Add CRC32 checksum to back-ldif files

[openldap] / servers / slapd / back-ldif / ldif.c

diff --git a/servers/slapd/back-ldif/ldif.c b/servers/slapd/back-ldif/ldif.c
index 0457e6136fbadbc826e4b8d0a2ff6c8dfb31c7b7..0d7b55fd96063206544d4f1086cf63111b4621b4 100644 (file)
--- a/servers/slapd/back-ldif/ldif.c
+++ b/servers/slapd/back-ldif/ldif.c
@@ -2,7 +2,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2005-2008 The OpenLDAP Foundation.
+ * Copyright 2005-2011 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -37,12 +37,24 @@ struct ldif_tool {
        ID              ecount;                         /* number of entries */
        ID              ecurrent;                       /* bi_tool_entry_next() position */
 #      define  ENTRY_BUFF_INCREMENT 500 /* initial entries[] length */
+       struct berval   *tl_base;
+       int             tl_scope;
+       Filter          *tl_filter;
 };
 
 /* Per-database data */
 struct ldif_info {
        struct berval li_base_path;                     /* database directory */
        struct ldif_tool li_tool;                       /* for slap tools */
+       /*
+        * Read-only LDAP requests readlock li_rdwr for filesystem input.
+        * Update requests first lock li_modop_mutex for filesystem I/O,
+        * and then writelock li_rdwr as well for filesystem output.
+        * This allows update requests to do callbacks that acquire
+        * read locks, e.g. access controls that inspect entries.
+        * (An alternative would be recursive read/write locks.)
+        */
+       ldap_pvt_thread_mutex_t li_modop_mutex; /* serialize update requests */
        ldap_pvt_thread_rdwr_t  li_rdwr;        /* no other I/O when writing */
 };
 
@@ -175,9 +187,10 @@ static ConfigOCs ldifocs[] = {
  */
 
 /* Set *res = LDIF filename path for the normalized DN */
-static void
-dn2path( BackendDB *be, struct berval *dn, struct berval *res )
+static int
+ndn2path( Operation *op, struct berval *dn, struct berval *res, int empty_ok )
 {
+       BackendDB *be = op->o_bd;
        struct ldif_info *li = (struct ldif_info *) be->be_private;
        struct berval *suffixdn = &be->be_nsuffix[0];
        const char *start, *end, *next, *p;
@@ -191,6 +204,10 @@ dn2path( BackendDB *be, struct berval *dn, struct berval *res )
        assert( !BER_BVISNULL( suffixdn ) );
        assert( dnIsSuffix( dn, suffixdn ) );
 
+       if ( dn->bv_len == 0 && !empty_ok ) {
+               return LDAP_UNWILLING_TO_PERFORM;
+       }
+
        start = dn->bv_val;
        end = start + dn->bv_len;
 
@@ -231,6 +248,8 @@ dn2path( BackendDB *be, struct berval *dn, struct berval *res )
        res->bv_len = ptr - res->bv_val;
 
        assert( res->bv_len <= len );
+
+       return LDAP_SUCCESS;
 }
 
 /*
@@ -306,6 +325,86 @@ ldif_tempname( const struct berval *dnpath )
        return name;
 }
 
