1 /* ldif.c - the ldif backend */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2005-2008 The OpenLDAP Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
17 * This work was originally developed by Eric Stokes for inclusion
18 * in OpenLDAP Software.
23 #include <ac/string.h>
24 #include <sys/types.h>
26 #include <ac/dirent.h>
29 #include <ac/unistd.h>
34 typedef struct enumCookie {
43 struct berval li_base_path;
44 enumCookie li_tool_cookie;
46 ldap_pvt_thread_rdwr_t li_rdwr;
50 #define mkdir(a,b) mkdir(a)
55 #define LDIF_FILETYPE_SEP '.' /* LDIF[0] */
58 * Unsafe/translated characters in the filesystem.
60 * LDIF_UNSAFE_CHAR(c) returns true if the character c is not to be used
61 * in relative filenames, except it should accept '\\' even if unsafe and
62 * need not reject '{' and '}'. The value should be a constant expression.
64 * If '\\' is unsafe, #define LDIF_ESCAPE_CHAR as a safe character.
66 * If '{' and '}' are unsafe, #define IX_FSL/IX_FSR as safe characters.
67 * (Not digits, '-' or '+'. IX_FSL == IX_FSR is allowed.)
69 * Characters are escaped as LDIF_ESCAPE_CHAR followed by two hex digits,
70 * except '\\' is replaced with LDIF_ESCAPE_CHAR and {} with IX_FS[LR].
71 * Also some LDIF special chars are hex-escaped.
73 * Thus an LDIF filename is a valid normalized RDN (or suffix DN)
74 * followed by ".ldif", except with '\\' replaced with LDIF_ESCAPE_CHAR.
80 * Unix/MacOSX version. ':' vs '/' can cause confusion on MacOSX so we
81 * escape both. We escape them on Unix so both OS variants get the same
84 #define LDIF_ESCAPE_CHAR '\\'
85 #define LDIF_UNSAFE_CHAR(c) ((c) == '/' || (c) == ':')
89 /* Windows version - Microsoft's list of unsafe characters, except '\\' */
90 #define LDIF_ESCAPE_CHAR '^'
91 #define LDIF_UNSAFE_CHAR(c) \
92 ((c) == '/' || (c) == ':' || \
93 (c) == '<' || (c) == '>' || (c) == '"' || \
94 (c) == '|' || (c) == '?' || (c) == '*')
99 * Left and Right "{num}" prefix to ordered RDNs ("olcDatabase={1}bdb").
100 * IX_DN* are for LDAP RDNs, IX_FS* for their .ldif filenames.
105 #define IX_FSL IX_DNL
106 #define IX_FSR IX_DNR
110 * Test for unsafe chars, as well as chars handled specially by back-ldif:
111 * - If the escape char is not '\\', it must itself be escaped. Otherwise
112 * '\\' and the escape char would map to the same character.
113 * - Escape the '.' in ".ldif", so the directory for an RDN that actually
114 * ends with ".ldif" can not conflict with a file of the same name. And
115 * since some OSes/programs choke on multiple '.'s, escape all of them.
116 * - If '{' and '}' are translated to some other characters, those
117 * characters must in turn be escaped when they occur in an RDN.
119 #ifndef LDIF_NEED_ESCAPE
120 #define LDIF_NEED_ESCAPE(c) \
121 ((LDIF_UNSAFE_CHAR(c)) || \
122 LDIF_MAYBE_UNSAFE(c, LDIF_ESCAPE_CHAR) || \
123 LDIF_MAYBE_UNSAFE(c, LDIF_FILETYPE_SEP) || \
124 LDIF_MAYBE_UNSAFE(c, IX_FSL) || \
125 (IX_FSR != IX_FSL && LDIF_MAYBE_UNSAFE(c, IX_FSR)))
128 * Helper macro for LDIF_NEED_ESCAPE(): Treat character x as unsafe if
129 * back-ldif does not already treat is specially.
131 #define LDIF_MAYBE_UNSAFE(c, x) \
132 (!(LDIF_UNSAFE_CHAR(x) || (x) == '\\' || (x) == IX_DNL || (x) == IX_DNR) \
136 #define ENTRY_BUFF_INCREMENT 500
138 static ConfigTable ldifcfg[] = {
139 { "directory", "dir", 2, 2, 0, ARG_BERVAL|ARG_OFFSET,
140 (void *)offsetof(struct ldif_info, li_base_path),
141 "( OLcfgDbAt:0.1 NAME 'olcDbDirectory' "
142 "DESC 'Directory for database content' "
143 "EQUALITY caseIgnoreMatch "
144 "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
145 { NULL, NULL, 0, 0, 0, ARG_IGNORED,
146 NULL, NULL, NULL, NULL }
149 static ConfigOCs ldifocs[] = {
151 "NAME 'olcLdifConfig' "
152 "DESC 'LDIF backend configuration' "
153 "SUP olcDatabaseConfig "
154 "MUST ( olcDbDirectory ) )", Cft_Database, ldifcfg },
159 /* Set *res = LDIF filename path for the normalized DN */
161 dn2path( BackendDB *be, struct berval *dn, struct berval *res )
163 struct ldif_info *li = (struct ldif_info *) be->be_private;
