1 /* ldif.c - the ldif backend */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2005-2008 The OpenLDAP Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
17 * This work was originally developed by Eric Stokes for inclusion
18 * in OpenLDAP Software.
23 #include <ac/string.h>
24 #include <sys/types.h>
26 #include <ac/dirent.h>
29 #include <ac/unistd.h>
34 typedef struct enumCookie {
43 struct berval li_base_path;
44 enumCookie li_tool_cookie;
46 ldap_pvt_thread_rdwr_t li_rdwr;
50 #define mkdir(a,b) mkdir(a)
51 #define move_file(from, to) (!MoveFileEx(from, to, MOVEFILE_REPLACE_EXISTING))
53 #define move_file(from, to) rename(from, to)
58 #define LDIF_FILETYPE_SEP '.' /* LDIF[0] */
61 * Unsafe/translated characters in the filesystem.
63 * LDIF_UNSAFE_CHAR(c) returns true if the character c is not to be used
64 * in relative filenames, except it should accept '\\' even if unsafe and
65 * need not reject '{' and '}'. The value should be a constant expression.
67 * If '\\' is unsafe, #define LDIF_ESCAPE_CHAR as a safe character.
69 * If '{' and '}' are unsafe, #define IX_FSL/IX_FSR as safe characters.
70 * (Not digits, '-' or '+'. IX_FSL == IX_FSR is allowed.)
72 * Characters are escaped as LDIF_ESCAPE_CHAR followed by two hex digits,
73 * except '\\' is replaced with LDIF_ESCAPE_CHAR and {} with IX_FS[LR].
74 * Also some LDIF special chars are hex-escaped.
76 * Thus an LDIF filename is a valid normalized RDN (or suffix DN)
77 * followed by ".ldif", except with '\\' replaced with LDIF_ESCAPE_CHAR.
83 * Unix/MacOSX version. ':' vs '/' can cause confusion on MacOSX so we
84 * escape both. We escape them on Unix so both OS variants get the same
87 #define LDIF_ESCAPE_CHAR '\\'
88 #define LDIF_UNSAFE_CHAR(c) ((c) == '/' || (c) == ':')
92 /* Windows version - Microsoft's list of unsafe characters, except '\\' */
93 #define LDIF_ESCAPE_CHAR '^'
94 #define LDIF_UNSAFE_CHAR(c) \
95 ((c) == '/' || (c) == ':' || \
96 (c) == '<' || (c) == '>' || (c) == '"' || \
97 (c) == '|' || (c) == '?' || (c) == '*')
102 * Left and Right "{num}" prefix to ordered RDNs ("olcDatabase={1}bdb").
103 * IX_DN* are for LDAP RDNs, IX_FS* for their .ldif filenames.
108 #define IX_FSL IX_DNL
109 #define IX_FSR IX_DNR
113 * Test for unsafe chars, as well as chars handled specially by back-ldif:
114 * - If the escape char is not '\\', it must itself be escaped. Otherwise
115 * '\\' and the escape char would map to the same character.
116 * - Escape the '.' in ".ldif", so the directory for an RDN that actually
117 * ends with ".ldif" can not conflict with a file of the same name. And
118 * since some OSes/programs choke on multiple '.'s, escape all of them.
119 * - If '{' and '}' are translated to some other characters, those
120 * characters must in turn be escaped when they occur in an RDN.
122 #ifndef LDIF_NEED_ESCAPE
123 #define LDIF_NEED_ESCAPE(c) \
124 ((LDIF_UNSAFE_CHAR(c)) || \
125 LDIF_MAYBE_UNSAFE(c, LDIF_ESCAPE_CHAR) || \
126 LDIF_MAYBE_UNSAFE(c, LDIF_FILETYPE_SEP) || \
127 LDIF_MAYBE_UNSAFE(c, IX_FSL) || \
128 (IX_FSR != IX_FSL && LDIF_MAYBE_UNSAFE(c, IX_FSR)))
131 * Helper macro for LDIF_NEED_ESCAPE(): Treat character x as unsafe if
132 * back-ldif does not already treat is specially.
