1 /* $NetBSD: refint.c,v 1.1.1.4 2010/12/12 15:23:40 adam Exp $ */ 2 3 /* refint.c - referential integrity module */ 4 /* OpenLDAP: pkg/ldap/servers/slapd/overlays/refint.c,v 1.19.2.15 2010/06/17 20:08:31 quanah Exp */ 5 /* This work is part of OpenLDAP Software <http://www.openldap.org/>. 6 * 7 * Copyright 2004-2010 The OpenLDAP Foundation. 8 * Portions Copyright 2004 Symas Corporation. 9 * All rights reserved. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted only as authorized by the OpenLDAP 13 * Public License. 14 * 15 * A copy of this license is available in the file LICENSE in the 16 * top-level directory of the distribution or, alternatively, at 17 * <http://www.OpenLDAP.org/license.html>. 18 */ 19 /* ACKNOWLEDGEMENTS: 20 * This work was initially developed by Symas Corp. for inclusion in 21 * OpenLDAP Software. This work was sponsored by Hewlett-Packard. 22 */ 23 24 #include "portable.h" 25 26 /* This module maintains referential integrity for a set of 27 * DN-valued attributes by searching for all references to a given 28 * DN whenever the DN is changed or its entry is deleted, and making 29 * the appropriate update. 30 * 31 * Updates are performed using the database rootdn in a separate task 32 * to allow the original operation to complete immediately. 33 */ 34 35 #ifdef SLAPD_OVER_REFINT 36 37 #include <stdio.h> 38 39 #include <ac/string.h> 40 #include <ac/socket.h> 41 42 #include "slap.h" 43 #include "config.h" 44 #include "ldap_rq.h" 45 46 static slap_overinst refint; 47 48 /* The DN to use in the ModifiersName for all refint updates */ 49 static BerValue refint_dn = BER_BVC("cn=Referential Integrity Overlay"); 50 static BerValue refint_ndn = BER_BVC("cn=referential integrity overlay"); 51 52 typedef struct refint_attrs_s { 53 struct refint_attrs_s *next; 54 AttributeDescription *attr; 55 BerVarray old_vals; 56 BerVarray old_nvals; 57 BerVarray new_vals; 58 BerVarray new_nvals; 59 int ra_numvals; 60 } refint_attrs; 61 62 typedef struct dependents_s { 63 struct dependents_s *next; 64 BerValue dn; /* target dn */ 65 BerValue ndn; 66 refint_attrs *attrs; 67 } dependent_data; 68 69 typedef struct refint_q { 70 struct refint_q *next; 71 struct refint_data_s *rdata; 72 dependent_data *attrs; /* entries and attrs returned from callback */ 73 BackendDB *db; 74 BerValue olddn; 75 BerValue oldndn; 76 BerValue newdn; 77 BerValue newndn; 78 } refint_q; 79 80 typedef struct refint_data_s { 81 struct refint_attrs_s *attrs; /* list of known attrs */ 82 BerValue dn; /* basedn in parent, */ 83 BerValue nothing; /* the nothing value, if needed */ 84 BerValue nnothing; /* normalized nothingness */ 85 BerValue refint_dn; /* modifier's name */ 86 BerValue refint_ndn; /* normalized modifier's name */ 87 struct re_s *qtask; 88 refint_q *qhead; 89 refint_q *qtail; 90 ldap_pvt_thread_mutex_t qmutex; 91 } refint_data; 92 93 #define RUNQ_INTERVAL 36000 /* a long time */ 94 95 static MatchingRule *mr_dnSubtreeMatch; 96 97 enum { 98 REFINT_ATTRS = 1, 99 REFINT_NOTHING, 100 REFINT_MODIFIERSNAME 101 }; 102 103 static ConfigDriver refint_cf_gen; 104 105 static ConfigTable refintcfg[] = { 106 { "refint_attributes", "attribute...", 2, 0, 0, 107 ARG_MAGIC|REFINT_ATTRS, refint_cf_gen, 108 "( OLcfgOvAt:11.1 NAME 'olcRefintAttribute' " 109 "DESC 'Attributes for referential integrity' " 110 "EQUALITY caseIgnoreMatch " 