/** * \brief Calculates the smallest rectangle that will encompass the logo region. * * \param filter This image contains the logo around which the rectangle will * will be fitted. * * The bounding rectangle is calculated by testing successive lines (from the four * sides of the rectangle) until no more can be removed without removing logo * pixels. The results are returned by reference to posx1, posy1, posx2, and * posy2. */ static void calculate_bounding_rectangle(int * posx1, int * posy1, int * posx2, int * posy2, pgm_structure * filter) { int x; /* Temporary variables to run */ int y; /* through each row or column. */ int start_x; int start_y; int end_x = filter->width - 1; int end_y = filter->height - 1; int did_we_find_a_logo_pixel = 0; /* Let's find the top bound first. */ for (start_x = 0; start_x < filter->width && !did_we_find_a_logo_pixel; start_x++) { for (y = 0; y < filter->height; y++) { did_we_find_a_logo_pixel |= test_filter(filter, start_x, y); } } start_x--; /* Now the bottom bound. */ did_we_find_a_logo_pixel = 0; for (end_x = filter->width - 1; end_x > start_x && !did_we_find_a_logo_pixel; end_x--) { for (y = 0; y < filter->height; y++) { did_we_find_a_logo_pixel |= test_filter(filter, end_x, y); } } end_x++; /* Left bound. */ did_we_find_a_logo_pixel = 0; for (start_y = 0; start_y < filter->height && !did_we_find_a_logo_pixel; start_y++) { for (x = 0; x < filter->width; x++) { did_we_find_a_logo_pixel |= test_filter(filter, x, start_y); } } start_y--; /* Right bound. */ did_we_find_a_logo_pixel = 0; for (end_y = filter->height - 1; end_y > start_y && !did_we_find_a_logo_pixel; end_y--) { for (x = 0; x < filter->width; x++) { did_we_find_a_logo_pixel |= test_filter(filter, x, end_y); } } end_y++; *posx1 = start_x; *posy1 = start_y; *posx2 = end_x; *posy2 = end_y; return; }
ifilter_iterator<Operator, List0>::ifilter_iterator(Operator _op, List0 &_seq) : op(_op), iter(_seq.begin()), iter_end(_seq.end()) { if (!test_filter(std::is_same<types::none_type, Operator>())) next_value(); }
int main (int argc, char **argv) { int i; camel_test_init(argc, argv); camel_test_start("HTML Stream filtering"); for (i=0;i<100;i++) { char inname[32], outname[32]; CamelMimeFilter *f; struct stat st; sprintf(inname, "data/html.%d.in", i); sprintf(outname, "data/html.%d.out", i); if (stat(inname, &st) == -1) break; f = camel_mime_filter_tohtml_new(CAMEL_MIME_FILTER_TOHTML_CONVERT_URLS, 0); test_filter(f, inname, outname); check_unref(f, 1); } camel_test_end(); return 0; }
int slap_compare_entry( Operation *op, Entry *e, AttributeAssertion *ava ) { int rc = LDAP_COMPARE_FALSE; Attribute *a; if ( ! access_allowed( op, e, ava->aa_desc, &ava->aa_value, ACL_COMPARE, NULL ) ) { rc = LDAP_INSUFFICIENT_ACCESS; goto done; } if ( get_assert( op ) && ( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE )) { rc = LDAP_ASSERTION_FAILED; goto done; } a = attrs_find( e->e_attrs, ava->aa_desc ); if( a == NULL ) { rc = LDAP_NO_SUCH_ATTRIBUTE; goto done; } for(; a != NULL; a = attrs_find( a->a_next, ava->aa_desc )) { if (( ava->aa_desc != a->a_desc ) && ! access_allowed( op, e, a->a_desc, &ava->aa_value, ACL_COMPARE, NULL ) ) { rc = LDAP_INSUFFICIENT_ACCESS; break; } if ( attr_valfind( a, SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH | SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH, &ava->aa_value, NULL, op->o_tmpmemctx ) == 0 ) { rc = LDAP_COMPARE_TRUE; break; } } done: if( rc != LDAP_COMPARE_TRUE && rc != LDAP_COMPARE_FALSE ) { if ( ! access_allowed( op, e, slap_schema.si_ad_entry, NULL, ACL_DISCLOSE, NULL ) ) { rc = LDAP_NO_SUCH_OBJECT; } } return rc; }
void ifilter_iterator<Operator, List0>::next_value() { while (++iter != iter_end) { if (test_filter(std::is_same<types::none_type, Operator>())) return; } }
static void pwdfile_search( struct ldop *op, FILE *ofp ) { struct passwd *pw; struct ldentry *entry; int oneentry; oneentry = ( strchr( op->ldop_dn, '@' ) != NULL ); for ( pw = getpwent(); pw != NULL; pw = getpwent()) { if (( entry = pw2entry( op, pw )) != NULL ) { if ( oneentry ) { if ( strcasecmp( op->ldop_dn, entry->lde_dn ) == 0 ) { write_entry( op, entry, ofp ); break; } } else if ( test_filter( op, entry ) == LDAP_COMPARE_TRUE ) { write_entry( op, entry, ofp ); } free_entry( entry ); } } endpwent(); write_result( ofp, LDAP_SUCCESS, NULL, NULL ); }
static int test_filter_or( Operation *op, Entry *e, Filter *flist ) { Filter *f; int rtn = LDAP_COMPARE_FALSE; /* False if empty */ Debug( LDAP_DEBUG_FILTER, "=> test_filter_or\n", 0, 0, 0 ); for ( f = flist; f != NULL; f = f->f_next ) { int rc = test_filter( op, e, f ); if ( rc == LDAP_COMPARE_TRUE ) { /* filter is True */ rtn = rc; break; } if ( rc != LDAP_COMPARE_FALSE ) { /* filter is Undefined unless later elements are True */ rtn = rc; } } Debug( LDAP_DEBUG_FILTER, "<= test_filter_or %d\n", rtn, 0, 0 ); return rtn; }
/* ** When adding a group, we first strip any existing members, ** and add all which match the filters ourselfs. */ static int autogroup_add_entry( Operation *op, SlapReply *rs) { slap_overinst *on = (slap_overinst *)op->o_bd->bd_info; autogroup_info_t *agi = (autogroup_info_t *)on->on_bi.bi_private; autogroup_def_t *agd = agi->agi_def; autogroup_entry_t *age = agi->agi_entry; autogroup_filter_t *agf; int rc = 0; Debug( LDAP_DEBUG_TRACE, "==> autogroup_add_entry <%s>\n", op->ora_e->e_name.bv_val, 0, 0); ldap_pvt_thread_mutex_lock( &agi->agi_mutex ); /* Check if it's a group. */ for ( ; agd ; agd = agd->agd_next ) { if ( is_entry_objectclass_or_sub( op->ora_e, agd->agd_oc ) ) { Modification mod; const char *text = NULL; char textbuf[1024]; mod.sm_op = LDAP_MOD_DELETE; mod.sm_desc = agd->agd_member_ad; mod.sm_type = agd->agd_member_ad->ad_cname; mod.sm_values = NULL; mod.sm_nvalues = NULL; /* We don't want any member attributes added by the user. */ modify_delete_values( op->ora_e, &mod, /* permissive */ 1, &text, textbuf, sizeof( textbuf ) ); autogroup_add_group( op, agi, agd, op->ora_e, NULL, 1 , 0); ldap_pvt_thread_mutex_unlock( &agi->agi_mutex ); return SLAP_CB_CONTINUE; } } for ( ; age ; age = age->age_next ) { ldap_pvt_thread_mutex_lock( &age->age_mutex ); /* Check if any of the filters are the suffix to the entry DN. If yes, we can test that filter against the entry. */ for ( agf = age->age_filter; agf ; agf = agf->agf_next ) { if ( dnIsSuffix( &op->o_req_ndn, &agf->agf_ndn ) ) { rc = test_filter( op, op->ora_e, agf->agf_filter ); if ( rc == LDAP_COMPARE_TRUE ) { autogroup_add_member_to_group( op, &op->ora_e->e_name, &op->ora_e->e_nname, age ); break; } } } ldap_pvt_thread_mutex_unlock( &age->age_mutex ); } ldap_pvt_thread_mutex_unlock( &agi->agi_mutex ); return SLAP_CB_CONTINUE; }
ifilter_iterator<ResultType, Operator, List0>::ifilter_iterator(Operator _op, List0 _seq) : op(_op), iter(const_cast<sequence_type&>(_seq).begin()), iter_end(const_cast<sequence_type &>(_seq).end()) { if (!test_filter(std::is_same<types::none_type, Operator>())) next_value(); }
static int constraint_check_restrict( Operation *op, constraint *c, Entry *e ) { assert( c->restrict_lud != NULL ); if ( c->restrict_lud->lud_dn != NULL ) { int diff = e->e_nname.bv_len - c->restrict_ndn.bv_len; if ( diff < 0 ) { return 0; } if ( c->restrict_lud->lud_scope == LDAP_SCOPE_BASE ) { return bvmatch( &e->e_nname, &c->restrict_ndn ); } if ( !dnIsSuffix( &e->e_nname, &c->restrict_ndn ) ) { return 0; } if ( c->restrict_lud->lud_scope != LDAP_SCOPE_SUBTREE ) { struct berval pdn; if ( diff == 0 ) { return 0; } dnParent( &e->e_nname, &pdn ); if ( c->restrict_lud->lud_scope == LDAP_SCOPE_ONELEVEL && pdn.bv_len != c->restrict_ndn.bv_len ) { return 0; } } } if ( c->restrict_filter != NULL ) { int rc; struct berval save_dn = op->o_dn, save_ndn = op->o_ndn; op->o_dn = op->o_bd->be_rootdn; op->o_ndn = op->o_bd->be_rootndn; rc = test_filter( op, e, c->restrict_filter ); op->o_dn = save_dn; op->o_ndn = save_ndn; if ( rc != LDAP_COMPARE_TRUE ) { return 0; } } return 1; }
static int test_op(struct event_format *event, struct filter_arg *arg, struct pevent_record *record) { switch (arg->op.type) { case FILTER_OP_AND: return test_filter(event, arg->op.left, record) && test_filter(event, arg->op.right, record); case FILTER_OP_OR: return test_filter(event, arg->op.left, record) || test_filter(event, arg->op.right, record); case FILTER_OP_NOT: return !test_filter(event, arg->op.right, record); default: /* ?? */ return 0; } }
void DeleteAllIndexes::run() { char string[BCTEXTLEN], string1[BCTEXTLEN], string2[BCTEXTLEN]; // prepare directory strcpy(string1, pwindow->thread->preferences->index_directory); FileSystem dir; dir.update(pwindow->thread->preferences->index_directory); dir.complete_path(string1); // prepare filter const char *filter1 = ".idx"; const char *filter2 = ".toc"; // pwindow->disable_window(); sprintf(string, _("Delete all indexes in %s?"), string1); // QuestionWindow confirm(mwindow); // confirm.create_objects(string, 0); // int result = confirm.run_window(); int result = 0; if(!result) { static int i, j, k; for(i = 0; i < dir.dir_list.total; i++) { result = 1; sprintf(string2, "%s%s", string1, dir.dir_list.values[i]->name); // test filter if(test_filter(string2, filter1) || test_filter(string2, filter2)) { remove(string2); printf("DeleteAllIndexes::run %s\n", string2); } } } pwindow->thread->redraw_indexes = 1; // pwindow->enable_window(); }
/** * \brief Our blurring function. * * \param vf Stores persistant data. In this function we are interested in the * array of masks. * \param value_out The properly blurred and delogoed pixel is outputted here. * \param logo_mask Tells us which pixels are in the logo and which aren't. * \param image The image that is having its logo removed. * \param x x-coordinate of the pixel to blur. * \param y y-coordinate of the pixel to blur. * \param plane 0 = luma, 1 = blue chroma, 2 = red chroma (YUV). * * This function is the core of the filter. It takes a pixel that is inside the * logo and blurs it. It does so by finding the average of all the pixels within * the mask and outside of the logo. */ static void get_blur(const vf_instance_t * const vf, unsigned int * const value_out, const pgm_structure * const logo_mask, const mp_image_t * const image, const int x, const int y, const int plane) { int mask_size; /* Mask size tells how large a circle to use. The radius is about (slightly larger than) mask size. */ /* Get values from vf->priv for faster dereferencing. */ int * * * mask = vf->priv->mask; int start_posx, start_posy, end_posx, end_posy; int i, j; unsigned int accumulator = 0, divisor = 0; const unsigned char * mask_read_position; /* What pixel we are reading out of the circular blur mask. */ const unsigned char * logo_mask_read_position; /* What pixel we are reading out of the filter image. */ /* Prepare our bounding rectangle and clip it if need be. */ mask_size = test_filter(logo_mask, x, y); start_posx = max(0, x - mask_size); start_posy = max(0, y - mask_size); end_posx = min(image->width - 1, x + mask_size); end_posy = min(image->height - 1, y + mask_size); mask_read_position = image->planes[plane] + (image->stride[plane] * start_posy) + start_posx; logo_mask_read_position = logo_mask->pixel + (start_posy * logo_mask->width) + start_posx; for (j = start_posy; j <= end_posy; j++) { for (i = start_posx; i <= end_posx; i++) { if (!(*logo_mask_read_position) && mask[mask_size][i - start_posx][j - start_posy]) { /* Check to see if this pixel is in the logo or not. Only use the pixel if it is not. */ accumulator += *mask_read_position; divisor++; } mask_read_position++; logo_mask_read_position++; } mask_read_position += (image->stride[plane] - ((end_posx + 1) - start_posx)); logo_mask_read_position += (logo_mask->width - ((end_posx + 1) - start_posx)); } if (divisor == 0) /* This means that not a single pixel is outside of the logo, so we have no data. */ { /* We should put some eye catching value here, to indicate the flaw to the user. */ *value_out = 255; } else /* Else we need to normalise the data using the divisor. */ { *value_out = (accumulator + (divisor / 2)) / divisor; /* Divide, taking into account average rounding error. */ } return; }
