}
}
- bsi->bsi_abandon = 0;
bsi->bsi_id_list = NULL;
bsi->bsi_id_listtail = &bsi->bsi_id_list;
bsi->bsi_n_candidates = 0;
bsi->bsi_filter_oc = NULL;
if ( BACKSQL_IS_GET_ID( flags ) ) {
+ int matched = BACKSQL_IS_MATCHED( flags );
+ int getentry = BACKSQL_IS_GET_ENTRY( flags );
+ int gotit = 0;
+
assert( op->o_bd->be_private );
rc = backsql_dn2id( op, rs, dbh, nbase, &bsi->bsi_base_id,
- BACKSQL_IS_MATCHED( flags ), 1 );
+ matched, 1 );
+
+ /* the entry is collected either if requested for by getentry
+ * or if get noSuchObject and requested to climb the tree,
+ * so that a matchedDN or a referral can be returned */
+ if ( ( rc == LDAP_NO_SUCH_OBJECT && matched ) || getentry ) {
+ if ( !BER_BVISNULL( &bsi->bsi_base_id.eid_ndn ) ) {
+ assert( bsi->bsi_e != NULL );
+
+ if ( dn_match( nbase, &bsi->bsi_base_id.eid_ndn ) )
+ {
+ gotit = 1;
+ }
+
+ /*
+ * let's see if it is a referral and, in case, get it
+ */
+ backsql_attrlist_add( bsi, slap_schema.si_ad_ref );
+ rc = backsql_id2entry( bsi, &bsi->bsi_base_id );
+ if ( rc == LDAP_SUCCESS ) {
+ if ( is_entry_referral( bsi->bsi_e ) )
+ {
+ BerVarray erefs = get_entry_referrals( op, bsi->bsi_e );
+ if ( erefs ) {
+ rc = rs->sr_err = LDAP_REFERRAL;
+ rs->sr_ref = referral_rewrite( erefs,
+ &bsi->bsi_e->e_nname,
+ &op->o_req_dn,
+ scope );
+ ber_bvarray_free( erefs );
+
+ } else {
+ rc = rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "bad referral object";
+ }
+
+ } else if ( !gotit ) {
+ rc = rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ }
+ }
+
+ } else {
+ rs->sr_ref = referral_rewrite( default_referral,
+ NULL, &op->o_req_dn, scope );
+ rc = rs->sr_err = LDAP_REFERRAL;
+ }
+ }
}
bsi->bsi_status = rc;
backsql_merge_from_tbls( bsi, &ldap_entry_objclasses );
backsql_strfcat( &bsi->bsi_flt_where, "lbl",
- (ber_len_t)STRLENOF( "2=2 OR (ldap_entries.id=ldap_entry_objclasses.entry_id AND ldap_entry_objclasses.oc_name='" /* ') */ ),
- "2=2 OR (ldap_entries.id=ldap_entry_objclasses.entry_id AND ldap_entry_objclasses.oc_name='" /* ') */,
+ (ber_len_t)STRLENOF( "(2=2 OR (ldap_entries.id=ldap_entry_objclasses.entry_id AND ldap_entry_objclasses.oc_name='" /* ')) */ ),
+ "(2=2 OR (ldap_entries.id=ldap_entry_objclasses.entry_id AND ldap_entry_objclasses.oc_name='" /* ')) */,
&bsi->bsi_oc->bom_oc->soc_cname,
- (ber_len_t)STRLENOF( /* (' */ "')" ),
- /* (' */ "')" );
+ (ber_len_t)STRLENOF( /* ((' */ "'))" ),
+ /* ((' */ "'))" );
bsi->bsi_status = LDAP_SUCCESS;
rc = 1;
goto done;
&bsi->bsi_oc->bom_oc->soc_cname,
'\'' );
}
-#ifdef BACKSQL_ALIASING_QUOTE
- backsql_strfcat( &bsi->bsi_sel, "lclcl",
- (ber_len_t)STRLENOF( " " BACKSQL_ALIASING ),
- " " BACKSQL_ALIASING,
- BACKSQL_ALIASING_QUOTE,