134 #define LDIF_MAYBE_UNSAFE(c, x) \
135 (!(LDIF_UNSAFE_CHAR(x) || (x) == '\\' || (x) == IX_DNL || (x) == IX_DNR) \
139 #define ENTRY_BUFF_INCREMENT 500
141 static ConfigTable ldifcfg[] = {
142 { "directory", "dir", 2, 2, 0, ARG_BERVAL|ARG_OFFSET,
143 (void *)offsetof(struct ldif_info, li_base_path),
144 "( OLcfgDbAt:0.1 NAME 'olcDbDirectory' "
145 "DESC 'Directory for database content' "
146 "EQUALITY caseIgnoreMatch "
147 "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
148 { NULL, NULL, 0, 0, 0, ARG_IGNORED,
149 NULL, NULL, NULL, NULL }
152 static ConfigOCs ldifocs[] = {
154 "NAME 'olcLdifConfig' "
155 "DESC 'LDIF backend configuration' "
156 "SUP olcDatabaseConfig "
157 "MUST ( olcDbDirectory ) )", Cft_Database, ldifcfg },
162 /* Set *res = LDIF filename path for the normalized DN */
164 dn2path( BackendDB *be, struct berval *dn, struct berval *res )
166 struct ldif_info *li = (struct ldif_info *) be->be_private;
167 struct berval *suffixdn = &be->be_nsuffix[0];
168 const char *start, *end, *next, *p;
171 static const char hex[] = "0123456789ABCDEF";
173 assert( dn != NULL );
174 assert( !BER_BVISNULL( dn ) );
175 assert( suffixdn != NULL );
176 assert( !BER_BVISNULL( suffixdn ) );
177 assert( dnIsSuffix( dn, suffixdn ) );
180 end = start + dn->bv_len;
182 /* Room for dir, dirsep, dn, LDIF, "\hexpair"-escaping of unsafe chars */
183 len = li->li_base_path.bv_len + dn->bv_len + (1 + STRLENOF( LDIF ));
184 for ( p = start; p < end; ) {
186 if ( LDIF_NEED_ESCAPE( ch ) )
189 res->bv_val = ch_malloc( len + 1 );
191 ptr = lutil_strcopy( res->bv_val, li->li_base_path.bv_val );
192 for ( next = end - suffixdn->bv_len; end > start; end = next ) {
193 /* Set p = start of DN component, next = &',' or start of DN */
194 while ( (p = next) > start ) {
196 if ( DN_SEPARATOR( *next ) )
199 /* Append <dirsep> <p..end-1: RDN or database-suffix> */
200 for ( *ptr++ = LDAP_DIRSEP[0]; p < end; *ptr++ = ch ) {
202 if ( LDIF_ESCAPE_CHAR != '\\' && ch == '\\' ) {
203 ch = LDIF_ESCAPE_CHAR;
204 } else if ( IX_FSL != IX_DNL && ch == IX_DNL ) {
206 } else if ( IX_FSR != IX_DNR && ch == IX_DNR ) {
208 } else if ( LDIF_NEED_ESCAPE( ch ) ) {
209 *ptr++ = LDIF_ESCAPE_CHAR;
210 *ptr++ = hex[(ch & 0xFFU) >> 4];
211 ch = hex[ch & 0x0FU];
215 ptr = lutil_strcopy( ptr, LDIF );
216 res->bv_len = ptr - res->bv_val;
218 assert( res->bv_len <= len );
221 /* Make temporary filename pattern for mkstemp() based on dnpath. */
223 ldif_tempname( const struct berval *dnpath )
225 static const char suffix[] = "XXXXXX";
226 ber_len_t len = dnpath->bv_len;
227 char *name = SLAP_MALLOC( len + sizeof( suffix ) );
229 if ( name != NULL ) {
230 AC_MEMCPY( name, dnpath->bv_val, len );
231 strcpy( name + len, suffix );
237 * Read a file, or stat() it if datap == NULL. Allocate and fill *datap.
238 * Return LDAP_SUCCESS, LDAP_NO_SUCH_OBJECT (no such file), or another error.
241 ldif_read_file( const char *path, char **datap )
244 int res = -1; /* 0:success, <0:error, >0:file too big/growing. */
246 char *data = NULL, *ptr;
248 if ( datap == NULL ) {
249 res = stat( path, &st );
252 fd = open( path, O_RDONLY );
254 if ( fstat( fd, &st ) == 0 ) {
255 if ( st.st_size > INT_MAX - 2 ) {
258 len = st.st_size + 1; /* +1 detects file size > st.st_size */
259 *datap = data = ptr = SLAP_MALLOC( len + 1 );
261 while ( len && (res = read( fd, ptr, len )) ) {
265 } else if ( errno != EINTR ) {
273 if ( close( fd ) < 0 )
279 Debug( LDAP_DEBUG_TRACE, "ldif_read_file: %s: \"%s\"\n",
280 datap ? "read entry file" : "entry file exists", path, 0 );
283 if ( res < 0 && errno == ENOENT ) {
284 Debug( LDAP_DEBUG_TRACE, "ldif_read_file: "
285 "no entry file \"%s\"\n", path, 0, 0 );
286 rc = LDAP_NO_SUCH_OBJECT;
288 const char *msg = res < 0 ? STRERROR( errno ) : "bad stat() size";
289 Debug( LDAP_DEBUG_ANY, "ldif_read_file: %s for \"%s\"\n",
300 * return nonnegative for success or -1 for error
301 * do not return numbers less than -1
304 spew_file( int fd, const char *spew, int len, int *save_errno )
309 writeres = write(fd, spew, len);
312 if (*save_errno != EINTR)
327 const struct berval *path,
330 int rc = LDAP_OTHER, res, save_errno = 0;
331 int fd, entry_length;
332 char *entry_as_string, *tmpfname;
334 tmpfname = ldif_tempname( path );
335 fd = tmpfname == NULL ? -1 : mkstemp( tmpfname );
338 Debug( LDAP_DEBUG_ANY, "ldif_write_entry: %s for \"%s\": %s\n",
339 "cannot create file", e->e_dn, STRERROR( save_errno ) );
342 ber_len_t dn_len = e->e_name.bv_len;
345 /* Only save the RDN onto disk */
346 dnRdn( &e->e_name, &rdn );
347 if ( rdn.bv_len != dn_len ) {
348 e->e_name.bv_val[rdn.bv_len] = '\0';
349 e->e_name.bv_len = rdn.bv_len;
353 ldap_pvt_thread_mutex_lock( &entry2str_mutex );
354 entry_as_string = entry2str( e, &entry_length );
355 if ( entry_as_string != NULL )
356 res = spew_file( fd, entry_as_string, entry_length, &save_errno );
357 ldap_pvt_thread_mutex_unlock( &entry2str_mutex );
359 /* Restore full DN */
360 if ( rdn.bv_len != dn_len ) {
361 e->e_name.bv_val[rdn.bv_len] = ',';
362 e->e_name.bv_len = dn_len;
365 if ( close( fd ) < 0 && res >= 0 ) {
371 if ( move_file( tmpfname, path->bv_val ) == 0 ) {
372 Debug( LDAP_DEBUG_TRACE, "ldif_write_entry: "
373 "wrote entry \"%s\"\n", e->e_name.bv_val, 0, 0 );
377 Debug( LDAP_DEBUG_ANY, "ldif_write_entry: "
378 "could not put entry file for \"%s\" in place: %s\n",
379 e->e_name.bv_val, STRERROR( save_errno ), 0 );
381 } else if ( res == -1 ) {
382 Debug( LDAP_DEBUG_ANY, "ldif_write_entry: %s \"%s\": %s\n",
383 "write error to", tmpfname, STRERROR( save_errno ) );
384 *text = "internal error (write error to entry file)";
387 if ( rc != LDAP_SUCCESS ) {
392 if ( rc == LDAP_OTHER && save_errno == ENOENT )
393 rc = LDAP_NO_SUCH_OBJECT;
396 SLAP_FREE( tmpfname );
401 * Read the entry at path, or if entryp==NULL just see if it exists.
