/* sssvlv.c - server side sort / virtual list view */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software .
*
* Copyright 2009-2024 The OpenLDAP Foundation.
* Portions copyright 2009 Symas Corporation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* .
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Howard Chu for inclusion in
* OpenLDAP Software. Support for multiple sorts per connection added
* by Raphael Ouazana.
*/
#include "portable.h"
#ifdef SLAPD_OVER_SSSVLV
#include
#include
#include
#include
#include "slap.h"
#include "lutil.h"
#include "slap-config.h"
#include "../../../libraries/liblber/lber-int.h" /* ber_rewind */
/* RFC2891: Server Side Sorting
* RFC2696: Paged Results
*/
#ifndef LDAP_MATCHRULE_IDENTIFIER
#define LDAP_MATCHRULE_IDENTIFIER 0x80L
#define LDAP_REVERSEORDER_IDENTIFIER 0x81L
#define LDAP_ATTRTYPES_IDENTIFIER 0x80L
#endif
/* draft-ietf-ldapext-ldapv3-vlv-09.txt: Virtual List Views
*/
#ifndef LDAP_VLVBYINDEX_IDENTIFIER
#define LDAP_VLVBYINDEX_IDENTIFIER 0xa0L
#define LDAP_VLVBYVALUE_IDENTIFIER 0x81L
#define LDAP_VLVCONTEXT_IDENTIFIER 0x04L
#define LDAP_VLV_SSS_MISSING 0x4C
#define LDAP_VLV_RANGE_ERROR 0x4D
#endif
#define SAFESTR(macro_str, macro_def) ((macro_str) ? (macro_str) : (macro_def))
#define SSSVLV_DEFAULT_MAX_KEYS 5
#define SSSVLV_DEFAULT_MAX_REQUEST_PER_CONN 5
#define NO_PS_COOKIE (PagedResultsCookie) -1
#define NO_VC_CONTEXT (unsigned long) -1
typedef struct vlv_ctrl {
int vc_before;
int vc_after;
int vc_offset;
int vc_count;
struct berval vc_value;
unsigned long vc_context;
} vlv_ctrl;
typedef struct sort_key
{
AttributeDescription *sk_ad;
MatchingRule *sk_ordering;
int sk_direction; /* 1=normal, -1=reverse */
} sort_key;
typedef struct sort_ctrl {
int sc_nkeys;
sort_key sc_keys[1];
} sort_ctrl;
typedef struct sort_node
{
int sn_conn;
int sn_session;
struct berval sn_dn;
struct berval *sn_vals;
} sort_node;
typedef struct sssvlv_info
{
int svi_max; /* max concurrent sorts */
int svi_num; /* current # sorts */
int svi_max_keys; /* max sort keys per request */
int svi_max_percon; /* max concurrent sorts per con */
} sssvlv_info;
typedef struct sort_op
{
TAvlnode *so_tree;
sort_ctrl *so_ctrl;
sssvlv_info *so_info;
int so_paged;
int so_page_size;
int so_nentries;
int so_vlv;
int so_vlv_rc;
int so_vlv_target;
int so_session;
unsigned long so_vcontext;
int so_running;
} sort_op;
/* There is only one conn table for all overlay instances */
/* Each conn can handle one session by context */
static sort_op ***sort_conns;
static ldap_pvt_thread_mutex_t sort_conns_mutex;
static int ov_count;
static const char *debug_header = "sssvlv";
static int sss_cid;
static int vlv_cid;
/* RFC 2981 Section 2.2
* If a sort key is a multi-valued attribute, and an entry happens to
* have multiple values for that attribute and no other controls are
* present that affect the sorting order, then the server SHOULD use the
* least value (according to the ORDERING rule for that attribute).
*/
static struct berval* select_value(
Attribute *attr,
sort_key *key )
{
struct berval* ber1, *ber2;
MatchingRule *mr = key->sk_ordering;
unsigned i;
int cmp;
ber1 = &(attr->a_nvals[0]);
ber2 = ber1+1;
for ( i = 1; i < attr->a_numvals; i++,ber2++ ) {
mr->smr_match( &cmp, 0, mr->smr_syntax, mr, ber1, ber2 );
if ( cmp > 0 ) {
ber1 = ber2;
}
}
Debug(LDAP_DEBUG_TRACE, "%s: value selected for compare: %s\n",
debug_header,
SAFESTR(ber1->bv_val, "") );
return ber1;
}
static int node_cmp( const void* val1, const void* val2 )
{
sort_node *sn1 = (sort_node *)val1;
sort_node *sn2 = (sort_node *)val2;
sort_ctrl *sc;
MatchingRule *mr;
int i, cmp = 0;
assert( sort_conns[sn1->sn_conn]
&& sort_conns[sn1->sn_conn][sn1->sn_session]
&& sort_conns[sn1->sn_conn][sn1->sn_session]->so_ctrl );
sc = sort_conns[sn1->sn_conn][sn1->sn_session]->so_ctrl;
for ( i=0; cmp == 0 && isc_nkeys; i++ ) {
if ( BER_BVISNULL( &sn1->sn_vals[i] )) {
if ( BER_BVISNULL( &sn2->sn_vals[i] ))
cmp = 0;
else
cmp = sc->sc_keys[i].sk_direction;
} else if ( BER_BVISNULL( &sn2->sn_vals[i] )) {
cmp = sc->sc_keys[i].sk_direction * -1;
} else {
mr = sc->sc_keys[i].sk_ordering;
mr->smr_match( &cmp, 0, mr->smr_syntax, mr,
&sn1->sn_vals[i], &sn2->sn_vals[i] );
if ( cmp )
cmp *= sc->sc_keys[i].sk_direction;
}
}
return cmp;
}
static int node_insert( const void *val1, const void *val2 )
{
/* Never return equal so that new entries are always inserted */
return node_cmp( val1, val2 ) < 0 ? -1 : 1;
}
static int pack_vlv_response_control(
Operation *op,
SlapReply *rs,
sort_op *so,
LDAPControl **ctrlsp )
{
LDAPControl *ctrl;
BerElementBuffer berbuf;
BerElement *ber = (BerElement *)&berbuf;
struct berval cookie, bv;
int rc;
ber_init2( ber, NULL, LBER_USE_DER );
ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
rc = ber_printf( ber, "{iie", so->so_vlv_target, so->so_nentries,
so->so_vlv_rc );
if ( rc != -1 && so->so_vcontext ) {
cookie.bv_val = (char *)&so->so_vcontext;
cookie.bv_len = sizeof(so->so_vcontext);
rc = ber_printf( ber, "tO", LDAP_VLVCONTEXT_IDENTIFIER, &cookie );
}
if ( rc != -1 ) {
rc = ber_printf( ber, "}" );
}
if ( rc != -1 ) {
