int i,
LDAPMessage *e );
-static int
+typedef enum meta_search_candidate_t {
+ META_SEARCH_ERR = -1,
+ META_SEARCH_NOT_CANDIDATE,
+ META_SEARCH_CANDIDATE
+} meta_search_candidate_t;
+
+static meta_search_candidate_t
meta_back_search_start(
Operation *op,
SlapReply *rs,
struct berval mfilter = BER_BVNULL;
char **mapped_attrs = NULL;
int rc;
+ meta_search_candidate_t retcode;
+ struct timeval tv, *tvp = NULL;
/* should we check return values? */
if ( op->ors_deref != -1 ) {
ldap_set_option( msc->msc_ld, LDAP_OPT_DEREF,
- ( void * )&op->ors_deref);
+ ( void * )&op->ors_deref );
}
+
if ( op->ors_tlimit != SLAP_NO_LIMIT ) {
- ldap_set_option( msc->msc_ld, LDAP_OPT_TIMELIMIT,
- ( void * )&op->ors_tlimit);
- }
- if ( op->ors_slimit != SLAP_NO_LIMIT ) {
- ldap_set_option( msc->msc_ld, LDAP_OPT_SIZELIMIT,
- ( void * )&op->ors_slimit);
+ tv.tv_sec = op->ors_tlimit > 0 ? op->ors_tlimit : 1;
+ tvp = &tv;
}
dc->target = &mi->mi_targets[ candidate ];
&op->o_req_ndn ) )
{
realbase = mi->mi_targets[ candidate ].mt_nsuffix;
-#ifdef LDAP_SCOPE_SUBORDINATE
if ( mi->mi_targets[ candidate ].mt_scope == LDAP_SCOPE_SUBORDINATE ) {
realscope = LDAP_SCOPE_SUBORDINATE;
}
-#endif /* LDAP_SCOPE_SUBORDINATE */
} else {
/*
* this target is no longer candidate
*/
- return 0;
+ return META_SEARCH_NOT_CANDIDATE;
}
break;
-#ifdef LDAP_SCOPE_SUBORDINATE
case LDAP_SCOPE_SUBORDINATE:
-#endif /* LDAP_SCOPE_SUBORDINATE */
case LDAP_SCOPE_ONELEVEL:
{
struct berval rdn = mi->mi_targets[ candidate ].mt_nsuffix;
* base, and make scope "base"
*/
realbase = mi->mi_targets[ candidate ].mt_nsuffix;
-#ifdef LDAP_SCOPE_SUBORDINATE
if ( op->ors_scope == LDAP_SCOPE_SUBORDINATE ) {
if ( mi->mi_targets[ candidate ].mt_scope == LDAP_SCOPE_SUBORDINATE ) {
realscope = LDAP_SCOPE_SUBORDINATE;
} else {
realscope = LDAP_SCOPE_SUBTREE;
}
- } else
-#endif /* LDAP_SCOPE_SUBORDINATE */
- {
+ } else {
realscope = LDAP_SCOPE_BASE;
}
break;
/*
* this target is no longer candidate
*/
- return 0;
+ return META_SEARCH_NOT_CANDIDATE;
}
}
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
rs->sr_text = "Operation not allowed";
send_ldap_result( op, rs );
- return -1;
+ return META_SEARCH_ERR;
case REWRITE_REGEXEC_ERR:
/*
* this target is no longer candidate
*/
- return 0;
+ return META_SEARCH_NOT_CANDIDATE;
}
/*
/*
* this target is no longer candidate
*/
- rc = 0;
+ retcode = META_SEARCH_NOT_CANDIDATE;
goto done;
}
/*
* this target is no longer candidate
*/
- rc = 0;
+ retcode = META_SEARCH_NOT_CANDIDATE;
goto done;
}
rc = ldap_search_ext( msc->msc_ld,
mbase.bv_val, realscope, mfilter.bv_val,
mapped_attrs, op->ors_attrsonly,
- op->o_ctrls, NULL, NULL, op->ors_slimit,
