1 /* $NetBSD: refint.c,v 1.3 2021/08/14 16:15:02 christos Exp $ */
2
3 /* refint.c - referential integrity module */
4 /* $OpenLDAP$ */
5 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
6 *
7 * Copyright 2004-2021 The OpenLDAP Foundation.
8 * Portions Copyright 2004 Symas Corporation.
9 * All rights reserved.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted only as authorized by the OpenLDAP
13 * Public License.
14 *
15 * A copy of this license is available in the file LICENSE in the
16 * top-level directory of the distribution or, alternatively, at
17 * <http://www.OpenLDAP.org/license.html>.
18 */
19 /* ACKNOWLEDGEMENTS:
20 * This work was initially developed by Symas Corp. for inclusion in
21 * OpenLDAP Software. This work was sponsored by Hewlett-Packard.
22 */
23
24 #include <sys/cdefs.h>
25 __RCSID("$NetBSD: refint.c,v 1.3 2021/08/14 16:15:02 christos Exp $");
26
27 #include "portable.h"
28
29 /* This module maintains referential integrity for a set of
30 * DN-valued attributes by searching for all references to a given
31 * DN whenever the DN is changed or its entry is deleted, and making
32 * the appropriate update.
33 *
34 * Updates are performed using the database rootdn in a separate task
35 * to allow the original operation to complete immediately.
36 */
37
38 #ifdef SLAPD_OVER_REFINT
39
40 #include <stdio.h>
41
42 #include <ac/string.h>
43 #include <ac/socket.h>
44
45 #include "slap.h"
46 #include "slap-config.h"
47 #include "ldap_rq.h"
48
49 static slap_overinst refint;
50
51 /* The DN to use in the ModifiersName for all refint updates */
52 static BerValue refint_dn = BER_BVC("cn=Referential Integrity Overlay");
53 static BerValue refint_ndn = BER_BVC("cn=referential integrity overlay");
54
55 typedef struct refint_attrs_s {
56 struct refint_attrs_s *next;
57 AttributeDescription *attr;
58 BerVarray old_vals;
59 BerVarray old_nvals;
60 BerVarray new_vals;
61 BerVarray new_nvals;
62 int ra_numvals;
63 int dont_empty;
64 } refint_attrs;
65
66 typedef struct dependents_s {
67 struct dependents_s *next;
68 BerValue dn; /* target dn */
69 BerValue ndn;
70 refint_attrs *attrs;
71 } dependent_data;
72
73 typedef struct refint_q {
74 struct refint_q *next;
75 struct refint_data_s *rdata;
76 dependent_data *attrs; /* entries and attrs returned from callback */
77 BackendDB *db;
78 BerValue olddn;
79 BerValue oldndn;
80 BerValue newdn;
81 BerValue newndn;
82 int do_sub;
83 } refint_q;
84
85 typedef struct refint_data_s {
86 struct refint_attrs_s *attrs; /* list of known attrs */
87 BerValue dn; /* basedn in parent, */
88 BerValue nothing; /* the nothing value, if needed */
89 BerValue nnothing; /* normalized nothingness */
90 BerValue refint_dn; /* modifier's name */
91 BerValue refint_ndn; /* normalized modifier's name */
92 struct re_s *qtask;
93 refint_q *qhead;
94 refint_q *qtail;
95 BackendDB *db;
96 ldap_pvt_thread_mutex_t qmutex;
97 } refint_data;
98
99 typedef struct refint_pre_s {
100 slap_overinst *on;
101 int do_sub;
102 } refint_pre;
103
104 #define RUNQ_INTERVAL 36000 /* a long time */
105
106 static MatchingRule *mr_dnSubtreeMatch;
107
108 enum {
109 REFINT_ATTRS = 1,
110 REFINT_NOTHING,
111 REFINT_MODIFIERSNAME
112 };
113
114 static ConfigDriver refint_cf_gen;
115
116 static ConfigTable refintcfg[] = {
117 { "refint_attributes", "attribute...", 2, 0, 0,
118 ARG_MAGIC|REFINT_ATTRS, refint_cf_gen,
119 "( OLcfgOvAt:11.1 NAME 'olcRefintAttribute' "
120 "DESC 'Attributes for referential integrity' "
121 "EQUALITY caseIgnoreMatch "
122 "SYNTAX OMsDirectoryString )", NULL, NULL },
123 { "refint_nothing", "string", 2, 2, 0,
124 ARG_DN|ARG_QUOTE|ARG_MAGIC|REFINT_NOTHING, refint_cf_gen,
125 "( OLcfgOvAt:11.2 NAME 'olcRefintNothing' "
126 "DESC 'Replacement DN to supply when needed' "
