/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2009 The OpenLDAP Foundation.
+ * Copyright 2001-2012 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#define SLAPD_TOOLS
#include "slap.h"
+#include "lutil.h"
#include "config.h"
typedef struct gluenode {
static BackendDB glueBackDone;
#define GLUEBACK_DONE (&glueBackDone)
+static slap_overinst * glue_tool_inst( BackendInfo *bi);
+
static slap_response glue_op_response;
/* Just like select_backend, but only for our backends */
j = gs->nctrls;
if (!j) {
- newctrls = ch_malloc((i+1)*sizeof(LDAPControl *));
+ newctrls = op->o_tmpalloc((i+1)*sizeof(LDAPControl *),
+ op->o_tmpmemctx);
} else {
/* Forget old pagedResults response if we're sending
* a new one now
if ( newpage ) {
for ( k=0; k<j; k++ ) {
if ( !strcmp(gs->ctrls[k]->ldctl_oid,
- LDAP_CONTROL_PAGEDRESULTS )) {
- gs->ctrls[k]->ldctl_oid = NULL;
- ldap_control_free( gs->ctrls[k] );
- gs->ctrls[k] = gs->ctrls[--j];
- gs->ctrls[j] = NULL;
- break;
+ LDAP_CONTROL_PAGEDRESULTS ))
+ {
+ op->o_tmpfree(gs->ctrls[k], op->o_tmpmemctx);
+ gs->ctrls[k] = gs->ctrls[--j];
+ gs->ctrls[j] = NULL;
+ break;
}
}
}
}
- newctrls = ch_realloc(gs->ctrls,
- (j+i+1)*sizeof(LDAPControl *));
+ newctrls = op->o_tmprealloc(gs->ctrls,
+ (j+i+1)*sizeof(LDAPControl *), op->o_tmpmemctx);
}
for (k=0; k<i; j++,k++) {
- newctrls[j] = ch_malloc(sizeof(LDAPControl));
- *newctrls[j] = *rs->sr_ctrls[k];
- if ( !BER_BVISNULL( &rs->sr_ctrls[k]->ldctl_value ))
- ber_dupbv( &newctrls[j]->ldctl_value,
- &rs->sr_ctrls[k]->ldctl_value );
+ ber_len_t oidlen = strlen( rs->sr_ctrls[k]->ldctl_oid );
+ newctrls[j] = op->o_tmpalloc(sizeof(LDAPControl) + oidlen + 1 + rs->sr_ctrls[k]->ldctl_value.bv_len + 1,
+ op->o_tmpmemctx);
+ newctrls[j]->ldctl_iscritical = rs->sr_ctrls[k]->ldctl_iscritical;
+ newctrls[j]->ldctl_oid = (char *)&newctrls[j][1];
+ lutil_strcopy( newctrls[j]->ldctl_oid, rs->sr_ctrls[k]->ldctl_oid );
+ if ( !BER_BVISNULL( &rs->sr_ctrls[k]->ldctl_value ) ) {
+ newctrls[j]->ldctl_value.bv_val = &newctrls[j]->ldctl_oid[oidlen + 1];
+ newctrls[j]->ldctl_value.bv_len = rs->sr_ctrls[k]->ldctl_value.bv_len;
+ lutil_memcopy( newctrls[j]->ldctl_value.bv_val,
+ rs->sr_ctrls[k]->ldctl_value.bv_val,
+ rs->sr_ctrls[k]->ldctl_value.bv_len + 1 );
+ } else {
+ BER_BVZERO( &newctrls[j]->ldctl_value );
+ }
}
newctrls[j] = NULL;
gs->nctrls = j;
return rc;
}
+static int
+glue_op_abandon( Operation *op, SlapReply *rs )
+{
