AttributeDescription *entry = slap_schema.si_ad_entry;
char textbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof textbuf;
+#ifdef LDBM_SUBENTRIES
+ int subentry;
+#endif
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, ENTRY, "ldbm_back_add: %s\n", op->o_req_dn.bv_val, 0, 0 );
#endif
send_ldap_result( op, rs );
+#ifdef LDAP_SYNCREPL
+ return rs->sr_err;
+#else
return( -1 );
+#endif
}
+#ifdef LDBM_SUBENTRIES
+ subentry = is_entry_subentry( op->oq_add.rs_e );
+#endif
+
#ifdef LDAP_CACHING
if ( !op->o_caching_on ) {
#endif /* LDAP_CACHING */
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
"no write access to entry" );
+#ifdef LDAP_SYNCREPL
+ return LDAP_INSUFFICIENT_ACCESS;
+#else
return -1;
+#endif
}
#ifdef LDAP_CACHING
}
ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
rs->sr_err = rs->sr_err ? LDAP_OTHER : LDAP_ALREADY_EXISTS;
send_ldap_result( op, rs );
+#ifdef LDAP_SYNCREPL
+ return rs->sr_err;
+#else
return( -1 );
+#endif
}
/*
ber_bvarray_free( rs->sr_ref );
free( (char *)rs->sr_matched );
+#ifdef LDAP_SYNCREPL
+ return rs->sr_err;
+#else
return -1;
+#endif
}
if ( ! access_allowed( op, p,
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
"no write access to parent" );
+#ifdef LDAP_SYNCREPL
+ return LDAP_INSUFFICIENT_ACCESS;
+#else
return -1;
+#endif
}
+#ifdef LDBM_SUBENTRIES
+ if ( is_entry_subentry( p )) {
+#ifdef NEW_LOGGING
+ LDAP_LOG( OPERATION, DETAIL1,
+ "bdb_add: parent is subentry\n", 0, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE, "bdb_add: parent is subentry\n",
+ 0, 0, 0 );
+#endif
+ rs->sr_err = LDAP_OBJECT_CLASS_VIOLATION;
+ rs->sr_text = "parent is a subentry";
+ goto return_results;
+ }
+#endif
+
if ( is_entry_alias( p ) ) {
/* parent is an alias, don't allow add */
send_ldap_error( op, rs, LDAP_ALIAS_PROBLEM,
"parent is an alias" );
+#ifdef LDAP_SYNCREPL
+ return LDAP_ALIAS_PROBLEM;
+#else
return -1;
+#endif
}
if ( is_entry_referral( p ) ) {
ber_bvarray_free( rs->sr_ref );
free( (char *)rs->sr_matched );
+#ifdef LDAP_SYNCREPL
+ return rs->sr_err;
+#else
return -1;
+#endif
+ }
+
+#ifdef LDBM_SUBENTRIES
+ if ( subentry ) {
+ /* FIXME: */
+ /* parent must be an administrative point of the required kind */
}
+#endif
} else {
#ifndef LDAP_CACHING
LDAP_INSUFFICIENT_ACCESS,
"no write access to parent" );
+#ifdef LDAP_SYNCREPL
+ return LDAP_INSUFFICIENT_ACCESS;
+#else
return -1;
+#endif
}
-
+#ifdef LDAP_SYNCREPL
+ } else if ( !is_entry_glue( op->oq_add.rs_e )) {
+#else
} else {
+#endif
ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
#ifdef NEW_LOGGING
#endif
send_ldap_error( op, rs,
- LDAP_INSUFFICIENT_ACCESS, NULL );
+ LDAP_NO_SUCH_OBJECT, NULL );
- return -1;
+#ifdef LDAP_SYNCREPL
+ return LDAP_NO_SUCH_OBJECT;
+#else
+ return -1;
+#endif
}
}
+
+#ifdef LDBM_SUBENTRIES
+ if( subentry ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG ( OPERATION, DETAIL1,
+ "bdb_add: no parent, cannot add subentry\n", 0, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "bdb_add: no parent, cannot add subentry\n", 0, 0, 0 );
+#endif
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ rs->sr_text = "no parent, cannot add subentry";
+ goto return_results;
+ }
+#endif
+
}
