ldif.c revision 1.1.1.2
1 /* $NetBSD: ldif.c,v 1.1.1.2 2010/03/08 02:14:20 lukem Exp $ */ 2 3 /* ldif.c - the ldif backend */ 4 /* OpenLDAP: pkg/ldap/servers/slapd/back-ldif/ldif.c,v 1.48.2.21 2009/12/04 18:41:53 quanah Exp */ 5 /* This work is part of OpenLDAP Software <http://www.openldap.org/>. 6 * 7 * Copyright 2005-2009 The OpenLDAP Foundation. 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted only as authorized by the OpenLDAP 12 * Public License. 13 * 14 * A copy of this license is available in the file LICENSE in the 15 * top-level directory of the distribution or, alternatively, at 16 * <http://www.OpenLDAP.org/license.html>. 17 */ 18 /* ACKNOWLEDGEMENTS: 19 * This work was originally developed by Eric Stokes for inclusion 20 * in OpenLDAP Software. 21 */ 22 23 #include "portable.h" 24 #include <stdio.h> 25 #include <ac/string.h> 26 #include <sys/types.h> 27 #include <sys/stat.h> 28 #include <ac/dirent.h> 29 #include <fcntl.h> 30 #include <ac/errno.h> 31 #include <ac/unistd.h> 32 #include "slap.h" 33 #include "lutil.h" 34 #include "config.h" 35 36 struct ldif_tool { 37 Entry **entries; /* collected by bi_tool_entry_first() */ 38 ID elen; /* length of entries[] array */ 39 ID ecount; /* number of entries */ 40 ID ecurrent; /* bi_tool_entry_next() position */ 41 # define ENTRY_BUFF_INCREMENT 500 /* initial entries[] length */ 42 }; 43 44 /* Per-database data */ 45 struct ldif_info { 46 struct berval li_base_path; /* database directory */ 47 struct ldif_tool li_tool; /* for slap tools */ 48 /* 49 * Read-only LDAP requests readlock li_rdwr for filesystem input. 50 * Update requests first lock li_modop_mutex for filesystem I/O, 51 * and then writelock li_rdwr as well for filesystem output. 52 * This allows update requests to do callbacks that acquire 53 * read locks, e.g. access controls that inspect entries. 54 * (An alternative would be recursive read/write locks.) 55 */ 56 ldap_pvt_thread_mutex_t li_modop_mutex; /* serialize update requests */ 57 ldap_pvt_thread_rdwr_t li_rdwr; /* no other I/O when writing */ 58 }; 59 60 #ifdef _WIN32 61 #define mkdir(a,b) mkdir(a) 62 #define move_file(from, to) (!MoveFileEx(from, to, MOVEFILE_REPLACE_EXISTING)) 63 #else 64 #define move_file(from, to) rename(from, to) 65 #endif 66 #define move_dir(from, to) rename(from, to) 67 68 69 #define LDIF ".ldif" 70 #define LDIF_FILETYPE_SEP '.' /* LDIF[0] */ 71 72 /* 73 * Unsafe/translated characters in the filesystem. 74 * 75 * LDIF_UNSAFE_CHAR(c) returns true if the character c is not to be used 76 * in relative filenames, except it should accept '\\', '{' and '}' even 77 * if unsafe. The value should be a constant expression. 78 * 79 * If '\\' is unsafe, #define LDIF_ESCAPE_CHAR as a safe character. 80 * If '{' and '}' are unsafe, #define IX_FSL/IX_FSR as safe characters. 81 * (Not digits, '-' or '+'. IX_FSL == IX_FSR is allowed.) 82 * 83 * Characters are escaped as LDIF_ESCAPE_CHAR followed by two hex digits, 84 * except '\\' is replaced with LDIF_ESCAPE_CHAR and {} with IX_FS[LR]. 85 * Also some LDIF special chars are hex-escaped. 86 * 87 * Thus an LDIF filename is a valid normalized RDN (or suffix DN) 88 * followed by ".ldif", except with '\\' replaced with LDIF_ESCAPE_CHAR. 89 */ 90 91 #ifndef _WIN32 92 93 /* 94 * Unix/MacOSX version. ':' vs '/' can cause confusion on MacOSX so we 95 * escape both. We escape them on Unix so both OS variants get the same 96 * filenames. 97 */ 98 #define LDIF_ESCAPE_CHAR '\\' 99 #define LDIF_UNSAFE_CHAR(c) ((c) == '/' || (c) == ':') 100 101 #else /* _WIN32 */ 102 103 /* Windows version - Microsoft's list of unsafe characters, except '\\' */ 104 #define LDIF_ESCAPE_CHAR '^' /* Not '\\' (unsafe on Windows) */ 105 #define LDIF_UNSAFE_CHAR(c) \ 106 ((c) == '/' || (c) == ':' || \ 107 (c) == '<' || (c) == '>' || (c) == '"' || \ 108 (c) == '|' || (c) == '?' || (c) == '*') 109 110 #endif /* !_WIN32 */ 111 112 /* 113 * Left and Right "{num}" prefix to ordered RDNs ("olcDatabase={1}bdb"). 114 * IX_DN* are for LDAP RDNs, IX_FS* for their .ldif filenames. 115 */ 116 #define IX_DNL '{' 117 #define IX_DNR '}' 118 #ifndef IX_FSL 119 #define IX_FSL IX_DNL 120 #define IX_FSR IX_DNR 121 #endif 122 123 /* 124 * Test for unsafe chars, as well as chars handled specially by back-ldif: 125 * - If the escape char is not '\\', it must itself be escaped. Otherwise 126 * '\\' and the escape char would map to the same character. 127 * - Escape the '.' in ".ldif", so the directory for an RDN that actually 128 * ends with ".ldif" can not conflict with a file of the same name. And 129 * since some OSes/programs choke on multiple '.'s, escape all of them. 130 * - If '{' and '}' are translated to some other characters, those 131 * characters must in turn be escaped when they occur in an RDN. 132 */ 133 #ifndef LDIF_NEED_ESCAPE 134 #define LDIF_NEED_ESCAPE(c) \ 135 ((LDIF_UNSAFE_CHAR(c)) || \ 136 LDIF_MAYBE_UNSAFE(c, LDIF_ESCAPE_CHAR) || \ 137 LDIF_MAYBE_UNSAFE(c, LDIF_FILETYPE_SEP) || \ 138 LDIF_MAYBE_UNSAFE(c, IX_FSL) || \ 139 (IX_FSR != IX_FSL && LDIF_MAYBE_UNSAFE(c, IX_FSR))) 140 #endif 141 /* 142 * Helper macro for LDIF_NEED_ESCAPE(): Treat character x as unsafe if 143 * back-ldif does not already treat is specially. 144 */ 145 #define LDIF_MAYBE_UNSAFE(c, x) \ 146 (!(LDIF_UNSAFE_CHAR(x) || (x) == '\\' || (x) == IX_DNL || (x) == IX_DNR) \ 147 && (c) == (x)) 148 149 /* Collect other "safe char" tests here, until someone needs a fix. */ 150 enum { 151 eq_unsafe = LDIF_UNSAFE_CHAR('='), 152 safe_filenames = STRLENOF("" LDAP_DIRSEP "") == 1 && !( 153 LDIF_UNSAFE_CHAR('-') || /* for "{-1}frontend" in bconfig.c */ 154 LDIF_UNSAFE_CHAR(LDIF_ESCAPE_CHAR) || 155 LDIF_UNSAFE_CHAR(IX_FSL) || LDIF_UNSAFE_CHAR(IX_FSR)) 156 }; 157 /* Sanity check: Try to force a compilation error if !safe_filenames */ 158 typedef struct { 159 int assert_safe_filenames : safe_filenames ? 2 : -2; 160 } assert_safe_filenames[safe_filenames ? 2 : -2]; 161 162 163 static ConfigTable ldifcfg[] = { 164 { "directory", "dir", 2, 2, 0, ARG_BERVAL|ARG_OFFSET, 165 (void *)offsetof(struct ldif_info, li_base_path), 166 "( OLcfgDbAt:0.1 NAME 'olcDbDirectory' " 167 "DESC 'Directory for database content' " 168 "EQUALITY caseIgnoreMatch " 169 "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL }, 170 { NULL, NULL, 0, 0, 0, ARG_IGNORED, 171 NULL, NULL, NULL, NULL } 172 }; 173 174 static ConfigOCs ldifocs[] = { 175 { "( OLcfgDbOc:2.1 " 176 "NAME 'olcLdifConfig' " 177 "DESC 'LDIF backend configuration' " 178 "SUP olcDatabaseConfig " 179 "MUST ( olcDbDirectory ) )", Cft_Database, ldifcfg }, 180 { NULL, 0, NULL } 181 }; 182 183 184 /* 185 * Handle file/directory names. 