/**
* \brief Calculates the smallest rectangle that will encompass the logo region.
*
* \param filter This image contains the logo around which the rectangle will
* will be fitted.
*
* The bounding rectangle is calculated by testing successive lines (from the four
* sides of the rectangle) until no more can be removed without removing logo
* pixels. The results are returned by reference to posx1, posy1, posx2, and
* posy2.
*/
static void calculate_bounding_rectangle(int * posx1, int * posy1, int * posx2, int * posy2, pgm_structure * filter)
{
int x; /* Temporary variables to run */
int y; /* through each row or column. */
int start_x;
int start_y;
int end_x = filter->width - 1;
int end_y = filter->height - 1;
int did_we_find_a_logo_pixel = 0;
/* Let's find the top bound first. */
for (start_x = 0; start_x < filter->width && !did_we_find_a_logo_pixel; start_x++)
{
for (y = 0; y < filter->height; y++)
{
did_we_find_a_logo_pixel |= test_filter(filter, start_x, y);
}
}
start_x--;
/* Now the bottom bound. */
did_we_find_a_logo_pixel = 0;
for (end_x = filter->width - 1; end_x > start_x && !did_we_find_a_logo_pixel; end_x--)
{
for (y = 0; y < filter->height; y++)
{
did_we_find_a_logo_pixel |= test_filter(filter, end_x, y);
}
}
end_x++;
/* Left bound. */
did_we_find_a_logo_pixel = 0;
for (start_y = 0; start_y < filter->height && !did_we_find_a_logo_pixel; start_y++)
{
for (x = 0; x < filter->width; x++)
{
did_we_find_a_logo_pixel |= test_filter(filter, x, start_y);
}
}
start_y--;
/* Right bound. */
did_we_find_a_logo_pixel = 0;
for (end_y = filter->height - 1; end_y > start_y && !did_we_find_a_logo_pixel; end_y--)
{
for (x = 0; x < filter->width; x++)
{
did_we_find_a_logo_pixel |= test_filter(filter, x, end_y);
}
}
end_y++;
*posx1 = start_x;
*posy1 = start_y;
*posx2 = end_x;
*posy2 = end_y;
return;
}
ifilter_iterator<Operator, List0>::ifilter_iterator(Operator _op,
List0 &_seq)
: op(_op), iter(_seq.begin()), iter_end(_seq.end())
{
if (!test_filter(std::is_same<types::none_type, Operator>()))
next_value();
}
int
main (int argc, char **argv)
{
int i;
camel_test_init(argc, argv);
camel_test_start("HTML Stream filtering");
for (i=0;i<100;i++) {
char inname[32], outname[32];
CamelMimeFilter *f;
struct stat st;
sprintf(inname, "data/html.%d.in", i);
sprintf(outname, "data/html.%d.out", i);
if (stat(inname, &st) == -1)
break;
f = camel_mime_filter_tohtml_new(CAMEL_MIME_FILTER_TOHTML_CONVERT_URLS, 0);
test_filter(f, inname, outname);
check_unref(f, 1);
}
camel_test_end();
return 0;
}
int slap_compare_entry(
Operation *op,
Entry *e,
AttributeAssertion *ava )
{
int rc = LDAP_COMPARE_FALSE;
Attribute *a;
if ( ! access_allowed( op, e,
ava->aa_desc, &ava->aa_value, ACL_COMPARE, NULL ) )
{
rc = LDAP_INSUFFICIENT_ACCESS;
goto done;
}
if ( get_assert( op ) &&
( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
{
rc = LDAP_ASSERTION_FAILED;
goto done;
}
a = attrs_find( e->e_attrs, ava->aa_desc );
if( a == NULL ) {
rc = LDAP_NO_SUCH_ATTRIBUTE;
goto done;
}
for(;
a != NULL;
a = attrs_find( a->a_next, ava->aa_desc ))
{
if (( ava->aa_desc != a->a_desc ) && ! access_allowed( op,
e, a->a_desc, &ava->aa_value, ACL_COMPARE, NULL ) )
{
rc = LDAP_INSUFFICIENT_ACCESS;
break;
}
if ( attr_valfind( a,
SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
&ava->aa_value, NULL, op->o_tmpmemctx ) == 0 )
{
rc = LDAP_COMPARE_TRUE;
break;
}
}
done:
if( rc != LDAP_COMPARE_TRUE && rc != LDAP_COMPARE_FALSE ) {
if ( ! access_allowed( op, e,
slap_schema.si_ad_entry, NULL, ACL_DISCLOSE, NULL ) )
{
rc = LDAP_NO_SUCH_OBJECT;
}
}
return rc;
}
void ifilter_iterator<Operator, List0>::next_value()
{
while (++iter != iter_end) {
if (test_filter(std::is_same<types::none_type, Operator>()))
return;
}
}
static void
pwdfile_search( struct ldop *op, FILE *ofp )
{
struct passwd *pw;
struct ldentry *entry;
int oneentry;
oneentry = ( strchr( op->ldop_dn, '@' ) != NULL );
for ( pw = getpwent(); pw != NULL; pw = getpwent()) {
if (( entry = pw2entry( op, pw )) != NULL ) {
if ( oneentry ) {
if ( strcasecmp( op->ldop_dn, entry->lde_dn ) == 0 ) {
write_entry( op, entry, ofp );
break;
}
} else if ( test_filter( op, entry ) == LDAP_COMPARE_TRUE ) {
write_entry( op, entry, ofp );
}
free_entry( entry );
}
}
endpwent();
write_result( ofp, LDAP_SUCCESS, NULL, NULL );
}
static int
test_filter_or(
Operation *op,
Entry *e,
Filter *flist )
{
Filter *f;
int rtn = LDAP_COMPARE_FALSE; /* False if empty */
Debug( LDAP_DEBUG_FILTER, "=> test_filter_or\n", 0, 0, 0 );
for ( f = flist; f != NULL; f = f->f_next ) {
int rc = test_filter( op, e, f );
if ( rc == LDAP_COMPARE_TRUE ) {
/* filter is True */
rtn = rc;
break;
}
if ( rc != LDAP_COMPARE_FALSE ) {
/* filter is Undefined unless later elements are True */
rtn = rc;
}
}
Debug( LDAP_DEBUG_FILTER, "<= test_filter_or %d\n", rtn, 0, 0 );
return rtn;
}
/*
** When adding a group, we first strip any existing members,
** and add all which match the filters ourselfs.
*/
static int
autogroup_add_entry( Operation *op, SlapReply *rs)
{
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
autogroup_info_t *agi = (autogroup_info_t *)on->on_bi.bi_private;
autogroup_def_t *agd = agi->agi_def;
autogroup_entry_t *age = agi->agi_entry;
autogroup_filter_t *agf;
int rc = 0;
Debug( LDAP_DEBUG_TRACE, "==> autogroup_add_entry <%s>\n",
op->ora_e->e_name.bv_val, 0, 0);
ldap_pvt_thread_mutex_lock( &agi->agi_mutex );
/* Check if it's a group. */
for ( ; agd ; agd = agd->agd_next ) {
if ( is_entry_objectclass_or_sub( op->ora_e, agd->agd_oc ) ) {
Modification mod;
const char *text = NULL;
char textbuf[1024];
mod.sm_op = LDAP_MOD_DELETE;
mod.sm_desc = agd->agd_member_ad;
mod.sm_type = agd->agd_member_ad->ad_cname;
mod.sm_values = NULL;
mod.sm_nvalues = NULL;
/* We don't want any member attributes added by the user. */
modify_delete_values( op->ora_e, &mod, /* permissive */ 1, &text, textbuf, sizeof( textbuf ) );
autogroup_add_group( op, agi, agd, op->ora_e, NULL, 1 , 0);
ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );
return SLAP_CB_CONTINUE;
}
}
for ( ; age ; age = age->age_next ) {
ldap_pvt_thread_mutex_lock( &age->age_mutex );
/* Check if any of the filters are the suffix to the entry DN.
If yes, we can test that filter against the entry. */
for ( agf = age->age_filter; agf ; agf = agf->agf_next ) {
if ( dnIsSuffix( &op->o_req_ndn, &agf->agf_ndn ) ) {
rc = test_filter( op, op->ora_e, agf->agf_filter );
if ( rc == LDAP_COMPARE_TRUE ) {
autogroup_add_member_to_group( op, &op->ora_e->e_name, &op->ora_e->e_nname, age );
break;
}
}
}
ldap_pvt_thread_mutex_unlock( &age->age_mutex );
}
ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );
return SLAP_CB_CONTINUE;
}
ifilter_iterator<ResultType, Operator, List0>::ifilter_iterator(Operator _op, List0 _seq) :
op(_op),
iter(const_cast<sequence_type&>(_seq).begin()),
iter_end(const_cast<sequence_type &>(_seq).end())
{
if (!test_filter(std::is_same<types::none_type, Operator>()))
next_value();
}
static int
constraint_check_restrict( Operation *op, constraint *c, Entry *e )
{
assert( c->restrict_lud != NULL );
if ( c->restrict_lud->lud_dn != NULL ) {
int diff = e->e_nname.bv_len - c->restrict_ndn.bv_len;
if ( diff < 0 ) {
return 0;
}
if ( c->restrict_lud->lud_scope == LDAP_SCOPE_BASE ) {
return bvmatch( &e->e_nname, &c->restrict_ndn );
}
if ( !dnIsSuffix( &e->e_nname, &c->restrict_ndn ) ) {
return 0;
}
if ( c->restrict_lud->lud_scope != LDAP_SCOPE_SUBTREE ) {
struct berval pdn;
if ( diff == 0 ) {
return 0;
}
dnParent( &e->e_nname, &pdn );
if ( c->restrict_lud->lud_scope == LDAP_SCOPE_ONELEVEL
&& pdn.bv_len != c->restrict_ndn.bv_len )
{
return 0;
}
}
}
if ( c->restrict_filter != NULL ) {
int rc;
struct berval save_dn = op->o_dn, save_ndn = op->o_ndn;
op->o_dn = op->o_bd->be_rootdn;
op->o_ndn = op->o_bd->be_rootndn;
rc = test_filter( op, e, c->restrict_filter );
op->o_dn = save_dn;
op->o_ndn = save_ndn;
if ( rc != LDAP_COMPARE_TRUE ) {
return 0;
}
}
return 1;
}
static int test_op(struct event_format *event,
struct filter_arg *arg, struct pevent_record *record)
{
switch (arg->op.type) {
case FILTER_OP_AND:
return test_filter(event, arg->op.left, record) &&
test_filter(event, arg->op.right, record);
case FILTER_OP_OR:
return test_filter(event, arg->op.left, record) ||
test_filter(event, arg->op.right, record);
case FILTER_OP_NOT:
return !test_filter(event, arg->op.right, record);
default:
/* ?? */
return 0;
}
}
void DeleteAllIndexes::run()
{
char string[BCTEXTLEN], string1[BCTEXTLEN], string2[BCTEXTLEN];
// prepare directory
strcpy(string1, pwindow->thread->preferences->index_directory);
FileSystem dir;
dir.update(pwindow->thread->preferences->index_directory);
dir.complete_path(string1);
// prepare filter
const char *filter1 = ".idx";
const char *filter2 = ".toc";
// pwindow->disable_window();
sprintf(string, _("Delete all indexes in %s?"), string1);
// QuestionWindow confirm(mwindow);
// confirm.create_objects(string, 0);
// int result = confirm.run_window();
int result = 0;
if(!result)
{
static int i, j, k;
for(i = 0; i < dir.dir_list.total; i++)
{
result = 1;
sprintf(string2, "%s%s", string1, dir.dir_list.values[i]->name);
// test filter
if(test_filter(string2, filter1) ||
test_filter(string2, filter2))
{
remove(string2);
printf("DeleteAllIndexes::run %s\n", string2);
}
}
}
pwindow->thread->redraw_indexes = 1;
// pwindow->enable_window();
}
/**
* \brief Our blurring function.
*
* \param vf Stores persistant data. In this function we are interested in the
* array of masks.
* \param value_out The properly blurred and delogoed pixel is outputted here.
* \param logo_mask Tells us which pixels are in the logo and which aren't.
* \param image The image that is having its logo removed.
* \param x x-coordinate of the pixel to blur.
* \param y y-coordinate of the pixel to blur.
* \param plane 0 = luma, 1 = blue chroma, 2 = red chroma (YUV).
*
* This function is the core of the filter. It takes a pixel that is inside the
* logo and blurs it. It does so by finding the average of all the pixels within
* the mask and outside of the logo.
