diff options
Diffstat (limited to 'servers/slapd/back-ldif/ldif.c')
-rw-r--r-- | servers/slapd/back-ldif/ldif.c | 1936 |
1 files changed, 1936 insertions, 0 deletions
diff --git a/servers/slapd/back-ldif/ldif.c b/servers/slapd/back-ldif/ldif.c new file mode 100644 index 0000000..addaac5 --- /dev/null +++ b/servers/slapd/back-ldif/ldif.c @@ -0,0 +1,1936 @@ +/* ldif.c - the ldif backend */ +/* $OpenLDAP$ */ +/* This work is part of OpenLDAP Software <http://www.openldap.org/>. + * + * Copyright 2005-2021 The OpenLDAP Foundation. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in the file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * <http://www.OpenLDAP.org/license.html>. + */ +/* ACKNOWLEDGEMENTS: + * This work was originally developed by Eric Stokes for inclusion + * in OpenLDAP Software. + */ + +#include "portable.h" +#include <stdio.h> +#include <ac/string.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <ac/dirent.h> +#include <fcntl.h> +#include <ac/errno.h> +#include <ac/unistd.h> +#include "slap.h" +#include "lutil.h" +#include "config.h" + +struct ldif_tool { + Entry **entries; /* collected by bi_tool_entry_first() */ + ID elen; /* length of entries[] array */ + ID ecount; /* number of entries */ + ID ecurrent; /* bi_tool_entry_next() position */ +# define ENTRY_BUFF_INCREMENT 500 /* initial entries[] length */ + struct berval *tl_base; + int tl_scope; + Filter *tl_filter; +}; + +/* Per-database data */ +struct ldif_info { + struct berval li_base_path; /* database directory */ + struct ldif_tool li_tool; /* for slap tools */ + /* + * Read-only LDAP requests readlock li_rdwr for filesystem input. + * Update requests first lock li_modop_mutex for filesystem I/O, + * and then writelock li_rdwr as well for filesystem output. + * This allows update requests to do callbacks that acquire + * read locks, e.g. access controls that inspect entries. + * (An alternative would be recursive read/write locks.) + */ + ldap_pvt_thread_mutex_t li_modop_mutex; /* serialize update requests */ + ldap_pvt_thread_rdwr_t li_rdwr; /* no other I/O when writing */ +}; + +static int write_data( int fd, const char *spew, int len, int *save_errno ); + +#ifdef _WIN32 +#define mkdir(a,b) mkdir(a) +#define move_file(from, to) (!MoveFileEx(from, to, MOVEFILE_REPLACE_EXISTING)) +#else +#define move_file(from, to) rename(from, to) +#endif +#define move_dir(from, to) rename(from, to) + + +#define LDIF ".ldif" +#define LDIF_FILETYPE_SEP '.' /* LDIF[0] */ + +/* + * Unsafe/translated characters in the filesystem. + * + * LDIF_UNSAFE_CHAR(c) returns true if the character c is not to be used + * in relative filenames, except it should accept '\\', '{' and '}' even + * if unsafe. The value should be a constant expression. + * + * If '\\' is unsafe, #define LDIF_ESCAPE_CHAR as a safe character. + * If '{' and '}' are unsafe, #define IX_FSL/IX_FSR as safe characters. + * (Not digits, '-' or '+'. IX_FSL == IX_FSR is allowed.) + * + * Characters are escaped as LDIF_ESCAPE_CHAR followed by two hex digits, + * except '\\' is replaced with LDIF_ESCAPE_CHAR and {} with IX_FS[LR]. + * Also some LDIF special chars are hex-escaped. + * + * Thus an LDIF filename is a valid normalized RDN (or suffix DN) + * followed by ".ldif", except with '\\' replaced with LDIF_ESCAPE_CHAR. + */ + +#ifndef _WIN32 + +/* + * Unix/MacOSX version. ':' vs '/' can cause confusion on MacOSX so we + * escape both. We escape them on Unix so both OS variants get the same + * filenames. + */ +#define LDIF_ESCAPE_CHAR '\\' +#define LDIF_UNSAFE_CHAR(c) ((c) == '/' || (c) == ':') + +#else /* _WIN32 */ + +/* Windows version - Microsoft's list of unsafe characters, except '\\' */ +#define LDIF_ESCAPE_CHAR '^' /* Not '\\' (unsafe on Windows) */ +#define LDIF_UNSAFE_CHAR(c) \ + ((c) == '/' || (c) == ':' || \ + (c) == '<' || (c) == '>' || (c) == '"' || \ + (c) == '|' || (c) == '?' || (c) == '*') + +#endif /* !_WIN32 */ + +/* + * Left and Right "{num}" prefix to ordered RDNs ("olcDatabase={1}bdb"). + * IX_DN* are for LDAP RDNs, IX_FS* for their .ldif filenames. + */ +#define IX_DNL '{' +#define IX_DNR '}' +#ifndef IX_FSL +#define IX_FSL IX_DNL +#define IX_FSR IX_DNR +#endif + +/* + * Test for unsafe chars, as well as chars handled specially by back-ldif: + * - If the escape char is not '\\', it must itself be escaped. Otherwise + * '\\' and the escape char would map to the same character. + * - Escape the '.' in ".ldif", so the directory for an RDN that actually + * ends with ".ldif" can not conflict with a file of the same name. And + * since some OSes/programs choke on multiple '.'s, escape all of them. + * - If '{' and '}' are translated to some other characters, those + * characters must in turn be escaped when they occur in an RDN. + */ +#ifndef LDIF_NEED_ESCAPE +#define LDIF_NEED_ESCAPE(c) \ + ((LDIF_UNSAFE_CHAR(c)) || \ + LDIF_MAYBE_UNSAFE(c, LDIF_ESCAPE_CHAR) || \ + LDIF_MAYBE_UNSAFE(c, LDIF_FILETYPE_SEP) || \ + LDIF_MAYBE_UNSAFE(c, IX_FSL) || \ + (IX_FSR != IX_FSL && LDIF_MAYBE_UNSAFE(c, IX_FSR))) +#endif +/* + * Helper macro for LDIF_NEED_ESCAPE(): Treat character x as unsafe if + * back-ldif does not already treat is specially. + */ +#define LDIF_MAYBE_UNSAFE(c, x) \ + (!(LDIF_UNSAFE_CHAR(x) || (x) == '\\' || (x) == IX_DNL || (x) == IX_DNR) \ + && (c) == (x)) + +/* Collect other "safe char" tests here, until someone needs a fix. */ +enum { + eq_unsafe = LDIF_UNSAFE_CHAR('='), + safe_filenames = STRLENOF("" LDAP_DIRSEP "") == 1 && !( + LDIF_UNSAFE_CHAR('-') || /* for "{-1}frontend" in bconfig.c */ + LDIF_UNSAFE_CHAR(LDIF_ESCAPE_CHAR) || + LDIF_UNSAFE_CHAR(IX_FSL) || LDIF_UNSAFE_CHAR(IX_FSR)) +}; +/* Sanity check: Try to force a compilation error if !safe_filenames */ +typedef struct { + int assert_safe_filenames : safe_filenames ? 2 : -2; +} assert_safe_filenames[safe_filenames ? 