int
meta_back_delete( Operation *op, SlapReply *rs )
{
metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
metatarget_t *mt;
metaconn_t *mc = NULL;
int candidate = -1;
struct berval mdn = BER_BVNULL;
dncookie dc;
int msgid;
ldap_back_send_t retrying = LDAP_BACK_RETRYING;
LDAPControl **ctrls = NULL;
mc = meta_back_getconn( op, rs, &candidate, LDAP_BACK_SENDERR );
if ( !mc || !meta_back_dobind( op, rs, mc, LDAP_BACK_SENDERR ) ) {
return rs->sr_err;
}
assert( mc->mc_conns[ candidate ].msc_ld != NULL );
ldap_pvt_thread_mutex_lock( &mc->mc_mutex );
/*
* Rewrite the compare dn, if needed
*/
mt = mi->mi_targets[ candidate ];
dc.target = mt;
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = "deleteDN";
if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
send_ldap_result( op, rs );
goto cleanup;
}
retry:;
ctrls = op->o_ctrls;
if ( meta_back_controls_add( op, rs, mc, candidate, &ctrls ) != LDAP_SUCCESS )
{
send_ldap_result( op, rs );
goto cleanup;
}
rs->sr_err = ldap_delete_ext( mc->mc_conns[ candidate ].msc_ld,
mdn.bv_val, ctrls, NULL, &msgid );
rs->sr_err = meta_back_op_result( mc, op, rs, candidate, msgid,
mt->mt_timeout[ SLAP_OP_DELETE ], ( LDAP_BACK_SENDRESULT | retrying ) );
if ( rs->sr_err == LDAP_UNAVAILABLE && retrying ) {
retrying &= ~LDAP_BACK_RETRYING;
if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
/* if the identity changed, there might be need to re-authz */
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
goto retry;
}
}
cleanup:;
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
if ( mdn.bv_val != op->o_req_dn.bv_val ) {
free( mdn.bv_val );
BER_BVZERO( &mdn );
}
if ( mc ) {
ldap_pvt_thread_mutex_unlock( &mc->mc_mutex );
meta_back_release_conn( mi, mc );
}
return rs->sr_err;
}
int
meta_back_modify( Operation *op, SlapReply *rs )
{
metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
metatarget_t *mt;
metaconn_t *mc;
int rc = 0;
LDAPMod **modv = NULL;
LDAPMod *mods = NULL;
Modifications *ml;
int candidate = -1, i;
int isupdate;
struct berval mdn = BER_BVNULL;
struct berval mapped;
dncookie dc;
int msgid;
ldap_back_send_t retrying = LDAP_BACK_RETRYING;
LDAPControl **ctrls = NULL;
mc = meta_back_getconn( op, rs, &candidate, LDAP_BACK_SENDERR );
if ( !mc || !meta_back_dobind( op, rs, mc, LDAP_BACK_SENDERR ) ) {
return rs->sr_err;
}
assert( mc->mc_conns[ candidate ].msc_ld != NULL );
/*
* Rewrite the modify dn, if needed
*/
mt = mi->mi_targets[ candidate ];
dc.target = mt;
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = "modifyDN";
if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
send_ldap_result( op, rs );
goto cleanup;
}
for ( i = 0, ml = op->orm_modlist; ml; i++ ,ml = ml->sml_next )
;
mods = ch_malloc( sizeof( LDAPMod )*i );
if ( mods == NULL ) {
rs->sr_err = LDAP_OTHER;
send_ldap_result( op, rs );
goto cleanup;
}
modv = ( LDAPMod ** )ch_malloc( ( i + 1 )*sizeof( LDAPMod * ) );
if ( modv == NULL ) {
rs->sr_err = LDAP_OTHER;
send_ldap_result( op, rs );
goto cleanup;
}
dc.ctx = "modifyAttrDN";
isupdate = be_shadow_update( op );
for ( i = 0, ml = op->orm_modlist; ml; ml = ml->sml_next ) {
int j, is_oc = 0;
if ( !isupdate && !get_relax( op ) && ml->sml_desc->ad_type->sat_no_user_mod )
{
continue;
}
if ( ml->sml_desc == slap_schema.si_ad_objectClass
|| ml->sml_desc == slap_schema.si_ad_structuralObjectClass )
{
is_oc = 1;
mapped = ml->sml_desc->ad_cname;
} else {
ldap_back_map( &mt->mt_rwmap.rwm_at,
&ml->sml_desc->ad_cname, &mapped,
BACKLDAP_MAP );
if ( BER_BVISNULL( &mapped ) || BER_BVISEMPTY( &mapped ) ) {
continue;
}
}
modv[ i ] = &mods[ i ];
mods[ i ].mod_op = ml->sml_op | LDAP_MOD_BVALUES;
mods[ i ].mod_type = mapped.bv_val;
/*
* FIXME: dn-valued attrs should be rewritten
* to allow their use in ACLs at the back-ldap
* level.
