From 09b26e0227c82411d823c7a5864e392ac6b9eba4 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Tue, 20 Dec 2005 20:00:00 +0000 Subject: [PATCH] dynlist updates from HEAD --- CHANGES | 1 + doc/man/man5/slapo-dynlist.5 | 84 ++- servers/slapd/config.h | 2 + servers/slapd/overlays/dynlist.c | 960 ++++++++++++++++++++++++++----- 4 files changed, 873 insertions(+), 174 deletions(-) diff --git a/CHANGES b/CHANGES index d1d6c4db33..b7b949cd5c 100644 --- a/CHANGES +++ b/CHANGES @@ -10,6 +10,7 @@ OpenLDAP 2.3.14 Engineering Fixed slapd-bdb/hdb cn=config olcDbIndex modify/replace (ITS#4262) Fixed slapd-bdb/hdb lockup issue (ITS#4184) Fixed slapo-rwm static DN free bug (ITS#4248) + Updated slapo-dynlist (ITS#3756,4224) Build environment Updated test033-glue-syncrepl (ITS#4264) diff --git a/doc/man/man5/slapo-dynlist.5 b/doc/man/man5/slapo-dynlist.5 index fc0cb20d2e..a4f2a062a0 100644 --- a/doc/man/man5/slapo-dynlist.5 +++ b/doc/man/man5/slapo-dynlist.5 @@ -17,7 +17,11 @@ the LDAP URI-valued occurrences of a specific attribute are expanded into the corresponding entries, and the values of the attributes listed in the URI are added to the original entry. -No recursion is currently allowed, to avoid potential infinite loops. +No recursion is allowed, to avoid potential infinite loops. +The resulting entry must comply with the LDAP data model, so constraints +are enforced. +For example, if a \fISINGLE-VALUE\fP attribute is listed, +only the first value results in the final entry. .SH CONFIGURATION The config directives that are specific to the @@ -35,32 +39,45 @@ or to the frontend, if used before any database instantiation; see for details. .LP -These +This .B slapd.conf -configuration options apply to the dynlist overlay. They must appear -after the +configuration option is define for the dynlist overlay. It may have multiple +occurrences, and it must appear after the .B overlay directive. .TP -.B dynlist-oc -The name of the objectClass that triggers the dynamic expansion of the -data. This statement is required. -.TP -.B dynlist-ad -The name of the attributeDescription that holds the LDAP URI values that -will expand; if none is present, no expansion occurs. If the intersection -of the attributes requested by the search operation (or the asserted attribute -for compares) and the attributes listed in the URI is empty, no expansion -occurs for that specific URI. This statement is required. -.TP -.B dynlist-member-ad -The name of the attributeDescription that will list the DN of the entries -resulting from the internal search. This statement is optional and, if -present, changes the behavior of the overlay into that of a dynamic group. -The portion of the URI is ignored, and the DNs of all the entries -resulting from the expansion of the URI are listed as values of this -attribute. +.B dynlist-attrset [] +The value +.B +is the name of the objectClass that triggers the dynamic expansion of the +data. +The value +.B +is the name of the attributeDescription that cointains the URI that is +expanded by the overlay; if none is present, no expansion occurs. +If the intersection of the attributes requested by the search operation +(or the asserted attribute for compares) and the attributes listed +in the URI is empty, no expansion occurs for that specific URI. +It must be a subtype of \fIlabeledURI\fP. + +The value +.B +is optional; if present, the overlay behaves as a dynamic group: this +attribute will list the DN of the entries resulting from the internal search. +In this case, the portion of the URI must be absent, and the DNs +of all the entries resulting from the expansion of the URI are listed +as values of this attribute. +Compares that assert the value of the +.B +attribute of entries with +.B +objectClass apply as if the DN of the entries resulting from the expansion +of the URI were present in the +.B +entry as values of the +.B +attribute. .LP The dynlist overlay may be used with any backend, but it is mainly intended for use with local storage backends. @@ -81,8 +98,7 @@ entry; first of all, make sure that slapd.conf contains the directives: # ... overlay dynlist - dynlist-oc groupOfURLs - dynlist-ad memberURL + dynlist-attrset groupOfURLs memberURL .fi .LP and that slapd loads dynlist.la, if