ITS#8663 Improve memberof cn=config handling

[openldap] / servers / slapd / overlays / memberof.c

diff --git a/servers/slapd/overlays/memberof.c b/servers/slapd/overlays/memberof.c
index 3f07ffb52194f3277f9bb55372ec5653617be5fe..54c24682abea80a6c7809087abc78e345b368df5 100644 (file)
--- a/servers/slapd/overlays/memberof.c
+++ b/servers/slapd/overlays/memberof.c
@@ -130,6 +130,11 @@
 
 #define        SLAPD_MEMBEROF_ATTR     "memberOf"
 
+static AttributeDescription    *ad_member;
+static AttributeDescription    *ad_memberOf;
+
+static ObjectClass                     *oc_group;
+
 static slap_overinst           memberof;
 
 typedef struct memberof_t {
@@ -190,7 +195,16 @@ typedef struct memberof_cbinfo_t {
        BerVarray memberof;
        memberof_is_t what;
 } memberof_cbinfo_t;
-       
+
+static void
+memberof_set_backend( Operation *op_target, Operation *op, slap_overinst *on )
+{
+    BackendInfo *bi = op->o_bd->bd_info;
+
+    if ( bi->bi_type == memberof.on_bi.bi_type )
+        op_target->o_bd->bd_info = (BackendInfo *)on->on_info;
+}
+
 static int
 memberof_isGroupOrMember_cb( Operation *op, SlapReply *rs )
 {
@@ -284,8 +298,9 @@ memberof_isGroupOrMember( Operation *op, memberof_cbinfo_t *mci )
                an[ 0 ].an_name = an[ 0 ].an_desc->ad_cname;
                op2.ors_filterstr = mo->mo_groupFilterstr;
                op2.ors_filter = &mo->mo_groupFilter;
+               op2.o_do_not_cache = 1; /* internal search, don't log */
 
-               op2.o_bd->bd_info = (BackendInfo *)on->on_info;
+               memberof_set_backend( &op2, op, on );
                (void)op->o_bd->be_search( &op2, &rs2 );
                op2.o_bd->bd_info = bi;
 
@@ -306,8 +321,9 @@ memberof_isGroupOrMember( Operation *op, memberof_cbinfo_t *mci )
                an[ 0 ].an_name = an[ 0 ].an_desc->ad_cname;
                op2.ors_filterstr = mo->mo_memberFilterstr;
                op2.ors_filter = &mo->mo_memberFilter;
+               op2.o_do_not_cache = 1; /* internal search, don't log */
 
-               op2.o_bd->bd_info = (BackendInfo *)on->on_info;
+               memberof_set_backend( &op2, op, on );
                (void)op->o_bd->be_search( &op2, &rs2 );
                op2.o_bd->bd_info = bi;
 
@@ -409,7 +425,7 @@ memberof_value_modify(
 
                oex.oe_key = (void *)&memberof;
                LDAP_SLIST_INSERT_HEAD(&op2.o_extra, &oex, oe_next);
-               op2.o_bd->bd_info = (BackendInfo *)on->on_info;
+               memberof_set_backend( &op2, op, on );
                (void)op->o_bd->be_modify( &op2, &rs2 );
                op2.o_bd->bd_info = bi;
                LDAP_SLIST_REMOVE(&op2.o_extra, &oex, OpExtra, oe_next);
@@ -451,7 +467,7 @@ memberof_value_modify(
 
                oex.oe_key = (void *)&memberof;
                LDAP_SLIST_INSERT_HEAD(&op2.o_extra, &oex, oe_next);
-               op2.o_bd->bd_info = (BackendInfo *)on->on_info;
+               memberof_set_backend( &op2, op, on );
                (void)op->o_bd->be_modify( &op2, &rs2 );
                op2.o_bd->bd_info = bi;
                LDAP_SLIST_REMOVE(&op2.o_extra, &oex, OpExtra, oe_next);
@@ -600,6 +616,7 @@ memberof_op_add( Operation *op, SlapReply *rs )
                                                ber_memfree( a->a_nvals[ i ].bv_val );
                                                BER_BVZERO( &a->a_nvals[ i ] );
                                        }
+                                       a->a_numvals--;
                                        if ( j - i == 1 ) {
                                                break;
                                        }
@@ -611,7 +628,6 @@ memberof_op_add( Operation *op, SlapReply *rs )
                                                        sizeof( struct berval ) * ( j - i ) );
                                        }
                                        i--;
-                                       a->a_numvals--;
                                }
                        }
 
