)
{
metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
- struct berval realbase = op->o_req_dn;
- int realscope = op->ors_scope;
- ber_len_t suffixlen = 0;
- struct berval mbase = BER_BVNULL;
- struct berval mfilter = BER_BVNULL;
- char **mapped_attrs = NULL;
- int rc;
+ struct berval realbase = op->o_req_dn;
+ int realscope = op->ors_scope;
+ ber_len_t suffixlen = 0;
+ struct berval mbase = BER_BVNULL;
+ struct berval mfilter = BER_BVNULL;
+ char **mapped_attrs = NULL;
+ int rc;
/* should we check return values? */
if ( op->ors_deref != -1 ) {
&op->o_req_ndn ) )
{
realbase = mi->mi_targets[ candidate ].mt_nsuffix;
+#ifdef LDAP_SCOPE_SUBORDINATE
+ if ( mi->mi_targets[ candidate ].mt_scope == LDAP_SCOPE_SUBORDINATE ) {
+ realscope = LDAP_SCOPE_SUBORDINATE;
+ }
+#endif /* LDAP_SCOPE_SUBORDINATE */
} else {
/*
realbase = mi->mi_targets[ candidate ].mt_nsuffix;
#ifdef LDAP_SCOPE_SUBORDINATE
if ( op->ors_scope == LDAP_SCOPE_SUBORDINATE ) {
- realscope = LDAP_SCOPE_SUBTREE;
+ if ( mi->mi_targets[ candidate ].mt_scope == LDAP_SCOPE_SUBORDINATE ) {
+ realscope = LDAP_SCOPE_SUBORDINATE;
+ } else {
+ realscope = LDAP_SCOPE_SUBTREE;
+ }
} else
#endif /* LDAP_SCOPE_SUBORDINATE */
{
int
meta_back_search( Operation *op, SlapReply *rs )
{
- metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
- metaconn_t *mc;
- struct timeval tv = { 0, 0 };
- LDAPMessage *res = NULL, *e;
- int rc = 0, sres = LDAP_SUCCESS;
- char *matched = NULL;
- int i, last = 0, ncandidates = 0,
- initial_candidates = 0, candidate_match = 0;
- dncookie dc;
- int is_ok = 0;
- void *savepriv;
- SlapReply *candidates = meta_back_candidates_get( op );
+ metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
+ metaconn_t *mc;
+ struct timeval tv = { 0, 0 };
+ time_t stoptime;
+ LDAPMessage *res = NULL, *e;
+ int rc = 0, sres = LDAP_SUCCESS;
+ char *matched = NULL;
+ int last = 0, ncandidates = 0,
+ initial_candidates = 0, candidate_match = 0;
+ long i;
+ dncookie dc;
+ int is_ok = 0;
+ void *savepriv;
+ SlapReply *candidates = meta_back_candidates_get( op );
/*
* controls are set in ldap_back_dobind()
metasingleconn_t *msc = &mc->mc_conns[ i ];
candidates[ i ].sr_msgid = -1;
-
- if ( candidates[ i ].sr_tag != META_CANDIDATE ) {
- continue;
- }
- candidates[ i ].sr_err = LDAP_SUCCESS;
candidates[ i ].sr_matched = NULL;
candidates[ i ].sr_text = NULL;
candidates[ i ].sr_ref = NULL;
candidates[ i ].sr_ctrls = NULL;
+ if ( candidates[ i ].sr_tag != META_CANDIDATE
+ || candidates[ i ].sr_err != LDAP_SUCCESS )
+ {
+ continue;
+ }
+
switch ( meta_back_search_start( op, rs, &dc, msc, i, candidates ) )
{
case 0:
#endif
if ( initial_candidates == 0 ) {
- send_ldap_error( op, rs, LDAP_NO_SUCH_OBJECT, NULL );
- /* FIXME: find a way to look up the best match */
-
+ /* NOTE: here we are not sending any matchedDN;
+ * this is intended, because if the back-meta
+ * is serving this search request, but no valid
+ * candidate could be looked up, it means that
+ * there is a hole in the mapping of the targets
+ * and thus no knowledge of any remote superior
+ * is available */
+ Debug( LDAP_DEBUG_ANY, "%s meta_back_search: "
+ "base=\"%s\" scope=%d: "
+ "no candidate could be selected\n",
+ op->o_log_prefix, op->o_req_dn.bv_val,
+ op->ors_scope );
+
+ /* FIXME: we're sending the first error we encounter;
+ * maybe we should pick the worst... */
rc = LDAP_NO_SUCH_OBJECT;
+ for ( i = 0; i < mi->mi_ntargets; i++ ) {
+ if ( candidates[ i ].sr_tag == META_CANDIDATE
+ && candidates[ i ].sr_err != LDAP_SUCCESS )
+ {
+ rc = candidates[ i ].sr_err;
+ break;
+ }
+ }
+
+ send_ldap_error( op, rs, rc, NULL );
+
goto finish;
}
* but this is necessary for version matching, and for ACL processing.