+/* CRC-32 table for the polynomial:
+ * x^32+x^26+x^23+x^22+x^16+x^12+x^11+x^10+x^8+x^7+x^5+x^4+x^2+x+1.
+ *
+ * As used by zlib
+ */
+
+static const unsigned int crctab[256] = {
+       0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL, 0x076dc419L,
+       0x706af48fL, 0xe963a535L, 0x9e6495a3L, 0x0edb8832L, 0x79dcb8a4L,
+       0xe0d5e91eL, 0x97d2d988L, 0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L,
+       0x90bf1d91L, 0x1db71064L, 0x6ab020f2L, 0xf3b97148L, 0x84be41deL,
+       0x1adad47dL, 0x6ddde4ebL, 0xf4d4b551L, 0x83d385c7L, 0x136c9856L,
+       0x646ba8c0L, 0xfd62f97aL, 0x8a65c9ecL, 0x14015c4fL, 0x63066cd9L,
+       0xfa0f3d63L, 0x8d080df5L, 0x3b6e20c8L, 0x4c69105eL, 0xd56041e4L,
+       0xa2677172L, 0x3c03e4d1L, 0x4b04d447L, 0xd20d85fdL, 0xa50ab56bL,
+       0x35b5a8faL, 0x42b2986cL, 0xdbbbc9d6L, 0xacbcf940L, 0x32d86ce3L,
+       0x45df5c75L, 0xdcd60dcfL, 0xabd13d59L, 0x26d930acL, 0x51de003aL,
+       0xc8d75180L, 0xbfd06116L, 0x21b4f4b5L, 0x56b3c423L, 0xcfba9599L,
+       0xb8bda50fL, 0x2802b89eL, 0x5f058808L, 0xc60cd9b2L, 0xb10be924L,
+       0x2f6f7c87L, 0x58684c11L, 0xc1611dabL, 0xb6662d3dL, 0x76dc4190L,
+       0x01db7106L, 0x98d220bcL, 0xefd5102aL, 0x71b18589L, 0x06b6b51fL,
+       0x9fbfe4a5L, 0xe8b8d433L, 0x7807c9a2L, 0x0f00f934L, 0x9609a88eL,
+       0xe10e9818L, 0x7f6a0dbbL, 0x086d3d2dL, 0x91646c97L, 0xe6635c01L,
+       0x6b6b51f4L, 0x1c6c6162L, 0x856530d8L, 0xf262004eL, 0x6c0695edL,
+       0x1b01a57bL, 0x8208f4c1L, 0xf50fc457L, 0x65b0d9c6L, 0x12b7e950L,
+       0x8bbeb8eaL, 0xfcb9887cL, 0x62dd1ddfL, 0x15da2d49L, 0x8cd37cf3L,
+       0xfbd44c65L, 0x4db26158L, 0x3ab551ceL, 0xa3bc0074L, 0xd4bb30e2L,
+       0x4adfa541L, 0x3dd895d7L, 0xa4d1c46dL, 0xd3d6f4fbL, 0x4369e96aL,
+       0x346ed9fcL, 0xad678846L, 0xda60b8d0L, 0x44042d73L, 0x33031de5L,
+       0xaa0a4c5fL, 0xdd0d7cc9L, 0x5005713cL, 0x270241aaL, 0xbe0b1010L,
+       0xc90c2086L, 0x5768b525L, 0x206f85b3L, 0xb966d409L, 0xce61e49fL,
+       0x5edef90eL, 0x29d9c998L, 0xb0d09822L, 0xc7d7a8b4L, 0x59b33d17L,
+       0x2eb40d81L, 0xb7bd5c3bL, 0xc0ba6cadL, 0xedb88320L, 0x9abfb3b6L,
+       0x03b6e20cL, 0x74b1d29aL, 0xead54739L, 0x9dd277afL, 0x04db2615L,
+       0x73dc1683L, 0xe3630b12L, 0x94643b84L, 0x0d6d6a3eL, 0x7a6a5aa8L,
+       0xe40ecf0bL, 0x9309ff9dL, 0x0a00ae27L, 0x7d079eb1L, 0xf00f9344L,
+       0x8708a3d2L, 0x1e01f268L, 0x6906c2feL, 0xf762575dL, 0x806567cbL,
+       0x196c3671L, 0x6e6b06e7L, 0xfed41b76L, 0x89d32be0L, 0x10da7a5aL,
+       0x67dd4accL, 0xf9b9df6fL, 0x8ebeeff9L, 0x17b7be43L, 0x60b08ed5L,
+       0xd6d6a3e8L, 0xa1d1937eL, 0x38d8c2c4L, 0x4fdff252L, 0xd1bb67f1L,
+       0xa6bc5767L, 0x3fb506ddL, 0x48b2364bL, 0xd80d2bdaL, 0xaf0a1b4cL,
+       0x36034af6L, 0x41047a60L, 0xdf60efc3L, 0xa867df55L, 0x316e8eefL,
+       0x4669be79L, 0xcb61b38cL, 0xbc66831aL, 0x256fd2a0L, 0x5268e236L,
+       0xcc0c7795L, 0xbb0b4703L, 0x220216b9L, 0x5505262fL, 0xc5ba3bbeL,
+       0xb2bd0b28L, 0x2bb45a92L, 0x5cb36a04L, 0xc2d7ffa7L, 0xb5d0cf31L,
+       0x2cd99e8bL, 0x5bdeae1dL, 0x9b64c2b0L, 0xec63f226L, 0x756aa39cL,
+       0x026d930aL, 0x9c0906a9L, 0xeb0e363fL, 0x72076785L, 0x05005713L,
+       0x95bf4a82L, 0xe2b87a14L, 0x7bb12baeL, 0x0cb61b38L, 0x92d28e9bL,
+       0xe5d5be0dL, 0x7cdcefb7L, 0x0bdbdf21L, 0x86d3d2d4L, 0xf1d4e242L,
