1 /* refint.c - referential integrity module */ 2 /* $OpenLDAP: pkg/ldap/servers/slapd/overlays/refint.c,v 1.19.2.9 2008/05/27 20:18:19 quanah Exp $ */ 3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>. 4 * 5 * Copyright 2004-2008 The OpenLDAP Foundation. 6 * Portions Copyright 2004 Symas Corporation. 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted only as authorized by the OpenLDAP 11 * Public License. 12 * 13 * A copy of this license is available in the file LICENSE in the 14 * top-level directory of the distribution or, alternatively, at 15 * <http://www.OpenLDAP.org/license.html>. 16 */ 17 /* ACKNOWLEDGEMENTS: 18 * This work was initially developed by Symas Corp. for inclusion in 19 * OpenLDAP Software. This work was sponsored by Hewlett-Packard. 20 */ 21 22 #include "portable.h" 23 24 /* This module maintains referential integrity for a set of 25 * DN-valued attributes by searching for all references to a given 26 * DN whenever the DN is changed or its entry is deleted, and making 27 * the appropriate update. 28 * 29 * Updates are performed using the database rootdn in a separate task 30 * to allow the original operation to complete immediately. 31 */ 32 33 #ifdef SLAPD_OVER_REFINT 34 35 #include <stdio.h> 36 37 #include <ac/string.h> 38 #include <ac/socket.h> 39 40 #include "slap.h" 41 #include "config.h" 42 #include "ldap_rq.h" 43 44 static slap_overinst refint; 45 46 /* The DN to use in the ModifiersName for all refint updates */ 47 static BerValue refint_dn = BER_BVC("cn=Referential Integrity Overlay"); 48 static BerValue refint_ndn = BER_BVC("cn=referential integrity overlay"); 49 50 typedef struct refint_attrs_s { 51 struct refint_attrs_s *next; 52 AttributeDescription *attr; 53 BerVarray old_vals; 54 BerVarray old_nvals; 55 BerVarray new_vals; 56 BerVarray new_nvals; 57 int ra_numvals; 58 } refint_attrs; 59 60 typedef struct dependents_s { 61 struct dependents_s *next; 62 BerValue dn; /* target dn */ 63 BerValue ndn; 64 refint_attrs *attrs; 65 } dependent_data; 66 67 typedef struct refint_q { 68 struct refint_q *next; 69 struct refint_data_s *rdata; 70 dependent_data *attrs; /* entries and attrs returned from callback */ 71 BackendDB *db; 72 BerValue olddn; 73 BerValue oldndn; 74 BerValue newdn; 75 BerValue newndn; 76 } refint_q; 77 78 typedef struct refint_data_s { 79 const char *message; /* breadcrumbs */ 80 struct refint_attrs_s *attrs; /* list of known attrs */ 81 BerValue dn; /* basedn in parent, */ 82 BerValue nothing; /* the nothing value, if needed */ 83 BerValue nnothing; /* normalized nothingness */ 84 BerValue refint_dn; /* modifier's name */ 85 BerValue refint_ndn; /* normalized modifier's name */ 86 struct re_s *qtask; 87 refint_q *qhead; 88 refint_q *qtail; 89 ldap_pvt_thread_mutex_t qmutex; 90 } refint_data; 91 92 #define RUNQ_INTERVAL 36000 /* a long time */ 93 94 static MatchingRule *mr_dnSubtreeMatch; 95 96 enum { 97 REFINT_ATTRS = 1, 98 REFINT_NOTHING, 99 REFINT_MODIFIERSNAME 100 }; 101 102 static ConfigDriver refint_cf_gen; 103 104 static ConfigTable refintcfg[] = { 105 { "refint_attributes", "attribute...", 2, 0, 0, 106 ARG_MAGIC|REFINT_ATTRS, refint_cf_gen, 107 "( OLcfgOvAt:11.1 NAME 'olcRefintAttribute' " 108 "DESC 'Attributes for referential integrity' " 109 "EQUALITY caseIgnoreMatch " 110 "SYNTAX OMsDirectoryString )", NULL, NULL }, 111 { "refint_nothing", "string", 2, 2, 0, 