2 : -2]; + + +static ConfigTable ldifcfg[] = { + { "directory", "dir", 2, 2, 0, ARG_BERVAL|ARG_OFFSET, + (void *)offsetof(struct ldif_info, li_base_path), + "( OLcfgDbAt:0.1 NAME 'olcDbDirectory' " + "DESC 'Directory for database content' " + "EQUALITY caseIgnoreMatch " + "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL }, + { NULL, NULL, 0, 0, 0, ARG_IGNORED, + NULL, NULL, NULL, NULL } +}; + +static ConfigOCs ldifocs[] = { + { "( OLcfgDbOc:2.1 " + "NAME 'olcLdifConfig' " + "DESC 'LDIF backend configuration' " + "SUP olcDatabaseConfig " + "MUST ( olcDbDirectory ) )", Cft_Database, ldifcfg }, + { NULL, 0, NULL } +}; + + +/* + * Handle file/directory names. + */ + +/* Set *res = LDIF filename path for the normalized DN */ +static int +ndn2path( Operation *op, struct berval *dn, struct berval *res, int empty_ok ) +{ + BackendDB *be = op->o_bd; + struct ldif_info *li = (struct ldif_info *) be->be_private; + struct berval *suffixdn = &be->be_nsuffix[0]; + const char *start, *end, *next, *p; + char ch, *ptr; + ber_len_t len; + static const char hex[] = "0123456789ABCDEF"; + + assert( dn != NULL ); + assert( !BER_BVISNULL( dn ) ); + assert( suffixdn != NULL ); + assert( !BER_BVISNULL( suffixdn ) ); + assert( dnIsSuffix( dn, suffixdn ) ); + + if ( dn->bv_len == 0 && !empty_ok ) { + return LDAP_UNWILLING_TO_PERFORM; + } + + start = dn->bv_val; + end = start + dn->bv_len; + + /* Room for dir, dirsep, dn, LDIF, "\hexpair"-escaping of unsafe chars */ + len = li->li_base_path.bv_len + dn->bv_len + (1 + STRLENOF( LDIF )); + for ( p = start; p < end; ) { + ch = *p++; + if ( LDIF_NEED_ESCAPE( ch ) ) + len += 2; + } + res->bv_val = ch_malloc( len + 1 ); + + ptr = lutil_strcopy( res->bv_val, li->li_base_path.bv_val ); + for ( next = end - suffixdn->bv_len; end > start; end = next ) { + /* Set p = start of DN component, next = &',' or start of DN */ + while ( (p = next) > start ) { + --next; + if ( DN_SEPARATOR( *next ) ) + break; + } + /* Append <dirsep> <p..end-1: RDN or database-suffix> */ + for ( *ptr++ = LDAP_DIRSEP[0]; p < end; *ptr++ = ch ) { + ch = *p++; + if ( LDIF_ESCAPE_CHAR != '\\' && ch == '\\' ) { + ch = LDIF_ESCAPE_CHAR; + } else if ( IX_FSL != IX_DNL && ch == IX_DNL ) { + ch = IX_FSL; + } else if ( IX_FSR != IX_DNR && ch == IX_DNR ) { + ch = IX_FSR; + } else if ( LDIF_NEED_ESCAPE( ch ) ) { + *ptr++ = LDIF_ESCAPE_CHAR; + *ptr++ = hex[(ch & 0xFFU) >> 4]; + ch = hex[ch & 0x0FU]; + } + } + } + ptr = lutil_strcopy( ptr, LDIF ); + res->bv_len = ptr - res->bv_val; + + assert( res->bv_len <= len ); + + return LDAP_SUCCESS; +} + +/* + * *dest = dupbv(<dir + LDAP_DIRSEP>), plus room for <more>-sized filename. + * Return pointer past the dirname. + */ +static char * +fullpath_alloc( struct berval *dest, const struct berval *dir, ber_len_t more ) +{ + char *s = SLAP_MALLOC( dir->bv_len + more + 2 ); + + dest->bv_val = s; + if ( s == NULL ) { + dest->bv_len = 0; + Debug( LDAP_DEBUG_ANY, "back-ldif: out of memory\n", 0, 0, 0 ); + } else { + s = lutil_strcopy( dest->bv_val, dir->bv_val ); + *s++ = LDAP_DIRSEP[0]; + *s = '\0'; + dest->bv_len = s - dest->bv_val; + } + return s; +} + +/* + * Append filename to fullpath_alloc() dirname or replace previous filename. + * dir_end = fullpath_alloc() return value. + */ +#define FILL_PATH(fpath, dir_end, filename) \ + ((fpath)->bv_len = lutil_strcopy(dir_end, filename) - (fpath)->bv_val) + + +/* .ldif entry filename length <-> subtree dirname length. */ +#define ldif2dir_len(bv) ((bv).bv_len -= STRLENOF(LDIF)) +#define dir2ldif_len(bv) ((bv).bv_len += STRLENOF(LDIF)) +/* .ldif entry filename <-> subtree dirname, both with dirname length. */ +#define ldif2dir_name(bv) ((bv).bv_val[(bv).bv_len] = '\0') +#define dir2ldif_name(bv) ((bv).bv_val[(bv).bv_len] = LDIF_FILETYPE_SEP) + +/* Get the parent directory path, plus the LDIF suffix overwritten by a \0. */ +static int +get_parent_path( struct berval *dnpath, struct berval *res ) +{ + ber_len_t i = dnpath->bv_len; + + while ( i > 0 && dnpath->bv_val[ --i ] != LDAP_DIRSEP[0] ) ; + if ( res == NULL ) { + res = dnpath; + } else { + res->bv_val = SLAP_MALLOC( i + 1 + STRLENOF(LDIF) ); + if ( res->bv_val == NULL ) + return LDAP_OTHER; + AC_MEMCPY( res->bv_val, dnpath->bv_val, i ); + } + res->bv_len = i; + strcpy( res->bv_val + i, LDIF ); + res->bv_val[i] = '\0'; + return LDAP_SUCCESS; +} + +/* Make temporary filename pattern for mkstemp() based on dnpath. */ +static char * +ldif_tempname( const struct berval *dnpath ) +{ + static const char suffix[] = ".XXXXXX"; + ber_len_t len = dnpath->bv_len - STRLENOF( LDIF ); + char *name = SLAP_MALLOC( len + sizeof( suffix ) ); + + if ( name != NULL ) { + AC_MEMCPY( name, dnpath->bv_val, len ); + strcpy( name + len, suffix ); + } + return name; +} + +/* CRC-32 table for the polynomial: + * x^32+x^26+x^23+x^22+x^16+x^12+x^11+x^10+x^8+x^7+x^5+x^4+x^2+x+1. + * + * As used by zlib + */ + +static const ber_uint_t crctab[256] = { + 0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL, 0x076dc419L, + 0x706af48fL, 0xe963a535L, 0x9e6495a3L, 0x0edb8832L, 0x79dcb8a4L, + 0xe0d5e91eL, 0x97d2d988L, 0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L, + 0x90bf1d91L, 0x1db71064L, 0x6ab020f2L, 0xf3b97148L, 0x84be41deL, + 0x1adad47dL, 0x6ddde4ebL, 0xf4d4b551L, 0x83d385c7L, 0x136c9856L, + 0x646ba8c0L, 0xfd62f97aL, 0x8a65c9ecL, 0x14015c4fL, 0x63066cd9L, + 0xfa0f3d63L, 0x8d080df5L, 0x3b6e20c8L, 0x4c69105eL, 0xd56041e4L, + 0xa2677172L, 0x3c03e4d1L, 0x4b04d447L, 0xd20d85fdL, 0xa50ab56bL, + 0x35b5a8faL, 0x42b2986cL, 0xdbbbc9d6L, 0xacbcf940L, 0x32d86ce3L, + 0x45df5c75L, 0xdcd60dcfL, 0xabd13d59L, 0x26d930acL, 0x51de003aL, + 0xc8d75180L, 0xbfd06116L, 0x21b4f4b5L, 0x56b3c423L, 0xcfba9599L, + 0xb8bda50fL, 0x2802b89eL, 0x5f058808L, 0xc60cd9b2L, 0xb10be924L, + 0x2f6f7c87L, 0x58684c11L, 0xc1611dabL, 0xb6662d3dL, 0x76dc4190L, + 0x01db7106L, 0x98d220bcL, 0xefd5102aL, 0x71b18589L, 0x06b6b51fL, + 0x9fbfe4a5L, 0xe8b8d433L, 0x7807c9a2L, 0x0f00f934L, 0x9609a88eL, + 0xe10e9818L, 0x7f6a0dbbL, 0x086d3d2dL, 0x91646c97L, 0xe6635c01L, + 0x6b6b51f4L, 0x1c6c6162L, 0x856530d8L, 0xf262004eL, 0x6c0695edL, + 0x1b01a57bL, 0x8208f4c1L, 0xf50fc457L, 0x65b0d9c6L, 0x12b7e950L, + 0x8bbeb8eaL, 0xfcb9887cL, 0x62dd1ddfL, 0x15da2d49L, 0x8cd37cf3L, + 0xfbd44c65L, 0x4db26158L, 0x3ab551ceL, 0xa3bc0074L, 0xd4bb30e2L, + 0x4adfa541L, 0x3dd895d7L, 0xa4d1c46dL, 0xd3d6f4fbL, 0x4369e96aL, + 0x346ed9fcL, 0xad678846L, 0xda60b8d0L, 0x44042d73L, 0x33031de5L, + 0xaa0a4c5fL, 0xdd0d7cc9L, 0x5005713cL, 0x270241aaL, 0xbe0b1010L, + 0xc90c2086L, 0x5768b525L, 0x206f85b3L, 0xb966d409L, 0xce61e49fL, + 0x5edef90eL, 0x29d9c998L, 0xb0d09822L, 0xc7d7a8b4L, 0x59b33d17L, + 0x2eb40d81L, 0xb7bd5c3bL, 0xc0ba6cadL, 0xedb88320L, 0x9abfb3b6L, + 0x03b6e20cL, 0x74b1d29aL, 0xead54739L, 0x9dd277afL, 0x04db2615L, + 0x73dc1683L, 0xe3630b12L, 0x94643b84L, 0x0d6d6a3eL, 0x7a6a5aa8L, + 0xe40ecf0bL, 0x9309ff9dL, 0x0a00ae27L, 0x7d079eb1L, 0xf00f9344L, + 0x8708a3d2L, 0x1e01f268L, 0x6906c2feL, 0xf762575dL, 0x806567cbL, + 0x196c3671L, 0x6e6b06e7L, 0xfed41b76L, 0x89d32be0L, 0x10da7a5aL, + 0x67dd4accL, 0xf9b9df6fL, 0x8ebeeff9L, 0x17b7be43L, 0x60b08ed5L, + 0xd6d6a3e8L, 0xa1d1937eL, 0x38d8c2c4L, 0x4fdff252L, 0xd1bb67f1L, + 0xa6bc5767L, 0x3fb506ddL, 0x48b2364bL, 0xd80d2bdaL, 0xaf0a1b4cL, + 0x36034af6L, 0x41047a60L, 0xdf60efc3L, 0xa867df55L, 0x316e8eefL, + 0x4669be79L, 0xcb61b38cL, 0xbc66831aL, 0x256fd2a0L, 0x5268e236L, + 0xcc0c7795L, 0xbb0b4703L, 0x220216b9L, 0x5505262fL, 0xc5ba3bbeL, + 0xb2bd0b28L, 0x2bb45a92L, 0x5cb36a04L, 0xc2d7ffa7L, 0xb5d0cf31L, + 