int
wt_compare( Operation *op, SlapReply *rs )
{
struct wt_info *wi = (struct wt_info *) op->o_bd->be_private;
Entry *e = NULL;
int manageDSAit = get_manageDSAit( op );
int rc;
wt_ctx *wc = NULL;
Debug( LDAP_DEBUG_ARGS, "==> " LDAP_XSTRING(wt_compare) ": %s\n",
op->o_req_dn.bv_val, 0, 0 );
wc = wt_ctx_get(op, wi);
if( !wc ){
Debug( LDAP_DEBUG_ANY,
LDAP_XSTRING(wt_compare)
": wt_ctx_get failed\n",
0, 0, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
send_ldap_result( op, rs );
return rs->sr_err;
}
rs->sr_err = wt_dn2entry(op->o_bd, wc, &op->o_req_ndn, &e);
switch( rs->sr_err ) {
case 0:
case WT_NOTFOUND:
break;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
if ( rs->sr_err == WT_NOTFOUND ) {
if ( e != NULL ) {
/* return referral only if "disclose" is granted on the object */
if ( ! access_allowed( op, e, slap_schema.si_ad_entry,
NULL, ACL_DISCLOSE, NULL ) )
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
} else {
rs->sr_matched = ch_strdup( e->e_dn );
if ( is_entry_referral( e )) {
BerVarray ref = get_entry_referrals( op, e );
rs->sr_ref = referral_rewrite( ref,
&e->e_name,
&op->o_req_dn,
LDAP_SCOPE_DEFAULT );
ber_bvarray_free( ref );
} else {
rs->sr_ref = NULL;
}
rs->sr_err = LDAP_REFERRAL;
}
wt_entry_return( e );
e = NULL;
} else {
rs->sr_ref = referral_rewrite( default_referral,
NULL,
&op->o_req_dn,
LDAP_SCOPE_DEFAULT );
rs->sr_err = rs->sr_ref ? LDAP_REFERRAL : LDAP_NO_SUCH_OBJECT;
}
rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
send_ldap_result( op, rs );
goto done;
}
if (!manageDSAit && is_entry_referral( e ) ) {
/* return referral only if "disclose" is granted on the object */
if ( !access_allowed( op, e, slap_schema.si_ad_entry,
NULL, ACL_DISCLOSE, NULL ) )
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
} else {
/* entry is a referral, don't allow compare */
rs->sr_ref = get_entry_referrals( op, e );
rs->sr_err = LDAP_REFERRAL;
rs->sr_matched = e->e_name.bv_val;
}
Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0, 0, 0 );
send_ldap_result( op, rs );
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
goto done;
}
rs->sr_err = slap_compare_entry( op, e, op->orc_ava );
return_results:
send_ldap_result( op, rs );
switch ( rs->sr_err ) {
case LDAP_COMPARE_FALSE:
case LDAP_COMPARE_TRUE:
rs->sr_err = LDAP_SUCCESS;
break;
}
done:
if ( e != NULL ) {
wt_entry_return( e );
}
return rs->sr_err;
}
static int
dds_op_extended( Operation *op, SlapReply *rs )
{
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
dds_info_t *di = on->on_bi.bi_private;
if ( DDS_OFF( di ) ) {
return SLAP_CB_CONTINUE;
}
if ( bvmatch( &op->ore_reqoid, &slap_EXOP_REFRESH ) ) {
Entry *e = NULL;
time_t ttl;
BackendDB db = *op->o_bd;
SlapReply rs2 = { REP_RESULT };
Operation op2 = *op;
slap_callback sc = { 0 };
Modifications ttlmod = { { 0 } };
struct berval ttlvalues[ 2 ];
char ttlbuf[STRLENOF("31557600") + 1];
rs->sr_err = slap_parse_refresh( op->ore_reqdata, NULL, &ttl,
&rs->sr_text, NULL );
assert( rs->sr_err == LDAP_SUCCESS );
if ( ttl <= 0 || ttl > DDS_RF2589_MAX_TTL ) {
rs->sr_err = LDAP_PROTOCOL_ERROR;
rs->sr_text = "invalid time-to-live for dynamicObject";
return rs->sr_err;
}
if ( ttl > di->di_max_ttl ) {
/* FIXME: I don't understand if this has to be an error,
* or an indication that the requested Ttl has been
* shortened to di->di_max_ttl >= 1 day */
rs->sr_err = LDAP_SIZELIMIT_EXCEEDED;
rs->sr_text = "time-to-live for dynamicObject exceeds limit";
return rs->sr_err;
}
if ( di->di_min_ttl && ttl < di->di_min_ttl ) {
ttl = di->di_min_ttl;
}
/* This does not apply to multi-master case */
if ( !( !SLAP_SINGLE_SHADOW( op->o_bd ) || be_isupdate( op ) ) ) {
/* we SHOULD return a referral in this case */
BerVarray defref = op->o_bd->be_update_refs
? op->o_bd->be_update_refs : default_referral;
if ( defref != NULL ) {
rs->sr_ref = referral_rewrite( op->o_bd->be_update_refs,
NULL, NULL, LDAP_SCOPE_DEFAULT );
if ( rs->sr_ref ) {
rs->sr_flags |= REP_REF_MUSTBEFREED;
} else {
rs->sr_ref = defref;
}
rs->sr_err = LDAP_REFERRAL;
} else {
rs->sr_text = "shadow context; no update referral";
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
}
return rs->sr_err;
}
assert( !BER_BVISNULL( &op->o_req_ndn ) );
/* check if exists but not dynamicObject */
op->o_bd->bd_info = (BackendInfo *)on->on_info;
rs->sr_err = be_entry_get_rw( op, &op->o_req_ndn,
slap_schema.si_oc_dynamicObject, NULL, 0, &e );
if ( rs->sr_err != LDAP_SUCCESS ) {
rs->sr_err = be_entry_get_rw( op, &op->o_req_ndn,
NULL, NULL, 0, &e );
if ( rs->sr_err == LDAP_SUCCESS && e != NULL ) {
/* return referral only if "disclose"
* is granted on the object */
if ( ! access_allowed( op, e,
slap_schema.si_ad_entry,
NULL, ACL_DISCLOSE, NULL ) )
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
} else {
rs->sr_err = LDAP_OBJECT_CLASS_VIOLATION;
rs->sr_text = "refresh operation only applies to dynamic objects";
}
be_entry_release_r( op, e );
} else {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
}
return rs->sr_err;
} else if ( e != NULL ) {
be_entry_release_r( op, e );
}
/* we require manage privileges on the entryTtl,
* and fake a Relax control */
op2.o_tag = LDAP_REQ_MODIFY;
op2.o_bd = &db;
db.bd_info = (BackendInfo *)on->on_info;
op2.o_callback = ≻
sc.sc_response = slap_null_cb;
op2.o_relax = SLAP_CONTROL_CRITICAL;
op2.orm_modlist = &ttlmod;
ttlmod.sml_op = LDAP_MOD_REPLACE;
ttlmod.sml_flags = SLAP_MOD_MANAGING;
ttlmod.sml_desc = slap_schema.si_ad_entryTtl;
ttlmod.sml_values = ttlvalues;
ttlmod.sml_numvals = 1;
ttlvalues[ 0 ].bv_val = ttlbuf;
ttlvalues[ 0 ].bv_len = snprintf( ttlbuf, sizeof( ttlbuf ), "%ld", ttl );
BER_BVZERO( &ttlvalues[ 1 ] );
/* the entryExpireTimestamp is added by modify */
rs->sr_err = slap_biglock_call_be( op_modify, &op2, &rs2 );
if ( ttlmod.sml_next != NULL ) {
slap_mods_free( ttlmod.sml_next, 1 );
}
if ( rs->sr_err == LDAP_SUCCESS ) {
int rc;
BerElementBuffer berbuf;
BerElement *ber = (BerElement *)&berbuf;
ber_init_w_nullc( ber, LBER_USE_DER );
rc = ber_printf( ber, "{tiN}", LDAP_TAG_EXOP_REFRESH_RES_TTL, (int)ttl );
if ( rc < 0 ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
} else {
(void)ber_flatten( ber, &rs->sr_rspdata );
rs->sr_rspoid = ch_strdup( slap_EXOP_REFRESH.bv_val );
Log3( LDAP_DEBUG_TRACE, LDAP_LEVEL_INFO,
"%s REFRESH dn=\"%s\" TTL=%ld\n",
op->o_log_prefix, op->o_req_ndn.bv_val, ttl );
}
ber_free_buf( ber );
}
return rs->sr_err;
}
return SLAP_CB_CONTINUE;
}
static int
retcode_entry_response( Operation *op, SlapReply *rs, BackendInfo *bi, Entry *e )
{
Attribute *a;
int err;
char *next;
int disconnect = 0;
if ( get_manageDSAit( op ) ) {
return SLAP_CB_CONTINUE;
}
if ( !is_entry_objectclass_or_sub( e, oc_errAbsObject ) ) {
return SLAP_CB_CONTINUE;
}
/* operation */
a = attr_find( e->e_attrs, ad_errOp );
if ( a != NULL ) {
int i,
gotit = 0;
struct berval bv = BER_BVNULL;
(void)retcode_op2str( op->o_tag, &bv );
if ( BER_BVISNULL( &bv ) ) {
return SLAP_CB_CONTINUE;
}
for ( i = 0; !BER_BVISNULL( &a->a_nvals[ i ] ); i++ ) {
if ( bvmatch( &a->a_nvals[ i ], &bv ) ) {
gotit = 1;
break;
}
}
if ( !gotit ) {
return SLAP_CB_CONTINUE;
}
}
/* disconnect */
a = attr_find( e->e_attrs, ad_errDisconnect );
if ( a != NULL ) {
if ( bvmatch( &a->a_nvals[ 0 ], &slap_true_bv ) ) {
return rs->sr_err = SLAPD_DISCONNECT;
}
disconnect = 1;
}
/* error code */
a = attr_find( e->e_attrs, ad_errCode );
if ( a == NULL ) {
return SLAP_CB_CONTINUE;
}
err = strtol( a->a_nvals[ 0 ].bv_val, &next, 0 );
if ( next == a->a_nvals[ 0 ].bv_val || next[ 0 ] != '\0' ) {
return SLAP_CB_CONTINUE;
}
rs->sr_err = err;
/* sleep time */
a = attr_find( e->e_attrs, ad_errSleepTime );
if ( a != NULL && a->a_nvals[ 0 ].bv_val[ 0 ] != '-' ) {
int sleepTime;
if ( lutil_atoi( &sleepTime, a->a_nvals[ 0 ].bv_val ) == 0 ) {
retcode_sleep( sleepTime );
}
}
if ( rs->sr_err != LDAP_SUCCESS && !LDAP_API_ERROR( rs->sr_err )) {
BackendDB db = *op->o_bd,
*o_bd = op->o_bd;
void *o_callback = op->o_callback;
/* message text */
a = attr_find( e->e_attrs, ad_errText );
if ( a != NULL ) {
rs->sr_text = a->a_vals[ 0 ].bv_val;
}
/* matched DN */
a = attr_find( e->e_attrs, ad_errMatchedDN );
if ( a != NULL ) {
rs->sr_matched = a->a_vals[ 0 ].bv_val;
}
if ( bi == NULL ) {
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
bi = on->on_info->oi_orig;
}
db.bd_info = bi;
op->o_bd = &db;
op->o_callback = NULL;
/* referral */
if ( rs->sr_err == LDAP_REFERRAL ) {
BerVarray refs = default_referral;
a = attr_find( e->e_attrs, slap_schema.si_ad_ref );
if ( a != NULL ) {
refs = a->a_vals;
}
rs->sr_ref = referral_rewrite( refs,
NULL, &op->o_req_dn, op->oq_search.rs_scope );
send_search_reference( op, rs );
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
} else {
a = attr_find( e->e_attrs, ad_errUnsolicitedOID );
if ( a != NULL ) {
struct berval oid = BER_BVNULL,
data = BER_BVNULL;
ber_int_t msgid = op->o_msgid;
/* RFC 4511 unsolicited response */
op->o_msgid = 0;
oid = a->a_nvals[ 0 ];
a = attr_find( e->e_attrs, ad_errUnsolicitedData );
if ( a != NULL ) {
data = a->a_nvals[ 0 ];
}
if ( strcmp( oid.bv_val, "0" ) == 0 ) {
send_ldap_result( op, rs );
} else {
ber_tag_t tag = op->o_tag;
op->o_tag = LDAP_REQ_EXTENDED;
rs->sr_rspoid = oid.bv_val;
if ( !BER_BVISNULL( &data ) ) {
rs->sr_rspdata = &data;
}
send_ldap_extended( op, rs );
rs->sr_rspoid = NULL;
rs->sr_rspdata = NULL;
op->o_tag = tag;
}
op->o_msgid = msgid;
} else {
send_ldap_result( op, rs );
}
}
rs->sr_text = NULL;
rs->sr_matched = NULL;
op->o_bd = o_bd;
op->o_callback = o_callback;
}
if ( rs->sr_err != LDAP_SUCCESS ) {
if ( disconnect ) {
return rs->sr_err = SLAPD_DISCONNECT;
}
op->o_abandon = 1;
return rs->sr_err;
}
return SLAP_CB_CONTINUE;
}
int
mdb_search( Operation *op, SlapReply *rs )
{
struct mdb_info *mdb = (struct mdb_info *) op->o_bd->be_private;
ID id, cursor, nsubs, ncand, cscope;
ID lastid = NOID;
ID candidates[MDB_IDL_UM_SIZE];
ID iscopes[MDB_IDL_DB_SIZE];
ID2 *scopes;
void *stack;
Entry *e = NULL, *base = NULL;
Entry *matched = NULL;
AttributeName *attrs;
slap_mask_t mask;
time_t stoptime;
int manageDSAit;
int tentries = 0;
IdScopes isc;
MDB_cursor *mci, *mcd;
ww_ctx wwctx;
slap_callback cb = { 0 };
mdb_op_info opinfo = {{{0}}}, *moi = &opinfo;
MDB_txn *ltid = NULL;
Debug( LDAP_DEBUG_TRACE, "=> " LDAP_XSTRING(mdb_search) "\n", 0, 0, 0);
attrs = op->oq_search.rs_attrs;
manageDSAit = get_manageDSAit( op );
rs->sr_err = mdb_opinfo_get( op, mdb, 1, &moi );
switch(rs->sr_err) {
case 0:
break;
default:
send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
return rs->sr_err;
}
ltid = moi->moi_txn;
rs->sr_err = mdb_cursor_open( ltid, mdb->mi_id2entry, &mci );
if ( rs->sr_err ) {
send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
return rs->sr_err;
}
rs->sr_err = mdb_cursor_open( ltid, mdb->mi_dn2id, &mcd );
if ( rs->sr_err ) {
mdb_cursor_close( mci );
send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
return rs->sr_err;
}
scopes = scope_chunk_get( op );
stack = search_stack( op );
isc.mt = ltid;
isc.mc = mcd;
isc.scopes = scopes;
isc.oscope = op->ors_scope;
isc.sctmp = stack;
if ( op->ors_deref & LDAP_DEREF_FINDING ) {
MDB_IDL_ZERO(candidates);
}
dn2entry_retry:
/* get entry with reader lock */
rs->sr_err = mdb_dn2entry( op, ltid, mcd, &op->o_req_ndn, &e, &nsubs, 1 );
switch(rs->sr_err) {
case MDB_NOTFOUND:
matched = e;
e = NULL;
break;
case 0:
break;
case LDAP_BUSY:
send_ldap_error( op, rs, LDAP_BUSY, "ldap server busy" );
goto done;
default:
send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
goto done;
}
if ( op->ors_deref & LDAP_DEREF_FINDING ) {
if ( matched && is_entry_alias( matched )) {
struct berval stub;
stub.bv_val = op->o_req_ndn.bv_val;
stub.bv_len = op->o_req_ndn.bv_len - matched->e_nname.bv_len - 1;
e = deref_base( op, rs, matched, &matched, ltid,
candidates, NULL );
if ( e ) {
build_new_dn( &op->o_req_ndn, &e->e_nname, &stub,
op->o_tmpmemctx );
mdb_entry_return(op, e);
matched = NULL;
goto dn2entry_retry;
}
} else if ( e && is_entry_alias( e )) {
e = deref_base( op, rs, e, &matched, ltid,
candidates, NULL );
}
}
if ( e == NULL ) {
struct berval matched_dn = BER_BVNULL;
if ( matched != NULL ) {
BerVarray erefs = NULL;
/* return referral only if "disclose"
* is granted on the object */
if ( ! access_allowed( op, matched,
slap_schema.si_ad_entry,
NULL, ACL_DISCLOSE, NULL ) )
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
} else {
ber_dupbv( &matched_dn, &matched->e_name );
erefs = is_entry_referral( matched )
? get_entry_referrals( op, matched )
: NULL;
if ( rs->sr_err == MDB_NOTFOUND )
rs->sr_err = LDAP_REFERRAL;
rs->sr_matched = matched_dn.bv_val;
}
mdb_entry_return(op, matched);
matched = NULL;
if ( erefs ) {
rs->sr_ref = referral_rewrite( erefs, &matched_dn,
&op->o_req_dn, op->oq_search.rs_scope );
ber_bvarray_free( erefs );
}
} else {
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, op->oq_search.rs_scope );
rs->sr_err = rs->sr_ref != NULL ? LDAP_REFERRAL : LDAP_NO_SUCH_OBJECT;
}
send_ldap_result( op, rs );
if ( rs->sr_ref ) {
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
}
if ( !BER_BVISNULL( &matched_dn ) ) {
ber_memfree( matched_dn.bv_val );
rs->sr_matched = NULL;
}
goto done;
}
/* NOTE: __NEW__ "search" access is required
* on searchBase object */
if ( ! access_allowed_mask( op, e, slap_schema.si_ad_entry,
NULL, ACL_SEARCH, NULL, &mask ) )
{
if ( !ACL_GRANT( mask, ACL_DISCLOSE ) ) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
} else {
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
}
mdb_entry_return( op,e);
send_ldap_result( op, rs );
goto done;
}
if ( !manageDSAit && is_entry_referral( e ) ) {
/* entry is a referral */
struct berval matched_dn = BER_BVNULL;
BerVarray erefs = NULL;
ber_dupbv( &matched_dn, &e->e_name );
erefs = get_entry_referrals( op, e );
rs->sr_err = LDAP_REFERRAL;
mdb_entry_return( op, e );
e = NULL;
if ( erefs ) {
rs->sr_ref = referral_rewrite( erefs, &matched_dn,
&op->o_req_dn, op->oq_search.rs_scope );
ber_bvarray_free( erefs );
if ( !rs->sr_ref ) {
rs->sr_text = "bad_referral object";
}
}
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_search) ": entry is referral\n",
0, 0, 0 );
rs->sr_matched = matched_dn.bv_val;
send_ldap_result( op, rs );
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
ber_memfree( matched_dn.bv_val );
rs->sr_matched = NULL;
goto done;
}
if ( get_assert( op ) &&
( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
{
rs->sr_err = LDAP_ASSERTION_FAILED;
mdb_entry_return( op,e);
send_ldap_result( op, rs );
goto done;
}
/* compute it anyway; root does not use it */
stoptime = op->o_time + op->ors_tlimit;
base = e;
e = NULL;
/* select candidates */
if ( op->oq_search.rs_scope == LDAP_SCOPE_BASE ) {
rs->sr_err = base_candidate( op->o_bd, base, candidates );
scopes[0].mid = 0;
ncand = 1;
} else {
if ( op->ors_scope == LDAP_SCOPE_ONELEVEL ) {
size_t nkids;
MDB_val key, data;
key.mv_data = &base->e_id;
key.mv_size = sizeof( ID );
mdb_cursor_get( mcd, &key, &data, MDB_SET );
mdb_cursor_count( mcd, &nkids );
nsubs = nkids - 1;
} else if ( !base->e_id ) {
/* we don't maintain nsubs for entryID 0.
* just grab entry count from id2entry stat
*/
MDB_stat ms;
mdb_stat( ltid, mdb->mi_id2entry, &ms );
nsubs = ms.ms_entries;
}
MDB_IDL_ZERO( candidates );
scopes[0].mid = 1;
scopes[1].mid = base->e_id;
scopes[1].mval.mv_data = NULL;
rs->sr_err = search_candidates( op, rs, base,
&isc, mci, candidates, stack );
ncand = MDB_IDL_N( candidates );
if ( !base->e_id || ncand == NOID ) {
/* grab entry count from id2entry stat
*/
MDB_stat ms;
mdb_stat( ltid, mdb->mi_id2entry, &ms );
if ( !base->e_id )
nsubs = ms.ms_entries;
if ( ncand == NOID )
ncand = ms.ms_entries;
}
}
/* start cursor at beginning of candidates.
*/
cursor = 0;
if ( candidates[0] == 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_search) ": no candidates\n",
0, 0, 0 );
goto nochange;
}
/* if not root and candidates exceed to-be-checked entries, abort */
if ( op->ors_limit /* isroot == FALSE */ &&
op->ors_limit->lms_s_unchecked != -1 &&
ncand > (unsigned) op->ors_limit->lms_s_unchecked )
{
rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
send_ldap_result( op, rs );
rs->sr_err = LDAP_SUCCESS;
goto done;
}
if ( op->ors_limit == NULL /* isroot == TRUE */ ||
!op->ors_limit->lms_s_pr_hide )
{
tentries = ncand;
}
wwctx.flag = 0;
/* If we're running in our own read txn */
if ( moi == &opinfo ) {
cb.sc_writewait = mdb_writewait;
cb.sc_private = &wwctx;
wwctx.txn = ltid;
wwctx.mcd = NULL;
cb.sc_next = op->o_callback;
op->o_callback = &cb;
}
if ( get_pagedresults( op ) > SLAP_CONTROL_IGNORED ) {
PagedResultsState *ps = op->o_pagedresults_state;
/* deferred cookie parsing */
rs->sr_err = parse_paged_cookie( op, rs );
if ( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto done;
}
cursor = (ID) ps->ps_cookie;
if ( cursor && ps->ps_size == 0 ) {
rs->sr_err = LDAP_SUCCESS;
rs->sr_text = "search abandoned by pagedResult size=0";
send_ldap_result( op, rs );
goto done;
}
id = mdb_idl_first( candidates, &cursor );
if ( id == NOID ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_search)
": no paged results candidates\n",
0, 0, 0 );
send_paged_response( op, rs, &lastid, 0 );
rs->sr_err = LDAP_OTHER;
goto done;
}
if ( id == (ID)ps->ps_cookie )
id = mdb_idl_next( candidates, &cursor );
nsubs = ncand; /* always bypass scope'd search */
goto loop_begin;
}
if ( nsubs < ncand ) {
int rc;
/* Do scope-based search */
/* if any alias scopes were set, save them */
if (scopes[0].mid > 1) {
cursor = 1;
for (cscope = 1; cscope <= scopes[0].mid; cscope++) {
/* Ignore the original base */
if (scopes[cscope].mid == base->e_id)
continue;
iscopes[cursor++] = scopes[cscope].mid;
}
iscopes[0] = scopes[0].mid - 1;
} else {
iscopes[0] = 0;
}
wwctx.mcd = mcd;
isc.id = base->e_id;
isc.numrdns = 0;
rc = mdb_dn2id_walk( op, &isc );
if ( rc )
id = NOID;
else
id = isc.id;
cscope = 0;
} else {
id = mdb_idl_first( candidates, &cursor );
}
while (id != NOID)
{
int scopeok;
MDB_val edata;
loop_begin:
/* check for abandon */
if ( op->o_abandon ) {
rs->sr_err = SLAPD_ABANDON;
send_ldap_result( op, rs );
goto done;
}
/* mostly needed by internal searches,
* e.g. related to syncrepl, for whom
* abandon does not get set... */
if ( slapd_shutdown ) {
rs->sr_err = LDAP_UNAVAILABLE;
send_ldap_disconnect( op, rs );
goto done;
}
/* check time limit */
if ( op->ors_tlimit != SLAP_NO_LIMIT
&& slap_get_time() > stoptime )
{
rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
rs->sr_ref = rs->sr_v2ref;
send_ldap_result( op, rs );
rs->sr_err = LDAP_SUCCESS;
goto done;
}
if ( nsubs < ncand ) {
unsigned i;
/* Is this entry in the candidate list? */
scopeok = 0;
if (MDB_IDL_IS_RANGE( candidates )) {
if ( id >= MDB_IDL_RANGE_FIRST( candidates ) &&
id <= MDB_IDL_RANGE_LAST( candidates ))
scopeok = 1;
} else {
i = mdb_idl_search( candidates, id );
if ( candidates[i] == id )
scopeok = 1;
}
if ( scopeok )
goto scopeok;
goto loop_continue;
}
/* Does this candidate actually satisfy the search scope?
