULL ) {
refs = a->a_vals;
}
rs->sr_ref = referral_rewrite( refs,
NULL, &op->o_req_dn, op->oq_search.rs_scope );
send_search_reference( op, rs );
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
} else {
a = attr_find( e->e_attrs, ad_errUnsolicitedOID );
if ( a != NULL ) {
struct berval oid = BER_BVNULL,
data = BER_BVNULL;
ber_int_t msgid = op->o_msgid;
/* RFC 4511 unsolicited response */
op->o_msgid = 0;
oid = a->a_nvals[ 0 ];
a = attr_find( e->e_attrs, ad_errUnsolicitedData );
if ( a != NULL ) {
data = a->a_nvals[ 0 ];
}
if ( strcmp( oid.bv_val, "0" ) == 0 ) {
send_ldap_result( op, rs );
} else {
ber_tag_t tag = op->o_tag;
op->o_tag = LDAP_REQ_EXTENDED;
rs->sr_rspoid = oid.bv_val;
if ( !BER_BVISNULL( &data ) ) {
rs->sr_rspdata = &data;
}
send_ldap_extended( op, rs );
rs->sr_rspoid = NULL;
rs->sr_rspdata = NULL;
op->o_tag = tag;
}
op->o_msgid = msgid;
} else {
send_ldap_result( op, rs );
}
}
rs->sr_text = NULL;
rs->sr_matched = NULL;
op->o_bd = o_bd;
op->o_callback = o_callback;
}
if ( rs->sr_err != LDAP_SUCCESS ) {
if ( disconnect ) {
return rs->sr_err = SLAPD_DISCONNECT;
}
op->o_abandon = 1;
return rs->sr_err;
}
return SLAP_CB_CONTINUE;
}
int
modify_add_values(
Entry *e,
Modification *mod,
int permissive,
const char **text,
char *textbuf, size_t textlen
)
{
int i, j;
int matched;
Attribute *a;
MatchingRule *mr = mod->sm_desc->ad_type->sat_equality;
const char *op;
switch( mod->sm_op ) {
case LDAP_MOD_ADD:
op = "add";
break;
case LDAP_MOD_REPLACE:
op = "replace";
break;
default:
op = "?";
assert( 0 );
}
a = attr_find( e->e_attrs, mod->sm_desc );
/*
* With permissive set, as long as the attribute being added
* has the same value(s?) as the existing attribute, then the
* modify will succeed.
*/
/* check if the values we're adding already exist */
if( mr == NULL || !mr->smr_match ) {
if ( a != NULL ) {
/* do not allow add of additional attribute
if no equality rule exists */
*text = textbuf;
snprintf( textbuf, textlen,
"modify/%s: %s: no equality matching rule",
op, mod->sm_desc->ad_cname.bv_val );
return LDAP_INAPPROPRIATE_MATCHING;
}
for ( i = 0; mod->sm_bvalues[i].bv_val != NULL; i++ ) {
/* test asserted values against existing values */
if( a ) {
for( matched = 0, j = 0; a->a_vals[j].bv_val != NULL; j++ ) {
if ( bvmatch( &mod->sm_bvalues[i],
&a->a_vals[j] ) ) {
if ( permissive ) {
matched++;
continue;
}
/* value exists already */
*text = textbuf;
snprintf( textbuf, textlen,
"modify/%s: %s: value #%i already exists",
op, mod->sm_desc->ad_cname.bv_val, j );
return LDAP_TYPE_OR_VALUE_EXISTS;
}
}
if ( permissive && matched == j ) {
/* values already exist; do nothing */
return LDAP_SUCCESS;
}
}
/* test asserted values against themselves */
for( j = 0; j < i; j++ ) {
if ( bvmatch( &mod->sm_bvalues[i],
&mod->sm_bvalues[j] ) ) {
/* value exists already */
*text = textbuf;
snprintf( textbuf, textlen,
"modify/%s: %s: value #%i already exists",
op, mod->sm_desc->ad_cname.bv_val, j );
return LDAP_TYPE_OR_VALUE_EXISTS;
}
}
}
} else {
/*
* The original code performs ( n ) normalizations
* and ( n * ( n - 1 ) / 2 ) matches, which hide
* the same number of normalizations. The new code
* performs the same number of normalizations ( n )
* and ( n * ( n - 1 ) / 2 ) mem compares, far less
* expensive than an entire match, if a match is
* equivalent to a normalization and a mem compare ...
*
* This is far more memory expensive than the previous,
* but it can heavily improve performances when big
* chunks of data are added (typical example is a group
* with thousands of DN-syntax members; on my system:
* for members of 5-RDN DNs,
members orig bvmatch (dirty) new
1000 0m38.456s 0m0.553s 0m0.608s
2000 2m33.341s 0m0.851s 0m1.003s
* Moreover, 100 groups with 10000 members each were
* added in 37m27.933s (an analogous LDIF file was
* loaded into Active Directory in 38m28.682s, BTW).
*
* Maybe we could switch to the new algorithm when
* the number of values overcomes a given threshold?
*/
int rc;
if ( mod->sm_bvalues[ 1 ].bv_val == 0 ) {
if ( a != NULL ) {
struct berval asserted;
int i;
rc = value_normalize( mod->sm_desc, SLAP_MR_EQUALITY,
&mod->sm_bvalues[ 0 ], &asserted, text );
if ( rc != LDAP_SUCCESS ) {
return rc;
}
for ( matched = 0, i = 0; a->a_vals[ i ].bv_val; i++ ) {
int match;
rc = value_match( &match, mod->sm_desc, mr,
SLAP_MR_VALUE_SYNTAX_MATCH,
&a->a_vals[ i ], &asserted, text );
if( rc == LDAP_SUCCESS && match == 0 ) {
if ( permissive ) {
matched++;
continue;
}
free( asserted.bv_val );
*text = textbuf;
snprintf( textbuf, textlen,
"modify/%s: %s: value #0 already exists",
op, mod->sm_desc->ad_cname.bv_val, 0 );
return LDAP_TYPE_OR_VALUE_EXISTS;
}
}
free( asserted.bv_val );
if ( permissive && matched == i ) {
/* values already exist; do nothing */
return LDAP_SUCCESS;
}
}
} else {
rc = modify_check_duplicates( mod->sm_desc, mr,
a ? a->a_vals : NULL, mod->sm_bvalues,
permissive,
text, textbuf, textlen );
if ( permissive && rc == LDAP_TYPE_OR_VALUE_EXISTS ) {
return LDAP_SUCCESS;
}
if ( rc != LDAP_SUCCESS ) {
return rc;
}
}
}
/* no - add them */
if( attr_merge( e, mod->sm_desc, mod->sm_bvalues ) != 0 ) {
/* this should return result of attr_merge */
*text = textbuf;
snprintf( textbuf, textlen,
"modify/%s: %s: merge error",
op, mod->sm_desc->ad_cname.bv_val );
return LDAP_OTHER;
}
return LDAP_SUCCESS;
}
static int
test_ava_filter(
Operation *op,
Entry *e,
AttributeAssertion *ava,
int type )
{
int rc;
Attribute *a;
#ifdef LDAP_COMP_MATCH
int i, num_attr_vals = 0;
AttributeAliasing *a_alias = NULL;
#endif
if ( !access_allowed( op, e,
ava->aa_desc, &ava->aa_value, ACL_SEARCH, NULL ) )
{
return LDAP_INSUFFICIENT_ACCESS;
}
if ( ava->aa_desc == slap_schema.si_ad_hasSubordinates
&& op && op->o_bd && op->o_bd->be_has_subordinates )
{
int hasSubordinates;
struct berval hs;
if( type != LDAP_FILTER_EQUALITY &&
type != LDAP_FILTER_APPROX )
{
/* No other match is allowed */
return LDAP_INAPPROPRIATE_MATCHING;
}
if ( op->o_bd->be_has_subordinates( op, e, &hasSubordinates ) !=
LDAP_SUCCESS )
{
return LDAP_OTHER;
}
if ( hasSubordinates == LDAP_COMPARE_TRUE ) {
hs = slap_true_bv;
} else if ( hasSubordinates == LDAP_COMPARE_FALSE ) {
hs = slap_false_bv;
} else {
return LDAP_OTHER;
}
if ( bvmatch( &ava->aa_value, &hs ) ) return LDAP_COMPARE_TRUE;
return LDAP_COMPARE_FALSE;
}
if ( ava->aa_desc == slap_schema.si_ad_entryDN ) {
MatchingRule *mr;
int match;
const char *text;
if( type != LDAP_FILTER_EQUALITY &&
type != LDAP_FILTER_APPROX )
