upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-02-18 18:18:06 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Stuart Lynne's UNTESTED thread patch (p1)

Browse source
This commit is contained in:
Kurt Zeilenga 1998-09-01 04:22:47 +00:00
parent 59a6663312
commit 8a60a723d1
25 changed files with 989 additions and 316 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
include/lthread_rdwr.h Normal file
View file

@ -0,0 +1,40 @@
#ifndef _LTHREAD_RDWR_H
#define _LTHREAD_RDWR_H 1
/********************************************************
* An example source module to accompany...
*
* "Using POSIX Threads: Programming with Pthreads"
* by Brad nichols, Dick Buttlar, Jackie Farrell
* O'Reilly & Associates, Inc.
*
********************************************************
*
* Include file for reader/writer locks
*
*/
typedef struct rdwr_var {
int readers_reading;
int writer_writing;
pthread_mutex_t mutex;
pthread_cond_t lock_free;
} pthread_rdwr_t;
typedef void * pthread_rdwrattr_t;
#define pthread_rdwrattr_default NULL;
int pthread_rdwr_init_np(pthread_rdwr_t *rdwrp, pthread_rdwrattr_t *attrp);
int pthread_rdwr_rlock_np(pthread_rdwr_t *rdwrp);
int pthread_rdwr_runlock_np(pthread_rdwr_t *rdwrp);
int pthread_rdwr_wlock_np(pthread_rdwr_t *rdwrp);
int pthread_rdwr_wunlock_np(pthread_rdwr_t *rdwrp);
#ifdef LDAP_DEBUG
int pthread_rdwr_rchk_np(pthread_rdwr_t *rdwrp);
int pthread_rdwr_wchk_np(pthread_rdwr_t *rdwrp);
int pthread_rdwr_rwchk_np(pthread_rdwr_t *rdwrp);
#endif /* LDAP_DEBUG */
#endif /* _LTHREAD_RDWR_H */

11
libraries/liblthread/Make-template
View file

@ -15,8 +15,8 @@
LDAPSRC = ../..
SRCS = thread.c stack.c
OBJS = thread.o stack.o
SRCS = rdwr.c thread.c stack.c
OBJS = rdwr.o thread.o stack.o
HDIR = ../../include
@ -60,10 +60,3 @@ depend: FORCE
links:
@$(LN) .src/*.[ch] .
# DO NOT DELETE THIS LINE -- mkdep uses it.
# DO NOT PUT ANYTHING AFTER THIS LINE, IT WILL GO AWAY.
thread.o: thread.c ../../include/lthread.h
stack.o: stack.c ../../include/lber.h ../../include/ldap.h
# IF YOU PUT ANYTHING HERE IT WILL GO AWAY

112
libraries/liblthread/rdwr.c Normal file
View file

@ -0,0 +1,112 @@
/*
** This basic implementation of Reader/Writer locks does not
** protect writers from starvation. That is, if a writer is
** currently waiting on a reader, any new reader will get
** the lock before the writer.
*/
/********************************************************
* An example source module to accompany...
*
* "Using POSIX Threads: Programming with Pthreads"
* by Brad nichols, Dick Buttlar, Jackie Farrell
* O'Reilly & Associates, Inc.
*
********************************************************
* rdwr.c --
*
* Library of functions implementing reader/writer locks
*/
#include <stdlib.h>
#include <lthread.h>
#include <lthread_rdwr.h>
int pthread_rdwr_init_np(pthread_rdwr_t *rdwrp, pthread_rdwrattr_t *attrp)
{
rdwrp->readers_reading = 0;
rdwrp->writer_writing = 0;
pthread_mutex_init(&(rdwrp->mutex), NULL);
pthread_cond_init(&(rdwrp->lock_free), NULL);
return 0;
}
int pthread_rdwr_rlock_np(pthread_rdwr_t *rdwrp){
pthread_mutex_lock(&(rdwrp->mutex));
while(rdwrp->writer_writing) {
pthread_cond_wait(&(rdwrp->lock_free), &(rdwrp->mutex));
}
rdwrp->readers_reading++;
pthread_mutex_unlock(&(rdwrp->mutex));
return 0;
}
int pthread_rdwr_runlock_np(pthread_rdwr_t *rdwrp)
{
pthread_mutex_lock(&(rdwrp->mutex));
if (rdwrp->readers_reading == 0) {
pthread_mutex_unlock(&(rdwrp->mutex));
return -1;
}
else {
rdwrp->readers_reading--;
if (rdwrp->readers_reading == 0) {
pthread_cond_signal(&(rdwrp->lock_free));
}
pthread_mutex_unlock(&(rdwrp->mutex));
return 0;
}
}
int pthread_rdwr_wlock_np(pthread_rdwr_t *rdwrp)
{
pthread_mutex_lock(&(rdwrp->mutex));
while(rdwrp->writer_writing || rdwrp->readers_reading) {
pthread_cond_wait(&(rdwrp->lock_free), &(rdwrp->mutex));
}
rdwrp->writer_writing++;
pthread_mutex_unlock(&(rdwrp->mutex));
return 0;
}
int pthread_rdwr_wunlock_np(pthread_rdwr_t *rdwrp)
{
pthread_mutex_lock(&(rdwrp->mutex));
if (rdwrp->writer_writing == 0) {
pthread_mutex_unlock(&(rdwrp->mutex));
return -1;
}
else {
rdwrp->writer_writing = 0;
pthread_cond_broadcast(&(rdwrp->lock_free));
pthread_mutex_unlock(&(rdwrp->mutex));
return 0;
}
}
#ifdef LDAP_DEBUG
/* just for testing,
* return 0 if false, suitable for assert(pthread_rdwr_Xchk(rdwr))
*
* Currently they don't check if the calling thread is the one
* that has the lock, just that there is a reader or writer.
*
* Basically sufficent for testing that places that should have
* a lock are caught.
*/
int pthread_rdwr_rchk_np(pthread_rdwr_t *rdwrp)
{
return(rdwrp->readers_reading!=0);
}
int pthread_rdwr_wchk_np(pthread_rdwr_t *rdwrp)
{
return(rdwrp->writer_writing!=0);
}
int pthread_rdwr_rwchk_np(pthread_rdwr_t *rdwrp)
{
return(pthread_rdwr_rchk_np(rdwrp) || pthread_rdwr_wchk_np(rdwrp));
}
#endif LDAP_DEBUG

