static metasubtree_t *
meta_subtree_match( metatarget_t *mt, struct berval *ndn, int scope )
{
metasubtree_t *ms = mt->mt_subtree;
for ( ms = mt->mt_subtree; ms; ms = ms->ms_next ) {
switch ( ms->ms_type ) {
case META_ST_SUBTREE:
if ( dnIsSuffix( ndn, &ms->ms_dn ) ) {
return ms;
}
break;
case META_ST_SUBORDINATE:
if ( dnIsSuffix( ndn, &ms->ms_dn ) &&
( ndn->bv_len > ms->ms_dn.bv_len || scope != LDAP_SCOPE_BASE ) )
{
return ms;
}
break;
case META_ST_REGEX:
/* NOTE: cannot handle scope */
if ( regexec( &ms->ms_regex, ndn->bv_val, 0, NULL, 0 ) == 0 ) {
return ms;
}
break;
}
}
return NULL;
}
int slapi_sdn_issuffix( const Slapi_DN *sdn, const Slapi_DN *suffix_sdn )
{
slapi_sdn_get_ndn( sdn );
slapi_sdn_get_ndn( suffix_sdn );
return dnIsSuffix( &sdn->ndn, &suffix_sdn->ndn );
}
/*
* If the entry exists in cache, it is returned in locked status;
* otherwise, if the parent exists, if it may generate volatile
* descendants an attempt to generate the required entry is
* performed and, if successful, the entry is returned
*/
int
monitor_cache_dn2entry(
Operation *op,
SlapReply *rs,
struct berval *ndn,
Entry **ep,
Entry **matched )
{
monitor_info_t *mi = (monitor_info_t *)op->o_bd->be_private;
int rc;
struct berval p_ndn = BER_BVNULL;
Entry *e_parent;
monitor_entry_t *mp;
assert( mi != NULL );
assert( ndn != NULL );
assert( ep != NULL );
assert( matched != NULL );
*matched = NULL;
if ( !dnIsSuffix( ndn, &op->o_bd->be_nsuffix[ 0 ] ) ) {
return( -1 );
}
rc = monitor_cache_get( mi, ndn, ep );
if ( !rc && *ep != NULL ) {
return( 0 );
}
/* try with parent/ancestors */
if ( BER_BVISNULL( ndn ) ) {
BER_BVSTR( &p_ndn, "" );
} else {
dnParent( ndn, &p_ndn );
}
rc = monitor_cache_dn2entry( op, rs, &p_ndn, &e_parent, matched );
if ( rc || e_parent == NULL ) {
return( -1 );
}
mp = ( monitor_entry_t * )e_parent->e_private;
rc = -1;
if ( mp->mp_flags & MONITOR_F_VOLATILE_CH ) {
/* parent entry generates volatile children */
rc = monitor_entry_create( op, rs, ndn, e_parent, ep );
}
if ( !rc ) {
monitor_cache_lock( *ep );
monitor_cache_release( mi, e_parent );
} else {
*matched = e_parent;
}
return( rc );
}
/*
** When adding a group, we first strip any existing members,
** and add all which match the filters ourselfs.
*/
static int
autogroup_add_entry( Operation *op, SlapReply *rs)
{
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
autogroup_info_t *agi = (autogroup_info_t *)on->on_bi.bi_private;
autogroup_def_t *agd = agi->agi_def;
autogroup_entry_t *age = agi->agi_entry;
autogroup_filter_t *agf;
int rc = 0;
Debug( LDAP_DEBUG_TRACE, "==> autogroup_add_entry <%s>\n",
op->ora_e->e_name.bv_val, 0, 0);
ldap_pvt_thread_mutex_lock( &agi->agi_mutex );
/* Check if it's a group. */
for ( ; agd ; agd = agd->agd_next ) {
if ( is_entry_objectclass_or_sub( op->ora_e, agd->agd_oc ) ) {
Modification mod;
const char *text = NULL;
char textbuf[1024];
mod.sm_op = LDAP_MOD_DELETE;
mod.sm_desc = agd->agd_member_ad;
mod.sm_type = agd->agd_member_ad->ad_cname;
mod.sm_values = NULL;
mod.sm_nvalues = NULL;
/* We don't want any member attributes added by the user. */
modify_delete_values( op->ora_e, &mod, /* permissive */ 1, &text, textbuf, sizeof( textbuf ) );
autogroup_add_group( op, agi, agd, op->ora_e, NULL, 1 , 0);
ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );
return SLAP_CB_CONTINUE;
}
}
for ( ; age ; age = age->age_next ) {
ldap_pvt_thread_mutex_lock( &age->age_mutex );
/* Check if any of the filters are the suffix to the entry DN.
If yes, we can test that filter against the entry. */
for ( agf = age->age_filter; agf ; agf = agf->agf_next ) {
if ( dnIsSuffix( &op->o_req_ndn, &agf->agf_ndn ) ) {
rc = test_filter( op, op->ora_e, agf->agf_filter );
if ( rc == LDAP_COMPARE_TRUE ) {
autogroup_add_member_to_group( op, &op->ora_e->e_name, &op->ora_e->e_nname, age );
break;
}
}
}
ldap_pvt_thread_mutex_unlock( &age->age_mutex );
}
ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );
return SLAP_CB_CONTINUE;
}
static int
collect_response( Operation *op, SlapReply *rs )
{
slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
collect_info *ci = on->on_bi.bi_private;
/* If we've been configured and the current response is
* a search entry
*/
if ( ci && rs->sr_type == REP_SEARCH ) {
int rc;
op->o_bd->bd_info = (BackendInfo *)on->on_info;
for (; ci; ci=ci->ci_next ) {
int idx=0;
/* Is this entry an ancestor of this collectinfo ? */
if (!dnIsSuffix(&rs->sr_entry->e_nname, &ci->ci_dn)) {
/* collectinfo does not match */
continue;
}
/* Is this entry the same as the template DN ? */
if ( dn_match(&rs->sr_entry->e_nname, &ci->ci_dn)) {
/* dont apply change to parent */
continue;
}
/* The current entry may live in a cache, so
* don't modify it directly. Make a copy and
* work with that instead.
*/
rs_entry2modifiable( op, rs, on );
/* Loop for each attribute in this collectinfo */
for(idx=0; idx<ci->ci_ad_num; idx++) {
BerVarray vals = NULL;
/* Extract the values of the desired attribute from
* the ancestor entry */
rc = backend_attribute( op, NULL, &ci->ci_dn,
ci->ci_ad[idx], &vals, ACL_READ );
/* If there are any values, merge them into the
* current search result
*/
if ( vals ) {
attr_merge( rs->sr_entry, ci->ci_ad[idx],
vals, NULL );
ber_bvarray_free_x( vals, op->o_tmpmemctx );
}
}
}
}
/* Default is to just fall through to the normal processing */
return SLAP_CB_CONTINUE;
}
/*
* In place; assumes:
* - ndn is normalized
* - nbase is normalized
* - LDAP_SCOPE_DEFAULT == LDAP_SCOPE_SUBTREE
*/
int
dnIsSuffixScope( struct berval *ndn, struct berval *nbase, int scope )
{
if ( !dnIsSuffix( ndn, nbase ) ) {
return 0;
}
return dnIsWithinScope( ndn, nbase, scope );
}
static int
constraint_check_restrict( Operation *op, constraint *c, Entry *e )
{
assert( c->restrict_lud != NULL );
if ( c->restrict_lud->lud_dn != NULL ) {
int diff = e->e_nname.bv_len - c->restrict_ndn.bv_len;
if ( diff < 0 ) {
return 0;
}
if ( c->restrict_lud->lud_scope == LDAP_SCOPE_BASE ) {
return bvmatch( &e->e_nname, &c->restrict_ndn );
}
if ( !dnIsSuffix( &e->e_nname, &c->restrict_ndn ) ) {
return 0;
}
if ( c->restrict_lud->lud_scope != LDAP_SCOPE_SUBTREE ) {
struct berval pdn;
if ( diff == 0 ) {
return 0;
}
dnParent( &e->e_nname, &pdn );
if ( c->restrict_lud->lud_scope == LDAP_SCOPE_ONELEVEL
&& pdn.bv_len != c->restrict_ndn.bv_len )
{
return 0;
}
}
}
if ( c->restrict_filter != NULL ) {
int rc;
struct berval save_dn = op->o_dn, save_ndn = op->o_ndn;
op->o_dn = op->o_bd->be_rootdn;
op->o_ndn = op->o_bd->be_rootndn;
rc = test_filter( op, e, c->restrict_filter );
op->o_dn = save_dn;
op->o_ndn = save_ndn;
if ( rc != LDAP_COMPARE_TRUE ) {
return 0;
}
}
return 1;
}
static int
valsort_modify( Operation *op, SlapReply *rs )
{
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
valsort_info *vi = on->on_bi.bi_private;
Modifications *ml;
int i;
char *ptr, *end;
/* See if any weighted sorting applies to this entry */
for ( ;vi;vi=vi->vi_next ) {
if ( !dnIsSuffix( &op->o_req_ndn, &vi->vi_dn ))
continue;
if ( !(vi->vi_sort & VALSORT_WEIGHTED ))
continue;
for (ml = op->orm_modlist; ml; ml=ml->sml_next ) {
/* Must be a Delete Attr op, so no values to consider */
if ( !ml->sml_values )
continue;
if ( ml->sml_desc == vi->vi_ad )
break;
}
if ( !ml )
continue;
for (i=0; !BER_BVISNULL( &ml->sml_values[i] ); i++) {
ptr = ber_bvchr(&ml->sml_values[i], '{' );
if ( !ptr ) {
Debug(LDAP_DEBUG_TRACE, "weight missing from attribute %s\n",
vi->vi_ad->ad_cname.bv_val, 0, 0);
send_ldap_error( op, rs, LDAP_CONSTRAINT_VIOLATION,
"weight missing from attribute" );
return rs->sr_err;
}
strtol( ptr+1, &end, 0 );
if ( *end != '}' ) {
Debug(LDAP_DEBUG_TRACE, "weight is misformatted in %s\n",
vi->vi_ad->ad_cname.bv_val, 0, 0);
send_ldap_error( op, rs, LDAP_CONSTRAINT_VIOLATION,
"weight is misformatted" );
return rs->sr_err;
}
}
}
return SLAP_CB_CONTINUE;
}
/* Just like select_backend, but only for our backends */
static BackendDB *
glue_back_select (
BackendDB *be,
const char *dn
)
{
glueinfo *gi = (glueinfo *) be->bd_info;
struct berval bv;
int i;
bv.bv_len = strlen(dn);
bv.bv_val = (char *) dn;
for (i = 0; i<gi->nodes; i++) {
if (dnIsSuffix(&bv, &gi->n[i].be->be_nsuffix[0])) {
return gi->n[i].be;
}
}
return NULL;
}
static int
collect_modify( Operation *op, SlapReply *rs)
{
slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
collect_info *ci = on->on_bi.bi_private;
Modifications *ml;
char errMsg[100];
int idx;
for ( ml = op->orm_modlist; ml != NULL; ml = ml->sml_next) {
for (; ci; ci=ci->ci_next ) {
/* Is this entry an ancestor of this collectinfo ? */
if (!dnIsSuffix(&op->o_req_ndn, &ci->ci_dn)) {
/* this collectinfo does not match */
continue;
}
/* Is this entry the same as the template DN ? */
if ( dn_match(&op->o_req_ndn, &ci->ci_dn)) {
/* all changes in this ci are allowed */
continue;
}
/* check for collect attributes - disallow modify if present */
for(idx=0; idx<ci->ci_ad_num; idx++) {
if (ml->sml_desc == ci->ci_ad[idx]) {
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
snprintf( errMsg, sizeof( errMsg ),
"cannot change virtual attribute '%s'",
ci->ci_ad[idx]->ad_cname.bv_val);
rs->sr_text = errMsg;
send_ldap_result( op, rs );
return rs->sr_err;
}
}
}
}
return SLAP_CB_CONTINUE;
}
static int
valsort_add( Operation *op, SlapReply *rs )
{
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
valsort_info *vi = on->on_bi.bi_private;
Attribute *a;
int i;
char *ptr, *end;
/* See if any weighted sorting applies to this entry */
for ( ;vi;vi=vi->vi_next ) {
if ( !dnIsSuffix( &op->o_req_ndn, &vi->vi_dn ))
continue;
if ( !(vi->vi_sort & VALSORT_WEIGHTED ))
continue;
a = attr_find( op->ora_e->e_attrs, vi->vi_ad );
if ( !a )
continue;
for (i=0; !BER_BVISNULL( &a->a_vals[i] ); i++) {
ptr = ber_bvchr(&a->a_vals[i], '{' );
if ( !ptr ) {
Debug(LDAP_DEBUG_TRACE, "weight missing from attribute %s\n",
vi->vi_ad->ad_cname.bv_val, 0, 0);
send_ldap_error( op, rs, LDAP_CONSTRAINT_VIOLATION,
"weight missing from attribute" );
return rs->sr_err;
}
strtol( ptr+1, &end, 0 );
if ( *end != '}' ) {
Debug(LDAP_DEBUG_TRACE, "weight is misformatted in %s\n",
vi->vi_ad->ad_cname.bv_val, 0, 0);
send_ldap_error( op, rs, LDAP_CONSTRAINT_VIOLATION,
"weight is misformatted" );
return rs->sr_err;
}
}
}
return SLAP_CB_CONTINUE;
}
int
fe_op_modrdn( Operation *op, SlapReply *rs )
{
struct berval dest_ndn = BER_BVNULL, dest_pndn, pdn = BER_BVNULL;
BackendDB *op_be, *bd = op->o_bd;
ber_slen_t diff;
if( op->o_req_ndn.bv_len == 0 ) {
Debug( LDAP_DEBUG_ANY, "%s do_modrdn: root dse!\n",
op->o_log_prefix, 0, 0 );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"cannot rename the root DSE" );
goto cleanup;
} else if ( bvmatch( &op->o_req_ndn, &frontendDB->be_schemandn ) ) {
Debug( LDAP_DEBUG_ANY, "%s do_modrdn: subschema subentry: %s (%ld)\n",
op->o_log_prefix, frontendDB->be_schemandn.bv_val, (long)frontendDB->be_schemandn.bv_len );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"cannot rename subschema subentry" );
goto cleanup;
}
if( op->orr_nnewSup ) {
dest_pndn = *op->orr_nnewSup;
} else {
dnParent( &op->o_req_ndn, &dest_pndn );
}
build_new_dn( &dest_ndn, &dest_pndn, &op->orr_nnewrdn, op->o_tmpmemctx );
diff = (ber_slen_t) dest_ndn.bv_len - (ber_slen_t) op->o_req_ndn.bv_len;
if ( diff > 0 ? dnIsSuffix( &dest_ndn, &op->o_req_ndn )
: diff < 0 && dnIsSuffix( &op->o_req_ndn, &dest_ndn ) )
{
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
diff > 0 ? "cannot place an entry below itself"
: "cannot place an entry above itself" );
goto cleanup;
}
/*
* We could be serving multiple database backends. Select the
* appropriate one, or send a referral to our "referral server"
* if we don't hold it.
*/
op->o_bd = select_backend( &op->o_req_ndn, 1 );
if ( op->o_bd == NULL ) {
op->o_bd = bd;
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
if (!rs->sr_ref) rs->sr_ref = default_referral;
if ( rs->sr_ref != NULL ) {
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
if (rs->sr_ref != default_referral) ber_bvarray_free( rs->sr_ref );
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"no global superior knowledge" );
}
goto cleanup;
}
/* If we've got a glued backend, check the real backend */
op_be = op->o_bd;
if ( SLAP_GLUE_INSTANCE( op->o_bd )) {
op->o_bd = select_backend( &op->o_req_ndn, 0 );
}
/* check restrictions */
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
/* check for referrals */
if ( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) {
goto cleanup;
}
/* check that destination DN is in the same backend as source DN */
if ( select_backend( &dest_ndn, 0 ) != op->o_bd ) {
send_ldap_error( op, rs, LDAP_AFFECTS_MULTIPLE_DSAS,
"cannot rename between DSAs" );
goto cleanup;
}
/*
* do the modrdn if 1 && (2 || 3)
* 1) there is a modrdn function implemented in this backend;
* 2) this backend is master for what it holds;
* 3) it's a replica and the dn supplied is the update_ndn.