static dynlist_info_t * dynlist_is_dynlist_next( Operation *op, SlapReply *rs, dynlist_info_t *old_dli ) { slap_overinst *on = (slap_overinst *)op->o_bd->bd_info; dynlist_info_t *dli; Attribute *a; if ( old_dli == NULL ) { dli = (dynlist_info_t *)on->on_bi.bi_private; } else { dli = old_dli->dli_next; } a = attrs_find( rs->sr_entry->e_attrs, slap_schema.si_ad_objectClass ); if ( a == NULL ) { /* FIXME: objectClass must be present; for non-storage * backends, like back-ldap, it needs to be added * to the requested attributes */ return NULL; } for ( ; dli; dli = dli->dli_next ) { if ( dli->dli_lud != NULL ) { /* check base and scope */ if ( !BER_BVISNULL( &dli->dli_uri_nbase ) && !dnIsSuffixScope( &rs->sr_entry->e_nname, &dli->dli_uri_nbase, dli->dli_lud->lud_scope ) ) { continue; } /* check filter */ if ( dli->dli_uri_filter && test_filter( op, rs->sr_entry, dli->dli_uri_filter ) != LDAP_COMPARE_TRUE ) { continue; } } if ( attr_valfind( a, SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH | SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH, &dli->dli_oc->soc_cname, NULL, op->o_tmpmemctx ) == 0 ) { return dli; } } return NULL; }
int get_test_set(int *test_set, int limit, const char *test, struct test_list_t *tests) { int start, end; int idx = 0; if (test == NULL) { /* Default: Run all tests. */ for (;idx < limit; idx++) test_set[idx] = idx; return (limit); } if (*test >= '0' && *test <= '9') { const char *vp = test; start = 0; while (*vp >= '0' && *vp <= '9') { start *= 10; start += *vp - '0'; ++vp; } if (*vp == '\0') { end = start; } else if (*vp == '-') { ++vp; if (*vp == '\0') { end = limit - 1; } else { end = 0; while (*vp >= '0' && *vp <= '9') { end *= 10; end += *vp - '0'; ++vp; } } } else return (-1); if (start < 0 || end >= limit || start > end) return (-1); while (start <= end) test_set[idx++] = start++; } else { for (start = 0; start < limit; ++start) { const char *name = tests[start].name; if (test_filter(test, name)) test_set[idx++] = start; } } return ((idx == 0)?-1:idx); }
static int retcode_send_onelevel( Operation *op, SlapReply *rs ) { slap_overinst *on = (slap_overinst *)op->o_bd->bd_info; retcode_t *rd = (retcode_t *)on->on_bi.bi_private; retcode_item_t *rdi; for ( rdi = rd->rd_item; rdi != NULL; rdi = rdi->rdi_next ) { if ( op->o_abandon ) { return rs->sr_err = SLAPD_ABANDON; } rs->sr_err = test_filter( op, &rdi->rdi_e, op->ors_filter ); if ( rs->sr_err == LDAP_COMPARE_TRUE ) { /* safe default */ rs->sr_attrs = op->ors_attrs; rs->sr_operational_attrs = NULL; rs->sr_ctrls = NULL; rs->sr_flags = 0; rs->sr_err = LDAP_SUCCESS; rs->sr_entry = &rdi->rdi_e; rs->sr_err = send_search_entry( op, rs ); rs->sr_flags = 0; rs->sr_entry = NULL; rs->sr_attrs = NULL; switch ( rs->sr_err ) { case LDAP_UNAVAILABLE: /* connection closed */ rs->sr_err = LDAP_OTHER; /* fallthru */ case LDAP_SIZELIMIT_EXCEEDED: goto done; } } rs->sr_err = LDAP_SUCCESS; } done:; send_ldap_result( op, rs ); return rs->sr_err; }
/** * Performs code-generation for a map statement. */ int generate_map(Pool *pool, FILE *out, AstMap *p) { ListNode *line; /* Match against the map: */ for (line = p->lines; line; line = line->next) { AstMapLine *l = ast_to_map_line(line->d); if (test_filter(l->filter, p->item)) { CHECK(generate_code(pool, out, l->code)); return 1; } } /* Nothing matched: */ fprintf(stderr, "error: Could not match item \"%s\" against map.\n", string_copy(pool, p->item->name).p); return 0; }
int generate_for_item(Pool *pool, FILE *out, AstFor *p, ListNode *item, int *need_comma) { Scope *scope = scope_new(pool, p->scope); ListBuilder code = list_builder_init(pool); if (dynamic_ok(p->filter) && !test_filter(p->filter, ast_to_outline_item(item->d))) return 1; if (p->list && *need_comma) CHECK(file_putc(out, ',')); *need_comma = 1; scope_add(scope, pool, p->item, item->d); CHECK(parse_code(pool, &p->code, scope, out_list_builder(&code))); CHECK(generate_code(pool, out, code.first)); return 1; }
/** * pevent_filter_match - test if a record matches a filter * @filter: filter struct with filter information * @record: the record to test against the filter * * Returns: * 1 - filter found for event and @record matches * 0 - filter found for event and @record does not match * -1 - no filter found for @record's event * -2 - if no filters exist */ int pevent_filter_match(struct event_filter *filter, struct pevent_record *record) { struct pevent *pevent = filter->pevent; struct filter_type *filter_type; int event_id; if (!filter->filters) return FILTER_NONE; event_id = pevent_data_type(pevent, record); filter_type = find_filter_type(filter, event_id); if (!filter_type) return FILTER_NOEXIST; return test_filter(filter_type->event, filter_type->filter, record) ? FILTER_MATCH : FILTER_MISS; }
int fe_op_search( Operation *op, SlapReply *rs ) { BackendDB *bd = op->o_bd; if ( op->ors_scope == LDAP_SCOPE_BASE ) { Entry *entry = NULL; if ( BER_BVISEMPTY( &op->o_req_ndn ) ) { #ifdef LDAP_CONNECTIONLESS /* Ignore LDAPv2 CLDAP Root DSE queries */ if (op->o_protocol == LDAP_VERSION2 && op->o_conn->c_is_udp) { goto return_results; } #endif /* check restrictions */ if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) { send_ldap_result( op, rs ); goto return_results; } rs->sr_err = root_dse_info( op->o_conn, &entry, &rs->sr_text ); } else if ( bvmatch( &op->o_req_ndn, &frontendDB->be_schemandn ) ) { /* check restrictions */ if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) { send_ldap_result( op, rs ); goto return_results; } rs->sr_err = schema_info( &entry, &rs->sr_text ); } if( rs->sr_err != LDAP_SUCCESS ) { send_ldap_result( op, rs ); goto return_results; } else if ( entry != NULL ) { if ( get_assert( op ) && ( test_filter( op, entry, get_assertion( op )) != LDAP_COMPARE_TRUE )) { rs->sr_err = LDAP_ASSERTION_FAILED; goto fail1; } rs->sr_err = test_filter( op, entry, op->ors_filter ); if( rs->sr_err == LDAP_COMPARE_TRUE ) { /* note: we set no limits because either * no limit is specified, or at least 1 * is specified, and we're going to return * at most one entry */ op->ors_slimit = SLAP_NO_LIMIT; op->ors_tlimit = SLAP_NO_LIMIT; rs->sr_entry = entry; rs->sr_attrs = op->ors_attrs; rs->sr_operational_attrs = NULL; rs->sr_flags = 0; send_search_entry( op, rs ); rs->sr_entry = NULL; rs->sr_operational_attrs = NULL; } rs->sr_err = LDAP_SUCCESS; fail1: entry_free( entry ); send_ldap_result( op, rs ); goto return_results; } } if( BER_BVISEMPTY( &op->o_req_ndn ) && !BER_BVISEMPTY( &default_search_nbase ) ) { slap_sl_free( op->o_req_dn.bv_val, op->o_tmpmemctx ); slap_sl_free( op->o_req_ndn.bv_val, op->o_tmpmemctx ); ber_dupbv_x( &op->o_req_dn, &default_search_base, op->o_tmpmemctx ); ber_dupbv_x( &op->o_req_ndn, &default_search_nbase, op->o_tmpmemctx ); } /* * We could be serving multiple database backends. Select the * appropriate one, or send a referral to our "referral server" * if we don't hold it. */ op->o_bd = select_backend( &op->o_req_ndn, 1 ); if ( op->o_bd == NULL ) { rs->sr_ref = referral_rewrite( default_referral, NULL, &op->o_req_dn, op->ors_scope ); if (!rs->sr_ref) rs->sr_ref = default_referral; rs->sr_err = LDAP_REFERRAL; op->o_bd = bd; send_ldap_result( op, rs ); if (rs->sr_ref != default_referral) ber_bvarray_free( rs->sr_ref ); rs->sr_ref = NULL; goto return_results; } /* check restrictions */ if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) { send_ldap_result( op, rs ); goto return_results; } /* check for referrals */ if( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) { goto return_results; } if ( SLAP_SHADOW(op->o_bd) && get_dontUseCopy(op) ) { /* don't use shadow copy */ BerVarray defref = op->o_bd->be_update_refs ? op->o_bd->be_update_refs : default_referral; if( defref != NULL ) { rs->sr_ref = referral_rewrite( defref, NULL, &op->o_req_dn, op->ors_scope ); if( !rs->sr_ref) rs->sr_ref = defref; rs->sr_err = LDAP_REFERRAL; send_ldap_result( op, rs ); if (rs->sr_ref != defref) ber_bvarray_free( rs->sr_ref ); } else { send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, "copy not used; no referral information available" ); } } else if ( op->o_bd->be_search ) { if ( limits_check( op, rs ) == 0 ) { /* actually do the search and send the result(s) */ (op->o_bd->be_search)( op, rs ); } /* else limits_check() sends error */ } else { send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, "operation not supported within namingContext" ); } return_results:; op->o_bd = bd; return rs->sr_err; }
int mdb_search( Operation *op, SlapReply *rs ) { struct mdb_info *mdb = (struct mdb_info *) op->o_bd->be_private; ID id, cursor, nsubs, ncand, cscope; ID lastid = NOID; ID candidates[MDB_IDL_UM_SIZE]; ID iscopes[MDB_IDL_DB_SIZE]; ID2 *scopes; void *stack; Entry *e = NULL, *base = NULL; Entry *matched = NULL; AttributeName *attrs; slap_mask_t mask; time_t stoptime; int manageDSAit; int tentries = 0; IdScopes isc; MDB_cursor *mci, *mcd; ww_ctx wwctx; slap_callback cb = { 0 }; mdb_op_info opinfo = {{{0}}}, *moi = &opinfo; MDB_txn *ltid = NULL; Debug( LDAP_DEBUG_TRACE, "=> " LDAP_XSTRING(mdb_search) "\n", 0, 0, 0); attrs = op->oq_search.rs_attrs; manageDSAit = get_manageDSAit( op ); rs->sr_err = mdb_opinfo_get( op, mdb, 1, &moi ); switch(rs->sr_err) { case 0: break; default: send_ldap_error( op, rs, LDAP_OTHER, "internal error" ); return rs->sr_err; } ltid = moi->moi_txn; rs->sr_err = mdb_cursor_open( ltid, mdb->mi_id2entry, &mci ); if ( rs->sr_err ) { send_ldap_error( op, rs, LDAP_OTHER, "internal error" ); return rs->sr_err; } rs->sr_err = mdb_cursor_open( ltid, mdb->mi_dn2id, &mcd ); if ( rs->sr_err ) { mdb_cursor_close( mci ); send_ldap_error( op, rs, LDAP_OTHER, "internal error" ); return rs->sr_err; } scopes = scope_chunk_get( op ); stack = search_stack( op ); isc.mt = ltid; isc.mc = mcd; isc.scopes = scopes; isc.oscope = op->ors_scope; isc.sctmp = stack; if ( op->ors_deref & LDAP_DEREF_FINDING ) { MDB_IDL_ZERO(candidates); } dn2entry_retry: /* get entry with reader lock */ rs->sr_err = mdb_dn2entry( op, ltid, mcd, &op->o_req_ndn, &e, &nsubs, 1 ); switch(rs->sr_err) { case MDB_NOTFOUND: matched = e; e = NULL; break; case 0: break; case LDAP_BUSY: send_ldap_error( op, rs, LDAP_BUSY, "ldap server busy" ); goto done; default: send_ldap_error( op, rs, LDAP_OTHER, "internal error" ); goto