402 * pdn and pndn are the parent's DN and normalized DN, or both NULL.
403 * Return an LDAP result code.
416 char *entry_as_string;
419 rc = ldif_read_file( path, entryp ? &entry_as_string : NULL );
423 if ( entryp == NULL )
425 *entryp = entry = str2entry( entry_as_string );
426 SLAP_FREE( entry_as_string );
427 if ( entry == NULL ) {
430 *text = "internal error (cannot parse some entry file)";
433 if ( pdn == NULL || BER_BVISEMPTY( pdn ) )
435 /* Append parent DN to DN from LDIF file */
437 build_new_dn( &entry->e_name, pdn, &rdn, NULL );
438 SLAP_FREE( rdn.bv_val );
439 rdn = entry->e_nname;
440 build_new_dn( &entry->e_nname, pndn, &rdn, NULL );
441 SLAP_FREE( rdn.bv_val );
447 ? "internal error (cannot read some entry file)"
448 : "internal error (cannot stat some entry file)";
456 * Read the operation's entry, or if entryp==NULL just see if it exists.
457 * Return an LDAP result code. May set *text to a message on failure.
458 * If pathp is non-NULL, set it to the entry filename on success.
464 struct berval *pathp,
468 struct berval path, pdn, pndn;
470 dnParent(&op->o_req_dn, &pdn);
471 dnParent(&op->o_req_ndn, &pndn);
472 dn2path( op->o_bd, &op->o_req_ndn, &path );
473 rc = ldif_read_entry( op, path.bv_val, &pdn, &pndn, entryp, text );
475 if ( rc == LDAP_SUCCESS && pathp != NULL ) {
478 SLAP_FREE(path.bv_val);
483 static void fullpath(struct berval *base, struct berval *name, struct berval *res) {
485 res->bv_len = name->bv_len + base->bv_len + 1;
486 res->bv_val = ch_malloc( res->bv_len + 1 );
487 strcpy(res->bv_val, base->bv_val);
488 ptr = res->bv_val + base->bv_len;
489 *ptr++ = LDAP_DIRSEP[0];
490 strcpy(ptr, name->bv_val);
493 typedef struct bvlist {
502 static int r_enum_tree(enumCookie *ck, struct berval *path, int base,
503 struct berval *pdn, struct berval *pndn)
506 int fd = 0, rc = LDAP_SUCCESS;
509 rc = ldif_read_entry( ck->op, path->bv_val, pdn, pndn, &e,
510 ck->rs == NULL ? NULL : &ck->rs->sr_text );
511 if ( rc != LDAP_SUCCESS ) {
512 return LDAP_NO_SUCH_OBJECT;
515 if ( ck->op->ors_scope == LDAP_SCOPE_BASE ||
516 ck->op->ors_scope == LDAP_SCOPE_SUBTREE ) {
517 /* Send right away? */
520 * if it's a referral, add it to the list of referrals. only do
521 * this for non-base searches, and don't check the filter
522 * explicitly here since it's only a candidate anyway.
524 if ( !get_manageDSAit( ck->op )
525 && ck->op->ors_scope != LDAP_SCOPE_BASE
526 && is_entry_referral( e ) )
528 BerVarray erefs = get_entry_referrals( ck->op, e );
529 ck->rs->sr_ref = referral_rewrite( erefs,
531 ck->op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL
532 ? LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE );
534 ck->rs->sr_entry = e;
535 rc = send_search_reference( ck->op, ck->rs );
536 ber_bvarray_free( ck->rs->sr_ref );
537 ber_bvarray_free( erefs );
538 ck->rs->sr_ref = NULL;
539 ck->rs->sr_entry = NULL;
541 } else if ( test_filter( ck->op, e, ck->op->ors_filter ) == LDAP_COMPARE_TRUE )
543 ck->rs->sr_entry = e;
544 ck->rs->sr_attrs = ck->op->ors_attrs;
545 ck->rs->sr_flags = REP_ENTRY_MODIFIABLE;
546 rc = send_search_entry(ck->op, ck->rs);
547 ck->rs->sr_entry = NULL;
553 /* Queueing up for tool mode */
554 if(ck->entries == NULL) {
555 ck->entries = (Entry **) ch_malloc(sizeof(Entry *) * ENTRY_BUFF_INCREMENT);
556 ck->elen = ENTRY_BUFF_INCREMENT;
558 if(ck->eind >= ck->elen) { /* grow entries if necessary */
559 ck->entries = (Entry **) ch_realloc(ck->entries, sizeof(Entry *) * (ck->elen) * 2);
563 ck->entries[ck->eind++] = e;
571 if ( ck->op->ors_scope != LDAP_SCOPE_BASE ) {
573 bvlist *list = NULL, *ptr;
575 path->bv_len -= STRLENOF( LDIF );
576 path->bv_val[path->bv_len] = '\0';
578 dir_of_path = opendir(path->bv_val);
579 if(dir_of_path == NULL) { /* can't open directory */
580 if ( errno != ENOENT ) {
581 /* it shouldn't be treated as an error
582 * only if the directory doesn't exist */
584 Debug( LDAP_DEBUG_ANY,
585 "=> ldif_enum_tree: failed to opendir %s (%d)\n",
586 path->bv_val, errno, 0 );
592 struct berval fname, itmp;
596 dir = readdir(dir_of_path);
597 if(dir == NULL) break; /* end of the directory */
