#include "entry-id.h"
int
-backsql_bind(
- BackendDB *be,
- Connection *conn,
- Operation *op,
- struct berval *dn,
- struct berval *ndn,
- int method,
- struct berval *cred,
- struct berval *edn )
+backsql_bind( Operation *op, SlapReply *rs )
{
- backsql_info *bi = (backsql_info*)be->be_private;
+ backsql_info *bi = (backsql_info*)op->o_bd->be_private;
backsql_entryID user_id;
SQLHDBC dbh;
AttributeDescription *password = slap_schema.si_ad_userPassword;
Debug( LDAP_DEBUG_TRACE, "==>backsql_bind()\n", 0, 0, 0 );
- if ( be_isroot_pw( be, conn, ndn, cred ) ) {
- ber_dupbv( edn, be_root_dn( be ) );
+ if ( be_isroot_pw( op ) ) {
+ ber_dupbv( &op->oq_bind.rb_edn, be_root_dn( op->o_bd ) );
Debug( LDAP_DEBUG_TRACE, "<==backsql_bind() root bind\n",
0, 0, 0 );
- return LDAP_SUCCESS;
+ return 0;
}
- ber_dupbv( edn, ndn );
+ ber_dupbv( &op->oq_bind.rb_edn, &op->o_req_ndn );
- if ( method != LDAP_AUTH_SIMPLE ) {
- send_ldap_result( conn, op, LDAP_STRONG_AUTH_NOT_SUPPORTED,
- NULL, "authentication method not supported",
- NULL, NULL );
+ if ( op->oq_bind.rb_method != LDAP_AUTH_SIMPLE ) {
+ rs->sr_err = LDAP_STRONG_AUTH_NOT_SUPPORTED;
+ rs->sr_text = "authentication method not supported";
+ send_ldap_result( op, rs );
return 1;
}
/*
* method = LDAP_AUTH_SIMPLE
*/
- rc = backsql_get_db_conn( be, conn, &dbh );
+ rs->sr_err = backsql_get_db_conn( op->o_bd, op->o_conn, &dbh );
if (!dbh) {
Debug( LDAP_DEBUG_TRACE, "backsql_bind(): "
"could not get connection handle - exiting\n",
0, 0, 0 );
- send_ldap_result( conn, op, rc, "",
- rc == LDAP_OTHER ? "SQL-backend error" : "",
- NULL, NULL );
+
+ rs->sr_text = ( rs->sr_err == LDAP_OTHER )
+ ? "SQL-backend error" : NULL;
+ send_ldap_result( op, rs );
return 1;
}
- if ( backsql_dn2id( bi, &user_id, dbh, ndn ) != LDAP_SUCCESS ) {
+ rc = backsql_dn2id( bi, &user_id, dbh, &op->o_req_ndn );
+ if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, "backsql_bind(): "
"could not retrieve bind dn id - no such entry\n",
0, 0, 0 );
- send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
- NULL, NULL, NULL, NULL );
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+ send_ldap_result( op, rs );
return 1;
}
- backsql_init_search( &bsi, bi, ndn, LDAP_SCOPE_BASE, -1, -1, -1,
- NULL, dbh, be, conn, op, NULL );
+ backsql_init_search( &bsi, bi, &op->o_req_ndn, LDAP_SCOPE_BASE,
+ -1, -1, -1, NULL, dbh, op->o_bd, op->o_conn, op, NULL );
e = backsql_id2entry( &bsi, &user_entry, &user_id );
if ( e == NULL ) {
Debug( LDAP_DEBUG_TRACE, "backsql_bind(): "
"error in backsql_id2entry() - auth failed\n",
0, 0, 0 );
- send_ldap_result( conn, op, LDAP_OTHER,
- NULL, NULL, NULL, NULL );
+ rs->sr_err = LDAP_OTHER;
+ send_ldap_result( op, rs );
return 1;
}
- if ( ! access_allowed( be, conn, op, e, password, NULL,
- ACL_AUTH, NULL ) ) {
- send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
- NULL, NULL, NULL, NULL );
+ if ( ! access_allowed( op, e, password, NULL, ACL_AUTH, NULL ) ) {
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ send_ldap_result( op, rs );
return 1;
}
if ( ( a = attr_find( e->e_attrs, password ) ) == NULL ) {
- send_ldap_result( conn, op, LDAP_INAPPROPRIATE_AUTH,
- NULL, NULL, NULL, NULL );