112 ARG_DN|ARG_MAGIC|REFINT_NOTHING, refint_cf_gen, 113 "( OLcfgOvAt:11.2 NAME 'olcRefintNothing' " 114 "DESC 'Replacement DN to supply when needed' " 115 "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL }, 116 { "refint_modifiersName", "DN", 2, 2, 0, 117 ARG_DN|ARG_MAGIC|REFINT_MODIFIERSNAME, refint_cf_gen, 118 "( OLcfgOvAt:11.3 NAME 'olcRefintModifiersName' " 119 "DESC 'The DN to use as modifiersName' " 120 "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL }, 121 { NULL, NULL, 0, 0, 0, ARG_IGNORED } 122 }; 123 124 static ConfigOCs refintocs[] = { 125 { "( OLcfgOvOc:11.1 " 126 "NAME 'olcRefintConfig' " 127 "DESC 'Referential integrity configuration' " 128 "SUP olcOverlayConfig " 129 "MAY ( olcRefintAttribute " 130 "$ olcRefintNothing " 131 "$ olcRefintModifiersName " 132 ") )", 133 Cft_Overlay, refintcfg }, 134 { NULL, 0, NULL } 135 }; 136 137 static int 138 refint_cf_gen(ConfigArgs *c) 139 { 140 slap_overinst *on = (slap_overinst *)c->bi; 141 refint_data *dd = (refint_data *)on->on_bi.bi_private; 142 refint_attrs *ip, *pip, **pipp = NULL; 143 AttributeDescription *ad; 144 const char *text; 145 int rc = ARG_BAD_CONF; 146 int i; 147 148 switch ( c->op ) { 149 case SLAP_CONFIG_EMIT: 150 switch ( c->type ) { 151 case REFINT_ATTRS: 152 ip = dd->attrs; 153 while ( ip ) { 154 value_add_one( &c->rvalue_vals, 155 &ip->attr->ad_cname ); 156 ip = ip->next; 157 } 158 rc = 0; 159 break; 160 case REFINT_NOTHING: 161 if ( !BER_BVISEMPTY( &dd->nothing )) { 162 rc = value_add_one( &c->rvalue_vals, 163 &dd->nothing ); 164 if ( rc ) return rc; 165 rc = value_add_one( &c->rvalue_nvals, 166 &dd->nnothing ); 167 return rc; 168 } 169 rc = 0; 170 break; 171 case REFINT_MODIFIERSNAME: 172 if ( !BER_BVISEMPTY( &dd->refint_dn )) { 173 rc = value_add_one( &c->rvalue_vals, 174 &dd->refint_dn ); 175 if ( rc ) return rc; 176 rc = value_add_one( &c->rvalue_nvals, 177 &dd->refint_ndn ); 178 return rc; 179 } 180 rc = 0; 181 break; 182 default: 183 abort (); 184 } 185 break; 186 case LDAP_MOD_DELETE: 187 switch ( c->type ) { 188 case REFINT_ATTRS: 189 pipp = &dd->attrs; 190 if ( c->valx < 0 ) { 191 ip = *pipp; 192 *pipp = NULL; 193 while ( ip ) { 194 pip = ip; 195 ip = ip->next; 196 ch_free ( pip ); 197 } 198 } else { 199 /* delete from linked list */ 200 for ( i=0; i < c->valx; ++i ) { 201 pipp = &(*pipp)->next; 202 } 203 ip = *pipp; 204 *pipp = (*pipp)->next; 205 206 /* AttributeDescriptions are global so 207 * shouldn't be freed here... */ 208 ch_free ( ip ); 209 } 210 rc = 0; 211 break; 212 case REFINT_NOTHING: 213 if ( dd->nothing.bv_val ) 214 ber_memfree ( dd->nothing.bv_val ); 215 if ( dd->nnothing.bv_val ) 216 ber_memfree ( dd->nnothing.bv_val ); 217 dd->nothing.bv_len = 0; 218 dd->nnothing.bv_len = 0; 219 rc = 0; 220 break; 221 case REFINT_MODIFIERSNAME: 222 if ( dd->refint_dn.bv_val ) 223 ber_memfree ( dd->refint_dn.bv_val ); 224 if ( dd->refint_ndn.bv_val ) 225 ber_memfree ( dd->refint_ndn.bv_val ); 226 dd->refint_dn.bv_len = 0; 227 dd->refint_ndn.bv_len = 0; 228 rc = 0; 229 break; 230 default: 231 abort (); 232 } 233 break; 234 case SLAP_CONFIG_ADD: 235 /* fallthrough to LDAP_MOD_ADD */ 236 case LDAP_MOD_ADD: 237 switch ( c->type ) { 238 case REFINT_ATTRS: 239 rc = 0; 240 for ( i=1; i < c->argc; ++i ) { 241 ad = NULL; 242 if ( slap_str2ad ( c->argv[i], &ad, &text ) 243 == LDAP_SUCCESS) { 244 ip = ch_malloc ( 245 sizeof ( refint_attrs ) ); 246 ip->attr = ad; 247 ip->next = dd->attrs; 248 dd->attrs = ip; 249 } else { 250 snprintf( c->cr_msg, sizeof( c->cr_msg ), 251 "%s <%s>: %s", c->argv[0], c->argv[i], text ); 252 Debug ( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, 253 "%s: %s\n", c->log, c->cr_msg, 0 ); 254 rc = ARG_BAD_CONF; 255 } 256 } 257 break; 258 case REFINT_NOTHING: 259 if ( dd->nothing.bv_val ) 260 ber_memfree ( dd->nothing.bv_val ); 261 if ( dd->nnothing.bv_val ) 262 ber_memfree ( dd->nnothing.bv_val ); 263 dd->nothing = c->value_dn; 264 dd->nnothing = c->value_ndn; 265 rc = 0; 266 break; 267 case REFINT_MODIFIERSNAME: 268 if ( dd->refint_dn.bv_val ) 269 ber_memfree ( dd->refint_dn.bv_val ); 270 if ( dd->refint_ndn.bv_val ) 271 ber_memfree ( dd->refint_ndn.bv_val ); 272 dd->refint_dn = c->value_dn; 273 dd->refint_ndn = c->value_ndn; 274 rc = 0; 275 break; 276 default: 277 abort (); 278 } 279 break; 280 default: 281 abort (); 282 } 283 284 return rc; 285 } 286 287 /* 288 ** allocate new refint_data; 289 ** store in on_bi.bi_private; 290 ** 291 */ 292 293 static int 294 refint_db_init( 295 BackendDB *be, 296 ConfigReply *cr 297 ) 298 { 299 slap_overinst *on = (slap_overinst *)be->bd_info; 300 refint_data *id = ch_calloc(1,sizeof(refint_data)); 301 302 id->message = "_init"; 303 on->on_bi.bi_private = id; 304 ldap_pvt_thread_mutex_init( &id->qmutex ); 305 return(0); 306 } 307 308 static int 309 refint_db_destroy( 310 BackendDB *be, 311 ConfigReply *cr 312 ) 313 { 314 slap_overinst *on = (slap_overinst *)be->bd_info; 315 316 if ( on->on_bi.bi_private ) { 317 refint_data *id = on->on_bi.bi_private; 318 on->on_bi.bi_private = NULL; 319 ldap_pvt_thread_mutex_destroy( &id->qmutex ); 320 ch_free( id ); 321 } 322 return(0); 323 } 324 325 /* 326 ** initialize, copy basedn if not already set 327 ** 328 */ 329 330 static int 331 refint_open( 332 BackendDB *be, 333 ConfigReply *cr 334 ) 335 { 336 slap_overinst *on = (slap_overinst *)be->bd_info; 337 refint_data *id = on->on_bi.bi_private; 338 id->message = "_open"; 339 340 if ( BER_BVISNULL( &id->dn )) { 341 if ( BER_BVISNULL( &be->be_nsuffix[0] )) 342 return -1; 343 ber_dupbv( &id->dn, &be->be_nsuffix[0] ); 344 } 345 if ( BER_BVISNULL( &id->refint_dn ) ) { 346 ber_dupbv( &id->refint_dn, &refint_dn ); 347 ber_dupbv( &id->refint_ndn, &refint_ndn ); 348 } 349 return(0); 350 } 351 352 353 /* 354 ** foreach configured attribute: 355 ** free it; 356 ** free our basedn; 357 ** (do not) free id->message; 358 ** reset on_bi.bi_private; 359 ** free our config data; 360 ** 361 */ 362 363 static int 364 refint_close( 365 BackendDB *be, 366 ConfigReply *cr 367 ) 368 { 369 slap_overinst *on = (slap_overinst *) be->bd_info; 370 refint_data *id = on->on_bi.bi_private; 371 refint_attrs *ii, *ij; 372 id->message = "_close"; 373 374 for(ii = id->attrs; ii; ii = ij) { 375 ij = ii->next; 376 ch_free(ii); 377 } 378 id->attrs = NULL; 379 380 ch_free( id->dn.bv_val ); 381 BER_BVZERO( &id->dn ); 382 ch_free( id->nothing.bv_val ); 383 BER_BVZERO( &id->nothing ); 384 ch_free( id->nnothing.bv_val ); 385 BER_BVZERO( &id->nnothing ); 386 ch_free( id->refint_dn.bv_val ); 387 BER_BVZERO( &id->refint_dn ); 388 ch_free( id->refint_ndn.bv_val ); 389 BER_BVZERO( &id->refint_ndn ); 390 391 return(0); 392 } 393 394 /* 395 ** search callback 396 ** generates a list of Attributes from search results 397 */ 398 399 static int 400 