done; } if ( op->ors_deref & LDAP_DEREF_FINDING ) { if ( matched && is_entry_alias( matched )) { struct berval stub; stub.bv_val = op->o_req_ndn.bv_val; stub.bv_len = op->o_req_ndn.bv_len - matched->e_nname.bv_len - 1; e = deref_base( op, rs, matched, &matched, ltid, candidates, NULL ); if ( e ) { build_new_dn( &op->o_req_ndn, &e->e_nname, &stub, op->o_tmpmemctx ); mdb_entry_return(op, e); matched = NULL; goto dn2entry_retry; } } else if ( e && is_entry_alias( e )) { e = deref_base( op, rs, e, &matched, ltid, candidates, NULL ); } } if ( e == NULL ) { struct berval matched_dn = BER_BVNULL; if ( matched != NULL ) { BerVarray erefs = NULL; /* return referral only if "disclose" * is granted on the object */ if ( ! access_allowed( op, matched, slap_schema.si_ad_entry, NULL, ACL_DISCLOSE, NULL ) ) { rs->sr_err = LDAP_NO_SUCH_OBJECT; } else { ber_dupbv( &matched_dn, &matched->e_name ); erefs = is_entry_referral( matched ) ? get_entry_referrals( op, matched ) : NULL; if ( rs->sr_err == MDB_NOTFOUND ) rs->sr_err = LDAP_REFERRAL; rs->sr_matched = matched_dn.bv_val; } mdb_entry_return(op, matched); matched = NULL; if ( erefs ) { rs->sr_ref = referral_rewrite( erefs, &matched_dn, &op->o_req_dn, op->oq_search.rs_scope ); ber_bvarray_free( erefs ); } } else { rs->sr_ref = referral_rewrite( default_referral, NULL, &op->o_req_dn, op->oq_search.rs_scope ); rs->sr_err = rs->sr_ref != NULL ? LDAP_REFERRAL : LDAP_NO_SUCH_OBJECT; } send_ldap_result( op, rs ); if ( rs->sr_ref ) { ber_bvarray_free( rs->sr_ref ); rs->sr_ref = NULL; } if ( !BER_BVISNULL( &matched_dn ) ) { ber_memfree( matched_dn.bv_val ); rs->sr_matched = NULL; } goto done; } /* NOTE: __NEW__ "search" access is required * on searchBase object */ if ( ! access_allowed_mask( op, e, slap_schema.si_ad_entry, NULL, ACL_SEARCH, NULL, &mask ) ) { if ( !ACL_GRANT( mask, ACL_DISCLOSE ) ) { rs->sr_err = LDAP_NO_SUCH_OBJECT; } else { rs->sr_err = LDAP_INSUFFICIENT_ACCESS; } mdb_entry_return( op,e); send_ldap_result( op, rs ); goto done; } if ( !manageDSAit && is_entry_referral( e ) ) { /* entry is a referral */ struct berval matched_dn = BER_BVNULL; BerVarray erefs = NULL; ber_dupbv( &matched_dn, &e->e_name ); erefs = get_entry_referrals( op, e ); rs->sr_err = LDAP_REFERRAL; mdb_entry_return( op, e ); e = NULL; if ( erefs ) { rs->sr_ref = referral_rewrite( erefs, &matched_dn, &op->o_req_dn, op->oq_search.rs_scope ); ber_bvarray_free( erefs ); if ( !rs->sr_ref ) { rs->sr_text = "bad_referral object"; } } Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(mdb_search) ": entry is referral\n", 0, 0, 0 ); rs->sr_matched = matched_dn.bv_val; send_ldap_result( op, rs ); ber_bvarray_free( rs->sr_ref ); rs->sr_ref = NULL; ber_memfree( matched_dn.bv_val ); rs->sr_matched = NULL; goto done; } if ( get_assert( op ) && ( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE )) { rs->sr_err = LDAP_ASSERTION_FAILED; mdb_entry_return( op,e); send_ldap_result( op, rs ); goto done; } /* compute it anyway; root does not use it */ stoptime = op->o_time + op->ors_tlimit; base = e; e = NULL; /* select candidates */ if ( op->oq_search.rs_scope == LDAP_SCOPE_BASE ) { rs->sr_err = base_candidate( op->o_bd, base, candidates ); scopes[0].mid = 0; ncand = 1; } else { if ( op->ors_scope == LDAP_SCOPE_ONELEVEL ) { size_t nkids; MDB_val key, data; key.mv_data = &base->e_id; key.mv_size = sizeof( ID ); mdb_cursor_get( mcd, &key, &data, MDB_SET ); mdb_cursor_count( mcd, &nkids ); nsubs = nkids - 1; } else if ( !base->e_id ) { /* we don't maintain nsubs for entryID 0. * just grab entry count from id2entry stat */ MDB_stat ms; mdb_stat( ltid, mdb->mi_id2entry, &ms ); nsubs = ms.ms_entries; } MDB_IDL_ZERO( candidates ); scopes[0].mid = 1; scopes[1].mid = base->e_id; scopes[1].mval.mv_data = NULL; rs->sr_err = search_candidates( op, rs, base, &isc, mci, candidates, stack ); ncand = MDB_IDL_N( candidates ); if ( !base->e_id || ncand == NOID ) { /* grab entry count from id2entry stat */ MDB_stat ms; mdb_stat( ltid, mdb->mi_id2entry, &ms ); if ( !base->e_id ) nsubs = ms.ms_entries; if ( ncand == NOID ) ncand = ms.ms_entries; } } /* start cursor at beginning of candidates. */ cursor = 0; if ( candidates[0] == 0 ) { Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(mdb_search) ": no candidates\n", 0, 0, 0 ); goto nochange; } /* if not root and candidates exceed to-be-checked entries, abort */ if ( op->ors_limit /* isroot == FALSE */ && op->ors_limit->lms_s_unchecked != -1 && ncand > (unsigned) op->ors_limit->lms_s_unchecked ) { rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED; send_ldap_result( op, rs ); rs->sr_err = LDAP_SUCCESS; goto done; } if ( op->ors_limit == NULL /* isroot == TRUE */ || !op->ors_limit->lms_s_pr_hide ) { tentries = ncand; } wwctx.flag = 0; /* If we're running in our own read txn */ if ( moi == &opinfo ) { cb.sc_writewait = mdb_writewait; cb.sc_private = &wwctx; wwctx.txn = ltid; wwctx.mcd = NULL; cb.sc_next = op->o_callback; op->o_callback = &cb; } if ( get_pagedresults( op ) > SLAP_CONTROL_IGNORED ) { PagedResultsState *ps = op->o_pagedresults_state; /* deferred cookie parsing */ rs->sr_err = parse_paged_cookie( op, rs ); if ( rs->sr_err != LDAP_SUCCESS ) { send_ldap_result( op, rs ); goto done; } cursor = (ID) ps->ps_cookie; if ( cursor && ps->ps_size == 0 ) { rs->sr_err = LDAP_SUCCESS; rs->sr_text = "search abandoned by pagedResult size=0"; send_ldap_result( op, rs ); goto done; } id = mdb_idl_first( candidates, &cursor ); if ( id == NOID ) { Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(mdb_search) ": no paged results candidates\n", 0, 0, 0 ); send_paged_response( op, rs, &lastid, 0 ); rs->sr_err = LDAP_OTHER; goto done; } if ( id == (ID)ps->ps_cookie ) id = mdb_idl_next( candidates, &cursor ); nsubs = ncand; /* always bypass scope'd search */ goto loop_begin; } if ( nsubs < ncand ) { int rc; /* Do scope-based search */ /* if any alias scopes were set, save them */ if (scopes[0].mid > 1) { cursor = 1; for (cscope = 1; cscope <= scopes[0].mid; cscope++) { /* Ignore the original base */ if (scopes[cscope].mid == base->e_id) continue; iscopes[cursor++] = scopes[cscope].mid; } iscopes[0] = scopes[0].mid - 1; } else { iscopes[0] = 0; } wwctx.mcd = mcd; isc.id = base->e_id; isc.numrdns = 0; rc = mdb_dn2id_walk( op, &isc ); if ( rc ) id = NOID; else id = isc.id; cscope = 0; } else { id = mdb_idl_first( candidates, &cursor ); } while (id != NOID) { int scopeok; MDB_val edata; loop_begin: /* check for abandon */ if ( op->o_abandon ) { rs->sr_err = SLAPD_ABANDON; send_ldap_result( op, rs ); goto done; } /* mostly needed by internal searches, * e.g. related to syncrepl, for whom * abandon does not get set... */ if ( slapd_shutdown ) { rs->sr_err = LDAP_UNAVAILABLE; send_ldap_disconnect( op, rs ); goto done; } /* check time limit */ if ( op->ors_tlimit != SLAP_NO_LIMIT && slap_get_time() > stoptime ) { rs->sr_err = LDAP_TIMELIMIT_EXCEEDED; rs->sr_ref = rs->sr_v2ref; send_ldap_result( op, rs ); rs->sr_err = LDAP_SUCCESS; goto done; } if ( nsubs < ncand ) { unsigned i; /* Is this entry in the candidate list? */ scopeok = 0; if (MDB_IDL_IS_RANGE( candidates )) { if ( id >= MDB_IDL_RANGE_FIRST( candidates ) && id <= MDB_IDL_RANGE_LAST( candidates )) scopeok = 1; } else { i = mdb_idl_search( candidates, id ); if ( candidates[i] == id ) scopeok = 1; } if ( scopeok ) goto scopeok; goto loop_continue; } /* Does this candidate actually satisfy the search scope? */ scopeok = 0; isc.numrdns = 0; switch( op->ors_scope ) { case LDAP_SCOPE_BASE: /* This is always true, yes? */ if ( id == base->e_id ) scopeok = 1; break; #ifdef LDAP_SCOPE_CHILDREN case LDAP_SCOPE_CHILDREN: if ( id == base->e_id ) break; /* Fall-thru */ #endif case LDAP_SCOPE_SUBTREE: if ( id == base->e_id ) { scopeok = 1; break; } /* Fall-thru */ case LDAP_SCOPE_ONELEVEL: isc.id = id; isc.nscope = 0; rs->sr_err = mdb_idscopes( op, &isc ); if ( rs->sr_err == MDB_SUCCESS ) { if ( isc.nscope ) scopeok = 1; } else { if ( rs->sr_err == MDB_NOTFOUND ) goto notfound; } break; } /* Not in scope, ignore it */ if ( !scopeok ) { Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(mdb_search) ": %ld scope not okay\n", (long) id, 0, 0 ); goto loop_continue; } scopeok: if ( id == base->e_id ) { e = base; } else { /* get the entry */ rs->sr_err = mdb_id2edata( op, mci, id, &edata ); if ( rs->sr_err == MDB_NOTFOUND ) { notfound: if( nsubs < ncand ) goto loop_continue; if( !MDB_IDL_IS_RANGE(candidates) ) { /* only complain for non-range IDLs */ Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(mdb_search) ": candidate %ld not found\n", (long) id, 0, 0 ); } else { /* get the next ID from the DB */ rs->sr_err = mdb_get_nextid( mci, &cursor ); if ( rs->sr_err == MDB_NOTFOUND ) { break; } if ( rs->sr_err ) { rs->sr_err = LDAP_OTHER; rs->sr_text = "internal error in get_nextid"; send_ldap_result( op, rs ); goto done; } cursor--; } goto loop_continue; } else if ( rs->sr_err ) { rs->sr_err = LDAP_OTHER; rs->sr_text = "internal error in mdb_id2edata"; send_ldap_result( op, rs ); goto done; } rs->sr_err = mdb_entry_decode( op, ltid, &edata, &e ); if ( rs->sr_err ) { rs->sr_err = LDAP_OTHER; rs->sr_text = "internal error in mdb_entry_decode"; send_ldap_result( op, rs ); goto done; } e->e_id = id; e->e_name.bv_val = NULL; e->e_nname.bv_val = NULL; } if ( is_entry_subentry( e ) ) { if( op->oq_search.rs_scope != LDAP_SCOPE_BASE ) { if(!get_subentries_visibility( op )) { /* only subentries are visible */ goto loop_continue; } } else if ( get_subentries( op ) && !get_subentries_visibility( op )) { /* only subentries are visible */ goto loop_continue; } } else if ( get_subentries_visibility( op )) { /* only subentries are visible */ goto loop_continue; } /* aliases were already dereferenced in candidate list */ if ( op->ors_deref & LDAP_DEREF_SEARCHING ) { /* but if the search base is an alias, and we didn't * deref it when finding, return it. */ if ( is_entry_alias(e) && ((op->ors_deref & LDAP_DEREF_FINDING) || e != base )) { goto loop_continue; } } if ( !manageDSAit && is_entry_glue( e )) { goto loop_continue; } if (e != base) { struct berval pdn, pndn; char *d, *n; int i; /* child of base, just append RDNs to base->e_name */ if ( nsubs < ncand || isc.scopes[isc.nscope].mid == base->e_id ) { pdn = base->e_name; pndn = base->e_nname; } else { mdb_id2name( op, ltid, &isc.mc, scopes[isc.nscope].mid, &pdn, &pndn ); } e->e_name.bv_len = pdn.bv_len; e->e_nname.bv_len = pndn.bv_len; for (i=0; i<isc.numrdns; i++) { e->e_name.bv_len += isc.rdns[i].bv_len + 1; e->e_nname.bv_len += isc.nrdns[i].bv_len + 1; } e->e_name.bv_val = op->o_tmpalloc(e->e_name.bv_len + 1, op->o_tmpmemctx); e->e_nname.bv_val = op->o_tmpalloc(e->e_nname.bv_len + 1, op->o_tmpmemctx); d = e->e_name.bv_val; n = e->e_nname.bv_val; if (nsubs < ncand) { /* RDNs are in top-down order */ for (i=isc.numrdns-1; i>=0; i--) { memcpy(d, isc.rdns[i].bv_val, isc.rdns[i].bv_len); d += isc.rdns[i].bv_len; *d++ = ','; memcpy(n, isc.nrdns[i].bv_val, isc.nrdns[i].bv_len); n += isc.nrdns[i].bv_len; *n++ = ','; } } else { /* RDNs are in bottom-up order */ for (i=0; i<isc.numrdns; i++) { memcpy(d, isc.rdns[i].bv_val, isc.rdns[i].bv_len); d += isc.rdns[i].bv_len; *d++ = ','; memcpy(n, isc.nrdns[i].bv_val, isc.nrdns[i].bv_len); n += isc.nrdns[i].bv_len; *n++ = ','; } } if (pdn.bv_len) { memcpy(d, pdn.bv_val, pdn.bv_len+1); memcpy(n, pndn.bv_val, pndn.bv_len+1); } else { *--d = '\0'; *--n = '\0'; e->e_name.bv_len--; e->e_nname.bv_len--; } if (pndn.bv_val != base->e_nname.bv_val) { op->o_tmpfree(pndn.bv_val, op->o_tmpmemctx); op->o_tmpfree(pdn.bv_val, op->o_tmpmemctx); } } /* * if it's a referral, add it to the list of referrals. only do * this for non-base searches, and don't check the filter * explicitly here since it's only a candidate anyway. */ if ( !manageDSAit && op->oq_search.rs_scope != LDAP_SCOPE_BASE && is_entry_referral( e ) ) { BerVarray erefs = get_entry_referrals( op, e ); rs->sr_ref = referral_rewrite( erefs, &e->e_name, NULL, op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL ? LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE ); rs->sr_entry = e; rs->sr_flags = 0; send_search_reference( op, rs ); if (e != base) mdb_entry_return( op, e ); rs->sr_entry = NULL; e = NULL; ber_bvarray_free( rs->sr_ref ); ber_bvarray_free( erefs ); rs->sr_ref = NULL; if ( wwctx.flag ) { rs->sr_err = mdb_waitfixup( op, &wwctx, mci, mcd ); if ( rs->sr_err ) { send_ldap_result( op, rs ); goto done; } } goto loop_continue; } /* if it matches the filter and scope, send it */ rs->sr_err = test_filter( op, e, op->oq_search.rs_filter ); if ( rs->sr_err == LDAP_COMPARE_TRUE ) { /* check size limit */ if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) { if ( rs->sr_nentries >= ((PagedResultsState *)op->o_pagedresults_state)->ps_size ) { mdb_entry_return( op, e ); e = NULL; send_paged_response( op, rs, &lastid, tentries ); goto done; } lastid = id; } if (e) { /* safe default */ rs->sr_attrs = op->oq_search.rs_attrs; rs->sr_operational_attrs = NULL; rs->sr_ctrls = NULL; rs->sr_entry = e; RS_ASSERT( e->e_private != NULL ); rs->sr_flags = 0; rs->sr_err = LDAP_SUCCESS; rs->sr_err = send_search_entry( op, rs ); rs->sr_attrs = NULL; rs->sr_entry = NULL; if (e != base) mdb_entry_return( op, e ); e = NULL; switch ( rs->sr_err ) { case LDAP_SUCCESS: /* entry sent ok */ break; default: /* entry not sent */ break; case LDAP_BUSY: send_ldap_result( op, rs ); goto done; case LDAP_UNAVAILABLE: case LDAP_SIZELIMIT_EXCEEDED: if ( rs->sr_err == LDAP_SIZELIMIT_EXCEEDED ) { rs->sr_ref = rs->sr_v2ref; send_ldap_result( op, rs ); rs->sr_err = LDAP_SUCCESS; } else { rs->sr_err = LDAP_OTHER; } goto done; } if ( wwctx.flag ) { rs->sr_err = mdb_waitfixup( op, &wwctx, mci, mcd ); if ( rs->sr_err ) { send_ldap_result( op, rs ); goto done; } } } } else { Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(mdb_search) ": %ld does not match filter\n", (long) id, 0, 0 ); } loop_continue: if( e != NULL ) { if ( e != base ) mdb_entry_return( op, e ); RS_ASSERT( rs->sr_entry == NULL ); e = NULL; rs->sr_entry = NULL; } if ( nsubs < ncand ) { int rc = mdb_dn2id_walk( op, &isc ); if (rc) { id = NOID; /* We got to the end of a subtree. If there are any * alias scopes left, search them too. */ while (iscopes[0] && cscope < iscopes[0]) { cscope++; isc.id = iscopes[cscope]; if ( base ) mdb_entry_return( op, base ); rs->sr_err = mdb_id2entry(op, mci, isc.id, &base); if ( !rs->sr_err ) { mdb_id2name( op, ltid, &isc.mc, isc.id, &base->e_name, &base->e_nname ); isc.numrdns = 0; if (isc.oscope == LDAP_SCOPE_ONELEVEL) isc.oscope = LDAP_SCOPE_BASE; rc = mdb_dn2id_walk( op, &isc ); if ( !rc ) { id = isc.id; break; } } } } else id = isc.id; } else { id = mdb_idl_next( candidates, &cursor ); } } nochange: rs->sr_ctrls = NULL; rs->sr_ref = rs->sr_v2ref; rs->sr_err = (rs->sr_v2ref == NULL) ? LDAP_SUCCESS : LDAP_REFERRAL; rs->sr_rspoid = NULL; if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) { send_paged_response( op, rs, NULL, 0 ); } else { send_ldap_result( op, rs ); } rs->sr_err = LDAP_SUCCESS; done: if ( cb.sc_private ) { /* remove our writewait callback */ slap_callback **scp = &op->o_callback; while ( *scp ) { if ( *scp == &cb ) { *scp = cb.sc_next; cb.sc_private = NULL; break; } } } mdb_cursor_close( mcd ); mdb_cursor_close( mci ); if ( moi == &opinfo ) { mdb_txn_reset( moi->moi_txn ); LDAP_SLIST_REMOVE( &op->o_extra, &moi->moi_oe, OpExtra, oe_next ); } else { moi->moi_ref--; } if( rs->sr_v2ref ) { ber_bvarray_free( rs->sr_v2ref ); rs->sr_v2ref = NULL; } if (base) mdb_entry_return( op, base ); scope_chunk_ret( op, scopes ); return rs->sr_err; }
int test_filter( Operation *op, Entry *e, Filter *f ) { int rc; Debug( LDAP_DEBUG_FILTER, "=> test_filter\n", 0, 0, 0 ); if ( f->f_choice & SLAPD_FILTER_UNDEFINED ) { Debug( LDAP_DEBUG_FILTER, " UNDEFINED\n", 0, 0, 0 ); rc = SLAPD_COMPARE_UNDEFINED; goto out; } switch ( f->f_choice ) { case SLAPD_FILTER_COMPUTED: Debug( LDAP_DEBUG_FILTER, " COMPUTED %s (%d)\n", f->f_result == LDAP_COMPARE_FALSE ? "false" : f->f_result == LDAP_COMPARE_TRUE ? "true" : f->f_result == SLAPD_COMPARE_UNDEFINED ? "undefined" : "error", f->f_result, 0 ); rc = f->f_result; break; case LDAP_FILTER_EQUALITY: Debug( LDAP_DEBUG_FILTER, " EQUALITY\n", 0, 0, 0 ); rc = test_ava_filter( op, e, f->f_ava, LDAP_FILTER_EQUALITY ); break; case LDAP_FILTER_SUBSTRINGS: Debug( LDAP_DEBUG_FILTER, " SUBSTRINGS\n", 0, 0, 0 ); rc = test_substrings_filter( op, e, f ); break; case LDAP_FILTER_GE: Debug( LDAP_DEBUG_FILTER, " GE\n", 0, 0, 0 ); rc = test_ava_filter( op, e, f->f_ava, LDAP_FILTER_GE ); break; case LDAP_FILTER_LE: Debug( LDAP_DEBUG_FILTER, " LE\n", 0, 0, 0 ); rc = test_ava_filter( op, e, f->f_ava, LDAP_FILTER_LE ); break; case LDAP_FILTER_PRESENT: Debug( LDAP_DEBUG_FILTER, " PRESENT\n", 0, 0, 0 ); rc = test_presence_filter( op, e, f->f_desc ); break; case LDAP_FILTER_APPROX: Debug( LDAP_DEBUG_FILTER, " APPROX\n", 0, 0, 0 ); rc = test_ava_filter( op, e, f->f_ava, LDAP_FILTER_APPROX ); break; case LDAP_FILTER_AND: Debug( LDAP_DEBUG_FILTER, " AND\n", 0, 0, 0 ); rc = test_filter_and( op, e, f->f_and ); break; case LDAP_FILTER_OR: Debug( LDAP_DEBUG_FILTER, " OR\n", 0, 0, 0 ); rc = test_filter_or( op, e, f->f_or ); break; case LDAP_FILTER_NOT: Debug( LDAP_DEBUG_FILTER, " NOT\n", 0, 0, 0 ); rc = test_filter( op, e, f->f_not ); /* Flip true to false and false to true * but leave Undefined alone. */ switch( rc ) { case LDAP_COMPARE_TRUE: rc = LDAP_COMPARE_FALSE; break; case LDAP_COMPARE_FALSE: rc = LDAP_COMPARE_TRUE; break; } break; case LDAP_FILTER_EXT: Debug( LDAP_DEBUG_FILTER, " EXT\n", 0, 0, 0 ); rc = test_mra_filter( op, e, f->f_mra ); break; default: Debug( LDAP_DEBUG_ANY, " unknown filter type %lu\n", f->f_choice, 0, 0 ); rc = LDAP_PROTOCOL_ERROR; } out: Debug( LDAP_DEBUG_FILTER, "<= test_filter %d\n", rc, 0, 0 ); return( rc ); }
int backsql_delete( Operation *op, SlapReply *rs ) { SQLHDBC dbh = SQL_NULL_HDBC; SQLHSTMT sth = SQL_NULL_HSTMT; backsql_oc_map_rec *oc = NULL; backsql_srch_info bsi = { 0 }; backsql_entryID e_id = { 0 }; Entry d = { 0 }, p = { 0 }, *e = NULL; struct berval pdn = BER_BVNULL; int manageDSAit = get_manageDSAit( op ); Debug( LDAP_DEBUG_TRACE, "==>backsql_delete(): deleting entry \"%s\"\n", op->o_req_ndn.bv_val, 0, 0 ); rs->sr_err = backsql_get_db_conn( op, &dbh ); if ( rs->sr_err != LDAP_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, " backsql_delete(): " "could not get connection handle - exiting\n", 0, 0, 0 ); rs->sr_text = ( rs->sr_err == LDAP_OTHER ) ? "SQL-backend error" : NULL; e = NULL; goto done; } /* * Get the entry */ bsi.bsi_e = &d; rs->sr_err = backsql_init_search( &bsi, &op->o_req_ndn, LDAP_SCOPE_BASE, (time_t)(-1), NULL, dbh, op, rs, slap_anlist_no_attrs, ( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY | BACKSQL_ISF_GET_OC ) ); switch ( rs->sr_err ) { case LDAP_SUCCESS: break; case LDAP_REFERRAL: if ( manageDSAit && !BER_BVISNULL( &bsi.bsi_e->e_nname ) && dn_match( &op->o_req_ndn, &bsi.bsi_e->e_nname ) ) { rs->sr_err = LDAP_SUCCESS; rs->sr_text = NULL; rs->sr_matched = NULL; if ( rs->sr_ref ) { ber_bvarray_free( rs->sr_ref ); rs->sr_ref = NULL; } break; } e = &d; /* fallthru */ default: Debug( LDAP_DEBUG_TRACE, "backsql_delete(): " "could not retrieve deleteDN ID - no such entry\n", 0, 0, 0 ); if ( !BER_BVISNULL( &d.e_nname ) ) { /* FIXME: should always be true! */ e = &d; } else { e = NULL; } goto done; } if ( get_assert( op ) && ( test_filter( op, &d, get_assertion( op ) ) != LDAP_COMPARE_TRUE ) ) { rs->sr_err = LDAP_ASSERTION_FAILED; e = &d; goto done; } if ( !access_allowed( op, &d, slap_schema.si_ad_entry, NULL, ACL_WDEL, NULL ) ) { Debug( LDAP_DEBUG_TRACE, " backsql_delete(): " "no write access to entry\n", 0, 0, 0 ); rs->sr_err = LDAP_INSUFFICIENT_ACCESS; e = &d; goto done; } rs->sr_err = backsql_has_children( op, dbh, &op->o_req_ndn ); switch ( rs->sr_err ) { case LDAP_COMPARE_FALSE: rs->sr_err = LDAP_SUCCESS; break; case LDAP_COMPARE_TRUE: #ifdef SLAP_CONTROL_X_TREE_DELETE if ( get_treeDelete( op ) ) { rs->sr_err = LDAP_SUCCESS; break; } #endif /* SLAP_CONTROL_X_TREE_DELETE */ Debug( LDAP_DEBUG_TRACE, " backsql_delete(): " "entry \"%s\" has children\n", op->o_req_dn.bv_val, 0, 0 ); rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF; rs->sr_text = "subordinate objects must be deleted first"; /* fallthru */ default: e = &d; goto done; } assert( bsi.bsi_base_id.eid_oc != NULL ); oc = bsi.bsi_base_id.eid_oc; if ( oc->bom_delete_proc == NULL ) { Debug( LDAP_DEBUG_TRACE, " backsql_delete(): " "delete procedure is not defined " "for this objectclass - aborting\n", 0, 0, 0 ); rs->sr_err = LDAP_UNWILLING_TO_PERFORM; rs->sr_text = "operation not permitted within namingContext"; e = NULL; goto done; } /* * Get the parent */ e_id = bsi.bsi_base_id; memset( &bsi.bsi_base_id, 0, sizeof( bsi.bsi_base_id ) ); if ( !be_issuffix( op->o_bd, &op->o_req_ndn ) ) { dnParent( &op->o_req_ndn, &pdn ); bsi.bsi_e = &p; rs->sr_err = backsql_init_search( &bsi, &pdn, LDAP_SCOPE_BASE, (time_t)(-1), NULL, dbh, op, rs, slap_anlist_no_attrs, BACKSQL_ISF_GET_ENTRY ); if ( rs->sr_err != LDAP_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, "backsql_delete(): " "could not retrieve deleteDN ID " "- no such entry\n", 0, 0, 0 ); e = &p; goto done; } (void)backsql_free_entryID( &bsi.bsi_base_id, 0, op->o_tmpmemctx ); /* check parent for "children" acl */ if ( !access_allowed( op, &p, slap_schema.si_ad_children, NULL, ACL_WDEL, NULL ) ) { Debug( LDAP_DEBUG_TRACE, " backsql_delete(): " "no write access to parent\n", 0, 0, 0 ); rs->sr_err = LDAP_INSUFFICIENT_ACCESS; e = &p; goto done; } } e = &d; #ifdef SLAP_CONTROL_X_TREE_DELETE if ( get_treeDelete( op ) ) { backsql_tree_delete( op, rs, dbh, &sth ); if ( rs->sr_err == LDAP_OTHER || rs->sr_err == LDAP_SUCCESS ) { e = NULL; } } else #endif /* SLAP_CONTROL_X_TREE_DELETE */ { backsql_delete_int( op, rs, dbh, &sth, &e_id, &e ); } /* * Commit only if all operations succeed */ if ( sth != SQL_NULL_HSTMT ) { SQLUSMALLINT CompletionType = SQL_ROLLBACK; if ( rs->sr_err == LDAP_SUCCESS && !op->o_noop ) { assert( e == NULL ); CompletionType = SQL_COMMIT; } SQLTransact( SQL_NULL_HENV, dbh, CompletionType ); } done:; if ( e != NULL ) { if ( !access_allowed( op, e, slap_schema.si_ad_entry, NULL, ACL_DISCLOSE, NULL ) ) { rs->sr_err = LDAP_NO_SUCH_OBJECT; rs->sr_text = NULL; rs->sr_matched = NULL; if ( rs->sr_ref ) { ber_bvarray_free( rs->sr_ref ); rs->sr_ref = NULL; } } } if ( op->o_noop && rs->sr_err == LDAP_SUCCESS ) { rs->sr_err = LDAP_X_NO_OPERATION; } send_ldap_result( op, rs ); Debug( LDAP_DEBUG_TRACE, "<==backsql_delete()\n", 0, 0, 0 ); if ( !BER_BVISNULL( &e_id.eid_ndn ) ) { (void)backsql_free_entryID( &e_id, 0, op->o_tmpmemctx ); } if ( !BER_BVISNULL( &d.e_nname ) ) { backsql_entry_clean( op, &d ); } if ( !BER_BVISNULL( &p.e_nname ) ) { backsql_entry_clean( op, &p ); } if ( rs->sr_ref ) { ber_bvarray_free( rs->sr_ref ); rs->sr_ref = NULL; } return rs->sr_err; }
