int
dnssrv_back_search(
Operation *op,
SlapReply *rs )
{
int i;
int rc;
char *domain = NULL;
char *hostlist = NULL;
char **hosts = NULL;
char *refdn;
struct berval nrefdn = BER_BVNULL;
BerVarray urls = NULL;
int manageDSAit;
rs->sr_ref = NULL;
if ( BER_BVISEMPTY( &op->o_req_ndn ) ) {
/* FIXME: need some means to determine whether the database
* is a glue instance; if we got here with empty DN, then
* we passed this same test in dnssrv_back_referrals() */
if ( !SLAP_GLUE_INSTANCE( op->o_bd ) ) {
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
rs->sr_text = "DNS SRV operation upon null (empty) DN disallowed";
} else {
rs->sr_err = LDAP_SUCCESS;
}
goto done;
}
manageDSAit = get_manageDSAit( op );
/*
* FIXME: we may return a referral if manageDSAit is not set
*/
if ( !manageDSAit ) {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"manageDSAit must be set" );
goto done;
}
if( ldap_dn2domain( op->o_req_dn.bv_val, &domain ) || domain == NULL ) {
rs->sr_err = LDAP_REFERRAL;
rs->sr_ref = default_referral;
send_ldap_result( op, rs );
rs->sr_ref = NULL;
goto done;
}
Debug( LDAP_DEBUG_TRACE, "DNSSRV: dn=\"%s\" -> domain=\"%s\"\n",
op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "", domain, 0 );
if( ( rc = ldap_domain2hostlist( domain, &hostlist ) ) ) {
Debug( LDAP_DEBUG_TRACE, "DNSSRV: domain2hostlist returned %d\n",
rc, 0, 0 );
send_ldap_error( op, rs, LDAP_NO_SUCH_OBJECT,
"no DNS SRV RR available for DN" );
goto done;
}
hosts = ldap_str2charray( hostlist, " " );
if( hosts == NULL ) {
Debug( LDAP_DEBUG_TRACE, "DNSSRV: str2charrary error\n", 0, 0, 0 );
send_ldap_error( op, rs, LDAP_OTHER,
"problem processing DNS SRV records for DN" );
goto done;
}
for( i=0; hosts[i] != NULL; i++) {
struct berval url;
url.bv_len = STRLENOF( "ldap://" ) + strlen(hosts[i]);
url.bv_val = ch_malloc( url.bv_len + 1 );
strcpy( url.bv_val, "ldap://" );
strcpy( &url.bv_val[STRLENOF( "ldap://" )], hosts[i] );
if( ber_bvarray_add( &urls, &url ) < 0 ) {
free( url.bv_val );
send_ldap_error( op, rs, LDAP_OTHER,
"problem processing DNS SRV records for DN" );
goto done;
}
}
Statslog( LDAP_DEBUG_STATS,
"%s DNSSRV p=%d dn=\"%s\" url=\"%s\"\n",
op->o_log_prefix, op->o_protocol,
op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "", urls[0].bv_val, 0 );
Debug( LDAP_DEBUG_TRACE,
"DNSSRV: ManageDSAit scope=%d dn=\"%s\" -> url=\"%s\"\n",
op->oq_search.rs_scope,
op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "",
urls[0].bv_val );
rc = ldap_domain2dn(domain, &refdn);
if( rc != LDAP_SUCCESS ) {
send_ldap_error( op, rs, LDAP_OTHER,
"DNS SRV problem processing manageDSAit control" );
goto done;
} else {
struct berval bv;
bv.bv_val = refdn;
bv.bv_len = strlen( refdn );
rc = dnNormalize( 0, NULL, NULL, &bv, &nrefdn, op->o_tmpmemctx );
if( rc != LDAP_SUCCESS ) {
send_ldap_error( op, rs, LDAP_OTHER,
"DNS SRV problem processing manageDSAit control" );
goto done;
}
}
if( !dn_match( &nrefdn, &op->o_req_ndn ) ) {
/* requested dn is subordinate */
Debug( LDAP_DEBUG_TRACE,
"DNSSRV: dn=\"%s\" subordinate to refdn=\"%s\"\n",
op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "",
refdn == NULL ? "" : refdn,
NULL );
rs->sr_matched = refdn;
rs->sr_err = LDAP_NO_SUCH_OBJECT;
send_ldap_result( op, rs );
rs->sr_matched = NULL;
} else if ( op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL ) {
send_ldap_error( op, rs, LDAP_SUCCESS, NULL );
} else {
Entry e = { 0 };
AttributeDescription *ad_objectClass
= slap_schema.si_ad_objectClass;
AttributeDescription *ad_ref = slap_schema.si_ad_ref;
e.e_name.bv_val = ch_strdup( op->o_req_dn.bv_val );
e.e_name.bv_len = op->o_req_dn.bv_len;
e.e_nname.bv_val = ch_strdup( op->o_req_ndn.bv_val );
e.e_nname.bv_len = op->o_req_ndn.bv_len;
e.e_attrs = NULL;
e.e_private = NULL;
attr_merge_one( &e, ad_objectClass, &slap_schema.si_oc_referral->soc_cname, NULL );
attr_merge_one( &e, ad_objectClass, &slap_schema.si_oc_extensibleObject->soc_cname, NULL );
if ( ad_dc ) {
char *p;
struct berval bv;
bv.bv_val = domain;
p = strchr( bv.bv_val, '.' );
if ( p == bv.bv_val ) {
bv.bv_len = 1;
} else if ( p != NULL ) {
bv.bv_len = p - bv.bv_val;
} else {
bv.bv_len = strlen( bv.bv_val );
}
attr_merge_normalize_one( &e, ad_dc, &bv, NULL );
}
if ( ad_associatedDomain ) {
struct berval bv;
ber_str2bv( domain, 0, 0, &bv );
attr_merge_normalize_one( &e, ad_associatedDomain, &bv, NULL );
}
attr_merge_normalize_one( &e, ad_ref, urls, NULL );
rc = test_filter( op, &e, op->oq_search.rs_filter );
if( rc == LDAP_COMPARE_TRUE ) {
rs->sr_entry = &e;
rs->sr_attrs = op->oq_search.rs_attrs;
rs->sr_flags = REP_ENTRY_MODIFIABLE;
send_search_entry( op, rs );
rs->sr_entry = NULL;
rs->sr_attrs = NULL;
}
entry_clean( &e );
rs->sr_err = LDAP_SUCCESS;
send_ldap_result( op, rs );
}
if ( refdn ) free( refdn );
if ( nrefdn.bv_val ) free( nrefdn.bv_val );
done:
if( domain != NULL ) ch_free( domain );
if( hostlist != NULL ) ch_free( hostlist );
if( hosts != NULL ) ldap_charray_free( hosts );
if( urls != NULL ) ber_bvarray_free( urls );
return 0;
}
int
limits_parse(
Backend *be,
const char *fname,
int lineno,
int argc,
char **argv
)
{
int flags = SLAP_LIMITS_UNDEFINED;
char *pattern;
struct slap_limits_set limit;
int i, rc = 0;
ObjectClass *group_oc = NULL;
AttributeDescription *group_ad = NULL;
assert( be != NULL );
if ( argc < 3 ) {
Debug( LDAP_DEBUG_ANY,
"%s : line %d: missing arg(s) in "
"\"limits <pattern> <limits>\" line.\n%s",
fname, lineno, "" );
return( -1 );
}
limit = be->be_def_limit;
/*
* syntax:
*
* "limits" <pattern> <limit> [ ... ]
*
*
* <pattern>:
*
* "anonymous"
* "users"
* [ "dn" [ "." { "this" | "self" } ] [ "." { "exact" | "base" |
* "onelevel" | "subtree" | "children" | "regex" | "anonymous" } ]
* "=" ] <dn pattern>
*
* Note:
* "this" is the baseobject, "self" (the default) is the bound DN
* "exact" and "base" are the same (exact match);
* "onelevel" means exactly one rdn below, NOT including pattern
* "subtree" means any rdn below, including pattern
* "children" means any rdn below, NOT including pattern
*
* "anonymous" may be deprecated in favour
* of the pattern = "anonymous" form
*
* "group[/objectClass[/attributeType]]" "=" "<dn pattern>"
*
* <limit>:
*
* "time" [ "." { "soft" | "hard" } ] "=" <integer>
*
* "size" [ "." { "soft" | "hard" | "unchecked" } ] "=" <integer>
*/
pattern = argv[1];
if ( strcmp( pattern, "*" ) == 0) {
flags = SLAP_LIMITS_ANY;
} else if ( strcasecmp( pattern, "anonymous" ) == 0 ) {
flags = SLAP_LIMITS_ANONYMOUS;
} else if ( strcasecmp( pattern, "users" ) == 0 ) {
flags = SLAP_LIMITS_USERS;
} else if ( STRSTART( pattern, "dn" ) ) {
pattern += STRLENOF( "dn" );
flags = SLAP_LIMITS_TYPE_SELF;
if ( pattern[0] == '.' ) {
pattern++;
if ( STRSTART( pattern, "this" ) ) {
flags = SLAP_LIMITS_TYPE_THIS;
pattern += STRLENOF( "this" );
} else if ( STRSTART( pattern, "self" ) ) {
pattern += STRLENOF( "self" );
} else {
goto got_dn_dot;
}
}
if ( pattern[0] == '.' ) {
pattern++;
got_dn_dot:
if ( STRSTART( pattern, "exact" ) ) {
flags |= SLAP_LIMITS_EXACT;
pattern += STRLENOF( "exact" );
} else if ( STRSTART( pattern, "base" ) ) {
flags |= SLAP_LIMITS_BASE;
pattern += STRLENOF( "base" );
} else if ( STRSTART( pattern, "one" ) ) {
flags |= SLAP_LIMITS_ONE;
pattern += STRLENOF( "one" );
if ( STRSTART( pattern, "level" ) ) {
pattern += STRLENOF( "level" );
} else {
Debug( LDAP_DEBUG_ANY,
"%s : line %d: deprecated \"one\" style "
"\"limits <pattern> <limits>\" line; "
"use \"onelevel\" instead.\n", fname, lineno, 0 );
}
} else if ( STRSTART( pattern, "sub" ) ) {
flags |= SLAP_LIMITS_SUBTREE;
pattern += STRLENOF( "sub" );
if ( STRSTART( pattern, "tree" ) ) {
pattern += STRLENOF( "tree" );
} else {
Debug( LDAP_DEBUG_ANY,
"%s : line %d: deprecated \"sub\" style "
"\"limits <pattern> <limits>\" line; "
"use \"subtree\" instead.\n", fname, lineno, 0 );
}
} else if ( STRSTART( pattern, "children" ) ) {
flags |= SLAP_LIMITS_CHILDREN;
pattern += STRLENOF( "children" );
} else if ( STRSTART( pattern, "regex" ) ) {
flags |= SLAP_LIMITS_REGEX;
pattern += STRLENOF( "regex" );
/*
* this could be deprecated in favour
* of the pattern = "anonymous" form
*/
} else if ( STRSTART( pattern, "anonymous" )
&& flags == SLAP_LIMITS_TYPE_SELF )
{
flags = SLAP_LIMITS_ANONYMOUS;
pattern = NULL;
} else {
/* force error below */
if ( *pattern == '=' )
--pattern;
}
}
/* pre-check the data */
if ( pattern != NULL ) {
if ( pattern[0] != '=' ) {
Debug( LDAP_DEBUG_ANY,
"%s : line %d: %s in "
"\"dn[.{this|self}][.{exact|base"
"|onelevel|subtree|children|regex"
"|anonymous}]=<pattern>\" in "
"\"limits <pattern> <limits>\" line.\n",
fname, lineno,
isalnum( (unsigned char)pattern[0] )
? "unknown DN modifier" : "missing '='" );
return( -1 );
}
/* skip '=' (required) */
pattern++;
/* trim obvious cases */
if ( strcmp( pattern, "*" ) == 0 ) {
flags = SLAP_LIMITS_ANY;
pattern = NULL;
} else if ( (flags & SLAP_LIMITS_MASK) == SLAP_LIMITS_REGEX
&& strcmp( pattern, ".*" ) == 0 ) {
flags = SLAP_LIMITS_ANY;
pattern = NULL;
}
}
} else if (STRSTART( pattern, "group" ) ) {
pattern += STRLENOF( "group" );
if ( pattern[0] == '/' ) {
struct berval oc, ad;
oc.bv_val = pattern + 1;
pattern = strchr( pattern, '=' );
if ( pattern == NULL ) {
return -1;
}
ad.bv_val = strchr( oc.bv_val, '/' );
if ( ad.bv_val != NULL ) {
const char *text = NULL;
oc.bv_len = ad.bv_val - oc.bv_val;
ad.bv_val++;
ad.bv_len = pattern - ad.bv_val;
rc = slap_bv2ad( &ad, &group_ad, &text );
if ( rc != LDAP_SUCCESS ) {
goto no_ad;
}
} else {
oc.bv_len = pattern - oc.bv_val;
}
group_oc = oc_bvfind( &oc );
if ( group_oc == NULL ) {
goto no_oc;
}
}
if ( group_oc == NULL ) {
group_oc = oc_find( SLAPD_GROUP_CLASS );
if ( group_oc == NULL ) {
no_oc:;
return( -1 );
}
}
if ( group_ad == NULL ) {
const char *text = NULL;
rc = slap_str2ad( SLAPD_GROUP_ATTR, &group_ad, &text );
if ( rc != LDAP_SUCCESS ) {
no_ad:;
return( -1 );
}
}
flags = SLAP_LIMITS_TYPE_GROUP | SLAP_LIMITS_EXACT;
if ( pattern[0] != '=' ) {
Debug( LDAP_DEBUG_ANY,
"%s : line %d: missing '=' in "
"\"group[/objectClass[/attributeType]]"
"=<pattern>\" in "
"\"limits <pattern> <limits>\" line.\n",
fname, lineno, 0 );
return( -1 );
}
/* skip '=' (required) */
pattern++;
}
/* get the limits */
for ( i = 2; i < argc; i++ ) {
if ( limits_parse_one( argv[i], &limit ) ) {
Debug( LDAP_DEBUG_ANY,
"%s : line %d: unknown limit values \"%s\" in "
"\"limits <pattern> <limits>\" line.\n",
fname, lineno, argv[i] );
return( 1 );
}
}
/*
* sanity checks ...
*
* FIXME: add warnings?
*/
if ( limit.lms_t_hard > 0 &&
( limit.lms_t_hard < limit.lms_t_soft
|| limit.lms_t_soft == -1 ) ) {
limit.lms_t_hard = limit.lms_t_soft;
}
if ( limit.lms_s_hard > 0 &&
( limit.lms_s_hard < limit.lms_s_soft
|| limit.lms_s_soft == -1 ) ) {
limit.lms_s_hard = limit.lms_s_soft;
}
/*
* defaults ...
*
* lms_t_hard:
* -1 => no limits
* 0 => same as soft
* > 0 => limit (in seconds)
*
* lms_s_hard:
* -1 => no limits
* 0 0> same as soft
* > 0 => limit (in entries)
*
* lms_s_pr_total:
* -2 => disable the control
* -1 => no limits
* 0 => same as soft
* > 0 => limit (in entries)
*
* lms_s_pr:
* -1 => no limits
* 0 => no limits?