186 */ 187 188 /* Set *res = LDIF filename path for the normalized DN */ 189 static int 190 ndn2path( Operation *op, struct berval *dn, struct berval *res, int empty_ok ) 191 { 192 BackendDB *be = op->o_bd; 193 struct ldif_info *li = (struct ldif_info *) be->be_private; 194 struct berval *suffixdn = &be->be_nsuffix[0]; 195 const char *start, *end, *next, *p; 196 char ch, *ptr; 197 ber_len_t len; 198 static const char hex[] = "0123456789ABCDEF"; 199 200 assert( dn != NULL ); 201 assert( !BER_BVISNULL( dn ) ); 202 assert( suffixdn != NULL ); 203 assert( !BER_BVISNULL( suffixdn ) ); 204 assert( dnIsSuffix( dn, suffixdn ) ); 205 206 if ( dn->bv_len == 0 && !empty_ok ) { 207 return LDAP_UNWILLING_TO_PERFORM; 208 } 209 210 start = dn->bv_val; 211 end = start + dn->bv_len; 212 213 /* Room for dir, dirsep, dn, LDIF, "\hexpair"-escaping of unsafe chars */ 214 len = li->li_base_path.bv_len + dn->bv_len + (1 + STRLENOF( LDIF )); 215 for ( p = start; p < end; ) { 216 ch = *p++; 217 if ( LDIF_NEED_ESCAPE( ch ) ) 218 len += 2; 219 } 220 res->bv_val = ch_malloc( len + 1 ); 221 222 ptr = lutil_strcopy( res->bv_val, li->li_base_path.bv_val ); 223 for ( next = end - suffixdn->bv_len; end > start; end = next ) { 224 /* Set p = start of DN component, next = &',' or start of DN */ 225 while ( (p = next) > start ) { 226 --next; 227 if ( DN_SEPARATOR( *next ) ) 228 break; 229 } 230 /* Append <dirsep> <p..end-1: RDN or database-suffix> */ 231 for ( *ptr++ = LDAP_DIRSEP[0]; p < end; *ptr++ = ch ) { 232 ch = *p++; 233 if ( LDIF_ESCAPE_CHAR != '\\' && ch == '\\' ) { 234 ch = LDIF_ESCAPE_CHAR; 235 } else if ( IX_FSL != IX_DNL && ch == IX_DNL ) { 236 ch = IX_FSL; 237 } else if ( IX_FSR != IX_DNR && ch == IX_DNR ) { 238 ch = IX_FSR; 239 } else if ( LDIF_NEED_ESCAPE( ch ) ) { 240 *ptr++ = LDIF_ESCAPE_CHAR; 241 *ptr++ = hex[(ch & 0xFFU) >> 4]; 242 ch = hex[ch & 0x0FU]; 243 } 244 } 245 } 246 ptr = lutil_strcopy( ptr, LDIF ); 247 res->bv_len = ptr - res->bv_val; 248 249 assert( res->bv_len <= len ); 250 251 return LDAP_SUCCESS; 252 } 253 254 /* 255 * *dest = dupbv(<dir + LDAP_DIRSEP>), plus room for <more>-sized filename. 256 * Return pointer past the dirname. 257 */ 258 static char * 259 fullpath_alloc( struct berval *dest, const struct berval *dir, ber_len_t more ) 260 { 261 char *s = SLAP_MALLOC( dir->bv_len + more + 2 ); 262 263 dest->bv_val = s; 264 if ( s == NULL ) { 265 dest->bv_len = 0; 266 Debug( LDAP_DEBUG_ANY, "back-ldif: out of memory\n", 0, 0, 0 ); 267 } else { 268 s = lutil_strcopy( dest->bv_val, dir->bv_val ); 269 *s++ = LDAP_DIRSEP[0]; 270 *s = '\0'; 271 dest->bv_len = s - dest->bv_val; 272 } 273 return s; 274 } 275 276 /* 277 * Append filename to fullpath_alloc() dirname or replace previous filename. 278 * dir_end = fullpath_alloc() return value. 279 */ 280 #define FILL_PATH(fpath, dir_end, filename) \ 281 ((fpath)->bv_len = lutil_strcopy(dir_end, filename) - (fpath)->bv_val) 282 283 284 /* .ldif entry filename length <-> subtree dirname length. */ 285 #define ldif2dir_len(bv) ((bv).bv_len -= STRLENOF(LDIF)) 286 #define dir2ldif_len(bv) ((bv).bv_len += STRLENOF(LDIF)) 287 /* .ldif entry filename <-> subtree dirname, both with dirname length. */ 288 #define ldif2dir_name(bv) ((bv).bv_val[(bv).bv_len] = '\0') 289 #define dir2ldif_name(bv) ((bv).bv_val[(bv).bv_len] = LDIF_FILETYPE_SEP) 290 291 /* Get the parent directory path, plus the LDIF suffix overwritten by a \0. */ 292 static int 293 get_parent_path( struct berval *dnpath, struct berval *res ) 294 { 295 ber_len_t i = dnpath->bv_len; 296 297 while ( i > 0 && dnpath->bv_val[ --i ] != LDAP_DIRSEP[0] ) ; 298 if ( res == NULL ) { 299 res = dnpath; 300 } else { 301 res->bv_val = SLAP_MALLOC( i + 1 + STRLENOF(LDIF) ); 302 if ( res->bv_val == NULL ) 303 return LDAP_OTHER; 304 AC_MEMCPY( res->bv_val, dnpath->bv_val, i ); 305 } 306 res->bv_len = i; 307 strcpy( res->bv_val + i, LDIF ); 308 res->bv_val[i] = '\0'; 309 return LDAP_SUCCESS; 310 } 311 312 /* Make temporary filename pattern for mkstemp() based on dnpath. */ 313 static char * 314 ldif_tempname( const struct berval *dnpath ) 315 { 316 static const char suffix[] = ".XXXXXX"; 317 ber_len_t len = dnpath->bv_len - STRLENOF( LDIF ); 318 char *name = SLAP_MALLOC( len + sizeof( suffix ) ); 319 320 if ( name != NULL ) { 321 AC_MEMCPY( name, dnpath->bv_val, len ); 322 strcpy( name + len, suffix ); 323 } 324 return name; 325 } 326 327 /* 328 * Read a file, or stat() it if datap == NULL. Allocate and fill *datap. 329 * Return LDAP_SUCCESS, LDAP_NO_SUCH_OBJECT (no such file), or another error. 330 */ 331 static int 332 ldif_read_file( const char *path, char **datap ) 333 { 334 int rc, fd, len; 335 int res = -1; /* 0:success, <0:error, >0:file too big/growing. */ 336 struct stat st; 337 char *data = NULL, *ptr; 338 339 if ( datap == NULL ) { 340 res = stat( path, &st ); 341 goto done; 342 } 343 fd = open( path, O_RDONLY ); 344 if ( fd >= 0 ) { 345 if ( fstat( fd, &st ) == 0 ) { 346 if ( st.st_size > INT_MAX - 2 ) { 347 res = 1; 348 } else { 349 len = st.st_size + 1; /* +1 detects file size > st.st_size */ 350 *datap = data = ptr = SLAP_MALLOC( len + 1 ); 351 if ( ptr != NULL ) { 352 while ( len && (res = read( fd, ptr, len )) ) { 353 if ( res > 0 ) { 354 len -= res; 355 ptr += res; 356 } else if ( errno != EINTR ) { 357 break; 358 } 359 } 360 *ptr = '\0'; 361 } 362 } 363 } 364 if ( close( fd ) < 0 ) 365 res = -1; 366 } 367 368 done: 369 if ( res == 0 ) { 370 Debug( LDAP_DEBUG_TRACE, "ldif_read_file: %s: \"%s\"\n", 371 datap ? "read entry file" : "entry file exists", path, 0 ); 372 rc = LDAP_SUCCESS; 373 } else { 374 if ( res < 0 && errno == ENOENT ) { 375 Debug( LDAP_DEBUG_TRACE, "ldif_read_file: " 376 "no entry file \"%s\"\n", path, 0, 0 ); 377 rc = LDAP_NO_SUCH_OBJECT; 378 } else { 379 const char *msg = res < 0 ? STRERROR( errno ) : "bad stat() size"; 380 Debug( LDAP_DEBUG_ANY, "ldif_read_file: %s for \"%s\"\n", 381 msg, path, 0 ); 382 rc = LDAP_OTHER; 383 } 384 if ( data != NULL ) 385 SLAP_FREE( data ); 386 } 387 return rc; 388 } 389 390 /* 391 * return nonnegative for success or -1 for error 392 * do not return numbers less than -1 393 */ 394 static