/* Read the old USN from the underlying DB. This code is
* stolen from the syncprov overlay.
*/
static int
usn_db_open(
BackendDB *be,
ConfigReply *cr)
{
slap_overinst *on = (slap_overinst *) be->bd_info;
usn_info_t *ui = (usn_info_t *)on->on_bi.bi_private;
Connection conn = { 0 };
OperationBuffer opbuf;
Operation *op;
Entry *e = NULL;
Attribute *a;
int rc;
void *thrctx = NULL;
thrctx = ldap_pvt_thread_pool_context();
connection_fake_init( &conn, &opbuf, thrctx );
op = &opbuf.ob_op;
op->o_bd = be;
op->o_dn = be->be_rootdn;
op->o_ndn = be->be_rootndn;
rc = overlay_entry_get_ov( op, be->be_nsuffix, NULL,
slap_schema.si_ad_contextCSN, 0, &e, on );
if ( e ) {
a = attr_find( e->e_attrs, ad_usnChanged );
if ( a ) {
ui->ui_current = atoi( a->a_vals[0].bv_val );
}
overlay_entry_release_ov( op, e, 0, on );
}
return 0;
}
static int
dds_db_open(
BackendDB *be,
ConfigReply *cr )
{
slap_overinst *on = (slap_overinst *)be->bd_info;
dds_info_t *di = on->on_bi.bi_private;
int rc = 0;
void *thrctx = ldap_pvt_thread_pool_context();
if ( slapMode & SLAP_TOOL_MODE )
return 0;
if ( DDS_OFF( di ) ) {
goto done;
}
if ( SLAP_SINGLE_SHADOW( be ) ) {
Log1( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
"DDS incompatible with shadow database \"%s\".\n",
be->be_suffix[ 0 ].bv_val );
return 1;
}
if ( di->di_max_ttl == 0 ) {
di->di_max_ttl = DDS_RF2589_DEFAULT_TTL;
}
if ( di->di_min_ttl == 0 ) {
di->di_max_ttl = DDS_RF2589_DEFAULT_TTL;
}
di->di_suffix = be->be_suffix;
di->di_nsuffix = be->be_nsuffix;
/* count the dynamic objects first */
rc = dds_count( thrctx, be );
if ( rc != LDAP_SUCCESS ) {
rc = 1;
goto done;
}
/* start expire task */
ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
di->di_expire_task = ldap_pvt_runqueue_insert( &slapd_rq,
DDS_INTERVAL( di ),
dds_expire_fn, di, "dds_expire_fn",
be->be_suffix[ 0 ].bv_val );
ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
/* register dinamicSubtrees root DSE info support */
rc = entry_info_register( dds_entry_info, (void *)di );
done:;
return rc;
}
static int
usn_db_close(
BackendDB *be,
ConfigReply *cr
)
{
slap_overinst *on = (slap_overinst *)be->bd_info;
usn_info_t *ui = on->on_bi.bi_private;
Connection conn = {0};
OperationBuffer opbuf;
Operation *op;
SlapReply rs = {REP_RESULT};
void *thrctx;
Modifications mod;
slap_callback cb = {0};
char intbuf[64];
struct berval bv[2];
thrctx = ldap_pvt_thread_pool_context();
connection_fake_init( &conn, &opbuf, thrctx );
op = &opbuf.ob_op;
op->o_bd = be;
BER_BVZERO( &bv[1] );
bv[0].bv_len = snprintf( intbuf, sizeof(intbuf), "%d", ui->ui_current );
bv[0].bv_val = intbuf;
mod.sml_numvals = 1;
mod.sml_values = bv;
mod.sml_nvalues = NULL;
mod.sml_desc = ad_usnChanged;
mod.sml_op = LDAP_MOD_REPLACE;
mod.sml_flags = 0;
mod.sml_next = NULL;
cb.sc_response = slap_null_cb;
op->o_tag = LDAP_REQ_MODIFY;
op->o_callback = &cb;
op->orm_modlist = &mod;
op->orm_no_opattrs = 1;
op->o_dn = be->be_rootdn;
op->o_ndn = be->be_rootndn;
op->o_req_dn = op->o_bd->be_suffix[0];
op->o_req_ndn = op->o_bd->be_nsuffix[0];
op->o_bd->bd_info = on->on_info->oi_orig;
op->o_managedsait = SLAP_CONTROL_NONCRITICAL;
op->o_no_schema_check = 1;
op->o_bd->be_modify( op, &rs );
if ( mod.sml_next != NULL ) {
slap_mods_free( mod.sml_next, 1 );
}
return 0;
}
int
bdb_locker_id( Operation *op, DB_ENV *env, int *locker )
{
int i, rc, lockid;
void *data;
void *ctx;
if ( !env || !locker ) return -1;
/* If no op was provided, try to find the ctx anyway... */
if ( op ) {
ctx = op->o_threadctx;
} else {
ctx = ldap_pvt_thread_pool_context( &connection_pool );
}
/* Shouldn't happen unless we're single-threaded */
if ( !ctx ) {
*locker = 0;
return 0;
}
if ( ldap_pvt_thread_pool_getkey( ctx, env, &data, NULL ) ) {
for ( i=0, rc=1; rc != 0 && i<4; i++ ) {
rc = XLOCK_ID( env, &lockid );
if (rc) ldap_pvt_thread_yield();
}
if ( rc != 0) {
return rc;
}
data = (void *)lockid;
if ( ( rc = ldap_pvt_thread_pool_setkey( ctx, env,
data, bdb_locker_id_free ) ) ) {
XLOCK_ID_FREE( env, lockid );
#ifdef NEW_LOGGING
LDAP_LOG( BACK_BDB, ERR, "bdb_locker_id: err %s(%d)\n",
db_strerror(rc), rc, 0 );
#else
Debug( LDAP_DEBUG_ANY, "bdb_locker_id: err %s(%d)\n",
db_strerror(rc), rc, 0 );
#endif
return rc;
}
} else {
lockid = (int)data;
}
*locker = lockid;
return 0;
}
int slap_destroy(void)
{
int rc;
Debug( LDAP_DEBUG_TRACE,
"%s destroy: freeing system resources.\n",
slap_name, 0, 0 );
if ( default_referral ) {
ber_bvarray_free( default_referral );
}
/* clear out any thread-keys for the main thread */
ldap_pvt_thread_pool_context_reset( ldap_pvt_thread_pool_context());
rc = backend_destroy();
slap_sasl_destroy();
/* rootdse destroy goes before entry_destroy()
* because it may use entry_free() */
root_dse_destroy();
entry_destroy();
switch ( slapMode & SLAP_MODE ) {
case SLAP_SERVER_MODE:
case SLAP_TOOL_MODE:
slap_counters_destroy( &slap_counters );
break;
default:
Debug( LDAP_DEBUG_ANY,
"slap_destroy(): undefined mode (%d).\n", slapMode, 0, 0 );
rc = 1;
break;
}
slap_op_destroy();
ldap_pvt_thread_destroy();
/* should destroy the above mutex */
return rc;
}
static int chk_sasl(
const struct berval *sc,
const struct berval * passwd,
const struct berval * cred,
const char **text )
{
unsigned int i;
int rtn;
void *ctx, *sconn = NULL;
for( i=0; i<cred->bv_len; i++) {
if(cred->bv_val[i] == '\0') {
return LUTIL_PASSWD_ERR; /* NUL character in password */
}
}
if( cred->bv_val[i] != '\0' ) {
return LUTIL_PASSWD_ERR; /* cred must behave like a string */
}
for( i=0; i<passwd->bv_len; i++) {
if(passwd->bv_val[i] == '\0') {
return LUTIL_PASSWD_ERR; /* NUL character in password */
}
}
if( passwd->bv_val[i] != '\0' ) {
return LUTIL_PASSWD_ERR; /* passwd must behave like a string */
}
rtn = LUTIL_PASSWD_ERR;
ctx = ldap_pvt_thread_pool_context();
ldap_pvt_thread_pool_getkey( ctx, (void *)slap_sasl_bind, &sconn, NULL );
if( sconn != NULL ) {
int sc;
sc = sasl_checkpass( sconn,
passwd->bv_val, passwd->bv_len,
cred->bv_val, cred->bv_len );
rtn = ( sc != SASL_OK ) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
}
return rtn;