+ rs->sr_err = LDAP_INAPPROPRIATE_AUTH;
+ send_ldap_result( op, rs );
return 1;
}
- if ( slap_passwd_check( conn, a, cred ) != 0 ) {
- send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
- NULL, NULL, NULL, NULL );
+ if ( slap_passwd_check( op->o_conn, a, &op->oq_bind.rb_cred ) != 0 ) {
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+ send_ldap_result( op, rs );
return 1;
}
return 0;
}
-int
-backsql_unbind(
- BackendDB *be,
- Connection *conn,
- Operation *op )
-{
- Debug( LDAP_DEBUG_TRACE, "==>backsql_unbind()\n", 0, 0, 0 );
- send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL, NULL, 0 );
- Debug( LDAP_DEBUG_TRACE, "<==backsql_unbind()\n", 0, 0, 0 );
- return 0;
-}
-
#endif /* SLAPD_SQL */
#include "back-sql.h"
#include "sql-wrap.h"
#include "entry-id.h"
+#include "util.h"
int
-backsql_compare(
+backsql_compare( Operation *op, SlapReply *rs )
+ /*
BackendDB *bd,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn,
- AttributeAssertion *ava )
+ AttributeAssertion *ava ) */
{
- Debug( LDAP_DEBUG_TRACE, "==>backsql_compare() - not implemented\n",
+ backsql_info *bi = (backsql_info*)op->o_bd->be_private;
+ backsql_entryID user_id;
+ SQLHDBC dbh;
+ Entry *e, user_entry;
+ Attribute *a;
+ backsql_srch_info bsi;
+ int rc;
+ AttributeName anlist[2];
+
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_compare()\n", 0, 0, 0 );
+
+ rs->sr_err = backsql_get_db_conn( op->o_bd, op->o_conn, &dbh );
+ if (!dbh) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_compare(): "
+ "could not get connection handle - exiting\n",
0, 0, 0 );
- return 1;
-}
-int
-backsql_abandon(
- BackendDB *be,
- Connection *conn,
- Operation *op,
- int msgid )
-{
- Debug( LDAP_DEBUG_TRACE, "==>backsql_abandon()\n", 0, 0, 0 );
- Debug( LDAP_DEBUG_TRACE, "<==backsql_abandon()\n", 0, 0, 0 );
- return 0;
-}
+ rs->sr_text = ( rs->sr_err == LDAP_OTHER )
+ ? "SQL-backend error" : NULL;
+ goto return_results;
+ }
+
+ rc = backsql_dn2id( bi, &user_id, dbh, &op->o_req_ndn );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_compare(): "
+ "could not retrieve bind dn id - no such entry\n",
+ 0, 0, 0 );
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+ goto return_results;
+ }
+ anlist[0].an_name = op->oq_compare.rs_ava->aa_desc->ad_cname;
+ anlist[0].an_desc = op->oq_compare.rs_ava->aa_desc;
+ anlist[1].an_name.bv_val = NULL;
+ backsql_init_search( &bsi, bi, &op->o_req_ndn, LDAP_SCOPE_BASE,
+ -1, -1, -1, NULL, dbh, op->o_bd, op->o_conn, op,
+ anlist);
+ e = backsql_id2entry( &bsi, &user_entry, &user_id );
+ if ( e == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "backsql_compare(): "
+ "error in backsql_id2entry() - auth failed\n",
+ 0, 0, 0 );
+ rs->sr_err = LDAP_OTHER;
+ goto return_results;
+ }
+ if ( ! access_allowed( op, e, op->oq_compare.rs_ava->aa_desc,
+ &op->oq_compare.rs_ava->aa_value,
+ ACL_COMPARE, NULL ) ) {
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ goto return_results;
+ }
+
+
+ rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
+ for ( a = attrs_find( e->e_attrs, op->oq_compare.rs_ava->aa_desc );
+ a != NULL;
+ a = attrs_find( a->a_next, op->oq_compare.rs_ava->aa_desc ))
+ {