int ndb_back_modify( Operation *op, SlapReply *rs ) { struct ndb_info *ni = (struct ndb_info *) op->o_bd->be_private; Entry e = {0}; int manageDSAit = get_manageDSAit( op ); char textbuf[SLAP_TEXT_BUFLEN]; size_t textlen = sizeof textbuf; int num_retries = 0; NdbArgs NA; NdbRdns rdns; struct berval matched; LDAPControl **preread_ctrl = NULL; LDAPControl **postread_ctrl = NULL; LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS]; int num_ctrls = 0; Debug( LDAP_DEBUG_ARGS, LDAP_XSTRING(ndb_back_modify) ": %s\n", op->o_req_dn.bv_val, 0, 0 ); ctrls[num_ctrls] = NULL; slap_mods_opattrs( op, &op->orm_modlist, 1 ); e.e_name = op->o_req_dn; e.e_nname = op->o_req_ndn; /* Get our NDB handle */ rs->sr_err = ndb_thread_handle( op, &NA.ndb ); rdns.nr_num = 0; NA.rdns = &rdns; NA.e = &e; if( 0 ) { retry: /* transaction retry */ NA.txn->close(); NA.txn = NULL; if( e.e_attrs ) { attrs_free( e.e_attrs ); e.e_attrs = NULL; } Debug(LDAP_DEBUG_TRACE, LDAP_XSTRING(ndb_back_modify) ": retrying...\n", 0, 0, 0); if ( op->o_abandon ) { rs->sr_err = SLAPD_ABANDON; goto return_results; } if ( NA.ocs ) { ber_bvarray_free_x( NA.ocs, op->o_tmpmemctx ); } ndb_trans_backoff( ++num_retries ); } NA.ocs = NULL; /* begin transaction */ NA.txn = NA.ndb->startTransaction(); rs->sr_text = NULL; if( !NA.txn ) { Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(ndb_back_modify) ": startTransaction failed: %s (%d)\n", NA.ndb->getNdbError().message, NA.ndb->getNdbError().code, 0 ); rs->sr_err = LDAP_OTHER; rs->sr_text = "internal error"; goto return_results; } /* get entry or ancestor */ rs->sr_err = ndb_entry_get_info( op, &NA, 0, &matched ); switch( rs->sr_err ) { case 0: break; case LDAP_NO_SUCH_OBJECT: Debug( LDAP_DEBUG_ARGS, "<=- ndb_back_modify: no such object %s\n", op->o_req_dn.bv_val, 0, 0 ); rs->sr_matched = matched.bv_val; if (NA.ocs ) ndb_check_referral( op, rs, &NA ); goto return_results; #if 0 case DB_LOCK_DEADLOCK: case DB_LOCK_NOTGRANTED: goto retry; #endif case LDAP_BUSY: rs->sr_text = "ldap server busy"; goto return_results; default: rs->sr_err = LDAP_OTHER; rs->sr_text = "internal error"; goto return_results; } /* acquire and lock entry */ rs->sr_err = ndb_entry_get_data( op, &NA, 1 ); if ( !manageDSAit && is_entry_referral( &e ) ) { /* entry is a referral, don't allow modify */ rs->sr_ref = get_entry_referrals( op, &e ); Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(ndb_back_modify) ": entry is referral\n", 0, 0, 0 ); rs->sr_err = LDAP_REFERRAL; rs->sr_matched = e.e_name.bv_val; rs->sr_flags = REP_REF_MUSTBEFREED; goto return_results; } if ( get_assert( op ) && ( test_filter( op, &e, (Filter*)get_assertion( op )) != LDAP_COMPARE_TRUE )) { rs->sr_err = LDAP_ASSERTION_FAILED; goto return_results; } if( op->o_preread ) { if( preread_ctrl == NULL ) { preread_ctrl = &ctrls[num_ctrls++]; ctrls[num_ctrls] = NULL; } if ( slap_read_controls( op, rs, &e, &slap_pre_read_bv, preread_ctrl ) ) { Debug( LDAP_DEBUG_TRACE, "<=- " LDAP_XSTRING(ndb_back_modify) ": pre-read " "failed!\n", 0, 0, 0 ); if ( op->o_preread & SLAP_CONTROL_CRITICAL ) { /* FIXME: is it correct to abort * operation if control fails? */ goto return_results; } } } /* Modify the entry */ rs->sr_err = ndb_modify_internal( op, &NA, &rs->sr_text, textbuf, textlen ); if( rs->sr_err != LDAP_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(ndb_back_modify) ": modify failed (%d)\n", rs->sr_err, 0, 0 ); #if 0 switch( rs->sr_err ) { case DB_LOCK_DEADLOCK: case DB_LOCK_NOTGRANTED: goto retry; } #endif goto return_results; } if( op->o_postread ) { if( postread_ctrl == NULL ) { postread_ctrl = &ctrls[num_ctrls++]; ctrls[num_ctrls] = NULL; } if( slap_read_controls( op, rs, &e, &slap_post_read_bv, postread_ctrl ) ) { Debug( LDAP_DEBUG_TRACE, "<=- " LDAP_XSTRING(ndb_back_modify) ": post-read failed!\n", 0, 0, 0 ); if ( op->o_postread & SLAP_CONTROL_CRITICAL ) { /* FIXME: is it correct to abort * operation if control fails? */ goto return_results; } } } if( op->o_noop ) { if (( rs->sr_err=NA.txn->execute( NdbTransaction::Rollback, NdbOperation::AbortOnError, 1 )) != 0 ) { rs->sr_text = "txn_abort (no-op) failed"; } else { rs->sr_err = LDAP_X_NO_OPERATION; } } else { if (( rs->sr_err=NA.txn->execute( NdbTransaction::Commit, NdbOperation::AbortOnError, 1 )) != 0 ) { rs->sr_text = "txn_commit failed"; } else { rs->sr_err = LDAP_SUCCESS; } } if( rs->sr_err != LDAP_SUCCESS && rs->sr_err != LDAP_X_NO_OPERATION ) { Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(ndb_back_modify) ": txn_%s failed: %s (%d)\n", op->o_noop ? "abort (no-op)" : "commit", NA.txn->getNdbError().message, NA.txn->getNdbError().code ); rs->sr_err = LDAP_OTHER; goto return_results; } NA.txn->close(); NA.txn = NULL; Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(ndb_back_modify) ": updated%s id=%08lx dn=\"%s\"\n", op->o_noop ? " (no-op)" : "", e.e_id, op->o_req_dn.bv_val ); rs->sr_err = LDAP_SUCCESS; rs->sr_text = NULL; if( num_ctrls ) rs->sr_ctrls = ctrls; return_results: if ( NA.ocs ) { ber_bvarray_free_x( NA.ocs, op->o_tmpmemctx ); NA.ocs = NULL; } if ( e.e_attrs != NULL ) { attrs_free( e.e_attrs ); e.e_attrs = NULL; } if( NA.txn != NULL ) { NA.txn->execute( Rollback ); NA.txn->close(); } send_ldap_result( op, rs ); slap_graduate_commit_csn( op ); if( preread_ctrl != NULL && (*preread_ctrl) != NULL ) { slap_sl_free( (*preread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx ); slap_sl_free( *preread_ctrl, op->o_tmpmemctx ); } if( postread_ctrl != NULL && (*postread_ctrl) != NULL ) { slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx ); slap_sl_free( *postread_ctrl, op->o_tmpmemctx ); } rs->sr_text = NULL; return rs->sr_err; }
int passwd_back_search( Operation *op, SlapReply *rs ) { struct passwd *pw; time_t stoptime = (time_t)-1; LDAPRDN rdn = NULL; struct berval parent = BER_BVNULL; AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass; if ( op->ors_tlimit != SLAP_NO_LIMIT ) { stoptime = op->o_time + op->ors_tlimit; } /* Handle a query for the base of this backend */ if ( be_issuffix( op->o_bd, &op->o_req_ndn ) ) { struct berval val; rs->sr_matched = op->o_req_dn.bv_val; if( op->ors_scope != LDAP_SCOPE_ONELEVEL ) { AttributeDescription *desc = NULL; char *next; Entry e = { 0 }; /* Create an entry corresponding to the base DN */ e.e_name.bv_val = ch_strdup( op->o_req_dn.bv_val ); e.e_name.bv_len = op->o_req_dn.bv_len; e.e_nname.bv_val = ch_strdup( op->o_req_ndn.bv_val ); e.e_nname.bv_len = op->o_req_ndn.bv_len; /* Use the first attribute of the DN * as an attribute within the entry itself. */ if( ldap_bv2rdn( &op->o_req_dn, &rdn, &next, LDAP_DN_FORMAT_LDAP ) ) { rs->sr_err = LDAP_INVALID_DN_SYNTAX; goto done; } if( slap_bv2ad( &rdn[0]->la_attr, &desc, &rs->sr_text )) { rs->sr_err = LDAP_NO_SUCH_OBJECT; ldap_rdnfree(rdn); goto done; } attr_merge_normalize_one( &e, desc, &rdn[0]->la_value, NULL ); ldap_rdnfree(rdn); rdn = NULL; /* Every entry needs an objectclass. We don't really * know if our hardcoded choice here agrees with the * DN that was configured for this backend, but it's * better than nothing. * * should be a configuratable item */ BER_BVSTR( &val, "organizationalUnit" ); attr_merge_one( &e, ad_objectClass, &val, NULL ); if ( test_filter( op, &e, op->ors_filter ) == LDAP_COMPARE_TRUE ) { rs->sr_entry = &e; rs->sr_attrs = op->ors_attrs; rs->sr_flags = REP_ENTRY_MODIFIABLE; send_search_entry( op, rs ); rs->sr_flags = 0; rs->sr_attrs = NULL; } entry_clean( &e ); } if ( op->ors_scope != LDAP_SCOPE_BASE ) { /* check all our "children" */ ldap_pvt_thread_mutex_lock( &passwd_mutex ); pw_start( op->o_bd ); for ( pw = getpwent(); pw != NULL; pw = getpwent() ) { Entry e = { 0 }; /* check for abandon */ if ( op->o_abandon ) { endpwent(); ldap_pvt_thread_mutex_unlock( &passwd_mutex ); return( SLAPD_ABANDON ); } /* check time limit */ if ( op->ors_tlimit != SLAP_NO_LIMIT && slap_get_time() > stoptime ) { send_ldap_error( op, rs, LDAP_TIMELIMIT_EXCEEDED, NULL ); endpwent(); ldap_pvt_thread_mutex_unlock( &passwd_mutex ); return( 0 ); } if ( pw2entry( op->o_bd, pw, &e ) ) { rs->sr_err = LDAP_OTHER; endpwent(); ldap_pvt_thread_mutex_unlock( &passwd_mutex ); goto done; } if ( test_filter( op, &e, op->ors_filter ) == LDAP_COMPARE_TRUE ) { /* check size limit */ if ( --op->ors_slimit == -1 ) { send_ldap_error( op, rs, LDAP_SIZELIMIT_EXCEEDED, NULL ); endpwent(); ldap_pvt_thread_mutex_unlock( &passwd_mutex ); return( 0 ); } rs->sr_entry = &e; rs->sr_attrs = op->ors_attrs; rs->sr_flags = REP_ENTRY_MODIFIABLE; send_search_entry( op, rs ); rs->sr_flags = 0; rs->sr_entry = NULL; } entry_clean( &e ); } endpwent(); ldap_pvt_thread_mutex_unlock( &passwd_mutex ); } } else { char *next; Entry e = { 0 }; int rc; if (! be_issuffix( op->o_bd, &op->o_req_ndn ) ) { dnParent( &op->o_req_ndn, &parent ); } /* This backend is only one layer deep. Don't answer requests for * anything deeper than that. */ if( !be_issuffix( op->o_bd, &parent ) ) { int i; for( i=0; op->o_bd->be_nsuffix[i].bv_val != NULL; i++ ) { if( dnIsSuffix( &op->o_req_ndn, &op->o_bd->be_nsuffix[i] ) ) { rs->sr_matched = op->o_bd->be_suffix[i].bv_val; break; } } rs->sr_err = LDAP_NO_SUCH_OBJECT; goto done; } if( op->ors_scope == LDAP_SCOPE_ONELEVEL ) { goto done; } if ( ldap_bv2rdn( &op->o_req_dn, &rdn, &next, LDAP_DN_FORMAT_LDAP )) { rs->sr_err = LDAP_OTHER; goto done; } ldap_pvt_thread_mutex_lock( &passwd_mutex ); pw_start( op->o_bd ); pw = getpwnam( rdn[0]->la_value.bv_val ); if ( pw == NULL ) { rs->sr_matched = parent.bv_val; rs->sr_err = LDAP_NO_SUCH_OBJECT; ldap_pvt_thread_mutex_unlock( &passwd_mutex ); goto done; } rc = pw2entry( op->o_bd, pw, &e ); ldap_pvt_thread_mutex_unlock( &passwd_mutex ); if ( rc ) { rs->sr_err = LDAP_OTHER; goto done; } if ( test_filter( op, &e, op->ors_filter ) == LDAP_COMPARE_TRUE ) { rs->sr_entry = &e; rs->sr_attrs = op->ors_attrs; rs->sr_flags = REP_ENTRY_MODIFIABLE; send_search_entry( op, rs ); rs->sr_flags = 0; rs->sr_entry = NULL; rs->sr_attrs = NULL; } entry_clean( &e ); } done: if( rs->sr_err != LDAP_NO_SUCH_OBJECT ) rs->sr_matched = NULL; send_ldap_result( op, rs ); if( rdn != NULL ) ldap_rdnfree( rdn ); return( 0 ); }