*/
if ( ml->sml_values != NULL ) {
if ( is_oc ) {
for ( j = 0; !BER_BVISNULL( &ml->sml_values[ j ] ); j++ )
;
mods[ i ].mod_bvalues =
(struct berval **)ch_malloc( ( j + 1 ) *
sizeof( struct berval * ) );
for ( j = 0; !BER_BVISNULL( &ml->sml_values[ j ] ); ) {
struct ldapmapping *mapping;
ldap_back_mapping( &mt->mt_rwmap.rwm_oc,
&ml->sml_values[ j ], &mapping, BACKLDAP_MAP );
if ( mapping == NULL ) {
if ( mt->mt_rwmap.rwm_oc.drop_missing ) {
continue;
}
mods[ i ].mod_bvalues[ j ] = &ml->sml_values[ j ];
} else {
mods[ i ].mod_bvalues[ j ] = &mapping->dst;
}
j++;
}
mods[ i ].mod_bvalues[ j ] = NULL;
} else {
if ( ml->sml_desc->ad_type->sat_syntax ==
slap_schema.si_syn_distinguishedName )
{
( void )ldap_dnattr_rewrite( &dc, ml->sml_values );
if ( ml->sml_values == NULL ) {
continue;
}
}
for ( j = 0; !BER_BVISNULL( &ml->sml_values[ j ] ); j++ )
;
mods[ i ].mod_bvalues =
(struct berval **)ch_malloc( ( j + 1 ) *
sizeof( struct berval * ) );
for ( j = 0; !BER_BVISNULL( &ml->sml_values[ j ] ); j++ ) {
mods[ i ].mod_bvalues[ j ] = &ml->sml_values[ j ];
}
mods[ i ].mod_bvalues[ j ] = NULL;
}
} else {
mods[ i ].mod_bvalues = NULL;
}
i++;
}
modv[ i ] = 0;
retry:;
ctrls = op->o_ctrls;
rc = meta_back_controls_add( op, rs, mc, candidate, &ctrls );
if ( rc != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
rs->sr_err = ldap_modify_ext( mc->mc_conns[ candidate ].msc_ld, mdn.bv_val,
modv, ctrls, NULL, &msgid );
rs->sr_err = meta_back_op_result( mc, op, rs, candidate, msgid,
mt->mt_timeout[ SLAP_OP_MODIFY ], ( LDAP_BACK_SENDRESULT | retrying ) );
if ( rs->sr_err == LDAP_UNAVAILABLE && retrying ) {
retrying &= ~LDAP_BACK_RETRYING;
if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
/* if the identity changed, there might be need to re-authz */
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
goto retry;
}
}
cleanup:;
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
if ( mdn.bv_val != op->o_req_dn.bv_val ) {
free( mdn.bv_val );
BER_BVZERO( &mdn );
}
if ( modv != NULL ) {
for ( i = 0; modv[ i ]; i++ ) {
free( modv[ i ]->mod_bvalues );
}
}
free( mods );
free( modv );
if ( mc ) {
meta_back_release_conn( mi, mc );
}
return rs->sr_err;
}
int
meta_back_compare( Operation *op, SlapReply *rs )
{
metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
metatarget_t *mt;
metaconn_t *mc;
int rc = 0;
int candidate = -1;
struct berval mdn = BER_BVNULL;
dncookie dc;
struct berval mapped_attr = op->orc_ava->aa_desc->ad_cname;
struct berval mapped_value = op->orc_ava->aa_value;
int msgid;
ldap_back_send_t retrying = LDAP_BACK_RETRYING;
LDAPControl **ctrls = NULL;
mc = meta_back_getconn( op, rs, &candidate, LDAP_BACK_SENDERR );
if ( !mc || !meta_back_dobind( op, rs, mc, LDAP_BACK_SENDERR ) ) {
return rs->sr_err;
}
assert( mc->mc_conns[ candidate ].msc_ld != NULL );
/*
* Rewrite the modify dn, if needed
*/
mt = mi->mi_targets[ candidate ];
dc.target = mt;
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = "compareDN";
switch ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