127 "EQUALITY distinguishedNameMatch "
128 "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
129 { "refint_modifiersName", "DN", 2, 2, 0,
130 ARG_DN|ARG_QUOTE|ARG_MAGIC|REFINT_MODIFIERSNAME, refint_cf_gen,
131 "( OLcfgOvAt:11.3 NAME 'olcRefintModifiersName' "
132 "DESC 'The DN to use as modifiersName' "
133 "EQUALITY distinguishedNameMatch "
134 "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
135 { NULL, NULL, 0, 0, 0, ARG_IGNORED }
136 };
137
138 static ConfigOCs refintocs[] = {
139 { "( OLcfgOvOc:11.1 "
140 "NAME 'olcRefintConfig' "
141 "DESC 'Referential integrity configuration' "
142 "SUP olcOverlayConfig "
143 "MAY ( olcRefintAttribute "
144 "$ olcRefintNothing "
145 "$ olcRefintModifiersName "
146 ") )",
147 Cft_Overlay, refintcfg },
148 { NULL, 0, NULL }
149 };
150
151 static int
refint_cf_gen(ConfigArgs * c)152 refint_cf_gen(ConfigArgs *c)
153 {
154 slap_overinst *on = (slap_overinst *)c->bi;
155 refint_data *dd = (refint_data *)on->on_bi.bi_private;
156 refint_attrs *ip, *pip, **pipp = NULL;
157 AttributeDescription *ad;
158 const char *text;
159 int rc = ARG_BAD_CONF;
160 int i;
161
162 switch ( c->op ) {
163 case SLAP_CONFIG_EMIT:
164 switch ( c->type ) {
165 case REFINT_ATTRS:
166 ip = dd->attrs;
167 while ( ip ) {
168 value_add_one( &c->rvalue_vals,
169 &ip->attr->ad_cname );
170 ip = ip->next;
171 }
172 rc = 0;
173 break;
174 case REFINT_NOTHING:
175 if ( !BER_BVISEMPTY( &dd->nothing )) {
176 rc = value_add_one( &c->rvalue_vals,
177 &dd->nothing );
178 if ( rc ) return rc;
179 rc = value_add_one( &c->rvalue_nvals,
180 &dd->nnothing );
181 return rc;
182 }
183 rc = 0;
184 break;
185 case REFINT_MODIFIERSNAME:
186 if ( !BER_BVISEMPTY( &dd->refint_dn )) {
187 rc = value_add_one( &c->rvalue_vals,
188 &dd->refint_dn );
189 if ( rc ) return rc;
190 rc = value_add_one( &c->rvalue_nvals,
191 &dd->refint_ndn );
192 return rc;
193 }
194 rc = 0;
195 break;
196 default:
197 abort ();
198 }
199 break;
200 case LDAP_MOD_DELETE:
201 switch ( c->type ) {
202 case REFINT_ATTRS:
203 pipp = &dd->attrs;
204 if ( c->valx < 0 ) {
205 ip = *pipp;
206 *pipp = NULL;
207 while ( ip ) {
208 pip = ip;
209 ip = ip->next;
210 ch_free ( pip );
211 }
212 } else {
213 /* delete from linked list */
214 for ( i=0; i < c->valx; ++i ) {
215 pipp = &(*pipp)->next;
216 }
217 ip = *pipp;
218 *pipp = (*pipp)->next;
219
220 /* AttributeDescriptions are global so
221 * shouldn't be freed here... */
222 ch_free ( ip );
223 }
224 rc = 0;
225 break;
226 case REFINT_NOTHING:
227 ch_free( dd->nothing.bv_val );
228 ch_free( dd->nnothing.bv_val );
229 BER_BVZERO( &dd->nothing );
230 BER_BVZERO( &dd->nnothing );
231 rc = 0;
232 break;
233 case REFINT_MODIFIERSNAME:
234 ch_free( dd->refint_dn.bv_val );
235 ch_free( dd->refint_ndn.bv_val );
236 BER_BVZERO( &dd->refint_dn );
237 BER_BVZERO( &dd->refint_ndn );
238 rc = 0;
239 break;
240 default:
241 abort ();
242 }
243 break;
244 case SLAP_CONFIG_ADD:
245 /* fallthru to LDAP_MOD_ADD */
246 case LDAP_MOD_ADD:
247 switch ( c->type ) {
248 case REFINT_ATTRS:
249 rc = 0;
250 for ( i=1; i < c->argc; ++i ) {
251 ad = NULL;
252 if ( slap_str2ad ( c->argv[i], &ad, &text )
253 == LDAP_SUCCESS) {
254 ip = ch_malloc (
255 sizeof ( refint_attrs ) );
256 ip->attr = ad;
257 ip->next = dd->attrs;
258 dd->attrs = ip;
259 } else {
260 snprintf( c->cr_msg, sizeof( c->cr_msg ),
261 "%s <%s>: %s", c->argv[0], c->argv[i], text );
262 Debug ( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
263 "%s: %s\n", c->log, c->cr_msg );
264 rc = ARG_BAD_CONF;
265 }
266 }
267 break;
268 case REFINT_NOTHING:
269 if ( !BER_BVISNULL( &c->value_ndn )) {
270 ch_free ( dd->nothing.bv_val );
271 ch_free ( dd->nnothing.bv_val );
272 dd->nothing = c->value_dn;
273 dd->nnothing = c->value_ndn;