392
servers/slapd/acl.c
View file

@ -6,15 +6,11 @@
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#ifdef sunos5
#include "regexpr.h"
#else
#include "regex.h"
#endif
#include <regex.h>
#include "slap.h"
extern Attribute *attr_find();
extern char *re_comp();
extern struct acl *global_acl;
extern int global_default_access;
extern char *access2str();
@ -26,7 +22,9 @@ struct acl *acl_get_applicable();
static int regex_matches();
extern pthread_mutex_t regex_mutex;
static string_expand(char *newbuf, int bufsiz, char *pattern,
char *match, regmatch_t *matches);
/*
* access_allowed - check whether dn is allowed the requested access
@ -51,15 +49,57 @@ access_allowed(
int access
)
{
int rc;
struct acl *a;
int rc;
struct acl *a;
char *edn;
regmatch_t matches[MAXREMATCHES];
int i;
int n;
if ( be == NULL ) {
return( 0 );
}
a = acl_get_applicable( be, op, e, attr );
rc = acl_access_allowed( a, be, conn, e, val, op, access );
edn = dn_normalize_case( strdup( e->e_dn ) );
Debug( LDAP_DEBUG_ACL, "\n=> access_allowed: entry (%s) attr (%s)\n",
e->e_dn, attr, 0 );
/* the lastmod attributes are ignored by ACL checking */
if ( strcasecmp( attr, "modifiersname" ) == 0 ||
strcasecmp( attr, "modifytimestamp" ) == 0 ||
strcasecmp( attr, "creatorsname" ) == 0 ||
strcasecmp( attr, "createtimestamp" ) == 0 )
{
Debug( LDAP_DEBUG_ACL, "LASTMOD attribute: %s access allowed\n",
attr, 0, 0 );
free( edn );
return(1);
}
memset(matches, 0, sizeof(matches));
a = acl_get_applicable( be, op, e, attr, edn, MAXREMATCHES, matches );
if (a) {
for (i = 0; i < MAXREMATCHES && matches[i].rm_so > 0; i++) {
Debug( LDAP_DEBUG_ARGS, "=> match[%d]: %d %d ",
i, matches[i].rm_so, matches[i].rm_eo );
if( matches[i].rm_so <= matches[0].rm_eo ) {
for ( n = matches[i].rm_so; n < matches[i].rm_eo; n++) {
Debug( LDAP_DEBUG_ARGS, "%c", edn[n], 0, 0 );
}
}
Debug( LDAP_DEBUG_ARGS, "\n", 0, 0, 0 );
}
}
rc = acl_access_allowed( a, be, conn, e, val, op, access, edn, matches );
free( edn );
Debug( LDAP_DEBUG_ACL, "\n=> access_allowed: exit (%s) attr (%s)\n",
e->e_dn, attr, 0);
return( rc );
}
@ -75,15 +115,17 @@ acl_get_applicable(
Backend *be,
Operation *op,
Entry *e,
char *attr
char *attr,
char *edn,
int nmatch,
regmatch_t *matches
)
{
int i;
int i, j;
struct acl *a;
char *edn;
Debug( LDAP_DEBUG_ACL, "=> acl_get: entry (%s) attr (%s)\n", e->e_dn,
attr, 0 );
Debug( LDAP_DEBUG_ACL, "\n=> acl_get: entry (%s) attr (%s)\n",
e->e_dn, attr, 0 );
if ( be_isroot( be, op->o_dn ) ) {
Debug( LDAP_DEBUG_ACL,
@ -92,55 +134,73 @@ acl_get_applicable(
return( NULL );
}
Debug( LDAP_DEBUG_ARGS, "=> acl_get: edn %s\n", edn, 0, 0 );
/* check for a backend-specific acl that matches the entry */
for ( i = 1, a = be->be_acl; a != NULL; a = a->acl_next, i++ ) {
if ( a->acl_dnpat != NULL ) {
edn = dn_normalize_case( strdup( e->e_dn ) );
if ( ! regex_matches( a->acl_dnpat, edn ) ) {
free( edn );
if (a->acl_dnpat != NULL) {
Debug( LDAP_DEBUG_TRACE, "=> dnpat: [%d] %s nsub: %d\n",
i, a->acl_dnpat, a->acl_dnre.re_nsub);
if (regexec(&a->acl_dnre, edn, nmatch, matches, 0))
continue;
}
free( edn );
else
Debug( LDAP_DEBUG_TRACE, "=> acl_get:[%d] backend ACL match\n",
i, 0, 0);
}
if ( a->acl_filter != NULL ) {
if ( test_filter( NULL, NULL, NULL, e, a->acl_filter )
!= 0 ) {
if ( test_filter( NULL, NULL, NULL, e, a->acl_filter ) != 0 ) {
continue;
}
}
Debug( LDAP_DEBUG_ARGS, "=> acl_get: [%d] check attr %s\n", i, attr, 0);
if ( attr == NULL || a->acl_attrs == NULL ||
charray_inlist( a->acl_attrs, attr ) ) {
Debug( LDAP_DEBUG_ACL, "<= acl_get: backend acl #%d\n",
i, e->e_dn, attr );
charray_inlist( a->acl_attrs, attr ) )
{
Debug( LDAP_DEBUG_ACL, "<= acl_get: [%d] backend acl %s attr: %s\n",
i, e->e_dn, attr );
return( a );
}
matches[0].rm_so = matches[0].rm_eo = -1;
}
/* check for a global acl that matches the entry */
for ( i = 1, a = global_acl; a != NULL; a = a->acl_next, i++ ) {
if ( a->acl_dnpat != NULL ) {
edn = dn_normalize_case( strdup( e->e_dn ) );
if ( ! regex_matches( a->acl_dnpat, edn ) ) {
free( edn );
if (a->acl_dnpat != NULL) {
Debug( LDAP_DEBUG_TRACE, "=> dnpat: [%d] %s nsub: %d\n",
i, a->acl_dnpat, a->acl_dnre.re_nsub);
if (regexec(&a->acl_dnre, edn, nmatch, matches, 0)) {
continue;
} else {
Debug( LDAP_DEBUG_TRACE, "=> acl_get: [%d] global ACL match\n",
i, 0, 0);
}
free( edn );
}
if ( a->acl_filter != NULL ) {
if ( test_filter( NULL, NULL, NULL, e, a->acl_filter )
!= 0 ) {
if ( test_filter( NULL, NULL, NULL, e, a->acl_filter ) != 0 ) {
continue;
}
}
if ( attr == NULL || a->acl_attrs == NULL || charray_inlist(
a->acl_attrs, attr ) ) {
Debug( LDAP_DEBUG_ACL, "<= acl_get: global acl #%d\n",
i, e->e_dn, attr );
Debug( LDAP_DEBUG_ARGS, "=> acl_get: [%d] check attr\n", i, 0, 0);
if ( attr == NULL || a->acl_attrs == NULL ||
charray_inlist( a->acl_attrs, attr ) )
{
Debug( LDAP_DEBUG_ACL, "<= acl_get: [%d] global acl %s attr: %s\n",
i, e->e_dn, attr );
return( a );
}
}
Debug( LDAP_DEBUG_ACL, "<= acl_get: no match\n", 0, 0, 0 );
matches[0].rm_so = matches[0].rm_eo = -1;
}
Debug( LDAP_DEBUG_ACL, "<= acl_get: no match\n", 0, 0, 0 );
return( NULL );
}
@ -161,31 +221,40 @@ acl_access_allowed(
Entry *e,
struct berval *val,
Operation *op,
int access
int access,
char *edn,
regmatch_t *matches
)
{
int i;
char *edn, *odn;
char *odn;
struct access *b;
Attribute *at;
struct berval bv;
int default_access;
Debug( LDAP_DEBUG_ACL, "=> acl: %s access to value \"%s\" by \"%s\"\n",
access2str( access ), val ? val->bv_val : "any", op->o_dn ?
op->o_dn : "" );
Debug( LDAP_DEBUG_ACL,
"\n=> acl_access_allowed: %s access to entry \"%s\"\n",
access2str( access ), e->e_dn, 0 );
Debug( LDAP_DEBUG_ACL,
"\n=> acl_access_allowed: %s access to value \"%s\" by \"%s\"\n",
access2str( access ),
val ? val->bv_val : "any",
op->o_dn ? op->o_dn : "" );
if ( be_isroot( be, op->o_dn ) ) {
Debug( LDAP_DEBUG_ACL, "<= acl: granted to database root\n",
Debug( LDAP_DEBUG_ACL,
"<= acl_access_allowed: granted to database root\n",
0, 0, 0 );
return( 1 );
}
default_access = be->be_dfltaccess ? be->be_dfltaccess :
global_default_access;
default_access = be->be_dfltaccess ? be->be_dfltaccess : global_default_access;
if ( a == NULL ) {
Debug( LDAP_DEBUG_ACL,
"<= acl: %s by default (no matching to)\n",
"<= acl_access_allowed: %s by default (no matching to)\n",
default_access >= access ? "granted" : "denied", 0, 0 );
return( default_access >= access );
}
@ -198,76 +267,81 @@ acl_access_allowed(
}
for ( i = 1, b = a->acl_access; b != NULL; b = b->a_next, i++ ) {
if ( b->a_dnpat != NULL ) {
Debug( LDAP_DEBUG_TRACE, "<= check a_dnpat: %s\n",
b->a_dnpat, 0, 0);
/*
* if access applies to the entry itself, and the
* user is bound as somebody in the same namespace as
* the entry, OR the given dn matches the dn pattern
*/
if ( strcasecmp( b->a_dnpat, "self" ) == 0 && op->o_dn
!= NULL && *(op->o_dn) && e->e_dn != NULL ) {
edn = dn_normalize_case( strdup( e->e_dn ) );
if ( strcasecmp( b->a_dnpat, "self" ) == 0 &&
op->o_dn != NULL && *(op->o_dn) && e->e_dn != NULL )
{
if ( strcasecmp( edn, op->o_dn ) == 0 ) {
free( edn );
if ( odn ) free( odn );
Debug( LDAP_DEBUG_ACL,
"<= acl: matched by clause #%d access %s\n",
"<= acl_access_allowed: matched by clause #%d access %s\n",
i, (b->a_access & ~ACL_SELF) >=
access ? "granted" : "denied", 0 );
return( (b->a_access & ~ACL_SELF)
>= access );
}
free( edn );
} else {
if ( regex_matches( b->a_dnpat, odn ) ) {
if ( odn ) free( odn );
return( (b->a_access & ~ACL_SELF) >= access );
}
} else {
if ( regex_matches( b->a_dnpat, odn, edn, matches ) ) {
Debug( LDAP_DEBUG_ACL,
"<= acl: matched by clause #%d access %s\n",
"<= acl_access_allowed: matched by clause #%d access %s\n",
i, (b->a_access & ~ACL_SELF) >= access ?
"granted" : "denied", 0 );
return( (b->a_access & ~ACL_SELF)
>= access );
if ( odn ) free( odn );
return( (b->a_access & ~ACL_SELF) >= access );
}
}
}
if ( b->a_addrpat != NULL ) {
if ( regex_matches( b->a_addrpat, conn->c_addr ) ) {
if ( odn ) free( odn );
if ( regex_matches( b->a_addrpat, conn->c_addr, edn, matches ) ) {
Debug( LDAP_DEBUG_ACL,
"<= acl: matched by clause #%d access %s\n",
"<= acl_access_allowed: matched by clause #%d access %s\n",
i, (b->a_access & ~ACL_SELF) >= access ?
"granted" : "denied", 0 );
if ( odn ) free( odn );
return( (b->a_access & ~ACL_SELF) >= access );
}
}
if ( b->a_domainpat != NULL ) {
if ( regex_matches( b->a_domainpat, conn->c_domain ) ) {
if ( odn ) free( odn );
Debug( LDAP_DEBUG_ARGS, "<= check a_domainpath: %s\n",
b->a_domainpat, 0, 0 );
if ( regex_matches( b->a_domainpat, conn->c_domain, edn, matches ) )
{
Debug( LDAP_DEBUG_ACL,
"<= acl: matched by clause #%d access %s\n",
"<= acl_access_allowed: matched by clause #%d access %s\n",
i, (b->a_access & ~ACL_SELF) >= access ?
"granted" : "denied", 0 );
if ( odn ) free( odn );
return( (b->a_access & ~ACL_SELF) >= access );
}
}
if ( b->a_dnattr != NULL && op->o_dn != NULL ) {
Debug( LDAP_DEBUG_ARGS, "<= check a_dnattr: %s\n",
b->a_dnattr, 0, 0);
/* see if asker is listed in dnattr */
if ( (at = attr_find( e->e_attrs, b->a_dnattr ))
!= NULL && value_find( at->a_vals, &bv,
at->a_syntax, 3 ) == 0 )
/* aquire reader lock */
if ( (at = attr_find( e->e_attrs, b->a_dnattr )) != NULL &&
value_find( at->a_vals, &bv, at->a_syntax, 3 ) == 0 )
{
if ( (b->a_access & ACL_SELF) && (val == NULL
|| value_cmp( &bv, val, at->a_syntax,
2 )) ) {
/* free reader lock */
if ( (b->a_access & ACL_SELF) &&
(val == NULL || value_cmp( &bv, val, at->a_syntax, 2 )) )
{
continue;
}
if ( odn ) free( odn );
Debug( LDAP_DEBUG_ACL,
"<= acl: matched by clause #%d access %s\n",
"<= acl_acces_allowed: matched by clause #%d access %s\n",
i, (b->a_access & ~ACL_SELF) >= access ?
"granted" : "denied", 0 );
@ -276,22 +350,49 @@ acl_access_allowed(
/* asker not listed in dnattr - check for self access */
if ( ! (b->a_access & ACL_SELF) || val == NULL ||
value_cmp( &bv, val, at->a_syntax, 2 ) != 0 ) {
value_cmp( &bv, val, at->a_syntax, 2 ) != 0 )
{
continue;
}
if ( odn ) free( odn );
Debug( LDAP_DEBUG_ACL,
"<= acl: matched by clause #%d (self) access %s\n",
"<= acl_access_allowed: matched by clause #%d (self) access %s\n",
i, (b->a_access & ~ACL_SELF) >= access ? "granted"
: "denied", 0 );
return( (b->a_access & ~ACL_SELF) >= access );
}
#ifdef ACLGROUP
if ( b->a_group != NULL && op->o_dn != NULL ) {
char buf[512];
/* b->a_group is an unexpanded entry name, expanded it should be an
* entry with objectclass group* and we test to see if odn is one of
* the values in the attribute uniquegroup
*/
Debug( LDAP_DEBUG_ARGS, "<= check a_group: %s\n",
b->a_group, 0, 0);
Debug( LDAP_DEBUG_ARGS, "<= check a_group: odn: %s\n",
odn, 0, 0);
/* see if asker is listed in dnattr */
string_expand(buf, sizeof(buf), b->a_group, edn, matches);
if (be_group(be, buf, odn) == 0) {
Debug( LDAP_DEBUG_ACL,
"<= acl_access_allowed: matched by clause #%d (group) access granted\n",
i, 0, 0 );
if ( odn ) free( odn );
return( (b->a_access & ~ACL_SELF) >= access );
}
}
#endif /* ACLGROUP */
}
if ( odn ) free( odn );
Debug( LDAP_DEBUG_ACL, "<= acl: %s by default (no matching by)\n",
Debug( LDAP_DEBUG_ACL,
"<= acl_access_allowed: %s by default (no matching by)\n",
default_access >= access ? "granted" : "denied", 0, 0 );
return( default_access >= access );
@ -316,14 +417,26 @@ acl_check_mods(
{
int i;
struct acl *a;
char *edn;
edn = dn_normalize_case( strdup( e->e_dn ) );
for ( ; mods != NULL; mods = mods->mod_next ) {
regmatch_t matches[MAXREMATCHES];
/* the lastmod attributes are ignored by ACL checking */
if ( strcasecmp( mods->mod_type, "modifiersname" ) == 0 ||
strcasecmp( mods->mod_type, "modifytimestamp" ) == 0 ) {
strcasecmp( mods->mod_type, "modifytimestamp" ) == 0 ||
strcasecmp( mods->mod_type, "creatorsname" ) == 0 ||
strcasecmp( mods->mod_type, "createtimestamp" ) == 0 )
{
Debug( LDAP_DEBUG_ACL, "LASTMOD attribute: %s access allowed\n",
mods->mod_type, 0, 0 );
continue;
}
a = acl_get_applicable( be, op, e, mods->mod_type );
a = acl_get_applicable( be, op, e, mods->mod_type, edn,
MAXREMATCHES, matches );
switch ( mods->mod_op & ~LDAP_MOD_BVALUES ) {
case LDAP_MOD_REPLACE:
@ -332,8 +445,10 @@ acl_check_mods(
break;
}
for ( i = 0; mods->mod_bvalues[i] != NULL; i++ ) {
if ( ! acl_access_allowed( a, be, conn, e,
mods->mod_bvalues[i], op, ACL_WRITE ) ) {
if ( ! acl_access_allowed( a, be, conn, e, mods->mod_bvalues[i],
op, ACL_WRITE, edn, matches) )
{
free(edn);
return( LDAP_INSUFFICIENT_ACCESS );
}
}
@ -342,14 +457,18 @@ acl_check_mods(
case LDAP_MOD_DELETE:
if ( mods->mod_bvalues == NULL ) {
if ( ! acl_access_allowed( a, be, conn, e,
NULL, op, ACL_WRITE ) ) {
NULL, op, ACL_WRITE, edn, matches) )
{
free(edn);
return( LDAP_INSUFFICIENT_ACCESS );
}
break;
}
for ( i = 0; mods->mod_bvalues[i] != NULL; i++ ) {
if ( ! acl_access_allowed( a, be, conn, e,
mods->mod_bvalues[i], op, ACL_WRITE ) ) {
if ( ! acl_access_allowed( a, be, conn, e, mods->mod_bvalues[i],
op, ACL_WRITE, edn, matches) )
{
free(edn);
return( LDAP_INSUFFICIENT_ACCESS );
}
}
@ -357,48 +476,95 @@ acl_check_mods(
}
}
free(edn);
return( LDAP_SUCCESS );
}
#ifdef sunos5
static int
regex_matches( char *pat, char *str )
static string_expand(
char *newbuf,
int bufsiz,
char *pat,
char *match,
regmatch_t *matches)
{
char *e;
int rc;
int size;
char *sp;
char *dp;
int flag;
if ( (e = compile( pat, NULL, NULL )) == NULL ) {
Debug( LDAP_DEBUG_ANY,
"compile( \"%s\", \"%s\") failed\n", pat, str, 0 );
return( 0 );
size = 0;
newbuf[0] = '\0';
flag = 0;
for ( dp = newbuf, sp = pat; size < 512 && *sp ; sp++) {
/* did we previously see a $ */
if (flag) {
if (*sp == '$') {
*dp++ = '$';
size++;
} else if (*sp >= '0' && *sp <= '9' ) {
int n;
int i;
char *ep;
int l;
n = *sp - '0';
*dp = '\0';
i = matches[n].rm_so;
l = matches[n].rm_eo;
for ( ; size < 512 && i < l; size++, i++ ) {
*dp++ = match[i];
size++;
}
*dp = '\0';
}
flag = 0;
} else {
if (*sp == '$') {
flag = 1;
} else {
*dp++ = *sp;
size++;
}
}
}
rc = step( str ? str : "", e );
free( e );
*dp = '\0';
return( rc );
Debug( LDAP_DEBUG_TRACE, "=> string_expand: pattern: %s\n", pat, 0, 0 );
Debug( LDAP_DEBUG_TRACE, "=> string_expand: expanded: %s\n", newbuf, 0, 0 );
}
#else /* sunos5 */
static int
regex_matches( char *pat, char *str )
regex_matches(
char *pat, /* pattern to expand and match against */
char *str, /* string to match against pattern */
char *buf, /* buffer with $N expansion variables */
regmatch_t *matches /* offsets in buffer for $N expansion variables */
)
{
char *e;
regex_t re;
char newbuf[512];
int rc;
pthread_mutex_lock( &regex_mutex );
if ( (e = re_comp( pat )) != NULL ) {
string_expand(newbuf, sizeof(newbuf), pat, buf, matches);
if (( rc = regcomp(&re, newbuf, REG_EXTENDED|REG_ICASE))) {
char error[512];
regerror(rc, &re, error, sizeof(error));
Debug( LDAP_DEBUG_ANY,
"re_comp( \"%s\", \"%s\") failed because (%s)\n", pat, str,
e );
pthread_mutex_unlock( &regex_mutex );
"compile( \"%s\", \"%s\") failed %s\n",
pat, str, error );
return( 0 );
}
rc = re_exec( str ? str : "" );
pthread_mutex_unlock( &regex_mutex );
return( rc == 1 );
rc = regexec(&re, str, 0, NULL, 0);
regfree( &re );
Debug( LDAP_DEBUG_ANY,
"=> regex_matches: string: %s\n", str, 0, 0 );
Debug( LDAP_DEBUG_ANY,
"=> regex_matches: rc: %d %s\n",
rc, !rc ? "matches" : "no matches", 0 );
return( !rc );
}
#endif /* sunos5 */