* > 0 => limit size (in entries)
*/
if ( limit.lms_s_pr_total > 0 &&
limit.lms_s_pr > limit.lms_s_pr_total ) {
limit.lms_s_pr = limit.lms_s_pr_total;
}
rc = limits_add( be, flags, pattern, group_oc, group_ad, &limit );
if ( rc ) {
Debug( LDAP_DEBUG_ANY,
"%s : line %d: unable to add limit in "
"\"limits <pattern> <limits>\" line.\n",
fname, lineno, 0 );
}
return( rc );
}
/*
* call from within bdb_db_open()
*/
int
bdb_monitor_db_open( BackendDB *be )
{
struct bdb_info *bdb = (struct bdb_info *) be->be_private;
Attribute *a, *next;
monitor_callback_t *cb = NULL;
int rc = 0;
BackendInfo *mi;
monitor_extra_t *mbe;
struct berval dummy = BER_BVC("");
if ( !SLAP_DBMONITORING( be ) ) {
return 0;
}
if ( SLAP_GLUE_SUBORDINATE( be ) ) {
return 0;
}
mi = backend_info( "monitor" );
if ( !mi || !mi->bi_extra ) {
SLAP_DBFLAGS( be ) ^= SLAP_DBFLAG_MONITORING;
return 0;
}
mbe = mi->bi_extra;
/* don't bother if monitor is not configured */
if ( !mbe->is_configured() ) {
static int warning = 0;
if ( warning++ == 0 ) {
Debug( LDAP_DEBUG_ANY, LDAP_XSTRING(bdb_monitor_db_open)
": monitoring disabled; "
"configure monitor database to enable\n",
0, 0, 0 );
}
return 0;
}
/* alloc as many as required (plus 1 for objectClass) */
a = attrs_alloc( 1 + 4 );
if ( a == NULL ) {
rc = 1;
goto cleanup;
}
a->a_desc = slap_schema.si_ad_objectClass;
attr_valadd( a, &oc_olmBDBDatabase->soc_cname, NULL, 1 );
next = a->a_next;
{
struct berval bv = BER_BVC( "0" );
next->a_desc = ad_olmBDBEntryCache;
attr_valadd( next, &bv, NULL, 1 );
next = next->a_next;
next->a_desc = ad_olmBDBDNCache;
attr_valadd( next, &bv, NULL, 1 );
next = next->a_next;
next->a_desc = ad_olmBDBIDLCache;
attr_valadd( next, &bv, NULL, 1 );
next = next->a_next;
}
{
struct berval bv, nbv;
ber_len_t pathlen = 0, len = 0;
char path[ MAXPATHLEN ] = { '\0' };
char *fname = bdb->bi_dbenv_home,
*ptr;
len = strlen( fname );
if ( fname[ 0 ] != '/' ) {
/* get full path name */
getcwd( path, sizeof( path ) );
pathlen = strlen( path );
if ( fname[ 0 ] == '.' && fname[ 1 ] == '/' ) {
fname += 2;
len -= 2;
}
}
bv.bv_len = pathlen + STRLENOF( "/" ) + len;
ptr = bv.bv_val = ch_malloc( bv.bv_len + STRLENOF( "/" ) + 1 );
if ( pathlen ) {
ptr = lutil_strncopy( ptr, path, pathlen );
ptr[ 0 ] = '/';
ptr++;
}
ptr = lutil_strncopy( ptr, fname, len );
if ( ptr[ -1 ] != '/' ) {
ptr[ 0 ] = '/';
ptr++;
}
ptr[ 0 ] = '\0';
attr_normalize_one( ad_olmDbDirectory, &bv, &nbv, NULL );
next->a_desc = ad_olmDbDirectory;
next->a_vals = ch_calloc( sizeof( struct berval ), 2 );
next->a_vals[ 0 ] = bv;
next->a_numvals = 1;
if ( BER_BVISNULL( &nbv ) ) {
next->a_nvals = next->a_vals;
} else {
next->a_nvals = ch_calloc( sizeof( struct berval ), 2 );
next->a_nvals[ 0 ] = nbv;
}
next = next->a_next;
}
cb = ch_calloc( sizeof( monitor_callback_t ), 1 );
cb->mc_update = bdb_monitor_update;
#if 0 /* uncomment if required */
cb->mc_modify = bdb_monitor_modify;
#endif
cb->mc_free = bdb_monitor_free;
cb->mc_private = (void *)bdb;
/* make sure the database is registered; then add monitor attributes */
rc = mbe->register_database( be, &bdb->bi_monitor.bdm_ndn );
if ( rc == 0 ) {
rc = mbe->register_entry_attrs( &bdb->bi_monitor.bdm_ndn, a, cb,
&dummy, 0, &dummy );
}
cleanup:;
if ( rc != 0 ) {
if ( cb != NULL ) {
ch_free( cb );
cb = NULL;
}
if ( a != NULL ) {
attrs_free( a );
a = NULL;
}
}
/* store for cleanup */
bdb->bi_monitor.bdm_cb = (void *)cb;
/* we don't need to keep track of the attributes, because
* bdb_monitor_free() takes care of everything */
if ( a != NULL ) {
attrs_free( a );
}
return rc;
}
static int
dl_cfgen( ConfigArgs *c )
{
slap_overinst *on = (slap_overinst *)c->bi;
dynlist_info_t *dli = (dynlist_info_t *)on->on_bi.bi_private;
int rc = 0, i;
if ( c->op == SLAP_CONFIG_EMIT ) {
switch( c->type ) {
case DL_ATTRSET:
for ( i = 0; dli; i++, dli = dli->dli_next ) {
struct berval bv;
char *ptr = c->cr_msg;
dynlist_map_t *dlm;
assert( dli->dli_oc != NULL );
assert( dli->dli_ad != NULL );
/* FIXME: check buffer overflow! */
ptr += snprintf( c->cr_msg, sizeof( c->cr_msg ),
SLAP_X_ORDERED_FMT "%s", i,
dli->dli_oc->soc_cname.bv_val );
if ( !BER_BVISNULL( &dli->dli_uri ) ) {
*ptr++ = ' ';
*ptr++ = '"';
ptr = lutil_strncopy( ptr, dli->dli_uri.bv_val,
dli->dli_uri.bv_len );
*ptr++ = '"';
}
*ptr++ = ' ';
ptr = lutil_strncopy( ptr, dli->dli_ad->ad_cname.bv_val,
dli->dli_ad->ad_cname.bv_len );
for ( dlm = dli->dli_dlm; dlm; dlm = dlm->dlm_next ) {
ptr[ 0 ] = ' ';
ptr++;
if ( dlm->dlm_mapped_ad ) {
ptr = lutil_strcopy( ptr, dlm->dlm_mapped_ad->ad_cname.bv_val );
ptr[ 0 ] = ':';
ptr++;
}
ptr = lutil_strcopy( ptr, dlm->dlm_member_ad->ad_cname.bv_val );
}
bv.bv_val = c->cr_msg;
bv.bv_len = ptr - bv.bv_val;
value_add_one( &c->rvalue_vals, &bv );
}
break;
case DL_ATTRPAIR_COMPAT:
case DL_ATTRPAIR:
rc = 1;
break;
default:
rc = 1;
break;
}
return rc;
} else if ( c->op == LDAP_MOD_DELETE ) {
switch( c->type ) {
case DL_ATTRSET:
if ( c->valx < 0 ) {
dynlist_info_t *dli_next;
for ( dli_next = dli; dli_next; dli = dli_next ) {
dynlist_map_t *dlm = dli->dli_dlm;
dynlist_map_t *dlm_next;
dli_next = dli->dli_next;
if ( !BER_BVISNULL( &dli->dli_uri ) ) {
ch_free( dli->dli_uri.bv_val );
}
if ( dli->dli_lud != NULL ) {
ldap_free_urldesc( dli->dli_lud );
}
if ( !BER_BVISNULL( &dli->dli_uri_nbase ) ) {
ber_memfree( dli->dli_uri_nbase.bv_val );
}
if ( dli->dli_uri_filter != NULL ) {
filter_free( dli->dli_uri_filter );
}
ch_free( dli->dli_default_filter.bv_val );
while ( dlm != NULL ) {
dlm_next = dlm->dlm_next;
ch_free( dlm );
dlm = dlm_next;
}
ch_free( dli );
}
on->on_bi.bi_private = NULL;
} else {
dynlist_info_t **dlip;
dynlist_map_t *dlm;
dynlist_map_t *dlm_next;
for ( i = 0, dlip = (dynlist_info_t **)&on->on_bi.bi_private;
i < c->valx; i++ )
{
if ( *dlip == NULL ) {
return 1;
}
dlip = &(*dlip)->dli_next;
}
dli = *dlip;
*dlip = dli->dli_next;
if ( !BER_BVISNULL( &dli->dli_uri ) ) {
ch_free( dli->dli_uri.bv_val );
}
if ( dli->dli_lud != NULL ) {
ldap_free_urldesc( dli->dli_lud );
}
if ( !BER_BVISNULL( &dli->dli_uri_nbase ) ) {
ber_memfree( dli->dli_uri_nbase.bv_val );
}
if ( dli->dli_uri_filter != NULL ) {
filter_free( dli->dli_uri_filter );
}
ch_free( dli->dli_default_filter.bv_val );
dlm = dli->dli_dlm;
while ( dlm != NULL ) {
dlm_next = dlm->dlm_next;
ch_free( dlm );
dlm = dlm_next;
}
ch_free( dli );
dli = (dynlist_info_t *)on->on_bi.bi_private;
}
break;
case DL_ATTRPAIR_COMPAT:
case DL_ATTRPAIR:
rc = 1;
break;
default:
rc = 1;
break;
}
return rc;
}
switch( c->type ) {
case DL_ATTRSET: {
dynlist_info_t **dlip,
*dli_next = NULL;
ObjectClass *oc = NULL;
AttributeDescription *ad = NULL;
int attridx = 2;
LDAPURLDesc *lud = NULL;
struct berval nbase = BER_BVNULL;
Filter *filter = NULL;
struct berval uri = BER_BVNULL;
dynlist_map_t *dlm = NULL, *dlml = NULL;
const char *text;
oc = oc_find( c->argv[ 1 ] );
if ( oc == NULL ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ), DYNLIST_USAGE
"unable to find ObjectClass \"%s\"",
c->argv[ 1 ] );
Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
c->log, c->cr_msg, 0 );
return 1;
}
if ( strncasecmp( c->argv[ attridx ], "ldap://", STRLENOF("ldap://") ) == 0 ) {
if ( ldap_url_parse( c->argv[ attridx ], &lud ) != LDAP_URL_SUCCESS ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ), DYNLIST_USAGE
"unable to parse URI \"%s\"",
c->argv[ attridx ] );
rc = 1;
goto done_uri;
}
if ( lud->lud_host != NULL ) {
if ( lud->lud_host[0] == '\0' ) {
ch_free( lud->lud_host );
lud->lud_host = NULL;
} else {
snprintf( c->cr_msg, sizeof( c->cr_msg ), DYNLIST_USAGE
"host not allowed in URI \"%s\"",
c->argv[ attridx ] );
rc = 1;
goto done_uri;
}
}
if ( lud->lud_attrs != NULL ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ), DYNLIST_USAGE
"attrs not allowed in URI \"%s\"",
c->argv[ attridx ] );
rc = 1;
goto done_uri;
}
if ( lud->lud_exts != NULL ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ), DYNLIST_USAGE
"extensions not allowed in URI \"%s\"",
c->argv[ attridx ] );
rc = 1;
goto done_uri;
}
if ( lud->lud_dn != NULL && lud->lud_dn[ 0 ] != '\0' ) {
struct berval dn;
ber_str2bv( lud->lud_dn, 0, 0, &dn );
rc = dnNormalize( 0, NULL, NULL, &dn, &nbase, NULL );
if ( rc != LDAP_SUCCESS ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ), DYNLIST_USAGE
"DN normalization failed in URI \"%s\"",
c->argv[ attridx ] );
goto done_uri;
}
}
if ( lud->lud_filter != NULL && lud->lud_filter[ 0 ] != '\0' ) {
filter = str2filter( lud->lud_filter );
if ( filter == NULL ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ), DYNLIST_USAGE
"filter parsing failed in URI \"%s\"",
c->argv[ attridx ] );
rc = 1;
goto done_uri;
}
}
ber_str2bv( c->argv[ attridx ], 0, 1, &uri );
done_uri:;
if ( rc ) {
if ( lud ) {
ldap_free_urldesc( lud );
}
if ( !BER_BVISNULL( &nbase ) ) {
ber_memfree( nbase.bv_val );
}
if ( filter != NULL ) {
filter_free( filter );
}
while ( dlm != NULL ) {
dlml = dlm;
dlm = dlm->dlm_next;
ch_free( dlml );
}
Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
c->log, c->cr_msg, 0 );
return rc;
}
attridx++;
}
rc = slap_str2ad( c->argv[ attridx ], &ad, &text );
if ( rc != LDAP_SUCCESS ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ), DYNLIST_USAGE
"unable to find AttributeDescription \"%s\"",
c->argv[ attridx ] );
Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
c->log, c->cr_msg, 0 );
rc = 1;
goto done_uri;
}
if ( !is_at_subtype( ad->ad_type, slap_schema.si_ad_labeledURI->ad_type ) ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ), DYNLIST_USAGE
"AttributeDescription \"%s\" "
"must be a subtype of \"labeledURI\"",
c->argv[ attridx ] );
Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
c->log, c->cr_msg, 0 );
rc = 1;
goto done_uri;
}
attridx++;
for ( i = attridx; i < c->argc; i++ ) {
char *arg;
char *cp;
AttributeDescription *member_ad = NULL;
AttributeDescription *mapped_ad = NULL;
dynlist_map_t *dlmp;
/*
* If no mapped attribute is given, dn is used
* for backward compatibility.
*/
arg = c->argv[i];
if ( ( cp = strchr( arg, ':' ) ) != NULL ) {
struct berval bv;
ber_str2bv( arg, cp - arg, 0, &bv );
rc = slap_bv2ad( &bv, &mapped_ad, &text );
if ( rc != LDAP_SUCCESS ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
DYNLIST_USAGE
"unable to find mapped AttributeDescription #%d \"%s\"\n",
i - 3, c->argv[ i ] );
Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
c->log, c->cr_msg, 0 );
rc = 1;
goto done_uri;
}
arg = cp + 1;
}
rc = slap_str2ad( arg, &member_ad, &text );
if ( rc != LDAP_SUCCESS ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
DYNLIST_USAGE
"unable to find AttributeDescription #%d \"%s\"\n",
i - 3, c->argv[ i ] );
Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
c->log, c->cr_msg, 0 );
rc = 1;
goto done_uri;
}
dlmp = (dynlist_map_t *)ch_calloc( 1, sizeof( dynlist_map_t ) );
if ( dlm == NULL ) {
dlm = dlmp;
}
dlmp->dlm_member_ad = member_ad;
dlmp->dlm_mapped_ad = mapped_ad;
dlmp->dlm_next = NULL;
if ( dlml != NULL )
dlml->dlm_next = dlmp;
dlml = dlmp;
}
if ( c->valx > 0 ) {
int i;
for ( i = 0, dlip = (dynlist_info_t **)&on->on_bi.bi_private;
i < c->valx; i++ )
{
if ( *dlip == NULL ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
DYNLIST_USAGE
"invalid index {%d}\n",
c->valx );
Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
c->log, c->cr_msg, 0 );
rc = 1;
goto done_uri;
}
dlip = &(*dlip)->dli_next;
}
dli_next = *dlip;
} else {
for ( dlip = (dynlist_info_t **)&on->on_bi.bi_private;
*dlip; dlip = &(*dlip)->dli_next )
/* goto last */;
}
*dlip = (dynlist_info_t *)ch_calloc( 1, sizeof( dynlist_info_t ) );
(*dlip)->dli_oc = oc;
(*dlip)->dli_ad = ad;
(*dlip)->dli_dlm = dlm;
(*dlip)->dli_next = dli_next;
(*dlip)->dli_lud = lud;
(*dlip)->dli_uri_nbase = nbase;
(*dlip)->dli_uri_filter = filter;
(*dlip)->dli_uri = uri;
rc = dynlist_build_def_filter( *dlip );
} break;
case DL_ATTRPAIR_COMPAT:
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"warning: \"attrpair\" only supported for limited "
"backward compatibility with overlay \"dyngroup\"" );
Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 );
/* fallthru */
case DL_ATTRPAIR: {
dynlist_info_t **dlip;
ObjectClass *oc = NULL;
AttributeDescription *ad = NULL,
*member_ad = NULL;
const char *text;
oc = oc_find( "groupOfURLs" );
if ( oc == NULL ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"\"dynlist-attrpair <member-ad> <URL-ad>\": "
"unable to find default ObjectClass \"groupOfURLs\"" );
Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
c->log, c->cr_msg, 0 );
return 1;
}
rc = slap_str2ad( c->argv[ 1 ], &member_ad, &text );
if ( rc != LDAP_SUCCESS ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"\"dynlist-attrpair <member-ad> <URL-ad>\": "
"unable to find AttributeDescription \"%s\"",
c->argv[ 1 ] );
Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
c->log, c->cr_msg, 0 );
return 1;
}
rc = slap_str2ad( c->argv[ 2 ], &ad, &text );
if ( rc != LDAP_SUCCESS ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"\"dynlist-attrpair <member-ad> <URL-ad>\": "
"unable to find AttributeDescription \"%s\"\n",
c->argv[ 2 ] );
Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
c->log, c->cr_msg, 0 );
return 1;
}
if ( !is_at_subtype( ad->ad_type, slap_schema.si_ad_labeledURI->ad_type ) ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
DYNLIST_USAGE
"AttributeDescription \"%s\" "
"must be a subtype of \"labeledURI\"",
c->argv[ 2 ] );
Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
c->log, c->cr_msg, 0 );
return 1;
}
for ( dlip = (dynlist_info_t **)&on->on_bi.bi_private;
*dlip; dlip = &(*dlip)->dli_next )
{
/*
* The same URL attribute / member attribute pair
* cannot be repeated, but we enforce this only
* when the member attribute is unique. Performing
* the check for multiple values would require
* sorting and comparing the lists, which is left
* as a future improvement
*/
if ( (*dlip)->dli_ad == ad &&
(*dlip)->dli_dlm->dlm_next == NULL &&
member_ad == (*dlip)->dli_dlm->dlm_member_ad ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"\"dynlist-attrpair <member-ad> <URL-ad>\": "
"URL attributeDescription \"%s\" already mapped.\n",
ad->ad_cname.bv_val );
Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
c->log, c->cr_msg, 0 );
#if 0
/* make it a warning... */
return 1;
#endif
}
}
*dlip = (dynlist_info_t *)ch_calloc( 1, sizeof( dynlist_info_t ) );
(*dlip)->dli_oc = oc;
(*dlip)->dli_ad = ad;
(*dlip)->dli_dlm = (dynlist_map_t *)ch_calloc( 1, sizeof( dynlist_map_t ) );
(*dlip)->dli_dlm->dlm_member_ad = member_ad;
(*dlip)->dli_dlm->dlm_mapped_ad = NULL;
rc = dynlist_build_def_filter( *dlip );
} break;
default:
rc = 1;
break;
}
return rc;
}
static int
get_search_filters( char *filename, char *filters[], char *attrs[], char *bases[], LDAPURLDesc *luds[] )
{
FILE *fp;
int filter = 0;
if ( (fp = fopen( filename, "r" )) != NULL ) {
char line[BUFSIZ];
while (( filter < MAXREQS ) && ( fgets( line, BUFSIZ, fp ))) {
char *nl;
int got_URL = 0;
if (( nl = strchr( line, '\r' )) || ( nl = strchr( line, '\n' )))
*nl = '\0';
if ( luds ) luds[filter] = NULL;
if ( luds && strncmp( line, "ldap:///", STRLENOF( "ldap:///" ) ) == 0 ) {
LDAPURLDesc *lud;
got_URL = 1;
bases[filter] = NULL;
if ( ldap_url_parse( line, &lud ) != LDAP_URL_SUCCESS ) {
filter = -filter - 1;
break;
}
if ( lud->lud_dn == NULL || lud->lud_exts != NULL ) {
filter = -filter - 1;
ldap_free_urldesc( lud );
break;
}
luds[filter] = lud;
} else {
bases[filter] = ArgDup( line );
}
if ( fgets( line, BUFSIZ, fp ) == NULL )
*line = '\0';
if (( nl = strchr( line, '\r' )) || ( nl = strchr( line, '\n' )))
*nl = '\0';
filters[filter] = ArgDup( line );
if ( attrs ) {
if ( filters[filter][0] == '+') {
char *sep = strchr( filters[filter], ':' );
attrs[ filter ] = &filters[ filter ][ 1 ];
if ( sep != NULL ) {
sep[ 0 ] = '\0';
/* NOTE: don't free this! */
filters[ filter ] = &sep[ 1 ];
}
} else {
attrs[ filter ] = NULL;
}
}
filter++;
}
fclose( fp );
}
return filter;
}
static int
vernum_repair( BackendDB *be )
{
slap_overinst *on = (slap_overinst *)be->bd_info;
vernum_t *vn = (vernum_t *)on->on_bi.bi_private;
void *ctx = ldap_pvt_thread_pool_context();
Connection conn = { 0 };
OperationBuffer opbuf;
Operation *op;
BackendDB db;
slap_callback sc = { 0 };
vernum_repair_cb_t rcb = { 0 };
SlapReply rs = { REP_RESULT };
vernum_mod_t *rmod;
int nrepaired = 0;
connection_fake_init2( &conn, &opbuf, ctx, 0 );
op = &opbuf.ob_op;
op->o_tag = LDAP_REQ_SEARCH;
memset( &op->oq_search, 0, sizeof( op->oq_search ) );
assert( !BER_BVISNULL( &be->be_nsuffix[ 0 ] ) );
op->o_bd = select_backend( &be->be_nsuffix[ 0 ], 0 );
assert( op->o_bd != NULL );
assert( op->o_bd->be_nsuffix != NULL );
op->o_req_dn = op->o_bd->be_suffix[ 0 ];
op->o_req_ndn = op->o_bd->be_nsuffix[ 0 ];
op->o_dn = op->o_bd->be_rootdn;
op->o_ndn = op->o_bd->be_rootndn;
op->ors_scope = LDAP_SCOPE_SUBTREE;
op->ors_tlimit = SLAP_NO_LIMIT;
op->ors_slimit = SLAP_NO_LIMIT;
op->ors_attrs = slap_anlist_no_attrs;
op->ors_filterstr.bv_len = STRLENOF( "(&(=*)(!(=*)))" )
+ vn->vn_attr->ad_cname.bv_len
+ vn->vn_vernum->ad_cname.bv_len;
op->ors_filterstr.bv_val = op->o_tmpalloc( op->ors_filterstr.bv_len + 1, op->o_tmpmemctx );
snprintf( op->ors_filterstr.bv_val, op->ors_filterstr.bv_len + 1,
"(&(%s=*)(!(%s=*)))",
vn->vn_attr->ad_cname.bv_val,
vn->vn_vernum->ad_cname.bv_val );
op->ors_filter = str2filter_x( op, op->ors_filterstr.bv_val );
if ( op->ors_filter == NULL ) {
rs.sr_err = LDAP_OTHER;
goto done_search;
}
op->o_callback = ≻
sc.sc_response = vernum_repair_cb;
sc.sc_private = &rcb;
rcb.bd = &db;
db = *be;
db.bd_info = (BackendInfo *)on;
(void)op->o_bd->bd_info->bi_op_search( op, &rs );
op->o_tag = LDAP_REQ_MODIFY;
sc.sc_response = slap_null_cb;
sc.sc_private = NULL;
memset( &op->oq_modify, 0, sizeof( req_modify_s ) );
for ( rmod = rcb.mods; rmod != NULL; ) {
vernum_mod_t *rnext;
Modifications mod;
struct berval vals[2] = { BER_BVNULL };
SlapReply rs2 = { REP_RESULT };
mod.sml_flags = SLAP_MOD_INTERNAL;
mod.sml_op = LDAP_MOD_REPLACE;
mod.sml_desc = vn->vn_vernum;
mod.sml_type = vn->vn_vernum->ad_cname;
mod.sml_values = vals;
mod.sml_values[0] = val_init;
mod.sml_nvalues = NULL;
mod.sml_numvals = 1;
mod.sml_next = NULL;
op->o_req_dn = rmod->ndn;
op->o_req_ndn = rmod->ndn;
op->orm_modlist = &mod;
op->o_bd->be_modify( op, &rs2 );
slap_mods_free( op->orm_modlist->sml_next, 1 );
if ( rs2.sr_err == LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, "%s: vernum_repair: entry DN=\"%s\" repaired\n",
op->o_log_prefix, rmod->ndn.bv_val );
nrepaired++;
} else {
Debug( LDAP_DEBUG_ANY, "%s: vernum_repair: entry DN=\"%s\" repair failed (%d)\n",
op->o_log_prefix, rmod->ndn.bv_val, rs2.sr_err );
}
rnext = rmod->next;
op->o_tmpfree( rmod, op->o_tmpmemctx );
rmod = rnext;
}
done_search:;
op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
filter_free_x( op, op->ors_filter, 1 );
Log( LDAP_DEBUG_STATS, LDAP_LEVEL_INFO,
"vernum: repaired=%d\n", nrepaired );
return 0;
}
static int readline(MDB_val *out, MDB_val *buf)
{
unsigned char *c1, *c2, *end;
size_t len, l2;
int c;
if (!(mode & NOHDR)) {
c = fgetc(stdin);
if (c == EOF) {
Eof = 1;
return EOF;
}
if (c != ' ') {
lineno++;
if (fgets(buf->mv_data, buf->mv_size, stdin) == NULL) {
badend:
Eof = 1;
badend();
return EOF;
}
if (c == 'D' && !strncmp(buf->mv_data, "ATA=END", STRLENOF("ATA=END")))
return EOF;
goto badend;
}
}
if (fgets(buf->mv_data, buf->mv_size, stdin) == NULL) {
Eof = 1;
return EOF;
}
lineno++;
c1 = buf->mv_data;
len = strlen((char *)c1);
l2 = len;
/* Is buffer too short? */
while (c1[len-1] != '\n') {
buf->mv_data = realloc(buf->mv_data, buf->mv_size*2);
if (!buf->mv_data) {
Eof = 1;
fprintf(stderr, "%s: line %" Z "d: out of memory, line too long\n",
prog, lineno);
return EOF;
}
c1 = buf->mv_data;
c1 += l2;
if (fgets((char *)c1, buf->mv_size+1, stdin) == NULL) {
Eof = 1;
badend();
return EOF;
}
buf->mv_size *= 2;
len = strlen((char *)c1);
l2 += len;
}
c1 = c2 = buf->mv_data;
len = l2;
c1[--len] = '\0';
end = c1 + len;
if (mode & PRINT) {
while (c2 < end) {
if (*c2 == '\\') {
if (c2[1] == '\\') {
c1++; c2 += 2;
} else {
if (c2+3 > end || !isxdigit(c2[1]) || !isxdigit(c2[2])) {
Eof = 1;
badend();
return EOF;
}
*c1++ = unhex(++c2);
c2 += 2;
}
} else {
c1++; c2++;
}
}
} else {
/* odd length not allowed */
if (len & 1) {
Eof = 1;
badend();
return EOF;
}
while (c2 < end) {
if (!isxdigit(*c2) || !isxdigit(c2[1])) {
Eof = 1;
badend();
return EOF;
}
*c1++ = unhex(c2);
c2 += 2;
}
}
c2 = out->mv_data = buf->mv_data;
out->mv_size = c1 - c2;
return 0;
}
RETCODE
backsql_Prepare( SQLHDBC dbh, SQLHSTMT *sth, const char *query, int timeout )
{
RETCODE rc;
rc = SQLAllocStmt( dbh, sth );
if ( rc != SQL_SUCCESS ) {
return rc;
}
#ifdef BACKSQL_TRACE
Debug( LDAP_DEBUG_TRACE, "==>backsql_Prepare()\n", 0, 0, 0 );
#endif /* BACKSQL_TRACE */
#ifdef BACKSQL_MSSQL_WORKAROUND
{
char drv_name[ 30 ];
SWORD len;
SQLGetInfo( dbh, SQL_DRIVER_NAME, drv_name, sizeof( drv_name ), &len );
#ifdef BACKSQL_TRACE
Debug( LDAP_DEBUG_TRACE, "backsql_Prepare(): driver name=\"%s\"\n",
drv_name, 0, 0 );
#endif /* BACKSQL_TRACE */
ldap_pvt_str2upper( drv_name );
if ( !strncmp( drv_name, "SQLSRV32.DLL", STRLENOF( "SQLSRV32.DLL" ) ) ) {
/*
* stupid default result set in MS SQL Server
* does not support multiple active statements
* on the same connection -- so we are trying
* to make it not to use default result set...