274 rc = 0;
275 } else {
276 rc = ARG_BAD_CONF;
277 }
278 break;
279 case REFINT_MODIFIERSNAME:
280 if ( !BER_BVISNULL( &c->value_ndn )) {
281 ch_free( dd->refint_dn.bv_val );
282 ch_free( dd->refint_ndn.bv_val );
283 dd->refint_dn = c->value_dn;
284 dd->refint_ndn = c->value_ndn;
285 rc = 0;
286 } else {
287 rc = ARG_BAD_CONF;
288 }
289 break;
290 default:
291 abort ();
292 }
293 break;
294 default:
295 abort ();
296 }
297
298 return rc;
299 }
300
301 /*
302 ** allocate new refint_data;
303 ** store in on_bi.bi_private;
304 **
305 */
306
307 static int
refint_db_init(BackendDB * be,ConfigReply * cr)308 refint_db_init(
309 BackendDB *be,
310 ConfigReply *cr
311 )
312 {
313 slap_overinst *on = (slap_overinst *)be->bd_info;
314 refint_data *id = ch_calloc(1,sizeof(refint_data));
315
316 on->on_bi.bi_private = id;
317 ldap_pvt_thread_mutex_init( &id->qmutex );
318 return(0);
319 }
320
321 static int
refint_db_destroy(BackendDB * be,ConfigReply * cr)322 refint_db_destroy(
323 BackendDB *be,
324 ConfigReply *cr
325 )
326 {
327 slap_overinst *on = (slap_overinst *)be->bd_info;
328
329 if ( on->on_bi.bi_private ) {
330 refint_data *id = on->on_bi.bi_private;
331 refint_attrs *ii, *ij;
332
333 on->on_bi.bi_private = NULL;
334 ldap_pvt_thread_mutex_destroy( &id->qmutex );
335
336 for(ii = id->attrs; ii; ii = ij) {
337 ij = ii->next;
338 ch_free(ii);
339 }
340
341 ch_free( id->nothing.bv_val );
342 BER_BVZERO( &id->nothing );
343 ch_free( id->nnothing.bv_val );
344 BER_BVZERO( &id->nnothing );
345
346 ch_free( id );
347 }
348 return(0);
349 }
350
351 /*
352 ** initialize, copy basedn if not already set
353 **
354 */
355
356 static int
refint_open(BackendDB * be,ConfigReply * cr)357 refint_open(
358 BackendDB *be,
359 ConfigReply *cr
360 )
361 {
362 slap_overinst *on = (slap_overinst *)be->bd_info;
363 refint_data *id = on->on_bi.bi_private;
364
365 if ( BER_BVISNULL( &id->dn )) {
366 if ( BER_BVISNULL( &be->be_nsuffix[0] ))
367 return -1;
368 ber_dupbv( &id->dn, &be->be_nsuffix[0] );
369 }
370 if ( BER_BVISNULL( &id->refint_dn ) ) {
371 ber_dupbv( &id->refint_dn, &refint_dn );
372 ber_dupbv( &id->refint_ndn, &refint_ndn );
373 }
374
375 /*
376 ** find the backend that matches our configured basedn;
377 ** make sure it exists and has search and modify methods;
378 **
379 */
380
381 if ( on->on_info->oi_origdb != frontendDB ) {
382 BackendDB *db = select_backend(&id->dn, 1);
383
384 if ( db ) {
385 BackendInfo *bi;
386 if ( db == be )
387 bi = on->on_info->oi_orig;
388 else
389 bi = db->bd_info;
390 if ( !bi->bi_op_search || !bi->bi_op_modify ) {
391 Debug( LDAP_DEBUG_CONFIG,
392 "refint_response: backend missing search and/or modify\n" );
393 return -1;
394 }
395 id->db = db;
396 } else {
397 Debug( LDAP_DEBUG_CONFIG,
398 "refint_response: no backend for our baseDN %s??\n",
399 id->dn.bv_val );
400 return -1;
401 }
402 }
403 return(0);
404 }
405
406
407 /*
408 ** free our basedn;
409 ** free our refintdn
410 **
411 */
412
413 static int
refint_close(BackendDB * be,ConfigReply * cr)414 refint_close(
415 BackendDB *be,
416 ConfigReply *cr
417 )
418 {
419 slap_overinst *on = (slap_overinst *) be->bd_info;
420 refint_data *id = on->on_bi.bi_private;
421
422 ch_free( id->dn.bv_val );
423 BER_BVZERO( &id->dn );
424 ch_free( id->refint_dn.bv_val );
425 BER_BVZERO( &id->refint_dn );
426 ch_free( id->refint_ndn.bv_val );
427 BER_BVZERO( &id->refint_ndn );
428
429 return(0);
430 }
431
432 /*
433 ** search callback
434 ** generates a list of Attributes from search results
435 */
436
437 static int
refint_search_cb(Operation * op,SlapReply * rs)438 refint_search_cb(
439 Operation *op,
440 SlapReply *rs
441 )
442 {
443 Attribute *a;
444 BerVarray b = NULL;
445 refint_q *rq = op->o_callback->sc_private;
446 refint_data *dd = rq->rdata;