refint_search_cb( 401 Operation *op, 402 SlapReply *rs 403 ) 404 { 405 Attribute *a; 406 BerVarray b = NULL; 407 refint_q *rq = op->o_callback->sc_private; 408 refint_data *dd = rq->rdata; 409 refint_attrs *ia, *da = dd->attrs, *na; 410 dependent_data *ip; 411 int i; 412 413 Debug(LDAP_DEBUG_TRACE, "refint_search_cb <%s>\n", 414 rs->sr_entry ? rs->sr_entry->e_name.bv_val : "NOTHING", 0, 0); 415 416 if (rs->sr_type != REP_SEARCH || !rs->sr_entry) return(0); 417 418 /* 419 ** foreach configured attribute type: 420 ** if this attr exists in the search result, 421 ** and it has a value matching the target: 422 ** allocate an attr; 423 ** if this is a delete and there's only one value: 424 ** allocate the same attr again; 425 ** 426 */ 427 428 ip = op->o_tmpalloc(sizeof(dependent_data), op->o_tmpmemctx ); 429 ber_dupbv_x( &ip->dn, &rs->sr_entry->e_name, op->o_tmpmemctx ); 430 ber_dupbv_x( &ip->ndn, &rs->sr_entry->e_nname, op->o_tmpmemctx ); 431 ip->next = rq->attrs; 432 rq->attrs = ip; 433 ip->attrs = NULL; 434 for(ia = da; ia; ia = ia->next) { 435 if ( (a = attr_find(rs->sr_entry->e_attrs, ia->attr) ) ) { 436 int first = -1, count = 0, deleted = 0; 437 438 na = NULL; 439 440 for(i = 0, b = a->a_nvals; b[i].bv_val; i++) { 441 count++; 442 443 if(dnIsSuffix(&b[i], &rq->oldndn)) { 444 /* first match? create structure */ 445 if ( na == NULL ) { 446 na = op->o_tmpcalloc( 1, 447 sizeof( refint_attrs ), 448 op->o_tmpmemctx ); 449 na->next = ip->attrs; 450 ip->attrs = na; 451 na->attr = ia->attr; 452 453 /* delete, or exact match? note it's first match */ 454 if ( BER_BVISEMPTY( &rq->newdn ) && 455 b[i].bv_len == rq->oldndn.bv_len ) 456 { 457 first = i; 458 } 459 } 460 461 /* if it's a rename, or a subordinate match, 462 * save old and build new dn */ 463 if ( !BER_BVISEMPTY( &rq->newdn ) && 464 b[i].bv_len != rq->oldndn.bv_len ) 465 { 466 struct berval newsub, newdn, olddn, oldndn; 467 468 /* if not first, save first as well */ 469 if ( first != -1 ) { 470 471 ber_dupbv_x( &olddn, &a->a_vals[first], op->o_tmpmemctx ); 472 ber_bvarray_add_x( &na->old_vals, &olddn, op->o_tmpmemctx ); 473 ber_dupbv_x( &oldndn, &a->a_nvals[first], op->o_tmpmemctx ); 474 ber_bvarray_add_x( &na->old_nvals, &oldndn, op->o_tmpmemctx ); 475 na->ra_numvals++; 476 477 newsub = a->a_vals[first]; 478 newsub.bv_len -= rq->olddn.bv_len + 1; 479 480 build_new_dn( &newdn, &rq->newdn, &newsub, op->o_tmpmemctx ); 481 482 ber_bvarray_add_x( &na->new_vals, &newdn, op->o_tmpmemctx ); 483 484 newsub = a->a_nvals[first]; 485 newsub.bv_len -= rq->oldndn.bv_len + 1; 486 487 build_new_dn( &newdn, &rq->newndn, &newsub, op->o_tmpmemctx ); 488 489 ber_bvarray_add_x( &na->new_nvals, &newdn, op->o_tmpmemctx ); 490 491 first = -1; 492 } 493 494 ber_dupbv_x( &olddn, &a->a_vals[i], op->o_tmpmemctx ); 495 ber_bvarray_add_x( &na->old_vals, &olddn, op->o_tmpmemctx ); 496 ber_dupbv_x( &oldndn, &a->a_nvals[i], op->o_tmpmemctx ); 497 ber_bvarray_add_x( &na->old_nvals, &oldndn, op->o_tmpmemctx ); 498 na->ra_numvals++; 499 500 newsub = a->a_vals[i]; 501 newsub.bv_len -= rq->olddn.bv_len + 1; 502 503 build_new_dn( &newdn, &rq->newdn, &newsub, op->o_tmpmemctx ); 504 505 ber_bvarray_add_x( &na->new_vals, &newdn, op->o_tmpmemctx ); 506 507 newsub = a->a_nvals[i]; 508 newsub.bv_len -= rq->oldndn.bv_len + 1; 509 510 build_new_dn( &newdn, &rq->newndn, &newsub, op->o_tmpmemctx ); 511 512 ber_bvarray_add_x( &na->new_nvals, &newdn, op->o_tmpmemctx ); 513 } 514 515 /* count deletes */ 516 if ( BER_BVISEMPTY( &rq->newdn ) ) { 517 deleted++; 518 } 519 } 520 521 /* If this is a delete and no value would be left, and 522 * we have a nothing DN configured, allocate the attr again. 