1 /* unique.c - attribute uniqueness module */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2004-2008 The OpenLDAP Foundation.
6 * Portions Copyright 2004,2006-2007 Symas Corporation.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
13 * A copy of this license is available in the file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
18 * This work was initially developed by Symas Corporation for
19 * inclusion in OpenLDAP Software, with subsequent enhancements by
20 * Matthew Backes at Symas Corporation. This work was sponsored by
26 #ifdef SLAPD_OVER_UNIQUE
30 #include <ac/string.h>
31 #include <ac/socket.h>
36 #define UNIQUE_DEFAULT_URI ("ldap:///??sub")
38 static slap_overinst unique;
40 typedef struct unique_attrs_s {
41 struct unique_attrs_s *next; /* list of attrs */
42 AttributeDescription *attr;
45 typedef struct unique_domain_uri_s {
46 struct unique_domain_uri_s *next;
50 struct unique_attrs_s *attrs;
54 typedef struct unique_domain_s {
55 struct unique_domain_s *next;
56 struct berval domain_spec;
57 struct unique_domain_uri_s *uri;
58 char ignore; /* polarity of attributes */
59 char strict; /* null considered unique too */
62 typedef struct unique_data_s {
63 struct unique_domain_s *domains;
64 struct unique_domain_s *legacy;
65 char legacy_strict_set;
68 typedef struct unique_counter_s {
81 static ConfigDriver unique_cf_base;
82 static ConfigDriver unique_cf_attrs;
83 static ConfigDriver unique_cf_strict;
84 static ConfigDriver unique_cf_uri;
86 static ConfigTable uniquecfg[] = {
87 { "unique_base", "basedn", 2, 2, 0, ARG_DN|ARG_MAGIC|UNIQUE_BASE,
88 unique_cf_base, "( OLcfgOvAt:10.1 NAME 'olcUniqueBase' "
89 "DESC 'Subtree for uniqueness searches' "
90 "EQUALITY distinguishedNameMatch "
91 "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
92 { "unique_ignore", "attribute...", 2, 0, 0, ARG_MAGIC|UNIQUE_IGNORE,
93 unique_cf_attrs, "( OLcfgOvAt:10.2 NAME 'olcUniqueIgnore' "
94 "DESC 'Attributes for which uniqueness shall not be enforced' "
95 "EQUALITY caseIgnoreMatch "
96 "ORDERING caseIgnoreOrderingMatch "
97 "SUBSTR caseIgnoreSubstringsMatch "
98 "SYNTAX OMsDirectoryString )", NULL, NULL },
99 { "unique_attributes", "attribute...", 2, 0, 0, ARG_MAGIC|UNIQUE_ATTR,
100 unique_cf_attrs, "( OLcfgOvAt:10.3 NAME 'olcUniqueAttribute' "
101 "DESC 'Attributes for which uniqueness shall be enforced' "
102 "EQUALITY caseIgnoreMatch "
103 "ORDERING caseIgnoreOrderingMatch "
104 "SUBSTR caseIgnoreSubstringsMatch "
105 "SYNTAX OMsDirectoryString )", NULL, NULL },
106 { "unique_strict", "on|off", 1, 2, 0, ARG_MAGIC|UNIQUE_STRICT,
107 unique_cf_strict, "( OLcfgOvAt:10.4 NAME 'olcUniqueStrict' "
108 "DESC 'Enforce uniqueness of null values' "
109 "EQUALITY booleanMatch "
110 "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
111 { "unique_uri", "ldapuri", 2, 3, 0, ARG_MAGIC|UNIQUE_URI,
112 unique_cf_uri, "( OLcfgOvAt:10.5 NAME 'olcUniqueURI' "
113 "DESC 'List of keywords and LDAP URIs for a uniqueness domain' "
114 "EQUALITY caseExactMatch "
115 "ORDERING caseExactOrderingMatch "
116 "SUBSTR caseExactSubstringsMatch "
117 "SYNTAX OMsDirectoryString )", NULL, NULL },
118 { NULL, NULL, 0, 0, 0, ARG_IGNORED }
121 static ConfigOCs uniqueocs[] = {
122 { "( OLcfgOvOc:10.1 "
123 "NAME 'olcUniqueConfig' "