20
servers/slapd/add.c
View file

@ -53,6 +53,8 @@ do_add( conn, op )
*/
e = (Entry *) ch_calloc( 1, sizeof(Entry) );
/* initialize reader/writer lock */
pthread_rdwr_init_np(&e->e_rdwr, NULL);
/* get the name */
if ( ber_scanf( ber, "{a", &dn ) == LBER_ERROR ) {
@ -117,21 +119,25 @@ do_add( conn, op )
*/
if ( be->be_add != NULL ) {
/* do the update here */
if ( be->be_updatedn == NULL || strcasecmp( be->be_updatedn,
op->o_dn ) == 0 ) {
if ( (be->be_lastmod == ON || be->be_lastmod == 0 &&
global_lastmod == ON) && be->be_updatedn == NULL ) {
if ( be->be_updatedn == NULL ||
strcasecmp( be->be_updatedn, op->o_dn ) == 0 ) {
if ( (be->be_lastmod == ON || (be->be_lastmod == UNDEFINED &&
global_lastmod == ON)) && be->be_updatedn == NULL ) {
add_created_attrs( op, e );
}
if ( (*be->be_add)( be, conn, op, e ) == 0 ) {
replog( be, LDAP_REQ_ADD, e->e_dn, e, 0 );
}
} else {
entry_free( e );
send_ldap_result( conn, op, LDAP_PARTIAL_RESULTS, NULL,
default_referral );
}
} else {
Debug( LDAP_DEBUG_ARGS, " do_add: HHH\n", 0, 0, 0 );
entry_free( e );
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM, NULL,
"Function not implemented" );
@ -155,8 +161,10 @@ add_created_attrs( Operation *op, Entry *e )
/* remove any attempts by the user to add these attrs */
for ( a = &e->e_attrs; *a != NULL; a = next ) {
if ( strcasecmp( (*a)->a_type, "createtimestamp" ) == 0
|| strcasecmp( (*a)->a_type, "creatorsname" ) == 0 ) {
if ( strcasecmp( (*a)->a_type, "modifiersname" ) == 0 ||
strcasecmp( (*a)->a_type, "modifytimestamp" ) == 0 ||
strcasecmp( (*a)->a_type, "creatorsname" ) == 0 ||
strcasecmp( (*a)->a_type, "createtimestamp" ) == 0 ) {
tmp = *a;
*a = (*a)->a_next;
attr_free( tmp );

