static void
pblock_destroy( Slapi_PBlock *pb )
{
LDAPControl **controls = NULL;
LDAPMod **mods = NULL;
char **attrs = NULL;
assert( pb != NULL );
pblock_get_default( pb, SLAPI_RESCONTROLS, (void **)&controls );
if ( controls != NULL ) {
ldap_controls_free( controls );
}
if ( pb->pb_intop ) {
slapi_int_connection_done_pb( pb );
} else {
pblock_get_default( pb, SLAPI_MODIFY_MODS, (void **)&mods );
ldap_mods_free( mods, 1 );
pblock_get_default( pb, SLAPI_SEARCH_ATTRS, (void **)&attrs );
if ( attrs != NULL )
pb->pb_op->o_tmpfree( attrs, pb->pb_op->o_tmpmemctx );
}
ldap_pvt_thread_mutex_destroy( &pb->pb_mutex );
slapi_ch_free( (void **)&pb );
}
void
tester_ldap_error( LDAP *ld, const char *fname, const char *msg )
{
int err;
char *text = NULL;
LDAPControl **ctrls = NULL;
ldap_get_option( ld, LDAP_OPT_RESULT_CODE, (void *)&err );
if ( err != LDAP_SUCCESS ) {
ldap_get_option( ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void *)&text );
}
fprintf( stderr, "%s: %s: %s (%d) %s %s\n",
progname, fname, ldap_err2string( err ), err,
text == NULL ? "" : text,
msg ? msg : "" );
if ( text ) {
ldap_memfree( text );
text = NULL;
}
ldap_get_option( ld, LDAP_OPT_MATCHED_DN, (void *)&text );
if ( text != NULL ) {
if ( text[ 0 ] != '\0' ) {
fprintf( stderr, "\tmatched: %s\n", text );
}
ldap_memfree( text );
text = NULL;
}
ldap_get_option( ld, LDAP_OPT_SERVER_CONTROLS, (void *)&ctrls );
if ( ctrls != NULL ) {
int i;
fprintf( stderr, "\tcontrols:\n" );
for ( i = 0; ctrls[ i ] != NULL; i++ ) {
fprintf( stderr, "\t\t%s\n", ctrls[ i ]->ldctl_oid );
}
ldap_controls_free( ctrls );
ctrls = NULL;
}
if ( err == LDAP_REFERRAL ) {
char **refs = NULL;
ldap_get_option( ld, LDAP_OPT_REFERRAL_URLS, (void *)&refs );
if ( refs ) {
int i;
fprintf( stderr, "\treferral:\n" );
for ( i = 0; refs[ i ] != NULL; i++ ) {
fprintf( stderr, "\t\t%s\n", refs[ i ] );
}
ber_memvfree( (void **)refs );
}
}
}
ULONG CDECL ldap_parse_resultW( WLDAP32_LDAP *ld, WLDAP32_LDAPMessage *result,
ULONG *retcode, PWCHAR *matched, PWCHAR *error, PWCHAR **referrals,
PLDAPControlW **serverctrls, BOOLEAN free )
{
ULONG ret = LDAP_NOT_SUPPORTED;
#ifdef HAVE_LDAP
char **matchedU = NULL, **errorU = NULL, **referralsU = NULL;
LDAPControl **serverctrlsU = NULL;
TRACE( "(%p, %p, %p, %p, %p, %p, %p, 0x%02x)\n", ld, result, retcode,
matched, error, referrals, serverctrls, free );
if (!ld) return ~0UL;
ret = ldap_parse_result( ld, result, (int *)retcode, matchedU, errorU,
&referralsU, &serverctrlsU, free );
matched = strarrayUtoW( matchedU );
error = strarrayUtoW( errorU );
*referrals = strarrayUtoW( referralsU );
*serverctrls = controlarrayUtoW( serverctrlsU );
ldap_memfree( matchedU );
ldap_memfree( errorU );
ldap_memfree( referralsU );
ldap_controls_free( serverctrlsU );
#endif
return ret;
}
int ipadb_ldap_deref_results(LDAP *lcontext, LDAPMessage *le,
LDAPDerefRes **results)
{
LDAPControl **ctrls = NULL;
LDAPControl *derefctrl = NULL;
int ret;
ret = ldap_get_entry_controls(lcontext, le, &ctrls);
if (ret != LDAP_SUCCESS) {
return EINVAL;
}
if (!ctrls) {
return ENOENT;
}
derefctrl = ldap_control_find(LDAP_CONTROL_X_DEREF, ctrls, NULL);
if (!derefctrl) {
ret = ENOENT;
goto done;
}
ret = ldap_parse_derefresponse_control(lcontext, derefctrl, results);
if (ret) {
ret = EINVAL;
goto done;
}
ret = 0;
done:
ldap_controls_free(ctrls);
return ret;
}
int
sync_send_entry_from_changelog(Slapi_PBlock *pb,int chg_req, char *uniqueid)
{
Slapi_Entry *db_entry = NULL;
int chg_type = LDAP_SYNC_ADD;
int rv;
Slapi_PBlock *search_pb = NULL;
Slapi_Entry **entries = NULL;
char *origbase;
char *filter = slapi_ch_smprintf("(nsuniqueid=%s)",uniqueid);
slapi_pblock_get( pb, SLAPI_ORIGINAL_TARGET_DN, &origbase );
search_pb = slapi_pblock_new();
slapi_search_internal_set_pb(search_pb, origbase,
LDAP_SCOPE_SUBTREE, filter,
NULL, 0, NULL, NULL, plugin_get_default_component_id(), 0);
slapi_search_internal_pb(search_pb);
slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_RESULT, &rv);
if ( rv == LDAP_SUCCESS) {
slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
if (entries)
db_entry = *entries; /* there can only be one */
}
if (db_entry && sync_is_entry_in_scope(pb, db_entry)) {
LDAPControl **ctrl = (LDAPControl **)slapi_ch_calloc(2, sizeof (LDAPControl *));
sync_create_state_control(db_entry, &ctrl[0], chg_type, NULL);
slapi_send_ldap_search_entry (pb, db_entry, ctrl, NULL, 0);
ldap_controls_free(ctrl);
}
slapi_free_search_results_internal(search_pb);
slapi_pblock_destroy(search_pb);
slapi_ch_free((void **)&filter);
return (0);
}
// destructor
//
nsLDAPMessage::~nsLDAPMessage(void)
{
if (mMsgHandle) {
int rc = ldap_msgfree(mMsgHandle);
// If you are having problems compiling the following code on a Solaris
// machine with the Forte 6 Update 1 compilers, then you need to make
// sure you have applied all the required patches. See:
// http://www.mozilla.org/unix/solaris-build.html for more details.
switch(rc) {
case LDAP_RES_BIND:
case LDAP_RES_SEARCH_ENTRY:
case LDAP_RES_SEARCH_RESULT:
case LDAP_RES_MODIFY:
case LDAP_RES_ADD:
case LDAP_RES_DELETE:
case LDAP_RES_MODRDN:
case LDAP_RES_COMPARE:
case LDAP_RES_SEARCH_REFERENCE:
case LDAP_RES_EXTENDED:
case LDAP_RES_ANY:
// success
break;
case LDAP_SUCCESS:
// timed out (dunno why LDAP_SUCCESS is used to indicate this)
PR_LOG(gLDAPLogModule, PR_LOG_WARNING,
("nsLDAPMessage::~nsLDAPMessage: ldap_msgfree() "
"timed out\n"));
break;
default:
// other failure
PR_LOG(gLDAPLogModule, PR_LOG_WARNING,
("nsLDAPMessage::~nsLDAPMessage: ldap_msgfree() "
"failed: %s\n", ldap_err2string(rc)));
break;
}
}
if (mMatchedDn) {
ldap_memfree(mMatchedDn);
}
if (mErrorMessage) {
ldap_memfree(mErrorMessage);
}
if (mReferrals) {
ldap_value_free(mReferrals);
}
if (mServerControls) {
ldap_controls_free(mServerControls);
}
}
/*
* Replace *ldctrls with a copy of newctrls.
* returns 0 if successful.
* return -1 if not and set error code inside LDAP *ld.
*/
int
nsldapi_dup_controls( LDAP *ld, LDAPControl ***ldctrls, LDAPControl **newctrls )
{
int count;
if ( *ldctrls != NULL ) {
ldap_controls_free( *ldctrls );
}
if ( newctrls == NULL || newctrls[0] == NULL ) {
*ldctrls = NULL;
return( 0 );
}
for ( count = 0; newctrls[ count ] != NULL; ++count ) {
;
}
if (( *ldctrls = (LDAPControl **)NSLDAPI_MALLOC(( count + 1 ) *
sizeof( LDAPControl *))) == NULL ) {
LDAP_SET_LDERRNO( ld, LDAP_NO_MEMORY, NULL, NULL );
return( -1 );
}
(*ldctrls)[ count ] = NULL;
for ( count = 0; newctrls[ count ] != NULL; ++count ) {
if (( (*ldctrls)[ count ] =
ldap_control_dup( newctrls[ count ] )) == NULL ) {
ldap_controls_free( *ldctrls );
*ldctrls = NULL;
LDAP_SET_LDERRNO( ld, LDAP_NO_MEMORY, NULL, NULL );
return( -1 );
}
}
return( 0 );
}
void
slap_op_free( Operation *op )
{
assert( LDAP_STAILQ_NEXT(op, o_next) == NULL );
if ( op->o_ber != NULL ) {
ber_free( op->o_ber, 1 );
}
if ( op->o_dn.bv_val != NULL ) {
free( op->o_dn.bv_val );
}
if ( op->o_ndn.bv_val != NULL ) {
free( op->o_ndn.bv_val );
}
if ( op->o_authmech.bv_val != NULL ) {
free( op->o_authmech.bv_val );
}
if ( op->o_ctrls != NULL ) {
ldap_controls_free( op->o_ctrls );
}
#ifdef LDAP_CONNECTIONLESS
if ( op->o_res_ber != NULL ) {
ber_free( op->o_res_ber, 1 );
}
#endif
#ifdef LDAP_CLIENT_UPDATE
if ( op->o_clientupdate_state.bv_val != NULL ) {
free( op->o_clientupdate_state.bv_val );
}
#endif
#ifdef LDAP_SYNC
if ( op->o_sync_state.bv_val != NULL ) {
free( op->o_sync_state.bv_val );
}
#endif
#if defined( LDAP_SLAPI )
if ( op->o_pb != NULL ) {
slapi_pblock_destroy( (Slapi_PBlock *)op->o_pb );
}
#endif /* defined( LDAP_SLAPI ) */
memset( op, 0, sizeof(Operation) );
ldap_pvt_thread_mutex_lock( &slap_op_mutex );
LDAP_STAILQ_INSERT_HEAD( &slap_free_ops, op, o_next );
ldap_pvt_thread_mutex_unlock( &slap_op_mutex );
}
int
ParseAndFreeSyncStateControl(
LDAPControl ***pCtrls,
int *piEntryState
)
{
int retVal = LDAP_SUCCESS;
int entryState = -1;
if (pCtrls == NULL)
{
VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "ParseAndFreeSyncStateControl: pCtrls is NULL" );
retVal = LDAP_OPERATIONS_ERROR;
BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
}
if ((*pCtrls)[0] == NULL)
{
VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "ParseAndFreeSyncStateControl: (*pCtrls)[0] is NULL" );
retVal = LDAP_OPERATIONS_ERROR;
BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
}
if (VmDirStringCompareA((*pCtrls)[0]->ldctl_oid, LDAP_CONTROL_SYNC_STATE, TRUE) != 0)
{
VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "ParseAndFreeSyncStateControl: (*pCtrls)[0]->ldctrl_oid is not expected: %s", VDIR_SAFE_STRING((*pCtrls)[0]->ldctl_oid));
retVal = LDAP_OPERATIONS_ERROR;
BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
}
retVal = ParseSyncStateControlVal(&(*pCtrls)[0]->ldctl_value, &entryState);
BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
ldap_controls_free(*pCtrls);
*pCtrls = NULL;
*piEntryState = entryState;
cleanup:
return retVal;
ldaperror:
goto cleanup;
}
void
ldap_ldif_record_done( LDIFRecord *lr )
{
int i;
/* the LDAPControl stuff does not allow the use of memory contexts */
if (lr->lr_ctrls != NULL) {
ldap_controls_free( lr->lr_ctrls );
}
if ( lr->lr_lm != NULL ) {
ber_memfree_x( lr->lr_lm, lr->lr_ctx );
}
if ( lr->lr_mops != NULL ) {
ber_memfree_x( lr->lr_mops, lr->lr_ctx );
}
for (i=lr->lr_lines-1; i>=0; i--)
if ( lr->lr_freeval[i] ) ber_memfree_x( lr->lr_vals[i].bv_val, lr->lr_ctx );
ber_memfree_x( lr->lr_btype, lr->lr_ctx );
memset( lr, 0, sizeof(LDIFRecord) );
}
LDAP_CALL
ldap_control_append( LDAPControl **ctrl_src, LDAPControl *ctrl )
{
int nctrls = 0;
LDAPControl **ctrlp;
int i;
if ( NULL == ctrl )
return ( NULL );
/* Count the existing controls */
if ( NULL != ctrl_src ) {
while( NULL != ctrl_src[nctrls] ) {
nctrls++;
}
}
/* allocate the new control structure */
if ( ( ctrlp = (LDAPControl **)NSLDAPI_MALLOC( sizeof(LDAPControl *)
* (nctrls + 2) ) ) == NULL ) {
return( NULL );
}
memset( ctrlp, 0, sizeof(*ctrlp) * (nctrls + 2) );
for( i = 0; i < (nctrls + 1); i++ ) {
if ( i < nctrls ) {
ctrlp[i] = ldap_control_dup( ctrl_src[i] );
} else {
ctrlp[i] = ldap_control_dup( ctrl );
}
if ( NULL == ctrlp[i] ) {
ldap_controls_free( ctrlp );
return( NULL );
}
}
return ctrlp;
}
static int ldap_set_keytab(krb5_context krbctx,
const char *ldap_uri,
const char *principal_name,
krb5_principal princ,
const char *binddn,
const char *bindpw,
const char *mech,
const char *ca_cert_file,
struct keys_container *keys)
{
LDAP *ld = NULL;
BerElement *sctrl = NULL;
struct berval *control = NULL;
LDAPControl **srvctrl = NULL;
int ret;
int kvno, i;
ber_tag_t rtag;
ber_int_t *encs = NULL;
int successful_keys = 0;
/* cant' return more than nkeys, sometimes less */
encs = calloc(keys->nkeys + 1, sizeof(ber_int_t));
if (!encs) {
fprintf(stderr, _("Out of Memory!\n"));
return 0;
}
/* build password change control */
control = create_key_control(keys, principal_name);
if (!control) {
fprintf(stderr, _("Failed to create control!\n"));
goto error_out;
}
ret = ipa_ldap_bind(ldap_uri, princ, binddn, bindpw, mech, ca_cert_file, &ld);
if (ret != LDAP_SUCCESS) {
fprintf(stderr, _("Failed to bind to server!\n"));
goto error_out;
}
/* perform password change */
ret = ipa_ldap_extended_op(ld, KEYTAB_SET_OID, control, &srvctrl);
if (ret != LDAP_SUCCESS) {
fprintf(stderr, _("Failed to get keytab!\n"));
goto error_out;
}
ber_bvfree(control);
control = NULL;
sctrl = get_control_data(srvctrl, KEYTAB_RET_OID);
if (!sctrl) {
fprintf(stderr, _("ber_init() failed, Invalid control ?!\n"));
goto error_out;
}
/* Format of response
*
* KeytabGetRequest ::= SEQUENCE {
* new_kvno Int32
* SEQUENCE OF KeyTypes
* }
*
* * List of accepted enctypes *
* KeyTypes ::= SEQUENCE {
* enctype Int32
* }
*/
rtag = ber_scanf(sctrl, "{i{", &kvno);
if (rtag == LBER_ERROR) {
fprintf(stderr, _("ber_scanf() failed, unable to find kvno ?!\n"));
goto error_out;
}
for (i = 0; i < keys->nkeys; i++) {
ret = ber_scanf(sctrl, "{i}", &encs[i]);
if (ret == LBER_ERROR) {
char enc[79]; /* fit std terminal or truncate */
krb5_error_code krberr;
krberr = krb5_enctype_to_string(
keys->ksdata[i].enctype, enc, 79);
if (krberr) {
fprintf(stderr, _("Failed to retrieve "
"encryption type type #%d\n"),
keys->ksdata[i].enctype);
} else {
fprintf(stderr, _("Failed to retrieve "
"encryption type %1$s (#%2$d)\n"),
enc, keys->ksdata[i].enctype);
}
} else {
successful_keys++;
}
}
if (successful_keys == 0) {
fprintf(stderr, _("Failed to retrieve any keys"));
goto error_out;
}
ret = filter_keys(krbctx, keys, encs);
if (ret == 0) goto error_out;
ber_free(sctrl, 1);
ldap_controls_free(srvctrl);
ldap_unbind_ext(ld, NULL, NULL);
free(encs);
return kvno;
error_out:
if (sctrl) ber_free(sctrl, 1);
if (srvctrl) ldap_controls_free(srvctrl);
if (ld) ldap_unbind_ext(ld, NULL, NULL);
if (control) ber_bvfree(control);
free(encs);
return -1;
}
struct tester_conn_args *
tester_init( const char *pname, tester_t ptype )
{
static struct tester_conn_args config = {
.authmethod = -1,
.retries = RETRIES,
.loops = LOOPS,
.outerloops = 1,
.uri = NULL,
.host = "localhost",
.port = 389,
};
pid = getpid();
srand( pid );
snprintf( progname, sizeof( progname ), "%s PID=%d", pname, pid );
progtype = ptype;
return &config;
}
void
tester_ldap_error( LDAP *ld, const char *fname, const char *msg )
{
int err;
char *text = NULL;
LDAPControl **ctrls = NULL;
ldap_get_option( ld, LDAP_OPT_RESULT_CODE, (void *)&err );
if ( err != LDAP_SUCCESS ) {
ldap_get_option( ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void *)&text );
}
fprintf( stderr, "%s: %s: %s (%d) %s %s\n",
progname, fname, ldap_err2string( err ), err,
text == NULL ? "" : text,
msg ? msg : "" );
if ( text ) {
ldap_memfree( text );
text = NULL;
}
ldap_get_option( ld, LDAP_OPT_MATCHED_DN, (void *)&text );
if ( text != NULL ) {
if ( text[ 0 ] != '\0' ) {
fprintf( stderr, "\tmatched: %s\n", text );
}
ldap_memfree( text );
text = NULL;
}
ldap_get_option( ld, LDAP_OPT_SERVER_CONTROLS, (void *)&ctrls );
if ( ctrls != NULL ) {
int i;
fprintf( stderr, "\tcontrols:\n" );
for ( i = 0; ctrls[ i ] != NULL; i++ ) {
fprintf( stderr, "\t\t%s\n", ctrls[ i ]->ldctl_oid );
}
ldap_controls_free( ctrls );
ctrls = NULL;
}
if ( err == LDAP_REFERRAL ) {
char **refs = NULL;
ldap_get_option( ld, LDAP_OPT_REFERRAL_URLS, (void *)&refs );
if ( refs ) {
int i;
fprintf( stderr, "\treferral:\n" );
for ( i = 0; refs[ i ] != NULL; i++ ) {
fprintf( stderr, "\t\t%s\n", refs[ i ] );
}
ber_memvfree( (void **)refs );
}
}
}
NS_IMETHODIMP
nsLDAPOperation::SearchExt(const nsACString& aBaseDn, PRInt32 aScope,
const nsACString& aFilter,
const nsACString &aAttributes,
PRIntervalTime aTimeOut, PRInt32 aSizeLimit)
{
if (!mMessageListener) {
NS_ERROR("nsLDAPOperation::SearchExt(): mMessageListener not set");
return NS_ERROR_NOT_INITIALIZED;
}
// XXX add control logging
PR_LOG(gLDAPLogModule, PR_LOG_DEBUG,
("nsLDAPOperation::SearchExt(): called with aBaseDn = '%s'; "
"aFilter = '%s'; aAttributes = %s; aSizeLimit = %d",
PromiseFlatCString(aBaseDn).get(),
PromiseFlatCString(aFilter).get(),
PromiseFlatCString(aAttributes).get(), aSizeLimit));
LDAPControl **serverctls = 0;
nsresult rv;
if (mServerControls) {
rv = convertControlArray(mServerControls, &serverctls);
if (NS_FAILED(rv)) {
PR_LOG(gLDAPLogModule, PR_LOG_ERROR,
("nsLDAPOperation::SearchExt(): error converting server "
"control array: %x", rv));
return rv;
}
}
LDAPControl **clientctls = 0;
if (mClientControls) {
rv = convertControlArray(mClientControls, &clientctls);
if (NS_FAILED(rv)) {
PR_LOG(gLDAPLogModule, PR_LOG_ERROR,
("nsLDAPOperation::SearchExt(): error converting client "
"control array: %x", rv));
ldap_controls_free(serverctls);
return rv;
}
}
// Convert our comma separated string to one that the C-SDK will like, i.e.
