static int
rc_cf_gen( ConfigArgs *c )
{
slap_overinst *on = (slap_overinst *)c->bi;
retcode_t *rd = (retcode_t *)on->on_bi.bi_private;
int rc = ARG_BAD_CONF;
if ( c->op == SLAP_CONFIG_EMIT ) {
switch( c->type ) {
case RC_PARENT:
if ( !BER_BVISEMPTY( &rd->rd_pdn )) {
rc = value_add_one( &c->rvalue_vals,
&rd->rd_pdn );
if ( rc == 0 ) {
rc = value_add_one( &c->rvalue_nvals,
&rd->rd_npdn );
}
return rc;
}
rc = 0;
break;
case RC_ITEM: {
retcode_item_t *rdi;
int i;
for ( rdi = rd->rd_item, i = 0; rdi; rdi = rdi->rdi_next, i++ ) {
char buf[4096];
struct berval bv;
char *ptr;
bv.bv_len = snprintf( buf, sizeof( buf ), SLAP_X_ORDERED_FMT, i );
bv.bv_len += rdi->rdi_line.bv_len;
ptr = bv.bv_val = ch_malloc( bv.bv_len + 1 );
ptr = lutil_strcopy( ptr, buf );
ptr = lutil_strncopy( ptr, rdi->rdi_line.bv_val, rdi->rdi_line.bv_len );
ber_bvarray_add( &c->rvalue_vals, &bv );
}
rc = 0;
} break;
default:
LDAP_BUG();
break;
}
return rc;
} else if ( c->op == LDAP_MOD_DELETE ) {
switch( c->type ) {
case RC_PARENT:
if ( rd->rd_pdn.bv_val ) {
ber_memfree ( rd->rd_pdn.bv_val );
rc = 0;
}
if ( rd->rd_npdn.bv_val ) {
ber_memfree ( rd->rd_npdn.bv_val );
}
break;
case RC_ITEM:
if ( c->valx == -1 ) {
retcode_item_t *rdi, *next;
for ( rdi = rd->rd_item; rdi != NULL; rdi = next ) {
next = rdi->rdi_next;
retcode_item_destroy( rdi );
}
} else {
retcode_item_t **rdip, *rdi;
int i;
for ( rdip = &rd->rd_item, i = 0; i <= c->valx && *rdip; i++, rdip = &(*rdip)->rdi_next )
;
if ( *rdip == NULL ) {
return 1;
}
rdi = *rdip;
*rdip = rdi->rdi_next;
retcode_item_destroy( rdi );
}
rc = 0;
break;
default:
LDAP_BUG();
break;
}
return rc; /* FIXME */
}
switch( c->type ) {
case RC_PARENT:
if ( rd->rd_pdn.bv_val ) {
ber_memfree ( rd->rd_pdn.bv_val );
}
if ( rd->rd_npdn.bv_val ) {
ber_memfree ( rd->rd_npdn.bv_val );
}
rd->rd_pdn = c->value_dn;
rd->rd_npdn = c->value_ndn;
rc = 0;
break;
case RC_ITEM: {
retcode_item_t rdi = { BER_BVNULL }, **rdip;
struct berval bv, rdn, nrdn;
char *next = NULL;
int i;
if ( c->argc < 3 ) {
snprintf( c->cr_msg, sizeof(c->cr_msg),
"\"retcode-item <RDN> <retcode> [<text>]\": "
"missing args" );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
return ARG_BAD_CONF;
}
ber_str2bv( c->argv[ 1 ], 0, 0, &bv );
rc = dnPrettyNormal( NULL, &bv, &rdn, &nrdn, NULL );
if ( rc != LDAP_SUCCESS ) {
snprintf( c->cr_msg, sizeof(c->cr_msg),
"unable to normalize RDN \"%s\": %d",
c->argv[ 1 ], rc );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
return ARG_BAD_CONF;
}
if ( !dnIsOneLevelRDN( &nrdn ) ) {
snprintf( c->cr_msg, sizeof(c->cr_msg),
"value \"%s\" is not a RDN",
c->argv[ 1 ] );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
return ARG_BAD_CONF;
}
if ( BER_BVISNULL( &rd->rd_npdn ) ) {
/* FIXME: we use the database suffix */
if ( c->be->be_nsuffix == NULL ) {
snprintf( c->cr_msg, sizeof(c->cr_msg),
"either \"retcode-parent\" "
"or \"suffix\" must be defined" );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
return ARG_BAD_CONF;
}
ber_dupbv( &rd->rd_pdn, &c->be->be_suffix[ 0 ] );
