openldap/servers/slapd/back-sql/entry-id.c

1078 lines
27 KiB
C
Raw Normal View History

2003-12-08 03:19:18 +08:00
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
2000-03-17 03:08:22 +08:00
*
2007-01-03 04:00:42 +08:00
* Copyright 1999-2007 The OpenLDAP Foundation.
2003-12-08 03:19:18 +08:00
* Portions Copyright 1999 Dmitry Kovalev.
* Portions Copyright 2002 Pierangelo Masarati.
2005-01-02 04:43:42 +08:00
* Portions Copyright 2004 Mark Adamson.
2003-12-08 03:19:18 +08:00
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Dmitry Kovalev for inclusion
* by OpenLDAP Software. Additional significant contributors include
* Pierangelo Masarati and Mark Adamson.
2000-03-17 03:08:22 +08:00
*/
#include "portable.h"
#include <stdio.h>
#include <sys/types.h>
#include "ac/string.h"
2005-11-24 09:10:05 +08:00
#include "lutil.h"
2000-03-17 03:08:22 +08:00
#include "slap.h"
#include "proto-sql.h"
2000-03-17 03:08:22 +08:00
#ifdef BACKSQL_ARBITRARY_KEY
struct berval backsql_baseObject_bv = BER_BVC( BACKSQL_BASEOBJECT_IDSTR );
#endif /* BACKSQL_ARBITRARY_KEY */
backsql_entryID *
2005-01-16 02:43:34 +08:00
backsql_free_entryID( Operation *op, backsql_entryID *id, int freeit )
2000-03-17 03:08:22 +08:00
{
backsql_entryID *next;
assert( id != NULL );
next = id->eid_next;
if ( !BER_BVISNULL( &id->eid_ndn ) ) {
if ( !BER_BVISNULL( &id->eid_dn )
&& id->eid_dn.bv_val != id->eid_ndn.bv_val )
{
2005-01-16 02:43:34 +08:00
op->o_tmpfree( id->eid_dn.bv_val, op->o_tmpmemctx );
BER_BVZERO( &id->eid_dn );
}
2005-01-16 02:43:34 +08:00
op->o_tmpfree( id->eid_ndn.bv_val, op->o_tmpmemctx );
BER_BVZERO( &id->eid_ndn );
}
#ifdef BACKSQL_ARBITRARY_KEY
2005-01-16 02:43:34 +08:00
if ( !BER_BVISNULL( &id->eid_id ) ) {
op->o_tmpfree( id->eid_id.bv_val, op->o_tmpmemctx );
BER_BVZERO( &id->eid_id );
}
2005-01-16 02:43:34 +08:00
if ( !BER_BVISNULL( &id->eid_keyval ) ) {
op->o_tmpfree( id->eid_keyval.bv_val, op->o_tmpmemctx );
BER_BVZERO( &id->eid_keyval );
}
#endif /* BACKSQL_ARBITRARY_KEY */
if ( freeit ) {
2005-01-16 02:43:34 +08:00
op->o_tmpfree( id, op->o_tmpmemctx );
}
return next;
2000-03-17 03:08:22 +08:00
}
/*
* NOTE: the dn must be normalized
*/
int
backsql_dn2id(
Operation *op,
SlapReply *rs,
SQLHDBC dbh,
struct berval *ndn,
backsql_entryID *id,
int matched,
int muck )
2000-03-17 03:08:22 +08:00
{
backsql_info *bi = op->o_bd->be_private;
SQLHSTMT sth = SQL_NULL_HSTMT;
BACKSQL_ROW_NTS row = { 0 };
RETCODE rc;
int res;
struct berval realndn = BER_BVNULL;
/* TimesTen */
char upperdn[ BACKSQL_MAX_DN_LEN + 1 ];
struct berval tbbDN;
int i, j;
/*
* NOTE: id can be NULL; in this case, the function
* simply checks whether the DN can be successfully
* turned into an ID, returning LDAP_SUCCESS for
* positive cases, or the most appropriate error
*/
Debug( LDAP_DEBUG_TRACE, "==>backsql_dn2id(\"%s\")%s%s\n",
ndn->bv_val, id == NULL ? " (no ID expected)" : "",
matched ? " matched expected" : "" );
2005-01-16 02:43:34 +08:00
if ( id ) {
/* NOTE: trap inconsistencies */
assert( BER_BVISNULL( &id->eid_ndn ) );
}
if ( ndn->bv_len > BACKSQL_MAX_DN_LEN ) {
Debug( LDAP_DEBUG_TRACE,
" backsql_dn2id(\"%s\"): DN length=%ld "
"exceeds max DN length %d:\n",
ndn->bv_val, ndn->bv_len, BACKSQL_MAX_DN_LEN );
return LDAP_OTHER;
}
/* return baseObject if available and matches */
/* FIXME: if ndn is already mucked, we cannot check this */
if ( bi->sql_baseObject != NULL &&
dn_match( ndn, &bi->sql_baseObject->e_nname ) )
{
if ( id != NULL ) {
#ifdef BACKSQL_ARBITRARY_KEY
2005-01-16 02:43:34 +08:00
ber_dupbv_x( &id->eid_id, &backsql_baseObject_bv,
op->o_tmpmemctx );
ber_dupbv_x( &id->eid_keyval, &backsql_baseObject_bv,
op->o_tmpmemctx );
#else /* ! BACKSQL_ARBITRARY_KEY */
id->eid_id = BACKSQL_BASEOBJECT_ID;
id->eid_keyval = BACKSQL_BASEOBJECT_KEYVAL;
#endif /* ! BACKSQL_ARBITRARY_KEY */
id->eid_oc_id = BACKSQL_BASEOBJECT_OC;
2005-01-16 02:43:34 +08:00
ber_dupbv_x( &id->eid_ndn, &bi->sql_baseObject->e_nname,
op->o_tmpmemctx );
ber_dupbv_x( &id->eid_dn, &bi->sql_baseObject->e_name,
op->o_tmpmemctx );
id->eid_next = NULL;
}
return LDAP_SUCCESS;
}
/* begin TimesTen */
Debug( LDAP_DEBUG_TRACE, " backsql_dn2id(\"%s\"): id_query \"%s\"\n",
ndn->bv_val, bi->sql_id_query, 0 );
assert( bi->sql_id_query != NULL );
2004-10-02 20:05:42 +08:00
rc = backsql_Prepare( dbh, &sth, bi->sql_id_query, 0 );
if ( rc != SQL_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
" backsql_dn2id(\"%s\"): "
"error preparing SQL:\n %s",
ndn->bv_val, bi->sql_id_query, 0 );
2004-10-02 20:05:42 +08:00
backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
res = LDAP_OTHER;
goto done;
}
realndn = *ndn;
if ( muck ) {
if ( backsql_api_dn2odbc( op, rs, &realndn ) ) {
Debug( LDAP_DEBUG_TRACE, " backsql_dn2id(\"%s\"): "
