X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;ds=sidebyside;f=servers%2Fslapd%2Fbackend.c;h=9e352079cd3ac438563c1d677a713e3b975a551c;hb=46fab059977aed107f53c96ced0f35cfff8c7836;hp=ea42a39d0a06e4dcf45859ec44a939169cfa3600;hpb=0076b40c329936cf8fc788ca109d1d39e5422c5e;p=openldap diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c index ea42a39d0a..9e352079cd 100644 --- a/servers/slapd/backend.c +++ b/servers/slapd/backend.c @@ -37,8 +37,6 @@ #include "lutil.h" #include "lber_pvt.h" -#include "ldap_rq.h" - #ifdef LDAP_SLAPI #include "slapi/slapi.h" @@ -100,8 +98,7 @@ int backend_init(void) return -1; } - for( bi=slap_binfo; bi->bi_type != NULL; bi++,nBackendInfo++ ) - { + for( bi=slap_binfo; bi->bi_type != NULL; bi++,nBackendInfo++ ) { assert( bi->bi_init ); rc = bi->bi_init( bi ); @@ -122,6 +119,7 @@ int backend_init(void) } return rc; } + LDAP_STAILQ_INSERT_TAIL(&backendInfo, bi, bi_next); } @@ -296,10 +294,6 @@ int backend_startup(Backend *be) (void)backend_init_controls( bi ); } - ldap_pvt_thread_mutex_init( &slapd_rq.rq_mutex ); - LDAP_STAILQ_INIT( &slapd_rq.task_list ); - LDAP_STAILQ_INIT( &slapd_rq.run_list ); - /* open each backend database */ i = -1; LDAP_STAILQ_FOREACH(be, &backendDB, be_next) { @@ -311,34 +305,11 @@ int backend_startup(Backend *be) i, be->bd_info->bi_type, 0 ); } /* append global access controls */ - acl_append( &be->be_acl, frontendDB->be_acl ); + acl_append( &be->be_acl, frontendDB->be_acl, -1 ); rc = backend_startup_one( be ); if ( rc ) return rc; - - - if ( be->be_syncinfo ) { - syncinfo_t *si; - - if ( !( be->be_search && be->be_add && - be->be_modify && be->be_delete )) { - Debug( LDAP_DEBUG_ANY, - "backend_startup: database(%d) does not support " - "operations required for syncrepl", i, 0, 0 ); - continue; - } - - { - si = be->be_syncinfo; - si->si_be = be; - init_syncrepl( si ); - ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex ); - ldap_pvt_runqueue_insert( &slapd_rq, - si->si_interval, do_syncrepl, (void *) si ); - ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex ); - } - } } return rc; @@ -421,49 +392,54 @@ int backend_shutdown( Backend *be ) return 0; } +void backend_destroy_one( BackendDB *bd ) +{ + LDAP_STAILQ_REMOVE(&backendDB, bd, slap_backend_db, be_next ); + + if ( bd->be_syncinfo ) { + syncinfo_free( bd->be_syncinfo ); + } + + if ( bd->be_pending_csn_list ) { + struct slap_csn_entry *csne; + csne = LDAP_TAILQ_FIRST( bd->be_pending_csn_list ); + while ( csne ) { + struct slap_csn_entry *tmp_csne = csne; + + LDAP_TAILQ_REMOVE( bd->be_pending_csn_list, csne, ce_csn_link ); + ch_free( csne->ce_csn.bv_val ); + csne = LDAP_TAILQ_NEXT( csne, ce_csn_link ); + ch_free( tmp_csne ); + } + } + + if ( bd->bd_info->bi_db_destroy ) { + bd->bd_info->bi_db_destroy( bd ); + } + ber_bvarray_free( bd->be_suffix ); + ber_bvarray_free( bd->be_nsuffix ); + if ( !BER_BVISNULL( &bd->be_rootdn ) ) { + free( bd->be_rootdn.bv_val ); + } + if ( !BER_BVISNULL( &bd->be_rootndn ) ) { + free( bd->be_rootndn.bv_val ); + } + if ( !BER_BVISNULL( &bd->be_rootpw ) ) { + free( bd->be_rootpw.bv_val ); + } + acl_destroy( bd->be_acl, frontendDB->be_acl ); + free( bd ); +} + int backend_destroy(void) { int i; BackendDB *bd; BackendInfo *bi; - struct slap_csn_entry *csne; /* destroy each backend database */ while (( bd = LDAP_STAILQ_FIRST(&backendDB))) { - LDAP_STAILQ_REMOVE_HEAD(&backendDB, be_next); - - if ( bd->be_syncinfo ) { - syncinfo_free( bd->be_syncinfo ); - } - - if ( bd->be_pending_csn_list ) { - csne = LDAP_TAILQ_FIRST( bd->be_pending_csn_list ); - while ( csne ) { - struct slap_csn_entry *tmp_csne = csne; - - LDAP_TAILQ_REMOVE( bd->be_pending_csn_list, csne, ce_csn_link ); - ch_free( csne->ce_csn.bv_val ); - csne = LDAP_TAILQ_NEXT( csne, ce_csn_link ); - ch_free( tmp_csne ); - } - } - - if ( bd->bd_info->bi_db_destroy ) { - bd->bd_info->bi_db_destroy( bd ); - } - ber_bvarray_free( bd->be_suffix ); - ber_bvarray_free( bd->be_nsuffix ); - if ( !BER_BVISNULL( &bd->be_rootdn ) ) { - free( bd->be_rootdn.bv_val ); - } - if ( !BER_BVISNULL( &bd->be_rootndn ) ) { - free( bd->be_rootndn.bv_val ); - } - if ( !BER_BVISNULL( &bd->be_rootpw ) ) { - free( bd->be_rootpw.bv_val ); - } - acl_destroy( bd->be_acl, frontendDB->be_acl ); - free( bd ); + backend_destroy_one( bd ); } /* destroy each backend type */ @@ -586,7 +562,7 @@ select_backend( { int i, j; ber_len_t len, dnlen = dn->bv_len; - Backend *be, *b2; + Backend *be, *b2 = NULL; LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) { if ( be->be_nsuffix == NULL ) { @@ -802,7 +778,7 @@ backend_connection_init( LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) { if ( be->be_connection_init ) { - be->be_connection_init( be, conn); + be->be_connection_init( be, conn ); } } @@ -849,18 +825,18 @@ backend_check_controls( break; case LDAP_COMPARE_FALSE: - if ( !op->o_bd->be_ctrls[ cid ] ) - { + if ( !op->o_bd->be_ctrls[cid] && (*ctrls)->ldctl_iscritical ) { /* Per RFC 2251 (and LDAPBIS discussions), if the control * is recognized and appropriate for the operation (which * we've already verified), then the server should make * use of the control when performing the operation. * * Here we find that operation extended by the control - * is not unavailable in a particular context, hence the - * return of unwillingToPerform. + * is unavailable in a particular context, and the control + * is marked Critical, hence the return of + * unwillingToPerform. */ - rs->sr_text = "control unavailable in context"; + rs->sr_text = "critical control unavailable in context"; rs->sr_err = LDAP_UNWILLING_TO_PERFORM; goto done; } @@ -871,6 +847,11 @@ backend_check_controls( default: /* unreachable */ + Debug( LDAP_DEBUG_ANY, + "backend_check_controls: unable to check control: %s\n", + (*ctrls)->ldctl_oid, 0, 0 ); + assert( 0 ); + rs->sr_text = "unable to check control"; rs->sr_err = LDAP_OTHER; goto done; @@ -878,6 +859,12 @@ backend_check_controls( } } + /* check should be generalized */ + if( get_manageDIT(op) && !be_isroot(op)) { + rs->sr_text = "requires manager authorization"; + rs->sr_err = LDAP_UNWILLING_TO_PERFORM; + } + done:; return rs->sr_err; } @@ -1082,7 +1069,10 @@ backend_check_restrictions( } #ifdef SLAP_X_LISTENER_MOD - if ( op->o_conn->c_listener && ! ( op->o_conn->c_listener->sl_perms & ( !BER_BVISEMPTY( &op->o_ndn ) ? S_IWUSR : S_IWOTH ) ) ) { + if ( op->o_conn->c_listener && + ! ( op->o_conn->c_listener->sl_perms & ( !BER_BVISEMPTY( &op->o_ndn ) + ? (S_IWUSR|S_IWOTH) : S_IWOTH ) ) ) + { /* no "w" mode means readonly */ rs->sr_text = "modifications not allowed on this listener"; rs->sr_err = LDAP_UNWILLING_TO_PERFORM; @@ -1161,7 +1151,8 @@ backend_check_restrictions( if ( !starttls && !updateop ) { if ( op->o_conn->c_listener && !( op->o_conn->c_listener->sl_perms & - ( !BER_BVISEMPTY( &op->o_dn ) ? S_IRUSR : S_IROTH ))) + ( !BER_BVISEMPTY( &op->o_dn ) + ? (S_IRUSR|S_IROTH) : S_IROTH ))) { /* no "r" mode means no read */ rs->sr_text = "read not allowed on this listener"; @@ -1305,7 +1296,7 @@ backend_group( } if ( rc == 0 ) { - rc = 1; + rc = LDAP_COMPARE_FALSE; for ( i = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ ) { if ( ldap_url_parse( a->a_vals[i].bv_val, &ludp ) != LDAP_URL_SUCCESS ) @@ -1378,6 +1369,8 @@ loopit: SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH | SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH, a->a_nvals, op_ndn, op->o_tmpmemctx ); + if ( rc == LDAP_NO_SUCH_ATTRIBUTE ) + rc = LDAP_COMPARE_FALSE; } } else { rc = LDAP_NO_SUCH_ATTRIBUTE; @@ -1518,9 +1511,10 @@ backend_attribute( if ( a ) { BerVarray v; - if ( op->o_conn && access > ACL_NONE && access_allowed( op, - e, entry_at, NULL, access, - &acl_state ) == 0 ) { + if ( op->o_conn && access > ACL_NONE && + access_allowed( op, e, entry_at, NULL, + access, &acl_state ) == 0 ) + { rc = LDAP_INSUFFICIENT_ACCESS; goto freeit; } @@ -1530,11 +1524,10 @@ backend_attribute( v = op->o_tmpalloc( sizeof(struct berval) * ( i + 1 ), op->o_tmpmemctx ); - for ( i = 0,j = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ ) + for ( i = 0, j = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ ) { if ( op->o_conn && access > ACL_NONE && - access_allowed( op, e, - entry_at, + access_allowed( op, e, entry_at, &a->a_nvals[i], access, &acl_state ) == 0 ) @@ -1748,14 +1741,14 @@ int backend_operational( * add them to the attribute list */ if ( SLAP_OPATTRS( rs->sr_attr_flags ) || ( rs->sr_attrs && - ad_inlist( slap_schema.si_ad_entryDN, rs->sr_attrs ))) + ad_inlist( slap_schema.si_ad_entryDN, rs->sr_attrs ) ) ) { *ap = slap_operational_entryDN( rs->sr_entry ); ap = &(*ap)->a_next; } if ( SLAP_OPATTRS( rs->sr_attr_flags ) || ( rs->sr_attrs && - ad_inlist( slap_schema.si_ad_subschemaSubentry, rs->sr_attrs ))) + ad_inlist( slap_schema.si_ad_subschemaSubentry, rs->sr_attrs ) ) ) { *ap = slap_operational_subschemaSubentry( op->o_bd ); ap = &(*ap)->a_next; @@ -1763,10 +1756,10 @@ int backend_operational( /* Let the overlays have a chance at this */ be_orig = op->o_bd; - if ( SLAP_ISOVERLAY( be_orig )) + if ( SLAP_ISOVERLAY( be_orig ) ) op->o_bd = select_backend( be_orig->be_nsuffix, 0, 0 ); - if (( SLAP_OPATTRS( rs->sr_attr_flags ) || rs->sr_attrs ) && + if ( ( SLAP_OPATTRS( rs->sr_attr_flags ) || rs->sr_attrs ) && op->o_bd && op->o_bd->be_operational != NULL ) { rc = op->o_bd->be_operational( op, rs );