int 395 spew_file( int fd, const char *spew, int len, int *save_errno ) 396 { 397 int writeres = 0; 398 399 while(len > 0) { 400 writeres = write(fd, spew, len); 401 if(writeres == -1) { 402 *save_errno = errno; 403 if (*save_errno != EINTR) 404 break; 405 } 406 else { 407 spew += writeres; 408 len -= writeres; 409 } 410 } 411 return writeres; 412 } 413 414 /* Write an entry LDIF file. Create parentdir first if non-NULL. */ 415 static int 416 ldif_write_entry( 417 Operation *op, 418 Entry *e, 419 const struct berval *path, 420 const char *parentdir, 421 const char **text ) 422 { 423 int rc = LDAP_OTHER, res, save_errno = 0; 424 int fd, entry_length; 425 char *entry_as_string, *tmpfname; 426 427 if ( op->o_abandon ) 428 return SLAPD_ABANDON; 429 430 if ( parentdir != NULL && mkdir( parentdir, 0750 ) < 0 ) { 431 save_errno = errno; 432 Debug( LDAP_DEBUG_ANY, "ldif_write_entry: %s \"%s\": %s\n", 433 "cannot create parent directory", 434 parentdir, STRERROR( save_errno ) ); 435 *text = "internal error (cannot create parent directory)"; 436 return rc; 437 } 438 439 tmpfname = ldif_tempname( path ); 440 fd = tmpfname == NULL ? -1 : mkstemp( tmpfname ); 441 if ( fd < 0 ) { 442 save_errno = errno; 443 Debug( LDAP_DEBUG_ANY, "ldif_write_entry: %s for \"%s\": %s\n", 444 "cannot create file", e->e_dn, STRERROR( save_errno ) ); 445 *text = "internal error (cannot create file)"; 446 447 } else { 448 ber_len_t dn_len = e->e_name.bv_len; 449 struct berval rdn; 450 451 /* Only save the RDN onto disk */ 452 dnRdn( &e->e_name, &rdn ); 453 if ( rdn.bv_len != dn_len ) { 454 e->e_name.bv_val[rdn.bv_len] = '\0'; 455 e->e_name.bv_len = rdn.bv_len; 456 } 457 458 res = -2; 459 ldap_pvt_thread_mutex_lock( &entry2str_mutex ); 460 entry_as_string = entry2str( e, &entry_length ); 461 if ( entry_as_string != NULL ) 462 res = spew_file( fd, entry_as_string, entry_length, &save_errno ); 463 ldap_pvt_thread_mutex_unlock( &entry2str_mutex ); 464 465 /* Restore full DN */ 466 if ( rdn.bv_len != dn_len ) { 467 e->e_name.bv_val[rdn.bv_len] = ','; 468 e->e_name.bv_len = dn_len; 469 } 470 471 if ( close( fd ) < 0 && res >= 0 ) { 472 res = -1; 473 save_errno = errno; 474 } 475 476 if ( res >= 0 ) { 477 if ( move_file( tmpfname, path->bv_val ) == 0 ) { 478 Debug( LDAP_DEBUG_TRACE, "ldif_write_entry: " 479 "wrote entry \"%s\"\n", e->e_name.bv_val, 0, 0 ); 480 rc = LDAP_SUCCESS; 481 } else { 482 save_errno = errno; 483 Debug( LDAP_DEBUG_ANY, "ldif_write_entry: " 484 "could not put entry file for \"%s\" in place: %s\n", 485 e->e_name.bv_val, STRERROR( save_errno ), 0 ); 486 *text = "internal error (could not put entry file in place)"; 487 } 488 } else if ( res == -1 ) { 489 Debug( LDAP_DEBUG_ANY, "ldif_write_entry: %s \"%s\": %s\n", 490 "write error to", tmpfname, STRERROR( save_errno ) ); 491 *text = "internal error (write error to entry file)"; 492 } 493 494 if ( rc != LDAP_SUCCESS ) { 495 unlink( tmpfname ); 496 } 497 } 498 499 if ( tmpfname ) 500 SLAP_FREE( tmpfname ); 501 return rc; 502 } 503 504 /* 505 * Read the entry at path, or if entryp==NULL just see if it exists. 506 * pdn and pndn are the parent's DN and normalized DN, or both NULL. 507 * Return an LDAP result code. 508 */ 509 static int 510 ldif_read_entry( 511 Operation *op, 512 const char *path, 513 struct berval *pdn, 514 struct berval *pndn, 515 Entry **entryp, 516 const char **text ) 517 { 518 int rc; 519 Entry *entry; 520 char *entry_as_string; 521 struct berval rdn; 522 523 /* TODO: Does slapd prevent Abandon of Bind as per rfc4511? 524 * If so we need not check for LDAP_REQ_BIND here. 525 */ 526 if ( op->o_abandon && op->o_tag != LDAP_REQ_BIND ) 527 return SLAPD_ABANDON; 528 529 rc = ldif_read_file( path, entryp ? &entry_as_string : NULL ); 530 531 switch ( rc ) { 532 case LDAP_SUCCESS: 533 if ( entryp == NULL ) 534 break; 535 *entryp = entry = str2entry( entry_as_string ); 536 SLAP_FREE( entry_as_string ); 537 if ( entry == NULL ) { 538 rc = LDAP_OTHER; 539 if ( text != NULL ) 540 *text = "internal error (cannot parse some entry file)"; 541 break; 542 } 543 if ( pdn == NULL || BER_BVISEMPTY( pdn ) ) 544 break; 545 /* Append parent DN to DN from LDIF file */ 546 rdn = entry->e_name; 547 build_new_dn( &entry->e_name, pdn, &rdn, NULL ); 548 SLAP_FREE( rdn.bv_val ); 549 rdn = entry->e_nname; 550 build_new_dn( &entry->e_nname, pndn, &rdn, NULL ); 551 SLAP_FREE( rdn.bv_val ); 552 break; 553 554 case LDAP_OTHER: 555 if ( text != NULL ) 556 *text = entryp 557 ? "internal error (cannot read some entry file)" 558 : "internal error (cannot stat some entry file)"; 559 break; 560 } 561 562 return rc; 563 } 564 565 /* 566 * Read the operation's entry, or if entryp==NULL just see if it exists. 567 * Return an LDAP result code. May set *text to a message on failure. 568 * If pathp is non-NULL, set it to the entry filename on success. 569 */ 570 static int 571 get_entry( 572 Operation *op, 573 Entry **entryp, 574 struct berval *pathp, 575 const char **text ) 576 { 577 int rc; 578 struct berval path, pdn, pndn; 579 580 dnParent( &op->o_req_dn, &pdn ); 581 dnParent( &op->o_req_ndn, &pndn ); 582 rc = ndn2path( op, &op->o_req_ndn, &path, 0 ); 583 if ( rc != LDAP_SUCCESS ) { 584 goto done; 585 } 586 587 rc = ldif_read_entry( op, path.bv_val, &pdn, &pndn, entryp, text ); 588 589 if ( rc == LDAP_SUCCESS && pathp != NULL ) { 590 *pathp = path; 591 } else { 592 SLAP_FREE( path.bv_val ); 593 } 594 done: 595 return rc; 596 } 597 598 599 /* 600 * RDN-named directory entry, with special handling of "attr={num}val" RDNs. 601 * For sorting, filename "attr=val.ldif" is truncated to "attr="val\0ldif", 602 * and filename "attr={num}val.ldif" to "attr={\0um}val.ldif". 603 * Does not sort escaped chars correctly, would need to un-escape them. 604 */ 605 typedef struct bvlist { 606 struct bvlist *next; 607 char *trunc; /* filename was truncated here */ 608 int inum; /* num from "attr={num}" in filename, or INT_MIN */ 609 char savech; /* original char at *trunc */ 610 /* BVL_NAME(&bvlist) is the filename, allocated after the struct: */ 611 # define BVL_NAME(bvl) ((char *) ((bvl) + 1)) 612 # define BVL_SIZE(namelen) (sizeof(bvlist) + (namelen) + 1) 613 } bvlist; 614 615 static int 616 ldif_send_entry( Operation *op, SlapReply *rs, Entry *e, int scope ) 617 { 618 int rc = LDAP_SUCCESS; 619 620 if ( scope == LDAP_SCOPE_BASE || scope == LDAP_SCOPE_SUBTREE ) { 621 if ( rs == NULL ) { 622 /* Save the entry for tool mode */ 623 struct ldif_tool *tl = 624 &((struct ldif_info *) op->o_bd->be_private)->li_tool; 625 626 if ( tl->ecount >= tl->elen ) { 627 /* Allocate/grow entries */ 628 ID elen = tl->elen ? tl->elen * 2 : ENTRY_BUFF_INCREMENT; 629 Entry **entries = (Entry **) SLAP_REALLOC( tl->entries, 630 sizeof(Entry *) * elen ); 631 if ( entries == NULL ) { 632 Debug( LDAP_DEBUG_ANY, 633 "ldif_send_entry: out of memory\n", 0, 0, 0 ); 634 rc = LDAP_OTHER; 635 goto done; 636 } 637 tl->elen = elen; 638 tl->entries = entries; 639 } 640 tl->entries[tl->ecount++] = e; 641 return rc; 642 } 643 644 else if ( !get_manageDSAit( op ) && is_entry_referral( e ) ) { 645 /* Send a continuation reference. 