From 76ed17f7942d4e3810fa90b46143e615af311167 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Mon, 19 Oct 1998 19:19:48 +0000 Subject: [PATCH] Merge in latest from -current. --- CHANGES | 12 + INSTALL | 2 +- clients/ud/string_to_key.c | 28 +- libraries/liblthread/Makefile.in | 4 +- libraries/liblthread/rdwr.c | 116 +++++++ libraries/liblthread/thread.c | 1 + servers/slapd/acl.c | 389 +++++++++++++++------- servers/slapd/add.c | 30 +- servers/slapd/back-ldbm/add.c | 97 ++++-- servers/slapd/back-ldbm/bind.c | 71 ++-- servers/slapd/back-ldbm/cache.c | 137 +++++++- servers/slapd/back-ldbm/compare.c | 31 +- servers/slapd/back-ldbm/delete.c | 52 ++- servers/slapd/back-ldbm/dn2id.c | 95 ++++-- servers/slapd/back-ldbm/group.c | 91 +++++ servers/slapd/back-ldbm/id2entry.c | 90 ++++- servers/slapd/back-ldbm/kerberos.c | 7 +- servers/slapd/back-ldbm/modify.c | 49 +-- servers/slapd/back-ldbm/modrdn.c | 41 ++- servers/slapd/back-ldbm/proto-back-ldbm.h | 15 +- servers/slapd/back-ldbm/search.c | 72 ++-- servers/slapd/configinfo.c | 3 + servers/slapd/daemon.c | 5 +- servers/slapd/entry.c | 63 +++- servers/slapd/modify.c | 55 +-- servers/slapd/monitor.c | 49 ++- servers/slapd/proto-slap.h | 15 +- servers/slapd/result.c | 19 +- servers/slapd/slap.h | 22 ++ 29 files changed, 1261 insertions(+), 400 deletions(-) create mode 100644 libraries/liblthread/rdwr.c create mode 100644 servers/slapd/back-ldbm/group.c diff --git a/CHANGES b/CHANGES index 1206b77ddc..22a787a3d9 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,18 @@ OpenLDAP Change Log Changes included in OpenLDAP Stable CVS Tag: OPENLDAP_STABLE + Updated README, INSTALL files + Updated Linux platform defaults + Updated FreeBSD 2 & 3 platform defaults + Added SCHED_YIELD_MISSING flag + Added LDAP_ALLOW_NULL_SEARCH_BASE flag + Added core removal to tests/Make-template + Fixed slapd/acl debug trace problem + Fixed ud/auth.c bound_dn problem + Fixed back-ldbm/idl.c CLDAP include problem. + Fixed Makefile $(CC) problem + Fixed LIBEXEC/SBIN creation problem + Fixed gmake RUNDIR not defaulting problem Changes included in OpenLDAP Stable CVS Tag: OPENLDAP_STABLE_980929 diff --git a/INSTALL b/INSTALL index 191693492b..39eeaef160 100644 --- a/INSTALL +++ b/INSTALL @@ -12,7 +12,7 @@ these steps: 1. untar the distribution and cd to the top: - % tar xfz ldap-stable.tgz + % tar xfz openldap-VERSION.tgz % cd ldap If you are reading this file, you probably have already done this! diff --git a/clients/ud/string_to_key.c b/clients/ud/string_to_key.c index 1d6649c064..f1adfa8f0a 100644 --- a/clients/ud/string_to_key.c +++ b/clients/ud/string_to_key.c @@ -1,7 +1,7 @@ -#ifdef KERBEROS +#if defined(KERBEROS) && !defined(openbsd) /* - * $Source: /usr/local/src/ldap/clients/ud/RCS/string_to_key.c,v $ - * $Author: lsloan $ + * $Source: /repo/OpenLDAP/pkg/ldap/clients/ud/string_to_key.c,v $ + * $Author: kurt $ * * Copyright 1985, 1986, 1987, 1988, 1989 by the Massachusetts Institute * of Technology. @@ -24,18 +24,24 @@ * spm 8/85 MIT project athena */ -#ifndef lint -static char rcsid_string_to_key_c[] = -"$Id: string_to_key.c,v 1.5 1995/11/09 20:29:55 lsloan Exp $"; -#endif - +#ifdef KERBEROS_V +#include +#include +#else #include -#include #include +#endif /* KERBEROS_V */ + +#include + /* #include "des_internal.h" */ #if 1 +#ifdef KERBEROS_V +#include +#else #include -#endif +#endif /* KERBEROS_V */ +#endif /* 1 */ extern int des_debug; extern int des_debug_print(); @@ -46,6 +52,7 @@ extern void des_fixup_key_parity(); #endif #if defined(WORLDPEACEINOURTIME) /* Use original, not ifs version */ +#ifndef KERBEROS_V /* * convert an arbitrary length string to a DES key */ @@ -132,6 +139,7 @@ des_string_to_key(str,key) *((unsigned long *) key+1)); } +#endif /* KERBEROS_V */ #else /* Use ifs version */ #if 0 diff --git a/libraries/liblthread/Makefile.in b/libraries/liblthread/Makefile.in index 47a810bd62..bf75f2db02 100644 --- a/libraries/liblthread/Makefile.in +++ b/libraries/liblthread/Makefile.in @@ -4,8 +4,8 @@ LIBRARY = liblthread.a XSRCS = version.c -SRCS = thread.c stack.c -OBJS = thread.o stack.o +SRCS = rdwr.c thread.c stack.c +OBJS = rdwr.o thread.o stack.o LDAP_INCDIR= ../../include LDAP_LIBDIR= ../../libraries diff --git a/libraries/liblthread/rdwr.c b/libraries/liblthread/rdwr.c new file mode 100644 index 0000000000..137c993435 --- /dev/null +++ b/libraries/liblthread/rdwr.c @@ -0,0 +1,116 @@ +/* +** This basic implementation of Reader/Writer locks does not +** protect writers from starvation. That is, if a writer is +** currently waiting on a reader, any new reader will get +** the lock before the writer. +*/ + +/******************************************************** + * An example source module to accompany... + * + * "Using POSIX Threads: Programming with Pthreads" + * by Brad nichols, Dick Buttlar, Jackie Farrell + * O'Reilly & Associates, Inc. + * + ******************************************************** + * rdwr.c -- + * + * Library of functions implementing reader/writer locks + */ + +#define DISABLE_BRIDGE +#include + +#include +#include +#include + +int pthread_rdwr_init_np(pthread_rdwr_t *rdwrp, pthread_rdwrattr_t *attrp) +{ + rdwrp->readers_reading = 0; + rdwrp->writer_writing = 0; + pthread_mutex_init(&(rdwrp->mutex), NULL); + pthread_cond_init(&(rdwrp->lock_free), NULL); + return 0; +} + +int pthread_rdwr_rlock_np(pthread_rdwr_t *rdwrp){ + pthread_mutex_lock(&(rdwrp->mutex)); + while(rdwrp->writer_writing) { + pthread_cond_wait(&(rdwrp->lock_free), &(rdwrp->mutex)); + } + rdwrp->readers_reading++; + pthread_mutex_unlock(&(rdwrp->mutex)); + return 0; +} + +int pthread_rdwr_runlock_np(pthread_rdwr_t *rdwrp) +{ + pthread_mutex_lock(&(rdwrp->mutex)); + if (rdwrp->readers_reading == 0) { + pthread_mutex_unlock(&(rdwrp->mutex)); + return -1; + } + else { + rdwrp->readers_reading--; + if (rdwrp->readers_reading == 0) { + pthread_cond_signal(&(rdwrp->lock_free)); + } + pthread_mutex_unlock(&(rdwrp->mutex)); + return 0; + } +} + +int pthread_rdwr_wlock_np(pthread_rdwr_t *rdwrp) +{ + pthread_mutex_lock(&(rdwrp->mutex)); + while(rdwrp->writer_writing || rdwrp->readers_reading) { + pthread_cond_wait(&(rdwrp->lock_free), &(rdwrp->mutex)); + } + rdwrp->writer_writing++; + pthread_mutex_unlock(&(rdwrp->mutex)); + return 0; +} + +int pthread_rdwr_wunlock_np(pthread_rdwr_t *rdwrp) +{ + pthread_mutex_lock(&(rdwrp->mutex)); + if (rdwrp->writer_writing == 0) { + pthread_mutex_unlock(&(rdwrp->mutex)); + return -1; + } + else { + rdwrp->writer_writing = 0; + pthread_cond_broadcast(&(rdwrp->lock_free)); + pthread_mutex_unlock(&(rdwrp->mutex)); + return 0; + } +} + +#ifdef LDAP_DEBUG + +/* just for testing, + * return 0 if false, suitable for assert(pthread_rdwr_Xchk(rdwr)) + * + * Currently they don't check if the calling thread is the one + * that has the lock, just that there is a reader or writer. + * + * Basically sufficent for testing that places that should have + * a lock are caught. + */ + +int pthread_rdwr_rchk_np(pthread_rdwr_t *rdwrp) +{ + return(rdwrp->readers_reading!=0); +} + +int pthread_rdwr_wchk_np(pthread_rdwr_t *rdwrp) +{ + return(rdwrp->writer_writing!=0); +} +int pthread_rdwr_rwchk_np(pthread_rdwr_t *rdwrp) +{ + return(pthread_rdwr_rchk_np(rdwrp) || pthread_rdwr_wchk_np(rdwrp)); +} + +#endif /* LDAP_DEBUG */ diff --git a/libraries/liblthread/thread.c b/libraries/liblthread/thread.c index d4fea7e477..8e4e4995be 100644 --- a/libraries/liblthread/thread.c +++ b/libraries/liblthread/thread.c @@ -504,6 +504,7 @@ void pthread_yield( void ) { sched_yield(); } + #endif /* HAVE_SCHED_YIELD */ #endif /* posix threads */ diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c index 6c3b22ee85..a5fd38abbd 100644 --- a/servers/slapd/acl.c +++ b/servers/slapd/acl.c @@ -6,15 +6,11 @@ #include #include #include -#ifdef sunos5 -#include "regexpr.h" -#else -#include "regex.h" -#endif +#include + #include "slap.h" extern Attribute *attr_find(); -extern char *re_comp(); extern struct acl *global_acl; extern int global_default_access; extern char *access2str(); @@ -26,7 +22,9 @@ struct acl *acl_get_applicable(); static int regex_matches(); -extern pthread_mutex_t regex_mutex; +static string_expand(char *newbuf, int bufsiz, char *pattern, + char *match, regmatch_t *matches); + /* * access_allowed - check whether dn is allowed the requested access @@ -51,15 +49,57 @@ access_allowed( int access ) { - int rc; - struct acl *a; + int rc; + struct acl *a; + char *edn; + + regmatch_t matches[MAXREMATCHES]; + int i; + int n; if ( be == NULL ) { return( 0 ); } - a = acl_get_applicable( be, op, e, attr ); - rc = acl_access_allowed( a, be, conn, e, val, op, access ); + edn = dn_normalize_case( strdup( e->e_dn ) ); + Debug( LDAP_DEBUG_ACL, "\n=> access_allowed: entry (%s) attr (%s)\n", + e->e_dn, attr, 0 ); + + /* the lastmod attributes are ignored by ACL checking */ + if ( strcasecmp( attr, "modifiersname" ) == 0 || + strcasecmp( attr, "modifytimestamp" ) == 0 || + strcasecmp( attr, "creatorsname" ) == 0 || + strcasecmp( attr, "createtimestamp" ) == 0 ) + { + Debug( LDAP_DEBUG_ACL, "LASTMOD attribute: %s access allowed\n", + attr, 0, 0 ); + free( edn ); + return(1); + } + + memset(matches, 0, sizeof(matches)); + + a = acl_get_applicable( be, op, e, attr, edn, MAXREMATCHES, matches ); + + if (a) { + for (i = 0; i < MAXREMATCHES && matches[i].rm_so > 0; i++) { + Debug( LDAP_DEBUG_ARGS, "=> match[%d]: %d %d ", + i, matches[i].rm_so, matches[i].rm_eo ); + + if( matches[i].rm_so <= matches[0].rm_eo ) { + for ( n = matches[i].rm_so; n < matches[i].rm_eo; n++) { + Debug( LDAP_DEBUG_ARGS, "%c", edn[n], 0, 0 ); + } + } + Debug( LDAP_DEBUG_ARGS, "\n", 0, 0, 0 ); + } + } + + rc = acl_access_allowed( a, be, conn, e, val, op, access, edn, matches ); + free( edn ); + + Debug( LDAP_DEBUG_ACL, "\n=> access_allowed: exit (%s) attr (%s)\n", + e->e_dn, attr, 0); return( rc ); } @@ -75,15 +115,17 @@ acl_get_applicable( Backend *be, Operation *op, Entry *e, - char *attr + char *attr, + char *edn, + int nmatch, + regmatch_t *matches ) { - int i; + int i, j; struct acl *a; - char *edn; - Debug( LDAP_DEBUG_ACL, "=> acl_get: entry (%s) attr (%s)\n", e->e_dn, - attr, 0 ); + Debug( LDAP_DEBUG_ACL, "\n=> acl_get: entry (%s) attr (%s)\n", + e->e_dn, attr, 0 ); if ( be_isroot( be, op->o_dn ) ) { Debug( LDAP_DEBUG_ACL, @@ -92,55 +134,73 @@ acl_get_applicable( return( NULL ); } + Debug( LDAP_DEBUG_ARGS, "=> acl_get: edn %s\n", edn, 0, 0 ); + /* check for a backend-specific acl that matches the entry */ for ( i = 1, a = be->be_acl; a != NULL; a = a->acl_next, i++ ) { - if ( a->acl_dnpat != NULL ) { - edn = dn_normalize_case( strdup( e->e_dn ) ); - if ( ! regex_matches( a->acl_dnpat, edn ) ) { - free( edn ); + if (a->acl_dnpat != NULL) { + Debug( LDAP_DEBUG_TRACE, "=> dnpat: [%d] %s nsub: %d\n", + i, a->acl_dnpat, a->acl_dnre.re_nsub); + + if (regexec(&a->acl_dnre, edn, nmatch, matches, 0)) continue; - } - free( edn ); + else + Debug( LDAP_DEBUG_TRACE, "=> acl_get:[%d] backend ACL match\n", + i, 0, 0); } + if ( a->acl_filter != NULL ) { - if ( test_filter( NULL, NULL, NULL, e, a->acl_filter ) - != 0 ) { + if ( test_filter( NULL, NULL, NULL, e, a->acl_filter ) != 0 ) { continue; } } + + Debug( LDAP_DEBUG_ARGS, "=> acl_get: [%d] check attr %s\n", i, attr, 0); + if ( attr == NULL || a->acl_attrs == NULL || - charray_inlist( a->acl_attrs, attr ) ) { - Debug( LDAP_DEBUG_ACL, "<= acl_get: backend acl #%d\n", - i, e->e_dn, attr ); + charray_inlist( a->acl_attrs, attr ) ) + { + Debug( LDAP_DEBUG_ACL, "<= acl_get: [%d] backend acl %s attr: %s\n", + i, e->e_dn, attr ); return( a ); } + matches[0].rm_so = matches[0].rm_eo = -1; } /* check for a global acl that matches the entry */ for ( i = 1, a = global_acl; a != NULL; a = a->acl_next, i++ ) { - if ( a->acl_dnpat != NULL ) { - edn = dn_normalize_case( strdup( e->e_dn ) ); - if ( ! regex_matches( a->acl_dnpat, edn ) ) { - free( edn ); + if (a->acl_dnpat != NULL) { + Debug( LDAP_DEBUG_TRACE, "=> dnpat: [%d] %s nsub: %d\n", + i, a->acl_dnpat, a->acl_dnre.re_nsub); + + if (regexec(&a->acl_dnre, edn, nmatch, matches, 0)) { continue; + } else { + Debug( LDAP_DEBUG_TRACE, "=> acl_get: [%d] global ACL match\n", + i, 0, 0); } - free( edn ); } + if ( a->acl_filter != NULL ) { - if ( test_filter( NULL, NULL, NULL, e, a->acl_filter ) - != 0 ) { + if ( test_filter( NULL, NULL, NULL, e, a->acl_filter ) != 0 ) { continue; } } - if ( attr == NULL || a->acl_attrs == NULL || charray_inlist( - a->acl_attrs, attr ) ) { - Debug( LDAP_DEBUG_ACL, "<= acl_get: global acl #%d\n", - i, e->e_dn, attr ); + + Debug( LDAP_DEBUG_ARGS, "=> acl_get: [%d] check attr\n", i, 0, 0); + + if ( attr == NULL || a->acl_attrs == NULL || + charray_inlist( a->acl_attrs, attr ) ) + { + Debug( LDAP_DEBUG_ACL, "<= acl_get: [%d] global acl %s attr: %s\n", + i, e->e_dn, attr ); return( a ); } + + matches[0].rm_so = matches[0].rm_eo = -1; } - Debug( LDAP_DEBUG_ACL, "<= acl_get: no match\n", 0, 0, 0 ); + Debug( LDAP_DEBUG_ACL, "<= acl_get: no match\n", 0, 0, 0 ); return( NULL ); } @@ -161,31 +221,40 @@ acl_access_allowed( Entry *e, struct berval *val, Operation *op, - int access + int access, + char *edn, + regmatch_t *matches ) { int i; - char *edn, *odn; + char *odn; struct access *b; Attribute *at; struct berval bv; int default_access; - Debug( LDAP_DEBUG_ACL, "=> acl: %s access to value \"%s\" by \"%s\"\n", - access2str( access ), val ? val->bv_val : "any", op->o_dn ? - op->o_dn : "" ); + Debug( LDAP_DEBUG_ACL, + "\n=> acl_access_allowed: %s access to entry \"%s\"\n", + access2str( access ), e->e_dn, 0 ); + + Debug( LDAP_DEBUG_ACL, + "\n=> acl_access_allowed: %s access to value \"%s\" by \"%s\"\n", + access2str( access ), + val ? val->bv_val : "any", + op->o_dn ? op->o_dn : "" ); if ( be_isroot( be, op->o_dn ) ) { - Debug( LDAP_DEBUG_ACL, "<= acl: granted to database root\n", + Debug( LDAP_DEBUG_ACL, + "<= acl_access_allowed: granted to database root\n", 0, 0, 0 ); return( 1 ); } - default_access = be->be_dfltaccess ? be->be_dfltaccess : - global_default_access; + default_access = be->be_dfltaccess ? be->be_dfltaccess : global_default_access; + if ( a == NULL ) { Debug( LDAP_DEBUG_ACL, - "<= acl: %s by default (no matching to)\n", + "<= acl_access_allowed: %s by default (no matching to)\n", default_access >= access ? "granted" : "denied", 0, 0 ); return( default_access >= access ); } @@ -198,76 +267,78 @@ acl_access_allowed( } for ( i = 1, b = a->acl_access; b != NULL; b = b->a_next, i++ ) { if ( b->a_dnpat != NULL ) { + Debug( LDAP_DEBUG_TRACE, "<= check a_dnpat: %s\n", + b->a_dnpat, 0, 0); /* * if access applies to the entry itself, and the * user is bound as somebody in the same namespace as * the entry, OR the given dn matches the dn pattern */ - if ( strcasecmp( b->a_dnpat, "self" ) == 0 && op->o_dn - != NULL && *(op->o_dn) && e->e_dn != NULL ) { - edn = dn_normalize_case( strdup( e->e_dn ) ); + if ( strcasecmp( b->a_dnpat, "self" ) == 0 && + op->o_dn != NULL && *(op->o_dn) && e->e_dn != NULL ) + { if ( strcasecmp( edn, op->o_dn ) == 0 ) { - free( edn ); - if ( odn ) free( odn ); Debug( LDAP_DEBUG_ACL, - "<= acl: matched by clause #%d access %s\n", + "<= acl_access_allowed: matched by clause #%d access %s\n", i, (b->a_access & ~ACL_SELF) >= access ? "granted" : "denied", 0 ); - return( (b->a_access & ~ACL_SELF) - >= access ); + if ( odn ) free( odn ); + return( (b->a_access & ~ACL_SELF) >= access ); } - free( edn ); } else { - if ( regex_matches( b->a_dnpat, odn ) ) { - if ( odn ) free( odn ); + if ( regex_matches( b->a_dnpat, odn, edn, matches ) ) { Debug( LDAP_DEBUG_ACL, - "<= acl: matched by clause #%d access %s\n", + "<= acl_access_allowed: matched by clause #%d access %s\n", i, (b->a_access & ~ACL_SELF) >= access ? "granted" : "denied", 0 ); - return( (b->a_access & ~ACL_SELF) - >= access ); + if ( odn ) free( odn ); + return( (b->a_access & ~ACL_SELF) >= access ); } } } if ( b->a_addrpat != NULL ) { - if ( regex_matches( b->a_addrpat, conn->c_addr ) ) { - if ( odn ) free( odn ); + if ( regex_matches( b->a_addrpat, conn->c_addr, edn, matches ) ) { Debug( LDAP_DEBUG_ACL, - "<= acl: matched by clause #%d access %s\n", + "<= acl_access_allowed: matched by clause #%d access %s\n", i, (b->a_access & ~ACL_SELF) >= access ? "granted" : "denied", 0 ); + if ( odn ) free( odn ); return( (b->a_access & ~ACL_SELF) >= access ); } } if ( b->a_domainpat != NULL ) { - if ( regex_matches( b->a_domainpat, conn->c_domain ) ) { - if ( odn ) free( odn ); + Debug( LDAP_DEBUG_ARGS, "<= check a_domainpath: %s\n", + b->a_domainpat, 0, 0 ); + if ( regex_matches( b->a_domainpat, conn->c_domain, edn, matches ) ) + { Debug( LDAP_DEBUG_ACL, - "<= acl: matched by clause #%d access %s\n", + "<= acl_access_allowed: matched by clause #%d access %s\n", i, (b->a_access & ~ACL_SELF) >= access ? "granted" : "denied", 0 ); + if ( odn ) free( odn ); return( (b->a_access & ~ACL_SELF) >= access ); } } if ( b->a_dnattr != NULL && op->o_dn != NULL ) { + Debug( LDAP_DEBUG_ARGS, "<= check a_dnattr: %s\n", + b->a_dnattr, 0, 0); /* see if asker is listed in dnattr */ - if ( (at = attr_find( e->e_attrs, b->a_dnattr )) - != NULL && value_find( at->a_vals, &bv, - at->a_syntax, 3 ) == 0 ) + if ( (at = attr_find( e->e_attrs, b->a_dnattr )) != NULL && + value_find( at->a_vals, &bv, at->a_syntax, 3 ) == 0 ) { - if ( (b->a_access & ACL_SELF) && (val == NULL - || value_cmp( &bv, val, at->a_syntax, - 2 )) ) { + if ( (b->a_access & ACL_SELF) && + (val == NULL || value_cmp( &bv, val, at->a_syntax, 2 )) ) + { continue; } if ( odn ) free( odn ); Debug( LDAP_DEBUG_ACL, - "<= acl: matched by clause #%d access %s\n", + "<= acl_acces_allowed: matched by clause #%d access %s\n", i, (b->a_access & ~ACL_SELF) >= access ? "granted" : "denied", 0 ); @@ -276,22 +347,49 @@ acl_access_allowed( /* asker not listed in dnattr - check for self access */ if ( ! (b->a_access & ACL_SELF) || val == NULL || - value_cmp( &bv, val, at->a_syntax, 2 ) != 0 ) { + value_cmp( &bv, val, at->a_syntax, 2 ) != 0 ) + { continue; } if ( odn ) free( odn ); Debug( LDAP_DEBUG_ACL, - "<= acl: matched by clause #%d (self) access %s\n", + "<= acl_access_allowed: matched by clause #%d (self) access %s\n", i, (b->a_access & ~ACL_SELF) >= access ? "granted" : "denied", 0 ); return( (b->a_access & ~ACL_SELF) >= access ); } +#ifdef ACLGROUP + if ( b->a_group != NULL && op->o_dn != NULL ) { + char buf[512]; + + /* b->a_group is an unexpanded entry name, expanded it should be an + * entry with objectclass group* and we test to see if odn is one of + * the values in the attribute uniquegroup + */ + Debug( LDAP_DEBUG_ARGS, "<= check a_group: %s\n", + b->a_group, 0, 0); + Debug( LDAP_DEBUG_ARGS, "<= check a_group: odn: %s\n", + odn, 0, 0); + + /* see if asker is listed in dnattr */ + string_expand(buf, sizeof(buf), b->a_group, edn, matches); + + if (be_group(be, buf, odn) == 0) { + Debug( LDAP_DEBUG_ACL, + "<= acl_access_allowed: matched by clause #%d (group) access granted\n", + i, 0, 0 ); + if ( odn ) free( odn ); + return( (b->a_access & ~ACL_SELF) >= access ); + } + } +#endif /* ACLGROUP */ } if ( odn ) free( odn ); - Debug( LDAP_DEBUG_ACL, "<= acl: %s by default (no matching by)\n", + Debug( LDAP_DEBUG_ACL, + "<= acl_access_allowed: %s by default (no matching by)\n", default_access >= access ? "granted" : "denied", 0, 0 ); return( default_access >= access ); @@ -316,14 +414,26 @@ acl_check_mods( { int i; struct acl *a; + char *edn; + + edn = dn_normalize_case( strdup( e->e_dn ) ); for ( ; mods != NULL; mods = mods->mod_next ) { + regmatch_t matches[MAXREMATCHES]; + + /* the lastmod attributes are ignored by ACL checking */ if ( strcasecmp( mods->mod_type, "modifiersname" ) == 0 || - strcasecmp( mods->mod_type, "modifytimestamp" ) == 0 ) { + strcasecmp( mods->mod_type, "modifytimestamp" ) == 0 || + strcasecmp( mods->mod_type, "creatorsname" ) == 0 || + strcasecmp( mods->mod_type, "createtimestamp" ) == 0 ) + { + Debug( LDAP_DEBUG_ACL, "LASTMOD attribute: %s access allowed\n", + mods->mod_type, 0, 0 ); continue; } - a = acl_get_applicable( be, op, e, mods->mod_type ); + a = acl_get_applicable( be, op, e, mods->mod_type, edn, + MAXREMATCHES, matches ); switch ( mods->mod_op & ~LDAP_MOD_BVALUES ) { case LDAP_MOD_REPLACE: @@ -332,8 +442,10 @@ acl_check_mods( break; } for ( i = 0; mods->mod_bvalues[i] != NULL; i++ ) { - if ( ! acl_access_allowed( a, be, conn, e, - mods->mod_bvalues[i], op, ACL_WRITE ) ) { + if ( ! acl_access_allowed( a, be, conn, e, mods->mod_bvalues[i], + op, ACL_WRITE, edn, matches) ) + { + free(edn); return( LDAP_INSUFFICIENT_ACCESS ); } } @@ -342,14 +454,18 @@ acl_check_mods( case LDAP_MOD_DELETE: if ( mods->mod_bvalues == NULL ) { if ( ! acl_access_allowed( a, be, conn, e, - NULL, op, ACL_WRITE ) ) { + NULL, op, ACL_WRITE, edn, matches) ) + { + free(edn); return( LDAP_INSUFFICIENT_ACCESS ); } break; } for ( i = 0; mods->mod_bvalues[i] != NULL; i++ ) { - if ( ! acl_access_allowed( a, be, conn, e, - mods->mod_bvalues[i], op, ACL_WRITE ) ) { + if ( ! acl_access_allowed( a, be, conn, e, mods->mod_bvalues[i], + op, ACL_WRITE, edn, matches) ) + { + free(edn); return( LDAP_INSUFFICIENT_ACCESS ); } } @@ -357,48 +473,95 @@ acl_check_mods( } } + free(edn); return( LDAP_SUCCESS ); } -#ifdef sunos5 - -static int -regex_matches( char *pat, char *str ) +static string_expand( + char *newbuf, + int bufsiz, + char *pat, + char *match, + regmatch_t *matches) { - char *e; - int rc; - - if ( (e = compile( pat, NULL, NULL )) == NULL ) { - Debug( LDAP_DEBUG_ANY, - "compile( \"%s\", \"%s\") failed\n", pat, str, 0 ); - return( 0 ); + int size; + char *sp; + char *dp; + int flag; + + size = 0; + newbuf[0] = '\0'; + + flag = 0; + for ( dp = newbuf, sp = pat; size < 512 && *sp ; sp++) { + /* did we previously see a $ */ + if (flag) { + if (*sp == '$') { + *dp++ = '$'; + size++; + } else if (*sp >= '0' && *sp <= '9' ) { + int n; + int i; + char *ep; + int l; + + n = *sp - '0'; + *dp = '\0'; + i = matches[n].rm_so; + l = matches[n].rm_eo; + for ( ; size < 512 && i < l; size++, i++ ) { + *dp++ = match[i]; + size++; + } + *dp = '\0'; + } + flag = 0; + } else { + if (*sp == '$') { + flag = 1; + } else { + *dp++ = *sp; + size++; + } + } } - rc = step( str ? str : "", e ); - free( e ); + *dp = '\0'; - return( rc ); + Debug( LDAP_DEBUG_TRACE, "=> string_expand: pattern: %s\n", pat, 0, 0 ); + Debug( LDAP_DEBUG_TRACE, "=> string_expand: expanded: %s\n", newbuf, 0, 0 ); } -#else /* sunos5 */ - static int -regex_matches( char *pat, char *str ) +regex_matches( + char *pat, /* pattern to expand and match against */ + char *str, /* string to match against pattern */ + char *buf, /* buffer with $N expansion variables */ + regmatch_t *matches /* offsets in buffer for $N expansion variables */ +) { - char *e; + regex_t re; + char newbuf[512]; int rc; - pthread_mutex_lock( ®ex_mutex ); - if ( (e = re_comp( pat )) != NULL ) { - Debug( LDAP_DEBUG_ANY, - "re_comp( \"%s\", \"%s\") failed because (%s)\n", pat, str, - e ); - pthread_mutex_unlock( ®ex_mutex ); + string_expand(newbuf, sizeof(newbuf), pat, buf, matches); + if (( rc = regcomp(&re, newbuf, REG_EXTENDED|REG_ICASE))) { + char error[512]; + regerror(rc, &re, error, sizeof(error)); + + Debug( LDAP_DEBUG_TRACE, + "compile( \"%s\", \"%s\") failed %s\n", + pat, str, error ); return( 0 ); } - rc = re_exec( str ? str : "" ); - pthread_mutex_unlock( ®ex_mutex ); - return( rc == 1 ); + rc = regexec(&re, str, 0, NULL, 0); + regfree( &re ); + + Debug( LDAP_DEBUG_TRACE, + "=> regex_matches: string: %s\n", str, 0, 0 ); + Debug( LDAP_DEBUG_TRACE, + "=> regex_matches: rc: %d %s\n", + rc, !rc ? "matches" : "no matches", 0 ); + return( !rc ); } -#endif /* sunos5 */ diff --git a/servers/slapd/add.c b/servers/slapd/add.c index 027e40a8e4..93cc3cdcd3 100644 --- a/servers/slapd/add.c +++ b/servers/slapd/add.c @@ -53,6 +53,8 @@ do_add( conn, op ) */ e = (Entry *) ch_calloc( 1, sizeof(Entry) ); + /* initialize reader/writer lock */ + entry_rdwr_init(e); /* get the name */ if ( ber_scanf( ber, "{a", &dn ) == LBER_ERROR ) { @@ -117,21 +119,25 @@ do_add( conn, op ) */ if ( be->be_add != NULL ) { /* do the update here */ - if ( be->be_updatedn == NULL || strcasecmp( be->be_updatedn, - op->o_dn ) == 0 ) { - if ( (be->be_lastmod == ON || be->be_lastmod == 0 && - global_lastmod == ON) && be->be_updatedn == NULL ) { + if ( be->be_updatedn == NULL || + strcasecmp( be->be_updatedn, op->o_dn ) == 0 ) { + + if ( (be->be_lastmod == ON || (be->be_lastmod == UNDEFINED && + global_lastmod == ON)) && be->be_updatedn == NULL ) { + add_created_attrs( op, e ); } if ( (*be->be_add)( be, conn, op, e ) == 0 ) { replog( be, LDAP_REQ_ADD, e->e_dn, e, 0 ); } + } else { entry_free( e ); send_ldap_result( conn, op, LDAP_PARTIAL_RESULTS, NULL, default_referral ); } } else { + Debug( LDAP_DEBUG_ARGS, " do_add: HHH\n", 0, 0, 0 ); entry_free( e ); send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM, NULL, "Function not implemented" ); @@ -141,7 +147,7 @@ do_add( conn, op ) static void add_created_attrs( Operation *op, Entry *e ) { - char buf[20]; + char buf[22]; struct berval bv; struct berval *bvals[2]; Attribute **a, **next; @@ -155,8 +161,10 @@ add_created_attrs( Operation *op, Entry *e ) /* remove any attempts by the user to add these attrs */ for ( a = &e->e_attrs; *a != NULL; a = next ) { - if ( strcasecmp( (*a)->a_type, "createtimestamp" ) == 0 - || strcasecmp( (*a)->a_type, "creatorsname" ) == 0 ) { + if ( strcasecmp( (*a)->a_type, "modifiersname" ) == 0 || + strcasecmp( (*a)->a_type, "modifytimestamp" ) == 0 || + strcasecmp( (*a)->a_type, "creatorsname" ) == 0 || + strcasecmp( (*a)->a_type, "createtimestamp" ) == 0 ) { tmp = *a; *a = (*a)->a_next; attr_free( tmp ); @@ -176,8 +184,12 @@ add_created_attrs( Operation *op, Entry *e ) attr_merge( e, "creatorsname", bvals ); pthread_mutex_lock( ¤ttime_mutex ); - ltm = localtime( ¤ttime ); - strftime( buf, sizeof(buf), "%y%m%d%H%M%SZ", ltm ); + ltm = localtime( ¤ttime ); +#ifdef LDAP_Y2K + strftime( buf, sizeof(buf), "%Y%m%d%H%M%SZ", ltm ); +#else + strftime( buf, sizeof(buf), "%y%m%d%H%M%SZ", ltm ); +#endif pthread_mutex_unlock( ¤ttime_mutex ); bv.bv_val = buf; diff --git a/servers/slapd/back-ldbm/add.c b/servers/slapd/back-ldbm/add.c index 3dacd6da3d..797398ad4b 100644 --- a/servers/slapd/back-ldbm/add.c +++ b/servers/slapd/back-ldbm/add.c @@ -6,11 +6,11 @@ #include #include "slap.h" #include "back-ldbm.h" +#include "proto-back-ldbm.h" extern int global_schemacheck; extern char *dn_parent(); extern char *dn_normalize(); -extern Entry *dn2entry(); int ldbm_back_add( @@ -21,27 +21,30 @@ ldbm_back_add( ) { struct ldbminfo *li = (struct ldbminfo *) be->be_private; - char *matched; char *dn = NULL, *pdn = NULL; - Entry *p; + Entry *p = NULL; + int rc; dn = dn_normalize( strdup( e->e_dn ) ); - matched = NULL; - if ( (p = dn2entry( be, dn, &matched )) != NULL ) { - cache_return_entry( &li->li_cache, p ); + + Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_add: %s\n", dn, 0, 0); + + if ( ( dn2id( be, dn ) ) != NOID ) { entry_free( e ); free( dn ); send_ldap_result( conn, op, LDAP_ALREADY_EXISTS, "", "" ); return( -1 ); } - if ( matched != NULL ) { - free( matched ); - } + /* XXX race condition here til we cache_add_entry_lock below XXX */ if ( global_schemacheck && oc_schema_check( e ) != 0 ) { - Debug( LDAP_DEBUG_TRACE, "entry failed schema check\n", 0, 0, - 0 ); + Debug( LDAP_DEBUG_TRACE, "entry failed schema check\n", + 0, 0, 0 ); + + /* XXX this should be ok, no other thread should have access + * because e hasn't been added to the cache yet + */ entry_free( e ); free( dn ); send_ldap_result( conn, op, LDAP_OBJECT_CLASS_VIOLATION, "", @@ -61,6 +64,10 @@ ldbm_back_add( Debug( LDAP_DEBUG_ANY, "cache_add_entry_lock failed\n", 0, 0, 0 ); next_id_return( be, e->e_id ); + + /* XXX this should be ok, no other thread should have access + * because e hasn't been added to the cache yet + */ entry_free( e ); free( dn ); send_ldap_result( conn, op, LDAP_ALREADY_EXISTS, "", "" ); @@ -74,17 +81,22 @@ ldbm_back_add( */ if ( (pdn = dn_parent( be, dn )) != NULL ) { + char *matched; /* no parent */ matched = NULL; - if ( (p = dn2entry( be, pdn, &matched )) == NULL ) { + + /* get entry with reader lock */ + if ( (p = dn2entry_r( be, pdn, &matched )) == NULL ) { + Debug( LDAP_DEBUG_TRACE, "parent does not exist\n", 0, + 0, 0 ); send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT, matched, "" ); if ( matched != NULL ) { free( matched ); } - Debug( LDAP_DEBUG_TRACE, "parent does not exist\n", 0, - 0, 0 ); - goto error_return; + + rc = -1; + goto return_results; } if ( matched != NULL ) { free( matched ); @@ -96,7 +108,9 @@ ldbm_back_add( 0, 0 ); send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS, "", "" ); - goto error_return; + + rc = -1; + goto return_results; } } else { if ( ! be_isroot( be, op->o_dn ) ) { @@ -104,9 +118,10 @@ ldbm_back_add( 0, 0 ); send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS, "", "" ); - goto error_return; + + rc = -1; + goto return_results; } - p = NULL; } /* @@ -116,9 +131,10 @@ ldbm_back_add( if ( id2children_add( be, p, e ) != 0 ) { Debug( LDAP_DEBUG_TRACE, "id2children_add failed\n", 0, 0, 0 ); - send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, "", - "" ); - goto error_return; + send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, "", "" ); + + rc = -1; + goto return_results; } /* @@ -131,7 +147,9 @@ ldbm_back_add( Debug( LDAP_DEBUG_TRACE, "index_add_entry failed\n", 0, 0, 0 ); send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, "", "" ); - goto error_return; + + rc = -1; + goto return_results; } /* dn2id index */ @@ -139,35 +157,44 @@ ldbm_back_add( Debug( LDAP_DEBUG_TRACE, "dn2id_add failed\n", 0, 0, 0 ); send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, "", "" ); - goto error_return; + + rc = -1; + goto return_results; } + /* acquire writer lock */ + entry_rdwr_lock(e, 1); + /* id2entry index */ if ( id2entry_add( be, e ) != 0 ) { Debug( LDAP_DEBUG_TRACE, "id2entry_add failed\n", 0, 0, 0 ); (void) dn2id_delete( be, dn ); send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, "", "" ); - goto error_return; + + rc = -1; + goto return_results; } send_ldap_result( conn, op, LDAP_SUCCESS, "", "" ); + rc = 0; + +return_results:; + if ( dn != NULL ) free( dn ); if ( pdn != NULL ) free( pdn ); + cache_set_state( &li->li_cache, e, 0 ); - cache_return_entry( &li->li_cache, e ); - return( 0 ); -error_return:; - if ( dn != NULL ) - free( dn ); - if ( pdn != NULL ) - free( pdn ); - next_id_return( be, e->e_id ); - cache_delete_entry( &li->li_cache, e ); - cache_return_entry( &li->li_cache, e ); + /* free entry and writer lock */ + cache_return_entry_w( &li->li_cache, e ); + + /* free entry and reader lock */ + if (p != NULL) { + cache_return_entry_r( &li->li_cache, p ); + } - return( -1 ); + return( rc ); } diff --git a/servers/slapd/back-ldbm/bind.c b/servers/slapd/back-ldbm/bind.c index be453f8e5d..66dfddbceb 100644 --- a/servers/slapd/back-ldbm/bind.c +++ b/servers/slapd/back-ldbm/bind.c @@ -6,6 +6,7 @@ #include #include "slap.h" #include "back-ldbm.h" +#include "proto-back-ldbm.h" #ifdef KERBEROS #ifdef KERBEROS_V #include @@ -32,7 +33,6 @@ extern char *crypt (char *key, char *salt); #include -extern Entry *dn2entry(); extern Attribute *attr_find(); #ifdef KERBEROS @@ -140,7 +140,10 @@ ldbm_back_bind( AUTH_DAT ad; #endif - if ( (e = dn2entry( be, dn, &matched )) == NULL ) { + Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_bind: dn: %s\n", dn, 0, 0); + + /* get entry with reader lock */ + if ( (e = dn2entry_r( be, dn, &matched )) == NULL ) { /* allow noauth binds */ if ( method == LDAP_AUTH_SIMPLE && cred->bv_len == 0 ) { /* @@ -153,8 +156,7 @@ ldbm_back_bind( /* front end will send result */ rc = 0; } else { - send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT, - matched, NULL ); + send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT, matched, NULL ); rc = 1; } if ( matched != NULL ) { @@ -163,25 +165,32 @@ ldbm_back_bind( return( rc ); } + /* check for deleted */ + switch ( method ) { case LDAP_AUTH_SIMPLE: if ( cred->bv_len == 0 ) { send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL ); - return( 1 ); + + /* stop front end from sending result */ + rc = 1; + goto return_results; } else if ( be_isroot_pw( be, dn, cred ) ) { /* front end will send result */ - return( 0 ); + rc = 0; + goto return_results; } if ( (a = attr_find( e->e_attrs, "userpassword" )) == NULL ) { if ( be_isroot_pw( be, dn, cred ) ) { /* front end will send result */ - return( 0 ); + rc = 0; + goto return_results; } send_ldap_result( conn, op, LDAP_INAPPROPRIATE_AUTH, NULL, NULL ); - cache_return_entry( &li->li_cache, e ); - return( 1 ); + rc = 1; + goto return_results; } #ifdef LDAP_CRYPT @@ -189,16 +198,18 @@ ldbm_back_bind( #else if ( value_find( a->a_vals, cred, a->a_syntax, 0 ) != 0 ) #endif -{ + { if ( be_isroot_pw( be, dn, cred ) ) { /* front end will send result */ - return( 0 ); + rc = 0; + goto return_results; } send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS, NULL, NULL ); - cache_return_entry( &li->li_cache, e ); - return( 1 ); + rc = 1; + goto return_results; } + rc = 0; break; #ifdef KERBEROS @@ -206,8 +217,8 @@ ldbm_back_bind( if ( krbv4_ldap_auth( be, cred, &ad ) != LDAP_SUCCESS ) { send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS, NULL, NULL ); - cache_return_entry( &li->li_cache, e ); - return( 1 ); + rc = 0; + goto return_results; } sprintf( krbname, "%s%s%s@%s", ad.pname, *ad.pinst ? "." : "", ad.pinst, ad.prealm ); @@ -216,43 +227,47 @@ ldbm_back_bind( * no krbName values present: check against DN */ if ( strcasecmp( dn, krbname ) == 0 ) { + rc = 0; /* XXX wild ass guess */ break; } send_ldap_result( conn, op, LDAP_INAPPROPRIATE_AUTH, NULL, NULL ); - cache_return_entry( &li->li_cache, e ); - return( 1 ); + rc = 1; + goto return_results; } else { /* look for krbName match */ struct berval krbval; krbval.bv_val = krbname; krbval.bv_len = strlen( krbname ); - if ( value_find( a->a_vals, &krbval, a->a_syntax, 3 ) - != 0 ) { + if ( value_find( a->a_vals, &krbval, a->a_syntax, 3 ) != 0 ) { send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS, NULL, NULL ); - cache_return_entry( &li->li_cache, e ); - return( 1 ); + rc = 1; + goto return_results; } } break; case LDAP_AUTH_KRBV42: send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL ); - cache_return_entry( &li->li_cache, e ); - return( 1 ); + /* stop front end from sending result */ + rc = 1; + goto return_results; #endif default: send_ldap_result( conn, op, LDAP_STRONG_AUTH_NOT_SUPPORTED, NULL, "auth method not supported" ); - cache_return_entry( &li->li_cache, e ); - return( 1 ); + rc = 1; + goto return_results; } - cache_return_entry( &li->li_cache, e ); +return_results:; + /* free entry and reader lock */ + cache_return_entry_r( &li->li_cache, e ); - /* success: front end will send result */ - return( 0 ); + /* front end with send result on success (rc==0) */ + return( rc ); } + diff --git a/servers/slapd/back-ldbm/cache.c b/servers/slapd/back-ldbm/cache.c index a9248865ef..819b1f2712 100644 --- a/servers/slapd/back-ldbm/cache.c +++ b/servers/slapd/back-ldbm/cache.c @@ -52,7 +52,7 @@ cache_set_state( struct cache *cache, Entry *e, int state ) pthread_mutex_unlock( &cache->c_mutex ); } -void +static void cache_return_entry( struct cache *cache, Entry *e ) { /* set cache mutex */ @@ -66,6 +66,28 @@ cache_return_entry( struct cache *cache, Entry *e ) pthread_mutex_unlock( &cache->c_mutex ); } +static void +cache_return_entry_rw( struct cache *cache, Entry *e, int rw ) +{ + Debug( LDAP_DEBUG_TRACE, "====> cache_return_entry_%s\n", + rw ? "w" : "r", 0, 0); + entry_rdwr_unlock(e, rw);; + cache_return_entry(cache, e); +} + +void +cache_return_entry_r( struct cache *cache, Entry *e ) +{ + cache_return_entry_rw(cache, e, 0); +} + +void +cache_return_entry_w( struct cache *cache, Entry *e ) +{ + cache_return_entry_rw(cache, e, 1); +} + + #define LRU_DELETE( cache, e ) { \ if ( e->e_lruprev != NULL ) { \ e->e_lruprev->e_lrunext = e->e_lrunext; \ @@ -114,8 +136,8 @@ cache_add_entry_lock( cache_entrydn_cmp, avl_dup_error ) != 0 ) { Debug( LDAP_DEBUG_TRACE, - "entry %20s id %d already in dn cache\n", e->e_dn, - e->e_id, 0 ); + "====> cache_add_entry lock: entry %20s id %d already in dn cache\n", + e->e_dn, e->e_id, 0 ); /* free cache mutex */ pthread_mutex_unlock( &cache->c_mutex ); @@ -126,14 +148,15 @@ cache_add_entry_lock( if ( avl_insert( &cache->c_idtree, (caddr_t) e, cache_entryid_cmp, avl_dup_error ) != 0 ) { - Debug( LDAP_DEBUG_ANY, "entry %20s id %d already in id cache\n", + Debug( LDAP_DEBUG_ANY, + "====> entry %20s id %d already in id cache\n", e->e_dn, e->e_id, 0 ); /* delete from dn tree inserted above */ if ( avl_delete( &cache->c_dntree, (caddr_t) e, cache_entrydn_cmp ) == NULL ) { - Debug( LDAP_DEBUG_ANY, "can't delete from dn cache\n", + Debug( LDAP_DEBUG_ANY, "====> can't delete from dn cache\n", 0, 0, 0 ); } @@ -171,6 +194,9 @@ cache_add_entry_lock( == 0 && cache->c_cursize > cache->c_maxsize ) { e = cache->c_lrutail; + /* XXX check for writer lock - should also check no readers pending */ + assert(pthread_rdwr_wchk_np(&e->e_rdwr)); + /* delete from cache and lru q */ rc = cache_delete_entry_internal( cache, e ); @@ -184,45 +210,85 @@ cache_add_entry_lock( } /* - * cache_find_entry_dn - find an entry in the cache, given dn + * cache_find_entry_dn2id - find an entry in the cache, given dn */ -Entry * -cache_find_entry_dn( +ID +cache_find_entry_dn2id( + Backend *be, struct cache *cache, char *dn ) { + struct ldbminfo *li = (struct ldbminfo *) be->be_private; Entry e, *ep; + ID id; /* set cache mutex */ pthread_mutex_lock( &cache->c_mutex ); e.e_dn = dn; + if ( (ep = (Entry *) avl_find( cache->c_dntree, (caddr_t) &e, cache_entrydn_cmp )) != NULL ) { + Debug(LDAP_DEBUG_TRACE, "====> cache_find_entry_dn2id: found dn: %s\n", + dn, 0, 0); + /* * entry is deleted or not fully created yet */ if ( ep->e_state == ENTRY_STATE_DELETED || - ep->e_state == ENTRY_STATE_CREATING ) + ep->e_state == ENTRY_STATE_CREATING ) { /* free cache mutex */ pthread_mutex_unlock( &cache->c_mutex ); - return( NULL ); + return( NOID ); } + + /* XXX is this safe without writer lock? */ ep->e_refcnt++; /* lru */ LRU_DELETE( cache, ep ); LRU_ADD( cache, ep ); + + /* acquire reader lock */ + entry_rdwr_lock(ep, 0); + + /* re-check */ + if ( ep->e_state == ENTRY_STATE_DELETED || + ep->e_state == ENTRY_STATE_CREATING ) + { + /* XXX check that is is required */ + ep->e_refcnt--; + + /* free reader lock */ + entry_rdwr_unlock(ep, 0); + /* free cache mutex */ + pthread_mutex_unlock( &cache->c_mutex ); + + return( NOID ); + } + + /* save id */ + id = ep->e_id; + + /* free reader lock */ + entry_rdwr_unlock(ep, 0); + + /* free cache mutex */ + pthread_mutex_unlock( &cache->c_mutex ); + + cache_return_entry( &li->li_cache, ep ); + + return( id ); } /* free cache mutex */ pthread_mutex_unlock( &cache->c_mutex ); - return( ep ); + return( NOID ); } /* @@ -231,8 +297,9 @@ cache_find_entry_dn( Entry * cache_find_entry_id( - struct cache *cache, - ID id + struct cache *cache, + ID id, + int rw ) { Entry e; @@ -242,30 +309,64 @@ cache_find_entry_id( pthread_mutex_lock( &cache->c_mutex ); e.e_id = id; + if ( (ep = (Entry *) avl_find( cache->c_idtree, (caddr_t) &e, cache_entryid_cmp )) != NULL ) { + Debug(LDAP_DEBUG_TRACE, + "====> cache_find_entry_dn2id: found id: %ld rw: %d\n", + id, rw, 0); + /* * entry is deleted or not fully created yet */ if ( ep->e_state == ENTRY_STATE_DELETED || - ep->e_state == ENTRY_STATE_CREATING ) + ep->e_state == ENTRY_STATE_CREATING ) { /* free cache mutex */ pthread_mutex_unlock( &cache->c_mutex ); return( NULL ); } + /* XXX is this safe without writer lock? */ ep->e_refcnt++; /* lru */ LRU_DELETE( cache, ep ); LRU_ADD( cache, ep ); + + /* acquire reader lock */ + entry_rdwr_lock(ep, 0); + + /* re-check */ + if ( ep->e_state == ENTRY_STATE_DELETED || + ep->e_state == ENTRY_STATE_CREATING ) { + + /* XXX check that is is required */ + ep->e_refcnt--; + + /* free reader lock */ + entry_rdwr_unlock(ep, 0); + + /* free cache mutex */ + pthread_mutex_unlock( &cache->c_mutex ); + return( NULL ); + } + + if ( rw ) { + entry_rdwr_unlock(ep, 0); + entry_rdwr_lock(ep, 1); + } + + /* free cache mutex */ + pthread_mutex_unlock( &cache->c_mutex ); + + return( ep ); } /* free cache mutex */ pthread_mutex_unlock( &cache->c_mutex ); - return( ep ); + return( NULL ); } /* @@ -287,6 +388,11 @@ cache_delete_entry( { int rc; + Debug( LDAP_DEBUG_TRACE, "====> cache_delete_entry:\n", 0, 0, 0 ); + + /* XXX check for writer lock - should also check no readers pending */ + assert(pthread_rdwr_wchk_np(&e->e_rdwr)); + /* set cache mutex */ pthread_mutex_lock( &cache->c_mutex ); @@ -349,3 +455,4 @@ lru_print( struct cache *cache ) } #endif + diff --git a/servers/slapd/back-ldbm/compare.c b/servers/slapd/back-ldbm/compare.c index 4757a29b92..b0974ffdbb 100644 --- a/servers/slapd/back-ldbm/compare.c +++ b/servers/slapd/back-ldbm/compare.c @@ -6,8 +6,8 @@ #include #include "slap.h" #include "back-ldbm.h" +#include "proto-back-ldbm.h" -extern Entry *dn2entry(); extern Attribute *attr_find(); int @@ -23,33 +23,36 @@ ldbm_back_compare( char *matched; Entry *e; Attribute *a; - int i; + int i, rc; - if ( (e = dn2entry( be, dn, &matched )) == NULL ) { + /* get entry with reader