static int syncuuid_cmp( const void *, const void * );
static void avl_ber_bvfree( void * );
-static void syncrepl_del_nonpresent( Operation *, syncinfo_t *, BerVarray );
+static void syncrepl_del_nonpresent( Operation *, syncinfo_t *, BerVarray, struct berval * );
static int syncrepl_message_to_op(
syncinfo_t *, Operation *, LDAPMessage * );
static int syncrepl_message_to_entry(
psub = &si->si_be->be_nsuffix[0];
- /* Init connection to master */
- rc = ldap_initialize( &si->si_ld, si->si_bindconf.sb_uri.bv_val );
+ rc = slap_client_connect( &si->si_ld, &si->si_bindconf, LDAP_VERSION3 );
if ( rc != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY,
- "do_syncrep1: ldap_initialize failed (%s)\n",
- si->si_bindconf.sb_uri.bv_val, 0, 0 );
- return rc;
- }
-
- op->o_protocol = LDAP_VERSION3;
- ldap_set_option( si->si_ld, LDAP_OPT_PROTOCOL_VERSION, &op->o_protocol );
-
- /* Bind to master */
-
- if ( si->si_bindconf.sb_tls ) {
- rc = ldap_start_tls_s( si->si_ld, NULL, NULL );
- if( rc != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: ldap_start_tls failed (%d)\n",
- si->si_bindconf.sb_tls == SB_TLS_CRITICAL ? "Error" : "Warning",
- rc, 0 );
- if( si->si_bindconf.sb_tls == SB_TLS_CRITICAL ) goto done;
- }
- }
-
- if ( si->si_bindconf.sb_method == LDAP_AUTH_SASL ) {
-#ifdef HAVE_CYRUS_SASL
- void *defaults;
-
- if ( si->si_bindconf.sb_secprops != NULL ) {
- rc = ldap_set_option( si->si_ld,
- LDAP_OPT_X_SASL_SECPROPS, si->si_bindconf.sb_secprops);
-
- if( rc != LDAP_OPT_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY, "Error: ldap_set_option "
- "(%s,SECPROPS,\"%s\") failed!\n",
- si->si_bindconf.sb_uri.bv_val, si->si_bindconf.sb_secprops, 0 );
- goto done;
- }
- }
-
- defaults = lutil_sasl_defaults( si->si_ld,
- si->si_bindconf.sb_saslmech.bv_val,
- si->si_bindconf.sb_realm.bv_val,
- si->si_bindconf.sb_authcId.bv_val,
- si->si_bindconf.sb_cred.bv_val,
- si->si_bindconf.sb_authzId.bv_val );
-
- rc = ldap_sasl_interactive_bind_s( si->si_ld,
- si->si_bindconf.sb_binddn.bv_val,
- si->si_bindconf.sb_saslmech.bv_val,
- NULL, NULL,
- LDAP_SASL_QUIET,
- lutil_sasl_interact,
- defaults );
-
- lutil_sasl_freedefs( defaults );
-
- /* FIXME: different error behaviors according to
- * 1) return code
- * 2) on err policy : exit, retry, backoff ...
- */
- if ( rc != LDAP_SUCCESS ) {
- static struct berval bv_GSSAPI = BER_BVC( "GSSAPI" );
-
- Debug( LDAP_DEBUG_ANY, "do_syncrep1: "
- "ldap_sasl_interactive_bind_s failed (%d)\n",
- rc, 0, 0 );
-
- /* FIXME (see above comment) */
- /* if Kerberos credentials cache is not active, retry */
- if ( ber_bvcmp( &si->si_bindconf.sb_saslmech, &bv_GSSAPI ) == 0 &&
- rc == LDAP_LOCAL_ERROR )
- {
- rc = LDAP_SERVER_DOWN;
- }
-
- goto done;
- }
-#else /* HAVE_CYRUS_SASL */
- /* Should never get here, we trapped this at config time */
- assert(0);
- Debug( LDAP_DEBUG_SYNC, "not compiled with SASL support\n", 0, 0, 0 );
- rc = LDAP_OTHER;
goto done;
-#endif
-
- } else if ( si->si_bindconf.sb_method == LDAP_AUTH_SIMPLE ) {
- rc = ldap_sasl_bind_s( si->si_ld,
- si->si_bindconf.sb_binddn.bv_val, LDAP_SASL_SIMPLE,
