/* Read the old USN from the underlying DB. This code is * stolen from the syncprov overlay. */ static int usn_db_open( BackendDB *be, ConfigReply *cr) { slap_overinst *on = (slap_overinst *) be->bd_info; usn_info_t *ui = (usn_info_t *)on->on_bi.bi_private; Connection conn = { 0 }; OperationBuffer opbuf; Operation *op; Entry *e = NULL; Attribute *a; int rc; void *thrctx = NULL; thrctx = ldap_pvt_thread_pool_context(); connection_fake_init( &conn, &opbuf, thrctx ); op = &opbuf.ob_op; op->o_bd = be; op->o_dn = be->be_rootdn; op->o_ndn = be->be_rootndn; rc = overlay_entry_get_ov( op, be->be_nsuffix, NULL, slap_schema.si_ad_contextCSN, 0, &e, on ); if ( e ) { a = attr_find( e->e_attrs, ad_usnChanged ); if ( a ) { ui->ui_current = atoi( a->a_vals[0].bv_val ); } overlay_entry_release_ov( op, e, 0, on ); } return 0; }
static int dds_db_open( BackendDB *be, ConfigReply *cr ) { slap_overinst *on = (slap_overinst *)be->bd_info; dds_info_t *di = on->on_bi.bi_private; int rc = 0; void *thrctx = ldap_pvt_thread_pool_context(); if ( slapMode & SLAP_TOOL_MODE ) return 0; if ( DDS_OFF( di ) ) { goto done; } if ( SLAP_SINGLE_SHADOW( be ) ) { Log1( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR, "DDS incompatible with shadow database \"%s\".\n", be->be_suffix[ 0 ].bv_val ); return 1; } if ( di->di_max_ttl == 0 ) { di->di_max_ttl = DDS_RF2589_DEFAULT_TTL; } if ( di->di_min_ttl == 0 ) { di->di_max_ttl = DDS_RF2589_DEFAULT_TTL; } di->di_suffix = be->be_suffix; di->di_nsuffix = be->be_nsuffix; /* count the dynamic objects first */ rc = dds_count( thrctx, be ); if ( rc != LDAP_SUCCESS ) { rc = 1; goto done; } /* start expire task */ ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex ); di->di_expire_task = ldap_pvt_runqueue_insert( &slapd_rq, DDS_INTERVAL( di ), dds_expire_fn, di, "dds_expire_fn", be->be_suffix[ 0 ].bv_val ); ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex ); /* register dinamicSubtrees root DSE info support */ rc = entry_info_register( dds_entry_info, (void *)di ); done:; return rc; }
static int usn_db_close( BackendDB *be, ConfigReply *cr ) { slap_overinst *on = (slap_overinst *)be->bd_info; usn_info_t *ui = on->on_bi.bi_private; Connection conn = {0}; OperationBuffer opbuf; Operation *op; SlapReply rs = {REP_RESULT}; void *thrctx; Modifications mod; slap_callback cb = {0}; char intbuf[64]; struct berval bv[2]; thrctx = ldap_pvt_thread_pool_context(); connection_fake_init( &conn, &opbuf, thrctx ); op = &opbuf.ob_op; op->o_bd = be; BER_BVZERO( &bv[1] ); bv[0].bv_len = snprintf( intbuf, sizeof(intbuf), "%d", ui->ui_current ); bv[0].bv_val = intbuf; mod.sml_numvals = 1; mod.sml_values = bv; mod.sml_nvalues = NULL; mod.sml_desc = ad_usnChanged; mod.sml_op = LDAP_MOD_REPLACE; mod.sml_flags = 0; mod.sml_next = NULL; cb.sc_response = slap_null_cb; op->o_tag = LDAP_REQ_MODIFY; op->o_callback = &cb; op->orm_modlist = &mod; op->orm_no_opattrs = 1; op->o_dn = be->be_rootdn; op->o_ndn = be->be_rootndn; op->o_req_dn = op->o_bd->be_suffix[0]; op->o_req_ndn = op->o_bd->be_nsuffix[0]; op->o_bd->bd_info = on->on_info->oi_orig; op->o_managedsait = SLAP_CONTROL_NONCRITICAL; op->o_no_schema_check = 1; op->o_bd->be_modify( op, &rs ); if ( mod.sml_next != NULL ) { slap_mods_free( mod.sml_next, 1 ); } return 0; }
int bdb_locker_id( Operation *op, DB_ENV *env, int *locker ) { int i, rc, lockid; void *data; void *ctx; if ( !env || !locker ) return -1; /* If no op was provided, try to find the ctx anyway... */ if ( op ) { ctx = op->o_threadctx; } else { ctx = ldap_pvt_thread_pool_context( &connection_pool ); } /* Shouldn't happen unless we're single-threaded */ if ( !ctx ) { *locker = 0; return 0; } if ( ldap_pvt_thread_pool_getkey( ctx, env, &data, NULL ) ) { for ( i=0, rc=1; rc != 0 && i<4; i++ ) { rc = XLOCK_ID( env, &lockid ); if (rc) ldap_pvt_thread_yield(); } if ( rc != 0) { return rc; } data = (void *)lockid; if ( ( rc = ldap_pvt_thread_pool_setkey( ctx, env, data, bdb_locker_id_free ) ) ) { XLOCK_ID_FREE( env, lockid ); #ifdef NEW_LOGGING LDAP_LOG( BACK_BDB, ERR, "bdb_locker_id: err %s(%d)\n", db_strerror(rc), rc, 0 ); #else Debug( LDAP_DEBUG_ANY, "bdb_locker_id: err %s(%d)\n", db_strerror(rc), rc, 0 ); #endif return rc; } } else { lockid = (int)data; } *locker = lockid; return 0; }
int slap_destroy(void) { int rc; Debug( LDAP_DEBUG_TRACE, "%s destroy: freeing system resources.\n", slap_name, 0, 0 ); if ( default_referral ) { ber_bvarray_free( default_referral ); } /* clear out any thread-keys for the main thread */ ldap_pvt_thread_pool_context_reset( ldap_pvt_thread_pool_context()); rc = backend_destroy(); slap_sasl_destroy(); /* rootdse destroy goes before entry_destroy() * because it may use entry_free() */ root_dse_destroy(); entry_destroy(); switch ( slapMode & SLAP_MODE ) { case SLAP_SERVER_MODE: case SLAP_TOOL_MODE: slap_counters_destroy( &slap_counters ); break; default: Debug( LDAP_DEBUG_ANY, "slap_destroy(): undefined mode (%d).\n", slapMode, 0, 0 ); rc = 1; break; } slap_op_destroy(); ldap_pvt_thread_destroy(); /* should destroy the above mutex */ return rc; }