447 refint_attrs *ia, *da = dd->attrs, *na;
448 dependent_data *ip;
449 int i;
450
451 Debug(LDAP_DEBUG_TRACE, "refint_search_cb <%s>\n",
452 rs->sr_entry ? rs->sr_entry->e_name.bv_val : "NOTHING" );
453
454 if (rs->sr_type != REP_SEARCH || !rs->sr_entry) return(0);
455
456 /*
457 ** foreach configured attribute type:
458 ** if this attr exists in the search result,
459 ** and it has a value matching the target:
460 ** allocate an attr;
461 ** save/build DNs of any subordinate matches;
462 ** handle special case: found exact + subordinate match;
463 ** handle olcRefintNothing;
464 **
465 */
466
467 ip = op->o_tmpalloc(sizeof(dependent_data), op->o_tmpmemctx );
468 ber_dupbv_x( &ip->dn, &rs->sr_entry->e_name, op->o_tmpmemctx );
469 ber_dupbv_x( &ip->ndn, &rs->sr_entry->e_nname, op->o_tmpmemctx );
470 ip->next = rq->attrs;
471 rq->attrs = ip;
472 ip->attrs = NULL;
473 for(ia = da; ia; ia = ia->next) {
474 if ( (a = attr_find(rs->sr_entry->e_attrs, ia->attr) ) ) {
475 int exact = -1, is_exact;
476
477 na = NULL;
478
479 /* Are we doing subtree matching or simple equality? */
480 if ( rq->do_sub ) {
481 for(i = 0, b = a->a_nvals; b[i].bv_val; i++) {
482 if(dnIsSuffix(&b[i], &rq->oldndn)) {
483 is_exact = b[i].bv_len == rq->oldndn.bv_len;
484
485 /* Paranoia: skip buggy duplicate exact match,
486 * it would break ra_numvals
487 */
488 if ( is_exact && exact >= 0 )
489 continue;
490
491 /* first match? create structure */
492 if ( na == NULL ) {
493 na = op->o_tmpcalloc( 1,
494 sizeof( refint_attrs ),
495 op->o_tmpmemctx );
496 na->next = ip->attrs;
497 ip->attrs = na;
498 na->attr = ia->attr;
499 }
500
501 na->ra_numvals++;
502
503 if ( is_exact ) {
504 /* Exact match: refint_repair will deduce the DNs */
505 exact = i;
506
507 } else {
508 /* Subordinate match */
509 struct berval newsub, newdn, olddn, oldndn;
510
511 /* Save old DN */
512 ber_dupbv_x( &olddn, &a->a_vals[i], op->o_tmpmemctx );
513 ber_bvarray_add_x( &na->old_vals, &olddn, op->o_tmpmemctx );
514
515 ber_dupbv_x( &oldndn, &a->a_nvals[i], op->o_tmpmemctx );
516 ber_bvarray_add_x( &na->old_nvals, &oldndn, op->o_tmpmemctx );
517
518 if ( BER_BVISEMPTY( &rq->newdn ) )
519 continue;
520
521 /* Rename subordinate match: Build new DN */
522 newsub = a->a_vals[i];
523 newsub.bv_len -= rq->olddn.bv_len + 1;
524 build_new_dn( &newdn, &rq->newdn, &newsub, op->o_tmpmemctx );
525 ber_bvarray_add_x( &na->new_vals, &newdn, op->o_tmpmemctx );
526
527 newsub = a->a_nvals[i];
528 newsub.bv_len -= rq->oldndn.bv_len + 1;
529 build_new_dn( &newdn, &rq->newndn, &newsub, op->o_tmpmemctx );
530 ber_bvarray_add_x( &na->new_nvals, &newdn, op->o_tmpmemctx );
531 }
532 }
533 }
534
535 /* If we got both subordinate and exact match,
536 * refint_repair won't special-case the exact match */
537 if ( exact >= 0 && na->old_vals ) {
538 struct berval dn;
539
540 ber_dupbv_x( &dn, &a->a_vals[exact], op->o_tmpmemctx );
541 ber_bvarray_add_x( &na->old_vals, &dn, op->o_tmpmemctx );
542 ber_dupbv_x( &dn, &a->a_nvals[exact], op->o_tmpmemctx );
543 ber_bvarray_add_x( &na->old_nvals, &dn, op->o_tmpmemctx );
544
545 if ( !BER_BVISEMPTY( &rq->newdn ) ) {
546 ber_dupbv_x( &dn, &rq->newdn, op->o_tmpmemctx );
547 ber_bvarray_add_x( &na->new_vals, &dn, op->o_tmpmemctx );
548 ber_dupbv_x( &dn, &rq->newndn, op->o_tmpmemctx );
549 ber_bvarray_add_x( &na->new_nvals, &dn, op->o_tmpmemctx );
550 }
551 }
552 } else {
553 /* entry has no children, just equality matching */
554 is_exact = attr_valfind( a,
555 SLAP_MR_EQUALITY|SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH|
556 SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH, &rq->oldndn, &i, NULL );
557 if ( is_exact == LDAP_SUCCESS ) {
558 na = op->o_tmpcalloc( 1,
559 sizeof( refint_attrs ),
560 op->o_tmpmemctx );