*/
static void get_blur(const vf_instance_t * const vf, unsigned int * const value_out, const pgm_structure * const logo_mask,
const mp_image_t * const image, const int x, const int y, const int plane)
{
int mask_size; /* Mask size tells how large a circle to use. The radius is about (slightly larger than) mask size. */
/* Get values from vf->priv for faster dereferencing. */
int * * * mask = vf->priv->mask;
int start_posx, start_posy, end_posx, end_posy;
int i, j;
unsigned int accumulator = 0, divisor = 0;
const unsigned char * mask_read_position; /* What pixel we are reading out of the circular blur mask. */
const unsigned char * logo_mask_read_position; /* What pixel we are reading out of the filter image. */
/* Prepare our bounding rectangle and clip it if need be. */
mask_size = test_filter(logo_mask, x, y);
start_posx = max(0, x - mask_size);
start_posy = max(0, y - mask_size);
end_posx = min(image->width - 1, x + mask_size);
end_posy = min(image->height - 1, y + mask_size);
mask_read_position = image->planes[plane] + (image->stride[plane] * start_posy) + start_posx;
logo_mask_read_position = logo_mask->pixel + (start_posy * logo_mask->width) + start_posx;
for (j = start_posy; j <= end_posy; j++)
{
for (i = start_posx; i <= end_posx; i++)
{
if (!(*logo_mask_read_position) && mask[mask_size][i - start_posx][j - start_posy])
{ /* Check to see if this pixel is in the logo or not. Only use the pixel if it is not. */
accumulator += *mask_read_position;
divisor++;
}
mask_read_position++;
logo_mask_read_position++;
}
mask_read_position += (image->stride[plane] - ((end_posx + 1) - start_posx));
logo_mask_read_position += (logo_mask->width - ((end_posx + 1) - start_posx));
}
if (divisor == 0) /* This means that not a single pixel is outside of the logo, so we have no data. */
{ /* We should put some eye catching value here, to indicate the flaw to the user. */
*value_out = 255;
}
else /* Else we need to normalise the data using the divisor. */
{
*value_out = (accumulator + (divisor / 2)) / divisor; /* Divide, taking into account average rounding error. */
}
return;
}
static dynlist_info_t *
dynlist_is_dynlist_next( Operation *op, SlapReply *rs, dynlist_info_t *old_dli )
{
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
dynlist_info_t *dli;
Attribute *a;
if ( old_dli == NULL ) {
dli = (dynlist_info_t *)on->on_bi.bi_private;
} else {
dli = old_dli->dli_next;
}
a = attrs_find( rs->sr_entry->e_attrs, slap_schema.si_ad_objectClass );
if ( a == NULL ) {
/* FIXME: objectClass must be present; for non-storage
* backends, like back-ldap, it needs to be added
* to the requested attributes */
return NULL;
}
for ( ; dli; dli = dli->dli_next ) {
if ( dli->dli_lud != NULL ) {
/* check base and scope */
if ( !BER_BVISNULL( &dli->dli_uri_nbase )
&& !dnIsSuffixScope( &rs->sr_entry->e_nname,
&dli->dli_uri_nbase,
dli->dli_lud->lud_scope ) )
{
continue;
}
/* check filter */
if ( dli->dli_uri_filter && test_filter( op, rs->sr_entry, dli->dli_uri_filter ) != LDAP_COMPARE_TRUE ) {
continue;
}
}
if ( attr_valfind( a,
SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
&dli->dli_oc->soc_cname, NULL,
op->o_tmpmemctx ) == 0 )
{
return dli;
}
}
return NULL;
}
int get_test_set(int *test_set, int limit, const char *test,
struct test_list_t *tests)
{
int start, end;
int idx = 0;
if (test == NULL) {
/* Default: Run all tests. */
for (;idx < limit; idx++)
test_set[idx] = idx;
return (limit);
}
if (*test >= '0' && *test <= '9') {
const char *vp = test;
start = 0;
while (*vp >= '0' && *vp <= '9') {
start *= 10;
start += *vp - '0';
++vp;
}
if (*vp == '\0') {
end = start;
} else if (*vp == '-') {
++vp;
if (*vp == '\0') {
end = limit - 1;
} else {
end = 0;
while (*vp >= '0' && *vp <= '9') {
end *= 10;
end += *vp - '0';
++vp;
}
}
} else
return (-1);
if (start < 0 || end >= limit || start > end)
return (-1);
while (start <= end)
test_set[idx++] = start++;
} else {
for (start = 0; start < limit; ++start) {
const char *name = tests[start].name;
if (test_filter(test, name))
test_set[idx++] = start;
}
}
return ((idx == 0)?-1:idx);
}
static int
retcode_send_onelevel( Operation *op, SlapReply *rs )
{
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
retcode_t *rd = (retcode_t *)on->on_bi.bi_private;
retcode_item_t *rdi;
for ( rdi = rd->rd_item; rdi != NULL; rdi = rdi->rdi_next ) {
if ( op->o_abandon ) {
return rs->sr_err = SLAPD_ABANDON;
}
rs->sr_err = test_filter( op, &rdi->rdi_e, op->ors_filter );
if ( rs->sr_err == LDAP_COMPARE_TRUE ) {
/* safe default */
rs->sr_attrs = op->ors_attrs;
rs->sr_operational_attrs = NULL;
rs->sr_ctrls = NULL;
rs->sr_flags = 0;
rs->sr_err = LDAP_SUCCESS;
rs->sr_entry = &rdi->rdi_e;
rs->sr_err = send_search_entry( op, rs );
rs->sr_flags = 0;
rs->sr_entry = NULL;
rs->sr_attrs = NULL;
switch ( rs->sr_err ) {
case LDAP_UNAVAILABLE: /* connection closed */
rs->sr_err = LDAP_OTHER;
/* fallthru */
case LDAP_SIZELIMIT_EXCEEDED:
goto done;
}
}
rs->sr_err = LDAP_SUCCESS;
}
done:;
send_ldap_result( op, rs );
return rs->sr_err;
}
/**
* Performs code-generation for a map statement.
*/
int generate_map(Pool *pool, FILE *out, AstMap *p)
{
ListNode *line;
/* Match against the map: */
for (line = p->lines; line; line = line->next) {
AstMapLine *l = ast_to_map_line(line->d);
if (test_filter(l->filter, p->item)) {
CHECK(generate_code(pool, out, l->code));
return 1;
}
}
/* Nothing matched: */
fprintf(stderr, "error: Could not match item \"%s\" against map.\n",
string_copy(pool, p->item->name).p);
return 0;
}
int generate_for_item(Pool *pool, FILE *out, AstFor *p, ListNode *item, int *need_comma)
{
Scope *scope = scope_new(pool, p->scope);
ListBuilder code = list_builder_init(pool);
if (dynamic_ok(p->filter) &&
!test_filter(p->filter, ast_to_outline_item(item->d)))
return 1;
if (p->list && *need_comma)
CHECK(file_putc(out, ','));
*need_comma = 1;
scope_add(scope, pool, p->item, item->d);
CHECK(parse_code(pool, &p->code, scope, out_list_builder(&code)));
CHECK(generate_code(pool, out, code.first));
return 1;
}
/**
* pevent_filter_match - test if a record matches a filter
* @filter: filter struct with filter information
* @record: the record to test against the filter
*
* Returns:
* 1 - filter found for event and @record matches
* 0 - filter found for event and @record does not match
* -1 - no filter found for @record's event
* -2 - if no filters exist
*/
int pevent_filter_match(struct event_filter *filter,
struct pevent_record *record)
{
struct pevent *pevent = filter->pevent;
struct filter_type *filter_type;
int event_id;
if (!filter->filters)
return FILTER_NONE;
event_id = pevent_data_type(pevent, record);
filter_type = find_filter_type(filter, event_id);
if (!filter_type)
return FILTER_NOEXIST;
return test_filter(filter_type->event, filter_type->filter, record) ?
FILTER_MATCH : FILTER_MISS;
}
int
fe_op_search( Operation *op, SlapReply *rs )
{
BackendDB *bd = op->o_bd;
if ( op->ors_scope == LDAP_SCOPE_BASE ) {
Entry *entry = NULL;
if ( BER_BVISEMPTY( &op->o_req_ndn ) ) {
#ifdef LDAP_CONNECTIONLESS
/* Ignore LDAPv2 CLDAP Root DSE queries */
if (op->o_protocol == LDAP_VERSION2 && op->o_conn->c_is_udp) {
goto return_results;
}
#endif
/* check restrictions */
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto return_results;
}
rs->sr_err = root_dse_info( op->o_conn, &entry, &rs->sr_text );
} else if ( bvmatch( &op->o_req_ndn, &frontendDB->be_schemandn ) ) {
/* check restrictions */
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto return_results;
}
rs->sr_err = schema_info( &entry, &rs->sr_text );
}
if( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto return_results;
} else if ( entry != NULL ) {
if ( get_assert( op ) &&
( test_filter( op, entry, get_assertion( op )) != LDAP_COMPARE_TRUE )) {
rs->sr_err = LDAP_ASSERTION_FAILED;
goto fail1;
}
rs->sr_err = test_filter( op, entry, op->ors_filter );
if( rs->sr_err == LDAP_COMPARE_TRUE ) {
/* note: we set no limits because either
* no limit is specified, or at least 1
* is specified, and we're going to return
* at most one entry */
op->ors_slimit = SLAP_NO_LIMIT;
op->ors_tlimit = SLAP_NO_LIMIT;
rs->sr_entry = entry;
rs->sr_attrs = op->ors_attrs;
rs->sr_operational_attrs = NULL;
rs->sr_flags = 0;
send_search_entry( op, rs );
rs->sr_entry = NULL;
rs->sr_operational_attrs = NULL;
}
rs->sr_err = LDAP_SUCCESS;
fail1:
entry_free( entry );
send_ldap_result( op, rs );
goto return_results;
}
}
if( BER_BVISEMPTY( &op->o_req_ndn ) && !BER_BVISEMPTY( &default_search_nbase ) ) {
slap_sl_free( op->o_req_dn.bv_val, op->o_tmpmemctx );
slap_sl_free( op->o_req_ndn.bv_val, op->o_tmpmemctx );
ber_dupbv_x( &op->o_req_dn, &default_search_base, op->o_tmpmemctx );
ber_dupbv_x( &op->o_req_ndn, &default_search_nbase, op->o_tmpmemctx );
}
/*
* We could be serving multiple database backends. Select the
* appropriate one, or send a referral to our "referral server"
* if we don't hold it.
*/
op->o_bd = select_backend( &op->o_req_ndn, 1 );
if ( op->o_bd == NULL ) {
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, op->ors_scope );
if (!rs->sr_ref) rs->sr_ref = default_referral;
rs->sr_err = LDAP_REFERRAL;
op->o_bd = bd;
send_ldap_result( op, rs );
if (rs->sr_ref != default_referral)
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
goto return_results;
}
/* check restrictions */
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto return_results;
}
/* check for referrals */
if( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) {
goto return_results;
}
if ( SLAP_SHADOW(op->o_bd) && get_dontUseCopy(op) ) {
/* don't use shadow copy */
BerVarray defref = op->o_bd->be_update_refs
? op->o_bd->be_update_refs : default_referral;
if( defref != NULL ) {
rs->sr_ref = referral_rewrite( defref,
NULL, &op->o_req_dn, op->ors_scope );
if( !rs->sr_ref) rs->sr_ref = defref;
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
if (rs->sr_ref != defref) ber_bvarray_free( rs->sr_ref );
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"copy not used; no referral information available" );
}
} else if ( op->o_bd->be_search ) {
if ( limits_check( op, rs ) == 0 ) {
/* actually do the search and send the result(s) */
(op->o_bd->be_search)( op, rs );
}
/* else limits_check() sends error */
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported within namingContext" );
}
return_results:;
op->o_bd = bd;
return rs->sr_err;
}
int
mdb_search( Operation *op, SlapReply *rs )
{
struct mdb_info *mdb = (struct mdb_info *) op->o_bd->be_private;
ID id, cursor, nsubs, ncand, cscope;
ID lastid = NOID;
ID candidates[MDB_IDL_UM_SIZE];
ID iscopes[MDB_IDL_DB_SIZE];
ID2 *scopes;
void *stack;
Entry *e = NULL, *base = NULL;
Entry *matched = NULL;
AttributeName *attrs;
slap_mask_t mask;
time_t stoptime;
int manageDSAit;
int tentries = 0;
IdScopes isc;
MDB_cursor *mci, *mcd;
ww_ctx wwctx;
slap_callback cb = { 0 };
mdb_op_info opinfo = {{{0}}}, *moi = &opinfo;
MDB_txn *ltid = NULL;
Debug( LDAP_DEBUG_TRACE, "=> " LDAP_XSTRING(mdb_search) "\n", 0, 0, 0);
attrs = op->oq_search.rs_attrs;
manageDSAit = get_manageDSAit( op );
rs->sr_err = mdb_opinfo_get( op, mdb, 1, &moi );
switch(rs->sr_err) {
case 0:
break;
default:
send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
return rs->sr_err;
}
ltid = moi->moi_txn;
rs->sr_err = mdb_cursor_open( ltid, mdb->mi_id2entry, &mci );
if ( rs->sr_err ) {
send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
return rs->sr_err;
}
rs->sr_err = mdb_cursor_open( ltid, mdb->mi_dn2id, &mcd );
if ( rs->sr_err ) {
mdb_cursor_close( mci );
send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
return rs->sr_err;
}
scopes = scope_chunk_get( op );
stack = search_stack( op );
isc.mt = ltid;
isc.mc = mcd;
isc.scopes = scopes;
isc.oscope = op->ors_scope;
isc.sctmp = stack;
if ( op->ors_deref & LDAP_DEREF_FINDING ) {
MDB_IDL_ZERO(candidates);
}
dn2entry_retry:
/* get entry with reader lock */
rs->sr_err = mdb_dn2entry( op, ltid, mcd, &op->o_req_ndn, &e, &nsubs, 1 );
switch(rs->sr_err) {
case MDB_NOTFOUND:
matched = e;
e = NULL;
break;
case 0:
break;
case LDAP_BUSY:
send_ldap_error( op, rs, LDAP_BUSY, "ldap server busy" );
goto done;
default:
send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
goto done;
}
if ( op->ors_deref & LDAP_DEREF_FINDING ) {
if ( matched && is_entry_alias( matched )) {
struct berval stub;
stub.bv_val = op->o_req_ndn.bv_val;
stub.bv_len = op->o_req_ndn.bv_len - matched->e_nname.bv_len - 1;
e = deref_base( op, rs, matched, &matched, ltid,
candidates, NULL );
if ( e ) {
build_new_dn( &op->o_req_ndn, &e->e_nname, &stub,
op->o_tmpmemctx );
mdb_entry_return(op, e);
matched = NULL;
goto dn2entry_retry;
}
} else if ( e && is_entry_alias( e )) {
e = deref_base( op, rs, e, &matched, ltid,
candidates, NULL );
}
}
if ( e == NULL ) {
struct berval matched_dn = BER_BVNULL;
if ( matched != NULL ) {
BerVarray erefs = NULL;
/* return referral only if "disclose"
* is granted on the object */
if ( ! access_allowed( op, matched,
slap_schema.si_ad_entry,
NULL, ACL_DISCLOSE, NULL ) )
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
} else {
ber_dupbv( &matched_dn, &matched->e_name );
erefs = is_entry_referral( matched )
? get_entry_referrals( op, matched )
: NULL;
if ( rs->sr_err == MDB_NOTFOUND )
rs->sr_err = LDAP_REFERRAL;
rs->sr_matched = matched_dn.bv_val;
}
mdb_entry_return(op, matched);
matched = NULL;
if ( erefs ) {
rs->sr_ref = referral_rewrite( erefs, &matched_dn,
&op->o_req_dn, op->oq_search.rs_scope );
ber_bvarray_free( erefs );
}
} else {
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, op->oq_search.rs_scope );
rs->sr_err = rs->sr_ref != NULL ? LDAP_REFERRAL : LDAP_NO_SUCH_OBJECT;
}
send_ldap_result( op, rs );
if ( rs->sr_ref ) {
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
}
if ( !BER_BVISNULL( &matched_dn ) ) {
ber_memfree( matched_dn.bv_val );
rs->sr_matched = NULL;
}
goto done;
}
/* NOTE: __NEW__ "search" access is required
* on searchBase object */
if ( ! access_allowed_mask( op, e, slap_schema.si_ad_entry,
NULL, ACL_SEARCH, NULL, &mask ) )
{
if ( !ACL_GRANT( mask, ACL_DISCLOSE ) ) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
} else {
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
}
mdb_entry_return( op,e);
send_ldap_result( op, rs );
goto done;
}
if ( !manageDSAit && is_entry_referral( e ) ) {
/* entry is a referral */
struct berval matched_dn = BER_BVNULL;
BerVarray erefs = NULL;
ber_dupbv( &matched_dn, &e->e_name );
erefs = get_entry_referrals( op, e );
rs->sr_err = LDAP_REFERRAL;
mdb_entry_return( op, e );
e = NULL;
if ( erefs ) {
rs->sr_ref = referral_rewrite( erefs, &matched_dn,
&op->o_req_dn, op->oq_search.rs_scope );
ber_bvarray_free( erefs );
if ( !rs->sr_ref ) {
rs->sr_text = "bad_referral object";
}
}
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_search) ": entry is referral\n",
0, 0, 0 );
rs->sr_matched = matched_dn.bv_val;
send_ldap_result( op, rs );
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
ber_memfree( matched_dn.bv_val );
rs->sr_matched = NULL;
goto done;
}
if ( get_assert( op ) &&
( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
{
rs->sr_err = LDAP_ASSERTION_FAILED;
mdb_entry_return( op,e);
send_ldap_result( op, rs );
goto done;
}
/* compute it anyway; root does not use it */
stoptime = op->o_time + op->ors_tlimit;
base = e;
e = NULL;
/* select candidates */
if ( op->oq_search.rs_scope == LDAP_SCOPE_BASE ) {
rs->sr_err = base_candidate( op->o_bd, base, candidates );
scopes[0].mid = 0;
ncand = 1;
} else {
if ( op->ors_scope == LDAP_SCOPE_ONELEVEL ) {
size_t nkids;
MDB_val key, data;
key.mv_data = &base->e_id;
key.mv_size = sizeof( ID );
mdb_cursor_get( mcd, &key, &data, MDB_SET );
mdb_cursor_count( mcd, &nkids );
nsubs = nkids - 1;
} else if ( !base->e_id ) {
/* we don't maintain nsubs for entryID 0.