*/
if ( op->o_bd->be_modrdn ) {
/* do the update here */
int repl_user = be_isupdate( op );
if ( !SLAP_SINGLE_SHADOW(op->o_bd) || repl_user )
{
op->o_bd = op_be;
op->o_bd->be_modrdn( op, rs );
if ( op->o_bd->be_delete ) {
struct berval org_req_dn = BER_BVNULL;
struct berval org_req_ndn = BER_BVNULL;
struct berval org_dn = BER_BVNULL;
struct berval org_ndn = BER_BVNULL;
int org_managedsait;
org_req_dn = op->o_req_dn;
org_req_ndn = op->o_req_ndn;
org_dn = op->o_dn;
org_ndn = op->o_ndn;
org_managedsait = get_manageDSAit( op );
op->o_dn = op->o_bd->be_rootdn;
op->o_ndn = op->o_bd->be_rootndn;
op->o_managedsait = SLAP_CONTROL_NONCRITICAL;
while ( rs->sr_err == LDAP_SUCCESS &&
op->o_delete_glue_parent ) {
op->o_delete_glue_parent = 0;
if ( !be_issuffix( op->o_bd, &op->o_req_ndn )) {
slap_callback cb = { NULL };
cb.sc_response = slap_null_cb;
dnParent( &op->o_req_ndn, &pdn );
op->o_req_dn = pdn;
op->o_req_ndn = pdn;
op->o_callback = &cb;
op->o_bd->be_delete( op, rs );
} else {
break;
}
}
op->o_managedsait = org_managedsait;
op->o_dn = org_dn;
op->o_ndn = org_ndn;
op->o_req_dn = org_req_dn;
op->o_req_ndn = org_req_ndn;
op->o_delete_glue_parent = 0;
}
} else {
BerVarray defref = op->o_bd->be_update_refs
? op->o_bd->be_update_refs : default_referral;
if ( defref != NULL ) {
rs->sr_ref = referral_rewrite( defref,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
if (!rs->sr_ref) rs->sr_ref = defref;
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
if (rs->sr_ref != defref) ber_bvarray_free( rs->sr_ref );
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"shadow context; no update referral" );
}
}
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported within namingContext" );
}
cleanup:;
if ( dest_ndn.bv_val != NULL )
ber_memfree_x( dest_ndn.bv_val, op->o_tmpmemctx );
op->o_bd = bd;
return rs->sr_err;
}
static dynlist_info_t *
dynlist_is_dynlist_next( Operation *op, SlapReply *rs, dynlist_info_t *old_dli )
{
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
dynlist_info_t *dli;
Attribute *a;
if ( old_dli == NULL ) {
dli = (dynlist_info_t *)on->on_bi.bi_private;
} else {
dli = old_dli->dli_next;
}
a = attrs_find( rs->sr_entry->e_attrs, slap_schema.si_ad_objectClass );
if ( a == NULL ) {
/* FIXME: objectClass must be present; for non-storage
* backends, like back-ldap, it needs to be added
* to the requested attributes */
return NULL;
}
for ( ; dli; dli = dli->dli_next ) {
if ( dli->dli_lud != NULL ) {
/* check base and scope */
if ( !BER_BVISNULL( &dli->dli_uri_nbase ) ) {
int d = rs->sr_entry->e_nname.bv_len - dli->dli_uri_nbase.bv_len;
if ( d < 0 ) {
continue;
}
if ( !dnIsSuffix( &rs->sr_entry->e_nname, &dli->dli_uri_nbase ) ) {
continue;
}
switch ( dli->dli_lud->lud_scope ) {
case LDAP_SCOPE_BASE:
if ( d != 0 ) {
continue;
}
break;
case LDAP_SCOPE_ONELEVEL: {
struct berval pdn;
dnParent( &rs->sr_entry->e_nname, &pdn );
if ( pdn.bv_len != dli->dli_uri_nbase.bv_len ) {
continue;
}
} break;
case LDAP_SCOPE_SUBORDINATE:
if ( d == 0 ) {
continue;
}
break;
case LDAP_SCOPE_SUBTREE:
case LDAP_SCOPE_DEFAULT:
break;
default:
continue;
}
}
/* check filter */
if ( dli->dli_uri_filter && test_filter( op, rs->sr_entry, dli->dli_uri_filter ) != LDAP_COMPARE_TRUE ) {
continue;
}
}
if ( attr_valfind( a,
SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
&dli->dli_oc->soc_cname, NULL,
op->o_tmpmemctx ) == 0 )
{
return dli;
}
}
return NULL;
}
static int
valsort_response( Operation *op, SlapReply *rs )
{
slap_overinst *on;
valsort_info *vi;
Attribute *a;
/* If this is not a search response, or it is a syncrepl response,
* or the valsort control wants raw results, pass thru unmodified.
*/
if ( rs->sr_type != REP_SEARCH ||
( _SCM(op->o_sync) > SLAP_CONTROL_IGNORED ) ||
( op->o_ctrlflag[valsort_cid] & SLAP_CONTROL_DATA0))
return SLAP_CB_CONTINUE;
on = (slap_overinst *) op->o_bd->bd_info;
vi = on->on_bi.bi_private;
/* And we must have something configured */
if ( !vi ) return SLAP_CB_CONTINUE;
/* Find a rule whose baseDN matches this entry */
for (; vi; vi = vi->vi_next ) {
int i, n;
if ( !dnIsSuffix( &rs->sr_entry->e_nname, &vi->vi_dn ))
continue;
/* Find attr that this rule affects */
a = attr_find( rs->sr_entry->e_attrs, vi->vi_ad );
if ( !a ) continue;
if (( rs->sr_flags & ( REP_ENTRY_MODIFIABLE|REP_ENTRY_MUSTBEFREED ) ) !=
( REP_ENTRY_MODIFIABLE|REP_ENTRY_MUSTBEFREED ) )
{
Entry *e;
e = entry_dup( rs->sr_entry );
if ( rs->sr_flags & REP_ENTRY_MUSTRELEASE ) {
overlay_entry_release_ov( op, rs->sr_entry, 0, on );
rs->sr_flags &= ~REP_ENTRY_MUSTRELEASE;
} else if ( rs->sr_flags & REP_ENTRY_MUSTBEFREED ) {
entry_free( rs->sr_entry );
}
rs->sr_entry = e;
rs->sr_flags |= REP_ENTRY_MODIFIABLE|REP_ENTRY_MUSTBEFREED;
a = attr_find( rs->sr_entry->e_attrs, vi->vi_ad );
}
n = a->a_numvals;
if ( vi->vi_sort & VALSORT_WEIGHTED ) {
int j, gotnvals;
long *index = op->o_tmpalloc( n * sizeof(long), op->o_tmpmemctx );
gotnvals = (a->a_vals != a->a_nvals );
for (i=0; i<n; i++) {
char *ptr = ber_bvchr( &a->a_nvals[i], '{' );
char *end = NULL;
if ( !ptr ) {
Debug(LDAP_DEBUG_TRACE, "weights missing from attr %s "
"in entry %s\n", vi->vi_ad->ad_cname.bv_val,
rs->sr_entry->e_name.bv_val, 0 );
break;
}
index[i] = strtol( ptr+1, &end, 0 );
if ( *end != '}' ) {
Debug(LDAP_DEBUG_TRACE, "weights misformatted "
"in entry %s\n",
rs->sr_entry->e_name.bv_val, 0, 0 );
break;
}
/* Strip out weights */
ptr = a->a_nvals[i].bv_val;
end++;
for (;*end;)
*ptr++ = *end++;
*ptr = '\0';
a->a_nvals[i].bv_len = ptr - a->a_nvals[i].bv_val;
if ( a->a_vals != a->a_nvals ) {
ptr = a->a_vals[i].bv_val;
end = ber_bvchr( &a->a_vals[i], '}' );
assert( end != NULL );
end++;
for (;*end;)
*ptr++ = *end++;
*ptr = '\0';
a->a_vals[i].bv_len = ptr - a->a_vals[i].bv_val;
}
}
/* An attr was missing weights here, ignore it */
if ( i<n ) {
op->o_tmpfree( index, op->o_tmpmemctx );
continue;
}
/* Insertion sort */
for ( i=1; i<n; i++) {
long idx = index[i];
struct berval tmp = a->a_vals[i], ntmp;
if ( gotnvals ) ntmp = a->a_nvals[i];
j = i;
while (( j>0 ) && (index[j-1] > idx )) {
index[j] = index[j-1];
a->a_vals[j] = a->a_vals[j-1];
if ( gotnvals ) a->a_nvals[j] = a->a_nvals[j-1];
j--;
}
index[j] = idx;
a->a_vals[j] = tmp;
if ( gotnvals ) a->a_nvals[j] = ntmp;
}
/* Check for secondary sort */
if ( vi->vi_sort ^ VALSORT_WEIGHTED ) {
for ( i=0; i<n;) {
for (j=i+1; j<n; j++) {
if (index[i] != index[j])
break;
}
if( j-i > 1 )
do_sort( op, a, i, j-i, vi->vi_sort );
i = j;
}
}
op->o_tmpfree( index, op->o_tmpmemctx );
} else {
do_sort( op, a, 0, n, vi->vi_sort );
}
}
return SLAP_CB_CONTINUE;
}
static int autoca_cf( ConfigArgs *c )
{
slap_overinst *on = (slap_overinst *)c->bi;
autoca_info *ai = on->on_bi.bi_private;
int rc = 0;
switch( c->op ) {
case SLAP_CONFIG_EMIT:
switch( c->type ) {
case ACA_USRCLASS:
if ( ai->ai_usrclass ) {
c->value_string = ch_strdup( ai->ai_usrclass->soc_cname.bv_val );
} else {
rc = 1;
}
break;
case ACA_SRVCLASS:
if ( ai->ai_srvclass ) {
c->value_string = ch_strdup( ai->ai_srvclass->soc_cname.bv_val );
} else {
rc = 1;
}
break;
case ACA_USRKEYBITS:
c->value_int = ai->ai_usrkeybits;
break;
case ACA_SRVKEYBITS:
c->value_int = ai->ai_srvkeybits;
break;
case ACA_CAKEYBITS:
c->value_int = ai->ai_cakeybits;
break;
case ACA_USRDAYS:
c->value_int = ai->ai_usrdays;
break;
case ACA_SRVDAYS:
c->value_int = ai->ai_srvdays;
break;
case ACA_CADAYS:
c->value_int = ai->ai_cadays;
break;
case ACA_LOCALDN:
if ( !BER_BVISNULL( &ai->ai_localdn )) {
rc = value_add_one( &c->rvalue_vals, &ai->ai_localdn );
} else {
rc = 1;
}
break;
}
break;
case LDAP_MOD_DELETE:
switch( c->type ) {
case ACA_USRCLASS:
ai->ai_usrclass = NULL;
break;
case ACA_SRVCLASS:
ai->ai_srvclass = NULL;
break;
case ACA_LOCALDN:
if ( ai->ai_localdn.bv_val ) {
ch_free( ai->ai_localdn.bv_val );
ch_free( ai->ai_localndn.bv_val );
BER_BVZERO( &ai->ai_localdn );
BER_BVZERO( &ai->ai_localndn );
}
break;
/* single-valued attrs, all no-ops */
}
break;
case SLAP_CONFIG_ADD:
case LDAP_MOD_ADD:
switch( c->type ) {
case ACA_USRCLASS:
{
ObjectClass *oc = oc_find( c->value_string );
if ( oc )
ai->ai_usrclass = oc;
else
rc = 1;
}
break;
case ACA_SRVCLASS:
{
ObjectClass *oc = oc_find( c->value_string );
if ( oc )
ai->ai_srvclass = oc;
else
rc = 1;
}
case ACA_USRKEYBITS:
if ( c->value_int < MIN_KEYBITS )
rc = 1;
else
ai->ai_usrkeybits = c->value_int;
break;
case ACA_SRVKEYBITS:
if ( c->value_int < MIN_KEYBITS )
rc = 1;
else
ai->ai_srvkeybits = c->value_int;
break;
case ACA_CAKEYBITS:
if ( c->value_int < MIN_KEYBITS )
rc = 1;
else
ai->ai_cakeybits = c->value_int;
break;
case ACA_USRDAYS:
ai->ai_usrdays = c->value_int;
break;
case ACA_SRVDAYS:
ai->ai_srvdays = c->value_int;
break;
case ACA_CADAYS:
ai->ai_cadays = c->value_int;
break;
case ACA_LOCALDN:
if ( c->be->be_nsuffix == NULL ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"suffix must be set" );
Debug( LDAP_DEBUG_CONFIG, "autoca_config: %s\n",
c->cr_msg, NULL, NULL );
rc = ARG_BAD_CONF;
break;
}
if ( !dnIsSuffix( &c->value_ndn, c->be->be_nsuffix )) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"DN is not a subordinate of backend" );
Debug( LDAP_DEBUG_CONFIG, "autoca_config: %s\n",
c->cr_msg, NULL, NULL );
rc = ARG_BAD_CONF;
break;
}
if ( ai->ai_localdn.bv_val ) {
ch_free( ai->ai_localdn.bv_val );
ch_free( ai->ai_localndn.bv_val );
}
ai->ai_localdn = c->value_dn;
ai->ai_localndn = c->value_ndn;
}
}
return rc;
}
static int
constraint_cf_gen( ConfigArgs *c )
{
slap_overinst *on = (slap_overinst *)(c->bi);
constraint *cn = on->on_bi.bi_private, *cp;
struct berval bv;
int i, rc = 0;
constraint ap = { NULL };
const char *text = NULL;
switch ( c->op ) {
case SLAP_CONFIG_EMIT:
switch (c->type) {
case CONSTRAINT_ATTRIBUTE:
for (cp=cn; cp; cp=cp->ap_next) {
char *s;
char *tstr = NULL;
int quotes = 0;
int j;
bv.bv_len = STRLENOF(" ");
for (j = 0; cp->ap[j]; j++) {
bv.bv_len += cp->ap[j]->ad_cname.bv_len;
}
/* room for commas */
bv.bv_len += j - 1;
if (cp->re) {
tstr = REGEX_STR;
} else if (cp->lud) {
tstr = URI_STR;
quotes = 1;
} else if (cp->set) {
tstr = SET_STR;
quotes = 1;
} else if (cp->size) {
tstr = SIZE_STR;
} else if (cp->count) {
tstr = COUNT_STR;
}
bv.bv_len += strlen(tstr);
bv.bv_len += cp->val.bv_len + 2*quotes;
if (cp->restrict_lud != NULL) {
bv.bv_len += cp->restrict_val.bv_len + STRLENOF(" restrict=\"\"");
}
s = bv.bv_val = ch_malloc(bv.bv_len + 1);
s = lutil_strncopy( s, cp->ap[0]->ad_cname.bv_val, cp->ap[0]->ad_cname.bv_len );
for (j = 1; cp->ap[j]; j++) {
*s++ = ',';
s = lutil_strncopy( s, cp->ap[j]->ad_cname.bv_val, cp->ap[j]->ad_cname.bv_len );
}
*s++ = ' ';
s = lutil_strcopy( s, tstr );
*s++ = ' ';
if ( quotes ) *s++ = '"';
s = lutil_strncopy( s, cp->val.bv_val, cp->val.bv_len );
if ( quotes ) *s++ = '"';
if (cp->restrict_lud != NULL) {
s = lutil_strcopy( s, " restrict=\"" );
s = lutil_strncopy( s, cp->restrict_val.bv_val, cp->restrict_val.bv_len );
*s++ = '"';
}
*s = '\0';
rc = value_add_one( &c->rvalue_vals, &bv );
if (rc == LDAP_SUCCESS)
rc = value_add_one( &c->rvalue_nvals, &bv );
ch_free(bv.bv_val);
if (rc) return rc;
}
break;
default:
abort();
break;
}
break;
case LDAP_MOD_DELETE:
switch (c->type) {
case CONSTRAINT_ATTRIBUTE:
if (!cn) break; /* nothing to do */
if (c->valx < 0) {
/* zap all constraints */
while (cn) {
cp = cn->ap_next;
constraint_free( cn, 1 );
cn = cp;
}
on->on_bi.bi_private = NULL;
} else {
constraint **cpp;
/* zap constraint numbered 'valx' */
for(i=0, cp = cn, cpp = &cn;
(cp) && (i<c->valx);
i++, cpp = &cp->ap_next, cp = *cpp);
if (cp) {
/* zap cp, and join cpp to cp->ap_next */
*cpp = cp->ap_next;
constraint_free( cp, 1 );
}
on->on_bi.bi_private = cn;
}
break;
default:
abort();
break;
}
break;
case SLAP_CONFIG_ADD:
case LDAP_MOD_ADD:
switch (c->type) {
case CONSTRAINT_ATTRIBUTE: {
int j;
char **attrs = ldap_str2charray( c->argv[1], "," );
for ( j = 0; attrs[j]; j++)
/* just count */ ;
ap.ap = ch_calloc( sizeof(AttributeDescription*), j + 1 );
for ( j = 0; attrs[j]; j++) {
if ( slap_str2ad( attrs[j], &ap.ap[j], &text ) ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s <%s>: %s\n", c->argv[0], attrs[j], text );
rc = ARG_BAD_CONF;
goto done;
}
}
if ( strcasecmp( c->argv[2], REGEX_STR ) == 0) {
int err;
ap.re = ch_malloc( sizeof(regex_t) );
if ((err = regcomp( ap.re,
c->argv[3], REG_EXTENDED )) != 0) {
char errmsg[1024];
regerror( err, ap.re, errmsg, sizeof(errmsg) );
ch_free(ap.re);
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s %s: Illegal regular expression \"%s\": Error %s",
c->argv[0], c->argv[1], c->argv[3], errmsg);
ap.re = NULL;
rc = ARG_BAD_CONF;
goto done;
}
ber_str2bv( c->argv[3], 0, 1, &ap.val );
} else if ( strcasecmp( c->argv[2], SIZE_STR ) == 0 ) {
size_t size;
if ( ( size = atoi(c->argv[3]) ) != 0 )
ap.size = size;
} else if ( strcasecmp( c->argv[2], COUNT_STR ) == 0 ) {
size_t count;
if ( ( count = atoi(c->argv[3]) ) != 0 )
ap.count = count;
} else if ( strcasecmp( c->argv[2], URI_STR ) == 0 ) {
int err;
err = ldap_url_parse(c->argv[3], &ap.lud);
if ( err != LDAP_URL_SUCCESS ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s %s: Invalid URI \"%s\"",
c->argv[0], c->argv[1], c->argv[3]);
rc = ARG_BAD_CONF;
goto done;
}
if (ap.lud->lud_host != NULL) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s %s: unsupported hostname in URI \"%s\"",
c->argv[0], c->argv[1], c->argv[3]);
ldap_free_urldesc(ap.lud);
rc = ARG_BAD_CONF;
goto done;
}
for ( i=0; ap.lud->lud_attrs[i]; i++);
/* FIXME: This is worthless without at least one attr */
if ( i ) {
ap.attrs = ch_malloc( (i+1)*sizeof(AttributeDescription *));
for ( i=0; ap.lud->lud_attrs[i]; i++) {
ap.attrs[i] = NULL;
if ( slap_str2ad( ap.lud->lud_attrs[i], &ap.attrs[i], &text ) ) {
ch_free( ap.attrs );
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s <%s>: %s\n", c->argv[0], ap.lud->lud_attrs[i], text );
rc = ARG_BAD_CONF;
goto done;
}
}
ap.attrs[i] = NULL;
}
if (ap.lud->lud_dn == NULL) {
ap.lud->lud_dn = ch_strdup("");
} else {
struct berval dn, ndn;
