/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2005 The OpenLDAP Foundation.
+ * Copyright 2003-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
static slap_overinst *overlays;
-enum db_which { db_open = 0, db_close, db_destroy };
+enum db_which {
+ db_open = 0,
+ db_close,
+ db_destroy,
+ db_last
+};
static int
over_db_func(
ca.fname = fname;
ca.lineno = lineno;
ca.be = be;
+ snprintf( ca.log, sizeof( ca.log ), "%s: line %d",
+ ca.fname, ca.lineno );
+
for (; on; on=on->on_next) {
rc = SLAP_CONF_UNKNOWN;
if (on->on_bi.bi_cf_ocs) {
ct = config_find_keyword( on->on_bi.bi_cf_ocs->co_table, &ca );
if ( ct ) {
rc = config_add_vals( ct, &ca );
+ if ( rc != SLAP_CONF_UNKNOWN )
+ break;
}
}
if (on->on_bi.bi_db_config && rc == SLAP_CONF_UNKNOWN) {
rc = over_db_func( be, db_destroy );
- for (next = on->on_next; on; on=next) {
- next = on->on_next;
- free( on );
+ if ( on ) {
+ for (next = on->on_next; on; on=next) {
+ next = on->on_next;
+ free( on );
+ }
}
+
free( oi );
return rc;
}
if ( rc != SLAP_CB_CONTINUE ) break;
}
}
+ /* Bypass the remaining on_response layers, but allow
+ * normal execution to continue.
+ */
+ if ( rc == SLAP_CB_BYPASS )
+ rc = SLAP_CB_CONTINUE;
op->o_bd = be;
return rc;
}
-#ifdef SLAP_OVERLAY_ACCESS
static int
over_access_allowed(
Operation *op,
{
slap_overinfo *oi;
slap_overinst *on;
- BackendInfo *bi = op->o_bd->bd_info;
+ BackendInfo *bi;
BackendDB *be = op->o_bd, db;
int rc = SLAP_CB_CONTINUE;
* when global overlays are used... */
assert( op->o_bd != NULL );
- oi = op->o_bd->bd_info->bi_private;
+ bi = op->o_bd->bd_info;
+ /* Were we invoked on the frontend? */
+ if ( !bi->bi_access_allowed ) {
+ oi = frontendDB->bd_info->bi_private;
+ } else {
+ oi = op->o_bd->bd_info->bi_private;
+ }
on = oi->oi_list;
for ( ; on; on = on->on_next ) {
return rc;
}
-#endif /* SLAP_OVERLAY_ACCESS */
-
-enum op_which {
- op_bind = 0,
- op_unbind,
- op_search,
- op_compare,
- op_modify,
- op_modrdn,
- op_add,
- op_delete,
- op_abandon,
- op_cancel,
- op_extended,
- op_aux_operational,
- op_aux_chk_referrals,
- op_aux_chk_controls,
- op_last
-};
+
+static int
+over_acl_group(
+ Operation *op,
+ Entry *e,
+ struct berval *gr_ndn,
+ struct berval *op_ndn,
+ ObjectClass *group_oc,
+ AttributeDescription *group_at )
+{
+ slap_overinfo *oi;
+ slap_overinst *on;
+ BackendInfo *bi = op->o_bd->bd_info;
+ BackendDB *be = op->o_bd, db;
+ int rc = SLAP_CB_CONTINUE;
+
+ /* FIXME: used to happen for instance during abandon
+ * when global overlays are used... */
+ assert( op->o_bd != NULL );
+
+ oi = op->o_bd->bd_info->bi_private;
+ on = oi->oi_list;
+
+ for ( ; on; on = on->on_next ) {
+ if ( on->on_bi.bi_acl_group ) {
+ /* NOTE: do not copy the structure until required */
+ if ( !SLAP_ISOVERLAY( op->o_bd ) ) {
+ db = *op->o_bd;
+ db.be_flags |= SLAP_DBFLAG_OVERLAY;
+ op->o_bd = &db;
+ }
+
+ op->o_bd->bd_info = (BackendInfo *)on;
+ rc = on->on_bi.bi_acl_group( op, e,
+ gr_ndn, op_ndn, group_oc, group_at );
+ if ( rc != SLAP_CB_CONTINUE ) break;
+ }
+ }
+
+ if ( rc == SLAP_CB_CONTINUE ) {
+ BI_acl_group *bi_acl_group;
+
+ /* if the database structure was changed, o_bd points to a
+ * copy of the structure; put the original bd_info in place */
+ if ( SLAP_ISOVERLAY( op->o_bd ) ) {
+ op->o_bd->bd_info = oi->oi_orig;
+ }
+
+ if ( oi->oi_orig->bi_acl_group ) {
+ bi_acl_group = oi->oi_orig->bi_acl_group;