compiled as a run-time module; @@ -98,6 +114,22 @@ then add to the database an entry like If no are provided in the URI, all (non-operational) attributes are collected. +This example implements the dynamic group feature on the +.B member +attribute: + +.LP +.nf + include /path/to/dyngroup.schema + # ... + + database + # ... + + overlay dynlist + dynlist-attrset groupOfURLs memberURL member +.fi +.LP .SH FILES .TP @@ -106,6 +138,10 @@ default slapd configuration file .SH SEE ALSO .BR slapd.conf (5), .BR slapd (8). +The +.BR slapo-dynlist (5) +overlay supports dynamic configuration via +.BR back-config . .SH ACKNOWLEDGEMENTS .P This module was written in 2004 by Pierangelo Masarati for SysNet s.n.c. diff --git a/servers/slapd/config.h b/servers/slapd/config.h index b5085e2a15..735471a1fc 100644 --- a/servers/slapd/config.h +++ b/servers/slapd/config.h @@ -181,4 +181,6 @@ int config_shadow( ConfigArgs *c, int flag ); #define config_check_userland(last) \ assert( ( ( (last) - 1 ) & ARGS_USERLAND ) == ( (last) - 1 ) ); +#define SLAP_X_ORDERED_FMT "{%d}" + #endif /* CONFIG_H */ diff --git a/servers/slapd/overlays/dynlist.c b/servers/slapd/overlays/dynlist.c index 5ccccaf3b9..8714577029 100644 --- a/servers/slapd/overlays/dynlist.c +++ b/servers/slapd/overlays/dynlist.c @@ -22,11 +22,20 @@ #ifdef SLAPD_OVER_DYNLIST +#if LDAP_VENDOR_VERSION_MINOR != X && LDAP_VENDOR_VERSION_MINOR < 3 +#define OL_2_2_COMPAT +#elif defined(LDAP_DEVEL) && SLAPD_OVER_DYNGROUP != SLAPD_MOD_STATIC +#define TAKEOVER_DYNGROUP +#endif + #include #include #include "slap.h" +#ifndef OL_2_2_COMPAT +#include "config.h" +#endif #include "lutil.h" /* FIXME: the code differs if SLAP_OPATTRS is defined or not; @@ -35,7 +44,7 @@ /* FIXME: slap_anlist_no_attrs was introduced in 2.3; here it * is anticipated to allow using this overlay with 2.2. */ -#if LDAP_VENDOR_VERSION_MINOR != X && LDAP_VENDOR_VERSION_MINOR < 3 +#ifdef OL_2_2_COMPAT static AttributeName anlist_no_attrs[] = { { BER_BVC( LDAP_NO_ATTRS ), NULL, 0, NULL }, { BER_BVNULL, NULL, 0, NULL } @@ -44,18 +53,19 @@ static AttributeName anlist_no_attrs[] = { static AttributeName *slap_anlist_no_attrs = anlist_no_attrs; #endif -typedef struct dynlist_info { +typedef struct dynlist_info_t { ObjectClass *dli_oc; AttributeDescription *dli_ad; AttributeDescription *dli_member_ad; struct berval dli_default_filter; -} dynlist_info; + struct dynlist_info_t *dli_next; +} dynlist_info_t; -static int +static dynlist_info_t * dynlist_is_dynlist( Operation *op, SlapReply *rs ) { slap_overinst *on = (slap_overinst *)op->o_bd->bd_info; - dynlist_info *dli = (dynlist_info *)on->on_bi.bi_private; + dynlist_info_t *dli = (dynlist_info_t *)on->on_bi.bi_private; Attribute *a; @@ -64,26 +74,28 @@ dynlist_is_dynlist( Operation *op, SlapReply *rs ) /* FIXME: objectClass must be present; for non-storage * backends, like back-ldap, it needs to be added * to the requested attributes */ - return 0; + return NULL; } - if ( value_find_ex( slap_schema.si_ad_objectClass, - SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH | - SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH, - a->a_nvals, &dli->dli_oc->soc_cname, - op->o_tmpmemctx ) == 0 ) - { - return 1; + for ( ; dli; dli = dli->dli_next ) { + if ( value_find_ex( slap_schema.si_ad_objectClass, + SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH | + SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH, + a->a_nvals, &dli->dli_oc->soc_cname, + op->o_tmpmemctx ) == 0 ) + { + return dli; + } } - return 0; + return NULL; } static int dynlist_make_filter( Operation *op, struct berval *oldf, struct berval *newf ) { slap_overinst *on = (slap_overinst *)op->o_bd->bd_info; - dynlist_info *dli = (dynlist_info *)on->on_bi.bi_private; + dynlist_info_t *dli = (dynlist_info_t *)on->on_bi.bi_private; char *ptr; @@ -109,7 +121,7 @@ dynlist_make_filter( Operation *op, struct berval *oldf, struct berval *newf ) } typedef struct dynlist_sc_t { - dynlist_info *dlc_dli; + dynlist_info_t *dlc_dli; Entry *dlc_e; } dynlist_sc_t; @@ -278,11 +290,8 @@ done:; } static int -dynlist_send_entry( Operation *op, SlapReply *rs ) +dynlist_send_entry( Operation *op, SlapReply *rs, dynlist_info_t *dli ) { - slap_overinst *on = (slap_overinst *)op->o_bd->bd_info; - dynlist_info *dli = (dynlist_info *)on->on_bi.bi_private; - Attribute *a; slap_callback cb; Operation o = *op; @@ -367,6 +376,8 @@ dynlist_send_entry( Operation *op, SlapReply *rs ) o.ors_scope = lud->lud_scope; if ( dli->dli_member_ad != NULL ) { + /* if ( lud->lud_attrs != NULL ), + * the URL should be ignored */ o.ors_attrs = slap_anlist_no_attrs; } else if ( lud->lud_attrs == NULL ) { @@ -493,82 +504,147 @@ static int dynlist_compare( Operation *op, SlapReply *rs ) { slap_overinst *on = (slap_overinst *)op->o_bd->bd_info; - dynlist_info *dli = (dynlist_info *)on->on_bi.bi_private; + dynlist_info_t *dli = (dynlist_info_t *)on->on_bi.bi_private; + + for ( ; dli != NULL; dli = dli->dli_next ) { + if ( op->oq_compare.rs_ava->aa_desc == dli->dli_member_ad ) { + /* This compare is for one of the attributes we're + * interested in. We'll use slapd's existing dyngroup + * evaluator to get the answer we want. + */ + int cache = op->o_do_not_cache; + + op->o_do_not_cache = 1; + rs->sr_err = backend_group( op, NULL, &op->o_req_ndn, + &op->oq_compare.rs_ava->aa_value, dli->dli_oc, dli->dli_ad ); + op->o_do_not_cache = cache; + switch ( rs->sr_err ) { + case LDAP_SUCCESS: + rs->sr_err = LDAP_COMPARE_TRUE; + break; + + case LDAP_NO_SUCH_OBJECT: + /* NOTE: backend_group() returns noSuchObject + * if op_ndn does not exist; however, since + * dynamic list expansion means that the + * member attribute is virtually present, the + * non-existence of the asserted value implies + * the assertion is FALSE rather than + * UNDEFINED */ + rs->sr_err = LDAP_COMPARE_FALSE; + break; + } - Attribute *a; - slap_callback cb; - Operation o = *op; - SlapReply r = { REP_SEARCH }; - AttributeName an[2]; - int rc; - dynlist_sc_t dlc = { 0 }; + return SLAP_CB_CONTINUE; + } + } - dlc.dlc_dli = dli; - cb.sc_private = &dlc; - cb.sc_response = dynlist_sc_save_entry; - cb.sc_cleanup = NULL; - cb.sc_next = NULL; - o.o_callback = &cb; + dli = (dynlist_info_t *)on->on_bi.bi_private; + for ( ; dli != NULL && rs->sr_err != LDAP_COMPARE_TRUE; dli = dli->dli_next ) { + Attribute *a; + slap_callback cb; + Operation o = *op; + SlapReply r = { REP_SEARCH }; + AttributeName an[2]; + int rc; + dynlist_sc_t dlc = { 0 }; + Entry *e; + + int cache = op->o_do_not_cache; + struct berval op_dn = op->o_dn, + op_ndn = op->o_ndn; + BackendDB *op_bd = op->o_bd; + + /* fetch the entry as rootdn (a hack to see if it exists + * and if it has the right objectClass) */ + op->o_do_not_cache = 1; + op->o_dn = op->o_bd->be_rootdn; + op->o_ndn = op->o_bd->be_rootndn; + op->o_bd = select_backend( &op->o_req_ndn, 0, 0 ); + + r.sr_err = be_entry_get_rw( op, &op->o_req_ndn, + dli->dli_oc, NULL, 0, &e ); + if ( e != NULL ) { + be_entry_release_r( op, e ); + } + op->o_do_not_cache = cache; + op->o_dn = op_dn; + op->o_ndn = op_ndn; + op->o_bd = op_bd; + if ( r.sr_err != LDAP_SUCCESS ) { + continue; + } - o.o_tag = LDAP_REQ_SEARCH; - o.ors_limit = NULL; - o.ors_tlimit = SLAP_NO_LIMIT; - o.ors_slimit = SLAP_NO_LIMIT; + /* if the entry has the right objectClass, generate + * the dynamic list and compare */ + dlc.dlc_dli = dli; + cb.sc_private = &dlc; + cb.sc_response = dynlist_sc_save_entry; + cb.sc_cleanup = NULL; + cb.sc_next = NULL; + o.o_callback = &cb; - o.o_bd = select_backend( &o.o_req_ndn, 0, 1 ); - if ( !o.o_bd || !o.o_bd->be_search ) { - return SLAP_CB_CONTINUE; - } + o.o_tag = LDAP_REQ_SEARCH; + o.ors_limit = NULL; + o.ors_tlimit = SLAP_NO_LIMIT; + o.ors_slimit = SLAP_NO_LIMIT; - BER_BVSTR( &o.ors_filterstr, "(objectClass=*)" ); - o.ors_filter = str2filter_x( op, o.ors_filterstr.bv_val ); - if ( o.ors_filter == NULL ) { - /* FIXME: error? */ - return SLAP_CB_CONTINUE; - } + o.o_bd = select_backend( &o.o_req_ndn, 0, 1 ); + if ( !o.o_bd || !o.o_bd->be_search ) { + return SLAP_CB_CONTINUE; + } - o.ors_scope = LDAP_SCOPE_BASE; - o.ors_deref = LDAP_DEREF_NEVER; - an[0].an_name = op->orc_ava->aa_desc->ad_cname; - an[0].an_desc = op->orc_ava->aa_desc; - BER_BVZERO( &an[1].an_name ); - o.ors_attrs = an; - o.ors_attrsonly = 0; + BER_BVSTR( &o.ors_filterstr, "(objectClass=*)" ); + o.ors_filter = str2filter_x( op, o.ors_filterstr.bv_val ); + if ( o.ors_filter == NULL ) { + /* FIXME: error? */ + return SLAP_CB_CONTINUE; + } - rc = o.o_bd->be_search( &o, &r ); - filter_free_x( &o, o.ors_filter ); + o.ors_scope = LDAP_SCOPE_BASE; + o.ors_deref = LDAP_DEREF_NEVER; + an[0].an_name = op->orc_ava->aa_desc->ad_cname; + an[0].an_desc = op->orc_ava->aa_desc; + BER_BVZERO( &an[1].an_name ); + o.ors_attrs = an; + o.ors_attrsonly = 0; - if ( rc != 0 ) { - return rc; - } + rc = o.o_bd->be_search( &o, &r ); + filter_free_x( &o, o.ors_filter ); - if ( dlc.dlc_e != NULL ) { - r.sr_entry = dlc.dlc_e; - } + if ( rc != 0 ) { + return rc; + } - if ( r.sr_err != LDAP_SUCCESS || r.sr_entry == NULL ) { - /* error? */ - return SLAP_CB_CONTINUE; - } + if ( dlc.dlc_e != NULL ) { + r.sr_entry = dlc.dlc_e; + } - /* if we're here, we got a match... */ - rs->sr_err = LDAP_COMPARE_FALSE; - for ( a = attrs_find( r.sr_entry->e_attrs, op->orc_ava->aa_desc ); - a != NULL; - a = attrs_find( a->a_next, op->orc_ava->aa_desc ) ) - { - if ( value_find_ex( op->orc_ava->aa_desc, - SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH | - SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH, - a->a_nvals, &op->orc_ava->aa_value, op->o_tmpmemctx ) == 0 ) + if ( r.sr_err != LDAP_SUCCESS || r.sr_entry == NULL ) { + /* error? */ + return SLAP_CB_CONTINUE; + } + + for ( a = attrs_find( r.sr_entry->e_attrs, op->orc_ava->aa_desc ); + a != NULL; + a = attrs_find( a->a_next, op->orc_ava->aa_desc ) ) { - rs->sr_err = LDAP_COMPARE_TRUE; - break; + /* if we're here, we got a match... */ + rs->sr_err = LDAP_COMPARE_FALSE; + + if ( value_find_ex( op->orc_ava->aa_desc, + SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH | + SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH, + a->a_nvals, &op->orc_ava->aa_value, op->o_tmpmemctx ) == 0 ) + { + rs->sr_err = LDAP_COMPARE_TRUE; + break; + } } - } - if ( r.sr_flags & REP_ENTRY_MUSTBEFREED ) { - entry_free( r.sr_entry ); + if ( r.sr_flags & REP_ENTRY_MUSTBEFREED ) { + entry_free( r.sr_entry ); + } } return SLAP_CB_CONTINUE; @@ -577,12 +653,15 @@ dynlist_compare( Operation *op, SlapReply *rs ) static int dynlist_response( Operation *op, SlapReply *rs ) { + dynlist_info_t *dli; + switch ( op->o_tag ) { case LDAP_REQ_SEARCH: if ( rs->sr_type == REP_SEARCH && !get_manageDSAit( op ) ) { - if ( dynlist_is_dynlist( op, rs ) ) { - return dynlist_send_entry( op, rs ); + dli = dynlist_is_dynlist( op, rs ); + if ( dli != NULL ) { + return dynlist_send_entry( op, rs, dli ); } } break; @@ -610,6 +689,30 @@ dynlist_response( Operation *op, SlapReply *rs ) return SLAP_CB_CONTINUE; } +static int +dynlist_build_def_filter( dynlist_info_t *dli ) +{ + char *ptr; + + dli->dli_default_filter.bv_len = STRLENOF( "(!(objectClass=" "))" ) + + dli->dli_oc->soc_cname.bv_len; + dli->dli_default_filter.bv_val = SLAP_MALLOC( dli->dli_default_filter.bv_len + 1 ); + if ( dli->dli_default_filter.bv_val == NULL ) { + Debug( LDAP_DEBUG_ANY, "dynlist_db_open: malloc failed.\n", + 0, 0, 0 ); + return -1; + } + + ptr = lutil_strcopy( dli->dli_default_filter.bv_val, "(!(objectClass=" ); + ptr = lutil_strcopy( ptr, dli->dli_oc->soc_cname.bv_val ); + ptr = lutil_strcopy( ptr, "))" ); + + assert( dli->dli_default_filter.bv_len == ptr - dli->dli_default_filter.bv_val ); + + return 0; +} + +#ifdef OL_2_2_COMPAT static int dynlist_db_config( BackendDB *be, @@ -619,52 +722,196 @@ dynlist_db_config( char **argv ) { slap_overinst *on = (slap_overinst *)be->bd_info; - dynlist_info *dli = (dynlist_info *)on->on_bi.bi_private; int rc = 0; - if ( strcasecmp( argv[0], "dynlist-oc" ) == 0 ) { - if ( argc != 2 ) { - fprintf( stderr, "dynlist-oc \n" ); + if ( strcasecmp( argv[0], "dynlist-attrset" ) == 0 ) { + dynlist_info_t **dlip; + ObjectClass *oc; + AttributeDescription *ad = NULL, + *member_ad = NULL; + const char *text; + + if ( argc < 3 || argc > 4 ) { + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "\"dynlist-attrset []\": " + "invalid arg number #%d.