case LDAP_UNWILLING_TO_PERFORM:
rc = 1;
goto cleanup;
default:
break;
}
/*
* if attr is objectClass, try to remap the value
*/
if ( op->orc_ava->aa_desc == slap_schema.si_ad_objectClass ) {
ldap_back_map( &mt->mt_rwmap.rwm_oc,
&op->orc_ava->aa_value,
&mapped_value, BACKLDAP_MAP );
if ( BER_BVISNULL( &mapped_value ) || BER_BVISEMPTY( &mapped_value ) ) {
goto cleanup;
}
/*
* else try to remap the attribute
*/
} else {
ldap_back_map( &mt->mt_rwmap.rwm_at,
&op->orc_ava->aa_desc->ad_cname,
&mapped_attr, BACKLDAP_MAP );
if ( BER_BVISNULL( &mapped_attr ) || BER_BVISEMPTY( &mapped_attr ) ) {
goto cleanup;
}
if ( op->orc_ava->aa_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName )
{
dc.ctx = "compareAttrDN";
switch ( ldap_back_dn_massage( &dc, &op->orc_ava->aa_value, &mapped_value ) )
{
case LDAP_UNWILLING_TO_PERFORM:
rc = 1;
goto cleanup;
default:
break;
}
}
}
retry:;
ctrls = op->o_ctrls;
rc = meta_back_controls_add( op, rs, mc, candidate, &ctrls );
if ( rc != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
rs->sr_err = ldap_compare_ext( mc->mc_conns[ candidate ].msc_ld, mdn.bv_val,
mapped_attr.bv_val, &mapped_value,
ctrls, NULL, &msgid );
rs->sr_err = meta_back_op_result( mc, op, rs, candidate, msgid,
mt->mt_timeout[ SLAP_OP_COMPARE ], ( LDAP_BACK_SENDRESULT | retrying ) );
if ( rs->sr_err == LDAP_UNAVAILABLE && retrying ) {
retrying &= ~LDAP_BACK_RETRYING;
if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
/* if the identity changed, there might be need to re-authz */
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
goto retry;
}
}
cleanup:;
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
if ( mdn.bv_val != op->o_req_dn.bv_val ) {
free( mdn.bv_val );
}
if ( op->orc_ava->aa_value.bv_val != mapped_value.bv_val ) {
free( mapped_value.bv_val );
}
if ( mc ) {
meta_back_release_conn( mi, mc );
}
return rs->sr_err;
}
int
meta_back_add( Operation *op, SlapReply *rs )
{
metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
metatarget_t *mt;
metaconn_t *mc;
int i, candidate = -1;
int isupdate;
Attribute *a;
LDAPMod **attrs;
struct berval mdn = BER_BVNULL, mapped;
dncookie dc;
int msgid;
ldap_back_send_t retrying = LDAP_BACK_RETRYING;
LDAPControl **ctrls = NULL;
Debug(LDAP_DEBUG_ARGS, "==> meta_back_add: %s\n",
op->o_req_dn.bv_val );
/*
* get the current connection
*/
mc = meta_back_getconn( op, rs, &candidate, LDAP_BACK_SENDERR );
if ( !mc || !meta_back_dobind( op, rs, mc, LDAP_BACK_SENDERR ) ) {
return rs->sr_err;
}
assert( mc->mc_conns[ candidate ].msc_ld != NULL );
/*
* Rewrite the add dn, if needed
*/
mt = mi->mi_targets[ candidate ];
dc.target = mt;
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = "addDN";
if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
send_ldap_result( op, rs );
goto done;
}
/* Count number of attributes in entry ( +1 ) */
for ( i = 1, a = op->ora_e->e_attrs; a; i++, a = a->a_next );
/* Create array of LDAPMods for ldap_add() */
attrs = ch_malloc( sizeof( LDAPMod * )*i );
dc.ctx = "addAttrDN";
isupdate = be_shadow_update( op );