static int chk_sasl( const struct berval *sc, const struct berval * passwd, const struct berval * cred, const char **text ) { unsigned int i; int rtn; void *ctx, *sconn = NULL; for( i=0; i<cred->bv_len; i++) { if(cred->bv_val[i] == '\0') { return LUTIL_PASSWD_ERR; /* NUL character in password */ } } if( cred->bv_val[i] != '\0' ) { return LUTIL_PASSWD_ERR; /* cred must behave like a string */ } for( i=0; i<passwd->bv_len; i++) { if(passwd->bv_val[i] == '\0') { return LUTIL_PASSWD_ERR; /* NUL character in password */ } } if( passwd->bv_val[i] != '\0' ) { return LUTIL_PASSWD_ERR; /* passwd must behave like a string */ } rtn = LUTIL_PASSWD_ERR; ctx = ldap_pvt_thread_pool_context(); ldap_pvt_thread_pool_getkey( ctx, (void *)slap_sasl_bind, &sconn, NULL ); if( sconn != NULL ) { int sc; sc = sasl_checkpass( sconn, passwd->bv_val, passwd->bv_len, cred->bv_val, cred->bv_len ); rtn = ( sc != SASL_OK ) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK; } return rtn; }
/* ** Do a search for all the groups in the ** database, and add them to out internal list. */ static int autogroup_db_open( BackendDB *be, ConfigReply *cr ) { slap_overinst *on = (slap_overinst *) be->bd_info; autogroup_info_t *agi = on->on_bi.bi_private; autogroup_def_t *agd; autogroup_sc_t ags; Operation *op; SlapReply rs = { REP_RESULT }; slap_callback cb = { 0 }; void *thrctx = ldap_pvt_thread_pool_context(); Connection conn = { 0 }; OperationBuffer opbuf; Debug( LDAP_DEBUG_TRACE, "==> autogroup_db_open\n", 0, 0, 0); if ( agi == NULL ) { return 0; } connection_fake_init( &conn, &opbuf, thrctx ); op = &opbuf.ob_op; op->ors_attrsonly = 0; op->o_tag = LDAP_REQ_SEARCH; op->o_dn = be->be_rootdn; op->o_ndn = be->be_rootndn; op->o_req_dn = be->be_suffix[0]; op->o_req_ndn = be->be_nsuffix[0]; op->ors_scope = LDAP_SCOPE_SUBTREE; op->ors_deref = LDAP_DEREF_NEVER; op->ors_limit = NULL; op->ors_tlimit = SLAP_NO_LIMIT; op->ors_slimit = SLAP_NO_LIMIT; op->ors_attrs = slap_anlist_no_attrs; op->o_bd = be; op->o_bd->bd_info = (BackendInfo *)on->on_info; ags.ags_info = agi; cb.sc_private = &ags; cb.sc_response = autogroup_group_add_cb; cb.sc_cleanup = NULL; cb.sc_next = NULL; op->o_callback = &cb; for (agd = agi->agi_def ; agd ; agd = agd->agd_next) { autogroup_build_def_filter(agd, op); ags.ags_def = agd; op->o_bd->be_search( op, &rs ); filter_free_x( op, op->ors_filter, 1 ); op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx ); } return 0; }
static int vernum_repair( BackendDB *be ) { slap_overinst *on = (slap_overinst *)be->bd_info; vernum_t *vn = (vernum_t *)on->on_bi.bi_private; void *ctx = ldap_pvt_thread_pool_context(); Connection conn = { 0 }; OperationBuffer opbuf; Operation *op; BackendDB db; slap_callback sc = { 0 }; vernum_repair_cb_t rcb = { 0 }; SlapReply rs = { REP_RESULT }; vernum_mod_t *rmod; int nrepaired = 0; connection_fake_init2( &conn, &opbuf, ctx, 0 ); op = &opbuf.ob_op; op->o_tag = LDAP_REQ_SEARCH; memset( &op->oq_search, 0, sizeof( op->oq_search ) ); assert( !BER_BVISNULL( &be->be_nsuffix[ 0 ] ) ); op->o_bd = select_backend( &be->be_nsuffix[ 0 ], 0 ); assert( op->o_bd != NULL ); assert( op->o_bd->be_nsuffix != NULL ); op->o_req_dn = op->o_bd->be_suffix[ 0 ]; op->o_req_ndn = op->o_bd->be_nsuffix[ 0 ]; op->o_dn = op->o_bd->be_rootdn; op->o_ndn = op->o_bd->be_rootndn; op->ors_scope = LDAP_SCOPE_SUBTREE; op->ors_tlimit = SLAP_NO_LIMIT; op->ors_slimit = SLAP_NO_LIMIT; op->ors_attrs = slap_anlist_no_attrs; op->ors_filterstr.bv_len = STRLENOF( "(&(=*)(!(=*)))" ) + vn->vn_attr->ad_cname.bv_len + vn->vn_vernum->ad_cname.bv_len; op->ors_filterstr.bv_val = op->o_tmpalloc( op->ors_filterstr.bv_len + 1, op->o_tmpmemctx ); snprintf( op->ors_filterstr.bv_val, op->ors_filterstr.bv_len + 1, "(&(%s=*)(!(%s=*)))", vn->vn_attr->ad_cname.bv_val, vn->vn_vernum->ad_cname.bv_val ); op->ors_filter = str2filter_x( op, op->ors_filterstr.bv_val ); if ( op->ors_filter == NULL ) { rs.sr_err = LDAP_OTHER; goto done_search; } op->o_callback = ≻ sc.sc_response = vernum_repair_cb; sc.sc_private = &rcb; rcb.bd = &db; db = *be; db.bd_info = (BackendInfo *)on; (void)op->o_bd->bd_info->bi_op_search( op, &rs ); op->o_tag = LDAP_REQ_MODIFY; sc.sc_response = slap_null_cb; sc.sc_private = NULL; memset( &op->oq_modify, 0, sizeof( req_modify_s ) ); for ( rmod = rcb.mods; rmod != NULL; ) { vernum_mod_t *rnext; Modifications mod; struct berval vals[2] = { BER_BVNULL }; SlapReply rs2 = { REP_RESULT }; mod.sml_flags = SLAP_MOD_INTERNAL; mod.sml_op = LDAP_MOD_REPLACE; mod.sml_desc = vn->vn_vernum; mod.sml_type = vn->vn_vernum->ad_cname; mod.sml_values = vals; mod.sml_values[0] = val_init; mod.sml_nvalues = NULL; mod.sml_numvals = 1; mod.sml_next = NULL; op->o_req_dn = rmod->ndn; op->o_req_ndn = rmod->ndn; op->orm_modlist = &mod; op->o_bd->be_modify( op, &rs2 ); slap_mods_free( op->orm_modlist->sml_next, 1 ); if ( rs2.sr_err == LDAP_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, "%s: vernum_repair: entry DN=\"%s\" repaired\n", op->o_log_prefix, rmod->ndn.bv_val, 0 ); nrepaired++; } else { Debug( LDAP_DEBUG_ANY, "%s: vernum_repair: entry DN=\"%s\" repair failed (%d)\n", op->o_log_prefix, rmod->ndn.bv_val, rs2.sr_err ); } rnext = rmod->next; op->o_tmpfree( rmod, op->o_tmpmemctx ); rmod = rnext; } done_search:; op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx ); filter_free_x( op, op->ors_filter, 1 ); Log1( LDAP_DEBUG_STATS, LDAP_LEVEL_INFO, "vernum: repaired=%d\n", nrepaired ); return 0; }