\n", + fname, lineno, argc ); return 1; } - dli->dli_oc = oc_find( argv[1] ); - if ( dli->dli_oc == NULL ) { - fprintf( stderr, "dynlist-oc : " - "unable to find ObjectClass " - "\"%s\"\n", argv[1] ); + + oc = oc_find( argv[1] ); + if ( oc == NULL ) { + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "\"dynlist-attrset []\": " + "unable to find ObjectClass \"%s\"\n", + fname, lineno, argv[ 1 ] ); return 1; } - } else if ( strcasecmp( argv[0], "dynlist-ad" ) == 0 ) { - const char *text; + rc = slap_str2ad( argv[2], &ad, &text ); + if ( rc != LDAP_SUCCESS ) { + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "\"dynlist-attrset []\": " + "unable to find AttributeDescription \"%s\"\n", + fname, lineno, argv[2] ); + return 1; + } - if ( argc != 2 ) { - fprintf( stderr, "dynlist-ad \n" ); + if ( !is_at_subtype( ad->ad_type, slap_schema.si_ad_labeledURI->ad_type ) ) { + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "\"dynlist-attrset []\": " + "AttributeDescription \"%s\" " + "must be a subtype of \"labeledURI\"\n", + fname, lineno, argv[2] ); return 1; } - dli->dli_ad = NULL; - rc = slap_str2ad( argv[1], &dli->dli_ad, &text ); - if ( rc != LDAP_SUCCESS ) { - fprintf( stderr, "dynlist-ad : " - "unable to find AttributeDescription " - "\"%s\"\n", argv[1] ); + + if ( argc == 4 ) { + rc = slap_str2ad( argv[3], &member_ad, &text ); + if ( rc != LDAP_SUCCESS ) { + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "\"dynlist-attrset []\": " + "unable to find AttributeDescription \"%s\"\n", + fname, lineno, argv[3] ); + return 1; + } + } + + for ( dlip = (dynlist_info_t **)&on->on_bi.bi_private; + *dlip; dlip = &(*dlip)->dli_next ) + { + /* The check on objectClass may be relaxed */ +#if 0 + if ( (*dlip)->dli_oc == oc ) { + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "\"dynlist-attrset []\": " + "objectClass \"%s\" already mapped.\n", + fname, lineno, oc->soc_cname.bv_val ); + return 1; + } +#endif + + if ( (*dlip)->dli_ad == ad ) { + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "\"dynlist-attrset []\": " + "URL attributeDescription \"%s\" already mapped.\n", + fname, lineno, ad->ad_cname.bv_val ); + return 1; + } + + if ( member_ad != NULL && (*dlip)->dli_member_ad == member_ad ) { + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "\"dynlist-attrset []\": " + "member attributeDescription \"%s\" already mapped.\n", + fname, lineno, member_ad->ad_cname.bv_val ); + return 1; + } + } + + *dlip = (dynlist_info_t *)ch_calloc( 1, sizeof( dynlist_info_t ) ); + (*dlip)->dli_oc = oc; + (*dlip)->dli_ad = ad; + (*dlip)->dli_member_ad = member_ad; + + if ( dynlist_build_def_filter( *dlip ) ) { + ch_free( *dlip ); + *dlip = NULL; return 1; } - } else if ( strcasecmp( argv[0], "dynlist-member-ad" ) == 0 ) { - const char *text; + /* allow dyngroup syntax */ + } else if ( strcasecmp( argv[0], "dynlist-attrpair" ) == 0 ) { + dynlist_info_t **dlip; + ObjectClass *oc; + AttributeDescription *ad = NULL, + *member_ad = NULL; + const char *text; + + if ( argc != 3 ) { + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "\"dynlist-attrpair \": " + "invalid arg number #%d.\n", + fname, lineno, argc ); + return 1; + } - if ( argc != 2 ) { - fprintf( stderr, "dynlist-member-ad \n" ); + oc = oc_find( "groupOfURLs" ); + if ( oc == NULL ) { + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "\"dynlist-attrpair \": " + "unable to find default ObjectClass \"groupOfURLs\"\n", + fname, lineno, 0 ); return 1; } - dli->dli_member_ad = NULL; - rc = slap_str2ad( argv[1], &dli->dli_member_ad, &text ); + + rc = slap_str2ad( argv[1], &member_ad, &text ); if ( rc != LDAP_SUCCESS ) { - fprintf( stderr, "dynlist-member-ad : " - "unable to find AttributeDescription " - "\"%s\"\n", argv[1] ); + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "\"dynlist-attrpair \": " + "unable to find AttributeDescription \"%s\"\n", + fname, lineno, argv[1] ); + return 1; + } + + rc = slap_str2ad( argv[2], &ad, &text ); + if ( rc != LDAP_SUCCESS ) { + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "\"dynlist-attrpair \": " + "unable to find AttributeDescription \"%s\"\n", + fname, lineno, argv[2] ); + return 1; + } + + if ( !is_at_subtype( ad->ad_type, slap_schema.si_ad_labeledURI->ad_type ) ) { + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "\"dynlist-attrpair \": " + "AttributeDescription \"%s\" " + "must be a subtype of \"labeledURI\"\n", + fname, lineno, argv[2] ); + return 1; + } + + + for ( dlip = (dynlist_info_t **)&on->on_bi.bi_private; + *dlip; dlip = &(*dlip)->dli_next ) + { +#if 0 + /* The check on objectClass may be relaxed */ + if ( (*dlip)->dli_oc == oc ) { + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "\"dynlist-attrpair \": " + "objectClass \"%s\" already mapped.