upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-25 17:19:43 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Major API change - (SLAP_OP_BLOCKS) All request parameters are

Browse source 
consolidated into the Operation structure. All reply parameters
are consolidated into the new SlapReply structure. Most operations
now have identical call signatures... Changes are not #ifdef'd,
revert to -r NO_SLAP_OP_BLOCKS if necessary to back out.
This commit is contained in:
Howard Chu 2003-03-30 09:03:54 +00:00
parent 9ac14af051
commit e8c58b4e7f
99 changed files with 4535 additions and 6870 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
servers/slapd/abandon.c
View file

@ -25,18 +25,14 @@
#include "slap.h"
int
do_abandon(
Connection *conn,
Operation *op
)
do_abandon( Operation *op, SlapReply *rs )
{
ber_int_t id;
Operation *o;
int rc;
int i;
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ENTRY, "conn: %d do_abandon\n", conn->c_connid, 0, 0);
LDAP_LOG( OPERATION, ENTRY, "conn: %d do_abandon\n", op->o_connid, 0, 0);
#else
Debug( LDAP_DEBUG_TRACE, "do_abandon\n", 0, 0, 0 );
#endif
@ -54,19 +50,19 @@ do_abandon(
#else
Debug( LDAP_DEBUG_ANY, "do_abandon: ber_scanf failed\n", 0, 0 ,0 );
#endif
send_ldap_disconnect( conn, op,
send_ldap_discon( op, rs,
LDAP_PROTOCOL_ERROR, "decoding error" );
return -1;
}
if( (rc = get_ctrls( conn, op, 0 )) != LDAP_SUCCESS ) {
if( get_ctrls( op, rs, 0 ) != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "do_abandon: get_ctrls failed\n", 0, 0 ,0 );
return rc;
return rs->sr_err;
}
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ARGS, "do_abandon: conn: %d id=%ld\n",
conn->c_connid, (long) id, 0 );
op->o_connid, (long) id, 0 );
#else
Debug( LDAP_DEBUG_ARGS, "do_abandon: id=%ld\n", (long) id, 0 ,0 );
#endif
@ -75,7 +71,7 @@ do_abandon(
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ERR,
"do_abandon: conn: %d bad msgid %ld\n",
conn->c_connid, (long) id, 0 );
op->o_connid, (long) id, 0 );
#else
Debug( LDAP_DEBUG_ANY,
"do_abandon: bad msgid %ld\n", (long) id, 0, 0 );
@ -83,23 +79,23 @@ do_abandon(
return LDAP_SUCCESS;
}
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
/*
* find the operation being abandoned and set the o_abandon
* flag. It's up to the backend to periodically check this
* flag and abort the operation at a convenient time.
*/
LDAP_STAILQ_FOREACH( o, &conn->c_ops, o_next ) {
LDAP_STAILQ_FOREACH( o, &op->o_conn->c_ops, o_next ) {
if ( o->o_msgid == id ) {
o->o_abandon = 1;
goto done;
}
}
LDAP_STAILQ_FOREACH( o, &conn->c_pending_ops, o_next ) {
LDAP_STAILQ_FOREACH( o, &op->o_conn->c_pending_ops, o_next ) {
if ( o->o_msgid == id ) {
LDAP_STAILQ_REMOVE( &conn->c_pending_ops, o, slap_op, o_next );
LDAP_STAILQ_REMOVE( &op->o_conn->c_pending_ops, o, slap_op, o_next );
slap_op_free( o );
goto done;
}
@ -107,18 +103,19 @@ do_abandon(
done:
op->oq_abandon.rs_msgid = id;
for ( i = 0; i < nbackends; i++ ) {
Backend *be = &backends[i];
op->o_bd = &backends[i];
if( be->be_abandon ) be->be_abandon( be, conn, op, id );
if( op->o_bd->be_abandon ) op->o_bd->be_abandon( op, rs );
}
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ENTRY,
"do_abandon: conn: %d op=%ld %sfound\n",
conn->c_connid, (long)id, o ? "" : "not " );
op->o_connid, (long)id, o ? "" : "not " );
#else
Debug( LDAP_DEBUG_TRACE, "do_abandon: op=%ld %sfound\n",
(long) id, o ? "" : "not ", 0 );

200
servers/slapd/acl.c
View file

@ -47,15 +47,13 @@ static struct berval
static AccessControl * acl_get(
AccessControl *ac, int *count,
Backend *be, Operation *op,
Entry *e,
Operation *op, Entry *e,
AttributeDescription *desc,
int nmatches, regmatch_t *matches );
static slap_control_t acl_mask(
AccessControl *ac, slap_mask_t *mask,
Backend *be, Connection *conn, Operation *op,
Entry *e,
Operation *op, Entry *e,
AttributeDescription *desc,
struct berval *val,
regmatch_t *matches,
@ -64,10 +62,7 @@ static slap_control_t acl_mask(
#ifdef SLAPD_ACI_ENABLED
static int aci_mask(
Backend *be,
Connection *conn,
Operation *op,
Entry *e,
Operation *op, Entry *e,
AttributeDescription *desc,
struct berval *val,
struct berval *aci,
@ -83,15 +78,13 @@ static void string_expand(
char *match, regmatch_t *matches);
typedef struct AciSetCookie {
Backend *be;
Entry *e;
Connection *conn;
Operation *op;
Entry *e;
} AciSetCookie;
SLAP_SET_GATHER aci_set_gather;
static int aci_match_set ( struct berval *subj, Backend *be,
Entry *e, Connection *conn, Operation *op, int setref );
static int aci_match_set ( struct berval *subj, Operation *op,
Entry *e, int setref );
/*
* access_allowed - check whether op->o_ndn is allowed the requested access
@ -110,18 +103,18 @@ static int aci_match_set ( struct berval *subj, Backend *be,
int
access_allowed(
Backend *be,
Connection *conn,
Operation *op,
Entry *e,
Operation *op,
Entry *e,
AttributeDescription *desc,
struct berval *val,
slap_access_t access,
struct berval *val,
slap_access_t access,
AccessControlState *state )
{
int ret = 1;
int count;
AccessControl *a = NULL;
Backend *be;
int be_null = 0;
#ifdef LDAP_DEBUG
char accessmaskbuf[ACCESSMASK_MAXLEN];
@ -176,7 +169,12 @@ access_allowed(
goto done;
}
if ( be == NULL ) be = &backends[0];
be = op->o_bd;
if ( be == NULL ) {
be = &backends[0];
be_null = 1;
op->o_bd = be;
}
assert( be != NULL );
/* grant database root access */
@ -184,7 +182,7 @@ access_allowed(
#ifdef NEW_LOGGING
LDAP_LOG( ACL, INFO,
"access_allowed: conn %lu root access granted\n",
conn->c_connid, 0, 0 );
op->o_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_ACL,
"<= root access granted\n",
@ -205,7 +203,7 @@ access_allowed(
#ifdef NEW_LOGGING
LDAP_LOG( ACL, DETAIL1,
"access_allowed: conn %lu NoUserMod Operational attribute: %s "
"access granted\n", conn->c_connid, attr , 0 );
"access granted\n", op->o_connid, attr , 0 );
#else
Debug( LDAP_DEBUG_ACL, "NoUserMod Operational attribute:"
" %s access granted\n",
@ -272,7 +270,7 @@ access_allowed(
memset(matches, '\0', sizeof(matches));
}
while((a = acl_get( a, &count, be, op, e, desc,
while((a = acl_get( a, &count, op, e, desc,
MAXREMATCHES, matches )) != NULL)
{
int i;
@ -312,7 +310,7 @@ access_allowed(
}
vd_access:
control = acl_mask( a, &mask, be, conn, op,
control = acl_mask( a, &mask, op,
e, desc, val, matches, count, state );
if ( control != ACL_BREAK ) {
@ -326,7 +324,7 @@ vd_access:
#ifdef NEW_LOGGING
LDAP_LOG( ACL, DETAIL1,
"access_allowed: conn %lu \"%s\" (%s) invalid!\n",
conn->c_connid, e->e_dn, attr );
op->o_connid, e->e_dn, attr );
#else
Debug( LDAP_DEBUG_ACL,
"=> access_allowed: \"%s\" (%s) invalid!\n",
@ -337,7 +335,7 @@ vd_access:
} else if ( control == ACL_BREAK ) {
#ifdef NEW_LOGGING
LDAP_LOG( ACL, DETAIL1,
"access_allowed: conn %lu no more rules\n", conn->c_connid, 0,0 );
"access_allowed: conn %lu no more rules\n", op->o_connid, 0,0 );
#else
Debug( LDAP_DEBUG_ACL,
"=> access_allowed: no more rules\n", 0, 0, 0);
@ -369,6 +367,7 @@ done:
state->as_recorded |= ACL_STATE_RECORDED;
state->as_result = ret;
}
if (be_null) op->o_bd = NULL;
return ret;
}
@ -382,12 +381,11 @@ static AccessControl *
acl_get(
AccessControl *a,
int *count,
Backend *be,
Operation *op,
Entry *e,
Operation *op,
Entry *e,
AttributeDescription *desc,
int nmatch,
regmatch_t *matches )
int nmatch,
regmatch_t *matches )
{
const char *attr;
int dnlen, patlen;
@ -401,10 +399,10 @@ acl_get(
assert( attr != NULL );
if( a == NULL ) {
if( be == NULL ) {
if( op->o_bd == NULL ) {
a = global_acl;
} else {
a = be->be_acl;
a = op->o_bd->be_acl;
}
assert( a != NULL );
@ -487,7 +485,7 @@ acl_get(
}
if ( a->acl_filter != NULL ) {
ber_int_t rc = test_filter( NULL, NULL, NULL, e, a->acl_filter );
ber_int_t rc = test_filter( NULL, e, a->acl_filter );
if ( rc != LDAP_COMPARE_TRUE ) {
continue;
}
@ -550,14 +548,12 @@ acl_get(
static slap_control_t
acl_mask(
AccessControl *a,
AccessControl *a,
slap_mask_t *mask,
Backend *be,
Connection *conn,
Operation *op,
Entry *e,
Operation *op,
Entry *e,
AttributeDescription *desc,
struct berval *val,
struct berval *val,
regmatch_t *matches,
int count,
AccessControlState *state )
@ -580,7 +576,7 @@ acl_mask(
#ifdef NEW_LOGGING
LDAP_LOG( ACL, ENTRY,
"acl_mask: conn %lu access to entry \"%s\", attr \"%s\" requested\n",
conn->c_connid, e->e_dn, attr );
op->o_connid, e->e_dn, attr );
LDAP_LOG( ACL, ARGS,
" to %s by \"%s\", (%s) \n", val ? "value" : "all values",
@ -619,7 +615,7 @@ acl_mask(
#ifdef NEW_LOGGING
LDAP_LOG( ACL, DETAIL1,
"acl_mask: conn %lu check a_dn_pat: %s\n",
conn->c_connid, b->a_dn_pat.bv_val ,0 );
op->o_connid, b->a_dn_pat.bv_val ,0 );
#else
Debug( LDAP_DEBUG_ACL, "<= check a_dn_pat: %s\n",
b->a_dn_pat.bv_val, 0, 0);
@ -740,13 +736,13 @@ dn_match_cleanup:;
}
if ( b->a_sockurl_pat.bv_len ) {
if ( ! conn->c_listener ) {
if ( ! op->o_conn->c_listener ) {
continue;
}
#ifdef NEW_LOGGING
LDAP_LOG( ACL, DETAIL1,
"acl_mask: conn %lu check a_sockurl_pat: %s\n",
conn->c_connid, b->a_sockurl_pat.bv_val , 0 );
op->o_connid, b->a_sockurl_pat.bv_val , 0 );
#else
Debug( LDAP_DEBUG_ACL, "<= check a_sockurl_pat: %s\n",
b->a_sockurl_pat.bv_val, 0, 0 );
@ -754,33 +750,33 @@ dn_match_cleanup:;
if ( !ber_bvccmp( &b->a_sockurl_pat, '*' ) ) {
if ( b->a_sockurl_style == ACL_STYLE_REGEX) {
if (!regex_matches( &b->a_sockurl_pat, conn->c_listener_url.bv_val,
if (!regex_matches( &b->a_sockurl_pat, op->o_conn->c_listener_url.bv_val,
e->e_ndn, matches ) )
{
continue;
}
} else {
if ( ber_bvstrcasecmp( &b->a_sockurl_pat, &conn->c_listener_url ) != 0 )
if ( ber_bvstrcasecmp( &b->a_sockurl_pat, &op->o_conn->c_listener_url ) != 0 )
continue;
}
}
}
if ( b->a_domain_pat.bv_len ) {
if ( !conn->c_peer_domain.bv_val ) {
if ( !op->o_conn->c_peer_domain.bv_val ) {
continue;
}
#ifdef NEW_LOGGING
LDAP_LOG( ACL, DETAIL1,
"acl_mask: conn %lu check a_domain_pat: %s\n",
conn->c_connid, b->a_domain_pat.bv_val , 0 );
op->o_connid, b->a_domain_pat.bv_val , 0 );
#else
Debug( LDAP_DEBUG_ACL, "<= check a_domain_pat: %s\n",
b->a_domain_pat.bv_val, 0, 0 );
#endif
if ( !ber_bvccmp( &b->a_domain_pat, '*' ) ) {
if ( b->a_domain_style == ACL_STYLE_REGEX) {
if (!regex_matches( &b->a_domain_pat, conn->c_peer_domain.bv_val,
if (!regex_matches( &b->a_domain_pat, op->o_conn->c_peer_domain.bv_val,
e->e_ndn, matches ) )
{
continue;
@ -788,7 +784,7 @@ dn_match_cleanup:;
} else {
char buf[ACL_BUF_SIZE];
struct berval cmp = conn->c_peer_domain;
struct berval cmp = op->o_conn->c_peer_domain;
struct berval pat = b->a_domain_pat;
if ( b->a_domain_expand ) {
@ -824,52 +820,52 @@ dn_match_cleanup:;
}
if ( b->a_peername_pat.bv_len ) {
if ( !conn->c_peer_name.bv_val ) {
if ( !op->o_conn->c_peer_name.bv_val ) {
continue;
}
#ifdef NEW_LOGGING
LDAP_LOG( ACL, DETAIL1,
"acl_mask: conn %lu check a_peername_path: %s\n",
conn->c_connid, b->a_peername_pat.bv_val , 0 );
op->o_connid, b->a_peername_pat.bv_val , 0 );
#else
Debug( LDAP_DEBUG_ACL, "<= check a_peername_path: %s\n",
b->a_peername_pat.bv_val, 0, 0 );
#endif
if ( !ber_bvccmp( &b->a_peername_pat, '*' ) ) {
if ( b->a_peername_style == ACL_STYLE_REGEX) {
if (!regex_matches( &b->a_peername_pat, conn->c_peer_name.bv_val,
if (!regex_matches( &b->a_peername_pat, op->o_conn->c_peer_name.bv_val,
e->e_ndn, matches ) )
{
continue;
}
} else {
if ( ber_bvstrcasecmp( &b->a_peername_pat, &conn->c_peer_name ) != 0 )
if ( ber_bvstrcasecmp( &b->a_peername_pat, &op->o_conn->c_peer_name ) != 0 )
continue;
}
}
}
if ( b->a_sockname_pat.bv_len ) {
if ( !conn->c_sock_name.bv_val ) {
if ( !op->o_conn->c_sock_name.bv_val ) {
continue;
}
#ifdef NEW_LOGGING
LDAP_LOG( ACL, DETAIL1,
"acl_mask: conn %lu check a_sockname_path: %s\n",
conn->c_connid, b->a_sockname_pat.bv_val , 0 );
op->o_connid, b->a_sockname_pat.bv_val , 0 );
#else
Debug( LDAP_DEBUG_ACL, "<= check a_sockname_path: %s\n",
b->a_sockname_pat.bv_val, 0, 0 );
#endif
if ( !ber_bvccmp( &b->a_sockname_pat, '*' ) ) {
if ( b->a_sockname_style == ACL_STYLE_REGEX) {
if (!regex_matches( &b->a_sockname_pat, conn->c_sock_name.bv_val,
if (!regex_matches( &b->a_sockname_pat, op->o_conn->c_sock_name.bv_val,
e->e_ndn, matches ) )
{
continue;
}
} else {
if ( ber_bvstrcasecmp( &b->a_sockname_pat, &conn->c_sock_name ) != 0 )
if ( ber_bvstrcasecmp( &b->a_sockname_pat, &op->o_conn->c_sock_name ) != 0 )
continue;
}
}
@ -891,7 +887,7 @@ dn_match_cleanup:;
#ifdef NEW_LOGGING
LDAP_LOG( ACL, DETAIL1,
"acl_mask: conn %lu check a_dn_pat: %s\n",
conn->c_connid, attr , 0 );
op->o_connid, attr , 0 );
#else
Debug( LDAP_DEBUG_ACL, "<= check a_dn_at: %s\n",
attr, 0, 0);
@ -995,7 +991,7 @@ dn_match_cleanup:;
bv = b->a_group_pat;
}
rc = backend_group( be, conn, op, e, &bv, &op->o_ndn,
rc = backend_group( op, e, &bv, &op->o_ndn,
b->a_group_oc, b->a_group_at );
if ( ndn.bv_val ) free( ndn.bv_val );
@ -1015,7 +1011,7 @@ dn_match_cleanup:;
}else{
bv = b->a_set_pat;
}
if (aci_match_set( &bv, be, e, conn, op, 0 ) == 0) {
if (aci_match_set( &bv, op, e, 0 ) == 0) {
continue;
}
}
@ -1024,7 +1020,7 @@ dn_match_cleanup:;
#ifdef NEW_LOGGING
LDAP_LOG( ACL, DETAIL1,
"acl_mask: conn %lu check a_authz.sai_ssf: ACL %u > OP %u\n",
conn->c_connid, b->a_authz.sai_ssf, op->o_ssf );
op->o_connid, b->a_authz.sai_ssf, op->o_ssf );
#else
Debug( LDAP_DEBUG_ACL, "<= check a_authz.sai_ssf: ACL %u > OP %u\n",
b->a_authz.sai_ssf, op->o_ssf, 0 );
@ -1039,7 +1035,7 @@ dn_match_cleanup:;
LDAP_LOG( ACL, DETAIL1,
"acl_mask: conn %lu check a_authz.sai_transport_ssf: "
"ACL %u > OP %u\n",
conn->c_connid, b->a_authz.sai_transport_ssf,
op->o_connid, b->a_authz.sai_transport_ssf,
op->o_transport_ssf );
#else
Debug( LDAP_DEBUG_ACL,
@ -1056,7 +1052,7 @@ dn_match_cleanup:;
LDAP_LOG( ACL, DETAIL1,
"acl_mask: conn %lu check a_authz.sai_tls_ssf: ACL %u > "
"OP %u\n",
conn->c_connid, b->a_authz.sai_tls_ssf, op->o_tls_ssf );
op->o_connid, b->a_authz.sai_tls_ssf, op->o_tls_ssf );
#else
Debug( LDAP_DEBUG_ACL,
"<= check a_authz.sai_tls_ssf: ACL %u > OP %u\n",
@ -1072,7 +1068,7 @@ dn_match_cleanup:;
LDAP_LOG( ACL, DETAIL1,
"acl_mask: conn %lu check a_authz.sai_sasl_ssf: "
"ACL %u > OP %u\n",
conn->c_connid, b->a_authz.sai_sasl_ssf, op->o_sasl_ssf );
op->o_connid, b->a_authz.sai_sasl_ssf, op->o_sasl_ssf );
#else
Debug( LDAP_DEBUG_ACL,
"<= check a_authz.sai_sasl_ssf: ACL %u > OP %u\n",
@ -1210,7 +1206,7 @@ dn_match_cleanup:;
#ifdef NEW_LOGGING
LDAP_LOG( ACL, DETAIL1,
"acl_mask: conn %lu [%d] mask: %s\n",
conn->c_connid, i, accessmask2str( *mask, accessmaskbuf) );
op->o_connid, i, accessmask2str( *mask, accessmaskbuf) );
#else
Debug( LDAP_DEBUG_ACL,
"<= acl_mask: [%d] mask: %s\n",
@ -1234,7 +1230,7 @@ dn_match_cleanup:;
#ifdef NEW_LOGGING
LDAP_LOG( ACL, RESULTS,
"acl_mask: conn %lu no more <who> clauses, returning %d (stop)\n",
conn->c_connid, accessmask2str( *mask, accessmaskbuf) , 0 );
op->o_connid, accessmask2str( *mask, accessmaskbuf) , 0 );
#else
Debug( LDAP_DEBUG_ACL,
"<= acl_mask: no more <who> clauses, returning %s (stop)\n",
@ -1252,24 +1248,22 @@ dn_match_cleanup:;
int
acl_check_modlist(
Backend *be,
Connection *conn,
Operation *op,
Entry *e,
Modifications *mlist
Operation *op,
Entry *e,
Modifications *mlist
)
{
struct berval *bv;
AccessControlState state = ACL_STATE_INIT;
assert( be != NULL );
assert( op->o_bd != NULL );
/* short circuit root database access */
if ( be_isroot( be, &op->o_ndn ) ) {
if ( be_isroot( op->o_bd, &op->o_ndn ) ) {
#ifdef NEW_LOGGING
LDAP_LOG( ACL, DETAIL1,
"acl_check_modlist: conn %lu access granted to root user\n",
conn->c_connid, 0, 0 );
op->o_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_ACL,
"<= acl_access_allowed: granted to database root\n",
@ -1279,25 +1273,25 @@ acl_check_modlist(
}
/* use backend default access if no backend acls */
if( be != NULL && be->be_acl == NULL ) {
if( op->o_bd != NULL && op->o_bd->be_acl == NULL ) {
#ifdef NEW_LOGGING
LDAP_LOG( ACL, DETAIL1,
"acl_check_modlist: backend default %s access %s to \"%s\"\n",
access2str( ACL_WRITE ),
be->be_dfltaccess >= ACL_WRITE ? "granted" : "denied",
op->o_bd->be_dfltaccess >= ACL_WRITE ? "granted" : "denied",
op->o_dn.bv_val );
#else
Debug( LDAP_DEBUG_ACL,
"=> access_allowed: backend default %s access %s to \"%s\"\n",
access2str( ACL_WRITE ),
be->be_dfltaccess >= ACL_WRITE ? "granted" : "denied", op->o_dn.bv_val );
op->o_bd->be_dfltaccess >= ACL_WRITE ? "granted" : "denied", op->o_dn.bv_val );
#endif
return be->be_dfltaccess >= ACL_WRITE;
return op->o_bd->be_dfltaccess >= ACL_WRITE;
#ifdef notdef
/* be is always non-NULL */
/* op->o_bd is always non-NULL */
/* use global default access if no global acls */
} else if ( be == NULL && global_acl == NULL ) {
} else if ( op->o_bd == NULL && global_acl == NULL ) {
#ifdef NEW_LOGGING
LDAP_LOG( ACL, DETAIL1,
"acl_check_modlist: global default %s access %s to \"%s\"\n",
@ -1324,7 +1318,7 @@ acl_check_modlist(
#ifdef NEW_LOGGING
LDAP_LOG( ACL, DETAIL1,
"acl_check_modlist: conn %lu no-user-mod %s: modify access granted\n",
conn->c_connid, mlist->sml_desc->ad_cname.bv_val , 0 );
op->o_connid, mlist->sml_desc->ad_cname.bv_val , 0 );
#else
Debug( LDAP_DEBUG_ACL, "acl: no-user-mod %s:"
" modify access granted\n",
@ -1340,7 +1334,7 @@ acl_check_modlist(
* attribute and permission to add the specific attributes.
* This prevents abuse from selfwriters.
*/
if ( ! access_allowed( be, conn, op, e,
if ( ! access_allowed( op, e,
mlist->sml_desc, NULL, ACL_WRITE, &state ) )
{
return( 0 );
@ -1361,7 +1355,7 @@ acl_check_modlist(
for ( bv = mlist->sml_bvalues; bv->bv_val != NULL; bv++ )
#endif
{
if ( ! access_allowed( be, conn, op, e,
if ( ! access_allowed( op, e,
mlist->sml_desc, bv, ACL_WRITE, &state ) )
{
return( 0 );
@ -1371,7 +1365,7 @@ acl_check_modlist(
case LDAP_MOD_DELETE:
if ( mlist->sml_bvalues == NULL ) {
if ( ! access_allowed( be, conn, op, e,
if ( ! access_allowed( op, e,
mlist->sml_desc, NULL, ACL_WRITE, NULL ) )
{
return( 0 );
@ -1386,7 +1380,7 @@ acl_check_modlist(
for ( bv = mlist->sml_bvalues; bv->bv_val != NULL; bv++ )
#endif
{
if ( ! access_allowed( be, conn, op, e,
if ( ! access_allowed( op, e,
mlist->sml_desc, bv, ACL_WRITE, &state ) )
{
return( 0 );
@ -1462,7 +1456,7 @@ aci_set_gather (void *cookie, struct berval *name, struct berval *attr)
const char *text;
AttributeDescription *desc = NULL;
if (slap_bv2ad(attr, &desc, &text) == LDAP_SUCCESS) {
backend_attribute(cp->be, NULL, cp->op,
backend_attribute(cp->op,
cp->e, &ndn, desc, &bvals);
}
free(ndn.bv_val);
@ -1473,11 +1467,9 @@ aci_set_gather (void *cookie, struct berval *name, struct berval *attr)
static int
aci_match_set (
struct berval *subj,
Backend *be,
Entry *e,
Connection *conn,
Operation *op,
int setref
Operation *op,
Entry *e,
int setref
)
{
struct berval set = { 0, NULL };
@ -1511,7 +1503,7 @@ aci_match_set (
if ( dnNormalize2(NULL, &subjdn, &ndn) == LDAP_SUCCESS
&& slap_bv2ad(&setat, &desc, &text) == LDAP_SUCCESS )
{
backend_attribute(be, NULL, op, e,
backend_attribute(op, e,
&ndn, desc, &bvals);
if ( bvals != NULL ) {
if ( bvals[0].bv_val != NULL ) {
@ -1531,10 +1523,8 @@ aci_match_set (
}
if (set.bv_val != NULL) {
cookie.be = be;
cookie.e = e;
cookie.conn = conn;
cookie.op = op;
cookie.e = e;
rc = (slap_set_filter(aci_set_gather, &cookie, &set,
&op->o_ndn, &e->e_nname, NULL) > 0);
ch_free(set.bv_val);
@ -1703,10 +1693,8 @@ aci_group_member (
struct berval *subj,
struct berval *defgrpoc,
struct berval *defgrpat,
Backend *be,
Entry *e,
Connection *conn,
Operation *op,
Operation *op,
Entry *e,
regmatch_t *matches
)
{
@ -1747,7 +1735,7 @@ aci_group_member (
bv.bv_val = (char *)&buf;
string_expand(&bv, &subjdn, e->e_ndn, matches);
if ( dnNormalize2(NULL, &bv, &ndn) == LDAP_SUCCESS ) {
rc = (backend_group(be, conn, op, e, &ndn, &op->o_ndn,
rc = (backend_group(op, e, &ndn, &op->o_ndn,
grp_oc, grp_ad) == 0);
free( ndn.bv_val );
}
@ -1759,8 +1747,6 @@ done:
static int
aci_mask(
Backend *be,
Connection *conn,
Operation *op,
Entry *e,
AttributeDescription *desc,
@ -1874,19 +1860,19 @@ aci_mask(
} else if (ber_bvstrcasecmp( &aci_bv_group, &bv ) == 0) {
if (aci_group_member(&sdn, &aci_bv_group_class, &aci_bv_group_attr, be, e, conn, op, matches))
if (aci_group_member(&sdn, &aci_bv_group_class, &aci_bv_group_attr, op, e, matches))
return(1);
} else if (ber_bvstrcasecmp( &aci_bv_role, &bv ) == 0) {
if (aci_group_member(&sdn, &aci_bv_role_class, &aci_bv_role_attr, be, e, conn, op, matches))
if (aci_group_member(&sdn, &aci_bv_role_class, &aci_bv_role_attr, op, e, matches))
return(1);
} else if (ber_bvstrcasecmp( &aci_bv_set, &bv ) == 0) {
if (aci_match_set(&sdn, be, e, conn, op, 0))
if (aci_match_set(&sdn, op, e, 0))
return(1);
} else if (ber_bvstrcasecmp( &aci_bv_set_ref, &bv ) == 0) {
if (aci_match_set(&sdn, be, e, conn, op, 1))
if (aci_match_set(&sdn, op, e, 1))
return(1);
}

196
servers/slapd/add.c
View file

@ -27,14 +27,14 @@
#ifdef LDAP_SLAPI
#include "slapi.h"
static Slapi_PBlock *initAddPlugin( Backend *be, Connection *conn, Operation *op,
static void initAddPlugin( Operation *op,
struct berval *dn, Entry *e, int manageDSAit );
static int doPreAddPluginFNs( Backend *be, Slapi_PBlock *pb );
static void doPostAddPluginFNs( Backend *be, Slapi_PBlock *pb );
static int doPreAddPluginFNs( Operation *op );
static void doPostAddPluginFNs( Operation *op );
#endif /* LDAP_SLAPI */
int
do_add( Connection *conn, Operation *op )
do_add( Operation *op, SlapReply *rs )
{
BerElement *ber = op->o_ber;
char *last;
@ -42,19 +42,13 @@ do_add( Connection *conn, Operation *op )
ber_len_t len;
ber_tag_t tag;
Entry *e;
Backend *be;
Modifications *modlist = NULL;
Modifications **modtail = &modlist;
Modifications tmp;
const char *text;
int rc = LDAP_SUCCESS;
int manageDSAit;
#ifdef LDAP_SLAPI
Slapi_PBlock *pb = NULL;
#endif /* LDAP_SLAPI */
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ENTRY, "do_add: conn %d enter\n", conn->c_connid,0,0 );
LDAP_LOG( OPERATION, ENTRY, "do_add: conn %d enter\n", op->o_connid,0,0 );
#else
Debug( LDAP_DEBUG_TRACE, "do_add\n", 0, 0, 0 );
#endif
@ -74,38 +68,39 @@ do_add( Connection *conn, Operation *op )
if ( ber_scanf( ber, "{m", /*}*/ &dn ) == LBER_ERROR ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ERR,
"do_add: conn %d ber_scanf failed\n", conn->c_connid,0,0 );
"do_add: conn %d ber_scanf failed\n", op->o_connid,0,0 );
#else
Debug( LDAP_DEBUG_ANY, "do_add: ber_scanf failed\n", 0, 0, 0 );
#endif
send_ldap_disconnect( conn, op,
LDAP_PROTOCOL_ERROR, "decoding error" );
send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
return -1;
}
e = (Entry *) ch_calloc( 1, sizeof(Entry) );
rc = dnPrettyNormal( NULL, &dn, &e->e_name, &e->e_nname );
rs->sr_err = dnPrettyNormal( NULL, &dn, &e->e_name, &e->e_nname );
if( rc != LDAP_SUCCESS ) {
if( rs->sr_err != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ERR,
"do_add: conn %d invalid dn (%s)\n", conn->c_connid, dn.bv_val, 0 );
"do_add: conn %d invalid dn (%s)\n", op->o_connid, dn.bv_val, 0 );
#else
Debug( LDAP_DEBUG_ANY, "do_add: invalid dn (%s)\n", dn.bv_val, 0, 0 );
#endif
send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
"invalid DN", NULL, NULL );
send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid DN" );
goto done;
}
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ARGS,
"do_add: conn %d dn (%s)\n", conn->c_connid, e->e_dn, 0 );
"do_add: conn %d dn (%s)\n", op->o_connid, e->e_dn, 0 );
#else
Debug( LDAP_DEBUG_ARGS, "do_add: dn (%s)\n", e->e_dn, 0, 0 );
#endif
op->o_req_dn = e->e_name;
op->o_req_ndn = e->e_nname;
/* get the attrs */
for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT;
tag = ber_next_element( ber, &len, last ) )
@ -122,13 +117,12 @@ do_add( Connection *conn, Operation *op )
if ( rtag == LBER_ERROR ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ERR,
"do_add: conn %d decoding error \n", conn->c_connid, 0, 0 );
"do_add: conn %d decoding error \n", op->o_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY, "do_add: decoding error\n", 0, 0, 0 );
#endif
send_ldap_disconnect( conn, op,
LDAP_PROTOCOL_ERROR, "decoding error" );
rc = -1;
send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
rs->sr_err = -1;
goto done;
}
@ -136,13 +130,12 @@ do_add( Connection *conn, Operation *op )
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
"do_add: conn %d no values for type %s\n",
conn->c_connid, tmp.sml_type.bv_val, 0 );
op->o_connid, tmp.sml_type.bv_val, 0 );
#else
Debug( LDAP_DEBUG_ANY, "no values for type %s\n",
tmp.sml_type.bv_val, 0, 0 );
#endif
send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
NULL, "no values for attribute type", NULL, NULL );
send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR, "no values for attribute type" );
goto done;
}
@ -163,20 +156,19 @@ do_add( Connection *conn, Operation *op )
if ( ber_scanf( ber, /*{*/ "}") == LBER_ERROR ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ERR,
"do_add: conn %d ber_scanf failed\n", conn->c_connid, 0, 0 );
"do_add: conn %d ber_scanf failed\n", op->o_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY, "do_add: ber_scanf failed\n", 0, 0, 0 );
#endif
send_ldap_disconnect( conn, op,
LDAP_PROTOCOL_ERROR, "decoding error" );
rc = -1;
send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
rs->sr_err = -1;
goto done;
}
if( (rc = get_ctrls( conn, op, 1 )) != LDAP_SUCCESS ) {
if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
"do_add: conn %d get_ctrls failed\n", conn->c_connid, 0, 0 );
"do_add: conn %d get_ctrls failed\n", op->o_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY, "do_add: get_ctrls failed\n", 0, 0, 0 );
#endif
@ -184,25 +176,20 @@ do_add( Connection *conn, Operation *op )
}
if ( modlist == NULL ) {
send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
NULL, "no attributes provided", NULL, NULL );
send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR, "no attributes provided" );
goto done;
}
Statslog( LDAP_DEBUG_STATS, "conn=%lu op=%lu ADD dn=\"%s\"\n",
op->o_connid, op->o_opid, e->e_dn, 0, 0 );
op->o_connid, op->o_opid, e->e_name.bv_val, 0, 0 );
if( e->e_nname.bv_len == 0 ) {
/* protocolError may be a more appropriate error */
send_ldap_result( conn, op, rc = LDAP_ALREADY_EXISTS,
NULL, "root DSE already exists",
NULL, NULL );
send_ldap_error( op, rs, LDAP_ALREADY_EXISTS, "root DSE already exists" );
goto done;
} else if ( bvmatch( &e->e_nname, &global_schemandn ) ) {
send_ldap_result( conn, op, rc = LDAP_ALREADY_EXISTS,
NULL, "subschema subentry already exists",
NULL, NULL );
send_ldap_error( op, rs, LDAP_ALREADY_EXISTS, "subschema subentry already exists" );
goto done;
}
@ -213,34 +200,32 @@ do_add( Connection *conn, Operation *op )
* appropriate one, or send a referral to our "referral server"
* if we don't hold it.
*/
be = select_backend( &e->e_nname, manageDSAit, 0 );
if ( be == NULL ) {
BerVarray ref = referral_rewrite( default_referral,
op->o_bd = select_backend( &e->e_nname, manageDSAit, 0 );
if ( op->o_bd == NULL ) {
rs->sr_ref = referral_rewrite( default_referral,
NULL, &e->e_name, LDAP_SCOPE_DEFAULT );
send_ldap_result( conn, op, rc = LDAP_REFERRAL,
NULL, NULL, ref ? ref : default_referral, NULL );
rs->sr_err = LDAP_REFERRAL;
if (!rs->sr_ref) rs->sr_ref = default_referral;
send_ldap_result( op, rs );
if ( ref ) ber_bvarray_free( ref );
if ( rs->sr_ref != default_referral ) ber_bvarray_free( rs->sr_ref );
goto done;
}
/* check restrictions */
rc = backend_check_restrictions( be, conn, op, NULL, &text ) ;
if( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto done;
}
/* check for referrals */
rc = backend_check_referrals( be, conn, op, &e->e_name, &e->e_nname );
if ( rc != LDAP_SUCCESS ) {
if( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) {
goto done;
}
#ifdef LDAP_SLAPI
pb = initAddPlugin( be, conn, op, &dn, e, manageDSAit );
initAddPlugin( op, &dn, e, manageDSAit );
#endif /* LDAP_SLAPI */
/*
@ -249,23 +234,22 @@ do_add( Connection *conn, Operation *op )
* 2) this backend is master for what it holds;
* 3) it's a replica and the dn supplied is the updatedn.
*/
if ( be->be_add ) {
if ( op->o_bd->be_add ) {
/* do the update here */
int repl_user = be_isupdate(be, &op->o_ndn );
int repl_user = be_isupdate(op->o_bd, &op->o_ndn );
#ifndef SLAPD_MULTIMASTER
if ( !be->be_update_ndn.bv_len || repl_user )
if ( !op->o_bd->be_update_ndn.bv_len || repl_user )
#endif
{
int update = be->be_update_ndn.bv_len;
int update = op->o_bd->be_update_ndn.bv_len;
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof textbuf;
rc = slap_mods_check( modlist, update, &text,
rs->sr_err = slap_mods_check( modlist, update, &rs->sr_text,
textbuf, textlen );
if( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
if( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto done;
}
@ -277,20 +261,18 @@ do_add( Connection *conn, Operation *op )
assert( (*modtail)->sml_op == LDAP_MOD_ADD );
assert( (*modtail)->sml_desc != NULL );
}
rc = slap_mods_opattrs( be, op, modlist, modtail, &text,
textbuf, textlen );
if( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
rs->sr_err = slap_mods_opattrs( op, modlist, modtail,
&rs->sr_text, textbuf, textlen );
if( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto done;
}
}
rc = slap_mods2entry( modlist, &e, repl_user, &text,
rs->sr_err = slap_mods2entry( modlist, &e, repl_user, &rs->sr_text,
textbuf, textlen );
if( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
if( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto done;
}
@ -299,21 +281,22 @@ do_add( Connection *conn, Operation *op )
* Call the preoperation plugin here, because the entry
* will actually contain something.
*/
rc = doPreAddPluginFNs( be, pb );
if ( rc != LDAP_SUCCESS ) {
rs->sr_err = doPreAddPluginFNs( op );
if ( rs->sr_err != LDAP_SUCCESS ) {
/* plugin will have sent result */
goto done;
}
#endif /* LDAP_SLAPI */
if ( (*be->be_add)( be, conn, op, e ) == 0 ) {
op->oq_add.rs_e = e;
if ( (op->o_bd->be_add)( op, rs ) == 0 ) {
#ifdef SLAPD_MULTIMASTER
if ( !repl_user )
#endif
{
replog( be, op, &e->e_name, &e->e_nname, e );
replog( op );
}
be_entry_release_w( be, conn, op, e );
be_entry_release_w( op, e );
e = NULL;
}
@ -326,44 +309,45 @@ do_add( Connection *conn, Operation *op )
* SLAPI_ADD_ENTRY will be empty, but this may be acceptable
* on replicas (for now, it involves the minimum code intrusion).
*/
rc = doPreAddPluginFNs( be, pb );
if ( rc != LDAP_SUCCESS ) {
rs->sr_err = doPreAddPluginFNs( op );
if ( rs->sr_err != LDAP_SUCCESS ) {
/* plugin will have sent result */
goto done;
}
#endif /* LDAP_SLAPI */
defref = be->be_update_refs
? be->be_update_refs : default_referral;
ref = referral_rewrite( defref,
defref = op->o_bd->be_update_refs
? op->o_bd->be_update_refs : default_referral;
rs->sr_ref = referral_rewrite( defref,
NULL, &e->e_name, LDAP_SCOPE_DEFAULT );
send_ldap_result( conn, op, rc = LDAP_REFERRAL, NULL, NULL,
ref ? ref : defref, NULL );
rs->sr_err = LDAP_REFERRAL;
if (!rs->sr_ref) rs->sr_ref = default_referral;
send_ldap_result( op, rs );
if ( ref ) ber_bvarray_free( ref );
if ( rs->sr_ref != default_referral ) ber_bvarray_free( rs->sr_ref );
#endif /* SLAPD_MULTIMASTER */
}
} else {
#ifdef LDAP_SLAPI
rc = doPreAddPluginFNs( be, pb );
if ( rc != LDAP_SUCCESS ) {
rs->sr_err = doPreAddPluginFNs( op );
if ( rs->sr_err != LDAP_SUCCESS ) {
/* plugin will have sent result */
goto done;
}
#endif
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
"do_add: conn %d no backend support\n", conn->c_connid, 0, 0 );
"do_add: conn %d no backend support\n", op->o_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_ARGS, " do_add: no backend support\n", 0, 0, 0 );
#endif
send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
NULL, "operation not supported within namingContext", NULL, NULL );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported within namingContext" );
}
#ifdef LDAP_SLAPI
doPostAddPluginFNs( be, pb );
doPostAddPluginFNs( op );
#endif /* LDAP_SLAPI */
done:
@ -374,7 +358,7 @@ done:
entry_free( e );
}
return rc;
return rs->sr_err;
}
int
@ -537,29 +521,23 @@ slap_mods2entry(
}
#ifdef LDAP_SLAPI
static Slapi_PBlock *initAddPlugin( Backend *be, Connection *conn, Operation *op,
static void Slapi_PBlock *initAddPlugin( Operation *op,
struct berval *dn, Entry *e, int manageDSAit )
{
Slapi_PBlock *pb;
pb = op->o_pb;
slapi_x_backend_set_pb( pb, be );
slapi_x_connection_set_pb( pb, conn );
slapi_x_backend_set_pb( pb, op->o_bd );
slapi_x_connection_set_pb( pb, op->o_conn );
slapi_x_operation_set_pb( pb, op );
slapi_pblock_set( pb, SLAPI_ADD_TARGET, (void *)dn->bv_val );
slapi_pblock_set( pb, SLAPI_ADD_ENTRY, (void *)e );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit );
return pb;
slapi_pblock_set( op->o_pb, SLAPI_ADD_TARGET, (void *)dn->bv_val );
slapi_pblock_set( op->o_pb, SLAPI_ADD_ENTRY, (void *)e );
slapi_pblock_set( op->o_pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit );
}
static int doPreAddPluginFNs( Backend *be, Slapi_PBlock *pb )
static int doPreAddPluginFNs( Operation *op )
{
int rc;
rc = doPluginFNs( be, SLAPI_PLUGIN_PRE_ADD_FN, pb );
rc = doPluginFNs( op->o_bd, SLAPI_PLUGIN_PRE_ADD_FN, op->o_pb );
if ( rc != 0 ) {
/*
* A preoperation plugin failure will abort the
@ -571,7 +549,7 @@ static int doPreAddPluginFNs( Backend *be, Slapi_PBlock *pb )
#else
Debug(LDAP_DEBUG_TRACE, "do_add: add preoperation plugin failed.\n",
0, 0, 0);
if ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void *)&rc ) != 0 )
if ( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE, (void *)&rc ) != 0 )
rc = LDAP_OTHER;
#endif
} else {
@ -581,11 +559,11 @@ static int doPreAddPluginFNs( Backend *be, Slapi_PBlock *pb )
return rc;
}
static void doPostAddPluginFNs( Backend *be, Slapi_PBlock *pb )
static void doPostAddPluginFNs( Operation *op );
{
int rc;
rc = doPluginFNs( be, SLAPI_PLUGIN_POST_ADD_FN, pb );
rc = doPluginFNs( op->o_bd, SLAPI_PLUGIN_POST_ADD_FN, op->o_pb );
if ( rc != 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO, "do_add: add postoperation plugin failed\n",

271
servers/slapd/back-bdb/add.c
View file

@ -14,16 +14,11 @@
#include "external.h"
int
bdb_add(
BackendDB *be,
Connection *conn,
Operation *op,
Entry *e )
bdb_add(Operation *op, SlapReply *rs )
{
struct bdb_info *bdb = (struct bdb_info *) be->be_private;
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
struct berval pdn;
Entry *p = NULL;
int rc;
const char *text;
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof textbuf;
@ -36,10 +31,6 @@ bdb_add(
#endif
u_int32_t locker = 0;
DB_LOCK lock;
#if 0
u_int32_t lockid;
DB_LOCK lock;
#endif
int noop = 0;
#if defined(LDAP_CLIENT_UPDATE) || defined(LDAP_SYNC)
@ -47,45 +38,45 @@ bdb_add(
#endif
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ARGS, "==> bdb_add: %s\n", e->e_dn, 0, 0 );
LDAP_LOG ( OPERATION, ARGS, "==> bdb_add: %s\n", op->oq_add.rs_e->e_name.bv_val, 0, 0 );
#else
Debug(LDAP_DEBUG_ARGS, "==> bdb_add: %s\n", e->e_dn, 0, 0);
Debug(LDAP_DEBUG_ARGS, "==> bdb_add: %s\n", op->oq_add.rs_e->e_name.bv_val, 0, 0);
#endif
/* check entry's schema */
rc = entry_schema_check( be, e, NULL, &text, textbuf, textlen );
if ( rc != LDAP_SUCCESS ) {
rs->sr_err = entry_schema_check( op->o_bd, op->oq_add.rs_e, NULL, &rs->sr_text, textbuf, textlen );
if ( rs->sr_err != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
"bdb_add: entry failed schema check: %s (%d)\n", text, rc, 0 );
"bdb_add: entry failed schema check: %s (%d)\n", rs->sr_text, rs->sr_err, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"bdb_add: entry failed schema check: %s (%d)\n",
text, rc, 0 );
rs->sr_text, rs->sr_err, 0 );
#endif
goto return_results;
}
#ifdef BDB_SUBENTRIES
subentry = is_entry_subentry( e );
subentry = is_entry_subentry( op->oq_add.rs_e );
#endif
/*
* acquire an ID outside of the operation transaction
* to avoid serializing adds.
*/
rc = bdb_next_id( be, NULL, &e->e_id );
if( rc != 0 ) {
rs->sr_err = bdb_next_id( op->o_bd, NULL, &op->oq_add.rs_e->e_id );
if( rs->sr_err != 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
"bdb_add: next_id failed (%d)\n", rc, 0, 0 );
"bdb_add: next_id failed (%d)\n", rs->sr_err, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"bdb_add: next_id failed (%d)\n",
rc, 0, 0 );
rs->sr_err, 0, 0 );
#endif
rc = LDAP_OTHER;
text = "internal error";
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
@ -96,42 +87,39 @@ retry: /* transaction retry */
bdb_unlocked_cache_return_entry_r( &bdb->bi_cache, p );
p = NULL;
}
rc = TXN_ABORT( ltid );
rs->sr_err = TXN_ABORT( ltid );
ltid = NULL;
op->o_private = NULL;
op->o_do_not_cache = opinfo.boi_acl_cache;
if( rc != 0 ) {
rc = LDAP_OTHER;
text = "internal error";
if( rs->sr_err != 0 ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
ldap_pvt_thread_yield();
}
/* begin transaction */
rc = TXN_BEGIN( bdb->bi_dbenv, NULL, &ltid,
rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, NULL, &ltid,
bdb->bi_db_opflags );
text = NULL;
if( rc != 0 ) {
rs->sr_text = NULL;
if( rs->sr_err != 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
"bdb_add: txn_begin failed: %s (%d)\n", db_strerror(rc), rc, 0 );
"bdb_add: txn_begin failed: %s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"bdb_add: txn_begin failed: %s (%d)\n",
db_strerror(rc), rc, 0 );
db_strerror(rs->sr_err), rs->sr_err, 0 );
#endif
rc = LDAP_OTHER;
text = "internal error";
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
locker = TXN_ID ( ltid );
#if 0
lockid = TXN_ID( ltid );
#endif
opinfo.boi_bdb = be;
opinfo.boi_bdb = op->o_bd;
opinfo.boi_txn = ltid;
opinfo.boi_locker = locker;
opinfo.boi_err = 0;
@ -143,29 +131,19 @@ retry: /* transaction retry */
* If the parent does not exist, only allow the "root" user to
* add the entry.
*/
if ( be_issuffix( be, &e->e_nname ) ) {
if ( be_issuffix( op->o_bd, &op->oq_add.rs_e->e_nname ) ) {
pdn = slap_empty_bv;
} else {
dnParent( &e->e_nname, &pdn );
dnParent( &op->oq_add.rs_e->e_nname, &pdn );
}
if( pdn.bv_len != 0 ) {
Entry *matched = NULL;
#if 0
if ( ltid ) {
DBT obj;
obj.data = pdn.bv_val-1;
obj.size = pdn.bv_len+1;
rc = LOCK_GET( bdb->bi_dbenv, lockid, 0, &obj,
DB_LOCK_WRITE, &lock);
}
#endif
/* get parent */
rc = bdb_dn2entry_r( be, ltid, &pdn, &p, &matched, 0, locker, &lock );
rs->sr_err = bdb_dn2entry_r( op->o_bd, ltid, &pdn, &p, &matched, 0, locker, &lock );
switch( rc ) {
switch( rs->sr_err ) {
case 0:
case DB_NOTFOUND:
break;
@ -173,29 +151,26 @@ retry: /* transaction retry */
case DB_LOCK_NOTGRANTED:
goto retry;
case LDAP_BUSY:
text = "ldap server busy";
rs->sr_text = "ldap server busy";
goto return_results;
default:
rc = LDAP_OTHER;
text = "internal error";
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
if ( p == NULL ) {
char *matched_dn = NULL;
BerVarray refs;
if ( matched != NULL ) {
matched_dn = ch_strdup( matched->e_dn );
refs = is_entry_referral( matched )
? get_entry_referrals( be, conn, op, matched )
rs->sr_matched = ch_strdup( matched->e_dn );
rs->sr_ref = is_entry_referral( matched )
? get_entry_referrals( op, matched )
: NULL;
bdb_unlocked_cache_return_entry_r( &bdb->bi_cache, matched );
matched = NULL;
} else {
refs = referral_rewrite( default_referral,
NULL, &e->e_name, LDAP_SCOPE_DEFAULT );
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->oq_add.rs_e->e_name, LDAP_SCOPE_DEFAULT );
}
#ifdef NEW_LOGGING
@ -206,19 +181,21 @@ retry: /* transaction retry */
0, 0, 0 );
#endif
send_ldap_result( conn, op, rc = LDAP_REFERRAL,
matched_dn, NULL, refs, NULL );
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
ber_bvarray_free( refs );
ch_free( matched_dn );
ber_bvarray_free( rs->sr_ref );
ch_free( (char *)rs->sr_matched );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
goto done;
}
rc = access_allowed( be, conn, op, p,
rs->sr_err = access_allowed( op, p,
children, NULL, ACL_WRITE, NULL );
if ( ! rc ) {
if ( ! rs->sr_err ) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
@ -232,8 +209,8 @@ retry: /* transaction retry */
Debug( LDAP_DEBUG_TRACE, "bdb_add: no write access to parent\n",
0, 0, 0 );
#endif
rc = LDAP_INSUFFICIENT_ACCESS;
text = "no write access to parent";
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to parent";
goto return_results;;
}
@ -247,8 +224,8 @@ retry: /* transaction retry */
Debug( LDAP_DEBUG_TRACE, "bdb_add: parent is subentry\n",
0, 0, 0 );
#endif
rc = LDAP_OBJECT_CLASS_VIOLATION;
text = "parent is a subentry";
rs->sr_err = LDAP_OBJECT_CLASS_VIOLATION;
rs->sr_text = "parent is a subentry";
goto return_results;;
}
#endif
@ -262,16 +239,16 @@ retry: /* transaction retry */
Debug( LDAP_DEBUG_TRACE, "bdb_add: parent is alias\n",
0, 0, 0 );
#endif
rc = LDAP_ALIAS_PROBLEM;
text = "parent is an alias";
rs->sr_err = LDAP_ALIAS_PROBLEM;
rs->sr_text = "parent is an alias";
goto return_results;;
}
#endif
if ( is_entry_referral( p ) ) {
/* parent is a referral, don't allow add */
char *matched_dn = p->e_dn;
BerVarray refs = get_entry_referrals( be, conn, op, p );
rs->sr_matched = p->e_name.bv_val;
rs->sr_ref = get_entry_referrals( op, p );
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, DETAIL1,
@ -281,11 +258,13 @@ retry: /* transaction retry */
0, 0, 0 );
#endif
send_ldap_result( conn, op, rc = LDAP_REFERRAL,
matched_dn, NULL, refs, NULL );
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
ber_bvarray_free( refs );
ber_bvarray_free( rs->sr_ref );
bdb_unlocked_cache_return_entry_r( &bdb->bi_cache, p );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
p = NULL;
goto done;
}
@ -306,19 +285,19 @@ retry: /* transaction retry */
* no parent!
* must be adding entry at suffix or with parent ""
*/
if ( !be_isroot( be, &op->o_ndn )) {
if ( be_issuffix( be, (struct berval *)&slap_empty_bv )
|| be_isupdate( be, &op->o_ndn ) )
if ( !be_isroot( op->o_bd, &op->o_ndn )) {
if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
|| be_isupdate( op->o_bd, &op->o_ndn ) )
{
p = (Entry *)&slap_entry_root;
/* check parent for "children" acl */
rc = access_allowed( be, conn, op, p,
rs->sr_err = access_allowed( op, p,
children, NULL, ACL_WRITE, NULL );
p = NULL;
if ( ! rc ) {
if ( ! rs->sr_err ) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
@ -333,8 +312,8 @@ retry: /* transaction retry */
"bdb_add: no write access to parent\n",
0, 0, 0 );
#endif
rc = LDAP_INSUFFICIENT_ACCESS;
text = "no write access to parent";
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to parent";
goto return_results;;
}
@ -347,7 +326,7 @@ retry: /* transaction retry */
pdn.bv_len == 0 ? "suffix" : "entry at root",
0, 0 );
#endif
rc = LDAP_INSUFFICIENT_ACCESS;
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
}
@ -362,26 +341,17 @@ retry: /* transaction retry */
"bdb_add: no parent, cannot add subentry\n",
0, 0, 0 );
#endif
rc = LDAP_INSUFFICIENT_ACCESS;
text = "no parent, cannot add subentry";
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no parent, cannot add subentry";
goto return_results;;
}
#endif
#if 0
if ( ltid ) {
DBT obj;
obj.data = ",";
obj.size = 1;
rc = LOCK_GET( bdb->bi_dbenv, lockid, 0, &obj,
DB_LOCK_WRITE, &lock);
}
#endif
}
rc = access_allowed( be, conn, op, e,
rs->sr_err = access_allowed( op, op->oq_add.rs_e,
entry, NULL, ACL_WRITE, NULL );
if ( ! rc ) {
if ( ! rs->sr_err ) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
@ -395,58 +365,58 @@ retry: /* transaction retry */
Debug( LDAP_DEBUG_TRACE, "bdb_add: no write access to entry\n",
0, 0, 0 );
#endif
rc = LDAP_INSUFFICIENT_ACCESS;
text = "no write access to entry";
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to entry";
goto return_results;;
}
/* dn2id index */
rc = bdb_dn2id_add( be, ltid, &pdn, e );
if ( rc != 0 ) {
rs->sr_err = bdb_dn2id_add( op->o_bd, ltid, &pdn, op->oq_add.rs_e );
if ( rs->sr_err != 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
"bdb_add: dn2id_add failed: %s (%d)\n", db_strerror(rc), rc, 0 );
"bdb_add: dn2id_add failed: %s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 );
#else
Debug( LDAP_DEBUG_TRACE, "bdb_add: dn2id_add failed: %s (%d)\n",
db_strerror(rc), rc, 0 );
db_strerror(rs->sr_err), rs->sr_err, 0 );
#endif
switch( rc ) {
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
case DB_KEYEXIST:
rc = LDAP_ALREADY_EXISTS;
rs->sr_err = LDAP_ALREADY_EXISTS;
break;
default:
rc = LDAP_OTHER;
rs->sr_err = LDAP_OTHER;
}
goto return_results;
}
/* id2entry index */
rc = bdb_id2entry_add( be, ltid, e );
if ( rc != 0 ) {
rs->sr_err = bdb_id2entry_add( op->o_bd, ltid, op->oq_add.rs_e );
if ( rs->sr_err != 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR, "bdb_add: id2entry_add failed\n", 0, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE, "bdb_add: id2entry_add failed\n",
0, 0, 0 );
#endif
switch( rc ) {
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
default:
rc = LDAP_OTHER;
rs->sr_err = LDAP_OTHER;
}
text = "entry store failed";
rs->sr_text = "entry store failed";
goto return_results;
}
/* attribute indexes */
rc = bdb_index_entry_add( be, ltid, e, e->e_attrs );
if ( rc != LDAP_SUCCESS ) {
rs->sr_err = bdb_index_entry_add( op->o_bd, ltid, op->oq_add.rs_e );
if ( rs->sr_err != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
"bdb_add: index_entry_add failed\n", 0, 0, 0 );
@ -454,24 +424,24 @@ retry: /* transaction retry */
Debug( LDAP_DEBUG_TRACE, "bdb_add: index_entry_add failed\n",
0, 0, 0 );
#endif
switch( rc ) {
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
default:
rc = LDAP_OTHER;
rs->sr_err = LDAP_OTHER;
}
text = "index generation failed";
rs->sr_text = "index generation failed";
goto return_results;
}
if( op->o_noop ) {
if (( rc=TXN_ABORT( ltid )) != 0 ) {
text = "txn_abort (no-op) failed";
if (( rs->sr_err=TXN_ABORT( ltid )) != 0 ) {
rs->sr_text = "txn_abort (no-op) failed";
} else {
noop = 1;
rc = LDAP_SUCCESS;
rs->sr_err = LDAP_SUCCESS;
}
} else {
@ -480,17 +450,13 @@ retry: /* transaction retry */
snprintf( gid, sizeof( gid ), "%s-%08lx-%08lx",
bdb_uuid.bv_val, (long) op->o_connid, (long) op->o_opid );
if (( rc=TXN_PREPARE( ltid, gid )) != 0 ) {
text = "txn_prepare failed";
if (( rs->sr_err=TXN_PREPARE( ltid, gid )) != 0 ) {
rs->sr_text = "txn_prepare failed";
} else {
int ret = bdb_cache_add_entry_rw(bdb->bi_dbenv,
&bdb->bi_cache, e, CACHE_WRITE_LOCK,
&bdb->bi_cache, op->oq_add.rs_e, CACHE_WRITE_LOCK,
locker, &lock);
#if 0
if ( bdb_cache_add_entry_rw(&bdb->bi_cache,
e, CACHE_WRITE_LOCK) != 0 )
#endif
switch ( ret ) {
case 0:
break;
@ -502,17 +468,17 @@ retry: /* transaction retry */
}
if ( ret ) {
if(( rc=TXN_ABORT( ltid )) != 0 ) {
text = "cache add & txn_abort failed";
if(( rs->sr_err=TXN_ABORT( ltid )) != 0 ) {
rs->sr_text = "cache add & txn_abort failed";
} else {
rc = LDAP_OTHER;
text = "cache add failed";
rs->sr_err = LDAP_OTHER;
rs->sr_text = "cache add failed";
}
} else {
if(( rc=TXN_COMMIT( ltid, 0 )) != 0 ) {
text = "txn_commit failed";
if(( rs->sr_err=TXN_COMMIT( ltid, 0 )) != 0 ) {
rs->sr_text = "txn_commit failed";
} else {
rc = LDAP_SUCCESS;
rs->sr_err = LDAP_SUCCESS;
}
}
}
@ -521,44 +487,43 @@ retry: /* transaction retry */
ltid = NULL;
op->o_private = NULL;
if (rc == LDAP_SUCCESS) {
if (rs->sr_err == LDAP_SUCCESS) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, RESULTS,
"bdb_add: added%s id=%08lx dn=\"%s\"\n",
op->o_noop ? " (no-op)" : "", e->e_id, e->e_dn );
op->o_noop ? " (no-op)" : "", op->oq_add.rs_e->e_id, op->oq_add.rs_e->e_dn );
#else
Debug(LDAP_DEBUG_TRACE, "bdb_add: added%s id=%08lx dn=\"%s\"\n",
op->o_noop ? " (no-op)" : "", e->e_id, e->e_dn );
op->o_noop ? " (no-op)" : "", op->oq_add.rs_e->e_id, op->oq_add.rs_e->e_dn );
#endif
text = NULL;
rs->sr_text = NULL;
if ( !noop ) {
bdb_cache_entry_commit( e );
bdb_cache_entry_commit( op->oq_add.rs_e );
}
}
else {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
"bdb_add: %s : %s (%d)\n", text, db_strerror(rc), rc );
"bdb_add: %s : %s (%d)\n", rs->sr_text, db_strerror(rs->sr_err), rs->sr_err );
#else
Debug( LDAP_DEBUG_TRACE, "bdb_add: %s : %s (%d)\n",
text, db_strerror(rc), rc );
rs->sr_text, db_strerror(rs->sr_err), rs->sr_err );
#endif
rc = LDAP_OTHER;
rs->sr_err = LDAP_OTHER;
}
return_results:
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
send_ldap_result( op, rs );
#if defined(LDAP_CLIENT_UPDATE) || defined(LDAP_SYNC)
if ( rc == LDAP_SUCCESS && !noop ) {
LDAP_LIST_FOREACH ( ps_list, &bdb->psearch_list, link ) {
bdb_psearch( be, conn, op, ps_list, e, LDAP_PSEARCH_BY_ADD );
if ( rs->sr_err == LDAP_SUCCESS && !noop ) {
LDAP_LIST_FOREACH ( ps_list, &bdb->bi_psearch_list, o_ps_link ) {
bdb_psearch( op, rs, ps_list, op->oq_add.rs_e, LDAP_PSEARCH_BY_ADD );
}
}
#endif /* LDAP_CLIENT_UPDATE */
if( rc == LDAP_SUCCESS && bdb->bi_txn_cp ) {
if( rs->sr_err == LDAP_SUCCESS && bdb->bi_txn_cp ) {
ldap_pvt_thread_yield();
TXN_CHECKPOINT( bdb->bi_dbenv,
bdb->bi_txn_cp_kbyte, bdb->bi_txn_cp_min, 0 );
@ -571,6 +536,6 @@ done:
op->o_private = NULL;
}
return ( ( rc == LDAP_SUCCESS ) ? noop : rc );
return ( ( rs->sr_err == LDAP_SUCCESS ) ? noop : rs->sr_err );
}

2
servers/slapd/back-bdb/back-bdb.h
View file

@ -132,7 +132,7 @@ struct bdb_info {
ID bi_lastid;
ldap_pvt_thread_mutex_t bi_lastid_mutex;
#if defined(LDAP_CLIENT_UPDATE) || defined(LDAP_SYNC)
LDAP_LIST_HEAD(pl, slap_op) psearch_list;
LDAP_LIST_HEAD(pl, slap_op) bi_psearch_list;
#endif
#ifdef SLAP_IDL_CACHE
int bi_idl_cache_max_size;

209
servers/slapd/back-bdb/bind.c
View file

@ -16,25 +16,16 @@
#include "external.h"
int
bdb_bind(
Backend *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn,
int method,
struct berval *cred,
struct berval *edn
)
bdb_bind( Operation *op, SlapReply *rs )
{
struct bdb_info *bdb = (struct bdb_info *) be->be_private;
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
Entry *e;
Attribute *a;
int rc;
Entry *matched;
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
char krbname[MAX_K_NAME_SZ + 1];
AttributeDescription *krbattr = slap_schema.si_ad_krbName;
struct berval krbval;
AUTH_DAT ad;
#endif
@ -44,98 +35,83 @@ bdb_bind(
DB_LOCK lock;
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ARGS, "==> bdb_bind: dn: %s\n", dn->bv_val, 0, 0 );
LDAP_LOG ( OPERATION, ARGS, "==> bdb_bind: dn: %s\n", op->o_req_dn.bv_val, 0, 0 );
#else
Debug( LDAP_DEBUG_ARGS, "==> bdb_bind: dn: %s\n", dn->bv_val, 0, 0);
Debug( LDAP_DEBUG_ARGS, "==> bdb_bind: dn: %s\n", op->o_req_dn.bv_val, 0, 0);
#endif
rc = LOCK_ID(bdb->bi_dbenv, &locker);
switch(rc) {
/* allow noauth binds */
if ( op->oq_bind.rb_method == LDAP_AUTH_SIMPLE && be_isroot_pw( op )) {
ber_dupbv( &op->oq_bind.rb_edn, be_root_dn( op->o_bd ) );
/* front end will send result */
return LDAP_SUCCESS;
}
rs->sr_err = LOCK_ID(bdb->bi_dbenv, &locker);
switch(rs->sr_err) {
case 0:
break;
default:
send_ldap_result( conn, op, rc=LDAP_OTHER,
NULL, "internal error", NULL, NULL );
return rc;
rs->sr_text = "internal error";
send_ldap_result( op, rs );
return rs->sr_err;
}
dn2entry_retry:
/* get entry */
rc = bdb_dn2entry_r( be, NULL, ndn, &e, &matched, 0, locker, &lock );
/* get entry with reader lock */
rs->sr_err = bdb_dn2entry_r( op->o_bd, NULL, &op->o_req_ndn, &e, &matched, 0, locker, &lock );
switch(rc) {
switch(rs->sr_err) {
case DB_NOTFOUND:
case 0:
break;
case LDAP_BUSY:
send_ldap_result( conn, op, LDAP_BUSY,
NULL, "ldap server busy", NULL, NULL );
send_ldap_error( op, rs, LDAP_BUSY, "ldap_server_busy" );
LOCK_ID_FREE(bdb->bi_dbenv, locker);
return LDAP_BUSY;
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto dn2entry_retry;
default:
send_ldap_result( conn, op, rc=LDAP_OTHER,
NULL, "internal error", NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
LOCK_ID_FREE(bdb->bi_dbenv, locker);
return rc;
return rs->sr_err;
}
/* get entry with reader lock */
if ( e == NULL ) {
char *matched_dn = NULL;
BerVarray refs;
if( matched != NULL ) {
matched_dn = ch_strdup( matched->e_dn );
refs = is_entry_referral( matched )
? get_entry_referrals( be, conn, op, matched )
rs->sr_ref = is_entry_referral( matched )
? get_entry_referrals( op, matched )
: NULL;
if (rs->sr_ref)
rs->sr_matched = ch_strdup( matched->e_name.bv_val );
bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache, matched, &lock );
matched = NULL;
} else {
refs = referral_rewrite( default_referral,
NULL, dn, LDAP_SCOPE_DEFAULT );
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
/* allow noauth binds */
rc = 1;
if ( method == LDAP_AUTH_SIMPLE ) {
if ( be_isroot_pw( be, conn, ndn, cred ) ) {
ber_dupbv( edn, be_root_dn( be ) );
rc = LDAP_SUCCESS; /* front end will send result */
} else if ( refs != NULL ) {
send_ldap_result( conn, op, rc = LDAP_REFERRAL,
matched_dn, NULL, refs, NULL );
} else {
send_ldap_result( conn, op, rc = LDAP_INVALID_CREDENTIALS,
NULL, NULL, NULL, NULL );
}
} else if ( refs != NULL ) {
send_ldap_result( conn, op, rc = LDAP_REFERRAL,
matched_dn, NULL, refs, NULL );
if ( rs->sr_ref != NULL ) {
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
free( (char *)rs->sr_matched );
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
} else {
send_ldap_result( conn, op, rc = LDAP_INVALID_CREDENTIALS,
NULL, NULL, NULL, NULL );
rs->sr_err = LDAP_INVALID_CREDENTIALS;
send_ldap_result( op, rs );
}
LOCK_ID_FREE(bdb->bi_dbenv, locker);
ber_bvarray_free( refs );
free( matched_dn );
return rc;
return rs->sr_err;
}
ber_dupbv( edn, &e->e_name );
ber_dupbv( &op->oq_bind.rb_edn, &e->e_name );
/* check for deleted */
#ifdef BDB_SUBENTRIES
@ -149,8 +125,8 @@ dn2entry_retry:
0, 0 );
#endif
send_ldap_result( conn, op, rc = LDAP_INVALID_CREDENTIALS,
NULL, NULL, NULL, NULL );
rs->sr_err = LDAP_INVALID_CREDENTIALS;
send_ldap_result( op );
goto done;
}
@ -166,8 +142,7 @@ dn2entry_retry:
0, 0 );
#endif
send_ldap_result( conn, op, rc = LDAP_ALIAS_PROBLEM,
NULL, "entry is alias", NULL, NULL );
send_ldap_error( op, LDAP_ALIAS_PROBLEM, "entry is alias");
goto done;
}
@ -175,8 +150,7 @@ dn2entry_retry:
if ( is_entry_referral( e ) ) {
/* entry is a referral, don't allow bind */
BerVarray refs = get_entry_referrals( be,
conn, op, e );
rs->sr_ref = get_entry_referrals( op, e );
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, DETAIL1,
@ -186,111 +160,98 @@ dn2entry_retry:
0, 0 );
#endif
if( refs != NULL ) {
send_ldap_result( conn, op, rc = LDAP_REFERRAL,
e->e_dn, NULL, refs, NULL );
if( rs->sr_ref != NULL ) {
rs->sr_err = LDAP_REFERRAL;
rs->sr_matched = e->e_name.bv_val;
send_ldap_result( op, rs );
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
} else {
send_ldap_result( conn, op, rc = LDAP_INVALID_CREDENTIALS,
NULL, NULL, NULL, NULL );
rs->sr_err = LDAP_INVALID_CREDENTIALS;
send_ldap_result( op, rs );
}
ber_bvarray_free( refs );
goto done;
}
switch ( method ) {
switch ( op->oq_bind.rb_method ) {
case LDAP_AUTH_SIMPLE:
/* check for root dn/passwd */
if ( be_isroot_pw( be, conn, ndn, cred ) ) {
/* front end will send result */
if(edn->bv_val != NULL) free( edn->bv_val );
ber_dupbv( edn, be_root_dn( be ) );
rc = LDAP_SUCCESS;
goto done;
}
rc = access_allowed( be, conn, op, e,
rs->sr_err = access_allowed( op, e,
password, NULL, ACL_AUTH, NULL );
if ( ! rc ) {
send_ldap_result( conn, op, rc = LDAP_INSUFFICIENT_ACCESS,
NULL, NULL, NULL, NULL );
if ( ! rs->sr_err ) {
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
send_ldap_result( op, rs );
goto done;
}
if ( (a = attr_find( e->e_attrs, password )) == NULL ) {
send_ldap_result( conn, op, rc = LDAP_INAPPROPRIATE_AUTH,
NULL, NULL, NULL, NULL );
rs->sr_err = LDAP_INAPPROPRIATE_AUTH;
send_ldap_result( op, rs );
goto done;
}
if ( slap_passwd_check( conn, a, cred ) != 0 ) {
send_ldap_result( conn, op, rc = LDAP_INVALID_CREDENTIALS,
NULL, NULL, NULL, NULL );
if ( slap_passwd_check( op->o_conn, a, &op->oq_bind.rb_cred ) != 0 ) {
rs->sr_err = LDAP_INVALID_CREDENTIALS;
send_ldap_result( op, rs );
goto done;
}
rc = 0;
rs->sr_err = 0;
break;
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
case LDAP_AUTH_KRBV41:
if ( krbv4_ldap_auth( be, cred, &ad ) != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc = LDAP_INVALID_CREDENTIALS,
NULL, NULL, NULL, NULL );
if ( krbv4_ldap_auth( op->o_bd, &op->oq_bind.rb_cred, &ad ) != LDAP_SUCCESS ) {
rs->sr_err = LDAP_INVALID_CREDENTIALS,
send_ldap_result( op );
goto done;
}
rc = access_allowed( be, conn, op, e,
rs->sr_err = access_allowed( op, e,
krbattr, NULL, ACL_AUTH, NULL );
if ( ! rc ) {
send_ldap_result( conn, op, rc = LDAP_INSUFFICIENT_ACCESS,
NULL, NULL, NULL, NULL );
if ( ! rs->sr_err ) {
rs->sr_err = LDAP_INSUFFICIENT_ACCESS,
send_ldap_result( op );
goto done;
}
sprintf( krbname, "%s%s%s@%s", ad.pname, *ad.pinst ? "."
krbval.bv_len = sprintf( krbname, "%s%s%s@%s", ad.pname, *ad.pinst ? "."
: "", ad.pinst, ad.prealm );
if ( (a = attr_find( e->e_attrs, krbattr )) == NULL ) {
/*
* no krbname values present: check against DN
*/
if ( strcasecmp( dn, krbname ) == 0 ) {
rc = 0;
if ( strcasecmp( op->o_req_dn.bv_val, krbname ) == 0 ) {
rs->sr_err = 0;
break;
}
send_ldap_result( conn, op, rc = LDAP_INAPPROPRIATE_AUTH,
NULL, NULL, NULL, NULL );
rs->sr_err = LDAP_INAPPROPRIATE_AUTH,
send_ldap_result( op );
goto done;
} else { /* look for krbname match */
struct berval krbval;
krbval.bv_val = krbname;
krbval.bv_len = strlen( krbname );
if ( value_find( a->a_desc, a->a_vals, &krbval ) != 0 ) {
send_ldap_result( conn, op,
rc = LDAP_INVALID_CREDENTIALS,
NULL, NULL, NULL, NULL );
rs->sr_err = LDAP_INVALID_CREDENTIALS;
send_ldap_result( op );
goto done;
}
}
rc = 0;
rs->sr_err = 0;
break;
case LDAP_AUTH_KRBV42:
send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
NULL, "Kerberos bind step 2 not supported",
NULL, NULL );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"Kerberos bind step 2 not supported" );
goto done;
#endif
default:
send_ldap_result( conn, op, rc = LDAP_STRONG_AUTH_NOT_SUPPORTED,
NULL, "authentication method not supported", NULL, NULL );
send_ldap_error( op, rs, LDAP_STRONG_AUTH_NOT_SUPPORTED,
"authentication method not supported" );
goto done;
}
@ -302,6 +263,6 @@ done:
LOCK_ID_FREE(bdb->bi_dbenv, locker);
/* front end will send result on success (rc==0) */
return rc;
/* front end will send result on success (rs->sr_err==0) */
return rs->sr_err;
}

100
servers/slapd/back-bdb/compare.c
View file

@ -14,86 +14,74 @@
#include "external.h"
int
bdb_compare(
BackendDB *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn,
AttributeAssertion *ava
)
bdb_compare( Operation *op, SlapReply *rs )
{
struct bdb_info *bdb = (struct bdb_info *) be->be_private;
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
Entry *matched;
Entry *e;
Attribute *a;
int rc;
const char *text = NULL;
int manageDSAit = get_manageDSAit( op );
u_int32_t locker;
DB_LOCK lock;
rc = LOCK_ID(bdb->bi_dbenv, &locker);
switch(rc) {
rs->sr_err = LOCK_ID(bdb->bi_dbenv, &locker);
switch(rs->sr_err) {
case 0:
break;
default:
send_ldap_result( conn, op, rc=LDAP_OTHER,
NULL, "internal error", NULL, NULL );
return rc;
send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
return rs->sr_err;
}
dn2entry_retry:
/* get entry */
rc = bdb_dn2entry_r( be, NULL, ndn, &e, &matched, 0, locker, &lock );
rs->sr_err = bdb_dn2entry_r( op->o_bd, NULL, &op->o_req_ndn, &e, &matched, 0, locker, &lock );
switch( rc ) {
switch( rs->sr_err ) {
case DB_NOTFOUND:
case 0:
break;
case LDAP_BUSY:
text = "ldap server busy";
rs->sr_text = "ldap server busy";
goto return_results;
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto dn2entry_retry;
default:
rc = LDAP_OTHER;
text = "internal error";
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
if ( e == NULL ) {
char *matched_dn = NULL;
BerVarray refs;
if ( matched != NULL ) {
matched_dn = ch_strdup( matched->e_dn );
refs = is_entry_referral( matched )
? get_entry_referrals( be, conn, op, matched )
rs->sr_matched = ch_strdup( matched->e_dn );
rs->sr_ref = is_entry_referral( matched )
? get_entry_referrals( op, matched )
: NULL;
bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache, matched, &lock );
matched = NULL;
} else {
refs = referral_rewrite( default_referral,
NULL, dn, LDAP_SCOPE_DEFAULT );
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
send_ldap_result( conn, op, rc = LDAP_REFERRAL,
matched_dn, NULL, refs, NULL );
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
ber_bvarray_free( refs );
free( matched_dn );
ber_bvarray_free( rs->sr_ref );
free( (char *)rs->sr_matched );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
goto done;
}
if (!manageDSAit && is_entry_referral( e ) ) {
/* entry is a referral, don't allow add */
BerVarray refs = get_entry_referrals( be,
conn, op, e );
rs->sr_ref = get_entry_referrals( op, e );
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, DETAIL1,
@ -103,48 +91,50 @@ dn2entry_retry:
0, 0 );
#endif
send_ldap_result( conn, op, rc = LDAP_REFERRAL,
e->e_dn, NULL, refs, NULL );
rs->sr_err = LDAP_REFERRAL;
rs->sr_matched = e->e_name.bv_val;
send_ldap_result( op, rs );
ber_bvarray_free( refs );
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
goto done;
}
rc = access_allowed( be, conn, op, e,
ava->aa_desc, &ava->aa_value, ACL_COMPARE, NULL );
if ( ! rc ) {
rc = LDAP_INSUFFICIENT_ACCESS;
rs->sr_err = access_allowed( op, e,
op->oq_compare.rs_ava->aa_desc, &op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL );
if ( ! rs->sr_err ) {
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
rc = LDAP_NO_SUCH_ATTRIBUTE;
rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
for(a = attrs_find( e->e_attrs, ava->aa_desc );
for(a = attrs_find( e->e_attrs, op->oq_compare.rs_ava->aa_desc );
a != NULL;
a = attrs_find( a->a_next, ava->aa_desc ))
a = attrs_find( a->a_next, op->oq_compare.rs_ava->aa_desc ))
{
rc = LDAP_COMPARE_FALSE;
rs->sr_err = LDAP_COMPARE_FALSE;
#ifdef SLAP_NVALUES
if ( value_find_ex( ava->aa_desc,
if ( value_find_ex( op->oq_compare.rs_ava->aa_desc,
SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
a->a_nvals, &ava->aa_value ) == 0 )
a->a_nvals, &op->oq_compare.rs_ava->aa_value ) == 0 )
#else
if ( value_find( ava->aa_desc, a->a_vals, &ava->aa_value ) == 0 )
if ( value_find( op->oq_compare.rs_ava->aa_desc, a->a_vals, &op->oq_compare.rs_ava->aa_value ) == 0 )
#endif
{
rc = LDAP_COMPARE_TRUE;
rs->sr_err = LDAP_COMPARE_TRUE;
break;
}
}
return_results:
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
send_ldap_result( op, rs );
if( rc == LDAP_COMPARE_FALSE || rc == LDAP_COMPARE_TRUE ) {
rc = LDAP_SUCCESS;
if( rs->sr_err == LDAP_COMPARE_FALSE || rs->sr_err == LDAP_COMPARE_TRUE ) {
rs->sr_err = LDAP_SUCCESS;
}
done:
@ -155,5 +145,5 @@ done:
LOCK_ID_FREE ( bdb->bi_dbenv, locker );
return rc;
return rs->sr_err;
}

