X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fbackover.c;h=88bd1731805410d0404dfc8a2a9eeb1856b27e03;hb=34f4c2cb97dd6c7851e30298c7e014e170f54665;hp=0e8b0c27ac58f523020a917bb563462b07cf2884;hpb=2e53c5ab6b8e090ce32c22daef970b0d3b66d9d7;p=openldap diff --git a/servers/slapd/backover.c b/servers/slapd/backover.c index 0e8b0c27ac..88bd173180 100644 --- a/servers/slapd/backover.c +++ b/servers/slapd/backover.c @@ -2,7 +2,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 2003-2005 The OpenLDAP Foundation. + * Copyright 2003-2006 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -29,7 +29,12 @@ static slap_overinst *overlays; -enum db_which { db_open = 0, db_close, db_destroy }; +enum db_which { + db_open = 0, + db_close, + db_destroy, + db_last +}; static int over_db_func( @@ -74,7 +79,6 @@ over_db_config( BackendInfo *bi_orig = be->bd_info; struct ConfigOCs *be_cf_ocs = be->be_cf_ocs; ConfigArgs ca = {0}; - ConfigTable *ct; int rc = 0; if ( oi->oi_orig->bi_db_config ) { @@ -133,6 +137,9 @@ over_db_config( ca.fname = fname; ca.lineno = lineno; ca.be = be; + snprintf( ca.log, sizeof( ca.log ), "%s: line %d", + ca.fname, ca.lineno ); + for (; on; on=on->on_next) { rc = SLAP_CONF_UNKNOWN; if (on->on_bi.bi_cf_ocs) { @@ -141,6 +148,8 @@ over_db_config( ct = config_find_keyword( on->on_bi.bi_cf_ocs->co_table, &ca ); if ( ct ) { rc = config_add_vals( ct, &ca ); + if ( rc != SLAP_CONF_UNKNOWN ) + break; } } if (on->on_bi.bi_db_config && rc == SLAP_CONF_UNKNOWN) { @@ -230,45 +239,6 @@ over_back_response ( Operation *op, SlapReply *rs ) return rc; } -enum op_which { - op_bind = 0, - op_unbind, - op_search, - op_compare, - op_modify, - op_modrdn, - op_add, - op_delete, - op_abandon, - op_cancel, - op_extended, - op_aux_operational, - op_aux_chk_referrals, - op_aux_chk_controls, - op_last -}; - -/* - * default return code in case of missing backend function - * and overlay stack returning SLAP_CB_CONTINUE - */ -static int op_rc[] = { - LDAP_UNWILLING_TO_PERFORM, /* bind */ - LDAP_UNWILLING_TO_PERFORM, /* unbind */ - LDAP_UNWILLING_TO_PERFORM, /* search */ - SLAP_CB_CONTINUE, /* compare; pass to frontend */ - LDAP_UNWILLING_TO_PERFORM, /* modify */ - LDAP_UNWILLING_TO_PERFORM, /* modrdn */ - LDAP_UNWILLING_TO_PERFORM, /* add */ - LDAP_UNWILLING_TO_PERFORM, /* delete */ - LDAP_UNWILLING_TO_PERFORM, /* abandon */ - LDAP_UNWILLING_TO_PERFORM, /* cancel */ - LDAP_UNWILLING_TO_PERFORM, /* extended */ - LDAP_SUCCESS, /* aux_operational */ - LDAP_SUCCESS, /* aux_chk_referrals */ - SLAP_CB_CONTINUE /* aux_chk_controls; pass to frontend */ -}; - #ifdef SLAP_OVERLAY_ACCESS static int over_access_allowed( @@ -282,7 +252,7 @@ over_access_allowed( { slap_overinfo *oi; slap_overinst *on; - BackendInfo *bi = op->o_bd->bd_info; + BackendInfo *bi; BackendDB *be = op->o_bd, db; int rc = SLAP_CB_CONTINUE; @@ -290,7 +260,13 @@ over_access_allowed( * when global overlays are used... */ assert( op->o_bd != NULL ); - oi = op->o_bd->bd_info->bi_private; + bi = op->o_bd->bd_info; + /* Were we invoked on the frontend? */ + if ( !bi->bi_access_allowed ) { + oi = frontendDB->bd_info->bi_private; + } else { + oi = op->o_bd->bd_info->bi_private; + } on = oi->oi_list; for ( ; on; on = on->on_next ) { @@ -338,20 +314,20 @@ over_access_allowed( return rc; } -#endif /* SLAP_OVERLAY_ACCESS */ static int -over_op_func( - Operation *op, - SlapReply *rs, - enum op_which which -) +over_acl_group( + Operation *op, + Entry *e, + struct berval *gr_ndn, + struct berval *op_ndn, + ObjectClass *group_oc, + AttributeDescription *group_at ) { slap_overinfo *oi; slap_overinst *on; - BI_op_bind **func; + BackendInfo *bi = op->o_bd->bd_info; BackendDB *be = op->o_bd, db; - slap_callback cb = {NULL, over_back_response, NULL, NULL}; int rc = SLAP_CB_CONTINUE; /* FIXME: used to happen for instance during abandon @@ -361,14 +337,152 @@ over_op_func( oi = op->o_bd->bd_info->bi_private; on = oi->oi_list; - if ( !SLAP_ISOVERLAY( op->o_bd )) { - db = *op->o_bd; - db.be_flags |= SLAP_DBFLAG_OVERLAY; - op->o_bd = &db; + for ( ; on; on = on->on_next ) { + if ( on->on_bi.bi_acl_group ) { + /* NOTE: do not copy the structure until required */ + if ( !SLAP_ISOVERLAY( op->o_bd ) ) { + db = *op->o_bd; + db.be_flags |= SLAP_DBFLAG_OVERLAY; + op->o_bd = &db; + } + + op->o_bd->bd_info = (BackendInfo *)on; + rc = on->on_bi.bi_acl_group( op, e, + gr_ndn, op_ndn, group_oc, group_at ); + if ( rc != SLAP_CB_CONTINUE ) break; + } } - cb.sc_next = op->o_callback; - cb.sc_private = oi; - op->o_callback = &cb; + + if ( rc == SLAP_CB_CONTINUE ) { + BI_acl_group *bi_acl_group; + + /* if the database structure was changed, o_bd points to a + * copy of the structure; put the original bd_info in place */ + if ( SLAP_ISOVERLAY( op->o_bd ) ) { + op->o_bd->bd_info = oi->oi_orig; + } + + if ( oi->oi_orig->bi_acl_group ) { + bi_acl_group = oi->oi_orig->bi_acl_group; + } else { + bi_acl_group = backend_group; + } + + rc = bi_acl_group( op, e, + gr_ndn, op_ndn, group_oc, group_at ); + } + /* should not fall thru this far without anything happening... */ + if ( rc == SLAP_CB_CONTINUE ) { + /* access not allowed */ + rc = 0; + } + + op->o_bd = be; + op->o_bd->bd_info = bi; + + return rc; +} + +static int +over_acl_attribute( + Operation *op, + Entry *target, + struct berval *entry_ndn, + AttributeDescription *entry_at, + BerVarray *vals, + slap_access_t access ) +{ + slap_overinfo *oi; + slap_overinst *on; + BackendInfo *bi = op->o_bd->bd_info; + BackendDB *be = op->o_bd, db; + int rc = SLAP_CB_CONTINUE; + + /* FIXME: used to happen for instance during abandon + * when global overlays are used... */ + assert( op->o_bd != NULL ); + + oi = op->o_bd->bd_info->bi_private; + on = oi->oi_list; + + for ( ; on; on = on->on_next ) { + if ( on->on_bi.bi_acl_attribute ) { + /* NOTE: do not copy the structure until required */ + if ( !SLAP_ISOVERLAY( op->o_bd ) ) { + db = *op->o_bd; + db.be_flags |= SLAP_DBFLAG_OVERLAY; + op->o_bd = &db; + } + + op->o_bd->bd_info = (BackendInfo *)on; + rc = on->on_bi.bi_acl_attribute( op, target, + entry_ndn, entry_at, vals, access ); + if ( rc != SLAP_CB_CONTINUE ) break; + } + } + + if ( rc == SLAP_CB_CONTINUE ) { + BI_acl_attribute *bi_acl_attribute; + + /* if the database structure was changed, o_bd points to a + * copy of the structure; put the original bd_info in place */ + if ( SLAP_ISOVERLAY( op->o_bd ) ) { + op->o_bd->bd_info = oi->oi_orig; + } + + if ( oi->oi_orig->bi_acl_attribute ) { + bi_acl_attribute = oi->oi_orig->bi_acl_attribute; + } else { + bi_acl_attribute = backend_attribute; + } + + rc = bi_acl_attribute( op, target, + entry_ndn, entry_at, vals, access ); + } + /* should not fall thru this far without anything