{
/* No other match is allowed */
return LDAP_INAPPROPRIATE_MATCHING;
}
mr = slap_schema.si_ad_entryDN->ad_type->sat_equality;
assert( mr != NULL );
rc = value_match( &match, slap_schema.si_ad_entryDN, mr,
SLAP_MR_EXT, &e->e_nname, &ava->aa_value, &text );
if( rc != LDAP_SUCCESS ) return rc;
if( match == 0 ) return LDAP_COMPARE_TRUE;
return LDAP_COMPARE_FALSE;
}
rc = LDAP_COMPARE_FALSE;
#ifdef LDAP_COMP_MATCH
if ( is_aliased_attribute && ava->aa_cf )
{
a_alias = is_aliased_attribute ( ava->aa_desc );
if ( a_alias )
ava->aa_desc = a_alias->aa_aliased_ad;
else
ava->aa_cf = NULL;
}
#endif
for(a = attrs_find( e->e_attrs, ava->aa_desc );
a != NULL;
a = attrs_find( a->a_next, ava->aa_desc ) )
{
int use;
MatchingRule *mr;
struct berval *bv;
if (( ava->aa_desc != a->a_desc ) && !access_allowed( op,
e, a->a_desc, &ava->aa_value, ACL_SEARCH, NULL ))
{
rc = LDAP_INSUFFICIENT_ACCESS;
continue;
}
use = SLAP_MR_EQUALITY;
switch ( type ) {
case LDAP_FILTER_APPROX:
use = SLAP_MR_EQUALITY_APPROX;
mr = a->a_desc->ad_type->sat_approx;
if( mr != NULL ) break;
/* fallthru: use EQUALITY matching rule if no APPROX rule */
case LDAP_FILTER_EQUALITY:
/* use variable set above so fall thru use is not clobbered */
mr = a->a_desc->ad_type->sat_equality;
break;
case LDAP_FILTER_GE:
case LDAP_FILTER_LE:
use = SLAP_MR_ORDERING;
mr = a->a_desc->ad_type->sat_ordering;
break;
default:
mr = NULL;
}
if( mr == NULL ) {
rc = LDAP_INAPPROPRIATE_MATCHING;
continue;
}
/* We have no Sort optimization for Approx matches */
if (( a->a_flags & SLAP_ATTR_SORTED_VALS ) && type != LDAP_FILTER_APPROX ) {
unsigned slot;
int ret;
/* For Ordering matches, we just need to do one comparison with
* either the first (least) or last (greatest) value.
*/
if ( use == SLAP_MR_ORDERING ) {
const char *text;
int match, which;
which = (type == LDAP_FILTER_LE) ? 0 : a->a_numvals-1;
ret = value_match( &match, a->a_desc, mr, use,
&a->a_nvals[which], &ava->aa_value, &text );
if ( ret != LDAP_SUCCESS ) return ret;
if (( type == LDAP_FILTER_LE && match <= 0 ) ||
( type == LDAP_FILTER_GE && match >= 0 ))
return LDAP_COMPARE_TRUE;
continue;
}
/* Only Equality will get here */
ret = attr_valfind( a, use | SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH |
SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH,
&ava->aa_value, &slot, NULL );
if ( ret == LDAP_SUCCESS )
return LDAP_COMPARE_TRUE;
else if ( ret != LDAP_NO_SUCH_ATTRIBUTE )
return ret;
#if 0
/* The following is useful if we want to know which values
* matched an ordering test. But here we don't care, we just
* want to know if any value did, and that is checked above.
*/
if ( ret == LDAP_NO_SUCH_ATTRIBUTE ) {
/* If insertion point is not the end of the list, there was
* at least one value greater than the assertion.
*/
if ( type == LDAP_FILTER_GE && slot < a->a_numvals )
return LDAP_COMPARE_TRUE;
/* Likewise, if insertion point is not the head of the list,
* there was at least one value less than the assertion.
*/
if ( type == LDAP_FILTER_LE && slot > 0 )
return LDAP_COMPARE_TRUE;
return LDAP_COMPARE_FALSE;
}
#endif
continue;
}
#ifdef LDAP_COMP_MATCH
if ( nibble_mem_allocator && ava->aa_cf && !a->a_comp_data ) {
/* Component Matching */
for ( num_attr_vals = 0; a->a_vals[num_attr_vals].bv_val != NULL; num_attr_vals++ );
if ( num_attr_vals <= 0 )/* no attribute value */
return LDAP_INAPPROPRIATE_MATCHING;
num_attr_vals++;/* for NULL termination */
/* following malloced will be freed by comp_tree_free () */
a->a_comp_data = SLAP_MALLOC( sizeof( ComponentData ) + sizeof( ComponentSyntaxInfo* )*num_attr_vals );
if ( !a->a_comp_data ) {
return LDAP_NO_MEMORY;
}
a->a_comp_data->cd_tree = (ComponentSyntaxInfo**)((char*)a->a_comp_data + sizeof(ComponentData));
i = num_attr_vals;
for ( ; i ; i-- ) {
a->a_comp_data->cd_tree[ i-1 ] = (ComponentSyntaxInfo*)NULL;
}
a->a_comp_data->cd_mem_op = nibble_mem_allocator ( 1024*10*(num_attr_vals-1), 1024 );
if ( a->a_comp_data->cd_mem_op == NULL ) {
free ( a->a_comp_data );
a->a_comp_data = NULL;
return LDAP_OPERATIONS_ERROR;
}
}
i = 0;
#endif
for ( bv = a->a_nvals; !BER_BVISNULL( bv ); bv++ ) {
int ret, match;
const char *text;
#ifdef LDAP_COMP_MATCH
if( attr_converter && ava->aa_cf && a->a_comp_data ) {
/* Check if decoded component trees are already linked */
struct berval cf_bv = { 20, "componentFilterMatch" };
MatchingRule* cf_mr = mr_bvfind( &cf_bv );
MatchingRuleAssertion mra;
mra.ma_cf = ava->aa_cf;
if ( a->a_comp_data->cd_tree[i] == NULL )
a->a_comp_data->cd_tree[i] = attr_converter (a, a->a_desc->ad_type->sat_syntax, (a->a_vals + i));
/* decoding error */
if ( !a->a_comp_data->cd_tree[i] ) {
free_ComponentData ( a );
return LDAP_OPERATIONS_ERROR;
}
ret = value_match( &match, a->a_desc, cf_mr,
SLAP_MR_COMPONENT,
(struct berval*)a->a_comp_data->cd_tree[i++],
(void*)&mra, &text );
if ( ret == LDAP_INAPPROPRIATE_MATCHING ) {
/* cached component tree is broken, just remove it */
free_ComponentData ( a );
return ret;
}
if ( a_alias )
ava->aa_desc = a_alias->aa_aliasing_ad;
} else
#endif
{
ret = ordered_value_match( &match, a->a_desc, mr, use,
bv, &ava->aa_value, &text );
}
if( ret != LDAP_SUCCESS ) {
rc = ret;
break;
}
switch ( type ) {
case LDAP_FILTER_EQUALITY:
case LDAP_FILTER_APPROX:
if ( match == 0 ) return LDAP_COMPARE_TRUE;
break;
case LDAP_FILTER_GE:
if ( match >= 0 ) return LDAP_COMPARE_TRUE;
break;
case LDAP_FILTER_LE:
if ( match <= 0 ) return LDAP_COMPARE_TRUE;
break;
}
}
}
#ifdef LDAP_COMP_MATCH
if ( a_alias )
ava->aa_desc = a_alias->aa_aliasing_ad;
#endif
return rc;
}
static int
bdb_cf_gen( ConfigArgs *c )
{
struct bdb_info *bdb = c->be->be_private;
int rc;
if ( c->op == SLAP_CONFIG_EMIT ) {
rc = 0;
switch( c->type ) {
case BDB_MODE: {
char buf[64];
struct berval bv;
bv.bv_len = snprintf( buf, sizeof(buf), "0%o", bdb->bi_dbenv_mode );
if ( bv.bv_len > 0 && bv.bv_len < sizeof(buf) ) {
bv.bv_val = buf;
value_add_one( &c->rvalue_vals, &bv );
} else {
rc = 1;
}
} break;
case BDB_CHKPT:
if ( bdb->bi_txn_cp ) {
char buf[64];
struct berval bv;
bv.bv_len = snprintf( buf, sizeof(buf), "%d %d", bdb->bi_txn_cp_kbyte,
bdb->bi_txn_cp_min );
if ( bv.bv_len > 0 && bv.bv_len < sizeof(buf) ) {
bv.bv_val = buf;
value_add_one( &c->rvalue_vals, &bv );
} else {
rc = 1;
}
} else {
rc = 1;
}
break;
case BDB_CRYPTFILE:
if ( bdb->bi_db_crypt_file ) {
c->value_string = ch_strdup( bdb->bi_db_crypt_file );
} else {
rc = 1;
}
break;
/* If a crypt file has been set, its contents are copied here.