+       0x68ddb3f8L, 0x1fda836eL, 0x81be16cdL, 0xf6b9265bL, 0x6fb077e1L,
+       0x18b74777L, 0x88085ae6L, 0xff0f6a70L, 0x66063bcaL, 0x11010b5cL,
+       0x8f659effL, 0xf862ae69L, 0x616bffd3L, 0x166ccf45L, 0xa00ae278L,
+       0xd70dd2eeL, 0x4e048354L, 0x3903b3c2L, 0xa7672661L, 0xd06016f7L,
+       0x4969474dL, 0x3e6e77dbL, 0xaed16a4aL, 0xd9d65adcL, 0x40df0b66L,
+       0x37d83bf0L, 0xa9bcae53L, 0xdebb9ec5L, 0x47b2cf7fL, 0x30b5ffe9L,
+       0xbdbdf21cL, 0xcabac28aL, 0x53b39330L, 0x24b4a3a6L, 0xbad03605L,
+       0xcdd70693L, 0x54de5729L, 0x23d967bfL, 0xb3667a2eL, 0xc4614ab8L,
+       0x5d681b02L, 0x2a6f2b94L, 0xb40bbe37L, 0xc30c8ea1L, 0x5a05df1bL,
+       0x2d02ef8dL
+};
+
+#define CRC1   crc = crctab[(crc ^ *buf++) & 0xff] ^ (crc >> 8)
+#define CRC8   CRC1; CRC1; CRC1; CRC1; CRC1; CRC1; CRC1; CRC1
+unsigned int crc32(unsigned char *buf, int len)
+{
+       unsigned int    crc = 0xffffffff;
+       int                             i;
+
+       while (len > 7) {
+               CRC8;
+               len -= 8;
+       }
+       while (len) {
+               CRC1;
+               len--;
+       }
+
+       return crc ^ 0xffffffff;
+}
+
 /*
  * Read a file, or stat() it if datap == NULL.  Allocate and fill *datap.
  * Return LDAP_SUCCESS, LDAP_NO_SUCH_OBJECT (no such file), or another error.
@@ -352,6 +451,28 @@ ldif_read_file( const char *path, char **datap )
                Debug( LDAP_DEBUG_TRACE, "ldif_read_file: %s: \"%s\"\n",
                        datap ? "read entry file" : "entry file exists", path, 0 );
                rc = LDAP_SUCCESS;
+               if ( datap ) {
+                       len = ptr - data;
+                       ptr = strstr( data, "\n# CRC32" );
+                       if (!ptr) {
+                               Debug( LDAP_DEBUG_TRACE, "ldif_read_file: no checksum \"%s\"\n",
+                                       path, 0, 0 );
+                       } else {
+                               unsigned int crc1 = 0, crc2 = 1;
+                               if ( sscanf( ptr + 9, "%08x", &crc1) == 1) {
+                                       ptr = strchr(ptr+1, '\n');
+                                       if ( ptr ) {
+                                               ptr++;
+                                               len -= (ptr - data);
+                                               crc2 = crc32( ptr, len );
+                                       }
+                               }
+                               if ( crc1 != crc2 ) {
+                                       Debug( LDAP_DEBUG_ANY, "ldif_read_file: checksum error on \"%s\"\n",
+                                               path, 0, 0 );
+                               }
+                       }
+               }
        } else {
                if ( res < 0 && errno == ENOENT ) {
                        Debug( LDAP_DEBUG_TRACE, "ldif_read_file: "
@@ -376,8 +497,12 @@ ldif_read_file( const char *path, char **datap )
 static int
 spew_file( int fd, const char *spew, int len, int *save_errno )
 {
-       int writeres = 0;
+       int writeres;
+#define HEADER "# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.\n"
+       char header[sizeof(HEADER "# CRC32 12345678\n")];
 