}
/*
** Do a search for all the groups in the
** database, and add them to out internal list.
*/
static int
autogroup_db_open(
BackendDB *be,
ConfigReply *cr )
{
slap_overinst *on = (slap_overinst *) be->bd_info;
autogroup_info_t *agi = on->on_bi.bi_private;
autogroup_def_t *agd;
autogroup_sc_t ags;
Operation *op;
SlapReply rs = { REP_RESULT };
slap_callback cb = { 0 };
void *thrctx = ldap_pvt_thread_pool_context();
Connection conn = { 0 };
OperationBuffer opbuf;
Debug( LDAP_DEBUG_TRACE, "==> autogroup_db_open\n", 0, 0, 0);
if ( agi == NULL ) {
return 0;
}
connection_fake_init( &conn, &opbuf, thrctx );
op = &opbuf.ob_op;
op->ors_attrsonly = 0;
op->o_tag = LDAP_REQ_SEARCH;
op->o_dn = be->be_rootdn;
op->o_ndn = be->be_rootndn;
op->o_req_dn = be->be_suffix[0];
op->o_req_ndn = be->be_nsuffix[0];
op->ors_scope = LDAP_SCOPE_SUBTREE;
op->ors_deref = LDAP_DEREF_NEVER;
op->ors_limit = NULL;
op->ors_tlimit = SLAP_NO_LIMIT;
op->ors_slimit = SLAP_NO_LIMIT;
op->ors_attrs = slap_anlist_no_attrs;
op->o_bd = be;
op->o_bd->bd_info = (BackendInfo *)on->on_info;
ags.ags_info = agi;
cb.sc_private = &ags;
cb.sc_response = autogroup_group_add_cb;
cb.sc_cleanup = NULL;
cb.sc_next = NULL;
op->o_callback = &cb;
for (agd = agi->agi_def ; agd ; agd = agd->agd_next) {
autogroup_build_def_filter(agd, op);
ags.ags_def = agd;
op->o_bd->be_search( op, &rs );
filter_free_x( op, op->ors_filter, 1 );
op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
}
return 0;
}
static int
vernum_repair( BackendDB *be )
{
slap_overinst *on = (slap_overinst *)be->bd_info;
vernum_t *vn = (vernum_t *)on->on_bi.bi_private;
void *ctx = ldap_pvt_thread_pool_context();
Connection conn = { 0 };
OperationBuffer opbuf;
Operation *op;
BackendDB db;
slap_callback sc = { 0 };
vernum_repair_cb_t rcb = { 0 };
SlapReply rs = { REP_RESULT };
vernum_mod_t *rmod;
int nrepaired = 0;
connection_fake_init2( &conn, &opbuf, ctx, 0 );
op = &opbuf.ob_op;
op->o_tag = LDAP_REQ_SEARCH;
memset( &op->oq_search, 0, sizeof( op->oq_search ) );
assert( !BER_BVISNULL( &be->be_nsuffix[ 0 ] ) );
op->o_bd = select_backend( &be->be_nsuffix[ 0 ], 0 );
assert( op->o_bd != NULL );
assert( op->o_bd->be_nsuffix != NULL );
op->o_req_dn = op->o_bd->be_suffix[ 0 ];
op->o_req_ndn = op->o_bd->be_nsuffix[ 0 ];
op->o_dn = op->o_bd->be_rootdn;
op->o_ndn = op->o_bd->be_rootndn;
op->ors_scope = LDAP_SCOPE_SUBTREE;
op->ors_tlimit = SLAP_NO_LIMIT;
op->ors_slimit = SLAP_NO_LIMIT;
op->ors_attrs = slap_anlist_no_attrs;
op->ors_filterstr.bv_len = STRLENOF( "(&(=*)(!(=*)))" )
+ vn->vn_attr->ad_cname.bv_len
+ vn->vn_vernum->ad_cname.bv_len;
op->ors_filterstr.bv_val = op->o_tmpalloc( op->ors_filterstr.bv_len + 1, op->o_tmpmemctx );
snprintf( op->ors_filterstr.bv_val, op->ors_filterstr.bv_len + 1,
"(&(%s=*)(!(%s=*)))",
vn->vn_attr->ad_cname.bv_val,
vn->vn_vernum->ad_cname.bv_val );
op->ors_filter = str2filter_x( op, op->ors_filterstr.bv_val );
if ( op->ors_filter == NULL ) {
rs.sr_err = LDAP_OTHER;
goto done_search;
}
op->o_callback = ≻
sc.sc_response = vernum_repair_cb;
sc.sc_private = &rcb;
rcb.bd = &db;
db = *be;
db.bd_info = (BackendInfo *)on;
(void)op->o_bd->bd_info->bi_op_search( op, &rs );
op->o_tag = LDAP_REQ_MODIFY;
sc.sc_response = slap_null_cb;
sc.sc_private = NULL;
memset( &op->oq_modify, 0, sizeof( req_modify_s ) );
for ( rmod = rcb.mods; rmod != NULL; ) {
vernum_mod_t *rnext;
Modifications mod;
struct berval vals[2] = { BER_BVNULL };
SlapReply rs2 = { REP_RESULT };
mod.sml_flags = SLAP_MOD_INTERNAL;
mod.sml_op = LDAP_MOD_REPLACE;
mod.sml_desc = vn->vn_vernum;
mod.sml_type = vn->vn_vernum->ad_cname;
mod.sml_values = vals;
mod.sml_values[0] = val_init;
mod.sml_nvalues = NULL;
mod.sml_numvals = 1;
mod.sml_next = NULL;
op->o_req_dn = rmod->ndn;
op->o_req_ndn = rmod->ndn;
op->orm_modlist = &mod;
op->o_bd->be_modify( op, &rs2 );
slap_mods_free( op->orm_modlist->sml_next, 1 );
if ( rs2.sr_err == LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, "%s: vernum_repair: entry DN=\"%s\" repaired\n",
op->o_log_prefix, rmod->ndn.bv_val, 0 );
nrepaired++;
} else {
Debug( LDAP_DEBUG_ANY, "%s: vernum_repair: entry DN=\"%s\" repair failed (%d)\n",
op->o_log_prefix, rmod->ndn.bv_val, rs2.sr_err );
}
rnext = rmod->next;
op->o_tmpfree( rmod, op->o_tmpmemctx );
rmod = rnext;
}
done_search:;
op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
filter_free_x( op, op->ors_filter, 1 );
Log1( LDAP_DEBUG_STATS, LDAP_LEVEL_INFO,
"vernum: repaired=%d\n", nrepaired );
return 0;
}
static int
vc_exop(
Operation *op,
SlapReply *rs )
{
int rc = LDAP_SUCCESS;
ber_tag_t tag;
ber_len_t len = -1;
BerElementBuffer berbuf;
BerElement *ber = (BerElement *)&berbuf;
struct berval reqdata = BER_BVNULL;
struct berval cookie = BER_BVNULL;
struct berval bdn = BER_BVNULL;
ber_tag_t authtag;
struct berval cred = BER_BVNULL;
struct berval ndn = BER_BVNULL;
struct berval mechanism = BER_BVNULL;