646 * (ldif_back_referrals() handles baseobject referrals.) 647 * Don't check the filter since it's only a candidate. 648 */ 649 BerVarray refs = get_entry_referrals( op, e ); 650 rs->sr_ref = referral_rewrite( refs, &e->e_name, NULL, scope ); 651 rs->sr_entry = e; 652 rc = send_search_reference( op, rs ); 653 ber_bvarray_free( rs->sr_ref ); 654 ber_bvarray_free( refs ); 655 rs->sr_ref = NULL; 656 rs->sr_entry = NULL; 657 } 658 659 else if ( test_filter( op, e, op->ors_filter ) == LDAP_COMPARE_TRUE ) { 660 rs->sr_entry = e; 661 rs->sr_attrs = op->ors_attrs; 662 rs->sr_flags = REP_ENTRY_MODIFIABLE; 663 rc = send_search_entry( op, rs ); 664 rs->sr_entry = NULL; 665 } 666 } 667 668 done: 669 entry_free( e ); 670 return rc; 671 } 672 673 /* Read LDIF directory <path> into <listp>. Set *fname_maxlenp. */ 674 static int 675 ldif_readdir( 676 Operation *op, 677 SlapReply *rs, 678 const struct berval *path, 679 bvlist **listp, 680 ber_len_t *fname_maxlenp ) 681 { 682 int rc = LDAP_SUCCESS; 683 DIR *dir_of_path; 684 685 *listp = NULL; 686 *fname_maxlenp = 0; 687 688 dir_of_path = opendir( path->bv_val ); 689 if ( dir_of_path == NULL ) { 690 int save_errno = errno; 691 struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private; 692 int is_rootDSE = (path->bv_len == li->li_base_path.bv_len); 693 694 /* Absent directory is OK (leaf entry), except the database dir */ 695 if ( is_rootDSE || save_errno != ENOENT ) { 696 Debug( LDAP_DEBUG_ANY, 697 "=> ldif_search_entry: failed to opendir \"%s\": %s\n", 698 path->bv_val, STRERROR( save_errno ), 0 ); 699 rc = LDAP_OTHER; 700 if ( rs != NULL ) 701 rs->sr_text = 702 save_errno != ENOENT ? "internal error (bad directory)" 703 : !is_rootDSE ? "internal error (missing directory)" 704 : "internal error (database directory does not exist)"; 705 } 706 707 } else { 708 bvlist *ptr; 709 struct dirent *dir; 710 int save_errno = 0; 711 712 while ( (dir = readdir( dir_of_path )) != NULL ) { 713 size_t fname_len; 714 bvlist *bvl, **prev; 715 char *trunc, *idxp, *endp, *endp2; 716 717 fname_len = strlen( dir->d_name ); 718 if ( fname_len < STRLENOF( "x=" LDIF )) /* min filename size */ 719 continue; 720 if ( strcmp( dir->d_name + fname_len - STRLENOF(LDIF), LDIF )) 721 continue; 722 723 if ( *fname_maxlenp < fname_len ) 724 *fname_maxlenp = fname_len; 725 726 bvl = SLAP_MALLOC( BVL_SIZE( fname_len ) ); 727 if ( bvl == NULL ) { 728 rc = LDAP_OTHER; 729 save_errno = errno; 730 break; 731 } 732 strcpy( BVL_NAME( bvl ), dir->d_name ); 733 734 /* Make it sortable by ("attr=val" or <preceding {num}, num>) */ 735 trunc = BVL_NAME( bvl ) + fname_len - STRLENOF( LDIF ); 736 if ( (idxp = strchr( BVL_NAME( bvl ) + 2, IX_FSL )) != NULL && 737 (endp = strchr( ++idxp, IX_FSR )) != NULL && endp > idxp && 738 (eq_unsafe || idxp[-2] == '=' || endp + 1 == trunc) ) 739 { 740 /* attr={n}val or bconfig.c's "pseudo-indexed" attr=val{n} */ 741 bvl->inum = strtol( idxp, &endp2, 10 ); 742 if ( endp2 == endp ) { 743 trunc = idxp; 744 goto truncate; 745 } 746 } 747 bvl->inum = INT_MIN; 748 truncate: 749 bvl->trunc = trunc; 750 bvl->savech = *trunc; 751 *trunc = '\0'; 752 753 /* Insertion sort */ 754 for ( prev = listp; (ptr = *prev) != NULL; prev = &ptr->next ) { 755 int cmp = strcmp( BVL_NAME( bvl ), BVL_NAME( ptr )); 756 if ( cmp < 0 || (cmp == 0 && bvl->inum < ptr->inum) ) 757 break; 758 } 759 *prev = bvl; 760 bvl->next = ptr; 761 } 762 763 if ( closedir( dir_of_path ) < 0 ) { 764 save_errno = errno; 765 rc = LDAP_OTHER; 766 if ( rs != NULL ) 767 rs->sr_text = "internal error (bad directory)"; 768 } 769 if ( rc != LDAP_SUCCESS ) { 770 Debug( LDAP_DEBUG_ANY, "ldif_search_entry: %s \"%s\": %s\n", 771 "error reading directory", path->bv_val, 772 STRERROR( save_errno ) ); 773 } 774 } 775 776 return rc; 777 } 778 779 /* 780 * Send an entry, recursively search its children, and free or save it. 781 * Return an LDAP result code. Parameters: 782 * op, rs operation and reply. rs == NULL for slap tools. 783 * e entry to search, or NULL for rootDSE. 784 * scope scope for the part of the search from this entry. 785 * path LDIF filename -- bv_len and non-directory part are overwritten. 786 */ 787 static int 788 ldif_search_entry( 789 Operation *op, 790 SlapReply *rs, 791 Entry *e, 792 int scope, 793 struct berval *path ) 794 { 795 int rc = LDAP_SUCCESS; 796 struct berval dn = BER_BVC( "" ), ndn = BER_BVC( "" ); 797 798 if ( scope != LDAP_SCOPE_BASE && e != NULL ) { 799 /* Copy DN/NDN since we send the entry with REP_ENTRY_MODIFIABLE, 800 * which bconfig.c seems to need. (TODO: see config_rename_one.) 801 */ 802 if ( ber_dupbv( &dn, &e->e_name ) == NULL || 803 ber_dupbv( &ndn, &e->e_nname ) == NULL ) 804 { 805 Debug( LDAP_DEBUG_ANY, 806 "ldif_search_entry: out of memory\n", 0, 0, 0 ); 807 rc = LDAP_OTHER; 808 goto done; 809 } 810 } 811 812 /* Send the entry if appropriate, and free or save it */ 813 if ( e != NULL ) 814 rc = ldif_send_entry( op, rs, e, scope ); 815 816 /* Search the children */ 817 if ( scope != LDAP_SCOPE_BASE && rc == LDAP_SUCCESS ) { 818 bvlist *list, *ptr; 819 struct berval fpath; /* becomes child pathname */ 820 char *dir_end; /* will point past dirname in fpath */ 821 822 ldif2dir_len( *path ); 823 ldif2dir_name( *path ); 824 rc = ldif_readdir( op, rs, path, &list, &fpath.bv_len ); 825 826 if ( list != NULL ) { 827 const char **text = rs == NULL ? NULL : &rs->sr_text; 828 829 if ( scope == LDAP_SCOPE_ONELEVEL ) 830 scope = LDAP_SCOPE_BASE; 831 else if ( scope == LDAP_SCOPE_SUBORDINATE ) 832 scope = LDAP_SCOPE_SUBTREE; 833 834 /* Allocate fpath and fill in directory part */ 835 dir_end = fullpath_alloc( &fpath, path, fpath.bv_len ); 836 if ( dir_end == NULL ) 