rc = ber_flatten2( ber, &bv, 0 );
}
if ( rc != -1 ) {
ctrl = (LDAPControl *)op->o_tmpalloc( sizeof(LDAPControl)+
bv.bv_len, op->o_tmpmemctx );
ctrl->ldctl_oid = LDAP_CONTROL_VLVRESPONSE;
ctrl->ldctl_iscritical = 0;
ctrl->ldctl_value.bv_val = (char *)(ctrl+1);
ctrl->ldctl_value.bv_len = bv.bv_len;
AC_MEMCPY( ctrl->ldctl_value.bv_val, bv.bv_val, bv.bv_len );
ctrlsp[0] = ctrl;
} else {
ctrlsp[0] = NULL;
rs->sr_err = LDAP_OTHER;
}
ber_free_buf( ber );
return rs->sr_err;
}
static int pack_pagedresult_response_control(
Operation *op,
SlapReply *rs,
sort_op *so,
LDAPControl **ctrlsp )
{
LDAPControl *ctrl;
BerElementBuffer berbuf;
BerElement *ber = (BerElement *)&berbuf;
PagedResultsCookie resp_cookie;
struct berval cookie, bv;
int rc;
ber_init2( ber, NULL, LBER_USE_DER );
ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
if ( so->so_nentries > 0 ) {
resp_cookie = ( PagedResultsCookie )so->so_tree;
cookie.bv_len = sizeof( PagedResultsCookie );
cookie.bv_val = (char *)&resp_cookie;
} else {
resp_cookie = ( PagedResultsCookie )0;
BER_BVZERO( &cookie );
}
op->o_conn->c_pagedresults_state.ps_cookie = resp_cookie;
op->o_conn->c_pagedresults_state.ps_count
= ((PagedResultsState *)op->o_pagedresults_state)->ps_count
+ rs->sr_nentries;
rc = ber_printf( ber, "{iO}", so->so_nentries, &cookie );
if ( rc != -1 ) {
rc = ber_flatten2( ber, &bv, 0 );
}
if ( rc != -1 ) {
ctrl = (LDAPControl *)op->o_tmpalloc( sizeof(LDAPControl)+
bv.bv_len, op->o_tmpmemctx );
ctrl->ldctl_oid = LDAP_CONTROL_PAGEDRESULTS;
ctrl->ldctl_iscritical = 0;
ctrl->ldctl_value.bv_val = (char *)(ctrl+1);
ctrl->ldctl_value.bv_len = bv.bv_len;
AC_MEMCPY( ctrl->ldctl_value.bv_val, bv.bv_val, bv.bv_len );
ctrlsp[0] = ctrl;
} else {
ctrlsp[0] = NULL;
rs->sr_err = LDAP_OTHER;
}
ber_free_buf( ber );
return rs->sr_err;
}
static int pack_sss_response_control(
Operation *op,
SlapReply *rs,
LDAPControl **ctrlsp )
{
LDAPControl *ctrl;
BerElementBuffer berbuf;
BerElement *ber = (BerElement *)&berbuf;
struct berval bv;
int rc;
ber_init2( ber, NULL, LBER_USE_DER );
ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
/* Pack error code */
rc = ber_printf(ber, "{e}", rs->sr_err);
if ( rc != -1)
rc = ber_flatten2( ber, &bv, 0 );
if ( rc != -1 ) {
ctrl = (LDAPControl *)op->o_tmpalloc( sizeof(LDAPControl)+
bv.bv_len, op->o_tmpmemctx );
ctrl->ldctl_oid = LDAP_CONTROL_SORTRESPONSE;
ctrl->ldctl_iscritical = 0;
ctrl->ldctl_value.bv_val = (char *)(ctrl+1);
ctrl->ldctl_value.bv_len = bv.bv_len;
AC_MEMCPY( ctrl->ldctl_value.bv_val, bv.bv_val, bv.bv_len );
ctrlsp[0] = ctrl;
} else {
ctrlsp[0] = NULL;
rs->sr_err = LDAP_OTHER;
}
ber_free_buf( ber );
return rs->sr_err;
}
/* Return the session id or -1 if unknown */
static int find_session_by_so(
int svi_max_percon,
int conn_id,
sort_op *so )
{
int sess_id;
if (so == NULL) {
return -1;
}
for (sess_id = 0; sess_id < svi_max_percon; sess_id++) {
if ( sort_conns[conn_id] && sort_conns[conn_id][sess_id] == so )
return sess_id;
}
return -1;
}
/* Return the session id or -1 if unknown */
static int find_session_by_context(
int svi_max_percon,
int conn_id,
unsigned long vc_context,
PagedResultsCookie ps_cookie )
{
int sess_id;
for(sess_id = 0; sess_id < svi_max_percon; sess_id++) {
if( sort_conns[conn_id] && sort_conns[conn_id][sess_id] &&
( sort_conns[conn_id][sess_id]->so_vcontext == vc_context ||
(PagedResultsCookie) sort_conns[conn_id][sess_id]->so_tree == ps_cookie ) )
return sess_id;
}
return -1;
}
static int find_next_session(
int svi_max_percon,
int conn_id )
{
int sess_id;
assert(sort_conns[conn_id] != NULL);
for(sess_id = 0; sess_id < svi_max_percon; sess_id++) {
if(!sort_conns[conn_id][sess_id]) {
return sess_id;
}
}
if (sess_id >= svi_max_percon) {
return -1;
} else {
return sess_id;
}
}
static void free_sort_op( Connection *conn, sort_op *so )
{
int sess_id;
ldap_pvt_thread_mutex_lock( &sort_conns_mutex );
sess_id = find_session_by_so( so->so_info->svi_max_percon, conn->c_conn_idx, so );
if ( sess_id > -1 ) {
sort_conns[conn->c_conn_idx][sess_id] = NULL;
so->so_info->svi_num--;
}
ldap_pvt_thread_mutex_unlock( &sort_conns_mutex );
if ( sess_id > -1 ){
if ( so->so_tree ) {
if ( so->so_paged > SLAP_CONTROL_IGNORED ) {
TAvlnode *cur_node, *next_node;
cur_node = so->so_tree;
while ( cur_node ) {
next_node = ldap_tavl_next( cur_node, TAVL_DIR_RIGHT );
ch_free( cur_node->avl_data );
ber_memfree( cur_node );
cur_node = next_node;
}
} else {
ldap_tavl_free( so->so_tree, ch_free );
}
so->so_tree = NULL;
}
ch_free( so );
}
}
static void free_sort_ops( Connection *conn, sort_op **sos, int svi_max_percon )
{
int sess_id;
sort_op *so;
for( sess_id = 0; sess_id < svi_max_percon ; sess_id++ ) {
so = sort_conns[conn->c_conn_idx][sess_id];
if ( so ) {
free_sort_op( conn, so );
sort_conns[conn->c_conn_idx][sess_id] = NULL;
}
}
}
static void send_list(
Operation *op,
SlapReply *rs,
sort_op *so)
{
TAvlnode *cur_node, *tmp_node;
vlv_ctrl *vc = op->o_controls[vlv_cid];
int i, j, dir, rc;
BackendDB *be;
Entry *e;
LDAPControl *ctrls[2];
rs->sr_attrs = op->ors_attrs;
/* FIXME: it may be better to just flatten the tree into
* an array before doing all of this...
