1 /* database.c - deals with database subsystem */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2001-2006 The OpenLDAP Foundation.
6 * Portions Copyright 2001-2003 Pierangelo Masarati.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
13 * A copy of this license is available in file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
18 * This work was initially developed by Pierangelo Masarati for inclusion
19 * in OpenLDAP Software.
25 #include <ac/string.h>
26 #include <ac/unistd.h>
29 #include "back-monitor.h"
31 #if defined(LDAP_SLAPI)
33 static int monitor_back_add_plugin( monitor_info_t *mi, Backend *be, Entry *e );
34 #endif /* defined(LDAP_SLAPI) */
36 #if defined(SLAPD_LDAP)
37 #include "../back-ldap/back-ldap.h"
38 #endif /* defined(SLAPD_LDAP) */
39 #if defined(SLAPD_META)
40 #include "../back-meta/back-meta.h"
41 #endif /* defined(SLAPD_META) */
43 /* for PATH_MAX on some systems (e.g. Solaris) */
46 #endif /* HAVE_LIMITS_H */
49 #endif /* ! PATH_MAX */
52 monitor_subsys_database_modify(
57 static struct restricted_ops_t {
60 } restricted_ops[] = {
61 { BER_BVC( "add" ), SLAP_RESTRICT_OP_ADD },
62 { BER_BVC( "bind" ), SLAP_RESTRICT_OP_BIND },
63 { BER_BVC( "compare" ), SLAP_RESTRICT_OP_COMPARE },
64 { BER_BVC( "delete" ), SLAP_RESTRICT_OP_DELETE },
65 { BER_BVC( "extended" ), SLAP_RESTRICT_OP_EXTENDED },
66 { BER_BVC( "modify" ), SLAP_RESTRICT_OP_MODIFY },
67 { BER_BVC( "rename" ), SLAP_RESTRICT_OP_RENAME },
68 { BER_BVC( "search" ), SLAP_RESTRICT_OP_SEARCH },
70 }, restricted_exops[] = {
71 { BER_BVC( LDAP_EXOP_START_TLS ), SLAP_RESTRICT_EXOP_START_TLS },
72 { BER_BVC( LDAP_EXOP_MODIFY_PASSWD ), SLAP_RESTRICT_EXOP_MODIFY_PASSWD },
73 { BER_BVC( LDAP_EXOP_WHO_AM_I ), SLAP_RESTRICT_EXOP_WHOAMI },
74 { BER_BVC( LDAP_EXOP_CANCEL ), SLAP_RESTRICT_EXOP_CANCEL },
79 init_readOnly( monitor_info_t *mi, Entry *e, slap_mask_t restrictops )
81 struct berval *tf = ( ( restrictops & SLAP_RESTRICT_OP_MASK ) == SLAP_RESTRICT_OP_WRITES ) ?
82 (struct berval *)&slap_true_bv : (struct berval *)&slap_false_bv;
84 return attr_merge_one( e, mi->mi_ad_readOnly, tf, tf );
88 init_restrictedOperation( monitor_info_t *mi, Entry *e, slap_mask_t restrictops )
92 for ( i = 0; restricted_ops[ i ].op.bv_val; i++ ) {
93 if ( restrictops & restricted_ops[ i ].tag ) {
94 rc = attr_merge_one( e, mi->mi_ad_restrictedOperation,
95 &restricted_ops[ i ].op,
96 &restricted_ops[ i ].op );
103 for ( i = 0; restricted_exops[ i ].op.bv_val; i++ ) {
104 if ( restrictops & restricted_exops[ i ].tag ) {
105 rc = attr_merge_one( e, mi->mi_ad_restrictedOperation,
106 &restricted_exops[ i ].op,
107 &restricted_exops[ i ].op );
118 monitor_subsys_database_init(
124 Entry *e_database, **ep;
127 monitor_subsys_t *ms_backend,
130 assert( be != NULL );
132 ms->mss_modify = monitor_subsys_database_modify;
