From d0868eae95b318d9a60dd781af43c7a5fdf3d610 Mon Sep 17 00:00:00 2001 From: Jong Hyuk Choi Date: Tue, 15 Jul 2003 00:55:58 +0000 Subject: [PATCH] Various changes - SyncRepl support in back-ldbm - back-ldbm functions return LDAP return codes for internal operations (callback) - subentry code copy from back-bdb - Misc udpates --- servers/slapd/back-ldbm/add.c | 98 ++++++++++++++++++++++++++++- servers/slapd/back-ldbm/back-ldbm.h | 4 ++ servers/slapd/back-ldbm/bind.c | 59 +++++++++++++++++ servers/slapd/back-ldbm/cache.c | 8 +-- servers/slapd/back-ldbm/delete.c | 17 ++++- servers/slapd/back-ldbm/dn2id.c | 3 +- servers/slapd/back-ldbm/entry.c | 16 ++--- servers/slapd/back-ldbm/init.c | 3 + servers/slapd/back-ldbm/modify.c | 29 +++++++-- servers/slapd/back-ldbm/modrdn.c | 23 +++++-- servers/slapd/back-ldbm/passwd.c | 15 +++++ servers/slapd/back-ldbm/search.c | 56 ++++++++++++++++- 12 files changed, 303 insertions(+), 28 deletions(-) diff --git a/servers/slapd/back-ldbm/add.c b/servers/slapd/back-ldbm/add.c index 52aa5a5d3f..9b7f55835b 100644 --- a/servers/slapd/back-ldbm/add.c +++ b/servers/slapd/back-ldbm/add.c @@ -29,6 +29,9 @@ ldbm_back_add( AttributeDescription *entry = slap_schema.si_ad_entry; char textbuf[SLAP_TEXT_BUFLEN]; size_t textlen = sizeof textbuf; +#ifdef LDBM_SUBENTRIES + int subentry; +#endif #ifdef NEW_LOGGING LDAP_LOG( BACK_LDBM, ENTRY, "ldbm_back_add: %s\n", op->o_req_dn.bv_val, 0, 0 ); @@ -56,9 +59,17 @@ ldbm_back_add( #endif send_ldap_result( op, rs ); +#ifdef LDAP_SYNCREPL + return rs->sr_err; +#else return( -1 ); +#endif } +#ifdef LDBM_SUBENTRIES + subentry = is_entry_subentry( op->oq_add.rs_e ); +#endif + #ifdef LDAP_CACHING if ( !op->o_caching_on ) { #endif /* LDAP_CACHING */ @@ -77,7 +88,11 @@ ldbm_back_add( send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, "no write access to entry" ); +#ifdef LDAP_SYNCREPL + return LDAP_INSUFFICIENT_ACCESS; +#else return -1; +#endif } #ifdef LDAP_CACHING } @@ -91,7 +106,11 @@ ldbm_back_add( ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock); rs->sr_err = rs->sr_err ? LDAP_OTHER : LDAP_ALREADY_EXISTS; send_ldap_result( op, rs ); +#ifdef LDAP_SYNCREPL + return rs->sr_err; +#else return( -1 ); +#endif } /* @@ -146,7 +165,11 @@ ldbm_back_add( ber_bvarray_free( rs->sr_ref ); free( (char *)rs->sr_matched ); +#ifdef LDAP_SYNCREPL + return rs->sr_err; +#else return -1; +#endif } if ( ! access_allowed( op, p, @@ -168,9 +191,28 @@ ldbm_back_add( send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, "no write access to parent" ); +#ifdef LDAP_SYNCREPL + return LDAP_INSUFFICIENT_ACCESS; +#else return -1; +#endif } +#ifdef LDBM_SUBENTRIES + if ( is_entry_subentry( p )) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, DETAIL1, + "bdb_add: parent is subentry\n", 0, 0, 0 ); +#else + Debug( LDAP_DEBUG_TRACE, "bdb_add: parent is subentry\n", + 0, 0, 0 ); +#endif + rs->sr_err = LDAP_OBJECT_CLASS_VIOLATION; + rs->sr_text = "parent is a subentry"; + goto return_results; + } +#endif + if ( is_entry_alias( p ) ) { /* parent is an alias, don't