for ( i = 0, a = op->ora_e->e_attrs; a; a = a->a_next ) {
int j, is_oc = 0;
if ( !isupdate && !get_relax( op ) && a->a_desc->ad_type->sat_no_user_mod )
{
continue;
}
if ( a->a_desc == slap_schema.si_ad_objectClass
|| a->a_desc == slap_schema.si_ad_structuralObjectClass )
{
is_oc = 1;
mapped = a->a_desc->ad_cname;
} else {
ldap_back_map( &mt->mt_rwmap.rwm_at,
&a->a_desc->ad_cname, &mapped, BACKLDAP_MAP );
if ( BER_BVISNULL( &mapped ) || BER_BVISEMPTY( &mapped ) ) {
continue;
}
}
attrs[ i ] = ch_malloc( sizeof( LDAPMod ) );
if ( attrs[ i ] == NULL ) {
continue;
}
attrs[ i ]->mod_op = LDAP_MOD_BVALUES;
attrs[ i ]->mod_type = mapped.bv_val;
if ( is_oc ) {
for ( j = 0; !BER_BVISNULL( &a->a_vals[ j ] ); j++ )
;
attrs[ i ]->mod_bvalues =
(struct berval **)ch_malloc( ( j + 1 ) *
sizeof( struct berval * ) );
for ( j = 0; !BER_BVISNULL( &a->a_vals[ j ] ); ) {
struct ldapmapping *mapping;
ldap_back_mapping( &mt->mt_rwmap.rwm_oc,
&a->a_vals[ j ], &mapping, BACKLDAP_MAP );
if ( mapping == NULL ) {
if ( mt->mt_rwmap.rwm_oc.drop_missing ) {
continue;
}
attrs[ i ]->mod_bvalues[ j ] = &a->a_vals[ j ];
} else {
attrs[ i ]->mod_bvalues[ j ] = &mapping->dst;
}
j++;
}
attrs[ i ]->mod_bvalues[ j ] = NULL;
} else {
/*
* FIXME: dn-valued attrs should be rewritten
* to allow their use in ACLs at the back-ldap
* level.
*/
if ( a->a_desc->ad_type->sat_syntax ==
slap_schema.si_syn_distinguishedName )
{
(void)ldap_dnattr_rewrite( &dc, a->a_vals );
if ( a->a_vals == NULL ) {
continue;
}
}
for ( j = 0; !BER_BVISNULL( &a->a_vals[ j ] ); j++ )
;
attrs[ i ]->mod_bvalues = ch_malloc( ( j + 1 ) * sizeof( struct berval * ) );
for ( j = 0; !BER_BVISNULL( &a->a_vals[ j ] ); j++ ) {
attrs[ i ]->mod_bvalues[ j ] = &a->a_vals[ j ];
}
attrs[ i ]->mod_bvalues[ j ] = NULL;
}
i++;
}
attrs[ i ] = NULL;
retry:;
ctrls = op->o_ctrls;
if ( meta_back_controls_add( op, rs, mc, candidate, &ctrls ) != LDAP_SUCCESS )
{
send_ldap_result( op, rs );
goto cleanup;
}
rs->sr_err = ldap_add_ext( mc->mc_conns[ candidate ].msc_ld, mdn.bv_val,
attrs, ctrls, NULL, &msgid );
rs->sr_err = meta_back_op_result( mc, op, rs, candidate, msgid,
mt->mt_timeout[ SLAP_OP_ADD ], ( LDAP_BACK_SENDRESULT | retrying ) );
if ( rs->sr_err == LDAP_UNAVAILABLE && retrying ) {
retrying &= ~LDAP_BACK_RETRYING;
if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
/* if the identity changed, there might be need to re-authz */
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
goto retry;
}
}
cleanup:;
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
for ( --i; i >= 0; --i ) {
free( attrs[ i ]->mod_bvalues );
free( attrs[ i ] );
}
free( attrs );
if ( mdn.bv_val != op->ora_e->e_dn ) {
free( mdn.bv_val );
BER_BVZERO( &mdn );
}
done:;
if ( mc ) {
meta_back_release_conn( mi, mc );
}
return rs->sr_err;
}
int
meta_back_modrdn( Operation *op, SlapReply *rs )
{
metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
metatarget_t *mt;
metaconn_t *mc;
int candidate = -1;
struct berval mdn = BER_BVNULL,
mnewSuperior = BER_BVNULL;
dncookie dc;
int msgid;