265
servers/slapd/back-bdb/delete.c
View file

@ -14,21 +14,13 @@
#include "external.h"
int
bdb_delete(
BackendDB *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn
)
bdb_delete( Operation *op, SlapReply *rs )
{
struct bdb_info *bdb = (struct bdb_info *) be->be_private;
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
Entry *matched;
struct berval pdn = {0, NULL};
Entry *e = NULL;
Entry *p = NULL;
int rc;
const char *text;
int manageDSAit = get_manageDSAit( op );
AttributeDescription *children = slap_schema.si_ad_children;
AttributeDescription *entry = slap_schema.si_ad_entry;
@ -37,10 +29,6 @@ bdb_delete(
u_int32_t locker = 0;
DB_LOCK lock;
#if 0
u_int32_t lockid;
DB_LOCK lock;
#endif
int noop = 0;
@ -49,10 +37,10 @@ bdb_delete(
#endif
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ARGS, "==> bdb_delete: %s\n", dn->bv_val, 0, 0 );
LDAP_LOG ( OPERATION, ARGS, "==> bdb_delete: %s\n", op->o_req_dn.bv_val, 0, 0 );
#else
Debug( LDAP_DEBUG_ARGS, "==> bdb_delete: %s\n",
dn->bv_val, 0, 0 );
op->o_req_dn.bv_val, 0, 0 );
#endif
if( 0 ) {
@ -67,67 +55,55 @@ retry: /* transaction retry */
Debug( LDAP_DEBUG_TRACE, "==> bdb_delete: retrying...\n",
0, 0, 0 );
#endif
rc = TXN_ABORT( ltid );
rs->sr_err = TXN_ABORT( ltid );
ltid = NULL;
op->o_private = NULL;
op->o_do_not_cache = opinfo.boi_acl_cache;
if( rc != 0 ) {
rc = LDAP_OTHER;
text = "internal error";
if( rs->sr_err != 0 ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
ldap_pvt_thread_yield();
}
/* begin transaction */
rc = TXN_BEGIN( bdb->bi_dbenv, NULL, &ltid,
rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, NULL, &ltid,
bdb->bi_db_opflags );
text = NULL;
if( rc != 0 ) {
rs->sr_text = NULL;
if( rs->sr_err != 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
"==> bdb_delete: txn_begin failed: %s (%d)\n",
db_strerror(rc), rc, 0 );
db_strerror(rs->sr_err), rs->sr_err, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"bdb_delete: txn_begin failed: %s (%d)\n",
db_strerror(rc), rc, 0 );
db_strerror(rs->sr_err), rs->sr_err, 0 );
#endif
rc = LDAP_OTHER;
text = "internal error";
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
locker = TXN_ID ( ltid );
#if 0
lockid = TXN_ID( ltid );
#endif
opinfo.boi_bdb = be;
opinfo.boi_bdb = op->o_bd;
opinfo.boi_txn = ltid;
opinfo.boi_locker = locker;
opinfo.boi_err = 0;
opinfo.boi_acl_cache = op->o_do_not_cache;
op->o_private = &opinfo;
if ( !be_issuffix( be, ndn ) ) {
dnParent( ndn, &pdn );
if ( !be_issuffix( op->o_bd, &op->o_req_ndn ) ) {
dnParent( &op->o_req_ndn, &pdn );
}
if( pdn.bv_len != 0 ) {
#if 0
if ( ltid ) {
DBT obj;
obj.data = pdn.bv_val-1;
obj.size = pdn.bv_len+1;
rc = LOCK_GET( bdb->bi_dbenv, lockid, 0, &obj,
DB_LOCK_WRITE, &lock);
}
#endif
/* get parent */
rc = bdb_dn2entry_r( be, ltid, &pdn, &p, NULL, 0, locker, &lock );
rs->sr_err = bdb_dn2entry_r( op->o_bd, ltid, &pdn, &p, NULL, 0, locker, &lock );
switch( rc ) {
switch( rs->sr_err ) {
case 0:
case DB_NOTFOUND:
break;
@ -135,11 +111,11 @@ retry: /* transaction retry */
case DB_LOCK_NOTGRANTED:
goto retry;
case LDAP_BUSY:
text = "ldap server busy";
rs->sr_text = "ldap server busy";
goto return_results;
default:
rc = LDAP_OTHER;
text = "internal error";
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
@ -152,19 +128,19 @@ retry: /* transaction retry */
"<=- bdb_delete: parent does not exist\n",
0, 0, 0);
#endif
rc = LDAP_OTHER;
text = "could not locate parent of entry";
rs->sr_err = LDAP_OTHER;
rs->sr_text = "could not locate parent of entry";
goto return_results;
}
/* check parent for "children" acl */
rc = access_allowed( be, conn, op, p,
rs->sr_err = access_allowed( op, p,
children, NULL, ACL_WRITE, NULL );
bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, p);
p = NULL;
if ( !rc ) {
if ( !rs->sr_err ) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
@ -179,25 +155,25 @@ retry: /* transaction retry */
"<=- bdb_delete: no write access to parent\n",
0, 0, 0 );
#endif
rc = LDAP_INSUFFICIENT_ACCESS;
text = "no write access to parent";
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to parent";
goto return_results;
}
} else {
/* no parent, must be root to delete */
if( ! be_isroot( be, &op->o_ndn ) ) {
if ( be_issuffix( be, (struct berval *)&slap_empty_bv )
|| be_isupdate( be, &op->o_ndn ) ) {
if( ! be_isroot( op->o_bd, &op->o_ndn ) ) {
if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
|| be_isupdate( op->o_bd, &op->o_ndn ) ) {
p = (Entry *)&slap_entry_root;
/* check parent for "children" acl */
rc = access_allowed( be, conn, op, p,
rs->sr_err = access_allowed( op, p,
children, NULL, ACL_WRITE, NULL );
p = NULL;
if ( !rc ) {
if ( !rs->sr_err ) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
@ -212,8 +188,8 @@ retry: /* transaction retry */
"<=- bdb_delete: no access "
"to parent\n", 0, 0, 0 );
#endif
rc = LDAP_INSUFFICIENT_ACCESS;
text = "no write access to parent";
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to parent";
goto return_results;
}
@ -226,26 +202,16 @@ retry: /* transaction retry */
"<=- bdb_delete: no parent "
"and not root\n", 0, 0, 0);
#endif
rc = LDAP_INSUFFICIENT_ACCESS;
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
}
#if 0
if ( ltid ) {
DBT obj;
obj.data = ",";
obj.size = 1;
rc = LOCK_GET( bdb->bi_dbenv, lockid, 0, &obj,
DB_LOCK_WRITE, &lock);
}
#endif
}
/* get entry for read/modify/write */
rc = bdb_dn2entry_w( be, ltid, ndn, &e, &matched, DB_RMW, locker, &lock );
rs->sr_err = bdb_dn2entry_w( op->o_bd, ltid, &op->o_req_ndn, &e, &matched, DB_RMW, locker, &lock );
switch( rc ) {
switch( rs->sr_err ) {
case 0:
case DB_NOTFOUND:
break;
@ -253,54 +219,53 @@ retry: /* transaction retry */
case DB_LOCK_NOTGRANTED:
goto retry;
case LDAP_BUSY:
text = "ldap server busy";
rs->sr_text = "ldap server busy";
goto return_results;
default:
rc = LDAP_OTHER;
text = "internal error";
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
if ( e == NULL ) {
char *matched_dn = NULL;
BerVarray refs;
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ARGS,
"<=- bdb_delete: no such object %s\n", dn->bv_val, 0, 0);
"<=- bdb_delete: no such object %s\n", op->o_req_dn.bv_val, 0, 0);
#else
Debug( LDAP_DEBUG_ARGS,
"<=- bdb_delete: no such object %s\n",
dn->bv_val, 0, 0);
op->o_req_dn.bv_val, 0, 0);
#endif
if ( matched != NULL ) {
matched_dn = ch_strdup( matched->e_dn );
refs = is_entry_referral( matched )
? get_entry_referrals( be, conn, op, matched )
rs->sr_matched = ch_strdup( matched->e_dn );
rs->sr_ref = is_entry_referral( matched )
? get_entry_referrals( op, matched )
: NULL;
bdb_unlocked_cache_return_entry_r(&bdb->bi_cache, matched);
matched = NULL;
} else {
refs = referral_rewrite( default_referral,
NULL, dn, LDAP_SCOPE_DEFAULT );
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
send_ldap_result( conn, op, LDAP_REFERRAL,
matched_dn, NULL, refs, NULL );
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
ber_bvarray_free( refs );
free( matched_dn );
ber_bvarray_free( rs->sr_ref );
free( (char *)rs->sr_matched );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
rc = -1;
rs->sr_err = -1;
goto done;
}
rc = access_allowed( be, conn, op, e,
rs->sr_err = access_allowed( op, e,
entry, NULL, ACL_WRITE, NULL );
if ( !rc ) {
if ( !rs->sr_err ) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
@ -315,15 +280,14 @@ retry: /* transaction retry */
"<=- bdb_delete: no write access to entry\n",
0, 0, 0 );
#endif
rc = LDAP_INSUFFICIENT_ACCESS;
text = "no write access to entry";
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to entry";
goto return_results;
}
if ( !manageDSAit && is_entry_referral( e ) ) {
/* entry is a referral, don't allow delete */
BerVarray refs = get_entry_referrals( be,
conn, op, e );
rs->sr_ref = get_entry_referrals( op, e );
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, DETAIL1,
@ -334,74 +298,77 @@ retry: /* transaction retry */
0, 0, 0 );
#endif
send_ldap_result( conn, op, LDAP_REFERRAL,
e->e_dn, NULL, refs, NULL );
rs->sr_err = LDAP_REFERRAL;
rs->sr_matched = e->e_name.bv_val;
send_ldap_result( op, rs );
ber_bvarray_free( refs );
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
rc = 1;
rs->sr_err = 1;
goto done;
}
rc = bdb_dn2id_children( be, ltid, &e->e_nname, 0 );
if( rc != DB_NOTFOUND ) {
switch( rc ) {
rs->sr_err = bdb_dn2id_children( op->o_bd, ltid, &e->e_nname, 0 );
if( rs->sr_err != DB_NOTFOUND ) {
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
case 0:
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, DETAIL1,
"<=- bdb_delete: non-leaf %s\n", dn->bv_val, 0, 0 );
"<=- bdb_delete: non-leaf %s\n", op->o_req_dn.bv_val, 0, 0 );
#else
Debug(LDAP_DEBUG_ARGS,
"<=- bdb_delete: non-leaf %s\n",
dn->bv_val, 0, 0);
op->o_req_dn.bv_val, 0, 0);
#endif
rc = LDAP_NOT_ALLOWED_ON_NONLEAF;
text = "subtree delete not supported";
rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF;
rs->sr_text = "subtree delete not supported";
break;
default:
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
"<=- bdb_delete: has_children failed %s (%d)\n",
db_strerror(rc), rc, 0 );
db_strerror(rs->sr_err), rs->sr_err, 0 );
#else
Debug(LDAP_DEBUG_ARGS,
"<=- bdb_delete: has_children failed: %s (%d)\n",
db_strerror(rc), rc, 0 );
db_strerror(rs->sr_err), rs->sr_err, 0 );
#endif
rc = LDAP_OTHER;
text = "internal error";
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
}
goto return_results;
}
/* delete from dn2id */
rc = bdb_dn2id_delete( be, ltid, pdn.bv_val, e );
if ( rc != 0 ) {
switch( rc ) {
rs->sr_err = bdb_dn2id_delete( op->o_bd, ltid, pdn.bv_val, e );
if ( rs->sr_err != 0 ) {
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
"<=- bdb_delete: dn2id failed %s (%d)\n", db_strerror(rc), rc, 0 );
"<=- bdb_delete: dn2id failed %s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 );
#else
Debug(LDAP_DEBUG_ARGS,
"<=- bdb_delete: dn2id failed: %s (%d)\n",
db_strerror(rc), rc, 0 );
db_strerror(rs->sr_err), rs->sr_err, 0 );
#endif
text = "DN index delete failed";
rc = LDAP_OTHER;
rs->sr_text = "DN index delete failed";
rs->sr_err = LDAP_OTHER;
goto return_results;
}
/* delete from id2entry */
rc = bdb_id2entry_delete( be, ltid, e );
if ( rc != 0 ) {
switch( rc ) {
rs->sr_err = bdb_id2entry_delete( op->o_bd, ltid, e );
if ( rs->sr_err != 0 ) {
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
@ -409,21 +376,21 @@ retry: /* transaction retry */
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
"<=- bdb_delete: id2entry failed: %s (%d)\n",
db_strerror(rc), rc, 0 );
db_strerror(rs->sr_err), rs->sr_err, 0 );
#else
Debug(LDAP_DEBUG_ARGS,
"<=- bdb_delete: id2entry failed: %s (%d)\n",
db_strerror(rc), rc, 0 );
db_strerror(rs->sr_err), rs->sr_err, 0 );
#endif
text = "entry delete failed";
rc = LDAP_OTHER;
rs->sr_text = "entry delete failed";
rs->sr_err = LDAP_OTHER;
goto return_results;
}
/* delete indices for old attributes */
rc = bdb_index_entry_del( be, ltid, e, e->e_attrs );
if ( rc != LDAP_SUCCESS ) {
switch( rc ) {
rs->sr_err = bdb_index_entry_del( op->o_bd, ltid, e );
if ( rs->sr_err != LDAP_SUCCESS ) {
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
@ -435,45 +402,45 @@ retry: /* transaction retry */
Debug( LDAP_DEBUG_ANY, "entry index delete failed!\n",
0, 0, 0 );
#endif
text = "entry index delete failed";
rc = LDAP_OTHER;
rs->sr_text = "entry index delete failed";
rs->sr_err = LDAP_OTHER;
goto return_results;
}
#if 0 /* Do we want to reclaim deleted IDs? */
ldap_pvt_thread_mutex_lock( &bdb->bi_lastid_mutex );
if ( e->e_id == bdb->bi_lastid ) {
bdb_last_id( be, ltid );
bdb_last_id( op->o_bd, ltid );
}
ldap_pvt_thread_mutex_unlock( &bdb->bi_lastid_mutex );
#endif
if( op->o_noop ) {
if ( ( rc = TXN_ABORT( ltid ) ) != 0 ) {
text = "txn_abort (no-op) failed";
if ( ( rs->sr_err = TXN_ABORT( ltid ) ) != 0 ) {
rs->sr_text = "txn_abort (no-op) failed";
} else {
noop = 1;
rc = LDAP_SUCCESS;
rs->sr_err = LDAP_SUCCESS;
}
} else {
rc = TXN_COMMIT( ltid, 0 );
rs->sr_err = TXN_COMMIT( ltid, 0 );
}
ltid = NULL;
op->o_private = NULL;
if( rc != 0 ) {
if( rs->sr_err != 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
"bdb_delete: txn_%s failed: %s (%d)\n",
op->o_noop ? "abort (no-op)" : "commit", db_strerror(rc), rc );
op->o_noop ? "abort (no-op)" : "commit", db_strerror(rs->sr_err), rs->sr_err );
#else
Debug( LDAP_DEBUG_TRACE,
"bdb_delete: txn_%s failed: %s (%d)\n",
op->o_noop ? "abort (no-op)" : "commit",
db_strerror(rc), rc );
db_strerror(rs->sr_err), rs->sr_err );
#endif
rc = LDAP_OTHER;
text = "commit failed";
rs->sr_err = LDAP_OTHER;
rs->sr_text = "commit failed";
} else {
#ifdef NEW_LOGGING
@ -486,22 +453,22 @@ retry: /* transaction retry */
op->o_noop ? " (no-op)" : "",
e->e_id, e->e_dn );
#endif
rc = LDAP_SUCCESS;
text = NULL;
rs->sr_err = LDAP_SUCCESS;
rs->sr_text = NULL;
}
return_results:
send_ldap_result( conn, op, rc, NULL, text, NULL, NULL );
send_ldap_result( op, rs );
#if defined(LDAP_CLIENT_UPDATE) || defined(LDAP_SYNC)
if ( rc == LDAP_SUCCESS && !noop ) {
LDAP_LIST_FOREACH( ps_list, &bdb->psearch_list, link ) {
bdb_psearch( be, conn, op, ps_list, e, LDAP_PSEARCH_BY_DELETE );
if ( rs->sr_err == LDAP_SUCCESS && !noop ) {
LDAP_LIST_FOREACH( ps_list, &bdb->bi_psearch_list, o_ps_link ) {
bdb_psearch( op, rs, ps_list, e, LDAP_PSEARCH_BY_DELETE );
}
}
#endif
if(rc == LDAP_SUCCESS && bdb->bi_txn_cp ) {
if(rs->sr_err == LDAP_SUCCESS && bdb->bi_txn_cp ) {
ldap_pvt_thread_yield();
TXN_CHECKPOINT( bdb->bi_dbenv,
bdb->bi_txn_cp_kbyte, bdb->bi_txn_cp_min, 0 );
@ -518,5 +485,5 @@ done:
op->o_private = NULL;
}
return ( ( rc == LDAP_SUCCESS ) ? noop : rc );
return ( ( rs->sr_err == LDAP_SUCCESS ) ? noop : rs->sr_err );
}

19
servers/slapd/back-bdb/extended.c
View file

@ -23,32 +23,25 @@ static struct exop {
};
int
bdb_extended(
Backend *be,
Connection *conn,
Operation *op,
struct berval *reqoid,
bdb_extended( Operation *op, SlapReply *rs )
/* struct berval *reqoid,
struct berval *reqdata,
char **rspoid,
struct berval **rspdata,
LDAPControl *** rspctrls,
const char** text,
BerVarray *refs
)
) */
{
int i;
for( i=0; exop_table[i].extended != NULL; i++ ) {
if( ber_bvcmp( exop_table[i].oid, reqoid ) == 0 ) {
return (exop_table[i].extended)(
be, conn, op,
reqoid, reqdata,
rspoid, rspdata, rspctrls,
text, refs );
if( ber_bvcmp( exop_table[i].oid, &op->oq_extended.rs_reqoid ) == 0 ) {
return (exop_table[i].extended)( op, rs );
}
}
*text = "not supported within naming context";
rs->sr_text = "not supported within naming context";
return LDAP_UNWILLING_TO_PERFORM;
}

12
servers/slapd/back-bdb/id2entry.c
View file

@ -244,13 +244,11 @@ int bdb_entry_return(
}
int bdb_entry_release(
BackendDB *be,
Connection *c,
Operation *o,
Entry *e,
int rw )
{
struct bdb_info *bdb = (struct bdb_info *) be->be_private;
struct bdb_info *bdb = (struct bdb_info *) o->o_bd->be_private;
struct bdb_op_info *boi = NULL;
/* slapMode : SLAP_SERVER_MODE, SLAP_TOOL_MODE,
@ -282,8 +280,6 @@ int bdb_entry_release(
/* return LDAP_SUCCESS IFF we can retrieve the specified entry.
*/
int bdb_entry_get(
BackendDB *be,
Connection *c,
Operation *op,
struct berval *ndn,
ObjectClass *oc,
@ -291,7 +287,7 @@ int bdb_entry_get(
int rw,
Entry **ent )
{
struct bdb_info *bdb = (struct bdb_info *) be->be_private;
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
struct bdb_op_info *boi = NULL;
DB_TXN *txn = NULL;
Entry *e;
@ -317,7 +313,7 @@ int bdb_entry_get(
#endif
if( op ) boi = (struct bdb_op_info *) op->o_private;
if( boi != NULL && be == boi->boi_bdb ) {
if( boi != NULL && op->o_bd == boi->boi_bdb ) {
txn = boi->boi_txn;
locker = boi->boi_locker;
}
@ -337,7 +333,7 @@ int bdb_entry_get(
dn2entry_retry:
/* can we find entry */
rc = bdb_dn2entry_rw( be, txn, ndn, &e, NULL, 0, rw, locker, &lock );
rc = bdb_dn2entry_rw( op->o_bd, txn, ndn, &e, NULL, 0, rw, locker, &lock );
switch( rc ) {
case DB_NOTFOUND:
case 0:

4
servers/slapd/back-bdb/index.c
View file

@ -332,10 +332,10 @@ bdb_index_entry(
Backend *be,
DB_TXN *txn,
int op,
Entry *e,
Attribute *ap )
Entry *e )
{
int rc;
Attribute *ap = e->e_attrs;
#ifdef NEW_LOGGING
LDAP_LOG( INDEX, ENTRY, "index_entry: %s (%s) %ld\n",

2
servers/slapd/back-bdb/init.c
View file

@ -95,7 +95,7 @@ bdb_db_init( BackendDB *be )
bdb->bi_search_stack = NULL;
#if defined(LDAP_CLIENT_UPDATE) || defined(LDAP_SYNC)
LDAP_LIST_INIT (&bdb->psearch_list);
LDAP_LIST_INIT (&bdb->bi_psearch_list);
#endif
ldap_pvt_thread_mutex_init( &bdb->bi_lastid_mutex );

201
servers/slapd/back-bdb/modify.c
View file

@ -15,8 +15,6 @@
#include "external.h"
int bdb_modify_internal(
BackendDB *be,
Connection *conn,
Operation *op,
DB_TXN *tid,
Modifications *modlist,
@ -39,7 +37,7 @@ int bdb_modify_internal(
e->e_id, e->e_dn, 0);
#endif
if ( !acl_check_modlist( be, conn, op, e, modlist )) {
if ( !acl_check_modlist( op, e, modlist )) {
return LDAP_INSUFFICIENT_ACCESS;
}
@ -172,7 +170,7 @@ int bdb_modify_internal(
/* check if modified attribute was indexed
* but not in case of NOOP... */
err = bdb_index_is_indexed( be, mod->sm_desc );
err = bdb_index_is_indexed( op->o_bd, mod->sm_desc );
if ( err == LDAP_SUCCESS && !op->o_noop ) {
ap = attr_find( save_attrs, mod->sm_desc );
if ( ap ) ap->a_flags |= SLAP_ATTR_IXDEL;
@ -183,7 +181,7 @@ int bdb_modify_internal(
}
/* check that the entry still obeys the schema */
rc = entry_schema_check( be, e, save_attrs, text, textbuf, textlen );
rc = entry_schema_check( op->o_bd, e, save_attrs, text, textbuf, textlen );
if ( rc != LDAP_SUCCESS || op->o_noop ) {
attrs_free( e->e_attrs );
e->e_attrs = save_attrs;
@ -209,7 +207,7 @@ int bdb_modify_internal(
/* start with deleting the old index entries */
for ( ap = save_attrs; ap != NULL; ap = ap->a_next ) {
if ( ap->a_flags & SLAP_ATTR_IXDEL ) {
rc = bdb_index_values( be, tid, ap->a_desc,
rc = bdb_index_values( op->o_bd, tid, ap->a_desc,
#ifdef SLAP_NVALUES
ap->a_nvals,
#else
@ -237,7 +235,7 @@ int bdb_modify_internal(
/* add the new index entries */
for ( ap = e->e_attrs; ap != NULL; ap = ap->a_next ) {
if (ap->a_flags & SLAP_ATTR_IXADD) {
rc = bdb_index_values( be, tid, ap->a_desc,
rc = bdb_index_values( op->o_bd, tid, ap->a_desc,
#ifdef SLAP_NVALUES
ap->a_nvals,
#else
@ -274,20 +272,12 @@ int bdb_modify_internal(
int
bdb_modify(
BackendDB *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn,
Modifications *modlist )
bdb_modify( Operation *op, SlapReply *rs )
{
struct bdb_info *bdb = (struct bdb_info *) be->be_private;
int rc;
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
Entry *matched = NULL;
Entry *e = NULL;
int manageDSAit = get_manageDSAit( op );
const char *text = NULL;
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof textbuf;
DB_TXN *ltid = NULL;
@ -300,14 +290,13 @@ bdb_modify(
#if defined(LDAP_CLIENT_UPDATE) || defined(LDAP_SYNC)
Operation* ps_list;
struct psid_entry* pm_list;
struct psid_entry* pm_prev;
struct psid_entry *pm_list, *pm_prev;
#endif
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ENTRY, "bdb_modify: %s\n", dn->bv_val, 0, 0 );
LDAP_LOG ( OPERATION, ENTRY, "bdb_modify: %s\n", op->o_req_dn.bv_val, 0, 0 );
#else
Debug( LDAP_DEBUG_ARGS, "bdb_modify: %s\n", dn->bv_val, 0, 0 );
Debug( LDAP_DEBUG_ARGS, "bdb_modify: %s\n", op->o_req_dn.bv_val, 0, 0 );
#endif
if( 0 ) {
@ -324,48 +313,48 @@ retry: /* transaction retry */
#endif
#if defined(LDAP_CLIENT_UPDATE) || defined(LDAP_SYNC)
pm_list = LDAP_LIST_FIRST(&op->premodify_list);
pm_list = LDAP_LIST_FIRST(&op->o_pm_list);
while ( pm_list != NULL ) {
LDAP_LIST_REMOVE ( pm_list, link );
LDAP_LIST_REMOVE ( pm_list, ps_link );
pm_prev = pm_list;
pm_list = LDAP_LIST_NEXT ( pm_list, link );
free (pm_prev);
pm_list = LDAP_LIST_NEXT ( pm_list, ps_link );
ch_free( pm_prev );
}
#endif
rc = TXN_ABORT( ltid );
rs->sr_err = TXN_ABORT( ltid );
ltid = NULL;
op->o_private = NULL;
op->o_do_not_cache = opinfo.boi_acl_cache;
if( rc != 0 ) {
rc = LDAP_OTHER;
text = "internal error";
if( rs->sr_err != 0 ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
ldap_pvt_thread_yield();
}
/* begin transaction */
rc = TXN_BEGIN( bdb->bi_dbenv, NULL, &ltid,
rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, NULL, &ltid,
bdb->bi_db_opflags );
text = NULL;
if( rc != 0 ) {
rs->sr_text = NULL;
if( rs->sr_err != 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, DETAIL1,
"bdb_modify: txn_begin failed: %s (%d)\n", db_strerror(rc), rc, 0 );
"bdb_modify: txn_begin failed: %s (%d)\n", db_strerror(rs->sr_err), rs->sr_err, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"bdb_modify: txn_begin failed: %s (%d)\n",
db_strerror(rc), rc, 0 );
db_strerror(rs->sr_err), rs->sr_err, 0 );
#endif
rc = LDAP_OTHER;
text = "internal error";
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
locker = TXN_ID ( ltid );
opinfo.boi_bdb = be;
opinfo.boi_bdb = op->o_bd;
opinfo.boi_txn = ltid;
opinfo.boi_locker = locker;
opinfo.boi_err = 0;
@ -373,64 +362,62 @@ retry: /* transaction retry */
op->o_private = &opinfo;
/* get entry */
rc = bdb_dn2entry_w( be, ltid, ndn, &e, &matched, 0, locker, &lock );
rs->sr_err = bdb_dn2entry_w( op->o_bd, ltid, &op->o_req_ndn, &e, &matched, 0, locker, &lock );
if ( rc != 0 ) {
if ( rs->sr_err != 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, DETAIL1,
"bdb_modify: dn2entry failed: (%d)\n", rc, 0, 0 );
"bdb_modify: dn2entry failed: (%d)\n", rs->sr_err, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"bdb_modify: dn2entry failed (%d)\n",
rc, 0, 0 );
rs->sr_err, 0, 0 );
#endif
switch( rc ) {
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
case DB_NOTFOUND:
break;
case LDAP_BUSY:
text = "ldap server busy";
rs->sr_text = "ldap server busy";
goto return_results;
default:
rc = LDAP_OTHER;
rs->sr_err = LDAP_OTHER;
}
text = "internal error";
rs->sr_text = "internal error";
goto return_results;
}
/* acquire and lock entry */
if ( e == NULL ) {
char* matched_dn = NULL;
BerVarray refs;
if ( matched != NULL ) {
matched_dn = ch_strdup( matched->e_dn );
refs = is_entry_referral( matched )
? get_entry_referrals( be, conn, op, matched )
rs->sr_matched = ch_strdup( matched->e_dn );
rs->sr_ref = is_entry_referral( matched )
? get_entry_referrals( op, matched )
: NULL;
bdb_unlocked_cache_return_entry_r (&bdb->bi_cache, matched);
matched = NULL;
} else {
refs = referral_rewrite( default_referral,
NULL, dn, LDAP_SCOPE_DEFAULT );
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
send_ldap_result( conn, op, rc = LDAP_REFERRAL,
matched_dn, NULL, refs, NULL );
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
ber_bvarray_free( refs );
free( matched_dn );
ber_bvarray_free( rs->sr_ref );
free( (char *)rs->sr_matched );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
goto done;
}
if ( !manageDSAit && is_entry_referral( e ) ) {
/* entry is a referral, don't allow modify */
BerVarray refs = get_entry_referrals( be,
conn, op, e );
rs->sr_ref = get_entry_referrals( op, e );
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, DETAIL1, "bdb_modify: entry is referral\n", 0, 0, 0 );
@ -440,38 +427,41 @@ retry: /* transaction retry */
0, 0, 0 );
#endif
send_ldap_result( conn, op, rc = LDAP_REFERRAL,
e->e_dn, NULL, refs, NULL );
rs->sr_err = LDAP_REFERRAL;
rs->sr_matched = e->e_name.bv_val;
send_ldap_result( op, rs );
ber_bvarray_free( refs );
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
goto done;
}
#if defined(LDAP_CLIENT_UPDATE) || defined(LDAP_SYNC)
if ( rc == LDAP_SUCCESS && !op->o_noop ) {
LDAP_LIST_FOREACH ( ps_list, &bdb->psearch_list, link ) {
bdb_psearch(be, conn, op, ps_list, e, LDAP_PSEARCH_BY_PREMODIFY );
if ( rs->sr_err == LDAP_SUCCESS && !op->o_noop ) {
LDAP_LIST_FOREACH ( ps_list, &bdb->bi_psearch_list, o_ps_link ) {
bdb_psearch(op, rs, ps_list, e, LDAP_PSEARCH_BY_PREMODIFY );
}
}
#endif
/* Modify the entry */
rc = bdb_modify_internal( be, conn, op, ltid, modlist, e,
&text, textbuf, textlen );
rs->sr_err = bdb_modify_internal( op, ltid, op->oq_modify.rs_modlist, e,
&rs->sr_text, textbuf, textlen );
if( rc != LDAP_SUCCESS ) {
if( rs->sr_err != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
"bdb_modify: modify failed (%d)\n", rc, 0, 0 );
"bdb_modify: modify failed (%d)\n", rs->sr_err, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"bdb_modify: modify failed (%d)\n",
rc, 0, 0 );
rs->sr_err, 0, 0 );
#endif
if ( (rc == LDAP_INSUFFICIENT_ACCESS) && opinfo.boi_err ) {
rc = opinfo.boi_err;
if ( (rs->sr_err == LDAP_INSUFFICIENT_ACCESS) && opinfo.boi_err ) {
rs->sr_err = opinfo.boi_err;
}
switch( rc ) {
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
@ -480,51 +470,51 @@ retry: /* transaction retry */
}
/* change the entry itself */
rc = bdb_id2entry_update( be, ltid, e );
if ( rc != 0 ) {
rs->sr_err = bdb_id2entry_update( op->o_bd, ltid, e );
if ( rs->sr_err != 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
"bdb_modify: id2entry update failed (%d)\n", rc, 0, 0 );
"bdb_modify: id2entry update failed (%d)\n", rs->sr_err, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"bdb_modify: id2entry update failed (%d)\n",
rc, 0, 0 );
rs->sr_err, 0, 0 );
#endif
switch( rc ) {
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
text = "entry update failed";
rs->sr_text = "entry update failed";
goto return_results;
}
if( op->o_noop ) {
if ( ( rc = TXN_ABORT( ltid ) ) != 0 ) {
text = "txn_abort (no-op) failed";
if ( ( rs->sr_err = TXN_ABORT( ltid ) ) != 0 ) {
rs->sr_text = "txn_abort (no-op) failed";
} else {
noop = 1;
rc = LDAP_SUCCESS;
rs->sr_err = LDAP_SUCCESS;
}
} else {
rc = TXN_COMMIT( ltid, 0 );
rs->sr_err = TXN_COMMIT( ltid, 0 );
}
ltid = NULL;
op->o_private = NULL;
if( rc != 0 ) {
if( rs->sr_err != 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
"bdb_modify: txn_%s failed %s (%d)\n",
op->o_noop ? "abort (no_op)" : "commit", db_strerror(rc), rc );
op->o_noop ? "abort (no_op)" : "commit", db_strerror(rs->sr_err), rs->sr_err );
#else
Debug( LDAP_DEBUG_TRACE,
"bdb_modify: txn_%s failed: %s (%d)\n",
op->o_noop ? "abort (no-op)" : "commit",
db_strerror(rc), rc );
db_strerror(rs->sr_err), rs->sr_err );
#endif
rc = LDAP_OTHER;
text = "commit failed";
rs->sr_err = LDAP_OTHER;
rs->sr_text = "commit failed";
} else {
#ifdef NEW_LOGGING
@ -537,33 +527,32 @@ retry: /* transaction retry */
op->o_noop ? " (no-op)" : "",
e->e_id, e->e_dn );
#endif
rc = LDAP_SUCCESS;
text = NULL;
rs->sr_err = LDAP_SUCCESS;
rs->sr_text = NULL;
}
return_results:
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
send_ldap_result( op, rs );
#if defined(LDAP_CLIENT_UPDATE) || defined(LDAP_SYNC)
if ( rc == LDAP_SUCCESS && !op->o_noop ) {
if ( rs->sr_err == LDAP_SUCCESS && !op->o_noop ) {
/* Loop through in-scope entries for each psearch spec */
LDAP_LIST_FOREACH ( ps_list, &bdb->psearch_list, link ) {
bdb_psearch( be, conn, op, ps_list, e, LDAP_PSEARCH_BY_MODIFY );
LDAP_LIST_FOREACH ( ps_list, &bdb->bi_psearch_list, o_ps_link ) {
bdb_psearch( op, rs, ps_list, e, LDAP_PSEARCH_BY_MODIFY );
}
pm_list = LDAP_LIST_FIRST(&op->premodify_list);
pm_list = LDAP_LIST_FIRST(&op->o_pm_list);
while ( pm_list != NULL ) {
bdb_psearch(be, conn, op, pm_list->ps->op,
bdb_psearch(op, rs, pm_list->ps_op,
e, LDAP_PSEARCH_BY_SCOPEOUT);
LDAP_LIST_REMOVE ( pm_list, link );
LDAP_LIST_REMOVE ( pm_list, ps_link );
pm_prev = pm_list;
pm_list = LDAP_LIST_NEXT ( pm_list, link );
free (pm_prev);
pm_list = LDAP_LIST_NEXT ( pm_list, ps_link );
ch_free( pm_prev );
}
}
#endif
if( rc == LDAP_SUCCESS && bdb->bi_txn_cp ) {
if( rs->sr_err == LDAP_SUCCESS && bdb->bi_txn_cp ) {
ldap_pvt_thread_yield();
TXN_CHECKPOINT( bdb->bi_dbenv,
bdb->bi_txn_cp_kbyte, bdb->bi_txn_cp_min, 0 );
@ -572,12 +561,12 @@ return_results:
done:
if( ltid != NULL ) {
#if defined(LDAP_CLIENT_UPDATE) || defined(LDAP_SYNC)
pm_list = LDAP_LIST_FIRST(&op->premodify_list);
pm_list = LDAP_LIST_FIRST(&op->o_pm_list);
while ( pm_list != NULL ) {
LDAP_LIST_REMOVE ( pm_list, link );
LDAP_LIST_REMOVE ( pm_list, ps_link );
pm_prev = pm_list;
pm_list = LDAP_LIST_NEXT ( pm_list, link );
free (pm_prev);
pm_list = LDAP_LIST_NEXT ( pm_list, ps_link );
ch_free( pm_prev );
}
#endif
TXN_ABORT( ltid );
@ -587,5 +576,5 @@ done:
if( e != NULL ) {
bdb_unlocked_cache_return_entry_w (&bdb->bi_cache, e);
}
return ( ( rc == LDAP_SUCCESS ) ? noop : rc );
return ( ( rs->sr_err == LDAP_SUCCESS ) ? noop : rs->sr_err );
}

410
servers/slapd/back-bdb/modrdn.c
View file

@ -14,19 +14,9 @@
#include "external.h"
int
bdb_modrdn(
Backend *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn,
struct berval *newrdn,
struct berval *nnewrdn,
int deleteoldrdn,
struct berval *newSuperior,
struct berval *nnewSuperior )
bdb_modrdn( Operation *op, SlapReply *rs )
{
struct bdb_info *bdb = (struct bdb_info *) be->be_private;
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
AttributeDescription *children = slap_schema.si_ad_children;
AttributeDescription *entry = slap_schema.si_ad_entry;
struct berval p_dn, p_ndn;
@ -38,8 +28,6 @@ bdb_modrdn(
/* LDAP v2 supporting correct attribute handling. */
LDAPRDN *new_rdn = NULL;
LDAPRDN *old_rdn = NULL;
int rc;
const char *text;
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof textbuf;
DB_TXN * ltid = NULL;
@ -63,18 +51,18 @@ bdb_modrdn(
int noop = 0;
#if defined(LDAP_CLIENT_UPDATE) || defined(LDAP_SYNC)
Operation* ps_list;
struct psid_entry* pm_list;
struct psid_entry* pm_prev;
Operation *ps_list;
struct psid_entry *pm_list, *pm_prev;
#endif
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ENTRY, "==>bdb_modrdn(%s,%s,%s)\n",
dn->bv_val,newrdn->bv_val, newSuperior ? newSuperior->bv_val : "NULL" );
op->o_req_dn.bv_val,op->oq_modrdn.rs_newrdn.bv_val,
op->oq_modrdn.rs_newSup ? op->oq_modrdn.rs_newSup->bv_val : "NULL" );
#else
Debug( LDAP_DEBUG_TRACE, "==>bdb_modrdn(%s,%s,%s)\n",
dn->bv_val, newrdn->bv_val,
newSuperior ? newSuperior->bv_val : "NULL" );
op->o_req_dn.bv_val,op->oq_modrdn.rs_newrdn.bv_val,
op->oq_modrdn.rs_newSup ? op->oq_modrdn.rs_newSup->bv_val : "NULL" );
#endif
if( 0 ) {
@ -99,49 +87,49 @@ retry: /* transaction retry */
#endif
#if defined(LDAP_CLIENT_UPDATE) || defined(LDAP_SYNC)
pm_list = LDAP_LIST_FIRST(&op->premodify_list);
pm_list = LDAP_LIST_FIRST(&op->o_pm_list);
while ( pm_list != NULL ) {
LDAP_LIST_REMOVE ( pm_list, link );
pm_prev = pm_list;
pm_list = LDAP_LIST_NEXT ( pm_list, link );
free (pm_prev);
LDAP_LIST_REMOVE ( pm_list, ps_link );
pm_prev = pm_list;
pm_list = LDAP_LIST_NEXT ( pm_list, ps_link );
ch_free( pm_prev );
}
#endif
rc = TXN_ABORT( ltid );
rs->sr_err = TXN_ABORT( ltid );
ltid = NULL;
op->o_private = NULL;
op->o_do_not_cache = opinfo.boi_acl_cache;
if( rc != 0 ) {
rc = LDAP_OTHER;
text = "internal error";
if( rs->sr_err != 0 ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
ldap_pvt_thread_yield();
}
/* begin transaction */
rc = TXN_BEGIN( bdb->bi_dbenv, NULL, &ltid,
rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, NULL, &ltid,
bdb->bi_db_opflags );
text = NULL;
if( rc != 0 ) {
rs->sr_text = NULL;
if( rs->sr_err != 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
"==>bdb_modrdn: txn_begin failed: %s (%d)\n",
db_strerror(rc), rc, 0 );
db_strerror(rs->sr_err), rs->sr_err, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"bdb_delete: txn_begin failed: %s (%d)\n",
db_strerror(rc), rc, 0 );
db_strerror(rs->sr_err), rs->sr_err, 0 );
#endif
rc = LDAP_OTHER;
text = "internal error";
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
locker = TXN_ID ( ltid );
opinfo.boi_bdb = be;
opinfo.boi_bdb = op->o_bd;
opinfo.boi_txn = ltid;
opinfo.boi_locker = locker;
opinfo.boi_err = 0;
@ -149,9 +137,9 @@ retry: /* transaction retry */
op->o_private = &opinfo;
/* get entry */
rc = bdb_dn2entry_w( be, ltid, ndn, &e, &matched, DB_RMW, locker, &lock );
rs->sr_err = bdb_dn2entry_w( op->o_bd, ltid, &op->o_req_ndn, &e, &matched, DB_RMW, locker, &lock );
switch( rc ) {
switch( rs->sr_err ) {
case 0:
case DB_NOTFOUND:
break;
@ -159,44 +147,43 @@ retry: /* transaction retry */
case DB_LOCK_NOTGRANTED:
goto retry;
case LDAP_BUSY:
text = "ldap server busy";
rs->sr_text = "ldap server busy";
goto return_results;
default:
rc = LDAP_OTHER;
text = "internal error";
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
if ( e == NULL ) {
char* matched_dn = NULL;
BerVarray refs;
if( matched != NULL ) {
matched_dn = ch_strdup( matched->e_dn );
refs = is_entry_referral( matched )
? get_entry_referrals( be, conn, op, matched )
rs->sr_matched = ch_strdup( matched->e_dn );
rs->sr_ref = is_entry_referral( matched )
? get_entry_referrals( op, matched )
: NULL;
bdb_unlocked_cache_return_entry_r( &bdb->bi_cache, matched);
matched = NULL;
} else {
refs = referral_rewrite( default_referral,
NULL, dn, LDAP_SCOPE_DEFAULT );
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
send_ldap_result( conn, op, rc = LDAP_REFERRAL,
matched_dn, NULL, refs, NULL );
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
ber_bvarray_free( refs );
free( matched_dn );
ber_bvarray_free( rs->sr_ref );
free( (char *)rs->sr_matched );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
goto done;
}
/* check write on old entry */
rc = access_allowed( be, conn, op, e, entry, NULL, ACL_WRITE, NULL );
rs->sr_err = access_allowed( op, e, entry, NULL, ACL_WRITE, NULL );
if ( ! rc ) {
if ( ! rs->sr_err ) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
@ -210,51 +197,49 @@ retry: /* transaction retry */
Debug( LDAP_DEBUG_TRACE, "no access to entry\n", 0,
0, 0 );
#endif
text = "no write access to old entry";
rc = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to old entry";
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
#ifndef BDB_HIER
rc = bdb_dn2id_children( be, ltid, &e->e_nname, 0 );
if ( rc != DB_NOTFOUND ) {
switch( rc ) {
rs->sr_err = bdb_dn2id_children( op->o_bd, ltid, &e->e_nname, 0 );
if ( rs->sr_err != DB_NOTFOUND ) {
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
case 0:
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, DETAIL1,
"<=- bdb_modrdn: non-leaf %s\n", dn->bv_val, 0, 0 );
"<=- bdb_modrdn: non-leaf %s\n", op->o_req_dn.bv_val, 0, 0 );
#else
Debug(LDAP_DEBUG_ARGS,
"<=- bdb_modrdn: non-leaf %s\n",
dn->bv_val, 0, 0);
op->o_req_dn.bv_val, 0, 0);
#endif
rc = LDAP_NOT_ALLOWED_ON_NONLEAF;
text = "subtree rename not supported";
rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF;
rs->sr_text = "subtree rename not supported";
break;
default:
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
"<=- bdb_modrdn: has_children failed %s (%d)\n",
db_strerror(rc), rc, 0 );
db_strerror(rs->sr_err), rs->sr_err, 0 );
#else
Debug(LDAP_DEBUG_ARGS,
"<=- bdb_modrdn: has_children failed: %s (%d)\n",
db_strerror(rc), rc, 0 );
db_strerror(rs->sr_err), rs->sr_err, 0 );
#endif
rc = LDAP_OTHER;
text = "internal error";
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
}
goto return_results;
}
#endif
if (!manageDSAit && is_entry_referral( e ) ) {
/* parent is a referral, don't allow add */
/* parent is an alias, don't allow add */
BerVarray refs = get_entry_referrals( be,
conn, op, e );
rs->sr_ref = get_entry_referrals( op, e );
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, DETAIL1,
@ -264,14 +249,17 @@ retry: /* transaction retry */
e->e_dn, 0, 0 );
#endif
send_ldap_result( conn, op, rc = LDAP_REFERRAL,
e->e_dn, NULL, refs, NULL );
rs->sr_err = LDAP_REFERRAL,
rs->sr_matched = e->e_name.bv_val;
send_ldap_result( op, rs );
ber_bvarray_free( refs );
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
goto done;
}
if ( be_issuffix( be, &e->e_nname ) ) {
if ( be_issuffix( op->o_bd, &e->e_nname ) ) {
p_ndn = slap_empty_bv;
} else {
dnParent( &e->e_nname, &p_ndn );
@ -281,9 +269,9 @@ retry: /* transaction retry */
/* Make sure parent entry exist and we can write its
* children.
*/
rc = bdb_dn2entry_r( be, ltid, &p_ndn, &p, NULL, 0, locker, &lock );
rs->sr_err = bdb_dn2entry_r( op->o_bd, ltid, &p_ndn, &p, NULL, 0, locker, &lock );
switch( rc ) {
switch( rs->sr_err ) {
case 0:
case DB_NOTFOUND:
break;
@ -291,11 +279,11 @@ retry: /* transaction retry */
case DB_LOCK_NOTGRANTED:
goto retry;
case LDAP_BUSY:
text = "ldap server busy";
rs->sr_text = "ldap server busy";
goto return_results;
default:
rc = LDAP_OTHER;
text = "internal error";
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
@ -307,23 +295,23 @@ retry: /* transaction retry */
Debug( LDAP_DEBUG_TRACE, "bdb_modrdn: parent does not exist\n",
0, 0, 0);
#endif
rc = LDAP_OTHER;
text = "old entry's parent does not exist";
rs->sr_err = LDAP_OTHER;
rs->sr_text = "old entry's parent does not exist";
goto return_results;
}
/* check parent for "children" acl */
rc = access_allowed( be, conn, op, p,
rs->sr_err = access_allowed( op, p,
children, NULL, ACL_WRITE, NULL );
if ( ! rc ) {
if ( ! rs->sr_err ) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
rc = LDAP_INSUFFICIENT_ACCESS;
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
"==>bdb_modrdn: no access to parent\n", 0, 0, 0 );
@ -331,7 +319,7 @@ retry: /* transaction retry */
Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
0, 0 );
#endif
text = "no write access to old parent's children";
rs->sr_text = "no write access to old parent's children";
goto return_results;
}
@ -361,27 +349,27 @@ retry: /* transaction retry */
} else {
/* no parent, modrdn entry directly under root */
isroot = be_isroot( be, &op->o_ndn );
isroot = be_isroot( op->o_bd, &op->o_ndn );
if ( ! isroot ) {
if ( be_issuffix( be, (struct berval *)&slap_empty_bv )
|| be_isupdate( be, &op->o_ndn ) ) {
if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
|| be_isupdate( op->o_bd, &op->o_ndn ) ) {
p = (Entry *)&slap_entry_root;
/* check parent for "children" acl */
rc = access_allowed( be, conn, op, p,
rs->sr_err = access_allowed( op, p,
children, NULL, ACL_WRITE, NULL );
p = NULL;
if ( ! rc ) {
if ( ! rs->sr_err ) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
rc = LDAP_INSUFFICIENT_ACCESS;
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
"==>bdb_modrdn: no access to parent\n", 0, 0, 0 );
@ -390,7 +378,7 @@ retry: /* transaction retry */
"no access to parent\n",
0, 0, 0 );
#endif
text = "no write access to old parent";
rs->sr_text = "no write access to old parent";
goto return_results;
}
@ -427,8 +415,8 @@ retry: /* transaction retry */
"& \"\" is not suffix\n",
0, 0, 0);
#endif
text = "no write access to old parent";
rc = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to old parent";
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
}
@ -436,45 +424,45 @@ retry: /* transaction retry */
new_parent_dn = &p_dn; /* New Parent unless newSuperior given */
if ( newSuperior != NULL ) {
if ( op->oq_modrdn.rs_newSup != NULL ) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, DETAIL1,
"==>bdb_modrdn: new parent \"%s\" requested...\n",
newSuperior->bv_val, 0, 0 );
op->oq_modrdn.rs_newSup->bv_val, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"bdb_modrdn: new parent \"%s\" requested...\n",
newSuperior->bv_val, 0, 0 );
op->oq_modrdn.rs_newSup->bv_val, 0, 0 );
#endif
/* newSuperior == oldParent? */
if( dn_match( &p_ndn, nnewSuperior ) ) {
if( dn_match( &p_ndn, op->oq_modrdn.rs_nnewSup ) ) {
#ifdef NEW_LOGGING
LDAP_LOG( BACK_BDB, INFO, "bdb_back_modrdn: "
"new parent \"%s\" same as the old parent \"%s\"\n",
newSuperior->bv_val, p_dn.bv_val, 0 );
op->oq_modrdn.rs_newSup->bv_val, p_dn.bv_val, 0 );
#else
Debug( LDAP_DEBUG_TRACE, "bdb_back_modrdn: "
"new parent \"%s\" same as the old parent \"%s\"\n",
newSuperior->bv_val, p_dn.bv_val, 0 );
op->oq_modrdn.rs_newSup->bv_val, p_dn.bv_val, 0 );
#endif
newSuperior = NULL; /* ignore newSuperior */
op->oq_modrdn.rs_newSup = NULL; /* ignore newSuperior */
}
}
if ( newSuperior != NULL ) {
if ( newSuperior->bv_len ) {
np_dn = newSuperior;
np_ndn = nnewSuperior;
if ( op->oq_modrdn.rs_newSup != NULL ) {
if ( op->oq_modrdn.rs_newSup->bv_len ) {
np_dn = op->oq_modrdn.rs_newSup;
np_ndn = op->oq_modrdn.rs_nnewSup;
/* newSuperior == oldParent?, if so ==> ERROR */
/* newSuperior == entry being moved?, if so ==> ERROR */
/* Get Entry with dn=newSuperior. Does newSuperior exist? */
rc = bdb_dn2entry_r( be,
ltid, nnewSuperior, &np, NULL, 0, locker, &lock );
rs->sr_err = bdb_dn2entry_r( op->o_bd,
ltid, np_ndn, &np, NULL, 0, locker, &lock );
switch( rc ) {
switch( rs->sr_err ) {
case 0:
case DB_NOTFOUND:
break;
@ -482,11 +470,11 @@ retry: /* transaction retry */
case DB_LOCK_NOTGRANTED:
goto retry;
case LDAP_BUSY:
text = "ldap server busy";
rs->sr_text = "ldap server busy";
goto return_results;
default:
rc = LDAP_OTHER;
text = "internal error";
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
@ -500,8 +488,8 @@ retry: /* transaction retry */
"bdb_modrdn: newSup(ndn=%s) not here!\n",
np_ndn->bv_val, 0, 0);
#endif
text = "new superior not found";
rc = LDAP_OTHER;
rs->sr_text = "new superior not found";
rs->sr_err = LDAP_OTHER;
goto return_results;
}
@ -516,10 +504,10 @@ retry: /* transaction retry */
#endif
/* check newSuperior for "children" acl */
rc = access_allowed( be, conn, op, np, children,
rs->sr_err = access_allowed( op, np, children,
NULL, ACL_WRITE, NULL );
if( ! rc ) {
if( ! rs->sr_err ) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
@ -534,8 +522,8 @@ retry: /* transaction retry */
"bdb_modrdn: no wr to newSup children\n",
0, 0, 0 );
#endif
text = "no write access to new superior's children";
rc = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to new superior's children";
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
@ -549,8 +537,8 @@ retry: /* transaction retry */
Debug( LDAP_DEBUG_TRACE, "bdb_modrdn: entry is alias\n",
0, 0, 0 );
#endif
text = "new superior is an alias";
rc = LDAP_ALIAS_PROBLEM;
rs->sr_text = "new superior is an alias";
rs->sr_err = LDAP_ALIAS_PROBLEM;
goto return_results;
}
#endif
@ -564,38 +552,38 @@ retry: /* transaction retry */
Debug( LDAP_DEBUG_TRACE, "bdb_modrdn: entry is referral\n",
0, 0, 0 );
#endif
text = "new superior is a referral";
rc = LDAP_OTHER;
rs->sr_text = "new superior is a referral";
rs->sr_err = LDAP_OTHER;
goto return_results;
}
} else {
if ( isroot == -1 ) {
isroot = be_isroot( be, &op->o_ndn );
isroot = be_isroot( op->o_bd, &op->o_ndn );
}
np_dn = NULL;
/* no parent, modrdn entry directly under root */
if ( ! isroot ) {
if ( be_issuffix( be, (struct berval *)&slap_empty_bv )
|| be_isupdate( be, &op->o_ndn ) ) {
if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv )
|| be_isupdate( op->o_bd, &op->o_ndn ) ) {
np = (Entry *)&slap_entry_root;
/* check parent for "children" acl */
rc = access_allowed( be, conn, op, np,
rs->sr_err = access_allowed( op, np,
children, NULL, ACL_WRITE, NULL );
np = NULL;
if ( ! rc ) {
if ( ! rs->sr_err ) {
switch( opinfo.boi_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
rc = LDAP_INSUFFICIENT_ACCESS;
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
"==>bdb_modrdn: no access to superior\n", 0, 0, 0 );
@ -604,7 +592,7 @@ retry: /* transaction retry */
"no access to new superior\n",
0, 0, 0 );
#endif
text = "no write access to new superior's children";
rs->sr_text = "no write access to new superior's children";
goto return_results;
}
@ -628,8 +616,8 @@ retry: /* transaction retry */
"& \"\" is not suffix\n",
0, 0, 0);
#endif
text = "no write access to new superior's children";
rc = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to new superior's children";
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
}
@ -657,7 +645,7 @@ retry: /* transaction retry */
}
/* Build target dn and make sure target entry doesn't exist already. */
if (!new_dn.bv_val) build_new_dn( &new_dn, new_parent_dn, newrdn );
if (!new_dn.bv_val) build_new_dn( &new_dn, new_parent_dn, &op->oq_modrdn.rs_newrdn );
if (!new_ndn.bv_val) dnNormalize2( NULL, &new_dn, &new_ndn );
@ -669,26 +657,26 @@ retry: /* transaction retry */
new_ndn.bv_val, 0, 0 );
#endif
rc = bdb_dn2id ( be, ltid, &new_ndn, &id, 0 );
switch( rc ) {
rs->sr_err = bdb_dn2id ( op->o_bd, ltid, &new_ndn, &id, 0 );
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
case DB_NOTFOUND:
break;
case 0:
rc = LDAP_ALREADY_EXISTS;
rs->sr_err = LDAP_ALREADY_EXISTS;
goto return_results;
default:
rc = LDAP_OTHER;
text = "internal error";
rs->sr_err = LDAP_OTHER;
rs->sr_text = "internal error";
goto return_results;
}
/* Get attribute type and attribute value of our new rdn, we will
* need to add that to our new entry
*/
if ( !new_rdn && ldap_bv2rdn( newrdn, &new_rdn, (char **)&text,
if ( !new_rdn && ldap_bv2rdn( &op->oq_modrdn.rs_newrdn, &new_rdn, (char **)&rs->sr_text,
LDAP_DN_FORMAT_LDAP ) )
{
#ifdef NEW_LOGGING
@ -702,8 +690,8 @@ retry: /* transaction retry */
"type(s)/values(s) of newrdn\n",
0, 0, 0 );
#endif
rc = LDAP_INVALID_DN_SYNTAX;
text = "unknown type(s) used in RDN";
rs->sr_err = LDAP_INVALID_DN_SYNTAX;
rs->sr_text = "unknown type(s) used in RDN";
goto return_results;
}
@ -721,8 +709,8 @@ retry: /* transaction retry */
new_rdn[ 0 ][ 0 ]->la_value.bv_val, 0 );
#endif
if ( deleteoldrdn ) {
if ( !old_rdn && ldap_bv2rdn( dn, &old_rdn, (char **)&text,
if ( op->oq_modrdn.rs_deleteoldrdn ) {
if ( !old_rdn && ldap_bv2rdn( &op->o_req_dn, &old_rdn, (char **)&rs->sr_text,
LDAP_DN_FORMAT_LDAP ) )
{
#ifdef NEW_LOGGING
@ -736,31 +724,30 @@ retry: /* transaction retry */
"the old_rdn type(s)/value(s)\n",
0, 0, 0 );
#endif
rc = LDAP_OTHER;
text = "cannot parse RDN from old DN";
rs->sr_err = LDAP_OTHER;
rs->sr_text = "cannot parse RDN from old DN";
goto return_results;
}
}
/* prepare modlist of modifications from old/new rdn */
if (!mod) {
rc = slap_modrdn2mods( be, conn, op, e, old_rdn, new_rdn,
deleteoldrdn, &mod );
if ( rc != LDAP_SUCCESS ) {
rs->sr_err = slap_modrdn2mods( op, rs, e, old_rdn, new_rdn, &mod );
if ( rs->sr_err != LDAP_SUCCESS ) {
goto return_results;
}
}
/* delete old one */
rc = bdb_dn2id_delete( be, ltid, p_ndn.bv_val, e );
if ( rc != 0 ) {
switch( rc ) {
rs->sr_err = bdb_dn2id_delete( op->o_bd, ltid, p_ndn.bv_val, e );
if ( rs->sr_err != 0 ) {
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
rc = LDAP_OTHER;
text = "DN index delete fail";
rs->sr_err = LDAP_OTHER;
rs->sr_text = "DN index delete fail";
goto return_results;
}
@ -770,6 +757,15 @@ retry: /* transaction retry */
* free individual fields. But if a previous modrdn has
* already happened, must free the names.
*/
#ifdef BDB_HIER
ch_free(e->e_name.bv_val);
e->e_name.bv_val = ch_malloc(new_dn.bv_len + new_ndn.bv_len + 2);
e->e_name.bv_len = new_dn.bv_len;
e->e_nname.bv_val = e->e_name.bv_val + new_dn.bv_len + 1;
e->e_nname.bv_len = new_ndn.bv_len;
strcpy(e->e_name.bv_val, new_dn.bv_val);
strcpy(e->e_nname.bv_val, new_ndn.bv_val);
#else
if( e->e_nname.bv_val < e->e_bv.bv_val || e->e_nname.bv_val >
e->e_bv.bv_val + e->e_bv.bv_len ) {
ch_free(e->e_name.bv_val);
@ -779,40 +775,39 @@ retry: /* transaction retry */
}
e->e_name = new_dn;
e->e_nname = new_ndn;
new_dn.bv_val = NULL;
new_ndn.bv_val = NULL;
#endif
/* add new one */
rc = bdb_dn2id_add( be, ltid, np_ndn, e );
if ( rc != 0 ) {
switch( rc ) {
rs->sr_err = bdb_dn2id_add( op->o_bd, ltid, np_ndn, e );
if ( rs->sr_err != 0 ) {
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
rc = LDAP_OTHER;
text = "DN index add failed";
rs->sr_err = LDAP_OTHER;
rs->sr_text = "DN index add failed";
goto return_results;
}
#if defined(LDAP_CLIENT_UPDATE) || defined(LDAP_SYNC)
if ( rc == LDAP_SUCCESS && !op->o_noop ) {
LDAP_LIST_FOREACH ( ps_list, &bdb->psearch_list, link ) {
bdb_psearch(be, conn, op, ps_list, e, LDAP_PSEARCH_BY_PREMODIFY );
if ( rs->sr_err == LDAP_SUCCESS && !op->o_noop ) {
LDAP_LIST_FOREACH ( ps_list, &bdb->bi_psearch_list, o_ps_link ) {
bdb_psearch( op, rs, ps_list, e, LDAP_PSEARCH_BY_PREMODIFY );
}
}
#endif
/* modify entry */
rc = bdb_modify_internal( be, conn, op, ltid, &mod[0], e,
&text, textbuf, textlen );
rs->sr_err = bdb_modify_internal( op, ltid, &mod[0], e,
&rs->sr_text, textbuf, textlen );
if( rc != LDAP_SUCCESS ) {
if ( ( rc == LDAP_INSUFFICIENT_ACCESS ) && opinfo.boi_err ) {
rc = opinfo.boi_err;
if( rs->sr_err != LDAP_SUCCESS ) {
if ( ( rs->sr_err == LDAP_INSUFFICIENT_ACCESS ) && opinfo.boi_err ) {
rs->sr_err = opinfo.boi_err;
}
switch( rc ) {
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
@ -821,24 +816,24 @@ retry: /* transaction retry */
}
/* id2entry index */
rc = bdb_id2entry_update( be, ltid, e );
if ( rc != 0 ) {
switch( rc ) {
rs->sr_err = bdb_id2entry_update( op->o_bd, ltid, e );
if ( rs->sr_err != 0 ) {
switch( rs->sr_err ) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
rc = LDAP_OTHER;
text = "entry update failed";
rs->sr_err = LDAP_OTHER;
rs->sr_text = "entry update failed";
goto return_results;
}
if( op->o_noop ) {
if(( rc=TXN_ABORT( ltid )) != 0 ) {
text = "txn_abort (no-op) failed";
if(( rs->sr_err=TXN_ABORT( ltid )) != 0 ) {
rs->sr_text = "txn_abort (no-op) failed";
} else {
noop = 1;
rc = LDAP_SUCCESS;
rs->sr_err = LDAP_SUCCESS;
}
} else {
@ -847,23 +842,23 @@ retry: /* transaction retry */
snprintf( gid, sizeof( gid ), "%s-%08lx-%08lx",
bdb_uuid.bv_val, (long) op->o_connid, (long) op->o_opid );
if(( rc=TXN_PREPARE( ltid, gid )) != 0 ) {
text = "txn_prepare failed";
if(( rs->sr_err=TXN_PREPARE( ltid, gid )) != 0 ) {
rs->sr_text = "txn_prepare failed";
} else {
if( bdb_cache_update_entry(&bdb->bi_cache, e) == -1 ) {
if(( rc=TXN_ABORT( ltid )) != 0 ) {
text ="cache update & txn_abort failed";
if(( rs->sr_err=TXN_ABORT( ltid )) != 0 ) {
rs->sr_text ="cache update & txn_abort failed";
} else {
rc = LDAP_OTHER;
text = "cache update failed";
rs->sr_err = LDAP_OTHER;
rs->sr_text = "cache update failed";
}
} else {
bdb_cache_entry_commit( e );
if(( rc=TXN_COMMIT( ltid, 0 )) != 0 ) {
text = "txn_commit failed";
if(( rs->sr_err=TXN_COMMIT( ltid, 0 )) != 0 ) {
rs->sr_text = "txn_commit failed";
} else {
rc = LDAP_SUCCESS;
rs->sr_err = LDAP_SUCCESS;
}
}
}
@ -872,7 +867,7 @@ retry: /* transaction retry */
ltid = NULL;
op->o_private = NULL;
if( rc == LDAP_SUCCESS ) {
if( rs->sr_err == LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, RESULTS,
"bdb_modrdn: rdn modified%s id=%08lx dn=\"%s\"\n",
@ -882,41 +877,40 @@ retry: /* transaction retry */
"bdb_modrdn: rdn modified%s id=%08lx dn=\"%s\"\n",
op->o_noop ? " (no-op)" : "", e->e_id, e->e_dn );
#endif
text = NULL;
rs->sr_text = NULL;
} else {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, RESULTS, "bdb_modrdn: %s : %s (%d)\n",
text, db_strerror(rc), rc );
rs->sr_text, db_strerror(rs->sr_err), rs->sr_err );
#else
Debug( LDAP_DEBUG_TRACE, "bdb_add: %s : %s (%d)\n",
text, db_strerror(rc), rc );
rs->sr_text, db_strerror(rs->sr_err), rs->sr_err );
#endif
rc = LDAP_OTHER;
rs->sr_err = LDAP_OTHER;
}
return_results:
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
send_ldap_result( op, rs );
#if defined(LDAP_CLIENT_UPDATE) || defined(LDAP_SYNC)
if ( rc == LDAP_SUCCESS && !op->o_noop ) {
if ( rs->sr_err == LDAP_SUCCESS && !op->o_noop ) {
/* Loop through in-scope entries for each psearch spec */
LDAP_LIST_FOREACH ( ps_list, &bdb->psearch_list, link ) {
bdb_psearch( be, conn, op, ps_list, e, LDAP_PSEARCH_BY_MODIFY );
LDAP_LIST_FOREACH ( ps_list, &bdb->bi_psearch_list, o_ps_link ) {
bdb_psearch( op, rs, ps_list, e, LDAP_PSEARCH_BY_MODIFY );
}
pm_list = LDAP_LIST_FIRST(&op->premodify_list);
pm_list = LDAP_LIST_FIRST(&op->o_pm_list);
while ( pm_list != NULL ) {
bdb_psearch(be, conn, op, pm_list->ps->op,
bdb_psearch(op, rs, pm_list->ps_op,
e, LDAP_PSEARCH_BY_SCOPEOUT);
LDAP_LIST_REMOVE ( pm_list, link );
pm_prev = pm_list;
pm_list = LDAP_LIST_NEXT ( pm_list, link );
free (pm_prev);
LDAP_LIST_REMOVE ( pm_list, ps_link );
pm_list = LDAP_LIST_NEXT ( pm_list, ps_link );
ch_free( pm_prev );
}
}
#endif
if( rc == LDAP_SUCCESS && bdb->bi_txn_cp ) {
if( rs->sr_err == LDAP_SUCCESS && bdb->bi_txn_cp ) {
ldap_pvt_thread_yield();
TXN_CHECKPOINT( bdb->bi_dbenv,
bdb->bi_txn_cp_kbyte, bdb->bi_txn_cp_min, 0 );
@ -962,17 +956,17 @@ done:
if( ltid != NULL ) {
#if defined(LDAP_CLIENT_UPDATE) || defined(LDAP_SYNC)
pm_list = LDAP_LIST_FIRST(&op->premodify_list);
pm_list = LDAP_LIST_FIRST(&op->o_pm_list);
while ( pm_list != NULL ) {
LDAP_LIST_REMOVE ( pm_list, link );
pm_prev = pm_list;
pm_list = LDAP_LIST_NEXT ( pm_list, link );
free (pm_prev);
LDAP_LIST_REMOVE ( pm_list, ps_link );
pm_prev = pm_list;
pm_list = LDAP_LIST_NEXT ( pm_list, ps_link );
ch_free( pm_prev );
}
#endif
TXN_ABORT( ltid );
op->o_private = NULL;
}
return ( ( rc == LDAP_SUCCESS ) ? noop : rc );
return ( ( rs->sr_err == LDAP_SUCCESS ) ? noop : rs->sr_err );
}

22
servers/slapd/back-bdb/operational.c
View file

@ -14,6 +14,7 @@
#include "slap.h"
#include "back-bdb.h"
#include "proto-bdb.h"
#include "external.h"
/*
* sets *hasSubordinates to LDAP_COMPARE_TRUE/LDAP_COMPARE_FALSE
@ -21,8 +22,6 @@
*/
int
bdb_hasSubordinates(
BackendDB *be,
Connection *conn,
Operation *op,
Entry *e,
int *hasSubordinates )
@ -30,10 +29,9 @@ bdb_hasSubordinates(
int rc;
assert( e );
assert( hasSubordinates );
retry:
rc = bdb_dn2id_children( be, NULL, &e->e_nname, 0 );
rc = bdb_dn2id_children( op->o_bd, NULL, &e->e_nname, 0 );
switch( rc ) {
case DB_LOCK_DEADLOCK:
@ -71,24 +69,20 @@ retry:
*/
int
bdb_operational(
BackendDB *be,
Connection *conn,
Operation *op,
Entry *e,
AttributeName *attrs,
SlapReply *rs,
int opattrs,
Attribute **a )
{
Attribute **aa = a;
int rc = 0;
assert( e );
assert( rs->sr_entry );
if ( opattrs || ad_inlist( slap_schema.si_ad_hasSubordinates, attrs ) ) {
if ( opattrs || ad_inlist( slap_schema.si_ad_hasSubordinates, rs->sr_attrs ) ) {
int hasSubordinates;
rc = bdb_hasSubordinates( be, conn, op, e, &hasSubordinates );
if ( rc == LDAP_SUCCESS ) {
rs->sr_err = bdb_hasSubordinates( op, rs->sr_entry, &hasSubordinates );
if ( rs->sr_err == LDAP_SUCCESS ) {
*aa = slap_operational_hasSubordinate( hasSubordinates == LDAP_COMPARE_TRUE );
if ( *aa != NULL ) {
aa = &(*aa)->a_next;
@ -96,6 +90,6 @@ bdb_operational(
}
}
return rc;
return rs->sr_err;
}

73
servers/slapd/back-bdb/passwd.c
View file

@ -15,19 +15,9 @@
#include "lber_pvt.h"
int
bdb_exop_passwd(
Backend *be,
Connection *conn,
Operation *op,
struct berval *reqoid,
struct berval *reqdata,
char **rspoid,
struct berval **rspdata,
LDAPControl *** rspctrls,
const char **text,
BerVarray *refs )
bdb_exop_passwd( Operation *op, SlapReply *rs )
{
struct bdb_info *bdb = (struct bdb_info *) be->be_private;
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
int rc;
Entry *e = NULL;
struct berval hash = { 0, NULL };
@ -45,11 +35,10 @@ bdb_exop_passwd(
u_int32_t locker = 0;
DB_LOCK lock;
assert( reqoid != NULL );
assert( ber_bvcmp( &slap_EXOP_MODIFY_PASSWD, reqoid ) == 0 );
assert( ber_bvcmp( &slap_EXOP_MODIFY_PASSWD, &op->oq_extended.rs_reqoid ) == 0 );
rc = slap_passwd_parse( reqdata,
&id, NULL, &new, text );
rc = slap_passwd_parse( op->oq_extended.rs_reqdata,
&id, NULL, &new, &rs->sr_text );
#ifdef NEW_LOGGING
LDAP_LOG ( ACL, ENTRY,
@ -67,18 +56,18 @@ bdb_exop_passwd(
slap_passwd_generate(&new);
if( new.bv_len == 0 ) {
*text = "password generation failed.";
rs->sr_text = "password generation failed.";
rc = LDAP_OTHER;
goto done;
}
*rspdata = slap_passwd_return( &new );
rs->sr_rspdata = slap_passwd_return( &new );
}
slap_passwd_hash( &new, &hash );
if( hash.bv_len == 0 ) {
*text = "password hash failed";
rs->sr_text = "password hash failed";
rc = LDAP_OTHER;
goto done;
}
@ -98,14 +87,14 @@ bdb_exop_passwd(
#endif
if( dn.bv_len == 0 ) {
*text = "No password is associated with the Root DSE";
rs->sr_text = "No password is associated with the Root DSE";
rc = LDAP_UNWILLING_TO_PERFORM;
goto done;
}
rc = dnNormalize2( NULL, &dn, &ndn );
if( rc != LDAP_SUCCESS ) {
*text = "Invalid DN";
rs->sr_text = "Invalid DN";
goto done;
}
@ -126,7 +115,7 @@ retry: /* transaction retry */
op->o_do_not_cache = opinfo.boi_acl_cache;
if( rc != 0 ) {
rc = LDAP_OTHER;
*text = "internal error";
rs->sr_text = "internal error";
goto done;
}
ldap_pvt_thread_yield();
@ -135,7 +124,7 @@ retry: /* transaction retry */
/* begin transaction */
rc = TXN_BEGIN( bdb->bi_dbenv, NULL, &ltid,
bdb->bi_db_opflags );
*text = NULL;
rs->sr_text = NULL;
if( rc != 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG ( ACL, ERR,
@ -147,13 +136,13 @@ retry: /* transaction retry */
db_strerror(rc), rc, 0 );
#endif
rc = LDAP_OTHER;
*text = "internal error";
rs->sr_text = "internal error";
goto done;
}
locker = TXN_ID ( ltid );
opinfo.boi_bdb = be;
opinfo.boi_bdb = op->o_bd;
opinfo.boi_txn = ltid;
opinfo.boi_locker = locker;
opinfo.boi_err = 0;
@ -161,7 +150,7 @@ retry: /* transaction retry */
op->o_private = &opinfo;
/* get entry */
rc = bdb_dn2entry_w( be, ltid, &ndn, &e, NULL, 0 , locker, &lock);
rc = bdb_dn2entry_w( op->o_bd, ltid, &ndn, &e, NULL, 0 , locker, &lock);
switch(rc) {
case DB_LOCK_DEADLOCK:
@ -171,16 +160,16 @@ retry: /* transaction retry */
case 0:
break;
case LDAP_BUSY:
*text = "ldap server busy";
rs->sr_text = "ldap server busy";
goto done;
default:
rc = LDAP_OTHER;
*text = "internal error";
rs->sr_text = "internal error";
goto done;
}
if( e == NULL ) {
*text = "could not locate authorization entry";
rs->sr_text = "could not locate authorization entry";
rc = LDAP_NO_SUCH_OBJECT;
goto done;
}
@ -188,7 +177,7 @@ retry: /* transaction retry */
#ifdef BDB_SUBENTRIES
if( is_entry_subentry( e ) ) {
/* entry is an alias, don't allow operation */
*text = "authorization entry is subentry";
rs->sr_text = "authorization entry is subentry";
rc = LDAP_OTHER;
goto done;
}
@ -196,7 +185,7 @@ retry: /* transaction retry */
#ifdef BDB_ALIASES
if( is_entry_alias( e ) ) {
/* entry is an alias, don't allow operation */
*text = "authorization entry is alias";
rs->sr_text = "authorization entry is alias";
rc = LDAP_ALIAS_PROBLEM;
goto done;
}
@ -204,7 +193,7 @@ retry: /* transaction retry */
if( is_entry_referral( e ) ) {
/* entry is an referral, don't allow operation */
*text = "authorization entry is referral";
rs->sr_text = "authorization entry is referral";
rc = LDAP_OTHER;
goto done;
}
@ -224,8 +213,8 @@ retry: /* transaction retry */
ml.sml_op = LDAP_MOD_REPLACE;
ml.sml_next = NULL;
rc = bdb_modify_internal( be, conn, op, ltid,
&ml, e, text, textbuf, textlen );
rc = bdb_modify_internal( op, ltid,
&ml, e, &rs->sr_text, textbuf, textlen );
if ( (rc == LDAP_INSUFFICIENT_ACCESS) && opinfo.boi_err ) {
rc = opinfo.boi_err;
@ -233,26 +222,26 @@ retry: /* transaction retry */
switch(rc) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
*text = NULL;
rs->sr_text = NULL;
goto retry;
case 0:
*text = NULL;
rs->sr_text = NULL;
break;
default:
rc = LDAP_OTHER;
*text = "entry modify failed";
rs->sr_text = "entry modify failed";
goto done;
}
/* change the entry itself */
rc = bdb_id2entry_update( be, ltid, e );
rc = bdb_id2entry_update( op->o_bd, ltid, e );
if( rc != 0 ) {
switch(rc) {
case DB_LOCK_DEADLOCK:
case DB_LOCK_NOTGRANTED:
goto retry;
}
*text = "entry update failed";
rs->sr_text = "entry update failed";
rc = LDAP_OTHER;
}
@ -267,7 +256,11 @@ retry: /* transaction retry */
op->o_private = NULL;
if( rc == LDAP_SUCCESS ) {
replog( be, op, &e->e_name, &e->e_nname, &ml );
op->o_req_dn = e->e_name;
op->o_req_ndn = e->e_nname;
op->oq_modify.rs_modlist = &ml;
replog( op );
op->oq_extended.rs_reqoid = slap_EXOP_MODIFY_PASSWD;
}
}

79
servers/slapd/back-bdb/proto-bdb.h
View file

@ -241,13 +241,12 @@ bdb_index_values LDAP_P((
ID id,
int op ));
int bdb_index_entry LDAP_P(( Backend *be, DB_TXN *t,
int r, Entry *e, Attribute *ap ));
int bdb_index_entry LDAP_P(( Backend *be, DB_TXN *t, int r, Entry *e ));
#define bdb_index_entry_add(be,t,e,ap) \
bdb_index_entry((be),(t),SLAP_INDEX_ADD_OP,(e),(ap))
#define bdb_index_entry_del(be,t,e,ap) \
bdb_index_entry((be),(t),SLAP_INDEX_DELETE_OP,(e),(ap))
#define bdb_index_entry_add(be,t,e) \
bdb_index_entry((be),(t),SLAP_INDEX_ADD_OP,(e))
#define bdb_index_entry_del(be,t,e) \
bdb_index_entry((be),(t),SLAP_INDEX_DELETE_OP,(e))
/*
* init.c
@ -284,8 +283,6 @@ int bdb_last_id( BackendDB *be, DB_TXN *tid );
* modify.c
*/
int bdb_modify_internal(
BackendDB *be,
Connection *conn,
Operation *op,
DB_TXN *tid,
Modifications *modlist,
@ -294,17 +291,6 @@ int bdb_modify_internal(
char *textbuf,
size_t textlen );
/*
* operational.c
*/
int
bdb_hasSubordinates(
BackendDB *be,
Connection *conn,
Operation *op,
Entry *e,
int *hasSubordinates );
/*
* passwd.c
*/
@ -362,46 +348,19 @@ void bdb_cache_release_all( Cache *cache );
* lcup.c
*/
int bdb_abandon(
BackendDB *be,
Connection *conn,
Operation *op,
ber_int_t id
);
BI_op_abandon bdb_abandon;
int bdb_cancel(
BackendDB *be,
Connection *conn,
Operation *op,
ber_int_t id
);
BI_op_cancel bdb_cancel;
#if defined(LDAP_CLIENT_UPDATE) || defined(LDAP_SYNC)
int bdb_add_psearch_spec(
BackendDB *be,
Connection *conn,
Operation *op,
struct berval *base,
struct berval *nbase,
int scope,
int deref,
int slimit,
int tlimit,
Filter *filter,
struct berval *fstr,
AttributeName *attrs,
int attrsonly,
int protocol
);
int bdb_psearch(
BackendDB *be,
Connection *conn,
int bdb_do_search(
Operation *op,
SlapReply *rs,
Operation *ps_op,
Entry *entry,
int psearch_type
);
#define bdb_psearch(op, rs, sop, e, ps_type) bdb_do_search(op, rs, sop, e, ps_type)
#endif
/*
@ -411,8 +370,8 @@ int bdb_psearch(
#ifdef LDAP_CLIENT_UPDATE
int
bdb_build_lcup_update_ctrl(
Connection *conn,
Operation *op,
SlapReply *rs,
Entry *e,
int entry_count,
LDAPControl **ctrls,
@ -422,8 +381,8 @@ bdb_build_lcup_update_ctrl(
int
bdb_build_lcup_done_ctrl(
Connection *conn,
Operation *op,
SlapReply *rs,
LDAPControl **ctrls,
int num_ctrls,
struct berval *latest_entrycsn_bv );
@ -432,8 +391,8 @@ bdb_build_lcup_done_ctrl(
#ifdef LDAP_SYNC
int
bdb_build_sync_state_ctrl(
Connection *conn,
Operation *op,
SlapReply *rs,
Entry *e,
int entry_sync_state,
LDAPControl **ctrls,
@ -443,8 +402,8 @@ bdb_build_sync_state_ctrl(
int
bdb_build_sync_done_ctrl(
Connection *conn,
Operation *op,
SlapReply *rs,
LDAPControl **ctrls,
int num_ctrls,
int send_cookie,
@ -452,16 +411,10 @@ bdb_build_sync_done_ctrl(
int
bdb_send_ldap_intermediate(
Connection *conn,
Operation *op,
ber_int_t err,
const char *matched,
const char *text,
BerVarray refs,
const char *rspoid,
SlapReply *rs,
int state,
struct berval *cookie,
LDAPControl **ctrls );
struct berval *cookie );
#endif
#ifdef BDB_REUSE_LOCKERS

1082
servers/slapd/back-bdb/psearch.c
View file

File diff suppressed because it is too large Load diff

80
servers/slapd/back-bdb/referral.c
View file

@ -13,18 +13,12 @@
#include "external.h"
int
bdb_referrals(
BackendDB *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn,
const char **text )
bdb_referrals( Operation *op, SlapReply *rs )
{
struct bdb_info *bdb = (struct bdb_info *) be->be_private;
int rc = LDAP_SUCCESS;
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
Entry *e = NULL;
Entry *matched = NULL;
int rc = LDAP_SUCCESS;
u_int32_t locker;
DB_LOCK lock;
@ -49,7 +43,7 @@ bdb_referrals(
dn2entry_retry:
/* get entry */
rc = bdb_dn2entry_r( be, NULL, ndn, &e, &matched, 0, locker, &lock );
rc = bdb_dn2entry_r( op->o_bd, NULL, &op->o_req_ndn, &e, &matched, 0, locker, &lock );
switch(rc) {
case DB_NOTFOUND:
@ -63,8 +57,7 @@ dn2entry_retry:
if (matched != NULL) {
bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, matched, &lock);
}
send_ldap_result( conn, op, LDAP_BUSY,
NULL, "ldap server busy", NULL, NULL );
send_ldap_error( op, rs, LDAP_BUSY, "ldap server busy" );
LOCK_ID_FREE ( bdb->bi_dbenv, locker );
return LDAP_BUSY;
case DB_LOCK_DEADLOCK:
@ -86,83 +79,84 @@ dn2entry_retry:
if (matched != NULL) {
bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, matched, &lock);
}
send_ldap_result( conn, op, rc=LDAP_OTHER,
NULL, "internal error", NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
LOCK_ID_FREE ( bdb->bi_dbenv, locker );
return rc;
return rs->sr_err;
}
if ( e == NULL ) {
char *matched_dn = NULL;
BerVarray refs = NULL;
if ( matched != NULL ) {
matched_dn = ch_strdup( matched->e_dn );
rs->sr_matched = ch_strdup( matched->e_name.bv_val );
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, DETAIL1,
"bdb_referrals: op=%ld target=\"%s\" matched=\"%s\"\n",
(long) op->o_tag, dn->bv_val, matched_dn );
(long) op->o_tag, op->o_req_dn.bv_val, rs->sr_matched );
#else
Debug( LDAP_DEBUG_TRACE,
"bdb_referrals: op=%ld target=\"%s\" matched=\"%s\"\n",
(long) op->o_tag, dn->bv_val, matched_dn );
(long) op->o_tag, op->o_req_dn.bv_val, rs->sr_matched );
#endif
if( is_entry_referral( matched ) ) {
rc = LDAP_OTHER;
refs = get_entry_referrals( be, conn, op, matched );
rs->sr_ref = get_entry_referrals( op, matched );
}
bdb_cache_return_entry_r (bdb->bi_dbenv, &bdb->bi_cache, matched, &lock);
matched = NULL;
} else if ( default_referral != NULL ) {
rc = LDAP_OTHER;
refs = referral_rewrite( default_referral,
NULL, dn, LDAP_SCOPE_DEFAULT );
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
if( refs != NULL ) {
if( rs->sr_ref != NULL ) {
/* send referrals */
send_ldap_result( conn, op, rc = LDAP_REFERRAL,
matched_dn, NULL, refs, NULL );
ber_bvarray_free( refs );
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
} else if ( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc, matched_dn,
matched_dn ? "bad referral object" : NULL,
NULL, NULL );
rs->sr_err = rc;
rs->sr_text = rs->sr_matched ? "bad referral object" : NULL;
send_ldap_result( op, rs );
}
LOCK_ID_FREE ( bdb->bi_dbenv, locker );
free( matched_dn );
free( (char *)rs->sr_matched );
rs->sr_matched = NULL;
return rc;
}
if ( is_entry_referral( e ) ) {
/* entry is a referral */
BerVarray refs = get_entry_referrals( be, conn, op, e );
BerVarray rrefs = referral_rewrite(
refs, &e->e_name, dn, LDAP_SCOPE_DEFAULT );
BerVarray refs = get_entry_referrals( op, e );
rs->sr_ref = referral_rewrite(
refs, &e->e_name, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, DETAIL1,
"bdb_referrals: op=%ld target=\"%s\" matched=\"%s\"\n",
(long) op->o_tag, dn->bv_val, e->e_dn );
(long) op->o_tag, op->o_req_dn.bv_val, e->e_dn );
#else
Debug( LDAP_DEBUG_TRACE,
"bdb_referrals: op=%ld target=\"%s\" matched=\"%s\"\n",
(long) op->o_tag, dn->bv_val, e->e_dn );
(long) op->o_tag, op->o_req_dn.bv_val, e->e_dn );
#endif
if( rrefs != NULL ) {
send_ldap_result( conn, op, rc = LDAP_REFERRAL,
e->e_dn, NULL, rrefs, NULL );
ber_bvarray_free( rrefs );
rs->sr_matched = e->e_name.bv_val;
if( rs->sr_ref != NULL ) {
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
} else {
send_ldap_result( conn, op, rc = LDAP_OTHER, e->e_dn,
"bad referral object", NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER, "bad referral object" );
rc = rs->sr_err;
}
rs->sr_matched = NULL;
ber_bvarray_free( refs );
}