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ glueinfo *gi = (glueinfo *)on->on_bi.bi_private;
+ BackendDB *b0 = op->o_bd;
+ BackendInfo *bi0 = op->o_bd->bd_info;
+ int i;
+
+ b0->bd_info = on->on_info->oi_orig;
+
+ for (i = gi->gi_nodes-1; i >= 0; i--) {
+ assert( gi->gi_n[i].gn_be->be_nsuffix != NULL );
+ op->o_bd = gi->gi_n[i].gn_be;
+ if ( op->o_bd == b0 )
+ continue;
+ if ( op->o_bd->bd_info->bi_op_abandon )
+ op->o_bd->bd_info->bi_op_abandon( op, rs );
+ }
+ op->o_bd = b0;
+ op->o_bd->bd_info = bi0;
+ return SLAP_CB_CONTINUE;
+}
+
static int
glue_response ( Operation *op, SlapReply *rs )
{
return op->o_bd->be_search( op, rs );
}
+static const ID glueID = NOID;
+static const struct berval gluecookie = { sizeof( glueID ), (char *)&glueID };
+
static int
glue_op_search ( Operation *op, SlapReply *rs )
{
starttime = op->o_time;
stoptime = slap_get_time () + op->ors_tlimit;
+ /* reset dummy cookie used to keep paged results going across databases */
+ if ( get_pagedresults( op ) > SLAP_CONTROL_IGNORED
+ && bvmatch( &((PagedResultsState *)op->o_pagedresults_state)->ps_cookieval, &gluecookie ) )
+ {
+ PagedResultsState *ps = op->o_pagedresults_state;
+ BerElementBuffer berbuf;
+ BerElement *ber = (BerElement *)&berbuf;
+ struct berval cookie = BER_BVC(""), value;
+ int c;
+
+ for (c = 0; op->o_ctrls[c] != NULL; c++) {
+ if (strcmp(op->o_ctrls[c]->ldctl_oid, LDAP_CONTROL_PAGEDRESULTS) == 0)
+ break;
+ }
+
+ assert( op->o_ctrls[c] != NULL );
+
+ ber_init2( ber, NULL, LBER_USE_DER );
+ ber_printf( ber, "{iO}", ps->ps_size, &cookie );
+ ber_flatten2( ber, &value, 0 );
+ assert( op->o_ctrls[c]->ldctl_value.bv_len >= value.bv_len );
+ op->o_ctrls[c]->ldctl_value.bv_len = value.bv_len;
+ lutil_memcopy( op->o_ctrls[c]->ldctl_value.bv_val,
+ value.bv_val, value.bv_len );
+ ber_free_buf( ber );
+
+ ps->ps_cookie = (PagedResultsCookie)0;
+ BER_BVZERO( &ps->ps_cookieval );
+ }
+
op->o_bd = glue_back_select (b0, &op->o_req_ndn);
b0->bd_info = on->on_info->oi_orig;
if ( op->o_bd == b0 )
return SLAP_CB_CONTINUE;
- rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
if (op->o_bd && op->o_bd->be_search) {
rs->sr_err = op->o_bd->be_search( op, rs );
+ } else {
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
}
return rs->sr_err;
* from here on a subsequent request.
*/
if ( rs->sr_nentries >= ps->ps_size ) {
+ PagedResultsState *cps = &op->o_conn->c_pagedresults_state;
+
/* Don't bother to remember the first backend.
* Only remember the last one if there's more state left.