+ rs->sr_err = LDAP_COMPARE_FALSE;
+#ifdef SLAP_NVALUES
+ if ( value_find_ex( op->oq_compare.rs_ava->aa_desc,
+ SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
+ SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
+ a->a_nvals, &op->oq_compare.rs_ava->aa_value ) == 0 )
+#else
+ if ( value_find( op->oq_compare.rs_ava->aa_desc, a->a_vals, &op->oq_compare.rs_ava->aa_value ) == 0 )
+#endif
+ {
+ rs->sr_err = LDAP_COMPARE_TRUE;
+ break;
+ }
+ }
+
+return_results:;
+ send_ldap_result( op, rs );
+
+ Debug(LDAP_DEBUG_TRACE,"<==backsql_compare()\n",0,0,0);
+ switch ( rs->sr_err ) {
+ case LDAP_COMPARE_TRUE:
+ case LDAP_COMPARE_FALSE:
+ return 0;
+
+ default:
+ return 1;
+ }
+}
+
/*
* sets the supported operational attributes (if required)
*/
}
int
-backsql_search(
+backsql_search( Operation *op, SlapReply *rs )
+ /*
BackendDB *be,
Connection *conn,
Operation *op,
Filter *filter,
struct berval *filterstr,
AttributeName *attrs,
- int attrsonly )
+ int attrsonly ) */
{
- backsql_info *bi = (backsql_info *)be->be_private;
+ backsql_info *bi = (backsql_info *)op->o_bd->be_private;
SQLHDBC dbh;
int sres;
- int nentries;
Entry *entry, *res;
- int manageDSAit = get_manageDSAit( op );
- BerVarray v2refs = NULL;
+ int manageDSAit;
time_t stoptime = 0;
backsql_srch_info srch_info;
backsql_entryID *eid = NULL;
struct slap_limits_set *limit = NULL;
int isroot = 0;
+ manageDSAit = get_manageDSAit( op );
+
Debug( LDAP_DEBUG_TRACE, "==>backsql_search(): "
"base='%s', filter='%s', scope=%d,",
- nbase->bv_val, filterstr->bv_val, scope );
+ op->o_req_ndn.bv_val,
+ op->oq_search.rs_filterstr.bv_val,
+ op->oq_search.rs_scope );
Debug( LDAP_DEBUG_TRACE, " deref=%d, attrsonly=%d, "
"attributes to load: %s\n",
- deref, attrsonly, attrs == NULL ? "all" : "custom list" );
+ op->oq_search.rs_deref,
+ op->oq_search.rs_attrsonly,
+ op->oq_search.rs_attrs == NULL ? "all" : "custom list" );
- if ( nbase->bv_len > BACKSQL_MAX_DN_LEN ) {
+ if ( op->o_req_ndn.bv_len > BACKSQL_MAX_DN_LEN ) {
Debug( LDAP_DEBUG_TRACE, "backsql_search(): "
"search base length (%ld) exceeds max length (%ld)\n",
- nbase->bv_len, BACKSQL_MAX_DN_LEN, 0 );
+ op->o_req_ndn.bv_len, BACKSQL_MAX_DN_LEN, 0 );
/*
* FIXME: a LDAP_NO_SUCH_OBJECT could be appropriate
* since it is impossible that such a long DN exists
* in the backend
*/
- send_ldap_result( conn, op, LDAP_ADMINLIMIT_EXCEEDED,
- "", NULL, NULL, NULL );
+ rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
+ send_ldap_result( op, rs );
return 1;
}
- sres = backsql_get_db_conn( be, conn, &dbh );
+ sres = backsql_get_db_conn( op->o_bd, op->o_conn, &dbh );
if ( sres != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, "backsql_search(): "
"could not get connection handle - exiting\n",
0, 0, 0 );
- send_ldap_result( conn, op, sres, "",
- sres == LDAP_OTHER ? "SQL-backend error" : "",
- NULL, NULL );
+ rs->sr_err = sres;
+ rs->sr_text = sres == LDAP_OTHER ? "SQL-backend error" : NULL;
+ send_ldap_result( op, rs );
return 1;
}
srch_info.use_reverse_dn = BACKSQL_USE_REVERSE_DN( bi );
/* if not root, get appropriate limits */
- if ( be_isroot( be, &op->o_ndn ) ) {
+ if ( be_isroot( op->o_bd, &op->o_ndn ) ) {
isroot = 1;