\n", + fname, lineno, oc->soc_cname.bv_val ); + return 1; + } +#endif + + if ( (*dlip)->dli_ad == ad ) { + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "\"dynlist-attrpair \": " + "URL attributeDescription \"%s\" already mapped.\n", + fname, lineno, ad->ad_cname.bv_val ); + return 1; + } + + if ( member_ad != NULL && (*dlip)->dli_member_ad == member_ad ) { + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "\"dynlist-attrpair \": " + "member attributeDescription \"%s\" already mapped.\n", + fname, lineno, member_ad->ad_cname.bv_val ); + return 1; + } + } + + *dlip = (dynlist_info_t *)ch_calloc( 1, sizeof( dynlist_info_t ) ); + (*dlip)->dli_oc = oc; + (*dlip)->dli_ad = ad; + (*dlip)->dli_member_ad = member_ad; + + if ( dynlist_build_def_filter( *dlip ) ) { + ch_free( *dlip ); + *dlip = NULL; return 1; } @@ -675,51 +922,434 @@ dynlist_db_config( return rc; } +#else +enum { + DL_ATTRSET = 1, + DL_ATTRPAIR, + DL_ATTRPAIR_COMPAT, + DL_LAST +}; + +static ConfigDriver dl_cfgen; + +static ConfigTable dlcfg[] = { + { "dynlist-attrset", "group-oc> , , ' " + "EQUALITY caseIgnoreMatch " + "SYNTAX OMsDirectoryString " + "X-ORDERED 'VALUES' )", + NULL, NULL }, + { "dynlist-attrpair", "member-ad> bd_info; - dynlist_info *dli; + slap_overinst *on = (slap_overinst *)c->bi; + dynlist_info_t *dli = (dynlist_info_t *)on->on_bi.bi_private; + + int rc = 0, i; + + if ( c->op == SLAP_CONFIG_EMIT ) { + switch( c->type ) { + case DL_ATTRSET: + for ( i = 0; dli; i++, dli = dli->dli_next ) { + struct berval bv; + char *ptr = c->msg; + + assert( dli->dli_oc != NULL ); + assert( dli->dli_ad != NULL ); + + ptr += snprintf( c->msg, sizeof( c->msg ), + SLAP_X_ORDERED_FMT "%s %s", i, + dli->dli_oc->soc_cname.bv_val, + dli->dli_ad->ad_cname.bv_val ); + + if ( dli->dli_member_ad != NULL ) { + ptr[ 0 ] = ' '; + ptr++; + ptr = lutil_strcopy( ptr, dli->dli_member_ad->ad_cname.bv_val ); + } - dli = (dynlist_info *)ch_malloc( sizeof( dynlist_info ) ); - memset( dli, 0, sizeof( dynlist_info ) ); + bv.bv_val = c->msg; + bv.bv_len = ptr - bv.bv_val; + value_add_one( &c->rvalue_vals, &bv ); + } + break; - on->on_bi.bi_private = (void *)dli; + case DL_ATTRPAIR_COMPAT: + case DL_ATTRPAIR: + rc = 1; + break; - return 0; + default: + rc = 1; + break; + } + + return rc; + + } else if ( c->op == LDAP_MOD_DELETE ) { + switch( c->type ) { + case DL_ATTRSET: + if ( c->valx < 0 ) { + dynlist_info_t *dli_next; + + for ( dli_next = dli; dli_next; dli = dli_next ) { + dli_next = dli->dli_next; + + ch_free( dli->dli_default_filter.bv_val ); + ch_free( dli ); + } + + on->on_bi.bi_private = NULL; + + } else { + dynlist_info_t **dlip; + + for ( i = 0, dlip = (dynlist_info_t **)&on->on_bi.bi_private; + i < c->valx; i++ ) + { + if ( *dlip == NULL ) { + return 1; + } + dlip = &(*dlip)->dli_next; + } + + dli = *dlip; + *dlip = dli->dli_next; + ch_free( dli->dli_default_filter.bv_val ); + ch_free( dli ); + + dli = (dynlist_info_t *)on->on_bi.bi_private; + } + break; + + case DL_ATTRPAIR_COMPAT: + case DL_ATTRPAIR: + rc = 1; + break; + + default: + rc = 1; + break; + } + + return 1; /* FIXME */ + } + + switch( c->type ) { + case DL_ATTRSET: { + dynlist_info_t **dlip, + *dli_next = NULL; + ObjectClass *oc = NULL; + AttributeDescription *ad = NULL, + *member_ad = NULL; + const char *text; + + oc = oc_find( c->argv[ 1 ] ); + if ( oc == NULL ) { + snprintf( c->msg, sizeof( c->msg ), + "\"dynlist-attrset []\": " + "unable to find ObjectClass \"%s\"", + c->argv[ 1 ] ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", + c->log, c->msg, 0 ); + return 1; + } + + rc = slap_str2ad( c->argv[ 2 ], &ad, &text ); + if ( rc != LDAP_SUCCESS ) { + snprintf( c->msg, sizeof( c->msg ), + "\"dynlist-attrset []\": " + "unable to find AttributeDescription \"%s\"", + c->argv[ 2 ] ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", + c->log, c->msg, 0 ); + return 1; + } + + if ( !is_at_subtype( ad->ad_type, slap_schema.si_ad_labeledURI->ad_type ) ) { + snprintf( c->msg, sizeof( c->msg ), + "\"dynlist-attrset []\": " + "AttributeDescription \"%s\" " + "must be a subtype of \"labeledURI\"", + c->argv[ 2 ] ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", + c->log, c->msg, 0 ); + return 1; + } + + if ( c->argc == 4 ) { + rc = slap_str2ad( c->argv[ 3 ], &member_ad, &text ); + if ( rc != LDAP_SUCCESS ) { + snprintf( c->msg, sizeof( c->msg ), + "\"dynlist-attrset []\": " + "unable to find AttributeDescription \"%s\"\n", + c->argv[ 3 ] ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", + c->log, c->msg, 0 ); + return 1; + } + } + + for ( dlip = (dynlist_info_t **)&on->on_bi.bi_private; + *dlip; dlip = &(*dlip)->dli_next ) + { + /* The check on objectClass may be relaxed */ +#if 0 + if ( (*dlip)->dli_oc == oc ) { + snprintf( c->msg, sizeof( c->msg ), + "\"dynlist-attrset []\": " + "objectClass \"%s\" already mapped.