111 "SYNTAX OMsDirectoryString )", NULL, NULL }, 112 { "refint_nothing", "string", 2, 2, 0, 113 ARG_DN|ARG_MAGIC|REFINT_NOTHING, refint_cf_gen, 114 "( OLcfgOvAt:11.2 NAME 'olcRefintNothing' " 115 "DESC 'Replacement DN to supply when needed' " 116 "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL }, 117 { "refint_modifiersName", "DN", 2, 2, 0, 118 ARG_DN|ARG_MAGIC|REFINT_MODIFIERSNAME, refint_cf_gen, 119 "( OLcfgOvAt:11.3 NAME 'olcRefintModifiersName' " 120 "DESC 'The DN to use as modifiersName' " 121 "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL }, 122 { NULL, NULL, 0, 0, 0, ARG_IGNORED } 123 }; 124 125 static ConfigOCs refintocs[] = { 126 { "( OLcfgOvOc:11.1 " 127 "NAME 'olcRefintConfig' " 128 "DESC 'Referential integrity configuration' " 129 "SUP olcOverlayConfig " 130 "MAY ( olcRefintAttribute " 131 "$ olcRefintNothing " 132 "$ olcRefintModifiersName " 133 ") )", 134 Cft_Overlay, refintcfg }, 135 { NULL, 0, NULL } 136 }; 137 138 static int 139 refint_cf_gen(ConfigArgs *c) 140 { 141 slap_overinst *on = (slap_overinst *)c->bi; 142 refint_data *dd = (refint_data *)on->on_bi.bi_private; 143 refint_attrs *ip, *pip, **pipp = NULL; 144 AttributeDescription *ad; 145 const char *text; 146 int rc = ARG_BAD_CONF; 147 int i; 148 149 switch ( c->op ) { 150 case SLAP_CONFIG_EMIT: 151 switch ( c->type ) { 152 case REFINT_ATTRS: 153 ip = dd->attrs; 154 while ( ip ) { 155 value_add_one( &c->rvalue_vals, 156 &ip->attr->ad_cname ); 157 ip = ip->next; 158 } 159 rc = 0; 160 break; 161 case REFINT_NOTHING: 162 if ( !BER_BVISEMPTY( &dd->nothing )) { 163 rc = value_add_one( &c->rvalue_vals, 164 &dd->nothing ); 165 if ( rc ) return rc; 166 rc = value_add_one( &c->rvalue_nvals, 167 &dd->nnothing ); 168 return rc; 169 } 170 rc = 0; 171 break; 172 case REFINT_MODIFIERSNAME: 173 if ( !BER_BVISEMPTY( &dd->refint_dn )) { 174 rc = value_add_one( &c->rvalue_vals, 175 &dd->refint_dn ); 176 if ( rc ) return rc; 177 rc = value_add_one( &c->rvalue_nvals, 178 &dd->refint_ndn ); 179 return rc; 180 } 181 rc = 0; 182 break; 183 default: 184 abort (); 185 } 186 break; 187 case LDAP_MOD_DELETE: 188 switch ( c->type ) { 189 case REFINT_ATTRS: 190 pipp = &dd->attrs; 191 if ( c->valx < 0 ) { 192 ip = *pipp; 193 *pipp = NULL; 194 while ( ip ) { 195 pip = ip; 196 ip = ip->next; 197 ch_free ( pip ); 198 } 199 } else { 200 /* delete from linked list */ 201 for ( i=0; i < c->valx; ++i ) { 202 pipp = &(*pipp)->next; 203 } 204 ip = *pipp; 205 *pipp = (*pipp)->next; 206 207 /* AttributeDescriptions are global so 208 * shouldn't be freed here... */ 209 ch_free ( ip ); 210 } 211 rc = 0; 212 break; 213 case REFINT_NOTHING: 214 ch_free( dd->nothing.bv_val ); 215 ch_free( dd->nnothing.bv_val ); 216 BER_BVZERO( &dd->nothing ); 217 BER_BVZERO( &dd->nnothing ); 218 rc = 0; 219 break; 220 case REFINT_MODIFIERSNAME: 221 ch_free( dd->refint_dn.bv_val ); 222 ch_free( dd->refint_ndn.bv_val ); 223 BER_BVZERO( &dd->refint_dn ); 224 BER_BVZERO( &dd->refint_ndn ); 225 rc = 0; 226 break; 227 default: 228 abort (); 229 } 230 break; 231 case SLAP_CONFIG_ADD: 232 /* fallthrough to LDAP_MOD_ADD */ 233 case LDAP_MOD_ADD: 234 switch ( c->type ) { 235 case REFINT_ATTRS: 236 rc = 0; 237 for ( i=1; i < c->argc; ++i ) { 238 ad = NULL; 239 if ( slap_str2ad ( c->argv[i], &ad, &text ) 240 == LDAP_SUCCESS) { 241 ip = ch_malloc ( 242 sizeof ( refint_attrs ) ); 243 