*/
for ( *ptr++ = LDIF_DIRSEP_CHAR; p < end; *ptr++ = ch ) {
ch = *p++;
if ( LDIF_ESCAPE_CHAR != '\\' && ch == '\\' ) {
ch = LDIF_ESCAPE_CHAR;
} else if ( IX_FSL != IX_DNL && ch == ix_dnx ) {
ch = ix_fsx;
ix_dnx ^= IX_DNL ^ IX_DNR;
ix_fsx ^= IX_FSL ^ IX_FSR;
} else if ( RDN_ATTRTYPEANDVALUE_SEPARATOR( ch ) ) {
ix_dnx = IX_DNL;
ix_fsx = IX_FSL;
} else if (
LDIF_NEED_ESCAPE( ch ) ||
(IX_FSL != IX_DNL && (ch == IX_FSL || ch == IX_FSR)) ||
(LDIF_ESCAPE_LDIFSUFFIX &&
ch == LDIF_FILETYPE_SEP &&
(end - p < STRLENOF( LDIF ",x=" ) - 1
? end - p == STRLENOF( LDIF ) - 1
: DN_SEPARATOR( p[STRLENOF( LDIF ) - 1] )) &&
memcmp( p, LDIF + 1, STRLENOF( LDIF ) - 1 ) == 0 ) )
{
*ptr++ = LDIF_ESCAPE_CHAR;
*ptr++ = hex[(ch & 0xFFU) >> 4];
ch = hex[ch & 0x0FU];
}
}
}
ptr = lutil_strcopy( ptr, LDIF );
assert( ptr <= res->bv_val + len );
res->bv_len = ptr - res->bv_val;
}
/* Write an entry LDIF file. Create parentdir first if non-NULL. */
static int
ldif_write_entry(
Entry *e,
struct berval *path,
const char *parentdir,
const char **text )
{
int rc = LDAP_OTHER, save_errno = 0, res = 0;
int fd, len;
char *entry_as_string, *tmpfname;
/* the ",," ensures tmpfname cannot match an RDN or DN dirname */
static const char tmpsuffix[] = ",,XXXXXX";
if ( parentdir != NULL && mkdir( parentdir, 0750 ) < 0 ) {
Debug( LDAP_DEBUG_ANY, "ldif_write_entry: %s \"%s\": %s\n",
"could not create parent directory", parentdir, STRERROR( errno ) );
*text = "could not create parent directory";
return rc;
}
len = path->bv_len - STRLENOF( LDIF );
tmpfname = ch_malloc( len + sizeof( tmpsuffix ) );
AC_MEMCPY( tmpfname, path->bv_val, len );
AC_MEMCPY( &tmpfname[len], tmpsuffix, sizeof( tmpsuffix ) );
fd = mkstemp( tmpfname );
if ( fd == -1 ) {
Debug( LDAP_DEBUG_ANY, "ldif_write_entry: %s for \"%s\": %s\n",
"could not create file", e->e_dn, STRERROR( errno ) );
*text = "could not create file";
} else {
ber_len_t dn_len = e->e_name.bv_len;
struct berval rdn;
/* Only save the RDN onto disk */
dnRdn( &e->e_name, &rdn );
if ( rdn.bv_len != dn_len ) {
e->e_name.bv_val[rdn.bv_len] = '\0';
e->e_name.bv_len = rdn.bv_len;
}
ldap_pvt_thread_mutex_lock( &entry2str_mutex );
entry_as_string = entry2str( e, &len );
if ( entry_as_string != NULL ) {
do {
res = write( fd, entry_as_string, len );
if ( res < 0 ) {
save_errno = errno;
break;
}
entry_as_string += res;
len -= res;
} while ( len > 0 );
}
ldap_pvt_thread_mutex_unlock( &entry2str_mutex );
/* Restore full DN */
if ( e->e_name.bv_len != dn_len ) {
e->e_name.bv_val[e->e_name.bv_len] = ',';
e->e_name.bv_len = dn_len;
}
if ( close( fd ) < 0 && res >= 0 ) {
res = -1;
save_errno = errno;
}
if ( entry_as_string != NULL ) {
if ( res < 0 ) {
Debug( LDAP_DEBUG_ANY, "ldif_write_entry: %s \"%s\": %s\n",
"write error to", tmpfname, STRERROR( save_errno ) );
*text = "write error";
} else if ( rename( tmpfname, path->bv_val ) == 0 ) {
rc = LDAP_SUCCESS;
} else {
Debug( LDAP_DEBUG_ANY, "ldif_write_entry: %s \"%s\": %s\n",
"could not move tmpfile for entry",
e->e_name.bv_val, STRERROR( errno ) );
}
}
if ( rc != LDAP_SUCCESS ) {
unlink( tmpfname );
}
}
ch_free( tmpfname );
return rc;
}
/*
* Read the entry at path, or if entryp==NULL just see if it exists.
* pdn and pndn are the parent's DN and normalized DN, or both NULL.
* Return an LDAP result code. Set *entryp to the entry, or NULL on error.
