/* must run as a pool thread to avoid cn=config deadlock */
static void *
autoca_setca_task( void *ctx, void *arg )
{
Connection conn = { 0 };
OperationBuffer opbuf;
Operation *op;
struct berval *cacert = arg;
Modifications mod;
struct berval bvs[2];
slap_callback cb = {0};
SlapReply rs = {REP_RESULT};
const char *text;
connection_fake_init( &conn, &opbuf, ctx );
op = &opbuf.ob_op;
mod.sml_numvals = 1;
mod.sml_values = bvs;
mod.sml_nvalues = NULL;
mod.sml_desc = NULL;
if ( slap_str2ad( "olcTLSCACertificate;binary", &mod.sml_desc, &text ))
goto leave;
mod.sml_op = LDAP_MOD_REPLACE;
mod.sml_flags = SLAP_MOD_INTERNAL;
bvs[0] = *cacert;
BER_BVZERO( &bvs[1] );
mod.sml_next = NULL;
cb.sc_response = slap_null_cb;
op->o_bd = select_backend( (struct berval *)&configDN, 0 );
if ( !op->o_bd )
goto leave;
op->o_tag = LDAP_REQ_MODIFY;
op->o_callback = &cb;
op->orm_modlist = &mod;
op->orm_no_opattrs = 1;
op->o_req_dn = configDN;
op->o_req_ndn = configDN;
op->o_dn = op->o_bd->be_rootdn;
op->o_ndn = op->o_bd->be_rootndn;
op->o_bd->be_modify( op, &rs );
leave:
ch_free( arg );
return NULL;
}
int
slapschema( int argc, char **argv )
{
ID id;
int rc = EXIT_SUCCESS;
const char *progname = "slapschema";
Connection conn = { 0 };
OperationBuffer opbuf;
Operation *op = NULL;
void *thrctx;
int requestBSF = 0;
int doBSF = 0;
slap_tool_init( progname, SLAPCAT, argc, argv );
requestBSF = ( sub_ndn.bv_len || filter );
#ifdef SIGPIPE
(void) SIGNAL( SIGPIPE, slapcat_sig );
#endif
#ifdef SIGHUP
(void) SIGNAL( SIGHUP, slapcat_sig );
#endif
(void) SIGNAL( SIGINT, slapcat_sig );
(void) SIGNAL( SIGTERM, slapcat_sig );
if( !be->be_entry_open ||
!be->be_entry_close ||
!( be->be_entry_first || be->be_entry_first_x ) ||
!be->be_entry_next ||
!be->be_entry_get )
{
fprintf( stderr, "%s: database doesn't support necessary operations.\n",
progname );
exit( EXIT_FAILURE );
}
if( be->be_entry_open( be, 0 ) != 0 ) {
fprintf( stderr, "%s: could not open database.\n",
progname );
exit( EXIT_FAILURE );
}
thrctx = ldap_pvt_thread_pool_context();
connection_fake_init( &conn, &opbuf, thrctx );
op = &opbuf.ob_op;
op->o_tmpmemctx = NULL;
op->o_bd = be;
if ( !requestBSF && be->be_entry_first ) {
id = be->be_entry_first( be );
} else {
if ( be->be_entry_first_x ) {
id = be->be_entry_first_x( be,
sub_ndn.bv_len ? &sub_ndn : NULL, scope, filter );
} else {
assert( be->be_entry_first != NULL );
doBSF = 1;
id = be->be_entry_first( be );
}
}
for ( ; id != NOID; id = be->be_entry_next( be ) ) {
