X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-ldap%2Finit.c;h=60e60c5fe9f1375d3e7b1fd0ae45f8d0ee2a18df;hb=473e2c997f6b1f226d35da186db8033c922001f3;hp=7286cd222a76d0e2c334e7f69f9cdc74ba1388f3;hpb=c80eb3488868d2808a5ee29b76b0f38059df2e04;p=openldap

diff --git a/servers/slapd/back-ldap/init.c b/servers/slapd/back-ldap/init.c
index 7286cd222a..60e60c5fe9 100644
--- a/servers/slapd/back-ldap/init.c
+++ b/servers/slapd/back-ldap/init.c
@@ -2,7 +2,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2005 The OpenLDAP Foundation.
+ * Copyright 2003-2011 The OpenLDAP Foundation.
  * Portions Copyright 1999-2003 Howard Chu.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * All rights reserved.
@@ -29,8 +29,21 @@
 #include <ac/socket.h>
 
 #include "slap.h"
+#include "config.h"
 #include "back-ldap.h"
 
+static const ldap_extra_t ldap_extra = {
+	ldap_back_proxy_authz_ctrl,
+	ldap_back_controls_free,
+	slap_idassert_authzfrom_parse_cf,
+	slap_idassert_passthru_parse_cf,
+	slap_idassert_parse_cf,
+	slap_retry_info_destroy,
+	slap_retry_info_parse,
+	slap_retry_info_unparse,
+	ldap_back_connid2str
+};
+
 int
 ldap_back_open( BackendInfo	*bi )
 {
@@ -41,15 +54,30 @@ ldap_back_open( BackendInfo	*bi )
 int
 ldap_back_initialize( BackendInfo *bi )
 {
+	int		rc;
+
+	bi->bi_flags =
+#ifdef LDAP_DYNAMIC_OBJECTS
+		/* this is set because all the support a proxy has to provide
+		 * is the capability to forward the refresh exop, and to
+		 * pass thru entries that contain the dynamicObject class
+		 * and the entryTtl attribute */
+		SLAP_BFLAG_DYNAMIC |
+#endif /* LDAP_DYNAMIC_OBJECTS */
+
+		/* back-ldap recognizes RFC4525 increment;
+		 * let the remote server complain, if needed (ITS#5912) */
+		SLAP_BFLAG_INCREMENT;
+
 	bi->bi_open = ldap_back_open;
 	bi->bi_config = 0;
 	bi->bi_close = 0;
 	bi->bi_destroy = 0;
 
 	bi->bi_db_init = ldap_back_db_init;
-	bi->bi_db_config = ldap_back_db_config;
+	bi->bi_db_config = config_generic_wrapper;
 	bi->bi_db_open = ldap_back_db_open;
-	bi->bi_db_close = 0;
+	bi->bi_db_close = ldap_back_db_close;
 	bi->bi_db_destroy = ldap_back_db_destroy;
 
 	bi->bi_op_bind = ldap_back_bind;
@@ -70,201 +98,170 @@ ldap_back_initialize( BackendInfo *bi )
 	bi->bi_connection_init = 0;
 	bi->bi_connection_destroy = ldap_back_conn_destroy;
 
-	if ( chain_init( ) ) {
-		return -1;
+	bi->bi_extra = (void *)&ldap_extra;
+
+	rc =  ldap_back_init_cf( bi );
+	if ( rc ) {
+		return rc;
 	}
 
-	return 0;
+	rc = chain_initialize();
+	if ( rc ) {
+		return rc;
+	}
+
+	rc = pbind_initialize();
+	if ( rc ) {
+		return rc;
+	}
+
+#ifdef SLAP_DISTPROC
+	rc = distproc_initialize();
+	if ( rc ) {
+		return rc;
+	}
+#endif
+	return rc;
 }
 
 int
-ldap_back_db_init( Backend *be )
+ldap_back_db_init( Backend *be, ConfigReply *cr )
 {
-	struct ldapinfo	*li;
+	ldapinfo_t	*li;
+	int		rc;
+	unsigned	i;
 
-	li = (struct ldapinfo *)ch_calloc( 1, sizeof( struct ldapinfo ) );
+	li = (ldapinfo_t *)ch_calloc( 1, sizeof( ldapinfo_t ) );
 	if ( li == NULL ) {
  		return -1;
  	}
 
