1 /* $NetBSD: refint.c,v 1.3 2021/08/14 16:15:02 christos Exp $ */ 2 3 /* refint.c - referential integrity module */ 4 /* $OpenLDAP$ */ 5 /* This work is part of OpenLDAP Software <http://www.openldap.org/>. 6 * 7 * Copyright 2004-2021 The OpenLDAP Foundation. 8 * Portions Copyright 2004 Symas Corporation. 9 * All rights reserved. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted only as authorized by the OpenLDAP 13 * Public License. 14 * 15 * A copy of this license is available in the file LICENSE in the 16 * top-level directory of the distribution or, alternatively, at 17 * <http://www.OpenLDAP.org/license.html>. 18 */ 19 /* ACKNOWLEDGEMENTS: 20 * This work was initially developed by Symas Corp. for inclusion in 21 * OpenLDAP Software. This work was sponsored by Hewlett-Packard. 22 */ 23 24 #include <sys/cdefs.h> 25 __RCSID("$NetBSD: refint.c,v 1.3 2021/08/14 16:15:02 christos Exp $"); 26 27 #include "portable.h" 28 29 /* This module maintains referential integrity for a set of 30 * DN-valued attributes by searching for all references to a given 31 * DN whenever the DN is changed or its entry is deleted, and making 32 * the appropriate update. 33 * 34 * Updates are performed using the database rootdn in a separate task 35 * to allow the original operation to complete immediately. 36 */ 37 38 #ifdef SLAPD_OVER_REFINT 39 40 #include <stdio.h> 41 42 #include <ac/string.h> 43 #include <ac/socket.h> 44 45 #include "slap.h" 46 #include "slap-config.h" 47 #include "ldap_rq.h" 48 49 static slap_overinst refint; 50 51 /* The DN to use in the ModifiersName for all refint updates */ 52 static BerValue refint_dn = BER_BVC("cn=Referential Integrity Overlay"); 53 static BerValue refint_ndn = BER_BVC("cn=referential integrity overlay"); 54 55 typedef struct refint_attrs_s { 56 struct refint_attrs_s *next; 57 AttributeDescription *attr; 58 BerVarray old_vals; 59 BerVarray old_nvals; 60 BerVarray new_vals; 61 BerVarray new_nvals; 62 int ra_numvals; 63 int dont_empty; 64 } refint_attrs; 65 66 typedef struct dependents_s { 67 struct dependents_s *next; 68 BerValue dn; /* target dn */ 69 BerValue ndn; 70 refint_attrs *attrs; 71 } dependent_data; 72 73 typedef struct refint_q { 74 struct refint_q *next; 75 struct refint_data_s *rdata; 76 dependent_data *attrs; /* entries and attrs returned from callback */ 77 BackendDB *db; 78 BerValue olddn; 79 BerValue oldndn; 80 BerValue newdn; 81 BerValue newndn; 82 int do_sub; 83 } refint_q; 84 85 typedef struct refint_data_s { 86 struct refint_attrs_s *attrs; /* list of known attrs */ 87 BerValue dn; /* basedn in parent, */ 88 BerValue nothing; /* the nothing value, if needed */ 89 BerValue nnothing; /* normalized nothingness */ 90 BerValue refint_dn; /* modifier's name */ 91 BerValue refint_ndn; /* normalized modifier's name */ 92 struct re_s *qtask; 93 refint_q *qhead; 94 refint_q *qtail; 95 BackendDB *db; 96 ldap_pvt_thread_mutex_t qmutex; 97 } refint_data; 98 99 typedef struct refint_pre_s { 100 slap_overinst *on; 101 int do_sub; 102 } refint_pre; 103 104 #define RUNQ_INTERVAL 36000 /* a long time */ 105 106 static MatchingRule *mr_dnSubtreeMatch; 107 108 enum { 109 REFINT_ATTRS = 1, 110 REFINT_NOTHING, 111 REFINT_MODIFIERSNAME 112 }; 113 114 static ConfigDriver refint_cf_gen; 115 116 static ConfigTable refintcfg[] = { 117 { "refint_attributes", "attribute...", 2, 0, 0, 118 ARG_MAGIC|REFINT_ATTRS, refint_cf_gen, 119 "( OLcfgOvAt:11.1 NAME 'olcRefintAttribute' " 120 "DESC 'Attributes for referential integrity' " 121 "EQUALITY caseIgnoreMatch " 122 "SYNTAX OMsDirectoryString )", NULL, NULL }, 123 { "refint_nothing", "string", 2, 2, 0, 124 ARG_DN|ARG_QUOTE|ARG_MAGIC|REFINT_NOTHING, refint_cf_gen, 125 "( OLcfgOvAt:11.2 NAME 'olcRefintNothing' " 126 "DESC 'Replacement DN to supply when needed' " 127 "EQUALITY distinguishedNameMatch " 128 "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL }, 129 { "refint_modifiersName", "DN", 2, 2, 0, 130 ARG_DN|ARG_QUOTE|ARG_MAGIC|REFINT_MODIFIERSNAME, refint_cf_gen, 131 "( OLcfgOvAt:11.3 NAME 'olcRefintModifiersName' " 132 "DESC 'The DN to use as modifiersName' " 133 "EQUALITY distinguishedNameMatch " 134 "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL }, 135 { NULL, NULL, 0, 0, 0, ARG_IGNORED } 136 }; 137 138 static ConfigOCs refintocs[] = { 139 { "( OLcfgOvOc:11.1 " 140 "NAME 'olcRefintConfig' " 141 "DESC 'Referential integrity configuration' " 142 "SUP olcOverlayConfig " 143 "MAY ( olcRefintAttribute " 144 "$ olcRefintNothing " 145 "$ olcRefintModifiersName " 146 ") )", 147 Cft_Overlay, refintcfg }, 148 { NULL, 0, NULL } 149 }; 150 151 static int 152 refint_cf_gen(ConfigArgs *c) 153 { 154 slap_overinst *on = (slap_overinst *)c->bi; 155 refint_data *dd = (refint_data *)on->on_bi.bi_private; 156 refint_attrs *ip, *pip, **pipp = NULL; 157 AttributeDescription *ad; 158 const char *text; 159 int rc = ARG_BAD_CONF; 160 int i; 161 162 switch ( c->op ) { 163 case SLAP_CONFIG_EMIT: 164 switch ( c->type ) { 165 case REFINT_ATTRS: 166 ip = dd->attrs; 167 while ( ip ) { 168 value_add_one( &c->rvalue_vals, 169 &ip->attr->ad_cname ); 170 ip = ip->next; 171 } 172 rc = 0; 173 break; 174 case REFINT_NOTHING: 175 if ( !BER_BVISEMPTY( &dd->nothing )) { 176 rc = value_add_one( &c->rvalue_vals, 177 &dd->nothing ); 178 if ( rc ) return rc; 179 rc = value_add_one( &c->rvalue_nvals, 180 &dd->nnothing ); 181 return rc; 182 } 183 rc = 0; 184 break; 185 case REFINT_MODIFIERSNAME: 186 if ( !BER_BVISEMPTY( &dd->refint_dn )) { 187 rc = value_add_one( &c->rvalue_vals, 188 &dd->refint_dn ); 189 if ( rc ) return rc; 190 rc = value_add_one( &c->rvalue_nvals, 191 &dd->refint_ndn ); 192 return rc; 193 } 194 rc = 0; 195 break; 196 default: 197 abort (); 198 } 199 break; 200 case LDAP_MOD_DELETE: 201 switch ( c->type ) { 202 case REFINT_ATTRS: 203 pipp = &dd->attrs; 204 if ( c->valx < 0 ) { 205 ip = *pipp; 206 *pipp = NULL; 207 while ( ip ) { 208 pip = ip; 209 ip = ip->next; 210 ch_free ( pip ); 211 } 212 } else { 213 /* delete from linked list */ 214 for ( i=0; i < c->valx; ++i ) { 215 pipp = &(*pipp)->next; 216 } 217 ip = *pipp; 218 *pipp = (*pipp)->next; 219 220 /* AttributeDescriptions are global so 221 * shouldn't be freed here... */ 222 ch_free ( ip ); 223 } 224 rc = 0; 225 break; 226 case REFINT_NOTHING: 227 ch_free( dd->nothing.bv_val ); 228 ch_free( dd->nnothing.bv_val ); 229 BER_BVZERO( &dd->nothing ); 230 BER_BVZERO( &dd->nnothing ); 231 rc = 0; 232 break; 233 case REFINT_MODIFIERSNAME: 234 ch_free( dd->refint_dn.bv_val ); 235 ch_free( dd->refint_ndn.bv_val ); 236 BER_BVZERO( &dd->refint_dn ); 237 BER_BVZERO( &dd->refint_ndn ); 238 rc = 0; 239 break; 240 default: 241 abort (); 242 } 243 break; 244 case SLAP_CONFIG_ADD: 245 /* fallthru to LDAP_MOD_ADD */ 246 case LDAP_MOD_ADD: 247 switch ( c->type ) { 248 case REFINT_ATTRS: 249 rc = 0; 250 for ( i=1; i < c->argc; ++i ) { 251 ad = NULL; 252 if ( slap_str2ad ( c->argv[i], &ad, &text ) 253 == LDAP_SUCCESS) { 254 ip = ch_malloc ( 255 sizeof ( refint_attrs ) ); 256 ip->attr = ad; 257 ip->next = dd->attrs; 258 dd->attrs = ip; 259 } else { 260 snprintf( c->cr_msg, sizeof( c->cr_msg ), 261 "%s <%s>: %s", c->argv[0], c->argv[i], text ); 262 Debug ( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, 263 "%s: %s\n", c->log, c->cr_msg ); 264 rc = ARG_BAD_CONF; 265 } 266 } 267 break; 268 case REFINT_NOTHING: 269 if ( !BER_BVISNULL( &c->value_ndn )) { 270 ch_free ( dd->nothing.bv_val ); 271 ch_free ( dd->nnothing.bv_val ); 272 dd->nothing = c->value_dn; 273 dd->nnothing = c->value_ndn; 274 rc = 0; 275 } else { 276 rc = ARG_BAD_CONF; 277 } 278 break; 279 case REFINT_MODIFIERSNAME: 280 if ( !BER_BVISNULL( &c->value_ndn )) { 281 ch_free( dd->refint_dn.bv_val ); 282 ch_free( dd->refint_ndn.bv_val ); 283 dd->refint_dn = c->value_dn; 284 dd->refint_ndn = c->value_ndn; 285 rc = 0; 286 } else { 287 rc = ARG_BAD_CONF; 288 } 289 break; 290 default: 291 abort (); 292 } 293 break; 294 default: 295 abort (); 296 } 297 298 return rc; 299 } 300 301 /* 302 ** allocate new refint_data; 303 ** store in on_bi.bi_private; 304 ** 305 */ 306 307 static int 308 refint_db_init( 309 BackendDB *be, 310 ConfigReply *cr 311 ) 312 { 313 slap_overinst *on = (slap_overinst *)be->bd_info; 314 refint_data *id = ch_calloc(1,sizeof(refint_data)); 315 316 on->on_bi.bi_private = id; 317 ldap_pvt_thread_mutex_init( &id->qmutex ); 318 return(0); 319 } 320 321 static int 322 refint_db_destroy( 323 BackendDB *be, 324 ConfigReply *cr 325 ) 326 { 327 slap_overinst *on = (slap_overinst *)be->bd_info; 328 329 if ( on->on_bi.bi_private ) { 330 refint_data *id = on->on_bi.bi_private; 331 refint_attrs *ii, *ij; 332 333 on->on_bi.bi_private = NULL; 334 ldap_pvt_thread_mutex_destroy( &id->qmutex ); 335 336 for(ii = id->attrs; ii; ii = ij) { 337 ij = ii->next; 338 ch_free(ii); 339 } 340 341 ch_free( id->nothing.bv_val ); 342 BER_BVZERO( &id->nothing ); 343 ch_free( id->nnothing.bv_val ); 344 BER_BVZERO( &id->nnothing ); 345 346 ch_free( id ); 347 } 348 return(0); 349 } 350 351 /* 352 ** initialize, copy basedn if not already set 353 ** 354 */ 355 356 static int 357 refint_open( 358 BackendDB *be, 359 ConfigReply *cr 360 ) 361 { 362 slap_overinst *on = (slap_overinst *)be->bd_info; 363 refint_data *id = on->on_bi.bi_private; 364 365 if ( BER_BVISNULL( &id->dn )) { 366 if ( BER_BVISNULL( &be->be_nsuffix[0] )) 367 return -1; 368 ber_dupbv( &id->dn, &be->be_nsuffix[0] ); 369 } 370 if ( BER_BVISNULL( &id->refint_dn ) ) { 371 ber_dupbv( &id->refint_dn, &refint_dn ); 372 ber_dupbv( &id->refint_ndn, &refint_ndn ); 373 } 374 375 /* 376 ** find the backend that matches our configured basedn; 377 ** make sure it exists and has search and modify methods; 378 ** 379 */ 380 381 if ( on->on_info->oi_origdb != frontendDB ) { 382 BackendDB *db = select_backend(&id->dn, 1); 383 384 if ( db ) { 385 BackendInfo *bi; 386 if ( db == be ) 387 bi = on->on_info->oi_orig; 388 else 389 bi = db->bd_info; 390 if ( !bi->bi_op_search || !bi->bi_op_modify ) { 391 Debug( LDAP_DEBUG_CONFIG, 392 "refint_response: backend missing search and/or modify\n" ); 393 return -1; 394 } 395 id->db = db; 396 } else { 397 Debug( LDAP_DEBUG_CONFIG, 398 "refint_response: no backend for our baseDN %s??\n", 399 id->dn.bv_val ); 400 return -1; 401 } 402 } 403 return(0); 404 } 405 406 407 /* 408 ** free our basedn; 409 ** free our refintdn 410 ** 411 */ 412 413 static int 414 refint_close( 415 BackendDB *be, 416 ConfigReply *cr 417 ) 418 { 419 slap_overinst *on = (slap_overinst *) be->bd_info; 420 refint_data *id = on->on_bi.bi_private; 421 422 ch_free( id->dn.bv_val ); 423 BER_BVZERO( &id->dn ); 424 ch_free( id->refint_dn.bv_val ); 425 BER_BVZERO( &id->refint_dn ); 426 ch_free( id->refint_ndn.bv_val ); 427 BER_BVZERO( &id->refint_ndn ); 428 429 return(0); 430 } 431 432 /* 433 ** search callback 434 ** generates a list of Attributes from search results 435 */ 436 437 static int 438 refint_search_cb( 439 Operation *op, 440 SlapReply *rs 441 ) 442 { 443 Attribute *a; 444 BerVarray b = NULL; 445 refint_q *rq = op->o_callback->sc_private; 446 refint_data *dd = rq->rdata; 447 refint_attrs *ia, *da = dd->attrs, *na; 448 