1 /* unique.c - attribute uniqueness module */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2004-2006 The OpenLDAP Foundation.
6 * Portions Copyright 2004 Symas Corporation.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
13 * A copy of this license is available in the file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
18 * This work was initially developed by Symas Corp. for inclusion in
19 * OpenLDAP Software. This work was sponsored by Hewlett-Packard.
24 #ifdef SLAPD_OVER_UNIQUE
28 #include <ac/string.h>
29 #include <ac/socket.h>
34 static slap_overinst unique;
36 typedef struct unique_attrs_s {
37 struct unique_attrs_s *next; /* list of attrs */
38 AttributeDescription *attr;
41 typedef struct unique_data_s {
42 const char *message; /* breadcrumbs */
43 struct unique_attrs_s *attrs; /* list of known attrs */
44 struct unique_attrs_s *ignore; /* list of ignored attrs */
45 BerValue dn; /* base of "unique tree" */
46 char strict; /* null considered unique too */
49 typedef struct unique_counter_s {
61 static ConfigDriver unique_cf_gen;
63 static ConfigTable uniquecfg[] = {
64 { "unique_base", "basedn", 2, 2, 0, ARG_DN|ARG_MAGIC|UNIQUE_BASE,
65 unique_cf_gen, "( OLcfgOvAt:10.1 NAME 'olcUniqueBase' "
66 "DESC 'Subtree for uniqueness searches' "
67 "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
68 { "unique_ignore", "attribute...", 2, 0, 0, ARG_MAGIC|UNIQUE_IGNORE,
69 unique_cf_gen, "( OLcfgOvAt:10.2 NAME 'olcUniqueIgnore' "
70 "DESC 'Attributes for which uniqueness shall not be enforced' "
71 "EQUALITY caseIgnoreMatch " /* Should use OID syntax */
72 "SYNTAX OMsDirectoryString )", NULL, NULL },
73 { "unique_attributes", "attribute...", 2, 0, 0, ARG_MAGIC|UNIQUE_ATTR,
74 unique_cf_gen, "( OLcfgOvAt:10.3 NAME 'olcUniqueAttribute' "
75 "DESC 'Attributes for which uniqueness shall be enforced' "
76 "EQUALITY caseIgnoreMatch "
77 "SYNTAX OMsDirectoryString )", NULL, NULL },
78 { "unique_strict", "on|off", 1, 2, 0,
79 ARG_ON_OFF|ARG_OFFSET|UNIQUE_STRICT,
80 (void *)offsetof(unique_data, strict),
81 "( OLcfgOvAt:10.4 NAME 'olcUniqueStrict' "
82 "DESC 'Enforce uniqueness of null values' "
83 "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
84 { NULL, NULL, 0, 0, 0, ARG_IGNORED }
87 static ConfigOCs uniqueocs[] = {
89 "NAME 'olcUniqueConfig' "
90 "DESC 'Attribute value uniqueness configuration' "
91 "SUP olcOverlayConfig "
92 "MAY ( olcUniqueBase $ olcUniqueIgnore $ "
93 "olcUniqueAttribute $ olcUniqueStrict ) )",
94 Cft_Overlay, uniquecfg },
99 unique_cf_gen( ConfigArgs *c )
101 slap_overinst *on = (slap_overinst *)c->bi;
102 unique_data *ud = (unique_data *)on->on_bi.bi_private;
103 BackendDB *be = (BackendDB *)c->be;
104 unique_attrs *up, *pup, **pupp = NULL;
105 AttributeDescription *ad;
107 int rc = ARG_BAD_CONF;
111 case SLAP_CONFIG_EMIT:
114 if ( !BER_BVISEMPTY( &ud->dn )) {
115 rc = value_add_one( &c->rvalue_vals, &ud->dn );
117 rc = value_add_one( &c->rvalue_nvals, &ud->dn );
122 /* fallthrough to UNIQUE_ATTR */
124 if ( c->type == UNIQUE_IGNORE ) up = ud->ignore;
127 value_add_one( &c->rvalue_vals,
128 &up->attr->ad_cname );
134 /* handled via ARG_OFFSET */
135 /* fallthrough to default */
140 case LDAP_MOD_DELETE:
143 /* default to the base of our configured database */
144 if ( ud->dn.bv_val ) ber_memfree ( ud->dn.bv_val );
145 ber_dupbv( &ud->dn, &be->be_nsuffix[0] );
149 /* fallthrough to UNIQUE_ATTR */