32
servers/slapd/back-ldbm/add.c
View file

@ -6,11 +6,11 @@
#include <sys/socket.h>
#include "slap.h"
#include "back-ldbm.h"
#include "proto-back-ldbm.h"
extern int global_schemacheck;
extern char *dn_parent();
extern char *dn_normalize();
extern Entry *dn2entry();
int
ldbm_back_add(
@ -27,8 +27,8 @@ ldbm_back_add(
dn = dn_normalize( strdup( e->e_dn ) );
matched = NULL;
if ( (p = dn2entry( be, dn, &matched )) != NULL ) {
cache_return_entry( &li->li_cache, p );
if ( (p = dn2entry_r( be, dn, &matched )) != NULL ) {
cache_return_entry_r( &li->li_cache, p );
entry_free( e );
free( dn );
send_ldap_result( conn, op, LDAP_ALREADY_EXISTS, "", "" );
@ -39,9 +39,16 @@ ldbm_back_add(
}
/* XXX race condition here til we cache_add_entry_lock below XXX */
if ( global_schemacheck && oc_schema_check( e ) != 0 ) {
Debug( LDAP_DEBUG_TRACE, "entry failed schema check\n", 0, 0,
0 );
/* release writer lock */
pthread_rdwr_wunlock_np(&e->e_rdwr);
/* XXX this should be ok, no other thread should have access
* because e hasn't been added to the cache yet
*/
entry_free( e );
free( dn );
send_ldap_result( conn, op, LDAP_OBJECT_CLASS_VIOLATION, "",
@ -61,6 +68,12 @@ ldbm_back_add(
Debug( LDAP_DEBUG_ANY, "cache_add_entry_lock failed\n", 0, 0,
0 );
next_id_return( be, e->e_id );
/* release writer lock */
pthread_rdwr_wunlock_np(&e->e_rdwr);
/* XXX this should be ok, no other thread should have access
* because e hasn't been added to the cache yet
*/
entry_free( e );
free( dn );
send_ldap_result( conn, op, LDAP_ALREADY_EXISTS, "", "" );
@ -76,7 +89,7 @@ ldbm_back_add(
if ( (pdn = dn_parent( be, dn )) != NULL ) {
/* no parent */
matched = NULL;
if ( (p = dn2entry( be, pdn, &matched )) == NULL ) {
if ( (p = dn2entry_r( be, pdn, &matched )) == NULL ) {
send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT,
matched, "" );
if ( matched != NULL ) {
@ -116,8 +129,7 @@ ldbm_back_add(
if ( id2children_add( be, p, e ) != 0 ) {
Debug( LDAP_DEBUG_TRACE, "id2children_add failed\n", 0,
0, 0 );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, "",
"" );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, "", "" );
goto error_return;
}
@ -157,17 +169,21 @@ ldbm_back_add(
if ( pdn != NULL )
free( pdn );
cache_set_state( &li->li_cache, e, 0 );
cache_return_entry( &li->li_cache, e );
cache_return_entry_w( &li->li_cache, e );
cache_return_entry_r( &li->li_cache, p );
return( 0 );
error_return:;
/* release writer lock */
pthread_rdwr_wunlock_np(&e->e_rdwr);
if ( dn != NULL )
free( dn );
if ( pdn != NULL )
free( pdn );
next_id_return( be, e->e_id );
cache_delete_entry( &li->li_cache, e );
cache_return_entry( &li->li_cache, e );
cache_return_entry_r( &li->li_cache, p );
return( -1 );
}

2
servers/slapd/back-ldbm/back-ldbm.h
View file

@ -56,6 +56,7 @@ struct cache {
Avlnode *c_idtree;
Entry *c_lruhead; /* lru - add accessed entries here */
Entry *c_lrutail; /* lru - rem lru entries from here */
Entry *c_freelist;
pthread_mutex_t c_mutex;
};
@ -102,6 +103,7 @@ struct ldbminfo {
struct cache li_cache;
Avlnode *li_attrs;
int li_dbcachesize;
int li_flush_wrt;
struct dbcache li_dbcache[MAXDBCACHE];
pthread_mutex_t li_dbcache_mutex;
pthread_cond_t li_dbcache_cv;

104
servers/slapd/back-ldbm/bind.c
View file

@ -6,17 +6,60 @@
#include <sys/socket.h>
#include "slap.h"
#include "back-ldbm.h"
#include "proto-back-ldbm.h"
#ifdef KERBEROS
#include "krb.h"
#endif
extern Entry *dn2entry();
#ifdef LDAP_CRYPT
/* change for crypted passwords -- lukeh */
#ifdef __NeXT__
extern char *crypt (char *key, char *salt);
#else
#include <unistd.h>
#endif
#endif /* LDAP_CRYPT */
extern Attribute *attr_find();
#ifdef KERBEROS
extern int krbv4_ldap_auth();
#endif
#ifdef LDAP_CRYPT
pthread_mutex_t crypt_mutex;
static int
crypted_value_find(
struct berval **vals,
struct berval *v,
int syntax,
int normalize,
struct berval *cred
)
{
int i;
for ( i = 0; vals[i] != NULL; i++ ) {
if ( syntax != SYNTAX_BIN &&
strncasecmp( "{CRYPT}", vals[i]->bv_val, (sizeof("{CRYPT}") - 1 ) ) == 0 ) {
char *userpassword = vals[i]->bv_val + sizeof("{CRYPT}") - 1;
pthread_mutex_lock( &crypt_mutex );
if ( ( !strcmp( userpassword, crypt( cred->bv_val, userpassword ) ) != 0 ) ) {
pthread_mutex_unlock( &crypt_mutex );
return ( 0 );
}
pthread_mutex_unlock( &crypt_mutex );
} else {
if ( value_cmp( vals[i], v, syntax, normalize ) == 0 ) {
return( 0 );
}
}
}
return( 1 );
}
#endif /* LDAP_CRYPT */
int
ldbm_back_bind(
Backend *be,
@ -37,7 +80,7 @@ ldbm_back_bind(
AUTH_DAT ad;
#endif
if ( (e = dn2entry( be, dn, &matched )) == NULL ) {
if ( (e = dn2entry_r( be, dn, &matched )) == NULL ) {
/* allow noauth binds */
if ( method == LDAP_AUTH_SIMPLE && cred->bv_len == 0 ) {
/*
@ -50,46 +93,51 @@ ldbm_back_bind(
/* front end will send result */
rc = 0;
} else {
send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT,
matched, NULL );
send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT, matched, NULL );
rc = 1;
}
if ( matched != NULL ) {
free( matched );
}
cache_return_entry_r( &li->li_cache, e );
return( rc );
}
/* check for deleted */
switch ( method ) {
case LDAP_AUTH_SIMPLE:
if ( cred->bv_len == 0 ) {
send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL );
return( 1 );
goto error_return;
} else if ( be_isroot_pw( be, dn, cred ) ) {
/* front end will send result */
return( 0 );
goto ok_return;
}
if ( (a = attr_find( e->e_attrs, "userpassword" )) == NULL ) {
if ( be_isroot_pw( be, dn, cred ) ) {
/* front end will send result */
return( 0 );
goto ok_return;
}
send_ldap_result( conn, op, LDAP_INAPPROPRIATE_AUTH,
NULL, NULL );
cache_return_entry( &li->li_cache, e );
return( 1 );
goto error_return;
}
if ( value_find( a->a_vals, cred, a->a_syntax, 0 ) != 0 ) {
#ifdef LDAP_CRYPT
if ( crypted_value_find( a->a_vals, cred, a->a_syntax, 0, cred ) != 0 )
#else
if ( value_find( a->a_vals, cred, a->a_syntax, 0 ) != 0 )
#endif
{
if ( be_isroot_pw( be, dn, cred ) ) {
/* front end will send result */
return( 0 );
goto ok_return;
}
send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
NULL, NULL );
cache_return_entry( &li->li_cache, e );
return( 1 );
NULL, NULL );
goto error_return;
}
break;
@ -98,8 +146,7 @@ ldbm_back_bind(
if ( krbv4_ldap_auth( be, cred, &ad ) != LDAP_SUCCESS ) {
send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
NULL, NULL );
cache_return_entry( &li->li_cache, e );
return( 1 );
goto error_return;
}
sprintf( krbname, "%s%s%s@%s", ad.pname, *ad.pinst ? "."
: "", ad.pinst, ad.prealm );
@ -112,39 +159,38 @@ ldbm_back_bind(
}
send_ldap_result( conn, op, LDAP_INAPPROPRIATE_AUTH,
NULL, NULL );
cache_return_entry( &li->li_cache, e );
return( 1 );
goto error_return;
} else { /* look for krbName match */
struct berval krbval;
krbval.bv_val = krbname;
krbval.bv_len = strlen( krbname );
if ( value_find( a->a_vals, &krbval, a->a_syntax, 3 )
!= 0 ) {
if ( value_find( a->a_vals, &krbval, a->a_syntax, 3 ) != 0 ) {
send_ldap_result( conn, op,
LDAP_INVALID_CREDENTIALS, NULL, NULL );
cache_return_entry( &li->li_cache, e );
return( 1 );
goto error_return;
}
}
break;
case LDAP_AUTH_KRBV42:
send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL );
cache_return_entry( &li->li_cache, e );
return( 1 );
goto error_return;
#endif
default:
send_ldap_result( conn, op, LDAP_STRONG_AUTH_NOT_SUPPORTED,
NULL, "auth method not supported" );
cache_return_entry( &li->li_cache, e );
return( 1 );
goto error_return;
}
cache_return_entry( &li->li_cache, e );
ok_return:;
/* success: front end will send result */
cache_return_entry_r( &li->li_cache, e );
return( 0 );
error_return:;
cache_return_entry_r( &li->li_cache, e );
return( 1 );
}