*/
+ if ( op->ors_tlimit != SLAP_NO_LIMIT ) {
+ stoptime = op->o_time + op->ors_tlimit;
+ }
+
/*
* In case there are no candidates, no cycle takes place...
*
0, &tv, &res );
if ( rc == 0 ) {
- /* timeout exceeded */
-
/* FIXME: res should not need to be freed */
assert( res == NULL );
+ /* check time limit */
+ if ( op->ors_tlimit != SLAP_NO_LIMIT
+ && slap_get_time() > stoptime )
+ {
+ doabandon = 1;
+ rc = rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
+ savepriv = op->o_private;
+ op->o_private = (void *)i;
+ send_ldap_result( op, rs );
+ op->o_private = savepriv;
+ goto finish;
+ }
+
continue;
} else if ( rc == -1 ) {
goto finish;
} else if ( rc == LDAP_RES_SEARCH_ENTRY ) {
- if ( op->ors_slimit > 0 && rs->sr_nentries == op->ors_slimit )
- {
+ if ( --op->ors_slimit == -1 ) {
ldap_msgfree( res );
res = NULL;
(char **)&candidates[ i ].sr_matched,
NULL /* (char **)&candidates[ i ].sr_text */ ,
&references,
- &candidates[ i ].sr_ctrls, 1 ) )
+ &candidates[ i ].sr_ctrls, 1 ) != LDAP_SUCCESS )
{
res = NULL;
ldap_get_option( msc->msc_ld,
sres = slap_map_api2result( rs );
goto really_bad;
}
+
rs->sr_err = candidates[ i ].sr_err;
sres = slap_map_api2result( rs );
res = NULL;
rs->sr_err = candidates[ i ].sr_err;
sres = slap_map_api2result( rs );
+
+ snprintf( buf, sizeof( buf ),
+ "%s meta_back_search[%ld] "
+ "match=\"%s\" err=%ld\n",
+ op->o_log_prefix, i,
+ candidates[ i ].sr_matched ? candidates[ i ].sr_matched : "",
+ (long) candidates[ i ].sr_err );
+ Debug( LDAP_DEBUG_ANY, "%s", buf, 0, 0 );
+
switch ( sres ) {
case LDAP_NO_SUCH_OBJECT:
/* is_ok is touched any time a valid
case LDAP_REFERRAL:
is_ok++;
break;
- }
- snprintf( buf, sizeof( buf ),
- "%s meta_back_search[%d] "
- "match=\"%s\" err=%d\n",
- op->o_log_prefix, i,
- candidates[ i ].sr_matched ? candidates[ i ].sr_matched : "",
- candidates[ i ].sr_err );
- Debug( LDAP_DEBUG_ANY, "%s", buf, 0, 0 );
+ default:
+ if ( META_BACK_ONERR_STOP( mi ) ) {
+ savepriv = op->o_private;
+ op->o_private = (void *)i;
+ send_ldap_result( op, rs );
+ op->o_private = savepriv;
+ goto finish;
+ }
+ break;
+ }
last = i;
rc = 0;
}
if ( gotit == 0 ) {
- tv.tv_sec = 0;
- tv.tv_usec = 100000; /* 0.1 s */
+ LDAP_BACK_TV_SET( &tv );
ldap_pvt_thread_yield();
} else {
*
* FIXME: only the last one gets caught!