- (ber_len_t)STRLENOF( "objectClass" ),
- "objectClass",
- BACKSQL_ALIASING_QUOTE,
- (ber_len_t)STRLENOF( ",ldap_entries.dn " BACKSQL_ALIASING "dn" ),
- ",ldap_entries.dn " BACKSQL_ALIASING "dn" );
-#else /* ! BACKSQL_ALIASING_QUOTE */
backsql_strfcat( &bsi->bsi_sel, "l",
- (ber_len_t)STRLENOF( " " BACKSQL_ALIASING "objectClass,ldap_entries.dn " BACKSQL_ALIASING "dn" ),
- " " BACKSQL_ALIASING "objectClass,ldap_entries.dn " BACKSQL_ALIASING "dn" );
-#endif /* ! BACKSQL_ALIASING_QUOTE */
+ (ber_len_t)STRLENOF( " " BACKSQL_ALIASING
+ BACKSQL_ALIASING_QUOTE "objectClass" BACKSQL_ALIASING_QUOTE
+ ",ldap_entries.dn " BACKSQL_ALIASING BACKSQL_ALIASING_QUOTE "dn" BACKSQL_ALIASING_QUOTE ),
+ " " BACKSQL_ALIASING
+ BACKSQL_ALIASING_QUOTE "objectClass" BACKSQL_ALIASING_QUOTE
+ ",ldap_entries.dn " BACKSQL_ALIASING BACKSQL_ALIASING_QUOTE "dn" BACKSQL_ALIASING_QUOTE );
backsql_strfcat( &bsi->bsi_from, "lb",
(ber_len_t)STRLENOF( " FROM ldap_entries," ),
{
backsql_oc_map_rec *oc = v_oc;
backsql_srch_info *bsi = v_bsi;
+ Operation *op = bsi->bsi_op;
backsql_info *bi = (backsql_info *)bsi->bsi_op->o_bd->be_private;
struct berval query;
SQLHSTMT sth = SQL_NULL_HSTMT;
Debug( LDAP_DEBUG_TRACE, "==>backsql_oc_get_candidates(): oc=\"%s\"\n",
BACKSQL_OC_NAME( oc ), 0, 0 );
+ /* check for abandon */
+ if ( op->o_abandon ) {
+ bsi->bsi_status = SLAPD_ABANDON;
+ return BACKSQL_AVL_STOP;
+ }
+
if ( bsi->bsi_n_candidates == -1 ) {
Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
"unchecked limit has been overcome\n", 0, 0, 0 );
continue;
}
- ret = dnPrettyNormal( NULL, &dn, &pdn, &ndn, NULL );
+ ret = dnPrettyNormal( NULL, &dn, &pdn, &ndn, op->o_tmpmemctx );
if ( dn.bv_val != row.cols[ 3 ] ) {
free( dn.bv_val );
}
}
if ( bi->sql_baseObject && dn_match( &ndn, &bi->sql_baseObject->e_nname ) ) {
- free( pdn.bv_val );
- free( ndn.bv_val );
+ op->o_tmpfree( pdn.bv_val, op->o_tmpmemctx );
+ op->o_tmpfree( ndn.bv_val, op->o_tmpmemctx );
continue;
}
c_id = (backsql_entryID *)ch_calloc( 1,
sizeof( backsql_entryID ) );
#ifdef BACKSQL_ARBITRARY_KEY
- ber_str2bv( row.cols[ 0 ], 0, 1, &c_id->eid_id );
- ber_str2bv( row.cols[ 1 ], 0, 1, &c_id->eid_keyval );
+ ber_str2bv_x( row.cols[ 0 ], 0, 1, &c_id->eid_id,
+ op->o_tmpmemctx );
+ ber_str2bv_x( row.cols[ 1 ], 0, 1, &c_id->eid_keyval,
+ op->o_tmpmemctx );
#else /* ! BACKSQL_ARBITRARY_KEY */
c_id->eid_id = strtol( row.cols[ 0 ], NULL, 0 );
c_id->eid_keyval = strtol( row.cols[ 1 ], NULL, 0 );
backsql_info *bi = (backsql_info *)op->o_bd->be_private;
SQLHDBC dbh = SQL_NULL_HDBC;
int sres;
- Entry user_entry = { 0 };
- int manageDSAit;
+ Entry user_entry = { 0 },
+ base_entry = { 0 };
+ int manageDSAit = get_manageDSAit( op );
time_t stoptime = 0;