"backsql_api_dn2odbc(\"%s\") failed\n",
ndn->bv_val, realndn.bv_val, 0 );
res = LDAP_OTHER;
goto done;
}
}
Final run of changes to back-sql; IBM db2 support has been tested. Now related ITSes need be audited and possibly closed. Enhancements: - re-styled code for better readability - upgraded backend API to reflect recent changes - LDAP schema is checked when loading SQL/LDAP mapping - AttributeDescription/ObjectClass pointers used for more efficient mapping lookup - bervals used where string length is required often - atomized write operations by committing at the end of each operation and defaulting connection closure to rollback - added LDAP access control to write operations - fully implemented modrdn (with rdn attrs change, deleteoldrdn, access check, parent/children check and more) - added parent access control, children control to delete operation - added structuralObjectClass operational attribute check and value return on search - added hasSubordinate operational attribute on demand - search limits are appropriately enforced - function backsql_strcat() has been made more efficient - concat function has been made configurable by means of a pattern - added config switches: - fail_if_no_mapping write operations fail if there is no mapping - has_ldapinfo_dn_ru overrides autodetect - concat_pattern a string containing two '?' is used (note that "?||?" should be more portable than builtin function "CONCAT(?,?)") - strcast_func cast of string constants in "SELECT DISTINCT statements (needed by PostgreSQL) - upper_needs_cast cast the argument of upper when required (basically when building dn substring queries) Todo: - add security checks for SQL statements that can be injected (?) - re-test with previously supported RDBMs - replace dn_ru and so with normalized dn (no need for upper() and so in dn match) - implement a backsql_normalize() function to replace the upper() conversion routines - note that subtree deletion, subtree renaming and so could be easily implemented (rollback and consistency checks are available :) - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 16:54:08 +08:00
if ( BACKSQL_HAS_LDAPINFO_DN_RU( bi ) ) {
/*
* Prepare an upper cased, byte reversed version
* that can be searched using indexes
*/
for ( i = 0, j = realndn.bv_len - 1; realndn.bv_val[ i ]; i++, j--)
{
upperdn[ i ] = realndn.bv_val[ j ];
}
upperdn[ i ] = '\0';
ldap_pvt_str2upper( upperdn );
Debug( LDAP_DEBUG_TRACE, " backsql_dn2id(\"%s\"): "
"upperdn=\"%s\"\n",
ndn->bv_val, upperdn, 0 );
ber_str2bv( upperdn, 0, 0, &tbbDN );
} else {
Final run of changes to back-sql; IBM db2 support has been tested. Now related ITSes need be audited and possibly closed. Enhancements: - re-styled code for better readability - upgraded backend API to reflect recent changes - LDAP schema is checked when loading SQL/LDAP mapping - AttributeDescription/ObjectClass pointers used for more efficient mapping lookup - bervals used where string length is required often - atomized write operations by committing at the end of each operation and defaulting connection closure to rollback - added LDAP access control to write operations - fully implemented modrdn (with rdn attrs change, deleteoldrdn, access check, parent/children check and more) - added parent access control, children control to delete operation - added structuralObjectClass operational attribute check and value return on search - added hasSubordinate operational attribute on demand - search limits are appropriately enforced - function backsql_strcat() has been made more efficient - concat function has been made configurable by means of a pattern - added config switches: - fail_if_no_mapping write operations fail if there is no mapping - has_ldapinfo_dn_ru overrides autodetect - concat_pattern a string containing two '?' is used (note that "?||?" should be more portable than builtin function "CONCAT(?,?)") - strcast_func cast of string constants in "SELECT DISTINCT statements (needed by PostgreSQL) - upper_needs_cast cast the argument of upper when required (basically when building dn substring queries) Todo: - add security checks for SQL statements that can be injected (?) - re-test with previously supported RDBMs - replace dn_ru and so with normalized dn (no need for upper() and so in dn match) - implement a backsql_normalize() function to replace the upper() conversion routines - note that subtree deletion, subtree renaming and so could be easily implemented (rollback and consistency checks are available :) - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 16:54:08 +08:00
if ( BACKSQL_USE_REVERSE_DN( bi ) ) {
AC_MEMCPY( upperdn, realndn.bv_val, realndn.bv_len + 1 );