* But we don't want the key to be incorporated here.
*/
case BDB_CRYPTKEY:
if ( !bdb->bi_db_crypt_file && !BER_BVISNULL( &bdb->bi_db_crypt_key )) {
value_add_one( &c->rvalue_vals, &bdb->bi_db_crypt_key );
} else {
rc = 1;
}
break;
case BDB_DIRECTORY:
if ( bdb->bi_dbenv_home ) {
c->value_string = ch_strdup( bdb->bi_dbenv_home );
} else {
rc = 1;
}
break;
case BDB_CONFIG:
if ( !( bdb->bi_flags & BDB_IS_OPEN )
&& !bdb->bi_db_config )
{
char buf[SLAP_TEXT_BUFLEN];
FILE *f = fopen( bdb->bi_db_config_path, "r" );
struct berval bv;
if ( f ) {
bdb->bi_flags |= BDB_HAS_CONFIG;
while ( fgets( buf, sizeof(buf), f )) {
ber_str2bv( buf, 0, 1, &bv );
if ( bv.bv_len > 0 && bv.bv_val[bv.bv_len-1] == '\n' ) {
bv.bv_len--;
bv.bv_val[bv.bv_len] = '\0';
}
/* shouldn't need this, but ... */
if ( bv.bv_len > 0 && bv.bv_val[bv.bv_len-1] == '\r' ) {
bv.bv_len--;
bv.bv_val[bv.bv_len] = '\0';
}
ber_bvarray_add( &bdb->bi_db_config, &bv );
}
fclose( f );
}
}
if ( bdb->bi_db_config ) {
int i;
struct berval bv;
bv.bv_val = c->log;
for (i=0; !BER_BVISNULL(&bdb->bi_db_config[i]); i++) {
bv.bv_len = sprintf( bv.bv_val, "{%d}%s", i,
bdb->bi_db_config[i].bv_val );
value_add_one( &c->rvalue_vals, &bv );
}
}
if ( !c->rvalue_vals ) rc = 1;
break;
case BDB_NOSYNC:
if ( bdb->bi_dbenv_xflags & DB_TXN_NOSYNC )
c->value_int = 1;
break;
case BDB_CHECKSUM:
if ( bdb->bi_flags & BDB_CHKSUM )
c->value_int = 1;
break;
case BDB_INDEX:
bdb_attr_index_unparse( bdb, &c->rvalue_vals );
if ( !c->rvalue_vals ) rc = 1;
break;
case BDB_LOCKD:
rc = 1;
if ( bdb->bi_lock_detect != DB_LOCK_DEFAULT ) {
int i;
for (i=0; !BER_BVISNULL(&bdb_lockd[i].word); i++) {
if ( bdb->bi_lock_detect == (u_int32_t)bdb_lockd[i].mask ) {
value_add_one( &c->rvalue_vals, &bdb_lockd[i].word );
rc = 0;
break;
}
}
}
break;
case BDB_SSTACK:
c->value_int = bdb->bi_search_stack_depth;
break;
case BDB_PGSIZE: {
struct bdb_db_pgsize *ps;
char buf[SLAP_TEXT_BUFLEN];
struct berval bv;
int rc = 1;
bv.bv_val = buf;
for ( ps = bdb->bi_pagesizes; ps; ps = ps->bdp_next ) {
bv.bv_len = sprintf( buf, "%s %d", ps->bdp_name.bv_val,
ps->bdp_size / 1024 );
value_add_one( &c->rvalue_vals, &bv );
rc = 0;
}
break;
}
}
return rc;
} else if ( c->op == LDAP_MOD_DELETE ) {
rc = 0;
switch( c->type ) {
case BDB_MODE:
#if 0
/* FIXME: does it make any sense to change the mode,
* if we don't exec a chmod()? */
bdb->bi_dbenv_mode = SLAPD_DEFAULT_DB_MODE;
break;
#endif
/* single-valued no-ops */
case BDB_LOCKD:
case BDB_SSTACK:
break;
case BDB_CHKPT:
if ( bdb->bi_txn_cp_task ) {
struct re_s *re = bdb->bi_txn_cp_task;
bdb->bi_txn_cp_task = NULL;
ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
if ( ldap_pvt_runqueue_isrunning( &slapd_rq, re ) )
ldap_pvt_runqueue_stoptask( &slapd_rq, re );
ldap_pvt_runqueue_remove( &slapd_rq, re );
ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
}
bdb->bi_txn_cp = 0;
break;
case BDB_CONFIG:
if ( c->valx < 0 ) {
ber_bvarray_free( bdb->bi_db_config );
bdb->bi_db_config = NULL;
} else {
int i = c->valx;
ch_free( bdb->bi_db_config[i].bv_val );
for (; bdb->bi_db_config[i].bv_val; i++)
bdb->bi_db_config[i] = bdb->bi_db_config[i+1];
}
bdb->bi_flags |= BDB_UPD_CONFIG;
c->cleanup = bdb_cf_cleanup;
break;
/* Doesn't really make sense to change these on the fly;
* the entire DB must be dumped and reloaded
*/
case BDB_CRYPTFILE:
if ( bdb->bi_db_crypt_file ) {
ch_free( bdb->bi_db_crypt_file );
bdb->bi_db_crypt_file = NULL;
}
/* FALLTHRU */
case BDB_CRYPTKEY:
if ( !BER_BVISNULL( &bdb->bi_db_crypt_key )) {
ch_free( bdb->bi_db_crypt_key.bv_val );
BER_BVZERO( &bdb->bi_db_crypt_key );
}
break;
case BDB_DIRECTORY:
bdb->bi_flags |= BDB_RE_OPEN;
bdb->bi_flags ^= BDB_HAS_CONFIG;
ch_free( bdb->bi_dbenv_home );
bdb->bi_dbenv_home = NULL;
ch_free( bdb->bi_db_config_path );
bdb->bi_db_config_path = NULL;
c->cleanup = bdb_cf_cleanup;
ldap_pvt_thread_pool_purgekey( bdb->bi_dbenv );
break;
case BDB_NOSYNC:
bdb->bi_dbenv->set_flags( bdb->bi_dbenv, DB_TXN_NOSYNC, 0 );
break;
case BDB_CHECKSUM:
bdb->bi_flags &= ~BDB_CHKSUM;
break;
case BDB_INDEX:
if ( c->valx == -1 ) {
int i;
/* delete all (FIXME) */
for ( i = 0; i < bdb->bi_nattrs; i++ ) {
bdb->bi_attrs[i]->ai_indexmask |= BDB_INDEX_DELETING;
}
bdb->bi_flags |= BDB_DEL_INDEX;
c->cleanup = bdb_cf_cleanup;
} else {
struct berval bv, def = BER_BVC("default");
char *ptr;
for (ptr = c->line; !isspace( (unsigned char) *ptr ); ptr++);
bv.bv_val = c->line;
bv.bv_len = ptr - bv.bv_val;
if ( bvmatch( &bv, &def )) {
bdb->bi_defaultmask = 0;
} else {
int i;
char **attrs;
char sep;
sep = bv.bv_val[ bv.bv_len ];
bv.bv_val[ bv.bv_len ] = '\0';
attrs = ldap_str2charray( bv.bv_val, "," );
for ( i = 0; attrs[ i ]; i++ ) {
AttributeDescription *ad = NULL;
const char *text;
AttrInfo *ai;
slap_str2ad( attrs[ i ], &ad, &text );
/* if we got here... */
assert( ad != NULL );
ai = bdb_attr_mask( bdb, ad );
/* if we got here... */
assert( ai != NULL );
ai->ai_indexmask |= BDB_INDEX_DELETING;
bdb->bi_flags |= BDB_DEL_INDEX;
c->cleanup = bdb_cf_cleanup;
}
bv.bv_val[ bv.bv_len ] = sep;
ldap_charray_free( attrs );
}
}
break;