vc_conn_t *conn = NULL;
vc_cb_t vc = { 0 };
slap_callback sc = { 0 };
SlapReply rs2 = { 0 };
if ( op->ore_reqdata == NULL || op->ore_reqdata->bv_len == 0 ) {
rs->sr_text = "empty request data field in VerifyCredentials exop";
return LDAP_PROTOCOL_ERROR;
}
/* optimistic */
rs->sr_err = LDAP_SUCCESS;
ber_dupbv_x( &reqdata, op->ore_reqdata, op->o_tmpmemctx );
/* ber_init2 uses reqdata directly, doesn't allocate new buffers */
ber_init2( ber, &reqdata, 0 );
tag = ber_scanf( ber, "{" /*}*/ );
if ( tag != LBER_SEQUENCE ) {
rs->sr_err = LDAP_PROTOCOL_ERROR;
goto done;
}
tag = ber_peek_tag( ber, &len );
if ( tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE ) {
/*
* cookie: the pointer to the connection
* of this operation
*/
ber_scanf( ber, "m", &cookie );
if ( cookie.bv_len != sizeof(Connection *) ) {
rs->sr_err = LDAP_PROTOCOL_ERROR;
goto done;
}
}
/* DN, authtag */
tag = ber_scanf( ber, "mt", &bdn, &authtag );
if ( tag == LBER_ERROR ) {
rs->sr_err = LDAP_PROTOCOL_ERROR;
goto done;
}
rc = dnNormalize( 0, NULL, NULL, &bdn, &ndn, op->o_tmpmemctx );
if ( rc != LDAP_SUCCESS ) {
rs->sr_err = LDAP_PROTOCOL_ERROR;
goto done;
}
switch ( authtag ) {
case LDAP_AUTH_SIMPLE:
/* cookie only makes sense for SASL bind (so far) */
if ( !BER_BVISNULL( &cookie ) ) {
rs->sr_err = LDAP_PROTOCOL_ERROR;
goto done;
}
tag = ber_scanf( ber, "m", &cred );
if ( tag == LBER_ERROR ) {
rs->sr_err = LDAP_PROTOCOL_ERROR;
goto done;
}
break;
case LDAP_AUTH_SASL:
tag = ber_scanf( ber, "{s" /*}*/ , &mechanism );
if ( tag == LBER_ERROR ||
BER_BVISNULL( &mechanism ) || BER_BVISEMPTY( &mechanism ) )
{
rs->sr_err = LDAP_PROTOCOL_ERROR;
goto done;
}
tag = ber_peek_tag( ber, &len );
if ( tag == LBER_OCTETSTRING ) {
ber_scanf( ber, "m", &cred );
}
tag = ber_scanf( ber, /*{*/ "}" );
break;
default:
rs->sr_err = LDAP_PROTOCOL_ERROR;
goto done;
}
if ( !BER_BVISNULL( &cookie ) ) {
vc_conn_t tmp = { 0 };
AC_MEMCPY( (char *)&tmp.conn, (const char *)cookie.bv_val, cookie.bv_len );
ldap_pvt_thread_mutex_lock( &vc_mutex );
conn = (vc_conn_t *)avl_find( vc_tree, (caddr_t)&tmp, vc_conn_cmp );
if ( conn == NULL || ( conn != NULL && conn->refcnt != 0 ) ) {
conn = NULL;
ldap_pvt_thread_mutex_unlock( &vc_mutex );
rs->sr_err = LDAP_PROTOCOL_ERROR;
goto done;
}
conn->refcnt++;
ldap_pvt_thread_mutex_unlock( &vc_mutex );
} else {
void *thrctx;
conn = (vc_conn_t *)SLAP_CALLOC( 1, sizeof( vc_conn_t ) );
conn->refcnt = 1;
thrctx = ldap_pvt_thread_pool_context();
connection_fake_init2( &conn->connbuf, &conn->opbuf, thrctx, 0 );
conn->op = &conn->opbuf.ob_op;
snprintf( conn->op->o_log_prefix, sizeof( conn->op->o_log_prefix ),
"%s VERIFYCREDENTIALS", op->o_log_prefix );
}
conn->op->o_tag = LDAP_REQ_BIND;
memset( &conn->op->oq_bind, 0, sizeof( conn->op->oq_bind ) );
conn->op->o_req_dn = ndn;
conn->op->o_req_ndn = ndn;
conn->op->o_protocol = LDAP_VERSION3;
conn->op->orb_method = authtag;
conn->op->o_callback = ≻
/* TODO: controls */
tag = ber_peek_tag( ber, &len );
if ( tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_CONTROLS ) {
conn->op->o_ber = ber;
rc = get_ctrls2( conn->op, &rs2, 0, LDAP_TAG_EXOP_VERIFY_CREDENTIALS_CONTROLS );
if ( rc != LDAP_SUCCESS ) {
rs->sr_err = LDAP_PROTOCOL_ERROR;
goto done;
}
}
tag = ber_skip_tag( ber, &len );
if ( len || tag != LBER_DEFAULT ) {
rs->sr_err = LDAP_PROTOCOL_ERROR;
goto done;
}
switch ( authtag ) {
case LDAP_AUTH_SIMPLE:
break;
case LDAP_AUTH_SASL:
conn->op->orb_mech = mechanism;
break;
}
conn->op->orb_cred = cred;
sc.sc_response = vc_cb;
sc.sc_private = &vc;
conn->op->o_bd = frontendDB;
rs->sr_err = frontendDB->be_bind( conn->op, &rs2 );
if ( conn->op->o_conn->c_sasl_bind_in_progress ) {
rc = vc_create_response( conn, rs2.sr_err, rs2.sr_text,
!BER_BVISEMPTY( &vc.sasldata ) ? &vc.sasldata : NULL,
NULL,
vc.ctrls, &rs->sr_rspdata );
} else {
rc = vc_create_response( NULL, rs2.sr_err, rs2.sr_text,
NULL,
&conn->op->o_conn->c_dn,
vc.ctrls, &rs->sr_rspdata );
}
if ( rc != 0 ) {
rs->sr_err = LDAP_OTHER;
goto done;
}
if ( !BER_BVISNULL( &conn->op->o_conn->c_dn ) &&
conn->op->o_conn->c_dn.bv_val != conn->op->o_conn->c_ndn.bv_val )
ber_memfree( conn->op->o_conn->c_dn.bv_val );
if ( !BER_BVISNULL( &conn->op->o_conn->c_ndn ) )
ber_memfree( conn->op->o_conn->c_ndn.bv_val );
done:;
if ( conn ) {
if ( conn->op->o_conn->c_sasl_bind_in_progress ) {
if ( conn->conn == NULL ) {
conn->conn = conn;
conn->refcnt--;
ldap_pvt_thread_mutex_lock( &vc_mutex );
rc = avl_insert( &vc_tree, (caddr_t)conn,
vc_conn_cmp, vc_conn_dup );
ldap_pvt_thread_mutex_unlock( &vc_mutex );
assert( rc == 0 );
} else {
ldap_pvt_thread_mutex_lock( &vc_mutex );
conn->refcnt--;
ldap_pvt_thread_mutex_unlock( &vc_mutex );
}
} else {
if ( conn->conn != NULL ) {
vc_conn_t *tmp;
ldap_pvt_thread_mutex_lock( &vc_mutex );
tmp = avl_delete( &vc_tree, (caddr_t)conn, vc_conn_cmp );
ldap_pvt_thread_mutex_unlock( &vc_mutex );