151 if ( c->type == UNIQUE_IGNORE ) pupp = &ud->ignore;
152 else pupp = &ud->attrs;
165 /* delete from linked list */
166 for ( i=0; i < c->valx; ++i ) {
167 pupp = &(*pupp)->next;
170 *pupp = (*pupp)->next;
172 /* AttributeDescriptions are global so
173 * shouldn't be freed here... */
179 /* handled via ARG_OFFSET */
180 /* fallthrough to default */
185 case SLAP_CONFIG_ADD:
186 /* fallthrough to LDAP_MOD_ADD */
190 if ( !dnIsSuffix ( &c->value_ndn,
191 &be->be_nsuffix[0] ) ) {
192 sprintf ( c->msg, "%s dn is not a suffix of backend base",
194 Debug ( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
195 "%s: %s\n", c->log, c->msg, 0 );
198 if ( ud->dn.bv_val ) ber_memfree ( ud->dn.bv_val );
199 ud->dn = c->value_ndn;
203 /* fallthrough to UNIQUE_ATTR */
206 for ( i=1; i < c->argc; ++i ) {
208 if ( slap_str2ad ( c->argv[i], &ad, &text )
212 sizeof ( unique_attrs ) );
214 if ( c->type == UNIQUE_IGNORE ) {
215 up->next = ud->ignore;
218 up->next = ud->attrs;
222 snprintf( c->msg, sizeof( c->msg ),
223 "%s <%s>: %s", c->argv[0], c->argv[i], text );
224 Debug ( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
225 "%s: %s\n", c->log, c->msg, 0 );
231 /* handled via ARG_OFFSET */
232 /* fallthrough to default */
245 ** allocate new unique_data;
246 ** initialize, copy basedn;
247 ** store in on_bi.bi_private;
251 static int unique_db_init(
255 slap_overinst *on = (slap_overinst *)be->bd_info;
256 unique_data *ud = ch_calloc(1,sizeof(unique_data));
258 /* Debug(LDAP_DEBUG_TRACE, "==> unique_init\n", 0, 0, 0); */
260 ud->message = "_init";
261 on->on_bi.bi_private = ud;
265 static int unique_db_destroy(
269 slap_overinst *on = (slap_overinst *)be->bd_info;
271 if ( on->on_bi.bi_private ) {
272 ch_free( on->on_bi.bi_private );
273 on->on_bi.bi_private = NULL;
279 ** mostly, just print the init message;
288 slap_overinst *on = (slap_overinst *)be->bd_info;
289 unique_data *ud = on->on_bi.bi_private;
290 ud->message = "_open";
292 Debug(LDAP_DEBUG_TRACE, "unique_open: overlay initialized\n", 0, 0, 0);
294 if ( BER_BVISNULL( &ud->dn )) {
295 if ( BER_BVISNULL( &be->be_nsuffix[0] ))
298 /* default to the base of our configured database */
299 ber_dupbv(&ud->dn, &be->be_nsuffix[0]);
306 ** foreach configured attribute:
317 slap_overinst *on = (slap_overinst *) be->bd_info;
318 unique_data *ud = on->on_bi.bi_private;
319 unique_attrs *ii, *ij;
320 ud->message = "_close";
322 Debug(LDAP_DEBUG_TRACE, "==> unique_close\n", 0, 0, 0);
324 for(ii = ud->attrs; ii; ii = ij) {
329 for(ii = ud->ignore; ii; ii = ij) {
334 ch_free(ud->dn.bv_val);
336 memset( ud, 0, sizeof(*ud));
344 ** if this is a REP_SEARCH, count++;
348 static int count_attr_cb(
355 /* because you never know */
356 if(!op || !rs) return(0);
358 /* Only search entries are interesting */
359 if(rs->sr_type != REP_SEARCH) return(0);
361 uc = op->o_callback->sc_private;
363 /* Ignore the current entry */
364 if ( dn_match( uc->ndn, &rs->sr_entry->e_nname )) return(0);
366 Debug(LDAP_DEBUG_TRACE, "==> count_attr_cb <%s>\n",
367 rs->sr_entry ? rs->sr_entry->e_name.bv_val : "UNKNOWN_DN", 0, 0);
374 static int count_filter_len(
376 AttributeDescription *ad,
384 while ( !is_at_operational( ad->ad_type ) ) {
386 for ( up = ud->ignore; up; up = up->next ) {
387 if (ad == up->attr ) {
396 for ( up = ud->attrs; up; up = up->next ) {
397 if ( ad == up->attr ) {
405 if ( b && b[0].bv_val ) {
406 for (i = 0; b[i].bv_val; i++ ) {