// convert to a char array and add a last NULL element.
nsTArray<nsCString> attrArray;
ParseString(aAttributes, ',', attrArray);
char **attrs = nsnull;
PRUint32 origLength = attrArray.Length();
if (origLength)
{
attrs = static_cast<char **> (NS_Alloc((origLength + 1) * sizeof(char *)));
if (!attrs)
return NS_ERROR_OUT_OF_MEMORY;
for (PRUint32 i = 0; i < origLength; ++i)
attrs[i] = ToNewCString(attrArray[i]);
attrs[origLength] = 0;
}
// XXX deal with timeout here
int retVal = ldap_search_ext(mConnectionHandle,
PromiseFlatCString(aBaseDn).get(),
aScope, PromiseFlatCString(aFilter).get(),
attrs, 0, serverctls, clientctls, 0,
aSizeLimit, &mMsgID);
// clean up
ldap_controls_free(serverctls);
ldap_controls_free(clientctls);
// The last entry is null, so no need to free that.
NS_FREE_XPCOM_ALLOCATED_POINTER_ARRAY(origLength, attrs);
rv = TranslateLDAPErrorToNSError(retVal);
NS_ENSURE_SUCCESS(rv, rv);
// make sure the connection knows where to call back once the messages
// for this operation start coming in
//
rv = mConnection->AddPendingOperation(mMsgID, this);
if (NS_FAILED(rv)) {
switch (rv) {
case NS_ERROR_OUT_OF_MEMORY:
(void)ldap_abandon_ext(mConnectionHandle, mMsgID, 0, 0);
return NS_ERROR_OUT_OF_MEMORY;
default:
(void)ldap_abandon_ext(mConnectionHandle, mMsgID, 0, 0);
NS_ERROR("nsLDAPOperation::SearchExt(): unexpected error in "
"mConnection->AddPendingOperation");
return NS_ERROR_UNEXPECTED;
}
}
return NS_OK;
}
/**
* Given an nsIArray of nsILDAPControls, return the appropriate
* zero-terminated array of LDAPControls ready to pass in to the C SDK.
*/
static nsresult
convertControlArray(nsIArray *aXpcomArray, LDAPControl ***aArray)
{
// get the size of the original array
PRUint32 length;
nsresult rv = aXpcomArray->GetLength(&length);
NS_ENSURE_SUCCESS(rv, rv);
// don't allocate an array if someone passed us in an empty one
if (!length) {
*aArray = 0;
return NS_OK;
}
// allocate a local array of the form understood by the C-SDK;
// +1 is to account for the final null terminator. PR_Calloc is
// is used so that ldap_controls_free will work anywhere during the
// iteration
LDAPControl **controls =
static_cast<LDAPControl **>
(PR_Calloc(length+1, sizeof(LDAPControl)));
// prepare to enumerate the array
nsCOMPtr<nsISimpleEnumerator> enumerator;
rv = aXpcomArray->Enumerate(getter_AddRefs(enumerator));
NS_ENSURE_SUCCESS(rv, rv);
bool moreElements;
rv = enumerator->HasMoreElements(&moreElements);
NS_ENSURE_SUCCESS(rv, rv);
PRUint32 i = 0;
while (moreElements) {
// get the next array element
nsCOMPtr<nsISupports> isupports;
rv = enumerator->GetNext(getter_AddRefs(isupports));
if (NS_FAILED(rv)) {
ldap_controls_free(controls);
return rv;
}
nsCOMPtr<nsILDAPControl> control = do_QueryInterface(isupports, &rv);
if (NS_FAILED(rv)) {
ldap_controls_free(controls);
return NS_ERROR_INVALID_ARG; // bogus element in the array
}
nsLDAPControl *ctl = static_cast<nsLDAPControl *>
(static_cast<nsILDAPControl *>
(control.get()));
// convert it to an LDAPControl structure placed in the new array
rv = ctl->ToLDAPControl(&controls[i]);
if (NS_FAILED(rv)) {
ldap_controls_free(controls);
return rv;
}
// on to the next element
rv = enumerator->HasMoreElements(&moreElements);
if (NS_FAILED(rv)) {
ldap_controls_free(controls);
return NS_ERROR_UNEXPECTED;
}
++i;
}
*aArray = controls;
return NS_OK;
}
int
ldap_set_option(
LDAP *ld,
int option,
LDAP_CONST void *invalue)
{
struct ldapoptions *lo;
int *dbglvl = NULL;
int rc = LDAP_OPT_ERROR;
/* Get pointer to global option structure */
lo = LDAP_INT_GLOBAL_OPT();
if (lo == NULL) {
return LDAP_NO_MEMORY;
}
/*
* The architecture to turn on debugging has a chicken and egg
* problem. Thus, we introduce a fix here.
*/
if (option == LDAP_OPT_DEBUG_LEVEL) {
dbglvl = (int *) invalue;
}
if( lo->ldo_valid != LDAP_INITIALIZED ) {
ldap_int_initialize(lo, dbglvl);
if ( lo->ldo_valid != LDAP_INITIALIZED )
return LDAP_LOCAL_ERROR;
}
if(ld != NULL) {
assert( LDAP_VALID( ld ) );
if( !LDAP_VALID( ld ) ) {
return LDAP_OPT_ERROR;
}
lo = &ld->ld_options;
}
LDAP_MUTEX_LOCK( &lo->ldo_mutex );
switch ( option ) {
/* options with boolean values */
case LDAP_OPT_REFERRALS:
if(invalue == LDAP_OPT_OFF) {
LDAP_BOOL_CLR(lo, LDAP_BOOL_REFERRALS);
} else {
LDAP_BOOL_SET(lo, LDAP_BOOL_REFERRALS);
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_RESTART:
if(invalue == LDAP_OPT_OFF) {
LDAP_BOOL_CLR(lo, LDAP_BOOL_RESTART);
} else {
LDAP_BOOL_SET(lo, LDAP_BOOL_RESTART);
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_CONNECT_ASYNC:
if(invalue == LDAP_OPT_OFF) {
LDAP_BOOL_CLR(lo, LDAP_BOOL_CONNECT_ASYNC);
} else {
LDAP_BOOL_SET(lo, LDAP_BOOL_CONNECT_ASYNC);
}
rc = LDAP_OPT_SUCCESS;
break;
/* options which can withstand invalue == NULL */
case LDAP_OPT_SERVER_CONTROLS: {
LDAPControl *const *controls =
(LDAPControl *const *) invalue;
if( lo->ldo_sctrls )
ldap_controls_free( lo->ldo_sctrls );
if( controls == NULL || *controls == NULL ) {
lo->ldo_sctrls = NULL;
rc = LDAP_OPT_SUCCESS;
break;
}
lo->ldo_sctrls = ldap_controls_dup( controls );
if(lo->ldo_sctrls == NULL) {
/* memory allocation error ? */
break; /* LDAP_OPT_ERROR */
}
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_CLIENT_CONTROLS: {
LDAPControl *const *controls =
(LDAPControl *const *) invalue;
if( lo->ldo_cctrls )
ldap_controls_free( lo->ldo_cctrls );
if( controls == NULL || *controls == NULL ) {
lo->ldo_cctrls = NULL;
rc = LDAP_OPT_SUCCESS;
break;
}
lo->ldo_cctrls = ldap_controls_dup( controls );
if(lo->ldo_cctrls == NULL) {
/* memory allocation error ? */
break; /* LDAP_OPT_ERROR */
}
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_HOST_NAME: {
const char *host = (const char *) invalue;
LDAPURLDesc *ludlist = NULL;
rc = LDAP_OPT_SUCCESS;
if(host != NULL) {
rc = ldap_url_parsehosts( &ludlist, host,
lo->ldo_defport ? lo->ldo_defport : LDAP_PORT );
} else if(ld == NULL) {
/*
* must want global default returned
* to initial condition.
*/
rc = ldap_url_parselist_ext(&ludlist, "ldap://localhost/", NULL,
LDAP_PVT_URL_PARSE_NOEMPTY_HOST
| LDAP_PVT_URL_PARSE_DEF_PORT );
} else {
/*
* must want the session default
* updated to the current global default
*/
ludlist = ldap_url_duplist(
ldap_int_global_options.ldo_defludp);
if (ludlist == NULL)
rc = LDAP_NO_MEMORY;
}
if (rc == LDAP_OPT_SUCCESS) {
if (lo->ldo_defludp != NULL)
ldap_free_urllist(lo->ldo_defludp);
lo->ldo_defludp = ludlist;
}
break;
}
case LDAP_OPT_URI: {
const char *urls = (const char *) invalue;
LDAPURLDesc *ludlist = NULL;
rc = LDAP_OPT_SUCCESS;
if(urls != NULL) {
rc = ldap_url_parselist_ext(&ludlist, urls, NULL,
LDAP_PVT_URL_PARSE_NOEMPTY_HOST
| LDAP_PVT_URL_PARSE_DEF_PORT );
} else if(ld == NULL) {
/*
* must want global default returned
* to initial condition.
*/
rc = ldap_url_parselist_ext(&ludlist, "ldap://localhost/", NULL,
LDAP_PVT_URL_PARSE_NOEMPTY_HOST
| LDAP_PVT_URL_PARSE_DEF_PORT );
} else {
/*
* must want the session default
* updated to the current global default
*/
ludlist = ldap_url_duplist(
ldap_int_global_options.ldo_defludp);
if (ludlist == NULL)
rc = LDAP_URL_ERR_MEM;
}
switch (rc) {
case LDAP_URL_SUCCESS: /* Success */
rc = LDAP_SUCCESS;
break;
case LDAP_URL_ERR_MEM: /* can't allocate memory space */
rc = LDAP_NO_MEMORY;
break;
case LDAP_URL_ERR_PARAM: /* parameter is bad */
case LDAP_URL_ERR_BADSCHEME: /* URL doesn't begin with "ldap[si]://" */
case LDAP_URL_ERR_BADENCLOSURE: /* URL is missing trailing ">" */
case LDAP_URL_ERR_BADURL: /* URL is bad */
case LDAP_URL_ERR_BADHOST: /* host port is bad */
case LDAP_URL_ERR_BADATTRS: /* bad (or missing) attributes */
case LDAP_URL_ERR_BADSCOPE: /* scope string is invalid (or missing) */
case LDAP_URL_ERR_BADFILTER: /* bad or missing filter */
case LDAP_URL_ERR_BADEXTS: /* bad or missing extensions */
rc = LDAP_PARAM_ERROR;
break;
}
if (rc == LDAP_SUCCESS) {
if (lo->ldo_defludp != NULL)
ldap_free_urllist(lo->ldo_defludp);
lo->ldo_defludp = ludlist;
}
break;
}
case LDAP_OPT_DEFBASE: {
const char *newbase = (const char *) invalue;
char *defbase = NULL;
if ( newbase != NULL ) {
defbase = LDAP_STRDUP( newbase );
if ( defbase == NULL ) {
rc = LDAP_NO_MEMORY;
break;
}
} else if ( ld != NULL ) {
defbase = LDAP_STRDUP( ldap_int_global_options.ldo_defbase );
if ( defbase == NULL ) {
rc = LDAP_NO_MEMORY;
break;
}
}
if ( lo->ldo_defbase != NULL )
LDAP_FREE( lo->ldo_defbase );
lo->ldo_defbase = defbase;
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_DIAGNOSTIC_MESSAGE: {
const char *err = (const char *) invalue;
if(ld == NULL) {
/* need a struct ldap */
break; /* LDAP_OPT_ERROR */
}
if( ld->ld_error ) {
LDAP_FREE(ld->ld_error);
ld->ld_error = NULL;
}
if ( err ) {
ld->ld_error = LDAP_STRDUP(err);
}
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_MATCHED_DN: {
const char *matched = (const char *) invalue;
if (ld == NULL) {
/* need a struct ldap */
break; /* LDAP_OPT_ERROR */
}
if( ld->ld_matched ) {
LDAP_FREE(ld->ld_matched);
ld->ld_matched = NULL;
}
if ( matched ) {
ld->ld_matched = LDAP_STRDUP( matched );
}
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_REFERRAL_URLS: {
char *const *referrals = (char *const *) invalue;
if(ld == NULL) {
/* need a struct ldap */
break; /* LDAP_OPT_ERROR */
}
if( ld->ld_referrals ) {
LDAP_VFREE(ld->ld_referrals);
}
if ( referrals ) {
ld->ld_referrals = ldap_value_dup(referrals);
}
}
rc = LDAP_OPT_SUCCESS;
break;
/* Only accessed from inside this function by ldap_set_rebind_proc() */
case LDAP_OPT_REBIND_PROC: {
lo->ldo_rebind_proc = (LDAP_REBIND_PROC *)invalue;
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_REBIND_PARAMS: {
lo->ldo_rebind_params = (void *)invalue;
}
rc = LDAP_OPT_SUCCESS;
break;
/* Only accessed from inside this function by ldap_set_nextref_proc() */
case LDAP_OPT_NEXTREF_PROC: {
lo->ldo_nextref_proc = (LDAP_NEXTREF_PROC *)invalue;
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_NEXTREF_PARAMS: {
lo->ldo_nextref_params = (void *)invalue;
}
rc = LDAP_OPT_SUCCESS;
break;
/* Only accessed from inside this function by ldap_set_urllist_proc() */
case LDAP_OPT_URLLIST_PROC: {
lo->ldo_urllist_proc = (LDAP_URLLIST_PROC *)invalue;
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_URLLIST_PARAMS: {
lo->ldo_urllist_params = (void *)invalue;
}
rc = LDAP_OPT_SUCCESS;
break;
/* read-only options */
case LDAP_OPT_API_INFO:
case LDAP_OPT_DESC:
case LDAP_OPT_SOCKBUF:
case LDAP_OPT_API_FEATURE_INFO:
break; /* LDAP_OPT_ERROR */
/* options which cannot withstand invalue == NULL */
case LDAP_OPT_DEREF:
case LDAP_OPT_SIZELIMIT:
case LDAP_OPT_TIMELIMIT:
case LDAP_OPT_PROTOCOL_VERSION:
case LDAP_OPT_RESULT_CODE:
case LDAP_OPT_DEBUG_LEVEL:
case LDAP_OPT_TIMEOUT:
case LDAP_OPT_NETWORK_TIMEOUT:
case LDAP_OPT_CONNECT_CB:
case LDAP_OPT_X_KEEPALIVE_IDLE:
case LDAP_OPT_X_KEEPALIVE_PROBES :
case LDAP_OPT_X_KEEPALIVE_INTERVAL :
if(invalue == NULL) {
/* no place to set from */
LDAP_MUTEX_UNLOCK( &lo->ldo_mutex );
return ( LDAP_OPT_ERROR );
}
break;
default:
#ifdef HAVE_TLS
if ( ldap_pvt_tls_set_option( ld, option, (void *)invalue ) == 0 ) {
LDAP_MUTEX_UNLOCK( &lo->ldo_mutex );
return ( LDAP_OPT_SUCCESS );
}
#endif
#ifdef HAVE_CYRUS_SASL
if ( ldap_int_sasl_set_option( ld, option, (void *)invalue ) == 0 ) {
LDAP_MUTEX_UNLOCK( &lo->ldo_mutex );
return ( LDAP_OPT_SUCCESS );
}
#endif
#ifdef HAVE_GSSAPI
if ( ldap_int_gssapi_set_option( ld, option, (void *)invalue ) == 0 ) {
LDAP_MUTEX_UNLOCK( &lo->ldo_mutex );
return ( LDAP_OPT_SUCCESS );
}
#endif
/* bad param */
break; /* LDAP_OPT_ERROR */
}
/* options which cannot withstand invalue == NULL */