ber_dupbv( &rd->rd_npdn, &c->be->be_nsuffix[ 0 ] );
}
build_new_dn( &rdi.rdi_dn, &rd->rd_pdn, &rdn, NULL );
build_new_dn( &rdi.rdi_ndn, &rd->rd_npdn, &nrdn, NULL );
ch_free( rdn.bv_val );
ch_free( nrdn.bv_val );
rdi.rdi_err = strtol( c->argv[ 2 ], &next, 0 );
if ( next == c->argv[ 2 ] || next[ 0 ] != '\0' ) {
snprintf( c->cr_msg, sizeof(c->cr_msg),
"unable to parse return code \"%s\"",
c->argv[ 2 ] );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
return ARG_BAD_CONF;
}
rdi.rdi_mask = SN_DG_OP_ALL;
if ( c->argc > 3 ) {
for ( i = 3; i < c->argc; i++ ) {
if ( strncasecmp( c->argv[ i ], "op=", STRLENOF( "op=" ) ) == 0 )
{
char **ops;
int j;
ops = ldap_str2charray( &c->argv[ i ][ STRLENOF( "op=" ) ], "," );
assert( ops != NULL );
rdi.rdi_mask = SN_DG_OP_NONE;
for ( j = 0; ops[ j ] != NULL; j++ ) {
if ( strcasecmp( ops[ j ], "add" ) == 0 ) {
rdi.rdi_mask |= SN_DG_OP_ADD;
} else if ( strcasecmp( ops[ j ], "bind" ) == 0 ) {
rdi.rdi_mask |= SN_DG_OP_BIND;
} else if ( strcasecmp( ops[ j ], "compare" ) == 0 ) {
rdi.rdi_mask |= SN_DG_OP_COMPARE;
} else if ( strcasecmp( ops[ j ], "delete" ) == 0 ) {
rdi.rdi_mask |= SN_DG_OP_DELETE;
} else if ( strcasecmp( ops[ j ], "modify" ) == 0 ) {
rdi.rdi_mask |= SN_DG_OP_MODIFY;
} else if ( strcasecmp( ops[ j ], "rename" ) == 0
|| strcasecmp( ops[ j ], "modrdn" ) == 0 )
{
rdi.rdi_mask |= SN_DG_OP_RENAME;
} else if ( strcasecmp( ops[ j ], "search" ) == 0 ) {
rdi.rdi_mask |= SN_DG_OP_SEARCH;
} else if ( strcasecmp( ops[ j ], "extended" ) == 0 ) {
rdi.rdi_mask |= SN_DG_EXTENDED;
} else if ( strcasecmp( ops[ j ], "auth" ) == 0 ) {
rdi.rdi_mask |= SN_DG_OP_AUTH;
} else if ( strcasecmp( ops[ j ], "read" ) == 0 ) {
rdi.rdi_mask |= SN_DG_OP_READ;
} else if ( strcasecmp( ops[ j ], "write" ) == 0 ) {
rdi.rdi_mask |= SN_DG_OP_WRITE;
} else if ( strcasecmp( ops[ j ], "all" ) == 0 ) {
rdi.rdi_mask |= SN_DG_OP_ALL;
} else {
snprintf( c->cr_msg, sizeof(c->cr_msg),
"unknown op \"%s\"",
ops[ j ] );
ldap_charray_free( ops );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
return ARG_BAD_CONF;
}
}
ldap_charray_free( ops );
} else if ( strncasecmp( c->argv[ i ], "text=", STRLENOF( "text=" ) ) == 0 )
{
if ( !BER_BVISNULL( &rdi.rdi_text ) ) {
snprintf( c->cr_msg, sizeof(c->cr_msg),
"\"text\" already provided" );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
return ARG_BAD_CONF;
}
ber_str2bv( &c->argv[ i ][ STRLENOF( "text=" ) ], 0, 1, &rdi.rdi_text );
} else if ( strncasecmp( c->argv[ i ], "matched=", STRLENOF( "matched=" ) ) == 0 )
{
struct berval dn;
if ( !BER_BVISNULL( &rdi.rdi_matched ) ) {
snprintf( c->cr_msg, sizeof(c->cr_msg),
"\"matched\" already provided" );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
return ARG_BAD_CONF;
}
ber_str2bv( &c->argv[ i ][ STRLENOF( "matched=" ) ], 0, 0, &dn );
if ( dnPretty( NULL, &dn, &rdi.rdi_matched, NULL ) != LDAP_SUCCESS ) {
snprintf( c->cr_msg, sizeof(c->cr_msg),
"unable to prettify matched DN \"%s\"",
&c->argv[ i ][ STRLENOF( "matched=" ) ] );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
return ARG_BAD_CONF;
}