561 na->next = ip->attrs;
562 ip->attrs = na;
563 na->attr = ia->attr;
564 na->ra_numvals = 1;
565 }
566 }
567
568 /* Deleting/replacing all values and a nothing DN is configured? */
569 if ( na && na->ra_numvals == a->a_numvals && !BER_BVISNULL(&dd->nothing) )
570 na->dont_empty = 1;
571
572 Debug( LDAP_DEBUG_TRACE, "refint_search_cb: %s: %s (#%d)\n",
573 a->a_desc->ad_cname.bv_val, rq->olddn.bv_val, i );
574 }
575 }
576
577 return(0);
578 }
579
580 static int
refint_repair(Operation * op,refint_data * id,refint_q * rq)581 refint_repair(
582 Operation *op,
583 refint_data *id,
584 refint_q *rq )
585 {
586 dependent_data *dp;
587 SlapReply rs = {REP_RESULT};
588 Operation op2;
589 unsigned long opid;
590 int rc;
591 int cache;
592
593 op->o_callback->sc_response = refint_search_cb;
594 op->o_req_dn = op->o_bd->be_suffix[ 0 ];
595 op->o_req_ndn = op->o_bd->be_nsuffix[ 0 ];
596 op->o_dn = op->o_bd->be_rootdn;
597 op->o_ndn = op->o_bd->be_rootndn;
598 cache = op->o_do_not_cache;
599 op->o_do_not_cache = 1;
600
601 /* search */
602 rc = op->o_bd->be_search( op, &rs );
603 op->o_do_not_cache = cache;
604
605 if ( rc != LDAP_SUCCESS ) {
606 Debug( LDAP_DEBUG_TRACE,
607 "refint_repair: search failed: %d\n",
608 rc );
609 return rc;
610 }
611
612 /* safety? paranoid just in case */
613 if ( op->o_callback->sc_private == NULL ) {
614 Debug( LDAP_DEBUG_TRACE,
615 "refint_repair: callback wiped out sc_private?!\n" );
616 return 0;
617 }
618
619 /* Set up the Modify requests */
620 op->o_callback->sc_response = &slap_null_cb;
621
622 /*
623 * [our search callback builds a list of attrs]
624 * foreach attr:
625 * make sure its dn has a backend;
626 * build Modification* chain;
627 * call the backend modify function;
628 *
629 */
630
631 opid = op->o_opid;
632 op2 = *op;
633 for ( dp = rq->attrs; dp; dp = dp->next ) {
634 SlapReply rs2 = {REP_RESULT};
635 refint_attrs *ra;
636 Modifications *m;
637
638 if ( dp->attrs == NULL ) continue; /* TODO: Is this needed? */
639
640 op2.o_bd = select_backend( &dp->ndn, 1 );
641 if ( !op2.o_bd ) {
642 Debug( LDAP_DEBUG_TRACE,
643 "refint_repair: no backend for DN %s!\n",
644 dp->dn.bv_val );
645 continue;
646 }
647 op2.o_tag = LDAP_REQ_MODIFY;
648 op2.orm_modlist = NULL;
649 op2.o_req_dn = dp->dn;
650 op2.o_req_ndn = dp->ndn;
651 /* Internal ops, never replicate these */
652 op2.orm_no_opattrs = 1;
653 op2.o_dont_replicate = 1;
654 op2.o_opid = 0;
655
656 /* Set our ModifiersName */
657 if ( SLAP_LASTMOD( op->o_bd ) ) {
658 m = op2.o_tmpalloc( sizeof(Modifications) +
659 4*sizeof(BerValue), op2.o_tmpmemctx );
660 m->sml_next = op2.orm_modlist;
661 op2.orm_modlist = m;
662 m->sml_op = LDAP_MOD_REPLACE;
663 m->sml_flags = SLAP_MOD_INTERNAL;
664 m->sml_desc = slap_schema.si_ad_modifiersName;
665 m->sml_type = m->sml_desc->ad_cname;
666 m->sml_numvals = 1;
667 m->sml_values = (BerVarray)(m+1);
668 m->sml_nvalues = m->sml_values+2;
669 BER_BVZERO( &m->sml_values[1] );
670 BER_BVZERO( &m->sml_nvalues[1] );
671 m->sml_values[0] = id->refint_dn;
672 m->sml_nvalues[0] = id->refint_ndn;
673 }
674
675 for ( ra = dp->attrs; ra; ra = ra->next ) {
676 size_t len;
677
678 /* Add values */
679 if ( ra->dont_empty || !BER_BVISEMPTY( &rq->newdn ) ) {
680 len = sizeof(Modifications);
681
682 if ( ra->new_vals == NULL ) {
683 len += 4*sizeof(BerValue);
684 }
685
686 m = op2.o_tmpalloc( len, op2.o_tmpmemctx );
687 m->sml_next = op2.orm_modlist;
688 op2.orm_modlist = m;
689 m->sml_op = LDAP_MOD_ADD;
690 m->sml_flags = 0;
691 m->sml_desc = ra->attr;
692 m->sml_type = ra->attr->ad_cname;
693 if ( ra->new_vals == NULL ) {
694 m->sml_values = (BerVarray)(m+1);
695 m->sml_nvalues = m->sml_values+2;
696 BER_BVZERO( &m->sml_values[1] );
697 BER_BVZERO( &m->sml_nvalues[1] );
698 m->sml_numvals = 1;
