1 /* unique.c - attribute uniqueness module */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2004 The OpenLDAP Foundation.
6 * Portions Copyright 2004 Symas Corporation.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
13 * A copy of this license is available in the file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
18 * This work was initially developed by Symas Corp. for inclusion in
19 * OpenLDAP Software. This work was sponsored by Hewlett-Packard.
24 #ifdef SLAPD_OVER_UNIQUE
28 #include <ac/string.h>
29 #include <ac/socket.h>
33 static slap_overinst unique;
35 typedef struct unique_attrs_s {
36 struct unique_attrs_s *next; /* list of attrs */
37 AttributeDescription *attr;
40 typedef struct unique_data_s {
41 const char *message; /* breadcrumbs */
42 struct unique_attrs_s *attrs; /* list of known attrs */
43 struct unique_attrs_s *ignore; /* list of ignored attrs */
44 BerValue dn; /* base of "unique tree" */
45 char strict; /* null considered unique too */
48 typedef struct unique_counter_s {
53 ** allocate new unique_data;
54 ** initialize, copy basedn;
55 ** store in on_bi.bi_private;
59 static int unique_db_init(
63 slap_overinst *on = (slap_overinst *)be->bd_info;
64 unique_data *ud = ch_malloc(sizeof(unique_data));
67 /* Debug(LDAP_DEBUG_TRACE, "==> unique_init\n", 0, 0, 0); */
69 ud->message = "_init";
74 /* default to the base of our configured database */
75 ber_dupbv(&ud->dn, &be->be_nsuffix[0]);
76 on->on_bi.bi_private = ud;
81 ** if command = attributes:
83 ** convert to attribute;
84 ** add to configured attribute list;
85 ** elseif command = base:
86 ** set our basedn to argument;
87 ** else complain about invalid directive;
91 static int unique_config(
99 slap_overinst *on = (slap_overinst *) be->bd_info;
100 unique_data *ud = on->on_bi.bi_private;
103 AttributeDescription *ad;
106 ud->message = "_config";
107 Debug(LDAP_DEBUG_TRACE, "==> unique_config\n", 0, 0, 0);
109 if(!strcasecmp(*argv, "unique_attributes") ||
110 !strcasecmp(*argv, "unique_ignore")) {
111 for(i = 1; i < argc; i++) {
112 for(up = ud->attrs; up; up = up->next)
113 if(!strcmp(argv[i], up->attr->ad_cname.bv_val)) {
114 Debug(LDAP_DEBUG_ANY,
115 "%s: line %d: duplicate attribute <s>, ignored\n",
116 fname, lineno, argv[i]);
120 if(slap_str2ad(argv[i], &ad, &text) != LDAP_SUCCESS) {
121 Debug(LDAP_DEBUG_ANY,
122 "%s: line %d: bad attribute <%s>, ignored\n",
123 fname, lineno, text);
125 } else if(ad->ad_next) {
126 Debug(LDAP_DEBUG_ANY,
127 "%s: line %d: multiple attributes match <%s>, ignored\n",
128 fname, lineno, argv[i]);
131 up = ch_malloc(sizeof(unique_attrs));
133 if(!strcasecmp(*argv, "unique_ignore")) {
134 up->next = ud->ignore;
137 up->next = ud->attrs;
140 Debug(LDAP_DEBUG_ANY, "%s: line %d: new attribute <%s>\n",
141 fname, lineno, argv[i]);
143 } else if(!strcasecmp(*argv, "unique_strict")) {
145 } else if(!strcasecmp(*argv, "unique_base")) {