0x2cd99e8bL, 0x5bdeae1dL, 0x9b64c2b0L, 0xec63f226L, 0x756aa39cL, + 0x026d930aL, 0x9c0906a9L, 0xeb0e363fL, 0x72076785L, 0x05005713L, + 0x95bf4a82L, 0xe2b87a14L, 0x7bb12baeL, 0x0cb61b38L, 0x92d28e9bL, + 0xe5d5be0dL, 0x7cdcefb7L, 0x0bdbdf21L, 0x86d3d2d4L, 0xf1d4e242L, + 0x68ddb3f8L, 0x1fda836eL, 0x81be16cdL, 0xf6b9265bL, 0x6fb077e1L, + 0x18b74777L, 0x88085ae6L, 0xff0f6a70L, 0x66063bcaL, 0x11010b5cL, + 0x8f659effL, 0xf862ae69L, 0x616bffd3L, 0x166ccf45L, 0xa00ae278L, + 0xd70dd2eeL, 0x4e048354L, 0x3903b3c2L, 0xa7672661L, 0xd06016f7L, + 0x4969474dL, 0x3e6e77dbL, 0xaed16a4aL, 0xd9d65adcL, 0x40df0b66L, + 0x37d83bf0L, 0xa9bcae53L, 0xdebb9ec5L, 0x47b2cf7fL, 0x30b5ffe9L, + 0xbdbdf21cL, 0xcabac28aL, 0x53b39330L, 0x24b4a3a6L, 0xbad03605L, + 0xcdd70693L, 0x54de5729L, 0x23d967bfL, 0xb3667a2eL, 0xc4614ab8L, + 0x5d681b02L, 0x2a6f2b94L, 0xb40bbe37L, 0xc30c8ea1L, 0x5a05df1bL, + 0x2d02ef8dL +}; + +#define CRC1 crc = crctab[(crc ^ *buf++) & 0xff] ^ (crc >> 8) +#define CRC8 CRC1; CRC1; CRC1; CRC1; CRC1; CRC1; CRC1; CRC1 +unsigned int +crc32(const void *vbuf, int len) +{ + const unsigned char *buf = vbuf; + ber_uint_t crc = 0xffffffff; + + while (len > 7) { + CRC8; + len -= 8; + } + while (len) { + CRC1; + len--; + } + + return crc ^ 0xffffffff; +} + +/* + * Read a file, or stat() it if datap == NULL. Allocate and fill *datap. + * Return LDAP_SUCCESS, LDAP_NO_SUCH_OBJECT (no such file), or another error. + */ +static int +ldif_read_file( const char *path, char **datap ) +{ + int rc = LDAP_SUCCESS, fd, len; + int res = -1; /* 0:success, <0:error, >0:file too big/growing. */ + struct stat st; + char *data = NULL, *ptr = NULL; + const char *msg; + + if ( datap == NULL ) { + res = stat( path, &st ); + goto done; + } + fd = open( path, O_RDONLY ); + if ( fd >= 0 ) { + if ( fstat( fd, &st ) == 0 ) { + if ( st.st_size > INT_MAX - 2 ) { + res = 1; + } else { + len = st.st_size + 1; /* +1 detects file size > st.st_size */ + *datap = data = ptr = SLAP_MALLOC( len + 1 ); + if ( ptr != NULL ) { + while ( len && (res = read( fd, ptr, len )) ) { + if ( res > 0 ) { + len -= res; + ptr += res; + } else if ( errno != EINTR ) { + break; + } + } + *ptr = '\0'; + } + } + } + if ( close( fd ) < 0 ) + res = -1; + } + + done: + if ( res == 0 ) { +#ifdef LDAP_DEBUG + msg = "entry file exists"; + if ( datap ) { + msg = "read entry file"; + len = ptr - data; + ptr = strstr( data, "\n# CRC32" ); + if (!ptr) { + msg = "read entry file without checksum"; + } else { + unsigned int crc1 = 0, crc2 = 1; + if ( sscanf( ptr + 9, "%08x", &crc1) == 1) { + ptr = strchr(ptr+1, '\n'); + if ( ptr ) { + ptr++; + len -= (ptr - data); + crc2 = crc32( ptr, len ); + } + } + if ( crc1 != crc2 ) { + Debug( LDAP_DEBUG_ANY, "ldif_read_file: checksum error on \"%s\"\n", + path, 0, 0 ); + return rc; + } + } + } + Debug( LDAP_DEBUG_TRACE, "ldif_read_file: %s: \"%s\"\n", msg, path, 0 ); +#endif /* LDAP_DEBUG */ + } else { + if ( res < 0 && errno == ENOENT ) { + Debug( LDAP_DEBUG_TRACE, "ldif_read_file: " + "no entry file \"%s\"\n", path, 0, 0 ); + rc = LDAP_NO_SUCH_OBJECT; + } else { + msg = res < 0 ? STRERROR( errno ) : "bad stat() size"; + Debug( LDAP_DEBUG_ANY, "ldif_read_file: %s for \"%s\"\n", + msg, path, 0 ); + rc = LDAP_OTHER; + } + if ( data != NULL ) + SLAP_FREE( data ); + } + return rc; +} + +/* + * return nonnegative for success or -1 for error + * do not return numbers less than -1 + */ +static int +spew_file( int fd, const char *spew, int len, int *save_errno ) +{ + int writeres; +#define HEADER "# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.\n" + char header[sizeof(HEADER "# CRC32 12345678\n")]; + + sprintf(header, HEADER "# CRC32 %08x\n", crc32(spew, len)); + writeres = write_data(fd, header, sizeof(header)-1, save_errno); + return writeres < 0 ? writeres : write_data(fd, spew, len, save_errno); +} + +static int +write_data( int fd, const char *spew, int len, int *save_errno ) +{ + int writeres = 0; + while(len > 0) { + writeres = write(fd, spew, len); + if(writeres == -1) { + *save_errno = errno; + if (*save_errno != EINTR) + break; + } + else { + spew += writeres; + len -= writeres; + } + } + return writeres; +} + +/* Write an entry LDIF file. Create parentdir first if non-NULL. */ +static int +ldif_write_entry( + Operation *op, + Entry *e, + const struct berval *path, + const char *parentdir, + const char **text ) +{ + int rc = LDAP_OTHER, res, save_errno = 0; + int fd, entry_length; + char *entry_as_string, *tmpfname; + + if ( op->o_abandon ) + return SLAPD_ABANDON; + + if ( parentdir != NULL && mkdir( parentdir, 0750 ) < 0 ) { + save_errno = errno; + Debug( LDAP_DEBUG_ANY, "ldif_write_entry: %s \"%s\": %s\n", + "cannot create parent directory", + parentdir, STRERROR( save_errno ) ); + *text = "internal error (cannot create parent directory)"; + return rc; + } + + tmpfname = ldif_tempname( path ); + fd = tmpfname == NULL ? -1 : mkstemp( tmpfname ); + if ( fd < 0 ) { + save_errno = errno; + Debug( LDAP_DEBUG_ANY, "ldif_write_entry: %s for \"%s\": %s\n", + "cannot create file", e->e_dn, STRERROR( save_errno ) ); + *text = "internal error (cannot create file)"; + + } else { + ber_len_t dn_len = e->e_name.bv_len; + struct berval rdn; + + /* Only save the RDN onto disk */ + dnRdn( &e->e_name, &rdn ); + if ( rdn.bv_len != dn_len ) { + e->e_name.bv_val[rdn.bv_len] = '\0'; + e->e_name.bv_len = rdn.bv_len; + } + + res = -2; + ldap_pvt_thread_mutex_lock( &entry2str_mutex ); + entry_as_string = entry2str( e, &entry_length ); + if ( entry_as_string != NULL ) + res = spew_file( fd, entry_as_string, entry_length, &save_errno ); + ldap_pvt_thread_mutex_unlock( &entry2str_mutex ); + + /* Restore full DN */ + if ( rdn.bv_len != dn_len ) { + e->e_name.bv_val[rdn.bv_len] = ','; + e->e_name.bv_len = dn_len; + } + + if ( close( fd ) < 0 && res >= 0 ) { + res = -1; + save_errno = errno; + } + + if ( res >= 0 ) { + if ( move_file( tmpfname, path->bv_val ) == 0 ) { + Debug( LDAP_DEBUG_TRACE, "ldif_write_entry: " + "wrote entry \"%s\"\n", e->e_name.bv_val, 0, 0 ); + rc = LDAP_SUCCESS; + } else { + save_errno = errno; + Debug( LDAP_DEBUG_ANY, "ldif_write_entry: " + "could not put entry file for \"%s\" in place: %s\n", + e->e_name.bv_val, STRERROR( save_errno ), 0 ); + *text = "internal error (could not put entry file in place)"; + } + } else if ( res == -1 ) { + Debug( LDAP_DEBUG_ANY, "ldif_write_entry: %s \"%s\": %s\n", + "write error to", tmpfname, STRERROR( save_errno ) ); + *text = "internal error (write error to entry file)"; + } + + if ( rc != LDAP_SUCCESS ) { + unlink( tmpfname ); + } + } + + if ( tmpfname ) + SLAP_FREE( tmpfname ); + return rc; +} + +/* + * Read the entry at path, or if entryp==NULL