\n", + oc->soc_cname.bv_val ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", + c->log, c->msg, 0 ); + return 1; + } +#endif + + if ( (*dlip)->dli_ad == ad ) { + snprintf( c->msg, sizeof( c->msg ), + "\"dynlist-attrset []\": " + "URL attributeDescription \"%s\" already mapped.\n", + ad->ad_cname.bv_val ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", + c->log, c->msg, 0 ); + return 1; + } + + if ( member_ad != NULL && (*dlip)->dli_member_ad == member_ad ) { + snprintf( c->msg, sizeof( c->msg ), + "\"dynlist-attrset []\": " + "member attributeDescription \"%s\" already mapped.\n", + member_ad->ad_cname.bv_val ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", + c->log, c->msg, 0 ); + return 1; + } + } + + if ( c->valx > 0 ) { + int i; + + for ( i = 0, dlip = (dynlist_info_t **)&on->on_bi.bi_private; + i < c->valx; i++ ) + { + if ( *dlip == NULL ) { + snprintf( c->msg, sizeof( c->msg ), + "\"dynlist-attrset []\": " + "invalid index {%d}\n", + c->valx ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", + c->log, c->msg, 0 ); + return 1; + } + dlip = &(*dlip)->dli_next; + } + dli_next = *dlip; + + } else { + for ( dlip = (dynlist_info_t **)&on->on_bi.bi_private; + *dlip; dlip = &(*dlip)->dli_next ) + /* goto last */; + } + + *dlip = (dynlist_info_t *)ch_calloc( 1, sizeof( dynlist_info_t ) ); + + (*dlip)->dli_oc = oc; + (*dlip)->dli_ad = ad; + (*dlip)->dli_member_ad = member_ad; + (*dlip)->dli_next = dli_next; + + rc = dynlist_build_def_filter( *dlip ); + + } break; + + case DL_ATTRPAIR_COMPAT: + snprintf( c->msg, sizeof( c->msg ), + "warning: \"attrpair\" only supported for limited " + "backward compatibility with overlay \"dyngroup\"" ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 ); + /* fallthru */ + + case DL_ATTRPAIR: { + dynlist_info_t **dlip; + ObjectClass *oc = NULL; + AttributeDescription *ad = NULL, + *member_ad = NULL; + const char *text; + + oc = oc_find( "groupOfURLs" ); + if ( oc == NULL ) { + snprintf( c->msg, sizeof( c->msg ), + "\"dynlist-attrpair \": " + "unable to find default ObjectClass \"groupOfURLs\"" ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", + c->log, c->msg, 0 ); + return 1; + } + + rc = slap_str2ad( c->argv[ 1 ], &member_ad, &text ); + if ( rc != LDAP_SUCCESS ) { + snprintf( c->msg, sizeof( c->msg ), + "\"dynlist-attrpair \": " + "unable to find AttributeDescription \"%s\"", + c->argv[ 1 ] ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", + c->log, c->msg, 0 ); + return 1; + } + + rc = slap_str2ad( c->argv[ 2 ], &ad, &text ); + if ( rc != LDAP_SUCCESS ) { + snprintf( c->msg, sizeof( c->msg ), + "\"dynlist-attrpair \": " + "unable to find AttributeDescription \"%s\"\n", + c->argv[ 2 ] ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", + c->log, c->msg, 0 ); + return 1; + } + + if ( !is_at_subtype( ad->ad_type, slap_schema.si_ad_labeledURI->ad_type ) ) { + snprintf( c->msg, sizeof( c->msg ), + "\"dynlist-attrset []\": " + "AttributeDescription \"%s\" " + "must be a subtype of \"labeledURI\"", + c->argv[ 2 ] ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", + c->log, c->msg, 0 ); + return 1; + } + + for ( dlip = (dynlist_info_t **)&on->on_bi.bi_private; + *dlip; dlip = &(*dlip)->dli_next ) + { + /* The check on objectClass may be relaxed */ +#if 0 + if ( (*dlip)->dli_oc == oc ) { + snprintf( c->msg, sizeof( c->msg ), + "\"dynlist-attrpair \": " + "objectClass \"%s\" already mapped.\n", + oc->soc_cname.bv_val ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", + c->log, c->msg, 0 ); + return 1; + } +#endif + + if ( (*dlip)->dli_ad == ad ) { + snprintf( c->msg, sizeof( c->msg ), + "\"dynlist-attrpair \": " + "URL attributeDescription \"%s\" already mapped.