147 ber_str2bv( argv[1], 0, 0, &bv );
148 ch_free(ud->dn.bv_val);
149 dnNormalize(0, NULL, NULL, &bv, &ud->dn, NULL);
150 Debug(LDAP_DEBUG_ANY, "%s: line %d: new base dn <%s>\n",
151 fname, lineno, argv[1]);
153 return(SLAP_CONF_UNKNOWN);
161 ** mostly, just print the init message;
170 slap_overinst *on = (slap_overinst *)be->bd_info;
171 unique_data *ud = on->on_bi.bi_private;
172 ud->message = "_open";
174 Debug(LDAP_DEBUG_TRACE, "unique_open: overlay initialized\n", 0, 0, 0);
181 ** foreach configured attribute:
184 ** (do not) free ud->message;
185 ** reset on_bi.bi_private;
186 ** free our config data;
195 slap_overinst *on = (slap_overinst *) be->bd_info;
196 unique_data *ud = on->on_bi.bi_private;
197 unique_attrs *ii, *ij;
198 ud->message = "_close";
200 Debug(LDAP_DEBUG_TRACE, "==> unique_close\n", 0, 0, 0);
202 for(ii = ud->attrs; ii; ii = ij) {
207 for(ii = ud->ignore; ii; ii = ij) {
212 ch_free(ud->dn.bv_val);
214 on->on_bi.bi_private = NULL; /* XXX */
224 ** if this is a REP_SEARCH, count++;
228 static int count_attr_cb(
233 /* because you never know */
234 if(!op || !rs) return(0);
236 /* Only search entries are interesting */
237 if(rs->sr_type != REP_SEARCH) return(0);
239 Debug(LDAP_DEBUG_TRACE, "==> count_attr_cb <%s>\n",
240 rs->sr_entry ? rs->sr_entry->e_name.bv_val : "UNKNOWN_DN", 0, 0);
242 ((unique_counter*)op->o_callback->sc_private)->count++;
247 /* XXX extraneous (slap_response*) to avoid compiler warning */
249 static int unique_add(
255 SlapReply nrs = { REP_RESULT };
256 slap_callback cb = { NULL, NULL, NULL, NULL }; /* XXX */
257 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
260 AttributeDescription *st;
262 char *fstr, *key, *kp;
266 unique_counter uq = { 0 };
267 unique_data *ud = on->on_bi.bi_private;
269 Debug(LDAP_DEBUG_TRACE, "==> unique_add <%s>\n", op->o_req_dn.bv_val, 0, 0);
271 /* validate backend. Should have already been done, but whatever */
272 nop.o_bd = select_backend(&ud->dn, 0, 1);
274 if (!nop.o_bd->be_search) {
275 op->o_bd->bd_info = (BackendInfo *) on->on_info;
276 send_ldap_error(op, rs, LDAP_UNWILLING_TO_PERFORM,
277 "backend missing search function");
281 op->o_bd->bd_info = (BackendInfo *) on->on_info;
282 send_ldap_error(op, rs, LDAP_OTHER,
283 "no known backend? this shouldn't be happening!");
288 ** count everything first;
289 ** allocate some memory;
290 ** write the search key;
294 if(!(a = op->ora_e->e_attrs)) {
295 op->o_bd->bd_info = (BackendInfo *) on->on_info;
296 send_ldap_error(op, rs, LDAP_INVALID_SYNTAX,
297 "unique_add() got null op.ora_e.e_attrs");
299 } else for(; a; a = a->a_next) {
300 if(is_at_operational(a->a_desc->ad_type)) continue;
302 for(up = ud->ignore; up; up = up->next)
303 if(a->a_desc == up->attr) break;
307 for(up = ud->attrs; up; up = up->next)
308 if(a->a_desc == up->attr) break;
311 if((b = a->a_vals) && b[0].bv_val) for(i = 0; b[i].bv_val; i++)