Entry* e;
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof(textbuf);
const char *text = NULL;
if ( gotsig )
break;
e = be->be_entry_get( be, id );
if ( e == NULL ) {
printf("# no data for entry id=%08lx\n\n", (long) id );
rc = EXIT_FAILURE;
if( continuemode ) continue;
break;
}
if ( doBSF ) {
if ( sub_ndn.bv_len && !dnIsSuffixScope( &e->e_nname, &sub_ndn, scope ) )
{
be_entry_release_r( op, e );
continue;
}
if ( filter != NULL ) {
int rc = test_filter( NULL, e, filter );
if ( rc != LDAP_COMPARE_TRUE ) {
be_entry_release_r( op, e );
continue;
}
}
}
if( verbose ) {
printf( "# id=%08lx\n", (long) id );
}
rc = entry_schema_check( op, e, NULL, 0, 0, NULL,
&text, textbuf, textlen );
if ( rc != LDAP_SUCCESS ) {
fprintf( ldiffp->fp, "# (%d) %s%s%s\n",
rc, ldap_err2string( rc ),
text ? ": " : "",
text ? text : "" );
fprintf( ldiffp->fp, "dn: %s\n\n", e->e_name.bv_val );
}
be_entry_release_r( op, e );
}
be->be_entry_close( be );
if ( slap_tool_destroy() )
rc = EXIT_FAILURE;
return rc;
}
/* reindex entries on the fly */
static void *
bdb_online_index( void *ctx, void *arg )
{
struct re_s *rtask = arg;
BackendDB *be = rtask->arg;
struct bdb_info *bdb = be->be_private;
Connection conn = {0};
OperationBuffer opbuf;
Operation *op;
DBC *curs;
DBT key, data;
DB_TXN *txn;
DB_LOCK lock;
ID id, nid;
EntryInfo *ei;
int rc, getnext = 1;
int i;
connection_fake_init( &conn, &opbuf, ctx );
op = &opbuf.ob_op;
op->o_bd = be;
DBTzero( &key );
DBTzero( &data );
id = 1;
key.data = &nid;
key.size = key.ulen = sizeof(ID);
key.flags = DB_DBT_USERMEM;
data.flags = DB_DBT_USERMEM | DB_DBT_PARTIAL;
data.dlen = data.ulen = 0;
while ( 1 ) {
if ( slapd_shutdown )
break;
rc = TXN_BEGIN( bdb->bi_dbenv, NULL, &txn, bdb->bi_db_opflags );
if ( rc )
break;
if ( getnext ) {
getnext = 0;
BDB_ID2DISK( id, &nid );
rc = bdb->bi_id2entry->bdi_db->cursor(
bdb->bi_id2entry->bdi_db, txn, &curs, bdb->bi_db_opflags );
if ( rc ) {
TXN_ABORT( txn );
break;
}
rc = curs->c_get( curs, &key, &data, DB_SET_RANGE );
curs->c_close( curs );
if ( rc ) {
TXN_ABORT( txn );
if ( rc == DB_NOTFOUND )
rc = 0;
if ( rc == DB_LOCK_DEADLOCK ) {
ldap_pvt_thread_yield();
continue;
}
break;
}
BDB_DISK2ID( &nid, &id );
}
ei = NULL;
rc = bdb_cache_find_id( op, txn, id, &ei, 0, &lock );
if ( rc ) {
TXN_ABORT( txn );
if ( rc == DB_LOCK_DEADLOCK ) {
ldap_pvt_thread_yield();
continue;
}
if ( rc == DB_NOTFOUND ) {
id++;
getnext = 1;
continue;
}
break;
}
if ( ei->bei_e ) {