- &si->si_bindconf.sb_cred, NULL, NULL, NULL );
- if ( rc != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY, "do_syncrep1: "
- "ldap_sasl_bind_s failed (%d)\n", rc, 0, 0 );
- goto done;
- }
}
+ op->o_protocol = LDAP_VERSION3;
/* Set SSF to strongest of TLS, SASL SSFs */
op->o_sasl_ssf = 0;
&syncCookie_req.ctxcsn, &syncCookie.ctxcsn,
&text );
}
- if ( !BER_BVISNULL( &syncCookie.ctxcsn ) &&
- match < 0 && err == LDAP_SUCCESS )
- {
- rc = syncrepl_updateCookie( si, op, psub, &syncCookie );
- }
if ( rctrls ) {
ldap_controls_free( rctrls );
}
if ( refreshDeletes == 0 && match < 0 &&
err == LDAP_SUCCESS )
{
- syncrepl_del_nonpresent( op, si, NULL );
+ syncrepl_del_nonpresent( op, si, NULL, &syncCookie.ctxcsn );
} else {
avl_free( si->si_presentlist, avl_ber_bvfree );
si->si_presentlist = NULL;
}
}
+ if ( !BER_BVISNULL( &syncCookie.ctxcsn ) &&
+ match < 0 && err == LDAP_SUCCESS )
+ {
+ rc = syncrepl_updateCookie( si, op, psub, &syncCookie );
+ }
if ( err == LDAP_SUCCESS
&& si->si_logstate == SYNCLOG_FALLBACK ) {
si->si_logstate = SYNCLOG_LOGGING;
ber_scanf( ber, "[W]", &syncUUIDs );
ber_scanf( ber, /*"{"*/ "}" );
if ( refreshDeletes ) {
- syncrepl_del_nonpresent( op, si, syncUUIDs );
+ syncrepl_del_nonpresent( op, si, syncUUIDs,
+ &syncCookie.ctxcsn );
ber_bvarray_free_x( syncUUIDs, op->o_tmpmemctx );
} else {
for ( i = 0; !BER_BVISNULL( &syncUUIDs[i] ); i++ ) {
}
slap_sl_free( syncUUIDs, op->o_tmpmemctx );
}
+ slap_sync_cookie_free( &syncCookie, 0 );
break;
default:
Debug( LDAP_DEBUG_ANY,
&syncCookie.ctxcsn, &text );
}
- if ( !BER_BVISNULL( &syncCookie.ctxcsn ) &&
- match < 0 )
- {
- rc = syncrepl_updateCookie( si, op, psub, &syncCookie);
- }
+ if ( match < 0 ) {
+ if ( si->si_refreshPresent == 1 ) {
+ syncrepl_del_nonpresent( op, si, NULL, &syncCookie.ctxcsn );
+ }
- if ( si->si_refreshPresent == 1 ) {
- if ( match < 0 ) {
- syncrepl_del_nonpresent( op, si, NULL );
+ if ( !BER_BVISNULL( &syncCookie.ctxcsn ))
+ {
+ rc = syncrepl_updateCookie( si, op, psub, &syncCookie);
}
}
}
op->o_callback = &cb;
+ slap_op_time( &op->o_time, &op->o_tincr );
switch( op->o_tag ) {
case LDAP_REQ_ADD:
}
if ( op->o_tag == LDAP_REQ_ADD ) {
- op->ora_e = ( Entry * ) ch_calloc( 1, sizeof( Entry ) );
+ op->ora_e = entry_alloc();
op->ora_e->e_name = op->o_req_dn;
op->ora_e->e_nname = op->o_req_ndn;
rc = slap_mods2entry( modlist, &op->ora_e, 1, 0, &text, txtbuf, textlen);
text, 0, 0 );
} else {
rc = op->o_bd->be_add( op, &rs );
+ Debug( LDAP_DEBUG_SYNC,
+ "syncrepl_message_to_op: be_add %s (%d)\n",
+ op->o_req_dn.bv_val, rc, 0 );
}
be_entry_release_w( op, op->ora_e );
} else {
op->orm_modlist = modlist;
rc = op->o_bd->be_modify( op, &rs );
+ Debug( LDAP_DEBUG_SYNC,
+ "syncrepl_message_to_op: be_modify %s (%d)\n",
+ op->o_req_dn.bv_val, rc, 0 );
}
break;
case LDAP_REQ_MODRDN:
goto done;
rc = op->o_bd->be_modrdn( op, &rs );
slap_mods_free( op->orr_modlist, 1 );
+ Debug( LDAP_DEBUG_SYNC,
+ "syncrepl_message_to_op: be_modrdn %s (%d)\n",
+ op->o_req_dn.bv_val, rc, 0 );
break;
case LDAP_REQ_DELETE:
rc = op->o_bd->be_delete( op, &rs );
+ Debug( LDAP_DEBUG_SYNC,
+ "syncrepl_message_to_op: be_delete %s (%d)\n",