312 ks += b[i].bv_len + a->a_desc->ad_cname.bv_len + 3;
314 ks += a->a_desc->ad_cname.bv_len + 4; /* (attr=*) */
319 kp = key + sprintf(key, "(|");
321 for(a = op->ora_e->e_attrs; a; a = a->a_next) {
322 if(is_at_operational(a->a_desc->ad_type)) continue;
324 for(up = ud->ignore; up; up = up->next)
325 if(a->a_desc == up->attr) break;
329 for(up = ud->attrs; up; up = up->next)
330 if(a->a_desc == up->attr) break;
333 if((b = a->a_vals) && b[0].bv_val) for(i = 0; b[i].bv_val; i++)
334 kp += sprintf(kp, "(%s=%s)", a->a_desc->ad_cname.bv_val, b[i].bv_val);
336 kp += sprintf(kp, "(%s=*)", a->a_desc->ad_cname.bv_val);
339 kp += sprintf(kp, ")");
341 Debug(LDAP_DEBUG_TRACE, "=> unique_add %s\n", key, 0, 0);
343 nop.ors_filter = str2filter_x(&nop, key);
344 ber_str2bv(key, 0, 0, &nop.ors_filterstr);
346 cb.sc_response = (slap_response*)count_attr_cb;
348 nop.o_callback = &cb;
349 nop.o_tag = LDAP_REQ_SEARCH;
350 nop.ors_scope = LDAP_SCOPE_SUBTREE;
351 nop.ors_deref = LDAP_DEREF_NEVER;
352 nop.ors_slimit = SLAP_NO_LIMIT;
353 nop.ors_tlimit = SLAP_NO_LIMIT;
354 nop.o_req_ndn = ud->dn;
355 nop.o_ndn = op->o_bd->be_rootndn;
357 rc = nop.o_bd->be_search(&nop, &nrs);
358 filter_free_x(&nop, nop.ors_filter);
361 if(rc != LDAP_SUCCESS && rc != LDAP_NO_SUCH_OBJECT) {
362 op->o_bd->bd_info = (BackendInfo *) on->on_info;
363 send_ldap_error(op, rs, rc, "unique_add search failed");
367 Debug(LDAP_DEBUG_TRACE, "=> unique_add found %d records\n", uq.count, 0, 0);
370 op->o_bd->bd_info = (BackendInfo *) on->on_info;
371 send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION,
372 "some attributes not unique");
376 return(SLAP_CB_CONTINUE);
380 static int unique_modify(
386 SlapReply nrs = { REP_RESULT };
387 slap_callback cb = { NULL, (slap_response*)count_attr_cb, NULL, NULL };
388 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
391 AttributeDescription *st;
394 char *fstr, *key, *kp;
396 int i, rc, ks = 16; /* a handful of extra bytes */
398 unique_counter uq = { 0 };
399 unique_data *ud = on->on_bi.bi_private;
401 Debug(LDAP_DEBUG_TRACE, "==> unique_modify <%s>\n", op->o_req_dn.bv_val, 0, 0);
403 nop.o_bd = select_backend(&ud->dn, 0, 1);
405 if (!nop.o_bd->be_search) {
406 op->o_bd->bd_info = (BackendInfo *) on->on_info;
407 send_ldap_error(op, rs, LDAP_UNWILLING_TO_PERFORM,
408 "backend missing search function");
412 op->o_bd->bd_info = (BackendInfo *) on->on_info;
413 send_ldap_error(op, rs, LDAP_OTHER,
414 "no known backend? this shouldn't be happening!");
419 ** count everything first;
420 ** allocate some memory;
421 ** write the search key;
425 if(!(m = op->orm_modlist)) {
426 op->o_bd->bd_info = (BackendInfo *) on->on_info;
427 send_ldap_error(op, rs, LDAP_INVALID_SYNTAX,
428 "unique_modify() got null op.orm_modlist");
430 } else for(; m; m = m->sml_next) {
431 if(is_at_operational(m->sml_desc->ad_type) ||
432 ((m->sml_op & LDAP_MOD_OP) == LDAP_MOD_DELETE)) continue;