} else if ( strncasecmp( c->argv[ i ], "ref=", STRLENOF( "ref=" ) ) == 0 )
{
char **refs;
int j;
if ( rdi.rdi_ref != NULL ) {
snprintf( c->cr_msg, sizeof(c->cr_msg),
"\"ref\" already provided" );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
return ARG_BAD_CONF;
}
if ( rdi.rdi_err != LDAP_REFERRAL ) {
snprintf( c->cr_msg, sizeof(c->cr_msg),
"providing \"ref\" "
"along with a non-referral "
"resultCode may cause slapd failures "
"related to internal checks" );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
}
refs = ldap_str2charray( &c->argv[ i ][ STRLENOF( "ref=" ) ], " " );
assert( refs != NULL );
for ( j = 0; refs[ j ] != NULL; j++ ) {
struct berval bv;
ber_str2bv( refs[ j ], 0, 1, &bv );
ber_bvarray_add( &rdi.rdi_ref, &bv );
}
ldap_charray_free( refs );
} else if ( strncasecmp( c->argv[ i ], "sleeptime=", STRLENOF( "sleeptime=" ) ) == 0 )
{
if ( rdi.rdi_sleeptime != 0 ) {
snprintf( c->cr_msg, sizeof(c->cr_msg),
"\"sleeptime\" already provided" );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
return ARG_BAD_CONF;
}
if ( lutil_atoi( &rdi.rdi_sleeptime, &c->argv[ i ][ STRLENOF( "sleeptime=" ) ] ) ) {
snprintf( c->cr_msg, sizeof(c->cr_msg),
"unable to parse \"sleeptime=%s\"",
&c->argv[ i ][ STRLENOF( "sleeptime=" ) ] );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
return ARG_BAD_CONF;
}
} else if ( strncasecmp( c->argv[ i ], "unsolicited=", STRLENOF( "unsolicited=" ) ) == 0 )
{
char *data;
if ( !BER_BVISNULL( &rdi.rdi_unsolicited_oid ) ) {
snprintf( c->cr_msg, sizeof(c->cr_msg),
"\"unsolicited\" already provided" );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
return ARG_BAD_CONF;
}
data = strchr( &c->argv[ i ][ STRLENOF( "unsolicited=" ) ], ':' );
if ( data != NULL ) {
struct berval oid;
if ( ldif_parse_line2( &c->argv[ i ][ STRLENOF( "unsolicited=" ) ],
&oid, &rdi.rdi_unsolicited_data, NULL ) )
{
snprintf( c->cr_msg, sizeof(c->cr_msg),
"unable to parse \"unsolicited\"" );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
return ARG_BAD_CONF;
}
ber_dupbv( &rdi.rdi_unsolicited_oid, &oid );
} else {
ber_str2bv( &c->argv[ i ][ STRLENOF( "unsolicited=" ) ], 0, 1,
&rdi.rdi_unsolicited_oid );
}
} else if ( strncasecmp( c->argv[ i ], "flags=", STRLENOF( "flags=" ) ) == 0 )
{
char *arg = &c->argv[ i ][ STRLENOF( "flags=" ) ];
if ( strcasecmp( arg, "disconnect" ) == 0 ) {
rdi.rdi_flags |= RDI_PRE_DISCONNECT;
} else if ( strcasecmp( arg, "pre-disconnect" ) == 0 ) {
rdi.rdi_flags |= RDI_PRE_DISCONNECT;
} else if ( strcasecmp( arg, "post-disconnect" ) == 0 ) {
rdi.rdi_flags |= RDI_POST_DISCONNECT;
} else {
snprintf( c->cr_msg, sizeof(c->cr_msg),
"unknown flag \"%s\"", arg );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
return ARG_BAD_CONF;
}
} else {
snprintf( c->cr_msg, sizeof(c->cr_msg),
"unknown option \"%s\"",
c->argv[ i ] );
Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
c->log, c->cr_msg );
return ARG_BAD_CONF;
}
}
}
rdi.rdi_line.bv_len = 2*(c->argc - 1) + c->argc - 2;
for ( i = 1; i < c->argc; i++ ) {
rdi.rdi_line.bv_len += strlen( c->argv[ i ] );