ber_str2bv( ap.lud->lud_dn, 0, 0, &dn );
if (dnNormalize( 0, NULL, NULL, &dn, &ndn, NULL ) ) {
/* cleanup */
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s %s: URI %s DN normalization failed",
c->argv[0], c->argv[1], c->argv[3] );
Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
"%s: %s\n", c->log, c->cr_msg, 0 );
rc = ARG_BAD_CONF;
goto done;
}
ldap_memfree( ap.lud->lud_dn );
ap.lud->lud_dn = ndn.bv_val;
}
if (ap.lud->lud_filter == NULL) {
ap.lud->lud_filter = ch_strdup("objectClass=*");
} else if ( ap.lud->lud_filter[0] == '(' ) {
ber_len_t len = strlen( ap.lud->lud_filter );
if ( ap.lud->lud_filter[len - 1] != ')' ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s %s: invalid URI filter: %s",
c->argv[0], c->argv[1], ap.lud->lud_filter );
rc = ARG_BAD_CONF;
goto done;
}
AC_MEMCPY( &ap.lud->lud_filter[0], &ap.lud->lud_filter[1], len - 2 );
ap.lud->lud_filter[len - 2] = '\0';
}
ber_str2bv( c->argv[3], 0, 1, &ap.val );
} else if ( strcasecmp( c->argv[2], SET_STR ) == 0 ) {
ap.set = 1;
ber_str2bv( c->argv[3], 0, 1, &ap.val );
} else {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s %s: Unknown constraint type: %s",
c->argv[0], c->argv[1], c->argv[2] );
rc = ARG_BAD_CONF;
goto done;
}
if ( c->argc > 4 ) {
int argidx;
for ( argidx = 4; argidx < c->argc; argidx++ ) {
if ( strncasecmp( c->argv[argidx], "restrict=", STRLENOF("restrict=") ) == 0 ) {
int err;
char *arg = c->argv[argidx] + STRLENOF("restrict=");
err = ldap_url_parse(arg, &ap.restrict_lud);
if ( err != LDAP_URL_SUCCESS ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s %s: Invalid restrict URI \"%s\"",
c->argv[0], c->argv[1], arg);
rc = ARG_BAD_CONF;
goto done;
}
if (ap.restrict_lud->lud_host != NULL) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s %s: unsupported hostname in restrict URI \"%s\"",
c->argv[0], c->argv[1], arg);
rc = ARG_BAD_CONF;
goto done;
}
if ( ap.restrict_lud->lud_attrs != NULL ) {
if ( ap.restrict_lud->lud_attrs[0] != '\0' ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s %s: attrs not allowed in restrict URI %s\n",
c->argv[0], c->argv[1], arg);
rc = ARG_BAD_CONF;
goto done;
}
ldap_memvfree((void *)ap.restrict_lud->lud_attrs);
ap.restrict_lud->lud_attrs = NULL;
}
if (ap.restrict_lud->lud_dn != NULL) {
if (ap.restrict_lud->lud_dn[0] == '\0') {
ldap_memfree(ap.restrict_lud->lud_dn);
ap.restrict_lud->lud_dn = NULL;
} else {
struct berval dn, ndn;
int j;
ber_str2bv(ap.restrict_lud->lud_dn, 0, 0, &dn);
if (dnNormalize(0, NULL, NULL, &dn, &ndn, NULL)) {
/* cleanup */
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s %s: restrict URI %s DN normalization failed",
c->argv[0], c->argv[1], arg );
rc = ARG_BAD_CONF;
goto done;
}
assert(c->be != NULL);
if (c->be->be_nsuffix == NULL) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s %s: restrict URI requires suffix",
c->argv[0], c->argv[1] );
rc = ARG_BAD_CONF;
goto done;
}
for ( j = 0; !BER_BVISNULL(&c->be->be_nsuffix[j]); j++) {
if (dnIsSuffix(&ndn, &c->be->be_nsuffix[j])) break;
}
if (BER_BVISNULL(&c->be->be_nsuffix[j])) {
/* error */
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s %s: restrict URI DN %s not within database naming context(s)",
c->argv[0], c->argv[1], dn.bv_val );
rc = ARG_BAD_CONF;
goto done;
}
ap.restrict_ndn = ndn;
}
}
if (ap.restrict_lud->lud_filter != NULL) {
ap.restrict_filter = str2filter(ap.restrict_lud->lud_filter);
if (ap.restrict_filter == NULL) {
/* error */
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s %s: restrict URI filter %s invalid",
c->argv[0], c->argv[1], ap.restrict_lud->lud_filter );
rc = ARG_BAD_CONF;
goto done;
}
}
ber_str2bv(c->argv[argidx], 0, 1, &ap.restrict_val);
} else {
/* cleanup */
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s %s: unrecognized arg #%d (%s)",
c->argv[0], c->argv[1], argidx, c->argv[argidx] );
rc = ARG_BAD_CONF;
goto done;
}
}
}
done:;
if ( rc == LDAP_SUCCESS ) {
constraint *a2 = ch_calloc( sizeof(constraint), 1 );
a2->ap_next = on->on_bi.bi_private;
a2->ap = ap.ap;
a2->re = ap.re;
a2->val = ap.val;
a2->lud = ap.lud;
a2->set = ap.set;
a2->size = ap.size;
a2->count = ap.count;
if ( a2->lud ) {
ber_str2bv(a2->lud->lud_dn, 0, 0, &a2->dn);
ber_str2bv(a2->lud->lud_filter, 0, 0, &a2->filter);
}
a2->attrs = ap.attrs;
a2->restrict_lud = ap.restrict_lud;
a2->restrict_ndn = ap.restrict_ndn;
a2->restrict_filter = ap.restrict_filter;
a2->restrict_val = ap.restrict_val;
on->on_bi.bi_private = a2;
} else {
Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
"%s: %s\n", c->log, c->cr_msg, 0 );
constraint_free( &ap, 0 );
}
ldap_memvfree((void**)attrs);
} break;
default:
abort();
break;
}
break;
default:
abort();
}
return rc;
}
/*
* returns 1 if suffix is candidate for dn, otherwise 0
*
* Note: this function should never be called if dn is the <suffix>.
*/
int
meta_back_is_candidate(
metatarget_t *mt,
struct berval *ndn,
int scope )
{
struct berval rdn;
int d = ndn->bv_len - mt->mt_nsuffix.bv_len;
if ( d >= 0 ) {
if ( !dnIsSuffix( ndn, &mt->mt_nsuffix ) ) {
return META_NOT_CANDIDATE;
}
/*
* | match | exclude |
* +---------+---------+-------------------+
* | T | T | not candidate |
* | F | T | continue checking |
* +---------+---------+-------------------+
* | T | F | candidate |
* | F | F | not candidate |
* +---------+---------+-------------------+
*/
if ( mt->mt_subtree ) {
int match = ( meta_subtree_match( mt, ndn, scope ) != NULL );
if ( !mt->mt_subtree_exclude ) {
return match ? META_CANDIDATE : META_NOT_CANDIDATE;
}
if ( match /* && mt->mt_subtree_exclude */ ) {
return META_NOT_CANDIDATE;
}
}
switch ( mt->mt_scope ) {
case LDAP_SCOPE_SUBTREE:
default:
return META_CANDIDATE;
case LDAP_SCOPE_SUBORDINATE:
if ( d > 0 ) {
return META_CANDIDATE;
}
break;
/* nearly useless; not allowed by config */
case LDAP_SCOPE_ONELEVEL:
if ( d > 0 ) {
rdn.bv_val = ndn->bv_val;
rdn.bv_len = (ber_len_t)d - STRLENOF( "," );
if ( dnIsOneLevelRDN( &rdn ) ) {
return META_CANDIDATE;
}
}
break;
/* nearly useless; not allowed by config */
case LDAP_SCOPE_BASE:
if ( d == 0 ) {
return META_CANDIDATE;
}
break;
}
} else /* if ( d < 0 ) */ {
if ( !dnIsSuffix( &mt->mt_nsuffix, ndn ) ) {
return META_NOT_CANDIDATE;
}
switch ( scope ) {
case LDAP_SCOPE_SUBTREE:
case LDAP_SCOPE_SUBORDINATE:
/*
* suffix longer than dn, but common part matches
*/
return META_CANDIDATE;
case LDAP_SCOPE_ONELEVEL:
rdn.bv_val = mt->mt_nsuffix.bv_val;
rdn.bv_len = (ber_len_t)(-d) - STRLENOF( "," );
if ( dnIsOneLevelRDN( &rdn ) ) {
return META_CANDIDATE;
}
break;
}
}
return META_NOT_CANDIDATE;
}
static int
autogroup_response( Operation *op, SlapReply *rs )
{
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
autogroup_info_t *agi = (autogroup_info_t *)on->on_bi.bi_private;
autogroup_def_t *agd = agi->agi_def;
autogroup_entry_t *age = agi->agi_entry;
autogroup_filter_t *agf;
BerValue new_dn, new_ndn, pdn;
Entry *e, *group;
Attribute *a;
int is_olddn, is_newdn, dn_equal;
if ( op->o_tag == LDAP_REQ_MODRDN ) {
if ( rs->sr_type == REP_RESULT && rs->sr_err == LDAP_SUCCESS && !get_manageDSAit( op )) {
Debug( LDAP_DEBUG_TRACE, "==> autogroup_response MODRDN from <%s>\n", op->o_req_dn.bv_val, 0, 0);
ldap_pvt_thread_mutex_lock( &agi->agi_mutex );
if ( op->oq_modrdn.rs_newSup ) {
pdn = *op->oq_modrdn.rs_newSup;
} else {
dnParent( &op->o_req_dn, &pdn );
}
build_new_dn( &new_dn, &pdn, &op->orr_newrdn, op->o_tmpmemctx );
if ( op->oq_modrdn.rs_nnewSup ) {
pdn = *op->oq_modrdn.rs_nnewSup;
} else {
dnParent( &op->o_req_ndn, &pdn );
}
build_new_dn( &new_ndn, &pdn, &op->orr_nnewrdn, op->o_tmpmemctx );
Debug( LDAP_DEBUG_TRACE, "autogroup_response MODRDN to <%s>\n", new_dn.bv_val, 0, 0);
dnMatch( &dn_equal, 0, NULL, NULL, &op->o_req_ndn, &new_ndn );
if ( overlay_entry_get_ov( op, &new_ndn, NULL, NULL, 0, &e, on ) !=
LDAP_SUCCESS || e == NULL ) {
Debug( LDAP_DEBUG_TRACE, "autogroup_response MODRDN cannot get entry for <%s>\n", new_dn.bv_val, 0, 0);
ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );
return SLAP_CB_CONTINUE;
}
a = attrs_find( e->e_attrs, slap_schema.si_ad_objectClass );
if ( a == NULL ) {
Debug( LDAP_DEBUG_TRACE, "autogroup_response MODRDN entry <%s> has no objectClass\n", new_dn.bv_val, 0, 0);
overlay_entry_release_ov( op, e, 0, on );
ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );
return SLAP_CB_CONTINUE;
}
/* If a groups DN is modified, just update age_dn/ndn of that group with the new DN. */
for ( ; agd; agd = agd->agd_next ) {
if ( value_find_ex( slap_schema.si_ad_objectClass,
SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
a->a_nvals, &agd->agd_oc->soc_cname,
op->o_tmpmemctx ) == 0 )
{
for ( age = agi->agi_entry ; age ; age = age->age_next ) {
int match = 1;
dnMatch( &match, 0, NULL, NULL, &age->age_ndn, &op->o_req_ndn );
if ( match == 0 ) {
Debug( LDAP_DEBUG_TRACE, "autogroup_response MODRDN updating group's DN to <%s>\n", new_dn.bv_val, 0, 0);
ber_dupbv( &age->age_dn, &new_dn );
ber_dupbv( &age->age_ndn, &new_ndn );
op->o_tmpfree( new_dn.bv_val, op->o_tmpmemctx );
op->o_tmpfree( new_ndn.bv_val, op->o_tmpmemctx );
overlay_entry_release_ov( op, e, 0, on );
ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );
return SLAP_CB_CONTINUE;
}
}
}
}
overlay_entry_release_ov( op, e, 0, on );
/* For each group:
1. check if the orginal entry's DN is in the group.
2. chceck if the any of the group filter's base DN is a suffix of the new DN
If 1 and 2 are both false, we do nothing.
If 1 and 2 is true, we remove the old DN from the group, and add the new DN.
If 1 is false, and 2 is true, we check the entry against the group's filters,
and add it's DN to the group.
If 1 is true, and 2 is false, we delete the entry's DN from the group.
*/
for ( age = agi->agi_entry ; age ; age = age->age_next ) {
is_olddn = 0;
is_newdn = 0;
ldap_pvt_thread_mutex_lock( &age->age_mutex );
if ( overlay_entry_get_ov( op, &age->age_ndn, NULL, NULL, 0, &group, on ) !=
LDAP_SUCCESS || group == NULL ) {
Debug( LDAP_DEBUG_TRACE, "autogroup_response MODRDN cannot get group entry <%s>\n", age->age_dn.bv_val, 0, 0);
op->o_tmpfree( new_dn.bv_val, op->o_tmpmemctx );
op->o_tmpfree( new_ndn.bv_val, op->o_tmpmemctx );
ldap_pvt_thread_mutex_unlock( &age->age_mutex );
ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );
return SLAP_CB_CONTINUE;
}
a = attrs_find( group->e_attrs, age->age_def->agd_member_ad );
if ( a != NULL ) {
if ( value_find_ex( age->age_def->agd_member_ad,
SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
a->a_nvals, &op->o_req_ndn, op->o_tmpmemctx ) == 0 )
{
is_olddn = 1;
}
}
overlay_entry_release_ov( op, group, 0, on );
for ( agf = age->age_filter ; agf ; agf = agf->agf_next ) {
if ( dnIsSuffix( &new_ndn, &agf->agf_ndn ) ) {
is_newdn = 1;
break;
}
}
if ( is_olddn == 1 && is_newdn == 0 ) {
autogroup_delete_member_from_group( op, &op->o_req_dn, &op->o_req_ndn, age );
} else
if ( is_olddn == 0 && is_newdn == 1 ) {
for ( agf = age->age_filter; agf; agf = agf->agf_next ) {
if ( test_filter( op, e, agf->agf_filter ) == LDAP_COMPARE_TRUE ) {
autogroup_add_member_to_group( op, &new_dn, &new_ndn, age );
break;
}
}
} else
if ( is_olddn == 1 && is_newdn == 1 && dn_equal != 0 ) {
autogroup_delete_member_from_group( op, &op->o_req_dn, &op->o_req_ndn, age );
autogroup_add_member_to_group( op, &new_dn, &new_ndn, age );
}
ldap_pvt_thread_mutex_unlock( &age->age_mutex );
}
op->o_tmpfree( new_dn.bv_val, op->o_tmpmemctx );
op->o_tmpfree( new_ndn.bv_val, op->o_tmpmemctx );
ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );
}
}
if ( op->o_tag == LDAP_REQ_MODIFY ) {
if ( rs->sr_type == REP_RESULT && rs->sr_err == LDAP_SUCCESS && !get_manageDSAit( op ) ) {
Debug( LDAP_DEBUG_TRACE, "==> autogroup_response MODIFY <%s>\n", op->o_req_dn.bv_val, 0, 0);
ldap_pvt_thread_mutex_lock( &agi->agi_mutex );
if ( overlay_entry_get_ov( op, &op->o_req_ndn, NULL, NULL, 0, &e, on ) !=
LDAP_SUCCESS || e == NULL ) {
Debug( LDAP_DEBUG_TRACE, "autogroup_response MODIFY cannot get entry for <%s>\n", op->o_req_dn.bv_val, 0, 0);
ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );
return SLAP_CB_CONTINUE;
}
a = attrs_find( e->e_attrs, slap_schema.si_ad_objectClass );
if ( a == NULL ) {
Debug( LDAP_DEBUG_TRACE, "autogroup_response MODIFY entry <%s> has no objectClass\n", op->o_req_dn.bv_val, 0, 0);
overlay_entry_release_ov( op, e, 0, on );
ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );
return SLAP_CB_CONTINUE;
}
/* If we modify a group's memberURL, we have to delete all of it's members,
and add them anew, because we cannot tell from which memberURL a member was added. */
for ( ; agd; agd = agd->agd_next ) {
if ( value_find_ex( slap_schema.si_ad_objectClass,
SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
a->a_nvals, &agd->agd_oc->soc_cname,
op->o_tmpmemctx ) == 0 )
{
Modifications *m;
int match = 1;
m = op->orm_modlist;
for ( ; age ; age = age->age_next ) {
ldap_pvt_thread_mutex_lock( &age->age_mutex );
dnMatch( &match, 0, NULL, NULL, &op->o_req_ndn, &age->age_ndn );
if ( match == 0 ) {
for ( ; m ; m = m->sml_next ) {
if ( m->sml_desc == age->age_def->agd_member_url_ad ) {
autogroup_def_t *group_agd = age->age_def;
Debug( LDAP_DEBUG_TRACE, "autogroup_response MODIFY changing memberURL for group <%s>\n",
op->o_req_dn.bv_val, 0, 0);
overlay_entry_release_ov( op, e, 0, on );
autogroup_delete_member_from_group( op, NULL, NULL, age );
autogroup_delete_group( agi, age );
autogroup_add_group( op, agi, group_agd, NULL, &op->o_req_ndn, 1, 1);
ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );
return SLAP_CB_CONTINUE;
}
}
ldap_pvt_thread_mutex_unlock( &age->age_mutex );
break;
}
ldap_pvt_thread_mutex_unlock( &age->age_mutex );
}
overlay_entry_release_ov( op, e, 0, on );
ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );
return SLAP_CB_CONTINUE;
}
}
overlay_entry_release_ov( op, e, 0, on );
/* When modifing any of the attributes of an entry, we must
check if the entry is in any of our groups, and if
the modified entry maches any of the filters of that group.