*/
/* Are we just counting an offset? */
if ( BER_BVISNULL( &vc->vc_value )) {
if ( vc->vc_offset == vc->vc_count ) {
/* wants the last entry in the list */
cur_node = ldap_tavl_end(so->so_tree, TAVL_DIR_RIGHT);
so->so_vlv_target = so->so_nentries;
} else if ( vc->vc_offset == 1 ) {
/* wants the first entry in the list */
cur_node = ldap_tavl_end(so->so_tree, TAVL_DIR_LEFT);
so->so_vlv_target = 1;
} else {
int target;
/* Just iterate to the right spot */
if ( vc->vc_count && vc->vc_count != so->so_nentries ) {
if ( vc->vc_offset > vc->vc_count )
goto range_err;
target = so->so_nentries * vc->vc_offset / vc->vc_count;
} else {
if ( vc->vc_offset > so->so_nentries ) {
range_err:
so->so_vlv_rc = LDAP_VLV_RANGE_ERROR;
pack_vlv_response_control( op, rs, so, ctrls );
ctrls[1] = NULL;
slap_add_ctrls( op, rs, ctrls );
rs->sr_err = LDAP_VLV_ERROR;
return;
}
target = vc->vc_offset;
}
so->so_vlv_target = target;
/* Start at left and go right, or start at right and go left? */
if ( target < so->so_nentries / 2 ) {
cur_node = ldap_tavl_end(so->so_tree, TAVL_DIR_LEFT);
dir = TAVL_DIR_RIGHT;
} else {
cur_node = ldap_tavl_end(so->so_tree, TAVL_DIR_RIGHT);
dir = TAVL_DIR_LEFT;
target = so->so_nentries - target + 1;
}
for ( i=1; iso_ctrl;
MatchingRule *mr = sc->sc_keys[0].sk_ordering;
sort_node *sn;
struct berval bv;
if ( mr->smr_normalize ) {
rc = mr->smr_normalize( SLAP_MR_VALUE_OF_SYNTAX,
mr->smr_syntax, mr, &vc->vc_value, &bv, op->o_tmpmemctx );
if ( rc ) {
so->so_vlv_rc = LDAP_INAPPROPRIATE_MATCHING;
pack_vlv_response_control( op, rs, so, ctrls );
ctrls[1] = NULL;
slap_add_ctrls( op, rs, ctrls );
rs->sr_err = LDAP_VLV_ERROR;
return;
}
} else {
bv = vc->vc_value;
}
sn = op->o_tmpalloc( sizeof(sort_node) +
sc->sc_nkeys * sizeof(struct berval), op->o_tmpmemctx );
sn->sn_vals = (struct berval *)(sn+1);
sn->sn_conn = op->o_conn->c_conn_idx;
sn->sn_session = find_session_by_so( so->so_info->svi_max_percon, op->o_conn->c_conn_idx, so );
sn->sn_vals[0] = bv;
for (i=1; isc_nkeys; i++) {
BER_BVZERO( &sn->sn_vals[i] );
}
cur_node = ldap_tavl_find3( so->so_tree, sn, node_cmp, &j );
/* didn't find >= match */
if ( j > 0 ) {
if ( cur_node )
cur_node = ldap_tavl_next( cur_node, TAVL_DIR_RIGHT );
}
op->o_tmpfree( sn, op->o_tmpmemctx );
if ( !cur_node ) {
so->so_vlv_target = so->so_nentries + 1;
} else {
sort_node *sn = so->so_tree->avl_data;
/* start from the left or the right side? */
mr->smr_match( &i, 0, mr->smr_syntax, mr, &bv, &sn->sn_vals[0] );
if ( i > 0 ) {
tmp_node = ldap_tavl_end(so->so_tree, TAVL_DIR_RIGHT);
dir = TAVL_DIR_LEFT;
} else {
tmp_node = ldap_tavl_end(so->so_tree, TAVL_DIR_LEFT);
dir = TAVL_DIR_RIGHT;
}
for (i=0; tmp_node != cur_node;
tmp_node = ldap_tavl_next( tmp_node, dir ), i++);
so->so_vlv_target = (dir == TAVL_DIR_RIGHT) ? i+1 : so->so_nentries - i;
}
if ( bv.bv_val != vc->vc_value.bv_val )
op->o_tmpfree( bv.bv_val, op->o_tmpmemctx );
}
if ( !cur_node ) {
i = 1;
cur_node = ldap_tavl_end(so->so_tree, TAVL_DIR_RIGHT);
} else {
i = 0;
}
for ( ; ivc_before; i++ ) {
tmp_node = ldap_tavl_next( cur_node, TAVL_DIR_LEFT );
if ( !tmp_node ) break;
cur_node = tmp_node;
}
j = i + vc->vc_after + 1;
be = op->o_bd;
for ( i=0; iavl_data;
if ( slapd_shutdown ) break;
op->o_bd = select_backend( &sn->sn_dn, 0 );
e = NULL;
rc = be_entry_get_rw( op, &sn->sn_dn, NULL, NULL, 0, &e );
if ( e && rc == LDAP_SUCCESS ) {
rs->sr_entry = e;
rs->sr_flags = REP_ENTRY_MUSTRELEASE;
rs->sr_err = send_search_entry( op, rs );
if ( rs->sr_err == LDAP_UNAVAILABLE )
break;
}
cur_node = ldap_tavl_next( cur_node, TAVL_DIR_RIGHT );
if ( !cur_node ) break;
}
so->so_vlv_rc = LDAP_SUCCESS;
op->o_bd = be;
}
static void send_page( Operation *op, SlapReply *rs, sort_op *so )
{
TAvlnode *cur_node = so->so_tree;
TAvlnode *next_node = NULL;
BackendDB *be = op->o_bd;
Entry *e;
int rc;
rs->sr_attrs = op->ors_attrs;
while ( cur_node && rs->sr_nentries < so->so_page_size ) {
sort_node *sn = cur_node->avl_data;
if ( slapd_shutdown ) break;
