summaryrefslogtreecommitdiffstats
path: root/servers/slapd/back-meta/candidates.c
diff options
context:
space:
mode:
Diffstat (limited to 'servers/slapd/back-meta/candidates.c')
-rw-r--r--servers/slapd/back-meta/candidates.c284
1 files changed, 284 insertions, 0 deletions
diff --git a/servers/slapd/back-meta/candidates.c b/servers/slapd/back-meta/candidates.c
new file mode 100644
index 0000000..561cfeb
--- /dev/null
+++ b/servers/slapd/back-meta/candidates.c
@@ -0,0 +1,284 @@
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2018 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include "ac/string.h"
+
+#include "slap.h"
+#include "../back-ldap/back-ldap.h"
+#include "back-meta.h"
+
+/*
+ * The meta-directory has one suffix, called <suffix>.
+ * It handles a pool of target servers, each with a branch suffix
+ * of the form <branch X>,<suffix>, where <branch X> may be empty.
+ *
+ * When the meta-directory receives a request with a request DN that belongs
+ * to a branch, the corresponding target is invoked. When the request DN
+ * does not belong to a specific branch, all the targets that
+ * are compatible with the request DN are selected as candidates, and
+ * the request is spawned to all the candidate targets
+ *
+ * A request is characterized by a request DN. The following cases are
+ * handled:
+ * - the request DN is the suffix: <dn> == <suffix>,
+ * all the targets are candidates (search ...)
+ * - the request DN is a branch suffix: <dn> == <branch X>,<suffix>, or
+ * - the request DN is a subtree of a branch suffix:
+ * <dn> == <rdn>,<branch X>,<suffix>,
+ * the target is the only candidate.
+ *
+ * A possible extension will include the handling of multiple suffixes
+ */
+
+static metasubtree_t *
+meta_subtree_match( metatarget_t *mt, struct berval *ndn, int scope )
+{
+ metasubtree_t *ms = mt->mt_subtree;
+
+ for ( ms = mt->mt_subtree; ms; ms = ms->ms_next ) {
+ switch ( ms->ms_type ) {
+ case META_ST_SUBTREE:
+ if ( dnIsSuffix( ndn, &ms->ms_dn ) ) {
+ return ms;
+ }
+ break;
+
+ case META_ST_SUBORDINATE:
+ if ( dnIsSuffix( ndn, &ms->ms_dn ) &&
+ ( ndn->bv_len > ms->ms_dn.bv_len || scope != LDAP_SCOPE_BASE ) )
+ {
+ return ms;
+ }
+ break;
+
+ case META_ST_REGEX:
+ /* NOTE: cannot handle scope */
+ if ( regexec( &ms->ms_regex, ndn->bv_val, 0, NULL, 0 ) == 0 ) {
+ return ms;
+ }
+ break;
+ }
+ }
+
+ return NULL;
+}
+
+/*
+ * returns 1 if suffix is candidate for dn, otherwise 0
+ *
+ * Note: this function should never be called if dn is the <suffix>.
+ */
+int
+meta_back_is_candidate(
+ metatarget_t *mt,
+ struct berval *ndn,
+ int scope )
+{
+ struct berval rdn;
+ int d = ndn->bv_len - mt->mt_nsuffix.bv_len;
+
+ if ( d >= 0 ) {
+ if ( !dnIsSuffix( ndn, &mt->mt_nsuffix ) ) {
+ return META_NOT_CANDIDATE;
+ }
+
+ /*
+ * | match | exclude |
+ * +---------+---------+-------------------+
+ * | T | T | not candidate |
+ * | F | T | continue checking |
+ * +---------+---------+-------------------+
+ * | T | F | candidate |
+ * | F | F | not candidate |
+ * +---------+---------+-------------------+
+ */
+
+ if ( mt->mt_subtree ) {
+ int match = ( meta_subtree_match( mt, ndn, scope ) != NULL );
+
+ if ( !mt->mt_subtree_exclude ) {
+ return match ? META_CANDIDATE : META_NOT_CANDIDATE;
+ }
+