allow add */ @@ -190,7 +232,11 @@ ldbm_back_add( send_ldap_error( op, rs, LDAP_ALIAS_PROBLEM, "parent is an alias" ); +#ifdef LDAP_SYNCREPL + return LDAP_ALIAS_PROBLEM; +#else return -1; +#endif } if ( is_entry_referral( p ) ) { @@ -216,8 +262,19 @@ ldbm_back_add( ber_bvarray_free( rs->sr_ref ); free( (char *)rs->sr_matched ); +#ifdef LDAP_SYNCREPL + return rs->sr_err; +#else return -1; +#endif + } + +#ifdef LDBM_SUBENTRIES + if ( subentry ) { + /* FIXME: */ + /* parent must be an administrative point of the required kind */ } +#endif } else { #ifndef LDAP_CACHING @@ -260,10 +317,17 @@ ldbm_back_add( LDAP_INSUFFICIENT_ACCESS, "no write access to parent" ); +#ifdef LDAP_SYNCREPL + return LDAP_INSUFFICIENT_ACCESS; +#else return -1; +#endif } - +#ifdef LDAP_SYNCREPL + } else if ( !is_entry_glue( op->oq_add.rs_e )) { +#else } else { +#endif ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock); #ifdef NEW_LOGGING @@ -278,11 +342,31 @@ ldbm_back_add( #endif send_ldap_error( op, rs, - LDAP_INSUFFICIENT_ACCESS, NULL ); + LDAP_NO_SUCH_OBJECT, NULL ); - return -1; +#ifdef LDAP_SYNCREPL + return LDAP_NO_SUCH_OBJECT; +#else + return -1; +#endif } } + +#ifdef LDBM_SUBENTRIES + if( subentry ) { +#ifdef NEW_LOGGING + LDAP_LOG ( OPERATION, DETAIL1, + "bdb_add: no parent, cannot add subentry\n", 0, 0, 0 ); +#else + Debug( LDAP_DEBUG_TRACE, + "bdb_add: no parent, cannot add subentry\n", 0, 0, 0 ); +#endif + rs->sr_err = LDAP_NO_SUCH_OBJECT; + rs->sr_text = "no parent, cannot add subentry"; + goto return_results; + } +#endif + } if ( next_id( op->o_bd, &op->oq_add.rs_e->e_id ) ) { @@ -304,7 +388,11 @@ ldbm_back_add( send_ldap_error( op, rs, LDAP_OTHER, "next_id add failed" ); +#ifdef LDAP_SYNCREPL + return LDAP_OTHER; +#else return( -1 ); +#endif } /* @@ -332,7 +420,11 @@ ldbm_back_add( rs->sr_err = rs->sr_err > 0 ? LDAP_ALREADY_EXISTS : LDAP_OTHER; send_ldap_result( op, rs ); +#ifdef LDAP_SYNCREPL + return rs->sr_err; +#else return( -1 ); +#endif } rs->sr_err = -1; diff --git a/servers/slapd/back-ldbm/back-ldbm.h b/servers/slapd/back-ldbm/back-ldbm.h index b4f16656e0..0b206a6e4e 100644 --- a/servers/slapd/back-ldbm/back-ldbm.h +++ b/servers/slapd/back-ldbm/back-ldbm.h @@ -12,6 +12,10 @@ LDAP_BEGIN_DECL +#ifdef LDAP_SYNCREPL +#define LDBM_SUBENTRIES 1 +#endif + #define DEFAULT_CACHE_SIZE 1000 #if defined(HAVE_BERKELEY_DB) && DB_VERSION_MAJOR >= 2 diff --git a/servers/slapd/back-ldbm/bind.c b/servers/slapd/back-ldbm/bind.c index cb2f341a82..81192924fe 100644 --- a/servers/slapd/back-ldbm/bind.c +++ b/servers/slapd/back-ldbm/bind.c @@ -81,12 +81,31 @@ ldbm_back_bind( if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref ); if ( rs->sr_matched ) free( (char *)rs->sr_matched ); +#ifdef LDAP_SYNCREPL + return rs->sr_err; +#else return( rc ); +#endif } ber_dupbv( &op->oq_bind.rb_edn, &e->e_name ); /* check for deleted */ +#ifdef LDBM_SUBENTRIES + if ( is_entry_subentry( e ) ) { + /* entry is an subentry, don't allow bind */ +#ifdef NEW_LOGGING + LDAP_LOG ( OPERATION, DETAIL1, + "bdb_bind: entry is subentry\n", 