}
next = rdi.rdi_line.bv_val = ch_malloc( rdi.rdi_line.bv_len + 1 );
for ( i = 1; i < c->argc; i++ ) {
*next++ = '"';
next = lutil_strcopy( next, c->argv[ i ] );
*next++ = '"';
*next++ = ' ';
}
*--next = '\0';
for ( rdip = &rd->rd_item; *rdip; rdip = &(*rdip)->rdi_next )
/* go to last */ ;
*rdip = ( retcode_item_t * )ch_malloc( sizeof( retcode_item_t ) );
*(*rdip) = rdi;
rc = 0;
} break;
default:
rc = SLAP_CONF_UNKNOWN;
break;
}
return rc;
}
/*
* dnRelativeMatch routine
*/
int
dnRelativeMatch(
int *matchp,
slap_mask_t flags,
Syntax *syntax,
MatchingRule *mr,
struct berval *value,
void *assertedValue )
{
int match;
struct berval *asserted = (struct berval *) assertedValue;
assert( matchp != NULL );
assert( value != NULL );
assert( assertedValue != NULL );
assert( !BER_BVISNULL( value ) );
assert( !BER_BVISNULL( asserted ) );
if( mr == slap_schema.si_mr_dnSubtreeMatch ) {
if( asserted->bv_len > value->bv_len ) {
match = -1;
} else if ( asserted->bv_len == value->bv_len ) {
match = memcmp( value->bv_val, asserted->bv_val,
value->bv_len );
} else {
if( DN_SEPARATOR(
value->bv_val[value->bv_len - asserted->bv_len - 1] ))
{
match = memcmp(
&value->bv_val[value->bv_len - asserted->bv_len],
asserted->bv_val,
asserted->bv_len );
} else {
match = 1;
}
}
*matchp = match;
return LDAP_SUCCESS;
}
if( mr == slap_schema.si_mr_dnSuperiorMatch ) {
asserted = value;
value = (struct berval *) assertedValue;
mr = slap_schema.si_mr_dnSubordinateMatch;
}
if( mr == slap_schema.si_mr_dnSubordinateMatch ) {
if( asserted->bv_len >= value->bv_len ) {
match = -1;
} else {
if( DN_SEPARATOR(
value->bv_val[value->bv_len - asserted->bv_len - 1] ))
{
match = memcmp(
&value->bv_val[value->bv_len - asserted->bv_len],
asserted->bv_val,
asserted->bv_len );
} else {
match = 1;
}
}
*matchp = match;
return LDAP_SUCCESS;
}
if( mr == slap_schema.si_mr_dnOneLevelMatch ) {
if( asserted->bv_len >= value->bv_len ) {
match = -1;
} else {
if( DN_SEPARATOR(
value->bv_val[value->bv_len - asserted->bv_len - 1] ))
{
match = memcmp(
&value->bv_val[value->bv_len - asserted->bv_len],
asserted->bv_val,
asserted->bv_len );
if( !match ) {
struct berval rdn;
rdn.bv_val = value->bv_val;
rdn.bv_len = value->bv_len - asserted->bv_len - 1;
match = dnIsOneLevelRDN( &rdn ) ? 0 : 1;
}
} else {
match = 1;
}
}
*matchp = match;
return LDAP_SUCCESS;
}
/* should not be reachable */
assert( 0 );
return LDAP_OTHER;
}
static int
allop_op_search( Operation *op, SlapReply *rs )
{
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
allop_t *ao = (allop_t *)on->on_bi.bi_private;
slap_mask_t mask;
int i,
add_allUser = 0;
if ( ao == NULL ) {
if ( !BER_BVISEMPTY( &op->o_req_ndn )
|| op->ors_scope != LDAP_SCOPE_BASE )
{
return SLAP_CB_CONTINUE;
}
} else {
if ( !dnIsSuffix( &op->o_req_ndn, &ao->ao_ndn ) ) {
return SLAP_CB_CONTINUE;
}
switch ( ao->ao_scope ) {
case LDAP_SCOPE_BASE:
if ( op->o_req_ndn.bv_len != ao->ao_ndn.bv_len ) {
return SLAP_CB_CONTINUE;
}
break;
case LDAP_SCOPE_ONELEVEL:
if ( op->ors_scope == LDAP_SCOPE_BASE ) {
struct berval rdn = op->o_req_ndn;