- backsql_srch_info bsi;
+ backsql_srch_info bsi = { 0 };
backsql_entryID *eid = NULL;
- struct berval nbase = BER_BVNULL,
- realndn = BER_BVNULL;
-
- manageDSAit = get_manageDSAit( op );
+ struct berval nbase = BER_BVNULL;
Debug( LDAP_DEBUG_TRACE, "==>backsql_search(): "
"base=\"%s\", filter=\"%s\", scope=%d,",
/* compute it anyway; root does not use it */
stoptime = op->o_time + op->ors_tlimit;
- realndn = op->o_req_ndn;
- if ( backsql_api_dn2odbc( op, rs, &realndn ) ) {
- Debug( LDAP_DEBUG_TRACE, " backsql_search(\"%s\"): "
- "backsql_api_dn2odbc(\"%s\") failed\n",
- op->o_req_ndn.bv_val, realndn.bv_val, 0 );
- rs->sr_err = LDAP_OTHER;
- rs->sr_text = "SQL-backend error";
- send_ldap_result( op, rs );
- goto done;
- }
-
/* init search */
- rs->sr_err = backsql_init_search( &bsi, &realndn,
+ bsi.bsi_e = &base_entry;
+ rs->sr_err = backsql_init_search( &bsi, &op->o_req_ndn,
op->ors_scope,
op->ors_slimit, op->ors_tlimit,
stoptime, op->ors_filter,
dbh, op, rs, op->ors_attrs,
- BACKSQL_ISF_GET_ID );
- if ( rs->sr_err != LDAP_SUCCESS ) {
- send_ldap_result( op, rs );
- goto done;
+ ( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY ) );
+ switch ( rs->sr_err ) {
+ case LDAP_SUCCESS:
+ break;
- } else {
- Entry e = { 0 };
+ case LDAP_REFERRAL:
+ if ( manageDSAit && !BER_BVISNULL( &bsi.bsi_e->e_nname ) &&
+ dn_match( &op->o_req_ndn, &bsi.bsi_e->e_nname ) )
+ {
+ rs->sr_err = LDAP_SUCCESS;
+ rs->sr_text = NULL;
+ rs->sr_matched = NULL;
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+ break;
+ }
+ /* fall thru */
- e.e_name = bsi.bsi_base_id.eid_dn;
- e.e_nname = bsi.bsi_base_id.eid_ndn;
- /* FIXME: need the whole entry (ITS#3480) */
- if ( ! access_allowed( op, &e, slap_schema.si_ad_entry,
- NULL, ACL_DISCLOSE, NULL ) )
+ default:
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ if ( !BER_BVISNULL( &base_entry.e_nname )
+ && ! access_allowed( op, &base_entry,
+ slap_schema.si_ad_entry, NULL,
+ ACL_DISCLOSE, NULL ) )
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ if ( rs->sr_ref ) {
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ }
+ rs->sr_matched = NULL;
+ rs->sr_text = NULL;
+ }
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+
+ send_ldap_result( op, rs );
+ goto done;
+
+ }
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ /* NOTE: __NEW__ "search" access is required
+ * on searchBase object */
+ {
+ slap_mask_t mask;
+
+ if ( get_assert( op ) &&
+ ( test_filter( op, &base_entry, get_assertion( op ) )
+ != LDAP_COMPARE_TRUE ) )
+ {
+ rs->sr_err = LDAP_ASSERTION_FAILED;
+
+ }
+ if ( ! access_allowed_mask( op, &base_entry,
+ slap_schema.si_ad_entry,
+ NULL, ACL_SEARCH, NULL, &mask ) )
+ {
+ if ( rs->sr_err == LDAP_SUCCESS ) {