871
servers/slapd/back-bdb/search.c
View file

File diff suppressed because it is too large Load diff

4
servers/slapd/back-bdb/tools.c
View file

@ -274,7 +274,7 @@ ID bdb_tool_entry_put(
goto done;
}
rc = bdb_index_entry_add( be, tid, e, e->e_attrs );
rc = bdb_index_entry_add( be, tid, e );
if( rc != 0 ) {
snprintf( text->bv_val, text->bv_len,
"index_entry_add failed: %s (%d)",
@ -408,7 +408,7 @@ int bdb_tool_entry_reindex(
goto done;
}
rc = bdb_index_entry_add( be, tid, e, e->e_attrs );
rc = bdb_index_entry_add( be, tid, e );
done:
if( rc == 0 ) {

30
servers/slapd/back-dnssrv/bind.c
View file

@ -18,40 +18,32 @@
int
dnssrv_back_bind(
Backend *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn,
int method,
struct berval *cred,
struct berval *edn )
SlapReply *rs )
{
Debug( LDAP_DEBUG_TRACE, "DNSSRV: bind %s (%d)\n",
dn->bv_val == NULL ? "" : dn->bv_val,
method, NULL );
op->o_req_dn.bv_val == NULL ? "" : op->o_req_dn.bv_val,
op->oq_bind.rb_method, NULL );
if( method == LDAP_AUTH_SIMPLE && cred != NULL && cred->bv_len ) {
if( op->oq_bind.rb_method == LDAP_AUTH_SIMPLE && op->oq_bind.rb_cred.bv_val != NULL && op->oq_bind.rb_cred.bv_len ) {
Statslog( LDAP_DEBUG_STATS,
"conn=%lu op=%lu DNSSRV BIND dn=\"%s\" provided passwd\n",
op->o_connid, op->o_opid,
dn->bv_val == NULL ? "" : dn->bv_val , 0, 0 );
op->o_req_dn.bv_val == NULL ? "" : op->o_req_dn.bv_val , 0, 0 );
Debug( LDAP_DEBUG_TRACE,
"DNSSRV: BIND dn=\"%s\" provided cleartext password\n",
dn->bv_val == NULL ? "" : dn->bv_val, 0, 0 );
op->o_req_dn.bv_val == NULL ? "" : op->o_req_dn.bv_val, 0, 0 );
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
NULL, "you shouldn\'t send strangers your password",
NULL, NULL );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"you shouldn\'t send strangers your password" );
} else {
Debug( LDAP_DEBUG_TRACE, "DNSSRV: BIND dn=\"%s\"\n",
dn->bv_val == NULL ? "" : dn->bv_val, 0, 0 );
op->o_req_dn.bv_val == NULL ? "" : op->o_req_dn.bv_val, 0, 0 );
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
NULL, "anonymous bind expected",
NULL, NULL );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"anonymous bind expected" );
}
return 1;

36
servers/slapd/back-dnssrv/referral.c
View file

@ -17,12 +17,8 @@
int
dnssrv_back_referrals(
Backend *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn,
const char **text )
SlapReply *rs )
{
int i;
int rc = LDAP_OTHER;
@ -31,8 +27,8 @@ dnssrv_back_referrals(
char **hosts = NULL;
BerVarray urls = NULL;
if( ndn->bv_len == 0 ) {
*text = "DNS SRV operation upon null (empty) DN disallowed";
if( op->o_req_dn.bv_len == 0 ) {
rs->sr_text = "DNS SRV operation upon null (empty) DN disallowed";
return LDAP_UNWILLING_TO_PERFORM;
}
@ -41,24 +37,25 @@ dnssrv_back_referrals(
return LDAP_SUCCESS;
}
*text = "DNS SRV problem processing manageDSAit control";
rs->sr_text = "DNS SRV problem processing manageDSAit control";
return LDAP_OTHER;
}
if( ldap_dn2domain( dn->bv_val, &domain ) || domain == NULL ) {
send_ldap_result( conn, op, LDAP_REFERRAL,
NULL, NULL, default_referral, NULL );
if( ldap_dn2domain( op->o_req_dn.bv_val, &domain ) || domain == NULL ) {
rs->sr_err = LDAP_REFERRAL;
rs->sr_ref = default_referral;
send_ldap_result( op, rs );
return LDAP_REFERRAL;
}
Debug( LDAP_DEBUG_TRACE, "DNSSRV: dn=\"%s\" -> domain=\"%s\"\n",
dn->bv_val, domain, 0 );
op->o_req_dn.bv_val, domain, 0 );
if( ( rc = ldap_domain2hostlist( domain, &hostlist ) ) ) {
Debug( LDAP_DEBUG_TRACE,
"DNSSRV: domain2hostlist(%s) returned %d\n",
domain, rc, 0 );
*text = "no DNS SRV RR available for DN";
rs->sr_text = "no DNS SRV RR available for DN";
rc = LDAP_NO_SUCH_OBJECT;
goto done;
}
@ -67,7 +64,7 @@ dnssrv_back_referrals(
if( hosts == NULL ) {
Debug( LDAP_DEBUG_TRACE, "DNSSRV: str2charrary error\n", 0, 0, 0 );
*text = "problem processing DNS SRV records for DN";
rs->sr_text = "problem processing DNS SRV records for DN";
goto done;
}
@ -82,7 +79,7 @@ dnssrv_back_referrals(
if ( ber_bvarray_add( &urls, &url ) < 0 ) {
free( url.bv_val );
*text = "problem processing DNS SRV records for DN";
rs->sr_text = "problem processing DNS SRV records for DN";
goto done;
}
}
@ -90,13 +87,14 @@ dnssrv_back_referrals(
Statslog( LDAP_DEBUG_STATS,
"conn=%lu op=%lu DNSSRV p=%d dn=\"%s\" url=\"%s\"\n",
op->o_connid, op->o_opid, op->o_protocol,
dn->bv_val, urls[0].bv_val );
op->o_req_dn.bv_val, urls[0].bv_val );
Debug( LDAP_DEBUG_TRACE, "DNSSRV: dn=\"%s\" -> url=\"%s\"\n",
dn->bv_val, urls[0].bv_val, 0 );
op->o_req_dn.bv_val, urls[0].bv_val, 0 );
send_ldap_result( conn, op, rc = LDAP_REFERRAL,
NULL, "DNS SRV generated referrals", urls, NULL );
rs->sr_ref = urls;
send_ldap_error( op, rs, LDAP_REFERRAL,
"DNS SRV generated referrals" );
done:
if( domain != NULL ) ch_free( domain );

89
servers/slapd/back-dnssrv/search.c
View file

@ -19,19 +19,8 @@
int
dnssrv_back_search(
Backend *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn,
int scope,
int deref,
int size,
int time,
Filter *filter,
struct berval *filterstr,
AttributeName *attrs,
int attrsonly )
SlapReply *rs )
{
int i;
int rc;
@ -44,20 +33,21 @@ dnssrv_back_search(
assert( get_manageDSAit( op ) );
if( ldap_dn2domain( dn->bv_val, &domain ) || domain == NULL ) {
send_ldap_result( conn, op, LDAP_REFERRAL,
NULL, NULL, default_referral, NULL );
if( ldap_dn2domain( op->o_req_dn.bv_val, &domain ) || domain == NULL ) {
rs->sr_err = LDAP_REFERRAL;
rs->sr_ref = default_referral;
send_ldap_result( op, rs );
goto done;
}
Debug( LDAP_DEBUG_TRACE, "DNSSRV: dn=\"%s\" -> domain=\"%s\"\n",
dn->bv_len ? dn->bv_val : "", domain, 0 );
op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "", domain, 0 );
if( ( rc = ldap_domain2hostlist( domain, &hostlist ) ) ) {
Debug( LDAP_DEBUG_TRACE, "DNSSRV: domain2hostlist returned %d\n",
rc, 0, 0 );
send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT,
NULL, "no DNS SRV RR available for DN", NULL, NULL );
send_ldap_error( op, rs, LDAP_NO_SUCH_OBJECT,
"no DNS SRV RR available for DN" );
goto done;
}
@ -65,8 +55,8 @@ dnssrv_back_search(
if( hosts == NULL ) {
Debug( LDAP_DEBUG_TRACE, "DNSSRV: str2charrary error\n", 0, 0, 0 );
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "problem processing DNS SRV records for DN", NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER,
"problem processing DNS SRV records for DN" );
goto done;
}
@ -81,9 +71,8 @@ dnssrv_back_search(
if( ber_bvarray_add( &urls, &url ) < 0 ) {
free( url.bv_val );
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "problem processing DNS SRV records for DN",
NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER,
"problem processing DNS SRV records for DN" );
goto done;
}
}
@ -91,20 +80,19 @@ dnssrv_back_search(
Statslog( LDAP_DEBUG_STATS,
"conn=%lu op=%lu DNSSRV p=%d dn=\"%s\" url=\"%s\"\n",
op->o_connid, op->o_opid, op->o_protocol,
dn->bv_len ? dn->bv_val : "", urls[0].bv_val );
op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "", urls[0].bv_val );
Debug( LDAP_DEBUG_TRACE,
"DNSSRV: ManageDSAit scope=%d dn=\"%s\" -> url=\"%s\"\n",
scope,
dn->bv_len ? dn->bv_val : "",
op->oq_search.rs_scope,
op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "",
urls[0].bv_val );
rc = ldap_domain2dn(domain, &refdn);
if( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "DNS SRV problem processing manageDSAit control",
NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER,
"DNS SRV problem processing manageDSAit control" );
goto done;
} else {
@ -114,29 +102,27 @@ dnssrv_back_search(
rc = dnNormalize2( NULL, &bv, &nrefdn );
if( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "DNS SRV problem processing manageDSAit control",
NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER,
"DNS SRV problem processing manageDSAit control" );
goto done;
}
}
if( !dn_match( &nrefdn, ndn ) ) {
if( !dn_match( &nrefdn, &op->o_req_ndn ) ) {
/* requested dn is subordinate */
Debug( LDAP_DEBUG_TRACE,
"DNSSRV: dn=\"%s\" subordindate to refdn=\"%s\"\n",
dn->bv_len ? dn->bv_val : "",
"DNSSRV: dn=\"%s\" subordinate to refdn=\"%s\"\n",
op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "",
refdn == NULL ? "" : refdn,
NULL );
send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT,
refdn, NULL,
NULL, NULL );
rs->sr_matched = refdn;
rs->sr_err = LDAP_NO_SUCH_OBJECT;
send_ldap_result( op, rs );
} else if ( scope == LDAP_SCOPE_ONELEVEL ) {
send_ldap_result( conn, op, LDAP_SUCCESS,
NULL, NULL, NULL, NULL );
} else if ( op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL ) {
send_ldap_error( op, rs, LDAP_SUCCESS, NULL );
} else {
struct berval vals[2];
@ -144,10 +130,10 @@ dnssrv_back_search(
AttributeDescription *ad_objectClass
= slap_schema.si_ad_objectClass;
AttributeDescription *ad_ref = slap_schema.si_ad_ref;
e->e_dn = strdup( dn->bv_val );
e->e_name.bv_len = dn->bv_len;
e->e_ndn = strdup( ndn->bv_val );
e->e_nname.bv_len = ndn->bv_len;
e->e_name.bv_val = strdup( op->o_req_dn.bv_val );
e->e_name.bv_len = op->o_req_dn.bv_len;
e->e_nname.bv_val = strdup( op->o_req_ndn.bv_val );
e->e_nname.bv_len = op->o_req_ndn.bv_len;
e->e_attrs = NULL;
e->e_private = NULL;
@ -204,17 +190,18 @@ dnssrv_back_search(
attr_mergeit( e, ad_ref, urls );
rc = test_filter( be, conn, op, e, filter );
rc = test_filter( op, e, op->oq_search.rs_filter );
if( rc == LDAP_COMPARE_TRUE ) {
send_search_entry( be, conn, op,
e, attrs, attrsonly, NULL );
rs->sr_entry = e;
rs->sr_attrs = op->oq_search.rs_attrs;
send_search_entry( op, rs );
}
entry_free( e );
send_ldap_result( conn, op, LDAP_SUCCESS,
NULL, NULL, NULL, NULL );
rs->sr_err = LDAP_SUCCESS;
send_ldap_result( op, rs );
}
if ( refdn ) free( refdn );

43
servers/slapd/back-ldap/add.c
View file

@ -47,13 +47,10 @@
int
ldap_back_add(
Backend *be,
Connection *conn,
Operation *op,
Entry *e
)
SlapReply *rs )
{
struct ldapinfo *li = (struct ldapinfo *) be->be_private;
struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private;
struct ldapconn *lc;
int i, j;
Attribute *a;
@ -63,13 +60,13 @@ ldap_back_add(
ber_int_t msgid;
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDAP, ENTRY, "ldap_back_add: %s\n", e->e_dn, 0, 0 );
LDAP_LOG( BACK_LDAP, ENTRY, "ldap_back_add: %s\n", op->o_req_dn.bv_val, 0, 0 );
#else /* !NEW_LOGGING */
Debug(LDAP_DEBUG_ARGS, "==> ldap_back_add: %s\n", e->e_dn, 0, 0);
Debug(LDAP_DEBUG_ARGS, "==> ldap_back_add: %s\n", op->o_req_dn.bv_val, 0, 0);
#endif /* !NEW_LOGGING */
lc = ldap_back_getconn(li, conn, op);
if ( !lc || !ldap_back_dobind( li, lc, conn, op ) ) {
lc = ldap_back_getconn(li, op, rs);
if ( !lc || !ldap_back_dobind( li, lc, op, rs ) ) {
return( -1 );
}
@ -77,45 +74,45 @@ ldap_back_add(
* Rewrite the add dn, if needed
*/
#ifdef ENABLE_REWRITE
switch (rewrite_session( li->rwinfo, "addDn", e->e_dn, conn,
switch (rewrite_session( li->rwinfo, "addDn", op->o_req_dn.bv_val, op->o_conn,
&mdn.bv_val )) {
case REWRITE_REGEXEC_OK:
if ( mdn.bv_val != NULL && mdn.bv_val[ 0 ] != '\0' ) {
mdn.bv_len = strlen( mdn.bv_val );
} else {
mdn = e->e_name;
mdn = op->o_req_ndn;
}
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDAP, DETAIL1,
"[rw] addDn: \"%s\" -> \"%s\"\n", e->e_dn, mdn.bv_val, 0 );
"[rw] addDn: \"%s\" -> \"%s\"\n", op->o_req_dn.bv_val, mdn.bv_val, 0 );
#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS, "rw> addDn: \"%s\" -> \"%s\"\n%s",
e->e_dn, mdn.bv_val, "" );
op->o_req_dn.bv_val, mdn.bv_val, "" );
#endif /* !NEW_LOGGING */
break;
case REWRITE_REGEXEC_UNWILLING:
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
NULL, "Operation not allowed", NULL, NULL );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"Operation not allowed" );
return( -1 );
case REWRITE_REGEXEC_ERR:
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "Rewrite error", NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER,
"Rewrite error" );
return( -1 );
}
#else /* !ENABLE_REWRITE */
ldap_back_dn_massage( li, &e->e_name, &mdn, 0, 1 );
ldap_back_dn_massage( li, &op->o_req_ndn, &mdn, 0, 1 );
#endif /* !ENABLE_REWRITE */
/* Count number of attributes in entry */
for (i = 1, a = e->e_attrs; a; i++, a = a->a_next)
for (i = 1, a = op->oq_add.rs_e->e_attrs; a; i++, a = a->a_next)
;
/* Create array of LDAPMods for ldap_add() */
attrs = (LDAPMod **)ch_malloc(sizeof(LDAPMod *)*i);
for (i=0, a=e->e_attrs; a; a=a->a_next) {
for (i=0, a=op->oq_add.rs_e->e_attrs; a; a=a->a_next) {
/*
* lastmod should always be <off>, so that
* creation/modification operational attrs
@ -164,7 +161,7 @@ ldap_back_add(
* FIXME: rewrite could fail; in this case
* the operation should give up, right?
*/
(void)ldap_dnattr_rewrite( li->rwinfo, a->a_vals, conn );
(void)ldap_dnattr_rewrite( li->rwinfo, a->a_vals, op->o_conn );
}
#endif /* ENABLE_REWRITE */
@ -183,11 +180,11 @@ ldap_back_add(
ch_free(attrs[i]);
}
ch_free(attrs);
if ( mdn.bv_val != e->e_dn ) {
if ( mdn.bv_val != op->o_req_dn.bv_val ) {
free( mdn.bv_val );
}
return( ldap_back_op_result( li, lc, conn, op, msgid, j, 1 ) );
return( ldap_back_op_result( li, lc, op, rs, msgid, j, 1 ) );
}
#ifdef ENABLE_REWRITE

7
servers/slapd/back-ldap/back-ldap.h
View file

@ -91,12 +91,11 @@ struct ldapinfo {
struct ldapmap at_map;
};
struct ldapconn *ldap_back_getconn(struct ldapinfo *li, struct slap_conn *conn,
struct slap_op *op);
int ldap_back_dobind(struct ldapinfo *li, struct ldapconn *lc, Connection *conn, Operation *op);
struct ldapconn *ldap_back_getconn(struct ldapinfo *li, struct slap_op *op, struct slap_rep *rs);
int ldap_back_dobind(struct ldapinfo *li, struct ldapconn *lc, Operation *op, SlapReply *rs);
int ldap_back_map_result(int err);
int ldap_back_op_result(struct ldapinfo *li, struct ldapconn *lc,
Connection *conn, Operation *op, ber_int_t msgid, int rc, int sendok);
Operation *op, SlapReply *rs, ber_int_t msgid, int rc, int sendok);
int back_ldap_LTX_init_module(int argc, char *argv[]);
void ldap_back_dn_massage(struct ldapinfo *li, struct berval *dn,

129
servers/slapd/back-ldap/bind.c
View file

@ -53,24 +53,17 @@ static LDAP_REBIND_PROC ldap_back_rebind;
int
ldap_back_bind(
Backend *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn,
int method,
struct berval *cred,
struct berval *edn
)
SlapReply *rs )
{
struct ldapinfo *li = (struct ldapinfo *) be->be_private;
struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private;
struct ldapconn *lc;
struct berval mdn = { 0, NULL };
int rc = 0;
ber_int_t msgid;
lc = ldap_back_getconn(li, conn, op);
lc = ldap_back_getconn(li, op, rs);
if ( !lc ) {
return( -1 );
}
@ -79,32 +72,32 @@ ldap_back_bind(
* Rewrite the bind dn if needed
*/
#ifdef ENABLE_REWRITE
switch ( rewrite_session( li->rwinfo, "bindDn", dn->bv_val, conn, &mdn.bv_val ) ) {
switch ( rewrite_session( li->rwinfo, "bindDn", op->o_req_dn.bv_val, op->o_conn, &mdn.bv_val ) ) {
case REWRITE_REGEXEC_OK:
if ( mdn.bv_val == NULL ) {
mdn.bv_val = ( char * )dn->bv_val;
mdn.bv_val = ( char * )op->o_req_dn.bv_val;
}
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDAP, DETAIL1,
"[rw] bindDn: \"%s\" -> \"%s\"\n", dn->bv_val, mdn.bv_val, 0 );
"[rw] bindDn: \"%s\" -> \"%s\"\n", op->o_req_dn.bv_val, mdn.bv_val, 0 );
#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS, "rw> bindDn: \"%s\" -> \"%s\"\n%s",
dn->bv_val, mdn.bv_val, "" );
op->o_req_dn.bv_val, mdn.bv_val, "" );
#endif /* !NEW_LOGGING */
break;
case REWRITE_REGEXEC_UNWILLING:
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
NULL, "Operation not allowed", NULL, NULL );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"Operation not allowed" );
return( -1 );
case REWRITE_REGEXEC_ERR:
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "Rewrite error", NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER,
"Rewrite error" );
return( -1 );
}
#else /* !ENABLE_REWRITE */
ldap_back_dn_massage( li, dn, &mdn, 0, 1 );
ldap_back_dn_massage( li, &op->o_req_dn &mdn, 0, 1 );
#endif /* !ENABLE_REWRITE */
if ( lc->bound_dn.bv_val ) {
@ -115,31 +108,31 @@ ldap_back_bind(
lc->bound = 0;
/* method is always LDAP_AUTH_SIMPLE if we got here */
rc = ldap_sasl_bind(lc->ld, mdn.bv_val, LDAP_SASL_SIMPLE,
cred, op->o_ctrls, NULL, &msgid);
rc = ldap_back_op_result( li, lc, conn, op, msgid, rc, 1 );
&op->oq_bind.rb_cred, op->o_ctrls, NULL, &msgid);
rc = ldap_back_op_result( li, lc, op, rs, msgid, rc, 1 );
if (rc == LDAP_SUCCESS) {
lc->bound = 1;
if ( mdn.bv_val != dn->bv_val ) {
if ( mdn.bv_val != op->o_req_dn.bv_val ) {
lc->bound_dn = mdn;
} else {
ber_dupbv( &lc->bound_dn, dn );
ber_dupbv( &lc->bound_dn, &op->o_req_dn );
}
if ( li->savecred ) {
if ( lc->cred.bv_val )
ch_free( lc->cred.bv_val );
ber_dupbv( &lc->cred, cred );
ber_dupbv( &lc->cred, &op->oq_bind.rb_cred );
ldap_set_rebind_proc( lc->ld, ldap_back_rebind, lc );
}
}
/* must re-insert if local DN changed as result of bind */
if ( lc->bound && ber_bvcmp(ndn, &lc->local_dn ) ) {
if ( lc->bound && ber_bvcmp(&op->o_req_ndn, &lc->local_dn ) ) {
int err;
ldap_pvt_thread_mutex_lock( &li->conn_mutex );
lc = avl_delete( &li->conntree, (caddr_t)lc, ldap_back_conn_cmp );
if ( lc->local_dn.bv_val )
ch_free( lc->local_dn.bv_val );
ber_dupbv( &lc->local_dn, ndn );
ber_dupbv( &lc->local_dn, &op->o_req_ndn );
err = avl_insert( &li->conntree, (caddr_t)lc,
ldap_back_conn_cmp, ldap_back_conn_dup );
ldap_pvt_thread_mutex_unlock( &li->conn_mutex );
@ -234,7 +227,7 @@ static void myprint( Avlnode *root )
#endif /* PRINT_CONNTREE */
struct ldapconn *
ldap_back_getconn(struct ldapinfo *li, Connection *conn, Operation *op)
ldap_back_getconn(struct ldapinfo *li, Operation *op, SlapReply *rs)
{
struct ldapconn *lc, lc_curr;
LDAP *ld;
@ -244,7 +237,7 @@ ldap_back_getconn(struct ldapinfo *li, Connection *conn, Operation *op)
/* Explicit binds must not be shared */
if ( op->o_tag == LDAP_REQ_BIND ) {
lc_curr.conn = conn;
lc_curr.conn = op->o_conn;
} else {
lc_curr.conn = NULL;
}
@ -263,13 +256,13 @@ ldap_back_getconn(struct ldapinfo *li, Connection *conn, Operation *op)
/* Looks like we didn't get a bind. Open a new session... */
if (!lc) {
int vers = conn->c_protocol;
int err = ldap_initialize(&ld, li->url);
int vers = op->o_conn->c_protocol;
rs->sr_err = ldap_initialize(&ld, li->url);
if (err != LDAP_SUCCESS) {
err = ldap_back_map_result(err);
send_ldap_result( conn, op, err,
NULL, "ldap_initialize() failed", NULL, NULL );
if (rs->sr_err != LDAP_SUCCESS) {
rs->sr_err = ldap_back_map_result(rs->sr_err);
rs->sr_text = "ldap_initialize() failed";
send_ldap_result( op, rs );
return( NULL );
}
/* Set LDAP version. This will always succeed: If the client
@ -295,10 +288,10 @@ ldap_back_getconn(struct ldapinfo *li, Connection *conn, Operation *op)
/*
* Sets a cookie for the rewrite session
*/
( void )rewrite_session_init( li->rwinfo, conn );
( void )rewrite_session_init( li->rwinfo, op->o_conn );
#endif /* ENABLE_REWRITE */
if ( conn->c_dn.bv_len != 0 ) {
if ( op->o_conn->c_dn.bv_len != 0 ) {
/*
* Rewrite the bind dn if needed
@ -307,47 +300,45 @@ ldap_back_getconn(struct ldapinfo *li, Connection *conn, Operation *op)
lc->bound_dn.bv_val = NULL;
lc->bound_dn.bv_len = 0;
switch ( rewrite_session( li->rwinfo, "bindDn",
conn->c_dn.bv_val, conn,
op->o_conn->c_dn.bv_val, op->o_conn,
&lc->bound_dn.bv_val ) ) {
case REWRITE_REGEXEC_OK:
if ( lc->bound_dn.bv_val == NULL ) {
ber_dupbv( &lc->bound_dn,
&conn->c_dn );
&op->o_conn->c_dn );
}
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDAP, DETAIL1,
"[rw] bindDn: \"%s\" ->"
" \"%s\"\n%s",
conn->c_dn.bv_val,
op->o_conn->c_dn.bv_val,
lc->bound_dn.bv_val, "" );
#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS,
"rw> bindDn: \"%s\" ->"
" \"%s\"\n%s",
conn->c_dn.bv_val,
op->o_conn->c_dn.bv_val,
lc->bound_dn.bv_val, "" );
#endif /* !NEW_LOGGING */
break;
case REWRITE_REGEXEC_UNWILLING:
send_ldap_result( conn, op,
send_ldap_error( op, rs,
LDAP_UNWILLING_TO_PERFORM,
NULL, "Operation not allowed",
NULL, NULL );
"Operation not allowed" );
return( NULL );
case REWRITE_REGEXEC_ERR:
send_ldap_result( conn, op,
send_ldap_error( op, rs,
LDAP_OTHER,
NULL, "Rewrite error",
NULL, NULL );
"Rewrite error" );
return( NULL );
}
#else /* !ENABLE_REWRITE */
struct berval bv;
ldap_back_dn_massage( li, &conn->c_dn, &bv, 0, 1 );
if ( bv.bv_val == conn->c_dn.bv_val ) {
ldap_back_dn_massage( li, &op->o_conn->c_dn, &bv, 0, 1 );
if ( bv.bv_val == op->o_conn->c_dn.bv_val ) {
ber_dupbv( &lc->bound_dn, &bv );
} else {
lc->bound_dn = bv;
@ -362,7 +353,7 @@ ldap_back_getconn(struct ldapinfo *li, Connection *conn, Operation *op)
/* Inserts the newly created ldapconn in the avl tree */
ldap_pvt_thread_mutex_lock( &li->conn_mutex );
err = avl_insert( &li->conntree, (caddr_t)lc,
rs->sr_err = avl_insert( &li->conntree, (caddr_t)lc,
ldap_back_conn_cmp, ldap_back_conn_dup );
#if PRINT_CONNTREE > 0
@ -381,10 +372,10 @@ ldap_back_getconn(struct ldapinfo *li, Connection *conn, Operation *op)
#endif /* !NEW_LOGGING */
/* Err could be -1 in case a duplicate ldapconn is inserted */
if ( err != 0 ) {
if ( rs->sr_err != 0 ) {
ldap_back_conn_free( lc );
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "internal server error", NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER,
"internal server error" );
return( NULL );
}
} else {
@ -410,7 +401,7 @@ ldap_back_getconn(struct ldapinfo *li, Connection *conn, Operation *op)
* it can be used to simplify the check.
*/
int
ldap_back_dobind( struct ldapinfo *li, struct ldapconn *lc, Connection *conn, Operation *op )
ldap_back_dobind( struct ldapinfo *li, struct ldapconn *lc, Operation *op, SlapReply *rs )
{
int rc;
ber_int_t msgid;
@ -419,7 +410,7 @@ ldap_back_dobind( struct ldapinfo *li, struct ldapconn *lc, Connection *conn, Op
if ( !lc->bound ) {
rc = ldap_sasl_bind(lc->ld, lc->bound_dn.bv_val,
LDAP_SASL_SIMPLE, &lc->cred, NULL, NULL, &msgid);
rc = ldap_back_op_result( li, lc, conn, op, msgid, rc, 0 );
rc = ldap_back_op_result( li, lc, op, rs, msgid, rc, 0 );
if (rc == LDAP_SUCCESS) {
lc->bound = 1;
}
@ -493,20 +484,21 @@ ldap_back_map_result(int err)
int
ldap_back_op_result(struct ldapinfo *li, struct ldapconn *lc,
Connection *conn, Operation *op, ber_int_t msgid, int err, int sendok)
Operation *op, SlapReply *rs, ber_int_t msgid, int err, int sendok)
{
char *msg = NULL;
char *match = NULL;
char *mmatch = NULL;
LDAPMessage *res;
int rc;
rs->sr_text = NULL;
rs->sr_matched = NULL;
if (err == LDAP_SUCCESS) {
if (ldap_result(lc->ld, msgid, 1, NULL, &res) == -1) {
ldap_get_option(lc->ld, LDAP_OPT_ERROR_NUMBER, &err);
} else {
rc = ldap_parse_result(lc->ld, res, &err, &match,
&msg, NULL, NULL, 1);
(char **)&rs->sr_text, NULL, NULL, 1);
if (rc != LDAP_SUCCESS) err = rc;
}
}
@ -514,14 +506,14 @@ ldap_back_op_result(struct ldapinfo *li, struct ldapconn *lc,
err = ldap_back_map_result(err);
/* internal ops must not reply to client */
if ( conn && !op->o_do_not_cache ) {
if ( op->o_conn && !op->o_do_not_cache ) {
#ifdef ENABLE_REWRITE
if (match) {
switch(rewrite_session(li->rwinfo, "matchedDn", match, conn,
&mmatch)) {
switch(rewrite_session(li->rwinfo, "matchedDn", match, op->o_conn,
(char **)&rs->sr_matched)) {
case REWRITE_REGEXEC_OK:
if (!mmatch) mmatch = match; break;
if (!rs->sr_matched) rs->sr_matched = match; break;
case REWRITE_REGEXEC_UNWILLING:
case REWRITE_REGEXEC_ERR:
break;
@ -532,17 +524,22 @@ ldap_back_op_result(struct ldapinfo *li, struct ldapconn *lc,
if (match) {
ber_str2bv(match, 0, 0, &dn);
ldap_back_dn_massage(li, &dn, &mdn, 0, 0);
mmatch = mdn.bv_val;
rs->sr_matched = mdn.bv_val;
}
#endif
}
}
if (sendok || err != LDAP_SUCCESS) {
send_ldap_result( conn, op, err, mmatch, msg, NULL, NULL );
rs->sr_err = err;
send_ldap_result( op, rs );
}
if (mmatch != match) free(mmatch);
if (rs->sr_matched != match) free((char *)rs->sr_matched);
rs->sr_matched = NULL;
if ( match ) free( match );
if ( msg ) free( msg );
if ( rs->sr_text ) {
free( (char *)rs->sr_text );
rs->sr_text = NULL;
}
return( (err==LDAP_SUCCESS) ? 0 : -1 );
}

41
servers/slapd/back-ldap/compare.c
View file

@ -47,23 +47,18 @@
int
ldap_back_compare(
Backend *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn,
AttributeAssertion *ava
)
SlapReply *rs )
{
struct ldapinfo *li = (struct ldapinfo *) be->be_private;
struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private;
struct ldapconn *lc;
struct berval mapped_oc, mapped_at;
struct berval mdn = { 0, NULL };
int rc;
ber_int_t msgid;
lc = ldap_back_getconn(li, conn, op);
if (!lc || !ldap_back_dobind( li, lc, conn, op ) ) {
lc = ldap_back_getconn(li, op, rs);
if (!lc || !ldap_back_dobind( li, lc, op, rs ) ) {
return( -1 );
}
@ -71,46 +66,46 @@ ldap_back_compare(
* Rewrite the compare dn, if needed
*/
#ifdef ENABLE_REWRITE
switch ( rewrite_session( li->rwinfo, "compareDn", dn->bv_val, conn, &mdn.bv_val ) ) {
switch ( rewrite_session( li->rwinfo, "compareDn", op->o_req_dn.bv_val, op->o_conn, &mdn.bv_val ) ) {
case REWRITE_REGEXEC_OK:
if ( mdn.bv_val == NULL ) {
mdn.bv_val = ( char * )dn->bv_val;
mdn.bv_val = ( char * )op->o_req_dn.bv_val;
}
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDAP, DETAIL1,
"[rw] compareDn: \"%s\" -> \"%s\"\n", dn->bv_val, mdn.bv_val, 0 );
"[rw] compareDn: \"%s\" -> \"%s\"\n", op->o_req_dn.bv_val, mdn.bv_val, 0 );
#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS, "rw> compareDn: \"%s\" -> \"%s\"\n%s",
dn->bv_val, mdn.bv_val, "" );
op->o_req_dn.bv_val, mdn.bv_val, "" );
#endif /* !NEW_LOGGING */
break;
case REWRITE_REGEXEC_UNWILLING:
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
NULL, "Operation not allowed", NULL, NULL );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"Operation not allowed" );
return( -1 );
case REWRITE_REGEXEC_ERR:
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "Rewrite error", NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER,
"Rewrite error" );
return( -1 );
}
#else /* !ENABLE_REWRITE */
ldap_back_dn_massage( li, dn, &mdn, 0, 1 );
ldap_back_dn_massage( li, &op->o_req_dn, &mdn, 0, 1 );
if ( mdn.bv_val == NULL ) {
return -1;
}
#endif /* !ENABLE_REWRITE */
if ( ava->aa_desc == slap_schema.si_ad_objectClass ) {
ldap_back_map(&li->oc_map, &ava->aa_desc->ad_cname, &mapped_oc,
if ( op->oq_compare.rs_ava->aa_desc == slap_schema.si_ad_objectClass ) {
ldap_back_map(&li->oc_map, &op->oq_compare.rs_ava->aa_desc->ad_cname, &mapped_oc,
BACKLDAP_MAP);
if (mapped_oc.bv_val == NULL || mapped_oc.bv_val[0] == '\0') {
return( -1 );
}
} else {
ldap_back_map(&li->at_map, &ava->aa_value, &mapped_at,
ldap_back_map(&li->at_map, &op->oq_compare.rs_ava->aa_value, &mapped_at,
BACKLDAP_MAP);
if (mapped_at.bv_val == NULL || mapped_at.bv_val[0] == '\0') {
return( -1 );
@ -120,9 +115,9 @@ ldap_back_compare(
rc = ldap_compare_ext( lc->ld, mdn.bv_val, mapped_oc.bv_val,
&mapped_at, op->o_ctrls, NULL, &msgid );
if ( mdn.bv_val != dn->bv_val ) {
if ( mdn.bv_val != op->o_req_dn.bv_val ) {
free( mdn.bv_val );
}
return( ldap_back_op_result( li, lc, conn, op, msgid, rc, 1 ) );
return( ldap_back_op_result( li, lc, op, rs, msgid, rc, 1 ) );
}

46
servers/slapd/back-ldap/config.c
View file

@ -409,36 +409,28 @@ error_return:;
static int
ldap_back_exop_whoami(
Connection *conn,
Operation *op,
struct berval *reqoid,
struct berval *reqdata,
char **rspoid,
struct berval **rspdata,
LDAPControl ***rspctrls,
const char **text,
BerVarray *refs )
SlapReply *rs )
{
struct berval *bv = NULL;
int rc = LDAP_SUCCESS;
if ( reqdata != NULL ) {
if ( op->oq_extended.rs_reqdata != NULL ) {
/* no request data should be provided */
*text = "no request data expected";
rs->sr_text = "no request data expected";
return LDAP_PROTOCOL_ERROR;
}
{
rc = backend_check_restrictions( conn->c_authz_backend,
conn, op, (struct berval *)&slap_EXOP_WHOAMI, text );
rs->sr_err = backend_check_restrictions( op, rs,
(struct berval *)&slap_EXOP_WHOAMI );
if( rc != LDAP_SUCCESS ) return rc;
if( rs->sr_err != LDAP_SUCCESS ) return rs->sr_err;
}
/* if auth'd by back-ldap and request is proxied, forward it */
if ( conn->c_authz_backend && !strcmp(conn->c_authz_backend->be_type, "ldap" ) && !dn_match(&op->o_ndn, &conn->c_ndn)) {
if ( op->o_conn->c_authz_backend && !strcmp(op->o_conn->c_authz_backend->be_type, "ldap" ) && !dn_match(&op->o_ndn, &op->o_conn->c_ndn)) {
struct ldapinfo *li =
(struct ldapinfo *)conn->c_authz_backend->be_private;
(struct ldapinfo *)op->o_conn->c_authz_backend->be_private;
struct ldapconn *lc;
LDAPControl c, *ctrls[2] = {&c, NULL};
@ -446,9 +438,9 @@ ldap_back_exop_whoami(
Operation op2 = *op;
ber_int_t msgid;
op2.o_ndn = conn->c_ndn;
lc = ldap_back_getconn(li, conn, &op2);
if (!lc || !ldap_back_dobind( li, lc, conn, op )) {
op2.o_ndn = op->o_conn->c_ndn;
lc = ldap_back_getconn(li, &op2, rs);
if (!lc || !ldap_back_dobind( li, lc, op, rs )) {
return -1;
}
c.ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
@ -458,19 +450,19 @@ ldap_back_exop_whoami(
strcpy(c.ldctl_value.bv_val, "dn:");
strcpy(c.ldctl_value.bv_val+3, op->o_ndn.bv_val);
rc = ldap_whoami(lc->ld, ctrls, NULL, &msgid);
if (rc == LDAP_SUCCESS) {
rs->sr_err = ldap_whoami(lc->ld, ctrls, NULL, &msgid);
if (rs->sr_err == LDAP_SUCCESS) {
if (ldap_result(lc->ld, msgid, 1, NULL, &res) == -1) {
ldap_get_option(lc->ld, LDAP_OPT_ERROR_NUMBER,
&rc);
&rs->sr_err);
} else {
rc = ldap_parse_whoami(lc->ld, res, &bv);
rs->sr_err = ldap_parse_whoami(lc->ld, res, &bv);
ldap_msgfree(res);
}
}
ch_free(c.ldctl_value.bv_val);
if (rc != LDAP_SUCCESS) {
rc = ldap_back_map_result(rc);
if (rs->sr_err != LDAP_SUCCESS) {
rs->sr_err = ldap_back_map_result(rs->sr_err);
}
} else {
/* else just do the same as before */
@ -488,8 +480,8 @@ ldap_back_exop_whoami(
}
}
*rspdata = bv;
return rc;
rs->sr_rspdata = bv;
return rs->sr_err;
}

36
servers/slapd/back-ldap/delete.c
View file

@ -47,63 +47,59 @@
int
ldap_back_delete(
Backend *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn
)
SlapReply *rs )
{
struct ldapinfo *li = (struct ldapinfo *) be->be_private;
struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private;
struct ldapconn *lc;
int rc;
ber_int_t msgid;
struct berval mdn = { 0, NULL };
lc = ldap_back_getconn( li, conn, op );
lc = ldap_back_getconn( li, op, rs );
if ( !lc || !ldap_back_dobind( li, lc, conn, op ) ) {
if ( !lc || !ldap_back_dobind( li, lc, op, rs ) ) {
return( -1 );
}
/*
* Rewrite the compare dn, if needed
* Rewrite the request dn, if needed
*/
#ifdef ENABLE_REWRITE
switch ( rewrite_session( li->rwinfo, "deleteDn", dn->bv_val, conn, &mdn.bv_val ) ) {
switch ( rewrite_session( li->rwinfo, "deleteDn", op->o_req_dn.bv_val, op->o_conn, &mdn.bv_val ) ) {
case REWRITE_REGEXEC_OK:
if ( mdn.bv_val == NULL ) {
mdn.bv_val = ( char * )dn->bv_val;
mdn.bv_val = ( char * )op->o_req_dn.bv_val;
}
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDAP, DETAIL1,
"[rw] deleteDn: \"%s\" -> \"%s\"\n", dn->bv_val, mdn.bv_val, 0 );
"[rw] deleteDn: \"%s\" -> \"%s\"\n", op->o_req_dn.bv_val, mdn.bv_val, 0 );
#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS, "rw> deleteDn: \"%s\" -> \"%s\"\n%s",
dn->bv_val, mdn.bv_val, "" );
op->o_req_dn.bv_val, mdn.bv_val, "" );
#endif /* !NEW_LOGGING */
break;
case REWRITE_REGEXEC_UNWILLING:
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
NULL, "Operation not allowed", NULL, NULL );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"Operation not allowed" );
return( -1 );
case REWRITE_REGEXEC_ERR:
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "Rewrite error", NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER,
"Rewrite error" );
return( -1 );
}
#else /* !ENABLE_REWRITE */
ldap_back_dn_massage( li, dn, &mdn, 0, 1 );
ldap_back_dn_massage( li, &op->o_req_dn, &mdn, 0, 1 );
#endif /* !ENABLE_REWRITE */
rc = ldap_delete_ext( lc->ld, mdn.bv_val, op->o_ctrls, NULL, &msgid );
if ( mdn.bv_val != dn->bv_val ) {
if ( mdn.bv_val != op->o_req_dn.bv_val ) {
free( mdn.bv_val );
}
return( ldap_back_op_result( li, lc, conn, op, msgid, rc, 1 ) );
return( ldap_back_op_result( li, lc, op, rs, msgid, rc, 1 ) );
}

72
servers/slapd/back-ldap/extended.c
View file

@ -26,48 +26,27 @@ static struct exop {
int
ldap_back_extended(
Backend *be,
Connection *conn,
Operation *op,
struct berval *reqoid,
struct berval *reqdata,
char **rspoid,
struct berval **rspdata,
LDAPControl *** rspctrls,
const char** text,
BerVarray *refs
)
SlapReply *rs )
{
int i;
for( i=0; exop_table[i].extended != NULL; i++ ) {
if( ber_bvcmp( exop_table[i].oid, reqoid ) == 0 ) {
return (exop_table[i].extended)(
be, conn, op,
reqoid, reqdata,
rspoid, rspdata, rspctrls,
text, refs );
if( ber_bvcmp( exop_table[i].oid, &op->oq_extended.rs_reqoid ) == 0 ) {
return (exop_table[i].extended)( op, rs );
}
}
*text = "not supported within naming context";
rs->sr_text = "not supported within naming context";
return LDAP_UNWILLING_TO_PERFORM;
}
int
ldap_back_exop_passwd(
Backend *be,
Connection *conn,
Operation *op,
struct berval *reqoid,
struct berval *reqdata,
char **rspoid,
struct berval **rspdata,
LDAPControl *** rspctrls,
const char **text,
BerVarray *refs )
SlapReply *rs )
{
struct ldapinfo *li = (struct ldapinfo *) be->be_private;
struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private;
struct ldapconn *lc;
struct berval id = { 0, NULL };
struct berval old = { 0, NULL };
@ -75,15 +54,14 @@ ldap_back_exop_passwd(
struct berval dn, mdn = { 0, NULL }, newpw;
LDAPMessage *res;
ber_int_t msgid;
char *msg = NULL, *match = NULL;
int rc;
lc = ldap_back_getconn(li, conn, op);
if (!lc || !ldap_back_dobind(li, lc, conn, op) ) {
lc = ldap_back_getconn(li, op, rs);
if (!lc || !ldap_back_dobind(li, lc, op, rs) ) {
return -1;
}
rc = slap_passwd_parse( reqdata, &id, &old, &new, text );
rc = slap_passwd_parse( op->oq_extended.rs_reqdata, &id, &old, &new, &rs->sr_text );
if (rc != LDAP_SUCCESS)
return rc;
@ -102,12 +80,12 @@ ldap_back_exop_passwd(
#endif
if (dn.bv_len == 0) {
*text = "No password is associated with the Root DSE";
rs->sr_text = "No password is associated with the Root DSE";
return LDAP_UNWILLING_TO_PERFORM;
}
if (id.bv_len) {
#ifdef ENABLE_REWRITE
switch ( rewrite_session( li->rwinfo, "modifyPwd", dn.bv_val, conn, &mdn.bv_val ) ) {
switch ( rewrite_session( li->rwinfo, "modifyPwd", dn.bv_val, op->o_conn, &mdn.bv_val ) ) {
case REWRITE_REGEXEC_OK:
if ( mdn.bv_val == NULL ) {
mdn.bv_val = dn.bv_val;
@ -123,13 +101,13 @@ ldap_back_exop_passwd(
break;
case REWRITE_REGEXEC_UNWILLING:
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
NULL, "Operation not allowed", NULL, NULL );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"Operation not allowed" );
return( -1 );
case REWRITE_REGEXEC_ERR:
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "Rewrite error", NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER,
"Rewrite error" );
return( -1 );
}
#else /* !ENABLE_REWRITE */
@ -151,28 +129,30 @@ ldap_back_exop_passwd(
/* sigh. parse twice, because parse_passwd doesn't give
* us the err / match / msg info.
*/
int err;
rc = ldap_parse_result(lc->ld, res, &err, &match, &msg,
rc = ldap_parse_result(lc->ld, res, &rs->sr_err, (char **)&rs->sr_matched, (char **)&rs->sr_text,
NULL, NULL, 0);
if (rc == LDAP_SUCCESS) {
if (err == LDAP_SUCCESS) {
if (rs->sr_err == LDAP_SUCCESS) {
rc = ldap_parse_passwd(lc->ld, res, &newpw);
if (rc == LDAP_SUCCESS && newpw.bv_val) {
*rspdata = slap_passwd_return(&newpw);
rs->sr_type = REP_EXTENDED;
rs->sr_rspdata = slap_passwd_return(&newpw);
free(newpw.bv_val);
}
} else {
rc = err;
rc = rs->sr_err;
}
}
ldap_msgfree(res);
}
}
if (rc != LDAP_SUCCESS) {
rc = ldap_back_map_result(rc);
send_ldap_result(conn, op, rc, match, msg, NULL, NULL);
if (match) free(match);
if (msg) free(msg);
rs->sr_err = ldap_back_map_result(rc);
send_ldap_result(op, rs);
if (rs->sr_matched) free((char *)rs->sr_matched);
if (rs->sr_text) free((char *)rs->sr_text);
rs->sr_matched = NULL;
rs->sr_text = NULL;
rc = -1;
}
return rc;

41
servers/slapd/back-ldap/modify.c
View file

@ -47,15 +47,10 @@
int
ldap_back_modify(
Backend *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn,
Modifications *modlist
)
SlapReply *rs )
{
struct ldapinfo *li = (struct ldapinfo *) be->be_private;
struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private;
struct ldapconn *lc;
LDAPMod **modv = NULL;
LDAPMod *mods;
@ -65,8 +60,8 @@ ldap_back_modify(
struct berval mdn = { 0, NULL };
ber_int_t msgid;
lc = ldap_back_getconn(li, conn, op);
if ( !lc || !ldap_back_dobind( li, lc, conn, op ) ) {
lc = ldap_back_getconn(li, op, rs);
if ( !lc || !ldap_back_dobind( li, lc, op, rs ) ) {
return( -1 );
}
@ -74,35 +69,35 @@ ldap_back_modify(
* Rewrite the modify dn, if needed
*/
#ifdef ENABLE_REWRITE
switch ( rewrite_session( li->rwinfo, "modifyDn", dn->bv_val, conn, &mdn.bv_val ) ) {
switch ( rewrite_session( li->rwinfo, "modifyDn", op->o_req_dn.bv_val, op->o_conn, &mdn.bv_val ) ) {
case REWRITE_REGEXEC_OK:
if ( mdn.bv_val == NULL ) {
mdn.bv_val = ( char * )dn->bv_val;
mdn.bv_val = ( char * )op->o_req_dn.bv_val;
}
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDAP, DETAIL1,
"[rw] modifyDn: \"%s\" -> \"%s\"\n", dn->bv_val, mdn.bv_val, 0 );
"[rw] modifyDn: \"%s\" -> \"%s\"\n", op->o_req_dn.bv_val, mdn.bv_val, 0 );
#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS, "rw> modifyDn: \"%s\" -> \"%s\"\n%s",
dn->bv_val, mdn.bv_val, "" );
op->o_req_dn.bv_val, mdn.bv_val, "" );
#endif /* !NEW_LOGGING */
break;
case REWRITE_REGEXEC_UNWILLING:
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
NULL, "Operation not allowed", NULL, NULL );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"Operation not allowed" );
return( -1 );
case REWRITE_REGEXEC_ERR:
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "Rewrite error", NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER,
"Rewrite error" );
return( -1 );
}
#else /* !ENABLE_REWRITE */
ldap_back_dn_massage( li, dn, &mdn, 0, 1 );
ldap_back_dn_massage( li, &op->o_req_dn, &mdn, 0, 1 );
#endif /* !ENABLE_REWRITE */
for (i=0, ml=modlist; ml; i++,ml=ml->sml_next)
for (i=0, ml=op->oq_modify.rs_modlist; ml; i++,ml=ml->sml_next)
;
mods = (LDAPMod *)ch_malloc(i*sizeof(LDAPMod));
@ -116,7 +111,7 @@ ldap_back_modify(
goto cleanup;
}
for (i=0, ml=modlist; ml; ml=ml->sml_next) {
for (i=0, ml=op->oq_modify.rs_modlist; ml; ml=ml->sml_next) {
if ( ml->sml_desc->ad_type->sat_no_user_mod ) {
continue;
}
@ -140,7 +135,7 @@ ldap_back_modify(
if ( strcmp( ml->sml_desc->ad_type->sat_syntax->ssyn_oid,
SLAPD_DN_SYNTAX ) == 0 ) {
ldap_dnattr_rewrite( li->rwinfo,
ml->sml_bvalues, conn );
ml->sml_bvalues, op->o_conn );
}
#endif /* ENABLE_REWRITE */
@ -162,7 +157,7 @@ ldap_back_modify(
rc = ldap_modify_ext( lc->ld, mdn.bv_val, modv, op->o_ctrls, NULL, &msgid );
cleanup:;
if ( mdn.bv_val != dn->bv_val ) {
if ( mdn.bv_val != op->o_req_dn.bv_val ) {
free( mdn.bv_val );
}
for (i=0; modv[i]; i++) {
@ -171,6 +166,6 @@ cleanup:;
ch_free( mods );
ch_free( modv );
return ldap_back_op_result( li, lc, conn, op, msgid, rc, 1 );
return ldap_back_op_result( li, lc, op, rs, msgid, rc, 1 );
}

67
servers/slapd/back-ldap/modrdn.c
View file

@ -47,31 +47,22 @@
int
ldap_back_modrdn(
Backend *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn,
struct berval *newrdn,
struct berval *nnewrdn,
int deleteoldrdn,
struct berval *newSuperior,
struct berval *nnewSuperior
)
SlapReply *rs )
{
struct ldapinfo *li = (struct ldapinfo *) be->be_private;
struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private;
struct ldapconn *lc;
int rc;
ber_int_t msgid;
struct berval mdn = { 0, NULL }, mnewSuperior = { 0, NULL };
lc = ldap_back_getconn( li, conn, op );
if ( !lc || !ldap_back_dobind(li, lc, conn, op) ) {
lc = ldap_back_getconn( li, op, rs );
if ( !lc || !ldap_back_dobind(li, lc, op, rs) ) {
return( -1 );
}
if (newSuperior) {
if (op->oq_modrdn.rs_newSup) {
int version = LDAP_VERSION3;
ldap_set_option( lc->ld, LDAP_OPT_PROTOCOL_VERSION, &version);
@ -80,36 +71,34 @@ ldap_back_modrdn(
*/
#ifdef ENABLE_REWRITE
switch ( rewrite_session( li->rwinfo, "newSuperiorDn",
newSuperior->bv_val, conn, &mnewSuperior.bv_val ) ) {
op->oq_modrdn.rs_newSup->bv_val, op->o_conn, &mnewSuperior.bv_val ) ) {
case REWRITE_REGEXEC_OK:
if ( mnewSuperior.bv_val == NULL ) {
mnewSuperior.bv_val = ( char * )newSuperior;
mnewSuperior.bv_val = ( char * )op->oq_modrdn.rs_newSup->bv_val;
}
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDAP, DETAIL1,
"[rw] newSuperiorDn:" " \"%s\" -> \"%s\"\n",
newSuperior, mnewSuperior.bv_val, 0 );
op->oq_modrdn.rs_newSup->bv_val, mnewSuperior.bv_val, 0 );
#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS, "rw> newSuperiorDn:"
" \"%s\" -> \"%s\"\n%s",
newSuperior->bv_val, mnewSuperior.bv_val, "" );
op->oq_modrdn.rs_newSup->bv_val, mnewSuperior.bv_val, "" );
#endif /* !NEW_LOGGING */
break;
case REWRITE_REGEXEC_UNWILLING:
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
NULL, "Operation not allowed",
NULL, NULL );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"Operation not allowed" );
return( -1 );
case REWRITE_REGEXEC_ERR:
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "Rewrite error",
NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER,
"Rewrite error" );
return( -1 );
}
#else /* !ENABLE_REWRITE */
ldap_back_dn_massage( li, newSuperior, &mnewSuperior, 0, 1 );
ldap_back_dn_massage( li, op->oq_modrdn.rs_newSup, &mnewSuperior, 0, 1 );
if ( mnewSuperior.bv_val == NULL ) {
return( -1 );
}
@ -120,44 +109,44 @@ ldap_back_modrdn(
/*
* Rewrite the modrdn dn, if required
*/
switch ( rewrite_session( li->rwinfo, "modrDn", dn->bv_val, conn, &mdn.bv_val ) ) {
switch ( rewrite_session( li->rwinfo, "modrDn", op->o_req_dn.bv_val, op->o_conn, &mdn.bv_val ) ) {
case REWRITE_REGEXEC_OK:
if ( mdn.bv_val == NULL ) {
mdn.bv_val = ( char * )dn->bv_val;
mdn.bv_val = ( char * )op->o_req_dn.bv_val;
}
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDAP, DETAIL1,
"[rw] modrDn: \"%s\" -> \"%s\"\n", dn->bv_val, mdn.bv_val, 0 );
"[rw] modrDn: \"%s\" -> \"%s\"\n", op->o_req_dn.bv_val, mdn.bv_val, 0 );
#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS, "rw> modrDn: \"%s\" -> \"%s\"\n%s",
dn->bv_val, mdn.bv_val, "" );
op->o_req_dn.bv_val, mdn.bv_val, "" );
#endif /* !NEW_LOGGING */
break;
case REWRITE_REGEXEC_UNWILLING:
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
NULL, "Operation not allowed", NULL, NULL );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"Operation not allowed" );
return( -1 );
case REWRITE_REGEXEC_ERR:
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "Rewrite error", NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER,
"Rewrite error" );
return( -1 );
}
#else /* !ENABLE_REWRITE */
ldap_back_dn_massage( li, dn, &mdn, 0, 1 );
ldap_back_dn_massage( li, &op->o_req_dn, &mdn, 0, 1 );
#endif /* !ENABLE_REWRITE */
rc = ldap_rename( lc->ld, mdn.bv_val, newrdn->bv_val, mnewSuperior.bv_val,
deleteoldrdn, op->o_ctrls, NULL, &msgid );
rc = ldap_rename( lc->ld, mdn.bv_val, op->oq_modrdn.rs_newrdn.bv_val, mnewSuperior.bv_val,
op->oq_modrdn.rs_deleteoldrdn, op->o_ctrls, NULL, &msgid );
if ( mdn.bv_val != dn->bv_val ) {
if ( mdn.bv_val != op->o_req_dn.bv_val ) {
free( mdn.bv_val );
}
if ( mnewSuperior.bv_val != NULL
&& mnewSuperior.bv_val != newSuperior->bv_val ) {
&& mnewSuperior.bv_val != op->oq_modrdn.rs_newSup->bv_val ) {
free( mnewSuperior.bv_val );
}
return( ldap_back_op_result( li, lc, conn, op, msgid, rc, 1 ) );
return( ldap_back_op_result( li, lc, op, rs, msgid, rc, 1 ) );
}

199
servers/slapd/back-ldap/search.c
View file

@ -54,36 +54,23 @@ static struct berval dummy = { 0, NULL };
int
ldap_back_search(
Backend *be,
Connection *conn,
Operation *op,
struct berval *base,
struct berval *nbase,
int scope,
int deref,
int slimit,
int tlimit,
Filter *filter,
struct berval *filterstr,
AttributeName *attrs,
int attrsonly
)
SlapReply *rs )
{
struct ldapinfo *li = (struct ldapinfo *) be->be_private;
struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private;
struct ldapconn *lc;
struct timeval tv;
LDAPMessage *res, *e;
int count, rc = 0, msgid, sres = LDAP_SUCCESS;
char *match = NULL, *err = NULL;
char *match = NULL;
char **mapped_attrs = NULL;
struct berval mbase;
char *mmatch = NULL;
struct berval mfilter = { 0, NULL };
struct slap_limits_set *limit = NULL;
int isroot = 0;
BerVarray v2refs = NULL;
lc = ldap_back_getconn(li, conn, op);
lc = ldap_back_getconn(li, op, rs);
if ( !lc ) {
return( -1 );
}
@ -92,30 +79,30 @@ ldap_back_search(
* FIXME: in case of values return filter, we might want
* to map attrs and maybe rewrite value
*/
if ( !ldap_back_dobind( li, lc, conn, op ) ) {
if ( !ldap_back_dobind( li, lc, op, rs ) ) {
return( -1 );
}
/* if not root, get appropriate limits */
if ( be_isroot( be, &op->o_ndn ) ) {
if ( be_isroot( op->o_bd, &op->o_ndn ) ) {
isroot = 1;
} else {
( void ) get_limits( be, &op->o_ndn, &limit );
( void ) get_limits( op->o_bd, &op->o_ndn, &limit );
}
/* if no time limit requested, rely on remote server limits */
/* if requested limit higher than hard limit, abort */
if ( !isroot && tlimit > limit->lms_t_hard ) {
if ( !isroot && op->oq_search.rs_tlimit > limit->lms_t_hard ) {
/* no hard limit means use soft instead */
if ( limit->lms_t_hard == 0
&& limit->lms_t_soft > -1
&& tlimit > limit->lms_t_soft ) {
tlimit = limit->lms_t_soft;
&& op->oq_search.rs_tlimit > limit->lms_t_soft ) {
op->oq_search.rs_tlimit = limit->lms_t_soft;
/* positive hard limit means abort */
} else if ( limit->lms_t_hard > 0 ) {
send_ldap_result( conn, op, LDAP_ADMINLIMIT_EXCEEDED,
NULL, NULL, NULL, NULL );
rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
send_ldap_result( op, rs );
rc = 0;
goto finish;
}
@ -125,17 +112,17 @@ ldap_back_search(
/* if no size limit requested, rely on remote server limits */
/* if requested limit higher than hard limit, abort */
if ( !isroot && slimit > limit->lms_s_hard ) {
if ( !isroot && op->oq_search.rs_slimit > limit->lms_s_hard ) {
/* no hard limit means use soft instead */
if ( limit->lms_s_hard == 0
&& limit->lms_s_soft > -1
&& slimit > limit->lms_s_soft ) {
slimit = limit->lms_s_soft;
&& op->oq_search.rs_slimit > limit->lms_s_soft ) {
op->oq_search.rs_slimit = limit->lms_s_soft;
/* positive hard limit means abort */
} else if ( limit->lms_s_hard > 0 ) {
send_ldap_result( conn, op, LDAP_ADMINLIMIT_EXCEEDED,
NULL, NULL, NULL, NULL );
rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
send_ldap_result( op, rs );
rc = 0;
goto finish;
}
@ -144,10 +131,10 @@ ldap_back_search(
}
/* should we check return values? */
if (deref != -1)
ldap_set_option( lc->ld, LDAP_OPT_DEREF, (void *)&deref);
if (tlimit != -1) {
tv.tv_sec = tlimit;
if (op->oq_search.rs_deref != -1)
ldap_set_option( lc->ld, LDAP_OPT_DEREF, (void *)&op->oq_search.rs_deref);
if (op->oq_search.rs_tlimit != -1) {
tv.tv_sec = op->oq_search.rs_tlimit;
tv.tv_usec = 0;
} else {
tv.tv_sec = 0;
@ -158,45 +145,45 @@ ldap_back_search(
*/
#ifdef ENABLE_REWRITE
switch ( rewrite_session( li->rwinfo, "searchBase",
base->bv_val, conn, &mbase.bv_val ) ) {
op->o_req_dn.bv_val, op->o_conn, &mbase.bv_val ) ) {
case REWRITE_REGEXEC_OK:
if ( mbase.bv_val == NULL ) {
mbase = *base;
mbase = op->o_req_dn;
}
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDAP, DETAIL1,
"[rw] searchBase: \"%s\" -> \"%s\"\n",
base->bv_val, mbase.bv_val, 0 );
op->o_req_dn.bv_val, mbase.bv_val, 0 );
#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS, "rw> searchBase: \"%s\" -> \"%s\"\n%s",
base->bv_val, mbase.bv_val, "" );
op->o_req_dn.bv_val, mbase.bv_val, "" );
#endif /* !NEW_LOGGING */
break;
case REWRITE_REGEXEC_UNWILLING:
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
NULL, "Operation not allowed", NULL, NULL );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"Operation not allowed" );
rc = -1;
goto finish;
case REWRITE_REGEXEC_ERR:
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "Rewrite error", NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER,
"Rewrite error" );
rc = -1;
goto finish;
}
#else /* !ENABLE_REWRITE */
ldap_back_dn_massage( li, base, &mbase, 0, 1 );
ldap_back_dn_massage( li, &op->oq_req_dn &mbase, 0, 1 );
#endif /* !ENABLE_REWRITE */
#ifdef ENABLE_REWRITE
rc = ldap_back_filter_map_rewrite_( li->rwinfo, conn,
&li->at_map, &li->oc_map, filter, &mfilter,
rc = ldap_back_filter_map_rewrite_( li->rwinfo, op->o_conn,
&li->at_map, &li->oc_map, op->oq_search.rs_filter, &mfilter,
BACKLDAP_MAP );
#else /* ! ENABLE_REWRITE */
rc = ldap_back_filter_map_rewrite_( &li->at_map, &li->oc_map,
filter, &mfilter, BACKLDAP_MAP );
op->oq_search.rs_filter, &mfilter, BACKLDAP_MAP );
#endif /* ! ENABLE_REWRITE */
if ( rc ) {
@ -204,22 +191,22 @@ ldap_back_search(
goto finish;
}
mapped_attrs = ldap_back_map_attrs(&li->at_map, attrs, BACKLDAP_MAP);
if ( mapped_attrs == NULL && attrs) {
for (count=0; attrs[count].an_name.bv_val; count++);
mapped_attrs = ldap_back_map_attrs(&li->at_map, op->oq_search.rs_attrs, BACKLDAP_MAP);
if ( mapped_attrs == NULL && op->oq_search.rs_attrs) {
for (count=0; op->oq_search.rs_attrs[count].an_name.bv_val; count++);
mapped_attrs = ch_malloc( (count+1) * sizeof(char *));
for (count=0; attrs[count].an_name.bv_val; count++) {
mapped_attrs[count] = attrs[count].an_name.bv_val;
for (count=0; op->oq_search.rs_attrs[count].an_name.bv_val; count++) {
mapped_attrs[count] = op->oq_search.rs_attrs[count].an_name.bv_val;
}
mapped_attrs[count] = NULL;
}
rc = ldap_search_ext(lc->ld, mbase.bv_val, scope, mfilter.bv_val,
mapped_attrs, attrsonly, op->o_ctrls, NULL, tv.tv_sec ? &tv
: NULL, slimit, &msgid);
rc = ldap_search_ext(lc->ld, mbase.bv_val, op->oq_search.rs_scope, mfilter.bv_val,
mapped_attrs, op->oq_search.rs_attrsonly, op->o_ctrls, NULL, tv.tv_sec ? &tv
: NULL, op->oq_search.rs_slimit, &msgid);
if ( rc != LDAP_SUCCESS ) {
fail:;
rc = ldap_back_op_result(li, lc, conn, op, msgid, rc, 0);
rc = ldap_back_op_result(li, lc, op, rs, msgid, rc, 0);
goto finish;
}
@ -228,7 +215,7 @@ fail:;
* but this is necessary for version matching, and for ACL processing.
*/
for ( count=0, rc=0;
for ( rs->sr_nentries=0, rc=0;
rc != -1;
rc = ldap_result(lc->ld, msgid, 0, &tv, &res))
{
@ -248,11 +235,12 @@ fail:;
Entry ent;
struct berval bdn;
e = ldap_first_entry(lc->ld,res);
if ( ldap_build_entry(be, conn, e, &ent, &bdn, 1) == LDAP_SUCCESS ) {
if ( ldap_build_entry(op->o_bd, op->o_conn, e, &ent, &bdn, 1) == LDAP_SUCCESS ) {
Attribute *a;
count++;
send_search_entry( be, conn, op, &ent, attrs,
attrsonly, NULL );
rs->sr_nentries++;
rs->sr_entry = &ent;
rs->sr_attrs = op->oq_search.rs_attrs;
send_search_entry( op, rs );
while (ent.e_attrs) {
a = ent.e_attrs;
ent.e_attrs = a->a_next;
@ -270,12 +258,10 @@ fail:;
} else if ( rc == LDAP_RES_SEARCH_REFERENCE ) {
char **references = NULL;
LDAPControl **ctrls = NULL;
BerVarray refs;
int cnt;
rc = ldap_parse_reference( lc->ld, res,
&references, &ctrls, 1 );
&references, &rs->sr_ctrls, 1 );
if ( rc != LDAP_SUCCESS ) {
continue;
@ -288,32 +274,33 @@ fail:;
for ( cnt = 0; references[ cnt ]; cnt++ )
/* NO OP */ ;
refs = ch_calloc( cnt + 1, sizeof( struct berval ) );
rs->sr_ref = ch_calloc( cnt + 1, sizeof( struct berval ) );
for ( cnt = 0; references[ cnt ]; cnt++ ) {
refs[ cnt ].bv_val = references[ cnt ];
refs[ cnt ].bv_len = strlen( references[ cnt ] );
rs->sr_ref[ cnt ].bv_val = references[ cnt ];
rs->sr_ref[ cnt ].bv_len = strlen( references[ cnt ] );
}
/* ignore return value by now */
( void )send_search_reference( be, conn, op,
NULL, refs, ctrls, &v2refs );
( void )send_search_reference( op, rs );
/* cleanup */
if ( references ) {
ldap_value_free( references );
ch_free( refs );
ch_free( rs->sr_ref );
rs->sr_ref = NULL;
}
if ( ctrls ) {
ldap_controls_free( ctrls );
if ( rs->sr_ctrls ) {
ldap_controls_free( rs->sr_ctrls );
rs->sr_ctrls = NULL;
}
} else {
rc = ldap_parse_result(lc->ld, res, &sres, &match,
&err, NULL, NULL, 1);
if (rc != LDAP_SUCCESS ) sres = rc;
sres = ldap_back_map_result(sres);
rc = ldap_parse_result(lc->ld, res, &rs->sr_err, &match,
(char **)&rs->sr_text, NULL, NULL, 1);
if (rc != LDAP_SUCCESS ) rs->sr_err = rc;
rs->sr_err = ldap_back_map_result(rs->sr_err);
rc = 0;
break;
}
@ -328,18 +315,18 @@ fail:;
*/
if ( match != NULL ) {
switch ( rewrite_session( li->rwinfo, "matchedDn",
match, conn, &mmatch ) ) {
match, op->o_conn, (char **)&rs->sr_matched ) ) {
case REWRITE_REGEXEC_OK:
if ( mmatch == NULL ) {
mmatch = ( char * )match;
if ( rs->sr_matched == NULL ) {
rs->sr_matched = ( char * )match;
}
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDAP, DETAIL1,
"[rw] matchedDn:" " \"%s\" -> \"%s\"\n", match, mmatch, 0 );
"[rw] matchedDn:" " \"%s\" -> \"%s\"\n", match, rs->sr_matched, 0 );
#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS, "rw> matchedDn:"
" \"%s\" -> \"%s\"\n%s",
match, mmatch, "" );
match, rs->sr_matched, "" );
#endif /* !NEW_LOGGING */
break;
@ -347,51 +334,43 @@ fail:;
case REWRITE_REGEXEC_ERR:
/* FIXME: no error, but no matched ... */
mmatch = NULL;
rs->sr_matched = NULL;
break;
}
}
if ( v2refs ) {
sres = LDAP_REFERRAL;
}
send_search_result( conn, op, sres,
mmatch, err, v2refs, NULL, count );
#else /* !ENABLE_REWRITE */
if ( match != NULL ) {
struct berval dn, mdn;
ber_str2bv(match, 0, 0, &dn);
ldap_back_dn_massage(li, &dn, &mdn, 0, 0);
mmatch = mdn.bv_val;
rs->sr_matched = mdn.bv_val;
}
if ( v2refs ) {
sres = LDAP_REFERRAL;
}
send_search_result( conn, op, sres,
mmatch, err, v2refs, NULL, count );
#endif /* !ENABLE_REWRITE */
if ( rs->sr_v2ref ) {
rs->sr_err = LDAP_REFERRAL;
}
send_search_result( op, rs );
finish:;
if ( match ) {
if ( mmatch != match ) {
free( mmatch );
if ( rs->sr_matched != match ) {
free( (char *)rs->sr_matched );
}
rs->sr_matched = NULL;
LDAP_FREE(match);
}
if ( err ) {
LDAP_FREE( err );
if ( rs->sr_text ) {
LDAP_FREE( (char *)rs->sr_text );
rs->sr_text = NULL;
}
if ( mapped_attrs ) {
ch_free( mapped_attrs );
}
if ( mfilter.bv_val != filterstr->bv_val ) {
if ( mfilter.bv_val != op->oq_search.rs_filterstr.bv_val ) {
ch_free( mfilter.bv_val );
}
if ( mbase.bv_val != base->bv_val ) {
if ( mbase.bv_val != op->o_req_dn.bv_val ) {
free( mbase.bv_val );
}
@ -632,8 +611,6 @@ next_attr:;
*/
int
ldap_back_entry_get(
Backend *be,
Connection *conn,
Operation *op,
struct berval *ndn,
ObjectClass *oc,
@ -642,13 +619,15 @@ ldap_back_entry_get(
Entry **ent
)
{
struct ldapinfo *li = (struct ldapinfo *) be->be_private;
struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private;
struct ldapconn *lc;
int rc = 1, is_oc;
struct berval mapped = { 0, NULL }, bdn;
LDAPMessage *result = NULL, *e = NULL;
char *gattr[3];
char *filter;
Connection *oconn;
SlapReply rs;
ldap_back_map(&li->at_map, &at->ad_cname, &mapped, BACKLDAP_MAP);
if (mapped.bv_val == NULL || mapped.bv_val[0] == '\0') {
@ -658,12 +637,16 @@ ldap_back_entry_get(
/* Tell getconn this is a privileged op */
is_oc = op->o_do_not_cache;
op->o_do_not_cache = 1;
lc = ldap_back_getconn(li, conn, op);
if ( !lc || !ldap_back_dobind(li, lc, NULL, op) ) {
lc = ldap_back_getconn(li, op, &rs);
oconn = op->o_conn;
op->o_conn = NULL;
if ( !lc || !ldap_back_dobind(li, lc, op, &rs) ) {
op->o_do_not_cache = is_oc;
op->o_conn = oconn;
return 1;
}
op->o_do_not_cache = is_oc;
op->o_conn = oconn;
is_oc = (strcasecmp("objectclass", mapped.bv_val) == 0);
if (oc && !is_oc) {
@ -698,7 +681,7 @@ ldap_back_entry_get(
*ent = ch_malloc(sizeof(Entry));
rc = ldap_build_entry(be, conn, e, *ent, &bdn, 0);
rc = ldap_build_entry(op->o_bd, op->o_conn, e, *ent, &bdn, 0);
if (rc != LDAP_SUCCESS) {
ch_free(*ent);

175
servers/slapd/back-ldbm/add.c
View file

@ -18,70 +18,64 @@
int
ldbm_back_add(
Backend *be,
Connection *conn,
Operation *op,
Entry *e
)
SlapReply *rs )
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
struct berval pdn;
Entry *p = NULL;
int rc;
ID id = NOID;
const char *text = NULL;
AttributeDescription *children = slap_schema.si_ad_children;
AttributeDescription *entry = slap_schema.si_ad_entry;
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof textbuf;
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ENTRY, "ldbm_back_add: %s\n", e->e_dn, 0, 0 );
LDAP_LOG( BACK_LDBM, ENTRY, "ldbm_back_add: %s\n", op->o_req_dn.bv_val, 0, 0 );
#else
Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_add: %s\n", e->e_dn, 0, 0);
Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_add: %s\n", op->o_req_dn.bv_val, 0, 0);
#endif
#ifndef LDAP_CACHING
rc = entry_schema_check( be, e, NULL, &text, textbuf, textlen );
rs->sr_err = entry_schema_check( op->o_bd, op->oq_add.rs_e, NULL, &rs->sr_text, textbuf, textlen );
#else /* LDAP_CACHING */
if ( !op->o_caching_on ) {
rc = entry_schema_check( be, e, NULL, &text, textbuf, textlen );
rs->sr_err = entry_schema_check( op->o_bd, op->oq_add.rs_e, NULL, &rs->sr_text, textbuf, textlen );
} else {
rc = LDAP_SUCCESS;
rs->sr_err = LDAP_SUCCESS;
}
#endif /* LDAP_CACHING */
if ( rc != LDAP_SUCCESS ) {
if ( rs->sr_err != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ERR,
"ldbm_back_add: entry (%s) failed schema check.\n", e->e_dn, 0, 0 );
"ldbm_back_add: entry (%s) failed schema check.\n", op->o_req_dn.bv_val, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE, "entry failed schema check: %s\n",
text, 0, 0 );
rs->sr_text, 0, 0 );
#endif
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
send_ldap_result( op, rs );
return( -1 );
}
#ifdef LDAP_CACHING
if ( !op->o_caching_on ) {
#endif /* LDAP_CACHING */
if ( !access_allowed( be, conn, op, e,
if ( !access_allowed( op, op->oq_add.rs_e,
entry, NULL, ACL_WRITE, NULL ) )
{
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ERR,
"ldbm_back_add: No write access to entry (%s).\n",
e->e_dn, 0, 0 );
op->o_req_dn.bv_val, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE, "no write access to entry\n", 0,
0, 0 );
#endif
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
NULL, "no write access to entry", NULL, NULL );
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
"no write access to entry" );
return -1;
}
@ -92,12 +86,11 @@ ldbm_back_add(
/* grab giant lock for writing */
ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock);
if ( ( rc = dn2id( be, &e->e_nname, &id ) ) || id != NOID ) {
/* if (rc) something bad happened to ldbm cache */
if ( ( rs->sr_err = dn2id( op->o_bd, &op->o_req_ndn, &id ) ) || id != NOID ) {
/* if (rs->sr_err) something bad happened to ldbm cache */
ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
send_ldap_result( conn, op,
rc ? LDAP_OTHER : LDAP_ALREADY_EXISTS,
NULL, NULL, NULL, NULL );
rs->sr_err = rs->sr_err ? LDAP_OTHER : LDAP_ALREADY_EXISTS;
send_ldap_result( op, rs );
return( -1 );
}
@ -107,10 +100,10 @@ ldbm_back_add(
* add the entry.
*/
if ( be_issuffix( be, &e->e_nname ) ) {
if ( be_issuffix( op->o_bd, &op->o_req_ndn ) ) {
pdn = slap_empty_bv;
} else {
dnParent( &e->e_nname, &pdn );
dnParent( &op->o_req_ndn, &pdn );
}
#ifndef LDAP_CACHING
@ -122,20 +115,17 @@ ldbm_back_add(
Entry *matched = NULL;
/* get parent with writer lock */
if ( (p = dn2entry_w( be, &pdn, &matched )) == NULL ) {
char *matched_dn = NULL;
BerVarray refs;
if ( (p = dn2entry_w( op->o_bd, &pdn, &matched )) == NULL ) {
if ( matched != NULL ) {
matched_dn = ch_strdup( matched->e_dn );
refs = is_entry_referral( matched )
? get_entry_referrals( be, conn, op, matched )
rs->sr_matched = ch_strdup( matched->e_dn );
rs->sr_ref = is_entry_referral( matched )
? get_entry_referrals( op, matched )
: NULL;
cache_return_entry_r( &li->li_cache, matched );
} else {
refs = referral_rewrite( default_referral,
NULL, &e->e_name, LDAP_SCOPE_DEFAULT );
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
@ -143,23 +133,23 @@ ldbm_back_add(
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ERR,
"ldbm_back_add: Parent of (%s) does not exist.\n",
e->e_dn, 0, 0 );
op->o_req_dn.bv_val, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE, "parent does not exist\n",
0, 0, 0 );
#endif
send_ldap_result( conn, op, LDAP_REFERRAL, matched_dn,
refs == NULL ? "parent does not exist" : "parent is referral",
refs, NULL );
rs->sr_text = rs->sr_ref ? "parent is referral" : "parent does not exist";
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
ber_bvarray_free( refs );
free( matched_dn );
ber_bvarray_free( rs->sr_ref );
free( (char *)rs->sr_matched );
return -1;
}
if ( ! access_allowed( be, conn, op, p,
if ( ! access_allowed( op, p,
children, NULL, ACL_WRITE, NULL ) )
{
/* free parent and writer lock */
@ -169,14 +159,14 @@ ldbm_back_add(
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ERR,
"ldbm_back_add: No write access to parent (%s).\n",
e->e_dn, 0, 0 );
op->o_req_dn.bv_val, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE, "no write access to parent\n", 0,
0, 0 );
#endif
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
NULL, "no write access to parent", NULL, NULL );
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
"no write access to parent" );
return -1;
}
@ -197,17 +187,17 @@ ldbm_back_add(
#endif
send_ldap_result( conn, op, LDAP_ALIAS_PROBLEM,
NULL, "parent is an alias", NULL, NULL );
send_ldap_error( op, rs, LDAP_ALIAS_PROBLEM,
"parent is an alias" );
return -1;
}
if ( is_entry_referral( p ) ) {
/* parent is a referral, don't allow add */
char *matched_dn = ch_strdup( p->e_dn );
BerVarray refs = is_entry_referral( p )
? get_entry_referrals( be, conn, op, p )
rs->sr_matched = ch_strdup( p->e_dn );
rs->sr_ref = is_entry_referral( p )
? get_entry_referrals( op, p )
: NULL;
/* free parent and writer lock */
@ -221,12 +211,11 @@ ldbm_back_add(
Debug( LDAP_DEBUG_TRACE, "parent is referral\n", 0,
0, 0 );
#endif
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
send_ldap_result( conn, op, LDAP_REFERRAL,
matched_dn, NULL, refs, NULL );
ber_bvarray_free( refs );
free( matched_dn );
ber_bvarray_free( rs->sr_ref );
free( (char *)rs->sr_matched );
return -1;
}
@ -242,19 +231,19 @@ ldbm_back_add(
/* no parent, must be adding entry to root */
#ifndef LDAP_CACHING
if ( !be_isroot( be, &op->o_ndn ) )
if ( !be_isroot( op->o_bd, &op->o_ndn ) )
#else /* LDAP_CACHING */
if ( !be_isroot( be, &op->o_ndn ) && !op->o_caching_on )
if ( !be_isroot( op->o_bd, &op->o_ndn ) && !op->o_caching_on )
#endif /* LDAP_CACHING */
{
if ( be_issuffix( be, (struct berval *)&slap_empty_bv ) || be_isupdate( be, &op->o_ndn ) ) {
if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv ) || be_isupdate( op->o_bd, &op->o_ndn ) ) {
p = (Entry *)&slap_entry_root;
rc = access_allowed( be, conn, op, p,
rs->sr_err = access_allowed( op, p,
children, NULL, ACL_WRITE, NULL );
p = NULL;
if ( ! rc ) {
if ( ! rs->sr_err ) {
ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
#ifdef NEW_LOGGING
@ -267,11 +256,9 @@ ldbm_back_add(
0, 0, 0 );
#endif
send_ldap_result( conn, op,
send_ldap_error( op, rs,
LDAP_INSUFFICIENT_ACCESS,
NULL,
"no write access to parent",
NULL, NULL );
"no write access to parent" );
return -1;
}
@ -290,16 +277,15 @@ ldbm_back_add(
: "entry at root", 0, 0 );
#endif
send_ldap_result( conn, op,
LDAP_INSUFFICIENT_ACCESS,
NULL, NULL, NULL, NULL );
send_ldap_error( op, rs,
LDAP_INSUFFICIENT_ACCESS, NULL );
return -1;
}
}
}
if ( next_id( be, &e->e_id ) ) {
if ( next_id( op->o_bd, &op->oq_add.rs_e->e_id ) ) {
if( p != NULL) {
/* free parent and writer lock */
cache_return_entry_w( &li->li_cache, p );
@ -315,8 +301,8 @@ ldbm_back_add(
0, 0, 0 );
#endif
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "next_id add failed", NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER,
"next_id add failed" );
return( -1 );
}
@ -324,9 +310,9 @@ ldbm_back_add(
/*
* Try to add the entry to the cache, assign it a new dnid.
*/
rc = cache_add_entry_rw(&li->li_cache, e, CACHE_WRITE_LOCK);
rs->sr_err = cache_add_entry_rw(&li->li_cache, op->oq_add.rs_e, CACHE_WRITE_LOCK);
if ( rc != 0 ) {
if ( rs->sr_err != 0 ) {
if( p != NULL) {
/* free parent and writer lock */
cache_return_entry_w( &li->li_cache, p );
@ -342,17 +328,17 @@ ldbm_back_add(
0 );
#endif
send_ldap_result( conn, op,
rc > 0 ? LDAP_ALREADY_EXISTS : LDAP_OTHER,
NULL, rc > 0 ? NULL : "cache add failed", NULL, NULL );
rs->sr_text = rs->sr_err > 0 ? NULL : "cache add failed";
rs->sr_err = rs->sr_err > 0 ? LDAP_ALREADY_EXISTS : LDAP_OTHER;
send_ldap_result( op, rs );
return( -1 );
}
rc = -1;
rs->sr_err = -1;
/* attribute indexes */
if ( index_entry_add( be, e, e->e_attrs ) != LDAP_SUCCESS ) {
if ( index_entry_add( op->o_bd, op->oq_add.rs_e ) != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ERR,
"ldbm_back_add: index_entry_add failed.\n", 0, 0, 0 );
@ -361,14 +347,14 @@ ldbm_back_add(
0, 0 );
#endif
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "index generation failed", NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER,
"index generation failed" );
goto return_results;
}
/* dn2id index */
if ( dn2id_add( be, &e->e_nname, e->e_id ) != 0 ) {
if ( dn2id_add( op->o_bd, &op->oq_add.rs_e->e_nname, op->oq_add.rs_e->e_id ) != 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ERR,
"ldbm_back_add: dn2id_add failed.\n", 0, 0, 0 );
@ -378,14 +364,14 @@ ldbm_back_add(
#endif
/* FIXME: delete attr indices? */
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "DN index generation failed", NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER,
"DN index generation failed" );
goto return_results;
}
/* id2entry index */
if ( id2entry_add( be, e ) != 0 ) {
if ( id2entry_add( op->o_bd, op->oq_add.rs_e ) != 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ERR,
"ldbm_back_add: id2entry_add failed.\n", 0, 0, 0 );
@ -395,22 +381,21 @@ ldbm_back_add(
#endif
/* FIXME: delete attr indices? */
(void) dn2id_delete( be, &e->e_nname, e->e_id );
(void) dn2id_delete( op->o_bd, &op->oq_add.rs_e->e_nname, op->oq_add.rs_e->e_id );
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "entry store failed", NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER,
"entry store failed" );
goto return_results;
}
send_ldap_result( conn, op, LDAP_SUCCESS,
NULL, NULL, NULL, NULL );
rs->sr_err = LDAP_SUCCESS;
send_ldap_result( op, rs );
/* marks the entry as committed, so it is added to the cache;
* otherwise it is removed from the cache, but not destroyed;
* it will be destroyed by the caller */
rc = 0;
cache_entry_commit( e );
cache_entry_commit( op->oq_add.rs_e );
return_results:;
if (p != NULL) {
@ -418,15 +403,15 @@ return_results:;
cache_return_entry_w( &li->li_cache, p );
}
if ( rc ) {
if ( rs->sr_err ) {
/*
* in case of error, writer lock is freed
* and entry's private data is destroyed.
* otherwise, this is done when entry is released
*/
cache_return_entry_w( &li->li_cache, e );
cache_return_entry_w( &li->li_cache, op->oq_add.rs_e );
ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
}
return( rc );
return( rs->sr_err );
}

