X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fbackend.c;h=1b26ee117f3b41e94f8b01992fc0835398df8a3d;hb=0445405299ebc97d0f11585031fb1abef031caf9;hp=ca38d9f330b480bb3d487eb50bc0f3eddb15fd47;hpb=bf3df2f7a65bd6376ab709a4fc58523e4bb8121d;p=openldap diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c index ca38d9f330..1b26ee117f 100644 --- a/servers/slapd/backend.c +++ b/servers/slapd/backend.c @@ -18,6 +18,9 @@ #include "slap.h" #include "lutil.h" +#ifdef SLAPD_BDB +#include "back-bdb/external.h" +#endif #ifdef SLAPD_DNSSRV #include "back-dnssrv/external.h" #endif @@ -27,6 +30,9 @@ #ifdef SLAPD_LDBM #include "back-ldbm/external.h" #endif +#ifdef SLAPD_META +#include "back-meta/external.h" +#endif #ifdef SLAPD_PASSWD #include "back-passwd/external.h" #endif @@ -47,6 +53,9 @@ #endif static BackendInfo binfo[] = { +#if defined(SLAPD_BDB) && !defined(SLAPD_BDB_DYNAMIC) + {"bdb", bdb_initialize}, +#endif #if defined(SLAPD_DNSSRV) && !defined(SLAPD_DNSSRV_DYNAMIC) {"dnssrv", dnssrv_back_initialize}, #endif @@ -56,6 +65,9 @@ static BackendInfo binfo[] = { #if defined(SLAPD_LDBM) && !defined(SLAPD_LDBM_DYNAMIC) {"ldbm", ldbm_back_initialize}, #endif +#if defined(SLAPD_META) && !defined(SLAPD_META_DYNAMIC) + {"meta", meta_back_initialize}, +#endif #if defined(SLAPD_PASSWD) && !defined(SLAPD_PASSWD_DYNAMIC) {"passwd", passwd_back_initialize}, #endif @@ -90,8 +102,13 @@ int backend_init(void) if((nBackendInfo != 0) || (backendInfo != NULL)) { /* already initialized */ +#ifdef NEW_LOGGING + LDAP_LOG(( "backend", LDAP_LEVEL_ERR, + "backend_init: backend already initialized\n" )); +#else Debug( LDAP_DEBUG_ANY, "backend_init: already initialized.\n", 0, 0, 0 ); +#endif return -1; } @@ -102,10 +119,15 @@ int backend_init(void) rc = binfo[nBackendInfo].bi_init( &binfo[nBackendInfo] ); if(rc != 0) { +#ifdef NEW_LOGGING + LDAP_LOG(( "backend", LDAP_LEVEL_INFO, + "backend_init: initialized for type \"%s\"\n", + binfo[nBackendInfo].bi_type )); +#else Debug( LDAP_DEBUG_ANY, "backend_init: initialized for type \"%s\"\n", binfo[nBackendInfo].bi_type, 0, 0 ); - +#endif /* destroy those we've already inited */ for( nBackendInfo--; nBackendInfo >= 0 ; @@ -128,9 +150,15 @@ int backend_init(void) #ifdef SLAPD_MODULES return 0; #else - Debug( LDAP_DEBUG_ANY, + +#ifdef NEW_LOGGING + LDAP_LOG(( "backend", LDAP_LEVEL_ERR, + "backend_init: failed\n" )); +#else + Debug( LDAP_DEBUG_ANY, "backend_init: failed\n", 0, 0, 0 ); +#endif return rc; #endif /* SLAPD_MODULES */ @@ -141,9 +169,15 @@ int backend_add(BackendInfo *aBackendInfo) int rc = 0; if ((rc = aBackendInfo->bi_init(aBackendInfo)) != 0) { +#ifdef NEW_LOGGING + LDAP_LOG(( "backend", LDAP_LEVEL_ERR, + "backend_add: initialization for type \"%s\" failed\n", + aBackendInfo->bi_type )); +#else Debug( LDAP_DEBUG_ANY, "backend_add: initialization for type \"%s\" failed\n", aBackendInfo->bi_type, 0, 0 ); +#endif return rc; } @@ -176,26 +210,44 @@ int backend_startup(Backend *be) if( ! ( nBackendDB > 0 ) ) { /* no databases */ +#ifdef NEW_LOGGING + LDAP_LOG(( "backend", LDAP_LEVEL_INFO, + "backend_startup: %d databases to startup. \n", + nBackendDB )); +#else Debug( LDAP_DEBUG_ANY, "backend_startup: %d databases to startup.