837 rc = LDAP_OTHER; 838 839 do { 840 ptr = list; 841 842 if ( rc == LDAP_SUCCESS ) { 843 *ptr->trunc = ptr->savech; 844 FILL_PATH( &fpath, dir_end, BVL_NAME( ptr )); 845 846 rc = ldif_read_entry( op, fpath.bv_val, &dn, &ndn, 847 &e, text ); 848 switch ( rc ) { 849 case LDAP_SUCCESS: 850 rc = ldif_search_entry( op, rs, e, scope, &fpath ); 851 break; 852 case LDAP_NO_SUCH_OBJECT: 853 /* Only the search baseDN may produce noSuchObject. */ 854 rc = LDAP_OTHER; 855 if ( rs != NULL ) 856 rs->sr_text = "internal error " 857 "(did someone just remove an entry file?)"; 858 Debug( LDAP_DEBUG_ANY, "ldif_search_entry: " 859 "file listed in parent directory does not exist: " 860 "\"%s\"\n", fpath.bv_val, 0, 0 ); 861 break; 862 } 863 } 864 865 list = ptr->next; 866 SLAP_FREE( ptr ); 867 } while ( list != NULL ); 868 869 if ( !BER_BVISNULL( &fpath ) ) 870 SLAP_FREE( fpath.bv_val ); 871 } 872 } 873 874 done: 875 if ( !BER_BVISEMPTY( &dn ) ) 876 ber_memfree( dn.bv_val ); 877 if ( !BER_BVISEMPTY( &ndn ) ) 878 ber_memfree( ndn.bv_val ); 879 return rc; 880 } 881 882 static int 883 search_tree( Operation *op, SlapReply *rs ) 884 { 885 int rc = LDAP_SUCCESS; 886 Entry *e = NULL; 887 struct berval path; 888 struct berval pdn, pndn; 889 890 (void) ndn2path( op, &op->o_req_ndn, &path, 1 ); 891 if ( !BER_BVISEMPTY( &op->o_req_ndn ) ) { 892 /* Read baseObject */ 893 dnParent( &op->o_req_dn, &pdn ); 894 dnParent( &op->o_req_ndn, &pndn ); 895 rc = ldif_read_entry( op, path.bv_val, &pdn, &pndn, &e, 896 rs == NULL ? NULL : &rs->sr_text ); 897 } 898 if ( rc == LDAP_SUCCESS ) 899 rc = ldif_search_entry( op, rs, e, op->ors_scope, &path ); 900 901 ch_free( path.bv_val ); 902 return rc; 903 } 904 905 906 /* 907 * Prepare to create or rename an entry: 908 * Check that the entry does not already exist. 909 * Check that the parent entry exists and can have subordinates, 910 * unless need_dir is NULL or adding the suffix entry. 911 * 912 * Return an LDAP result code. May set *text to a message on failure. 913 * If success, set *dnpath to LDIF entry path and *need_dir to 914 * (directory must be created ? dirname : NULL). 915 */ 916 static int 917 ldif_prepare_create( 918 Operation *op, 919 Entry *e, 920 struct berval *dnpath, 921 char **need_dir, 922 const char **text ) 923 { 924 struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private; 925 struct berval *ndn = &e->e_nname; 926 struct berval ppath = BER_BVNULL; 927 struct stat st; 928 Entry *parent = NULL; 929 int rc; 930 931 if ( op->o_abandon ) 932 return SLAPD_ABANDON; 933 934 rc = ndn2path( op, ndn, dnpath, 0 ); 935 if ( rc != LDAP_SUCCESS ) { 936 return rc; 937 } 938 939 if ( stat( dnpath->bv_val, &st ) == 0 ) { /* entry .ldif file */ 940 rc = LDAP_ALREADY_EXISTS; 941 942 } else if ( errno != ENOENT ) { 943 Debug( LDAP_DEBUG_ANY, 944 "ldif_prepare_create: cannot stat \"%s\": %s\n", 945 dnpath->bv_val, STRERROR( errno ), 0 ); 946 rc = LDAP_OTHER; 947 *text = "internal error (cannot check entry file)"; 948 949 } else if ( need_dir != NULL ) { 950 *need_dir = NULL; 951 rc = get_parent_path( dnpath, &ppath ); 952 /* If parent dir exists, so does parent .ldif: 953 * The directory gets created after and removed before the .ldif. 954 * Except with the database directory, which has no matching entry. 955 */ 956 if ( rc == LDAP_SUCCESS && stat( ppath.bv_val, &st ) < 0 ) { 957 rc = errno == ENOENT && ppath.bv_len > li->li_base_path.bv_len 958 ? LDAP_NO_SUCH_OBJECT : LDAP_OTHER; 959 } 960 switch ( rc ) { 961 case LDAP_NO_SUCH_OBJECT: 962 /* No parent dir, check parent .ldif */ 963 dir2ldif_name( ppath ); 964 rc = ldif_read_entry( op, ppath.bv_val, NULL, NULL, 965 (op->o_tag != LDAP_REQ_ADD || get_manageDSAit( op ) 966 ? &parent : NULL), 967 text ); 968 switch ( rc ) { 969 case LDAP_SUCCESS: 970 /* Check that parent is not a referral, unless 971 * ldif_back_referrals() already checked. 972 */ 973 if ( parent != NULL ) { 974 int is_ref = is_entry_referral( parent ); 975 entry_free( parent ); 976 if ( is_ref ) { 977 rc = LDAP_AFFECTS_MULTIPLE_DSAS; 978 *text = op->o_tag == LDAP_REQ_MODDN 979 ? "newSuperior is a referral object" 980 : "parent is a referral object"; 981 break; 982 } 983 } 984 /* Must create parent directory. */ 985 ldif2dir_name( ppath ); 986 *need_dir = ppath.bv_val; 987 break; 988 case LDAP_NO_SUCH_OBJECT: 989 *text = op->o_tag == LDAP_REQ_MODDN 990 ? "newSuperior object does not exist" 991 : "parent does not exist"; 992 break; 993 } 994 break; 995 case LDAP_OTHER: 996 Debug( LDAP_DEBUG_ANY, 997 "ldif_prepare_create: cannot stat \"%s\" parent dir: %s\n", 998 ndn->bv_val, STRERROR( errno ), 0 ); 999 *text = "internal error (cannot stat parent dir)"; 1000 break; 1001 } 1002 if ( *need_dir == NULL && ppath.bv_val != NULL ) 1003 SLAP_FREE( ppath.bv_val ); 1004 } 1005 1006 if ( rc != LDAP_SUCCESS ) { 1007 SLAP_FREE( dnpath->bv_val ); 1008 BER_BVZERO( dnpath ); 1009 } 1010 return rc; 1011 } 1012 1013 static int 1014 apply_modify_to_entry( 1015 Entry *entry, 1016 Modifications *modlist, 1017 Operation *op, 1018 SlapReply *rs ) 1019 { 1020 char textbuf[SLAP_TEXT_BUFLEN]; 1021 int rc = modlist ? LDAP_UNWILLING_TO_PERFORM : LDAP_SUCCESS; 1022 int is_oc = 0; 1023 Modification *mods; 1024 1025 if (!acl_check_modlist(op, entry, modlist)) { 1026 return LDAP_INSUFFICIENT_ACCESS; 1027 } 1028 1029 for (; modlist != NULL; modlist = modlist->sml_next) { 1030 mods = &modlist->sml_mod; 1031 1032 if ( mods->sm_desc == slap_schema.si_ad_objectClass ) { 1033 is_oc = 1; 1034 } 1035 switch (mods->sm_op) { 1036 case LDAP_MOD_ADD: 1037 rc = modify_add_values(entry, mods, 1038 get_permissiveModify(op), 1039 &rs->sr_text, textbuf, 1040 sizeof( textbuf ) ); 1041 break; 1042 1043 case LDAP_MOD_DELETE: 1044 rc = modify_delete_values(entry, mods, 1045 get_permissiveModify(op), 1046 &rs->sr_text, textbuf, 1047 sizeof( textbuf ) ); 1048 break; 1049 1050 case LDAP_MOD_REPLACE: 1051 rc = modify_replace_values(entry, mods, 1052 get_permissiveModify(op), 1053 &rs->sr_text, textbuf, 1054 sizeof( textbuf ) ); 1055 break; 1056 1057 case LDAP_MOD_INCREMENT: 1058 rc = modify_increment_values( entry, 1059 mods, get_permissiveModify(op), 1060 &rs->sr_text, textbuf, 1061 sizeof( textbuf ) ); 1062 break; 1063 1064 case SLAP_MOD_SOFTADD: 1065 mods->sm_op = LDAP_MOD_ADD; 1066 rc = modify_add_values(entry, mods, 1067 get_permissiveModify(op), 1068 &rs->sr_text, textbuf, 1069 sizeof( textbuf ) ); 