just see if it exists. + * pdn and pndn are the parent's DN and normalized DN, or both NULL. + * Return an LDAP result code. + */ +static int +ldif_read_entry( + Operation *op, + const char *path, + struct berval *pdn, + struct berval *pndn, + Entry **entryp, + const char **text ) +{ + int rc; + Entry *entry; + char *entry_as_string; + struct berval rdn; + + /* TODO: Does slapd prevent Abandon of Bind as per rfc4511? + * If so we need not check for LDAP_REQ_BIND here. + */ + if ( op->o_abandon && op->o_tag != LDAP_REQ_BIND ) + return SLAPD_ABANDON; + + rc = ldif_read_file( path, entryp ? &entry_as_string : NULL ); + + switch ( rc ) { + case LDAP_SUCCESS: + if ( entryp == NULL ) + break; + *entryp = entry = str2entry( entry_as_string ); + SLAP_FREE( entry_as_string ); + if ( entry == NULL ) { + rc = LDAP_OTHER; + if ( text != NULL ) + *text = "internal error (cannot parse some entry file)"; + break; + } + if ( pdn == NULL || BER_BVISEMPTY( pdn ) ) + break; + /* Append parent DN to DN from LDIF file */ + rdn = entry->e_name; + build_new_dn( &entry->e_name, pdn, &rdn, NULL ); + SLAP_FREE( rdn.bv_val ); + rdn = entry->e_nname; + build_new_dn( &entry->e_nname, pndn, &rdn, NULL ); + SLAP_FREE( rdn.bv_val ); + break; + + case LDAP_OTHER: + if ( text != NULL ) + *text = entryp + ? "internal error (cannot read some entry file)" + : "internal error (cannot stat some entry file)"; + break; + } + + return rc; +} + +/* + * Read the operation's entry, or if entryp==NULL just see if it exists. + * Return an LDAP result code. May set *text to a message on failure. + * If pathp is non-NULL, set it to the entry filename on success. + */ +static int +get_entry( + Operation *op, + Entry **entryp, + struct berval *pathp, + const char **text ) +{ + int rc; + struct berval path, pdn, pndn; + + dnParent( &op->o_req_dn, &pdn ); + dnParent( &op->o_req_ndn, &pndn ); + rc = ndn2path( op, &op->o_req_ndn, &path, 0 ); + if ( rc != LDAP_SUCCESS ) { + goto done; + } + + rc = ldif_read_entry( op, path.bv_val, &pdn, &pndn, entryp, text ); + + if ( rc == LDAP_SUCCESS && pathp != NULL ) { + *pathp = path; + } else { + SLAP_FREE( path.bv_val ); + } + done: + return rc; +} + + +/* + * RDN-named directory entry, with special handling of "attr={num}val" RDNs. + * For sorting, filename "attr=val.ldif" is truncated to "attr="val\0ldif", + * and filename "attr={num}val.ldif" to "attr={\0um}val.ldif". + * Does not sort escaped chars correctly, would need to un-escape them. + */ +typedef struct bvlist { + struct bvlist *next; + char *trunc; /* filename was truncated here */ + int inum; /* num from "attr={num}" in filename, or INT_MIN */ + char savech; /* original char at *trunc */ + /* BVL_NAME(&bvlist) is the filename, allocated after the struct: */ +# define BVL_NAME(bvl) ((char *) ((bvl) + 1)) +# define BVL_SIZE(namelen) (sizeof(bvlist) + (namelen) + 1) +} bvlist; + +static int +ldif_send_entry( Operation *op, SlapReply *rs, Entry *e, int scope ) +{ + int rc = LDAP_SUCCESS; + + if ( scope == LDAP_SCOPE_BASE || scope == LDAP_SCOPE_SUBTREE ) { + if ( rs == NULL ) { + /* Save the entry for tool mode */ + struct ldif_tool *tl = + &((struct ldif_info *) op->o_bd->be_private)->li_tool; + + if ( tl->ecount >= tl->elen ) { + /* Allocate/grow entries */ + ID elen = tl->elen ? tl->elen * 2 : ENTRY_BUFF_INCREMENT; + Entry **entries = (Entry **) SLAP_REALLOC( tl->entries, + sizeof(Entry *) * elen ); + if ( entries == NULL ) { + Debug( LDAP_DEBUG_ANY, + "ldif_send_entry: out of memory\n", 0, 0, 0 ); + rc = LDAP_OTHER; + goto done; + } + tl->elen = elen; + tl->entries = entries; + } + tl->entries[tl->ecount++] = e; + return rc; + } + + else if ( !get_manageDSAit( op ) && is_entry_referral( e ) ) { + /* Send a continuation reference. + * (ldif_back_referrals() handles baseobject referrals.) + * Don't check the filter since it's only a candidate. + */ + BerVarray refs = get_entry_referrals( op, e ); + rs->sr_ref = referral_rewrite( refs, &e->e_name, NULL, scope ); + rs->sr_entry = e; + rc = send_search_reference( op, rs ); + ber_bvarray_free( rs->sr_ref ); + ber_bvarray_free( refs ); + rs->sr_ref = NULL; + rs->sr_entry = NULL; + } + + else if ( test_filter( op, e, op->ors_filter ) == LDAP_COMPARE_TRUE ) { + rs->sr_entry = e; + rs->sr_attrs = op->ors_attrs; + /* Could set REP_ENTRY_MUSTBEFREED too for efficiency, + * but refraining lets us test unFREEable MODIFIABLE + * entries. Like entries built on the stack. + */ + rs->sr_flags = REP_ENTRY_MODIFIABLE; + rc = send_search_entry( op, rs ); + rs->sr_entry = NULL; + rs->sr_attrs = NULL; + } + } + + done: + entry_free( e ); + return rc; +} + +/* Read LDIF directory <path> into <listp>. Set *fname_maxlenp. */ +static int +ldif_readdir( + Operation *op, + SlapReply *rs, + const struct berval *path, + bvlist **listp, + ber_len_t *fname_maxlenp ) +{ + int rc = LDAP_SUCCESS; + DIR *dir_of_path; + + *listp = NULL; + *fname_maxlenp = 0; + + dir_of_path = opendir( path->bv_val ); + if ( dir_of_path == NULL ) { + int save_errno = errno; + struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private; + int is_rootDSE = (path->bv_len == li->li_base_path.bv_len); + + /* Absent directory is OK (leaf entry), except the database dir */ + if ( is_rootDSE || save_errno != ENOENT ) { + Debug( LDAP_DEBUG_ANY, + "=> ldif_search_entry: failed to opendir \"%s\": %s\n", + path->bv_val, STRERROR( save_errno ), 0 ); + rc = LDAP_OTHER; + if ( rs != NULL ) + rs->sr_text = + save_errno != ENOENT ? "internal error (bad directory)" + : "internal error (database directory does not exist)"; + } + + } else { + bvlist *ptr; + struct dirent *dir; + int save_errno = 0; + + while ( (dir = readdir( dir_of_path )) != NULL ) { + size_t fname_len; + bvlist *bvl, **prev; + char *trunc, *idxp, *endp, *endp2; + + fname_len = strlen( dir->d_name ); + if ( fname_len < STRLENOF( "x=" LDIF )) /* min filename size */ + continue; + if ( strcmp( dir->d_name + fname_len - STRLENOF(LDIF), LDIF )) + continue; + + if ( *fname_maxlenp < fname_len ) + *fname_maxlenp = fname_len; + + bvl = SLAP_MALLOC( BVL_SIZE( fname_len ) ); + if ( bvl == NULL ) { + rc = LDAP_OTHER; + save_errno = errno; + break; + } + strcpy( BVL_NAME( bvl ), dir->d_name ); + + /* Make it sortable by ("attr=val" or <preceding {num}, num>) */ + trunc = BVL_NAME( bvl ) + fname_len - STRLENOF( LDIF ); + if ( (idxp = strchr( BVL_NAME( bvl ) + 2, IX_FSL )) != NULL && + (endp = strchr( ++idxp, IX_FSR )) != NULL && endp > idxp && + (eq_unsafe || idxp[-2] == '=' || endp + 1 == trunc) ) + { + /* attr={n}val or bconfig.c's "pseudo-indexed" attr=val{n} */ + bvl->inum = strtol( idxp, &endp2, 10 ); + if ( endp2 == endp ) { + trunc = idxp; + goto