*/
static int
ldif_read_entryfile(
ber_tag_t op_tag,
const char *path,
struct berval *pdn,
struct berval *pndn,
Entry **entryp )
{
int fd, len, res, rc = LDAP_SUCCESS;
Entry *entry = NULL;
char *entry_as_string = NULL, *ptr;
struct berval rdn;
struct stat st;
if ( entryp == NULL ) {
res = stat( path, &st );
} else {
*entryp = NULL;
res = fd = open( path, O_RDONLY );
if ( fd >= 0 ) {
res = fstat( fd, &st );
if ( res == 0 ) {
res = 1;
if ( st.st_size < INT_MAX ) {
len = st.st_size + 1; /* +1 detects file size > st_size */
entry_as_string = ptr = ch_malloc( len );
for (;;) {
res = read( fd, ptr, len );
if ( res > 0 ) {
len -= res;
ptr += res;
if ( len > 0 )
continue;
} else {
*ptr = '\0';
}
break;
}
}
}
if ( close( fd ) < 0 )
res = -1;
}
}
if ( res != 0 ) {
rc = LDAP_NO_SUCH_OBJECT;
if ( res < 0 && errno == ENOENT ) {
if ( op_tag != LDAP_REQ_ADD )
Debug( LDAP_DEBUG_TRACE, "ldif_read_entryfile: %s\n",
"No such object", 0, 0 );
} else {
const char *msg = res < 0 ? STRERROR( errno ) : "bad fstat() size";
Debug( LDAP_DEBUG_ANY, "ldif_read_entryfile: %s for \"%s\"\n",
msg, path, 0 );
rc = LDAP_OTHER;
}
}
if ( entry_as_string != NULL ) {
if ( res == 0 ) {
*entryp = entry = str2entry( entry_as_string );
if ( entry == NULL ) {
rc = LDAP_OTHER;
} else if ( pdn != NULL && !BER_BVISEMPTY( pdn ) ) {
rdn = entry->e_name;
build_new_dn( &entry->e_name, pdn, &rdn, NULL );
ch_free( rdn.bv_val );
rdn = entry->e_nname;
build_new_dn( &entry->e_nname, pndn, &rdn, NULL );
ch_free( rdn.bv_val );
}
}
SLAP_FREE( entry_as_string );
}
return rc;
}
/*
* Read the operation's entry, or if entryp==NULL just see if it exists.
* Return an LDAP result code.
* If pathp is non-NULL, set it to the entry filename on success.
*/
static int
get_entry( Operation *op, Entry **entryp, struct berval *pathp )
{
int rc;
struct berval path, pdn, pndn;
/* Check if the operation has been abandoned. TODO: Dunno if slapd
* prevents Abandon of Bind as per rfc4511, checking just in case.
*/
if ( op->o_abandon && op->o_tag != LDAP_REQ_BIND ) {
if ( entryp != NULL )
*entryp = NULL;
return SLAPD_ABANDON;
}
dnParent(&op->o_req_dn, &pdn);
dnParent(&op->o_req_ndn, &pndn);
dn2path( op->o_bd, &op->o_req_ndn, &path );
rc = ldif_read_entryfile( op->o_tag, path.bv_val, &pdn, &pndn, entryp );
if ( rc == LDAP_SUCCESS && pathp != NULL ) {
*pathp = path;
} else {
SLAP_FREE(path.bv_val);
}
return rc;
}
/*
* RDN-named directory entry, with special handling of "attr={num}val" RDNs.
* For sorting, filename "attr=val.ldif" is truncated to "attr="val\0ldif",
* and filename "attr={num}val.ldif" to "attr=\0um}val.ldif".
*
* Does not sort escaped chars correctly, would need to un-escape them.
* Sorts "a1=v1 + a2={n}v2" correctly, but not "a1={n1}v1 + a2={n2}v2".
*/
typedef struct bvlist {
struct bvlist *next;
char *trunc; /* filename was truncated here */
int inum; /* num from "attr={num}" in filename, or 0 */
char savech; /* original char at *trunc */
char name1; /* filename = BVL_NAME(bvl): variable length array */
# define BVL_NAME(bvl) ((char *) (bvl) + offsetof(bvlist, name1))
# define BVL_SIZE(namelen) ((namelen) + \
(sizeof(bvlist) >= STRLENOF("x=" LDIF) + offsetof(bvlist, name1) + 1 \
? sizeof(bvlist) - STRLENOF("x=" LDIF) : offsetof(bvlist, name1) + 1))
} bvlist;
/*
* Send an entry, recursively search/collect its children, and free it.
* Return an LDAP result code. Parameters:
* op, rs operation and reply. rs == NULL for slap tools.
* e entry to search, or NULL for rootDSE.
* scope scope for the part of the search from this entry.
* path filename of the entry. The non-directory part is modifiable.
*/
static int
ldif_search_entry(
Operation *op,
SlapReply *rs,
Entry *e,
int scope,
struct berval *path )
{
int rc = LDAP_SUCCESS;
Entry *freeme = e;
DIR *dir_of_path;
/* Send entry if appropriate, and set scope for searching its children */
switch ( scope ) {
case LDAP_SCOPE_BASE:
case LDAP_SCOPE_SUBTREE:
if ( e != NULL ) {
/* Send right away? */
if ( rs != NULL ) {
/*
* If it is a referral object, send a search reference.
* (The baseobject is handled by ldif_back_referrals().)
* Don't check the filter since it's only a candidate.