ip->attr = ad; 244 ip->next = dd->attrs; 245 dd->attrs = ip; 246 } else { 247 snprintf( c->cr_msg, sizeof( c->cr_msg ), 248 "%s <%s>: %s", c->argv[0], c->argv[i], text ); 249 Debug ( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, 250 "%s: %s\n", c->log, c->cr_msg, 0 ); 251 rc = ARG_BAD_CONF; 252 } 253 } 254 break; 255 case REFINT_NOTHING: 256 if ( !BER_BVISNULL( &c->value_ndn )) { 257 ch_free ( dd->nothing.bv_val ); 258 ch_free ( dd->nnothing.bv_val ); 259 dd->nothing = c->value_dn; 260 dd->nnothing = c->value_ndn; 261 rc = 0; 262 } else { 263 rc = ARG_BAD_CONF; 264 } 265 break; 266 case REFINT_MODIFIERSNAME: 267 if ( !BER_BVISNULL( &c->value_ndn )) { 268 ch_free( dd->refint_dn.bv_val ); 269 ch_free( dd->refint_ndn.bv_val ); 270 dd->refint_dn = c->value_dn; 271 dd->refint_ndn = c->value_ndn; 272 rc = 0; 273 } else { 274 rc = ARG_BAD_CONF; 275 } 276 break; 277 default: 278 abort (); 279 } 280 break; 281 default: 282 abort (); 283 } 284 285 return rc; 286 } 287 288 /* 289 ** allocate new refint_data; 290 ** store in on_bi.bi_private; 291 ** 292 */ 293 294 static int 295 refint_db_init( 296 BackendDB *be, 297 ConfigReply *cr 298 ) 299 { 300 slap_overinst *on = (slap_overinst *)be->bd_info; 301 refint_data *id = ch_calloc(1,sizeof(refint_data)); 302 303 on->on_bi.bi_private = id; 304 ldap_pvt_thread_mutex_init( &id->qmutex ); 305 return(0); 306 } 307 308 static int 309 refint_db_destroy( 310 BackendDB *be, 311 ConfigReply *cr 312 ) 313 { 314 slap_overinst *on = (slap_overinst *)be->bd_info; 315 316 if ( on->on_bi.bi_private ) { 317 refint_data *id = on->on_bi.bi_private; 318 on->on_bi.bi_private = NULL; 319 ldap_pvt_thread_mutex_destroy( &id->qmutex ); 320 ch_free( id ); 321 } 322 return(0); 323 } 324 325 /* 326 ** initialize, copy basedn if not already set 327 ** 328 */ 329 330 static int 331 refint_open( 332 BackendDB *be, 333 ConfigReply *cr 334 ) 335 { 336 slap_overinst *on = (slap_overinst *)be->bd_info; 337 refint_data *id = on->on_bi.bi_private; 338 339 if ( BER_BVISNULL( &id->dn )) { 340 if ( BER_BVISNULL( &be->be_nsuffix[0] )) 341 return -1; 342 ber_dupbv( &id->dn, &be->be_nsuffix[0] ); 343 } 344 if ( BER_BVISNULL( &id->refint_dn ) ) { 345 ber_dupbv( &id->refint_dn, &refint_dn ); 346 ber_dupbv( &id->refint_ndn, &refint_ndn ); 347 } 348 return(0); 349 } 350 351 352 /* 353 ** foreach configured attribute: 354 ** free it; 355 ** free our basedn; 356 ** reset on_bi.bi_private; 357 ** free our config data; 358 ** 359 */ 360 361 static int 362 refint_close( 363 BackendDB *be, 364 ConfigReply *cr 365 ) 366 { 367 slap_overinst *on = (slap_overinst *) be->bd_info; 368 refint_data *id = on->on_bi.bi_private; 369 refint_attrs *ii, *ij; 370 371 for(ii = id->attrs; ii; ii = ij) { 372 ij = ii->next; 373 ch_free(ii); 374 } 375 id->attrs = NULL; 376 377 ch_free( id->dn.bv_val ); 378 BER_BVZERO( &id->dn ); 379 ch_free( id->nothing.bv_val ); 380 BER_BVZERO( &id->nothing ); 381 ch_free( id->nnothing.bv_val ); 382 BER_BVZERO( &id->nnothing ); 383 ch_free( id->refint_dn.bv_val ); 384 BER_BVZERO( &id->refint_dn ); 385 ch_free( id->refint_ndn.bv_val ); 386 BER_BVZERO( &id->refint_ndn ); 387 388 return(0); 389 } 390 391 /* 392 ** search callback 393 ** generates a list of Attributes from search results 394 */ 395 396 static int 397 refint_search_cb( 398 Operation *op, 399 SlapReply *rs 400 ) 401 { 402 Attribute *a; 