124 "DESC 'Attribute value uniqueness configuration' "
125 "SUP olcOverlayConfig "
126 "MAY ( olcUniqueBase $ olcUniqueIgnore $ "
127 "olcUniqueAttribute $ olcUniqueStrict $ "
129 Cft_Overlay, uniquecfg },
134 unique_free_domain_uri ( unique_domain_uri *uri )
136 unique_domain_uri *next_uri = NULL;
137 unique_attrs *attr, *next_attr = NULL;
140 next_uri = uri->next;
141 ch_free ( uri->dn.bv_val );
142 ch_free ( uri->ndn.bv_val );
143 ch_free ( uri->filter.bv_val );
146 next_attr = attr->next;
155 /* free an entire stack of domains */
157 unique_free_domain ( unique_domain *domain )
159 unique_domain *next_domain = NULL;
162 next_domain = domain->next;
163 ch_free ( domain->domain_spec.bv_val );
164 unique_free_domain_uri ( domain->uri );
166 domain = next_domain;
171 unique_new_domain_uri ( unique_domain_uri **urip,
172 const LDAPURLDesc *url_desc,
175 int i, rc = LDAP_SUCCESS;
176 unique_domain_uri *uri;
177 struct berval bv = {0, NULL};
178 BackendDB *be = (BackendDB *)c->be;
180 AttributeDescription * ad;
183 uri = ch_calloc ( 1, sizeof ( unique_domain_uri ) );
185 if ( url_desc->lud_dn && url_desc->lud_dn[0] ) {
186 ber_str2bv( url_desc->lud_dn, 0, 0, &bv );
187 rc = dnPrettyNormal( NULL,
192 if ( rc != LDAP_SUCCESS ) {
193 snprintf( c->cr_msg, sizeof( c->cr_msg ),
194 "<%s> invalid DN %d (%s)",
195 url_desc->lud_dn, rc, ldap_err2string( rc ));
200 if ( be->be_nsuffix == NULL ) {
201 snprintf( c->cr_msg, sizeof( c->cr_msg ),
202 "suffix must be set" );
203 Debug ( LDAP_DEBUG_CONFIG, "unique config: %s\n",
204 c->cr_msg, NULL, NULL );
209 if ( !dnIsSuffix ( &uri->ndn, &be->be_nsuffix[0] ) ) {
210 snprintf( c->cr_msg, sizeof( c->cr_msg ),
211 "dn <%s> is not a suffix of backend base dn <%s>",
213 be->be_nsuffix[0].bv_val );
219 attr_str = url_desc->lud_attrs;
221 for ( i=0; attr_str[i]; ++i ) {
224 if ( slap_str2ad ( attr_str[i], &ad, &text )
226 attr = ch_calloc ( 1,
227 sizeof ( unique_attrs ) );
229 attr->next = uri->attrs;
232 snprintf( c->cr_msg, sizeof( c->cr_msg ),
233 "unique: attribute: %s: %s",
241 uri->scope = url_desc->lud_scope;
243 snprintf( c->cr_msg, sizeof( c->cr_msg ),
244 "unique: uri with base scope will always be unique");
249 if (url_desc->lud_filter) {
250 Filter *f = str2filter( url_desc->lud_filter );
253 snprintf( c->cr_msg, sizeof( c->cr_msg ),
254 "unique: bad filter");
258 /* make sure the strfilter is in normal form (ITS#5581) */
259 filter2bv( f, &uri->filter );
261 ptr = strstr( uri->filter.bv_val, "(?=" /*)*/ );
262 if ( ptr != NULL && ptr <= ( uri->filter.bv_val - STRLENOF( "(?=" /*)*/ ) + uri->filter.bv_len ) )
264 snprintf( c->cr_msg, sizeof( c->cr_msg ),
265 "unique: bad filter");
274 Debug ( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
275 "%s: %s\n", c->log, c->cr_msg, 0 );
276 unique_free_domain_uri ( uri );
283 unique_new_domain_uri_basic ( unique_domain_uri **urip,
286 LDAPURLDesc *url_desc = NULL;
289 rc = ldap_url_parse ( UNIQUE_DEFAULT_URI, &url_desc );
291 rc = unique_new_domain_uri ( urip, url_desc, c );
292 ldap_free_urldesc ( url_desc );
296 /* if *domain is non-null, it's pushed down the stack.
297 * note that the entire stack is freed if there is an error,
298 * so build added domains in a separate stack before adding them
300 * domain_specs look like
302 * [strict ][ignore ]uri[[ uri]...]
