/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2005 The OpenLDAP Foundation.
+ * Copyright 2003-2006 The OpenLDAP Foundation.
* Portions Copyright 2003 Howard Chu.
* All rights reserved.
*
typedef struct ldap_chain_t {
/*
- * TODO: create a template ldapinfo_t that gets all common
- * configuration items; then for each configured URI create
- * an entry in this tree; all the specific configuration
- * items get in the current URI structure.
+ * A "template" ldapinfo_t gets all common configuration items;
+ * then, for each configured URI, an entry is created in the tree;
+ * all the specific configuration items get in the current URI
+ * structure.
*
* Then, for each referral, extract the URI and lookup the
* related structure. If configured to do so, allow URIs
* that chains anonymously; maybe it can also be added to
* the tree? Should be all configurable.
*/
- /* tree of configured[/generated] "uri" info */
- int lc_lai_count;
- ldap_avl_info_t lc_lai;
+
+ /* "common" configuration info (anything occurring before an "uri") */
+ ldapinfo_t *lc_common_li;
/* current configuration info */
ldapinfo_t *lc_cfg_li;
- /* "common" configuration info (all occurring before an "uri") */
- ldapinfo_t *lc_common_li;
+
+ /* tree of configured[/generated?] "uri" info */
+ ldap_avl_info_t lc_lai;
unsigned lc_flags;
#define LDAP_CHAIN_F_NONE (0x00U)
#define LDAP_CHAIN_F_CHAINING (0x01U)
-#define LDAP_CHAIN_F_CACHE_INFO (0x10U)
+#define LDAP_CHAIN_F_CACHE_URI (0x10U)
+
+#define LDAP_CHAIN_CHAINING( lc ) ( ( (lc)->lc_flags & LDAP_CHAIN_F_CHAINING ) == LDAP_CHAIN_F_CHAINING )
+#define LDAP_CHAIN_CACHE_URI( lc ) ( ( (lc)->lc_flags & LDAP_CHAIN_F_CACHE_URI ) == LDAP_CHAIN_F_CACHE_URI )
#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
LDAPControl lc_chaining_ctrl;
#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
} ldap_chain_t;
+static int ldap_chain_db_init_common( BackendDB *be );
static int ldap_chain_db_init_one( BackendDB *be );
+#define ldap_chain_db_open_one(be) (lback)->bi_db_open( (be) )
+#define ldap_chain_db_close_one(be) (0)
+#define ldap_chain_db_destroy_one(be) (lback)->bi_db_destroy( (be) )
#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
static int
*oldctrlsp = op->o_ctrls;
/* default chaining control not defined */
- if ( !( lc->lc_flags & LDAP_CHAIN_F_CHAINING ) ) {
+ if ( !LDAP_CHAIN_CHAINING( lc ) ) {
return 0;
}
return 0;
}
-static int
-ldap_chain_operational( Operation *op, SlapReply *rs )
-{
- /* Trap entries generated by back-ldap.
- *
- * FIXME: we need a better way to recognize them; a cleaner
- * solution would be to be able to intercept the response
- * of be_operational(), so that we can divert only those
- * calls that fail because operational attributes were
- * requested for entries that do not belong to the underlying
- * database. This fix is likely to intercept also entries
- * generated by back-perl and so. */
- if ( rs->sr_entry->e_private == NULL ) {
- return 0;
- }
-
- return SLAP_CB_CONTINUE;
-}
-
/*
* Search specific response that strips entryDN from entries
*/