523 */ 524 if ( count == deleted && !BER_BVISNULL(&dd->nothing) ) 525 { 526 na = op->o_tmpcalloc( 1, 527 sizeof( refint_attrs ), 528 op->o_tmpmemctx ); 529 na->next = ip->attrs; 530 ip->attrs = na; 531 na->attr = ia->attr; 532 } 533 534 Debug( LDAP_DEBUG_TRACE, "refint_search_cb: %s: %s (#%d)\n", 535 a->a_desc->ad_cname.bv_val, rq->olddn.bv_val, count ); 536 } 537 } 538 } 539 540 return(0); 541 } 542 543 static int 544 refint_repair( 545 Operation *op, 546 SlapReply *rs, 547 refint_data *id, 548 refint_q *rq ) 549 { 550 dependent_data *dp, *dp_next; 551 int rc; 552 553 op->o_callback->sc_response = refint_search_cb; 554 op->o_req_dn = op->o_bd->be_suffix[ 0 ]; 555 op->o_req_ndn = op->o_bd->be_nsuffix[ 0 ]; 556 op->o_dn = op->o_bd->be_rootdn; 557 op->o_ndn = op->o_bd->be_rootndn; 558 559 /* search */ 560 rc = op->o_bd->be_search( op, rs ); 561 562 if ( rc != LDAP_SUCCESS ) { 563 Debug( LDAP_DEBUG_TRACE, 564 "refint_repair: search failed: %d\n", 565 rc, 0, 0 ); 566 return 0; 567 } 568 569 /* safety? paranoid just in case */ 570 if ( op->o_callback->sc_private == NULL ) { 571 Debug( LDAP_DEBUG_TRACE, 572 "refint_repair: callback wiped out sc_private?!\n", 573 0, 0, 0 ); 574 return 0; 575 } 576 577 /* Set up the Modify requests */ 578 op->o_callback->sc_response = &slap_null_cb; 579 580 /* 581 * [our search callback builds a list of attrs] 582 * foreach attr: 583 * make sure its dn has a backend; 584 * build Modification* chain; 585 * call the backend modify function; 586 * 587 */ 588 589 for ( dp = rq->attrs; dp; dp = dp_next ) { 590 Operation op2 = *op; 591 SlapReply rs2 = { 0 }; 592 refint_attrs *ra; 593 Modifications *m, *first = NULL; 594 595 dp_next = dp->next; 596 597 op2.o_tag = LDAP_REQ_MODIFY; 598 op2.orm_modlist = NULL; 599 op2.o_req_dn = dp->dn; 600 op2.o_req_ndn = dp->ndn; 601 op2.o_bd = select_backend( &dp->ndn, 1 ); 602 if ( !op2.o_bd ) { 603 Debug( LDAP_DEBUG_TRACE, 604 "refint_repair: no backend for DN %s!\n", 605 dp->dn.bv_val, 0, 0 ); 606 return 0; 607 } 608 609 rs2.sr_type = REP_RESULT; 610 for ( ra = dp->attrs; ra; ra = dp->attrs ) { 611 size_t len; 612 613 dp->attrs = ra->next; 614 /* Set our ModifiersName */ 615 if ( SLAP_LASTMOD( op->o_bd ) ) { 616 m = op2.o_tmpalloc( sizeof(Modifications) + 617 4*sizeof(BerValue), op2.o_tmpmemctx ); 618 m->sml_next = op2.orm_modlist; 619 if ( !first ) 620 first = m; 621 op2.orm_modlist = m; 622 m->sml_op = LDAP_MOD_REPLACE; 623 m->sml_flags = SLAP_MOD_INTERNAL; 624 m->sml_desc = slap_schema.si_ad_modifiersName; 625 m->sml_type = m->sml_desc->ad_cname; 626 m->sml_numvals = 1; 627 m->sml_values = (BerVarray)(m+1); 628 m->sml_nvalues = m->sml_values+2; 629 BER_BVZERO( &m->sml_values[1] ); 630 BER_BVZERO( &m->sml_nvalues[1] ); 631 m->sml_values[0] = id->refint_dn; 632 m->sml_nvalues[0] = id->refint_ndn; 633 } 634 if ( !BER_BVISEMPTY( &rq->newdn ) || ( ra->next && 635 ra->attr == ra->next->attr ) ) 636 { 637 len = sizeof(Modifications); 638 639 if ( ra->new_vals == NULL ) { 640 len += 4*sizeof(BerValue); 641 } 642 643 m = op2.o_tmpalloc( len, op2.o_tmpmemctx ); 644 m->sml_next = op2.orm_modlist; 645 if ( !first ) 646 