1 /* $NetBSD: refint.c,v 1.1.1.7 2018/02/06 01:53:16 christos Exp $ */ 2 3 /* refint.c - referential integrity module */ 4 /* $OpenLDAP$ */ 5 /* This work is part of OpenLDAP Software <http://www.openldap.org/>. 6 * 7 * Copyright 2004-2017 The OpenLDAP Foundation. 8 * Portions Copyright 2004 Symas Corporation. 9 * All rights reserved. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted only as authorized by the OpenLDAP 13 * Public License. 14 * 15 * A copy of this license is available in the file LICENSE in the 16 * top-level directory of the distribution or, alternatively, at 17 * <http://www.OpenLDAP.org/license.html>. 18 */ 19 /* ACKNOWLEDGEMENTS: 20 * This work was initially developed by Symas Corp. for inclusion in 21 * OpenLDAP Software. This work was sponsored by Hewlett-Packard. 22 */ 23 24 #include <sys/cdefs.h> 25 __RCSID("$NetBSD: refint.c,v 1.1.1.7 2018/02/06 01:53:16 christos Exp $"); 26 27 #include "portable.h" 28 29 /* This module maintains referential integrity for a set of 30 * DN-valued attributes by searching for all references to a given 31 * DN whenever the DN is changed or its entry is deleted, and making 32 * the appropriate update. 33 * 34 * Updates are performed using the database rootdn in a separate task 35 * to allow the original operation to complete immediately. 36 */ 37 38 #ifdef SLAPD_OVER_REFINT 39 40 #include <stdio.h> 41 42 #include <ac/string.h> 43 #include <ac/socket.h> 44 45 #include "slap.h" 46 #include "config.h" 47 #include "ldap_rq.h" 48 49 static slap_overinst refint; 50 51 /* The DN to use in the ModifiersName for all refint updates */ 52 static BerValue refint_dn = BER_BVC("cn=Referential Integrity Overlay"); 53 static BerValue refint_ndn = BER_BVC("cn=referential integrity overlay"); 54 55 typedef struct refint_attrs_s { 56 struct refint_attrs_s *next; 57 AttributeDescription *attr; 58 BerVarray old_vals; 59 BerVarray old_nvals; 60 BerVarray new_vals; 61 BerVarray new_nvals; 62 int ra_numvals; 63 int dont_empty; 64 } refint_attrs; 65 66 typedef struct dependents_s { 67 struct dependents_s *next; 68 BerValue dn; /* target dn */ 69 BerValue ndn; 70 refint_attrs *attrs; 71 } dependent_data; 72 73 typedef struct refint_q { 74 struct refint_q *next; 75 struct refint_data_s *rdata; 76 dependent_data *attrs; /* entries and attrs returned from callback */ 77 BackendDB *db; 78 BerValue olddn; 79 BerValue oldndn; 80 BerValue newdn; 81 BerValue newndn; 82 int do_sub; 83 } refint_q; 84 85 typedef struct refint_data_s { 86 struct refint_attrs_s *attrs; /* list of known attrs */ 87 BerValue dn; /* basedn in parent, */ 88 BerValue nothing; /* the nothing value, if needed */ 89 BerValue nnothing; /* normalized nothingness */ 90 BerValue refint_dn; /* modifier's name */ 91 BerValue refint_ndn; /* normalized modifier's name */ 92 struct re_s *qtask; 93 refint_q *qhead; 94 refint_q *qtail; 95 BackendDB *db; 96 ldap_pvt_thread_mutex_t qmutex; 97 } refint_data; 98 99 typedef struct refint_pre_s { 100 slap_overinst *on; 101 int do_sub; 102 } refint_pre; 103 104 #define RUNQ_INTERVAL 36000 /* a long time */ 105 106 static MatchingRule *mr_dnSubtreeMatch; 107 108 enum { 109 REFINT_ATTRS = 1, 110 REFINT_NOTHING, 111 REFINT_MODIFIERSNAME 112 }; 113 114 static ConfigDriver refint_cf_gen; 115 116 static ConfigTable refintcfg[] = { 117 { "refint_attributes", "attribute...", 2, 0, 0, 118 ARG_MAGIC|REFINT_ATTRS, refint_cf_gen, 119 "( OLcfgOvAt:11.1 NAME 'olcRefintAttribute' " 120 "DESC 'Attributes for referential integrity' " 121 "EQUALITY caseIgnoreMatch " 122 "SYNTAX OMsDirectoryString )", NULL, NULL }, 123 { "refint_nothing", "string", 2, 2, 0, 124 ARG_DN|ARG_MAGIC|REFINT_NOTHING, refint_cf_gen, 125 "( OLcfgOvAt:11.2 