1070 mods->sm_op = SLAP_MOD_SOFTADD; 1071 if (rc == LDAP_TYPE_OR_VALUE_EXISTS) { 1072 rc = LDAP_SUCCESS; 1073 } 1074 break; 1075 } 1076 if(rc != LDAP_SUCCESS) break; 1077 } 1078 1079 if ( rc == LDAP_SUCCESS ) { 1080 rs->sr_text = NULL; /* Needed at least with SLAP_MOD_SOFTADD */ 1081 if ( is_oc ) { 1082 entry->e_ocflags = 0; 1083 } 1084 /* check that the entry still obeys the schema */ 1085 rc = entry_schema_check( op, entry, NULL, 0, 0, NULL, 1086 &rs->sr_text, textbuf, sizeof( textbuf ) ); 1087 } 1088 1089 return rc; 1090 } 1091 1092 1093 static int 1094 ldif_back_referrals( Operation *op, SlapReply *rs ) 1095 { 1096 struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private; 1097 struct berval path, dn = op->o_req_dn, ndn = op->o_req_ndn; 1098 ber_len_t min_dnlen; 1099 Entry *entry = NULL, **entryp; 1100 BerVarray ref; 1101 int rc; 1102 1103 min_dnlen = op->o_bd->be_nsuffix[0].bv_len; 1104 if ( min_dnlen == 0 ) { 1105 /* Catch root DSE (empty DN), it is not a referral */ 1106 min_dnlen = 1; 1107 } 1108 if ( ndn2path( op, &ndn, &path, 0 ) != LDAP_SUCCESS ) { 1109 return LDAP_SUCCESS; /* Root DSE again */ 1110 } 1111 1112 entryp = get_manageDSAit( op ) ? NULL : &entry; 1113 ldap_pvt_thread_rdwr_rlock( &li->li_rdwr ); 1114 1115 for (;;) { 1116 dnParent( &dn, &dn ); 1117 dnParent( &ndn, &ndn ); 1118 rc = ldif_read_entry( op, path.bv_val, &dn, &ndn, 1119 entryp, &rs->sr_text ); 1120 if ( rc != LDAP_NO_SUCH_OBJECT ) 1121 break; 1122 1123 rc = LDAP_SUCCESS; 1124 if ( ndn.bv_len < min_dnlen ) 1125 break; 1126 (void) get_parent_path( &path, NULL ); 1127 dir2ldif_name( path ); 1128 entryp = &entry; 1129 } 1130 1131 ldap_pvt_thread_rdwr_runlock( &li->li_rdwr ); 1132 SLAP_FREE( path.bv_val ); 1133 1134 if ( entry != NULL ) { 1135 if ( is_entry_referral( entry ) ) { 1136 Debug( LDAP_DEBUG_TRACE, 1137 "ldif_back_referrals: tag=%lu target=\"%s\" matched=\"%s\"\n", 1138 (unsigned long) op->o_tag, op->o_req_dn.bv_val, entry->e_dn ); 1139 1140 ref = get_entry_referrals( op, entry ); 1141 rs->sr_ref = referral_rewrite( ref, &entry->e_name, &op->o_req_dn, 1142 op->o_tag == LDAP_REQ_SEARCH ? 1143 op->ors_scope : LDAP_SCOPE_DEFAULT ); 1144 ber_bvarray_free( ref ); 1145 1146 if ( rs->sr_ref != NULL ) { 1147 /* send referral */ 1148 rc = rs->sr_err = LDAP_REFERRAL; 1149 rs->sr_matched = entry->e_dn; 1150 send_ldap_result( op, rs ); 1151 ber_bvarray_free( rs->sr_ref ); 1152 rs->sr_ref = NULL; 1153 } else { 1154 rc = LDAP_OTHER; 1155 rs->sr_text = "bad referral object"; 1156 } 1157 rs->sr_matched = NULL; 1158 } 1159 1160 entry_free( entry ); 1161 } 1162 1163 return rc; 1164 } 1165 1166 1167 /* LDAP operations */ 1168 1169 static int 1170 ldif_back_bind( Operation *op, SlapReply *rs ) 1171 { 1172 struct ldif_info *li; 1173 Attribute *a; 1174 AttributeDescription *password = slap_schema.si_ad_userPassword; 1175 int return_val; 1176 Entry *entry = NULL; 1177 1178 switch ( be_rootdn_bind( op, rs ) ) { 1179 case SLAP_CB_CONTINUE: 1180 break; 1181 1182 default: 1183 /* in case of success, front end will send result; 1184 * otherwise, be_rootdn_bind() did */ 1185 return rs->sr_err; 1186 } 1187 1188 li = (struct ldif_info *) op->o_bd->be_private; 1189 ldap_pvt_thread_rdwr_rlock(&li->li_rdwr); 1190 return_val = get_entry(op, &entry, NULL, NULL); 1191 1192 /* no object is found for them */ 1193 if(return_val != LDAP_SUCCESS) { 1194 rs->sr_err = return_val = LDAP_INVALID_CREDENTIALS; 1195 goto return_result; 1196 } 1197 1198 /* they don't have userpassword */ 1199 if((a = attr_find(entry->e_attrs, password)) == NULL) { 1200 rs->sr_err = LDAP_INAPPROPRIATE_AUTH; 1201 return_val = 1; 1202 goto return_result; 1203 } 1204 1205 /* authentication actually failed */ 1206 if(slap_passwd_check(op, entry, a, &op->oq_bind.rb_cred, 1207 &rs->sr_text) != 0) { 1208 rs->sr_err = LDAP_INVALID_CREDENTIALS; 1209 return_val = 1; 1210 goto return_result; 1211 } 1212 1213 /* let the front-end send success */ 1214 return_val = LDAP_SUCCESS; 1215 1216 return_result: 1217 ldap_pvt_thread_rdwr_runlock(&li->li_rdwr); 1218 if(return_val != LDAP_SUCCESS) 1219 send_ldap_result( op, rs ); 1220 if(entry != NULL) 1221 entry_free(entry); 1222 return return_val; 1223 } 1224 1225 static int 1226 ldif_back_search( Operation *op, SlapReply *rs ) 1227 { 1228 struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private; 1229 1230 ldap_pvt_thread_rdwr_rlock(&li->li_rdwr); 1231 rs->sr_err = search_tree( op, rs ); 1232 ldap_pvt_thread_rdwr_runlock(&li->li_rdwr); 1233 send_ldap_result(op, rs); 1234 1235 return rs->sr_err; 1236 } 1237 1238 static int 1239 ldif_back_add( Operation *op, SlapReply *rs ) 1240 { 1241 struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private; 1242 Entry * e = op->ora_e; 1243 struct berval path; 1244 char *parentdir; 1245 char textbuf[SLAP_TEXT_BUFLEN]; 1246 int rc; 1247 1248 Debug( LDAP_DEBUG_TRACE, "ldif_back_add: \"%s\"\n", e->e_dn, 0, 0 ); 1249 1250 rc = entry_schema_check( op, e, NULL, 0, 1, NULL, 1251 &rs->sr_text, textbuf, sizeof( textbuf ) ); 1252 if ( rc != LDAP_SUCCESS ) 1253 goto send_res; 1254 1255 rc = slap_add_opattrs( op, &rs->sr_text, textbuf, sizeof( textbuf ), 1 ); 1256 if ( rc != LDAP_SUCCESS ) 1257 goto send_res; 1258 1259 ldap_pvt_thread_mutex_lock( &li->li_modop_mutex ); 1260 1261 rc = ldif_prepare_create( op, e, &path, &parentdir, &rs->sr_text ); 1262 if ( rc == LDAP_SUCCESS ) { 1263 ldap_pvt_thread_rdwr_wlock( &li->li_rdwr ); 1264 rc = ldif_write_entry( op, e, &path, parentdir, &rs->sr_text ); 1265 ldap_pvt_thread_rdwr_wunlock( &li->li_rdwr ); 1266 1267 SLAP_FREE( path.bv_val ); 1268 if ( parentdir != NULL ) 1269 SLAP_FREE( parentdir ); 1270 } 1271 1272 ldap_pvt_thread_mutex_unlock( &li->li_modop_mutex ); 1273 1274 send_res: 1275 rs->sr_err = rc; 1276 Debug( LDAP_DEBUG_TRACE, "ldif_back_add: err: %d text: %s\n", 1277 rc, rs->sr_text ? rs->sr_text : "", 0 ); 1278 send_ldap_result( op, rs ); 1279 slap_graduate_commit_csn( op ); 1280 return rs->sr_err; 1281 } 1282 1283 static int 1284 ldif_back_modify( Operation *op, SlapReply *rs ) 1285 { 1286 struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private; 1287 Modifications * modlst = op->orm_modlist; 1288 struct berval path; 1289 Entry *entry; 1290 int rc; 1291 1292 slap_mods_opattrs( op, &op->orm_modlist, 1 ); 1293 1294 ldap_pvt_thread_mutex_lock( &li->li_modop_mutex ); 1295 1296 rc = get_entry( op, &entry, &path, &rs->sr_text ); 