first = m; 647 op2.orm_modlist = m; 648 m->sml_op = LDAP_MOD_ADD; 649 m->sml_flags = 0; 650 m->sml_desc = ra->attr; 651 m->sml_type = ra->attr->ad_cname; 652 if ( ra->new_vals == NULL ) { 653 m->sml_values = (BerVarray)(m+1); 654 m->sml_nvalues = m->sml_values+2; 655 BER_BVZERO( &m->sml_values[1] ); 656 BER_BVZERO( &m->sml_nvalues[1] ); 657 m->sml_numvals = 1; 658 if ( BER_BVISEMPTY( &rq->newdn ) ) { 659 op2.o_tmpfree( ra, op2.o_tmpmemctx ); 660 ra = dp->attrs; 661 dp->attrs = ra->next; 662 m->sml_values[0] = id->nothing; 663 m->sml_nvalues[0] = id->nnothing; 664 } else { 665 m->sml_values[0] = rq->newdn; 666 m->sml_nvalues[0] = rq->newndn; 667 } 668 } else { 669 m->sml_values = ra->new_vals; 670 m->sml_nvalues = ra->new_nvals; 671 m->sml_numvals = ra->ra_numvals; 672 } 673 } 674 675 len = sizeof(Modifications); 676 if ( ra->old_vals == NULL ) { 677 len += 4*sizeof(BerValue); 678 } 679 680 m = op2.o_tmpalloc( len, op2.o_tmpmemctx ); 681 m->sml_next = op2.orm_modlist; 682 op2.orm_modlist = m; 683 if ( !first ) 684 first = m; 685 m->sml_op = LDAP_MOD_DELETE; 686 m->sml_flags = 0; 687 m->sml_desc = ra->attr; 688 m->sml_type = ra->attr->ad_cname; 689 if ( ra->old_vals == NULL ) { 690 m->sml_numvals = 1; 691 m->sml_values = (BerVarray)(m+1); 692 m->sml_nvalues = m->sml_values+2; 693 m->sml_values[0] = rq->olddn; 694 m->sml_nvalues[0] = rq->oldndn; 695 BER_BVZERO( &m->sml_values[1] ); 696 BER_BVZERO( &m->sml_nvalues[1] ); 697 } else { 698 m->sml_values = ra->old_vals; 699 m->sml_nvalues = ra->old_nvals; 700 m->sml_numvals = ra->ra_numvals; 701 } 702 op2.o_tmpfree( ra, op2.o_tmpmemctx ); 703 } 704 705 op2.o_dn = op2.o_bd->be_rootdn; 706 op2.o_ndn = op2.o_bd->be_rootndn; 707 slap_op_time( &op2.o_time, &op2.o_tincr ); 708 if ( ( rc = op2.o_bd->be_modify( &op2, &rs2 ) ) != LDAP_SUCCESS ) { 709 Debug( LDAP_DEBUG_TRACE, 710 "refint_repair: dependent modify failed: %d\n", 711 rs2.sr_err, 0, 0 ); 712 } 713 714 while ( ( m = op2.orm_modlist ) ) { 715 op2.orm_modlist = m->sml_next; 716 if ( m->sml_values && m->sml_values != (BerVarray)(m+1) ) { 717 ber_bvarray_free_x( m->sml_values, op2.o_tmpmemctx ); 718 ber_bvarray_free_x( m->sml_nvalues, op2.o_tmpmemctx ); 719 } 720 op2.o_tmpfree( m, op2.o_tmpmemctx ); 721 if ( m == first ) break; 722 } 723 slap_mods_free( op2.orm_modlist, 1 ); 724 op2.o_tmpfree( dp->ndn.bv_val, op2.o_tmpmemctx ); 725 op2.o_tmpfree( dp->dn.bv_val, op2.o_tmpmemctx ); 726 op2.o_tmpfree( dp, op2.o_tmpmemctx ); 727 } 728 729 return 0; 730 } 731 732 static void * 733 refint_qtask( void *ctx, void *arg ) 734 { 735 struct re_s *rtask = arg; 736 refint_data *id = rtask->arg; 737 Connection conn = {0}; 738 OperationBuffer opbuf; 739 Operation *op; 740 SlapReply rs = {REP_RESULT}; 741 slap_callback cb = { NULL, NULL, NULL, NULL }; 742 Filter ftop, *fptr; 743 refint_q *rq; 744 refint_attrs *ip; 745 746 connection_fake_init( &conn, &opbuf, ctx ); 747 op = &opbuf.ob_op; 748 749 /* 750 ** build a search filter for all configured attributes; 751 ** populate our Operation; 752 ** pass our data (attr list, dn) to backend via sc_private; 753 ** call the backend search function; 754 ** nb: (|(one=thing)) is valid, but do smart formatting anyway; 755 ** nb: 16 is arbitrarily a dozen or so extra bytes; 756 ** 757 */ 758 759 ftop.f_choice = LDAP_FILTER_OR; 760 ftop.f_next = NULL; 761 ftop.f_or = NULL; 762 op->ors_filter = &ftop; 763 for(ip = id->attrs; ip; ip = ip->next) { 764 fptr = op->o_tmpcalloc( sizeof(Filter) + sizeof(MatchingRuleAssertion), 765 1, op->o_tmpmemctx ); 766 /* Use (attr:dnSubtreeMatch:=value) to catch subtree rename 767 * and subtree delete where supported */ 768 fptr->f_choice = LDAP_FILTER_EXT; 769 fptr->f_mra = (MatchingRuleAssertion *)(fptr+1); 770 fptr->f_mr_rule = mr_dnSubtreeMatch; 771 fptr->f_mr_rule_text = mr_dnSubtreeMatch->smr_bvoid; 772 fptr->f_mr_desc = ip->attr; 773 fptr->f_mr_dnattrs = 0; 774 fptr->f_next = ftop.f_or; 775 ftop.f_or = fptr; 776 } 777 778 for (;;) { 779 /* Dequeue an op */ 780 ldap_pvt_thread_mutex_lock( &id->qmutex ); 781 rq = id->qhead; 782 if ( rq ) { 783 id->qhead = rq->next; 784 if ( !id->qhead ) 785 id->qtail = NULL; 786 } 787 ldap_pvt_thread_mutex_unlock( &id->qmutex ); 788 if ( !rq ) 789 break; 790 791 for (fptr = ftop.f_or; fptr; fptr = fptr->f_next ) 792 fptr->f_mr_value = rq->oldndn; 793 794 filter2bv_x( op, op->ors_filter, &op->ors_filterstr ); 795 796 /* callback gets the searched dn instead */ 797 cb.sc_private = rq; 798 cb.sc_response = refint_search_cb; 799 op->o_callback = &cb; 800 op->o_tag = LDAP_REQ_SEARCH; 801 op->ors_scope = LDAP_SCOPE_SUBTREE; 802 op->ors_deref = LDAP_DEREF_NEVER; 803 op->ors_limit = NULL; 804 op->ors_slimit = SLAP_NO_LIMIT; 805 op->ors_tlimit = SLAP_NO_LIMIT; 806 807 /* no attrs! */ 808 op->ors_attrs = slap_anlist_no_attrs; 809 810 slap_op_time( &op->o_time, &op->o_tincr ); 811 812 if ( rq->db != NULL ) { 813 op->o_bd = rq->db; 814 refint_repair( op, &rs, id, rq ); 815 816 } else { 817 BackendDB *be; 818 819 LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) { 820 /* we may want to skip cn=config */ 821 if ( be == LDAP_STAILQ_FIRST(&backendDB) ) { 822 continue; 823 } 824 825 if ( be->be_search && be->be_modify ) { 826 op->o_bd = be; 827 refint_repair( op, &rs, id, rq ); 828 } 829 } 830 } 831 832 if ( !BER_BVISNULL( &rq->newndn )) { 833 ch_free( rq->newndn.bv_val ); 834 ch_free( rq->newdn.bv_val ); 835 } 836 ch_free( rq->oldndn.bv_val ); 837 ch_free( rq->olddn.bv_val ); 838 ch_free( rq ); 839 } 840 841 /* free filter */ 842 for ( fptr = ftop.f_or; fptr; ) { 843 Filter *f_next = fptr->f_next; 844 op->o_tmpfree( fptr, op->o_tmpmemctx ); 845 fptr = f_next; 846 } 847 848 /* wait until we get explicitly scheduled again */ 849 ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex ); 850 ldap_pvt_runqueue_stoptask( &slapd_rq, id->qtask ); 851 ldap_pvt_runqueue_resched( &slapd_rq,id->qtask, 1 ); 852 ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex ); 853 854 return NULL; 855 } 856 857 /* 858 ** refint_response 859 ** search for matching records and modify them 860 */ 861 862 static int 863 refint_response( 864 Operation *op, 865 SlapReply *rs 866 ) 867 { 868 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; 869 refint_data *id = on->on_bi.bi_private; 870 BerValue pdn; 871 int ac; 872 refint_q *rq; 873 BackendDB *db = NULL; 874 refint_attrs *ip; 875 876 id->message = "_refint_response"; 877 878 /* If the main op failed or is not a Delete or ModRdn, ignore it */ 879 if (( op->o_tag != LDAP_REQ_DELETE && op->o_tag != LDAP_REQ_MODRDN ) || 880 rs->sr_err != LDAP_SUCCESS ) 881 return SLAP_CB_CONTINUE; 882 883 /* 884 ** validate (and count) the list of attrs; 885 ** 886 */ 887 888 for(ip = id->attrs, ac = 0; ip; ip = ip->next, ac++); 889 if(!ac) { 890 Debug( LDAP_DEBUG_TRACE, 