switch(option) {
case LDAP_OPT_DEREF:
/* FIXME: check value for protocol compliance? */
lo->ldo_deref = * (const int *) invalue;
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_SIZELIMIT:
/* FIXME: check value for protocol compliance? */
lo->ldo_sizelimit = * (const int *) invalue;
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_TIMELIMIT:
/* FIXME: check value for protocol compliance? */
lo->ldo_timelimit = * (const int *) invalue;
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_TIMEOUT: {
const struct timeval *tv =
(const struct timeval *) invalue;
lo->ldo_tm_api = *tv;
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_NETWORK_TIMEOUT: {
const struct timeval *tv =
(const struct timeval *) invalue;
lo->ldo_tm_net = *tv;
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_PROTOCOL_VERSION: {
int vers = * (const int *) invalue;
if (vers < LDAP_VERSION_MIN || vers > LDAP_VERSION_MAX) {
/* not supported */
break;
}
lo->ldo_version = vers;
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_RESULT_CODE: {
int err = * (const int *) invalue;
if(ld == NULL) {
/* need a struct ldap */
break;
}
ld->ld_errno = err;
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_DEBUG_LEVEL:
lo->ldo_debug = * (const int *) invalue;
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_CONNECT_CB:
{
/* setting pushes the callback */
ldaplist *ll;
ll = LDAP_MALLOC( sizeof( *ll ));
ll->ll_data = (void *)invalue;
ll->ll_next = lo->ldo_conn_cbs;
lo->ldo_conn_cbs = ll;
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_X_KEEPALIVE_IDLE:
lo->ldo_keepalive_idle = * (const int *) invalue;
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_X_KEEPALIVE_PROBES :
lo->ldo_keepalive_probes = * (const int *) invalue;
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_X_KEEPALIVE_INTERVAL :
lo->ldo_keepalive_interval = * (const int *) invalue;
rc = LDAP_OPT_SUCCESS;
break;
}
LDAP_MUTEX_UNLOCK( &lo->ldo_mutex );
return ( rc );
}
static int
ldap_back_exop_passwd(
Operation *op,
SlapReply *rs,
ldapconn_t **lcp )
{
ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
ldapconn_t *lc = *lcp;
req_pwdexop_s *qpw = &op->oq_pwdexop;
LDAPMessage *res;
ber_int_t msgid;
int rc, isproxy, freedn = 0;
int do_retry = 1;
char *text = NULL;
struct berval dn = op->o_req_dn,
ndn = op->o_req_ndn;
assert( lc != NULL );
assert( rs->sr_ctrls == NULL );
if ( BER_BVISNULL( &ndn ) && op->ore_reqdata != NULL ) {
/* NOTE: most of this code is mutated
* from slap_passwd_parse();
* But here we only need
* the first berval... */
ber_tag_t tag;
ber_len_t len = -1;
BerElementBuffer berbuf;
BerElement *ber = (BerElement *)&berbuf;
struct berval tmpid = BER_BVNULL;
if ( op->ore_reqdata->bv_len == 0 ) {
return LDAP_PROTOCOL_ERROR;
}
/* ber_init2 uses reqdata directly, doesn't allocate new buffers */
ber_init2( ber, op->ore_reqdata, 0 );
tag = ber_scanf( ber, "{" /*}*/ );
if ( tag == LBER_ERROR ) {
return LDAP_PROTOCOL_ERROR;
}
tag = ber_peek_tag( ber, &len );
if ( tag == LDAP_TAG_EXOP_MODIFY_PASSWD_ID ) {
tag = ber_get_stringbv( ber, &tmpid, LBER_BV_NOTERM );
if ( tag == LBER_ERROR ) {
return LDAP_PROTOCOL_ERROR;
}
}
if ( !BER_BVISEMPTY( &tmpid ) ) {
char idNull = tmpid.bv_val[tmpid.bv_len];
tmpid.bv_val[tmpid.bv_len] = '\0';
rs->sr_err = dnPrettyNormal( NULL, &tmpid, &dn,
&ndn, op->o_tmpmemctx );
tmpid.bv_val[tmpid.bv_len] = idNull;
if ( rs->sr_err != LDAP_SUCCESS ) {
/* should have been successfully parsed earlier! */
return rs->sr_err;
}
freedn = 1;
} else {
dn = op->o_dn;
ndn = op->o_ndn;
}
}
isproxy = ber_bvcmp( &ndn, &op->o_ndn );
Debug( LDAP_DEBUG_ARGS, "==> ldap_back_exop_passwd(\"%s\")%s\n",
dn.bv_val, isproxy ? " (proxy)" : "", 0 );
retry:
rc = ldap_passwd( lc->lc_ld, &dn,
qpw->rs_old.bv_val ? &qpw->rs_old : NULL,
qpw->rs_new.bv_val ? &qpw->rs_new : NULL,
op->o_ctrls, NULL, &msgid );
if ( rc == LDAP_SUCCESS ) {
/* TODO: set timeout? */
/* by now, make sure no timeout is used (ITS#6282) */
struct timeval tv = { -1, 0 };
if ( ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, &tv, &res ) == -1 ) {
ldap_get_option( lc->lc_ld, LDAP_OPT_ERROR_NUMBER, &rc );
rs->sr_err = rc;
} else {
/* only touch when activity actually took place... */
if ( li->li_idle_timeout ) {
lc->lc_time = op->o_time;
}
/* sigh. parse twice, because parse_passwd
* doesn't give us the err / match / msg info.
*/
rc = ldap_parse_result( lc->lc_ld, res, &rs->sr_err,
(char **)&rs->sr_matched,
&text,
NULL, &rs->sr_ctrls, 0 );
if ( rc == LDAP_SUCCESS ) {
if ( rs->sr_err == LDAP_SUCCESS ) {
struct berval newpw;
/* this never happens because
* the frontend is generating
* the new password, so when
* the passwd exop is proxied,
* it never delegates password
* generation to the remote server
*/
rc = ldap_parse_passwd( lc->lc_ld, res,
&newpw );
if ( rc == LDAP_SUCCESS &&
!BER_BVISNULL( &newpw ) )
{
rs->sr_type = REP_EXTENDED;
rs->sr_rspdata = slap_passwd_return( &newpw );
free( newpw.bv_val );
}
} else {
rc = rs->sr_err;
}
}
ldap_msgfree( res );
}
}
if ( rc != LDAP_SUCCESS ) {
rs->sr_err = slap_map_api2result( rs );
if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
do_retry = 0;
if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
goto retry;
}
}
if ( LDAP_BACK_QUARANTINE( li ) ) {
ldap_back_quarantine( op, rs );
}
if ( text ) rs->sr_text = text;
send_ldap_extended( op, rs );
/* otherwise frontend resends result */
rc = rs->sr_err = SLAPD_ABANDON;
} else if ( LDAP_BACK_QUARANTINE( li ) ) {
ldap_back_quarantine( op, rs );
}
ldap_pvt_thread_mutex_lock( &li->li_counter_mutex );
ldap_pvt_mp_add( li->li_ops_completed[ SLAP_OP_EXTENDED ], 1 );
ldap_pvt_thread_mutex_unlock( &li->li_counter_mutex );
if ( freedn ) {
op->o_tmpfree( dn.bv_val, op->o_tmpmemctx );
op->o_tmpfree( ndn.bv_val, op->o_tmpmemctx );
}
/* these have to be freed anyway... */
if ( rs->sr_matched ) {
free( (char *)rs->sr_matched );
rs->sr_matched = NULL;
}
if ( rs->sr_ctrls ) {
ldap_controls_free( rs->sr_ctrls );
rs->sr_ctrls = NULL;
}
if ( text ) {
free( text );
rs->sr_text = NULL;
}
/* in case, cleanup handler */
if ( lc == NULL ) {
*lcp = NULL;
}
return rc;
}
static int
process_ldif_rec( char *rbuf, int linenum )
{
char *line, *dn, *newrdn, *newsup;
int rc, modop;
int expect_modop, expect_sep;
int deleteoldrdn;
int new_entry, delete_entry, got_all;
LDAPMod **pmods, *lm = NULL;
int version;
LDAPControl **pctrls;
int i, j, k, lines, idn, nmods;
struct berval *btype, *vals, **bvl, bv;
char *freeval;
unsigned char *mops = NULL;
new_entry = ldapadd;
rc = got_all = delete_entry = modop = expect_modop = 0;
expect_sep = 0;
version = 0;
deleteoldrdn = 1;
pmods = NULL;
pctrls = NULL;
dn = newrdn = newsup = NULL;
lines = ldif_countlines( rbuf );
btype = ber_memcalloc( 1, (lines+1)*2*sizeof(struct berval)+lines );
if ( !btype )
return LDAP_NO_MEMORY;
vals = btype+lines+1;
freeval = (char *)(vals+lines+1);
i = -1;
while ( rc == 0 && ( line = ldif_getline( &rbuf )) != NULL ) {
int freev;
if ( *line == '\n' || *line == '\0' ) {
break;
}
++i;
if ( line[0] == '-' && !line[1] ) {
BER_BVZERO( btype+i );
freeval[i] = 0;
continue;
}
if ( ( rc = ldif_parse_line2( line, btype+i, vals+i, &freev ) ) < 0 ) {
fprintf( stderr, _("%s: invalid format (line %d) entry: \"%s\"\n"),
prog, linenum+i, dn == NULL ? "" : dn );
rc = LDAP_PARAM_ERROR;
break;
}
freeval[i] = freev;
if ( dn == NULL ) {
if ( linenum+i == 1 && BV_CASEMATCH( btype+i, &BV_VERSION )) {
int v;
if( vals[i].bv_len == 0 || lutil_atoi( &v, vals[i].bv_val) != 0 || v != 1 ) {
fprintf( stderr,
_("%s: invalid version %s, line %d (ignored)\n"),
prog, vals[i].bv_val, linenum );
}
version++;
} else if ( BV_CASEMATCH( btype+i, &BV_DN )) {
dn = vals[i].bv_val;
idn = i;
}
/* skip all lines until we see "dn:" */
}
}
/* check to make sure there was a dn: line */
if ( !dn ) {
rc = 0;
goto leave;
}
lines = i+1;
if( lines == 0 ) {
rc = 0;
goto leave;
}
if( version && lines == 1 ) {
rc = 0;
goto leave;
}
i = idn+1;
/* Check for "control" tag after dn and before changetype. */
if ( BV_CASEMATCH( btype+i, &BV_CONTROL )) {
/* Parse and add it to the list of controls */
rc = parse_ldif_control( vals+i, &pctrls );
if (rc != 0) {
fprintf( stderr,
_("%s: Error processing %s line, line %d: %s\n"),
prog, BV_CONTROL.bv_val, linenum+i, ldap_err2string(rc) );
}
i++;
if ( i>= lines ) {
short_input:
fprintf( stderr,
_("%s: Expecting more input after %s line, line %d\n"),
prog, btype[i-1].bv_val, linenum+i );
rc = LDAP_PARAM_ERROR;
goto leave;
}
}
/* Check for changetype */
if ( BV_CASEMATCH( btype+i, &BV_CHANGETYPE )) {
#ifdef LIBERAL_CHANGETYPE_MODOP
/* trim trailing spaces (and log warning ...) */
int icnt;
for ( icnt = vals[i].bv_len; --icnt > 0; ) {
if ( !isspace( (unsigned char) vals[i].bv_val[icnt] ) ) {
break;
}
}
if ( ++icnt != vals[i].bv_len ) {
fprintf( stderr, _("%s: illegal trailing space after"
" \"%s: %s\" trimmed (line %d, entry \"%s\")\n"),
prog, BV_CHANGETYPE.bv_val, vals[i].bv_val, linenum+i, dn );
vals[i].bv_val[icnt] = '\0';
}
#endif /* LIBERAL_CHANGETYPE_MODOP */
if ( BV_CASEMATCH( vals+i, &BV_MODIFYCT )) {
new_entry = 0;
expect_modop = 1;
} else if ( BV_CASEMATCH( vals+i, &BV_ADDCT )) {
new_entry = 1;
modop = LDAP_MOD_ADD;
} else if ( BV_CASEMATCH( vals+i, &BV_MODRDNCT )
|| BV_CASEMATCH( vals+i, &BV_MODDNCT )
|| BV_CASEMATCH( vals+i, &BV_RENAMECT ))
{
i++;
if ( i >= lines )
goto short_input;
if ( !BV_CASEMATCH( btype+i, &BV_NEWRDN )) {
fprintf( stderr, _("%s: expecting \"%s:\" but saw"
" \"%s:\" (line %d, entry \"%s\")\n"),
prog, BV_NEWRDN.bv_val, btype[i].bv_val, linenum+i, dn );
rc = LDAP_PARAM_ERROR;
goto leave;
}
newrdn = vals[i].bv_val;
i++;
if ( i >= lines )
goto short_input;
if ( !BV_CASEMATCH( btype+i, &BV_DELETEOLDRDN )) {
fprintf( stderr, _("%s: expecting \"%s:\" but saw"
" \"%s:\" (line %d, entry \"%s\")\n"),
prog, BV_DELETEOLDRDN.bv_val, btype[i].bv_val, linenum+i, dn );
rc = LDAP_PARAM_ERROR;
goto leave;
}
deleteoldrdn = ( vals[i].bv_val[0] == '0' ) ? 0 : 1;
i++;
if ( i < lines ) {
if ( !BV_CASEMATCH( btype+i, &BV_NEWSUP )) {
fprintf( stderr, _("%s: expecting \"%s:\" but saw"
" \"%s:\" (line %d, entry \"%s\")\n"),
prog, BV_NEWSUP.bv_val, btype[i].bv_val, linenum+i, dn );
rc = LDAP_PARAM_ERROR;
goto leave;
}
newsup = vals[i].bv_val;
i++;
}
got_all = 1;
} else if ( BV_CASEMATCH( vals+i, &BV_DELETECT )) {
got_all = delete_entry = 1;
} else {
fprintf( stderr,
_("%s: unknown %s \"%s\" (line %d, entry \"%s\")\n"),
prog, BV_CHANGETYPE.bv_val, vals[i].bv_val, linenum+i, dn );
rc = LDAP_PARAM_ERROR;
goto leave;
}
i++;
} else if ( ldapadd ) { /* missing changetype => add */
new_entry = 1;
modop = LDAP_MOD_ADD;
} else {
expect_modop = 1; /* missing changetype => modify */
}
if ( got_all ) {
if ( i < lines ) {
fprintf( stderr,
_("%s: extra lines at end (line %d, entry \"%s\")\n"),
prog, linenum+i, dn );
rc = LDAP_PARAM_ERROR;
goto leave;
}
goto doit;
}
nmods = lines - i;
idn = i;
if ( new_entry ) {
int fv;
/* Make sure all attributes with multiple values are contiguous */
for (; i<lines; i++) {
for (j=i+1; j<lines; j++) {
if ( BV_CASEMATCH( btype+i, btype+j )) {
nmods--;
/* out of order, move intervening attributes down */
if ( j != i+1 ) {
bv = vals[j];
fv = freeval[j];
for (k=j; k>i; k--) {
btype[k] = btype[k-1];
vals[k] = vals[k-1];
freeval[k] = freeval[k-1];
}
k++;
btype[k] = btype[i];
vals[k] = bv;
freeval[k] = fv;
}
i++;
}
}
}
/* Allocate space for array of mods, array of pointers to mods,
* and array of pointers to values, allowing for NULL terminators
* for the pointer arrays...
