ITS#8051 add DN qualifier

diff --git a/doc/man/man5/slapd-sock.5 b/doc/man/man5/slapd-sock.5
index fb9255b43d1742dd4e856e9be55be16a70258fb9..23f7e82fd2481078bd4a4d2892d65fcb12f73899 100644 (file)
--- a/doc/man/man5/slapd-sock.5
+++ b/doc/man/man5/slapd-sock.5
@@ -58,6 +58,11 @@ Specify which response types to send to the external program. "result"
 sends just the results of an operation. "search" sends all entries that
 the database returned for a search request. The default is empty
 (no responses are sent).
+.TP
+.B socksuffix  <DN suffix>
+Specify subtrees for which the overlay will act. Only operations on
+DNs matching the specified suffix(es) will be processed. The default
+is empty (all DNs are processed).
 
 .SH PROTOCOL
 The protocol is essentially the same as

diff --git a/servers/slapd/back-sock/back-sock.h b/servers/slapd/back-sock/back-sock.h
index 5a7d53de9c3943429bdbadd017b6ea5433c2b665..829ad170e3e7a432d29a2fb1e631e12de0be92a1 100644 (file)
--- a/servers/slapd/back-sock/back-sock.h
+++ b/servers/slapd/back-sock/back-sock.h
@@ -30,6 +30,8 @@ struct sockinfo {
        slap_mask_t     si_extensions;
        slap_mask_t     si_ops;         /* overlay: operations to act on */
        slap_mask_t     si_resps;       /* overlay: responses to forward */
+       BerVarray       si_suffix;      /* overlay: DN suffixes to match */
+       BerVarray       si_nsuffix;     /* overlay: DN suffixes to match */
 };
 
 #define        SOCK_EXT_BINDDN 1

diff --git a/servers/slapd/back-sock/config.c b/servers/slapd/back-sock/config.c
index dba598f82921485f008e8d3aed36276a10374cfd..46c05c643894af0e06b51d5221e3bdba2ff5a334 100644 (file)
--- a/servers/slapd/back-sock/config.c
+++ b/servers/slapd/back-sock/config.c
@@ -36,11 +36,12 @@ static slap_response sock_over_response;
 enum {
        BS_EXT = 1,
        BS_OPS,
-       BS_RESP
+       BS_RESP,
+       BS_SUFFIX
 };
 
 /* The number of overlay-only config attrs */
-#define NUM_OV_ATTRS   2
+#define NUM_OV_ATTRS   3
 
 static ConfigTable bscfg[] = {
        { "sockops", "ops", 2, 0, 0, ARG_MAGIC|BS_OPS,
@@ -53,6 +54,11 @@ static ConfigTable bscfg[] = {
                        "DESC 'Response types to forward' "
                        "EQUALITY caseIgnoreMatch "
                        "SYNTAX OMsDirectoryString )", NULL, NULL },
+       { "socksuffix", "DN", 2, 0, 0, ARG_DN|ARG_QUOTE|ARG_MAGIC|BS_SUFFIX,
+               bs_cf_gen, "( OLcfgDbAt:7.5 NAME 'olcOvSocketSuffix' "
+                       "DESC 'DN suffixes to match' "
+                       "EQUALITY distinguishedNameMatch "
+                       "SYNTAX OMsDN )", NULL, NULL },
 
        { "socketpath", "pathname", 2, 2, 0, ARG_STRING|ARG_OFFSET,
                (void *)offsetof(struct sockinfo, si_sockpath),
@@ -86,7 +92,8 @@ static ConfigOCs osocs[] = {
                "SUP olcOverlayConfig "
                "MUST olcDbSocketPath "
                "MAY ( olcDbSocketExtensions $ "
-                       " olcOvSocketOps $ olcOvSocketResps ) )",
+                       " olcOvSocketOps $ olcOvSocketResps $ "
+                       " olcOvSocketSuffix ) )",
                        Cft_Overlay, bscfg },
        { NULL, 0, NULL }
 };
@@ -150,6 +157,10 @@ bs_cf_gen( ConfigArgs *c )
                        return mask_to_verbs( ov_ops, si->si_ops, &c->rvalue_vals );
                case BS_RESP:
                        return mask_to_verbs( ov_resps, si->si_resps, &c->rvalue_vals );
+               case BS_SUFFIX:
+                       value_add( &c->rvalue_vals, si->si_suffix );
+                       value_add( &c->rvalue_nvals, si->si_nsuffix );
+                       return 0;
                }
        } else if ( c->op == LDAP_MOD_DELETE ) {
                switch( c->type ) {
@@ -186,6 +197,23 @@ bs_cf_gen( ConfigArgs *c )
                                        si->si_resps ^= dels;
                        }
                        return rc;
+               case BS_SUFFIX:
+                       if ( c->valx < 0 ) {
+                               ber_bvarray_free( si->si_suffix );
+                               ber_bvarray_free( si->si_nsuffix );
+                               si->si_suffix = NULL;
+                               si->si_nsuffix = NULL;
+                       } else {
+                               int i = c->valx;
+                               ch_free( si->si_suffix[i].bv_val );
+                               ch_free( si->si_nsuffix[i].bv_val );
+                               do {
+                                       si->si_suffix[i] = si->si_suffix[i+1];
+                                       si->si_nsuffix[i] = si->si_nsuffix[i+1];
+                                       i++;
+                               } while ( !BER_BVISNULL( &si->si_suffix[i] ));
+                       }
+                       return 0;
                }
 
        } else {
@@ -196,6 +224,10 @@ bs_cf_gen( ConfigArgs *c )
                        return verbs_to_mask( c->argc, c->argv, ov_ops, &si->si_ops );
                case BS_RESP:
                        return verbs_to_mask( c->argc, c->argv, ov_resps, &si->si_resps );
+               case BS_SUFFIX:
+                       ber_bvarray_add( &si->si_suffix, &c->value_dn );
+                       ber_bvarray_add( &si->si_nsuffix, &c->value_ndn );
+                       return 0;
                }
        }
        return 1;
@@ -268,6 +300,18 @@ static int sock_over_op(
        if ( !(si->si_ops & sockopflags[which]))
                return SLAP_CB_CONTINUE;
 
+       if ( si->si_nsuffix ) {
+               int i, ok = 0;
+               for ( i=0; !BER_BVISNULL( &si->si_nsuffix[i] ); i++ ) {
+                       if ( dnIsSuffix( &op->o_req_ndn, &si->si_nsuffix[i] )) {
+                               ok = 1;
+                               break;
+                       }
+               }
+               if ( !ok )
+                       return SLAP_CB_CONTINUE;
+       }
+
        op->o_bd->be_private = si;
        sc = op->o_callback;
        op->o_callback = NULL;