598 fname.bv_len = strlen( dir->d_name );
599 if ( fname.bv_len <= STRLENOF( LDIF ))
601 if ( strcmp( dir->d_name + (fname.bv_len - STRLENOF(LDIF)), LDIF))
603 fname.bv_val = dir->d_name;
605 bvl = ch_malloc( sizeof(bvlist) );
606 ber_dupbv( &bvl->bv, &fname );
607 BER_BVZERO( &bvl->num );
608 itmp.bv_val = ber_bvchr( &bvl->bv, IX_FSL );
612 itmp.bv_len = bvl->bv.bv_len
613 - ( itmp.bv_val - bvl->bv.bv_val );
614 ptr = ber_bvchr( &itmp, IX_FSR );
616 itmp.bv_len = ptr - itmp.bv_val;
617 ber_dupbv( &bvl->num, &itmp );
618 bvl->inum = strtol( itmp.bv_val, NULL, 0 );
619 itmp.bv_val[0] = '\0';
620 bvl->off = itmp.bv_val - bvl->bv.bv_val;
624 for (prev = &list; (ptr = *prev) != NULL; prev = &ptr->next) {
625 int cmp = strcmp( bvl->bv.bv_val, ptr->bv.bv_val );
626 if ( !cmp && bvl->num.bv_val )
627 cmp = bvl->inum - ptr->inum;
635 closedir(dir_of_path);
637 if (ck->op->ors_scope == LDAP_SCOPE_ONELEVEL)
638 ck->op->ors_scope = LDAP_SCOPE_BASE;
639 else if ( ck->op->ors_scope == LDAP_SCOPE_SUBORDINATE)
640 ck->op->ors_scope = LDAP_SCOPE_SUBTREE;
642 while ( ( ptr = list ) ) {
647 if ( rc == LDAP_SUCCESS ) {
648 if ( ptr->num.bv_val )
649 AC_MEMCPY( ptr->bv.bv_val + ptr->off, ptr->num.bv_val,
651 fullpath( path, &ptr->bv, &fpath );
652 rc = r_enum_tree(ck, &fpath, 0,
653 e != NULL ? &e->e_name : pdn,
654 e != NULL ? &e->e_nname : pndn );
657 if ( ptr->num.bv_val )
658 free( ptr->num.bv_val );
659 free(ptr->bv.bv_val);
664 if ( fd ) entry_free( e );
674 struct berval pdn, pndn;
677 dnParent( &ck->op->o_req_dn, &pdn );
678 dnParent( &ck->op->o_req_ndn, &pndn );
679 dn2path( ck->op->o_bd, &ck->op->o_req_ndn, &path );
680 rc = r_enum_tree(ck, &path, BER_BVISEMPTY( &ck->op->o_req_ndn ) ? 1 : 0, &pdn, &pndn);
681 ch_free( path.bv_val );
686 /* Get the parent directory path, plus the LDIF suffix overwritten by a \0 */
688 get_parent_path( struct berval *dnpath, struct berval *res )
690 int dnpathlen = dnpath->bv_len;
693 for(i = dnpathlen;i>0;i--) /* find the first path seperator */
694 if(dnpath->bv_val[i] == LDAP_DIRSEP[0])
697 res->bv_val = ch_malloc( res->bv_len + 1 + STRLENOF(LDIF) );
698 strncpy(res->bv_val, dnpath->bv_val, i);
699 strcpy(res->bv_val+i, LDIF);
700 res->bv_val[i] = '\0';
703 static int apply_modify_to_entry(Entry * entry,
704 Modifications * modlist,
708 char textbuf[SLAP_TEXT_BUFLEN];
709 int rc = modlist ? LDAP_UNWILLING_TO_PERFORM : LDAP_SUCCESS;
713 if (!acl_check_modlist(op, entry, modlist)) {
714 return LDAP_INSUFFICIENT_ACCESS;
717 for (; modlist != NULL; modlist = modlist->sml_next) {
718 mods = &modlist->sml_mod;
720 if ( mods->sm_desc == slap_schema.si_ad_objectClass ) {
723 switch (mods->sm_op) {
725 rc = modify_add_values(entry, mods,
726 get_permissiveModify(op),
727 &rs->sr_text, textbuf,
731 case LDAP_MOD_DELETE:
732 rc = modify_delete_values(entry, mods,
733 get_permissiveModify(op),
734 &rs->sr_text, textbuf,
738 case LDAP_MOD_REPLACE:
739 rc = modify_replace_values(entry, mods,
740 get_permissiveModify(op),
741 &rs->sr_text, textbuf,
745 case LDAP_MOD_INCREMENT:
746 rc = modify_increment_values( entry,
747 mods, get_permissiveModify(op),
748 &rs->sr_text, textbuf,
752 case SLAP_MOD_SOFTADD:
753 mods->sm_op = LDAP_MOD_ADD;
754 rc = modify_add_values(entry, mods,
755 get_permissiveModify(op),
756 &rs->sr_text, textbuf,
758 mods->sm_op = SLAP_MOD_SOFTADD;
759 if (rc == LDAP_TYPE_OR_VALUE_EXISTS) {
764 if(rc != LDAP_SUCCESS) break;
767 if ( rc == LDAP_SUCCESS ) {
768 rs->sr_text = NULL; /* Needed at least with SLAP_MOD_SOFTADD */
770 entry->e_ocflags = 0;
772 /* check that the entry still obeys the schema */
773 rc = entry_schema_check( op, entry, NULL, 0, 0,
774 &rs->sr_text, textbuf, sizeof( textbuf ) );
781 ldif_back_referrals( Operation *op, SlapReply *rs )
783 struct ldif_info *li = NULL;
785 int rc = LDAP_SUCCESS;
788 if ( op->o_tag == LDAP_REQ_SEARCH ) {
789 /* let search take care of itself */
794 if ( get_manageDSAit( op ) ) {
795 /* let op take care of DSA management */
799 if ( BER_BVISEMPTY( &op->o_req_ndn ) ) {
800 /* the empty DN cannot be a referral */
804 li = (struct ldif_info *)op->o_bd->be_private;