@@ -726,6 +742,7 @@ memberof_op_add( Operation *op, SlapReply *rs )
        sc->sc_private = sc+1;
        sc->sc_response = memberof_res_add;
        sc->sc_cleanup = memberof_cleanup;
+       sc->sc_writewait = 0;
        mci = sc->sc_private;
        mci->on = on;
        mci->member = NULL;
@@ -760,6 +777,7 @@ memberof_op_delete( Operation *op, SlapReply *rs )
        sc->sc_private = sc+1;
        sc->sc_response = memberof_res_delete;
        sc->sc_cleanup = memberof_cleanup;
+       sc->sc_writewait = 0;
        mci = sc->sc_private;
        mci->on = on;
        mci->member = NULL;
@@ -871,7 +889,6 @@ memberof_op_modify( Operation *op, SlapReply *rs )
                                        assert( ml->sml_nvalues != NULL );
                
                                        for ( i = 0; !BER_BVISNULL( &ml->sml_nvalues[ i ] ); i++ ) {
-                                               int             rc;
                                                Entry           *e;
                
                                                /* ITS#6670 Ignore member pointing to this entry */
@@ -1179,6 +1196,7 @@ done2:;
        sc->sc_private = sc+1;
        sc->sc_response = memberof_res_modify;
        sc->sc_cleanup = memberof_cleanup;
+       sc->sc_writewait = 0;
        mci = sc->sc_private;
        mci->on = on;
        mci->member = NULL;
@@ -1224,6 +1242,7 @@ memberof_op_modrdn( Operation *op, SlapReply *rs )
        sc->sc_private = sc+1;
        sc->sc_response = memberof_res_modrdn;
        sc->sc_cleanup = memberof_cleanup;
+       sc->sc_writewait = 0;
        mci = sc->sc_private;
        mci->on = on;
        mci->member = NULL;
@@ -1596,12 +1615,45 @@ memberof_db_init(
 {
        slap_overinst   *on = (slap_overinst *)be->bd_info;
        memberof_t              *mo;
+       const char              *text = NULL;
+       int rc;
 
        mo = (memberof_t *)ch_calloc( 1, sizeof( memberof_t ) );
 
        /* safe default */
        mo->mo_dangling_err = LDAP_CONSTRAINT_VIOLATION;
 
+       if ( !ad_memberOf ) {
+               rc = slap_str2ad( SLAPD_MEMBEROF_ATTR, &ad_memberOf, &text );
+               if ( rc != LDAP_SUCCESS ) {
+                       Debug( LDAP_DEBUG_ANY, "memberof_db_init: "
+                                       "unable to find attribute=\"%s\": %s (%d)\n",
+                                       SLAPD_MEMBEROF_ATTR, text, rc );
+                       return rc;
+               }
+       }
+
+       if ( !ad_member ) {
+               rc = slap_str2ad( SLAPD_GROUP_ATTR, &ad_member, &text );
+               if ( rc != LDAP_SUCCESS ) {
+                       Debug( LDAP_DEBUG_ANY, "memberof_db_init: "
+                                       "unable to find attribute=\"%s\": %s (%d)\n",
+                                       SLAPD_GROUP_ATTR, text, rc );
+                       return rc;
+               }
+       }
+
+       if ( !oc_group ) {
+               oc_group = oc_find( SLAPD_GROUP_CLASS );
+               if ( oc_group == NULL ) {
+                       Debug( LDAP_DEBUG_ANY,
+                                       "memberof_db_init: "
+                                       "unable to find objectClass=\"%s\"\n",
+                                       SLAPD_GROUP_CLASS, 0, 0 );
+                       return 1;
+               }
+       }
+
        on->on_bi.bi_private = (void *)mo;
 
        return 0;
@@ -1663,14 +1715,14 @@ static ConfigTable mo_cfg[] = {
                NULL, NULL },
 