407 /* note: make room for filter escaping... */
408 ks += ( 3 * b[i].bv_len ) + ad->ad_cname.bv_len + STRLENOF( "(=)" );
410 } else if ( ud->strict ) {
411 ks += ad->ad_cname.bv_len + STRLENOF( "(=*)" ); /* (attr=*) */
418 static char *build_filter(
420 AttributeDescription *ad,
429 while ( !is_at_operational( ad->ad_type ) ) {
431 for ( up = ud->ignore; up; up = up->next ) {
432 if ( ad == up->attr ) {
441 for ( up = ud->attrs; up; up = up->next ) {
442 if ( ad == up->attr ) {
450 if ( b && b[0].bv_val ) {
451 for ( i = 0; b[i].bv_val; i++ ) {
454 ldap_bv2escaped_filter_value_x( &b[i], &bv, 1, ctx );
455 kp += sprintf( kp, "(%s=%s)", ad->ad_cname.bv_val, bv.bv_val );
456 if ( bv.bv_val != b[i].bv_val ) {
457 ber_memfree_x( bv.bv_val, ctx );
460 } else if ( ud->strict ) {
461 kp += sprintf( kp, "(%s=*)", ad->ad_cname.bv_val );
468 static int unique_search(
475 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
476 unique_data *ud = on->on_bi.bi_private;
477 SlapReply nrs = { REP_RESULT };
478 slap_callback cb = { NULL, NULL, NULL, NULL }; /* XXX */
479 unique_counter uq = { NULL, 0 };
482 nop->ors_filter = str2filter_x(nop, key);
483 ber_str2bv(key, 0, 0, &nop->ors_filterstr);
485 cb.sc_response = (slap_response*)count_attr_cb;
487 nop->o_callback = &cb;
488 nop->o_tag = LDAP_REQ_SEARCH;
489 nop->ors_scope = LDAP_SCOPE_SUBTREE;
490 nop->ors_deref = LDAP_DEREF_NEVER;
491 nop->ors_limit = NULL;
492 nop->ors_slimit = SLAP_NO_LIMIT;
493 nop->ors_tlimit = SLAP_NO_LIMIT;
494 nop->ors_attrs = slap_anlist_no_attrs;
495 nop->ors_attrsonly = 1;
497 uq.ndn = &op->o_req_ndn;
499 nop->o_req_ndn = ud->dn;
500 nop->o_ndn = op->o_bd->be_rootndn;
502 nop->o_bd = on->on_info->oi_origdb;
503 rc = nop->o_bd->be_search(nop, &nrs);
504 filter_free_x(nop, nop->ors_filter);
505 op->o_tmpfree( key, op->o_tmpmemctx );
507 if(rc != LDAP_SUCCESS && rc != LDAP_NO_SUCH_OBJECT) {
508 op->o_bd->bd_info = (BackendInfo *) on->on_info;
509 send_ldap_error(op, rs, rc, "unique_search failed");
513 Debug(LDAP_DEBUG_TRACE, "=> unique_search found %d records\n", uq.count, 0, 0);
516 op->o_bd->bd_info = (BackendInfo *) on->on_info;
517 send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION,
518 "some attributes not unique");
522 return(SLAP_CB_CONTINUE);
525 #define ALLOC_EXTRA 16 /* extra slop */
527 static int unique_add(
532 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
533 unique_data *ud = on->on_bi.bi_private;
540 Debug(LDAP_DEBUG_TRACE, "==> unique_add <%s>\n", op->o_req_dn.bv_val, 0, 0);
542 if ( !dnIsSuffix( &op->o_req_ndn, &ud->dn ))
543 return SLAP_CB_CONTINUE;
546 ** count everything first;
547 ** allocate some memory;
548 ** write the search key;
552 if(!(a = op->ora_e->e_attrs)) {
553 op->o_bd->bd_info = (BackendInfo *) on->on_info;
554 send_ldap_error(op, rs, LDAP_INVALID_SYNTAX,
555 "unique_add() got null op.ora_e.e_attrs");
557 } else for(; a; a = a->a_next) {
558 ks = count_filter_len(ud, a->a_desc, a->a_vals, ks);
562 return SLAP_CB_CONTINUE;
565 key = op->o_tmpalloc(ks, op->o_tmpmemctx);
567 kp = key + sprintf(key, "(|");
569 for(a = op->ora_e->e_attrs; a; a = a->a_next) {
570 kp = build_filter(ud, a->a_desc, a->a_vals, kp, op->o_tmpmemctx);
575 Debug(LDAP_DEBUG_TRACE, "=> unique_add %s\n", key, 0, 0);
577 return unique_search(op, &nop, rs, key);
581 static int unique_modify(
586 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