* just grab entry count from id2entry stat
*/
MDB_stat ms;
mdb_stat( ltid, mdb->mi_id2entry, &ms );
nsubs = ms.ms_entries;
}
MDB_IDL_ZERO( candidates );
scopes[0].mid = 1;
scopes[1].mid = base->e_id;
scopes[1].mval.mv_data = NULL;
rs->sr_err = search_candidates( op, rs, base,
&isc, mci, candidates, stack );
ncand = MDB_IDL_N( candidates );
if ( !base->e_id || ncand == NOID ) {
/* grab entry count from id2entry stat
*/
MDB_stat ms;
mdb_stat( ltid, mdb->mi_id2entry, &ms );
if ( !base->e_id )
nsubs = ms.ms_entries;
if ( ncand == NOID )
ncand = ms.ms_entries;
}
}
/* start cursor at beginning of candidates.
*/
cursor = 0;
if ( candidates[0] == 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_search) ": no candidates\n",
0, 0, 0 );
goto nochange;
}
/* if not root and candidates exceed to-be-checked entries, abort */
if ( op->ors_limit /* isroot == FALSE */ &&
op->ors_limit->lms_s_unchecked != -1 &&
ncand > (unsigned) op->ors_limit->lms_s_unchecked )
{
rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
send_ldap_result( op, rs );
rs->sr_err = LDAP_SUCCESS;
goto done;
}
if ( op->ors_limit == NULL /* isroot == TRUE */ ||
!op->ors_limit->lms_s_pr_hide )
{
tentries = ncand;
}
wwctx.flag = 0;
/* If we're running in our own read txn */
if ( moi == &opinfo ) {
cb.sc_writewait = mdb_writewait;
cb.sc_private = &wwctx;
wwctx.txn = ltid;
wwctx.mcd = NULL;
cb.sc_next = op->o_callback;
op->o_callback = &cb;
}
if ( get_pagedresults( op ) > SLAP_CONTROL_IGNORED ) {
PagedResultsState *ps = op->o_pagedresults_state;
/* deferred cookie parsing */
rs->sr_err = parse_paged_cookie( op, rs );
if ( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto done;
}
cursor = (ID) ps->ps_cookie;
if ( cursor && ps->ps_size == 0 ) {
rs->sr_err = LDAP_SUCCESS;
rs->sr_text = "search abandoned by pagedResult size=0";
send_ldap_result( op, rs );
goto done;
}
id = mdb_idl_first( candidates, &cursor );
if ( id == NOID ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_search)
": no paged results candidates\n",
0, 0, 0 );
send_paged_response( op, rs, &lastid, 0 );
rs->sr_err = LDAP_OTHER;
goto done;
}
if ( id == (ID)ps->ps_cookie )
id = mdb_idl_next( candidates, &cursor );
nsubs = ncand; /* always bypass scope'd search */
goto loop_begin;
}
if ( nsubs < ncand ) {
int rc;
/* Do scope-based search */
/* if any alias scopes were set, save them */
if (scopes[0].mid > 1) {
cursor = 1;
for (cscope = 1; cscope <= scopes[0].mid; cscope++) {
/* Ignore the original base */
if (scopes[cscope].mid == base->e_id)
continue;
iscopes[cursor++] = scopes[cscope].mid;
}
iscopes[0] = scopes[0].mid - 1;
} else {
iscopes[0] = 0;
}
wwctx.mcd = mcd;
isc.id = base->e_id;
isc.numrdns = 0;
rc = mdb_dn2id_walk( op, &isc );
if ( rc )
id = NOID;
else
id = isc.id;
cscope = 0;
} else {
id = mdb_idl_first( candidates, &cursor );
}
while (id != NOID)
{
int scopeok;
MDB_val edata;
loop_begin:
/* check for abandon */
if ( op->o_abandon ) {
rs->sr_err = SLAPD_ABANDON;
send_ldap_result( op, rs );
goto done;
}
/* mostly needed by internal searches,
* e.g. related to syncrepl, for whom
* abandon does not get set... */
if ( slapd_shutdown ) {
rs->sr_err = LDAP_UNAVAILABLE;
send_ldap_disconnect( op, rs );
goto done;
}
/* check time limit */
if ( op->ors_tlimit != SLAP_NO_LIMIT
&& slap_get_time() > stoptime )
{
rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
rs->sr_ref = rs->sr_v2ref;
send_ldap_result( op, rs );
rs->sr_err = LDAP_SUCCESS;
goto done;
}
if ( nsubs < ncand ) {
unsigned i;
/* Is this entry in the candidate list? */
scopeok = 0;
if (MDB_IDL_IS_RANGE( candidates )) {
if ( id >= MDB_IDL_RANGE_FIRST( candidates ) &&
id <= MDB_IDL_RANGE_LAST( candidates ))
scopeok = 1;
} else {
i = mdb_idl_search( candidates, id );
if ( candidates[i] == id )
scopeok = 1;
}
if ( scopeok )
goto scopeok;
goto loop_continue;
}
/* Does this candidate actually satisfy the search scope?
*/
scopeok = 0;
isc.numrdns = 0;
switch( op->ors_scope ) {
case LDAP_SCOPE_BASE:
/* This is always true, yes? */
if ( id == base->e_id ) scopeok = 1;
break;
#ifdef LDAP_SCOPE_CHILDREN
case LDAP_SCOPE_CHILDREN:
if ( id == base->e_id ) break;
/* Fall-thru */
#endif
case LDAP_SCOPE_SUBTREE:
if ( id == base->e_id ) {
scopeok = 1;
break;
}
/* Fall-thru */
case LDAP_SCOPE_ONELEVEL:
isc.id = id;
isc.nscope = 0;
rs->sr_err = mdb_idscopes( op, &isc );
if ( rs->sr_err == MDB_SUCCESS ) {
if ( isc.nscope )
scopeok = 1;
} else {
if ( rs->sr_err == MDB_NOTFOUND )
goto notfound;
}
break;
}
/* Not in scope, ignore it */
if ( !scopeok )
{
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_search)
": %ld scope not okay\n",
(long) id, 0, 0 );
goto loop_continue;
}
scopeok:
if ( id == base->e_id ) {
e = base;
} else {
/* get the entry */
rs->sr_err = mdb_id2edata( op, mci, id, &edata );
if ( rs->sr_err == MDB_NOTFOUND ) {
notfound:
if( nsubs < ncand )
goto loop_continue;
if( !MDB_IDL_IS_RANGE(candidates) ) {
/* only complain for non-range IDLs */
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_search)
": candidate %ld not found\n",
(long) id, 0, 0 );
} else {
/* get the next ID from the DB */
rs->sr_err = mdb_get_nextid( mci, &cursor );
if ( rs->sr_err == MDB_NOTFOUND ) {
break;
}
if ( rs->sr_err ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error in get_nextid";
send_ldap_result( op, rs );
goto done;
}
cursor--;
}
goto loop_continue;
} else if ( rs->sr_err ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error in mdb_id2edata";
send_ldap_result( op, rs );
goto done;
}
rs->sr_err = mdb_entry_decode( op, ltid, &edata, &e );
if ( rs->sr_err ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error in mdb_entry_decode";
send_ldap_result( op, rs );
goto done;
}
e->e_id = id;
e->e_name.bv_val = NULL;
e->e_nname.bv_val = NULL;
}
if ( is_entry_subentry( e ) ) {
if( op->oq_search.rs_scope != LDAP_SCOPE_BASE ) {
if(!get_subentries_visibility( op )) {
/* only subentries are visible */
goto loop_continue;
}
} else if ( get_subentries( op ) &&
!get_subentries_visibility( op ))
{
/* only subentries are visible */
goto loop_continue;
}
} else if ( get_subentries_visibility( op )) {
/* only subentries are visible */
goto loop_continue;
}
/* aliases were already dereferenced in candidate list */
if ( op->ors_deref & LDAP_DEREF_SEARCHING ) {
/* but if the search base is an alias, and we didn't
* deref it when finding, return it.
*/
if ( is_entry_alias(e) &&
((op->ors_deref & LDAP_DEREF_FINDING) || e != base ))
{
goto loop_continue;
}
}
if ( !manageDSAit && is_entry_glue( e )) {
goto loop_continue;
}
if (e != base) {
struct berval pdn, pndn;
char *d, *n;
int i;
/* child of base, just append RDNs to base->e_name */
if ( nsubs < ncand || isc.scopes[isc.nscope].mid == base->e_id ) {
pdn = base->e_name;
pndn = base->e_nname;
} else {
mdb_id2name( op, ltid, &isc.mc, scopes[isc.nscope].mid, &pdn, &pndn );
}
e->e_name.bv_len = pdn.bv_len;
e->e_nname.bv_len = pndn.bv_len;
for (i=0; i<isc.numrdns; i++) {
e->e_name.bv_len += isc.rdns[i].bv_len + 1;
e->e_nname.bv_len += isc.nrdns[i].bv_len + 1;
}
e->e_name.bv_val = op->o_tmpalloc(e->e_name.bv_len + 1, op->o_tmpmemctx);
e->e_nname.bv_val = op->o_tmpalloc(e->e_nname.bv_len + 1, op->o_tmpmemctx);
d = e->e_name.bv_val;
n = e->e_nname.bv_val;
if (nsubs < ncand) {
/* RDNs are in top-down order */
for (i=isc.numrdns-1; i>=0; i--) {
memcpy(d, isc.rdns[i].bv_val, isc.rdns[i].bv_len);
d += isc.rdns[i].bv_len;
*d++ = ',';
memcpy(n, isc.nrdns[i].bv_val, isc.nrdns[i].bv_len);
n += isc.nrdns[i].bv_len;
*n++ = ',';
}
} else {
/* RDNs are in bottom-up order */
for (i=0; i<isc.numrdns; i++) {
memcpy(d, isc.rdns[i].bv_val, isc.rdns[i].bv_len);
d += isc.rdns[i].bv_len;
*d++ = ',';
memcpy(n, isc.nrdns[i].bv_val, isc.nrdns[i].bv_len);
n += isc.nrdns[i].bv_len;
*n++ = ',';
}
}
if (pdn.bv_len) {
memcpy(d, pdn.bv_val, pdn.bv_len+1);
memcpy(n, pndn.bv_val, pndn.bv_len+1);
} else {
*--d = '\0';
*--n = '\0';
e->e_name.bv_len--;
e->e_nname.bv_len--;
}
if (pndn.bv_val != base->e_nname.bv_val) {
op->o_tmpfree(pndn.bv_val, op->o_tmpmemctx);
op->o_tmpfree(pdn.bv_val, op->o_tmpmemctx);
}
}
/*
* if it's a referral, add it to the list of referrals. only do
* this for non-base searches, and don't check the filter
* explicitly here since it's only a candidate anyway.