1297 if ( rc == LDAP_SUCCESS ) { 1298 rc = apply_modify_to_entry( entry, modlst, op, rs ); 1299 if ( rc == LDAP_SUCCESS ) { 1300 ldap_pvt_thread_rdwr_wlock( &li->li_rdwr ); 1301 rc = ldif_write_entry( op, entry, &path, NULL, &rs->sr_text ); 1302 ldap_pvt_thread_rdwr_wunlock( &li->li_rdwr ); 1303 } 1304 1305 entry_free( entry ); 1306 SLAP_FREE( path.bv_val ); 1307 } 1308 1309 ldap_pvt_thread_mutex_unlock( &li->li_modop_mutex ); 1310 1311 rs->sr_err = rc; 1312 send_ldap_result( op, rs ); 1313 slap_graduate_commit_csn( op ); 1314 return rs->sr_err; 1315 } 1316 1317 static int 1318 ldif_back_delete( Operation *op, SlapReply *rs ) 1319 { 1320 struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private; 1321 struct berval path; 1322 int rc = LDAP_SUCCESS; 1323 1324 if ( BER_BVISEMPTY( &op->o_csn )) { 1325 struct berval csn; 1326 char csnbuf[LDAP_LUTIL_CSNSTR_BUFSIZE]; 1327 1328 csn.bv_val = csnbuf; 1329 csn.bv_len = sizeof( csnbuf ); 1330 slap_get_csn( op, &csn, 1 ); 1331 } 1332 1333 ldap_pvt_thread_mutex_lock( &li->li_modop_mutex ); 1334 ldap_pvt_thread_rdwr_wlock( &li->li_rdwr ); 1335 if ( op->o_abandon ) { 1336 rc = SLAPD_ABANDON; 1337 goto done; 1338 } 1339 1340 rc = ndn2path( op, &op->o_req_ndn, &path, 0 ); 1341 if ( rc != LDAP_SUCCESS ) { 1342 goto done; 1343 } 1344 1345 ldif2dir_len( path ); 1346 ldif2dir_name( path ); 1347 if ( rmdir( path.bv_val ) < 0 ) { 1348 switch ( errno ) { 1349 case ENOTEMPTY: 1350 rc = LDAP_NOT_ALLOWED_ON_NONLEAF; 1351 break; 1352 case ENOENT: 1353 /* is leaf, go on */ 1354 break; 1355 default: 1356 rc = LDAP_OTHER; 1357 rs->sr_text = "internal error (cannot delete subtree directory)"; 1358 break; 1359 } 1360 } 1361 1362 if ( rc == LDAP_SUCCESS ) { 1363 dir2ldif_name( path ); 1364 if ( unlink( path.bv_val ) < 0 ) { 1365 rc = LDAP_NO_SUCH_OBJECT; 1366 if ( errno != ENOENT ) { 1367 rc = LDAP_OTHER; 1368 rs->sr_text = "internal error (cannot delete entry file)"; 1369 } 1370 } 1371 } 1372 1373 if ( rc == LDAP_OTHER ) { 1374 Debug( LDAP_DEBUG_ANY, "ldif_back_delete: %s \"%s\": %s\n", 1375 "cannot delete", path.bv_val, STRERROR( errno ) ); 1376 } 1377 1378 SLAP_FREE( path.bv_val ); 1379 done: 1380 ldap_pvt_thread_rdwr_wunlock( &li->li_rdwr ); 1381 ldap_pvt_thread_mutex_unlock( &li->li_modop_mutex ); 1382 rs->sr_err = rc; 1383 send_ldap_result( op, rs ); 1384 slap_graduate_commit_csn( op ); 1385 return rs->sr_err; 1386 } 1387 1388 1389 static int 1390 ldif_move_entry( 1391 Operation *op, 1392 Entry *entry, 1393 int same_ndn, 1394 struct berval *oldpath, 1395 const char **text ) 1396 { 1397 struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private; 1398 struct berval newpath; 1399 char *parentdir = NULL, *trash; 1400 int rc, rename_res; 1401 1402 if ( same_ndn ) { 1403 rc = LDAP_SUCCESS; 1404 newpath = *oldpath; 1405 } else { 1406 rc = ldif_prepare_create( op, entry, &newpath, 1407 op->orr_newSup ? &parentdir : NULL, text ); 1408 } 1409 1410 if ( rc == LDAP_SUCCESS ) { 1411 ldap_pvt_thread_rdwr_wlock( &li->li_rdwr ); 1412 1413 rc = ldif_write_entry( op, entry, &newpath, parentdir, text ); 1414 if ( rc == LDAP_SUCCESS && !same_ndn ) { 1415 trash = oldpath->bv_val; /* will be .ldif file to delete */ 1416 ldif2dir_len( newpath ); 1417 ldif2dir_len( *oldpath ); 1418 /* Move subdir before deleting old entry, 1419 * so .ldif always exists if subdir does. 1420 */ 1421 ldif2dir_name( newpath ); 1422 ldif2dir_name( *oldpath ); 1423 rename_res = move_dir( oldpath->bv_val, newpath.bv_val ); 1424 if ( rename_res != 0 && errno != ENOENT ) { 1425 rc = LDAP_OTHER; 1426 *text = "internal error (cannot move this subtree)"; 1427 trash = newpath.bv_val; 1428 } 1429 1430 /* Delete old entry, or if error undo change */ 1431 for (;;) { 1432 dir2ldif_name( newpath ); 1433 dir2ldif_name( *oldpath ); 1434 if ( unlink( trash ) == 0 ) 1435 break; 1436 if ( rc == LDAP_SUCCESS ) { 1437 /* Prepare to undo change and return failure */ 1438 rc = LDAP_OTHER; 1439 *text = "internal error (cannot move this entry)"; 1440 trash = newpath.bv_val; 1441 if ( rename_res != 0 ) 1442 continue; 1443 /* First move subdirectory back */ 1444 ldif2dir_name( newpath ); 1445 ldif2dir_name( *oldpath ); 1446 if ( move_dir( newpath.bv_val, oldpath->bv_val ) == 0 ) 1447 continue; 1448 } 1449 *text = "added new but couldn't delete old entry!"; 1450 break; 1451 } 1452 1453 if ( rc != LDAP_SUCCESS ) { 1454 char s[128]; 1455 snprintf( s, sizeof s, "%s (%s)", *text, STRERROR( errno )); 1456 Debug( LDAP_DEBUG_ANY, 1457 "ldif_move_entry: %s: \"%s\" -> \"%s\"\n", 1458 s, op->o_req_dn.bv_val, entry->e_dn ); 1459 } 1460 } 1461 1462 ldap_pvt_thread_rdwr_wunlock( &li->li_rdwr ); 1463 if ( !same_ndn ) 1464 SLAP_FREE( newpath.bv_val ); 1465 if ( parentdir != NULL ) 1466 SLAP_FREE( parentdir ); 1467 } 1468 1469 return rc; 1470 } 1471 1472 static int 1473 ldif_back_modrdn( Operation *op, SlapReply *rs ) 1474 { 1475 struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private; 1476 struct berval new_dn = BER_BVNULL, new_ndn = BER_BVNULL; 1477 struct berval p_dn, old_path; 1478 Entry *entry; 1479 int rc, same_ndn; 1480 1481 slap_mods_opattrs( op, &op->orr_modlist, 1 ); 1482 1483 ldap_pvt_thread_mutex_lock( &li->li_modop_mutex ); 1484 1485 rc = get_entry( op, &entry, &old_path, &rs->sr_text ); 1486 if ( rc == LDAP_SUCCESS ) { 1487 /* build new dn, and new ndn for the entry */ 1488 if ( op->oq_modrdn.rs_newSup != NULL ) { 1489 p_dn = *op->oq_modrdn.rs_newSup; 1490 } else { 1491 dnParent( &entry->e_name, &p_dn ); 1492 } 1493 build_new_dn( &new_dn, &p_dn, &op->oq_modrdn.rs_newrdn, NULL ); 1494 dnNormalize( 0, NULL, NULL, &new_dn, &new_ndn, NULL ); 1495 same_ndn = !ber_bvcmp( &entry->e_nname, &new_ndn ); 1496 ber_memfree_x( entry->e_name.bv_val, NULL ); 1497 ber_memfree_x( entry->e_nname.bv_val, NULL ); 1498 entry->e_name = new_dn; 1499 entry->e_nname = new_ndn; 1500 1501 /* perform the modifications */ 1502 rc = apply_modify_to_entry( entry, op->orr_modlist, op, rs ); 1503 if ( rc == LDAP_SUCCESS ) 1504 rc = ldif_move_entry( op, entry, same_ndn, &old_path, 1505 &rs->sr_text ); 1506 1507 entry_free( entry ); 1508 SLAP_FREE( old_path.bv_val ); 1509 } 1510 1511 ldap_pvt_thread_mutex_unlock( &li->li_modop_mutex ); 1512 rs->sr_err = rc; 1513 send_ldap_result( op, rs ); 1514 slap_graduate_commit_csn( op ); 1515 return rs->sr_err; 1516 } 1517 1518 1519 /* Return LDAP_SUCCESS IFF we retrieve the specified entry. */ 1520 