break;
}
}
+
+ /* tell the frontend not to add generated
+ * operational attributes */
+ rs->sr_flags |= REP_NO_OPERATIONALS;
return SLAP_CB_CONTINUE;
ldap_chain_op(
Operation *op,
SlapReply *rs,
- int ( *op_f )( Operation *op, SlapReply *rs ),
+ BI_op_func *op_f,
BerVarray ref )
{
slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
ldap_chain_t *lc = (ldap_chain_t *)on->on_bi.bi_private;
- ldapinfo_t li = *lc->lc_common_li, *lip = NULL;
+ ldapinfo_t li = { 0 }, *lip = NULL;
struct berval bvuri[ 2 ] = { { 0 } };
/* NOTE: returned if ref is empty... */
lip = (ldapinfo_t *)op->o_bd->be_private;
lip->li_uri = li.li_uri;
lip->li_bvuri = bvuri;
- rc = lback->bi_db_open( op->o_bd );
+ rc = ldap_chain_db_open_one( op->o_bd );
if ( rc != 0 ) {
- (void)lback->bi_db_destroy( op->o_bd );
+ (void)ldap_chain_db_destroy_one( op->o_bd );
goto cleanup;
}
- temporary = 1;
+
+ if ( LDAP_CHAIN_CACHE_URI( lc ) ) {
+ ldap_pvt_thread_mutex_lock( &lc->lc_lai.lai_mutex );
+ if ( avl_insert( &lc->lc_lai.lai_tree,
+ (caddr_t)lip, ldap_chain_uri_cmp, ldap_chain_uri_dup ) )
+ {
+ /* someone just inserted another;
+ * don't bother, use this and then
+ * just free it */
+ temporary = 1;
+ }
+ ldap_pvt_thread_mutex_unlock( &lc->lc_lai.lai_mutex );
+
+ } else {
+ temporary = 1;
+ }
}
- rc = ( *op_f )( op, rs );
+ rc = op_f( op, rs );
cleanup:;
ldap_memfree( li.li_uri );
if ( temporary ) {
lip->li_uri = NULL;
lip->li_bvuri = NULL;
-#if 0 /* does not exist yet */
- (void)lback->bi_db_close( op->o_bd );
-#endif
- (void)lback->bi_db_destroy( op->o_bd );
+ (void)ldap_chain_db_close_one( op->o_bd );
+ (void)ldap_chain_db_destroy_one( op->o_bd );
}
if ( rc == LDAP_SUCCESS && rs->sr_err == LDAP_SUCCESS ) {
BerVarray ref;
struct berval ndn = op->o_ndn;
-#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
int sr_err = rs->sr_err;
slap_reply_t sr_type = rs->sr_type;
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
slap_mask_t chain_mask = 0;
ber_len_t chain_shift = 0;
#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
case LDAP_REQ_SEARCH:
if ( rs->sr_type == REP_SEARCHREF ) {
ldap_chain_t *lc = (ldap_chain_t *)on->on_bi.bi_private;
- ldapinfo_t li = *lc->lc_common_li, *lip = NULL;
+ ldapinfo_t li = { 0 }, *lip = NULL;
struct berval bvuri[ 2 ] = { { 0 } };
struct berval *curr = ref,
lip = (ldapinfo_t *)op->o_bd->be_private;
lip->li_uri = li.li_uri;
lip->li_bvuri = bvuri;
- rc = lback->bi_db_open( op->o_bd );
+ rc = ldap_chain_db_open_one( op->o_bd );
if ( rc != 0 ) {
- (void)lback->bi_db_destroy( op->o_bd );
+ (void)ldap_chain_db_destroy_one( op->o_bd );
goto cleanup;
}
- temporary = 1;
+
+ if ( LDAP_CHAIN_CACHE_URI( lc ) ) {
+ ldap_pvt_thread_mutex_lock( &lc->lc_lai.lai_mutex );
+ if ( avl_insert( &lc->lc_lai.lai_tree,
+ (caddr_t)lip, ldap_chain_uri_cmp, ldap_chain_uri_dup ) )
+ {
+ /* someone just inserted another;
+ * don't bother, use this and then
+ * just free it */
+ temporary = 1;
+ }
+ ldap_pvt_thread_mutex_unlock( &lc->lc_lai.lai_mutex );
+
+ } else {
+ temporary = 1;
+ }
}
/* FIXME: should we also copy filter and scope?