805 ldap_pvt_thread_rdwr_rlock( &li->li_rdwr );
806 get_entry( op, &entry, NULL, &rs->sr_text );
808 /* no object is found for them */
809 if ( entry == NULL ) {
810 struct berval odn = op->o_req_dn;
811 struct berval ondn = op->o_req_ndn;
812 struct berval pndn = ondn;
813 ber_len_t min_dnlen = op->o_bd->be_nsuffix[0].bv_len;
815 if ( min_dnlen == 0 )
816 min_dnlen = 1; /* catch empty DN */
818 for ( ; entry == NULL; ) {
819 dnParent( &pndn, &pndn );
820 if ( pndn.bv_len < min_dnlen ) {
825 op->o_req_ndn = pndn;
827 get_entry( op, &entry, NULL, &rs->sr_text );
830 ldap_pvt_thread_rdwr_runlock( &li->li_rdwr );
833 op->o_req_ndn = ondn;
836 rs->sr_matched = NULL;
837 if ( entry != NULL ) {
838 Debug( LDAP_DEBUG_TRACE,
839 "ldif_back_referrals: tag=%lu target=\"%s\" matched=\"%s\"\n",
840 (unsigned long) op->o_tag, op->o_req_dn.bv_val, entry->e_name.bv_val );
842 if ( is_entry_referral( entry ) ) {
844 rs->sr_ref = get_entry_referrals( op, entry );
846 rs->sr_matched = ber_strdup_x(
847 entry->e_name.bv_val, op->o_tmpmemctx );
853 } else if ( default_referral != NULL ) {
855 rs->sr_ref = referral_rewrite( default_referral,
856 NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
859 if ( rs->sr_ref != NULL ) {
861 rc = rs->sr_err = LDAP_REFERRAL;
862 send_ldap_result( op, rs );
863 ber_bvarray_free( rs->sr_ref );
866 } else if ( rc != LDAP_SUCCESS ) {
867 rs->sr_text = rs->sr_matched ? "bad referral object" : NULL;
870 if ( rs->sr_matched ) {
871 op->o_tmpfree( (char *)rs->sr_matched, op->o_tmpmemctx );
872 rs->sr_matched = NULL;
878 ldap_pvt_thread_rdwr_runlock( &li->li_rdwr );
880 if ( is_entry_referral( entry ) ) {
881 /* entry is a referral */
882 BerVarray refs = get_entry_referrals( op, entry );
883 rs->sr_ref = referral_rewrite(
884 refs, &entry->e_name, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
886 Debug( LDAP_DEBUG_TRACE,
887 "ldif_back_referrals: tag=%lu target=\"%s\" matched=\"%s\"\n",
888 (unsigned long) op->o_tag, op->o_req_dn.bv_val, entry->e_name.bv_val );
890 rs->sr_matched = entry->e_name.bv_val;
891 if ( rs->sr_ref != NULL ) {
892 rc = rs->sr_err = LDAP_REFERRAL;
893 send_ldap_result( op, rs );
894 ber_bvarray_free( rs->sr_ref );
899 rs->sr_text = "bad referral object";
902 rs->sr_matched = NULL;
903 ber_bvarray_free( refs );
912 /* LDAP operations */
915 ldif_back_bind( Operation *op, SlapReply *rs )
917 struct ldif_info *li;
919 AttributeDescription *password = slap_schema.si_ad_userPassword;
923 switch ( be_rootdn_bind( op, rs ) ) {
924 case SLAP_CB_CONTINUE:
928 /* in case of success, front end will send result;
929 * otherwise, be_rootdn_bind() did */
933 li = (struct ldif_info *) op->o_bd->be_private;
934 ldap_pvt_thread_rdwr_rlock(&li->li_rdwr);
935 return_val = get_entry(op, &entry, NULL, NULL);
937 /* no object is found for them */
938 if(return_val != LDAP_SUCCESS) {
939 rs->sr_err = return_val = LDAP_INVALID_CREDENTIALS;
943 /* they don't have userpassword */
944 if((a = attr_find(entry->e_attrs, password)) == NULL) {
945 rs->sr_err = LDAP_INAPPROPRIATE_AUTH;
950 /* authentication actually failed */
951 if(slap_passwd_check(op, entry, a, &op->oq_bind.rb_cred,
952 &rs->sr_text) != 0) {
953 rs->sr_err = LDAP_INVALID_CREDENTIALS;
958 /* let the front-end send success */
963 ldap_pvt_thread_rdwr_runlock(&li->li_rdwr);
965 send_ldap_result( op, rs );
971 static int ldif_back_search(Operation *op, SlapReply *rs)
973 struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
974 enumCookie ck = { NULL, NULL, NULL, 0, 0 };
978 ldap_pvt_thread_rdwr_rlock(&li->li_rdwr);
979 rs->sr_err = enum_tree( &ck );
980 ldap_pvt_thread_rdwr_runlock(&li->li_rdwr);
981 send_ldap_result(op, rs);
986 static int ldif_back_add(Operation *op, SlapReply *rs) {
987 struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
988 Entry * e = op->ora_e;
989 struct berval dn = e->e_nname;
990 struct berval leaf_path = BER_BVNULL;
993 char textbuf[SLAP_TEXT_BUFLEN];
995 Debug( LDAP_DEBUG_TRACE, "ldif_back_add: \"%s\"\n", dn.bv_val, 0, 0);
997 rs->sr_err = entry_schema_check(op, e, NULL, 0, 1,
998 &rs->sr_text, textbuf, sizeof( textbuf ) );