+ if ( match /* && mt->mt_subtree_exclude */ ) {
+ return META_NOT_CANDIDATE;
+ }
+ }
+
+ switch ( mt->mt_scope ) {
+ case LDAP_SCOPE_SUBTREE:
+ default:
+ return META_CANDIDATE;
+
+ case LDAP_SCOPE_SUBORDINATE:
+ if ( d > 0 ) {
+ return META_CANDIDATE;
+ }
+ break;
+
+ /* nearly useless; not allowed by config */
+ case LDAP_SCOPE_ONELEVEL:
+ if ( d > 0 ) {
+ rdn.bv_val = ndn->bv_val;
+ rdn.bv_len = (ber_len_t)d - STRLENOF( "," );
+ if ( dnIsOneLevelRDN( &rdn ) ) {
+ return META_CANDIDATE;
+ }
+ }
+ break;
+
+ /* nearly useless; not allowed by config */
+ case LDAP_SCOPE_BASE:
+ if ( d == 0 ) {
+ return META_CANDIDATE;
+ }
+ break;
+ }
+
+ } else /* if ( d < 0 ) */ {
+ if ( !dnIsSuffix( &mt->mt_nsuffix, ndn ) ) {
+ return META_NOT_CANDIDATE;
+ }
+
+ switch ( scope ) {
+ case LDAP_SCOPE_SUBTREE:
+ case LDAP_SCOPE_SUBORDINATE:
+ /*
+ * suffix longer than dn, but common part matches
+ */
+ return META_CANDIDATE;
+
+ case LDAP_SCOPE_ONELEVEL:
+ rdn.bv_val = mt->mt_nsuffix.bv_val;
+ rdn.bv_len = (ber_len_t)(-d) - STRLENOF( "," );
+ if ( dnIsOneLevelRDN( &rdn ) ) {
+ return META_CANDIDATE;
+ }
+ break;
+ }
+ }
+
+ return META_NOT_CANDIDATE;
+}
+
+/*
+ * meta_back_select_unique_candidate
+ *
+ * returns the index of the candidate in case it is unique, otherwise
+ * META_TARGET_NONE if none matches, or
+ * META_TARGET_MULTIPLE if more than one matches
+ * Note: ndn MUST be normalized.
+ */
+int
+meta_back_select_unique_candidate(
+ metainfo_t *mi,
+ struct berval *ndn )
+{
+ int i, candidate = META_TARGET_NONE;
+
+ for ( i = 0; i < mi->mi_ntargets; i++ ) {
+ metatarget_t *mt = mi->mi_targets[ i ];
+
+ if ( meta_back_is_candidate( mt, ndn, LDAP_SCOPE_BASE ) ) {
+ if ( candidate == META_TARGET_NONE ) {
+ candidate = i;
+
+ } else {
+ return META_TARGET_MULTIPLE;
+ }
+ }
+ }
+
+ return candidate;
+}
+
+/*
+ * meta_clear_unused_candidates
+ *
+ * clears all candidates except candidate
+ */
+int
+meta_clear_unused_candidates(
+ Operation *op,
+ int candidate )
+{
+ metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
+ int i;
+ SlapReply *candidates = meta_back_candidates_get( op );
+
+ for ( i = 0; i < mi->mi_ntargets; ++i ) {
+ if ( i == candidate ) {
+ continue;
+ }
+ META_CANDIDATE_RESET( &candidates[ i ] );
+ }
+
+ return 0;
+}
+
+/*
+ * meta_clear_one_candidate
+ *
+ * clears the selected candidate
+ */
+int
+meta_clear_one_candidate(
+ Operation *op,
+ metaconn_t *mc,
+ int candidate )
+{
+ metasingleconn_t *msc = &mc->mc_conns[ candidate ];
+
+ if ( msc->msc_ld != NULL ) {
+
+#ifdef DEBUG_205
+ char buf[ BUFSIZ ];
+
+ snprintf( buf, sizeof( buf ), "meta_clear_one_candidate ldap_unbind_ext[%d] mc=%p ld=%p",
+ candidate, (void *)mc, (void *)msc->msc_ld );
+ Debug( LDAP_DEBUG_ANY, "### %s %s\n",
+ op ? op->o_log_prefix : "", buf, 0 );
+#endif /* DEBUG_205 */
+
+ ldap_unbind_ext( msc->msc_ld, NULL, NULL );
+ msc->msc_ld = NULL;
+ }
+
+ if ( !BER_BVISNULL( &msc->msc_bound_ndn ) ) {
+ ber_memfree_x( msc->msc_bound_ndn.bv_val, NULL );
+ BER_BVZERO( &msc->msc_bound_ndn );
+ }
+
+ if ( !BER_BVISNULL( &msc->msc_cred ) ) {
+ memset( msc->msc_cred.bv_val, 0, msc->msc_cred.bv_len );
+ ber_memfree_x( msc->msc_cred.bv_val, NULL );
+ BER_BVZERO( &msc->msc_cred );
+ }
+
+ msc->msc_mscflags = 0;
+
+ return 0;
+}
+