int backsql_modrdn( Operation *op, SlapReply *rs ) { backsql_info *bi = (backsql_info*)op->o_bd->be_private; SQLHDBC dbh = SQL_NULL_HDBC; SQLHSTMT sth = SQL_NULL_HSTMT; RETCODE rc; backsql_entryID e_id = BACKSQL_ENTRYID_INIT, n_id = BACKSQL_ENTRYID_INIT; backsql_srch_info bsi = { 0 }; backsql_oc_map_rec *oc = NULL; struct berval pdn = BER_BVNULL, pndn = BER_BVNULL, *new_pdn = NULL, *new_npdn = NULL, new_dn = BER_BVNULL, new_ndn = BER_BVNULL, realnew_dn = BER_BVNULL; Entry r = { 0 }, p = { 0 }, n = { 0 }, *e = NULL; int manageDSAit = get_manageDSAit( op ); struct berval *newSuperior = op->oq_modrdn.rs_newSup; Debug( LDAP_DEBUG_TRACE, "==>backsql_modrdn() renaming entry \"%s\", " "newrdn=\"%s\", newSuperior=\"%s\"\n", op->o_req_dn.bv_val, op->oq_modrdn.rs_newrdn.bv_val, newSuperior ? newSuperior->bv_val : "(NULL)" ); rs->sr_err = backsql_get_db_conn( op, &dbh ); if ( rs->sr_err != LDAP_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): " "could not get connection handle - exiting\n" ); rs->sr_text = ( rs->sr_err == LDAP_OTHER ) ? "SQL-backend error" : NULL; e = NULL; goto done; } bsi.bsi_e = &r; rs->sr_err = backsql_init_search( &bsi, &op->o_req_ndn, LDAP_SCOPE_BASE, (time_t)(-1), NULL, dbh, op, rs, slap_anlist_all_attributes, ( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY | BACKSQL_ISF_GET_OC ) ); switch ( rs->sr_err ) { case LDAP_SUCCESS: break; case LDAP_REFERRAL: if ( manageDSAit && !BER_BVISNULL( &bsi.bsi_e->e_nname ) && dn_match( &op->o_req_ndn, &bsi.bsi_e->e_nname ) ) { rs->sr_err = LDAP_SUCCESS; rs->sr_text = NULL; rs->sr_matched = NULL; if ( rs->sr_ref ) { ber_bvarray_free( rs->sr_ref ); rs->sr_ref = NULL; } break; } e = &r; /* fallthru */ default: Debug( LDAP_DEBUG_TRACE, "backsql_modrdn(): " "could not retrieve modrdnDN ID - no such entry\n" ); if ( !BER_BVISNULL( &r.e_nname ) ) { /* FIXME: should always be true! */ e = &r; } else { e = NULL; } goto done; } Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): entry id=" BACKSQL_IDFMT "\n", BACKSQL_IDARG(e_id.eid_id) ); if ( get_assert( op ) && ( test_filter( op, &r, get_assertion( op ) ) != LDAP_COMPARE_TRUE ) ) { rs->sr_err = LDAP_ASSERTION_FAILED; e = &r; goto done; } if ( backsql_has_children( op, dbh, &op->o_req_ndn ) == LDAP_COMPARE_TRUE ) { Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): " "entry \"%s\" has children\n", op->o_req_dn.bv_val ); rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF; rs->sr_text = "subtree rename not supported"; e = &r; goto done; } /* * Check for entry access to target */ if ( !access_allowed( op, &r, slap_schema.si_ad_entry, NULL, ACL_WRITE, NULL ) ) { Debug( LDAP_DEBUG_TRACE, " no access to entry\n" ); rs->sr_err = LDAP_INSUFFICIENT_ACCESS; goto done; } dnParent( &op->o_req_dn, &pdn ); dnParent( &op->o_req_ndn, &pndn ); /* * namingContext "" is not supported */ if ( BER_BVISEMPTY( &pdn ) ) { Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): " "parent is \"\" - aborting\n" ); rs->sr_err = LDAP_UNWILLING_TO_PERFORM; rs->sr_text = "not allowed within namingContext"; e = NULL; goto done; } /* * Check for children access to parent */ bsi.bsi_e = &p; e_id = bsi.bsi_base_id; memset( &bsi.bsi_base_id, 0, sizeof( bsi.bsi_base_id ) ); rs->sr_err = backsql_init_search( &bsi, &pndn, LDAP_SCOPE_BASE, (time_t)(-1), NULL, dbh, op, rs, slap_anlist_all_attributes, BACKSQL_ISF_GET_ENTRY ); Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): old parent entry id is " BACKSQL_IDFMT "\n", BACKSQL_IDARG(bsi.bsi_base_id.eid_id) ); if ( rs->sr_err != LDAP_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, "backsql_modrdn(): " "could not retrieve renameDN ID - no such entry\n" ); e = &p; goto done; } if ( !access_allowed( op, &p, slap_schema.si_ad_children, NULL, newSuperior ? ACL_WDEL : ACL_WRITE, NULL ) ) { Debug( LDAP_DEBUG_TRACE, " no access to parent\n" ); rs->sr_err = LDAP_INSUFFICIENT_ACCESS; goto done; } if ( newSuperior ) { (void)backsql_free_entryID( &bsi.bsi_base_id, 0, op->o_tmpmemctx ); /* * namingContext "" is not supported */ if ( BER_BVISEMPTY( newSuperior ) ) { Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): " "newSuperior is \"\" - aborting\n" ); rs->sr_err = LDAP_UNWILLING_TO_PERFORM; rs->sr_text = "not allowed within namingContext"; e = NULL; goto done; } new_pdn = newSuperior; new_npdn = op->oq_modrdn.rs_nnewSup; /* * Check for children access to new parent */ bsi.bsi_e = &n; rs->sr_err = backsql_init_search( &bsi, new_npdn, LDAP_SCOPE_BASE, (time_t)(-1), NULL, dbh, op, rs, slap_anlist_all_attributes, ( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY ) ); if ( rs->sr_err != LDAP_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, "backsql_modrdn(): " "could not retrieve renameDN ID - no such entry\n" ); e = &n; goto done; } n_id = bsi.bsi_base_id; Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): new parent entry id=" BACKSQL_IDFMT "\n", BACKSQL_IDARG(n_id.eid_id) ); if ( !access_allowed( op, &n, slap_schema.si_ad_children, NULL, ACL_WADD, NULL ) ) { Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): " "no access to new parent \"%s\"\n", new_pdn->bv_val ); rs->sr_err = LDAP_INSUFFICIENT_ACCESS; e = &n; goto done; } } else { n_id = bsi.bsi_base_id; new_pdn = &pdn; new_npdn = &pndn; } memset( &bsi.bsi_base_id, 0, sizeof( bsi.bsi_base_id ) ); if ( newSuperior && dn_match( &pndn, new_npdn ) ) { Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): " "newSuperior is equal to old parent - ignored\n" ); newSuperior = NULL; } if ( newSuperior && dn_match( &op->o_req_ndn, new_npdn ) ) { Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): " "newSuperior is equal to entry being moved " "- aborting\n" ); rs->sr_err = LDAP_OTHER; rs->sr_text = "newSuperior is equal to old DN"; e = &r; goto done; } build_new_dn( &new_dn, new_pdn, &op->oq_modrdn.rs_newrdn, op->o_tmpmemctx ); build_new_dn( &new_ndn, new_npdn, &op->oq_modrdn.rs_nnewrdn, op->o_tmpmemctx ); Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): new entry dn is \"%s\"\n", new_dn.bv_val ); realnew_dn = new_dn; if ( backsql_api_dn2odbc( op, rs, &realnew_dn ) ) { Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(\"%s\"): " "backsql_api_dn2odbc(\"%s\") failed\n", op->o_req_dn.bv_val, realnew_dn.bv_val ); SQLFreeStmt( sth, SQL_DROP ); rs->sr_text = "SQL-backend error"; rs->sr_err = LDAP_OTHER; e = NULL; goto done; } Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): " "executing renentry_stmt\n" ); rc = backsql_Prepare( dbh, &sth, bi->sql_renentry_stmt, 0 ); if ( rc != SQL_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): " "error preparing renentry_stmt\n" ); backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc ); rs->sr_text = "SQL-backend error"; rs->sr_err = LDAP_OTHER; e = NULL; goto done; } rc = backsql_BindParamBerVal( sth, 1, SQL_PARAM_INPUT, &realnew_dn ); if ( rc != SQL_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): " "error binding DN parameter for objectClass %s\n", oc->bom_oc->soc_cname.bv_val ); backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc ); SQLFreeStmt( sth, SQL_DROP ); rs->sr_text = "SQL-backend error"; rs->sr_err = LDAP_OTHER; e = NULL; goto done; } rc = backsql_BindParamID( sth, 2, SQL_PARAM_INPUT, &n_id.eid_id ); if ( rc != SQL_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): " "error binding parent ID parameter for objectClass %s\n", oc->bom_oc->soc_cname.bv_val ); backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc ); SQLFreeStmt( sth, SQL_DROP ); rs->sr_text = "SQL-backend error"; rs->sr_err = LDAP_OTHER; e = NULL; goto done; } rc = backsql_BindParamID( sth, 3, SQL_PARAM_INPUT, &e_id.eid_keyval ); if ( rc != SQL_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): " "error binding entry ID parameter for objectClass %s\n", oc->bom_oc->soc_cname.bv_val ); backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc ); SQLFreeStmt( sth, SQL_DROP ); rs->sr_text = "SQL-backend error"; rs->sr_err = LDAP_OTHER; e = NULL; goto done; } rc = backsql_BindParamID( sth, 4, SQL_PARAM_INPUT, &e_id.eid_id ); if ( rc != SQL_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): " "error binding ID parameter for objectClass %s\n", oc->bom_oc->soc_cname.bv_val ); backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc ); SQLFreeStmt( sth, SQL_DROP ); rs->sr_text = "SQL-backend error"; rs->sr_err = LDAP_OTHER; e = NULL; goto done; } rc = SQLExecute( sth ); if ( rc != SQL_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): " "could not rename ldap_entries record\n" ); backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc ); SQLFreeStmt( sth, SQL_DROP ); rs->sr_err = LDAP_OTHER; rs->sr_text = "SQL-backend error"; e = NULL; goto done; } SQLFreeStmt( sth, SQL_DROP ); assert( op->orr_modlist != NULL ); slap_mods_opattrs( op, &op->orr_modlist, 1 ); assert( e_id.eid_oc != NULL ); oc = e_id.eid_oc; rs->sr_err = backsql_modify_internal( op, rs, dbh, oc, &e_id, op->orr_modlist ); slap_graduate_commit_csn( op ); if ( rs->sr_err != LDAP_SUCCESS ) { e = &r; goto done; } if ( BACKSQL_CHECK_SCHEMA( bi ) ) { char textbuf[ SLAP_TEXT_BUFLEN ] = { '\0' }; backsql_entry_clean( op, &r ); (void)backsql_free_entryID( &e_id, 0, op->o_tmpmemctx ); bsi.bsi_e = &r; rs->sr_err = backsql_init_search( &bsi, &new_ndn, LDAP_SCOPE_BASE, (time_t)(-1), NULL, dbh, op, rs, slap_anlist_all_attributes, ( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY ) ); switch ( rs->sr_err ) { case LDAP_SUCCESS: break; case LDAP_REFERRAL: if ( manageDSAit && !BER_BVISNULL( &bsi.bsi_e->e_nname ) && dn_match( &new_ndn, &bsi.bsi_e->e_nname ) ) { rs->sr_err = LDAP_SUCCESS; rs->sr_text = NULL; rs->sr_matched = NULL; if ( rs->sr_ref ) { ber_bvarray_free( rs->sr_ref ); rs->sr_ref = NULL; } break; } e = &r; /* fallthru */ default: Debug( LDAP_DEBUG_TRACE, "backsql_modrdn(): " "could not retrieve modrdnDN ID - no such entry\n" ); if ( !BER_BVISNULL( &r.e_nname ) ) { /* FIXME: should always be true! */ e = &r; } else { e = NULL; } goto done; } e_id = bsi.bsi_base_id; rs->sr_err = entry_schema_check( op, &r, NULL, 0, 0, NULL, &rs->sr_text, textbuf, sizeof( textbuf ) ); if ( rs->sr_err != LDAP_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(\"%s\"): " "entry failed schema check -- aborting\n", r.e_name.bv_val ); e = NULL; goto done; } } done:; if ( e != NULL ) { if ( !access_allowed( op, e, slap_schema.si_ad_entry, NULL, ACL_DISCLOSE, NULL ) ) { rs->sr_err = LDAP_NO_SUCH_OBJECT; rs->sr_text = NULL; rs->sr_matched = NULL; if ( rs->sr_ref ) { ber_bvarray_free( rs->sr_ref ); rs->sr_ref = NULL; } } } /* * Commit only if all operations succeed */ if ( sth != SQL_NULL_HSTMT ) { SQLUSMALLINT CompletionType = SQL_ROLLBACK; if ( rs->sr_err == LDAP_SUCCESS && !op->o_noop ) { CompletionType = SQL_COMMIT; } SQLTransact( SQL_NULL_HENV, dbh, CompletionType ); } if ( op->o_noop && rs->sr_err == LDAP_SUCCESS ) { rs->sr_err = LDAP_X_NO_OPERATION; } send_ldap_result( op, rs ); slap_graduate_commit_csn( op ); if ( !BER_BVISNULL( &realnew_dn ) && realnew_dn.bv_val != new_dn.bv_val ) { ch_free( realnew_dn.bv_val ); } if ( !BER_BVISNULL( &new_dn ) ) { slap_sl_free( new_dn.bv_val, op->o_tmpmemctx ); } if ( !BER_BVISNULL( &new_ndn ) ) { slap_sl_free( new_ndn.bv_val, op->o_tmpmemctx ); } if ( !BER_BVISNULL( &e_id.eid_ndn ) ) { (void)backsql_free_entryID( &e_id, 0, op->o_tmpmemctx ); } if ( !BER_BVISNULL( &n_id.eid_ndn ) ) { (void)backsql_free_entryID( &n_id, 0, op->o_tmpmemctx ); } if ( !BER_BVISNULL( &r.e_nname ) ) { backsql_entry_clean( op, &r ); } if ( !BER_BVISNULL( &p.e_nname ) ) { backsql_entry_clean( op, &p ); } if ( !BER_BVISNULL( &n.e_nname ) ) { backsql_entry_clean( op, &n ); } if ( rs->sr_ref ) { ber_bvarray_free( rs->sr_ref ); rs->sr_ref = NULL; } Debug( LDAP_DEBUG_TRACE, "<==backsql_modrdn()\n" ); return rs->sr_err; }