dependent_data *ip; 449 int i; 450 451 Debug(LDAP_DEBUG_TRACE, "refint_search_cb <%s>\n", 452 rs->sr_entry ? rs->sr_entry->e_name.bv_val : "NOTHING" ); 453 454 if (rs->sr_type != REP_SEARCH || !rs->sr_entry) return(0); 455 456 /* 457 ** foreach configured attribute type: 458 ** if this attr exists in the search result, 459 ** and it has a value matching the target: 460 ** allocate an attr; 461 ** save/build DNs of any subordinate matches; 462 ** handle special case: found exact + subordinate match; 463 ** handle olcRefintNothing; 464 ** 465 */ 466 467 ip = op->o_tmpalloc(sizeof(dependent_data), op->o_tmpmemctx ); 468 ber_dupbv_x( &ip->dn, &rs->sr_entry->e_name, op->o_tmpmemctx ); 469 ber_dupbv_x( &ip->ndn, &rs->sr_entry->e_nname, op->o_tmpmemctx ); 470 ip->next = rq->attrs; 471 rq->attrs = ip; 472 ip->attrs = NULL; 473 for(ia = da; ia; ia = ia->next) { 474 if ( (a = attr_find(rs->sr_entry->e_attrs, ia->attr) ) ) { 475 int exact = -1, is_exact; 476 477 na = NULL; 478 479 /* Are we doing subtree matching or simple equality? */ 480 if ( rq->do_sub ) { 481 for(i = 0, b = a->a_nvals; b[i].bv_val; i++) { 482 if(dnIsSuffix(&b[i], &rq->oldndn)) { 483 is_exact = b[i].bv_len == rq->oldndn.bv_len; 484 485 /* Paranoia: skip buggy duplicate exact match, 486 * it would break ra_numvals 487 */ 488 if ( is_exact && exact >= 0 ) 489 continue; 490 491 /* first match? create structure */ 492 if ( na == NULL ) { 493 na = op->o_tmpcalloc( 1, 494 sizeof( refint_attrs ), 495 op->o_tmpmemctx ); 496 na->next = ip->attrs; 497 ip->attrs = na; 498 na->attr = ia->attr; 499 } 500 501 na->ra_numvals++; 502 503 if ( is_exact ) { 504 /* Exact match: refint_repair will deduce the DNs */ 505 exact = i; 506 507 } else { 508 /* Subordinate match */ 509 struct berval newsub, newdn, olddn, oldndn; 510 511 /* Save old DN */ 512 ber_dupbv_x( &olddn, &a->a_vals[i], op->o_tmpmemctx ); 513 ber_bvarray_add_x( &na->old_vals, &olddn, op->o_tmpmemctx ); 514 515 ber_dupbv_x( &oldndn, &a->a_nvals[i], op->o_tmpmemctx ); 516 ber_bvarray_add_x( &na->old_nvals, &oldndn, op->o_tmpmemctx ); 517 518 if ( BER_BVISEMPTY( &rq->newdn ) ) 519 continue; 520 521 /* Rename subordinate match: Build new DN */ 522 newsub = a->a_vals[i]; 523 newsub.bv_len -= rq->olddn.bv_len + 1; 524 build_new_dn( &newdn, &rq->newdn, &newsub, op->o_tmpmemctx ); 525 ber_bvarray_add_x( &na->new_vals, &newdn, op->o_tmpmemctx ); 526 527 newsub = a->a_nvals[i]; 528 newsub.bv_len -= rq->oldndn.bv_len + 1; 529 build_new_dn( &newdn, &rq->newndn, &newsub, op->o_tmpmemctx ); 530 ber_bvarray_add_x( &na->new_nvals, &newdn, op->o_tmpmemctx ); 531 } 532 } 533 } 534 535 /* If we got both subordinate and exact match, 536 * refint_repair won't special-case the exact match */ 537 if ( exact >= 0 && na->old_vals ) { 538 struct berval dn; 539 540 ber_dupbv_x( &dn, &a->a_vals[exact], op->o_tmpmemctx ); 541 ber_bvarray_add_x( &na->old_vals, &dn, op->o_tmpmemctx ); 542 ber_dupbv_x( &dn, &a->a_nvals[exact], op->o_tmpmemctx ); 543 ber_bvarray_add_x( &na->old_nvals, &dn, op->o_tmpmemctx ); 544 545 if ( !BER_BVISEMPTY( &rq->newdn ) ) { 546 ber_dupbv_x( &dn, &rq->newdn, op->o_tmpmemctx ); 547 ber_bvarray_add_x( &na->new_vals, &dn, op->o_tmpmemctx ); 548 ber_dupbv_x( &dn, &rq->newndn, op->o_tmpmemctx ); 549 ber_bvarray_add_x( &na->new_nvals, &dn, op->o_tmpmemctx ); 550 } 551 } 552 } else { 553 /* entry has no children, just equality matching */ 554 is_exact = attr_valfind( a, 555 SLAP_MR_EQUALITY|SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH| 556 SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH, &rq->oldndn, &i, NULL ); 557 if ( is_exact == LDAP_SUCCESS ) { 558 na = op->o_tmpcalloc( 1, 559 sizeof( refint_attrs ), 560 op->o_tmpmemctx ); 