303 * e.g. "ldap:///ou=foo,o=bar?uid?sub ldap:///ou=baz,o=bar?uid?sub"
304 * "strict ldap:///ou=accounts,o=bar?uid,uidNumber?one"
307 * so finally strictness is per-domain
308 * but so is ignore-state, and that would be better as a per-url thing
311 unique_new_domain ( unique_domain **domainp,
316 int rc = LDAP_SUCCESS;
318 unique_domain * domain;
319 LDAPURLDesc *url_desc, *url_descs = NULL;
321 Debug(LDAP_DEBUG_TRACE, "==> unique_new_domain <%s>\n",
324 domain = ch_calloc ( 1, sizeof (unique_domain) );
325 ber_str2bv( domain_spec, 0, 1, &domain->domain_spec );
327 uri_start = domain_spec;
328 if ( strncasecmp ( uri_start, "ignore ",
329 STRLENOF( "ignore " ) ) == 0 ) {
331 uri_start += STRLENOF( "ignore " );
333 if ( strncasecmp ( uri_start, "strict ",
334 STRLENOF( "strict " ) ) == 0 ) {
336 uri_start += STRLENOF( "strict " );
338 && strncasecmp ( uri_start, "ignore ",
339 STRLENOF( "ignore " ) ) == 0 ) {
341 uri_start += STRLENOF( "ignore " );
344 rc = ldap_url_parselist_ext ( &url_descs, uri_start, " ", 0 );
346 snprintf( c->cr_msg, sizeof( c->cr_msg ),
347 "<%s> invalid ldap urilist",
353 for ( url_desc = url_descs;
355 url_desc = url_descs->lud_next ) {
356 rc = unique_new_domain_uri ( &domain->uri,
367 if ( url_descs ) ldap_free_urldesc ( url_descs );
368 domain->next = *domainp;
371 Debug ( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
372 "%s: %s\n", c->log, c->cr_msg, 0 );
373 unique_free_domain ( domain );
380 unique_cf_base( ConfigArgs *c )
382 BackendDB *be = (BackendDB *)c->be;
383 slap_overinst *on = (slap_overinst *)c->bi;
384 unique_data *private = (unique_data *) on->on_bi.bi_private;
385 unique_domain *domains = private->domains;
386 unique_domain *legacy = private->legacy;
387 int rc = ARG_BAD_CONF;
390 case SLAP_CONFIG_EMIT:
392 if ( legacy && legacy->uri && legacy->uri->dn.bv_val ) {
393 rc = value_add_one ( &c->rvalue_vals,
396 rc = value_add_one ( &c->rvalue_nvals,
401 case LDAP_MOD_DELETE:
402 assert ( legacy && legacy->uri && legacy->uri->dn.bv_val );
404 ch_free ( legacy->uri->dn.bv_val );
405 ch_free ( legacy->uri->ndn.bv_val );
406 BER_BVZERO( &legacy->uri->dn );
407 BER_BVZERO( &legacy->uri->ndn );
408 if ( !legacy->uri->attrs ) {
409 unique_free_domain_uri ( legacy->uri );
412 if ( !legacy->uri && !private->legacy_strict_set ) {
413 unique_free_domain ( legacy );
414 private->legacy = legacy = NULL;
418 case SLAP_CONFIG_ADD:
420 snprintf( c->cr_msg, sizeof( c->cr_msg ),
421 "cannot set legacy attrs when URIs are present" );
422 Debug ( LDAP_DEBUG_CONFIG, "unique config: %s\n",
423 c->cr_msg, NULL, NULL );
427 if ( be->be_nsuffix == NULL ) {
428 snprintf( c->cr_msg, sizeof( c->cr_msg ),
429 "suffix must be set" );
430 Debug ( LDAP_DEBUG_CONFIG, "unique config: %s\n",
431 c->cr_msg, NULL, NULL );
435 if ( !dnIsSuffix ( &c->value_ndn,
436 &be->be_nsuffix[0] ) ) {
437 snprintf( c->cr_msg, sizeof( c->cr_msg ),
438 "dn is not a suffix of backend base" );
439 Debug ( LDAP_DEBUG_CONFIG, "unique config: %s\n",
440 c->cr_msg, NULL, NULL );
445 unique_new_domain ( &private->legacy,
448 legacy = private->legacy;
451 unique_new_domain_uri_basic ( &legacy->uri, c );
452 ch_free ( legacy->uri->dn.bv_val );
453 ch_free ( legacy->uri->ndn.bv_val );
454 legacy->uri->dn = c->value_dn;