if ( next_id( op->o_bd, &op->oq_add.rs_e->e_id ) ) {
send_ldap_error( op, rs, LDAP_OTHER,
"next_id add failed" );
+#ifdef LDAP_SYNCREPL
+ return LDAP_OTHER;
+#else
return( -1 );
+#endif
}
/*
rs->sr_err = rs->sr_err > 0 ? LDAP_ALREADY_EXISTS : LDAP_OTHER;
send_ldap_result( op, rs );
+#ifdef LDAP_SYNCREPL
+ return rs->sr_err;
+#else
return( -1 );
+#endif
}
rs->sr_err = -1;
LDAP_BEGIN_DECL
+#ifdef LDAP_SYNCREPL
+#define LDBM_SUBENTRIES 1
+#endif
+
#define DEFAULT_CACHE_SIZE 1000
#if defined(HAVE_BERKELEY_DB) && DB_VERSION_MAJOR >= 2
if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
if ( rs->sr_matched ) free( (char *)rs->sr_matched );
+#ifdef LDAP_SYNCREPL
+ return rs->sr_err;
+#else
return( rc );
+#endif
}
ber_dupbv( &op->oq_bind.rb_edn, &e->e_name );
/* check for deleted */
+#ifdef LDBM_SUBENTRIES
+ if ( is_entry_subentry( e ) ) {
+ /* entry is an subentry, don't allow bind */
+#ifdef NEW_LOGGING
+ LDAP_LOG ( OPERATION, DETAIL1,
+ "bdb_bind: entry is subentry\n", 0, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "entry is subentry\n", 0, 0, 0 );
+#endif
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+ send_ldap_result( op, rs );
+ goto return_results;
+ }
+#endif
if ( is_entry_alias( e ) ) {
/* entry is an alias, don't allow bind */
send_ldap_error( op, rs, LDAP_ALIAS_PROBLEM,
"entry is alias" );
+#ifdef LDAP_SYNCREPL
+ rc = LDAP_ALIAS_PROBLEM;
+#else
rc = 1;
+#endif
goto return_results;
}
ber_bvarray_free( rs->sr_ref );
+#ifdef LDAP_SYNCREPL
+ rc = rs->sr_err;
+#else
rc = 1;
+#endif
goto return_results;
}
password, NULL, ACL_AUTH, NULL ) )
{
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
+#ifdef LDAP_SYNCREPL
+ rc = LDAP_INSUFFICIENT_ACCESS;
+#else
rc = 1;
+#endif
goto return_results;
}
send_ldap_error( op, rs, LDAP_INAPPROPRIATE_AUTH, NULL );
/* stop front end from sending result */
+#ifdef LDAP_SYNCREPL
+ rc = LDAP_INAPPROPRIATE_AUTH;
+#else
rc = 1;
+#endif
goto return_results;
}
if ( slap_passwd_check( op->o_conn, a, &op->oq_bind.rb_cred, &rs->sr_text ) != 0 ) {
send_ldap_error( op, rs, LDAP_INVALID_CREDENTIALS, NULL );
/* stop front end from sending result */
+#ifdef LDAP_SYNCREPL
+ rc = LDAP_INVALID_CREDENTIALS;
+#else
rc = 1;
+#endif
goto return_results;
}
case LDAP_AUTH_KRBV41:
if ( krbv4_ldap_auth( op->o_bd, &op->oq_bind.rb_cred, &ad ) != LDAP_SUCCESS ) {
send_ldap_error( op, rs, LDAP_INVALID_CREDENTIALS, NULL );
+#ifdef LDAP_SYNCREPL
+ rc = LDAP_INVALID_CREDENTIALS;
+#else
rc = 1;
+#endif
goto return_results;
}
{
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
NULL );
+#ifdef LDAP_SYNCREPL
+ rc = LDAP_INSUFFICIENT_ACCESS;
+#else
rc = 1;
+#endif
goto return_results;
}
break;
}
send_ldap_error( op, rs, LDAP_INAPPROPRIATE_AUTH, NULL );
+#ifdef LDAP_SYNCREPL
+ rc = LDAP_INAPPROPRIATE_AUTH;
+#else
rc = 1;
+#endif
goto return_results;
} else { /* look for krbname match */
if ( value_find( a->a_desc, a->a_vals, &krbval ) != 0 ) {
send_ldap_error( op, rs,
LDAP_INVALID_CREDENTIALS, NULL );
+#ifdef LDAP_SYNCREPL
+ rc = LDAP_INVALID_CREDENTIALS;
+#else
rc = 1;
+#endif
goto return_results;
}
}
default:
send_ldap_error( op, rs, LDAP_STRONG_AUTH_NOT_SUPPORTED,
"authentication method not supported" );