403 BerVarray b = NULL; 404 refint_q *rq = op->o_callback->sc_private; 405 refint_data *dd = rq->rdata; 406 refint_attrs *ia, *da = dd->attrs, *na; 407 dependent_data *ip; 408 int i; 409 410 Debug(LDAP_DEBUG_TRACE, "refint_search_cb <%s>\n", 411 rs->sr_entry ? rs->sr_entry->e_name.bv_val : "NOTHING", 0, 0); 412 413 if (rs->sr_type != REP_SEARCH || !rs->sr_entry) return(0); 414 415 /* 416 ** foreach configured attribute type: 417 ** if this attr exists in the search result, 418 ** and it has a value matching the target: 419 ** allocate an attr; 420 ** if this is a delete and there's only one value: 421 ** allocate the same attr again; 422 ** 423 */ 424 425 ip = op->o_tmpalloc(sizeof(dependent_data), op->o_tmpmemctx ); 426 ber_dupbv_x( &ip->dn, &rs->sr_entry->e_name, op->o_tmpmemctx ); 427 ber_dupbv_x( &ip->ndn, &rs->sr_entry->e_nname, op->o_tmpmemctx ); 428 ip->next = rq->attrs; 429 rq->attrs = ip; 430 ip->attrs = NULL; 431 for(ia = da; ia; ia = ia->next) { 432 if ( (a = attr_find(rs->sr_entry->e_attrs, ia->attr) ) ) { 433 int first = -1, count = 0, deleted = 0; 434 435 na = NULL; 436 437 for(i = 0, b = a->a_nvals; b[i].bv_val; i++) { 438 count++; 439 440 if(dnIsSuffix(&b[i], &rq->oldndn)) { 441 /* first match? create structure */ 442 if ( na == NULL ) { 443 na = op->o_tmpcalloc( 1, 444 sizeof( refint_attrs ), 445 op->o_tmpmemctx ); 446 na->next = ip->attrs; 447 ip->attrs = na; 448 na->attr = ia->attr; 449 450 /* delete, or exact match? note it's first match */ 451 if ( BER_BVISEMPTY( &rq->newdn ) && 452 b[i].bv_len == rq->oldndn.bv_len ) 453 { 454 first = i; 455 } 456 } 457 458 /* if it's a rename, or a subordinate match, 459 * save old and build new dn */ 460 if ( !BER_BVISEMPTY( &rq->newdn ) && 461 b[i].bv_len != rq->oldndn.bv_len ) 462 { 463 struct berval newsub, newdn, olddn, oldndn; 464 465 /* if not first, save first as well */ 466 if ( first != -1 ) { 467 468 ber_dupbv_x( &olddn, &a->a_vals[first], op->o_tmpmemctx ); 469 ber_bvarray_add_x( &na->old_vals, &olddn, op->o_tmpmemctx ); 470 ber_dupbv_x( &oldndn, &a->a_nvals[first], op->o_tmpmemctx ); 471 ber_bvarray_add_x( &na->old_nvals, &oldndn, op->o_tmpmemctx ); 472 na->ra_numvals++; 473 474 newsub = a->a_vals[first]; 475 newsub.bv_len -= rq->olddn.bv_len + 1; 476 477 build_new_dn( &newdn, &rq->newdn, &newsub, op->o_tmpmemctx ); 478 479 ber_bvarray_add_x( &na->new_vals, &newdn, op->o_tmpmemctx ); 480 481 newsub = a->a_nvals[first]; 482 newsub.bv_len -= rq->oldndn.bv_len + 1; 483 484 build_new_dn( &newdn, &rq->newndn, &newsub, op->o_tmpmemctx ); 485 486 ber_bvarray_add_x( &na->new_nvals, &newdn, op->o_tmpmemctx ); 487 488 first = -1; 489 } 490 491 ber_dupbv_x( &olddn, &a->a_vals[i], op->o_tmpmemctx ); 492 ber_bvarray_add_x( &na->old_vals, &olddn, op->o_tmpmemctx ); 493 ber_dupbv_x( &oldndn, &a->a_nvals[i], op->o_tmpmemctx ); 494 ber_bvarray_add_x( &na->old_nvals, &oldndn, op->o_tmpmemctx ); 495 na->ra_numvals++; 496 497 newsub = a->a_vals[i]; 498 newsub.bv_len -= rq->olddn.bv_len + 1; 499 500 build_new_dn( &newdn, &rq->newdn, &newsub, op->o_tmpmemctx ); 501 502 ber_bvarray_add_x( &na->new_vals, &newdn, op->o_tmpmemctx ); 503 504 newsub = a->a_nvals[i]; 505 newsub.bv_len -= rq->oldndn.bv_len + 1; 506 507 build_new_dn( &newdn, &rq->newndn, &newsub, op->o_tmpmemctx ); 508 509 ber_bvarray_add_x( &na->new_nvals, &newdn, op->o_tmpmemctx ); 510 } 511 512 /* count deletes */ 513 if ( BER_BVISEMPTY( &rq->newdn ) ) { 514 deleted++; 515 } 516 } 517 518 /* If this is a delete and no value would be left, and 519 * we have a nothing DN configured, allocate the attr again. 