141
servers/slapd/back-ldbm/bind.c
View file

@ -20,17 +20,10 @@
int
ldbm_back_bind(
Backend *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn,
int method,
struct berval *cred,
struct berval *edn
)
SlapReply *rs )
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
Entry *e;
Attribute *a;
int rc;
@ -45,68 +38,53 @@ ldbm_back_bind(
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ENTRY,
"ldbm_back_bind: dn: %s.\n", dn->bv_val, 0, 0 );
"ldbm_back_bind: dn: %s.\n", op->o_req_dn.bv_val, 0, 0 );
#else
Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_bind: dn: %s\n", dn->bv_val, 0, 0);
Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_bind: dn: %s\n", op->o_req_dn.bv_val, 0, 0);
#endif
dn = ndn;
if ( op->oq_bind.rb_method == LDAP_AUTH_SIMPLE && be_isroot_pw( op ) ) {
ber_dupbv( &op->oq_bind.rb_edn, be_root_dn( op->o_bd ) );
/* front end will send result */
return LDAP_SUCCESS;
}
/* grab giant lock for reading */
ldap_pvt_thread_rdwr_rlock(&li->li_giant_rwlock);
/* get entry with reader lock */
if ( (e = dn2entry_r( be, dn, &matched )) == NULL ) {
char *matched_dn = NULL;
BerVarray refs = NULL;
if ( (e = dn2entry_r( op->o_bd, &op->o_req_ndn, &matched )) == NULL ) {
if( matched != NULL ) {
matched_dn = ch_strdup( matched->e_dn );
rs->sr_matched = ch_strdup( matched->e_dn );
refs = is_entry_referral( matched )
? get_entry_referrals( be, conn, op, matched )
rs->sr_ref = is_entry_referral( matched )
? get_entry_referrals( op, matched )
: NULL;
cache_return_entry_r( &li->li_cache, matched );
} else {
refs = referral_rewrite( default_referral,
NULL, dn, LDAP_SCOPE_DEFAULT );
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
/* allow noauth binds */
rc = 1;
if ( method == LDAP_AUTH_SIMPLE ) {
if ( be_isroot_pw( be, conn, dn, cred ) ) {
ber_dupbv( edn, be_root_dn( be ) );
rc = 0; /* front end will send result */
} else if ( refs != NULL ) {
send_ldap_result( conn, op, LDAP_REFERRAL,
matched_dn, NULL, refs, NULL );
} else {
send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
NULL, NULL, NULL, NULL );
}
} else if ( refs != NULL ) {
send_ldap_result( conn, op, LDAP_REFERRAL,
matched_dn, NULL, refs, NULL );
if ( rs->sr_ref != NULL ) {
rs->sr_err = LDAP_REFERRAL;
} else {
send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
NULL, NULL, NULL, NULL );
rs->sr_err = LDAP_INVALID_CREDENTIALS;
}
send_ldap_result( op, rs );
if ( refs ) ber_bvarray_free( refs );
if ( matched_dn ) free( matched_dn );
if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
if ( rs->sr_matched ) free( (char *)rs->sr_matched );
return( rc );
}
ber_dupbv( edn, &e->e_name );
ber_dupbv( &op->oq_bind.rb_edn, &e->e_name );
/* check for deleted */
@ -114,15 +92,15 @@ ldbm_back_bind(
/* entry is an alias, don't allow bind */
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, INFO,
"ldbm_back_bind: entry (%s) is an alias.\n", e->e_dn, 0, 0 );
"ldbm_back_bind: entry (%s) is an alias.\n", e->e_name.bv_val, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0,
0, 0 );
#endif
send_ldap_result( conn, op, LDAP_ALIAS_PROBLEM,
NULL, "entry is alias", NULL, NULL );
send_ldap_error( op, rs, LDAP_ALIAS_PROBLEM,
"entry is alias" );
rc = 1;
goto return_results;
@ -130,8 +108,7 @@ ldbm_back_bind(
if ( is_entry_referral( e ) ) {
/* entry is a referral, don't allow bind */
BerVarray refs = get_entry_referrals( be,
conn, op, e );
rs->sr_ref = get_entry_referrals( op, e );
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, INFO,
@ -142,53 +119,41 @@ ldbm_back_bind(
#endif
if( refs != NULL ) {
send_ldap_result( conn, op, LDAP_REFERRAL,
e->e_dn, NULL, refs, NULL );
if( rs->sr_ref != NULL ) {
rs->sr_err = LDAP_REFERRAL;
rs->sr_matched = e->e_name.bv_val;
} else {
send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
NULL, NULL, NULL, NULL );
rs->sr_err = LDAP_INVALID_CREDENTIALS;
}
send_ldap_result( op, rs );
ber_bvarray_free( refs );
ber_bvarray_free( rs->sr_ref );
rc = 1;
goto return_results;
}
switch ( method ) {
switch ( op->oq_bind.rb_method ) {
case LDAP_AUTH_SIMPLE:
/* check for root dn/passwd */
if ( be_isroot_pw( be, conn, dn, cred ) ) {
/* front end will send result */
if(edn->bv_val != NULL) free( edn->bv_val );
ber_dupbv( edn, be_root_dn( be ) );
rc = 0;
goto return_results;
}
if ( ! access_allowed( be, conn, op, e,
if ( ! access_allowed( op, e,
password, NULL, ACL_AUTH, NULL ) )
{
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
NULL, NULL, NULL, NULL );
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
rc = 1;
goto return_results;
}
if ( (a = attr_find( e->e_attrs, password )) == NULL ) {
send_ldap_result( conn, op, LDAP_INAPPROPRIATE_AUTH,
NULL, NULL, NULL, NULL );
send_ldap_error( op, rs, LDAP_INAPPROPRIATE_AUTH, NULL );
/* stop front end from sending result */
rc = 1;
goto return_results;
}
if ( slap_passwd_check( conn, a, cred ) != 0 ) {
send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
NULL, NULL, NULL, NULL );
if ( slap_passwd_check( op->o_conn, a, &op->oq_bind.rb_cred ) != 0 ) {
send_ldap_error( op, rs, LDAP_INVALID_CREDENTIALS, NULL );
/* stop front end from sending result */
rc = 1;
goto return_results;
@ -199,18 +164,17 @@ ldbm_back_bind(
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
case LDAP_AUTH_KRBV41:
if ( krbv4_ldap_auth( be, cred, &ad ) != LDAP_SUCCESS ) {
send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
NULL, NULL, NULL, NULL );
if ( krbv4_ldap_auth( op->o_bd, &op->oq_bind.rb_cred, &ad ) != LDAP_SUCCESS ) {
send_ldap_error( op, rs, LDAP_INVALID_CREDENTIALS, NULL );
rc = 1;
goto return_results;
}
if ( ! access_allowed( be, conn, op, e,
if ( ! access_allowed( op, e,
krbattr, NULL, ACL_AUTH, NULL ) )
{
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
NULL, NULL, NULL, NULL );
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
NULL );
rc = 1;
goto return_results;
}
@ -222,12 +186,11 @@ ldbm_back_bind(
/*
* no krbname values present: check against DN
*/
if ( strcasecmp( dn->bv_val, krbname ) == 0 ) {
if ( strcasecmp( op->o_req_dn.bv_val, krbname ) == 0 ) {
rc = 0;
break;
}
send_ldap_result( conn, op, LDAP_INAPPROPRIATE_AUTH,
NULL, NULL, NULL, NULL );
send_ldap_error( op, rs, LDAP_INAPPROPRIATE_AUTH, NULL );
rc = 1;
goto return_results;
@ -238,9 +201,8 @@ ldbm_back_bind(
krbval.bv_len = strlen( krbname );
if ( value_find( a->a_desc, a->a_vals, &krbval ) != 0 ) {
send_ldap_result( conn, op,
LDAP_INVALID_CREDENTIALS,
NULL, NULL, NULL, NULL );
send_ldap_error( op, rs,
LDAP_INVALID_CREDENTIALS, NULL );
rc = 1;
goto return_results;
}
@ -249,17 +211,16 @@ ldbm_back_bind(
break;
case LDAP_AUTH_KRBV42:
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
NULL, "Kerberos bind step 2 not supported",
NULL, NULL );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"Kerberos bind step 2 not supported" );
/* stop front end from sending result */
rc = LDAP_UNWILLING_TO_PERFORM;
goto return_results;
#endif
default:
send_ldap_result( conn, op, LDAP_STRONG_AUTH_NOT_SUPPORTED,
NULL, "authentication method not supported", NULL, NULL );
send_ldap_error( op, rs, LDAP_STRONG_AUTH_NOT_SUPPORTED,
"authentication method not supported" );
rc = 1;
goto return_results;
}

82
servers/slapd/back-ldbm/compare.c
View file

@ -18,55 +18,45 @@
int
ldbm_back_compare(
Backend *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn,
AttributeAssertion *ava
)
Operation *op,
SlapReply *rs )
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
Entry *matched;
Entry *e;
Attribute *a;
int rc;
int manageDSAit = get_manageDSAit( op );
/* grab giant lock for reading */
ldap_pvt_thread_rdwr_rlock(&li->li_giant_rwlock);
/* get entry with reader lock */
if ( (e = dn2entry_r( be, ndn, &matched )) == NULL ) {
char *matched_dn = NULL;
BerVarray refs = NULL;
if ( (e = dn2entry_r( op->o_bd, &op->o_req_ndn, &matched )) == NULL ) {
if ( matched != NULL ) {
matched_dn = ch_strdup( matched->e_dn );
refs = is_entry_referral( matched )
? get_entry_referrals( be, conn, op, matched )
rs->sr_matched = ch_strdup( matched->e_dn );
rs->sr_ref = is_entry_referral( matched )
? get_entry_referrals( op, matched )
: NULL;
cache_return_entry_r( &li->li_cache, matched );
} else {
refs = referral_rewrite( default_referral,
NULL, dn, LDAP_SCOPE_DEFAULT );
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
send_ldap_result( conn, op, LDAP_REFERRAL,
matched_dn, NULL, refs, NULL );
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
if ( refs ) ber_bvarray_free( refs );
free( matched_dn );
if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
free( (char *)rs->sr_matched );
return( 1 );
}
if (!manageDSAit && is_entry_referral( e ) ) {
/* entry is a referral, don't allow add */
BerVarray refs = get_entry_referrals( be,
conn, op, e );
rs->sr_ref = get_entry_referrals( op, e );
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, INFO,
@ -77,56 +67,56 @@ ldbm_back_compare(
#endif
send_ldap_result( conn, op, LDAP_REFERRAL,
e->e_dn, NULL, refs, NULL );
rs->sr_err = LDAP_REFERRAL;
rs->sr_matched = e->e_name.bv_val;
send_ldap_result( op, rs );
if (refs ) ber_bvarray_free( refs );
if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
rc = 1;
rs->sr_err = 1;
goto return_results;
}
if ( ! access_allowed( be, conn, op, e,
ava->aa_desc, &ava->aa_value, ACL_COMPARE, NULL ) )
if ( ! access_allowed( op, e,
op->oq_compare.rs_ava->aa_desc, &op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL ) )
{
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
NULL, NULL, NULL, NULL );
rc = 1;
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
NULL );
rs->sr_err = 1;
goto return_results;
}
rc = LDAP_NO_SUCH_ATTRIBUTE;
rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
for(a = attrs_find( e->e_attrs, ava->aa_desc );
for(a = attrs_find( e->e_attrs, op->oq_compare.rs_ava->aa_desc );
a != NULL;
a = attrs_find( a->a_next, ava->aa_desc ))
a = attrs_find( a->a_next, op->oq_compare.rs_ava->aa_desc ))
{
rc = LDAP_COMPARE_FALSE;
rs->sr_err = LDAP_COMPARE_FALSE;
#ifdef SLAP_NVALUES
if ( value_find_ex( ava->aa_desc,
if ( value_find_ex( op->oq_compare.rs_ava->aa_desc,
SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
a->a_nvals, &ava->aa_value ) == 0 )
a->a_nvals, &op->oq_compare.rs_ava->aa_value ) == 0 )
#else
if ( value_find( ava->aa_desc, a->a_vals, &ava->aa_value ) == 0 )
if ( value_find( op->oq_compare.rs_ava->aa_desc, a->a_vals, &op->oq_compare.rs_ava->aa_value ) == 0 )
#endif
{
rc = LDAP_COMPARE_TRUE;
rs->sr_err = LDAP_COMPARE_TRUE;
break;
}
}
send_ldap_result( conn, op, rc,
NULL, NULL, NULL, NULL );
send_ldap_result( op, rs );
if( rc != LDAP_NO_SUCH_ATTRIBUTE ) {
rc = 0;
if( rs->sr_err != LDAP_NO_SUCH_ATTRIBUTE ) {
rs->sr_err = 0;
}
return_results:;
cache_return_entry_r( &li->li_cache, e );
ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
return( rc );
return( rs->sr_err );
}

125
servers/slapd/back-ldbm/delete.c
View file

@ -18,14 +18,10 @@
int
ldbm_back_delete(
Backend *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn
)
SlapReply *rs )
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
Entry *matched;
struct berval pdn;
Entry *e, *p = NULL;
@ -35,46 +31,43 @@ ldbm_back_delete(
AttributeDescription *entry = slap_schema.si_ad_entry;
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ENTRY, "ldbm_back_delete: %s\n", dn->bv_val, 0, 0 );
LDAP_LOG( BACK_LDBM, ENTRY, "ldbm_back_delete: %s\n", op->o_req_dn.bv_val, 0, 0 );
#else
Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_delete: %s\n", dn->bv_val, 0, 0);
Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_delete: %s\n", op->o_req_dn.bv_val, 0, 0);
#endif
/* grab giant lock for writing */
ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock);
/* get entry with writer lock */
if ( (e = dn2entry_w( be, ndn, &matched )) == NULL ) {
char *matched_dn = NULL;
BerVarray refs;
if ( (e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched )) == NULL ) {
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, INFO,
"ldbm_back_delete: no such object %s\n", dn->bv_val, 0, 0 );
"ldbm_back_delete: no such object %s\n", op->o_req_dn.bv_val, 0, 0 );
#else
Debug(LDAP_DEBUG_ARGS, "<=- ldbm_back_delete: no such object %s\n",
dn->bv_val, 0, 0);
op->o_req_dn.bv_val, 0, 0);
#endif
if ( matched != NULL ) {
matched_dn = ch_strdup( matched->e_dn );
refs = is_entry_referral( matched )
? get_entry_referrals( be, conn, op, matched )
rs->sr_matched = ch_strdup( matched->e_dn );
rs->sr_ref = is_entry_referral( matched )
? get_entry_referrals( op, matched )
: NULL;
cache_return_entry_r( &li->li_cache, matched );
} else {
refs = referral_rewrite( default_referral,
NULL, dn, LDAP_SCOPE_DEFAULT );
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
send_ldap_result( conn, op, LDAP_REFERRAL,
matched_dn, NULL, refs, NULL );
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
if ( refs ) ber_bvarray_free( refs );
free( matched_dn );
if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
free( (char *)rs->sr_matched );
return( -1 );
}
@ -83,21 +76,21 @@ ldbm_back_delete(
#ifdef LDAP_CACHING
if( !op->o_caching_on ) {
#endif /* LDAP_CACHING */
if ( ! access_allowed( be, conn, op, e,
if ( ! access_allowed( op, e,
entry, NULL, ACL_WRITE, NULL ) )
{
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ERR,
"ldbm_back_delete: no write access to entry of (%s)\n",
dn->bv_val, 0, 0 );
op->o_req_dn.bv_val, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"<=- ldbm_back_delete: no write access to entry\n", 0,
0, 0 );
#endif
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
NULL, "no write access to entry", NULL, NULL );
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
"no write access to entry" );
rc = 1;
goto return_results;
@ -106,8 +99,7 @@ ldbm_back_delete(
if ( !manageDSAit && is_entry_referral( e ) ) {
/* parent is a referral, don't allow add */
/* parent is an alias, don't allow add */
BerVarray refs = get_entry_referrals( be,
conn, op, e );
rs->sr_ref = get_entry_referrals( op, e );
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, INFO,
@ -117,73 +109,74 @@ ldbm_back_delete(
0, 0 );
#endif
send_ldap_result( conn, op, LDAP_REFERRAL,
e->e_dn, NULL, refs, NULL );
rs->sr_err = LDAP_REFERRAL;
rs->sr_matched = e->e_name.bv_val;
send_ldap_result( op, rs );
if ( refs ) ber_bvarray_free( refs );
if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
rc = 1;
goto return_results;
}
if ( has_children( be, e ) ) {
if ( has_children( op->o_bd, e ) ) {
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ERR,
"ldbm_back_delete: (%s) is a non-leaf node.\n", dn->bv_val, 0,0);
"ldbm_back_delete: (%s) is a non-leaf node.\n", op->o_req_dn.bv_val, 0,0);
#else
Debug(LDAP_DEBUG_ARGS, "<=- ldbm_back_delete: non leaf %s\n",
dn->bv_val, 0, 0);
op->o_req_dn.bv_val, 0, 0);
#endif
send_ldap_result( conn, op, LDAP_NOT_ALLOWED_ON_NONLEAF,
NULL, "subtree delete not supported", NULL, NULL );
send_ldap_error( op, rs, LDAP_NOT_ALLOWED_ON_NONLEAF,
"subtree delete not supported" );
goto return_results;
}
/* delete from parent's id2children entry */
if( !be_issuffix( be, &e->e_nname ) && (dnParent( &e->e_nname, &pdn ),
if( !be_issuffix( op->o_bd, &e->e_nname ) && (dnParent( &e->e_nname, &pdn ),
pdn.bv_len) ) {
if( (p = dn2entry_w( be, &pdn, NULL )) == NULL) {
if( (p = dn2entry_w( op->o_bd, &pdn, NULL )) == NULL) {
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ERR,
"ldbm_back_delete: parent of (%s) does not exist\n", dn, 0, 0 );
"ldbm_back_delete: parent of (%s) does not exist\n", op->o_req_dn. 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"<=- ldbm_back_delete: parent does not exist\n",
0, 0, 0);
#endif
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "could not locate parent of entry", NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER,
"could not locate parent of entry" );
goto return_results;
}
/* check parent for "children" acl */
if ( ! access_allowed( be, conn, op, p,
if ( ! access_allowed( op, p,
children, NULL, ACL_WRITE, NULL ) )
{
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ERR,
"ldbm_back_delete: no access to parent of (%s)\n",
dn->bv_val, 0, 0 );
op->o_req_dn.bv_val, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"<=- ldbm_back_delete: no access to parent\n", 0,
0, 0 );
#endif
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
NULL, "no write access to parent", NULL, NULL );
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
"no write access to parent" );
goto return_results;
}
} else {
/* no parent, must be root to delete */
if( ! be_isroot( be, &op->o_ndn ) ) {
if ( be_issuffix( be, (struct berval *)&slap_empty_bv ) || be_isupdate( be, &op->o_ndn ) ) {
if( ! be_isroot( op->o_bd, &op->o_ndn ) ) {
if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv ) || be_isupdate( op->o_bd, &op->o_ndn ) ) {
p = (Entry *)&slap_entry_root;
rc = access_allowed( be, conn, op, p,
rc = access_allowed( op, p,
children, NULL, ACL_WRITE, NULL );
p = NULL;
@ -199,8 +192,8 @@ ldbm_back_delete(
"access to parent\n", 0, 0, 0 );
#endif
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
NULL, "no write access to parent", NULL, NULL );
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
"no write access to parent" );
goto return_results;
}
@ -215,9 +208,9 @@ ldbm_back_delete(
"not root\n", 0, 0, 0);
#endif
send_ldap_result( conn, op,
send_ldap_error( op, rs,
LDAP_INSUFFICIENT_ACCESS,
NULL, NULL, NULL, NULL );
NULL );
goto return_results;
}
}
@ -227,42 +220,42 @@ ldbm_back_delete(
#endif /* LDAP_CACHING */
/* delete from dn2id mapping */
if ( dn2id_delete( be, &e->e_nname, e->e_id ) != 0 ) {
if ( dn2id_delete( op->o_bd, &e->e_nname, e->e_id ) != 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ERR,
"ldbm_back_delete: (%s) operations error\n", dn->bv_val, 0, 0 );
"ldbm_back_delete: (%s) operations error\n", op->o_req_dn.bv_val, 0, 0 );
#else
Debug(LDAP_DEBUG_ARGS,
"<=- ldbm_back_delete: operations error %s\n",
dn->bv_val, 0, 0);
op->o_req_dn.bv_val, 0, 0);
#endif
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "DN index delete failed", NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER,
"DN index delete failed" );
goto return_results;
}
/* delete from disk and cache */
if ( id2entry_delete( be, e ) != 0 ) {
if ( id2entry_delete( op->o_bd, e ) != 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ERR,
"ldbm_back_delete: (%s) operations error\n", dn->bv_val, 0, 0 );
"ldbm_back_delete: (%s) operations error\n", op->o_req_dn.bv_val, 0, 0 );
#else
Debug(LDAP_DEBUG_ARGS,
"<=- ldbm_back_delete: operations error %s\n",
dn->bv_val, 0, 0);
op->o_req_dn.bv_val, 0, 0);
#endif
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "entry delete failed", NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER,
"entry delete failed" );
goto return_results;
}
/* delete attribute indices */
(void) index_entry_del( be, e, e->e_attrs );
(void) index_entry_del( op->o_bd, e );
send_ldap_result( conn, op, LDAP_SUCCESS,
NULL, NULL, NULL, NULL );
rs->sr_err = LDAP_SUCCESS;
send_ldap_result( op, rs );
rc = 0;
return_results:;

10
servers/slapd/back-ldbm/entry.c
View file

@ -19,14 +19,12 @@
int
ldbm_back_entry_release_rw(
Backend *be,
Connection *conn,
Operation *op,
Entry *e,
int rw
)
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
if ( slapMode == SLAP_SERVER_MODE ) {
/* free entry and reader or writer lock */
@ -54,8 +52,6 @@ ldbm_back_entry_release_rw(
/* return LDAP_SUCCESS IFF we can retrieve the specified entry.
*/
int ldbm_back_entry_get(
BackendDB *be,
Connection *c,
Operation *op,
struct berval *ndn,
ObjectClass *oc,
@ -63,7 +59,7 @@ int ldbm_back_entry_get(
int rw,
Entry **ent )
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
Entry *e;
int rc;
const char *at_name = at->ad_cname.bv_val;
@ -85,7 +81,7 @@ int ldbm_back_entry_get(
/* don't grab the giant lock - our caller has already gotten it. */
/* can we find entry */
e = dn2entry_rw( be, ndn, NULL, rw );
e = dn2entry_rw( op->o_bd, ndn, NULL, rw );
if (e == NULL) {
#ifdef NEW_LOGGING
LDAP_LOG( BACK_BDB, INFO,

23
servers/slapd/back-ldbm/extended.c
View file

@ -27,31 +27,18 @@ struct exop {
int
ldbm_back_extended(
Backend *be,
Connection *conn,
Operation *op,
struct berval *reqoid,
struct berval *reqdata,
char **rspoid,
struct berval **rspdata,
LDAPControl *** rspctrls,
const char** text,
BerVarray *refs
)
Operation *op,
SlapReply *rs )
{
int i;
for( i=0; exop_table[i].extended != NULL; i++ ) {
if( ber_bvcmp( exop_table[i].oid, reqoid ) == 0 ) {
return (exop_table[i].extended)(
be, conn, op,
reqoid, reqdata,
rspoid, rspdata, rspctrls,
text, refs );
if( ber_bvcmp( exop_table[i].oid, &op->oq_extended.rs_reqoid ) == 0 ) {
return exop_table[i].extended( op, rs );
}
}
*text = "not supported within naming context";
rs->sr_text = "not supported within naming context";
return LDAP_UNWILLING_TO_PERFORM;
}

6
servers/slapd/back-ldbm/index.c
View file

@ -292,11 +292,11 @@ int index_values(
int
index_entry(
Backend *be,
Backend *be,
int op,
Entry *e,
Attribute *ap )
Entry *e )
{
Attribute *ap = e->e_attrs;
#ifdef NEW_LOGGING
LDAP_LOG( INDEX, ENTRY,
"index_entry: %s (%s)%ld\n", op == SLAP_INDEX_ADD_OP ? "add" : "del",

87
servers/slapd/back-ldbm/modify.c
View file

@ -23,10 +23,7 @@
* Juan C. Gomez (gomez@engr.sgi.com) 05/18/99
*/
int ldbm_modify_internal(
Backend *be,
Connection *conn,
Operation *op,
const char *dn,
Modifications *modlist,
Entry *e,
const char **text,
@ -41,13 +38,13 @@ int ldbm_modify_internal(
Attribute *ap;
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ENTRY, "ldbm_modify_internal: %s\n", dn, 0, 0 );
LDAP_LOG( BACK_LDBM, ENTRY, "ldbm_modify_internal: %s\n", e->e_name.bv_val, 0, 0 );
#else
Debug(LDAP_DEBUG_TRACE, "ldbm_modify_internal: %s\n", dn, 0, 0);
Debug(LDAP_DEBUG_TRACE, "ldbm_modify_internal: %s\n", e->e_name.bv_val, 0, 0);
#endif
if ( !acl_check_modlist( be, conn, op, e, modlist )) {
if ( !acl_check_modlist( op, e, modlist )) {
return LDAP_INSUFFICIENT_ACCESS;
}
@ -179,7 +176,7 @@ int ldbm_modify_internal(
}
/* check if modified attribute was indexed */
rc = index_is_indexed( be, mod->sm_desc );
rc = index_is_indexed( op->o_bd, mod->sm_desc );
if ( rc == LDAP_SUCCESS ) {
ap = attr_find( save_attrs, mod->sm_desc );
if ( ap ) ap->a_flags |= SLAP_ATTR_IXDEL;
@ -191,10 +188,10 @@ int ldbm_modify_internal(
/* check that the entry still obeys the schema */
#ifndef LDAP_CACHING
rc = entry_schema_check( be, e, save_attrs, text, textbuf, textlen );
rc = entry_schema_check( op->o_bd, e, save_attrs, text, textbuf, textlen );
#else /* LDAP_CACHING */
if ( !op->o_caching_on ) {
rc = entry_schema_check( be, e, save_attrs,
rc = entry_schema_check( op->o_bd, e, save_attrs,
text, textbuf, textlen );
} else {
rc = LDAP_SUCCESS;
@ -225,7 +222,7 @@ int ldbm_modify_internal(
/* start with deleting the old index entries */
for ( ap = save_attrs; ap != NULL; ap = ap->a_next ) {
if ( ap->a_flags & SLAP_ATTR_IXDEL ) {
rc = index_values( be, ap->a_desc,
rc = index_values( op->o_bd, ap->a_desc,
#ifdef SLAP_NVALUES
ap->a_nvals,
#else
@ -251,7 +248,7 @@ int ldbm_modify_internal(
/* add the new index entries */
for ( ap = e->e_attrs; ap != NULL; ap = ap->a_next ) {
if ( ap->a_flags & SLAP_ATTR_IXADD ) {
rc = index_values( be, ap->a_desc,
rc = index_values( op->o_bd, ap->a_desc,
#ifdef SLAP_NVALUES
ap->a_nvals,
#else
@ -290,20 +287,13 @@ exit:
int
ldbm_back_modify(
Backend *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn,
Modifications *modlist
)
SlapReply *rs )
{
int rc;
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
Entry *matched;
Entry *e;
int manageDSAit = get_manageDSAit( op );
const char *text = NULL;
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof textbuf;
@ -317,27 +307,24 @@ ldbm_back_modify(
ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock);
/* acquire and lock entry */
if ( (e = dn2entry_w( be, ndn, &matched )) == NULL ) {
char* matched_dn = NULL;
BerVarray refs;
if ( (e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched )) == NULL ) {
if ( matched != NULL ) {
matched_dn = ch_strdup( matched->e_dn );
refs = is_entry_referral( matched )
? get_entry_referrals( be, conn, op, matched )
rs->sr_matched = ch_strdup( matched->e_dn );
rs->sr_ref = is_entry_referral( matched )
? get_entry_referrals( op, matched )
: NULL;
cache_return_entry_r( &li->li_cache, matched );
} else {
refs = referral_rewrite( default_referral,
NULL, dn, LDAP_SCOPE_DEFAULT );
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
send_ldap_result( conn, op, LDAP_REFERRAL,
matched_dn, NULL, refs, NULL );
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
if ( refs ) ber_bvarray_free( refs );
free( matched_dn );
if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
free( (char *)rs->sr_matched );
return( -1 );
}
@ -350,48 +337,46 @@ ldbm_back_modify(
{
/* parent is a referral, don't allow add */
/* parent is an alias, don't allow add */
BerVarray refs = get_entry_referrals( be,
conn, op, e );
rs->sr_ref = get_entry_referrals( op, e );
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, INFO,
"ldbm_back_modify: entry (%s) is referral\n", ndn->bv_val, 0, 0 );
"ldbm_back_modify: entry (%s) is referral\n", op->o_req_ndn.bv_val, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0,
0, 0 );
#endif
rs->sr_err = LDAP_REFERRAL;
rs->sr_matched = e->e_name.bv_val;
send_ldap_result( op, rs );
send_ldap_result( conn, op, LDAP_REFERRAL,
e->e_dn, NULL, refs, NULL );
if ( refs ) ber_bvarray_free( refs );
if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
goto error_return;
}
/* Modify the entry */
rc = ldbm_modify_internal( be, conn, op, ndn->bv_val, modlist, e,
&text, textbuf, textlen );
rs->sr_err = ldbm_modify_internal( op, op->oq_modify.rs_modlist, e,
&rs->sr_text, textbuf, textlen );
if( rc != LDAP_SUCCESS ) {
if( rc != SLAPD_ABANDON ) {
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
if( rs->sr_err != LDAP_SUCCESS ) {
if( rs->sr_err != SLAPD_ABANDON ) {
send_ldap_result( op, rs );
}
goto error_return;
}
/* change the entry itself */
if ( id2entry_add( be, e ) != 0 ) {
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "id2entry failure", NULL, NULL );
if ( id2entry_add( op->o_bd, e ) != 0 ) {
send_ldap_error( op, rs, LDAP_OTHER,
"id2entry failure" );
goto error_return;
}
send_ldap_result( conn, op, LDAP_SUCCESS,
NULL, NULL, NULL, NULL );
send_ldap_error( op, rs, LDAP_SUCCESS,
NULL );
cache_return_entry_w( &li->li_cache, e );
ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);

198
servers/slapd/back-ldbm/modrdn.c
View file

@ -34,21 +34,12 @@
int
ldbm_back_modrdn(
Backend *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn,
struct berval *newrdn,
struct berval *nnewrdn,
int deleteoldrdn,
struct berval *newSuperior,
struct berval *nnewSuperior
)
SlapReply *rs )
{
AttributeDescription *children = slap_schema.si_ad_children;
AttributeDescription *entry = slap_schema.si_ad_entry;
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
struct berval p_dn, p_ndn;
struct berval new_dn = { 0, NULL}, new_ndn = { 0, NULL };
Entry *e, *p = NULL;
@ -76,48 +67,45 @@ ldbm_back_modrdn(
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ENTRY,
"ldbm_back_modrdn: dn: %s newSuperior=%s\n",
dn->bv_len ? dn->bv_val : "NULL",
( newSuperior && newSuperior->bv_len ) ? newSuperior->bv_val : "NULL",0 );
op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "NULL",
( op->oq_modrdn.rs_newSup && op->oq_modrdn.rs_newSup->bv_len ) ? op->oq_modrdn.rs_newSup->bv_val : "NULL",0 );
#else
Debug( LDAP_DEBUG_TRACE,
"==>ldbm_back_modrdn: dn: %s newSuperior=%s\n",
dn->bv_len ? dn->bv_val : "NULL",
( newSuperior && newSuperior->bv_len )
? newSuperior->bv_val : "NULL", 0 );
op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "NULL",
( op->oq_modrdn.rs_newSup && op->oq_modrdn.rs_newSup->bv_len )
? op->oq_modrdn.rs_newSup->bv_val : "NULL", 0 );
#endif
/* grab giant lock for writing */
ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock);
/* get entry with writer lock */
if ( (e = dn2entry_w( be, ndn, &matched )) == NULL ) {
char* matched_dn = NULL;
BerVarray refs;
if ( (e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched )) == NULL ) {
if( matched != NULL ) {
matched_dn = strdup( matched->e_dn );
refs = is_entry_referral( matched )
? get_entry_referrals( be, conn, op, matched )
rs->sr_matched = strdup( matched->e_dn );
rs->sr_ref = is_entry_referral( matched )
? get_entry_referrals( op, matched )
: NULL;
cache_return_entry_r( &li->li_cache, matched );
} else {
refs = referral_rewrite( default_referral,
NULL, dn, LDAP_SCOPE_DEFAULT );
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
send_ldap_result( conn, op, LDAP_REFERRAL,
matched_dn, NULL, refs, NULL );
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
if ( refs ) ber_bvarray_free( refs );
free( matched_dn );
if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
free( (char *)rs->sr_matched );
return( -1 );
}
/* check entry for "entry" acl */
if ( ! access_allowed( be, conn, op, e,
if ( ! access_allowed( op, e,
entry, NULL, ACL_WRITE, NULL ) )
{
#ifdef NEW_LOGGING
@ -130,8 +118,8 @@ ldbm_back_modrdn(
0, 0 );
#endif
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
NULL, "no write access to entry", NULL, NULL );
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
"no write access to entry" );
goto return_results;
}
@ -139,8 +127,7 @@ ldbm_back_modrdn(
if (!manageDSAit && is_entry_referral( e ) ) {
/* parent is a referral, don't allow add */
/* parent is an alias, don't allow add */
BerVarray refs = get_entry_referrals( be,
conn, op, e );
rs->sr_ref = get_entry_referrals( op, e );
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, INFO,
@ -150,14 +137,15 @@ ldbm_back_modrdn(
0, 0 );
#endif
send_ldap_result( conn, op, LDAP_REFERRAL,
e->e_dn, NULL, refs, NULL );
rs->sr_err = LDAP_REFERRAL;
rs->sr_matched = e->e_name.bv_val;
send_ldap_result( op, rs );
if ( refs ) ber_bvarray_free( refs );
if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
goto return_results;
}
if ( has_children( be, e ) ) {
if ( has_children( op->o_bd, e ) ) {
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, INFO,
"ldbm_back_modrdn: entry %s has children\n", e->e_dn, 0, 0 );
@ -166,12 +154,12 @@ ldbm_back_modrdn(
0, 0 );
#endif
send_ldap_result( conn, op, LDAP_NOT_ALLOWED_ON_NONLEAF,
NULL, "subtree rename not supported", NULL, NULL );
send_ldap_error( op, rs, LDAP_NOT_ALLOWED_ON_NONLEAF,
"subtree rename not supported" );
goto return_results;
}
if ( be_issuffix( be, &e->e_nname ) ) {
if ( be_issuffix( op->o_bd, &e->e_nname ) ) {
p_ndn = slap_empty_bv ;
} else {
dnParent( &e->e_nname, &p_ndn );
@ -182,7 +170,7 @@ ldbm_back_modrdn(
* children.
*/
if( (p = dn2entry_w( be, &p_ndn, NULL )) == NULL) {
if( (p = dn2entry_w( op->o_bd, &p_ndn, NULL )) == NULL) {
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, INFO,
"ldbm_back_modrdn: parent of %s does not exist\n",
@ -192,14 +180,14 @@ ldbm_back_modrdn(
0, 0, 0);
#endif
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "parent entry does not exist", NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER,
"parent entry does not exist" );
goto return_results;
}
/* check parent for "children" acl */
if ( ! access_allowed( be, conn, op, p,
if ( ! access_allowed( op, p,
children, NULL, ACL_WRITE, NULL ) )
{
#ifdef NEW_LOGGING
@ -211,8 +199,8 @@ ldbm_back_modrdn(
0, 0 );
#endif
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
NULL, NULL, NULL, NULL );
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
NULL );
goto return_results;
}
@ -242,13 +230,13 @@ ldbm_back_modrdn(
} else {
/* no parent, must be root to modify rdn */
isroot = be_isroot( be, &op->o_ndn );
isroot = be_isroot( op->o_bd, &op->o_ndn );
if ( ! isroot ) {
if ( be_issuffix( be, (struct berval *)&slap_empty_bv ) || be_isupdate( be, &op->o_ndn ) ) {
if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv ) || be_isupdate( op->o_bd, &op->o_ndn ) ) {
int can_access;
p = (Entry *)&slap_entry_root;
can_access = access_allowed( be, conn, op, p,
can_access = access_allowed( op, p,
children, NULL, ACL_WRITE, NULL );
p = NULL;
@ -263,9 +251,9 @@ ldbm_back_modrdn(
"access to parent\n", 0, 0, 0 );
#endif
send_ldap_result( conn, op,
send_ldap_error( op, rs,
LDAP_INSUFFICIENT_ACCESS,
NULL, NULL, NULL, NULL );
NULL );
goto return_results;
}
@ -280,9 +268,9 @@ ldbm_back_modrdn(
"not root\n", 0, 0, 0);
#endif
send_ldap_result( conn, op,
send_ldap_error( op, rs,
LDAP_INSUFFICIENT_ACCESS,
NULL, NULL, NULL, NULL );
NULL );
goto return_results;
}
}
@ -299,42 +287,42 @@ ldbm_back_modrdn(
new_parent_dn = &p_dn; /* New Parent unless newSuperior given */
if ( newSuperior != NULL ) {
if ( op->oq_modrdn.rs_newSup != NULL ) {
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, DETAIL1,
"ldbm_back_modrdn: new parent \"%s\" requested\n",
newSuperior->bv_val, 0, 0 );
op->oq_modrdn.rs_newSup->bv_val, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"ldbm_back_modrdn: new parent \"%s\" requested...\n",
newSuperior->bv_val, 0, 0 );
op->oq_modrdn.rs_newSup->bv_val, 0, 0 );
#endif
np_ndn = nnewSuperior;
np_ndn = op->oq_modrdn.rs_nnewSup;
/* newSuperior == oldParent? */
if ( dn_match( &p_ndn, np_ndn ) ) {
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, INFO, "ldbm_back_modrdn: "
"new parent\"%s\" seems to be the same as the "
"old parent \"%s\"\n", newSuperior->bv_val, p_dn.bv_val, 0 );
"old parent \"%s\"\n", op->oq_modrdn.rs_newSup->bv_val, p_dn.bv_val, 0 );
#else
Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: "
"new parent\"%s\" seems to be the same as the "
"old parent \"%s\"\n",
newSuperior->bv_val, p_dn.bv_val, 0 );
op->oq_modrdn.rs_newSup->bv_val, p_dn.bv_val, 0 );
#endif
newSuperior = NULL; /* ignore newSuperior */
op->oq_modrdn.rs_newSup = NULL; /* ignore newSuperior */
}
}
if ( newSuperior != NULL ) {
if ( op->oq_modrdn.rs_newSup != NULL ) {
/* newSuperior == entry being moved?, if so ==> ERROR */
/* Get Entry with dn=newSuperior. Does newSuperior exist? */
if ( nnewSuperior->bv_len ) {
if( (np = dn2entry_w( be, np_ndn, NULL )) == NULL) {
if ( op->oq_modrdn.rs_nnewSup->bv_len ) {
if( (np = dn2entry_w( op->o_bd, np_ndn, NULL )) == NULL) {
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ERR,
"ldbm_back_modrdn: newSup(ndn=%s) not found.\n",
@ -345,8 +333,8 @@ ldbm_back_modrdn(
np_ndn->bv_val, 0, 0);
#endif
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "newSuperior not found", NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER,
"newSuperior not found" );
goto return_results;
}
@ -361,7 +349,7 @@ ldbm_back_modrdn(
#endif
/* check newSuperior for "children" acl */
if ( !access_allowed( be, conn, op, np, children, NULL,
if ( !access_allowed( op, np, children, NULL,
ACL_WRITE, NULL ) )
{
#ifdef NEW_LOGGING
@ -373,8 +361,7 @@ ldbm_back_modrdn(
0, 0, 0 );
#endif
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
NULL, NULL, NULL, NULL );
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
goto return_results;
}
@ -388,8 +375,8 @@ ldbm_back_modrdn(
#endif
send_ldap_result( conn, op, LDAP_ALIAS_PROBLEM,
NULL, "newSuperior is an alias", NULL, NULL );
send_ldap_error( op, rs, LDAP_ALIAS_PROBLEM,
"newSuperior is an alias" );
goto return_results;
}
@ -405,8 +392,8 @@ ldbm_back_modrdn(
np->e_dn, 0, 0 );
#endif
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "newSuperior is a referral", NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER,
"newSuperior is a referral" );
goto return_results;
}
@ -415,15 +402,15 @@ ldbm_back_modrdn(
/* no parent, must be root to modify newSuperior */
if ( isroot == -1 ) {
isroot = be_isroot( be, &op->o_ndn );
isroot = be_isroot( op->o_bd, &op->o_ndn );
}
if ( ! isroot ) {
if ( be_issuffix( be, (struct berval *)&slap_empty_bv ) || be_isupdate( be, &op->o_ndn ) ) {
if ( be_issuffix( op->o_bd, (struct berval *)&slap_empty_bv ) || be_isupdate( op->o_bd, &op->o_ndn ) ) {
int can_access;
np = (Entry *)&slap_entry_root;
can_access = access_allowed( be, conn, op, np,
can_access = access_allowed( op, np,
children, NULL, ACL_WRITE, NULL );
np = NULL;
@ -439,9 +426,9 @@ ldbm_back_modrdn(
"access to new superior\n", 0, 0, 0 );
#endif
send_ldap_result( conn, op,
send_ldap_error( op, rs,
LDAP_INSUFFICIENT_ACCESS,
NULL, NULL, NULL, NULL );
NULL );
goto return_results;
}
@ -457,9 +444,9 @@ ldbm_back_modrdn(
0, 0, 0);
#endif
send_ldap_result( conn, op,
send_ldap_error( op, rs,
LDAP_INSUFFICIENT_ACCESS,
NULL, NULL, NULL, NULL );
NULL );
goto return_results;
}
}
@ -474,11 +461,11 @@ ldbm_back_modrdn(
0, 0, 0 );
#endif
new_parent_dn = newSuperior;
new_parent_dn = op->oq_modrdn.rs_newSup;
}
/* Build target dn and make sure target entry doesn't exist already. */
build_new_dn( &new_dn, new_parent_dn, newrdn );
build_new_dn( &new_dn, new_parent_dn, &op->oq_modrdn.rs_newrdn );
dnNormalize2( NULL, &new_dn, &new_ndn );
#ifdef NEW_LOGGING
@ -494,11 +481,10 @@ ldbm_back_modrdn(
goto return_results;
}
if ( ( rc_id = dn2id ( be, &new_ndn, &id ) ) || id != NOID ) {
if ( ( rc_id = dn2id ( op->o_bd, &new_ndn, &id ) ) || id != NOID ) {
/* if (rc_id) something bad happened to ldbm cache */
send_ldap_result( conn, op,
rc_id ? LDAP_OTHER : LDAP_ALREADY_EXISTS,
NULL, NULL, NULL, NULL );
rs->sr_err = rc_id ? LDAP_OTHER : LDAP_ALREADY_EXISTS;
send_ldap_result( op, rs );
goto return_results;
}
@ -514,7 +500,7 @@ ldbm_back_modrdn(
/* Get attribute type and attribute value of our new rdn, we will
* need to add that to our new entry
*/
if ( ldap_bv2rdn( newrdn, &new_rdn, (char **)&text,
if ( ldap_bv2rdn( &op->oq_modrdn.rs_newrdn, &new_rdn, (char **)&rs->sr_text,
LDAP_DN_FORMAT_LDAP ) )
{
#ifdef NEW_LOGGING
@ -545,8 +531,8 @@ ldbm_back_modrdn(
new_rdn[ 0 ][ 0 ]->la_value.bv_val, 0 );
#endif
if ( deleteoldrdn ) {
if ( ldap_bv2rdn( dn, &old_rdn, (char **)&text,
if ( op->oq_modrdn.rs_deleteoldrdn ) {
if ( ldap_bv2rdn( &op->o_req_dn, &old_rdn, (char **)&rs->sr_text,
LDAP_DN_FORMAT_LDAP ) )
{
#ifdef NEW_LOGGING
@ -571,8 +557,7 @@ ldbm_back_modrdn(
0, 0, 0 );
#endif
if ( slap_modrdn2mods( be, conn, op, e, old_rdn, new_rdn,
deleteoldrdn, &mod ) != LDAP_SUCCESS ) {
if ( slap_modrdn2mods( op, rs, e, old_rdn, new_rdn, &mod ) != LDAP_SUCCESS ) {
goto return_results;
}
@ -583,9 +568,9 @@ ldbm_back_modrdn(
}
/* delete old one */
if ( dn2id_delete( be, &e->e_nname, e->e_id ) != 0 ) {
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "DN index delete fail", NULL, NULL );
if ( dn2id_delete( op->o_bd, &e->e_nname, e->e_id ) != 0 ) {
send_ldap_error( op, rs, LDAP_OTHER,
"DN index delete fail" );
goto return_results;
}
@ -606,27 +591,28 @@ ldbm_back_modrdn(
*/
/* add new one */
if ( dn2id_add( be, &e->e_nname, e->e_id ) != 0 ) {
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "DN index add failed", NULL, NULL );
if ( dn2id_add( op->o_bd, &e->e_nname, e->e_id ) != 0 ) {
send_ldap_error( op, rs, LDAP_OTHER,
"DN index add failed" );
goto return_results;
}
/* modify memory copy of entry */
rc_id = ldbm_modify_internal( be, conn, op, dn->bv_val, &mod[0], e,
&text, textbuf, textlen );
rc_id = ldbm_modify_internal( op, &mod[0], e,
&rs->sr_text, textbuf, textlen );
switch ( rc_id ) {
case LDAP_SUCCESS:
break;
case SLAPD_ABANDON:
/* too late ... */
send_ldap_result( conn, op, rc_id, NULL, text, NULL, NULL );
rs->sr_err = rc_id;
send_ldap_result( op, rs );
goto return_results;
default:
/* here we may try to delete the newly added dn */
if ( dn2id_delete( be, &e->e_nname, e->e_id ) != 0 ) {
if ( dn2id_delete( op->o_bd, &e->e_nname, e->e_id ) != 0 ) {
/* we already are in trouble ... */
;
}
@ -636,14 +622,14 @@ ldbm_back_modrdn(
(void) cache_update_entry( &li->li_cache, e );
/* id2entry index */
if ( id2entry_add( be, e ) != 0 ) {
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "entry update failed", NULL, NULL );
if ( id2entry_add( op->o_bd, e ) != 0 ) {
send_ldap_error( op, rs, LDAP_OTHER,
"entry update failed" );
goto return_results;
}
send_ldap_result( conn, op, LDAP_SUCCESS,
NULL, NULL, NULL, NULL );
rs->sr_err = LDAP_SUCCESS;
send_ldap_result( op, rs );
rc = 0;
cache_entry_commit( e );

15
servers/slapd/back-ldbm/operational.c
View file

@ -21,13 +21,11 @@
*/
int
ldbm_back_hasSubordinates(
BackendDB *be,
Connection *conn,
Operation *op,
Entry *e,
int *hasSubordinates )
{
if ( has_children( be, e ) ) {
if ( has_children( op->o_bd, e ) ) {
*hasSubordinates = LDAP_COMPARE_TRUE;
} else {
@ -42,22 +40,19 @@ ldbm_back_hasSubordinates(
*/
int
ldbm_back_operational(
BackendDB *be,
Connection *conn,
Operation *op,
Entry *e,
AttributeName *attrs,
SlapReply *rs,
int opattrs,
Attribute **a )
{
Attribute **aa = a;
assert( e );
assert( rs->sr_entry );
if ( opattrs || ad_inlist( slap_schema.si_ad_hasSubordinates, attrs ) ) {
if ( opattrs || ad_inlist( slap_schema.si_ad_hasSubordinates, rs->sr_attrs ) ) {
int hs;
hs = has_children( be, e );
hs = has_children( op->o_bd, rs->sr_entry );
*aa = slap_operational_hasSubordinate( hs );
if ( *aa != NULL ) {
aa = &(*aa)->a_next;

56
servers/slapd/back-ldbm/passwd.c
View file

@ -19,19 +19,10 @@
int
ldbm_back_exop_passwd(
Backend *be,
Connection *conn,
Operation *op,
struct berval *reqoid,
struct berval *reqdata,
char **rspoid,
struct berval **rspdata,
LDAPControl *** rspctrls,
const char **text,
BerVarray *refs
)
Operation *op,
SlapReply *rs )
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
int rc;
Entry *e = NULL;
struct berval hash = { 0, NULL };
@ -42,11 +33,10 @@ ldbm_back_exop_passwd(
struct berval dn = { 0, NULL };
struct berval ndn = { 0, NULL };
assert( reqoid != NULL );
assert( ber_bvcmp( &slap_EXOP_MODIFY_PASSWD, reqoid ) == 0 );
assert( ber_bvcmp( &slap_EXOP_MODIFY_PASSWD, &op->oq_extended.rs_reqoid ) == 0 );
rc = slap_passwd_parse( reqdata,
&id, NULL, &new, text );
rc = slap_passwd_parse( op->oq_extended.rs_reqdata,
&id, NULL, &new, &rs->sr_text );
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ENTRY,
@ -65,18 +55,18 @@ ldbm_back_exop_passwd(
slap_passwd_generate(&new);
if( new.bv_len == 0 ) {
*text = "password generation failed.";
rs->sr_text = "password generation failed.";
rc = LDAP_OTHER;
goto done;
}
*rspdata = slap_passwd_return( &new );
rs->sr_rspdata = slap_passwd_return( &new );
}
slap_passwd_hash( &new, &hash );
if( hash.bv_len == 0 ) {
*text = "password hash failed";
rs->sr_text = "password hash failed";
rc = LDAP_OTHER;
goto done;
}
@ -97,31 +87,31 @@ ldbm_back_exop_passwd(
#endif
if( dn.bv_len == 0 ) {
*text = "No password is associated with the Root DSE";
rs->sr_text = "No password is associated with the Root DSE";
rc = LDAP_UNWILLING_TO_PERFORM;
goto done;
}
rc = dnNormalize2( NULL, &dn, &ndn );
if( rc != LDAP_SUCCESS ) {
*text = "Invalid DN";
rs->sr_text = "Invalid DN";
goto done;
}
/* grab giant lock for writing */
ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock);
e = dn2entry_w( be, &ndn, NULL );
e = dn2entry_w( op->o_bd, &ndn, NULL );
if( e == NULL ) {
ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
*text = "could not locate authorization entry";
rs->sr_text = "could not locate authorization entry";
rc = LDAP_NO_SUCH_OBJECT;
goto done;
}
if( is_entry_alias( e ) ) {
/* entry is an alias, don't allow operation */
*text = "authorization entry is alias";
rs->sr_text = "authorization entry is alias";
rc = LDAP_ALIAS_PROBLEM;
goto done;
}
@ -130,7 +120,7 @@ ldbm_back_exop_passwd(
if( is_entry_referral( e ) ) {
/* entry is an referral, don't allow operation */
*text = "authorization entry is referral";
rs->sr_text = "authorization entry is referral";
goto done;
}
@ -150,30 +140,30 @@ ldbm_back_exop_passwd(
ml.sml_op = LDAP_MOD_REPLACE;
ml.sml_next = NULL;
rc = ldbm_modify_internal( be,
conn, op, op->o_ndn.bv_val, &ml, e, text, textbuf,
rc = ldbm_modify_internal( op,
&ml, e, &rs->sr_text, textbuf,
sizeof( textbuf ) );
/* FIXME: ldbm_modify_internal may set *text = textbuf,
* which is BAD */
if ( *text == textbuf ) {
*text = NULL;
if ( rs->sr_text == textbuf ) {
rs->sr_text = NULL;
}
if( rc ) {
/* cannot return textbuf */
*text = "entry modify failed";
rs->sr_text = "entry modify failed";
goto done;
}
/* change the entry itself */
if( id2entry_add( be, e ) != 0 ) {
*text = "entry update failed";
if( id2entry_add( op->o_bd, e ) != 0 ) {
rs->sr_text = "entry update failed";
rc = LDAP_OTHER;
}
if( rc == LDAP_SUCCESS ) {
replog( be, op, &e->e_name, &e->e_nname, &ml );
replog( op );
}
}

16
servers/slapd/back-ldbm/proto-back-ldbm.h
View file

@ -93,10 +93,7 @@ Entry * dn2entry_rw LDAP_P(( Backend *be, struct berval *dn, Entry **matched, in
/*
* entry.c
*/
int ldbm_back_entry_release_rw LDAP_P(( Backend *be,
Connection *conn, Operation *op,
Entry *e, int rw ));
BI_entry_release_rw ldbm_back_entry_release_rw;
BI_entry_get_rw ldbm_back_entry_get;
/*
@ -166,9 +163,9 @@ index_values LDAP_P((
ID id,
int op ));
int index_entry LDAP_P(( Backend *be, int r, Entry *e, Attribute *ap ));
#define index_entry_add(be,e,ap) index_entry((be),SLAP_INDEX_ADD_OP,(e),(ap))
#define index_entry_del(be,e,ap) index_entry((be),SLAP_INDEX_DELETE_OP,(e),(ap))
int index_entry LDAP_P(( Backend *be, int r, Entry *e ));
#define index_entry_add(be,e) index_entry((be),SLAP_INDEX_ADD_OP,(e))
#define index_entry_del(be,e) index_entry((be),SLAP_INDEX_DELETE_OP,(e))
/*
@ -206,9 +203,8 @@ extern BI_op_extended ldbm_back_exop_passwd;
*/
/* returns LDAP error code indicating error OR SLAPD_ABANDON */
int ldbm_modify_internal LDAP_P((Backend *be,
Connection *conn, Operation *op,
const char *dn, Modifications *mods, Entry *e,
int ldbm_modify_internal LDAP_P(( Operation *op,
Modifications *mods, Entry *e,
const char **text, char *textbuf, size_t textlen ));
/*

78
servers/slapd/back-ldbm/referral.c
View file

@ -17,105 +17,97 @@
int
ldbm_back_referrals(
Backend *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn,
const char **text )
SlapReply *rs )
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
int rc = LDAP_SUCCESS;
struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
Entry *e, *matched;
if( op->o_tag == LDAP_REQ_SEARCH ) {
/* let search take care of itself */
return rc;
return LDAP_SUCCESS;
}
if( get_manageDSAit( op ) ) {
/* let op take care of DSA management */
return rc;
return LDAP_SUCCESS;
}
/* grab giant lock for reading */
ldap_pvt_thread_rdwr_rlock(&li->li_giant_rwlock);
/* get entry with reader lock */
e = dn2entry_r( be, ndn, &matched );
e = dn2entry_r( op->o_bd, &op->o_req_ndn, &matched );
if ( e == NULL ) {
char *matched_dn = NULL;
BerVarray refs = NULL;
if ( matched != NULL ) {
matched_dn = ch_strdup( matched->e_dn );
rs->sr_matched = ch_strdup( matched->e_dn );
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, DETAIL1,
"ldbm_back_referrals: op=%ld target=\"%s\" matched=\"%s\"\n",
op->o_tag, dn->bv_val, matched_dn );
op->o_tag, op->o_req_dn.bv_val, rs->sr_matched );
#else
Debug( LDAP_DEBUG_TRACE,
"ldbm_referrals: op=%ld target=\"%s\" matched=\"%s\"\n",
op->o_tag, dn->bv_val, matched_dn );
op->o_tag, op->o_req_dn.bv_val, rs->sr_matched );
#endif
if( is_entry_referral( matched ) ) {
rc = LDAP_OTHER;
refs = get_entry_referrals( be, conn, op, matched );
rs->sr_err = LDAP_OTHER;
rs->sr_ref = get_entry_referrals( op, matched );
}
cache_return_entry_r( &li->li_cache, matched );
} else if ( default_referral != NULL ) {
rc = LDAP_OTHER;
refs = referral_rewrite( default_referral,
NULL, dn, LDAP_SCOPE_DEFAULT );
rs->sr_err = LDAP_OTHER;
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
if( refs != NULL ) {
if( rs->sr_ref != NULL ) {
/* send referrals */
send_ldap_result( conn, op, rc = LDAP_REFERRAL,
matched_dn, NULL, refs, NULL );
ber_bvarray_free( refs );
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
ber_bvarray_free( rs->sr_ref );
} else if ( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc, matched_dn,
matched_dn ? "bad referral object" : "bad default referral",
NULL, NULL );
} else if ( rs->sr_err != LDAP_SUCCESS ) {
rs->sr_text = rs->sr_matched ? "bad referral object" : "bad default referral";
send_ldap_result( op, rs );
}
if ( matched_dn ) free( matched_dn );
return rc;
if ( rs->sr_matched ) free( (char *)rs->sr_matched );
return rs->sr_err;
}
if ( is_entry_referral( e ) ) {
/* entry is a referral */
BerVarray refs = get_entry_referrals( be, conn, op, e );
BerVarray rrefs = referral_rewrite(
refs, &e->e_name, dn, LDAP_SCOPE_DEFAULT );
BerVarray refs = get_entry_referrals( op, e );
rs->sr_ref = referral_rewrite(
refs, &e->e_name, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, DETAIL1,
"ldbm_referrals: op=%ld target=\"%s\" matched=\"%s\"\n",
op->o_tag, dn->bv_val, e->e_dn );
op->o_tag, op->o_req_dn.bv_val, e->e_dn );
#else
Debug( LDAP_DEBUG_TRACE,
"ldbm_referrals: op=%ld target=\"%s\" matched=\"%s\"\n",
op->o_tag, dn->bv_val, e->e_dn );
op->o_tag, op->o_req_dn.bv_val, e->e_dn );
#endif
if( rrefs != NULL ) {
send_ldap_result( conn, op, rc = LDAP_REFERRAL,
e->e_dn, NULL, rrefs, NULL );
rs->sr_matched = e->e_name.bv_val;
if( rs->sr_ref != NULL ) {
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
ber_bvarray_free( rrefs );
ber_bvarray_free( rs->sr_ref );
} else {
send_ldap_result( conn, op, rc = LDAP_OTHER, e->e_dn,
"bad referral object", NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER,
"bad referral object" );
}
if( refs != NULL ) ber_bvarray_free( refs );
@ -124,5 +116,5 @@ ldbm_back_referrals(
cache_return_entry_r( &li->li_cache, e );
ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
return rc;
return rs->sr_err;
}

217
servers/slapd/back-ldbm/search.c
View file

@ -26,33 +26,21 @@ static ID_BLOCK *search_candidates(
int
ldbm_back_search(
Backend *be,
Connection *conn,
Operation *op,
struct berval *base,
struct berval *nbase,
int scope,
int deref,
int slimit,
int tlimit,
Filter *filter,
struct berval *filterstr,
AttributeName *attrs,
int attrsonly )
SlapReply *rs )
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
int rc, err;
const char *text = NULL;
time_t stoptime;
ID_BLOCK *candidates;
ID id, cursor;
Entry *e;
BerVarray v2refs = NULL;
Entry *matched = NULL;
struct berval realbase = { 0, NULL };
int nentries = 0;
int manageDSAit = get_manageDSAit( op );
int cscope = LDAP_SCOPE_DEFAULT;
int nentries = 0;
#ifdef LDAP_CACHING
Entry cache_base_entry;
@ -71,7 +59,7 @@ ldbm_back_search(
ldap_pvt_thread_rdwr_rlock(&li->li_giant_rwlock);
#ifndef LDAP_CACHING
if ( nbase->bv_len == 0 ) {
if ( op->o_req_ndn.bv_len == 0 ) {
/* DIT root special case */
e = (Entry *) &slap_entry_root;
@ -79,16 +67,16 @@ ldbm_back_search(
ber_dupbv( &realbase, &e->e_nname );
#else /* LDAP_CACHING */
if ( op->o_caching_on || nbase->bv_len == 0 ) {
if (nbase->bv_len == 0) {
if ( op->o_caching_on || op->o_req_ndn.bv_len == 0 ) {
if (op->o_req_ndn.bv_len == 0) {
e = (Entry *) &slap_entry_root;
/* need normalized dn below */
ber_dupbv( &realbase, &e->e_nname );
} else {
if ((scope == LDAP_SCOPE_BASE)
&& (e = dn2entry_r( be, nbase, &matched )))
&& (e = dn2entry_r( op->o_bd, &op->o_req_ndn &matched )))
{
candidates = base_candidate(be,e);
candidates = base_candidate(op->o_bd,e);
cache_return_entry_r( &li->li_cache, e );
goto searchit;
}
@ -97,57 +85,56 @@ ldbm_back_search(
}
#endif /* LDAP_CACHING */
candidates = search_candidates( be, e, filter,
scope, deref,
candidates = search_candidates( op->o_bd, e, op->oq_search.rs_filter,
op->oq_search.rs_scope, op->oq_search.rs_deref,
manageDSAit || get_domainScope(op) );
goto searchit;
} else if ( deref & LDAP_DEREF_FINDING ) {
} else if ( op->oq_search.rs_deref & LDAP_DEREF_FINDING ) {
/* deref dn and get entry with reader lock */
e = deref_dn_r( be, nbase, &err, &matched, &text );
e = deref_dn_r( op->o_bd, &op->o_req_ndn, &rs->sr_err, &matched, &rs->sr_text );
if( err == LDAP_NO_SUCH_OBJECT ) err = LDAP_REFERRAL;
if( rs->sr_err == LDAP_NO_SUCH_OBJECT ) rs->sr_err = LDAP_REFERRAL;
} else {
/* get entry with reader lock */
e = dn2entry_r( be, nbase, &matched );
err = e != NULL ? LDAP_SUCCESS : LDAP_REFERRAL;
text = NULL;
e = dn2entry_r( op->o_bd, &op->o_req_ndn, &matched );
rs->sr_err = e != NULL ? LDAP_SUCCESS : LDAP_REFERRAL;
rs->sr_text = NULL;
}
if ( e == NULL ) {
struct berval matched_dn = { 0, NULL };
BerVarray refs = NULL;
if ( matched != NULL ) {
BerVarray erefs;
ber_dupbv( &matched_dn, &matched->e_name );
erefs = is_entry_referral( matched )
? get_entry_referrals( be, conn, op, matched )
? get_entry_referrals( op, matched )
: NULL;
cache_return_entry_r( &li->li_cache, matched );
if( erefs ) {
refs = referral_rewrite( erefs, &matched_dn,
base, scope );
rs->sr_ref = referral_rewrite( erefs, &matched_dn,
&op->o_req_dn, op->oq_search.rs_scope );
ber_bvarray_free( erefs );
}
} else {
refs = referral_rewrite( default_referral,
NULL, base, scope );
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, op->oq_search.rs_scope );
}
ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
send_ldap_result( conn, op, err, matched_dn.bv_val,
text, refs, NULL );
rs->sr_matched = matched_dn.bv_val;
send_ldap_result( op, rs );
ber_bvarray_free( refs );
ber_bvarray_free( rs->sr_ref );
ber_memfree( matched_dn.bv_val );
return 1;
}
@ -156,11 +143,10 @@ ldbm_back_search(
/* entry is a referral, don't allow add */
struct berval matched_dn;
BerVarray erefs;
BerVarray refs;
ber_dupbv( &matched_dn, &e->e_name );
erefs = get_entry_referrals( be, conn, op, e );
refs = NULL;
erefs = get_entry_referrals( op, e );
rs->sr_ref = NULL;
cache_return_entry_r( &li->li_cache, e );
ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
@ -176,21 +162,21 @@ ldbm_back_search(
#endif
if( erefs ) {
refs = referral_rewrite( erefs, &matched_dn,
base, scope );
rs->sr_ref = referral_rewrite( erefs, &matched_dn,
&op->o_req_dn, op->oq_search.rs_scope );
ber_bvarray_free( erefs );
}
if( refs ) {
send_ldap_result( conn, op, LDAP_REFERRAL,
matched_dn.bv_val, NULL, refs, NULL );
ber_bvarray_free( refs );
rs->sr_matched = matched_dn.bv_val;
if( rs->sr_ref ) {
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
ber_bvarray_free( rs->sr_ref );
} else {
send_ldap_result( conn, op, LDAP_OTHER,
matched_dn.bv_val,
"bad referral object", NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER,
"bad referral object" );
}
ber_memfree( matched_dn.bv_val );
@ -199,18 +185,18 @@ ldbm_back_search(
if ( is_entry_alias( e ) ) {
/* don't deref */
deref = LDAP_DEREF_NEVER;
op->oq_search.rs_deref = LDAP_DEREF_NEVER;
}
if ( scope == LDAP_SCOPE_BASE ) {
if ( op->oq_search.rs_scope == LDAP_SCOPE_BASE ) {
cscope = LDAP_SCOPE_BASE;
candidates = base_candidate( be, e );
candidates = base_candidate( op->o_bd, e );
} else {
cscope = ( scope != LDAP_SCOPE_SUBTREE )
cscope = ( op->oq_search.rs_scope != LDAP_SCOPE_SUBTREE )
? LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE;
candidates = search_candidates( be, e, filter,
scope, deref, manageDSAit );
candidates = search_candidates( op->o_bd, e, op->oq_search.rs_filter,
op->oq_search.rs_scope, op->oq_search.rs_deref, manageDSAit );
}
/* need normalized dn below */
@ -234,9 +220,8 @@ searchit:
}
#endif /* LDAP_CACHING */
send_search_result( conn, op,
LDAP_SUCCESS,
NULL, NULL, NULL, NULL, 0 );
rs->sr_err = LDAP_SUCCESS;
send_search_result( op, rs );
#ifdef LDAP_CACHING
if ( op->o_caching_on ) {
@ -250,9 +235,9 @@ searchit:
/* if not root, get appropriate limits */
#ifndef LDAP_CACHING
if ( be_isroot( be, &op->o_ndn ) )
if ( be_isroot( op->o_bd, &op->o_ndn ) )
#else /* LDAP_CACHING */
if ( op->o_caching_on || be_isroot( be, &op->o_ndn ) )
if ( op->o_caching_on || be_isroot( op->o_bd, &op->o_ndn ) )
#endif /* LDAP_CACHING */
{
/*
@ -261,14 +246,14 @@ searchit:
*/
isroot = 1;
} else {
( void ) get_limits( be, &op->o_ndn, &limit );
( void ) get_limits( op->o_bd, &op->o_ndn, &limit );
}
/* if candidates exceed to-be-checked entries, abort */
if ( !isroot && limit->lms_s_unchecked != -1 ) {
if ( ID_BLOCK_NIDS( candidates ) > (unsigned) limit->lms_s_unchecked ) {
send_search_result( conn, op, LDAP_ADMINLIMIT_EXCEEDED,
NULL, NULL, NULL, NULL, 0 );
send_ldap_error( op, rs, LDAP_ADMINLIMIT_EXCEEDED,
NULL );
rc = 0;
goto done;
}
@ -276,32 +261,32 @@ searchit:
/* if root an no specific limit is required, allow unlimited search */
if ( isroot ) {
if ( tlimit == 0 ) {
tlimit = -1;
if ( op->oq_search.rs_tlimit == 0 ) {
op->oq_search.rs_tlimit = -1;
}
if ( slimit == 0 ) {
slimit = -1;
if ( op->oq_search.rs_slimit == 0 ) {
op->oq_search.rs_slimit = -1;
}
} else {
/* if no limit is required, use soft limit */
if ( tlimit <= 0 ) {
tlimit = limit->lms_t_soft;
if ( op->oq_search.rs_tlimit <= 0 ) {
op->oq_search.rs_tlimit = limit->lms_t_soft;
/* if requested limit higher than hard limit, abort */
} else if ( tlimit > limit->lms_t_hard ) {
} else if ( op->oq_search.rs_tlimit > limit->lms_t_hard ) {
/* no hard limit means use soft instead */
if ( limit->lms_t_hard == 0
&& limit->lms_t_soft > -1
&& tlimit > limit->lms_t_soft ) {
tlimit = limit->lms_t_soft;
&& op->oq_search.rs_tlimit > limit->lms_t_soft ) {
op->oq_search.rs_tlimit = limit->lms_t_soft;
/* positive hard limit means abort */
} else if ( limit->lms_t_hard > 0 ) {
send_search_result( conn, op,
send_ldap_error( op, rs,
LDAP_ADMINLIMIT_EXCEEDED,
NULL, NULL, NULL, NULL, 0 );
NULL );
rc = 0;
goto done;
}
@ -310,22 +295,22 @@ searchit:
}
/* if no limit is required, use soft limit */
if ( slimit <= 0 ) {
slimit = limit->lms_s_soft;
if ( op->oq_search.rs_slimit <= 0 ) {
op->oq_search.rs_slimit = limit->lms_s_soft;
/* if requested limit higher than hard limit, abort */
} else if ( slimit > limit->lms_s_hard ) {
} else if ( op->oq_search.rs_slimit > limit->lms_s_hard ) {
/* no hard limit means use soft instead */
if ( limit->lms_s_hard == 0
&& limit->lms_s_soft > -1
&& slimit > limit->lms_s_soft ) {
slimit = limit->lms_s_soft;
&& op->oq_search.rs_slimit > limit->lms_s_soft ) {
op->oq_search.rs_slimit = limit->lms_s_soft;
/* positive hard limit means abort */
} else if ( limit->lms_s_hard > 0 ) {
send_search_result( conn, op,
send_ldap_error( op, rs,
LDAP_ADMINLIMIT_EXCEEDED,
NULL, NULL, NULL, NULL, 0 );
NULL );
rc = 0;
goto done;
}
@ -335,7 +320,8 @@ searchit:
}
/* compute it anyway; root does not use it */
stoptime = op->o_time + tlimit;
stoptime = op->o_time + op->oq_search.rs_tlimit;
rs->sr_attrs = op->oq_search.rs_attrs;
for ( id = idl_firstid( candidates, &cursor ); id != NOID;
id = idl_nextid( candidates, &cursor ) )
@ -350,15 +336,16 @@ searchit:
}
/* check time limit */
if ( tlimit != -1 && slap_get_time() > stoptime ) {
send_search_result( conn, op, LDAP_TIMELIMIT_EXCEEDED,
NULL, NULL, v2refs, NULL, nentries );
if ( op->oq_search.rs_tlimit != -1 && slap_get_time() > stoptime ) {
rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
rs->sr_nentries = nentries;
send_search_result( op, rs );
rc = 0;
goto done;
}
/* get the entry with reader lock */
e = id2entry_r( be, id );
e = id2entry_r( op->o_bd, id );
if ( e == NULL ) {
#ifdef NEW_LOGGING
@ -373,16 +360,17 @@ searchit:
goto loop_continue;
}
rs->sr_entry = e;
#ifdef LDAP_CACHING
if ( !op->o_caching_on ) {
#endif /* LDAP_CACHING */
if ( deref & LDAP_DEREF_SEARCHING && is_entry_alias( e ) ) {
if ( op->oq_search.rs_deref & LDAP_DEREF_SEARCHING && is_entry_alias( e ) ) {
Entry *matched;
int err;
const char *text;
e = deref_entry_r( be, e, &err, &matched, &text );
e = deref_entry_r( op->o_bd, e, &err, &matched, &text );
if( e == NULL ) {
e = matched;
@ -395,7 +383,7 @@ searchit:
}
/* need to skip alias which deref into scope */
if( scope & LDAP_SCOPE_ONELEVEL ) {
if( op->oq_search.rs_scope & LDAP_SCOPE_ONELEVEL ) {
struct berval pdn;
dnParent( &e->e_nname, &pdn );
if ( ber_bvcmp( &pdn, &realbase ) ) {
@ -416,6 +404,8 @@ searchit:
goto loop_continue;
}
rs->sr_entry = e;
scopeok = 1;
}
@ -424,21 +414,21 @@ searchit:
* this for non-base searches, and don't check the filter
* explicitly here since it's only a candidate anyway.
*/
if ( !manageDSAit && scope != LDAP_SCOPE_BASE &&
if ( !manageDSAit && op->oq_search.rs_scope != LDAP_SCOPE_BASE &&
is_entry_referral( e ) )
{
struct berval dn;
/* check scope */
if ( !scopeok && scope == LDAP_SCOPE_ONELEVEL ) {
if ( !be_issuffix( be, &e->e_nname ) ) {
if ( !scopeok && op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL ) {
if ( !be_issuffix( op->o_bd, &e->e_nname ) ) {
dnParent( &e->e_nname, &dn );
scopeok = dn_match( &dn, &realbase );
} else {
scopeok = (realbase.bv_len == 0);
}
} else if ( !scopeok && scope == LDAP_SCOPE_SUBTREE ) {
} else if ( !scopeok && op->oq_search.rs_scope == LDAP_SCOPE_SUBTREE ) {
scopeok = dnIsSuffix( &e->e_nname, &realbase );
} else {
@ -446,18 +436,17 @@ searchit:
}
if( scopeok ) {
BerVarray erefs = get_entry_referrals(
be, conn, op, e );
BerVarray refs = referral_rewrite( erefs,
BerVarray erefs = get_entry_referrals( op, e );
rs->sr_ref = referral_rewrite( erefs,
&e->e_name, NULL,
scope == LDAP_SCOPE_SUBTREE
op->oq_search.rs_scope == LDAP_SCOPE_SUBTREE
? LDAP_SCOPE_SUBTREE
: LDAP_SCOPE_BASE );
send_search_reference( be, conn, op,
e, refs, NULL, &v2refs );
send_search_reference( op, rs );
ber_bvarray_free( refs );
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
} else {
#ifdef NEW_LOGGING
@ -479,21 +468,21 @@ searchit:
#endif /* LDAP_CACHING */
/* if it matches the filter and scope, send it */
result = test_filter( be, conn, op, e, filter );
result = test_filter( op, e, op->oq_search.rs_filter );
if ( result == LDAP_COMPARE_TRUE ) {
struct berval dn;
/* check scope */
if ( !scopeok && scope == LDAP_SCOPE_ONELEVEL ) {
if ( !be_issuffix( be, &e->e_nname ) ) {
if ( !scopeok && op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL ) {
if ( !be_issuffix( op->o_bd, &e->e_nname ) ) {
dnParent( &e->e_nname, &dn );
scopeok = dn_match( &dn, &realbase );
} else {
scopeok = (realbase.bv_len == 0);
}
} else if ( !scopeok && scope == LDAP_SCOPE_SUBTREE ) {
} else if ( !scopeok && op->oq_search.rs_scope == LDAP_SCOPE_SUBTREE ) {
scopeok = dnIsSuffix( &e->e_nname, &realbase );
} else {
@ -502,11 +491,11 @@ searchit:
if ( scopeok ) {
/* check size limit */
if ( --slimit == -1 ) {
if ( --op->oq_search.rs_slimit == -1 ) {
cache_return_entry_r( &li->li_cache, e );
send_search_result( conn, op,
LDAP_SIZELIMIT_EXCEEDED, NULL, NULL,
v2refs, NULL, nentries );
rs->sr_err = LDAP_SIZELIMIT_EXCEEDED;
rs->sr_nentries = nentries;
send_search_result( op, rs );
rc = 0;
goto done;
}
@ -520,8 +509,7 @@ searchit:
}
#endif /* LDAP_CACHING */
result = send_search_entry(be, conn, op,
e, attrs, attrsonly, NULL);
result = send_search_entry( op, rs );
#ifdef LDAP_CACHING
if ( op->o_caching_on ) {
@ -581,9 +569,10 @@ loop_continue:
ldap_pvt_thread_yield();
}
send_search_result( conn, op,
v2refs == NULL ? LDAP_SUCCESS : LDAP_REFERRAL,
NULL, NULL, v2refs, NULL, nentries );
rs->sr_err = rs->sr_v2ref ? LDAP_REFERRAL : LDAP_SUCCESS;
rs->sr_ref = rs->sr_v2ref;
rs->sr_nentries = nentries;
send_search_result( op, rs );
rc = 0;
@ -593,7 +582,7 @@ done:
if( candidates != NULL )
idl_free( candidates );
if( v2refs ) ber_bvarray_free( v2refs );
if( rs->sr_v2ref ) ber_bvarray_free( rs->sr_v2ref );
if( realbase.bv_val ) free( realbase.bv_val );
return rc;

4
servers/slapd/back-ldbm/tools.c
View file

@ -216,7 +216,7 @@ ID ldbm_tool_entry_put(
return NOID;
}
rc = index_entry_add( be, e, e->e_attrs );
rc = index_entry_add( be, e );
if( rc != 0 ) {
strncpy( text->bv_val, "index add failed", text->bv_len );
return NOID;
@ -302,7 +302,7 @@ int ldbm_tool_entry_reindex(
#endif
dn2id_add( be, &e->e_nname, e->e_id );
rc = index_entry_add( be, e, e->e_attrs );
rc = index_entry_add( be, e );
entry_free( e );