-	BER_BVZERO( &li->acl_authcID );
-	BER_BVZERO( &li->acl_authcDN );
-	BER_BVZERO( &li->acl_passwd );
+	li->li_rebind_f = ldap_back_default_rebind;
+	li->li_urllist_f = ldap_back_default_urllist;
+	li->li_urllist_p = li;
+	ldap_pvt_thread_mutex_init( &li->li_uri_mutex );
+
+	BER_BVZERO( &li->li_acl_authcID );
+	BER_BVZERO( &li->li_acl_authcDN );
+	BER_BVZERO( &li->li_acl_passwd );
 
-	li->acl_authmethod = LDAP_AUTH_SIMPLE;
-	BER_BVZERO( &li->acl_sasl_mech );
+	li->li_acl_authmethod = LDAP_AUTH_NONE;
+	BER_BVZERO( &li->li_acl_sasl_mech );
+	li->li_acl.sb_tls = SB_TLS_DEFAULT;
 
-	li->idassert_mode = LDAP_BACK_IDASSERT_LEGACY;
+	li->li_idassert_mode = LDAP_BACK_IDASSERT_LEGACY;
 
-	BER_BVZERO( &li->idassert_authcID );
-	BER_BVZERO( &li->idassert_authcDN );
-	BER_BVZERO( &li->idassert_passwd );
+	BER_BVZERO( &li->li_idassert_authcID );
+	BER_BVZERO( &li->li_idassert_authcDN );
+	BER_BVZERO( &li->li_idassert_passwd );
 
-	BER_BVZERO( &li->idassert_authzID );
+	BER_BVZERO( &li->li_idassert_authzID );
 
-	li->idassert_authmethod = LDAP_AUTH_SIMPLE;
-	BER_BVZERO( &li->idassert_sasl_mech );
+	li->li_idassert_authmethod = LDAP_AUTH_NONE;
+	BER_BVZERO( &li->li_idassert_sasl_mech );
+	li->li_idassert_tls = SB_TLS_DEFAULT;
 
 	/* by default, use proxyAuthz control on each operation */
-	li->idassert_flags = LDAP_BACK_AUTH_NONE;
+	li->li_idassert_flags = LDAP_BACK_AUTH_PRESCRIPTIVE;
 
-	li->idassert_authz = NULL;
+	li->li_idassert_authz = NULL;
 
 	/* initialize flags */
-	li->flags = LDAP_BACK_F_CHASE_REFERRALS;
+	li->li_flags = LDAP_BACK_F_CHASE_REFERRALS;
 
 	/* initialize version */
-	li->version = LDAP_VERSION3;
-
-	ldap_pvt_thread_mutex_init( &li->conn_mutex );
+	li->li_version = LDAP_VERSION3;
 
-	be->be_private = li;
-	SLAP_DBFLAGS( be ) |= SLAP_DBFLAG_NOLASTMOD;
+	ldap_pvt_thread_mutex_init( &li->li_conninfo.lai_mutex );
 
-	return 0;
-}
-
-int
-ldap_back_discover_t_f_support( const char *uri, int version )
-{
-	LDAP		*ld;
-	LDAPMessage	*res = NULL, *entry;
-	int		rc, i;
-	struct berval	cred = BER_BVC( "" ),
-			absoluteFilters = BER_BVC( LDAP_FEATURE_ABSOLUTE_FILTERS ),
-			**values = NULL;
-	char		*attrs[ 2 ] = { "supportedFeatures", NULL };
-
-	rc = ldap_initialize( &ld, uri );
-	if ( rc != LDAP_SUCCESS ) {
-		return rc;
-	}
-
-	rc = ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version );
-	if ( rc != LDAP_SUCCESS ) {
-		goto done;
-	}
-
-	rc = ldap_sasl_bind_s( ld, "", LDAP_SASL_SIMPLE,
-			&cred, NULL, NULL, NULL );
-	if ( rc != LDAP_SUCCESS ) {
-		goto done;
-	}
-
-	rc = ldap_search_ext_s( ld, "", LDAP_SCOPE_BASE, "(objectClass=*)",
-			attrs, 0, NULL, NULL, NULL, 0, &res );
-	if ( rc != LDAP_SUCCESS ) {
-		goto done;
-	}
-
-	entry = ldap_first_entry( ld, res );
-	if ( entry == NULL ) {
-		goto done;
-	}
-
-	values = ldap_get_values_len( ld, entry, attrs[ 0 ] );
-	if ( values == NULL ) {
-		rc = LDAP_NO_SUCH_ATTRIBUTE;
-		goto done;
-	}
-
-	for ( i = 0; values[ i ] != NULL; i++ ) {
-		if ( bvmatch( &absoluteFilters, values[ i ] ) ) {
-			rc = LDAP_COMPARE_TRUE;
-			goto done;
-		}
+	for ( i = LDAP_BACK_PCONN_FIRST; i < LDAP_BACK_PCONN_LAST; i++ ) {
+		li->li_conn_priv[ i ].lic_num = 0;
+		LDAP_TAILQ_INIT( &li->li_conn_priv[ i ].lic_priv );
 	}
+	li->li_conn_priv_max = LDAP_BACK_CONN_PRIV_DEFAULT;
 