164 struct berval *suffixdn = &be->be_nsuffix[0];
165 const char *start, *end, *next, *p;
168 static const char hex[] = "0123456789ABCDEF";
170 assert( dn != NULL );
171 assert( !BER_BVISNULL( dn ) );
172 assert( suffixdn != NULL );
173 assert( !BER_BVISNULL( suffixdn ) );
174 assert( dnIsSuffix( dn, suffixdn ) );
177 end = start + dn->bv_len;
179 /* Room for dir, dirsep, dn, LDIF, "\hexpair"-escaping of unsafe chars */
180 len = li->li_base_path.bv_len + dn->bv_len + (1 + STRLENOF( LDIF ));
181 for ( p = start; p < end; ) {
183 if ( LDIF_NEED_ESCAPE( ch ) )
186 res->bv_val = ch_malloc( len + 1 );
188 ptr = lutil_strcopy( res->bv_val, li->li_base_path.bv_val );
189 for ( next = end - suffixdn->bv_len; end > start; end = next ) {
190 /* Set p = start of DN component, next = &',' or start of DN */
191 while ( (p = next) > start ) {
193 if ( DN_SEPARATOR( *next ) )
196 /* Append <dirsep> <p..end-1: RDN or database-suffix> */
197 for ( *ptr++ = LDAP_DIRSEP[0]; p < end; *ptr++ = ch ) {
199 if ( LDIF_ESCAPE_CHAR != '\\' && ch == '\\' ) {
200 ch = LDIF_ESCAPE_CHAR;
201 } else if ( IX_FSL != IX_DNL && ch == IX_DNL ) {
203 } else if ( IX_FSR != IX_DNR && ch == IX_DNR ) {
205 } else if ( LDIF_NEED_ESCAPE( ch ) ) {
206 *ptr++ = LDIF_ESCAPE_CHAR;
207 *ptr++ = hex[(ch & 0xFFU) >> 4];
208 ch = hex[ch & 0x0FU];
212 ptr = lutil_strcopy( ptr, LDIF );
213 res->bv_len = ptr - res->bv_val;
215 assert( res->bv_len <= len );
218 static char * slurp_file(int fd) {
219 int read_chars_total = 0;
227 entry_size = st.st_size;
228 entry = ch_malloc( entry_size+1 );
232 read_chars = read(fd, (void *) entry_pos, entry_size - read_chars_total);
233 if(read_chars == -1) {
237 if(read_chars == 0) {
238 entry[read_chars_total] = '\0';
242 read_chars_total += read_chars;
243 entry_pos += read_chars;
250 * return nonnegative for success or -1 for error
251 * do not return numbers less than -1
253 static int spew_file(int fd, char * spew, int len) {
257 writeres = write(fd, spew, len);
270 spew_entry( Entry * e, struct berval * path, int dolock, int *save_errnop )
272 int rs, save_errno = 0;
276 char * entry_as_string;
277 char *tmpfname = NULL;
279 tmpfname = ch_malloc( path->bv_len + STRLENOF( "XXXXXX" ) + 1 );
280 AC_MEMCPY( tmpfname, path->bv_val, path->bv_len );
281 AC_MEMCPY( &tmpfname[ path->bv_len ], "XXXXXX", STRLENOF( "XXXXXX" ) + 1 );
283 openres = mkstemp( tmpfname );
284 if ( openres == -1 ) {
286 rs = LDAP_UNWILLING_TO_PERFORM;
287 Debug( LDAP_DEBUG_ANY, "could not create tmpfile \"%s\": %s\n",
288 tmpfname, STRERROR( save_errno ), 0 );
294 /* Only save the RDN onto disk */
295 dnRdn( &e->e_name, &rdn );
296 if ( rdn.bv_len != e->e_name.bv_len ) {
297 e->e_name.bv_val[rdn.bv_len] = '\0';
298 tmp = e->e_name.bv_len;
299 e->e_name.bv_len = rdn.bv_len;
305 ldap_pvt_thread_mutex_lock(&entry2str_mutex);
308 entry_as_string = entry2str(e, &entry_length);
309 if ( entry_as_string != NULL ) {
310 spew_res = spew_file( openres,
311 entry_as_string, entry_length );
312 if ( spew_res == -1 ) {
318 ldap_pvt_thread_mutex_unlock(&entry2str_mutex);
321 /* Restore full DN */
322 if ( rdn.bv_len != e->e_name.bv_len ) {
323 e->e_name.bv_val[e->e_name.bv_len] = ',';
324 e->e_name.bv_len = rdn.bv_len;
327 res = close( openres );
328 rs = LDAP_UNWILLING_TO_PERFORM;
330 if ( spew_res > -2 ) {
331 if ( res == -1 || spew_res == -1 ) {
332 if ( save_errno == 0 ) {
335 Debug( LDAP_DEBUG_ANY, "write error to tmpfile \"%s\": %s\n",
336 tmpfname, STRERROR( save_errno ), 0 );
340 /* returns 0 on failure, nonzero on success */
341 res = MoveFileEx( tmpfname, path->bv_val,
342 MOVEFILE_REPLACE_EXISTING ) == 0;
344 res = rename( tmpfname, path->bv_val );
351 switch ( save_errno ) {
353 rs = LDAP_NO_SUCH_OBJECT;
363 if ( rs != LDAP_SUCCESS ) {
370 if ( rs != LDAP_SUCCESS && save_errnop != NULL ) {
371 *save_errnop = save_errno;
377 static Entry * get_entry_for_fd(int fd,
381 char * entry = (char *) slurp_file(fd);
382 Entry * ldentry = NULL;
384 /* error reading file */
389 ldentry = str2entry(entry);
392 rdn = ldentry->e_name;
393 build_new_dn( &ldentry->e_name, pdn, &rdn, NULL );