455 legacy->uri->ndn = c->value_ndn;
466 unique_cf_attrs( ConfigArgs *c )
468 slap_overinst *on = (slap_overinst *)c->bi;
469 unique_data *private = (unique_data *) on->on_bi.bi_private;
470 unique_domain *domains = private->domains;
471 unique_domain *legacy = private->legacy;
472 unique_attrs *new_attrs = NULL;
473 unique_attrs *attr, *next_attr, *reverse_attrs;
474 unique_attrs **attrp;
475 int rc = ARG_BAD_CONF;
479 case SLAP_CONFIG_EMIT:
481 && (c->type == UNIQUE_IGNORE) == legacy->ignore
483 for ( attr = legacy->uri->attrs;
486 value_add_one( &c->rvalue_vals,
487 &attr->attr->ad_cname );
490 case LDAP_MOD_DELETE:
492 && (c->type == UNIQUE_IGNORE) == legacy->ignore
494 && legacy->uri->attrs) {
495 if ( c->valx < 0 ) { /* delete all */
496 for ( attr = legacy->uri->attrs;
499 next_attr = attr->next;
502 legacy->uri->attrs = NULL;
503 } else { /* delete by index */
504 attrp = &legacy->uri->attrs;
505 for ( i=0; i < c->valx; ++i )
506 attrp = &(*attrp)->next;
511 if ( !legacy->uri->attrs
512 && !legacy->uri->dn.bv_val ) {
513 unique_free_domain_uri ( legacy->uri );
516 if ( !legacy->uri && !private->legacy_strict_set ) {
517 unique_free_domain ( legacy );
518 private->legacy = legacy = NULL;
524 case SLAP_CONFIG_ADD:
526 snprintf( c->cr_msg, sizeof( c->cr_msg ),
527 "cannot set legacy attrs when URIs are present" );
528 Debug ( LDAP_DEBUG_CONFIG, "unique config: %s\n",
529 c->cr_msg, NULL, NULL );
535 && legacy->uri->attrs
536 && (c->type == UNIQUE_IGNORE) != legacy->ignore ) {
537 snprintf( c->cr_msg, sizeof( c->cr_msg ),
538 "cannot set both attrs and ignore-attrs" );
539 Debug ( LDAP_DEBUG_CONFIG, "unique config: %s\n",
540 c->cr_msg, NULL, NULL );
545 unique_new_domain ( &private->legacy,
548 legacy = private->legacy;
551 unique_new_domain_uri_basic ( &legacy->uri, c );
553 for ( i=1; c->argv[i]; ++i ) {
554 AttributeDescription * ad = NULL;
556 if ( slap_str2ad ( c->argv[i], &ad, &text )
559 attr = ch_calloc ( 1,
560 sizeof ( unique_attrs ) );
562 attr->next = new_attrs;
565 snprintf( c->cr_msg, sizeof( c->cr_msg ),
566 "unique: attribute: %s: %s",
568 for ( attr = new_attrs;
571 next_attr = attr->next;
580 /* (nconc legacy->uri->attrs (nreverse new_attrs)) */
581 reverse_attrs = NULL;
582 for ( attr = new_attrs;
585 next_attr = attr->next;
586 attr->next = reverse_attrs;
587 reverse_attrs = attr;
589 for ( attrp = &legacy->uri->attrs;
591 attrp = &(*attrp)->next ) ;
592 *attrp = reverse_attrs;
594 legacy->ignore = ( c->type == UNIQUE_IGNORE );
601 Debug ( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
602 "%s: %s\n", c->log, c->cr_msg, 0 );
608 unique_cf_strict( ConfigArgs *c )
610 slap_overinst *on = (slap_overinst *)c->bi;
611 unique_data *private = (unique_data *) on->on_bi.bi_private;
612 unique_domain *domains = private->domains;
613 unique_domain *legacy = private->legacy;
614 int rc = ARG_BAD_CONF;
617 case SLAP_CONFIG_EMIT:
618 /* We process the boolean manually instead of using
619 * ARG_ON_OFF so that we can three-state it;
620 * olcUniqueStrict is either TRUE, FALSE, or missing,
621 * and missing is necessary to add olcUniqueURIs...
623 if ( private->legacy_strict_set ) {
625 bv.bv_val = legacy->strict ? "TRUE" : "FALSE";
626 bv.bv_len = legacy->strict ?