+ } else {
+ bi_acl_group = backend_group;
+ }
+
+ rc = bi_acl_group( op, e,
+ gr_ndn, op_ndn, group_oc, group_at );
+ }
+ /* should not fall thru this far without anything happening... */
+ if ( rc == SLAP_CB_CONTINUE ) {
+ /* access not allowed */
+ rc = 0;
+ }
+
+ op->o_bd = be;
+ op->o_bd->bd_info = bi;
+
+ return rc;
+}
+
+static int
+over_acl_attribute(
+ Operation *op,
+ Entry *target,
+ struct berval *entry_ndn,
+ AttributeDescription *entry_at,
+ BerVarray *vals,
+ slap_access_t access )
+{
+ slap_overinfo *oi;
+ slap_overinst *on;
+ BackendInfo *bi = op->o_bd->bd_info;
+ BackendDB *be = op->o_bd, db;
+ int rc = SLAP_CB_CONTINUE;
+
+ /* FIXME: used to happen for instance during abandon
+ * when global overlays are used... */
+ assert( op->o_bd != NULL );
+
+ oi = op->o_bd->bd_info->bi_private;
+ on = oi->oi_list;
+
+ for ( ; on; on = on->on_next ) {
+ if ( on->on_bi.bi_acl_attribute ) {
+ /* NOTE: do not copy the structure until required */
+ if ( !SLAP_ISOVERLAY( op->o_bd ) ) {
+ db = *op->o_bd;
+ db.be_flags |= SLAP_DBFLAG_OVERLAY;
+ op->o_bd = &db;
+ }
+
+ op->o_bd->bd_info = (BackendInfo *)on;
+ rc = on->on_bi.bi_acl_attribute( op, target,
+ entry_ndn, entry_at, vals, access );
+ if ( rc != SLAP_CB_CONTINUE ) break;
+ }
+ }
+
+ if ( rc == SLAP_CB_CONTINUE ) {
+ BI_acl_attribute *bi_acl_attribute;
+
+ /* if the database structure was changed, o_bd points to a
+ * copy of the structure; put the original bd_info in place */
+ if ( SLAP_ISOVERLAY( op->o_bd ) ) {
+ op->o_bd->bd_info = oi->oi_orig;
+ }
+
+ if ( oi->oi_orig->bi_acl_attribute ) {
+ bi_acl_attribute = oi->oi_orig->bi_acl_attribute;
+ } else {
+ bi_acl_attribute = backend_attribute;
+ }
+
+ rc = bi_acl_attribute( op, target,
+ entry_ndn, entry_at, vals, access );
+ }
+ /* should not fall thru this far without anything happening... */
+ if ( rc == SLAP_CB_CONTINUE ) {
+ /* access not allowed */
+ rc = 0;
+ }
+
+ op->o_bd = be;
+ op->o_bd->bd_info = bi;
+
+ return rc;
+}
/*
* default return code in case of missing backend function
* and overlay stack returning SLAP_CB_CONTINUE
*/
-static int op_rc[] = {
+static int op_rc[ op_last ] = {
LDAP_UNWILLING_TO_PERFORM, /* bind */
LDAP_UNWILLING_TO_PERFORM, /* unbind */
LDAP_UNWILLING_TO_PERFORM, /* search */
SLAP_CB_CONTINUE /* aux_chk_controls; pass to frontend */
};
-static int
-over_op_func(
+int overlay_op_walk(
Operation *op,
SlapReply *rs,
- enum op_which which
+ slap_operation_t which,
+ slap_overinfo *oi,
+ slap_overinst *on
)
{
- slap_overinfo *oi;
- slap_overinst *on;
BI_op_bind **func;
- BackendDB *be = op->o_bd, db;
- slap_callback cb = {NULL, over_back_response, NULL, NULL};
int rc = SLAP_CB_CONTINUE;
- /* FIXME: used to happen for instance during abandon
- * when global overlays are used... */
- assert( op->o_bd != NULL );
-
- oi = op->o_bd->bd_info->bi_private;
- on = oi->oi_list;
-
- if ( !SLAP_ISOVERLAY( op->o_bd )) {
- db = *op->o_bd;
- db.be_flags |= SLAP_DBFLAG_OVERLAY;
- op->o_bd = &db;
- }
- cb.sc_next = op->o_callback;
- cb.sc_private = oi;
- op->o_callback = &cb;
-
for (; on; on=on->on_next ) {
func = &on->on_bi.bi_op_bind;
if ( func[which] ) {
if ( rc != SLAP_CB_CONTINUE ) break;
}
}
+ if ( rc == SLAP_CB_BYPASS )
+ rc = SLAP_CB_CONTINUE;
func = &oi->oi_orig->bi_op_bind;
if ( func[which] && rc == SLAP_CB_CONTINUE ) {
*/
if ( rc == LDAP_UNWILLING_TO_PERFORM ) {