static int vc_exop( Operation *op, SlapReply *rs ) { int rc = LDAP_SUCCESS; ber_tag_t tag; ber_len_t len = -1; BerElementBuffer berbuf; BerElement *ber = (BerElement *)&berbuf; struct berval reqdata = BER_BVNULL; struct berval cookie = BER_BVNULL; struct berval bdn = BER_BVNULL; ber_tag_t authtag; struct berval cred = BER_BVNULL; struct berval ndn = BER_BVNULL; struct berval mechanism = BER_BVNULL; vc_conn_t *conn = NULL; vc_cb_t vc = { 0 }; slap_callback sc = { 0 }; SlapReply rs2 = { 0 }; if ( op->ore_reqdata == NULL || op->ore_reqdata->bv_len == 0 ) { rs->sr_text = "empty request data field in VerifyCredentials exop"; return LDAP_PROTOCOL_ERROR; } /* optimistic */ rs->sr_err = LDAP_SUCCESS; ber_dupbv_x( &reqdata, op->ore_reqdata, op->o_tmpmemctx ); /* ber_init2 uses reqdata directly, doesn't allocate new buffers */ ber_init2( ber, &reqdata, 0 ); tag = ber_scanf( ber, "{" /*}*/ ); if ( tag != LBER_SEQUENCE ) { rs->sr_err = LDAP_PROTOCOL_ERROR; goto done; } tag = ber_peek_tag( ber, &len ); if ( tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE ) { /* * cookie: the pointer to the connection * of this operation */ ber_scanf( ber, "m", &cookie ); if ( cookie.bv_len != sizeof(Connection *) ) { rs->sr_err = LDAP_PROTOCOL_ERROR; goto done; } } /* DN, authtag */ tag = ber_scanf( ber, "mt", &bdn, &authtag ); if ( tag == LBER_ERROR ) { rs->sr_err = LDAP_PROTOCOL_ERROR; goto done; } rc = dnNormalize( 0, NULL, NULL, &bdn, &ndn, op->o_tmpmemctx ); if ( rc != LDAP_SUCCESS ) { rs->sr_err = LDAP_PROTOCOL_ERROR; goto done; } switch ( authtag ) { case LDAP_AUTH_SIMPLE: /* cookie only makes sense for SASL bind (so far) */ if ( !BER_BVISNULL( &cookie ) ) { rs->sr_err = LDAP_PROTOCOL_ERROR; goto done; } tag = ber_scanf( ber, "m", &cred ); if ( tag == LBER_ERROR ) { rs->sr_err = LDAP_PROTOCOL_ERROR; goto done; } break; case LDAP_AUTH_SASL: tag = ber_scanf( ber, "{s" /*}*/ , &mechanism ); if ( tag == LBER_ERROR || BER_BVISNULL( &mechanism ) || BER_BVISEMPTY( &mechanism ) ) { rs->sr_err = LDAP_PROTOCOL_ERROR; goto done; } tag = ber_peek_tag( ber, &len ); if ( tag == LBER_OCTETSTRING ) { ber_scanf( ber, "m", &cred ); } tag = ber_scanf( ber, /*{*/ "}" ); break; default: rs->sr_err = LDAP_PROTOCOL_ERROR; goto done; } if ( !BER_BVISNULL( &cookie ) ) { vc_conn_t tmp = { 0 }; AC_MEMCPY( (char *)&tmp.conn, (const char *)cookie.bv_val, cookie.bv_len ); ldap_pvt_thread_mutex_lock( &vc_mutex ); conn = (vc_conn_t *)avl_find( vc_tree, (caddr_t)&tmp, vc_conn_cmp ); if ( conn == NULL || ( conn != NULL && conn->refcnt != 0 ) ) { conn = NULL; ldap_pvt_thread_mutex_unlock( &vc_mutex ); rs->sr_err = LDAP_PROTOCOL_ERROR; goto done; } conn->refcnt++; ldap_pvt_thread_mutex_unlock( &vc_mutex ); } else { void *thrctx; conn = (vc_conn_t *)SLAP_CALLOC( 1, sizeof( vc_conn_t ) ); conn->refcnt = 1; thrctx = ldap_pvt_thread_pool_context(); connection_fake_init2( &conn->connbuf, &conn->opbuf, thrctx, 0 ); conn->op = &conn->opbuf.ob_op; snprintf( conn->op->o_log_prefix, sizeof( conn->op->o_log_prefix ), "%s VERIFYCREDENTIALS", op->o_log_prefix ); } conn->op->o_tag = LDAP_REQ_BIND; memset( &conn->op->oq_bind, 0, sizeof( conn->op->oq_bind ) ); conn->op->o_req_dn = ndn; conn->op->o_req_ndn = ndn; conn->op->o_protocol = LDAP_VERSION3; conn->op->orb_method = authtag; conn->op->o_callback = ≻ /* TODO: controls */ tag = ber_peek_tag( ber, &len ); if ( tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_CONTROLS ) { conn->op->o_ber = ber; rc = get_ctrls2( conn->op, &rs2, 0, LDAP_TAG_EXOP_VERIFY_CREDENTIALS_CONTROLS ); if ( rc != LDAP_SUCCESS ) { rs->sr_err = LDAP_PROTOCOL_ERROR; goto done; } } tag = ber_skip_tag( ber, &len ); if ( len || tag != LBER_DEFAULT ) { rs->sr_err = LDAP_PROTOCOL_ERROR; goto done; } switch ( authtag ) { case LDAP_AUTH_SIMPLE: break; case LDAP_AUTH_SASL: conn->op->orb_mech = mechanism; break; } conn->op->orb_cred = cred; sc.sc_response = vc_cb; sc.sc_private = &vc; conn->op->o_bd = frontendDB; rs->sr_err = frontendDB->be_bind( conn->op, &rs2 ); if ( conn->op->o_conn->c_sasl_bind_in_progress ) { rc = vc_create_response( conn, rs2.sr_err, rs2.sr_text, !BER_BVISEMPTY( &vc.sasldata ) ? &vc.sasldata : NULL, NULL, vc.ctrls, &rs->sr_rspdata ); } else { rc = vc_create_response( NULL, rs2.sr_err, rs2.sr_text, NULL, &conn->op->o_conn->c_dn, vc.ctrls, &rs->sr_rspdata ); } if ( rc != 0 ) { rs->sr_err = LDAP_OTHER; goto done; } if ( !BER_BVISNULL( &conn->op->o_conn->c_dn ) && conn->op->o_conn->c_dn.bv_val != conn->op->o_conn->c_ndn.bv_val ) ber_memfree( conn->op->o_conn->c_dn.bv_val ); if ( !BER_BVISNULL( &conn->op->o_conn->c_ndn ) ) ber_memfree( conn->op->o_conn->c_ndn.bv_val ); done:; if ( conn ) { if ( conn->op->o_conn->c_sasl_bind_in_progress ) { if ( conn->conn == NULL ) { conn->conn = conn; conn->refcnt--; ldap_pvt_thread_mutex_lock( &vc_mutex ); rc = avl_insert( &vc_tree, (caddr_t)conn, vc_conn_cmp, vc_conn_dup ); ldap_pvt_thread_mutex_unlock( &vc_mutex ); assert( rc == 0 ); } else { ldap_pvt_thread_mutex_lock( &vc_mutex ); conn->refcnt--; ldap_pvt_thread_mutex_unlock( &vc_mutex ); } } else { if ( conn->conn != NULL ) { vc_conn_t *tmp; ldap_pvt_thread_mutex_lock( &vc_mutex ); tmp = avl_delete( &vc_tree, (caddr_t)conn, vc_conn_cmp ); ldap_pvt_thread_mutex_unlock( &vc_mutex ); } SLAP_FREE( conn ); } } if ( vc.ctrls ) { ldap_controls_free( vc.ctrls ); vc.ctrls = NULL; } if ( !BER_BVISNULL( &ndn ) ) { op->o_tmpfree( ndn.bv_val, op->o_tmpmemctx ); BER_BVZERO( &ndn ); } op->o_tmpfree( reqdata.bv_val, op->o_tmpmemctx ); BER_BVZERO( &reqdata ); return rs->sr_err; }