next_node = ldap_tavl_next( cur_node, TAVL_DIR_RIGHT );
op->o_bd = select_backend( &sn->sn_dn, 0 );
e = NULL;
rc = be_entry_get_rw( op, &sn->sn_dn, NULL, NULL, 0, &e );
ch_free( cur_node->avl_data );
ber_memfree( cur_node );
cur_node = next_node;
so->so_nentries--;
if ( e && rc == LDAP_SUCCESS ) {
rs->sr_entry = e;
rs->sr_flags = REP_ENTRY_MUSTRELEASE;
rs->sr_err = send_search_entry( op, rs );
if ( rs->sr_err == LDAP_UNAVAILABLE )
break;
}
}
/* Set the first entry to send for the next page */
so->so_tree = next_node;
if ( next_node )
next_node->avl_left = NULL;
op->o_bd = be;
}
static void send_entry(
Operation *op,
SlapReply *rs,
sort_op *so)
{
Debug(LDAP_DEBUG_TRACE,
"%s: response control: status=%d, text=%s\n",
debug_header, rs->sr_err, SAFESTR(rs->sr_text, ""));
if ( !so->so_tree )
return;
/* RFC 2891: If critical then send the entries iff they were
* successfully sorted. If non-critical send all entries
* whether they were sorted or not.
*/
if ( (op->o_ctrlflag[sss_cid] != SLAP_CONTROL_CRITICAL) ||
(rs->sr_err == LDAP_SUCCESS) )
{
if ( so->so_vlv > SLAP_CONTROL_IGNORED ) {
send_list( op, rs, so );
} else {
/* Get the first node to send */
TAvlnode *start_node = ldap_tavl_end(so->so_tree, TAVL_DIR_LEFT);
so->so_tree = start_node;
if ( so->so_paged <= SLAP_CONTROL_IGNORED ) {
/* Not paged result search. Send all entries.
* Set the page size to the number of entries
* so that send_page() will send all entries.
*/
so->so_page_size = so->so_nentries;
}
send_page( op, rs, so );
}
}
}
static void send_result(
Operation *op,
SlapReply *rs,
sort_op *so)
{
LDAPControl *ctrls[3];
int rc, i = 0;
rc = pack_sss_response_control( op, rs, ctrls );
if ( rc == LDAP_SUCCESS ) {
i++;
rc = -1;
if ( so->so_paged > SLAP_CONTROL_IGNORED ) {
rc = pack_pagedresult_response_control( op, rs, so, ctrls+1 );
} else if ( so->so_vlv > SLAP_CONTROL_IGNORED ) {
rc = pack_vlv_response_control( op, rs, so, ctrls+1 );
}
if ( rc == LDAP_SUCCESS )
i++;
}
ctrls[i] = NULL;
if ( ctrls[0] != NULL )
slap_add_ctrls( op, rs, ctrls );
send_ldap_result( op, rs );
if ( so->so_tree == NULL ) {
/* Search finished, so clean up */
free_sort_op( op->o_conn, so );
} else {
so->so_running = 0;
}
}
static int sssvlv_op_response(
Operation *op,
SlapReply *rs )
{
sort_ctrl *sc = op->o_controls[sss_cid];
sort_op *so = op->o_callback->sc_private;
if ( rs->sr_type == REP_SEARCH ) {
int i;
size_t len;
sort_node *sn, *sn2;
struct berval *bv;
char *ptr;
len = sizeof(sort_node) + sc->sc_nkeys * sizeof(struct berval) +
rs->sr_entry->e_nname.bv_len + 1;
sn = op->o_tmpalloc( len, op->o_tmpmemctx );
sn->sn_vals = (struct berval *)(sn+1);
/* Build tmp list of key values */
for ( i=0; isc_nkeys; i++ ) {
Attribute *a = attr_find( rs->sr_entry->e_attrs,
sc->sc_keys[i].sk_ad );
if ( a ) {
if ( a->a_numvals > 1 ) {
bv = select_value( a, &sc->sc_keys[i] );
} else {
bv = a->a_nvals;
}
sn->sn_vals[i] = *bv;
len += bv->bv_len + 1;
} else {
BER_BVZERO( &sn->sn_vals[i] );
}
}
/* Now dup into regular memory */
sn2 = ch_malloc( len );
sn2->sn_vals = (struct berval *)(sn2+1);
AC_MEMCPY( sn2->sn_vals, sn->sn_vals,
sc->sc_nkeys * sizeof(struct berval));
ptr = (char *)(sn2->sn_vals + sc->sc_nkeys);
sn2->sn_dn.bv_val = ptr;
sn2->sn_dn.bv_len = rs->sr_entry->e_nname.bv_len;
AC_MEMCPY( ptr, rs->sr_entry->e_nname.bv_val,
rs->sr_entry->e_nname.bv_len );
ptr += rs->sr_entry->e_nname.bv_len;
*ptr++ = '\0';
for ( i=0; isc_nkeys; i++ ) {
if ( !BER_BVISNULL( &sn2->sn_vals[i] )) {
AC_MEMCPY(ptr, sn2->sn_vals[i].bv_val, sn2->sn_vals[i].bv_len);
sn2->sn_vals[i].bv_val = ptr;
ptr += sn2->sn_vals[i].bv_len;
*ptr++ = '\0';
}
}
op->o_tmpfree( sn, op->o_tmpmemctx );
sn = sn2;
sn->sn_conn = op->o_conn->c_conn_idx;
sn->sn_session = find_session_by_so( so->so_info->svi_max_percon, op->o_conn->c_conn_idx, so );
/* Insert into the AVL tree */
ldap_tavl_insert(&(so->so_tree), sn, node_insert, ldap_avl_dup_error);
so->so_nentries++;
/* Collected the keys so that they can be sorted. Thus, stop
* the entry from propagating.