+ op->o_ctrls, NULL, tvp, op->ors_slimit,
&candidates[ candidate ].sr_msgid );
if ( rc == LDAP_SUCCESS ) {
- rc = 1;
+ retcode = META_SEARCH_CANDIDATE;
} else {
candidates[ candidate ].sr_msgid = -1;
- rc = 0;
+ retcode = META_SEARCH_NOT_CANDIDATE;
}
done:;
free( mbase.bv_val );
}
- return rc;
+ return retcode;
}
int
metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
metaconn_t *mc;
struct timeval tv = { 0, 0 };
- time_t stoptime;
+ time_t stoptime = (time_t)-1;
LDAPMessage *res = NULL, *e;
int rc = 0, sres = LDAP_SUCCESS;
char *matched = NULL;
- int i, last = 0, ncandidates = 0,
+ int last = 0, ncandidates = 0,
initial_candidates = 0, candidate_match = 0;
+ long i;
dncookie dc;
int is_ok = 0;
void *savepriv;
metasingleconn_t *msc = &mc->mc_conns[ i ];
candidates[ i ].sr_msgid = -1;
-
- if ( candidates[ i ].sr_tag != META_CANDIDATE ) {
- continue;
- }
-
- candidates[ i ].sr_err = LDAP_SUCCESS;
candidates[ i ].sr_matched = NULL;
candidates[ i ].sr_text = NULL;
candidates[ i ].sr_ref = NULL;
candidates[ i ].sr_ctrls = NULL;
+ if ( candidates[ i ].sr_tag != META_CANDIDATE
+ || candidates[ i ].sr_err != LDAP_SUCCESS )
+ {
+ continue;
+ }
+
switch ( meta_back_search_start( op, rs, &dc, msc, i, candidates ) )
{
- case 0:
+ case META_SEARCH_NOT_CANDIDATE:
break;
- case 1:
+ case META_SEARCH_CANDIDATE:
+ candidates[ i ].sr_type = REP_INTERMEDIATE;
++ncandidates;
break;
- case -1:
+ case META_SEARCH_ERR:
rc = -1;
goto finish;
}
#endif
if ( initial_candidates == 0 ) {
- send_ldap_error( op, rs, LDAP_NO_SUCH_OBJECT, NULL );
- /* FIXME: find a way to look up the best match */
-
+ /* NOTE: here we are not sending any matchedDN;
+ * this is intended, because if the back-meta
+ * is serving this search request, but no valid
+ * candidate could be looked up, it means that
+ * there is a hole in the mapping of the targets
+ * and thus no knowledge of any remote superior
+ * is available */
+ Debug( LDAP_DEBUG_ANY, "%s meta_back_search: "
+ "base=\"%s\" scope=%d: "
+ "no candidate could be selected\n",
+ op->o_log_prefix, op->o_req_dn.bv_val,
+ op->ors_scope );
+
+ /* FIXME: we're sending the first error we encounter;
+ * maybe we should pick the worst... */
rc = LDAP_NO_SUCH_OBJECT;
+ for ( i = 0; i < mi->mi_ntargets; i++ ) {
+ if ( candidates[ i ].sr_tag == META_CANDIDATE
+ && candidates[ i ].sr_err != LDAP_SUCCESS )
+ {
+ rc = candidates[ i ].sr_err;
+ break;
+ }
+ }
+
+ send_ldap_error( op, rs, rc, NULL );
+
goto finish;
}
if ( op->ors_tlimit != SLAP_NO_LIMIT ) {
stoptime = op->o_time + op->ors_tlimit;
- tv.tv_sec = 0;
}
/*
* get a LDAP_TIMELIMIT_EXCEEDED from
* one of them ...