*/
if ( !get_manageDSAit( op ) && is_entry_referral( e ) ) {
BerVarray erefs = get_entry_referrals( op, e );
rs->sr_ref = referral_rewrite(
erefs, &e->e_name, NULL, scope );
rs->sr_entry = e;
rc = send_search_reference( op, rs );
ber_bvarray_free( rs->sr_ref );
ber_bvarray_free( erefs );
rs->sr_ref = NULL;
rs->sr_entry = NULL;
} else if ( test_filter( op, e, op->ors_filter )
== LDAP_COMPARE_TRUE )
{
rs->sr_entry = e;
rs->sr_attrs = op->ors_attrs;
rs->sr_flags = REP_ENTRY_MODIFIABLE;
rc = send_search_entry( op, rs );
rs->sr_entry = NULL;
}
if ( rc ) {
/* TODO: rc=what? send_ only return a bool. */
if (0) rc = LDAP_UNWILLING_TO_PERFORM;
goto done;
}
} else {
/* Queueing up for tool mode */
struct ldif_tool *tl =
&((struct ldif_info *) op->o_bd->be_private)->li_tool;
if ( tl->entry_count >= tl->entries_len ) {
/* Grow entries */
tl->entries_len += tl->entries_len + ENTRY_BUFF_INCREMENT;
tl->entries = (Entry **) ch_realloc(
tl->entries, sizeof(Entry *) * tl->entries_len );
}
tl->entries[tl->entry_count++] = e;
freeme = NULL;
}
}
if ( scope == LDAP_SCOPE_BASE )
goto done;
break;
case LDAP_SCOPE_ONELEVEL:
scope = LDAP_SCOPE_BASE;
break;
case LDAP_SCOPE_SUBORDINATE:
scope = LDAP_SCOPE_SUBTREE;
break;
}
/* Search the children */
path->bv_len -= STRLENOF( LDIF );
path->bv_val[path->bv_len] = '\0';
dir_of_path = opendir( path->bv_val );
if ( dir_of_path == NULL ) {
/* Absent directory (leaf entry) is OK, except the database dir */
if ( errno != ENOENT || e == NULL ) {
Debug( LDAP_DEBUG_ANY,
"=> ldif_search_entry: failed to opendir \"%s\": %s\n",
path->bv_val, STRERROR( errno ), 0 );
rc = LDAP_OTHER;
}
} else {
struct dirent *dir;
bvlist *list = NULL, *ptr;
struct berval fpath = BER_BVNULL;
while ( (dir = readdir( dir_of_path )) != NULL ) {
struct berval fname;
char *s, *endp;
bvlist *bvl, **prev;
fname.bv_len = strlen( dir->d_name );
if ( fname.bv_len < STRLENOF( "x=" LDIF )) /* min filename size */
continue;
if ( strcmp( dir->d_name + fname.bv_len - STRLENOF( LDIF ), LDIF ))
continue;
bvl = ch_malloc( BVL_SIZE( fname.bv_len ) );
fname.bv_val = BVL_NAME( bvl );
strcpy( fname.bv_val, dir->d_name );
if ( fpath.bv_len < fname.bv_len )
fpath.bv_len = fname.bv_len;
/* Make it sortable by ("attr=", ) */
bvl->inum = INT_MIN;
bvl->trunc = fname.bv_val + fname.bv_len - STRLENOF( LDIF );
bvl->savech = LDIF_FILETYPE_SEP;
for ( s = fname.bv_val; (s = strchr( s, '=' )) != NULL; ) {
if ( *++s == IX_FSL ) {
bvl->inum = strtol( ++s, &endp, 0 );
if ( *endp == IX_FSR && endp > s ) {
((unsigned char *) s)[-1] = UCHAR_MAX;
bvl->trunc = s;
bvl->savech = *s;
break;
}
}
if ( (s = strchr( s, '+' )) == NULL )
break;
}
*bvl->trunc = '\0';
for (prev = &list; (ptr = *prev) != NULL; prev = &ptr->next) {
int cmp = strcmp( fname.bv_val, BVL_NAME( ptr ) );
if ( cmp < 0 || (cmp == 0 && bvl->inum < ptr->inum) )
break;
}
*prev = bvl;
bvl->next = ptr;
}
closedir(dir_of_path);
if ( list != NULL ) {
struct berval *pdn, *pndn;
char *path_end;
if ( e == NULL ) {
static struct berval empty_dn = BER_BVC( "" );
pdn = pndn = &empty_dn;
} else {
pdn = &e->e_name;
pndn = &e->e_nname;
}
fpath.bv_len += path->bv_len + 1;
fpath.bv_val = ch_malloc( fpath.bv_len + 1 );
path_end = lutil_strcopy( fpath.bv_val, path->bv_val );
*path_end++ = LDIF_DIRSEP_CHAR;
do {
ptr = list;
list = ptr->next;
if ( rc == LDAP_SUCCESS ) {
char *s = ptr->trunc;
if ( (s[0] = ptr->savech) != LDIF_FILETYPE_SEP )
s[-1] = IX_FSL;
s = BVL_NAME( ptr );
fpath.bv_len = lutil_strcopy( path_end, s ) - fpath.bv_val;
rc = op->o_abandon ? SLAPD_ABANDON :
ldif_read_entryfile( 0, fpath.bv_val, pdn, pndn, &e );
switch ( rc ) {
case LDAP_SUCCESS:
rc = ldif_search_entry( op, rs, e, scope, &fpath );
break;
case LDAP_NO_SUCH_OBJECT:
/* Only the search baseDN may produce noSuchObject */
rc = LDAP_OTHER;
Debug( LDAP_DEBUG_ANY, "ldif_search_entry: "
"file listed in parent directory does not exist: "
"\"%s\"\n", fpath.bv_val, 0, 0 );
break;
}
}
ch_free( ptr );
} while ( list != NULL );
ch_free( fpath.bv_val );
}
}
done:
if ( freeme )
entry_free( freeme );
return rc;
}
static int
search_tree( Operation *op, SlapReply *rs )
{
struct berval path;
struct berval pdn, pndn;
int rc = LDAP_SUCCESS;
Entry *e = NULL;
dn2path( op->o_bd, &op->o_req_ndn, &path );
if ( !BER_BVISEMPTY( &op->o_req_ndn ) ) {
/* Read baseObject */
dnParent( &op->o_req_dn, &pdn );
dnParent( &op->o_req_ndn, &pndn );
rc = ldif_read_entryfile( 0, path.bv_val, &pdn, &pndn, &e );
}
if ( rc == LDAP_SUCCESS )
rc = ldif_search_entry( op, rs, e, op->ors_scope, &path );
ch_free( path.bv_val );
return rc;
}
/* Get the parent directory path, plus the LDIF suffix overwritten by a \0 */
static void
get_parent_path( struct berval *dnpath, struct berval *res )
{
int i;
for ( i = dnpath->bv_len; i > 0; i-- ) /* find the last path seperator */
if ( dnpath->bv_val[i] == LDIF_DIRSEP_CHAR )
break;
res->bv_len = i;
res->bv_val = ch_malloc( i + sizeof(LDIF) );
AC_MEMCPY( res->bv_val, dnpath->bv_val, i );
strcpy( res->bv_val + i, LDIF );
res->bv_val[i] = '\0';
}
/*
* Prepare to create or rename the entry with normalized DN 'ndn':
* Check that the entry does not already exist.