394 ch_free( rdn.bv_val );
395 rdn = ldentry->e_nname;
396 build_new_dn( &ldentry->e_nname, pndn, &rdn, NULL );
397 ch_free( rdn.bv_val );
415 struct berval *pathp )
418 struct berval path, pdn, pndn;
421 dnParent(&op->o_req_dn, &pdn);
422 dnParent(&op->o_req_ndn, &pndn);
423 dn2path( op->o_bd, &op->o_req_ndn, &path );
424 fd = open(path.bv_val, O_RDONLY);
425 /* error opening file (mebbe should log error) */
426 if ( fd == -1 && ( errno != ENOENT || op->o_tag != LDAP_REQ_ADD ) ) {
427 Debug( LDAP_DEBUG_ANY, "failed to open file \"%s\": %s\n",
428 path.bv_val, STRERROR(errno), 0 );
430 *entryp = fd < 0 ? NULL : get_entry_for_fd( fd, &pdn, &pndn );
431 rc = *entryp ? LDAP_SUCCESS : LDAP_NO_SUCH_OBJECT;
433 if ( rc == LDAP_SUCCESS && pathp != NULL ) {
436 SLAP_FREE(path.bv_val);
441 static void fullpath(struct berval *base, struct berval *name, struct berval *res) {
443 res->bv_len = name->bv_len + base->bv_len + 1;
444 res->bv_val = ch_malloc( res->bv_len + 1 );
445 strcpy(res->bv_val, base->bv_val);
446 ptr = res->bv_val + base->bv_len;
447 *ptr++ = LDAP_DIRSEP[0];
448 strcpy(ptr, name->bv_val);
451 typedef struct bvlist {
460 static int r_enum_tree(enumCookie *ck, struct berval *path, int base,
461 struct berval *pdn, struct berval *pndn)
464 int fd = 0, rc = LDAP_SUCCESS;
467 fd = open( path->bv_val, O_RDONLY );
469 Debug( LDAP_DEBUG_TRACE,
470 "=> ldif_enum_tree: failed to open %s: %s\n",
471 path->bv_val, STRERROR(errno), 0 );
472 return LDAP_NO_SUCH_OBJECT;
475 e = get_entry_for_fd(fd, pdn, pndn);
477 Debug( LDAP_DEBUG_ANY,
478 "=> ldif_enum_tree: failed to read entry for %s\n",
479 path->bv_val, 0, 0 );
483 if ( ck->op->ors_scope == LDAP_SCOPE_BASE ||
484 ck->op->ors_scope == LDAP_SCOPE_SUBTREE ) {
485 /* Send right away? */
488 * if it's a referral, add it to the list of referrals. only do
489 * this for non-base searches, and don't check the filter
490 * explicitly here since it's only a candidate anyway.
492 if ( !get_manageDSAit( ck->op )
493 && ck->op->ors_scope != LDAP_SCOPE_BASE
494 && is_entry_referral( e ) )
496 BerVarray erefs = get_entry_referrals( ck->op, e );
497 ck->rs->sr_ref = referral_rewrite( erefs,
499 ck->op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL
500 ? LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE );
502 ck->rs->sr_entry = e;
503 rc = send_search_reference( ck->op, ck->rs );
504 ber_bvarray_free( ck->rs->sr_ref );
505 ber_bvarray_free( erefs );
506 ck->rs->sr_ref = NULL;
507 ck->rs->sr_entry = NULL;
509 } else if ( test_filter( ck->op, e, ck->op->ors_filter ) == LDAP_COMPARE_TRUE )
511 ck->rs->sr_entry = e;
512 ck->rs->sr_attrs = ck->op->ors_attrs;
513 ck->rs->sr_flags = REP_ENTRY_MODIFIABLE;
514 rc = send_search_entry(ck->op, ck->rs);
515 ck->rs->sr_entry = NULL;
521 /* Queueing up for tool mode */
522 if(ck->entries == NULL) {
523 ck->entries = (Entry **) ch_malloc(sizeof(Entry *) * ENTRY_BUFF_INCREMENT);
524 ck->elen = ENTRY_BUFF_INCREMENT;
526 if(ck->eind >= ck->elen) { /* grow entries if necessary */
527 ck->entries = (Entry **) ch_realloc(ck->entries, sizeof(Entry *) * (ck->elen) * 2);
531 ck->entries[ck->eind++] = e;
539 if ( ck->op->ors_scope != LDAP_SCOPE_BASE ) {
541 bvlist *list = NULL, *ptr;
543 path->bv_len -= STRLENOF( LDIF );
544 path->bv_val[path->bv_len] = '\0';
546 dir_of_path = opendir(path->bv_val);
547 if(dir_of_path == NULL) { /* can't open directory */
548 if ( errno != ENOENT ) {
549 /* it shouldn't be treated as an error
550 * only if the directory doesn't exist */
552 Debug( LDAP_DEBUG_ANY,
553 "=> ldif_enum_tree: failed to opendir %s (%d)\n",
554 path->bv_val, errno, 0 );
560 struct berval fname, itmp;
564 dir = readdir(dir_of_path);
565 if(dir == NULL) break; /* end of the directory */
566 fname.bv_len = strlen( dir->d_name );
567 if ( fname.bv_len <= STRLENOF( LDIF ))
569 if ( strcmp( dir->d_name + (fname.bv_len - STRLENOF(LDIF)), LDIF))
571 fname.bv_val = dir->d_name;
573 bvl = ch_malloc( sizeof(bvlist) );
574 ber_dupbv( &bvl->bv, &fname );
575 BER_BVZERO( &bvl->num );