629 value_add_one ( &c->rvalue_vals, &bv );
633 case LDAP_MOD_DELETE:
636 if ( ! legacy->uri ) {
637 unique_free_domain ( legacy );
638 private->legacy = NULL;
641 private->legacy_strict_set = 0;
645 case SLAP_CONFIG_ADD:
647 snprintf( c->cr_msg, sizeof( c->cr_msg ),
648 "cannot set legacy attrs when URIs are present" );
649 Debug ( LDAP_DEBUG_CONFIG, "unique config: %s\n",
650 c->cr_msg, NULL, NULL );
655 unique_new_domain ( &private->legacy,
658 legacy = private->legacy;
660 /* ... not using ARG_ON_OFF makes this necessary too */
661 assert ( c->argc == 2 );
662 legacy->strict = (strcasecmp ( c->argv[1], "TRUE" ) == 0);
663 private->legacy_strict_set = 1;
674 unique_cf_uri( ConfigArgs *c )
676 slap_overinst *on = (slap_overinst *)c->bi;
677 unique_data *private = (unique_data *) on->on_bi.bi_private;
678 unique_domain *domains = private->domains;
679 unique_domain *legacy = private->legacy;
680 unique_domain *domain = NULL, **domainp = NULL;
681 int rc = ARG_BAD_CONF;
685 case SLAP_CONFIG_EMIT:
686 for ( domain = domains;
688 domain = domain->next ) {
689 rc = value_add_one ( &c->rvalue_vals,
690 &domain->domain_spec );
694 case LDAP_MOD_DELETE:
695 if ( c->valx < 0 ) { /* delete them all! */
696 unique_free_domain ( domains );
697 private->domains = NULL;
698 } else { /* delete just one */
699 domainp = &private->domains;
700 for ( i=0; i < c->valx && *domainp; ++i )
701 domainp = &(*domainp)->next;
703 /* If *domainp is null, we walked off the end
704 * of the list. This happens when back-config
705 * and the overlay are out-of-sync, like when
706 * rejecting changes before ITS#4752 gets
709 * This should never happen, but will appear
710 * if you backport this version of
711 * slapo-unique without the config-undo fixes
713 * test024 Will hit this case in such a
716 assert (*domainp != NULL);
719 *domainp = domain->next;
721 unique_free_domain ( domain );
726 case SLAP_CONFIG_ADD: /* fallthrough */
729 snprintf( c->cr_msg, sizeof( c->cr_msg ),
730 "cannot set Uri when legacy attrs are present" );
731 Debug ( LDAP_DEBUG_CONFIG, "unique config: %s\n",
732 c->cr_msg, NULL, NULL );
737 if ( c->line ) rc = unique_new_domain ( &domain, c->line, c );
738 else rc = unique_new_domain ( &domain, c->argv[1], c );
740 assert ( domain->next == NULL );
741 for ( domainp = &private->domains;
743 domainp = &(*domainp)->next ) ;
756 ** allocate new unique_data;
757 ** initialize, copy basedn;
758 ** store in on_bi.bi_private;
768 slap_overinst *on = (slap_overinst *)be->bd_info;
769 unique_data **privatep = (unique_data **) &on->on_bi.bi_private;
771 Debug(LDAP_DEBUG_TRACE, "==> unique_db_init\n", 0, 0, 0);
773 *privatep = ch_calloc ( 1, sizeof ( unique_data ) );
784 slap_overinst *on = (slap_overinst *)be->bd_info;
785 unique_data **privatep = (unique_data **) &on->on_bi.bi_private;
786 unique_data *private = *privatep;
788 Debug(LDAP_DEBUG_TRACE, "==> unique_db_destroy\n", 0, 0, 0);
791 unique_domain *domains = private->domains;
792 unique_domain *legacy = private->legacy;
794 unique_free_domain ( domains );
795 unique_free_domain ( legacy );
809 Debug(LDAP_DEBUG_TRACE, "unique_open: overlay initialized\n", 0, 0, 0);
816 ** Leave unique_data but wipe out config
826 slap_overinst *on = (slap_overinst *) be->bd_info;
827 unique_data **privatep = (unique_data **) &on->on_bi.bi_private;
828 unique_data *private = *privatep;
830 Debug(LDAP_DEBUG_TRACE, "==> unique_close\n", 0, 0, 0);
833 unique_domain *domains = private->domains;
834 unique_domain *legacy = private->legacy;
836 unique_free_domain ( domains );
837 unique_free_domain ( legacy );
838 memset ( private, 0, sizeof ( unique_data ) );
847 ** if this is a REP_SEARCH, count++;