*/
scopeok = 0;
isc.numrdns = 0;
switch( op->ors_scope ) {
case LDAP_SCOPE_BASE:
/* This is always true, yes? */
if ( id == base->e_id ) scopeok = 1;
break;
#ifdef LDAP_SCOPE_CHILDREN
case LDAP_SCOPE_CHILDREN:
if ( id == base->e_id ) break;
/* Fall-thru */
#endif
case LDAP_SCOPE_SUBTREE:
if ( id == base->e_id ) {
scopeok = 1;
break;
}
/* Fall-thru */
case LDAP_SCOPE_ONELEVEL:
isc.id = id;
isc.nscope = 0;
rs->sr_err = mdb_idscopes( op, &isc );
if ( rs->sr_err == MDB_SUCCESS ) {
if ( isc.nscope )
scopeok = 1;
} else {
if ( rs->sr_err == MDB_NOTFOUND )
goto notfound;
}
break;
}
/* Not in scope, ignore it */
if ( !scopeok )
{
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_search)
": %ld scope not okay\n",
(long) id, 0, 0 );
goto loop_continue;
}
scopeok:
if ( id == base->e_id ) {
e = base;
} else {
/* get the entry */
rs->sr_err = mdb_id2edata( op, mci, id, &edata );
if ( rs->sr_err == MDB_NOTFOUND ) {
notfound:
if( nsubs < ncand )
goto loop_continue;
if( !MDB_IDL_IS_RANGE(candidates) ) {
/* only complain for non-range IDLs */
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_search)
": candidate %ld not found\n",
(long) id, 0, 0 );
} else {
/* get the next ID from the DB */
rs->sr_err = mdb_get_nextid( mci, &cursor );
if ( rs->sr_err == MDB_NOTFOUND ) {
break;
}
if ( rs->sr_err ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error in get_nextid";
send_ldap_result( op, rs );
goto done;
}
cursor--;
}
goto loop_continue;
} else if ( rs->sr_err ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error in mdb_id2edata";
send_ldap_result( op, rs );
goto done;
}
rs->sr_err = mdb_entry_decode( op, ltid, &edata, &e );
if ( rs->sr_err ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error in mdb_entry_decode";
send_ldap_result( op, rs );
goto done;
}
e->e_id = id;
e->e_name.bv_val = NULL;
e->e_nname.bv_val = NULL;
}
if ( is_entry_subentry( e ) ) {
if( op->oq_search.rs_scope != LDAP_SCOPE_BASE ) {
if(!get_subentries_visibility( op )) {
/* only subentries are visible */
goto loop_continue;
}
} else if ( get_subentries( op ) &&
!get_subentries_visibility( op ))
{
/* only subentries are visible */
goto loop_continue;
}
} else if ( get_subentries_visibility( op )) {
/* only subentries are visible */
goto loop_continue;
}
/* aliases were already dereferenced in candidate list */
if ( op->ors_deref & LDAP_DEREF_SEARCHING ) {
/* but if the search base is an alias, and we didn't
* deref it when finding, return it.
*/
if ( is_entry_alias(e) &&
((op->ors_deref & LDAP_DEREF_FINDING) || e != base ))
{
goto loop_continue;
}
}
if ( !manageDSAit && is_entry_glue( e )) {
goto loop_continue;
}
if (e != base) {
struct berval pdn, pndn;
char *d, *n;
int i;
/* child of base, just append RDNs to base->e_name */
if ( nsubs < ncand || isc.scopes[isc.nscope].mid == base->e_id ) {
pdn = base->e_name;
pndn = base->e_nname;
} else {
mdb_id2name( op, ltid, &isc.mc, scopes[isc.nscope].mid, &pdn, &pndn );
}
e->e_name.bv_len = pdn.bv_len;
e->e_nname.bv_len = pndn.bv_len;
for (i=0; i<isc.numrdns; i++) {
e->e_name.bv_len += isc.rdns[i].bv_len + 1;
e->e_nname.bv_len += isc.nrdns[i].bv_len + 1;
}
e->e_name.bv_val = op->o_tmpalloc(e->e_name.bv_len + 1, op->o_tmpmemctx);
e->e_nname.bv_val = op->o_tmpalloc(e->e_nname.bv_len + 1, op->o_tmpmemctx);
d = e->e_name.bv_val;
n = e->e_nname.bv_val;
if (nsubs < ncand) {
/* RDNs are in top-down order */
for (i=isc.numrdns-1; i>=0; i--) {
memcpy(d, isc.rdns[i].bv_val, isc.rdns[i].bv_len);
d += isc.rdns[i].bv_len;
*d++ = ',';
memcpy(n, isc.nrdns[i].bv_val, isc.nrdns[i].bv_len);
n += isc.nrdns[i].bv_len;
*n++ = ',';
}
} else {
/* RDNs are in bottom-up order */
for (i=0; i<isc.numrdns; i++) {
memcpy(d, isc.rdns[i].bv_val, isc.rdns[i].bv_len);
d += isc.rdns[i].bv_len;
*d++ = ',';
memcpy(n, isc.nrdns[i].bv_val, isc.nrdns[i].bv_len);
n += isc.nrdns[i].bv_len;
*n++ = ',';
}
}
if (pdn.bv_len) {
memcpy(d, pdn.bv_val, pdn.bv_len+1);
memcpy(n, pndn.bv_val, pndn.bv_len+1);
} else {
*--d = '\0';
*--n = '\0';
e->e_name.bv_len--;
e->e_nname.bv_len--;
}
if (pndn.bv_val != base->e_nname.bv_val) {
op->o_tmpfree(pndn.bv_val, op->o_tmpmemctx);
op->o_tmpfree(pdn.bv_val, op->o_tmpmemctx);
}
}
/*
* if it's a referral, add it to the list of referrals. only do
* this for non-base searches, and don't check the filter
* explicitly here since it's only a candidate anyway.
*/
if ( !manageDSAit && op->oq_search.rs_scope != LDAP_SCOPE_BASE
&& is_entry_referral( e ) )
{
BerVarray erefs = get_entry_referrals( op, e );
rs->sr_ref = referral_rewrite( erefs, &e->e_name, NULL,
op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL
? LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE );
rs->sr_entry = e;
rs->sr_flags = 0;
send_search_reference( op, rs );
if (e != base)
mdb_entry_return( op, e );
rs->sr_entry = NULL;
e = NULL;
ber_bvarray_free( rs->sr_ref );
ber_bvarray_free( erefs );
rs->sr_ref = NULL;
if ( wwctx.flag ) {
rs->sr_err = mdb_waitfixup( op, &wwctx, mci, mcd );
if ( rs->sr_err ) {
send_ldap_result( op, rs );
goto done;
}
}
goto loop_continue;
}
/* if it matches the filter and scope, send it */
rs->sr_err = test_filter( op, e, op->oq_search.rs_filter );
if ( rs->sr_err == LDAP_COMPARE_TRUE ) {
/* check size limit */
if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) {
if ( rs->sr_nentries >= ((PagedResultsState *)op->o_pagedresults_state)->ps_size ) {
mdb_entry_return( op, e );
e = NULL;
send_paged_response( op, rs, &lastid, tentries );
goto done;
}
lastid = id;
}
if (e) {
/* safe default */
rs->sr_attrs = op->oq_search.rs_attrs;
rs->sr_operational_attrs = NULL;
rs->sr_ctrls = NULL;
rs->sr_entry = e;
RS_ASSERT( e->e_private != NULL );
rs->sr_flags = 0;
rs->sr_err = LDAP_SUCCESS;
rs->sr_err = send_search_entry( op, rs );
rs->sr_attrs = NULL;
rs->sr_entry = NULL;
if (e != base)
mdb_entry_return( op, e );
e = NULL;
switch ( rs->sr_err ) {
case LDAP_SUCCESS: /* entry sent ok */
break;
default: /* entry not sent */
break;
case LDAP_BUSY:
send_ldap_result( op, rs );
goto done;
case LDAP_UNAVAILABLE:
case LDAP_SIZELIMIT_EXCEEDED:
if ( rs->sr_err == LDAP_SIZELIMIT_EXCEEDED ) {
rs->sr_ref = rs->sr_v2ref;
send_ldap_result( op, rs );
rs->sr_err = LDAP_SUCCESS;
} else {
rs->sr_err = LDAP_OTHER;
}
goto done;
}
if ( wwctx.flag ) {
rs->sr_err = mdb_waitfixup( op, &wwctx, mci, mcd );
if ( rs->sr_err ) {
send_ldap_result( op, rs );
goto done;
}
}
}
} else {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_search)
": %ld does not match filter\n",
(long) id, 0, 0 );
}
loop_continue:
if( e != NULL ) {
if ( e != base )
mdb_entry_return( op, e );
RS_ASSERT( rs->sr_entry == NULL );
e = NULL;
rs->sr_entry = NULL;
}
if ( nsubs < ncand ) {
int rc = mdb_dn2id_walk( op, &isc );
if (rc) {
id = NOID;
/* We got to the end of a subtree. If there are any
* alias scopes left, search them too.
*/
while (iscopes[0] && cscope < iscopes[0]) {
cscope++;
isc.id = iscopes[cscope];
if ( base )
mdb_entry_return( op, base );
rs->sr_err = mdb_id2entry(op, mci, isc.id, &base);
if ( !rs->sr_err ) {
mdb_id2name( op, ltid, &isc.mc, isc.id, &base->e_name, &base->e_nname );
isc.numrdns = 0;
if (isc.oscope == LDAP_SCOPE_ONELEVEL)
isc.oscope = LDAP_SCOPE_BASE;
rc = mdb_dn2id_walk( op, &isc );
if ( !rc ) {
id = isc.id;
break;
}
}
}
} else
id = isc.id;
} else {
id = mdb_idl_next( candidates, &cursor );
}
}
nochange:
rs->sr_ctrls = NULL;
rs->sr_ref = rs->sr_v2ref;
rs->sr_err = (rs->sr_v2ref == NULL) ? LDAP_SUCCESS : LDAP_REFERRAL;
rs->sr_rspoid = NULL;
if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) {
send_paged_response( op, rs, NULL, 0 );
} else {
send_ldap_result( op, rs );
}
rs->sr_err = LDAP_SUCCESS;
done:
if ( cb.sc_private ) {
/* remove our writewait callback */
slap_callback **scp = &op->o_callback;
while ( *scp ) {
if ( *scp == &cb ) {
*scp = cb.sc_next;
cb.sc_private = NULL;
break;
}
}
}
mdb_cursor_close( mcd );
mdb_cursor_close( mci );
if ( moi == &opinfo ) {
mdb_txn_reset( moi->moi_txn );
LDAP_SLIST_REMOVE( &op->o_extra, &moi->moi_oe, OpExtra, oe_next );
} else {
moi->moi_ref--;
}
if( rs->sr_v2ref ) {
ber_bvarray_free( rs->sr_v2ref );
rs->sr_v2ref = NULL;
}
if (base)
mdb_entry_return( op, base );
scope_chunk_ret( op, scopes );
return rs->sr_err;
}
int
fe_op_modrdn( Operation *op, SlapReply *rs )
{
struct berval dest_ndn = BER_BVNULL, dest_pndn, pdn = BER_BVNULL;
BackendDB *op_be, *bd = op->o_bd;
ber_slen_t diff;
if( op->o_req_ndn.bv_len == 0 ) {
Debug( LDAP_DEBUG_ANY, "%s do_modrdn: root dse!\n",
op->o_log_prefix, 0, 0 );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"cannot rename the root DSE" );
goto cleanup;
} else if ( bvmatch( &op->o_req_ndn, &frontendDB->be_schemandn ) ) {
Debug( LDAP_DEBUG_ANY, "%s do_modrdn: subschema subentry: %s (%ld)\n",
op->o_log_prefix, frontendDB->be_schemandn.bv_val, (long)frontendDB->be_schemandn.bv_len );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"cannot rename subschema subentry" );
goto cleanup;
}
if( op->orr_nnewSup ) {
dest_pndn = *op->orr_nnewSup;
} else {
dnParent( &op->o_req_ndn, &dest_pndn );
}
build_new_dn( &dest_ndn, &dest_pndn, &op->orr_nnewrdn, op->o_tmpmemctx );
diff = (ber_slen_t) dest_ndn.bv_len - (ber_slen_t) op->o_req_ndn.bv_len;
if ( diff > 0 ? dnIsSuffix( &dest_ndn, &op->o_req_ndn )
: diff < 0 && dnIsSuffix( &op->o_req_ndn, &dest_ndn ) )
{
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
diff > 0 ? "cannot place an entry below itself"
: "cannot place an entry above itself" );
goto cleanup;
}
/*
* We could be serving multiple database backends. Select the
* appropriate one, or send a referral to our "referral server"
* if we don't hold it.
*/
op->o_bd = select_backend( &op->o_req_ndn, 1 );
if ( op->o_bd == NULL ) {
op->o_bd = bd;
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
if (!rs->sr_ref) rs->sr_ref = default_referral;
if ( rs->sr_ref != NULL ) {
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
if (rs->sr_ref != default_referral) ber_bvarray_free( rs->sr_ref );
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"no global superior knowledge" );
}
goto cleanup;
}
/* If we've got a glued backend, check the real backend */
op_be = op->o_bd;
if ( SLAP_GLUE_INSTANCE( op->o_bd )) {
op->o_bd = select_backend( &op->o_req_ndn, 0 );
}
/* check restrictions */
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
/* check for referrals */
if ( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) {
goto cleanup;
}
/* check that destination DN is in the same backend as source DN */
if ( select_backend( &dest_ndn, 0 ) != op->o_bd ) {
send_ldap_error( op, rs, LDAP_AFFECTS_MULTIPLE_DSAS,
"cannot rename between DSAs" );
goto cleanup;
}
/*
* do the modrdn if 1 && (2 || 3)
* 1) there is a modrdn function implemented in this backend;
* 2) this backend is master for what it holds;
* 3) it's a replica and the dn supplied is the update_ndn.
*/
if ( op->o_bd->be_modrdn ) {
/* do the update here */
int repl_user = be_isupdate( op );
if ( !SLAP_SINGLE_SHADOW(op->o_bd) || repl_user )
{
op->o_bd = op_be;
op->o_bd->be_modrdn( op, rs );
if ( op->o_bd->be_delete ) {
struct berval org_req_dn = BER_BVNULL;
struct berval org_req_ndn = BER_BVNULL;
struct berval org_dn = BER_BVNULL;
struct berval org_ndn = BER_BVNULL;
int org_managedsait;
org_req_dn = op->o_req_dn;
org_req_ndn = op->o_req_ndn;
org_dn = op->o_dn;
org_ndn = op->o_ndn;
org_managedsait = get_manageDSAit( op );
op->o_dn = op->o_bd->be_rootdn;
op->o_ndn = op->o_bd->be_rootndn;
op->o_managedsait = SLAP_CONTROL_NONCRITICAL;
while ( rs->sr_err == LDAP_SUCCESS &&
op->o_delete_glue_parent ) {
op->o_delete_glue_parent = 0;
if ( !be_issuffix( op->o_bd, &op->o_req_ndn )) {
slap_callback cb = { NULL };
cb.sc_response = slap_null_cb;
dnParent( &op->o_req_ndn, &pdn );
op->o_req_dn = pdn;
op->o_req_ndn = pdn;
op->o_callback = &cb;
op->o_bd->be_delete( op, rs );
} else {
break;
}
}
op->o_managedsait = org_managedsait;
op->o_dn = org_dn;
op->o_ndn = org_ndn;
op->o_req_dn = org_req_dn;
op->o_req_ndn = org_req_ndn;
op->o_delete_glue_parent = 0;
}
} else {
BerVarray defref = op->o_bd->be_update_refs
? op->o_bd->be_update_refs : default_referral;
if ( defref != NULL ) {
rs->sr_ref = referral_rewrite( defref,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
if (!rs->sr_ref) rs->sr_ref = defref;
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
if (rs->sr_ref != defref) ber_bvarray_free( rs->sr_ref );
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"shadow context; no update referral" );
}
}
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported within namingContext" );
}
cleanup:;
if ( dest_ndn.bv_val != NULL )
ber_memfree_x( dest_ndn.bv_val, op->o_tmpmemctx );
op->o_bd = bd;
return rs->sr_err;
}
int
fe_extended( Operation *op, SlapReply *rs )
{
struct extop_list *ext = NULL;
struct berval reqdata = BER_BVNULL;
if (op->ore_reqdata) {
reqdata = *op->ore_reqdata;
}
ext = find_extop(supp_ext_list, &op->ore_reqoid );
if ( ext == NULL ) {
Debug( LDAP_DEBUG_ANY, "%s do_extended: unsupported operation \"%s\"\n",
op->o_log_prefix, op->ore_reqoid.bv_val, 0 );
send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR,
"unsupported extended operation" );
goto done;
}
op->ore_flags = ext->flags;
Debug( LDAP_DEBUG_ARGS, "do_extended: oid=%s\n",
op->ore_reqoid.bv_val, 0 ,0 );
{ /* start of OpenLDAP extended operation */
BackendDB *bd = op->o_bd;
rs->sr_err = (ext->ext_main)( op, rs );
if( rs->sr_err != SLAPD_ABANDON ) {
if ( rs->sr_err == LDAP_REFERRAL && rs->sr_ref == NULL ) {
rs->sr_ref = referral_rewrite( default_referral,
NULL, NULL, LDAP_SCOPE_DEFAULT );
if ( !rs->sr_ref ) rs->sr_ref = default_referral;
if ( !rs->sr_ref ) {
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
rs->sr_text = "referral missing";
}
}
if ( op->o_bd == NULL )
op->o_bd = bd;
send_ldap_extended( op, rs );
if ( rs->sr_ref != default_referral ) {
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
}
}
if ( rs->sr_rspoid != NULL ) {
free( (char *)rs->sr_rspoid );
rs->sr_rspoid = NULL;
}
if ( rs->sr_rspdata != NULL ) {
ber_bvfree( rs->sr_rspdata );
rs->sr_rspdata = NULL;
}
} /* end of OpenLDAP extended operation */
done:;
return rs->sr_err;
}
int
ldbm_back_bind(
Backend *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn,
int method,
struct berval *cred,
struct berval *edn
)
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
Entry *e;
Attribute *a;
int rc;
Entry *matched;
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
char krbname[MAX_K_NAME_SZ + 1];
AttributeDescription *krbattr = slap_schema.si_ad_krbName;
AUTH_DAT ad;
#endif
AttributeDescription *password = slap_schema.si_ad_userPassword;
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ENTRY,
"ldbm_back_bind: dn: %s.\n", dn->bv_val, 0, 0 );
#else
Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_bind: dn: %s\n", dn->bv_val, 0, 0);
#endif
dn = ndn;
/* grab giant lock for reading */
ldap_pvt_thread_rdwr_rlock(&li->li_giant_rwlock);
/* get entry with reader lock */
if ( (e = dn2entry_r( be, dn, &matched )) == NULL ) {
char *matched_dn = NULL;
BerVarray refs = NULL;
if( matched != NULL ) {
matched_dn = ch_strdup( matched->e_dn );
refs = is_entry_referral( matched )
? get_entry_referrals( be, conn, op, matched )
: NULL;
cache_return_entry_r( &li->li_cache, matched );
} else {
refs = referral_rewrite( default_referral,
NULL, dn, LDAP_SCOPE_DEFAULT );
}
ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
/* allow noauth binds */
rc = 1;
if ( method == LDAP_AUTH_SIMPLE ) {
if ( be_isroot_pw( be, conn, dn, cred ) ) {
ber_dupbv( edn, be_root_dn( be ) );
rc = 0; /* front end will send result */
} else if ( refs != NULL ) {
send_ldap_result( conn, op, LDAP_REFERRAL,
matched_dn, NULL, refs, NULL );
} else {
send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
NULL, NULL, NULL, NULL );
}
} else if ( refs != NULL ) {
send_ldap_result( conn, op, LDAP_REFERRAL,
matched_dn, NULL, refs, NULL );
} else {
send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
NULL, NULL, NULL, NULL );
}
if ( refs ) ber_bvarray_free( refs );
if ( matched_dn ) free( matched_dn );
return( rc );
}
ber_dupbv( edn, &e->e_name );
/* check for deleted */
if ( is_entry_alias( e ) ) {
/* entry is an alias, don't allow bind */
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, INFO,
"ldbm_back_bind: entry (%s) is an alias.\n", e->e_dn, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0,
0, 0 );
#endif
send_ldap_result( conn, op, LDAP_ALIAS_PROBLEM,
NULL, "entry is alias", NULL, NULL );
rc = 1;
goto return_results;
}
if ( is_entry_referral( e ) ) {
/* entry is a referral, don't allow bind */
BerVarray refs = get_entry_referrals( be,
conn, op, e );
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, INFO,
"ldbm_back_bind: entry(%s) is a referral.\n", e->e_dn, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0,
0, 0 );
#endif
if( refs != NULL ) {
send_ldap_result( conn, op, LDAP_REFERRAL,
e->e_dn, NULL, refs, NULL );
} else {
send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
NULL, NULL, NULL, NULL );
}
ber_bvarray_free( refs );
rc = 1;
goto return_results;
}
switch ( method ) {
case LDAP_AUTH_SIMPLE:
/* check for root dn/passwd */
if ( be_isroot_pw( be, conn, dn, cred ) ) {
/* front end will send result */
if(edn->bv_val != NULL) free( edn->bv_val );
ber_dupbv( edn, be_root_dn( be ) );
rc = 0;
goto return_results;
}
if ( ! access_allowed( be, conn, op, e,
password, NULL, ACL_AUTH, NULL ) )
{
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
NULL, NULL, NULL, NULL );
rc = 1;
goto return_results;
}
if ( (a = attr_find( e->e_attrs, password )) == NULL ) {
send_ldap_result( conn, op, LDAP_INAPPROPRIATE_AUTH,
NULL, NULL, NULL, NULL );
/* stop front end from sending result */
rc = 1;
goto return_results;
}
if ( slap_passwd_check( conn, a, cred ) != 0 ) {
send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
NULL, NULL, NULL, NULL );
/* stop front end from sending result */
rc = 1;
goto return_results;
}
rc = 0;
break;
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
case LDAP_AUTH_KRBV41:
if ( krbv4_ldap_auth( be, cred, &ad ) != LDAP_SUCCESS ) {
send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
NULL, NULL, NULL, NULL );
rc = 1;
goto return_results;
}
if ( ! access_allowed( be, conn, op, e,
krbattr, NULL, ACL_AUTH, NULL ) )
{
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
NULL, NULL, NULL, NULL );
rc = 1;
goto return_results;
}
sprintf( krbname, "%s%s%s@%s", ad.pname, *ad.pinst ? "."