/* doesn't make sense on the fly; the DB file must be
* recreated
*/
case BDB_PGSIZE: {
struct bdb_db_pgsize *ps, **prev;
int i;
for ( i = 0, prev = &bdb->bi_pagesizes, ps = *prev; ps;
prev = &ps->bdp_next, ps = ps->bdp_next, i++ ) {
if ( c->valx == -1 || i == c->valx ) {
*prev = ps->bdp_next;
ch_free( ps );
ps = *prev;
if ( i == c->valx ) break;
}
}
}
break;
}
return rc;
}
switch( c->type ) {
case BDB_MODE:
if ( ASCII_DIGIT( c->argv[1][0] ) ) {
long mode;
char *next;
errno = 0;
mode = strtol( c->argv[1], &next, 0 );
if ( errno != 0 || next == c->argv[1] || next[0] != '\0' ) {
fprintf( stderr, "%s: "
"unable to parse mode=\"%s\".\n",
c->log, c->argv[1] );
return 1;
}
bdb->bi_dbenv_mode = mode;
} else {
char *m = c->argv[1];
int who, what, mode = 0;
if ( strlen( m ) != STRLENOF("-rwxrwxrwx") ) {
return 1;
}
if ( m[0] != '-' ) {
return 1;
}
m++;
for ( who = 0; who < 3; who++ ) {
for ( what = 0; what < 3; what++, m++ ) {
if ( m[0] == '-' ) {
continue;
} else if ( m[0] != "rwx"[what] ) {
return 1;
}
mode += ((1 << (2 - what)) << 3*(2 - who));
}
}
bdb->bi_dbenv_mode = mode;
}
break;
case BDB_CHKPT: {
long l;
bdb->bi_txn_cp = 1;
if ( lutil_atolx( &l, c->argv[1], 0 ) != 0 ) {
fprintf( stderr, "%s: "
"invalid kbyte \"%s\" in \"checkpoint\".\n",
c->log, c->argv[1] );
return 1;
}
bdb->bi_txn_cp_kbyte = l;
if ( lutil_atolx( &l, c->argv[2], 0 ) != 0 ) {
fprintf( stderr, "%s: "
"invalid minutes \"%s\" in \"checkpoint\".\n",
c->log, c->argv[2] );
return 1;
}
bdb->bi_txn_cp_min = l;
/* If we're in server mode and time-based checkpointing is enabled,
* submit a task to perform periodic checkpoints.
*/
if ((slapMode & SLAP_SERVER_MODE) && bdb->bi_txn_cp_min ) {
struct re_s *re = bdb->bi_txn_cp_task;
if ( re ) {
re->interval.tv_sec = bdb->bi_txn_cp_min * 60;
} else {
if ( c->be->be_suffix == NULL || BER_BVISNULL( &c->be->be_suffix[0] ) ) {
fprintf( stderr, "%s: "
"\"checkpoint\" must occur after \"suffix\".\n",
c->log );
return 1;
}
ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
bdb->bi_txn_cp_task = ldap_pvt_runqueue_insert( &slapd_rq,
bdb->bi_txn_cp_min * 60, bdb_checkpoint, bdb,
LDAP_XSTRING(bdb_checkpoint), c->be->be_suffix[0].bv_val );
ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
}
}
} break;
case BDB_CONFIG: {
char *ptr = c->line;
struct berval bv;
if ( c->op == SLAP_CONFIG_ADD ) {
ptr += STRLENOF("dbconfig");
while (!isspace((unsigned char)*ptr)) ptr++;
while (isspace((unsigned char)*ptr)) ptr++;
}
if ( bdb->bi_flags & BDB_IS_OPEN ) {
bdb->bi_flags |= BDB_UPD_CONFIG;
c->cleanup = bdb_cf_cleanup;
} else {
/* If we're just starting up...
*/
FILE *f;
/* If a DB_CONFIG file exists, or we don't know the path
* to the DB_CONFIG file, ignore these directives
*/
if (( bdb->bi_flags & BDB_HAS_CONFIG ) || !bdb->bi_db_config_path )
break;
f = fopen( bdb->bi_db_config_path, "a" );
if ( f ) {
/* FIXME: EBCDIC probably needs special handling */
fprintf( f, "%s\n", ptr );
fclose( f );
}
}
ber_str2bv( ptr, 0, 1, &bv );
ber_bvarray_add( &bdb->bi_db_config, &bv );
}
break;
case BDB_CRYPTFILE:
rc = lutil_get_filed_password( c->value_string, &bdb->bi_db_crypt_key );
if ( rc == 0 ) {
bdb->bi_db_crypt_file = c->value_string;
}
break;
/* Cannot set key if file was already set */
case BDB_CRYPTKEY:
if ( bdb->bi_db_crypt_file ) {
rc = 1;
} else {
bdb->bi_db_crypt_key = c->value_bv;
}
break;
case BDB_DIRECTORY: {
FILE *f;
char *ptr, *testpath;
int len;
len = strlen( c->value_string );
testpath = ch_malloc( len + STRLENOF(LDAP_DIRSEP) + STRLENOF("DUMMY") + 1 );
ptr = lutil_strcopy( testpath, c->value_string );
*ptr++ = LDAP_DIRSEP[0];
strcpy( ptr, "DUMMY" );
f = fopen( testpath, "w" );
if ( f ) {
fclose( f );
unlink( testpath );
}
ch_free( testpath );
if ( !f ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s: invalid path: %s",
c->log, strerror( errno ));
Debug( LDAP_DEBUG_ANY, "%s\n", c->cr_msg, 0, 0 );
return -1;
}
if ( bdb->bi_dbenv_home )
ch_free( bdb->bi_dbenv_home );
bdb->bi_dbenv_home = c->value_string;
/* See if a DB_CONFIG file already exists here */
if ( bdb->bi_db_config_path )
ch_free( bdb->bi_db_config_path );
bdb->bi_db_config_path = ch_malloc( len +
STRLENOF(LDAP_DIRSEP) + STRLENOF("DB_CONFIG") + 1 );
ptr = lutil_strcopy( bdb->bi_db_config_path, bdb->bi_dbenv_home );
*ptr++ = LDAP_DIRSEP[0];
strcpy( ptr, "DB_CONFIG" );
f = fopen( bdb->bi_db_config_path, "r" );
if ( f ) {
bdb->bi_flags |= BDB_HAS_CONFIG;
fclose(f);
}
}
break;
case BDB_NOSYNC:
if ( c->value_int )
bdb->bi_dbenv_xflags |= DB_TXN_NOSYNC;
else
bdb->bi_dbenv_xflags &= ~DB_TXN_NOSYNC;
if ( bdb->bi_flags & BDB_IS_OPEN ) {
bdb->bi_dbenv->set_flags( bdb->bi_dbenv, DB_TXN_NOSYNC,
c->value_int );
}
break;
case BDB_CHECKSUM:
if ( c->value_int )
bdb->bi_flags |= BDB_CHKSUM;
else
bdb->bi_flags &= ~BDB_CHKSUM;
break;
case BDB_INDEX:
rc = bdb_attr_index_config( bdb, c->fname, c->lineno,
c->argc - 1, &c->argv[1], &c->reply);
if( rc != LDAP_SUCCESS ) return 1;
if (( bdb->bi_flags & BDB_IS_OPEN ) && !bdb->bi_index_task ) {
/* Start the task as soon as we finish here. Set a long
* interval (10 hours) so that it only gets scheduled once.