*/
Debug( LDAP_DEBUG_TRACE, "_SQLprepare(): "
"enabling MS SQL Server default result "
"set workaround\n", 0, 0, 0 );
rc = SQLSetStmtOption( *sth, SQL_CONCURRENCY,
SQL_CONCUR_ROWVER );
if ( rc != SQL_SUCCESS && rc != SQL_SUCCESS_WITH_INFO ) {
Debug( LDAP_DEBUG_TRACE, "backsql_Prepare(): "
"SQLSetStmtOption(SQL_CONCURRENCY,"
"SQL_CONCUR_ROWVER) failed:\n",
0, 0, 0 );
backsql_PrintErrors( SQL_NULL_HENV, dbh, *sth, rc );
SQLFreeStmt( *sth, SQL_DROP );
return rc;
}
}
}
#endif /* BACKSQL_MSSQL_WORKAROUND */
if ( timeout > 0 ) {
Debug( LDAP_DEBUG_TRACE, "_SQLprepare(): "
"setting query timeout to %d sec.\n",
timeout, 0, 0 );
rc = SQLSetStmtOption( *sth, SQL_QUERY_TIMEOUT, timeout );
if ( rc != SQL_SUCCESS ) {
backsql_PrintErrors( SQL_NULL_HENV, dbh, *sth, rc );
SQLFreeStmt( *sth, SQL_DROP );
return rc;
}
}
#ifdef BACKSQL_TRACE
Debug( LDAP_DEBUG_TRACE, "<==backsql_Prepare() calling SQLPrepare()\n",
0, 0, 0 );
#endif /* BACKSQL_TRACE */
return SQLPrepare( *sth, (SQLCHAR *)query, SQL_NTS );
}
/* Called for all modify and modrdn ops. If the current op was replicated
* from elsewhere, all of the attrs should already be present.
*/
void slap_mods_opattrs(
Operation *op,
Modifications **modsp,
int manage_ctxcsn )
{
struct berval name, timestamp, csn = BER_BVNULL;
struct berval nname;
char timebuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
char csnbuf[ LDAP_LUTIL_CSNSTR_BUFSIZE ];
Modifications *mod, **modtail, *modlast;
int gotcsn = 0, gotmname = 0, gotmtime = 0;
if ( SLAP_LASTMOD( op->o_bd ) && !op->orm_no_opattrs ) {
char *ptr;
timestamp.bv_val = timebuf;
for ( modtail = modsp; *modtail; modtail = &(*modtail)->sml_next ) {
if ( (*modtail)->sml_op != LDAP_MOD_ADD &&
(*modtail)->sml_op != SLAP_MOD_SOFTADD &&
(*modtail)->sml_op != LDAP_MOD_REPLACE )
{
continue;
}
if ( (*modtail)->sml_desc == slap_schema.si_ad_entryCSN )
{
csn = (*modtail)->sml_values[0];
gotcsn = 1;
} else if ( (*modtail)->sml_desc == slap_schema.si_ad_modifiersName )
{
gotmname = 1;
} else if ( (*modtail)->sml_desc == slap_schema.si_ad_modifyTimestamp )
{
gotmtime = 1;
}
}
if ( BER_BVISEMPTY( &op->o_csn )) {
if ( !gotcsn ) {
csn.bv_val = csnbuf;
csn.bv_len = sizeof( csnbuf );
slap_get_csn( op, &csn, manage_ctxcsn );
} else {
if ( manage_ctxcsn ) {
slap_queue_csn( op, &csn );
}
}
} else {
csn = op->o_csn;
}
ptr = ber_bvchr( &csn, '#' );
if ( ptr ) {
timestamp.bv_len = STRLENOF("YYYYMMDDHHMMSSZ");
AC_MEMCPY( timebuf, csn.bv_val, timestamp.bv_len );
timebuf[timestamp.bv_len-1] = 'Z';
timebuf[timestamp.bv_len] = '\0';
} else {
time_t now = slap_get_time();
timestamp.bv_len = sizeof(timebuf);
slap_timestamp( &now, ×tamp );
}
if ( BER_BVISEMPTY( &op->o_dn ) ) {
BER_BVSTR( &name, SLAPD_ANONYMOUS );
nname = name;
} else {
name = op->o_dn;
nname = op->o_ndn;
}
if ( !gotcsn ) {
mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
mod->sml_op = LDAP_MOD_REPLACE;
mod->sml_flags = SLAP_MOD_INTERNAL;
mod->sml_next = NULL;
BER_BVZERO( &mod->sml_type );
mod->sml_desc = slap_schema.si_ad_entryCSN;
mod->sml_numvals = 1;
mod->sml_values = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
ber_dupbv( &mod->sml_values[0], &csn );
BER_BVZERO( &mod->sml_values[1] );
assert( !BER_BVISNULL( &mod->sml_values[0] ) );
mod->sml_nvalues = NULL;
*modtail = mod;
modlast = mod;
modtail = &mod->sml_next;
}
if ( !gotmname ) {
mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
mod->sml_op = LDAP_MOD_REPLACE;
mod->sml_flags = SLAP_MOD_INTERNAL;
mod->sml_next = NULL;
BER_BVZERO( &mod->sml_type );
mod->sml_desc = slap_schema.si_ad_modifiersName;
mod->sml_numvals = 1;
mod->sml_values = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
ber_dupbv( &mod->sml_values[0], &name );
BER_BVZERO( &mod->sml_values[1] );
assert( !BER_BVISNULL( &mod->sml_values[0] ) );
mod->sml_nvalues =
(BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
ber_dupbv( &mod->sml_nvalues[0], &nname );
BER_BVZERO( &mod->sml_nvalues[1] );
assert( !BER_BVISNULL( &mod->sml_nvalues[0] ) );
*modtail = mod;
modtail = &mod->sml_next;
}
if ( !gotmtime ) {
mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
mod->sml_op = LDAP_MOD_REPLACE;
mod->sml_flags = SLAP_MOD_INTERNAL;
mod->sml_next = NULL;
BER_BVZERO( &mod->sml_type );
mod->sml_desc = slap_schema.si_ad_modifyTimestamp;
mod->sml_numvals = 1;
mod->sml_values = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
ber_dupbv( &mod->sml_values[0], ×tamp );
BER_BVZERO( &mod->sml_values[1] );
assert( !BER_BVISNULL( &mod->sml_values[0] ) );
mod->sml_nvalues = NULL;
*modtail = mod;
modtail = &mod->sml_next;
}
}
}
/*
* meta_back_proxy_authz_cred()
*
* prepares credentials & method for meta_back_proxy_authz_bind();
* or, if method is SASL, performs the SASL bind directly.
*/
int
meta_back_proxy_authz_cred(
metaconn_t *mc,
int candidate,
Operation *op,
SlapReply *rs,
ldap_back_send_t sendok,
struct berval *binddn,
struct berval *bindcred,
int *method )
{
metainfo_t *mi = (metainfo_t *)op->o_bd->be_private;
metatarget_t *mt = mi->mi_targets[ candidate ];
metasingleconn_t *msc = &mc->mc_conns[ candidate ];
struct berval ndn;
int dobind = 0;
/* don't proxyAuthz if protocol is not LDAPv3 */
switch ( mt->mt_version ) {
case LDAP_VERSION3:
break;
case 0:
if ( op->o_protocol == 0 || op->o_protocol == LDAP_VERSION3 ) {
break;
}
/* fall thru */
default:
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
if ( sendok & LDAP_BACK_SENDERR ) {
send_ldap_result( op, rs );
}
LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
goto done;
}
if ( op->o_tag == LDAP_REQ_BIND ) {
ndn = op->o_req_ndn;
} else if ( !BER_BVISNULL( &op->o_conn->c_ndn ) ) {
ndn = op->o_conn->c_ndn;
} else {
ndn = op->o_ndn;
}
rs->sr_err = LDAP_SUCCESS;
/*
* FIXME: we need to let clients use proxyAuthz
* otherwise we cannot do symmetric pools of servers;
* we have to live with the fact that a user can
* authorize itself as any ID that is allowed
* by the authzTo directive of the "proxyauthzdn".
*/
/*
* NOTE: current Proxy Authorization specification
* and implementation do not allow proxy authorization
* control to be provided with Bind requests
*/
/*
* if no bind took place yet, but the connection is bound
* and the "proxyauthzdn" is set, then bind as
* "proxyauthzdn" and explicitly add the proxyAuthz
* control to every operation with the dn bound
* to the connection as control value.
*/
/* bind as proxyauthzdn only if no idassert mode
* is requested, or if the client's identity
* is authorized */
switch ( mt->mt_idassert_mode ) {
case LDAP_BACK_IDASSERT_LEGACY:
if ( !BER_BVISNULL( &ndn ) && !BER_BVISEMPTY( &ndn ) ) {
if ( !BER_BVISNULL( &mt->mt_idassert_authcDN ) && !BER_BVISEMPTY( &mt->mt_idassert_authcDN ) )
{
*binddn = mt->mt_idassert_authcDN;
*bindcred = mt->mt_idassert_passwd;
dobind = 1;
}
}
break;
default:
/* NOTE: rootdn can always idassert */
if ( BER_BVISNULL( &ndn )
&& mt->mt_idassert_authz == NULL
&& !( mt->mt_idassert_flags & LDAP_BACK_AUTH_AUTHZ_ALL ) )
{
if ( mt->mt_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) {
rs->sr_err = LDAP_INAPPROPRIATE_AUTH;
if ( sendok & LDAP_BACK_SENDERR ) {
send_ldap_result( op, rs );
}
LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
goto done;
}
rs->sr_err = LDAP_SUCCESS;
*binddn = slap_empty_bv;
*bindcred = slap_empty_bv;
break;
} else if ( mt->mt_idassert_authz && !be_isroot( op ) ) {
struct berval authcDN;
if ( BER_BVISNULL( &ndn ) ) {
authcDN = slap_empty_bv;
} else {
authcDN = ndn;
}
rs->sr_err = slap_sasl_matches( op, mt->mt_idassert_authz,
&authcDN, &authcDN );
if ( rs->sr_err != LDAP_SUCCESS ) {
if ( mt->mt_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) {
if ( sendok & LDAP_BACK_SENDERR ) {
send_ldap_result( op, rs );
}
LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
goto done;
}
rs->sr_err = LDAP_SUCCESS;
*binddn = slap_empty_bv;
*bindcred = slap_empty_bv;
break;
}
}
*binddn = mt->mt_idassert_authcDN;
*bindcred = mt->mt_idassert_passwd;
dobind = 1;
break;
}
if ( dobind && mt->mt_idassert_authmethod == LDAP_AUTH_SASL ) {
#ifdef HAVE_CYRUS_SASL
void *defaults = NULL;
struct berval authzID = BER_BVNULL;
int freeauthz = 0;
/* if SASL supports native authz, prepare for it */
if ( ( !op->o_do_not_cache || !op->o_is_auth_check ) &&
( mt->mt_idassert_flags & LDAP_BACK_AUTH_NATIVE_AUTHZ ) )
{
switch ( mt->mt_idassert_mode ) {
case LDAP_BACK_IDASSERT_OTHERID:
case LDAP_BACK_IDASSERT_OTHERDN:
authzID = mt->mt_idassert_authzID;
break;
case LDAP_BACK_IDASSERT_ANONYMOUS:
BER_BVSTR( &authzID, "dn:" );
break;
case LDAP_BACK_IDASSERT_SELF:
if ( BER_BVISNULL( &ndn ) ) {
/* connection is not authc'd, so don't idassert */
BER_BVSTR( &authzID, "dn:" );
break;
}
authzID.bv_len = STRLENOF( "dn:" ) + ndn.bv_len;
authzID.bv_val = slap_sl_malloc( authzID.bv_len + 1, op->o_tmpmemctx );
memcpy( authzID.bv_val, "dn:", STRLENOF( "dn:" ) );
memcpy( authzID.bv_val + STRLENOF( "dn:" ),
ndn.bv_val, ndn.bv_len + 1 );
freeauthz = 1;
break;
default:
break;
}
}
if ( mt->mt_idassert_secprops != NULL ) {
rs->sr_err = ldap_set_option( msc->msc_ld,
LDAP_OPT_X_SASL_SECPROPS,
(void *)mt->mt_idassert_secprops );
if ( rs->sr_err != LDAP_OPT_SUCCESS ) {
rs->sr_err = LDAP_OTHER;
if ( sendok & LDAP_BACK_SENDERR ) {
send_ldap_result( op, rs );
}
LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
goto done;
}
}
defaults = lutil_sasl_defaults( msc->msc_ld,
mt->mt_idassert_sasl_mech.bv_val,
mt->mt_idassert_sasl_realm.bv_val,
mt->mt_idassert_authcID.bv_val,
mt->mt_idassert_passwd.bv_val,
authzID.bv_val );
if ( defaults == NULL ) {
rs->sr_err = LDAP_OTHER;
LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
if ( sendok & LDAP_BACK_SENDERR ) {
send_ldap_result( op, rs );
}
goto done;
}
rs->sr_err = ldap_sasl_interactive_bind_s( msc->msc_ld, binddn->bv_val,
mt->mt_idassert_sasl_mech.bv_val, NULL, NULL,
LDAP_SASL_QUIET, lutil_sasl_interact,
defaults );
rs->sr_err = slap_map_api2result( rs );
if ( rs->sr_err != LDAP_SUCCESS ) {
LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
if ( sendok & LDAP_BACK_SENDERR ) {
send_ldap_result( op, rs );
}
} else {
LDAP_BACK_CONN_ISBOUND_SET( msc );
}
lutil_sasl_freedefs( defaults );
if ( freeauthz ) {
slap_sl_free( authzID.bv_val, op->o_tmpmemctx );
}
goto done;
#endif /* HAVE_CYRUS_SASL */
}
*method = mt->mt_idassert_authmethod;
switch ( mt->mt_idassert_authmethod ) {
case LDAP_AUTH_NONE:
BER_BVSTR( binddn, "" );
BER_BVSTR( bindcred, "" );
/* fallthru */
case LDAP_AUTH_SIMPLE:
break;
default:
/* unsupported! */
LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
rs->sr_err = LDAP_AUTH_METHOD_NOT_SUPPORTED;
if ( sendok & LDAP_BACK_SENDERR ) {
send_ldap_result( op, rs );
}
break;
}
done:;
if ( !BER_BVISEMPTY( binddn ) ) {
LDAP_BACK_CONN_ISIDASSERT_SET( msc );
}
return rs->sr_err;
}
/*
* meta_back_dobind
*/
int
meta_back_dobind(
Operation *op,
SlapReply *rs,
metaconn_t *mc,
ldap_back_send_t sendok )
{
metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
int bound = 0,
i,
isroot = 0;
SlapReply *candidates;
if ( be_isroot( op ) ) {
isroot = 1;
}
if ( LogTest( LDAP_DEBUG_TRACE ) ) {
char buf[STRLENOF("4294967295U") + 1] = { 0 };
mi->mi_ldap_extra->connid2str( &mc->mc_base, buf, sizeof(buf) );
Debug( LDAP_DEBUG_TRACE,
"%s meta_back_dobind: conn=%s%s\n",
op->o_log_prefix, buf,
isroot ? " (isroot)" : "" );
}
/*
* all the targets are bound as pseudoroot
*/
if ( mc->mc_authz_target == META_BOUND_ALL ) {
bound = 1;
goto done;
}
candidates = meta_back_candidates_get( op );
for ( i = 0; i < mi->mi_ntargets; i++ ) {
metatarget_t *mt = mi->mi_targets[ i ];
metasingleconn_t *msc = &mc->mc_conns[ i ];
int rc;
/*
* Not a candidate
*/
if ( !META_IS_CANDIDATE( &candidates[ i ] ) ) {
continue;
}
assert( msc->msc_ld != NULL );
/*
* If the target is already bound it is skipped
*/
retry_binding:;
ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
if ( LDAP_BACK_CONN_ISBOUND( msc )
|| ( LDAP_BACK_CONN_ISANON( msc )
&& mt->mt_idassert_authmethod == LDAP_AUTH_NONE ) )
{
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
++bound;
continue;
} else if ( META_BACK_CONN_CREATING( msc ) || LDAP_BACK_CONN_BINDING( msc ) )
{
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
ldap_pvt_thread_yield();
goto retry_binding;
}
LDAP_BACK_CONN_BINDING_SET( msc );
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
rc = meta_back_single_dobind( op, rs, &mc, i,
LDAP_BACK_DONTSEND, mt->mt_nretries, 1 );
/*
* NOTE: meta_back_single_dobind() already retries;
* in case of failure, it resets mc...