0, 0, 0 ); +#else + Debug( LDAP_DEBUG_TRACE, + "entry is subentry\n", 0, 0, 0 ); +#endif + rs->sr_err = LDAP_INVALID_CREDENTIALS; + send_ldap_result( op, rs ); + goto return_results; + } +#endif if ( is_entry_alias( e ) ) { /* entry is an alias, don't allow bind */ @@ -102,7 +121,11 @@ ldbm_back_bind( send_ldap_error( op, rs, LDAP_ALIAS_PROBLEM, "entry is alias" ); +#ifdef LDAP_SYNCREPL + rc = LDAP_ALIAS_PROBLEM; +#else rc = 1; +#endif goto return_results; } @@ -130,7 +153,11 @@ ldbm_back_bind( ber_bvarray_free( rs->sr_ref ); +#ifdef LDAP_SYNCREPL + rc = rs->sr_err; +#else rc = 1; +#endif goto return_results; } @@ -140,7 +167,11 @@ ldbm_back_bind( password, NULL, ACL_AUTH, NULL ) ) { send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL ); +#ifdef LDAP_SYNCREPL + rc = LDAP_INSUFFICIENT_ACCESS; +#else rc = 1; +#endif goto return_results; } @@ -148,14 +179,22 @@ ldbm_back_bind( send_ldap_error( op, rs, LDAP_INAPPROPRIATE_AUTH, NULL ); /* stop front end from sending result */ +#ifdef LDAP_SYNCREPL + rc = LDAP_INAPPROPRIATE_AUTH; +#else rc = 1; +#endif goto return_results; } if ( slap_passwd_check( op->o_conn, a, &op->oq_bind.rb_cred, &rs->sr_text ) != 0 ) { send_ldap_error( op, rs, LDAP_INVALID_CREDENTIALS, NULL ); /* stop front end from sending result */ +#ifdef LDAP_SYNCREPL + rc = LDAP_INVALID_CREDENTIALS; +#else rc = 1; +#endif goto return_results; } @@ -166,7 +205,11 @@ ldbm_back_bind( case LDAP_AUTH_KRBV41: if ( krbv4_ldap_auth( op->o_bd, &op->oq_bind.rb_cred, &ad ) != LDAP_SUCCESS ) { send_ldap_error( op, rs, LDAP_INVALID_CREDENTIALS, NULL ); +#ifdef LDAP_SYNCREPL + rc = LDAP_INVALID_CREDENTIALS; +#else rc = 1; +#endif goto return_results; } @@ -175,7 +218,11 @@ ldbm_back_bind( { send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL ); +#ifdef LDAP_SYNCREPL + rc = LDAP_INSUFFICIENT_ACCESS; +#else rc = 1; +#endif goto return_results; } @@ -191,7 +238,11 @@ ldbm_back_bind( break; } send_ldap_error( op, rs, LDAP_INAPPROPRIATE_AUTH, NULL ); +#ifdef LDAP_SYNCREPL + rc = LDAP_INAPPROPRIATE_AUTH; +#else rc = 1; +#endif goto return_results; } else { /* look for krbname match */ @@ -203,7 +254,11 @@ ldbm_back_bind( if ( value_find( a->a_desc, a->a_vals, &krbval ) != 0 ) { send_ldap_error( op, rs, LDAP_INVALID_CREDENTIALS, NULL ); +#ifdef LDAP_SYNCREPL + rc = LDAP_INVALID_CREDENTIALS; +#else rc = 1; +#endif goto return_results; } } @@ -221,7 +276,11 @@ ldbm_back_bind( default: send_ldap_error( op, rs, LDAP_STRONG_AUTH_NOT_SUPPORTED, "authentication method not supported" ); +#ifdef LDAP_SYNCREPL + rc = LDAP_STRONG_AUTH_NOT_SUPPORTED; +#else rc = 1; +#endif goto return_results; } diff --git a/servers/slapd/back-ldbm/cache.c b/servers/slapd/back-ldbm/cache.c index c6f9b237a7..f8a609ae4b 100644 --- a/servers/slapd/back-ldbm/cache.c +++ b/servers/slapd/back-ldbm/cache.c @@ -511,11 +511,11 @@ try_again: #ifdef NEW_LOGGING LDAP_LOG( CACHE, INFO, - "cache_find_entry_dn2id: (%s) %ld not ready: %d\n", + "cache_find_entry_ndn2id: (%s) %ld not ready: %d\n", ndn->bv_val, id, state ); #else