\n", nBackendDB, 0, 0 ); +#endif return 1; } if(be != NULL) { /* startup a specific backend database */ +#ifdef NEW_LOGGING + LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1, + "backend_startup: starting \"%s\"\n", + be->be_suffix[0] )); +#else Debug( LDAP_DEBUG_TRACE, - "backend_startup: starting database\n", - 0, 0, 0 ); + "backend_startup: starting \"%s\"\n", + be->be_suffix[0], 0, 0 ); +#endif if ( be->bd_info->bi_open ) { rc = be->bd_info->bi_open( be->bd_info ); } if(rc != 0) { +#ifdef NEW_LOGGING + LDAP_LOG(( "backend", LDAP_LEVEL_CRIT, + "backend_startup: bi_open failed!\n" )); +#else Debug( LDAP_DEBUG_ANY, "backend_startup: bi_open failed!\n", 0, 0, 0 ); +#endif + return rc; } @@ -204,9 +256,14 @@ int backend_startup(Backend *be) } if(rc != 0) { +#ifdef NEW_LOGGING + LDAP_LOG(( "backend", LDAP_LEVEL_CRIT, + "backend_startup: bi_db_open failed!\n" )); +#else Debug( LDAP_DEBUG_ANY, "backend_startup: bi_db_open failed!\n", 0, 0, 0 ); +#endif return rc; } @@ -226,9 +283,14 @@ int backend_startup(Backend *be) } if(rc != 0) { +#ifdef NEW_LOGGING + LDAP_LOG(( "backend", LDAP_LEVEL_CRIT, + "backend_startup: bi_open %d failed!\n", i )); +#else Debug( LDAP_DEBUG_ANY, "backend_startup: bi_open %d failed!\n", i, 0, 0 ); +#endif return rc; } } @@ -244,9 +306,14 @@ int backend_startup(Backend *be) } if(rc != 0) { +#ifdef NEW_LOGGING + LDAP_LOG(( "backend", LDAP_LEVEL_CRIT, + "backend_startup: bi_db_open %d failed!\n", i )); +#else Debug( LDAP_DEBUG_ANY, "backend_startup: bi_db_open %d failed!\n", i, 0, 0 ); +#endif return rc; } } @@ -298,9 +365,15 @@ int backend_shutdown( Backend *be ) } if(rc != 0) { +#ifdef NEW_LOGGING + LDAP_LOG(( "backend", LDAP_LEVEL_NOTICE, + "backend_shutdown: bi_close %s failed!\n", + backendDB[i].be_type )); +#else Debug( LDAP_DEBUG_ANY, "backend_close: bi_close %s failed!\n", backendDB[i].be_type, 0, 0 ); +#endif } } @@ -400,9 +473,6 @@ backend_db_init( /* assign a default depth limit for alias deref */ be->be_max_deref_depth = SLAPD_DEFAULT_MAXDEREFDEPTH; - be->be_realm = global_realm != NULL - ? ch_strdup( global_realm ) : NULL; - if(bi->bi_db_init) { rc = bi->bi_db_init( be ); } @@ -430,9 +500,12 @@ be_db_close( void ) } Backend * -select_backend( const char * dn ) +select_backend( + const char * dn, + int manageDSAit ) { int i, j, len, dnlen; + Backend *be = NULL; dnlen = strlen( dn ); for ( i = 0; i < nbackends; i++ ) { @@ -442,17 +515,33 @@ select_backend( const char * dn ) len = strlen( backends[i].be_nsuffix[j] ); if ( len > dnlen ) { + /* suffix is longer than DN */ continue; } - if ( strcmp( backends[i].be_nsuffix[j], - dn + (dnlen - len) ) == 0 ) { - return( &backends[i] ); + + if ( (len < dnlen) && !