If the entry exists in a group, but the modified attributes do
not match any of the group's filters, we delete the entry from that group.
If the entry doesn't exist in a group, but matches a filter,
we add it to that group.
*/
for ( age = agi->agi_entry ; age ; age = age->age_next ) {
is_olddn = 0;
is_newdn = 0;
ldap_pvt_thread_mutex_lock( &age->age_mutex );
if ( overlay_entry_get_ov( op, &age->age_ndn, NULL, NULL, 0, &group, on ) !=
LDAP_SUCCESS || group == NULL ) {
Debug( LDAP_DEBUG_TRACE, "autogroup_response MODIFY cannot get entry for <%s>\n",
age->age_dn.bv_val, 0, 0);
ldap_pvt_thread_mutex_unlock( &age->age_mutex );
ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );
return SLAP_CB_CONTINUE;
}
a = attrs_find( group->e_attrs, age->age_def->agd_member_ad );
if ( a != NULL ) {
if ( value_find_ex( age->age_def->agd_member_ad,
SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
a->a_nvals, &op->o_req_ndn, op->o_tmpmemctx ) == 0 )
{
is_olddn = 1;
}
}
overlay_entry_release_ov( op, group, 0, on );
for ( agf = age->age_filter ; agf ; agf = agf->agf_next ) {
if ( dnIsSuffix( &op->o_req_ndn, &agf->agf_ndn ) ) {
if ( test_filter( op, e, agf->agf_filter ) == LDAP_COMPARE_TRUE ) {
is_newdn = 1;
break;
}
}
}
if ( is_olddn == 1 && is_newdn == 0 ) {
autogroup_delete_member_from_group( op, &op->o_req_dn, &op->o_req_ndn, age );
} else
if ( is_olddn == 0 && is_newdn == 1 ) {
autogroup_add_member_to_group( op, &op->o_req_dn, &op->o_req_ndn, age );
}
ldap_pvt_thread_mutex_unlock( &age->age_mutex );
}
ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );
}
}
return SLAP_CB_CONTINUE;
}
int
ndb_back_modrdn( Operation *op, SlapReply *rs )
{
struct ndb_info *ni = (struct ndb_info *) op->o_bd->be_private;
AttributeDescription *children = slap_schema.si_ad_children;
AttributeDescription *entry = slap_schema.si_ad_entry;
struct berval new_dn = BER_BVNULL, new_ndn = BER_BVNULL;
Entry e = {0};
Entry e2 = {0};
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof textbuf;
struct berval *np_dn = NULL; /* newSuperior dn */
struct berval *np_ndn = NULL; /* newSuperior ndn */
int manageDSAit = get_manageDSAit( op );
int num_retries = 0;
NdbArgs NA, NA2;
NdbRdns rdns, rdn2;
struct berval matched;
LDAPControl **preread_ctrl = NULL;
LDAPControl **postread_ctrl = NULL;
LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
int num_ctrls = 0;
int rc;
Debug( LDAP_DEBUG_ARGS, "==>" LDAP_XSTRING(ndb_back_modrdn) "(%s,%s,%s)\n",
op->o_req_dn.bv_val,op->oq_modrdn.rs_newrdn.bv_val,
op->oq_modrdn.rs_newSup ? op->oq_modrdn.rs_newSup->bv_val : "NULL" );
ctrls[num_ctrls] = NULL;
slap_mods_opattrs( op, &op->orr_modlist, 1 );
e.e_name = op->o_req_dn;
e.e_nname = op->o_req_ndn;
/* Get our NDB handle */
rs->sr_err = ndb_thread_handle( op, &NA.ndb );
rdns.nr_num = 0;
NA.rdns = &rdns;
NA.e = &e;
NA2.ndb = NA.ndb;
NA2.e = &e2;
NA2.rdns = &rdn2;
if( 0 ) {
retry: /* transaction retry */
NA.txn->close();
NA.txn = NULL;
if ( e.e_attrs ) {
attrs_free( e.e_attrs );
e.e_attrs = NULL;
}
Debug( LDAP_DEBUG_TRACE, "==>" LDAP_XSTRING(ndb_back_modrdn)
": retrying...\n", 0, 0, 0 );
if ( op->o_abandon ) {
rs->sr_err = SLAPD_ABANDON;
goto return_results;
}
if ( NA2.ocs ) {
ber_bvarray_free_x( NA2.ocs, op->o_tmpmemctx );
}
if ( NA.ocs ) {
ber_bvarray_free_x( NA.ocs, op->o_tmpmemctx );
}
ndb_trans_backoff( ++num_retries );
}
NA.ocs = NULL;
NA2.ocs = NULL;
/* begin transaction */
NA.txn = NA.ndb->startTransaction();
rs->sr_text = NULL;
if( !NA.txn ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_modrdn) ": startTransaction failed: %s (%d)\n",
NA.ndb->getNdbError().message, NA.ndb->getNdbError().code, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
NA2.txn = NA.txn;
/* get entry */
rs->sr_err = ndb_entry_get_info( op, &NA, 1, &matched );
switch( rs->sr_err ) {
case 0:
break;
case LDAP_NO_SUCH_OBJECT:
Debug( LDAP_DEBUG_ARGS,
"<=- ndb_back_modrdn: no such object %s\n",
op->o_req_dn.bv_val, 0, 0 );
rs->sr_matched = matched.bv_val;
if ( NA.ocs )
ndb_check_referral( op, rs, &NA );
goto return_results;
#if 0
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
#endif
case LDAP_BUSY:
rs->sr_text = "ldap server busy";
goto return_results;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
/* acquire and lock entry */
rs->sr_err = ndb_entry_get_data( op, &NA, 1 );
if ( rs->sr_err )
goto return_results;
if ( !manageDSAit && is_entry_glue( &e )) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
goto return_results;
}
if ( get_assert( op ) &&
( test_filter( op, &e, (Filter *)get_assertion( op )) != LDAP_COMPARE_TRUE ))
{
rs->sr_err = LDAP_ASSERTION_FAILED;
goto return_results;
}
/* check write on old entry */
rs->sr_err = access_allowed( op, &e, entry, NULL, ACL_WRITE, NULL );
if ( ! rs->sr_err ) {
Debug( LDAP_DEBUG_TRACE, "no access to entry\n", 0,
0, 0 );
rs->sr_text = "no write access to old entry";
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
/* Can't do it if we have kids */
rs->sr_err = ndb_has_children( &NA, &rc );
if ( rs->sr_err ) {
Debug(LDAP_DEBUG_ARGS,
"<=- " LDAP_XSTRING(ndb_back_modrdn)
": has_children failed: %s (%d)\n",
NA.txn->getNdbError().message, NA.txn->getNdbError().code, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
if ( rc == LDAP_COMPARE_TRUE ) {
Debug(LDAP_DEBUG_ARGS,
"<=- " LDAP_XSTRING(ndb_back_modrdn)
": non-leaf %s\n",
op->o_req_dn.bv_val, 0, 0);
rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF;
rs->sr_text = "subtree rename not supported";
goto return_results;
}
if (!manageDSAit && is_entry_referral( &e ) ) {
/* entry is a referral, don't allow modrdn */
rs->sr_ref = get_entry_referrals( op, &e );
Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(ndb_back_modrdn)
": entry %s is referral\n", e.e_dn, 0, 0 );
rs->sr_err = LDAP_REFERRAL,
rs->sr_matched = op->o_req_dn.bv_val;
rs->sr_flags = REP_REF_MUSTBEFREED;
goto return_results;
}
if ( be_issuffix( op->o_bd, &e.e_nname ) ) {
/* There can only be one suffix entry */
rs->sr_err = LDAP_NAMING_VIOLATION;
rs->sr_text = "cannot rename suffix entry";
goto return_results;
} else {
dnParent( &e.e_nname, &e2.e_nname );
dnParent( &e.e_name, &e2.e_name );
}
/* check parent for "children" acl */
rs->sr_err = access_allowed( op, &e2,
children, NULL,
op->oq_modrdn.rs_newSup == NULL ?
ACL_WRITE : ACL_WDEL,
NULL );
if ( ! rs->sr_err ) {
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
0, 0 );
rs->sr_text = "no write access to old parent's children";
goto return_results;
}
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_modrdn) ": wr to children "
"of entry %s OK\n", e2.e_name.bv_val, 0, 0 );
if ( op->oq_modrdn.rs_newSup != NULL ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_modrdn)
": new parent \"%s\" requested...\n",
op->oq_modrdn.rs_newSup->bv_val, 0, 0 );
/* newSuperior == oldParent? */
if( dn_match( &e2.e_nname, op->oq_modrdn.rs_nnewSup ) ) {
Debug( LDAP_DEBUG_TRACE, "bdb_back_modrdn: "
"new parent \"%s\" same as the old parent \"%s\"\n",
op->oq_modrdn.rs_newSup->bv_val, e2.e_name.bv_val, 0 );
op->oq_modrdn.rs_newSup = NULL; /* ignore newSuperior */
}
}
if ( op->oq_modrdn.rs_newSup != NULL ) {
if ( op->oq_modrdn.rs_newSup->bv_len ) {
rdn2.nr_num = 0;
np_dn = op->oq_modrdn.rs_newSup;
np_ndn = op->oq_modrdn.rs_nnewSup;
/* newSuperior == oldParent? - checked above */
/* newSuperior == entry being moved?, if so ==> ERROR */
if ( dnIsSuffix( np_ndn, &e.e_nname )) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
rs->sr_text = "new superior not found";
goto return_results;
}
/* Get Entry with dn=newSuperior. Does newSuperior exist? */
e2.e_name = *np_dn;
e2.e_nname = *np_ndn;
rs->sr_err = ndb_entry_get_info( op, &NA2, 1, NULL );
switch( rs->sr_err ) {
case 0:
break;
case LDAP_NO_SUCH_OBJECT:
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_modrdn)
": newSup(ndn=%s) not here!\n",
np_ndn->bv_val, 0, 0);
rs->sr_text = "new superior not found";
goto return_results;
#if 0
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
#endif
case LDAP_BUSY:
rs->sr_text = "ldap server busy";
goto return_results;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
if ( NA2.ocs ) {
Attribute a;
int i;
for ( i=0; !BER_BVISNULL( &NA2.ocs[i] ); i++);
a.a_numvals = i;
a.a_desc = slap_schema.si_ad_objectClass;
a.a_vals = NA2.ocs;
a.a_nvals = NA2.ocs;
a.a_next = NULL;
e2.e_attrs = &a;
if ( is_entry_alias( &e2 )) {
/* parent is an alias, don't allow move */
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_modrdn)
": entry is alias\n",
0, 0, 0 );
rs->sr_text = "new superior is an alias";
rs->sr_err = LDAP_ALIAS_PROBLEM;
goto return_results;
}
if ( is_entry_referral( &e2 ) ) {
/* parent is a referral, don't allow move */
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_modrdn)
": entry is referral\n",
0, 0, 0 );
rs->sr_text = "new superior is a referral";
rs->sr_err = LDAP_OTHER;
goto return_results;
}
}
}
/* check newSuperior for "children" acl */
rs->sr_err = access_allowed( op, &e2, children,
NULL, ACL_WADD, NULL );
if( ! rs->sr_err ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_modrdn)
": no wr to newSup children\n",
0, 0, 0 );
rs->sr_text = "no write access to new superior's children";
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_modrdn)
": wr to new parent OK id=%ld\n",
(long) e2.e_id, 0, 0 );
}
/* Build target dn and make sure target entry doesn't exist already. */
if (!new_dn.bv_val) {
build_new_dn( &new_dn, &e2.e_name, &op->oq_modrdn.rs_newrdn, NULL );
}
if (!new_ndn.bv_val) {
build_new_dn( &new_ndn, &e2.e_nname, &op->oq_modrdn.rs_nnewrdn, NULL );
}
Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(ndb_back_modrdn) ": new ndn=%s\n",
new_ndn.bv_val, 0, 0 );
/* Allow rename to same DN */
if ( !bvmatch ( &new_ndn, &e.e_nname )) {
rdn2.nr_num = 0;
e2.e_name = new_dn;
e2.e_nname = new_ndn;
NA2.ocs = &matched;
rs->sr_err = ndb_entry_get_info( op, &NA2, 1, NULL );
NA2.ocs = NULL;
switch( rs->sr_err ) {
#if 0
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
#endif
case LDAP_NO_SUCH_OBJECT:
break;
case 0:
rs->sr_err = LDAP_ALREADY_EXISTS;
goto return_results;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
}
assert( op->orr_modlist != NULL );
if( op->o_preread ) {
if( preread_ctrl == NULL ) {
preread_ctrl = &ctrls[num_ctrls++];
ctrls[num_ctrls] = NULL;
}
if( slap_read_controls( op, rs, &e,
&slap_pre_read_bv, preread_ctrl ) )
{
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(ndb_back_modrdn)
": pre-read failed!\n", 0, 0, 0 );
if ( op->o_preread & SLAP_CONTROL_CRITICAL ) {
/* FIXME: is it correct to abort
* operation if control fails? */
goto return_results;
}
}
}
/* delete old DN */
rs->sr_err = ndb_entry_del_info( op->o_bd, &NA );
if ( rs->sr_err != 0 ) {
Debug(LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(ndb_back_modrdn)
": dn2id del failed: %s (%d)\n",
NA.txn->getNdbError().message, NA.txn->getNdbError().code, 0 );
#if 0
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
#endif
rs->sr_err = LDAP_OTHER;
rs->sr_text = "DN index delete fail";
goto return_results;
}
/* copy entry fields */
e2.e_attrs = e.e_attrs;
e2.e_id = e.e_id;
/* add new DN */
rs->sr_err = ndb_entry_put_info( op->o_bd, &NA2, 0 );
if ( rs->sr_err != 0 ) {
Debug(LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(ndb_back_modrdn)
": dn2id add failed: %s (%d)\n",
NA.txn->getNdbError().message, NA.txn->getNdbError().code, 0 );
#if 0
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
#endif
rs->sr_err = LDAP_OTHER;
rs->sr_text = "DN index add failed";