*/
if ( rc != LDAP_SUCCESS ) {
char buf[ SLAP_TEXT_BUFLEN ];
if ( mc == NULL ) {
/* meta_back_single_dobind() already sent
* response and released connection */
goto send_err;
}
if ( rc == LDAP_UNAVAILABLE ) {
/* FIXME: meta_back_retry() already re-calls
* meta_back_single_dobind() */
if ( meta_back_retry( op, rs, &mc, i, sendok ) ) {
goto retry_ok;
}
if ( mc != NULL ) {
ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
LDAP_BACK_CONN_BINDING_CLEAR( msc );
meta_back_release_conn_lock( mi, mc, 0 );
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
}
return 0;
}
ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
LDAP_BACK_CONN_BINDING_CLEAR( msc );
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
snprintf( buf, sizeof( buf ),
"meta_back_dobind[%d]: (%s) err=%d (%s).",
i, isroot ? op->o_bd->be_rootdn.bv_val : "anonymous",
rc, ldap_err2string( rc ) );
Debug( LDAP_DEBUG_ANY,
"%s %s\n",
op->o_log_prefix, buf );
/*
* null cred bind should always succeed
* as anonymous, so a failure means
* the target is no longer candidate possibly
* due to technical reasons (remote host down?)
* so better clear the handle
*/
/* leave the target candidate, but record the error for later use */
candidates[ i ].sr_err = rc;
if ( META_BACK_ONERR_STOP( mi ) ) {
bound = 0;
goto done;
}
continue;
} /* else */
retry_ok:;
Debug( LDAP_DEBUG_TRACE,
"%s meta_back_dobind[%d]: "
"(%s)\n",
op->o_log_prefix, i,
isroot ? op->o_bd->be_rootdn.bv_val : "anonymous" );
ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
LDAP_BACK_CONN_BINDING_CLEAR( msc );
if ( isroot ) {
LDAP_BACK_CONN_ISBOUND_SET( msc );
} else {
LDAP_BACK_CONN_ISANON_SET( msc );
}
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
++bound;
}
done:;
if ( LogTest( LDAP_DEBUG_TRACE ) ) {
char buf[STRLENOF("4294967295U") + 1] = { 0 };
mi->mi_ldap_extra->connid2str( &mc->mc_base, buf, sizeof(buf) );
Debug( LDAP_DEBUG_TRACE,
"%s meta_back_dobind: conn=%s bound=%d\n",
op->o_log_prefix, buf, bound );
}
if ( bound == 0 ) {
meta_back_release_conn( mi, mc );
send_err:;
if ( sendok & LDAP_BACK_SENDERR ) {
if ( rs->sr_err == LDAP_SUCCESS ) {
rs->sr_err = LDAP_BUSY;
}
send_ldap_result( op, rs );
}
return 0;
}
return ( bound > 0 );
}
static int
pguid_repair( BackendDB *be )
{
slap_overinst *on = (slap_overinst *)be->bd_info;
void *ctx = ldap_pvt_thread_pool_context();
Connection conn = { 0 };
OperationBuffer opbuf;
Operation *op;
slap_callback sc = { 0 };
pguid_repair_cb_t pcb = { 0 };
SlapReply rs = { REP_RESULT };
pguid_mod_t *pmod;
int nrepaired = 0;
connection_fake_init2( &conn, &opbuf, ctx, 0 );
op = &opbuf.ob_op;
op->o_tag = LDAP_REQ_SEARCH;
memset( &op->oq_search, 0, sizeof( op->oq_search ) );
op->o_bd = select_backend( &be->be_nsuffix[ 0 ], 0 );
op->o_req_dn = op->o_bd->be_suffix[ 0 ];
op->o_req_ndn = op->o_bd->be_nsuffix[ 0 ];
op->o_dn = op->o_bd->be_rootdn;
op->o_ndn = op->o_bd->be_rootndn;
op->ors_scope = LDAP_SCOPE_SUBORDINATE;
op->ors_tlimit = SLAP_NO_LIMIT;
op->ors_slimit = SLAP_NO_LIMIT;
op->ors_attrs = slap_anlist_no_attrs;
op->ors_filterstr.bv_len = STRLENOF( "(!(=*))" ) + ad_parentUUID->ad_cname.bv_len;
op->ors_filterstr.bv_val = op->o_tmpalloc( op->ors_filterstr.bv_len + 1, op->o_tmpmemctx );
snprintf( op->ors_filterstr.bv_val, op->ors_filterstr.bv_len + 1,
"(!(%s=*))", ad_parentUUID->ad_cname.bv_val );
op->ors_filter = str2filter_x( op, op->ors_filterstr.bv_val );
if ( op->ors_filter == NULL ) {
rs.sr_err = LDAP_OTHER;
goto done_search;
}
op->o_callback = ≻
sc.sc_response = pguid_repair_cb;
sc.sc_private = &pcb;
pcb.on = on;
(void)op->o_bd->bd_info->bi_op_search( op, &rs );
op->o_tag = LDAP_REQ_MODIFY;
sc.sc_response = slap_null_cb;
sc.sc_private = NULL;
memset( &op->oq_modify, 0, sizeof( req_modify_s ) );
for ( pmod = pcb.mods; pmod != NULL; ) {
pguid_mod_t *pnext;
Modifications *mod;
SlapReply rs2 = { REP_RESULT };
mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
mod->sml_flags = SLAP_MOD_INTERNAL;
mod->sml_op = LDAP_MOD_REPLACE;
mod->sml_desc = ad_parentUUID;
mod->sml_type = ad_parentUUID->ad_cname;
mod->sml_values = ch_malloc( sizeof( struct berval ) * 2 );
mod->sml_nvalues = NULL;
mod->sml_numvals = 1;
mod->sml_next = NULL;
ber_dupbv( &mod->sml_values[0], &pmod->pguid );
BER_BVZERO( &mod->sml_values[1] );
op->o_req_dn = pmod->ndn;
op->o_req_ndn = pmod->ndn;
op->orm_modlist = mod;
op->o_bd->be_modify( op, &rs2 );
slap_mods_free( op->orm_modlist, 1 );
if ( rs2.sr_err == LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, "%s: pguid_repair: entry DN=\"%s\" repaired\n",
op->o_log_prefix, pmod->ndn.bv_val, 0 );
nrepaired++;
} else {
Debug( LDAP_DEBUG_ANY, "%s: pguid_repair: entry DN=\"%s\" repair failed (%d)\n",
op->o_log_prefix, pmod->ndn.bv_val, rs2.sr_err );
}
pnext = pmod->next;
op->o_tmpfree( pmod, op->o_tmpmemctx );
pmod = pnext;
}
done_search:;
op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
filter_free_x( op, op->ors_filter, 1 );
Log1( LDAP_DEBUG_STATS, LDAP_LEVEL_INFO,
"pguid: repaired=%d\n", nrepaired );
return rs.sr_err;
}
/*
* Lookup and return LDAP servers for domain (using the DNS
* SRV record _ldap._tcp.domain).
*/
int ldap_domain2hostlist(
LDAP_CONST char *domain,
char **list )
{
#ifdef HAVE_RES_QUERY
#define DNSBUFSIZ (64*1024)
char *request;
char *hostlist = NULL;
int rc, len, cur = 0;
unsigned char reply[DNSBUFSIZ];
assert( domain != NULL );
assert( list != NULL );
if( *domain == '\0' ) {
return LDAP_PARAM_ERROR;
}
request = LDAP_MALLOC(strlen(domain) + sizeof("_ldap._tcp."));
if (request == NULL) {
return LDAP_NO_MEMORY;
}
sprintf(request, "_ldap._tcp.%s", domain);
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_lock(&ldap_int_resolv_mutex);
#endif
rc = LDAP_UNAVAILABLE;
#ifdef NS_HFIXEDSZ
/* Bind 8/9 interface */
len = res_query(request, ns_c_in, ns_t_srv, reply, sizeof(reply));
# ifndef T_SRV
# define T_SRV ns_t_srv
# endif
#else
/* Bind 4 interface */
# ifndef T_SRV
# define T_SRV 33
# endif
len = res_query(request, C_IN, T_SRV, reply, sizeof(reply));
#endif
if (len >= 0) {
unsigned char *p;
char host[DNSBUFSIZ];
int status;
u_short port;
/* int priority, weight; */
/* Parse out query */
p = reply;
#ifdef NS_HFIXEDSZ
/* Bind 8/9 interface */
p += NS_HFIXEDSZ;
#elif defined(HFIXEDSZ)
/* Bind 4 interface w/ HFIXEDSZ */
p += HFIXEDSZ;
#else
/* Bind 4 interface w/o HFIXEDSZ */
p += sizeof(HEADER);
#endif
status = dn_expand(reply, reply + len, p, host, sizeof(host));
if (status < 0) {
goto out;
}
p += status;
p += 4;
while (p < reply + len) {
int type, class, ttl, size;
status = dn_expand(reply, reply + len, p, host, sizeof(host));
if (status < 0) {
goto out;
}
p += status;
type = (p[0] << 8) | p[1];
p += 2;
class = (p[0] << 8) | p[1];
p += 2;
ttl = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
p += 4;
size = (p[0] << 8) | p[1];
p += 2;
if (type == T_SRV) {
int buflen;
status = dn_expand(reply, reply + len, p + 6, host, sizeof(host));
if (status < 0) {
goto out;
}
/* ignore priority and weight for now */
/* priority = (p[0] << 8) | p[1]; */
/* weight = (p[2] << 8) | p[3]; */
port = (p[4] << 8) | p[5];
if ( port == 0 || host[ 0 ] == '\0' ) {
goto add_size;
}
buflen = strlen(host) + STRLENOF(":65355 ");
hostlist = (char *) LDAP_REALLOC(hostlist, cur + buflen + 1);
if (hostlist == NULL) {
rc = LDAP_NO_MEMORY;
goto out;
}
if (cur > 0) {
/* not first time around */
hostlist[cur++] = ' ';
}
cur += sprintf(&hostlist[cur], "%s:%hd", host, port);
}
add_size:;
p += size;
}
}
static void *
slapd_rw_config( const char *fname, int lineno, int argc, char **argv )
{
slapd_map_data *ret = NULL;
LDAPURLDesc *lud = NULL;
char *uri;
AttributeDescription *ad = NULL;
int rc, flen = 0;
struct berval dn, ndn;
if ( argc != 1 ) {
Debug( LDAP_DEBUG_ANY,
"[%s:%d] slapd map needs URI\n",
fname, lineno, 0 );
return NULL;
}
uri = argv[0];
if ( strncasecmp( uri, "uri=", STRLENOF( "uri=" ) ) == 0 ) {
uri += STRLENOF( "uri=" );
}
if ( ldap_url_parse( uri, &lud ) != LDAP_URL_SUCCESS ) {
Debug( LDAP_DEBUG_ANY,
"[%s:%d] illegal URI '%s'\n",
fname, lineno, uri );
return NULL;
}
if ( strcasecmp( lud->lud_scheme, "ldap" )) {
Debug( LDAP_DEBUG_ANY,
"[%s:%d] illegal URI scheme '%s'\n",
fname, lineno, lud->lud_scheme );
goto done;
}
if (( lud->lud_host && lud->lud_host[0] ) || lud->lud_exts
|| !lud->lud_dn ) {
Debug( LDAP_DEBUG_ANY,
"[%s:%d] illegal URI '%s'\n",
fname, lineno, uri );
goto done;
}
if ( lud->lud_attrs ) {
if ( lud->lud_attrs[1] ) {
Debug( LDAP_DEBUG_ANY,
"[%s:%d] only one attribute allowed in URI\n",
fname, lineno, 0 );
goto done;
}
if ( strcasecmp( lud->lud_attrs[0], "dn" ) &&
strcasecmp( lud->lud_attrs[0], "entryDN" )) {
const char *text;
rc = slap_str2ad( lud->lud_attrs[0], &ad, &text );
if ( rc )
goto done;
}
}
ber_str2bv( lud->lud_dn, 0, 0, &dn );
if ( dnNormalize( 0, NULL, NULL, &dn, &ndn, NULL ))
goto done;
if ( lud->lud_filter ) {
flen = strlen( lud->lud_filter ) + 1;
}
ret = ch_malloc( sizeof( slapd_map_data ) + flen );
ret->base = ndn;
if ( flen ) {
ret->filter.bv_val = (char *)(ret+1);
ret->filter.bv_len = flen - 1;
strcpy( ret->filter.bv_val, lud->lud_filter );
} else {
BER_BVZERO( &ret->filter );
}
ret->scope = lud->lud_scope;
if ( ad ) {
ret->attrs[0].an_name = ad->ad_cname;
} else {
BER_BVZERO( &ret->attrs[0].an_name );
}
ret->attrs[0].an_desc = ad;
BER_BVZERO( &ret->attrs[1].an_name );
done:
ldap_free_urldesc( lud );
return ret;
}
int
dnssrv_back_referrals(
Operation *op,
SlapReply *rs )
{
int i;
int rc = LDAP_OTHER;
char *domain = NULL;
char *hostlist = NULL;
char **hosts = NULL;
BerVarray urls = NULL;
if ( BER_BVISEMPTY( &op->o_req_dn ) ) {
/* FIXME: need some means to determine whether the database
* is a glue instance */
if ( SLAP_GLUE_INSTANCE( op->o_bd ) ) {
return LDAP_SUCCESS;
}
rs->sr_text = "DNS SRV operation upon null (empty) DN disallowed";
return LDAP_UNWILLING_TO_PERFORM;
}
if( get_manageDSAit( op ) ) {
if( op->o_tag == LDAP_REQ_SEARCH ) {
return LDAP_SUCCESS;
}
rs->sr_text = "DNS SRV problem processing manageDSAit control";
return LDAP_OTHER;
}
if( ldap_dn2domain( op->o_req_dn.bv_val, &domain ) || domain == NULL ) {
rs->sr_err = LDAP_REFERRAL;
rs->sr_ref = default_referral;
send_ldap_result( op, rs );
rs->sr_ref = NULL;
return LDAP_REFERRAL;
}
Debug( LDAP_DEBUG_TRACE, "DNSSRV: dn=\"%s\" -> domain=\"%s\"\n",
op->o_req_dn.bv_val, domain, 0 );
i = ldap_domain2hostlist( domain, &hostlist );
if ( i ) {
Debug( LDAP_DEBUG_TRACE,
"DNSSRV: domain2hostlist(%s) returned %d\n",
domain, i, 0 );
rs->sr_text = "no DNS SRV RR available for DN";
rc = LDAP_NO_SUCH_OBJECT;
goto done;
}
hosts = ldap_str2charray( hostlist, " " );
if( hosts == NULL ) {
Debug( LDAP_DEBUG_TRACE, "DNSSRV: str2charrary error\n", 0, 0, 0 );
rs->sr_text = "problem processing DNS SRV records for DN";
goto done;
}
for( i=0; hosts[i] != NULL; i++) {
struct berval url;
url.bv_len = STRLENOF( "ldap://" ) + strlen( hosts[i] );
url.bv_val = ch_malloc( url.bv_len + 1 );
strcpy( url.bv_val, "ldap://" );
strcpy( &url.bv_val[STRLENOF( "ldap://" )], hosts[i] );
if ( ber_bvarray_add( &urls, &url ) < 0 ) {
free( url.bv_val );
rs->sr_text = "problem processing DNS SRV records for DN";
goto done;
}
}
Statslog( LDAP_DEBUG_STATS,
"%s DNSSRV p=%d dn=\"%s\" url=\"%s\"\n",
op->o_log_prefix, op->o_protocol,
op->o_req_dn.bv_val, urls[0].bv_val, 0 );
Debug( LDAP_DEBUG_TRACE, "DNSSRV: dn=\"%s\" -> url=\"%s\"\n",
op->o_req_dn.bv_val, urls[0].bv_val, 0 );
rs->sr_ref = urls;
send_ldap_error( op, rs, LDAP_REFERRAL,
"DNS SRV generated referrals" );
rs->sr_ref = NULL;
rc = LDAP_REFERRAL;
done:
if( domain != NULL ) ch_free( domain );
if( hostlist != NULL ) ch_free( hostlist );
if( hosts != NULL ) ldap_charray_free( hosts );
ber_bvarray_free( urls );
return rc;
}
int slap_bv2ad(
struct berval *bv,
AttributeDescription **ad,
const char **text )
{
int rtn = LDAP_UNDEFINED_TYPE;
AttributeDescription desc, *d2;
char *name, *options, *optn;
char *opt, *next;
int ntags;
int tagslen;
/* hardcoded limits for speed */
#define MAX_TAGGING_OPTIONS 128
struct berval tags[MAX_TAGGING_OPTIONS+1];
#define MAX_TAGS_LEN 1024
char tagbuf[MAX_TAGS_LEN];
assert( ad != NULL );
assert( *ad == NULL ); /* temporary */
if( bv == NULL || BER_BVISNULL( bv ) || BER_BVISEMPTY( bv ) ) {
*text = "empty AttributeDescription";
return rtn;
}
/* make sure description is IA5 */
if( ad_keystring( bv ) ) {
*text = "AttributeDescription contains inappropriate characters";
return rtn;
}
/* find valid base attribute type; parse in place */
desc.ad_cname = *bv;
desc.ad_flags = 0;
BER_BVZERO( &desc.ad_tags );
name = bv->bv_val;
options = ber_bvchr( bv, ';' );
if ( options != NULL && (unsigned) ( options - name ) < bv->bv_len ) {
/* don't go past the end of the berval! */
desc.ad_cname.bv_len = options - name;
} else {
options = NULL;
}
desc.ad_type = at_bvfind( &desc.ad_cname );
if( desc.ad_type == NULL ) {
*text = "attribute type undefined";
return rtn;
}
if( is_at_operational( desc.ad_type ) && options != NULL ) {
*text = "operational attribute with options undefined";
return rtn;
}
/*
* parse options in place
*/
ntags = 0;
tagslen = 0;
optn = bv->bv_val + bv->bv_len;
for( opt=options; opt != NULL; opt=next ) {
int optlen;
opt++;
next = strchrlen( opt, optn, ';', &optlen );
if( optlen == 0 ) {
*text = "zero length option is invalid";
return rtn;
} else if ( optlen == STRLENOF("binary") &&
strncasecmp( opt, "binary", STRLENOF("binary") ) == 0 )
{
/* binary option */
if( slap_ad_is_binary( &desc ) ) {
*text = "option \"binary\" specified multiple times";
return rtn;
}
if( !slap_syntax_is_binary( desc.ad_type->sat_syntax )) {
/* not stored in binary, disallow option */
*text = "option \"binary\" not supported with type";
return rtn;
}
desc.ad_flags |= SLAP_DESC_BINARY;
continue;
} else if ( ad_find_option_definition( opt, optlen ) ) {
int i;
if( opt[optlen-1] == '-' ||
( opt[optlen-1] == '=' && msad_range_hack )) {
desc.ad_flags |= SLAP_DESC_TAG_RANGE;
}
if( ntags >= MAX_TAGGING_OPTIONS ) {
*text = "too many tagging options";
return rtn;
}
/*
* tags should be presented in sorted order,
* so run the array in reverse.