ldap_back_send_t retrying = LDAP_BACK_RETRYING;
LDAPControl **ctrls = NULL;
struct berval newrdn = BER_BVNULL;
mc = meta_back_getconn( op, rs, &candidate, LDAP_BACK_SENDERR );
if ( !mc || !meta_back_dobind( op, rs, mc, LDAP_BACK_SENDERR ) ) {
return rs->sr_err;
}
assert( mc->mc_conns[ candidate ].msc_ld != NULL );
mt = mi->mi_targets[ candidate ];
dc.target = mt;
dc.conn = op->o_conn;
dc.rs = rs;
if ( op->orr_newSup ) {
/*
* NOTE: the newParent, if defined, must be on the
* same target as the entry to be renamed. This check
* has been anticipated in meta_back_getconn()
*/
/*
* FIXME: one possibility is to delete the entry
* from one target and add it to the other;
* unfortunately we'd need write access to both,
* which is nearly impossible; for administration
* needs, the rootdn of the metadirectory could
* be mapped to an administrative account on each
* target (the binddn?); we'll see.
*/
/*
* NOTE: we need to port the identity assertion
* feature from back-ldap
*/
/* needs LDAPv3 */
switch ( mt->mt_version ) {
case LDAP_VERSION3:
break;
case 0:
if ( op->o_protocol == 0 || op->o_protocol == LDAP_VERSION3 ) {
break;
}
/* fall thru */
default:
/* op->o_protocol cannot be anything but LDAPv3,
* otherwise wouldn't be here */
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
send_ldap_result( op, rs );
goto cleanup;
}
/*
* Rewrite the new superior, if defined and required
*/
dc.ctx = "newSuperiorDN";
if ( ldap_back_dn_massage( &dc, op->orr_newSup, &mnewSuperior ) ) {
rs->sr_err = LDAP_OTHER;
send_ldap_result( op, rs );
goto cleanup;
}
}
/*
* Rewrite the modrdn dn, if required
*/
dc.ctx = "modrDN";
if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
rs->sr_err = LDAP_OTHER;
send_ldap_result( op, rs );
goto cleanup;
}
/* NOTE: we need to copy the newRDN in case it was formed
* from a DN by simply changing the length (ITS#5397) */
newrdn = op->orr_newrdn;
if ( newrdn.bv_val[ newrdn.bv_len ] != '\0' ) {
ber_dupbv_x( &newrdn, &op->orr_newrdn, op->o_tmpmemctx );
}
retry:;
ctrls = op->o_ctrls;
if ( meta_back_controls_add( op, rs, mc, candidate, &ctrls ) != LDAP_SUCCESS )
{
send_ldap_result( op, rs );
goto cleanup;
}
rs->sr_err = ldap_rename( mc->mc_conns[ candidate ].msc_ld,
mdn.bv_val, newrdn.bv_val,
mnewSuperior.bv_val, op->orr_deleteoldrdn,
ctrls, NULL, &msgid );
rs->sr_err = meta_back_op_result( mc, op, rs, candidate, msgid,
mt->mt_timeout[ SLAP_OP_MODRDN ], ( LDAP_BACK_SENDRESULT | retrying ) );
if ( rs->sr_err == LDAP_UNAVAILABLE && retrying ) {
retrying &= ~LDAP_BACK_RETRYING;
if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
/* if the identity changed, there might be need to re-authz */
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
goto retry;
}
}
cleanup:;
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
if ( mdn.bv_val != op->o_req_dn.bv_val ) {
free( mdn.bv_val );
BER_BVZERO( &mdn );
}
if ( !BER_BVISNULL( &mnewSuperior )
&& mnewSuperior.bv_val != op->orr_newSup->bv_val )
{
free( mnewSuperior.bv_val );
BER_BVZERO( &mnewSuperior );
}