*/
- if ( candidate_match > 0 && rs->sr_nentries > 0 ) {
+ savepriv = op->o_private;
+ op->o_private = (void *)(long)mi->mi_ntargets;
+ if ( candidate_match > 0 ) {
+ struct berval pmatched = BER_BVNULL;
+
/* we use the first one */
for ( i = 0; i < mi->mi_ntargets; i++ ) {
if ( candidates[ i ].sr_tag == META_CANDIDATE
&& candidates[ i ].sr_matched )
{
- matched = (char *)candidates[ i ].sr_matched;
- candidates[ i ].sr_matched = NULL;
- break;
+ struct berval bv, pbv;
+ int rc;
+
+ ber_str2bv( candidates[ i ].sr_matched, 0, 0, &bv );
+ rc = dnPretty( NULL, &bv, &pbv, op->o_tmpmemctx );
+
+ if ( rc == LDAP_SUCCESS ) {
+
+ /* NOTE: if they all are superiors
+ * of the baseDN, the shorter is also
+ * superior of the longer... */
+ if ( pbv.bv_len > pmatched.bv_len ) {
+ if ( !BER_BVISNULL( &pmatched ) ) {
+ op->o_tmpfree( pmatched.bv_val, op->o_tmpmemctx );
+ }
+ pmatched = pbv;
+ op->o_private = (void *)i;
+
+ } else {
+ op->o_tmpfree( pbv.bv_val, op->o_tmpmemctx );
+ }
+ }
+
+ if ( candidates[ i ].sr_matched != NULL ) {
+ free( (char *)candidates[ i ].sr_matched );
+ candidates[ i ].sr_matched = NULL;
+ }
}
}
+
+ if ( !BER_BVISNULL( &pmatched ) ) {
+ matched = pmatched.bv_val;
+ }
+
+ } else if ( sres == LDAP_NO_SUCH_OBJECT ) {
+ matched = op->o_bd->be_suffix[ 0 ].bv_val;
}
#if 0
rs->sr_err = sres;
rs->sr_matched = matched;
rs->sr_ref = ( sres == LDAP_REFERRAL ? rs->sr_v2ref : NULL );
- savepriv = op->o_private;
- op->o_private = (void *)mi->mi_ntargets;
send_ldap_result( op, rs );
op->o_private = savepriv;
rs->sr_matched = NULL;
rs->sr_ref = NULL;
finish:;
- if ( matched ) {
- free( matched );
+ if ( matched && matched != op->o_bd->be_suffix[ 0 ].bv_val ) {
+ op->o_tmpfree( matched, op->o_tmpmemctx );
}
if ( rs->sr_v2ref ) {
}
}
- return rc;
+ meta_back_release_conn( op, mc );
+
+ return rs->sr_err;
}
static int
Entry ent = { 0 };
BerElement ber = *e->lm_ber;
Attribute *attr, **attrp;
- struct berval *bv, bdn;
+ struct berval bdn,
+ dn = BER_BVNULL;
const char *text;
dncookie dc;
+ int rc;
if ( ber_scanf( &ber, "{m{", &bdn ) == LBER_ERROR ) {
return LDAP_DECODING_ERROR;
dc.rs = rs;
dc.ctx = "searchResult";
- rs->sr_err = ldap_back_dn_massage( &dc, &bdn, &ent.e_name );
+ rs->sr_err = ldap_back_dn_massage( &dc, &bdn, &dn );
if ( rs->sr_err != LDAP_SUCCESS) {
return rs->sr_err;
}
*
* FIXME: should we log anything, or delegate to dnNormalize?
*/
- if ( dnNormalize( 0, NULL, NULL, &ent.e_name, &ent.e_nname,
- op->o_tmpmemctx ) != LDAP_SUCCESS )
- {
+ rc = dnPrettyNormal( NULL, &dn, &ent.e_name, &ent.e_nname,
+ op->o_tmpmemctx );
+ if ( dn.bv_val != bdn.bv_val ) {
+ free( dn.bv_val );
+ }
+ BER_BVZERO( &dn );
+
+ if ( rc != LDAP_SUCCESS ) {
return LDAP_INVALID_DN_SYNTAX;
}
dc.ctx = "searchAttrDN";
while ( ber_scanf( &ber, "{m", &a ) != LBER_ERROR ) {
- int last = 0;
+ int last = 0;
+ slap_syntax_validate_func *validate;
+ slap_syntax_transform_func *pretty;
ldap_back_map( &mi->mi_targets[ target ].mt_rwmap.rwm_at,
&a, &mapped, BACKLDAP_REMAP );
attr->a_desc = NULL;
if ( slap_bv2ad( &mapped, &attr->a_desc, &text )
!= LDAP_SUCCESS) {
- if ( slap_bv2undef_ad( &mapped, &attr->a_desc, &text )
- != LDAP_SUCCESS )
+ if ( slap_bv2undef_ad( &mapped, &attr->a_desc, &text,
+ SLAP_AD_PROXIED ) != LDAP_SUCCESS )
{
char buf[ SLAP_TEXT_BUFLEN ];
}
/* no subschemaSubentry */
- if ( attr->a_desc == slap_schema.si_ad_subschemaSubentry ) {
+ if ( attr->a_desc == slap_schema.si_ad_subschemaSubentry
+ || attr->a_desc == slap_schema.si_ad_entryDN )
+ {
/*
* We eat target's subschemaSubentry because
* to resolve to the appropriate backend;
* later, the local subschemaSubentry is
* added.
