1 files changed, 282 insertions, 0 deletions
diff --git a/servers/slapd/back-meta/candidates.c b/servers/slapd/back-meta/candidates.c
new file mode 100644
index 0000000..ffb5992
--- /dev/null
+++ b/servers/slapd/back-meta/candidates.c
@@ -0,0 +1,282 @@
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2022 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include "ac/string.h"
+
+#include "slap.h"
+#include "../back-ldap/back-ldap.h"
+#include "back-meta.h"
+
+/*
+ * The meta-directory has one suffix, called <suffix>.
+ * It handles a pool of target servers, each with a branch suffix
+ * of the form <branch X>,<suffix>, where <branch X> may be empty.
+ *
+ * When the meta-directory receives a request with a request DN that belongs
+ * to a branch, the corresponding target is invoked. When the request DN
+ * does not belong to a specific branch, all the targets that
+ * are compatible with the request DN are selected as candidates, and
+ * the request is spawned to all the candidate targets
+ *
+ * A request is characterized by a request DN. The following cases are
+ * handled:
+ * 	- the request DN is the suffix: <dn> == <suffix>,
+ * 		all the targets are candidates (search ...)
+ * 	- the request DN is a branch suffix: <dn> == <branch X>,<suffix>, or
+ * 	- the request DN is a subtree of a branch suffix:
+ * 		<dn> == <rdn>,<branch X>,<suffix>,
+ * 		the target is the only candidate.
+ *
+ * A possible extension will include the handling of multiple suffixes
+ */
+
+static metasubtree_t *
+meta_subtree_match( metatarget_t *mt, struct berval *ndn, int scope )
+{
+	metasubtree_t *ms = mt->mt_subtree;
+
+	for ( ms = mt->mt_subtree; ms; ms = ms->ms_next ) {
+		switch ( ms->ms_type ) {
+		case META_ST_SUBTREE:
+			if ( dnIsSuffix( ndn, &ms->ms_dn ) ) {
+				return ms;
+			}
+			break;
+
+		case META_ST_SUBORDINATE:
+			if ( dnIsSuffix( ndn, &ms->ms_dn ) &&
+				( ndn->bv_len > ms->ms_dn.bv_len || scope != LDAP_SCOPE_BASE ) )
+			{
+				return ms;
+			}
+			break;
+
+		case META_ST_REGEX:
+			/* NOTE: cannot handle scope */
+			if ( regexec( &ms->ms_regex, ndn->bv_val, 0, NULL, 0 ) == 0 ) {
+				return ms;
+			}
+			break;
+		}
+	}
+
+	return NULL;
+}
+
+/*
+ * returns 1 if suffix is candidate for dn, otherwise 0
+ *
+ * Note: this function should never be called if dn is the <suffix>.
+ */
+int 
+meta_back_is_candidate(
+	metatarget_t	*mt,
+	struct berval	*ndn,
+	int		scope )
+{
+	struct berval rdn;
+	int d = ndn->bv_len - mt->mt_nsuffix.bv_len;
+
+	if ( d >= 0 ) {
+		if ( !dnIsSuffix( ndn, &mt->mt_nsuffix ) ) {
+			return META_NOT_CANDIDATE;
+		}
+
+		/*
+		 * |  match  | exclude |
+		 * +---------+---------+-------------------+
+		 * |    T    |    T    | not candidate     |
+		 * |    F    |    T    | continue checking |
+		 * +---------+---------+-------------------+
+		 * |    T    |    F    | candidate         |
+		 * |    F    |    F    | not candidate     |
+		 * +---------+---------+-------------------+
+		 */
+			
+		if ( mt->mt_subtree ) {
+			int match = ( meta_subtree_match( mt, ndn, scope ) != NULL );
+
+			if ( !mt->mt_subtree_exclude ) {
+				return match ? META_CANDIDATE : META_NOT_CANDIDATE;
+			}
+
+			if ( match /* && mt->mt_subtree_exclude */ ) {
+				return META_NOT_CANDIDATE;