699 if ( BER_BVISEMPTY( &rq->newdn ) ) {
700 m->sml_values[0] = id->nothing;
701 m->sml_nvalues[0] = id->nnothing;
702 } else {
703 m->sml_values[0] = rq->newdn;
704 m->sml_nvalues[0] = rq->newndn;
705 }
706 } else {
707 m->sml_values = ra->new_vals;
708 m->sml_nvalues = ra->new_nvals;
709 m->sml_numvals = ra->ra_numvals;
710 }
711 }
712
713 /* Delete values */
714 len = sizeof(Modifications);
715 if ( ra->old_vals == NULL ) {
716 len += 4*sizeof(BerValue);
717 }
718 m = op2.o_tmpalloc( len, op2.o_tmpmemctx );
719 m->sml_next = op2.orm_modlist;
720 op2.orm_modlist = m;
721 m->sml_op = LDAP_MOD_DELETE;
722 m->sml_flags = 0;
723 m->sml_desc = ra->attr;
724 m->sml_type = ra->attr->ad_cname;
725 if ( ra->old_vals == NULL ) {
726 m->sml_numvals = 1;
727 m->sml_values = (BerVarray)(m+1);
728 m->sml_nvalues = m->sml_values+2;
729 m->sml_values[0] = rq->olddn;
730 m->sml_nvalues[0] = rq->oldndn;
731 BER_BVZERO( &m->sml_values[1] );
732 BER_BVZERO( &m->sml_nvalues[1] );
733 } else {
734 m->sml_values = ra->old_vals;
735 m->sml_nvalues = ra->old_nvals;
736 m->sml_numvals = ra->ra_numvals;
737 }
738 }
739
740 op2.o_dn = op2.o_bd->be_rootdn;
741 op2.o_ndn = op2.o_bd->be_rootndn;
742 rc = op2.o_bd->be_modify( &op2, &rs2 );
743 if ( rc != LDAP_SUCCESS ) {
744 Debug( LDAP_DEBUG_TRACE,
745 "refint_repair: dependent modify failed: %d\n",
746 rs2.sr_err );
747 }
748
749 while ( ( m = op2.orm_modlist ) ) {
750 op2.orm_modlist = m->sml_next;
751 op2.o_tmpfree( m, op2.o_tmpmemctx );
752 }
753 }
754 op2.o_opid = opid;
755
756 return 0;
757 }
758
759 static void *
refint_qtask(void * ctx,void * arg)760 refint_qtask( void *ctx, void *arg )
761 {
762 struct re_s *rtask = arg;
763 refint_data *id = rtask->arg;
764 Connection conn = {0};
765 OperationBuffer opbuf;
766 Operation *op;
767 slap_callback cb = { NULL, NULL, NULL, NULL };
768 Filter ftop, *fptr;
769 refint_q *rq;
770 refint_attrs *ip;
771 int pausing = 0, rc = 0;
772
773 connection_fake_init( &conn, &opbuf, ctx );
774 op = &opbuf.ob_op;
775
776 /*
777 ** build a search filter for all configured attributes;
778 ** populate our Operation;
779 ** pass our data (attr list, dn) to backend via sc_private;
780 ** call the backend search function;
781 ** nb: (|(one=thing)) is valid, but do smart formatting anyway;
782 ** nb: 16 is arbitrarily a dozen or so extra bytes;
783 **
784 */
785
786 ftop.f_choice = LDAP_FILTER_OR;
787 ftop.f_next = NULL;
788 ftop.f_or = NULL;
789 op->ors_filter = &ftop;
790 for(ip = id->attrs; ip; ip = ip->next) {
791 /* this filter can be either EQUALITY or EXT */
792 fptr = op->o_tmpcalloc( sizeof(Filter) + sizeof(MatchingRuleAssertion),
793 1, op->o_tmpmemctx );
794 fptr->f_mra = (MatchingRuleAssertion *)(fptr+1);
795 fptr->f_mr_rule = mr_dnSubtreeMatch;
796 fptr->f_mr_rule_text = mr_dnSubtreeMatch->smr_bvoid;
797 fptr->f_mr_desc = ip->attr;
798 fptr->f_mr_dnattrs = 0;
799 fptr->f_next = ftop.f_or;
800 ftop.f_or = fptr;
801 }
802
803 for (;;) {
804 dependent_data *dp, *dp_next;
805 refint_attrs *ra, *ra_next;
806
807 if ( ldap_pvt_thread_pool_pausing( &connection_pool ) > 0 ) {
808 pausing = 1;
809 break;
810 }
811
812 /* Dequeue an op */
813 ldap_pvt_thread_mutex_lock( &id->qmutex );
814 rq = id->qhead;
815 if ( rq ) {
816 id->qhead = rq->next;
817 if ( !id->qhead )
818 id->qtail = NULL;
819 }
820 ldap_pvt_thread_mutex_unlock( &id->qmutex );
821 if ( !rq )
822 break;
823
824 for (fptr = ftop.f_or; fptr; fptr = fptr->f_next ) {
825 fptr->f_mr_value = rq->oldndn;
826 /* Use (attr:dnSubtreeMatch:=value) to catch subtree rename
827 * and subtree delete where supported */
828 if (rq->do_sub)
829 fptr->f_choice = LDAP_FILTER_EXT;
830 else
831 fptr->f_choice = LDAP_FILTER_EQUALITY;
832 }
833
834 filter2bv_x( op, op->ors_filter, &op->ors_filterstr );