* Check that the parent entry exists and can have subordinates, unless
* need_dir is NULL or adding the suffix entry.
*
* Return an LDAP result code. If success, set *dnpath to LDIF entry
* path and *need_dir to (directory must be created ? dirname : NULL).
* May set *text to an error message on failure.
*/
static int
ldif_prepare_create(
Operation *op,
struct berval *ndn,
struct berval *dnpath,
char **need_dir,
const char **text )
{
BackendDB *be = op->o_bd;
struct ldif_info *li = (struct ldif_info *) be->be_private;
struct berval ppath;
struct stat stats;
int rc = LDAP_SUCCESS;
if ( op->o_abandon )
return SLAPD_ABANDON;
dn2path( be, ndn, dnpath );
if ( stat( dnpath->bv_val, &stats ) == 0 ) { /* entry .ldif file */
rc = LDAP_ALREADY_EXISTS;
} else if ( errno != ENOENT ) {
Debug( LDAP_DEBUG_ANY,
"ldif_prepare_create: could not stat \"%s\": %s\n",
dnpath->bv_val, STRERROR( errno ), 0 );
rc = LDAP_OTHER;
} else if ( need_dir != NULL ) {
*need_dir = NULL;
/* If parent dir exists, so does parent .ldif:
* The directory gets created after and removed before the .ldif.
* Except with the database directory, which has no matching entry.
*/
get_parent_path( dnpath, &ppath );
if ( stat( ppath.bv_val, &stats ) < 0 ) {
rc = -1; /* changed to LDAP_OTHER below */
if ( errno == ENOENT && ppath.bv_len > li->li_base_path.bv_len ) {
ppath.bv_val[ppath.bv_len] = LDIF_FILETYPE_SEP;
if ( op->o_tag != LDAP_REQ_ADD ) {
/* Check that parent is not referral. Not needed for
* Add request, ldif_back_referrals() already checked.
*/
Entry *e;
rc = ldif_read_entryfile( 0, ppath.bv_val, NULL, NULL, &e );
switch ( rc ) {
case LDAP_SUCCESS:
if ( is_entry_referral( e ) ) {
rc = LDAP_AFFECTS_MULTIPLE_DSAS;
*text = op->o_tag == LDAP_REQ_MODDN
? "newSuperior is a referral object"
: "parent is a referral object";
}
entry_free( e );
break;
case LDAP_NO_SUCH_OBJECT:
*text = op->o_tag == LDAP_REQ_MODDN
? "newSuperior object does not exist"
: "parent does not exist";
break;
}
}
else if ( stat( ppath.bv_val, &stats ) == 0 ) {
rc = LDAP_SUCCESS;
}
else if ( errno == ENOENT ) {
rc = LDAP_NO_SUCH_OBJECT;
*text = "parent does not exist";
}
}
if ( rc == LDAP_SUCCESS ) {
/* parent .ldif exists, must create parent directory */
ppath.bv_val[ppath.bv_len] = '\0';
*need_dir = ppath.bv_val;
} else if ( rc == -1 ) {
Debug( LDAP_DEBUG_ANY,
"ldif_prepare_create: could not stat \"%s\": %s\n",
ppath.bv_val, STRERROR( errno ), 0 );
rc = LDAP_OTHER;
}
}
if ( *need_dir == NULL )
SLAP_FREE( ppath.bv_val );
}
if ( rc != LDAP_SUCCESS )
SLAP_FREE( dnpath->bv_val );
return rc;
}
static int
apply_modify_to_entry(
Entry *entry,
Modifications *modlist,
Operation *op,
SlapReply *rs )
{
char textbuf[SLAP_TEXT_BUFLEN];
int rc = modlist ? LDAP_UNWILLING_TO_PERFORM : LDAP_SUCCESS;
int is_oc = 0;
Modification *mods;
if (!acl_check_modlist(op, entry, modlist)) {
return LDAP_INSUFFICIENT_ACCESS;
}
for (; modlist != NULL; modlist = modlist->sml_next) {
mods = &modlist->sml_mod;
if ( mods->sm_desc == slap_schema.si_ad_objectClass ) {
is_oc = 1;
}
switch (mods->sm_op) {
case LDAP_MOD_ADD:
rc = modify_add_values(entry, mods,
get_permissiveModify(op),
&rs->sr_text, textbuf,
sizeof( textbuf ) );
break;
case LDAP_MOD_DELETE:
rc = modify_delete_values(entry, mods,
get_permissiveModify(op),
&rs->sr_text, textbuf,
sizeof( textbuf ) );
break;
case LDAP_MOD_REPLACE:
rc = modify_replace_values(entry, mods,
get_permissiveModify(op),
&rs->sr_text, textbuf,
sizeof( textbuf ) );
break;
case LDAP_MOD_INCREMENT:
rc = modify_increment_values( entry,
mods, get_permissiveModify(op),
&rs->sr_text, textbuf,
sizeof( textbuf ) );
break;
case SLAP_MOD_SOFTADD:
mods->sm_op = LDAP_MOD_ADD;
rc = modify_add_values(entry, mods,
get_permissiveModify(op),
&rs->sr_text, textbuf,