+			}
+		}
+
+		switch ( mt->mt_scope ) {
+		case LDAP_SCOPE_SUBTREE:
+		default:
+			return META_CANDIDATE;
+
+		case LDAP_SCOPE_SUBORDINATE:
+			if ( d > 0 ) {
+				return META_CANDIDATE;
+			}
+			break;
+
+		/* nearly useless; not allowed by config */
+		case LDAP_SCOPE_ONELEVEL:
+			if ( d > 0 ) {
+				rdn.bv_val = ndn->bv_val;
+				rdn.bv_len = (ber_len_t)d - STRLENOF( "," );
+				if ( dnIsOneLevelRDN( &rdn ) ) {
+					return META_CANDIDATE;
+				}
+			}
+			break;
+
+		/* nearly useless; not allowed by config */
+		case LDAP_SCOPE_BASE:
+			if ( d == 0 ) {
+				return META_CANDIDATE;
+			}
+			break;
+		}
+
+	} else /* if ( d < 0 ) */ {
+		if ( !dnIsSuffix( &mt->mt_nsuffix, ndn ) ) {
+			return META_NOT_CANDIDATE;
+		}
+
+		switch ( scope ) {
+		case LDAP_SCOPE_SUBTREE:
+		case LDAP_SCOPE_SUBORDINATE:
+			/*
+			 * suffix longer than dn, but common part matches
+			 */
+			return META_CANDIDATE;
+
+		case LDAP_SCOPE_ONELEVEL:
+			rdn.bv_val = mt->mt_nsuffix.bv_val;
+			rdn.bv_len = (ber_len_t)(-d) - STRLENOF( "," );
+			if ( dnIsOneLevelRDN( &rdn ) ) {
+				return META_CANDIDATE;
+			}
+			break;
+		}
+	}
+
+	return META_NOT_CANDIDATE;
+}
+
+/*
+ * meta_back_select_unique_candidate
+ *
+ * returns the index of the candidate in case it is unique, otherwise
+ * META_TARGET_NONE if none matches, or
+ * META_TARGET_MULTIPLE if more than one matches
+ * Note: ndn MUST be normalized.
+ */
+int
+meta_back_select_unique_candidate(
+	metainfo_t	*mi,
+	struct berval	*ndn )
+{
+	int	i, candidate = META_TARGET_NONE;
+
+	for ( i = 0; i < mi->mi_ntargets; i++ ) {
+		metatarget_t	*mt = mi->mi_targets[ i ];
+
+		if ( meta_back_is_candidate( mt, ndn, LDAP_SCOPE_BASE ) ) {
+			if ( candidate == META_TARGET_NONE ) {
+				candidate = i;
+
+			} else {
+				return META_TARGET_MULTIPLE;
+			}
+		}
+	}
+
+	return candidate;
+}
+
+/*
+ * meta_clear_unused_candidates
+ *
+ * clears all candidates except candidate
+ */
+int
+meta_clear_unused_candidates(
+	Operation	*op,
+	int		candidate )
+{
+	metainfo_t	*mi = ( metainfo_t * )op->o_bd->be_private;
+	int		i;
+	SlapReply	*candidates = meta_back_candidates_get( op );
+	
+	for ( i = 0; i < mi->mi_ntargets; ++i ) {
+		if ( i == candidate ) {
+			continue;
+		}
+		META_CANDIDATE_RESET( &candidates[ i ] );
+	}
+
+	return 0;
+}
+
+/*
+ * meta_clear_one_candidate
+ *
+ * clears the selected candidate
+ */
+int
+meta_clear_one_candidate(
+	Operation	*op,
+	metaconn_t	*mc,
+	int		candidate )
+{
+	metasingleconn_t	*msc = &mc->mc_conns[ candidate ];
+
+	if ( msc->msc_ld != NULL ) {
+
+#ifdef DEBUG_205
+		Debug(LDAP_DEBUG_ANY,
+		      "### %s meta_clear_one_candidate ldap_unbind_ext[%d] mc=%p ld=%p\n",
+		      op ? op->o_log_prefix : "", candidate, (void *)mc,
+		      (void *)msc->msc_ld );
+#endif /* DEBUG_205 */
+
+		ldap_unbind_ext( msc->msc_ld, NULL, NULL );
+		msc->msc_ld = NULL;
+	}
+
+	if ( !BER_BVISNULL( &msc->msc_bound_ndn ) ) {
+		ber_memfree_x( msc->msc_bound_ndn.bv_val, NULL );
+		BER_BVZERO( &msc->msc_bound_ndn );
+	}
+
+	if ( !BER_BVISNULL( &msc->msc_cred ) ) {
+		memset( msc->msc_cred.bv_val, 0, msc->msc_cred.bv_len );
+		ber_memfree_x( msc->msc_cred.bv_val, NULL );
+		BER_BVZERO( &msc->msc_cred );
+	}
+
+	msc->msc_mscflags = 0;
+
+	return 0;
+}
+