*/
lm = ber_memalloc( nmods * sizeof(LDAPMod) +
(nmods+1) * sizeof(LDAPMod*) +
(lines + nmods - idn) * sizeof(struct berval *));
pmods = (LDAPMod **)(lm+nmods);
bvl = (struct berval **)(pmods+nmods+1);
j = 0;
k = -1;
BER_BVZERO(&bv);
for (i=idn; i<lines; i++) {
if ( BV_CASEMATCH( btype+i, &BV_DN )) {
fprintf( stderr, _("%s: attributeDescription \"%s\":"
" (possible missing newline"
" after line %d, entry \"%s\"?)\n"),
prog, btype[i].bv_val, linenum+i - 1, dn );
}
if ( !BV_CASEMATCH( btype+i, &bv )) {
bvl[k++] = NULL;
bv = btype[i];
lm[j].mod_op = LDAP_MOD_ADD | LDAP_MOD_BVALUES;
lm[j].mod_type = bv.bv_val;
lm[j].mod_bvalues = bvl+k;
pmods[j] = lm+j;
j++;
}
bvl[k++] = vals+i;
}
bvl[k] = NULL;
pmods[j] = NULL;
goto doit;
}
mops = ber_memalloc( lines+1 );
mops[lines] = M_SEP;
mops[i-1] = M_SEP;
for ( ; i<lines; i++ ) {
if ( expect_modop ) {
#ifdef LIBERAL_CHANGETYPE_MODOP
/* trim trailing spaces (and log warning ...) */
int icnt;
for ( icnt = vals[i].bv_len; --icnt > 0; ) {
if ( !isspace( (unsigned char) vals[i].bv_val[icnt] ) ) break;
}
if ( ++icnt != vals[i].bv_len ) {
fprintf( stderr, _("%s: illegal trailing space after"
" \"%s: %s\" trimmed (line %d, entry \"%s\")\n"),
prog, type, vals[i].bv_val, linenum+i, dn );
vals[i].bv_val[icnt] = '\0';
}
#endif /* LIBERAL_CHANGETYPE_MODOP */
expect_modop = 0;
expect_sep = 1;
if ( BV_CASEMATCH( btype+i, &BV_MODOPADD )) {
modop = LDAP_MOD_ADD;
mops[i] = M_SEP;
nmods--;
} else if ( BV_CASEMATCH( btype+i, &BV_MODOPREPLACE )) {
/* defer handling these since they might have no values.
* Use the BVALUES flag to signal that these were
* deferred. If values are provided later, this
* flag will be switched off.
*/
modop = LDAP_MOD_REPLACE;
mops[i] = modop | LDAP_MOD_BVALUES;
btype[i] = vals[i];
} else if ( BV_CASEMATCH( btype+i, &BV_MODOPDELETE )) {
modop = LDAP_MOD_DELETE;
mops[i] = modop | LDAP_MOD_BVALUES;
btype[i] = vals[i];
} else if ( BV_CASEMATCH( btype+i, &BV_MODOPINCREMENT )) {
modop = LDAP_MOD_INCREMENT;
mops[i] = M_SEP;
nmods--;
} else { /* no modify op: invalid LDIF */
fprintf( stderr, _("%s: modify operation type is missing at"
" line %d, entry \"%s\"\n"),
prog, linenum+i, dn );
rc = LDAP_PARAM_ERROR;
goto leave;
}
bv = vals[i];
} else if ( expect_sep && BER_BVISEMPTY( btype+i )) {
mops[i] = M_SEP;
expect_sep = 0;
expect_modop = 1;
nmods--;
} else {
if ( !BV_CASEMATCH( btype+i, &bv )) {
fprintf( stderr, _("%s: wrong attributeType at"
" line %d, entry \"%s\"\n"),
prog, linenum+i, dn );
rc = LDAP_PARAM_ERROR;
goto leave;
}
mops[i] = modop;
/* If prev op was deferred and matches this type,
* clear the flag
*/
if ( (mops[i-1] & LDAP_MOD_BVALUES)
&& BV_CASEMATCH( btype+i, btype+i-1 ))
{
mops[i-1] = M_SEP;
nmods--;
}
}
}
#if 0 /* we should faithfully encode the LDIF, not combine */
/* Make sure all modops with multiple values are contiguous */
for (i=idn; i<lines; i++) {
if ( mops[i] == M_SEP )
continue;
for (j=i+1; j<lines; j++) {
if ( mops[j] == M_SEP || mops[i] != mops[j] )
continue;
if ( BV_CASEMATCH( btype+i, btype+j )) {
nmods--;
/* out of order, move intervening attributes down */
if ( j != i+1 ) {
int c;
struct berval bv;
char fv;
c = mops[j];
bv = vals[j];
fv = freeval[j];
for (k=j; k>i; k--) {
btype[k] = btype[k-1];
vals[k] = vals[k-1];
freeval[k] = freeval[k-1];
mops[k] = mops[k-1];
}
k++;
btype[k] = btype[i];
vals[k] = bv;
freeval[k] = fv;
mops[k] = c;
}
i++;
}
}
}
#endif
/* Allocate space for array of mods, array of pointers to mods,
* and array of pointers to values, allowing for NULL terminators
* for the pointer arrays...
*/
lm = ber_memalloc( nmods * sizeof(LDAPMod) +
(nmods+1) * sizeof(LDAPMod*) +
(lines + nmods - idn) * sizeof(struct berval *));
pmods = (LDAPMod **)(lm+nmods);
bvl = (struct berval **)(pmods+nmods+1);
j = 0;
k = -1;
BER_BVZERO(&bv);
mops[idn-1] = M_SEP;
for (i=idn; i<lines; i++) {
if ( mops[i] == M_SEP )
continue;
if ( mops[i] != mops[i-1] || !BV_CASEMATCH( btype+i, &bv )) {
bvl[k++] = NULL;
bv = btype[i];
lm[j].mod_op = mops[i] | LDAP_MOD_BVALUES;
lm[j].mod_type = bv.bv_val;
if ( mops[i] & LDAP_MOD_BVALUES ) {
lm[j].mod_bvalues = NULL;
} else {
lm[j].mod_bvalues = bvl+k;
}
pmods[j] = lm+j;
j++;
}
bvl[k++] = vals+i;
}
bvl[k] = NULL;
pmods[j] = NULL;
doit:
/* If default controls are set (as with -M option) and controls are
specified in the LDIF file, we must add the default controls to
the list of controls sent with the ldap operation.
*/
if ( rc == 0 ) {
if (pctrls) {
LDAPControl **defctrls = NULL; /* Default server controls */
LDAPControl **newctrls = NULL;
ldap_get_option(ld, LDAP_OPT_SERVER_CONTROLS, &defctrls);
if (defctrls) {
int npc=0; /* Num of LDIF controls */
int ndefc=0; /* Num of default controls */
while (pctrls[npc]) npc++; /* Count LDIF controls */
while (defctrls[ndefc]) ndefc++; /* Count default controls */
newctrls = ber_memrealloc(pctrls,
(npc+ndefc+1)*sizeof(LDAPControl*));
if (newctrls == NULL) {
rc = LDAP_NO_MEMORY;
} else {
int i;
pctrls = newctrls;
for (i=npc; i<npc+ndefc; i++) {
pctrls[i] = ldap_control_dup(defctrls[i-npc]);
if (pctrls[i] == NULL) {
rc = LDAP_NO_MEMORY;
break;
}
}
pctrls[npc+ndefc] = NULL;
}
ldap_controls_free(defctrls); /* Must be freed by library */
}
}
}
if ( rc == 0 ) {
if ( delete_entry ) {
rc = dodelete( dn, pctrls );
} else if ( newrdn != NULL ) {
rc = dorename( dn, newrdn, newsup, deleteoldrdn, pctrls );
} else {
rc = domodify( dn, pmods, pctrls, new_entry );
}
if ( rc == LDAP_SUCCESS ) {
rc = 0;
}
}
leave:
if (pctrls != NULL) {
ldap_controls_free( pctrls );
}
if ( lm != NULL ) {
ber_memfree( lm );
}
if ( mops != NULL ) {
ber_memfree( mops );
}
for (i=lines-1; i>=0; i--)
if ( freeval[i] ) ber_memfree( vals[i].bv_val );
ber_memfree( btype );
return( rc );
}
/*
* handle the LDAP_RES_SEARCH_ENTRY response
*/
static int
ldap_sync_search_entry( ldap_sync_t *ls, LDAPMessage *res )
{
LDAPControl **ctrls = NULL;
int rc = LDAP_OTHER,
i;
BerElement *ber = NULL;
struct berval entryUUID = { 0 },
cookie = { 0 };
int state = -1;
ber_len_t len;
ldap_sync_refresh_t phase;
#ifdef LDAP_SYNC_TRACE
fprintf( stderr, "\tgot LDAP_RES_SEARCH_ENTRY\n" );
#endif /* LDAP_SYNC_TRACE */
assert( ls != NULL );
assert( res != NULL );
phase = ls->ls_refreshPhase;
/* OK */
/* extract:
* - data
* - entryUUID
*
* check that:
* - Sync State Control is "add"
*/
/* the control MUST be present */
/* extract controls */
ldap_get_entry_controls( ls->ls_ld, res, &ctrls );
if ( ctrls == NULL ) {
goto done;
}
/* lookup the sync state control */
for ( i = 0; ctrls[ i ] != NULL; i++ ) {
if ( strcmp( ctrls[ i ]->ldctl_oid, LDAP_CONTROL_SYNC_STATE ) == 0 ) {
break;
}
}
/* control must be present; there might be other... */
if ( ctrls[ i ] == NULL ) {
goto done;
}
/* extract data */
ber = ber_init( &ctrls[ i ]->ldctl_value );
if ( ber == NULL ) {
goto done;
}
/* scan entryUUID in-place ("m") */
if ( ber_scanf( ber, "{em" /*"}"*/, &state, &entryUUID ) == LBER_ERROR
|| entryUUID.bv_len == 0 )
{
goto done;
}
if ( ber_peek_tag( ber, &len ) == LDAP_TAG_SYNC_COOKIE ) {
/* scan cookie in-place ("m") */
if ( ber_scanf( ber, /*"{"*/ "m}", &cookie ) == LBER_ERROR ) {
goto done;
}
if ( cookie.bv_val != NULL ) {
ber_bvreplace( &ls->ls_cookie, &cookie );
}
#ifdef LDAP_SYNC_TRACE
fprintf( stderr, "\t\tgot cookie=%s\n",
cookie.bv_val ? cookie.bv_val : "(null)" );
#endif /* LDAP_SYNC_TRACE */
}
switch ( state ) {
case LDAP_SYNC_PRESENT:
case LDAP_SYNC_DELETE:
case LDAP_SYNC_ADD:
case LDAP_SYNC_MODIFY:
/* NOTE: ldap_sync_refresh_t is defined
* as the corresponding LDAP_SYNC_*
* for the 4 above cases */
phase = state;
#ifdef LDAP_SYNC_TRACE
fprintf( stderr, "\t\tgot syncState=%s\n", ldap_sync_state2str( state ) );
#endif /* LDAP_SYNC_TRACE */
break;
default:
#ifdef LDAP_SYNC_TRACE
fprintf( stderr, "\t\tgot unknown syncState=%d\n", state );
#endif /* LDAP_SYNC_TRACE */
goto done;
}
rc = ls->ls_search_entry
? ls->ls_search_entry( ls, res, &entryUUID, phase )
: LDAP_SUCCESS;
done:;
if ( ber != NULL ) {
ber_free( ber, 1 );
}
if ( ctrls != NULL ) {
ldap_controls_free( ctrls );
}
return rc;
}
static int
pblock_set( Slapi_PBlock *pb, int param, void *value )
{
int rc = PBLOCK_SUCCESS;
pblock_lock( pb );
switch ( param ) {
case SLAPI_OPERATION:
pb->pb_op = (Operation *)value;
break;
case SLAPI_OPINITIATED_TIME:
PBLOCK_ASSERT_OP( pb, 0 );
pb->pb_op->o_time = *((long *)value);
break;
case SLAPI_OPERATION_ID:
PBLOCK_ASSERT_OP( pb, 0 );
pb->pb_op->o_opid = *((long *)value);
break;
case SLAPI_OPERATION_TYPE:
PBLOCK_ASSERT_OP( pb, 0 );
pb->pb_op->o_tag = *((ber_tag_t *)value);
break;
case SLAPI_OPERATION_MSGID:
PBLOCK_ASSERT_OP( pb, 0 );
pb->pb_op->o_msgid = *((long *)value);
break;
case SLAPI_X_OPERATION_DELETE_GLUE_PARENT:
PBLOCK_ASSERT_OP( pb, 0 );
pb->pb_op->o_delete_glue_parent = *((int *)value);
break;
case SLAPI_X_OPERATION_NO_SCHEMA_CHECK:
PBLOCK_ASSERT_OP( pb, 0 );
pb->pb_op->o_no_schema_check = *((int *)value);
break;
case SLAPI_X_OPERATION_NO_SUBORDINATE_GLUE:
PBLOCK_ASSERT_OP( pb, 0 );
pb->pb_op->o_no_subordinate_glue = *((int *)value);
break;
case SLAPI_REQCONTROLS:
PBLOCK_ASSERT_OP( pb, 0 );
pb->pb_op->o_ctrls = (LDAPControl **)value;
break;
case SLAPI_RESCONTROLS: {
LDAPControl **ctrls = NULL;
pblock_get_default( pb, param, (void **)&ctrls );
if ( ctrls != NULL ) {
/* free old ones first */
ldap_controls_free( ctrls );
}
rc = pblock_set_default( pb, param, value );
break;
}
case SLAPI_ADD_RESCONTROL:
PBLOCK_ASSERT_OP( pb, 0 );
rc = pblock_add_control( pb, (LDAPControl *)value );
break;
case SLAPI_REQUESTOR_DN:
PBLOCK_ASSERT_OP( pb, 0 );
rc = pblock_set_dn( value, &pb->pb_op->o_dn, &pb->pb_op->o_ndn, pb->pb_op->o_tmpmemctx );
break;
case SLAPI_MANAGEDSAIT:
PBLOCK_ASSERT_OP( pb, 0 );
pb->pb_op->o_managedsait = *((int *)value);
break;
case SLAPI_X_RELAX:
PBLOCK_ASSERT_OP( pb, 0 );
pb->pb_op->o_relax = *((int *)value);
break;
case SLAPI_BACKEND:
PBLOCK_ASSERT_OP( pb, 0 );
pb->pb_op->o_bd = (BackendDB *)value;
break;
case SLAPI_CONNECTION:
pb->pb_conn = (Connection *)value;
break;
case SLAPI_X_CONN_SSF:
PBLOCK_ASSERT_CONN( pb );
PBLOCK_LOCK_CONN( pb );
pb->pb_conn->c_ssf = (slap_ssf_t)(long)value;
PBLOCK_UNLOCK_CONN( pb );
break;
case SLAPI_X_CONN_SASL_CONTEXT:
PBLOCK_ASSERT_CONN( pb );
PBLOCK_LOCK_CONN( pb );
pb->pb_conn->c_sasl_authctx = value;
PBLOCK_UNLOCK_CONN( pb );
break;
case SLAPI_TARGET_DN:
PBLOCK_ASSERT_OP( pb, 0 );
rc = pblock_set_dn( value, &pb->pb_op->o_req_dn, &pb->pb_op->o_req_ndn, pb->pb_op->o_tmpmemctx );
break;
case SLAPI_CONN_ID:
PBLOCK_ASSERT_CONN( pb );
PBLOCK_LOCK_CONN( pb );
pb->pb_conn->c_connid = *((long *)value);
PBLOCK_UNLOCK_CONN( pb );
break;
case SLAPI_CONN_DN:
PBLOCK_ASSERT_CONN( pb );
PBLOCK_LOCK_CONN( pb );
rc = pblock_set_dn( value, &pb->pb_conn->c_dn, &pb->pb_conn->c_ndn, NULL );
PBLOCK_UNLOCK_CONN( pb );
break;
case SLAPI_RESULT_CODE:
case SLAPI_PLUGIN_INTOP_RESULT:
PBLOCK_ASSERT_OP( pb, 0 );
pb->pb_rs->sr_err = *((int *)value);
break;
case SLAPI_RESULT_TEXT:
PBLOCK_ASSERT_OP( pb, 0 );
snprintf( pb->pb_textbuf, sizeof( pb->pb_textbuf ), "%s", (char *)value );
pb->pb_rs->sr_text = pb->pb_textbuf;
break;
case SLAPI_RESULT_MATCHED:
PBLOCK_ASSERT_OP( pb, 0 );
pb->pb_rs->sr_matched = (char *)value; /* XXX should dup? */
break;
case SLAPI_ADD_ENTRY:
PBLOCK_ASSERT_OP( pb, 0 );
if ( pb->pb_op->o_tag == LDAP_REQ_ADD )
pb->pb_op->ora_e = (Slapi_Entry *)value;
else
rc = PBLOCK_ERROR;
break;
case SLAPI_MODIFY_MODS: {
Modifications **mlp;
Modifications *newmods;
PBLOCK_ASSERT_OP( pb, 0 );
rc = pblock_set_default( pb, param, value );
if ( rc != PBLOCK_SUCCESS ) {
break;
}
if ( pb->pb_op->o_tag == LDAP_REQ_MODIFY ) {
mlp = &pb->pb_op->orm_modlist;
} else if ( pb->pb_op->o_tag == LDAP_REQ_ADD ) {
mlp = &pb->pb_op->ora_modlist;
} else if ( pb->pb_op->o_tag == LDAP_REQ_MODRDN ) {
mlp = &pb->pb_op->orr_modlist;
} else {
break;
}
newmods = slapi_int_ldapmods2modifications( pb->pb_op, (LDAPMod **)value );
if ( newmods != NULL ) {
slap_mods_free( *mlp, 1 );
*mlp = newmods;
}
break;
}
case SLAPI_MODRDN_NEWRDN:
PBLOCK_ASSERT_OP( pb, 0 );
PBLOCK_VALIDATE_IS_INTOP( pb );
if ( pb->pb_op->o_tag == LDAP_REQ_MODRDN ) {
rc = pblock_set_dn( value, &pb->pb_op->orr_newrdn, &pb->pb_op->orr_nnewrdn, pb->pb_op->o_tmpmemctx );
if ( rc == LDAP_SUCCESS )
rc = rdn_validate( &pb->pb_op->orr_nnewrdn );
} else {
rc = PBLOCK_ERROR;
}
break;
case SLAPI_MODRDN_NEWSUPERIOR:
PBLOCK_ASSERT_OP( pb, 0 );
PBLOCK_VALIDATE_IS_INTOP( pb );
if ( pb->pb_op->o_tag == LDAP_REQ_MODRDN ) {
if ( value == NULL ) {
if ( pb->pb_op->orr_newSup != NULL ) {
pb->pb_op->o_tmpfree( pb->pb_op->orr_newSup, pb->pb_op->o_tmpmemctx );
BER_BVZERO( pb->pb_op->orr_newSup );
pb->pb_op->orr_newSup = NULL;
}
if ( pb->pb_op->orr_newSup != NULL ) {