        { "memberof-member-ad", "member attribute",
-               2, 2, 0, ARG_MAGIC|MO_MEMBER_AD, mo_cf_gen,
+               2, 2, 0, ARG_MAGIC|ARG_ATDESC|MO_MEMBER_AD, mo_cf_gen,
                "( OLcfgOvAt:18.4 NAME 'olcMemberOfMemberAD' "
                        "DESC 'member attribute' "
                        "SYNTAX OMsDirectoryString SINGLE-VALUE )",
                NULL, NULL },
 
        { "memberof-memberof-ad", "memberOf attribute",
-               2, 2, 0, ARG_MAGIC|MO_MEMBER_OF_AD, mo_cf_gen,
+               2, 2, 0, ARG_MAGIC|ARG_ATDESC|MO_MEMBER_OF_AD, mo_cf_gen,
                "( OLcfgOvAt:18.5 NAME 'olcMemberOfMemberOfAD' "
                        "DESC 'memberOf attribute' "
                        "SYNTAX OMsDirectoryString SINGLE-VALUE )",
@@ -1862,7 +1914,52 @@ mo_cf_gen( ConfigArgs *c )
                return rc;
 
        } else if ( c->op == LDAP_MOD_DELETE ) {
-               return 1;       /* FIXME */
+               switch( c->type ) {
+               case MO_DN:
+                       if ( !BER_BVISNULL( &mo->mo_dn ) ) {
+                               ber_memfree( mo->mo_dn.bv_val );
+                               ber_memfree( mo->mo_ndn.bv_val );
+                               BER_BVZERO( &mo->mo_dn );
+                               BER_BVZERO( &mo->mo_ndn );
+                       }
+                       break;
+
+               case MO_DANGLING:
+                       mo->mo_flags &= ~MEMBEROF_FDANGLING_MASK;
+                       break;
+
+               case MO_DANGLING_ERROR:
+                       mo->mo_dangling_err = LDAP_CONSTRAINT_VIOLATION;
+                       break;
+
+               case MO_REFINT:
+                       mo->mo_flags &= ~MEMBEROF_FREFINT;
+                       break;
+
+#if 0
+               case MO_REVERSE:
+                       mo->mo_flags &= ~MEMBEROF_FREVERSE;
+                       break;
+#endif
+
+               case MO_GROUP_OC:
+                       mo->mo_oc_group = oc_group;
+                       memberof_make_group_filter( mo );
+                       break;
+
+               case MO_MEMBER_AD:
+                       mo->mo_ad_member = ad_member;
+                       break;
+
+               case MO_MEMBER_OF_AD:
+                       mo->mo_ad_memberof = ad_memberOf;
+                       memberof_make_member_filter( mo );
+                       break;
+
+               default:
+                       assert( 0 );
+                       return 1;
+               }
 
        } else {
                switch( c->type ) {
@@ -1932,19 +2029,7 @@ mo_cf_gen( ConfigArgs *c )
                        } break;
 
                case MO_MEMBER_AD: {
-                       AttributeDescription    *ad = NULL;
-                       const char              *text = NULL;
-
-
-                       rc = slap_str2ad( c->argv[ 1 ], &ad, &text );
-                       if ( rc != LDAP_SUCCESS ) {
-                               snprintf( c->cr_msg, sizeof( c->cr_msg ),
-                                       "unable to find member attribute=\"%s\": %s (%d)",
-                                       c->argv[ 1 ], text, rc );
-                               Debug( LDAP_DEBUG_CONFIG, "%s: %s.\n",
-                                       c->log, c->cr_msg, 0 );
-                               return 1;
-                       }
+                       AttributeDescription    *ad = c->value_ad;
 