*/
if ( op->o_bd != b0 &&
- ( op->o_conn->c_pagedresults_state.ps_cookie ||
- op->o_bd != gi->gi_n[0].gn_be ))
+ ( cps->ps_cookie != NOID
+ || !BER_BVISNULL( &cps->ps_cookieval )
+ || op->o_bd != gi->gi_n[0].gn_be ) )
+ {
op->o_conn->c_pagedresults_state.ps_be = op->o_bd;
+ }
+
+ /* Check whether the cookie is empty,
+ * and give remaining databases a chance
+ */
+ if ( op->o_bd != gi->gi_n[0].gn_be || cps->ps_cookie == NOID ) {
+ int c;
+
+ for ( c = 0; gs.ctrls[c] != NULL; c++ ) {
+ if ( strcmp( gs.ctrls[c]->ldctl_oid, LDAP_CONTROL_PAGEDRESULTS ) == 0 ) {
+ break;
+ }
+ }
+
+ if ( gs.ctrls[c] != NULL ) {
+ BerElementBuffer berbuf;
+ BerElement *ber = (BerElement *)&berbuf;
+ ber_tag_t tag;
+ ber_int_t size;
+ struct berval cookie, value;
+
+ ber_init2( ber, &gs.ctrls[c]->ldctl_value, LBER_USE_DER );
+
+ tag = ber_scanf( ber, "{im}", &size, &cookie );
+ assert( tag != LBER_ERROR );
+
+ if ( BER_BVISEMPTY( &cookie ) && op->o_bd != gi->gi_n[0].gn_be ) {
+ /* delete old, create new cookie with NOID */
+ PagedResultsCookie respcookie = (PagedResultsCookie)NOID;
+ ber_len_t oidlen = strlen( gs.ctrls[c]->ldctl_oid );
+ LDAPControl *newctrl;
+
+ /* it's next database's turn */
+ if ( btmp == b0 ) {
+ op->o_conn->c_pagedresults_state.ps_be = gi->gi_n[gi->gi_nodes - 1].gn_be;
+
+ } else {
+ op->o_conn->c_pagedresults_state.ps_be = gi->gi_n[(i > 0 ? i - 1: 0)].gn_be;
+ }
+
+ cookie.bv_val = (char *)&respcookie;
+ cookie.bv_len = sizeof( PagedResultsCookie );
+
+ ber_init2( ber, NULL, LBER_USE_DER );
+ ber_printf( ber, "{iO}", 0, &cookie );
+ ber_flatten2( ber, &value, 0 );
+
+ newctrl = op->o_tmprealloc( gs.ctrls[c],
+ sizeof(LDAPControl) + oidlen + 1 + value.bv_len + 1,
+ op->o_tmpmemctx);
+ newctrl->ldctl_iscritical = gs.ctrls[c]->ldctl_iscritical;
+ newctrl->ldctl_oid = (char *)&newctrl[1];
+ lutil_strcopy( newctrl->ldctl_oid, gs.ctrls[c]->ldctl_oid );
+ newctrl->ldctl_value.bv_len = value.bv_len;
+ lutil_memcopy( newctrl->ldctl_value.bv_val,
+ value.bv_val, value.bv_len );
+
+ gs.ctrls[c] = newctrl;
+
+ ber_free_buf( ber );
+
+ } else if ( !BER_BVISEMPTY( &cookie ) && op->o_bd != b0 ) {
+ /* if cookie not empty, it's again this database's turn */
+ op->o_conn->c_pagedresults_state.ps_be = op->o_bd;
+ }
+ }
+ }
+
goto end_of_loop;
}
* next backend will start up properly. Only back-[bh]db
* and back-sql look at this state info.