*/
if ( c->be->be_suffix == NULL || BER_BVISNULL( &c->be->be_suffix[0] ) ) {
fprintf( stderr, "%s: "
"\"index\" must occur after \"suffix\".\n",
c->log );
return 1;
}
ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
bdb->bi_index_task = ldap_pvt_runqueue_insert( &slapd_rq, 36000,
bdb_online_index, c->be,
LDAP_XSTRING(bdb_online_index), c->be->be_suffix[0].bv_val );
ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
}
break;
case BDB_LOCKD:
rc = verb_to_mask( c->argv[1], bdb_lockd );
if ( BER_BVISNULL(&bdb_lockd[rc].word) ) {
fprintf( stderr, "%s: "
"bad policy (%s) in \"lockDetect <policy>\" line\n",
c->log, c->argv[1] );
return 1;
}
bdb->bi_lock_detect = (u_int32_t)rc;
break;
case BDB_SSTACK:
if ( c->value_int < MINIMUM_SEARCH_STACK_DEPTH ) {
fprintf( stderr,
"%s: depth %d too small, using %d\n",
c->log, c->value_int, MINIMUM_SEARCH_STACK_DEPTH );
c->value_int = MINIMUM_SEARCH_STACK_DEPTH;
}
bdb->bi_search_stack_depth = c->value_int;
break;
case BDB_PGSIZE: {
struct bdb_db_pgsize *ps, **prev;
int i, s;
s = atoi(c->argv[2]);
if ( s < 1 || s > 64 ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s: size must be > 0 and <= 64: %d",
c->log, s );
Debug( LDAP_DEBUG_ANY, "%s\n", c->cr_msg, 0, 0 );
return -1;
}
i = strlen(c->argv[1]);
ps = ch_malloc( sizeof(struct bdb_db_pgsize) + i + 1 );
ps->bdp_next = NULL;
ps->bdp_name.bv_len = i;
ps->bdp_name.bv_val = (char *)(ps+1);
strcpy( ps->bdp_name.bv_val, c->argv[1] );
ps->bdp_size = s * 1024;
for ( prev = &bdb->bi_pagesizes; *prev; prev = &(*prev)->bdp_next )
;
*prev = ps;
}
break;
}
return 0;
}
int
bdb_add(Operation *op, SlapReply *rs )
{
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
struct berval pdn;
Entry *p = NULL, *oe = op->ora_e;
EntryInfo *ei;
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof textbuf;
AttributeDescription *children = slap_schema.si_ad_children;
AttributeDescription *entry = slap_schema.si_ad_entry;
DB_TXN *ltid = NULL, *lt2;
ID eid = NOID;
struct bdb_op_info opinfo = {{{ 0 }}};
int subentry;
DB_LOCK lock;
int num_retries = 0;
int success;
LDAPControl **postread_ctrl = NULL;
LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
int num_ctrls = 0;
#ifdef LDAP_X_TXN
int settle = 0;
#endif
Debug(LDAP_DEBUG_ARGS, "==> " LDAP_XSTRING(bdb_add) ": %s\n",
op->ora_e->e_name.bv_val, 0, 0);
#ifdef LDAP_X_TXN
if( op->o_txnSpec ) {
/* acquire connection lock */
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
if( op->o_conn->c_txn == CONN_TXN_INACTIVE ) {
rs->sr_text = "invalid transaction identifier";
rs->sr_err = LDAP_X_TXN_ID_INVALID;
goto txnReturn;
} else if( op->o_conn->c_txn == CONN_TXN_SETTLE ) {
settle=1;
goto txnReturn;
}
if( op->o_conn->c_txn_backend == NULL ) {
op->o_conn->c_txn_backend = op->o_bd;
} else if( op->o_conn->c_txn_backend != op->o_bd ) {
rs->sr_text = "transaction cannot span multiple database contexts";
rs->sr_err = LDAP_AFFECTS_MULTIPLE_DSAS;
goto txnReturn;
}
/* insert operation into transaction */
rs->sr_text = "transaction specified";
rs->sr_err = LDAP_X_TXN_SPECIFY_OKAY;
txnReturn:
/* release connection lock */
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
if( !settle ) {
send_ldap_result( op, rs );
return rs->sr_err;
}
}
#endif
ctrls[num_ctrls] = 0;
/* check entry's schema */
rs->sr_err = entry_schema_check( op, op->ora_e, NULL,
get_relax(op), 1, NULL, &rs->sr_text, textbuf, textlen );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": entry failed schema check: "
"%s (%d)\n", rs->sr_text, rs->sr_err, 0 );
goto return_results;
}
/* add opattrs to shadow as well, only missing attrs will actually
* be added; helps compatibility with older OL versions */
rs->sr_err = slap_add_opattrs( op, &rs->sr_text, textbuf, textlen, 1 );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": entry failed op attrs add: "
"%s (%d)\n", rs->sr_text, rs->sr_err, 0 );
goto return_results;
}
if ( get_assert( op ) &&
( test_filter( op, op->ora_e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
{
rs->sr_err = LDAP_ASSERTION_FAILED;
goto return_results;
}
subentry = is_entry_subentry( op->ora_e );
if( 0 ) {
retry: /* transaction retry */
if( p ) {
/* free parent and reader lock */
if ( p != (Entry *)&slap_entry_root ) {
bdb_unlocked_cache_return_entry_r( bdb, p );
}
p = NULL;
}
rs->sr_err = TXN_ABORT( ltid );
ltid = NULL;
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
opinfo.boi_oe.oe_key = NULL;
op->o_do_not_cache = opinfo.boi_acl_cache;
if( rs->sr_err != 0 ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
if ( op->o_abandon ) {
rs->sr_err = SLAPD_ABANDON;
goto return_results;
}
bdb_trans_backoff( ++num_retries );
}
/* begin transaction */
rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, NULL, <id,
bdb->bi_db_opflags );
rs->sr_text = NULL;
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": txn_begin failed: %s (%d)\n",
db_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_add) ": txn1 id: %x\n",
ltid->id(ltid), 0, 0 );
opinfo.boi_oe.oe_key = bdb;
opinfo.boi_txn = ltid;
opinfo.boi_err = 0;
opinfo.boi_acl_cache = op->o_do_not_cache;
LDAP_SLIST_INSERT_HEAD( &op->o_extra, &opinfo.boi_oe, oe_next );
/*
* Get the parent dn and see if the corresponding entry exists.
*/
if ( be_issuffix( op->o_bd, &op->ora_e->e_nname ) ) {
pdn = slap_empty_bv;
} else {
dnParent( &op->ora_e->e_nname, &pdn );
}
/* get entry or parent */
rs->sr_err = bdb_dn2entry( op, ltid, &op->ora_e->e_nname, &ei,
1, &lock );
switch( rs->sr_err ) {
case 0:
rs->sr_err = LDAP_ALREADY_EXISTS;
goto return_results;
case DB_NOTFOUND:
break;
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
case LDAP_BUSY:
rs->sr_text = "ldap server busy";
goto return_results;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
p = ei->bei_e;
if ( !p )
p = (Entry *)&slap_entry_root;
if ( !bvmatch( &pdn, &p->e_nname ) ) {
rs->sr_matched = ber_strdup_x( p->e_name.bv_val,
op->o_tmpmemctx );
rs->sr_ref = is_entry_referral( p )
? get_entry_referrals( op, p )
: NULL;
if ( p != (Entry *)&slap_entry_root )
bdb_unlocked_cache_return_entry_r( bdb, p );
p = NULL;
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": parent "
"does not exist\n", 0, 0, 0 );
rs->sr_err = LDAP_REFERRAL;
rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
goto return_results;
}
rs->sr_err = access_allowed( op, p,
children, NULL, ACL_WADD, NULL );
if ( ! rs->sr_err ) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
if ( p != (Entry *)&slap_entry_root )
bdb_unlocked_cache_return_entry_r( bdb, p );
p = NULL;
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": no write access to parent\n",
0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to parent";
goto return_results;;
}
if ( p != (Entry *)&slap_entry_root ) {
if ( is_entry_subentry( p ) ) {
bdb_unlocked_cache_return_entry_r( bdb, p );
p = NULL;
/* parent is a subentry, don't allow add */
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": parent is subentry\n",
0, 0, 0 );
rs->sr_err = LDAP_OBJECT_CLASS_VIOLATION;
rs->sr_text = "parent is a subentry";
goto return_results;;
}
if ( is_entry_alias( p ) ) {
bdb_unlocked_cache_return_entry_r( bdb, p );
p = NULL;
/* parent is an alias, don't allow add */
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": parent is alias\n",
0, 0, 0 );
rs->sr_err = LDAP_ALIAS_PROBLEM;
rs->sr_text = "parent is an alias";
goto return_results;;
}
if ( is_entry_referral( p ) ) {
/* parent is a referral, don't allow add */
rs->sr_matched = ber_strdup_x( p->e_name.bv_val,
op->o_tmpmemctx );
rs->sr_ref = get_entry_referrals( op, p );
bdb_unlocked_cache_return_entry_r( bdb, p );
p = NULL;
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": parent is referral\n",
0, 0, 0 );
rs->sr_err = LDAP_REFERRAL;
rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
goto return_results;
}
}
if ( subentry ) {
/* FIXME: */
/* parent must be an administrative point of the required kind */
}
/* free parent and reader lock */
if ( p != (Entry *)&slap_entry_root ) {
if ( p->e_nname.bv_len ) {
struct berval ppdn;
/* ITS#5326: use parent's DN if differs from provided one */
dnParent( &op->ora_e->e_name, &ppdn );
if ( !dn_match( &p->e_name, &ppdn ) ) {
struct berval rdn;
struct berval newdn;
dnRdn( &op->ora_e->e_name, &rdn );
build_new_dn( &newdn, &p->e_name, &rdn, NULL );