int slapschema( int argc, char **argv ) { ID id; int rc = EXIT_SUCCESS; const char *progname = "slapschema"; Connection conn = { 0 }; OperationBuffer opbuf; Operation *op = NULL; void *thrctx; int requestBSF = 0; int doBSF = 0; slap_tool_init( progname, SLAPCAT, argc, argv ); requestBSF = ( sub_ndn.bv_len || filter ); #ifdef SIGPIPE (void) SIGNAL( SIGPIPE, slapcat_sig ); #endif #ifdef SIGHUP (void) SIGNAL( SIGHUP, slapcat_sig ); #endif (void) SIGNAL( SIGINT, slapcat_sig ); (void) SIGNAL( SIGTERM, slapcat_sig ); if( !be->be_entry_open || !be->be_entry_close || !( be->be_entry_first || be->be_entry_first_x ) || !be->be_entry_next || !be->be_entry_get ) { fprintf( stderr, "%s: database doesn't support necessary operations.\n", progname ); exit( EXIT_FAILURE ); } if( be->be_entry_open( be, 0 ) != 0 ) { fprintf( stderr, "%s: could not open database.\n", progname ); exit( EXIT_FAILURE ); } thrctx = ldap_pvt_thread_pool_context(); connection_fake_init( &conn, &opbuf, thrctx ); op = &opbuf.ob_op; op->o_tmpmemctx = NULL; op->o_bd = be; if ( !requestBSF && be->be_entry_first ) { id = be->be_entry_first( be ); } else { if ( be->be_entry_first_x ) { id = be->be_entry_first_x( be, sub_ndn.bv_len ? &sub_ndn : NULL, scope, filter ); } else { assert( be->be_entry_first != NULL ); doBSF = 1; id = be->be_entry_first( be ); } } for ( ; id != NOID; id = be->be_entry_next( be ) ) { Entry* e; char textbuf[SLAP_TEXT_BUFLEN]; size_t textlen = sizeof(textbuf); const char *text = NULL; if ( gotsig ) break; e = be->be_entry_get( be, id ); if ( e == NULL ) { printf("# no data for entry id=%08lx\n\n", (long) id ); rc = EXIT_FAILURE; if( continuemode ) continue; break; } if ( doBSF ) { if ( sub_ndn.bv_len && !dnIsSuffixScope( &e->e_nname, &sub_ndn, scope ) ) { be_entry_release_r( op, e ); continue; } if ( filter != NULL ) { int rc = test_filter( NULL, e, filter ); if ( rc != LDAP_COMPARE_TRUE ) { be_entry_release_r( op, e ); continue; } } } if( verbose ) { printf( "# id=%08lx\n", (long) id ); } rc = entry_schema_check( op, e, NULL, 0, 0, NULL, &text, textbuf, textlen ); if ( rc != LDAP_SUCCESS ) { fprintf( ldiffp->fp, "# (%d) %s%s%s\n", rc, ldap_err2string( rc ), text ? ": " : "", text ? text : "" ); fprintf( ldiffp->fp, "dn: %s\n\n", e->e_name.bv_val ); } be_entry_release_r( op, e ); } be->be_entry_close( be ); if ( slap_tool_destroy() ) rc = EXIT_FAILURE; return rc; }
void slapi_int_connection_init_pb( Slapi_PBlock *pb, ber_tag_t tag ) { Connection *conn; Operation *op; ber_len_t max = sockbuf_max_incoming; conn = (Connection *) slapi_ch_calloc( 1, sizeof(Connection) ); LDAP_STAILQ_INIT( &conn->c_pending_ops ); op = (Operation *) slapi_ch_calloc( 1, sizeof(OperationBuffer) ); op->o_hdr = &((OperationBuffer *) op)->ob_hdr; op->o_controls = ((OperationBuffer *) op)->ob_controls; op->o_callback = (slap_callback *) slapi_ch_calloc( 1, sizeof(slap_callback) ); op->o_callback->sc_response = slapi_int_response; op->o_callback->sc_cleanup = NULL; op->o_callback->sc_private = pb; op->o_callback->sc_next = NULL; conn->c_pending_ops.stqh_first = op; /* connection object authorization information */ conn->c_authtype = LDAP_AUTH_NONE; BER_BVZERO( &conn->c_authmech ); BER_BVZERO( &conn->c_dn ); BER_BVZERO( &conn->c_ndn ); conn->c_listener = &slapi_listener; ber_dupbv( &conn->c_peer_domain, (struct berval *)&slap_unknown_bv ); ber_dupbv( &conn->c_peer_name, (struct berval *)&slap_unknown_bv ); LDAP_STAILQ_INIT( &conn->c_ops ); BER_BVZERO( &conn->c_sasl_bind_mech ); conn->c_sasl_authctx = NULL; conn->c_sasl_sockctx = NULL; conn->c_sasl_extra = NULL; conn->c_sb = ber_sockbuf_alloc(); ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max ); conn->c_currentber = NULL; /* should check status of thread calls */ ldap_pvt_thread_mutex_init( &conn->c_mutex ); ldap_pvt_thread_mutex_init( &conn->c_write1_mutex ); ldap_pvt_thread_mutex_init( &conn->c_write2_mutex ); ldap_pvt_thread_cond_init( &conn->c_write1_cv ); ldap_pvt_thread_cond_init( &conn->c_write2_cv ); ldap_pvt_thread_mutex_lock( &conn->c_mutex ); conn->c_n_ops_received = 0; conn->c_n_ops_executing = 0; conn->c_n_ops_pending = 0; conn->c_n_ops_completed = 0; conn->c_n_get = 0; conn->c_n_read = 0; conn->c_n_write = 0; conn->c_protocol = LDAP_VERSION3; conn->c_activitytime = conn->c_starttime = slap_get_time(); /* * A real connection ID is required, because syncrepl associates * pending CSNs with unique ( connection, operation ) tuples. * Setting a fake connection ID will cause slap_get_commit_csn() * to return a stale value. */ connection_assign_nextid( conn ); conn->c_conn_state = 0x01; /* SLAP_C_ACTIVE */ conn->c_struct_state = 0x02; /* SLAP_C_USED */ conn->c_ssf = conn->c_transport_ssf = local_ssf; conn->c_tls_ssf = 0; backend_connection_init( conn ); conn->c_send_ldap_result = slap_send_ldap_result; conn->c_send_search_entry = slap_send_search_entry; conn->c_send_ldap_extended = slap_send_ldap_extended; conn->c_send_search_reference = slap_send_search_reference; /* operation object */ op->o_tag = tag; op->o_protocol = LDAP_VERSION3; BER_BVZERO( &op->o_authmech ); op->o_time = slap_get_time(); op->o_do_not_cache = 1; op->o_threadctx = ldap_pvt_thread_pool_context(); op->o_tmpmemctx = NULL; op->o_tmpmfuncs = &ch_mfuncs; op->o_conn = conn; op->o_connid = conn->c_connid; op->o_bd = frontendDB; /* extensions */ slapi_int_create_object_extensions( SLAPI_X_EXT_OPERATION, op ); slapi_int_create_object_extensions( SLAPI_X_EXT_CONNECTION, conn ); pb->pb_rs = (SlapReply *)slapi_ch_calloc( 1, sizeof(SlapReply) ); pb->pb_op = op; pb->pb_conn = conn; pb->pb_intop = 1; ldap_pvt_thread_mutex_unlock( &conn->c_mutex ); }