}
SLAP_FREE( conn );
}
}
if ( vc.ctrls ) {
ldap_controls_free( vc.ctrls );
vc.ctrls = NULL;
}
if ( !BER_BVISNULL( &ndn ) ) {
op->o_tmpfree( ndn.bv_val, op->o_tmpmemctx );
BER_BVZERO( &ndn );
}
op->o_tmpfree( reqdata.bv_val, op->o_tmpmemctx );
BER_BVZERO( &reqdata );
return rs->sr_err;
}
int
slapschema( int argc, char **argv )
{
ID id;
int rc = EXIT_SUCCESS;
const char *progname = "slapschema";
Connection conn = { 0 };
OperationBuffer opbuf;
Operation *op = NULL;
void *thrctx;
int requestBSF = 0;
int doBSF = 0;
slap_tool_init( progname, SLAPCAT, argc, argv );
requestBSF = ( sub_ndn.bv_len || filter );
#ifdef SIGPIPE
(void) SIGNAL( SIGPIPE, slapcat_sig );
#endif
#ifdef SIGHUP
(void) SIGNAL( SIGHUP, slapcat_sig );
#endif
(void) SIGNAL( SIGINT, slapcat_sig );
(void) SIGNAL( SIGTERM, slapcat_sig );
if( !be->be_entry_open ||
!be->be_entry_close ||
!( be->be_entry_first || be->be_entry_first_x ) ||
!be->be_entry_next ||
!be->be_entry_get )
{
fprintf( stderr, "%s: database doesn't support necessary operations.\n",
progname );
exit( EXIT_FAILURE );
}
if( be->be_entry_open( be, 0 ) != 0 ) {
fprintf( stderr, "%s: could not open database.\n",
progname );
exit( EXIT_FAILURE );
}
thrctx = ldap_pvt_thread_pool_context();
connection_fake_init( &conn, &opbuf, thrctx );
op = &opbuf.ob_op;
op->o_tmpmemctx = NULL;
op->o_bd = be;
if ( !requestBSF && be->be_entry_first ) {
id = be->be_entry_first( be );
} else {
if ( be->be_entry_first_x ) {
id = be->be_entry_first_x( be,
sub_ndn.bv_len ? &sub_ndn : NULL, scope, filter );
} else {
assert( be->be_entry_first != NULL );
doBSF = 1;
id = be->be_entry_first( be );
}
}
for ( ; id != NOID; id = be->be_entry_next( be ) ) {
Entry* e;
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof(textbuf);
const char *text = NULL;
if ( gotsig )
break;
e = be->be_entry_get( be, id );
if ( e == NULL ) {
printf("# no data for entry id=%08lx\n\n", (long) id );
rc = EXIT_FAILURE;
if( continuemode ) continue;
break;
}
if ( doBSF ) {
if ( sub_ndn.bv_len && !dnIsSuffixScope( &e->e_nname, &sub_ndn, scope ) )
{
be_entry_release_r( op, e );
continue;
}
if ( filter != NULL ) {
int rc = test_filter( NULL, e, filter );
if ( rc != LDAP_COMPARE_TRUE ) {
be_entry_release_r( op, e );
continue;
}
}
}
if( verbose ) {
printf( "# id=%08lx\n", (long) id );
}
rc = entry_schema_check( op, e, NULL, 0, 0, NULL,
&text, textbuf, textlen );
if ( rc != LDAP_SUCCESS ) {
fprintf( ldiffp->fp, "# (%d) %s%s%s\n",
rc, ldap_err2string( rc ),
text ? ": " : "",
text ? text : "" );
fprintf( ldiffp->fp, "dn: %s\n\n", e->e_name.bv_val );
}
be_entry_release_r( op, e );
}
be->be_entry_close( be );
if ( slap_tool_destroy() )
rc = EXIT_FAILURE;
return rc;
}
void
slapi_int_connection_init_pb( Slapi_PBlock *pb, ber_tag_t tag )
{
Connection *conn;
Operation *op;
ber_len_t max = sockbuf_max_incoming;
conn = (Connection *) slapi_ch_calloc( 1, sizeof(Connection) );
LDAP_STAILQ_INIT( &conn->c_pending_ops );
op = (Operation *) slapi_ch_calloc( 1, sizeof(OperationBuffer) );
op->o_hdr = &((OperationBuffer *) op)->ob_hdr;
op->o_controls = ((OperationBuffer *) op)->ob_controls;
op->o_callback = (slap_callback *) slapi_ch_calloc( 1, sizeof(slap_callback) );
op->o_callback->sc_response = slapi_int_response;
op->o_callback->sc_cleanup = NULL;
op->o_callback->sc_private = pb;
op->o_callback->sc_next = NULL;
conn->c_pending_ops.stqh_first = op;
/* connection object authorization information */
conn->c_authtype = LDAP_AUTH_NONE;
BER_BVZERO( &conn->c_authmech );
BER_BVZERO( &conn->c_dn );
BER_BVZERO( &conn->c_ndn );
conn->c_listener = &slapi_listener;
ber_dupbv( &conn->c_peer_domain, (struct berval *)&slap_unknown_bv );
ber_dupbv( &conn->c_peer_name, (struct berval *)&slap_unknown_bv );
LDAP_STAILQ_INIT( &conn->c_ops );
BER_BVZERO( &conn->c_sasl_bind_mech );
conn->c_sasl_authctx = NULL;
conn->c_sasl_sockctx = NULL;
conn->c_sasl_extra = NULL;
conn->c_sb = ber_sockbuf_alloc();
ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max );
conn->c_currentber = NULL;
/* should check status of thread calls */
ldap_pvt_thread_mutex_init( &conn->c_mutex );
ldap_pvt_thread_mutex_init( &conn->c_write1_mutex );
ldap_pvt_thread_mutex_init( &conn->c_write2_mutex );
ldap_pvt_thread_cond_init( &conn->c_write1_cv );
ldap_pvt_thread_cond_init( &conn->c_write2_cv );
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
conn->c_n_ops_received = 0;
conn->c_n_ops_executing = 0;
conn->c_n_ops_pending = 0;
conn->c_n_ops_completed = 0;
conn->c_n_get = 0;
conn->c_n_read = 0;
conn->c_n_write = 0;
conn->c_protocol = LDAP_VERSION3;
conn->c_activitytime = conn->c_starttime = slap_get_time();
/*
* A real connection ID is required, because syncrepl associates
* pending CSNs with unique ( connection, operation ) tuples.
* Setting a fake connection ID will cause slap_get_commit_csn()
* to return a stale value.