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ }
+ }
+
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ if ( !ACL_GRANT( mask, ACL_DISCLOSE ) ) {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ rs->sr_text = NULL;
+ }
send_ldap_result( op, rs );
goto done;
}
}
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+
+ bsi.bsi_e = NULL;
bsi.bsi_n_candidates =
( op->ors_limit == NULL /* isroot == TRUE */ ? -2 :
*/
avl_apply( bi->sql_oc_by_oc, backsql_oc_get_candidates,
&bsi, BACKSQL_AVL_STOP, AVL_INORDER );
+
+ /* check for abandon */
+ if ( op->o_abandon ) {
+ rs->sr_err = SLAPD_ABANDON;
+ goto send_results;
+ }
}
if ( op->ors_limit != NULL /* isroot == FALSE */
*/
for ( eid = bsi.bsi_id_list;
eid != NULL;
- eid = backsql_free_entryID( eid, eid == &bsi.bsi_base_id ? 0 : 1 ) )
+ eid = backsql_free_entryID( op,
+ eid, eid == &bsi.bsi_base_id ? 0 : 1 ) )
{
int rc;
Attribute *a_hasSubordinate = NULL,
/* check for abandon */
if ( op->o_abandon ) {
- break;
+ rs->sr_err = SLAPD_ABANDON;
+ goto send_results;
}
/* check time limit */
rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
rs->sr_ctrls = NULL;
rs->sr_ref = rs->sr_v2ref;
- rs->sr_err = (rs->sr_v2ref == NULL) ? LDAP_SUCCESS
- : LDAP_REFERRAL;
- send_ldap_result( op, rs );
- goto end_of_search;
+ goto send_results;
}
#ifdef BACKSQL_ARBITRARY_KEY
case LDAP_SCOPE_SUBTREE:
/* FIXME: this should never fail... */
if ( !dnIsSuffix( &eid->eid_ndn, &op->o_req_ndn ) ) {
+ assert( 0 );
goto next_entry2;
}
break;
}
- /* don't recollect baseObject ... */
if ( BACKSQL_IS_BASEOBJECT_ID( &eid->eid_id ) ) {
+ /* don't recollect baseObject... */
e = bi->sql_baseObject;
+ } else if ( eid == &bsi.bsi_base_id ) {
+ /* don't recollect searchBase object... */
+ e = &base_entry;
+
} else {
bsi.bsi_e = &user_entry;
rc = backsql_id2entry( &bsi, eid );
"- skipping\n", rc, 0, 0 );
continue;
}
-
e = &user_entry;
}
Entry user_entry2 = { 0 };
/* retry with the full entry... */
- (void)backsql_init_search( &bsi2,
+ bsi2.bsi_e = &user_entry2;
+ rc = backsql_init_search( &bsi2,
&e->e_nname,
LDAP_SCOPE_BASE,
SLAP_NO_LIMIT, SLAP_NO_LIMIT,
(time_t)(-1), NULL,
- dbh, op, rs, NULL, 0 );
- bsi2.bsi_e = &user_entry2;
- rc = backsql_id2entry( &bsi2, eid );
+ dbh, op, rs, NULL,
+ BACKSQL_ISF_GET_ENTRY );
if ( rc == LDAP_SUCCESS ) {
if ( is_entry_referral( &user_entry2 ) )
{
refs = get_entry_referrals( op,
&user_entry2 );
- } /* else: FIXME: inconsistency! */
+ } else {
+ rs->sr_err = LDAP_OTHER;
+ }
entry_clean( &user_entry2 );
}
if ( bsi2.bsi_attrs != NULL ) {
ber_bvarray_free( refs );
}
- if ( !rs->sr_ref ) {
+ if ( rs->sr_ref ) {
+ rs->sr_err = LDAP_REFERRAL;
+
+ } else {
rs->sr_text = "bad referral object";
}