static int autoca_db_open( BackendDB *be, ConfigReply *cr ) { slap_overinst *on = (slap_overinst *)be->bd_info; autoca_info *ai = on->on_bi.bi_private; Connection conn = { 0 }; OperationBuffer opbuf; Operation *op; void *thrctx; Entry *e; Attribute *a; int rc; if (slapMode & SLAP_TOOL_MODE) return 0; if ( ! *aca_attr2[0].ad ) { int i, code; const char *text; for ( i=0; aca_attr2[i].at; i++ ) { code = slap_str2ad( aca_attr2[i].at, aca_attr2[i].ad, &text ); if ( code ) return code; } /* Schema may not be loaded, ignore if missing */ slap_str2ad( "ipHostNumber", &ad_ipaddr, &text ); for ( i=0; aca_ocs[i].ot; i++ ) { code = register_oc( aca_ocs[i].ot, aca_ocs[i].oc, 0 ); if ( code ) return code; } } thrctx = ldap_pvt_thread_pool_context(); connection_fake_init2( &conn, &opbuf, thrctx, 0 ); op = &opbuf.ob_op; op->o_bd = be; op->o_dn = be->be_rootdn; op->o_ndn = be->be_rootndn; rc = overlay_entry_get_ov( op, be->be_nsuffix, NULL, NULL, 0, &e, on ); if ( e ) { int gotoc = 0, gotat = 0; if ( is_entry_objectclass( e, oc_caObj, 0 )) { gotoc = 1; a = attr_find( e->e_attrs, ad_caPkey ); if ( a ) { const unsigned char *pp; pp = (unsigned char *)a->a_vals[0].bv_val; ai->ai_pkey = d2i_AutoPrivateKey( NULL, &pp, a->a_vals[0].bv_len ); if ( ai->ai_pkey ) { a = attr_find( e->e_attrs, ad_caCert ); if ( a ) { pp = (unsigned char *)a->a_vals[0].bv_val; ai->ai_cert = d2i_X509( NULL, &pp, a->a_vals[0].bv_len ); /* If TLS wasn't configured yet, set this as our CA */ if ( !slap_tls_ctx ) autoca_setca( a->a_vals ); } } gotat = 1; } } overlay_entry_release_ov( op, e, 0, on ); /* generate attrs, store... */ if ( !gotat ) { genargs args; saveargs arg2; args.issuer_cert = NULL; args.issuer_pkey = NULL; args.subjectDN = &be->be_suffix[0]; args.cert_exts = CAexts; args.more_exts = NULL; args.keybits = ai->ai_cakeybits; args.days = ai->ai_cadays; rc = autoca_gencert( op, &args ); if ( rc ) return -1; ai->ai_cert = args.newcert; ai->ai_pkey = args.newpkey; arg2.dn = be->be_suffix; arg2.ndn = be->be_nsuffix; arg2.isca = 1; if ( !gotoc ) arg2.oc = oc_caObj; else arg2.oc = NULL; arg2.on = on; arg2.dercert = &args.dercert; arg2.derpkey = &args.derpkey; autoca_savecert( op, &arg2 ); /* If TLS wasn't configured yet, set this as our CA */ if ( !slap_tls_ctx ) autoca_setca( &args.dercert ); op->o_tmpfree( args.dercert.bv_val, op->o_tmpmemctx ); op->o_tmpfree( args.derpkey.bv_val, op->o_tmpmemctx ); } } return 0; }
int backsql_db_open( BackendDB *bd, ConfigReply *cr ) { backsql_info *bi = (backsql_info*)bd->be_private; struct berbuf bb = BB_NULL; Connection conn = { 0 }; OperationBuffer opbuf; Operation* op; SQLHDBC dbh = SQL_NULL_HDBC; void *thrctx = ldap_pvt_thread_pool_context(); Debug( LDAP_DEBUG_TRACE, "==>backsql_db_open(): " "testing RDBMS connection\n", 0, 0, 0 ); if ( bi->sql_dbname == NULL ) { Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): " "datasource name not specified " "(use \"dbname\" directive in slapd.conf)\n", 0, 0, 0 ); return 1; } if ( bi->sql_concat_func == NULL ) { Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): " "concat func not specified (use \"concat_pattern\" " "directive in slapd.conf)\n", 0, 0, 0 ); if ( backsql_split_pattern( backsql_def_concat_func, &bi->sql_concat_func, 2 ) ) { Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): " "unable to parse pattern \"%s\"", backsql_def_concat_func, 0, 0 ); return 1; } } /* * see back-sql.h for default values */ if ( BER_BVISNULL( &bi->sql_aliasing ) ) { ber_str2bv( BACKSQL_ALIASING, STRLENOF( BACKSQL_ALIASING ), 1, &bi->sql_aliasing ); } if ( BER_BVISNULL( &bi->sql_aliasing_quote ) ) { ber_str2bv( BACKSQL_ALIASING_QUOTE, STRLENOF( BACKSQL_ALIASING_QUOTE ), 1, &bi->sql_aliasing_quote ); } /* * Prepare cast string as required */ if ( bi->sql_upper_func.bv_val ) { char buf[1024]; if ( BACKSQL_UPPER_NEEDS_CAST( bi ) ) { snprintf( buf, sizeof( buf ), "%s(cast (" /* ? as varchar(%d))) */ , bi->sql_upper_func.bv_val ); ber_str2bv( buf, 0, 1, &bi->sql_upper_func_open ); snprintf( buf, sizeof( buf ), /* (cast(? */ " as varchar(%d)))", BACKSQL_MAX_DN_LEN ); ber_str2bv( buf, 0, 1, &bi->sql_upper_func_close ); } else { snprintf( buf, sizeof( buf ), "%s(" /* ?) */ , bi->sql_upper_func.bv_val ); ber_str2bv( buf, 0, 1, &bi->sql_upper_func_open ); ber_str2bv( /* (? */ ")", 0, 1, &bi->sql_upper_func_close ); } } /* normalize filter values only if necessary */ bi->sql_caseIgnoreMatch = mr_find( "caseIgnoreMatch" ); assert( bi->sql_caseIgnoreMatch != NULL ); bi->sql_telephoneNumberMatch = mr_find( "telephoneNumberMatch" ); assert( bi->sql_telephoneNumberMatch != NULL ); if ( bi->sql_dbuser == NULL ) { Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): " "user name not specified " "(use \"dbuser\" directive in slapd.conf)\n", 0, 0, 0 ); return 1; } if ( BER_BVISNULL( &bi->sql_subtree_cond ) ) { /* * Prepare concat function for subtree search condition */ struct berval concat; struct berval values[] = { BER_BVC( "'%'" ), BER_BVC( "?" ), BER_BVNULL }; struct berbuf bb = BB_NULL; Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): " "subtree search SQL condition not specified " "(use \"subtree_cond\" directive in slapd.conf); " "preparing default\n", 0, 0, 0); if ( backsql_prepare_pattern( bi->sql_concat_func, values, &concat ) ) { Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): " "unable to prepare CONCAT pattern for subtree search", 0, 0, 0 ); return 1; } if ( bi->sql_upper_func.bv_val ) { /* * UPPER(ldap_entries.dn) LIKE UPPER(CONCAT('%',?)) */ backsql_strfcat_x( &bb, NULL, "blbbb", &bi->sql_upper_func, (ber_len_t)STRLENOF( "(ldap_entries.dn) LIKE " ), "(ldap_entries.dn) LIKE ", &bi->sql_upper_func_open, &concat, &bi->sql_upper_func_close ); } else { /* * ldap_entries.dn LIKE CONCAT('%',?) */ backsql_strfcat_x( &bb, NULL, "lb", (ber_len_t)STRLENOF( "ldap_entries.dn LIKE " ), "ldap_entries.dn LIKE ", &concat ); } ch_free( concat.bv_val ); bi->sql_subtree_cond = bb.bb_val; Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): " "setting \"%s\" as default \"subtree_cond\"\n", bi->sql_subtree_cond.bv_val, 0, 0 ); } if ( bi->sql_children_cond.bv_val == NULL ) { /* * Prepare concat function for children search condition */ struct berval concat; struct berval values[] = { BER_BVC( "'%,'" ), BER_BVC( "?" ), BER_BVNULL }; struct berbuf bb = BB_NULL; Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): " "children search SQL condition not specified " "(use \"children_cond\" directive in slapd.conf); " "preparing default\n", 0, 0, 0); if ( backsql_prepare_pattern( bi->sql_concat_func, values, &concat ) ) { Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): " "unable to prepare CONCAT pattern for children search", 0, 0, 0 ); return 1; } if ( bi->sql_upper_func.bv_val ) { /* * UPPER(ldap_entries.dn) LIKE UPPER(CONCAT('%,',?)) */ backsql_strfcat_x( &bb, NULL, "blbbb", &bi->sql_upper_func, (ber_len_t)STRLENOF( "(ldap_entries.dn) LIKE " ), "(ldap_entries.dn) LIKE ", &bi->sql_upper_func_open, &concat, &bi->sql_upper_func_close ); } else { /* * ldap_entries.dn LIKE CONCAT('%,',?) */ backsql_strfcat_x( &bb, NULL, "lb", (ber_len_t)STRLENOF( "ldap_entries.dn LIKE " ), "ldap_entries.dn LIKE ", &concat ); } ch_free( concat.bv_val ); bi->sql_children_cond = bb.bb_val; Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): " "setting \"%s\" as default \"children_cond\"\n", bi->sql_children_cond.bv_val, 0, 0 ); } if ( bi->sql_dn_match_cond.bv_val == NULL ) { /* * Prepare concat function for dn match search condition */ struct berbuf bb = BB_NULL; Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): " "DN match search SQL condition not specified " "(use \"dn_match_cond\" directive in slapd.conf); " "preparing default\n", 0, 0, 0); if ( bi->sql_upper_func.bv_val ) { /* * UPPER(ldap_entries.dn)=? */ backsql_strfcat_x( &bb, NULL, "blbcb", &bi->sql_upper_func, (ber_len_t)STRLENOF( "(ldap_entries.dn)=" ), "(ldap_entries.dn)=", &bi->sql_upper_func_open, '?', &bi->sql_upper_func_close ); } else { /* * ldap_entries.dn=? */ backsql_strfcat_x( &bb, NULL, "l", (ber_len_t)STRLENOF( "ldap_entries.dn=?" ), "ldap_entries.dn=?" ); } bi->sql_dn_match_cond = bb.bb_val; Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): " "setting \"%s\" as default \"dn_match_cond\"\n", bi->sql_dn_match_cond.bv_val, 0, 0 ); } if ( bi->sql_oc_query == NULL ) { if ( BACKSQL_CREATE_NEEDS_SELECT( bi ) ) { bi->sql_oc_query = ch_strdup( backsql_def_needs_select_oc_query ); } else { bi->sql_oc_query = ch_strdup( backsql_def_oc_query ); } Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): " "objectclass mapping SQL statement not specified " "(use \"oc_query\" directive in slapd.conf)\n", 0, 0, 0 ); Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): " "setting \"%s\" by default\n", bi->sql_oc_query, 0, 0 ); } if ( bi->sql_at_query == NULL ) { Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): " "attribute mapping SQL statement not specified " "(use \"at_query\" directive in slapd.conf)\n", 0, 0, 0 ); Debug(LDAP_DEBUG_TRACE, "backsql_db_open(): " "setting \"%s\" by default\n", backsql_def_at_query, 0, 0 ); bi->sql_at_query = ch_strdup( backsql_def_at_query ); } if ( bi->sql_insentry_stmt == NULL ) { Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): " "entry insertion SQL statement not specified " "(use \"insentry_stmt\" directive in slapd.conf)\n", 0, 0, 0 ); Debug(LDAP_DEBUG_TRACE, "backsql_db_open(): " "setting \"%s\" by default\n", backsql_def_insentry_stmt, 0, 0 ); bi->sql_insentry_stmt = ch_strdup( backsql_def_insentry_stmt ); } if ( bi->sql_delentry_stmt == NULL ) { Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): " "entry deletion SQL statement not specified " "(use \"delentry_stmt\" directive in slapd.conf)\n", 0, 0, 0 ); Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): " "setting \"%s\" by default\n", backsql_def_delentry_stmt, 0, 0 ); bi->sql_delentry_stmt = ch_strdup( backsql_def_delentry_stmt ); } if ( bi->sql_renentry_stmt == NULL ) { Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): " "entry deletion SQL statement not specified " "(use \"renentry_stmt\" directive in slapd.conf)\n", 0, 0, 0 ); Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): " "setting \"%s\" by default\n", backsql_def_renentry_stmt, 0, 0 ); bi->sql_renentry_stmt = ch_strdup( backsql_def_renentry_stmt ); } if ( bi->sql_delobjclasses_stmt == NULL ) { Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): " "objclasses deletion SQL statement not specified " "(use \"delobjclasses_stmt\" directive in slapd.conf)\n", 0, 0, 0 ); Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): " "setting \"%s\" by default\n", backsql_def_delobjclasses_stmt, 0, 0 ); bi->sql_delobjclasses_stmt = ch_strdup( backsql_def_delobjclasses_stmt ); } /* This should just be to force schema loading */ connection_fake_init2( &conn, &opbuf, thrctx, 0 ); op = &opbuf.ob_op; op->o_bd = bd; if ( backsql_get_db_conn( op, &dbh ) != LDAP_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): " "connection failed, exiting\n", 0, 0, 0 ); return 1; } if ( backsql_load_schema_map( bi, dbh ) != LDAP_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): " "schema mapping failed, exiting\n", 0, 0, 0 ); return 1; } if ( backsql_free_db_conn( op, dbh ) != SQL_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): " "connection free failed\n", 0, 0, 0 ); } if ( !BACKSQL_SCHEMA_LOADED( bi ) ) { Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): " "test failed, schema map not loaded - exiting\n", 0, 0, 0 ); return 1; } /* * Prepare ID selection query */ if ( bi->sql_id_query == NULL ) { /* no custom id_query provided */ if ( bi->sql_upper_func.bv_val == NULL ) { backsql_strcat_x( &bb, NULL, backsql_id_query, "dn=?", NULL ); } else { if ( BACKSQL_HAS_LDAPINFO_DN_RU( bi ) ) { backsql_strcat_x( &bb, NULL, backsql_id_query, "dn_ru=?", NULL ); } else { if ( BACKSQL_USE_REVERSE_DN( bi ) ) { backsql_strfcat_x( &bb, NULL, "sbl", backsql_id_query, &bi->sql_upper_func, (ber_len_t)STRLENOF( "(dn)=?" ), "(dn)=?" ); } else { backsql_strfcat_x( &bb, NULL, "sblbcb", backsql_id_query, &bi->sql_upper_func, (ber_len_t)STRLENOF( "(dn)=" ), "(dn)=", &bi->sql_upper_func_open, '?', &bi->sql_upper_func_close ); } } } bi->sql_id_query = bb.bb_val.bv_val; } /* * Prepare children count query */ BER_BVZERO( &bb.bb_val ); bb.bb_len = 0; backsql_strfcat_x( &bb, NULL, "sbsb", "SELECT COUNT(distinct subordinates.id) " "FROM ldap_entries,ldap_entries ", &bi->sql_aliasing, "subordinates " "WHERE subordinates.parent=ldap_entries.id AND ", &bi->sql_dn_match_cond ); bi->sql_has_children_query = bb.bb_val.bv_val; /* * Prepare DN and objectClass aliasing bit of query */ BER_BVZERO( &bb.bb_val ); bb.bb_len = 0; backsql_strfcat_x( &bb, NULL, "sbbsbsbbsb", " ", &bi->sql_aliasing, &bi->sql_aliasing_quote, "objectClass", &bi->sql_aliasing_quote, ",ldap_entries.dn ", &bi->sql_aliasing, &bi->sql_aliasing_quote, "dn", &bi->sql_aliasing_quote ); bi->sql_dn_oc_aliasing = bb.bb_val; /* should never happen! */ assert( bd->be_nsuffix != NULL ); if ( BER_BVISNULL( &bd->be_nsuffix[ 1 ] ) ) { /* enable if only one suffix is defined */ bi->sql_flags |= BSQLF_USE_SUBTREE_SHORTCUT; } bi->sql_flags |= BSQLF_CHECK_SCHEMA; Debug( LDAP_DEBUG_TRACE, "<==backsql_db_open(): " "test succeeded, schema map loaded\n", 0, 0, 0 ); return 0; }
static int slapd_rw_apply( void *private, const char *filter, struct berval *val ) { slapd_map_data *sl = private; slap_callback cb = { NULL }; Connection conn = {0}; OperationBuffer opbuf; Operation *op; void *thrctx; SlapReply rs = {REP_RESULT}; struct slapd_rw_info si; char *ptr; int rc; thrctx = ldap_pvt_thread_pool_context(); connection_fake_init2( &conn, &opbuf, thrctx, 0 ); op = &opbuf.ob_op; op->o_tag = LDAP_REQ_SEARCH; op->o_req_dn = op->o_req_ndn = sl->base; op->o_bd = select_backend( &op->o_req_ndn, 1 ); if ( !op->o_bd ) { return REWRITE_ERR; } si.si_data = sl; BER_BVZERO( &si.si_val ); op->ors_scope = sl->scope; op->ors_deref = LDAP_DEREF_NEVER; op->ors_slimit = 1; op->ors_tlimit = SLAP_NO_LIMIT;
int slapauth( int argc, char **argv ) { int rc = EXIT_SUCCESS; const char *progname = "slapauth"; Connection conn = {0}; OperationBuffer opbuf; Operation *op; void *thrctx; slap_tool_init( progname, SLAPAUTH, argc, argv ); argv = &argv[ optind ]; argc -= optind; thrctx = ldap_pvt_thread_pool_context(); connection_fake_init( &conn, &opbuf, thrctx ); op = &opbuf.ob_op; conn.c_sasl_bind_mech = mech; if ( !BER_BVISNULL( &authzID ) ) { struct berval authzdn; rc = slap_sasl_getdn( &conn, op, &authzID, NULL, &authzdn, SLAP_GETDN_AUTHZID ); if ( rc != LDAP_SUCCESS ) { fprintf( stderr, "authzID: <%s> check failed %d (%s)\n", authzID.bv_val, rc, ldap_err2string( rc ) ); rc = 1; BER_BVZERO( &authzID ); goto destroy; } authzID = authzdn; } if ( !BER_BVISNULL( &authcID ) ) { if ( !BER_BVISNULL( &authzID ) || argc == 0 ) { rc = do_check( &conn, op, &authcID ); goto destroy; } for ( ; argc--; argv++ ) { struct berval authzdn; ber_str2bv( argv[ 0 ], 0, 0, &authzID ); rc = slap_sasl_getdn( &conn, op, &authzID, NULL, &authzdn, SLAP_GETDN_AUTHZID ); if ( rc != LDAP_SUCCESS ) { fprintf( stderr, "authzID: <%s> check failed %d (%s)\n", authzID.bv_val, rc, ldap_err2string( rc ) ); rc = -1; BER_BVZERO( &authzID ); if ( !continuemode ) { goto destroy; } } authzID = authzdn; rc = do_check( &conn, op, &authcID ); op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx ); BER_BVZERO( &authzID ); if ( rc && !continuemode ) { goto destroy; } } goto destroy; } for ( ; argc--; argv++ ) { struct berval id; ber_str2bv( argv[ 0 ], 0, 0, &id ); rc = do_check( &conn, op, &id ); if ( rc && !continuemode ) { goto destroy; } } destroy:; if ( !BER_BVISNULL( &authzID ) ) { op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx ); } if ( slap_tool_destroy()) rc = EXIT_FAILURE; return rc; }
static int pguid_repair( BackendDB *be ) { slap_overinst *on = (slap_overinst *)be->bd_info; void *ctx = ldap_pvt_thread_pool_context(); Connection conn = { 0 }; OperationBuffer opbuf; Operation *op; slap_callback sc = { 0 }; pguid_repair_cb_t pcb = { 0 }; SlapReply rs = { REP_RESULT }; pguid_mod_t *pmod; int nrepaired = 0; connection_fake_init2( &conn, &opbuf, ctx, 0 ); op = &opbuf.ob_op; op->o_tag = LDAP_REQ_SEARCH; memset( &op->oq_search, 0, sizeof( op->oq_search ) ); op->o_bd = select_backend( &be->be_nsuffix[ 0 ], 0 ); op->o_req_dn = op->o_bd->be_suffix[ 0 ]; op->o_req_ndn = op->o_bd->be_nsuffix[ 0 ]; op->o_dn = op->o_bd->be_rootdn; op->o_ndn = op->o_bd->be_rootndn; op->ors_scope = LDAP_SCOPE_SUBORDINATE; op->ors_tlimit = SLAP_NO_LIMIT; op->ors_slimit = SLAP_NO_LIMIT; op->ors_attrs = slap_anlist_no_attrs; op->ors_filterstr.bv_len = STRLENOF( "(!(=*))" ) + ad_parentUUID->ad_cname.bv_len; op->ors_filterstr.bv_val = op->o_tmpalloc( op->ors_filterstr.bv_len + 1, op->o_tmpmemctx ); snprintf( op->ors_filterstr.bv_val, op->ors_filterstr.bv_len + 1, "(!