851 static int count_attr_cb(
858 /* because you never know */
859 if(!op || !rs) return(0);
861 /* Only search entries are interesting */
862 if(rs->sr_type != REP_SEARCH) return(0);
864 uc = op->o_callback->sc_private;
866 /* Ignore the current entry */
867 if ( dn_match( uc->ndn, &rs->sr_entry->e_nname )) return(0);
869 Debug(LDAP_DEBUG_TRACE, "==> count_attr_cb <%s>\n",
870 rs->sr_entry ? rs->sr_entry->e_name.bv_val : "UNKNOWN_DN", 0, 0);
877 /* count the length of one attribute ad
878 * (and all of its values b)
879 * in the proposed filter
883 unique_domain *domain,
884 unique_domain_uri *uri,
885 AttributeDescription *ad,
893 while ( !is_at_operational( ad->ad_type ) ) {
895 for ( attr = uri->attrs; attr; attr = attr->next ) {
896 if ( ad == attr->attr ) {
900 if ( ( domain->ignore && attr )
901 || (!domain->ignore && !attr )) {
905 if ( b && b[0].bv_val ) {
906 for (i = 0; b[i].bv_val; i++ ) {
907 /* note: make room for filter escaping... */
908 ks += ( 3 * b[i].bv_len ) + ad->ad_cname.bv_len + STRLENOF( "(=)" );
910 } else if ( domain->strict ) {
911 ks += ad->ad_cname.bv_len + STRLENOF( "(=*)" ); /* (attr=*) */
921 unique_domain *domain,
922 unique_domain_uri *uri,
923 AttributeDescription *ad,
933 while ( !is_at_operational( ad->ad_type ) ) {
935 for ( attr = uri->attrs; attr; attr = attr->next ) {
936 if ( ad == attr->attr ) {
940 if ( ( domain->ignore && attr )
941 || (!domain->ignore && !attr )) {
945 if ( b && b[0].bv_val ) {
946 for ( i = 0; b[i].bv_val; i++ ) {
950 ldap_bv2escaped_filter_value_x( &b[i], &bv, 1, ctx );
951 len = snprintf( kp, ks, "(%s=%s)", ad->ad_cname.bv_val, bv.bv_val );
952 assert( len >= 0 && len < ks );
954 if ( bv.bv_val != b[i].bv_val ) {
955 ber_memfree_x( bv.bv_val, ctx );
958 } else if ( domain->strict ) {
960 len = snprintf( kp, ks, "(%s=*)", ad->ad_cname.bv_val );
961 assert( len >= 0 && len < ks );
979 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
980 SlapReply nrs = { REP_RESULT };
981 slap_callback cb = { NULL, NULL, NULL, NULL }; /* XXX */
982 unique_counter uq = { NULL, 0 };
985 Debug(LDAP_DEBUG_TRACE, "==> unique_search %s\n", key->bv_val, 0, 0);
987 nop->ors_filter = str2filter_x(nop, key->bv_val);
988 if(nop->ors_filter == NULL) {
989 op->o_bd->bd_info = (BackendInfo *) on->on_info;
990 send_ldap_error(op, rs, LDAP_OTHER,
991 "unique_search invalid filter");
995 nop->ors_filterstr = *key;
997 cb.sc_response = (slap_response*)count_attr_cb;
999 nop->o_callback = &cb;
1000 nop->o_tag = LDAP_REQ_SEARCH;
1001 nop->ors_scope = scope;
1002 nop->ors_deref = LDAP_DEREF_NEVER;
1003 nop->ors_limit = NULL;
1004 nop->ors_slimit = SLAP_NO_LIMIT;
1005 nop->ors_tlimit = SLAP_NO_LIMIT;
1006 nop->ors_attrs = slap_anlist_no_attrs;
1007 nop->ors_attrsonly = 1;
1009 uq.ndn = &op->o_req_ndn;
1011 nop->o_req_ndn = *dn;
1012 nop->o_ndn = op->o_bd->be_rootndn;
1014 nop->o_bd = on->on_info->oi_origdb;
1015 rc = nop->o_bd->be_search(nop, &nrs);
1016 filter_free_x(nop, nop->ors_filter, 1);
1017 op->o_tmpfree( key->bv_val, op->o_tmpmemctx );
1019 if(rc != LDAP_SUCCESS && rc != LDAP_NO_SUCH_OBJECT) {
1020 op->o_bd->bd_info = (BackendInfo *) on->on_info;
1021 send_ldap_error(op, rs, rc, "unique_search failed");
1025 Debug(LDAP_DEBUG_TRACE, "=> unique_search found %d records\n", uq.count, 0, 0);
1028 op->o_bd->bd_info = (BackendInfo *) on->on_info;
1029 send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION,
1030 "some attributes not unique");
1034 return(SLAP_CB_CONTINUE);
1043 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
1044 unique_data *private = (unique_data *) on->on_bi.bi_private;
1045 unique_domain *domains = private->domains;
1046 unique_domain *legacy = private->legacy;