434 for(up = ud->ignore; up; up = up->next)
435 if(m->sml_desc == up->attr) break;
439 for(up = ud->attrs; up; up = up->next)
440 if(m->sml_desc == up->attr) break;
443 if((b = m->sml_values) && b[0].bv_val) for(i = 0; b[i].bv_val; i++)
444 ks += b[i].bv_len + m->sml_desc->ad_cname.bv_len + 3;
446 ks += m->sml_desc->ad_cname.bv_len + 4; /* (attr=*) */
451 kp = key + sprintf(key, "(|");
453 for(m = op->orm_modlist; m; m = m->sml_next) {
454 if(is_at_operational(m->sml_desc->ad_type) ||
455 ((m->sml_op & LDAP_MOD_OP) == LDAP_MOD_DELETE)) continue;
457 for(up = ud->ignore; up; up = up->next)
458 if(m->sml_desc == up->attr) break;
462 for(up = ud->attrs; up; up = up->next)
463 if(m->sml_desc == up->attr) break;
466 if((b = m->sml_values) && b[0].bv_val) for(i = 0; b[i].bv_val; i++)
467 kp += sprintf(kp, "(%s=%s)", m->sml_desc->ad_cname.bv_val, b[i].bv_val);
469 kp += sprintf(kp, "(%s=*)", m->sml_desc->ad_cname.bv_val);
472 kp += sprintf(kp, ")");
474 Debug(LDAP_DEBUG_TRACE, "=> unique_modify %s\n", key, 0, 0);
476 nop.ors_filter = str2filter_x(&nop, key);
477 ber_str2bv(key, 0, 0, &nop.ors_filterstr);
479 cb.sc_response = (slap_response*)count_attr_cb;
481 nop.o_callback = &cb;
482 nop.o_tag = LDAP_REQ_SEARCH;
483 nop.ors_scope = LDAP_SCOPE_SUBTREE;
484 nop.ors_deref = LDAP_DEREF_NEVER;
485 nop.ors_slimit = SLAP_NO_LIMIT;
486 nop.ors_tlimit = SLAP_NO_LIMIT;
487 nop.o_req_ndn = ud->dn;
488 nop.o_ndn = op->o_bd->be_rootndn;
490 rc = nop.o_bd->be_search(&nop, &nrs);
493 if(rc != LDAP_SUCCESS && rc != LDAP_NO_SUCH_OBJECT) {
494 op->o_bd->bd_info = (BackendInfo *) on->on_info;
495 send_ldap_error(op, rs, rc, "unique_modify search failed");
499 Debug(LDAP_DEBUG_TRACE, "=> unique_modify found %d records\n", uq.count, 0, 0);
502 op->o_bd->bd_info = (BackendInfo *) on->on_info;
503 send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION,
504 "some attributes not unique");
508 return(SLAP_CB_CONTINUE);
513 static int unique_modrdn(
519 SlapReply nrs = { REP_RESULT };
520 slap_callback cb = { NULL, (slap_response*)count_attr_cb, NULL, NULL };
521 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
523 char *fstr, *key, *kp;
525 int i, rc, ks = 16; /* a handful of extra bytes */
527 unique_counter uq = { 0 };
528 unique_data *ud = on->on_bi.bi_private;
531 Debug(LDAP_DEBUG_TRACE, "==> unique_modrdn <%s> <%s>\n",
532 op->o_req_dn.bv_val, op->orr_newrdn.bv_val, 0);
534 nop.o_bd = select_backend(&ud->dn, 0, 1);
536 if (!nop.o_bd->be_search) {
537 op->o_bd->bd_info = (BackendInfo *) on->on_info;
538 send_ldap_error(op, rs, LDAP_UNWILLING_TO_PERFORM,
539 "backend missing search function");
543 op->o_bd->bd_info = (BackendInfo *) on->on_info;
544 send_ldap_error(op, rs, LDAP_OTHER,
545 "no known backend? this shouldn't be happening!");
549 if(ldap_bv2rdn_x(&op->oq_modrdn.rs_newrdn, &newrdn,
550 (char **)&rs->sr_text, LDAP_DN_FORMAT_LDAP, op->o_tmpmemctx )) {