576 itmp.bv_val = ber_bvchr( &bvl->bv, IX_FSL );
580 itmp.bv_len = bvl->bv.bv_len
581 - ( itmp.bv_val - bvl->bv.bv_val );
582 ptr = ber_bvchr( &itmp, IX_FSR );
584 itmp.bv_len = ptr - itmp.bv_val;
585 ber_dupbv( &bvl->num, &itmp );
586 bvl->inum = strtol( itmp.bv_val, NULL, 0 );
587 itmp.bv_val[0] = '\0';
588 bvl->off = itmp.bv_val - bvl->bv.bv_val;
592 for (prev = &list; (ptr = *prev) != NULL; prev = &ptr->next) {
593 int cmp = strcmp( bvl->bv.bv_val, ptr->bv.bv_val );
594 if ( !cmp && bvl->num.bv_val )
595 cmp = bvl->inum - ptr->inum;
603 closedir(dir_of_path);
605 if (ck->op->ors_scope == LDAP_SCOPE_ONELEVEL)
606 ck->op->ors_scope = LDAP_SCOPE_BASE;
607 else if ( ck->op->ors_scope == LDAP_SCOPE_SUBORDINATE)
608 ck->op->ors_scope = LDAP_SCOPE_SUBTREE;
610 while ( ( ptr = list ) ) {
615 if ( rc == LDAP_SUCCESS ) {
616 if ( ptr->num.bv_val )
617 AC_MEMCPY( ptr->bv.bv_val + ptr->off, ptr->num.bv_val,
619 fullpath( path, &ptr->bv, &fpath );
620 rc = r_enum_tree(ck, &fpath, 0,
621 e != NULL ? &e->e_name : pdn,
622 e != NULL ? &e->e_nname : pndn );
625 if ( ptr->num.bv_val )
626 free( ptr->num.bv_val );
627 free(ptr->bv.bv_val);
632 if ( fd ) entry_free( e );
642 struct berval pdn, pndn;
645 dnParent( &ck->op->o_req_dn, &pdn );
646 dnParent( &ck->op->o_req_ndn, &pndn );
647 dn2path( ck->op->o_bd, &ck->op->o_req_ndn, &path );
648 rc = r_enum_tree(ck, &path, BER_BVISEMPTY( &ck->op->o_req_ndn ) ? 1 : 0, &pdn, &pndn);
649 ch_free( path.bv_val );
654 /* Get the parent directory path, plus the LDIF suffix overwritten by a \0 */
656 get_parent_path( struct berval *dnpath, struct berval *res )
658 int dnpathlen = dnpath->bv_len;
661 for(i = dnpathlen;i>0;i--) /* find the first path seperator */
662 if(dnpath->bv_val[i] == LDAP_DIRSEP[0])
665 res->bv_val = ch_malloc( res->bv_len + 1 + STRLENOF(LDIF) );
666 strncpy(res->bv_val, dnpath->bv_val, i);
667 strcpy(res->bv_val+i, LDIF);
668 res->bv_val[i] = '\0';
671 static int apply_modify_to_entry(Entry * entry,
672 Modifications * modlist,
676 char textbuf[SLAP_TEXT_BUFLEN];
677 int rc = modlist ? LDAP_UNWILLING_TO_PERFORM : LDAP_SUCCESS;
681 if (!acl_check_modlist(op, entry, modlist)) {
682 return LDAP_INSUFFICIENT_ACCESS;
685 for (; modlist != NULL; modlist = modlist->sml_next) {
686 mods = &modlist->sml_mod;
688 if ( mods->sm_desc == slap_schema.si_ad_objectClass ) {
691 switch (mods->sm_op) {
693 rc = modify_add_values(entry, mods,
694 get_permissiveModify(op),
695 &rs->sr_text, textbuf,
699 case LDAP_MOD_DELETE:
700 rc = modify_delete_values(entry, mods,
701 get_permissiveModify(op),
702 &rs->sr_text, textbuf,
706 case LDAP_MOD_REPLACE:
707 rc = modify_replace_values(entry, mods,
708 get_permissiveModify(op),
709 &rs->sr_text, textbuf,
713 case LDAP_MOD_INCREMENT:
714 rc = modify_increment_values( entry,
715 mods, get_permissiveModify(op),
716 &rs->sr_text, textbuf,
720 case SLAP_MOD_SOFTADD:
721 mods->sm_op = LDAP_MOD_ADD;
722 rc = modify_add_values(entry, mods,
723 get_permissiveModify(op),
724 &rs->sr_text, textbuf,
726 mods->sm_op = SLAP_MOD_SOFTADD;
727 if (rc == LDAP_TYPE_OR_VALUE_EXISTS) {
732 if(rc != LDAP_SUCCESS) break;
735 if(rc == LDAP_SUCCESS) {
737 entry->e_ocflags = 0;
739 /* check that the entry still obeys the schema */
740 rc = entry_schema_check( op, entry, NULL, 0, 0,
741 &rs->sr_text, textbuf, sizeof( textbuf ) );
748 ldif_back_referrals( Operation *op, SlapReply *rs )
750 struct ldif_info *li = NULL;
752 int rc = LDAP_SUCCESS;
755 if ( op->o_tag == LDAP_REQ_SEARCH ) {
756 /* let search take care of itself */
761 if ( get_manageDSAit( op ) ) {
762 /* let op take care of DSA management */
766 if ( BER_BVISEMPTY( &op->o_req_ndn ) ) {
767 /* the empty DN cannot be a referral */
771 li = (struct ldif_info *)op->o_bd->be_private;
772 ldap_pvt_thread_rdwr_rlock( &li->li_rdwr );
773 get_entry( op, &entry, NULL );
775 /* no object is found for them */
776 if ( entry == NULL ) {
777 struct berval odn = op->o_req_dn;
778 struct berval ondn = op->o_req_ndn;
779 struct berval pndn = ondn;
780 ber_len_t min_dnlen = op->o_bd->be_nsuffix[0].bv_len;