-	rc = LDAP_COMPARE_FALSE;
+	be->be_private = li;
+	SLAP_DBFLAGS( be ) |= SLAP_DBFLAG_NOLASTMOD;
 
-done:;
-	if ( values != NULL ) {
-		ldap_value_free_len( values );
-	}
+	be->be_cf_ocs = be->bd_info->bi_cf_ocs;
 
-	if ( res != NULL ) {
-		ldap_msgfree( res );
+	rc = ldap_back_monitor_db_init( be );
+	if ( rc != 0 ) {
+		/* ignore, by now */
+		rc = 0;
 	}
 
-	ldap_unbind_ext( ld, NULL, NULL );
-
 	return rc;
 }
 
 int
-ldap_back_db_open( BackendDB *be )
+ldap_back_db_open( BackendDB *be, ConfigReply *cr )
 {
-	struct ldapinfo	*li = (struct ldapinfo *)be->be_private;
+	ldapinfo_t	*li = (ldapinfo_t *)be->be_private;
+
+	slap_bindconf	sb = { BER_BVNULL };
+	int		rc = 0;
 
 	Debug( LDAP_DEBUG_TRACE,
 		"ldap_back_db_open: URI=%s\n",
-		li->url != NULL ? li->url : "", 0, 0 );
+		li->li_uri != NULL ? li->li_uri : "", 0, 0 );
 
 	/* by default, use proxyAuthz control on each operation */
-	switch ( li->idassert_mode ) {
+	switch ( li->li_idassert_mode ) {
 	case LDAP_BACK_IDASSERT_LEGACY:
 	case LDAP_BACK_IDASSERT_SELF:
 		/* however, since admin connections are pooled and shared,
 		 * only static authzIDs can be native */
-		li->idassert_flags &= ~LDAP_BACK_AUTH_NATIVE_AUTHZ;
+		li->li_idassert_flags &= ~LDAP_BACK_AUTH_NATIVE_AUTHZ;
 		break;
 
 	default:
 		break;
 	}
 
-#if 0 && defined(SLAPD_MONITOR)
-	{
-		/* FIXME: disabled because namingContexts doesn't have
-		 * a matching rule, and using an MRA filter doesn't work
-		 * because the normalized assertion is compared to the 
-		 * non-normalized value, which in general differs from
-		 * the normalized one.  See ITS#3406 */
-		struct berval	filter,
-				base = BER_BVC( "cn=Databases," SLAPD_MONITOR );
-		struct berval	vals[ 2 ];
-		Attribute	a = { 0 };
-
-		filter.bv_len = STRLENOF( "(&(namingContexts:distinguishedNameMatch:=)(monitoredInfo=ldap))" )
-			+ be->be_nsuffix[ 0 ].bv_len;
-		filter.bv_val = ch_malloc( filter.bv_len + 1 );
-		snprintf( filter.bv_val, filter.bv_len + 1,
-				"(&(namingContexts:distinguishedNameMatch:=%s)(monitoredInfo=ldap))",
-				be->be_nsuffix[ 0 ].bv_val );
-
-		a.a_desc = slap_schema.si_ad_labeledURI;
-		ber_str2bv( li->url, 0, 0, &vals[ 0 ] );
-		BER_BVZERO( &vals[ 1 ] );
-		a.a_vals = vals;
-		a.a_nvals = vals;
-		if ( monitor_back_register_entry_attrs( NULL, &a, NULL, &base, LDAP_SCOPE_SUBTREE, &filter ) ) {
-			/* error */
-		}
+	ber_str2bv( li->li_uri, 0, 0, &sb.sb_uri );
+	sb.sb_version = li->li_version;
+	sb.sb_method = LDAP_AUTH_SIMPLE;
+	BER_BVSTR( &sb.sb_binddn, "" );
 