*/
+get_result:;
rc = ldap_result( msc->msc_ld, candidates[ i ].sr_msgid,
0, &tv, &res );
} else if ( rc == -1 ) {
really_bad:;
/* something REALLY bad happened! */
- ( void )meta_clear_unused_candidates( op, -1 );
- rs->sr_err = LDAP_OTHER;
- savepriv = op->o_private;
- op->o_private = (void *)i;
- send_ldap_result( op, rs );
- op->o_private = savepriv;
-
- /* anything else needs be done? */
-
- /* FIXME: res should not need to be freed */
- assert( res == NULL );
+ if ( candidates[ i ].sr_type == REP_INTERMEDIATE ) {
+ candidates[ i ].sr_type = REP_RESULT;
+
+ if ( meta_back_retry( op, rs, mc, i, LDAP_BACK_DONTSEND ) ) {
+ switch ( meta_back_search_start( op, rs, &dc, msc, i, candidates ) )
+ {
+ case META_SEARCH_CANDIDATE:
+ goto get_result;
+
+ default:
+ rc = rs->sr_err = LDAP_OTHER;
+ goto finish;
+ }
+ }
+ }
- goto finish;
+ /*
+ * When no candidates are left,
+ * the outer cycle finishes
+ */
+ candidates[ i ].sr_msgid = -1;
+ --ncandidates;
+ rs->sr_err = candidates[ i ].sr_err = LDAP_OTHER;
+ rs->sr_text = "remote server unavailable";
} else if ( rc == LDAP_RES_SEARCH_ENTRY ) {
- if ( --op->ors_slimit == -1 ) {
- ldap_msgfree( res );
- res = NULL;
-
- rs->sr_err = LDAP_SIZELIMIT_EXCEEDED;
- savepriv = op->o_private;
- op->o_private = (void *)i;
- send_ldap_result( op, rs );
- op->o_private = savepriv;
- goto finish;
+ if ( candidates[ i ].sr_type == REP_INTERMEDIATE ) {
+ /* don't retry any more... */
+ candidates[ i ].sr_type = REP_RESULT;
}
is_ok++;
e = ldap_first_entry( msc->msc_ld, res );
savepriv = op->o_private;
op->o_private = (void *)i;
- meta_send_entry( op, rs, mc, i, e );
- op->o_private = savepriv;
-
+ rs->sr_err = meta_send_entry( op, rs, mc, i, e );
ldap_msgfree( res );
res = NULL;
+ switch ( rs->sr_err ) {
+ case LDAP_SIZELIMIT_EXCEEDED:
+ savepriv = op->o_private;
+ op->o_private = (void *)i;
+ send_ldap_result( op, rs );
+ op->o_private = savepriv;
+ rs->sr_err = LDAP_SUCCESS;
+ goto finish;
+
+ case LDAP_UNAVAILABLE:
+ rs->sr_err = LDAP_OTHER;
+ goto finish;
+ }
+ op->o_private = savepriv;
+
gotit = 1;
#if 0
char **references = NULL;
int cnt;
+ if ( candidates[ i ].sr_type == REP_INTERMEDIATE ) {
+ /* don't retry any more... */
+ candidates[ i ].sr_type = REP_RESULT;
+ }
+
is_ok++;
rc = ldap_parse_reference( msc->msc_ld, res,
/* cleanup */
if ( references ) {
- ldap_value_free( references );
+ ber_memvfree( (void **)references );
}
if ( rs->sr_ctrls ) {
char buf[ SLAP_TEXT_BUFLEN ];
char **references = NULL;
+ if ( candidates[ i ].sr_type == REP_INTERMEDIATE ) {
+ /* don't retry any more... */
+ candidates[ i ].sr_type = REP_RESULT;
+ }
+
+ /* NOTE: ignores response controls
+ * (and intermediate response controls
+ * as well, except for those with search
+ * references); this may not be correct,
+ * but if they're not ignored then
+ * back-meta would need to merge them
+ * consistently (think of pagedResults...)