ldap_pvt_str2upper( upperdn );
Debug( LDAP_DEBUG_TRACE,
" backsql_dn2id(\"%s\"): "
"upperdn=\"%s\"\n",
ndn->bv_val, upperdn, 0 );
ber_str2bv( upperdn, 0, 0, &tbbDN );
} else {
tbbDN = realndn;
}
}
rc = backsql_BindParamBerVal( sth, 1, SQL_PARAM_INPUT, &tbbDN );
if ( rc != SQL_SUCCESS) {
/* end TimesTen */
Debug( LDAP_DEBUG_TRACE, " backsql_dn2id(\"%s\"): "
Final run of changes to back-sql; IBM db2 support has been tested. Now related ITSes need be audited and possibly closed. Enhancements: - re-styled code for better readability - upgraded backend API to reflect recent changes - LDAP schema is checked when loading SQL/LDAP mapping - AttributeDescription/ObjectClass pointers used for more efficient mapping lookup - bervals used where string length is required often - atomized write operations by committing at the end of each operation and defaulting connection closure to rollback - added LDAP access control to write operations - fully implemented modrdn (with rdn attrs change, deleteoldrdn, access check, parent/children check and more) - added parent access control, children control to delete operation - added structuralObjectClass operational attribute check and value return on search - added hasSubordinate operational attribute on demand - search limits are appropriately enforced - function backsql_strcat() has been made more efficient - concat function has been made configurable by means of a pattern - added config switches: - fail_if_no_mapping write operations fail if there is no mapping - has_ldapinfo_dn_ru overrides autodetect - concat_pattern a string containing two '?' is used (note that "?||?" should be more portable than builtin function "CONCAT(?,?)") - strcast_func cast of string constants in "SELECT DISTINCT statements (needed by PostgreSQL) - upper_needs_cast cast the argument of upper when required (basically when building dn substring queries) Todo: - add security checks for SQL statements that can be injected (?) - re-test with previously supported RDBMs - replace dn_ru and so with normalized dn (no need for upper() and so in dn match) - implement a backsql_normalize() function to replace the upper() conversion routines - note that subtree deletion, subtree renaming and so could be easily implemented (rollback and consistency checks are available :) - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 16:54:08 +08:00
"error binding dn=\"%s\" parameter:\n",
ndn->bv_val, tbbDN.bv_val, 0 );
2004-10-02 20:05:42 +08:00
backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
res = LDAP_OTHER;
goto done;
}
2000-03-17 03:08:22 +08:00
rc = SQLExecute( sth );
if ( rc != SQL_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, " backsql_dn2id(\"%s\"): "
"error executing query (\"%s\", \"%s\"):\n",
ndn->bv_val, bi->sql_id_query, tbbDN.bv_val );
2004-10-02 20:05:42 +08:00
backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
res = LDAP_OTHER;
goto done;
}
2000-03-17 03:08:22 +08:00
2005-07-26 06:11:09 +08:00
backsql_BindRowAsStrings_x( sth, &row, op->o_tmpmemctx );
rc = SQLFetch( sth );
if ( BACKSQL_SUCCESS( rc ) ) {
char buf[ SLAP_TEXT_BUFLEN ];
#ifdef LDAP_DEBUG
snprintf( buf, sizeof(buf),
"id=%s keyval=%s oc_id=%s dn=%s",
row.cols[ 0 ], row.cols[ 1 ],
row.cols[ 2 ], row.cols[ 3 ] );
Debug( LDAP_DEBUG_TRACE,
" backsql_dn2id(\"%s\"): %s\n",
ndn->bv_val, buf, 0 );
#endif /* LDAP_DEBUG */
res = LDAP_SUCCESS;
if ( id != NULL ) {
struct berval dn;
2005-11-24 09:10:05 +08:00
id->eid_next = NULL;
#ifdef BACKSQL_ARBITRARY_KEY
2005-01-16 02:43:34 +08:00
ber_str2bv_x( row.cols[ 0 ], 0, 1, &id->eid_id,
op->o_tmpmemctx );
ber_str2bv_x( row.cols[ 1 ], 0, 1, &id->eid_keyval,
op->o_tmpmemctx );
#else /* ! BACKSQL_ARBITRARY_KEY */
2005-11-24 09:10:05 +08:00
if ( lutil_atoulx( &id->eid_id, row.cols[ 0 ], 0 ) != 0 ) {
res = LDAP_OTHER;
goto done;
}
if ( lutil_atoulx( &id->eid_keyval, row.cols[ 1 ], 0 ) != 0 ) {
res = LDAP_OTHER;
goto done;
}
#endif /* ! BACKSQL_ARBITRARY_KEY */
2005-11-24 09:10:05 +08:00
if ( lutil_atoulx( &id->eid_oc_id, row.cols[ 2 ], 0 ) != 0 ) {
res = LDAP_OTHER;
goto done;
}
ber_str2bv( row.cols[ 3 ], 0, 0, &dn );
if ( backsql_api_odbc2dn( op, rs, &dn ) ) {
res = LDAP_OTHER;
2005-11-24 09:10:05 +08:00
goto done;
}
res = dnPrettyNormal( NULL, &dn,
&id->eid_dn, &id->eid_ndn,
op->o_tmpmemctx );
if ( res != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
" backsql_dn2id(\"%s\"): "
"dnPrettyNormal failed (%d: %s)\n",
realndn.bv_val, res,
ldap_err2string( res ) );
/* cleanup... */
(void)backsql_free_entryID( op, id, 0 );
}
2005-11-24 09:10:05 +08:00
if ( dn.bv_val != row.cols[ 3 ] ) {
free( dn.bv_val );
}
}
} else {
res = LDAP_NO_SUCH_OBJECT;
2005-01-16 02:43:34 +08:00