122
servers/slapd/back-passwd/search.c
View file

@ -25,20 +25,8 @@ static Entry *pw2entry(
int
passwd_back_search(
Backend *be,
Connection *conn,
Operation *op,
struct berval *base,
struct berval *nbase,
int scope,
int deref,
int slimit,
int tlimit,
Filter *filter,
struct berval *filterstr,
AttributeName *attrs,
int attrsonly
)
SlapReply *rs )
{
struct passwd *pw;
Entry *e;
@ -46,53 +34,50 @@ passwd_back_search(
time_t stoptime;
int sent = 0;
int err = LDAP_SUCCESS;
LDAPRDN *rdn = NULL;
struct berval parent = { 0, NULL };
char *matched = NULL;
const char *text = NULL;
AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass;
tlimit = (tlimit > be->be_timelimit || tlimit < 1) ? be->be_timelimit
: tlimit;
stoptime = op->o_time + tlimit;
slimit = (slimit > be->be_sizelimit || slimit < 1) ? be->be_sizelimit
: slimit;
op->oq_search.rs_tlimit = (op->oq_search.rs_tlimit > op->o_bd->be_timelimit || op->oq_search.rs_tlimit < 1) ? op->o_bd->be_timelimit
: op->oq_search.rs_tlimit;
stoptime = op->o_time + op->oq_search.rs_tlimit;
op->oq_search.rs_slimit = (op->oq_search.rs_slimit > op->o_bd->be_sizelimit || op->oq_search.rs_slimit < 1) ? op->o_bd->be_sizelimit
: op->oq_search.rs_slimit;
/* Handle a query for the base of this backend */
if ( be_issuffix( be, nbase ) ) {
if ( be_issuffix( op->o_bd, &op->o_req_ndn ) ) {
struct berval vals[2];
vals[1].bv_val = NULL;
matched = (char *) base;
rs->sr_matched = op->o_req_dn.bv_val;
if( scope != LDAP_SCOPE_ONELEVEL ) {
if( op->oq_search.rs_scope != LDAP_SCOPE_ONELEVEL ) {
AttributeDescription *desc = NULL;
/* Create an entry corresponding to the base DN */
e = (Entry *) ch_calloc(1, sizeof(Entry));
e->e_name.bv_val = ch_strdup( base->bv_val );
e->e_name.bv_len = base->bv_len;
e->e_nname.bv_val = ch_strdup( nbase->bv_val );
e->e_nname.bv_len = nbase->bv_len;
e->e_name.bv_val = ch_strdup( op->o_req_dn.bv_val );
e->e_name.bv_len = op->o_req_dn.bv_len;
e->e_nname.bv_val = ch_strdup( op->o_req_ndn.bv_val );
e->e_nname.bv_len = op->o_req_ndn.bv_len;
e->e_attrs = NULL;
e->e_private = NULL;
/* Use the first attribute of the DN
* as an attribute within the entry itself.
*/
if( ldap_bv2rdn( base, &rdn, (char **)&text,
if( ldap_bv2rdn( &op->o_req_dn, &rdn, (char **)&rs->sr_text,
LDAP_DN_FORMAT_LDAP ) )
{
err = LDAP_INVALID_DN_SYNTAX;
rs->sr_err = LDAP_INVALID_DN_SYNTAX;
goto done;
}
if( slap_bv2ad( &rdn[0][0]->la_attr, &desc, &text )) {
err = LDAP_NO_SUCH_OBJECT;
if( slap_bv2ad( &rdn[0][0]->la_attr, &desc, &rs->sr_text )) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
ldap_rdnfree(rdn);
goto done;
}
@ -114,18 +99,19 @@ passwd_back_search(
vals[0].bv_len = sizeof("organizationalUnit")-1;
attr_mergeit( e, ad_objectClass, vals );
if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) {
send_search_entry( be, conn, op,
e, attrs, attrsonly, NULL );
if ( test_filter( op, e, op->oq_search.rs_filter ) == LDAP_COMPARE_TRUE ) {
rs->sr_entry = e;
rs->sr_attrs = op->oq_search.rs_attrs;
send_search_entry( op, rs );
sent++;
}
}
if ( scope != LDAP_SCOPE_BASE ) {
if ( op->oq_search.rs_scope != LDAP_SCOPE_BASE ) {
/* check all our "children" */
ldap_pvt_thread_mutex_lock( &passwd_mutex );
pw_start( be );
pw_start( op->o_bd );
for ( pw = getpwent(); pw != NULL; pw = getpwent() ) {
/* check for abandon */
if ( op->o_abandon ) {
@ -136,32 +122,31 @@ passwd_back_search(
/* check time limit */
if ( slap_get_time() > stoptime ) {
send_ldap_result( conn, op, LDAP_TIMELIMIT_EXCEEDED,
NULL, NULL, NULL, NULL );
send_ldap_error( op, rs, LDAP_TIMELIMIT_EXCEEDED, NULL );
endpwent();
ldap_pvt_thread_mutex_unlock( &passwd_mutex );
return( 0 );
}
if ( !(e = pw2entry( be, pw, &text )) ) {
err = LDAP_OTHER;
if ( !(e = pw2entry( op->o_bd, pw, &rs->sr_text )) ) {
rs->sr_err = LDAP_OTHER;
endpwent();
ldap_pvt_thread_mutex_unlock( &passwd_mutex );
goto done;
}
if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) {
if ( test_filter( op, e, op->oq_search.rs_filter ) == LDAP_COMPARE_TRUE ) {
/* check size limit */
if ( --slimit == -1 ) {
send_ldap_result( conn, op, LDAP_SIZELIMIT_EXCEEDED,
NULL, NULL, NULL, NULL );
if ( --op->oq_search.rs_slimit == -1 ) {
send_ldap_error( op, rs, LDAP_SIZELIMIT_EXCEEDED, NULL );
endpwent();
ldap_pvt_thread_mutex_unlock( &passwd_mutex );
return( 0 );
}
send_search_entry( be, conn, op,
e, attrs, attrsonly, NULL );
rs->sr_entry = e;
rs->sr_attrs = op->oq_search.rs_attrs;
send_search_entry( op, rs );
sent++;
}
@ -172,55 +157,56 @@ passwd_back_search(
}
} else {
if (! be_issuffix( be, nbase ) ) {
dnParent( nbase, &parent );
if (! be_issuffix( op->o_bd, &op->o_req_ndn ) ) {
dnParent( &op->o_req_ndn, &parent );
}
/* This backend is only one layer deep. Don't answer requests for
* anything deeper than that.
*/
if( !be_issuffix( be, &parent ) ) {
if( !be_issuffix( op->o_bd, &parent ) ) {
int i;
for( i=0; be->be_nsuffix[i].bv_val != NULL; i++ ) {
if( dnIsSuffix( nbase, &be->be_nsuffix[i] ) ) {
matched = be->be_suffix[i].bv_val;
for( i=0; op->o_bd->be_nsuffix[i].bv_val != NULL; i++ ) {
if( dnIsSuffix( &op->o_req_ndn, &op->o_bd->be_nsuffix[i] ) ) {
rs->sr_matched = op->o_bd->be_suffix[i].bv_val;
break;
}
}
err = LDAP_NO_SUCH_OBJECT;
rs->sr_err = LDAP_NO_SUCH_OBJECT;
goto done;
}
if( scope == LDAP_SCOPE_ONELEVEL ) {
if( op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL ) {
goto done;
}
if ( ldap_bv2rdn( base, &rdn, (char **)&text,
if ( ldap_bv2rdn( &op->o_req_dn, &rdn, (char **)&rs->sr_text,
LDAP_DN_FORMAT_LDAP ))
{
err = LDAP_OTHER;
rs->sr_err = LDAP_OTHER;
goto done;
}
ldap_pvt_thread_mutex_lock( &passwd_mutex );
pw_start( be );
pw_start( op->o_bd );
if ( (pw = getpwnam( rdn[0][0]->la_value.bv_val )) == NULL ) {
matched = parent.bv_val;
err = LDAP_NO_SUCH_OBJECT;
rs->sr_matched = parent.bv_val;
rs->sr_err = LDAP_NO_SUCH_OBJECT;
ldap_pvt_thread_mutex_unlock( &passwd_mutex );
goto done;
}
e = pw2entry( be, pw, &text );
e = pw2entry( op->o_bd, pw, &rs->sr_text );
ldap_pvt_thread_mutex_unlock( &passwd_mutex );
if ( !e ) {
err = LDAP_OTHER;
rs->sr_err = LDAP_OTHER;
goto done;
}
if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) {
send_search_entry( be, conn, op,
e, attrs, attrsonly, NULL );
if ( test_filter( op, e, op->oq_search.rs_filter ) == LDAP_COMPARE_TRUE ) {
rs->sr_entry = e;
rs->sr_attrs = op->oq_search.rs_attrs;
send_search_entry( op, rs );
sent++;
}
@ -228,9 +214,9 @@ passwd_back_search(
}
done:
send_ldap_result( conn, op,
err, err == LDAP_NO_SUCH_OBJECT ? matched : NULL, text,
NULL, NULL );
if( rs->sr_err != LDAP_NO_SUCH_OBJECT ) rs->sr_matched = NULL;
rs->sr_nentries = sent;
send_search_result( op, rs );
if( rdn != NULL ) ldap_rdnfree( rdn );

21
servers/slapd/back-shell/abandon.c
View file

@ -17,32 +17,29 @@
int
shell_back_abandon(
Backend *be,
Connection *conn,
Operation *op,
int msgid
)
SlapReply *rs )
{
struct shellinfo *si = (struct shellinfo *) be->be_private;
struct shellinfo *si = (struct shellinfo *) op->o_bd->be_private;
FILE *rfp, *wfp;
pid_t pid;
Operation *o;
/* no abandon command defined - just kill the process handling it */
if ( si->si_abandon == NULL ) {
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
pid = -1;
LDAP_STAILQ_FOREACH( o, &conn->c_ops, o_next ) {
if ( o->o_msgid == msgid ) {
LDAP_STAILQ_FOREACH( o, &op->o_conn->c_ops, o_next ) {
if ( o->o_msgid == op->oq_abandon.rs_msgid ) {
pid = (pid_t) o->o_private;
break;
}
}
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
}
if ( pid == -1 ) {
Debug( LDAP_DEBUG_ARGS, "shell could not find op %d\n", msgid, 0, 0 );
Debug( LDAP_DEBUG_ARGS, "shell could not find op %d\n", op->oq_abandon.rs_msgid, 0, 0 );
return 0;
}
@ -52,8 +49,8 @@ shell_back_abandon(
/* write out the request to the abandon process */
fprintf( wfp, "ABANDON\n" );
fprintf( wfp, "msgid: %d\n", msgid );
print_suffixes( wfp, be );
fprintf( wfp, "msgid: %d\n", op->oq_abandon.rs_msgid );
print_suffixes( wfp, op->o_bd );
fprintf( wfp, "pid: %ld\n", (long) pid );
fclose( wfp );

26
servers/slapd/back-shell/add.c
View file

@ -17,48 +17,44 @@
int
shell_back_add(
Backend *be,
Connection *conn,
Operation *op,
Entry *e
)
SlapReply *rs )
{
struct shellinfo *si = (struct shellinfo *) be->be_private;
struct shellinfo *si = (struct shellinfo *) op->o_bd->be_private;
AttributeDescription *entry = slap_schema.si_ad_entry;
FILE *rfp, *wfp;
int len;
if ( si->si_add == NULL ) {
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM, NULL,
"add not implemented", NULL, NULL );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"add not implemented" );
return( -1 );
}
if ( ! access_allowed( be, conn, op, e,
if ( ! access_allowed( op, op->oq_add.rs_e,
entry, NULL, ACL_WRITE, NULL ) )
{
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
NULL, NULL, NULL, NULL );
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
return -1;
}
if ( (op->o_private = (void *) forkandexec( si->si_add, &rfp, &wfp )) == (void *) -1 ) {
send_ldap_result( conn, op, LDAP_OTHER, NULL,
"could not fork/exec", NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER,
"could not fork/exec" );
return( -1 );
}
/* write out the request to the add process */
fprintf( wfp, "ADD\n" );
fprintf( wfp, "msgid: %ld\n", (long) op->o_msgid );
print_suffixes( wfp, be );
print_suffixes( wfp, op->o_bd );
ldap_pvt_thread_mutex_lock( &entry2str_mutex );
fprintf( wfp, "%s", entry2str( e, &len ) );
fprintf( wfp, "%s", entry2str( op->oq_add.rs_e, &len ) );
ldap_pvt_thread_mutex_unlock( &entry2str_mutex );
fclose( wfp );
/* read in the result and send it along */
read_and_send_results( be, conn, op, rfp, NULL, 0 );
read_and_send_results( op, rs, rfp );
fclose( rfp );
return( 0 );

40
servers/slapd/back-shell/bind.c
View file

@ -17,64 +17,56 @@
int
shell_back_bind(
Backend *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn,
int method,
struct berval *cred,
struct berval *edn
)
SlapReply *rs )
{
struct shellinfo *si = (struct shellinfo *) be->be_private;
struct shellinfo *si = (struct shellinfo *) op->o_bd->be_private;
AttributeDescription *entry = slap_schema.si_ad_entry;
Entry e;
FILE *rfp, *wfp;
int rc;
if ( si->si_bind == NULL ) {
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM, NULL,
"bind not implemented", NULL, NULL );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"bind not implemented" );
return( -1 );
}
e.e_id = NOID;
e.e_name = *dn;
e.e_nname = *ndn;
e.e_name = op->o_req_dn;
e.e_nname = op->o_req_ndn;
e.e_attrs = NULL;
e.e_ocflags = 0;
e.e_bv.bv_len = 0;
e.e_bv.bv_val = NULL;
e.e_private = NULL;
if ( ! access_allowed( be, conn, op, &e,
if ( ! access_allowed( op, &e,
entry, NULL, ACL_AUTH, NULL ) )
{
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
NULL, NULL, NULL, NULL );
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
return -1;
}
if ( (op->o_private = (void *) forkandexec( si->si_bind, &rfp, &wfp ))
== (void *) -1 ) {
send_ldap_result( conn, op, LDAP_OTHER, NULL,
"could not fork/exec", NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER,
"could not fork/exec" );
return( -1 );
}
/* write out the request to the bind process */
fprintf( wfp, "BIND\n" );
fprintf( wfp, "msgid: %ld\n", (long) op->o_msgid );
print_suffixes( wfp, be );
fprintf( wfp, "dn: %s\n", dn->bv_val );
fprintf( wfp, "method: %d\n", method );
fprintf( wfp, "credlen: %lu\n", cred->bv_len );
fprintf( wfp, "cred: %s\n", cred->bv_val ); /* XXX */
print_suffixes( wfp, op->o_bd );
fprintf( wfp, "dn: %s\n", op->o_req_dn.bv_val );
fprintf( wfp, "method: %d\n", op->oq_bind.rb_method );
fprintf( wfp, "credlen: %lu\n", op->oq_bind.rb_cred.bv_len );
fprintf( wfp, "cred: %s\n", op->oq_bind.rb_cred.bv_val ); /* XXX */
fclose( wfp );
/* read in the results and send them along */
rc = read_and_send_results( be, conn, op, rfp, NULL, 0 );
rc = read_and_send_results( op, rs, rfp );
fclose( rfp );
return( rc );

36
servers/slapd/back-shell/compare.c
View file

@ -17,46 +17,40 @@
int
shell_back_compare(
Backend *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn,
AttributeAssertion *ava
)
SlapReply *rs )
{
struct shellinfo *si = (struct shellinfo *) be->be_private;
struct shellinfo *si = (struct shellinfo *) op->o_bd->be_private;
AttributeDescription *entry = slap_schema.si_ad_entry;
Entry e;
FILE *rfp, *wfp;
if ( si->si_compare == NULL ) {
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM, NULL,
"compare not implemented", NULL, NULL );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"compare not implemented" );
return( -1 );
}
e.e_id = NOID;
e.e_name = *dn;
e.e_nname = *ndn;
e.e_name = op->o_req_dn;
e.e_nname = op->o_req_ndn;
e.e_attrs = NULL;
e.e_ocflags = 0;
e.e_bv.bv_len = 0;
e.e_bv.bv_val = NULL;
e.e_private = NULL;
if ( ! access_allowed( be, conn, op, &e,
if ( ! access_allowed( op, &e,
entry, NULL, ACL_READ, NULL ) )
{
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
NULL, NULL, NULL, NULL );
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
return -1;
}
if ( (op->o_private = (void *) forkandexec( si->si_compare, &rfp, &wfp ))
== (void *) -1 ) {
send_ldap_result( conn, op, LDAP_OTHER, NULL,
"could not fork/exec", NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER,
"could not fork/exec" );
return( -1 );
}
@ -68,15 +62,15 @@ shell_back_compare(
/* write out the request to the compare process */
fprintf( wfp, "COMPARE\n" );
fprintf( wfp, "msgid: %ld\n", (long) op->o_msgid );
print_suffixes( wfp, be );
fprintf( wfp, "dn: %s\n", dn->bv_val );
print_suffixes( wfp, op->o_bd );
fprintf( wfp, "dn: %s\n", op->o_req_dn.bv_val );
fprintf( wfp, "%s: %s\n",
ava->aa_desc->ad_cname.bv_val,
ava->aa_value.bv_val /* could be binary! */ );
op->oq_compare.rs_ava->aa_desc->ad_cname.bv_val,
op->oq_compare.rs_ava->aa_value.bv_val /* could be binary! */ );
fclose( wfp );
/* read in the result and send it along */
read_and_send_results( be, conn, op, rfp, NULL, 0 );
read_and_send_results( op, rs, rfp );
fclose( rfp );
return( 0 );

31
servers/slapd/back-shell/delete.c
View file

@ -17,57 +17,52 @@
int
shell_back_delete(
Backend *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn
)
SlapReply *rs )
{
struct shellinfo *si = (struct shellinfo *) be->be_private;
struct shellinfo *si = (struct shellinfo *) op->o_bd->be_private;
AttributeDescription *entry = slap_schema.si_ad_entry;
Entry e;
FILE *rfp, *wfp;
if ( si->si_delete == NULL ) {
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM, NULL,
"delete not implemented", NULL, NULL );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"delete not implemented" );
return( -1 );
}
e.e_id = NOID;
e.e_name = *dn;
e.e_nname = *ndn;
e.e_name = op->o_req_dn;
e.e_nname = op->o_req_ndn;
e.e_attrs = NULL;
e.e_ocflags = 0;
e.e_bv.bv_len = 0;
e.e_bv.bv_val = NULL;
e.e_private = NULL;
if ( ! access_allowed( be, conn, op, &e,
if ( ! access_allowed( op, &e,
entry, NULL, ACL_WRITE, NULL ) )
{
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
NULL, NULL, NULL, NULL );
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
return -1;
}
if ( (op->o_private = (void *) forkandexec( si->si_delete, &rfp, &wfp ))
== (void *) -1 ) {
send_ldap_result( conn, op, LDAP_OTHER, NULL,
"could not fork/exec", NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER,
"could not fork/exec" );
return( -1 );
}
/* write out the request to the delete process */
fprintf( wfp, "DELETE\n" );
fprintf( wfp, "msgid: %ld\n", (long) op->o_msgid );
print_suffixes( wfp, be );
fprintf( wfp, "dn: %s\n", dn->bv_val );
print_suffixes( wfp, op->o_bd );
fprintf( wfp, "dn: %s\n", op->o_req_dn.bv_val );
fclose( wfp );
/* read in the results and send them along */
read_and_send_results( be, conn, op, rfp, NULL, 0 );
read_and_send_results( op, rs, rfp );
fclose( rfp );
return( 0 );
}

33
servers/slapd/back-shell/modify.c
View file

@ -17,56 +17,51 @@
int
shell_back_modify(
Backend *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn,
Modifications *ml
)
SlapReply *rs )
{
Modification *mod;
struct shellinfo *si = (struct shellinfo *) be->be_private;
struct shellinfo *si = (struct shellinfo *) op->o_bd->be_private;
AttributeDescription *entry = slap_schema.si_ad_entry;
Modifications *ml = op->oq_modify.rs_modlist;
Entry e;
FILE *rfp, *wfp;
int i;
if ( si->si_modify == NULL ) {
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM, NULL,
"modify not implemented", NULL, NULL );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"modify not implemented" );
return( -1 );
}
e.e_id = NOID;
e.e_name = *dn;
e.e_nname = *ndn;
e.e_name = op->o_req_dn;
e.e_nname = op->o_req_ndn;
e.e_attrs = NULL;
e.e_ocflags = 0;
e.e_bv.bv_len = 0;
e.e_bv.bv_val = NULL;
e.e_private = NULL;
if ( ! access_allowed( be, conn, op, &e,
if ( ! access_allowed( op, &e,
entry, NULL, ACL_WRITE, NULL ) )
{
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
NULL, NULL, NULL, NULL );
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
return -1;
}
if ( (op->o_private = (void *) forkandexec( si->si_modify, &rfp, &wfp ))
== (void *) -1 ) {
send_ldap_result( conn, op, LDAP_OTHER, NULL,
"could not fork/exec", NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER,
"could not fork/exec" );
return( -1 );
}
/* write out the request to the modify process */
fprintf( wfp, "MODIFY\n" );
fprintf( wfp, "msgid: %ld\n", (long) op->o_msgid );
print_suffixes( wfp, be );
fprintf( wfp, "dn: %s\n", dn->bv_val );
print_suffixes( wfp, op->o_bd );
fprintf( wfp, "dn: %s\n", op->o_req_dn.bv_val );
for ( ; ml != NULL; ml = ml->sml_next ) {
mod = &ml->sml_mod;
@ -98,7 +93,7 @@ shell_back_modify(
fclose( wfp );
/* read in the results and send them along */
read_and_send_results( be, conn, op, rfp, NULL, 0 );
read_and_send_results( op, rs, rfp );
fclose( rfp );
return( 0 );
}

44
servers/slapd/back-shell/modrdn.c
View file

@ -30,67 +30,57 @@
int
shell_back_modrdn(
Backend *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn,
struct berval *newrdn,
struct berval *nnewrdn,
int deleteoldrdn,
struct berval *newSuperior,
struct berval *nnewSuperior
)
SlapReply *rs )
{
struct shellinfo *si = (struct shellinfo *) be->be_private;
struct shellinfo *si = (struct shellinfo *) op->o_bd->be_private;
AttributeDescription *entry = slap_schema.si_ad_entry;
Entry e;
FILE *rfp, *wfp;
if ( si->si_modrdn == NULL ) {
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM, NULL,
"modrdn not implemented", NULL, NULL );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"modrdn not implemented" );
return( -1 );
}
e.e_id = NOID;
e.e_name = *dn;
e.e_nname = *ndn;
e.e_name = op->o_req_dn;
e.e_nname = op->o_req_ndn;
e.e_attrs = NULL;
e.e_ocflags = 0;
e.e_bv.bv_len = 0;
e.e_bv.bv_val = NULL;
e.e_private = NULL;
if ( ! access_allowed( be, conn, op, &e,
if ( ! access_allowed( op, &e,
entry, NULL, ACL_WRITE, NULL ) )
{
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
NULL, NULL, NULL, NULL );
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
return -1;
}
if ( (op->o_private = (void *) forkandexec( si->si_modrdn, &rfp, &wfp ))
== (void *) -1 ) {
send_ldap_result( conn, op, LDAP_OTHER, NULL,
"could not fork/exec", NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER,
"could not fork/exec" );
return( -1 );
}
/* write out the request to the modrdn process */
fprintf( wfp, "MODRDN\n" );
fprintf( wfp, "msgid: %ld\n", (long) op->o_msgid );
print_suffixes( wfp, be );
fprintf( wfp, "dn: %s\n", dn->bv_val );
fprintf( wfp, "newrdn: %s\n", newrdn->bv_val );
fprintf( wfp, "deleteoldrdn: %d\n", deleteoldrdn ? 1 : 0 );
if (newSuperior != NULL) {
fprintf( wfp, "newSuperior: %s\n", newSuperior->bv_val );
print_suffixes( wfp, op->o_bd );
fprintf( wfp, "dn: %s\n", op->o_req_dn.bv_val );
fprintf( wfp, "newrdn: %s\n", op->oq_modrdn.rs_newrdn.bv_val );
fprintf( wfp, "deleteoldrdn: %d\n", op->oq_modrdn.rs_deleteoldrdn ? 1 : 0 );
if (op->oq_modrdn.rs_newSup != NULL) {
fprintf( wfp, "newSuperior: %s\n", op->oq_modrdn.rs_newSup->bv_val );
}
fclose( wfp );
/* read in the results and send them along */
read_and_send_results( be, conn, op, rfp, NULL, 0 );
read_and_send_results( op, rs, rfp );
fclose( rfp );
return( 0 );
}

27
servers/slapd/back-shell/result.c
View file

@ -19,20 +19,13 @@
int
read_and_send_results(
Backend *be,
Connection *conn,
Operation *op,
FILE *fp,
AttributeName *attrs,
int attrsonly
)
SlapReply *rs,
FILE *fp )
{
int bsize, len;
char *buf, *bp;
char line[BUFSIZ];
Entry *e;
int err;
char *matched, *info;
/* read in the result and send it along */
buf = (char *) ch_malloc( BUFSIZ );
@ -78,28 +71,28 @@ read_and_send_results(
break;
}
if ( (e = str2entry( buf )) == NULL ) {
if ( (rs->sr_entry = str2entry( buf )) == NULL ) {
Debug( LDAP_DEBUG_ANY, "str2entry(%s) failed\n",
buf, 0, 0 );
} else {
send_search_entry( be, conn, op, e,
attrs, attrsonly, NULL );
entry_free( e );
rs->sr_attrs = op->oq_search.rs_attrs;
send_search_entry( op, rs );
entry_free( rs->sr_entry );
}
bp = buf;
}
}
(void) str2result( buf, &err, &matched, &info );
(void) str2result( buf, &rs->sr_err, (char **)&rs->sr_matched, (char **)&rs->sr_text );
/* otherwise, front end will send this result */
if ( err != 0 || op->o_tag != LDAP_REQ_BIND ) {
send_ldap_result( conn, op, err, matched, info, NULL, NULL );
if ( rs->sr_err != 0 || op->o_tag != LDAP_REQ_BIND ) {
send_ldap_result( op, rs );
}
free( buf );
return( err );
return( rs->sr_err );
}
void

47
servers/slapd/back-shell/search.c
View file

@ -17,58 +17,47 @@
int
shell_back_search(
Backend *be,
Connection *conn,
Operation *op,
struct berval *base,
struct berval *nbase,
int scope,
int deref,
int size,
int time,
Filter *filter,
struct berval *filterstr,
AttributeName *attrs,
int attrsonly
)
SlapReply *rs )
{
struct shellinfo *si = (struct shellinfo *) be->be_private;
struct shellinfo *si = (struct shellinfo *) op->o_bd->be_private;
FILE *rfp, *wfp;
AttributeName *an;
if ( si->si_search == NULL ) {
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM, NULL,
"search not implemented", NULL, NULL );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"search not implemented" );
return( -1 );
}
if ( (op->o_private = (void *) forkandexec( si->si_search, &rfp, &wfp ))
== (void *) -1 ) {
send_ldap_result( conn, op, LDAP_OTHER, NULL,
"could not fork/exec", NULL, NULL );
send_ldap_error( op, rs, LDAP_OTHER,
"could not fork/exec" );
return( -1 );
}
/* write out the request to the search process */
fprintf( wfp, "SEARCH\n" );
fprintf( wfp, "msgid: %ld\n", (long) op->o_msgid );
print_suffixes( wfp, be );
fprintf( wfp, "base: %s\n", base->bv_val );
fprintf( wfp, "scope: %d\n", scope );
fprintf( wfp, "deref: %d\n", deref );
fprintf( wfp, "sizelimit: %d\n", size );
fprintf( wfp, "timelimit: %d\n", time );
fprintf( wfp, "filter: %s\n", filterstr->bv_val );
fprintf( wfp, "attrsonly: %d\n", attrsonly ? 1 : 0 );
fprintf( wfp, "attrs:%s", attrs == NULL ? " all" : "" );
for ( an = attrs; an && an->an_name.bv_val; an++ ) {
print_suffixes( wfp, op->o_bd );
fprintf( wfp, "base: %s\n", op->o_req_dn.bv_val );
fprintf( wfp, "scope: %d\n", op->oq_search.rs_scope );
fprintf( wfp, "deref: %d\n", op->oq_search.rs_deref );
fprintf( wfp, "sizelimit: %d\n", op->oq_search.rs_slimit );
fprintf( wfp, "timelimit: %d\n", op->oq_search.rs_tlimit );
fprintf( wfp, "filter: %s\n", op->oq_search.rs_filterstr.bv_val );
fprintf( wfp, "attrsonly: %d\n", op->oq_search.rs_attrsonly ? 1 : 0 );
fprintf( wfp, "attrs:%s", op->oq_search.rs_attrs == NULL ? " all" : "" );
for ( an = op->oq_search.rs_attrs; an && an->an_name.bv_val; an++ ) {
fprintf( wfp, " %s", an->an_name.bv_val );
}
fprintf( wfp, "\n" );
fclose( wfp );
/* read in the results and send them along */
read_and_send_results( be, conn, op, rfp, attrs, attrsonly );
rs->sr_attrs = op->oq_search.rs_attrs;
read_and_send_results( op, rs, rfp );
fclose( rfp );
return( 0 );

7
servers/slapd/back-shell/shell.h
View file

@ -38,12 +38,9 @@ extern void print_suffixes LDAP_P((
struct slap_backend_db *bd));
extern int read_and_send_results LDAP_P((
struct slap_backend_db *bd,
struct slap_conn *conn,
struct slap_op *op,
FILE *fp,
AttributeName *attrs,
int attrsonly));
struct slap_rep *rs,
FILE *fp));
LDAP_END_DECL

11
servers/slapd/back-shell/unbind.c
View file

@ -17,12 +17,11 @@
int
shell_back_unbind(
Backend *be,
Connection *conn,
Operation *op
Operation *op,
SlapReply *rs
)
{
struct shellinfo *si = (struct shellinfo *) be->be_private;
struct shellinfo *si = (struct shellinfo *) op->o_bd->be_private;
FILE *rfp, *wfp;
if ( si->si_unbind == NULL ) {
@ -37,8 +36,8 @@ shell_back_unbind(
/* write out the request to the unbind process */
fprintf( wfp, "UNBIND\n" );
fprintf( wfp, "msgid: %ld\n", (long) op->o_msgid );
print_suffixes( wfp, be );
fprintf( wfp, "dn: %s\n", (conn->c_dn.bv_len ? conn->c_dn.bv_val : "") );
print_suffixes( wfp, op->o_bd );
fprintf( wfp, "dn: %s\n", (op->o_conn->c_dn.bv_len ? op->o_conn->c_dn.bv_val : "") );
fclose( wfp );
/* no response to unbind */

10
servers/slapd/back-tcl/tcl_abandon.c
View file

@ -18,22 +18,20 @@
int
tcl_back_abandon (
Backend * be,
Connection * conn,
Operation * op,
int msgid
SlapReply * rs
)
{
char *results, *command;
struct berval suf_tcl;
int code, err = 0;
struct tclinfo *ti = (struct tclinfo *) be->be_private;
struct tclinfo *ti = (struct tclinfo *) op->o_bd->be_private;
if (ti->ti_abandon.bv_len == 0) {
return (-1);
}
if (tcl_merge_bvlist(be->be_suffix, &suf_tcl) == NULL) {
if (tcl_merge_bvlist(op->o_bd->be_suffix, &suf_tcl) == NULL) {
return (-1);
}
@ -41,7 +39,7 @@ tcl_back_abandon (
+ 80);
sprintf (command, "%s ABANDON {%ld/%ld} {%s} {%ld/%d}",
ti->ti_abandon.bv_val, op->o_connid, (long) op->o_msgid,
suf_tcl.bv_val, op->o_connid, msgid);
suf_tcl.bv_val, op->o_connid, op->oq_abandon.rs_msgid);
Tcl_Free (suf_tcl.bv_val);
ldap_pvt_thread_mutex_lock (&tcl_interpreter_mutex);

32
servers/slapd/back-tcl/tcl_add.c
View file

@ -18,30 +18,27 @@
int
tcl_back_add (
Backend * be,
Connection * conn,
Operation * op,
Entry * e
SlapReply * rs
)
{
char *command, *entrystr, *results;
struct berval suf_tcl;
int code, err = 0;
struct tclinfo *ti = (struct tclinfo *) be->be_private;
int code;
struct tclinfo *ti = (struct tclinfo *) op->o_bd->be_private;
if (ti->ti_add.bv_len == 0) {
send_ldap_result (conn, op, LDAP_UNWILLING_TO_PERFORM, NULL,
"add not implemented", NULL, NULL );
send_ldap_error (op, rs, LDAP_UNWILLING_TO_PERFORM,
"add not implemented" );
return (-1);
}
if (tcl_merge_bvlist (be->be_suffix, &suf_tcl) == NULL) {
send_ldap_result (conn, op, LDAP_OTHER, NULL,
NULL, NULL, NULL );
if (tcl_merge_bvlist (op->o_bd->be_suffix, &suf_tcl) == NULL) {
send_ldap_error (op, rs, LDAP_OTHER, NULL);
return (-1);
}
entrystr = tcl_clean_entry(e);
entrystr = tcl_clean_entry(op->oq_add.rs_e);
command = (char *) ch_malloc (ti->ti_add.bv_len + suf_tcl.bv_len +
strlen(entrystr) + 52);
@ -58,16 +55,17 @@ tcl_back_add (
free (command);
if (code != TCL_OK) {
err = LDAP_OTHER;
rs->sr_err = LDAP_OTHER;
Debug (LDAP_DEBUG_SHELL, "tcl_add_error: %s\n", results, 0, 0);
} else {
interp_send_results (be, conn, op, results, NULL, 0);
interp_send_results (op, rs, results);
}
if (err != LDAP_SUCCESS)
send_ldap_result (conn, op, err, NULL,
"internal backend error", NULL, NULL );
if (rs->sr_err != LDAP_SUCCESS) {
rs->sr_text = "internal backend error";
send_ldap_result (op, rs);
}
free (results);
return (err);
return (rs->sr_err);
}

7
servers/slapd/back-tcl/tcl_back.h
View file

@ -54,12 +54,9 @@ int tcl_ldap_debug (
);
int interp_send_results (
Backend * be,
Connection * conn,
Operation * op,
char *result,
AttributeName *attrs,
int attrsonly
SlapReply * rs,
char *result
);
#endif

39
servers/slapd/back-tcl/tcl_bind.c
View file

@ -18,39 +18,31 @@
int
tcl_back_bind (
Backend * be,
Connection * conn,
Operation * op,
struct berval *dn,
struct berval *ndn,
int method,
struct berval *cred,
struct berval *edn
)
SlapReply * rs )
{
char *command, *results;
struct berval suf_tcl;
int code, err = 0;
struct tclinfo *ti = (struct tclinfo *) be->be_private;
int code;
struct tclinfo *ti = (struct tclinfo *) op->o_bd->be_private;
if (ti->ti_bind.bv_len == 0) {
send_ldap_result (conn, op, LDAP_UNWILLING_TO_PERFORM, NULL,
"bind not implemented", NULL, NULL );
send_ldap_error (op, rs, LDAP_UNWILLING_TO_PERFORM,
"bind not implemented" );
return (-1);
}
if (tcl_merge_bvlist (be->be_suffix, &suf_tcl) == NULL) {
send_ldap_result (conn, op, LDAP_OTHER, NULL,
NULL, NULL, NULL );
if (tcl_merge_bvlist (op->o_bd->be_suffix, &suf_tcl) == NULL) {
send_ldap_error (op, rs, LDAP_OTHER, NULL );
return (-1);
}
command = (char *) ch_malloc (ti->ti_bind.bv_len + suf_tcl.bv_len +
dn->bv_len + cred->bv_len + 84);
op->o_req_dn.bv_len + op->oq_bind.rb_cred.bv_len + 84);
sprintf (command, "%s BIND {%ld/%ld} {%s} {%s} {%d} {%lu} {%s}",
ti->ti_bind.bv_val, op->o_connid, (long) op->o_msgid,
suf_tcl.bv_val,
dn->bv_val, method, cred->bv_len, cred->bv_val);
op->o_req_dn.bv_val, op->oq_bind.rb_method, op->oq_bind.rb_cred.bv_len, op->oq_bind.rb_cred.bv_val);
Tcl_Free (suf_tcl.bv_val);
ldap_pvt_thread_mutex_lock (&tcl_interpreter_mutex);
@ -60,16 +52,17 @@ tcl_back_bind (
free (command);
if (code != TCL_OK) {
err = LDAP_OTHER;
rs->sr_err = LDAP_OTHER;
Debug (LDAP_DEBUG_SHELL, "tcl_bind_error: %s\n", results, 0, 0);
} else {
err = interp_send_results (be, conn, op, results, NULL, 0);
rs->sr_err = interp_send_results (op, rs, results);
}
if (err != LDAP_SUCCESS)
send_ldap_result (conn, op, err, NULL,
"internal backend error", NULL, NULL );
if (rs->sr_err != LDAP_SUCCESS) {
rs->sr_text = "internal backend error";
send_ldap_result (op, rs);
}
free (results);
return (err);
return (rs->sr_err);
}

40
servers/slapd/back-tcl/tcl_compare.c
View file

@ -18,38 +18,33 @@
int
tcl_back_compare (
Backend * be,
Connection * conn,
Operation * op,
struct berval *dn,
struct berval *ndn,
AttributeAssertion * ava
SlapReply * rs
)
{
char *command, *results;
struct berval suf_tcl;
int code, err = 0;
struct tclinfo *ti = (struct tclinfo *) be->be_private;
int code;
struct tclinfo *ti = (struct tclinfo *) op->o_bd->be_private;
if (ti->ti_compare.bv_len == 0) {
send_ldap_result (conn, op, LDAP_UNWILLING_TO_PERFORM, NULL,
"compare not implemented", NULL, NULL );
send_ldap_error (op, rs, LDAP_UNWILLING_TO_PERFORM,
"compare not implemented" );
return (-1);
}
if (tcl_merge_bvlist (be->be_suffix, &suf_tcl) == NULL) {
send_ldap_result (conn, op, LDAP_OTHER, NULL,
NULL, NULL, NULL );
if (tcl_merge_bvlist (op->o_bd->be_suffix, &suf_tcl) == NULL) {
send_ldap_error (op, rs, LDAP_OTHER, NULL );
return (-1);
}
command = (char *) ch_malloc (ti->ti_compare.bv_len +
suf_tcl.bv_len + dn->bv_len + ava->aa_desc->ad_cname.bv_len +
ava->aa_value.bv_len + 84);
suf_tcl.bv_len + op->o_req_dn.bv_len + op->oq_compare.rs_ava->aa_desc->ad_cname.bv_len +
op->oq_compare.rs_ava->aa_value.bv_len + 84);
sprintf (command, "%s COMPARE {%ld/%ld} {%s} {%s} {%s: %s}",
ti->ti_compare.bv_val, op->o_connid, (long) op->o_msgid,
suf_tcl.bv_val, dn->bv_val,
ava->aa_desc->ad_cname.bv_val, ava->aa_value.bv_val);
suf_tcl.bv_val, op->o_req_dn.bv_val,
op->oq_compare.rs_ava->aa_desc->ad_cname.bv_val, op->oq_compare.rs_ava->aa_value.bv_val);
Tcl_Free (suf_tcl.bv_val);
ldap_pvt_thread_mutex_lock (&tcl_interpreter_mutex);
@ -59,17 +54,18 @@ tcl_back_compare (
free (command);
if (code != TCL_OK) {
err = LDAP_OTHER;
rs->sr_err = LDAP_OTHER;
Debug (LDAP_DEBUG_SHELL, "tcl_compare_error: %s\n", results,
0, 0);
} else {
interp_send_results (be, conn, op, results, NULL, 0);
interp_send_results (op, rs, results);
}
if (err != LDAP_SUCCESS)
send_ldap_result (conn, op, err, NULL,
"internal backend error", NULL, NULL );
if (rs->sr_err != LDAP_SUCCESS) {
rs->sr_text = "internal backend error";
send_ldap_result (op, rs);
}
free (results);
return (err);
return (rs->sr_err);
}

33
servers/slapd/back-tcl/tcl_delete.c
View file

@ -18,35 +18,31 @@
int
tcl_back_delete (
Backend * be,
Connection * conn,
Operation * op,
struct berval *dn,
struct berval *ndn
SlapReply * rs
)
{
char *command, *results;
struct berval suf_tcl;
int code, err = 0;
struct tclinfo *ti = (struct tclinfo *) be->be_private;
struct tclinfo *ti = (struct tclinfo *) op->o_bd->be_private;
if (ti->ti_delete.bv_len == 0) {
send_ldap_result (conn, op, LDAP_UNWILLING_TO_PERFORM, NULL,
"delete not implemented", NULL, NULL );
send_ldap_error (op, rs, LDAP_UNWILLING_TO_PERFORM,
"delete not implemented" );
return (-1);
}
if (tcl_merge_bvlist (be->be_suffix, &suf_tcl) == NULL) {
send_ldap_result (conn, op, LDAP_OTHER, NULL,
NULL, NULL, NULL );
if (tcl_merge_bvlist (op->o_bd->be_suffix, &suf_tcl) == NULL) {
send_ldap_error (op, rs, LDAP_OTHER, NULL);
return (-1);
}
command = (char *) ch_malloc (ti->ti_delete.bv_len + suf_tcl.bv_len
+ dn->bv_len + 84);
+ op->o_req_dn.bv_len + 84);
sprintf (command, "%s DELETE {%ld/%ld} {%s} {%s}",
ti->ti_delete.bv_val, op->o_connid, (long) op->o_msgid,
suf_tcl.bv_val, dn->bv_val);
suf_tcl.bv_val, op->o_req_dn.bv_val);
Tcl_Free (suf_tcl.bv_val);
ldap_pvt_thread_mutex_lock (&tcl_interpreter_mutex);
@ -56,17 +52,18 @@ tcl_back_delete (
free (command);
if (code != TCL_OK) {
err = LDAP_OTHER;
rs->sr_err = LDAP_OTHER;
Debug (LDAP_DEBUG_SHELL, "tcl_delete_error: %s\n", results,
0, 0);
} else {
interp_send_results (be, conn, op, results, NULL, 0);
interp_send_results (op, rs, results);
}
if (err != LDAP_SUCCESS)
send_ldap_result (conn, op, err, NULL,
"internal backend error", NULL, NULL );
if (rs->sr_err != LDAP_SUCCESS) {
rs->sr_text = "internal backend error";
send_ldap_result (op, rs);
}
free (results);
return (err);
return (rs->sr_err);
}

37
servers/slapd/back-tcl/tcl_modify.c
View file

@ -18,28 +18,24 @@
int
tcl_back_modify (
Backend * be,
Connection * conn,
Operation * op,
struct berval *dn,
struct berval *ndn,
Modifications * modlist
SlapReply * rs
)
{
char *command, *bp, *tcl_mods, *results;
struct berval suf_tcl;
int i, code, err = 0, len, bsize;
struct tclinfo *ti = (struct tclinfo *) be->be_private;
int i, code, len, bsize;
struct tclinfo *ti = (struct tclinfo *) op->o_bd->be_private;
Modifications *modlist = op->oq_modify.rs_modlist;
if (ti->ti_modify.bv_len == 0) {
send_ldap_result (conn, op, LDAP_UNWILLING_TO_PERFORM, NULL,
"modify not implemented", NULL, NULL );
send_ldap_error (op, rs, LDAP_UNWILLING_TO_PERFORM,
"modify not implemented" );
return (-1);
}
if (tcl_merge_bvlist (be->be_suffix, &suf_tcl) == NULL) {
send_ldap_result (conn, op, LDAP_OTHER, NULL,
NULL, NULL, NULL );
if (tcl_merge_bvlist (op->o_bd->be_suffix, &suf_tcl) == NULL) {
send_ldap_error (op, rs, LDAP_OTHER, NULL);
return (-1);
}
@ -97,11 +93,11 @@ tcl_back_modify (
}
command = (char *) ch_malloc (ti->ti_modify.bv_len + suf_tcl.bv_len
+ dn->bv_len + strlen (tcl_mods) + 84);
+ op->o_req_dn.bv_len + strlen (tcl_mods) + 84);
/* This space is simply for aesthetics--\ */
sprintf (command, "%s MODIFY {%ld/%ld} {%s} {%s} { %s}",
ti->ti_modify.bv_val, op->o_connid, (long) op->o_msgid,
suf_tcl.bv_val, dn->bv_val, tcl_mods);
suf_tcl.bv_val, op->o_req_dn.bv_val, tcl_mods);
Tcl_Free (suf_tcl.bv_val);
free (tcl_mods);
@ -112,17 +108,18 @@ tcl_back_modify (
free (command);
if (code != TCL_OK) {
err = LDAP_OTHER;
rs->sr_err = LDAP_OTHER;
Debug (LDAP_DEBUG_SHELL, "tcl_modify_error: %s\n", results,
0, 0);
} else {
interp_send_results (be, conn, op, results, NULL, 0);
interp_send_results (op, rs, results);
}
if (err != LDAP_SUCCESS)
send_ldap_result (conn, op, err, NULL,
"internal backend error", NULL, NULL );
if (rs->sr_err != LDAP_SUCCESS) {
rs->sr_text = "internal backend error";
send_ldap_result (op, rs);
}
free (results);
return (err);
return (rs->sr_err);
}

52
servers/slapd/back-tcl/tcl_modrdn.c
View file

@ -31,50 +31,41 @@
int
tcl_back_modrdn (
Backend * be,
Connection * conn,
Operation * op,
struct berval *dn,
struct berval *ndn,
struct berval *newrdn,
struct berval *nnewrdn,
int deleteoldrdn,
struct berval *newSuperior,
struct berval *nnewSuperior
SlapReply * rs
)
{
char *command, *results;
struct berval suf_tcl;
int code, err = 0;
struct tclinfo *ti = (struct tclinfo *) be->be_private;
int code;
struct tclinfo *ti = (struct tclinfo *) op->o_bd->be_private;
if (ti->ti_modrdn.bv_len == 0) {
send_ldap_result (conn, op, LDAP_UNWILLING_TO_PERFORM, NULL,
"modrdn not implemented", NULL, NULL );
send_ldap_error (op, rs, LDAP_UNWILLING_TO_PERFORM,
"modrdn not implemented" );
return (-1);
}
if (tcl_merge_bvlist (be->be_suffix, &suf_tcl) == NULL) {
send_ldap_result (conn, op, LDAP_OTHER, NULL,
NULL, NULL, NULL );
if (tcl_merge_bvlist (op->o_bd->be_suffix, &suf_tcl) == NULL) {
send_ldap_error (op, rs, LDAP_OTHER, NULL);
return (-1);
}
command = (char *) ch_malloc (ti->ti_modrdn.bv_len + suf_tcl.bv_len
+ dn->bv_len + newrdn->bv_len
+ (newSuperior ? newSuperior->bv_len : 0) + 84);
if ( newSuperior ) {
+ op->o_req_dn.bv_len + op->oq_modrdn.rs_newrdn.bv_len
+ (op->oq_modrdn.rs_newSup ? op->oq_modrdn.rs_newSup->bv_len : 0) + 84);
if ( op->oq_modrdn.rs_newSup ) {
sprintf (command, "%s MODRDN {%ld/%ld} {%s} {%s} {%s} %d {%s}",
ti->ti_modrdn.bv_val,
op->o_connid, (long) op->o_msgid,
suf_tcl.bv_val, dn->bv_val,
newrdn->bv_val, deleteoldrdn ? 1 : 0,
newSuperior->bv_val );
suf_tcl.bv_val, op->o_req_dn.bv_val,
op->oq_modrdn.rs_newrdn.bv_val, op->oq_modrdn.rs_deleteoldrdn ? 1 : 0,
op->oq_modrdn.rs_newSup->bv_val );
} else {
sprintf (command, "%s MODRDN {%ld} {%s} {%s} {%s} %d",
ti->ti_modrdn.bv_val, (long) op->o_msgid,
suf_tcl.bv_val, dn->bv_val,
newrdn->bv_val, deleteoldrdn ? 1 : 0 );
suf_tcl.bv_val, op->o_req_dn.bv_val,
op->oq_modrdn.rs_newrdn.bv_val, op->oq_modrdn.rs_deleteoldrdn ? 1 : 0 );
}
Tcl_Free (suf_tcl.bv_val);
@ -85,17 +76,18 @@ tcl_back_modrdn (
free (command);
if (code != TCL_OK) {
err = LDAP_OTHER;
rs->sr_err = LDAP_OTHER;
Debug (LDAP_DEBUG_SHELL, "tcl_modrdn_error: %s\n", results,
0, 0);
} else {
interp_send_results (be, conn, op, results, NULL, 0);
interp_send_results (op, rs, results);
}
if (err != LDAP_SUCCESS)
send_ldap_result (conn, op, err, NULL,
"internal backend error", NULL, NULL );
if (rs->sr_err != LDAP_SUCCESS) {
rs->sr_text = "internal backend error";
send_ldap_result (op, rs);
}
free (results);
return (err);
return (rs->sr_err);
}

52
servers/slapd/back-tcl/tcl_search.c
View file

@ -18,59 +18,46 @@
int
tcl_back_search (
Backend * be,
Connection * conn,
Operation * op,
struct berval *base,
struct berval *nbase,
int scope,
int deref,
int sizelimit,
int timelimit,
Filter * filter,
struct berval *filterstr,
AttributeName *attrs,
int attrsonly
)
SlapReply * rs )
{
char *attrs_tcl = NULL, *results, *command;
struct berval suf_tcl;
int i, err = 0, code;
struct tclinfo *ti = (struct tclinfo *) be->be_private;
int i, code;
struct tclinfo *ti = (struct tclinfo *) op->o_bd->be_private;
AttributeName *an;
if (ti->ti_search.bv_len == 0) {
send_ldap_result (conn, op, LDAP_UNWILLING_TO_PERFORM, NULL,
"search not implemented", NULL, NULL );
send_ldap_error (op, rs, LDAP_UNWILLING_TO_PERFORM,
"search not implemented" );
return (-1);
}
for (i = 0, an = attrs; an && an->an_name.bv_val; an++, i++);
for (i = 0, an = op->oq_search.rs_attrs; an && an->an_name.bv_val; an++, i++);
if (i > 0) {
char **sattrs = ch_malloc( (i+1) * sizeof(char *));
for (i = 0, an = attrs; an->an_name.bv_val; an++, i++)
for (i = 0, an = op->oq_search.rs_attrs; an->an_name.bv_val; an++, i++)
sattrs[i] = an->an_name.bv_val;
sattrs[i] = NULL;
attrs_tcl = Tcl_Merge (i, sattrs);
ch_free(sattrs);
}
if (tcl_merge_bvlist (be->be_suffix, &suf_tcl) == NULL) {
if (tcl_merge_bvlist (op->o_bd->be_suffix, &suf_tcl) == NULL) {
Tcl_Free (attrs_tcl);
send_ldap_result (conn, op, LDAP_OTHER, NULL,
NULL, NULL, NULL );
send_ldap_error (op, rs, LDAP_OTHER, NULL);
return (-1);
}
command = (char *) ch_malloc (ti->ti_search.bv_len + suf_tcl.bv_len
+ base->bv_len + 60 + filterstr->bv_len +
+ op->o_req_dn.bv_len + 60 + op->oq_search.rs_filterstr.bv_len +
(attrs_tcl == NULL ? 5 : strlen (attrs_tcl)) + 72);
sprintf (command,
"%s SEARCH {%ld/%ld} {%s} {%s} {%d} {%d} {%d} {%d} {%s} {%d} {%s}",
ti->ti_search.bv_val, op->o_connid, (long) op->o_msgid,
suf_tcl.bv_val, base->bv_val, scope, deref,
sizelimit, timelimit, filterstr->bv_val, attrsonly ? 1 : 0,
attrs_tcl == NULL ? "{all}" : attrs_tcl);
suf_tcl.bv_val, op->o_req_dn.bv_val, op->oq_search.rs_scope, op->oq_search.rs_deref,
op->oq_search.rs_slimit, op->oq_search.rs_tlimit, op->oq_search.rs_filterstr.bv_val,
op->oq_search.rs_attrsonly ? 1 : 0, attrs_tcl == NULL ? "{all}" : attrs_tcl);
Tcl_Free (attrs_tcl);
Tcl_Free (suf_tcl.bv_val);
@ -81,17 +68,18 @@ tcl_back_search (
free (command);
if (code != TCL_OK) {
err = LDAP_OTHER;
rs->sr_err = LDAP_OTHER;
Debug (LDAP_DEBUG_SHELL, "tcl_search_error: %s\n", results,
0, 0);
} else {
interp_send_results (be, conn, op, results, attrs, 0);
interp_send_results (op, rs, results );
}
if (err != LDAP_SUCCESS)
send_ldap_result (conn, op, err, NULL,
"internal backend error", NULL, NULL );
if (rs->sr_err != LDAP_SUCCESS) {
rs->sr_text = "internal backend error";
send_ldap_result (op, rs );
}
free (results);
return (err);
return (rs->sr_err);
}

13
servers/slapd/back-tcl/tcl_unbind.c
View file

@ -18,29 +18,28 @@
int
tcl_back_unbind (
Backend * be,
Connection * conn,
Operation * op
Operation * op,
SlapReply * rs
)
{
char *command, *results;
struct berval suf_tcl;
int code, err = 0;
struct tclinfo *ti = (struct tclinfo *) be->be_private;
struct tclinfo *ti = (struct tclinfo *) op->o_bd->be_private;
if (ti->ti_unbind.bv_len == 0) {
return (-1);
}
if (tcl_merge_bvlist (be->be_suffix, &suf_tcl) == NULL) {
if (tcl_merge_bvlist (op->o_bd->be_suffix, &suf_tcl) == NULL) {
return (-1);
}
command = (char *) ch_malloc (ti->ti_unbind.bv_len + suf_tcl.bv_len
+ conn->c_dn.bv_len + 84);
+ op->o_conn->c_dn.bv_len + 84);
sprintf (command, "%s UNBIND {%ld/%ld} {%s} {%s}",
ti->ti_unbind.bv_val, op->o_connid, (long) op->o_msgid,
suf_tcl.bv_val, conn->c_dn.bv_val ? conn->c_dn.bv_val : "");
suf_tcl.bv_val, op->o_conn->c_dn.bv_val ? op->o_conn->c_dn.bv_val : "");
Tcl_Free (suf_tcl.bv_val);
ldap_pvt_thread_mutex_lock (&tcl_interpreter_mutex);

34
servers/slapd/back-tcl/tcl_util.c
View file

@ -22,18 +22,14 @@
int
interp_send_results (
Backend * be,
Connection * conn,
Operation * op,
char *result,
AttributeName *attrs,
int attrsonly
SlapReply * rs,
char *result
)
{
int bsize, len, argcPtr, i, err, code;
char *buf, *bp, **argvPtr, *line, *matched, *info;
Entry *e;
struct tclinfo *ti = (struct tclinfo *) be->be_private;
int bsize, len, argcPtr, i, code;
char *buf, *bp, **argvPtr, *line;
struct tclinfo *ti = (struct tclinfo *) op->o_bd->be_private;
/*
* read in the result and send it along
@ -45,8 +41,8 @@ interp_send_results (
code = Tcl_SplitList (ti->ti_ii->interp, result, &argcPtr, &argvPtr);
if (code != TCL_OK) {
argcPtr = 0;
send_ldap_result (conn, op, LDAP_UNWILLING_TO_PERFORM, NULL,
"internal backend error", NULL, NULL );
send_ldap_error (op, rs, LDAP_UNWILLING_TO_PERFORM,
"internal backend error" );
return -1;
}
for (i = 0; i < argcPtr; i++) {
@ -73,32 +69,32 @@ interp_send_results (
if (strncasecmp (buf, "RESULT", 6) == 0) {
break;
}
if ((e = str2entry (buf)) == NULL) {
if ((rs->sr_entry = str2entry (buf)) == NULL) {
Debug (LDAP_DEBUG_SHELL,
"str2entry(%s) failed\n",
buf, 0, 0);
} else {
send_search_entry (be, conn, op, e, attrs,
attrsonly, NULL );
entry_free (e);
rs->sr_attrs = op->oq_search.rs_attrs;
send_search_entry (op, rs);
entry_free (rs->sr_entry);
}
bp = buf;
}
}
(void) str2result (buf, &err, &matched, &info);
(void) str2result (buf, &rs->sr_err, (char **)&rs->sr_matched, (char **)&rs->sr_text);
/*
* otherwise, front end will send this result
*/
if (err != 0 || op->o_tag != LDAP_REQ_BIND) {
send_ldap_result (conn, op, err, matched, info, NULL, NULL );
if (rs->sr_err != 0 || op->o_tag != LDAP_REQ_BIND) {
send_ldap_result (op, rs);
}
free (buf);
Tcl_Free ((char *) argvPtr);
return (err);
return (rs->sr_err);
}
char *

283
servers/slapd/backend.c
View file

@ -631,29 +631,26 @@ be_root_dn( Backend *be )
}
int
be_isroot_pw( Backend *be,
Connection *conn,
struct berval *ndn,
struct berval *cred )
be_isroot_pw( Operation *op )
{
int result;
if ( ! be_isroot( be, ndn ) ) {
if ( ! be_isroot( op->o_bd, &op->o_req_ndn ) ) {
return 0;
}
if( be->be_rootpw.bv_len == 0 ) {
if( op->o_bd->be_rootpw.bv_len == 0 ) {
return 0;
}
#if defined( SLAPD_CRYPT ) || defined( SLAPD_SPASSWD )
ldap_pvt_thread_mutex_lock( &passwd_mutex );
#ifdef SLAPD_SPASSWD
lutil_passwd_sasl_conn = conn->c_sasl_context;
lutil_passwd_sasl_conn = op->o_conn->c_sasl_context;
#endif
#endif
result = lutil_passwd( &be->be_rootpw, cred, NULL );
result = lutil_passwd( &op->o_bd->be_rootpw, &op->oq_bind.rb_cred, NULL );
#if defined( SLAPD_CRYPT ) || defined( SLAPD_SPASSWD )
#ifdef SLAPD_SPASSWD
@ -667,15 +664,13 @@ be_isroot_pw( Backend *be,
int
be_entry_release_rw(
BackendDB *be,
Connection *conn,
Operation *op,
Entry *e,
int rw )
{
if ( be->be_release ) {
if ( op->o_bd->be_release ) {
/* free and release entry from backend */
return be->be_release( be, conn, op, e, rw );
return op->o_bd->be_release( op, e, rw );
} else {
/* free entry */
entry_free( e );
@ -684,17 +679,14 @@ be_entry_release_rw(
}
int
backend_unbind(
Connection *conn,
Operation *op
)
backend_unbind( Operation *op, SlapReply *rs )
{
int i;
#if defined( LDAP_SLAPI )
Slapi_PBlock *pb = op->o_pb;
int rc;
slapi_x_connection_set_pb( pb, conn );
slapi_x_connection_set_pb( pb, op->o_conn );
slapi_x_operation_set_pb( pb, op );
#endif /* defined( LDAP_SLAPI ) */
@ -720,7 +712,8 @@ backend_unbind(
#endif /* defined( LDAP_SLAPI ) */
if ( backends[i].be_unbind ) {
(*backends[i].be_unbind)( &backends[i], conn, op );
op->o_bd = &backends[i];
(*backends[i].be_unbind)( op, rs );
}
#if defined( LDAP_SLAPI )
@ -774,36 +767,33 @@ backend_connection_destroy(
static int
backend_check_controls(
Backend *be,
Connection *conn,
Operation *op,
const char **text )
SlapReply *rs )
{
LDAPControl **ctrls = op->o_ctrls;
rs->sr_err = LDAP_SUCCESS;
if( ctrls == NULL ) return LDAP_SUCCESS;
for( ; *ctrls != NULL ; ctrls++ ) {
if( (*ctrls)->ldctl_iscritical &&
!ldap_charray_inlist( be->be_controls, (*ctrls)->ldctl_oid ) )
{
*text = "control unavailable in context";
return LDAP_UNAVAILABLE_CRITICAL_EXTENSION;
if( ctrls ) {
for( ; *ctrls != NULL ; ctrls++ ) {
if( (*ctrls)->ldctl_iscritical &&
!ldap_charray_inlist( op->o_bd->be_controls, (*ctrls)->ldctl_oid ) )
{
rs->sr_text = "control unavailable in context";
rs->sr_err = LDAP_UNAVAILABLE_CRITICAL_EXTENSION;
break;
}
}
}
return LDAP_SUCCESS;
return rs->sr_err;
}
int
backend_check_restrictions(
Backend *be,
Connection *conn,
Operation *op,
struct berval *opdata,
const char **text )
SlapReply *rs,
struct berval *opdata )
{
int rc;
slap_mask_t restrictops;
slap_mask_t requires;
slap_mask_t opflag;
@ -812,16 +802,14 @@ backend_check_restrictions(
int starttls = 0;
int session = 0;
if( be ) {
rc = backend_check_controls( be, conn, op, text );
if( rc != LDAP_SUCCESS ) {
return rc;
if( op->o_bd ) {
if ( backend_check_controls( op, rs ) != LDAP_SUCCESS ) {
return rs->sr_err;
}
restrictops = be->be_restrictops;
requires = be->be_requires;
ssf = &be->be_ssf_set;
restrictops = op->o_bd->be_restrictops;
requires = op->o_bd->be_requires;
ssf = &op->o_bd->be_ssf_set;
} else {
restrictops = global_restrictops;
@ -898,29 +886,31 @@ backend_check_restrictions(
opflag = 0;
break;
default:
*text = "restrict operations internal error";
return LDAP_OTHER;
rs->sr_text = "restrict operations internal error";
rs->sr_err = LDAP_OTHER;
return rs->sr_err;
}
if ( !starttls ) {
/* these checks don't apply to StartTLS */
rs->sr_err = LDAP_CONFIDENTIALITY_REQUIRED;
if( op->o_transport_ssf < ssf->sss_transport ) {
*text = "transport confidentiality required";
return LDAP_CONFIDENTIALITY_REQUIRED;
rs->sr_text = "transport confidentiality required";
return rs->sr_err;
}
if( op->o_tls_ssf < ssf->sss_tls ) {
*text = "TLS confidentiality required";
return LDAP_CONFIDENTIALITY_REQUIRED;
rs->sr_text = "TLS confidentiality required";
return rs->sr_err;
}
if( op->o_tag == LDAP_REQ_BIND && opdata == NULL ) {
/* simple bind specific check */
if( op->o_ssf < ssf->sss_simple_bind ) {
*text = "confidentiality required";
return LDAP_CONFIDENTIALITY_REQUIRED;
rs->sr_text = "confidentiality required";
return rs->sr_err;
}
}
@ -928,49 +918,51 @@ backend_check_restrictions(
/* these checks don't apply to SASL bind */
if( op->o_sasl_ssf < ssf->sss_sasl ) {
*text = "SASL confidentiality required";
return LDAP_CONFIDENTIALITY_REQUIRED;
rs->sr_text = "SASL confidentiality required";
return rs->sr_err;
}
if( op->o_ssf < ssf->sss_ssf ) {
*text = "confidentiality required";
return LDAP_CONFIDENTIALITY_REQUIRED;
rs->sr_text = "confidentiality required";
return rs->sr_err;
}
}
if( updateop ) {
if( op->o_transport_ssf < ssf->sss_update_transport ) {
*text = "transport update confidentiality required";
return LDAP_CONFIDENTIALITY_REQUIRED;
rs->sr_text = "transport update confidentiality required";
return rs->sr_err;
}
if( op->o_tls_ssf < ssf->sss_update_tls ) {
*text = "TLS update confidentiality required";
return LDAP_CONFIDENTIALITY_REQUIRED;
rs->sr_text = "TLS update confidentiality required";
return rs->sr_err;
}
if( op->o_sasl_ssf < ssf->sss_update_sasl ) {
*text = "SASL update confidentiality required";
return LDAP_CONFIDENTIALITY_REQUIRED;
rs->sr_text = "SASL update confidentiality required";
return rs->sr_err;
}
if( op->o_ssf < ssf->sss_update_ssf ) {
*text = "update confidentiality required";
return LDAP_CONFIDENTIALITY_REQUIRED;
rs->sr_text = "update confidentiality required";
return rs->sr_err;
}
if( !( global_allows & SLAP_ALLOW_UPDATE_ANON ) &&
op->o_ndn.bv_len == 0 )
{
*text = "modifications require authentication";
return LDAP_STRONG_AUTH_REQUIRED;
rs->sr_text = "modifications require authentication";
rs->sr_err = LDAP_STRONG_AUTH_REQUIRED;
return rs->sr_err;
}
#ifdef SLAP_X_LISTENER_MOD
if ( conn->c_listener && ! ( conn->c_listener->sl_perms & S_IWUSR ) ) {
if ( op->o_conn->c_listener && ! ( op->o_conn->c_listener->sl_perms & S_IWUSR ) ) {
/* no "w" mode means readonly */
*text = "modifications not allowed on this listener";
return LDAP_UNWILLING_TO_PERFORM;
rs->sr_text = "modifications not allowed on this listener";
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
return rs->sr_err;
}
#endif /* SLAP_X_LISTENER_MOD */
}
@ -984,60 +976,67 @@ backend_check_restrictions(
if( ( op->o_transport_ssf < ssf->sss_transport
&& op->o_authmech.bv_len == 0 ) || op->o_dn.bv_len == 0 )
{
*text = "strong authentication required";
return LDAP_STRONG_AUTH_REQUIRED;
rs->sr_text = "strong authentication required";
rs->sr_err = LDAP_STRONG_AUTH_REQUIRED;
return rs->sr_err;
}
}
if( requires & SLAP_REQUIRE_SASL ) {
if( op->o_authmech.bv_len == 0 || op->o_dn.bv_len == 0 ) {
*text = "SASL authentication required";
return LDAP_STRONG_AUTH_REQUIRED;
rs->sr_text = "SASL authentication required";
rs->sr_err = LDAP_STRONG_AUTH_REQUIRED;
return rs->sr_err;
}
}
if( requires & SLAP_REQUIRE_AUTHC ) {
if( op->o_dn.bv_len == 0 ) {
*text = "authentication required";
return LDAP_UNWILLING_TO_PERFORM;
rs->sr_text = "authentication required";
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
return rs->sr_err;
}
}
if( requires & SLAP_REQUIRE_BIND ) {
int version;
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
version = conn->c_protocol;
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
version = op->o_conn->c_protocol;
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
if( !version ) {
/* no bind has occurred */
*text = "BIND required";
return LDAP_OPERATIONS_ERROR;
rs->sr_text = "BIND required";
rs->sr_err = LDAP_OPERATIONS_ERROR;
return rs->sr_err;
}
}
if( requires & SLAP_REQUIRE_LDAP_V3 ) {
if( op->o_protocol < LDAP_VERSION3 ) {
/* no bind has occurred */
*text = "operation restricted to LDAPv3 clients";
return LDAP_OPERATIONS_ERROR;
rs->sr_text = "operation restricted to LDAPv3 clients";
rs->sr_err = LDAP_OPERATIONS_ERROR;
return rs->sr_err;
}
}
#ifdef SLAP_X_LISTENER_MOD
if ( !starttls && op->o_dn.bv_len == 0 ) {
if ( conn->c_listener && ! ( conn->c_listener->sl_perms & S_IXUSR ) ) {
if ( op->o_conn->c_listener && ! ( op->o_conn->c_listener->sl_perms & S_IXUSR ) ) {
/* no "x" mode means bind required */
*text = "bind required on this listener";
return LDAP_STRONG_AUTH_REQUIRED;
rs->sr_text = "bind required on this listener";
rs->sr_err = LDAP_STRONG_AUTH_REQUIRED;
return rs->sr_err;
}
}
if ( !starttls && !updateop ) {
if ( conn->c_listener && ! ( conn->c_listener->sl_perms & S_IRUSR ) ) {
if ( op->o_conn->c_listener && ! ( op->o_conn->c_listener->sl_perms & S_IRUSR ) ) {
/* no "r" mode means no read */
*text = "read not allowed on this listener";
return LDAP_UNWILLING_TO_PERFORM;
rs->sr_text = "read not allowed on this listener";
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
return rs->sr_err;
}
}
#endif /* SLAP_X_LISTENER_MOD */
@ -1046,44 +1045,35 @@ backend_check_restrictions(
if( restrictops & opflag ) {
if( restrictops == SLAP_RESTRICT_OP_READS ) {
*text = "read operations restricted";
rs->sr_text = "read operations restricted";
} else {
*text = "operation restricted";
rs->sr_text = "operation restricted";
}
return LDAP_UNWILLING_TO_PERFORM;
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
return rs->sr_err;
}
return LDAP_SUCCESS;
rs->sr_err = LDAP_SUCCESS;
return rs->sr_err;
}
int backend_check_referrals(
Backend *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn )
int backend_check_referrals( Operation *op, SlapReply *rs )
{
int rc = LDAP_SUCCESS;
rs->sr_err = LDAP_SUCCESS;
if( be->be_chk_referrals ) {
const char *text;
if( op->o_bd->be_chk_referrals ) {
rs->sr_err = op->o_bd->be_chk_referrals( op, rs );
rc = be->be_chk_referrals( be,
conn, op, dn, ndn, &text );
if( rc != LDAP_SUCCESS && rc != LDAP_REFERRAL ) {
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
if( rs->sr_err != LDAP_SUCCESS && rs->sr_err != LDAP_REFERRAL ) {
send_ldap_result( op, rs );
}
}
return rc;
return rs->sr_err;
}
int
be_entry_get_rw(
Backend *be,
Connection *conn,
Operation *op,
struct berval *ndn,
ObjectClass *oc,
@ -1091,24 +1081,26 @@ be_entry_get_rw(
int rw,
Entry **e )
{
be = select_backend( ndn, 0, 0 );
Backend *be = op->o_bd;
int rc;
if (be == NULL) {
return LDAP_NO_SUCH_OBJECT;
}
op->o_bd = select_backend( ndn, 0, 0 );
if ( be->be_fetch ) {
return be->be_fetch( be, conn, op, ndn,
if (op->o_bd == NULL) {
op->o_bd = be;
rc = LDAP_NO_SUCH_OBJECT;
} else if ( op->o_bd->be_fetch ) {
rc = op->o_bd->be_fetch( op, ndn,
oc, at, rw, e );
} else {
rc = LDAP_UNWILLING_TO_PERFORM;
}
return LDAP_UNWILLING_TO_PERFORM;
op->o_bd = be;
return rc;
}
int
backend_group(
Backend *be,
Connection *conn,
Operation *op,
Entry *target,
struct berval *gr_ndn,
@ -1124,17 +1116,17 @@ backend_group(
if ( op->o_abandon ) return SLAPD_ABANDON;
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
for (g = conn->c_groups; g; g=g->ga_next) {
if (g->ga_be != be || g->ga_oc != group_oc ||
for (g = op->o_conn->c_groups; g; g=g->ga_next) {
if (g->ga_be != op->o_bd || g->ga_oc != group_oc ||
g->ga_at != group_at || g->ga_len != gr_ndn->bv_len)
continue;
if (strcmp( g->ga_ndn, gr_ndn->bv_val ) == 0)
break;
}
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
if (g) {
return g->ga_res;
@ -1143,8 +1135,7 @@ backend_group(
if ( target && dn_match( &target->e_nname, gr_ndn ) ) {
e = target;
} else {
rc = be_entry_get_rw(be, conn, op, gr_ndn, group_oc, group_at,
0, &e );
rc = be_entry_get_rw(op, gr_ndn, group_oc, group_at, 0, &e );
}
if ( e ) {
a = attr_find( e->e_attrs, group_at );
@ -1161,7 +1152,7 @@ backend_group(
rc = LDAP_NO_SUCH_ATTRIBUTE;
}
if (e != target ) {
be_entry_release_r( be, conn, op, e );
be_entry_release_r( op, e );
}
} else {
rc = LDAP_NO_SUCH_OBJECT;
@ -1169,16 +1160,16 @@ backend_group(
if ( op->o_tag != LDAP_REQ_BIND && !op->o_do_not_cache ) {
g = ch_malloc(sizeof(GroupAssertion) + gr_ndn->bv_len);
g->ga_be = be;
g->ga_be = op->o_bd;
g->ga_oc = group_oc;
g->ga_at = group_at;
g->ga_res = rc;
g->ga_len = gr_ndn->bv_len;
strcpy(g->ga_ndn, gr_ndn->bv_val);
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
g->ga_next = conn->c_groups;
conn->c_groups = g;
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
g->ga_next = op->o_conn->c_groups;
op->o_conn->c_groups = g;
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
}
return rc;
@ -1186,8 +1177,6 @@ backend_group(
int
backend_attribute(
Backend *be,
Connection *conn,
Operation *op,
Entry *target,
struct berval *edn,
@ -1203,8 +1192,7 @@ backend_attribute(
if ( target && dn_match( &target->e_nname, edn ) ) {
e = target;
} else {
rc = be_entry_get_rw(be, conn, op, edn, NULL, entry_at,
0, &e );
rc = be_entry_get_rw(op, edn, NULL, entry_at, 0, &e );
if ( rc != LDAP_SUCCESS ) return rc;
}
@ -1213,8 +1201,8 @@ backend_attribute(
if ( a ) {
BerVarray v;
if ( conn && op && access_allowed( be,
conn, op, e, entry_at, NULL, ACL_AUTH,
if ( op->o_conn && access_allowed( op,
e, entry_at, NULL, ACL_AUTH,
&acl_state ) == 0 ) {
rc = LDAP_INSUFFICIENT_ACCESS;
goto freeit;
@ -1224,8 +1212,8 @@ backend_attribute(
v = ch_malloc( sizeof(struct berval) * (i+1) );
for ( i=0,j=0; a->a_vals[i].bv_val; i++ ) {
if ( conn && op && access_allowed( be,
conn, op, e, entry_at,
if ( op->o_conn && access_allowed( op,
e, entry_at,
#ifdef SLAP_NVALUES
&a->a_nvals[i],
#else
@ -1255,7 +1243,7 @@ backend_attribute(
}
}
freeit: if (e != target ) {
be_entry_release_r( be, conn, op, e );
be_entry_release_r( op, e );
}
}
@ -1263,11 +1251,8 @@ freeit: if (e != target ) {
}
Attribute *backend_operational(
Backend *be,
Connection *conn,
Operation *op,
Entry *e,
AttributeName *attrs,
SlapReply *rs,
int opattrs )
{
Attribute *a = NULL, **ap = &a;
@ -1277,14 +1262,14 @@ Attribute *backend_operational(
* and the backend supports specific operational attributes,
* add them to the attribute list
*/
if ( opattrs || ( attrs &&
ad_inlist( slap_schema.si_ad_subschemaSubentry, attrs )) ) {
*ap = slap_operational_subschemaSubentry( be );
if ( opattrs || ( op->oq_search.rs_attrs &&
ad_inlist( slap_schema.si_ad_subschemaSubentry, op->oq_search.rs_attrs )) ) {
*ap = slap_operational_subschemaSubentry( op->o_bd );
ap = &(*ap)->a_next;
}
if ( ( opattrs || attrs ) && be && be->be_operational != NULL ) {
( void )be->be_operational( be, conn, op, e, attrs, opattrs, ap );
if ( ( opattrs || op->oq_search.rs_attrs ) && op->o_bd && op->o_bd->be_operational != NULL ) {
( void )op->o_bd->be_operational( op, rs, opattrs, ap );
}
return a;

209
servers/slapd/backglue.c
View file

@ -50,6 +50,11 @@ typedef struct glueinfo {
static int glueMode;
static BackendDB *glueBack;
static slap_response glue_back_response;
static slap_sresult glue_back_sresult;
static slap_sendentry glue_back_sendentry;
static slap_sendreference glue_back_sendreference;
/* Just like select_backend, but only for our backends */
static BackendDB *
glue_back_select (
@ -175,45 +180,32 @@ typedef struct glue_state {
} glue_state;
static void
glue_back_response (
Connection *conn,
Operation *op,
ber_tag_t tag,
ber_int_t msgid,
ber_int_t err,
const char *matched,
const char *text,
BerVarray ref,
const char *resoid,
struct berval *resdata,
struct berval *sasldata,
LDAPControl **ctrls
)
glue_back_response ( Operation *op, SlapReply *rs )
{
glue_state *gs = op->o_callback->sc_private;
if (err == LDAP_SUCCESS || gs->err != LDAP_SUCCESS)
gs->err = err;
if (rs->sr_err == LDAP_SUCCESS || gs->err != LDAP_SUCCESS)
gs->err = rs->sr_err;
if (gs->err == LDAP_SUCCESS && gs->matched) {
free (gs->matched);
ch_free (gs->matched);
gs->matched = NULL;
gs->matchlen = 0;
}
if (gs->err != LDAP_SUCCESS && matched) {
if (gs->err != LDAP_SUCCESS && rs->sr_matched) {
int len;
len = strlen (matched);
len = strlen (rs->sr_matched);
if (len > gs->matchlen) {
if (gs->matched)
free (gs->matched);
gs->matched = ch_strdup (matched);
ch_free (gs->matched);
gs->matched = ch_strdup (rs->sr_matched);
gs->matchlen = len;
}
}
if (ref) {
if (rs->sr_ref) {
int i, j, k;
BerVarray new;
for (i=0; ref[i].bv_val; i++);
for (i=0; rs->sr_ref[i].bv_val; i++);
j = gs->nrefs;
if (!j) {
@ -223,7 +215,7 @@ glue_back_response (
(j+i+1)*sizeof(struct berval));
}
for (k=0; k<i; j++,k++) {
ber_dupbv( &new[j], &ref[k] );
ber_dupbv( &new[j], &rs->sr_ref[k] );
}
new[j].bv_val = NULL;
gs->nrefs = j;
@ -232,128 +224,91 @@ glue_back_response (
}
static void
glue_back_sresult (
Connection *c,
Operation *op,
ber_int_t err,
const char *matched,
const char *text,
BerVarray refs,
LDAPControl **ctrls,
int nentries
)
glue_back_sresult ( Operation *op, SlapReply *rs )
{
glue_state *gs = op->o_callback->sc_private;
gs->nentries += nentries;
glue_back_response (c, op, 0, 0, err, matched, text, refs,
NULL, NULL, NULL, ctrls);
gs->nentries += rs->sr_nentries;
glue_back_response( op, rs );
}
static int
glue_back_sendentry (
BackendDB *be,
Connection *c,
Operation *op,
Entry *e,
AttributeName *an,
int ao,
LDAPControl **ctrls
)
glue_back_sendentry ( Operation *op, SlapReply *rs )
{
slap_callback *tmp = op->o_callback;
glue_state *gs = tmp->sc_private;
int rc;
op->o_callback = gs->prevcb;
if (op->o_callback && op->o_callback->sc_sendentry) {
rc = op->o_callback->sc_sendentry(be, c, op, e, an, ao, ctrls);
rs->sr_err = op->o_callback->sc_sendentry(op, rs);
} else {
rc = send_search_entry(be, c, op, e, an, ao, ctrls);
rs->sr_err = send_search_entry(op, rs);
}
op->o_callback = tmp;
return rc;
return rs->sr_err;
}
static int
glue_back_sendreference (
BackendDB *be,
Connection *c,
Operation *op,
Entry *e,
BerVarray bv,
LDAPControl **ctrls,
BerVarray *v2
)
glue_back_sendreference ( Operation *op, SlapReply *rs )
{
slap_callback *tmp = op->o_callback;
glue_state *gs = tmp->sc_private;
int rc;
op->o_callback = gs->prevcb;
if (op->o_callback && op->o_callback->sc_sendreference) {
rc = op->o_callback->sc_sendreference( be, c, op, e, bv, ctrls, v2 );
rs->sr_err = op->o_callback->sc_sendreference( op, rs );
} else {
rc = send_search_reference( be, c, op, e, bv, ctrls, v2 );
rs->sr_err = send_search_reference( op, rs );
}
op->o_callback = tmp;
return rc;
return rs->sr_err;
}
static int
glue_back_search (
BackendDB *b0,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn,
int scope,
int deref,
int slimit,
int tlimit,
Filter *filter,
struct berval *filterstr,
AttributeName *attrs,
int attrsonly
)
glue_back_search ( Operation *op, SlapReply *rs )
{
BackendDB *b0 = op->o_bd;
glueinfo *gi = (glueinfo *) b0->bd_info;
BackendDB *be;
int i, rc = 0, t2limit = 0, s2limit = 0;
int i;
long stoptime = 0;
glue_state gs = {0, 0, 0, NULL, 0, NULL, NULL};
slap_callback cb;
int scope0, slimit0, tlimit0;
struct berval dn, ndn;
cb.sc_response = glue_back_response;
cb.sc_sresult = glue_back_sresult;
cb.sc_sendentry = glue_back_sendentry;
cb.sc_sendreference = glue_back_sendreference;
cb.sc_private = &gs;
gs.prevcb = op->o_callback;
if (tlimit) {
stoptime = slap_get_time () + tlimit;
if (op->oq_search.rs_tlimit) {
stoptime = slap_get_time () + op->oq_search.rs_tlimit;
}
switch (scope) {
switch (op->oq_search.rs_scope) {
case LDAP_SCOPE_BASE:
be = glue_back_select (b0, ndn->bv_val);
op->o_bd = glue_back_select (b0, op->o_req_ndn.bv_val);
if (be && be->be_search) {
rc = be->be_search (be, conn, op, dn, ndn, scope,
deref, slimit, tlimit, filter, filterstr,
attrs, attrsonly);
if (op->o_bd && op->o_bd->be_search) {
rs->sr_err = op->o_bd->be_search( op, rs );
} else {
rc = LDAP_UNWILLING_TO_PERFORM;
send_ldap_result (conn, op, rc, NULL,
"No search target found", NULL, NULL);
send_ldap_error(op, rs, LDAP_UNWILLING_TO_PERFORM,
"No search target found");
}
return rc;
return rs->sr_err;
case LDAP_SCOPE_ONELEVEL:
case LDAP_SCOPE_SUBTREE:
op->o_callback = &cb;
rc = gs.err = LDAP_UNWILLING_TO_PERFORM;
rs->sr_err = gs.err = LDAP_UNWILLING_TO_PERFORM;
scope0 = op->oq_search.rs_scope;
slimit0 = op->oq_search.rs_slimit;
tlimit0 = op->oq_search.rs_tlimit;
dn = op->o_req_dn;
ndn = op->o_req_ndn;
/*
* Execute in reverse order, most general first
@ -361,49 +316,43 @@ glue_back_search (
for (i = gi->nodes-1; i >= 0; i--) {
if (!gi->n[i].be || !gi->n[i].be->be_search)
continue;
if (tlimit) {
t2limit = stoptime - slap_get_time ();
if (t2limit <= 0) {
rc = gs.err = LDAP_TIMELIMIT_EXCEEDED;
if (tlimit0) {
op->oq_search.rs_tlimit = stoptime - slap_get_time ();
if (op->oq_search.rs_tlimit <= 0) {
rs->sr_err = gs.err = LDAP_TIMELIMIT_EXCEEDED;
break;
}
}
if (slimit) {
s2limit = slimit - gs.nentries;
if (s2limit <= 0) {
rc = gs.err = LDAP_SIZELIMIT_EXCEEDED;
if (slimit0) {
op->oq_search.rs_slimit = slimit0 - gs.nentries;
if (op->oq_search.rs_slimit <= 0) {
rs->sr_err = gs.err = LDAP_SIZELIMIT_EXCEEDED;
break;
}
}
rc = 0;
rs->sr_err = 0;
/*
* check for abandon
*/
if (op->o_abandon) {
goto done;
}
be = gi->n[i].be;
if (scope == LDAP_SCOPE_ONELEVEL &&
dn_match(&gi->n[i].pdn, ndn)) {
rc = be->be_search (be, conn, op,
&be->be_suffix[0], &be->be_nsuffix[0],
LDAP_SCOPE_BASE, deref,
s2limit, t2limit, filter, filterstr,
attrs, attrsonly);
op->o_bd = gi->n[i].be;
if (scope0 == LDAP_SCOPE_ONELEVEL &&
dn_match(&gi->n[i].pdn, &ndn)) {
op->oq_search.rs_scope = LDAP_SCOPE_BASE;
op->o_req_dn = op->o_bd->be_suffix[0];
op->o_req_ndn = op->o_bd->be_nsuffix[0];
rs->sr_err = op->o_bd->be_search(op, rs);
} else if (scope == LDAP_SCOPE_SUBTREE &&
dnIsSuffix(&be->be_nsuffix[0], ndn)) {
rc = be->be_search (be, conn, op,
&be->be_suffix[0], &be->be_nsuffix[0],
scope, deref,
s2limit, t2limit, filter, filterstr,
attrs, attrsonly);
} else if (scope0 == LDAP_SCOPE_SUBTREE &&
dnIsSuffix(&op->o_bd->be_nsuffix[0], &ndn)) {
op->o_req_dn = op->o_bd->be_suffix[0];
op->o_req_ndn = op->o_bd->be_nsuffix[0];
rs->sr_err = op->o_bd->be_search( op, rs );
} else if (dnIsSuffix(ndn, &be->be_nsuffix[0])) {
rc = be->be_search (be, conn, op, dn, ndn,
scope, deref,
s2limit, t2limit, filter, filterstr,
attrs, attrsonly);
} else if (dnIsSuffix(&ndn, &op->o_bd->be_nsuffix[0])) {
rs->sr_err = op->o_bd->be_search( op, rs );
}
switch ( gs.err ) {
@ -422,19 +371,29 @@ glue_back_search (
}
}
end_of_loop:;
op->oq_search.rs_scope = scope0;
op->oq_search.rs_slimit = slimit0;
op->oq_search.rs_tlimit = tlimit0;
op->o_req_dn = dn;
op->o_req_ndn = ndn;
break;
}
op->o_callback = gs.prevcb;
rs->sr_err = gs.err;
rs->sr_matched = gs.matched;
rs->sr_ref = gs.refs;
rs->sr_nentries = gs.nentries;
send_search_result (conn, op, gs.err, gs.matched, NULL,
gs.refs, NULL, gs.nentries);
send_search_result( op, rs );
done:
op->o_bd = b0;
if (gs.matched)
free (gs.matched);
if (gs.refs)
ber_bvarray_free(gs.refs);
return rc;
return rs->sr_err;
}