*/
connection_assign_nextid( conn );
conn->c_conn_state = 0x01; /* SLAP_C_ACTIVE */
conn->c_struct_state = 0x02; /* SLAP_C_USED */
conn->c_ssf = conn->c_transport_ssf = local_ssf;
conn->c_tls_ssf = 0;
backend_connection_init( conn );
conn->c_send_ldap_result = slap_send_ldap_result;
conn->c_send_search_entry = slap_send_search_entry;
conn->c_send_ldap_extended = slap_send_ldap_extended;
conn->c_send_search_reference = slap_send_search_reference;
/* operation object */
op->o_tag = tag;
op->o_protocol = LDAP_VERSION3;
BER_BVZERO( &op->o_authmech );
op->o_time = slap_get_time();
op->o_do_not_cache = 1;
op->o_threadctx = ldap_pvt_thread_pool_context();
op->o_tmpmemctx = NULL;
op->o_tmpmfuncs = &ch_mfuncs;
op->o_conn = conn;
op->o_connid = conn->c_connid;
op->o_bd = frontendDB;
/* extensions */
slapi_int_create_object_extensions( SLAPI_X_EXT_OPERATION, op );
slapi_int_create_object_extensions( SLAPI_X_EXT_CONNECTION, conn );
pb->pb_rs = (SlapReply *)slapi_ch_calloc( 1, sizeof(SlapReply) );
pb->pb_op = op;
pb->pb_conn = conn;
pb->pb_intop = 1;
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
}
static int
autoca_db_open(
BackendDB *be,
ConfigReply *cr
)
{
slap_overinst *on = (slap_overinst *)be->bd_info;
autoca_info *ai = on->on_bi.bi_private;
Connection conn = { 0 };
OperationBuffer opbuf;
Operation *op;
void *thrctx;
Entry *e;
Attribute *a;
int rc;
if (slapMode & SLAP_TOOL_MODE)
return 0;
if ( ! *aca_attr2[0].ad ) {
int i, code;
const char *text;
for ( i=0; aca_attr2[i].at; i++ ) {
code = slap_str2ad( aca_attr2[i].at, aca_attr2[i].ad, &text );
if ( code ) return code;
}
/* Schema may not be loaded, ignore if missing */
slap_str2ad( "ipHostNumber", &ad_ipaddr, &text );
for ( i=0; aca_ocs[i].ot; i++ ) {
code = register_oc( aca_ocs[i].ot, aca_ocs[i].oc, 0 );
if ( code ) return code;
}
}
thrctx = ldap_pvt_thread_pool_context();
connection_fake_init2( &conn, &opbuf, thrctx, 0 );
op = &opbuf.ob_op;
op->o_bd = be;
op->o_dn = be->be_rootdn;
op->o_ndn = be->be_rootndn;
rc = overlay_entry_get_ov( op, be->be_nsuffix, NULL,
NULL, 0, &e, on );
if ( e ) {
int gotoc = 0, gotat = 0;
if ( is_entry_objectclass( e, oc_caObj, 0 )) {
gotoc = 1;
a = attr_find( e->e_attrs, ad_caPkey );
if ( a ) {
const unsigned char *pp;
pp = (unsigned char *)a->a_vals[0].bv_val;
ai->ai_pkey = d2i_AutoPrivateKey( NULL, &pp, a->a_vals[0].bv_len );
if ( ai->ai_pkey )
{
a = attr_find( e->e_attrs, ad_caCert );
if ( a )
{
pp = (unsigned char *)a->a_vals[0].bv_val;
ai->ai_cert = d2i_X509( NULL, &pp, a->a_vals[0].bv_len );
/* If TLS wasn't configured yet, set this as our CA */
if ( !slap_tls_ctx )
autoca_setca( a->a_vals );
}
}
gotat = 1;
}
}
overlay_entry_release_ov( op, e, 0, on );
/* generate attrs, store... */
if ( !gotat ) {
genargs args;
saveargs arg2;
args.issuer_cert = NULL;
args.issuer_pkey = NULL;
args.subjectDN = &be->be_suffix[0];
args.cert_exts = CAexts;
args.more_exts = NULL;
args.keybits = ai->ai_cakeybits;
args.days = ai->ai_cadays;
rc = autoca_gencert( op, &args );
if ( rc )
return -1;
ai->ai_cert = args.newcert;
ai->ai_pkey = args.newpkey;
arg2.dn = be->be_suffix;
arg2.ndn = be->be_nsuffix;
arg2.isca = 1;
if ( !gotoc )
arg2.oc = oc_caObj;
else
arg2.oc = NULL;
arg2.on = on;
arg2.dercert = &args.dercert;
arg2.derpkey = &args.derpkey;
autoca_savecert( op, &arg2 );
/* If TLS wasn't configured yet, set this as our CA */
if ( !slap_tls_ctx )
autoca_setca( &args.dercert );
op->o_tmpfree( args.dercert.bv_val, op->o_tmpmemctx );
op->o_tmpfree( args.derpkey.bv_val, op->o_tmpmemctx );
}
}
return 0;
}
int
backsql_db_open(
BackendDB *bd,
ConfigReply *cr )
{
backsql_info *bi = (backsql_info*)bd->be_private;
struct berbuf bb = BB_NULL;
Connection conn = { 0 };
OperationBuffer opbuf;
Operation* op;
SQLHDBC dbh = SQL_NULL_HDBC;
void *thrctx = ldap_pvt_thread_pool_context();
Debug( LDAP_DEBUG_TRACE, "==>backsql_db_open(): "
"testing RDBMS connection\n", 0, 0, 0 );
if ( bi->sql_dbname == NULL ) {
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
"datasource name not specified "
"(use \"dbname\" directive in slapd.conf)\n", 0, 0, 0 );
return 1;
}
if ( bi->sql_concat_func == NULL ) {
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
"concat func not specified (use \"concat_pattern\" "
"directive in slapd.conf)\n", 0, 0, 0 );
if ( backsql_split_pattern( backsql_def_concat_func,
&bi->sql_concat_func, 2 ) ) {
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
"unable to parse pattern \"%s\"",
backsql_def_concat_func, 0, 0 );
return 1;
}
}
/*
* see back-sql.h for default values
*/
if ( BER_BVISNULL( &bi->sql_aliasing ) ) {
ber_str2bv( BACKSQL_ALIASING,
STRLENOF( BACKSQL_ALIASING ),
1, &bi->sql_aliasing );
}
if ( BER_BVISNULL( &bi->sql_aliasing_quote ) ) {
ber_str2bv( BACKSQL_ALIASING_QUOTE,
STRLENOF( BACKSQL_ALIASING_QUOTE ),
1, &bi->sql_aliasing_quote );
}
/*
* Prepare cast string as required
*/
if ( bi->sql_upper_func.bv_val ) {
char buf[1024];
if ( BACKSQL_UPPER_NEEDS_CAST( bi ) ) {
snprintf( buf, sizeof( buf ),
"%s(cast (" /* ? as varchar(%d))) */ ,
bi->sql_upper_func.bv_val );
ber_str2bv( buf, 0, 1, &bi->sql_upper_func_open );
snprintf( buf, sizeof( buf ),
/* (cast(? */ " as varchar(%d)))",
BACKSQL_MAX_DN_LEN );
ber_str2bv( buf, 0, 1, &bi->sql_upper_func_close );
} else {
snprintf( buf, sizeof( buf ), "%s(" /* ?) */ ,
bi->sql_upper_func.bv_val );
ber_str2bv( buf, 0, 1, &bi->sql_upper_func_open );
ber_str2bv( /* (? */ ")", 0, 1, &bi->sql_upper_func_close );
}
}
/* normalize filter values only if necessary */
bi->sql_caseIgnoreMatch = mr_find( "caseIgnoreMatch" );
assert( bi->sql_caseIgnoreMatch != NULL );
bi->sql_telephoneNumberMatch = mr_find( "telephoneNumberMatch" );
assert( bi->sql_telephoneNumberMatch != NULL );
if ( bi->sql_dbuser == NULL ) {
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
"user name not specified "
"(use \"dbuser\" directive in slapd.conf)\n", 0, 0, 0 );
return 1;
}
if ( BER_BVISNULL( &bi->sql_subtree_cond ) ) {
/*
* Prepare concat function for subtree search condition
*/
struct berval concat;
struct berval values[] = {
BER_BVC( "'%'" ),
BER_BVC( "?" ),
BER_BVNULL
};
struct berbuf bb = BB_NULL;
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
"subtree search SQL condition not specified "
"(use \"subtree_cond\" directive in slapd.conf); "
"preparing default\n",
0, 0, 0);
if ( backsql_prepare_pattern( bi->sql_concat_func, values,
&concat ) ) {
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
"unable to prepare CONCAT pattern for subtree search",
0, 0, 0 );
return 1;
}
if ( bi->sql_upper_func.bv_val ) {
/*
* UPPER(ldap_entries.dn) LIKE UPPER(CONCAT('%',?))