rs->sr_entry = e;
- rs->sr_err = LDAP_REFERRAL;
rs->sr_matched = user_entry.e_name.bv_val;
send_search_reference( op, rs );
rs->sr_attrs = NULL;
rs->sr_operational_attrs = NULL;
- switch ( sres ) {
- case 0:
- break;
-
- default:
+ if ( sres == -1 ) {
/*
* FIXME: send_search_entry failed;
* better stop
*/
- case -1:
Debug( LDAP_DEBUG_TRACE, "backsql_search(): "
"connection lost\n", 0, 0, 0 );
goto end_of_search;
}
next_entry:;
- entry_clean( &user_entry );
+ if ( e == &user_entry ) {
+ entry_clean( &user_entry );
+ }
next_entry2:;
if ( op->ors_slimit != SLAP_NO_LIMIT
&& rs->sr_nentries >= op->ors_slimit )
{
rs->sr_err = LDAP_SIZELIMIT_EXCEEDED;
- send_ldap_result( op, rs );
- goto end_of_search;
+ goto send_results;
}
}
end_of_search:;
- /* in case we got here accidentally */
- entry_clean( &user_entry );
-
if ( rs->sr_nentries > 0 ) {
rs->sr_ref = rs->sr_v2ref;
rs->sr_err = (rs->sr_v2ref == NULL) ? LDAP_SUCCESS
} else {
rs->sr_err = bsi.bsi_status;
}
- send_ldap_result( op, rs );
+
+send_results:;
+ if ( rs->sr_err != SLAPD_ABANDON ) {
+ send_ldap_result( op, rs );
+ }
+
+ entry_clean( &base_entry );
+
+ /* in case we got here accidentally */
+ entry_clean( &user_entry );
if ( rs->sr_v2ref ) {
ber_bvarray_free( rs->sr_v2ref );
#endif /* BACKSQL_SYNCPROV */
done:;
- if ( !BER_BVISNULL( &realndn ) && realndn.bv_val != op->o_req_ndn.bv_val ) {
- ch_free( realndn.bv_val );
- }
-
- if ( !BER_BVISNULL( &bsi.bsi_base_id.eid_ndn ) ) {
- (void)backsql_free_entryID( &bsi.bsi_base_id, 0 );
- }
+ (void)backsql_free_entryID( op, &bsi.bsi_base_id, 0 );
if ( bsi.bsi_attrs != NULL ) {
op->o_tmpfree( bsi.bsi_attrs, op->o_tmpmemctx );
}
Debug( LDAP_DEBUG_TRACE, "<==backsql_search()\n", 0, 0, 0 );
- return 0;
+
+ return rs->sr_err;
}
/* return LDAP_SUCCESS IFF we can retrieve the specified entry.
int rw,
Entry **ent )
{
- backsql_srch_info bsi;
+ backsql_srch_info bsi = { 0 };
SQLHDBC dbh = SQL_NULL_HDBC;
int rc;
SlapReply rs = { 0 };
AttributeName anlist[ 2 ];
+ *ent = NULL;
+
rc = backsql_get_db_conn( op, &dbh );
if ( !dbh ) {
return LDAP_OTHER;
BER_BVZERO( &anlist[ 1 ].an_name );
}
+ bsi.bsi_e = ch_malloc( sizeof( Entry ) );
rc = backsql_init_search( &bsi,
ndn,
LDAP_SCOPE_BASE,
SLAP_NO_LIMIT, SLAP_NO_LIMIT,
(time_t)(-1), NULL,
dbh, op, &rs, at ? anlist : NULL,
- BACKSQL_ISF_GET_ID );
- if ( rc != LDAP_SUCCESS ) {
- return rc;
- }
-
- bsi.bsi_e = ch_malloc( sizeof( Entry ) );
- rc = backsql_id2entry( &bsi, &bsi.bsi_base_id );
+ BACKSQL_ISF_GET_ENTRY );
if ( !BER_BVISNULL( &bsi.bsi_base_id.eid_ndn ) ) {
- (void)backsql_free_entryID( &bsi.bsi_base_id, 0 );
+ (void)backsql_free_entryID( op, &bsi.bsi_base_id, 0 );
}
if ( rc == LDAP_SUCCESS ) {
projects / openldap / blobdiff