835
836 /* callback gets the searched dn instead */
837 cb.sc_private = rq;
838 cb.sc_response = refint_search_cb;
839 op->o_callback = &cb;
840 op->o_tag = LDAP_REQ_SEARCH;
841 op->ors_scope = LDAP_SCOPE_SUBTREE;
842 op->ors_deref = LDAP_DEREF_NEVER;
843 op->ors_limit = NULL;
844 op->ors_slimit = SLAP_NO_LIMIT;
845 op->ors_tlimit = SLAP_NO_LIMIT;
846
847 /* no attrs! */
848 op->ors_attrs = slap_anlist_no_attrs;
849
850 slap_op_time( &op->o_time, &op->o_tincr );
851
852 if ( rq->db != NULL ) {
853 op->o_bd = rq->db;
854 rc = refint_repair( op, id, rq );
855
856 } else {
857 BackendDB *be;
858
859 LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) {
860 /* we may want to skip cn=config */
861 if ( be == LDAP_STAILQ_FIRST(&backendDB) ) {
862 continue;
863 }
864
865 if ( be->be_search && be->be_modify ) {
866 op->o_bd = be;
867 rc = refint_repair( op, id, rq );
868 }
869 }
870 }
871
872 for ( dp = rq->attrs; dp; dp = dp_next ) {
873 dp_next = dp->next;
874 for ( ra = dp->attrs; ra; ra = ra_next ) {
875 ra_next = ra->next;
876 ber_bvarray_free_x( ra->new_nvals, op->o_tmpmemctx );
877 ber_bvarray_free_x( ra->new_vals, op->o_tmpmemctx );
878 ber_bvarray_free_x( ra->old_nvals, op->o_tmpmemctx );
879 ber_bvarray_free_x( ra->old_vals, op->o_tmpmemctx );
880 op->o_tmpfree( ra, op->o_tmpmemctx );
881 }
882 op->o_tmpfree( dp->ndn.bv_val, op->o_tmpmemctx );
883 op->o_tmpfree( dp->dn.bv_val, op->o_tmpmemctx );
884 op->o_tmpfree( dp, op->o_tmpmemctx );
885 }
886 op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
887 if ( rc == LDAP_BUSY ) {
888 pausing = 1;
889 /* re-queue this op */
890 ldap_pvt_thread_mutex_lock( &id->qmutex );
891 rq->next = id->qhead;
892 id->qhead = rq;
893 if ( !id->qtail )
894 id->qtail = rq;
895 ldap_pvt_thread_mutex_unlock( &id->qmutex );
896 break;
897 }
898
899 if ( !BER_BVISNULL( &rq->newndn )) {
900 ch_free( rq->newndn.bv_val );
901 ch_free( rq->newdn.bv_val );
902 }
903 ch_free( rq->oldndn.bv_val );
904 ch_free( rq->olddn.bv_val );
905 ch_free( rq );
906 }
907
908 /* free filter */
909 for ( fptr = ftop.f_or; fptr; ) {
910 Filter *f_next = fptr->f_next;
911 op->o_tmpfree( fptr, op->o_tmpmemctx );
912 fptr = f_next;
913 }
914
915 /* wait until we get explicitly scheduled again */
916 ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
917 ldap_pvt_runqueue_stoptask( &slapd_rq, id->qtask );
918 if ( pausing ) {
919 /* try to run again as soon as the pause is done */
920 id->qtask->interval.tv_sec = 0;
921 ldap_pvt_runqueue_resched( &slapd_rq, id->qtask, 0 );
922 id->qtask->interval.tv_sec = RUNQ_INTERVAL;
923 } else {
924 ldap_pvt_runqueue_resched( &slapd_rq,id->qtask, 1 );
925 }
926 ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
927
928 return NULL;
929 }
930
931 /*
932 ** refint_response
933 ** search for matching records and modify them
934 */
935
936 static int
refint_response(Operation * op,SlapReply * rs)937 refint_response(
938 Operation *op,
939 SlapReply *rs
940 )
941 {
942 refint_pre *rp;
943 slap_overinst *on;
944 refint_data *id;
945 BerValue pdn;
946 refint_q *rq;
947 refint_attrs *ip;
948 int ac;
949
950 /* If the main op failed or is not a Delete or ModRdn, ignore it */
951 if (( op->o_tag != LDAP_REQ_DELETE && op->o_tag != LDAP_REQ_MODRDN ) ||
952 rs->sr_err != LDAP_SUCCESS )
953 return SLAP_CB_CONTINUE;
954
955 rp = op->o_callback->sc_private;
956 on = rp->on;
957 id = on->on_bi.bi_private;
958
959 rq = ch_calloc( 1, sizeof( refint_q ));
960 ber_dupbv( &rq->olddn, &op->o_req_dn );
961 ber_dupbv( &rq->oldndn, &op->o_req_ndn );
962 rq->db = id->db;
963 rq->rdata = id;
964 rq->do_sub = rp->do_sub;
965
966 if ( op->o_tag == LDAP_REQ_MODRDN ) {
967 if ( op->oq_modrdn.rs_newSup ) {
968 pdn = *op->oq_modrdn.rs_newSup;
969 } else {