+#ifdef LDAP_SYNCREPL
+ rc = LDAP_STRONG_AUTH_NOT_SUPPORTED;
+#else
rc = 1;
+#endif
goto return_results;
}
#ifdef NEW_LOGGING
LDAP_LOG( CACHE, INFO,
- "cache_find_entry_dn2id: (%s) %ld not ready: %d\n",
+ "cache_find_entry_ndn2id: (%s) %ld not ready: %d\n",
ndn->bv_val, id, state );
#else
Debug(LDAP_DEBUG_TRACE,
- "====> cache_find_entry_dn2id(\"%s\"): %ld (not ready) %d\n",
+ "====> cache_find_entry_ndn2id(\"%s\"): %ld (not ready) %d\n",
ndn->bv_val, id, state);
#endif
#ifdef NEW_LOGGING
LDAP_LOG( CACHE, DETAIL1,
- "cache_find_entry_dn2id: (%s): %ld %d tries\n",
+ "cache_find_entry_ndn2id: (%s): %ld %d tries\n",
ndn->bv_val, id, count );
#else
Debug(LDAP_DEBUG_TRACE,
- "====> cache_find_entry_dn2id(\"%s\"): %ld (%d tries)\n",
+ "====> cache_find_entry_ndn2id(\"%s\"): %ld (%d tries)\n",
ndn->bv_val, id, count);
#endif
ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock);
/* get entry with writer lock */
- if ( (e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched )) == NULL ) {
+ e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched );
+
+#ifdef LDAP_SYNCREPL /* FIXME : dn2entry() should return non-glue entry */
+ if ( e == NULL || ( !manageDSAit && is_entry_glue( e ))) {
+#else
+ if ( e == NULL ) {
+#endif
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, INFO,
"ldbm_back_delete: no such object %s\n", op->o_req_dn.bv_val, 0, 0 );
cache_return_entry_r( &li->li_cache, matched );
} else {
- rs->sr_ref = referral_rewrite( default_referral,
- NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
+#ifdef LDAP_SYNCREPL
+ BerVarray deref = op->o_bd->syncinfo ?
+ op->o_bd->syncinfo->provideruri_bv : default_referral;
+#else
+ BerVarray deref = default_referral;
+#endif
+ rs->sr_ref = referral_rewrite( deref, NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
/* entry does not exist - see how much of the dn does exist */
if ( !be_issuffix( be, dn ) && (dnParent( dn, &pdn ), pdn.bv_len) ) {
/* get entry with reader lock */
- if ( (e = dn2entry_r( be, &pdn, matched )) != NULL ) {
+ if ((e = dn2entry_r( be, &pdn, matched )) != NULL )
+ {
*matched = e;
}
}
const char *at_name = at->ad_cname.bv_val;
#ifdef NEW_LOGGING
- LDAP_LOG( BACK_BDB, ARGS,
+ LDAP_LOG( BACK_LDBM, ARGS,
"ldbm_back_entry_get: ndn: \"%s\"\n", ndn->bv_val, 0, 0 );
- LDAP_LOG( BACK_BDB, ARGS,
+ LDAP_LOG( BACK_LDBM, ARGS,
"ldbm_back_entry_get: oc: \"%s\", at: \"%s\"\n",
oc ? oc->soc_cname.bv_val : "(null)", at_name, 0);
#else
e = dn2entry_rw( op->o_bd, ndn, NULL, rw );
if (e == NULL) {
#ifdef NEW_LOGGING
- LDAP_LOG( BACK_BDB, INFO,
+ LDAP_LOG( BACK_LDBM, INFO,
"ldbm_back_entry_get: cannot find entry (%s)\n",
ndn->bv_val, 0, 0 );
#else
}
#ifdef NEW_LOGGING
- LDAP_LOG( BACK_BDB, DETAIL1, "ldbm_back_entry_get: found entry (%s)\n",
+ LDAP_LOG( BACK_LDBM, DETAIL1, "ldbm_back_entry_get: found entry (%s)\n",
ndn->bv_val, 0, 0 );
#else
Debug( LDAP_DEBUG_ACL,
/* find attribute values */
if( is_entry_alias( e ) ) {
#ifdef NEW_LOGGING
- LDAP_LOG( BACK_BDB, INFO,
+ LDAP_LOG( BACK_LDBM, INFO,
"ldbm_back_entry_get: entry (%s) is an alias\n", e->e_name.bv_val, 0, 0 );
#else
Debug( LDAP_DEBUG_ACL,
if( is_entry_referral( e ) ) {
#ifdef NEW_LOGGING
- LDAP_LOG( BACK_BDB, INFO,
