X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fbackend.c;h=e4df383b0c941e4a57e35ff4b43138706b6244ba;hb=5487575086d2060ab05a408543ff07be31b400a8;hp=6cb351feacb1f955229fa8b964c6f516eb85d14c;hpb=0de20c028f1bdbc126e06f5a49568eac0d5317c1;p=openldap diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c index 6cb351feac..e4df383b0c 100644 --- a/servers/slapd/backend.c +++ b/servers/slapd/backend.c @@ -2,7 +2,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 1998-2005 The OpenLDAP Foundation. + * Copyright 1998-2006 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -196,7 +196,7 @@ int backend_startup_one(Backend *be) assert( be != NULL ); be->be_pending_csn_list = (struct be_pcl *) - ch_calloc( 1, sizeof( struct be_pcl )); + ch_calloc( 1, sizeof( struct be_pcl ) ); LDAP_TAILQ_INIT( be->be_pending_csn_list ); @@ -422,6 +422,23 @@ void backend_destroy_one( BackendDB *bd, int dynamic ) } acl_destroy( bd->be_acl, frontendDB->be_acl ); limits_destroy( bd->be_limits ); + if ( bd->be_replogfile ) { + ch_free( bd->be_replogfile ); + } + if ( bd->be_replica_argsfile ) { + ch_free( bd->be_replica_argsfile ); + } + if ( bd->be_replica_pidfile ) { + ch_free( bd->be_replica_pidfile ); + } + destroy_replica_info( bd ); + if ( !BER_BVISNULL( &bd->be_update_ndn ) ) { + ch_free( bd->be_update_ndn.bv_val ); + } + if ( bd->be_update_refs ) { + ber_bvarray_free( bd->be_update_refs ); + } + if ( dynamic ) { free( bd ); } @@ -465,6 +482,17 @@ int backend_destroy(void) free( bd->be_rootpw.bv_val ); } acl_destroy( bd->be_acl, frontendDB->be_acl ); + + if ( bd->be_replogfile != NULL ) { + free( bd->be_replogfile ); + } + if ( bd->be_replica_argsfile ) { + ch_free( bd->be_replica_argsfile ); + } + if ( bd->be_replica_pidfile ) { + ch_free( bd->be_replica_pidfile ); + } + assert( bd->be_replica == NULL ); } return 0; @@ -487,9 +515,9 @@ BackendInfo* backend_info(const char *type) BackendDB * backend_db_init( - const char *type ) + const char *type, + BackendDB *be ) { - Backend *be; BackendInfo *bi = backend_info(type); int rc = 0; @@ -498,9 +526,14 @@ backend_db_init( return NULL; } - be = ch_calloc( 1, sizeof(Backend) ); - nbackends++; - LDAP_STAILQ_INSERT_TAIL(&backendDB, be, be_next); + /* If be is provided, treat it as private. Otherwise allocate + * one and add it to the global list. + */ + if ( !be ) { + be = ch_calloc( 1, sizeof(Backend) ); + nbackends++; + LDAP_STAILQ_INSERT_TAIL(&backendDB, be, be_next); + } be->bd_info = bi; @@ -598,7 +631,13 @@ select_backend( continue; } } else { - b2 = be; + /* If any parts of the tree are glued, use the first + * match regardless of manageDSAit. Otherwise use the + * last match. + */ + if( !