if ( newrdn.bv_val != op->orr_newrdn.bv_val ) {
op->o_tmpfree( newrdn.bv_val, op->o_tmpmemctx );
}
if ( mc ) {
meta_back_release_conn( mi, mc );
}
return rs->sr_err;
}
int
meta_back_compare(
Backend *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn,
AttributeAssertion *ava
)
{
struct metainfo *li = ( struct metainfo * )be->be_private;
struct metaconn *lc;
struct metasingleconn *lsc;
char *match = NULL, *err = NULL, *mmatch = NULL;
int candidates = 0, last = 0, i, count, rc;
int cres = LDAP_SUCCESS, rres = LDAP_SUCCESS;
int *msgid;
lc = meta_back_getconn( li, conn, op, META_OP_ALLOW_MULTIPLE,
ndn, NULL );
if ( !lc || !meta_back_dobind( lc, op ) ) {
send_ldap_result( conn, op, LDAP_OTHER,
NULL, NULL, NULL, NULL );
return -1;
}
msgid = ch_calloc( sizeof( int ), li->ntargets );
if ( msgid == NULL ) {
return -1;
}
/*
* start an asynchronous compare for each candidate target
*/
for ( i = 0, lsc = lc->conns; !META_LAST(lsc); ++i, ++lsc ) {
char *mdn = NULL;
struct berval mapped_attr = ava->aa_desc->ad_cname;
struct berval mapped_value = ava->aa_value;
if ( lsc->candidate != META_CANDIDATE ) {
msgid[ i ] = -1;
continue;
}
/*
* Rewrite the compare dn, if needed
*/
switch ( rewrite_session( li->targets[ i ]->rwinfo,
"compareDn",
dn->bv_val, conn, &mdn ) ) {
case REWRITE_REGEXEC_OK:
if ( mdn == NULL ) {
mdn = ( char * )dn->bv_val;
}
#ifdef NEW_LOGGING
LDAP_LOG( BACK_META, DETAIL1,
"[rw] compareDn: \"%s\" -> \"%s\"\n", dn->bv_val, mdn, 0 );
#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS,
"rw> compareDn: \"%s\" -> \"%s\"\n%s",
dn->bv_val, mdn, "" );
#endif /* !NEW_LOGGING */
break;
case REWRITE_REGEXEC_UNWILLING:
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
NULL, "Operation not allowed",
NULL, NULL );
return -1;
case REWRITE_REGEXEC_ERR:
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "Rewrite error",
NULL, NULL );
return -1;
}
/*
* if attr is objectClass, try to remap the value
*/
if ( ava->aa_desc == slap_schema.si_ad_objectClass ) {
ldap_back_map( &li->targets[ i ]->oc_map,
&ava->aa_value, &mapped_value,
BACKLDAP_MAP );
if ( mapped_value.bv_val == NULL || mapped_value.bv_val[0] == '\0' ) {
continue;
}
/*
* else try to remap the attribute
*/
} else {
ldap_back_map( &li->targets[ i ]->at_map,
&ava->aa_desc->ad_cname, &mapped_attr,
BACKLDAP_MAP );
if ( mapped_attr.bv_val == NULL || mapped_attr.bv_val[0] == '\0' ) {
continue;
}
}
/*
* the compare op is spawned across the targets and the first
* that returns determines the result; a constraint on unicity
* of the result ought to be enforced
*/
msgid[ i ] = ldap_compare( lc->conns[ i ].ld, mdn,
mapped_attr.bv_val, mapped_value.bv_val );
if ( mdn != dn->bv_val ) {
free( mdn );
}
if ( mapped_attr.bv_val != ava->aa_desc->ad_cname.bv_val ) {
free( mapped_attr.bv_val );
}
if ( mapped_value.bv_val != ava->aa_value.bv_val ) {
free( mapped_value.bv_val );
}
if ( msgid[ i ] == -1 ) {
continue;
}
++candidates;
}
/*
* wait for replies
*/
for ( rc = 0, count = 0; candidates > 0; ) {
/*
* FIXME: should we check for abandon?