sizeof( textbuf ) );
mods->sm_op = SLAP_MOD_SOFTADD;
if (rc == LDAP_TYPE_OR_VALUE_EXISTS) {
rc = LDAP_SUCCESS;
}
break;
}
if(rc != LDAP_SUCCESS) break;
}
if(rc == LDAP_SUCCESS) {
if ( is_oc ) {
entry->e_ocflags = 0;
}
/* check that the entry still obeys the schema */
rc = entry_schema_check( op, entry, NULL, 0, 0,
&rs->sr_text, textbuf, sizeof( textbuf ) );
}
return rc;
}
static int
ldif_back_referrals( Operation *op, SlapReply *rs )
{
struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
Entry *entry = NULL;
int rc, rc_base;
if ( BER_BVISEMPTY( &op->o_req_ndn ) ) {
/* the empty DN cannot be a referral */
return LDAP_SUCCESS;
}
ldap_pvt_thread_rdwr_rlock( &li->li_rdwr );
rc = rc_base = get_entry( op, get_manageDSAit(op) ? NULL : &entry, NULL );
if ( rc_base == LDAP_NO_SUCH_OBJECT ) {
struct berval odn = op->o_req_dn;
struct berval ondn = op->o_req_ndn;
struct berval pndn = ondn;
ber_len_t dnlen_lim = op->o_bd->be_nsuffix[0].bv_len;
if ( dnlen_lim == 0 )
dnlen_lim = 1; /* catch empty DN */
do {
dnParent( &pndn, &pndn );
if ( pndn.bv_len < dnlen_lim ) {
rc = LDAP_SUCCESS;
} else {
op->o_req_dn = op->o_req_ndn = pndn;
rc = get_entry( op, &entry, NULL );
}
} while ( rc == LDAP_NO_SUCH_OBJECT );
op->o_req_dn = odn;
op->o_req_ndn = ondn;
}
ldap_pvt_thread_rdwr_runlock( &li->li_rdwr );
if ( entry != NULL ) {
if ( is_entry_referral( entry ) )
rc = rc_base = LDAP_REFERRAL;
if ( rc_base != LDAP_SUCCESS )
Debug( LDAP_DEBUG_TRACE,
"ldif_back_referrals: tag=%lu target=\"%s\" matched=\"%s\"\n",
(unsigned long) op->o_tag, op->o_req_dn.bv_val, entry->e_dn );
if ( rc == LDAP_REFERRAL ) {
BerVarray refs = get_entry_referrals( op, entry );
rs->sr_ref = referral_rewrite(
refs, &entry->e_name, &op->o_req_dn,
op->o_tag == LDAP_REQ_SEARCH ?
op->ors_scope : LDAP_SCOPE_DEFAULT );
ber_bvarray_free( refs );
if ( rs->sr_ref != NULL ) {
/* send referral */
rs->sr_err = LDAP_REFERRAL;
rs->sr_matched = entry->e_dn;
send_ldap_result( op, rs );
ber_bvarray_free( rs->sr_ref );
rs->sr_ref = NULL;
rs->sr_matched = NULL;
} else {
rc = LDAP_OTHER;
rs->sr_text = "bad referral object";
}
}
entry_free( entry );
}
return rc;
}
/* LDAP operations */
static int
ldif_back_bind( Operation *op, SlapReply *rs )
{
struct ldif_info *li;
Attribute *a;
AttributeDescription *password = slap_schema.si_ad_userPassword;
int return_val;
Entry *entry;
if ( be_rootdn_bind( op, rs ) != SLAP_CB_CONTINUE ) {
/* in case of success, front end will send result;
* otherwise, be_rootdn_bind() did */
return rs->sr_err;
}
li = (struct ldif_info *) op->o_bd->be_private;
ldap_pvt_thread_rdwr_rlock(&li->li_rdwr);
return_val = get_entry(op, &entry, NULL);
/* no object is found for them */
if(return_val != LDAP_SUCCESS) {
rs->sr_err = return_val = LDAP_INVALID_CREDENTIALS;
goto return_result;
}
/* they don't have userpassword */
if((a = attr_find(entry->e_attrs, password)) == NULL) {
rs->sr_err = LDAP_INAPPROPRIATE_AUTH;
return_val = 1;
goto return_result;
}
/* authentication actually failed */
if(slap_passwd_check(op, entry, a, &op->orb_cred, &rs->sr_text) != 0) {
rs->sr_err = LDAP_INVALID_CREDENTIALS;
return_val = 1;
goto return_result;
}
/* let the front-end send success */
return_val = LDAP_SUCCESS;
return_result:
ldap_pvt_thread_rdwr_runlock(&li->li_rdwr);
if(return_val != LDAP_SUCCESS)
send_ldap_result( op, rs );
if(entry != NULL)
entry_free(entry);
return return_val;
}
static int
ldif_back_search( Operation *op, SlapReply *rs )
{
struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
ldap_pvt_thread_rdwr_rlock(&li->li_rdwr);
rs->sr_err = op->o_abandon ? SLAPD_ABANDON : search_tree( op, rs );
ldap_pvt_thread_rdwr_runlock(&li->li_rdwr);
send_ldap_result(op, rs);
return rs->sr_err;
}
static int
ldif_back_add( Operation *op, SlapReply *rs )