561 na->next = ip->attrs; 562 ip->attrs = na; 563 na->attr = ia->attr; 564 na->ra_numvals = 1; 565 } 566 } 567 568 /* Deleting/replacing all values and a nothing DN is configured? */ 569 if ( na && na->ra_numvals == a->a_numvals && !BER_BVISNULL(&dd->nothing) ) 570 na->dont_empty = 1; 571 572 Debug( LDAP_DEBUG_TRACE, "refint_search_cb: %s: %s (#%d)\n", 573 a->a_desc->ad_cname.bv_val, rq->olddn.bv_val, i ); 574 } 575 } 576 577 return(0); 578 } 579 580 static int 581 refint_repair( 582 Operation *op, 583 refint_data *id, 584 refint_q *rq ) 585 { 586 dependent_data *dp; 587 SlapReply rs = {REP_RESULT}; 588 Operation op2; 589 unsigned long opid; 590 int rc; 591 int cache; 592 593 op->o_callback->sc_response = refint_search_cb; 594 op->o_req_dn = op->o_bd->be_suffix[ 0 ]; 595 op->o_req_ndn = op->o_bd->be_nsuffix[ 0 ]; 596 op->o_dn = op->o_bd->be_rootdn; 597 op->o_ndn = op->o_bd->be_rootndn; 598 cache = op->o_do_not_cache; 599 op->o_do_not_cache = 1; 600 601 /* search */ 602 rc = op->o_bd->be_search( op, &rs ); 603 op->o_do_not_cache = cache; 604 605 if ( rc != LDAP_SUCCESS ) { 606 Debug( LDAP_DEBUG_TRACE, 607 "refint_repair: search failed: %d\n", 608 rc ); 609 return rc; 610 } 611 612 /* safety? paranoid just in case */ 613 if ( op->o_callback->sc_private == NULL ) { 614 Debug( LDAP_DEBUG_TRACE, 615 "refint_repair: callback wiped out sc_private?!\n" ); 616 return 0; 617 } 618 619 /* Set up the Modify requests */ 620 op->o_callback->sc_response = &slap_null_cb; 621 622 /* 623 * [our search callback builds a list of attrs] 624 * foreach attr: 625 * make sure its dn has a backend; 626 * build Modification* chain; 627 * call the backend modify function; 628 * 629 */ 630 631 opid = op->o_opid; 632 op2 = *op; 633 for ( dp = rq->attrs; dp; dp = dp->next ) { 634 SlapReply rs2 = {REP_RESULT}; 635 refint_attrs *ra; 636 Modifications *m; 637 638 if ( dp->attrs == NULL ) continue; /* TODO: Is this needed? */ 639 640 op2.o_bd = select_backend( &dp->ndn, 1 ); 641 if ( !op2.o_bd ) { 642 Debug( LDAP_DEBUG_TRACE, 643 "refint_repair: no backend for DN %s!\n", 644 dp->dn.bv_val ); 645 continue; 646 } 647 op2.o_tag = LDAP_REQ_MODIFY; 648 op2.orm_modlist = NULL; 649 op2.o_req_dn = dp->dn; 650 op2.o_req_ndn = dp->ndn; 651 /* Internal ops, never replicate these */ 652 op2.orm_no_opattrs = 1; 653 op2.o_dont_replicate = 1; 654 op2.o_opid = 0; 655 656 /* Set our ModifiersName */ 657 if ( SLAP_LASTMOD( op->o_bd ) ) { 658 m = op2.o_tmpalloc( sizeof(Modifications) + 659 4*sizeof(BerValue), op2.o_tmpmemctx ); 660 m->sml_next = op2.orm_modlist; 661 op2.orm_modlist = m; 662 m->sml_op = LDAP_MOD_REPLACE; 663 m->sml_flags = SLAP_MOD_INTERNAL; 664 m->sml_desc = slap_schema.si_ad_modifiersName; 665 m->sml_type = m->sml_desc->ad_cname; 666 m->sml_numvals = 1; 667 m->sml_values = (BerVarray)(m+1); 668 m->sml_nvalues = m->sml_values+2; 669 BER_BVZERO( &m->sml_values[1] ); 670 BER_BVZERO( &m->sml_nvalues[1] ); 671 m->sml_values[0] = id->refint_dn; 672 m->sml_nvalues[0] = id->refint_ndn; 673 } 674 675 for ( ra = dp->attrs; ra; ra = ra->next ) { 676 size_t len; 677 678 /* Add values */ 679 if ( ra->dont_empty || !BER_BVISEMPTY( &rq->newdn ) ) { 680 len = sizeof(Modifications); 681 682 if ( ra->new_vals == NULL ) { 683 len += 4*sizeof(BerValue); 684 } 685 686 m = op2.o_tmpalloc( len, op2.o_tmpmemctx ); 687 m->sml_next = op2.orm_modlist; 688 op2.orm_modlist = m; 689 m->sml_op = LDAP_MOD_ADD; 690 m->sml_flags = 0; 691 m->sml_desc = ra->attr; 692 m->sml_type = ra->attr->ad_cname; 693 if ( ra->new_vals == NULL ) { 694 m->sml_values = (BerVarray)(m+1); 695 m->sml_nvalues = m->sml_values+2; 696 BER_BVZERO( &m->sml_values[1] ); 697 BER_BVZERO( &m->sml_nvalues[1] ); 698 m->sml_numvals = 1; 699 