lock */ + if ( (e = dn2entry_r( be, dn, &matched )) == NULL ) { send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT, matched, "" ); return( 1 ); } + /* check for deleted */ if ( ! access_allowed( be, conn, op, e, ava->ava_type, &ava->ava_value, op->o_dn, ACL_COMPARE ) ) { send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS, "", "" ); - cache_return_entry( &li->li_cache, e ); - return( 1 ); + rc = 1; + goto return_results; } if ( (a = attr_find( e->e_attrs, ava->ava_type )) == NULL ) { send_ldap_result( conn, op, LDAP_NO_SUCH_ATTRIBUTE, "", "" ); - cache_return_entry( &li->li_cache, e ); - return( 1 ); + rc = 1; + goto return_results; } - if ( value_find( a->a_vals, &ava->ava_value, a->a_syntax, 1 ) == 0 ) { + if ( value_find( a->a_vals, &ava->ava_value, a->a_syntax, 1 ) == 0 ) send_ldap_result( conn, op, LDAP_COMPARE_TRUE, "", "" ); - cache_return_entry( &li->li_cache, e ); - return( 0 ); - } + else + send_ldap_result( conn, op, LDAP_COMPARE_FALSE, "", "" ); + + rc = 0; - send_ldap_result( conn, op, LDAP_COMPARE_FALSE, "", "" ); - cache_return_entry( &li->li_cache, e ); - return( 0 ); +return_results:; + cache_return_entry_r( &li->li_cache, e ); + return( rc ); } diff --git a/servers/slapd/back-ldbm/delete.c b/servers/slapd/back-ldbm/delete.c index c773929ffb..b6ffa79e0e 100644 --- a/servers/slapd/back-ldbm/delete.c +++ b/servers/slapd/back-ldbm/delete.c @@ -6,8 +6,8 @@ #include #include "slap.h" #include "back-ldbm.h" +#include "proto-back-ldbm.h" -extern Entry *dn2entry(); extern Attribute *attr_find(); int @@ -22,7 +22,12 @@ ldbm_back_delete( char *matched = NULL; Entry *e; - if ( (e = dn2entry( be, dn, &matched )) == NULL ) { + Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_delete: %s\n", dn, 0, 0); + + /* get entry with writer lock */ + if ( (e = dn2entry_w( be, dn, &matched )) == NULL ) { + Debug(LDAP_DEBUG_ARGS, "<=- ldbm_back_delete: no such object %s\n", + dn, 0, 0); send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT, matched, "" ); if ( matched != NULL ) { free( matched ); @@ -30,38 +35,63 @@ ldbm_back_delete( return( -1 ); } + Debug (LDAP_DEBUG_TRACE, + "rdwr_Xchk: readers_reading: %d writer_writing: %d\n", + e->e_rdwr.readers_reading, e->e_rdwr.writer_writing, 0); + + /* check for deleted */ + if ( has_children( be, e ) ) { + Debug(LDAP_DEBUG_ARGS, "<=- ldbm_back_delete: non leaf %s\n", + dn, 0, 0); send_ldap_result( conn, op, LDAP_NOT_ALLOWED_ON_NONLEAF, "", "" ); - cache_return_entry( &li->li_cache, e ); - return( -1 ); + goto error_return; } if ( ! access_allowed( be, conn, op, e, "entry", NULL, op->o_dn, ACL_WRITE ) ) { + Debug(LDAP_DEBUG_ARGS, + "<=- ldbm_back_delete: insufficient access %s\n", + dn, 0, 0); send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS, "", "" ); - cache_return_entry( &li->li_cache, e ); - return( -1 ); + goto error_return; } + Debug (LDAP_DEBUG_TRACE, + "rdwr_Xchk: readers_reading: %d writer_writing: %d\n", + e->e_rdwr.readers_reading, e->e_rdwr.writer_writing, 0); + /* XXX delete from parent's id2children entry XXX */ /* delete from dn2id mapping */ if ( dn2id_delete( be, e->e_dn ) != 0 ) { + Debug(LDAP_DEBUG_ARGS, + "<=- ldbm_back_delete: operations error %s\n", + dn, 0, 0); send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, "", "" ); - cache_return_entry( &li->li_cache, e ); - return( -1 ); + goto error_return; } /* delete from disk and cache */ if ( id2entry_delete( be, e ) != 0 ) { + Debug(LDAP_DEBUG_ARGS, + "<=- ldbm_back_delete: operations error %s\n", + dn, 0, 0); send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, "", "" ); - cache_return_entry( &li->li_cache, e ); - return( -1 ); + goto error_return; } - cache_return_entry( &li->li_cache, e ); + + /* free entry and writer lock */ + cache_return_entry_w( &li->li_cache, e ); send_ldap_result( conn, op, LDAP_SUCCESS, "", "" ); return( 0 ); + +error_return:; + /* free entry and writer lock */ + cache_return_entry_w( &li->li_cache, e ); + + return( -1 ); } diff --git a/servers/slapd/back-ldbm/dn2id.c b/servers/slapd/back-ldbm/dn2id.c index c4116086b0..0a7edac280 100644 --- a/servers/slapd/back-ldbm/dn2id.c +++ b/servers/slapd/back-ldbm/dn2id.c @@ -6,10 +6,9 @@ #include #include "slap.h" #include "back-ldbm.h" +#include "proto-back-ldbm.h" extern struct dbcache *ldbm_cache_open(); -extern Entry *cache_find_entry_dn(); -extern Entry *id2entry(); extern char *dn_parent(); extern Datum ldbm_cache_fetch(); @@ -20,9 +19,15 @@ dn2id_add( ID id ) { - int rc; + int rc, flags; struct dbcache *db; Datum key, data; + struct ldbminfo *li = (struct ldbminfo *) be->be_private; + +#ifdef LDBM_USE_DB2 + memset( &key, 0, sizeof( key ) ); + memset( &data, 0, sizeof( data ) ); +#endif Debug( LDAP_DEBUG_TRACE, "=> dn2id_add( \"%s\", %ld )\n", dn, id, 0 ); @@ -41,7 +46,10 @@ dn2id_add( data.dptr = (char *) &id; data.dsize = sizeof(ID); - rc = ldbm_cache_store( db, key, data, LDBM_INSERT ); + flags = LDBM_INSERT; + if ( li->li_flush_wrt ) flags |= LDBM_SYNC; + + rc = ldbm_cache_store( db, key, data, flags ); free( dn ); ldbm_cache_close( be, db ); @@ -58,31 +66,31 @@ dn2id( { struct ldbminfo *li = (struct ldbminfo *) be->be_private; struct dbcache *db; - Entry *e; ID id; Datum key, data; - Debug( LDAP_DEBUG_TRACE, "=> dn2id( \"%s\" )\n", dn, 0, 0 ); +#ifdef LDBM_USE_DB2 + memset( &key, 0, sizeof( key ) ); + memset( &data, 0, sizeof( data ) ); +#endif dn = strdup( dn ); + Debug( LDAP_DEBUG_TRACE, "=> dn2id( \"%s\" )\n", dn, 0, 0 ); dn_normalize_case( dn ); /* first check the cache */ - if ( (e = cache_find_entry_dn( &li->li_cache, dn )) != NULL ) { - id = e->e_id; + if ( (id = cache_find_entry_dn2id( be, &li->li_cache, dn )) != NOID ) { free( dn ); - Debug( LDAP_DEBUG_TRACE, "<= dn2id %d (in cache)\n", e->e_id, - 0, 0 ); - cache_return_entry( &li->li_cache, e ); - + Debug( LDAP_DEBUG_TRACE, "<= dn2id %d (in cache)\n", id, + 0, 0 ); return( id ); } if ( (db = ldbm_cache_open( be, "dn2id", LDBM_SUFFIX, LDBM_WRCREAT )) - == NULL ) { + == NULL ) { free( dn ); Debug( LDAP_DEBUG_ANY, "<= dn2id could not open dn2id%s\n", - LDBM_SUFFIX, 0, 0 ); + LDBM_SUFFIX, 0, 0 ); return( NOID ); } @@ -118,6 +126,10 @@ dn2id_delete( Datum key; int rc; +#ifdef LDBM_USE_DB2 + memset( &key, 0, sizeof( key ) ); +#endif + Debug( LDAP_DEBUG_TRACE, "=> dn2id_delete( \"%s\" )\n", dn, 0, 0 ); if ( (db = ldbm_cache_open( be, "dn2id", LDBM_SUFFIX, LDBM_WRCREAT )) @@ -145,11 +157,12 @@ dn2id_delete( * entry. */ -Entry * +static Entry * dn2entry( Backend *be, char *dn, - char **matched + char **matched, + int rw ) { struct ldbminfo *li = (struct ldbminfo *) be->be_private; @@ -157,8 +170,12 @@ dn2entry( Entry *e; char *pdn; - if ( (id = dn2id( be, dn )) != NOID && (e = id2entry( be, id )) - != NULL ) { + Debug(LDAP_DEBUG_TRACE, "dn2entry_%s: dn: %s\n", + rw ? "w" : "r", dn, 0); + + if ( (id = dn2id( be, dn )) != NOID && + (e = id2entry( be, id, rw )) != NULL ) + { return( e ); } *matched = NULL; @@ -170,9 +187,11 @@ dn2entry( /* entry does not exist - see how much of the dn does exist */ if ( (pdn = dn_parent( be, dn )) != NULL ) { - if ( (e = dn2entry( be, pdn, matched )) != NULL ) { + /* get entry with reader lock */ + if ( (e = dn2entry_r( be, pdn, matched )) != NULL ) { *matched = pdn; - cache_return_entry( &li->li_cache, e ); + /* free entry with reader lock */ + cache_return_entry_r( &li->li_cache, e ); } else { free( pdn ); } @@ -180,3 +199,39 @@ dn2entry( return( NULL ); } + +#if 0 + if (e->e_state == ENTRY_STATE_DELETED) + continue; + + if (strcmp(dn, e->e_dn) != 0) + continue; + + /* return locked entry entry */ + return(e); + } +} +#endif + +Entry * +dn2entry_r( + Backend *be, + char *dn, + char **matched +) +{ + return( dn2entry( be, dn, matched, 0 ) ); +} + +Entry * +dn2entry_w( + Backend *be, + char *dn, + char **matched +) +{ + return( dn2entry( be, dn, matched, 1 ) ); +} + + + diff --git a/servers/slapd/back-ldbm/group.c b/servers/slapd/back-ldbm/group.c new file mode 100644 index 0000000000..8ada479ea4 --- /dev/null +++ b/servers/slapd/back-ldbm/group.c @@ -0,0 +1,91 @@ +/* compare.c - ldbm backend compare routine */ + +#include +#include +#include +#include +#include "slap.h" +#include "back-ldbm.h" +#include "proto-back-ldbm.h" + +extern Attribute *attr_find(); + + +#ifdef ACLGROUP +/* return 0 IFF edn is a value in uniqueMember attribute + * of entry with bdn AND that entry has an objectClass + * value of groupOfUniqueNames + */ +int +ldbm_back_group( + Backend *be, + char *bdn, + char *edn +) +{ + struct ldbminfo *li = (struct ldbminfo *) be->be_private; + Entry *e; + char *matched; + Attribute *objectClass; + Attribute *uniqueMember; + int rc; + + Debug( LDAP_DEBUG_TRACE, "=> ldbm_back_group: bdn: %s\n", bdn, 0, 0 ); + Debug( LDAP_DEBUG_TRACE, "=> ldbm_back_group: edn: %s\n", edn, 0, 0 ); + + /* can we find bdn entry with reader lock */ + if ((e = dn2entry_r(be, bdn, &matched )) == NULL) { + Debug( LDAP_DEBUG_TRACE, "=> ldbm_back_group: cannot find bdn: %s matched: %x\n", bdn, matched, 0 ); + if (matched != NULL) + free(matched); + return( 1 ); + } + Debug( LDAP_DEBUG_ARGS, "=> ldbm_back_group: found bdn: %s matched: %x\n", bdn, matched, 0 ); + + /* check for deleted */ + + /* find it's objectClass and uniqueMember attribute values + * make sure this is a group entry + * finally test if we can find edn in the uniqueMember attribute value list * + */ + + rc = 1; + if ((objectClass = attr_find(e->e_attrs, "objectclass")) == NULL) { + Debug( LDAP_DEBUG_TRACE, "<= ldbm_back_group: failed to find objectClass\n", 0, 0, 0 ); + } + else if ((uniqueMember = attr_find(e->e_attrs, "uniquemember")) == NULL) { + Debug( LDAP_DEBUG_TRACE, "<= ldbm_back_group: failed to find uniqueMember\n", 0, 0, 0 ); + } + else { + struct berval bvObjectClass; + struct berval bvUniqueMembers; + + Debug( LDAP_DEBUG_ARGS, "<= ldbm_back_group: found objectClass and uniqueMembers\n", 0, 0, 0 ); + + bvObjectClass.bv_val = "groupofuniquenames"; + bvObjectClass.bv_len = strlen( bvObjectClass.bv_val ); + bvUniqueMembers.bv_val = edn; + bvUniqueMembers.bv_len = strlen( edn ); + + if (value_find(objectClass->a_vals, &bvObjectClass, SYNTAX_CIS, 1) != 0) { + Debug( LDAP_DEBUG_TRACE, "<= ldbm_back_group: failed to find objectClass in groupOfUniqueNames\n", + 0, 0, 0 ); + } + else if (value_find(uniqueMember->a_vals, &bvUniqueMembers, SYNTAX_CIS, 1) != 