*/
for ( i = 0, lsc = lc->conns; !META_LAST(lsc); lsc++, i++ ) {
int lrc;
LDAPMessage *res = NULL;
if ( msgid[ i ] == -1 ) {
continue;
}
lrc = ldap_result( lsc->ld, msgid[ i ],
0, NULL, &res );
if ( lrc == 0 ) {
/*
* FIXME: should we yield?
*/
if ( res ) {
ldap_msgfree( res );
}
continue;
} else if ( lrc == LDAP_RES_COMPARE ) {
if ( count > 0 ) {
rres = LDAP_OTHER;
rc = -1;
goto finish;
}
cres = ldap_result2error( lsc->ld, res, 1 );
switch ( cres ) {
case LDAP_COMPARE_TRUE:
case LDAP_COMPARE_FALSE:
/*
* true or flase, got it;
* sending to cache ...
*/
if ( li->cache.ttl != META_DNCACHE_DISABLED ) {
( void )meta_dncache_update_entry( &li->cache, ndn, i );
}
count++;
rc = 0;
break;
default:
rres = ldap_back_map_result( cres );
if ( err != NULL ) {
free( err );
}
ldap_get_option( lsc->ld,
LDAP_OPT_ERROR_STRING, &err );
if ( match != NULL ) {
free( match );
}
ldap_get_option( lsc->ld,
LDAP_OPT_MATCHED_DN, &match );
last = i;
break;
}
msgid[ i ] = -1;
--candidates;
} else {
msgid[ i ] = -1;
--candidates;
if ( res ) {
ldap_msgfree( res );
}
break;
}
}
}
finish:;
/*
* Rewrite the matched portion of the search base, if required
*
* FIXME: only the last one gets caught!
*/
if ( count == 1 ) {
if ( match != NULL ) {
free( match );
match = NULL;
}
/*
* the result of the compare is assigned to the res code
* that will be returned
*/
rres = cres;
} else if ( match != NULL ) {
/*
* At least one compare failed with matched portion,
* and none was successful
*/
switch ( rewrite_session( li->targets[ last ]->rwinfo,
"matchedDn", match, conn, &mmatch ) ) {
case REWRITE_REGEXEC_OK:
if ( mmatch == NULL ) {
mmatch = ( char * )match;
}
#ifdef NEW_LOGGING
LDAP_LOG( BACK_META, DETAIL1,
"[rw] matchedDn: \"%s\" -> \"%s\"\n", match, mmatch, 0 );
#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS, "rw> matchedDn:"
" \"%s\" -> \"%s\"\n%s",
match, mmatch, "" );
#endif /* !NEW_LOGGING */
break;
case REWRITE_REGEXEC_UNWILLING:
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
NULL, "Operation not allowed",
NULL, NULL );
rc = -1;
goto cleanup;
case REWRITE_REGEXEC_ERR:
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "Rewrite error",
NULL, NULL );
rc = -1;
goto cleanup;
}
}
send_ldap_result( conn, op, rres, mmatch, err, NULL, NULL );
cleanup:;
if ( match != NULL ) {
if ( mmatch != match ) {
free( mmatch );
}
free( match );
}
if ( msgid ) {
free( msgid );
}
return rc;
}
int
meta_back_modify(
Backend *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn,
Modifications *modlist
)
{
struct metainfo *li = ( struct metainfo * )be->be_private;
struct metaconn *lc;
LDAPMod **modv;
LDAPMod *mods;
Modifications *ml;