1047 unique_domain *domain;
1048 Operation nop = *op;
1051 struct berval bvkey;
1052 int rc = SLAP_CB_CONTINUE;
1054 Debug(LDAP_DEBUG_TRACE, "==> unique_add <%s>\n",
1055 op->o_req_dn.bv_val, 0, 0);
1057 for ( domain = legacy ? legacy : domains;
1059 domain = domain->next )
1061 unique_domain_uri *uri;
1062 int ks = STRLENOF("(|)");
1064 for ( uri = domain->uri;
1070 if ( uri->ndn.bv_val
1071 && !dnIsSuffix( &op->o_req_ndn, &uri->ndn ))
1074 if(!(a = op->ora_e->e_attrs)) {
1075 op->o_bd->bd_info = (BackendInfo *) on->on_info;
1076 send_ldap_error(op, rs, LDAP_INVALID_SYNTAX,
1077 "unique_add() got null op.ora_e.e_attrs");
1082 for(; a; a = a->a_next) {
1083 ks += count_filter_len ( domain,
1090 /* skip this domain-uri if it isn't involved */
1091 if ( !ks ) continue;
1093 /* terminating NUL */
1096 if ( uri->filter.bv_val && uri->filter.bv_len )
1097 ks += uri->filter.bv_len + STRLENOF ("(&)");
1098 kp = key = op->o_tmpalloc(ks, op->o_tmpmemctx);
1100 if ( uri->filter.bv_val && uri->filter.bv_len ) {
1101 len = snprintf (kp, ks, "(&%s", uri->filter.bv_val);
1102 assert( len >= 0 && len < ks );
1105 len = snprintf(kp, ks - (kp - key), "(|");
1106 assert( len >= 0 && len < ks - (kp - key) );
1109 for(a = op->ora_e->e_attrs; a; a = a->a_next)
1110 kp = build_filter(domain,
1118 len = snprintf(kp, ks - (kp - key), ")");
1119 assert( len >= 0 && len < ks - (kp - key) );
1121 if ( uri->filter.bv_val && uri->filter.bv_len ) {
1122 len = snprintf(kp, ks - (kp - key), ")");
1123 assert( len >= 0 && len < ks - (kp - key) );
1127 bvkey.bv_len = kp - key;
1129 rc = unique_search ( op,
1133 &op->o_bd->be_nsuffix[0],
1138 if ( rc != SLAP_CB_CONTINUE ) break;
1140 if ( rc != SLAP_CB_CONTINUE ) break;
1153 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
1154 unique_data *private = (unique_data *) on->on_bi.bi_private;
1155 unique_domain *domains = private->domains;
1156 unique_domain *legacy = private->legacy;
1157 unique_domain *domain;
1158 Operation nop = *op;
1161 struct berval bvkey;
1162 int rc = SLAP_CB_CONTINUE;
1164 Debug(LDAP_DEBUG_TRACE, "==> unique_modify <%s>\n",
1165 op->o_req_dn.bv_val, 0, 0);
1167 for ( domain = legacy ? legacy : domains;
1169 domain = domain->next )
1171 unique_domain_uri *uri;
1172 int ks = STRLENOF("(|)");
1174 for ( uri = domain->uri;
1180 if ( uri->ndn.bv_val
1181 && !dnIsSuffix( &op->o_req_ndn, &uri->ndn ))
1184 if ( !(m = op->orm_modlist) ) {
1185 op->o_bd->bd_info = (BackendInfo *) on->on_info;
1186 send_ldap_error(op, rs, LDAP_INVALID_SYNTAX,
1187 "unique_modify() got null op.orm_modlist");
1192 for ( ; m; m = m->sml_next)
1193 if ( (m->sml_op & LDAP_MOD_OP)
1194 != LDAP_MOD_DELETE )
1195 ks += count_filter_len
1201 /* skip this domain-uri if it isn't involved */
1202 if ( !ks ) continue;
1204 /* terminating NUL */
1207 if ( uri->filter.bv_val && uri->filter.bv_len )
1208 ks += uri->filter.bv_len + STRLENOF ("(&)");
1209 kp = key = op->o_tmpalloc(ks, op->o_tmpmemctx);
1211 if ( uri->filter.bv_val && uri->filter.bv_len ) {
1212 len = snprintf(kp, ks, "(&%s", uri->filter.bv_val);
1213 assert( len >= 0 && len < ks );
1216 len = snprintf(kp, ks - (kp - key), "(|");
1217 assert( len >= 0 && len < ks - (kp - key) );
1220 for(m = op->orm_modlist; m; m = m->sml_next)
1221 if ( (m->sml_op & LDAP_MOD_OP)
1222 != LDAP_MOD_DELETE )
1223 kp = build_filter ( domain,
1231 len = snprintf(kp, ks - (kp - key), ")");
1232 assert( len >= 0 && len < ks - (kp - key) );
1234 if ( uri->filter.bv_val && uri->filter.bv_len ) {
1235 len = snprintf (kp, ks - (kp - key), ")");
1236 assert( len >= 0 && len < ks - (kp - key) );
1240 bvkey.bv_len = kp - key;
1242 rc = unique_search ( op,
1246 &op->o_bd->be_nsuffix[0],
1251 if ( rc != SLAP_CB_CONTINUE ) break;