*/
rs->sr_err = LDAP_SUCCESS;
}
else if ( rs->sr_type == REP_RESULT ) {
/* Remove serversort response callback.
* We don't want the entries that we are about to send to be
* processed by serversort response again.
*/
if ( op->o_callback->sc_response == sssvlv_op_response ) {
op->o_callback = op->o_callback->sc_next;
}
send_entry( op, rs, so );
send_result( op, rs, so );
}
return rs->sr_err;
}
static int sssvlv_op_search(
Operation *op,
SlapReply *rs)
{
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
sssvlv_info *si = on->on_bi.bi_private;
int rc = SLAP_CB_CONTINUE;
int ok;
sort_op *so = NULL, so2;
sort_ctrl *sc;
PagedResultsState *ps;
vlv_ctrl *vc;
int sess_id;
if ( op->o_ctrlflag[sss_cid] <= SLAP_CONTROL_IGNORED ) {
if ( op->o_ctrlflag[vlv_cid] > SLAP_CONTROL_IGNORED ) {
LDAPControl *ctrls[2];
so2.so_vcontext = 0;
so2.so_vlv_target = 0;
so2.so_nentries = 0;
so2.so_vlv_rc = LDAP_VLV_SSS_MISSING;
so2.so_vlv = op->o_ctrlflag[vlv_cid];
rc = pack_vlv_response_control( op, rs, &so2, ctrls );
if ( rc == LDAP_SUCCESS ) {
ctrls[1] = NULL;
slap_add_ctrls( op, rs, ctrls );
}
rs->sr_err = LDAP_VLV_ERROR;
rs->sr_text = "Sort control is required with VLV";
goto leave;
}
/* Not server side sort so just continue */
return SLAP_CB_CONTINUE;
}
Debug(LDAP_DEBUG_TRACE,
"==> sssvlv_search: <%s> %s, control flag: %d\n",
op->o_req_dn.bv_val, op->ors_filterstr.bv_val,
op->o_ctrlflag[sss_cid]);
sc = op->o_controls[sss_cid];
if ( sc->sc_nkeys > si->svi_max_keys ) {
rs->sr_text = "Too many sort keys";
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
goto leave;
}
ps = ( op->o_pagedresults > SLAP_CONTROL_IGNORED ) ?
(PagedResultsState*)(op->o_pagedresults_state) : NULL;
vc = op->o_ctrlflag[vlv_cid] > SLAP_CONTROL_IGNORED ?
op->o_controls[vlv_cid] : NULL;
if ( ps && vc ) {
rs->sr_text = "VLV incompatible with PagedResults";
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
goto leave;
}
ok = 1;
ldap_pvt_thread_mutex_lock( &sort_conns_mutex );
/* Is there already a sort running on this conn? */
sess_id = find_session_by_context( si->svi_max_percon, op->o_conn->c_conn_idx, vc ? vc->vc_context : NO_VC_CONTEXT, ps ? ps->ps_cookie : NO_PS_COOKIE );
if ( sess_id >= 0 ) {
so = sort_conns[op->o_conn->c_conn_idx][sess_id];
if( so->so_running > 0 ){
/* another thread is handling, response busy to client */
so = NULL;
ok = 0;
} else {
/* Is it a continuation of a VLV search? */
if ( !vc || so->so_vlv <= SLAP_CONTROL_IGNORED ||
vc->vc_context != so->so_vcontext ) {
/* Is it a continuation of a paged search? */
if ( !ps || so->so_paged <= SLAP_CONTROL_IGNORED ||
op->o_conn->c_pagedresults_state.ps_cookie != ps->ps_cookie ) {
ok = 0;
} else if ( !ps->ps_size ) {
/* Abandoning current request */
ok = 0;
so->so_nentries = 0;
rs->sr_err = LDAP_SUCCESS;
}
}
if (( vc && so->so_paged > SLAP_CONTROL_IGNORED ) ||
( ps && so->so_vlv > SLAP_CONTROL_IGNORED )) {
/* changed from paged to vlv or vice versa, abandon */
ok = 0;
so->so_nentries = 0;
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
}
if ( ok ) {
/* occupy before mutex unlock */
so->so_running = 1;
}
}
/* Are there too many running overall? */
} else if ( si->svi_num >= si->svi_max ) {
ok = 0;
} else if ( ( sess_id = find_next_session(si->svi_max_percon, op->o_conn->c_conn_idx ) ) < 0 ) {
ok = 0;
} else {
/* OK, this connection now has a sort running */
si->svi_num++;
sort_conns[op->o_conn->c_conn_idx][sess_id] = &so2;
sort_conns[op->o_conn->c_conn_idx][sess_id]->so_session = sess_id;
}
ldap_pvt_thread_mutex_unlock( &sort_conns_mutex );
if ( ok ) {
/* If we're a global overlay, this check got bypassed */
if ( !op->ors_limit && limits_check( op, rs ))
return rs->sr_err;
/* are we continuing a VLV search? */
if ( so && vc && vc->vc_context ) {
so->so_ctrl = sc;
send_list( op, rs, so );
send_result( op, rs, so );
rc = LDAP_SUCCESS;
/* are we continuing a paged search? */
} else if ( so && ps && ps->ps_cookie ) {
so->so_ctrl = sc;
send_page( op, rs, so );
send_result( op, rs, so );
rc = LDAP_SUCCESS;
} else {
slap_callback *cb = op->o_tmpalloc( sizeof(slap_callback),
op->o_tmpmemctx );
/* Install serversort response callback to handle a new search */
if ( ps || vc ) {
so = ch_calloc( 1, sizeof(sort_op));
} else {
so = op->o_tmpcalloc( 1, sizeof(sort_op), op->o_tmpmemctx );
}
sort_conns[op->o_conn->c_conn_idx][sess_id] = so;
cb->sc_cleanup = NULL;
cb->sc_response = sssvlv_op_response;
cb->sc_next = op->o_callback;
cb->sc_private = so;
cb->sc_writewait = NULL;
so->so_tree = NULL;
so->so_ctrl = sc;
so->so_info = si;