-		ch_free( filter.bv_val );
+	if ( LDAP_BACK_T_F_DISCOVER( li ) && !LDAP_BACK_T_F( li ) ) {
+		rc = slap_discover_feature( &sb,
+				slap_schema.si_ad_supportedFeatures->ad_cname.bv_val,
+				LDAP_FEATURE_ABSOLUTE_FILTERS );
+		if ( rc == LDAP_COMPARE_TRUE ) {
+			li->li_flags |= LDAP_BACK_F_T_F;
+		}
 	}
-#endif /* SLAPD_MONITOR */
-
-	if ( li->flags & LDAP_BACK_F_SUPPORT_T_F_DISCOVER ) {
-		int		rc;
-
-		li->flags &= ~LDAP_BACK_F_SUPPORT_T_F_DISCOVER;
 
-		rc = ldap_back_discover_t_f_support( li->url, li->version );
+	if ( LDAP_BACK_CANCEL_DISCOVER( li ) && !LDAP_BACK_CANCEL( li ) ) {
+		rc = slap_discover_feature( &sb,
+				slap_schema.si_ad_supportedExtension->ad_cname.bv_val,
+				LDAP_EXOP_CANCEL );
 		if ( rc == LDAP_COMPARE_TRUE ) {
-			li->flags |= LDAP_BACK_F_SUPPORT_T_F;
+			li->li_flags |= LDAP_BACK_F_CANCEL_EXOP;
 		}
 	}
 
-	return 0;
+	/* monitor setup */
+	rc = ldap_back_monitor_db_open( be );
+	if ( rc != 0 ) {
+		/* ignore by now */
+		rc = 0;
+	}
+
+	li->li_flags |= LDAP_BACK_F_ISOPEN;
+
+	return rc;
 }
 
 void
 ldap_back_conn_free( void *v_lc )
 {
-	struct ldapconn	*lc = v_lc;
-	
-	ldap_unbind_ext_s( lc->lc_ld, NULL, NULL );
+	ldapconn_t	*lc = v_lc;
+
+	if ( lc->lc_ld != NULL ) {	
+		ldap_unbind_ext( lc->lc_ld, NULL, NULL );
+	}
 	if ( !BER_BVISNULL( &lc->lc_bound_ndn ) ) {
 		ch_free( lc->lc_bound_ndn.bv_val );
 	}
@@ -275,80 +272,70 @@ ldap_back_conn_free( void *v_lc )
 	if ( !BER_BVISNULL( &lc->lc_local_ndn ) ) {
 		ch_free( lc->lc_local_ndn.bv_val );
 	}
-	ldap_pvt_thread_mutex_destroy( &lc->lc_mutex );
+	lc->lc_q.tqe_prev = NULL;
+	lc->lc_q.tqe_next = NULL;
 	ch_free( lc );
 }
 
 int
-ldap_back_db_destroy(
-    Backend	*be
-)
+ldap_back_db_close( Backend *be, ConfigReply *cr )
 {
-	struct ldapinfo	*li;
+	int		rc = 0;
 
 	if ( be->be_private ) {
-		li = ( struct ldapinfo * )be->be_private;
+		rc = ldap_back_monitor_db_close( be );
+	}
 
