From 2f28eb3860a2ae8f0f350ed32f5c1519b3227c4d Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Mon, 30 Aug 2004 19:47:12 +0000 Subject: [PATCH] Another round of changes from HEAD backend_attribute (ITS#3140) ITS3259 fix --- servers/slapd/acl.c | 23 ++++++++++------------- servers/slapd/backend.c | 25 ++++++++++++++++++------- servers/slapd/ctxcsn.c | 16 ++++++++-------- servers/slapd/proto-slap.h | 3 ++- servers/slapd/saslauthz.c | 3 +-- servers/slapd/slap.h | 1 + servers/slapd/syncrepl.c | 6 +++--- 7 files changed, 43 insertions(+), 34 deletions(-) diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c index d752681652..f4388518b5 100644 --- a/servers/slapd/acl.c +++ b/servers/slapd/acl.c @@ -1392,7 +1392,7 @@ dn_match_cleanup:; while ( parent_ndn.bv_val != old_parent_ndn.bv_val ){ old_parent_ndn = parent_ndn; Debug(LDAP_DEBUG_ACL, "checking ACI of %s\n", parent_ndn.bv_val, 0, 0); - ret = backend_attribute(op, NULL, &parent_ndn, b->a_aci_at, &bvals); + ret = backend_attribute(op, NULL, &parent_ndn, b->a_aci_at, &bvals, ACL_AUTH); switch(ret){ case LDAP_SUCCESS : stop = 0; @@ -1764,7 +1764,7 @@ aci_set_gather (SetCookie *cookie, struct berval *name, struct berval *attr) AttributeDescription *desc = NULL; if (slap_bv2ad(attr, &desc, &text) == LDAP_SUCCESS) { backend_attribute(cp->op, - cp->e, &ndn, desc, &bvals); + cp->e, &ndn, desc, &bvals, ACL_NONE); } sl_free(ndn.bv_val, cp->op->o_tmpmemctx); } @@ -1782,12 +1782,9 @@ aci_match_set ( struct berval set = BER_BVNULL; int rc = 0; AciSetCookie cookie; - Operation op2 = *op; - - op2.o_conn = NULL; if (setref == 0) { - ber_dupbv_x( &set, subj, op2.o_tmpmemctx ); + ber_dupbv_x( &set, subj, op->o_tmpmemctx ); } else { struct berval subjdn, ndn = BER_BVNULL; @@ -1810,9 +1807,9 @@ aci_match_set ( * as the length of the dn to be normalized */ if ( slap_bv2ad(&setat, &desc, &text) == LDAP_SUCCESS ) { - if ( dnNormalize(0, NULL, NULL, &subjdn, &ndn, op2.o_tmpmemctx) == LDAP_SUCCESS ) + if ( dnNormalize(0, NULL, NULL, &subjdn, &ndn, op->o_tmpmemctx) == LDAP_SUCCESS ) { - backend_attribute(&op2, e, &ndn, desc, &bvals); + backend_attribute( op, e, &ndn, desc, &bvals, ACL_NONE ); if ( bvals != NULL && bvals[0].bv_val != NULL ) { int i; set = bvals[0]; @@ -1821,18 +1818,18 @@ aci_match_set ( bvals[0].bv_val = bvals[i-1].bv_val; bvals[i-1].bv_val = NULL; } - ber_bvarray_free_x(bvals, op2.o_tmpmemctx); - sl_free(ndn.bv_val, op2.o_tmpmemctx); + ber_bvarray_free_x(bvals, op->o_tmpmemctx); + sl_free(ndn.bv_val, op->o_tmpmemctx); } } } if (set.bv_val != NULL) { - cookie.op = &op2; + cookie.op = op; cookie.e = e; rc = (slap_set_filter(aci_set_gather, (SetCookie *)&cookie, &set, - &op2.o_ndn, &e->e_nname, NULL) > 0); - sl_free(set.bv_val, op2.o_tmpmemctx); + &op->o_ndn, &e->e_nname, NULL) > 0); + sl_free(set.bv_val, op->o_tmpmemctx); } return(rc); diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c index fbafe45618..6369dffc33 100644 --- a/servers/slapd/backend.c +++ b/servers/slapd/backend.c @@ -581,12 +581,22 @@ backend_db_init( return NULL; } + be = backendDB; + backendDB = (BackendDB *) ch_realloc( (char *) backendDB, (nBackendDB + 1) * sizeof(Backend) ); memset( &backendDB[nbackends], '\0', sizeof(Backend) ); + /* did