if ( ps ) {
so->so_paged = op->o_pagedresults;
so->so_page_size = ps->ps_size;
op->o_pagedresults = SLAP_CONTROL_IGNORED;
} else {
so->so_paged = 0;
so->so_page_size = 0;
if ( vc ) {
so->so_vlv = op->o_ctrlflag[vlv_cid];
so->so_vlv_target = 0;
so->so_vlv_rc = 0;
} else {
so->so_vlv = SLAP_CONTROL_NONE;
}
}
so->so_session = sess_id;
so->so_vlv = op->o_ctrlflag[vlv_cid];
so->so_vcontext = (unsigned long)so;
so->so_nentries = 0;
so->so_running = 1;
op->o_callback = cb;
}
} else {
if ( so && !so->so_nentries ) {
free_sort_op( op->o_conn, so );
} else {
rs->sr_text = "Other sort requests already in progress";
rs->sr_err = LDAP_BUSY;
}
leave:
rc = rs->sr_err;
send_ldap_result( op, rs );
}
return rc;
}
static int get_ordering_rule(
AttributeDescription *ad,
struct berval *matchrule,
SlapReply *rs,
MatchingRule **ordering )
{
MatchingRule* mr;
if ( matchrule && matchrule->bv_val ) {
mr = mr_find( matchrule->bv_val );
if ( mr == NULL ) {
rs->sr_err = LDAP_INAPPROPRIATE_MATCHING;
rs->sr_text = "serverSort control: No ordering rule";
Debug(LDAP_DEBUG_TRACE, "%s: no ordering rule function for %s\n",
debug_header, matchrule->bv_val );
}
}
else {
mr = ad->ad_type->sat_ordering;
if ( mr == NULL ) {
rs->sr_err = LDAP_INAPPROPRIATE_MATCHING;
rs->sr_text = "serverSort control: No ordering rule";
Debug(LDAP_DEBUG_TRACE,
"%s: no ordering rule specified and no default ordering rule for attribute %s\n",
debug_header, ad->ad_cname.bv_val );
}
}
*ordering = mr;
return rs->sr_err;
}
static int count_key(BerElement *ber)
{
char *end;
ber_len_t len;
ber_tag_t tag;
int count = 0;
/* Server Side Sort Control is a SEQUENCE of SEQUENCE */
for ( tag = ber_first_element( ber, &len, &end );
tag == LBER_SEQUENCE;
tag = ber_next_element( ber, &len, end ))
{
tag = ber_skip_tag( ber, &len );
ber_skip_data( ber, len );
++count;
}
ber_rewind( ber );
return count;
}
static int build_key(
BerElement *ber,
SlapReply *rs,
sort_key *key )
{
struct berval attr;
struct berval matchrule = BER_BVNULL;
ber_int_t reverse = 0;
ber_tag_t tag;
ber_len_t len;
MatchingRule *ordering = NULL;
AttributeDescription *ad = NULL;
const char *text;
if (( tag = ber_scanf( ber, "{" )) == LBER_ERROR ) {
rs->sr_text = "serverSort control: decoding error";
rs->sr_err = LDAP_PROTOCOL_ERROR;
return rs->sr_err;
}
if (( tag = ber_scanf( ber, "m", &attr )) == LBER_ERROR ) {
rs->sr_text = "serverSort control: attribute decoding error";
rs->sr_err = LDAP_PROTOCOL_ERROR;
return rs->sr_err;
}
tag = ber_peek_tag( ber, &len );
if ( tag == LDAP_MATCHRULE_IDENTIFIER ) {
if (( tag = ber_scanf( ber, "m", &matchrule )) == LBER_ERROR ) {
rs->sr_text = "serverSort control: matchrule decoding error";
rs->sr_err = LDAP_PROTOCOL_ERROR;
return rs->sr_err;
}
tag = ber_peek_tag( ber, &len );
}
if ( tag == LDAP_REVERSEORDER_IDENTIFIER ) {
if (( tag = ber_scanf( ber, "b", &reverse )) == LBER_ERROR ) {
rs->sr_text = "serverSort control: reverse decoding error";
rs->sr_err = LDAP_PROTOCOL_ERROR;
return rs->sr_err;
}
}
if (( tag = ber_scanf( ber, "}" )) == LBER_ERROR ) {
rs->sr_text = "serverSort control: decoding error";
rs->sr_err = LDAP_PROTOCOL_ERROR;
return rs->sr_err;
}
if ( slap_bv2ad( &attr, &ad, &text ) != LDAP_SUCCESS ) {
rs->sr_text =
"serverSort control: Unrecognized attribute type in sort key";
Debug(LDAP_DEBUG_TRACE,
"%s: Unrecognized attribute type in sort key: %s\n",
debug_header, SAFESTR(attr.bv_val, "") );
rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
return rs->sr_err;
}
/* get_ordering_rule will set sr_err and sr_text */
get_ordering_rule( ad, &matchrule, rs, &ordering );
if ( rs->sr_err != LDAP_SUCCESS ) {
return rs->sr_err;
}
key->sk_ad = ad;
key->sk_ordering = ordering;
key->sk_direction = reverse ? -1 : 1;
return rs->sr_err;
}
/* Conforms to RFC4510 re: Criticality, original RFC2891 spec is broken
* Also see ITS#7253 for discussion
*/
static int sss_parseCtrl(
Operation *op,
SlapReply *rs,
LDAPControl *ctrl )
{
BerElementBuffer berbuf;
BerElement *ber;
ber_tag_t tag;
ber_len_t len;
int i;
sort_ctrl *sc;
rs->sr_err = LDAP_PROTOCOL_ERROR;
if ( op->o_ctrlflag[sss_cid] > SLAP_CONTROL_IGNORED ) {
rs->sr_text = "sorted results control specified multiple times";
} else if ( BER_BVISNULL( &ctrl->ldctl_value ) ) {
rs->sr_text = "sorted results control value is absent";
} else if ( BER_BVISEMPTY( &ctrl->ldctl_value ) ) {
rs->sr_text = "sorted results control value is empty";
} else {
rs->sr_err = LDAP_SUCCESS;
}
if ( rs->sr_err != LDAP_SUCCESS )
return rs->sr_err;
op->o_ctrlflag[sss_cid] = ctrl->ldctl_iscritical ?