NAME 'olcRefintNothing' " 126 "DESC 'Replacement DN to supply when needed' " 127 "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL }, 128 { "refint_modifiersName", "DN", 2, 2, 0, 129 ARG_DN|ARG_MAGIC|REFINT_MODIFIERSNAME, refint_cf_gen, 130 "( OLcfgOvAt:11.3 NAME 'olcRefintModifiersName' " 131 "DESC 'The DN to use as modifiersName' " 132 "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL }, 133 { NULL, NULL, 0, 0, 0, ARG_IGNORED } 134 }; 135 136 static ConfigOCs refintocs[] = { 137 { "( OLcfgOvOc:11.1 " 138 "NAME 'olcRefintConfig' " 139 "DESC 'Referential integrity configuration' " 140 "SUP olcOverlayConfig " 141 "MAY ( olcRefintAttribute " 142 "$ olcRefintNothing " 143 "$ olcRefintModifiersName " 144 ") )", 145 Cft_Overlay, refintcfg }, 146 { NULL, 0, NULL } 147 }; 148 149 static int 150 refint_cf_gen(ConfigArgs *c) 151 { 152 slap_overinst *on = (slap_overinst *)c->bi; 153 refint_data *dd = (refint_data *)on->on_bi.bi_private; 154 refint_attrs *ip, *pip, **pipp = NULL; 155 AttributeDescription *ad; 156 const char *text; 157 int rc = ARG_BAD_CONF; 158 int i; 159 160 switch ( c->op ) { 161 case SLAP_CONFIG_EMIT: 162 switch ( c->type ) { 163 case REFINT_ATTRS: 164 ip = dd->attrs; 165 while ( ip ) { 166 value_add_one( &c->rvalue_vals, 167 &ip->attr->ad_cname ); 168 ip = ip->next; 169 } 170 rc = 0; 171 break; 172 case REFINT_NOTHING: 173 if ( !BER_BVISEMPTY( &dd->nothing )) { 174 rc = value_add_one( &c->rvalue_vals, 175 &dd->nothing ); 176 if ( rc ) return rc; 177 rc = value_add_one( &c->rvalue_nvals, 178 &dd->nnothing ); 179 return rc; 180 } 181 rc = 0; 182 break; 183 case REFINT_MODIFIERSNAME: 184 if ( !BER_BVISEMPTY( &dd->refint_dn )) { 185 rc = value_add_one( &c->rvalue_vals, 186 &dd->refint_dn ); 187 if ( rc ) return rc; 188 rc = value_add_one( &c->rvalue_nvals, 189 &dd->refint_ndn ); 190 return rc; 191 } 192 rc = 0; 193 break; 194 default: 195 abort (); 196 } 197 break; 198 case LDAP_MOD_DELETE: 199 switch ( c->type ) { 200 case REFINT_ATTRS: 201 pipp = &dd->attrs; 202 if ( c->valx < 0 ) { 203 ip = *pipp; 204 *pipp = NULL; 205 while ( ip ) { 206 pip = ip; 207 ip = ip->next; 208 ch_free ( pip ); 209 } 210 } else { 211 /* delete from linked list */ 212 for ( i=0; i < c->valx; ++i ) { 213 pipp = &(*pipp)->next; 214 } 215 ip = *pipp; 216 *pipp = (*pipp)->next; 217 218 /* AttributeDescriptions are global so 219 * shouldn't be freed here... */ 220 ch_free ( ip ); 221 } 222 rc = 0; 223 break; 224 case REFINT_NOTHING: 225 ch_free( dd->nothing.bv_val ); 226 ch_free( dd->nnothing.bv_val ); 227 BER_BVZERO( &dd->nothing ); 228 BER_BVZERO( &dd->nnothing ); 229 rc = 0; 230 break; 231 case REFINT_MODIFIERSNAME: 232 ch_free( dd->refint_dn.bv_val ); 233 ch_free( dd->refint_ndn.bv_val ); 234 BER_BVZERO( &dd->refint_dn ); 235 BER_BVZERO( &dd->refint_ndn ); 236 rc = 0; 237 break; 238 default: 239 abort (); 240 } 241 break; 242 case SLAP_CONFIG_ADD: 243 /* fallthrough to LDAP_MOD_ADD */ 244 case LDAP_MOD_ADD: 245 switch ( c->type ) { 246 case REFINT_ATTRS: 247 rc = 0; 248 for ( i=1; i < c->argc; ++i ) { 249 ad = NULL; 250 if ( slap_str2ad ( c->argv[i], &ad, &text ) 251 == LDAP_SUCCESS) { 252 ip = ch_malloc ( 253 sizeof ( refint_attrs ) ); 254 ip->attr = ad; 255 ip->next = dd->attrs; 256 dd->attrs = ip; 257 } else { 258 snprintf( c->cr_msg, sizeof( c->cr_msg ), 259 "%s <%s>: %s", c->argv[0], c->argv[i], text ); 260 Debug ( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, 261 "%s: %s\n", c->log, c->cr_msg, 0 ); 262 rc = ARG_BAD_CONF; 263 } 264 } 265 break; 266 case REFINT_NOTHING: 267 if ( !BER_BVISNULL( &c->value_ndn )) { 268 ch_free ( dd->nothing.bv_val ); 269 ch_free ( dd->nnothing.bv_val ); 270 dd->nothing = c->value_dn; 271 dd->nnothing = c->value_ndn; 272 rc = 0; 273 } else { 274 rc = ARG_BAD_CONF; 275 } 276 break; 277 case REFINT_MODIFIERSNAME: 278 if ( !BER_BVISNULL( &c->value_ndn )) { 279 ch_free( dd->refint_dn.bv_val ); 280 ch_free( dd->refint_ndn.bv_val ); 281 dd->refint_dn = c->value_dn; 282 dd->refint_ndn = c->value_ndn; 283 rc = 0; 284 } else { 285 rc = ARG_BAD_CONF; 286 } 287 break; 288 default: 289 abort (); 290 } 291 break; 292 default: 293 abort (); 294 } 295 296 return rc; 297 } 298 299 /* 300 ** allocate new refint_data; 301 ** store in on_bi.bi_private; 302 ** 303 */ 304 305 static int 306 refint_db_init( 307 BackendDB *be, 308 ConfigReply *cr 309 ) 310 { 311 slap_overinst *on = (slap_overinst *)be->bd_info; 312 refint_data *id = ch_calloc(1,sizeof(refint_data)); 313 314 on->on_bi.bi_private = id; 315 ldap_pvt_thread_mutex_init( &id->qmutex ); 316 return(0); 317 } 318 319 static int 320 refint_db_destroy( 321 BackendDB *be, 322 ConfigReply *cr 323 ) 324 { 325 slap_overinst *on = (slap_overinst *)be->bd_info; 326 327 if ( on->on_bi.bi_private ) { 328 refint_data *id = on->on_bi.bi_private; 329 refint_attrs *ii, *ij; 330 331 on->on_bi.bi_private = NULL; 332 ldap_pvt_thread_mutex_destroy( &id->qmutex ); 333 334 for(ii = id->attrs; ii; ii = ij) { 335 ij = ii->next; 336 ch_free(ii); 337 } 338 339 ch_free( id->nothing.bv_val ); 340 BER_BVZERO( &id->nothing ); 341 ch_free( id->nnothing.bv_val ); 342 BER_BVZERO( &id->nnothing ); 343 344 ch_free( id ); 345 } 346 return(0); 347 } 348 349 /* 350 ** initialize, copy basedn if not already set 351 ** 352 */ 353 354 static int 355 refint_open( 356 BackendDB *be, 357 ConfigReply *cr 358 ) 359 { 360 slap_overinst *on = (slap_overinst *)be->bd_info; 361 refint_data *id = on->on_bi.bi_private; 362 363 if ( BER_BVISNULL( &id->dn )) { 364 if ( BER_BVISNULL( &be->be_nsuffix[0] )) 365 return -1; 366 ber_dupbv( &id->dn, &be->be_nsuffix[0] ); 367 } 368 if ( BER_BVISNULL( &id->refint_dn ) ) { 369 ber_dupbv( &id->refint_dn, &refint_dn ); 370 ber_dupbv( &id->refint_ndn, &refint_ndn ); 371 } 372 373 /* 374 ** find the backend that matches our configured basedn; 375 ** make sure it exists and has search and modify methods; 376 ** 377 */ 378 379 if ( on->on_info->oi_origdb != frontendDB ) { 380 BackendDB *db = select_backend(&id->dn, 1); 381 382 if ( db ) { 383 BackendInfo *bi; 384 if ( db == be ) 385 bi = on->on_info->oi_orig; 386 else 387 bi = db->bd_info; 388 if ( !bi->bi_op_search || !bi->bi_op_modify ) { 389 Debug( LDAP_DEBUG_CONFIG, 390 "refint_response: backend missing search and/or modify\n", 391 0, 0, 0 ); 392 return -1; 393 } 394 id->db = db; 395 } else { 396 Debug( LDAP_DEBUG_CONFIG, 397 "refint_response: no backend for our baseDN %s??\n", 398 id->dn.bv_val, 0, 0 ); 399 return -1; 400 } 401 } 402 return(0); 403 } 404 405 406 /* 407 ** free our basedn; 408 ** free our refintdn 409 ** 410 */ 411 412 static int 413 refint_close( 414 BackendDB *be, 415 ConfigReply *cr 416 ) 417 { 418 slap_overinst *on = (slap_overinst *) be->bd_info; 419 refint_data *id = on->on_bi.bi_private; 420 421 ch_free( id->dn.bv_val ); 422 BER_BVZERO( &id->dn ); 423 ch_free( id->refint_dn.bv_val ); 424 BER_BVZERO( &id->refint_dn ); 425 ch_free( id->refint_ndn.bv_val ); 426 BER_BVZERO( &id->refint_ndn ); 427 428 return(0); 429 } 430 431 /* 432 ** search callback 433 ** generates a list of Attributes from search results 434 */ 435 436 static int 437 refint_search_cb( 438 Operation *op, 439 SlapReply *rs 440 ) 441 { 442 Attribute *a; 443 BerVarray b = NULL; 444 refint_q *rq = op->o_callback->sc_private; 445 refint_data *dd = rq->rdata; 446 refint_attrs *ia, *da = dd->attrs, *na; 447 dependent_data *ip; 448 int i; 449 450 Debug(LDAP_DEBUG_TRACE, "refint_search_cb <%s>\n", 451 rs->sr_entry ? rs->sr_entry->e_name.bv_val : "NOTHING", 0, 0); 452 453 if (rs->sr_type != REP_SEARCH || !rs->sr_entry) return(0); 454 455 /* 456 ** foreach configured attribute type: 457 ** if this attr exists in the search result, 458 ** and it has a value matching the target: 459 ** allocate an attr; 460 ** save/build DNs of any subordinate matches; 461 ** handle special case: found exact + subordinate match; 462 ** handle olcRefintNothing; 463 ** 464 */ 465 466 ip = op->o_tmpalloc(sizeof(dependent_data), op->o_tmpmemctx ); 467 ber_dupbv_x( &ip->dn, &rs->sr_entry->e_name, op->o_tmpmemctx ); 468 ber_dupbv_x( &ip->ndn, &rs->sr_entry->e_nname, op->o_tmpmemctx ); 469 ip->next = rq->attrs; 470 rq->attrs = ip; 471 ip->attrs = NULL; 472 for(ia = da; ia; ia = ia->next) { 473 if ( (a = attr_find(rs->sr_entry->e_attrs, ia->attr) ) ) { 474 int exact = -1, is_exact; 475 476 na = NULL; 477 478 /* Are we doing subtree matching or simple equality? */ 479 if ( rq->do_sub ) { 480 for(i = 0, b = a->a_nvals; b[i].bv_val; i++) { 481 if(dnIsSuffix(&b[i], &rq->oldndn)) { 482 is_exact = b[i].bv_len == rq->oldndn.bv_len; 483 484 /* Paranoia: skip buggy duplicate exact match, 485 * it would break ra_numvals 486 */ 487 if ( is_exact && exact >= 0 ) 488 continue; 489 490 /* first match? create structure */ 491 if ( na == NULL ) { 492 na = op->o_tmpcalloc( 1, 493 sizeof( refint_attrs ), 494 op->o_tmpmemctx ); 495 na->next = ip->attrs; 496 ip->attrs = na; 497 na->attr = ia->attr; 498 } 499 500 na->ra_numvals++; 501 502 if ( is_exact ) { 503 /* Exact match: refint_repair will deduce the DNs */ 504 exact = i; 505 506 } else { 507 /* Subordinate match */ 508 struct berval newsub, newdn, olddn, oldndn; 509 510 /* Save old DN */ 511 ber_dupbv_x( &olddn, &a->a_vals[i], op->o_tmpmemctx ); 512 ber_bvarray_add_x( &na->old_vals, &olddn, op->o_tmpmemctx ); 513 514 ber_dupbv_x( &oldndn, &a->a_nvals[i], op->o_tmpmemctx ); 515 ber_bvarray_add_x( &na->old_nvals, &oldndn, op->o_tmpmemctx ); 516 517 if ( BER_BVISEMPTY( &rq->newdn ) ) 518 continue; 519 520 /* Rename subordinate match: Build new DN */ 521 newsub = a->a_vals[i]; 522 newsub.bv_len -= rq->olddn.bv_len + 1; 523 build_new_dn( &newdn, &rq->newdn, &newsub, op->o_tmpmemctx ); 524 ber_bvarray_add_x( &na->new_vals, &newdn, op->o_tmpmemctx ); 525 526 newsub = a->a_nvals[i]; 527 newsub.bv_len -= rq->oldndn.bv_len + 1; 528 build_new_dn( &newdn, &rq->newndn, &newsub, op->o_tmpmemctx ); 529 ber_bvarray_add_x( &na->new_nvals, &newdn, op->o_tmpmemctx ); 530 } 531 } 532 } 533 534 /* If we got both subordinate and exact match, 535 * refint_repair won't special-case the exact match */ 536 if ( exact >= 0 && na->old_vals ) { 537 struct berval dn; 538 539 ber_dupbv_x( &dn, &a->a_vals[exact], op->o_tmpmemctx ); 540 ber_bvarray_add_x( &na->old_vals, &dn, op->o_tmpmemctx ); 541 ber_dupbv_x( &dn, &a->a_nvals[exact], op->o_tmpmemctx ); 542 ber_bvarray_add_x( &na->old_nvals, &dn, op->o_tmpmemctx ); 543 544 if ( !BER_BVISEMPTY( &rq->newdn ) ) { 545 ber_dupbv_x( &dn, &rq->newdn, op->o_tmpmemctx ); 546 ber_bvarray_add_x( &na->new_vals, &dn, op->o_tmpmemctx ); 547 ber_dupbv_x( &dn, &rq->newndn, op->o_tmpmemctx ); 548 ber_bvarray_add_x( &na->new_nvals, &dn, op->o_tmpmemctx ); 549 } 550 } 551 } else { 552 /* entry has no children, just equality matching */ 553 is_exact = attr_valfind( a, 554 SLAP_MR_EQUALITY|SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH| 555 SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH, &rq->oldndn, &i, NULL ); 556 if ( is_exact == LDAP_SUCCESS ) { 557 na = op->o_tmpcalloc( 1, 558 sizeof( refint_attrs ), 559 op->o_tmpmemctx ); 560 na->next = ip->attrs; 561 ip->attrs = na; 562 na->attr = ia->attr; 563 na->ra_numvals = 1; 564 } 565 } 566 567 /* Deleting/replacing all values and a nothing DN is configured? */ 568 if ( na && na->ra_numvals == a->a_numvals && !BER_BVISNULL(&dd->nothing) ) 569 na->dont_empty = 1; 570 571 Debug( LDAP_DEBUG_TRACE, "refint_search_cb: %s: %s (#%d)\n", 572 a->a_desc->ad_cname.bv_val, rq->olddn.bv_val, i ); 573 } 574 } 575 576 return(0); 577 } 578 579 static int 580 refint_repair( 581 Operation *op, 582 refint_data *id, 583 refint_q *rq ) 584 { 585 dependent_data *dp; 586 SlapReply rs = {REP_RESULT}; 587 Operation op2; 588 unsigned long opid; 589 int rc; 590 int cache; 591 592 op->o_callback->sc_response = refint_search_cb; 593 op->o_req_dn = op->o_bd->be_suffix[ 0 ]; 594 op->o_req_ndn = op->o_bd->be_nsuffix[ 0 ]; 595 op->o_dn = op->o_bd->be_rootdn; 596 op->o_ndn = op->o_bd->be_rootndn; 597 cache = op->o_do_not_cache; 598 op->o_do_not_cache = 1; 599 600 /* search */ 601 rc = op->o_bd->be_search( op, &rs ); 602 op->o_do_not_cache = cache; 603 604 if ( rc != LDAP_SUCCESS ) { 605 Debug( LDAP_DEBUG_TRACE, 606 "refint_repair: search failed: %d\n", 607 rc, 0, 0 ); 608 return rc; 609 } 610 611 /* safety? paranoid just in case */ 612 if ( op->o_callback->sc_private == NULL ) { 613 Debug( LDAP_DEBUG_TRACE, 614 "refint_repair: callback wiped out sc_private?!\n", 615 0, 0, 0 ); 616 return 0; 617 } 618 619 /* Set up the Modify requests */ 620 op->o_callback->sc_response = &slap_null_cb; 621 622 /* 623 * [our search callback builds a list of attrs] 624 * foreach attr: 625 * make sure its dn has a backend; 626 * build Modification* chain; 627 * call the backend modify function; 628 * 629 */ 630 631 opid = op->o_opid; 632 op2 = *op; 633 for ( dp = rq->attrs; dp; dp = dp->next ) { 634 SlapReply rs2 = {REP_RESULT}; 635 refint_attrs *ra; 636 Modifications *m; 637 638 if ( dp->attrs == NULL ) continue; /* TODO: Is this needed? */ 639 640 op2.o_bd = select_backend( &dp->ndn, 1 ); 641 if ( !op2.o_bd ) { 642 Debug( LDAP_DEBUG_TRACE, 643 "refint_repair: no backend for DN %s!\n", 644 dp->dn.bv_val, 0, 0 ); 645 continue; 646 } 647 op2.o_tag = LDAP_REQ_MODIFY; 648 op2.orm_modlist = NULL; 649 op2.o_req_dn = dp->dn; 650 op2.o_req_ndn = dp->ndn; 651 /* Internal ops, never replicate these */ 652 op2.orm_no_opattrs = 1; 653 op2.o_dont_replicate = 1; 654 op2.o_opid = 0; 655 656 /* Set our ModifiersName */ 657 if ( SLAP_LASTMOD( op->o_bd ) ) { 658 m = op2.o_tmpalloc( sizeof(Modifications) + 659 4*sizeof(BerValue), op2.o_tmpmemctx ); 660 m->sml_next = op2.orm_modlist; 661 op2.orm_modlist = m; 662 m->sml_op = LDAP_MOD_REPLACE; 663 m->sml_flags = SLAP_MOD_INTERNAL; 664 m->sml_desc = slap_schema.si_ad_modifiersName; 665 m->sml_type = m->sml_desc->ad_cname; 666 m->sml_numvals = 1; 667 m->sml_values = (BerVarray)(m+1); 668 m->sml_nvalues = m->sml_values+2; 669 BER_BVZERO( &m->sml_values[1] ); 670 BER_BVZERO( &m->sml_nvalues[1] ); 671 m->sml_values[0] = id->refint_dn; 672 m->sml_nvalues[0] = id->refint_ndn; 673 } 674 675 for ( ra = dp->attrs; ra; ra = ra->next ) { 676 size_t len; 677 678 /* Add values */ 679 if ( ra->dont_empty || !BER_BVISEMPTY( &rq->newdn ) ) { 680 len = sizeof(Modifications); 681 682 if ( ra->new_vals == NULL ) { 683 len += 4*sizeof(BerValue); 684 } 685 686 m = op2.o_tmpalloc( len, op2.o_tmpmemctx ); 687 m->sml_next = op2.orm_modlist; 688 op2.orm_modlist = m; 689 m->sml_op = LDAP_MOD_ADD; 690 m->sml_flags = 0; 691 m->sml_desc = ra->attr; 692 m->sml_type = ra->attr->ad_cname; 693 if ( ra->new_vals == NULL ) { 694 m->sml_values = (BerVarray)(m+1); 695 m->sml_nvalues = m->sml_values+2; 696 BER_BVZERO( &m->sml_values[1] ); 697 BER_BVZERO( &m->sml_nvalues[1] ); 698 m->sml_numvals = 1; 699 if ( BER_BVISEMPTY( &rq->newdn ) ) { 700 m->sml_values[0] = id->nothing; 701 m->sml_nvalues[0] = id->nnothing; 702 } else { 703 m->sml_values[0] = rq->newdn; 704 m->sml_nvalues[0] = rq->newndn; 705 } 706 } else { 707 m->sml_values = ra->new_vals; 708 m->sml_nvalues = ra->new_nvals; 709 m->sml_numvals = ra->ra_numvals; 710 } 711 } 712 713 /* Delete values */ 714 len = sizeof(Modifications); 715 if ( ra->old_vals == NULL ) { 716 len += 4*sizeof(BerValue); 717 } 718 m = op2.o_tmpalloc( len, op2.o_tmpmemctx ); 719 m->sml_next = op2.orm_modlist; 720 op2.orm_modlist = m; 721 m->sml_op = LDAP_MOD_DELETE; 722 m->sml_flags = 0; 723 m->sml_desc = ra->attr; 724 m->sml_type = ra->attr->ad_cname; 725 if ( ra->old_vals == NULL ) { 726 m->sml_numvals = 1; 727 m->sml_values = (BerVarray)(m+1); 728 m->sml_nvalues = m->sml_values+2; 729 m->sml_values[0] = rq->olddn; 730 m->sml_nvalues[0] = rq->oldndn; 731 BER_BVZERO( &m->sml_values[1] ); 732 BER_BVZERO( &m->sml_nvalues[1] ); 733 } else { 734 m->sml_values = ra->old_vals; 735 m->sml_nvalues = ra->old_nvals; 736 m->sml_numvals = ra->ra_numvals; 737 } 738 } 739 740 op2.o_dn = op2.o_bd->be_rootdn; 741 op2.o_ndn = op2.o_bd->be_rootndn; 742 rc = op2.o_bd->be_modify( &op2, &rs2 ); 743 if ( rc != LDAP_SUCCESS ) { 744 Debug( LDAP_DEBUG_TRACE, 745 "refint_repair: dependent modify failed: %d\n", 746 rs2.sr_err, 0, 0 ); 747 } 748 749 while ( ( m = op2.orm_modlist ) ) { 750 op2.orm_modlist = m->sml_next; 751 op2.o_tmpfree( m, op2.o_tmpmemctx ); 752 } 753 } 754 op2.o_opid = opid; 755 756 return 0; 757 } 758 759 static void * 760 refint_qtask( void *ctx, void *arg ) 761 { 762 struct re_s *rtask = arg; 763 refint_data *id = rtask->arg; 764 Connection conn = {0}; 765 OperationBuffer opbuf; 766 Operation *op; 767 slap_callback cb = { NULL, NULL, NULL, NULL }; 768 Filter ftop, *fptr; 769 refint_q *rq; 770 refint_attrs *ip; 771 int pausing = 0, rc = 0; 772 773 connection_fake_init( &conn, &opbuf, ctx ); 774 op = &opbuf.ob_op; 775 776 /* 777 ** build a search filter for all configured attributes; 778 ** populate our Operation; 779 ** pass our data (attr list, dn) to backend via sc_private; 780 ** call the backend search function; 781 ** nb: (|(one=thing)) is valid, but do smart formatting anyway; 782 ** nb: 16 is arbitrarily a dozen or so extra bytes; 783 ** 784 */ 785 786 ftop.f_choice = LDAP_FILTER_OR; 787 ftop.f_next = NULL; 788 ftop.f_or = NULL; 789 op->ors_filter = &ftop; 790 for(ip = id->attrs; ip; ip = ip->next) { 791 /* this filter can be either EQUALITY or EXT */ 792 fptr = op->o_tmpcalloc( sizeof(Filter) + sizeof(MatchingRuleAssertion), 793 1, op->o_tmpmemctx ); 794 fptr->f_mra = (MatchingRuleAssertion *)(fptr+1); 795 fptr->f_mr_rule = mr_dnSubtreeMatch; 796 fptr->f_mr_rule_text = mr_dnSubtreeMatch->smr_bvoid; 797 fptr->f_mr_desc = ip->attr; 798 fptr->f_mr_dnattrs = 0; 799 fptr->f_next = ftop.f_or; 800 ftop.f_or = fptr; 801 } 802 803 for (;;) { 804 dependent_data *dp, *dp_next; 805 refint_attrs *ra, *ra_next; 806 807 if ( ldap_pvt_thread_pool_pausing( &connection_pool ) > 0 ) { 808 pausing = 1; 809 break; 810 } 811 812 /* Dequeue an op */ 813 ldap_pvt_thread_mutex_lock( &id->qmutex ); 814 rq = id->qhead; 815 if ( rq ) { 816 id->qhead = rq->next; 817 if ( !id->qhead ) 818 id->qtail = NULL; 819 } 820 ldap_pvt_thread_mutex_unlock( &id->qmutex ); 821 if ( !rq ) 822 break; 823 824 for (fptr = ftop.f_or; fptr; fptr = fptr->f_next ) { 825 fptr->f_mr_value = rq->oldndn; 826 /* Use (attr:dnSubtreeMatch:=value) to catch subtree rename 827 * and subtree delete where supported */ 828 if (rq->do_sub) 829 fptr->f_choice = LDAP_FILTER_EXT; 830 else 831 fptr->f_choice = LDAP_FILTER_EQUALITY; 832 } 833 834 filter2bv_x( op, op->ors_filter, &op->ors_filterstr ); 835 836 /* callback gets the searched dn instead */ 837 cb.sc_private = rq; 838 cb.sc_response = refint_search_cb; 839 op->o_callback = &cb; 840 op->o_tag = LDAP_REQ_SEARCH; 841 op->ors_scope = LDAP_SCOPE_SUBTREE; 842 op->ors_deref = LDAP_DEREF_NEVER; 843 op->ors_limit = NULL; 844 op->ors_slimit = SLAP_NO_LIMIT; 845 op->ors_tlimit = SLAP_NO_LIMIT; 846 847 /* no attrs! */ 848 op->ors_attrs = slap_anlist_no_attrs; 849 850 slap_op_time( &op->o_time, &op->o_tincr ); 851 852 if ( rq->db != NULL ) { 853 op->o_bd = rq->db; 854 rc = refint_repair( op, id, rq ); 855 856 } else { 857 BackendDB *be; 858 859 LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) { 860 /* we may want to skip cn=config */ 861 if ( be == LDAP_STAILQ_FIRST(&backendDB) ) { 862 continue; 863 } 864 865 if ( be->be_search && be->be_modify ) { 866 op->o_bd = be; 867 rc = refint_repair( op, id, rq ); 868 } 869 } 870 } 871 872 for ( dp = rq->attrs; dp; dp = dp_next ) { 873 dp_next = dp->next; 874 for ( ra = dp->attrs; ra; ra = ra_next ) { 875 ra_next = ra->next; 876 ber_bvarray_free_x( ra->new_nvals, op->o_tmpmemctx ); 877 ber_bvarray_free_x( ra->new_vals, op->o_tmpmemctx ); 878 ber_bvarray_free_x( ra->old_nvals, op->o_tmpmemctx ); 879 ber_bvarray_free_x( ra->old_vals, op->o_tmpmemctx ); 880 op->o_tmpfree( ra, op->o_tmpmemctx ); 881 } 882 op->o_tmpfree( dp->ndn.bv_val, op->o_tmpmemctx ); 883 op->o_tmpfree( dp->dn.bv_val, op->o_tmpmemctx ); 884 op->o_tmpfree( dp, op->o_tmpmemctx ); 885 } 886 op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx ); 887 if ( rc == LDAP_BUSY ) { 888 pausing = 1; 889 /* re-queue this op */ 890 ldap_pvt_thread_mutex_lock( &id->qmutex ); 891 rq->next = id->qhead; 892 id->qhead = rq; 893 if ( !id->qtail ) 894 id->qtail = rq; 895 ldap_pvt_thread_mutex_unlock( &id->qmutex ); 896 break; 897 } 898 899 if ( !BER_BVISNULL( &rq->newndn )) { 900 ch_free( rq->newndn.bv_val ); 901 ch_free( rq->newdn.bv_val ); 902 } 903 ch_free( rq->oldndn.bv_val ); 904 ch_free( rq->olddn.bv_val ); 905 ch_free( rq ); 906 } 907 908 /* free filter */ 909 for ( fptr = ftop.f_or; fptr; ) { 910 Filter *f_next = fptr->f_next; 911 op->o_tmpfree( fptr, op->o_tmpmemctx ); 912 fptr = f_next; 913 } 914 915 /* wait until we get explicitly scheduled again */ 916 ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex ); 917 ldap_pvt_runqueue_stoptask( &slapd_rq, id->qtask ); 918 if ( pausing ) { 919 /* try to run again as soon as the pause is done */ 920 id->qtask->interval.tv_sec = 0; 921 ldap_pvt_runqueue_resched( &slapd_rq, id->qtask, 0 ); 922 id->qtask->interval.tv_sec = RUNQ_INTERVAL; 923 } else { 924 ldap_pvt_runqueue_resched( &slapd_rq,id->qtask, 1 ); 925 } 926 ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex ); 927 928 return NULL; 929 } 930 931 /* 932 ** refint_response 933 ** search for matching records and modify them 934 */ 935 936 static int 937 refint_response( 938 Operation *op, 939 SlapReply *rs 940 ) 941 { 942 refint_pre *rp; 943 slap_overinst *on; 944 refint_data *id; 945 BerValue pdn; 946 refint_q *rq; 947 refint_attrs *ip; 948 int ac; 949 950 /* If the main op failed or is not a Delete or ModRdn, ignore it */ 951 if (( op->o_tag != LDAP_REQ_DELETE && op->o_tag != LDAP_REQ_MODRDN ) || 952 rs->sr_err != LDAP_SUCCESS ) 953 return SLAP_CB_CONTINUE; 954 955 rp = op->o_callback->sc_private; 956 on = rp->on; 957 id = on->on_bi.bi_private; 958 959 rq = ch_calloc( 1, sizeof( refint_q )); 960 ber_dupbv( &rq->olddn, &op->o_req_dn ); 961 ber_dupbv( &rq->oldndn, &op->o_req_ndn ); 962 rq->db = id->db; 963 rq->rdata = id; 964 rq->do_sub = rp->do_sub; 965 966 if ( op->o_tag == LDAP_REQ_MODRDN ) { 967 if ( op->oq_modrdn.rs_newSup ) { 968 pdn = *op->oq_modrdn.rs_newSup; 969 } else { 970 dnParent( &op->o_req_dn, &pdn ); 971 } 972 build_new_dn( &rq->newdn, &pdn, &op->orr_newrdn, NULL ); 973 if ( op->oq_modrdn.rs_nnewSup ) { 974 pdn = *op->oq_modrdn.rs_nnewSup; 975 } else { 976 dnParent( &op->o_req_ndn, &pdn ); 977 } 978 build_new_dn( &rq->newndn, &pdn, &op->orr_nnewrdn, NULL ); 979 } 980 981 ldap_pvt_thread_mutex_lock( &id->qmutex ); 982 if ( id->qtail ) { 983 id->qtail->next = rq; 984 } else { 985 id->qhead = rq; 986 } 987 id->qtail = rq; 988 ldap_pvt_thread_mutex_unlock( &id->qmutex ); 989 990 ac = 0; 991 ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex ); 992 if ( !id->qtask ) { 993 id->qtask = ldap_pvt_runqueue_insert( &slapd_rq, RUNQ_INTERVAL, 994 refint_qtask, id, "refint_qtask", 995 op->o_bd->be_suffix[0].bv_val ); 996 ac = 1; 997 } else { 998 if ( !ldap_pvt_runqueue_isrunning( &slapd_rq, id->qtask ) && 999 !id->qtask->next_sched.tv_sec ) { 1000 id->qtask->interval.tv_sec = 0; 1001 ldap_pvt_runqueue_resched( &slapd_rq, id->qtask, 0 ); 1002 id->qtask->interval.tv_sec = RUNQ_INTERVAL; 1003 ac = 1; 1004 } 1005 } 1006 ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex ); 1007 if ( ac ) 1008 slap_wake_listener(); 1009 1010 return SLAP_CB_CONTINUE; 1011 } 1012 1013 /* Check if the target entry exists and has children. 1014 * Do nothing if target doesn't exist. 1015 */ 1016 static int 1017 refint_preop( 1018 Operation *op, 1019 SlapReply *rs 1020 ) 1021 { 1022 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; 1023 refint_data *id = on->on_bi.bi_private; 1024 Entry *e; 1025 int rc; 1026 1027 /* are any attrs configured? */ 1028 if ( !id->attrs ) 1029 return SLAP_CB_CONTINUE; 1030 1031 rc = overlay_entry_get_ov( op, &op->o_req_ndn, NULL, NULL, 0, &e, on ); 1032 if ( rc == LDAP_SUCCESS ) { 1033 slap_callback *sc = op->o_tmpcalloc( 1, 1034 sizeof(slap_callback)+sizeof(refint_pre), op->o_tmpmemctx ); 1035 refint_pre *rp = (refint_pre *)(sc+1); 1036 rp->on = on; 1037 rp->do_sub = 1; /* assume there are children */ 1038 if ( op->o_bd->be_has_subordinates ) { 1039 int has = 0; 1040 rc = op->o_bd->be_has_subordinates( op, e, &has ); 1041 /* there definitely are not children */ 1042 if ( rc == LDAP_SUCCESS && has == LDAP_COMPARE_FALSE ) 1043 rp->do_sub = 0; 1044 } 1045 overlay_entry_release_ov( op, e, 0, on ); 1046 sc->sc_response = refint_response; 1047 sc->sc_private = rp; 1048 sc->sc_next = op->o_callback; 1049 op->o_callback = sc; 1050 } 1051 return SLAP_CB_CONTINUE; 1052 } 1053 1054 /* 1055 ** init_module is last so the symbols resolve "for free" -- 1056 ** it expects to be called automagically during dynamic module initialization 1057 */ 1058 1059 int refint_initialize() { 1060 int rc; 1061 1062 mr_dnSubtreeMatch = mr_find( "dnSubtreeMatch" ); 1063 if ( mr_dnSubtreeMatch == NULL ) { 1064 Debug( LDAP_DEBUG_ANY, "refint_initialize: " 1065 "unable to find MatchingRule 'dnSubtreeMatch'.\n", 1066 0, 0, 0 ); 1067 return 1; 1068 } 1069 1070 /* statically declared just after the #includes at top */ 1071 refint.on_bi.bi_type = "refint"; 1072 refint.on_bi.bi_db_init = refint_db_init; 1073 refint.on_bi.bi_db_destroy = refint_db_destroy; 1074 refint.on_bi.bi_db_open = refint_open; 1075 refint.on_bi.bi_db_close = refint_close; 1076 refint.on_bi.bi_op_delete = refint_preop; 1077 refint.on_bi.bi_op_modrdn = refint_preop; 1078 1079 refint.on_bi.bi_cf_ocs = refintocs; 1080 rc = config_register_schema ( refintcfg, refintocs ); 1081 if ( rc ) return rc; 1082 1083 return(overlay_register(&refint)); 1084 } 1085 1086 #if SLAPD_OVER_REFINT == SLAPD_MOD_DYNAMIC && defined(PIC) 1087 int init_module(int argc, char *argv[]) { 1088 return refint_initialize(); 1089 } 1090 #endif 1091 1092 #endif /* SLAPD_OVER_REFINT */ 1093