+       sprintf(header, HEADER "# CRC32 %08x\n", crc32(spew, len));
+       writeres = write(fd, header, sizeof(header)-1);
        while(len > 0) {
                writeres = write(fd, spew, len);
                if(writeres == -1) {
@@ -559,16 +684,21 @@ get_entry(
        int rc;
        struct berval path, pdn, pndn;
 
-       dnParent(&op->o_req_dn, &pdn);
-       dnParent(&op->o_req_ndn, &pndn);
-       dn2path( op->o_bd, &op->o_req_ndn, &path );
+       dnParent( &op->o_req_dn, &pdn );
+       dnParent( &op->o_req_ndn, &pndn );
+       rc = ndn2path( op, &op->o_req_ndn, &path, 0 );
+       if ( rc != LDAP_SUCCESS ) {
+               goto done;
+       }
+
        rc = ldif_read_entry( op, path.bv_val, &pdn, &pndn, entryp, text );
 
        if ( rc == LDAP_SUCCESS && pathp != NULL ) {
                *pathp = path;
        } else {
-               SLAP_FREE(path.bv_val);
+               SLAP_FREE( path.bv_val );
        }
+ done:
        return rc;
 }
 
@@ -584,9 +714,9 @@ typedef struct bvlist {
        char *trunc;    /* filename was truncated here */
        int  inum;              /* num from "attr={num}" in filename, or INT_MIN */
        char savech;    /* original char at *trunc */
-       char fname;             /* variable length array BVL_NAME(bvl) = &fname */
-#      define BVL_NAME(bvl) ((char *) (bvl) + offsetof(bvlist, fname))
-#      define BVL_SIZE(namelen) (sizeof(bvlist) + (namelen))
+       /* BVL_NAME(&bvlist) is the filename, allocated after the struct: */
+#      define BVL_NAME(bvl)     ((char *) ((bvl) + 1))
+#      define BVL_SIZE(namelen) (sizeof(bvlist) + (namelen) + 1)
 } bvlist;
 
 static int
@@ -636,9 +766,14 @@ ldif_send_entry( Operation *op, SlapReply *rs, Entry *e, int scope )
                else if ( test_filter( op, e, op->ors_filter ) == LDAP_COMPARE_TRUE ) {
                        rs->sr_entry = e;
                        rs->sr_attrs = op->ors_attrs;
+                       /* Could set REP_ENTRY_MUSTBEFREED too for efficiency,
+                        * but refraining lets us test unFREEable MODIFIABLE
+                        * entries.  Like entries built on the stack.
+                        */
                        rs->sr_flags = REP_ENTRY_MODIFIABLE;
                        rc = send_search_entry( op, rs );
                        rs->sr_entry = NULL;
+                       rs->sr_attrs = NULL;
                }
        }
 
@@ -727,6 +862,7 @@ ldif_readdir(
                        bvl->savech = *trunc;
                        *trunc = '\0';
 
+                       /* Insertion sort */
                        for ( prev = listp; (ptr = *prev) != NULL; prev = &ptr->next ) {
                                int cmp = strcmp( BVL_NAME( bvl ), BVL_NAME( ptr ));
                                if ( cmp < 0 || (cmp == 0 && bvl->inum < ptr->inum) )
@@ -863,7 +999,7 @@ search_tree( Operation *op, SlapReply *rs )
        struct berval path;
        struct berval pdn, pndn;
 
-       dn2path( op->o_bd, &op->o_req_ndn, &path );
+       (void) ndn2path( op, &op->o_req_ndn, &path, 1 );
        if ( !BER_BVISEMPTY( &op->o_req_ndn ) ) {
                /* Read baseObject */
                dnParent( &op->o_req_dn, &pdn );
@@ -897,18 +1033,20 @@ ldif_prepare_create(
        char **need_dir,
        const char **text )
 {
-       BackendDB *be = op->o_bd;
-       struct ldif_info *li = (struct ldif_info *) be->be_private;
+       struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
        struct berval *ndn = &e->e_nname;
        struct berval ppath = BER_BVNULL;
        struct stat st;
        Entry *parent = NULL;
-       int rc = LDAP_SUCCESS;
+       int rc;
 
        if ( op->o_abandon )
                return SLAPD_ABANDON;
 
-       dn2path( be, ndn, dnpath );
+       rc = ndn2path( op, ndn, dnpath, 0 );
+       if ( rc != LDAP_SUCCESS ) {
+               return rc;
+       }
 
        if ( stat( dnpath->bv_val, &st ) == 0 ) { /* entry .ldif file */
                rc = LDAP_ALREADY_EXISTS;
@@ -984,12 +1122,14 @@ ldif_prepare_create(
        return rc;
 }
 
-static int apply_modify_to_entry(Entry * entry,
-                               Modifications * modlist,
-                               Operation * op,
-                               SlapReply * rs)
+static int
+apply_modify_to_entry(
+       Entry *entry,
+       Modifications *modlist,
+       Operation *op,
+       SlapReply *rs,
+       char *textbuf )
 {
-       char textbuf[SLAP_TEXT_BUFLEN];
        int rc = modlist ? LDAP_UNWILLING_TO_PERFORM : LDAP_SUCCESS;
        int is_oc = 0;
        Modification *mods;
@@ -1009,28 +1149,28 @@ static int apply_modify_to_entry(Entry * entry,
                        rc = modify_add_values(entry, mods,
                                   get_permissiveModify(op),
                                   &rs->sr_text, textbuf,
-                                  sizeof( textbuf ) );
+                                  SLAP_TEXT_BUFLEN );
                        break;
-                               
+
                case LDAP_MOD_DELETE:
                        rc = modify_delete_values(entry, mods,
                                get_permissiveModify(op),
                                &rs->sr_text, textbuf,
-                               sizeof( textbuf ) );
+                               SLAP_TEXT_BUFLEN );
                        break;
-                               
+
                case LDAP_MOD_REPLACE:
                        rc = modify_replace_values(entry, mods,
                                 get_permissiveModify(op),
                                 &rs->sr_text, textbuf,
-                                sizeof( textbuf ) );
+                                SLAP_TEXT_BUFLEN );
                        break;
 
