/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software .
*
* Copyright 1999-2024 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* .
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by the Howard Chu for inclusion
* in OpenLDAP Software and subsequently enhanced by Pierangelo
* Masarati.
*/
#include "portable.h"
#include
#include "ac/string.h"
#include "slap.h"
#include "../back-ldap/back-ldap.h"
#include "back-meta.h"
/*
* The meta-directory has one suffix, called .
* It handles a pool of target servers, each with a branch suffix
* of the form ,, where may be empty.
*
* When the meta-directory receives a request with a request DN that belongs
* to a branch, the corresponding target is invoked. When the request DN
* does not belong to a specific branch, all the targets that
* are compatible with the request DN are selected as candidates, and
* the request is spawned to all the candidate targets
*
* A request is characterized by a request DN. The following cases are
* handled:
* - the request DN is the suffix: == ,
* all the targets are candidates (search ...)
* - the request DN is a branch suffix: == ,, or
* - the request DN is a subtree of a branch suffix:
* == ,,,
* the target is the only candidate.
*
* A possible extension will include the handling of multiple suffixes
*/
static metasubtree_t *
meta_subtree_match( metatarget_t *mt, struct berval *ndn, int scope )
{
metasubtree_t *ms = mt->mt_subtree;
for ( ms = mt->mt_subtree; ms; ms = ms->ms_next ) {
switch ( ms->ms_type ) {
case META_ST_SUBTREE:
if ( dnIsSuffix( ndn, &ms->ms_dn ) ) {
return ms;
}
break;
case META_ST_SUBORDINATE:
if ( dnIsSuffix( ndn, &ms->ms_dn ) &&
( ndn->bv_len > ms->ms_dn.bv_len || scope != LDAP_SCOPE_BASE ) )
{
return ms;
}
break;
case META_ST_REGEX:
/* NOTE: cannot handle scope */
if ( regexec( &ms->ms_regex, ndn->bv_val, 0, NULL, 0 ) == 0 ) {
return ms;
}
break;
}
}
return NULL;
}
/*
* returns 1 if suffix is candidate for dn, otherwise 0
*
* Note: this function should never be called if dn is the .
*/
int
meta_back_is_candidate(
metatarget_t *mt,
struct berval *ndn,
int scope )
{
struct berval rdn;
int d = ndn->bv_len - mt->mt_nsuffix.bv_len;
if ( d >= 0 ) {
if ( !dnIsSuffix( ndn, &mt->mt_nsuffix ) ) {
return META_NOT_CANDIDATE;
}
/*
* | match | exclude |
* +---------+---------+-------------------+
* | T | T | not candidate |
* | F | T | continue checking |
* +---------+---------+-------------------+
* | T | F | candidate |
* | F | F | not candidate |
* +---------+---------+-------------------+
*/
if ( mt->mt_subtree ) {
int match = ( meta_subtree_match( mt, ndn, scope ) != NULL );
if ( !mt->mt_subtree_exclude ) {
return match ? META_CANDIDATE : META_NOT_CANDIDATE;
}
if ( match /* && mt->mt_subtree_exclude */ ) {
return META_NOT_CANDIDATE;
}
}
switch ( mt->mt_scope ) {
case LDAP_SCOPE_SUBTREE:
default:
return META_CANDIDATE;
case LDAP_SCOPE_SUBORDINATE:
if ( d > 0 ) {
return META_CANDIDATE;
}
break;
/* nearly useless; not allowed by config */
case LDAP_SCOPE_ONELEVEL:
if ( d > 0 ) {
rdn.bv_val = ndn->bv_val;
rdn.bv_len = (ber_len_t)d - STRLENOF( "," );
if ( dnIsOneLevelRDN( &rdn ) ) {
return META_CANDIDATE;
}
}
break;
/* nearly useless; not allowed by config */
case LDAP_SCOPE_BASE:
if ( d == 0 ) {
return META_CANDIDATE;
}
break;
}
} else /* if ( d < 0 ) */ {
if ( !dnIsSuffix( &mt->mt_nsuffix, ndn ) ) {
return META_NOT_CANDIDATE;
}
switch ( scope ) {
case LDAP_SCOPE_SUBTREE:
case LDAP_SCOPE_SUBORDINATE:
/*
* suffix longer than dn, but common part matches
*/
return META_CANDIDATE;
case LDAP_SCOPE_ONELEVEL:
rdn.bv_val = mt->mt_nsuffix.bv_val;
rdn.bv_len = (ber_len_t)(-d) - STRLENOF( "," );
if ( dnIsOneLevelRDN( &rdn ) ) {
return META_CANDIDATE;
}
break;
}
}
return META_NOT_CANDIDATE;
}
/*
* meta_back_select_unique_candidate
*
* returns the index of the candidate in case it is unique, otherwise
* META_TARGET_NONE if none matches, or
* META_TARGET_MULTIPLE if more than one matches
* Note: ndn MUST be normalized.
*/
int
meta_back_select_unique_candidate(
metainfo_t *mi,
struct berval *ndn )
{
int i, candidate = META_TARGET_NONE;
for ( i = 0; i < mi->mi_ntargets; i++ ) {
metatarget_t *mt = mi->mi_targets[ i ];
if ( meta_back_is_candidate( mt, ndn, LDAP_SCOPE_BASE ) ) {
if ( candidate == META_TARGET_NONE ) {
candidate = i;
} else {
return META_TARGET_MULTIPLE;
}
}
}
return candidate;
}
/*
* meta_clear_unused_candidates
*
* clears all candidates except candidate
*/
int
meta_clear_unused_candidates(
Operation *op,
int candidate,
SlapReply *candidates )
{
metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
int i;
for ( i = 0; i < mi->mi_ntargets; ++i ) {
if ( i == candidate ) {
continue;
}
META_CANDIDATE_RESET( &candidates[ i ] );
}
return 0;
}
/*
* meta_clear_one_candidate
*
* clears the selected candidate
*/
int
meta_clear_one_candidate(
Operation *op,
metaconn_t *mc,
int candidate )
{
metasingleconn_t *msc = &mc->mc_conns[ candidate ];
if ( msc->msc_ld != NULL ) {
#ifdef DEBUG_205
Debug(LDAP_DEBUG_ANY,
"### %s meta_clear_one_candidate ldap_unbind_ext[%d] mc=%p ld=%p\n",
op ? op->o_log_prefix : "", candidate, (void *)mc,
(void *)msc->msc_ld );
#endif /* DEBUG_205 */
ldap_unbind_ext( msc->msc_ld, NULL, NULL );
msc->msc_ld = NULL;
}
if ( !BER_BVISNULL( &msc->msc_bound_ndn ) ) {
ber_memfree_x( msc->msc_bound_ndn.bv_val, NULL );
BER_BVZERO( &msc->msc_bound_ndn );
}
if ( !BER_BVISNULL( &msc->msc_cred ) ) {
memset( msc->msc_cred.bv_val, 0, msc->msc_cred.bv_len );
ber_memfree_x( msc->msc_cred.bv_val, NULL );
BER_BVZERO( &msc->msc_cred );
}
msc->msc_mscflags = 0;
return 0;
}