: "", ad.pinst, ad.prealm );
if ( (a = attr_find( e->e_attrs, krbattr )) == NULL ) {
/*
* no krbname values present: check against DN
*/
if ( strcasecmp( dn->bv_val, krbname ) == 0 ) {
rc = 0;
break;
}
send_ldap_result( conn, op, LDAP_INAPPROPRIATE_AUTH,
NULL, NULL, NULL, NULL );
rc = 1;
goto return_results;
} else { /* look for krbname match */
struct berval krbval;
krbval.bv_val = krbname;
krbval.bv_len = strlen( krbname );
if ( value_find( a->a_desc, a->a_vals, &krbval ) != 0 ) {
send_ldap_result( conn, op,
LDAP_INVALID_CREDENTIALS,
NULL, NULL, NULL, NULL );
rc = 1;
goto return_results;
}
}
rc = 0;
break;
case LDAP_AUTH_KRBV42:
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
NULL, "Kerberos bind step 2 not supported",
NULL, NULL );
/* stop front end from sending result */
rc = LDAP_UNWILLING_TO_PERFORM;
goto return_results;
#endif
default:
send_ldap_result( conn, op, LDAP_STRONG_AUTH_NOT_SUPPORTED,
NULL, "authentication method not supported", NULL, NULL );
rc = 1;
goto return_results;
}
return_results:;
/* free entry and reader lock */
cache_return_entry_r( &li->li_cache, e );
ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
/* front end will send result on success (rc==0) */
return( rc );
}
int
mdb_referrals( Operation *op, SlapReply *rs )
{
struct mdb_info *mdb = (struct mdb_info *) op->o_bd->be_private;
Entry *e = NULL;
int rc = LDAP_SUCCESS;
MDB_txn *rtxn;
mdb_op_info opinfo = {0}, *moi = &opinfo;
if( op->o_tag == LDAP_REQ_SEARCH ) {
/* let search take care of itself */
return rc;
}
if( get_manageDSAit( op ) ) {
/* let op take care of DSA management */
return rc;
}
rc = mdb_opinfo_get(op, mdb, 1, &moi);
switch(rc) {
case 0:
break;
default:
return LDAP_OTHER;
}
rtxn = moi->moi_txn;
/* get entry */
rc = mdb_dn2entry( op, rtxn, &op->o_req_ndn, &e, 1 );
switch(rc) {
case MDB_NOTFOUND:
case 0:
break;
case LDAP_BUSY:
rs->sr_text = "ldap server busy";
goto done;
default:
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_referrals)
": dn2entry failed: %s (%d)\n",
mdb_strerror(rc), rc, 0 );
rs->sr_text = "internal error";
rc = LDAP_OTHER;
goto done;
}
if ( rc == MDB_NOTFOUND ) {
rc = LDAP_SUCCESS;
rs->sr_matched = NULL;
if ( e != NULL ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_referrals)
": tag=%lu target=\"%s\" matched=\"%s\"\n",
(unsigned long)op->o_tag, op->o_req_dn.bv_val, e->e_name.bv_val );
if( is_entry_referral( e ) ) {
BerVarray ref = get_entry_referrals( op, e );
rc = LDAP_OTHER;
rs->sr_ref = referral_rewrite( ref, &e->e_name,
&op->o_req_dn, LDAP_SCOPE_DEFAULT );
ber_bvarray_free( ref );
if ( rs->sr_ref ) {
rs->sr_matched = ber_strdup_x(
e->e_name.bv_val, op->o_tmpmemctx );
}
}
mdb_entry_return( op, e );
e = NULL;
}
if( rs->sr_ref != NULL ) {
/* send referrals */
rc = rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
} else if ( rc != LDAP_SUCCESS ) {
rs->sr_text = rs->sr_matched ? "bad referral object" : NULL;
}
if (rs->sr_matched) {
op->o_tmpfree( (char *)rs->sr_matched, op->o_tmpmemctx );
rs->sr_matched = NULL;
}
goto done;
}
if ( is_entry_referral( e ) ) {
/* entry is a referral */
BerVarray refs = get_entry_referrals( op, e );
rs->sr_ref = referral_rewrite(
refs, &e->e_name, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_referrals)
": tag=%lu target=\"%s\" matched=\"%s\"\n",
(unsigned long)op->o_tag, op->o_req_dn.bv_val, e->e_name.bv_val );
rs->sr_matched = e->e_name.bv_val;
if( rs->sr_ref != NULL ) {
rc = rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
} else {
rc = LDAP_OTHER;
rs->sr_text = "bad referral object";
}
rs->sr_matched = NULL;
ber_bvarray_free( refs );
}
done:
if ( moi == &opinfo ) {
mdb_txn_reset( moi->moi_txn );
LDAP_SLIST_REMOVE( &op->o_extra, &moi->moi_oe, OpExtra, oe_next );
}
if ( e )
mdb_entry_return( op, e );
return rc;
}
int
do_add( Connection *conn, Operation *op )
{
BerElement *ber = op->o_ber;
char *last;
struct berval dn = { 0, NULL };
ber_len_t len;
ber_tag_t tag;
Entry *e;
Backend *be;
Modifications *modlist = NULL;
Modifications **modtail = &modlist;
Modifications tmp;
const char *text;
int rc = LDAP_SUCCESS;
int manageDSAit;
#ifdef LDAP_SLAPI
Slapi_PBlock *pb = NULL;
#endif /* LDAP_SLAPI */
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ENTRY, "do_add: conn %d enter\n", conn->c_connid,0,0 );
#else
Debug( LDAP_DEBUG_TRACE, "do_add\n", 0, 0, 0 );
#endif
/*
* Parse the add request. It looks like this:
*
* AddRequest := [APPLICATION 14] SEQUENCE {
* name DistinguishedName,
* attrs SEQUENCE OF SEQUENCE {
* type AttributeType,
* values SET OF AttributeValue
* }
* }
*/
/* get the name */
if ( ber_scanf( ber, "{m", /*}*/ &dn ) == LBER_ERROR ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ERR,
"do_add: conn %d ber_scanf failed\n", conn->c_connid,0,0 );
#else
Debug( LDAP_DEBUG_ANY, "do_add: ber_scanf failed\n", 0, 0, 0 );
#endif
send_ldap_disconnect( conn, op,
LDAP_PROTOCOL_ERROR, "decoding error" );
return -1;
}
e = (Entry *) ch_calloc( 1, sizeof(Entry) );
rc = dnPrettyNormal( NULL, &dn, &e->e_name, &e->e_nname );
if( rc != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ERR,
"do_add: conn %d invalid dn (%s)\n", conn->c_connid, dn.bv_val, 0 );
#else
Debug( LDAP_DEBUG_ANY, "do_add: invalid dn (%s)\n", dn.bv_val, 0, 0 );
#endif
send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
"invalid DN", NULL, NULL );
goto done;
}
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ARGS,
"do_add: conn %d dn (%s)\n", conn->c_connid, e->e_dn, 0 );
#else
Debug( LDAP_DEBUG_ARGS, "do_add: dn (%s)\n", e->e_dn, 0, 0 );
#endif
/* get the attrs */
for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT;
tag = ber_next_element( ber, &len, last ) )
{
Modifications *mod;
ber_tag_t rtag;
rtag = ber_scanf( ber, "{m{W}}", &tmp.sml_type, &tmp.sml_bvalues );
if ( rtag == LBER_ERROR ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ERR,
"do_add: conn %d decoding error \n", conn->c_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY, "do_add: decoding error\n", 0, 0, 0 );
#endif
send_ldap_disconnect( conn, op,
LDAP_PROTOCOL_ERROR, "decoding error" );
rc = -1;
goto done;
}
if ( tmp.sml_bvalues == NULL ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
"do_add: conn %d no values for type %s\n",
conn->c_connid, tmp.sml_type.bv_val, 0 );
#else
Debug( LDAP_DEBUG_ANY, "no values for type %s\n",
tmp.sml_type.bv_val, 0, 0 );
#endif
send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
NULL, "no values for attribute type", NULL, NULL );
goto done;
}
mod = (Modifications *) ch_malloc( sizeof(Modifications) );
mod->sml_op = LDAP_MOD_ADD;
mod->sml_next = NULL;
mod->sml_desc = NULL;
mod->sml_type = tmp.sml_type;
mod->sml_bvalues = tmp.sml_bvalues;
*modtail = mod;
modtail = &mod->sml_next;
}
if ( ber_scanf( ber, /*{*/ "}") == LBER_ERROR ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ERR,
"do_add: conn %d ber_scanf failed\n", conn->c_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY, "do_add: ber_scanf failed\n", 0, 0, 0 );
#endif
send_ldap_disconnect( conn, op,
LDAP_PROTOCOL_ERROR, "decoding error" );
rc = -1;
goto done;
}
if( (rc = get_ctrls( conn, op, 1 )) != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
"do_add: conn %d get_ctrls failed\n", conn->c_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY, "do_add: get_ctrls failed\n", 0, 0, 0 );
#endif
goto done;
}
if ( modlist == NULL ) {
send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
NULL, "no attributes provided", NULL, NULL );
goto done;
}
Statslog( LDAP_DEBUG_STATS, "conn=%lu op=%lu ADD dn=\"%s\"\n",
op->o_connid, op->o_opid, e->e_dn, 0, 0 );
if( e->e_nname.bv_len == 0 ) {
/* protocolError may be a more appropriate error */
send_ldap_result( conn, op, rc = LDAP_ALREADY_EXISTS,
NULL, "root DSE already exists",
NULL, NULL );
goto done;
} else if ( bvmatch( &e->e_nname, &global_schemandn ) ) {
send_ldap_result( conn, op, rc = LDAP_ALREADY_EXISTS,
NULL, "subschema subentry already exists",
NULL, NULL );
goto done;
}
manageDSAit = get_manageDSAit( op );
/*
* We could be serving multiple database backends. Select the
* appropriate one, or send a referral to our "referral server"
* if we don't hold it.
*/
be = select_backend( &e->e_nname, manageDSAit, 0 );
if ( be == NULL ) {
BerVarray ref = referral_rewrite( default_referral,
NULL, &e->e_name, LDAP_SCOPE_DEFAULT );
if ( ref == NULL ) ref = default_referral;
if ( ref != NULL ) {
send_ldap_result( conn, op, rc = LDAP_REFERRAL,
NULL, NULL, ref, NULL );
if ( ref != default_referral ) ber_bvarray_free( ref );
} else {
send_ldap_result( conn, op,
rc = LDAP_UNWILLING_TO_PERFORM,
NULL, "referral missing", NULL, NULL );
}
goto done;
}
/* check restrictions */
rc = backend_check_restrictions( be, conn, op, NULL, &text ) ;
if( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
goto done;
}
/* check for referrals */
rc = backend_check_referrals( be, conn, op, &e->e_name, &e->e_nname );
if ( rc != LDAP_SUCCESS ) {
goto done;
}
#ifdef LDAP_SLAPI
pb = initAddPlugin( be, conn, op, &dn, e, manageDSAit );
#endif /* LDAP_SLAPI */
/*
* do the add if 1 && (2 || 3)
* 1) there is an add function implemented in this backend;
* 2) this backend is master for what it holds;
* 3) it's a replica and the dn supplied is the updatedn.
*/
if ( be->be_add ) {
/* do the update here */
int repl_user = be_isupdate(be, &op->o_ndn );
#ifndef SLAPD_MULTIMASTER
if ( !be->be_update_ndn.bv_len || repl_user )
#endif
{
int update = be->be_update_ndn.bv_len;
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof textbuf;
rc = slap_mods_check( modlist, update, &text,
textbuf, textlen );
if( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
goto done;
}
if ( !repl_user ) {
for( modtail = &modlist;
*modtail != NULL;
modtail = &(*modtail)->sml_next )
{
assert( (*modtail)->sml_op == LDAP_MOD_ADD );
assert( (*modtail)->sml_desc != NULL );
}
rc = slap_mods_opattrs( be, op, modlist, modtail, &text,
textbuf, textlen );
if( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
goto done;
}
}
rc = slap_mods2entry( modlist, &e, repl_user, &text,
textbuf, textlen );
if( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
goto done;
}
#ifdef LDAP_SLAPI
/*
* Call the preoperation plugin here, because the entry
* will actually contain something.
*/
rc = doPreAddPluginFNs( be, pb );
if ( rc != LDAP_SUCCESS ) {
/* plugin will have sent result */
goto done;
}
#endif /* LDAP_SLAPI */
if ( (*be->be_add)( be, conn, op, e ) == 0 ) {
#ifdef SLAPD_MULTIMASTER
if ( !repl_user )
#endif
{
replog( be, op, &e->e_name, &e->e_nname, e );
}
be_entry_release_w( be, conn, op, e );
e = NULL;
}
#ifndef SLAPD_MULTIMASTER
} else {
BerVarray defref;
BerVarray ref;
#ifdef LDAP_SLAPI
/*
* SLAPI_ADD_ENTRY will be empty, but this may be acceptable
* on replicas (for now, it involves the minimum code intrusion).
*/
rc = doPreAddPluginFNs( be, pb );
if ( rc != LDAP_SUCCESS ) {
/* plugin will have sent result */
goto done;
}
#endif /* LDAP_SLAPI */
defref = be->be_update_refs
? be->be_update_refs : default_referral;
if ( defref ) {
ref = referral_rewrite( defref,
NULL, &e->e_name, LDAP_SCOPE_DEFAULT );
send_ldap_result( conn, op, rc = LDAP_REFERRAL,
NULL, NULL,
ref ? ref : defref, NULL );
if ( ref ) ber_bvarray_free( ref );
} else {
send_ldap_result( conn, op,
rc = LDAP_UNWILLING_TO_PERFORM,
NULL, "referral missing",
NULL, NULL );
}
#endif /* SLAPD_MULTIMASTER */
}
} else {
#ifdef LDAP_SLAPI
rc = doPreAddPluginFNs( be, pb );
if ( rc != LDAP_SUCCESS ) {
/* plugin will have sent result */
goto done;
}
#endif
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
"do_add: conn %d no backend support\n", conn->c_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_ARGS, " do_add: no backend support\n", 0, 0, 0 );
#endif
send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
NULL, "operation not supported within namingContext", NULL, NULL );
}
#ifdef LDAP_SLAPI
doPostAddPluginFNs( be, pb );
#endif /* LDAP_SLAPI */
done:
if( modlist != NULL ) {
slap_mods_free( modlist );
}
if( e != NULL ) {
entry_free( e );
}
return rc;
}
int
ldbm_back_compare(
Backend *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn,
AttributeAssertion *ava
)
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
Entry *matched;
Entry *e;
Attribute *a;
int rc;
int manageDSAit = get_manageDSAit( op );
/* grab giant lock for reading */
ldap_pvt_thread_rdwr_rlock(&li->li_giant_rwlock);
/* get entry with reader lock */
if ( (e = dn2entry_r( be, ndn, &matched )) == NULL ) {
char *matched_dn = NULL;
BerVarray refs = NULL;
if ( matched != NULL ) {
matched_dn = ch_strdup( matched->e_dn );
refs = is_entry_referral( matched )
? get_entry_referrals( be, conn, op, matched )
: NULL;
cache_return_entry_r( &li->li_cache, matched );
} else {
refs = referral_rewrite( default_referral,
NULL, dn, LDAP_SCOPE_DEFAULT );
}
ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
send_ldap_result( conn, op, LDAP_REFERRAL,
matched_dn, NULL, refs, NULL );
if ( refs ) ber_bvarray_free( refs );
free( matched_dn );
return( 1 );
}
if (!manageDSAit && is_entry_referral( e ) ) {
/* entry is a referral, don't allow add */
BerVarray refs = get_entry_referrals( be,
conn, op, e );
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, INFO,
"ldbm_back_compare: entry (%s) is a referral.\n", e->e_dn, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0,
0, 0 );
#endif
send_ldap_result( conn, op, LDAP_REFERRAL,
e->e_dn, NULL, refs, NULL );
if (refs ) ber_bvarray_free( refs );
rc = 1;
goto return_results;
}
if ( ! access_allowed( be, conn, op, e,
ava->aa_desc, &ava->aa_value, ACL_COMPARE, NULL ) )
{
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
NULL, NULL, NULL, NULL );
rc = 1;
goto return_results;
}
rc = LDAP_NO_SUCH_ATTRIBUTE;
for(a = attrs_find( e->e_attrs, ava->aa_desc );
a != NULL;
a = attrs_find( a->a_next, ava->aa_desc ))
{
rc = LDAP_COMPARE_FALSE;
if ( value_find( ava->aa_desc, a->a_vals, &ava->aa_value ) == 0 ) {
rc = LDAP_COMPARE_TRUE;
break;
}
}
send_ldap_result( conn, op, rc,
NULL, NULL, NULL, NULL );
if( rc != LDAP_NO_SUCH_ATTRIBUTE ) {
rc = 0;
}
return_results:
;
cache_return_entry_r( &li->li_cache, e );
ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
return( rc );
}
/*
* selects the backend if not enforced at config;
* in case of failure, behaves based on err:
* -1 don't send result
* LDAP_SUCCESS don't send result; may send referral if dosend
* any valid error send as error result if dosend
*/
static BackendDB *
relay_back_select_backend( Operation *op, SlapReply *rs, slap_mask_t fail_mode )
{
relay_back_info *ri = (relay_back_info *)op->o_bd->be_private;
BackendDB *bd = ri->ri_bd;
int rc = ( fail_mode & RB_ERR_MASK );
if ( bd == NULL && !BER_BVISNULL( &op->o_req_ndn ) ) {
bd = select_backend( &op->o_req_ndn, 1 );
if ( bd == op->o_bd ) {
Debug( LDAP_DEBUG_ANY,
"%s: back-relay for DN=\"%s\" would call self.\n",
op->o_log_prefix, op->o_req_dn.bv_val, 0 );
if ( fail_mode & RB_ERR ) {
rs->sr_err = rc;
if ( fail_mode & RB_SEND ) {
send_ldap_result( op, rs );
}
}
return NULL;
}
}
if ( bd == NULL ) {
if ( ( fail_mode & RB_REFERRAL )
&& ( fail_mode & RB_SEND )
&& !BER_BVISNULL( &op->o_req_ndn )
&& default_referral )
{
rs->sr_err = LDAP_REFERRAL;
/* if we set sr_err to LDAP_REFERRAL,
* we must provide one */
rs->sr_ref = referral_rewrite(
default_referral,
NULL, &op->o_req_dn,
LDAP_SCOPE_DEFAULT );
if ( !rs->sr_ref ) {
rs->sr_ref = default_referral;
}
send_ldap_result( op, rs );
if ( rs->sr_ref != default_referral ) {
ber_bvarray_free( rs->sr_ref );
}
return NULL;
}
/* NOTE: err is LDAP_INVALID_CREDENTIALS for bind,
* LDAP_NO_SUCH_OBJECT for other operations.