if ( matched ) {
struct berval pdn = *ndn;
/*
* Look for matched
*/
rs->sr_matched = NULL;
while ( !be_issuffix( op->o_bd, &pdn ) ) {
char *matchedDN = NULL;
2005-03-31 06:29:54 +08:00
dnParent( &pdn, &pdn );
2005-01-16 02:43:34 +08:00
/*
* Empty DN ("") defaults to LDAP_SUCCESS
*/
rs->sr_err = backsql_dn2id( op, rs, dbh, &pdn, id, 0, 1 );
switch ( rs->sr_err ) {
case LDAP_NO_SUCH_OBJECT:
/* try another one */
break;
case LDAP_SUCCESS:
matchedDN = pdn.bv_val;
/* fail over to next case */
default:
rs->sr_err = LDAP_NO_SUCH_OBJECT;
rs->sr_matched = matchedDN;
goto done;
}
}
}
}
done:;
2005-07-26 06:11:09 +08:00
backsql_FreeRow_x( &row, op->o_tmpmemctx );
Debug( LDAP_DEBUG_TRACE,
"<==backsql_dn2id(\"%s\"): err=%d\n",
ndn->bv_val, res, 0 );
if ( sth != SQL_NULL_HSTMT ) {
SQLFreeStmt( sth, SQL_DROP );
}
if ( !BER_BVISNULL( &realndn ) && realndn.bv_val != ndn->bv_val ) {
ch_free( realndn.bv_val );
}
return res;
}
Final run of changes to back-sql; IBM db2 support has been tested. Now related ITSes need be audited and possibly closed. Enhancements: - re-styled code for better readability - upgraded backend API to reflect recent changes - LDAP schema is checked when loading SQL/LDAP mapping - AttributeDescription/ObjectClass pointers used for more efficient mapping lookup - bervals used where string length is required often - atomized write operations by committing at the end of each operation and defaulting connection closure to rollback - added LDAP access control to write operations - fully implemented modrdn (with rdn attrs change, deleteoldrdn, access check, parent/children check and more) - added parent access control, children control to delete operation - added structuralObjectClass operational attribute check and value return on search - added hasSubordinate operational attribute on demand - search limits are appropriately enforced - function backsql_strcat() has been made more efficient - concat function has been made configurable by means of a pattern - added config switches: - fail_if_no_mapping write operations fail if there is no mapping - has_ldapinfo_dn_ru overrides autodetect - concat_pattern a string containing two '?' is used (note that "?||?" should be more portable than builtin function "CONCAT(?,?)") - strcast_func cast of string constants in "SELECT DISTINCT statements (needed by PostgreSQL) - upper_needs_cast cast the argument of upper when required (basically when building dn substring queries) Todo: - add security checks for SQL statements that can be injected (?) - re-test with previously supported RDBMs - replace dn_ru and so with normalized dn (no need for upper() and so in dn match) - implement a backsql_normalize() function to replace the upper() conversion routines - note that subtree deletion, subtree renaming and so could be easily implemented (rollback and consistency checks are available :) - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 16:54:08 +08:00
int
2002-09-03 03:39:31 +08:00
backsql_count_children(
2005-07-26 06:11:09 +08:00
Operation *op,
Final run of changes to back-sql; IBM db2 support has been tested. Now related ITSes need be audited and possibly closed. Enhancements: - re-styled code for better readability - upgraded backend API to reflect recent changes - LDAP schema is checked when loading SQL/LDAP mapping - AttributeDescription/ObjectClass pointers used for more efficient mapping lookup - bervals used where string length is required often - atomized write operations by committing at the end of each operation and defaulting connection closure to rollback - added LDAP access control to write operations - fully implemented modrdn (with rdn attrs change, deleteoldrdn, access check, parent/children check and more) - added parent access control, children control to delete operation - added structuralObjectClass operational attribute check and value return on search - added hasSubordinate operational attribute on demand - search limits are appropriately enforced - function backsql_strcat() has been made more efficient - concat function has been made configurable by means of a pattern - added config switches: - fail_if_no_mapping write operations fail if there is no mapping - has_ldapinfo_dn_ru overrides autodetect - concat_pattern a string containing two '?' is used (note that "?||?" should be more portable than builtin function "CONCAT(?,?)") - strcast_func cast of string constants in "SELECT DISTINCT statements (needed by PostgreSQL) - upper_needs_cast cast the argument of upper when required (basically when building dn substring queries) Todo: - add security checks for SQL statements that can be injected (?) - re-test with previously supported RDBMs - replace dn_ru and so with normalized dn (no need for upper() and so in dn match) - implement a backsql_normalize() function to replace the upper() conversion routines - note that subtree deletion, subtree renaming and so could be easily implemented (rollback and consistency checks are available :) - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 16:54:08 +08:00