*/
backsql_strfcat_x( &bb, NULL, "blbbb",
&bi->sql_upper_func,
(ber_len_t)STRLENOF( "(ldap_entries.dn) LIKE " ),
"(ldap_entries.dn) LIKE ",
&bi->sql_upper_func_open,
&concat,
&bi->sql_upper_func_close );
} else {
/*
* ldap_entries.dn LIKE CONCAT('%',?)
*/
backsql_strfcat_x( &bb, NULL, "lb",
(ber_len_t)STRLENOF( "ldap_entries.dn LIKE " ),
"ldap_entries.dn LIKE ",
&concat );
}
ch_free( concat.bv_val );
bi->sql_subtree_cond = bb.bb_val;
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
"setting \"%s\" as default \"subtree_cond\"\n",
bi->sql_subtree_cond.bv_val, 0, 0 );
}
if ( bi->sql_children_cond.bv_val == NULL ) {
/*
* Prepare concat function for children search condition
*/
struct berval concat;
struct berval values[] = {
BER_BVC( "'%,'" ),
BER_BVC( "?" ),
BER_BVNULL
};
struct berbuf bb = BB_NULL;
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
"children search SQL condition not specified "
"(use \"children_cond\" directive in slapd.conf); "
"preparing default\n",
0, 0, 0);
if ( backsql_prepare_pattern( bi->sql_concat_func, values,
&concat ) ) {
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
"unable to prepare CONCAT pattern for children search", 0, 0, 0 );
return 1;
}
if ( bi->sql_upper_func.bv_val ) {
/*
* UPPER(ldap_entries.dn) LIKE UPPER(CONCAT('%,',?))
*/
backsql_strfcat_x( &bb, NULL, "blbbb",
&bi->sql_upper_func,
(ber_len_t)STRLENOF( "(ldap_entries.dn) LIKE " ),
"(ldap_entries.dn) LIKE ",
&bi->sql_upper_func_open,
&concat,
&bi->sql_upper_func_close );
} else {
/*
* ldap_entries.dn LIKE CONCAT('%,',?)
*/
backsql_strfcat_x( &bb, NULL, "lb",
(ber_len_t)STRLENOF( "ldap_entries.dn LIKE " ),
"ldap_entries.dn LIKE ",
&concat );
}
ch_free( concat.bv_val );
bi->sql_children_cond = bb.bb_val;
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
"setting \"%s\" as default \"children_cond\"\n",
bi->sql_children_cond.bv_val, 0, 0 );
}
if ( bi->sql_dn_match_cond.bv_val == NULL ) {
/*
* Prepare concat function for dn match search condition
*/
struct berbuf bb = BB_NULL;
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
"DN match search SQL condition not specified "
"(use \"dn_match_cond\" directive in slapd.conf); "
"preparing default\n",
0, 0, 0);
if ( bi->sql_upper_func.bv_val ) {
/*
* UPPER(ldap_entries.dn)=?
*/
backsql_strfcat_x( &bb, NULL, "blbcb",
&bi->sql_upper_func,
(ber_len_t)STRLENOF( "(ldap_entries.dn)=" ),
"(ldap_entries.dn)=",
&bi->sql_upper_func_open,
'?',
&bi->sql_upper_func_close );
} else {
/*
* ldap_entries.dn=?
*/
backsql_strfcat_x( &bb, NULL, "l",
(ber_len_t)STRLENOF( "ldap_entries.dn=?" ),
"ldap_entries.dn=?" );
}
bi->sql_dn_match_cond = bb.bb_val;
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
"setting \"%s\" as default \"dn_match_cond\"\n",
bi->sql_dn_match_cond.bv_val, 0, 0 );
}
if ( bi->sql_oc_query == NULL ) {
if ( BACKSQL_CREATE_NEEDS_SELECT( bi ) ) {
bi->sql_oc_query =
ch_strdup( backsql_def_needs_select_oc_query );
} else {
bi->sql_oc_query = ch_strdup( backsql_def_oc_query );
}
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
"objectclass mapping SQL statement not specified "
"(use \"oc_query\" directive in slapd.conf)\n",
0, 0, 0 );
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
"setting \"%s\" by default\n", bi->sql_oc_query, 0, 0 );
}
if ( bi->sql_at_query == NULL ) {
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
"attribute mapping SQL statement not specified "
"(use \"at_query\" directive in slapd.conf)\n",
0, 0, 0 );
Debug(LDAP_DEBUG_TRACE, "backsql_db_open(): "
"setting \"%s\" by default\n",
backsql_def_at_query, 0, 0 );
bi->sql_at_query = ch_strdup( backsql_def_at_query );
}
if ( bi->sql_insentry_stmt == NULL ) {
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
"entry insertion SQL statement not specified "
"(use \"insentry_stmt\" directive in slapd.conf)\n",
0, 0, 0 );
Debug(LDAP_DEBUG_TRACE, "backsql_db_open(): "
"setting \"%s\" by default\n",
backsql_def_insentry_stmt, 0, 0 );
bi->sql_insentry_stmt = ch_strdup( backsql_def_insentry_stmt );
}
if ( bi->sql_delentry_stmt == NULL ) {
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
"entry deletion SQL statement not specified "
"(use \"delentry_stmt\" directive in slapd.conf)\n",
0, 0, 0 );
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
"setting \"%s\" by default\n",
backsql_def_delentry_stmt, 0, 0 );
bi->sql_delentry_stmt = ch_strdup( backsql_def_delentry_stmt );
}
if ( bi->sql_renentry_stmt == NULL ) {
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
"entry deletion SQL statement not specified "
"(use \"renentry_stmt\" directive in slapd.conf)\n",
0, 0, 0 );
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
"setting \"%s\" by default\n",
backsql_def_renentry_stmt, 0, 0 );
bi->sql_renentry_stmt = ch_strdup( backsql_def_renentry_stmt );
}
if ( bi->sql_delobjclasses_stmt == NULL ) {
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
"objclasses deletion SQL statement not specified "
"(use \"delobjclasses_stmt\" directive in slapd.conf)\n",
0, 0, 0 );
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
"setting \"%s\" by default\n",
backsql_def_delobjclasses_stmt, 0, 0 );
bi->sql_delobjclasses_stmt = ch_strdup( backsql_def_delobjclasses_stmt );
}
/* This should just be to force schema loading */
connection_fake_init2( &conn, &opbuf, thrctx, 0 );
op = &opbuf.ob_op;
op->o_bd = bd;
if ( backsql_get_db_conn( op, &dbh ) != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
"connection failed, exiting\n", 0, 0, 0 );
return 1;
}
if ( backsql_load_schema_map( bi, dbh ) != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