+ LDAP_LOG( BACK_LDBM, INFO,
"ldbm_back_entry_get: entry (%s) is a referral.\n", e->e_name.bv_val, 0, 0);
#else
Debug( LDAP_DEBUG_ACL,
if ( oc && !is_entry_objectclass( e, oc, 0 )) {
#ifdef NEW_LOGGING
- LDAP_LOG( BACK_BDB, INFO,
+ LDAP_LOG( BACK_LDBM, INFO,
"ldbm_back_entry_get: failed to find objectClass.\n", 0, 0, 0 );
#else
Debug( LDAP_DEBUG_ACL,
}
#ifdef NEW_LOGGING
- LDAP_LOG( BACK_BDB, ENTRY, "ldbm_back_entry_get: rc=%d\n", rc, 0, 0 );
+ LDAP_LOG( BACK_LDBM, ENTRY, "ldbm_back_entry_get: rc=%d\n", rc, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"ldbm_back_entry_get: rc=%d\n",
/* indicate system schema supported */
be->be_flags |=
+#ifdef LDBM_SUBENTRIES
+ SLAP_BFLAG_SUBENTRIES |
+#endif
SLAP_BFLAG_ALIASES |
SLAP_BFLAG_REFERRALS;
ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock);
/* acquire and lock entry */
- if ( (e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched )) == NULL ) {
+ e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched );
+
+#ifdef LDAP_SYNCREPL /* FIXME: dn2entry() should return non-glue entry */
+ if (( e == NULL ) || ( !manageDSAit && e && is_entry_glue( e ))) {
+#else
+ if ( e == NULL ) {
+#endif
if ( matched != NULL ) {
rs->sr_matched = ch_strdup( matched->e_dn );
rs->sr_ref = is_entry_referral( matched )
: NULL;
cache_return_entry_r( &li->li_cache, matched );
} else {
- rs->sr_ref = referral_rewrite( default_referral,
- NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
+#ifdef LDAP_SYNCREPL
+ BerVarray deref = op->o_bd->syncinfo ?
+ op->o_bd->syncinfo->provideruri_bv : default_referral;
+#else
+ BerVarray deref = default_referral;
+#endif
+ rs->sr_ref = referral_rewrite( deref, NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
free( (char *)rs->sr_matched );
+#ifdef LDAP_SYNCREPL
+ return rs->sr_err;
+#else
return( -1 );
+#endif
}
#ifndef LDAP_CACHING
if ( id2entry_add( op->o_bd, e ) != 0 ) {
send_ldap_error( op, rs, LDAP_OTHER,
"id2entry failure" );
+ rs->sr_err = LDAP_OTHER;
goto error_return;
}
cache_return_entry_w( &li->li_cache, e );
ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
- return( 0 );
+
+ return LDAP_SUCCESS;
error_return:;
cache_return_entry_w( &li->li_cache, e );
ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
+#ifdef LDAP_SYNCREPL
+ return rs->sr_err;
+#else
return( -1 );
+#endif
}
/* grab giant lock for writing */
ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock);
+ e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched );
+
/* get entry with writer lock */
- if ( (e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched )) == NULL ) {
- if( matched != NULL ) {
+#ifdef LDAP_SYNCREPL /* FIXME: dn2entry() should return non-glue entry */
+ if (( e == NULL ) || ( !manageDSAit && e && is_entry_glue( e ))) {
+#else
+ if ( e == NULL ) {
+#endif
+ if ( matched != NULL ) {
rs->sr_matched = strdup( matched->e_dn );
rs->sr_ref = is_entry_referral( matched )
? get_entry_referrals( op, matched )
: NULL;
cache_return_entry_r( &li->li_cache, matched );
} else {
- rs->sr_ref = referral_rewrite( default_referral,
- NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
+#ifdef LDAP_SYNCREPL
+ BerVarray deref = op->o_bd->syncinfo ?