+ op->o_req_dn.bv_val, rc, 0 );
break;
}
done:
return -1;
}
- e = ( Entry * ) ch_calloc( 1, sizeof( Entry ) );
+ e = entry_alloc();
e->e_name = op->o_req_dn;
e->e_nname = op->o_req_ndn;
f.f_choice = LDAP_FILTER_EQUALITY;
f.f_ava = &ava;
ava.aa_desc = slap_schema.si_ad_entryUUID;
- (void)slap_uuidstr_from_normalized( &syncUUID_strrep, syncUUID, op->o_tmpmemctx );
ava.aa_value = *syncUUID;
+
+ (void)slap_uuidstr_from_normalized( &syncUUID_strrep, syncUUID, op->o_tmpmemctx );
+ if ( syncuuid_bv ) {
+ Debug( LDAP_DEBUG_SYNC, "syncrepl_entry: inserted UUID %s\n",
+ syncUUID_strrep.bv_val, 0, 0 );
+ }
op->ors_filter = &f;
op->ors_filterstr.bv_len = STRLENOF( "(entryUUID=)" ) + syncUUID_strrep.bv_len;
ber_memfree( a->a_vals[0].bv_val );
ber_dupbv( &a->a_vals[0], &syncUUID_strrep );
}
+ /* Don't save the contextCSN on the inooming context entry,
+ * we'll write it when syncrepl_updateCookie eventually
+ * gets called. (ITS#4622)
+ */
+ if ( syncstate == LDAP_SYNC_ADD && dn_match( &entry->e_nname,
+ &be->be_nsuffix[0] )) {
+ Attribute **ap;
+ for ( ap = &entry->e_attrs; *ap; ap=&(*ap)->a_next ) {
+ a = *ap;
+ if ( a->a_desc == slap_schema.si_ad_contextCSN ) {
+ *ap = a->a_next;
+ attr_free( a );
+ break;
+ }
+ }
+ }
}
+ slap_op_time( &op->o_time, &op->o_tincr );
switch ( syncstate ) {
case LDAP_SYNC_ADD:
case LDAP_SYNC_MODIFY:
if ( rc ) goto done;
retry = 0;
+ slap_op_time( &op->o_time, &op->o_tincr );
goto retry_add;
}
/* FALLTHRU */
dnParent( &dni.ndn, &noldp );
dnParent( &entry->e_nname, &nnewp );
- if ( !dn_match( &noldp, &newp )) {
+ if ( !dn_match( &noldp, &nnewp )) {
dnParent( &entry->e_name, &newp );
op->orr_newSup = &newp;
op->orr_nnewSup = &nnewp;
if (( rc = slap_modrdn2mods( op, &rs_modify ))) {
goto done;
}
+
+ /* RDNs must be NUL-terminated for back-ldap */
+ noldp = op->orr_newrdn;
+ ber_dupbv_x( &op->orr_newrdn, &noldp, op->o_tmpmemctx );
+ noldp = op->orr_nnewrdn;
+ ber_dupbv_x( &op->orr_nnewrdn, &noldp, op->o_tmpmemctx );
+
rc = be->be_modrdn( op, &rs_modify );
+ op->o_tmpfree( op->orr_nnewrdn.bv_val, op->o_tmpmemctx );
+ op->o_tmpfree( op->orr_newrdn.bv_val, op->o_tmpmemctx );
+
slap_mods_free( op->orr_modlist, 1 );
Debug( LDAP_DEBUG_SYNC,
"syncrepl_entry: %s (%d)\n",
} else {
goto done;
}
+ if ( dni.wasChanged )
+ slap_op_time( &op->o_time, &op->o_tincr );
}
if ( dni.wasChanged ) {
Modifications *mod, *modhead = NULL;
syncrepl_del_nonpresent(
Operation *op,
syncinfo_t *si,
- BerVarray uuids )
+ BerVarray uuids,
+ struct berval *cookiecsn )
{
Backend* be = op->o_bd;
slap_callback cb = { NULL };
AttributeName an[2];
struct berval pdn = BER_BVNULL;
+ struct berval csn;
op->o_req_dn = si->si_base;
op->o_req_ndn = si->si_base;
for (i=0; uuids[i].bv_val; i++) {
op->ors_slimit = 1;
+ slap_uuidstr_from_normalized( &uf.f_av_value, &uuids[i],
+ op->o_tmpmemctx );
+ filter2bv_x( op, op->ors_filter, &op->ors_filterstr );
uf.f_av_value = uuids[i];
rc = be->be_search( op, &rs_search );
+ op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
}
si->si_refreshDelete ^= NP_DELETE_ONE;
} else {
if ( !LDAP_LIST_EMPTY( &si->si_nonpresentlist ) ) {