*/
if ( !manageDSAit && op->oq_search.rs_scope != LDAP_SCOPE_BASE
&& is_entry_referral( e ) )
{
BerVarray erefs = get_entry_referrals( op, e );
rs->sr_ref = referral_rewrite( erefs, &e->e_name, NULL,
op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL
? LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE );
rs->sr_entry = e;
rs->sr_flags = 0;
send_search_reference( op, rs );
if (e != base)
mdb_entry_return( op, e );
rs->sr_entry = NULL;
e = NULL;
ber_bvarray_free( rs->sr_ref );
ber_bvarray_free( erefs );
rs->sr_ref = NULL;
if ( wwctx.flag ) {
rs->sr_err = mdb_waitfixup( op, &wwctx, mci, mcd );
if ( rs->sr_err ) {
send_ldap_result( op, rs );
goto done;
}
}
goto loop_continue;
}
/* if it matches the filter and scope, send it */
rs->sr_err = test_filter( op, e, op->oq_search.rs_filter );
if ( rs->sr_err == LDAP_COMPARE_TRUE ) {
/* check size limit */
if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) {
if ( rs->sr_nentries >= ((PagedResultsState *)op->o_pagedresults_state)->ps_size ) {
mdb_entry_return( op, e );
e = NULL;
send_paged_response( op, rs, &lastid, tentries );
goto done;
}
lastid = id;
}
if (e) {
/* safe default */
rs->sr_attrs = op->oq_search.rs_attrs;
rs->sr_operational_attrs = NULL;
rs->sr_ctrls = NULL;
rs->sr_entry = e;
RS_ASSERT( e->e_private != NULL );
rs->sr_flags = 0;
rs->sr_err = LDAP_SUCCESS;
rs->sr_err = send_search_entry( op, rs );
rs->sr_attrs = NULL;
rs->sr_entry = NULL;
if (e != base)
mdb_entry_return( op, e );
e = NULL;
switch ( rs->sr_err ) {
case LDAP_SUCCESS: /* entry sent ok */
break;
default: /* entry not sent */
break;
case LDAP_BUSY:
send_ldap_result( op, rs );
goto done;
case LDAP_UNAVAILABLE:
case LDAP_SIZELIMIT_EXCEEDED:
if ( rs->sr_err == LDAP_SIZELIMIT_EXCEEDED ) {
rs->sr_ref = rs->sr_v2ref;
send_ldap_result( op, rs );
rs->sr_err = LDAP_SUCCESS;
} else {
rs->sr_err = LDAP_OTHER;
}
goto done;
}
if ( wwctx.flag ) {
rs->sr_err = mdb_waitfixup( op, &wwctx, mci, mcd );
if ( rs->sr_err ) {
send_ldap_result( op, rs );
goto done;
}
}
}
} else {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_search)
": %ld does not match filter\n",
(long) id, 0, 0 );
}
loop_continue:
if( e != NULL ) {
if ( e != base )
mdb_entry_return( op, e );
RS_ASSERT( rs->sr_entry == NULL );
e = NULL;
rs->sr_entry = NULL;
}
if ( nsubs < ncand ) {
int rc = mdb_dn2id_walk( op, &isc );
if (rc) {
id = NOID;
/* We got to the end of a subtree. If there are any
* alias scopes left, search them too.
*/
while (iscopes[0] && cscope < iscopes[0]) {
cscope++;
isc.id = iscopes[cscope];
if ( base )
mdb_entry_return( op, base );
rs->sr_err = mdb_id2entry(op, mci, isc.id, &base);
if ( !rs->sr_err ) {
mdb_id2name( op, ltid, &isc.mc, isc.id, &base->e_name, &base->e_nname );
isc.numrdns = 0;
if (isc.oscope == LDAP_SCOPE_ONELEVEL)
isc.oscope = LDAP_SCOPE_BASE;
rc = mdb_dn2id_walk( op, &isc );
if ( !rc ) {
id = isc.id;
break;
}
}
}
} else
id = isc.id;
} else {
id = mdb_idl_next( candidates, &cursor );
}
}
nochange:
rs->sr_ctrls = NULL;
rs->sr_ref = rs->sr_v2ref;
rs->sr_err = (rs->sr_v2ref == NULL) ? LDAP_SUCCESS : LDAP_REFERRAL;
rs->sr_rspoid = NULL;
if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) {
send_paged_response( op, rs, NULL, 0 );
} else {
send_ldap_result( op, rs );
}
rs->sr_err = LDAP_SUCCESS;
done:
if ( cb.sc_private ) {
/* remove our writewait callback */
slap_callback **scp = &op->o_callback;
while ( *scp ) {
if ( *scp == &cb ) {
*scp = cb.sc_next;
cb.sc_private = NULL;
break;
}
}
}
mdb_cursor_close( mcd );
mdb_cursor_close( mci );
if ( moi == &opinfo ) {
mdb_txn_reset( moi->moi_txn );
LDAP_SLIST_REMOVE( &op->o_extra, &moi->moi_oe, OpExtra, oe_next );
} else {
moi->moi_ref--;
}
if( rs->sr_v2ref ) {
ber_bvarray_free( rs->sr_v2ref );
rs->sr_v2ref = NULL;
}
if (base)
mdb_entry_return( op, base );
scope_chunk_ret( op, scopes );
return rs->sr_err;
}
int
test_filter(
Operation *op,
Entry *e,
Filter *f )
{
int rc;
Debug( LDAP_DEBUG_FILTER, "=> test_filter\n", 0, 0, 0 );
if ( f->f_choice & SLAPD_FILTER_UNDEFINED ) {
Debug( LDAP_DEBUG_FILTER, " UNDEFINED\n", 0, 0, 0 );
rc = SLAPD_COMPARE_UNDEFINED;
goto out;
}
switch ( f->f_choice ) {
case SLAPD_FILTER_COMPUTED:
Debug( LDAP_DEBUG_FILTER, " COMPUTED %s (%d)\n",
f->f_result == LDAP_COMPARE_FALSE ? "false" :
f->f_result == LDAP_COMPARE_TRUE ? "true" :
f->f_result == SLAPD_COMPARE_UNDEFINED ? "undefined" : "error",
f->f_result, 0 );
rc = f->f_result;
break;
case LDAP_FILTER_EQUALITY:
Debug( LDAP_DEBUG_FILTER, " EQUALITY\n", 0, 0, 0 );
rc = test_ava_filter( op, e, f->f_ava, LDAP_FILTER_EQUALITY );
break;
case LDAP_FILTER_SUBSTRINGS:
Debug( LDAP_DEBUG_FILTER, " SUBSTRINGS\n", 0, 0, 0 );
rc = test_substrings_filter( op, e, f );
break;
case LDAP_FILTER_GE:
Debug( LDAP_DEBUG_FILTER, " GE\n", 0, 0, 0 );
rc = test_ava_filter( op, e, f->f_ava, LDAP_FILTER_GE );
break;
case LDAP_FILTER_LE:
Debug( LDAP_DEBUG_FILTER, " LE\n", 0, 0, 0 );
rc = test_ava_filter( op, e, f->f_ava, LDAP_FILTER_LE );
break;
case LDAP_FILTER_PRESENT:
Debug( LDAP_DEBUG_FILTER, " PRESENT\n", 0, 0, 0 );
rc = test_presence_filter( op, e, f->f_desc );
break;
case LDAP_FILTER_APPROX:
Debug( LDAP_DEBUG_FILTER, " APPROX\n", 0, 0, 0 );
rc = test_ava_filter( op, e, f->f_ava, LDAP_FILTER_APPROX );
break;
case LDAP_FILTER_AND:
Debug( LDAP_DEBUG_FILTER, " AND\n", 0, 0, 0 );
rc = test_filter_and( op, e, f->f_and );
break;
case LDAP_FILTER_OR:
Debug( LDAP_DEBUG_FILTER, " OR\n", 0, 0, 0 );
rc = test_filter_or( op, e, f->f_or );
break;
case LDAP_FILTER_NOT:
Debug( LDAP_DEBUG_FILTER, " NOT\n", 0, 0, 0 );
rc = test_filter( op, e, f->f_not );
/* Flip true to false and false to true
* but leave Undefined alone.
*/
switch( rc ) {
case LDAP_COMPARE_TRUE:
rc = LDAP_COMPARE_FALSE;
break;
case LDAP_COMPARE_FALSE:
rc = LDAP_COMPARE_TRUE;
break;
}
break;
case LDAP_FILTER_EXT:
Debug( LDAP_DEBUG_FILTER, " EXT\n", 0, 0, 0 );
rc = test_mra_filter( op, e, f->f_mra );
break;
default:
Debug( LDAP_DEBUG_ANY, " unknown filter type %lu\n",
f->f_choice, 0, 0 );
rc = LDAP_PROTOCOL_ERROR;
}
out:
Debug( LDAP_DEBUG_FILTER, "<= test_filter %d\n", rc, 0, 0 );
return( rc );
}
int
backsql_delete( Operation *op, SlapReply *rs )
{
SQLHDBC dbh = SQL_NULL_HDBC;
SQLHSTMT sth = SQL_NULL_HSTMT;
backsql_oc_map_rec *oc = NULL;
backsql_srch_info bsi = { 0 };
backsql_entryID e_id = { 0 };
Entry d = { 0 }, p = { 0 }, *e = NULL;
struct berval pdn = BER_BVNULL;
int manageDSAit = get_manageDSAit( op );
Debug( LDAP_DEBUG_TRACE, "==>backsql_delete(): deleting entry \"%s\"\n",
op->o_req_ndn.bv_val, 0, 0 );
rs->sr_err = backsql_get_db_conn( op, &dbh );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, " backsql_delete(): "
"could not get connection handle - exiting\n",
0, 0, 0 );
rs->sr_text = ( rs->sr_err == LDAP_OTHER )
? "SQL-backend error" : NULL;
e = NULL;
goto done;
}
/*
* Get the entry
*/
bsi.bsi_e = &d;
rs->sr_err = backsql_init_search( &bsi, &op->o_req_ndn,
LDAP_SCOPE_BASE,
(time_t)(-1), NULL, dbh, op, rs, slap_anlist_no_attrs,
( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY | BACKSQL_ISF_GET_OC ) );
switch ( rs->sr_err ) {
case LDAP_SUCCESS:
break;
case LDAP_REFERRAL:
if ( manageDSAit && !BER_BVISNULL( &bsi.bsi_e->e_nname ) &&
dn_match( &op->o_req_ndn, &bsi.bsi_e->e_nname ) )
{
rs->sr_err = LDAP_SUCCESS;
rs->sr_text = NULL;
rs->sr_matched = NULL;
if ( rs->sr_ref ) {
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
}
break;
}
e = &d;
/* fallthru */
default:
Debug( LDAP_DEBUG_TRACE, "backsql_delete(): "
"could not retrieve deleteDN ID - no such entry\n",
0, 0, 0 );
if ( !BER_BVISNULL( &d.e_nname ) ) {
/* FIXME: should always be true! */
e = &d;
} else {
e = NULL;
}
goto done;
}
if ( get_assert( op ) &&
( test_filter( op, &d, get_assertion( op ) )
!= LDAP_COMPARE_TRUE ) )
{
rs->sr_err = LDAP_ASSERTION_FAILED;
e = &d;
goto done;
}
if ( !access_allowed( op, &d, slap_schema.si_ad_entry,
NULL, ACL_WDEL, NULL ) )
{
Debug( LDAP_DEBUG_TRACE, " backsql_delete(): "
"no write access to entry\n",
0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
e = &d;
goto done;
}
rs->sr_err = backsql_has_children( op, dbh, &op->o_req_ndn );
switch ( rs->sr_err ) {
case LDAP_COMPARE_FALSE:
rs->sr_err = LDAP_SUCCESS;
break;
case LDAP_COMPARE_TRUE:
#ifdef SLAP_CONTROL_X_TREE_DELETE
if ( get_treeDelete( op ) ) {
rs->sr_err = LDAP_SUCCESS;
break;
}
#endif /* SLAP_CONTROL_X_TREE_DELETE */
Debug( LDAP_DEBUG_TRACE, " backsql_delete(): "
"entry \"%s\" has children\n",
op->o_req_dn.bv_val, 0, 0 );
rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF;
rs->sr_text = "subordinate objects must be deleted first";
/* fallthru */
default:
e = &d;
goto done;
}
assert( bsi.bsi_base_id.eid_oc != NULL );
oc = bsi.bsi_base_id.eid_oc;
if ( oc->bom_delete_proc == NULL ) {
Debug( LDAP_DEBUG_TRACE, " backsql_delete(): "
"delete procedure is not defined "
"for this objectclass - aborting\n", 0, 0, 0 );
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
rs->sr_text = "operation not permitted within namingContext";
e = NULL;
goto done;
}
/*
* Get the parent
*/
e_id = bsi.bsi_base_id;
memset( &bsi.bsi_base_id, 0, sizeof( bsi.bsi_base_id ) );
if ( !be_issuffix( op->o_bd, &op->o_req_ndn ) ) {
dnParent( &op->o_req_ndn, &pdn );
bsi.bsi_e = &p;
rs->sr_err = backsql_init_search( &bsi, &pdn,
LDAP_SCOPE_BASE,
(time_t)(-1), NULL, dbh, op, rs,
slap_anlist_no_attrs,
BACKSQL_ISF_GET_ENTRY );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, "backsql_delete(): "
"could not retrieve deleteDN ID "
"- no such entry\n",
0, 0, 0 );
e = &p;
goto done;
}
(void)backsql_free_entryID( &bsi.bsi_base_id, 0, op->o_tmpmemctx );
/* check parent for "children" acl */
if ( !access_allowed( op, &p, slap_schema.si_ad_children,
NULL, ACL_WDEL, NULL ) )
{
Debug( LDAP_DEBUG_TRACE, " backsql_delete(): "
"no write access to parent\n",
0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
e = &p;
goto done;
}
}
e = &d;
#ifdef SLAP_CONTROL_X_TREE_DELETE
if ( get_treeDelete( op ) ) {
backsql_tree_delete( op, rs, dbh, &sth );
if ( rs->sr_err == LDAP_OTHER || rs->sr_err == LDAP_SUCCESS )