587 unique_data *ud = on->on_bi.bi_private;
594 Debug(LDAP_DEBUG_TRACE, "==> unique_modify <%s>\n", op->o_req_dn.bv_val, 0, 0);
596 if ( !dnIsSuffix( &op->o_req_ndn, &ud->dn ))
597 return SLAP_CB_CONTINUE;
600 ** count everything first;
601 ** allocate some memory;
602 ** write the search key;
606 if(!(m = op->orm_modlist)) {
607 op->o_bd->bd_info = (BackendInfo *) on->on_info;
608 send_ldap_error(op, rs, LDAP_INVALID_SYNTAX,
609 "unique_modify() got null op.orm_modlist");
611 } else for(; m; m = m->sml_next) {
612 if ((m->sml_op & LDAP_MOD_OP) == LDAP_MOD_DELETE) continue;
613 ks = count_filter_len(ud, m->sml_desc, m->sml_values, ks);
617 return SLAP_CB_CONTINUE;
620 key = op->o_tmpalloc(ks, op->o_tmpmemctx);
622 kp = key + sprintf(key, "(|");
624 for(m = op->orm_modlist; m; m = m->sml_next) {
625 if ((m->sml_op & LDAP_MOD_OP) == LDAP_MOD_DELETE) continue;
626 kp = build_filter(ud, m->sml_desc, m->sml_values, kp, op->o_tmpmemctx);
631 Debug(LDAP_DEBUG_TRACE, "=> unique_modify %s\n", key, 0, 0);
633 return unique_search(op, &nop, rs, key);
637 static int unique_modrdn(
642 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
643 unique_data *ud = on->on_bi.bi_private;
651 Debug(LDAP_DEBUG_TRACE, "==> unique_modrdn <%s> <%s>\n",
652 op->o_req_dn.bv_val, op->orr_newrdn.bv_val, 0);
654 if ( !dnIsSuffix( &op->o_req_ndn, &ud->dn ) &&
655 (!op->orr_nnewSup || !dnIsSuffix( op->orr_nnewSup, &ud->dn )))
656 return SLAP_CB_CONTINUE;
658 if(ldap_bv2rdn_x(&op->oq_modrdn.rs_newrdn, &newrdn,
659 (char **)&rs->sr_text, LDAP_DN_FORMAT_LDAP, op->o_tmpmemctx )) {
660 op->o_bd->bd_info = (BackendInfo *) on->on_info;
661 send_ldap_error(op, rs, LDAP_INVALID_SYNTAX,
662 "unknown type(s) used in RDN");
665 for(i = 0; newrdn[i]; i++) {
666 AttributeDescription *ad = NULL;
667 if ( slap_bv2ad( &newrdn[i]->la_attr, &ad, &rs->sr_text )) {
668 ldap_rdnfree_x( newrdn, op->o_tmpmemctx );
669 rs->sr_err = LDAP_INVALID_SYNTAX;
670 send_ldap_result( op, rs );
673 newrdn[i]->la_private = ad;
679 for(i = 0; newrdn[i]; i++) {
680 bv[0] = newrdn[i]->la_value;
681 ks = count_filter_len(ud, newrdn[i]->la_private, bv, ks);
685 return SLAP_CB_CONTINUE;
688 key = op->o_tmpalloc(ks, op->o_tmpmemctx);
689 kp = key + sprintf(key, "(|");
691 for(i = 0; newrdn[i]; i++) {
692 bv[0] = newrdn[i]->la_value;
693 kp = build_filter(ud, newrdn[i]->la_private, bv, kp, op->o_tmpmemctx);
698 Debug(LDAP_DEBUG_TRACE, "=> unique_modrdn %s\n", key, 0, 0);
700 return unique_search(op, &nop, rs, key);
704 ** init_module is last so the symbols resolve "for free" --
705 ** it expects to be called automagically during dynamic module initialization
708 int unique_initialize() {
711 /* statically declared just after the #includes at top */
712 unique.on_bi.bi_type = "unique";
713 unique.on_bi.bi_db_init = unique_db_init;
714 unique.on_bi.bi_db_destroy = unique_db_destroy;
715 unique.on_bi.bi_db_open = unique_open;
716 unique.on_bi.bi_db_close = unique_close;
717 unique.on_bi.bi_op_add = unique_add;
718 unique.on_bi.bi_op_modify = unique_modify;
719 unique.on_bi.bi_op_modrdn = unique_modrdn;
720 unique.on_bi.bi_op_delete = NULL;
722 unique.on_bi.bi_cf_ocs = uniqueocs;
723 rc = config_register_schema( uniquecfg, uniqueocs );
726 return(overlay_register(&unique));
729 #if SLAPD_OVER_UNIQUE == SLAPD_MOD_DYNAMIC && defined(PIC)
730 int init_module(int argc, char *argv[]) {
731 return unique_initialize();
735 #endif /* SLAPD_OVER_UNIQUE */