- slap_queue_csn( op, &si->si_syncCookie.ctxcsn );
+ if ( cookiecsn && !BER_BVISNULL( cookiecsn ))
+ csn = *cookiecsn;
+ else
+ csn = si->si_syncCookie.ctxcsn;
+
+ slap_queue_csn( op, &csn );
np_list = LDAP_LIST_FIRST( &si->si_nonpresentlist );
while ( np_list != NULL ) {
op->o_req_dn = *np_prev->npe_name;
op->o_req_ndn = *np_prev->npe_nname;
rc = op->o_bd->be_delete( op, &rs_delete );
+ Debug( LDAP_DEBUG_SYNC,
+ "syncrepl_del_nonpresent: be_delete %s (%d)\n",
+ op->o_req_dn.bv_val, rc, 0 );
if ( rs_delete.sr_err == LDAP_NOT_ALLOWED_ON_NONLEAF ) {
Modifications mod1, mod2;
}
while ( ndn.bv_val > e->e_nname.bv_val ) {
- glue = (Entry *) ch_calloc( 1, sizeof(Entry) );
+ glue = entry_alloc();
ber_dupbv( &glue->e_name, &dn );
ber_dupbv( &glue->e_nname, &ndn );
- a = ch_calloc( 1, sizeof( Attribute ));
- a->a_desc = slap_schema.si_ad_objectClass;
+ a = attr_alloc( slap_schema.si_ad_objectClass );
a->a_vals = ch_calloc( 3, sizeof( struct berval ));
ber_dupbv( &a->a_vals[0], &gcbva[0] );
a->a_next = glue->e_attrs;
glue->e_attrs = a;
- a = ch_calloc( 1, sizeof( Attribute ));
- a->a_desc = slap_schema.si_ad_structuralObjectClass;
+ a = attr_alloc( slap_schema.si_ad_structuralObjectClass );
a->a_vals = ch_calloc( 2, sizeof( struct berval ));
ber_dupbv( &a->a_vals[0], &gcbva[1] );
mod.sml_desc = slap_schema.si_ad_contextCSN;
mod.sml_type = mod.sml_desc->ad_cname;
mod.sml_values = vals;
- vals[0] = syncCookie.ctxcsn;
+ vals[0] = syncCookie->ctxcsn;
BER_BVZERO( &vals[1] );
- slap_queue_csn( op, syncCookie.ctxcsn );
+ slap_queue_csn( op, &syncCookie->ctxcsn );
op->o_tag = LDAP_REQ_MODIFY;
if ( !(si->si_refreshDelete & NP_DELETE_ONE )) {
a = attr_find( rs->sr_entry->e_attrs, slap_schema.si_ad_entryUUID );
- if ( a == NULL ) return 0;
+ if ( a )
+ present_uuid = avl_find( si->si_presentlist, &a->a_nvals[0],
+ syncuuid_cmp );
+
+ Debug( LDAP_DEBUG_SYNC, "nonpresent_callback: UUID %s, dn %s, %sfound\n",
+ a ? a->a_vals[0].bv_val : "<missing>", rs->sr_entry->e_name.bv_val, present_uuid ? "" : "not " );
- present_uuid = avl_find( si->si_presentlist, &a->a_nvals[0],
- syncuuid_cmp );
+ if ( a == NULL ) return 0;
}
if ( present_uuid == NULL ) {
void
syncinfo_free( syncinfo_t *sie )
{
+ if ( sie->si_ld ) {
+ if ( sie->si_conn_setup ) {
+ ber_socket_t s;
+ ldap_get_option( sie->si_ld, LDAP_OPT_DESC, &s );
+ connection_client_stop( s );
+ sie->si_conn_setup = 0;
+ }
+ ldap_unbind_ext( sie->si_ld, NULL, NULL );
+ }
+
/* re-fetch it, in case it was already removed */
sie->si_re = ldap_pvt_runqueue_find( &slapd_rq, do_syncrepl, sie );
if ( sie->si_re ) {
if ( sie->si_presentlist ) {
avl_free( sie->si_presentlist, avl_ber_bvfree );
}
- if ( sie->si_ld ) {
- ldap_unbind_ext( sie->si_ld, NULL, NULL );
- }
while ( !LDAP_LIST_EMPTY( &sie->si_nonpresentlist )) {
struct nonpresent_entry* npe;
npe = LDAP_LIST_FIRST( &sie->si_nonpresentlist );
/* mandatory */
#define GOT_ID 0x0001
-#define GOT_PROVIDER 0x0002
+#define GOT_PROVIDER 0x0002
+#define GOT_BASE 0x0004
/* check */
-#define GOT_ALL (GOT_ID|GOT_PROVIDER)
+#define GOT_ALL (GOT_ID|GOT_PROVIDER|GOT_BASE)
static struct {
struct berval key;