rc = bdb_index_entry( op, txn, BDB_INDEX_UPDATE_OP, ei->bei_e );
if ( rc == DB_LOCK_DEADLOCK ) {
TXN_ABORT( txn );
ldap_pvt_thread_yield();
continue;
}
if ( rc == 0 ) {
rc = TXN_COMMIT( txn, 0 );
txn = NULL;
}
if ( rc )
break;
}
id++;
getnext = 1;
}
for ( i = 0; i < bdb->bi_nattrs; i++ ) {
if ( bdb->bi_attrs[ i ]->ai_indexmask & BDB_INDEX_DELETING
|| bdb->bi_attrs[ i ]->ai_newmask == 0 )
{
continue;
}
bdb->bi_attrs[ i ]->ai_indexmask = bdb->bi_attrs[ i ]->ai_newmask;
bdb->bi_attrs[ i ]->ai_newmask = 0;
}
ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
ldap_pvt_runqueue_stoptask( &slapd_rq, rtask );
bdb->bi_index_task = NULL;
ldap_pvt_runqueue_remove( &slapd_rq, rtask );
ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
return NULL;
}
int
slapauth( int argc, char **argv )
{
int rc = EXIT_SUCCESS;
const char *progname = "slapauth";
Connection conn = {0};
OperationBuffer opbuf;
Operation *op;
slap_tool_init( progname, SLAPAUTH, argc, argv );
argv = &argv[ optind ];
argc -= optind;
connection_fake_init( &conn, &opbuf, &conn );
op = &opbuf.ob_op;
conn.c_sasl_bind_mech = mech;
if ( !BER_BVISNULL( &authzID ) ) {
struct berval authzdn;
rc = slap_sasl_getdn( &conn, op, &authzID, NULL, &authzdn,
SLAP_GETDN_AUTHZID );
if ( rc != LDAP_SUCCESS ) {
fprintf( stderr, "authzID: <%s> check failed %d (%s)\n",
authzID.bv_val, rc,
ldap_err2string( rc ) );
rc = 1;
BER_BVZERO( &authzID );
goto destroy;
}
authzID = authzdn;
}
if ( !BER_BVISNULL( &authcID ) ) {
if ( !BER_BVISNULL( &authzID ) || argc == 0 ) {
rc = do_check( &conn, op, &authcID );
goto destroy;
}
for ( ; argc--; argv++ ) {
struct berval authzdn;
ber_str2bv( argv[ 0 ], 0, 0, &authzID );
rc = slap_sasl_getdn( &conn, op, &authzID, NULL, &authzdn,
SLAP_GETDN_AUTHZID );
if ( rc != LDAP_SUCCESS ) {
fprintf( stderr, "authzID: <%s> check failed %d (%s)\n",
authzID.bv_val, rc,
ldap_err2string( rc ) );
rc = -1;
BER_BVZERO( &authzID );
if ( !continuemode ) {
goto destroy;
}
}
authzID = authzdn;
rc = do_check( &conn, op, &authcID );
op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx );
BER_BVZERO( &authzID );
if ( rc && !continuemode ) {
goto destroy;
}
}
goto destroy;
}
for ( ; argc--; argv++ ) {
struct berval id;
ber_str2bv( argv[ 0 ], 0, 0, &id );
rc = do_check( &conn, op, &id );
if ( rc && !continuemode ) {
goto destroy;
}
}
destroy:
;
if ( !BER_BVISNULL( &authzID ) ) {
op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx );
}
if ( slap_tool_destroy())
rc = EXIT_FAILURE;
return rc;