520 */ 521 if ( count == deleted && !BER_BVISNULL(&dd->nothing) ) 522 { 523 na = op->o_tmpcalloc( 1, 524 sizeof( refint_attrs ), 525 op->o_tmpmemctx ); 526 na->next = ip->attrs; 527 ip->attrs = na; 528 na->attr = ia->attr; 529 } 530 531 Debug( LDAP_DEBUG_TRACE, "refint_search_cb: %s: %s (#%d)\n", 532 a->a_desc->ad_cname.bv_val, rq->olddn.bv_val, count ); 533 } 534 } 535 } 536 537 return(0); 538 } 539 540 static int 541 refint_repair( 542 Operation *op, 543 SlapReply *rs, 544 refint_data *id, 545 refint_q *rq ) 546 { 547 dependent_data *dp; 548 int rc; 549 550 op->o_callback->sc_response = refint_search_cb; 551 op->o_req_dn = op->o_bd->be_suffix[ 0 ]; 552 op->o_req_ndn = op->o_bd->be_nsuffix[ 0 ]; 553 op->o_dn = op->o_bd->be_rootdn; 554 op->o_ndn = op->o_bd->be_rootndn; 555 556 /* search */ 557 rc = op->o_bd->be_search( op, rs ); 558 559 if ( rc != LDAP_SUCCESS ) { 560 Debug( LDAP_DEBUG_TRACE, 561 "refint_repair: search failed: %d\n", 562 rc, 0, 0 ); 563 return 0; 564 } 565 566 /* safety? paranoid just in case */ 567 if ( op->o_callback->sc_private == NULL ) { 568 Debug( LDAP_DEBUG_TRACE, 569 "refint_repair: callback wiped out sc_private?!\n", 570 0, 0, 0 ); 571 return 0; 572 } 573 574 /* Set up the Modify requests */ 575 op->o_callback->sc_response = &slap_null_cb; 576 577 /* 578 * [our search callback builds a list of attrs] 579 * foreach attr: 580 * make sure its dn has a backend; 581 * build Modification* chain; 582 * call the backend modify function; 583 * 584 */ 585 586 for ( dp = rq->attrs; dp; dp = dp->next ) { 587 Operation op2 = *op; 588 SlapReply rs2 = { 0 }; 589 refint_attrs *ra; 590 Modifications *m; 591 592 op2.o_tag = LDAP_REQ_MODIFY; 593 op2.orm_modlist = NULL; 594 op2.o_req_dn = dp->dn; 595 op2.o_req_ndn = dp->ndn; 596 op2.o_bd = select_backend( &dp->ndn, 1 ); 597 if ( !op2.o_bd ) { 598 Debug( LDAP_DEBUG_TRACE, 599 "refint_repair: no backend for DN %s!\n", 600 dp->dn.bv_val, 0, 0 ); 601 continue; 602 } 603 604 rs2.sr_type = REP_RESULT; 605 for ( ra = dp->attrs; ra; ra = ra->next ) { 606 size_t len; 607 608 /* Set our ModifiersName */ 609 if ( SLAP_LASTMOD( op->o_bd ) ) { 610 m = op2.o_tmpalloc( sizeof(Modifications) + 611 4*sizeof(BerValue), op2.o_tmpmemctx ); 612 m->sml_next = op2.orm_modlist; 613 op2.orm_modlist = m; 614 m->sml_op = LDAP_MOD_REPLACE; 615 m->sml_flags = SLAP_MOD_INTERNAL; 616 m->sml_desc = slap_schema.si_ad_modifiersName; 617 m->sml_type = m->sml_desc->ad_cname; 618 m->sml_numvals = 1; 619 m->sml_values = (BerVarray)(m+1); 620 m->sml_nvalues = m->sml_values+2; 621 BER_BVZERO( &m->sml_values[1] ); 622 BER_BVZERO( &m->sml_nvalues[1] ); 623 m->sml_values[0] = id->refint_dn; 624 m->sml_nvalues[0] = id->refint_ndn; 625 } 626 if ( !BER_BVISEMPTY( &rq->newdn ) || ( ra->next && 627 ra->attr == ra->next->attr ) ) 628 { 629 len = sizeof(Modifications); 630 631 if ( ra->new_vals == NULL ) { 632 len += 4*sizeof(BerValue); 633 } 634 635 m = op2.o_tmpalloc( len, op2.o_tmpmemctx ); 636 m->sml_next = op2.orm_modlist; 637 op2.orm_modlist = m; 638 m->sml_op = LDAP_MOD_ADD; 639 m->sml_flags = 0; 640 m->sml_desc = ra->attr; 641 m->sml_type = ra->attr->ad_cname; 642 if ( ra->new_vals == NULL ) { 643 m->sml_values = (BerVarray)(m+1); 644 m->sml_nvalues = m->sml_values+2; 645 BER_BVZERO( &m->sml_values[1] ); 646 BER_BVZERO( &m->sml_nvalues[1] ); 647 m->sml_numvals = 1; 648 if ( BER_BVISEMPTY( &rq->newdn ) ) { 649 m->sml_values[0] = id->nothing; 650 m->sml_nvalues[0] = id->nnothing; 651 } else { 652 m->sml_values[0] = rq->newdn; 653 m->sml_nvalues[0] = rq->newndn; 654 } 655 } else { 656 m->sml_values = ra->new_vals; 657 m->sml_nvalues = ra->new_nvals; 658 m->sml_numvals = ra->ra_numvals; 659 } 660 } 661 662 len = sizeof(Modifications); 663 if ( ra->old_vals == NULL ) { 664 len += 4*sizeof(BerValue); 665 } 666 667 m = op2.o_tmpalloc( len, op2.o_tmpmemctx ); 668 m->sml_next = op2.orm_modlist; 669 op2.orm_modlist = m; 670 m->sml_op = LDAP_MOD_DELETE; 671 m->sml_flags = 0; 672 m->sml_desc = ra->attr; 673 m->sml_type = ra->attr->ad_cname; 674 if ( ra->old_vals == NULL ) { 675 m->sml_numvals = 1; 676 m->sml_values = (BerVarray)(m+1); 677 m->sml_nvalues = m->sml_values+2; 678 m->sml_values[0] = rq->olddn; 679 m->sml_nvalues[0] = rq->oldndn; 680 BER_BVZERO( &m->sml_values[1] ); 681 BER_BVZERO( &m->sml_nvalues[1] ); 682 } else { 683 m->sml_values = ra->old_vals; 684 m->sml_nvalues = ra->old_nvals; 685 m->sml_numvals = ra->ra_numvals; 686 } 687 } 688 689 op2.o_dn = op2.o_bd->be_rootdn; 690 op2.o_ndn = op2.o_bd->be_rootndn; 691 slap_op_time( &op2.o_time, &op2.o_tincr ); 692 if ( ( rc = op2.o_bd->be_modify( &op2, &rs2 ) ) != LDAP_SUCCESS ) { 693 Debug( LDAP_DEBUG_TRACE, 694 "refint_repair: dependent modify failed: %d\n", 695 rs2.sr_err, 0, 0 ); 696 } 697 698 while ( ( m = op2.orm_modlist ) ) { 699 op2.orm_modlist = m->sml_next; 700 op2.o_tmpfree( m, op2.o_tmpmemctx ); 701 } 702 } 703 704 return 0; 705 } 706 707 static void * 708 refint_qtask( void *ctx, void *arg ) 709 { 710 struct re_s *rtask = arg; 711 refint_data *id = rtask->arg; 712 Connection conn = {0}; 713 OperationBuffer opbuf; 714 Operation *op; 715 SlapReply rs = {REP_RESULT}; 716 slap_callback cb = { NULL, NULL, NULL, NULL }; 717 Filter ftop, *fptr; 718 refint_q *rq; 719 refint_attrs *ip; 720 721 connection_fake_init( &conn, &opbuf, ctx ); 722 op = &opbuf.ob_op; 723 724 /* 725 ** build a search filter for all configured attributes; 726 ** populate our Operation; 727 ** pass our data (attr list, dn) to backend via sc_private; 728 ** call the backend search function; 729 ** nb: (|(one=thing)) is valid, but do smart formatting anyway; 730 ** nb: 16 is arbitrarily a dozen or so extra bytes; 731 ** 732 */ 733 734 ftop.f_choice = LDAP_FILTER_OR; 735 ftop.f_next = NULL; 736 ftop.f_or = NULL; 737 op->ors_filter = &ftop; 738 for(ip = id->attrs; ip; ip = ip->next) { 739 fptr = op->o_tmpcalloc( sizeof(Filter) + sizeof(MatchingRuleAssertion), 740 1, op->o_tmpmemctx ); 741 /* Use (attr:dnSubtreeMatch:=value) to catch subtree rename 742 * and subtree delete where supported */ 743 fptr->f_choice = LDAP_FILTER_EXT; 744 fptr->f_mra = (MatchingRuleAssertion *)(fptr+1); 745 fptr->f_mr_rule = mr_dnSubtreeMatch; 746 fptr->f_mr_rule_text = mr_dnSubtreeMatch->smr_bvoid; 747 fptr->f_mr_desc = ip->attr; 748 fptr->f_mr_dnattrs = 0; 749 fptr->f_next = ftop.f_or; 750 ftop.f_or = fptr; 751 } 752 753 for (;;) { 754 dependent_data *dp, *dp_next; 755 refint_attrs *ra, *ra_next; 756 757 /* Dequeue an op */ 758 ldap_pvt_thread_mutex_lock( &id->qmutex ); 759 rq = id->qhead; 760 if ( rq ) { 761 id->qhead = rq->next; 762 if ( !id->qhead ) 763 id->qtail = NULL; 764 } 765 ldap_pvt_thread_mutex_unlock( &id->qmutex ); 766 if ( !rq ) 767 break; 768 769 for (fptr = ftop.f_or; fptr; fptr = fptr->f_next ) 770 fptr->f_mr_value = rq->oldndn; 771 772 filter2bv_x( op, op->ors_filter, &op->ors_filterstr ); 773 774 /* callback gets the searched dn instead */ 775 cb.sc_private = rq; 776 cb.sc_response = refint_search_cb; 777 op->o_callback = &cb; 778 op->o_tag = LDAP_REQ_SEARCH; 779 op->ors_scope = LDAP_SCOPE_SUBTREE; 780 op->ors_deref = LDAP_DEREF_NEVER; 781 op->ors_limit = NULL; 782 op->ors_slimit = SLAP_NO_LIMIT; 783 op->ors_tlimit = SLAP_NO_LIMIT; 784 785 /* no attrs! */ 786 op->ors_attrs = slap_anlist_no_attrs; 787 788 slap_op_time( &op->o_time, &op->o_tincr ); 789 790 if ( rq->db != NULL ) { 791 op->o_bd = rq->db; 792 refint_repair( op, &rs, id, rq ); 793 794 } else { 795 BackendDB *be; 796 797 LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) { 798 /* we may want to skip cn=config */ 799 if ( be == LDAP_STAILQ_FIRST(&backendDB) ) { 800 continue; 801 } 802 803 if ( be->be_search && be->be_modify ) { 804 op->o_bd = be; 805 refint_repair( op, &rs, id, rq ); 806 } 807 } 808 } 809 810 for ( dp = rq->attrs; dp; dp = dp_next ) { 811 dp_next = dp->next; 812 for ( ra = dp->attrs; ra; ra = ra_next ) { 813 ra_next = ra->next; 814 ber_bvarray_free_x( ra->new_nvals, op->o_tmpmemctx ); 815 ber_bvarray_free_x( ra->new_vals, op->o_tmpmemctx ); 816 ber_bvarray_free_x( ra->old_nvals, op->o_tmpmemctx ); 817 ber_bvarray_free_x( ra->old_vals, op->o_tmpmemctx ); 818 op->o_tmpfree( ra, op->o_tmpmemctx ); 819 } 820 op->o_tmpfree( dp->ndn.bv_val, op->o_tmpmemctx ); 821 op->o_tmpfree( dp->dn.bv_val, op->o_tmpmemctx ); 822 op->o_tmpfree( dp, op->o_tmpmemctx ); 823 } 824 op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx ); 825 826 if ( !BER_BVISNULL( &rq->newndn )) { 827 ch_free( rq->newndn.bv_val ); 828 ch_free( rq->newdn.bv_val ); 829 } 830 ch_free( rq->oldndn.bv_val ); 831 ch_free( rq->olddn.bv_val ); 832 ch_free( rq ); 833 } 834 835 /* free filter */ 836 for ( fptr = ftop.f_or; fptr; ) { 837 Filter *f_next = fptr->f_next; 838 op->o_tmpfree( fptr, op->o_tmpmemctx ); 839 fptr = f_next; 840 } 841 842 /* wait until we get explicitly scheduled again */ 843 ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex ); 844 ldap_pvt_runqueue_stoptask( &slapd_rq, id->qtask ); 845 ldap_pvt_runqueue_resched( &slapd_rq,id->qtask, 1 ); 846 ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex ); 847 848 return NULL; 849 } 850 851 /* 852 ** refint_response 853 ** search for matching records and modify them 854 */ 855 856 static int 857 refint_response( 858 Operation *op, 859 SlapReply *rs 860 ) 861 { 862 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; 863 refint_data *id = on->on_bi.bi_private; 864 BerValue pdn; 865 int ac; 866 refint_q *rq; 867 BackendDB *db = NULL; 868 refint_attrs *ip; 869 870 /* If the main op failed or is not a Delete or ModRdn, ignore it */ 871 if (( op->o_tag != LDAP_REQ_DELETE && op->o_tag != LDAP_REQ_MODRDN ) || 872 rs->sr_err != LDAP_SUCCESS ) 873 return SLAP_CB_CONTINUE; 874 875 /* 876 ** validate (and count) the list of attrs; 877 ** 878 */ 879 880 for(ip = id->attrs, ac = 0; ip; ip = ip->next, ac++); 881 if(!ac) { 882 Debug( LDAP_DEBUG_TRACE, 883 "refint_response