{
e = NULL;
}
} else
#endif /* SLAP_CONTROL_X_TREE_DELETE */
{
backsql_delete_int( op, rs, dbh, &sth, &e_id, &e );
}
/*
* Commit only if all operations succeed
*/
if ( sth != SQL_NULL_HSTMT ) {
SQLUSMALLINT CompletionType = SQL_ROLLBACK;
if ( rs->sr_err == LDAP_SUCCESS && !op->o_noop ) {
assert( e == NULL );
CompletionType = SQL_COMMIT;
}
SQLTransact( SQL_NULL_HENV, dbh, CompletionType );
}
done:;
if ( e != NULL ) {
if ( !access_allowed( op, e, slap_schema.si_ad_entry, NULL,
ACL_DISCLOSE, NULL ) )
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
rs->sr_text = NULL;
rs->sr_matched = NULL;
if ( rs->sr_ref ) {
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
}
}
}
if ( op->o_noop && rs->sr_err == LDAP_SUCCESS ) {
rs->sr_err = LDAP_X_NO_OPERATION;
}
send_ldap_result( op, rs );
Debug( LDAP_DEBUG_TRACE, "<==backsql_delete()\n", 0, 0, 0 );
if ( !BER_BVISNULL( &e_id.eid_ndn ) ) {
(void)backsql_free_entryID( &e_id, 0, op->o_tmpmemctx );
}
if ( !BER_BVISNULL( &d.e_nname ) ) {
backsql_entry_clean( op, &d );
}
if ( !BER_BVISNULL( &p.e_nname ) ) {
backsql_entry_clean( op, &p );
}
if ( rs->sr_ref ) {
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
}
return rs->sr_err;
}
int
ndb_back_modify( Operation *op, SlapReply *rs )
{
struct ndb_info *ni = (struct ndb_info *) op->o_bd->be_private;
Entry e = {0};
int manageDSAit = get_manageDSAit( op );
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof textbuf;
int num_retries = 0;
NdbArgs NA;
NdbRdns rdns;
struct berval matched;
LDAPControl **preread_ctrl = NULL;
LDAPControl **postread_ctrl = NULL;
LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
int num_ctrls = 0;
Debug( LDAP_DEBUG_ARGS, LDAP_XSTRING(ndb_back_modify) ": %s\n",
op->o_req_dn.bv_val, 0, 0 );
ctrls[num_ctrls] = NULL;
slap_mods_opattrs( op, &op->orm_modlist, 1 );
e.e_name = op->o_req_dn;
e.e_nname = op->o_req_ndn;
/* Get our NDB handle */
rs->sr_err = ndb_thread_handle( op, &NA.ndb );
rdns.nr_num = 0;
NA.rdns = &rdns;
NA.e = &e;
if( 0 ) {
retry: /* transaction retry */
NA.txn->close();
NA.txn = NULL;
if( e.e_attrs ) {
attrs_free( e.e_attrs );
e.e_attrs = NULL;
}
Debug(LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_modify) ": retrying...\n", 0, 0, 0);
if ( op->o_abandon ) {
rs->sr_err = SLAPD_ABANDON;
goto return_results;
}
if ( NA.ocs ) {
ber_bvarray_free_x( NA.ocs, op->o_tmpmemctx );
}
ndb_trans_backoff( ++num_retries );
}
NA.ocs = NULL;
/* begin transaction */
NA.txn = NA.ndb->startTransaction();
rs->sr_text = NULL;
if( !NA.txn ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_modify) ": startTransaction failed: %s (%d)\n",
NA.ndb->getNdbError().message, NA.ndb->getNdbError().code, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
/* get entry or ancestor */
rs->sr_err = ndb_entry_get_info( op, &NA, 0, &matched );
switch( rs->sr_err ) {
case 0:
break;
case LDAP_NO_SUCH_OBJECT:
Debug( LDAP_DEBUG_ARGS,
"<=- ndb_back_modify: no such object %s\n",
op->o_req_dn.bv_val, 0, 0 );
rs->sr_matched = matched.bv_val;
if (NA.ocs )
ndb_check_referral( op, rs, &NA );
goto return_results;
#if 0
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
#endif
case LDAP_BUSY:
rs->sr_text = "ldap server busy";
goto return_results;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
/* acquire and lock entry */
rs->sr_err = ndb_entry_get_data( op, &NA, 1 );
if ( !manageDSAit && is_entry_referral( &e ) ) {
/* entry is a referral, don't allow modify */
rs->sr_ref = get_entry_referrals( op, &e );
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_modify) ": entry is referral\n",
0, 0, 0 );
rs->sr_err = LDAP_REFERRAL;
rs->sr_matched = e.e_name.bv_val;
rs->sr_flags = REP_REF_MUSTBEFREED;
goto return_results;
}
if ( get_assert( op ) &&
( test_filter( op, &e, (Filter*)get_assertion( op )) != LDAP_COMPARE_TRUE ))
{
rs->sr_err = LDAP_ASSERTION_FAILED;
goto return_results;
}
if( op->o_preread ) {
if( preread_ctrl == NULL ) {
preread_ctrl = &ctrls[num_ctrls++];
ctrls[num_ctrls] = NULL;
}
if ( slap_read_controls( op, rs, &e,
&slap_pre_read_bv, preread_ctrl ) )
{
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(ndb_back_modify) ": pre-read "
"failed!\n", 0, 0, 0 );
if ( op->o_preread & SLAP_CONTROL_CRITICAL ) {
/* FIXME: is it correct to abort
* operation if control fails? */
goto return_results;
}
}
}
/* Modify the entry */
rs->sr_err = ndb_modify_internal( op, &NA, &rs->sr_text, textbuf, textlen );
if( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_modify) ": modify failed (%d)\n",
rs->sr_err, 0, 0 );
#if 0
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
#endif
goto return_results;
}
if( op->o_postread ) {
if( postread_ctrl == NULL ) {
postread_ctrl = &ctrls[num_ctrls++];
ctrls[num_ctrls] = NULL;
}
if( slap_read_controls( op, rs, &e,
&slap_post_read_bv, postread_ctrl ) )
{
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(ndb_back_modify)
": post-read failed!\n", 0, 0, 0 );
if ( op->o_postread & SLAP_CONTROL_CRITICAL ) {
/* FIXME: is it correct to abort
* operation if control fails? */
goto return_results;
}
}
}
if( op->o_noop ) {
if (( rs->sr_err=NA.txn->execute( NdbTransaction::Rollback,
NdbOperation::AbortOnError, 1 )) != 0 ) {
rs->sr_text = "txn_abort (no-op) failed";
} else {
rs->sr_err = LDAP_X_NO_OPERATION;
}
} else {
if (( rs->sr_err=NA.txn->execute( NdbTransaction::Commit,
NdbOperation::AbortOnError, 1 )) != 0 ) {
rs->sr_text = "txn_commit failed";
} else {
rs->sr_err = LDAP_SUCCESS;
}
}
if( rs->sr_err != LDAP_SUCCESS && rs->sr_err != LDAP_X_NO_OPERATION ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_modify) ": txn_%s failed: %s (%d)\n",
op->o_noop ? "abort (no-op)" : "commit",
NA.txn->getNdbError().message, NA.txn->getNdbError().code );
rs->sr_err = LDAP_OTHER;
goto return_results;
}
NA.txn->close();
NA.txn = NULL;
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(ndb_back_modify) ": updated%s id=%08lx dn=\"%s\"\n",
op->o_noop ? " (no-op)" : "",
e.e_id, op->o_req_dn.bv_val );
rs->sr_err = LDAP_SUCCESS;
rs->sr_text = NULL;
if( num_ctrls ) rs->sr_ctrls = ctrls;
return_results:
if ( NA.ocs ) {
ber_bvarray_free_x( NA.ocs, op->o_tmpmemctx );
NA.ocs = NULL;
}
if ( e.e_attrs != NULL ) {
attrs_free( e.e_attrs );
e.e_attrs = NULL;
}
if( NA.txn != NULL ) {
NA.txn->execute( Rollback );
NA.txn->close();
}
send_ldap_result( op, rs );
slap_graduate_commit_csn( op );
if( preread_ctrl != NULL && (*preread_ctrl) != NULL ) {
slap_sl_free( (*preread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
slap_sl_free( *preread_ctrl, op->o_tmpmemctx );
}
if( postread_ctrl != NULL && (*postread_ctrl) != NULL ) {
slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
slap_sl_free( *postread_ctrl, op->o_tmpmemctx );
}
rs->sr_text = NULL;
return rs->sr_err;
}
int
passwd_back_search(
Operation *op,
SlapReply *rs )
{
struct passwd *pw;
time_t stoptime = (time_t)-1;
LDAPRDN rdn = NULL;
struct berval parent = BER_BVNULL;
AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass;
if ( op->ors_tlimit != SLAP_NO_LIMIT ) {
stoptime = op->o_time + op->ors_tlimit;
}
/* Handle a query for the base of this backend */
if ( be_issuffix( op->o_bd, &op->o_req_ndn ) ) {
struct berval val;
rs->sr_matched = op->o_req_dn.bv_val;
if( op->ors_scope != LDAP_SCOPE_ONELEVEL ) {
AttributeDescription *desc = NULL;
char *next;
Entry e = { 0 };
/* Create an entry corresponding to the base DN */
e.e_name.bv_val = ch_strdup( op->o_req_dn.bv_val );
e.e_name.bv_len = op->o_req_dn.bv_len;
e.e_nname.bv_val = ch_strdup( op->o_req_ndn.bv_val );
e.e_nname.bv_len = op->o_req_ndn.bv_len;
/* Use the first attribute of the DN
* as an attribute within the entry itself.
*/
if( ldap_bv2rdn( &op->o_req_dn, &rdn, &next,
LDAP_DN_FORMAT_LDAP ) )
{
rs->sr_err = LDAP_INVALID_DN_SYNTAX;
goto done;
}
if( slap_bv2ad( &rdn[0]->la_attr, &desc, &rs->sr_text )) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
ldap_rdnfree(rdn);
goto done;
}
attr_merge_normalize_one( &e, desc, &rdn[0]->la_value, NULL );
ldap_rdnfree(rdn);
rdn = NULL;
/* Every entry needs an objectclass. We don't really
* know if our hardcoded choice here agrees with the
* DN that was configured for this backend, but it's
* better than nothing.
*
* should be a configuratable item
*/
BER_BVSTR( &val, "organizationalUnit" );
attr_merge_one( &e, ad_objectClass, &val, NULL );
if ( test_filter( op, &e, op->ors_filter ) == LDAP_COMPARE_TRUE ) {
rs->sr_entry = &e;
rs->sr_attrs = op->ors_attrs;
rs->sr_flags = REP_ENTRY_MODIFIABLE;
send_search_entry( op, rs );
rs->sr_flags = 0;
rs->sr_attrs = NULL;
}
entry_clean( &e );
}
if ( op->ors_scope != LDAP_SCOPE_BASE ) {
/* check all our "children" */
ldap_pvt_thread_mutex_lock( &passwd_mutex );
pw_start( op->o_bd );
for ( pw = getpwent(); pw != NULL; pw = getpwent() ) {
Entry e = { 0 };
/* check for abandon */
if ( op->o_abandon ) {
endpwent();
ldap_pvt_thread_mutex_unlock( &passwd_mutex );
return( SLAPD_ABANDON );
}
/* check time limit */
if ( op->ors_tlimit != SLAP_NO_LIMIT
&& slap_get_time() > stoptime )
{
send_ldap_error( op, rs, LDAP_TIMELIMIT_EXCEEDED, NULL );
endpwent();
ldap_pvt_thread_mutex_unlock( &passwd_mutex );
return( 0 );
}
if ( pw2entry( op->o_bd, pw, &e ) ) {
rs->sr_err = LDAP_OTHER;
endpwent();
ldap_pvt_thread_mutex_unlock( &passwd_mutex );
goto done;
}
if ( test_filter( op, &e, op->ors_filter ) == LDAP_COMPARE_TRUE ) {
/* check size limit */
if ( --op->ors_slimit == -1 ) {
send_ldap_error( op, rs, LDAP_SIZELIMIT_EXCEEDED, NULL );
endpwent();
ldap_pvt_thread_mutex_unlock( &passwd_mutex );
return( 0 );
}
rs->sr_entry = &e;
rs->sr_attrs = op->ors_attrs;
rs->sr_flags = REP_ENTRY_MODIFIABLE;
send_search_entry( op, rs );
rs->sr_flags = 0;
rs->sr_entry = NULL;
}
entry_clean( &e );
}
endpwent();
ldap_pvt_thread_mutex_unlock( &passwd_mutex );
}
} else {
char *next;
Entry e = { 0 };
int rc;
if (! be_issuffix( op->o_bd, &op->o_req_ndn ) ) {
dnParent( &op->o_req_ndn, &parent );
}
/* This backend is only one layer deep. Don't answer requests for
* anything deeper than that.