+ op->o_bd->syncinfo->provideruri_bv : default_referral;
+#else
+ BerVarray deref = default_referral;
+#endif
+ rs->sr_ref = referral_rewrite( deref, NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
}
ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
free( (char *)rs->sr_matched );
+#ifdef LDAP_SYNCREPL
+ return rs->sr_err;
+#else
return( -1 );
+#endif
}
/* check entry for "entry" acl */
ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock);
e = dn2entry_w( op->o_bd, &ndn, NULL );
+
+#ifdef LDAP_SYNCREPL
+ if ( e == NULL || is_entry_glue( e )) {
+ /* FIXME : dn2entry() should return non-glue entry */
+#else
if( e == NULL ) {
+#endif
ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
rs->sr_text = "could not locate authorization entry";
rc = LDAP_NO_SUCH_OBJECT;
goto done;
}
+#ifdef LDBM_SUBENTRIES
+ if( is_entry_subentry( e ) ) {
+ /* entry is a subentry, don't allow operation */
+ rs->sr_text = "authorization entry is subentry";
+ rc = LDAP_OTHER;
+ goto done;
+ }
+#endif
+
if( is_entry_alias( e ) ) {
/* entry is an alias, don't allow operation */
rs->sr_text = "authorization entry is alias";
ber_bvarray_free( rs->sr_ref );
ber_memfree( matched_dn.bv_val );
+#ifdef LDAP_SYNCREPL
+ return LDAP_REFERRAL;
+#else
return 1;
+#endif
}
if (!manageDSAit && is_entry_referral( e ) ) {
}
ber_memfree( matched_dn.bv_val );
+#ifdef LDAP_SYNCREPL
+ return LDAP_OTHER;
+#else
return 1;
+#endif
}
if ( is_entry_alias( e ) ) {
send_ldap_result( op, rs );
#ifdef LDAP_CACHING
- if ( op->o_caching_on ) {
+ if ( op->o_caching_on ) {
ldap_pvt_thread_rdwr_rlock(&li->li_giant_rwlock);
}
#endif /* LDAP_CACHING */
+#ifdef LDAP_SYNCREPL
+ rc = LDAP_OTHER;
+#else
rc = 1;
+#endif
goto done;
}
}
rs->sr_entry = e;
+
+#ifdef LDBM_SUBENTRIES
+ if ( is_entry_subentry( e ) ) {
+ if( op->oq_search.rs_scope != LDAP_SCOPE_BASE ) {
+ if(!get_subentries_visibility( op )) {
+ /* only subentries are visible */
+ goto loop_continue;
+ }
+ } else if ( get_subentries( op ) &&
+ !get_subentries_visibility( op ))
+ {
+ /* only subentries are visible */
+ goto loop_continue;
+ }
+ } else if ( get_subentries_visibility( op )) {
+ /* only subentries are visible */
+ goto loop_continue;
+ }
+#endif
+
#ifdef LDAP_CACHING
if ( !op->o_caching_on ) {
#endif /* LDAP_CACHING */
}
#endif /* LDAP_CACHING */
+#ifdef LDAP_SYNCREPL
+ if ( !manageDSAit && is_entry_glue( e )) {
+ goto loop_continue;
+ }
+#endif
+
/* if it matches the filter and scope, send it */
result = test_filter( op, e, op->oq_search.rs_filter );
AttributeAssertion aa_ref, aa_alias;
struct berval bv_ref = { sizeof("referral")-1, "referral" };
struct berval bv_alias = { sizeof("alias")-1, "alias" };
+#ifdef LDBM_SUBENTRIES
+ Filter sf;
+ AttributeAssertion aa_subentry;
+#endif
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, DETAIL1,
fand.f_dn = &e->e_nname;
fand.f_next = xf.f_or == filter ? filter : &xf ;
+#ifdef LDBM_SUBENTRIES
+ if ( get_subentries_visibility( op )) {
+ struct berval bv_subentry = { sizeof("SUBENTRY")-1, "SUBENTRY" };
+ sf.f_choice = LDAP_FILTER_EQUALITY;
+ sf.f_ava = &aa_subentry;
+ sf.f_av_desc = slap_schema.si_ad_objectClass;
+ sf.f_av_value = bv_subentry;
+ sf.f_next = fand.f_next;
+ fand.f_next = &sf;
+ }
+#endif
+
candidates = filter_candidates( op, &f );
return( candidates );
projects / openldap / commitdiff