/*
* If the entry exists in cache, it is returned in locked status;
* otherwise, if the parent exists, if it may generate volatile
* descendants an attempt to generate the required entry is
* performed and, if successful, the entry is returned
*/
int
monitor_cache_dn2entry(
Operation *op,
SlapReply *rs,
struct berval *ndn,
Entry **ep,
Entry **matched )
{
monitor_info_t *mi = (monitor_info_t *)op->o_bd->be_private;
int rc;
struct berval p_ndn = BER_BVNULL;
Entry *e_parent;
monitor_entry_t *mp;
assert( mi != NULL );
assert( ndn != NULL );
assert( ep != NULL );
assert( matched != NULL );
*matched = NULL;
if ( !dnIsSuffix( ndn, &op->o_bd->be_nsuffix[ 0 ] ) ) {
return( -1 );
}
rc = monitor_cache_get( mi, ndn, ep );
if ( !rc && *ep != NULL ) {
return( 0 );
}
/* try with parent/ancestors */
if ( BER_BVISNULL( ndn ) ) {
BER_BVSTR( &p_ndn, "" );
} else {
dnParent( ndn, &p_ndn );
}
rc = monitor_cache_dn2entry( op, rs, &p_ndn, &e_parent, matched );
if ( rc || e_parent == NULL ) {
return( -1 );
}
mp = ( monitor_entry_t * )e_parent->e_private;
rc = -1;
if ( mp->mp_flags & MONITOR_F_VOLATILE_CH ) {
/* parent entry generates volatile children */
rc = monitor_entry_create( op, rs, ndn, e_parent, ep );
}
if ( !rc ) {
monitor_cache_lock( *ep );
monitor_cache_release( mi, e_parent );
} else {
*matched = e_parent;
}
return( rc );
}
int
monitor_back_modify( Operation *op, SlapReply *rs )
{
int rc = 0;
monitor_info_t *mi = ( monitor_info_t * )op->o_bd->be_private;
Entry *matched;
Entry *e;
Debug(LDAP_DEBUG_ARGS, "monitor_back_modify:\n", 0, 0, 0);
/* acquire and lock entry */
monitor_cache_dn2entry( op, rs, &op->o_req_ndn, &e, &matched );
if ( e == NULL ) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
if ( matched ) {
if ( !access_allowed_mask( op, matched,
slap_schema.si_ad_entry,
NULL, ACL_DISCLOSE, NULL, NULL ) )
{
/* do nothing */ ;
} else {
rs->sr_matched = matched->e_dn;
}
}
send_ldap_result( op, rs );
if ( matched != NULL ) {
rs->sr_matched = NULL;
monitor_cache_release( mi, matched );
}
return rs->sr_err;
}
if ( !acl_check_modlist( op, e, op->orm_modlist )) {
rc = LDAP_INSUFFICIENT_ACCESS;
} else {
assert( !SLAP_SHADOW( op->o_bd ) );
slap_mods_opattrs( op, &op->orm_modlist, 0 );
rc = monitor_entry_modify( op, rs, e );
}
if ( rc != LDAP_SUCCESS ) {
if ( !access_allowed_mask( op, e, slap_schema.si_ad_entry,
NULL, ACL_DISCLOSE, NULL, NULL ) )
{
rc = LDAP_NO_SUCH_OBJECT;
}
}
rs->sr_err = rc;
send_ldap_result( op, rs );
monitor_cache_release( mi, e );
return rs->sr_err;
}
int
monitor_back_compare( Operation *op, SlapReply *rs )
{
monitor_info_t *mi = ( monitor_info_t * ) op->o_bd->be_private;
Entry *e, *matched = NULL;
int rc;
/* get entry with reader lock */
monitor_cache_dn2entry( op, rs, &op->o_req_ndn, &e, &matched );
if ( e == NULL ) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
if ( matched ) {
if ( !access_allowed_mask( op, matched,
slap_schema.si_ad_entry,
NULL, ACL_DISCLOSE, NULL, NULL ) )
{
/* do nothing */ ;
} else {
rs->sr_matched = matched->e_dn;
}
}
send_ldap_result( op, rs );
if ( matched ) {
monitor_cache_release( mi, matched );
rs->sr_matched = NULL;
}
return rs->sr_err;
}
monitor_entry_update( op, rs, e );
rs->sr_err = slap_compare_entry( op, e, op->orc_ava );
rc = rs->sr_err;
switch ( rc ) {
case LDAP_COMPARE_FALSE:
case LDAP_COMPARE_TRUE:
rc = LDAP_SUCCESS;
break;
}
send_ldap_result( op, rs );
rs->sr_err = rc;
monitor_cache_release( mi, e );
return rs->sr_err;
}
int
monitor_back_modify(
Backend *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn,
Modifications *modlist
)
{
int rc = 0;
struct monitorinfo *mi = (struct monitorinfo *) be->be_private;
Entry *matched;
Entry *e;
#ifdef NEW_LOGGING
LDAP_LOG( BACK_MON, ENTRY,
"monitor_back_modify: enter\n", 0, 0, 0 );
#else
Debug(LDAP_DEBUG_ARGS, "monitor_back_modify:\n", 0, 0, 0);
#endif
/* acquire and lock entry */
monitor_cache_dn2entry( mi, ndn, &e, &matched );
if ( e == NULL ) {
send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT,
matched ? matched->e_dn : NULL,
NULL, NULL, NULL );
if ( matched != NULL ) {