51
servers/slapd/back-ldbm/cache.c
View file

@ -66,6 +66,29 @@ cache_return_entry( struct cache *cache, Entry *e )
pthread_mutex_unlock( &cache->c_mutex );
}
static void
cache_return_entry_rw( struct cache *cache, Entry *e, int rw )
{
if (rw)
pthread_rdwr_wunlock_np(&e->e_rdwr);
else
pthread_rdwr_runlock_np(&e->e_rdwr);
cache_return_entry(cache, e);
}
void
cache_return_entry_r( struct cache *cache, Entry *e )
{
cache_return_entry_rw(cache, e, 0);
}
void
cache_return_entry_w( struct cache *cache, Entry *e )
{
cache_return_entry_rw(cache, e, 1);
}
#define LRU_DELETE( cache, e ) { \
if ( e->e_lruprev != NULL ) { \
e->e_lruprev->e_lrunext = e->e_lrunext; \
@ -168,6 +191,9 @@ cache_add_entry_lock(
== 0 && cache->c_cursize > cache->c_maxsize ) {
e = cache->c_lrutail;
/* XXX check for writer lock - should also check no readers pending */
assert(pthread_rdwr_wchk_np(&e->e_rdwr));
/* delete from cache and lru q */
rc = cache_delete_entry_internal( cache, e );
@ -195,7 +221,14 @@ cache_find_entry_dn(
/* set cache mutex */
pthread_mutex_lock( &cache->c_mutex );
/* initialize reader/writer lock */
pthread_rdwr_init_np(&e.e_rdwr, NULL);
/* acquire writer lock - XXX check for deadlock */
pthread_rdwr_wlock_np(&e.e_rdwr);
e.e_dn = dn;
if ( (ep = (Entry *) avl_find( cache->c_dntree, &e, cache_entrydn_cmp ))
!= NULL ) {
/*
@ -213,7 +246,10 @@ cache_find_entry_dn(
/* lru */
LRU_DELETE( cache, ep );
LRU_ADD( cache, ep );
}
};
/* free writer lock */
pthread_rdwr_wunlock_np(&e.e_rdwr);
/* free cache mutex */
pthread_mutex_unlock( &cache->c_mutex );
@ -237,7 +273,14 @@ cache_find_entry_id(
/* set cache mutex */
pthread_mutex_lock( &cache->c_mutex );
/* initialize reader/writer lock */
pthread_rdwr_init_np(&e.e_rdwr, NULL);
/* acquire writer lock - XXX check for deadlock */
pthread_rdwr_wlock_np(&e.e_rdwr);
e.e_id = id;
if ( (ep = (Entry *) avl_find( cache->c_idtree, &e, cache_entryid_cmp ))
!= NULL ) {
/*
@ -257,6 +300,9 @@ cache_find_entry_id(
LRU_ADD( cache, ep );
}
/* free writer lock */
pthread_rdwr_wunlock_np(&e.e_rdwr);
/* free cache mutex */
pthread_mutex_unlock( &cache->c_mutex );
@ -282,6 +328,9 @@ cache_delete_entry(
{
int rc;
/* XXX check for writer lock - should also check no readers pending */
assert(pthread_rdwr_wchk_np(&e->e_rdwr));
/* set cache mutex */
pthread_mutex_lock( &cache->c_mutex );

24
servers/slapd/back-ldbm/compare.c
View file

@ -6,8 +6,8 @@
#include <sys/socket.h>
#include "slap.h"
#include "back-ldbm.h"
#include "proto-back-ldbm.h"
extern Entry *dn2entry();
extern Attribute *attr_find();
int
@ -25,31 +25,31 @@ ldbm_back_compare(
Attribute *a;
int i;
if ( (e = dn2entry( be, dn, &matched )) == NULL ) {
if ( (e = dn2entry_r( be, dn, &matched )) == NULL ) {
send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT, matched, "" );
return( 1 );
}
/* check for deleted */
if ( ! access_allowed( be, conn, op, e, ava->ava_type, &ava->ava_value,
op->o_dn, ACL_COMPARE ) ) {
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS, "", "" );
cache_return_entry( &li->li_cache, e );
return( 1 );
goto error_return;
}
if ( (a = attr_find( e->e_attrs, ava->ava_type )) == NULL ) {
send_ldap_result( conn, op, LDAP_NO_SUCH_ATTRIBUTE, "", "" );
cache_return_entry( &li->li_cache, e );
return( 1 );
goto error_return;
}
if ( value_find( a->a_vals, &ava->ava_value, a->a_syntax, 1 ) == 0 ) {
if ( value_find( a->a_vals, &ava->ava_value, a->a_syntax, 1 ) == 0 )
send_ldap_result( conn, op, LDAP_COMPARE_TRUE, "", "" );
cache_return_entry( &li->li_cache, e );
return( 0 );
}
else
send_ldap_result( conn, op, LDAP_COMPARE_FALSE, "", "" );
send_ldap_result( conn, op, LDAP_COMPARE_FALSE, "", "" );
cache_return_entry( &li->li_cache, e );
cache_return_entry_r( &li->li_cache, e );
return( 0 );
error_return:;
cache_return_entry( &li->li_cache, e );
return( 1 );
}

26
servers/slapd/back-ldbm/delete.c
View file

@ -6,8 +6,8 @@
#include <sys/socket.h>
#include "slap.h"
#include "back-ldbm.h"
#include "proto-back-ldbm.h"
extern Entry *dn2entry();
extern Attribute *attr_find();
int
@ -22,7 +22,7 @@ ldbm_back_delete(
char *matched = NULL;
Entry *e;
if ( (e = dn2entry( be, dn, &matched )) == NULL ) {
if ( (e = dn2entry_w( be, dn, &matched )) == NULL ) {
send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT, matched, "" );
if ( matched != NULL ) {
free( matched );
@ -30,18 +30,18 @@ ldbm_back_delete(
return( -1 );
}
/* check for deleted */
if ( has_children( be, e ) ) {
send_ldap_result( conn, op, LDAP_NOT_ALLOWED_ON_NONLEAF, "",
"" );
cache_return_entry( &li->li_cache, e );
return( -1 );
goto error_return;
}
if ( ! access_allowed( be, conn, op, e, "entry", NULL, op->o_dn,
ACL_WRITE ) ) {
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS, "", "" );
cache_return_entry( &li->li_cache, e );
return( -1 );
goto error_return;
}
/* XXX delete from parent's id2children entry XXX */
@ -49,19 +49,23 @@ ldbm_back_delete(
/* delete from dn2id mapping */
if ( dn2id_delete( be, e->e_dn ) != 0 ) {
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, "", "" );
cache_return_entry( &li->li_cache, e );
return( -1 );
goto error_return;
}
/* delete from disk and cache */
if ( id2entry_delete( be, e ) != 0 ) {
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, "", "" );
cache_return_entry( &li->li_cache, e );
return( -1 );
goto error_return;
}
cache_return_entry( &li->li_cache, e );
cache_return_entry_w( &li->li_cache, e );
send_ldap_result( conn, op, LDAP_SUCCESS, "", "" );
return( 0 );
error_return:;
cache_return_entry_w( &li->li_cache, e );
return( -1 );
}

57
servers/slapd/back-ldbm/dn2id.c
View file

@ -6,6 +6,7 @@
#include <sys/socket.h>
#include "slap.h"
#include "back-ldbm.h"
#include "proto-back-ldbm.h"
extern struct dbcache *ldbm_cache_open();
extern Entry *cache_find_entry_dn();
@ -20,9 +21,10 @@ dn2id_add(
ID id
)
{
int rc;
int rc, flags;
struct dbcache *db;
Datum key, data;
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
Debug( LDAP_DEBUG_TRACE, "=> dn2id_add( \"%s\", %ld )\n", dn, id, 0 );
@ -41,7 +43,10 @@ dn2id_add(
data.dptr = (char *) &id;
data.dsize = sizeof(ID);
rc = ldbm_cache_store( db, key, data, LDBM_INSERT );
flags = LDBM_INSERT;
if ( li->li_flush_wrt ) flags |= LDBM_SYNC;
rc = ldbm_cache_store( db, key, data, flags );
free( dn );
ldbm_cache_close( be, db );
@ -62,10 +67,10 @@ dn2id(
ID id;
Datum key, data;
Debug( LDAP_DEBUG_TRACE, "=> dn2id( \"%s\" )\n", dn, 0, 0 );
dn = strdup( dn );
dn_normalize_case( dn );
Debug( LDAP_DEBUG_TRACE, "=> dn2id( \"%s\" )\n", dn, 0, 0 );
/* first check the cache */
if ( (e = cache_find_entry_dn( &li->li_cache, dn )) != NULL ) {
@ -145,11 +150,12 @@ dn2id_delete(
* entry.
*/
Entry *
static Entry *
dn2entry(
Backend *be,
char *dn,
char **matched
char **matched,
int rw
)
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
@ -157,8 +163,7 @@ dn2entry(
Entry *e;
char *pdn;
if ( (id = dn2id( be, dn )) != NOID && (e = id2entry( be, id ))
!= NULL ) {
if ( (id = dn2id( be, dn )) != NOID && (e = id2entry( be, id, rw )) != NULL ) {
return( e );
}
*matched = NULL;
@ -170,7 +175,7 @@ dn2entry(
/* entry does not exist - see how much of the dn does exist */
if ( (pdn = dn_parent( be, dn )) != NULL ) {
if ( (e = dn2entry( be, pdn, matched )) != NULL ) {
if ( (e = dn2entry( be, pdn, matched, 0 )) != NULL ) {
*matched = pdn;
cache_return_entry( &li->li_cache, e );
} else {
@ -180,3 +185,39 @@ dn2entry(
return( NULL );
}
#if 0
if (e->e_state == ENTRY_STATE_DELETED)
continue;
if (strcmp(dn, e->e_dn) != 0)
continue;
/* return locked entry entry */
return(e);
}
}
#endif
Entry *
dn2entry_r(
Backend *be,
char *dn,
char **matched
)
{
return(dn2entry(be, dn, matched, 0));
}
Entry *
dn2entry_w(
Backend *be,
char *dn,
char **matched
)
{
return(dn2entry(be, dn, matched, 1));
}