* noSuchObject cannot be returned by bind */
rs->sr_err = rc;
if ( fail_mode & RB_SEND ) {
send_ldap_result( op, rs );
}
}
return bd;
}
int
mdb_delete( Operation *op, SlapReply *rs )
{
struct mdb_info *mdb = (struct mdb_info *) op->o_bd->be_private;
struct berval pdn = {0, NULL};
Entry *e = NULL;
Entry *p = NULL;
int manageDSAit = get_manageDSAit( op );
AttributeDescription *children = slap_schema.si_ad_children;
AttributeDescription *entry = slap_schema.si_ad_entry;
MDB_txn *txn = NULL;
MDB_cursor *mc;
mdb_op_info opinfo = {{{ 0 }}}, *moi = &opinfo;
LDAPControl **preread_ctrl = NULL;
LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
int num_ctrls = 0;
int parent_is_glue = 0;
int parent_is_leaf = 0;
#ifdef LDAP_X_TXN
int settle = 0;
#endif
Debug( LDAP_DEBUG_ARGS, "==> " LDAP_XSTRING(mdb_delete) ": %s\n",
op->o_req_dn.bv_val, 0, 0 );
#ifdef LDAP_X_TXN
if( op->o_txnSpec ) {
/* acquire connection lock */
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
if( op->o_conn->c_txn == CONN_TXN_INACTIVE ) {
rs->sr_text = "invalid transaction identifier";
rs->sr_err = LDAP_X_TXN_ID_INVALID;
goto txnReturn;
} else if( op->o_conn->c_txn == CONN_TXN_SETTLE ) {
settle=1;
goto txnReturn;
}
if( op->o_conn->c_txn_backend == NULL ) {
op->o_conn->c_txn_backend = op->o_bd;
} else if( op->o_conn->c_txn_backend != op->o_bd ) {
rs->sr_text = "transaction cannot span multiple database contexts";
rs->sr_err = LDAP_AFFECTS_MULTIPLE_DSAS;
goto txnReturn;
}
/* insert operation into transaction */
rs->sr_text = "transaction specified";
rs->sr_err = LDAP_X_TXN_SPECIFY_OKAY;
txnReturn:
/* release connection lock */
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
if( !settle ) {
send_ldap_result( op, rs );
return rs->sr_err;
}
}
#endif
ctrls[num_ctrls] = 0;
/* begin transaction */
rs->sr_err = mdb_opinfo_get( op, mdb, 0, &moi );
rs->sr_text = NULL;
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_delete) ": txn_begin failed: "
"%s (%d)\n", mdb_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
txn = moi->moi_txn;
/* allocate CSN */
if ( BER_BVISNULL( &op->o_csn ) ) {
struct berval csn;
char csnbuf[LDAP_PVT_CSNSTR_BUFSIZE];
csn.bv_val = csnbuf;
csn.bv_len = sizeof(csnbuf);
slap_get_csn( op, &csn, 1 );
}
if ( !be_issuffix( op->o_bd, &op->o_req_ndn ) ) {
dnParent( &op->o_req_ndn, &pdn );
}
rs->sr_err = mdb_cursor_open( txn, mdb->mi_dn2id, &mc );
if ( rs->sr_err ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
/* get parent */
rs->sr_err = mdb_dn2entry( op, txn, mc, &pdn, &p, NULL, 1 );
switch( rs->sr_err ) {
case 0:
case MDB_NOTFOUND:
break;
case LDAP_BUSY:
rs->sr_text = "ldap server busy";
goto return_results;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
if ( rs->sr_err == MDB_NOTFOUND ) {
Debug( LDAP_DEBUG_ARGS,
"<=- " LDAP_XSTRING(mdb_delete) ": no such object %s\n",
op->o_req_dn.bv_val, 0, 0);
if ( p && !BER_BVISEMPTY( &p->e_name )) {
rs->sr_matched = ch_strdup( p->e_name.bv_val );
if ( is_entry_referral( p )) {
BerVarray ref = get_entry_referrals( op, p );
rs->sr_ref = referral_rewrite( ref, &p->e_name,
&op->o_req_dn, LDAP_SCOPE_DEFAULT );
ber_bvarray_free( ref );
} else {
rs->sr_ref = NULL;
}
} else {
rs->sr_ref = referral_rewrite( default_referral, NULL,
&op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
if ( p ) {
mdb_entry_return( op, p );
p = NULL;
}
rs->sr_err = LDAP_REFERRAL;
rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
goto return_results;
}
/* get entry */
rs->sr_err = mdb_dn2entry( op, txn, mc, &op->o_req_ndn, &e, NULL, 0 );
switch( rs->sr_err ) {
case MDB_NOTFOUND:
e = p;
p = NULL;
case 0:
break;
case LDAP_BUSY:
rs->sr_text = "ldap server busy";
goto return_results;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
/* FIXME : dn2entry() should return non-glue entry */
if ( rs->sr_err == MDB_NOTFOUND || ( !manageDSAit && is_entry_glue( e ))) {
Debug( LDAP_DEBUG_ARGS,
"<=- " LDAP_XSTRING(mdb_delete) ": no such object %s\n",
op->o_req_dn.bv_val, 0, 0);
rs->sr_matched = ch_strdup( e->e_dn );
if ( is_entry_referral( e )) {
BerVarray ref = get_entry_referrals( op, e );
rs->sr_ref = referral_rewrite( ref, &e->e_name,
&op->o_req_dn, LDAP_SCOPE_DEFAULT );
ber_bvarray_free( ref );
} else {
rs->sr_ref = NULL;
}
mdb_entry_return( op, e );
e = NULL;
rs->sr_err = LDAP_REFERRAL;
rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
goto return_results;
}
if ( pdn.bv_len != 0 ) {
/* check parent for "children" acl */
rs->sr_err = access_allowed( op, p,
children, NULL, ACL_WDEL, NULL );
if ( !rs->sr_err ) {
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(mdb_delete) ": no write "
"access to parent\n", 0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to parent";
goto return_results;
}
} else {
/* no parent, must be root to delete */
if( ! be_isroot( op ) ) {
if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
|| be_shadow_update( op ) ) {
p = (Entry *)&slap_entry_root;
/* check parent for "children" acl */
rs->sr_err = access_allowed( op, p,
children, NULL, ACL_WDEL, NULL );
p = NULL;
if ( !rs->sr_err ) {
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(mdb_delete)
": no access to parent\n",
0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to parent";
goto return_results;
}
} else {
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(mdb_delete)
": no parent and not root\n", 0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
}
}
if ( get_assert( op ) &&
( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
{
rs->sr_err = LDAP_ASSERTION_FAILED;
goto return_results;
}
rs->sr_err = access_allowed( op, e,
entry, NULL, ACL_WDEL, NULL );
if ( !rs->sr_err ) {
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(mdb_delete) ": no write access "
"to entry\n", 0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to entry";
goto return_results;
}
if ( !manageDSAit && is_entry_referral( e ) ) {
/* entry is a referral, don't allow delete */
rs->sr_ref = get_entry_referrals( op, e );
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_delete) ": entry is referral\n",
0, 0, 0 );
rs->sr_err = LDAP_REFERRAL;
rs->sr_matched = ch_strdup( e->e_name.bv_val );
rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
goto return_results;
}
/* pre-read */
if( op->o_preread ) {
if( preread_ctrl == NULL ) {
preread_ctrl = &ctrls[num_ctrls++];
ctrls[num_ctrls] = NULL;
}
if( slap_read_controls( op, rs, e,
&slap_pre_read_bv, preread_ctrl ) )
{
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(mdb_delete) ": pre-read "
"failed!\n", 0, 0, 0 );
if ( op->o_preread & SLAP_CONTROL_CRITICAL ) {
/* FIXME: is it correct to abort
* operation if control fails? */
goto return_results;
}
}
}
rs->sr_text = NULL;
/* Can't do it if we have kids */
rs->sr_err = mdb_dn2id_children( op, txn, e );
if( rs->sr_err != MDB_NOTFOUND ) {
switch( rs->sr_err ) {
case 0:
Debug(LDAP_DEBUG_ARGS,
"<=- " LDAP_XSTRING(mdb_delete)
": non-leaf %s\n",
op->o_req_dn.bv_val, 0, 0);
rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF;
rs->sr_text = "subordinate objects must be deleted first";
break;
default:
Debug(LDAP_DEBUG_ARGS,
"<=- " LDAP_XSTRING(mdb_delete)
": has_children failed: %s (%d)\n",
mdb_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
}
goto return_results;
}
/* delete from dn2id */
rs->sr_err = mdb_dn2id_delete( op, mc, e->e_id, 1 );
mdb_cursor_close( mc );
if ( rs->sr_err != 0 ) {
Debug(LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(mdb_delete) ": dn2id failed: "
"%s (%d)\n", mdb_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_text = "DN index delete failed";
rs->sr_err = LDAP_OTHER;
goto return_results;
}
/* delete indices for old attributes */
rs->sr_err = mdb_index_entry_del( op, txn, e );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug(LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(mdb_delete) ": index failed: "
"%s (%d)\n", mdb_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_text = "entry index delete failed";
rs->sr_err = LDAP_OTHER;
goto return_results;
}
/* fixup delete CSN */
if ( !SLAP_SHADOW( op->o_bd )) {
struct berval vals[2];
assert( !BER_BVISNULL( &op->o_csn ) );
vals[0] = op->o_csn;
BER_BVZERO( &vals[1] );
rs->sr_err = mdb_index_values( op, txn, slap_schema.si_ad_entryCSN,
vals, 0, SLAP_INDEX_ADD_OP );
if ( rs->sr_err != LDAP_SUCCESS ) {
rs->sr_text = "entryCSN index update failed";
rs->sr_err = LDAP_OTHER;
goto return_results;
}
}
/* delete from id2entry */
rs->sr_err = mdb_id2entry_delete( op->o_bd, txn, e );
if ( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(mdb_delete) ": id2entry failed: "
"%s (%d)\n", mdb_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_text = "entry delete failed";
rs->sr_err = LDAP_OTHER;
goto return_results;
}
if ( pdn.bv_len != 0 ) {
parent_is_glue = is_entry_glue(p);
rs->sr_err = mdb_dn2id_children( op, txn, p );
if ( rs->sr_err != MDB_NOTFOUND ) {
switch( rs->sr_err ) {
case 0:
break;
default:
Debug(LDAP_DEBUG_ARGS,
"<=- " LDAP_XSTRING(mdb_delete)
": has_children failed: %s (%d)\n",
mdb_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
parent_is_leaf = 1;
}
mdb_entry_return( op, p );
p = NULL;
}
if( moi == &opinfo ) {
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.moi_oe, OpExtra, oe_next );
opinfo.moi_oe.oe_key = NULL;
if( op->o_noop ) {
mdb_txn_abort( txn );
rs->sr_err = LDAP_X_NO_OPERATION;
txn = NULL;
goto return_results;
} else {
rs->sr_err = mdb_txn_commit( txn );
}
txn = NULL;
}
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_ANY,
LDAP_XSTRING(mdb_delete) ": txn_%s failed: %s (%d)\n",
op->o_noop ? "abort (no-op)" : "commit",
mdb_strerror(rs->sr_err), rs->sr_err );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "commit failed";
goto return_results;
}
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_delete) ": deleted%s id=%08lx dn=\"%s\"\n",
op->o_noop ? " (no-op)" : "",
e->e_id, op->o_req_dn.bv_val );
rs->sr_err = LDAP_SUCCESS;
rs->sr_text = NULL;
if( num_ctrls ) rs->sr_ctrls = ctrls;
return_results:
if ( rs->sr_err == LDAP_SUCCESS && parent_is_glue && parent_is_leaf ) {
op->o_delete_glue_parent = 1;
}
if ( p != NULL ) {
mdb_entry_return( op, p );
}
/* free entry */
if( e != NULL ) {
mdb_entry_return( op, e );
}
if( moi == &opinfo ) {
if( txn != NULL ) {
mdb_txn_abort( txn );
}
if ( opinfo.moi_oe.oe_key ) {
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.moi_oe, OpExtra, oe_next );
}
} else {
moi->moi_ref--;
}
send_ldap_result( op, rs );
slap_graduate_commit_csn( op );
if( preread_ctrl != NULL && (*preread_ctrl) != NULL ) {
slap_sl_free( (*preread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
slap_sl_free( *preread_ctrl, op->o_tmpmemctx );
}
#if 0
if( rs->sr_err == LDAP_SUCCESS && mdb->bi_txn_cp_kbyte ) {
TXN_CHECKPOINT( mdb->bi_dbenv,
mdb->bi_txn_cp_kbyte, mdb->bi_txn_cp_min, 0 );
}
#endif
return rs->sr_err;
}
int
bdb_modify( Operation *op, SlapReply *rs )
{
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
Entry *e = NULL;
EntryInfo *ei = NULL;
int manageDSAit = get_manageDSAit( op );
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof textbuf;
DB_TXN *ltid = NULL, *lt2;
struct bdb_op_info opinfo = {{{ 0 }}};
Entry dummy = {0};
DB_LOCK lock;
int num_retries = 0;
LDAPControl **preread_ctrl = NULL;
LDAPControl **postread_ctrl = NULL;
LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
int num_ctrls = 0;
int rc;
Debug( LDAP_DEBUG_ARGS, LDAP_XSTRING(bdb_modify) ": %s\n",
op->o_req_dn.bv_val, 0, 0 );
#ifdef LDAP_X_TXN
if( op->o_txnSpec && txn_preop( op, rs ))
return rs->sr_err;
#endif
ctrls[num_ctrls] = NULL;
/* Don't touch the opattrs, if this is a contextCSN update
* initiated from updatedn */
if ( !be_isupdate(op) || !op->orm_modlist || op->orm_modlist->sml_next ||
op->orm_modlist->sml_desc != slap_schema.si_ad_contextCSN ) {
slap_mods_opattrs( op, &op->orm_modlist, 1 );
}
if( 0 ) {
retry: /* transaction retry */
if ( dummy.e_attrs ) {
attrs_free( dummy.e_attrs );
dummy.e_attrs = NULL;
}
if( e != NULL ) {
bdb_unlocked_cache_return_entry_w(&bdb->bi_cache, e);
e = NULL;
}
Debug(LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modify) ": retrying...\n", 0, 0, 0);
rs->sr_err = TXN_ABORT( ltid );
ltid = NULL;
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
opinfo.boi_oe.oe_key = NULL;
op->o_do_not_cache = opinfo.boi_acl_cache;
if( rs->sr_err != 0 ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
if ( op->o_abandon ) {
rs->sr_err = SLAPD_ABANDON;
goto return_results;
}
bdb_trans_backoff( ++num_retries );
}
/* begin transaction */
{
int tflags = bdb->bi_db_opflags;
if ( get_lazyCommit( op ))
tflags |= DB_TXN_NOSYNC;
rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, NULL, <id, tflags );
}
rs->sr_text = NULL;
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modify) ": txn_begin failed: "
"%s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_modify) ": txn1 id: %x\n",
ltid->id(ltid), 0, 0 );
opinfo.boi_oe.oe_key = bdb;
opinfo.boi_txn = ltid;
opinfo.boi_err = 0;
opinfo.boi_acl_cache = op->o_do_not_cache;
LDAP_SLIST_INSERT_HEAD( &op->o_extra, &opinfo.boi_oe, oe_next );
/* get entry or ancestor */
rs->sr_err = bdb_dn2entry( op, ltid, &op->o_req_ndn, &ei, 1,
&lock );
if ( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modify) ": dn2entry failed (%d)\n",
rs->sr_err, 0, 0 );
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
case DB_NOTFOUND:
break;
case LDAP_BUSY:
rs->sr_text = "ldap server busy";
goto return_results;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
}
e = ei->bei_e;
/* acquire and lock entry */
/* FIXME: dn2entry() should return non-glue entry */
if (( rs->sr_err == DB_NOTFOUND ) ||
( !manageDSAit && e && is_entry_glue( e )))
{
if ( e != NULL ) {
rs->sr_matched = ch_strdup( e->e_dn );
rs->sr_ref = is_entry_referral( e )
? get_entry_referrals( op, e )
: NULL;
bdb_unlocked_cache_return_entry_r (&bdb->bi_cache, e);
e = NULL;
} else {
rs->sr_ref = referral_rewrite( default_referral, NULL,
&op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
if ( rs->sr_ref != default_referral ) {
ber_bvarray_free( rs->sr_ref );
}
free( (char *)rs->sr_matched );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
goto done;
}
if ( !manageDSAit && is_entry_referral( e ) ) {
/* entry is a referral, don't allow modify */
rs->sr_ref = get_entry_referrals( op, e );
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modify) ": entry is referral\n",
0, 0, 0 );
rs->sr_err = LDAP_REFERRAL;
rs->sr_matched = e->e_name.bv_val;
send_ldap_result( op, rs );
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
goto done;
}
if ( get_assert( op ) &&
( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
{
rs->sr_err = LDAP_ASSERTION_FAILED;
goto return_results;
}
if( op->o_preread ) {
if( preread_ctrl == NULL ) {
preread_ctrl = &ctrls[num_ctrls++];
ctrls[num_ctrls] = NULL;
}
if ( slap_read_controls( op, rs, e,
&slap_pre_read_bv, preread_ctrl ) )
{
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_modify) ": pre-read "
"failed!\n", 0, 0, 0 );
if ( op->o_preread & SLAP_CONTROL_CRITICAL ) {
/* FIXME: is it correct to abort
* operation if control fails? */
goto return_results;
}
}
}
/* nested transaction */
rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, ltid, <2, bdb->bi_db_opflags );
rs->sr_text = NULL;
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modify) ": txn_begin(2) failed: " "%s (%d)\n",
db_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_modify) ": txn2 id: %x\n",
lt2->id(lt2), 0, 0 );
/* Modify the entry */
dummy = *e;
rs->sr_err = bdb_modify_internal( op, lt2, op->orm_modlist,
&dummy, &rs->sr_text, textbuf, textlen );
if( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modify) ": modify failed (%d)\n",
rs->sr_err, 0, 0 );
if ( (rs->sr_err == LDAP_INSUFFICIENT_ACCESS) && opinfo.boi_err ) {
rs->sr_err = opinfo.boi_err;
}
/* Only free attrs if they were dup'd. */
if ( dummy.e_attrs == e->e_attrs ) dummy.e_attrs = NULL;
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
goto return_results;
}
/* change the entry itself */
rs->sr_err = bdb_id2entry_update( op->o_bd, lt2, &dummy );
if ( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modify) ": id2entry update failed " "(%d)\n",
rs->sr_err, 0, 0 );
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
rs->sr_text = "entry update failed";
goto return_results;
}
if ( TXN_COMMIT( lt2, 0 ) != 0 ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "txn_commit(2) failed";
goto return_results;
}
if( op->o_postread ) {
if( postread_ctrl == NULL ) {
postread_ctrl = &ctrls[num_ctrls++];
ctrls[num_ctrls] = NULL;
}
if( slap_read_controls( op, rs, &dummy,
&slap_post_read_bv, postread_ctrl ) )
{
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_modify)
": post-read failed!\n", 0, 0, 0 );
if ( op->o_postread & SLAP_CONTROL_CRITICAL ) {
/* FIXME: is it correct to abort
* operation if control fails? */
goto return_results;
}
}
}
if( op->o_noop ) {
if ( ( rs->sr_err = TXN_ABORT( ltid ) ) != 0 ) {
rs->sr_text = "txn_abort (no-op) failed";
} else {
rs->sr_err = LDAP_X_NO_OPERATION;
ltid = NULL;
/* Only free attrs if they were dup'd. */
if ( dummy.e_attrs == e->e_attrs ) dummy.e_attrs = NULL;
goto return_results;
}
} else {
/* may have changed in bdb_modify_internal() */
e->e_ocflags = dummy.e_ocflags;
rc = bdb_cache_modify( bdb, e, dummy.e_attrs, ltid, &lock );
switch( rc ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
dummy.e_attrs = NULL;
rs->sr_err = TXN_COMMIT( ltid, 0 );
}
ltid = NULL;
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
opinfo.boi_oe.oe_key = NULL;
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modify) ": txn_%s failed: %s (%d)\n",
op->o_noop ? "abort (no-op)" : "commit",
db_strerror(rs->sr_err), rs->sr_err );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "commit failed";
goto return_results;
}
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modify) ": updated%s id=%08lx dn=\"%s\"\n",
op->o_noop ? " (no-op)" : "",
dummy.e_id, op->o_req_dn.bv_val );
rs->sr_err = LDAP_SUCCESS;
rs->sr_text = NULL;
if( num_ctrls ) rs->sr_ctrls = ctrls;
return_results:
if( dummy.e_attrs ) {
attrs_free( dummy.e_attrs );
}
send_ldap_result( op, rs );
if( rs->sr_err == LDAP_SUCCESS && bdb->bi_txn_cp_kbyte ) {
TXN_CHECKPOINT( bdb->bi_dbenv,
bdb->bi_txn_cp_kbyte, bdb->bi_txn_cp_min, 0 );
}
done:
slap_graduate_commit_csn( op );
if( ltid != NULL ) {
TXN_ABORT( ltid );
}
if ( opinfo.boi_oe.oe_key ) {
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
}
if( e != NULL ) {
bdb_unlocked_cache_return_entry_w (&bdb->bi_cache, e);
}
if( preread_ctrl != NULL && (*preread_ctrl) != NULL ) {
slap_sl_free( (*preread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
slap_sl_free( *preread_ctrl, op->o_tmpmemctx );
}
if( postread_ctrl != NULL && (*postread_ctrl) != NULL ) {
slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
slap_sl_free( *postread_ctrl, op->o_tmpmemctx );
}
rs->sr_text = NULL;
return rs->sr_err;
}
int
mdb_modify( Operation *op, SlapReply *rs )
{
struct mdb_info *mdb = (struct mdb_info *) op->o_bd->be_private;
Entry *e = NULL;
int manageDSAit = get_manageDSAit( op );
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof textbuf;
MDB_txn *txn = NULL;
mdb_op_info opinfo = {{{ 0 }}}, *moi = &opinfo;
Entry dummy = {0};
LDAPControl **preread_ctrl = NULL;
LDAPControl **postread_ctrl = NULL;
LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
int num_ctrls = 0;
#ifdef LDAP_X_TXN
int settle = 0;
#endif
Debug( LDAP_DEBUG_ARGS, LDAP_XSTRING(mdb_modify) ": %s\n",
op->o_req_dn.bv_val, 0, 0 );
#ifdef LDAP_X_TXN
if( op->o_txnSpec ) {
/* acquire connection lock */
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
if( op->o_conn->c_txn == CONN_TXN_INACTIVE ) {
rs->sr_text = "invalid transaction identifier";
rs->sr_err = LDAP_X_TXN_ID_INVALID;
goto txnReturn;
} else if( op->o_conn->c_txn == CONN_TXN_SETTLE ) {
settle=1;
goto txnReturn;
}
if( op->o_conn->c_txn_backend == NULL ) {
op->o_conn->c_txn_backend = op->o_bd;
} else if( op->o_conn->c_txn_backend != op->o_bd ) {
rs->sr_text = "transaction cannot span multiple database contexts";
rs->sr_err = LDAP_AFFECTS_MULTIPLE_DSAS;
goto txnReturn;
}
/* insert operation into transaction */
rs->sr_text = "transaction specified";
rs->sr_err = LDAP_X_TXN_SPECIFY_OKAY;
txnReturn:
/* release connection lock */
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
if( !settle ) {
send_ldap_result( op, rs );
return rs->sr_err;
}
}
#endif
ctrls[num_ctrls] = NULL;
/* Don't touch the opattrs, if this is a contextCSN update
* initiated from updatedn */
if ( !be_isupdate(op) || !op->orm_modlist || op->orm_modlist->sml_next ||
op->orm_modlist->sml_desc != slap_schema.si_ad_contextCSN ) {
slap_mods_opattrs( op, &op->orm_modlist, 1 );
}
/* begin transaction */
rs->sr_err = mdb_opinfo_get( op, mdb, 0, &moi );
rs->sr_text = NULL;
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_modify) ": txn_begin failed: "
"%s (%d)\n", mdb_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
txn = moi->moi_txn;
/* get entry or ancestor */
rs->sr_err = mdb_dn2entry( op, txn, NULL, &op->o_req_ndn, &e, 1 );
if ( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_modify) ": dn2entry failed (%d)\n",
rs->sr_err, 0, 0 );
switch( rs->sr_err ) {
case MDB_NOTFOUND:
break;
case LDAP_BUSY:
rs->sr_text = "ldap server busy";
goto return_results;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
}
/* acquire and lock entry */
/* FIXME: dn2entry() should return non-glue entry */
if (( rs->sr_err == MDB_NOTFOUND ) ||
( !manageDSAit && e && is_entry_glue( e )))
{
if ( e != NULL ) {
rs->sr_matched = ch_strdup( e->e_dn );
if ( is_entry_referral( e )) {
BerVarray ref = get_entry_referrals( op, e );
rs->sr_ref = referral_rewrite( ref, &e->e_name,
&op->o_req_dn, LDAP_SCOPE_DEFAULT );
ber_bvarray_free( ref );
} else {
rs->sr_ref = NULL;
}
mdb_entry_return( op, e );
e = NULL;
} else {
rs->sr_ref = referral_rewrite( default_referral, NULL,
&op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
goto done;
}
if ( !manageDSAit && is_entry_referral( e ) ) {
/* entry is a referral, don't allow modify */
rs->sr_ref = get_entry_referrals( op, e );
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_modify) ": entry is referral\n",
0, 0, 0 );
rs->sr_err = LDAP_REFERRAL;
rs->sr_matched = e->e_name.bv_val;
rs->sr_flags = REP_REF_MUSTBEFREED;
send_ldap_result( op, rs );
rs->sr_matched = NULL;
goto done;
}
if ( get_assert( op ) &&
( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
{
rs->sr_err = LDAP_ASSERTION_FAILED;
goto return_results;
}
if( op->o_preread ) {
if( preread_ctrl == NULL ) {
preread_ctrl = &ctrls[num_ctrls++];
ctrls[num_ctrls] = NULL;
}
if ( slap_read_controls( op, rs, e,
&slap_pre_read_bv, preread_ctrl ) )
{
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(mdb_modify) ": pre-read "
"failed!\n", 0, 0, 0 );
if ( op->o_preread & SLAP_CONTROL_CRITICAL ) {
/* FIXME: is it correct to abort
* operation if control fails? */
goto return_results;
}
}
}
/* Modify the entry */
dummy = *e;
rs->sr_err = mdb_modify_internal( op, txn, op->orm_modlist,
&dummy, &rs->sr_text, textbuf, textlen );
if( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_modify) ": modify failed (%d)\n",
rs->sr_err, 0, 0 );
/* Only free attrs if they were dup'd. */
if ( dummy.e_attrs == e->e_attrs ) dummy.e_attrs = NULL;
goto return_results;
}
/* change the entry itself */
rs->sr_err = mdb_id2entry_update( op, txn, NULL, &dummy );
if ( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_modify) ": id2entry update failed " "(%d)\n",
rs->sr_err, 0, 0 );
rs->sr_text = "entry update failed";
goto return_results;
}
if( op->o_postread ) {
if( postread_ctrl == NULL ) {
postread_ctrl = &ctrls[num_ctrls++];
ctrls[num_ctrls] = NULL;
}
if( slap_read_controls( op, rs, &dummy,
&slap_post_read_bv, postread_ctrl ) )
{
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(mdb_modify)
": post-read failed!\n", 0, 0, 0 );
if ( op->o_postread & SLAP_CONTROL_CRITICAL ) {
/* FIXME: is it correct to abort
* operation if control fails? */
goto return_results;
}
}
}
/* Only free attrs if they were dup'd. */
if ( dummy.e_attrs == e->e_attrs ) dummy.e_attrs = NULL;
if( moi == &opinfo ) {
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.moi_oe, OpExtra, oe_next );
opinfo.moi_oe.oe_key = NULL;
if( op->o_noop ) {
mdb_txn_abort( txn );
rs->sr_err = LDAP_X_NO_OPERATION;
txn = NULL;
goto return_results;
} else {
rs->sr_err = mdb_txn_commit( txn );
txn = NULL;
}
}
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_modify) ": txn_%s failed: %s (%d)\n",
op->o_noop ? "abort (no-op)" : "commit",
mdb_strerror(rs->sr_err), rs->sr_err );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "commit failed";
goto return_results;
}
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_modify) ": updated%s id=%08lx dn=\"%s\"\n",
op->o_noop ? " (no-op)" : "",
dummy.e_id, op->o_req_dn.bv_val );
rs->sr_err = LDAP_SUCCESS;
rs->sr_text = NULL;
if( num_ctrls ) rs->sr_ctrls = ctrls;
return_results:
if( dummy.e_attrs ) {
attrs_free( dummy.e_attrs );
}
send_ldap_result( op, rs );
#if 0
if( rs->sr_err == LDAP_SUCCESS && mdb->bi_txn_cp_kbyte ) {
TXN_CHECKPOINT( mdb->bi_dbenv,
mdb->bi_txn_cp_kbyte, mdb->bi_txn_cp_min, 0 );
}
#endif
done:
slap_graduate_commit_csn( op );
if( moi == &opinfo ) {
if( txn != NULL ) {
mdb_txn_abort( txn );
}
if ( opinfo.moi_oe.oe_key ) {
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.moi_oe, OpExtra, oe_next );
}
}
if( e != NULL ) {
mdb_entry_return( op, e );
}
if( preread_ctrl != NULL && (*preread_ctrl) != NULL ) {
slap_sl_free( (*preread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
slap_sl_free( *preread_ctrl, op->o_tmpmemctx );
}
if( postread_ctrl != NULL && (*postread_ctrl) != NULL ) {
slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
slap_sl_free( *postread_ctrl, op->o_tmpmemctx );
}
rs->sr_text = NULL;
return rs->sr_err;
}
int
mdb_add(Operation *op, SlapReply *rs )
{
struct mdb_info *mdb = (struct mdb_info *) op->o_bd->be_private;
struct berval pdn;
Entry *p = NULL, *oe = op->ora_e;
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof textbuf;
AttributeDescription *children = slap_schema.si_ad_children;
AttributeDescription *entry = slap_schema.si_ad_entry;
MDB_txn *txn = NULL;
MDB_cursor *mc = NULL;
MDB_cursor *mcd;
ID eid, pid = 0;
mdb_op_info opinfo = {{{ 0 }}}, *moi = &opinfo;
int subentry;
int numads = mdb->mi_numads;
int success;
LDAPControl **postread_ctrl = NULL;
LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
int num_ctrls = 0;
#ifdef LDAP_X_TXN
int settle = 0;
#endif
Debug(LDAP_DEBUG_ARGS, "==> " LDAP_XSTRING(mdb_add) ": %s\n",
op->ora_e->e_name.bv_val, 0, 0);
#ifdef LDAP_X_TXN
if( op->o_txnSpec ) {
/* acquire connection lock */
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
if( op->o_conn->c_txn == CONN_TXN_INACTIVE ) {
rs->sr_text = "invalid transaction identifier";
rs->sr_err = LDAP_X_TXN_ID_INVALID;
goto txnReturn;
} else if( op->o_conn->c_txn == CONN_TXN_SETTLE ) {
settle=1;
goto txnReturn;
}
if( op->o_conn->c_txn_backend == NULL ) {
op->o_conn->c_txn_backend = op->o_bd;
} else if( op->o_conn->c_txn_backend != op->o_bd ) {
rs->sr_text = "transaction cannot span multiple database contexts";
rs->sr_err = LDAP_AFFECTS_MULTIPLE_DSAS;
goto txnReturn;
}
/* insert operation into transaction */
rs->sr_text = "transaction specified";
rs->sr_err = LDAP_X_TXN_SPECIFY_OKAY;
txnReturn:
/* release connection lock */
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
if( !settle ) {
send_ldap_result( op, rs );
return rs->sr_err;
}
}
#endif
ctrls[num_ctrls] = 0;
/* check entry's schema */
rs->sr_err = entry_schema_check( op, op->ora_e, NULL,
get_relax(op), 1, NULL, &rs->sr_text, textbuf, textlen );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": entry failed schema check: "
"%s (%d)\n", rs->sr_text, rs->sr_err, 0 );
goto return_results;
}
/* begin transaction */
rs->sr_err = mdb_opinfo_get( op, mdb, 0, &moi );
rs->sr_text = NULL;
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": txn_begin failed: %s (%d)\n",
mdb_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
txn = moi->moi_txn;
/* add opattrs to shadow as well, only missing attrs will actually
* be added; helps compatibility with older OL versions */
rs->sr_err = slap_add_opattrs( op, &rs->sr_text, textbuf, textlen, 1 );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": entry failed op attrs add: "
"%s (%d)\n", rs->sr_text, rs->sr_err, 0 );
goto return_results;
}
if ( get_assert( op ) &&
( test_filter( op, op->ora_e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
{
rs->sr_err = LDAP_ASSERTION_FAILED;
goto return_results;
}
subentry = is_entry_subentry( op->ora_e );
/*
* Get the parent dn and see if the corresponding entry exists.