782 if ( min_dnlen == 0 )
783 min_dnlen = 1; /* catch empty DN */
785 for ( ; entry == NULL; ) {
786 dnParent( &pndn, &pndn );
787 if ( pndn.bv_len < min_dnlen ) {
792 op->o_req_ndn = pndn;
794 get_entry( op, &entry, NULL );
797 ldap_pvt_thread_rdwr_runlock( &li->li_rdwr );
800 op->o_req_ndn = ondn;
803 rs->sr_matched = NULL;
804 if ( entry != NULL ) {
805 Debug( LDAP_DEBUG_TRACE,
806 "ldif_back_referrals: tag=%lu target=\"%s\" matched=\"%s\"\n",
807 (unsigned long) op->o_tag, op->o_req_dn.bv_val, entry->e_name.bv_val );
809 if ( is_entry_referral( entry ) ) {
811 rs->sr_ref = get_entry_referrals( op, entry );
813 rs->sr_matched = ber_strdup_x(
814 entry->e_name.bv_val, op->o_tmpmemctx );
820 } else if ( default_referral != NULL ) {
822 rs->sr_ref = referral_rewrite( default_referral,
823 NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
826 if ( rs->sr_ref != NULL ) {
828 rc = rs->sr_err = LDAP_REFERRAL;
829 send_ldap_result( op, rs );
830 ber_bvarray_free( rs->sr_ref );
833 } else if ( rc != LDAP_SUCCESS ) {
834 rs->sr_text = rs->sr_matched ? "bad referral object" : NULL;
837 if ( rs->sr_matched ) {
838 op->o_tmpfree( (char *)rs->sr_matched, op->o_tmpmemctx );
839 rs->sr_matched = NULL;
845 ldap_pvt_thread_rdwr_runlock( &li->li_rdwr );
847 if ( is_entry_referral( entry ) ) {
848 /* entry is a referral */
849 BerVarray refs = get_entry_referrals( op, entry );
850 rs->sr_ref = referral_rewrite(
851 refs, &entry->e_name, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
853 Debug( LDAP_DEBUG_TRACE,
854 "ldif_back_referrals: tag=%lu target=\"%s\" matched=\"%s\"\n",
855 (unsigned long) op->o_tag, op->o_req_dn.bv_val, entry->e_name.bv_val );
857 rs->sr_matched = entry->e_name.bv_val;
858 if ( rs->sr_ref != NULL ) {
859 rc = rs->sr_err = LDAP_REFERRAL;
860 send_ldap_result( op, rs );
861 ber_bvarray_free( rs->sr_ref );
866 rs->sr_text = "bad referral object";
869 rs->sr_matched = NULL;
870 ber_bvarray_free( refs );
879 /* LDAP operations */
882 ldif_back_bind( Operation *op, SlapReply *rs )
884 struct ldif_info *li;
886 AttributeDescription *password = slap_schema.si_ad_userPassword;
890 switch ( be_rootdn_bind( op, rs ) ) {
891 case SLAP_CB_CONTINUE:
895 /* in case of success, front end will send result;
896 * otherwise, be_rootdn_bind() did */
900 li = (struct ldif_info *) op->o_bd->be_private;
901 ldap_pvt_thread_rdwr_rlock(&li->li_rdwr);
902 return_val = get_entry(op, &entry, NULL);
904 /* no object is found for them */
905 if(return_val != LDAP_SUCCESS) {
906 rs->sr_err = return_val = LDAP_INVALID_CREDENTIALS;
910 /* they don't have userpassword */
911 if((a = attr_find(entry->e_attrs, password)) == NULL) {
912 rs->sr_err = LDAP_INAPPROPRIATE_AUTH;
917 /* authentication actually failed */
918 if(slap_passwd_check(op, entry, a, &op->oq_bind.rb_cred,
919 &rs->sr_text) != 0) {
920 rs->sr_err = LDAP_INVALID_CREDENTIALS;
925 /* let the front-end send success */
930 ldap_pvt_thread_rdwr_runlock(&li->li_rdwr);
932 send_ldap_result( op, rs );
938 static int ldif_back_search(Operation *op, SlapReply *rs)
940 struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
941 enumCookie ck = { NULL, NULL, NULL, 0, 0 };
945 ldap_pvt_thread_rdwr_rlock(&li->li_rdwr);
946 rs->sr_err = enum_tree( &ck );
947 ldap_pvt_thread_rdwr_runlock(&li->li_rdwr);
948 send_ldap_result(op, rs);
953 static int ldif_back_add(Operation *op, SlapReply *rs) {
954 struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
955 Entry * e = op->ora_e;
956 struct berval dn = e->e_nname;
957 struct berval leaf_path = BER_BVNULL;
960 char textbuf[SLAP_TEXT_BUFLEN];
962 Debug( LDAP_DEBUG_TRACE, "ldif_back_add: \"%s\"\n", dn.bv_val, 0, 0);
964 rs->sr_err = entry_schema_check(op, e, NULL, 0, 1,
965 &rs->sr_text, textbuf, sizeof( textbuf ) );
966 if ( rs->sr_err != LDAP_SUCCESS ) goto send_res;
968 rs->sr_err = slap_add_opattrs( op,
969 &rs->sr_text, textbuf, sizeof( textbuf ), 1 );
970 if ( rs->sr_err != LDAP_SUCCESS ) goto send_res;
972 ldap_pvt_thread_rdwr_wlock(&li->li_rdwr);
974 dn2path( op->o_bd, &dn, &leaf_path );