*/
for( i=ntags-1; i>=0; i-- ) {
int rc;
rc = strncasecmp( opt, tags[i].bv_val,
(unsigned) optlen < tags[i].bv_len
? (unsigned) optlen : tags[i].bv_len );
if( rc == 0 && (unsigned)optlen == tags[i].bv_len ) {
/* duplicate (ignore) */
ntags--;
goto done;
} else if ( rc > 0 ||
( rc == 0 && (unsigned)optlen > tags[i].bv_len ))
{
AC_MEMCPY( &tags[i+2], &tags[i+1],
(ntags-i-1)*sizeof(struct berval) );
tags[i+1].bv_val = opt;
tags[i+1].bv_len = optlen;
goto done;
}
}
if( ntags ) {
AC_MEMCPY( &tags[1], &tags[0],
ntags*sizeof(struct berval) );
}
tags[0].bv_val = opt;
tags[0].bv_len = optlen;
done:;
tagslen += optlen + 1;
ntags++;
} else {
*text = "unrecognized option";
return rtn;
}
}
if( ntags > 0 ) {
int i;
if( tagslen > MAX_TAGS_LEN ) {
*text = "tagging options too long";
return rtn;
}
desc.ad_tags.bv_val = tagbuf;
tagslen = 0;
for( i=0; i<ntags; i++ ) {
AC_MEMCPY( &desc.ad_tags.bv_val[tagslen],
tags[i].bv_val, tags[i].bv_len );
tagslen += tags[i].bv_len;
desc.ad_tags.bv_val[tagslen++] = ';';
}
desc.ad_tags.bv_val[--tagslen] = '\0';
desc.ad_tags.bv_len = tagslen;
}
/* see if a matching description is already cached */
for (d2 = desc.ad_type->sat_ad; d2; d2=d2->ad_next) {
if( d2->ad_flags != desc.ad_flags ) {
continue;
}
if( d2->ad_tags.bv_len != desc.ad_tags.bv_len ) {
continue;
}
if( d2->ad_tags.bv_len == 0 ) {
break;
}
if( strncasecmp( d2->ad_tags.bv_val, desc.ad_tags.bv_val,
desc.ad_tags.bv_len ) == 0 )
{
break;
}
}
/* Not found, add new one */
while (d2 == NULL) {
size_t dlen = 0;
ldap_pvt_thread_mutex_lock( &desc.ad_type->sat_ad_mutex );
/* check again now that we've locked */
for (d2 = desc.ad_type->sat_ad; d2; d2=d2->ad_next) {
if (d2->ad_flags != desc.ad_flags)
continue;
if (d2->ad_tags.bv_len != desc.ad_tags.bv_len)
continue;
if (d2->ad_tags.bv_len == 0)
break;
if (strncasecmp(d2->ad_tags.bv_val, desc.ad_tags.bv_val,
desc.ad_tags.bv_len) == 0)
break;
}
if (d2) {
ldap_pvt_thread_mutex_unlock( &desc.ad_type->sat_ad_mutex );
break;
}
/* Allocate a single contiguous block. If there are no
* options, we just need space for the AttrDesc structure.
* Otherwise, we need to tack on the full name length +
* options length, + maybe tagging options length again.
*/
if (desc.ad_tags.bv_len || desc.ad_flags != SLAP_DESC_NONE) {
dlen = desc.ad_type->sat_cname.bv_len + 1;
if (desc.ad_tags.bv_len) {
dlen += 1 + desc.ad_tags.bv_len;
}
if ( slap_ad_is_binary( &desc ) ) {
dlen += 1 + STRLENOF(";binary") + desc.ad_tags.bv_len;
}
}
d2 = ch_malloc(sizeof(AttributeDescription) + dlen);
d2->ad_next = NULL;
d2->ad_type = desc.ad_type;
d2->ad_flags = desc.ad_flags;
d2->ad_cname.bv_len = desc.ad_type->sat_cname.bv_len;
d2->ad_tags.bv_len = desc.ad_tags.bv_len;
ldap_pvt_thread_mutex_lock( &ad_index_mutex );
d2->ad_index = ++ad_count;
ldap_pvt_thread_mutex_unlock( &ad_index_mutex );
if (dlen == 0) {
d2->ad_cname.bv_val = d2->ad_type->sat_cname.bv_val;
d2->ad_tags.bv_val = NULL;
} else {
char *cp, *op, *lp;
int j;
d2->ad_cname.bv_val = (char *)(d2+1);
strcpy(d2->ad_cname.bv_val, d2->ad_type->sat_cname.bv_val);
cp = d2->ad_cname.bv_val + d2->ad_cname.bv_len;
if( slap_ad_is_binary( &desc ) ) {
op = cp;
lp = NULL;
if( desc.ad_tags.bv_len ) {
lp = desc.ad_tags.bv_val;
while( strncasecmp(lp, "binary", STRLENOF("binary")) < 0
&& (lp = strchr( lp, ';' )) != NULL )
++lp;
if( lp != desc.ad_tags.bv_val ) {
*cp++ = ';';
j = (lp
? (unsigned) (lp - desc.ad_tags.bv_val - 1)
: strlen( desc.ad_tags.bv_val ));
cp = lutil_strncopy(cp, desc.ad_tags.bv_val, j);
}
}
cp = lutil_strcopy(cp, ";binary");
if( lp != NULL ) {
*cp++ = ';';
cp = lutil_strcopy(cp, lp);
}
d2->ad_cname.bv_len = cp - d2->ad_cname.bv_val;
if( desc.ad_tags.bv_len )
ldap_pvt_str2lower(op);
j = 1;
} else {
j = 0;
}
if( desc.ad_tags.bv_len ) {
lp = d2->ad_cname.bv_val + d2->ad_cname.bv_len + j;
if ( j == 0 )
*lp++ = ';';
d2->ad_tags.bv_val = lp;
strcpy(lp, desc.ad_tags.bv_val);
ldap_pvt_str2lower(lp);
if( j == 0 )
d2->ad_cname.bv_len += 1 + desc.ad_tags.bv_len;
}
}
/* Add new desc to list. We always want the bare Desc with
* no options to stay at the head of the list, assuming
* that one will be used most frequently.
*/
if (desc.ad_type->sat_ad == NULL || dlen == 0) {
d2->ad_next = desc.ad_type->sat_ad;
desc.ad_type->sat_ad = d2;
} else {
d2->ad_next = desc.ad_type->sat_ad->ad_next;
desc.ad_type->sat_ad->ad_next = d2;
}
ldap_pvt_thread_mutex_unlock( &desc.ad_type->sat_ad_mutex );
}
if( *ad == NULL ) {
*ad = d2;
} else {
**ad = *d2;
}
return LDAP_SUCCESS;
}
/*
* Lookup and return LDAP servers for domain (using the DNS
* SRV record _ldap._tcp.domain).
*/
int ldap_domain2hostlist(
LDAP_CONST char *domain,
char **list )
{
#ifdef HAVE_RES_QUERY
char *request;
char *hostlist = NULL;
srv_record *hostent_head=NULL;
int i, j;
int rc, len, cur = 0;
unsigned char reply[DNSBUFSIZ];
int hostent_count=0;
assert( domain != NULL );
assert( list != NULL );
if( *domain == '\0' ) {
return LDAP_PARAM_ERROR;
}
request = LDAP_MALLOC(strlen(domain) + sizeof("_ldap._tcp."));
if (request == NULL) {
return LDAP_NO_MEMORY;
}
sprintf(request, "_ldap._tcp.%s", domain);
LDAP_MUTEX_LOCK(&ldap_int_resolv_mutex);
rc = LDAP_UNAVAILABLE;
#ifdef NS_HFIXEDSZ
/* Bind 8/9 interface */
len = res_query(request, ns_c_in, ns_t_srv, reply, sizeof(reply));
# ifndef T_SRV
# define T_SRV ns_t_srv
# endif
#else
/* Bind 4 interface */
# ifndef T_SRV
# define T_SRV 33
# endif
len = res_query(request, C_IN, T_SRV, reply, sizeof(reply));
#endif
if (len >= 0) {
unsigned char *p;
char host[DNSBUFSIZ];
int status;
u_short port, priority, weight;
/* Parse out query */
p = reply;
#ifdef NS_HFIXEDSZ
/* Bind 8/9 interface */
p += NS_HFIXEDSZ;
#elif defined(HFIXEDSZ)
/* Bind 4 interface w/ HFIXEDSZ */
p += HFIXEDSZ;
#else
/* Bind 4 interface w/o HFIXEDSZ */
p += sizeof(HEADER);
#endif
status = dn_expand(reply, reply + len, p, host, sizeof(host));
if (status < 0) {
goto out;
}
p += status;
p += 4;
while (p < reply + len) {
int type, size;
int class ALLOW_UNUSED, ttl ALLOW_UNUSED;
status = dn_expand(reply, reply + len, p, host, sizeof(host));
if (status < 0) {
goto out;
}
p += status;
type = (p[0] << 8) | p[1];
p += 2;
class = (p[0] << 8) | p[1];
p += 2;
ttl = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
p += 4;
size = (p[0] << 8) | p[1];
p += 2;
if (type == T_SRV) {
status = dn_expand(reply, reply + len, p + 6, host, sizeof(host));
if (status < 0) {
goto out;
}
/* Get priority weight and port */
priority = (p[0] << 8) | p[1];
weight = (p[2] << 8) | p[3];
port = (p[4] << 8) | p[5];
if ( port == 0 || host[ 0 ] == '\0' ) {
goto add_size;
}
hostent_head = (srv_record *) LDAP_REALLOC(hostent_head, (hostent_count+1)*(sizeof(srv_record)));
if(hostent_head==NULL){
rc=LDAP_NO_MEMORY;
goto out;
}
hostent_head[hostent_count].priority=priority;
hostent_head[hostent_count].weight=weight;
hostent_head[hostent_count].port=port;
strncpy(hostent_head[hostent_count].hostname, host, MAXHOST-1);
hostent_head[hostent_count].hostname[MAXHOST-1] = '\0';
hostent_count++;
}
add_size:;
p += size;
}
if (!hostent_head) goto out;
qsort(hostent_head, hostent_count, sizeof(srv_record), srv_cmp);
if (!srv_seed)
srv_srand(time(0L));
/* shuffle records of same priority */
j = 0;
priority = hostent_head[0].priority;
for (i=1; i<hostent_count; i++) {
if (hostent_head[i].priority != priority) {
priority = hostent_head[i].priority;
if (i-j > 1)
srv_shuffle(hostent_head+j, i-j);
j = i;
}
}
if (i-j > 1)
srv_shuffle(hostent_head+j, i-j);
for(i=0; i<hostent_count; i++){
int buflen;
buflen = strlen(hostent_head[i].hostname) + STRLENOF(":65535 ");
hostlist = (char *) LDAP_REALLOC(hostlist, cur+buflen+1);
if (hostlist == NULL) {
rc = LDAP_NO_MEMORY;
goto out;
}
if(cur>0){
hostlist[cur++]=' ';
}
cur += sprintf(&hostlist[cur], "%s:%hu", hostent_head[i].hostname, hostent_head[i].port);
}
}
static int
constraint_cf_gen( ConfigArgs *c )
{
slap_overinst *on = (slap_overinst *)(c->bi);
constraint *cn = on->on_bi.bi_private, *cp;
struct berval bv;
int i, rc = 0;
constraint ap = { NULL };
const char *text = NULL;
switch ( c->op ) {
case SLAP_CONFIG_EMIT:
switch (c->type) {
case CONSTRAINT_ATTRIBUTE:
for (cp=cn; cp; cp=cp->ap_next) {
char *s;
char *tstr = NULL;
int quotes = 0;
int j;
bv.bv_len = STRLENOF(" ");
for (j = 0; cp->ap[j]; j++) {
bv.bv_len += cp->ap[j]->ad_cname.bv_len;
}
/* room for commas */
bv.bv_len += j - 1;
if (cp->re) {
tstr = REGEX_STR;
} else if (cp->lud) {
tstr = URI_STR;
quotes = 1;
} else if (cp->set) {
tstr = SET_STR;
quotes = 1;
} else if (cp->size) {
tstr = SIZE_STR;
} else if (cp->count) {
tstr = COUNT_STR;
}
bv.bv_len += strlen(tstr);
bv.bv_len += cp->val.bv_len + 2*quotes;
if (cp->restrict_lud != NULL) {
bv.bv_len += cp->restrict_val.bv_len + STRLENOF(" restrict=\"\"");
}
s = bv.bv_val = ch_malloc(bv.bv_len + 1);
s = lutil_strncopy( s, cp->ap[0]->ad_cname.bv_val, cp->ap[0]->ad_cname.bv_len );
for (j = 1; cp->ap[j]; j++) {
*s++ = ',';
s = lutil_strncopy( s, cp->ap[j]->ad_cname.bv_val, cp->ap[j]->ad_cname.bv_len );
}
*s++ = ' ';
s = lutil_strcopy( s, tstr );
*s++ = ' ';
if ( quotes ) *s++ = '"';
s = lutil_strncopy( s, cp->val.bv_val, cp->val.bv_len );
if ( quotes ) *s++ = '"';
if (cp->restrict_lud != NULL) {
s = lutil_strcopy( s, " restrict=\"" );
s = lutil_strncopy( s, cp->restrict_val.bv_val, cp->restrict_val.bv_len );
*s++ = '"';
}
*s = '\0';
rc = value_add_one( &c->rvalue_vals, &bv );
if (rc == LDAP_SUCCESS)
rc = value_add_one( &c->rvalue_nvals, &bv );
ch_free(bv.bv_val);
if (rc) return rc;
}
break;
default:
abort();
break;
}
break;
case LDAP_MOD_DELETE:
switch (c->type) {
case CONSTRAINT_ATTRIBUTE:
if (!cn) break; /* nothing to do */
if (c->valx < 0) {
/* zap all constraints */
while (cn) {
cp = cn->ap_next;
constraint_free( cn, 1 );
cn = cp;
}
on->on_bi.bi_private = NULL;
} else {
constraint **cpp;
/* zap constraint numbered 'valx' */
for(i=0, cp = cn, cpp = &cn;
(cp) && (i<c->valx);
i++, cpp = &cp->ap_next, cp = *cpp);
if (cp) {
/* zap cp, and join cpp to cp->ap_next */
*cpp = cp->ap_next;
constraint_free( cp, 1 );
}
on->on_bi.bi_private = cn;
}
break;
default:
abort();
break;
}
break;
case SLAP_CONFIG_ADD:
case LDAP_MOD_ADD:
switch (c->type) {
case CONSTRAINT_ATTRIBUTE: {
int j;
char **attrs = ldap_str2charray( c->argv[1], "," );
for ( j = 0; attrs[j]; j++)
/* just count */ ;
ap.ap = ch_calloc( sizeof(AttributeDescription*), j + 1 );
for ( j = 0; attrs[j]; j++) {
if ( slap_str2ad( attrs[j], &ap.ap[j], &text ) ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s <%s>: %s\n", c->argv[0], attrs[j], text );
rc = ARG_BAD_CONF;
goto done;
}
}
if ( strcasecmp( c->argv[2], REGEX_STR ) == 0) {
int err;
ap.re = ch_malloc( sizeof(regex_t) );
if ((err = regcomp( ap.re,
c->argv[3], REG_EXTENDED )) != 0) {
char errmsg[1024];
regerror( err, ap.re, errmsg, sizeof(errmsg) );
ch_free(ap.re);
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s %s: Illegal regular expression \"%s\": Error %s",
c->argv[0], c->argv[1], c->argv[3], errmsg);
ap.re = NULL;
rc = ARG_BAD_CONF;
goto done;
}
ber_str2bv( c->argv[3], 0, 1, &ap.val );
} else if ( strcasecmp( c->argv[2], SIZE_STR ) == 0 ) {
size_t size;
if ( ( size = atoi(c->argv[3]) ) != 0 )
ap.size = size;
} else if ( strcasecmp( c->argv[2], COUNT_STR ) == 0 ) {
size_t count;
if ( ( count = atoi(c->argv[3]) ) != 0 )
ap.count = count;
} else if ( strcasecmp( c->argv[2], URI_STR ) == 0 ) {
int err;
err = ldap_url_parse(c->argv[3], &ap.lud);
if ( err != LDAP_URL_SUCCESS ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s %s: Invalid URI \"%s\"",
c->argv[0], c->argv[1], c->argv[3]);
rc = ARG_BAD_CONF;
goto done;
}
if (ap.lud->lud_host != NULL) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s %s: unsupported hostname in URI \"%s\"",
c->argv[0], c->argv[1], c->argv[3]);
ldap_free_urldesc(ap.lud);
rc = ARG_BAD_CONF;
goto done;
}
for ( i=0; ap.lud->lud_attrs[i]; i++);
/* FIXME: This is worthless without at least one attr */
if ( i ) {
ap.attrs = ch_malloc( (i+1)*sizeof(AttributeDescription *));
for ( i=0; ap.lud->lud_attrs[i]; i++) {
ap.attrs[i] = NULL;
if ( slap_str2ad( ap.lud->lud_attrs[i], &ap.attrs[i], &text ) ) {
ch_free( ap.attrs );
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s <%s>: %s\n", c->argv[0], ap.lud->lud_attrs[i], text );
rc = ARG_BAD_CONF;
goto done;
}
}
ap.attrs[i] = NULL;
}
if (ap.lud->lud_dn == NULL) {
ap.lud->lud_dn = ch_strdup("");
} else {
struct berval dn, ndn;
ber_str2bv( ap.lud->lud_dn, 0, 0, &dn );
if (dnNormalize( 0, NULL, NULL, &dn, &ndn, NULL ) ) {
/* cleanup */
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s %s: URI %s DN normalization failed",
c->argv[0], c->argv[1], c->argv[3] );
Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
"%s: %s\n", c->log, c->cr_msg, 0 );
rc = ARG_BAD_CONF;
goto done;
}
ldap_memfree( ap.lud->lud_dn );
ap.lud->lud_dn = ndn.bv_val;
}
if (ap.lud->lud_filter == NULL) {
ap.lud->lud_filter = ch_strdup("objectClass=*");
} else if ( ap.lud->lud_filter[0] == '(' ) {
ber_len_t len = strlen( ap.lud->lud_filter );
if ( ap.lud->lud_filter[len - 1] != ')' ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s %s: invalid URI filter: %s",
c->argv[0], c->argv[1], ap.lud->lud_filter );
rc = ARG_BAD_CONF;
goto done;
}
AC_MEMCPY( &ap.lud->lud_filter[0], &ap.lud->lud_filter[1], len - 2 );
ap.lud->lud_filter[len - 2] = '\0';
}
ber_str2bv( c->argv[3], 0, 1, &ap.val );
} else if ( strcasecmp( c->argv[2], SET_STR ) == 0 ) {
ap.set = 1;
ber_str2bv( c->argv[3], 0, 1, &ap.val );
} else {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s %s: Unknown constraint type: %s",
c->argv[0], c->argv[1], c->argv[2] );