*/
if ( be_issuffix( op->o_bd, &op->ora_e->e_nname ) ) {
pdn = slap_empty_bv;
} else {
dnParent( &op->ora_e->e_nname, &pdn );
}
rs->sr_err = mdb_cursor_open( txn, mdb->mi_dn2id, &mcd );
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": mdb_cursor_open failed (%d)\n",
rs->sr_err, 0, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
/* get entry or parent */
rs->sr_err = mdb_dn2entry( op, txn, mcd, &op->ora_e->e_nname, &p, NULL, 1 );
switch( rs->sr_err ) {
case 0:
rs->sr_err = LDAP_ALREADY_EXISTS;
mdb_entry_return( op, p );
p = NULL;
goto return_results;
case MDB_NOTFOUND:
break;
case LDAP_BUSY:
rs->sr_text = "ldap server busy";
goto return_results;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
if ( !p )
p = (Entry *)&slap_entry_root;
if ( !bvmatch( &pdn, &p->e_nname ) ) {
rs->sr_matched = ber_strdup_x( p->e_name.bv_val,
op->o_tmpmemctx );
if ( p != (Entry *)&slap_entry_root && is_entry_referral( p )) {
BerVarray ref = get_entry_referrals( op, p );
rs->sr_ref = referral_rewrite( ref, &p->e_name,
&op->o_req_dn, LDAP_SCOPE_DEFAULT );
ber_bvarray_free( ref );
} else {
rs->sr_ref = NULL;
}
if ( p != (Entry *)&slap_entry_root )
mdb_entry_return( op, p );
p = NULL;
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": parent "
"does not exist\n", 0, 0, 0 );
rs->sr_err = LDAP_REFERRAL;
rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
goto return_results;
}
rs->sr_err = access_allowed( op, p,
children, NULL, ACL_WADD, NULL );
if ( ! rs->sr_err ) {
if ( p != (Entry *)&slap_entry_root )
mdb_entry_return( op, p );
p = NULL;
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": no write access to parent\n",
0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to parent";
goto return_results;;
}
if ( p != (Entry *)&slap_entry_root ) {
if ( is_entry_subentry( p ) ) {
mdb_entry_return( op, p );
p = NULL;
/* parent is a subentry, don't allow add */
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": parent is subentry\n",
0, 0, 0 );
rs->sr_err = LDAP_OBJECT_CLASS_VIOLATION;
rs->sr_text = "parent is a subentry";
goto return_results;;
}
if ( is_entry_alias( p ) ) {
mdb_entry_return( op, p );
p = NULL;
/* parent is an alias, don't allow add */
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": parent is alias\n",
0, 0, 0 );
rs->sr_err = LDAP_ALIAS_PROBLEM;
rs->sr_text = "parent is an alias";
goto return_results;;
}
if ( is_entry_referral( p ) ) {
BerVarray ref = get_entry_referrals( op, p );
/* parent is a referral, don't allow add */
rs->sr_matched = ber_strdup_x( p->e_name.bv_val,
op->o_tmpmemctx );
rs->sr_ref = referral_rewrite( ref, &p->e_name,
&op->o_req_dn, LDAP_SCOPE_DEFAULT );
ber_bvarray_free( ref );
mdb_entry_return( op, p );
p = NULL;
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": parent is referral\n",
0, 0, 0 );
rs->sr_err = LDAP_REFERRAL;
rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
goto return_results;
}
}
if ( subentry ) {
/* FIXME: */
/* parent must be an administrative point of the required kind */
}
/* free parent */
if ( p != (Entry *)&slap_entry_root ) {
pid = p->e_id;
if ( p->e_nname.bv_len ) {
struct berval ppdn;
/* ITS#5326: use parent's DN if differs from provided one */
dnParent( &op->ora_e->e_name, &ppdn );
if ( !dn_match( &p->e_name, &ppdn ) ) {
struct berval rdn;
struct berval newdn;
dnRdn( &op->ora_e->e_name, &rdn );
build_new_dn( &newdn, &p->e_name, &rdn, NULL );
if ( op->ora_e->e_name.bv_val != op->o_req_dn.bv_val )
ber_memfree( op->ora_e->e_name.bv_val );
op->ora_e->e_name = newdn;
/* FIXME: should check whether
* dnNormalize(newdn) == e->e_nname ... */
}
}
mdb_entry_return( op, p );
}
p = NULL;
rs->sr_err = access_allowed( op, op->ora_e,
entry, NULL, ACL_WADD, NULL );
if ( ! rs->sr_err ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": no write access to entry\n",
0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to entry";
goto return_results;;
}
/*
* Check ACL for attribute write access
*/
if (!acl_check_modlist(op, oe, op->ora_modlist)) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": no write access to attribute\n",
0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to attribute";
goto return_results;;
}
rs->sr_err = mdb_cursor_open( txn, mdb->mi_id2entry, &mc );
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": mdb_cursor_open failed (%d)\n",
rs->sr_err, 0, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
rs->sr_err = mdb_next_id( op->o_bd, mc, &eid );
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": next_id failed (%d)\n",
rs->sr_err, 0, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
op->ora_e->e_id = eid;
/* dn2id index */
rs->sr_err = mdb_dn2id_add( op, mcd, mcd, pid, 1, 1, op->ora_e );
mdb_cursor_close( mcd );
if ( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": dn2id_add failed: %s (%d)\n",
mdb_strerror(rs->sr_err), rs->sr_err, 0 );
switch( rs->sr_err ) {
case MDB_KEYEXIST:
rs->sr_err = LDAP_ALREADY_EXISTS;
break;
default:
rs->sr_err = LDAP_OTHER;
}
goto return_results;
}
/* attribute indexes */
rs->sr_err = mdb_index_entry_add( op, txn, op->ora_e );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": index_entry_add failed\n",
0, 0, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "index generation failed";
goto return_results;
}
/* id2entry index */
rs->sr_err = mdb_id2entry_add( op, txn, mc, op->ora_e );
if ( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": id2entry_add failed\n",
0, 0, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "entry store failed";
goto return_results;
}
/* post-read */
if( op->o_postread ) {
if( postread_ctrl == NULL ) {
postread_ctrl = &ctrls[num_ctrls++];
ctrls[num_ctrls] = NULL;
}
if ( slap_read_controls( op, rs, op->ora_e,
&slap_post_read_bv, postread_ctrl ) )
{
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(mdb_add) ": post-read "
"failed!\n", 0, 0, 0 );
if ( op->o_postread & SLAP_CONTROL_CRITICAL ) {
/* FIXME: is it correct to abort
* operation if control fails? */
goto return_results;
}
}
}
if ( moi == &opinfo ) {
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.moi_oe, OpExtra, oe_next );
opinfo.moi_oe.oe_key = NULL;
if ( op->o_noop ) {
mdb->mi_numads = numads;
mdb_txn_abort( txn );
rs->sr_err = LDAP_X_NO_OPERATION;
txn = NULL;
goto return_results;
}
rs->sr_err = mdb_txn_commit( txn );
txn = NULL;
if ( rs->sr_err != 0 ) {
mdb->mi_numads = numads;
rs->sr_text = "txn_commit failed";
Debug( LDAP_DEBUG_ANY,
LDAP_XSTRING(mdb_add) ": %s : %s (%d)\n",
rs->sr_text, mdb_strerror(rs->sr_err), rs->sr_err );
rs->sr_err = LDAP_OTHER;
goto return_results;
}
}
Debug(LDAP_DEBUG_TRACE,
LDAP_XSTRING(mdb_add) ": added%s id=%08lx dn=\"%s\"\n",
op->o_noop ? " (no-op)" : "",
op->ora_e->e_id, op->ora_e->e_dn );
rs->sr_text = NULL;
if( num_ctrls ) rs->sr_ctrls = ctrls;
return_results:
success = rs->sr_err;
send_ldap_result( op, rs );
if( moi == &opinfo ) {
if( txn != NULL ) {
mdb->mi_numads = numads;
mdb_txn_abort( txn );
}
if ( opinfo.moi_oe.oe_key ) {
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.moi_oe, OpExtra, oe_next );
}
} else {
moi->moi_ref--;
}
if( success == LDAP_SUCCESS ) {
#if 0
if ( mdb->bi_txn_cp_kbyte ) {
TXN_CHECKPOINT( mdb->bi_dbenv,
mdb->bi_txn_cp_kbyte, mdb->bi_txn_cp_min, 0 );
}
#endif
}
slap_graduate_commit_csn( op );
if( postread_ctrl != NULL && (*postread_ctrl) != NULL ) {
slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
slap_sl_free( *postread_ctrl, op->o_tmpmemctx );
}
return rs->sr_err;
}
int passwd_extop(
Connection *conn, Operation *op,
const char *reqoid,
struct berval *reqdata,
char **rspoid,
struct berval **rspdata,
LDAPControl ***rspctrls,
const char **text,
BerVarray *refs )
{
Backend *be;
int rc;
assert( reqoid != NULL );
assert( strcmp( LDAP_EXOP_MODIFY_PASSWD, reqoid ) == 0 );
if( op->o_dn.bv_len == 0 ) {
*text = "only authenticated users may change passwords";
return LDAP_STRONG_AUTH_REQUIRED;
}
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
be = conn->c_authz_backend;
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
if( be && !be->be_extended ) {
*text = "operation not supported for current user";
return LDAP_UNWILLING_TO_PERFORM;
}
{
struct berval passwd = BER_BVC( LDAP_EXOP_MODIFY_PASSWD );
rc = backend_check_restrictions( be, conn, op, &passwd, text );
}
if( rc != LDAP_SUCCESS ) {
return rc;
}
if( be == NULL ) {
#ifdef HAVE_CYRUS_SASL
rc = slap_sasl_setpass( conn, op,
reqoid, reqdata,
rspoid, rspdata, rspctrls,
text );
#else
*text = "no authz backend";
rc = LDAP_OTHER;
#endif
#ifndef SLAPD_MULTIMASTER
/* This does not apply to multi-master case */
} else if( be->be_update_ndn.bv_len ) {
/* we SHOULD return a referral in this case */
*refs = referral_rewrite( be->be_update_refs,
NULL, NULL, LDAP_SCOPE_DEFAULT );
rc = LDAP_REFERRAL;
#endif /* !SLAPD_MULTIMASTER */
} else {
rc = be->be_extended(
be, conn, op,
reqoid, reqdata,
rspoid, rspdata, rspctrls,
text, refs );
}
return rc;
}
int
bdb_referrals( Operation *op, SlapReply *rs )
{
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
Entry *e = NULL;
EntryInfo *ei;
int rc = LDAP_SUCCESS;
DB_TXN *rtxn;
DB_LOCK lock;
if( op->o_tag == LDAP_REQ_SEARCH ) {
/* let search take care of itself */
return rc;
}
if( get_manageDSAit( op ) ) {
/* let op take care of DSA management */
return rc;
}
rc = bdb_reader_get(op, bdb->bi_dbenv, &rtxn);
switch(rc) {
case 0:
break;
default:
return LDAP_OTHER;
}
dn2entry_retry:
/* get entry */
rc = bdb_dn2entry( op, rtxn, &op->o_req_ndn, &ei, 1, &lock );
/* bdb_dn2entry() may legally leave ei == NULL
* if rc != 0 and rc != DB_NOTFOUND
*/
if ( ei ) {
e = ei->bei_e;
}
switch(rc) {
case DB_NOTFOUND:
case 0:
break;
case LDAP_BUSY:
rs->sr_text = "ldap server busy";
return LDAP_BUSY;
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto dn2entry_retry;
default:
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_referrals)
": dn2entry failed: %s (%d)\n",
db_strerror(rc), rc, 0 );
rs->sr_text = "internal error";
return LDAP_OTHER;
}
if ( rc == DB_NOTFOUND ) {
rc = LDAP_SUCCESS;
rs->sr_matched = NULL;
if ( e != NULL ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_referrals)
": tag=%lu target=\"%s\" matched=\"%s\"\n",
(unsigned long)op->o_tag, op->o_req_dn.bv_val, e->e_name.bv_val );
if( is_entry_referral( e ) ) {
BerVarray ref = get_entry_referrals( op, e );
rc = LDAP_OTHER;
rs->sr_ref = referral_rewrite( ref, &e->e_name,
&op->o_req_dn, LDAP_SCOPE_DEFAULT );
ber_bvarray_free( ref );
if ( rs->sr_ref ) {
rs->sr_matched = ber_strdup_x(
e->e_name.bv_val, op->o_tmpmemctx );
}
}
bdb_cache_return_entry_r (bdb, e, &lock);
e = NULL;
}
if( rs->sr_ref != NULL ) {
/* send referrals */
rc = rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
} else if ( rc != LDAP_SUCCESS ) {
rs->sr_text = rs->sr_matched ? "bad referral object" : NULL;
}
if (rs->sr_matched) {
op->o_tmpfree( (char *)rs->sr_matched, op->o_tmpmemctx );
rs->sr_matched = NULL;
}
return rc;
}
if ( is_entry_referral( e ) ) {
/* entry is a referral */
BerVarray refs = get_entry_referrals( op, e );
rs->sr_ref = referral_rewrite(
refs, &e->e_name, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_referrals)
": tag=%lu target=\"%s\" matched=\"%s\"\n",
(unsigned long)op->o_tag, op->o_req_dn.bv_val, e->e_name.bv_val );
rs->sr_matched = e->e_name.bv_val;
if( rs->sr_ref != NULL ) {
rc = rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
} else {
rc = LDAP_OTHER;
rs->sr_text = "bad referral object";
}
rs->sr_matched = NULL;
ber_bvarray_free( refs );
}
bdb_cache_return_entry_r(bdb, e, &lock);
return rc;
}
int
fe_op_modify( Operation *op, SlapReply *rs )
{
BackendDB *op_be, *bd = op->o_bd;
char textbuf[ SLAP_TEXT_BUFLEN ];
size_t textlen = sizeof( textbuf );
if ( BER_BVISEMPTY( &op->o_req_ndn ) ) {
Debug( LDAP_DEBUG_ANY, "%s do_modify: root dse!\n",
op->o_log_prefix, 0, 0 );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"modify upon the root DSE not supported" );
goto cleanup;
} else if ( bvmatch( &op->o_req_ndn, &frontendDB->be_schemandn ) ) {
Debug( LDAP_DEBUG_ANY, "%s do_modify: subschema subentry!\n",
op->o_log_prefix, 0, 0 );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"modification of subschema subentry not supported" );
goto cleanup;
}
/*
* We could be serving multiple database backends. Select the
* appropriate one, or send a referral to our "referral server"
* if we don't hold it.
*/
op->o_bd = select_backend( &op->o_req_ndn, 1 );
if ( op->o_bd == NULL ) {
op->o_bd = bd;
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
if ( !rs->sr_ref ) {
rs->sr_ref = default_referral;
}
if ( rs->sr_ref != NULL ) {
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
if ( rs->sr_ref != default_referral ) {
ber_bvarray_free( rs->sr_ref );
}
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"no global superior knowledge" );
}
goto cleanup;
}
/* If we've got a glued backend, check the real backend */
op_be = op->o_bd;
if ( SLAP_GLUE_INSTANCE( op->o_bd )) {
op->o_bd = select_backend( &op->o_req_ndn, 0 );
}
/* check restrictions */
if ( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
/* check for referrals */
if ( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) {
goto cleanup;
}
rs->sr_err = slap_mods_obsolete_check( op, op->orm_modlist,
&rs->sr_text, textbuf, textlen );
if ( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
/* check for modify/increment support */
if ( op->orm_increment && !SLAP_INCREMENT( op->o_bd ) ) {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"modify/increment not supported in context" );
goto cleanup;
}
/*
* do the modify if 1 && (2 || 3)
* 1) there is a modify function implemented in this backend;
* 2) this backend is master for what it holds;
* 3) it's a replica and the dn supplied is the update_ndn.