976 if(leaf_path.bv_val != NULL) {
977 struct berval base = BER_BVNULL;
978 /* build path to container and ldif of container */
979 get_parent_path(&leaf_path, &base);
981 statres = stat(base.bv_val, &stats); /* check if container exists */
982 if(statres == -1 && errno == ENOENT) { /* container missing */
983 base.bv_val[base.bv_len] = LDIF_FILETYPE_SEP;
984 statres = stat(base.bv_val, &stats); /* check for leaf node */
985 base.bv_val[base.bv_len] = '\0';
986 if(statres == -1 && errno == ENOENT) {
987 rs->sr_err = LDAP_NO_SUCH_OBJECT; /* parent doesn't exist */
988 rs->sr_text = "Parent does not exist";
990 else if(statres != -1) { /* create parent */
991 int mkdirres = mkdir(base.bv_val, 0750);
993 rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
994 rs->sr_text = "Could not create parent folder";
995 Debug( LDAP_DEBUG_ANY, "could not create folder \"%s\": %s\n",
996 base.bv_val, STRERROR( errno ), 0 );
1000 rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
1001 }/* container was possibly created, move on to add the entry */
1002 if(rs->sr_err == LDAP_SUCCESS) {
1003 statres = stat(leaf_path.bv_val, &stats);
1004 if(statres == -1 && errno == ENOENT) {
1005 rs->sr_err = spew_entry(e, &leaf_path, 1, NULL);
1007 else if ( statres == -1 ) {
1008 rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
1009 Debug( LDAP_DEBUG_ANY, "could not stat file \"%s\": %s\n",
1010 leaf_path.bv_val, STRERROR( errno ), 0 );
1012 else /* it already exists */
1013 rs->sr_err = LDAP_ALREADY_EXISTS;
1015 SLAP_FREE(base.bv_val);
1016 SLAP_FREE(leaf_path.bv_val);
1019 ldap_pvt_thread_rdwr_wunlock(&li->li_rdwr);
1022 Debug( LDAP_DEBUG_TRACE,
1023 "ldif_back_add: err: %d text: %s\n", rs->sr_err, rs->sr_text ?
1024 rs->sr_text : "", 0);
1025 send_ldap_result(op, rs);
1026 slap_graduate_commit_csn( op );
1030 static int ldif_back_modify(Operation *op, SlapReply *rs) {
1031 struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
1032 Modifications * modlst = op->orm_modlist;
1037 slap_mods_opattrs( op, &op->orm_modlist, 1 );
1039 ldap_pvt_thread_rdwr_wlock(&li->li_rdwr);
1041 rs->sr_err = get_entry( op, &entry, &path );
1043 rs->sr_err = apply_modify_to_entry(entry, modlst, op, rs);
1044 if(rs->sr_err == LDAP_SUCCESS) {
1046 spew_res = spew_entry(entry, &path, 1, &save_errno);
1047 if(spew_res == -1) {
1048 Debug( LDAP_DEBUG_ANY,
1049 "%s ldif_back_modify: could not output entry \"%s\": %s\n",
1050 op->o_log_prefix, entry->e_name.bv_val, STRERROR( save_errno ) );
1051 rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
1055 entry_free( entry );
1056 SLAP_FREE( path.bv_val );
1060 ldap_pvt_thread_rdwr_wunlock(&li->li_rdwr);
1061 send_ldap_result(op, rs);
1062 slap_graduate_commit_csn( op );
1066 static int ldif_back_delete(Operation *op, SlapReply *rs) {
1067 struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
1071 if ( BER_BVISEMPTY( &op->o_csn )) {
1073 char csnbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
1075 csn.bv_val = csnbuf;
1076 csn.bv_len = sizeof( csnbuf );
1077 slap_get_csn( op, &csn, 1 );
1080 ldap_pvt_thread_rdwr_wlock(&li->li_rdwr);
1082 dn2path( op->o_bd, &op->o_req_ndn, &path );
1083 path.bv_val[path.bv_len - STRLENOF(LDIF)] = '\0';
1084 res = rmdir(path.bv_val);
1085 path.bv_val[path.bv_len - STRLENOF(LDIF)] = LDIF_FILETYPE_SEP;
1086 rs->sr_err = LDAP_SUCCESS;
1090 rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF;
1094 /* is leaf, go on */
1099 rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
1105 res = unlink(path.bv_val);
1109 rs->sr_err = LDAP_NO_SUCH_OBJECT;
1113 rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
1119 SLAP_FREE(path.bv_val);
1120 ldap_pvt_thread_rdwr_wunlock(&li->li_rdwr);
1121 send_ldap_result(op, rs);
1122 slap_graduate_commit_csn( op );
1131 struct berval *oldpath )
1135 struct berval newpath;
1137 dn2path( op->o_bd, &entry->e_nname, &newpath );
1139 if((entry == NULL || oldpath->bv_val == NULL) || newpath.bv_val == NULL) {
1140 /* some object doesn't exist */
1141 res = LDAP_NO_SUCH_OBJECT;