SLAP_CONTROL_CRITICAL : SLAP_CONTROL_NONCRITICAL;
ber = (BerElement *)&berbuf;
ber_init2( ber, &ctrl->ldctl_value, 0 );
i = count_key( ber );
sc = op->o_tmpalloc( sizeof(sort_ctrl) +
(i-1) * sizeof(sort_key), op->o_tmpmemctx );
sc->sc_nkeys = i;
op->o_controls[sss_cid] = sc;
/* peel off initial sequence */
ber_scanf( ber, "{" );
i = 0;
do {
if ( build_key( ber, rs, &sc->sc_keys[i] ) != LDAP_SUCCESS )
break;
i++;
tag = ber_peek_tag( ber, &len );
} while ( tag != LBER_DEFAULT );
return rs->sr_err;
}
static int vlv_parseCtrl(
Operation *op,
SlapReply *rs,
LDAPControl *ctrl )
{
BerElementBuffer berbuf;
BerElement *ber;
ber_tag_t tag;
ber_len_t len;
vlv_ctrl *vc, vc2;
rs->sr_err = LDAP_PROTOCOL_ERROR;
rs->sr_text = NULL;
if ( op->o_ctrlflag[vlv_cid] > SLAP_CONTROL_IGNORED ) {
rs->sr_text = "vlv control specified multiple times";
} else if ( BER_BVISNULL( &ctrl->ldctl_value ) ) {
rs->sr_text = "vlv control value is absent";
} else if ( BER_BVISEMPTY( &ctrl->ldctl_value ) ) {
rs->sr_text = "vlv control value is empty";
}
if ( rs->sr_text != NULL )
return rs->sr_err;
op->o_ctrlflag[vlv_cid] = ctrl->ldctl_iscritical ?
SLAP_CONTROL_CRITICAL : SLAP_CONTROL_NONCRITICAL;
ber = (BerElement *)&berbuf;
ber_init2( ber, &ctrl->ldctl_value, 0 );
rs->sr_err = LDAP_PROTOCOL_ERROR;
tag = ber_scanf( ber, "{ii", &vc2.vc_before, &vc2.vc_after );
if ( tag == LBER_ERROR ) {
return rs->sr_err;
}
tag = ber_peek_tag( ber, &len );
if ( tag == LDAP_VLVBYINDEX_IDENTIFIER ) {
tag = ber_scanf( ber, "{ii}", &vc2.vc_offset, &vc2.vc_count );
if ( tag == LBER_ERROR )
return rs->sr_err;
BER_BVZERO( &vc2.vc_value );
} else if ( tag == LDAP_VLVBYVALUE_IDENTIFIER ) {
tag = ber_scanf( ber, "m", &vc2.vc_value );
if ( tag == LBER_ERROR || BER_BVISNULL( &vc2.vc_value ))
return rs->sr_err;
} else {
return rs->sr_err;
}
tag = ber_peek_tag( ber, &len );
if ( tag == LDAP_VLVCONTEXT_IDENTIFIER ) {
struct berval bv;
tag = ber_scanf( ber, "m", &bv );
if ( tag == LBER_ERROR || bv.bv_len != sizeof(vc2.vc_context))
return rs->sr_err;
AC_MEMCPY( &vc2.vc_context, bv.bv_val, bv.bv_len );
} else {
vc2.vc_context = 0;
}
vc = op->o_tmpalloc( sizeof(vlv_ctrl), op->o_tmpmemctx );
*vc = vc2;
op->o_controls[vlv_cid] = vc;
rs->sr_err = LDAP_SUCCESS;
return rs->sr_err;
}
static int sssvlv_connection_destroy( BackendDB *be, Connection *conn )
{
slap_overinst *on = (slap_overinst *)be->bd_info;
sssvlv_info *si = on->on_bi.bi_private;
if ( sort_conns[conn->c_conn_idx] ) {
free_sort_ops( conn, sort_conns[conn->c_conn_idx], si->svi_max_percon );
}
return LDAP_SUCCESS;
}
static int sssvlv_db_open(
BackendDB *be,
ConfigReply *cr )
{
slap_overinst *on = (slap_overinst *)be->bd_info;
sssvlv_info *si = on->on_bi.bi_private;
int rc;
int conn_index;
/* If not set, default to 1/2 of available threads */
if ( !si->svi_max )
si->svi_max = connection_pool_max / 2;
if ( dtblsize && !sort_conns ) {
ldap_pvt_thread_mutex_init( &sort_conns_mutex );
/* accommodate for c_conn_idx == -1 */
sort_conns = ch_calloc( dtblsize + 1, sizeof(sort_op **) );
for ( conn_index = 0 ; conn_index < dtblsize + 1 ; conn_index++ ) {
sort_conns[conn_index] = ch_calloc( si->svi_max_percon, sizeof(sort_op *) );
}
sort_conns++;
}
rc = overlay_register_control( be, LDAP_CONTROL_SORTREQUEST );
if ( rc == LDAP_SUCCESS )
rc = overlay_register_control( be, LDAP_CONTROL_VLVREQUEST );
return rc;
}
static ConfigTable sssvlv_cfg[] = {
{ "sssvlv-max", "num",
2, 2, 0, ARG_INT|ARG_OFFSET,
(void *)offsetof(sssvlv_info, svi_max),
"( OLcfgOvAt:21.1 NAME 'olcSssVlvMax' "
"DESC 'Maximum number of concurrent Sort requests' "
"EQUALITY integerMatch "
"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
{ "sssvlv-maxkeys", "num",
2, 2, 0, ARG_INT|ARG_OFFSET,