SQLHDBC dbh,
2002-09-03 03:39:31 +08:00
struct berval *dn,
unsigned long *nchildren )
Final run of changes to back-sql; IBM db2 support has been tested. Now related ITSes need be audited and possibly closed. Enhancements: - re-styled code for better readability - upgraded backend API to reflect recent changes - LDAP schema is checked when loading SQL/LDAP mapping - AttributeDescription/ObjectClass pointers used for more efficient mapping lookup - bervals used where string length is required often - atomized write operations by committing at the end of each operation and defaulting connection closure to rollback - added LDAP access control to write operations - fully implemented modrdn (with rdn attrs change, deleteoldrdn, access check, parent/children check and more) - added parent access control, children control to delete operation - added structuralObjectClass operational attribute check and value return on search - added hasSubordinate operational attribute on demand - search limits are appropriately enforced - function backsql_strcat() has been made more efficient - concat function has been made configurable by means of a pattern - added config switches: - fail_if_no_mapping write operations fail if there is no mapping - has_ldapinfo_dn_ru overrides autodetect - concat_pattern a string containing two '?' is used (note that "?||?" should be more portable than builtin function "CONCAT(?,?)") - strcast_func cast of string constants in "SELECT DISTINCT statements (needed by PostgreSQL) - upper_needs_cast cast the argument of upper when required (basically when building dn substring queries) Todo: - add security checks for SQL statements that can be injected (?) - re-test with previously supported RDBMs - replace dn_ru and so with normalized dn (no need for upper() and so in dn match) - implement a backsql_normalize() function to replace the upper() conversion routines - note that subtree deletion, subtree renaming and so could be easily implemented (rollback and consistency checks are available :) - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 16:54:08 +08:00
{
2005-07-26 06:11:09 +08:00
backsql_info *bi = (backsql_info *)op->o_bd->be_private;
SQLHSTMT sth = SQL_NULL_HSTMT;
Final run of changes to back-sql; IBM db2 support has been tested. Now related ITSes need be audited and possibly closed. Enhancements: - re-styled code for better readability - upgraded backend API to reflect recent changes - LDAP schema is checked when loading SQL/LDAP mapping - AttributeDescription/ObjectClass pointers used for more efficient mapping lookup - bervals used where string length is required often - atomized write operations by committing at the end of each operation and defaulting connection closure to rollback - added LDAP access control to write operations - fully implemented modrdn (with rdn attrs change, deleteoldrdn, access check, parent/children check and more) - added parent access control, children control to delete operation - added structuralObjectClass operational attribute check and value return on search - added hasSubordinate operational attribute on demand - search limits are appropriately enforced - function backsql_strcat() has been made more efficient - concat function has been made configurable by means of a pattern - added config switches: - fail_if_no_mapping write operations fail if there is no mapping - has_ldapinfo_dn_ru overrides autodetect - concat_pattern a string containing two '?' is used (note that "?||?" should be more portable than builtin function "CONCAT(?,?)") - strcast_func cast of string constants in "SELECT DISTINCT statements (needed by PostgreSQL) - upper_needs_cast cast the argument of upper when required (basically when building dn substring queries) Todo: - add security checks for SQL statements that can be injected (?) - re-test with previously supported RDBMs - replace dn_ru and so with normalized dn (no need for upper() and so in dn match) - implement a backsql_normalize() function to replace the upper() conversion routines - note that subtree deletion, subtree renaming and so could be easily implemented (rollback and consistency checks are available :) - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 16:54:08 +08:00
BACKSQL_ROW_NTS row;
RETCODE rc;
2002-09-03 03:39:31 +08:00