monitor_cache_release( mi, matched );
return( 0 );
}
}
if ( !acl_check_modlist( be, conn, op, e, modlist )) {
rc = LDAP_INSUFFICIENT_ACCESS;
} else {
rc = monitor_entry_modify( mi, e, modlist );
}
send_ldap_result( conn, op, rc, NULL, NULL, NULL, NULL );
monitor_cache_release( mi, e );
return( 0 );
}
int
monitor_back_search( Operation *op, SlapReply *rs )
{
monitor_info_t *mi = ( monitor_info_t * )op->o_bd->be_private;
int rc = LDAP_SUCCESS;
Entry *e = NULL, *matched = NULL;
slap_mask_t mask;
Debug( LDAP_DEBUG_TRACE, "=> monitor_back_search\n", 0, 0, 0 );
/* get entry with reader lock */
monitor_cache_dn2entry( op, rs, &op->o_req_ndn, &e, &matched );
if ( e == NULL ) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
if ( matched ) {
if ( !access_allowed_mask( op, matched,
slap_schema.si_ad_entry,
NULL, ACL_DISCLOSE, NULL, NULL ) )
{
/* do nothing */ ;
} else {
rs->sr_matched = matched->e_dn;
}
}
send_ldap_result( op, rs );
if ( matched ) {
monitor_cache_release( mi, matched );
rs->sr_matched = NULL;
}
return rs->sr_err;
}
/* NOTE: __NEW__ "search" access is required
* on searchBase object */
if ( !access_allowed_mask( op, e, slap_schema.si_ad_entry,
NULL, ACL_SEARCH, NULL, &mask ) )
{
monitor_cache_release( mi, e );
if ( !ACL_GRANT( mask, ACL_DISCLOSE ) ) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
} else {
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
}
send_ldap_result( op, rs );
return rs->sr_err;
}
rs->sr_attrs = op->oq_search.rs_attrs;
switch ( op->oq_search.rs_scope ) {
case LDAP_SCOPE_BASE:
monitor_entry_update( op, rs, e );
rc = test_filter( op, e, op->oq_search.rs_filter );
if ( rc == LDAP_COMPARE_TRUE ) {
rs->sr_entry = e;
rs->sr_flags = 0;
send_search_entry( op, rs );
rs->sr_entry = NULL;
}
rc = LDAP_SUCCESS;
monitor_cache_release( mi, e );
break;
case LDAP_SCOPE_ONELEVEL:
case LDAP_SCOPE_SUBORDINATE:
rc = monitor_send_children( op, rs, e,
op->oq_search.rs_scope == LDAP_SCOPE_SUBORDINATE );
break;
case LDAP_SCOPE_SUBTREE:
monitor_entry_update( op, rs, e );
rc = test_filter( op, e, op->oq_search.rs_filter );
if ( rc == LDAP_COMPARE_TRUE ) {
rs->sr_entry = e;
rs->sr_flags = 0;
send_search_entry( op, rs );
rs->sr_entry = NULL;
}
rc = monitor_send_children( op, rs, e, 1 );
break;
default:
rc = LDAP_UNWILLING_TO_PERFORM;
monitor_cache_release( mi, e );
}
rs->sr_attrs = NULL;
rs->sr_err = rc;
if ( rs->sr_err != SLAPD_ABANDON ) {
send_ldap_result( op, rs );
}
return rs->sr_err;
}
int
monitor_back_compare( Operation *op, SlapReply *rs )
{
monitor_info_t *mi = ( monitor_info_t * ) op->o_bd->be_private;
Entry *e, *matched = NULL;
Attribute *a;
int rc;
/* get entry with reader lock */
monitor_cache_dn2entry( op, rs, &op->o_req_ndn, &e, &matched );
if ( e == NULL ) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
if ( matched ) {
if ( !access_allowed_mask( op, matched,
slap_schema.si_ad_entry,
NULL, ACL_DISCLOSE, NULL, NULL ) )
{
/* do nothing */ ;
} else {
rs->sr_matched = matched->e_dn;
}
}
send_ldap_result( op, rs );
if ( matched ) {
monitor_cache_release( mi, matched );
rs->sr_matched = NULL;
}
return rs->sr_err;
}
rs->sr_err = access_allowed( op, e, op->oq_compare.rs_ava->aa_desc,
&op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL );
if ( !rs->sr_err ) {
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
for ( a = attrs_find( e->e_attrs, op->oq_compare.rs_ava->aa_desc );
a != NULL;
a = attrs_find( a->a_next, op->oq_compare.rs_ava->aa_desc )) {
rs->sr_err = LDAP_COMPARE_FALSE;
if ( attr_valfind( a,
SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
&op->oq_compare.rs_ava->aa_value, NULL,
op->o_tmpmemctx ) == 0 )
{
rs->sr_err = LDAP_COMPARE_TRUE;
break;
}
}
return_results:;
rc = rs->sr_err;
switch ( rc ) {
case LDAP_COMPARE_FALSE:
case LDAP_COMPARE_TRUE:
rc = LDAP_SUCCESS;
break;
case LDAP_NO_SUCH_ATTRIBUTE:
break;
default:
if ( !access_allowed_mask( op, e, slap_schema.si_ad_entry,
NULL, ACL_DISCLOSE, NULL, NULL ) )
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
}
break;
}
send_ldap_result( op, rs );
rs->sr_err = rc;
monitor_cache_release( mi, e );
return rs->sr_err;
}