999 if ( rs->sr_err != LDAP_SUCCESS ) goto send_res;
1001 rs->sr_err = slap_add_opattrs( op,
1002 &rs->sr_text, textbuf, sizeof( textbuf ), 1 );
1003 if ( rs->sr_err != LDAP_SUCCESS ) goto send_res;
1005 ldap_pvt_thread_rdwr_wlock(&li->li_rdwr);
1007 dn2path( op->o_bd, &dn, &leaf_path );
1009 if(leaf_path.bv_val != NULL) {
1010 struct berval base = BER_BVNULL;
1011 /* build path to container and ldif of container */
1012 get_parent_path(&leaf_path, &base);
1014 statres = stat(base.bv_val, &stats); /* check if container exists */
1015 if(statres == -1 && errno == ENOENT) { /* container missing */
1016 base.bv_val[base.bv_len] = LDIF_FILETYPE_SEP;
1017 statres = stat(base.bv_val, &stats); /* check for leaf node */
1018 base.bv_val[base.bv_len] = '\0';
1019 if(statres == -1 && errno == ENOENT) {
1020 rs->sr_err = LDAP_NO_SUCH_OBJECT; /* parent doesn't exist */
1021 rs->sr_text = "Parent does not exist";
1023 else if(statres != -1) { /* create parent */
1024 int mkdirres = mkdir(base.bv_val, 0750);
1025 if(mkdirres == -1) {
1026 rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
1027 rs->sr_text = "Could not create parent folder";
1028 Debug( LDAP_DEBUG_ANY, "could not create folder \"%s\": %s\n",
1029 base.bv_val, STRERROR( errno ), 0 );
1033 rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
1034 }/* container was possibly created, move on to add the entry */
1035 if(rs->sr_err == LDAP_SUCCESS) {
1036 statres = stat(leaf_path.bv_val, &stats);
1037 if(statres == -1 && errno == ENOENT) {
1038 rs->sr_err = ldif_write_entry( op, e, &leaf_path, &rs->sr_text );
1040 else if ( statres == -1 ) {
1041 rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
1042 Debug( LDAP_DEBUG_ANY, "could not stat file \"%s\": %s\n",
1043 leaf_path.bv_val, STRERROR( errno ), 0 );
1045 else /* it already exists */
1046 rs->sr_err = LDAP_ALREADY_EXISTS;
1048 SLAP_FREE(base.bv_val);
1049 SLAP_FREE(leaf_path.bv_val);
1052 ldap_pvt_thread_rdwr_wunlock(&li->li_rdwr);
1055 Debug( LDAP_DEBUG_TRACE,
1056 "ldif_back_add: err: %d text: %s\n", rs->sr_err, rs->sr_text ?
1057 rs->sr_text : "", 0);
1058 send_ldap_result(op, rs);
1059 slap_graduate_commit_csn( op );
1063 static int ldif_back_modify(Operation *op, SlapReply *rs) {
1064 struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
1065 Modifications * modlst = op->orm_modlist;
1070 slap_mods_opattrs( op, &op->orm_modlist, 1 );
1072 ldap_pvt_thread_rdwr_wlock(&li->li_rdwr);
1074 rc = get_entry( op, &entry, &path, &rs->sr_text );
1075 if ( rc == LDAP_SUCCESS ) {
1076 rc = apply_modify_to_entry( entry, modlst, op, rs );
1077 if ( rc == LDAP_SUCCESS ) {
1078 rc = ldif_write_entry( op, entry, &path, &rs->sr_text );
1081 entry_free( entry );
1082 SLAP_FREE( path.bv_val );
1085 ldap_pvt_thread_rdwr_wunlock(&li->li_rdwr);
1088 send_ldap_result( op, rs );
1089 slap_graduate_commit_csn( op );
1094 ldif_back_delete( Operation *op, SlapReply *rs )
1096 struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
1098 int rc = LDAP_SUCCESS;
1101 if ( BER_BVISEMPTY( &op->o_csn )) {
1103 char csnbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
1105 csn.bv_val = csnbuf;
1106 csn.bv_len = sizeof( csnbuf );
1107 slap_get_csn( op, &csn, 1 );
1110 ldap_pvt_thread_rdwr_wlock(&li->li_rdwr);
1112 dn2path( op->o_bd, &op->o_req_ndn, &path );
1113 path.bv_val[path.bv_len - STRLENOF(LDIF)] = '\0';
1114 res = rmdir(path.bv_val);
1115 path.bv_val[path.bv_len - STRLENOF(LDIF)] = LDIF_FILETYPE_SEP;
1119 rc = LDAP_NOT_ALLOWED_ON_NONLEAF;
1122 /* is leaf, go on */
1126 rs->sr_text = "internal error (cannot delete subtree directory)";
1131 if ( rc == LDAP_SUCCESS ) {
1132 res = unlink(path.bv_val);
1134 rc = LDAP_NO_SUCH_OBJECT;
1135 if ( errno != ENOENT ) {
1137 rs->sr_text = "internal error (cannot delete entry file)";
1142 SLAP_FREE(path.bv_val);
1143 ldap_pvt_thread_rdwr_wunlock(&li->li_rdwr);
1145 send_ldap_result( op, rs );
1146 slap_graduate_commit_csn( op );
1155 struct berval *oldpath,
1160 struct berval newpath;
1162 dn2path( op->o_bd, &entry->e_nname, &newpath );
1164 if((entry == NULL || oldpath->bv_val == NULL) || newpath.bv_val == NULL) {