int res = LDAP_SUCCESS;
Final run of changes to back-sql; IBM db2 support has been tested. Now related ITSes need be audited and possibly closed. Enhancements: - re-styled code for better readability - upgraded backend API to reflect recent changes - LDAP schema is checked when loading SQL/LDAP mapping - AttributeDescription/ObjectClass pointers used for more efficient mapping lookup - bervals used where string length is required often - atomized write operations by committing at the end of each operation and defaulting connection closure to rollback - added LDAP access control to write operations - fully implemented modrdn (with rdn attrs change, deleteoldrdn, access check, parent/children check and more) - added parent access control, children control to delete operation - added structuralObjectClass operational attribute check and value return on search - added hasSubordinate operational attribute on demand - search limits are appropriately enforced - function backsql_strcat() has been made more efficient - concat function has been made configurable by means of a pattern - added config switches: - fail_if_no_mapping write operations fail if there is no mapping - has_ldapinfo_dn_ru overrides autodetect - concat_pattern a string containing two '?' is used (note that "?||?" should be more portable than builtin function "CONCAT(?,?)") - strcast_func cast of string constants in "SELECT DISTINCT statements (needed by PostgreSQL) - upper_needs_cast cast the argument of upper when required (basically when building dn substring queries) Todo: - add security checks for SQL statements that can be injected (?) - re-test with previously supported RDBMs - replace dn_ru and so with normalized dn (no need for upper() and so in dn match) - implement a backsql_normalize() function to replace the upper() conversion routines - note that subtree deletion, subtree renaming and so could be easily implemented (rollback and consistency checks are available :) - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 16:54:08 +08:00
Debug( LDAP_DEBUG_TRACE, "==>backsql_count_children(): dn=\"%s\"\n",
Final run of changes to back-sql; IBM db2 support has been tested. Now related ITSes need be audited and possibly closed. Enhancements: - re-styled code for better readability - upgraded backend API to reflect recent changes - LDAP schema is checked when loading SQL/LDAP mapping - AttributeDescription/ObjectClass pointers used for more efficient mapping lookup - bervals used where string length is required often - atomized write operations by committing at the end of each operation and defaulting connection closure to rollback - added LDAP access control to write operations - fully implemented modrdn (with rdn attrs change, deleteoldrdn, access check, parent/children check and more) - added parent access control, children control to delete operation - added structuralObjectClass operational attribute check and value return on search - added hasSubordinate operational attribute on demand - search limits are appropriately enforced - function backsql_strcat() has been made more efficient - concat function has been made configurable by means of a pattern - added config switches: - fail_if_no_mapping write operations fail if there is no mapping - has_ldapinfo_dn_ru overrides autodetect - concat_pattern a string containing two '?' is used (note that "?||?" should be more portable than builtin function "CONCAT(?,?)") - strcast_func cast of string constants in "SELECT DISTINCT statements (needed by PostgreSQL) - upper_needs_cast cast the argument of upper when required (basically when building dn substring queries) Todo: - add security checks for SQL statements that can be injected (?) - re-test with previously supported RDBMs - replace dn_ru and so with normalized dn (no need for upper() and so in dn match) - implement a backsql_normalize() function to replace the upper() conversion routines - note that subtree deletion, subtree renaming and so could be easily implemented (rollback and consistency checks are available :) - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 16:54:08 +08:00
dn->bv_val, 0, 0 );
if ( dn->bv_len > BACKSQL_MAX_DN_LEN ) {
Debug( LDAP_DEBUG_TRACE,
2002-09-03 03:39:31 +08:00
"backsql_count_children(): DN \"%s\" (%ld bytes) "