1143 else { /* do the modrdn */
1144 exists_res = open(newpath.bv_val, O_RDONLY);
1145 if(exists_res == -1 && errno == ENOENT) {
1146 ldap_pvt_thread_mutex_lock( &entry2str_mutex );
1147 res = spew_entry(entry, &newpath, 0, NULL);
1149 /* if this fails we should log something bad */
1150 res = unlink( oldpath->bv_val );
1151 oldpath->bv_val[oldpath->bv_len - STRLENOF(".ldif")] = '\0';
1152 newpath.bv_val[newpath.bv_len - STRLENOF(".ldif")] = '\0';
1153 res = rename( oldpath->bv_val, newpath.bv_val );
1158 res = LDAP_NO_SUCH_OBJECT;
1160 res = LDAP_UNWILLING_TO_PERFORM;
1161 unlink(newpath.bv_val); /* in case file was created */
1163 ldap_pvt_thread_mutex_unlock( &entry2str_mutex );
1165 else if(exists_res) {
1166 int close_res = close(exists_res);
1167 res = LDAP_ALREADY_EXISTS;
1168 if(close_res == -1) {
1169 /* log heinous error */
1173 res = LDAP_UNWILLING_TO_PERFORM;
1177 if(newpath.bv_val != NULL)
1178 SLAP_FREE(newpath.bv_val);
1183 ldif_back_modrdn(Operation *op, SlapReply *rs)
1185 struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
1186 struct berval new_dn = BER_BVNULL, new_ndn = BER_BVNULL;
1187 struct berval p_dn, old_path;
1191 slap_mods_opattrs( op, &op->orr_modlist, 1 );
1193 ldap_pvt_thread_rdwr_wlock( &li->li_rdwr );
1195 rc = get_entry( op, &entry, &old_path );
1196 if ( rc == LDAP_SUCCESS ) {
1197 /* build new dn, and new ndn for the entry */
1198 if ( op->oq_modrdn.rs_newSup != NULL ) {
1199 struct berval op_dn = op->o_req_dn,
1200 op_ndn = op->o_req_ndn;
1204 p_dn = *op->oq_modrdn.rs_newSup;
1205 op->o_req_dn = *op->oq_modrdn.rs_newSup;
1206 op->o_req_ndn = *op->oq_modrdn.rs_nnewSup;
1207 rc = get_entry( op, &np, NULL );
1208 op->o_req_dn = op_dn;
1209 op->o_req_ndn = op_ndn;
1210 if ( rc != LDAP_SUCCESS ) {
1211 goto no_such_object;
1215 dnParent( &entry->e_name, &p_dn );
1217 build_new_dn( &new_dn, &p_dn, &op->oq_modrdn.rs_newrdn, NULL );
1218 dnNormalize( 0, NULL, NULL, &new_dn, &new_ndn, NULL );
1219 ber_memfree_x( entry->e_name.bv_val, NULL );
1220 ber_memfree_x( entry->e_nname.bv_val, NULL );
1221 entry->e_name = new_dn;
1222 entry->e_nname = new_ndn;
1224 /* perform the modifications */
1225 rc = apply_modify_to_entry( entry, op->orr_modlist, op, rs );
1226 if ( rc == LDAP_SUCCESS )
1227 rc = ldif_move_entry( op, entry, &old_path );
1230 entry_free( entry );
1231 SLAP_FREE( old_path.bv_val );
1235 ldap_pvt_thread_rdwr_wunlock( &li->li_rdwr );
1237 send_ldap_result( op, rs );
1238 slap_graduate_commit_csn( op );
1243 /* Return LDAP_SUCCESS IFF we retrieve the specified entry. */
1245 ldif_back_entry_get(
1249 AttributeDescription *at,
1253 struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
1254 struct berval op_dn = op->o_req_dn, op_ndn = op->o_req_ndn;
1257 assert( ndn != NULL );
1258 assert( !BER_BVISNULL( ndn ) );
1260 ldap_pvt_thread_rdwr_rlock( &li->li_rdwr );
1261 op->o_req_dn = *ndn;
1262 op->o_req_ndn = *ndn;
1263 rc = get_entry( op, e, NULL );
1264 op->o_req_dn = op_dn;
1265 op->o_req_ndn = op_ndn;
1266 ldap_pvt_thread_rdwr_runlock( &li->li_rdwr );
1268 if ( rc == LDAP_SUCCESS && oc && !is_entry_objectclass_or_sub( *e, oc ) ) {
1269 rc = LDAP_NO_SUCH_ATTRIBUTE;
1280 static int ldif_tool_entry_open(BackendDB *be, int mode) {
1281 struct ldif_info *li = (struct ldif_info *) be->be_private;
1282 li->li_tool_current = 0;
1286 static int ldif_tool_entry_close(BackendDB * be) {
1287 struct ldif_info *li = (struct ldif_info *) be->be_private;
1289 SLAP_FREE(li->li_tool_cookie.entries);
1293 static ID ldif_tool_entry_next(BackendDB *be)
1295 struct ldif_info *li = (struct ldif_info *) be->be_private;
1296 if(li->li_tool_current >= li->li_tool_cookie.eind)
1299 return ++li->li_tool_current;
1303 ldif_tool_entry_first(BackendDB *be)
1305 struct ldif_info *li = (struct ldif_info *) be->be_private;
1307 if(li->li_tool_cookie.entries == NULL) {
1311 op.o_req_dn = *be->be_suffix;
1312 op.o_req_ndn = *be->be_nsuffix;
1313 op.ors_scope = LDAP_SCOPE_SUBTREE;
1314 li->li_tool_cookie.op = &op;
1315 (void)enum_tree( &li->li_tool_cookie );
1316 li->li_tool_cookie.op = NULL;