pb->pb_op->o_tmpfree( pb->pb_op->orr_nnewSup, pb->pb_op->o_tmpmemctx );
BER_BVZERO( pb->pb_op->orr_nnewSup );
pb->pb_op->orr_nnewSup = NULL;
}
} else {
if ( pb->pb_op->orr_newSup == NULL ) {
pb->pb_op->orr_newSup = (struct berval *)pb->pb_op->o_tmpalloc(
sizeof(struct berval), pb->pb_op->o_tmpmemctx );
BER_BVZERO( pb->pb_op->orr_newSup );
}
if ( pb->pb_op->orr_nnewSup == NULL ) {
pb->pb_op->orr_nnewSup = (struct berval *)pb->pb_op->o_tmpalloc(
sizeof(struct berval), pb->pb_op->o_tmpmemctx );
BER_BVZERO( pb->pb_op->orr_nnewSup );
}
rc = pblock_set_dn( value, pb->pb_op->orr_newSup, pb->pb_op->orr_nnewSup, pb->pb_op->o_tmpmemctx );
}
} else {
rc = PBLOCK_ERROR;
}
break;
case SLAPI_MODRDN_DELOLDRDN:
PBLOCK_ASSERT_OP( pb, 0 );
PBLOCK_VALIDATE_IS_INTOP( pb );
if ( pb->pb_op->o_tag == LDAP_REQ_MODRDN )
pb->pb_op->orr_deleteoldrdn = *((int *)value);
else
rc = PBLOCK_ERROR;
break;
case SLAPI_SEARCH_SCOPE: {
int scope = *((int *)value);
PBLOCK_ASSERT_OP( pb, 0 );
if ( pb->pb_op->o_tag == LDAP_REQ_SEARCH ) {
switch ( *((int *)value) ) {
case LDAP_SCOPE_BASE:
case LDAP_SCOPE_ONELEVEL:
case LDAP_SCOPE_SUBTREE:
case LDAP_SCOPE_SUBORDINATE:
pb->pb_op->ors_scope = scope;
break;
default:
rc = PBLOCK_ERROR;
break;
}
} else {
rc = PBLOCK_ERROR;
}
break;
}
case SLAPI_SEARCH_DEREF:
PBLOCK_ASSERT_OP( pb, 0 );
if ( pb->pb_op->o_tag == LDAP_REQ_SEARCH )
pb->pb_op->ors_deref = *((int *)value);
else
rc = PBLOCK_ERROR;
break;
case SLAPI_SEARCH_SIZELIMIT:
PBLOCK_ASSERT_OP( pb, 0 );
if ( pb->pb_op->o_tag == LDAP_REQ_SEARCH )
pb->pb_op->ors_slimit = *((int *)value);
else
rc = PBLOCK_ERROR;
break;
case SLAPI_SEARCH_TIMELIMIT:
PBLOCK_ASSERT_OP( pb, 0 );
if ( pb->pb_op->o_tag == LDAP_REQ_SEARCH )
pb->pb_op->ors_tlimit = *((int *)value);
else
rc = PBLOCK_ERROR;
break;
case SLAPI_SEARCH_FILTER:
PBLOCK_ASSERT_OP( pb, 0 );
if ( pb->pb_op->o_tag == LDAP_REQ_SEARCH )
pb->pb_op->ors_filter = (Slapi_Filter *)value;
else
rc = PBLOCK_ERROR;
break;
case SLAPI_SEARCH_STRFILTER:
PBLOCK_ASSERT_OP( pb, 0 );
if ( pb->pb_op->o_tag == LDAP_REQ_SEARCH ) {
pb->pb_op->ors_filterstr.bv_val = (char *)value;
pb->pb_op->ors_filterstr.bv_len = strlen((char *)value);
} else {
rc = PBLOCK_ERROR;
}
break;
case SLAPI_SEARCH_ATTRS: {
AttributeName *an = NULL;
size_t i = 0, j = 0;
char **attrs = (char **)value;
PBLOCK_ASSERT_OP( pb, 0 );
PBLOCK_VALIDATE_IS_INTOP( pb );
if ( pb->pb_op->o_tag != LDAP_REQ_SEARCH ) {
rc = PBLOCK_ERROR;
break;
}
/* also set mapped attrs */
rc = pblock_set_default( pb, param, value );
if ( rc != PBLOCK_SUCCESS ) {
break;
}
if ( pb->pb_op->ors_attrs != NULL ) {
pb->pb_op->o_tmpfree( pb->pb_op->ors_attrs, pb->pb_op->o_tmpmemctx );
pb->pb_op->ors_attrs = NULL;
}
if ( attrs != NULL ) {
for ( i = 0; attrs[i] != NULL; i++ )
;
}
if ( i ) {
an = (AttributeName *)pb->pb_op->o_tmpcalloc( i + 1,
sizeof(AttributeName), pb->pb_op->o_tmpmemctx );
for ( i = 0; attrs[i] != NULL; i++ ) {
an[j].an_desc = NULL;
an[j].an_oc = NULL;
an[j].an_flags = 0;
an[j].an_name.bv_val = attrs[i];
an[j].an_name.bv_len = strlen( attrs[i] );
if ( slap_bv2ad( &an[j].an_name, &an[j].an_desc, &pb->pb_rs->sr_text ) == LDAP_SUCCESS ) {
j++;
}
}
an[j].an_name.bv_val = NULL;
an[j].an_name.bv_len = 0;
}
pb->pb_op->ors_attrs = an;
break;
}
case SLAPI_SEARCH_ATTRSONLY:
PBLOCK_ASSERT_OP( pb, 0 );
PBLOCK_VALIDATE_IS_INTOP( pb );
if ( pb->pb_op->o_tag == LDAP_REQ_SEARCH )
pb->pb_op->ors_attrsonly = *((int *)value);
else
rc = PBLOCK_ERROR;
break;
case SLAPI_SEARCH_RESULT_ENTRY:
PBLOCK_ASSERT_OP( pb, 0 );
rs_replace_entry( pb->pb_op, pb->pb_rs, NULL, (Slapi_Entry *)value );
/* TODO: Should REP_ENTRY_MODIFIABLE be set? */
pb->pb_rs->sr_flags |= REP_ENTRY_MUSTBEFREED;
break;
case SLAPI_BIND_RET_SASLCREDS:
PBLOCK_ASSERT_OP( pb, 0 );
pb->pb_rs->sr_sasldata = (struct berval *)value;
break;
case SLAPI_EXT_OP_REQ_OID:
PBLOCK_ASSERT_OP( pb, 0 );
PBLOCK_VALIDATE_IS_INTOP( pb );
if ( pb->pb_op->o_tag == LDAP_REQ_EXTENDED ) {
pb->pb_op->ore_reqoid.bv_val = (char *)value;
pb->pb_op->ore_reqoid.bv_len = strlen((char *)value);
} else {
rc = PBLOCK_ERROR;
}
break;
case SLAPI_EXT_OP_REQ_VALUE:
PBLOCK_ASSERT_OP( pb, 0 );
PBLOCK_VALIDATE_IS_INTOP( pb );
if ( pb->pb_op->o_tag == LDAP_REQ_EXTENDED )
pb->pb_op->ore_reqdata = (struct berval *)value;
else
rc = PBLOCK_ERROR;
break;
case SLAPI_EXT_OP_RET_OID:
PBLOCK_ASSERT_OP( pb, 0 );
pb->pb_rs->sr_rspoid = (char *)value;
break;
case SLAPI_EXT_OP_RET_VALUE:
PBLOCK_ASSERT_OP( pb, 0 );
pb->pb_rs->sr_rspdata = (struct berval *)value;
break;
case SLAPI_BIND_METHOD:
PBLOCK_ASSERT_OP( pb, 0 );
PBLOCK_VALIDATE_IS_INTOP( pb );
if ( pb->pb_op->o_tag == LDAP_REQ_BIND )
pb->pb_op->orb_method = *((int *)value);
else
rc = PBLOCK_ERROR;
break;
case SLAPI_BIND_CREDENTIALS:
PBLOCK_ASSERT_OP( pb, 0 );
PBLOCK_VALIDATE_IS_INTOP( pb );
if ( pb->pb_op->o_tag == LDAP_REQ_BIND )
pb->pb_op->orb_cred = *((struct berval *)value);
else
rc = PBLOCK_ERROR;
break;
case SLAPI_COMPARE_TYPE:
PBLOCK_ASSERT_OP( pb, 0 );
PBLOCK_VALIDATE_IS_INTOP( pb );
if ( pb->pb_op->o_tag == LDAP_REQ_COMPARE ) {
const char *text;
pb->pb_op->orc_ava->aa_desc = NULL;
rc = slap_str2ad( (char *)value, &pb->pb_op->orc_ava->aa_desc, &text );
} else {
rc = PBLOCK_ERROR;
}
break;
case SLAPI_COMPARE_VALUE:
PBLOCK_ASSERT_OP( pb, 0 );
PBLOCK_VALIDATE_IS_INTOP( pb );
if ( pb->pb_op->o_tag == LDAP_REQ_COMPARE )
pb->pb_op->orc_ava->aa_value = *((struct berval *)value);
else
rc = PBLOCK_ERROR;
break;
case SLAPI_ABANDON_MSGID:
PBLOCK_ASSERT_OP( pb, 0 );
PBLOCK_VALIDATE_IS_INTOP( pb );
if ( pb->pb_op->o_tag == LDAP_REQ_ABANDON)
pb->pb_op->orn_msgid = *((int *)value);
else
rc = PBLOCK_ERROR;
break;
case SLAPI_REQUESTOR_ISROOT:
case SLAPI_IS_REPLICATED_OPERATION:
case SLAPI_CONN_AUTHTYPE:
case SLAPI_CONN_AUTHMETHOD:
case SLAPI_IS_INTERNAL_OPERATION:
case SLAPI_X_CONN_IS_UDP:
case SLAPI_CONN_CLIENTIP:
case SLAPI_X_CONN_CLIENTPATH:
case SLAPI_CONN_SERVERIP:
case SLAPI_X_CONN_SERVERPATH:
case SLAPI_X_ADD_STRUCTURAL_CLASS:
/* These parameters cannot be set */
rc = PBLOCK_ERROR;
break;
default:
rc = pblock_set_default( pb, param, value );
break;
}
pblock_unlock( pb );
return rc;
}
static int domodrdn(
LDAP *ld,
char *dn,
char *rdn,
char *newSuperior,
int remove ) /* flag: remove old RDN */
{
int rc, code, id;
char *matcheddn=NULL, *text=NULL, **refs=NULL;
LDAPControl **ctrls = NULL;
LDAPMessage *res;
if ( verbose ) {
printf( _("Renaming \"%s\"\n"), dn );
printf( _("\tnew rdn=\"%s\" (%s old rdn)\n"),
rdn, remove ? _("delete") : _("keep") );
if( newSuperior != NULL ) {
printf(_("\tnew parent=\"%s\"\n"), newSuperior);
}
}
if( dont ) return LDAP_SUCCESS;
rc = ldap_rename( ld, dn, rdn, newSuperior, remove,
NULL, NULL, &id );
if ( rc != LDAP_SUCCESS ) {
fprintf( stderr, "%s: ldap_rename: %s (%d)\n",
prog, ldap_err2string( rc ), rc );
return rc;
}
for ( ; ; ) {
struct timeval tv = { 0, 0 };
if ( tool_check_abandon( ld, id ) ) {
return LDAP_CANCELLED;
}
tv.tv_sec = 0;
tv.tv_usec = 100000;
rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, &tv, &res );
if ( rc < 0 ) {
tool_perror( "ldap_result", rc, NULL, NULL, NULL, NULL );
return rc;
}
if ( rc != 0 ) {
break;
}
}
rc = ldap_parse_result( ld, res, &code, &matcheddn, &text, &refs, &ctrls, 1 );
if( rc != LDAP_SUCCESS ) {
fprintf( stderr, "%s: ldap_parse_result: %s (%d)\n",
prog, ldap_err2string( rc ), rc );
return rc;
}
if( verbose || code != LDAP_SUCCESS ||
(matcheddn && *matcheddn) || (text && *text) || (refs && *refs) )
{
printf( _("Rename Result: %s (%d)\n"),
ldap_err2string( code ), code );
if( text && *text ) {
printf( _("Additional info: %s\n"), text );
}
if( matcheddn && *matcheddn ) {
printf( _("Matched DN: %s\n"), matcheddn );
}
if( refs ) {
int i;
for( i=0; refs[i]; i++ ) {
printf(_("Referral: %s\n"), refs[i] );
}
}
}
if (ctrls) {
tool_print_ctrls( ld, ctrls );
ldap_controls_free( ctrls );
}
ber_memfree( text );
ber_memfree( matcheddn );
ber_memvfree( (void **) refs );
return code;
}
int asyncmeta_handle_common_result(LDAPMessage *msg, a_metaconn_t *mc, bm_context_t *bc, int candidate)
{
a_metainfo_t *mi;
a_metatarget_t *mt;
a_metasingleconn_t *msc;
const char *save_text = NULL,
*save_matched = NULL;
BerVarray save_ref = NULL;
LDAPControl **save_ctrls = NULL;
void *matched_ctx = NULL;
char *matched = NULL;
char *text = NULL;
char **refs = NULL;
LDAPControl **ctrls = NULL;
Operation *op;
SlapReply *rs;
int rc;
mi = mc->mc_info;
mt = mi->mi_targets[ candidate ];
msc = &mc->mc_conns[ candidate ];
op = bc->op;
rs = &bc->rs;
save_text = rs->sr_text,
save_matched = rs->sr_matched;
save_ref = rs->sr_ref;
save_ctrls = rs->sr_ctrls;
rs->sr_text = NULL;
rs->sr_matched = NULL;
rs->sr_ref = NULL;
rs->sr_ctrls = NULL;
/* only touch when activity actually took place... */
if ( mi->mi_idle_timeout != 0 ) {
asyncmeta_set_msc_time(msc);
}
rc = ldap_parse_result( msc->msc_ldr, msg, &rs->sr_err,
&matched, &text, &refs, &ctrls, 0 );
if ( rc == LDAP_SUCCESS ) {
rs->sr_text = text;
} else {
rs->sr_err = rc;
}
rs->sr_err = slap_map_api2result( rs );
/* RFC 4511: referrals can only appear
* if result code is LDAP_REFERRAL */
if ( refs != NULL
&& refs[ 0 ] != NULL
&& refs[ 0 ][ 0 ] != '\0' )
{
if ( rs->sr_err != LDAP_REFERRAL ) {
Debug( LDAP_DEBUG_ANY,
"%s asyncmeta_handle_common_result[%d]: "
"got referrals with err=%d\n",
op->o_log_prefix,
candidate, rs->sr_err );
} else {
int i;
for ( i = 0; refs[ i ] != NULL; i++ )
/* count */ ;
rs->sr_ref = op->o_tmpalloc( sizeof( struct berval ) * ( i + 1 ),
op->o_tmpmemctx );
for ( i = 0; refs[ i ] != NULL; i++ ) {
ber_str2bv( refs[ i ], 0, 0, &rs->sr_ref[ i ] );
}
BER_BVZERO( &rs->sr_ref[ i ] );
}
} else if ( rs->sr_err == LDAP_REFERRAL ) {
Debug( LDAP_DEBUG_ANY,
"%s asyncmeta_handle_common_result[%d]: "
"got err=%d with null "
"or empty referrals\n",
op->o_log_prefix,
candidate, rs->sr_err );
rs->sr_err = LDAP_NO_SUCH_OBJECT;
}
if ( ctrls != NULL ) {
rs->sr_ctrls = ctrls;
}
/* if the error in the reply structure is not
* LDAP_SUCCESS, try to map it from client
* to server error */
if ( !LDAP_ERR_OK( rs->sr_err ) ) {
rs->sr_err = slap_map_api2result( rs );
/* internal ops ( op->o_conn == NULL )
* must not reply to client */
if ( op->o_conn && !op->o_do_not_cache && matched ) {
/* record the (massaged) matched
* DN into the reply structure */
rs->sr_matched = matched;
}
}
if ( META_BACK_TGT_QUARANTINE( mt ) ) {
asyncmeta_quarantine( op, mi, rs, candidate );
}
if ( matched != NULL ) {
struct berval dn, pdn;
ber_str2bv( matched, 0, 0, &dn );
if ( dnPretty( NULL, &dn, &pdn, op->o_tmpmemctx ) == LDAP_SUCCESS ) {
ldap_memfree( matched );
matched_ctx = op->o_tmpmemctx;
matched = pdn.bv_val;
}
rs->sr_matched = matched;
}
if ( rs->sr_err == LDAP_UNAVAILABLE || rs->sr_err == LDAP_SERVER_DOWN ) {
if ( rs->sr_text == NULL ) {
rs->sr_text = "Target is unavailable";
}
}
ldap_pvt_thread_mutex_lock( &mc->mc_om_mutex );
asyncmeta_drop_bc( mc, bc);
ldap_pvt_thread_mutex_unlock( &mc->mc_om_mutex );
if ( op->o_conn ) {
asyncmeta_send_ldap_result(bc, op, rs);
}
if ( matched ) {
op->o_tmpfree( (char *)rs->sr_matched, matched_ctx );
}
if ( text ) {
ldap_memfree( text );
}
if ( rs->sr_ref ) {
op->o_tmpfree( rs->sr_ref, op->o_tmpmemctx );
rs->sr_ref = NULL;
}
if ( refs ) {
ber_memvfree( (void **)refs );
}
if ( ctrls ) {
assert( rs->sr_ctrls != NULL );
ldap_controls_free( ctrls );
}
rs->sr_text = save_text;
rs->sr_matched = save_matched;
rs->sr_ref = save_ref;
rs->sr_ctrls = save_ctrls;
rc = (LDAP_ERR_OK( rs->sr_err ) ? LDAP_SUCCESS : rs->sr_err);
ldap_pvt_thread_mutex_lock( &mc->mc_om_mutex );
asyncmeta_clear_bm_context(bc);
ldap_pvt_thread_mutex_unlock( &mc->mc_om_mutex );
return rc;
}
static int
asyncmeta_send_entry(
Operation *op,
SlapReply *rs,
a_metaconn_t *mc,
int target,
LDAPMessage *e )
{
a_metainfo_t *mi = mc->mc_info;
struct berval a, mapped = BER_BVNULL;
int check_sorted_attrs = 0;
Entry ent = {0};
BerElement ber = *ldap_get_message_ber( e );
Attribute *attr, **attrp;
struct berval bdn,
dn = BER_BVNULL;
const char *text;
a_dncookie dc;
ber_len_t len;
int rc;
void *mem_mark;
mem_mark = slap_sl_mark( op->o_tmpmemctx );
ber_set_option( &ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
if ( ber_scanf( &ber, "l{", &len ) == LBER_ERROR ) {
return LDAP_DECODING_ERROR;
}
if ( ber_set_option( &ber, LBER_OPT_REMAINING_BYTES, &len ) != LBER_OPT_SUCCESS ) {
return LDAP_OTHER;
}
if ( ber_scanf( &ber, "m{", &bdn ) == LBER_ERROR ) {
return LDAP_DECODING_ERROR;
}
/*
* Rewrite the dn of the result, if needed
*/
dc.op = op;
dc.target = mi->mi_targets[ target ];
dc.memctx = op->o_tmpmemctx;
dc.to_from = MASSAGE_REP;
asyncmeta_dn_massage( &dc, &bdn, &dn );
/*
* Note: this may fail if the target host(s) schema differs
* from the one known to the meta, and a DN with unknown
* attributes is returned.