424
servers/slapd/bind.c
View file

@ -33,8 +33,8 @@
int
do_bind(
Connection *conn,
Operation *op
Operation *op,
SlapReply *rs
)
{
BerElement *ber = op->o_ber;
@ -42,21 +42,15 @@ do_bind(
ber_tag_t method;
struct berval mech = { 0, NULL };
struct berval dn = { 0, NULL };
struct berval pdn = { 0, NULL };
struct berval ndn = { 0, NULL };
struct berval edn = { 0, NULL };
ber_tag_t tag;
int rc = LDAP_SUCCESS;
const char *text;
struct berval cred = { 0, NULL };
Backend *be = NULL;
Backend *be;
#ifdef LDAP_SLAPI
Slapi_PBlock *pb = op->o_pb;
#endif
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ENTRY, "do_bind: conn %d\n", conn->c_connid, 0, 0 );
LDAP_LOG( OPERATION, ENTRY, "do_bind: conn %d\n", op->o_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE, "do_bind\n", 0, 0, 0 );
#endif
@ -64,19 +58,19 @@ do_bind(
/*
* Force to connection to "anonymous" until bind succeeds.
*/
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
if ( conn->c_sasl_bind_in_progress ) be = conn->c_authz_backend;
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
if ( op->o_conn->c_sasl_bind_in_progress ) be = op->o_conn->c_authz_backend;
/* log authorization identity demotion */
if ( conn->c_dn.bv_len ) {
if ( op->o_conn->c_dn.bv_len ) {
Statslog( LDAP_DEBUG_STATS,
"conn=%lu op=%lu BIND anonymous mech=implicit ssf=0",
op->o_connid, op->o_opid, 0, 0, 0 );
}
connection2anonymous( conn );
if ( conn->c_sasl_bind_in_progress ) conn->c_authz_backend = be;
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
connection2anonymous( op->o_conn );
if ( op->o_conn->c_sasl_bind_in_progress ) op->o_conn->c_authz_backend = be;
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
if ( op->o_dn.bv_val != NULL ) {
free( op->o_dn.bv_val );
@ -115,34 +109,33 @@ do_bind(
if ( tag == LBER_ERROR ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ERR,
"do_bind: conn %d ber_scanf failed\n", conn->c_connid, 0, 0 );
"do_bind: conn %d ber_scanf failed\n", op->o_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY, "bind: ber_scanf failed\n", 0, 0, 0 );
#endif
send_ldap_disconnect( conn, op,
LDAP_PROTOCOL_ERROR, "decoding error" );
rc = -1;
send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
rs->sr_err = -1;
goto cleanup;
}
op->o_protocol = version;
if( method != LDAP_AUTH_SASL ) {
tag = ber_scanf( ber, /*{*/ "m}", &cred );
tag = ber_scanf( ber, /*{*/ "m}", &op->oq_bind.rb_cred );
} else {
tag = ber_scanf( ber, "{o" /*}*/, &mech );
tag = ber_scanf( ber, "{m" /*}*/, &mech );
if ( tag != LBER_ERROR ) {
ber_len_t len;
tag = ber_peek_tag( ber, &len );
if ( tag == LDAP_TAG_LDAPCRED ) {
tag = ber_scanf( ber, "m", &cred );
tag = ber_scanf( ber, "m", &op->oq_bind.rb_cred );
} else {
tag = LDAP_TAG_LDAPCRED;
cred.bv_val = NULL;
cred.bv_len = 0;
op->oq_bind.rb_cred.bv_val = NULL;
op->oq_bind.rb_cred.bv_len = 0;
}
if ( tag != LBER_ERROR ) {
@ -152,35 +145,33 @@ do_bind(
}
if ( tag == LBER_ERROR ) {
send_ldap_disconnect( conn, op,
LDAP_PROTOCOL_ERROR,
send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR,
"decoding error" );
rc = SLAPD_DISCONNECT;
rs->sr_err = SLAPD_DISCONNECT;
goto cleanup;
}
if( (rc = get_ctrls( conn, op, 1 )) != LDAP_SUCCESS ) {
if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
"do_bind: conn %d get_ctrls failed\n", conn->c_connid, 0, 0 );
"do_bind: conn %d get_ctrls failed\n", op->o_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY, "do_bind: get_ctrls failed\n", 0, 0, 0 );
#endif
goto cleanup;
}
rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn );
if ( rc != LDAP_SUCCESS ) {
rs->sr_err = dnPrettyNormal( NULL, &dn, &op->o_req_dn, &op->o_req_ndn );
if ( rs->sr_err != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
"do_bind: conn %d invalid dn (%s)\n",
conn->c_connid, dn.bv_val, 0 );
op->o_connid, dn.bv_val, 0 );
#else
Debug( LDAP_DEBUG_ANY, "bind: invalid dn (%s)\n",
dn.bv_val, 0, 0 );
#endif
send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
"invalid DN", NULL, NULL );
send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid DN" );
goto cleanup;
}
@ -188,84 +179,80 @@ do_bind(
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, DETAIL1,
"do_sasl_bind: conn %d dn (%s) mech %s\n",
conn->c_connid, pdn.bv_val, mech.bv_val );
op->o_connid, op->o_req_dn.bv_val, mech.bv_val );
#else
Debug( LDAP_DEBUG_TRACE, "do_sasl_bind: dn (%s) mech %s\n",
pdn.bv_val, mech.bv_val, NULL );
op->o_req_dn.bv_val, mech.bv_val, NULL );
#endif
} else {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, DETAIL1,
"do_bind: version=%ld dn=\"%s\" method=%ld\n",
(unsigned long) version, pdn.bv_val, (unsigned long)method );
(unsigned long) version, op->o_req_dn.bv_val, (unsigned long)method );
#else
Debug( LDAP_DEBUG_TRACE,
"do_bind: version=%ld dn=\"%s\" method=%ld\n",
(unsigned long) version,
pdn.bv_val, (unsigned long) method );
op->o_req_dn.bv_val, (unsigned long) method );
#endif
}
Statslog( LDAP_DEBUG_STATS, "conn=%lu op=%lu BIND dn=\"%s\" method=%ld\n",
op->o_connid, op->o_opid, pdn.bv_val, (unsigned long) method, 0 );
op->o_connid, op->o_opid, op->o_req_dn.bv_val, (unsigned long) method, 0 );
if ( version < LDAP_VERSION_MIN || version > LDAP_VERSION_MAX ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
"do_bind: conn %d unknown version = %ld\n",
conn->c_connid, (unsigned long)version, 0 );
op->o_connid, (unsigned long)version, 0 );
#else
Debug( LDAP_DEBUG_ANY, "do_bind: unknown version=%ld\n",
(unsigned long) version, 0, 0 );
#endif
send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
NULL, "requested protocol version not supported", NULL, NULL );
send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR,
"requested protocol version not supported" );
goto cleanup;
} else if (!( global_allows & SLAP_ALLOW_BIND_V2 ) &&
version < LDAP_VERSION3 )
{
send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
NULL, "historical protocol version requested, use LDAPv3 instead",
NULL, NULL );
send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR,
"historical protocol version requested, use LDAPv3 instead" );
goto cleanup;
}
/* we set connection version regardless of whether bind succeeds
* or not.
*/
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
conn->c_protocol = version;
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
op->o_conn->c_protocol = version;
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
/* check for inappropriate controls */
if( get_manageDSAit( op ) == SLAP_CRITICAL_CONTROL ) {
send_ldap_result( conn, op,
rc = LDAP_UNAVAILABLE_CRITICAL_EXTENSION,
NULL, "manageDSAit control inappropriate",
NULL, NULL );
send_ldap_error( op, rs,
LDAP_UNAVAILABLE_CRITICAL_EXTENSION,
"manageDSAit control inappropriate" );
goto cleanup;
}
/* Set the bindop for the benefit of in-directory SASL lookups */
conn->c_sasl_bindop = op;
op->o_conn->c_sasl_bindop = op;
if ( method == LDAP_AUTH_SASL ) {
slap_ssf_t ssf = 0;
if ( version < LDAP_VERSION3 ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
"do_bind: conn %d sasl with LDAPv%ld\n",
conn->c_connid, (unsigned long)version , 0 );
op->o_connid, (unsigned long)version , 0 );
#else
Debug( LDAP_DEBUG_ANY, "do_bind: sasl with LDAPv%ld\n",
(unsigned long) version, 0, 0 );
#endif
send_ldap_disconnect( conn, op,
send_ldap_discon( op, rs,
LDAP_PROTOCOL_ERROR, "SASL bind requires LDAPv3" );
rc = SLAPD_DISCONNECT;
rs->sr_err = SLAPD_DISCONNECT;
goto cleanup;
}
@ -273,62 +260,56 @@ do_bind(
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
"do_bind: conn %d no SASL mechanism provided\n",
conn->c_connid, 0, 0 );
op->o_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY,
"do_bind: no sasl mechanism provided\n",
0, 0, 0 );
#endif
send_ldap_result( conn, op, rc = LDAP_AUTH_METHOD_NOT_SUPPORTED,
NULL, "no SASL mechanism provided", NULL, NULL );
send_ldap_error( op, rs, LDAP_AUTH_METHOD_NOT_SUPPORTED,
"no SASL mechanism provided" );
goto cleanup;
}
/* check restrictions */
rc = backend_check_restrictions( NULL, conn, op, &mech, &text );
if( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
if( backend_check_restrictions( op, rs, &mech ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
if ( conn->c_sasl_bind_in_progress ) {
if( !bvmatch( &conn->c_sasl_bind_mech, &mech ) ) {
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
if ( op->o_conn->c_sasl_bind_in_progress ) {
if( !bvmatch( &op->o_conn->c_sasl_bind_mech, &mech ) ) {
/* mechanism changed between bind steps */
slap_sasl_reset(conn);
slap_sasl_reset(op->o_conn);
}
} else {
conn->c_sasl_bind_mech = mech;
mech.bv_val = NULL;
mech.bv_len = 0;
ber_dupbv(&op->o_conn->c_sasl_bind_mech, &mech);
}
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
rc = slap_sasl_bind( conn, op,
&pdn, &ndn,
&cred, &edn, &ssf );
rs->sr_err = slap_sasl_bind( op, rs );
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
if( rc == LDAP_SUCCESS ) {
conn->c_dn = edn;
if( edn.bv_len != 0 ) {
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
if( rs->sr_err == LDAP_SUCCESS ) {
op->o_conn->c_dn = op->oq_bind.rb_edn;
if( op->oq_bind.rb_edn.bv_len != 0 ) {
/* edn is always normalized already */
ber_dupbv( &conn->c_ndn, &conn->c_dn );
ber_dupbv( &op->o_conn->c_ndn, &op->o_conn->c_dn );
}
conn->c_authmech = conn->c_sasl_bind_mech;
conn->c_sasl_bind_mech.bv_val = NULL;
conn->c_sasl_bind_mech.bv_len = 0;
conn->c_sasl_bind_in_progress = 0;
op->o_conn->c_authmech = op->o_conn->c_sasl_bind_mech;
op->o_conn->c_sasl_bind_mech.bv_val = NULL;
op->o_conn->c_sasl_bind_mech.bv_len = 0;
op->o_conn->c_sasl_bind_in_progress = 0;
conn->c_sasl_ssf = ssf;
if( ssf > conn->c_ssf ) {
conn->c_ssf = ssf;
op->o_conn->c_sasl_ssf = op->oq_bind.rb_ssf;
if( op->oq_bind.rb_ssf > op->o_conn->c_ssf ) {
op->o_conn->c_ssf = op->oq_bind.rb_ssf;
}
if( conn->c_dn.bv_len != 0 ) {
if( op->o_conn->c_dn.bv_len != 0 ) {
ber_len_t max = sockbuf_max_incoming_auth;
ber_sockbuf_ctrl( conn->c_sb,
ber_sockbuf_ctrl( op->o_conn->c_sb,
LBER_SB_OPT_SET_MAX_INCOMING, &max );
}
@ -336,92 +317,89 @@ do_bind(
Statslog( LDAP_DEBUG_STATS,
"conn=%lu op=%lu BIND dn=\"%s\" mech=%s ssf=%d\n",
op->o_connid, op->o_opid,
conn->c_dn.bv_val ? conn->c_dn.bv_val : "<empty>",
conn->c_authmech.bv_val, ssf );
op->o_conn->c_dn.bv_val ? op->o_conn->c_dn.bv_val : "<empty>",
op->o_conn->c_authmech.bv_val, op->oq_bind.rb_ssf );
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, DETAIL1,
"do_bind: SASL/%s bind: dn=\"%s\" ssf=%d\n",
conn->c_authmech.bv_val,
conn->c_dn.bv_val ? conn->c_dn.bv_val : "<empty>",
ssf );
op->o_conn->c_authmech.bv_val,
op->o_conn->c_dn.bv_val ? op->o_conn->c_dn.bv_val : "<empty>",
op->oq_bind.rb_ssf );
#else
Debug( LDAP_DEBUG_TRACE,
"do_bind: SASL/%s bind: dn=\"%s\" ssf=%d\n",
conn->c_authmech.bv_val,
conn->c_dn.bv_val ? conn->c_dn.bv_val : "<empty>",
ssf );
op->o_conn->c_authmech.bv_val,
op->o_conn->c_dn.bv_val ? op->o_conn->c_dn.bv_val : "<empty>",
op->oq_bind.rb_ssf );
#endif
} else if ( rc == LDAP_SASL_BIND_IN_PROGRESS ) {
conn->c_sasl_bind_in_progress = 1;
} else if ( rs->sr_err == LDAP_SASL_BIND_IN_PROGRESS ) {
op->o_conn->c_sasl_bind_in_progress = 1;
} else {
if ( conn->c_sasl_bind_mech.bv_val ) {
free( conn->c_sasl_bind_mech.bv_val );
conn->c_sasl_bind_mech.bv_val = NULL;
conn->c_sasl_bind_mech.bv_len = 0;
if ( op->o_conn->c_sasl_bind_mech.bv_val ) {
free( op->o_conn->c_sasl_bind_mech.bv_val );
op->o_conn->c_sasl_bind_mech.bv_val = NULL;
op->o_conn->c_sasl_bind_mech.bv_len = 0;
}
conn->c_sasl_bind_in_progress = 0;
op->o_conn->c_sasl_bind_in_progress = 0;
}
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
goto cleanup;
} else {
/* Not SASL, cancel any in-progress bind */
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
if ( conn->c_sasl_bind_mech.bv_val != NULL ) {
free(conn->c_sasl_bind_mech.bv_val);
conn->c_sasl_bind_mech.bv_val = NULL;
conn->c_sasl_bind_mech.bv_len = 0;
if ( op->o_conn->c_sasl_bind_mech.bv_val != NULL ) {
free(op->o_conn->c_sasl_bind_mech.bv_val);
op->o_conn->c_sasl_bind_mech.bv_val = NULL;
op->o_conn->c_sasl_bind_mech.bv_len = 0;
}
conn->c_sasl_bind_in_progress = 0;
op->o_conn->c_sasl_bind_in_progress = 0;
slap_sasl_reset( conn );
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
slap_sasl_reset( op->o_conn );
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
}
if ( method == LDAP_AUTH_SIMPLE ) {
/* accept "anonymous" binds */
if ( cred.bv_len == 0 || ndn.bv_len == 0 ) {
rc = LDAP_SUCCESS;
text = NULL;
if ( op->oq_bind.rb_cred.bv_len == 0 || op->o_req_ndn.bv_len == 0 ) {
rs->sr_err = LDAP_SUCCESS;
if( cred.bv_len &&
if( op->oq_bind.rb_cred.bv_len &&
!( global_allows & SLAP_ALLOW_BIND_ANON_CRED ))
{
/* cred is not empty, disallow */
rc = LDAP_INVALID_CREDENTIALS;
rs->sr_err = LDAP_INVALID_CREDENTIALS;
} else if ( ndn.bv_len &&
} else if ( op->o_req_ndn.bv_len &&
!( global_allows & SLAP_ALLOW_BIND_ANON_DN ))
{
/* DN is not empty, disallow */
rc = LDAP_UNWILLING_TO_PERFORM;
text = "unauthenticated bind (DN with no password) disallowed";
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
rs->sr_text = "unauthenticated bind (DN with no password) disallowed";
} else if ( global_disallows & SLAP_DISALLOW_BIND_ANON ) {
/* disallow */
rc = LDAP_INAPPROPRIATE_AUTH;
text = "anonymous bind disallowed";
rs->sr_err = LDAP_INAPPROPRIATE_AUTH;
rs->sr_text = "anonymous bind disallowed";
} else {
rc = backend_check_restrictions( NULL, conn, op,
&mech, &text );
backend_check_restrictions( op, rs, &mech );
}
/*
* we already forced connection to "anonymous",
* just need to send success
*/
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
send_ldap_result( op, rs );
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, DETAIL1,
"do_bind: conn %d v%d anonymous bind\n",
conn->c_connid, version , 0 );
op->o_connid, version , 0 );
#else
Debug( LDAP_DEBUG_TRACE, "do_bind: v%d anonymous bind\n",
version, 0, 0 );
@ -430,40 +408,38 @@ do_bind(
} else if ( global_disallows & SLAP_DISALLOW_BIND_SIMPLE ) {
/* disallow simple authentication */
rc = LDAP_UNWILLING_TO_PERFORM;
text = "unwilling to perform simple authentication";
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
rs->sr_text = "unwilling to perform simple authentication";
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
send_ldap_result( op, rs );
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
"do_bind: conn %d v%d simple bind(%s) disallowed\n",
conn->c_connid, version, ndn.bv_val );
op->o_connid, version, op->o_req_ndn.bv_val );
#else
Debug( LDAP_DEBUG_TRACE,
"do_bind: v%d simple bind(%s) disallowed\n",
version, ndn.bv_val, 0 );
version, op->o_req_ndn.bv_val, 0 );
#endif
goto cleanup;
} else if (( global_disallows & SLAP_DISALLOW_BIND_SIMPLE_UNPROTECTED )
&& ( op->o_ssf <= 1 ))
{
rc = LDAP_CONFIDENTIALITY_REQUIRED;
text = "unwilling to perform simple authentication "
rs->sr_err = LDAP_CONFIDENTIALITY_REQUIRED;
rs->sr_text = "unwilling to perform simple authentication "
"without confidentilty protection";
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
send_ldap_result( op, rs );
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO, "do_bind: conn %d "
"v%d unprotected simple bind(%s) disallowed\n",
conn->c_connid, version, ndn.bv_val );
op->o_connid, version, op->o_req_ndn.bv_val );
#else
Debug( LDAP_DEBUG_TRACE,
"do_bind: v%d unprotected simple bind(%s) disallowed\n",
version, ndn.bv_val, 0 );
version, op->o_req_ndn.bv_val, 0 );
#endif
goto cleanup;
}
@ -472,15 +448,14 @@ do_bind(
} else if ( method == LDAP_AUTH_KRBV41 || method == LDAP_AUTH_KRBV42 ) {
if ( global_disallows & SLAP_DISALLOW_BIND_KRBV4 ) {
/* disallow simple authentication */
rc = LDAP_UNWILLING_TO_PERFORM;
text = "unwilling to perform Kerberos V4 bind";
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
rs->sr_text = "unwilling to perform Kerberos V4 bind";
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
send_ldap_result( op, rs );
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, DETAIL1,
"do_bind: conn %d v%d Kerberos V4 bind\n",
conn->c_connid, version , 0 );
op->o_connid, version , 0 );
#else
Debug( LDAP_DEBUG_TRACE, "do_bind: v%d Kerberos V4 bind\n",
version, 0, 0 );
@ -490,15 +465,14 @@ do_bind(
#endif
} else {
rc = LDAP_AUTH_METHOD_NOT_SUPPORTED;
text = "unknown authentication method";
rs->sr_err = LDAP_AUTH_METHOD_NOT_SUPPORTED;
rs->sr_text = "unknown authentication method";
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
send_ldap_result( op, rs );
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
"do_bind: conn %ld v%d unknown authentication method (%ld)\n",
conn->c_connid, version, method );
op->o_connid, version, method );
#else
Debug( LDAP_DEBUG_TRACE,
"do_bind: v%d unknown authentication method (%ld)\n",
@ -513,44 +487,43 @@ do_bind(
* if we don't hold it.
*/
if ( (be = select_backend( &ndn, 0, 0 )) == NULL ) {
if ( (op->o_bd = select_backend( &op->o_req_ndn, 0, 0 )) == NULL ) {
if ( default_referral ) {
BerVarray ref = referral_rewrite( default_referral,
NULL, &pdn, LDAP_SCOPE_DEFAULT );
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
if (!rs->sr_ref) rs->sr_ref = default_referral;
send_ldap_result( conn, op, rc = LDAP_REFERRAL,
NULL, NULL, ref ? ref : default_referral, NULL );
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
ber_bvarray_free( ref );
if (rs->sr_ref != default_referral) ber_bvarray_free( rs->sr_ref );
} else {
/* noSuchObject is not allowed to be returned by bind */
send_ldap_result( conn, op, rc = LDAP_INVALID_CREDENTIALS,
NULL, NULL, NULL, NULL );
rs->sr_err = LDAP_INVALID_CREDENTIALS;
send_ldap_result( op, rs );
}
goto cleanup;
}
/* check restrictions */
rc = backend_check_restrictions( be, conn, op, NULL, &text );
if( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
#if defined( LDAP_SLAPI )
slapi_x_backend_set_pb( pb, be );
slapi_x_connection_set_pb( pb, conn );
slapi_x_backend_set_pb( pb, op->o_bd );
slapi_x_connection_set_pb( pb, op->o_conn );
slapi_x_operation_set_pb( pb, op );
slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void *)dn.bv_val );
slapi_pblock_set( pb, SLAPI_BIND_METHOD, (void *)method );
slapi_pblock_set( pb, SLAPI_BIND_CREDENTIALS, (void *)&cred );
slapi_pblock_set( pb, SLAPI_BIND_CREDENTIALS, (void *)&op->oq_bind.rb_cred );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)(0) );
rc = doPluginFNs( be, SLAPI_PLUGIN_PRE_BIND_FN, pb );
if ( rc != SLAPI_BIND_SUCCESS ) {
rs->sr_err = doPluginFNs( op->o_bd, SLAPI_PLUGIN_PRE_BIND_FN, pb );
if ( rs->sr_err != SLAPI_BIND_SUCCESS ) {
/*
* Binding is a special case for SLAPI plugins. It is
* possible for a bind plugin to be successful *and*
@ -565,72 +538,70 @@ do_bind(
if ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void *)&ldapRc ) != 0 )
ldapRc = LDAP_OTHER;
edn.bv_val = NULL;
edn.bv_len = 0;
if ( rc != SLAPI_BIND_FAIL && ldapRc == LDAP_SUCCESS ) {
op->oq_bind.rb_edn.bv_val = NULL;
op->oq_bind.rb_edn.bv_len = 0;
if ( rs->sr_err != SLAPI_BIND_FAIL && ldapRc == LDAP_SUCCESS ) {
/* Set the new connection DN. */
if ( rc != SLAPI_BIND_ANONYMOUS ) {
slapi_pblock_get( pb, SLAPI_CONN_DN, (void *)&edn.bv_val );
if ( rs->sr_err != SLAPI_BIND_ANONYMOUS ) {
slapi_pblock_get( pb, SLAPI_CONN_DN, (void *)&op->oq_bind.rb_edn.bv_val );
}
rc = dnPrettyNormal( NULL, &edn, &pdn, &ndn );
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
conn->c_dn = pdn;
conn->c_ndn = ndn;
pdn.bv_val = NULL;
pdn.bv_len = 0;
ndn.bv_val = NULL;
ndn.bv_len = 0;
if ( conn->c_dn.bv_len != 0 ) {
rs->sr_err = dnPrettyNormal( NULL, &op->oq_bind.rb_edn, &op->o_req_dn, &op->o_req_ndn );
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
op->o_conn->c_dn = op->o_req_dn;
op->o_conn->c_ndn = op->o_req_ndn;
op->o_req_dn.bv_val = NULL;
op->o_req_dn.bv_len = 0;
op->o_req_ndn.bv_val = NULL;
op->o_req_ndn.bv_len = 0;
if ( op->o_conn->c_dn.bv_len != 0 ) {
ber_len_t max = sockbuf_max_incoming_auth;
ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max );
ber_sockbuf_ctrl( op->o_conn->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max );
}
/* log authorization identity */
Statslog( LDAP_DEBUG_STATS,
"conn=%lu op=%lu BIND dn=\"%s\" mech=simple (SLAPI) ssf=0\n",
op->o_connid, op->o_opid,
conn->c_dn.bv_val, 0, 0 );
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
op->o_conn->c_dn.bv_val, 0, 0 );
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
}
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO, "do_bind: Bind preoperation plugin returned %d\n",
rc, 0, 0);
rs->sr_err, 0, 0);
#else
Debug(LDAP_DEBUG_TRACE, "do_bind: Bind preoperation plugin returned %d.\n",
rc, 0, 0);
rs->sr_err, 0, 0);
#endif
rc = ldapRc;
rs->sr_err = ldapRc;
goto cleanup;
}
#endif /* defined( LDAP_SLAPI ) */
if ( be->be_bind ) {
int ret;
if ( op->o_bd->be_bind ) {
op->oq_bind.rb_method = method;
rs->sr_err = (op->o_bd->be_bind)( op, rs );
ret = (*be->be_bind)( be, conn, op,
&pdn, &ndn, method, &cred, &edn );
if ( rs->sr_err == 0 ) {
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
if ( ret == 0 ) {
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
if( conn->c_authz_backend == NULL ) {
conn->c_authz_backend = be;
if( op->o_conn->c_authz_backend == NULL ) {
op->o_conn->c_authz_backend = op->o_bd;
}
if(edn.bv_len) {
conn->c_dn = edn;
if(op->oq_bind.rb_edn.bv_len) {
op->o_conn->c_dn = op->oq_bind.rb_edn;
} else {
conn->c_dn = pdn;
pdn.bv_val = NULL;
pdn.bv_len = 0;
op->o_conn->c_dn = op->o_req_dn;
op->o_req_dn.bv_val = NULL;
op->o_req_dn.bv_len = 0;
}
conn->c_ndn = ndn;
ndn.bv_val = NULL;
ndn.bv_len = 0;
op->o_conn->c_ndn = op->o_req_ndn;
op->o_req_ndn.bv_val = NULL;
op->o_req_ndn.bv_len = 0;
if( conn->c_dn.bv_len != 0 ) {
if( op->o_conn->c_dn.bv_len != 0 ) {
ber_len_t max = sockbuf_max_incoming_auth;
ber_sockbuf_ctrl( conn->c_sb,
ber_sockbuf_ctrl( op->o_conn->c_sb,
LBER_SB_OPT_SET_MAX_INCOMING, &max );
}
@ -638,36 +609,34 @@ do_bind(
Statslog( LDAP_DEBUG_STATS,
"conn=%lu op=%lu BIND dn=\"%s\" mech=simple ssf=0\n",
op->o_connid, op->o_opid,
conn->c_dn.bv_val, conn->c_authmech.bv_val, 0 );
op->o_conn->c_dn.bv_val, 0, 0 );
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, DETAIL1,
"do_bind: v%d bind: \"%s\" to \"%s\" \n",
version, conn->c_dn.bv_val, conn->c_dn.bv_val );
version, op->o_conn->c_dn.bv_val, op->o_conn->c_dn.bv_val );
#else
Debug( LDAP_DEBUG_TRACE,
"do_bind: v%d bind: \"%s\" to \"%s\"\n",
version, dn.bv_val, conn->c_dn.bv_val );
version, dn.bv_val, op->o_conn->c_dn.bv_val );
#endif
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
/* send this here to avoid a race condition */
send_ldap_result( conn, op, LDAP_SUCCESS,
NULL, NULL, NULL, NULL );
send_ldap_result( op, rs );
} else if (edn.bv_val != NULL) {
free( edn.bv_val );
} else if (op->oq_bind.rb_edn.bv_val != NULL) {
free( op->oq_bind.rb_edn.bv_val );
}
} else {
send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
NULL, "operation not supported within namingContext",
NULL, NULL );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported within namingContext" );
}
#if defined( LDAP_SLAPI )
if ( doPluginFNs( be, SLAPI_PLUGIN_POST_BIND_FN, pb ) != 0 ) {
if ( doPluginFNs( op->o_bd, SLAPI_PLUGIN_POST_BIND_FN, pb ) != 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO, "do_bind: Bind postoperation plugins failed\n",
0, 0, 0);
@ -679,17 +648,14 @@ do_bind(
#endif /* defined( LDAP_SLAPI ) */
cleanup:
conn->c_sasl_bindop = NULL;
op->o_conn->c_sasl_bindop = NULL;
if( pdn.bv_val != NULL ) {
free( pdn.bv_val );
if( op->o_req_dn.bv_val != NULL ) {
free( op->o_req_dn.bv_val );
}
if( ndn.bv_val != NULL ) {
free( ndn.bv_val );
}
if ( mech.bv_val != NULL ) {
free( mech.bv_val );
if( op->o_req_ndn.bv_val != NULL ) {
free( op->o_req_ndn.bv_val );
}
return rc;
return rs->sr_err;
}

72
servers/slapd/cancel.c
View file

@ -21,67 +21,57 @@
#include <lber_pvt.h>
#include <lutil.h>
int cancel_extop(
Connection *conn,
Operation *op,
struct berval *reqoid,
struct berval *reqdata,
char **rspoid,
struct berval **rspdata,
LDAPControl ***rspctrls,
const char **text,
BerVarray *refs )
int cancel_extop( Operation *op, SlapReply *rs )
{
Backend *be;
Operation *o;
int rc;
int found = 0;
int opid;
BerElement *ber;
int i;
assert( reqoid != NULL );
assert( ber_bvcmp( &slap_EXOP_CANCEL, reqoid ) == 0 );
assert( ber_bvcmp( &slap_EXOP_CANCEL, &op->oq_extended.rs_reqoid ) == 0 );
if ( reqdata == NULL ) {
*text = "no message ID supplied";
if ( op->oq_extended.rs_reqdata == NULL ) {
rs->sr_text = "no message ID supplied";
return LDAP_PROTOCOL_ERROR;
}
ber = ber_init( reqdata );
ber = ber_init( op->oq_extended.rs_reqdata );
if ( ber == NULL ) {
*text = "internal error";
rs->sr_text = "internal error";
return LDAP_OTHER;
}
if ( ber_scanf( ber, "{i}", &opid ) == LBER_ERROR ) {
*text = "message ID parse failed";
rs->sr_text = "message ID parse failed";
return LDAP_PROTOCOL_ERROR;
}
(void) ber_free( ber, 1 );
if ( opid < 0 ) {
*text = "message ID invalid";
rs->sr_text = "message ID invalid";
return LDAP_PROTOCOL_ERROR;
}
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
LDAP_STAILQ_FOREACH( op, &conn->c_pending_ops, o_next ) {
if ( op->o_msgid == opid ) {
LDAP_STAILQ_REMOVE( &conn->c_pending_ops, op, slap_op, o_next );
slap_op_free( op );
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
LDAP_STAILQ_FOREACH( o, &op->o_conn->c_pending_ops, o_next ) {
if ( o->o_msgid == opid ) {
LDAP_STAILQ_REMOVE( &op->o_conn->c_pending_ops, o, slap_op, o_next );
slap_op_free( o );
found = 1;
break;
}
}
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
if ( found ) return LDAP_SUCCESS;
found = 0;
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
LDAP_STAILQ_FOREACH( op, &conn->c_ops, o_next ) {
if ( op->o_msgid == opid ) {
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
LDAP_STAILQ_FOREACH( o, &op->o_conn->c_ops, o_next ) {
if ( o->o_msgid == opid ) {
found = 1;
break;
}
@ -90,33 +80,31 @@ int cancel_extop(
if ( !found ) {
#ifdef LDAP_SYNC
for ( i = 0; i < nbackends; i++ ) {
Backend *be = &backends[i];
if( !be->be_cancel ) continue;
op->o_bd = &backends[i];
if( !op->o_bd->be_cancel ) continue;
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
if ( be->be_cancel( be, conn, op, opid ) == LDAP_SUCCESS ) {
op->oq_cancel.rs_msgid = opid;
if ( op->o_bd->be_cancel( op, rs ) == LDAP_SUCCESS ) {
return LDAP_SUCCESS;
} else {
*text = "message ID not found";
return LDAP_NO_SUCH_OPERATION;
}
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
}
#else
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
*text = "message ID not found";
return LDAP_NO_SUCH_OPERATION;
#endif
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
rs->sr_text = "message ID not found";
return LDAP_NO_SUCH_OPERATION;
}
if ( op->o_cancel != SLAP_CANCEL_NONE ) {
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
*text = "message ID already being cancelled";
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
rs->sr_text = "message ID already being cancelled";
return LDAP_PROTOCOL_ERROR;
}
op->o_cancel = SLAP_CANCEL_REQ;
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
while ( op->o_cancel == SLAP_CANCEL_REQ ) {
ldap_pvt_thread_yield();

176
servers/slapd/compare.c
View file

@ -27,28 +27,23 @@
#endif
static int compare_entry(
Connection *conn,
Operation *op,
Entry *e,
AttributeAssertion *ava );
int
do_compare(
Connection *conn,
Operation *op
Operation *op,
SlapReply *rs
)
{
Entry *entry = NULL;
Entry *fentry = NULL;
struct berval dn = { 0, NULL };
struct berval pdn = { 0, NULL };
struct berval ndn = { 0, NULL };
struct berval desc = { 0, NULL };
struct berval value = { 0, NULL };
AttributeAssertion ava = { NULL, { 0, NULL } };
Backend *be;
int rc = LDAP_SUCCESS;
const char *text = NULL;
int manageDSAit;
#ifdef LDAP_SLAPI
@ -58,7 +53,7 @@ do_compare(
ava.aa_desc = NULL;
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ENTRY, "do_compare: conn %d\n", conn->c_connid, 0, 0 );
LDAP_LOG( OPERATION, ENTRY, "do_compare: conn %d\n", op->o_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE, "do_compare\n", 0, 0, 0 );
#endif
@ -77,155 +72,147 @@ do_compare(
if ( ber_scanf( op->o_ber, "{m" /*}*/, &dn ) == LBER_ERROR ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ERR,
"do_compare: conn %d ber_scanf failed\n", conn->c_connid, 0, 0 );
"do_compare: conn %d ber_scanf failed\n", op->o_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
#endif
send_ldap_disconnect( conn, op,
LDAP_PROTOCOL_ERROR, "decoding error" );
send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
return SLAPD_DISCONNECT;
}
if ( ber_scanf( op->o_ber, "{mm}", &desc, &value ) == LBER_ERROR ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ERR,
"do_compare: conn %d get ava failed\n", conn->c_connid, 0, 0 );
"do_compare: conn %d get ava failed\n", op->o_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY, "do_compare: get ava failed\n", 0, 0, 0 );
#endif
send_ldap_disconnect( conn, op,
LDAP_PROTOCOL_ERROR, "decoding error" );
rc = SLAPD_DISCONNECT;
goto cleanup;
send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
return SLAPD_DISCONNECT;
}
if ( ber_scanf( op->o_ber, /*{*/ "}" ) == LBER_ERROR ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ERR,
"do_compare: conn %d ber_scanf failed\n", conn->c_connid, 0, 0 );
"do_compare: conn %d ber_scanf failed\n", op->o_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
#endif
send_ldap_disconnect( conn, op,
LDAP_PROTOCOL_ERROR, "decoding error" );
rc = SLAPD_DISCONNECT;
goto cleanup;
send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
return SLAPD_DISCONNECT;
}
if( ( rc = get_ctrls( conn, op, 1 )) != LDAP_SUCCESS ) {
if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
"do_compare: conn %d get_ctrls failed\n", conn->c_connid, 0, 0 );
"do_compare: conn %d get_ctrls failed\n", op->o_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY, "do_compare: get_ctrls failed\n", 0, 0, 0 );
#endif
goto cleanup;
}
rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn );
if( rc != LDAP_SUCCESS ) {
rs->sr_err = dnPrettyNormal( NULL, &dn, &op->o_req_dn, &op->o_req_ndn );
if( rs->sr_err != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
"do_compare: conn %d invalid dn (%s)\n",
conn->c_connid, dn.bv_val, 0 );
op->o_connid, dn.bv_val, 0 );
#else
Debug( LDAP_DEBUG_ANY,
"do_compare: invalid dn (%s)\n", dn.bv_val, 0, 0 );
#endif
send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
"invalid DN", NULL, NULL );
send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid DN" );
goto cleanup;
}
rc = slap_bv2ad( &desc, &ava.aa_desc, &text );
if( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc, NULL, text, NULL, NULL );
rs->sr_err = slap_bv2ad( &desc, &ava.aa_desc, &rs->sr_text );
if( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
#ifdef SLAP_NVALUES
rc = asserted_value_validate_normalize( ava.aa_desc,
rs->sr_err = asserted_value_validate_normalize( ava.aa_desc,
ava.aa_desc->ad_type->sat_equality,
SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
&value, &ava.aa_value, &text );
&value, &ava.aa_value, &rs->sr_text );
#else
rc = value_validate_normalize( ava.aa_desc, SLAP_MR_EQUALITY,
&value, &ava.aa_value, &text );
rs->sr_err = value_validate_normalize( ava.aa_desc, SLAP_MR_EQUALITY,
&value, &ava.aa_value, &rs->sr_text );
#endif
if( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc, NULL, text, NULL, NULL );
if( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
if( strcasecmp( ndn.bv_val, LDAP_ROOT_DSE ) == 0 ) {
if( strcasecmp( op->o_req_ndn.bv_val, LDAP_ROOT_DSE ) == 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ARGS,
"do_compare: dn (%s) attr(%s) value (%s)\n",
pdn.bv_val, ava.aa_desc->ad_cname.bv_val, ava.aa_value.bv_val );
op->o_req_dn.bv_val, ava.aa_desc->ad_cname.bv_val, ava.aa_value.bv_val );
#else
Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n",
pdn.bv_val, ava.aa_desc->ad_cname.bv_val, ava.aa_value.bv_val );
op->o_req_dn.bv_val, ava.aa_desc->ad_cname.bv_val, ava.aa_value.bv_val );
#endif
Statslog( LDAP_DEBUG_STATS,
"conn=%lu op=%lu CMP dn=\"%s\" attr=\"%s\"\n",
op->o_connid, op->o_opid, pdn.bv_val,
op->o_connid, op->o_opid, op->o_req_dn.bv_val,
ava.aa_desc->ad_cname.bv_val, 0 );
rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
if( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc, NULL, text, NULL, NULL );
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
rc = root_dse_info( conn, &entry, &text );
if( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc, NULL, text, NULL, NULL );
rs->sr_err = root_dse_info( op->o_conn, &entry, &rs->sr_text );
if( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
fentry = entry;
} else if ( bvmatch( &ndn, &global_schemandn ) ) {
} else if ( bvmatch( &op->o_req_ndn, &global_schemandn ) ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ARGS,
"do_compare: dn (%s) attr(%s) value (%s)\n",
pdn.bv_val, ava.aa_desc->ad_cname.bv_val,
op->o_req_dn.bv_val, ava.aa_desc->ad_cname.bv_val,
ava.aa_value.bv_val );
#else
Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n",
pdn.bv_val, ava.aa_desc->ad_cname.bv_val, ava.aa_value.bv_val );
op->o_req_dn.bv_val, ava.aa_desc->ad_cname.bv_val, ava.aa_value.bv_val );
#endif
Statslog( LDAP_DEBUG_STATS,
"conn=%lu op=%lu CMP dn=\"%s\" attr=\"%s\"\n",
op->o_connid, op->o_opid, pdn.bv_val,
op->o_connid, op->o_opid, op->o_req_dn.bv_val,
ava.aa_desc->ad_cname.bv_val, 0 );
rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
if( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc, NULL, text, NULL, NULL );
rc = 0;
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
rs->sr_err = 0;
goto cleanup;
}
rc = schema_info( &entry, &text );
if( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc, NULL, text, NULL, NULL );
rc = 0;
rs->sr_err = schema_info( &entry, &rs->sr_text );
if( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
rs->sr_err = 0;
goto cleanup;
}
fentry = entry;
}
if( entry ) {
rc = compare_entry( conn, op, entry, &ava );
rs->sr_err = compare_entry( op, entry, &ava );
if( fentry) entry_free( fentry );
send_ldap_result( conn, op, rc, NULL, text, NULL, NULL );
send_ldap_result( op, rs );
if( rc == LDAP_COMPARE_TRUE || rc == LDAP_COMPARE_FALSE ) {
rc = 0;
if( rs->sr_err == LDAP_COMPARE_TRUE || rs->sr_err == LDAP_COMPARE_FALSE ) {
rs->sr_err = 0;
}
goto cleanup;
@ -238,56 +225,54 @@ do_compare(
* appropriate one, or send a referral to our "referral server"
* if we don't hold it.
*/
if ( (be = select_backend( &ndn, manageDSAit, 0 )) == NULL ) {
BerVarray ref = referral_rewrite( default_referral,
NULL, &pdn, LDAP_SCOPE_DEFAULT );
if ( (op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 0 )) == NULL ) {
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
send_ldap_result( conn, op, rc = LDAP_REFERRAL,
NULL, NULL, ref ? ref : default_referral, NULL );
rs->sr_err = LDAP_REFERRAL;
if (!rs->sr_ref) rs->sr_ref = default_referral;
send_ldap_result( op, rs );
ber_bvarray_free( ref );
rc = 0;
if (rs->sr_ref != default_referral) ber_bvarray_free( rs->sr_ref );
rs->sr_err = 0;
goto cleanup;
}
/* check restrictions */
rc = backend_check_restrictions( be, conn, op, NULL, &text ) ;
if( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
/* check for referrals */
rc = backend_check_referrals( be, conn, op, &pdn, &ndn );
if ( rc != LDAP_SUCCESS ) {
if( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) {
goto cleanup;
}
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ARGS,
"do_compare: dn (%s) attr(%s) value (%s)\n",
pdn.bv_val, ava.aa_desc->ad_cname.bv_val, ava.aa_value.bv_val );
op->o_req_dn.bv_val, ava.aa_desc->ad_cname.bv_val, ava.aa_value.bv_val );
#else
Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n",
pdn.bv_val, ava.aa_desc->ad_cname.bv_val, ava.aa_value.bv_val );
op->o_req_dn.bv_val, ava.aa_desc->ad_cname.bv_val, ava.aa_value.bv_val );
#endif
Statslog( LDAP_DEBUG_STATS, "conn=%lu op=%lu CMP dn=\"%s\" attr=\"%s\"\n",
op->o_connid, op->o_opid, pdn.bv_val,
op->o_connid, op->o_opid, op->o_req_dn.bv_val,
ava.aa_desc->ad_cname.bv_val, 0 );
#if defined( LDAP_SLAPI )
slapi_x_backend_set_pb( pb, be );
slapi_x_connection_set_pb( pb, conn );
slapi_x_backend_set_pb( pb, op->o_bd );
slapi_x_connection_set_pb( pb, op->o_conn );
slapi_x_operation_set_pb( pb, op );
slapi_pblock_set( pb, SLAPI_COMPARE_TARGET, (void *)dn.bv_val );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit );
slapi_pblock_set( pb, SLAPI_COMPARE_TYPE, (void *)desc.bv_val );
slapi_pblock_set( pb, SLAPI_COMPARE_VALUE, (void *)&value );
rc = doPluginFNs( be, SLAPI_PLUGIN_PRE_COMPARE_FN, pb );
if ( rc != 0 ) {
rs->sr_err = doPluginFNs( op->o_bd, SLAPI_PLUGIN_PRE_COMPARE_FN, pb );
if ( rs->sr_err != 0 ) {
/*
* A preoperation plugin failure will abort the
* entire operation.
@ -299,22 +284,22 @@ do_compare(
Debug(LDAP_DEBUG_TRACE, "do_compare: compare preoperation plugin "
"failed.\n", 0, 0, 0);
#endif
if ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void *)&rc ) != 0)
rc = LDAP_OTHER;
if ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void *)&rs->sr_err ) != 0)
rs->sr_err = LDAP_OTHER;
goto cleanup;
}
#endif /* defined( LDAP_SLAPI ) */
if ( be->be_compare ) {
(*be->be_compare)( be, conn, op, &pdn, &ndn, &ava );
if ( op->o_bd->be_compare ) {
op->oq_compare.rs_ava = &ava;
op->o_bd->be_compare( op, rs );
} else {
send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
NULL, "operation not supported within namingContext",
NULL, NULL );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported within namingContext" );
}
#if defined( LDAP_SLAPI )
if ( doPluginFNs( be, SLAPI_PLUGIN_POST_COMPARE_FN, pb ) != 0 ) {
if ( doPluginFNs( op->o_bd, SLAPI_PLUGIN_POST_COMPARE_FN, pb ) != 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO, "do_compare: compare postoperation plugins "
"failed\n", 0, 0, 0 );
@ -326,15 +311,14 @@ do_compare(
#endif /* defined( LDAP_SLAPI ) */
cleanup:
free( pdn.bv_val );
free( ndn.bv_val );
free( op->o_req_dn.bv_val );
free( op->o_req_ndn.bv_val );
if ( ava.aa_value.bv_val ) free( ava.aa_value.bv_val );
return rc;
return rs->sr_err;
}
static int compare_entry(
Connection *conn,
Operation *op,
Entry *e,
AttributeAssertion *ava )
@ -342,7 +326,7 @@ static int compare_entry(
int rc = LDAP_NO_SUCH_ATTRIBUTE;
Attribute *a;
if ( ! access_allowed( NULL, conn, op, e,
if ( ! access_allowed( op, e,
ava->aa_desc, &ava->aa_value, ACL_COMPARE, NULL ) )
{
return LDAP_INSUFFICIENT_ACCESS;

31
servers/slapd/connection.c
View file

@ -883,6 +883,7 @@ connection_operation( void *ctx, void *arg_v )
{
int rc;
Operation *op = arg_v;
SlapReply rs = {REP_RESULT};
ber_tag_t tag = op->o_tag;
#ifdef SLAPD_MONITOR
ber_tag_t oldtag = tag;
@ -905,61 +906,60 @@ connection_operation( void *ctx, void *arg_v )
"error: SASL bind in progress (tag=%ld).\n",
(long) tag, 0, 0 );
#endif
send_ldap_result( conn, op,
rc = LDAP_OPERATIONS_ERROR,
NULL, "SASL bind in progress", NULL, NULL );
send_ldap_error( op, &rs, LDAP_OPERATIONS_ERROR,
"SASL bind in progress" );
goto operations_error;
}
switch ( tag ) {
case LDAP_REQ_BIND:
INCR_OP(num_ops_initiated_, SLAP_OP_BIND);
rc = do_bind( conn, op );
rc = do_bind( op, &rs );
break;
case LDAP_REQ_UNBIND:
INCR_OP(num_ops_initiated_, SLAP_OP_UNBIND);
rc = do_unbind( conn, op );
rc = do_unbind( op, &rs );
break;
case LDAP_REQ_ADD:
INCR_OP(num_ops_initiated_, SLAP_OP_ADD);
rc = do_add( conn, op );
rc = do_add( op, &rs );
break;
case LDAP_REQ_DELETE:
INCR_OP(num_ops_initiated_, SLAP_OP_DELETE);
rc = do_delete( conn, op );
rc = do_delete( op, &rs );
break;
case LDAP_REQ_MODRDN:
INCR_OP(num_ops_initiated_, SLAP_OP_MODRDN);
rc = do_modrdn( conn, op );
rc = do_modrdn( op, &rs );
break;
case LDAP_REQ_MODIFY:
INCR_OP(num_ops_initiated_, SLAP_OP_MODIFY);
rc = do_modify( conn, op );
rc = do_modify( op, &rs );
break;
case LDAP_REQ_COMPARE:
INCR_OP(num_ops_initiated_, SLAP_OP_COMPARE);
rc = do_compare( conn, op );
rc = do_compare( op, &rs );
break;
case LDAP_REQ_SEARCH:
INCR_OP(num_ops_initiated_, SLAP_OP_SEARCH);
rc = do_search( conn, op );
rc = do_search( op, &rs );
break;
case LDAP_REQ_ABANDON:
INCR_OP(num_ops_initiated_, SLAP_OP_ABANDON);
rc = do_abandon( conn, op );
rc = do_abandon( op, &rs );
break;
case LDAP_REQ_EXTENDED:
INCR_OP(num_ops_initiated_, SLAP_OP_EXTENDED);
rc = do_extended( conn, op );
rc = do_extended( op, &rs );
break;
default:
@ -972,8 +972,9 @@ connection_operation( void *ctx, void *arg_v )
tag, 0, 0 );
#endif
op->o_tag = LBER_ERROR;
send_ldap_disconnect( conn, op,
LDAP_PROTOCOL_ERROR, "unknown LDAP request" );
rs.sr_err = LDAP_PROTOCOL_ERROR;
rs.sr_text = "unknown LDAP request";
send_ldap_disconnect( op, &rs );
rc = -1;
break;
}

278
servers/slapd/controls.c
View file

@ -331,8 +331,8 @@ find_ctrl( const char *oid )
}
int get_ctrls(
Connection *conn,
Operation *op,
SlapReply *rs,
int sendres )
{
int nctrls = 0;
@ -341,21 +341,19 @@ int get_ctrls(
char *opaque;
BerElement *ber = op->o_ber;
struct slap_control *sc;
int rc = LDAP_SUCCESS;
const char *errmsg = NULL;
len = ber_pvt_ber_remaining(ber);
if( len == 0) {
/* no controls */
rc = LDAP_SUCCESS;
return rc;
rs->sr_err = LDAP_SUCCESS;
return rs->sr_err;
}
if(( tag = ber_peek_tag( ber, &len )) != LDAP_TAG_CONTROLS ) {
if( tag == LBER_ERROR ) {
rc = SLAPD_DISCONNECT;
errmsg = "unexpected data in PDU";
rs->sr_err = SLAPD_DISCONNECT;
rs->sr_text = "unexpected data in PDU";
}
goto return_results;
@ -363,15 +361,15 @@ int get_ctrls(
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ENTRY,
"get_ctrls: conn %lu\n", conn->c_connid, 0, 0 );
"get_ctrls: conn %lu\n", op->o_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"=> get_ctrls\n", 0, 0, 0 );
#endif
if( op->o_protocol < LDAP_VERSION3 ) {
rc = SLAPD_DISCONNECT;
errmsg = "controls require LDAPv3";
rs->sr_err = SLAPD_DISCONNECT;
rs->sr_text = "controls require LDAPv3";
goto return_results;
}
@ -380,8 +378,8 @@ int get_ctrls(
#if 0
if( op->ctrls == NULL ) {
rc = LDAP_NO_MEMORY;
errmsg = "no memory";
rs->sr_err = LDAP_NO_MEMORY;
rs->sr_text = "no memory";
goto return_results;
}
#endif
@ -403,8 +401,8 @@ int get_ctrls(
ldap_controls_free(op->o_ctrls);
op->o_ctrls = NULL;
rc = LDAP_NO_MEMORY;
errmsg = "no memory";
rs->sr_err = LDAP_NO_MEMORY;
rs->sr_text = "no memory";
goto return_results;
}
#endif
@ -421,8 +419,8 @@ int get_ctrls(
ldap_controls_free(op->o_ctrls);
op->o_ctrls = NULL;
rc = LDAP_NO_MEMORY;
errmsg = "no memory";
rs->sr_err = LDAP_NO_MEMORY;
rs->sr_text = "no memory";
goto return_results;
}
#endif
@ -436,7 +434,7 @@ int get_ctrls(
if( tag == LBER_ERROR ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO, "get_ctrls: conn %lu get OID failed.\n",
conn->c_connid, 0, 0 );
op->o_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE, "=> get_ctrls: get oid failed.\n",
0, 0, 0 );
@ -444,25 +442,25 @@ int get_ctrls(
ldap_controls_free( op->o_ctrls );
op->o_ctrls = NULL;
rc = SLAPD_DISCONNECT;
errmsg = "decoding controls error";
rs->sr_err = SLAPD_DISCONNECT;
rs->sr_text = "decoding controls error";
goto return_results;
} else if( c->ldctl_oid == NULL ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
"get_ctrls: conn %lu got emtpy OID.\n",
conn->c_connid, 0, 0 );
op->o_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"get_ctrls: conn %lu got emtpy OID.\n",
conn->c_connid, 0, 0 );
op->o_connid, 0, 0 );
#endif
ldap_controls_free( op->o_ctrls );
op->o_ctrls = NULL;
rc = LDAP_PROTOCOL_ERROR;
errmsg = "OID field is empty";
rs->sr_err = LDAP_PROTOCOL_ERROR;
rs->sr_text = "OID field is empty";
goto return_results;
}
@ -476,15 +474,15 @@ int get_ctrls(
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
"get_ctrls: conn %lu get crit failed.\n",
conn->c_connid, 0, 0 );
op->o_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE, "=> get_ctrls: get crit failed.\n",
0, 0, 0 );
#endif
ldap_controls_free( op->o_ctrls );
op->o_ctrls = NULL;
rc = SLAPD_DISCONNECT;
errmsg = "decoding controls error";
rs->sr_err = SLAPD_DISCONNECT;
rs->sr_text = "decoding controls error";
goto return_results;
}
@ -499,18 +497,18 @@ int get_ctrls(
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO, "get_ctrls: conn %lu: "
"%s (%scritical): get value failed.\n",
conn->c_connid, c->ldctl_oid,
op->o_connid, c->ldctl_oid,
c->ldctl_iscritical ? "" : "non" );
#else
Debug( LDAP_DEBUG_TRACE, "=> get_ctrls: conn %lu: "
"%s (%scritical): get value failed.\n",
conn->c_connid, c->ldctl_oid,
op->o_connid, c->ldctl_oid,
c->ldctl_iscritical ? "" : "non" );
#endif
ldap_controls_free( op->o_ctrls );
op->o_ctrls = NULL;
rc = SLAPD_DISCONNECT;
errmsg = "decoding controls error";
rs->sr_err = SLAPD_DISCONNECT;
rs->sr_text = "decoding controls error";
goto return_results;
}
}
@ -518,7 +516,7 @@ int get_ctrls(
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
"get_ctrls: conn %lu oid=\"%s\" (%scritical)\n",
conn->c_connid, c->ldctl_oid, c->ldctl_iscritical ? "" : "non" );
op->o_connid, c->ldctl_oid, c->ldctl_iscritical ? "" : "non" );
#else
Debug( LDAP_DEBUG_TRACE,
"=> get_ctrls: oid=\"%s\" (%scritical)\n",
@ -559,11 +557,11 @@ int get_ctrls(
break;
case LDAP_REQ_EXTENDED:
tagmask=~0L;
assert( op->o_extendedop != NULL );
assert( op->oq_extended.rs_reqoid.bv_val != NULL );
if( sc->sc_extendedops != NULL ) {
int i;
for( i=0; sc->sc_extendedops[i] != NULL; i++ ) {
if( strcmp( op->o_extendedop, sc->sc_extendedops[i] )
if( strcmp( op->oq_extended.rs_reqoid.bv_val, sc->sc_extendedops[i] )
== 0 )
{
tagmask=0L;
@ -573,8 +571,8 @@ int get_ctrls(
}
break;
default:
rc = LDAP_OTHER;
errmsg = "controls internal error";
rs->sr_err = LDAP_OTHER;
rs->sr_text = "controls internal error";
goto return_results;
}
@ -582,14 +580,14 @@ int get_ctrls(
/* available extension */
if( !sc->sc_parse ) {
rc = LDAP_OTHER;
errmsg = "not yet implemented";
rs->sr_err = LDAP_OTHER;
rs->sr_text = "not yet implemented";
goto return_results;
}
rc = sc->sc_parse( conn, op, c, &errmsg );
rs->sr_err = sc->sc_parse( op, rs, c );
if( rc != LDAP_SUCCESS ) goto return_results;
if( rs->sr_err != LDAP_SUCCESS ) goto return_results;
if ( sc->sc_mask & SLAP_CTRL_FRONTEND ) {
/* kludge to disable backend_control() check */
@ -604,15 +602,15 @@ int get_ctrls(
} else if( c->ldctl_iscritical ) {
/* unavailable CRITICAL control */
rc = LDAP_UNAVAILABLE_CRITICAL_EXTENSION;
errmsg = "critical extension is unavailable";
rs->sr_err = LDAP_UNAVAILABLE_CRITICAL_EXTENSION;
rs->sr_text = "critical extension is unavailable";
goto return_results;
}
} else if( c->ldctl_iscritical ) {
/* unrecognized CRITICAL control */
rc = LDAP_UNAVAILABLE_CRITICAL_EXTENSION;
errmsg = "critical extension is not recognized";
rs->sr_err = LDAP_UNAVAILABLE_CRITICAL_EXTENSION;
rs->sr_text = "critical extension is not recognized";
goto return_results;
}
}
@ -621,38 +619,38 @@ return_results:
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, RESULTS,
"get_ctrls: n=%d rc=%d err=\"%s\"\n",
nctrls, rc, errmsg ? errmsg : "" );
nctrls, rs->sr_err, rs->sr_text ? rs->sr_text : "" );
#else
Debug( LDAP_DEBUG_TRACE,
"<= get_ctrls: n=%d rc=%d err=\"%s\"\n",
nctrls, rc, errmsg ? errmsg : "");
nctrls, rs->sr_err, rs->sr_text ? rs->sr_text : "");
#endif
if( sendres && rc != LDAP_SUCCESS ) {
if( rc == SLAPD_DISCONNECT ) {
send_ldap_disconnect( conn, op, LDAP_PROTOCOL_ERROR, errmsg );
if( sendres && rs->sr_err != LDAP_SUCCESS ) {
if( rs->sr_err == SLAPD_DISCONNECT ) {
rs->sr_err = LDAP_PROTOCOL_ERROR;
send_ldap_disconnect( op, rs );
rs->sr_err = SLAPD_DISCONNECT;
} else {
send_ldap_result( conn, op, rc,
NULL, errmsg, NULL, NULL );
send_ldap_result( op, rs );
}
}
return rc;
return rs->sr_err;
}
static int parseManageDSAit (
Connection *conn,
Operation *op,
LDAPControl *ctrl,
const char **text )
SlapReply *rs,
LDAPControl *ctrl )
{
if ( op->o_managedsait != SLAP_NO_CONTROL ) {
*text = "manageDSAit control specified multiple times";
rs->sr_text = "manageDSAit control specified multiple times";
return LDAP_PROTOCOL_ERROR;
}
if ( ctrl->ldctl_value.bv_len ) {
*text = "manageDSAit control value not empty";
rs->sr_text = "manageDSAit control value not empty";
return LDAP_PROTOCOL_ERROR;
}
@ -664,16 +662,15 @@ static int parseManageDSAit (
}
static int parseProxyAuthz (
Connection *conn,
Operation *op,
LDAPControl *ctrl,
const char **text )
SlapReply *rs,
LDAPControl *ctrl )
{
int rc;
struct berval dn = { 0, NULL };
if ( op->o_proxy_authz != SLAP_NO_CONTROL ) {
*text = "proxy authorization control specified multiple times";
rs->sr_text = "proxy authorization control specified multiple times";
return LDAP_PROTOCOL_ERROR;
}
@ -684,13 +681,13 @@ static int parseProxyAuthz (
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ARGS,
"parseProxyAuthz: conn %lu authzid=\"%s\"\n",
conn->c_connid,
op->o_connid,
ctrl->ldctl_value.bv_len ? ctrl->ldctl_value.bv_val : "anonymous",
0 );
#else
Debug( LDAP_DEBUG_ARGS,
"parseProxyAuthz: conn %lu authzid=\"%s\"\n",
conn->c_connid,
op->o_connid,
ctrl->ldctl_value.bv_len ? ctrl->ldctl_value.bv_val : "anonymous",
0 );
#endif
@ -699,11 +696,11 @@ static int parseProxyAuthz (
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, RESULTS,
"parseProxyAuthz: conn=%lu anonymous\n",
conn->c_connid, 0, 0 );
op->o_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"parseProxyAuthz: conn=%lu anonymous\n",
conn->c_connid, 0, 0 );
op->o_connid, 0, 0 );
#endif
/* anonymous */
@ -718,7 +715,7 @@ static int parseProxyAuthz (
return LDAP_SUCCESS;
}
rc = slap_sasl_getdn( conn,
rc = slap_sasl_getdn( op->o_conn,
ctrl->ldctl_value.bv_val, ctrl->ldctl_value.bv_len,
NULL, &dn, SLAP_GETDN_AUTHZID );
@ -726,27 +723,27 @@ static int parseProxyAuthz (
if ( dn.bv_val ) {
ch_free( dn.bv_val );
}
*text = "authzId mapping failed";
rs->sr_text = "authzId mapping failed";
return LDAP_PROXY_AUTHZ_FAILURE;
}
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, RESULTS,
"parseProxyAuthz: conn=%lu \"%s\"\n",
conn->c_connid,
op->o_connid,
dn.bv_len ? dn.bv_val : "(NULL)", 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"parseProxyAuthz: conn=%lu \"%s\"\n",
conn->c_connid,
op->o_connid,
dn.bv_len ? dn.bv_val : "(NULL)", 0 );
#endif
rc = slap_sasl_authorized( conn, &op->o_ndn, &dn );
rc = slap_sasl_authorized( op->o_conn, &op->o_ndn, &dn );
if( rc ) {
ch_free( dn.bv_val );
*text = "not authorized to assume identity";
rs->sr_text = "not authorized to assume identity";
return LDAP_PROXY_AUTHZ_FAILURE;
}
@ -766,18 +763,17 @@ static int parseProxyAuthz (
}
static int parseNoOp (
Connection *conn,
Operation *op,
LDAPControl *ctrl,
const char **text )
SlapReply *rs,
LDAPControl *ctrl )
{
if ( op->o_noop != SLAP_NO_CONTROL ) {
*text = "noop control specified multiple times";
rs->sr_text = "noop control specified multiple times";
return LDAP_PROTOCOL_ERROR;
}
if ( ctrl->ldctl_value.bv_len ) {
*text = "noop control value not empty";
rs->sr_text = "noop control value not empty";
return LDAP_PROTOCOL_ERROR;
}
@ -790,10 +786,9 @@ static int parseNoOp (
#ifdef LDAP_CONTROL_PAGEDRESULTS
static int parsePagedResults (
Connection *conn,
Operation *op,
LDAPControl *ctrl,
const char **text )
SlapReply *rs,
LDAPControl *ctrl )
{
ber_tag_t tag;
ber_int_t size;
@ -801,12 +796,12 @@ static int parsePagedResults (
struct berval cookie = { 0, NULL };
if ( op->o_pagedresults != SLAP_NO_CONTROL ) {
*text = "paged results control specified multiple times";
rs->sr_text = "paged results control specified multiple times";
return LDAP_PROTOCOL_ERROR;
}
if ( ctrl->ldctl_value.bv_len == 0 ) {
*text = "paged results control value is empty (or absent)";
rs->sr_text = "paged results control value is empty (or absent)";
return LDAP_PROTOCOL_ERROR;
}
@ -820,7 +815,7 @@ static int parsePagedResults (
*/
ber = ber_init( &ctrl->ldctl_value );
if( ber == NULL ) {
*text = "internal error";
rs->sr_text = "internal error";
return LDAP_OTHER;
}
@ -828,12 +823,12 @@ static int parsePagedResults (
(void) ber_free( ber, 1 );
if( tag == LBER_ERROR ) {
*text = "paged results control could not be decoded";
rs->sr_text = "paged results control could not be decoded";
return LDAP_PROTOCOL_ERROR;
}
if( size < 0 ) {
*text = "paged results control size invalid";
rs->sr_text = "paged results control size invalid";
return LDAP_PROTOCOL_ERROR;
}
@ -841,7 +836,7 @@ static int parsePagedResults (
PagedResultsCookie reqcookie;
if( cookie.bv_len != sizeof( reqcookie ) ) {
/* bad cookie */
*text = "paged results cookie is invalid";
rs->sr_text = "paged results cookie is invalid";
return LDAP_PROTOCOL_ERROR;
}
@ -849,11 +844,11 @@ static int parsePagedResults (
if( reqcookie > op->o_pagedresults_state.ps_cookie ) {
/* bad cookie */
*text = "paged results cookie is invalid";
rs->sr_text = "paged results cookie is invalid";
return LDAP_PROTOCOL_ERROR;
} else if( reqcookie < op->o_pagedresults_state.ps_cookie ) {
*text = "paged results cookie is invalid or old";
rs->sr_text = "paged results cookie is invalid or old";
return LDAP_UNWILLING_TO_PERFORM;
}
} else {
@ -873,42 +868,39 @@ static int parsePagedResults (
#endif
int parseValuesReturnFilter (
Connection *conn,
Operation *op,
LDAPControl *ctrl,
const char **text )
SlapReply *rs,
LDAPControl *ctrl )
{
int rc;
BerElement *ber;
struct berval fstr = { 0, NULL };
const char *err_msg = "";
if ( op->o_valuesreturnfilter != SLAP_NO_CONTROL ) {
*text = "valuesReturnFilter control specified multiple times";
rs->sr_text = "valuesReturnFilter control specified multiple times";
return LDAP_PROTOCOL_ERROR;
}
if ( ctrl->ldctl_value.bv_len == 0 ) {
*text = "valuesReturnFilter control value is empty (or absent)";
rs->sr_text = "valuesReturnFilter control value is empty (or absent)";
return LDAP_PROTOCOL_ERROR;
}
ber = ber_init( &(ctrl->ldctl_value) );
if (ber == NULL) {
*text = "internal error";
rs->sr_text = "internal error";
return LDAP_OTHER;
}
rc = get_vrFilter( conn, ber, &(op->vrFilter), &err_msg);
rs->sr_err = get_vrFilter( op->o_conn, ber, &(op->vrFilter), &rs->sr_text);
if( rc != LDAP_SUCCESS ) {
text = &err_msg;
if( rc == SLAPD_DISCONNECT ) {
send_ldap_disconnect( conn, op,
LDAP_PROTOCOL_ERROR, *text );
if( rs->sr_err != LDAP_SUCCESS ) {
if( rs->sr_err == SLAPD_DISCONNECT ) {
rs->sr_err = LDAP_PROTOCOL_ERROR;
send_ldap_disconnect( op, rs );
rs->sr_err = SLAPD_DISCONNECT;
} else {
send_ldap_result( conn, op, rc,
NULL, *text, NULL, NULL );
send_ldap_result( op, rs );
}
if( fstr.bv_val != NULL) free( fstr.bv_val );
if( op->vrFilter != NULL) vrFilter_free( op->vrFilter );
@ -920,7 +912,7 @@ int parseValuesReturnFilter (
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ARGS,
"parseValuesReturnFilter: conn %d vrFilter: %s\n",
conn->c_connid, fstr.bv_len ? fstr.bv_val : "empty" , 0 );
op->o_connid, fstr.bv_len ? fstr.bv_val : "empty" , 0 );
#else
Debug( LDAP_DEBUG_ARGS, " vrFilter: %s\n",
fstr.bv_len ? fstr.bv_val : "empty", 0, 0 );
@ -930,18 +922,18 @@ int parseValuesReturnFilter (
? SLAP_CRITICAL_CONTROL
: SLAP_NONCRITICAL_CONTROL;
rs->sr_err = LDAP_SUCCESS;
return LDAP_SUCCESS;
}
#ifdef LDAP_CONTROL_SUBENTRIES
static int parseSubentries (
Connection *conn,
Operation *op,
LDAPControl *ctrl,
const char **text )
SlapReply *rs,
LDAPControl *ctrl )
{
if ( op->o_subentries != SLAP_NO_CONTROL ) {
*text = "subentries control specified multiple times";
rs->sr_text = "subentries control specified multiple times";
return LDAP_PROTOCOL_ERROR;
}
@ -950,7 +942,7 @@ static int parseSubentries (
&& ( ctrl->ldctl_value.bv_val[0] != 0x01 )
&& ( ctrl->ldctl_value.bv_val[1] != 0x01 ))
{
*text = "subentries control value encoding is bogus";
rs->sr_text = "subentries control value encoding is bogus";
return LDAP_PROTOCOL_ERROR;
}
@ -966,18 +958,17 @@ static int parseSubentries (
#ifdef LDAP_CONTROL_X_PERMISSIVE_MODIFY
static int parsePermissiveModify (
Connection *conn,
Operation *op,
LDAPControl *ctrl,
const char **text )
SlapReply *rs,
LDAPControl *ctrl )
{
if ( op->o_permissive_modify != SLAP_NO_CONTROL ) {
*text = "permissiveModify control specified multiple times";
rs->sr_text = "permissiveModify control specified multiple times";
return LDAP_PROTOCOL_ERROR;
}
if ( ctrl->ldctl_value.bv_len ) {
*text = "permissiveModify control value not empty";
rs->sr_text = "permissiveModify control value not empty";
return LDAP_PROTOCOL_ERROR;
}
@ -991,18 +982,17 @@ static int parsePermissiveModify (
#ifdef LDAP_CONTROL_X_DOMAIN_SCOPE
static int parseDomainScope (
Connection *conn,
Operation *op,
LDAPControl *ctrl,
const char **text )
SlapReply *rs,
LDAPControl *ctrl )
{
if ( op->o_domain_scope != SLAP_NO_CONTROL ) {
*text = "domainScope control specified multiple times";
rs->sr_text = "domainScope control specified multiple times";
return LDAP_PROTOCOL_ERROR;
}
if ( ctrl->ldctl_value.bv_len ) {
*text = "domainScope control value not empty";
rs->sr_text = "domainScope control value not empty";
return LDAP_PROTOCOL_ERROR;
}
@ -1016,10 +1006,9 @@ static int parseDomainScope (
#ifdef LDAP_CLIENT_UPDATE
static int parseClientUpdate (
Connection *conn,
Operation *op,
LDAPControl *ctrl,
const char **text )
SlapReply *rs,
LDAPControl *ctrl )
{
ber_tag_t tag;
BerElement *ber;
@ -1030,19 +1019,19 @@ static int parseClientUpdate (
struct berval cookie = { 0, NULL };
if ( op->o_clientupdate != SLAP_NO_CONTROL ) {
*text = "LCUP client update control specified multiple times";
rs->sr_text = "LCUP client update control specified multiple times";
return LDAP_PROTOCOL_ERROR;
}
#ifdef LDAP_SYNC
if ( op->o_sync != SLAP_NO_CONTROL ) {
*text = "LDAP Client Update and Sync controls used together";
rs->sr_text = "LDAP Client Update and Sync controls used together";
return LDAP_PROTOCOL_ERROR;
}
#endif
if ( ctrl->ldctl_value.bv_len == 0 ) {
*text = "LCUP client update control value is empty (or absent)";
rs->sr_text = "LCUP client update control value is empty (or absent)";
return LDAP_PROTOCOL_ERROR;
}
@ -1059,12 +1048,12 @@ static int parseClientUpdate (
ber = ber_init( &ctrl->ldctl_value );
if( ber == NULL ) {
*text = "internal error";
rs->sr_text = "internal error";
return LDAP_OTHER;
}
if ( (tag = ber_scanf( ber, "{i" /*}*/, &type )) == LBER_ERROR ) {
*text = "LCUP client update control : decoding error";
rs->sr_text = "LCUP client update control : decoding error";
return LDAP_PROTOCOL_ERROR;
}
@ -1079,18 +1068,18 @@ static int parseClientUpdate (
type = SLAP_LCUP_PERSIST;
break;
default:
*text = "LCUP client update control : unknown update type";
rs->sr_text = "LCUP client update control : unknown update type";
return LDAP_PROTOCOL_ERROR;
}
if ( (tag = ber_peek_tag( ber, &len )) == LBER_DEFAULT ) {
*text = "LCUP client update control : decoding error";
rs->sr_text = "LCUP client update control : decoding error";
return LDAP_PROTOCOL_ERROR;
}
if ( tag == LDAP_CUP_TAG_INTERVAL ) {
if ( (tag = ber_scanf( ber, "i", &interval )) == LBER_ERROR ) {
*text = "LCUP client update control : decoding error";
rs->sr_text = "LCUP client update control : decoding error";
return LDAP_PROTOCOL_ERROR;
}
@ -1105,7 +1094,7 @@ static int parseClientUpdate (
}
if ( (tag = ber_peek_tag( ber, &len )) == LBER_DEFAULT ) {
*text = "LCUP client update control : decoding error";
rs->sr_text = "LCUP client update control : decoding error";
return LDAP_PROTOCOL_ERROR;
}
@ -1113,7 +1102,7 @@ static int parseClientUpdate (
if ( (tag = ber_scanf( ber, /*{*/ "{mm}}",
&scheme, &cookie )) == LBER_ERROR )
{
*text = "LCUP client update control : decoding error";
rs->sr_text = "LCUP client update control : decoding error";
return LDAP_PROTOCOL_ERROR;
}
}
@ -1121,12 +1110,12 @@ static int parseClientUpdate (
/* TODO : Cookie Scheme Validation */
#if 0
if ( lcup_cookie_scheme_validate(scheme) != LDAP_SUCCESS ) {
*text = "Unsupported LCUP cookie scheme";
rs->sr_text = "Unsupported LCUP cookie scheme";
return LCUP_UNSUPPORTED_SCHEME;
}
if ( lcup_cookie_validate(scheme, cookie) != LDAP_SUCCESS ) {
*text = "Invalid LCUP cookie";
rs->sr_text = "Invalid LCUP cookie";
return LCUP_INVALID_COOKIE;
}
#endif
@ -1148,10 +1137,9 @@ static int parseClientUpdate (
#ifdef LDAP_SYNC
static int parseLdupSync (
Connection *conn,
Operation *op,
LDAPControl *ctrl,
const char **text )
SlapReply *rs,
LDAPControl *ctrl )
{
ber_tag_t tag;
BerElement *ber;
@ -1160,19 +1148,19 @@ static int parseLdupSync (
struct berval cookie = { 0, NULL };
if ( op->o_sync != SLAP_NO_CONTROL ) {
*text = "LDAP Sync control specified multiple times";
rs->sr_text = "LDAP Sync control specified multiple times";
return LDAP_PROTOCOL_ERROR;
}
#ifdef LDAP_CLIENT_UPDATE
if ( op->o_clientupdate != SLAP_NO_CONTROL ) {
*text = "LDAP Sync and LDAP Client Update controls used together";
rs->sr_text = "LDAP Sync and LDAP Client Update controls used together";
return LDAP_PROTOCOL_ERROR;
}
#endif
if ( ctrl->ldctl_value.bv_len == 0 ) {
*text = "LDAP Sync control value is empty (or absent)";
rs->sr_text = "LDAP Sync control value is empty (or absent)";
return LDAP_PROTOCOL_ERROR;
}
@ -1190,12 +1178,12 @@ static int parseLdupSync (
ber = ber_init( &ctrl->ldctl_value );
if( ber == NULL ) {
*text = "internal error";
rs->sr_text = "internal error";
return LDAP_OTHER;
}
if ( (tag = ber_scanf( ber, "{i" /*}*/, &mode )) == LBER_ERROR ) {
*text = "LDAP Sync control : mode decoding error";
rs->sr_text = "LDAP Sync control : mode decoding error";
return LDAP_PROTOCOL_ERROR;
}
@ -1207,7 +1195,7 @@ static int parseLdupSync (
mode = SLAP_SYNC_REFRESH_AND_PERSIST;
break;
default:
*text = "LDAP Sync control : unknown update mode";
rs->sr_text = "LDAP Sync control : unknown update mode";
return LDAP_PROTOCOL_ERROR;
}
@ -1216,12 +1204,12 @@ static int parseLdupSync (
if ( tag == LDAP_SYNC_TAG_COOKIE ) {
if (( ber_scanf( ber, /*{*/ "m}",
&cookie )) == LBER_ERROR ) {
*text = "LDAP Sync control : cookie decoding error";
rs->sr_text = "LDAP Sync control : cookie decoding error";
return LDAP_PROTOCOL_ERROR;
}
} else {
if (( ber_scanf( ber, /*{*/ "}")) == LBER_ERROR ) {
*text = "LDAP Sync control : decoding error";
rs->sr_text = "LDAP Sync control : decoding error";
return LDAP_PROTOCOL_ERROR;
}
cookie.bv_len = 0;
@ -1231,12 +1219,12 @@ static int parseLdupSync (
/* TODO : Cookie Scheme Validation */
#if 0
if ( lcup_cookie_scheme_validate(scheme) != LDAP_SUCCESS ) {
*text = "Unsupported LCUP cookie scheme";
rs->sr_text = "Unsupported LCUP cookie scheme";
return LCUP_UNSUPPORTED_SCHEME;
}
if ( lcup_cookie_validate(scheme, cookie) != LDAP_SUCCESS ) {
*text = "Invalid LCUP cookie";
rs->sr_text = "Invalid LCUP cookie";
return LCUP_INVALID_COOKIE;
}
#endif