}
/*
** Do a search for all the groups in the
** database, and add them to out internal list.
*/
static int
autogroup_db_open(
BackendDB *be,
ConfigReply *cr )
{
slap_overinst *on = (slap_overinst *) be->bd_info;
autogroup_info_t *agi = on->on_bi.bi_private;
autogroup_def_t *agd;
autogroup_sc_t ags;
Operation *op;
SlapReply rs = { REP_RESULT };
slap_callback cb = { 0 };
void *thrctx = ldap_pvt_thread_pool_context();
Connection conn = { 0 };
OperationBuffer opbuf;
Debug( LDAP_DEBUG_TRACE, "==> autogroup_db_open\n", 0, 0, 0);
if ( agi == NULL ) {
return 0;
}
connection_fake_init( &conn, &opbuf, thrctx );
op = &opbuf.ob_op;
op->ors_attrsonly = 0;
op->o_tag = LDAP_REQ_SEARCH;
op->o_dn = be->be_rootdn;
op->o_ndn = be->be_rootndn;
op->o_req_dn = be->be_suffix[0];
op->o_req_ndn = be->be_nsuffix[0];
op->ors_scope = LDAP_SCOPE_SUBTREE;
op->ors_deref = LDAP_DEREF_NEVER;
op->ors_limit = NULL;
op->ors_tlimit = SLAP_NO_LIMIT;
op->ors_slimit = SLAP_NO_LIMIT;
op->ors_attrs = slap_anlist_no_attrs;
op->o_bd = be;
op->o_bd->bd_info = (BackendInfo *)on->on_info;
ags.ags_info = agi;
cb.sc_private = &ags;
cb.sc_response = autogroup_group_add_cb;
cb.sc_cleanup = NULL;
cb.sc_next = NULL;
op->o_callback = &cb;
for (agd = agi->agi_def ; agd ; agd = agd->agd_next) {
autogroup_build_def_filter(agd, op);
ags.ags_def = agd;
op->o_bd->be_search( op, &rs );
filter_free_x( op, op->ors_filter, 1 );
op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
}
return 0;
}
/* reindex entries on the fly */
static void *
mdb_online_index( void *ctx, void *arg )
{
struct re_s *rtask = arg;
BackendDB *be = rtask->arg;
struct mdb_info *mdb = be->be_private;
Connection conn = {0};
OperationBuffer opbuf;
Operation *op;
MDB_cursor *curs;
MDB_val key, data;
MDB_txn *txn;
ID id;
Entry *e;
int rc, getnext = 1;
int i;
connection_fake_init( &conn, &opbuf, ctx );
op = &opbuf.ob_op;
op->o_bd = be;
id = 1;
key.mv_size = sizeof(ID);
while ( 1 ) {
if ( slapd_shutdown )
break;
rc = mdb_txn_begin( mdb->mi_dbenv, NULL, 0, &txn );
if ( rc )
break;
rc = mdb_cursor_open( txn, mdb->mi_id2entry, &curs );
if ( rc ) {
mdb_txn_abort( txn );
break;
}
if ( getnext ) {
getnext = 0;
key.mv_data = &id;
rc = mdb_cursor_get( curs, &key, &data, MDB_SET_RANGE );
if ( rc ) {
mdb_txn_abort( txn );
if ( rc == MDB_NOTFOUND )
rc = 0;
break;
}
memcpy( &id, key.mv_data, sizeof( id ));
}
rc = mdb_id2entry( op, curs, id, &e );
mdb_cursor_close( curs );
if ( rc ) {
mdb_txn_abort( txn );
if ( rc == MDB_NOTFOUND ) {
id++;
getnext = 1;
continue;
}
break;
}
rc = mdb_index_entry( op, txn, MDB_INDEX_UPDATE_OP, e );
mdb_entry_return( op, e );
if ( rc == 0 ) {
rc = mdb_txn_commit( txn );
txn = NULL;
} else {
mdb_txn_abort( txn );
txn = NULL;
}
if ( rc ) {
Debug( LDAP_DEBUG_ANY,
LDAP_XSTRING(mdb_online_index) ": database %s: "
"txn_commit failed: %s (%d)\n",
be->be_suffix[0].bv_val, mdb_strerror(rc), rc );
break;
}
id++;
getnext = 1;
}
for ( i = 0; i < mdb->mi_nattrs; i++ ) {