if ( temporary ) {
lip->li_uri = NULL;
lip->li_bvuri = NULL;
-#if 0 /* does not exist yet */
- (void)lback->bi_db_close( op->o_bd );
-#endif
- (void)lback->bi_db_destroy( op->o_bd );
+ (void)ldap_chain_db_close_one( op->o_bd );
+ (void)ldap_chain_db_destroy_one( op->o_bd );
}
if ( rc == LDAP_SUCCESS && rs->sr_err == LDAP_SUCCESS ) {
}
} else {
- rc = ldap_chain_op( op, rs, lback->bi_op_search, ref );
+ /* we might get here before any database actually
+ * performed a search; in those cases, we need
+ * to check limits, to make sure safe defaults
+ * are in place */
+ if ( op->ors_limit != NULL || limits_check( op, rs ) == 0 ) {
+ rc = ldap_chain_op( op, rs, lback->bi_op_search, ref );
+
+ } else {
+ rc = SLAP_CB_CONTINUE;
+ }
}
break;
/* FIXME: ldap_back_extended() by design
* doesn't send result; frontend is expected
* to send it... */
- /* FIXME: what aboit chaining? */
+ /* FIXME: what about chaining? */
if ( rc != SLAPD_ABANDON ) {
send_ldap_extended( op, rs );
rc = LDAP_SUCCESS;
case LDAP_SUCCESS:
case LDAP_REFERRAL:
/* slapd-ldap sent response */
- assert( sc2.sc_private == LDAP_CH_RES );
+ if ( !op->o_abandon && sc2.sc_private != LDAP_CH_RES ) {
+ /* FIXME: should we send response? */
+ Debug( LDAP_DEBUG_ANY,
+ "%s: ldap_chain_response: "
+ "overlay should have sent result.\n",
+ op->o_log_prefix, 0, 0 );
+ }
break;
default:
send_ldap_result( op, rs );
}
-#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
dont_chain:;
-#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
rs->sr_err = sr_err;
rs->sr_type = sr_type;
rs->sr_matched = matched;
*/
enum {
- PC_CHAINING = 1
+ CH_CHAINING = 1,
+ CH_CACHE_URI = 2,
+
+ CH_LAST
};
-#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
static ConfigDriver chain_cf_gen;
-#endif
static ConfigCfAdd chain_cfadd;
static ConfigLDAPadd chain_ldadd;
static ConfigTable chaincfg[] = {
#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
{ "chain-chaining", "args",
- 2, 4, 0, ARG_MAGIC|ARG_BERVAL|PC_CHAINING, chain_cf_gen,
+ 2, 4, 0, ARG_MAGIC|ARG_BERVAL|CH_CHAINING, chain_cf_gen,
"( OLcfgOvAt:3.1 NAME 'olcChainingBehavior' "
"DESC 'Chaining behavior control parameters (draft-sermersheim-ldap-chaining)' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+ { "chain-cache-uri", "TRUE/FALSE",
+ 2, 2, 0, ARG_MAGIC|ARG_ON_OFF|CH_CACHE_URI, chain_cf_gen,
+ "( OLcfgOvAt:3.2 NAME 'olcCacheURI' "
+ "DESC 'Enables caching of URIs not present in configuration' "
+ "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
};
static ConfigOCs chainocs[] = {
-#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
{ "( OLcfgOvOc:3.1 "
"NAME 'olcChainConfig' "
"DESC 'Chain configuration' "
"SUP olcOverlayConfig "
- "MAY olcChainingBehavior )", Cft_Overlay, chaincfg, NULL, chain_cfadd },
-#endif
+ "MAY ( "
+#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
+ "olcChainingBehavior $ "
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+ "olcCacheURI "
+ ") )",
+ Cft_Overlay, chaincfg, NULL, chain_cfadd },
{ "( OLcfgOvOc:3.2 "
"NAME 'olcChainDatabase' "
"DESC 'Chain remote server configuration' "
- "AUXILIARY )", Cft_Misc, chaincfg, chain_ldadd },
+ "AUXILIARY )",
+ Cft_Misc, chaincfg, chain_ldadd },