+ */
if ( ldap_parse_result( msc->msc_ld,
res,
&candidates[ i ].sr_err,
(char **)&candidates[ i ].sr_matched,
NULL /* (char **)&candidates[ i ].sr_text */ ,
&references,
- &candidates[ i ].sr_ctrls, 1 ) != LDAP_SUCCESS )
+ NULL /* &candidates[ i ].sr_ctrls (unused) */ ,
+ 1 ) != LDAP_SUCCESS )
{
res = NULL;
ldap_get_option( msc->msc_ld,
LDAP_OPT_ERROR_NUMBER,
&rs->sr_err );
sres = slap_map_api2result( rs );
+ candidates[ i ].sr_type = REP_RESULT;
goto really_bad;
}
/* massage matchedDN if need be */
if ( candidates[ i ].sr_matched != NULL ) {
+#ifndef LDAP_NULL_IS_NULL
if ( candidates[ i ].sr_matched[ 0 ] == '\0' ) {
ldap_memfree( (char *)candidates[ i ].sr_matched );
candidates[ i ].sr_matched = NULL;
- } else {
+ } else
+#endif /* LDAP_NULL_IS_NULL */
+ {
struct berval match, mmatch;
ber_str2bv( candidates[ i ].sr_matched,
0, 0, &match );
+ candidates[ i ].sr_matched = NULL;
dc.ctx = "matchedDN";
dc.target = &mi->mi_targets[ i ];
-
if ( !ldap_back_dn_massage( &dc, &match, &mmatch ) ) {
if ( mmatch.bv_val == match.bv_val ) {
candidates[ i ].sr_matched = ch_strdup( mmatch.bv_val );
}
}
+#ifndef LDAP_NULL_IS_NULL
/* just get rid of the error message, if any */
if ( candidates[ i ].sr_text && candidates[ i ].sr_text[ 0 ] == '\0' )
{
ldap_memfree( (char *)candidates[ i ].sr_text );
candidates[ i ].sr_text = NULL;
}
+#endif /* LDAP_NULL_IS_NULL */
/* add references to array */
if ( references ) {
( void )ldap_back_referral_result_rewrite( &dc, sr_ref );
/* cleanup */
- ldap_value_free( references );
+ ber_memvfree( (void **)references );
if ( rs->sr_v2ref == NULL ) {
rs->sr_v2ref = sr_ref;
sres = slap_map_api2result( rs );
snprintf( buf, sizeof( buf ),
- "%s meta_back_search[%d] "
- "match=\"%s\" err=%d\n",
+ "%s meta_back_search[%ld] "
+ "match=\"%s\" err=%ld\n",
op->o_log_prefix, i,
candidates[ i ].sr_matched ? candidates[ i ].sr_matched : "",
- candidates[ i ].sr_err );
+ (long) candidates[ i ].sr_err );
Debug( LDAP_DEBUG_ANY, "%s", buf, 0, 0 );
switch ( sres ) {
}
if ( gotit == 0 ) {
- tv.tv_sec = 0;
- tv.tv_usec = 100000; /* 0.1 s */
+ LDAP_BACK_TV_SET( &tv );
ldap_pvt_thread_yield();
} else {
* FIXME: only the last one gets caught!
*/
savepriv = op->o_private;
- op->o_private = (void *)mi->mi_ntargets;
+ op->o_private = (void *)(long)mi->mi_ntargets;
if ( candidate_match > 0 ) {
struct berval pmatched = BER_BVNULL;
/* we use the first one */
for ( i = 0; i < mi->mi_ntargets; i++ ) {
if ( candidates[ i ].sr_tag == META_CANDIDATE
- && candidates[ i ].sr_matched )
+ && candidates[ i ].sr_matched != NULL )
{
struct berval bv, pbv;
int rc;
+ /* if we got success, and this target
+ * returned noSuchObject, and its suffix
+ * is a superior of the searchBase,
+ * ignore the matchedDN */
+ if ( sres == LDAP_SUCCESS
+ && candidates[ i ].sr_err == LDAP_NO_SUCH_OBJECT
