#include "lutil.h"
#include "lber_pvt.h"
-#include "ldap_rq.h"
-
#ifdef LDAP_SLAPI
#include "slapi/slapi.h"
return -1;
}
- for( bi=slap_binfo; bi->bi_type != NULL; bi++,nBackendInfo++ )
- {
+ for( bi=slap_binfo; bi->bi_type != NULL; bi++,nBackendInfo++ ) {
assert( bi->bi_init );
rc = bi->bi_init( bi );
}
return rc;
}
+
LDAP_STAILQ_INSERT_TAIL(&backendInfo, bi, bi_next);
}
(void)backend_init_controls( bi );
}
- ldap_pvt_thread_mutex_init( &slapd_rq.rq_mutex );
- LDAP_STAILQ_INIT( &slapd_rq.task_list );
- LDAP_STAILQ_INIT( &slapd_rq.run_list );
-
/* open each backend database */
i = -1;
LDAP_STAILQ_FOREACH(be, &backendDB, be_next) {
i, be->bd_info->bi_type, 0 );
}
/* append global access controls */
- acl_append( &be->be_acl, frontendDB->be_acl );
+ acl_append( &be->be_acl, frontendDB->be_acl, -1 );
rc = backend_startup_one( be );
if ( rc ) return rc;
-
-
- if ( be->be_syncinfo ) {
- syncinfo_t *si;
-
- if ( !( be->be_search && be->be_add &&
- be->be_modify && be->be_delete )) {
- Debug( LDAP_DEBUG_ANY,
- "backend_startup: database(%d) does not support "
- "operations required for syncrepl", i, 0, 0 );
- continue;
- }
-
- {
- si = be->be_syncinfo;
- si->si_be = be;
- init_syncrepl( si );
- ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
- ldap_pvt_runqueue_insert( &slapd_rq,
- si->si_interval, do_syncrepl, (void *) si );
- ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
- }
- }
}
return rc;
return 0;
}
+void backend_destroy_one( BackendDB *bd )
+{
+ LDAP_STAILQ_REMOVE(&backendDB, bd, slap_backend_db, be_next );
+
+ if ( bd->be_syncinfo ) {
+ syncinfo_free( bd->be_syncinfo );
+ }
+
+ if ( bd->be_pending_csn_list ) {
+ struct slap_csn_entry *csne;
+ csne = LDAP_TAILQ_FIRST( bd->be_pending_csn_list );
+ while ( csne ) {
+ struct slap_csn_entry *tmp_csne = csne;
+
+ LDAP_TAILQ_REMOVE( bd->be_pending_csn_list, csne, ce_csn_link );
+ ch_free( csne->ce_csn.bv_val );
+ csne = LDAP_TAILQ_NEXT( csne, ce_csn_link );
+ ch_free( tmp_csne );
+ }
+ }
+
+ if ( bd->bd_info->bi_db_destroy ) {
+ bd->bd_info->bi_db_destroy( bd );
+ }
+ ber_bvarray_free( bd->be_suffix );
+ ber_bvarray_free( bd->be_nsuffix );
+ if ( !BER_BVISNULL( &bd->be_rootdn ) ) {
+ free( bd->be_rootdn.bv_val );
+ }
+ if ( !BER_BVISNULL( &bd->be_rootndn ) ) {
+ free( bd->be_rootndn.bv_val );
+ }
+ if ( !BER_BVISNULL( &bd->be_rootpw ) ) {
+ free( bd->be_rootpw.bv_val );
+ }
+ acl_destroy( bd->be_acl, frontendDB->be_acl );
+ free( bd );
+}
+
int backend_destroy(void)
{
int i;
BackendDB *bd;
BackendInfo *bi;
- struct slap_csn_entry *csne;
/* destroy each backend database */
while (( bd = LDAP_STAILQ_FIRST(&backendDB))) {
- LDAP_STAILQ_REMOVE_HEAD(&backendDB, be_next);
-
- if ( bd->be_syncinfo ) {
- syncinfo_free( bd->be_syncinfo );
- }
-
- if ( bd->be_pending_csn_list ) {
- csne = LDAP_TAILQ_FIRST( bd->be_pending_csn_list );
- while ( csne ) {
- struct slap_csn_entry *tmp_csne = csne;
-
- LDAP_TAILQ_REMOVE( bd->be_pending_csn_list, csne, ce_csn_link );
- ch_free( csne->ce_csn.bv_val );
- csne = LDAP_TAILQ_NEXT( csne, ce_csn_link );
- ch_free( tmp_csne );
- }
- }
-
- if ( bd->bd_info->bi_db_destroy ) {
- bd->bd_info->bi_db_destroy( bd );
- }
- ber_bvarray_free( bd->be_suffix );
- ber_bvarray_free( bd->be_nsuffix );
- if ( !BER_BVISNULL( &bd->be_rootdn ) ) {
- free( bd->be_rootdn.bv_val );
- }
- if ( !BER_BVISNULL( &bd->be_rootndn ) ) {
- free( bd->be_rootndn.bv_val );
- }
- if ( !BER_BVISNULL( &bd->be_rootpw ) ) {
- free( bd->be_rootpw.bv_val );
- }
- acl_destroy( bd->be_acl, frontendDB->be_acl );
- free( bd );
+ backend_destroy_one( bd );
}
/* destroy each backend type */
{
int i, j;
ber_len_t len, dnlen = dn->bv_len;
- Backend *be, *b2;
+ Backend *be, *b2 = NULL;
LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) {
if ( be->be_nsuffix == NULL ) {
LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) {
if ( be->be_connection_init ) {
- be->be_connection_init( be, conn);
+ be->be_connection_init( be, conn );
}
}
break;
case LDAP_COMPARE_FALSE:
- if ( !op->o_bd->be_ctrls[ cid ] )
- {
+ if ( !op->o_bd->be_ctrls[cid] && (*ctrls)->ldctl_iscritical ) {
/* Per RFC 2251 (and LDAPBIS discussions), if the control
* is recognized and appropriate for the operation (which
* we've already verified), then the server should make
* use of the control when performing the operation.