if ( op->ora_e->e_name.bv_val != op->o_req_dn.bv_val )
ber_memfree( op->ora_e->e_name.bv_val );
op->ora_e->e_name = newdn;
/* FIXME: should check whether
* dnNormalize(newdn) == e->e_nname ... */
}
}
bdb_unlocked_cache_return_entry_r( bdb, p );
}
p = NULL;
rs->sr_err = access_allowed( op, op->ora_e,
entry, NULL, ACL_WADD, NULL );
if ( ! rs->sr_err ) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": no write access to entry\n",
0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to entry";
goto return_results;;
}
/*
* Check ACL for attribute write access
*/
if (!acl_check_modlist(op, oe, op->ora_modlist)) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": no write access to attribute\n",
0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to attribute";
goto return_results;;
}
if ( eid == NOID ) {
rs->sr_err = bdb_next_id( op->o_bd, &eid );
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": next_id failed (%d)\n",
rs->sr_err, 0, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
op->ora_e->e_id = eid;
}
/* nested transaction */
rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, ltid, <2,
bdb->bi_db_opflags );
rs->sr_text = NULL;
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": txn_begin(2) failed: "
"%s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_add) ": txn2 id: %x\n",
lt2->id(lt2), 0, 0 );
/* dn2id index */
rs->sr_err = bdb_dn2id_add( op, lt2, ei, op->ora_e );
if ( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": dn2id_add failed: %s (%d)\n",
db_strerror(rs->sr_err), rs->sr_err, 0 );
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
case DB_KEYEXIST:
rs->sr_err = LDAP_ALREADY_EXISTS;
break;
default:
rs->sr_err = LDAP_OTHER;
}
goto return_results;
}
/* attribute indexes */
rs->sr_err = bdb_index_entry_add( op, lt2, op->ora_e );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": index_entry_add failed\n",
0, 0, 0 );
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
default:
rs->sr_err = LDAP_OTHER;
}
rs->sr_text = "index generation failed";
goto return_results;
}
/* id2entry index */
rs->sr_err = bdb_id2entry_add( op->o_bd, lt2, op->ora_e );
if ( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": id2entry_add failed\n",
0, 0, 0 );
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
default:
rs->sr_err = LDAP_OTHER;
}
rs->sr_text = "entry store failed";
goto return_results;
}
if ( TXN_COMMIT( lt2, 0 ) != 0 ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "txn_commit(2) failed";
goto return_results;
}
/* post-read */
if( op->o_postread ) {
if( postread_ctrl == NULL ) {
postread_ctrl = &ctrls[num_ctrls++];
ctrls[num_ctrls] = NULL;
}
if ( slap_read_controls( op, rs, op->ora_e,
&slap_post_read_bv, postread_ctrl ) )
{
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_add) ": post-read "
"failed!\n", 0, 0, 0 );
if ( op->o_postread & SLAP_CONTROL_CRITICAL ) {
/* FIXME: is it correct to abort
* operation if control fails? */
goto return_results;
}
}
}
if ( op->o_noop ) {
if (( rs->sr_err=TXN_ABORT( ltid )) != 0 ) {
rs->sr_text = "txn_abort (no-op) failed";
} else {
rs->sr_err = LDAP_X_NO_OPERATION;
ltid = NULL;
goto return_results;
}
} else {
struct berval nrdn;
/* pick the RDN if not suffix; otherwise pick the entire DN */
if (pdn.bv_len) {
nrdn.bv_val = op->ora_e->e_nname.bv_val;
nrdn.bv_len = pdn.bv_val - op->ora_e->e_nname.bv_val - 1;
} else {
nrdn = op->ora_e->e_nname;
}
bdb_cache_add( bdb, ei, op->ora_e, &nrdn, ltid, &lock );
if(( rs->sr_err=TXN_COMMIT( ltid, 0 )) != 0 ) {
rs->sr_text = "txn_commit failed";
} else {
rs->sr_err = LDAP_SUCCESS;
}
}
ltid = NULL;
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
opinfo.boi_oe.oe_key = NULL;
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": %s : %s (%d)\n",
rs->sr_text, db_strerror(rs->sr_err), rs->sr_err );
rs->sr_err = LDAP_OTHER;
goto return_results;
}
Debug(LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": added%s id=%08lx dn=\"%s\"\n",
op->o_noop ? " (no-op)" : "",
op->ora_e->e_id, op->ora_e->e_dn );
rs->sr_text = NULL;
if( num_ctrls ) rs->sr_ctrls = ctrls;
return_results:
success = rs->sr_err;
send_ldap_result( op, rs );
if( ltid != NULL ) {
TXN_ABORT( ltid );
}
if ( opinfo.boi_oe.oe_key ) {
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
}
if( success == LDAP_SUCCESS ) {
/* We own the entry now, and it can be purged at will
* Check to make sure it's the same entry we entered with.
* Possibly a callback may have mucked with it, although
* in general callbacks should treat the entry as read-only.
*/
bdb_cache_deref( oe->e_private );
if ( op->ora_e == oe )
op->ora_e = NULL;
if ( bdb->bi_txn_cp_kbyte ) {
TXN_CHECKPOINT( bdb->bi_dbenv,
bdb->bi_txn_cp_kbyte, bdb->bi_txn_cp_min, 0 );
}
}
slap_graduate_commit_csn( op );
if( postread_ctrl != NULL && (*postread_ctrl) != NULL ) {
slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
slap_sl_free( *postread_ctrl, op->o_tmpmemctx );
}
return rs->sr_err;
}
static int
collect_cf( ConfigArgs *c )
{
slap_overinst *on = (slap_overinst *)c->bi;
int rc = 1, idx;
switch( c->op ) {
case SLAP_CONFIG_EMIT:
{
collect_info *ci;
for ( ci = on->on_bi.bi_private; ci; ci = ci->ci_next ) {
struct berval bv;
char *ptr;
int len;
/* calculate the length & malloc memory */
bv.bv_len = ci->ci_dn.bv_len + STRLENOF("\"\" ");
for (idx=0; idx<ci->ci_ad_num; idx++) {
bv.bv_len += ci->ci_ad[idx]->ad_cname.bv_len;
if (idx<(ci->ci_ad_num-1)) {
bv.bv_len++;
}
}
bv.bv_val = ch_malloc( bv.bv_len + 1 );
/* copy the value and update len */
len = snprintf( bv.bv_val, bv.bv_len + 1, "\"%s\" ",
ci->ci_dn.bv_val);
ptr = bv.bv_val + len;
for (idx=0; idx<ci->ci_ad_num; idx++) {
ptr = lutil_strncopy( ptr,
ci->ci_ad[idx]->ad_cname.bv_val,
ci->ci_ad[idx]->ad_cname.bv_len);
if (idx<(ci->ci_ad_num-1)) {
*ptr++ = ',';
}
}
*ptr = '\0';
bv.bv_len = ptr - bv.bv_val;
ber_bvarray_add( &c->rvalue_vals, &bv );
rc = 0;
}
}
break;
case LDAP_MOD_DELETE:
if ( c->valx == -1 ) {
/* Delete entire attribute */
collect_info *ci;
while (( ci = on->on_bi.bi_private )) {
on->on_bi.bi_private = ci->ci_next;
ch_free( ci->ci_dn.bv_val );
ch_free( ci );
}
} else {
/* Delete just one value */
collect_info **cip, *ci;
int i;
cip = (collect_info **)&on->on_bi.bi_private;
ci = *cip;
for ( i=0; i < c->valx; i++ ) {
cip = &ci->ci_next;
ci = *cip;
}
*cip = ci->ci_next;
ch_free( ci->ci_dn.bv_val );
ch_free( ci );
}
rc = 0;
break;
case SLAP_CONFIG_ADD:
case LDAP_MOD_ADD:
{
collect_info *ci;
struct berval bv, dn;
const char *text;
int idx, count=0;
char *arg;
/* count delimiters in attribute argument */
arg = strtok(c->argv[2], ",");
while (arg!=NULL) {
count++;
arg = strtok(NULL, ",");
}
/* validate and normalize dn */
ber_str2bv( c->argv[1], 0, 0, &bv );
if ( dnNormalize( 0, NULL, NULL, &bv, &dn, NULL ) ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s invalid DN: \"%s\"",
c->argv[0], c->argv[1] );
Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
"%s: %s\n", c->log, c->cr_msg, 0 );
return ARG_BAD_CONF;
}
/* check for duplicate DNs */
for ( ci = (collect_info *)on->on_bi.bi_private; ci;
ci = ci->ci_next ) {
/* If new DN is longest, there are no possible matches */
if ( dn.bv_len > ci->ci_dn.bv_len ) {
ci = NULL;
break;
}
if ( bvmatch( &dn, &ci->ci_dn )) {
break;
}
}
if ( ci ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s DN already configured: \"%s\"",
c->argv[0], c->argv[1] );
Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
"%s: %s\n", c->log, c->cr_msg, 0 );
return ARG_BAD_CONF;
}
/* allocate config info with room for attribute array */
ci = ch_malloc( sizeof( collect_info ) +
sizeof( AttributeDescription * ) * count );
/* load attribute description for attribute list */
arg = c->argv[2];
for( idx=0; idx<count; idx++) {
ci->ci_ad[idx] = NULL;
if ( slap_str2ad( arg, &ci->ci_ad[idx], &text ) ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s attribute description unknown: \"%s\"",
c->argv[0], arg);
Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
"%s: %s\n", c->log, c->cr_msg, 0 );
ch_free( ci );
return ARG_BAD_CONF;
}
while(*arg!='\0') {
arg++; /* skip to end of argument */
}
if (idx<count-1) {
arg++; /* skip inner delimiters */
}
}
/* The on->on_bi.bi_private pointer can be used for
* anything this instance of the overlay needs.