int candidate = -1, i;
char *mdn;
struct berval mapped;
lc = meta_back_getconn( li, conn, op, META_OP_REQUIRE_SINGLE,
ndn, &candidate );
if ( !lc || !meta_back_dobind( lc, op )
|| !meta_back_is_valid( lc, candidate ) ) {
send_ldap_result( conn, op, LDAP_OTHER,
NULL, NULL, NULL, NULL );
return -1;
}
/*
* Rewrite the modify dn, if needed
*/
switch ( rewrite_session( li->targets[ candidate ]->rwinfo,
"modifyDn", dn->bv_val, conn, &mdn ) ) {
case REWRITE_REGEXEC_OK:
if ( mdn == NULL ) {
mdn = ( char * )dn->bv_val;
}
#ifdef NEW_LOGGING
LDAP_LOG( BACK_META, DETAIL1,
"[rw] modifyDn: \"%s\" -> \"%s\"\n", dn->bv_val, mdn, 0 );
#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS, "rw> modifyDn: \"%s\" -> \"%s\"\n%s",
dn->bv_val, mdn, "" );
#endif /* !NEW_LOGGING */
break;
case REWRITE_REGEXEC_UNWILLING:
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
NULL, "Operation not allowed", NULL, NULL );
return -1;
case REWRITE_REGEXEC_ERR:
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "Rewrite error", NULL, NULL );
return -1;
}
for ( i = 0, ml = modlist; ml; i++ ,ml = ml->sml_next )
;
mods = ch_malloc( sizeof( LDAPMod )*i );
if ( mods == NULL ) {
if ( mdn != dn->bv_val ) {
free( mdn );
}
return -1;
}
modv = ( LDAPMod ** )ch_malloc( ( i + 1 )*sizeof( LDAPMod * ) );
if ( modv == NULL ) {
free( mods );
if ( mdn != dn->bv_val ) {
free( mdn );
}
return -1;
}
for ( i = 0, ml = modlist; ml; ml = ml->sml_next ) {
int j;
if ( ml->sml_desc->ad_type->sat_no_user_mod ) {
continue;
}
ldap_back_map( &li->targets[ candidate ]->at_map,
&ml->sml_desc->ad_cname, &mapped,
BACKLDAP_MAP );
if ( mapped.bv_val == NULL || mapped.bv_val[0] == '\0' ) {
continue;
}
modv[ i ] = &mods[ i ];
mods[ i ].mod_op = ml->sml_op | LDAP_MOD_BVALUES;
mods[ i ].mod_type = mapped.bv_val;
/*
* FIXME: dn-valued attrs should be rewritten
* to allow their use in ACLs at the back-ldap
* level.
*/
if ( strcmp( ml->sml_desc->ad_type->sat_syntax->ssyn_oid,
SLAPD_DN_SYNTAX ) == 0 ) {
ldap_dnattr_rewrite(
li->targets[ candidate ]->rwinfo,
ml->sml_bvalues, conn );
}
if ( ml->sml_bvalues != NULL ){
for (j = 0; ml->sml_bvalues[ j ].bv_val; j++);
mods[ i ].mod_bvalues = (struct berval **)ch_malloc((j+1) *
sizeof(struct berval *));
for (j = 0; ml->sml_bvalues[ j ].bv_val; j++)
mods[ i ].mod_bvalues[ j ] = &ml->sml_bvalues[j];
mods[ i ].mod_bvalues[ j ] = NULL;
} else {
mods[ i ].mod_bvalues = NULL;
}
i++;
}
modv[ i ] = 0;
ldap_modify_s( lc->conns[ candidate ].ld, mdn, modv );
if ( mdn != dn->bv_val ) {
free( mdn );
}
for ( i=0; modv[ i ]; i++)
free( modv[ i ]->mod_bvalues );
free( mods );
free( modv );
return meta_back_op_result( lc, op );
}