                case LDAP_MOD_INCREMENT:
                        rc = modify_increment_values( entry,
                                mods, get_permissiveModify(op),
                                &rs->sr_text, textbuf,
-                               sizeof( textbuf ) );
+                               SLAP_TEXT_BUFLEN );
                        break;
 
                case SLAP_MOD_SOFTADD:
@@ -1038,12 +1178,37 @@ static int apply_modify_to_entry(Entry * entry,
                        rc = modify_add_values(entry, mods,
                                   get_permissiveModify(op),
                                   &rs->sr_text, textbuf,
-                                  sizeof( textbuf ) );
+                                  SLAP_TEXT_BUFLEN );
                        mods->sm_op = SLAP_MOD_SOFTADD;
                        if (rc == LDAP_TYPE_OR_VALUE_EXISTS) {
                                rc = LDAP_SUCCESS;
                        }
                        break;
+
+               case SLAP_MOD_SOFTDEL:
+                       mods->sm_op = LDAP_MOD_DELETE;
+                       rc = modify_delete_values(entry, mods,
+                                  get_permissiveModify(op),
+                                  &rs->sr_text, textbuf,
+                                  SLAP_TEXT_BUFLEN );
+                       mods->sm_op = SLAP_MOD_SOFTDEL;
+                       if (rc == LDAP_NO_SUCH_ATTRIBUTE) {
+                               rc = LDAP_SUCCESS;
+                       }
+                       break;
+
+               case SLAP_MOD_ADD_IF_NOT_PRESENT:
+                       if ( attr_find( entry->e_attrs, mods->sm_desc ) ) {
+                               rc = LDAP_SUCCESS;
+                               break;
+                       }
+                       mods->sm_op = LDAP_MOD_ADD;
+                       rc = modify_add_values(entry, mods,
+                                  get_permissiveModify(op),
+                                  &rs->sr_text, textbuf,
+                                  SLAP_TEXT_BUFLEN );
+                       mods->sm_op = SLAP_MOD_ADD_IF_NOT_PRESENT;
+                       break;
                }
                if(rc != LDAP_SUCCESS) break;
        }
@@ -1054,8 +1219,8 @@ static int apply_modify_to_entry(Entry * entry,
                        entry->e_ocflags = 0;
                }
                /* check that the entry still obeys the schema */
-               rc = entry_schema_check( op, entry, NULL, 0, 0,
-                         &rs->sr_text, textbuf, sizeof( textbuf ) );
+               rc = entry_schema_check( op, entry, NULL, 0, 0, NULL,
+                         &rs->sr_text, textbuf, SLAP_TEXT_BUFLEN );
        }
 
        return rc;
@@ -1076,12 +1241,12 @@ ldif_back_referrals( Operation *op, SlapReply *rs )
        if ( min_dnlen == 0 ) {
                /* Catch root DSE (empty DN), it is not a referral */
                min_dnlen = 1;
-               if ( BER_BVISEMPTY( &ndn ) )
-                       return LDAP_SUCCESS;
+       }
+       if ( ndn2path( op, &ndn, &path, 0 ) != LDAP_SUCCESS ) {
+               return LDAP_SUCCESS;    /* Root DSE again */
        }
 
        entryp = get_manageDSAit( op ) ? NULL : &entry;
-       dn2path( op->o_bd, &ndn, &path );
        ldap_pvt_thread_rdwr_rlock( &li->li_rdwr );
 
        for (;;) {
@@ -1183,19 +1348,19 @@ ldif_back_bind( Operation *op, SlapReply *rs )
        }
 
        /* let the front-end send success */
-       return_val = 0;
-       goto return_result;
+       return_val = LDAP_SUCCESS;
 
  return_result:
        ldap_pvt_thread_rdwr_runlock(&li->li_rdwr);
-       if(return_val != 0)
+       if(return_val != LDAP_SUCCESS)
                send_ldap_result( op, rs );
        if(entry != NULL)
                entry_free(entry);
        return return_val;
 }
 
-static int ldif_back_search(Operation *op, SlapReply *rs)
+static int
+ldif_back_search( Operation *op, SlapReply *rs )
 {
        struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
 
@@ -1207,7 +1372,9 @@ static int ldif_back_search(Operation *op, SlapReply *rs)
        return rs->sr_err;
 }
 
-static int ldif_back_add(Operation *op, SlapReply *rs) {
+static int
+ldif_back_add( Operation *op, SlapReply *rs )
+{
        struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
        Entry * e = op->ora_e;
        struct berval path;
@@ -1217,7 +1384,7 @@ static int ldif_back_add(Operation *op, SlapReply *rs) {
 
        Debug( LDAP_DEBUG_TRACE, "ldif_back_add: \"%s\"\n", e->e_dn, 0, 0 );
 