*/
if( !be_issuffix( op->o_bd, &parent ) ) {
int i;
for( i=0; op->o_bd->be_nsuffix[i].bv_val != NULL; i++ ) {
if( dnIsSuffix( &op->o_req_ndn, &op->o_bd->be_nsuffix[i] ) ) {
rs->sr_matched = op->o_bd->be_suffix[i].bv_val;
break;
}
}
rs->sr_err = LDAP_NO_SUCH_OBJECT;
goto done;
}
if( op->ors_scope == LDAP_SCOPE_ONELEVEL ) {
goto done;
}
if ( ldap_bv2rdn( &op->o_req_dn, &rdn, &next,
LDAP_DN_FORMAT_LDAP ))
{
rs->sr_err = LDAP_OTHER;
goto done;
}
ldap_pvt_thread_mutex_lock( &passwd_mutex );
pw_start( op->o_bd );
pw = getpwnam( rdn[0]->la_value.bv_val );
if ( pw == NULL ) {
rs->sr_matched = parent.bv_val;
rs->sr_err = LDAP_NO_SUCH_OBJECT;
ldap_pvt_thread_mutex_unlock( &passwd_mutex );
goto done;
}
rc = pw2entry( op->o_bd, pw, &e );
ldap_pvt_thread_mutex_unlock( &passwd_mutex );
if ( rc ) {
rs->sr_err = LDAP_OTHER;
goto done;
}
if ( test_filter( op, &e, op->ors_filter ) == LDAP_COMPARE_TRUE ) {
rs->sr_entry = &e;
rs->sr_attrs = op->ors_attrs;
rs->sr_flags = REP_ENTRY_MODIFIABLE;
send_search_entry( op, rs );
rs->sr_flags = 0;
rs->sr_entry = NULL;
rs->sr_attrs = NULL;
}
entry_clean( &e );
}
done:
if( rs->sr_err != LDAP_NO_SUCH_OBJECT ) rs->sr_matched = NULL;
send_ldap_result( op, rs );
if( rdn != NULL ) ldap_rdnfree( rdn );
return( 0 );
}
int
backsql_modrdn( Operation *op, SlapReply *rs )
{
backsql_info *bi = (backsql_info*)op->o_bd->be_private;
SQLHDBC dbh = SQL_NULL_HDBC;
SQLHSTMT sth = SQL_NULL_HSTMT;
RETCODE rc;
backsql_entryID e_id = BACKSQL_ENTRYID_INIT,
n_id = BACKSQL_ENTRYID_INIT;
backsql_srch_info bsi = { 0 };
backsql_oc_map_rec *oc = NULL;
struct berval pdn = BER_BVNULL, pndn = BER_BVNULL,
*new_pdn = NULL, *new_npdn = NULL,
new_dn = BER_BVNULL, new_ndn = BER_BVNULL,
realnew_dn = BER_BVNULL;
Entry r = { 0 },
p = { 0 },
n = { 0 },
*e = NULL;
int manageDSAit = get_manageDSAit( op );
struct berval *newSuperior = op->oq_modrdn.rs_newSup;
Debug( LDAP_DEBUG_TRACE, "==>backsql_modrdn() renaming entry \"%s\", "
"newrdn=\"%s\", newSuperior=\"%s\"\n",
op->o_req_dn.bv_val, op->oq_modrdn.rs_newrdn.bv_val,
newSuperior ? newSuperior->bv_val : "(NULL)" );
rs->sr_err = backsql_get_db_conn( op, &dbh );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
"could not get connection handle - exiting\n" );
rs->sr_text = ( rs->sr_err == LDAP_OTHER )
? "SQL-backend error" : NULL;
e = NULL;
goto done;
}
bsi.bsi_e = &r;
rs->sr_err = backsql_init_search( &bsi, &op->o_req_ndn,
LDAP_SCOPE_BASE,
(time_t)(-1), NULL, dbh, op, rs,
slap_anlist_all_attributes,
( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY | BACKSQL_ISF_GET_OC ) );
switch ( rs->sr_err ) {
case LDAP_SUCCESS:
break;
case LDAP_REFERRAL:
if ( manageDSAit && !BER_BVISNULL( &bsi.bsi_e->e_nname ) &&
dn_match( &op->o_req_ndn, &bsi.bsi_e->e_nname ) )
{
rs->sr_err = LDAP_SUCCESS;
rs->sr_text = NULL;
rs->sr_matched = NULL;
if ( rs->sr_ref ) {
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
}
break;
}
e = &r;
/* fallthru */
default:
Debug( LDAP_DEBUG_TRACE, "backsql_modrdn(): "
"could not retrieve modrdnDN ID - no such entry\n" );
if ( !BER_BVISNULL( &r.e_nname ) ) {
/* FIXME: should always be true! */
e = &r;
} else {
e = NULL;
}
goto done;
}
Debug( LDAP_DEBUG_TRACE,
" backsql_modrdn(): entry id=" BACKSQL_IDFMT "\n",
BACKSQL_IDARG(e_id.eid_id) );
if ( get_assert( op ) &&
( test_filter( op, &r, get_assertion( op ) )
!= LDAP_COMPARE_TRUE ) )
{
rs->sr_err = LDAP_ASSERTION_FAILED;
e = &r;
goto done;
}
if ( backsql_has_children( op, dbh, &op->o_req_ndn ) == LDAP_COMPARE_TRUE ) {
Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
"entry \"%s\" has children\n",
op->o_req_dn.bv_val );
rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF;
rs->sr_text = "subtree rename not supported";
e = &r;
goto done;
}
/*
* Check for entry access to target
*/
if ( !access_allowed( op, &r, slap_schema.si_ad_entry,
NULL, ACL_WRITE, NULL ) ) {
Debug( LDAP_DEBUG_TRACE, " no access to entry\n" );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto done;
}
dnParent( &op->o_req_dn, &pdn );
dnParent( &op->o_req_ndn, &pndn );
/*
* namingContext "" is not supported
*/
if ( BER_BVISEMPTY( &pdn ) ) {
Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
"parent is \"\" - aborting\n" );
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
rs->sr_text = "not allowed within namingContext";
e = NULL;
goto done;
}
/*
* Check for children access to parent
*/
bsi.bsi_e = &p;
e_id = bsi.bsi_base_id;
memset( &bsi.bsi_base_id, 0, sizeof( bsi.bsi_base_id ) );
rs->sr_err = backsql_init_search( &bsi, &pndn,
LDAP_SCOPE_BASE,
(time_t)(-1), NULL, dbh, op, rs,
slap_anlist_all_attributes,
BACKSQL_ISF_GET_ENTRY );
Debug( LDAP_DEBUG_TRACE,
" backsql_modrdn(): old parent entry id is " BACKSQL_IDFMT "\n",
BACKSQL_IDARG(bsi.bsi_base_id.eid_id) );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, "backsql_modrdn(): "
"could not retrieve renameDN ID - no such entry\n" );
e = &p;
goto done;
}
if ( !access_allowed( op, &p, slap_schema.si_ad_children, NULL,
newSuperior ? ACL_WDEL : ACL_WRITE, NULL ) )
{
Debug( LDAP_DEBUG_TRACE, " no access to parent\n" );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto done;
}
if ( newSuperior ) {
(void)backsql_free_entryID( &bsi.bsi_base_id, 0, op->o_tmpmemctx );
/*
* namingContext "" is not supported
*/
if ( BER_BVISEMPTY( newSuperior ) ) {
Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
"newSuperior is \"\" - aborting\n" );
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
rs->sr_text = "not allowed within namingContext";
e = NULL;
goto done;
}
new_pdn = newSuperior;
new_npdn = op->oq_modrdn.rs_nnewSup;
/*
* Check for children access to new parent
*/
bsi.bsi_e = &n;
rs->sr_err = backsql_init_search( &bsi, new_npdn,
LDAP_SCOPE_BASE,
(time_t)(-1), NULL, dbh, op, rs,
slap_anlist_all_attributes,
( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY ) );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, "backsql_modrdn(): "
"could not retrieve renameDN ID - no such entry\n" );
e = &n;
goto done;
}
n_id = bsi.bsi_base_id;
Debug( LDAP_DEBUG_TRACE,
" backsql_modrdn(): new parent entry id=" BACKSQL_IDFMT "\n",
BACKSQL_IDARG(n_id.eid_id) );
if ( !access_allowed( op, &n, slap_schema.si_ad_children,
NULL, ACL_WADD, NULL ) ) {
Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
"no access to new parent \"%s\"\n",
new_pdn->bv_val );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
e = &n;
goto done;
}
} else {
n_id = bsi.bsi_base_id;
new_pdn = &pdn;
new_npdn = &pndn;
}
memset( &bsi.bsi_base_id, 0, sizeof( bsi.bsi_base_id ) );
if ( newSuperior && dn_match( &pndn, new_npdn ) ) {
Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
"newSuperior is equal to old parent - ignored\n" );
newSuperior = NULL;
}
if ( newSuperior && dn_match( &op->o_req_ndn, new_npdn ) ) {
Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
"newSuperior is equal to entry being moved "
"- aborting\n" );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "newSuperior is equal to old DN";
e = &r;
goto done;
}
build_new_dn( &new_dn, new_pdn, &op->oq_modrdn.rs_newrdn,
op->o_tmpmemctx );
build_new_dn( &new_ndn, new_npdn, &op->oq_modrdn.rs_nnewrdn,
op->o_tmpmemctx );
Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): new entry dn is \"%s\"\n",
new_dn.bv_val );
realnew_dn = new_dn;
if ( backsql_api_dn2odbc( op, rs, &realnew_dn ) ) {
Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(\"%s\"): "
"backsql_api_dn2odbc(\"%s\") failed\n",
op->o_req_dn.bv_val, realnew_dn.bv_val );
SQLFreeStmt( sth, SQL_DROP );
rs->sr_text = "SQL-backend error";
rs->sr_err = LDAP_OTHER;
e = NULL;
goto done;
}
Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
"executing renentry_stmt\n" );
rc = backsql_Prepare( dbh, &sth, bi->sql_renentry_stmt, 0 );
if ( rc != SQL_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
" backsql_modrdn(): "
"error preparing renentry_stmt\n" );
backsql_PrintErrors( bi->sql_db_env, dbh,
sth, rc );
rs->sr_text = "SQL-backend error";
rs->sr_err = LDAP_OTHER;
e = NULL;
goto done;
}
rc = backsql_BindParamBerVal( sth, 1, SQL_PARAM_INPUT, &realnew_dn );
if ( rc != SQL_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
" backsql_modrdn(): "
"error binding DN parameter for objectClass %s\n",
oc->bom_oc->soc_cname.bv_val );
backsql_PrintErrors( bi->sql_db_env, dbh,
sth, rc );
SQLFreeStmt( sth, SQL_DROP );
rs->sr_text = "SQL-backend error";
rs->sr_err = LDAP_OTHER;
e = NULL;
goto done;
}
rc = backsql_BindParamID( sth, 2, SQL_PARAM_INPUT, &n_id.eid_id );
if ( rc != SQL_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
" backsql_modrdn(): "
"error binding parent ID parameter for objectClass %s\n",
oc->bom_oc->soc_cname.bv_val );
backsql_PrintErrors( bi->sql_db_env, dbh,
sth, rc );
SQLFreeStmt( sth, SQL_DROP );
rs->sr_text = "SQL-backend error";
rs->sr_err = LDAP_OTHER;
e = NULL;
goto done;
}
rc = backsql_BindParamID( sth, 3, SQL_PARAM_INPUT, &e_id.eid_keyval );
if ( rc != SQL_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
" backsql_modrdn(): "
"error binding entry ID parameter for objectClass %s\n",
oc->bom_oc->soc_cname.bv_val );
backsql_PrintErrors( bi->sql_db_env, dbh,
sth, rc );
SQLFreeStmt( sth, SQL_DROP );
rs->sr_text = "SQL-backend error";
rs->sr_err = LDAP_OTHER;
e = NULL;
goto done;
}
rc = backsql_BindParamID( sth, 4, SQL_PARAM_INPUT, &e_id.eid_id );
if ( rc != SQL_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
" backsql_modrdn(): "
"error binding ID parameter for objectClass %s\n",
oc->bom_oc->soc_cname.bv_val );
backsql_PrintErrors( bi->sql_db_env, dbh,
sth, rc );
SQLFreeStmt( sth, SQL_DROP );
rs->sr_text = "SQL-backend error";
rs->sr_err = LDAP_OTHER;
e = NULL;
goto done;
}
rc = SQLExecute( sth );
if ( rc != SQL_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(): "
"could not rename ldap_entries record\n" );
backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
SQLFreeStmt( sth, SQL_DROP );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "SQL-backend error";
e = NULL;
goto done;
}
SQLFreeStmt( sth, SQL_DROP );
assert( op->orr_modlist != NULL );
slap_mods_opattrs( op, &op->orr_modlist, 1 );
assert( e_id.eid_oc != NULL );
oc = e_id.eid_oc;
rs->sr_err = backsql_modify_internal( op, rs, dbh, oc, &e_id, op->orr_modlist );
slap_graduate_commit_csn( op );
if ( rs->sr_err != LDAP_SUCCESS ) {
e = &r;
goto done;
}
if ( BACKSQL_CHECK_SCHEMA( bi ) ) {
char textbuf[ SLAP_TEXT_BUFLEN ] = { '\0' };
backsql_entry_clean( op, &r );
(void)backsql_free_entryID( &e_id, 0, op->o_tmpmemctx );
bsi.bsi_e = &r;
rs->sr_err = backsql_init_search( &bsi, &new_ndn,
LDAP_SCOPE_BASE,
(time_t)(-1), NULL, dbh, op, rs,
slap_anlist_all_attributes,
( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY ) );
switch ( rs->sr_err ) {
case LDAP_SUCCESS:
break;
case LDAP_REFERRAL:
if ( manageDSAit && !BER_BVISNULL( &bsi.bsi_e->e_nname ) &&
dn_match( &new_ndn, &bsi.bsi_e->e_nname ) )
{
rs->sr_err = LDAP_SUCCESS;
rs->sr_text = NULL;
rs->sr_matched = NULL;
if ( rs->sr_ref ) {
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
}
break;
}
e = &r;
/* fallthru */
default:
Debug( LDAP_DEBUG_TRACE, "backsql_modrdn(): "
"could not retrieve modrdnDN ID - no such entry\n" );
if ( !BER_BVISNULL( &r.e_nname ) ) {
/* FIXME: should always be true! */
e = &r;
} else {
e = NULL;
}
goto done;
}
e_id = bsi.bsi_base_id;
rs->sr_err = entry_schema_check( op, &r, NULL, 0, 0, NULL,
&rs->sr_text, textbuf, sizeof( textbuf ) );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, " backsql_modrdn(\"%s\"): "
"entry failed schema check -- aborting\n",
r.e_name.bv_val );
e = NULL;
goto done;
}
}
done:;
if ( e != NULL ) {
if ( !access_allowed( op, e, slap_schema.si_ad_entry, NULL,
ACL_DISCLOSE, NULL ) )
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
rs->sr_text = NULL;
rs->sr_matched = NULL;
if ( rs->sr_ref ) {
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
}
}
}
/*
* Commit only if all operations succeed
*/
if ( sth != SQL_NULL_HSTMT ) {
SQLUSMALLINT CompletionType = SQL_ROLLBACK;
if ( rs->sr_err == LDAP_SUCCESS && !op->o_noop ) {
CompletionType = SQL_COMMIT;
}
SQLTransact( SQL_NULL_HENV, dbh, CompletionType );
}