{ NULL, 0, NULL }
};
static int
chain_ldadd( CfEntryInfo *p, Entry *e, ConfigArgs *ca )
{
+ slap_overinst *on;
+ ldap_chain_t *lc;
+
+ ldapinfo_t *li;
+
+ AttributeDescription *ad = NULL;
+ Attribute *at;
+ const char *text;
+
+ int rc;
+
if ( p->ce_type != Cft_Overlay
|| !p->ce_bi
|| p->ce_bi->bi_cf_ocs != chainocs )
return LDAP_CONSTRAINT_VIOLATION;
}
- return LDAP_SUCCESS;
+ on = (slap_overinst *)p->ce_bi;
+ lc = (ldap_chain_t *)on->on_bi.bi_private;
+
+ assert( ca->be == NULL );
+ ca->be = (BackendDB *)ch_calloc( 1, sizeof( BackendDB ) );
+
+ ca->be->bd_info = (BackendInfo *)on;
+
+ rc = slap_str2ad( "olcDbURI", &ad, &text );
+ assert( rc == LDAP_SUCCESS );
+
+ at = attr_find( e->e_attrs, ad );
+ if ( lc->lc_common_li == NULL && at != NULL ) {
+ /* FIXME: we should generate an empty default entry
+ * if none is supplied */
+ Debug( LDAP_DEBUG_ANY, "slapd-chain: "
+ "first underlying database \"%s\" "
+ "cannot contain attribute \"%s\".\n",
+ e->e_name.bv_val, ad->ad_cname.bv_val, 0 );
+ rc = LDAP_CONSTRAINT_VIOLATION;
+ goto done;
+
+ } else if ( lc->lc_common_li != NULL && at == NULL ) {
+ /* FIXME: we should generate an empty default entry
+ * if none is supplied */
+ Debug( LDAP_DEBUG_ANY, "slapd-chain: "
+ "subsequent underlying database \"%s\" "
+ "must contain attribute \"%s\".\n",
+ e->e_name.bv_val, ad->ad_cname.bv_val, 0 );
+ rc = LDAP_CONSTRAINT_VIOLATION;
+ goto done;
+ }
+
+ if ( lc->lc_common_li == NULL ) {
+ rc = ldap_chain_db_init_common( ca->be );
+
+ } else {
+ rc = ldap_chain_db_init_one( ca->be );
+ }
+
+ if ( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY, "slapd-chain: "
+ "unable to init %sunderlying database \"%s\".\n",
+ lc->lc_common_li == NULL ? "common " : "", e->e_name.bv_val, 0 );
+ return LDAP_CONSTRAINT_VIOLATION;
+ }
+
+ li = ca->be->be_private;
+
+ if ( lc->lc_common_li == NULL ) {
+ lc->lc_common_li = li;
+
+ } else if ( avl_insert( &lc->lc_lai.lai_tree, (caddr_t)li,
+ ldap_chain_uri_cmp, ldap_chain_uri_dup ) )
+ {
+ Debug( LDAP_DEBUG_ANY, "slapd-chain: "
+ "database \"%s\" insert failed.\n",
+ e->e_name.bv_val, 0, 0 );
+ rc = LDAP_CONSTRAINT_VIOLATION;
+ goto done;
+ }
+
+done:;
+ if ( rc != LDAP_SUCCESS ) {
+ (void)ldap_chain_db_destroy_one( ca->be );
+ ch_free( ca->be );
+ ca->be = NULL;
+ }
+
+ return rc;
}
typedef struct ldap_chain_cfadd_apply_t {
lca.rs = rs;
lca.p = p;
lca.ca = ca;
- lca.count = -1;
+ lca.count = 0;
(void)ldap_chain_cfadd_apply( (void *)lc->lc_common_li, (void *)&lca );
}
#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
-
static slap_verbmasks chaining_mode[] = {
{ BER_BVC("referralsRequired"), LDAP_REFERRALS_REQUIRED },
{ BER_BVC("referralsPreferred"), LDAP_REFERRALS_PREFERRED },
{ BER_BVC("chainingPreferred"), LDAP_CHAINING_PREFERRED },
{ BER_BVNULL, 0 }
};
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
static int
chain_cf_gen( ConfigArgs *c )
{
slap_overinst *on = (slap_overinst *)c->bi;
-#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
ldap_chain_t *lc = (ldap_chain_t *)on->on_bi.bi_private;
-#endif
int rc = 0;
if ( c->op == SLAP_CONFIG_EMIT ) {
switch( c->type ) {
#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