91
servers/slapd/back-ldbm/group.c Normal file
View file

@ -0,0 +1,91 @@
/* compare.c - ldbm backend compare routine */
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include "slap.h"
#include "back-ldbm.h"
#include "proto-back-ldbm.h"
extern Attribute *attr_find();
#ifdef ACLGROUP
/* return 0 IFF edn is a value in uniqueMember attribute
* of entry with bdn AND that entry has an objectClass
* value of groupOfUniqueNames
*/
int
ldbm_back_group(
Backend *be,
char *bdn,
char *edn
)
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
Entry *e;
char *matched;
Attribute *objectClass;
Attribute *uniqueMember;
int rc;
Debug( LDAP_DEBUG_TRACE, "ldbm_back_group: bdn: %s\n", bdn, 0, 0 );
Debug( LDAP_DEBUG_TRACE, "ldbm_back_group: edn: %s\n", edn, 0, 0 );
/* can we find bdn entry */
if ((e = dn2entry_r(be, bdn, &matched )) == NULL) {
Debug( LDAP_DEBUG_TRACE, "ldbm_back_group: cannot find bdn: %s matched: %x\n", bdn, matched, 0 );
if (matched != NULL)
free(matched);
return( 1 );
}
Debug( LDAP_DEBUG_ARGS, "ldbm_back_group: found bdn: %s matched: %x\n", bdn, matched, 0 );
/* check for deleted */
/* find it's objectClass and uniqueMember attribute values
* make sure this is a group entry
* finally test if we can find edn in the uniqueMember attribute value list *
*/
rc = 1;
if ((objectClass = attr_find(e->e_attrs, "objectclass")) == NULL) {
Debug( LDAP_DEBUG_TRACE, "ldbm_back_group: failed to find objectClass\n", 0, 0, 0 );
}
else if ((uniqueMember = attr_find(e->e_attrs, "uniquemember")) == NULL) {
Debug( LDAP_DEBUG_TRACE, "ldbm_back_group: failed to find uniqueMember\n", 0, 0, 0 );
}
else {
struct berval bvObjectClass;
struct berval bvUniqueMembers;
Debug( LDAP_DEBUG_ARGS, "ldbm_back_group: found objectClass and uniqueMembers\n", 0, 0, 0 );
bvObjectClass.bv_val = "groupofuniquenames";
bvObjectClass.bv_len = strlen( bvObjectClass.bv_val );
bvUniqueMembers.bv_val = edn;
bvUniqueMembers.bv_len = strlen( edn );
if (value_find(objectClass->a_vals, &bvObjectClass, SYNTAX_CIS, 1) != 0) {
Debug( LDAP_DEBUG_TRACE, "ldbm_back_group: failed to find objectClass in groupOfUniqueNames\n",
0, 0, 0 );
}
else if (value_find(uniqueMember->a_vals, &bvUniqueMembers, SYNTAX_CIS, 1) != 0) {
Debug( LDAP_DEBUG_ACL, "ldbm_back_group: %s not in %s: groupOfUniqueNames\n",
edn, bdn, 0 );
}
else {
Debug( LDAP_DEBUG_ACL, "ldbm_back_group: %s is in %s: groupOfUniqueNames\n",
edn, bdn, 0 );
rc = 0;
}
}
/* free e */
cache_return_entry_r( &li->li_cache, e );
Debug( LDAP_DEBUG_ARGS, "ldbm_back_group: rc: %d\n", rc, 0, 0 );
return(rc);
}
#endif

58
servers/slapd/back-ldbm/id2entry.c
View file

@ -20,7 +20,7 @@ id2entry_add( Backend *be, Entry *e )
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
struct dbcache *db;
Datum key, data;
int len, rc;
int len, rc, flags;
Debug( LDAP_DEBUG_TRACE, "=> id2entry_add( %d, \"%s\" )\n", e->e_id,
e->e_dn, 0 );
@ -39,8 +39,10 @@ id2entry_add( Backend *be, Entry *e )
data.dptr = entry2str( e, &len, 1 );
data.dsize = len + 1;
/* store it - LDBM_SYNC ensures id2entry is always consistent */
rc = ldbm_cache_store( db, key, data, LDBM_REPLACE|LDBM_SYNC );
/* store it */
flags = LDBM_REPLACE;
if ( li->li_flush_wrt ) flags != LDBM_SYNC;
rc = ldbm_cache_store( db, key, data, flags );
pthread_mutex_unlock( &entry2str_mutex );
@ -58,6 +60,9 @@ id2entry_delete( Backend *be, Entry *e )
struct dbcache *db;
Datum key;
int rc;
/* XXX - check for writer lock - should also check no reader pending */
assert(pthread_rdwr_wchk_np(&e->e_rdwr));
Debug( LDAP_DEBUG_TRACE, "=> id2entry_delete( %d, \"%s\" )\n", e->e_id,
e->e_dn, 0 );
@ -86,7 +91,7 @@ id2entry_delete( Backend *be, Entry *e )
}
Entry *
id2entry( Backend *be, ID id )
id2entry( Backend *be, ID id, int rw )
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
struct dbcache *db;
@ -96,13 +101,17 @@ id2entry( Backend *be, ID id )
Debug( LDAP_DEBUG_TRACE, "=> id2entry( %ld )\n", id, 0, 0 );
if ( (e = cache_find_entry_id( &li->li_cache, id )) != NULL ) {
Debug( LDAP_DEBUG_TRACE, "<= id2entry 0x%x (cache)\n", e, 0,
0 );
return( e );
Debug( LDAP_DEBUG_TRACE, "<= id2entry 0x%x (cache)\n", e, 0, 0 );
/* XXX need to add code to validate cache entry to ensure it is
* still valid
*/
if (rw?pthread_rdwr_wlock_np(&e->e_rdwr):pthread_rdwr_rlock_np(&e->e_rdwr))
return(NULL);
else
return( e );
}
if ( (db = ldbm_cache_open( be, "id2entry", LDBM_SUFFIX, LDBM_WRCREAT ))
== NULL ) {
if ( (db = ldbm_cache_open( be, "id2entry", LDBM_SUFFIX, LDBM_WRCREAT )) == NULL ) {
Debug( LDAP_DEBUG_ANY, "Could not open id2entry%s\n",
LDBM_SUFFIX, 0, 0 );
return( NULL );
@ -120,14 +129,37 @@ id2entry( Backend *be, ID id )
return( NULL );
}
if ( (e = str2entry( data.dptr )) != NULL ) {
e->e_id = id;
(void) cache_add_entry_lock( &li->li_cache, e, 0 );
}
e = str2entry( data.dptr );
ldbm_datum_free( db->dbc_db, data );
ldbm_cache_close( be, db );
if ( e != NULL ) {
/* acquire required reader/writer lock */
if (rw?pthread_rdwr_wlock_np(&e->e_rdwr):pthread_rdwr_rlock_np(&e->e_rdwr)) {
entry_free(e);
return(NULL);
}
e->e_id = id;
(void) cache_add_entry_lock( &li->li_cache, e, 0 );
}
Debug( LDAP_DEBUG_TRACE, "<= id2entry( %ld ) 0x%x (disk)\n", id, e, 0 );
return( e );
}
Entry *
id2entry_r( Backend *be, ID id )
{
return(id2entry(be, id, 0));
}
Entry *
id2entry_2( Backend *be, ID id )
{
return(id2entry(be, id, 1));
}

1
servers/slapd/back-ldbm/kerberos.c
View file

@ -13,7 +13,6 @@
#define LDAP_KRB_PRINCIPAL "ldapserver"
extern char *ldap_srvtab;
extern Entry *dn2entry();
extern Attribute *attr_find();
krbv4_ldap_auth(

47
servers/slapd/back-ldbm/modify.c
View file

@ -6,9 +6,9 @@
#include <sys/socket.h>
#include "slap.h"
#include "back-ldbm.h"
#include "proto-back-ldbm.h"
extern int global_schemacheck;
extern Entry *dn2entry();
extern Attribute *attr_find();
static int add_values();
@ -30,7 +30,7 @@ ldbm_back_modify(
int i, err, modtype;
LDAPMod *mod;
if ( (e = dn2entry( be, dn, &matched )) == NULL ) {
if ( (e = dn2entry_w( be, dn, &matched )) == NULL ) {
send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT, matched,
NULL );
if ( matched != NULL ) {
@ -38,12 +38,14 @@ ldbm_back_modify(
}
return( -1 );
}
/* check for deleted */
/* lock entry */
if ( (err = acl_check_mods( be, conn, op, e, mods )) != LDAP_SUCCESS ) {
send_ldap_result( conn, op, err, NULL, NULL );
cache_return_entry( &li->li_cache, e );
return( -1 );
goto error_return;
}
for ( mod = mods; mod != NULL; mod = mod->mod_next ) {
@ -64,55 +66,52 @@ ldbm_back_modify(
if ( err != LDAP_SUCCESS ) {
/* unlock entry, delete from cache */
send_ldap_result( conn, op, err, NULL, NULL );
cache_return_entry( &li->li_cache, e );
return( -1 );
goto error_return;
}
}
/* check that the entry still obeys the schema */
if ( global_schemacheck && oc_schema_check( e ) != 0 ) {
send_ldap_result( conn, op, LDAP_OBJECT_CLASS_VIOLATION, NULL, NULL );
goto error_return;
}
/* check for abandon */
pthread_mutex_lock( &op->o_abandonmutex );
if ( op->o_abandon ) {
pthread_mutex_unlock( &op->o_abandonmutex );
cache_return_entry( &li->li_cache, e );
return( -1 );
goto error_return;
}
pthread_mutex_unlock( &op->o_abandonmutex );
/* check that the entry still obeys the schema */
if ( global_schemacheck && oc_schema_check( e ) != 0 ) {
send_ldap_result( conn, op, LDAP_OBJECT_CLASS_VIOLATION, NULL,
NULL );
cache_return_entry( &li->li_cache, e );
return( -1 );
}
/* modify indexes */
if ( index_add_mods( be, mods, e->e_id ) != 0 ) {
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL, NULL );
cache_return_entry( &li->li_cache, e );
return( -1 );
goto error_return;
}
/* check for abandon */
pthread_mutex_lock( &op->o_abandonmutex );
if ( op->o_abandon ) {
pthread_mutex_unlock( &op->o_abandonmutex );
cache_return_entry( &li->li_cache, e );
return( -1 );
goto error_return;
}
pthread_mutex_unlock( &op->o_abandonmutex );
/* change the entry itself */
if ( id2entry_add( be, e ) != 0 ) {
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL, NULL );
cache_return_entry( &li->li_cache, e );
return( -1 );
goto error_return;
}
send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL );
cache_return_entry( &li->li_cache, e );
cache_return_entry_w( &li->li_cache, e );
return( 0 );
error_return:;
cache_return_entry_w( &li->li_cache, e );
return( -1 );
}
static int