int bdb_add(Operation *op, SlapReply *rs ) { struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private; struct berval pdn; Entry *p = NULL, *oe = op->ora_e; EntryInfo *ei; char textbuf[SLAP_TEXT_BUFLEN]; size_t textlen = sizeof textbuf; AttributeDescription *children = slap_schema.si_ad_children; AttributeDescription *entry = slap_schema.si_ad_entry; DB_TXN *ltid = NULL, *lt2; ID eid = NOID; struct bdb_op_info opinfo = {{{ 0 }}}; int subentry; DB_LOCK lock; int num_retries = 0; int success; LDAPControl **postread_ctrl = NULL; LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS]; int num_ctrls = 0; #ifdef LDAP_X_TXN int settle = 0; #endif Debug(LDAP_DEBUG_ARGS, "==> " LDAP_XSTRING(bdb_add) ": %s\n", op->ora_e->e_name.bv_val, 0, 0); #ifdef LDAP_X_TXN if( op->o_txnSpec ) { /* acquire connection lock */ ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex ); if( op->o_conn->c_txn == CONN_TXN_INACTIVE ) { rs->sr_text = "invalid transaction identifier"; rs->sr_err = LDAP_X_TXN_ID_INVALID; goto txnReturn; } else if( op->o_conn->c_txn == CONN_TXN_SETTLE ) { settle=1; goto txnReturn; } if( op->o_conn->c_txn_backend == NULL ) { op->o_conn->c_txn_backend = op->o_bd; } else if( op->o_conn->c_txn_backend != op->o_bd ) { rs->sr_text = "transaction cannot span multiple database contexts"; rs->sr_err = LDAP_AFFECTS_MULTIPLE_DSAS; goto txnReturn; } /* insert operation into transaction */ rs->sr_text = "transaction specified"; rs->sr_err = LDAP_X_TXN_SPECIFY_OKAY; txnReturn: /* release connection lock */ ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex ); if( !settle ) { send_ldap_result( op, rs ); return rs->sr_err; } } #endif ctrls[num_ctrls] = 0; /* check entry's schema */ rs->sr_err = entry_schema_check( op, op->ora_e, NULL, get_relax(op), 1, NULL, &rs->sr_text, textbuf, textlen ); if ( rs->sr_err != LDAP_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_add) ": entry failed schema check: " "%s (%d)\n", rs->sr_text, rs->sr_err, 0 ); goto return_results; } /* add opattrs to shadow as well, only missing attrs will actually * be added; helps compatibility with older OL versions */ rs->sr_err = slap_add_opattrs( op, &rs->sr_text, textbuf, textlen, 1 ); if ( rs->sr_err != LDAP_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_add) ": entry failed op attrs add: " "%s (%d)\n", rs->sr_text, rs->sr_err, 0 ); goto return_results; } if ( get_assert( op ) && ( test_filter( op, op->ora_e, get_assertion( op )) != LDAP_COMPARE_TRUE )) { rs->sr_err = LDAP_ASSERTION_FAILED; goto return_results; } subentry = is_entry_subentry( op->ora_e ); if( 0 ) { retry: /* transaction retry */ if( p ) { /* free parent and reader lock */ if ( p != (Entry *)&slap_entry_root ) { bdb_unlocked_cache_return_entry_r( bdb, p ); } p = NULL; } rs->sr_err = TXN_ABORT( ltid ); ltid = NULL; LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next ); opinfo.boi_oe.oe_key = NULL; op->o_do_not_cache = opinfo.boi_acl_cache; if( rs->sr_err != 0 ) { rs->sr_err = LDAP_OTHER; rs->sr_text = "internal error"; goto return_results; } if ( op->o_abandon ) { rs->sr_err = SLAPD_ABANDON; goto return_results; } bdb_trans_backoff( ++num_retries ); } /* begin transaction */ rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, NULL, <id, bdb->bi_db_opflags ); rs->sr_text = NULL; if( rs->sr_err != 0 ) { Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_add) ": txn_begin failed: %s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 ); rs->sr_err = LDAP_OTHER; rs->sr_text = "internal error"; goto return_results; } Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_add) ": txn1 id: %x\n", ltid->id(ltid), 0, 0 ); opinfo.boi_oe.oe_key = bdb; opinfo.boi_txn = ltid; opinfo.boi_err = 0; opinfo.boi_acl_cache = op->o_do_not_cache; LDAP_SLIST_INSERT_HEAD( &op->o_extra, &opinfo.boi_oe, oe_next ); /* * Get the parent dn and see if the corresponding entry exists. */ if ( be_issuffix( op->o_bd, &op->ora_e->e_nname ) ) { pdn = slap_empty_bv; } else { dnParent( &op->ora_e->e_nname, &pdn ); } /* get entry or parent */ rs->sr_err = bdb_dn2entry( op, ltid, &op->ora_e->e_nname, &ei, 1, &lock ); switch( rs->sr_err ) { case 0: rs->sr_err = LDAP_ALREADY_EXISTS; goto return_results; case DB_NOTFOUND: break; case DB_LOCK_DEADLOCK: case DB_LOCK_NOTGRANTED: goto retry; case LDAP_BUSY: rs->sr_text = "ldap server busy"; goto return_results; default: rs->sr_err = LDAP_OTHER; rs->sr_text = "internal error"; goto return_results; } p = ei->bei_e; if ( !p ) p = (Entry *)&slap_entry_root; if ( !bvmatch( &pdn, &p->e_nname ) ) { rs->sr_matched = ber_strdup_x( p->e_name.bv_val, op->o_tmpmemctx ); rs->sr_ref = is_entry_referral( p ) ? get_entry_referrals( op, p ) : NULL; if ( p != (Entry *)&slap_entry_root ) bdb_unlocked_cache_return_entry_r( bdb, p ); p = NULL; Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_add) ": parent " "does not exist\n", 0, 0, 0 ); rs->sr_err = LDAP_REFERRAL; rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED; goto return_results; } rs->sr_err = access_allowed( op, p, children, NULL, ACL_WADD, NULL ); if ( ! rs->sr_err ) { switch( opinfo.boi_err ) { case DB_LOCK_DEADLOCK: case DB_LOCK_NOTGRANTED: goto retry; } if ( p != (Entry *)&slap_entry_root ) bdb_unlocked_cache_return_entry_r( bdb, p ); p = NULL; Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_add) ": no write access to parent\n", 0, 0, 0 ); rs->sr_err = LDAP_INSUFFICIENT_ACCESS; rs->sr_text = "no write access to parent"; goto return_results;; } if ( p != (Entry *)&slap_entry_root ) { if ( is_entry_subentry( p ) ) { bdb_unlocked_cache_return_entry_r( bdb, p ); p = NULL; /* parent is a subentry, don't allow add */ Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_add) ": parent is subentry\n", 0, 0, 0 ); rs->sr_err = LDAP_OBJECT_CLASS_VIOLATION; rs->sr_text = "parent is a subentry"; goto return_results;; } if ( is_entry_alias( p ) ) { bdb_unlocked_cache_return_entry_r( bdb, p ); p = NULL; /* parent is an alias, don't allow add */ Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_add) ": parent is alias\n", 0, 0, 0 ); rs->sr_err = LDAP_ALIAS_PROBLEM; rs->sr_text = "parent is an alias"; goto return_results;; } if ( is_entry_referral( p ) ) { /* parent is a referral, don't allow add */ rs->sr_matched = ber_strdup_x( p->e_name.bv_val, op->o_tmpmemctx ); rs->sr_ref = get_entry_referrals( op, p ); bdb_unlocked_cache_return_entry_r( bdb, p ); p = NULL; Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_add) ": parent is referral\n", 0, 0, 0 ); rs->sr_err = LDAP_REFERRAL; rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED; goto return_results; } } if ( subentry ) { /* FIXME: */ /* parent must be an administrative point of the required kind */ } /* free parent and reader lock */ if ( p != (Entry *)&slap_entry_root ) { if ( p->e_nname.bv_len ) { struct berval ppdn; /* ITS#5326: use parent's DN if differs from provided one */ dnParent( &op->ora_e->e_name, &ppdn ); if ( !dn_match( &p->e_name, &ppdn ) ) { struct berval rdn; struct berval newdn; dnRdn( &op->ora_e->e_name, &rdn ); build_new_dn( &newdn, &p->e_name, &rdn, NULL ); if ( op->ora_e->e_name.bv_val != op->o_req_dn.bv_val ) ber_memfree( op->ora_e->e_name.bv_val ); op->ora_e->e_name = newdn; /* FIXME: should check whether * dnNormalize(newdn) == e->e_nname ... */ } } bdb_unlocked_cache_return_entry_r( bdb, p ); } p = NULL; rs->sr_err = access_allowed( op, op->ora_e, entry, NULL, ACL_WADD, NULL ); if ( ! rs->sr_err ) { switch( opinfo.boi_err ) { case DB_LOCK_DEADLOCK: case DB_LOCK_NOTGRANTED: goto retry; } Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_add) ": no write access to entry\n", 0, 0, 0 ); rs->sr_err = LDAP_INSUFFICIENT_ACCESS; rs->sr_text = "no write access to entry"; goto return_results;; } /* * Check ACL for attribute write access */ if (!acl_check_modlist(op, oe, op->ora_modlist)) { switch( opinfo.boi_err ) { case DB_LOCK_DEADLOCK: case DB_LOCK_NOTGRANTED: goto retry; } Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_add) ": no write access to attribute\n", 0, 0, 0 ); rs->sr_err = LDAP_INSUFFICIENT_ACCESS; rs->sr_text = "no write access to attribute"; goto return_results;; } if ( eid == NOID ) { rs->sr_err = bdb_next_id( op->o_bd, &eid ); if( rs->sr_err != 0 ) { Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_add) ": next_id failed (%d)\n", rs->sr_err, 0, 0 ); rs->sr_err = LDAP_OTHER; rs->sr_text = "internal error"; goto return_results; } op->ora_e->e_id = eid; } /* nested transaction */ rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, ltid, <2, bdb->bi_db_opflags ); rs->sr_text = NULL; if( rs->sr_err != 0 ) { Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_add) ": txn_begin(2) failed: " "%s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 ); rs->sr_err = LDAP_OTHER; rs->sr_text = "internal error"; goto return_results; } Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_add) ": txn2 id: %x\n", lt2->id(lt2), 0, 0 ); /* dn2id index */ rs->sr_err = bdb_dn2id_add( op, lt2, ei, op->ora_e ); if ( rs->sr_err != 0 ) { Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_add) ": dn2id_add failed: %s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 ); switch( rs->sr_err ) { case DB_LOCK_DEADLOCK: case DB_LOCK_NOTGRANTED: goto retry; case DB_KEYEXIST: rs->sr_err = LDAP_ALREADY_EXISTS; break; default: rs->sr_err = LDAP_OTHER; } goto return_results; } /* attribute indexes */ rs->sr_err = bdb_index_entry_add( op, lt2, op->ora_e ); if ( rs->sr_err != LDAP_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_add) ": index_entry_add failed\n", 0, 0, 0 ); switch( rs->sr_err ) { case DB_LOCK_DEADLOCK: case DB_LOCK_NOTGRANTED: goto retry; default: rs->sr_err = LDAP_OTHER; } rs->sr_text = "index generation failed"; goto return_results; } /* id2entry index */ rs->sr_err = bdb_id2entry_add( op->o_bd, lt2, op->ora_e ); if ( rs->sr_err != 0 ) { Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_add) ": id2entry_add failed\n", 0, 0, 0 ); switch( rs->sr_err ) { case DB_LOCK_DEADLOCK: case DB_LOCK_NOTGRANTED: goto retry; default: rs->sr_err = LDAP_OTHER; } rs->sr_text = "entry store failed"; goto return_results; } if ( TXN_COMMIT( lt2, 0 ) != 0 ) { rs->sr_err = LDAP_OTHER; rs->sr_text = "txn_commit(2) failed"; goto return_results; } /* post-read */ if( op->o_postread ) { if( postread_ctrl == NULL ) { postread_ctrl = &ctrls[num_ctrls++]; ctrls[num_ctrls] = NULL; } if ( slap_read_controls( op, rs, op->ora_e, &slap_post_read_bv, postread_ctrl ) ) { Debug( LDAP_DEBUG_TRACE, "<=- " LDAP_XSTRING(bdb_add) ": post-read " "failed!\n", 0, 0, 0 ); if ( op->o_postread & SLAP_CONTROL_CRITICAL ) { /* FIXME: is it correct to abort * operation if control fails? */ goto return_results; } } } if ( op->o_noop ) { if (( rs->sr_err=TXN_ABORT( ltid )) != 0 ) { rs->sr_text = "txn_abort (no-op) failed"; } else { rs->sr_err = LDAP_X_NO_OPERATION; ltid = NULL; goto return_results; } } else { struct berval nrdn; /* pick the RDN if not suffix; otherwise pick the entire DN */ if (pdn.bv_len) { nrdn.bv_val = op->ora_e->e_nname.bv_val; nrdn.bv_len = pdn.bv_val - op->ora_e->e_nname.bv_val - 1; } else { nrdn = op->ora_e->e_nname; } bdb_cache_add( bdb, ei, op->ora_e, &nrdn, ltid, &lock ); if(( rs->sr_err=TXN_COMMIT( ltid, 0 )) != 0 ) { rs->sr_text = "txn_commit failed"; } else { rs->sr_err = LDAP_SUCCESS; } } ltid = NULL; LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next ); opinfo.boi_oe.oe_key = NULL; if ( rs->sr_err != LDAP_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_add) ": %s : %s (%d)\n", rs->sr_text, db_strerror(rs->sr_err), rs->sr_err ); rs->sr_err = LDAP_OTHER; goto return_results; } Debug(LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_add) ": added%s id=%08lx dn=\"%s\"\n", op->o_noop ? " (no-op)" : "", op->ora_e->e_id, op->ora_e->e_dn ); rs->sr_text = NULL; if( num_ctrls ) rs->sr_ctrls = ctrls; return_results: success = rs->sr_err; send_ldap_result( op, rs ); if( ltid != NULL ) { TXN_ABORT( ltid ); } if ( opinfo.boi_oe.oe_key ) { LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next ); } if( success == LDAP_SUCCESS ) { /* We own the entry now, and it can be purged at will * Check to make sure it's the same entry we entered with. * Possibly a callback may have mucked with it, although * in general callbacks should treat the entry as read-only. */ bdb_cache_deref( oe->e_private ); if ( op->ora_e == oe ) op->ora_e = NULL; if ( bdb->bi_txn_cp_kbyte ) { TXN_CHECKPOINT( bdb->bi_dbenv, bdb->bi_txn_cp_kbyte, bdb->bi_txn_cp_min, 0 ); } } slap_graduate_commit_csn( op ); if( postread_ctrl != NULL && (*postread_ctrl) != NULL ) { slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx ); slap_sl_free( *postread_ctrl, op->o_tmpmemctx ); } return rs->sr_err; }