- case PC_CHAINING: {
+ case CH_CHAINING: {
struct berval resolve = BER_BVNULL,
continuation = BER_BVNULL;
- if ( !( lc->lc_flags & LDAP_CHAIN_F_CHAINING ) ) {
+ if ( !LDAP_CHAIN_CHAINING( lc ) ) {
return 1;
}
}
#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+ case CH_CACHE_URI:
+ c->value_int = LDAP_CHAIN_CACHE_URI( lc );
+ break;
+
default:
assert( 0 );
rc = 1;
return rc;
} else if ( c->op == LDAP_MOD_DELETE ) {
- return 1; /* FIXME */
-#if 0
switch( c->type ) {
- case PC_ATTR:
- case PC_TEMP:
+ case CH_CHAINING:
+ return 1;
+
+ case CH_CACHE_URI:
+ lc->lc_flags &= ~LDAP_CHAIN_F_CACHE_URI;
+ break;
+
+ default:
+ return 1;
}
return rc;
-#endif
}
switch( c->type ) {
+ case CH_CHAINING: {
#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
- case PC_CHAINING: {
char **argv = c->argv;
int argc = c->argc;
BerElementBuffer berbuf;
if ( strncasecmp( argv[ 0 ], "resolve=", STRLENOF( "resolve=" ) ) == 0 ) {
resolve = str2chain( argv[ 0 ] + STRLENOF( "resolve=" ) );
if ( resolve == -1 ) {
- fprintf( stderr, "%s line %d: "
+ Debug( LDAP_DEBUG_ANY, "%s: "
"illegal <resolve> value %s "
- "in \"chain-chaining>\"\n",
- c->fname, c->lineno, argv[ 0 ] );
+ "in \"chain-chaining>\".\n",
+ c->log, argv[ 0 ], 0 );
return 1;
}
} else if ( strncasecmp( argv[ 0 ], "continuation=", STRLENOF( "continuation=" ) ) == 0 ) {
continuation = str2chain( argv[ 0 ] + STRLENOF( "continuation=" ) );
if ( continuation == -1 ) {
- fprintf( stderr, "%s line %d: "
+ Debug( LDAP_DEBUG_ANY, "%s: "
"illegal <continuation> value %s "
- "in \"chain-chaining\"\n",
- c->fname, c->lineno, argv[ 0 ] );
+ "in \"chain-chaining\".\n",
+ c->log, argv[ 0 ], 0 );
return 1;
}
iscritical = 1;
} else {
- fprintf( stderr, "%s line %d: "
- "unknown option in \"chain-chaining\"\n",
- c->fname, c->lineno );
+ Debug( LDAP_DEBUG_ANY, "%s: "
+ "unknown option in \"chain-chaining\".\n",
+ c->log, 0, 0 );
return 1;
}
}
err = ber_printf( ber, "{e" /* } */, resolve );
if ( err == -1 ) {
ber_free( ber, 1 );
- fprintf( stderr, "%s line %d: "
+ Debug( LDAP_DEBUG_ANY, "%s: "
"chaining behavior control encoding error!\n",
- c->fname, c->lineno );
+ c->log, 0, 0 );
return 1;
}
err = ber_printf( ber, "e", continuation );
if ( err == -1 ) {
ber_free( ber, 1 );
- fprintf( stderr, "%s line %d: "
+ Debug( LDAP_DEBUG_ANY, "%s: "
"chaining behavior control encoding error!\n",
- c->fname, c->lineno );
+ c->log, 0, 0 );
return 1;
}
}
err = ber_printf( ber, /* { */ "N}" );
if ( err == -1 ) {
ber_free( ber, 1 );
- fprintf( stderr, "%s line %d: "
+ Debug( LDAP_DEBUG_ANY, "%s: "
"chaining behavior control encoding error!\n",
- c->fname, c->lineno );
+ c->log, 0, 0 );
return 1;
}
if ( ldap_chain_parse_ctrl( &op, &rs, &lc->lc_chaining_ctrl ) != LDAP_SUCCESS )
{
- fprintf( stderr, "%s line %d: "
- "unable to parse chaining control%s%s\n",
- c->fname, c->lineno,
- rs.sr_text ? ": " : "",
+ Debug( LDAP_DEBUG_ANY, "%s: "
+ "unable to parse chaining control%s%s.\n",
+ c->log, rs.sr_text ? ": " : "",
rs.sr_text ? rs.sr_text : "" );
return 1;
}
lc->lc_flags |= LDAP_CHAIN_F_CHAINING;
rc = 0;
+#else /* ! LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+ Debug( LDAP_DEBUG_ANY, "%s: "