if ( BER_BVISEMPTY( &rq->newdn ) ) { 700 m->sml_values[0] = id->nothing; 701 m->sml_nvalues[0] = id->nnothing; 702 } else { 703 m->sml_values[0] = rq->newdn; 704 m->sml_nvalues[0] = rq->newndn; 705 } 706 } else { 707 m->sml_values = ra->new_vals; 708 m->sml_nvalues = ra->new_nvals; 709 m->sml_numvals = ra->ra_numvals; 710 } 711 } 712 713 /* Delete values */ 714 len = sizeof(Modifications); 715 if ( ra->old_vals == NULL ) { 716 len += 4*sizeof(BerValue); 717 } 718 m = op2.o_tmpalloc( len, op2.o_tmpmemctx ); 719 m->sml_next = op2.orm_modlist; 720 op2.orm_modlist = m; 721 m->sml_op = LDAP_MOD_DELETE; 722 m->sml_flags = 0; 723 m->sml_desc = ra->attr; 724 m->sml_type = ra->attr->ad_cname; 725 if ( ra->old_vals == NULL ) { 726 m->sml_numvals = 1; 727 m->sml_values = (BerVarray)(m+1); 728 m->sml_nvalues = m->sml_values+2; 729 m->sml_values[0] = rq->olddn; 730 m->sml_nvalues[0] = rq->oldndn; 731 BER_BVZERO( &m->sml_values[1] ); 732 BER_BVZERO( &m->sml_nvalues[1] ); 733 } else { 734 m->sml_values = ra->old_vals; 735 m->sml_nvalues = ra->old_nvals; 736 m->sml_numvals = ra->ra_numvals; 737 } 738 } 739 740 op2.o_dn = op2.o_bd->be_rootdn; 741 op2.o_ndn = op2.o_bd->be_rootndn; 742 rc = op2.o_bd->be_modify( &op2, &rs2 ); 743 if ( rc != LDAP_SUCCESS ) { 744 Debug( LDAP_DEBUG_TRACE, 745 "refint_repair: dependent modify failed: %d\n", 746 rs2.sr_err ); 747 } 748 749 while ( ( m = op2.orm_modlist ) ) { 750 op2.orm_modlist = m->sml_next; 751 op2.o_tmpfree( m, op2.o_tmpmemctx ); 752 } 753 } 754 op2.o_opid = opid; 755 756 return 0; 757 } 758 759 static void * 760 refint_qtask( void *ctx, void *arg ) 761 { 762 struct re_s *rtask = arg; 763 refint_data *id = rtask->arg; 764 Connection conn = {0}; 765 OperationBuffer opbuf; 766 Operation *op; 767 slap_callback cb = { NULL, NULL, NULL, NULL }; 768 Filter ftop, *fptr; 769 refint_q *rq; 770 refint_attrs *ip; 771 int pausing = 0, rc = 0; 772 773 connection_fake_init( &conn, &opbuf, ctx ); 774 op = &opbuf.ob_op; 775 776 /* 777 ** build a search filter for all configured attributes; 778 ** populate our Operation; 779 ** pass our data (attr list, dn) to backend via sc_private; 780 ** call the backend search function; 781 ** nb: (|(one=thing)) is valid, but do smart formatting anyway; 782 ** nb: 16 is arbitrarily a dozen or so extra bytes; 783 ** 784 */ 785 786 ftop.f_choice = LDAP_FILTER_OR; 787 ftop.f_next = NULL; 788 ftop.f_or = NULL; 789 op->ors_filter = &ftop; 790 for(ip = id->attrs; ip; ip = ip->next) { 791 /* this filter can be either EQUALITY or EXT */ 792 fptr = op->o_tmpcalloc( sizeof(Filter) + sizeof(MatchingRuleAssertion), 793 1, op->o_tmpmemctx ); 794 fptr->f_mra = (MatchingRuleAssertion *)(fptr+1); 795 fptr->f_mr_rule = mr_dnSubtreeMatch; 796 fptr->f_mr_rule_text = mr_dnSubtreeMatch->smr_bvoid; 797 fptr->f_mr_desc = ip->attr; 798 fptr->f_mr_dnattrs = 0; 799 fptr->f_next = ftop.f_or; 800 ftop.f_or = fptr; 801 } 802 803 for (;;) { 804 dependent_data *dp, *dp_next; 805 refint_attrs *ra, *ra_next; 806 807 if ( ldap_pvt_thread_pool_pausing( &connection_pool ) > 0 ) { 808 pausing = 1; 809 break; 810 } 811 812 /* Dequeue an op */ 813 ldap_pvt_thread_mutex_lock( &id->qmutex ); 814 rq = id->qhead; 815 if ( rq ) { 816 id->qhead = rq->next; 817 if ( !id->qhead ) 818 id->qtail = NULL; 819 } 820 ldap_pvt_thread_mutex_unlock( &id->qmutex ); 821 if ( !rq ) 822 break; 823 824 for (fptr = ftop.f_or; fptr; fptr = fptr->f_next ) { 825 fptr->f_mr_value = rq->oldndn; 826 /* Use (attr:dnSubtreeMatch:=value) to catch subtree rename 827 * and subtree delete where supported */ 828 if (rq->do_sub) 829 fptr->f_choice = LDAP_FILTER_EXT; 830 else 831 fptr->f_choice = LDAP_FILTER_EQUALITY; 832 } 833 834 filter2bv_x( op, op->ors_filter, &op->ors_filterstr ); 835 836 /* callback gets the searched dn instead */ 837 cb.sc_private = rq; 838 cb.sc_response = refint_search_cb; 839 op->o_callback = &cb; 840 op->o_tag = LDAP_REQ_SEARCH; 841 op->ors_scope = LDAP_SCOPE_SUBTREE; 842 op->ors_deref = LDAP_DEREF_NEVER; 843 op->ors_limit = NULL; 844 op->ors_slimit = SLAP_NO_LIMIT; 845 op->ors_tlimit = SLAP_NO_LIMIT; 846 847 /* no attrs! */ 848 op->ors_attrs = slap_anlist_no_attrs; 849 850 slap_op_time( &op->o_time, &op->o_tincr ); 851 852 if ( rq->db != NULL ) { 853 op->o_bd = rq->db; 854 rc = refint_repair( op, id, rq ); 855 856 } else { 857 BackendDB *be; 858 859 LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) { 860 /* we may want to skip cn=config */ 861 if ( be == LDAP_STAILQ_FIRST(&backendDB) ) { 862 continue; 863 } 864 865 if ( be->be_search && be->be_modify ) { 866 op->o_bd = be; 867 rc = refint_repair( op, id, rq ); 868 } 869 } 870 } 871 872 for ( dp = rq->attrs; dp; dp = dp_next ) { 873 dp_next = dp->next; 874 for ( ra = dp->attrs; ra; ra = ra_next ) { 875 ra_next = ra->next; 876 ber_bvarray_free_x( ra->new_nvals, op->o_tmpmemctx ); 877 ber_bvarray_free_x( ra->new_vals, op->o_tmpmemctx ); 878 ber_bvarray_free_x( ra->old_nvals, op->o_tmpmemctx ); 879 ber_bvarray_free_x( ra->old_vals, op->o_tmpmemctx ); 880 op->o_tmpfree( ra, op->o_tmpmemctx ); 881 } 882 op->o_tmpfree( dp->ndn.bv_val, op->o_tmpmemctx ); 883 op->o_tmpfree( dp->dn.bv_val, op->o_tmpmemctx ); 884 op->o_tmpfree( dp, op->o_tmpmemctx ); 885 } 886 op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx ); 887 if ( rc == LDAP_BUSY ) { 888 pausing = 1; 889 /* re-queue this op */ 890 ldap_pvt_thread_mutex_lock( &id->qmutex ); 891 rq->next = id->qhead; 892 id->qhead = rq; 893 if ( !id->qtail ) 894 id->qtail = rq; 895 ldap_pvt_thread_mutex_unlock( &id->qmutex ); 896 break; 897 } 898 899 if ( !BER_BVISNULL( &rq->newndn )) { 900 ch_free( rq->newndn.bv_val ); 901 ch_free( rq->newdn.bv_val ); 902 } 903 ch_free( rq->oldndn.bv_val ); 904 ch_free( rq->olddn.bv_val ); 905 ch_free( rq ); 906 } 907 908 /* free filter */ 909 for ( fptr = ftop.f_or; fptr; ) { 910 Filter *f_next = fptr->f_next; 911 op->o_tmpfree( fptr, op->o_tmpmemctx ); 912 fptr = f_next; 913 } 914 915 /* wait until we get explicitly scheduled again */ 916 ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex ); 917 ldap_pvt_runqueue_stoptask( &slapd_rq, id->qtask ); 918 if ( pausing ) { 919 /* try to run again as soon as the pause is done */ 920 id->qtask->interval.tv_sec = 0; 921 ldap_pvt_runqueue_resched( &slapd_rq, id->qtask, 0 ); 922 id->qtask->interval.tv_sec = RUNQ_INTERVAL; 923 } else { 924 ldap_pvt_runqueue_resched( &slapd_rq,id->qtask, 1 ); 925 } 926 ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex ); 927 928 return NULL; 929 } 930 931 /* 932 ** refint_response 933 ** search for matching records and modify them 934 */ 935 936 static int 937 refint_response( 938 Operation *op, 939 SlapReply *rs 940 ) 941 { 942 refint_pre *rp; 943 slap_overinst *on; 944 refint_data *id; 945 BerValue pdn; 946 refint_q *rq; 947 refint_attrs *ip; 948 int ac; 949 950 /* If the main op failed or is not a Delete or ModRdn, ignore it */ 951 if (( op->o_tag != LDAP_REQ_DELETE && op->o_tag != LDAP_REQ_MODRDN ) || 952 rs->sr_err != LDAP_SUCCESS ) 953 return SLAP_CB_CONTINUE; 954 955 rp = op->o_callback->sc_private; 956 on = rp->on; 957 id = on->on_bi.bi_private; 958 959 rq = ch_calloc( 1, sizeof( refint_q )); 960 ber_dupbv( &rq->olddn, &op->o_req_dn ); 961 ber_dupbv( &rq->oldndn, &op->o_req_ndn ); 962 rq->db = id->db; 963 rq->rdata = id; 964 rq->do_sub = rp->do_sub; 965 966 if ( op->o_tag == LDAP_REQ_MODRDN ) { 967 if ( op->oq_modrdn.rs_newSup ) { 968 pdn = *op->oq_modrdn.rs_newSup; 