-		ldap_pvt_thread_mutex_lock( &li->conn_mutex );
+	return rc;
+}
 
-		if ( li->url != NULL ) {
-			ch_free( li->url );
-			li->url = NULL;
-		}
-		if ( li->lud ) {
-			ldap_free_urldesc( li->lud );
-			li->lud = NULL;
-		}
-		if ( !BER_BVISNULL( &li->acl_authcID ) ) {
-			ch_free( li->acl_authcID.bv_val );
-			BER_BVZERO( &li->acl_authcID );
-		}
-		if ( !BER_BVISNULL( &li->acl_authcDN ) ) {
-			ch_free( li->acl_authcDN.bv_val );
-			BER_BVZERO( &li->acl_authcDN );
-		}
-		if ( !BER_BVISNULL( &li->acl_passwd ) ) {
-			ch_free( li->acl_passwd.bv_val );
-			BER_BVZERO( &li->acl_passwd );
-		}
-		if ( !BER_BVISNULL( &li->acl_sasl_mech ) ) {
-			ch_free( li->acl_sasl_mech.bv_val );
-			BER_BVZERO( &li->acl_sasl_mech );
-		}
-		if ( !BER_BVISNULL( &li->acl_sasl_realm ) ) {
-			ch_free( li->acl_sasl_realm.bv_val );
-			BER_BVZERO( &li->acl_sasl_realm );
-		}
-		if ( !BER_BVISNULL( &li->idassert_authcID ) ) {
-			ch_free( li->idassert_authcID.bv_val );
-			BER_BVZERO( &li->idassert_authcID );
-		}
-		if ( !BER_BVISNULL( &li->idassert_authcDN ) ) {
-			ch_free( li->idassert_authcDN.bv_val );
-			BER_BVZERO( &li->idassert_authcDN );
-		}
-		if ( !BER_BVISNULL( &li->idassert_passwd ) ) {
-			ch_free( li->idassert_passwd.bv_val );
-			BER_BVZERO( &li->idassert_passwd );
+int
+ldap_back_db_destroy( Backend *be, ConfigReply *cr )
+{
+	if ( be->be_private ) {
+		ldapinfo_t	*li = ( ldapinfo_t * )be->be_private;
+		unsigned	i;
+
+		(void)ldap_back_monitor_db_destroy( be );
+
+		ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
+
+		if ( li->li_uri != NULL ) {
+			ch_free( li->li_uri );
+			li->li_uri = NULL;
+
+			assert( li->li_bvuri != NULL );
+			ber_bvarray_free( li->li_bvuri );
+			li->li_bvuri = NULL;
 		}
-		if ( !BER_BVISNULL( &li->idassert_authzID ) ) {
-			ch_free( li->idassert_authzID.bv_val );
-			BER_BVZERO( &li->idassert_authzID );
+
+		bindconf_free( &li->li_tls );
+		bindconf_free( &li->li_acl );
+		bindconf_free( &li->li_idassert.si_bc );
+
+		if ( li->li_idassert_authz != NULL ) {
+			ber_bvarray_free( li->li_idassert_authz );
+			li->li_idassert_authz = NULL;
 		}
-		if ( !BER_BVISNULL( &li->idassert_sasl_mech ) ) {
-			ch_free( li->idassert_sasl_mech.bv_val );
-			BER_BVZERO( &li->idassert_sasl_mech );
+               	if ( li->li_conninfo.lai_tree ) {
+			avl_free( li->li_conninfo.lai_tree, ldap_back_conn_free );
 		}
-		if ( !BER_BVISNULL( &li->idassert_sasl_realm ) ) {
-			ch_free( li->idassert_sasl_realm.bv_val );
-			BER_BVZERO( &li->idassert_sasl_realm );
+		for ( i = LDAP_BACK_PCONN_FIRST; i < LDAP_BACK_PCONN_LAST; i++ ) {
+			while ( !LDAP_TAILQ_EMPTY( &li->li_conn_priv[ i ].lic_priv ) ) {
+				ldapconn_t	*lc = LDAP_TAILQ_FIRST( &li->li_conn_priv[ i ].lic_priv );
+
+				LDAP_TAILQ_REMOVE( &li->li_conn_priv[ i ].lic_priv, lc, lc_q );
+				ldap_back_conn_free( lc );
+			}
 		}
-                if ( li->conntree ) {
-			avl_free( li->conntree, ldap_back_conn_free );
+		if ( LDAP_BACK_QUARANTINE( li ) ) {
+			slap_retry_info_destroy( &li->li_quarantine );
+			ldap_pvt_thread_mutex_destroy( &li->li_quarantine_mutex );
 		}
 
-		ldap_pvt_thread_mutex_unlock( &li->conn_mutex );
-		ldap_pvt_thread_mutex_destroy( &li->conn_mutex );
+		ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
+		ldap_pvt_thread_mutex_destroy( &li->li_conninfo.lai_mutex );
+		ldap_pvt_thread_mutex_destroy( &li->li_uri_mutex );
 	}
 
 	ch_free( be->be_private );