+ "\"chaining\" control unsupported (ignored).\n",
+ c->log, 0, 0 );
+#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
+ } break;
+ case CH_CACHE_URI:
+ if ( c->value_int ) {
+ lc->lc_flags |= LDAP_CHAIN_F_CACHE_URI;
+ } else {
+ lc->lc_flags &= ~LDAP_CHAIN_F_CACHE_URI;
+ }
break;
- }
-#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
default:
assert( 0 );
return rc;
}
-#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
-
static int
ldap_chain_db_init(
BackendDB *be )
{
slap_overinst *on = (slap_overinst *)be->bd_info;
ldap_chain_t *lc = NULL;
- int rc;
- BackendDB bd = *be;
if ( lback == NULL ) {
lback = backend_info( "ldap" );
if ( lback == NULL ) {
- return -1;
+ return 1;
}
}
lc = ch_malloc( sizeof( ldap_chain_t ) );
+ if ( lc == NULL ) {
+ return 1;
+ }
memset( lc, 0, sizeof( ldap_chain_t ) );
+ ldap_pvt_thread_mutex_init( &lc->lc_lai.lai_mutex );
- bd.be_private = NULL;
- rc = lback->bi_db_init( &bd );
- lc->lc_cfg_li = lc->lc_common_li = (ldapinfo_t *)bd.be_private;
on->on_bi.bi_private = (void *)lc;
- return rc;
+ return 0;
}
static int
int rc = SLAP_CONF_UNKNOWN;
- /* Something for the cache database? */
+ if ( lc->lc_common_li == NULL ) {
+ void *be_private = be->be_private;
+ ldap_chain_db_init_common( be );
+ lc->lc_common_li = lc->lc_cfg_li = (ldapinfo_t *)be->be_private;
+ be->be_private = be_private;
+ }
+
+ /* Something for the chain database? */
if ( strncasecmp( argv[ 0 ], "chain-", STRLENOF( "chain-" ) ) == 0 ) {
char *save_argv0 = argv[ 0 ];
- BackendInfo *bd_info = bd_info;
+ BackendInfo *bd_info = be->bd_info;
void *be_private = be->be_private;
ConfigOCs *be_cf_ocs = be->be_cf_ocs;
- int is_uri = 0;
+ static char *allowed_argv[] = {
+ /* special: put URI here, so in the meanwhile
+ * it detects whether a new URI is being provided */
+ "uri",
+ "nretries",
+ "timeout",
+ /* flags */
+ "tls",
+ /* FIXME: maybe rebind-as-user should be allowed
+ * only within known URIs... */
+ "rebind-as-user",
+ "chase-referrals",
+ "t-f-support",
+ "proxy-whoami",
+ NULL
+ };
+ int which_argv = -1;
argv[ 0 ] += STRLENOF( "chain-" );
- /* TODO: create a new structure and, after parsing the URI,
- * put it in the lc->lc_lai tree */
- if ( strcasecmp( argv[ 0 ], "uri" ) == 0 ) {
+ for ( which_argv = 0; allowed_argv[ which_argv ]; which_argv++ ) {
+ if ( strcasecmp( argv[ 0 ], allowed_argv[ which_argv ] ) == 0 ) {
+ break;
+ }
+ }
+
+ if ( allowed_argv[ which_argv ] == NULL ) {
+ which_argv = -1;
+
+ if ( lc->lc_cfg_li == lc->lc_common_li ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "\"%s\" only allowed within a URI directive.\n.",
+ fname, lineno, argv[ 0 ] );
+ return 1;
+ }
+ }
+
+ if ( which_argv == 0 ) {
rc = ldap_chain_db_init_one( be );
if ( rc != 0 ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "underlying slapd-ldap initialization failed\n.",
+ "underlying slapd-ldap initialization failed.\n.",
fname, lineno, 0 );
return 1;
}
lc->lc_cfg_li = be->be_private;
- is_uri = 1;
}
+ /* TODO: add checks on what other slapd-ldap(5) args
+ * should be put in the template; this is not quite
+ * harmful, because attributes that shouldn't don't
+ * get actually used, but the user should at least
+ * be warned.