truncate; + } + } + bvl->inum = INT_MIN; + truncate: + bvl->trunc = trunc; + bvl->savech = *trunc; + *trunc = '\0'; + + /* Insertion sort */ + for ( prev = listp; (ptr = *prev) != NULL; prev = &ptr->next ) { + int cmp = strcmp( BVL_NAME( bvl ), BVL_NAME( ptr )); + if ( cmp < 0 || (cmp == 0 && bvl->inum < ptr->inum) ) + break; + } + *prev = bvl; + bvl->next = ptr; + } + + if ( closedir( dir_of_path ) < 0 ) { + save_errno = errno; + rc = LDAP_OTHER; + if ( rs != NULL ) + rs->sr_text = "internal error (bad directory)"; + } + if ( rc != LDAP_SUCCESS ) { + Debug( LDAP_DEBUG_ANY, "ldif_search_entry: %s \"%s\": %s\n", + "error reading directory", path->bv_val, + STRERROR( save_errno ) ); + } + } + + return rc; +} + +/* + * Send an entry, recursively search its children, and free or save it. + * Return an LDAP result code. Parameters: + * op, rs operation and reply. rs == NULL for slap tools. + * e entry to search, or NULL for rootDSE. + * scope scope for the part of the search from this entry. + * path LDIF filename -- bv_len and non-directory part are overwritten. + */ +static int +ldif_search_entry( + Operation *op, + SlapReply *rs, + Entry *e, + int scope, + struct berval *path ) +{ + int rc = LDAP_SUCCESS; + struct berval dn = BER_BVC( "" ), ndn = BER_BVC( "" ); + + if ( scope != LDAP_SCOPE_BASE && e != NULL ) { + /* Copy DN/NDN since we send the entry with REP_ENTRY_MODIFIABLE, + * which bconfig.c seems to need. (TODO: see config_rename_one.) + */ + if ( ber_dupbv( &dn, &e->e_name ) == NULL || + ber_dupbv( &ndn, &e->e_nname ) == NULL ) + { + Debug( LDAP_DEBUG_ANY, + "ldif_search_entry: out of memory\n", 0, 0, 0 ); + rc = LDAP_OTHER; + goto done; + } + } + + /* Send the entry if appropriate, and free or save it */ + if ( e != NULL ) + rc = ldif_send_entry( op, rs, e, scope ); + + /* Search the children */ + if ( scope != LDAP_SCOPE_BASE && rc == LDAP_SUCCESS ) { + bvlist *list, *ptr; + struct berval fpath; /* becomes child pathname */ + char *dir_end; /* will point past dirname in fpath */ + + ldif2dir_len( *path ); + ldif2dir_name( *path ); + rc = ldif_readdir( op, rs, path, &list, &fpath.bv_len ); + + if ( list != NULL ) { + const char **text = rs == NULL ? NULL : &rs->sr_text; + + if ( scope == LDAP_SCOPE_ONELEVEL ) + scope = LDAP_SCOPE_BASE; + else if ( scope == LDAP_SCOPE_SUBORDINATE ) + scope = LDAP_SCOPE_SUBTREE; + + /* Allocate fpath and fill in directory part */ + dir_end = fullpath_alloc( &fpath, path, fpath.bv_len ); + if ( dir_end == NULL ) + rc = LDAP_OTHER; + + do { + ptr = list; + + if ( rc == LDAP_SUCCESS ) { + *ptr->trunc = ptr->savech; + FILL_PATH( &fpath, dir_end, BVL_NAME( ptr )); + + rc = ldif_read_entry( op, fpath.bv_val, &dn, &ndn, + &e, text ); + switch ( rc ) { + case LDAP_SUCCESS: + rc = ldif_search_entry( op, rs, e, scope, &fpath ); + break; + case LDAP_NO_SUCH_OBJECT: + /* Only the search baseDN may produce noSuchObject. */ + rc = LDAP_OTHER; + if ( rs != NULL ) + rs->sr_text = "internal error " + "(did someone just remove an entry file?)"; + Debug( LDAP_DEBUG_ANY, "ldif_search_entry: " + "file listed in parent directory does not exist: " + "\"%s\"\n", fpath.bv_val, 0, 0 ); + break; + } + } + + list = ptr->next; + SLAP_FREE( ptr ); + } while ( list != NULL ); + + if ( !BER_BVISNULL( &fpath ) ) + SLAP_FREE( fpath.bv_val ); + } + } + + done: + if ( !BER_BVISEMPTY( &dn ) ) + ber_memfree( dn.bv_val ); + if ( !BER_BVISEMPTY( &ndn ) ) + ber_memfree( ndn.bv_val ); + return rc; +} + +static int +search_tree( Operation *op, SlapReply *rs ) +{ + int rc = LDAP_SUCCESS; + Entry *e = NULL; + struct berval path; + struct berval pdn, pndn; + + (void) ndn2path( op, &op->o_req_ndn, &path, 1 ); + if ( !BER_BVISEMPTY( &op->o_req_ndn ) ) { + /* Read baseObject */ + dnParent( &op->o_req_dn, &pdn ); + dnParent( &op->o_req_ndn, &pndn ); + rc = ldif_read_entry( op, path.bv_val, &pdn, &pndn, &e, + rs == NULL ? NULL : &rs->sr_text ); + } + if ( rc == LDAP_SUCCESS ) + rc = ldif_search_entry( op, rs, e, op->ors_scope, &path ); + + ch_free( path.bv_val ); + return rc; +} + + +/* + * Prepare to create or rename an entry: + * Check that the entry does not already exist. + * Check that the parent entry exists and can have subordinates, + * unless need_dir is NULL or adding the suffix entry. + * + * Return an LDAP result code. May set *text to a message on failure. + * If success, set *dnpath to LDIF entry path and *need_dir to + * (directory must be created ? dirname : NULL). + */ +static int +ldif_prepare_create( + Operation *op, + Entry *e, + struct berval *dnpath, + char **need_dir, + const char **text ) +{ + struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private; + struct berval *ndn = &e->e_nname; + struct berval ppath = BER_BVNULL; + struct stat st; + Entry *parent = NULL; + int rc; + + if ( op->o_abandon ) + return SLAPD_ABANDON; + + rc = ndn2path( op, ndn, dnpath, 0 ); + if ( rc != LDAP_SUCCESS ) { + return rc; + } + + if ( stat( dnpath->bv_val, &st ) == 0 ) { /* entry .ldif file */ + rc = LDAP_ALREADY_EXISTS; + + } else if ( errno != ENOENT ) { + Debug( LDAP_DEBUG_ANY, + "ldif_prepare_create: cannot stat \"%s\": %s\n", + dnpath->bv_val, STRERROR( errno ), 0 ); + rc = LDAP_OTHER; + *text = "internal error (cannot check entry file)"; + + } else if ( need_dir != NULL ) { + *need_dir = NULL; + rc = get_parent_path( dnpath, &ppath ); + /* If parent dir exists, so does parent .ldif: + * The directory gets created after and removed before the .ldif. + * Except with the database directory, which has no matching entry. + */ + if ( rc == LDAP_SUCCESS && stat( ppath.bv_val, &st ) < 0 ) { + rc = errno == ENOENT && ppath.bv_len > li->li_base_path.bv_len + ? LDAP_NO_SUCH_OBJECT : LDAP_OTHER; + } + switch ( rc ) { + case LDAP_NO_SUCH_OBJECT: + /* No parent dir, check parent .ldif */ + dir2ldif_name( ppath ); + rc = ldif_read_entry( op, ppath.bv_val, NULL, NULL, + (op->o_tag != LDAP_REQ_ADD || get_manageDSAit( op ) + ? &parent : NULL), + text ); + switch ( rc ) { + case LDAP_SUCCESS: + /* Check that parent is not a referral, unless + * ldif_back_referrals() already checked. + */ + if ( parent != NULL ) { + int is_ref = is_entry_referral( parent ); + entry_free( parent ); + if ( is_ref ) { + rc = LDAP_AFFECTS_MULTIPLE_DSAS; + *text = op->o_tag == LDAP_REQ_MODDN + ? "newSuperior is a referral object" + : "parent is a referral object"; + break; + } + } + /* Must create parent directory. */ + ldif2dir_name( ppath ); + *need_dir = ppath.bv_val; + break; + case LDAP_NO_SUCH_OBJECT: + *text = op->o_tag == LDAP_REQ_MODDN + ? "newSuperior object does not exist" + : "parent does not exist"; + break; + } + break; + case LDAP_OTHER: + Debug( LDAP_DEBUG_ANY, + "ldif_prepare_create: cannot stat \"%s\" parent dir: %s\n", + ndn->bv_val, STRERROR( errno ), 0 ); + *text = "internal error (cannot stat parent dir)"; + break; + } + if ( *need_dir == NULL && ppath.bv_val != NULL ) + SLAP_FREE( ppath.bv_val ); + } + + if ( rc != LDAP_SUCCESS ) { + SLAP_FREE( dnpath->bv_val ); + BER_BVZERO( dnpath ); + } + return rc; +} + +static int +apply_modify_to_entry( + Entry *entry, + Modifications *modlist, + Operation *op, + SlapReply *rs, + char *textbuf ) +{ + int rc = modlist ? LDAP_UNWILLING_TO_PERFORM : LDAP_SUCCESS; + int is_oc = 0; + Modification *mods; + + if (!acl_check_modlist(op, entry, modlist)) { + return LDAP_INSUFFICIENT_ACCESS; + } + + for (; modlist != NULL; modlist = modlist->sml_next) { + mods = &modlist->sml_mod; + + if ( mods->sm_desc == slap_schema.si_ad_objectClass ) { + is_oc = 1; + } + switch (mods->sm_op) { + case LDAP_MOD_ADD: + rc = modify_add_values(entry, mods, + get_permissiveModify(op), + &rs->sr_text, textbuf, + SLAP_TEXT_BUFLEN ); + break; + + case LDAP_MOD_DELETE: + rc = modify_delete_values(entry, mods, + get_permissiveModify(op), + &rs->sr_text, textbuf, + SLAP_TEXT_BUFLEN ); + break; + + case LDAP_MOD_REPLACE: + rc = modify_replace_values(entry, mods, + get_permissiveModify(op), + &rs->sr_text, textbuf, + SLAP_TEXT_BUFLEN ); + break; + + case LDAP_MOD_INCREMENT: + rc = modify_increment_values( entry, + mods, get_permissiveModify(op), + &rs->sr_text, textbuf, + SLAP_TEXT_BUFLEN ); + break; + + case SLAP_MOD_SOFTADD: + mods->sm_op = LDAP_MOD_ADD; + rc = modify_add_values(entry, mods, + get_permissiveModify(op), + &rs->sr_text, textbuf, + SLAP_TEXT_BUFLEN ); + mods->sm_op = SLAP_MOD_SOFTADD; + if (rc == LDAP_TYPE_OR_VALUE_EXISTS) { + rc = LDAP_SUCCESS; + } + break; + + case SLAP_MOD_SOFTDEL: + mods->sm_op = LDAP_MOD_DELETE; + rc = modify_delete_values(entry, mods, + get_permissiveModify(op), + &rs->sr_text, textbuf, + SLAP_TEXT_BUFLEN ); + mods->sm_op = SLAP_MOD_SOFTDEL; + if (rc == LDAP_NO_SUCH_ATTRIBUTE) { + rc = LDAP_SUCCESS; + } + break; + + case SLAP_MOD_ADD_IF_NOT_PRESENT: + if ( attr_find( entry->e_attrs, mods->sm_desc ) ) { + rc = LDAP_SUCCESS; + break; + } + mods->sm_op = LDAP_MOD_ADD; + rc = modify_add_values(entry, mods, + get_permissiveModify(op), + &rs->sr_text, textbuf, + SLAP_TEXT_BUFLEN ); + mods->sm_op = SLAP_MOD_ADD_IF_NOT_PRESENT; + break; + } + if(rc != LDAP_SUCCESS) break; + } + + if ( rc == LDAP_SUCCESS ) { + rs->sr_text = NULL; /* Needed at least with SLAP_MOD_SOFTADD */ + if ( is_oc ) { + entry->e_ocflags = 0; + } + /* check that the entry still obeys the schema */ + rc = entry_schema_check( op, entry, NULL, 0, 0, NULL, + &rs->sr_text, textbuf, SLAP_TEXT_BUFLEN ); + } + + return rc; +} + + +static int +ldif_back_referrals( Operation *op, SlapReply *rs ) +{ + struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private; + struct berval path, dn = op->o_req_dn, ndn = op->o_req_ndn; + ber_len_t min_dnlen; + Entry *entry = NULL, **entryp; + BerVarray ref; + int rc; + + min_dnlen = op->o_bd->be_nsuffix[0].bv_len; + if ( min_dnlen == 0 ) { + /* Catch root DSE (empty DN), it is not a referral */ + min_dnlen = 1; + } + if ( ndn2path( op, &ndn, &path, 0 ) != LDAP_SUCCESS ) { + return LDAP_SUCCESS; /* Root DSE again */ + } + + entryp = get_manageDSAit( op ) ? NULL : &entry; + ldap_pvt_thread_rdwr_rlock( &li->li_rdwr ); + + for (;;) { + dnParent( &dn, &dn ); + dnParent( &ndn, &ndn ); + rc = ldif_read_entry( op, path.bv_val, &dn, &ndn, + entryp, &rs->sr_text ); + if ( rc != LDAP_NO_SUCH_OBJECT ) + break; + + rc = LDAP_SUCCESS; + if ( ndn.bv_len < min_dnlen ) + break; + (void) get_parent_path( &path, NULL ); + dir2ldif_name( path ); + entryp = &entry; + } + + ldap_pvt_thread_rdwr_runlock( &li->li_rdwr ); + SLAP_FREE( path.bv_val ); + + if ( entry != NULL ) { + if ( is_entry_referral( entry ) ) { + Debug( LDAP_DEBUG_TRACE, + "ldif_back_referrals: tag=%lu target=\"%s\" matched=\"%s\"\n", + (unsigned long) op->o_tag, op->o_req_dn.bv_val, entry->e_dn ); + + ref = get_entry_referrals( op, entry ); + rs->sr_ref = referral_rewrite( ref, &entry->e_name, &op->o_req_dn, + op->o_tag == LDAP_REQ_SEARCH ? + op->ors_scope : LDAP_SCOPE_DEFAULT ); + ber_bvarray_free( ref ); + + if ( rs->sr_ref != NULL ) { + /* send referral */ + rc = rs->sr_err = LDAP_REFERRAL; + rs->sr_matched = entry->e_dn; + send_ldap_result( op, rs ); + ber_bvarray_free( rs->sr_ref ); + rs->sr_ref = NULL; + } else { + rc = LDAP_OTHER; + rs->sr_text = "bad referral object"; + } + rs->sr_matched = NULL; + } + + entry_free( entry ); + } + + return rc; +} + + +/* LDAP operations */ + +static int +ldif_back_bind( Operation *op, SlapReply *rs ) +{ + struct ldif_info *li; + Attribute *a; + AttributeDescription *password = slap_schema.si_ad_userPassword; + int return_val; + Entry *entry = NULL; + + switch ( be_rootdn_bind( op, rs ) ) { + case SLAP_CB_CONTINUE: + break; + + default: + /* in case of success, front end will send result; + * otherwise, be_rootdn_bind() did */ + return rs->sr_err; + } + + li = (struct ldif_info *) op->o_bd->be_private; + ldap_pvt_thread_rdwr_rlock(&li->li_rdwr); + return_val = get_entry(op, &entry, NULL, NULL); + + /* no object is found for them */ + if(return_val != LDAP_SUCCESS) { + rs->sr_err = return_val = LDAP_INVALID_CREDENTIALS; + goto return_result; + } + + /* they don't have userpassword */ + if((a = attr_find(entry->e_attrs, password)) == NULL) { + rs->sr_err = LDAP_INAPPROPRIATE_AUTH; + return_val = 1; + goto return_result; + } + + /* authentication actually failed */ + if(slap_passwd_check(op, entry, a, &op->oq_bind.rb_cred, + &rs->sr_text) != 0) { + rs->sr_err = LDAP_INVALID_CREDENTIALS; + return_val = 1; + goto return_result; + } + + /* let the front-end send success */ + return_val = LDAP_SUCCESS; + + return_result: + ldap_pvt_thread_rdwr_runlock(&li->li_rdwr); + if(return_val != LDAP_SUCCESS) + send_ldap_result( op, rs ); + if(entry != NULL) + entry_free(entry); + return return_val; +} + +static int +ldif_back_search( Operation *op, SlapReply *rs ) +{ + struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private; + + ldap_pvt_thread_rdwr_rlock(&li->li_rdwr); + rs->sr_err = search_tree( op, rs ); + ldap_pvt_thread_rdwr_runlock(&li->li_rdwr); + send_ldap_result(op, rs); + + return rs->sr_err; +} + +static int +ldif_back_add( Operation *op, SlapReply *rs ) +{ + struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private; + Entry * e = op->ora_e; + struct berval path; + char *parentdir; + char textbuf[SLAP_TEXT_BUFLEN]; + int rc; + + Debug( LDAP_DEBUG_TRACE, "ldif_back_add: \"%s\"\n", e->e_dn, 0, 0 ); + + rc = entry_schema_check( op, e, NULL, 0, 