*/
if ( op->o_bd->be_modify ) {
/* do the update here */
int repl_user = be_isupdate( op );
/*
* Multimaster slapd does not have to check for replicator dn
* because it accepts each modify request
*/
if ( !SLAP_SINGLE_SHADOW(op->o_bd) || repl_user ) {
int update = !BER_BVISEMPTY( &op->o_bd->be_update_ndn );
op->o_bd = op_be;
if ( !update ) {
rs->sr_err = slap_mods_no_user_mod_check( op, op->orm_modlist,
&rs->sr_text, textbuf, textlen );
if ( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
}
op->o_bd->be_modify( op, rs );
} else { /* send a referral */
BerVarray defref = op->o_bd->be_update_refs
? op->o_bd->be_update_refs : default_referral;
if ( defref != NULL ) {
rs->sr_ref = referral_rewrite( defref,
NULL, &op->o_req_dn,
LDAP_SCOPE_DEFAULT );
if ( rs->sr_ref == NULL ) {
/* FIXME: must duplicate, because
* overlays may muck with it */
rs->sr_ref = defref;
}
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
if ( rs->sr_ref != defref ) {
ber_bvarray_free( rs->sr_ref );
}
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"shadow context; no update referral" );
}
}
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported within namingContext" );
}
cleanup:;
op->o_bd = bd;
return rs->sr_err;
}
int
bdb_delete( Operation *op, SlapReply *rs )
{
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
Entry *matched = NULL;
struct berval pdn = {0, NULL};
Entry *e = NULL;
Entry *p = NULL;
EntryInfo *ei = NULL, *eip = NULL;
int manageDSAit = get_manageDSAit( op );
AttributeDescription *children = slap_schema.si_ad_children;
AttributeDescription *entry = slap_schema.si_ad_entry;
DB_TXN *ltid = NULL, *lt2;
struct bdb_op_info opinfo = {{{ 0 }}};
ID eid;
DB_LOCK lock, plock;
int num_retries = 0;
int rc;
LDAPControl **preread_ctrl = NULL;
LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
int num_ctrls = 0;
int parent_is_glue = 0;
int parent_is_leaf = 0;
#ifdef LDAP_X_TXN
int settle = 0;
#endif
Debug( LDAP_DEBUG_ARGS, "==> " LDAP_XSTRING(bdb_delete) ": %s\n",
op->o_req_dn.bv_val, 0, 0 );
#ifdef LDAP_X_TXN
if( op->o_txnSpec ) {
/* acquire connection lock */
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
if( op->o_conn->c_txn == CONN_TXN_INACTIVE ) {
rs->sr_text = "invalid transaction identifier";
rs->sr_err = LDAP_X_TXN_ID_INVALID;
goto txnReturn;
} else if( op->o_conn->c_txn == CONN_TXN_SETTLE ) {
settle=1;
goto txnReturn;
}
if( op->o_conn->c_txn_backend == NULL ) {
op->o_conn->c_txn_backend = op->o_bd;
} else if( op->o_conn->c_txn_backend != op->o_bd ) {
rs->sr_text = "transaction cannot span multiple database contexts";
rs->sr_err = LDAP_AFFECTS_MULTIPLE_DSAS;
goto txnReturn;
}
/* insert operation into transaction */
rs->sr_text = "transaction specified";
rs->sr_err = LDAP_X_TXN_SPECIFY_OKAY;
txnReturn:
/* release connection lock */
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
if( !settle ) {
send_ldap_result( op, rs );
return rs->sr_err;
}
}
#endif
ctrls[num_ctrls] = 0;
/* allocate CSN */
if ( BER_BVISNULL( &op->o_csn ) ) {
struct berval csn;
char csnbuf[LDAP_PVT_CSNSTR_BUFSIZE];
csn.bv_val = csnbuf;
csn.bv_len = sizeof(csnbuf);
slap_get_csn( op, &csn, 1 );
}
if( 0 ) {
retry: /* transaction retry */
if( e != NULL ) {
bdb_unlocked_cache_return_entry_w(&bdb->bi_cache, e);
e = NULL;
}
if( p != NULL ) {
bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, p);
p = NULL;
}
Debug( LDAP_DEBUG_TRACE,
"==> " LDAP_XSTRING(bdb_delete) ": retrying...\n",
0, 0, 0 );
rs->sr_err = TXN_ABORT( ltid );
ltid = NULL;
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
opinfo.boi_oe.oe_key = NULL;
op->o_do_not_cache = opinfo.boi_acl_cache;
if( rs->sr_err != 0 ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
if ( op->o_abandon ) {
rs->sr_err = SLAPD_ABANDON;
goto return_results;
}
parent_is_glue = 0;
parent_is_leaf = 0;
bdb_trans_backoff( ++num_retries );
}
/* begin transaction */
rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, NULL, <id,
bdb->bi_db_opflags );
rs->sr_text = NULL;
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_delete) ": txn_begin failed: "
"%s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
opinfo.boi_oe.oe_key = bdb;
opinfo.boi_txn = ltid;
opinfo.boi_err = 0;
opinfo.boi_acl_cache = op->o_do_not_cache;
LDAP_SLIST_INSERT_HEAD( &op->o_extra, &opinfo.boi_oe, oe_next );
if ( !be_issuffix( op->o_bd, &op->o_req_ndn ) ) {
dnParent( &op->o_req_ndn, &pdn );
}
/* get entry */
rs->sr_err = bdb_dn2entry( op, ltid, &op->o_req_ndn, &ei, 1,
&lock );
switch( rs->sr_err ) {
case 0:
case DB_NOTFOUND:
break;
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
case LDAP_BUSY:
rs->sr_text = "ldap server busy";
goto return_results;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
if ( rs->sr_err == 0 ) {
e = ei->bei_e;
eip = ei->bei_parent;
} else {
matched = ei->bei_e;
}
/* FIXME : dn2entry() should return non-glue entry */
if ( e == NULL || ( !manageDSAit && is_entry_glue( e ))) {
Debug( LDAP_DEBUG_ARGS,
"<=- " LDAP_XSTRING(bdb_delete) ": no such object %s\n",
op->o_req_dn.bv_val, 0, 0);
if ( matched != NULL ) {
rs->sr_matched = ch_strdup( matched->e_dn );
rs->sr_ref = is_entry_referral( matched )
? get_entry_referrals( op, matched )
: NULL;
bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, matched);
matched = NULL;
} else {
rs->sr_ref = referral_rewrite( default_referral, NULL,
&op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
rs->sr_err = LDAP_REFERRAL;
rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
goto return_results;
}
rc = bdb_cache_find_id( op, ltid, eip->bei_id, &eip, 0, &plock );
switch( rc ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
case 0:
case DB_NOTFOUND:
break;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
if ( eip ) p = eip->bei_e;
if ( pdn.bv_len != 0 ) {
if( p == NULL || !bvmatch( &pdn, &p->e_nname )) {
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_delete) ": parent "
"does not exist\n", 0, 0, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "could not locate parent of entry";
goto return_results;
}
/* check parent for "children" acl */
rs->sr_err = access_allowed( op, p,
children, NULL, ACL_WDEL, NULL );
if ( !rs->sr_err ) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_delete) ": no write "
"access to parent\n", 0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to parent";
goto return_results;
}
} else {
/* no parent, must be root to delete */
if( ! be_isroot( op ) ) {
if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
|| be_shadow_update( op ) ) {
p = (Entry *)&slap_entry_root;
/* check parent for "children" acl */
rs->sr_err = access_allowed( op, p,
children, NULL, ACL_WDEL, NULL );
p = NULL;
if ( !rs->sr_err ) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_delete)
": no access to parent\n",
0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to parent";
goto return_results;
}
} else {
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_delete)
": no parent and not root\n", 0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
}
}
if ( get_assert( op ) &&
( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
{
rs->sr_err = LDAP_ASSERTION_FAILED;
goto return_results;
}
rs->sr_err = access_allowed( op, e,
entry, NULL, ACL_WDEL, NULL );
if ( !rs->sr_err ) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_delete) ": no write access "
"to entry\n", 0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to entry";
goto return_results;
}
if ( !manageDSAit && is_entry_referral( e ) ) {
/* entry is a referral, don't allow delete */
rs->sr_ref = get_entry_referrals( op, e );
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_delete) ": entry is referral\n",
0, 0, 0 );
rs->sr_err = LDAP_REFERRAL;
rs->sr_matched = ch_strdup( e->e_name.bv_val );
rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
goto return_results;
}
/* pre-read */
if( op->o_preread ) {
if( preread_ctrl == NULL ) {
preread_ctrl = &ctrls[num_ctrls++];
ctrls[num_ctrls] = NULL;
}
if( slap_read_controls( op, rs, e,
&slap_pre_read_bv, preread_ctrl ) )
{
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_delete) ": pre-read "
"failed!\n", 0, 0, 0 );
if ( op->o_preread & SLAP_CONTROL_CRITICAL ) {
/* FIXME: is it correct to abort
* operation if control fails? */
goto return_results;
}
}
}
/* nested transaction */
rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, ltid, <2,
bdb->bi_db_opflags );
rs->sr_text = NULL;
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_delete) ": txn_begin(2) failed: "
"%s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
BDB_LOG_PRINTF( bdb->bi_dbenv, lt2, "slapd Starting delete %s(%d)",
e->e_nname.bv_val, e->e_id );
/* Can't do it if we have kids */
rs->sr_err = bdb_cache_children( op, lt2, e );
if( rs->sr_err != DB_NOTFOUND ) {
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
case 0:
Debug(LDAP_DEBUG_ARGS,
"<=- " LDAP_XSTRING(bdb_delete)
": non-leaf %s\n",
op->o_req_dn.bv_val, 0, 0);
rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF;
rs->sr_text = "subordinate objects must be deleted first";
break;
default:
Debug(LDAP_DEBUG_ARGS,
"<=- " LDAP_XSTRING(bdb_delete)
": has_children failed: %s (%d)\n",
db_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
}
goto return_results;
}
/* delete from dn2id */
rs->sr_err = bdb_dn2id_delete( op, lt2, eip, e );
if ( rs->sr_err != 0 ) {
Debug(LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_delete) ": dn2id failed: "
"%s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 );
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
rs->sr_text = "DN index delete failed";
rs->sr_err = LDAP_OTHER;
goto return_results;
}
/* delete indices for old attributes */
rs->sr_err = bdb_index_entry_del( op, lt2, e );
if ( rs->sr_err != LDAP_SUCCESS ) {
Debug(LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_delete) ": index failed: "
"%s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 );
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
rs->sr_text = "entry index delete failed";
rs->sr_err = LDAP_OTHER;
goto return_results;
}
/* fixup delete CSN */
if ( !SLAP_SHADOW( op->o_bd )) {
struct berval vals[2];
assert( !BER_BVISNULL( &op->o_csn ) );
vals[0] = op->o_csn;
BER_BVZERO( &vals[1] );
rs->sr_err = bdb_index_values( op, lt2, slap_schema.si_ad_entryCSN,
vals, 0, SLAP_INDEX_ADD_OP );
if ( rs->sr_err != LDAP_SUCCESS ) {
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
rs->sr_text = "entryCSN index update failed";
rs->sr_err = LDAP_OTHER;
goto return_results;
}
}
/* delete from id2entry */
rs->sr_err = bdb_id2entry_delete( op->o_bd, lt2, e );
if ( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_delete) ": id2entry failed: "
"%s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 );
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
rs->sr_text = "entry delete failed";
rs->sr_err = LDAP_OTHER;
goto return_results;
}
if ( pdn.bv_len != 0 ) {
parent_is_glue = is_entry_glue(p);
rs->sr_err = bdb_cache_children( op, lt2, p );
if ( rs->sr_err != DB_NOTFOUND ) {
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
case 0:
break;
default:
Debug(LDAP_DEBUG_ARGS,
"<=- " LDAP_XSTRING(bdb_delete)
": has_children failed: %s (%d)\n",
db_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
parent_is_leaf = 1;
}
bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, p);
p = NULL;
}
BDB_LOG_PRINTF( bdb->bi_dbenv, lt2, "slapd Commit1 delete %s(%d)",
e->e_nname.bv_val, e->e_id );
if ( TXN_COMMIT( lt2, 0 ) != 0 ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "txn_commit(2) failed";
goto return_results;
}
eid = e->e_id;
#if 0 /* Do we want to reclaim deleted IDs? */
ldap_pvt_thread_mutex_lock( &bdb->bi_lastid_mutex );
if ( e->e_id == bdb->bi_lastid ) {
bdb_last_id( op->o_bd, ltid );
}
ldap_pvt_thread_mutex_unlock( &bdb->bi_lastid_mutex );
#endif
if( op->o_noop ) {
if ( ( rs->sr_err = TXN_ABORT( ltid ) ) != 0 ) {
rs->sr_text = "txn_abort (no-op) failed";
} else {
rs->sr_err = LDAP_X_NO_OPERATION;
ltid = NULL;
goto return_results;
}
} else {
BDB_LOG_PRINTF( bdb->bi_dbenv, ltid, "slapd Cache delete %s(%d)",
e->e_nname.bv_val, e->e_id );
rc = bdb_cache_delete( bdb, e, ltid, &lock );
switch( rc ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
rs->sr_err = TXN_COMMIT( ltid, 0 );
}
ltid = NULL;
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
opinfo.boi_oe.oe_key = NULL;
BDB_LOG_PRINTF( bdb->bi_dbenv, NULL, "slapd Committed delete %s(%d)",
e->e_nname.bv_val, e->e_id );
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_delete) ": txn_%s failed: %s (%d)\n",
op->o_noop ? "abort (no-op)" : "commit",
db_strerror(rs->sr_err), rs->sr_err );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "commit failed";
goto return_results;
}
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_delete) ": deleted%s id=%08lx dn=\"%s\"\n",
op->o_noop ? " (no-op)" : "",
eid, op->o_req_dn.bv_val );
rs->sr_err = LDAP_SUCCESS;
rs->sr_text = NULL;
if( num_ctrls ) rs->sr_ctrls = ctrls;
return_results:
if ( rs->sr_err == LDAP_SUCCESS && parent_is_glue && parent_is_leaf ) {
op->o_delete_glue_parent = 1;
}
if ( p )
bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, p);
/* free entry */
if( e != NULL ) {
if ( rs->sr_err == LDAP_SUCCESS ) {
/* Free the EntryInfo and the Entry */
bdb_cache_entryinfo_lock( BEI(e) );
bdb_cache_delete_cleanup( &bdb->bi_cache, BEI(e) );
} else {
bdb_unlocked_cache_return_entry_w(&bdb->bi_cache, e);
}
}
if( ltid != NULL ) {
TXN_ABORT( ltid );
}
if ( opinfo.boi_oe.oe_key ) {
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
}
send_ldap_result( op, rs );
slap_graduate_commit_csn( op );
if( preread_ctrl != NULL && (*preread_ctrl) != NULL ) {
slap_sl_free( (*preread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
slap_sl_free( *preread_ctrl, op->o_tmpmemctx );
}
if( rs->sr_err == LDAP_SUCCESS && bdb->bi_txn_cp_kbyte ) {
TXN_CHECKPOINT( bdb->bi_dbenv,
bdb->bi_txn_cp_kbyte, bdb->bi_txn_cp_min, 0 );
}
return rs->sr_err;
}
int passwd_extop(
Operation *op,
SlapReply *rs )
{
struct berval id = {0, NULL}, hash, *rsp = NULL;
req_pwdexop_s *qpw = &op->oq_pwdexop;
req_extended_s qext = op->oq_extended;
Modifications *ml;
slap_callback cb = { NULL, slap_null_cb, NULL, NULL };
int i, nhash;
char **hashes, idNul;
int rc;
BackendDB *op_be;
int freenewpw = 0;
struct berval dn = BER_BVNULL, ndn = BER_BVNULL;
assert( ber_bvcmp( &slap_EXOP_MODIFY_PASSWD, &op->ore_reqoid ) == 0 );
if( op->o_dn.bv_len == 0 ) {
Statslog( LDAP_DEBUG_STATS, "%s PASSMOD\n",
op->o_log_prefix, 0, 0, 0, 0 );
rs->sr_text = "only authenticated users may change passwords";
return LDAP_STRONG_AUTH_REQUIRED;
}
qpw->rs_old.bv_len = 0;
qpw->rs_old.bv_val = NULL;
qpw->rs_new.bv_len = 0;
qpw->rs_new.bv_val = NULL;
qpw->rs_mods = NULL;
qpw->rs_modtail = NULL;
rs->sr_err = slap_passwd_parse( op->ore_reqdata, &id,
&qpw->rs_old, &qpw->rs_new, &rs->sr_text );
if ( !BER_BVISNULL( &id )) {
idNul = id.bv_val[id.bv_len];
id.bv_val[id.bv_len] = '\0';
}
if ( rs->sr_err == LDAP_SUCCESS && !BER_BVISEMPTY( &id ) ) {
Statslog( LDAP_DEBUG_STATS, "%s PASSMOD id=\"%s\"%s%s\n",
op->o_log_prefix, id.bv_val,
qpw->rs_old.bv_val ? " old" : "",
qpw->rs_new.bv_val ? " new" : "", 0 );
} else {
Statslog( LDAP_DEBUG_STATS, "%s PASSMOD%s%s\n",
op->o_log_prefix,
qpw->rs_old.bv_val ? " old" : "",
qpw->rs_new.bv_val ? " new" : "", 0, 0 );
}
if ( rs->sr_err != LDAP_SUCCESS ) {
if ( !BER_BVISNULL( &id ))
id.bv_val[id.bv_len] = idNul;
return rs->sr_err;
}
if ( !BER_BVISEMPTY( &id ) ) {
rs->sr_err = dnPrettyNormal( NULL, &id, &dn, &ndn, op->o_tmpmemctx );
id.bv_val[id.bv_len] = idNul;
if ( rs->sr_err != LDAP_SUCCESS ) {
rs->sr_text = "Invalid DN";
rc = rs->sr_err;
goto error_return;
}
op->o_req_dn = dn;
op->o_req_ndn = ndn;
op->o_bd = select_backend( &op->o_req_ndn, 1 );
} else {
ber_dupbv_x( &dn, &op->o_dn, op->o_tmpmemctx );
ber_dupbv_x( &ndn, &op->o_ndn, op->o_tmpmemctx );
op->o_req_dn = dn;
op->o_req_ndn = ndn;
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
op->o_bd = op->o_conn->c_authz_backend;
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
}
if( op->o_bd == NULL ) {
if ( qpw->rs_old.bv_val != NULL ) {
rs->sr_text = "unwilling to verify old password";
rc = LDAP_UNWILLING_TO_PERFORM;
goto error_return;
}
#ifdef HAVE_CYRUS_SASL
rc = slap_sasl_setpass( op, rs );
#else
rs->sr_text = "no authz backend";
rc = LDAP_OTHER;
#endif
goto error_return;
}
if ( op->o_req_ndn.bv_len == 0 ) {
rs->sr_text = "no password is associated with the Root DSE";
rc = LDAP_UNWILLING_TO_PERFORM;
goto error_return;
}
/* If we've got a glued backend, check the real backend */
op_be = op->o_bd;
if ( SLAP_GLUE_INSTANCE( op->o_bd )) {
op->o_bd = select_backend( &op->o_req_ndn, 0 );
}
if (backend_check_restrictions( op, rs,
(struct berval *)&slap_EXOP_MODIFY_PASSWD ) != LDAP_SUCCESS) {
rc = rs->sr_err;
goto error_return;
}
/* check for referrals */
if ( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) {
rc = rs->sr_err;
goto error_return;
}
/* This does not apply to multi-master case */
if(!( !SLAP_SINGLE_SHADOW( op->o_bd ) || be_isupdate( op ))) {
/* we SHOULD return a referral in this case */
BerVarray defref = op->o_bd->be_update_refs
? op->o_bd->be_update_refs : default_referral;
if( defref != NULL ) {
rs->sr_ref = referral_rewrite( op->o_bd->be_update_refs,
NULL, NULL, LDAP_SCOPE_DEFAULT );
if(rs->sr_ref) {
rs->sr_flags |= REP_REF_MUSTBEFREED;
} else {
rs->sr_ref = defref;
}
rc = LDAP_REFERRAL;
goto error_return;
}
rs->sr_text = "shadow context; no update referral";
rc = LDAP_UNWILLING_TO_PERFORM;
goto error_return;
}
/* generate a new password if none was provided */
if ( qpw->rs_new.bv_len == 0 ) {
slap_passwd_generate( &qpw->rs_new );
if ( qpw->rs_new.bv_len ) {
rsp = slap_passwd_return( &qpw->rs_new );
freenewpw = 1;
}
}
if ( qpw->rs_new.bv_len == 0 ) {
rs->sr_text = "password generation failed";
rc = LDAP_OTHER;
goto error_return;
}
op->o_bd = op_be;
/* Give the backend a chance to handle this itself */
if ( op->o_bd->be_extended ) {
rs->sr_err = op->o_bd->be_extended( op, rs );
if ( rs->sr_err != LDAP_UNWILLING_TO_PERFORM &&
rs->sr_err != SLAP_CB_CONTINUE )
{
rc = rs->sr_err;
if ( rsp ) {
rs->sr_rspdata = rsp;
rsp = NULL;
}
goto error_return;
}
}
/* The backend didn't handle it, so try it here */
if( op->o_bd && !op->o_bd->be_modify ) {
rs->sr_text = "operation not supported for current user";
rc = LDAP_UNWILLING_TO_PERFORM;
goto error_return;
}
if ( qpw->rs_old.bv_val != NULL ) {
Entry *e = NULL;
rc = be_entry_get_rw( op, &op->o_req_ndn, NULL,
slap_schema.si_ad_userPassword, 0, &e );
if ( rc == LDAP_SUCCESS && e ) {
Attribute *a = attr_find( e->e_attrs,
slap_schema.si_ad_userPassword );
if ( a )
rc = slap_passwd_check( op, e, a, &qpw->rs_old, &rs->sr_text );
else
rc = 1;
be_entry_release_r( op, e );
if ( rc == LDAP_SUCCESS )
goto old_good;
}
rs->sr_text = "unwilling to verify old password";
rc = LDAP_UNWILLING_TO_PERFORM;
goto error_return;
}
old_good:
ml = ch_malloc( sizeof(Modifications) );
if ( !qpw->rs_modtail ) qpw->rs_modtail = &ml->sml_next;
if ( default_passwd_hash ) {
for ( nhash = 0; default_passwd_hash[nhash]; nhash++ );
hashes = default_passwd_hash;
} else {
nhash = 1;
hashes = (char **)defhash;
}
ml->sml_numvals = nhash;
ml->sml_values = ch_malloc( (nhash+1)*sizeof(struct berval) );
for ( i=0; hashes[i]; i++ ) {
slap_passwd_hash_type( &qpw->rs_new, &hash, hashes[i], &rs->sr_text );
if ( hash.bv_len == 0 ) {
if ( !rs->sr_text ) {
rs->sr_text = "password hash failed";
}
break;
}
ml->sml_values[i] = hash;
}
ml->sml_values[i].bv_val = NULL;
ml->sml_nvalues = NULL;
ml->sml_desc = slap_schema.si_ad_userPassword;
ml->sml_type = ml->sml_desc->ad_cname;
ml->sml_op = LDAP_MOD_REPLACE;
ml->sml_flags = 0;
ml->sml_next = qpw->rs_mods;
qpw->rs_mods = ml;
if ( hashes[i] ) {
rs->sr_err = LDAP_OTHER;
} else {
slap_callback *sc = op->o_callback;
op->o_tag = LDAP_REQ_MODIFY;
op->o_callback = &cb;
op->orm_modlist = qpw->rs_mods;
op->orm_no_opattrs = 0;
cb.sc_private = qpw; /* let Modify know this was pwdMod,
* if it cares... */
rs->sr_err = op->o_bd->be_modify( op, rs );
/* be_modify() might have shuffled modifications */
qpw->rs_mods = op->orm_modlist;
if ( rs->sr_err == LDAP_SUCCESS ) {
rs->sr_rspdata = rsp;
} else if ( rsp ) {
ber_bvfree( rsp );
rsp = NULL;
}
op->o_tag = LDAP_REQ_EXTENDED;
op->o_callback = sc;
}
rc = rs->sr_err;
op->oq_extended = qext;
error_return:;
if ( qpw->rs_mods ) {
slap_mods_free( qpw->rs_mods, 1 );
}
if ( freenewpw ) {
free( qpw->rs_new.bv_val );
}
if ( !BER_BVISNULL( &dn ) ) {
op->o_tmpfree( dn.bv_val, op->o_tmpmemctx );
BER_BVZERO( &op->o_req_dn );
}
if ( !BER_BVISNULL( &ndn ) ) {
op->o_tmpfree( ndn.bv_val, op->o_tmpmemctx );
BER_BVZERO( &op->o_req_ndn );
}
return rc;
}
int
bdb_compare( Operation *op, SlapReply *rs )
{
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
Entry *e = NULL;
EntryInfo *ei;
Attribute *a;
int manageDSAit = get_manageDSAit( op );
BDB_LOCKER locker;
DB_LOCK lock;
rs->sr_err = LOCK_ID(bdb->bi_dbenv, &locker);
switch(rs->sr_err) {
case 0:
break;
default:
send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
return rs->sr_err;
}
dn2entry_retry:
/* get entry */
rs->sr_err = bdb_dn2entry( op, NULL, &op->o_req_ndn, &ei, 1,
locker, &lock );
switch( rs->sr_err ) {
case DB_NOTFOUND:
case 0:
break;
case LDAP_BUSY:
rs->sr_text = "ldap server busy";
goto return_results;
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto dn2entry_retry;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
e = ei->bei_e;
if ( rs->sr_err == DB_NOTFOUND ) {
if ( e != NULL ) {
/* return referral only if "disclose" is granted on the object */
if ( ! access_allowed( op, e, slap_schema.si_ad_entry,
NULL, ACL_DISCLOSE, NULL ) )
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
} else {
rs->sr_matched = ch_strdup( e->e_dn );
rs->sr_ref = is_entry_referral( e )
? get_entry_referrals( op, e )
: NULL;
rs->sr_err = LDAP_REFERRAL;
}
bdb_cache_return_entry_r( bdb, e, &lock );
e = NULL;
} else {
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
rs->sr_err = rs->sr_ref ? LDAP_REFERRAL : LDAP_NO_SUCH_OBJECT;
}
send_ldap_result( op, rs );
ber_bvarray_free( rs->sr_ref );
free( (char *)rs->sr_matched );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
goto done;
}
if (!manageDSAit && is_entry_referral( e ) ) {
/* return referral only if "disclose" is granted on the object */
if ( !access_allowed( op, e, slap_schema.si_ad_entry,
NULL, ACL_DISCLOSE, NULL ) )
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
} else {
/* entry is a referral, don't allow compare */
rs->sr_ref = get_entry_referrals( op, e );
rs->sr_err = LDAP_REFERRAL;
rs->sr_matched = e->e_name.bv_val;
}
Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0, 0, 0 );
send_ldap_result( op, rs );
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
goto done;
}
if ( get_assert( op ) &&
( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
{
if ( !access_allowed( op, e, slap_schema.si_ad_entry,
NULL, ACL_DISCLOSE, NULL ) )
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
} else {
rs->sr_err = LDAP_ASSERTION_FAILED;
}
goto return_results;
}
if ( !access_allowed( op, e, op->oq_compare.rs_ava->aa_desc,
&op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL ) )
{
/* return error only if "disclose"
* is granted on the object */
if ( !access_allowed( op, e, slap_schema.si_ad_entry,
NULL, ACL_DISCLOSE, NULL ) )
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
} else {
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
}
goto return_results;
}
rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
for ( a = attrs_find( e->e_attrs, op->oq_compare.rs_ava->aa_desc );
a != NULL;
a = attrs_find( a->a_next, op->oq_compare.rs_ava->aa_desc ) )