1165 /* some object doesn't exist */
1166 res = LDAP_NO_SUCH_OBJECT;
1168 else { /* do the modrdn */
1169 exists_res = open(newpath.bv_val, O_RDONLY);
1170 if(exists_res == -1 && errno == ENOENT) {
1171 res = ldif_write_entry( op, entry, &newpath, text );
1172 if ( res == LDAP_SUCCESS ) {
1173 /* if this fails we should log something bad */
1174 res = unlink( oldpath->bv_val );
1175 oldpath->bv_val[oldpath->bv_len - STRLENOF(".ldif")] = '\0';
1176 newpath.bv_val[newpath.bv_len - STRLENOF(".ldif")] = '\0';
1177 res = rename( oldpath->bv_val, newpath.bv_val );
1181 else if(exists_res) {
1182 int close_res = close(exists_res);
1183 res = LDAP_ALREADY_EXISTS;
1184 if(close_res == -1) {
1185 /* log heinous error */
1189 res = LDAP_UNWILLING_TO_PERFORM;
1193 if(newpath.bv_val != NULL)
1194 SLAP_FREE(newpath.bv_val);
1199 ldif_back_modrdn(Operation *op, SlapReply *rs)
1201 struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
1202 struct berval new_dn = BER_BVNULL, new_ndn = BER_BVNULL;
1203 struct berval p_dn, old_path;
1207 slap_mods_opattrs( op, &op->orr_modlist, 1 );
1209 ldap_pvt_thread_rdwr_wlock( &li->li_rdwr );
1211 rc = get_entry( op, &entry, &old_path, &rs->sr_text );
1212 if ( rc == LDAP_SUCCESS ) {
1213 /* build new dn, and new ndn for the entry */
1214 if ( op->oq_modrdn.rs_newSup != NULL ) {
1215 struct berval op_dn = op->o_req_dn,
1216 op_ndn = op->o_req_ndn;
1220 p_dn = *op->oq_modrdn.rs_newSup;
1221 op->o_req_dn = *op->oq_modrdn.rs_newSup;
1222 op->o_req_ndn = *op->oq_modrdn.rs_nnewSup;
1223 rc = get_entry( op, &np, NULL, &rs->sr_text );
1224 op->o_req_dn = op_dn;
1225 op->o_req_ndn = op_ndn;
1226 if ( rc != LDAP_SUCCESS ) {
1227 goto no_such_object;
1231 dnParent( &entry->e_name, &p_dn );
1233 build_new_dn( &new_dn, &p_dn, &op->oq_modrdn.rs_newrdn, NULL );
1234 dnNormalize( 0, NULL, NULL, &new_dn, &new_ndn, NULL );
1235 ber_memfree_x( entry->e_name.bv_val, NULL );
1236 ber_memfree_x( entry->e_nname.bv_val, NULL );
1237 entry->e_name = new_dn;
1238 entry->e_nname = new_ndn;
1240 /* perform the modifications */
1241 rc = apply_modify_to_entry( entry, op->orr_modlist, op, rs );
1242 if ( rc == LDAP_SUCCESS )
1243 rc = ldif_move_entry( op, entry, &old_path, &rs->sr_text );
1246 entry_free( entry );
1247 SLAP_FREE( old_path.bv_val );
1250 ldap_pvt_thread_rdwr_wunlock( &li->li_rdwr );
1252 send_ldap_result( op, rs );
1253 slap_graduate_commit_csn( op );
1258 /* Return LDAP_SUCCESS IFF we retrieve the specified entry. */
1260 ldif_back_entry_get(
1264 AttributeDescription *at,
1268 struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
1269 struct berval op_dn = op->o_req_dn, op_ndn = op->o_req_ndn;
1272 assert( ndn != NULL );
1273 assert( !BER_BVISNULL( ndn ) );
1275 ldap_pvt_thread_rdwr_rlock( &li->li_rdwr );
1276 op->o_req_dn = *ndn;
1277 op->o_req_ndn = *ndn;
1278 rc = get_entry( op, e, NULL, NULL );
1279 op->o_req_dn = op_dn;
1280 op->o_req_ndn = op_ndn;
1281 ldap_pvt_thread_rdwr_runlock( &li->li_rdwr );
1283 if ( rc == LDAP_SUCCESS && oc && !is_entry_objectclass_or_sub( *e, oc ) ) {
1284 rc = LDAP_NO_SUCH_ATTRIBUTE;
1295 static int ldif_tool_entry_open(BackendDB *be, int mode) {
1296 struct ldif_info *li = (struct ldif_info *) be->be_private;
1297 li->li_tool_current = 0;
1301 static int ldif_tool_entry_close(BackendDB * be) {
1302 struct ldif_info *li = (struct ldif_info *) be->be_private;
1304 SLAP_FREE(li->li_tool_cookie.entries);
1308 static ID ldif_tool_entry_next(BackendDB *be)
1310 struct ldif_info *li = (struct ldif_info *) be->be_private;
1311 if(li->li_tool_current >= li->li_tool_cookie.eind)
1314 return ++li->li_tool_current;
1318 ldif_tool_entry_first(BackendDB *be)
1320 struct ldif_info *li = (struct ldif_info *) be->be_private;
1322 if(li->li_tool_cookie.entries == NULL) {
1326 op.o_req_dn = *be->be_suffix;
1327 op.o_req_ndn = *be->be_nsuffix;
1328 op.ors_scope = LDAP_SCOPE_SUBTREE;
1329 li->li_tool_cookie.op = &op;
1330 (void)enum_tree( &li->li_tool_cookie );
1331 li->li_tool_cookie.op = NULL;
1333 return ldif_tool_entry_next( be );
1336 static Entry * ldif_tool_entry_get(BackendDB * be, ID id) {