1253 if ( rc != SLAP_CB_CONTINUE ) break;
1266 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
1267 unique_data *private = (unique_data *) on->on_bi.bi_private;
1268 unique_domain *domains = private->domains;
1269 unique_domain *legacy = private->legacy;
1270 unique_domain *domain;
1271 Operation nop = *op;
1273 struct berval bvkey;
1275 struct berval bv[2];
1276 int rc = SLAP_CB_CONTINUE;
1278 Debug(LDAP_DEBUG_TRACE, "==> unique_modrdn <%s> <%s>\n",
1279 op->o_req_dn.bv_val, op->orr_newrdn.bv_val, 0);
1281 for ( domain = legacy ? legacy : domains;
1283 domain = domain->next )
1285 unique_domain_uri *uri;
1286 int ks = STRLENOF("(|)");
1288 for ( uri = domain->uri;
1294 if ( uri->ndn.bv_val
1295 && !dnIsSuffix( &op->o_req_ndn, &uri->ndn )
1296 && (!op->orr_nnewSup
1297 || !dnIsSuffix( op->orr_nnewSup, &uri->ndn )))
1300 if ( ldap_bv2rdn_x ( &op->oq_modrdn.rs_newrdn,
1302 (char **)&rs->sr_text,
1303 LDAP_DN_FORMAT_LDAP,
1304 op->o_tmpmemctx ) ) {
1305 op->o_bd->bd_info = (BackendInfo *) on->on_info;
1306 send_ldap_error(op, rs, LDAP_INVALID_SYNTAX,
1307 "unknown type(s) used in RDN");
1312 rc = SLAP_CB_CONTINUE;
1313 for ( i=0; newrdn[i]; i++) {
1314 AttributeDescription *ad = NULL;
1315 if ( slap_bv2ad( &newrdn[i]->la_attr, &ad, &rs->sr_text )) {
1316 ldap_rdnfree_x( newrdn, op->o_tmpmemctx );
1317 rs->sr_err = LDAP_INVALID_SYNTAX;
1318 send_ldap_result( op, rs );
1322 newrdn[i]->la_private = ad;
1324 if ( rc != SLAP_CB_CONTINUE ) break;
1326 bv[1].bv_val = NULL;
1329 for ( i=0; newrdn[i]; i++ ) {
1330 bv[0] = newrdn[i]->la_value;
1331 ks += count_filter_len ( domain,
1333 newrdn[i]->la_private,
1337 /* skip this domain if it isn't involved */
1338 if ( !ks ) continue;
1340 /* terminating NUL */
1343 if ( uri->filter.bv_val && uri->filter.bv_len )
1344 ks += uri->filter.bv_len + STRLENOF ("(&)");
1345 kp = key = op->o_tmpalloc(ks, op->o_tmpmemctx);
1347 if ( uri->filter.bv_val && uri->filter.bv_len ) {
1348 len = snprintf(kp, ks, "(&%s", uri->filter.bv_val);
1349 assert( len >= 0 && len < ks );
1352 len = snprintf(kp, ks - (kp - key), "(|");
1353 assert( len >= 0 && len < ks - (kp - key) );
1356 for ( i=0; newrdn[i]; i++) {
1357 bv[0] = newrdn[i]->la_value;
1358 kp = build_filter ( domain,
1360 newrdn[i]->la_private,
1367 len = snprintf(kp, ks - (kp - key), ")");
1368 assert( len >= 0 && len < ks - (kp - key) );
1370 if ( uri->filter.bv_val && uri->filter.bv_len ) {
1371 len = snprintf (kp, ks - (kp - key), ")");
1372 assert( len >= 0 && len < ks - (kp - key) );
1376 bvkey.bv_len = kp - key;
1378 rc = unique_search ( op,
1382 &op->o_bd->be_nsuffix[0],
1387 if ( rc != SLAP_CB_CONTINUE ) break;
1389 if ( rc != SLAP_CB_CONTINUE ) break;
1396 ** init_module is last so the symbols resolve "for free" --
1397 ** it expects to be called automagically during dynamic module initialization
1405 /* statically declared just after the #includes at top */
1406 memset (&unique, 0, sizeof(unique));
1408 unique.on_bi.bi_type = "unique";
1409 unique.on_bi.bi_db_init = unique_db_init;
1410 unique.on_bi.bi_db_destroy = unique_db_destroy;
1411 unique.on_bi.bi_db_open = unique_open;
1412 unique.on_bi.bi_db_close = unique_close;
1413 unique.on_bi.bi_op_add = unique_add;
1414 unique.on_bi.bi_op_modify = unique_modify;
1415 unique.on_bi.bi_op_modrdn = unique_modrdn;
1417 unique.on_bi.bi_cf_ocs = uniqueocs;
1418 rc = config_register_schema( uniquecfg, uniqueocs );
1419 if ( rc ) return rc;
1421 return(overlay_register(&unique));
1424 #if SLAPD_OVER_UNIQUE == SLAPD_MOD_DYNAMIC && defined(PIC)
1425 int init_module(int argc, char *argv[]) {
1426 return unique_initialize();
1430 #endif /* SLAPD_OVER_UNIQUE */
projects / openldap / blob