121
servers/slapd/delete.c
View file

@ -31,16 +31,11 @@
int
do_delete(
Connection *conn,
Operation *op
Operation *op,
SlapReply *rs
)
{
struct berval dn = { 0, NULL };
struct berval pdn = { 0, NULL };
struct berval ndn = { 0, NULL };
const char *text;
Backend *be;
int rc;
int manageDSAit;
#ifdef LDAP_SLAPI
@ -49,7 +44,7 @@ do_delete(
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ENTRY,
"do_delete: conn %d\n", conn->c_connid, 0, 0 );
"do_delete: conn %d\n", op->o_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE, "do_delete\n", 0, 0, 0 );
#endif
@ -63,68 +58,66 @@ do_delete(
if ( ber_scanf( op->o_ber, "m", &dn ) == LBER_ERROR ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ERR,
"do_delete: conn: %d ber_scanf failed\n", conn->c_connid, 0, 0 );
"do_delete: conn: %d ber_scanf failed\n", op->o_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
#endif
send_ldap_disconnect( conn, op,
LDAP_PROTOCOL_ERROR, "decoding error" );
send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
return SLAPD_DISCONNECT;
}
if( ( rc = get_ctrls( conn, op, 1 ) ) != LDAP_SUCCESS ) {
if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ERR,
"do_delete: conn %d get_ctrls failed\n", conn->c_connid, 0, 0 );
"do_delete: conn %d get_ctrls failed\n", op->o_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY, "do_delete: get_ctrls failed\n", 0, 0, 0 );
#endif
goto cleanup;
}
rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn );
if( rc != LDAP_SUCCESS ) {
rs->sr_err = dnPrettyNormal( NULL, &dn, &op->o_req_dn, &op->o_req_ndn );
if( rs->sr_err != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
"do_delete: conn %d invalid dn (%s)\n",
conn->c_connid, dn.bv_val, 0 );
op->o_connid, dn.bv_val, 0 );
#else
Debug( LDAP_DEBUG_ANY,
"do_delete: invalid dn (%s)\n", dn.bv_val, 0, 0 );
#endif
send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
"invalid DN", NULL, NULL );
send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid DN" );
goto cleanup;
}
if( ndn.bv_len == 0 ) {
if( op->o_req_ndn.bv_len == 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
"do_delete: conn %d: Attempt to delete root DSE.\n",
conn->c_connid, 0, 0 );
op->o_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY, "do_delete: root dse!\n", 0, 0, 0 );
#endif
/* protocolError would likely be a more appropriate error */
send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
NULL, "cannot delete the root DSE", NULL, NULL );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"cannot delete the root DSE" );
goto cleanup;
} else if ( bvmatch( &ndn, &global_schemandn ) ) {
} else if ( bvmatch( &op->o_req_ndn, &global_schemandn ) ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO, "do_delete: conn %d: "
"Attempt to delete subschema subentry.\n", conn->c_connid, 0, 0 );
"Attempt to delete subschema subentry.\n", op->o_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY, "do_delete: subschema subentry!\n", 0, 0, 0 );
#endif
/* protocolError would likely be a more appropriate error */
send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
NULL, "cannot delete the root DSE", NULL, NULL );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"cannot delete the root DSE" );
goto cleanup;
}
Statslog( LDAP_DEBUG_STATS, "conn=%lu op=%lu DEL dn=\"%s\"\n",
op->o_connid, op->o_opid, pdn.bv_val, 0, 0 );
op->o_connid, op->o_opid, op->o_req_dn.bv_val, 0, 0 );
manageDSAit = get_manageDSAit( op );
@ -133,40 +126,39 @@ do_delete(
* appropriate one, or send a referral to our "referral server"
* if we don't hold it.
*/
if ( (be = select_backend( &ndn, manageDSAit, 0 )) == NULL ) {
BerVarray ref = referral_rewrite( default_referral,
NULL, &pdn, LDAP_SCOPE_DEFAULT );
if ( (op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 0 )) == NULL ) {
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
send_ldap_result( conn, op, rc = LDAP_REFERRAL,
NULL, NULL, ref ? ref : default_referral, NULL );
if (!rs->sr_ref) rs->sr_ref = default_referral;
rs->sr_err = LDAP_REFERRAL;
ber_bvarray_free( ref );
send_ldap_result( op, rs );
if (rs->sr_ref!= default_referral) ber_bvarray_free( rs->sr_ref );
goto cleanup;
}
/* check restrictions */
rc = backend_check_restrictions( be, conn, op, NULL, &text ) ;
if( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
/* check for referrals */
rc = backend_check_referrals( be, conn, op, &pdn, &ndn );
if ( rc != LDAP_SUCCESS ) {
if( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) {
goto cleanup;
}
#if defined( LDAP_SLAPI )
slapi_x_backend_set_pb( pb, be );
slapi_x_connection_set_pb( pb, conn );
slapi_x_backend_set_pb( pb, op->o_bd );
slapi_x_connection_set_pb( pb, op->o_conn );
slapi_x_operation_set_pb( pb, op );
slapi_pblock_set( pb, SLAPI_DELETE_TARGET, (void *)dn.bv_val );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit );
rc = doPluginFNs( be, SLAPI_PLUGIN_PRE_DELETE_FN, pb );
if ( rc != 0 ) {
rs->sr_err = doPluginFNs( op->o_bd, SLAPI_PLUGIN_PRE_DELETE_FN, pb );
if ( rs->sr_err != 0 ) {
/*
* A preoperation plugin failure will abort the
* entire operation.
@ -178,8 +170,8 @@ do_delete(
Debug (LDAP_DEBUG_TRACE, "do_delete: delete preoperation plugin failed.\n",
0, 0, 0);
#endif
if ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void *)&rc ) != 0 )
rc = LDAP_OTHER;
if ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void *)&rs->sr_err ) != 0 )
rs->sr_err = LDAP_OTHER;
goto cleanup;
}
#endif /* defined( LDAP_SLAPI ) */
@ -190,42 +182,43 @@ do_delete(
* 2) this backend is master for what it holds;
* 3) it's a replica and the dn supplied is the update_ndn.
*/
if ( be->be_delete ) {
if ( op->o_bd->be_delete ) {
/* do the update here */
int repl_user = be_isupdate( be, &op->o_ndn );
int repl_user = be_isupdate( op->o_bd, &op->o_ndn );
#ifndef SLAPD_MULTIMASTER
if ( !be->be_update_ndn.bv_len || repl_user )
if ( !op->o_bd->be_update_ndn.bv_len || repl_user )
#endif
{
if ( (*be->be_delete)( be, conn, op, &pdn, &ndn ) == 0 ) {
if ( (op->o_bd->be_delete)( op, rs ) == 0 ) {
#ifdef SLAPD_MULTIMASTER
if ( !be->be_update_ndn.bv_len || !repl_user )
if ( !op->o_bd->be_update_ndn.bv_len || !repl_user )
#endif
{
replog( be, op, &pdn, &ndn, NULL );
replog( op );
}
}
#ifndef SLAPD_MULTIMASTER
} else {
BerVarray defref = be->be_update_refs
? be->be_update_refs : default_referral;
BerVarray ref = referral_rewrite( default_referral,
NULL, &pdn, LDAP_SCOPE_DEFAULT );
BerVarray defref = op->o_bd->be_update_refs
? op->o_bd->be_update_refs : default_referral;
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
send_ldap_result( conn, op, rc = LDAP_REFERRAL, NULL, NULL,
ref ? ref : defref, NULL );
if (!rs->sr_ref) rs->sr_ref = defref;
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
ber_bvarray_free( ref );
if (rs->sr_ref != defref) ber_bvarray_free( rs->sr_ref );
#endif
}
} else {
send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
NULL, "operation not supported within namingContext", NULL, NULL );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported within namingContext" );
}
#if defined( LDAP_SLAPI )
if ( doPluginFNs( be, SLAPI_PLUGIN_POST_DELETE_FN, pb ) != 0) {
if ( doPluginFNs( op->o_bd, SLAPI_PLUGIN_POST_DELETE_FN, pb ) != 0) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO, "do_delete: delete postoperation plugins "
"failed\n", 0, 0, 0 );
@ -237,7 +230,7 @@ do_delete(
#endif /* defined( LDAP_SLAPI ) */
cleanup:
free( pdn.bv_val );
free( ndn.bv_val );
return rc;
free( op->o_req_dn.bv_val );
free( op->o_req_ndn.bv_val );
return rs->sr_err;
}

183
servers/slapd/extended.c
View file

@ -99,32 +99,24 @@ get_supported_extop (int index)
int
do_extended(
Connection *conn,
Operation *op
Operation *op,
SlapReply *rs
)
{
int rc = LDAP_SUCCESS;
struct berval reqoid = {0, NULL};
struct berval reqdata = {0, NULL};
ber_tag_t tag;
ber_len_t len;
struct extop_list *ext = NULL;
const char *text;
BerVarray refs;
char *rspoid;
struct berval *rspdata;
LDAPControl **rspctrls;
#if defined(LDAP_SLAPI)
Slapi_PBlock *pb = op->o_pb;
SLAPI_FUNC funcAddr = NULL;
int extop_rc;
int msg_sent = FALSE;
char *result_msg = "";
#endif /* defined(LDAP_SLAPI) */
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ENTRY, "do_extended: conn %d\n", conn->c_connid, 0, 0 );
LDAP_LOG( OPERATION, ENTRY, "do_extended: conn %d\n", op->o_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE, "do_extended\n", 0, 0, 0 );
#endif
@ -138,47 +130,43 @@ do_extended(
"do_extended: protocol version (%d) too low\n",
op->o_protocol, 0 ,0 );
#endif
send_ldap_disconnect( conn, op,
LDAP_PROTOCOL_ERROR, "requires LDAPv3" );
rc = -1;
send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "requires LDAPv3" );
rs->sr_err = -1;
goto done;
}
if ( ber_scanf( op->o_ber, "{m" /*}*/, &reqoid ) == LBER_ERROR ) {
if ( ber_scanf( op->o_ber, "{m" /*}*/, &op->oq_extended.rs_reqoid ) == LBER_ERROR ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ERR, "do_extended: conn %d ber_scanf failed\n",
conn->c_connid, 0, 0 );
op->o_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY, "do_extended: ber_scanf failed\n", 0, 0 ,0 );
#endif
send_ldap_disconnect( conn, op,
LDAP_PROTOCOL_ERROR, "decoding error" );
rc = -1;
send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
rs->sr_err = -1;
goto done;
}
#ifdef LDAP_SLAPI
getPluginFunc( &reqoid, &funcAddr ); /* NS-SLAPI extended operation */
if( !funcAddr && !(ext = find_extop(supp_ext_list, &reqoid )))
getPluginFunc( &op->oq_extended.rs_reqoid, &funcAddr ); /* NS-SLAPI extended operation */
if( !funcAddr && !(ext = find_extop(supp_ext_list, &op->oq_extended.rs_reqoid )))
#else
if( !(ext = find_extop(supp_ext_list, &reqoid )))
if( !(ext = find_extop(supp_ext_list, &op->oq_extended.rs_reqoid )))
#endif
{
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ERR,
"do_extended: conn %d unsupported operation \"%s\"\n",
conn->c_connid, reqoid.bv_val, 0 );
op->o_connid, op->oq_extended.rs_reqoid.bv_val, 0 );
#else
Debug( LDAP_DEBUG_ANY, "do_extended: unsupported operation \"%s\"\n",
reqoid.bv_val, 0 ,0 );
op->oq_extended.rs_reqoid.bv_val, 0 ,0 );
#endif
send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
NULL, "unsupported extended operation", NULL, NULL );
send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR,
"unsupported extended operation" );
goto done;
}
op->o_extendedop = reqoid.bv_val;
tag = ber_peek_tag( op->o_ber, &len );
if( ber_peek_tag( op->o_ber, &len ) == LDAP_TAG_EXOP_REQ_VALUE ) {
@ -186,104 +174,94 @@ do_extended(
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ERR,
"do_extended: conn %d ber_scanf failed\n",
conn->c_connid, 0, 0 );
op->o_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY, "do_extended: ber_scanf failed\n", 0, 0 ,0 );
#endif
send_ldap_disconnect( conn, op,
LDAP_PROTOCOL_ERROR, "decoding error" );
rc = -1;
send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
rs->sr_err = -1;
goto done;
}
}
if( (rc = get_ctrls( conn, op, 1 )) != LDAP_SUCCESS ) {
if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ERR,
"do_extended: conn %d get_ctrls failed\n", conn->c_connid, 0, 0 );
"do_extended: conn %d get_ctrls failed\n", op->o_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY, "do_extended: get_ctrls failed\n", 0, 0 ,0 );
#endif
return rc;
return rs->sr_err;
}
/* check for controls inappropriate for all extended operations */
if( get_manageDSAit( op ) == SLAP_CRITICAL_CONTROL ) {
send_ldap_result( conn, op,
rc = LDAP_UNAVAILABLE_CRITICAL_EXTENSION,
NULL, "manageDSAit control inappropriate",
NULL, NULL );
send_ldap_error( op, rs,
LDAP_UNAVAILABLE_CRITICAL_EXTENSION,
"manageDSAit control inappropriate" );
goto done;
}
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, DETAIL1,
"do_extended: conn %d oid=%d\n.", conn->c_connid, reqoid.bv_val, 0 );
"do_extended: conn %d oid=%s\n.", op->o_connid, op->oq_extended.rs_reqoid.bv_val, 0 );
#else
Debug( LDAP_DEBUG_ARGS, "do_extended: oid=%s\n", reqoid.bv_val, 0 ,0 );
Debug( LDAP_DEBUG_ARGS, "do_extended: oid=%s\n", op->oq_extended.rs_reqoid.bv_val, 0 ,0 );
#endif
rspoid = NULL;
rspdata = NULL;
rspctrls = NULL;
text = NULL;
refs = NULL;
#if defined(LDAP_SLAPI)
if (ext != NULL) { /* OpenLDAP extended operation */
#endif /* defined(LDAP_SLAPI) */
rc = (ext->ext_main)( conn, op,
&reqoid, reqdata.bv_val ? &reqdata : NULL,
&rspoid, &rspdata, &rspctrls, &text, &refs );
if (reqdata.bv_val) op->oq_extended.rs_reqdata = &reqdata;
rs->sr_err = (ext->ext_main)( op, rs );
if( rc != SLAPD_ABANDON ) {
if ( rc == LDAP_REFERRAL && refs == NULL ) {
refs = referral_rewrite( default_referral,
if( rs->sr_err != SLAPD_ABANDON ) {
if ( rs->sr_err == LDAP_REFERRAL && rs->sr_ref == NULL ) {
rs->sr_ref = referral_rewrite( default_referral,
NULL, NULL, LDAP_SCOPE_DEFAULT );
}
send_ldap_extended( conn, op, rc, NULL, text, refs,
rspoid, rspdata, rspctrls );
send_ldap_extended( op, rs );
ber_bvarray_free( refs );
ber_bvarray_free( rs->sr_ref );
}
if ( rspoid != NULL ) {
free( rspoid );
if ( rs->sr_rspoid != NULL ) {
free( (char *)rs->sr_rspoid );
}
if ( rspdata != NULL ) {
ber_bvfree( rspdata );
if ( rs->sr_rspdata != NULL ) {
ber_bvfree( rs->sr_rspdata );
}
#if defined( LDAP_SLAPI )
goto done; /* end of OpenLDAP extended operation */
} else { /* start of Netscape extended operation */
rc = slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_OID,
(void *)reqoid.bv_val);
if ( rc != LDAP_SUCCESS ) {
rc = LDAP_OTHER;
rs->sr_err = slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_OID,
(void *)op->oq_extended.rs_reqoid.bv_val);
if ( rs->sr_err != LDAP_SUCCESS ) {
rs->sr_err = LDAP_OTHER;
goto done;
}
rc = slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_VALUE,
rs->sr_err = slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_VALUE,
(void *)&reqdata);
if ( rc != LDAP_SUCCESS ) {
rc = LDAP_OTHER;
if ( rs->sr_err != LDAP_SUCCESS ) {
rs->sr_err = LDAP_OTHER;
goto done;
}
rc = slapi_x_connection_set_pb( pb, conn );
if ( rc != LDAP_SUCCESS ) {
rc = LDAP_OTHER;
rs->sr_err = slapi_x_connection_set_pb( pb, op->o_conn );
if ( rs->sr_err != LDAP_SUCCESS ) {
rs->sr_err = LDAP_OTHER;
goto done;
}
rc = slapi_x_operation_set_pb( pb, op );
if ( rc != LDAP_SUCCESS ) {
rc = LDAP_OTHER;
rs->sr_err = slapi_x_operation_set_pb( pb, op );
if ( rs->sr_err != LDAP_SUCCESS ) {
rs->sr_err = LDAP_OTHER;
goto done;
}
@ -292,46 +270,45 @@ do_extended(
msg_sent = TRUE;
} else if ( extop_rc == SLAPI_PLUGIN_EXTENDED_NOT_HANDLED ) {
rc = LDAP_PROTOCOL_ERROR;
result_msg = UNSUPPORTED_EXTENDEDOP;
rs->sr_err = LDAP_PROTOCOL_ERROR;
rs->sr_text = UNSUPPORTED_EXTENDEDOP;
} else {
rc = slapi_pblock_get( pb, SLAPI_EXT_OP_RET_OID,
&rspoid);
if ( rc != LDAP_SUCCESS ) {
rs->sr_err = slapi_pblock_get( pb, SLAPI_EXT_OP_RET_OID,
&rs->sr_resoid);
if ( rs->sr_err != LDAP_SUCCESS ) {
goto done2;
}
rc = slapi_pblock_get( pb, SLAPI_EXT_OP_RET_VALUE,
&rspdata);
if ( rc != LDAP_SUCCESS ) {
rs->sr_err = slapi_pblock_get( pb, SLAPI_EXT_OP_RET_VALUE,
&rs->sr_resdata);
if ( rs->sr_err != LDAP_SUCCESS ) {
goto done2;
}
send_ldap_extended( conn, op, extop_rc, NULL, text,
refs, rspoid, rspdata, rspctrls );
rs->sr_err = extop_rc;
send_ldap_extended( op, rs );
msg_sent = TRUE;
}
done2:;
if ( rc != LDAP_SUCCESS && msg_sent == FALSE ) {
send_ldap_result( conn, op, rc, NULL, result_msg,
NULL, NULL );
if ( rs->sr_err != LDAP_SUCCESS && msg_sent == FALSE ) {
send_ldap_result( op, rs );
}
if ( rspoid != NULL ) {
free( rspoid );
if ( op->oq_extended.rs_resoid != NULL ) {
free( op->oq_extended.rs_resoid );
}
if ( rspdata != NULL ) {
ber_bvfree( rspdata );
if ( op->oq_extended.rs_resdata != NULL ) {
ber_bvfree( op->oq_extended.rs_resdata );
}
} /* end of Netscape extended operation */
#endif /* defined( LDAP_SLAPI ) */
done:
return rc;
return rs->sr_err;
}
int
@ -401,29 +378,21 @@ find_extop( struct extop_list *list, struct berval *oid )
static int
whoami_extop (
Connection *conn,
Operation *op,
struct berval * reqoid,
struct berval * reqdata,
char ** rspoid,
struct berval ** rspdata,
LDAPControl ***rspctrls,
const char ** text,
BerVarray * refs )
SlapReply *rs )
{
struct berval *bv;
if ( reqdata != NULL ) {
if ( op->oq_extended.rs_reqdata != NULL ) {
/* no request data should be provided */
*text = "no request data expected";
rs->sr_text = "no request data expected";
return LDAP_PROTOCOL_ERROR;
}
{
int rc = backend_check_restrictions( conn->c_authz_backend,
conn, op, (struct berval *)&slap_EXOP_WHOAMI, text );
if( rc != LDAP_SUCCESS ) return rc;
op->o_bd = op->o_conn->c_authz_backend;
if( backend_check_restrictions( op, rs,
(struct berval *)&slap_EXOP_WHOAMI ) != LDAP_SUCCESS ) {
return rs->sr_err;
}
bv = (struct berval *) ch_malloc( sizeof(struct berval) );
@ -440,6 +409,6 @@ whoami_extop (
bv->bv_val = NULL;
}
*rspdata = bv;
rs->sr_rspdata = bv;
return LDAP_SUCCESS;
}

1
servers/slapd/filter.c
View file

@ -183,6 +183,7 @@ get_filter(
f.f_choice = SLAPD_FILTER_COMPUTED;
f.f_result = LDAP_COMPARE_FALSE;
err = LDAP_SUCCESS;
*text = NULL;
break;
}

110
servers/slapd/filterentry.c
View file

@ -15,24 +15,12 @@
#include "slap.h"
static int test_filter_and( Backend *be,
Connection *conn, Operation *op,
Entry *e, Filter *flist );
static int test_filter_or( Backend *be,
Connection *conn, Operation *op,
Entry *e, Filter *flist );
static int test_substrings_filter( Backend *be,
Connection *conn, Operation *op,
Entry *e, Filter *f);
static int test_ava_filter( Backend *be,
Connection *conn, Operation *op,
Entry *e, AttributeAssertion *ava, int type );
static int test_mra_filter( Backend *be,
Connection *conn, Operation *op,
Entry *e, MatchingRuleAssertion *mra );
static int test_presence_filter( Backend *be,
Connection *conn, Operation *op,
Entry *e, AttributeDescription *desc );
static int test_filter_and( Operation *op, Entry *e, Filter *flist );
static int test_filter_or( Operation *op, Entry *e, Filter *flist );
static int test_substrings_filter( Operation *op, Entry *e, Filter *f);
static int test_ava_filter( Operation *op, Entry *e, AttributeAssertion *ava, int type );
static int test_mra_filter( Operation *op, Entry *e, MatchingRuleAssertion *mra );
static int test_presence_filter( Operation *op, Entry *e, AttributeDescription *desc );
/*
@ -46,22 +34,18 @@ static int test_presence_filter( Backend *be,
int
test_filter(
Backend *be,
Connection *conn,
Operation *op,
Entry *e,
Filter *f
)
{
int rc;
#ifdef NEW_LOGGING
LDAP_LOG( FILTER, ENTRY, "test_filter: begin\n", 0, 0, 0 );
#else
Debug( LDAP_DEBUG_FILTER, "=> test_filter\n", 0, 0, 0 );
#endif
switch ( f->f_choice ) {
case SLAPD_FILTER_COMPUTED:
#ifdef NEW_LOGGING
@ -89,7 +73,7 @@ test_filter(
Debug( LDAP_DEBUG_FILTER, " EQUALITY\n", 0, 0, 0 );
#endif
rc = test_ava_filter( be, conn, op, e, f->f_ava,
rc = test_ava_filter( op, e, f->f_ava,
LDAP_FILTER_EQUALITY );
break;
@ -100,16 +84,16 @@ test_filter(
Debug( LDAP_DEBUG_FILTER, " SUBSTRINGS\n", 0, 0, 0 );
#endif
rc = test_substrings_filter( be, conn, op, e, f );
rc = test_substrings_filter( op, e, f );
break;
case LDAP_FILTER_GE:
rc = test_ava_filter( be, conn, op, e, f->f_ava,
rc = test_ava_filter( op, e, f->f_ava,
LDAP_FILTER_GE );
break;
case LDAP_FILTER_LE:
rc = test_ava_filter( be, conn, op, e, f->f_ava,
rc = test_ava_filter( op, e, f->f_ava,
LDAP_FILTER_LE );
break;
@ -120,7 +104,7 @@ test_filter(
Debug( LDAP_DEBUG_FILTER, " PRESENT\n", 0, 0, 0 );
#endif
rc = test_presence_filter( be, conn, op, e, f->f_desc );
rc = test_presence_filter( op, e, f->f_desc );
break;
case LDAP_FILTER_APPROX:
@ -129,7 +113,7 @@ test_filter(
#else
Debug( LDAP_DEBUG_FILTER, " APPROX\n", 0, 0, 0 );
#endif
rc = test_ava_filter( be, conn, op, e, f->f_ava,
rc = test_ava_filter( op, e, f->f_ava,
LDAP_FILTER_APPROX );
break;
@ -140,7 +124,7 @@ test_filter(
Debug( LDAP_DEBUG_FILTER, " AND\n", 0, 0, 0 );
#endif
rc = test_filter_and( be, conn, op, e, f->f_and );
rc = test_filter_and( op, e, f->f_and );
break;
case LDAP_FILTER_OR:
@ -150,7 +134,7 @@ test_filter(
Debug( LDAP_DEBUG_FILTER, " OR\n", 0, 0, 0 );
#endif
rc = test_filter_or( be, conn, op, e, f->f_or );
rc = test_filter_or( op, e, f->f_or );
break;
case LDAP_FILTER_NOT:
@ -160,7 +144,7 @@ test_filter(
Debug( LDAP_DEBUG_FILTER, " NOT\n", 0, 0, 0 );
#endif
rc = test_filter( be, conn, op, e, f->f_not );
rc = test_filter( op, e, f->f_not );
/* Flip true to false and false to true
* but leave Undefined alone.
@ -182,7 +166,7 @@ test_filter(
Debug( LDAP_DEBUG_FILTER, " EXT\n", 0, 0, 0 );
#endif
rc = test_mra_filter( be, conn, op, e, f->f_mra );
rc = test_mra_filter( op, e, f->f_mra );
break;
default:
@ -207,8 +191,6 @@ test_filter(
}
static int test_mra_filter(
Backend *be,
Connection *conn,
Operation *op,
Entry *e,
MatchingRuleAssertion *mra )
@ -221,7 +203,7 @@ static int test_mra_filter(
* one attribute, and SEARCH permissions can be checked
* directly.
*/
if( !access_allowed( be, conn, op, e,
if( !access_allowed( op, e,
mra->ma_desc, &mra->ma_value, ACL_SEARCH, NULL ) )
{
return LDAP_INSUFFICIENT_ACCESS;
@ -289,7 +271,7 @@ static int test_mra_filter(
}
/* check search access */
if ( !access_allowed( be, conn, op, e,
if ( !access_allowed( op, e,
a->a_desc, &value, ACL_SEARCH, NULL ) ) {
continue;
}
@ -376,7 +358,7 @@ static int test_mra_filter(
}
/* check search access */
if ( !access_allowed( be, conn, op, e,
if ( !access_allowed( op, e,
ad, &value, ACL_SEARCH, NULL ) ) {
continue;
}
@ -404,17 +386,15 @@ static int test_mra_filter(
static int
test_ava_filter(
Backend *be,
Connection *conn,
Operation *op,
Entry *e,
Operation *op,
Entry *e,
AttributeAssertion *ava,
int type
int type
)
{
Attribute *a;
if ( !access_allowed( be, conn, op, e,
if ( !access_allowed( op, e,
ava->aa_desc, &ava->aa_value, ACL_SEARCH, NULL ) )
{
return LDAP_INSUFFICIENT_ACCESS;
@ -492,7 +472,7 @@ test_ava_filter(
}
if ( ava->aa_desc == slap_schema.si_ad_hasSubordinates
&& be && be->be_has_subordinates ) {
&& op->o_bd && op->o_bd->be_has_subordinates ) {
int hasSubordinates;
struct berval hs;
@ -501,7 +481,7 @@ test_ava_filter(
*/
assert( type == LDAP_FILTER_EQUALITY );
if ( (*be->be_has_subordinates)( be, conn, op, e, &hasSubordinates ) ) {
if (op->o_bd->be_has_subordinates( op, e, &hasSubordinates ) != LDAP_SUCCESS) {
return LDAP_OTHER;
}
@ -530,16 +510,14 @@ test_ava_filter(
static int
test_presence_filter(
Backend *be,
Connection *conn,
Operation *op,
Entry *e,
Operation *op,
Entry *e,
AttributeDescription *desc
)
{
Attribute *a;
if ( !access_allowed( be, conn, op, e, desc, NULL, ACL_SEARCH, NULL ) )
if ( !access_allowed( op, e, desc, NULL, ACL_SEARCH, NULL ) )
{
return LDAP_INSUFFICIENT_ACCESS;
}
@ -554,7 +532,7 @@ test_presence_filter(
* is boolean-valued; I think we may live with this
* simplification by now
*/
if ( be && be->be_has_subordinates ) {
if ( op->o_bd && op->o_bd->be_has_subordinates ) {
return LDAP_COMPARE_TRUE;
}
@ -567,11 +545,9 @@ test_presence_filter(
static int
test_filter_and(
Backend *be,
Connection *conn,
Operation *op,
Entry *e,
Filter *flist
Operation *op,
Entry *e,
Filter *flist
)
{
Filter *f;
@ -585,7 +561,7 @@ test_filter_and(
for ( f = flist; f != NULL; f = f->f_next ) {
int rc = test_filter( be, conn, op, e, f );
int rc = test_filter( op, e, f );
if ( rc == LDAP_COMPARE_FALSE ) {
/* filter is False */
@ -610,11 +586,9 @@ test_filter_and(
static int
test_filter_or(
Backend *be,
Connection *conn,
Operation *op,
Entry *e,
Filter *flist
Operation *op,
Entry *e,
Filter *flist
)
{
Filter *f;
@ -628,7 +602,7 @@ test_filter_or(
for ( f = flist; f != NULL; f = f->f_next ) {
int rc = test_filter( be, conn, op, e, f );
int rc = test_filter( op, e, f );
if ( rc == LDAP_COMPARE_TRUE ) {
/* filter is True */
@ -654,11 +628,9 @@ test_filter_or(
static int
test_substrings_filter(
Backend *be,
Connection *conn,
Operation *op,
Entry *e,
Filter *f
Operation *op,
Entry *e,
Filter *f
)
{
Attribute *a;
@ -670,7 +642,7 @@ test_substrings_filter(
#endif
if ( !access_allowed( be, conn, op, e,
if ( !access_allowed( op, e,
f->f_sub_desc, NULL, ACL_SEARCH, NULL ) )
{
return LDAP_INSUFFICIENT_ACCESS;

30
servers/slapd/matchedValues.c
View file

@ -21,8 +21,6 @@
static int
test_mra_vrFilter(
Backend *be,
Connection *conn,
Operation *op,
Attribute *a,
MatchingRuleAssertion *mra,
@ -31,8 +29,6 @@ test_mra_vrFilter(
static int
test_substrings_vrFilter(
Backend *be,
Connection *conn,
Operation *op,
Attribute *a,
ValuesReturnFilter *f,
@ -41,8 +37,6 @@ test_substrings_vrFilter(
static int
test_presence_vrFilter(
Backend *be,
Connection *conn,
Operation *op,
Attribute *a,
AttributeDescription *desc,
@ -51,8 +45,6 @@ test_presence_vrFilter(
static int
test_ava_vrFilter(
Backend *be,
Connection *conn,
Operation *op,
Attribute *a,
AttributeAssertion *ava,
@ -63,8 +55,6 @@ test_ava_vrFilter(
int
filter_matched_values(
Backend *be,
Connection *conn,
Operation *op,
Attribute *a,
char ***e_flags
@ -106,7 +96,7 @@ filter_matched_values(
#else
Debug( LDAP_DEBUG_FILTER, " EQUALITY\n", 0, 0, 0 );
#endif
rc = test_ava_vrFilter( be, conn, op, a, vrf->vrf_ava,
rc = test_ava_vrFilter( op, a, vrf->vrf_ava,
LDAP_FILTER_EQUALITY, e_flags );
if( rc == -1 ) {
return rc;
@ -120,7 +110,7 @@ filter_matched_values(
Debug( LDAP_DEBUG_FILTER, " SUBSTRINGS\n", 0, 0, 0 );
#endif
rc = test_substrings_vrFilter( be, conn, op, a,
rc = test_substrings_vrFilter( op, a,
vrf, e_flags );
if( rc == -1 ) {
return rc;
@ -133,7 +123,7 @@ filter_matched_values(
#else
Debug( LDAP_DEBUG_FILTER, " PRESENT\n", 0, 0, 0 );
#endif
rc = test_presence_vrFilter( be, conn, op, a,
rc = test_presence_vrFilter( op, a,
vrf->vrf_desc, e_flags );
if( rc == -1 ) {
return rc;
@ -141,7 +131,7 @@ filter_matched_values(
break;
case LDAP_FILTER_GE:
rc = test_ava_vrFilter( be, conn, op, a, vrf->vrf_ava,
rc = test_ava_vrFilter( op, a, vrf->vrf_ava,
LDAP_FILTER_GE, e_flags );
if( rc == -1 ) {
return rc;
@ -149,7 +139,7 @@ filter_matched_values(
break;
case LDAP_FILTER_LE:
rc = test_ava_vrFilter( be, conn, op, a, vrf->vrf_ava,
rc = test_ava_vrFilter( op, a, vrf->vrf_ava,
LDAP_FILTER_LE, e_flags );
if( rc == -1 ) {
return rc;
@ -162,7 +152,7 @@ filter_matched_values(
#else
Debug( LDAP_DEBUG_FILTER, " EXT\n", 0, 0, 0 );
#endif
rc = test_mra_vrFilter( be, conn, op, a,
rc = test_mra_vrFilter( op, a,
vrf->vrf_mra, e_flags );
if( rc == -1 ) {
return rc;
@ -191,8 +181,6 @@ filter_matched_values(
static int
test_ava_vrFilter(
Backend *be,
Connection *conn,
Operation *op,
Attribute *a,
AttributeAssertion *ava,
@ -278,8 +266,6 @@ test_ava_vrFilter(
static int
test_presence_vrFilter(
Backend *be,
Connection *conn,
Operation *op,
Attribute *a,
AttributeDescription *desc,
@ -304,8 +290,6 @@ test_presence_vrFilter(
static int
test_substrings_vrFilter(
Backend *be,
Connection *conn,
Operation *op,
Attribute *a,
ValuesReturnFilter *vrf,
@ -354,8 +338,6 @@ test_substrings_vrFilter(
static int
test_mra_vrFilter(
Backend *be,
Connection *conn,
Operation *op,
Attribute *a,
MatchingRuleAssertion *mra,

149
servers/slapd/modify.c
View file

@ -33,12 +33,10 @@
int
do_modify(
Connection *conn,
Operation *op )
Operation *op,
SlapReply *rs )
{
struct berval dn = { 0, NULL };
struct berval pdn = { 0, NULL };
struct berval ndn = { 0, NULL };
char *last;
ber_tag_t tag;
ber_len_t len;
@ -51,9 +49,6 @@ do_modify(
LDAPMod **modv = NULL;
Slapi_PBlock *pb = op->o_pb;
#endif
Backend *be;
int rc;
const char *text;
int manageDSAit;
#ifdef NEW_LOGGING
@ -88,8 +83,7 @@ do_modify(
Debug( LDAP_DEBUG_ANY, "do_modify: ber_scanf failed\n", 0, 0, 0 );
#endif
send_ldap_disconnect( conn, op,
LDAP_PROTOCOL_ERROR, "decoding error" );
send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
return SLAPD_DISCONNECT;
}
@ -117,9 +111,8 @@ do_modify(
&tmp.sml_type, &tmp.sml_values )
== LBER_ERROR )
{
send_ldap_disconnect( conn, op,
LDAP_PROTOCOL_ERROR, "decoding modlist error" );
rc = SLAPD_DISCONNECT;
send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding modlist error" );
rs->sr_err = SLAPD_DISCONNECT;
goto cleanup;
}
@ -147,10 +140,8 @@ do_modify(
(long) mop, 0, 0 );
#endif
send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR,
NULL, "modify/add operation requires values",
NULL, NULL );
rc = LDAP_PROTOCOL_ERROR;
send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR,
"modify/add operation requires values" );
goto cleanup;
}
@ -170,9 +161,8 @@ do_modify(
(long) mop, 0, 0 );
#endif
send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR,
NULL, "unrecognized modify operation", NULL, NULL );
rc = LDAP_PROTOCOL_ERROR;
send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR,
"unrecognized modify operation" );
goto cleanup;
}
}
@ -181,7 +171,7 @@ do_modify(
}
*modtail = NULL;
if( (rc = get_ctrls( conn, op, 1 )) != LDAP_SUCCESS ) {
if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ERR, "do_modify: get_ctrls failed\n", 0, 0, 0 );
#else
@ -191,21 +181,20 @@ do_modify(
goto cleanup;
}
rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn );
if( rc != LDAP_SUCCESS ) {
rs->sr_err = dnPrettyNormal( NULL, &dn, &op->o_req_dn, &op->o_req_ndn );
if( rs->sr_err != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO, "do_modify: conn %d invalid dn (%s)\n",
conn->c_connid, dn.bv_val, 0 );
op->o_connid, dn.bv_val, 0 );
#else
Debug( LDAP_DEBUG_ANY,
"do_modify: invalid dn (%s)\n", dn.bv_val, 0, 0 );
#endif
send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
"invalid DN", NULL, NULL );
send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid DN" );
goto cleanup;
}
if( ndn.bv_len == 0 ) {
if( op->o_req_ndn.bv_len == 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ERR,
"do_modify: attempt to modify root DSE.\n",0, 0, 0 );
@ -213,11 +202,11 @@ do_modify(
Debug( LDAP_DEBUG_ANY, "do_modify: root dse!\n", 0, 0, 0 );
#endif
send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
NULL, "modify upon the root DSE not supported", NULL, NULL );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"modify upon the root DSE not supported" );
goto cleanup;
} else if ( bvmatch( &ndn, &global_schemandn ) ) {
} else if ( bvmatch( &op->o_req_ndn, &global_schemandn ) ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ERR,
"do_modify: attempt to modify subschema subentry.\n" , 0, 0, 0 );
@ -225,9 +214,8 @@ do_modify(
Debug( LDAP_DEBUG_ANY, "do_modify: subschema subentry!\n", 0, 0, 0 );
#endif
send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
NULL, "modification of subschema subentry not supported",
NULL, NULL );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"modification of subschema subentry not supported" );
goto cleanup;
}
@ -312,28 +300,26 @@ do_modify(
* appropriate one, or send a referral to our "referral server"
* if we don't hold it.
*/
if ( (be = select_backend( &ndn, manageDSAit, 0 )) == NULL ) {
BerVarray ref = referral_rewrite( default_referral,
NULL, &pdn, LDAP_SCOPE_DEFAULT );
if ( (op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 0 )) == NULL ) {
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
if (!rs->sr_ref) rs->sr_ref = default_referral;
send_ldap_result( conn, op, rc = LDAP_REFERRAL,
NULL, NULL, ref ? ref : default_referral, NULL );
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
ber_bvarray_free( ref );
if (rs->sr_ref != default_referral) ber_bvarray_free( rs->sr_ref );
goto cleanup;
}
/* check restrictions */
rc = backend_check_restrictions( be, conn, op, NULL, &text ) ;
if( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
/* check for referrals */
rc = backend_check_referrals( be, conn, op, &pdn, &ndn );
if ( rc != LDAP_SUCCESS ) {
if( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) {
goto cleanup;
}
@ -346,8 +332,8 @@ do_modify(
modv = slapi_x_modifications2ldapmods( &modlist );
slapi_pblock_set( pb, SLAPI_MODIFY_MODS, (void *)modv );
rc = doPluginFNs( be, SLAPI_PLUGIN_PRE_MODIFY_FN, pb );
if ( rc != 0 ) {
rs->sr_err = doPluginFNs( be, SLAPI_PLUGIN_PRE_MODIFY_FN, pb );
if ( rs->sr_err != 0 ) {
/*
* A preoperation plugin failure will abort the
* entire operation.
@ -359,8 +345,8 @@ do_modify(
Debug(LDAP_DEBUG_TRACE, "do_modify: modify preoperation plugin failed.\n",
0, 0, 0);
#endif
if ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void *)&rc ) != 0) {
rc = LDAP_OTHER;
if ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void *)&rs->sr_err ) != 0) {
rs->sr_err = LDAP_OTHER;
}
ldap_mods_free( modv, 1 );
modv = NULL;
@ -385,27 +371,25 @@ do_modify(
* 2) this backend is master for what it holds;
* 3) it's a replica and the dn supplied is the update_ndn.
*/
if ( be->be_modify ) {
if ( op->o_bd->be_modify ) {
/* do the update here */
int repl_user = be_isupdate( be, &op->o_ndn );
int repl_user = be_isupdate( op->o_bd, &op->o_ndn );
#ifndef SLAPD_MULTIMASTER
/* Multimaster slapd does not have to check for replicator dn
* because it accepts each modify request
*/
if ( !be->be_update_ndn.bv_len || repl_user )
if ( !op->o_bd->be_update_ndn.bv_len || repl_user )
#endif
{
int update = be->be_update_ndn.bv_len;
const char *text;
int update = op->o_bd->be_update_ndn.bv_len;
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof textbuf;
rc = slap_mods_check( modlist, update, &text,
rs->sr_err = slap_mods_check( modlist, update, &rs->sr_text,
textbuf, textlen );
if( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
if( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
@ -417,47 +401,45 @@ do_modify(
/* empty */
}
rc = slap_mods_opattrs( be, op, modlist, modtail, &text,
textbuf, textlen );
if( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc,
NULL, text,
NULL, NULL );
rs->sr_err = slap_mods_opattrs( op, modlist, modtail,
&rs->sr_text, textbuf, textlen );
if( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
}
if ( (*be->be_modify)( be, conn, op, &pdn, &ndn, modlist ) == 0
op->oq_modify.rs_modlist = modlist;
if ( (op->o_bd->be_modify)( op, rs ) == 0
#ifdef SLAPD_MULTIMASTER
&& !repl_user
#endif
) {
/* but we log only the ones not from a replicator user */
replog( be, op, &pdn, &ndn, modlist );
replog( op );
}
#ifndef SLAPD_MULTIMASTER
/* send a referral */
} else {
BerVarray defref = be->be_update_refs
? be->be_update_refs : default_referral;
BerVarray ref = referral_rewrite( defref,
NULL, &pdn, LDAP_SCOPE_DEFAULT );
BerVarray defref = op->o_bd->be_update_refs
? op->o_bd->be_update_refs : default_referral;
rs->sr_ref = referral_rewrite( defref,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
send_ldap_result( conn, op, rc = LDAP_REFERRAL, NULL, NULL,
ref ? ref : defref, NULL );
ber_bvarray_free( ref );
if (!rs->sr_ref) rs->sr_ref = defref;
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
if (rs->sr_ref != defref) ber_bvarray_free( rs->sr_ref );
#endif
}
} else {
send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
NULL, "operation not supported within namingContext",
NULL, NULL );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported within namingContext" );
}
#if defined( LDAP_SLAPI )
if ( doPluginFNs( be, SLAPI_PLUGIN_POST_MODIFY_FN, pb ) != 0 ) {
if ( doPluginFNs( op->o_bd, SLAPI_PLUGIN_POST_MODIFY_FN, pb ) != 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO, "do_modify: modify postoperation plugins "
"failed\n", 0, 0, 0 );
@ -469,13 +451,13 @@ do_modify(
#endif /* defined( LDAP_SLAPI ) */
cleanup:
free( pdn.bv_val );
free( ndn.bv_val );
free( op->o_req_dn.bv_val );
free( op->o_req_ndn.bv_val );
if ( modlist != NULL ) slap_mods_free( modlist );
#if defined( LDAP_SLAPI )
if ( modv != NULL ) slapi_x_free_ldapmods( modv );
#endif
return rc;
return rs->sr_err;
}
/*
@ -660,7 +642,6 @@ int slap_mods_check(
}
int slap_mods_opattrs(
Backend *be,
Operation *op,
Modifications *mods,
Modifications **modtail,
@ -681,7 +662,7 @@ int slap_mods_opattrs(
assert( modtail != NULL );
assert( *modtail == NULL );
if( SLAP_LASTMOD(be) ) {
if( SLAP_LASTMOD(op->o_bd) ) {
struct tm *ltm;
time_t now = slap_get_time();
@ -742,7 +723,7 @@ int slap_mods_opattrs(
modtail = &mod->sml_next;
}
if( SLAP_LASTMOD(be) ) {
if( SLAP_LASTMOD(op->o_bd) ) {
char uuidbuf[ LDAP_LUTIL_UUIDSTR_BUFSIZE ];
tmpval.bv_len = lutil_uuidstr( uuidbuf, sizeof( uuidbuf ) );
@ -801,7 +782,7 @@ int slap_mods_opattrs(
}
}
if( SLAP_LASTMOD(be) ) {
if( SLAP_LASTMOD(op->o_bd) ) {
mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
mod->sml_op = mop;
mod->sml_type.bv_val = NULL;

228
servers/slapd/modrdn.c
View file

@ -43,8 +43,8 @@
int
do_modrdn(
Connection *conn,
Operation *op
Operation *op,
SlapReply *rs
)
{
struct berval dn = { 0, NULL };
@ -52,19 +52,12 @@ do_modrdn(
struct berval newSuperior = { 0, NULL };
ber_int_t deloldrdn;
struct berval pdn = { 0, NULL };
struct berval pnewrdn = { 0, NULL };
struct berval pnewSuperior = { 0, NULL }, *pnewS = NULL;
struct berval pnewSuperior = { 0, NULL };
struct berval ndn = { 0, NULL };
struct berval nnewrdn = { 0, NULL };
struct berval nnewSuperior = { 0, NULL }, *nnewS = NULL;
struct berval nnewSuperior = { 0, NULL };
Backend *be;
Backend *newSuperior_be = NULL;
ber_len_t length;
int rc;
const char *text;
int manageDSAit;
#ifdef LDAP_SLAPI
@ -98,8 +91,7 @@ do_modrdn(
Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
#endif
send_ldap_disconnect( conn, op,
LDAP_PROTOCOL_ERROR, "decoding error" );
send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
return SLAPD_DISCONNECT;
}
@ -119,9 +111,9 @@ do_modrdn(
0, 0, 0 );
#endif
send_ldap_disconnect( conn, op,
send_ldap_discon( op, rs,
LDAP_PROTOCOL_ERROR, "newSuperior requires LDAPv3" );
rc = SLAPD_DISCONNECT;
rs->sr_err = SLAPD_DISCONNECT;
goto cleanup;
}
@ -136,13 +128,13 @@ do_modrdn(
0, 0, 0 );
#endif
send_ldap_disconnect( conn, op,
send_ldap_discon( op, rs,
LDAP_PROTOCOL_ERROR, "decoding error" );
rc = SLAPD_DISCONNECT;
rs->sr_err = SLAPD_DISCONNECT;
goto cleanup;
}
pnewS = &pnewSuperior;
nnewS = &nnewSuperior;
op->oq_modrdn.rs_newSup = &pnewSuperior;
op->oq_modrdn.rs_nnewSup = &nnewSuperior;
}
#ifdef NEW_LOGGING
@ -164,13 +156,13 @@ do_modrdn(
Debug( LDAP_DEBUG_ANY, "do_modrdn: ber_scanf failed\n", 0, 0, 0 );
#endif
send_ldap_disconnect( conn, op,
send_ldap_discon( op, rs,
LDAP_PROTOCOL_ERROR, "decoding error" );
rc = SLAPD_DISCONNECT;
rs->sr_err = SLAPD_DISCONNECT;
goto cleanup;
}
if( (rc = get_ctrls( conn, op, 1 )) != LDAP_SUCCESS ) {
if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ERR, "do_modrdn: get_ctrls failed\n", 0, 0, 0 );
#else
@ -181,22 +173,21 @@ do_modrdn(
goto cleanup;
}
rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn );
if( rc != LDAP_SUCCESS ) {
rs->sr_err = dnPrettyNormal( NULL, &dn, &op->o_req_dn, &op->o_req_ndn );
if( rs->sr_err != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
"do_modrdn: conn %d invalid dn (%s)\n",
conn->c_connid, dn.bv_val, 0 );
op->o_connid, dn.bv_val, 0 );
#else
Debug( LDAP_DEBUG_ANY,
"do_modrdn: invalid dn (%s)\n", dn.bv_val, 0, 0 );
#endif
send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
"invalid DN", NULL, NULL );
send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid DN" );
goto cleanup;
}
if( ndn.bv_len == 0 ) {
if( op->o_req_ndn.bv_len == 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ERR,
"do_modrdn: attempt to modify root DSE.\n", 0, 0, 0 );
@ -204,11 +195,11 @@ do_modrdn(
Debug( LDAP_DEBUG_ANY, "do_modrdn: root dse!\n", 0, 0, 0 );
#endif
send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
NULL, "cannot rename the root DSE", NULL, NULL );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"cannot rename the root DSE" );
goto cleanup;
} else if ( bvmatch( &ndn, &global_schemandn ) ) {
} else if ( bvmatch( &op->o_req_ndn, &global_schemandn ) ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ERR,
"do_modrdn: attempt to modify subschema subentry: %s (%ld)\n",
@ -218,63 +209,60 @@ do_modrdn(
global_schemandn.bv_val, (long) global_schemandn.bv_len, 0 );
#endif
send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
NULL, "cannot rename subschema subentry", NULL, NULL );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"cannot rename subschema subentry" );
goto cleanup;
}
/* FIXME: should have/use rdnPretty / rdnNormalize routines */
rc = dnPrettyNormal( NULL, &newrdn, &pnewrdn, &nnewrdn );
if( rc != LDAP_SUCCESS ) {
rs->sr_err = dnPrettyNormal( NULL, &newrdn, &op->oq_modrdn.rs_newrdn, &op->oq_modrdn.rs_nnewrdn );
if( rs->sr_err != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
"do_modrdn: conn %d invalid newrdn (%s)\n",
conn->c_connid, newrdn.bv_val, 0 );
op->o_connid, newrdn.bv_val, 0 );
#else
Debug( LDAP_DEBUG_ANY,
"do_modrdn: invalid newrdn (%s)\n", newrdn.bv_val, 0, 0 );
#endif
send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
"invalid new RDN", NULL, NULL );
send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid new RDN" );
goto cleanup;
}
if( rdnValidate( &pnewrdn ) != LDAP_SUCCESS ) {
if( rdnValidate( &op->oq_modrdn.rs_newrdn ) != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ERR,
"do_modrdn: invalid rdn (%s).\n", pnewrdn.bv_val, 0, 0 );
"do_modrdn: invalid rdn (%s).\n", op->oq_modrdn.rs_newrdn.bv_val, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY, "do_modrdn: invalid rdn (%s)\n",
pnewrdn.bv_val, 0, 0 );
op->oq_modrdn.rs_newrdn.bv_val, 0, 0 );
#endif
send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
"invalid new RDN", NULL, NULL );
send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid new RDN" );
goto cleanup;
}
if( pnewS ) {
rc = dnPrettyNormal( NULL, &newSuperior, &pnewSuperior,
if( op->oq_modrdn.rs_newSup ) {
rs->sr_err = dnPrettyNormal( NULL, &newSuperior, &pnewSuperior,
&nnewSuperior );
if( rc != LDAP_SUCCESS ) {
if( rs->sr_err != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
"do_modrdn: conn %d invalid newSuperior (%s)\n",
conn->c_connid, newSuperior.bv_val, 0 );
op->o_connid, newSuperior.bv_val, 0 );
#else
Debug( LDAP_DEBUG_ANY,
"do_modrdn: invalid newSuperior (%s)\n",
newSuperior.bv_val, 0, 0 );
#endif
send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
"invalid newSuperior", NULL, NULL );
send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid newSuperior" );
goto cleanup;
}
}
Statslog( LDAP_DEBUG_STATS, "conn=%lu op=%lu MODRDN dn=\"%s\"\n",
op->o_connid, op->o_opid, pdn.bv_val, 0, 0 );
op->o_connid, op->o_opid, op->o_req_dn.bv_val, 0, 0 );
manageDSAit = get_manageDSAit( op );
@ -283,51 +271,47 @@ do_modrdn(
* appropriate one, or send a referral to our "referral server"
* if we don't hold it.
*/
if ( (be = select_backend( &ndn, manageDSAit, 0 )) == NULL ) {
BerVarray ref = referral_rewrite( default_referral,
NULL, &pdn, LDAP_SCOPE_DEFAULT );
if ( (op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 0 )) == NULL ) {
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
if (!rs->sr_ref) rs->sr_ref = default_referral;
send_ldap_result( conn, op, rc = LDAP_REFERRAL,
NULL, NULL, ref ? ref : default_referral, NULL );
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
ber_bvarray_free( ref );
if (rs->sr_ref != default_referral) ber_bvarray_free( rs->sr_ref );
goto cleanup;
}
/* check restrictions */
rc = backend_check_restrictions( be, conn, op, NULL, &text ) ;
if( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
/* check for referrals */
rc = backend_check_referrals( be, conn, op, &pdn, &ndn );
if ( rc != LDAP_SUCCESS ) {
if ( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) {
goto cleanup;
}
/* Make sure that the entry being changed and the newSuperior are in
* the same backend, otherwise we return an error.
*/
if( pnewS ) {
if( op->oq_modrdn.rs_newSup ) {
newSuperior_be = select_backend( &nnewSuperior, 0, 0 );
if ( newSuperior_be != be ) {
/* newSuperior is in same backend */
rc = LDAP_AFFECTS_MULTIPLE_DSAS;
send_ldap_result( conn, op, rc,
NULL, "cannot rename between DSAa", NULL, NULL );
if ( newSuperior_be != op->o_bd ) {
/* newSuperior is in different backend */
send_ldap_error( op, rs, LDAP_AFFECTS_MULTIPLE_DSAS,
"cannot rename between DSAs" );
goto cleanup;
}
}
#if defined( LDAP_SLAPI )
slapi_x_backend_set_pb( pb, be );
slapi_x_connection_set_pb( pb, conn );
slapi_x_backend_set_pb( pb, op->o_bd );
slapi_x_connection_set_pb( pb, op->o_conn );
slapi_x_operation_set_pb( pb, op );
slapi_pblock_set( pb, SLAPI_MODRDN_TARGET, (void *)dn.bv_val );
slapi_pblock_set( pb, SLAPI_MODRDN_NEWRDN, (void *)newrdn.bv_val );
@ -336,8 +320,8 @@ do_modrdn(
slapi_pblock_set( pb, SLAPI_MODRDN_DELOLDRDN, (void *)deloldrdn );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit );
rc = doPluginFNs( be, SLAPI_PLUGIN_PRE_MODRDN_FN, pb );
if ( rc != 0 ) {
rs->sr_err = doPluginFNs( op->o_bd, SLAPI_PLUGIN_PRE_MODRDN_FN, pb );
if ( rs->sr_err != 0 ) {
/*
* A preoperation plugin failure will abort the
* entire operation.
@ -349,60 +333,54 @@ do_modrdn(
Debug(LDAP_DEBUG_TRACE, "do_modrdn: modrdn preoperation plugin "
"failed.\n", 0, 0, 0);
#endif
if ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void *)&rc ) != 0)
rc = LDAP_OTHER;
if ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void *)&rs->sr_err ) != 0)
rs->sr_err = LDAP_OTHER;
goto cleanup;
}
#endif /* defined( LDAP_SLAPI ) */
/*
* do the add if 1 && (2 || 3)
* 1) there is an add function implemented in this backend;
* do the modrdn if 1 && (2 || 3)
* 1) there is a modrdn function implemented in this backend;
* 2) this backend is master for what it holds;
* 3) it's a replica and the dn supplied is the update_ndn.
*/
if ( be->be_modrdn ) {
if ( op->o_bd->be_modrdn ) {
/* do the update here */
int repl_user = be_isupdate( be, &op->o_ndn );
int repl_user = be_isupdate( op->o_bd, &op->o_ndn );
#ifndef SLAPD_MULTIMASTER
if ( !be->be_update_ndn.bv_len || repl_user )
if ( !op->o_bd->be_update_ndn.bv_len || repl_user )
#endif
{
if ( (*be->be_modrdn)( be, conn, op, &pdn, &ndn,
&pnewrdn, &nnewrdn, deloldrdn,
pnewS, nnewS ) == 0
op->oq_modrdn.rs_deleteoldrdn = deloldrdn;
if ( (op->o_bd->be_modrdn)( op, rs ) == 0
#ifdef SLAPD_MULTIMASTER
&& ( !be->be_update_ndn.bv_len || !repl_user )
&& ( !op->o_bd->be_update_ndn.bv_len || !repl_user )
#endif
) {
struct slap_replog_moddn moddn;
moddn.newrdn = &pnewrdn;
moddn.deloldrdn = deloldrdn;
moddn.newsup = &pnewSuperior;
replog( be, op, &pdn, &ndn, &moddn );
replog( op );
}
#ifndef SLAPD_MULTIMASTER
} else {
BerVarray defref = be->be_update_refs
? be->be_update_refs : default_referral;
BerVarray ref = referral_rewrite( defref,
NULL, &pdn, LDAP_SCOPE_DEFAULT );
BerVarray defref = op->o_bd->be_update_refs
? op->o_bd->be_update_refs : default_referral;
rs->sr_ref = referral_rewrite( defref,
NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
if (!rs->sr_ref) rs->sr_ref = defref;
send_ldap_result( conn, op, rc = LDAP_REFERRAL, NULL, NULL,
ref ? ref : defref, NULL );
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
ber_bvarray_free( ref );
if (rs->sr_ref != defref) ber_bvarray_free( rs->sr_ref );
#endif
}
} else {
send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
NULL, "operation not supported within namingContext",
NULL, NULL );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported within namingContext" );
}
#if defined( LDAP_SLAPI )
if ( doPluginFNs( be, SLAPI_PLUGIN_POST_MODRDN_FN, pb ) != 0 ) {
if ( doPluginFNs( op->o_bd, SLAPI_PLUGIN_POST_MODRDN_FN, pb ) != 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO, "do_modrdn: modrdn postoperation plugins "
"failed\n", 0, 0, 0 );
@ -414,61 +392,57 @@ do_modrdn(
#endif /* defined( LDAP_SLAPI ) */
cleanup:
free( pdn.bv_val );
free( ndn.bv_val );
free( op->o_req_dn.bv_val );
free( op->o_req_ndn.bv_val );
free( pnewrdn.bv_val );
free( nnewrdn.bv_val );
free( op->oq_modrdn.rs_newrdn.bv_val );
free( op->oq_modrdn.rs_nnewrdn.bv_val );
if ( pnewSuperior.bv_val ) free( pnewSuperior.bv_val );
if ( nnewSuperior.bv_val ) free( nnewSuperior.bv_val );
return rc;
return rs->sr_err;
}
int
slap_modrdn2mods(
Backend *be,
Connection *conn,
Operation *op,
SlapReply *rs,
Entry *e,
LDAPRDN *old_rdn,
LDAPRDN *new_rdn,
int deleteoldrdn,
Modifications **pmod )
{
int rc = LDAP_SUCCESS;
const char *text;
Modifications *mod = NULL;
int a_cnt, d_cnt;
assert( new_rdn != NULL );
assert( !deleteoldrdn || old_rdn != NULL );
assert( !op->oq_modrdn.rs_deleteoldrdn || old_rdn != NULL );
/* Add new attribute values to the entry */
for ( a_cnt = 0; new_rdn[0][a_cnt]; a_cnt++ ) {
AttributeDescription *desc = NULL;
Modifications *mod_tmp;
rc = slap_bv2ad( &new_rdn[0][a_cnt]->la_attr, &desc, &text );
rs->sr_err = slap_bv2ad( &new_rdn[0][a_cnt]->la_attr, &desc, &rs->sr_text );
if ( rc != LDAP_SUCCESS ) {
if ( rs->sr_err != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
"slap_modrdn2modlist: %s: %s (new)\n",
text,
rs->sr_text,
new_rdn[ 0 ][ a_cnt ]->la_attr.bv_val, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"slap_modrdn2modlist: %s: %s (new)\n",
text,
rs->sr_text,
new_rdn[ 0 ][ a_cnt ]->la_attr.bv_val, 0 );
#endif
goto done;
}
/* ACL check of newly added attrs */
if ( be && !access_allowed( be, conn, op, e, desc,
if ( op->o_bd && !access_allowed( op, e, desc,
&new_rdn[0][a_cnt]->la_value, ACL_WRITE, NULL ) ) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
@ -481,7 +455,7 @@ slap_modrdn2mods(
"(new) not allowed\n",
new_rdn[0][ a_cnt ]->la_attr.bv_val, 0, 0 );
#endif
rc = LDAP_INSUFFICIENT_ACCESS;
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto done;
}
@ -517,23 +491,23 @@ slap_modrdn2mods(
}
/* Remove old rdn value if required */
if ( deleteoldrdn ) {
if ( op->oq_modrdn.rs_deleteoldrdn ) {
for ( d_cnt = 0; old_rdn[0][d_cnt]; d_cnt++ ) {
AttributeDescription *desc = NULL;
Modifications *mod_tmp;
rc = slap_bv2ad( &old_rdn[0][d_cnt]->la_attr, &desc, &text );
if ( rc != LDAP_SUCCESS ) {
rs->sr_err = slap_bv2ad( &old_rdn[0][d_cnt]->la_attr, &desc, &rs->sr_text );
if ( rs->sr_err != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
"slap_modrdn2modlist: %s: %s (old)\n",
text,
rs->sr_text,
old_rdn[0][d_cnt]->la_attr.bv_val,
0 );
#else
Debug( LDAP_DEBUG_TRACE,
"slap_modrdn2modlist: %s: %s (old)\n",
text,
rs->sr_text,
old_rdn[0][d_cnt]->la_attr.bv_val,
0 );
#endif
@ -541,7 +515,7 @@ slap_modrdn2mods(
}
/* ACL check of newly added attrs */
if ( be && !access_allowed( be, conn, op, e, desc,
if ( op->o_bd && !access_allowed( op, e, desc,
&old_rdn[0][d_cnt]->la_value, ACL_WRITE,
NULL ) ) {
#ifdef NEW_LOGGING
@ -557,7 +531,7 @@ slap_modrdn2mods(
old_rdn[ 0 ][ d_cnt ]->la_attr.bv_val,
0, 0 );
#endif
rc = LDAP_INSUFFICIENT_ACCESS;
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto done;
}
@ -595,7 +569,7 @@ slap_modrdn2mods(
done:
/* LDAP v2 supporting correct attribute handling. */
if ( rc != LDAP_SUCCESS && mod != NULL ) {
if ( rs->sr_err != LDAP_SUCCESS && mod != NULL ) {
Modifications *tmp;
for ( ; mod; mod = tmp ) {
tmp = mod->sml_next;
@ -605,5 +579,5 @@ done:
*pmod = mod;
return rc;
return rs->sr_err;
}

63
servers/slapd/passwd.c
View file

@ -20,73 +20,52 @@
#include <lutil.h>
int passwd_extop(
Connection *conn, Operation *op,
struct berval *reqoid,
struct berval *reqdata,
char **rspoid,
struct berval **rspdata,
LDAPControl ***rspctrls,
const char **text,
BerVarray *refs )
Operation *op,
SlapReply *rs )
{
Backend *be;
int rc;
assert( reqoid != NULL );
assert( ber_bvcmp( &slap_EXOP_MODIFY_PASSWD, reqoid ) == 0 );
assert( ber_bvcmp( &slap_EXOP_MODIFY_PASSWD, &op->oq_extended.rs_reqoid ) == 0 );
if( op->o_dn.bv_len == 0 ) {
*text = "only authenticated users may change passwords";
rs->sr_text = "only authenticated users may change passwords";
return LDAP_STRONG_AUTH_REQUIRED;
}
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
be = conn->c_authz_backend;
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
op->o_bd = op->o_conn->c_authz_backend;
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
if( be && !be->be_extended ) {
*text = "operation not supported for current user";
if( op->o_bd && !op->o_bd->be_extended ) {
rs->sr_text = "operation not supported for current user";
return LDAP_UNWILLING_TO_PERFORM;
}
{
rc = backend_check_restrictions( be, conn, op,
(struct berval *)&slap_EXOP_MODIFY_PASSWD, text );
if (backend_check_restrictions( op, rs,
(struct berval *)&slap_EXOP_MODIFY_PASSWD ) != LDAP_SUCCESS) {
return rs->sr_err;
}
if( rc != LDAP_SUCCESS ) {
return rc;
}
if( be == NULL ) {
if( op->o_bd == NULL ) {
#ifdef HAVE_CYRUS_SASL
rc = slap_sasl_setpass( conn, op,
reqoid, reqdata,
rspoid, rspdata, rspctrls,
text );
rs->sr_err = slap_sasl_setpass( op, rs );
#else
*text = "no authz backend";
rc = LDAP_OTHER;
rs->sr_text = "no authz backend";
rs->sr_err = LDAP_OTHER;
#endif
#ifndef SLAPD_MULTIMASTER
/* This does not apply to multi-master case */
} else if( be->be_update_ndn.bv_len ) {
} else if( op->o_bd->be_update_ndn.bv_len ) {
/* we SHOULD return a referral in this case */
*refs = referral_rewrite( be->be_update_refs,
rs->sr_ref = referral_rewrite( op->o_bd->be_update_refs,
NULL, NULL, LDAP_SCOPE_DEFAULT );
rc = LDAP_REFERRAL;
rs->sr_err = LDAP_REFERRAL;
#endif /* !SLAPD_MULTIMASTER */
} else {
rc = be->be_extended(
be, conn, op,
reqoid, reqdata,
rspoid, rspdata, rspctrls,
text, refs );
rs->sr_err = op->o_bd->be_extended( op, rs );
}
return rc;
return rs->sr_err;
}
int slap_passwd_parse( struct berval *reqdata,

178
servers/slapd/proto-slap.h
View file

@ -15,13 +15,12 @@ LDAP_BEGIN_DECL
* acl.c
*/
LDAP_SLAPD_F (int) access_allowed LDAP_P((
Backend *be, Connection *conn, Operation *op,
Operation *op,
Entry *e, AttributeDescription *desc, struct berval *val,
slap_access_t access,
AccessControlState *state ));
LDAP_SLAPD_F (int) acl_check_modlist LDAP_P((
Backend *be, Connection *conn, Operation *op,
Entry *e, Modifications *ml ));
Operation *op, Entry *e, Modifications *ml ));
LDAP_SLAPD_F (void) acl_append( AccessControl **l, AccessControl *a );
@ -204,40 +203,31 @@ LDAP_SLAPD_F (int) be_issuffix LDAP_P(( Backend *be,
struct berval *suffix ));
LDAP_SLAPD_F (int) be_isroot LDAP_P(( Backend *be,
struct berval *ndn ));
LDAP_SLAPD_F (int) be_isroot_pw LDAP_P(( Backend *be,
Connection *conn, struct berval *ndn, struct berval *cred ));
LDAP_SLAPD_F (int) be_isroot_pw LDAP_P(( Operation *op ));
LDAP_SLAPD_F (int) be_isupdate LDAP_P(( Backend *be, struct berval *ndn ));
LDAP_SLAPD_F (struct berval *) be_root_dn LDAP_P(( Backend *be ));
LDAP_SLAPD_F (int) be_entry_get_rw LDAP_P(( BackendDB *bd,
struct slap_conn *c, struct slap_op *o,
LDAP_SLAPD_F (int) be_entry_get_rw LDAP_P(( struct slap_op *o,
struct berval *ndn, ObjectClass *oc,
AttributeDescription *at, int rw, Entry **e ));
LDAP_SLAPD_F (int) be_entry_release_rw LDAP_P((
BackendDB *be, Connection *c, Operation *o, Entry *e, int rw ));
#define be_entry_release_r( be, c, o, e ) be_entry_release_rw( be, c, o, e, 0 )
#define be_entry_release_w( be, c, o, e ) be_entry_release_rw( be, c, o, e, 1 )
LDAP_SLAPD_F (int) backend_unbind LDAP_P((Connection *conn, Operation *op));
LDAP_SLAPD_F( int ) backend_check_restrictions LDAP_P((
BackendDB *be,
Connection *conn,
Operation *op,
struct berval *opdata,
const char **text ));
LDAP_SLAPD_F( int ) backend_check_referrals LDAP_P((
BackendDB *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn ));
Operation *o, Entry *e, int rw ));
#define be_entry_release_r( o, e ) be_entry_release_rw( o, e, 0 )
#define be_entry_release_w( o, e ) be_entry_release_rw( o, e, 1 )
LDAP_SLAPD_F (int) backend_unbind LDAP_P((Operation *op, SlapReply *rs));
LDAP_SLAPD_F (int) backend_connection_init LDAP_P((Connection *conn));
LDAP_SLAPD_F (int) backend_connection_destroy LDAP_P((Connection *conn));
LDAP_SLAPD_F (int) backend_group LDAP_P((BackendDB *be,
Connection *conn,
LDAP_SLAPD_F( int ) backend_check_restrictions LDAP_P((
Operation *op,
SlapReply *rs,
struct berval *opdata ));
LDAP_SLAPD_F( int ) backend_check_referrals LDAP_P((
Operation *op,
SlapReply *rs ));
LDAP_SLAPD_F (int) backend_group LDAP_P((
Operation *op,
Entry *target,
struct berval *gr_ndn,
@ -246,8 +236,7 @@ LDAP_SLAPD_F (int) backend_group LDAP_P((BackendDB *be,
AttributeDescription *group_at
));
LDAP_SLAPD_F (int) backend_attribute LDAP_P((BackendDB *be,
Connection *conn,
LDAP_SLAPD_F (int) backend_attribute LDAP_P((
Operation *op,
Entry *target,
struct berval *entry_ndn,
@ -256,11 +245,8 @@ LDAP_SLAPD_F (int) backend_attribute LDAP_P((BackendDB *be,
));
LDAP_SLAPD_F (Attribute *) backend_operational(
BackendDB *,
Connection *conn,
Operation *op,
Entry *e,
AttributeName *attrs,
SlapReply *rs,
int opattrs );
/*
@ -297,8 +283,8 @@ LDAP_SLAPD_F (void) ch_free LDAP_P(( void * ));
* controls.c
*/
LDAP_SLAPD_F (int) get_ctrls LDAP_P((
Connection *co,
Operation *op,
SlapReply *rs,
int senderrors ));
LDAP_SLAPD_F (int) register_supported_control LDAP_P((
const char *controloid,
@ -491,15 +477,7 @@ const struct berval slap_EXOP_WHOAMI;
const struct berval slap_EXOP_MODIFY_PASSWD;
const struct berval slap_EXOP_START_TLS;
typedef int (SLAP_EXTOP_MAIN_FN) LDAP_P((
Connection *conn, Operation *op,
struct berval * reqoid,
struct berval * reqdata,
char ** rspoid,
struct berval ** rspdata,
LDAPControl *** rspctrls,
const char ** text,
BerVarray *refs ));
typedef int (SLAP_EXTOP_MAIN_FN) LDAP_P(( Operation *op, SlapReply *rs ));
typedef int (SLAP_EXTOP_GETOID_FN) LDAP_P((
int index, struct berval *oid, int blen ));
@ -546,9 +524,7 @@ LDAP_SLAPD_F (int) filter_escape_value LDAP_P(( struct berval *in,
* filterentry.c
*/
LDAP_SLAPD_F (int) test_filter LDAP_P((
Backend *be, Connection *conn, Operation *op,
Entry *e, Filter *f ));
LDAP_SLAPD_F (int) test_filter LDAP_P(( Operation *op, Entry *e, Filter *f ));
/*
* globals.c
@ -603,8 +579,6 @@ LDAP_SLAPD_F (int) lock_fclose LDAP_P(( FILE *fp, FILE *lfp ));
* matchedValues.c
*/
LDAP_SLAPD_F (int) filter_matched_values(
Backend *be,
Connection *conn,
Operation *op,
Attribute *a,
char ***e_flags );
@ -613,13 +587,11 @@ LDAP_SLAPD_F (int) filter_matched_values(
* modrdn.c
*/
LDAP_SLAPD_F (int) slap_modrdn2mods(
Backend *be,
Connection *conn,
Operation *op,
SlapReply *rs,
Entry *e,
LDAPRDN *oldrdn,
LDAPRDN *newrdn,
int deleteoldrdn,
Modifications **pmod );
/*
@ -632,7 +604,6 @@ LDAP_SLAPD_F( int ) slap_mods_check(
char *textbuf, size_t textlen );
LDAP_SLAPD_F( int ) slap_mods_opattrs(
Backend *be,
Operation *op,
Modifications *mods,
Modifications **modlist,
@ -824,7 +795,7 @@ LDAP_SLAPD_F (int) validate_global_referral LDAP_P((
const char *url ));
LDAP_SLAPD_F (BerVarray) get_entry_referrals LDAP_P((
Backend *be, Connection *conn, Operation *op, Entry *e ));
Operation *op, Entry *e ));
LDAP_SLAPD_F (BerVarray) referral_rewrite LDAP_P((
BerVarray refs,
@ -841,66 +812,19 @@ LDAP_SLAPD_F (int) add_replica_suffix LDAP_P(( Backend *be,
int nr, const char *suffix ));
LDAP_SLAPD_F (int) add_replica_attrs LDAP_P(( Backend *be,
int nr, char *attrs, int exclude ));
LDAP_SLAPD_F (void) replog LDAP_P(( Backend *be, Operation *op,
struct berval *dn, struct berval *ndn, void *change ));
LDAP_SLAPD_F (void) replog LDAP_P(( Operation *op ));
/*
* result.c
*/
LDAP_SLAPD_F (void) slap_send_ldap_result LDAP_P((
Connection *conn, Operation *op,
ber_int_t err, const char *matched, const char *text,
BerVarray refs,
LDAPControl **ctrls ));
LDAP_SLAPD_F (void) send_ldap_sasl LDAP_P((
Connection *conn, Operation *op,
ber_int_t err, const char *matched,
const char *text,
BerVarray refs,
LDAPControl **ctrls,
struct berval *cred ));
LDAP_SLAPD_F (void) send_ldap_disconnect LDAP_P((
Connection *conn, Operation *op,
ber_int_t err, const char *text ));
LDAP_SLAPD_F (void) slap_send_ldap_extended LDAP_P((
Connection *conn, Operation *op,
ber_int_t err, const char *matched,
const char *text, BerVarray refs,
const char *rspoid, struct berval *rspdata,
LDAPControl **ctrls ));
LDAP_SLAPD_F (void) slap_send_ldap_intermediate_resp LDAP_P((
Connection *conn, Operation *op,
ber_int_t err, const char *matched,
const char *text, BerVarray refs,
const char *rspoid, struct berval *rspdata,
LDAPControl **ctrls ));
LDAP_SLAPD_F (void) send_ldap_partial LDAP_P((
Connection *conn, Operation *op,
const char *rspoid, struct berval *rspdata,
LDAPControl **ctrls ));
LDAP_SLAPD_F (void) slap_send_search_result LDAP_P((
Connection *conn, Operation *op,
ber_int_t err, const char *matched, const char *text,
BerVarray refs,
LDAPControl **ctrls,
int nentries ));
LDAP_SLAPD_F (int) slap_send_search_reference LDAP_P((
Backend *be, Connection *conn, Operation *op,
Entry *e, BerVarray refs,
LDAPControl **ctrls,
BerVarray *v2refs ));
LDAP_SLAPD_F (int) slap_send_search_entry LDAP_P((
Backend *be, Connection *conn, Operation *op,
Entry *e, AttributeName *attrs, int attrsonly,
LDAPControl **ctrls ));
LDAP_SLAPD_F (void) slap_send_ldap_result LDAP_P(( Operation *op, SlapReply *rs ));
LDAP_SLAPD_F (void) send_ldap_sasl LDAP_P(( Operation *op, SlapReply *rs ));
LDAP_SLAPD_F (void) send_ldap_disconnect LDAP_P(( Operation *op, SlapReply *rs ));
LDAP_SLAPD_F (void) slap_send_ldap_extended LDAP_P(( Operation *op, SlapReply *rs ));
LDAP_SLAPD_F (void) slap_send_ldap_intermediate_resp LDAP_P(( Operation *op, SlapReply *rs ));
LDAP_SLAPD_F (void) slap_send_search_result LDAP_P(( Operation *op, SlapReply *rs ));
LDAP_SLAPD_F (int) slap_send_search_reference LDAP_P(( Operation *op, SlapReply *rs ));
LDAP_SLAPD_F (int) slap_send_search_entry LDAP_P(( Operation *op, SlapReply *rs ));
LDAP_SLAPD_F (int) str2result LDAP_P(( char *s,
int *code, char **matched, char **info ));
@ -933,21 +857,11 @@ LDAP_SLAPD_F (int) slap_sasl_external( Connection *c,
LDAP_SLAPD_F (int) slap_sasl_reset( Connection *c );
LDAP_SLAPD_F (int) slap_sasl_close( Connection *c );
LDAP_SLAPD_F (int) slap_sasl_bind LDAP_P((
Connection *conn, Operation *op,
struct berval *dn, struct berval *ndn,
struct berval *cred,
struct berval *edn, slap_ssf_t *ssf ));
LDAP_SLAPD_F (int) slap_sasl_bind LDAP_P(( Operation *op, SlapReply *rs ));
LDAP_SLAPD_F (int) slap_sasl_setpass(
Connection *conn,
Operation *op,
struct berval *reqoid,
struct berval *reqdata,
char **rspoid,
struct berval **rspdata,
LDAPControl *** rspctrls,
const char **text );
SlapReply *rs );
LDAP_SLAPD_F (int) slap_sasl_config(
int cargc,
@ -1223,16 +1137,16 @@ LDAP_SLAPD_V (struct berval) NoAttrs;
/*
* operations
*/
LDAP_SLAPD_F (int) do_abandon LDAP_P((Connection *conn, Operation *op));
LDAP_SLAPD_F (int) do_add LDAP_P((Connection *conn, Operation *op));
LDAP_SLAPD_F (int) do_bind LDAP_P((Connection *conn, Operation *op));
LDAP_SLAPD_F (int) do_compare LDAP_P((Connection *conn, Operation *op));
LDAP_SLAPD_F (int) do_delete LDAP_P((Connection *conn, Operation *op));
LDAP_SLAPD_F (int) do_modify LDAP_P((Connection *conn, Operation *op));
LDAP_SLAPD_F (int) do_modrdn LDAP_P((Connection *conn, Operation *op));
LDAP_SLAPD_F (int) do_search LDAP_P((Connection *conn, Operation *op));
LDAP_SLAPD_F (int) do_unbind LDAP_P((Connection *conn, Operation *op));
LDAP_SLAPD_F (int) do_extended LDAP_P((Connection *conn, Operation *op));
LDAP_SLAPD_F (int) do_abandon LDAP_P((Operation *op, SlapReply *rs));
LDAP_SLAPD_F (int) do_add LDAP_P((Operation *op, SlapReply *rs));
LDAP_SLAPD_F (int) do_bind LDAP_P((Operation *op, SlapReply *rs));
LDAP_SLAPD_F (int) do_compare LDAP_P((Operation *op, SlapReply *rs));
LDAP_SLAPD_F (int) do_delete LDAP_P((Operation *op, SlapReply *rs));
LDAP_SLAPD_F (int) do_modify LDAP_P((Operation *op, SlapReply *rs));
LDAP_SLAPD_F (int) do_modrdn LDAP_P((Operation *op, SlapReply *rs));
LDAP_SLAPD_F (int) do_search LDAP_P((Operation *op, SlapReply *rs));
LDAP_SLAPD_F (int) do_unbind LDAP_P((Operation *op, SlapReply *rs));
LDAP_SLAPD_F (int) do_extended LDAP_P((Operation *op, SlapReply *rs));
LDAP_END_DECL

2
servers/slapd/referral.c
View file

@ -292,8 +292,6 @@ BerVarray referral_rewrite(
BerVarray get_entry_referrals(
Backend *be,
Connection *conn,
Operation *op,
Entry *e )
{

82
servers/slapd/repl.c
View file

@ -100,20 +100,13 @@ add_replica_attrs(
static void
print_vals( FILE *fp, struct berval *type, struct berval *bv );
static void
replog1( struct slap_replica_info *ri, Operation *op, void *change, FILE *fp, void *first);
replog1( struct slap_replica_info *ri, Operation *op, FILE *fp, void *first);
void
replog(
Backend *be,
Operation *op,
struct berval *dn,
struct berval *ndn,
void *change
)
replog( Operation *op )
{
Modifications *ml = NULL;
Attribute *a = NULL;
Entry *e;
FILE *fp, *lfp;
int i;
/* undef NO_LOG_WHEN_NO_REPLICAS */
@ -123,35 +116,35 @@ replog(
int subsets = 0;
long now = slap_get_time();
if ( be->be_replogfile == NULL && replogfile == NULL ) {
if ( op->o_bd->be_replogfile == NULL && replogfile == NULL ) {
return;
}
ldap_pvt_thread_mutex_lock( &replog_mutex );
if ( (fp = lock_fopen( be->be_replogfile ? be->be_replogfile :
if ( (fp = lock_fopen( op->o_bd->be_replogfile ? op->o_bd->be_replogfile :
replogfile, "a", &lfp )) == NULL ) {
ldap_pvt_thread_mutex_unlock( &replog_mutex );
return;
}
for ( i = 0; be->be_replica != NULL && be->be_replica[i] != NULL; i++ ) {
for ( i = 0; op->o_bd->be_replica != NULL && op->o_bd->be_replica[i] != NULL; i++ ) {
/* check if dn's suffix matches legal suffixes, if any */
if ( be->be_replica[i]->ri_nsuffix != NULL ) {
if ( op->o_bd->be_replica[i]->ri_nsuffix != NULL ) {
int j;
for ( j = 0; be->be_replica[i]->ri_nsuffix[j].bv_val; j++ ) {
if ( dnIsSuffix( ndn, &be->be_replica[i]->ri_nsuffix[j] ) ) {
for ( j = 0; op->o_bd->be_replica[i]->ri_nsuffix[j].bv_val; j++ ) {
if ( dnIsSuffix( &op->o_req_ndn, &op->o_bd->be_replica[i]->ri_nsuffix[j] ) ) {
break;
}
}
if ( !be->be_replica[i]->ri_nsuffix[j].bv_val ) {
if ( !op->o_bd->be_replica[i]->ri_nsuffix[j].bv_val ) {
/* do not add "replica:" line */
continue;
}
}
/* See if we only want a subset of attributes */
if ( be->be_replica[i]->ri_attrs != NULL &&
if ( op->o_bd->be_replica[i]->ri_attrs != NULL &&
( op->o_tag == LDAP_REQ_MODIFY || op->o_tag == LDAP_REQ_ADD || op->o_tag == LDAP_REQ_EXTENDED ) ) {
if ( !subsets ) {
subsets = i + 1;
@ -160,7 +153,7 @@ replog(
continue;
}
fprintf( fp, "replica: %s\n", be->be_replica[i]->ri_host );
fprintf( fp, "replica: %s\n", op->o_bd->be_replica[i]->ri_host );
#ifdef NO_LOG_WHEN_NO_REPLICAS
++count;
#endif
@ -178,30 +171,30 @@ replog(
#endif
fprintf( fp, "time: %ld\n", now );
fprintf( fp, "dn: %s\n", dn->bv_val );
fprintf( fp, "dn: %s\n", op->o_req_dn.bv_val );
replog1( NULL, op, change, fp, NULL );
replog1( NULL, op, fp, NULL );
if ( subsets > 0 ) {
void *first;
for ( i = subsets - 1; be->be_replica != NULL && be->be_replica[i] != NULL; i++ ) {
for ( i = subsets - 1; op->o_bd->be_replica != NULL && op->o_bd->be_replica[i] != NULL; i++ ) {
/* If no attrs, we already did this above */
if ( be->be_replica[i]->ri_attrs == NULL ) {
if ( op->o_bd->be_replica[i]->ri_attrs == NULL ) {
continue;
}
/* check if dn's suffix matches legal suffixes, if any */
if ( be->be_replica[i]->ri_nsuffix != NULL ) {
if ( op->o_bd->be_replica[i]->ri_nsuffix != NULL ) {
int j;
for ( j = 0; be->be_replica[i]->ri_nsuffix[j].bv_val; j++ ) {
if ( dnIsSuffix( ndn, &be->be_replica[i]->ri_nsuffix[j] ) ) {
for ( j = 0; op->o_bd->be_replica[i]->ri_nsuffix[j].bv_val; j++ ) {
if ( dnIsSuffix( &op->o_req_ndn, &op->o_bd->be_replica[i]->ri_nsuffix[j] ) ) {
break;
}
}
if ( !be->be_replica[i]->ri_nsuffix[j].bv_val ) {
if ( !op->o_bd->be_replica[i]->ri_nsuffix[j].bv_val ) {
/* do not add "replica:" line */
continue;
}
@ -214,11 +207,11 @@ replog(
/* assume change parameter is a Modfications* */
/* fall thru */
case LDAP_REQ_MODIFY:
for ( ml = change; ml != NULL; ml = ml->sml_next ) {
for ( ml = op->oq_modify.rs_modlist; ml != NULL; ml = ml->sml_next ) {
int is_in, exclude;
is_in = ad_inlist( ml->sml_desc, be->be_replica[i]->ri_attrs );
exclude = be->be_replica[i]->ri_exclude;
is_in = ad_inlist( ml->sml_desc, op->o_bd->be_replica[i]->ri_attrs );
exclude = op->o_bd->be_replica[i]->ri_exclude;
/*
* there might be a more clever way to do this test,
@ -235,12 +228,11 @@ replog(
}
break;
case LDAP_REQ_ADD:
e = change;
for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
for ( a = op->oq_add.rs_e->e_attrs; a != NULL; a = a->a_next ) {
int is_in, exclude;
is_in = ad_inlist( a->a_desc, be->be_replica[i]->ri_attrs );
exclude = be->be_replica[i]->ri_exclude;
is_in = ad_inlist( a->a_desc, op->o_bd->be_replica[i]->ri_attrs );
exclude = op->o_bd->be_replica[i]->ri_exclude;
if ( ( is_in && !exclude ) || ( !is_in && exclude ) ) {
subsets = 1;
@ -256,10 +248,10 @@ replog(
/* Other operations were logged in the first pass */
continue;
}
fprintf( fp, "replica: %s\n", be->be_replica[i]->ri_host );
fprintf( fp, "replica: %s\n", op->o_bd->be_replica[i]->ri_host );
fprintf( fp, "time: %ld\n", now );
fprintf( fp, "dn: %s\n", dn->bv_val );
replog1( be->be_replica[i], op, change, fp, first );
fprintf( fp, "dn: %s\n", op->o_req_dn.bv_val );
replog1( op->o_bd->be_replica[i], op, fp, first );
}
}
@ -272,15 +264,12 @@ static void
replog1(
struct slap_replica_info *ri,
Operation *op,
void *change,
FILE *fp,
void *first
)
{
Modifications *ml;
Attribute *a;
Entry *e;
struct slap_replog_moddn *moddn;
switch ( op->o_tag ) {
case LDAP_REQ_EXTENDED:
@ -290,7 +279,7 @@ replog1(
case LDAP_REQ_MODIFY:
fprintf( fp, "changetype: modify\n" );
ml = first ? first : change;
ml = first ? first : op->oq_modify.rs_modlist;
for ( ; ml != NULL; ml = ml->sml_next ) {
char *type;
if ( ri && ri->ri_attrs ) {
@ -321,9 +310,8 @@ replog1(
break;
case LDAP_REQ_ADD:
e = change;
fprintf( fp, "changetype: add\n" );
a = first ? first : e->e_attrs;
a = first ? first : op->oq_add.rs_e->e_attrs;
for ( ; a != NULL; a=a->a_next ) {
if ( ri && ri->ri_attrs ) {
int is_in = ad_inlist( a->a_desc, ri->ri_attrs );
@ -367,13 +355,11 @@ replog1(
break;
case LDAP_REQ_MODRDN:
moddn = change;
fprintf( fp, "changetype: modrdn\n" );
fprintf( fp, "newrdn: %s\n", moddn->newrdn->bv_val );
fprintf( fp, "deleteoldrdn: %d\n", moddn->deloldrdn ? 1 : 0 );
/* moddn->newsup is never NULL, see modrdn.c */
if( moddn->newsup->bv_val != NULL ) {
fprintf( fp, "newsuperior: %s\n", moddn->newsup->bv_val );
fprintf( fp, "newrdn: %s\n", op->oq_modrdn.rs_newrdn.bv_val );
fprintf( fp, "deleteoldrdn: %d\n", op->oq_modrdn.rs_deleteoldrdn ? 1 : 0 );
if( op->oq_modrdn.rs_newSup != NULL ) {
fprintf( fp, "newsuperior: %s\n", op->oq_modrdn.rs_newSup->bv_val );
}
}
fprintf( fp, "\n" );