-       rc = entry_schema_check( op, e, NULL, 0, 1,
+       rc = entry_schema_check( op, e, NULL, 0, 1, NULL,
                &rs->sr_text, textbuf, sizeof( textbuf ) );
        if ( rc != LDAP_SUCCESS )
                goto send_res;
@@ -1226,54 +1393,64 @@ static int ldif_back_add(Operation *op, SlapReply *rs) {
        if ( rc != LDAP_SUCCESS )
                goto send_res;
 
-       ldap_pvt_thread_rdwr_wlock(&li->li_rdwr);
+       ldap_pvt_thread_mutex_lock( &li->li_modop_mutex );
 
        rc = ldif_prepare_create( op, e, &path, &parentdir, &rs->sr_text );
        if ( rc == LDAP_SUCCESS ) {
+               ldap_pvt_thread_rdwr_wlock( &li->li_rdwr );
                rc = ldif_write_entry( op, e, &path, parentdir, &rs->sr_text );
+               ldap_pvt_thread_rdwr_wunlock( &li->li_rdwr );
+
                SLAP_FREE( path.bv_val );
                if ( parentdir != NULL )
                        SLAP_FREE( parentdir );
        }
 
-       ldap_pvt_thread_rdwr_wunlock(&li->li_rdwr);
+       ldap_pvt_thread_mutex_unlock( &li->li_modop_mutex );
 
  send_res:
        rs->sr_err = rc;
        Debug( LDAP_DEBUG_TRACE, "ldif_back_add: err: %d text: %s\n",
                rc, rs->sr_text ? rs->sr_text : "", 0 );
-       send_ldap_result(op, rs);
+       send_ldap_result( op, rs );
        slap_graduate_commit_csn( op );
+       rs->sr_text = NULL;     /* remove possible pointer to textbuf */
        return rs->sr_err;
 }
 
-static int ldif_back_modify(Operation *op, SlapReply *rs) {
+static int
+ldif_back_modify( Operation *op, SlapReply *rs )
+{
        struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
        Modifications * modlst = op->orm_modlist;
        struct berval path;
        Entry *entry;
+       char textbuf[SLAP_TEXT_BUFLEN];
        int rc;
 
        slap_mods_opattrs( op, &op->orm_modlist, 1 );
 
-       ldap_pvt_thread_rdwr_wlock(&li->li_rdwr);
+       ldap_pvt_thread_mutex_lock( &li->li_modop_mutex );
 
        rc = get_entry( op, &entry, &path, &rs->sr_text );
        if ( rc == LDAP_SUCCESS ) {
-               rc = apply_modify_to_entry( entry, modlst, op, rs );
+               rc = apply_modify_to_entry( entry, modlst, op, rs, textbuf );
                if ( rc == LDAP_SUCCESS ) {
+                       ldap_pvt_thread_rdwr_wlock( &li->li_rdwr );
                        rc = ldif_write_entry( op, entry, &path, NULL, &rs->sr_text );
+                       ldap_pvt_thread_rdwr_wunlock( &li->li_rdwr );
                }
 
                entry_free( entry );
                SLAP_FREE( path.bv_val );
        }
 
-       ldap_pvt_thread_rdwr_wunlock(&li->li_rdwr);
+       ldap_pvt_thread_mutex_unlock( &li->li_modop_mutex );
 
        rs->sr_err = rc;
        send_ldap_result( op, rs );
        slap_graduate_commit_csn( op );
+       rs->sr_text = NULL;     /* remove possible pointer to textbuf */
        return rs->sr_err;
 }
 
@@ -1286,20 +1463,25 @@ ldif_back_delete( Operation *op, SlapReply *rs )
 
        if ( BER_BVISEMPTY( &op->o_csn )) {
                struct berval csn;
-               char csnbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
+               char csnbuf[LDAP_PVT_CSNSTR_BUFSIZE];
 
                csn.bv_val = csnbuf;
                csn.bv_len = sizeof( csnbuf );
                slap_get_csn( op, &csn, 1 );
        }
 
-       ldap_pvt_thread_rdwr_wlock(&li->li_rdwr);
+       ldap_pvt_thread_mutex_lock( &li->li_modop_mutex );
+       ldap_pvt_thread_rdwr_wlock( &li->li_rdwr );
        if ( op->o_abandon ) {
                rc = SLAPD_ABANDON;
                goto done;
        }
 
-       dn2path( op->o_bd, &op->o_req_ndn, &path );
+       rc = ndn2path( op, &op->o_req_ndn, &path, 0 );
+       if ( rc != LDAP_SUCCESS ) {
+               goto done;
+       }
+
        ldif2dir_len( path );
        ldif2dir_name( path );
        if ( rmdir( path.bv_val ) < 0 ) {
@@ -1333,9 +1515,10 @@ ldif_back_delete( Operation *op, SlapReply *rs )
                        "cannot delete", path.bv_val, STRERROR( errno ) );
        }
 