\n", + ad->ad_cname.bv_val ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", + c->log, c->msg, 0 ); + return 1; + } + + if ( member_ad != NULL && (*dlip)->dli_member_ad == member_ad ) { + snprintf( c->msg, sizeof( c->msg ), + "\"dynlist-attrpair \": " + "member attributeDescription \"%s\" already mapped.\n", + member_ad->ad_cname.bv_val ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", + c->log, c->msg, 0 ); + return 1; + } + } + + *dlip = (dynlist_info_t *)ch_calloc( 1, sizeof( dynlist_info_t ) ); + + (*dlip)->dli_oc = oc; + (*dlip)->dli_ad = ad; + (*dlip)->dli_member_ad = member_ad; + + rc = dynlist_build_def_filter( *dlip ); + + } break; + + default: + rc = 1; + break; + } + + return rc; } +#endif static int dynlist_db_open( BackendDB *be ) { - slap_overinst *on = (slap_overinst *) be->bd_info; - dynlist_info *dli = (dynlist_info *)on->on_bi.bi_private; - ber_len_t len; - char *ptr; - - if ( dli->dli_oc == NULL ) { - fprintf( stderr, "dynlist_db_open(): missing \"dynlist-oc \"\n" ); - return -1; + slap_overinst *on = (slap_overinst *) be->bd_info; + dynlist_info_t *dli = (dynlist_info_t *)on->on_bi.bi_private; + ObjectClass *oc = NULL; + AttributeDescription *ad = NULL; + + if ( dli == NULL ) { + dli = ch_calloc( 1, sizeof( dynlist_info_t ) ); + on->on_bi.bi_private = (void *)dli; } - if ( dli->dli_ad == NULL ) { - fprintf( stderr, "dynlist_db_open(): missing \"dynlist-ad \"\n" ); - return -1; - } + for ( ; dli; dli = dli->dli_next ) { + const char *text; + int rc; - len = STRLENOF( "(!(objectClass=" "))" ) - + dli->dli_oc->soc_cname.bv_len; - dli->dli_default_filter.bv_val = SLAP_MALLOC( len + 1 ); - if ( dli->dli_default_filter.bv_val == NULL ) { - fprintf( stderr, "dynlist_db_open(): malloc failed\n" ); - return -1; + if ( dli->dli_oc == NULL ) { + if ( oc == NULL ) { + oc = oc_find( "groupOfURLs" ); + if ( oc == NULL ) { + Debug( LDAP_DEBUG_ANY, "dynlist_db_open: " + "unable to fetch objectClass \"groupOfURLs\".\n", + 0, 0, 0 ); + return 1; + } + } + + dli->dli_oc = oc; + } + + if ( dli->dli_ad == NULL ) { + if ( ad == NULL ) { + rc = slap_str2ad( "memberURL", &ad, &text ); + if ( rc != LDAP_SUCCESS ) { + Debug( LDAP_DEBUG_ANY, "dynlist_db_open: " + "unable to fetch attributeDescription \"memberURL\": %d (%s).\n", + rc, text, 0 ); + return 1; + } + } + + dli->dli_ad = ad; + } + + rc = dynlist_build_def_filter( dli ); + if ( rc != 0 ) { + return rc; + } } - ptr = lutil_strcopy( dli->dli_default_filter.bv_val, "(!(objectClass=" ); - ptr = lutil_strcopy( ptr, dli->dli_oc->soc_cname.bv_val ); - ptr = lutil_strcopy( ptr, "))" ); - dli->dli_default_filter.bv_len = ptr - dli->dli_default_filter.bv_val; return 0; } @@ -729,21 +1359,29 @@ dynlist_db_destroy( BackendDB *be ) { slap_overinst *on = (slap_overinst *) be->bd_info; - int rc = 0; if ( on->on_bi.bi_private ) { - dynlist_info *dli = (dynlist_info *)on->on_bi.bi_private; + dynlist_info_t *dli = (dynlist_info_t *)on->on_bi.bi_private, + *dli_next; - dli->dli_oc = NULL; - dli->dli_ad = NULL; + for ( dli_next = dli; dli_next; dli = dli_next ) { + dli_next = dli->dli_next; - ch_free( dli ); + ch_free( dli->dli_default_filter.bv_val ); + ch_free( dli ); + } } - return rc; + return 0; } -static slap_overinst dynlist = { { NULL } }; +static slap_overinst dynlist = { { NULL } }; +#ifdef TAKEOVER_DYNGROUP +static char *obsolete_names[] = { + "dyngroup", + NULL +}; +#endif #if SLAPD_OVER_DYNLIST == SLAPD_MOD_DYNAMIC static @@ -751,14 +1389,36 @@ static int dynlist_initialize(void) { +#ifndef OL_2_2_COMPAT + int rc = 0; +#endif + dynlist.on_bi.bi_type = "dynlist"; - dynlist.on_bi.bi_db_init = dynlist_db_init; + +#ifdef TAKEOVER_DYNGROUP + /* makes dynlist incompatible with dyngroup */ + dynlist.on_bi.bi_obsolete_names = obsolete_names; +#endif + +#ifdef OL_2_2_COMPAT dynlist.on_bi.bi_db_config = dynlist_db_config; +#else + dynlist.on_bi.bi_db_config = config_generic_wrapper; +#endif dynlist.on_bi.bi_db_open = dynlist_db_open; dynlist.on_bi.bi_db_destroy = dynlist_db_destroy; dynlist.on_response = dynlist_response; +#ifndef OL_2_2_COMPAT + dynlist.on_bi.bi_cf_ocs = dlocs; + + rc = config_register_schema( dlcfg, dlocs ); + if ( rc ) { + return rc; + } +#endif + return overlay_register( &dynlist ); } -- 2.39.2