rc = ARG_BAD_CONF;
goto done;
}
if ( c->argc > 4 ) {
int argidx;
for ( argidx = 4; argidx < c->argc; argidx++ ) {
if ( strncasecmp( c->argv[argidx], "restrict=", STRLENOF("restrict=") ) == 0 ) {
int err;
char *arg = c->argv[argidx] + STRLENOF("restrict=");
err = ldap_url_parse(arg, &ap.restrict_lud);
if ( err != LDAP_URL_SUCCESS ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s %s: Invalid restrict URI \"%s\"",
c->argv[0], c->argv[1], arg);
rc = ARG_BAD_CONF;
goto done;
}
if (ap.restrict_lud->lud_host != NULL) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s %s: unsupported hostname in restrict URI \"%s\"",
c->argv[0], c->argv[1], arg);
rc = ARG_BAD_CONF;
goto done;
}
if ( ap.restrict_lud->lud_attrs != NULL ) {
if ( ap.restrict_lud->lud_attrs[0] != '\0' ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s %s: attrs not allowed in restrict URI %s\n",
c->argv[0], c->argv[1], arg);
rc = ARG_BAD_CONF;
goto done;
}
ldap_memvfree((void *)ap.restrict_lud->lud_attrs);
ap.restrict_lud->lud_attrs = NULL;
}
if (ap.restrict_lud->lud_dn != NULL) {
if (ap.restrict_lud->lud_dn[0] == '\0') {
ldap_memfree(ap.restrict_lud->lud_dn);
ap.restrict_lud->lud_dn = NULL;
} else {
struct berval dn, ndn;
int j;
ber_str2bv(ap.restrict_lud->lud_dn, 0, 0, &dn);
if (dnNormalize(0, NULL, NULL, &dn, &ndn, NULL)) {
/* cleanup */
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s %s: restrict URI %s DN normalization failed",
c->argv[0], c->argv[1], arg );
rc = ARG_BAD_CONF;
goto done;
}
assert(c->be != NULL);
if (c->be->be_nsuffix == NULL) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s %s: restrict URI requires suffix",
c->argv[0], c->argv[1] );
rc = ARG_BAD_CONF;
goto done;
}
for ( j = 0; !BER_BVISNULL(&c->be->be_nsuffix[j]); j++) {
if (dnIsSuffix(&ndn, &c->be->be_nsuffix[j])) break;
}
if (BER_BVISNULL(&c->be->be_nsuffix[j])) {
/* error */
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s %s: restrict URI DN %s not within database naming context(s)",
c->argv[0], c->argv[1], dn.bv_val );
rc = ARG_BAD_CONF;
goto done;
}
ap.restrict_ndn = ndn;
}
}
if (ap.restrict_lud->lud_filter != NULL) {
ap.restrict_filter = str2filter(ap.restrict_lud->lud_filter);
if (ap.restrict_filter == NULL) {
/* error */
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s %s: restrict URI filter %s invalid",
c->argv[0], c->argv[1], ap.restrict_lud->lud_filter );
rc = ARG_BAD_CONF;
goto done;
}
}
ber_str2bv(c->argv[argidx], 0, 1, &ap.restrict_val);
} else {
/* cleanup */
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s %s: unrecognized arg #%d (%s)",
c->argv[0], c->argv[1], argidx, c->argv[argidx] );
rc = ARG_BAD_CONF;
goto done;
}
}
}
done:;
if ( rc == LDAP_SUCCESS ) {
constraint *a2 = ch_calloc( sizeof(constraint), 1 );
a2->ap_next = on->on_bi.bi_private;
a2->ap = ap.ap;
a2->re = ap.re;
a2->val = ap.val;
a2->lud = ap.lud;
a2->set = ap.set;
a2->size = ap.size;
a2->count = ap.count;
if ( a2->lud ) {
ber_str2bv(a2->lud->lud_dn, 0, 0, &a2->dn);
ber_str2bv(a2->lud->lud_filter, 0, 0, &a2->filter);
}
a2->attrs = ap.attrs;
a2->restrict_lud = ap.restrict_lud;
a2->restrict_ndn = ap.restrict_ndn;
a2->restrict_filter = ap.restrict_filter;
a2->restrict_val = ap.restrict_val;
on->on_bi.bi_private = a2;
} else {
Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
"%s: %s\n", c->log, c->cr_msg, 0 );
constraint_free( &ap, 0 );
}
ldap_memvfree((void**)attrs);
} break;
default:
abort();
break;
}
break;
default:
abort();
}
return rc;
}
static int
collect_cf( ConfigArgs *c )
{
slap_overinst *on = (slap_overinst *)c->bi;
int rc = 1, idx;
switch( c->op ) {
case SLAP_CONFIG_EMIT:
{
collect_info *ci;
for ( ci = on->on_bi.bi_private; ci; ci = ci->ci_next ) {
struct berval bv;
char *ptr;
int len;
/* calculate the length & malloc memory */
bv.bv_len = ci->ci_dn.bv_len + STRLENOF("\"\" ");
for (idx=0; idx<ci->ci_ad_num; idx++) {
bv.bv_len += ci->ci_ad[idx]->ad_cname.bv_len;
if (idx<(ci->ci_ad_num-1)) {
bv.bv_len++;
}
}
bv.bv_val = ch_malloc( bv.bv_len + 1 );
/* copy the value and update len */
len = snprintf( bv.bv_val, bv.bv_len + 1, "\"%s\" ",
ci->ci_dn.bv_val);
ptr = bv.bv_val + len;
for (idx=0; idx<ci->ci_ad_num; idx++) {
ptr = lutil_strncopy( ptr,
ci->ci_ad[idx]->ad_cname.bv_val,
ci->ci_ad[idx]->ad_cname.bv_len);
if (idx<(ci->ci_ad_num-1)) {
*ptr++ = ',';
}
}
*ptr = '\0';
bv.bv_len = ptr - bv.bv_val;
ber_bvarray_add( &c->rvalue_vals, &bv );
rc = 0;
}
}
break;
case LDAP_MOD_DELETE:
if ( c->valx == -1 ) {
/* Delete entire attribute */
collect_info *ci;
while (( ci = on->on_bi.bi_private )) {
on->on_bi.bi_private = ci->ci_next;
ch_free( ci->ci_dn.bv_val );
ch_free( ci );
}
} else {
/* Delete just one value */
collect_info **cip, *ci;
int i;
cip = (collect_info **)&on->on_bi.bi_private;
ci = *cip;
for ( i=0; i < c->valx; i++ ) {
cip = &ci->ci_next;
ci = *cip;
}
*cip = ci->ci_next;
ch_free( ci->ci_dn.bv_val );
ch_free( ci );
}
rc = 0;
break;
case SLAP_CONFIG_ADD:
case LDAP_MOD_ADD:
{
collect_info *ci;
struct berval bv, dn;
const char *text;
int idx, count=0;
char *arg;
/* count delimiters in attribute argument */
arg = strtok(c->argv[2], ",");
while (arg!=NULL) {
count++;
arg = strtok(NULL, ",");
}
/* validate and normalize dn */
ber_str2bv( c->argv[1], 0, 0, &bv );
if ( dnNormalize( 0, NULL, NULL, &bv, &dn, NULL ) ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s invalid DN: \"%s\"",
c->argv[0], c->argv[1] );
Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
"%s: %s\n", c->log, c->cr_msg, 0 );
return ARG_BAD_CONF;
}
/* check for duplicate DNs */
for ( ci = (collect_info *)on->on_bi.bi_private; ci;
ci = ci->ci_next ) {
/* If new DN is longest, there are no possible matches */
if ( dn.bv_len > ci->ci_dn.bv_len ) {
ci = NULL;
break;
}
if ( bvmatch( &dn, &ci->ci_dn )) {
break;
}
}
if ( ci ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s DN already configured: \"%s\"",
c->argv[0], c->argv[1] );
Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
"%s: %s\n", c->log, c->cr_msg, 0 );
return ARG_BAD_CONF;
}
/* allocate config info with room for attribute array */
ci = ch_malloc( sizeof( collect_info ) +
sizeof( AttributeDescription * ) * count );
/* load attribute description for attribute list */
arg = c->argv[2];
for( idx=0; idx<count; idx++) {
ci->ci_ad[idx] = NULL;
if ( slap_str2ad( arg, &ci->ci_ad[idx], &text ) ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s attribute description unknown: \"%s\"",
c->argv[0], arg);
Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
"%s: %s\n", c->log, c->cr_msg, 0 );
ch_free( ci );
return ARG_BAD_CONF;
}
while(*arg!='\0') {
arg++; /* skip to end of argument */
}
if (idx<count-1) {
arg++; /* skip inner delimiters */
}
}
/* The on->on_bi.bi_private pointer can be used for
* anything this instance of the overlay needs.
*/
ci->ci_ad[count] = NULL;
ci->ci_ad_num = count;
ci->ci_dn = dn;
/* creates list of ci's ordered by dn length */
insert_ordered ( on, ci );
/* New ci wasn't simply appended to end, adjust its
* position in the config entry's a_vals
*/
if ( c->ca_entry && ci->ci_next ) {
Attribute *a = attr_find( c->ca_entry->e_attrs,
collectcfg[0].ad );
if ( a ) {
struct berval bv, nbv;
collect_info *c2 = (collect_info *)on->on_bi.bi_private;
int i, j;
for ( i=0; c2 != ci; i++, c2 = c2->ci_next );
bv = a->a_vals[a->a_numvals-1];
nbv = a->a_nvals[a->a_numvals-1];
for ( j=a->a_numvals-1; j>i; j-- ) {
a->a_vals[j] = a->a_vals[j-1];
a->a_nvals[j] = a->a_nvals[j-1];
}
a->a_vals[j] = bv;
a->a_nvals[j] = nbv;
}
}
rc = 0;
}
}
return rc;
}
static int
constraint_violation( constraint *c, struct berval *bv, Operation *op, SlapReply *rs)
{
if ((!c) || (!bv)) return LDAP_SUCCESS;
if ((c->re) &&
(regexec(c->re, bv->bv_val, 0, NULL, 0) == REG_NOMATCH))
return LDAP_CONSTRAINT_VIOLATION; /* regular expression violation */
if ((c->size) && (bv->bv_len > c->size))
return LDAP_CONSTRAINT_VIOLATION; /* size violation */
if (c->lud) {
Operation nop = *op;
slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
slap_callback cb;
SlapReply nrs = { REP_RESULT };
int i;
int found;
int rc;
size_t len;
struct berval filterstr;
char *ptr;
found = 0;
nrs.sr_entry = NULL;
nrs.sr_nentries = 0;
cb.sc_next = NULL;
cb.sc_response = constraint_uri_cb;
cb.sc_cleanup = NULL;
cb.sc_private = &found;
nop.o_protocol = LDAP_VERSION3;
nop.o_tag = LDAP_REQ_SEARCH;
nop.o_time = slap_get_time();
if (c->lud->lud_dn) {
struct berval dn;
ber_str2bv(c->lud->lud_dn, 0, 0, &dn);
nop.o_req_dn = dn;
nop.o_req_ndn = dn;
nop.o_bd = select_backend(&nop.o_req_ndn, 1 );
if (!nop.o_bd) {
return LDAP_NO_SUCH_OBJECT; /* unexpected error */
}
if (!nop.o_bd->be_search) {
return LDAP_OTHER; /* unexpected error */
}
} else {
nop.o_req_dn = nop.o_bd->be_nsuffix[0];
nop.o_req_ndn = nop.o_bd->be_nsuffix[0];
nop.o_bd = on->on_info->oi_origdb;
}
nop.o_do_not_cache = 1;
nop.o_callback = &cb;
nop.ors_scope = c->lud->lud_scope;
nop.ors_deref = LDAP_DEREF_NEVER;
nop.ors_slimit = SLAP_NO_LIMIT;
nop.ors_tlimit = SLAP_NO_LIMIT;
nop.ors_limit = NULL;
nop.ors_attrsonly = 0;
nop.ors_attrs = slap_anlist_no_attrs;
len = STRLENOF("(&(") +
c->filter.bv_len +
STRLENOF(")(|");
for (i = 0; c->attrs[i]; i++) {
len += STRLENOF("(") +
c->attrs[i]->ad_cname.bv_len +
STRLENOF("=") +
bv->bv_len +
STRLENOF(")");
}
len += STRLENOF("))");
filterstr.bv_len = len;
filterstr.bv_val = op->o_tmpalloc(len + 1, op->o_tmpmemctx);
ptr = filterstr.bv_val +
snprintf(filterstr.bv_val, len, "(&(%s)(|", c->lud->lud_filter);
for (i = 0; c->attrs[i]; i++) {
*ptr++ = '(';
ptr = lutil_strcopy( ptr, c->attrs[i]->ad_cname.bv_val );
*ptr++ = '=';
ptr = lutil_strcopy( ptr, bv->bv_val );
*ptr++ = ')';
}
*ptr++ = ')';
*ptr++ = ')';
*ptr++ = '\0';
nop.ors_filterstr = filterstr;
nop.ors_filter = str2filter_x(&nop, filterstr.bv_val);
if ( nop.ors_filter == NULL ) {
Debug( LDAP_DEBUG_ANY,
"%s constraint_violation uri filter=\"%s\" invalid\n",
op->o_log_prefix, filterstr.bv_val, 0 );
rc = LDAP_OTHER;
} else {
Debug(LDAP_DEBUG_TRACE,
"==> constraint_violation uri filter = %s\n",
filterstr.bv_val, 0, 0);
rc = nop.o_bd->be_search( &nop, &nrs );
Debug(LDAP_DEBUG_TRACE,
"==> constraint_violation uri rc = %d, found = %d\n",
rc, found, 0);
}
op->o_tmpfree(filterstr.bv_val, op->o_tmpmemctx);
if ((rc != LDAP_SUCCESS) && (rc != LDAP_NO_SUCH_OBJECT)) {
return rc; /* unexpected error */
}
if (!found)
return LDAP_CONSTRAINT_VIOLATION; /* constraint violation */
}
return LDAP_SUCCESS;
}
static void readhdr(void)
{
char *ptr;
while (fgets(dbuf.mv_data, dbuf.mv_size, stdin) != NULL) {
lineno++;
if (!strncmp(dbuf.mv_data, "VERSION=", STRLENOF("VERSION="))) {
version=atoi((char *)dbuf.mv_data+STRLENOF("VERSION="));
if (version > 3) {
fprintf(stderr, "%s: line %" Z "d: unsupported VERSION %d\n",
prog, lineno, version);
exit(EXIT_FAILURE);
}
} else if (!strncmp(dbuf.mv_data, "HEADER=END", STRLENOF("HEADER=END"))) {
break;
} else if (!strncmp(dbuf.mv_data, "format=", STRLENOF("format="))) {
if (!strncmp((char *)dbuf.mv_data+STRLENOF("FORMAT="), "print", STRLENOF("print")))
mode |= PRINT;
else if (strncmp((char *)dbuf.mv_data+STRLENOF("FORMAT="), "bytevalue", STRLENOF("bytevalue"))) {
fprintf(stderr, "%s: line %" Z "d: unsupported FORMAT %s\n",
prog, lineno, (char *)dbuf.mv_data+STRLENOF("FORMAT="));
exit(EXIT_FAILURE);
}
} else if (!strncmp(dbuf.mv_data, "database=", STRLENOF("database="))) {
ptr = memchr(dbuf.mv_data, '\n', dbuf.mv_size);
if (ptr) *ptr = '\0';
if (subname) free(subname);
subname = strdup((char *)dbuf.mv_data+STRLENOF("database="));
} else if (!strncmp(dbuf.mv_data, "type=", STRLENOF("type="))) {
if (strncmp((char *)dbuf.mv_data+STRLENOF("type="), "btree", STRLENOF("btree"))) {
fprintf(stderr, "%s: line %" Z "d: unsupported type %s\n",
prog, lineno, (char *)dbuf.mv_data+STRLENOF("type="));
exit(EXIT_FAILURE);
}
} else if (!strncmp(dbuf.mv_data, "mapaddr=", STRLENOF("mapaddr="))) {
int i;
ptr = memchr(dbuf.mv_data, '\n', dbuf.mv_size);
if (ptr) *ptr = '\0';
i = sscanf((char *)dbuf.mv_data+STRLENOF("mapaddr="), "%p", &info.me_mapaddr);
if (i != 1) {
fprintf(stderr, "%s: line %" Z "d: invalid mapaddr %s\n",
prog, lineno, (char *)dbuf.mv_data+STRLENOF("mapaddr="));
exit(EXIT_FAILURE);
}
} else if (!strncmp(dbuf.mv_data, "mapsize=", STRLENOF("mapsize="))) {
int i;
ptr = memchr(dbuf.mv_data, '\n', dbuf.mv_size);
if (ptr) *ptr = '\0';
i = sscanf((char *)dbuf.mv_data+STRLENOF("mapsize="), "%" Z "u", &info.me_mapsize);
if (i != 1) {
fprintf(stderr, "%s: line %" Z "d: invalid mapsize %s\n",
prog, lineno, (char *)dbuf.mv_data+STRLENOF("mapsize="));
exit(EXIT_FAILURE);
}
} else if (!strncmp(dbuf.mv_data, "maxreaders=", STRLENOF("maxreaders="))) {
int i;
ptr = memchr(dbuf.mv_data, '\n', dbuf.mv_size);
if (ptr) *ptr = '\0';
i = sscanf((char *)dbuf.mv_data+STRLENOF("maxreaders="), "%u", &info.me_maxreaders);
if (i != 1) {
fprintf(stderr, "%s: line %" Z "d: invalid maxreaders %s\n",
prog, lineno, (char *)dbuf.mv_data+STRLENOF("maxreaders="));
exit(EXIT_FAILURE);
}
} else {
int i;
for (i=0; dbflags[i].bit; i++) {
if (!strncmp(dbuf.mv_data, dbflags[i].name, dbflags[i].len) &&
((char *)dbuf.mv_data)[dbflags[i].len] == '=') {
flags |= dbflags[i].bit;
break;
}
}
if (!dbflags[i].bit) {
ptr = memchr(dbuf.mv_data, '=', dbuf.mv_size);
if (!ptr) {
fprintf(stderr, "%s: line %" Z "d: unexpected format\n",
prog, lineno);
exit(EXIT_FAILURE);
} else {
*ptr = '\0';
fprintf(stderr, "%s: line %" Z "d: unrecognized keyword ignored: %s\n",
prog, lineno, (char *)dbuf.mv_data);
}
}
}
}
}
/*
* returns 1 if suffix is candidate for dn, otherwise 0
*
* Note: this function should never be called if dn is the <suffix>.