goto return_results;
}
/* modify entry */
rs->sr_err = ndb_modify_internal( op, &NA2,
&rs->sr_text, textbuf, textlen );
if( rs->sr_err != LDAP_SUCCESS ) {
Debug(LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(ndb_back_modrdn)
": modify failed: %s (%d)\n",
NA.txn->getNdbError().message, NA.txn->getNdbError().code, 0 );
#if 0
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
#endif
goto return_results;
}
e.e_attrs = e2.e_attrs;
if( op->o_postread ) {
if( postread_ctrl == NULL ) {
postread_ctrl = &ctrls[num_ctrls++];
ctrls[num_ctrls] = NULL;
}
if( slap_read_controls( op, rs, &e2,
&slap_post_read_bv, postread_ctrl ) )
{
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(ndb_back_modrdn)
": post-read failed!\n", 0, 0, 0 );
if ( op->o_postread & SLAP_CONTROL_CRITICAL ) {
/* FIXME: is it correct to abort
* operation if control fails? */
goto return_results;
}
}
}
if( op->o_noop ) {
if (( rs->sr_err=NA.txn->execute( NdbTransaction::Rollback,
NdbOperation::AbortOnError, 1 )) != 0 ) {
rs->sr_text = "txn_abort (no-op) failed";
} else {
rs->sr_err = LDAP_X_NO_OPERATION;
}
} else {
if (( rs->sr_err=NA.txn->execute( NdbTransaction::Commit,
NdbOperation::AbortOnError, 1 )) != 0 ) {
rs->sr_text = "txn_commit failed";
} else {
rs->sr_err = LDAP_SUCCESS;
}
}
if( rs->sr_err != LDAP_SUCCESS && rs->sr_err != LDAP_X_NO_OPERATION ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_modrdn) ": txn_%s failed: %s (%d)\n",
op->o_noop ? "abort (no-op)" : "commit",
NA.txn->getNdbError().message, NA.txn->getNdbError().code );
rs->sr_err = LDAP_OTHER;
goto return_results;
}
NA.txn->close();
NA.txn = NULL;
Debug(LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_modrdn)
": rdn modified%s id=%08lx dn=\"%s\"\n",
op->o_noop ? " (no-op)" : "",
e.e_id, op->o_req_dn.bv_val );
rs->sr_err = LDAP_SUCCESS;
rs->sr_text = NULL;
if( num_ctrls ) rs->sr_ctrls = ctrls;
return_results:
if ( NA2.ocs ) {
ber_bvarray_free_x( NA2.ocs, op->o_tmpmemctx );
NA2.ocs = NULL;
}
if ( NA.ocs ) {
ber_bvarray_free_x( NA.ocs, op->o_tmpmemctx );
NA.ocs = NULL;
}
if ( e.e_attrs ) {
attrs_free( e.e_attrs );
e.e_attrs = NULL;
}
if( NA.txn != NULL ) {
NA.txn->execute( Rollback );
NA.txn->close();
}
send_ldap_result( op, rs );
slap_graduate_commit_csn( op );
if( new_dn.bv_val != NULL ) free( new_dn.bv_val );
if( new_ndn.bv_val != NULL ) free( new_ndn.bv_val );
if( preread_ctrl != NULL && (*preread_ctrl) != NULL ) {
slap_sl_free( (*preread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
slap_sl_free( *preread_ctrl, op->o_tmpmemctx );
}
if( postread_ctrl != NULL && (*postread_ctrl) != NULL ) {
slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
slap_sl_free( *postread_ctrl, op->o_tmpmemctx );
}
rs->sr_text = NULL;
return rs->sr_err;
}
int
bdb_modrdn( Operation *op, SlapReply *rs )
{
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
AttributeDescription *children = slap_schema.si_ad_children;
AttributeDescription *entry = slap_schema.si_ad_entry;
struct berval p_dn, p_ndn;
struct berval new_dn = {0, NULL}, new_ndn = {0, NULL};
Entry *e = NULL;
Entry *p = NULL;
EntryInfo *ei = NULL, *eip = NULL, *nei = NULL, *neip = NULL;
/* LDAP v2 supporting correct attribute handling. */
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof textbuf;
DB_TXN *ltid = NULL, *lt2;
struct bdb_op_info opinfo = {{{ 0 }}};
Entry dummy = {0};
Entry *np = NULL; /* newSuperior Entry */
struct berval *np_dn = NULL; /* newSuperior dn */
struct berval *np_ndn = NULL; /* newSuperior ndn */
struct berval *new_parent_dn = NULL; /* np_dn, p_dn, or NULL */
int manageDSAit = get_manageDSAit( op );
DB_LOCK lock, plock, nplock;
int num_retries = 0;
LDAPControl **preread_ctrl = NULL;
LDAPControl **postread_ctrl = NULL;
LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
int num_ctrls = 0;
int rc;
int parent_is_glue = 0;
int parent_is_leaf = 0;
#ifdef LDAP_X_TXN
int settle = 0;
#endif
Debug( LDAP_DEBUG_TRACE, "==>" LDAP_XSTRING(bdb_modrdn) "(%s,%s,%s)\n",
op->o_req_dn.bv_val,op->oq_modrdn.rs_newrdn.bv_val,
op->oq_modrdn.rs_newSup ? op->oq_modrdn.rs_newSup->bv_val : "NULL" );
#ifdef LDAP_X_TXN
if( op->o_txnSpec ) {
/* acquire connection lock */
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
if( op->o_conn->c_txn == CONN_TXN_INACTIVE ) {
rs->sr_text = "invalid transaction identifier";
rs->sr_err = LDAP_X_TXN_ID_INVALID;
goto txnReturn;
} else if( op->o_conn->c_txn == CONN_TXN_SETTLE ) {
settle=1;
goto txnReturn;
}
if( op->o_conn->c_txn_backend == NULL ) {
op->o_conn->c_txn_backend = op->o_bd;
} else if( op->o_conn->c_txn_backend != op->o_bd ) {
rs->sr_text = "transaction cannot span multiple database contexts";
rs->sr_err = LDAP_AFFECTS_MULTIPLE_DSAS;
goto txnReturn;
}
/* insert operation into transaction */
rs->sr_text = "transaction specified";
rs->sr_err = LDAP_X_TXN_SPECIFY_OKAY;
txnReturn:
/* release connection lock */
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
if( !settle ) {
send_ldap_result( op, rs );
return rs->sr_err;
}
}
#endif
ctrls[num_ctrls] = NULL;
slap_mods_opattrs( op, &op->orr_modlist, 1 );
if( 0 ) {
retry: /* transaction retry */
if ( dummy.e_attrs ) {
attrs_free( dummy.e_attrs );
dummy.e_attrs = NULL;
}
if (e != NULL) {
bdb_unlocked_cache_return_entry_w(&bdb->bi_cache, e);
e = NULL;
}
if (p != NULL) {
bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, p);
p = NULL;
}
if (np != NULL) {
bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, np);
np = NULL;
}
Debug( LDAP_DEBUG_TRACE, "==>" LDAP_XSTRING(bdb_modrdn)
": retrying...\n", 0, 0, 0 );
rs->sr_err = TXN_ABORT( ltid );
ltid = NULL;
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
opinfo.boi_oe.oe_key = NULL;
op->o_do_not_cache = opinfo.boi_acl_cache;
if( rs->sr_err != 0 ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
if ( op->o_abandon ) {
rs->sr_err = SLAPD_ABANDON;
goto return_results;
}
parent_is_glue = 0;
parent_is_leaf = 0;
bdb_trans_backoff( ++num_retries );
}
/* begin transaction */
rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, NULL, <id,
bdb->bi_db_opflags );
rs->sr_text = NULL;
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modrdn) ": txn_begin failed: "
"%s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_modrdn) ": txn1 id: %x\n",
ltid->id(ltid), 0, 0 );
opinfo.boi_oe.oe_key = bdb;
opinfo.boi_txn = ltid;
opinfo.boi_err = 0;
opinfo.boi_acl_cache = op->o_do_not_cache;
LDAP_SLIST_INSERT_HEAD( &op->o_extra, &opinfo.boi_oe, oe_next );
/* get entry */
rs->sr_err = bdb_dn2entry( op, ltid, &op->o_req_ndn, &ei, 1,
&lock );
switch( rs->sr_err ) {
case 0:
case DB_NOTFOUND:
break;
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
case LDAP_BUSY:
rs->sr_text = "ldap server busy";
goto return_results;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
e = ei->bei_e;
/* FIXME: dn2entry() should return non-glue entry */
if (( rs->sr_err == DB_NOTFOUND ) ||
( !manageDSAit && e && is_entry_glue( e )))
{
if( e != NULL ) {
rs->sr_matched = ch_strdup( e->e_dn );
rs->sr_ref = is_entry_referral( e )
? get_entry_referrals( op, e )
: NULL;
bdb_unlocked_cache_return_entry_r( &bdb->bi_cache, e);
e = NULL;
} else {
rs->sr_ref = referral_rewrite( default_referral, NULL,
&op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
ber_bvarray_free( rs->sr_ref );
free( (char *)rs->sr_matched );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
goto done;
}
if ( get_assert( op ) &&
( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
{
rs->sr_err = LDAP_ASSERTION_FAILED;
goto return_results;
}
/* check write on old entry */
rs->sr_err = access_allowed( op, e, entry, NULL, ACL_WRITE, NULL );
if ( ! rs->sr_err ) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
Debug( LDAP_DEBUG_TRACE, "no access to entry\n", 0,
0, 0 );
rs->sr_text = "no write access to old entry";
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
#ifndef BDB_HIER
rs->sr_err = bdb_cache_children( op, ltid, e );
if ( rs->sr_err != DB_NOTFOUND ) {
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
case 0:
Debug(LDAP_DEBUG_ARGS,
"<=- " LDAP_XSTRING(bdb_modrdn)
": non-leaf %s\n",
op->o_req_dn.bv_val, 0, 0);
rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF;
rs->sr_text = "subtree rename not supported";
break;
default:
Debug(LDAP_DEBUG_ARGS,
"<=- " LDAP_XSTRING(bdb_modrdn)
": has_children failed: %s (%d)\n",
db_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
}
goto return_results;
}
ei->bei_state |= CACHE_ENTRY_NO_KIDS;
#endif
if (!manageDSAit && is_entry_referral( e ) ) {
/* parent is a referral, don't allow add */
rs->sr_ref = get_entry_referrals( op, e );
Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_modrdn)
": entry %s is referral\n", e->e_dn, 0, 0 );
rs->sr_err = LDAP_REFERRAL,
rs->sr_matched = e->e_name.bv_val;
send_ldap_result( op, rs );
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
goto done;
}
if ( be_issuffix( op->o_bd, &e->e_nname ) ) {
#ifdef BDB_MULTIPLE_SUFFIXES
/* Allow renaming one suffix entry to another */
p_ndn = slap_empty_bv;
#else
/* There can only be one suffix entry */
rs->sr_err = LDAP_NAMING_VIOLATION;
rs->sr_text = "cannot rename suffix entry";
goto return_results;
#endif
} else {
dnParent( &e->e_nname, &p_ndn );
}
np_ndn = &p_ndn;
eip = ei->bei_parent;
if ( eip && eip->bei_id ) {
/* Make sure parent entry exist and we can write its
* children.
*/
rs->sr_err = bdb_cache_find_id( op, ltid,
eip->bei_id, &eip, 0, &plock );
switch( rs->sr_err ) {
case 0:
case DB_NOTFOUND:
break;
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
case LDAP_BUSY:
rs->sr_text = "ldap server busy";
goto return_results;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
p = eip->bei_e;
if( p == NULL) {
Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_modrdn)
": parent does not exist\n", 0, 0, 0);
rs->sr_err = LDAP_OTHER;
rs->sr_text = "old entry's parent does not exist";
goto return_results;
}
} else {
p = (Entry *)&slap_entry_root;
}
/* check parent for "children" acl */
rs->sr_err = access_allowed( op, p,
children, NULL,
op->oq_modrdn.rs_newSup == NULL ?
ACL_WRITE : ACL_WDEL,
NULL );
if ( !p_ndn.bv_len )
p = NULL;
if ( ! rs->sr_err ) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
0, 0 );
rs->sr_text = "no write access to old parent's children";
goto return_results;
}
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modrdn) ": wr to children "
"of entry %s OK\n", p_ndn.bv_val, 0, 0 );
if ( p_ndn.bv_val == slap_empty_bv.bv_val ) {
p_dn = slap_empty_bv;
} else {
dnParent( &e->e_name, &p_dn );
}
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modrdn) ": parent dn=%s\n",
p_dn.bv_val, 0, 0 );
new_parent_dn = &p_dn; /* New Parent unless newSuperior given */
if ( op->oq_modrdn.rs_newSup != NULL ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modrdn)
": new parent \"%s\" requested...\n",
op->oq_modrdn.rs_newSup->bv_val, 0, 0 );
/* newSuperior == oldParent? */
if( dn_match( &p_ndn, op->oq_modrdn.rs_nnewSup ) ) {
Debug( LDAP_DEBUG_TRACE, "bdb_back_modrdn: "
"new parent \"%s\" same as the old parent \"%s\"\n",
op->oq_modrdn.rs_newSup->bv_val, p_dn.bv_val, 0 );
op->oq_modrdn.rs_newSup = NULL; /* ignore newSuperior */
}
}
/* There's a BDB_MULTIPLE_SUFFIXES case here that this code doesn't
* support. E.g., two suffixes dc=foo,dc=com and dc=bar,dc=net.
* We do not allow modDN
* dc=foo,dc=com
* newrdn dc=bar
* newsup dc=net
* and we probably should. But since MULTIPLE_SUFFIXES is deprecated
* I'm ignoring this problem for now.