*
* FIXME: should we log anything, or delegate to dnNormalize?
*/
rc = dnPrettyNormal( NULL, &dn, &ent.e_name, &ent.e_nname,
op->o_tmpmemctx );
if ( dn.bv_val != bdn.bv_val ) {
op->o_tmpfree( dn.bv_val, op->o_tmpmemctx );
}
BER_BVZERO( &dn );
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY,
"%s asyncmeta_send_entry(\"%s\"): "
"invalid DN syntax\n",
op->o_log_prefix, ent.e_name.bv_val );
rc = LDAP_INVALID_DN_SYNTAX;
goto done;
}
/*
* cache dn
*/
if ( mi->mi_cache.ttl != META_DNCACHE_DISABLED ) {
( void )asyncmeta_dncache_update_entry( &mi->mi_cache,
&ent.e_nname, target );
}
attrp = &ent.e_attrs;
while ( ber_scanf( &ber, "{m", &a ) != LBER_ERROR ) {
int last = 0;
slap_syntax_validate_func *validate;
slap_syntax_transform_func *pretty;
if ( ber_pvt_ber_remaining( &ber ) < 0 ) {
Debug( LDAP_DEBUG_ANY,
"%s asyncmeta_send_entry(\"%s\"): "
"unable to parse attr \"%s\".\n",
op->o_log_prefix, ent.e_name.bv_val, a.bv_val );
rc = LDAP_OTHER;
goto done;
}
if ( ber_pvt_ber_remaining( &ber ) == 0 ) {
break;
}
attr = op->o_tmpcalloc( 1, sizeof(Attribute), op->o_tmpmemctx );
if ( slap_bv2ad( &a, &attr->a_desc, &text )
!= LDAP_SUCCESS) {
if ( slap_bv2undef_ad( &a, &attr->a_desc, &text,
SLAP_AD_PROXIED ) != LDAP_SUCCESS )
{
Debug(LDAP_DEBUG_ANY,
"%s meta_send_entry(\"%s\"): " "slap_bv2undef_ad(%s): %s\n",
op->o_log_prefix, ent.e_name.bv_val,
mapped.bv_val, text );
( void )ber_scanf( &ber, "x" /* [W] */ );
op->o_tmpfree( attr, op->o_tmpmemctx );
continue;
}
}
if ( attr->a_desc->ad_type->sat_flags & SLAP_AT_SORTED_VAL )
check_sorted_attrs = 1;
/* no subschemaSubentry */
if ( attr->a_desc == slap_schema.si_ad_subschemaSubentry
|| attr->a_desc == slap_schema.si_ad_entryDN )
{
/*
* We eat target's subschemaSubentry because
* a search for this value is likely not
* to resolve to the appropriate backend;
* later, the local subschemaSubentry is
* added.
*
* We also eat entryDN because the frontend
* will reattach it without checking if already
* present...
*/
( void )ber_scanf( &ber, "x" /* [W] */ );
op->o_tmpfree( attr, op->o_tmpmemctx );
continue;
}
if ( ber_scanf( &ber, "[W]", &attr->a_vals ) == LBER_ERROR
|| attr->a_vals == NULL )
{
attr->a_vals = (struct berval *)&slap_dummy_bv;
} else {
for ( last = 0; !BER_BVISNULL( &attr->a_vals[ last ] ); ++last )
;
}
attr->a_numvals = last;
validate = attr->a_desc->ad_type->sat_syntax->ssyn_validate;
pretty = attr->a_desc->ad_type->sat_syntax->ssyn_pretty;
if ( !validate && !pretty ) {
ber_bvarray_free_x( attr->a_vals, op->o_tmpmemctx );
op->o_tmpfree( attr, op->o_tmpmemctx );
goto next_attr;
}
/*
* It is necessary to try to rewrite attributes with
* dn syntax because they might be used in ACLs as
* members of groups; since ACLs are applied to the
* rewritten stuff, no dn-based subecj clause could
* be used at the ldap backend side (see
* http://www.OpenLDAP.org/faq/data/cache/452.html)
* The problem can be overcome by moving the dn-based
* ACLs to the target directory server, and letting
* everything pass thru the ldap backend.
*/
{
int i;
if ( attr->a_desc->ad_type->sat_syntax ==
slap_schema.si_syn_distinguishedName )
{
asyncmeta_dnattr_result_rewrite( &dc, attr->a_vals );
} else if ( attr->a_desc == slap_schema.si_ad_ref ) {
asyncmeta_referral_result_rewrite( &dc, attr->a_vals );
}
for ( i = 0; i < last; i++ ) {
struct berval pval;
int rc;
if ( pretty ) {
rc = ordered_value_pretty( attr->a_desc,
&attr->a_vals[i], &pval, op->o_tmpmemctx );
} else {
rc = ordered_value_validate( attr->a_desc,
&attr->a_vals[i], 0 );
}
if ( rc ) {
ber_memfree_x( attr->a_vals[i].bv_val, op->o_tmpmemctx );
if ( --last == i ) {
BER_BVZERO( &attr->a_vals[ i ] );
break;
}
attr->a_vals[i] = attr->a_vals[last];
BER_BVZERO( &attr->a_vals[last] );
i--;
continue;
}
if ( pretty ) {
ber_memfree_x( attr->a_vals[i].bv_val, op->o_tmpmemctx );
attr->a_vals[i] = pval;
}
}
if ( last == 0 && attr->a_vals != &slap_dummy_bv ) {
ber_bvarray_free_x( attr->a_vals, op->o_tmpmemctx );
op->o_tmpfree( attr, op->o_tmpmemctx );
goto next_attr;
}
}
if ( last && attr->a_desc->ad_type->sat_equality &&
attr->a_desc->ad_type->sat_equality->smr_normalize )
{
int i;
attr->a_nvals = op->o_tmpalloc( ( last + 1 ) * sizeof( struct berval ), op->o_tmpmemctx );
for ( i = 0; i<last; i++ ) {
/* if normalizer fails, drop this value */
if ( ordered_value_normalize(
SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
attr->a_desc,
attr->a_desc->ad_type->sat_equality,
&attr->a_vals[i], &attr->a_nvals[i],
op->o_tmpmemctx )) {
ber_memfree_x( attr->a_vals[i].bv_val, op->o_tmpmemctx );
if ( --last == i ) {
BER_BVZERO( &attr->a_vals[ i ] );
break;
}
attr->a_vals[i] = attr->a_vals[last];
BER_BVZERO( &attr->a_vals[last] );
i--;
}
}
BER_BVZERO( &attr->a_nvals[i] );
if ( last == 0 ) {
ber_bvarray_free_x( attr->a_vals, op->o_tmpmemctx );
ber_bvarray_free_x( attr->a_nvals, op->o_tmpmemctx );
op->o_tmpfree( attr, op->o_tmpmemctx );
goto next_attr;
}
} else {
attr->a_nvals = attr->a_vals;
}
attr->a_numvals = last;
*attrp = attr;
attrp = &attr->a_next;
next_attr:;
}
/* Check for sorted attributes */
if ( check_sorted_attrs ) {
for ( attr = ent.e_attrs; attr; attr = attr->a_next ) {
if ( attr->a_desc->ad_type->sat_flags & SLAP_AT_SORTED_VAL ) {
while ( attr->a_numvals > 1 ) {
int i;
int rc = slap_sort_vals( (Modifications *)attr, &text, &i, op->o_tmpmemctx );
if ( rc != LDAP_TYPE_OR_VALUE_EXISTS )
break;
/* Strip duplicate values */
if ( attr->a_nvals != attr->a_vals )
ber_memfree_x( attr->a_nvals[i].bv_val, op->o_tmpmemctx );
ber_memfree_x( attr->a_vals[i].bv_val, op->o_tmpmemctx );
attr->a_numvals--;
if ( (unsigned)i < attr->a_numvals ) {
attr->a_vals[i] = attr->a_vals[attr->a_numvals];
if ( attr->a_nvals != attr->a_vals )
attr->a_nvals[i] = attr->a_nvals[attr->a_numvals];
}
BER_BVZERO(&attr->a_vals[attr->a_numvals]);
if ( attr->a_nvals != attr->a_vals )
BER_BVZERO(&attr->a_nvals[attr->a_numvals]);
}
attr->a_flags |= SLAP_ATTR_SORTED_VALS;
}
}
}
Debug( LDAP_DEBUG_TRACE,
"%s asyncmeta_send_entry(\"%s\"): "
".\n",
op->o_log_prefix, ent.e_name.bv_val );
ldap_get_entry_controls( mc->mc_conns[target].msc_ldr,
e, &rs->sr_ctrls );
rs->sr_entry = &ent;
rs->sr_attrs = op->ors_attrs;
rs->sr_operational_attrs = NULL;
rs->sr_flags = mi->mi_targets[ target ]->mt_rep_flags;
rs->sr_err = LDAP_SUCCESS;
rc = send_search_entry( op, rs );
switch ( rc ) {
case LDAP_UNAVAILABLE:
rc = LDAP_OTHER;
break;
}
done:;
if ( rs->sr_ctrls != NULL ) {
ldap_controls_free( rs->sr_ctrls );
rs->sr_ctrls = NULL;
}
#if 0
while ( ent.e_attrs ) {
attr = ent.e_attrs;
ent.e_attrs = attr->a_next;
if ( attr->a_nvals != attr->a_vals )
ber_bvarray_free_x( attr->a_nvals, op->o_tmpmemctx );
ber_bvarray_free_x( attr->a_vals, op->o_tmpmemctx );
op->o_tmpfree( attr, op->o_tmpmemctx );
}
if (ent.e_name.bv_val != NULL) {
op->o_tmpfree( ent.e_name.bv_val, op->o_tmpmemctx );
}
if (ent.e_nname.bv_val != NULL) {
op->o_tmpfree( ent.e_nname.bv_val, op->o_tmpmemctx );
}
if (rs->sr_entry && rs->sr_entry != &ent) {
entry_free( rs->sr_entry );
}
#endif
slap_sl_release( mem_mark, op->o_tmpmemctx );
rs->sr_entry = NULL;
rs->sr_attrs = NULL;
return rc;
}
static int
ldap_back_exop_generic(
Operation *op,
SlapReply *rs,
ldapconn_t **lcp )
{
ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
ldapconn_t *lc = *lcp;
LDAPMessage *res;
ber_int_t msgid;
int rc;
int do_retry = 1;
char *text = NULL;
Debug( LDAP_DEBUG_ARGS, "==> ldap_back_exop_generic(%s, \"%s\")\n",
op->ore_reqoid.bv_val, op->o_req_dn.bv_val, 0 );
assert( lc != NULL );
assert( rs->sr_ctrls == NULL );
retry:
rc = ldap_extended_operation( lc->lc_ld,
op->ore_reqoid.bv_val, op->ore_reqdata,
op->o_ctrls, NULL, &msgid );
if ( rc == LDAP_SUCCESS ) {
/* TODO: set timeout? */
/* by now, make sure no timeout is used (ITS#6282) */
struct timeval tv = { -1, 0 };
if ( ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, &tv, &res ) == -1 ) {
ldap_get_option( lc->lc_ld, LDAP_OPT_ERROR_NUMBER, &rc );
rs->sr_err = rc;
} else {
/* only touch when activity actually took place... */
if ( li->li_idle_timeout ) {
lc->lc_time = op->o_time;
}
/* sigh. parse twice, because parse_passwd
* doesn't give us the err / match / msg info.