"schema mapping failed, exiting\n", 0, 0, 0 );
return 1;
}
if ( backsql_free_db_conn( op, dbh ) != SQL_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
"connection free failed\n", 0, 0, 0 );
}
if ( !BACKSQL_SCHEMA_LOADED( bi ) ) {
Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "
"test failed, schema map not loaded - exiting\n",
0, 0, 0 );
return 1;
}
/*
* Prepare ID selection query
*/
if ( bi->sql_id_query == NULL ) {
/* no custom id_query provided */
if ( bi->sql_upper_func.bv_val == NULL ) {
backsql_strcat_x( &bb, NULL, backsql_id_query, "dn=?", NULL );
} else {
if ( BACKSQL_HAS_LDAPINFO_DN_RU( bi ) ) {
backsql_strcat_x( &bb, NULL, backsql_id_query,
"dn_ru=?", NULL );
} else {
if ( BACKSQL_USE_REVERSE_DN( bi ) ) {
backsql_strfcat_x( &bb, NULL, "sbl",
backsql_id_query,
&bi->sql_upper_func,
(ber_len_t)STRLENOF( "(dn)=?" ), "(dn)=?" );
} else {
backsql_strfcat_x( &bb, NULL, "sblbcb",
backsql_id_query,
&bi->sql_upper_func,
(ber_len_t)STRLENOF( "(dn)=" ), "(dn)=",
&bi->sql_upper_func_open,
'?',
&bi->sql_upper_func_close );
}
}
}
bi->sql_id_query = bb.bb_val.bv_val;
}
/*
* Prepare children count query
*/
BER_BVZERO( &bb.bb_val );
bb.bb_len = 0;
backsql_strfcat_x( &bb, NULL, "sbsb",
"SELECT COUNT(distinct subordinates.id) "
"FROM ldap_entries,ldap_entries ",
&bi->sql_aliasing, "subordinates "
"WHERE subordinates.parent=ldap_entries.id AND ",
&bi->sql_dn_match_cond );
bi->sql_has_children_query = bb.bb_val.bv_val;
/*
* Prepare DN and objectClass aliasing bit of query
*/
BER_BVZERO( &bb.bb_val );
bb.bb_len = 0;
backsql_strfcat_x( &bb, NULL, "sbbsbsbbsb",
" ", &bi->sql_aliasing, &bi->sql_aliasing_quote,
"objectClass", &bi->sql_aliasing_quote,
",ldap_entries.dn ", &bi->sql_aliasing,
&bi->sql_aliasing_quote, "dn", &bi->sql_aliasing_quote );
bi->sql_dn_oc_aliasing = bb.bb_val;
/* should never happen! */
assert( bd->be_nsuffix != NULL );
if ( BER_BVISNULL( &bd->be_nsuffix[ 1 ] ) ) {
/* enable if only one suffix is defined */
bi->sql_flags |= BSQLF_USE_SUBTREE_SHORTCUT;
}
bi->sql_flags |= BSQLF_CHECK_SCHEMA;
Debug( LDAP_DEBUG_TRACE, "<==backsql_db_open(): "
"test succeeded, schema map loaded\n", 0, 0, 0 );
return 0;
}
static int
slapd_rw_apply( void *private, const char *filter, struct berval *val )
{
slapd_map_data *sl = private;
slap_callback cb = { NULL };
Connection conn = {0};
OperationBuffer opbuf;
Operation *op;
void *thrctx;
SlapReply rs = {REP_RESULT};
struct slapd_rw_info si;
char *ptr;
int rc;
thrctx = ldap_pvt_thread_pool_context();
connection_fake_init2( &conn, &opbuf, thrctx, 0 );
op = &opbuf.ob_op;
op->o_tag = LDAP_REQ_SEARCH;
op->o_req_dn = op->o_req_ndn = sl->base;
op->o_bd = select_backend( &op->o_req_ndn, 1 );
if ( !op->o_bd ) {
return REWRITE_ERR;
}
si.si_data = sl;
BER_BVZERO( &si.si_val );
op->ors_scope = sl->scope;
op->ors_deref = LDAP_DEREF_NEVER;
op->ors_slimit = 1;
op->ors_tlimit = SLAP_NO_LIMIT;
int
slapauth( int argc, char **argv )
{
int rc = EXIT_SUCCESS;
const char *progname = "slapauth";
Connection conn = {0};
OperationBuffer opbuf;
Operation *op;
void *thrctx;
slap_tool_init( progname, SLAPAUTH, argc, argv );
argv = &argv[ optind ];
argc -= optind;
thrctx = ldap_pvt_thread_pool_context();
connection_fake_init( &conn, &opbuf, thrctx );
op = &opbuf.ob_op;
conn.c_sasl_bind_mech = mech;
if ( !BER_BVISNULL( &authzID ) ) {
struct berval authzdn;
rc = slap_sasl_getdn( &conn, op, &authzID, NULL, &authzdn,
SLAP_GETDN_AUTHZID );
if ( rc != LDAP_SUCCESS ) {
fprintf( stderr, "authzID: <%s> check failed %d (%s)\n",
authzID.bv_val, rc,
ldap_err2string( rc ) );
rc = 1;
BER_BVZERO( &authzID );
goto destroy;
}
authzID = authzdn;
}
if ( !BER_BVISNULL( &authcID ) ) {
if ( !BER_BVISNULL( &authzID ) || argc == 0 ) {
rc = do_check( &conn, op, &authcID );
goto destroy;
}
for ( ; argc--; argv++ ) {
struct berval authzdn;
ber_str2bv( argv[ 0 ], 0, 0, &authzID );
rc = slap_sasl_getdn( &conn, op, &authzID, NULL, &authzdn,
SLAP_GETDN_AUTHZID );
if ( rc != LDAP_SUCCESS ) {
fprintf( stderr, "authzID: <%s> check failed %d (%s)\n",
authzID.bv_val, rc,
ldap_err2string( rc ) );
rc = -1;
BER_BVZERO( &authzID );
if ( !continuemode ) {
goto destroy;
}
}
authzID = authzdn;
rc = do_check( &conn, op, &authcID );
op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx );
BER_BVZERO( &authzID );
if ( rc && !continuemode ) {
goto destroy;
}
}
goto destroy;
}
for ( ; argc--; argv++ ) {
struct berval id;
ber_str2bv( argv[ 0 ], 0, 0, &id );
rc = do_check( &conn, op, &id );
if ( rc && !continuemode ) {
goto destroy;
}
}
destroy:;
if ( !BER_BVISNULL( &authzID ) ) {
op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx );
}
if ( slap_tool_destroy())
rc = EXIT_FAILURE;
return rc;
}
static int
pguid_repair( BackendDB *be )
{
slap_overinst *on = (slap_overinst *)be->bd_info;
void *ctx = ldap_pvt_thread_pool_context();
Connection conn = { 0 };
OperationBuffer opbuf;
Operation *op;
slap_callback sc = { 0 };
pguid_repair_cb_t pcb = { 0 };
SlapReply rs = { REP_RESULT };
pguid_mod_t *pmod;
int nrepaired = 0;
connection_fake_init2( &conn, &opbuf, ctx, 0 );
op = &opbuf.ob_op;
op->o_tag = LDAP_REQ_SEARCH;
memset( &op->oq_search, 0, sizeof( op->oq_search ) );
op->o_bd = select_backend( &be->be_nsuffix[ 0 ], 0 );
op->o_req_dn = op->o_bd->be_suffix[ 0 ];
op->o_req_ndn = op->o_bd->be_nsuffix[ 0 ];
op->o_dn = op->o_bd->be_rootdn;
op->o_ndn = op->o_bd->be_rootndn;
op->ors_scope = LDAP_SCOPE_SUBORDINATE;
op->ors_tlimit = SLAP_NO_LIMIT;
op->ors_slimit = SLAP_NO_LIMIT;
op->ors_attrs = slap_anlist_no_attrs;
op->ors_filterstr.bv_len = STRLENOF( "(!(=*))" ) + ad_parentUUID->ad_cname.bv_len;
op->ors_filterstr.bv_val = op->o_tmpalloc( op->ors_filterstr.bv_len + 1, op->o_tmpmemctx );