rdn.bv_len -= ao->ao_ndn.bv_len + STRLENOF( "," );
if ( !dnIsOneLevelRDN( &rdn ) ) {
return SLAP_CB_CONTINUE;
}
break;
}
return SLAP_CB_CONTINUE;
case LDAP_SCOPE_SUBTREE:
break;
}
}
mask = slap_attr_flags( op->ors_attrs );
if ( SLAP_OPATTRS( mask ) ) {
return SLAP_CB_CONTINUE;
}
if ( !SLAP_USERATTRS( mask ) ) {
return SLAP_CB_CONTINUE;
}
i = 0;
if ( op->ors_attrs == NULL ) {
add_allUser = 1;
} else {
for ( ; !BER_BVISNULL( &op->ors_attrs[ i ].an_name ); i++ )
;
}
op->ors_attrs = op->o_tmprealloc( op->ors_attrs,
sizeof( AttributeName ) * ( i + add_allUser + 2 ),
op->o_tmpmemctx );
if ( add_allUser ) {
op->ors_attrs[ i ] = slap_anlist_all_user_attributes[ 0 ];
i++;
}
op->ors_attrs[ i ] = slap_anlist_all_operational_attributes[ 0 ];
BER_BVZERO( &op->ors_attrs[ i + 1 ].an_name );
return SLAP_CB_CONTINUE;
}
/*
* returns 1 if suffix is candidate for dn, otherwise 0
*
* Note: this function should never be called if dn is the <suffix>.
*/
int
meta_back_is_candidate(
metatarget_t *mt,
struct berval *ndn,
int scope )
{
struct berval rdn;
int d = ndn->bv_len - mt->mt_nsuffix.bv_len;
if ( d >= 0 ) {
if ( !dnIsSuffix( ndn, &mt->mt_nsuffix ) ) {
return META_NOT_CANDIDATE;
}
/*
* | match | exclude |
* +---------+---------+-------------------+
* | T | T | not candidate |
* | F | T | continue checking |
* +---------+---------+-------------------+
* | T | F | candidate |
* | F | F | not candidate |
* +---------+---------+-------------------+
*/
if ( mt->mt_subtree ) {
int match = ( meta_subtree_match( mt, ndn, scope ) != NULL );
if ( !mt->mt_subtree_exclude ) {
return match ? META_CANDIDATE : META_NOT_CANDIDATE;
}
if ( match /* && mt->mt_subtree_exclude */ ) {
return META_NOT_CANDIDATE;
}
}
switch ( mt->mt_scope ) {
case LDAP_SCOPE_SUBTREE:
default:
return META_CANDIDATE;
case LDAP_SCOPE_SUBORDINATE:
if ( d > 0 ) {
return META_CANDIDATE;
}
break;
/* nearly useless; not allowed by config */
case LDAP_SCOPE_ONELEVEL:
if ( d > 0 ) {
rdn.bv_val = ndn->bv_val;
rdn.bv_len = (ber_len_t)d - STRLENOF( "," );
if ( dnIsOneLevelRDN( &rdn ) ) {
return META_CANDIDATE;
}
}
break;
/* nearly useless; not allowed by config */
case LDAP_SCOPE_BASE:
if ( d == 0 ) {
return META_CANDIDATE;
}
break;
}
} else /* if ( d < 0 ) */ {
if ( !dnIsSuffix( &mt->mt_nsuffix, ndn ) ) {
return META_NOT_CANDIDATE;
}
switch ( scope ) {
case LDAP_SCOPE_SUBTREE:
case LDAP_SCOPE_SUBORDINATE:
/*
* suffix longer than dn, but common part matches
*/
return META_CANDIDATE;
case LDAP_SCOPE_ONELEVEL:
rdn.bv_val = mt->mt_nsuffix.bv_val;
rdn.bv_len = (ber_len_t)(-d) - STRLENOF( "," );
if ( dnIsOneLevelRDN( &rdn ) ) {
return META_CANDIDATE;
}
break;
}
}
return META_NOT_CANDIDATE;
}
meta_search_candidate_t
asyncmeta_back_search_start(
Operation *op,
SlapReply *rs,
a_metaconn_t *mc,
bm_context_t *bc,
int candidate,
struct berval *prcookie,
ber_int_t prsize )
{
SlapReply *candidates = bc->candidates;
a_metainfo_t *mi = ( a_metainfo_t * )mc->mc_info;
a_metatarget_t *mt = mi->mi_targets[ candidate ];
a_metasingleconn_t *msc = &mc->mc_conns[ candidate ];