+ && op->o_req_ndn.bv_len > mi->mi_targets[ i ].mt_nsuffix.bv_len )
+ {
+ free( (char *)candidates[ i ].sr_matched );
+ candidates[ i ].sr_matched = NULL;
+ continue;
+ }
+
ber_str2bv( candidates[ i ].sr_matched, 0, 0, &bv );
rc = dnPretty( NULL, &bv, &pbv, op->o_tmpmemctx );
}
} else if ( sres == LDAP_NO_SUCH_OBJECT ) {
- matched = ch_strdup( op->o_bd->be_suffix[ 0 ].bv_val );
+ matched = op->o_bd->be_suffix[ 0 ].bv_val;
}
#if 0
rs->sr_ref = NULL;
finish:;
- if ( matched ) {
+ if ( matched && matched != op->o_bd->be_suffix[ 0 ].bv_val ) {
op->o_tmpfree( matched, op->o_tmpmemctx );
}
Entry ent = { 0 };
BerElement ber = *e->lm_ber;
Attribute *attr, **attrp;
- struct berval *bv, bdn;
+ struct berval bdn,
+ dn = BER_BVNULL;
const char *text;
dncookie dc;
+ int rc;
if ( ber_scanf( &ber, "{m{", &bdn ) == LBER_ERROR ) {
return LDAP_DECODING_ERROR;
dc.rs = rs;
dc.ctx = "searchResult";
- rs->sr_err = ldap_back_dn_massage( &dc, &bdn, &ent.e_name );
+ rs->sr_err = ldap_back_dn_massage( &dc, &bdn, &dn );
if ( rs->sr_err != LDAP_SUCCESS) {
return rs->sr_err;
}
*
* FIXME: should we log anything, or delegate to dnNormalize?
*/
- if ( dnNormalize( 0, NULL, NULL, &ent.e_name, &ent.e_nname,
- op->o_tmpmemctx ) != LDAP_SUCCESS )
- {
+ rc = dnPrettyNormal( NULL, &dn, &ent.e_name, &ent.e_nname,
+ op->o_tmpmemctx );
+ if ( dn.bv_val != bdn.bv_val ) {
+ free( dn.bv_val );
+ }
+ BER_BVZERO( &dn );
+
+ if ( rc != LDAP_SUCCESS ) {
return LDAP_INVALID_DN_SYNTAX;
}
dc.ctx = "searchAttrDN";
while ( ber_scanf( &ber, "{m", &a ) != LBER_ERROR ) {
- int last = 0;
+ int last = 0;
+ slap_syntax_validate_func *validate;
+ slap_syntax_transform_func *pretty;
ldap_back_map( &mi->mi_targets[ target ].mt_rwmap.rwm_at,
&a, &mapped, BACKLDAP_REMAP );
if ( BER_BVISNULL( &mapped ) || mapped.bv_val[0] == '\0' ) {
+ ( void )ber_scanf( &ber, "x" /* [W] */ );
continue;
}
- attr = ( Attribute * )ch_malloc( sizeof( Attribute ) );
+ attr = ( Attribute * )ch_calloc( 1, sizeof( Attribute ) );
if ( attr == NULL ) {
continue;
}
- attr->a_flags = 0;
- attr->a_next = 0;
- attr->a_desc = NULL;
if ( slap_bv2ad( &mapped, &attr->a_desc, &text )
!= LDAP_SUCCESS) {
- if ( slap_bv2undef_ad( &mapped, &attr->a_desc, &text )
- != LDAP_SUCCESS )
+ if ( slap_bv2undef_ad( &mapped, &attr->a_desc, &text,
+ SLAP_AD_PROXIED ) != LDAP_SUCCESS )
{
char buf[ SLAP_TEXT_BUFLEN ];
}
/* no subschemaSubentry */
- if ( attr->a_desc == slap_schema.si_ad_subschemaSubentry ) {
+ if ( attr->a_desc == slap_schema.si_ad_subschemaSubentry
+ || attr->a_desc == slap_schema.si_ad_entryDN )
+ {
/*
* We eat target's subschemaSubentry because
* to resolve to the appropriate backend;
* later, the local subschemaSubentry is
* added.
+ *
+ * We also eat entryDN because the frontend
+ * will reattach it without checking if already
+ * present...