20
servers/slapd/back-ldbm/modrdn.c
View file

@ -6,8 +6,8 @@
#include <sys/socket.h>
#include "slap.h"
#include "back-ldbm.h"
#include "proto-back-ldbm.h"
extern Entry *dn2entry();
extern char *dn_parent();
int
@ -27,7 +27,7 @@ ldbm_back_modrdn(
Entry *e, *e2;
matched = NULL;
if ( (e = dn2entry( be, dn, &matched )) == NULL ) {
if ( (e = dn2entry_w( be, dn, &matched )) == NULL ) {
send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT, matched, "" );
if ( matched != NULL ) {
free( matched );
@ -62,12 +62,12 @@ ldbm_back_modrdn(
(void) dn_normalize( newdn );
matched = NULL;
if ( (e2 = dn2entry( be, newdn, &matched )) != NULL ) {
if ( (e2 = dn2entry_w( be, newdn, &matched )) != NULL ) {
free( newdn );
free( pdn );
send_ldap_result( conn, op, LDAP_ALREADY_EXISTS, NULL, NULL );
cache_return_entry( &li->li_cache, e2 );
cache_return_entry( &li->li_cache, e );
cache_return_entry_w( &li->li_cache, e2 );
cache_return_entry_w( &li->li_cache, e );
return( -1 );
}
if ( matched != NULL ) {
@ -80,8 +80,8 @@ ldbm_back_modrdn(
pthread_mutex_unlock( &op->o_abandonmutex );
free( newdn );
free( pdn );
cache_return_entry( &li->li_cache, e2 );
cache_return_entry( &li->li_cache, e );
cache_return_entry_w( &li->li_cache, e2 );
cache_return_entry_w( &li->li_cache, e );
return( -1 );
}
pthread_mutex_unlock( &op->o_abandonmutex );
@ -91,7 +91,7 @@ ldbm_back_modrdn(
free( newdn );
free( pdn );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL, NULL );
cache_return_entry( &li->li_cache, e );
cache_return_entry_w( &li->li_cache, e );
return( -1 );
}
@ -100,7 +100,7 @@ ldbm_back_modrdn(
free( newdn );
free( pdn );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL, NULL );
cache_return_entry( &li->li_cache, e );
cache_return_entry_w( &li->li_cache, e );
return( -1 );
}
@ -125,7 +125,7 @@ ldbm_back_modrdn(
return( -1 );
}
free( pdn );
cache_return_entry( &li->li_cache, e );
cache_return_entry_w( &li->li_cache, e );
send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL );
return( 0 );

10
servers/slapd/back-ldbm/proto-back-ldbm.h
View file

@ -16,6 +16,8 @@ void attr_index_config( struct ldbminfo *li, char *fname, int lineno,
void cache_set_state( struct cache *cache, Entry *e, int state );
void cache_return_entry( struct cache *cache, Entry *e );
void cache_return_entry_r( struct cache *cache, Entry *e );
void cache_return_entry_w( struct cache *cache, Entry *e );
int cache_add_entry_lock( struct cache *cache, Entry *e, int state );
Entry * cache_find_entry_dn( struct cache *cache, char *dn );
Entry * cache_find_entry_id( struct cache *cache, ID id );
@ -40,7 +42,9 @@ int ldbm_cache_delete( struct dbcache *db, Datum key );
int dn2id_add( Backend *be, char *dn, ID id );
ID dn2id( Backend *be, char *dn );
int dn2id_delete( Backend *be, char *dn );
Entry * dn2entry( Backend *be, char *dn, char **matched );
/*Entry * dn2entry( Backend *be, char *dn, char **matched );*/
Entry * dn2entry_r( Backend *be, char *dn, char **matched );
Entry * dn2entry_w( Backend *be, char *dn, char **matched );
/*
* filterindex.c
@ -61,7 +65,9 @@ int has_children( Backend *be, Entry *p );
int id2entry_add( Backend *be, Entry *e );
int id2entry_delete( Backend *be, Entry *e );
Entry * id2entry( Backend *be, ID id );
Entry * id2entry( Backend *be, ID id, int rw );
Entry * id2entry_r( Backend *be, ID id );
Entry * id2entry_w( Backend *be, ID id );
/*
* idl.c

27
servers/slapd/back-ldbm/search.c
View file

@ -6,14 +6,13 @@
#include <sys/socket.h>
#include "slap.h"
#include "back-ldbm.h"
#include "proto-back-ldbm.h"
extern time_t currenttime;
extern pthread_mutex_t currenttime_mutex;
extern ID dn2id();
extern IDList *idl_alloc();
extern Entry *id2entry();
extern Entry *dn2entry();
extern Attribute *attr_find();
extern IDList *filter_candidates();
extern char *ch_realloc();
@ -140,7 +139,7 @@ ldbm_back_search(
pthread_mutex_unlock( &currenttime_mutex );
/* get the entry */
if ( (e = id2entry( be, id )) == NULL ) {
if ( (e = id2entry_r( be, id )) == NULL ) {
Debug( LDAP_DEBUG_ARGS, "candidate %d not found\n", id,
0, 0 );
continue;
@ -263,15 +262,17 @@ base_candidates(
Entry *e;
*err = LDAP_SUCCESS;
if ( (e = dn2entry( be, base, matched )) == NULL ) {
if ( (e = dn2entry_r( be, base, matched )) == NULL ) {
*err = LDAP_NO_SUCH_OBJECT;
return( NULL );
}
/* check for deleted */
idl = idl_alloc( 1 );
idl_insert( &idl, e->e_id, 1 );
cache_return_entry( &li->li_cache, e );
cache_return_entry_r( &li->li_cache, e );
return( idl );
}
@ -298,8 +299,7 @@ onelevel_candidates(
*err = LDAP_SUCCESS;
e = NULL;
/* get the base object */
if ( base != NULL && *base != '\0' && (e = dn2entry( be, base,
matched )) == NULL ) {
if ( base != NULL && *base != '\0' && (e = dn2entry_r( be, base, matched )) == NULL ) {
*err = LDAP_NO_SUCH_OBJECT;
return( NULL );
}
@ -329,6 +329,9 @@ onelevel_candidates(
f->f_and->f_next = NULL;
filter_free( f );
if ( e != NULL ) {
cache_return_entry_r( &li->li_cache, e );
}
return( candidates );
}
@ -365,8 +368,7 @@ subtree_candidates(
*err = LDAP_SUCCESS;
f = NULL;
if ( lookupbase ) {
if ( base != NULL && *base != '\0' && (e = dn2entry( be, base,
matched )) == NULL ) {
if ( base != NULL && *base != '\0' && (e = dn2entry_r( be, base, matched )) == NULL ) {
*err = LDAP_NO_SUCH_OBJECT;
return( NULL );
}
@ -377,8 +379,9 @@ subtree_candidates(
f->f_or = (Filter *) ch_malloc( sizeof(Filter) );
f->f_or->f_choice = LDAP_FILTER_EQUALITY;
f->f_or->f_avtype = strdup( "objectclass" );
f->f_or->f_avvalue.bv_val = strdup( "referral" );
f->f_or->f_avvalue.bv_len = strlen( "referral" );
/* Patch to use normalized uppercase */
f->f_or->f_avvalue.bv_val = strdup( "REFERRAL" );
f->f_or->f_avvalue.bv_len = strlen( "REFERRAL" );
f->f_or->f_next = filter;
filter = f;
@ -407,7 +410,7 @@ subtree_candidates(
}
if ( e != NULL ) {
cache_return_entry( &li->li_cache, e );
cache_return_entry_r( &li->li_cache, e );
}
return( candidates );

3
servers/slapd/configinfo.c
View file

@ -40,6 +40,9 @@ config_info( Connection *conn, Operation *op )
vals[1] = NULL;
e = (Entry *) ch_calloc( 1, sizeof(Entry) );
/* initialize reader/writer lock */
pthread_rdwr_init_np(&e->e_rdwr, NULL);
e->e_attrs = NULL;
e->e_dn = strdup( SLAPD_CONFIG_DN );

6
servers/slapd/entry.c
View file

@ -46,6 +46,8 @@ str2entry( char *s )
Debug( LDAP_DEBUG_TRACE, "=> str2entry\n", s, 0, 0 );
e = (Entry *) ch_calloc( 1, sizeof(Entry) );
/* initialize reader/writer lock */
pthread_rdwr_init_np(&e->e_rdwr, NULL);
/* check to see if there's an id included */
next = s;
@ -112,6 +114,7 @@ str2entry( char *s )
}
Debug( LDAP_DEBUG_TRACE, "<= str2entry 0x%x\n", e, 0, 0 );
return( e );
}
@ -187,6 +190,9 @@ entry_free( Entry *e )
int i;
Attribute *a, *next;
/* XXX check that no reader/writer locks exist */
assert(!pthread_rdwr_wchk_np(&e->e_rdwr)&&!pthread_rdwr_rchk_np(&e->e_rdwr));
if ( e->e_dn != NULL ) {
free( e->e_dn );
}

55
servers/slapd/filterentry.c
View file

@ -4,22 +4,13 @@
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#ifdef sunos5
#include "regexpr.h"
#else
#include "regex.h"
#endif
#include <regex.h>
#include "slap.h"
extern Attribute *attr_find();
extern char *first_word();
extern char *next_word();
extern char *phonetic();
extern char *re_comp();
#ifndef sunos5
extern pthread_mutex_t regex_mutex;
#endif
static int test_filter_list();
static int test_substring_filter();
@ -223,11 +214,12 @@ test_approx_filter(
w2 = next_word( w2 ) ) {
c2 = phonetic( w2 );
if ( strcmp( c1, c2 ) == 0 ) {
free( c2 );
break;
}
free( c2 );
}
free( c1 );
free( c2 );
/*
* if we stopped because we ran out of words
@ -265,7 +257,7 @@ test_filter_list(
{
int rc, nomatch;
Filter *f;
Debug( LDAP_DEBUG_FILTER, "=> test_filter_list\n", 0, 0, 0 );
nomatch = 1;
@ -322,6 +314,7 @@ test_substring_filter(
char pat[BUFSIZ];
char buf[BUFSIZ];
struct berval *val;
regex_t re;
Debug( LDAP_DEBUG_FILTER, "begin test_substring_filter\n", 0, 0, 0 );
@ -389,19 +382,16 @@ test_substring_filter(
}
/* compile the regex */
#ifdef sunos5
if ( (p = compile( pat, NULL, NULL )) == NULL ) {
Debug( LDAP_DEBUG_ANY, "compile failed (%s)\n", p, 0, 0 );
Debug( LDAP_DEBUG_FILTER, "test_substring_filter: regcomp pat: %s\n",
pat, 0, 0 );
if ((rc = regcomp(&re, pat, 0))) {
char error[512];
regerror(rc, &re, error, sizeof(error));
Debug( LDAP_DEBUG_ANY, "regcomp failed (%s) %s\n",
p, error, 0 );
return( -1 );
}
#else /* sunos5 */
pthread_mutex_lock( &regex_mutex );
if ( (p = re_comp( pat )) != 0 ) {
Debug( LDAP_DEBUG_ANY, "re_comp failed (%s)\n", p, 0, 0 );
pthread_mutex_unlock( &regex_mutex );
return( -1 );
}
#endif /* sunos5 */
/* for each value in the attribute see if regex matches */
for ( i = 0; a->a_vals[i] != NULL; i++ ) {
@ -417,29 +407,18 @@ test_substring_filter(
}
value_normalize( realval, a->a_syntax );
#ifdef sunos5
rc = step( realval, p );
#else /* sunos5 */
rc = re_exec( realval );
#endif /* sunos5 */
rc = !regexec(&re, realval, 0, NULL, 0);
if ( tmp != NULL ) {
free( tmp );
}
if ( rc == 1 ) {
#ifdef sunos5
free( p );
#else /* sunos5 */
pthread_mutex_unlock( &regex_mutex );
#endif /* sunos5 */
regfree(&re);
return( 0 );
}
}
#ifdef sunos5
free( p );
#else /* sunos5 */
pthread_mutex_unlock( &regex_mutex );
#endif /* sunos5 */
regfree(&re);
Debug( LDAP_DEBUG_FILTER, "end test_substring_filter 1\n", 0, 0, 0 );
return( 1 );