*/
- if ( ps->ps_cookieval.bv_len == sizeof( PagedResultsCookie )) {
- ps->ps_cookie = 0;
- memset( ps->ps_cookieval.bv_val, 0,
- sizeof( PagedResultsCookie ));
+ ps->ps_cookie = (PagedResultsCookie)0;
+ BER_BVZERO( &ps->ps_cookieval );
+
+ {
+ /* change the size of the page in the request
+ * that will be propagated, and reset the cookie */
+ BerElementBuffer berbuf;
+ BerElement *ber = (BerElement *)&berbuf;
+ int size = ps->ps_size - rs->sr_nentries;
+ struct berval cookie = BER_BVC(""), value;
+ int c;
+
+ for (c = 0; op->o_ctrls[c] != NULL; c++) {
+ if (strcmp(op->o_ctrls[c]->ldctl_oid, LDAP_CONTROL_PAGEDRESULTS) == 0)
+ break;
+ }
+
+ assert( op->o_ctrls[c] != NULL );
+
+ ber_init2( ber, NULL, LBER_USE_DER );
+ ber_printf( ber, "{iO}", size, &cookie );
+ ber_flatten2( ber, &value, 0 );
+ assert( op->o_ctrls[c]->ldctl_value.bv_len >= value.bv_len );
+ op->o_ctrls[c]->ldctl_value.bv_len = value.bv_len;
+ lutil_memcopy( op->o_ctrls[c]->ldctl_value.bv_val,
+ value.bv_val, value.bv_len );
+ ber_free_buf( ber );
}
}
ber_bvarray_free(gs.refs);
if (gs.ctrls) {
for (i = gs.nctrls; --i >= 0; ) {
- if (!BER_BVISNULL( &gs.ctrls[i]->ldctl_value ))
- free(gs.ctrls[i]->ldctl_value.bv_val);
- free(gs.ctrls[i]);
+ op->o_tmpfree(gs.ctrls[i], op->o_tmpmemctx);
}
- free(gs.ctrls);
+ op->o_tmpfree(gs.ctrls, op->o_tmpmemctx);
}
return rs->sr_err;
}
toolDB = *b0;
toolDB.bd_info = oi->oi_orig;
+ /* Sanity checks */
+ {
+ slap_overinst *on = glue_tool_inst( b0->bd_info );
+ glueinfo *gi = on->on_bi.bi_private;
+
+ int i;
+ for (i = 0; i < gi->gi_nodes; i++) {
+ BackendDB *bd;
+ struct berval pdn;
+
+ dnParent( &gi->gi_n[i].gn_be->be_nsuffix[0], &pdn );
+ bd = select_backend( &pdn, 0 );
+ if ( bd ) {
+ ID id;
+ BackendDB db;
+
+ if ( overlay_is_over( bd ) ) {
+ slap_overinfo *oi = (slap_overinfo *)bd->bd_info;
+ db = *bd;
+ db.bd_info = oi->oi_orig;
+ bd = &db;
+ }
+
+ if ( !bd->bd_info->bi_tool_dn2id_get
+ || !bd->bd_info->bi_tool_entry_open
+ || !bd->bd_info->bi_tool_entry_close )
+ {
+ continue;
+ }
+
+ bd->bd_info->bi_tool_entry_open( bd, 0 );
+ id = bd->bd_info->bi_tool_dn2id_get( bd, &gi->gi_n[i].gn_be->be_nsuffix[0] );
+ bd->bd_info->bi_tool_entry_close( bd );
+ if ( id != NOID ) {
+ Debug( LDAP_DEBUG_ANY,
+ "glue_tool_entry_open: subordinate database suffix entry DN=\"%s\" also present in superior database rooted at DN=\"%s\"\n",
+ gi->gi_n[i].gn_be->be_suffix[0].bv_val, bd->be_suffix[0].bv_val, 0 );
+ return LDAP_OTHER;
+ }
+ }
+ }
+ }
+
return 0;
}
return rc;
}
+static struct berval *glue_base;
+static int glue_scope;
+static Filter *glue_filter;
+
static ID
glue_tool_entry_first (
BackendDB *b0
return rc;
}
+static ID
+glue_tool_entry_first_x (
+ BackendDB *b0,
+ struct berval *base,
+ int scope,
+ Filter *f
+)
+{
+ slap_overinst *on = glue_tool_inst( b0->bd_info );
+ glueinfo *gi = on->on_bi.bi_private;
+ int i;
+ ID rc;
+
+ glue_base = base;
+ glue_scope = scope;
+ glue_filter = f;
+