1337 struct ldif_info *li = (struct ldif_info *) be->be_private;
1340 if(id > li->li_tool_cookie.eind || id < 1)
1343 e = li->li_tool_cookie.entries[id - 1];
1344 li->li_tool_cookie.entries[id - 1] = NULL;
1350 ldif_tool_entry_put( BackendDB *be, Entry *e, struct berval *text )
1353 const char *errmsg = NULL;
1354 struct berval leaf_path = BER_BVNULL;
1357 int res = LDAP_SUCCESS;
1360 dn2path( be, &e->e_nname, &leaf_path );
1362 if(leaf_path.bv_val != NULL) {
1363 struct berval base = BER_BVNULL;
1364 /* build path to container, and path to ldif of container */
1365 get_parent_path(&leaf_path, &base);
1367 statres = stat(base.bv_val, &stats); /* check if container exists */
1368 if(statres == -1 && errno == ENOENT) { /* container missing */
1369 base.bv_val[base.bv_len] = LDIF_FILETYPE_SEP;
1370 statres = stat(base.bv_val, &stats); /* check for leaf node */
1371 base.bv_val[base.bv_len] = '\0';
1372 if(statres == -1 && errno == ENOENT) {
1373 res = LDAP_NO_SUCH_OBJECT; /* parent doesn't exist */
1375 else if(statres != -1) { /* create parent */
1376 int mkdirres = mkdir(base.bv_val, 0750);
1377 if(mkdirres == -1) {
1378 res = LDAP_UNWILLING_TO_PERFORM;
1382 res = LDAP_UNWILLING_TO_PERFORM;
1383 }/* container was possibly created, move on to add the entry */
1384 if(res == LDAP_SUCCESS) {
1385 statres = stat(leaf_path.bv_val, &stats);
1386 if(statres == -1 && errno == ENOENT) {
1387 res = ldif_write_entry( &op, e, &leaf_path, &errmsg );
1389 else /* it already exists */
1390 res = LDAP_ALREADY_EXISTS;
1392 SLAP_FREE(base.bv_val);
1393 SLAP_FREE(leaf_path.bv_val);
1396 if(res == LDAP_SUCCESS) {
1400 if ( errmsg == NULL && rc != LDAP_OTHER )
1401 errmsg = ldap_err2string( rc );
1402 if ( errmsg != NULL )
1403 snprintf( text->bv_val, text->bv_len, "%s", errmsg );
1411 ldif_back_db_init( BackendDB *be, ConfigReply *cr )
1413 struct ldif_info *li;
1415 li = ch_calloc( 1, sizeof(struct ldif_info) );
1416 be->be_private = li;
1417 be->be_cf_ocs = ldifocs;
1418 ldap_pvt_thread_rdwr_init(&li->li_rdwr);
1419 SLAP_DBFLAGS( be ) |= SLAP_DBFLAG_ONE_SUFFIX;
1424 ldif_back_db_destroy( Backend *be, ConfigReply *cr )
1426 struct ldif_info *li = be->be_private;
1428 ch_free(li->li_base_path.bv_val);
1429 ldap_pvt_thread_rdwr_destroy(&li->li_rdwr);
1430 free( be->be_private );
1435 ldif_back_db_open( Backend *be, ConfigReply *cr)
1437 struct ldif_info *li = (struct ldif_info *) be->be_private;
1438 if( BER_BVISEMPTY(&li->li_base_path)) {/* missing base path */
1439 Debug( LDAP_DEBUG_ANY, "missing base path for back-ldif\n", 0, 0, 0);
1446 ldif_back_initialize(
1450 static char *controls[] = {
1451 LDAP_CONTROL_MANAGEDSAIT,
1457 SLAP_BFLAG_INCREMENT |
1458 SLAP_BFLAG_REFERRALS;
1460 bi->bi_controls = controls;
1467 bi->bi_db_init = ldif_back_db_init;
1468 bi->bi_db_config = config_generic_wrapper;
1469 bi->bi_db_open = ldif_back_db_open;
1470 bi->bi_db_close = 0;
1471 bi->bi_db_destroy = ldif_back_db_destroy;
1473 bi->bi_op_bind = ldif_back_bind;
1474 bi->bi_op_unbind = 0;
1475 bi->bi_op_search = ldif_back_search;
1476 bi->bi_op_compare = 0;
1477 bi->bi_op_modify = ldif_back_modify;
1478 bi->bi_op_modrdn = ldif_back_modrdn;
1479 bi->bi_op_add = ldif_back_add;
1480 bi->bi_op_delete = ldif_back_delete;
1481 bi->bi_op_abandon = 0;
1483 bi->bi_extended = 0;
1485 bi->bi_chk_referrals = ldif_back_referrals;
1487 bi->bi_connection_init = 0;
1488 bi->bi_connection_destroy = 0;
1490 bi->bi_entry_get_rw = ldif_back_entry_get;
1492 #if 0 /* NOTE: uncomment to completely disable access control */
1493 bi->bi_access_allowed = slap_access_always_allowed;
1496 bi->bi_tool_entry_open = ldif_tool_entry_open;
1497 bi->bi_tool_entry_close = ldif_tool_entry_close;
1498 bi->bi_tool_entry_first = ldif_tool_entry_first;
1499 bi->bi_tool_entry_next = ldif_tool_entry_next;
1500 bi->bi_tool_entry_get = ldif_tool_entry_get;
1501 bi->bi_tool_entry_put = ldif_tool_entry_put;
1502 bi->bi_tool_entry_reindex = 0;
1503 bi->bi_tool_sync = 0;
1505 bi->bi_tool_dn2id_get = 0;
1506 bi->bi_tool_entry_modify = 0;
1508 bi->bi_cf_ocs = ldifocs;
1510 rc = config_register_schema( ldifcfg, ldifocs );
1511 if ( rc ) return rc;