27
servers/slapd/monitor.c
View file

@ -10,8 +10,16 @@
* is provided ``as is'' without express or implied warranty.
*/
/* Revision history
*
* 5-Jun-96 jeff.hodges@stanford.edu
* Added locking of new_conn_mutex when traversing the c[] array.
* Added locking of currenttime_mutex to protect call(s) to localtime().
*/
#include <stdio.h>
#include <string.h>
#include <time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include "slap.h"
@ -32,13 +40,11 @@ extern time_t currenttime;
extern time_t starttime;
extern int num_conns;
extern pthread_mutex_t new_conn_mutex;
extern pthread_mutex_t currenttime_mutex;
extern char Versionstr[];
/*
* no mutex protection in here - take our chances!
*/
void
monitor_info( Connection *conn, Operation *op )
{
@ -54,6 +60,8 @@ monitor_info( Connection *conn, Operation *op )
vals[1] = NULL;
e = (Entry *) ch_calloc( 1, sizeof(Entry) );
/* initialize reader/writer lock */
pthread_rdwr_init_np(&e->e_rdwr, NULL);
e->e_attrs = NULL;
e->e_dn = strdup( SLAPD_MONITOR_DN );
@ -73,6 +81,8 @@ monitor_info( Connection *conn, Operation *op )
nconns = 0;
nwritewaiters = 0;
nreadwaiters = 0;
pthread_mutex_lock( &new_conn_mutex );
for ( i = 0; i < dtblsize; i++ ) {
if ( c[i].c_sb.sb_sd != -1 ) {
nconns++;
@ -82,8 +92,11 @@ monitor_info( Connection *conn, Operation *op )
if ( c[i].c_gettingber ) {
nreadwaiters++;
}
pthread_mutex_lock( &currenttime_mutex );
ltm = localtime( &c[i].c_starttime );
strftime( buf2, sizeof(buf2), "%y%m%d%H%M%SZ", ltm );
pthread_mutex_unlock( &currenttime_mutex );
pthread_mutex_lock( &c[i].c_dnmutex );
sprintf( buf, "%d : %s : %ld : %ld : %s : %s%s", i,
buf2, c[i].c_opsinitiated, c[i].c_opscompleted,
@ -96,6 +109,8 @@ monitor_info( Connection *conn, Operation *op )
attr_merge( e, "connection", vals );
}
}
pthread_mutex_unlock( &new_conn_mutex );
sprintf( buf, "%d", nconns );
val.bv_val = buf;
val.bv_len = strlen( buf );
@ -141,14 +156,18 @@ monitor_info( Connection *conn, Operation *op )
val.bv_len = strlen( buf );
attr_merge( e, "bytessent", vals );
pthread_mutex_lock( &currenttime_mutex );
ltm = localtime( &currenttime );
strftime( buf, sizeof(buf), "%y%m%d%H%M%SZ", ltm );
pthread_mutex_unlock( &currenttime_mutex );
val.bv_val = buf;
val.bv_len = strlen( buf );
attr_merge( e, "currenttime", vals );
pthread_mutex_lock( &currenttime_mutex );
ltm = localtime( &starttime );
strftime( buf, sizeof(buf), "%y%m%d%H%M%SZ", ltm );
pthread_mutex_unlock( &currenttime_mutex );
val.bv_val = buf;
val.bv_len = strlen( buf );
attr_merge( e, "starttime", vals );

67
servers/slapd/result.c
View file

@ -121,7 +121,13 @@ send_ldap_result2(
pthread_mutex_lock( &active_threads_mutex );
active_threads--;
conn->c_writewaiter = 1;
#ifdef linux
pthread_kill( listener_tid, SIGSTKFLT );
#else /* !linux */
pthread_kill( listener_tid, SIGUSR1 );
#endif /* !linux */
pthread_cond_wait( &conn->c_wcv, &active_threads_mutex );
pthread_mutex_unlock( &active_threads_mutex );
@ -192,6 +198,9 @@ send_search_entry(
Attribute *a;
int i, rc, bytes, sd;
struct acl *acl;
char *edn;
/* aquire reader lock */
Debug( LDAP_DEBUG_TRACE, "=> send_search_entry (%s)\n", e->e_dn, 0, 0 );
@ -202,16 +211,19 @@ send_search_entry(
return( 1 );
}
edn = dn_normalize_case( strdup( e->e_dn ) );
#ifdef COMPAT30
if ( (ber = ber_alloc_t( conn->c_version == 30 ? 0 : LBER_USE_DER ))
== NULLBER ) {
== NULLBER )
#else
if ( (ber = der_alloc()) == NULLBER ) {
if ( (ber = der_alloc()) == NULLBER )
#endif
{
Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL,
"ber_alloc" );
return( 1 );
"ber_alloc" );
goto error_return;
}
#ifdef COMPAT30
@ -220,26 +232,43 @@ send_search_entry(
LDAP_RES_SEARCH_ENTRY, e->e_dn );
} else
#endif
{
rc = ber_printf( ber, "{it{s{", op->o_msgid,
LDAP_RES_SEARCH_ENTRY, e->e_dn );
LDAP_RES_SEARCH_ENTRY, e->e_dn );
}
if ( rc == -1 ) {
Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
ber_free( ber, 1 );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL,
"ber_printf dn" );
return( 1 );
goto error_return;
}
for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
regmatch_t matches[MAXREMATCHES];
if ( attrs != NULL && ! charray_inlist( attrs, a->a_type ) ) {
continue;
}
acl = acl_get_applicable( be, op, e, a->a_type );
/* the lastmod attributes are ignored by ACL checking */
if ( strcasecmp( a->a_type, "modifiersname" ) == 0 ||
strcasecmp( a->a_type, "modifytimestamp" ) == 0 ||
strcasecmp( a->a_type, "creatorsname" ) == 0 ||
strcasecmp( a->a_type, "createtimestamp" ) == 0 )
{
Debug( LDAP_DEBUG_ACL, "LASTMOD attribute: %s access DEFAULT\n",
a->a_type, 0, 0 );
acl = NULL;
} else {
acl = acl_get_applicable( be, op, e, a->a_type, edn,
MAXREMATCHES, matches );
}
if ( ! acl_access_allowed( acl, be, conn, e, NULL, op,
ACL_READ ) ) {
if ( ! acl_access_allowed( acl, be, conn, e, NULL, op, ACL_READ,
edn, matches ) )
{
continue;
}
@ -248,14 +277,14 @@ send_search_entry(
ber_free( ber, 1 );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
NULL, "ber_printf type" );
return( 1 );
goto error_return;
}
if ( ! attrsonly ) {
for ( i = 0; a->a_vals[i] != NULL; i++ ) {
if ( a->a_syntax & SYNTAX_DN &&
! acl_access_allowed( acl, be, conn, e,
a->a_vals[i], op, ACL_READ ) )
if ( a->a_syntax & SYNTAX_DN &&
! acl_access_allowed( acl, be, conn, e, a->a_vals[i], op,
ACL_READ, edn, matches) )
{
continue;
}
@ -270,7 +299,7 @@ send_search_entry(
send_ldap_result( conn, op,
LDAP_OPERATIONS_ERROR, NULL,
"ber_printf value" );
return( 1 );
goto error_return;
}
}
}
@ -280,10 +309,12 @@ send_search_entry(
ber_free( ber, 1 );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
NULL, "ber_printf type end" );
return( 1 );
goto error_return;
}
}
free(edn);
#ifdef COMPAT30
if ( conn->c_version == 30 ) {
rc = ber_printf( ber, "}}}}" );
@ -355,7 +386,13 @@ send_search_entry(
Debug( LDAP_DEBUG_TRACE, "<= send_search_entry\n", 0, 0, 0 );
/* free reader lock */
return( rc );
error_return:;
/* free reader lock */
free(edn);
return( 1 );
}
int

22
servers/slapd/slap.h
View file

@ -6,10 +6,16 @@
#define LDAP_SYSLOG
#include <syslog.h>
#include <sys/types.h>
#include <regex.h>
#undef NDEBUG
#include <assert.h>
#include "avl.h"
#include "lber.h"
#include "ldap.h"
#include "lthread.h"
#include "lthread_rdwr.h"
#include "ldif.h"
#define DN_DNS 0
@ -17,6 +23,9 @@
#define ON 1
#define OFF (-1)
#define UNDEFINED 0
#define MAXREMATCHES 10
/*
* represents an attribute value assertion (i.e., attr=value)
@ -97,6 +106,9 @@ typedef unsigned long ID;
* represents an entry in core
*/
typedef struct entry {
pthread_rdwr_t e_rdwr; /* reader/writer lock */
/*struct entry *e_nextfree; /* for freelist */
char *e_dn; /* DN of this entry */
Attribute *e_attrs; /* list of attributes + values */
@ -121,6 +133,11 @@ struct access {
char *a_domainpat;
char *a_dnattr;
long a_access;
#ifdef ACLGROUP
char *a_group;
#endif
#define ACL_NONE 0x01
#define ACL_COMPARE 0x02
#define ACL_SEARCH 0x04
@ -134,6 +151,7 @@ struct access {
struct acl {
/* "to" part: the entries this acl applies to */
Filter *acl_filter;
regex_t acl_dnre;
char *acl_dnpat;
char **acl_attrs;
@ -187,6 +205,10 @@ typedef struct backend {
IFP be_config; /* backend config routine */
IFP be_init; /* backend init routine */
IFP be_close; /* backend close routine */
#ifdef ACLGROUP
IFP be_group; /* backend group member test */
#endif
} Backend;
/*