615
servers/slapd/result.c
View file

File diff suppressed because it is too large Load diff

223
servers/slapd/sasl.c
View file

@ -305,15 +305,10 @@ typedef struct lookup_info {
sasl_server_params_t *sparams;
} lookup_info;
static slap_sendentry sasl_ap_lookup, sasl_cb_checkpass;
static int
sasl_ap_lookup(
BackendDB *be,
Connection *conn,
Operation *op,
Entry *e,
AttributeName *an,
int attrsonly,
LDAPControl **ctrls )
sasl_ap_lookup( Operation *op, SlapReply *rs )
{
BerVarray bv;
AttributeDescription *ad;
@ -347,9 +342,9 @@ sasl_ap_lookup(
#endif
continue;
}
a = attr_find( e->e_attrs, ad );
a = attr_find( rs->sr_entry->e_attrs, ad );
if ( !a ) continue;
if ( ! access_allowed( be, conn, op, e, ad, NULL, ACL_AUTH, NULL ) ) {
if ( ! access_allowed( op, rs->sr_entry, ad, NULL, ACL_AUTH, NULL ) ) {
continue;
}
if ( sl->list[i].values && ( sl->flags & SASL_AUXPROP_OVERRIDE ) ) {
@ -372,8 +367,8 @@ slap_auxprop_lookup(
const char *user,
unsigned ulen)
{
Operation op = {0};
int rc, i, doit=0;
struct berval dn;
Connection *conn = NULL;
lookup_info sl;
@ -393,14 +388,14 @@ slap_auxprop_lookup(
!strcmp( sl.list[i].name, slap_propnames[PROP_AUTHZ] ) ) {
if ( sl.list[i].values && sl.list[i].values[0] )
AC_MEMCPY( &dn, sl.list[i].values[0], sizeof( dn ) );
AC_MEMCPY( &op.o_req_ndn, sl.list[i].values[0], sizeof( struct berval ) );
if ( !sl.last ) sl.last = i;
break;
}
if ( !strcmp( sl.list[i].name, slap_propnames[PROP_AUTHC] ) ) {
if ( !sl.last ) sl.last = i;
if ( sl.list[i].values && sl.list[i].values[0] ) {
AC_MEMCPY( &dn, sl.list[i].values[0], sizeof( dn ) );
AC_MEMCPY( &op.o_req_ndn, sl.list[i].values[0], sizeof( struct berval ) );
if ( !(flags & SASL_AUXPROP_AUTHZID) )
break;
}
@ -425,16 +420,15 @@ slap_auxprop_lookup(
}
if (doit) {
Backend *be;
Operation op = {0};
slap_callback cb = { slap_cb_null_response,
slap_cb_null_sresult, sasl_ap_lookup, slap_cb_null_sreference, NULL };
cb.sc_private = &sl;
be = select_backend( &dn, 0, 1 );
op.o_bd = select_backend( &op.o_req_ndn, 0, 1 );
if ( be && be->be_search ) {
if ( op.o_bd && op.o_bd->be_search ) {
SlapReply rs = {REP_RESULT};
op.o_tag = LDAP_REQ_SEARCH;
op.o_protocol = LDAP_VERSION3;
op.o_ndn = conn->c_ndn;
@ -443,10 +437,14 @@ slap_auxprop_lookup(
op.o_do_not_cache = 1;
op.o_is_auth_check = 1;
op.o_threadctx = conn->c_sasl_bindop->o_threadctx;
op.o_conn = conn;
op.o_connid = conn->c_connid;
op.oq_search.rs_scope = LDAP_SCOPE_BASE;
op.oq_search.rs_deref = LDAP_DEREF_NEVER;
op.oq_search.rs_slimit = 1;
op.oq_search.rs_filter = generic_filter;
(*be->be_search)( be, conn, &op, NULL, &dn,
LDAP_SCOPE_BASE, LDAP_DEREF_NEVER, 1, 0,
generic_filter, NULL, NULL, 0 );
op.o_bd->be_search( &op, &rs );
}
}
}
@ -484,14 +482,7 @@ typedef struct checkpass_info {
} checkpass_info;
static int
sasl_cb_checkpass(
BackendDB *be,
Connection *conn,
Operation *op,
Entry *e,
AttributeName *an,
int attrsonly,
LDAPControl **ctrls )
sasl_cb_checkpass( Operation *op, SlapReply *rs )
{
slap_callback *tmp = op->o_callback;
checkpass_info *ci = tmp->sc_private;
@ -500,9 +491,9 @@ sasl_cb_checkpass(
ci->rc = SASL_NOVERIFY;
a = attr_find( e->e_attrs, slap_schema.si_ad_userPassword );
a = attr_find( rs->sr_entry->e_attrs, slap_schema.si_ad_userPassword );
if ( !a ) return 0;
if ( ! access_allowed( be, conn, op, e, slap_schema.si_ad_userPassword,
if ( ! access_allowed( op, rs->sr_entry, slap_schema.si_ad_userPassword,
NULL, ACL_AUTH, NULL ) ) return 0;
for ( bv = a->a_vals; bv->bv_val != NULL; bv++ ) {
@ -524,9 +515,8 @@ slap_sasl_checkpass(
struct propctx *propctx)
{
Connection *conn = (Connection *)context;
struct berval dn;
Operation op = {0};
int rc;
Backend *be;
checkpass_info ci;
ci.rc = SASL_NOUSER;
@ -535,27 +525,27 @@ slap_sasl_checkpass(
* find an answer here.
*/
rc = slap_sasl_getdn( conn, (char *)username, 0, NULL, &dn,
rc = slap_sasl_getdn( conn, (char *)username, 0, NULL, &op.o_req_ndn,
SLAP_GETDN_AUTHCID );
if ( rc != LDAP_SUCCESS ) {
sasl_seterror( sconn, 0, ldap_err2string( rc ) );
return SASL_NOUSER;
}
if ( dn.bv_len == 0 ) {
if ( op.o_req_ndn.bv_len == 0 ) {
sasl_seterror( sconn, 0,
"No password is associated with the Root DSE" );
if ( dn.bv_val != NULL ) {
ch_free( dn.bv_val );
if ( op.o_req_ndn.bv_val != NULL ) {
ch_free( op.o_req_ndn.bv_val );
}
return SASL_NOUSER;
}
be = select_backend( &dn, 0, 1 );
if ( be && be->be_search ) {
Operation op = {0};
op.o_bd = select_backend( &op.o_req_ndn, 0, 1 );
if ( op.o_bd && op.o_bd->be_search ) {
slap_callback cb = { slap_cb_null_response,
slap_cb_null_sresult, sasl_cb_checkpass, slap_cb_null_sreference, NULL };
SlapReply rs = {REP_RESULT};
ci.cred.bv_val = (char *)pass;
ci.cred.bv_len = passlen;
@ -569,17 +559,21 @@ slap_sasl_checkpass(
op.o_do_not_cache = 1;
op.o_is_auth_check = 1;
op.o_threadctx = conn->c_sasl_bindop->o_threadctx;
op.o_conn = conn;
op.o_connid = conn->c_connid;
op.oq_search.rs_scope = LDAP_SCOPE_BASE;
op.oq_search.rs_deref = LDAP_DEREF_NEVER;
op.oq_search.rs_slimit = 1;
op.oq_search.rs_filter = generic_filter;
(*be->be_search)( be, conn, &op, NULL, &dn,
LDAP_SCOPE_BASE, LDAP_DEREF_NEVER, 1, 0,
generic_filter, NULL, NULL, 0 );
op.o_bd->be_search( &op, &rs );
}
if ( ci.rc != SASL_OK ) {
sasl_seterror( sconn, 0,
ldap_err2string( LDAP_INVALID_CREDENTIALS ) );
}
ch_free( dn.bv_val );
ch_free( op.o_req_ndn.bv_val );
return ci.rc;
}
@ -1304,44 +1298,35 @@ int slap_sasl_close( Connection *conn )
return LDAP_SUCCESS;
}
int slap_sasl_bind(
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn,
struct berval *cred,
struct berval *edn,
slap_ssf_t *ssfp )
int slap_sasl_bind( Operation *op, SlapReply *rs )
{
int rc = 1;
#ifdef HAVE_CYRUS_SASL
sasl_conn_t *ctx = conn->c_sasl_context;
sasl_conn_t *ctx = op->o_conn->c_sasl_context;
struct berval response;
unsigned reslen = 0;
const char *errstr = NULL;
int sc;
#ifdef NEW_LOGGING
LDAP_LOG( TRANSPORT, ENTRY,
"sasl_bind: dn=\"%s\" mech=%s datalen=%ld\n",
dn->bv_len ? dn->bv_val : "",
conn->c_sasl_bind_in_progress ? "<continuing>" :
conn->c_sasl_bind_mech.bv_val,
cred ? cred->bv_len : 0 );
op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "",
op->o_conn->c_sasl_bind_in_progress ? "<continuing>" :
op->o_conn->c_sasl_bind_mech.bv_val,
op->oq_bind.rb_cred.bv_len );
#else
Debug(LDAP_DEBUG_ARGS,
"==> sasl_bind: dn=\"%s\" mech=%s datalen=%ld\n",
dn->bv_len ? dn->bv_val : "",
conn->c_sasl_bind_in_progress ? "<continuing>":conn->c_sasl_bind_mech.bv_val,
cred ? cred->bv_len : 0 );
op->o_req_dn.bv_len ? op->o_req_dn.bv_val : "",
op->o_conn->c_sasl_bind_in_progress ? "<continuing>" :
op->o_conn->c_sasl_bind_mech.bv_val,
op->oq_bind.rb_cred.bv_len );
#endif
if( ctx == NULL ) {
send_ldap_result( conn, op, LDAP_UNAVAILABLE,
NULL, "SASL unavailable on this session", NULL, NULL );
return rc;
send_ldap_error( op, rs, LDAP_UNAVAILABLE,
"SASL unavailable on this session" );
return rs->sr_err;
}
#if SASL_VERSION_MAJOR >= 2
@ -1356,16 +1341,16 @@ int slap_sasl_bind(
sasl_server_step( ctx, cred, clen, resp, rlen, err )
#endif
if ( !conn->c_sasl_bind_in_progress ) {
if ( !op->o_conn->c_sasl_bind_in_progress ) {
sc = START( ctx,
conn->c_sasl_bind_mech.bv_val,
cred->bv_val, cred->bv_len,
(SASL_CONST char **)&response.bv_val, &reslen, &errstr );
op->o_conn->c_sasl_bind_mech.bv_val,
op->oq_bind.rb_cred.bv_val, op->oq_bind.rb_cred.bv_len,
(SASL_CONST char **)&response.bv_val, &reslen, &rs->sr_text );
} else {
sc = STEP( ctx,
cred->bv_val, cred->bv_len,
(SASL_CONST char **)&response.bv_val, &reslen, &errstr );
op->oq_bind.rb_cred.bv_val, op->oq_bind.rb_cred.bv_len,
(SASL_CONST char **)&response.bv_val, &reslen, &rs->sr_text );
}
response.bv_len = reslen;
@ -1373,35 +1358,35 @@ int slap_sasl_bind(
if ( sc == SASL_OK ) {
sasl_ssf_t *ssf = NULL;
*edn = conn->c_sasl_dn;
conn->c_sasl_dn.bv_val = NULL;
conn->c_sasl_dn.bv_len = 0;
op->oq_bind.rb_edn = op->o_conn->c_sasl_dn;
op->o_conn->c_sasl_dn.bv_val = NULL;
op->o_conn->c_sasl_dn.bv_len = 0;
rc = LDAP_SUCCESS;
rs->sr_err = LDAP_SUCCESS;
(void) sasl_getprop( ctx, SASL_SSF, (void *)&ssf );
*ssfp = ssf ? *ssf : 0;
op->oq_bind.rb_ssf = ssf ? *ssf : 0;
if( *ssfp ) {
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
conn->c_sasl_layers++;
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
if( op->oq_bind.rb_ssf ) {
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
op->o_conn->c_sasl_layers++;
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
}
send_ldap_sasl( conn, op, rc,
NULL, NULL, NULL, NULL,
response.bv_len ? &response : NULL );
if (response.bv_len) rs->sr_sasldata = &response;
send_ldap_sasl( op, rs );
} else if ( sc == SASL_CONTINUE ) {
send_ldap_sasl( conn, op, rc = LDAP_SASL_BIND_IN_PROGRESS,
NULL, NULL, NULL, NULL, &response );
rs->sr_err = LDAP_SASL_BIND_IN_PROGRESS,
rs->sr_sasldata = &response;
send_ldap_sasl( op, rs );
} else {
#if SASL_VERSION_MAJOR >= 2
errstr = sasl_errdetail( ctx );
rs->sr_text = sasl_errdetail( ctx );
#endif
send_ldap_result( conn, op, rc = slap_sasl_err2ldap( sc ),
NULL, errstr, NULL, NULL );
rs->sr_err = slap_sasl_err2ldap( sc ),
send_ldap_result( op, rs );
}
#if SASL_VERSION_MAJOR < 2
@ -1411,18 +1396,18 @@ int slap_sasl_bind(
#endif
#ifdef NEW_LOGGING
LDAP_LOG( TRANSPORT, RESULTS, "slap_sasl_bind: rc=%d\n", rc, 0, 0 );
LDAP_LOG( TRANSPORT, RESULTS, "slap_sasl_bind: rc=%d\n", rs->sr_err, 0, 0 );
#else
Debug(LDAP_DEBUG_TRACE, "<== slap_sasl_bind: rc=%d\n", rc, 0, 0);
Debug(LDAP_DEBUG_TRACE, "<== slap_sasl_bind: rc=%d\n", rs->sr_err, 0, 0);
#endif
#else
send_ldap_result( conn, op, rc = LDAP_UNAVAILABLE,
NULL, "SASL not supported", NULL, NULL );
send_ldap_error( op, rs, LDAP_UNAVAILABLE,
"SASL not supported" );
#endif
return rc;
return rs->sr_err;
}
char* slap_sasl_secprops( const char *in )
@ -1438,30 +1423,20 @@ char* slap_sasl_secprops( const char *in )
#ifdef HAVE_CYRUS_SASL
int
slap_sasl_setpass(
Connection *conn,
Operation *op,
struct berval *reqoid,
struct berval *reqdata,
char **rspoid,
struct berval **rspdata,
LDAPControl *** rspctrls,
const char **text )
slap_sasl_setpass( Operation *op, SlapReply *rs )
{
int rc;
struct berval id = { 0, NULL }; /* needs to come from connection */
struct berval new = { 0, NULL };
struct berval old = { 0, NULL };
assert( reqoid != NULL );
assert( ber_bvcmp( &slap_EXOP_MODIFY_PASSWD, reqoid ) == 0 );
assert( ber_bvcmp( &slap_EXOP_MODIFY_PASSWD, &op->oq_extended.rs_reqoid ) == 0 );
rc = sasl_getprop( conn->c_sasl_context, SASL_USERNAME,
rs->sr_err = sasl_getprop( op->o_conn->c_sasl_context, SASL_USERNAME,
(SASL_CONST void **)&id.bv_val );
if( rc != SASL_OK ) {
*text = "unable to retrieve SASL username";
rc = LDAP_OTHER;
if( rs->sr_err != SASL_OK ) {
rs->sr_text = "unable to retrieve SASL username";
rs->sr_err = LDAP_OTHER;
goto done;
}
@ -1474,10 +1449,10 @@ slap_sasl_setpass(
id.bv_val ? id.bv_val : "", 0, 0 );
#endif
rc = slap_passwd_parse( reqdata,
NULL, &old, &new, text );
rs->sr_err = slap_passwd_parse( op->oq_extended.rs_reqdata,
NULL, &old, &new, &rs->sr_text );
if( rc != LDAP_SUCCESS ) {
if( rs->sr_err != LDAP_SUCCESS ) {
goto done;
}
@ -1485,27 +1460,27 @@ slap_sasl_setpass(
slap_passwd_generate(&new);
if( new.bv_len == 0 ) {
*text = "password generation failed.";
rc = LDAP_OTHER;
rs->sr_text = "password generation failed.";
rs->sr_err = LDAP_OTHER;
goto done;
}
*rspdata = slap_passwd_return( &new );
rs->sr_rspdata = slap_passwd_return( &new );
}
#if SASL_VERSION_MAJOR < 2
rc = sasl_setpass( conn->c_sasl_context,
id.bv_val, new.bv_val, new.bv_len, 0, text );
rs->sr_err = sasl_setpass( op->o_conn->c_sasl_context,
id.bv_val, new.bv_val, new.bv_len, 0, &rs->sr_text );
#else
rc = sasl_setpass( conn->c_sasl_context, id.bv_val,
rs->sr_err = sasl_setpass( op->o_conn->c_sasl_context, id.bv_val,
new.bv_val, new.bv_len, old.bv_val, old.bv_len, 0 );
if( rc != SASL_OK ) {
*text = sasl_errdetail( conn->c_sasl_context );
if( rs->sr_err != SASL_OK ) {
rs->sr_text = sasl_errdetail( op->o_conn->c_sasl_context );
}
#endif
switch(rc) {
switch(rs->sr_err) {
case SASL_OK:
rc = LDAP_SUCCESS;
rs->sr_err = LDAP_SUCCESS;
break;
case SASL_NOCHANGE:
@ -1515,11 +1490,11 @@ slap_sasl_setpass(
case SASL_FAIL:
case SASL_BADPARAM:
default:
rc = LDAP_OTHER;
rs->sr_err = LDAP_OTHER;
}
done:
return rc;
return rs->sr_err;
}
#endif /* HAVE_CYRUS_SASL */

94
servers/slapd/saslauthz.c
View file

@ -328,28 +328,21 @@ static int slap_sasl_regexp( struct berval *in, struct berval *out )
}
/* Two empty callback functions to avoid sending results */
void slap_cb_null_response( Connection *conn, Operation *o, ber_tag_t tag,
ber_int_t msgid, ber_int_t err, const char *matched,
const char *text, BerVarray ref, const char *resoid,
struct berval *resdata, struct berval *sasldata, LDAPControl **c)
void slap_cb_null_response( Operation *o, SlapReply *rs )
{
}
void slap_cb_null_sresult( Connection *conn, Operation *o, ber_int_t err,
const char *matched, const char *text, BerVarray refs, LDAPControl **c,
int nentries)
void slap_cb_null_sresult( Operation *o, SlapReply *rs )
{
}
int slap_cb_null_sreference( BackendDB *db, Connection *conn, Operation *o,
Entry *e, BerVarray r, LDAPControl **c, BerVarray *v2)
int slap_cb_null_sreference( Operation *o, SlapReply *rs )
{
return 0;
}
/* This callback actually does some work...*/
static int sasl_sc_sasl2dn( BackendDB *be, Connection *conn, Operation *o,
Entry *e, AttributeName *an, int ao, LDAPControl **c)
static int sasl_sc_sasl2dn( Operation *o, SlapReply *rs )
{
struct berval *ndn = o->o_callback->sc_private;
@ -368,7 +361,7 @@ static int sasl_sc_sasl2dn( BackendDB *be, Connection *conn, Operation *o,
return -1;
}
ber_dupbv(ndn, &e->e_nname);
ber_dupbv(ndn, &rs->sr_entry->e_nname);
return 0;
}
@ -378,12 +371,11 @@ typedef struct smatch_info {
int match;
} smatch_info;
static int sasl_sc_smatch( BackendDB *be, Connection *conn, Operation *o,
Entry *e, AttributeName *an, int ao, LDAPControl **c)
static int sasl_sc_smatch( Operation *o, SlapReply *rs )
{
smatch_info *sm = o->o_callback->sc_private;
if (dn_match(sm->dn, &e->e_nname)) {
if (dn_match(sm->dn, &rs->sr_entry->e_nname)) {
sm->match = 1;
return -1; /* short-circuit the search */
}
@ -403,19 +395,17 @@ static int sasl_sc_smatch( BackendDB *be, Connection *conn, Operation *o,
static
int slap_sasl_match(Connection *conn, struct berval *rule, struct berval *assertDN, struct berval *authc )
{
struct berval searchbase = {0, NULL};
int rc, scope;
Backend *be;
Filter *filter=NULL;
int rc;
regex_t reg;
smatch_info sm;
slap_callback cb = {
slap_cb_null_response,
slap_cb_null_sresult,
sasl_sc_smatch,
NULL
slap_cb_null_sreference
};
Operation op = {0};
SlapReply rs = {REP_RESULT};
#ifdef NEW_LOGGING
LDAP_LOG( TRANSPORT, ENTRY,
@ -427,12 +417,12 @@ int slap_sasl_match(Connection *conn, struct berval *rule, struct berval *assert
assertDN->bv_val, rule->bv_val, 0 );
#endif
rc = slap_parseURI( rule, &searchbase, &scope, &filter );
rc = slap_parseURI( rule, &op.o_req_ndn, &op.oq_search.rs_scope, &op.oq_search.rs_filter );
if( rc != LDAP_SUCCESS ) goto CONCLUDED;
/* Massive shortcut: search scope == base */
if( scope == LDAP_SCOPE_BASE ) {
rc = regcomp(&reg, searchbase.bv_val,
if( op.oq_search.rs_scope == LDAP_SCOPE_BASE ) {
rc = regcomp(&reg, op.o_req_ndn.bv_val,
REG_EXTENDED|REG_ICASE|REG_NOSUB);
if ( rc == 0 ) {
rc = regexec(&reg, assertDN->bv_val, 0, NULL, 0);
@ -451,15 +441,15 @@ int slap_sasl_match(Connection *conn, struct berval *rule, struct berval *assert
#ifdef NEW_LOGGING
LDAP_LOG( TRANSPORT, DETAIL1,
"slap_sasl_match: performing internal search (base=%s, scope=%d)\n",
searchbase.bv_val, scope,0 );
op.o_req_ndn.bv_val, op.oq_search.rs_scope, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"slap_sasl_match: performing internal search (base=%s, scope=%d)\n",
searchbase.bv_val, scope, 0 );
op.o_req_ndn.bv_val, op.oq_search.rs_scope, 0 );
#endif
be = select_backend( &searchbase, 0, 1 );
if(( be == NULL ) || ( be->be_search == NULL)) {
op.o_bd = select_backend( &op.o_req_ndn, 0, 1 );
if(( op.o_bd == NULL ) || ( op.o_bd->be_search == NULL)) {
rc = LDAP_INAPPROPRIATE_AUTH;
goto CONCLUDED;
}
@ -476,10 +466,10 @@ int slap_sasl_match(Connection *conn, struct berval *rule, struct berval *assert
op.o_do_not_cache = 1;
op.o_is_auth_check = 1;
op.o_threadctx = conn->c_sasl_bindop->o_threadctx;
op.o_conn = conn;
op.o_connid = conn->c_connid;
(*be->be_search)( be, conn, &op, /*base=*/NULL, &searchbase,
scope, /*deref=*/1, /*sizelimit=*/0, /*time=*/0, filter, /*fstr=*/NULL,
/*attrs=*/NULL, /*attrsonly=*/0 );
op.o_bd->be_search( &op, &rs );
if (sm.match) {
rc = LDAP_SUCCESS;
@ -488,8 +478,8 @@ int slap_sasl_match(Connection *conn, struct berval *rule, struct berval *assert
}
CONCLUDED:
if( searchbase.bv_len ) ch_free( searchbase.bv_val );
if( filter ) filter_free( filter );
if( op.o_req_ndn.bv_len ) ch_free( op.o_req_ndn.bv_val );
if( op.oq_search.rs_filter ) filter_free( op.oq_search.rs_filter );
#ifdef NEW_LOGGING
LDAP_LOG( TRANSPORT, ENTRY,
@ -531,7 +521,7 @@ slap_sasl_check_authz( Connection *conn,
assertDN->bv_val, ad->ad_cname.bv_val, searchDN->bv_val);
#endif
rc = backend_attribute( NULL, NULL, conn->c_sasl_bindop, NULL,
rc = backend_attribute( conn->c_sasl_bindop, NULL,
searchDN, ad, &vals );
if( rc != LDAP_SUCCESS ) goto COMPLETE;
@ -570,13 +560,10 @@ void slap_sasl2dn( Connection *conn,
struct berval *saslname, struct berval *sasldn )
{
int rc;
Backend *be = NULL;
struct berval dn = { 0, NULL };
int scope = LDAP_SCOPE_BASE;
Filter *filter = NULL;
slap_callback cb = { slap_cb_null_response,
slap_cb_null_sresult, sasl_sc_sasl2dn, slap_cb_null_sreference, NULL};
Operation op = {0};
SlapReply rs = {REP_RESULT};
struct berval regout = { 0, NULL };
#ifdef NEW_LOGGING
@ -598,37 +585,39 @@ void slap_sasl2dn( Connection *conn,
goto FINISHED;
}
rc = slap_parseURI( &regout, &dn, &scope, &filter );
rc = slap_parseURI( &regout, &op.o_req_ndn, &op.oq_search.rs_scope, &op.oq_search.rs_filter );
if( regout.bv_val ) ch_free( regout.bv_val );
if( rc != LDAP_SUCCESS ) {
goto FINISHED;
}
/* Must do an internal search */
be = select_backend( &dn, 0, 1 );
op.o_bd = select_backend( &op.o_req_ndn, 0, 1 );
/* Massive shortcut: search scope == base */
if( scope == LDAP_SCOPE_BASE ) {
*sasldn = dn;
dn.bv_len = 0;
dn.bv_val = NULL;
if( op.oq_search.rs_scope == LDAP_SCOPE_BASE ) {
*sasldn = op.o_req_ndn;
op.o_req_ndn.bv_len = 0;
op.o_req_ndn.bv_val = NULL;
goto FINISHED;
}
#ifdef NEW_LOGGING
LDAP_LOG( TRANSPORT, DETAIL1,
"slap_sasl2dn: performing internal search (base=%s, scope=%d)\n",
dn.bv_val, scope, 0 );
op.o_req_ndn.bv_val, op.oq_search.rs_scope, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"slap_sasl2dn: performing internal search (base=%s, scope=%d)\n",
dn.bv_val, scope, 0 );
op.o_req_ndn.bv_val, op.oq_search.rs_scope, 0 );
#endif
if(( be == NULL ) || ( be->be_search == NULL)) {
if(( op.o_bd == NULL ) || ( op.o_bd->be_search == NULL)) {
goto FINISHED;
}
op.o_conn = conn;
op.o_connid = conn->c_connid;
op.o_tag = LDAP_REQ_SEARCH;
op.o_protocol = LDAP_VERSION3;
op.o_ndn = conn->c_ndn;
@ -638,17 +627,18 @@ void slap_sasl2dn( Connection *conn,
op.o_is_auth_check = 1;
op.o_threadctx = conn->c_sasl_bindop ? conn->c_sasl_bindop->o_threadctx:
ldap_pvt_thread_pool_context( &connection_pool );
op.oq_search.rs_deref = LDAP_DEREF_NEVER;
op.oq_search.rs_slimit = 1;
op.oq_search.rs_attrsonly = 1;
(*be->be_search)( be, conn, &op, NULL, &dn,
scope, LDAP_DEREF_NEVER, 1, 0,
filter, NULL, NULL, 1 );
op.o_bd->be_search( &op, &rs );
FINISHED:
if( sasldn->bv_len ) {
conn->c_authz_backend = be;
conn->c_authz_backend = op.o_bd;
}
if( dn.bv_len ) ch_free( dn.bv_val );
if( filter ) filter_free( filter );
if( op.o_req_ndn.bv_len ) ch_free( op.o_req_ndn.bv_val );
if( op.oq_search.rs_filter ) filter_free( op.oq_search.rs_filter );
#ifdef NEW_LOGGING
LDAP_LOG( TRANSPORT, ENTRY,

318
servers/slapd/search.c
View file

@ -29,10 +29,7 @@
#ifdef LDAP_SLAPI
#include "slapi.h"
static char **anlist2charray( AttributeName *an );
static Slapi_PBlock *initSearchPlugin( Backend *be, Connection *conn, Operation *op,
struct berval *base, int scope, int deref, int sizelimit, int timelimit,
Filter *filter, struct berval *fstr, char **attrs,
int attrsonly, int managedsait );
static Slapi_PBlock *initSearchPlugin( Operation *op, char **attrs, int managedsait );
static int doPreSearchPluginFNs( Backend *be, Slapi_PBlock *pb );
static int doSearchRewriteFNs( Backend *be, Slapi_PBlock *pb, Filter **filter, struct berval *fstr );
static void doPostSearchPluginFNs( Backend *be, Slapi_PBlock *pb );
@ -40,29 +37,18 @@ static void doPostSearchPluginFNs( Backend *be, Slapi_PBlock *pb );
int
do_search(
Connection *conn, /* where to send results */
Operation *op /* info about the op to which we're responding */
Operation *op, /* info about the op to which we're responding */
SlapReply *rs /* all the response data we'll send */
) {
ber_int_t scope, deref, attrsonly;
ber_int_t sizelimit, timelimit;
struct berval base = { 0, NULL };
struct berval pbase = { 0, NULL };
struct berval nbase = { 0, NULL };
struct berval fstr = { 0, NULL };
Filter *filter = NULL;
AttributeName *an = NULL;
ber_len_t siz, off, i;
Backend *be;
int rc;
const char *text;
int manageDSAit;
#ifdef LDAP_SLAPI
Slapi_PBlock *pb = NULL;
char **attrs = NULL;
#endif
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ENTRY, "do_search: conn %d\n", conn->c_connid, 0, 0 );
LDAP_LOG( OPERATION, ENTRY, "do_search: conn %d\n", op->o_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE, "do_search\n", 0, 0, 0 );
#endif
@ -93,108 +79,103 @@ do_search(
/* baseObject, scope, derefAliases, sizelimit, timelimit, attrsOnly */
if ( ber_scanf( op->o_ber, "{miiiib" /*}*/,
&base, &scope, &deref, &sizelimit,
&timelimit, &attrsonly ) == LBER_ERROR )
&base, &op->oq_search.rs_scope, &op->oq_search.rs_deref, &op->oq_search.rs_slimit,
&op->oq_search.rs_tlimit, &op->oq_search.rs_attrsonly ) == LBER_ERROR )
{
send_ldap_disconnect( conn, op,
LDAP_PROTOCOL_ERROR, "decoding error" );
rc = SLAPD_DISCONNECT;
send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
rs->sr_err = SLAPD_DISCONNECT;
goto return_results;
}
switch( scope ) {
switch( op->oq_search.rs_scope ) {
case LDAP_SCOPE_BASE:
case LDAP_SCOPE_ONELEVEL:
case LDAP_SCOPE_SUBTREE:
break;
default:
send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
NULL, "invalid scope", NULL, NULL );
send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR, "invalid scope" );
goto return_results;
}
switch( deref ) {
switch( op->oq_search.rs_deref ) {
case LDAP_DEREF_NEVER:
case LDAP_DEREF_FINDING:
case LDAP_DEREF_SEARCHING:
case LDAP_DEREF_ALWAYS:
break;
default:
send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
NULL, "invalid deref", NULL, NULL );
send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR, "invalid deref" );
goto return_results;
}
rc = dnPrettyNormal( NULL, &base, &pbase, &nbase );
if( rc != LDAP_SUCCESS ) {
rs->sr_err = dnPrettyNormal( NULL, &base, &op->o_req_dn, &op->o_req_ndn );
if( rs->sr_err != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ERR,
"do_search: conn %d invalid dn (%s)\n",
conn->c_connid, base.bv_val, 0 );
op->o_connid, base.bv_val, 0 );
#else
Debug( LDAP_DEBUG_ANY,
"do_search: invalid dn (%s)\n", base.bv_val, 0, 0 );
#endif
send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
"invalid DN", NULL, NULL );
send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid DN" );
goto return_results;
}
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ARGS, "SRCH \"%s\" %d %d",
base.bv_val, scope, deref );
base.bv_val, op->oq_search.rs_scope, op->oq_search.rs_deref );
LDAP_LOG( OPERATION, ARGS, " %d %d %d\n",
sizelimit, timelimit, attrsonly);
op->oq_search.rs_slimit, op->oq_search.rs_tlimit, op->oq_search.rs_attrsonly);
#else
Debug( LDAP_DEBUG_ARGS, "SRCH \"%s\" %d %d",
base.bv_val, scope, deref );
base.bv_val, op->oq_search.rs_scope, op->oq_search.rs_deref );
Debug( LDAP_DEBUG_ARGS, " %d %d %d\n",
sizelimit, timelimit, attrsonly);
op->oq_search.rs_slimit, op->oq_search.rs_tlimit, op->oq_search.rs_attrsonly);
#endif
/* filter - returns a "normalized" version */
rc = get_filter( conn, op->o_ber, &filter, &text );
if( rc != LDAP_SUCCESS ) {
if( rc == SLAPD_DISCONNECT ) {
send_ldap_disconnect( conn, op,
LDAP_PROTOCOL_ERROR, text );
rs->sr_err = get_filter( op->o_conn, op->o_ber, &op->oq_search.rs_filter, &rs->sr_text );
if( rs->sr_err != LDAP_SUCCESS ) {
if( rs->sr_err == SLAPD_DISCONNECT ) {
rs->sr_err = LDAP_PROTOCOL_ERROR;
send_ldap_disconnect( op, rs );
} else {
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
send_ldap_result( op, rs );
}
goto return_results;
}
filter2bv( filter, &fstr );
filter2bv( op->oq_search.rs_filter, &op->oq_search.rs_filterstr );
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ARGS,
"do_search: conn %d filter: %s\n",
conn->c_connid, fstr.bv_len ? fstr.bv_val : "empty", 0 );
op->o_connid, op->oq_search.rs_filterstr.bv_len ? op->oq_search.rs_filterstr.bv_val : "empty", 0 );
#else
Debug( LDAP_DEBUG_ARGS, " filter: %s\n",
fstr.bv_len ? fstr.bv_val : "empty", 0, 0 );
op->oq_search.rs_filterstr.bv_len ? op->oq_search.rs_filterstr.bv_val : "empty", 0, 0 );
#endif
/* attributes */
siz = sizeof(AttributeName);
off = 0;
if ( ber_scanf( op->o_ber, "{M}}", &an, &siz, off ) == LBER_ERROR ) {
send_ldap_disconnect( conn, op,
LDAP_PROTOCOL_ERROR, "decoding attrs error" );
rc = SLAPD_DISCONNECT;
if ( ber_scanf( op->o_ber, "{M}}", &op->oq_search.rs_attrs, &siz, off ) == LBER_ERROR ) {
send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding attrs error" );
rs->sr_err = SLAPD_DISCONNECT;
goto return_results;
}
for ( i=0; i<siz; i++ ) {
an[i].an_desc = NULL;
an[i].an_oc = NULL;
slap_bv2ad(&an[i].an_name, &an[i].an_desc, &text);
const char *dummy; /* ignore msgs from bv2ad */
op->oq_search.rs_attrs[i].an_desc = NULL;
op->oq_search.rs_attrs[i].an_oc = NULL;
slap_bv2ad(&op->oq_search.rs_attrs[i].an_name, &op->oq_search.rs_attrs[i].an_desc, &dummy);
}
if( (rc = get_ctrls( conn, op, 1 )) != LDAP_SUCCESS ) {
if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
"do_search: conn %d get_ctrls failed (%d)\n",
conn->c_connid, rc, 0 );
op->o_connid, rs->sr_err, 0 );
#else
Debug( LDAP_DEBUG_ANY, "do_search: get_ctrls failed\n", 0, 0, 0 );
#endif
@ -204,7 +185,7 @@ do_search(
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ARGS,
"do_search: conn %d attrs:", conn->c_connid, 0, 0 );
"do_search: conn %d attrs:", op->o_connid, 0, 0 );
#else
Debug( LDAP_DEBUG_ARGS, " attrs:", 0, 0, 0 );
#endif
@ -213,9 +194,9 @@ do_search(
for ( i = 0; i<siz; i++ ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ARGS,
"do_search: %s", an[i].an_name.bv_val, 0, 0 );
"do_search: %s", op->oq_search.rs_attrs[i].an_name.bv_val, 0, 0 );
#else
Debug( LDAP_DEBUG_ARGS, " %s", an[i].an_name.bv_val, 0, 0 );
Debug( LDAP_DEBUG_ARGS, " %s", op->oq_search.rs_attrs[i].an_name.bv_val, 0, 0 );
#endif
}
}
@ -232,10 +213,10 @@ do_search(
Statslog( LDAP_DEBUG_STATS,
"conn=%lu op=%lu SRCH base=\"%s\" scope=%d filter=\"%s\"\n",
op->o_connid, op->o_opid, pbase.bv_val, scope, fstr.bv_val );
op->o_connid, op->o_opid, op->o_req_dn.bv_val, op->oq_search.rs_scope, op->oq_search.rs_filterstr.bv_val );
for ( i = 0; i<siz; i++ ) {
alen = an[i].an_name.bv_len;
alen = op->oq_search.rs_attrs[i].an_name.bv_len;
if (alen >= sizeof(abuf)) {
alen = sizeof(abuf)-1;
}
@ -249,7 +230,7 @@ do_search(
*ptr++ = ' ';
len++;
}
ptr = lutil_strncopy(ptr, an[i].an_name.bv_val, alen);
ptr = lutil_strncopy(ptr, op->oq_search.rs_attrs[i].an_name.bv_val, alen);
len += alen;
*ptr = '\0';
}
@ -261,95 +242,88 @@ do_search(
manageDSAit = get_manageDSAit( op );
if ( scope == LDAP_SCOPE_BASE ) {
if ( op->oq_search.rs_scope == LDAP_SCOPE_BASE ) {
Entry *entry = NULL;
if ( nbase.bv_len == 0 ) {
if ( op->o_req_ndn.bv_len == 0 ) {
#ifdef LDAP_CONNECTIONLESS
/* Ignore LDAPv2 CLDAP Root DSE queries */
if (op->o_protocol == LDAP_VERSION2 && conn->c_is_udp) {
if (op->o_protocol == LDAP_VERSION2 && op->o_conn->c_is_udp) {
goto return_results;
}
#endif
/* check restrictions */
rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
if( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto return_results;
}
#ifdef LDAP_SLAPI
attrs = anlist2charray( an );
pb = initSearchPlugin( NULL, conn, op, &nbase, scope,
deref, sizelimit, timelimit, filter, &fstr,
attrs, attrsonly, manageDSAit );
rc = doPreSearchPluginFNs( NULL, pb );
if ( rc == LDAP_SUCCESS ) {
doSearchRewriteFNs( NULL, pb, &filter, &fstr );
attrs = anlist2charray( op->oq_search.rs_attrs );
initSearchPlugin( op, attrs, manageDSAit );
rs->sr_err = doPreSearchPluginFNs( op );
if ( rs->sr_err == LDAP_SUCCESS ) {
doSearchRewriteFNs( op );
#endif /* LDAP_SLAPI */
rc = root_dse_info( conn, &entry, &text );
rs->sr_err = root_dse_info( op->o_conn, &entry, &rs->sr_text );
#ifdef LDAP_SLAPI
}
#endif /* LDAP_SLAPI */
} else if ( bvmatch( &nbase, &global_schemandn ) ) {
} else if ( bvmatch( &op->o_req_ndn, &global_schemandn ) ) {
/* check restrictions */
rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
if( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto return_results;
}
#ifdef LDAP_SLAPI
attrs = anlist2charray( an );
pb = initSearchPlugin( NULL, conn, op, &nbase, scope,
deref, sizelimit, timelimit, filter, &fstr,
attrs, attrsonly, manageDSAit );
rc = doPreSearchPluginFNs( NULL, pb );
if ( rc == LDAP_SUCCESS ) {
doSearchRewriteFNs( NULL, pb, &filter, &fstr );
attrs = anlist2charray( op->oq_search.rs_attrs );
initSearchPlugin( op, attrs, manageDSAit );
rs->sr_err = doPreSearchPluginFNs( op );
if ( rs->sr_err == LDAP_SUCCESS ) {
doSearchRewriteFNs( op );
#endif /* LDAP_SLAPI */
rc = schema_info( &entry, &text );
rs->sr_err = schema_info( &entry, &rs->sr_text );
#ifdef LDAP_SLAPI
}
#endif /* LDAP_SLAPI */
}
if( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
if( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
#ifdef LDAP_SLAPI
doPostSearchPluginFNs( NULL, pb );
doPostSearchPluginFNs( op );
#endif /* LDAP_SLAPI */
goto return_results;
} else if ( entry != NULL ) {
rc = test_filter( NULL, conn, op,
entry, filter );
rs->sr_err = test_filter( op, entry, op->oq_search.rs_filter );
if( rc == LDAP_COMPARE_TRUE ) {
send_search_entry( NULL, conn, op,
entry, an, attrsonly, NULL );
if( rs->sr_err == LDAP_COMPARE_TRUE ) {
rs->sr_entry = entry;
rs->sr_attrs = op->oq_search.rs_attrs;
send_search_entry( op, rs );
rs->sr_entry = NULL;
}
entry_free( entry );
send_ldap_result( conn, op, LDAP_SUCCESS,
NULL, NULL, NULL, NULL );
rs->sr_err = LDAP_SUCCESS;
rs->sr_nentries = 1;
send_search_result( op, rs );
#ifdef LDAP_SLAPI
doPostSearchPluginFNs( NULL, pb );
doPostSearchPluginFNs( op );
#endif /* LDAP_SLAPI */
goto return_results;
}
}
if( !nbase.bv_len && default_search_nbase.bv_len ) {
ch_free( pbase.bv_val );
ch_free( nbase.bv_val );
if( !op->o_req_ndn.bv_len && default_search_nbase.bv_len ) {
ch_free( op->o_req_dn.bv_val );
ch_free( op->o_req_ndn.bv_val );
ber_dupbv( &pbase, &default_search_base );
ber_dupbv( &nbase, &default_search_nbase );
ber_dupbv( &op->o_req_dn, &default_search_base );
ber_dupbv( &op->o_req_ndn, &default_search_nbase );
}
/*
@ -357,85 +331,79 @@ do_search(
* appropriate one, or send a referral to our "referral server"
* if we don't hold it.
*/
if ( (be = select_backend( &nbase, manageDSAit, 1 )) == NULL ) {
BerVarray ref = referral_rewrite( default_referral,
NULL, &pbase, scope );
if ( (op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 1 )) == NULL ) {
rs->sr_ref = referral_rewrite( default_referral,
NULL, &op->o_req_dn, op->oq_search.rs_scope );
send_ldap_result( conn, op, rc = LDAP_REFERRAL,
NULL, NULL, ref ? ref : default_referral, NULL );
if (!rs->sr_ref) rs->sr_ref = default_referral;
rs->sr_err = LDAP_REFERRAL;
send_ldap_result( op, rs );
ber_bvarray_free( ref );
if (rs->sr_ref != default_referral)
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
goto return_results;
}
/* check restrictions */
rc = backend_check_restrictions( be, conn, op, NULL, &text ) ;
if( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto return_results;
}
/* check for referrals */
rc = backend_check_referrals( be, conn, op, &pbase, &nbase );
if ( rc != LDAP_SUCCESS ) {
if( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) {
goto return_results;
}
#ifdef LDAP_SLAPI
attrs = anlist2charray( an );
pb = initSearchPlugin( be, conn, op, &pbase,
scope, deref, sizelimit,
timelimit, filter, &fstr, attrs, attrsonly,
manageDSAit );
rc = doPreSearchPluginFNs( be, pb );
if ( rc != LDAP_SUCCESS ) {
attrs = anlist2charray( op->oq_search.rs_attrs );
initSearchPlugin( op, attrs, manageDSAit );
rs->sr_err = doPreSearchPluginFNs( op );
if ( rs->sr_err != LDAP_SUCCESS ) {
goto return_results;
}
doSearchRewriteFNs( be, pb, &filter, &fstr );
doSearchRewriteFNs( op );
#endif /* LDAP_SLAPI */
/* actually do the search and send the result(s) */
if ( be->be_search ) {
(*be->be_search)( be, conn, op, &pbase, &nbase,
scope, deref, sizelimit,
timelimit, filter, &fstr, an, attrsonly );
if ( op->o_bd->be_search ) {
(op->o_bd->be_search)( op, rs );
} else {
send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
NULL, "operation not supported within namingContext",
NULL, NULL );
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"operation not supported within namingContext" );
}
#ifdef LDAP_SLAPI
doPostSearchPluginFNs( be, pb );
doPostSearchPluginFNs( op );
#endif /* LDAP_SLAPI */
return_results:;
#ifdef LDAP_CLIENT_UPDATE
if ( ( op->o_clientupdate_type & SLAP_LCUP_PERSIST ) )
return rc;
return rs->sr_err;
#endif
#if defined(LDAP_CLIENT_UPDATE) && defined(LDAP_SYNC)
else
#endif
#ifdef LDAP_SYNC
if ( ( op->o_sync_mode & SLAP_SYNC_PERSIST ) )
return rc;
return rs->sr_err;
#endif
if( pbase.bv_val != NULL) free( pbase.bv_val );
if( nbase.bv_val != NULL) free( nbase.bv_val );
if( op->o_req_dn.bv_val != NULL) free( op->o_req_dn.bv_val );
if( op->o_req_ndn.bv_val != NULL) free( op->o_req_ndn.bv_val );
if( fstr.bv_val != NULL) free( fstr.bv_val );
if( filter != NULL) filter_free( filter );
if( an != NULL ) free( an );
if( op->oq_search.rs_filterstr.bv_val != NULL) free( op->oq_search.rs_filterstr.bv_val );
if( op->oq_search.rs_filter != NULL) filter_free( op->oq_search.rs_filter );
if( op->oq_search.rs_attrs != NULL ) free( op->oq_search.rs_attrs );
#ifdef LDAP_SLAPI
if( attrs != NULL) ch_free( attrs );
#endif /* LDAP_SLAPI */
return rc;
return rs->sr_err;
}
#ifdef LDAP_SLAPI
@ -460,37 +428,29 @@ static char **anlist2charray( AttributeName *an )
return attrs;
}
static Slapi_PBlock *initSearchPlugin( Backend *be, Connection *conn, Operation *op,
struct berval *base, int scope, int deref, int sizelimit,
int timelimit, Filter *filter, struct berval *fstr,
char **attrs, int attrsonly, int managedsait )
static void Slapi_PBlock *initSearchPlugin( Operation *op,
char **attrs, int managedsait )
{
Slapi_PBlock *pb;
pb = op->o_pb;
slapi_x_backend_set_pb( pb, be );
slapi_x_connection_set_pb( pb, conn );
slapi_x_operation_set_pb( pb, op );
slapi_pblock_set( pb, SLAPI_SEARCH_TARGET, (void *)base->bv_val );
slapi_pblock_set( pb, SLAPI_SEARCH_SCOPE, (void *)scope );
slapi_pblock_set( pb, SLAPI_SEARCH_DEREF, (void *)deref );
slapi_pblock_set( pb, SLAPI_SEARCH_SIZELIMIT, (void *)sizelimit );
slapi_pblock_set( pb, SLAPI_SEARCH_TIMELIMIT, (void *)timelimit );
slapi_pblock_set( pb, SLAPI_SEARCH_FILTER, (void *)filter );
slapi_pblock_set( pb, SLAPI_SEARCH_STRFILTER, (void *)fstr->bv_val );
slapi_pblock_set( pb, SLAPI_SEARCH_ATTRS, (void *)attrs );
slapi_pblock_set( pb, SLAPI_SEARCH_ATTRSONLY, (void *)attrsonly );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)managedsait );
return pb;
slapi_x_backend_set_pb( op->o_pb, op->o_bd );
slapi_x_connection_set_pb( op->o_pb, op->o_conn );
slapi_x_operation_set_pb( op->o_pb, op );
slapi_pblock_set( op->o_pb, SLAPI_SEARCH_TARGET, (void *)op->o_req_dn.bv_val );
slapi_pblock_set( op->o_pb, SLAPI_SEARCH_SCOPE, (void *)op->oq_search.rs_scope );
slapi_pblock_set( op->o_pb, SLAPI_SEARCH_DEREF, (void *)op->oq_search.rs_deref );
slapi_pblock_set( op->o_pb, SLAPI_SEARCH_SIZELIMIT, (void *)op->oq_search.rs_slimit );
slapi_pblock_set( op->o_pb, SLAPI_SEARCH_TIMELIMIT, (void *)op->oq_search.rs_tlimit );
slapi_pblock_set( op->o_pb, SLAPI_SEARCH_FILTER, (void *)op->oq_search.rs_filter );
slapi_pblock_set( op->o_pb, SLAPI_SEARCH_STRFILTER, (void *)op->oq_search.rs_filterstr.bv_val );
slapi_pblock_set( op->o_pb, SLAPI_SEARCH_ATTRS, (void *)attrs );
slapi_pblock_set( op->o_pb, SLAPI_SEARCH_ATTRSONLY, (void *)op->oq_search.rs_attrsonly );
slapi_pblock_set( op->o_pb, SLAPI_MANAGEDSAIT, (void *)managedsait );
}
static int doPreSearchPluginFNs( Backend *be, Slapi_PBlock *pb )
static int doPreSearchPluginFNs( Operation *op )
{
int rc;
rc = doPluginFNs( be, SLAPI_PLUGIN_PRE_SEARCH_FN, pb );
rc = doPluginFNs( op->o_bd, SLAPI_PLUGIN_PRE_SEARCH_FN, op->o_pb );
if ( rc != 0 ) {
/*
* A preoperation plugin failure will abort the
@ -503,7 +463,7 @@ static int doPreSearchPluginFNs( Backend *be, Slapi_PBlock *pb )
Debug(LDAP_DEBUG_TRACE, "doPreSearchPluginFNs: search preoperation plugin "
"returned %d.\n", rc, 0, 0);
#endif
if ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void *)&rc ) != 0)
if ( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE, (void *)&rc ) != 0)
rc = LDAP_OTHER;
} else {
rc = LDAP_SUCCESS;
@ -512,32 +472,32 @@ static int doPreSearchPluginFNs( Backend *be, Slapi_PBlock *pb )
return rc;
}
static int doSearchRewriteFNs( Backend *be, Slapi_PBlock *pb, Filter **filter, struct berval *fstr )
static int doSearchRewriteFNs( Operation *op )
{
if ( doPluginFNs( be, SLAPI_PLUGIN_COMPUTE_SEARCH_REWRITER_FN, pb ) == 0 ) {
if ( doPluginFNs( op->o_bd, SLAPI_PLUGIN_COMPUTE_SEARCH_REWRITER_FN, op->o_pb ) == 0 ) {
/*
* The plugin can set the SLAPI_SEARCH_FILTER.
* SLAPI_SEARCH_STRFILER is not normative.
*/
slapi_pblock_get( pb, SLAPI_SEARCH_FILTER, (void *)filter);
ch_free( fstr->bv_val );
filter2bv( *filter, fstr );
slapi_pblock_get( op->o_pb, SLAPI_SEARCH_FILTER, (void *)&op->oq_search.rs_filter);
ch_free( op->oq_search.rs_filterstr.bv_val );
filter2bv( op->oq_search.rs_filter, &op->oq_search.rs_filterstr );
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ARGS,
"doSearchRewriteFNs: after compute_rewrite_search filter: %s\n",
fstr->bv_len ? fstr->bv_val : "empty", 0, 0 );
op->oq_search.rs_filterstr.bv_len ? op->oq_search.rs_filterstr.bv_val : "empty", 0, 0 );
#else
Debug( LDAP_DEBUG_ARGS, " after compute_rewrite_search filter: %s\n",
fstr->bv_len ? fstr->bv_val : "empty", 0, 0 );
op->oq_search.rs_filterstr.bv_len ? op->oq_search.rs_filterstr.bv_val : "empty", 0, 0 );
#endif
}
return LDAP_SUCCESS;
}
static void doPostSearchPluginFNs( Backend *be, Slapi_PBlock *pb )
static void doPostSearchPluginFNs( Operation *op )
{
if ( doPluginFNs( be, SLAPI_PLUGIN_POST_SEARCH_FN, pb ) != 0 ) {
if ( doPluginFNs( op->o_bd, SLAPI_PLUGIN_POST_SEARCH_FN, op->o_pb ) != 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO, "doPostSearchPluginFNs: search postoperation plugins "
"failed\n", 0, 0, 0 );

377
servers/slapd/slap.h
View file

@ -1206,15 +1206,6 @@ typedef struct slap_acl_state {
#define ACL_STATE_INIT { ACL_STATE_NOT_RECORDED, NULL, NULL, 0UL, \
{ { 0, 0 } }, 0, NULL, 0, 0, NULL }
/*
* replog moddn param structure
*/
struct slap_replog_moddn {
struct berval *newrdn;
int deloldrdn;
struct berval *newsup;
};
/*
* Backend-info
* represents a backend
@ -1446,11 +1437,11 @@ typedef int (BI_db_open) LDAP_P((Backend *bd));
typedef int (BI_db_close) LDAP_P((Backend *bd));
typedef int (BI_db_destroy) LDAP_P((Backend *bd));
#ifdef SLAP_OP_BLOCKS
typedef struct req_bind_s {
int rb_method;
struct berval rb_cred;
struct berval rb_edn;
slap_ssf_t rb_ssf;
} req_bind_s;
typedef struct req_search_s {
@ -1460,7 +1451,7 @@ typedef struct req_search_s {
int rs_tlimit;
int rs_attrsonly;
AttributeName *rs_attrs;
Filter *rs_f;
Filter *rs_filter;
struct berval rs_filterstr;
} req_search_s;
@ -1468,11 +1459,15 @@ typedef struct req_compare_s {
AttributeAssertion *rs_ava;
} req_compare_s;
typedef struct req_modify_s {
Modifications *rs_modlist;
} req_modify_s;
typedef struct req_modrdn_s {
struct berval rs_newrdn;
struct berval rs_nnewrdn;
struct berval rs_newSup;
struct berval rs_nnewSup;
struct berval *rs_newSup;
struct berval *rs_nnewSup;
int rs_deleteoldrdn;
} req_modrdn_s;
@ -1486,88 +1481,80 @@ typedef struct req_abandon_s {
typedef struct req_extended_s {
struct berval rs_reqoid;
char *rs_rspoid;
struct berval *rs_rspdata;
LDAPControl **rs_rspctrls;
const char *rs_text;
BerVarray rs_refs;
struct berval *rs_reqdata;
} req_extended_s;
#endif /* SLAP_OP_BLOCKS */
typedef int (BI_op_bind) LDAP_P(( BackendDB *bd,
struct slap_conn *c, struct slap_op *o,
struct berval *dn, struct berval *ndn, int method,
struct berval *cred, struct berval *edn ));
typedef int (BI_op_unbind) LDAP_P((BackendDB *bd,
struct slap_conn *c, struct slap_op *o ));
typedef int (BI_op_search) LDAP_P((BackendDB *bd,
struct slap_conn *c, struct slap_op *o,
struct berval *base, struct berval *nbase,
int scope, int deref,
int slimit, int tlimit,
Filter *f, struct berval *filterstr,
AttributeName *attrs, int attrsonly));
typedef int (BI_op_compare)LDAP_P((BackendDB *bd,
struct slap_conn *c, struct slap_op *o,
struct berval *dn, struct berval *ndn,
AttributeAssertion *ava));
typedef int (BI_op_modify) LDAP_P((BackendDB *bd,
struct slap_conn *c, struct slap_op *o,
struct berval *dn, struct berval *ndn,
Modifications *m));
typedef int (BI_op_modrdn) LDAP_P((BackendDB *bd,
struct slap_conn *c, struct slap_op *o,
struct berval *dn, struct berval *ndn,
struct berval *newrdn, struct berval *nnewrdn,
int deleteoldrdn,
struct berval *newSup, struct berval *nnewSup ));
typedef int (BI_op_add) LDAP_P((BackendDB *bd,
struct slap_conn *c, struct slap_op *o,
Entry *e));
typedef int (BI_op_delete) LDAP_P((BackendDB *bd,
struct slap_conn *c, struct slap_op *o,
struct berval *dn, struct berval *ndn));
typedef int (BI_op_abandon) LDAP_P((BackendDB *bd,
struct slap_conn *c, struct slap_op *o,
ber_int_t msgid));
typedef int (BI_op_cancel) LDAP_P((BackendDB *bd,
struct slap_conn *c, struct slap_op *o,
ber_int_t msgid));
typedef enum slap_reply_e {
REP_RESULT,
REP_SASL,
REP_SRESULT,
REP_EXTENDED,
REP_SEARCH,
REP_SEARCHREF
} slap_reply_t;
typedef int (BI_op_extended) LDAP_P((
BackendDB *be,
struct slap_conn *conn,
struct slap_op *op,
struct berval *reqoid,
struct berval * reqdata,
char **rspoid,
struct berval ** rspdata,
LDAPControl *** rspctrls,
const char ** text,
BerVarray *refs ));
typedef struct rep_sasl_s {
struct berval *r_sasldata;
} rep_sasl_s;
typedef int (BI_entry_get_rw) LDAP_P((BackendDB *bd,
struct slap_conn *c, struct slap_op *o,
struct berval *ndn, ObjectClass *oc,
AttributeDescription *at, int rw,
Entry **e ));
typedef struct rep_sresult_s {
int r_nentries;
} rep_sresult_s;
typedef int (BI_entry_release_rw) LDAP_P((BackendDB *bd,
struct slap_conn *c, struct slap_op *o,
Entry *e, int rw));
typedef struct rep_extended_s {
const char *r_rspoid;
struct berval *r_rspdata;
} rep_extended_s;
typedef int (BI_chk_referrals) LDAP_P((BackendDB *bd,
struct slap_conn *c, struct slap_op *o,
struct berval *dn, struct berval *ndn,
const char **text ));
typedef int (BI_operational) LDAP_P((Backend *bd,
struct slap_conn *c, struct slap_op *o,
Entry *e, AttributeName *attrs, int opattrs, Attribute **a ));
typedef struct rep_search_s {
AttributeName *r_attrs;
Entry *r_entry;
BerVarray r_v2ref;
} rep_search_s;
typedef int (BI_has_subordinates) LDAP_P((Backend *bd,
struct slap_conn *c, struct slap_op *o,
Entry *e, int *has_subordinates ));
typedef struct slap_rep {
slap_reply_t sr_type;
ber_tag_t sr_tag;
ber_int_t sr_msgid;
ber_int_t sr_err;
const char *sr_matched;
const char *sr_text;
BerVarray sr_ref;
LDAPControl **sr_ctrls;
union sr_u {
rep_sasl_s sru_sasl;
rep_sresult_s sru_sresult;
rep_extended_s sru_extended;
rep_search_s sru_search;
} sr_un;
} SlapReply;
/* short hands for response members */
#define sr_attrs sr_un.sru_search.r_attrs
#define sr_entry sr_un.sru_search.r_entry
#define sr_v2ref sr_un.sru_search.r_v2ref
#define sr_rspoid sr_un.sru_extended.r_rspoid
#define sr_rspdata sr_un.sru_extended.r_rspdata
#define sr_sasldata sr_un.sru_sasl.r_sasldata
#define sr_nentries sr_un.sru_sresult.r_nentries
typedef int (BI_op_bind) LDAP_P(( struct slap_op *op, struct slap_rep *rs ));
typedef int (BI_op_unbind) LDAP_P(( struct slap_op *op, struct slap_rep *rs ));
typedef int (BI_op_search) LDAP_P(( struct slap_op *op, struct slap_rep *rs ));
typedef int (BI_op_compare) LDAP_P(( struct slap_op *op, struct slap_rep *rs ));
typedef int (BI_op_modify) LDAP_P(( struct slap_op *op, struct slap_rep *rs ));
typedef int (BI_op_modrdn) LDAP_P(( struct slap_op *op, struct slap_rep *rs ));
typedef int (BI_op_add) LDAP_P(( struct slap_op *op, struct slap_rep *rs ));
typedef int (BI_op_delete) LDAP_P(( struct slap_op *op, struct slap_rep *rs ));
typedef int (BI_op_abandon) LDAP_P(( struct slap_op *op, struct slap_rep *rs ));
typedef int (BI_op_cancel) LDAP_P(( struct slap_op *op, struct slap_rep *rs ));
typedef int (BI_op_extended) LDAP_P(( struct slap_op *op, struct slap_rep *rs ));
typedef int (BI_entry_release_rw) LDAP_P(( struct slap_op *op, Entry *e, int rw ));
typedef int (BI_entry_get_rw) LDAP_P(( struct slap_op *op, struct berval *ndn,
ObjectClass *oc, AttributeDescription *at, int rw, Entry **e ));
typedef int (BI_chk_referrals) LDAP_P(( struct slap_op *op, struct slap_rep *rs ));
typedef int (BI_operational) LDAP_P(( struct slap_op *op, struct slap_rep *rs, int opattrs, Attribute **ap ));
typedef int (BI_has_subordinates) LDAP_P(( struct slap_op *op, Entry *e, int *hasSubs ));
typedef int (BI_connection_init) LDAP_P((BackendDB *bd,
struct slap_conn *c));
@ -1703,20 +1690,10 @@ struct slap_backend_info {
#define o_tls_ssf o_authz.sai_tls_ssf
#define o_sasl_ssf o_authz.sai_sasl_ssf
typedef void (slap_response)( struct slap_conn *, struct slap_op *,
ber_tag_t, ber_int_t, ber_int_t, const char *, const char *,
BerVarray, const char *, struct berval *,
struct berval *, LDAPControl ** );
typedef void (slap_sresult)( struct slap_conn *, struct slap_op *,
ber_int_t, const char *, const char *, BerVarray,
LDAPControl **, int nentries);
typedef int (slap_sendentry)( BackendDB *, struct slap_conn *,
struct slap_op *, Entry *, AttributeName *, int, LDAPControl **);
typedef int (slap_sendreference)( BackendDB *, struct slap_conn *,
struct slap_op *, Entry *, BerVarray, LDAPControl **, BerVarray * );
typedef void (slap_response)( struct slap_op *, struct slap_rep * );
typedef void (slap_sresult)( struct slap_op *, struct slap_rep * );
typedef int (slap_sendentry)( struct slap_op *, struct slap_rep * );
typedef int (slap_sendreference)( struct slap_op *, struct slap_rep * );
typedef struct slap_callback {
slap_response *sc_response;
@ -1744,26 +1721,9 @@ typedef struct slap_paged_state {
#define LDAP_PSEARCH_BY_MODIFY 0x04
#define LDAP_PSEARCH_BY_SCOPEOUT 0x05
struct ldap_psearch_spec {
struct slap_op *op;
struct berval *base;
struct berval *nbase;
int scope;
int deref;
int slimit;
int tlimit;
Filter *filter;
struct berval *filterstr;
AttributeName *attrs;
int attrsonly;
int protocol;
int entry_count;
LDAP_LIST_ENTRY(ldap_psearch_spec) link;
};
struct psid_entry {
struct ldap_psearch_spec* ps;
LDAP_LIST_ENTRY(psid_entry) link;
struct slap_op *ps_op;
LDAP_LIST_ENTRY(psid_entry) ps_link;
};
#endif
@ -1775,53 +1735,44 @@ typedef struct slap_op {
unsigned long o_opid; /* id of this operation */
unsigned long o_connid; /* id of conn initiating this op */
struct slap_conn *o_conn; /* connection spawning this op */
#ifdef SLAP_OP_BLOCKS
BackendDB *o_bd; /* backend DB processing this op */
#endif
ber_int_t o_msgid; /* msgid of the request */
ber_int_t o_protocol; /* version of the LDAP protocol used by client */
ber_tag_t o_tag; /* tag of the request */
time_t o_time; /* time op was initiated */
#ifdef SLAP_OP_BLOCKS
struct berval o_req_dn; /* DN of target of request */
struct berval o_req_ndn;
union o_req_u {
req_bind_s oq_bind;
req_search_s oq_search;
req_compare_s oq_compare;
req_modrdn_s oq_modrdn;
req_add_s oq_add;
req_bind_s oq_bind;
req_compare_s oq_compare;
req_modify_s oq_modify;
req_modrdn_s oq_modrdn;
req_search_s oq_search;
req_abandon_s oq_abandon;
req_abandon_s oq_cancel;
req_extended_s oq_extended;
} o_request;
/* short hands for union members */
#define o_bind o_request.oq_bind
#define oq_add o_request.oq_add
#define oq_bind o_request.oq_bind
#define oq_compare o_request.oq_compare
#define oq_modify o_request.oq_modify
#define oq_modrdn o_request.oq_modrdn
#define oq_search o_request.oq_search
#define oq_abandon o_request.oq_abandon
#define oq_cancel o_request.oq_cancel
#define oq_extended o_request.oq_extended
/* ... */
/* short hands for inner request members */
#define o_bind_edn o_bind.rb_edn
#define o_bind_edn oq_bind.rb_edn
/* ... */
struct o_rep_s {
ber_tag_t or_tag;
ber_int_t or_err;
const char *or_matched;
const char *or_text;
BerVarray or_ref;
const char *or_resoid;
struct berval *or_resdata;
struct berval *or_sasldata;
LDAPControl **or_ctrls;
} o_response;
#else
char * o_extendedop; /* extended operation OID */
#endif
ldap_pvt_thread_t o_tid; /* thread handling this op */
volatile sig_atomic_t o_abandon; /* abandon flag */
@ -1895,9 +1846,10 @@ typedef struct slap_op {
#endif
#if defined(LDAP_CLIENT_UPDATE) || defined(LDAP_SYNC)
LDAP_LIST_HEAD(lss, ldap_psearch_spec) psearch_spec;
LDAP_LIST_HEAD(pe, psid_entry) premodify_list;
LDAP_LIST_ENTRY(slap_op) link;
int o_ps_protocol;
int o_ps_entries;
LDAP_LIST_ENTRY(slap_op) o_ps_link;
LDAP_LIST_HEAD(pe, psid_entry) o_pm_list;
#endif
AuthorizationInformation o_authz;
@ -1924,94 +1876,30 @@ typedef struct slap_op {
#endif
} Operation;
typedef void (*SEND_LDAP_RESULT)(
struct slap_conn *conn,
struct slap_op *op,
ber_int_t err,
const char *matched,
const char *text,
BerVarray ref,
LDAPControl **ctrls
);
#define send_ldap_result( conn, op, err, matched, text, ref, ctrls ) \
(*conn->c_send_ldap_result)( conn, op, err, matched, text, ref, ctrls )
typedef int (*SEND_SEARCH_ENTRY)(
struct slap_backend_db *be,
struct slap_conn *conn,
struct slap_op *op,
struct slap_entry *e,
AttributeName *attrs,
int attrsonly,
LDAPControl **ctrls
);
#define send_search_entry( be, conn, op, e, attrs, attrsonly, ctrls) \
(*conn->c_send_search_entry)( be, conn, op, e, attrs, attrsonly, ctrls)
typedef void (*SEND_SEARCH_RESULT)(
struct slap_conn *conn,
struct slap_op *op,
ber_int_t err,
const char *matched,
const char *text,
BerVarray refs,
LDAPControl **ctrls,
int nentries
);
#define send_search_result( conn, op, err, matched, text, refs, ctrls, nentries ) \
(*conn->c_send_search_result)( conn, op, err, matched, text, refs, ctrls, nentries )
typedef int (*SEND_SEARCH_REFERENCE)(
struct slap_backend_db *be,
struct slap_conn *conn,
struct slap_op *op,
struct slap_entry *e,
BerVarray refs,
LDAPControl **ctrls,
BerVarray *v2refs
);
#define send_search_reference( be, conn, op, e, refs, ctrls, v2refs ) \
(*conn->c_send_search_reference)( be, conn, op, e, refs, ctrls, v2refs )
typedef void (*SEND_LDAP_EXTENDED)(
struct slap_conn *conn,
struct slap_op *op,
ber_int_t err,
const char *matched,
const char *text,
BerVarray refs,
const char *rspoid,
struct berval *rspdata,
LDAPControl **ctrls
);
#define send_ldap_extended( conn, op, err, matched, text, refs, rspoid, rspdata, ctrls) \
(*conn->c_send_ldap_extended)( conn, op, err, matched, text, refs, rspoid, rspdata, ctrls )
typedef void (*SEND_LDAP_INTERMEDIATE_RESP)(
struct slap_conn *conn,
struct slap_op *op,
ber_int_t err,
const char *matched,
const char *text,
BerVarray refs,
const char *rspoid,
struct berval *rspdata,
LDAPControl **ctrls
);
#define send_ldap_intermediate_resp( conn, op, err, matched, text, refs, \
rspoid, rspdata, ctrls) \
(*conn->c_send_ldap_intermediate_resp)( conn, op, err, matched, text, \
refs, rspoid, rspdata, ctrls )
#define send_ldap_error( op, rs, err, text ) \
do { (rs)->sr_err = err; (rs)->sr_text = text; \
(op->o_conn->c_send_ldap_result)( op, rs ); } while (0)
#define send_ldap_discon( op, rs, err, text ) \
do { (rs)->sr_err = err; (rs)->sr_text = text; \
send_ldap_disconnect( op, rs ); } while (0)
typedef void (SEND_LDAP_RESULT)(struct slap_op *op, struct slap_rep *rs);
typedef int (SEND_SEARCH_ENTRY)(struct slap_op *op, struct slap_rep *rs);
typedef void (SEND_SEARCH_RESULT)(struct slap_op *op, struct slap_rep *rs);
typedef int (SEND_SEARCH_REFERENCE)(struct slap_op *op, struct slap_rep *rs);
typedef void (SEND_LDAP_EXTENDED)(struct slap_op *op, struct slap_rep *rs);
typedef void (SEND_LDAP_INTERMEDIATE_RESP)(struct slap_op *op, struct slap_rep *rs);
#define send_ldap_result( op, rs ) \
(op->o_conn->c_send_ldap_result)( op, rs )
#define send_search_entry( op, rs ) \
(op->o_conn->c_send_search_entry)( op, rs )
#define send_search_result( op, rs ) \
(op->o_conn->c_send_search_result)( op, rs )
#define send_search_reference( op, rs ) \
(op->o_conn->c_send_search_reference)( op, rs )
#define send_ldap_extended( op, rs ) \
(op->o_conn->c_send_ldap_extended)( op, rs )
#define send_ldap_intermediate_resp( op, rs ) \
(op->o_conn->c_send_ldap_intermediate_resp)( op, rs )
/*
* Caches the result of a backend_group check for ACL evaluation
@ -2101,13 +1989,13 @@ typedef struct slap_conn {
* supply data back to connected clients that are connected
* through the "front-end".
*/
SEND_LDAP_RESULT c_send_ldap_result;
SEND_SEARCH_ENTRY c_send_search_entry;
SEND_SEARCH_RESULT c_send_search_result;
SEND_SEARCH_REFERENCE c_send_search_reference;
SEND_LDAP_EXTENDED c_send_ldap_extended;
SEND_LDAP_RESULT *c_send_ldap_result;
SEND_SEARCH_ENTRY *c_send_search_entry;
SEND_SEARCH_RESULT *c_send_search_result;
SEND_SEARCH_REFERENCE *c_send_search_reference;
SEND_LDAP_EXTENDED *c_send_ldap_extended;
#ifdef LDAP_RES_INTERMEDIATE_RESP
SEND_LDAP_INTERMEDIATE_RESP c_send_ldap_intermediate_resp;
SEND_LDAP_INTERMEDIATE_RESP *c_send_ldap_intermediate_resp;
#endif
} Connection;
@ -2211,10 +2099,9 @@ enum {
#define SLAP_CTRL_ACCESS (SLAP_CTRL_INTROGATE|SLAP_CTRL_UPDATE)
typedef int (SLAP_CTRL_PARSE_FN) LDAP_P((
Connection *conn,
Operation *op,
LDAPControl *ctrl,
const char **text ));
SlapReply *rs,
LDAPControl *ctrl ));
LDAP_END_DECL

45
servers/slapd/starttls.c
View file

@ -21,62 +21,53 @@
#ifdef HAVE_TLS
int
starttls_extop (
Connection *conn,
Operation *op,
struct berval * reqoid,
struct berval * reqdata,
char ** rspoid,
struct berval ** rspdata,
LDAPControl ***rspctrls,
const char ** text,
BerVarray * refs )
starttls_extop ( Operation *op, SlapReply *rs )
{
void *ctx;
int rc;
if ( reqdata != NULL ) {
if ( op->oq_extended.rs_reqdata != NULL ) {
/* no request data should be provided */
*text = "no request data expected";
rs->sr_text = "no request data expected";
return LDAP_PROTOCOL_ERROR;
}
/* acquire connection lock */
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
/* can't start TLS if it is already started */
if (conn->c_is_tls != 0) {
*text = "TLS already started";
if (op->o_conn->c_is_tls != 0) {
rs->sr_text = "TLS already started";
rc = LDAP_OPERATIONS_ERROR;
goto done;
}
/* can't start TLS if there are other op's around */
if (( !LDAP_STAILQ_EMPTY(&conn->c_ops) &&
(LDAP_STAILQ_FIRST(&conn->c_ops) != op ||
if (( !LDAP_STAILQ_EMPTY(&op->o_conn->c_ops) &&
(LDAP_STAILQ_FIRST(&op->o_conn->c_ops) != op ||
LDAP_STAILQ_NEXT(op, o_next) != NULL)) ||
( !LDAP_STAILQ_EMPTY(&conn->c_pending_ops) ))
( !LDAP_STAILQ_EMPTY(&op->o_conn->c_pending_ops) ))
{
*text = "cannot start TLS when operations are outstanding";
rs->sr_text = "cannot start TLS when operations are outstanding";
rc = LDAP_OPERATIONS_ERROR;
goto done;
}
if ( !( global_disallows & SLAP_DISALLOW_TLS_2_ANON ) &&
( conn->c_dn.bv_len != 0 ) )
( op->o_conn->c_dn.bv_len != 0 ) )
{
Statslog( LDAP_DEBUG_STATS,
"conn=%lu op=%lu AUTHZ anonymous mech=starttls ssf=0",
op->o_connid, op->o_opid, 0, 0, 0 );
/* force to anonymous */
connection2anonymous( conn );
connection2anonymous( op->o_conn );
}
if ( ( global_disallows & SLAP_DISALLOW_TLS_AUTHC ) &&
( conn->c_dn.bv_len != 0 ) )
( op->o_conn->c_dn.bv_len != 0 ) )
{
*text = "cannot start TLS after authentication";
rs->sr_text = "cannot start TLS after authentication";
rc = LDAP_OPERATIONS_ERROR;
goto done;
}
@ -91,19 +82,19 @@ starttls_extop (
goto done;
}
*text = "Could not initialize TLS";
rs->sr_text = "Could not initialize TLS";
rc = LDAP_UNAVAILABLE;
goto done;
}
conn->c_is_tls = 1;
conn->c_needs_tls_accept = 1;
op->o_conn->c_is_tls = 1;
op->o_conn->c_needs_tls_accept = 1;
rc = LDAP_SUCCESS;
done:
/* give up connection lock */
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
/*
* RACE CONDITION: we give up lock before sending result

99
servers/slapd/tools/mimic.c
View file

@ -22,7 +22,7 @@ const char Versionstr[] = "";
/* bogus ../results.c */
int str2result(
char* s,
int *code,
int *code,
char **matched,
char **info )
{
@ -31,27 +31,14 @@ int str2result(
}
void
send_ldap_disconnect(
Connection *conn,
Operation *op,
ber_int_t err,
const char *text
)
send_ldap_disconnect( Operation *op, SlapReply *rs )
{
assert(0);
}
void
slap_send_ldap_extended(
Connection *conn,
Operation *op,
ber_int_t err,
const char *matched,
const char *text,
BerVarray refs,
const char *rspoid,
struct berval *rspdata,
LDAPControl **ctrls
Operation *op, SlapReply *rs
)
{
assert(0);
@ -59,89 +46,39 @@ slap_send_ldap_extended(
void
slap_send_ldap_intermediate_resp(
Connection *conn,
Operation *op,
ber_int_t err,
const char *matched,
const char *text,
BerVarray refs,
const char *rspoid,
struct berval *rspdata,
LDAPControl **ctrls
Operation *op, SlapReply *rs
)
{
assert(0);
}
void
send_ldap_sasl(
Connection *conn,
Operation *op,
ber_int_t err,
const char *matched,
const char *text,
BerVarray refs,
LDAPControl **ctrls,
struct berval *cred
)
send_ldap_sasl( Operation *op, SlapReply *rs )
{
assert(0);
}
void
slap_send_ldap_result(
Connection *conn,
Operation *op,
ber_int_t err,
const char *matched,
const char *text,
BerVarray refs,
LDAPControl **ctrls
)
slap_send_ldap_result( Operation *op, SlapReply *rs )
{
assert(0);
}
void
slap_send_search_result(
Connection *conn,
Operation *op,
ber_int_t err,
const char *matched,
const char *text,
BerVarray refs,
LDAPControl **ctrls,
int nentries
)
slap_send_search_result( Operation *op, SlapReply *rs )
{
assert(0);
}
int
slap_send_search_entry(
Backend *be,
Connection *conn,
Operation *op,
Entry *e,
AttributeName *attrs,
int attrsonly,
LDAPControl **ctrls
)
slap_send_search_entry( Operation *op, SlapReply *rs )
{
assert(0);
return -1;
}
int
slap_send_search_reference(
Backend *be,
Connection *conn,
Operation *op,
Entry *e,
BerVarray refs,
LDAPControl **ctrls,
BerVarray *v2refs
)
slap_send_search_reference( Operation *op, SlapReply *rs )
{
assert(0);
return -1;
@ -157,15 +94,7 @@ int slap_sasl_destroy(void)
return LDAP_SUCCESS;
}
int slap_sasl_setpass(
Connection *conn,
Operation *op,
struct berval *reqoid,
struct berval *reqdata,
char **rspoid,
struct berval **rspdata,
LDAPControl *** rspctrls,
const char **text )
int slap_sasl_setpass( Operation *op, SlapReply *rs )
{
return LDAP_SUCCESS;
}
@ -214,8 +143,7 @@ const char * connection_state2str( int state )
return NULL;
}
void replog( Backend *be, Operation *op,
struct berval *dn, struct berval *ndn, void *change)
void replog( Operation *op )
{
assert(0);
}
@ -275,13 +203,10 @@ slapd_get_listeners(void)
int
slap_modrdn2mods(
Backend *be,
Connection *conn,
Operation *op,
Operation *op, SlapReply *rs,
Entry *e,
LDAPRDN *oldrdn,
LDAPRDN *newrdn,
int deleteoldrdn,
Modifications **pmod )
{
return 0;

4
servers/slapd/tools/slapcat.c
View file

@ -19,6 +19,7 @@ main( int argc, char **argv )
{
ID id;
int rc = EXIT_SUCCESS;
Operation op = {0};
slap_tool_init( "slapcat", SLAPCAT, argc, argv );
@ -59,7 +60,8 @@ main( int argc, char **argv )
}
data = entry2str( e, &len );
be_entry_release_r( be, 0L, 0L, e );
op.o_bd = be;
be_entry_release_r( &op, e );
if ( data == NULL ) {
printf("# bad data for entry id=%08lx\n\n", (long) id );

10
servers/slapd/unbind.c
View file

@ -27,19 +27,15 @@
#include "slap.h"
int
do_unbind(
Connection *conn,
Operation *op
)
do_unbind( Operation *op, SlapReply *rs )
{
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ENTRY,
"do_unbind: conn %d\n", conn ? conn->c_connid : -1, 0, 0 );
"do_unbind: conn %d\n", op->o_connid : -1, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE, "do_unbind\n", 0, 0, 0 );
#endif
/*
* Parse the unbind request. It looks like this:
*
@ -50,7 +46,7 @@ do_unbind(
op->o_opid, 0, 0, 0 );
/* pass the unbind to all backends */
backend_unbind( conn, op );
backend_unbind( op, rs );
return 0;
}