134 mi = ( monitor_info_t * )be->be_private;
136 ms_backend = monitor_back_get_subsys( SLAPD_MONITOR_BACKEND_NAME );
137 if ( ms_backend == NULL ) {
138 Debug( LDAP_DEBUG_ANY,
139 "monitor_subsys_database_init: "
141 "\"" SLAPD_MONITOR_BACKEND_NAME "\" "
147 ms_overlay = monitor_back_get_subsys( SLAPD_MONITOR_OVERLAY_NAME );
148 if ( ms_overlay == NULL ) {
149 Debug( LDAP_DEBUG_ANY,
150 "monitor_subsys_database_init: "
152 "\"" SLAPD_MONITOR_OVERLAY_NAME "\" "
158 if ( monitor_cache_get( mi, &ms->mss_ndn, &e_database ) ) {
159 Debug( LDAP_DEBUG_ANY,
160 "monitor_subsys_database_init: "
161 "unable to get entry \"%s\"\n",
162 ms->mss_ndn.bv_val, 0, 0 );
166 (void)init_readOnly( mi, e_database, frontendDB->be_restrictops );
167 (void)init_restrictedOperation( mi, e_database, frontendDB->be_restrictops );
169 mp = ( monitor_entry_t * )e_database->e_private;
170 mp->mp_children = NULL;
171 ep = &mp->mp_children;
174 LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) {
175 char buf[ BACKMONITOR_BUFSIZE ];
177 slap_overinfo *oi = NULL;
178 BackendInfo *bi, *bi2;
186 if ( overlay_is_over( be ) ) {
187 oi = (slap_overinfo *)be->bd_info->bi_private;
191 /* Subordinates are not exposed as their own naming context */
192 if ( SLAP_GLUE_SUBORDINATE( be ) ) {
196 bv.bv_len = snprintf( buf, sizeof( buf ),
197 "cn=Database %d", i );
199 e = monitor_entry_stub( &ms->mss_dn, &ms->mss_ndn, &bv,
200 mi->mi_oc_monitoredObject, mi, NULL, NULL );
203 Debug( LDAP_DEBUG_ANY,
204 "monitor_subsys_database_init: "
205 "unable to create entry \"cn=Database %d,%s\"\n",
206 i, ms->mss_dn.bv_val, 0 );
210 ber_str2bv( bi->bi_type, 0, 0, &bv );
211 attr_merge_one( e, mi->mi_ad_monitoredInfo, &bv, NULL );
212 attr_merge_one( e, mi->mi_ad_monitorIsShadow,
213 SLAP_SHADOW( be ) ? (struct berval *)&slap_true_bv :
214 (struct berval *)&slap_false_bv, NULL );
216 if ( SLAP_MONITOR( be ) ) {
217 attr_merge( e, slap_schema.si_ad_monitorContext,
218 be->be_suffix, be->be_nsuffix );
219 attr_merge( e_database, slap_schema.si_ad_monitorContext,
220 be->be_suffix, be->be_nsuffix );
223 if ( be->be_suffix == NULL ) {
224 Debug( LDAP_DEBUG_ANY,
225 "monitor_subsys_database_init: "
226 "missing suffix for database %d\n",
230 attr_merge( e, slap_schema.si_ad_namingContexts,
231 be->be_suffix, be->be_nsuffix );
232 attr_merge( e_database, slap_schema.si_ad_namingContexts,
233 be->be_suffix, be->be_nsuffix );
236 (void)init_readOnly( mi, e, be->be_restrictops );
237 (void)init_restrictedOperation( mi, e, be->be_restrictops );
239 if ( SLAP_SHADOW( be ) && be->be_update_refs ) {
240 attr_merge_normalize( e, mi->mi_ad_monitorUpdateRef,
241 be->be_update_refs, NULL );
245 slap_overinst *on = oi->oi_list,
248 for ( ; on; on = on->on_next ) {
252 for ( on2 = on1; on2 != on; on2 = on2->on_next ) {