+ /* If we're starting from scratch, start at the most general */
+ if (!glueBack) {
+ if ( toolDB.be_entry_open && toolDB.be_entry_first_x ) {
+ glueBack = &toolDB;
+ } else {
+ for (i = gi->gi_nodes-1; i >= 0; i--) {
+ if (gi->gi_n[i].gn_be->be_entry_open &&
+ gi->gi_n[i].gn_be->be_entry_first_x)
+ {
+ glueBack = gi->gi_n[i].gn_be;
+ break;
+ }
+ }
+ }
+ }
+ if (!glueBack || !glueBack->be_entry_open || !glueBack->be_entry_first_x ||
+ glueBack->be_entry_open (glueBack, glueMode) != 0)
+ return NOID;
+
+ rc = glueBack->be_entry_first_x (glueBack,
+ glue_base, glue_scope, glue_filter);
+ while ( rc == NOID ) {
+ if ( glueBack && glueBack->be_entry_close )
+ glueBack->be_entry_close (glueBack);
+ for (i=0; i<gi->gi_nodes; i++) {
+ if (gi->gi_n[i].gn_be == glueBack)
+ break;
+ }
+ if (i == 0) {
+ glueBack = GLUEBACK_DONE;
+ break;
+ } else {
+ glueBack = gi->gi_n[i-1].gn_be;
+ rc = glue_tool_entry_first_x (b0,
+ glue_base, glue_scope, glue_filter);
+ if ( glueBack == GLUEBACK_DONE ) {
+ break;
+ }
+ }
+ }
+ return rc;
+}
+
static ID
glue_tool_entry_next (
BackendDB *b0
break;
} else {
glueBack = gi->gi_n[i-1].gn_be;
- rc = glue_tool_entry_first (b0);
+ if ( glue_base || glue_filter ) {
+ /* using entry_first_x() */
+ rc = glue_tool_entry_first_x (b0,
+ glue_base, glue_scope, glue_filter);
+
+ } else {
+ /* using entry_first() */
+ rc = glue_tool_entry_first (b0);
+ }
if ( glueBack == GLUEBACK_DONE ) {
break;
}
oi->oi_bi.bi_tool_entry_close = glue_tool_entry_close;
if ( bi->bi_tool_entry_first )
oi->oi_bi.bi_tool_entry_first = glue_tool_entry_first;
+ /* FIXME: check whether all support bi_tool_entry_first_x() ? */
+ if ( bi->bi_tool_entry_first_x )
+ oi->oi_bi.bi_tool_entry_first_x = glue_tool_entry_first_x;
if ( bi->bi_tool_entry_next )
oi->oi_bi.bi_tool_entry_next = glue_tool_entry_next;
if ( bi->bi_tool_entry_get )
return rc;
}
+static int
+glue_access_allowed(
+ Operation *op,
+ Entry *e,
+ AttributeDescription *desc,
+ struct berval *val,
+ slap_access_t access,
+ AccessControlState *state,
+ slap_mask_t *maskp )
+{
+ BackendDB *b0, *be = glue_back_select( op->o_bd, &e->e_nname );
+ int rc;
+
+ if ( be == NULL || be == op->o_bd || be->bd_info->bi_access_allowed == NULL )
+ return SLAP_CB_CONTINUE;
+
+ b0 = op->o_bd;
+ op->o_bd = be;
+ rc = be->bd_info->bi_access_allowed ( op, e, desc, val, access, state, maskp );
+ op->o_bd = b0;
+ return rc;
+}
+
int
glue_sub_init()
{
glue.on_bi.bi_op_modrdn = glue_op_func;
glue.on_bi.bi_op_add = glue_op_func;
glue.on_bi.bi_op_delete = glue_op_func;
+ glue.on_bi.bi_op_abandon = glue_op_abandon;
glue.on_bi.bi_extended = glue_op_func;
glue.on_bi.bi_chk_referrals = glue_chk_referrals;
glue.on_bi.bi_chk_controls = glue_chk_controls;
glue.on_bi.bi_entry_get_rw = glue_entry_get_rw;
glue.on_bi.bi_entry_release_rw = glue_entry_release_rw;
+ glue.on_bi.bi_access_allowed = glue_access_allowed;
glue.on_response = glue_response;
projects / openldap / blobdiff