X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-monitor%2Fsearch.c;h=e71afa20b0567be706392d2deeaebeea3cfe0484;hb=0a465343fb6d6d8df9091699885bf352c3b1d4b3;hp=15fd74db6695f27eeb4d1c225eb627f98c14b60e;hpb=70884b88608ec83c4bed4ecc37a5f4256643816b;p=openldap diff --git a/servers/slapd/back-monitor/search.c b/servers/slapd/back-monitor/search.c index 15fd74db66..e71afa20b0 100644 --- a/servers/slapd/back-monitor/search.c +++ b/servers/slapd/back-monitor/search.c @@ -2,7 +2,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 2001-2004 The OpenLDAP Foundation. + * Copyright 2001-2006 The OpenLDAP Foundation. * Portions Copyright 2001-2003 Pierangelo Masarati. * All rights reserved. * @@ -39,16 +39,19 @@ monitor_send_children( ) { monitor_info_t *mi = ( monitor_info_t * )op->o_bd->be_private; - Entry *e, *e_tmp, *e_ch; + Entry *e, + *e_tmp, + *e_ch = NULL, + *e_nonvolatile = NULL; monitor_entry_t *mp; - int rc; + int rc, + nonvolatile = 0; mp = ( monitor_entry_t * )e_parent->e_private; - e = mp->mp_children; + e_nonvolatile = e = mp->mp_children; - e_ch = NULL; if ( MONITOR_HAS_VOLATILE_CH( mp ) ) { - monitor_entry_create( op, NULL, e_parent, &e_ch ); + monitor_entry_create( op, rs, NULL, e_parent, &e_ch ); } monitor_cache_release( mi, e_parent ); @@ -56,7 +59,7 @@ monitor_send_children( if ( e_ch == NULL ) { /* no persistent entries? return */ if ( e == NULL ) { - return( 0 ); + return LDAP_SUCCESS; } /* volatile entries */ @@ -64,7 +67,6 @@ monitor_send_children( /* if no persistent, return only volatile */ if ( e == NULL ) { e = e_ch; - monitor_cache_lock( e_ch ); /* else append persistent to volatile */ } else { @@ -83,36 +85,78 @@ monitor_send_children( } /* return entries */ - for ( ; e != NULL; ) { - mp = ( monitor_entry_t * )e->e_private; + for ( monitor_cache_lock( e ); e != NULL; ) { + monitor_entry_update( op, rs, e ); + + if ( op->o_abandon ) { + /* FIXME: may leak generated children */ + if ( nonvolatile == 0 ) { + for ( e_tmp = e; e_tmp != NULL; ) { + mp = ( monitor_entry_t * )e_tmp->e_private; + e = e_tmp; + e_tmp = mp->mp_next; + monitor_cache_release( mi, e ); + + if ( e_tmp == e_nonvolatile ) { + break; + } + } + + } else { + monitor_cache_release( mi, e ); + } - monitor_entry_update( op, e ); + return SLAPD_ABANDON; + } rc = test_filter( op, e, op->oq_search.rs_filter ); if ( rc == LDAP_COMPARE_TRUE ) { rs->sr_entry = e; rs->sr_flags = 0; - send_search_entry( op, rs ); + rc = send_search_entry( op, rs ); rs->sr_entry = NULL; } - if ( ( mp->mp_children || MONITOR_HAS_VOLATILE_CH( mp ) ) - && sub ) { + mp = ( monitor_entry_t * )e->e_private; + e_tmp = mp->mp_next; + + if ( sub ) { rc = monitor_send_children( op, rs, e, sub ); if ( rc ) { + /* FIXME: may leak generated children */ + if ( nonvolatile == 0 ) { + for ( ; e_tmp != NULL; ) { + mp = ( monitor_entry_t * )e_tmp->e_private; + e = e_tmp; + e_tmp = mp->mp_next; + monitor_cache_release( mi, e ); + + if ( e_tmp == e_nonvolatile ) { + break; + } + } + } + return( rc ); } } - e_tmp = mp->mp_next; if ( e_tmp != NULL ) { monitor_cache_lock( e_tmp ); } - monitor_cache_release( mi, e ); + + if ( !sub ) { + /* otherwise the recursive call already released */ + monitor_cache_release( mi, e ); + } + e = e_tmp; + if ( e == e_nonvolatile ) { + nonvolatile = 1; + } } - return( 0 ); + return LDAP_SUCCESS; } int @@ -120,17 +164,28 @@ monitor_back_search( Operation *op, SlapReply *rs ) { monitor_info_t *mi = ( monitor_info_t * )op->o_bd->be_private; int rc = LDAP_SUCCESS; - Entry *e, *matched = NULL; + Entry *e = NULL, *matched = NULL; + slap_mask_t mask; Debug( LDAP_DEBUG_TRACE, "=> monitor_back_search\n", 0, 0, 0 ); /* get entry with reader lock */ - monitor_cache_dn2entry( op, &op->o_req_ndn, &e, &matched ); + monitor_cache_dn2entry( op, rs, &op->o_req_ndn, &e, &matched ); if ( e == NULL ) { rs->sr_err = LDAP_NO_SUCH_OBJECT; if ( matched ) { - rs->sr_matched = matched->e_dn; +#ifdef SLAP_ACL_HONOR_DISCLOSE + if ( !access_allowed_mask( op, matched, + slap_schema.si_ad_entry, + NULL, ACL_DISCLOSE, NULL, NULL ) ) + { + /* do nothing */ ; + } else +#endif /* SLAP_ACL_HONOR_DISCLOSE */ + { + rs->sr_matched = matched->e_dn; + } } send_ldap_result( op, rs ); @@ -139,13 +194,34 @@ monitor_back_search( Operation *op, SlapReply *rs ) rs->sr_matched = NULL; } - return( 0 ); + return rs->sr_err; + } + + /* NOTE: __NEW__ "search" access is required + * on searchBase object */ + if ( !access_allowed_mask( op, e, slap_schema.si_ad_entry, + NULL, ACL_SEARCH, NULL, &mask ) ) + { + monitor_cache_release( mi, e ); + +#ifdef SLAP_ACL_HONOR_DISCLOSE + if ( !ACL_GRANT( mask, ACL_DISCLOSE ) ) { + rs->sr_err = LDAP_NO_SUCH_OBJECT; + } else +#endif /* SLAP_ACL_HONOR_DISCLOSE */ + { + rs->sr_err = LDAP_INSUFFICIENT_ACCESS; + } + + send_ldap_result( op, rs ); + + return rs->sr_err; } rs->sr_attrs = op->oq_search.rs_attrs; switch ( op->oq_search.rs_scope ) { case LDAP_SCOPE_BASE: - monitor_entry_update( op, e ); + monitor_entry_update( op, rs, e ); rc = test_filter( op, e, op->oq_search.rs_filter ); if ( rc == LDAP_COMPARE_TRUE ) { rs->sr_entry = e; @@ -159,14 +235,10 @@ monitor_back_search( Operation *op, SlapReply *rs ) case LDAP_SCOPE_ONELEVEL: rc = monitor_send_children( op, rs, e, 0 ); - if ( rc ) { - rc = LDAP_OTHER; - } - break; case LDAP_SCOPE_SUBTREE: - monitor_entry_update( op, e ); + monitor_entry_update( op, rs, e ); rc = test_filter( op, e, op->oq_search.rs_filter ); if ( rc == LDAP_COMPARE_TRUE ) { rs->sr_entry = e; @@ -176,17 +248,15 @@ monitor_back_search( Operation *op, SlapReply *rs ) } rc = monitor_send_children( op, rs, e, 1 ); - if ( rc ) { - rc = LDAP_OTHER; - } - break; } - + rs->sr_attrs = NULL; rs->sr_err = rc; - send_ldap_result( op, rs ); + if ( rs->sr_err != SLAPD_ABANDON ) { + send_ldap_result( op, rs ); + } - return( rc == LDAP_SUCCESS ? 0 : 1 ); + return rs->sr_err; }