realloc move our table? if so, fix up dependent pointers */ + if ( be != backendDB ) { + int i; + for ( i=0, be=backendDB; ibe_pcl_mutexp = &be->be_pcl_mutex; + } + } + be = &backends[nbackends++]; be->bd_info = bi; @@ -599,8 +609,8 @@ backend_db_init( be->be_context_csn.bv_len = 0; be->be_context_csn.bv_val = NULL; - ldap_pvt_thread_mutex_init( &be->be_pcl_mutex ); - ldap_pvt_thread_mutex_init( &be->be_context_csn_mutex ); + be->be_pcl_mutexp = &be->be_pcl_mutex; + ldap_pvt_thread_mutex_init( be->be_pcl_mutexp ); LDAP_STAILQ_INIT( &be->be_syncinfo ); @@ -1412,7 +1422,8 @@ backend_attribute( Entry *target, struct berval *edn, AttributeDescription *entry_at, - BerVarray *vals ) + BerVarray *vals, + slap_access_t access ) { Entry *e; Attribute *a; @@ -1433,8 +1444,8 @@ backend_attribute( if ( a ) { BerVarray v; - if ( op->o_conn && access_allowed( op, - e, entry_at, NULL, ACL_AUTH, + if ( op->o_conn && access > ACL_NONE && access_allowed( op, + e, entry_at, NULL, access, &acl_state ) == 0 ) { rc = LDAP_INSUFFICIENT_ACCESS; goto freeit; @@ -1445,10 +1456,10 @@ backend_attribute( v = op->o_tmpalloc( sizeof(struct berval) * (i+1), op->o_tmpmemctx ); for ( i=0,j=0; a->a_vals[i].bv_val; i++ ) { - if ( op->o_conn && access_allowed( op, + if ( op->o_conn && access > ACL_NONE && access_allowed( op, e, entry_at, &a->a_nvals[i], - ACL_AUTH, &acl_state ) == 0 ) { + access, &acl_state ) == 0 ) { continue; } ber_dupbv_x( &v[j], diff --git a/servers/slapd/ctxcsn.c b/servers/slapd/ctxcsn.c index c978ae90cf..b67fc7dff9 100644 --- a/servers/slapd/ctxcsn.c +++ b/servers/slapd/ctxcsn.c @@ -39,7 +39,7 @@ slap_get_commit_csn( Operation *op, struct berval *csn ) csn->bv_val = NULL; csn->bv_len = 0; - ldap_pvt_thread_mutex_lock( &op->o_bd->be_pcl_mutex ); + ldap_pvt_thread_mutex_lock( op->o_bd->be_pcl_mutexp ); LDAP_TAILQ_FOREACH( csne, op->o_bd->be_pending_csn_list, ce_csn_link ) { if ( csne->ce_opid == op->o_opid && csne->ce_connid == op->o_connid ) { @@ -54,7 +54,7 @@ slap_get_commit_csn( Operation *op, struct berval *csn ) } if ( committed_csne ) ber_dupbv_x( csn, committed_csne->ce_csn, op->o_tmpmemctx ); - ldap_pvt_thread_mutex_unlock( &op->o_bd->be_pcl_mutex ); + ldap_pvt_thread_mutex_unlock( op->o_bd->be_pcl_mutexp ); } void @@ -62,7 +62,7 @@ slap_rewind_commit_csn( Operation *op ) { struct slap_csn_entry *csne; - ldap_pvt_thread_mutex_lock( &op->o_bd->be_pcl_mutex ); + ldap_pvt_thread_mutex_lock( op->o_bd->be_pcl_mutexp ); LDAP_TAILQ_FOREACH( csne, op->o_bd->be_pending_csn_list, ce_csn_link ) { if ( csne->ce_opid == op->o_opid && csne->ce_connid == op->o_connid ) { @@ -71,7 +71,7 @@ slap_rewind_commit_csn( Operation *op ) } } - ldap_pvt_thread_mutex_unlock( &op->o_bd->be_pcl_mutex ); + ldap_pvt_thread_mutex_unlock( op->o_bd->be_pcl_mutexp ); } void @@ -82,7 +82,7 @@ slap_graduate_commit_csn( Operation *op ) if ( op == NULL ) return; if ( op->o_bd == NULL ) return; - ldap_pvt_thread_mutex_lock( &op->o_bd->be_pcl_mutex ); + ldap_pvt_thread_mutex_lock( op->o_bd->be_pcl_mutexp ); LDAP_TAILQ_FOREACH( csne, op->o_bd->be_pending_csn_list, ce_csn_link ) { if ( csne->ce_opid == op->o_opid && csne->ce_connid == op->o_connid ) { @@ -95,7 +95,7 @@ slap_graduate_commit_csn( Operation *op ) } } - ldap_pvt_thread_mutex_unlock( &op->o_bd->be_pcl_mutex ); + ldap_pvt_thread_mutex_unlock( op->o_bd->be_pcl_mutexp ); return; } @@ -160,7 +160,7 @@ slap_get_csn( if ( manage_ctxcsn ) { pending = (struct slap_csn_entry *) ch_calloc( 1, sizeof( struct slap_csn_entry )); - ldap_pvt_thread_mutex_lock( &op->o_bd->be_pcl_mutex ); + ldap_pvt_thread_mutex_lock( op->o_bd->be_pcl_mutexp ); ber_dupbv( &op->o_sync_csn, csn ); pending->ce_csn = ber_dupbv( NULL, csn ); pending->ce_connid = op->o_connid; @@ -168,7 +168,7 @@ slap_get_csn( pending->ce_state = SLAP_CSN_PENDING; LDAP_TAILQ_INSERT_TAIL( op->o_bd->be_pending_csn_list, pending, ce_csn_link ); - ldap_pvt_thread_mutex_unlock( &op->o_bd->be_pcl_mutex ); + ldap_pvt_thread_mutex_unlock( op->o_bd->be_pcl_mutexp ); } return LDAP_SUCCESS; diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index 202b77717f..fba64839c1 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -266,7 +266,8 @@ LDAP_SLAPD_F (int) backend_attribute LDAP_P(( Entry *target, struct berval *entry_ndn, AttributeDescription *entry_at, - BerVarray *vals + BerVarray *vals, + slap_access_t access )); LDAP_SLAPD_F (Attribute *) backend_operational( diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c index 2b59052bd3..149633fdc2 100644 --- a/servers/slapd/saslauthz.c +++ b/servers/slapd/saslauthz.c @@ -808,8 +808,7 @@ slap_sasl_check_authz( Operation *op, assertDN->bv_val, ad->ad_cname.bv_val, searchDN->bv_val); #endif - rc = backend_attribute( op, NULL, - searchDN, ad, &vals ); + rc = backend_attribute( op, NULL, searchDN, ad, &vals, ACL_AUTH ); if( rc != LDAP_SUCCESS ) goto COMPLETE; /* Check if the *assertDN matches any **vals */ diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index bf762b6b7e..f09676d7bb 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -1559,6 +1559,7 @@ struct slap_backend_db { BerVarray be_update_refs; /* where to refer modifying clients to */ struct be_pcl *be_pending_csn_list; ldap_pvt_thread_mutex_t be_pcl_mutex; + ldap_pvt_thread_mutex_t *be_pcl_mutexp; struct berval be_context_csn; ldap_pvt_thread_mutex_t be_context_csn_mutex; LDAP_STAILQ_HEAD( be_si, syncinfo_s ) be_syncinfo; /* For syncrepl */ diff --git a/servers/slapd/syncrepl.c b/servers/slapd/syncrepl.c index 94f1e5c3d3..ecb8cf7380 100644 --- a/servers/slapd/syncrepl.c +++ b/servers/slapd/syncrepl.c @@ -344,7 +344,7 @@ do_syncrep1( /* read stored cookie if it exists */ backend_attribute( op, NULL, &op->o_req_ndn, - slap_schema.si_ad_syncreplCookie, &cookie ); + slap_schema.si_ad_syncreplCookie, &cookie, ACL_READ ); if ( !cookie ) { /* no stored cookie */ @@ -397,7 +397,7 @@ do_syncrep1( struct berval cookie_bv; /* try to read stored cookie */ backend_attribute( op, NULL, &op->o_req_ndn, - slap_schema.si_ad_syncreplCookie, &cookie ); + slap_schema.si_ad_syncreplCookie, &cookie, ACL_READ ); if ( cookie ) { ber_dupbv( &cookie_bv, &cookie[0] ); ber_bvarray_add( &si->si_syncCookie.octet_str, &cookie_bv ); @@ -1216,7 +1216,7 @@ syncrepl_entry( { attr_delete( &e->e_attrs, slap_schema.si_ad_entryUUID ); attr_merge_one( e, slap_schema.si_ad_entryUUID, - syncUUID, &ava.aa_value ); + &syncUUID_strrep, syncUUID ); op->o_tag = LDAP_REQ_ADD; op->ora_e = e; -- 2.39.5