a_dncookie dc;
struct berval realbase = op->o_req_dn;
int realscope = op->ors_scope;
struct berval mbase = BER_BVNULL;
struct berval mfilter = BER_BVNULL;
char **mapped_attrs = NULL;
int rc;
meta_search_candidate_t retcode;
int timelimit;
int nretries = 1;
LDAPControl **ctrls = NULL;
BerElement *ber;
ber_int_t msgid;
#ifdef SLAPD_META_CLIENT_PR
LDAPControl **save_ctrls = NULL;
#endif /* SLAPD_META_CLIENT_PR */
/* this should not happen; just in case... */
if ( msc->msc_ld == NULL ) {
Debug( LDAP_DEBUG_ANY,
"%s: asyncmeta_back_search_start candidate=%d ld=NULL%s.\n",
op->o_log_prefix, candidate,
META_BACK_ONERR_STOP( mi ) ? "" : " (ignored)" );
candidates[ candidate ].sr_err = LDAP_OTHER;
if ( META_BACK_ONERR_STOP( mi ) ) {
return META_SEARCH_ERR;
}
candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
return META_SEARCH_NOT_CANDIDATE;
}
Debug( LDAP_DEBUG_TRACE, "%s >>> asyncmeta_back_search_start[%d]\n", op->o_log_prefix, candidate, 0 );
/*
* modifies the base according to the scope, if required
*/
if ( mt->mt_nsuffix.bv_len > op->o_req_ndn.bv_len ) {
switch ( op->ors_scope ) {
case LDAP_SCOPE_SUBTREE:
/*
* make the target suffix the new base
* FIXME: this is very forgiving, because
* "illegal" searchBases may be turned
* into the suffix of the target; however,
* the requested searchBase already passed
* thru the candidate analyzer...
*/
if ( dnIsSuffix( &mt->mt_nsuffix, &op->o_req_ndn ) ) {
realbase = mt->mt_nsuffix;
if ( mt->mt_scope == LDAP_SCOPE_SUBORDINATE ) {
realscope = LDAP_SCOPE_SUBORDINATE;
}
} else {
/*
* this target is no longer candidate
*/
retcode = META_SEARCH_NOT_CANDIDATE;
goto doreturn;
}
break;
case LDAP_SCOPE_SUBORDINATE:
case LDAP_SCOPE_ONELEVEL:
{
struct berval rdn = mt->mt_nsuffix;
rdn.bv_len -= op->o_req_ndn.bv_len + STRLENOF( "," );
if ( dnIsOneLevelRDN( &rdn )
&& dnIsSuffix( &mt->mt_nsuffix, &op->o_req_ndn ) )
{
/*
* if there is exactly one level,
* make the target suffix the new
* base, and make scope "base"
*/
realbase = mt->mt_nsuffix;
if ( op->ors_scope == LDAP_SCOPE_SUBORDINATE ) {
if ( mt->mt_scope == LDAP_SCOPE_SUBORDINATE ) {
realscope = LDAP_SCOPE_SUBORDINATE;
} else {
realscope = LDAP_SCOPE_SUBTREE;
}
} else {
realscope = LDAP_SCOPE_BASE;
}
break;
} /* else continue with the next case */
}
case LDAP_SCOPE_BASE:
/*
* this target is no longer candidate
*/
retcode = META_SEARCH_NOT_CANDIDATE;
goto doreturn;
}
}
/* check filter expression */
if ( mt->mt_filter ) {
metafilter_t *mf;
for ( mf = mt->mt_filter; mf; mf = mf->mf_next ) {
if ( regexec( &mf->mf_regex, op->ors_filterstr.bv_val, 0, NULL, 0 ) == 0 )
break;
}
/* nothing matched, this target is no longer a candidate */
if ( !mf ) {
retcode = META_SEARCH_NOT_CANDIDATE;
goto doreturn;
}
}
/*
* Rewrite the search base, if required
*/
dc.target = mt;
dc.ctx = "searchBase";
dc.conn = op->o_conn;
dc.rs = rs;
switch ( asyncmeta_dn_massage( &dc, &realbase, &mbase ) ) {
case LDAP_SUCCESS:
break;
case LDAP_UNWILLING_TO_PERFORM:
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