+ *
+ * We also eat entryDN because the frontend
+ * will reattach it without checking if already
+ * present...
*/
( void )ber_scanf( &ber, "x" /* [W] */ );
{
attr->a_vals = (struct berval *)&slap_dummy_bv;
- } else if ( attr->a_desc == slap_schema.si_ad_objectClass
+ } else {
+ for ( last = 0; !BER_BVISNULL( &attr->a_vals[ last ] ); ++last )
+ ;
+ }
+
+ validate = attr->a_desc->ad_type->sat_syntax->ssyn_validate;
+ pretty = attr->a_desc->ad_type->sat_syntax->ssyn_pretty;
+
+ if ( !validate && !pretty ) {
+ attr->a_nvals = NULL;
+ attr_free( attr );
+ goto next_attr;
+ }
+
+ if ( attr->a_desc == slap_schema.si_ad_objectClass
|| attr->a_desc == slap_schema.si_ad_structuralObjectClass )
{
- for ( last = 0; !BER_BVISNULL( &attr->a_vals[ last ] ); ++last );
+ struct berval *bv;
for ( bv = attr->a_vals; !BER_BVISNULL( bv ); bv++ ) {
ldap_back_map( &mi->mi_targets[ target ].mt_rwmap.rwm_oc,
} else if ( attr->a_desc == slap_schema.si_ad_ref ) {
ldap_back_referral_result_rewrite( &dc, attr->a_vals );
+
+ } else {
+ int i;
+
+ for ( i = 0; i < last; i++ ) {
+ struct berval pval;
+ int rc;
+
+ if ( pretty ) {
+ rc = pretty( attr->a_desc->ad_type->sat_syntax,
+ &attr->a_vals[i], &pval, NULL );
+
+ } else {
+ rc = validate( attr->a_desc->ad_type->sat_syntax,
+ &attr->a_vals[i] );
+ }
+
+ if ( rc ) {
+ LBER_FREE( attr->a_vals[i].bv_val );
+ if ( --last == i ) {
+ BER_BVZERO( &attr->a_vals[ i ] );
+ break;
+ }
+ attr->a_vals[i] = attr->a_vals[last];
+ BER_BVZERO( &attr->a_vals[last] );
+ i--;
+ continue;
+ }
+
+ if ( pretty ) {
+ LBER_FREE( attr->a_vals[i].bv_val );
+ attr->a_vals[i] = pval;
+ }
+ }
+
+ if ( last == 0 && attr->a_vals != &slap_dummy_bv ) {
+ attr_free( attr );
+ goto next_attr;
+ }
}
if ( last && attr->a_desc->ad_type->sat_equality &&
- attr->a_desc->ad_type->sat_equality->smr_normalize ) {
+ attr->a_desc->ad_type->sat_equality->smr_normalize )
+ {
int i;
attr->a_nvals = ch_malloc( ( last + 1 ) * sizeof( struct berval ) );
*attrp = attr;
attrp = &attr->a_next;
+next_attr:;
}
rs->sr_entry = &ent;
rs->sr_attrs = op->ors_attrs;
rs->sr_entry = NULL;
rs->sr_attrs = NULL;
- if ( !BER_BVISNULL( &ent.e_name ) && ent.e_name.bv_val != bdn.bv_val ) {
+ if ( !BER_BVISNULL( &ent.e_name ) ) {
free( ent.e_name.bv_val );
BER_BVZERO( &ent.e_name );
}