(void *)offsetof(sssvlv_info, svi_max_keys),
"( OLcfgOvAt:21.2 NAME 'olcSssVlvMaxKeys' "
"DESC 'Maximum number of Keys in a Sort request' "
"EQUALITY integerMatch "
"SYNTAX OMsInteger SINGLE-VALUE )", NULL,
{ .v_int = SSSVLV_DEFAULT_MAX_KEYS } },
{ "sssvlv-maxperconn", "num",
2, 2, 0, ARG_INT|ARG_OFFSET,
(void *)offsetof(sssvlv_info, svi_max_percon),
"( OLcfgOvAt:21.3 NAME 'olcSssVlvMaxPerConn' "
"DESC 'Maximum number of concurrent paged search requests per connection' "
"EQUALITY integerMatch "
"SYNTAX OMsInteger SINGLE-VALUE )", NULL,
{ .v_int = SSSVLV_DEFAULT_MAX_REQUEST_PER_CONN } },
{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
};
static ConfigOCs sssvlv_ocs[] = {
{ "( OLcfgOvOc:21.1 "
"NAME 'olcSssVlvConfig' "
"DESC 'SSS VLV configuration' "
"SUP olcOverlayConfig "
"MAY ( olcSssVlvMax $ olcSssVlvMaxKeys $ olcSssVlvMaxPerConn ) )",
Cft_Overlay, sssvlv_cfg, NULL, NULL },
{ NULL, 0, NULL }
};
static int sssvlv_db_init(
BackendDB *be,
ConfigReply *cr)
{
slap_overinst *on = (slap_overinst *)be->bd_info;
sssvlv_info *si;
if ( ov_count == 0 ) {
int rc;
rc = register_supported_control2( LDAP_CONTROL_SORTREQUEST,
SLAP_CTRL_SEARCH,
NULL,
sss_parseCtrl,
1 /* replace */,
&sss_cid );
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "Failed to register Sort Request control '%s' (%d)\n",
LDAP_CONTROL_SORTREQUEST, rc );
return rc;
}
rc = register_supported_control2( LDAP_CONTROL_VLVREQUEST,
SLAP_CTRL_SEARCH,
NULL,
vlv_parseCtrl,
1 /* replace */,
&vlv_cid );
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "Failed to register VLV Request control '%s' (%d)\n",
LDAP_CONTROL_VLVREQUEST, rc );
#ifdef SLAP_CONFIG_DELETE
overlay_unregister_control( be, LDAP_CONTROL_SORTREQUEST );
unregister_supported_control( LDAP_CONTROL_SORTREQUEST );
#endif /* SLAP_CONFIG_DELETE */
return rc;
}
}
si = (sssvlv_info *)ch_malloc(sizeof(sssvlv_info));
on->on_bi.bi_private = si;
si->svi_max = 0;
si->svi_num = 0;
si->svi_max_keys = SSSVLV_DEFAULT_MAX_KEYS;
si->svi_max_percon = SSSVLV_DEFAULT_MAX_REQUEST_PER_CONN;
ov_count++;
return LDAP_SUCCESS;
}
static int sssvlv_db_destroy(
BackendDB *be,
ConfigReply *cr )
{
slap_overinst *on = (slap_overinst *)be->bd_info;
sssvlv_info *si = (sssvlv_info *)on->on_bi.bi_private;
int conn_index;
ov_count--;
if ( !ov_count && sort_conns) {
sort_conns--;
for ( conn_index = 0 ; conn_index < dtblsize + 1 ; conn_index++ ) {
ch_free(sort_conns[conn_index]);
}
ch_free(sort_conns);
ldap_pvt_thread_mutex_destroy( &sort_conns_mutex );
}
#ifdef SLAP_CONFIG_DELETE
overlay_unregister_control( be, LDAP_CONTROL_SORTREQUEST );
overlay_unregister_control( be, LDAP_CONTROL_VLVREQUEST );
if ( ov_count == 0 ) {
unregister_supported_control( LDAP_CONTROL_SORTREQUEST );
unregister_supported_control( LDAP_CONTROL_VLVREQUEST );
}
#endif /* SLAP_CONFIG_DELETE */
if ( si ) {
ch_free( si );
on->on_bi.bi_private = NULL;
}
return LDAP_SUCCESS;
}
static slap_overinst sssvlv;
int sssvlv_initialize()
{
int rc;
sssvlv.on_bi.bi_type = "sssvlv";
sssvlv.on_bi.bi_flags = SLAPO_BFLAG_SINGLE;
sssvlv.on_bi.bi_db_init = sssvlv_db_init;
sssvlv.on_bi.bi_db_destroy = sssvlv_db_destroy;
sssvlv.on_bi.bi_db_open = sssvlv_db_open;
sssvlv.on_bi.bi_connection_destroy = sssvlv_connection_destroy;
sssvlv.on_bi.bi_op_search = sssvlv_op_search;
sssvlv.on_bi.bi_cf_ocs = sssvlv_ocs;
rc = config_register_schema( sssvlv_cfg, sssvlv_ocs );
if ( rc )
return rc;
rc = overlay_register( &sssvlv );
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "Failed to register server side sort overlay\n" );
}
return rc;
}
#if SLAPD_OVER_SSSVLV == SLAPD_MOD_DYNAMIC
int init_module( int argc, char *argv[])
{
return sssvlv_initialize();
}
#endif
#endif /* SLAPD_OVER_SSSVLV */