253 if ( on2->on_bi.bi_type == on->on_bi.bi_type ) {
262 ber_str2bv( on->on_bi.bi_type, 0, 0, &bv );
263 attr_merge_normalize_one( e, mi->mi_ad_monitorOverlay,
266 /* find the overlay number, j */
267 for ( on2 = overlay_next( NULL ), j = 0; on2; on2 = overlay_next( on2 ), j++ ) {
268 if ( on2->on_bi.bi_type == on->on_bi.bi_type ) {
272 assert( on2 != NULL );
274 snprintf( buf, sizeof( buf ),
276 j, ms_overlay->mss_dn.bv_val );
277 ber_str2bv( buf, 0, 0, &bv );
278 attr_merge_normalize_one( e,
279 slap_schema.si_ad_seeAlso,
288 #if defined(SLAPD_LDAP)
289 } else if ( strcmp( bi->bi_type, "ldap" ) == 0 ) {
290 ldapinfo_t *li = (ldapinfo_t *)be->be_private;
292 attr_merge_normalize( e, slap_schema.si_ad_labeledURI,
293 li->li_bvuri, NULL );
295 char **urls = ldap_str2charray( li->li_uri, " " );
297 if ( urls != NULL ) {
300 for ( u = 0; urls[ u ] != NULL; u++ ) {
303 ber_str2bv( urls[ u ], 0, 0, &bv );
305 attr_merge_normalize_one( e,
306 slap_schema.si_ad_labeledURI,
310 ldap_charray_free( urls );
314 #endif /* defined(SLAPD_LDAP) */
315 #if defined(SLAPD_META)
316 } else if ( strcmp( bi->bi_type, "meta" ) == 0 ) {
317 metainfo_t *mi = (metainfo_t *)be->be_private;
320 for ( t = 0; t < mi->mi_ntargets; t++ ) {
321 char **urls = ldap_str2charray( mi->mi_targets[ t ]->mt_uri, " " );
323 if ( urls != NULL ) {
326 for ( u = 0; urls[ u ] != NULL; u++ ) {
329 ber_str2bv( urls[ u ], 0, 0, &bv );
331 attr_merge_normalize_one( e,
332 slap_schema.si_ad_labeledURI,
335 ldap_charray_free( urls );
338 #endif /* defined(SLAPD_META) */
342 LDAP_STAILQ_FOREACH( bi2, &backendInfo, bi_next ) {
344 if ( bi2->bi_type == bi->bi_type ) {
347 snprintf( buf, sizeof( buf ),
349 j, ms_backend->mss_dn.bv_val );
351 bv.bv_len = strlen( buf );
352 attr_merge_normalize_one( e,
353 slap_schema.si_ad_seeAlso,
358 /* we must find it! */
361 mp = monitor_entrypriv_create();
365 e->e_private = ( void * )mp;
367 mp->mp_flags = ms->mss_flags
370 if ( monitor_cache_add( mi, e ) ) {
371 Debug( LDAP_DEBUG_ANY,
372 "monitor_subsys_database_init: "
373 "unable to add entry \"cn=Database %d,%s\"\n",
374 i, ms->mss_dn.bv_val, 0 );
378 #if defined(LDAP_SLAPI)
379 monitor_back_add_plugin( mi, be, e );
380 #endif /* defined(LDAP_SLAPI) */
383 Entry **ep_overlay = &mp->mp_children;
384 monitor_entry_t *mp_overlay;
385 slap_overinst *on = oi->oi_list;
388 for ( o = 0; on; o++, on = on->on_next ) {
392 /* find the overlay number, j */
393 for ( on2 = overlay_next( NULL ), j = 0; on2; on2 = overlay_next( on2 ), j++ ) {
394 if ( on2->on_bi.bi_type == on->on_bi.bi_type ) {
398 assert( on2 != NULL );
400 bv.bv_len = snprintf( buf, sizeof( buf ), "cn=Overlay %d", o );
403 e_overlay = monitor_entry_stub( &e->e_name, &e->e_nname, &bv,
404 mi->mi_oc_monitoredObject, mi, NULL, NULL );
406 if ( e_overlay == NULL ) {