static int 1521 ldif_back_entry_get( 1522 Operation *op, 1523 struct berval *ndn, 1524 ObjectClass *oc, 1525 AttributeDescription *at, 1526 int rw, 1527 Entry **e ) 1528 { 1529 struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private; 1530 struct berval op_dn = op->o_req_dn, op_ndn = op->o_req_ndn; 1531 int rc; 1532 1533 assert( ndn != NULL ); 1534 assert( !BER_BVISNULL( ndn ) ); 1535 1536 ldap_pvt_thread_rdwr_rlock( &li->li_rdwr ); 1537 op->o_req_dn = *ndn; 1538 op->o_req_ndn = *ndn; 1539 rc = get_entry( op, e, NULL, NULL ); 1540 op->o_req_dn = op_dn; 1541 op->o_req_ndn = op_ndn; 1542 ldap_pvt_thread_rdwr_runlock( &li->li_rdwr ); 1543 1544 if ( rc == LDAP_SUCCESS && oc && !is_entry_objectclass_or_sub( *e, oc ) ) { 1545 rc = LDAP_NO_SUCH_ATTRIBUTE; 1546 entry_free( *e ); 1547 *e = NULL; 1548 } 1549 1550 return rc; 1551 } 1552 1553 1554 /* Slap tools */ 1555 1556 static int 1557 ldif_tool_entry_open( BackendDB *be, int mode ) 1558 { 1559 struct ldif_tool *tl = &((struct ldif_info *) be->be_private)->li_tool; 1560 1561 tl->ecurrent = 0; 1562 return 0; 1563 } 1564 1565 static int 1566 ldif_tool_entry_close( BackendDB *be ) 1567 { 1568 struct ldif_tool *tl = &((struct ldif_info *) be->be_private)->li_tool; 1569 Entry **entries = tl->entries; 1570 ID i; 1571 1572 for ( i = tl->ecount; i--; ) 1573 if ( entries[i] ) 1574 entry_free( entries[i] ); 1575 SLAP_FREE( entries ); 1576 tl->entries = NULL; 1577 tl->ecount = tl->elen = 0; 1578 return 0; 1579 } 1580 1581 static ID 1582 ldif_tool_entry_next( BackendDB *be ) 1583 { 1584 struct ldif_tool *tl = &((struct ldif_info *) be->be_private)->li_tool; 1585 1586 if ( tl->ecurrent >= tl->ecount ) 1587 return NOID; 1588 else 1589 return ++tl->ecurrent; 1590 } 1591 1592 static ID 1593 ldif_tool_entry_first( BackendDB *be ) 1594 { 1595 struct ldif_tool *tl = &((struct ldif_info *) be->be_private)->li_tool; 1596 1597 if ( tl->entries == NULL ) { 1598 Operation op = {0}; 1599 1600 op.o_bd = be; 1601 op.o_req_dn = *be->be_suffix; 1602 op.o_req_ndn = *be->be_nsuffix; 1603 op.ors_scope = LDAP_SCOPE_SUBTREE; 1604 if ( search_tree( &op, NULL ) != LDAP_SUCCESS ) { 1605 tl->ecurrent = tl->ecount; /* fail ldif_tool_entry_next() */ 1606 return 0; /* fail ldif_tool_entry_get() */ 1607 } 1608 } 1609 return ldif_tool_entry_next( be ); 1610 } 1611 1612 static Entry * 1613 ldif_tool_entry_get( BackendDB *be, ID id ) 1614 { 1615 struct ldif_tool *tl = &((struct ldif_info *) be->be_private)->li_tool; 1616 Entry *e = NULL; 1617 1618 --id; 1619 if ( id < tl->ecount ) { 1620 e = tl->entries[id]; 1621 tl->entries[id] = NULL; 1622 } 1623 return e; 1624 } 1625 1626 static ID 1627 ldif_tool_entry_put( BackendDB *be, Entry *e, struct berval *text ) 1628 { 1629 int rc; 1630 const char *errmsg = NULL; 1631 struct berval path; 1632 char *parentdir; 1633 Operation op = {0}; 1634 1635 op.o_bd = be; 1636 rc = ldif_prepare_create( &op, e, &path, &parentdir, &errmsg ); 1637 if ( rc == LDAP_SUCCESS ) { 1638 rc = ldif_write_entry( &op, e, &path, parentdir, &errmsg ); 1639 1640 SLAP_FREE( path.bv_val ); 1641 if ( parentdir != NULL ) 1642 SLAP_FREE( parentdir ); 1643 if ( rc == LDAP_SUCCESS ) 1644 return 1; 1645 } 1646 1647 if ( errmsg == NULL && rc != LDAP_OTHER ) 1648 errmsg = ldap_err2string( rc ); 1649 if ( errmsg != NULL ) 1650 snprintf( text->bv_val, text->bv_len, "%s", errmsg ); 1651 return NOID; 1652 } 1653 1654 1655 /* Setup */ 1656 1657 static int 1658 ldif_back_db_init( BackendDB *be, ConfigReply *cr ) 1659 { 1660 struct ldif_info *li; 1661 1662 li = ch_calloc( 1, sizeof(struct ldif_info) ); 1663 be->be_private = li; 1664 be->be_cf_ocs = ldifocs; 1665 ldap_pvt_thread_mutex_init( &li->li_modop_mutex ); 1666 ldap_pvt_thread_rdwr_init( &li->li_rdwr ); 1667 SLAP_DBFLAGS( be ) |= SLAP_DBFLAG_ONE_SUFFIX; 1668 return 0; 1669 } 1670 1671 static int 1672 ldif_back_db_destroy( Backend *be, ConfigReply *cr ) 1673 { 1674 struct ldif_info *li = be->be_private; 1675 1676 ch_free( li->li_base_path.bv_val ); 1677 ldap_pvt_thread_rdwr_destroy( &li->li_rdwr ); 1678 ldap_pvt_thread_mutex_destroy( &li->li_modop_mutex ); 1679 free( be->be_private ); 1680 return 0; 1681 } 1682 1683 static int 1684 ldif_back_db_open( Backend *be, ConfigReply *cr ) 1685 { 1686 struct ldif_info *li = (struct ldif_info *) be->be_private; 1687 if( BER_BVISEMPTY(&li->li_base_path)) {/* missing base path */ 1688 Debug( LDAP_DEBUG_ANY, "missing base path for back-ldif\n", 0, 0, 0); 1689 return 1; 1690 } 1691 return 0; 1692 } 1693 1694 int 1695 ldif_back_initialize( BackendInfo *bi ) 1696 { 1697 static char *controls[] = { 1698 LDAP_CONTROL_MANAGEDSAIT, 1699 NULL 1700 }; 1701 int rc; 1702 1703 bi->bi_flags |= 1704 SLAP_BFLAG_INCREMENT | 1705 SLAP_BFLAG_REFERRALS; 1706 1707 bi->bi_controls = controls; 1708 1709 bi->bi_open = 0; 1710 bi->bi_close = 0; 1711 bi->bi_config = 0; 1712 bi->bi_destroy = 0; 1713 1714 bi->bi_db_init = ldif_back_db_init; 1715 bi->bi_db_config = config_generic_wrapper; 1716 bi->bi_db_open = ldif_back_db_open; 1717 bi->bi_db_close = 0; 1718 bi->bi_db_destroy = ldif_back_db_destroy; 1719 1720 bi->bi_op_bind = ldif_back_bind; 1721 bi->bi_op_unbind = 0; 1722 bi->bi_op_search = ldif_back_search; 1723 bi->bi_op_compare = 0; 1724 bi->bi_op_modify = ldif_back_modify; 1725 bi->bi_op_modrdn = ldif_back_modrdn; 1726 bi->bi_op_add = ldif_back_add; 1727 bi->bi_op_delete = ldif_back_delete; 1728 bi->bi_op_abandon = 0; 1729 1730 bi->bi_extended = 0; 1731 1732 bi->bi_chk_referrals = ldif_back_referrals; 1733 1734 bi->bi_connection_init = 0; 1735 bi->bi_connection_destroy = 0; 1736 1737 bi->bi_entry_get_rw = ldif_back_entry_get; 1738 1739 #if 0 /* NOTE: uncomment to completely disable access control */ 1740 bi->bi_access_allowed = slap_access_always_allowed; 1741 #endif 1742 1743 bi->bi_tool_entry_open = ldif_tool_entry_open; 1744 bi->bi_tool_entry_close = ldif_tool_entry_close; 1745 bi->bi_tool_entry_first = ldif_tool_entry_first; 1746 bi->bi_tool_entry_next = ldif_tool_entry_next; 1747 bi->bi_tool_entry_get = ldif_tool_entry_get; 1748 bi->bi_tool_entry_put = ldif_tool_entry_put; 1749 bi->bi_tool_entry_reindex = 0; 1750 bi->bi_tool_sync = 0; 1751 1752 bi->bi_tool_dn2id_get = 0; 1753 bi->bi_tool_entry_modify = 0; 1754 1755 bi->bi_cf_ocs = ldifocs; 1756 1757 rc = config_register_schema( ldifcfg, ldifocs ); 1758 if ( rc ) return rc; 1759 return 0; 1760 } 1761
Indexes created Sat Apr 11 00:22:22 UTC 2026