-       SLAP_FREE(path.bv_val);
+       SLAP_FREE( path.bv_val );
  done:
-       ldap_pvt_thread_rdwr_wunlock(&li->li_rdwr);
+       ldap_pvt_thread_rdwr_wunlock( &li->li_rdwr );
+       ldap_pvt_thread_mutex_unlock( &li->li_modop_mutex );
        rs->sr_err = rc;
        send_ldap_result( op, rs );
        slap_graduate_commit_csn( op );
@@ -1351,6 +1534,7 @@ ldif_move_entry(
        struct berval *oldpath,
        const char **text )
 {
+       struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
        struct berval newpath;
        char *parentdir = NULL, *trash;
        int rc, rename_res;
@@ -1364,6 +1548,8 @@ ldif_move_entry(
        }
 
        if ( rc == LDAP_SUCCESS ) {
+               ldap_pvt_thread_rdwr_wlock( &li->li_rdwr );
+
                rc = ldif_write_entry( op, entry, &newpath, parentdir, text );
                if ( rc == LDAP_SUCCESS && !same_ndn ) {
                        trash = oldpath->bv_val; /* will be .ldif file to delete */
@@ -1413,6 +1599,7 @@ ldif_move_entry(
                        }
                }
 
+               ldap_pvt_thread_rdwr_wunlock( &li->li_rdwr );
                if ( !same_ndn )
                        SLAP_FREE( newpath.bv_val );
                if ( parentdir != NULL )
@@ -1423,17 +1610,18 @@ ldif_move_entry(
 }
 
 static int
-ldif_back_modrdn(Operation *op, SlapReply *rs)
+ldif_back_modrdn( Operation *op, SlapReply *rs )
 {
        struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
        struct berval new_dn = BER_BVNULL, new_ndn = BER_BVNULL;
        struct berval p_dn, old_path;
        Entry *entry;
+       char textbuf[SLAP_TEXT_BUFLEN];
        int rc, same_ndn;
 
        slap_mods_opattrs( op, &op->orr_modlist, 1 );
 
-       ldap_pvt_thread_rdwr_wlock( &li->li_rdwr );
+       ldap_pvt_thread_mutex_lock( &li->li_modop_mutex );
 
        rc = get_entry( op, &entry, &old_path, &rs->sr_text );
        if ( rc == LDAP_SUCCESS ) {
@@ -1443,7 +1631,7 @@ ldif_back_modrdn(Operation *op, SlapReply *rs)
                } else {
                        dnParent( &entry->e_name, &p_dn );
                }
-               build_new_dn( &new_dn, &p_dn, &op->oq_modrdn.rs_newrdn, NULL ); 
+               build_new_dn( &new_dn, &p_dn, &op->oq_modrdn.rs_newrdn, NULL );
                dnNormalize( 0, NULL, NULL, &new_dn, &new_ndn, NULL );
                same_ndn = !ber_bvcmp( &entry->e_nname, &new_ndn );
                ber_memfree_x( entry->e_name.bv_val, NULL );
@@ -1452,7 +1640,7 @@ ldif_back_modrdn(Operation *op, SlapReply *rs)
                entry->e_nname = new_ndn;
 
                /* perform the modifications */
-               rc = apply_modify_to_entry( entry, op->orr_modlist, op, rs );
+               rc = apply_modify_to_entry( entry, op->orr_modlist, op, rs, textbuf );
                if ( rc == LDAP_SUCCESS )
                        rc = ldif_move_entry( op, entry, same_ndn, &old_path,
                                &rs->sr_text );
@@ -1461,10 +1649,11 @@ ldif_back_modrdn(Operation *op, SlapReply *rs)
                SLAP_FREE( old_path.bv_val );
        }
 
-       ldap_pvt_thread_rdwr_wunlock( &li->li_rdwr );
+       ldap_pvt_thread_mutex_unlock( &li->li_modop_mutex );
        rs->sr_err = rc;
        send_ldap_result( op, rs );
        slap_graduate_commit_csn( op );
+       rs->sr_text = NULL;     /* remove possible pointer to textbuf */
        return rs->sr_err;
 }
 
@@ -1506,14 +1695,18 @@ ldif_back_entry_get(
 
 /* Slap tools */
 
-static int ldif_tool_entry_open(BackendDB *be, int mode) {
+static int
+ldif_tool_entry_open( BackendDB *be, int mode )
+{
        struct ldif_tool *tl = &((struct ldif_info *) be->be_private)->li_tool;
 
        tl->ecurrent = 0;
        return 0;
-}                                      
+}
 
-static int ldif_tool_entry_close(BackendDB * be) {
+static int
+ldif_tool_entry_close( BackendDB *be )
+{
        struct ldif_tool *tl = &((struct ldif_info *) be->be_private)->li_tool;
        Entry **entries = tl->entries;
        ID i;
@@ -1527,21 +1720,43 @@ static int ldif_tool_entry_close(BackendDB * be) {
        return 0;
 }
 