407 Debug( LDAP_DEBUG_ANY,
408 "monitor_subsys_database_init: "
409 "unable to create entry "
410 "\"cn=Overlay %d,cn=Database %d,%s\"\n",
411 o, i, ms->mss_dn.bv_val );
414 ber_str2bv( on->on_bi.bi_type, 0, 0, &bv );
415 attr_merge_one( e_overlay, mi->mi_ad_monitoredInfo, &bv, NULL );
417 bv.bv_len = snprintf( buf, sizeof( buf ), "cn=Overlay %d,%s",
418 j, ms_overlay->mss_dn.bv_val );
420 attr_merge_normalize_one( e_overlay, slap_schema.si_ad_seeAlso,
423 mp_overlay = monitor_entrypriv_create();
424 if ( mp_overlay == NULL ) {
427 e_overlay->e_private = ( void * )mp_overlay;
428 mp_overlay->mp_info = ms;
429 mp_overlay->mp_flags = ms->mss_flags
432 if ( monitor_cache_add( mi, e_overlay ) ) {
433 Debug( LDAP_DEBUG_ANY,
434 "monitor_subsys_database_init: "
435 "unable to add entry "
436 "\"cn=Overlay %d,cn=Database %d,%s\"\n",
437 o, i, ms->mss_dn.bv_val );
441 *ep_overlay = e_overlay;
442 ep_overlay = &mp_overlay->mp_next;
450 monitor_cache_release( mi, e_database );
457 * cur: must not contain the tags corresponding to the values in v
458 * delta: will contain the tags corresponding to the values in v
461 value_mask( BerVarray v, slap_mask_t cur, slap_mask_t *delta )
463 for ( ; !BER_BVISNULL( v ); v++ ) {
464 struct restricted_ops_t *rops;
467 if ( OID_LEADCHAR( v->bv_val[ 0 ] ) ) {
468 rops = restricted_exops;
471 rops = restricted_ops;
474 for ( i = 0; !BER_BVISNULL( &rops[ i ].op ); i++ ) {
475 if ( ber_bvstrcasecmp( v, &rops[ i ].op ) != 0 ) {
479 if ( rops[ i ].tag & *delta ) {
483 if ( rops[ i ].tag & cur ) {
487 cur |= rops[ i ].tag;
488 *delta |= rops[ i ].tag;
493 if ( BER_BVISNULL( &rops[ i ].op ) ) {
494 return LDAP_INVALID_SYNTAX;
502 monitor_subsys_database_modify(
507 monitor_info_t *mi = (monitor_info_t *)op->o_bd->be_private;
509 Attribute *save_attrs, *a;
512 int ro_gotval = 1, i, n;
513 slap_mask_t rp_add = 0, rp_delete = 0, rp_cur;
516 i = sscanf( e->e_nname.bv_val, "cn=database %d,", &n );
518 return SLAP_CB_CONTINUE;
521 if ( n < 0 || n >= nBackendDB ) {
522 rs->sr_text = "invalid database index";
523 return ( rs->sr_err = LDAP_NO_SUCH_OBJECT );
526 LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) {
532 /* do not allow some changes on back-monitor (needs work)... */
533 if ( SLAP_MONITOR( be ) ) {
534 rs->sr_text = "no modifications allowed to monitor database entry";
535 return ( rs->sr_err = LDAP_UNWILLING_TO_PERFORM );
538 rp_cur = be->be_restrictops;
540 save_attrs = e->e_attrs;
541 e->e_attrs = attrs_dup( e->e_attrs );
543 for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
544 Modification *mod = &ml->sml_mod;
546 if ( mod->sm_desc == mi->mi_ad_readOnly ) {
549 if ( mod->sm_values ) {
550 if ( !BER_BVISNULL( &mod->sm_values[ 1 ] ) ) {
551 rs->sr_text = "attempting to modify multiple values of single-valued attribute";