called without any attributes\n", 0, 0, 0 ); 884 return SLAP_CB_CONTINUE; 885 } 886 887 /* 888 ** find the backend that matches our configured basedn; 889 ** make sure it exists and has search and modify methods; 890 ** 891 */ 892 893 if ( on->on_info->oi_origdb != frontendDB ) { 894 db = select_backend(&id->dn, 1); 895 896 if ( db ) { 897 if ( !db->be_search || !db->be_modify ) { 898 Debug( LDAP_DEBUG_TRACE, 899 "refint_response: backend missing search and/or modify\n", 900 0, 0, 0 ); 901 return SLAP_CB_CONTINUE; 902 } 903 } else { 904 Debug( LDAP_DEBUG_TRACE, 905 "refint_response: no backend for our baseDN %s??\n", 906 id->dn.bv_val, 0, 0 ); 907 return SLAP_CB_CONTINUE; 908 } 909 } 910 911 rq = ch_calloc( 1, sizeof( refint_q )); 912 ber_dupbv( &rq->olddn, &op->o_req_dn ); 913 ber_dupbv( &rq->oldndn, &op->o_req_ndn ); 914 rq->db = db; 915 rq->rdata = id; 916 917 if ( op->o_tag == LDAP_REQ_MODRDN ) { 918 if ( op->oq_modrdn.rs_newSup ) { 919 pdn = *op->oq_modrdn.rs_newSup; 920 } else { 921 dnParent( &op->o_req_dn, &pdn ); 922 } 923 build_new_dn( &rq->newdn, &pdn, &op->orr_newrdn, NULL ); 924 if ( op->oq_modrdn.rs_nnewSup ) { 925 pdn = *op->oq_modrdn.rs_nnewSup; 926 } else { 927 dnParent( &op->o_req_ndn, &pdn ); 928 } 929 build_new_dn( &rq->newndn, &pdn, &op->orr_nnewrdn, NULL ); 930 } 931 932 ldap_pvt_thread_mutex_lock( &id->qmutex ); 933 if ( id->qtail ) { 934 id->qtail->next = rq; 935 } else { 936 id->qhead = rq; 937 } 938 id->qtail = rq; 939 ldap_pvt_thread_mutex_unlock( &id->qmutex ); 940 941 ac = 0; 942 ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex ); 943 if ( !id->qtask ) { 944 id->qtask = ldap_pvt_runqueue_insert( &slapd_rq, RUNQ_INTERVAL, 945 refint_qtask, id, "refint_qtask", 946 op->o_bd->be_suffix[0].bv_val ); 947 ac = 1; 948 } else { 949 if ( !ldap_pvt_runqueue_isrunning( &slapd_rq, id->qtask ) && 950 !id->qtask->next_sched.tv_sec ) { 951 id->qtask->interval.tv_sec = 0; 952 ldap_pvt_runqueue_resched( &slapd_rq, id->qtask, 0 ); 953 id->qtask->interval.tv_sec = RUNQ_INTERVAL; 954 ac = 1; 955 } 956 } 957 ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex ); 958 if ( ac ) 959 slap_wake_listener(); 960 961 return SLAP_CB_CONTINUE; 962 } 963 964 /* 965 ** init_module is last so the symbols resolve "for free" -- 966 ** it expects to be called automagically during dynamic module initialization 967 */ 968 969 int refint_initialize() { 970 int rc; 971 972 mr_dnSubtreeMatch = mr_find( "dnSubtreeMatch" ); 973 if ( mr_dnSubtreeMatch == NULL ) { 974 Debug( LDAP_DEBUG_ANY, "refint_initialize: " 975 "unable to find MatchingRule 'dnSubtreeMatch'.\n", 976 0, 0, 0 ); 977 return 1; 978 } 979 980 /* statically declared just after the #includes at top */ 981 refint.on_bi.bi_type = "refint"; 982 refint.on_bi.bi_db_init = refint_db_init; 983 refint.on_bi.bi_db_destroy = refint_db_destroy; 984 refint.on_bi.bi_db_open = refint_open; 985 refint.on_bi.bi_db_close = refint_close; 986 refint.on_response = refint_response; 987 988 refint.on_bi.bi_cf_ocs = refintocs; 989 rc = config_register_schema ( refintcfg, refintocs ); 990 if ( rc ) return rc; 991 992 return(overlay_register(&refint)); 993 } 994 995 #if SLAPD_OVER_REFINT == SLAPD_MOD_DYNAMIC && defined(PIC) 996 int init_module(int argc, char *argv[]) { 997 return refint_initialize(); 998 } 999 #endif 1000 1001 #endif /* SLAPD_OVER_REFINT */ 1002