slap_callback *sc_next;
- for ( ; op->o_callback && op->o_callback != cb.sc_next;
- op->o_callback = sc_next ) {
+ for ( ; op->o_callback && op->o_callback->sc_response !=
+ over_back_response; op->o_callback = sc_next ) {
sc_next = op->o_callback->sc_next;
if ( op->o_callback->sc_cleanup ) {
op->o_callback->sc_cleanup( op, rs );
}
}
}
+ return rc;
+}
+
+static int
+over_op_func(
+ Operation *op,
+ SlapReply *rs,
+ slap_operation_t which
+)
+{
+ slap_overinfo *oi;
+ slap_overinst *on;
+ BackendDB *be = op->o_bd, db;
+ slap_callback cb = {NULL, over_back_response, NULL, NULL};
+ int rc = SLAP_CB_CONTINUE;
+
+ /* FIXME: used to happen for instance during abandon
+ * when global overlays are used... */
+ assert( op->o_bd != NULL );
+
+ oi = op->o_bd->bd_info->bi_private;
+ on = oi->oi_list;
+
+ if ( !SLAP_ISOVERLAY( op->o_bd )) {
+ db = *op->o_bd;
+ db.be_flags |= SLAP_DBFLAG_OVERLAY;
+ op->o_bd = &db;
+ }
+ cb.sc_next = op->o_callback;
+ cb.sc_private = oi;
+ op->o_callback = &cb;
+
+ rc = overlay_op_walk( op, rs, which, oi, on );
+
op->o_bd = be;
op->o_callback = cb.sc_next;
return rc;
enum conn_which {
conn_init = 0,
- conn_destroy
+ conn_destroy,
+ conn_last
};
static int
slap_overinst *on
)
{
+ slap_overinst *tmp;
+
+ /* FIXME: check for duplicates? */
+ for ( tmp = overlays; tmp != NULL; tmp = tmp->on_next ) {
+ if ( strcmp( on->on_bi.bi_type, tmp->on_bi.bi_type ) == 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "overlay_register(\"%s\"): "
+ "name already in use.\n",
+ on->on_bi.bi_type, 0, 0 );
+ return -1;
+ }
+
+ if ( on->on_bi.bi_obsolete_names != NULL ) {
+ int i;
+
+ for ( i = 0; on->on_bi.bi_obsolete_names[ i ] != NULL; i++ ) {
+ if ( strcmp( on->on_bi.bi_obsolete_names[ i ], tmp->on_bi.bi_type ) == 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "overlay_register(\"%s\"): "
+ "obsolete name \"%s\" already in use "
+ "by overlay \"%s\".\n",
+ on->on_bi.bi_type,
+ on->on_bi.bi_obsolete_names[ i ],
+ tmp->on_bi.bi_type );
+ return -1;
+ }
+ }
+ }
+
+ if ( tmp->on_bi.bi_obsolete_names != NULL ) {
+ int i;
+
+ for ( i = 0; tmp->on_bi.bi_obsolete_names[ i ] != NULL; i++ ) {
+ int j;
+
+ if ( strcmp( on->on_bi.bi_type, tmp->on_bi.bi_obsolete_names[ i ] ) == 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "overlay_register(\"%s\"): "
+ "name already in use "
+ "as obsolete by overlay \"%s\".\n",
+ on->on_bi.bi_type,
+ tmp->on_bi.bi_obsolete_names[ i ], 0 );
+ return -1;
+ }
+
+ if ( on->on_bi.bi_obsolete_names != NULL ) {
+ for ( j = 0; on->on_bi.bi_obsolete_names[ j ] != NULL; j++ ) {
+ if ( strcmp( on->on_bi.bi_obsolete_names[ j ], tmp->on_bi.bi_obsolete_names[ i ] ) == 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "overlay_register(\"%s\"): "
+ "obsolete name \"%s\" already in use "
+ "as obsolete by overlay \"%s\".\n",
+ on->on_bi.bi_type,
+ on->on_bi.bi_obsolete_names[ j ],
+ tmp->on_bi.bi_type );
+ return -1;
+ }
+ }
+ }
+ }
+ }
+ }
+
on->on_next = overlays;
overlays = on;
return 0;
/*
* iterator on registered overlays; overlay_next( NULL ) returns the first
- * overlay; * subsequent calls with the previously returned value allow to
- * iterate * over the entire list; returns NULL when no more overlays are
+ * overlay; subsequent calls with the previously returned value allow to
+ * iterate over the entire list; returns NULL when no more overlays are
* registered.