*/
if ( op->oq_modrdn.rs_newSup != NULL ) {
if ( op->oq_modrdn.rs_newSup->bv_len ) {
np_dn = op->oq_modrdn.rs_newSup;
np_ndn = op->oq_modrdn.rs_nnewSup;
/* newSuperior == oldParent? - checked above */
/* newSuperior == entry being moved?, if so ==> ERROR */
if ( dnIsSuffix( np_ndn, &e->e_nname )) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
rs->sr_text = "new superior not found";
goto return_results;
}
/* Get Entry with dn=newSuperior. Does newSuperior exist? */
rs->sr_err = bdb_dn2entry( op, ltid, np_ndn,
&neip, 0, &nplock );
switch( rs->sr_err ) {
case 0: np = neip->bei_e;
case DB_NOTFOUND:
break;
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
case LDAP_BUSY:
rs->sr_text = "ldap server busy";
goto return_results;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
if( np == NULL) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modrdn)
": newSup(ndn=%s) not here!\n",
np_ndn->bv_val, 0, 0);
rs->sr_text = "new superior not found";
rs->sr_err = LDAP_NO_SUCH_OBJECT;
goto return_results;
}
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modrdn)
": wr to new parent OK np=%p, id=%ld\n",
(void *) np, (long) np->e_id, 0 );
/* check newSuperior for "children" acl */
rs->sr_err = access_allowed( op, np, children,
NULL, ACL_WADD, NULL );
if( ! rs->sr_err ) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modrdn)
": no wr to newSup children\n",
0, 0, 0 );
rs->sr_text = "no write access to new superior's children";
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
if ( is_entry_alias( np ) ) {
/* parent is an alias, don't allow add */
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modrdn)
": entry is alias\n",
0, 0, 0 );
rs->sr_text = "new superior is an alias";
rs->sr_err = LDAP_ALIAS_PROBLEM;
goto return_results;
}
if ( is_entry_referral( np ) ) {
/* parent is a referral, don't allow add */
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modrdn)
": entry is referral\n",
0, 0, 0 );
rs->sr_text = "new superior is a referral";
rs->sr_err = LDAP_OTHER;
goto return_results;
}
} else {
np_dn = NULL;
/* no parent, modrdn entry directly under root */
if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
|| be_isupdate( op ) ) {
np = (Entry *)&slap_entry_root;
/* check parent for "children" acl */
rs->sr_err = access_allowed( op, np,
children, NULL, ACL_WADD, NULL );
np = NULL;
if ( ! rs->sr_err ) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
Debug( LDAP_DEBUG_TRACE,
"no access to new superior\n",
0, 0, 0 );
rs->sr_text =
"no write access to new superior's children";
goto return_results;
}
}
}
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modrdn)
": wr to new parent's children OK\n",
0, 0, 0 );
new_parent_dn = np_dn;
}
/* Build target dn and make sure target entry doesn't exist already. */
if (!new_dn.bv_val) {
build_new_dn( &new_dn, new_parent_dn, &op->oq_modrdn.rs_newrdn, NULL );
}
if (!new_ndn.bv_val) {
struct berval bv = {0, NULL};
dnNormalize( 0, NULL, NULL, &new_dn, &bv, op->o_tmpmemctx );
ber_dupbv( &new_ndn, &bv );
/* FIXME: why not call dnNormalize() w/o ctx? */
op->o_tmpfree( bv.bv_val, op->o_tmpmemctx );
}
Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_modrdn) ": new ndn=%s\n",
new_ndn.bv_val, 0, 0 );
/* Shortcut the search */
nei = neip ? neip : eip;
rs->sr_err = bdb_cache_find_ndn ( op, ltid, &new_ndn, &nei );
if ( nei ) bdb_cache_entryinfo_unlock( nei );
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
case DB_NOTFOUND:
break;
case 0:
/* Allow rename to same DN */
if ( nei == ei )
break;
rs->sr_err = LDAP_ALREADY_EXISTS;
goto return_results;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
assert( op->orr_modlist != NULL );
if( op->o_preread ) {
if( preread_ctrl == NULL ) {
preread_ctrl = &ctrls[num_ctrls++];
ctrls[num_ctrls] = NULL;
}
if( slap_read_controls( op, rs, e,
&slap_pre_read_bv, preread_ctrl ) )
{
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_modrdn)
": pre-read failed!\n", 0, 0, 0 );
if ( op->o_preread & SLAP_CONTROL_CRITICAL ) {
/* FIXME: is it correct to abort
* operation if control fails? */
goto return_results;
}
}
}
/* nested transaction */
rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, ltid, <2, bdb->bi_db_opflags );
rs->sr_text = NULL;
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modrdn)
": txn_begin(2) failed: %s (%d)\n",
db_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_modrdn) ": txn2 id: %x\n",
lt2->id(lt2), 0, 0 );
/* delete old DN */
rs->sr_err = bdb_dn2id_delete( op, lt2, eip, e );
if ( rs->sr_err != 0 ) {
Debug(LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_modrdn)
": dn2id del failed: %s (%d)\n",
db_strerror(rs->sr_err), rs->sr_err, 0 );
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
rs->sr_err = LDAP_OTHER;
rs->sr_text = "DN index delete fail";
goto return_results;
}
/* copy the entry, then override some fields */
dummy = *e;
dummy.e_name = new_dn;
dummy.e_nname = new_ndn;
dummy.e_attrs = NULL;
/* add new DN */
rs->sr_err = bdb_dn2id_add( op, lt2, neip ? neip : eip, &dummy );
if ( rs->sr_err != 0 ) {
Debug(LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_modrdn)
": dn2id add failed: %s (%d)\n",
db_strerror(rs->sr_err), rs->sr_err, 0 );
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
rs->sr_err = LDAP_OTHER;
rs->sr_text = "DN index add failed";
goto return_results;
}
dummy.e_attrs = e->e_attrs;
/* modify entry */
rs->sr_err = bdb_modify_internal( op, lt2, op->orr_modlist, &dummy,
&rs->sr_text, textbuf, textlen );
if( rs->sr_err != LDAP_SUCCESS ) {
Debug(LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_modrdn)
": modify failed: %s (%d)\n",
db_strerror(rs->sr_err), rs->sr_err, 0 );
if ( ( rs->sr_err == LDAP_INSUFFICIENT_ACCESS ) && opinfo.boi_err ) {
rs->sr_err = opinfo.boi_err;
}
if ( dummy.e_attrs == e->e_attrs ) dummy.e_attrs = NULL;
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
goto return_results;
}
/* id2entry index */
rs->sr_err = bdb_id2entry_update( op->o_bd, lt2, &dummy );
if ( rs->sr_err != 0 ) {
Debug(LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_modrdn)
": id2entry failed: %s (%d)\n",
db_strerror(rs->sr_err), rs->sr_err, 0 );
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
rs->sr_err = LDAP_OTHER;
rs->sr_text = "entry update failed";
goto return_results;
}
if ( p_ndn.bv_len != 0 ) {
parent_is_glue = is_entry_glue(p);
rs->sr_err = bdb_cache_children( op, lt2, p );
if ( rs->sr_err != DB_NOTFOUND ) {
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
case 0:
break;
default:
Debug(LDAP_DEBUG_ARGS,
"<=- " LDAP_XSTRING(bdb_modrdn)
": has_children failed: %s (%d)\n",
db_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
parent_is_leaf = 1;
}
bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, p);
p = NULL;
}
if ( TXN_COMMIT( lt2, 0 ) != 0 ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "txn_commit(2) failed";
goto return_results;
}
if( op->o_postread ) {
if( postread_ctrl == NULL ) {
postread_ctrl = &ctrls[num_ctrls++];
ctrls[num_ctrls] = NULL;
}
if( slap_read_controls( op, rs, &dummy,
&slap_post_read_bv, postread_ctrl ) )
{
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_modrdn)
": post-read failed!\n", 0, 0, 0 );
if ( op->o_postread & SLAP_CONTROL_CRITICAL ) {
/* FIXME: is it correct to abort
* operation if control fails? */
goto return_results;
}
}
}
if( op->o_noop ) {
if(( rs->sr_err=TXN_ABORT( ltid )) != 0 ) {
rs->sr_text = "txn_abort (no-op) failed";
} else {
rs->sr_err = LDAP_X_NO_OPERATION;
ltid = NULL;
/* Only free attrs if they were dup'd. */
if ( dummy.e_attrs == e->e_attrs ) dummy.e_attrs = NULL;
goto return_results;
}
} else {
rc = bdb_cache_modrdn( bdb, e, &op->orr_nnewrdn, &dummy, neip,
ltid, &lock );
switch( rc ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
dummy.e_attrs = NULL;
new_dn.bv_val = NULL;
new_ndn.bv_val = NULL;
if(( rs->sr_err=TXN_COMMIT( ltid, 0 )) != 0 ) {
rs->sr_text = "txn_commit failed";
} else {
rs->sr_err = LDAP_SUCCESS;
}
}
ltid = NULL;
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
opinfo.boi_oe.oe_key = NULL;
if( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modrdn) ": %s : %s (%d)\n",
rs->sr_text, db_strerror(rs->sr_err), rs->sr_err );
rs->sr_err = LDAP_OTHER;
goto return_results;
}
Debug(LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modrdn)
": rdn modified%s id=%08lx dn=\"%s\"\n",
op->o_noop ? " (no-op)" : "",
dummy.e_id, op->o_req_dn.bv_val );
rs->sr_text = NULL;
if( num_ctrls ) rs->sr_ctrls = ctrls;
return_results:
if ( dummy.e_attrs ) {
attrs_free( dummy.e_attrs );
}
send_ldap_result( op, rs );
if( rs->sr_err == LDAP_SUCCESS && bdb->bi_txn_cp_kbyte ) {
TXN_CHECKPOINT( bdb->bi_dbenv,
bdb->bi_txn_cp_kbyte, bdb->bi_txn_cp_min, 0 );
}
if ( rs->sr_err == LDAP_SUCCESS && parent_is_glue && parent_is_leaf ) {
op->o_delete_glue_parent = 1;
}
done:
slap_graduate_commit_csn( op );
if( new_dn.bv_val != NULL ) free( new_dn.bv_val );
if( new_ndn.bv_val != NULL ) free( new_ndn.bv_val );
/* LDAP v3 Support */
if( np != NULL ) {
/* free new parent and reader lock */
bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, np);
}
if( p != NULL ) {
/* free parent and reader lock */
bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, p);
}
/* free entry */
if( e != NULL ) {
bdb_unlocked_cache_return_entry_w( &bdb->bi_cache, e);
}
if( ltid != NULL ) {
TXN_ABORT( ltid );
}
if ( opinfo.boi_oe.oe_key ) {
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
}
if( preread_ctrl != NULL && (*preread_ctrl) != NULL ) {
slap_sl_free( (*preread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
slap_sl_free( *preread_ctrl, op->o_tmpmemctx );
}
if( postread_ctrl != NULL && (*postread_ctrl) != NULL ) {
slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
slap_sl_free( *postread_ctrl, op->o_tmpmemctx );
}
return rs->sr_err;
}
meta_search_candidate_t
asyncmeta_back_search_start(
Operation *op,
SlapReply *rs,
a_metaconn_t *mc,
bm_context_t *bc,
int candidate,
struct berval *prcookie,
ber_int_t prsize )
{
SlapReply *candidates = bc->candidates;
a_metainfo_t *mi = ( a_metainfo_t * )mc->mc_info;
a_metatarget_t *mt = mi->mi_targets[ candidate ];
a_metasingleconn_t *msc = &mc->mc_conns[ candidate ];
a_dncookie dc;
struct berval realbase = op->o_req_dn;
int realscope = op->ors_scope;
struct berval mbase = BER_BVNULL;
struct berval mfilter = BER_BVNULL;
char **mapped_attrs = NULL;
int rc;
meta_search_candidate_t retcode;
int timelimit;
int nretries = 1;
LDAPControl **ctrls = NULL;
BerElement *ber;
ber_int_t msgid;
#ifdef SLAPD_META_CLIENT_PR
LDAPControl **save_ctrls = NULL;
#endif /* SLAPD_META_CLIENT_PR */
/* this should not happen; just in case... */
if ( msc->msc_ld == NULL ) {
Debug( LDAP_DEBUG_ANY,
"%s: asyncmeta_back_search_start candidate=%d ld=NULL%s.\n",
op->o_log_prefix, candidate,
META_BACK_ONERR_STOP( mi ) ? "" : " (ignored)" );
candidates[ candidate ].sr_err = LDAP_OTHER;
if ( META_BACK_ONERR_STOP( mi ) ) {
return META_SEARCH_ERR;
}
candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
return META_SEARCH_NOT_CANDIDATE;
}
Debug( LDAP_DEBUG_TRACE, "%s >>> asyncmeta_back_search_start[%d]\n", op->o_log_prefix, candidate, 0 );
/*
* modifies the base according to the scope, if required
*/
if ( mt->mt_nsuffix.bv_len > op->o_req_ndn.bv_len ) {
switch ( op->ors_scope ) {
case LDAP_SCOPE_SUBTREE:
/*
* make the target suffix the new base
* FIXME: this is very forgiving, because
* "illegal" searchBases may be turned
* into the suffix of the target; however,
* the requested searchBase already passed
* thru the candidate analyzer...
*/
if ( dnIsSuffix( &mt->mt_nsuffix, &op->o_req_ndn ) ) {
realbase = mt->mt_nsuffix;
if ( mt->mt_scope == LDAP_SCOPE_SUBORDINATE ) {
realscope = LDAP_SCOPE_SUBORDINATE;
}
} else {
/*
* this target is no longer candidate
*/
retcode = META_SEARCH_NOT_CANDIDATE;
goto doreturn;
}
break;
case LDAP_SCOPE_SUBORDINATE:
case LDAP_SCOPE_ONELEVEL:
{
struct berval rdn = mt->mt_nsuffix;
rdn.bv_len -= op->o_req_ndn.bv_len + STRLENOF( "," );
if ( dnIsOneLevelRDN( &rdn )
&& dnIsSuffix( &mt->mt_nsuffix, &op->o_req_ndn ) )
{
/*
* if there is exactly one level,
* make the target suffix the new
* base, and make scope "base"
*/
realbase = mt->mt_nsuffix;
if ( op->ors_scope == LDAP_SCOPE_SUBORDINATE ) {
if ( mt->mt_scope == LDAP_SCOPE_SUBORDINATE ) {
realscope = LDAP_SCOPE_SUBORDINATE;
} else {
realscope = LDAP_SCOPE_SUBTREE;
}
} else {
realscope = LDAP_SCOPE_BASE;
}
break;
} /* else continue with the next case */
}
case LDAP_SCOPE_BASE:
/*
* this target is no longer candidate
*/
retcode = META_SEARCH_NOT_CANDIDATE;
goto doreturn;
}
}
/* check filter expression */
if ( mt->mt_filter ) {
metafilter_t *mf;
for ( mf = mt->mt_filter; mf; mf = mf->mf_next ) {
if ( regexec( &mf->mf_regex, op->ors_filterstr.bv_val, 0, NULL, 0 ) == 0 )
break;
}
/* nothing matched, this target is no longer a candidate */
if ( !mf ) {
retcode = META_SEARCH_NOT_CANDIDATE;
goto doreturn;
}
}
/*
* Rewrite the search base, if required
*/
dc.target = mt;
dc.ctx = "searchBase";
dc.conn = op->o_conn;
dc.rs = rs;
switch ( asyncmeta_dn_massage( &dc, &realbase, &mbase ) ) {
case LDAP_SUCCESS:
break;
case LDAP_UNWILLING_TO_PERFORM:
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
rs->sr_text = "Operation not allowed";
retcode = META_SEARCH_ERR;
goto doreturn;
default:
/*
* this target is no longer candidate
*/
retcode = META_SEARCH_NOT_CANDIDATE;
goto doreturn;
}
/*
* Maps filter
*/
rc = asyncmeta_filter_map_rewrite( &dc, op->ors_filter,
&mfilter, BACKLDAP_MAP, NULL );
switch ( rc ) {
case LDAP_SUCCESS:
break;
case LDAP_COMPARE_FALSE:
default:
/*
* this target is no longer candidate
*/
retcode = META_SEARCH_NOT_CANDIDATE;
goto done;
}
/*
* Maps required attributes
*/
rc = asyncmeta_map_attrs( op, &mt->mt_rwmap.rwm_at,
op->ors_attrs, BACKLDAP_MAP, &mapped_attrs );
if ( rc != LDAP_SUCCESS ) {
/*
* this target is no longer candidate
*/
retcode = META_SEARCH_NOT_CANDIDATE;
goto done;
}
if ( op->ors_tlimit != SLAP_NO_LIMIT ) {
timelimit = op->ors_tlimit > 0 ? op->ors_tlimit : 1;
} else {
timelimit = -1; /* no limit */
}
#ifdef SLAPD_META_CLIENT_PR
save_ctrls = op->o_ctrls;
{
LDAPControl *pr_c = NULL;
int i = 0, nc = 0;
if ( save_ctrls ) {
for ( ; save_ctrls[i] != NULL; i++ );
nc = i;
pr_c = ldap_control_find( LDAP_CONTROL_PAGEDRESULTS, save_ctrls, NULL );
}
if ( pr_c != NULL ) nc--;
if ( mt->mt_ps > 0 || prcookie != NULL ) nc++;
if ( mt->mt_ps > 0 || prcookie != NULL || pr_c != NULL ) {
int src = 0, dst = 0;
BerElementBuffer berbuf;
BerElement *ber = (BerElement *)&berbuf;
struct berval val = BER_BVNULL;
ber_len_t len;
len = sizeof( LDAPControl * )*( nc + 1 ) + sizeof( LDAPControl );
if ( mt->mt_ps > 0 || prcookie != NULL ) {
struct berval nullcookie = BER_BVNULL;
ber_tag_t tag;
if ( prsize == 0 && mt->mt_ps > 0 ) prsize = mt->mt_ps;
if ( prcookie == NULL ) prcookie = &nullcookie;
ber_init2( ber, NULL, LBER_USE_DER );
tag = ber_printf( ber, "{iO}", prsize, prcookie );
if ( tag == LBER_ERROR ) {
/* error */
(void) ber_free_buf( ber );
goto done_pr;
}
tag = ber_flatten2( ber, &val, 0 );
if ( tag == LBER_ERROR ) {
/* error */
(void) ber_free_buf( ber );
goto done_pr;
}
len += val.bv_len + 1;
}
op->o_ctrls = op->o_tmpalloc( len, op->o_tmpmemctx );
if ( save_ctrls ) {
for ( ; save_ctrls[ src ] != NULL; src++ ) {
if ( save_ctrls[ src ] != pr_c ) {
op->o_ctrls[ dst ] = save_ctrls[ src ];
dst++;
}
}
}
if ( mt->mt_ps > 0 || prcookie != NULL ) {
op->o_ctrls[ dst ] = (LDAPControl *)&op->o_ctrls[ nc + 1 ];
op->o_ctrls[ dst ]->ldctl_oid = LDAP_CONTROL_PAGEDRESULTS;
op->o_ctrls[ dst ]->ldctl_iscritical = 1;
op->o_ctrls[ dst ]->ldctl_value.bv_val = (char *)&op->o_ctrls[ dst ][ 1 ];
AC_MEMCPY( op->o_ctrls[ dst ]->ldctl_value.bv_val, val.bv_val, val.bv_len + 1 );
op->o_ctrls[ dst ]->ldctl_value.bv_len = val.bv_len;
dst++;
(void)ber_free_buf( ber );
}
op->o_ctrls[ dst ] = NULL;
}
done_pr:;
}
#endif /* SLAPD_META_CLIENT_PR */
retry:;
asyncmeta_set_msc_time(msc);
ctrls = op->o_ctrls;
if (nretries == 0)
{
if (rc != LDAP_SUCCESS)
{
rs->sr_err = LDAP_BUSY;
retcode = META_SEARCH_ERR;
candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
goto done;
}
}
if ( asyncmeta_controls_add( op, rs, mc, candidate, &ctrls )
!= LDAP_SUCCESS )
{
candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
retcode = META_SEARCH_NOT_CANDIDATE;
goto done;
}
/*
* Starts the search
*/
ber = ldap_build_search_req( msc->msc_ld,
mbase.bv_val, realscope, mfilter.bv_val,
mapped_attrs, op->ors_attrsonly,
ctrls, NULL, timelimit, op->ors_slimit, op->ors_deref,
&msgid );
if (ber) {
candidates[ candidate ].sr_msgid = msgid;
rc = ldap_send_initial_request( msc->msc_ld, LDAP_REQ_SEARCH,
mbase.bv_val, ber, msgid );
if (rc == msgid)
rc = LDAP_SUCCESS;
else
rc = LDAP_SERVER_DOWN;
switch ( rc ) {
case LDAP_SUCCESS:
retcode = META_SEARCH_CANDIDATE;
asyncmeta_set_msc_time(msc);
break;
case LDAP_SERVER_DOWN:
ldap_pvt_thread_mutex_lock( &mc->mc_om_mutex);
if (mc->mc_active < 1) {
asyncmeta_clear_one_msc(NULL, mc, candidate);
}
ldap_pvt_thread_mutex_unlock( &mc->mc_om_mutex);
if ( nretries && asyncmeta_retry( op, rs, &mc, candidate, LDAP_BACK_DONTSEND ) ) {
nretries = 0;
/* if the identity changed, there might be need to re-authz */
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
goto retry;
}
rs->sr_err = LDAP_UNAVAILABLE;
retcode = META_SEARCH_ERR;
break;
default:
candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
retcode = META_SEARCH_NOT_CANDIDATE;
}
}
done:;
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
#ifdef SLAPD_META_CLIENT_PR
if ( save_ctrls != op->o_ctrls ) {
op->o_tmpfree( op->o_ctrls, op->o_tmpmemctx );
op->o_ctrls = save_ctrls;
}
#endif /* SLAPD_META_CLIENT_PR */
if ( mapped_attrs ) {
ber_memfree_x( mapped_attrs, op->o_tmpmemctx );
}
if ( mfilter.bv_val != op->ors_filterstr.bv_val ) {
ber_memfree_x( mfilter.bv_val, NULL );
}
if ( mbase.bv_val != realbase.bv_val ) {
free( mbase.bv_val );
}
doreturn:;
Debug( LDAP_DEBUG_TRACE, "%s <<< asyncmeta_back_search_start[%p]=%d\n", op->o_log_prefix, msc, candidates[candidate].sr_msgid );
return retcode;
}
static int
aci_mask(
Operation *op,
Entry *e,
AttributeDescription *desc,
struct berval *val,
struct berval *aci,
int nmatch,
regmatch_t *matches,
slap_access_t *grant,
slap_access_t *deny,
slap_aci_scope_t asserted_scope )
{
struct berval bv,
scope,
perms,
type,
opts,
sdn;
int rc;
ACL_INIT( *grant );
ACL_INIT( *deny );
assert( !BER_BVISNULL( &desc->ad_cname ) );
/* parse an aci of the form:
oid # scope # action;rights;attr;rights;attr
$ action;rights;attr;rights;attr # type # subject
[NOTE: the following comment is very outdated,
as the draft version it refers to (Ando, 2004-11-20)].