969 } else { 970 dnParent( &op->o_req_dn, &pdn ); 971 } 972 build_new_dn( &rq->newdn, &pdn, &op->orr_newrdn, NULL ); 973 if ( op->oq_modrdn.rs_nnewSup ) { 974 pdn = *op->oq_modrdn.rs_nnewSup; 975 } else { 976 dnParent( &op->o_req_ndn, &pdn ); 977 } 978 build_new_dn( &rq->newndn, &pdn, &op->orr_nnewrdn, NULL ); 979 } 980 981 ldap_pvt_thread_mutex_lock( &id->qmutex ); 982 if ( id->qtail ) { 983 id->qtail->next = rq; 984 } else { 985 id->qhead = rq; 986 } 987 id->qtail = rq; 988 ldap_pvt_thread_mutex_unlock( &id->qmutex ); 989 990 ac = 0; 991 ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex ); 992 if ( !id->qtask ) { 993 id->qtask = ldap_pvt_runqueue_insert( &slapd_rq, RUNQ_INTERVAL, 994 refint_qtask, id, "refint_qtask", 995 op->o_bd->be_suffix[0].bv_val ); 996 ac = 1; 997 } else { 998 if ( !ldap_pvt_runqueue_isrunning( &slapd_rq, id->qtask ) && 999 !id->qtask->next_sched.tv_sec ) { 1000 id->qtask->interval.tv_sec = 0; 1001 ldap_pvt_runqueue_resched( &slapd_rq, id->qtask, 0 ); 1002 id->qtask->interval.tv_sec = RUNQ_INTERVAL; 1003 ac = 1; 1004 } 1005 } 1006 ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex ); 1007 if ( ac ) 1008 slap_wake_listener(); 1009 1010 return SLAP_CB_CONTINUE; 1011 } 1012 1013 /* Check if the target entry exists and has children. 1014 * Do nothing if target doesn't exist. 1015 */ 1016 static int 1017 refint_preop( 1018 Operation *op, 1019 SlapReply *rs 1020 ) 1021 { 1022 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; 1023 refint_data *id = on->on_bi.bi_private; 1024 Entry *e; 1025 int rc; 1026 1027 /* are any attrs configured? */ 1028 if ( !id->attrs ) 1029 return SLAP_CB_CONTINUE; 1030 1031 rc = overlay_entry_get_ov( op, &op->o_req_ndn, NULL, NULL, 0, &e, on ); 1032 if ( rc == LDAP_SUCCESS ) { 1033 slap_callback *sc = op->o_tmpcalloc( 1, 1034 sizeof(slap_callback)+sizeof(refint_pre), op->o_tmpmemctx ); 1035 refint_pre *rp = (refint_pre *)(sc+1); 1036 rp->on = on; 1037 rp->do_sub = 1; /* assume there are children */ 1038 if ( op->o_bd->be_has_subordinates ) { 1039 int has = 0; 1040 rc = op->o_bd->be_has_subordinates( op, e, &has ); 1041 /* there definitely are not children */ 1042 if ( rc == LDAP_SUCCESS && has == LDAP_COMPARE_FALSE ) 1043 rp->do_sub = 0; 1044 } 1045 overlay_entry_release_ov( op, e, 0, on ); 1046 sc->sc_response = refint_response; 1047 sc->sc_private = rp; 1048 sc->sc_next = op->o_callback; 1049 op->o_callback = sc; 1050 } 1051 return SLAP_CB_CONTINUE; 1052 } 1053 1054 /* 1055 ** init_module is last so the symbols resolve "for free" -- 1056 ** it expects to be called automagically during dynamic module initialization 1057 */ 1058 1059 int refint_initialize() { 1060 int rc; 1061 1062 mr_dnSubtreeMatch = mr_find( "dnSubtreeMatch" ); 1063 if ( mr_dnSubtreeMatch == NULL ) { 1064 Debug( LDAP_DEBUG_ANY, "refint_initialize: " 1065 "unable to find MatchingRule 'dnSubtreeMatch'.\n" ); 1066 return 1; 1067 } 1068 1069 /* statically declared just after the #includes at top */ 1070 refint.on_bi.bi_type = "refint"; 1071 refint.on_bi.bi_db_init = refint_db_init; 1072 refint.on_bi.bi_db_destroy = refint_db_destroy; 1073 refint.on_bi.bi_db_open = refint_open; 1074 refint.on_bi.bi_db_close = refint_close; 1075 refint.on_bi.bi_op_delete = refint_preop; 1076 refint.on_bi.bi_op_modrdn = refint_preop; 1077 1078 refint.on_bi.bi_cf_ocs = refintocs; 1079 rc = config_register_schema ( refintcfg, refintocs ); 1080 if ( rc ) return rc; 1081 1082 return(overlay_register(&refint)); 1083 } 1084 1085 #if SLAPD_OVER_REFINT == SLAPD_MOD_DYNAMIC && defined(PIC) 1086 int init_module(int argc, char *argv[]) { 1087 return refint_initialize(); 1088 } 1089 #endif 1090 1091 #endif /* SLAPD_OVER_REFINT */ 1092