891 "refint_response called without any attributes\n", 0, 0, 0 ); 892 return SLAP_CB_CONTINUE; 893 } 894 895 /* 896 ** find the backend that matches our configured basedn; 897 ** make sure it exists and has search and modify methods; 898 ** 899 */ 900 901 if ( on->on_info->oi_origdb != frontendDB ) { 902 db = select_backend(&id->dn, 1); 903 904 if ( db ) { 905 if ( !db->be_search || !db->be_modify ) { 906 Debug( LDAP_DEBUG_TRACE, 907 "refint_response: backend missing search and/or modify\n", 908 0, 0, 0 ); 909 return SLAP_CB_CONTINUE; 910 } 911 } else { 912 Debug( LDAP_DEBUG_TRACE, 913 "refint_response: no backend for our baseDN %s??\n", 914 id->dn.bv_val, 0, 0 ); 915 return SLAP_CB_CONTINUE; 916 } 917 } 918 919 rq = ch_calloc( 1, sizeof( refint_q )); 920 ber_dupbv( &rq->olddn, &op->o_req_dn ); 921 ber_dupbv( &rq->oldndn, &op->o_req_ndn ); 922 rq->db = db; 923 rq->rdata = id; 924 925 if ( op->o_tag == LDAP_REQ_MODRDN ) { 926 if ( op->oq_modrdn.rs_newSup ) { 927 pdn = *op->oq_modrdn.rs_newSup; 928 } else { 929 dnParent( &op->o_req_dn, &pdn ); 930 } 931 build_new_dn( &rq->newdn, &pdn, &op->orr_newrdn, NULL ); 932 if ( op->oq_modrdn.rs_nnewSup ) { 933 pdn = *op->oq_modrdn.rs_nnewSup; 934 } else { 935 dnParent( &op->o_req_ndn, &pdn ); 936 } 937 build_new_dn( &rq->newndn, &pdn, &op->orr_nnewrdn, NULL ); 938 } 939 940 ldap_pvt_thread_mutex_lock( &id->qmutex ); 941 if ( id->qtail ) { 942 id->qtail->next = rq; 943 } else { 944 id->qhead = rq; 945 } 946 id->qtail = rq; 947 ldap_pvt_thread_mutex_unlock( &id->qmutex ); 948 949 ac = 0; 950 ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex ); 951 if ( !id->qtask ) { 952 id->qtask = ldap_pvt_runqueue_insert( &slapd_rq, RUNQ_INTERVAL, 953 refint_qtask, id, "refint_qtask", 954 op->o_bd->be_suffix[0].bv_val ); 955 ac = 1; 956 } else { 957 if ( !ldap_pvt_runqueue_isrunning( &slapd_rq, id->qtask ) && 958 !id->qtask->next_sched.tv_sec ) { 959 id->qtask->interval.tv_sec = 0; 960 ldap_pvt_runqueue_resched( &slapd_rq, id->qtask, 0 ); 961 id->qtask->interval.tv_sec = RUNQ_INTERVAL; 962 ac = 1; 963 } 964 } 965 ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex ); 966 if ( ac ) 967 slap_wake_listener(); 968 969 return SLAP_CB_CONTINUE; 970 } 971 972 /* 973 ** init_module is last so the symbols resolve "for free" -- 974 ** it expects to be called automagically during dynamic module initialization 975 */ 976 977 int refint_initialize() { 978 int rc; 979 980 mr_dnSubtreeMatch = mr_find( "dnSubtreeMatch" ); 981 if ( mr_dnSubtreeMatch == NULL ) { 982 Debug( LDAP_DEBUG_ANY, "refint_initialize: " 983 "unable to find MatchingRule 'dnSubtreeMatch'.\n", 984 0, 0, 0 ); 985 return 1; 986 } 987 988 /* statically declared just after the #includes at top */ 989 refint.on_bi.bi_type = "refint"; 990 refint.on_bi.bi_db_init = refint_db_init; 991 refint.on_bi.bi_db_destroy = refint_db_destroy; 992 refint.on_bi.bi_db_open = refint_open; 993 refint.on_bi.bi_db_close = refint_close; 994 refint.on_response = refint_response; 995 996 refint.on_bi.bi_cf_ocs = refintocs; 997 rc = config_register_schema ( refintcfg, refintocs ); 998 if ( rc ) return rc; 999 1000 return(overlay_register(&refint)); 1001 } 1002 1003 #if SLAPD_OVER_REFINT == SLAPD_MOD_DYNAMIC && defined(PIC) 1004 int init_module(int argc, char *argv[]) { 1005 return refint_initialize(); 1006 } 1007 #endif 1008 1009 #endif /* SLAPD_OVER_REFINT */ 1010