                        if ( !is_at_syntax( ad->ad_type, SLAPD_DN_SYNTAX )              /* e.g. "member" */
                                && !is_at_syntax( ad->ad_type, SLAPD_NAMEUID_SYNTAX ) ) /* e.g. "uniqueMember" */
@@ -1962,19 +2047,7 @@ mo_cf_gen( ConfigArgs *c )
                        } break;
 
                case MO_MEMBER_OF_AD: {
-                       AttributeDescription    *ad = NULL;
-                       const char              *text = NULL;
-
-
-                       rc = slap_str2ad( c->argv[ 1 ], &ad, &text );
-                       if ( rc != LDAP_SUCCESS ) {
-                               snprintf( c->cr_msg, sizeof( c->cr_msg ),
-                                       "unable to find memberof attribute=\"%s\": %s (%d)",
-                                       c->argv[ 1 ], text, rc );
-                               Debug( LDAP_DEBUG_CONFIG, "%s: %s.\n",
-                                       c->log, c->cr_msg, 0 );
-                               return 1;
-                       }
+                       AttributeDescription    *ad = c->value_ad;
 
                        if ( !is_at_syntax( ad->ad_type, SLAPD_DN_SYNTAX )              /* e.g. "member" */
                                && !is_at_syntax( ad->ad_type, SLAPD_NAMEUID_SYNTAX ) ) /* e.g. "uniqueMember" */
@@ -2010,37 +2083,17 @@ memberof_db_open(
        memberof_t      *mo = (memberof_t *)on->on_bi.bi_private;
        
        int             rc;
-       const char      *text = NULL;
 
-       if( ! mo->mo_ad_memberof ){
-               rc = slap_str2ad( SLAPD_MEMBEROF_ATTR, &mo->mo_ad_memberof, &text );
-               if ( rc != LDAP_SUCCESS ) {
-                       Debug( LDAP_DEBUG_ANY, "memberof_db_open: "
-                                       "unable to find attribute=\"%s\": %s (%d)\n",
-                                       SLAPD_MEMBEROF_ATTR, text, rc );
-                       return rc;
-               }
+       if ( !mo->mo_ad_memberof ) {
+               mo->mo_ad_memberof = ad_memberOf;
        }
 
-       if( ! mo->mo_ad_member ){
-               rc = slap_str2ad( SLAPD_GROUP_ATTR, &mo->mo_ad_member, &text );
-               if ( rc != LDAP_SUCCESS ) {
-                       Debug( LDAP_DEBUG_ANY, "memberof_db_open: "
-                                       "unable to find attribute=\"%s\": %s (%d)\n",
-                                       SLAPD_GROUP_ATTR, text, rc );
-                       return rc;
-               }
+       if ( ! mo->mo_ad_member ) {
+               mo->mo_ad_member = ad_member;
        }
 
-       if( ! mo->mo_oc_group ){
-               mo->mo_oc_group = oc_find( SLAPD_GROUP_CLASS );
-               if ( mo->mo_oc_group == NULL ) {
-                       Debug( LDAP_DEBUG_ANY,
-                                       "memberof_db_open: "
-                                       "unable to find objectClass=\"%s\"\n",
-                                       SLAPD_GROUP_CLASS, 0, 0 );
-                       return 1;
-               }
+       if ( ! mo->mo_oc_group ) {
+               mo->mo_oc_group = oc_group;
        }
 
        if ( BER_BVISNULL( &mo->mo_dn ) && !BER_BVISNULL( &be->be_rootdn ) ) {
@@ -2087,9 +2140,6 @@ memberof_db_destroy(
        return 0;
 }
 
-/* unused */
-static AttributeDescription    *ad_memberOf;
-
 static struct {
        char    *desc;
        AttributeDescription **adp;