} else {
- ( void ) get_limits( be, &op->o_ndn, &limit );
+ ( void ) get_limits( op->o_bd, &op->o_ndn, &limit );
}
/* The time/size limits come first because they require very little
/* if no time limit requested, use soft limit (unless root!) */
if ( isroot ) {
- if ( tlimit == 0 ) {
- tlimit = -1; /* allow root to set no limit */
+ if ( op->oq_search.rs_tlimit == 0 ) {
+ op->oq_search.rs_tlimit = -1; /* allow root to set no limit */
}
- if ( slimit == 0 ) {
- slimit = -1;
+ if ( op->oq_search.rs_slimit == 0 ) {
+ op->oq_search.rs_slimit = -1;
}
} else {
/* if no limit is required, use soft limit */
- if ( tlimit <= 0 ) {
- tlimit = limit->lms_t_soft;
+ if ( op->oq_search.rs_tlimit <= 0 ) {
+ op->oq_search.rs_tlimit = limit->lms_t_soft;
/* if requested limit higher than hard limit, abort */
- } else if ( tlimit > limit->lms_t_hard ) {
+ } else if ( op->oq_search.rs_tlimit > limit->lms_t_hard ) {
/* no hard limit means use soft instead */
if ( limit->lms_t_hard == 0
&& limit->lms_t_soft > -1
- && tlimit > limit->lms_t_soft ) {
- tlimit = limit->lms_t_soft;
+ && op->oq_search.rs_tlimit > limit->lms_t_soft ) {
+ op->oq_search.rs_tlimit = limit->lms_t_soft;
/* positive hard limit means abort */
} else if ( limit->lms_t_hard > 0 ) {
- send_search_result( conn, op,
- LDAP_ADMINLIMIT_EXCEEDED,
- NULL, NULL, NULL, NULL, 0 );
+ rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
+ send_ldap_result( op, rs );
return 0;
}
}
/* if no limit is required, use soft limit */
- if ( slimit <= 0 ) {
- slimit = limit->lms_s_soft;
+ if ( op->oq_search.rs_slimit <= 0 ) {
+ op->oq_search.rs_slimit = limit->lms_s_soft;
/* if requested limit higher than hard limit, abort */
- } else if ( slimit > limit->lms_s_hard ) {
+ } else if ( op->oq_search.rs_slimit > limit->lms_s_hard ) {
/* no hard limit means use soft instead */
if ( limit->lms_s_hard == 0
&& limit->lms_s_soft > -1
- && slimit > limit->lms_s_soft ) {
- slimit = limit->lms_s_soft;
+ && op->oq_search.rs_slimit > limit->lms_s_soft ) {
+ op->oq_search.rs_slimit = limit->lms_s_soft;
/* positive hard limit means abort */
} else if ( limit->lms_s_hard > 0 ) {
- send_search_result( conn, op,
- LDAP_ADMINLIMIT_EXCEEDED,
- NULL, NULL, NULL, NULL, 0 );
+ rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
+ send_ldap_result( op, rs );
return 0;
}
}
/* compute it anyway; root does not use it */
- stoptime = op->o_time + tlimit;
+ stoptime = op->o_time + op->oq_search.rs_tlimit;
- backsql_init_search( &srch_info, bi, nbase, scope,
- slimit, tlimit, stoptime, filter, dbh,
- be, conn, op, attrs );
+ backsql_init_search( &srch_info, bi, &op->o_req_dn,
+ op->oq_search.rs_scope,
+ op->oq_search.rs_slimit, op->oq_search.rs_tlimit,
+ stoptime, op->oq_search.rs_filter,
+ dbh, op->o_bd, op->o_conn, op,
+ op->oq_search.rs_attrs );
/*
* for each objectclass we try to construct query which gets IDs
&srch_info, BACKSQL_STOP, AVL_INORDER );
if ( !isroot && limit->lms_s_unchecked != -1 ) {
if ( srch_info.n_candidates == -1 ) {
- send_search_result( conn, op,
- LDAP_ADMINLIMIT_EXCEEDED,
- NULL, NULL, NULL, NULL, 0 );
+ rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
+ send_ldap_result( op, rs );