552 rc = rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
556 if ( bvmatch( &slap_true_bv, mod->sm_values )) {
559 } else if ( bvmatch( &slap_false_bv, mod->sm_values )) {
564 rc = rs->sr_err = LDAP_INVALID_SYNTAX;
569 switch ( mod->sm_op ) {
570 case LDAP_MOD_DELETE:
571 if ( ro_gotval < 1 ) {
572 rc = rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
577 if ( val == 0 && ( rp_cur & SLAP_RESTRICT_OP_WRITES ) == SLAP_RESTRICT_OP_WRITES ) {
578 rc = rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
582 if ( val == 1 && ( rp_cur & SLAP_RESTRICT_OP_WRITES ) != SLAP_RESTRICT_OP_WRITES ) {
583 rc = rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
589 case LDAP_MOD_REPLACE:
594 if ( ro_gotval > 0 ) {
595 rc = rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
601 rp_add |= (~rp_cur) & SLAP_RESTRICT_OP_WRITES;
602 rp_cur |= SLAP_RESTRICT_OP_WRITES;
603 rp_delete &= ~SLAP_RESTRICT_OP_WRITES;
605 } else if ( val == 0 ) {
606 rp_delete |= rp_cur & SLAP_RESTRICT_OP_WRITES;
607 rp_cur &= ~SLAP_RESTRICT_OP_WRITES;
608 rp_add &= ~SLAP_RESTRICT_OP_WRITES;
613 rc = rs->sr_err = LDAP_OTHER;
617 } else if ( mod->sm_desc == mi->mi_ad_restrictedOperation ) {
618 slap_mask_t mask = 0;
620 switch ( mod->sm_op ) {
621 case LDAP_MOD_DELETE:
622 if ( mod->sm_values == NULL ) {
628 rc = value_mask( mod->sm_values, ~rp_cur, &mask );
629 if ( rc == LDAP_SUCCESS ) {
634 } else if ( rc == LDAP_OTHER ) {
635 rc = LDAP_NO_SUCH_ATTRIBUTE;
639 case LDAP_MOD_REPLACE:
646 rc = value_mask( mod->sm_values, rp_cur, &mask );
647 if ( rc == LDAP_SUCCESS ) {
652 } else if ( rc == LDAP_OTHER ) {
653 rc = rs->sr_err = LDAP_TYPE_OR_VALUE_EXISTS;
658 rc = rs->sr_err = LDAP_OTHER;
662 if ( rc != LDAP_SUCCESS ) {
666 } else if ( is_at_operational( mod->sm_desc->ad_type )) {
667 /* accept all operational attributes */
668 attr_delete( &e->e_attrs, mod->sm_desc );
669 rc = attr_merge( e, mod->sm_desc, mod->sm_values,
672 rc = rs->sr_err = LDAP_OTHER;
677 rc = rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
683 if ( ro_gotval < 1 ) {
684 rc = rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
688 if ( ( rp_cur & SLAP_RESTRICT_OP_EXTENDED ) && ( rp_cur & SLAP_RESTRICT_EXOP_MASK ) ) {
689 rc = rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
693 if ( rp_delete & rp_add ) {
694 rc = rs->sr_err = LDAP_OTHER;
698 /* check current value of readOnly */
699 if ( ( rp_cur & SLAP_RESTRICT_OP_WRITES ) == SLAP_RESTRICT_OP_WRITES ) {
700 tf = (struct berval *)&slap_true_bv;
703 tf = (struct berval *)&slap_false_bv;
706 a = attr_find( e->e_attrs, mi->mi_ad_readOnly );
712 if ( !bvmatch( &a->a_vals[ 0 ], tf ) ) {
713 attr_delete( &e->e_attrs, mi->mi_ad_readOnly );
714 rc = attr_merge_one( e, mi->mi_ad_readOnly, tf, tf );
717 if ( rc == LDAP_SUCCESS ) {