*/
int
meta_back_is_candidate(
metatarget_t *mt,
struct berval *ndn,
int scope )
{
struct berval rdn;
int d = ndn->bv_len - mt->mt_nsuffix.bv_len;
if ( d >= 0 ) {
if ( !dnIsSuffix( ndn, &mt->mt_nsuffix ) ) {
return META_NOT_CANDIDATE;
}
/*
* | match | exclude |
* +---------+---------+-------------------+
* | T | T | not candidate |
* | F | T | continue checking |
* +---------+---------+-------------------+
* | T | F | candidate |
* | F | F | not candidate |
* +---------+---------+-------------------+
*/
if ( mt->mt_subtree ) {
int match = ( meta_subtree_match( mt, ndn, scope ) != NULL );
if ( !mt->mt_subtree_exclude ) {
return match ? META_CANDIDATE : META_NOT_CANDIDATE;
}
if ( match /* && mt->mt_subtree_exclude */ ) {
return META_NOT_CANDIDATE;
}
}
switch ( mt->mt_scope ) {
case LDAP_SCOPE_SUBTREE:
default:
return META_CANDIDATE;
case LDAP_SCOPE_SUBORDINATE:
if ( d > 0 ) {
return META_CANDIDATE;
}
break;
/* nearly useless; not allowed by config */
case LDAP_SCOPE_ONELEVEL:
if ( d > 0 ) {
rdn.bv_val = ndn->bv_val;
rdn.bv_len = (ber_len_t)d - STRLENOF( "," );
if ( dnIsOneLevelRDN( &rdn ) ) {
return META_CANDIDATE;
}
}
break;
/* nearly useless; not allowed by config */
case LDAP_SCOPE_BASE:
if ( d == 0 ) {
return META_CANDIDATE;
}
break;
}
} else /* if ( d < 0 ) */ {
if ( !dnIsSuffix( &mt->mt_nsuffix, ndn ) ) {
return META_NOT_CANDIDATE;
}
switch ( scope ) {
case LDAP_SCOPE_SUBTREE:
case LDAP_SCOPE_SUBORDINATE:
/*
* suffix longer than dn, but common part matches
*/
return META_CANDIDATE;
case LDAP_SCOPE_ONELEVEL:
rdn.bv_val = mt->mt_nsuffix.bv_val;
rdn.bv_len = (ber_len_t)(-d) - STRLENOF( "," );
if ( dnIsOneLevelRDN( &rdn ) ) {
return META_CANDIDATE;
}
break;
}
}
return META_NOT_CANDIDATE;
}
static int
ldap_back_int_filter_map_rewrite(
dncookie *dc,
Filter *f,
struct berval *fstr,
int remap,
void *memctx )
{
int i;
Filter *p;
struct berval atmp,
vtmp,
*tmp;
static struct berval
/* better than nothing... */
ber_bvfalse = BER_BVC( "(!(objectClass=*))" ),
ber_bvtf_false = BER_BVC( "(|)" ),
/* better than nothing... */
ber_bvtrue = BER_BVC( "(objectClass=*)" ),
ber_bvtf_true = BER_BVC( "(&)" ),
#if 0
/* no longer needed; preserved for completeness */
ber_bvundefined = BER_BVC( "(?=undefined)" ),
#endif
ber_bverror = BER_BVC( "(?=error)" ),
ber_bvunknown = BER_BVC( "(?=unknown)" ),
ber_bvnone = BER_BVC( "(?=none)" );
ber_len_t len;
assert( fstr != NULL );
BER_BVZERO( fstr );
if ( f == NULL ) {
ber_dupbv_x( fstr, &ber_bvnone, memctx );
return LDAP_OTHER;
}
switch ( ( f->f_choice & SLAPD_FILTER_MASK ) ) {
case LDAP_FILTER_EQUALITY:
if ( map_attr_value( dc, f->f_av_desc, &atmp,
&f->f_av_value, &vtmp, remap, memctx ) )
{
goto computed;
}
fstr->bv_len = atmp.bv_len + vtmp.bv_len
+ ( sizeof("(=)") - 1 );
fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
ber_memfree_x( vtmp.bv_val, memctx );
break;
case LDAP_FILTER_GE:
if ( map_attr_value( dc, f->f_av_desc, &atmp,
&f->f_av_value, &vtmp, remap, memctx ) )
{
goto computed;
}
fstr->bv_len = atmp.bv_len + vtmp.bv_len
+ ( sizeof("(>=)") - 1 );
fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
ber_memfree_x( vtmp.bv_val, memctx );
break;
case LDAP_FILTER_LE:
if ( map_attr_value( dc, f->f_av_desc, &atmp,
&f->f_av_value, &vtmp, remap, memctx ) )
{
goto computed;
}
fstr->bv_len = atmp.bv_len + vtmp.bv_len
+ ( sizeof("(<=)") - 1 );
fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
ber_memfree_x( vtmp.bv_val, memctx );
break;
case LDAP_FILTER_APPROX:
if ( map_attr_value( dc, f->f_av_desc, &atmp,
&f->f_av_value, &vtmp, remap, memctx ) )
{
goto computed;
}
fstr->bv_len = atmp.bv_len + vtmp.bv_len
+ ( sizeof("(~=)") - 1 );
fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
ber_memfree_x( vtmp.bv_val, memctx );
break;
case LDAP_FILTER_SUBSTRINGS:
if ( map_attr_value( dc, f->f_sub_desc, &atmp,
NULL, NULL, remap, memctx ) )
{
goto computed;
}
/* cannot be a DN ... */
fstr->bv_len = atmp.bv_len + ( STRLENOF( "(=*)" ) );
fstr->bv_val = ber_memalloc_x( fstr->bv_len + 128, memctx ); /* FIXME: why 128 ? */
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
atmp.bv_val );
if ( !BER_BVISNULL( &f->f_sub_initial ) ) {
len = fstr->bv_len;
filter_escape_value_x( &f->f_sub_initial, &vtmp, memctx );
fstr->bv_len += vtmp.bv_len;
fstr->bv_val = ber_memrealloc_x( fstr->bv_val, fstr->bv_len + 1, memctx );
snprintf( &fstr->bv_val[len - 2], vtmp.bv_len + 3,
/* "(attr=" */ "%s*)",
vtmp.bv_len ? vtmp.bv_val : "" );
ber_memfree_x( vtmp.bv_val, memctx );
}
if ( f->f_sub_any != NULL ) {
for ( i = 0; !BER_BVISNULL( &f->f_sub_any[i] ); i++ ) {
len = fstr->bv_len;
filter_escape_value_x( &f->f_sub_any[i], &vtmp, memctx );
fstr->bv_len += vtmp.bv_len + 1;
fstr->bv_val = ber_memrealloc_x( fstr->bv_val, fstr->bv_len + 1, memctx );
snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3,
/* "(attr=[init]*[any*]" */ "%s*)",
vtmp.bv_len ? vtmp.bv_val : "" );
ber_memfree_x( vtmp.bv_val, memctx );
}
}
if ( !BER_BVISNULL( &f->f_sub_final ) ) {
len = fstr->bv_len;
filter_escape_value_x( &f->f_sub_final, &vtmp, memctx );
fstr->bv_len += vtmp.bv_len;
fstr->bv_val = ber_memrealloc_x( fstr->bv_val, fstr->bv_len + 1, memctx );
snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3,
/* "(attr=[init*][any*]" */ "%s)",
vtmp.bv_len ? vtmp.bv_val : "" );
ber_memfree_x( vtmp.bv_val, memctx );
}
break;
case LDAP_FILTER_PRESENT:
if ( map_attr_value( dc, f->f_desc, &atmp,
NULL, NULL, remap, memctx ) )
{
goto computed;
}
fstr->bv_len = atmp.bv_len + ( STRLENOF( "(=*)" ) );
fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
atmp.bv_val );
break;
case LDAP_FILTER_AND:
case LDAP_FILTER_OR:
case LDAP_FILTER_NOT:
fstr->bv_len = STRLENOF( "(%)" );
fstr->bv_val = ber_memalloc_x( fstr->bv_len + 128, memctx ); /* FIXME: why 128? */
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%c)",
f->f_choice == LDAP_FILTER_AND ? '&' :
f->f_choice == LDAP_FILTER_OR ? '|' : '!' );
for ( p = f->f_list; p != NULL; p = p->f_next ) {
int rc;
len = fstr->bv_len;
rc = ldap_back_int_filter_map_rewrite( dc, p, &vtmp, remap, memctx );
if ( rc != LDAP_SUCCESS ) {
return rc;
}
fstr->bv_len += vtmp.bv_len;
fstr->bv_val = ber_memrealloc_x( fstr->bv_val, fstr->bv_len + 1, memctx );
snprintf( &fstr->bv_val[len-1], vtmp.bv_len + 2,
/*"("*/ "%s)", vtmp.bv_len ? vtmp.bv_val : "" );
ber_memfree_x( vtmp.bv_val, memctx );
}
break;
case LDAP_FILTER_EXT:
if ( f->f_mr_desc ) {
if ( map_attr_value( dc, f->f_mr_desc, &atmp,
&f->f_mr_value, &vtmp, remap, memctx ) )
{
goto computed;
}
} else {
BER_BVSTR( &atmp, "" );
filter_escape_value_x( &f->f_mr_value, &vtmp, memctx );
}
/* FIXME: cleanup (less ?: operators...) */
fstr->bv_len = atmp.bv_len +
( f->f_mr_dnattrs ? STRLENOF( ":dn" ) : 0 ) +
( !BER_BVISEMPTY( &f->f_mr_rule_text ) ? f->f_mr_rule_text.bv_len + 1 : 0 ) +
vtmp.bv_len + ( STRLENOF( "(:=)" ) );
fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
atmp.bv_val,
f->f_mr_dnattrs ? ":dn" : "",
!BER_BVISEMPTY( &f->f_mr_rule_text ) ? ":" : "",
!BER_BVISEMPTY( &f->f_mr_rule_text ) ? f->f_mr_rule_text.bv_val : "",
vtmp.bv_len ? vtmp.bv_val : "" );
ber_memfree_x( vtmp.bv_val, memctx );
break;
case SLAPD_FILTER_COMPUTED:
switch ( f->f_result ) {
/* FIXME: treat UNDEFINED as FALSE */
case SLAPD_COMPARE_UNDEFINED:
computed:;
if ( META_BACK_TGT_NOUNDEFFILTER( dc->target ) ) {
return LDAP_COMPARE_FALSE;
}
/* fallthru */
case LDAP_COMPARE_FALSE:
if ( META_BACK_TGT_T_F( dc->target ) ) {
tmp = &ber_bvtf_false;
break;
}
tmp = &ber_bvfalse;
break;
case LDAP_COMPARE_TRUE:
if ( META_BACK_TGT_T_F( dc->target ) ) {
tmp = &ber_bvtf_true;
break;
}
tmp = &ber_bvtrue;
break;
default:
tmp = &ber_bverror;
break;
}
ber_dupbv_x( fstr, tmp, memctx );
break;
default:
ber_dupbv_x( fstr, &ber_bvunknown, memctx );
break;
}
return 0;
}
static int
allop_op_search( Operation *op, SlapReply *rs )
{
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
allop_t *ao = (allop_t *)on->on_bi.bi_private;
slap_mask_t mask;
int i,
add_allUser = 0;
if ( ao == NULL ) {
if ( !BER_BVISEMPTY( &op->o_req_ndn )
|| op->ors_scope != LDAP_SCOPE_BASE )
{
return SLAP_CB_CONTINUE;
}
} else {
if ( !dnIsSuffix( &op->o_req_ndn, &ao->ao_ndn ) ) {
return SLAP_CB_CONTINUE;
}
switch ( ao->ao_scope ) {
case LDAP_SCOPE_BASE:
if ( op->o_req_ndn.bv_len != ao->ao_ndn.bv_len ) {
return SLAP_CB_CONTINUE;
}
break;
case LDAP_SCOPE_ONELEVEL:
if ( op->ors_scope == LDAP_SCOPE_BASE ) {
struct berval rdn = op->o_req_ndn;
rdn.bv_len -= ao->ao_ndn.bv_len + STRLENOF( "," );
if ( !dnIsOneLevelRDN( &rdn ) ) {
return SLAP_CB_CONTINUE;
}
break;
}
return SLAP_CB_CONTINUE;
case LDAP_SCOPE_SUBTREE:
break;
}
}
mask = slap_attr_flags( op->ors_attrs );
if ( SLAP_OPATTRS( mask ) ) {
return SLAP_CB_CONTINUE;
}
if ( !SLAP_USERATTRS( mask ) ) {
return SLAP_CB_CONTINUE;
}
i = 0;
if ( op->ors_attrs == NULL ) {
add_allUser = 1;
} else {
for ( ; !BER_BVISNULL( &op->ors_attrs[ i ].an_name ); i++ )
;
}
op->ors_attrs = op->o_tmprealloc( op->ors_attrs,
sizeof( AttributeName ) * ( i + add_allUser + 2 ),
op->o_tmpmemctx );
if ( add_allUser ) {
op->ors_attrs[ i ] = slap_anlist_all_user_attributes[ 0 ];
i++;
}
op->ors_attrs[ i ] = slap_anlist_all_operational_attributes[ 0 ];
BER_BVZERO( &op->ors_attrs[ i + 1 ].an_name );
return SLAP_CB_CONTINUE;
}
BerElement *
ldap_build_search_req(
LDAP *ld,
LDAP_CONST char *base,
ber_int_t scope,
LDAP_CONST char *filter,
char **attrs,
ber_int_t attrsonly,
LDAPControl **sctrls,
LDAPControl **cctrls,
ber_int_t timelimit,
ber_int_t sizelimit,
ber_int_t deref,
ber_int_t *idp)
{
BerElement *ber;
int err;
/*
* Create the search request. It looks like this:
* SearchRequest := [APPLICATION 3] SEQUENCE {
* baseObject DistinguishedName,
* scope ENUMERATED {
* baseObject (0),
* singleLevel (1),
* wholeSubtree (2)
* },
* derefAliases ENUMERATED {
* neverDerefaliases (0),
* derefInSearching (1),
* derefFindingBaseObj (2),
* alwaysDerefAliases (3)
* },
* sizelimit INTEGER (0 .. 65535),
* timelimit INTEGER (0 .. 65535),
* attrsOnly BOOLEAN,
* filter Filter,
* attributes SEQUENCE OF AttributeType
* }
* wrapped in an ldap message.
*/
/* create a message to send */
if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
return( NULL );
}
if ( base == NULL ) {
/* no base provided, use session default base */
base = ld->ld_options.ldo_defbase;
if ( base == NULL ) {
/* no session default base, use top */
base = "";
}
}
LDAP_NEXT_MSGID( ld, *idp );
#ifdef LDAP_CONNECTIONLESS
if ( LDAP_IS_UDP(ld) ) {
struct sockaddr_storage sa = {0};
/* dummy, filled with ldo_peer in request.c */
err = ber_write( ber, (char *) &sa, sizeof( sa ), 0 );
}
if ( LDAP_IS_UDP(ld) && ld->ld_options.ldo_version == LDAP_VERSION2) {
char *dn = ld->ld_options.ldo_cldapdn;
if (!dn) dn = "";
err = ber_printf( ber, "{ist{seeiib", *idp, dn,
LDAP_REQ_SEARCH, base, (ber_int_t) scope,
(deref < 0) ? ld->ld_deref : deref,
(sizelimit < 0) ? ld->ld_sizelimit : sizelimit,
(timelimit < 0) ? ld->ld_timelimit : timelimit,
attrsonly );
} else
#endif
{
err = ber_printf( ber, "{it{seeiib", *idp,
LDAP_REQ_SEARCH, base, (ber_int_t) scope,
(deref < 0) ? ld->ld_deref : deref,
(sizelimit < 0) ? ld->ld_sizelimit : sizelimit,
(timelimit < 0) ? ld->ld_timelimit : timelimit,
attrsonly );
}
if ( err == -1 ) {
ld->ld_errno = LDAP_ENCODING_ERROR;
ber_free( ber, 1 );
return( NULL );
}
if( filter == NULL ) {
filter = "(objectclass=*)";
}
err = ldap_pvt_put_filter( ber, filter );
if ( err == -1 ) {
ld->ld_errno = LDAP_FILTER_ERROR;
ber_free( ber, 1 );
return( NULL );
}
#ifdef LDAP_DEBUG
if ( ldap_debug & LDAP_DEBUG_ARGS ) {
char buf[ BUFSIZ ], *ptr = " *";
if ( attrs != NULL ) {
int i, len, rest = sizeof( buf );
for ( i = 0; attrs[ i ] != NULL && rest > 0; i++ ) {
ptr = &buf[ sizeof( buf ) - rest ];
len = snprintf( ptr, rest, " %s", attrs[ i ] );
rest -= (len >= 0 ? len : (int) sizeof( buf ));
}
if ( rest <= 0 ) {
AC_MEMCPY( &buf[ sizeof( buf ) - STRLENOF( "...(truncated)" ) - 1 ],
"...(truncated)", STRLENOF( "...(truncated)" ) + 1 );
}
ptr = buf;
}
Debug( LDAP_DEBUG_ARGS, "ldap_build_search_req ATTRS:%s\n", ptr, 0,0 );
}
#endif /* LDAP_DEBUG */
if ( ber_printf( ber, /*{*/ "{v}N}", attrs ) == -1 ) {
ld->ld_errno = LDAP_ENCODING_ERROR;
ber_free( ber, 1 );
return( NULL );
}
/* Put Server Controls */
if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
ber_free( ber, 1 );
return( NULL );
}
if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
ld->ld_errno = LDAP_ENCODING_ERROR;
ber_free( ber, 1 );
return( NULL );
}
return( ber );
}
static int readline(MDBX_val *out, MDBX_val *buf) {
unsigned char *c1, *c2, *end;
size_t len, l2;
int c;
if (!(mode & NOHDR)) {
c = fgetc(stdin);
if (c == EOF) {
Eof = 1;
return EOF;
}
if (c != ' ') {
lineno++;
if (fgets(buf->iov_base, (int)buf->iov_len, stdin) == NULL) {
badend:
Eof = 1;
badend();
return EOF;
}
if (c == 'D' && !strncmp(buf->iov_base, "ATA=END", STRLENOF("ATA=END")))
return EOF;
goto badend;
}
}
if (fgets(buf->iov_base, (int)buf->iov_len, stdin) == NULL) {
Eof = 1;
return EOF;
}
lineno++;
c1 = buf->iov_base;
len = strlen((char *)c1);
l2 = len;
/* Is buffer too short? */
while (c1[len - 1] != '\n') {
buf->iov_base = mdbx_realloc(buf->iov_base, buf->iov_len * 2);
if (!buf->iov_base) {
Eof = 1;
fprintf(stderr, "%s: line %" PRIiSIZE ": out of memory, line too long\n",
prog, lineno);
return EOF;
}
c1 = buf->iov_base;
c1 += l2;
if (fgets((char *)c1, (int)buf->iov_len + 1, stdin) == NULL) {
Eof = 1;
badend();
return EOF;
}
buf->iov_len *= 2;
len = strlen((char *)c1);
l2 += len;
}
c1 = c2 = buf->iov_base;
len = l2;
c1[--len] = '\0';
end = c1 + len;
if (mode & PRINT) {
while (c2 < end) {
if (*c2 == '\\') {
if (c2[1] == '\\') {
c1++;
c2 += 2;
} else {
if (c2 + 3 > end || !isxdigit(c2[1]) || !isxdigit(c2[2])) {
Eof = 1;
badend();
return EOF;
}
*c1++ = (char)unhex(++c2);
c2 += 2;
}
} else {
/* copies are redundant when no escapes were used */
*c1++ = *c2++;
}
}
} else {
/* odd length not allowed */
if (len & 1) {
Eof = 1;
badend();
return EOF;
}
while (c2 < end) {
if (!isxdigit(*c2) || !isxdigit(c2[1])) {
Eof = 1;
badend();
return EOF;
}
*c1++ = (char)unhex(c2);
c2 += 2;
}
}
c2 = out->iov_base = buf->iov_base;
out->iov_len = c1 - c2;
return 0;
}
int
limits_parse_one(
const char *arg,
struct slap_limits_set *limit
)
{
assert( arg != NULL );
assert( limit != NULL );
if ( STRSTART( arg, "time" ) ) {
arg += STRLENOF( "time" );
if ( arg[0] == '.' ) {
arg++;
if ( STRSTART( arg, "soft=" ) ) {
arg += STRLENOF( "soft=" );
if ( strcasecmp( arg, "unlimited" ) == 0
|| strcasecmp( arg, "none" ) == 0 )
{
limit->lms_t_soft = -1;
} else {
int soft;
if ( lutil_atoi( &soft, arg ) != 0 || soft < -1 ) {
return( 1 );
}
if ( soft == -1 ) {
/* FIXME: use "unlimited" instead; issue warning? */
}
limit->lms_t_soft = soft;
}
} else if ( STRSTART( arg, "hard=" ) ) {