-static ID ldif_tool_entry_next(BackendDB *be)
+static ID
+ldif_tool_entry_next( BackendDB *be )
 {
        struct ldif_tool *tl = &((struct ldif_info *) be->be_private)->li_tool;
 
-       if ( tl->ecurrent >= tl->ecount )
-               return NOID;
-       else
-               return ++tl->ecurrent;
+       do {
+               Entry *e = tl->entries[ tl->ecurrent ];
+
+               if ( tl->ecurrent >= tl->ecount ) {
+                       return NOID;
+               }
+
+               ++tl->ecurrent;
+
+               if ( tl->tl_base && !dnIsSuffixScope( &e->e_nname, tl->tl_base, tl->tl_scope ) ) {
+                       continue;
+               }
+
+               if ( tl->tl_filter && test_filter( NULL, e, tl->tl_filter  ) != LDAP_COMPARE_TRUE ) {
+                       continue;
+               }
+
+               break;
+       } while ( 1 );
+
+       return tl->ecurrent;
 }
 
 static ID
-ldif_tool_entry_first(BackendDB *be)
+ldif_tool_entry_first_x( BackendDB *be, struct berval *base, int scope, Filter *f )
 {
        struct ldif_tool *tl = &((struct ldif_info *) be->be_private)->li_tool;
 
+       tl->tl_base = base;
+       tl->tl_scope = scope;
+       tl->tl_filter = f;
+
        if ( tl->entries == NULL ) {
                Operation op = {0};
 
@@ -1557,7 +1772,9 @@ ldif_tool_entry_first(BackendDB *be)
        return ldif_tool_entry_next( be );
 }
 
-static Entry * ldif_tool_entry_get(BackendDB * be, ID id) {
+static Entry *
+ldif_tool_entry_get( BackendDB *be, ID id )
+{
        struct ldif_tool *tl = &((struct ldif_info *) be->be_private)->li_tool;
        Entry *e = NULL;
 
@@ -1608,7 +1825,8 @@ ldif_back_db_init( BackendDB *be, ConfigReply *cr )
        li = ch_calloc( 1, sizeof(struct ldif_info) );
        be->be_private = li;
        be->be_cf_ocs = ldifocs;
-       ldap_pvt_thread_rdwr_init(&li->li_rdwr);
+       ldap_pvt_thread_mutex_init( &li->li_modop_mutex );
+       ldap_pvt_thread_rdwr_init( &li->li_rdwr );
        SLAP_DBFLAGS( be ) |= SLAP_DBFLAG_ONE_SUFFIX;
        return 0;
 }
@@ -1618,14 +1836,15 @@ ldif_back_db_destroy( Backend *be, ConfigReply *cr )
 {
        struct ldif_info *li = be->be_private;
 
-       ch_free(li->li_base_path.bv_val);
-       ldap_pvt_thread_rdwr_destroy(&li->li_rdwr);
+       ch_free( li->li_base_path.bv_val );
+       ldap_pvt_thread_rdwr_destroy( &li->li_rdwr );
+       ldap_pvt_thread_mutex_destroy( &li->li_modop_mutex );
        free( be->be_private );
        return 0;
 }
 
 static int
-ldif_back_db_open( Backend *be, ConfigReply *cr)
+ldif_back_db_open( Backend *be, ConfigReply *cr )
 {
        struct ldif_info *li = (struct ldif_info *) be->be_private;
        if( BER_BVISEMPTY(&li->li_base_path)) {/* missing base path */
@@ -1636,9 +1855,7 @@ ldif_back_db_open( Backend *be, ConfigReply *cr)
 }
 
 int
-ldif_back_initialize(
-                          BackendInfo  *bi
-                          )
+ldif_back_initialize( BackendInfo *bi )
 {
        static char *controls[] = {
                LDAP_CONTROL_MANAGEDSAIT,
@@ -1688,13 +1905,14 @@ ldif_back_initialize(
 
        bi->bi_tool_entry_open = ldif_tool_entry_open;
        bi->bi_tool_entry_close = ldif_tool_entry_close;
-       bi->bi_tool_entry_first = ldif_tool_entry_first;
+       bi->bi_tool_entry_first = backend_tool_entry_first;
+       bi->bi_tool_entry_first_x = ldif_tool_entry_first_x;
        bi->bi_tool_entry_next = ldif_tool_entry_next;
        bi->bi_tool_entry_get = ldif_tool_entry_get;
        bi->bi_tool_entry_put = ldif_tool_entry_put;
        bi->bi_tool_entry_reindex = 0;
        bi->bi_tool_sync = 0;
-       
+
        bi->bi_tool_dn2id_get = 0;
        bi->bi_tool_entry_modify = 0;