*/
ci->ci_ad[count] = NULL;
ci->ci_ad_num = count;
ci->ci_dn = dn;
/* creates list of ci's ordered by dn length */
insert_ordered ( on, ci );
/* New ci wasn't simply appended to end, adjust its
* position in the config entry's a_vals
*/
if ( c->ca_entry && ci->ci_next ) {
Attribute *a = attr_find( c->ca_entry->e_attrs,
collectcfg[0].ad );
if ( a ) {
struct berval bv, nbv;
collect_info *c2 = (collect_info *)on->on_bi.bi_private;
int i, j;
for ( i=0; c2 != ci; i++, c2 = c2->ci_next );
bv = a->a_vals[a->a_numvals-1];
nbv = a->a_nvals[a->a_numvals-1];
for ( j=a->a_numvals-1; j>i; j-- ) {
a->a_vals[j] = a->a_vals[j-1];
a->a_nvals[j] = a->a_nvals[j-1];
}
a->a_vals[j] = bv;
a->a_nvals[j] = nbv;
}
}
rc = 0;
}
}
return rc;
}
int
do_search(
Operation *op, /* info about the op to which we're responding */
SlapReply *rs /* all the response data we'll send */ )
{
struct berval base = BER_BVNULL;
ber_len_t siz, off, i;
Debug( LDAP_DEBUG_TRACE, "%s do_search\n",
op->o_log_prefix, 0, 0 );
/*
* Parse the search request. It looks like this:
*
* SearchRequest := [APPLICATION 3] SEQUENCE {
* baseObject DistinguishedName,
* scope ENUMERATED {
* baseObject (0),
* singleLevel (1),
* wholeSubtree (2),
* subordinate (3) -- OpenLDAP extension
* },
* derefAliases ENUMERATED {
* neverDerefaliases (0),
* derefInSearching (1),
* derefFindingBaseObj (2),
* alwaysDerefAliases (3)
* },
* sizelimit INTEGER (0 .. 65535),
* timelimit INTEGER (0 .. 65535),
* attrsOnly BOOLEAN,
* filter Filter,
* attributes SEQUENCE OF AttributeType
* }
*/
/* baseObject, scope, derefAliases, sizelimit, timelimit, attrsOnly */
if ( ber_scanf( op->o_ber, "{miiiib" /*}*/,
&base, &op->ors_scope, &op->ors_deref, &op->ors_slimit,
&op->ors_tlimit, &op->ors_attrsonly ) == LBER_ERROR )
{
send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
rs->sr_err = SLAPD_DISCONNECT;
goto return_results;
}
if ( op->ors_tlimit < 0 || op->ors_tlimit > SLAP_MAX_LIMIT ) {
send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR, "invalid time limit" );
goto return_results;
}
if ( op->ors_slimit < 0 || op->ors_slimit > SLAP_MAX_LIMIT ) {
send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR, "invalid size limit" );
goto return_results;
}
switch( op->ors_scope ) {
case LDAP_SCOPE_BASE:
case LDAP_SCOPE_ONELEVEL:
case LDAP_SCOPE_SUBTREE:
case LDAP_SCOPE_SUBORDINATE:
break;
default:
send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR, "invalid scope" );
goto return_results;
}
switch( op->ors_deref ) {
case LDAP_DEREF_NEVER:
case LDAP_DEREF_FINDING:
case LDAP_DEREF_SEARCHING:
case LDAP_DEREF_ALWAYS:
break;
default:
send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR, "invalid deref" );
goto return_results;
}
rs->sr_err = dnPrettyNormal( NULL, &base, &op->o_req_dn, &op->o_req_ndn, op->o_tmpmemctx );
if( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "%s do_search: invalid dn: \"%s\"\n",
op->o_log_prefix, base.bv_val, 0 );
send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid DN" );
goto return_results;
}
Debug( LDAP_DEBUG_ARGS, "SRCH \"%s\" %d %d",
base.bv_val, op->ors_scope, op->ors_deref );
Debug( LDAP_DEBUG_ARGS, " %d %d %d\n",
op->ors_slimit, op->ors_tlimit, op->ors_attrsonly);
/* filter - returns a "normalized" version */
rs->sr_err = get_filter( op, op->o_ber, &op->ors_filter, &rs->sr_text );
if( rs->sr_err != LDAP_SUCCESS ) {
if( rs->sr_err == SLAPD_DISCONNECT ) {
rs->sr_err = LDAP_PROTOCOL_ERROR;
send_ldap_disconnect( op, rs );
rs->sr_err = SLAPD_DISCONNECT;
} else {
send_ldap_result( op, rs );
}
goto return_results;
}
filter2bv_x( op, op->ors_filter, &op->ors_filterstr );
Debug( LDAP_DEBUG_ARGS, " filter: %s\n",
!BER_BVISEMPTY( &op->ors_filterstr ) ? op->ors_filterstr.bv_val : "empty", 0, 0 );
/* attributes */
siz = sizeof(AttributeName);
off = offsetof(AttributeName,an_name);
if ( ber_scanf( op->o_ber, "{M}}", &op->ors_attrs, &siz, off ) == LBER_ERROR ) {
send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding attrs error" );
rs->sr_err = SLAPD_DISCONNECT;
goto return_results;
}
for ( i=0; i<siz; i++ ) {
const char *dummy; /* ignore msgs from bv2ad */
op->ors_attrs[i].an_desc = NULL;
op->ors_attrs[i].an_oc = NULL;
op->ors_attrs[i].an_flags = 0;
if ( slap_bv2ad( &op->ors_attrs[i].an_name,
&op->ors_attrs[i].an_desc, &dummy ) != LDAP_SUCCESS )
{
if ( slap_bv2undef_ad( &op->ors_attrs[i].an_name,
&op->ors_attrs[i].an_desc, &dummy,
SLAP_AD_PROXIED|SLAP_AD_NOINSERT ) )
{
struct berval *bv = &op->ors_attrs[i].an_name;
/* RFC 4511 LDAPv3: All User Attributes */
if ( bvmatch( bv, slap_bv_all_user_attrs ) ) {
continue;
}
/* RFC 3673 LDAPv3: All Operational Attributes */
if ( bvmatch( bv, slap_bv_all_operational_attrs ) ) {
continue;
}
/* RFC 4529 LDAP: Requesting Attributes by Object Class */
if ( bv->bv_len > 1 && bv->bv_val[0] == '@' ) {
/* FIXME: check if remaining is valid oc name? */
continue;
}
/* add more "exceptions" to RFC 4511 4.5.1.8. */
/* invalid attribute description? remove */
if ( ad_keystring( bv ) ) {
/* NOTE: parsed in-place, don't modify;
* rather add "1.1", which must be ignored */
BER_BVSTR( &op->ors_attrs[i].an_name, LDAP_NO_ATTRS );
}
/* otherwise leave in place... */
}
}
}
if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "%s do_search: get_ctrls failed\n",
op->o_log_prefix, 0, 0 );
goto return_results;
}
Debug( LDAP_DEBUG_ARGS, " attrs:", 0, 0, 0 );
if ( siz != 0 ) {
for ( i = 0; i<siz; i++ ) {
Debug( LDAP_DEBUG_ARGS, " %s", op->ors_attrs[i].an_name.bv_val, 0, 0 );
}
}
Debug( LDAP_DEBUG_ARGS, "\n", 0, 0, 0 );
if ( StatslogTest( LDAP_DEBUG_STATS ) ) {
char abuf[BUFSIZ/2], *ptr = abuf;
unsigned len = 0, alen;
sprintf(abuf, "scope=%d deref=%d", op->ors_scope, op->ors_deref);
Statslog( LDAP_DEBUG_STATS,