{
rs->sr_err = LDAP_COMPARE_FALSE;
if ( attr_valfind( a,
SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
&op->oq_compare.rs_ava->aa_value, NULL,
op->o_tmpmemctx ) == 0 )
{
rs->sr_err = LDAP_COMPARE_TRUE;
break;
}
}
return_results:
send_ldap_result( op, rs );
switch ( rs->sr_err ) {
case LDAP_COMPARE_FALSE:
case LDAP_COMPARE_TRUE:
rs->sr_err = LDAP_SUCCESS;
break;
}
done:
/* free entry */
if ( e != NULL ) {
bdb_cache_return_entry_r( bdb, e, &lock );
}
LOCK_ID_FREE ( bdb->bi_dbenv, locker );
return rs->sr_err;
}
static int
retcode_op_func( Operation *op, SlapReply *rs )
{
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
retcode_t *rd = (retcode_t *)on->on_bi.bi_private;
retcode_item_t *rdi;
struct berval nrdn, npdn;
slap_callback *cb = NULL;
/* sleep as required */
retcode_sleep( rd->rd_sleep );
if ( !dnIsSuffix( &op->o_req_ndn, &rd->rd_npdn ) ) {
if ( RETCODE_INDIR( rd ) ) {
switch ( op->o_tag ) {
case LDAP_REQ_ADD:
return retcode_op_add( op, rs );
case LDAP_REQ_BIND:
/* skip if rootdn */
/* FIXME: better give the db a chance? */
if ( be_isroot_pw( op ) ) {
return LDAP_SUCCESS;
}
return retcode_op_internal( op, rs );
case LDAP_REQ_SEARCH:
if ( op->ors_scope == LDAP_SCOPE_BASE ) {
rs->sr_err = retcode_op_internal( op, rs );
switch ( rs->sr_err ) {
case SLAP_CB_CONTINUE:
if ( rs->sr_nentries == 0 ) {
break;
}
rs->sr_err = LDAP_SUCCESS;
/* fallthru */
default:
send_ldap_result( op, rs );
break;
}
return rs->sr_err;
}
break;
case LDAP_REQ_MODIFY:
case LDAP_REQ_DELETE:
case LDAP_REQ_MODRDN:
case LDAP_REQ_COMPARE:
return retcode_op_internal( op, rs );
}
}
return SLAP_CB_CONTINUE;
}
if ( op->o_tag == LDAP_REQ_SEARCH
&& op->ors_scope != LDAP_SCOPE_BASE
&& op->o_req_ndn.bv_len == rd->rd_npdn.bv_len )
{
return retcode_send_onelevel( op, rs );
}
dnParent( &op->o_req_ndn, &npdn );
if ( npdn.bv_len != rd->rd_npdn.bv_len ) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
rs->sr_matched = rd->rd_pdn.bv_val;
send_ldap_result( op, rs );
rs->sr_matched = NULL;
return rs->sr_err;
}
dnRdn( &op->o_req_ndn, &nrdn );
for ( rdi = rd->rd_item; rdi != NULL; rdi = rdi->rdi_next ) {
struct berval rdi_nrdn;
dnRdn( &rdi->rdi_ndn, &rdi_nrdn );
if ( dn_match( &nrdn, &rdi_nrdn ) ) {
break;
}
}
if ( rdi != NULL && rdi->rdi_mask != SN_DG_OP_ALL ) {
retcode_op_e o_tag = SN_DG_OP_NONE;
switch ( op->o_tag ) {
case LDAP_REQ_ADD:
o_tag = SN_DG_OP_ADD;
break;
case LDAP_REQ_BIND:
o_tag = SN_DG_OP_BIND;
break;
case LDAP_REQ_COMPARE:
o_tag = SN_DG_OP_COMPARE;
break;
case LDAP_REQ_DELETE:
o_tag = SN_DG_OP_DELETE;
break;
case LDAP_REQ_MODIFY:
o_tag = SN_DG_OP_MODIFY;
break;
case LDAP_REQ_MODRDN:
o_tag = SN_DG_OP_RENAME;
break;
case LDAP_REQ_SEARCH:
o_tag = SN_DG_OP_SEARCH;
break;
case LDAP_REQ_EXTENDED:
o_tag = SN_DG_EXTENDED;
break;
default:
/* Should not happen */
break;
}
if ( !( o_tag & rdi->rdi_mask ) ) {
return SLAP_CB_CONTINUE;
}
}
if ( rdi == NULL ) {
rs->sr_matched = rd->rd_pdn.bv_val;
rs->sr_err = LDAP_NO_SUCH_OBJECT;
rs->sr_text = "retcode not found";
} else {
if ( rdi->rdi_flags & RDI_PRE_DISCONNECT ) {
return rs->sr_err = SLAPD_DISCONNECT;
}
rs->sr_err = rdi->rdi_err;
rs->sr_text = rdi->rdi_text.bv_val;
rs->sr_matched = rdi->rdi_matched.bv_val;
/* FIXME: we only honor the rdi_ref field in case rdi_err
* is LDAP_REFERRAL otherwise send_ldap_result() bails out */
if ( rs->sr_err == LDAP_REFERRAL ) {
BerVarray ref;
if ( rdi->rdi_ref != NULL ) {
ref = rdi->rdi_ref;
} else {
ref = default_referral;
}
if ( ref != NULL ) {
rs->sr_ref = referral_rewrite( ref,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
} else {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "bad referral object";
}
}
retcode_sleep( rdi->rdi_sleeptime );
}
switch ( op->o_tag ) {
case LDAP_REQ_EXTENDED:
if ( rdi == NULL ) {
break;
}
cb = ( slap_callback * )ch_malloc( sizeof( slap_callback ) );
memset( cb, 0, sizeof( slap_callback ) );
cb->sc_cleanup = retcode_cleanup_cb;
op->o_callback = cb;
break;
default:
if ( rdi && !BER_BVISNULL( &rdi->rdi_unsolicited_oid ) ) {
ber_int_t msgid = op->o_msgid;
/* RFC 4511 unsolicited response */
op->o_msgid = 0;
if ( strcmp( rdi->rdi_unsolicited_oid.bv_val, "0" ) == 0 ) {
send_ldap_result( op, rs );
} else {
ber_tag_t tag = op->o_tag;
op->o_tag = LDAP_REQ_EXTENDED;
rs->sr_rspoid = rdi->rdi_unsolicited_oid.bv_val;
if ( !BER_BVISNULL( &rdi->rdi_unsolicited_data ) ) {
rs->sr_rspdata = &rdi->rdi_unsolicited_data;
}
send_ldap_extended( op, rs );
rs->sr_rspoid = NULL;
rs->sr_rspdata = NULL;
op->o_tag = tag;
}
op->o_msgid = msgid;
} else {
send_ldap_result( op, rs );
}
if ( rs->sr_ref != NULL ) {
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
}
rs->sr_matched = NULL;
rs->sr_text = NULL;
if ( rdi && rdi->rdi_flags & RDI_POST_DISCONNECT ) {
return rs->sr_err = SLAPD_DISCONNECT;
}
break;
}
return rs->sr_err;
}
int
bdb_modrdn( Operation *op, SlapReply *rs )
{
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
AttributeDescription *children = slap_schema.si_ad_children;
AttributeDescription *entry = slap_schema.si_ad_entry;
struct berval p_dn, p_ndn;
struct berval new_dn = {0, NULL}, new_ndn = {0, NULL};
Entry *e = NULL;
Entry *p = NULL;
EntryInfo *ei = NULL, *eip = NULL, *nei = NULL, *neip = NULL;
/* LDAP v2 supporting correct attribute handling. */
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof textbuf;
DB_TXN *ltid = NULL, *lt2;
struct bdb_op_info opinfo = {{{ 0 }}};
Entry dummy = {0};
Entry *np = NULL; /* newSuperior Entry */
struct berval *np_dn = NULL; /* newSuperior dn */
struct berval *np_ndn = NULL; /* newSuperior ndn */
struct berval *new_parent_dn = NULL; /* np_dn, p_dn, or NULL */
int manageDSAit = get_manageDSAit( op );
DB_LOCK lock, plock, nplock;
int num_retries = 0;
LDAPControl **preread_ctrl = NULL;
LDAPControl **postread_ctrl = NULL;
LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
int num_ctrls = 0;
int rc;
int parent_is_glue = 0;
int parent_is_leaf = 0;
#ifdef LDAP_X_TXN
int settle = 0;
#endif
Debug( LDAP_DEBUG_TRACE, "==>" LDAP_XSTRING(bdb_modrdn) "(%s,%s,%s)\n",
op->o_req_dn.bv_val,op->oq_modrdn.rs_newrdn.bv_val,
op->oq_modrdn.rs_newSup ? op->oq_modrdn.rs_newSup->bv_val : "NULL" );
#ifdef LDAP_X_TXN
if( op->o_txnSpec ) {
/* acquire connection lock */
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
if( op->o_conn->c_txn == CONN_TXN_INACTIVE ) {
rs->sr_text = "invalid transaction identifier";
rs->sr_err = LDAP_X_TXN_ID_INVALID;
goto txnReturn;
} else if( op->o_conn->c_txn == CONN_TXN_SETTLE ) {
settle=1;
goto txnReturn;
}
if( op->o_conn->c_txn_backend == NULL ) {
op->o_conn->c_txn_backend = op->o_bd;
} else if( op->o_conn->c_txn_backend != op->o_bd ) {
rs->sr_text = "transaction cannot span multiple database contexts";
rs->sr_err = LDAP_AFFECTS_MULTIPLE_DSAS;
goto txnReturn;
}
/* insert operation into transaction */
rs->sr_text = "transaction specified";
rs->sr_err = LDAP_X_TXN_SPECIFY_OKAY;
txnReturn:
/* release connection lock */
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
if( !settle ) {
send_ldap_result( op, rs );
return rs->sr_err;
}
}
#endif
ctrls[num_ctrls] = NULL;
slap_mods_opattrs( op, &op->orr_modlist, 1 );
if( 0 ) {
retry: /* transaction retry */
if ( dummy.e_attrs ) {
attrs_free( dummy.e_attrs );
dummy.e_attrs = NULL;
}
if (e != NULL) {
bdb_unlocked_cache_return_entry_w(&bdb->bi_cache, e);
e = NULL;
}
if (p != NULL) {
bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, p);
p = NULL;
}
if (np != NULL) {
bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, np);
np = NULL;
}
Debug( LDAP_DEBUG_TRACE, "==>" LDAP_XSTRING(bdb_modrdn)
": retrying...\n", 0, 0, 0 );
rs->sr_err = TXN_ABORT( ltid );
ltid = NULL;
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
opinfo.boi_oe.oe_key = NULL;
op->o_do_not_cache = opinfo.boi_acl_cache;
if( rs->sr_err != 0 ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
if ( op->o_abandon ) {
rs->sr_err = SLAPD_ABANDON;
goto return_results;
}
parent_is_glue = 0;
parent_is_leaf = 0;
bdb_trans_backoff( ++num_retries );
}
/* begin transaction */
rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, NULL, <id,
bdb->bi_db_opflags );
rs->sr_text = NULL;
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modrdn) ": txn_begin failed: "
"%s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_modrdn) ": txn1 id: %x\n",
ltid->id(ltid), 0, 0 );
opinfo.boi_oe.oe_key = bdb;
opinfo.boi_txn = ltid;
opinfo.boi_err = 0;
opinfo.boi_acl_cache = op->o_do_not_cache;
LDAP_SLIST_INSERT_HEAD( &op->o_extra, &opinfo.boi_oe, oe_next );
/* get entry */
rs->sr_err = bdb_dn2entry( op, ltid, &op->o_req_ndn, &ei, 1,
&lock );
switch( rs->sr_err ) {
case 0:
case DB_NOTFOUND:
break;
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
case LDAP_BUSY:
rs->sr_text = "ldap server busy";
goto return_results;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
e = ei->bei_e;
/* FIXME: dn2entry() should return non-glue entry */
if (( rs->sr_err == DB_NOTFOUND ) ||
( !manageDSAit && e && is_entry_glue( e )))
{
if( e != NULL ) {
rs->sr_matched = ch_strdup( e->e_dn );
rs->sr_ref = is_entry_referral( e )
? get_entry_referrals( op, e )
: NULL;
bdb_unlocked_cache_return_entry_r( &bdb->bi_cache, e);
e = NULL;
} else {
rs->sr_ref = referral_rewrite( default_referral, NULL,
&op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
ber_bvarray_free( rs->sr_ref );
free( (char *)rs->sr_matched );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
goto done;
}
if ( get_assert( op ) &&
( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
{
rs->sr_err = LDAP_ASSERTION_FAILED;
goto return_results;
}
/* check write on old entry */
rs->sr_err = access_allowed( op, e, entry, NULL, ACL_WRITE, NULL );
if ( ! rs->sr_err ) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
Debug( LDAP_DEBUG_TRACE, "no access to entry\n", 0,
0, 0 );
rs->sr_text = "no write access to old entry";
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
#ifndef BDB_HIER
rs->sr_err = bdb_cache_children( op, ltid, e );
if ( rs->sr_err != DB_NOTFOUND ) {
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
case 0:
Debug(LDAP_DEBUG_ARGS,
"<=- " LDAP_XSTRING(bdb_modrdn)
": non-leaf %s\n",
op->o_req_dn.bv_val, 0, 0);
rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF;
rs->sr_text = "subtree rename not supported";
break;
default:
Debug(LDAP_DEBUG_ARGS,
"<=- " LDAP_XSTRING(bdb_modrdn)
": has_children failed: %s (%d)\n",
db_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
}
goto return_results;
}
ei->bei_state |= CACHE_ENTRY_NO_KIDS;
#endif
if (!manageDSAit && is_entry_referral( e ) ) {
/* parent is a referral, don't allow add */
rs->sr_ref = get_entry_referrals( op, e );
Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_modrdn)
": entry %s is referral\n", e->e_dn, 0, 0 );
rs->sr_err = LDAP_REFERRAL,
rs->sr_matched = e->e_name.bv_val;
send_ldap_result( op, rs );
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
goto done;
}
if ( be_issuffix( op->o_bd, &e->e_nname ) ) {
#ifdef BDB_MULTIPLE_SUFFIXES
/* Allow renaming one suffix entry to another */
p_ndn = slap_empty_bv;
#else
/* There can only be one suffix entry */
rs->sr_err = LDAP_NAMING_VIOLATION;
rs->sr_text = "cannot rename suffix entry";
goto return_results;
#endif
} else {
dnParent( &e->e_nname, &p_ndn );
}
np_ndn = &p_ndn;
eip = ei->bei_parent;
if ( eip && eip->bei_id ) {
/* Make sure parent entry exist and we can write its
* children.
*/
rs->sr_err = bdb_cache_find_id( op, ltid,
eip->bei_id, &eip, 0, &plock );
switch( rs->sr_err ) {
case 0:
case DB_NOTFOUND:
break;
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
case LDAP_BUSY:
rs->sr_text = "ldap server busy";
goto return_results;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
p = eip->bei_e;
if( p == NULL) {
Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_modrdn)
": parent does not exist\n", 0, 0, 0);
rs->sr_err = LDAP_OTHER;
rs->sr_text = "old entry's parent does not exist";
goto return_results;
}
} else {
p = (Entry *)&slap_entry_root;
}
/* check parent for "children" acl */
rs->sr_err = access_allowed( op, p,
children, NULL,
op->oq_modrdn.rs_newSup == NULL ?
ACL_WRITE : ACL_WDEL,
NULL );
if ( !p_ndn.bv_len )
p = NULL;
if ( ! rs->sr_err ) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
0, 0 );
rs->sr_text = "no write access to old parent's children";
goto return_results;
}
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modrdn) ": wr to children "
"of entry %s OK\n", p_ndn.bv_val, 0, 0 );
if ( p_ndn.bv_val == slap_empty_bv.bv_val ) {
p_dn = slap_empty_bv;
} else {
dnParent( &e->e_name, &p_dn );
}
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modrdn) ": parent dn=%s\n",
p_dn.bv_val, 0, 0 );
new_parent_dn = &p_dn; /* New Parent unless newSuperior given */
if ( op->oq_modrdn.rs_newSup != NULL ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modrdn)
": new parent \"%s\" requested...\n",
op->oq_modrdn.rs_newSup->bv_val, 0, 0 );
/* newSuperior == oldParent? */
if( dn_match( &p_ndn, op->oq_modrdn.rs_nnewSup ) ) {
Debug( LDAP_DEBUG_TRACE, "bdb_back_modrdn: "
"new parent \"%s\" same as the old parent \"%s\"\n",
op->oq_modrdn.rs_newSup->bv_val, p_dn.bv_val, 0 );
op->oq_modrdn.rs_newSup = NULL; /* ignore newSuperior */
}
}
/* There's a BDB_MULTIPLE_SUFFIXES case here that this code doesn't
* support. E.g., two suffixes dc=foo,dc=com and dc=bar,dc=net.
* We do not allow modDN
* dc=foo,dc=com
* newrdn dc=bar
* newsup dc=net
* and we probably should. But since MULTIPLE_SUFFIXES is deprecated
* I'm ignoring this problem for now.
*/
if ( op->oq_modrdn.rs_newSup != NULL ) {
if ( op->oq_modrdn.rs_newSup->bv_len ) {
np_dn = op->oq_modrdn.rs_newSup;
np_ndn = op->oq_modrdn.rs_nnewSup;
/* newSuperior == oldParent? - checked above */
/* newSuperior == entry being moved?, if so ==> ERROR */
if ( dnIsSuffix( np_ndn, &e->e_nname )) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
rs->sr_text = "new superior not found";
goto return_results;
}
/* Get Entry with dn=newSuperior. Does newSuperior exist? */
rs->sr_err = bdb_dn2entry( op, ltid, np_ndn,
&neip, 0, &nplock );
switch( rs->sr_err ) {
case 0: np = neip->bei_e;
case DB_NOTFOUND:
break;
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
case LDAP_BUSY:
rs->sr_text = "ldap server busy";
goto return_results;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
if( np == NULL) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modrdn)
": newSup(ndn=%s) not here!\n",
np_ndn->bv_val, 0, 0);
rs->sr_text = "new superior not found";
rs->sr_err = LDAP_NO_SUCH_OBJECT;
goto return_results;
}
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modrdn)
": wr to new parent OK np=%p, id=%ld\n",
(void *) np, (long) np->e_id, 0 );
/* check newSuperior for "children" acl */
rs->sr_err = access_allowed( op, np, children,
NULL, ACL_WADD, NULL );
if( ! rs->sr_err ) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modrdn)
": no wr to newSup children\n",
0, 0, 0 );
rs->sr_text = "no write access to new superior's children";
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
if ( is_entry_alias( np ) ) {
/* parent is an alias, don't allow add */
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modrdn)
": entry is alias\n",
0, 0, 0 );
rs->sr_text = "new superior is an alias";
rs->sr_err = LDAP_ALIAS_PROBLEM;
goto return_results;
}
if ( is_entry_referral( np ) ) {
/* parent is a referral, don't allow add */
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modrdn)
": entry is referral\n",
0, 0, 0 );
rs->sr_text = "new superior is a referral";
rs->sr_err = LDAP_OTHER;
goto return_results;
}
} else {
np_dn = NULL;
/* no parent, modrdn entry directly under root */
if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
|| be_isupdate( op ) ) {
np = (Entry *)&slap_entry_root;
/* check parent for "children" acl */
rs->sr_err = access_allowed( op, np,
children, NULL, ACL_WADD, NULL );
np = NULL;
if ( ! rs->sr_err ) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
Debug( LDAP_DEBUG_TRACE,
"no access to new superior\n",
0, 0, 0 );
rs->sr_text =
"no write access to new superior's children";
goto return_results;
}
}
}
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modrdn)
": wr to new parent's children OK\n",
0, 0, 0 );
new_parent_dn = np_dn;
}
/* Build target dn and make sure target entry doesn't exist already. */
if (!new_dn.bv_val) {
build_new_dn( &new_dn, new_parent_dn, &op->oq_modrdn.rs_newrdn, NULL );
}
if (!new_ndn.bv_val) {
struct berval bv = {0, NULL};
dnNormalize( 0, NULL, NULL, &new_dn, &bv, op->o_tmpmemctx );
ber_dupbv( &new_ndn, &bv );
/* FIXME: why not call dnNormalize() w/o ctx? */
op->o_tmpfree( bv.bv_val, op->o_tmpmemctx );
}
Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_modrdn) ": new ndn=%s\n",
new_ndn.bv_val, 0, 0 );
/* Shortcut the search */
nei = neip ? neip : eip;
rs->sr_err = bdb_cache_find_ndn ( op, ltid, &new_ndn, &nei );
if ( nei ) bdb_cache_entryinfo_unlock( nei );
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
case DB_NOTFOUND:
break;
case 0:
/* Allow rename to same DN */
if ( nei == ei )
break;
rs->sr_err = LDAP_ALREADY_EXISTS;
goto return_results;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
assert( op->orr_modlist != NULL );
if( op->o_preread ) {
if( preread_ctrl == NULL ) {
preread_ctrl = &ctrls[num_ctrls++];
ctrls[num_ctrls] = NULL;
}
if( slap_read_controls( op, rs, e,
&slap_pre_read_bv, preread_ctrl ) )
{
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_modrdn)
": pre-read failed!\n", 0, 0, 0 );
if ( op->o_preread & SLAP_CONTROL_CRITICAL ) {
/* FIXME: is it correct to abort
* operation if control fails? */
goto return_results;
}
}
}
/* nested transaction */
rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, ltid, <2, bdb->bi_db_opflags );
rs->sr_text = NULL;
if( rs->sr_err != 0 ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modrdn)
": txn_begin(2) failed: %s (%d)\n",
db_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_modrdn) ": txn2 id: %x\n",
lt2->id(lt2), 0, 0 );
/* delete old DN */
rs->sr_err = bdb_dn2id_delete( op, lt2, eip, e );
if ( rs->sr_err != 0 ) {
Debug(LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_modrdn)
": dn2id del failed: %s (%d)\n",
db_strerror(rs->sr_err), rs->sr_err, 0 );
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
rs->sr_err = LDAP_OTHER;
rs->sr_text = "DN index delete fail";
goto return_results;
}
/* copy the entry, then override some fields */
dummy = *e;
dummy.e_name = new_dn;
dummy.e_nname = new_ndn;
dummy.e_attrs = NULL;
/* add new DN */
rs->sr_err = bdb_dn2id_add( op, lt2, neip ? neip : eip, &dummy );
if ( rs->sr_err != 0 ) {
Debug(LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_modrdn)
": dn2id add failed: %s (%d)\n",
db_strerror(rs->sr_err), rs->sr_err, 0 );
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
rs->sr_err = LDAP_OTHER;
rs->sr_text = "DN index add failed";
goto return_results;
}
dummy.e_attrs = e->e_attrs;
/* modify entry */
rs->sr_err = bdb_modify_internal( op, lt2, op->orr_modlist, &dummy,
&rs->sr_text, textbuf, textlen );
if( rs->sr_err != LDAP_SUCCESS ) {
Debug(LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_modrdn)
": modify failed: %s (%d)\n",
db_strerror(rs->sr_err), rs->sr_err, 0 );
if ( ( rs->sr_err == LDAP_INSUFFICIENT_ACCESS ) && opinfo.boi_err ) {
rs->sr_err = opinfo.boi_err;
}
if ( dummy.e_attrs == e->e_attrs ) dummy.e_attrs = NULL;
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
goto return_results;
}
/* id2entry index */
rs->sr_err = bdb_id2entry_update( op->o_bd, lt2, &dummy );
if ( rs->sr_err != 0 ) {
Debug(LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_modrdn)
": id2entry failed: %s (%d)\n",
db_strerror(rs->sr_err), rs->sr_err, 0 );
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
rs->sr_err = LDAP_OTHER;
rs->sr_text = "entry update failed";
goto return_results;
}
if ( p_ndn.bv_len != 0 ) {
parent_is_glue = is_entry_glue(p);
rs->sr_err = bdb_cache_children( op, lt2, p );
if ( rs->sr_err != DB_NOTFOUND ) {
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
case 0:
break;
default:
Debug(LDAP_DEBUG_ARGS,
"<=- " LDAP_XSTRING(bdb_modrdn)
": has_children failed: %s (%d)\n",
db_strerror(rs->sr_err), rs->sr_err, 0 );
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
parent_is_leaf = 1;
}
bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, p);
p = NULL;
}
if ( TXN_COMMIT( lt2, 0 ) != 0 ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "txn_commit(2) failed";
goto return_results;
}
if( op->o_postread ) {
if( postread_ctrl == NULL ) {
postread_ctrl = &ctrls[num_ctrls++];
ctrls[num_ctrls] = NULL;
}
if( slap_read_controls( op, rs, &dummy,
&slap_post_read_bv, postread_ctrl ) )
{
Debug( LDAP_DEBUG_TRACE,
"<=- " LDAP_XSTRING(bdb_modrdn)
": post-read failed!\n", 0, 0, 0 );
if ( op->o_postread & SLAP_CONTROL_CRITICAL ) {
/* FIXME: is it correct to abort
* operation if control fails? */
goto return_results;
}
}
}
if( op->o_noop ) {
if(( rs->sr_err=TXN_ABORT( ltid )) != 0 ) {
rs->sr_text = "txn_abort (no-op) failed";
} else {
rs->sr_err = LDAP_X_NO_OPERATION;
ltid = NULL;
/* Only free attrs if they were dup'd. */
if ( dummy.e_attrs == e->e_attrs ) dummy.e_attrs = NULL;
goto return_results;
}
} else {
rc = bdb_cache_modrdn( bdb, e, &op->orr_nnewrdn, &dummy, neip,
ltid, &lock );
switch( rc ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
dummy.e_attrs = NULL;
new_dn.bv_val = NULL;
new_ndn.bv_val = NULL;
if(( rs->sr_err=TXN_COMMIT( ltid, 0 )) != 0 ) {
rs->sr_text = "txn_commit failed";
} else {
rs->sr_err = LDAP_SUCCESS;
}
}
ltid = NULL;
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
opinfo.boi_oe.oe_key = NULL;
if( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modrdn) ": %s : %s (%d)\n",
rs->sr_text, db_strerror(rs->sr_err), rs->sr_err );
rs->sr_err = LDAP_OTHER;
goto return_results;
}
Debug(LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_modrdn)
": rdn modified%s id=%08lx dn=\"%s\"\n",
op->o_noop ? " (no-op)" : "",
dummy.e_id, op->o_req_dn.bv_val );
rs->sr_text = NULL;
if( num_ctrls ) rs->sr_ctrls = ctrls;
return_results:
if ( dummy.e_attrs ) {
attrs_free( dummy.e_attrs );
}
send_ldap_result( op, rs );
if( rs->sr_err == LDAP_SUCCESS && bdb->bi_txn_cp_kbyte ) {
TXN_CHECKPOINT( bdb->bi_dbenv,
bdb->bi_txn_cp_kbyte, bdb->bi_txn_cp_min, 0 );
}
if ( rs->sr_err == LDAP_SUCCESS && parent_is_glue && parent_is_leaf ) {
op->o_delete_glue_parent = 1;
}
done:
slap_graduate_commit_csn( op );
if( new_dn.bv_val != NULL ) free( new_dn.bv_val );
if( new_ndn.bv_val != NULL ) free( new_ndn.bv_val );
/* LDAP v3 Support */
if( np != NULL ) {
/* free new parent and reader lock */
bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, np);
}
if( p != NULL ) {
/* free parent and reader lock */
bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, p);
}
/* free entry */
if( e != NULL ) {
bdb_unlocked_cache_return_entry_w( &bdb->bi_cache, e);
}
if( ltid != NULL ) {
TXN_ABORT( ltid );
}
if ( opinfo.boi_oe.oe_key ) {
LDAP_SLIST_REMOVE( &op->o_extra, &opinfo.boi_oe, OpExtra, oe_next );
}
if( preread_ctrl != NULL && (*preread_ctrl) != NULL ) {
slap_sl_free( (*preread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
slap_sl_free( *preread_ctrl, op->o_tmpmemctx );
}
if( postread_ctrl != NULL && (*postread_ctrl) != NULL ) {
slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
slap_sl_free( *postread_ctrl, op->o_tmpmemctx );
}
return rs->sr_err;
}
int
fe_op_delete( Operation *op, SlapReply *rs )
{
struct berval pdn = BER_BVNULL;
BackendDB *op_be, *bd = op->o_bd;
/*
* We could be serving multiple database backends. Select the
* appropriate one, or send a referral to our "referral server"
* if we don't hold it.