arg += STRLENOF( "hard=" );
if ( strcasecmp( arg, "soft" ) == 0 ) {
limit->lms_t_hard = 0;
} else if ( strcasecmp( arg, "unlimited" ) == 0
|| strcasecmp( arg, "none" ) == 0 )
{
limit->lms_t_hard = -1;
} else {
int hard;
if ( lutil_atoi( &hard, arg ) != 0 || hard < -1 ) {
return( 1 );
}
if ( hard == -1 ) {
/* FIXME: use "unlimited" instead */
}
if ( hard == 0 ) {
/* FIXME: use "soft" instead */
}
limit->lms_t_hard = hard;
}
} else {
return( 1 );
}
} else if ( arg[0] == '=' ) {
arg++;
if ( strcasecmp( arg, "unlimited" ) == 0
|| strcasecmp( arg, "none" ) == 0 )
{
limit->lms_t_soft = -1;
} else {
if ( lutil_atoi( &limit->lms_t_soft, arg ) != 0
|| limit->lms_t_soft < -1 )
{
return( 1 );
}
}
limit->lms_t_hard = 0;
} else {
return( 1 );
}
} else if ( STRSTART( arg, "size" ) ) {
arg += STRLENOF( "size" );
if ( arg[0] == '.' ) {
arg++;
if ( STRSTART( arg, "soft=" ) ) {
arg += STRLENOF( "soft=" );
if ( strcasecmp( arg, "unlimited" ) == 0
|| strcasecmp( arg, "none" ) == 0 )
{
limit->lms_s_soft = -1;
} else {
int soft;
if ( lutil_atoi( &soft, arg ) != 0 || soft < -1 ) {
return( 1 );
}
if ( soft == -1 ) {
/* FIXME: use "unlimited" instead */
}
limit->lms_s_soft = soft;
}
} else if ( STRSTART( arg, "hard=" ) ) {
arg += STRLENOF( "hard=" );
if ( strcasecmp( arg, "soft" ) == 0 ) {
limit->lms_s_hard = 0;
} else if ( strcasecmp( arg, "unlimited" ) == 0
|| strcasecmp( arg, "none" ) == 0 )
{
limit->lms_s_hard = -1;
} else {
int hard;
if ( lutil_atoi( &hard, arg ) != 0 || hard < -1 ) {
return( 1 );
}
if ( hard == -1 ) {
/* FIXME: use "unlimited" instead */
}
if ( hard == 0 ) {
/* FIXME: use "soft" instead */
}
limit->lms_s_hard = hard;
}
} else if ( STRSTART( arg, "unchecked=" ) ) {
arg += STRLENOF( "unchecked=" );
if ( strcasecmp( arg, "unlimited" ) == 0
|| strcasecmp( arg, "none" ) == 0 )
{
limit->lms_s_unchecked = -1;
} else if ( strcasecmp( arg, "disabled" ) == 0 ) {
limit->lms_s_unchecked = 0;
} else {
int unchecked;
if ( lutil_atoi( &unchecked, arg ) != 0 || unchecked < -1 ) {
return( 1 );
}
if ( unchecked == -1 ) {
/* FIXME: use "unlimited" instead */
}
limit->lms_s_unchecked = unchecked;
}
} else if ( STRSTART( arg, "pr=" ) ) {
arg += STRLENOF( "pr=" );
if ( strcasecmp( arg, "noEstimate" ) == 0 ) {
limit->lms_s_pr_hide = 1;
} else if ( strcasecmp( arg, "unlimited" ) == 0
|| strcasecmp( arg, "none" ) == 0 )
{
limit->lms_s_pr = -1;
} else {
int pr;
if ( lutil_atoi( &pr, arg ) != 0 || pr < -1 ) {
return( 1 );
}
if ( pr == -1 ) {
/* FIXME: use "unlimited" instead */
}
limit->lms_s_pr = pr;
}
} else if ( STRSTART( arg, "prtotal=" ) ) {
arg += STRLENOF( "prtotal=" );
if ( strcasecmp( arg, "unlimited" ) == 0
|| strcasecmp( arg, "none" ) == 0 )
{
limit->lms_s_pr_total = -1;
} else if ( strcasecmp( arg, "disabled" ) == 0 ) {
limit->lms_s_pr_total = -2;
} else if ( strcasecmp( arg, "hard" ) == 0 ) {
limit->lms_s_pr_total = 0;
} else {
int total;
if ( lutil_atoi( &total, arg ) != 0 || total < -1 ) {
return( 1 );
}
if ( total == -1 ) {
/* FIXME: use "unlimited" instead */
}
if ( total == 0 ) {
/* FIXME: use "pr=disable" instead */
}
limit->lms_s_pr_total = total;
}
} else {
return( 1 );
}
} else if ( arg[0] == '=' ) {
arg++;
if ( strcasecmp( arg, "unlimited" ) == 0
|| strcasecmp( arg, "none" ) == 0 )
{
limit->lms_s_soft = -1;
} else {
if ( lutil_atoi( &limit->lms_s_soft, arg ) != 0
|| limit->lms_s_soft < -1 )
{
return( 1 );
}
}
limit->lms_s_hard = 0;
} else {
return( 1 );
}
}
return 0;
}
static void readhdr(void) {
char *ptr;
dbi_flags = 0;
while (fgets(dbuf.iov_base, (int)dbuf.iov_len, stdin) != NULL) {
lineno++;
if (!strncmp(dbuf.iov_base, "db_pagesize=", STRLENOF("db_pagesize=")) ||
!strncmp(dbuf.iov_base, "duplicates=", STRLENOF("duplicates="))) {
/* LY: silently ignore information fields. */
continue;
} else if (!strncmp(dbuf.iov_base, "VERSION=", STRLENOF("VERSION="))) {
version = atoi((char *)dbuf.iov_base + STRLENOF("VERSION="));
if (version > 3) {
fprintf(stderr, "%s: line %" PRIiSIZE ": unsupported VERSION %d\n",
prog, lineno, version);
exit(EXIT_FAILURE);
}
} else if (!strncmp(dbuf.iov_base, "HEADER=END", STRLENOF("HEADER=END"))) {
break;
} else if (!strncmp(dbuf.iov_base, "format=", STRLENOF("format="))) {
if (!strncmp((char *)dbuf.iov_base + STRLENOF("FORMAT="), "print",
STRLENOF("print")))
mode |= PRINT;
else if (strncmp((char *)dbuf.iov_base + STRLENOF("FORMAT="), "bytevalue",
STRLENOF("bytevalue"))) {
fprintf(stderr, "%s: line %" PRIiSIZE ": unsupported FORMAT %s\n", prog,
lineno, (char *)dbuf.iov_base + STRLENOF("FORMAT="));
exit(EXIT_FAILURE);
}
} else if (!strncmp(dbuf.iov_base, "database=", STRLENOF("database="))) {
ptr = memchr(dbuf.iov_base, '\n', dbuf.iov_len);
if (ptr)
*ptr = '\0';
if (subname)
mdbx_free(subname);
subname = mdbx_strdup((char *)dbuf.iov_base + STRLENOF("database="));
} else if (!strncmp(dbuf.iov_base, "type=", STRLENOF("type="))) {
if (strncmp((char *)dbuf.iov_base + STRLENOF("type="), "btree",
STRLENOF("btree"))) {
fprintf(stderr, "%s: line %" PRIiSIZE ": unsupported type %s\n", prog,
lineno, (char *)dbuf.iov_base + STRLENOF("type="));
exit(EXIT_FAILURE);
}
} else if (!strncmp(dbuf.iov_base, "mapaddr=", STRLENOF("mapaddr="))) {
int i;
ptr = memchr(dbuf.iov_base, '\n', dbuf.iov_len);
if (ptr)
*ptr = '\0';
void *unused;
i = sscanf((char *)dbuf.iov_base + STRLENOF("mapaddr="), "%p", &unused);
if (i != 1) {
fprintf(stderr, "%s: line %" PRIiSIZE ": invalid mapaddr %s\n", prog,
lineno, (char *)dbuf.iov_base + STRLENOF("mapaddr="));
exit(EXIT_FAILURE);
}
} else if (!strncmp(dbuf.iov_base, "mapsize=", STRLENOF("mapsize="))) {
int i;
ptr = memchr(dbuf.iov_base, '\n', dbuf.iov_len);
if (ptr)
*ptr = '\0';
i = sscanf((char *)dbuf.iov_base + STRLENOF("mapsize="), "%" PRIu64,
&envinfo.mi_mapsize);
if (i != 1) {
fprintf(stderr, "%s: line %" PRIiSIZE ": invalid mapsize %s\n", prog,
lineno, (char *)dbuf.iov_base + STRLENOF("mapsize="));
exit(EXIT_FAILURE);
}
} else if (!strncmp(dbuf.iov_base,
"maxreaders=", STRLENOF("maxreaders="))) {
int i;
ptr = memchr(dbuf.iov_base, '\n', dbuf.iov_len);
if (ptr)
*ptr = '\0';
i = sscanf((char *)dbuf.iov_base + STRLENOF("maxreaders="), "%u",
&envinfo.mi_maxreaders);
if (i != 1) {
fprintf(stderr, "%s: line %" PRIiSIZE ": invalid maxreaders %s\n", prog,
lineno, (char *)dbuf.iov_base + STRLENOF("maxreaders="));
exit(EXIT_FAILURE);
}
} else {
int i;
for (i = 0; dbflags[i].bit; i++) {
if (!strncmp(dbuf.iov_base, dbflags[i].name, dbflags[i].len) &&
((char *)dbuf.iov_base)[dbflags[i].len] == '=') {
if (((char *)dbuf.iov_base)[dbflags[i].len + 1] == '1')
dbi_flags |= dbflags[i].bit;
break;
}
}
if (!dbflags[i].bit) {
ptr = memchr(dbuf.iov_base, '=', dbuf.iov_len);
if (!ptr) {
fprintf(stderr, "%s: line %" PRIiSIZE ": unexpected format\n", prog,
lineno);
exit(EXIT_FAILURE);
} else {
*ptr = '\0';
fprintf(stderr,
"%s: line %" PRIiSIZE ": unrecognized keyword ignored: %s\n",
prog, lineno, (char *)dbuf.iov_base);
}
}
}
}
}
static int
rwm_int_filter_map_rewrite(
Operation *op,
dncookie *dc,
Filter *f,
struct berval *fstr )
{
int i;
Filter *p;
AttributeDescription *ad;
struct berval atmp,
vtmp,
*tmp;
static struct berval
/* better than nothing... */
ber_bvfalse = BER_BVC( "(!(objectClass=*))" ),
ber_bvtf_false = BER_BVC( "(|)" ),
/* better than nothing... */
ber_bvtrue = BER_BVC( "(objectClass=*)" ),
ber_bvtf_true = BER_BVC( "(&)" ),
#if 0
/* no longer needed; preserved for completeness */
ber_bvundefined = BER_BVC( "(?=undefined)" ),
#endif
ber_bverror = BER_BVC( "(?=error)" ),
ber_bvunknown = BER_BVC( "(?=unknown)" ),
ber_bvnone = BER_BVC( "(?=none)" );
ber_len_t len;
assert( fstr != NULL );
BER_BVZERO( fstr );
if ( f == NULL ) {
ber_dupbv_x( fstr, &ber_bvnone, op->o_tmpmemctx );
return LDAP_OTHER;
}
#if 0
/* ITS#6814: give the caller a chance to use undefined filters */
if ( f->f_choice & SLAPD_FILTER_UNDEFINED ) {
goto computed;
}
#endif
switch ( f->f_choice & SLAPD_FILTER_MASK ) {
case LDAP_FILTER_EQUALITY:
ad = f->f_av_desc;
if ( map_attr_value( dc, &ad, &atmp,
&f->f_av_value, &vtmp, RWM_MAP, op->o_tmpmemctx ) )
{
goto computed;
}
fstr->bv_len = atmp.bv_len + vtmp.bv_len + STRLENOF( "(=)" );
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
op->o_tmpfree( vtmp.bv_val, op->o_tmpmemctx );
break;
case LDAP_FILTER_GE:
ad = f->f_av_desc;
if ( map_attr_value( dc, &ad, &atmp,
&f->f_av_value, &vtmp, RWM_MAP, op->o_tmpmemctx ) )
{
goto computed;
}
fstr->bv_len = atmp.bv_len + vtmp.bv_len + STRLENOF( "(>=)" );
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
op->o_tmpfree( vtmp.bv_val, op->o_tmpmemctx );
break;
case LDAP_FILTER_LE:
ad = f->f_av_desc;
if ( map_attr_value( dc, &ad, &atmp,
&f->f_av_value, &vtmp, RWM_MAP, op->o_tmpmemctx ) )
{
goto computed;
}
fstr->bv_len = atmp.bv_len + vtmp.bv_len + STRLENOF( "(<=)" );
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
op->o_tmpfree( vtmp.bv_val, op->o_tmpmemctx );
break;
case LDAP_FILTER_APPROX:
ad = f->f_av_desc;
if ( map_attr_value( dc, &ad, &atmp,
&f->f_av_value, &vtmp, RWM_MAP, op->o_tmpmemctx ) )
{
goto computed;
}
fstr->bv_len = atmp.bv_len + vtmp.bv_len + STRLENOF( "(~=)" );
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
op->o_tmpfree( vtmp.bv_val, op->o_tmpmemctx );
break;
case LDAP_FILTER_SUBSTRINGS:
ad = f->f_sub_desc;
if ( map_attr_value( dc, &ad, &atmp,
NULL, NULL, RWM_MAP, op->o_tmpmemctx ) )
{
goto computed;
}
/* cannot be a DN ... */
fstr->bv_len = atmp.bv_len + STRLENOF( "(=*)" );
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
atmp.bv_val );
if ( !BER_BVISNULL( &f->f_sub_initial ) ) {
len = fstr->bv_len;
filter_escape_value_x( &f->f_sub_initial, &vtmp, op->o_tmpmemctx );
fstr->bv_len += vtmp.bv_len;
fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1,
op->o_tmpmemctx );
snprintf( &fstr->bv_val[len - 2], vtmp.bv_len + 3,
/* "(attr=" */ "%s*)",
vtmp.bv_len ? vtmp.bv_val : "" );
op->o_tmpfree( vtmp.bv_val, op->o_tmpmemctx );
}
if ( f->f_sub_any != NULL ) {
for ( i = 0; !BER_BVISNULL( &f->f_sub_any[i] ); i++ ) {
len = fstr->bv_len;
filter_escape_value_x( &f->f_sub_any[i], &vtmp,
op->o_tmpmemctx );
fstr->bv_len += vtmp.bv_len + 1;
fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1,
op->o_tmpmemctx );
snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3,
/* "(attr=[init]*[any*]" */ "%s*)",
vtmp.bv_len ? vtmp.bv_val : "" );
op->o_tmpfree( vtmp.bv_val, op->o_tmpmemctx );
}
}
if ( !BER_BVISNULL( &f->f_sub_final ) ) {
len = fstr->bv_len;
filter_escape_value_x( &f->f_sub_final, &vtmp, op->o_tmpmemctx );
fstr->bv_len += vtmp.bv_len;
fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1,
op->o_tmpmemctx );
snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3,
/* "(attr=[init*][any*]" */ "%s)",
vtmp.bv_len ? vtmp.bv_val : "" );
op->o_tmpfree( vtmp.bv_val, op->o_tmpmemctx );
}
break;
case LDAP_FILTER_PRESENT:
ad = f->f_desc;
if ( map_attr_value( dc, &ad, &atmp,
NULL, NULL, RWM_MAP, op->o_tmpmemctx ) )
{
goto computed;
}
fstr->bv_len = atmp.bv_len + STRLENOF( "(=*)" );
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
atmp.bv_val );
break;
case LDAP_FILTER_AND:
case LDAP_FILTER_OR:
case LDAP_FILTER_NOT:
fstr->bv_len = STRLENOF( "(%)" );
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%c)",
f->f_choice == LDAP_FILTER_AND ? '&' :
f->f_choice == LDAP_FILTER_OR ? '|' : '!' );
for ( p = f->f_list; p != NULL; p = p->f_next ) {
int rc;
len = fstr->bv_len;
rc = rwm_int_filter_map_rewrite( op, dc, p, &vtmp );
if ( rc != LDAP_SUCCESS ) {
return rc;
}
fstr->bv_len += vtmp.bv_len;
fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1,
op->o_tmpmemctx );
snprintf( &fstr->bv_val[len-1], vtmp.bv_len + 2,
/*"("*/ "%s)", vtmp.bv_len ? vtmp.bv_val : "" );
op->o_tmpfree( vtmp.bv_val, op->o_tmpmemctx );
}
break;
case LDAP_FILTER_EXT: {
if ( f->f_mr_desc ) {
ad = f->f_mr_desc;
if ( map_attr_value( dc, &ad, &atmp,
&f->f_mr_value, &vtmp, RWM_MAP, op->o_tmpmemctx ) )
{
goto computed;
}
} else {
BER_BVSTR( &atmp, "" );
filter_escape_value_x( &f->f_mr_value, &vtmp, op->o_tmpmemctx );
}
fstr->bv_len = atmp.bv_len +
( f->f_mr_dnattrs ? STRLENOF( ":dn" ) : 0 ) +
( f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_len + 1 : 0 ) +
vtmp.bv_len + STRLENOF( "(:=)" );
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
atmp.bv_val,
f->f_mr_dnattrs ? ":dn" : "",
!BER_BVISEMPTY( &f->f_mr_rule_text ) ? ":" : "",
!BER_BVISEMPTY( &f->f_mr_rule_text ) ? f->f_mr_rule_text.bv_val : "",
vtmp.bv_len ? vtmp.bv_val : "" );
op->o_tmpfree( vtmp.bv_val, op->o_tmpmemctx );
break;
}
case -1:
computed:;
filter_free_x( op, f, 0 );
f->f_choice = SLAPD_FILTER_COMPUTED;
f->f_result = SLAPD_COMPARE_UNDEFINED;
/* fallthru */
case SLAPD_FILTER_COMPUTED:
switch ( f->f_result ) {
case LDAP_COMPARE_FALSE:
/* FIXME: treat UNDEFINED as FALSE */
case SLAPD_COMPARE_UNDEFINED:
if ( dc->rwmap->rwm_flags & RWM_F_SUPPORT_T_F ) {
tmp = &ber_bvtf_false;
break;
}
tmp = &ber_bvfalse;
break;
case LDAP_COMPARE_TRUE:
if ( dc->rwmap->rwm_flags & RWM_F_SUPPORT_T_F ) {
tmp = &ber_bvtf_true;
break;
}
tmp = &ber_bvtrue;
break;
default:
tmp = &ber_bverror;
break;
}
ber_dupbv_x( fstr, tmp, op->o_tmpmemctx );
break;
default:
ber_dupbv_x( fstr, &ber_bvunknown, op->o_tmpmemctx );
break;
}
return LDAP_SUCCESS;
}
int
str2result(
char *s,
int *code,
char **matched,
char **info )
{
int rc;
char *c;
*code = LDAP_SUCCESS;
*matched = NULL;
*info = NULL;
if ( strncasecmp( s, "RESULT", STRLENOF( "RESULT" ) ) != 0 ) {
Debug( LDAP_DEBUG_ANY, "str2result (%s) expecting \"RESULT\"\n",
s );
return( -1 );
}
rc = 0;
while ( (s = strchr( s, '\n' )) != NULL ) {
*s++ = '\0';
if ( *s == '\0' ) {
break;
}
if ( (c = strchr( s, ':' )) != NULL ) {
c++;
}
if ( strncasecmp( s, "code", STRLENOF( "code" ) ) == 0 ) {
char *next = NULL;
long retcode;
if ( c == NULL ) {
Debug( LDAP_DEBUG_ANY, "str2result (%s) missing value\n",
s );
rc = -1;
continue;
}
while ( isspace( (unsigned char) c[ 0 ] ) ) c++;
if ( c[ 0 ] == '\0' ) {
Debug( LDAP_DEBUG_ANY, "str2result (%s) missing or empty value\n",
s );
rc = -1;
continue;
}
retcode = strtol( c, &next, 10 );
if ( next == NULL || next == c ) {
Debug( LDAP_DEBUG_ANY, "str2result (%s) unable to parse value\n",
s );
rc = -1;
continue;
}
while ( isspace( (unsigned char) next[ 0 ] ) && next[ 0 ] != '\n' )
next++;
if ( next[ 0 ] != '\0' && next[ 0 ] != '\n' ) {
Debug( LDAP_DEBUG_ANY, "str2result (%s) extra cruft after value\n",
s );
rc = -1;
continue;
}
/* FIXME: what if it's larger than max int? */
*code = (int)retcode;
} else if ( strncasecmp( s, "matched", STRLENOF( "matched" ) ) == 0 ) {
if ( c != NULL ) {
*matched = c;
}
} else if ( strncasecmp( s, "info", STRLENOF( "info" ) ) == 0 ) {
if ( c != NULL ) {
*info = c;
}
} else {
Debug( LDAP_DEBUG_ANY, "str2result (%s) unknown\n",
s );
rc = -1;
}
}
return( rc );
}