rs->sr_text = "Operation not allowed";
retcode = META_SEARCH_ERR;
goto doreturn;
default:
/*
* this target is no longer candidate
*/
retcode = META_SEARCH_NOT_CANDIDATE;
goto doreturn;
}
/*
* Maps filter
*/
rc = asyncmeta_filter_map_rewrite( &dc, op->ors_filter,
&mfilter, BACKLDAP_MAP, NULL );
switch ( rc ) {
case LDAP_SUCCESS:
break;
case LDAP_COMPARE_FALSE:
default:
/*
* this target is no longer candidate
*/
retcode = META_SEARCH_NOT_CANDIDATE;
goto done;
}
/*
* Maps required attributes
*/
rc = asyncmeta_map_attrs( op, &mt->mt_rwmap.rwm_at,
op->ors_attrs, BACKLDAP_MAP, &mapped_attrs );
if ( rc != LDAP_SUCCESS ) {
/*
* this target is no longer candidate
*/
retcode = META_SEARCH_NOT_CANDIDATE;
goto done;
}
if ( op->ors_tlimit != SLAP_NO_LIMIT ) {
timelimit = op->ors_tlimit > 0 ? op->ors_tlimit : 1;
} else {
timelimit = -1; /* no limit */
}
#ifdef SLAPD_META_CLIENT_PR
save_ctrls = op->o_ctrls;
{
LDAPControl *pr_c = NULL;
int i = 0, nc = 0;
if ( save_ctrls ) {
for ( ; save_ctrls[i] != NULL; i++ );
nc = i;
pr_c = ldap_control_find( LDAP_CONTROL_PAGEDRESULTS, save_ctrls, NULL );
}
if ( pr_c != NULL ) nc--;
if ( mt->mt_ps > 0 || prcookie != NULL ) nc++;
if ( mt->mt_ps > 0 || prcookie != NULL || pr_c != NULL ) {
int src = 0, dst = 0;
BerElementBuffer berbuf;
BerElement *ber = (BerElement *)&berbuf;
struct berval val = BER_BVNULL;
ber_len_t len;
len = sizeof( LDAPControl * )*( nc + 1 ) + sizeof( LDAPControl );
if ( mt->mt_ps > 0 || prcookie != NULL ) {
struct berval nullcookie = BER_BVNULL;
ber_tag_t tag;
if ( prsize == 0 && mt->mt_ps > 0 ) prsize = mt->mt_ps;
if ( prcookie == NULL ) prcookie = &nullcookie;
ber_init2( ber, NULL, LBER_USE_DER );
tag = ber_printf( ber, "{iO}", prsize, prcookie );
if ( tag == LBER_ERROR ) {
/* error */
(void) ber_free_buf( ber );
goto done_pr;
}
tag = ber_flatten2( ber, &val, 0 );
if ( tag == LBER_ERROR ) {
/* error */
(void) ber_free_buf( ber );
goto done_pr;
}
len += val.bv_len + 1;
}
op->o_ctrls = op->o_tmpalloc( len, op->o_tmpmemctx );
if ( save_ctrls ) {
for ( ; save_ctrls[ src ] != NULL; src++ ) {
if ( save_ctrls[ src ] != pr_c ) {
op->o_ctrls[ dst ] = save_ctrls[ src ];
dst++;
}
}
}
if ( mt->mt_ps > 0 || prcookie != NULL ) {
op->o_ctrls[ dst ] = (LDAPControl *)&op->o_ctrls[ nc + 1 ];
op->o_ctrls[ dst ]->ldctl_oid = LDAP_CONTROL_PAGEDRESULTS;
op->o_ctrls[ dst ]->ldctl_iscritical = 1;
op->o_ctrls[ dst ]->ldctl_value.bv_val = (char *)&op->o_ctrls[ dst ][ 1 ];
AC_MEMCPY( op->o_ctrls[ dst ]->ldctl_value.bv_val, val.bv_val, val.bv_len + 1 );
op->o_ctrls[ dst ]->ldctl_value.bv_len = val.bv_len;
dst++;
(void)ber_free_buf( ber );
}
op->o_ctrls[ dst ] = NULL;
}
done_pr:;
}
#endif /* SLAPD_META_CLIENT_PR */
retry:;
asyncmeta_set_msc_time(msc);
ctrls = op->o_ctrls;
if (nretries == 0)
{
if (rc != LDAP_SUCCESS)
{
rs->sr_err = LDAP_BUSY;
retcode = META_SEARCH_ERR;
candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
goto done;
}
}
if ( asyncmeta_controls_add( op, rs, mc, candidate, &ctrls )
!= LDAP_SUCCESS )
{
candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