*/
op->o_bd = select_backend( &op->o_req_ndn, 1 );
if ( op->o_bd == NULL ) {
op->o_bd = bd;
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
if (!rs->sr_ref) rs->sr_ref = default_referral;
if ( rs->sr_ref != NULL ) {
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
if (rs->sr_ref != default_referral) ber_bvarray_free( rs->sr_ref );
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"no global superior knowledge" );
}
goto cleanup;
}
/* If we've got a glued backend, check the real backend */
op_be = op->o_bd;
if ( SLAP_GLUE_INSTANCE( op->o_bd )) {
op->o_bd = select_backend( &op->o_req_ndn, 0 );
}
/* check restrictions */
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
/* check for referrals */
if( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) {
goto cleanup;
}
/*
* do the delete if 1 && (2 || 3)
* 1) there is a delete function implemented in this backend;
* 2) this backend is master for what it holds;
* 3) it's a replica and the dn supplied is the update_ndn.
*/
if ( op->o_bd->be_delete ) {
/* do the update here */
int repl_user = be_isupdate( op );
if ( !SLAP_SINGLE_SHADOW(op->o_bd) || repl_user ) {
struct berval org_req_dn = BER_BVNULL;
struct berval org_req_ndn = BER_BVNULL;
struct berval org_dn = BER_BVNULL;
struct berval org_ndn = BER_BVNULL;
int org_managedsait;
op->o_bd = op_be;
op->o_bd->be_delete( op, rs );
org_req_dn = op->o_req_dn;
org_req_ndn = op->o_req_ndn;
org_dn = op->o_dn;
org_ndn = op->o_ndn;
org_managedsait = get_manageDSAit( op );
op->o_dn = op->o_bd->be_rootdn;
op->o_ndn = op->o_bd->be_rootndn;
op->o_managedsait = SLAP_CONTROL_NONCRITICAL;
while ( rs->sr_err == LDAP_SUCCESS &&
op->o_delete_glue_parent )
{
op->o_delete_glue_parent = 0;
if ( !be_issuffix( op->o_bd, &op->o_req_ndn )) {
slap_callback cb = { NULL, NULL, NULL, NULL };
cb.sc_response = slap_null_cb;
dnParent( &op->o_req_ndn, &pdn );
op->o_req_dn = pdn;
op->o_req_ndn = pdn;
op->o_callback = &cb;
op->o_bd->be_delete( op, rs );
} else {
break;
}
}
op->o_managedsait = org_managedsait;
op->o_dn = org_dn;
op->o_ndn = org_ndn;
op->o_req_dn = org_req_dn;
op->o_req_ndn = org_req_ndn;
op->o_delete_glue_parent = 0;
} else {
BerVarray defref = op->o_bd->be_update_refs
? op->o_bd->be_update_refs : default_referral;
if ( defref != NULL ) {
rs->sr_ref = referral_rewrite( defref,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
if (!rs->sr_ref) rs->sr_ref = defref;
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
if (rs->sr_ref != defref) ber_bvarray_free( rs->sr_ref );
} else {
send_ldap_error( op, rs,
LDAP_UNWILLING_TO_PERFORM,
"shadow context; no update referral" );
}
}
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported within namingContext" );
}
cleanup:;
op->o_bd = bd;
return rs->sr_err;
}
int
bdb_compare( Operation *op, SlapReply *rs )
{
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
Entry *e = NULL;
EntryInfo *ei;
int manageDSAit = get_manageDSAit( op );
DB_TXN *rtxn;
DB_LOCK lock;
rs->sr_err = bdb_reader_get(op, bdb->bi_dbenv, &rtxn);
switch(rs->sr_err) {
case 0:
break;
default:
send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
return rs->sr_err;
}
dn2entry_retry:
/* get entry */
rs->sr_err = bdb_dn2entry( op, rtxn, &op->o_req_ndn, &ei, 1,
&lock );
switch( rs->sr_err ) {
case DB_NOTFOUND:
case 0:
break;
case LDAP_BUSY:
rs->sr_text = "ldap server busy";
goto return_results;
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto dn2entry_retry;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
e = ei->bei_e;
if ( rs->sr_err == DB_NOTFOUND ) {
if ( e != NULL ) {
/* return referral only if "disclose" is granted on the object */
if ( ! access_allowed( op, e, slap_schema.si_ad_entry,
NULL, ACL_DISCLOSE, NULL ) )
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
} else {
rs->sr_matched = ch_strdup( e->e_dn );
rs->sr_ref = is_entry_referral( e )
? get_entry_referrals( op, e )
: NULL;
rs->sr_err = LDAP_REFERRAL;
}
bdb_cache_return_entry_r( bdb, e, &lock );
e = NULL;
} else {
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
rs->sr_err = rs->sr_ref ? LDAP_REFERRAL : LDAP_NO_SUCH_OBJECT;
}
send_ldap_result( op, rs );
ber_bvarray_free( rs->sr_ref );
free( (char *)rs->sr_matched );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
goto done;
}
if (!manageDSAit && is_entry_referral( e ) ) {
/* return referral only if "disclose" is granted on the object */
if ( !access_allowed( op, e, slap_schema.si_ad_entry,
NULL, ACL_DISCLOSE, NULL ) )
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
} else {
/* entry is a referral, don't allow compare */
rs->sr_ref = get_entry_referrals( op, e );
rs->sr_err = LDAP_REFERRAL;
rs->sr_matched = e->e_name.bv_val;
}
Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0, 0, 0 );
send_ldap_result( op, rs );
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
goto done;
}
rs->sr_err = slap_compare_entry( op, e, op->orc_ava );
return_results:
send_ldap_result( op, rs );
switch ( rs->sr_err ) {
case LDAP_COMPARE_FALSE:
case LDAP_COMPARE_TRUE:
rs->sr_err = LDAP_SUCCESS;
break;
}
done:
/* free entry */
if ( e != NULL ) {
bdb_cache_return_entry_r( bdb, e, &lock );
}
return rs->sr_err;
}
int
ldbm_back_referrals(
Backend *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn,
const char **text )
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
int rc = LDAP_SUCCESS;
Entry *e, *matched;
if( op->o_tag == LDAP_REQ_SEARCH ) {
/* let search take care of itself */
return rc;
}
if( get_manageDSAit( op ) ) {
/* let op take care of DSA management */
return rc;
}
/* grab giant lock for reading */
ldap_pvt_thread_rdwr_rlock(&li->li_giant_rwlock);
/* get entry with reader lock */
e = dn2entry_r( be, ndn, &matched );
if ( e == NULL ) {
char *matched_dn = NULL;
BerVarray refs = NULL;
if ( matched != NULL ) {
matched_dn = ch_strdup( matched->e_dn );
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, DETAIL1,
"ldbm_back_referrals: op=%ld target=\"%s\" matched=\"%s\"\n",
op->o_tag, dn->bv_val, matched_dn );
#else
Debug( LDAP_DEBUG_TRACE,
"ldbm_referrals: op=%ld target=\"%s\" matched=\"%s\"\n",
op->o_tag, dn->bv_val, matched_dn );
#endif
if( is_entry_referral( matched ) ) {
rc = LDAP_OTHER;
refs = get_entry_referrals( be, conn, op, matched );
}
cache_return_entry_r( &li->li_cache, matched );
} else if ( default_referral != NULL ) {
rc = LDAP_OTHER;
refs = referral_rewrite( default_referral,
NULL, dn, LDAP_SCOPE_DEFAULT );
}
ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
if( refs != NULL ) {
/* send referrals */
send_ldap_result( conn, op, rc = LDAP_REFERRAL,
matched_dn, NULL, refs, NULL );
ber_bvarray_free( refs );
} else if ( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc, matched_dn,
matched_dn ? "bad referral object" : "bad default referral",
NULL, NULL );
}
if ( matched_dn ) free( matched_dn );
return rc;
}
if ( is_entry_referral( e ) ) {
/* entry is a referral */
BerVarray refs = get_entry_referrals( be, conn, op, e );
BerVarray rrefs = referral_rewrite(
refs, &e->e_name, dn, LDAP_SCOPE_DEFAULT );
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, DETAIL1,
"ldbm_referrals: op=%ld target=\"%s\" matched=\"%s\"\n",
op->o_tag, dn->bv_val, e->e_dn );
#else
Debug( LDAP_DEBUG_TRACE,
"ldbm_referrals: op=%ld target=\"%s\" matched=\"%s\"\n",
op->o_tag, dn->bv_val, e->e_dn );
#endif
if( rrefs != NULL ) {
send_ldap_result( conn, op, rc = LDAP_REFERRAL,
e->e_dn, NULL, rrefs, NULL );
ber_bvarray_free( rrefs );
} else {
send_ldap_result( conn, op, rc = LDAP_OTHER, e->e_dn,
"bad referral object", NULL, NULL );
}
if( refs != NULL ) ber_bvarray_free( refs );
}
cache_return_entry_r( &li->li_cache, e );
ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
return rc;
}
int
fe_op_compare( Operation *op, SlapReply *rs )
{
Entry *entry = NULL;
AttributeAssertion *ava = op->orc_ava;
BackendDB *bd = op->o_bd;
if( strcasecmp( op->o_req_ndn.bv_val, LDAP_ROOT_DSE ) == 0 ) {
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
rs->sr_err = root_dse_info( op->o_conn, &entry, &rs->sr_text );
if( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
} else if ( bvmatch( &op->o_req_ndn, &frontendDB->be_schemandn ) ) {
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
rs->sr_err = 0;
goto cleanup;
}
rs->sr_err = schema_info( &entry, &rs->sr_text );
if( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
rs->sr_err = 0;
goto cleanup;
}
}
if( entry ) {
rs->sr_err = slap_compare_entry( op, entry, ava );
entry_free( entry );
send_ldap_result( op, rs );
if( rs->sr_err == LDAP_COMPARE_TRUE ||
rs->sr_err == LDAP_COMPARE_FALSE )
{
rs->sr_err = LDAP_SUCCESS;
}
goto cleanup;
}
/*
* We could be serving multiple database backends. Select the
* appropriate one, or send a referral to our "referral server"
* if we don't hold it.
*/
op->o_bd = select_backend( &op->o_req_ndn, 0 );
if ( op->o_bd == NULL ) {
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
rs->sr_err = LDAP_REFERRAL;
if (!rs->sr_ref) rs->sr_ref = default_referral;
op->o_bd = bd;
send_ldap_result( op, rs );
if (rs->sr_ref != default_referral) ber_bvarray_free( rs->sr_ref );
rs->sr_err = 0;
goto cleanup;
}
/* check restrictions */
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
/* check for referrals */
if( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) {
goto cleanup;
}
if ( SLAP_SHADOW(op->o_bd) && get_dontUseCopy(op) ) {
/* don't use shadow copy */
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"copy not used" );
} else if ( ava->aa_desc == slap_schema.si_ad_entryDN ) {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"entryDN compare not supported" );
} else if ( ava->aa_desc == slap_schema.si_ad_subschemaSubentry ) {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"subschemaSubentry compare not supported" );
#ifndef SLAP_COMPARE_IN_FRONTEND
} else if ( ava->aa_desc == slap_schema.si_ad_hasSubordinates
&& op->o_bd->be_has_subordinates )
{
int rc, hasSubordinates = LDAP_SUCCESS;
rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &entry );
if ( rc == 0 && entry ) {
if ( ! access_allowed( op, entry,
ava->aa_desc, &ava->aa_value, ACL_COMPARE, NULL ) )
{
rc = rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
} else {
rc = rs->sr_err = op->o_bd->be_has_subordinates( op,
entry, &hasSubordinates );
be_entry_release_r( op, entry );
}
}
if ( rc == 0 ) {
int asserted;
asserted = bvmatch( &ava->aa_value, &slap_true_bv )
? LDAP_COMPARE_TRUE : LDAP_COMPARE_FALSE;
if ( hasSubordinates == asserted ) {
rs->sr_err = LDAP_COMPARE_TRUE;
} else {
rs->sr_err = LDAP_COMPARE_FALSE;
}
} else {
/* return error only if "disclose"
* is granted on the object */
if ( backend_access( op, NULL, &op->o_req_ndn,
slap_schema.si_ad_entry,
NULL, ACL_DISCLOSE, NULL ) == LDAP_INSUFFICIENT_ACCESS )
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
}
}
send_ldap_result( op, rs );
if ( rc == 0 ) {
rs->sr_err = LDAP_SUCCESS;
}
} else if ( op->o_bd->be_compare ) {
rs->sr_err = op->o_bd->be_compare( op, rs );
#endif /* ! SLAP_COMPARE_IN_FRONTEND */
} else {
rs->sr_err = SLAP_CB_CONTINUE;
}
if ( rs->sr_err == SLAP_CB_CONTINUE ) {
/* do our best to compare that AVA
*
* NOTE: this code is used only
* if SLAP_COMPARE_IN_FRONTEND
* is #define'd (it's not by default)
* or if op->o_bd->be_compare is NULL.
*
* FIXME: one potential issue is that
* if SLAP_COMPARE_IN_FRONTEND overlays
* are not executed for compare. */
BerVarray vals = NULL;
int rc = LDAP_OTHER;
rs->sr_err = backend_attribute( op, NULL, &op->o_req_ndn,
ava->aa_desc, &vals, ACL_COMPARE );
switch ( rs->sr_err ) {
default:
/* return error only if "disclose"
* is granted on the object */
if ( backend_access( op, NULL, &op->o_req_ndn,
slap_schema.si_ad_entry,
NULL, ACL_DISCLOSE, NULL )
== LDAP_INSUFFICIENT_ACCESS )
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
}
break;
case LDAP_SUCCESS:
if ( value_find_ex( op->oq_compare.rs_ava->aa_desc,
SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
vals, &ava->aa_value, op->o_tmpmemctx ) == 0 )
{
rs->sr_err = LDAP_COMPARE_TRUE;
break;
} else {
rs->sr_err = LDAP_COMPARE_FALSE;
}
rc = LDAP_SUCCESS;
break;
}
send_ldap_result( op, rs );
if ( rc == 0 ) {
rs->sr_err = LDAP_SUCCESS;
}
if ( vals ) {
ber_bvarray_free_x( vals, op->o_tmpmemctx );
}
}
cleanup:;
op->o_bd = bd;
return rs->sr_err;
}
int
fe_op_search( Operation *op, SlapReply *rs )
{
BackendDB *bd = op->o_bd;
if ( op->ors_scope == LDAP_SCOPE_BASE ) {
Entry *entry = NULL;
if ( BER_BVISEMPTY( &op->o_req_ndn ) ) {
#ifdef LDAP_CONNECTIONLESS
/* Ignore LDAPv2 CLDAP Root DSE queries */
if (op->o_protocol == LDAP_VERSION2 && op->o_conn->c_is_udp) {
goto return_results;
}
#endif
/* check restrictions */
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto return_results;
}
rs->sr_err = root_dse_info( op->o_conn, &entry, &rs->sr_text );
} else if ( bvmatch( &op->o_req_ndn, &frontendDB->be_schemandn ) ) {
/* check restrictions */
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto return_results;
}
rs->sr_err = schema_info( &entry, &rs->sr_text );
}
if( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto return_results;
} else if ( entry != NULL ) {
if ( get_assert( op ) &&
( test_filter( op, entry, get_assertion( op )) != LDAP_COMPARE_TRUE )) {
rs->sr_err = LDAP_ASSERTION_FAILED;
goto fail1;
}
rs->sr_err = test_filter( op, entry, op->ors_filter );
if( rs->sr_err == LDAP_COMPARE_TRUE ) {
/* note: we set no limits because either
* no limit is specified, or at least 1
* is specified, and we're going to return
* at most one entry */
op->ors_slimit = SLAP_NO_LIMIT;
op->ors_tlimit = SLAP_NO_LIMIT;
rs->sr_entry = entry;
rs->sr_attrs = op->ors_attrs;
rs->sr_operational_attrs = NULL;
rs->sr_flags = 0;
send_search_entry( op, rs );
rs->sr_entry = NULL;
rs->sr_operational_attrs = NULL;
}
rs->sr_err = LDAP_SUCCESS;
fail1:
entry_free( entry );
send_ldap_result( op, rs );
goto return_results;
}
}
if( BER_BVISEMPTY( &op->o_req_ndn ) && !BER_BVISEMPTY( &default_search_nbase ) ) {
slap_sl_free( op->o_req_dn.bv_val, op->o_tmpmemctx );
slap_sl_free( op->o_req_ndn.bv_val, op->o_tmpmemctx );
ber_dupbv_x( &op->o_req_dn, &default_search_base, op->o_tmpmemctx );
ber_dupbv_x( &op->o_req_ndn, &default_search_nbase, op->o_tmpmemctx );
}
/*
* We could be serving multiple database backends. Select the
* appropriate one, or send a referral to our "referral server"
* if we don't hold it.
*/
op->o_bd = select_backend( &op->o_req_ndn, 1 );
if ( op->o_bd == NULL ) {
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, op->ors_scope );
if (!rs->sr_ref) rs->sr_ref = default_referral;
rs->sr_err = LDAP_REFERRAL;
op->o_bd = bd;
send_ldap_result( op, rs );
if (rs->sr_ref != default_referral)
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
goto return_results;
}
/* check restrictions */
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto return_results;
}
/* check for referrals */
if( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) {
goto return_results;
}
if ( SLAP_SHADOW(op->o_bd) && get_dontUseCopy(op) ) {
/* don't use shadow copy */
BerVarray defref = op->o_bd->be_update_refs
? op->o_bd->be_update_refs : default_referral;
if( defref != NULL ) {
rs->sr_ref = referral_rewrite( defref,
NULL, &op->o_req_dn, op->ors_scope );
if( !rs->sr_ref) rs->sr_ref = defref;
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
if (rs->sr_ref != defref) ber_bvarray_free( rs->sr_ref );
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"copy not used; no referral information available" );
}
} else if ( op->o_bd->be_search ) {
if ( limits_check( op, rs ) == 0 ) {
/* actually do the search and send the result(s) */
(op->o_bd->be_search)( op, rs );
}
/* else limits_check() sends error */
} else {
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported within namingContext" );
}
return_results:;
op->o_bd = bd;
return rs->sr_err;
}
int
mdb_compare( Operation *op, SlapReply *rs )
{
struct mdb_info *mdb = (struct mdb_info *) op->o_bd->be_private;
Entry *e = NULL;
int manageDSAit = get_manageDSAit( op );
MDB_txn *rtxn;
mdb_op_info opinfo = {{{0}}}, *moi = &opinfo;
rs->sr_err = mdb_opinfo_get(op, mdb, 1, &moi);
switch(rs->sr_err) {
case 0:
break;
default:
send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
return rs->sr_err;
}
rtxn = moi->moi_txn;
/* get entry */
rs->sr_err = mdb_dn2entry( op, rtxn, NULL, &op->o_req_ndn, &e, NULL, 1 );
switch( rs->sr_err ) {
case MDB_NOTFOUND:
case 0:
break;
case LDAP_BUSY:
rs->sr_text = "ldap server busy";
goto return_results;
default:
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
if ( rs->sr_err == MDB_NOTFOUND ) {
if ( e != NULL ) {
/* return referral only if "disclose" is granted on the object */
if ( ! access_allowed( op, e, slap_schema.si_ad_entry,
NULL, ACL_DISCLOSE, NULL ) )
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
} else {
rs->sr_matched = ch_strdup( e->e_dn );
if ( is_entry_referral( e )) {
BerVarray ref = get_entry_referrals( op, e );
rs->sr_ref = referral_rewrite( ref, &e->e_name,
&op->o_req_dn, LDAP_SCOPE_DEFAULT );
ber_bvarray_free( ref );
} else {
rs->sr_ref = NULL;
}
rs->sr_err = LDAP_REFERRAL;
}
mdb_entry_return( op, e );
e = NULL;
} else {
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
rs->sr_err = rs->sr_ref ? LDAP_REFERRAL : LDAP_NO_SUCH_OBJECT;
}
rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
send_ldap_result( op, rs );
goto done;
}
if (!manageDSAit && is_entry_referral( e ) ) {
/* return referral only if "disclose" is granted on the object */
if ( !access_allowed( op, e, slap_schema.si_ad_entry,
NULL, ACL_DISCLOSE, NULL ) )
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
} else {
/* entry is a referral, don't allow compare */
rs->sr_ref = get_entry_referrals( op, e );
rs->sr_err = LDAP_REFERRAL;
rs->sr_matched = e->e_name.bv_val;
}
Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0, 0, 0 );
send_ldap_result( op, rs );
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
goto done;
}
rs->sr_err = slap_compare_entry( op, e, op->orc_ava );
return_results:
send_ldap_result( op, rs );
switch ( rs->sr_err ) {
case LDAP_COMPARE_FALSE:
case LDAP_COMPARE_TRUE:
rs->sr_err = LDAP_SUCCESS;
break;
}
done:
if ( moi == &opinfo ) {
mdb_txn_reset( moi->moi_txn );
LDAP_SLIST_REMOVE( &op->o_extra, &moi->moi_oe, OpExtra, oe_next );
} else {
moi->moi_ref--;
}
/* free entry */
if ( e != NULL ) {
mdb_entry_return( op, e );
}
return rs->sr_err;
}