if ( op->o_noop && rs->sr_err == LDAP_SUCCESS ) {
rs->sr_err = LDAP_X_NO_OPERATION;
}
send_ldap_result( op, rs );
slap_graduate_commit_csn( op );
if ( !BER_BVISNULL( &realnew_dn ) && realnew_dn.bv_val != new_dn.bv_val ) {
ch_free( realnew_dn.bv_val );
}
if ( !BER_BVISNULL( &new_dn ) ) {
slap_sl_free( new_dn.bv_val, op->o_tmpmemctx );
}
if ( !BER_BVISNULL( &new_ndn ) ) {
slap_sl_free( new_ndn.bv_val, op->o_tmpmemctx );
}
if ( !BER_BVISNULL( &e_id.eid_ndn ) ) {
(void)backsql_free_entryID( &e_id, 0, op->o_tmpmemctx );
}
if ( !BER_BVISNULL( &n_id.eid_ndn ) ) {
(void)backsql_free_entryID( &n_id, 0, op->o_tmpmemctx );
}
if ( !BER_BVISNULL( &r.e_nname ) ) {
backsql_entry_clean( op, &r );
}
if ( !BER_BVISNULL( &p.e_nname ) ) {
backsql_entry_clean( op, &p );
}
if ( !BER_BVISNULL( &n.e_nname ) ) {
backsql_entry_clean( op, &n );
}
if ( rs->sr_ref ) {
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
}
Debug( LDAP_DEBUG_TRACE, "<==backsql_modrdn()\n" );
return rs->sr_err;
}
int
bdb_add(Operation *op, SlapReply *rs )
{
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
struct berval pdn;
Entry *p = NULL, *oe = op->ora_e;
EntryInfo *ei;
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof textbuf;
AttributeDescription *children = slap_schema.si_ad_children;
AttributeDescription *entry = slap_schema.si_ad_entry;
DB_TXN *ltid = NULL, *lt2;
ID eid = NOID;
struct bdb_op_info opinfo = {{{ 0 }}};
int subentry;
DB_LOCK lock;
int num_retries = 0;
int success;
LDAPControl **postread_ctrl = NULL;
LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
int num_ctrls = 0;
#ifdef LDAP_X_TXN
int settle = 0;
#endif
Debug(LDAP_DEBUG_ARGS, "==> " LDAP_XSTRING(bdb_add) ": %s\n",
op->ora_e->e_name.bv_val, 0, 0);
#ifdef LDAP_X_TXN
if( op->o_txnSpec ) {
/* acquire connection lock */
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
if( op->o_conn->c_txn == CONN_TXN_INACTIVE ) {
rs->sr_text = "invalid transaction identifier";
rs->sr_err = LDAP_X_TXN_ID_INVALID;
goto txnReturn;
} else if( op->o_conn->c_txn == CONN_TXN_SETTLE ) {
settle=1;
goto txnReturn;
}
if( op->o_conn->c_txn_backend == NULL ) {
op->o_conn->c_txn_backend = op->o_bd;
} else if( op->o_conn->c_txn_backend != op->o_bd ) {
rs->sr_text = "transaction cannot span multiple database contexts";
rs->sr_err = LDAP_AFFECTS_MULTIPLE_DSAS;
goto txnReturn;
}
/* insert operation into transaction */
rs->sr_text = "transaction specified";
rs->sr_err = LDAP_X_TXN_SPECIFY_OKAY;
txnReturn:
/* release connection lock */
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
if( !settle ) {
send_ldap_result( op, rs );
return rs->sr_err;
}
}
#endif
ctrls[num_ctrls] = 0;
/* check entry's schema */
rs->sr_err = entry_schema_check( op, op->ora_e, NULL,
get_relax(op), 1, NULL, &rs->sr_text, textbuf, textlen );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": entry failed schema check: "
"%s (%d)\n", rs->sr_text, rs->sr_err, 0 );
goto return_results;
}
/* add opattrs to shadow as well, only missing attrs will actually
* be added; helps compatibility with older OL versions */
rs->sr_err = slap_add_opattrs( op, &rs->sr_text, textbuf, textlen, 1 );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": entry failed op attrs add: "
"%s (%d)\n", rs->sr_text, rs->sr_err, 0 );
goto return_results;
}
if ( get_assert( op ) &&
( test_filter( op, op->ora_e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
{
rs->sr_err = LDAP_ASSERTION_FAILED;
goto return_results;
}
subentry = is_entry_subentry( op->ora_e );
if( 0 ) {
retry: /* transaction retry */
if( p ) {
/* free parent and reader lock */
if ( p != (Entry *)&slap_entry_root ) {
bdb_unlocked_cache_return_entry_r( bdb, p );
}
p = NULL;
}
rs->sr_err = TXN_ABORT( ltid );
ltid = NULL;
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
opinfo.boi_oe.oe_key = NULL;
op->o_do_not_cache = opinfo.boi_acl_cache;
if( rs->sr_err != 0 ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
if ( op->o_abandon ) {
rs->sr_err = SLAPD_ABANDON;
goto return_results;
}
bdb_trans_backoff( ++num_retries );
}
/* begin transaction */
rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, NULL, <id,
bdb->bi_db_opflags );
rs->sr_text = NULL;
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": txn_begin failed: %s (%d)\n",
db_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_add) ": txn1 id: %x\n",
ltid->id(ltid), 0, 0 );
opinfo.boi_oe.oe_key = bdb;
opinfo.boi_txn = ltid;
opinfo.boi_err = 0;
opinfo.boi_acl_cache = op->o_do_not_cache;
LDAP_SLIST_INSERT_HEAD( &op->o_extra, &opinfo.boi_oe, oe_next );
/*
* Get the parent dn and see if the corresponding entry exists.
*/
if ( be_issuffix( op->o_bd, &op->ora_e->e_nname ) ) {
pdn = slap_empty_bv;
} else {
dnParent( &op->ora_e->e_nname, &pdn );
}
/* get entry or parent */
rs->sr_err = bdb_dn2entry( op, ltid, &op->ora_e->e_nname, &ei,
1, &lock );
switch( rs->sr_err ) {
case 0:
rs->sr_err = LDAP_ALREADY_EXISTS;
goto return_results;
case DB_NOTFOUND:
break;
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
case LDAP_BUSY:
rs->sr_text = "ldap server busy";
goto return_results;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
p = ei->bei_e;
if ( !p )
p = (Entry *)&slap_entry_root;
if ( !bvmatch( &pdn, &p->e_nname ) ) {
rs->sr_matched = ber_strdup_x( p->e_name.bv_val,
op->o_tmpmemctx );
rs->sr_ref = is_entry_referral( p )
? get_entry_referrals( op, p )
: NULL;
if ( p != (Entry *)&slap_entry_root )
bdb_unlocked_cache_return_entry_r( bdb, p );
p = NULL;
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": parent "
"does not exist\n", 0, 0, 0 );
rs->sr_err = LDAP_REFERRAL;
rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
goto return_results;
}
rs->sr_err = access_allowed( op, p,
children, NULL, ACL_WADD, NULL );
if ( ! rs->sr_err ) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
if ( p != (Entry *)&slap_entry_root )
bdb_unlocked_cache_return_entry_r( bdb, p );
p = NULL;
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": no write access to parent\n",
0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to parent";
goto return_results;;
}
if ( p != (Entry *)&slap_entry_root ) {
if ( is_entry_subentry( p ) ) {
bdb_unlocked_cache_return_entry_r( bdb, p );
p = NULL;
/* parent is a subentry, don't allow add */
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": parent is subentry\n",
0, 0, 0 );
rs->sr_err = LDAP_OBJECT_CLASS_VIOLATION;
rs->sr_text = "parent is a subentry";
goto return_results;;
}
if ( is_entry_alias( p ) ) {
bdb_unlocked_cache_return_entry_r( bdb, p );
p = NULL;
/* parent is an alias, don't allow add */
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": parent is alias\n",
0, 0, 0 );
rs->sr_err = LDAP_ALIAS_PROBLEM;
rs->sr_text = "parent is an alias";
goto return_results;;
}
if ( is_entry_referral( p ) ) {
/* parent is a referral, don't allow add */
rs->sr_matched = ber_strdup_x( p->e_name.bv_val,
op->o_tmpmemctx );
rs->sr_ref = get_entry_referrals( op, p );
bdb_unlocked_cache_return_entry_r( bdb, p );
p = NULL;
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": parent is referral\n",
0, 0, 0 );
rs->sr_err = LDAP_REFERRAL;
rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
goto return_results;
}
}
if ( subentry ) {
/* FIXME: */
/* parent must be an administrative point of the required kind */
}
/* free parent and reader lock */
if ( p != (Entry *)&slap_entry_root ) {
if ( p->e_nname.bv_len ) {
struct berval ppdn;
/* ITS#5326: use parent's DN if differs from provided one */
dnParent( &op->ora_e->e_name, &ppdn );
if ( !dn_match( &p->e_name, &ppdn ) ) {
struct berval rdn;
struct berval newdn;
dnRdn( &op->ora_e->e_name, &rdn );
build_new_dn( &newdn, &p->e_name, &rdn, NULL );
if ( op->ora_e->e_name.bv_val != op->o_req_dn.bv_val )
ber_memfree( op->ora_e->e_name.bv_val );
op->ora_e->e_name = newdn;
/* FIXME: should check whether
* dnNormalize(newdn) == e->e_nname ... */
}
}
bdb_unlocked_cache_return_entry_r( bdb, p );
}
p = NULL;
rs->sr_err = access_allowed( op, op->ora_e,
entry, NULL, ACL_WADD, NULL );
if ( ! rs->sr_err ) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": no write access to entry\n",
0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to entry";
goto return_results;;
}
/*
* Check ACL for attribute write access
*/
if (!acl_check_modlist(op, oe, op->ora_modlist)) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": no write access to attribute\n",
0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to attribute";
goto return_results;;
}
if ( eid == NOID ) {
rs->sr_err = bdb_next_id( op->o_bd, &eid );
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": next_id failed (%d)\n",
rs->sr_err, 0, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
op->ora_e->e_id = eid;
}
/* nested transaction */
rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, ltid, <2,
bdb->bi_db_opflags );
rs->sr_text = NULL;
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": txn_begin(2) failed: "
"%s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_add) ": txn2 id: %x\n",
lt2->id(lt2), 0, 0 );
/* dn2id index */
rs->sr_err = bdb_dn2id_add( op, lt2, ei, op->ora_e );
if ( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": dn2id_add failed: %s (%d)\n",
db_strerror(rs->sr_err), rs->sr_err, 0 );
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
case DB_KEYEXIST:
rs->sr_err = LDAP_ALREADY_EXISTS;
break;
default:
rs->sr_err = LDAP_OTHER;
}
goto return_results;
}
/* attribute indexes */
rs->sr_err = bdb_index_entry_add( op, lt2, op->ora_e );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": index_entry_add failed\n",
0, 0, 0 );
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
default:
rs->sr_err = LDAP_OTHER;
}
rs->sr_text = "index generation failed";
goto return_results;
}
/* id2entry index */
rs->sr_err = bdb_id2entry_add( op->o_bd, lt2, op->ora_e );
if ( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": id2entry_add failed\n",
0, 0, 0 );
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
default:
rs->sr_err = LDAP_OTHER;
}
rs->sr_text = "entry store failed";
goto return_results;
}
if ( TXN_COMMIT( lt2, 0 ) != 0 ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "txn_commit(2) failed";
goto return_results;
}
/* post-read */
if( op->o_postread ) {
if( postread_ctrl == NULL ) {
postread_ctrl = &ctrls[num_ctrls++];
ctrls[num_ctrls] = NULL;
}
if ( slap_read_controls( op, rs, op->ora_e,
&slap_post_read_bv, postread_ctrl ) )
{
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_add) ": post-read "
"failed!\n", 0, 0, 0 );
if ( op->o_postread & SLAP_CONTROL_CRITICAL ) {
/* FIXME: is it correct to abort
* operation if control fails? */
goto return_results;
}
}
}
if ( op->o_noop ) {
if (( rs->sr_err=TXN_ABORT( ltid )) != 0 ) {
rs->sr_text = "txn_abort (no-op) failed";
} else {
rs->sr_err = LDAP_X_NO_OPERATION;
ltid = NULL;
goto return_results;
}
} else {
struct berval nrdn;
/* pick the RDN if not suffix; otherwise pick the entire DN */
if (pdn.bv_len) {
nrdn.bv_val = op->ora_e->e_nname.bv_val;
nrdn.bv_len = pdn.bv_val - op->ora_e->e_nname.bv_val - 1;
} else {
nrdn = op->ora_e->e_nname;
}
bdb_cache_add( bdb, ei, op->ora_e, &nrdn, ltid, &lock );
if(( rs->sr_err=TXN_COMMIT( ltid, 0 )) != 0 ) {
rs->sr_text = "txn_commit failed";
} else {
rs->sr_err = LDAP_SUCCESS;
}
}
ltid = NULL;
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
opinfo.boi_oe.oe_key = NULL;
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": %s : %s (%d)\n",
rs->sr_text, db_strerror(rs->sr_err), rs->sr_err );
rs->sr_err = LDAP_OTHER;
goto return_results;
}
Debug(LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": added%s id=%08lx dn=\"%s\"\n",
op->o_noop ? " (no-op)" : "",
op->ora_e->e_id, op->ora_e->e_dn );
rs->sr_text = NULL;
if( num_ctrls ) rs->sr_ctrls = ctrls;
return_results:
success = rs->sr_err;
send_ldap_result( op, rs );
if( ltid != NULL ) {
TXN_ABORT( ltid );
}
if ( opinfo.boi_oe.oe_key ) {
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
}
if( success == LDAP_SUCCESS ) {
/* We own the entry now, and it can be purged at will
* Check to make sure it's the same entry we entered with.