1, NULL, + &rs->sr_text, textbuf, sizeof( textbuf ) ); + if ( rc != LDAP_SUCCESS ) + goto send_res; + + rc = slap_add_opattrs( op, &rs->sr_text, textbuf, sizeof( textbuf ), 1 ); + if ( rc != LDAP_SUCCESS ) + goto send_res; + + ldap_pvt_thread_mutex_lock( &li->li_modop_mutex ); + + rc = ldif_prepare_create( op, e, &path, &parentdir, &rs->sr_text ); + if ( rc == LDAP_SUCCESS ) { + ldap_pvt_thread_rdwr_wlock( &li->li_rdwr ); + rc = ldif_write_entry( op, e, &path, parentdir, &rs->sr_text ); + ldap_pvt_thread_rdwr_wunlock( &li->li_rdwr ); + + SLAP_FREE( path.bv_val ); + if ( parentdir != NULL ) + SLAP_FREE( parentdir ); + } + + ldap_pvt_thread_mutex_unlock( &li->li_modop_mutex ); + + send_res: + rs->sr_err = rc; + Debug( LDAP_DEBUG_TRACE, "ldif_back_add: err: %d text: %s\n", + rc, rs->sr_text ? rs->sr_text : "", 0 ); + send_ldap_result( op, rs ); + slap_graduate_commit_csn( op ); + rs->sr_text = NULL; /* remove possible pointer to textbuf */ + return rs->sr_err; +} + +static int +ldif_back_modify( Operation *op, SlapReply *rs ) +{ + struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private; + Modifications * modlst = op->orm_modlist; + struct berval path; + Entry *entry; + char textbuf[SLAP_TEXT_BUFLEN]; + int rc; + + slap_mods_opattrs( op, &op->orm_modlist, 1 ); + + ldap_pvt_thread_mutex_lock( &li->li_modop_mutex ); + + rc = get_entry( op, &entry, &path, &rs->sr_text ); + if ( rc == LDAP_SUCCESS ) { + rc = apply_modify_to_entry( entry, modlst, op, rs, textbuf ); + if ( rc == LDAP_SUCCESS ) { + ldap_pvt_thread_rdwr_wlock( &li->li_rdwr ); + rc = ldif_write_entry( op, entry, &path, NULL, &rs->sr_text ); + ldap_pvt_thread_rdwr_wunlock( &li->li_rdwr ); + } + + entry_free( entry ); + SLAP_FREE( path.bv_val ); + } + + ldap_pvt_thread_mutex_unlock( &li->li_modop_mutex ); + + rs->sr_err = rc; + send_ldap_result( op, rs ); + slap_graduate_commit_csn( op ); + rs->sr_text = NULL; /* remove possible pointer to textbuf */ + return rs->sr_err; +} + +static int +ldif_back_delete( Operation *op, SlapReply *rs ) +{ + struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private; + struct berval path; + int rc = LDAP_SUCCESS; + + if ( BER_BVISEMPTY( &op->o_csn )) { + struct berval csn; + char csnbuf[LDAP_PVT_CSNSTR_BUFSIZE]; + + csn.bv_val = csnbuf; + csn.bv_len = sizeof( csnbuf ); + slap_get_csn( op, &csn, 1 ); + } + + ldap_pvt_thread_mutex_lock( &li->li_modop_mutex ); + ldap_pvt_thread_rdwr_wlock( &li->li_rdwr ); + if ( op->o_abandon ) { + rc = SLAPD_ABANDON; + goto done; + } + + rc = ndn2path( op, &op->o_req_ndn, &path, 0 ); + if ( rc != LDAP_SUCCESS ) { + goto done; + } + + ldif2dir_len( path ); + ldif2dir_name( path ); + if ( rmdir( path.bv_val ) < 0 ) { + switch ( errno ) { + case ENOTEMPTY: + rc = LDAP_NOT_ALLOWED_ON_NONLEAF; + break; + case ENOENT: + /* is leaf, go on */ + break; + default: + rc = LDAP_OTHER; + rs->sr_text = "internal error (cannot delete subtree directory)"; + break; + } + } + + if ( rc == LDAP_SUCCESS ) { + dir2ldif_name( path ); + if ( unlink( path.bv_val ) < 0 ) { + rc = LDAP_NO_SUCH_OBJECT; + if ( errno != ENOENT ) { + rc = LDAP_OTHER; + rs->sr_text = "internal error (cannot delete entry file)"; + } + } + } + + if ( rc == LDAP_OTHER ) { + Debug( LDAP_DEBUG_ANY, "ldif_back_delete: %s \"%s\": %s\n", + "cannot delete", path.bv_val, STRERROR( errno ) ); + } + + SLAP_FREE( path.bv_val ); + done: + ldap_pvt_thread_rdwr_wunlock( &li->li_rdwr ); + ldap_pvt_thread_mutex_unlock( &li->li_modop_mutex ); + rs->sr_err = rc; + send_ldap_result( op, rs ); + slap_graduate_commit_csn( op ); + return rs->sr_err; +} + + +static int +ldif_move_entry( + Operation *op, + Entry *entry, + int same_ndn, + struct berval *oldpath, + const char **text ) +{ + struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private; + struct berval newpath; + char *parentdir = NULL, *trash; + int rc, rename_res; + + if ( same_ndn ) { + rc = LDAP_SUCCESS; + newpath = *oldpath; + } else { + rc = ldif_prepare_create( op, entry, &newpath, + op->orr_newSup ? &parentdir : NULL, text ); + } + + if ( rc == LDAP_SUCCESS ) { + ldap_pvt_thread_rdwr_wlock( &li->li_rdwr ); + + rc = ldif_write_entry( op, entry, &newpath, parentdir, text ); + if ( rc == LDAP_SUCCESS && !same_ndn ) { + trash = oldpath->bv_val; /* will be .ldif file to delete */ + ldif2dir_len( newpath ); + ldif2dir_len( *oldpath ); + /* Move subdir before deleting old entry, + * so .ldif always exists if subdir does. + */ + ldif2dir_name( newpath ); + ldif2dir_name( *oldpath ); + rename_res = move_dir( oldpath->bv_val, newpath.bv_val ); + if ( rename_res != 0 && errno != ENOENT ) { + rc = LDAP_OTHER; + *text = "internal error (cannot move this subtree)"; + trash = newpath.bv_val; + } + + /* Delete old entry, or if error undo change */ + for (;;) { + dir2ldif_name( newpath ); + dir2ldif_name( *oldpath ); + if ( unlink( trash ) == 0 ) + break; + if ( rc == LDAP_SUCCESS ) { + /* Prepare to undo change and return failure */ + rc = LDAP_OTHER; + *text = "internal error (cannot move this entry)"; + trash = newpath.bv_val; + if ( rename_res != 0 ) + continue; + /* First move subdirectory back */ + ldif2dir_name( newpath ); + ldif2dir_name( *oldpath ); + if ( move_dir( newpath.bv_val, oldpath->bv_val ) == 0 ) + continue; + } + *text = "added new but couldn't delete old entry!"; + break; + } + + if ( rc != LDAP_SUCCESS ) { + char s[128]; + snprintf( s, sizeof s, "%s (%s)", *text, STRERROR( errno )); + Debug( LDAP_DEBUG_ANY, + "ldif_move_entry: %s: \"%s\" -> \"%s\"\n", + s, op->o_req_dn.bv_val, entry->e_dn ); + } + } + + ldap_pvt_thread_rdwr_wunlock( &li->li_rdwr ); + if ( !same_ndn ) + SLAP_FREE( newpath.bv_val ); + if ( parentdir != NULL ) + SLAP_FREE( parentdir ); + } + + return rc; +} + +static int +ldif_back_modrdn( Operation *op, SlapReply *rs ) +{ + struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private; + struct berval new_dn = BER_BVNULL, new_ndn = BER_BVNULL; + struct berval p_dn, old_path; + Entry *entry; + char textbuf[SLAP_TEXT_BUFLEN]; + int rc, same_ndn; + + slap_mods_opattrs( op, &op->orr_modlist, 1 ); + + ldap_pvt_thread_mutex_lock( &li->li_modop_mutex ); + + rc = get_entry( op, &entry, &old_path, &rs->sr_text ); + if ( rc == LDAP_SUCCESS ) { + /* build new dn, and new ndn for the entry */ + if ( op->oq_modrdn.rs_newSup != NULL ) { + p_dn = *op->oq_modrdn.rs_newSup; + } else { + dnParent( &entry->e_name, &p_dn ); + } + build_new_dn( &new_dn, &p_dn, &op->oq_modrdn.rs_newrdn, NULL ); + dnNormalize( 0, NULL, NULL, &new_dn, &new_ndn, NULL ); + same_ndn = !ber_bvcmp( &entry->e_nname, &new_ndn ); + ber_memfree_x( entry->e_name.bv_val, NULL ); + ber_memfree_x( entry->e_nname.bv_val, NULL ); + entry->e_name = new_dn; + entry->e_nname = new_ndn; + + /* perform the modifications */ + rc = apply_modify_to_entry( entry, op->orr_modlist, op, rs, textbuf ); + if ( rc == LDAP_SUCCESS ) + rc = ldif_move_entry( op, entry, same_ndn, &old_path, + &rs->sr_text ); + + entry_free( entry ); + SLAP_FREE( old_path.bv_val ); + } + + ldap_pvt_thread_mutex_unlock( &li->li_modop_mutex ); + rs->sr_err = rc; + send_ldap_result( op, rs ); + slap_graduate_commit_csn( op ); + rs->sr_text = NULL; /* remove possible pointer to textbuf */ + return rs->sr_err; +} + + +/* Return LDAP_SUCCESS IFF we retrieve the specified entry. */ +static int +ldif_back_entry_get( + Operation *op, + struct berval *ndn, + ObjectClass *oc, + AttributeDescription *at, + int rw, + Entry **e ) +{ + struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private; + struct berval op_dn = op->o_req_dn, op_ndn = op->o_req_ndn; + int rc; + + assert( ndn != NULL ); + assert( !BER_BVISNULL( ndn ) ); + + ldap_pvt_thread_rdwr_rlock( &li->li_rdwr ); + op->o_req_dn = *ndn; + op->o_req_ndn = *ndn; + rc = get_entry( op, e, NULL, NULL ); + op->o_req_dn = op_dn; + op->o_req_ndn = op_ndn; + ldap_pvt_thread_rdwr_runlock( &li->li_rdwr ); + + if ( rc == LDAP_SUCCESS && oc && !is_entry_objectclass_or_sub( *e, oc ) ) { + rc = LDAP_NO_SUCH_ATTRIBUTE; + entry_free( *e ); + *e = NULL; + } + + return rc; +} + + +/* Slap tools */ + +static int +ldif_tool_entry_open( BackendDB *be, int mode ) +{ + struct ldif_tool *tl = &((struct ldif_info *) be->be_private)->li_tool; + + tl->ecurrent = 0; + return 0; +} + +static int +ldif_tool_entry_close( BackendDB *be ) +{ + struct ldif_tool *tl = &((struct ldif_info *) be->be_private)->li_tool; + Entry **entries = tl->entries; + ID i; + + for ( i = tl->ecount; i--; ) + if ( entries[i] ) + entry_free( entries[i] ); + SLAP_FREE( entries ); + tl->entries = NULL; + tl->ecount = tl->elen = 0; + return 0; +} + +static ID +ldif_tool_entry_next( BackendDB *be ) +{ + struct ldif_tool *tl = &((struct ldif_info *) be->be_private)->li_tool; + + do { + Entry *e = tl->entries[ tl->ecurrent ]; + + if ( tl->ecurrent >= tl->ecount ) { + return NOID; + } + + ++tl->ecurrent; + + if ( tl->tl_base && !dnIsSuffixScope( &e->e_nname, tl->tl_base, tl->tl_scope ) ) { + continue; + } + + if ( tl->tl_filter && test_filter( NULL, e, tl->tl_filter ) != LDAP_COMPARE_TRUE ) { + continue; + } + + break; + } while ( 1 ); + + return tl->ecurrent; +} + +static ID +ldif_tool_entry_first_x( BackendDB *be, struct berval *base, int scope, Filter *f ) +{ + struct ldif_tool *tl = &((struct ldif_info *) be->be_private)->li_tool; + + tl->tl_base = base; + tl->tl_scope = scope; + tl->tl_filter = f; + + if ( tl->entries == NULL ) { + Operation op = {0}; + + op.o_bd = be; + op.o_req_dn = *be->be_suffix; + op.o_req_ndn = *be->be_nsuffix; + op.ors_scope = LDAP_SCOPE_SUBTREE; + if ( search_tree( &op, NULL ) != LDAP_SUCCESS ) { + tl->ecurrent = tl->ecount; /* fail ldif_tool_entry_next() */ + return NOID; /* fail ldif_tool_entry_get() */ + } + } + return ldif_tool_entry_next( be ); +} + +static Entry * +ldif_tool_entry_get( BackendDB *be, ID id ) +{ + struct ldif_tool *tl = &((struct ldif_info *) be->be_private)->li_tool; + Entry *e = NULL; + + --id; + if ( id < tl->ecount ) { + e = tl->entries[id]; + tl->entries[id] = NULL; + } + return e; +} + +static ID +ldif_tool_entry_put( BackendDB *be, Entry *e, struct berval *text ) +{ + int rc; + const char *errmsg = NULL; + struct berval path; + char *parentdir; + Operation op = {0}; + + op.o_bd = be; + rc = ldif_prepare_create( &op, e, &path, &parentdir, &errmsg ); + if ( rc == LDAP_SUCCESS ) { + rc = ldif_write_entry( &op, e, &path, parentdir, &errmsg ); + + SLAP_FREE( path.bv_val ); + if ( parentdir != NULL ) + SLAP_FREE( parentdir ); + if ( rc == LDAP_SUCCESS ) + return 1; + } + + if ( errmsg == NULL && rc != LDAP_OTHER ) + errmsg = ldap_err2string( rc ); + if ( errmsg != NULL ) + snprintf( text->bv_val, text->bv_len, "%s", errmsg ); + return NOID; +} + + +/* Setup */ + +static int +ldif_back_db_init( BackendDB *be, ConfigReply *cr ) +{ + struct ldif_info *li; + + li = ch_calloc( 1, sizeof(struct ldif_info) ); + be->be_private = li; + be->be_cf_ocs = ldifocs; + ldap_pvt_thread_mutex_init( &li->li_modop_mutex ); + ldap_pvt_thread_rdwr_init( &li->li_rdwr ); + SLAP_DBFLAGS( be ) |= SLAP_DBFLAG_ONE_SUFFIX; + return 0; +} + +static int +ldif_back_db_destroy( Backend *be, ConfigReply *cr ) +{ + struct ldif_info *li = be->be_private; + + ch_free( li->li_base_path.bv_val ); + ldap_pvt_thread_rdwr_destroy( &li->li_rdwr ); + ldap_pvt_thread_mutex_destroy( &li->li_modop_mutex ); + free( be->be_private ); + return 0; +} + +static int +ldif_back_db_open( Backend *be, ConfigReply *cr ) +{ + struct ldif_info *li = (struct ldif_info *) be->be_private; + if( BER_BVISEMPTY(&li->li_base_path)) {/* missing base path */ + Debug( LDAP_DEBUG_ANY, "missing base path for back-ldif\n", 0, 0, 0); + return 1; + } + return 0; +} + +int +ldif_back_initialize( BackendInfo *bi ) +{ + static char *controls[] = { + LDAP_CONTROL_MANAGEDSAIT, + NULL + }; + int rc; + + bi->bi_flags |= + SLAP_BFLAG_INCREMENT | + SLAP_BFLAG_REFERRALS; + + bi->bi_controls = controls; + + bi->bi_open = 0; + bi->bi_close = 0; + bi->bi_config = 0; + bi->bi_destroy = 0; + + bi->bi_db_init = ldif_back_db_init; + bi->bi_db_config = config_generic_wrapper; + bi->bi_db_open = ldif_back_db_open; + bi->bi_db_close = 0; + bi->bi_db_destroy = ldif_back_db_destroy; + + bi->bi_op_bind = ldif_back_bind; + bi->bi_op_unbind = 0; + bi->bi_op_search = ldif_back_search; + bi->bi_op_compare = 0; + bi->bi_op_modify = ldif_back_modify; + bi->bi_op_modrdn = ldif_back_modrdn; + bi->bi_op_add = ldif_back_add; + bi->bi_op_delete = ldif_back_delete; + bi->bi_op_abandon = 0; + + bi->bi_extended = 0; + + bi->bi_chk_referrals = ldif_back_referrals; + + bi->bi_connection_init = 0; + bi->bi_connection_destroy = 0; + + bi->bi_entry_get_rw = ldif_back_entry_get; + +#if 0 /* NOTE: uncomment to completely disable access control */ + bi->bi_access_allowed = slap_access_always_allowed; +#endif + + bi->bi_tool_entry_open = ldif_tool_entry_open; + bi->bi_tool_entry_close = ldif_tool_entry_close; + bi->bi_tool_entry_first = backend_tool_entry_first; + bi->bi_tool_entry_first_x = ldif_tool_entry_first_x; + bi->bi_tool_entry_next = ldif_tool_entry_next; + bi->bi_tool_entry_get = ldif_tool_entry_get; + bi->bi_tool_entry_put = ldif_tool_entry_put; + bi->bi_tool_entry_reindex = 0; + bi->bi_tool_sync = 0; + + bi->bi_tool_dn2id_get = 0; + bi->bi_tool_entry_modify = 0; + + bi->bi_cf_ocs = ldifocs; + + rc = config_register_schema( ldifcfg, ldifocs ); + if ( rc ) return rc; + return 0; +} |