*
* Here we find that operation extended by the control
- * is not unavailable in a particular context, hence the
- * return of unwillingToPerform.
+ * is unavailable in a particular context, and the control
+ * is marked Critical, hence the return of
+ * unwillingToPerform.
*/
- rs->sr_text = "control unavailable in context";
+ rs->sr_text = "critical control unavailable in context";
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
goto done;
}
default:
/* unreachable */
+ Debug( LDAP_DEBUG_ANY,
+ "backend_check_controls: unable to check control: %s\n",
+ (*ctrls)->ldctl_oid, 0, 0 );
+ assert( 0 );
+
rs->sr_text = "unable to check control";
rs->sr_err = LDAP_OTHER;
goto done;
}
}
+ /* check should be generalized */
+ if( get_manageDIT(op) && !be_isroot(op)) {
+ rs->sr_text = "requires manager authorization";
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ }
+
done:;
return rs->sr_err;
}
}
#ifdef SLAP_X_LISTENER_MOD
- if ( op->o_conn->c_listener && ! ( op->o_conn->c_listener->sl_perms & ( !BER_BVISEMPTY( &op->o_ndn ) ? S_IWUSR : S_IWOTH ) ) ) {
+ if ( op->o_conn->c_listener &&
+ ! ( op->o_conn->c_listener->sl_perms & ( !BER_BVISEMPTY( &op->o_ndn )
+ ? (S_IWUSR|S_IWOTH) : S_IWOTH ) ) )
+ {
/* no "w" mode means readonly */
rs->sr_text = "modifications not allowed on this listener";
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
if ( !starttls && !updateop ) {
if ( op->o_conn->c_listener &&
!( op->o_conn->c_listener->sl_perms &
- ( !BER_BVISEMPTY( &op->o_dn ) ? S_IRUSR : S_IROTH )))
+ ( !BER_BVISEMPTY( &op->o_dn )
+ ? (S_IRUSR|S_IROTH) : S_IROTH )))
{
/* no "r" mode means no read */
rs->sr_text = "read not allowed on this listener";
}
if ( rc == 0 ) {
- rc = 1;
+ rc = LDAP_COMPARE_FALSE;
for ( i = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ ) {
if ( ldap_url_parse( a->a_vals[i].bv_val, &ludp ) !=
LDAP_URL_SUCCESS )
SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
a->a_nvals, op_ndn, op->o_tmpmemctx );
+ if ( rc == LDAP_NO_SUCH_ATTRIBUTE )
+ rc = LDAP_COMPARE_FALSE;
}
} else {
rc = LDAP_NO_SUCH_ATTRIBUTE;
if ( a ) {
BerVarray v;
- if ( op->o_conn && access > ACL_NONE && access_allowed( op,
- e, entry_at, NULL, access,
- &acl_state ) == 0 ) {
+ if ( op->o_conn && access > ACL_NONE &&
+ access_allowed( op, e, entry_at, NULL,
+ access, &acl_state ) == 0 )
+ {
rc = LDAP_INSUFFICIENT_ACCESS;
goto freeit;
}
v = op->o_tmpalloc( sizeof(struct berval) * ( i + 1 ),
op->o_tmpmemctx );
- for ( i = 0,j = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ )
+ for ( i = 0, j = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ )
{
if ( op->o_conn && access > ACL_NONE &&
- access_allowed( op, e,
- entry_at,
+ access_allowed( op, e, entry_at,
&a->a_nvals[i],
access,
&acl_state ) == 0 )
* add them to the attribute list
*/
if ( SLAP_OPATTRS( rs->sr_attr_flags ) || ( rs->sr_attrs &&
- ad_inlist( slap_schema.si_ad_entryDN, rs->sr_attrs )))
+ ad_inlist( slap_schema.si_ad_entryDN, rs->sr_attrs ) ) )
{
*ap = slap_operational_entryDN( rs->sr_entry );
ap = &(*ap)->a_next;
}
if ( SLAP_OPATTRS( rs->sr_attr_flags ) || ( rs->sr_attrs &&
- ad_inlist( slap_schema.si_ad_subschemaSubentry, rs->sr_attrs )))
+ ad_inlist( slap_schema.si_ad_subschemaSubentry, rs->sr_attrs ) ) )
{
*ap = slap_operational_subschemaSubentry( op->o_bd );
ap = &(*ap)->a_next;
/* Let the overlays have a chance at this */
be_orig = op->o_bd;
- if ( SLAP_ISOVERLAY( be_orig ))
+ if ( SLAP_ISOVERLAY( be_orig ) )
op->o_bd = select_backend( be_orig->be_nsuffix, 0, 0 );
- if (( SLAP_OPATTRS( rs->sr_attr_flags ) || rs->sr_attrs ) &&
+ if ( ( SLAP_OPATTRS( rs->sr_attr_flags ) || rs->sr_attrs ) &&
op->o_bd && op->o_bd->be_operational != NULL )
{
rc = op->o_bd->be_operational( op, rs );