* Possibly a callback may have mucked with it, although
* in general callbacks should treat the entry as read-only.
*/
bdb_cache_deref( oe->e_private );
if ( op->ora_e == oe )
op->ora_e = NULL;
if ( bdb->bi_txn_cp_kbyte ) {
TXN_CHECKPOINT( bdb->bi_dbenv,
bdb->bi_txn_cp_kbyte, bdb->bi_txn_cp_min, 0 );
}
}
slap_graduate_commit_csn( op );
if( postread_ctrl != NULL && (*postread_ctrl) != NULL ) {
slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
slap_sl_free( *postread_ctrl, op->o_tmpmemctx );
}
return rs->sr_err;
}
int
slapcat( int argc, char **argv )
{
ID id;
int rc = EXIT_SUCCESS;
Operation op = {0};
const char *progname = "slapcat";
int requestBSF;
int doBSF = 0;
slap_tool_init( progname, SLAPCAT, argc, argv );
requestBSF = ( sub_ndn.bv_len || filter );
#ifdef SIGPIPE
(void) SIGNAL( SIGPIPE, slapcat_sig );
#endif
#ifdef SIGHUP
(void) SIGNAL( SIGHUP, slapcat_sig );
#endif
(void) SIGNAL( SIGINT, slapcat_sig );
(void) SIGNAL( SIGTERM, slapcat_sig );
if( !be->be_entry_open ||
!be->be_entry_close ||
!( be->be_entry_first_x || be->be_entry_first ) ||
!be->be_entry_next ||
!be->be_entry_get )
{
fprintf( stderr, "%s: database doesn't support necessary operations.\n",
progname );
exit( EXIT_FAILURE );
}
if( be->be_entry_open( be, 0 ) != 0 ) {
fprintf( stderr, "%s: could not open database.\n",
progname );
exit( EXIT_FAILURE );
}
op.o_bd = be;
if ( !requestBSF && be->be_entry_first ) {
id = be->be_entry_first( be );
} else {
if ( be->be_entry_first_x ) {
id = be->be_entry_first_x( be,
sub_ndn.bv_len ? &sub_ndn : NULL, scope, filter );
} else {
assert( be->be_entry_first != NULL );
doBSF = 1;
id = be->be_entry_first( be );
}
}
for ( ; id != NOID; id = be->be_entry_next( be ) )
{
char *data;
int len;
Entry* e;
if ( gotsig )
break;
e = be->be_entry_get( be, id );
if ( e == NULL ) {
printf("# no data for entry id=%08lx\n\n", (long) id );
rc = EXIT_FAILURE;
if ( continuemode == 0 ) {
break;
} else if ( continuemode == 1 ) {
continue;
}
/* this is a last resort: linearly scan all ids
* trying to recover as much as possible (ITS#6482) */
while ( ++id != NOID ) {
e = be->be_entry_get( be, id );
if ( e != NULL ) break;
printf("# no data for entry id=%08lx\n\n", (long) id );
}
if ( e == NULL ) break;
}
if ( doBSF ) {
if ( sub_ndn.bv_len && !dnIsSuffixScope( &e->e_nname, &sub_ndn, scope ) )
{
be_entry_release_r( &op, e );
continue;
}
if ( filter != NULL ) {
int rc = test_filter( NULL, e, filter );
if ( rc != LDAP_COMPARE_TRUE ) {
be_entry_release_r( &op, e );
continue;
}
}
}
if ( verbose ) {
printf( "# id=%08lx\n", (long) id );
}
data = entry2str( e, &len );
be_entry_release_r( &op, e );
if ( data == NULL ) {
printf("# bad data for entry id=%08lx\n\n", (long) id );
rc = EXIT_FAILURE;
if( continuemode ) continue;
break;
}
if ( fputs( data, ldiffp->fp ) == EOF ||
fputs( "\n", ldiffp->fp ) == EOF ) {
fprintf(stderr, "%s: error writing output.\n",
progname);
rc = EXIT_FAILURE;
break;
}
}
be->be_entry_close( be );
if ( slap_tool_destroy())
rc = EXIT_FAILURE;
return rc;
}
int
dnssrv_back_search(
Operation *op,
SlapReply *rs )
{
int i;
int rc;
char *domain = NULL;
char *hostlist = NULL;
char **hosts = NULL;
char *refdn;
struct berval nrefdn = BER_BVNULL;
BerVarray urls = NULL;
int manageDSAit;
rs->sr_ref = NULL;
if ( BER_BVISEMPTY( &op->o_req_ndn ) ) {
/* FIXME: need some means to determine whether the database
* is a glue instance; if we got here with empty DN, then
* we passed this same test in dnssrv_back_referrals() */
if ( !SLAP_GLUE_INSTANCE( op->o_bd ) ) {
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
rs->sr_text = "DNS SRV operation upon null (empty) DN disallowed";
} else {
rs->sr_err = LDAP_SUCCESS;
}
goto done;
}
manageDSAit = get_manageDSAit( op );
/*
* FIXME: we may return a referral if manageDSAit is not set
*/
if ( !manageDSAit ) {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"manageDSAit must be set" );
goto done;
}
if( ldap_dn2domain( op->o_req_dn.bv_val, &domain ) || domain == NULL ) {
rs->sr_err = LDAP_REFERRAL;
rs->sr_ref = default_referral;
send_ldap_result( op, rs );
rs->sr_ref = NULL;
goto done;
}
Debug( LDAP_DEBUG_TRACE, "DNSSRV: dn=\"%s\" -> domain=\"%s\"\n",
op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "", domain );
if( ( rc = ldap_domain2hostlist( domain, &hostlist ) ) ) {
Debug( LDAP_DEBUG_TRACE, "DNSSRV: domain2hostlist returned %d\n",
rc );
send_ldap_error( op, rs, LDAP_NO_SUCH_OBJECT,
"no DNS SRV RR available for DN" );
goto done;
}
hosts = ldap_str2charray( hostlist, " " );
if( hosts == NULL ) {
Debug( LDAP_DEBUG_TRACE, "DNSSRV: str2charray error\n" );
send_ldap_error( op, rs, LDAP_OTHER,
"problem processing DNS SRV records for DN" );
goto done;
}
for( i=0; hosts[i] != NULL; i++) {
struct berval url;
url.bv_len = STRLENOF( "ldap://" ) + strlen(hosts[i]);
url.bv_val = ch_malloc( url.bv_len + 1 );
strcpy( url.bv_val, "ldap://" );
strcpy( &url.bv_val[STRLENOF( "ldap://" )], hosts[i] );
if( ber_bvarray_add( &urls, &url ) < 0 ) {
free( url.bv_val );
send_ldap_error( op, rs, LDAP_OTHER,
"problem processing DNS SRV records for DN" );
goto done;
}
}
Debug( LDAP_DEBUG_STATS,
"%s DNSSRV p=%d dn=\"%s\" url=\"%s\"\n",
op->o_log_prefix, op->o_protocol,
op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "", urls[0].bv_val );
Debug( LDAP_DEBUG_TRACE,
"DNSSRV: ManageDSAit scope=%d dn=\"%s\" -> url=\"%s\"\n",
op->oq_search.rs_scope,
op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "",
urls[0].bv_val );
rc = ldap_domain2dn(domain, &refdn);
if( rc != LDAP_SUCCESS ) {
send_ldap_error( op, rs, LDAP_OTHER,
"DNS SRV problem processing manageDSAit control" );
goto done;
} else {
struct berval bv;
bv.bv_val = refdn;
bv.bv_len = strlen( refdn );
rc = dnNormalize( 0, NULL, NULL, &bv, &nrefdn, op->o_tmpmemctx );
if( rc != LDAP_SUCCESS ) {
send_ldap_error( op, rs, LDAP_OTHER,
"DNS SRV problem processing manageDSAit control" );
goto done;
}
}
if( !dn_match( &nrefdn, &op->o_req_ndn ) ) {
/* requested dn is subordinate */
Debug( LDAP_DEBUG_TRACE,
"DNSSRV: dn=\"%s\" subordinate to refdn=\"%s\"\n",
op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "",
refdn == NULL ? "" : refdn );
rs->sr_matched = refdn;
rs->sr_err = LDAP_NO_SUCH_OBJECT;
send_ldap_result( op, rs );
rs->sr_matched = NULL;
} else if ( op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL ) {
send_ldap_error( op, rs, LDAP_SUCCESS, NULL );
} else {
Entry e = { 0 };
AttributeDescription *ad_objectClass
= slap_schema.si_ad_objectClass;
AttributeDescription *ad_ref = slap_schema.si_ad_ref;
e.e_name.bv_val = ch_strdup( op->o_req_dn.bv_val );
e.e_name.bv_len = op->o_req_dn.bv_len;
e.e_nname.bv_val = ch_strdup( op->o_req_ndn.bv_val );
e.e_nname.bv_len = op->o_req_ndn.bv_len;
e.e_attrs = NULL;
e.e_private = NULL;
attr_merge_one( &e, ad_objectClass, &slap_schema.si_oc_referral->soc_cname, NULL );
attr_merge_one( &e, ad_objectClass, &slap_schema.si_oc_extensibleObject->soc_cname, NULL );
if ( ad_dc ) {
char *p;
struct berval bv;
bv.bv_val = domain;
p = strchr( bv.bv_val, '.' );
if ( p == bv.bv_val ) {
bv.bv_len = 1;
} else if ( p != NULL ) {
bv.bv_len = p - bv.bv_val;
} else {
bv.bv_len = strlen( bv.bv_val );
}
attr_merge_normalize_one( &e, ad_dc, &bv, NULL );
}
if ( ad_associatedDomain ) {
struct berval bv;
ber_str2bv( domain, 0, 0, &bv );
attr_merge_normalize_one( &e, ad_associatedDomain, &bv, NULL );
}
attr_merge_normalize_one( &e, ad_ref, urls, NULL );
rc = test_filter( op, &e, op->oq_search.rs_filter );
if( rc == LDAP_COMPARE_TRUE ) {
rs->sr_entry = &e;
rs->sr_attrs = op->oq_search.rs_attrs;
rs->sr_flags = REP_ENTRY_MODIFIABLE;
send_search_entry( op, rs );
rs->sr_entry = NULL;
rs->sr_attrs = NULL;
rs->sr_flags = 0;
}
entry_clean( &e );
rs->sr_err = LDAP_SUCCESS;
send_ldap_result( op, rs );
}
free( refdn );
if ( nrefdn.bv_val ) free( nrefdn.bv_val );
done:
if( domain != NULL ) ch_free( domain );
if( hostlist != NULL ) ch_free( hostlist );
if( hosts != NULL ) ldap_charray_free( hosts );
if( urls != NULL ) ber_bvarray_free( urls );
return 0;
}
int
slapschema( int argc, char **argv )
{
ID id;
int rc = EXIT_SUCCESS;
const char *progname = "slapschema";
Connection conn = { 0 };
OperationBuffer opbuf;
Operation *op = NULL;
void *thrctx;
int requestBSF = 0;
int doBSF = 0;
slap_tool_init( progname, SLAPCAT, argc, argv );
requestBSF = ( sub_ndn.bv_len || filter );
#ifdef SIGPIPE
(void) SIGNAL( SIGPIPE, slapcat_sig );
#endif
#ifdef SIGHUP
(void) SIGNAL( SIGHUP, slapcat_sig );
#endif
(void) SIGNAL( SIGINT, slapcat_sig );
(void) SIGNAL( SIGTERM, slapcat_sig );
if( !be->be_entry_open ||
!be->be_entry_close ||
!( be->be_entry_first || be->be_entry_first_x ) ||
!be->be_entry_next ||
!be->be_entry_get )
{
fprintf( stderr, "%s: database doesn't support necessary operations.\n",
progname );
exit( EXIT_FAILURE );
}
if( be->be_entry_open( be, 0 ) != 0 ) {
fprintf( stderr, "%s: could not open database.\n",
progname );
exit( EXIT_FAILURE );
}
thrctx = ldap_pvt_thread_pool_context();
connection_fake_init( &conn, &opbuf, thrctx );
op = &opbuf.ob_op;
op->o_tmpmemctx = NULL;
op->o_bd = be;
if ( !requestBSF && be->be_entry_first ) {
id = be->be_entry_first( be );
} else {
if ( be->be_entry_first_x ) {
id = be->be_entry_first_x( be,
sub_ndn.bv_len ? &sub_ndn : NULL, scope, filter );
} else {
assert( be->be_entry_first != NULL );
doBSF = 1;
id = be->be_entry_first( be );
}
}
for ( ; id != NOID; id = be->be_entry_next( be ) ) {
Entry* e;
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof(textbuf);
const char *text = NULL;
if ( gotsig )
break;
e = be->be_entry_get( be, id );
if ( e == NULL ) {
printf("# no data for entry id=%08lx\n\n", (long) id );
rc = EXIT_FAILURE;
if( continuemode ) continue;
break;
}
if ( doBSF ) {
if ( sub_ndn.bv_len && !dnIsSuffixScope( &e->e_nname, &sub_ndn, scope ) )
{
be_entry_release_r( op, e );
continue;
}
if ( filter != NULL ) {
int rc = test_filter( NULL, e, filter );
if ( rc != LDAP_COMPARE_TRUE ) {
be_entry_release_r( op, e );
continue;
}
}
}
if( verbose ) {
printf( "# id=%08lx\n", (long) id );
}
rc = entry_schema_check( op, e, NULL, 0, 0, NULL,
&text, textbuf, textlen );
if ( rc != LDAP_SUCCESS ) {
fprintf( ldiffp->fp, "# (%d) %s%s%s\n",
rc, ldap_err2string( rc ),
text ? ": " : "",
text ? text : "" );
fprintf( ldiffp->fp, "dn: %s\n\n", e->e_name.bv_val );
}
be_entry_release_r( op, e );
}
be->be_entry_close( be );
if ( slap_tool_destroy() )
rc = EXIT_FAILURE;
return rc;
}