( SLAP_DBFLAGS( be ) & ( SLAP_DBFLAG_GLUE_INSTANCE | + SLAP_DBFLAG_GLUE_SUBORDINATE ))) + b2 = be; } return b2; } @@ -779,10 +818,14 @@ backend_check_controls( /* unrecognized control */ if ( (*ctrls)->ldctl_iscritical ) { /* should not be reachable */ - Debug( LDAP_DEBUG_ANY, - "backend_check_controls: unrecognized control: %s\n", + Debug( LDAP_DEBUG_ANY, "backend_check_controls: " + "unrecognized critical control: %s\n", (*ctrls)->ldctl_oid, 0, 0 ); assert( 0 ); + } else { + Debug( LDAP_DEBUG_TRACE, "backend_check_controls: " + "unrecognized non-critical control: %s\n", + (*ctrls)->ldctl_oid, 0, 0 ); } break; @@ -821,11 +864,14 @@ backend_check_controls( } } + /* temporarily removed */ +#if 0 /* check should be generalized */ if( get_manageDIT(op) && !be_isroot(op)) { rs->sr_text = "requires manager authorization"; rs->sr_err = LDAP_UNWILLING_TO_PERFORM; } +#endif done:; return rs->sr_err; @@ -1167,19 +1213,17 @@ be_entry_get_rw( int rw, Entry **e ) { - int rc; - *e = NULL; - if (op->o_bd == NULL) { - rc = LDAP_NO_SUCH_OBJECT; - } else if ( op->o_bd->be_fetch ) { - rc = ( op->o_bd->be_fetch )( op, ndn, - oc, at, rw, e ); - } else { - rc = LDAP_UNWILLING_TO_PERFORM; + if ( op->o_bd == NULL ) { + return LDAP_NO_SUCH_OBJECT; } - return rc; + + if ( op->o_bd->be_fetch ) { + return op->o_bd->be_fetch( op, ndn, oc, at, rw, e ); + } + + return LDAP_UNWILLING_TO_PERFORM; } int @@ -1192,6 +1236,7 @@ fe_acl_group( AttributeDescription *group_at ) { Entry *e; + void *o_priv = op->o_private, *e_priv = NULL; Attribute *a; int rc; GroupAssertion *g; @@ -1219,7 +1264,10 @@ fe_acl_group( e = target; rc = 0; } else { + op->o_private = NULL; rc = be_entry_get_rw( op, gr_ndn, group_oc, group_at, 0, &e ); + e_priv = op->o_private; + op->o_private = o_priv; } if ( e ) { a = attr_find( e->e_attrs, group_at ); @@ -1235,13 +1283,17 @@ fe_acl_group( struct berval bv, nbase; Filter *filter; Entry *user; + void *user_priv = NULL; Backend *b2 = op->o_bd; if ( target && dn_match( &target->e_nname, op_ndn ) ) { user = target; } else { op->o_bd = select_backend( op_ndn, 0, 0 ); + op->o_private = NULL; rc = be_entry_get_rw(op, op_ndn, NULL, NULL, 0, &user ); + user_priv = op->o_private; + op->o_private = o_priv; } if ( rc == 0 ) { @@ -1283,14 +1335,12 @@ fe_acl_group( goto loopit; } break; -#ifdef LDAP_SCOPE_SUBORDINATE case LDAP_SCOPE_SUBORDINATE: if ( dn_match( &nbase, op_ndn ) || !dnIsSuffix( op_ndn, &nbase ) ) { goto loopit; } -#endif } filter = str2filter_x( op, ludp->lud_filter ); if ( filter ) { @@ -1309,7 +1359,9 @@ loopit: if ( rc == 0 ) break; } if ( user != target ) { + op->o_private = user_priv; be_entry_release_r( op, user ); + op->o_private = o_priv; } } op->o_bd = b2; @@ -1324,8 +1376,10 @@ loopit: } else { rc = LDAP_NO_SUCH_ATTRIBUTE; } - if (e != target ) { + if ( e != target ) { + op->o_private = e_priv; be_entry_release_r( op, e ); + op->o_private = o_priv; } } else { rc = LDAP_NO_SUCH_OBJECT; @@ -1366,8 +1420,13 @@ backend_group( be_orig = op->o_bd; op->o_bd = frontendDB; +#ifdef SLAP_OVERLAY_ACCESS rc = frontendDB->be_group( op, target, gr_ndn, op_ndn, group_oc, group_at ); +#else /* ! SLAP_OVERLAY_ACCESS */ + rc = fe_acl_group( op, target, gr_ndn, + op_ndn, group_oc, group_at ); +#endif /* ! SLAP_OVERLAY_ACCESS */ op->o_bd = be_orig; return rc; @@ -1383,6 +1442,7 @@ fe_acl_attribute( slap_access_t access ) { Entry *e = NULL; + void *o_priv = op->o_private, *e_priv = NULL; Attribute *a = NULL; int freeattr = 0, i, j, rc = LDAP_SUCCESS; AccessControlState acl_state = ACL_STATE_INIT; @@ -1394,10 +1454,26 @@ fe_acl_attribute( e = target; } else { + op->o_private = NULL; rc = be_entry_get_rw( op, edn, NULL, entry_at, 0, &e ); + e_priv = op->o_private; + op->o_private = o_priv; } if ( e ) { + if ( entry_at == slap_schema.si_ad_entry || entry_at == slap_schema.si_ad_children ) { + assert( vals == NULL ); + + rc = LDAP_SUCCESS; + if ( op->o_conn && access > ACL_NONE && + access_allowed( op, e, entry_at, NULL, + access, &acl_state ) == 0 ) + { + rc = LDAP_INSUFFICIENT_ACCESS; + } + goto freeit; + } + a = attr_find( e->e_attrs, entry_at ); if ( a == NULL ) { SlapReply rs = { 0 }; @@ -1470,7 +1546,9 @@ fe_acl_attribute( } } freeit: if ( e != target ) { + op->o_private = e_priv; be_entry_release_r( op, e ); + op->o_private = o_priv; } if ( freeattr ) { attr_free( a ); @@ -1495,8 +1573,13 @@ backend_attribute( be_orig = op->o_bd; op->o_bd = frontendDB; +#ifdef SLAP_OVERLAY_ACCESS rc = frontendDB->be_attribute( op, target, edn, entry_at, vals, access ); +#else /* !SLAP_OVERLAY_ACCESS */ + rc = fe_acl_attribute( op, target, edn, + entry_at, vals, access ); +#endif /* !SLAP_OVERLAY_ACCESS */ op->o_bd = be_orig; return rc; @@ -1513,6 +1596,7 @@ backend_access( slap_mask_t *mask ) { Entry *e = NULL; + void *o_priv = op->o_private, *e_priv = NULL; int rc = LDAP_INSUFFICIENT_ACCESS; Backend *be = op->o_bd; @@ -1528,7 +1612,10 @@ backend_access( e = target; } else { + op->o_private = NULL; rc = be_entry_get_rw( op, edn, NULL, entry_at, 0, &e ); + e_priv = op->o_private; + op->o_private = o_priv; } if ( e ) { @@ -1592,7 +1679,9 @@ backend_access( } } freeit: if ( e != target ) { + op->o_private = e_priv; be_entry_release_r( op, e ); + op->o_private = o_priv; } if ( freeattr ) { attr_free( a ); @@ -1620,27 +1709,29 @@ fe_aux_operational( * and the backend supports specific operational attributes, * add them to the attribute list */ - if ( SLAP_OPATTRS( rs->sr_attr_flags ) || ( rs->sr_attrs && - ad_inlist( slap_schema.si_ad_entryDN, rs->sr_attrs ) ) ) + if ( !( rs->sr_flags & REP_NO_ENTRYDN ) + && ( SLAP_OPATTRS( rs->sr_attr_flags ) || ( rs->sr_attrs && + ad_inlist( slap_schema.si_ad_entryDN, rs->sr_attrs ) ) ) ) { *ap = slap_operational_entryDN( rs->sr_entry ); ap = &(*ap)->a_next; } - if ( SLAP_OPATTRS( rs->sr_attr_flags ) || ( rs->sr_attrs && - ad_inlist( slap_schema.si_ad_subschemaSubentry, rs->sr_attrs ) ) ) + if ( !( rs->sr_flags & REP_NO_SUBSCHEMA) + && ( SLAP_OPATTRS( rs->sr_attr_flags ) || ( rs->sr_attrs && + ad_inlist( slap_schema.si_ad_subschemaSubentry, rs->sr_attrs ) ) ) ) { *ap = slap_operational_subschemaSubentry( op->o_bd ); ap = &(*ap)->a_next; } - if ( op->o_bd != NULL && op->o_bd != frontendDB ) + if ( op->o_bd != NULL ) { /* Let the overlays have a chance at this */ be_orig = op->o_bd; - op->o_bd = select_backend( &op->o_ndn, 0, 0 ); - - if ( ( SLAP_OPATTRS( rs->sr_attr_flags ) || rs->sr_attrs ) && + op->o_bd = select_backend( &op->o_req_ndn, 0, 0 ); + if ( !be_match( op->o_bd, frontendDB ) && + ( SLAP_OPATTRS( rs->sr_attr_flags ) || rs->sr_attrs ) && op->o_bd != NULL && op->o_bd->be_operational != NULL ) { rc = op->o_bd->be_operational( op, rs );