+ */
+
be->bd_info = lback;
be->be_private = (void *)lc->lc_cfg_li;
be->be_cf_ocs = lback->bi_cf_ocs;
be->be_private = be_private;
be->bd_info = bd_info;
- if ( is_uri ) {
+ if ( which_argv == 0 ) {
private_destroy:;
if ( rc != 0 ) {
BackendDB db = *be;
db.bd_info = lback;
db.be_private = (void *)lc->lc_cfg_li;
- lback->bi_db_destroy( &db );
+ ldap_chain_db_destroy_one( &db );
lc->lc_cfg_li = NULL;
} else {
if ( lc ) {
BI_db_func *func = (&lback->bi_db_open)[ which ];
- if ( func != NULL ) {
+ if ( func != NULL && lc->lc_common_li != NULL ) {
BackendDB db = *be;
db.bd_info = lback;
ldap_chain_db_open(
BackendDB *be )
{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ ldap_chain_t *lc = (ldap_chain_t *)on->on_bi.bi_private;
+
#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
int rc = 0;
}
#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
- /* FIXME: right now slapd-ldap has no open function;
- * in case one is introduced, this needs be fixed */
+ if ( lc->lc_common_li == NULL ) {
+ void *be_private = be->be_private;
+ ldap_chain_db_init_common( be );
+ lc->lc_common_li = lc->lc_cfg_li = (ldapinfo_t *)be->be_private;
+ be->be_private = be_private;
+ }
return ldap_chain_db_func( be, db_open );
}
rc = ldap_chain_db_func( be, db_destroy );
if ( lc ) {
+ avl_free( lc->lc_lai.lai_tree, NULL );
+ ldap_pvt_thread_mutex_destroy( &lc->lc_lai.lai_mutex );
ch_free( lc );
}
return rc;
}
+/*
+ * inits one instance of the slapd-ldap backend, and stores
+ * the private info in be_private of the arg
+ */
+static int
+ldap_chain_db_init_common(
+ BackendDB *be )
+{
+ BackendInfo *bi = be->bd_info;
+ int t;
+
+ be->bd_info = lback;
+ be->be_private = NULL;
+ t = lback->bi_db_init( be );
+ if ( t != 0 ) {
+ return t;
+ }
+ be->bd_info = bi;
+
+ return 0;
+}
+
+/*
+ * inits one instance of the slapd-ldap backend, stores
+ * the private info in be_private of the arg and fills
+ * selected fields with data from the template.
+ *
+ * NOTE: add checks about the other fields of the template,
+ * which are ignored and SHOULD NOT be configured by the user.
+ */
static int
ldap_chain_db_init_one(
BackendDB *be )
slap_overinst *on = (slap_overinst *)be->bd_info;
ldap_chain_t *lc = (ldap_chain_t *)on->on_bi.bi_private;
- BackendDB db = *be;
- int t;
+ BackendInfo *bi = be->bd_info;
ldapinfo_t *li;
- db.bd_info = lback;
- db.be_private = NULL;
- t = lback->bi_db_init( &db );
+ int t;
+
+ be->bd_info = lback;
+ be->be_private = NULL;
+ t = lback->bi_db_init( be );
if ( t != 0 ) {
return t;
}
- li = (ldapinfo_t *)db.be_private;
+ li = (ldapinfo_t *)be->be_private;
/* copy common data */
li->li_nretries = lc->lc_common_li->li_nretries;
for ( t = 0; t < LDAP_BACK_OP_LAST; t++ ) {
li->li_timeout[ t ] = lc->lc_common_li->li_timeout[ t ];
}
-
- be->be_private = li;
+ be->bd_info = bi;
return 0;
}
static slap_overinst ldapchain;
int
-chain_init( void )
+chain_initialize( void )
{
int rc;
+ /* Make sure we don't exceed the bits reserved for userland */
+ config_check_userland( CH_LAST );
+
#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
rc = register_supported_control( LDAP_CONTROL_X_CHAINING_BEHAVIOR,
/* SLAP_CTRL_GLOBAL| */ SLAP_CTRL_ACCESS|SLAP_CTRL_HIDE, NULL,
ldap_chain_parse_ctrl, &sc_chainingBehavior );
if ( rc != LDAP_SUCCESS ) {
- fprintf( stderr, "Failed to register chaining behavior control: %d\n", rc );
+ Debug( LDAP_DEBUG_ANY, "slapd-chain: "
+ "unable to register chaining behavior control: %d.\n",
+ rc, 0, 0 );
return rc;
}
#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
ldapchain.on_bi.bi_db_close = ldap_chain_db_close;
ldapchain.on_bi.bi_db_destroy = ldap_chain_db_destroy;
- /* ... otherwise the underlying backend's function would be called,
- * likely passing an invalid entry; on the contrary, the requested
- * operational attributes should have been returned while chasing
- * the referrals. This all in all is a bit messy, because part
- * of the operational attributes are generated by the backend;
- * part by the frontend; back-ldap should receive all the available
- * ones from the remote server, but then, on its own, it strips those
- * it assumes will be (re)generated by the frontend (e.g.
- * subschemaSubentry.) */
- ldapchain.on_bi.bi_operational = ldap_chain_operational;
-
ldapchain.on_bi.bi_connection_destroy = ldap_chain_connection_destroy;
ldapchain.on_response = ldap_chain_response;