{
struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
Entry * e = op->ora_e;
struct berval path;
char *dir;
char textbuf[SLAP_TEXT_BUFLEN];
int rc;
Debug( LDAP_DEBUG_TRACE, "ldif_back_add: \"%s\"\n", e->e_dn, 0, 0 );
rc = entry_schema_check(
op, e, NULL, 0, 1, &rs->sr_text, textbuf, sizeof( textbuf ) );
if ( rc != LDAP_SUCCESS )
goto send_res;
rc = slap_add_opattrs( op, &rs->sr_text, textbuf, sizeof( textbuf ), 1 );
if ( rc != LDAP_SUCCESS )
goto send_res;
ldap_pvt_thread_mutex_lock( &li->li_wlock );
rc = ldif_prepare_create( op, &e->e_nname, &path, &dir, &rs->sr_text );
if ( rc == LDAP_SUCCESS ) {
ldap_pvt_thread_rdwr_wlock( &li->li_rdwr );
rc = op->o_abandon ? SLAPD_ABANDON :
ldif_write_entry( e, &path, dir, &rs->sr_text );
ldap_pvt_thread_rdwr_wunlock( &li->li_rdwr );
SLAP_FREE( path.bv_val );
if ( dir != NULL )
SLAP_FREE( dir );
}
ldap_pvt_thread_mutex_unlock( &li->li_wlock );
send_res:
rs->sr_err = rc;
Debug( LDAP_DEBUG_TRACE, "ldif_back_add: err: %d text: %s\n",
rc, rs->sr_text ? rs->sr_text : "", 0 );
send_ldap_result(op, rs);
slap_graduate_commit_csn( op );
return rs->sr_err;
}
static int
ldif_back_modify( Operation *op, SlapReply *rs )
{
struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
Modifications * modlst = op->orm_modlist;
struct berval path;
Entry *entry;
int rc;
rs->sr_text = NULL;
slap_mods_opattrs( op, &op->orm_modlist, 1 );
ldap_pvt_thread_mutex_lock( &li->li_wlock );
rc = get_entry( op, &entry, &path );
if ( rc == LDAP_SUCCESS ) {
rc = apply_modify_to_entry( entry, modlst, op, rs );
if ( rc == LDAP_SUCCESS ) {
ldap_pvt_thread_rdwr_wlock( &li->li_rdwr );
rc = op->o_abandon ? SLAPD_ABANDON :
ldif_write_entry( entry, &path, NULL, &rs->sr_text );
ldap_pvt_thread_rdwr_wunlock( &li->li_rdwr );
}
entry_free( entry );
SLAP_FREE( path.bv_val );
}
ldap_pvt_thread_mutex_unlock( &li->li_wlock );
rs->sr_err = rc;
send_ldap_result( op, rs );
slap_graduate_commit_csn( op );
return rs->sr_err;
}
static int
ldif_back_delete( Operation *op, SlapReply *rs )
{
struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
struct berval path;
int rc = LDAP_SUCCESS;
if ( BER_BVISEMPTY( &op->o_csn )) {
struct berval csn;
char csnbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
csn.bv_val = csnbuf;
csn.bv_len = sizeof( csnbuf );
slap_get_csn( op, &csn, 1 );
}
ldap_pvt_thread_mutex_lock(&li->li_wlock);
ldap_pvt_thread_rdwr_wlock(&li->li_rdwr);
if ( op->o_abandon ) {
rc = SLAPD_ABANDON;
goto done;
}
dn2path( op->o_bd, &op->o_req_ndn, &path );
path.bv_val[path.bv_len - STRLENOF(LDIF)] = '\0';
if ( rmdir( path.bv_val ) < 0 ) {
switch ( errno ) {
case ENOENT:
/* is leaf, go on */
break;
case ENOTEMPTY:
rc = LDAP_NOT_ALLOWED_ON_NONLEAF;
break;
default:
rc = LDAP_OTHER;
break;
}
}
if ( rc == LDAP_SUCCESS ) {
path.bv_val[path.bv_len - STRLENOF(LDIF)] = LDIF_FILETYPE_SEP;
if ( unlink( path.bv_val ) < 0 ) {
rc = LDAP_NO_SUCH_OBJECT;
if ( errno != ENOENT )
rc = LDAP_OTHER;
}
}
if ( rc == LDAP_OTHER ) {
Debug( LDAP_DEBUG_ANY, "ldif_back_delete: %s \"%s\": %s\n",
"could not delete", path.bv_val, STRERROR( errno ) );
}
SLAP_FREE(path.bv_val);
done:
ldap_pvt_thread_rdwr_wunlock(&li->li_rdwr);
ldap_pvt_thread_mutex_unlock(&li->li_wlock);
rs->sr_err = rc;
send_ldap_result(op, rs);
slap_graduate_commit_csn( op );
return rs->sr_err;
}
static int
ldif_move_entry(
Operation *op,
Entry *e,
struct berval *oldpath,
const char **text )
{
struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
struct berval newpath;
char *dir = NULL;
int rc, rename_res;
rc = ldif_prepare_create(
op, &e->e_nname, &newpath, op->orr_newSup ? &dir : NULL, text );
if ( rc == LDAP_SUCCESS ) {
ldap_pvt_thread_rdwr_wlock( &li->li_rdwr );
rc = op->o_abandon ? SLAPD_ABANDON :
ldif_write_entry( e, &newpath, dir, text );