*/
rc = ldap_parse_result( lc->lc_ld, res, &rs->sr_err,
(char **)&rs->sr_matched,
&text,
NULL, &rs->sr_ctrls, 0 );
if ( rc == LDAP_SUCCESS ) {
if ( rs->sr_err == LDAP_SUCCESS ) {
rc = ldap_parse_extended_result( lc->lc_ld, res,
(char **)&rs->sr_rspoid, &rs->sr_rspdata, 0 );
if ( rc == LDAP_SUCCESS ) {
rs->sr_type = REP_EXTENDED;
}
} else {
rc = rs->sr_err;
}
}
ldap_msgfree( res );
}
}
if ( rc != LDAP_SUCCESS ) {
rs->sr_err = slap_map_api2result( rs );
if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
do_retry = 0;
if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
goto retry;
}
}
if ( LDAP_BACK_QUARANTINE( li ) ) {
ldap_back_quarantine( op, rs );
}
if ( text ) rs->sr_text = text;
send_ldap_extended( op, rs );
/* otherwise frontend resends result */
rc = rs->sr_err = SLAPD_ABANDON;
} else if ( LDAP_BACK_QUARANTINE( li ) ) {
ldap_back_quarantine( op, rs );
}
ldap_pvt_thread_mutex_lock( &li->li_counter_mutex );
ldap_pvt_mp_add( li->li_ops_completed[ SLAP_OP_EXTENDED ], 1 );
ldap_pvt_thread_mutex_unlock( &li->li_counter_mutex );
/* these have to be freed anyway... */
if ( rs->sr_matched ) {
free( (char *)rs->sr_matched );
rs->sr_matched = NULL;
}
if ( rs->sr_ctrls ) {
ldap_controls_free( rs->sr_ctrls );
rs->sr_ctrls = NULL;
}
if ( text ) {
free( text );
rs->sr_text = NULL;
}
/* in case, cleanup handler */
if ( lc == NULL ) {
*lcp = NULL;
}
return rc;
}
static int
_mu_ldap_bind (LDAP *ld)
{
int msgid, err, rc;
LDAPMessage *result;
LDAPControl **ctrls;
char msgbuf[256];
char *matched = NULL;
char *info = NULL;
char **refs = NULL;
static struct berval passwd;
passwd.bv_val = ldap_param.passwd;
passwd.bv_len = passwd.bv_val ? strlen (passwd.bv_val) : 0;
msgbuf[0] = 0;
rc = ldap_sasl_bind (ld, ldap_param.binddn, LDAP_SASL_SIMPLE, &passwd,
NULL, NULL, &msgid);
if (msgid == -1)
{
mu_error ("ldap_sasl_bind(SIMPLE) failed: %s", ldap_err2string (rc));
return 1;
}
if (ldap_result (ld, msgid, LDAP_MSG_ALL, NULL, &result ) == -1)
{
mu_error ("ldap_result failed");
return 1;
}
rc = ldap_parse_result (ld, result, &err, &matched, &info, &refs,
&ctrls, 1);
if (rc != LDAP_SUCCESS)
{
mu_error ("ldap_parse_result failed: %s", ldap_err2string (rc));
return 1;
}
if (ctrls)
ldap_controls_free (ctrls);
if (err != LDAP_SUCCESS
|| msgbuf[0]
|| (matched && matched[0])
|| (info && info[0])
|| refs)
{
/* FIXME: Use debug output for that */
mu_error ("ldap_bind: %s (%d)%s", ldap_err2string (err), err, msgbuf);
if (matched && *matched)
mu_error ("matched DN: %s", matched);
if (info && *info)
mu_error ("additional info: %s", info);
if (refs && *refs)
{
int i;
mu_error ("referrals:");
for (i = 0; refs[i]; i++)
mu_error ("%s", refs[i]);
}
}
if (matched)
ber_memfree (matched);
if (info)
ber_memfree (info);
if (refs)
ber_memvfree ((void **)refs);
return err == LDAP_SUCCESS ? 0 : MU_ERR_FAILURE;
}
/*
* handle the LDAP_RES_SEARCH_RESULT response
*/
static int
ldap_sync_search_result( ldap_sync_t *ls, LDAPMessage *res )
{
int err;
char *matched = NULL,
*msg = NULL;
LDAPControl **ctrls = NULL;
int rc;
int refreshDeletes = -1;
#ifdef LDAP_SYNC_TRACE
fprintf( stderr, "\tgot LDAP_RES_SEARCH_RESULT\n" );
#endif /* LDAP_SYNC_TRACE */
assert( ls != NULL );
assert( res != NULL );
/* should not happen in refreshAndPersist... */
rc = ldap_parse_result( ls->ls_ld,
res, &err, &matched, &msg, NULL, &ctrls, 0 );
#ifdef LDAP_SYNC_TRACE
fprintf( stderr,
"\tldap_parse_result(%d, \"%s\", \"%s\") == %d\n",
err,
matched ? matched : "",
msg ? msg : "",
rc );
#endif /* LDAP_SYNC_TRACE */
if ( rc == LDAP_SUCCESS ) {
rc = err;
}
ls->ls_refreshPhase = LDAP_SYNC_CAPI_DONE;
switch ( rc ) {
case LDAP_SUCCESS: {
int i;
BerElement *ber = NULL;
ber_len_t len;
struct berval cookie = { 0 };
rc = LDAP_OTHER;
/* deal with control; then fallthru to handler */
if ( ctrls == NULL ) {
goto done;
}
/* lookup the sync state control */
for ( i = 0; ctrls[ i ] != NULL; i++ ) {
if ( strcmp( ctrls[ i ]->ldctl_oid,
LDAP_CONTROL_SYNC_DONE ) == 0 )
{
break;
}
}
/* control must be present; there might be other... */
if ( ctrls[ i ] == NULL ) {
goto done;
}
/* extract data */
ber = ber_init( &ctrls[ i ]->ldctl_value );
if ( ber == NULL ) {
goto done;
}
if ( ber_scanf( ber, "{" /*"}"*/) == LBER_ERROR ) {
goto ber_done;
}
if ( ber_peek_tag( ber, &len ) == LDAP_TAG_SYNC_COOKIE ) {
if ( ber_scanf( ber, "m", &cookie ) == LBER_ERROR ) {
goto ber_done;
}
if ( cookie.bv_val != NULL ) {
ber_bvreplace( &ls->ls_cookie, &cookie );
}
#ifdef LDAP_SYNC_TRACE
fprintf( stderr, "\t\tgot cookie=%s\n",
cookie.bv_val ? cookie.bv_val : "(null)" );
#endif /* LDAP_SYNC_TRACE */
}
refreshDeletes = 0;
if ( ber_peek_tag( ber, &len ) == LDAP_TAG_REFRESHDELETES ) {
if ( ber_scanf( ber, "b", &refreshDeletes ) == LBER_ERROR ) {
goto ber_done;
}
if ( refreshDeletes ) {
refreshDeletes = 1;
}
}
if ( ber_scanf( ber, /*"{"*/ "}" ) != LBER_ERROR ) {
rc = LDAP_SUCCESS;
}
ber_done:;
ber_free( ber, 1 );
if ( rc != LDAP_SUCCESS ) {
break;
}
#ifdef LDAP_SYNC_TRACE
fprintf( stderr, "\t\tgot refreshDeletes=%s\n",
refreshDeletes ? "TRUE" : "FALSE" );
#endif /* LDAP_SYNC_TRACE */
/* FIXME: what should we do with the refreshDelete? */
switch ( refreshDeletes ) {
case 0:
ls->ls_refreshPhase = LDAP_SYNC_CAPI_PRESENTS;
break;
default:
ls->ls_refreshPhase = LDAP_SYNC_CAPI_DELETES;
break;
}
} /* fallthru */
case LDAP_SYNC_REFRESH_REQUIRED:
/* TODO: check for Sync Done Control */
/* FIXME: perhaps the handler should be called
* also in case of failure; we'll deal with this
* later when implementing refreshOnly */
if ( ls->ls_search_result ) {
err = ls->ls_search_result( ls, res, refreshDeletes );
}
break;
}
done:;
if ( matched != NULL ) {
ldap_memfree( matched );
}
if ( msg != NULL ) {
ldap_memfree( msg );
}
if ( ctrls != NULL ) {
ldap_controls_free( ctrls );
}
ls->ls_refreshPhase = LDAP_SYNC_CAPI_DONE;
return rc;
}
static int process_response(
LDAP *ld,
int msgid,
int op,
const char *dn )
{
LDAPMessage *res;
int rc = LDAP_OTHER, msgtype;
struct timeval tv = { 0, 0 };
int err;
char *text = NULL, *matched = NULL, **refs = NULL;
LDAPControl **ctrls = NULL;
for ( ; ; ) {
tv.tv_sec = 0;
tv.tv_usec = 100000;
rc = ldap_result( ld, msgid, LDAP_MSG_ALL, &tv, &res );
if ( tool_check_abandon( ld, msgid ) ) {
return LDAP_CANCELLED;
}
if ( rc == -1 ) {
ldap_get_option( ld, LDAP_OPT_RESULT_CODE, &rc );
tool_perror( "ldap_result", rc, NULL, NULL, NULL, NULL );
return rc;
}
if ( rc != 0 ) {
break;
}
}
msgtype = ldap_msgtype( res );
rc = ldap_parse_result( ld, res, &err, &matched, &text, &refs, &ctrls, 1 );
if ( rc == LDAP_SUCCESS ) rc = err;
#ifdef LDAP_X_TXN
if ( rc == LDAP_X_TXN_SPECIFY_OKAY ) {
rc = LDAP_SUCCESS;
} else
#endif
if ( rc != LDAP_SUCCESS ) {
tool_perror( res2str( op ), rc, NULL, matched, text, refs );
} else if ( msgtype != op ) {
fprintf( stderr, "%s: msgtype: expected %d got %d\n",
res2str( op ), op, msgtype );
rc = LDAP_OTHER;
}
if ( text ) ldap_memfree( text );
if ( matched ) ldap_memfree( matched );
if ( text ) ber_memvfree( (void **)refs );
if ( ctrls ) {
tool_print_ctrls( ld, ctrls );
ldap_controls_free( ctrls );
}
return rc;
}
static int
vc_exop(
Operation *op,
SlapReply *rs )
{
int rc = LDAP_SUCCESS;
ber_tag_t tag;
ber_len_t len = -1;
BerElementBuffer berbuf;
BerElement *ber = (BerElement *)&berbuf;
struct berval reqdata = BER_BVNULL;
struct berval cookie = BER_BVNULL;
struct berval bdn = BER_BVNULL;
ber_tag_t authtag;
struct berval cred = BER_BVNULL;
struct berval ndn = BER_BVNULL;
struct berval mechanism = BER_BVNULL;
vc_conn_t *conn = NULL;
vc_cb_t vc = { 0 };
slap_callback sc = { 0 };
SlapReply rs2 = { 0 };
if ( op->ore_reqdata == NULL || op->ore_reqdata->bv_len == 0 ) {
rs->sr_text = "empty request data field in VerifyCredentials exop";
return LDAP_PROTOCOL_ERROR;
}
/* optimistic */
rs->sr_err = LDAP_SUCCESS;
ber_dupbv_x( &reqdata, op->ore_reqdata, op->o_tmpmemctx );
/* ber_init2 uses reqdata directly, doesn't allocate new buffers */
ber_init2( ber, &reqdata, 0 );
tag = ber_scanf( ber, "{" /*}*/ );
if ( tag != LBER_SEQUENCE ) {
rs->sr_err = LDAP_PROTOCOL_ERROR;
goto done;
}
tag = ber_peek_tag( ber, &len );
if ( tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE ) {
/*
* cookie: the pointer to the connection
* of this operation
*/
ber_scanf( ber, "m", &cookie );
if ( cookie.bv_len != sizeof(Connection *) ) {
rs->sr_err = LDAP_PROTOCOL_ERROR;
goto done;
}
}
/* DN, authtag */
tag = ber_scanf( ber, "mt", &bdn, &authtag );
if ( tag == LBER_ERROR ) {
rs->sr_err = LDAP_PROTOCOL_ERROR;
goto done;
}
rc = dnNormalize( 0, NULL, NULL, &bdn, &ndn, op->o_tmpmemctx );
if ( rc != LDAP_SUCCESS ) {
rs->sr_err = LDAP_PROTOCOL_ERROR;
goto done;
}
switch ( authtag ) {
case LDAP_AUTH_SIMPLE:
/* cookie only makes sense for SASL bind (so far) */
if ( !BER_BVISNULL( &cookie ) ) {
rs->sr_err = LDAP_PROTOCOL_ERROR;
goto done;
}
tag = ber_scanf( ber, "m", &cred );
if ( tag == LBER_ERROR ) {
rs->sr_err = LDAP_PROTOCOL_ERROR;
goto done;
}
break;
case LDAP_AUTH_SASL:
tag = ber_scanf( ber, "{s" /*}*/ , &mechanism );
if ( tag == LBER_ERROR ||
BER_BVISNULL( &mechanism ) || BER_BVISEMPTY( &mechanism ) )
{
rs->sr_err = LDAP_PROTOCOL_ERROR;
goto done;
}
tag = ber_peek_tag( ber, &len );
if ( tag == LBER_OCTETSTRING ) {
ber_scanf( ber, "m", &cred );
}
tag = ber_scanf( ber, /*{*/ "}" );
break;
default:
rs->sr_err = LDAP_PROTOCOL_ERROR;
goto done;
}
if ( !BER_BVISNULL( &cookie ) ) {
vc_conn_t tmp = { 0 };
AC_MEMCPY( (char *)&tmp.conn, (const char *)cookie.bv_val, cookie.bv_len );
ldap_pvt_thread_mutex_lock( &vc_mutex );
conn = (vc_conn_t *)avl_find( vc_tree, (caddr_t)&tmp, vc_conn_cmp );
if ( conn == NULL || ( conn != NULL && conn->refcnt != 0 ) ) {
conn = NULL;
ldap_pvt_thread_mutex_unlock( &vc_mutex );
rs->sr_err = LDAP_PROTOCOL_ERROR;
goto done;
}
conn->refcnt++;
ldap_pvt_thread_mutex_unlock( &vc_mutex );
} else {
void *thrctx;
conn = (vc_conn_t *)SLAP_CALLOC( 1, sizeof( vc_conn_t ) );
conn->refcnt = 1;
thrctx = ldap_pvt_thread_pool_context();
connection_fake_init2( &conn->connbuf, &conn->opbuf, thrctx, 0 );
conn->op = &conn->opbuf.ob_op;
snprintf( conn->op->o_log_prefix, sizeof( conn->op->o_log_prefix ),
"%s VERIFYCREDENTIALS", op->o_log_prefix );
}
conn->op->o_tag = LDAP_REQ_BIND;
memset( &conn->op->oq_bind, 0, sizeof( conn->op->oq_bind ) );
conn->op->o_req_dn = ndn;
conn->op->o_req_ndn = ndn;
conn->op->o_protocol = LDAP_VERSION3;
conn->op->orb_method = authtag;
conn->op->o_callback = ≻
/* TODO: controls */
tag = ber_peek_tag( ber, &len );
if ( tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_CONTROLS ) {
conn->op->o_ber = ber;
rc = get_ctrls2( conn->op, &rs2, 0, LDAP_TAG_EXOP_VERIFY_CREDENTIALS_CONTROLS );
if ( rc != LDAP_SUCCESS ) {
rs->sr_err = LDAP_PROTOCOL_ERROR;
goto done;
}
}
tag = ber_skip_tag( ber, &len );
if ( len || tag != LBER_DEFAULT ) {
rs->sr_err = LDAP_PROTOCOL_ERROR;
goto done;
}
switch ( authtag ) {
case LDAP_AUTH_SIMPLE:
break;
case LDAP_AUTH_SASL:
conn->op->orb_mech = mechanism;
break;
}
conn->op->orb_cred = cred;
sc.sc_response = vc_cb;
sc.sc_private = &vc;
conn->op->o_bd = frontendDB;
rs->sr_err = frontendDB->be_bind( conn->op, &rs2 );
if ( conn->op->o_conn->c_sasl_bind_in_progress ) {
rc = vc_create_response( conn, rs2.sr_err, rs2.sr_text,
!BER_BVISEMPTY( &vc.sasldata ) ? &vc.sasldata : NULL,
NULL,
vc.ctrls, &rs->sr_rspdata );
} else {
rc = vc_create_response( NULL, rs2.sr_err, rs2.sr_text,
NULL,
&conn->op->o_conn->c_dn,
vc.ctrls, &rs->sr_rspdata );
}
if ( rc != 0 ) {
rs->sr_err = LDAP_OTHER;
goto done;
}
if ( !BER_BVISNULL( &conn->op->o_conn->c_dn ) &&
conn->op->o_conn->c_dn.bv_val != conn->op->o_conn->c_ndn.bv_val )
ber_memfree( conn->op->o_conn->c_dn.bv_val );
if ( !BER_BVISNULL( &conn->op->o_conn->c_ndn ) )
ber_memfree( conn->op->o_conn->c_ndn.bv_val );
done:;
if ( conn ) {
if ( conn->op->o_conn->c_sasl_bind_in_progress ) {
if ( conn->conn == NULL ) {
conn->conn = conn;
conn->refcnt--;
ldap_pvt_thread_mutex_lock( &vc_mutex );
rc = avl_insert( &vc_tree, (caddr_t)conn,
vc_conn_cmp, vc_conn_dup );
ldap_pvt_thread_mutex_unlock( &vc_mutex );
assert( rc == 0 );
} else {
ldap_pvt_thread_mutex_lock( &vc_mutex );
conn->refcnt--;
ldap_pvt_thread_mutex_unlock( &vc_mutex );
}
} else {
if ( conn->conn != NULL ) {
vc_conn_t *tmp;
ldap_pvt_thread_mutex_lock( &vc_mutex );
tmp = avl_delete( &vc_tree, (caddr_t)conn, vc_conn_cmp );
ldap_pvt_thread_mutex_unlock( &vc_mutex );
}
SLAP_FREE( conn );
}
}
if ( vc.ctrls ) {
ldap_controls_free( vc.ctrls );
vc.ctrls = NULL;
}
if ( !BER_BVISNULL( &ndn ) ) {
op->o_tmpfree( ndn.bv_val, op->o_tmpmemctx );
BER_BVZERO( &ndn );
}
op->o_tmpfree( reqdata.bv_val, op->o_tmpmemctx );
BER_BVZERO( &reqdata );
return rs->sr_err;
}
int
ldap_ld_free(
LDAP *ld,
int close,
LDAPControl **sctrls,
LDAPControl **cctrls )
{
LDAPMessage *lm, *next;
int err = LDAP_SUCCESS;
LDAP_MUTEX_LOCK( &ld->ld_ldcmutex );
/* Someone else is still using this ld. */
if (ld->ld_ldcrefcnt > 1) { /* but not last thread */
/* clean up self only */
ld->ld_ldcrefcnt--;
if ( ld->ld_error != NULL ) {
LDAP_FREE( ld->ld_error );
ld->ld_error = NULL;
}
if ( ld->ld_matched != NULL ) {
LDAP_FREE( ld->ld_matched );
ld->ld_matched = NULL;
}
if ( ld->ld_referrals != NULL) {
LDAP_VFREE(ld->ld_referrals);
ld->ld_referrals = NULL;
}
LDAP_MUTEX_UNLOCK( &ld->ld_ldcmutex );
LDAP_FREE( (char *) ld );
return( err );
}
/* This ld is the last thread. */
/* free LDAP structure and outstanding requests/responses */
LDAP_MUTEX_LOCK( &ld->ld_req_mutex );
while ( ld->ld_requests != NULL ) {
ldap_free_request( ld, ld->ld_requests );
}
LDAP_MUTEX_UNLOCK( &ld->ld_req_mutex );
LDAP_MUTEX_LOCK( &ld->ld_conn_mutex );
/* free and unbind from all open connections */
while ( ld->ld_conns != NULL ) {
ldap_free_connection( ld, ld->ld_conns, 1, close );
}
LDAP_MUTEX_UNLOCK( &ld->ld_conn_mutex );
LDAP_MUTEX_LOCK( &ld->ld_res_mutex );
for ( lm = ld->ld_responses; lm != NULL; lm = next ) {