970 dnParent( &op->o_req_dn, &pdn );
971 }
972 build_new_dn( &rq->newdn, &pdn, &op->orr_newrdn, NULL );
973 if ( op->oq_modrdn.rs_nnewSup ) {
974 pdn = *op->oq_modrdn.rs_nnewSup;
975 } else {
976 dnParent( &op->o_req_ndn, &pdn );
977 }
978 build_new_dn( &rq->newndn, &pdn, &op->orr_nnewrdn, NULL );
979 }
980
981 ldap_pvt_thread_mutex_lock( &id->qmutex );
982 if ( id->qtail ) {
983 id->qtail->next = rq;
984 } else {
985 id->qhead = rq;
986 }
987 id->qtail = rq;
988 ldap_pvt_thread_mutex_unlock( &id->qmutex );
989
990 ac = 0;
991 ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
992 if ( !id->qtask ) {
993 id->qtask = ldap_pvt_runqueue_insert( &slapd_rq, RUNQ_INTERVAL,
994 refint_qtask, id, "refint_qtask",
995 op->o_bd->be_suffix[0].bv_val );
996 ac = 1;
997 } else {
998 if ( !ldap_pvt_runqueue_isrunning( &slapd_rq, id->qtask ) &&
999 !id->qtask->next_sched.tv_sec ) {
1000 id->qtask->interval.tv_sec = 0;
1001 ldap_pvt_runqueue_resched( &slapd_rq, id->qtask, 0 );
1002 id->qtask->interval.tv_sec = RUNQ_INTERVAL;
1003 ac = 1;
1004 }
1005 }
1006 ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
1007 if ( ac )
1008 slap_wake_listener();
1009
1010 return SLAP_CB_CONTINUE;
1011 }
1012
1013 /* Check if the target entry exists and has children.
1014 * Do nothing if target doesn't exist.
1015 */
1016 static int
refint_preop(Operation * op,SlapReply * rs)1017 refint_preop(
1018 Operation *op,
1019 SlapReply *rs
1020 )
1021 {
1022 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
1023 refint_data *id = on->on_bi.bi_private;
1024 Entry *e;
1025 int rc;
1026
1027 /* are any attrs configured? */
1028 if ( !id->attrs )
1029 return SLAP_CB_CONTINUE;
1030
1031 rc = overlay_entry_get_ov( op, &op->o_req_ndn, NULL, NULL, 0, &e, on );
1032 if ( rc == LDAP_SUCCESS ) {
1033 slap_callback *sc = op->o_tmpcalloc( 1,
1034 sizeof(slap_callback)+sizeof(refint_pre), op->o_tmpmemctx );
1035 refint_pre *rp = (refint_pre *)(sc+1);
1036 rp->on = on;
1037 rp->do_sub = 1; /* assume there are children */
1038 if ( op->o_bd->be_has_subordinates ) {
1039 int has = 0;
1040 rc = op->o_bd->be_has_subordinates( op, e, &has );
1041 /* there definitely are not children */
1042 if ( rc == LDAP_SUCCESS && has == LDAP_COMPARE_FALSE )
1043 rp->do_sub = 0;
1044 }
1045 overlay_entry_release_ov( op, e, 0, on );
1046 sc->sc_response = refint_response;
1047 sc->sc_private = rp;
1048 sc->sc_next = op->o_callback;
1049 op->o_callback = sc;
1050 }
1051 return SLAP_CB_CONTINUE;
1052 }
1053
1054 /*
1055 ** init_module is last so the symbols resolve "for free" --
1056 ** it expects to be called automagically during dynamic module initialization
1057 */
1058
refint_initialize()1059 int refint_initialize() {
1060 int rc;
1061
1062 mr_dnSubtreeMatch = mr_find( "dnSubtreeMatch" );
1063 if ( mr_dnSubtreeMatch == NULL ) {
1064 Debug( LDAP_DEBUG_ANY, "refint_initialize: "
1065 "unable to find MatchingRule 'dnSubtreeMatch'.\n" );
1066 return 1;
1067 }
1068
1069 /* statically declared just after the #includes at top */
1070 refint.on_bi.bi_type = "refint";
1071 refint.on_bi.bi_db_init = refint_db_init;
1072 refint.on_bi.bi_db_destroy = refint_db_destroy;
1073 refint.on_bi.bi_db_open = refint_open;
1074 refint.on_bi.bi_db_close = refint_close;
1075 refint.on_bi.bi_op_delete = refint_preop;
1076 refint.on_bi.bi_op_modrdn = refint_preop;
1077
1078 refint.on_bi.bi_cf_ocs = refintocs;
1079 rc = config_register_schema ( refintcfg, refintocs );
1080 if ( rc ) return rc;
1081
1082 return(overlay_register(&refint));
1083 }
1084
1085 #if SLAPD_OVER_REFINT == SLAPD_MOD_DYNAMIC && defined(PIC)
init_module(int argc,char * argv[])1086 int init_module(int argc, char *argv[]) {
1087 return refint_initialize();
1088 }
1089 #endif
1090
1091 #endif /* SLAPD_OVER_REFINT */
1092