*/
for ( ; on; on = on->on_next ) {
if ( strcmp( on->on_bi.bi_type, over_type ) == 0 ) {
- break;
+ goto foundit;
+ }
+
+ if ( on->on_bi.bi_obsolete_names != NULL ) {
+ int i;
+
+ for ( i = 0; on->on_bi.bi_obsolete_names[ i ] != NULL; i++ ) {
+ if ( strcmp( on->on_bi.bi_obsolete_names[ i ], over_type ) == 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "overlay_find(\"%s\"): "
+ "obsolete name for \"%s\".\n",
+ on->on_bi.bi_obsolete_names[ i ],
+ on->on_bi.bi_type, 0 );
+ goto foundit;
+ }
+ }
}
}
+foundit:;
return on;
}
int
overlay_register_control( BackendDB *be, const char *oid )
{
- int rc = 0;
int gotit = 0;
int cid;
return -1;
}
- if ( SLAP_DBFLAGS( be ) & SLAP_DBFLAG_GLOBAL_OVERLAY ) {
+ if ( SLAP_ISGLOBALOVERLAY( be ) ) {
BackendDB *bd;
/* add to all backends... */
}
- if ( rc == 0 && !gotit ) {
+ if ( !gotit ) {
be->be_ctrls[ cid ] = 1;
be->be_ctrls[ SLAP_MAX_CIDS ] = 1;
}
- return rc;
+ return 0;
}
void
}
}
+void
+overlay_insert( BackendDB *be, slap_overinst *on2, slap_overinst ***prev,
+ int idx )
+{
+ slap_overinfo *oi = (slap_overinfo *)be->bd_info;
+
+ if ( idx == -1 ) {
+ on2->on_next = oi->oi_list;
+ oi->oi_list = on2;
+ } else {
+ int i;
+ slap_overinst *on, *otmp1 = NULL, *otmp2;
+
+ /* Since the list is in reverse order and is singly linked,
+ * we reverse it to find the idx insertion point. Adding
+ * on overlay at a specific point should be a pretty
+ * infrequent occurrence.
+ */
+ for ( on = oi->oi_list; on; on=otmp2 ) {
+ otmp2 = on->on_next;
+ on->on_next = otmp1;
+ otmp1 = on;
+ }
+ oi->oi_list = NULL;
+ /* advance to insertion point */
+ for ( i=0, on = otmp1; i<idx; i++ ) {
+ otmp1 = on->on_next;
+ on->on_next = oi->oi_list;
+ oi->oi_list = on;
+ }
+ /* insert */
+ on2->on_next = oi->oi_list;
+ oi->oi_list = on2;
+ if ( otmp1 ) {
+ *prev = &otmp1->on_next;
+ /* replace remainder of list */
+ for ( on=otmp1; on; on=otmp1 ) {
+ otmp1 = on->on_next;
+ on->on_next = oi->oi_list;
+ oi->oi_list = on;
+ }
+ }
+ }
+}
+
+void
+overlay_move( BackendDB *be, slap_overinst *on, int idx )
+{
+ slap_overinfo *oi = (slap_overinfo *)be->bd_info;
+ slap_overinst **onp;
+
+ for (onp = &oi->oi_list; *onp; onp= &(*onp)->on_next) {
+ if ( *onp == on ) {
+ *onp = on->on_next;
+ break;
+ }
+ }
+ overlay_insert( be, on, &onp, idx );
+}
+
/* add an overlay to a particular backend. */
int
-overlay_config( BackendDB *be, const char *ov )
+overlay_config( BackendDB *be, const char *ov, int idx, BackendInfo **res )
{
- slap_overinst *on = NULL, *on2 = NULL;
+ slap_overinst *on = NULL, *on2 = NULL, **prev;
slap_overinfo *oi = NULL;
BackendInfo *bi = NULL;
+ if ( res )
+ *res = NULL;
+
on = overlay_find( ov );
if ( !on ) {
Debug( LDAP_DEBUG_ANY, "overlay \"%s\" not found\n", ov, 0, 0 );
* overlay info structure
*/