next = lm->lm_next;
ldap_msgfree( lm );
}
if ( ld->ld_abandoned != NULL ) {
LDAP_FREE( ld->ld_abandoned );
ld->ld_abandoned = NULL;
}
LDAP_MUTEX_UNLOCK( &ld->ld_res_mutex );
LDAP_MUTEX_LOCK( &ld->ld_ldopts_mutex );
/* final close callbacks */
{
ldaplist *ll, *next;
for ( ll = ld->ld_options.ldo_conn_cbs; ll; ll = next ) {
ldap_conncb *cb = ll->ll_data;
next = ll->ll_next;
cb->lc_del( ld, NULL, cb );
LDAP_FREE( ll );
}
}
if ( ld->ld_error != NULL ) {
LDAP_FREE( ld->ld_error );
ld->ld_error = NULL;
}
if ( ld->ld_matched != NULL ) {
LDAP_FREE( ld->ld_matched );
ld->ld_matched = NULL;
}
if ( ld->ld_referrals != NULL) {
LDAP_VFREE(ld->ld_referrals);
ld->ld_referrals = NULL;
}
if ( ld->ld_selectinfo != NULL ) {
ldap_free_select_info( ld->ld_selectinfo );
ld->ld_selectinfo = NULL;
}
if ( ld->ld_options.ldo_defludp != NULL ) {
ldap_free_urllist( ld->ld_options.ldo_defludp );
ld->ld_options.ldo_defludp = NULL;
}
#ifdef LDAP_CONNECTIONLESS
if ( ld->ld_options.ldo_peer != NULL ) {
LDAP_FREE( ld->ld_options.ldo_peer );
ld->ld_options.ldo_peer = NULL;
}
if ( ld->ld_options.ldo_cldapdn != NULL ) {
LDAP_FREE( ld->ld_options.ldo_cldapdn );
ld->ld_options.ldo_cldapdn = NULL;
}
#endif
#ifdef HAVE_CYRUS_SASL
if ( ld->ld_options.ldo_def_sasl_mech != NULL ) {
LDAP_FREE( ld->ld_options.ldo_def_sasl_mech );
ld->ld_options.ldo_def_sasl_mech = NULL;
}
if ( ld->ld_options.ldo_def_sasl_realm != NULL ) {
LDAP_FREE( ld->ld_options.ldo_def_sasl_realm );
ld->ld_options.ldo_def_sasl_realm = NULL;
}
if ( ld->ld_options.ldo_def_sasl_authcid != NULL ) {
LDAP_FREE( ld->ld_options.ldo_def_sasl_authcid );
ld->ld_options.ldo_def_sasl_authcid = NULL;
}
if ( ld->ld_options.ldo_def_sasl_authzid != NULL ) {
LDAP_FREE( ld->ld_options.ldo_def_sasl_authzid );
ld->ld_options.ldo_def_sasl_authzid = NULL;
}
#endif
#ifdef HAVE_TLS
ldap_int_tls_destroy( &ld->ld_options );
#endif
if ( ld->ld_options.ldo_sctrls != NULL ) {
ldap_controls_free( ld->ld_options.ldo_sctrls );
ld->ld_options.ldo_sctrls = NULL;
}
if ( ld->ld_options.ldo_cctrls != NULL ) {
ldap_controls_free( ld->ld_options.ldo_cctrls );
ld->ld_options.ldo_cctrls = NULL;
}
LDAP_MUTEX_UNLOCK( &ld->ld_ldopts_mutex );
ber_sockbuf_free( ld->ld_sb );
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_destroy( &ld->ld_msgid_mutex );
ldap_pvt_thread_mutex_destroy( &ld->ld_conn_mutex );
ldap_pvt_thread_mutex_destroy( &ld->ld_req_mutex );
ldap_pvt_thread_mutex_destroy( &ld->ld_res_mutex );
ldap_pvt_thread_mutex_destroy( &ld->ld_abandon_mutex );
ldap_pvt_thread_mutex_destroy( &ld->ld_ldopts_mutex );
ldap_pvt_thread_mutex_unlock( &ld->ld_ldcmutex );
ldap_pvt_thread_mutex_destroy( &ld->ld_ldcmutex );
#endif
#ifndef NDEBUG
LDAP_TRASH(ld);
#endif
LDAP_FREE( (char *) ld->ldc );
LDAP_FREE( (char *) ld );
return( err );
}
int
asyncmeta_handle_search_msg(LDAPMessage *res, a_metaconn_t *mc, bm_context_t *bc, int candidate)
{
a_metainfo_t *mi;
a_metatarget_t *mt;
a_metasingleconn_t *msc;
Operation *op = bc->op;
SlapReply *rs;
int i, rc = LDAP_SUCCESS, sres;
SlapReply *candidates;
char **references = NULL;
LDAPControl **ctrls = NULL;
a_dncookie dc;
LDAPMessage *msg;
ber_int_t id;
rs = &bc->rs;
mi = mc->mc_info;
mt = mi->mi_targets[ candidate ];
msc = &mc->mc_conns[ candidate ];
dc.op = op;
dc.target = mt;
dc.to_from = MASSAGE_REP;
id = ldap_msgid(res);
candidates = bc->candidates;
i = candidate;
while (res && !META_BACK_CONN_INVALID(msc)) {
for (msg = ldap_first_message(msc->msc_ldr, res); msg; msg = ldap_next_message(msc->msc_ldr, msg)) {
switch(ldap_msgtype(msg)) {
case LDAP_RES_SEARCH_ENTRY:
Debug( LDAP_DEBUG_TRACE,
"%s asyncmeta_handle_search_msg: msc %p entry\n",
op->o_log_prefix, msc );
if ( candidates[ i ].sr_type == REP_INTERMEDIATE ) {
/* don't retry any more... */
candidates[ i ].sr_type = REP_RESULT;
}
/* count entries returned by target */
candidates[ i ].sr_nentries++;
if (bc->c_peer_name.bv_val == op->o_conn->c_peer_name.bv_val && !op->o_abandon) {
rs->sr_err = asyncmeta_send_entry( &bc->copy_op, rs, mc, i, msg );
} else {
goto err_cleanup;
}
switch ( rs->sr_err ) {
case LDAP_SIZELIMIT_EXCEEDED:
asyncmeta_send_ldap_result(bc, op, rs);
rs->sr_err = LDAP_SUCCESS;
goto err_cleanup;
case LDAP_UNAVAILABLE:
rs->sr_err = LDAP_OTHER;
break;
default:
break;
}
bc->is_ok++;
break;
case LDAP_RES_SEARCH_REFERENCE:
if ( META_BACK_TGT_NOREFS( mt ) ) {
rs->sr_err = LDAP_OTHER;
asyncmeta_send_ldap_result(bc, op, rs);
goto err_cleanup;
}
if ( candidates[ i ].sr_type == REP_INTERMEDIATE ) {
/* don't retry any more... */
candidates[ i ].sr_type = REP_RESULT;
}
bc->is_ok++;
rc = ldap_parse_reference( msc->msc_ldr, msg,
&references, &rs->sr_ctrls, 0 );
if ( rc != LDAP_SUCCESS || references == NULL ) {
rs->sr_err = LDAP_OTHER;
asyncmeta_send_ldap_result(bc, op, rs);
goto err_cleanup;
}
/* FIXME: merge all and return at the end */
{
int cnt;
for ( cnt = 0; references[ cnt ]; cnt++ )
;
rs->sr_ref = ber_memalloc_x( sizeof( struct berval ) * ( cnt + 1 ),
op->o_tmpmemctx );
for ( cnt = 0; references[ cnt ]; cnt++ ) {
ber_str2bv_x( references[ cnt ], 0, 1, &rs->sr_ref[ cnt ],
op->o_tmpmemctx );
}
BER_BVZERO( &rs->sr_ref[ cnt ] );
}
{
dc.memctx = op->o_tmpmemctx;
( void )asyncmeta_referral_result_rewrite( &dc, rs->sr_ref );
}
if ( rs->sr_ref != NULL ) {
if (!BER_BVISNULL( &rs->sr_ref[ 0 ] ) ) {
/* ignore return value by now */
( void )send_search_reference( op, rs );
}
ber_bvarray_free_x( rs->sr_ref, op->o_tmpmemctx );
rs->sr_ref = NULL;
}
/* cleanup */
if ( references ) {
ber_memvfree( (void **)references );
}
if ( rs->sr_ctrls ) {
ldap_controls_free( rs->sr_ctrls );
rs->sr_ctrls = NULL;
}
break;
case LDAP_RES_INTERMEDIATE:
if ( candidates[ i ].sr_type == REP_INTERMEDIATE ) {
/* don't retry any more... */
candidates[ i ].sr_type = REP_RESULT;
}
bc->is_ok++;
/* FIXME: response controls
* are passed without checks */
rs->sr_err = ldap_parse_intermediate( msc->msc_ldr,
msg,
(char **)&rs->sr_rspoid,
&rs->sr_rspdata,
&rs->sr_ctrls,
0 );
if ( rs->sr_err != LDAP_SUCCESS ) {
candidates[ i ].sr_type = REP_RESULT;
rs->sr_err = LDAP_OTHER;
asyncmeta_send_ldap_result(bc, op, rs);
goto err_cleanup;
}
slap_send_ldap_intermediate( op, rs );
if ( rs->sr_rspoid != NULL ) {
ber_memfree( (char *)rs->sr_rspoid );
rs->sr_rspoid = NULL;
}
if ( rs->sr_rspdata != NULL ) {
ber_bvfree( rs->sr_rspdata );
rs->sr_rspdata = NULL;
}
if ( rs->sr_ctrls != NULL ) {
ldap_controls_free( rs->sr_ctrls );
rs->sr_ctrls = NULL;
}
break;
case LDAP_RES_SEARCH_RESULT:
if ( mi->mi_idle_timeout != 0 ) {
asyncmeta_set_msc_time(msc);
}
Debug( LDAP_DEBUG_TRACE,
"%s asyncmeta_handle_search_msg: msc %p result\n",
op->o_log_prefix, msc );
candidates[ i ].sr_type = REP_RESULT;
candidates[ i ].sr_msgid = META_MSGID_IGNORE;
/* NOTE: ignores response controls
* (and intermediate response controls
* as well, except for those with search
* references); this may not be correct,
* but if they're not ignored then
* back-meta would need to merge them
* consistently (think of pagedResults...)
*/
/* FIXME: response controls? */
rs->sr_err = ldap_parse_result( msc->msc_ldr,
msg,
&candidates[ i ].sr_err,
(char **)&candidates[ i ].sr_matched,
(char **)&candidates[ i ].sr_text,
&references,
&ctrls /* &candidates[ i ].sr_ctrls (unused) */ ,
0 );
if ( rs->sr_err != LDAP_SUCCESS ) {
candidates[ i ].sr_err = rs->sr_err;
sres = slap_map_api2result( &candidates[ i ] );
candidates[ i ].sr_type = REP_RESULT;
goto finish;
}
rs->sr_err = candidates[ i ].sr_err;
/* massage matchedDN if need be */
if ( candidates[ i ].sr_matched != NULL ) {
struct berval match, mmatch;
ber_str2bv( candidates[ i ].sr_matched,
0, 0, &match );
candidates[ i ].sr_matched = NULL;
dc.memctx = NULL;
asyncmeta_dn_massage( &dc, &match, &mmatch );
if ( mmatch.bv_val == match.bv_val ) {
candidates[ i ].sr_matched
= ch_strdup( mmatch.bv_val );
} else {
candidates[ i ].sr_matched = mmatch.bv_val;
}
bc->candidate_match++;
ldap_memfree( match.bv_val );
}
/* add references to array */
/* RFC 4511: referrals can only appear
* if result code is LDAP_REFERRAL */
if ( references != NULL
&& references[ 0 ] != NULL
&& references[ 0 ][ 0 ] != '\0' )
{
if ( rs->sr_err != LDAP_REFERRAL ) {
Debug( LDAP_DEBUG_ANY,
"%s asncmeta_search_result[%d]: "
"got referrals with err=%d\n",
op->o_log_prefix,
i, rs->sr_err );
} else {
BerVarray sr_ref;
int cnt;
for ( cnt = 0; references[ cnt ]; cnt++ )
;
sr_ref = ber_memalloc_x( sizeof( struct berval ) * ( cnt + 1 ),
op->o_tmpmemctx );
for ( cnt = 0; references[ cnt ]; cnt++ ) {
ber_str2bv_x( references[ cnt ], 0, 1, &sr_ref[ cnt ],
op->o_tmpmemctx );
}
BER_BVZERO( &sr_ref[ cnt ] );
dc.memctx = op->o_tmpmemctx;
( void )asyncmeta_referral_result_rewrite( &dc, sr_ref );
if ( rs->sr_v2ref == NULL ) {
rs->sr_v2ref = sr_ref;
} else {
for ( cnt = 0; !BER_BVISNULL( &sr_ref[ cnt ] ); cnt++ ) {
ber_bvarray_add_x( &rs->sr_v2ref, &sr_ref[ cnt ],
op->o_tmpmemctx );
}
ber_memfree_x( sr_ref, op->o_tmpmemctx );
}
}
} else if ( rs->sr_err == LDAP_REFERRAL ) {
Debug( LDAP_DEBUG_TRACE,
"%s asyncmeta_search_result[%d]: "
"got err=%d with null "
"or empty referrals\n",
op->o_log_prefix,
i, rs->sr_err );
rs->sr_err = LDAP_NO_SUCH_OBJECT;
}
/* cleanup */
ber_memvfree( (void **)references );
sres = slap_map_api2result( rs );
if ( candidates[ i ].sr_err == LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, "%s asyncmeta_search_result[%d] "
"match=\"%s\" err=%ld",
op->o_log_prefix, i,
candidates[ i ].sr_matched ? candidates[ i ].sr_matched : "",
(long) candidates[ i ].sr_err );
} else {
Debug( LDAP_DEBUG_ANY, "%s asyncmeta_search_result[%d] "
"match=\"%s\" err=%ld (%s)",
op->o_log_prefix, i,
candidates[ i ].sr_matched ? candidates[ i ].sr_matched : "",
(long) candidates[ i ].sr_err, ldap_err2string( candidates[ i ].sr_err ) );
}
switch ( sres ) {
case LDAP_NO_SUCH_OBJECT:
/* is_ok is touched any time a valid
* (even intermediate) result is
* returned; as a consequence, if
* a candidate returns noSuchObject
* it is ignored and the candidate
* is simply demoted. */
if ( bc->is_ok ) {
sres = LDAP_SUCCESS;
}
break;
case LDAP_SUCCESS:
if ( ctrls != NULL && ctrls[0] != NULL ) {
#ifdef SLAPD_META_CLIENT_PR
LDAPControl *pr_c;
pr_c = ldap_control_find( LDAP_CONTROL_PAGEDRESULTS, ctrls, NULL );
if ( pr_c != NULL ) {
BerElementBuffer berbuf;
BerElement *ber = (BerElement *)&berbuf;
ber_tag_t tag;
ber_int_t prsize;
struct berval prcookie;
/* unsolicited, do not accept */
if ( mt->mt_ps == 0 ) {
rs->sr_err = LDAP_OTHER;
goto err_pr;
}
ber_init2( ber, &pr_c->ldctl_value, LBER_USE_DER );
tag = ber_scanf( ber, "{im}", &prsize, &prcookie );
if ( tag == LBER_ERROR ) {
rs->sr_err = LDAP_OTHER;
goto err_pr;
}
/* more pages? new search request */
if ( !BER_BVISNULL( &prcookie ) && !BER_BVISEMPTY( &prcookie ) ) {
if ( mt->mt_ps > 0 ) {
/* ignore size if specified */
prsize = 0;
} else if ( prsize == 0 ) {
/* guess the page size from the entries returned so far */
prsize = candidates[ i ].sr_nentries;
}
candidates[ i ].sr_nentries = 0;
candidates[ i ].sr_msgid = META_MSGID_IGNORE;
candidates[ i ].sr_type = REP_INTERMEDIATE;
assert( candidates[ i ].sr_matched == NULL );
assert( candidates[ i ].sr_text == NULL );
assert( candidates[ i ].sr_ref == NULL );
switch ( asyncmeta_back_search_start( &bc->copy_op, rs, mc, bc, i, &prcookie, prsize, 1 ) )
{
case META_SEARCH_CANDIDATE:
assert( candidates[ i ].sr_msgid >= 0 );
ldap_controls_free( ctrls );
// goto free_message;
case META_SEARCH_ERR:
case META_SEARCH_NEED_BIND:
err_pr:;
candidates[ i ].sr_err = rs->sr_err;
candidates[ i ].sr_type = REP_RESULT;
if ( META_BACK_ONERR_STOP( mi ) ) {
asyncmeta_send_ldap_result(bc, op, rs);
ldap_controls_free( ctrls );
goto err_cleanup;
}
/* fallthru */
case META_SEARCH_NOT_CANDIDATE:
/* means that asyncmeta_back_search_start()
* failed but onerr == continue */
candidates[ i ].sr_msgid = META_MSGID_IGNORE;
candidates[ i ].sr_type = REP_RESULT;
break;
default:
/* impossible */
assert( 0 );
break;
}
break;
}
}
#endif /* SLAPD_META_CLIENT_PR */
ldap_controls_free( ctrls );
}
/* fallthru */
case LDAP_REFERRAL:
bc->is_ok++;
break;
case LDAP_SIZELIMIT_EXCEEDED:
/* if a target returned sizelimitExceeded
* and the entry count is equal to the
* proxy's limit, the target would have
* returned more, and the error must be
* propagated to the client; otherwise,
* the target enforced a limit lower
* than what requested by the proxy;
* ignore it */
candidates[ i ].sr_err = rs->sr_err;
if ( rs->sr_nentries == op->ors_slimit
|| META_BACK_ONERR_STOP( mi ) )
{
const char *save_text;
got_err:
save_text = rs->sr_text;
rs->sr_text = candidates[ i ].sr_text;
asyncmeta_send_ldap_result(bc, op, rs);
if (candidates[ i ].sr_text != NULL) {
ch_free( (char *)candidates[ i ].sr_text );
candidates[ i ].sr_text = NULL;
}
rs->sr_text = save_text;
ldap_controls_free( ctrls );
goto err_cleanup;
}
break;
default:
candidates[ i ].sr_err = rs->sr_err;
if ( META_BACK_ONERR_STOP( mi ) ) {
goto got_err;
}
break;
}
/* if this is the last result we will ever receive, send it back */
rc = rs->sr_err;
if (asyncmeta_is_last_result(mc, bc, i) == 0) {
Debug( LDAP_DEBUG_TRACE,
"%s asyncmeta_handle_search_msg: msc %p last result\n",
op->o_log_prefix, msc );
asyncmeta_search_last_result(mc, bc, i, sres);
err_cleanup:
rc = rs->sr_err;
ldap_pvt_thread_mutex_lock( &mc->mc_om_mutex );
asyncmeta_drop_bc( mc, bc);
asyncmeta_clear_bm_context(bc);
ldap_pvt_thread_mutex_unlock( &mc->mc_om_mutex );
ldap_msgfree(res);
return rc;
}
finish:
break;
default:
continue;
}
}
ldap_msgfree(res);
res = NULL;
if (candidates[ i ].sr_type != REP_RESULT) {
struct timeval tv = {0};
rc = ldap_result( msc->msc_ldr, id, LDAP_MSG_RECEIVED, &tv, &res );
if (res != NULL) {
msc->msc_result_time = slap_get_time();
}
}
}
ldap_pvt_thread_mutex_lock( &mc->mc_om_mutex );
bc->bc_active--;
ldap_pvt_thread_mutex_unlock( &mc->mc_om_mutex );
return rc;
}