retcode = META_SEARCH_NOT_CANDIDATE;
goto done;
}
/*
* Starts the search
*/
ber = ldap_build_search_req( msc->msc_ld,
mbase.bv_val, realscope, mfilter.bv_val,
mapped_attrs, op->ors_attrsonly,
ctrls, NULL, timelimit, op->ors_slimit, op->ors_deref,
&msgid );
if (ber) {
candidates[ candidate ].sr_msgid = msgid;
rc = ldap_send_initial_request( msc->msc_ld, LDAP_REQ_SEARCH,
mbase.bv_val, ber, msgid );
if (rc == msgid)
rc = LDAP_SUCCESS;
else
rc = LDAP_SERVER_DOWN;
switch ( rc ) {
case LDAP_SUCCESS:
retcode = META_SEARCH_CANDIDATE;
asyncmeta_set_msc_time(msc);
break;
case LDAP_SERVER_DOWN:
ldap_pvt_thread_mutex_lock( &mc->mc_om_mutex);
if (mc->mc_active < 1) {
asyncmeta_clear_one_msc(NULL, mc, candidate);
}
ldap_pvt_thread_mutex_unlock( &mc->mc_om_mutex);
if ( nretries && asyncmeta_retry( op, rs, &mc, candidate, LDAP_BACK_DONTSEND ) ) {
nretries = 0;
/* if the identity changed, there might be need to re-authz */
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
goto retry;
}
rs->sr_err = LDAP_UNAVAILABLE;
retcode = META_SEARCH_ERR;
break;
default:
candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
retcode = META_SEARCH_NOT_CANDIDATE;
}
}
done:;
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
#ifdef SLAPD_META_CLIENT_PR
if ( save_ctrls != op->o_ctrls ) {
op->o_tmpfree( op->o_ctrls, op->o_tmpmemctx );
op->o_ctrls = save_ctrls;
}
#endif /* SLAPD_META_CLIENT_PR */
if ( mapped_attrs ) {
ber_memfree_x( mapped_attrs, op->o_tmpmemctx );
}
if ( mfilter.bv_val != op->ors_filterstr.bv_val ) {
ber_memfree_x( mfilter.bv_val, NULL );
}
if ( mbase.bv_val != realbase.bv_val ) {
free( mbase.bv_val );
}
doreturn:;
Debug( LDAP_DEBUG_TRACE, "%s <<< asyncmeta_back_search_start[%p]=%d\n", op->o_log_prefix, msc, candidates[candidate].sr_msgid );
return retcode;
}
/*
* returns 1 if suffix is candidate for dn, otherwise 0
*
* Note: this function should never be called if dn is the <suffix>.
*/
int
meta_back_is_candidate(
metatarget_t *mt,
struct berval *ndn,
int scope )
{
if ( dnIsSuffix( ndn, &mt->mt_nsuffix ) ) {
if ( mt->mt_subtree_exclude ) {
int i;
for ( i = 0; !BER_BVISNULL( &mt->mt_subtree_exclude[ i ] ); i++ ) {
if ( dnIsSuffix( ndn, &mt->mt_subtree_exclude[ i ] ) ) {
return META_NOT_CANDIDATE;
}
}
}
switch ( mt->mt_scope ) {
case LDAP_SCOPE_SUBTREE:
default:
return META_CANDIDATE;
case LDAP_SCOPE_SUBORDINATE:
if ( ndn->bv_len > mt->mt_nsuffix.bv_len ) {
return META_CANDIDATE;
}
break;
/* nearly useless; not allowed by config */
case LDAP_SCOPE_ONELEVEL:
if ( ndn->bv_len > mt->mt_nsuffix.bv_len ) {
struct berval rdn = *ndn;
rdn.bv_len -= mt->mt_nsuffix.bv_len
+ STRLENOF( "," );
if ( dnIsOneLevelRDN( &rdn ) ) {
return META_CANDIDATE;
}
}
break;
/* nearly useless; not allowed by config */
case LDAP_SCOPE_BASE:
if ( ndn->bv_len == mt->mt_nsuffix.bv_len ) {
return META_CANDIDATE;
}
break;
}
return META_NOT_CANDIDATE;
}
if ( scope == LDAP_SCOPE_SUBTREE && dnIsSuffix( &mt->mt_nsuffix, ndn ) ) {
/*
* suffix longer than dn, but common part matches
*/
return META_CANDIDATE;
}
return META_NOT_CANDIDATE;
}