if ( rc == LDAP_SUCCESS ) {
char *new = newpath.bv_val, *old = oldpath->bv_val, *trash = old;
char *new_end = new + newpath.bv_len - STRLENOF( LDIF );
char *old_end = old + oldpath->bv_len - STRLENOF( LDIF );
/* Move subtree directory, if any */
*new_end = *old_end = '\0';
if ( (rename_res = rename( old, new )) < 0 && errno != ENOENT ) {
rc = LDAP_OTHER;
*text = "cannot move this subtree";
trash = new;
}
/* Delete old entry, or if error undo change */
for (;;) {
*new_end = *old_end = LDIF_FILETYPE_SEP;
if ( unlink( trash ) == 0 )
break;
if ( trash == old ) {
rc = LDAP_OTHER;
*text = "cannot move this entry";
trash = new;
*new_end = *old_end = '\0';
if ( rename_res < 0 || rename( new, old ) == 0 )
continue;
}
*text = "added new but couldn't delete old entry!";
break;
}
if ( rc != LDAP_SUCCESS ) {
char s[128];
snprintf( s, sizeof s, "%s (%s)", *text, STRERROR( errno ));
Debug( LDAP_DEBUG_ANY, "ldif_move_entry: %s: "
"\"%s\" -> \"%s\"\n", s, op->o_req_dn.bv_val, e->e_dn );
}
}
ldap_pvt_thread_rdwr_wunlock( &li->li_rdwr );
SLAP_FREE( newpath.bv_val );
if ( dir != NULL )
SLAP_FREE( dir );
}
return rc;
}
static int
ldif_back_modrdn( Operation *op, SlapReply *rs )
{
struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
struct berval new_dn = BER_BVNULL, new_ndn = BER_BVNULL;
struct berval p_dn, old_path;
Entry *entry;
int rc;
rs->sr_text = NULL;
slap_mods_opattrs( op, &op->orr_modlist, 1 );
ldap_pvt_thread_mutex_lock( &li->li_wlock );
rc = get_entry( op, &entry, &old_path );
if ( rc == LDAP_SUCCESS ) {
/* Build new DN and normalized DN for the entry */
if ( op->orr_newSup != NULL ) {
p_dn = *op->orr_newSup;
} else {
dnParent( &entry->e_name, &p_dn );
}
build_new_dn( &new_dn, &p_dn, &op->orr_newrdn, NULL );
dnNormalize( 0, NULL, NULL, &new_dn, &new_ndn, NULL );
ber_memfree_x( entry->e_name.bv_val, NULL );
ber_memfree_x( entry->e_nname.bv_val, NULL );
entry->e_name = new_dn;
entry->e_nname = new_ndn;
/* Build the mods to the entry */
rc = apply_modify_to_entry( entry, op->orr_modlist, op, rs );
/* Perform the modifications */
if ( rc == LDAP_SUCCESS ) {
rc = ldif_move_entry( op, entry, &old_path, &rs->sr_text );
}
entry_free( entry );
SLAP_FREE( old_path.bv_val );
}
ldap_pvt_thread_mutex_unlock( &li->li_wlock );
rs->sr_err = rc;
send_ldap_result( op, rs );
slap_graduate_commit_csn( op );
return rs->sr_err;
}
/* Return LDAP_SUCCESS IFF we can retrieve the specified entry. */
static int
ldif_back_entry_get(
Operation *op,
struct berval *ndn,
ObjectClass *oc,
AttributeDescription *at,
int rw,
Entry **e )
{
struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
struct berval op_dn = op->o_req_dn, op_ndn = op->o_req_ndn;
int rc;
assert( ndn != NULL );
assert( !BER_BVISNULL( ndn ) );
ldap_pvt_thread_rdwr_rlock( &li->li_rdwr );
op->o_req_dn = *ndn;
op->o_req_ndn = *ndn;
rc = get_entry( op, e, NULL );
op->o_req_dn = op_dn;
op->o_req_ndn = op_ndn;
ldap_pvt_thread_rdwr_runlock( &li->li_rdwr );
if ( rc == LDAP_SUCCESS && oc && !is_entry_objectclass_or_sub( *e, oc )) {
rc = LDAP_NO_SUCH_ATTRIBUTE;
entry_free( *e );
*e = NULL;
}
return rc;
}
/* Slap tools */
static int
ldif_tool_entry_open( BackendDB *be, int mode )
{
struct ldif_tool *tl = &((struct ldif_info *) be->be_private)->li_tool;
tl->current_idx = 0;
return 0;
}
static int
ldif_tool_entry_close( BackendDB *be )
{
struct ldif_tool *tl = &((struct ldif_info *) be->be_private)->li_tool;
Entry **entries = tl->entries;
ID i;
for ( i = tl->entry_count; i-- > 0; )
if ( entries[i] )
entry_free( entries[i] );
SLAP_FREE( entries );
tl->entries = NULL;
tl->entry_count = tl->entries_len = 0;
return 0;
}
static ID
ldif_tool_entry_next( BackendDB *be )
{
struct ldif_tool *tl = &((struct ldif_info *) be->be_private)->li_tool;