See draft-ietf-ldapext-aci-model-04.txt section 9.1 for
a full description of the format for this attribute.
Differences: "this" in the draft is "self" here, and
"self" and "public" is in the position of type.
<scope> = {entry|children|subtree}
<type> = {public|users|access-id|subtree|onelevel|children|
self|dnattr|group|role|set|set-ref}
This routine now supports scope={ENTRY,CHILDREN}
with the semantics:
- ENTRY applies to "entry" and "subtree";
- CHILDREN applies to "children" and "subtree"
*/
/* check that the aci has all 5 components */
if ( acl_get_part( aci, 4, '#', NULL ) < 0 ) {
return 0;
}
/* check that the aci family is supported */
/* FIXME: the OID is ignored? */
if ( acl_get_part( aci, 0, '#', &bv ) < 0 ) {
return 0;
}
/* check that the scope matches */
if ( acl_get_part( aci, 1, '#', &scope ) < 0 ) {
return 0;
}
/* note: scope can be either ENTRY or CHILDREN;
* they respectively match "entry" and "children" in bv
* both match "subtree" */
switch ( asserted_scope ) {
case SLAP_ACI_SCOPE_ENTRY:
if ( ber_bvcmp( &scope, &aci_bv[ ACI_BV_ENTRY ] ) != 0
&& ber_bvstrcasecmp( &scope, &aci_bv[ ACI_BV_SUBTREE ] ) != 0 )
{
return 0;
}
break;
case SLAP_ACI_SCOPE_CHILDREN:
if ( ber_bvcmp( &scope, &aci_bv[ ACI_BV_CHILDREN ] ) != 0
&& ber_bvstrcasecmp( &scope, &aci_bv[ ACI_BV_SUBTREE ] ) != 0 )
{
return 0;
}
break;
case SLAP_ACI_SCOPE_SUBTREE:
/* TODO: add assertion? */
return 0;
}
/* get the list of permissions clauses, bail if empty */
if ( acl_get_part( aci, 2, '#', &perms ) <= 0 ) {
LDAP_BUG();
return 0;
}
/* check if any permissions allow desired access */
if ( aci_list_get_rights( &perms, &desc->ad_cname, val, grant, deny ) == 0 ) {
return 0;
}
/* see if we have a DN match */
if ( acl_get_part( aci, 3, '#', &type ) < 0 ) {
LDAP_BUG();
return 0;
}
/* see if we have a public (i.e. anonymous) access */
if ( ber_bvcmp( &aci_bv[ ACI_BV_PUBLIC ], &type ) == 0 ) {
return 1;
}
/* otherwise require an identity */
if ( BER_BVISNULL( &op->o_ndn ) || BER_BVISEMPTY( &op->o_ndn ) ) {
return 0;
}
/* see if we have a users access */
if ( ber_bvcmp( &aci_bv[ ACI_BV_USERS ], &type ) == 0 ) {
return 1;
}
/* NOTE: this may fail if a DN contains a valid '#' (unescaped);
* just grab all the berval up to its end (ITS#3303).
* NOTE: the problem could be solved by providing the DN with
* the embedded '#' encoded as hexpairs: "cn=Foo#Bar" would
* become "cn=Foo\23Bar" and be safely used by aci_mask(). */
#if 0
if ( acl_get_part( aci, 4, '#', &sdn ) < 0 ) {
return 0;
}
#endif
sdn.bv_val = type.bv_val + type.bv_len + STRLENOF( "#" );
sdn.bv_len = aci->bv_len - ( sdn.bv_val - aci->bv_val );
/* get the type options, if any */
if ( acl_get_part( &type, 1, '/', &opts ) > 0 ) {
opts.bv_len = type.bv_len - ( opts.bv_val - type.bv_val );
type.bv_len = opts.bv_val - type.bv_val - 1;
} else {
BER_BVZERO( &opts );
}
if ( ber_bvcmp( &aci_bv[ ACI_BV_ACCESS_ID ], &type ) == 0 ) {
return dn_match( &op->o_ndn, &sdn );
} else if ( ber_bvcmp( &aci_bv[ ACI_BV_SUBTREE ], &type ) == 0 ) {
return dnIsSuffix( &op->o_ndn, &sdn );
} else if ( ber_bvcmp( &aci_bv[ ACI_BV_ONELEVEL ], &type ) == 0 ) {
struct berval pdn;
dnParent( &sdn, &pdn );
return dn_match( &op->o_ndn, &pdn );
} else if ( ber_bvcmp( &aci_bv[ ACI_BV_CHILDREN ], &type ) == 0 ) {
return ( !dn_match( &op->o_ndn, &sdn ) && dnIsSuffix( &op->o_ndn, &sdn ) );
} else if ( ber_bvcmp( &aci_bv[ ACI_BV_SELF ], &type ) == 0 ) {
return dn_match( &op->o_ndn, &e->e_nname );
} else if ( ber_bvcmp( &aci_bv[ ACI_BV_DNATTR ], &type ) == 0 ) {
Attribute *at;
AttributeDescription *ad = NULL;
const char *text;
rc = slap_bv2ad( &sdn, &ad, &text );
assert( rc == LDAP_SUCCESS );
rc = 0;
for ( at = attrs_find( e->e_attrs, ad );
at != NULL;
at = attrs_find( at->a_next, ad ) )
{
if ( attr_valfind( at,
SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
&op->o_ndn, NULL, op->o_tmpmemctx ) == 0 )
{
rc = 1;
break;
}
}
return rc;
} else if ( ber_bvcmp( &aci_bv[ ACI_BV_GROUP ], &type ) == 0 ) {
struct berval oc,
at;
if ( BER_BVISNULL( &opts ) ) {
oc = aci_bv[ ACI_BV_GROUP_CLASS ];
at = aci_bv[ ACI_BV_GROUP_ATTR ];
} else {
if ( acl_get_part( &opts, 0, '/', &oc ) < 0 ) {
LDAP_BUG();
}
if ( acl_get_part( &opts, 1, '/', &at ) < 0 ) {
at = aci_bv[ ACI_BV_GROUP_ATTR ];
}
}
if ( aci_group_member( &sdn, &oc, &at, op, e, nmatch, matches ) )
{
return 1;
}
} else if ( ber_bvcmp( &aci_bv[ ACI_BV_ROLE ], &type ) == 0 ) {
struct berval oc,
at;
if ( BER_BVISNULL( &opts ) ) {
oc = aci_bv[ ACI_BV_ROLE_CLASS ];
at = aci_bv[ ACI_BV_ROLE_ATTR ];
} else {
if ( acl_get_part( &opts, 0, '/', &oc ) < 0 ) {
LDAP_BUG();
}
if ( acl_get_part( &opts, 1, '/', &at ) < 0 ) {
at = aci_bv[ ACI_BV_ROLE_ATTR ];
}
}
if ( aci_group_member( &sdn, &oc, &at, op, e, nmatch, matches ) )
{
return 1;
}
} else if ( ber_bvcmp( &aci_bv[ ACI_BV_SET ], &type ) == 0 ) {
if ( acl_match_set( &sdn, op, e, NULL ) ) {
return 1;
}
} else if ( ber_bvcmp( &aci_bv[ ACI_BV_SET_REF ], &type ) == 0 ) {
if ( acl_match_set( &sdn, op, e, (struct berval *)&aci_bv[ ACI_BV_SET_ATTR ] ) ) {
return 1;
}
} else {
/* it passed normalization! */
LDAP_BUG();
}
return 0;
}
static int
allop_op_search( Operation *op, SlapReply *rs )
{
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
allop_t *ao = (allop_t *)on->on_bi.bi_private;
slap_mask_t mask;
int i,
add_allUser = 0;
if ( ao == NULL ) {
if ( !BER_BVISEMPTY( &op->o_req_ndn )
|| op->ors_scope != LDAP_SCOPE_BASE )
{
return SLAP_CB_CONTINUE;
}
} else {
if ( !dnIsSuffix( &op->o_req_ndn, &ao->ao_ndn ) ) {
return SLAP_CB_CONTINUE;
}
switch ( ao->ao_scope ) {
case LDAP_SCOPE_BASE:
if ( op->o_req_ndn.bv_len != ao->ao_ndn.bv_len ) {
return SLAP_CB_CONTINUE;
}
break;
case LDAP_SCOPE_ONELEVEL:
if ( op->ors_scope == LDAP_SCOPE_BASE ) {
struct berval rdn = op->o_req_ndn;
rdn.bv_len -= ao->ao_ndn.bv_len + STRLENOF( "," );
if ( !dnIsOneLevelRDN( &rdn ) ) {
return SLAP_CB_CONTINUE;
}
break;
}
return SLAP_CB_CONTINUE;
case LDAP_SCOPE_SUBTREE:
break;
}
}
mask = slap_attr_flags( op->ors_attrs );
if ( SLAP_OPATTRS( mask ) ) {
return SLAP_CB_CONTINUE;
}
if ( !SLAP_USERATTRS( mask ) ) {
return SLAP_CB_CONTINUE;
}
i = 0;
if ( op->ors_attrs == NULL ) {
add_allUser = 1;
} else {
for ( ; !BER_BVISNULL( &op->ors_attrs[ i ].an_name ); i++ )
;
}
op->ors_attrs = op->o_tmprealloc( op->ors_attrs,
sizeof( AttributeName ) * ( i + add_allUser + 2 ),
op->o_tmpmemctx );
if ( add_allUser ) {
op->ors_attrs[ i ] = slap_anlist_all_user_attributes[ 0 ];
i++;
}
op->ors_attrs[ i ] = slap_anlist_all_operational_attributes[ 0 ];
BER_BVZERO( &op->ors_attrs[ i + 1 ].an_name );
return SLAP_CB_CONTINUE;
}
int
passwd_back_search(
Operation *op,
SlapReply *rs )
{
struct passwd *pw;
time_t stoptime = (time_t)-1;
LDAPRDN rdn = NULL;
struct berval parent = BER_BVNULL;
AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass;
if ( op->ors_tlimit != SLAP_NO_LIMIT ) {
stoptime = op->o_time + op->ors_tlimit;
}
/* Handle a query for the base of this backend */
if ( be_issuffix( op->o_bd, &op->o_req_ndn ) ) {
struct berval val;
rs->sr_matched = op->o_req_dn.bv_val;
if( op->ors_scope != LDAP_SCOPE_ONELEVEL ) {
AttributeDescription *desc = NULL;
char *next;
Entry e = { 0 };
/* Create an entry corresponding to the base DN */
e.e_name.bv_val = ch_strdup( op->o_req_dn.bv_val );
e.e_name.bv_len = op->o_req_dn.bv_len;
e.e_nname.bv_val = ch_strdup( op->o_req_ndn.bv_val );
e.e_nname.bv_len = op->o_req_ndn.bv_len;
/* Use the first attribute of the DN
* as an attribute within the entry itself.
*/
if( ldap_bv2rdn( &op->o_req_dn, &rdn, &next,
LDAP_DN_FORMAT_LDAP ) )
{
rs->sr_err = LDAP_INVALID_DN_SYNTAX;
goto done;
}
if( slap_bv2ad( &rdn[0]->la_attr, &desc, &rs->sr_text )) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
ldap_rdnfree(rdn);
goto done;
}
attr_merge_normalize_one( &e, desc, &rdn[0]->la_value, NULL );
ldap_rdnfree(rdn);
rdn = NULL;
/* Every entry needs an objectclass. We don't really
* know if our hardcoded choice here agrees with the
* DN that was configured for this backend, but it's
* better than nothing.
*
* should be a configuratable item
*/
BER_BVSTR( &val, "organizationalUnit" );
attr_merge_one( &e, ad_objectClass, &val, NULL );
if ( test_filter( op, &e, op->ors_filter ) == LDAP_COMPARE_TRUE ) {
rs->sr_entry = &e;
rs->sr_attrs = op->ors_attrs;
rs->sr_flags = REP_ENTRY_MODIFIABLE;
send_search_entry( op, rs );
rs->sr_flags = 0;
rs->sr_attrs = NULL;
}
entry_clean( &e );
}
if ( op->ors_scope != LDAP_SCOPE_BASE ) {
/* check all our "children" */
ldap_pvt_thread_mutex_lock( &passwd_mutex );
pw_start( op->o_bd );
for ( pw = getpwent(); pw != NULL; pw = getpwent() ) {
Entry e = { 0 };
/* check for abandon */
if ( op->o_abandon ) {
endpwent();
ldap_pvt_thread_mutex_unlock( &passwd_mutex );
return( SLAPD_ABANDON );
}
/* check time limit */
if ( op->ors_tlimit != SLAP_NO_LIMIT
&& slap_get_time() > stoptime )
{
send_ldap_error( op, rs, LDAP_TIMELIMIT_EXCEEDED, NULL );
endpwent();
ldap_pvt_thread_mutex_unlock( &passwd_mutex );
return( 0 );
}
if ( pw2entry( op->o_bd, pw, &e ) ) {
rs->sr_err = LDAP_OTHER;
endpwent();
ldap_pvt_thread_mutex_unlock( &passwd_mutex );
goto done;
}
if ( test_filter( op, &e, op->ors_filter ) == LDAP_COMPARE_TRUE ) {
/* check size limit */
if ( --op->ors_slimit == -1 ) {
send_ldap_error( op, rs, LDAP_SIZELIMIT_EXCEEDED, NULL );
endpwent();
ldap_pvt_thread_mutex_unlock( &passwd_mutex );
return( 0 );
}
rs->sr_entry = &e;
rs->sr_attrs = op->ors_attrs;
rs->sr_flags = REP_ENTRY_MODIFIABLE;
send_search_entry( op, rs );
rs->sr_flags = 0;
rs->sr_entry = NULL;
}
entry_clean( &e );
}
endpwent();
ldap_pvt_thread_mutex_unlock( &passwd_mutex );
}
} else {
char *next;
Entry e = { 0 };
int rc;
if (! be_issuffix( op->o_bd, &op->o_req_ndn ) ) {
dnParent( &op->o_req_ndn, &parent );
}
/* This backend is only one layer deep. Don't answer requests for
* anything deeper than that.