(%s=*))", ad_parentUUID->ad_cname.bv_val ); op->ors_filter = str2filter_x( op, op->ors_filterstr.bv_val ); if ( op->ors_filter == NULL ) { rs.sr_err = LDAP_OTHER; goto done_search; } op->o_callback = ≻ sc.sc_response = pguid_repair_cb; sc.sc_private = &pcb; pcb.on = on; (void)op->o_bd->bd_info->bi_op_search( op, &rs ); op->o_tag = LDAP_REQ_MODIFY; sc.sc_response = slap_null_cb; sc.sc_private = NULL; memset( &op->oq_modify, 0, sizeof( req_modify_s ) ); for ( pmod = pcb.mods; pmod != NULL; ) { pguid_mod_t *pnext; Modifications *mod; SlapReply rs2 = { REP_RESULT }; mod = (Modifications *) ch_malloc( sizeof( Modifications ) ); mod->sml_flags = SLAP_MOD_INTERNAL; mod->sml_op = LDAP_MOD_REPLACE; mod->sml_desc = ad_parentUUID; mod->sml_type = ad_parentUUID->ad_cname; mod->sml_values = ch_malloc( sizeof( struct berval ) * 2 ); mod->sml_nvalues = NULL; mod->sml_numvals = 1; mod->sml_next = NULL; ber_dupbv( &mod->sml_values[0], &pmod->pguid ); BER_BVZERO( &mod->sml_values[1] ); op->o_req_dn = pmod->ndn; op->o_req_ndn = pmod->ndn; op->orm_modlist = mod; op->o_bd->be_modify( op, &rs2 ); slap_mods_free( op->orm_modlist, 1 ); if ( rs2.sr_err == LDAP_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, "%s: pguid_repair: entry DN=\"%s\" repaired\n", op->o_log_prefix, pmod->ndn.bv_val, 0 ); nrepaired++; } else { Debug( LDAP_DEBUG_ANY, "%s: pguid_repair: entry DN=\"%s\" repair failed (%d)\n", op->o_log_prefix, pmod->ndn.bv_val, rs2.sr_err ); } pnext = pmod->next; op->o_tmpfree( pmod, op->o_tmpmemctx ); pmod = pnext; } done_search:; op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx ); filter_free_x( op, op->ors_filter, 1 ); Log1( LDAP_DEBUG_STATS, LDAP_LEVEL_INFO, "pguid: repaired=%d\n", nrepaired ); return rs.sr_err; }
static int slap_auxprop_store( void *glob_context, sasl_server_params_t *sparams, struct propctx *prctx, const char *user, unsigned ulen) { Operation op = {0}; Opheader oph; int rc, i; unsigned j; Connection *conn = NULL; const struct propval *pr; Modifications *modlist = NULL, **modtail = &modlist, *mod; slap_callback cb = { NULL, slap_null_cb, NULL, NULL }; char textbuf[SLAP_TEXT_BUFLEN]; const char *text; size_t textlen = sizeof(textbuf); #ifdef SLAP_AUXPROP_DONTUSECOPY int dontUseCopy = 0; BackendDB *dontUseCopy_bd = NULL; #endif /* SLAP_AUXPROP_DONTUSECOPY */ /* just checking if we are enabled */ if (!prctx) return SASL_OK; if (!sparams || !user) return SASL_BADPARAM; pr = sparams->utils->prop_get( sparams->propctx ); /* Find our DN and conn first */ for( i = 0; pr[i].name; i++ ) { if ( pr[i].name[0] == '*' ) { if ( !strcmp( pr[i].name, slap_propnames[SLAP_SASL_PROP_CONN] ) ) { if ( pr[i].values && pr[i].values[0] ) AC_MEMCPY( &conn, pr[i].values[0], sizeof( conn ) ); continue; } if ( !strcmp( pr[i].name, slap_propnames[SLAP_SASL_PROP_AUTHCLEN] )) { if ( pr[i].values && pr[i].values[0] ) AC_MEMCPY( &op.o_req_ndn.bv_len, pr[i].values[0], sizeof( op.o_req_ndn.bv_len ) ); } else if ( !strcmp( pr[i].name, slap_propnames[SLAP_SASL_PROP_AUTHC] ) ) { if ( pr[i].values ) op.o_req_ndn.bv_val = (char *)pr[i].values[0]; } #ifdef SLAP_AUXPROP_DONTUSECOPY if ( slap_dontUseCopy_propnames != NULL ) { struct berval bv; ber_str2bv( &pr[i].name[1], 0, 1, &bv ); for ( j = 0; !BER_BVISNULL( &slap_dontUseCopy_propnames[ j ] ); j++ ) { if ( bvmatch( &bv, &slap_dontUseCopy_propnames[ j ] ) ) { dontUseCopy = 1; break; } } } #endif /* SLAP_AUXPROP_DONTUSECOPY */ } } if (!conn || !op.o_req_ndn.bv_val) return SASL_BADPARAM; op.o_bd = select_backend( &op.o_req_ndn, 1 ); if ( !op.o_bd || !op.o_bd->be_modify ) return SASL_FAIL; #ifdef SLAP_AUXPROP_DONTUSECOPY if ( SLAP_SHADOW( op.o_bd ) && dontUseCopy ) { dontUseCopy_bd = op.o_bd; op.o_bd = frontendDB; op.o_dontUseCopy = SLAP_CONTROL_CRITICAL; } #endif /* SLAP_AUXPROP_DONTUSECOPY */ pr = sparams->utils->prop_get( prctx ); if (!pr) return SASL_BADPARAM; for (i=0; pr[i].name; i++); if (!i) return SASL_BADPARAM; for (i=0; pr[i].name; i++) { mod = (Modifications *)ch_malloc( sizeof(Modifications) ); mod->sml_op = LDAP_MOD_REPLACE; mod->sml_flags = 0; ber_str2bv( pr[i].name, 0, 0, &mod->sml_type ); mod->sml_numvals = pr[i].nvalues; mod->sml_values = (struct berval *)ch_malloc( (pr[i].nvalues + 1) * sizeof(struct berval)); for (j=0; j<pr[i].nvalues; j++) { ber_str2bv( pr[i].values[j], 0, 1, &mod->sml_values[j]); } BER_BVZERO( &mod->sml_values[j] ); mod->sml_nvalues = NULL; mod->sml_desc = NULL; *modtail = mod; modtail = &mod->sml_next; } *modtail = NULL; rc = slap_mods_check( &op, modlist, &text, textbuf, textlen, NULL ); if ( rc == LDAP_SUCCESS ) { rc = slap_mods_no_user_mod_check( &op, modlist, &text, textbuf, textlen ); if ( rc == LDAP_SUCCESS ) { if ( conn->c_sasl_bindop ) { op.o_hdr = conn->c_sasl_bindop->o_hdr; } else { op.o_hdr = &oph; memset( &oph, 0, sizeof(oph) ); operation_fake_init( conn, &op, ldap_pvt_thread_pool_context(), 0 ); } op.o_tag = LDAP_REQ_MODIFY; op.o_ndn = op.o_req_ndn; op.o_callback = &cb; slap_op_time( &op.o_time, &op.o_tincr ); op.o_do_not_cache = 1; op.o_is_auth_check = 1; op.o_req_dn = op.o_req_ndn; op.orm_modlist = modlist; for (;;) { SlapReply rs = {REP_RESULT}; rc = op.o_bd->be_modify( &op, &rs ); #ifdef SLAP_AUXPROP_DONTUSECOPY if ( dontUseCopy && rs.sr_err == LDAP_UNAVAILABLE && slap_dontUseCopy_ignore ) { op.o_bd = dontUseCopy_bd; op.o_dontUseCopy = SLAP_CONTROL_NONE; dontUseCopy = 0; continue; } #endif /* SLAP_AUXPROP_DONTUSECOPY */ break; } } } slap_mods_free( modlist, 1 ); return rc != LDAP_SUCCESS ? SASL_FAIL : SASL_OK; }