int slapcat( int argc, char **argv ) { ID id; int rc = EXIT_SUCCESS; Operation op = {0}; const char *progname = "slapcat"; int requestBSF; int doBSF = 0; slap_tool_init( progname, SLAPCAT, argc, argv ); requestBSF = ( sub_ndn.bv_len || filter ); #ifdef SIGPIPE (void) SIGNAL( SIGPIPE, slapcat_sig ); #endif #ifdef SIGHUP (void) SIGNAL( SIGHUP, slapcat_sig ); #endif (void) SIGNAL( SIGINT, slapcat_sig ); (void) SIGNAL( SIGTERM, slapcat_sig ); if( !be->be_entry_open || !be->be_entry_close || !( be->be_entry_first_x || be->be_entry_first ) || !be->be_entry_next || !be->be_entry_get ) { fprintf( stderr, "%s: database doesn't support necessary operations.\n", progname ); exit( EXIT_FAILURE ); } if( be->be_entry_open( be, 0 ) != 0 ) { fprintf( stderr, "%s: could not open database.\n", progname ); exit( EXIT_FAILURE ); } op.o_bd = be; if ( !requestBSF && be->be_entry_first ) { id = be->be_entry_first( be ); } else { if ( be->be_entry_first_x ) { id = be->be_entry_first_x( be, sub_ndn.bv_len ? &sub_ndn : NULL, scope, filter ); } else { assert( be->be_entry_first != NULL ); doBSF = 1; id = be->be_entry_first( be ); } } for ( ; id != NOID; id = be->be_entry_next( be ) ) { char *data; int len; Entry* e; if ( gotsig ) break; e = be->be_entry_get( be, id ); if ( e == NULL ) { printf("# no data for entry id=%08lx\n\n", (long) id ); rc = EXIT_FAILURE; if ( continuemode == 0 ) { break; } else if ( continuemode == 1 ) { continue; } /* this is a last resort: linearly scan all ids * trying to recover as much as possible (ITS#6482) */ while ( ++id != NOID ) { e = be->be_entry_get( be, id ); if ( e != NULL ) break; printf("# no data for entry id=%08lx\n\n", (long) id ); } if ( e == NULL ) break; } if ( doBSF ) { if ( sub_ndn.bv_len && !dnIsSuffixScope( &e->e_nname, &sub_ndn, scope ) ) { be_entry_release_r( &op, e ); continue; } if ( filter != NULL ) { int rc = test_filter( NULL, e, filter ); if ( rc != LDAP_COMPARE_TRUE ) { be_entry_release_r( &op, e ); continue; } } } if ( verbose ) { printf( "# id=%08lx\n", (long) id ); } data = entry2str( e, &len ); be_entry_release_r( &op, e ); if ( data == NULL ) { printf("# bad data for entry id=%08lx\n\n", (long) id ); rc = EXIT_FAILURE; if( continuemode ) continue; break; } if ( fputs( data, ldiffp->fp ) == EOF || fputs( "\n", ldiffp->fp ) == EOF ) { fprintf(stderr, "%s: error writing output.\n", progname); rc = EXIT_FAILURE; break; } } be->be_entry_close( be ); if ( slap_tool_destroy()) rc = EXIT_FAILURE; return rc; }
int dnssrv_back_search( Operation *op, SlapReply *rs ) { int i; int rc; char *domain = NULL; char *hostlist = NULL; char **hosts = NULL; char *refdn; struct berval nrefdn = BER_BVNULL; BerVarray urls = NULL; int manageDSAit; rs->sr_ref = NULL; if ( BER_BVISEMPTY( &op->o_req_ndn ) ) { /* FIXME: need some means to determine whether the database * is a glue instance; if we got here with empty DN, then * we passed this same test in dnssrv_back_referrals() */ if ( !SLAP_GLUE_INSTANCE( op->o_bd ) ) { rs->sr_err = LDAP_UNWILLING_TO_PERFORM; rs->sr_text = "DNS SRV operation upon null (empty) DN disallowed"; } else { rs->sr_err = LDAP_SUCCESS; } goto done; } manageDSAit = get_manageDSAit( op ); /* * FIXME: we may return a referral if manageDSAit is not set */ if ( !manageDSAit ) { send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, "manageDSAit must be set" ); goto done; } if( ldap_dn2domain( op->o_req_dn.bv_val, &domain ) || domain == NULL ) { rs->sr_err = LDAP_REFERRAL; rs->sr_ref = default_referral; send_ldap_result( op, rs ); rs->sr_ref = NULL; goto done; } Debug( LDAP_DEBUG_TRACE, "DNSSRV: dn=\"%s\" -> domain=\"%s\"\n", op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "", domain ); if( ( rc = ldap_domain2hostlist( domain, &hostlist ) ) ) { Debug( LDAP_DEBUG_TRACE, "DNSSRV: domain2hostlist returned %d\n", rc ); send_ldap_error( op, rs, LDAP_NO_SUCH_OBJECT, "no DNS SRV RR available for DN" ); goto done; } hosts = ldap_str2charray( hostlist, " " ); if( hosts == NULL ) { Debug( LDAP_DEBUG_TRACE, "DNSSRV: str2charray error\n" ); send_ldap_error( op, rs, LDAP_OTHER, "problem processing DNS SRV records for DN" ); goto done; } for( i=0; hosts[i] != NULL; i++) { struct berval url; url.bv_len = STRLENOF( "ldap://" ) + strlen(hosts[i]); url.bv_val = ch_malloc( url.bv_len + 1 ); strcpy( url.bv_val, "ldap://" ); strcpy( &url.bv_val[STRLENOF( "ldap://" )], hosts[i] ); if( ber_bvarray_add( &urls, &url ) < 0 ) { free( url.bv_val ); send_ldap_error( op, rs, LDAP_OTHER, "problem processing DNS SRV records for DN" ); goto done; } } Debug( LDAP_DEBUG_STATS, "%s DNSSRV p=%d dn=\"%s\" url=\"%s\"\n", op->o_log_prefix, op->o_protocol, op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "", urls[0].bv_val ); Debug( LDAP_DEBUG_TRACE, "DNSSRV: ManageDSAit scope=%d dn=\"%s\" -> url=\"%s\"\n", op->oq_search.rs_scope, op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "", urls[0].bv_val ); rc = ldap_domain2dn(domain, &refdn); if( rc != LDAP_SUCCESS ) { send_ldap_error( op, rs, LDAP_OTHER, "DNS SRV problem processing manageDSAit control" ); goto done; } else { struct berval bv; bv.bv_val = refdn; bv.bv_len = strlen( refdn ); rc = dnNormalize( 0, NULL, NULL, &bv, &nrefdn, op->o_tmpmemctx ); if( rc != LDAP_SUCCESS ) { send_ldap_error( op, rs, LDAP_OTHER, "DNS SRV problem processing manageDSAit control" ); goto done; } } if( !dn_match( &nrefdn, &op->o_req_ndn ) ) { /* requested dn is subordinate */ Debug( LDAP_DEBUG_TRACE, "DNSSRV: dn=\"%s\" subordinate to refdn=\"%s\"\n", op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "", refdn == NULL ? "" : refdn ); rs->sr_matched = refdn; rs->sr_err = LDAP_NO_SUCH_OBJECT; send_ldap_result( op, rs ); rs->sr_matched = NULL; } else if ( op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL ) { send_ldap_error( op, rs, LDAP_SUCCESS, NULL ); } else { Entry e = { 0 }; AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass; AttributeDescription *ad_ref = slap_schema.si_ad_ref; e.e_name.bv_val = ch_strdup( op->o_req_dn.bv_val ); e.e_name.bv_len = op->o_req_dn.bv_len; e.e_nname.bv_val = ch_strdup( op->o_req_ndn.bv_val ); e.e_nname.bv_len = op->o_req_ndn.bv_len; e.e_attrs = NULL; e.e_private = NULL; attr_merge_one( &e, ad_objectClass, &slap_schema.si_oc_referral->soc_cname, NULL ); attr_merge_one( &e, ad_objectClass, &slap_schema.si_oc_extensibleObject->soc_cname, NULL ); if ( ad_dc ) { char *p; struct berval bv; bv.bv_val = domain; p = strchr( bv.bv_val, '.' ); if ( p == bv.bv_val ) { bv.bv_len = 1; } else if ( p != NULL ) { bv.bv_len = p - bv.bv_val; } else { bv.bv_len = strlen( bv.bv_val ); } attr_merge_normalize_one( &e, ad_dc, &bv, NULL ); } if ( ad_associatedDomain ) { struct berval bv; ber_str2bv( domain, 0, 0, &bv ); attr_merge_normalize_one( &e, ad_associatedDomain, &bv, NULL ); } attr_merge_normalize_one( &e, ad_ref, urls, NULL ); rc = test_filter( op, &e, op->oq_search.rs_filter ); if( rc == LDAP_COMPARE_TRUE ) { rs->sr_entry = &e; rs->sr_attrs = op->oq_search.rs_attrs; rs->sr_flags = REP_ENTRY_MODIFIABLE; send_search_entry( op, rs ); rs->sr_entry = NULL; rs->sr_attrs = NULL; rs->sr_flags = 0; } entry_clean( &e ); rs->sr_err = LDAP_SUCCESS; send_ldap_result( op, rs ); } free( refdn ); if ( nrefdn.bv_val ) free( nrefdn.bv_val ); done: if( domain != NULL ) ch_free( domain ); if( hostlist != NULL ) ch_free( hostlist ); if( hosts != NULL ) ldap_charray_free( hosts ); if( urls != NULL ) ber_bvarray_free( urls ); return 0; }
int slapschema( int argc, char **argv ) { ID id; int rc = EXIT_SUCCESS; const char *progname = "slapschema"; Connection conn = { 0 }; OperationBuffer opbuf; Operation *op = NULL; void *thrctx; int requestBSF = 0; int doBSF = 0; slap_tool_init( progname, SLAPCAT, argc, argv ); requestBSF = ( sub_ndn.bv_len || filter ); #ifdef SIGPIPE (void) SIGNAL( SIGPIPE, slapcat_sig ); #endif #ifdef SIGHUP (void) SIGNAL( SIGHUP, slapcat_sig ); #endif (void) SIGNAL( SIGINT, slapcat_sig ); (void) SIGNAL( SIGTERM, slapcat_sig ); if( !be->be_entry_open || !be->be_entry_close || !( be->be_entry_first || be->be_entry_first_x ) || !be->be_entry_next || !be->be_entry_get ) { fprintf( stderr, "%s: database doesn't support necessary operations.\n", progname ); exit( EXIT_FAILURE ); } if( be->be_entry_open( be, 0 ) != 0 ) { fprintf( stderr, "%s: could not open database.\n", progname ); exit( EXIT_FAILURE ); } thrctx = ldap_pvt_thread_pool_context(); connection_fake_init( &conn, &opbuf, thrctx ); op = &opbuf.ob_op; op->o_tmpmemctx = NULL; op->o_bd = be; if ( !requestBSF && be->be_entry_first ) { id = be->be_entry_first( be ); } else { if ( be->be_entry_first_x ) { id = be->be_entry_first_x( be, sub_ndn.bv_len ? &sub_ndn : NULL, scope, filter ); } else { assert( be->be_entry_first != NULL ); doBSF = 1; id = be->be_entry_first( be ); } } for ( ; id != NOID; id = be->be_entry_next( be ) ) { Entry* e; char textbuf[SLAP_TEXT_BUFLEN]; size_t textlen = sizeof(textbuf); const char *text = NULL; if ( gotsig ) break; e = be->be_entry_get( be, id ); if ( e == NULL ) { printf("# no data for entry id=%08lx\n\n", (long) id ); rc = EXIT_FAILURE; if( continuemode ) continue; break; } if ( doBSF ) { if ( sub_ndn.bv_len && !dnIsSuffixScope( &e->e_nname, &sub_ndn, scope ) ) { be_entry_release_r( op, e ); continue; } if ( filter != NULL ) { int rc = test_filter( NULL, e, filter ); if ( rc != LDAP_COMPARE_TRUE ) { be_entry_release_r( op, e ); continue; } } } if( verbose ) { printf( "# id=%08lx\n", (long) id ); } rc = entry_schema_check( op, e, NULL, 0, 0, NULL, &text, textbuf, textlen ); if ( rc != LDAP_SUCCESS ) { fprintf( ldiffp->fp, "# (%d) %s%s%s\n", rc, ldap_err2string( rc ), text ? ": " : "", text ? text : "" ); fprintf( ldiffp->fp, "dn: %s\n\n", e->e_name.bv_val ); } be_entry_release_r( op, e ); } be->be_entry_close( be ); if ( slap_tool_destroy() ) rc = EXIT_FAILURE; return rc; }