(DN_SEPARATOR( dn[(dnlen-len)-1] )) ) { + /* make sure we have a separator */ + continue; + } + + + if ( strcmp( backends[i].be_nsuffix[j], &dn[dnlen-len] ) == 0 ) { + if( be == NULL ) { + be = &backends[i]; + + if( manageDSAit && len == dnlen ) { + continue; + } + } else { + be = &backends[i]; + } + return be; } } } - return( NULL ); + return be; } int @@ -501,7 +590,10 @@ be_root_dn( Backend *be ) } int -be_isroot_pw( Backend *be, const char *ndn, struct berval *cred ) +be_isroot_pw( Backend *be, + Connection *conn, + const char *ndn, + struct berval *cred ) { int result; @@ -513,25 +605,36 @@ be_isroot_pw( Backend *be, const char *ndn, struct berval *cred ) return 0; } -#ifdef SLAPD_CRYPT - ldap_pvt_thread_mutex_lock( &crypt_mutex ); +#if defined( SLAPD_CRYPT ) || defined( SLAPD_SPASSWD ) + ldap_pvt_thread_mutex_lock( &passwd_mutex ); +#ifdef SLAPD_SPASSWD + lutil_passwd_sasl_conn = conn->c_sasl_context; +#endif #endif result = lutil_passwd( &be->be_root_pw, cred, NULL ); -#ifdef SLAPD_CRYPT - ldap_pvt_thread_mutex_unlock( &crypt_mutex ); +#if defined( SLAPD_CRYPT ) || defined( SLAPD_SPASSWD ) +#ifdef SLAPD_SPASSWD + lutil_passwd_sasl_conn = NULL; +#endif + ldap_pvt_thread_mutex_unlock( &passwd_mutex ); #endif return result == 0; } int -be_entry_release_rw( Backend *be, Entry *e, int rw ) +be_entry_release_rw( + BackendDB *be, + Connection *conn, + Operation *op, + Entry *e, + int rw ) { if ( be->be_release ) { /* free and release entry from backend */ - return be->be_release( be, e, rw ); + return be->be_release( be, conn, op, e, rw ); } else { /* free entry */ entry_free( e ); @@ -618,7 +721,7 @@ backend_check_restrictions( Backend *be, Connection *conn, Operation *op, - const char *extoid, + const void *opdata, const char **text ) { int rc; @@ -682,58 +785,79 @@ backend_check_restrictions( return LDAP_OTHER; } - if( ( extoid == NULL || strcmp( extoid, LDAP_EXOP_START_TLS ) ) - && op->o_tag != LDAP_REQ_BIND ) + if ( op->o_tag != LDAP_REQ_EXTENDED + || strcmp( (const char *) opdata, LDAP_EXOP_START_TLS ) ) { - /* these checks don't apply to bind nor StartTLS */ + /* these checks don't apply to StartTLS */ if( op->o_tag == LDAP_REQ_EXTENDED ) { /* threat other extended operations as update ops */ updateop++; } - if( op->o_ssf < ssf->sss_ssf ) { - *text = "confidentiality required"; - return LDAP_CONFIDENTIALITY_REQUIRED; - } if( op->o_transport_ssf < ssf->sss_transport ) { *text = "transport confidentiality required"; return LDAP_CONFIDENTIALITY_REQUIRED; } + if( op->o_tls_ssf < ssf->sss_tls ) { *text = "TLS confidentiality required"; return LDAP_CONFIDENTIALITY_REQUIRED; } - if( op->o_sasl_ssf < ssf->sss_sasl ) { - *text = "SASL confidentiality required"; - return LDAP_CONFIDENTIALITY_REQUIRED; - } - if( updateop ) { - if( op->o_ssf < ssf->sss_update_ssf ) { - *text = "update confidentiality required"; + if( op->o_tag != LDAP_REQ_BIND || opdata == NULL ) { + /* these checks don't apply to SASL bind */ + + if( op->o_sasl_ssf < ssf->sss_sasl ) { + *text = "SASL confidentiality required"; + return LDAP_CONFIDENTIALITY_REQUIRED; + } + + if( op->o_ssf < ssf->sss_ssf ) { + *text = "confidentiality required"; return LDAP_CONFIDENTIALITY_REQUIRED; } + } + + if( updateop ) { if( op->o_transport_ssf < ssf->sss_update_transport ) { *text = "transport update confidentiality required"; return LDAP_CONFIDENTIALITY_REQUIRED; } + if( op->o_tls_ssf < ssf->sss_update_tls ) { *text = "TLS update confidentiality required"; return LDAP_CONFIDENTIALITY_REQUIRED; } + if( op->o_sasl_ssf < ssf->sss_update_sasl ) { *text = "SASL update confidentiality required"; return LDAP_CONFIDENTIALITY_REQUIRED; } + + if( op->o_ssf < ssf->sss_update_ssf ) { + *text = "update confidentiality required"; + return LDAP_CONFIDENTIALITY_REQUIRED; + } + + if( op->o_ndn == NULL ) { + *text = "modifications require authentication"; + return LDAP_OPERATIONS_ERROR; + } } + } + + if ( op->o_tag != LDAP_REQ_BIND && ( op->o_tag != LDAP_REQ_EXTENDED || + strcmp( (const char *) opdata, LDAP_EXOP_START_TLS ) ) ) + { + /* these checks don't apply to Bind or StartTLS */ if( requires & SLAP_REQUIRE_STRONG ) { /* should check mechanism */ if( op->o_authmech == NULL || op->o_dn == NULL || *op->o_dn == '\0' ) { - *text = "SASL authentication required"; + *text = "strong authentication required"; return LDAP_STRONG_AUTH_REQUIRED; } } @@ -777,9 +901,7 @@ backend_check_restrictions( } if( restrictops & opflag ) { - if( (restrictops & SLAP_RESTRICT_OP_READS) - == SLAP_RESTRICT_OP_READS ) - { + if( restrictops == SLAP_RESTRICT_OP_READS ) { *text = "read operations restricted"; } else { *text = "operation restricted"; @@ -817,6 +939,8 @@ int backend_check_referrals( int backend_group( Backend *be, + Connection *conn, + Operation *op, Entry *target, const char *gr_ndn, const char *op_ndn, @@ -827,7 +951,7 @@ backend_group( if( strcmp( target->e_ndn, gr_ndn ) != 0 ) { /* we won't attempt to send it to a different backend */ - be = select_backend(gr_ndn); + be = select_backend(gr_ndn, 0); if (be == NULL) { return LDAP_NO_SUCH_OBJECT; @@ -835,7 +959,8 @@ backend_group( } if( be->be_group ) { - return be->be_group( be, target, gr_ndn, op_ndn, + return be->be_group( be, conn, op, + target, gr_ndn, op_ndn, group_oc, group_at ); } @@ -856,7 +981,7 @@ backend_attribute( if( target == NULL || strcmp( target->e_ndn, e_ndn ) != 0 ) { /* we won't attempt to send it to a different backend */ - be = select_backend(e_ndn); + be = select_backend(e_ndn, 0); if (be == NULL) { return LDAP_NO_SUCH_OBJECT; @@ -873,6 +998,8 @@ backend_attribute( Attribute *backend_operational( Backend *be, + Connection *conn, + Operation *op, Entry *e ) { Attribute *a = NULL;