{ BER_BVC("one"), LDAP_SCOPE_ONELEVEL },
{ BER_BVC("onelevel"), LDAP_SCOPE_ONELEVEL }, /* OpenLDAP extension */
{ BER_BVC("children"), LDAP_SCOPE_SUBORDINATE },
+ { BER_BVC("subord"), LDAP_SCOPE_SUBORDINATE },
{ BER_BVC("subordinate"), LDAP_SCOPE_SUBORDINATE },
{ BER_BVC("sub"), LDAP_SCOPE_SUBTREE },
{ BER_BVC("subtree"), LDAP_SCOPE_SUBTREE }, /* OpenLDAP extension */
Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
return -1;
}
+ gots |= GOT_BASE;
} else if ( !strncasecmp( c->argv[ i ], LOGBASESTR "=",
STRLENOF( LOGBASESTR "=" ) ) )
{
} else if ( strchr( val, ':' ) != NULL ) {
char *next, *ptr = val;
unsigned dd, hh, mm, ss;
+
+ /* NOTE: the test for ptr[ 0 ] == '-'
+ * should go before the call to strtoul() */
dd = strtoul( ptr, &next, 10 );
- if ( next == ptr || next[0] != ':' ) {
+ if ( ptr[ 0 ] == '-' || next == ptr || next[0] != ':' ) {
snprintf( c->msg, sizeof( c->msg ),
"Error: parse_syncrepl_line: "
"invalid interval \"%s\", unable to parse days", val );
}
ptr = next + 1;
hh = strtoul( ptr, &next, 10 );
- if ( next == ptr || next[0] != ':' || hh > 24 ) {
+ if ( ptr[ 0 ] == '-' || next == ptr || next[0] != ':' || hh > 24 ) {
snprintf( c->msg, sizeof( c->msg ),
"Error: parse_syncrepl_line: "
"invalid interval \"%s\", unable to parse hours", val );
}
ptr = next + 1;
mm = strtoul( ptr, &next, 10 );
- if ( next == ptr || next[0] != ':' || mm > 60 ) {
+ if ( ptr[ 0 ] == '-' || next == ptr || next[0] != ':' || mm > 60 ) {
snprintf( c->msg, sizeof( c->msg ),
"Error: parse_syncrepl_line: "
"invalid interval \"%s\", unable to parse minutes", val );
}
ptr = next + 1;
ss = strtoul( ptr, &next, 10 );
- if ( next == ptr || next[0] != '\0' || ss > 60 ) {
+ if ( ptr[ 0 ] == '-' || next == ptr || next[0] != '\0' || ss > 60 ) {
snprintf( c->msg, sizeof( c->msg ),
"Error: parse_syncrepl_line: "
"invalid interval \"%s\", unable to parse seconds", val );
if ( gots != GOT_ALL ) {
snprintf( c->msg, sizeof( c->msg ),
- "Error: Malformed \"syncrepl\" line in slapd config file" );
+ "Error: Malformed \"syncrepl\" line in slapd config file, missing%s%s%s",
+ gots & GOT_ID ? "" : " "IDSTR,
+ gots & GOT_PROVIDER ? "" : " "PROVIDERSTR,
+ gots & GOT_BASE ? "" : " "SEARCHBASESTR );
Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
return -1;
}
int rc = 0;
if ( !( c->be->be_search && c->be->be_add && c->be->be_modify && c->be->be_delete ) ) {
- Debug( LDAP_DEBUG_ANY, "%s: database %s does not support operations "
- "required for syncrepl\n", c->log, c->be->be_type, 0 );
+ snprintf( c->msg, sizeof(c->msg), "database %s does not support "
+ "operations required for syncrepl", c->be->be_type );
+ Debug( LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
+ return 1;
+ }
+ if ( BER_BVISEMPTY( &c->be->be_rootdn )) {
+ strcpy( c->msg, "rootDN must be defined before syncrepl may be used" );
+ Debug( LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
return 1;
}
si = (syncinfo_t *) ch_calloc( 1, sizeof( syncinfo_t ) );
}
return 1;
} else if ( c->op == LDAP_MOD_DELETE ) {
- struct re_s *re;
-
if ( c->be->be_syncinfo ) {
syncinfo_free( c->be->be_syncinfo );
c->be->be_syncinfo = NULL;