*/
if( !be_issuffix( op->o_bd, &parent ) ) {
int i;
for( i=0; op->o_bd->be_nsuffix[i].bv_val != NULL; i++ ) {
if( dnIsSuffix( &op->o_req_ndn, &op->o_bd->be_nsuffix[i] ) ) {
rs->sr_matched = op->o_bd->be_suffix[i].bv_val;
break;
}
}
rs->sr_err = LDAP_NO_SUCH_OBJECT;
goto done;
}
if( op->ors_scope == LDAP_SCOPE_ONELEVEL ) {
goto done;
}
if ( ldap_bv2rdn( &op->o_req_dn, &rdn, &next,
LDAP_DN_FORMAT_LDAP ))
{
rs->sr_err = LDAP_OTHER;
goto done;
}
ldap_pvt_thread_mutex_lock( &passwd_mutex );
pw_start( op->o_bd );
pw = getpwnam( rdn[0]->la_value.bv_val );
if ( pw == NULL ) {
rs->sr_matched = parent.bv_val;
rs->sr_err = LDAP_NO_SUCH_OBJECT;
ldap_pvt_thread_mutex_unlock( &passwd_mutex );
goto done;
}
rc = pw2entry( op->o_bd, pw, &e );
ldap_pvt_thread_mutex_unlock( &passwd_mutex );
if ( rc ) {
rs->sr_err = LDAP_OTHER;
goto done;
}
if ( test_filter( op, &e, op->ors_filter ) == LDAP_COMPARE_TRUE ) {
rs->sr_entry = &e;
rs->sr_attrs = op->ors_attrs;
rs->sr_flags = REP_ENTRY_MODIFIABLE;
send_search_entry( op, rs );
rs->sr_flags = 0;
rs->sr_entry = NULL;
rs->sr_attrs = NULL;
}
entry_clean( &e );
}
done:
if( rs->sr_err != LDAP_NO_SUCH_OBJECT ) rs->sr_matched = NULL;
send_ldap_result( op, rs );
if( rdn != NULL ) ldap_rdnfree( rdn );
return( 0 );
}
static int
ext_candidates(
Operation *op,
DB_TXN *rtxn,
MatchingRuleAssertion *mra,
ID *ids,
ID *tmp,
ID *stack)
{
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
#ifdef LDAP_COMP_MATCH
/*
* Currently Only Component Indexing for componentFilterMatch is supported
* Indexing for an extensible filter is not supported yet
*/
if ( mra->ma_cf ) {
return comp_candidates ( op, rtxn, mra, mra->ma_cf, ids, tmp, stack);
}
#endif
if ( mra->ma_desc == slap_schema.si_ad_entryDN ) {
int rc;
EntryInfo *ei;
BDB_IDL_ZERO( ids );
if ( mra->ma_rule == slap_schema.si_mr_distinguishedNameMatch ) {
ei = NULL;
rc = bdb_cache_find_ndn( op, rtxn, &mra->ma_value, &ei );
if ( rc == LDAP_SUCCESS )
bdb_idl_insert( ids, ei->bei_id );
if ( ei )
bdb_cache_entryinfo_unlock( ei );
return 0;
} else if ( mra->ma_rule && mra->ma_rule->smr_match ==
dnRelativeMatch && dnIsSuffix( &mra->ma_value,
op->o_bd->be_nsuffix )) {
int scope;
if ( mra->ma_rule == slap_schema.si_mr_dnSuperiorMatch ) {
struct berval pdn;
ei = NULL;
dnParent( &mra->ma_value, &pdn );
bdb_cache_find_ndn( op, rtxn, &pdn, &ei );
if ( ei ) {
bdb_cache_entryinfo_unlock( ei );
while ( ei && ei->bei_id ) {
bdb_idl_insert( ids, ei->bei_id );
ei = ei->bei_parent;
}
}
return 0;
}
if ( mra->ma_rule == slap_schema.si_mr_dnSubtreeMatch )
scope = LDAP_SCOPE_SUBTREE;
else if ( mra->ma_rule == slap_schema.si_mr_dnOneLevelMatch )
scope = LDAP_SCOPE_ONELEVEL;
else if ( mra->ma_rule == slap_schema.si_mr_dnSubordinateMatch )
scope = LDAP_SCOPE_SUBORDINATE;
else
scope = LDAP_SCOPE_BASE;
if ( scope > LDAP_SCOPE_BASE ) {
ei = NULL;
rc = bdb_cache_find_ndn( op, rtxn, &mra->ma_value, &ei );
if ( ei )
bdb_cache_entryinfo_unlock( ei );
if ( rc == LDAP_SUCCESS ) {
int sc = op->ors_scope;
op->ors_scope = scope;
rc = bdb_dn2idl( op, rtxn, &mra->ma_value, ei, ids,
stack );
op->ors_scope = sc;
}
return 0;
}
}
}
BDB_IDL_ALL( bdb, ids );
return 0;
}
static int
retcode_op_func( Operation *op, SlapReply *rs )
{
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
retcode_t *rd = (retcode_t *)on->on_bi.bi_private;
retcode_item_t *rdi;
struct berval nrdn, npdn;
slap_callback *cb = NULL;
/* sleep as required */
retcode_sleep( rd->rd_sleep );
if ( !dnIsSuffix( &op->o_req_ndn, &rd->rd_npdn ) ) {
if ( RETCODE_INDIR( rd ) ) {
switch ( op->o_tag ) {
case LDAP_REQ_ADD:
return retcode_op_add( op, rs );
case LDAP_REQ_BIND:
/* skip if rootdn */
/* FIXME: better give the db a chance? */
if ( be_isroot_pw( op ) ) {
return LDAP_SUCCESS;
}
return retcode_op_internal( op, rs );
case LDAP_REQ_SEARCH:
if ( op->ors_scope == LDAP_SCOPE_BASE ) {
rs->sr_err = retcode_op_internal( op, rs );
switch ( rs->sr_err ) {
case SLAP_CB_CONTINUE:
if ( rs->sr_nentries == 0 ) {
break;
}
rs->sr_err = LDAP_SUCCESS;
/* fallthru */
default:
send_ldap_result( op, rs );
break;
}
return rs->sr_err;
}
break;
case LDAP_REQ_MODIFY:
case LDAP_REQ_DELETE:
case LDAP_REQ_MODRDN:
case LDAP_REQ_COMPARE:
return retcode_op_internal( op, rs );
}
}
return SLAP_CB_CONTINUE;
}
if ( op->o_tag == LDAP_REQ_SEARCH
&& op->ors_scope != LDAP_SCOPE_BASE
&& op->o_req_ndn.bv_len == rd->rd_npdn.bv_len )
{
return retcode_send_onelevel( op, rs );
}
dnParent( &op->o_req_ndn, &npdn );
if ( npdn.bv_len != rd->rd_npdn.bv_len ) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
rs->sr_matched = rd->rd_pdn.bv_val;
send_ldap_result( op, rs );
rs->sr_matched = NULL;
return rs->sr_err;
}
dnRdn( &op->o_req_ndn, &nrdn );
for ( rdi = rd->rd_item; rdi != NULL; rdi = rdi->rdi_next ) {
struct berval rdi_nrdn;
dnRdn( &rdi->rdi_ndn, &rdi_nrdn );
if ( dn_match( &nrdn, &rdi_nrdn ) ) {
break;
}
}
if ( rdi != NULL && rdi->rdi_mask != SN_DG_OP_ALL ) {
retcode_op_e o_tag = SN_DG_OP_NONE;
switch ( op->o_tag ) {
case LDAP_REQ_ADD:
o_tag = SN_DG_OP_ADD;
break;
case LDAP_REQ_BIND:
o_tag = SN_DG_OP_BIND;
break;
case LDAP_REQ_COMPARE:
o_tag = SN_DG_OP_COMPARE;
break;
case LDAP_REQ_DELETE:
o_tag = SN_DG_OP_DELETE;
break;
case LDAP_REQ_MODIFY:
o_tag = SN_DG_OP_MODIFY;
break;
case LDAP_REQ_MODRDN:
o_tag = SN_DG_OP_RENAME;
break;
case LDAP_REQ_SEARCH:
o_tag = SN_DG_OP_SEARCH;
break;
case LDAP_REQ_EXTENDED:
o_tag = SN_DG_EXTENDED;
break;
default:
/* Should not happen */
break;
}
if ( !( o_tag & rdi->rdi_mask ) ) {
return SLAP_CB_CONTINUE;
}
}
if ( rdi == NULL ) {
rs->sr_matched = rd->rd_pdn.bv_val;
rs->sr_err = LDAP_NO_SUCH_OBJECT;
rs->sr_text = "retcode not found";
} else {
if ( rdi->rdi_flags & RDI_PRE_DISCONNECT ) {
return rs->sr_err = SLAPD_DISCONNECT;
}
rs->sr_err = rdi->rdi_err;
rs->sr_text = rdi->rdi_text.bv_val;
rs->sr_matched = rdi->rdi_matched.bv_val;
/* FIXME: we only honor the rdi_ref field in case rdi_err
* is LDAP_REFERRAL otherwise send_ldap_result() bails out */
if ( rs->sr_err == LDAP_REFERRAL ) {
BerVarray ref;
if ( rdi->rdi_ref != NULL ) {
ref = rdi->rdi_ref;
} else {
ref = default_referral;
}
if ( ref != NULL ) {
rs->sr_ref = referral_rewrite( ref,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
} else {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "bad referral object";
}
}
retcode_sleep( rdi->rdi_sleeptime );
}
switch ( op->o_tag ) {
case LDAP_REQ_EXTENDED:
if ( rdi == NULL ) {
break;
}
cb = ( slap_callback * )ch_malloc( sizeof( slap_callback ) );
memset( cb, 0, sizeof( slap_callback ) );
cb->sc_cleanup = retcode_cleanup_cb;
op->o_callback = cb;
break;
default:
if ( rdi && !BER_BVISNULL( &rdi->rdi_unsolicited_oid ) ) {
ber_int_t msgid = op->o_msgid;
/* RFC 4511 unsolicited response */
op->o_msgid = 0;
if ( strcmp( rdi->rdi_unsolicited_oid.bv_val, "0" ) == 0 ) {
send_ldap_result( op, rs );
} else {
ber_tag_t tag = op->o_tag;
op->o_tag = LDAP_REQ_EXTENDED;
rs->sr_rspoid = rdi->rdi_unsolicited_oid.bv_val;
if ( !BER_BVISNULL( &rdi->rdi_unsolicited_data ) ) {
rs->sr_rspdata = &rdi->rdi_unsolicited_data;
}
send_ldap_extended( op, rs );
rs->sr_rspoid = NULL;
rs->sr_rspdata = NULL;
op->o_tag = tag;
}
op->o_msgid = msgid;
} else {
send_ldap_result( op, rs );
}
if ( rs->sr_ref != NULL ) {
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
}
rs->sr_matched = NULL;
rs->sr_text = NULL;
if ( rdi && rdi->rdi_flags & RDI_POST_DISCONNECT ) {
return rs->sr_err = SLAPD_DISCONNECT;
}
break;
}
return rs->sr_err;
}
static int
autogroup_delete_entry( Operation *op, SlapReply *rs)
{
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
autogroup_info_t *agi = (autogroup_info_t *)on->on_bi.bi_private;
autogroup_entry_t *age = agi->agi_entry,
*age_prev, *age_next;
autogroup_filter_t *agf;
Entry *e;
int matched_group = 0, rc = 0;
Debug( LDAP_DEBUG_TRACE, "==> autogroup_delete_entry <%s>\n", op->o_req_dn.bv_val, 0, 0);
ldap_pvt_thread_mutex_lock( &agi->agi_mutex );
if ( overlay_entry_get_ov( op, &op->o_req_ndn, NULL, NULL, 0, &e, on ) !=
LDAP_SUCCESS || e == NULL ) {
Debug( LDAP_DEBUG_TRACE, "autogroup_delete_entry: cannot get entry for <%s>\n", op->o_req_dn.bv_val, 0, 0);
ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );
return SLAP_CB_CONTINUE;
}
/* Check if the entry to be deleted is one of our groups. */
for ( age_next = age ; age_next ; age_prev = age, age = age_next ) {
ldap_pvt_thread_mutex_lock( &age->age_mutex );
age_next = age->age_next;
if ( is_entry_objectclass_or_sub( e, age->age_def->agd_oc ) ) {
int match = 1;
matched_group = 1;
dnMatch( &match, 0, NULL, NULL, &e->e_nname, &age->age_ndn );
if ( match == 0 ) {
autogroup_delete_group( agi, age );
break;
}
}
ldap_pvt_thread_mutex_unlock( &age->age_mutex );
}
if ( matched_group == 1 ) {
overlay_entry_release_ov( op, e, 0, on );
ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );
return SLAP_CB_CONTINUE;
}
/* Check if the entry matches any of the groups.
If yes, we can delete the entry from that group. */
for ( age = agi->agi_entry ; age ; age = age->age_next ) {
ldap_pvt_thread_mutex_lock( &age->age_mutex );
for ( agf = age->age_filter; agf ; agf = agf->agf_next ) {
if ( dnIsSuffix( &op->o_req_ndn, &agf->agf_ndn ) ) {
rc = test_filter( op, e, agf->agf_filter );
if ( rc == LDAP_COMPARE_TRUE ) {
autogroup_delete_member_from_group( op, &e->e_name, &e->e_nname, age );
break;
}
}
}
ldap_pvt_thread_mutex_unlock( &age->age_mutex );
}
overlay_entry_release_ov( op, e, 0, on );
ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );
return SLAP_CB_CONTINUE;
}
static int
ext_candidates(
Operation *op,
MDB_txn *rtxn,
MatchingRuleAssertion *mra,
ID *ids,
ID *tmp,
ID *stack)
{
#ifdef LDAP_COMP_MATCH
/*
* Currently Only Component Indexing for componentFilterMatch is supported
* Indexing for an extensible filter is not supported yet
*/
if ( mra->ma_cf ) {
return comp_candidates ( op, rtxn, mra, mra->ma_cf, ids, tmp, stack);
}
#endif
if ( mra->ma_desc == slap_schema.si_ad_entryDN ) {
int rc;
ID id;
MDB_IDL_ZERO( ids );
if ( mra->ma_rule == slap_schema.si_mr_distinguishedNameMatch ) {
base:
rc = mdb_dn2id( op, rtxn, NULL, &mra->ma_value, &id, NULL, NULL, NULL );
if ( rc == MDB_SUCCESS ) {
mdb_idl_insert( ids, id );
}
return 0;
} else if ( mra->ma_rule && mra->ma_rule->smr_match ==
dnRelativeMatch && dnIsSuffix( &mra->ma_value,
op->o_bd->be_nsuffix )) {
int scope;
if ( mra->ma_rule == slap_schema.si_mr_dnSuperiorMatch ) {
mdb_dn2sups( op, rtxn, &mra->ma_value, ids );
return 0;
}
if ( mra->ma_rule == slap_schema.si_mr_dnSubtreeMatch )
scope = LDAP_SCOPE_SUBTREE;
else if ( mra->ma_rule == slap_schema.si_mr_dnOneLevelMatch )
scope = LDAP_SCOPE_ONELEVEL;
else if ( mra->ma_rule == slap_schema.si_mr_dnSubordinateMatch )
scope = LDAP_SCOPE_SUBORDINATE;
else
goto base; /* scope = LDAP_SCOPE_BASE; */
#if 0
if ( scope > LDAP_SCOPE_BASE ) {
ei = NULL;
rc = mdb_cache_find_ndn( op, rtxn, &mra->ma_value, &ei );
if ( ei )
mdb_cache_entryinfo_unlock( ei );
if ( rc == LDAP_SUCCESS ) {
int sc = op->ors_scope;
op->ors_scope = scope;
rc = mdb_dn2idl( op, rtxn, &mra->ma_value, ei, ids,
stack );
op->ors_scope = sc;
}
return 0;
}
#endif
}
}
MDB_IDL_ALL( ids );
return 0;
}
/*
* returns 1 if suffix is candidate for dn, otherwise 0
*
* Note: this function should never be called if dn is the <suffix>.
*/
int
meta_back_is_candidate(
metatarget_t *mt,
struct berval *ndn,
int scope )
{
if ( dnIsSuffix( ndn, &mt->mt_nsuffix ) ) {
if ( mt->mt_subtree_exclude ) {
int i;
for ( i = 0; !BER_BVISNULL( &mt->mt_subtree_exclude[ i ] ); i++ ) {
if ( dnIsSuffix( ndn, &mt->mt_subtree_exclude[ i ] ) ) {
return META_NOT_CANDIDATE;
}
}
}
switch ( mt->mt_scope ) {
case LDAP_SCOPE_SUBTREE:
default:
return META_CANDIDATE;
case LDAP_SCOPE_SUBORDINATE:
if ( ndn->bv_len > mt->mt_nsuffix.bv_len ) {
return META_CANDIDATE;
}
break;
/* nearly useless; not allowed by config */
case LDAP_SCOPE_ONELEVEL:
if ( ndn->bv_len > mt->mt_nsuffix.bv_len ) {
struct berval rdn = *ndn;
rdn.bv_len -= mt->mt_nsuffix.bv_len
+ STRLENOF( "," );
if ( dnIsOneLevelRDN( &rdn ) ) {
return META_CANDIDATE;
}
}
break;
/* nearly useless; not allowed by config */
case LDAP_SCOPE_BASE:
if ( ndn->bv_len == mt->mt_nsuffix.bv_len ) {
return META_CANDIDATE;
}
break;
}
return META_NOT_CANDIDATE;
}
if ( scope == LDAP_SCOPE_SUBTREE && dnIsSuffix( &mt->mt_nsuffix, ndn ) ) {
/*
* suffix longer than dn, but common part matches
*/
return META_CANDIDATE;
}
return META_NOT_CANDIDATE;
}