if ( mdb->mi_attrs[ i ]->ai_indexmask & MDB_INDEX_DELETING
|| mdb->mi_attrs[ i ]->ai_newmask == 0 )
{
continue;
}
mdb->mi_attrs[ i ]->ai_indexmask = mdb->mi_attrs[ i ]->ai_newmask;
mdb->mi_attrs[ i ]->ai_newmask = 0;
}
ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
ldap_pvt_runqueue_stoptask( &slapd_rq, rtask );
mdb->mi_index_task = NULL;
ldap_pvt_runqueue_remove( &slapd_rq, rtask );
ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
return NULL;
}
/* count dynamic objects existing in the database at startup */
static int
dds_count( void *ctx, BackendDB *be )
{
slap_overinst *on = (slap_overinst *)be->bd_info;
dds_info_t *di = (dds_info_t *)on->on_bi.bi_private;
Connection conn = { 0 };
OperationBuffer opbuf;
Operation *op;
slap_callback sc = { 0 };
SlapReply rs = { REP_RESULT };
int rc;
char *extra = "";
connection_fake_init( &conn, &opbuf, ctx );
op = &opbuf.ob_op;
op->o_tag = LDAP_REQ_SEARCH;
memset( &op->oq_search, 0, sizeof( op->oq_search ) );
op->o_bd = be;
op->o_req_dn = op->o_bd->be_suffix[ 0 ];
op->o_req_ndn = op->o_bd->be_nsuffix[ 0 ];
op->o_dn = op->o_bd->be_rootdn;
op->o_ndn = op->o_bd->be_rootndn;
op->ors_scope = LDAP_SCOPE_SUBTREE;
op->ors_tlimit = SLAP_NO_LIMIT;
op->ors_slimit = SLAP_NO_LIMIT;
op->ors_attrs = slap_anlist_no_attrs;
op->ors_filterstr.bv_len = STRLENOF( "(objectClass=" ")" )
+ slap_schema.si_oc_dynamicObject->soc_cname.bv_len;
op->ors_filterstr.bv_val = op->o_tmpalloc( op->ors_filterstr.bv_len + 1, op->o_tmpmemctx );
snprintf( op->ors_filterstr.bv_val, op->ors_filterstr.bv_len + 1,
"(objectClass=%s)",
slap_schema.si_oc_dynamicObject->soc_cname.bv_val );
op->ors_filter = str2filter_x( op, op->ors_filterstr.bv_val );
if ( op->ors_filter == NULL ) {
rs.sr_err = LDAP_OTHER;
goto done_search;
}
op->o_callback = ≻
sc.sc_response = dds_count_cb;
sc.sc_private = &di->di_num_dynamicObjects;
di->di_num_dynamicObjects = 0;
op->o_bd->bd_info = (BackendInfo *)on->on_info;
(void)op->o_bd->bd_info->bi_op_search( op, &rs );
op->o_bd->bd_info = (BackendInfo *)on;
done_search:;
op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
filter_free_x( op, op->ors_filter, 1 );
rc = rs.sr_err;
switch ( rs.sr_err ) {
case LDAP_SUCCESS:
Log1( LDAP_DEBUG_STATS, LDAP_LEVEL_INFO,
"DDS non-expired=%d\n",
di->di_num_dynamicObjects );
break;
case LDAP_NO_SUCH_OBJECT:
/* (ITS#5267) database not created yet? */
rs.sr_err = LDAP_SUCCESS;
extra = " (ignored)";
/* fallthru */
default:
Log2( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
"DDS non-expired objects lookup failed err=%d%s\n",
rc, extra );
break;
}
return rs.sr_err;
}
static int
dds_expire( void *ctx, dds_info_t *di )
{
Connection conn = { 0 };
OperationBuffer opbuf;
Operation *op;
slap_callback sc = { 0 };
dds_cb_t dc = { 0 };
dds_expire_t *de = NULL, **dep;
SlapReply rs = { REP_RESULT };
time_t expire;
char tsbuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
struct berval ts;