551 op->o_bd->bd_info = (BackendInfo *) on->on_info;
552 send_ldap_error(op, rs, LDAP_INVALID_SYNTAX,
553 "unknown type(s) used in RDN");
556 for(i = 0; newrdn[i]; i++) {
557 AttributeDescription *ad = NULL;
558 if ( slap_bv2ad( &newrdn[i]->la_attr, &ad, &rs->sr_text )) {
559 ldap_rdnfree_x( newrdn, op->o_tmpmemctx );
560 rs->sr_err = LDAP_INVALID_SYNTAX;
561 send_ldap_result( op, rs );
564 newrdn[i]->la_private = ad;
567 for(i = 0; newrdn[i]; i++) {
568 AttributeDescription *ad = newrdn[i]->la_private;
570 for(up = ud->ignore; up; up = up->next)
571 if(ad == up->attr) break;
575 for(up = ud->attrs; up; up = up->next)
576 if(ad == up->attr) break;
579 ks += newrdn[i]->la_value.bv_len + ad->ad_cname.bv_len + 3;
583 kp = key + sprintf(key, "(|");
585 for(i = 0; newrdn[i]; i++) {
586 AttributeDescription *ad = newrdn[i]->la_private;
588 for(up = ud->ignore; up; up = up->next)
589 if(ad == up->attr) break;
593 for(up = ud->attrs; up; up = up->next)
594 if(ad == up->attr) break;
597 kp += sprintf(kp, "(%s=%s)", ad->ad_cname.bv_val,
598 newrdn[i]->la_value.bv_val);
601 kp += sprintf(kp, ")");
604 Debug(LDAP_DEBUG_TRACE, "=> unique_modrdn %s\n", key, 0, 0);
606 nop.ors_filter = str2filter_x(&nop, key);
607 ber_str2bv(key, 0, 0, &nop.ors_filterstr);
609 cb.sc_response = (slap_response*)count_attr_cb;
611 nop.o_callback = &cb;
612 nop.o_tag = LDAP_REQ_SEARCH;
613 nop.ors_scope = LDAP_SCOPE_SUBTREE;
614 nop.ors_deref = LDAP_DEREF_NEVER;
615 nop.ors_slimit = SLAP_NO_LIMIT;
616 nop.ors_tlimit = SLAP_NO_LIMIT;
617 nop.o_req_ndn = ud->dn;
618 nop.o_ndn = op->o_bd->be_rootndn;
620 rc = nop.o_bd->be_search(&nop, &nrs);
622 ldap_rdnfree_x( newrdn, op->o_tmpmemctx );
624 if(rc != LDAP_SUCCESS && rc != LDAP_NO_SUCH_OBJECT) {
625 op->o_bd->bd_info = (BackendInfo *) on->on_info;
626 send_ldap_error(op, rs, rc, "unique_modrdn search failed");
630 Debug(LDAP_DEBUG_TRACE, "=> unique_modrdn found %d records\n", uq.count, 0, 0);
633 op->o_bd->bd_info = (BackendInfo *) on->on_info;
634 send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION,
635 "some attributes not unique");
639 return(SLAP_CB_CONTINUE);
643 ** init_module is last so the symbols resolve "for free" --
644 ** it expects to be called automagically during dynamic module initialization
649 /* statically declared just after the #includes at top */
650 unique.on_bi.bi_type = "unique";
651 unique.on_bi.bi_db_init = unique_db_init;
652 unique.on_bi.bi_db_config = unique_config;
653 unique.on_bi.bi_db_open = unique_open;
654 unique.on_bi.bi_db_close = unique_close;
655 unique.on_bi.bi_op_add = unique_add;
656 unique.on_bi.bi_op_modify = unique_modify;
657 unique.on_bi.bi_op_modrdn = unique_modrdn;
658 unique.on_bi.bi_op_delete = NULL;
660 return(overlay_register(&unique));
663 #if SLAPD_OVER_UNIQUE == SLAPD_MOD_DYNAMIC && defined(PIC)
664 int init_module(int argc, char *argv[]) {
665 return unique_init();
669 #endif /* SLAPD_OVER_UNIQUE */