*/
( void )ber_scanf( &ber, "x" /* [W] */ );
{
attr->a_vals = (struct berval *)&slap_dummy_bv;
- } else if ( attr->a_desc == slap_schema.si_ad_objectClass
+ } else {
+ for ( last = 0; !BER_BVISNULL( &attr->a_vals[ last ] ); ++last )
+ ;
+ }
+
+ validate = attr->a_desc->ad_type->sat_syntax->ssyn_validate;
+ pretty = attr->a_desc->ad_type->sat_syntax->ssyn_pretty;
+
+ if ( !validate && !pretty ) {
+ attr_free( attr );
+ goto next_attr;
+ }
+
+ if ( attr->a_desc == slap_schema.si_ad_objectClass
|| attr->a_desc == slap_schema.si_ad_structuralObjectClass )
{
- for ( last = 0; !BER_BVISNULL( &attr->a_vals[ last ] ); ++last );
+ struct berval *bv;
for ( bv = attr->a_vals; !BER_BVISNULL( bv ); bv++ ) {
ldap_back_map( &mi->mi_targets[ target ].mt_rwmap.rwm_oc,
* ACLs to the target directory server, and letting
* everything pass thru the ldap backend.
*/
- } else if ( attr->a_desc->ad_type->sat_syntax ==
+ } else {
+ int i;
+
+ if ( attr->a_desc->ad_type->sat_syntax ==
slap_schema.si_syn_distinguishedName )
- {
- ldap_dnattr_result_rewrite( &dc, attr->a_vals );
+ {
+ ldap_dnattr_result_rewrite( &dc, attr->a_vals );
+
+ } else if ( attr->a_desc == slap_schema.si_ad_ref ) {
+ ldap_back_referral_result_rewrite( &dc, attr->a_vals );
+
+ }
+
+ for ( i = 0; i < last; i++ ) {
+ struct berval pval;
+ int rc;
+
+ if ( pretty ) {
+ rc = pretty( attr->a_desc->ad_type->sat_syntax,
+ &attr->a_vals[i], &pval, NULL );
+
+ } else {
+ rc = validate( attr->a_desc->ad_type->sat_syntax,
+ &attr->a_vals[i] );
+ }
+
+ if ( rc ) {
+ LBER_FREE( attr->a_vals[i].bv_val );
+ if ( --last == i ) {
+ BER_BVZERO( &attr->a_vals[ i ] );
+ break;
+ }
+ attr->a_vals[i] = attr->a_vals[last];
+ BER_BVZERO( &attr->a_vals[last] );
+ i--;
+ continue;
+ }
+
+ if ( pretty ) {
+ LBER_FREE( attr->a_vals[i].bv_val );
+ attr->a_vals[i] = pval;
+ }
+ }
- } else if ( attr->a_desc == slap_schema.si_ad_ref ) {
- ldap_back_referral_result_rewrite( &dc, attr->a_vals );
+ if ( last == 0 && attr->a_vals != &slap_dummy_bv ) {
+ attr_free( attr );
+ goto next_attr;
+ }
}
if ( last && attr->a_desc->ad_type->sat_equality &&
- attr->a_desc->ad_type->sat_equality->smr_normalize ) {
+ attr->a_desc->ad_type->sat_equality->smr_normalize )
+ {
int i;
attr->a_nvals = ch_malloc( ( last + 1 ) * sizeof( struct berval ) );
*attrp = attr;
attrp = &attr->a_next;
+next_attr:;
}
rs->sr_entry = &ent;
rs->sr_attrs = op->ors_attrs;
rs->sr_flags = 0;
- send_search_entry( op, rs );
+ rc = send_search_entry( op, rs );
+ switch ( rc ) {
+ case LDAP_UNAVAILABLE:
+ rc = LDAP_OTHER;
+ break;
+ }
rs->sr_entry = NULL;
rs->sr_attrs = NULL;
if ( !BER_BVISNULL( &ent.e_name ) ) {
- if ( ent.e_name.bv_val != bdn.bv_val ) {
- free( ent.e_name.bv_val );
- }
+ free( ent.e_name.bv_val );
BER_BVZERO( &ent.e_name );
}
if ( !BER_BVISNULL( &ent.e_nname ) ) {
}
entry_clean( &ent );
- return LDAP_SUCCESS;
+ return rc;
}