"%s SRCH base=\"%s\" %s filter=\"%s\"\n",
op->o_log_prefix, op->o_req_dn.bv_val, abuf,
op->ors_filterstr.bv_val, 0 );
for ( i = 0; i<siz; i++ ) {
alen = op->ors_attrs[i].an_name.bv_len;
if (alen >= sizeof(abuf)) {
alen = sizeof(abuf)-1;
}
if (len && (len + 1 + alen >= sizeof(abuf))) {
Statslog( LDAP_DEBUG_STATS, "%s SRCH attr=%s\n",
op->o_log_prefix, abuf, 0, 0, 0 );
len = 0;
ptr = abuf;
}
if (len) {
*ptr++ = ' ';
len++;
}
ptr = lutil_strncopy(ptr, op->ors_attrs[i].an_name.bv_val, alen);
len += alen;
*ptr = '\0';
}
if (len) {
Statslog( LDAP_DEBUG_STATS, "%s SRCH attr=%s\n",
op->o_log_prefix, abuf, 0, 0, 0 );
}
}
op->o_bd = frontendDB;
rs->sr_err = frontendDB->be_search( op, rs );
return_results:;
if ( !BER_BVISNULL( &op->o_req_dn ) ) {
slap_sl_free( op->o_req_dn.bv_val, op->o_tmpmemctx );
}
if ( !BER_BVISNULL( &op->o_req_ndn ) ) {
slap_sl_free( op->o_req_ndn.bv_val, op->o_tmpmemctx );
}
if ( !BER_BVISNULL( &op->ors_filterstr ) ) {
op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
}
if ( op->ors_filter != NULL) {
filter_free_x( op, op->ors_filter, 1 );
}
if ( op->ors_attrs != NULL ) {
op->o_tmpfree( op->ors_attrs, op->o_tmpmemctx );
}
return rs->sr_err;
}
int
fe_op_compare( Operation *op, SlapReply *rs )
{
Entry *entry = NULL;
AttributeAssertion *ava = op->orc_ava;
BackendDB *bd = op->o_bd;
if( strcasecmp( op->o_req_ndn.bv_val, LDAP_ROOT_DSE ) == 0 ) {
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
rs->sr_err = root_dse_info( op->o_conn, &entry, &rs->sr_text );
if( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
} else if ( bvmatch( &op->o_req_ndn, &frontendDB->be_schemandn ) ) {
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
rs->sr_err = 0;
goto cleanup;
}
rs->sr_err = schema_info( &entry, &rs->sr_text );
if( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
rs->sr_err = 0;
goto cleanup;
}
}
if( entry ) {
rs->sr_err = slap_compare_entry( op, entry, ava );
entry_free( entry );
send_ldap_result( op, rs );
if( rs->sr_err == LDAP_COMPARE_TRUE ||
rs->sr_err == LDAP_COMPARE_FALSE )
{
rs->sr_err = LDAP_SUCCESS;
}
goto cleanup;
}
/*
* We could be serving multiple database backends. Select the
* appropriate one, or send a referral to our "referral server"
* if we don't hold it.
*/
op->o_bd = select_backend( &op->o_req_ndn, 0 );
if ( op->o_bd == NULL ) {
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
rs->sr_err = LDAP_REFERRAL;
if (!rs->sr_ref) rs->sr_ref = default_referral;
op->o_bd = bd;
send_ldap_result( op, rs );
if (rs->sr_ref != default_referral) ber_bvarray_free( rs->sr_ref );
rs->sr_err = 0;
goto cleanup;
}
/* check restrictions */
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
/* check for referrals */
if( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) {
goto cleanup;
}
if ( SLAP_SHADOW(op->o_bd) && get_dontUseCopy(op) ) {
/* don't use shadow copy */
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"copy not used" );
} else if ( ava->aa_desc == slap_schema.si_ad_entryDN ) {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"entryDN compare not supported" );
} else if ( ava->aa_desc == slap_schema.si_ad_subschemaSubentry ) {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"subschemaSubentry compare not supported" );
#ifndef SLAP_COMPARE_IN_FRONTEND
} else if ( ava->aa_desc == slap_schema.si_ad_hasSubordinates
&& op->o_bd->be_has_subordinates )
{
int rc, hasSubordinates = LDAP_SUCCESS;
rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &entry );
if ( rc == 0 && entry ) {
if ( ! access_allowed( op, entry,
ava->aa_desc, &ava->aa_value, ACL_COMPARE, NULL ) )
{
rc = rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
} else {
rc = rs->sr_err = op->o_bd->be_has_subordinates( op,
entry, &hasSubordinates );
be_entry_release_r( op, entry );
}
}
if ( rc == 0 ) {
int asserted;
asserted = bvmatch( &ava->aa_value, &slap_true_bv )
? LDAP_COMPARE_TRUE : LDAP_COMPARE_FALSE;
if ( hasSubordinates == asserted ) {
rs->sr_err = LDAP_COMPARE_TRUE;
} else {
rs->sr_err = LDAP_COMPARE_FALSE;
}
} else {
/* return error only if "disclose"
* is granted on the object */
if ( backend_access( op, NULL, &op->o_req_ndn,
slap_schema.si_ad_entry,
NULL, ACL_DISCLOSE, NULL ) == LDAP_INSUFFICIENT_ACCESS )
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
}
}
send_ldap_result( op, rs );
if ( rc == 0 ) {
rs->sr_err = LDAP_SUCCESS;
}
} else if ( op->o_bd->be_compare ) {
rs->sr_err = op->o_bd->be_compare( op, rs );
#endif /* ! SLAP_COMPARE_IN_FRONTEND */
} else {
rs->sr_err = SLAP_CB_CONTINUE;
}
if ( rs->sr_err == SLAP_CB_CONTINUE ) {
/* do our best to compare that AVA
*
* NOTE: this code is used only
* if SLAP_COMPARE_IN_FRONTEND
* is #define'd (it's not by default)
* or if op->o_bd->be_compare is NULL.
*
* FIXME: one potential issue is that
* if SLAP_COMPARE_IN_FRONTEND overlays
* are not executed for compare. */
BerVarray vals = NULL;
int rc = LDAP_OTHER;
rs->sr_err = backend_attribute( op, NULL, &op->o_req_ndn,
ava->aa_desc, &vals, ACL_COMPARE );
switch ( rs->sr_err ) {
default:
/* return error only if "disclose"
* is granted on the object */
if ( backend_access( op, NULL, &op->o_req_ndn,
slap_schema.si_ad_entry,
NULL, ACL_DISCLOSE, NULL )
== LDAP_INSUFFICIENT_ACCESS )
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
}
break;
case LDAP_SUCCESS:
if ( value_find_ex( op->oq_compare.rs_ava->aa_desc,
SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
vals, &ava->aa_value, op->o_tmpmemctx ) == 0 )
{
rs->sr_err = LDAP_COMPARE_TRUE;
break;
} else {
rs->sr_err = LDAP_COMPARE_FALSE;
}
rc = LDAP_SUCCESS;
break;
}
send_ldap_result( op, rs );
if ( rc == 0 ) {
rs->sr_err = LDAP_SUCCESS;
}
if ( vals ) {
ber_bvarray_free_x( vals, op->o_tmpmemctx );
}
}
cleanup:;
op->o_bd = bd;
return rs->sr_err;
}