Final run of changes to back-sql; IBM db2 support has been tested. Now related ITSes need be audited and possibly closed. Enhancements: - re-styled code for better readability - upgraded backend API to reflect recent changes - LDAP schema is checked when loading SQL/LDAP mapping - AttributeDescription/ObjectClass pointers used for more efficient mapping lookup - bervals used where string length is required often - atomized write operations by committing at the end of each operation and defaulting connection closure to rollback - added LDAP access control to write operations - fully implemented modrdn (with rdn attrs change, deleteoldrdn, access check, parent/children check and more) - added parent access control, children control to delete operation - added structuralObjectClass operational attribute check and value return on search - added hasSubordinate operational attribute on demand - search limits are appropriately enforced - function backsql_strcat() has been made more efficient - concat function has been made configurable by means of a pattern - added config switches: - fail_if_no_mapping write operations fail if there is no mapping - has_ldapinfo_dn_ru overrides autodetect - concat_pattern a string containing two '?' is used (note that "?||?" should be more portable than builtin function "CONCAT(?,?)") - strcast_func cast of string constants in "SELECT DISTINCT statements (needed by PostgreSQL) - upper_needs_cast cast the argument of upper when required (basically when building dn substring queries) Todo: - add security checks for SQL statements that can be injected (?) - re-test with previously supported RDBMs - replace dn_ru and so with normalized dn (no need for upper() and so in dn match) - implement a backsql_normalize() function to replace the upper() conversion routines - note that subtree deletion, subtree renaming and so could be easily implemented (rollback and consistency checks are available :) - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 16:54:08 +08:00
"exceeds max DN length (%d):\n",
dn->bv_val, dn->bv_len, BACKSQL_MAX_DN_LEN );
return LDAP_OTHER;
}
/* begin TimesTen */
Debug(LDAP_DEBUG_TRACE, "children id query \"%s\"\n",
2004-10-02 20:05:42 +08:00
bi->sql_has_children_query, 0, 0);
assert( bi->sql_has_children_query != NULL );
2004-10-02 20:05:42 +08:00
rc = backsql_Prepare( dbh, &sth, bi->sql_has_children_query, 0 );
Final run of changes to back-sql; IBM db2 support has been tested. Now related ITSes need be audited and possibly closed. Enhancements: - re-styled code for better readability - upgraded backend API to reflect recent changes - LDAP schema is checked when loading SQL/LDAP mapping - AttributeDescription/ObjectClass pointers used for more efficient mapping lookup - bervals used where string length is required often - atomized write operations by committing at the end of each operation and defaulting connection closure to rollback - added LDAP access control to write operations - fully implemented modrdn (with rdn attrs change, deleteoldrdn, access check, parent/children check and more) - added parent access control, children control to delete operation - added structuralObjectClass operational attribute check and value return on search - added hasSubordinate operational attribute on demand - search limits are appropriately enforced - function backsql_strcat() has been made more efficient - concat function has been made configurable by means of a pattern - added config switches: - fail_if_no_mapping write operations fail if there is no mapping - has_ldapinfo_dn_ru overrides autodetect - concat_pattern a string containing two '?' is used (note that "?||?" should be more portable than builtin function "CONCAT(?,?)") - strcast_func cast of string constants in "SELECT DISTINCT statements (needed by PostgreSQL) - upper_needs_cast cast the argument of upper when required (basically when building dn substring queries) Todo: - add security checks for SQL statements that can be injected (?) - re-test with previously supported RDBMs - replace dn_ru and so with normalized dn (no need for upper() and so in dn match) - implement a backsql_normalize() function to replace the upper() conversion routines - note that subtree deletion, subtree renaming and so could be easily implemented (rollback and consistency checks are available :) - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 16:54:08 +08:00
if ( rc != SQL_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
2002-09-03 03:39:31 +08:00
"backsql_count_children(): error preparing SQL:\n%s",
2004-10-02 20:05:42 +08:00
bi->sql_has_children_query, 0, 0);
backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