if ( tl->current_idx >= tl->entry_count )
return NOID;
else
return ++tl->current_idx;
}
static ID
ldif_tool_entry_first( BackendDB *be )
{
struct ldif_tool *tl = &((struct ldif_info *) be->be_private)->li_tool;
if ( tl->entries == NULL ) {
Operation op = {0};
op.o_bd = be;
op.o_req_dn = *be->be_suffix;
op.o_req_ndn = *be->be_nsuffix;
op.ors_scope = LDAP_SCOPE_SUBTREE;
if ( search_tree( &op, NULL ) != LDAP_SUCCESS ) {
tl->current_idx = tl->entry_count;
return 0; /* force ldif_tool_entry_get() error */
}
}
return ldif_tool_entry_next( be );
}
static Entry *
ldif_tool_entry_get( BackendDB *be, ID id )
{
struct ldif_tool *tl = &((struct ldif_info *) be->be_private)->li_tool;
Entry *e = NULL;
--id;
if ( id < tl->entry_count ) {
e = tl->entries[id];
tl->entries[id] = NULL;
}
return e;
}
static ID
ldif_tool_entry_put( BackendDB *be, Entry *e, struct berval *text )
{
int rc;
const char *errmsg = NULL;
struct berval path;
char *dir;
Operation op = {0};
op.o_bd = be;
rc = ldif_prepare_create( &op, &e->e_nname, &path, &dir, &errmsg );
if ( rc == LDAP_SUCCESS ) {
rc = ldif_write_entry( e, &path, dir, &errmsg );
SLAP_FREE( path.bv_val );
if ( dir != NULL )
SLAP_FREE( dir );
if ( rc == LDAP_SUCCESS )
return 1;
}
if ( errmsg == NULL && rc != LDAP_OTHER )
errmsg = ldap_err2string( rc );
if ( errmsg != NULL )
snprintf( text->bv_val, text->bv_len, "%s", errmsg );
return NOID;
}
/* Setup */
static int
ldif_back_db_init( BackendDB *be, ConfigReply *cr )
{
struct ldif_info *li = ch_calloc( 1, sizeof(struct ldif_info) );
be->be_private = li;
be->be_cf_ocs = ldifocs;
ldap_pvt_thread_mutex_init(&li->li_wlock);
ldap_pvt_thread_rdwr_init(&li->li_rdwr);
SLAP_DBFLAGS( be ) |= SLAP_DBFLAG_ONE_SUFFIX;
return 0;
}
static int
ldif_back_db_destroy( Backend *be, ConfigReply *cr )
{
struct ldif_info *li = be->be_private;
ch_free(li->li_base_path.bv_val);
ldap_pvt_thread_rdwr_destroy(&li->li_rdwr);
ldap_pvt_thread_mutex_destroy(&li->li_wlock);
ch_free( be->be_private );
return 0;
}
static int
ldif_back_db_open( Backend *be, ConfigReply *cr )
{
struct ldif_info *li = (struct ldif_info *) be->be_private;
if( BER_BVISEMPTY(&li->li_base_path)) {/* missing base path */
Debug( LDAP_DEBUG_ANY, "missing base path for back-ldif\n", 0, 0, 0);
return 1;
}
return 0;
}
int
ldif_back_initialize( BackendInfo *bi )
{
static char *controls[] = {
LDAP_CONTROL_MANAGEDSAIT,
NULL
};
bi->bi_flags |=
SLAP_BFLAG_INCREMENT |
SLAP_BFLAG_REFERRALS;
bi->bi_controls = controls;
bi->bi_open = 0;
bi->bi_close = 0;
bi->bi_config = 0;
bi->bi_destroy = 0;
bi->bi_db_init = ldif_back_db_init;
bi->bi_db_config = config_generic_wrapper;
bi->bi_db_open = ldif_back_db_open;
bi->bi_db_close = 0;
bi->bi_db_destroy = ldif_back_db_destroy;
bi->bi_op_bind = ldif_back_bind;
bi->bi_op_unbind = 0;
bi->bi_op_search = ldif_back_search;
bi->bi_op_compare = 0;
bi->bi_op_modify = ldif_back_modify;
bi->bi_op_modrdn = ldif_back_modrdn;
bi->bi_op_add = ldif_back_add;
bi->bi_op_delete = ldif_back_delete;
bi->bi_op_abandon = 0;
bi->bi_extended = 0;
bi->bi_chk_referrals = ldif_back_referrals;
bi->bi_connection_init = 0;
bi->bi_connection_destroy = 0;
bi->bi_entry_get_rw = ldif_back_entry_get;
#if 0 /* NOTE: uncomment to completely disable access control */
bi->bi_access_allowed = slap_access_always_allowed;
#endif
bi->bi_tool_entry_open = ldif_tool_entry_open;
bi->bi_tool_entry_close = ldif_tool_entry_close;
bi->bi_tool_entry_first = ldif_tool_entry_first;
bi->bi_tool_entry_next = ldif_tool_entry_next;
bi->bi_tool_entry_get = ldif_tool_entry_get;
bi->bi_tool_entry_put = ldif_tool_entry_put;
bi->bi_tool_entry_reindex = 0;
bi->bi_tool_sync = 0;
bi->bi_tool_dn2id_get = 0;
bi->bi_tool_entry_modify = 0;
bi->bi_cf_ocs = ldifocs;
return config_register_schema( ldifcfg, ldifocs );
}