1318 return ldif_tool_entry_next( be );
1321 static Entry * ldif_tool_entry_get(BackendDB * be, ID id) {
1322 struct ldif_info *li = (struct ldif_info *) be->be_private;
1325 if(id > li->li_tool_cookie.eind || id < 1)
1328 e = li->li_tool_cookie.entries[id - 1];
1329 li->li_tool_cookie.entries[id - 1] = NULL;
1334 static ID ldif_tool_entry_put(BackendDB * be, Entry * e, struct berval *text) {
1335 struct berval leaf_path = BER_BVNULL;
1338 int res = LDAP_SUCCESS;
1340 dn2path( be, &e->e_nname, &leaf_path );
1342 if(leaf_path.bv_val != NULL) {
1343 struct berval base = BER_BVNULL;
1344 /* build path to container, and path to ldif of container */
1345 get_parent_path(&leaf_path, &base);
1347 statres = stat(base.bv_val, &stats); /* check if container exists */
1348 if(statres == -1 && errno == ENOENT) { /* container missing */
1349 base.bv_val[base.bv_len] = LDIF_FILETYPE_SEP;
1350 statres = stat(base.bv_val, &stats); /* check for leaf node */
1351 base.bv_val[base.bv_len] = '\0';
1352 if(statres == -1 && errno == ENOENT) {
1353 res = LDAP_NO_SUCH_OBJECT; /* parent doesn't exist */
1355 else if(statres != -1) { /* create parent */
1356 int mkdirres = mkdir(base.bv_val, 0750);
1357 if(mkdirres == -1) {
1358 res = LDAP_UNWILLING_TO_PERFORM;
1362 res = LDAP_UNWILLING_TO_PERFORM;
1363 }/* container was possibly created, move on to add the entry */
1364 if(res == LDAP_SUCCESS) {
1365 statres = stat(leaf_path.bv_val, &stats);
1366 if(statres == -1 && errno == ENOENT) {
1367 res = spew_entry(e, &leaf_path, 0, NULL);
1369 else /* it already exists */
1370 res = LDAP_ALREADY_EXISTS;
1372 SLAP_FREE(base.bv_val);
1373 SLAP_FREE(leaf_path.bv_val);
1376 if(res == LDAP_SUCCESS) {
1387 ldif_back_db_init( BackendDB *be, ConfigReply *cr )
1389 struct ldif_info *li;
1391 li = ch_calloc( 1, sizeof(struct ldif_info) );
1392 be->be_private = li;
1393 be->be_cf_ocs = ldifocs;
1394 ldap_pvt_thread_rdwr_init(&li->li_rdwr);
1395 SLAP_DBFLAGS( be ) |= SLAP_DBFLAG_ONE_SUFFIX;
1400 ldif_back_db_destroy( Backend *be, ConfigReply *cr )
1402 struct ldif_info *li = be->be_private;
1404 ch_free(li->li_base_path.bv_val);
1405 ldap_pvt_thread_rdwr_destroy(&li->li_rdwr);
1406 free( be->be_private );
1411 ldif_back_db_open( Backend *be, ConfigReply *cr)
1413 struct ldif_info *li = (struct ldif_info *) be->be_private;
1414 if( BER_BVISEMPTY(&li->li_base_path)) {/* missing base path */
1415 Debug( LDAP_DEBUG_ANY, "missing base path for back-ldif\n", 0, 0, 0);
1422 ldif_back_initialize(
1426 static char *controls[] = {
1427 LDAP_CONTROL_MANAGEDSAIT,
1433 SLAP_BFLAG_INCREMENT |
1434 SLAP_BFLAG_REFERRALS;
1436 bi->bi_controls = controls;
1443 bi->bi_db_init = ldif_back_db_init;
1444 bi->bi_db_config = config_generic_wrapper;
1445 bi->bi_db_open = ldif_back_db_open;
1446 bi->bi_db_close = 0;
1447 bi->bi_db_destroy = ldif_back_db_destroy;
1449 bi->bi_op_bind = ldif_back_bind;
1450 bi->bi_op_unbind = 0;
1451 bi->bi_op_search = ldif_back_search;
1452 bi->bi_op_compare = 0;
1453 bi->bi_op_modify = ldif_back_modify;
1454 bi->bi_op_modrdn = ldif_back_modrdn;
1455 bi->bi_op_add = ldif_back_add;
1456 bi->bi_op_delete = ldif_back_delete;
1457 bi->bi_op_abandon = 0;
1459 bi->bi_extended = 0;
1461 bi->bi_chk_referrals = ldif_back_referrals;
1463 bi->bi_connection_init = 0;
1464 bi->bi_connection_destroy = 0;
1466 bi->bi_entry_get_rw = ldif_back_entry_get;
1468 #if 0 /* NOTE: uncomment to completely disable access control */
1469 bi->bi_access_allowed = slap_access_always_allowed;
1472 bi->bi_tool_entry_open = ldif_tool_entry_open;
1473 bi->bi_tool_entry_close = ldif_tool_entry_close;
1474 bi->bi_tool_entry_first = ldif_tool_entry_first;
1475 bi->bi_tool_entry_next = ldif_tool_entry_next;
1476 bi->bi_tool_entry_get = ldif_tool_entry_get;
1477 bi->bi_tool_entry_put = ldif_tool_entry_put;
1478 bi->bi_tool_entry_reindex = 0;
1479 bi->bi_tool_sync = 0;
1481 bi->bi_tool_dn2id_get = 0;
1482 bi->bi_tool_entry_modify = 0;
1484 bi->bi_cf_ocs = ldifocs;
1486 rc = config_register_schema( ldifcfg, ldifocs );
1487 if ( rc ) return rc;