0) { + Debug( LDAP_DEBUG_ACL, "<= ldbm_back_group: %s not in %s: groupOfUniqueNames\n", + edn, bdn, 0 ); + } + else { + Debug( LDAP_DEBUG_ACL, "<= ldbm_back_group: %s is in %s: groupOfUniqueNames\n", + edn, bdn, 0 ); + rc = 0; + } + } + + /* free entry and reader lock */ + cache_return_entry_r( &li->li_cache, e ); + Debug( LDAP_DEBUG_ARGS, "ldbm_back_group: rc: %d\n", rc, 0, 0 ); + return(rc); +} +#endif + diff --git a/servers/slapd/back-ldbm/id2entry.c b/servers/slapd/back-ldbm/id2entry.c index fbda3c9952..38522cb54a 100644 --- a/servers/slapd/back-ldbm/id2entry.c +++ b/servers/slapd/back-ldbm/id2entry.c @@ -10,7 +10,6 @@ extern struct dbcache *ldbm_cache_open(); extern Datum ldbm_cache_fetch(); extern char *dn_parent(); extern Entry *str2entry(); -extern Entry *cache_find_entry_id(); extern char *entry2str(); extern pthread_mutex_t entry2str_mutex; @@ -20,7 +19,12 @@ id2entry_add( Backend *be, Entry *e ) struct ldbminfo *li = (struct ldbminfo *) be->be_private; struct dbcache *db; Datum key, data; - int len, rc; + int len, rc, flags; + +#ifdef LDBM_USE_DB2 + memset( &key, 0, sizeof( key ) ); + memset( &data, 0, sizeof( data ) ); +#endif Debug( LDAP_DEBUG_TRACE, "=> id2entry_add( %d, \"%s\" )\n", e->e_id, e->e_dn, 0 ); @@ -39,8 +43,10 @@ id2entry_add( Backend *be, Entry *e ) data.dptr = entry2str( e, &len, 1 ); data.dsize = len + 1; - /* store it - LDBM_SYNC ensures id2entry is always consistent */ - rc = ldbm_cache_store( db, key, data, LDBM_REPLACE|LDBM_SYNC ); + /* store it */ + flags = LDBM_REPLACE; + if ( li->li_flush_wrt ) flags != LDBM_SYNC; + rc = ldbm_cache_store( db, key, data, flags ); pthread_mutex_unlock( &entry2str_mutex ); @@ -48,6 +54,8 @@ id2entry_add( Backend *be, Entry *e ) (void) cache_add_entry_lock( &li->li_cache, e, 0 ); Debug( LDAP_DEBUG_TRACE, "<= id2entry_add %d\n", rc, 0, 0 ); + + /* XXX should entries be born locked, i.e. apply writer lock here? */ return( rc ); } @@ -62,8 +70,20 @@ id2entry_delete( Backend *be, Entry *e ) Debug( LDAP_DEBUG_TRACE, "=> id2entry_delete( %d, \"%s\" )\n", e->e_id, e->e_dn, 0 ); + /* XXX - check for writer lock - should also check no reader pending */ + assert(pthread_rdwr_wchk_np(&e->e_rdwr)); + +#ifdef LDBM_USE_DB2 + memset( &key, 0, sizeof( key ) ); +#endif + + /* XXX - check for writer lock - should also check no reader pending */ + Debug (LDAP_DEBUG_TRACE, + "rdwr_Xchk: readers_reading: %d writer_writing: %d\n", + e->e_rdwr.readers_reading, e->e_rdwr.writer_writing, 0); + if ( (db = ldbm_cache_open( be, "id2entry", LDBM_SUFFIX, LDBM_WRCREAT )) - == NULL ) { + == NULL ) { Debug( LDAP_DEBUG_ANY, "Could not open/create id2entry%s\n", LDBM_SUFFIX, 0, 0 ); return( -1 ); @@ -85,24 +105,31 @@ id2entry_delete( Backend *be, Entry *e ) return( rc ); } +/* XXX returns entry with reader/writer lock */ Entry * -id2entry( Backend *be, ID id ) +id2entry( Backend *be, ID id, int rw ) { struct ldbminfo *li = (struct ldbminfo *) be->be_private; struct dbcache *db; Datum key, data; Entry *e; - Debug( LDAP_DEBUG_TRACE, "=> id2entry( %ld )\n", id, 0, 0 ); +#ifdef LDBM_USE_DB2 + memset( &key, 0, sizeof( key ) ); + memset( &data, 0, sizeof( data ) ); +#endif + + Debug( LDAP_DEBUG_TRACE, "=> id2entry_%s( %ld )\n", + rw ? "w" : "r", id, 0 ); - if ( (e = cache_find_entry_id( &li->li_cache, id )) != NULL ) { - Debug( LDAP_DEBUG_TRACE, "<= id2entry 0x%x (cache)\n", e, 0, - 0 ); + if ( (e = cache_find_entry_id( &li->li_cache, id, rw )) != NULL ) { + Debug( LDAP_DEBUG_TRACE, "<= id2entry_%s 0x%x (cache)\n", + rw ? "w" : "r", e, 0 ); return( e ); } if ( (db = ldbm_cache_open( be, "id2entry", LDBM_SUFFIX, LDBM_WRCREAT )) - == NULL ) { + == NULL ) { Debug( LDAP_DEBUG_ANY, "Could not open id2entry%s\n", LDBM_SUFFIX, 0, 0 ); return( NULL ); @@ -114,20 +141,47 @@ id2entry( Backend *be, ID id ) data = ldbm_cache_fetch( db, key ); if ( data.dptr == NULL ) { - Debug( LDAP_DEBUG_TRACE, "<= id2entry( %ld ) not found\n", id, - 0, 0 ); + Debug( LDAP_DEBUG_TRACE, "<= id2entry_%s( %ld ) not found\n", + rw ? "w" : "r", id, 0 ); ldbm_cache_close( be, db ); return( NULL ); } - if ( (e = str2entry( data.dptr )) != NULL ) { - e->e_id = id; - (void) cache_add_entry_lock( &li->li_cache, e, 0 ); - } + e = str2entry( data.dptr ); ldbm_datum_free( db->dbc_db, data ); ldbm_cache_close( be, db ); - Debug( LDAP_DEBUG_TRACE, "<= id2entry( %ld ) 0x%x (disk)\n", id, e, 0 ); + if ( e == NULL ) { + Debug( LDAP_DEBUG_TRACE, "<= id2entry_%s( %ld ) (failed)\n", + rw ? "w" : "r", id, 0 ); + return( NULL ); + } + + /* acquire required reader/writer lock */ + if (entry_rdwr_lock(e, rw)) { + /* XXX set DELETE flag?? */ + entry_free(e); + return(NULL); + } + + e->e_id = id; + (void) cache_add_entry_lock( &li->li_cache, e, 0 ); + + Debug( LDAP_DEBUG_TRACE, "<= id2entry_%s( %ld ) (disk)\n", + rw ? "w" : "r", id, 0 ); return( e ); } + +Entry * +id2entry_r( Backend *be, ID id ) +{ + return( id2entry( be, id, 0 ) ); +} + +Entry * +id2entry_2( Backend *be, ID id ) +{ + return( id2entry( be, id, 1 ) ); +} + diff --git a/servers/slapd/back-ldbm/kerberos.c b/servers/slapd/back-ldbm/kerberos.c index d22553c659..d07138bed7 100644 --- a/servers/slapd/back-ldbm/kerberos.c +++ b/servers/slapd/back-ldbm/kerberos.c @@ -8,12 +8,15 @@ #include "back-ldbm.h" #ifdef KERBEROS -#include "krb.h" +#ifdef KERBEROS_V +#include +#else +#include +#endif /* KERBEROS_V */ #define LDAP_KRB_PRINCIPAL "ldapserver" extern char *ldap_srvtab; -extern Entry *dn2entry(); extern Attribute *attr_find(); krbv4_ldap_auth( diff --git a/servers/slapd/back-ldbm/modify.c b/servers/slapd/back-ldbm/modify.c index 3fa6c61a92..df94146736 100644 --- a/servers/slapd/back-ldbm/modify.c +++ b/servers/slapd/back-ldbm/modify.c @@ -6,9 +6,9 @@ #include #include "slap.h" #include "back-ldbm.h" +#include "proto-back-ldbm.h" extern int global_schemacheck; -extern Entry *dn2entry(); extern Attribute *attr_find(); static int add_values(); @@ -30,7 +30,9 @@ ldbm_back_modify( int i, err, modtype; LDAPMod *mod; - if ( (e = dn2entry( be, dn, &matched )) == NULL ) { + Debug(LDAP_DEBUG_ARGS, "ldbm_back_modify:\n", 0, 0, 0); + + if ( (e = dn2entry_w( be, dn, &matched )) == NULL ) { send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT, matched, NULL ); if ( matched != NULL ) { @@ -38,12 +40,14 @@ ldbm_back_modify( } return( -1 ); } + + /* check for deleted */ + /* lock entry */ if ( (err = acl_check_mods( be, conn, op, e, mods )) != LDAP_SUCCESS ) { send_ldap_result( conn, op, err, NULL, NULL ); - cache_return_entry( &li->li_cache, e ); - return( -1 ); + goto error_return; } for ( mod = mods; mod != NULL; mod = mod->mod_next ) { @@ -64,55 +68,52 @@ ldbm_back_modify( if ( err != LDAP_SUCCESS ) { /* unlock entry, delete from cache */ send_ldap_result( conn, op, err, NULL, NULL ); - cache_return_entry( &li->li_cache, e ); - return( -1 ); + goto error_return; } } + /* check that the entry still obeys the schema */ + if ( global_schemacheck && oc_schema_check( e ) != 0 ) { + Debug( LDAP_DEBUG_ANY, "entry failed schema check\n", 0, 0, 0 ); + send_ldap_result( conn, op, LDAP_OBJECT_CLASS_VIOLATION, NULL, NULL ); + goto error_return; + } + /* check for abandon */ pthread_mutex_lock( &op->o_abandonmutex ); if ( op->o_abandon ) { pthread_mutex_unlock( &op->o_abandonmutex ); - cache_return_entry( &li->li_cache, e ); - return( -1 ); + goto error_return; } pthread_mutex_unlock( &op->o_abandonmutex ); - /* check that the entry still obeys the schema */ - if ( global_schemacheck && oc_schema_check( e ) != 0 ) { - send_ldap_result( conn, op, LDAP_OBJECT_CLASS_VIOLATION, NULL, - NULL ); - cache_return_entry( &li->li_cache, e ); - return( -1 ); - } - /* modify indexes */ if ( index_add_mods( be, mods, e->e_id ) != 0 ) { send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL, NULL ); - cache_return_entry( &li->li_cache, e ); - return( -1 ); + goto error_return; } /* check for abandon */ pthread_mutex_lock( &op->o_abandonmutex ); if ( op->o_abandon ) { pthread_mutex_unlock( &op->o_abandonmutex ); - cache_return_entry( &li->li_cache, e ); - return( -1 ); + goto error_return; } pthread_mutex_unlock( &op->o_abandonmutex ); /* change the entry itself */ if ( id2entry_add( be, e ) != 0 ) { send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL, NULL ); - cache_return_entry( &li->li_cache, e ); - return( -1 ); + goto error_return; } send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL ); - cache_return_entry( &li->li_cache, e ); - + cache_return_entry_w( &li->li_cache, e ); return( 0 ); + +error_return:; + cache_return_entry_w( &li->li_cache, e ); + return( -1 ); } static int diff --git a/servers/slapd/back-ldbm/modrdn.c b/servers/slapd/back-ldbm/modrdn.c index fcd9fcc35a..26c96709ae 100644 --- a/servers/slapd/back-ldbm/modrdn.c +++ b/servers/slapd/back-ldbm/modrdn.c @@ -6,8 +6,8 @@ #include #include "slap.h" #include "back-ldbm.h" +#include "proto-back-ldbm.h" -extern Entry *dn2entry(); extern char *dn_parent(); int @@ -24,10 +24,12 @@ ldbm_back_modrdn( char *matched; char *pdn, *newdn, *p; char sep[2]; - Entry *e, *e2; + Entry *e; matched = NULL; - if ( (e = dn2entry( be, dn, &matched )) == NULL ) { + + /* get entry with writer lock */ + if ( (e = dn2entry_w( be, dn, &matched )) == NULL ) { send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT, matched, "" ); if ( matched != NULL ) { free( matched ); @@ -61,17 +63,12 @@ ldbm_back_modrdn( } (void) dn_normalize( newdn ); - matched = NULL; - if ( (e2 = dn2entry( be, newdn, &matched )) != NULL ) { + /* get entry with writer lock */ + if ( (dn2id ( be, newdn ) ) != NOID ) { free( newdn ); free( pdn ); send_ldap_result( conn, op, LDAP_ALREADY_EXISTS, NULL, NULL ); - cache_return_entry( &li->li_cache, e2 ); - cache_return_entry( &li->li_cache, e ); - return( -1 ); - } - if ( matched != NULL ) { - free( matched ); + goto error_return; } /* check for abandon */ @@ -80,9 +77,7 @@ ldbm_back_modrdn( pthread_mutex_unlock( &op->o_abandonmutex ); free( newdn ); free( pdn ); - cache_return_entry( &li->li_cache, e2 ); - cache_return_entry( &li->li_cache, e ); - return( -1 ); + goto error_return; } pthread_mutex_unlock( &op->o_abandonmutex ); @@ -91,8 +86,7 @@ ldbm_back_modrdn( free( newdn ); free( pdn ); send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL, NULL ); - cache_return_entry( &li->li_cache, e ); - return( -1 ); + goto error_return; } /* delete old one */ @@ -100,8 +94,7 @@ ldbm_back_modrdn( free( newdn ); free( pdn ); send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL, NULL ); - cache_return_entry( &li->li_cache, e ); - return( -1 ); + goto error_return; } (void) cache_delete_entry( &li->li_cache, e ); @@ -120,13 +113,19 @@ ldbm_back_modrdn( /* id2entry index */ if ( id2entry_add( be, e ) != 0 ) { entry_free( e ); - send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, "", "" ); - return( -1 ); + goto error_return; } free( pdn ); - cache_return_entry( &li->li_cache, e ); + + /* free entry and writer lock */ + cache_return_entry_w( &li->li_cache, e ); send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL ); return( 0 ); + +error_return: + /* free entry and writer lock */ + cache_return_entry_w( &li->li_cache, e ); + return( -1 ); } diff --git a/servers/slapd/back-ldbm/proto-back-ldbm.h b/servers/slapd/back-ldbm/proto-back-ldbm.h index acc69ca33c..1bc9fdd0e1 100644 --- a/servers/slapd/back-ldbm/proto-back-ldbm.h +++ b/servers/slapd/back-ldbm/proto-back-ldbm.h @@ -15,10 +15,11 @@ void attr_index_config( struct ldbminfo *li, char *fname, int lineno, */ void cache_set_state( struct cache *cache, Entry *e, int state ); -void cache_return_entry( struct cache *cache, Entry *e ); +void cache_return_entry_r( struct cache *cache, Entry *e ); +void cache_return_entry_w( struct cache *cache, Entry *e ); int cache_add_entry_lock( struct cache *cache, Entry *e, int state ); -Entry * cache_find_entry_dn( struct cache *cache, char *dn ); -Entry * cache_find_entry_id( struct cache *cache, ID id ); +ID cache_find_entry_dn2id( Backend *be, struct cache *cache, char *dn ); +Entry * cache_find_entry_id( struct cache *cache, ID id, int rw ); int cache_delete_entry( struct cache *cache, Entry *e ); /* @@ -40,7 +41,9 @@ int ldbm_cache_delete( struct dbcache *db, Datum key ); int dn2id_add( Backend *be, char *dn, ID id ); ID dn2id( Backend *be, char *dn ); int dn2id_delete( Backend *be, char *dn ); -Entry * dn2entry( Backend *be, char *dn, char **matched ); +/*Entry * dn2entry( Backend *be, char *dn, char **matched );*/ +Entry * dn2entry_r( Backend *be, char *dn, char **matched ); +Entry * dn2entry_w( Backend *be, char *dn, char **matched ); /* * filterindex.c @@ -61,7 +64,9 @@ int has_children( Backend *be, Entry *p ); int id2entry_add( Backend *be, Entry *e ); int id2entry_delete( Backend *be, Entry *e ); -Entry * id2entry( Backend *be, ID id ); +Entry * id2entry( Backend *be, ID id, int rw ); +Entry * id2entry_r( Backend *be, ID id ); +Entry * id2entry_w( Backend *be, ID id ); /* * idl.c diff --git a/servers/slapd/back-ldbm/search.c b/servers/slapd/back-ldbm/search.c index 6a53be4f11..19dafe4c01 100644 --- a/servers/slapd/back-ldbm/search.c +++ b/servers/slapd/back-ldbm/search.c @@ -6,14 +6,12 @@ #include #include "slap.h" #include "back-ldbm.h" +#include "proto-back-ldbm.h" extern time_t currenttime; extern pthread_mutex_t currenttime_mutex; -extern ID dn2id(); extern IDList *idl_alloc(); -extern Entry *id2entry(); -extern Entry *dn2entry(); extern Attribute *attr_find(); extern IDList *filter_candidates(); extern char *ch_realloc(); @@ -62,6 +60,8 @@ ldbm_back_search( char *rbuf, *rcur, *r; int nentries = 0; + Debug(LDAP_DEBUG_ARGS, "=> ldbm_back_search\n", 0, 0, 0); + if ( tlimit == 0 && be_isroot( be, op->o_dn ) ) { tlimit = -1; /* allow root to set no limit */ } else { @@ -139,10 +139,9 @@ ldbm_back_search( } pthread_mutex_unlock( ¤ttime_mutex ); - /* get the entry */ - if ( (e = id2entry( be, id )) == NULL ) { - Debug( LDAP_DEBUG_ARGS, "candidate %d not found\n", id, - 0, 0 ); + /* get the entry with reader lock */ + if ( (e = id2entry_r( be, id )) == NULL ) { + Debug( LDAP_DEBUG_ARGS, "candidate %d not found\n", id, 0, 0 ); continue; } @@ -152,14 +151,14 @@ ldbm_back_search( * here since it's only a candidate anyway. */ if ( e->e_dn != NULL && strncasecmp( e->e_dn, "ref=", 4 ) - == 0 && (ref = attr_find( e->e_attrs, "ref" )) != NULL && - scope == LDAP_SCOPE_SUBTREE ) + == 0 && (ref = attr_find( e->e_attrs, "ref" )) != NULL && + scope == LDAP_SCOPE_SUBTREE ) { int i, len; if ( ref->a_vals == NULL ) { Debug( LDAP_DEBUG_ANY, "null ref in (%s)\n", 0, - 0, 0 ); + 0, 0 ); } else { for ( i = 0; ref->a_vals[i] != NULL; i++ ) { /* referral + newline + null */ @@ -200,7 +199,7 @@ ldbm_back_search( if ( scopeok ) { /* check size limit */ if ( --slimit == -1 ) { - cache_return_entry( &li->li_cache, e ); + cache_return_entry_r( &li->li_cache, e ); send_ldap_search_result( conn, op, LDAP_SIZELIMIT_EXCEEDED, NULL, nrefs > 0 ? rbuf : NULL, nentries ); @@ -217,7 +216,7 @@ ldbm_back_search( case 1: /* entry not sent */ break; case -1: /* connection closed */ - cache_return_entry( &li->li_cache, e ); + cache_return_entry_r( &li->li_cache, e ); idl_free( candidates ); free( rbuf ); return( 0 ); @@ -226,7 +225,10 @@ ldbm_back_search( } } - cache_return_entry( &li->li_cache, e ); + if( e == NULL ) { + /* free reader lock */ + cache_return_entry_r( &li->li_cache, e ); + } pthread_yield(); } @@ -262,16 +264,24 @@ base_candidates( IDList *idl; Entry *e; + Debug(LDAP_DEBUG_TRACE, "base_candidates: base: %s\n", base, 0, 0); + *err = LDAP_SUCCESS; - if ( (e = dn2entry( be, base, matched )) == NULL ) { + + /* get entry with reader lock */ + if ( (e = dn2entry_r( be, base, matched )) == NULL ) { *err = LDAP_NO_SUCH_OBJECT; return( NULL ); } + /* check for deleted */ + idl = idl_alloc( 1 ); idl_insert( &idl, e->e_id, 1 ); - cache_return_entry( &li->li_cache, e ); + + /* free reader lock */ + cache_return_entry_r( &li->li_cache, e ); return( idl ); } @@ -295,11 +305,14 @@ onelevel_candidates( char buf[20]; IDList *candidates; + Debug(LDAP_DEBUG_TRACE, "onelevel_candidates: base: %s\n", base, 0, 0); + *err = LDAP_SUCCESS; e = NULL; - /* get the base object */ - if ( base != NULL && *base != '\0' && (e = dn2entry( be, base, - matched )) == NULL ) { + /* get the base object with reader lock */ + if ( base != NULL && *base != '\0' && + (e = dn2entry_r( be, base, matched )) == NULL ) + { *err = LDAP_NO_SUCH_OBJECT; return( NULL ); } @@ -329,6 +342,8 @@ onelevel_candidates( f->f_and->f_next = NULL; filter_free( f ); + /* free entry and reader lock */ + cache_return_entry_r( &li->li_cache, e ); return( candidates ); } @@ -351,6 +366,9 @@ subtree_candidates( Filter *f; IDList *candidates; + Debug(LDAP_DEBUG_TRACE, "subtree_candidates: base: %s\n", + base ? base : "NULL", 0, 0); + /* * get the base object - unless we already have it (from one-level). * also, unless this is a one-level search or a subtree search @@ -365,20 +383,26 @@ subtree_candidates( *err = LDAP_SUCCESS; f = NULL; if ( lookupbase ) { - if ( base != NULL && *base != '\0' && (e = dn2entry( be, base, - matched )) == NULL ) { + if ( base != NULL && *base != '\0' && + (e = dn2entry_r( be, base, matched )) == NULL ) + { *err = LDAP_NO_SUCH_OBJECT; return( NULL ); } + if (e) { + cache_return_entry_r( &li->li_cache, e ); + } + f = (Filter *) ch_malloc( sizeof(Filter) ); f->f_next = NULL; f->f_choice = LDAP_FILTER_OR; f->f_or = (Filter *) ch_malloc( sizeof(Filter) ); f->f_or->f_choice = LDAP_FILTER_EQUALITY; f->f_or->f_avtype = strdup( "objectclass" ); - f->f_or->f_avvalue.bv_val = strdup( "referral" ); - f->f_or->f_avvalue.bv_len = strlen( "referral" ); + /* Patch to use normalized uppercase */ + f->f_or->f_avvalue.bv_val = strdup( "REFERRAL" ); + f->f_or->f_avvalue.bv_len = strlen( "REFERRAL" ); f->f_or->f_next = filter; filter = f; @@ -406,9 +430,5 @@ subtree_candidates( filter_free( f ); } - if ( e != NULL ) { - cache_return_entry( &li->li_cache, e ); - } - return( candidates ); } diff --git a/servers/slapd/configinfo.c b/servers/slapd/configinfo.c index 5599193006..c1719efde8 100644 --- a/servers/slapd/configinfo.c +++ b/servers/slapd/configinfo.c @@ -40,6 +40,9 @@ config_info( Connection *conn, Operation *op ) vals[1] = NULL; e = (Entry *) ch_calloc( 1, sizeof(Entry) ); + /* initialize reader/writer lock */ + entry_rdwr_init(e); + e->e_attrs = NULL; e->e_dn = strdup( SLAPD_CONFIG_DN ); diff --git a/servers/slapd/daemon.c b/servers/slapd/daemon.c index 59c1d2eaf9..c15c58b24a 100644 --- a/servers/slapd/daemon.c +++ b/servers/slapd/daemon.c @@ -198,6 +198,9 @@ slapd_daemon( FD_ZERO( &readfds ); FD_SET( tcps, &readfds ); + zero.tv_sec = 0; + zero.tv_usec = 0; + pthread_mutex_lock( &active_threads_mutex ); Debug( LDAP_DEBUG_CONNS, "listening for connections on %d, activity on:", @@ -218,8 +221,6 @@ slapd_daemon( Debug( LDAP_DEBUG_CONNS, "\n", 0, 0, 0 ); pthread_mutex_unlock( &new_conn_mutex ); - zero.tv_sec = 0; - zero.tv_usec = 0; Debug( LDAP_DEBUG_CONNS, "before select active_threads %d\n", active_threads, 0, 0 ); #if defined(THREAD_PREEMPTIVE) || defined(NO_THREADS) diff --git a/servers/slapd/entry.c b/servers/slapd/entry.c index d5ee966b57..72ef4b1684 100644 --- a/servers/slapd/entry.c +++ b/servers/slapd/entry.c @@ -43,9 +43,12 @@ str2entry( char *s ) * or newline. */ - Debug( LDAP_DEBUG_TRACE, "=> str2entry\n", s, 0, 0 ); + Debug( LDAP_DEBUG_TRACE, "=> str2entry\n", + s ? s : "NULL", 0, 0 ); e = (Entry *) ch_calloc( 1, sizeof(Entry) ); + /* initialize reader/writer lock */ + entry_rdwr_init(e); /* check to see if there's an id included */ next = s; @@ -112,6 +115,7 @@ str2entry( char *s ) } Debug( LDAP_DEBUG_TRACE, "<= str2entry 0x%x\n", e, 0, 0 ); + return( e ); } @@ -187,6 +191,10 @@ entry_free( Entry *e ) int i; Attribute *a, *next; + /* XXX check that no reader/writer locks exist */ + assert( !pthread_rdwr_wchk_np(&e->e_rdwr) && + !pthread_rdwr_rchk_np(&e->e_rdwr) ); + if ( e->e_dn != NULL ) { free( e->e_dn ); } @@ -196,3 +204,56 @@ entry_free( Entry *e ) } free( e ); } + +int +entry_rdwr_lock(Entry *e, int rw) +{ + Debug( LDAP_DEBUG_ARGS, "entry_rdwr_%slock: ID: %ld\n", + rw ? "w" : "r", e->e_id, 0); + if (rw) + return pthread_rdwr_wlock_np(&e->e_rdwr); + else + return pthread_rdwr_rlock_np(&e->e_rdwr); +} + +int +entry_rdwr_rlock(Entry *e) +{ + return entry_rdwr_lock( e, 0 ); +} + +int +entry_rdwr_wlock(Entry *e) +{ + return entry_rdwr_lock( e, 1 ); +} + +int +entry_rdwr_unlock(Entry *e, int rw) +{ + Debug( LDAP_DEBUG_ARGS, "entry_rdwr_%sunlock: ID: %ld\n", + rw ? "w" : "r", e->e_id, 0); + if (rw) + return pthread_rdwr_wunlock_np(&e->e_rdwr); + else + return pthread_rdwr_runlock_np(&e->e_rdwr); +} + +int +entry_rdwr_runlock(Entry *e) +{ + return