719 if ( rp_delete == be->be_restrictops ) {
720 attr_delete( &e->e_attrs, mi->mi_ad_restrictedOperation );
723 a = attr_find( e->e_attrs, mi->mi_ad_restrictedOperation );
725 rc = rs->sr_err = LDAP_OTHER;
729 for ( i = 0; !BER_BVISNULL( &restricted_ops[ i ].op ); i++ ) {
730 if ( rp_delete & restricted_ops[ i ].tag ) {
733 for ( j = 0; !BER_BVISNULL( &a->a_nvals[ j ] ); j++ ) {
736 if ( !bvmatch( &a->a_nvals[ j ], &restricted_ops[ i ].op ) ) {
740 ch_free( a->a_vals[ j ].bv_val );
741 ch_free( a->a_nvals[ j ].bv_val );
743 for ( k = j + 1; !BER_BVISNULL( &a->a_nvals[ k ] ); k++ ) {
744 a->a_vals[ k - 1 ] = a->a_vals[ k ];
745 a->a_nvals[ k - 1 ] = a->a_nvals[ k ];
748 BER_BVZERO( &a->a_vals[ k - 1 ] );
749 BER_BVZERO( &a->a_nvals[ k - 1 ] );
754 for ( i = 0; !BER_BVISNULL( &restricted_exops[ i ].op ); i++ ) {
755 if ( rp_delete & restricted_exops[ i ].tag ) {
758 for ( j = 0; !BER_BVISNULL( &a->a_nvals[ j ] ); j++ ) {
761 if ( !bvmatch( &a->a_nvals[ j ], &restricted_exops[ i ].op ) ) {
765 ch_free( a->a_vals[ j ].bv_val );
766 ch_free( a->a_nvals[ j ].bv_val );
768 for ( k = j + 1; !BER_BVISNULL( &a->a_nvals[ k ] ); k++ ) {
769 a->a_vals[ k - 1 ] = a->a_vals[ k ];
770 a->a_nvals[ k - 1 ] = a->a_nvals[ k ];
773 BER_BVZERO( &a->a_vals[ k - 1 ] );
774 BER_BVZERO( &a->a_nvals[ k - 1 ] );
782 for ( i = 0; !BER_BVISNULL( &restricted_ops[ i ].op ); i++ ) {
783 if ( rp_add & restricted_ops[ i ].tag ) {
784 attr_merge_one( e, mi->mi_ad_restrictedOperation,
785 &restricted_ops[ i ].op,
786 &restricted_ops[ i ].op );
790 for ( i = 0; !BER_BVISNULL( &restricted_exops[ i ].op ); i++ ) {
791 if ( rp_add & restricted_exops[ i ].tag ) {
792 attr_merge_one( e, mi->mi_ad_restrictedOperation,
793 &restricted_exops[ i ].op,
794 &restricted_exops[ i ].op );
800 be->be_restrictops = rp_cur;
803 if ( rc == LDAP_SUCCESS ) {
804 attrs_free( save_attrs );
805 rc = SLAP_CB_CONTINUE;
808 Attribute *tmp = e->e_attrs;
809 e->e_attrs = save_attrs;
815 #if defined(LDAP_SLAPI)
817 monitor_back_add_plugin( monitor_info_t *mi, Backend *be, Entry *e_database )
819 Slapi_PBlock *pCurrentPB;
820 int i, rc = LDAP_SUCCESS;
822 if ( slapi_int_pblock_get_first( be, &pCurrentPB ) != LDAP_SUCCESS ) {
824 * LDAP_OTHER is returned if no plugins are installed
832 Slapi_PluginDesc *srchdesc;
833 char buf[ BACKMONITOR_BUFSIZE ];
836 rc = slapi_pblock_get( pCurrentPB, SLAPI_PLUGIN_DESCRIPTION,
838 if ( rc != LDAP_SUCCESS ) {
842 snprintf( buf, sizeof(buf),
843 "plugin %d name: %s; "
849 srchdesc->spd_vendor,
850 srchdesc->spd_version,
851 srchdesc->spd_description );
853 ber_str2bv( buf, 0, 0, &bv );
854 attr_merge_normalize_one( e_database,
855 mi->mi_ad_monitoredInfo, &bv, NULL );
859 } while ( ( slapi_int_pblock_get_next( &pCurrentPB ) == LDAP_SUCCESS )
860 && ( pCurrentPB != NULL ) );
865 #endif /* defined(LDAP_SLAPI) */