happening... */ + if ( rc == SLAP_CB_CONTINUE ) { + /* access not allowed */ + rc = 0; + } + + op->o_bd = be; + op->o_bd->bd_info = bi; + + return rc; +} +#endif /* SLAP_OVERLAY_ACCESS */ + +/* + * default return code in case of missing backend function + * and overlay stack returning SLAP_CB_CONTINUE + */ +static int op_rc[ op_last ] = { + LDAP_UNWILLING_TO_PERFORM, /* bind */ + LDAP_UNWILLING_TO_PERFORM, /* unbind */ + LDAP_UNWILLING_TO_PERFORM, /* search */ + SLAP_CB_CONTINUE, /* compare; pass to frontend */ + LDAP_UNWILLING_TO_PERFORM, /* modify */ + LDAP_UNWILLING_TO_PERFORM, /* modrdn */ + LDAP_UNWILLING_TO_PERFORM, /* add */ + LDAP_UNWILLING_TO_PERFORM, /* delete */ + LDAP_UNWILLING_TO_PERFORM, /* abandon */ + LDAP_UNWILLING_TO_PERFORM, /* cancel */ + LDAP_UNWILLING_TO_PERFORM, /* extended */ + LDAP_SUCCESS, /* aux_operational */ + LDAP_SUCCESS, /* aux_chk_referrals */ + SLAP_CB_CONTINUE /* aux_chk_controls; pass to frontend */ +}; + +int overlay_op_walk( + Operation *op, + SlapReply *rs, + slap_operation_t which, + slap_overinfo *oi, + slap_overinst *on +) +{ + BI_op_bind **func; + int rc = SLAP_CB_CONTINUE; for (; on; on=on->on_next ) { func = &on->on_bi.bi_op_bind; @@ -394,14 +508,48 @@ over_op_func( */ if ( rc == LDAP_UNWILLING_TO_PERFORM ) { slap_callback *sc_next; - for ( ; op->o_callback && op->o_callback != cb.sc_next; - op->o_callback = sc_next ) { + for ( ; op->o_callback && op->o_callback->sc_response != + over_back_response; op->o_callback = sc_next ) { sc_next = op->o_callback->sc_next; if ( op->o_callback->sc_cleanup ) { op->o_callback->sc_cleanup( op, rs ); } } } + return rc; +} + +static int +over_op_func( + Operation *op, + SlapReply *rs, + slap_operation_t which +) +{ + slap_overinfo *oi; + slap_overinst *on; + BackendDB *be = op->o_bd, db; + slap_callback cb = {NULL, over_back_response, NULL, NULL}; + int rc = SLAP_CB_CONTINUE; + + /* FIXME: used to happen for instance during abandon + * when global overlays are used... */ + assert( op->o_bd != NULL ); + + oi = op->o_bd->bd_info->bi_private; + on = oi->oi_list; + + if ( !SLAP_ISOVERLAY( op->o_bd )) { + db = *op->o_bd; + db.be_flags |= SLAP_DBFLAG_OVERLAY; + op->o_bd = &db; + } + cb.sc_next = op->o_callback; + cb.sc_private = oi; + op->o_callback = &cb; + + rc = overlay_op_walk( op, rs, which, oi, on ); + op->o_bd = be; op->o_callback = cb.sc_next; return rc; @@ -491,16 +639,24 @@ over_aux_chk_controls( Operation *op, SlapReply *rs ) return over_op_func( op, rs, op_aux_chk_controls ); } +enum conn_which { + conn_init = 0, + conn_destroy, + conn_last +}; + static int -over_connection_destroy( +over_connection_func( BackendDB *bd, - Connection *conn + Connection *conn, + enum conn_which which ) { - slap_overinfo *oi; - slap_overinst *on; - BackendDB db; - int rc = SLAP_CB_CONTINUE; + slap_overinfo *oi; + slap_overinst *on; + BackendDB db; + int rc = SLAP_CB_CONTINUE; + BI_connection_init **func; /* FIXME: used to happen for instance during abandon * when global overlays are used... */ @@ -509,23 +665,25 @@ over_connection_destroy( oi = bd->bd_info->bi_private; on = oi->oi_list; - if ( !SLAP_ISOVERLAY( bd )) { + if ( !SLAP_ISOVERLAY( bd ) ) { db = *bd; db.be_flags |= SLAP_DBFLAG_OVERLAY; bd = &db; } - for (; on; on=on->on_next ) { - if ( on->on_bi.bi_connection_destroy ) { + for ( ; on; on = on->on_next ) { + func = &on->on_bi.bi_connection_init; + if ( func[ which ] ) { bd->bd_info = (BackendInfo *)on; - rc = on->on_bi.bi_connection_destroy( bd, conn ); + rc = func[ which ]( bd, conn ); if ( rc != SLAP_CB_CONTINUE ) break; } } - if ( oi->oi_orig->bi_connection_destroy && rc == SLAP_CB_CONTINUE ) { + func = &oi->oi_orig->bi_connection_init; + if ( func[ which ] && rc == SLAP_CB_CONTINUE ) { bd->bd_info = oi->oi_orig; - rc = oi->oi_orig->bi_connection_destroy( bd, conn ); + rc = func[ which ]( bd, conn ); } /* should not fall thru this far without anything happening... */ if ( rc == SLAP_CB_CONTINUE ) { @@ -535,6 +693,24 @@ over_connection_destroy( return rc; } +static int +over_connection_init( + BackendDB *bd, + Connection *conn +) +{ + return over_connection_func( bd, conn, conn_init ); +} + +static int +over_connection_destroy( + BackendDB *bd, + Connection *conn +) +{ + return over_connection_func( bd, conn, conn_destroy ); +} + int overlay_register( slap_overinst *on @@ -574,7 +750,7 @@ overlay_find( const char *over_type ) { slap_overinst *on = overlays; - assert( over_type ); + assert( over_type != NULL ); for ( ; on; on = on->on_next ) { if ( strcmp( on->on_bi.bi_type, over_type ) == 0 ) { @@ -609,7 +785,7 @@ overlay_is_inst( BackendDB *be, const char *over_type ) { slap_overinst *on; - assert( be ); + assert( be != NULL ); if ( !overlay_is_over( be ) ) { return 0; @@ -628,7 +804,6 @@ overlay_is_inst( BackendDB *be, const char *over_type ) int overlay_register_control( BackendDB *be, const char *oid ) { - int rc = 0; int gotit = 0; int cid; @@ -651,12 +826,33 @@ overlay_register_control( BackendDB *be, const char *oid ) } - if ( rc == 0 && !gotit ) { + if ( !gotit ) { be->be_ctrls[ cid ] = 1; be->be_ctrls[ SLAP_MAX_CIDS ] = 1; } - return rc; + return 0; +} + +void +overlay_destroy_one( BackendDB *be, slap_overinst *on ) +{ + slap_overinfo *oi = on->on_info; + slap_overinst **oidx; + + for ( oidx = &oi->oi_list; *oidx; oidx = &(*oidx)->on_next ) { + if ( *oidx == on ) { + *oidx = on->on_next; + if ( on->on_bi.bi_db_destroy ) { + BackendInfo *bi_orig = be->bd_info; + be->bd_info = (BackendInfo *)on; + on->on_bi.bi_db_destroy( be ); + be->bd_info = bi_orig; + } + free( on ); + break; + } + } } /* add an overlay to a particular backend. */ @@ -680,6 +876,7 @@ overlay_config( BackendDB *be, const char *ov ) oi = ch_malloc( sizeof( slap_overinfo ) ); oi->oi_orig = be->bd_info; oi->oi_bi = *be->bd_info; + oi->oi_origdb = be; /* NOTE: the first time a global overlay is configured, * frontendDB gets this flag; it is used later by overlays @@ -725,10 +922,13 @@ overlay_config( BackendDB *be, const char *ov ) bi->bi_chk_controls = over_aux_chk_controls; #ifdef SLAP_OVERLAY_ACCESS - /* this has a specific arglist */ + /* these have specific arglists */ bi->bi_access_allowed = over_access_allowed; + bi->bi_acl_group = over_acl_group; + bi->bi_acl_attribute = over_acl_attribute; #endif /* SLAP_OVERLAY_ACCESS */ + bi->bi_connection_init = over_connection_init; bi->bi_connection_destroy = over_connection_destroy; be->bd_info = bi; @@ -758,7 +958,11 @@ overlay_config( BackendDB *be, const char *ov ) be->bd_info = (BackendInfo *)on2; rc = on2->on_bi.bi_db_init( be ); be->bd_info = (BackendInfo *)oi; - if ( rc ) return rc; + if ( rc ) { + oi->oi_list = on2->on_next; + ch_free( on2 ); + return rc; + } } return 0;