entry_rdwr_unlock( e, 0 ); +} + +int +entry_rdwr_wunlock(Entry *e) +{ + return entry_rdwr_unlock( e, 1 ); +} + +int +entry_rdwr_init(Entry *e) +{ + return pthread_rdwr_init_np(&e->e_rdwr, NULL); +} + diff --git a/servers/slapd/modify.c b/servers/slapd/modify.c index 6575fe36ad..dd7689cfaf 100644 --- a/servers/slapd/modify.c +++ b/servers/slapd/modify.c @@ -155,14 +155,14 @@ do_modify( */ if ( be->be_modify != NULL ) { /* do the update here */ - if ( be->be_updatedn == NULL || strcasecmp( be->be_updatedn, - op->o_dn ) == 0 ) { - if ( (be->be_lastmod == ON || be->be_lastmod == 0 && - global_lastmod == ON) && be->be_updatedn == NULL ) { + if ( be->be_updatedn == NULL || + strcasecmp( be->be_updatedn, op->o_dn ) == 0 ) { + + if ( (be->be_lastmod == ON || ( be->be_lastmod == UNDEFINED && + global_lastmod == ON ) ) && be->be_updatedn == NULL ) { add_lastmods( op, &mods ); } - if ( (*be->be_modify)( be, conn, op, odn, mods ) - == 0 ) { + if ( (*be->be_modify)( be, conn, op, odn, mods ) == 0 ) { replog( be, LDAP_REQ_MODIFY, dn, mods, 0 ); } @@ -200,7 +200,7 @@ modlist_free( static void add_lastmods( Operation *op, LDAPMod **mods ) { - char buf[20]; + char buf[22]; struct berval bv; struct berval *bvals[2]; LDAPMod **m; @@ -214,17 +214,25 @@ add_lastmods( Operation *op, LDAPMod **mods ) /* remove any attempts by the user to modify these attrs */ for ( m = mods; *m != NULL; m = &(*m)->mod_next ) { - if ( strcasecmp( (*m)->mod_type, "modifytimestamp" ) == 0 - || strcasecmp( (*m)->mod_type, "modifiersname" ) == 0 ) { - tmp = *m; - *m = (*m)->mod_next; - free( tmp->mod_type ); - if ( tmp->mod_bvalues != NULL ) { - ber_bvecfree( tmp->mod_bvalues ); - } - free( tmp ); - } - } + if ( strcasecmp( (*m)->mod_type, "modifytimestamp" ) == 0 || + strcasecmp( (*m)->mod_type, "modifiersname" ) == 0 || + strcasecmp( (*m)->mod_type, "createtimestamp" ) == 0 || + strcasecmp( (*m)->mod_type, "creatorsname" ) == 0 ) { + + Debug( LDAP_DEBUG_TRACE, + "add_lastmods: found lastmod attr: %s\n", + (*m)->mod_type, 0, 0 ); + tmp = *m; + *m = (*m)->mod_next; + free( tmp->mod_type ); + if ( tmp->mod_bvalues != NULL ) { + ber_bvecfree( tmp->mod_bvalues ); + } + free( tmp ); + if (!*m) + break; + } + } if ( op->o_dn == NULL || op->o_dn[0] == '\0' ) { bv.bv_val = "NULLDN"; @@ -243,16 +251,19 @@ add_lastmods( Operation *op, LDAPMod **mods ) *mods = tmp; pthread_mutex_lock( ¤ttime_mutex ); - ltm = localtime( ¤ttime ); - strftime( buf, sizeof(buf), "%y%m%d%H%M%SZ", ltm ); + ltm = localtime( ¤ttime ); +#ifdef LDAP_Y2K + strftime( buf, sizeof(buf), "%Y%m%d%H%M%SZ", ltm ); +#else + strftime( buf, sizeof(buf), "%y%m%d%H%M%SZ", ltm ); +#endif pthread_mutex_unlock( ¤ttime_mutex ); bv.bv_val = buf; bv.bv_len = strlen( bv.bv_val ); tmp = (LDAPMod *) ch_calloc( 1, sizeof(LDAPMod) ); tmp->mod_type = strdup( "modifytimestamp" ); tmp->mod_op = LDAP_MOD_REPLACE; - tmp->mod_bvalues = (struct berval **) ch_calloc( 1, - 2 * sizeof(struct berval *) ); + tmp->mod_bvalues = (struct berval **) ch_calloc( 1, 2 * sizeof(struct berval *) ); tmp->mod_bvalues[0] = ber_bvdup( &bv ); tmp->mod_next = *mods; *mods = tmp; diff --git a/servers/slapd/monitor.c b/servers/slapd/monitor.c index 7dbabc9377..a7311989ef 100644 --- a/servers/slapd/monitor.c +++ b/servers/slapd/monitor.c @@ -10,8 +10,16 @@ * is provided ``as is'' without express or implied warranty. */ +/* Revision history + * + * 5-Jun-96 jeff.hodges@stanford.edu + * Added locking of new_conn_mutex when traversing the c[] array. + * Added locking of currenttime_mutex to protect call(s) to localtime(). + */ + #include #include +#include #include #include #include "slap.h" @@ -32,18 +40,16 @@ extern time_t currenttime; extern time_t starttime; extern int num_conns; +extern pthread_mutex_t new_conn_mutex; +extern pthread_mutex_t currenttime_mutex; extern char Versionstr[]; -/* - * no mutex protection in here - take our chances! - */ - void monitor_info( Connection *conn, Operation *op ) { Entry *e; - char buf[BUFSIZ], buf2[20]; + char buf[BUFSIZ], buf2[22]; struct berval val; struct berval *vals[2]; int i, nconns, nwritewaiters, nreadwaiters; @@ -54,6 +60,8 @@ monitor_info( Connection *conn, Operation *op ) vals[1] = NULL; e = (Entry *) ch_calloc( 1, sizeof(Entry) ); + /* initialize reader/writer lock */ + entry_rdwr_init(e); e->e_attrs = NULL; e->e_dn = strdup( SLAPD_MONITOR_DN ); @@ -73,6 +81,8 @@ monitor_info( Connection *conn, Operation *op ) nconns = 0; nwritewaiters = 0; nreadwaiters = 0; + + pthread_mutex_lock( &new_conn_mutex ); for ( i = 0; i < dtblsize; i++ ) { if ( c[i].c_sb.sb_sd != -1 ) { nconns++; @@ -82,8 +92,15 @@ monitor_info( Connection *conn, Operation *op ) if ( c[i].c_gettingber ) { nreadwaiters++; } + pthread_mutex_lock( ¤ttime_mutex ); ltm = localtime( &c[i].c_starttime ); +#ifdef LDAP_Y2K + strftime( buf2, sizeof(buf2), "%Y%m%d%H%M%SZ", ltm ); +#else strftime( buf2, sizeof(buf2), "%y%m%d%H%M%SZ", ltm ); +#endif + pthread_mutex_unlock( ¤ttime_mutex ); + pthread_mutex_lock( &c[i].c_dnmutex ); sprintf( buf, "%d : %s : %ld : %ld : %s : %s%s", i, buf2, c[i].c_opsinitiated, c[i].c_opscompleted, @@ -96,6 +113,8 @@ monitor_info( Connection *conn, Operation *op ) attr_merge( e, "connection", vals ); } } + pthread_mutex_unlock( &new_conn_mutex ); + sprintf( buf, "%d", nconns ); val.bv_val = buf; val.bv_len = strlen( buf ); @@ -141,14 +160,26 @@ monitor_info( Connection *conn, Operation *op ) val.bv_len = strlen( buf ); attr_merge( e, "bytessent", vals ); - ltm = localtime( ¤ttime ); - strftime( buf, sizeof(buf), "%y%m%d%H%M%SZ", ltm ); + pthread_mutex_lock( ¤ttime_mutex ); + ltm = localtime( ¤ttime ); +#ifdef LDAP_Y2K + strftime( buf, sizeof(buf), "%Y%m%d%H%M%SZ", ltm ); +#else + strftime( buf, sizeof(buf), "%y%m%d%H%M%SZ", ltm ); +#endif + pthread_mutex_unlock( ¤ttime_mutex ); val.bv_val = buf; val.bv_len = strlen( buf ); attr_merge( e, "currenttime", vals ); - ltm = localtime( &starttime ); - strftime( buf, sizeof(buf), "%y%m%d%H%M%SZ", ltm ); + pthread_mutex_lock( ¤ttime_mutex ); + ltm = localtime( &starttime ); +#ifdef LDAP_Y2K + strftime( buf, sizeof(buf), "%Y%m%d%H%M%SZ", ltm ); +#else + strftime( buf, sizeof(buf), "%y%m%d%H%M%SZ", ltm ); +#endif + pthread_mutex_unlock( ¤ttime_mutex ); val.bv_val = buf; val.bv_len = strlen( buf ); attr_merge( e, "starttime", vals ); diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index a1ff6e5e75..83e4872d15 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -7,10 +7,13 @@ int access_allowed( Backend *be, Connection *conn, Operation *op, Entry *e, char *attr, struct berval *val, char *dn, int access ); + struct acl * acl_get_applicable( Backend *be, Operation *op, Entry *e, - char *attr ); + char *attr, char *edn, int nmatches, regmatch_t *matches ); int acl_access_allowed( struct acl *a, Backend *be, Connection *conn, Entry *e, - struct berval *val, Operation *op, int access ); + struct berval *val, Operation *op, int access, char *edn, + regmatch_t *matches ); + int acl_check_mods( Backend *be, Connection *conn, Operation *op, Entry *e, LDAPMod *mods ); @@ -104,6 +107,14 @@ Entry * str2entry( char *s ); char * entry2str( Entry *e, int *len, int printid ); void entry_free( Entry *e ); +int entry_rdwr_lock( Entry *e, int rw ); +int entry_rdwr_rlock( Entry *e ); +int entry_rdwr_wlock( Entry *e ); +int entry_rdwr_unlock( Entry *e, int rw ); +int entry_rdwr_runlock( Entry *e ); +int entry_rdwr_wunlock( Entry *e ); +int entry_rdwr_init( Entry *e ); + /* * filter.c */ diff --git a/servers/slapd/result.c b/servers/slapd/result.c index cbbf620ada..620c7ef13c 100644 --- a/servers/slapd/result.c +++ b/servers/slapd/result.c @@ -224,8 +224,7 @@ send_search_entry( Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 ); send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL, "ber_alloc" ); - free(edn); - return( 1 ); + goto error_return; } #ifdef COMPAT30 @@ -244,8 +243,7 @@ send_search_entry( ber_free( ber, 1 ); send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL, "ber_printf dn" ); - free(edn); - return( 1 ); + goto error_return; } for ( a = e->e_attrs; a != NULL; a = a->a_next ) { @@ -280,8 +278,7 @@ send_search_entry( ber_free( ber, 1 ); send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL, "ber_printf type" ); - free(edn); - return( 1 ); + goto error_return; } if ( ! attrsonly ) { @@ -303,8 +300,7 @@ send_search_entry( send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL, "ber_printf value" ); - free(edn); - return( 1 ); + goto error_return; } } } @@ -314,8 +310,7 @@ send_search_entry( ber_free( ber, 1 ); send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL, "ber_printf type end" ); - free(edn); - return( 1 ); + goto error_return; } } @@ -393,6 +388,10 @@ send_search_entry( Debug( LDAP_DEBUG_TRACE, "<= send_search_entry\n", 0, 0, 0 ); return( rc ); + +error_return:; + free(edn); + return( 1 ); } int diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index bf0c9c8297..43f1eae8d1 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -6,10 +6,16 @@ #define LDAP_SYSLOG #include +#include +#include +#undef NDEBUG +#include + #include "avl.h" #include "lber.h" #include "ldap.h" #include "lthread.h" +#include "lthread_rdwr.h" #include "ldif.h" #define DN_DNS 0 @@ -17,6 +23,9 @@ #define ON 1 #define OFF (-1) +#define UNDEFINED 0 + +#define MAXREMATCHES 10 /* * represents an attribute value assertion (i.e., attr=value) @@ -103,6 +112,9 @@ typedef struct entry { ID e_id; /* id of this entry - this should */ /* really be private to back-ldbm */ char e_state; /* for the cache */ + + pthread_rdwr_t e_rdwr; /* reader/writer lock */ + #define ENTRY_STATE_DELETED 1 #define ENTRY_STATE_CREATING 2 int e_refcnt; /* # threads ref'ing this entry */ @@ -121,6 +133,11 @@ struct access { char *a_domainpat; char *a_dnattr; long a_access; + +#ifdef ACLGROUP + char *a_group; +#endif + #define ACL_NONE 0x01 #define ACL_COMPARE 0x02 #define ACL_SEARCH 0x04 @@ -134,6 +151,7 @@ struct access { struct acl { /* "to" part: the entries this acl applies to */ Filter *acl_filter; + regex_t acl_dnre; char *acl_dnpat; char **acl_attrs; @@ -187,6 +205,10 @@ typedef struct backend { IFP be_config; /* backend config routine */ IFP be_init; /* backend init routine */ IFP be_close; /* backend close routine */ + +#ifdef ACLGROUP + IFP be_group; /* backend group member test */ +#endif } Backend; /* -- 2.39.5