if ( !overlay_is_over( be ) ) {
- oi = ch_malloc( sizeof( slap_overinfo ) );
- oi->oi_orig = be->bd_info;
- oi->oi_bi = *be->bd_info;
+ int isglobal = 0;
/* NOTE: the first time a global overlay is configured,
* frontendDB gets this flag; it is used later by overlays
* to determine if they're stacked on top of the frontendDB */
- if ( oi->oi_orig == frontendDB->bd_info ) {
+ if ( be->bd_info == frontendDB->bd_info || SLAP_ISGLOBALOVERLAY( be ) ) {
+ isglobal = 1;
+ if ( on->on_bi.bi_flags & SLAPO_BFLAG_DBONLY ) {
+ Debug( LDAP_DEBUG_ANY, "overlay_config(): "
+ "overlay \"%s\" cannot be global.\n",
+ ov, 0, 0 );
+ return 1;
+ }
+
+ } else if ( on->on_bi.bi_flags & SLAPO_BFLAG_GLOBONLY ) {
+ Debug( LDAP_DEBUG_ANY, "overlay_config(): "
+ "overlay \"%s\" can only be global.\n",
+ ov, 0, 0 );
+ return 1;
+ }
+
+ oi = ch_malloc( sizeof( slap_overinfo ) );
+ oi->oi_orig = be->bd_info;
+ oi->oi_bi = *be->bd_info;
+ oi->oi_origdb = be;
+
+ if ( isglobal ) {
SLAP_DBFLAGS( be ) |= SLAP_DBFLAG_GLOBAL_OVERLAY;
}
bi->bi_chk_referrals = over_aux_chk_referrals;
bi->bi_chk_controls = over_aux_chk_controls;
-#ifdef SLAP_OVERLAY_ACCESS
- /* this has a specific arglist */
+ /* these have specific arglists */
bi->bi_access_allowed = over_access_allowed;
-#endif /* SLAP_OVERLAY_ACCESS */
+ bi->bi_acl_group = over_acl_group;
+ bi->bi_acl_attribute = over_acl_attribute;
bi->bi_connection_init = over_connection_init;
bi->bi_connection_destroy = over_connection_destroy;
} else {
if ( overlay_is_inst( be, ov ) ) {
Debug( LDAP_DEBUG_ANY, "overlay_config(): "
- "warning, overlay \"%s\" "
- "already in list\n", ov, 0, 0 );
+ "overlay \"%s\" already in list\n",
+ ov, 0, 0 );
+ if ( SLAPO_SINGLE( be ) ) {
+ return 1;
+ }
}
oi = be->bd_info->bi_private;
}
- /* Insert new overlay on head of list. Overlays are executed
- * in reverse of config order...
+ /* Insert new overlay into list. By default overlays are
+ * added to head of list and executed in LIFO order.
*/
on2 = ch_calloc( 1, sizeof(slap_overinst) );
*on2 = *on;
on2->on_info = oi;
- on2->on_next = oi->oi_list;
- oi->oi_list = on2;
+
+ prev = &oi->oi_list;
+ /* Do we need to find the insertion point? */
+ if ( idx >= 0 ) {
+ int i;
+
+ /* count current overlays */
+ for ( i=0, on=oi->oi_list; on; on=on->on_next, i++ );
+
+ /* are we just appending a new one? */
+ if ( idx >= i )
+ idx = -1;
+ }
+ overlay_insert( be, on2, &prev, idx );
/* Any initialization needed? */
- if ( on->on_bi.bi_db_init ) {
+ if ( on2->on_bi.bi_db_init ) {
int rc;
be->bd_info = (BackendInfo *)on2;
rc = on2->on_bi.bi_db_init( be );
be->bd_info = (BackendInfo *)oi;
- if ( rc ) return rc;
+ if ( rc ) {
+ *prev = on2->on_next;
+ ch_free( on2 );
+ on2 = NULL;
+ return rc;
+ }
}
+ if ( res )
+ *res = &on2->on_bi;
+
return 0;
}