Debug(LDAP_DEBUG_TRACE, - "====> cache_find_entry_dn2id(\"%s\"): %ld (not ready) %d\n", + "====> cache_find_entry_ndn2id(\"%s\"): %ld (not ready) %d\n", ndn->bv_val, id, state); #endif @@ -532,11 +532,11 @@ try_again: #ifdef NEW_LOGGING LDAP_LOG( CACHE, DETAIL1, - "cache_find_entry_dn2id: (%s): %ld %d tries\n", + "cache_find_entry_ndn2id: (%s): %ld %d tries\n", ndn->bv_val, id, count ); #else Debug(LDAP_DEBUG_TRACE, - "====> cache_find_entry_dn2id(\"%s\"): %ld (%d tries)\n", + "====> cache_find_entry_ndn2id(\"%s\"): %ld (%d tries)\n", ndn->bv_val, id, count); #endif diff --git a/servers/slapd/back-ldbm/delete.c b/servers/slapd/back-ldbm/delete.c index 1e9a3989c0..e048ef65d1 100644 --- a/servers/slapd/back-ldbm/delete.c +++ b/servers/slapd/back-ldbm/delete.c @@ -40,7 +40,13 @@ ldbm_back_delete( ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock); /* get entry with writer lock */ - if ( (e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched )) == NULL ) { + e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched ); + +#ifdef LDAP_SYNCREPL /* FIXME : dn2entry() should return non-glue entry */ + if ( e == NULL || ( !manageDSAit && is_entry_glue( e ))) { +#else + if ( e == NULL ) { +#endif #ifdef NEW_LOGGING LDAP_LOG( BACK_LDBM, INFO, "ldbm_back_delete: no such object %s\n", op->o_req_dn.bv_val, 0, 0 ); @@ -57,8 +63,13 @@ ldbm_back_delete( cache_return_entry_r( &li->li_cache, matched ); } else { - rs->sr_ref = referral_rewrite( default_referral, - NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT ); +#ifdef LDAP_SYNCREPL + BerVarray deref = op->o_bd->syncinfo ? + op->o_bd->syncinfo->provideruri_bv : default_referral; +#else + BerVarray deref = default_referral; +#endif + rs->sr_ref = referral_rewrite( deref, NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT ); } ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock); diff --git a/servers/slapd/back-ldbm/dn2id.c b/servers/slapd/back-ldbm/dn2id.c index 491723fe47..ca379be534 100644 --- a/servers/slapd/back-ldbm/dn2id.c +++ b/servers/slapd/back-ldbm/dn2id.c @@ -419,7 +419,8 @@ dn2entry_rw( /* entry does not exist - see how much of the dn does exist */ if ( !be_issuffix( be, dn ) && (dnParent( dn, &pdn ), pdn.bv_len) ) { /* get entry with reader lock */ - if ( (e = dn2entry_r( be, &pdn, matched )) != NULL ) { + if ((e = dn2entry_r( be, &pdn, matched )) != NULL ) + { *matched = e; } } diff --git a/servers/slapd/back-ldbm/entry.c b/servers/slapd/back-ldbm/entry.c index acb3b763f3..33edb9bfc3 100644 --- a/servers/slapd/back-ldbm/entry.c +++ b/servers/slapd/back-ldbm/entry.c @@ -65,9 +65,9 @@ int ldbm_back_entry_get( const char *at_name = at->ad_cname.bv_val; #ifdef NEW_LOGGING - LDAP_LOG( BACK_BDB, ARGS, + LDAP_LOG( BACK_LDBM, ARGS, "ldbm_back_entry_get: ndn: \"%s\"\n", ndn->bv_val, 0, 0 ); - LDAP_LOG( BACK_BDB, ARGS, + LDAP_LOG( BACK_LDBM, ARGS, "ldbm_back_entry_get: oc: \"%s\", at: \"%s\"\n", oc ? oc->soc_cname.bv_val : "(null)", at_name, 0); #else @@ -84,7 +84,7 @@ int ldbm_back_entry_get( e = dn2entry_rw( op->o_bd, ndn, NULL, rw ); if (e == NULL) { #ifdef NEW_LOGGING - LDAP_LOG( BACK_BDB, INFO, + LDAP_LOG( BACK_LDBM, INFO, "ldbm_back_entry_get: cannot find entry (%s)\n", ndn->bv_val, 0, 0 ); #else @@ -96,7 +96,7 @@ int ldbm_back_entry_get( } #ifdef NEW_LOGGING - LDAP_LOG( BACK_BDB, DETAIL1, "ldbm_back_entry_get: found entry (%s)\n", + LDAP_LOG( BACK_LDBM, DETAIL1, "ldbm_back_entry_get: found entry (%s)\n", ndn->bv_val, 0, 0 ); #else Debug( LDAP_DEBUG_ACL, @@ -108,7 +108,7 @@ int ldbm_back_entry_get( /* find attribute values */ if( is_entry_alias( e ) ) { #ifdef NEW_LOGGING - LDAP_LOG( BACK_BDB, INFO, + LDAP_LOG( BACK_LDBM, INFO, "ldbm_back_entry_get: entry (%s) is an alias\n", e->e_name.bv_val, 0, 0 ); #else Debug( LDAP_DEBUG_ACL, @@ -121,7 +121,7 @@ int ldbm_back_entry_get( if( is_entry_referral( e ) ) { #ifdef NEW_LOGGING - LDAP_LOG( BACK_BDB, INFO, + LDAP_LOG( BACK_LDBM, INFO, "ldbm_back_entry_get: entry (%s) is a referral.\n", e->e_name.bv_val, 0, 0); #else Debug( LDAP_DEBUG_ACL, @@ -133,7 +133,7 @@ int ldbm_back_entry_get( if ( oc && !is_entry_objectclass( e, oc, 0 )) { #ifdef NEW_LOGGING - LDAP_LOG( BACK_BDB, INFO, + LDAP_LOG( BACK_LDBM, INFO, "ldbm_back_entry_get: failed to find objectClass.\n", 0, 0, 0 ); #else Debug( LDAP_DEBUG_ACL, @@ -155,7 +155,7 @@ return_results: } #ifdef NEW_LOGGING - LDAP_LOG( BACK_BDB, ENTRY, "ldbm_back_entry_get: rc=%d\n", rc, 0, 0 ); + LDAP_LOG( BACK_LDBM, ENTRY, "ldbm_back_entry_get: rc=%d\n", rc, 0, 0 ); #else Debug( LDAP_DEBUG_TRACE, "ldbm_back_entry_get: rc=%d\n", diff --git a/servers/slapd/back-ldbm/init.c b/servers/slapd/back-ldbm/init.c index 05be1e0989..ca095eccfe 100644 --- a/servers/slapd/back-ldbm/init.c +++ b/servers/slapd/back-ldbm/init.c @@ -129,6 +129,9 @@ ldbm_back_db_init( /* indicate system schema supported */ be->be_flags |= +#ifdef LDBM_SUBENTRIES + SLAP_BFLAG_SUBENTRIES | +#endif SLAP_BFLAG_ALIASES | SLAP_BFLAG_REFERRALS; diff --git a/servers/slapd/back-ldbm/modify.c b/servers/slapd/back-ldbm/modify.c index b044b7ffde..1c6754b399 100644 --- a/servers/slapd/back-ldbm/modify.c +++ b/servers/slapd/back-ldbm/modify.c @@ -299,7 +299,13 @@ ldbm_back_modify( ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock); /* acquire and lock entry */ - if ( (e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched )) == NULL ) { + e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched ); + +#ifdef LDAP_SYNCREPL /* FIXME: dn2entry() should return non-glue entry */ + if (( e == NULL ) || ( !manageDSAit && e && is_entry_glue( e ))) { +#else + if ( e == NULL ) { +#endif if ( matched != NULL ) { rs->sr_matched = ch_strdup( matched->e_dn ); rs->sr_ref = is_entry_referral( matched ) @@ -307,8 +313,13 @@ ldbm_back_modify( : NULL; cache_return_entry_r( &li->li_cache, matched ); } else { - rs->sr_ref = referral_rewrite( default_referral, - NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT ); +#ifdef LDAP_SYNCREPL + BerVarray deref = op->o_bd->syncinfo ? + op->o_bd->syncinfo->provideruri_bv : default_referral; +#else + BerVarray deref = default_referral; +#endif + rs->sr_ref = referral_rewrite( deref, NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT ); } ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock); @@ -318,7 +329,11 @@ ldbm_back_modify( if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref ); free( (char *)rs->sr_matched ); +#ifdef LDAP_SYNCREPL + return rs->sr_err; +#else return( -1 ); +#endif } #ifndef LDAP_CACHING @@ -364,6 +379,7 @@ ldbm_back_modify( if ( id2entry_add( op->o_bd, e ) != 0 ) { send_ldap_error( op, rs, LDAP_OTHER, "id2entry failure" ); + rs->sr_err = LDAP_OTHER; goto error_return; } @@ -372,10 +388,15 @@ ldbm_back_modify( cache_return_entry_w( &li->li_cache, e ); ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock); - return( 0 ); + + return LDAP_SUCCESS; error_return:; cache_return_entry_w( &li->li_cache, e ); ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock); +#ifdef LDAP_SYNCREPL + return rs->sr_err; +#else return( -1 ); +#endif } diff --git a/servers/slapd/back-ldbm/modrdn.c b/servers/slapd/back-ldbm/modrdn.c index 8123505849..b739afc618 100644 --- a/servers/slapd/back-ldbm/modrdn.c +++ b/servers/slapd/back-ldbm/modrdn.c @@ -80,17 +80,28 @@ ldbm_back_modrdn( /* grab giant lock for writing */ ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock); + e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched ); + /* get entry with writer lock */ - if ( (e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched )) == NULL ) { - if( matched != NULL ) { +#ifdef LDAP_SYNCREPL /* FIXME: dn2entry() should return non-glue entry */ + if (( e == NULL ) || ( !manageDSAit && e && is_entry_glue( e ))) { +#else + if ( e == NULL ) { +#endif + if ( matched != NULL ) { rs->sr_matched = strdup( matched->e_dn ); rs->sr_ref = is_entry_referral( matched ) ? get_entry_referrals( op, matched ) : NULL; cache_return_entry_r( &li->li_cache, matched ); } else { - rs->sr_ref = referral_rewrite( default_referral, - NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT ); +#ifdef LDAP_SYNCREPL + BerVarray deref = op->o_bd->syncinfo ? + op->o_bd->syncinfo->provideruri_bv : default_referral; +#else + BerVarray deref = default_referral; +#endif + rs->sr_ref = referral_rewrite( deref, NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT ); } ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock); @@ -101,7 +112,11 @@ ldbm_back_modrdn( if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref ); free( (char *)rs->sr_matched ); +#ifdef LDAP_SYNCREPL + return rs->sr_err; +#else return( -1 ); +#endif } /* check entry for "entry" acl */ diff --git a/servers/slapd/back-ldbm/passwd.c b/servers/slapd/back-ldbm/passwd.c index 8df10e7708..5e7bde2932 100644 --- a/servers/slapd/back-ldbm/passwd.c +++ b/servers/slapd/back-ldbm/passwd.c @@ -102,13 +102,28 @@ ldbm_back_exop_passwd( ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock); e = dn2entry_w( op->o_bd, &ndn, NULL ); + +#ifdef LDAP_SYNCREPL + if ( e == NULL || is_entry_glue( e )) { + /* FIXME : dn2entry() should return non-glue entry */ +#else if( e == NULL ) { +#endif ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock); rs->sr_text = "could not locate authorization entry"; rc = LDAP_NO_SUCH_OBJECT; goto done; } +#ifdef LDBM_SUBENTRIES + if( is_entry_subentry( e ) ) { + /* entry is a subentry, don't allow operation */ + rs->sr_text = "authorization entry is subentry"; + rc = LDAP_OTHER; + goto done; + } +#endif + if( is_entry_alias( e ) ) { /* entry is an alias, don't allow operation */ rs->sr_text = "authorization entry is alias"; diff --git a/servers/slapd/back-ldbm/search.c b/servers/slapd/back-ldbm/search.c index 3c84a361dd..52461e5b95 100644 --- a/servers/slapd/back-ldbm/search.c +++ b/servers/slapd/back-ldbm/search.c @@ -135,7 +135,11 @@ ldbm_back_search( ber_bvarray_free( rs->sr_ref ); ber_memfree( matched_dn.bv_val ); +#ifdef LDAP_SYNCREPL + return LDAP_REFERRAL; +#else return 1; +#endif } if (!manageDSAit && is_entry_referral( e ) ) { @@ -179,7 +183,11 @@ ldbm_back_search( } ber_memfree( matched_dn.bv_val ); +#ifdef LDAP_SYNCREPL + return LDAP_OTHER; +#else return 1; +#endif } if ( is_entry_alias( e ) ) { @@ -223,12 +231,16 @@ searchit: send_ldap_result( op, rs ); #ifdef LDAP_CACHING - if ( op->o_caching_on ) { + if ( op->o_caching_on ) { ldap_pvt_thread_rdwr_rlock(&li->li_giant_rwlock); } #endif /* LDAP_CACHING */ +#ifdef LDAP_SYNCREPL + rc = LDAP_OTHER; +#else rc = 1; +#endif goto done; } @@ -359,6 +371,26 @@ searchit: } rs->sr_entry = e; + +#ifdef LDBM_SUBENTRIES + if ( is_entry_subentry( e ) ) { + if( op->oq_search.rs_scope != LDAP_SCOPE_BASE ) { + if(!get_subentries_visibility( op )) { + /* only subentries are visible */ + goto loop_continue; + } + } else if ( get_subentries( op ) && + !get_subentries_visibility( op )) + { + /* only subentries are visible */ + goto loop_continue; + } + } else if ( get_subentries_visibility( op )) { + /* only subentries are visible */ + goto loop_continue; + } +#endif + #ifdef LDAP_CACHING if ( !op->o_caching_on ) { #endif /* LDAP_CACHING */ @@ -465,6 +497,12 @@ searchit: } #endif /* LDAP_CACHING */ +#ifdef LDAP_SYNCREPL + if ( !manageDSAit && is_entry_glue( e )) { + goto loop_continue; + } +#endif + /* if it matches the filter and scope, send it */ result = test_filter( op, e, op->oq_search.rs_filter ); @@ -618,6 +656,10 @@ search_candidates( AttributeAssertion aa_ref, aa_alias; struct berval bv_ref = { sizeof("referral")-1, "referral" }; struct berval bv_alias = { sizeof("alias")-1, "alias" }; +#ifdef LDBM_SUBENTRIES + Filter sf; + AttributeAssertion aa_subentry; +#endif #ifdef NEW_LOGGING LDAP_LOG( BACK_LDBM, DETAIL1, @@ -663,6 +705,18 @@ search_candidates( fand.f_dn = &e->e_nname; fand.f_next = xf.f_or == filter ? filter : &xf ; +#ifdef LDBM_SUBENTRIES + if ( get_subentries_visibility( op )) { + struct berval bv_subentry = { sizeof("SUBENTRY")-1, "SUBENTRY" }; + sf.f_choice = LDAP_FILTER_EQUALITY; + sf.f_ava = &aa_subentry; + sf.f_av_desc = slap_schema.si_ad_objectClass; + sf.f_av_value = bv_subentry; + sf.f_next = fand.f_next; + fand.f_next = &sf; + } +#endif + candidates = filter_candidates( op, &f ); return( candidates ); -- 2.39.5