goto done;
}
}
- nentries = 0;
/*
* now we load candidate entries (only those attributes
* mentioned in attrs and filter), test it against full filter
}
/* check time limit */
- if ( tlimit != -1 && slap_get_time() > stoptime ) {
- send_search_result( conn, op, LDAP_TIMELIMIT_EXCEEDED,
- NULL, NULL, v2refs, NULL, nentries );
+ if ( op->oq_search.rs_tlimit != -1 && slap_get_time() > stoptime ) {
+ rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
+ rs->sr_ctrls = NULL;
+ rs->sr_ref = rs->sr_v2ref;
+ rs->sr_err = (rs->sr_v2ref == NULL) ? LDAP_SUCCESS
+ : LDAP_REFERRAL;
+ send_ldap_result( op, rs );
goto end_of_search;
}
continue;
}
- if ( !manageDSAit && scope != LDAP_SCOPE_BASE &&
- is_entry_referral( entry ) ) {
- BerVarray refs = get_entry_referrals( be, conn,
- op, entry );
+ if ( !manageDSAit &&
+ op->oq_search.rs_scope != LDAP_SCOPE_BASE &&
+ is_entry_referral( entry ) ) {
+ BerVarray refs;
+ struct berval matched_dn;
+
+ ber_dupbv( &matched_dn, &entry->e_name );
+ refs = get_entry_referrals( op, entry );
+ if ( refs ) {
+ rs->sr_ref = referral_rewrite( refs,
+ &matched_dn, &op->o_req_dn,
+ op->oq_search.rs_scope );
+ ber_bvarray_free( refs );
+ }
+
+ if (!rs->sr_ref) {
+ rs->sr_text = "bad_referral object";
+ }
+
+ rs->sr_err = LDAP_REFERRAL;
+ rs->sr_matched = matched_dn.bv_val;
+ send_ldap_result( op, rs );
+
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+ ber_memfree( matched_dn.bv_val );
+ rs->sr_matched = NULL;
- send_search_reference( be, conn, op, entry, refs,
- NULL, &v2refs );
- ber_bvarray_free( refs );
continue;
}
}
}
- if ( test_filter( be, conn, op, entry, filter )
+ if ( test_filter( op, entry, op->oq_search.rs_filter )
== LDAP_COMPARE_TRUE ) {
if ( hasSubordinate && !( srch_info.bsi_flags & BSQL_SF_ALL_OPER )
- && !ad_inlist( slap_schema.si_ad_hasSubordinates, attrs ) ) {
+ && !ad_inlist( slap_schema.si_ad_hasSubordinates, op->oq_search.rs_attrs ) ) {
a->a_next = NULL;
attr_free( hasSubordinate );
hasSubordinate = NULL;
sres = 0;
} else {
#endif
- sres = send_search_entry( be, conn, op, entry,
- attrs, attrsonly, NULL );
+ rs->sr_entry = entry;
+ sres = send_search_entry( op, rs );
#if 0
}
#endif
switch ( sres ) {
case 0:
- nentries++;
break;
case -1:
}
entry_free( entry );
- if ( slimit != -1 && nentries >= slimit ) {
- send_search_result( conn, op, LDAP_SIZELIMIT_EXCEEDED,
- NULL, NULL, v2refs, NULL, nentries );
+ if ( op->oq_search.rs_slimit != -1
+ && rs->sr_nentries >= op->oq_search.rs_slimit ) {
+ rs->sr_err = LDAP_SIZELIMIT_EXCEEDED;
+ send_ldap_result( op, rs );
goto end_of_search;
}
}
end_of_search:;
- if ( nentries > 0 ) {
- send_search_result( conn, op,
- v2refs == NULL ? LDAP_SUCCESS : LDAP_REFERRAL,
- NULL, NULL, v2refs, NULL, nentries );
+ if ( rs->sr_nentries > 0 ) {
+ rs->sr_ref = rs->sr_v2ref;
+ rs->sr_err = (rs->sr_v2ref == NULL) ? LDAP_SUCCESS
+ : LDAP_REFERRAL;
} else {
- send_ldap_result( conn, op, srch_info.status,
- NULL, NULL, NULL, 0 );
+ rs->sr_err = srch_info.status;
}
-
+ send_ldap_result( op, rs );
+
+ if ( rs->sr_v2ref ) {
+ ber_bvarray_free( rs->sr_v2ref );
+ rs->sr_v2ref = NULL;
+ }
+
done:;
ch_free( srch_info.attrs );
projects / openldap / commitdiff