snprintf( op->ors_filterstr.bv_val, op->ors_filterstr.bv_len + 1,
"(!(%s=*))", ad_parentUUID->ad_cname.bv_val );
op->ors_filter = str2filter_x( op, op->ors_filterstr.bv_val );
if ( op->ors_filter == NULL ) {
rs.sr_err = LDAP_OTHER;
goto done_search;
}
op->o_callback = ≻
sc.sc_response = pguid_repair_cb;
sc.sc_private = &pcb;
pcb.on = on;
(void)op->o_bd->bd_info->bi_op_search( op, &rs );
op->o_tag = LDAP_REQ_MODIFY;
sc.sc_response = slap_null_cb;
sc.sc_private = NULL;
memset( &op->oq_modify, 0, sizeof( req_modify_s ) );
for ( pmod = pcb.mods; pmod != NULL; ) {
pguid_mod_t *pnext;
Modifications *mod;
SlapReply rs2 = { REP_RESULT };
mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
mod->sml_flags = SLAP_MOD_INTERNAL;
mod->sml_op = LDAP_MOD_REPLACE;
mod->sml_desc = ad_parentUUID;
mod->sml_type = ad_parentUUID->ad_cname;
mod->sml_values = ch_malloc( sizeof( struct berval ) * 2 );
mod->sml_nvalues = NULL;
mod->sml_numvals = 1;
mod->sml_next = NULL;
ber_dupbv( &mod->sml_values[0], &pmod->pguid );
BER_BVZERO( &mod->sml_values[1] );
op->o_req_dn = pmod->ndn;
op->o_req_ndn = pmod->ndn;
op->orm_modlist = mod;
op->o_bd->be_modify( op, &rs2 );
slap_mods_free( op->orm_modlist, 1 );
if ( rs2.sr_err == LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, "%s: pguid_repair: entry DN=\"%s\" repaired\n",
op->o_log_prefix, pmod->ndn.bv_val, 0 );
nrepaired++;
} else {
Debug( LDAP_DEBUG_ANY, "%s: pguid_repair: entry DN=\"%s\" repair failed (%d)\n",
op->o_log_prefix, pmod->ndn.bv_val, rs2.sr_err );
}
pnext = pmod->next;
op->o_tmpfree( pmod, op->o_tmpmemctx );
pmod = pnext;
}
done_search:;
op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
filter_free_x( op, op->ors_filter, 1 );
Log1( LDAP_DEBUG_STATS, LDAP_LEVEL_INFO,
"pguid: repaired=%d\n", nrepaired );
return rs.sr_err;
}
static int
slap_auxprop_store(
void *glob_context,
sasl_server_params_t *sparams,
struct propctx *prctx,
const char *user,
unsigned ulen)
{
Operation op = {0};
Opheader oph;
int rc, i;
unsigned j;
Connection *conn = NULL;
const struct propval *pr;
Modifications *modlist = NULL, **modtail = &modlist, *mod;
slap_callback cb = { NULL, slap_null_cb, NULL, NULL };
char textbuf[SLAP_TEXT_BUFLEN];
const char *text;
size_t textlen = sizeof(textbuf);
#ifdef SLAP_AUXPROP_DONTUSECOPY
int dontUseCopy = 0;
BackendDB *dontUseCopy_bd = NULL;
#endif /* SLAP_AUXPROP_DONTUSECOPY */
/* just checking if we are enabled */
if (!prctx) return SASL_OK;
if (!sparams || !user) return SASL_BADPARAM;
pr = sparams->utils->prop_get( sparams->propctx );
/* Find our DN and conn first */
for( i = 0; pr[i].name; i++ ) {
if ( pr[i].name[0] == '*' ) {
if ( !strcmp( pr[i].name, slap_propnames[SLAP_SASL_PROP_CONN] ) ) {
if ( pr[i].values && pr[i].values[0] )
AC_MEMCPY( &conn, pr[i].values[0], sizeof( conn ) );
continue;
}
if ( !strcmp( pr[i].name, slap_propnames[SLAP_SASL_PROP_AUTHCLEN] )) {
if ( pr[i].values && pr[i].values[0] )
AC_MEMCPY( &op.o_req_ndn.bv_len, pr[i].values[0],
sizeof( op.o_req_ndn.bv_len ) );
} else if ( !strcmp( pr[i].name, slap_propnames[SLAP_SASL_PROP_AUTHC] ) ) {
if ( pr[i].values )
op.o_req_ndn.bv_val = (char *)pr[i].values[0];
}
#ifdef SLAP_AUXPROP_DONTUSECOPY
if ( slap_dontUseCopy_propnames != NULL ) {
struct berval bv;
ber_str2bv( &pr[i].name[1], 0, 1, &bv );
for ( j = 0; !BER_BVISNULL( &slap_dontUseCopy_propnames[ j ] ); j++ ) {
if ( bvmatch( &bv, &slap_dontUseCopy_propnames[ j ] ) ) {
dontUseCopy = 1;
break;
}
}
}
#endif /* SLAP_AUXPROP_DONTUSECOPY */
}
}
if (!conn || !op.o_req_ndn.bv_val) return SASL_BADPARAM;
op.o_bd = select_backend( &op.o_req_ndn, 1 );
if ( !op.o_bd || !op.o_bd->be_modify ) return SASL_FAIL;
#ifdef SLAP_AUXPROP_DONTUSECOPY
if ( SLAP_SHADOW( op.o_bd ) && dontUseCopy ) {
dontUseCopy_bd = op.o_bd;
op.o_bd = frontendDB;
op.o_dontUseCopy = SLAP_CONTROL_CRITICAL;
}
#endif /* SLAP_AUXPROP_DONTUSECOPY */
pr = sparams->utils->prop_get( prctx );
if (!pr) return SASL_BADPARAM;
for (i=0; pr[i].name; i++);
if (!i) return SASL_BADPARAM;
for (i=0; pr[i].name; i++) {
mod = (Modifications *)ch_malloc( sizeof(Modifications) );
mod->sml_op = LDAP_MOD_REPLACE;
mod->sml_flags = 0;
ber_str2bv( pr[i].name, 0, 0, &mod->sml_type );
mod->sml_numvals = pr[i].nvalues;
mod->sml_values = (struct berval *)ch_malloc( (pr[i].nvalues + 1) *
sizeof(struct berval));
for (j=0; j<pr[i].nvalues; j++) {
ber_str2bv( pr[i].values[j], 0, 1, &mod->sml_values[j]);
}
BER_BVZERO( &mod->sml_values[j] );
mod->sml_nvalues = NULL;
mod->sml_desc = NULL;
*modtail = mod;
modtail = &mod->sml_next;
}
*modtail = NULL;
rc = slap_mods_check( &op, modlist, &text, textbuf, textlen, NULL );
if ( rc == LDAP_SUCCESS ) {
rc = slap_mods_no_user_mod_check( &op, modlist,
&text, textbuf, textlen );
if ( rc == LDAP_SUCCESS ) {
if ( conn->c_sasl_bindop ) {
op.o_hdr = conn->c_sasl_bindop->o_hdr;
} else {
op.o_hdr = &oph;
memset( &oph, 0, sizeof(oph) );
operation_fake_init( conn, &op, ldap_pvt_thread_pool_context(), 0 );
}
op.o_tag = LDAP_REQ_MODIFY;
op.o_ndn = op.o_req_ndn;
op.o_callback = &cb;
slap_op_time( &op.o_time, &op.o_tincr );
op.o_do_not_cache = 1;
op.o_is_auth_check = 1;
op.o_req_dn = op.o_req_ndn;
op.orm_modlist = modlist;
for (;;) {
SlapReply rs = {REP_RESULT};
rc = op.o_bd->be_modify( &op, &rs );
#ifdef SLAP_AUXPROP_DONTUSECOPY
if ( dontUseCopy &&
rs.sr_err == LDAP_UNAVAILABLE &&
slap_dontUseCopy_ignore )
{
op.o_bd = dontUseCopy_bd;
op.o_dontUseCopy = SLAP_CONTROL_NONE;
dontUseCopy = 0;
continue;
}
#endif /* SLAP_AUXPROP_DONTUSECOPY */
break;
}
}
}
slap_mods_free( modlist, 1 );
return rc != LDAP_SUCCESS ? SASL_FAIL : SASL_OK;
}