int ndeletes, ntotdeletes;
int rc;
char *extra = "";
connection_fake_init( &conn, &opbuf, ctx );
op = &opbuf.ob_op;
op->o_tag = LDAP_REQ_SEARCH;
memset( &op->oq_search, 0, sizeof( op->oq_search ) );
op->o_bd = select_backend( &di->di_nsuffix[ 0 ], 0 );
op->o_req_dn = op->o_bd->be_suffix[ 0 ];
op->o_req_ndn = op->o_bd->be_nsuffix[ 0 ];
op->o_dn = op->o_bd->be_rootdn;
op->o_ndn = op->o_bd->be_rootndn;
op->ors_scope = LDAP_SCOPE_SUBTREE;
op->ors_tlimit = DDS_INTERVAL( di )/2 + 1;
op->ors_slimit = SLAP_NO_LIMIT;
op->ors_attrs = slap_anlist_no_attrs;
expire = slap_get_time() + di->di_tolerance;
ts.bv_val = tsbuf;
ts.bv_len = sizeof( tsbuf );
slap_timestamp( &expire, &ts );
op->ors_filterstr.bv_len = STRLENOF( "(&(objectClass=" ")(" "<=" "))" )
+ slap_schema.si_oc_dynamicObject->soc_cname.bv_len
+ ad_entryExpireTimestamp->ad_cname.bv_len
+ ts.bv_len;
op->ors_filterstr.bv_val = op->o_tmpalloc( op->ors_filterstr.bv_len + 1, op->o_tmpmemctx );
snprintf( op->ors_filterstr.bv_val, op->ors_filterstr.bv_len + 1,
"(&(objectClass=%s)(%s<=%s))",
slap_schema.si_oc_dynamicObject->soc_cname.bv_val,
ad_entryExpireTimestamp->ad_cname.bv_val, ts.bv_val );
op->ors_filter = str2filter_x( op, op->ors_filterstr.bv_val );
if ( op->ors_filter == NULL ) {
rs.sr_err = LDAP_OTHER;
goto done_search;
}
op->o_callback = ≻
sc.sc_response = dds_expire_cb;
sc.sc_private = &dc;
(void)op->o_bd->bd_info->bi_op_search( op, &rs );
done_search:;
op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
filter_free_x( op, op->ors_filter, 1 );
rc = rs.sr_err;
switch ( rs.sr_err ) {
case LDAP_SUCCESS:
break;
case LDAP_NO_SUCH_OBJECT:
/* (ITS#5267) database not created yet? */
rs.sr_err = LDAP_SUCCESS;
extra = " (ignored)";
/* fallthru */
default:
Log2( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
"DDS expired objects lookup failed err=%d%s\n",
rc, extra );
goto done;
}
op->o_tag = LDAP_REQ_DELETE;
op->o_callback = ≻
sc.sc_response = slap_null_cb;
sc.sc_private = NULL;
for ( ntotdeletes = 0, ndeletes = 1; dc.dc_ndnlist != NULL && ndeletes > 0; ) {
ndeletes = 0;
for ( dep = &dc.dc_ndnlist; *dep != NULL; ) {
de = *dep;
op->o_req_dn = de->de_ndn;
op->o_req_ndn = de->de_ndn;
(void)op->o_bd->bd_info->bi_op_delete( op, &rs );
switch ( rs.sr_err ) {
case LDAP_SUCCESS:
Log1( LDAP_DEBUG_STATS, LDAP_LEVEL_INFO,
"DDS dn=\"%s\" expired.\n",
de->de_ndn.bv_val );
ndeletes++;
break;
case LDAP_NOT_ALLOWED_ON_NONLEAF:
Log1( LDAP_DEBUG_ANY, LDAP_LEVEL_NOTICE,
"DDS dn=\"%s\" is non-leaf; "
"deferring.\n",
de->de_ndn.bv_val );
dep = &de->de_next;
de = NULL;
break;
default:
Log2( LDAP_DEBUG_ANY, LDAP_LEVEL_NOTICE,
"DDS dn=\"%s\" err=%d; "
"deferring.\n",
de->de_ndn.bv_val, rs.sr_err );
break;
}
if ( de != NULL ) {
*dep = de->de_next;
dep = &de->de_next;
op->o_tmpfree( de, op->o_tmpmemctx );
}
}
ntotdeletes += ndeletes;
}
rs.sr_err = LDAP_SUCCESS;
Log1( LDAP_DEBUG_STATS, LDAP_LEVEL_INFO,
"DDS expired=%d\n", ntotdeletes );
done:;
return rs.sr_err;
}