Final run of changes to back-sql; IBM db2 support has been tested. Now related ITSes need be audited and possibly closed. Enhancements: - re-styled code for better readability - upgraded backend API to reflect recent changes - LDAP schema is checked when loading SQL/LDAP mapping - AttributeDescription/ObjectClass pointers used for more efficient mapping lookup - bervals used where string length is required often - atomized write operations by committing at the end of each operation and defaulting connection closure to rollback - added LDAP access control to write operations - fully implemented modrdn (with rdn attrs change, deleteoldrdn, access check, parent/children check and more) - added parent access control, children control to delete operation - added structuralObjectClass operational attribute check and value return on search - added hasSubordinate operational attribute on demand - search limits are appropriately enforced - function backsql_strcat() has been made more efficient - concat function has been made configurable by means of a pattern - added config switches: - fail_if_no_mapping write operations fail if there is no mapping - has_ldapinfo_dn_ru overrides autodetect - concat_pattern a string containing two '?' is used (note that "?||?" should be more portable than builtin function "CONCAT(?,?)") - strcast_func cast of string constants in "SELECT DISTINCT statements (needed by PostgreSQL) - upper_needs_cast cast the argument of upper when required (basically when building dn substring queries) Todo: - add security checks for SQL statements that can be injected (?) - re-test with previously supported RDBMs - replace dn_ru and so with normalized dn (no need for upper() and so in dn match) - implement a backsql_normalize() function to replace the upper() conversion routines - note that subtree deletion, subtree renaming and so could be easily implemented (rollback and consistency checks are available :) - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 16:54:08 +08:00
SQLFreeStmt( sth, SQL_DROP );
return LDAP_OTHER;
}
rc = backsql_BindParamBerVal( sth, 1, SQL_PARAM_INPUT, dn );
Final run of changes to back-sql; IBM db2 support has been tested. Now related ITSes need be audited and possibly closed. Enhancements: - re-styled code for better readability - upgraded backend API to reflect recent changes - LDAP schema is checked when loading SQL/LDAP mapping - AttributeDescription/ObjectClass pointers used for more efficient mapping lookup - bervals used where string length is required often - atomized write operations by committing at the end of each operation and defaulting connection closure to rollback - added LDAP access control to write operations - fully implemented modrdn (with rdn attrs change, deleteoldrdn, access check, parent/children check and more) - added parent access control, children control to delete operation - added structuralObjectClass operational attribute check and value return on search - added hasSubordinate operational attribute on demand - search limits are appropriately enforced - function backsql_strcat() has been made more efficient - concat function has been made configurable by means of a pattern - added config switches: - fail_if_no_mapping write operations fail if there is no mapping - has_ldapinfo_dn_ru overrides autodetect - concat_pattern a string containing two '?' is used (note that "?||?" should be more portable than builtin function "CONCAT(?,?)") - strcast_func cast of string constants in "SELECT DISTINCT statements (needed by PostgreSQL) - upper_needs_cast cast the argument of upper when required (basically when building dn substring queries) Todo: - add security checks for SQL statements that can be injected (?) - re-test with previously supported RDBMs - replace dn_ru and so with normalized dn (no need for upper() and so in dn match) - implement a backsql_normalize() function to replace the upper() conversion routines - note that subtree deletion, subtree renaming and so could be easily implemented (rollback and consistency checks are available :) - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 16:54:08 +08:00
if ( rc != SQL_SUCCESS) {
/* end TimesTen */
2002-09-03 03:39:31 +08:00
Debug( LDAP_DEBUG_TRACE, "backsql_count_children(): "
Final run of changes to back-sql; IBM db2 support has been tested. Now related ITSes need be audited and possibly closed. Enhancements: - re-styled code for better readability - upgraded backend API to reflect recent changes - LDAP schema is checked when loading SQL/LDAP mapping - AttributeDescription/ObjectClass pointers used for more efficient mapping lookup - bervals used where string length is required often - atomized write operations by committing at the end of each operation and defaulting connection closure to rollback - added LDAP access control to write operations - fully implemented modrdn (with rdn attrs change, deleteoldrdn, access check, parent/children check and more) - added parent access control, children control to delete operation - added structuralObjectClass operational attribute check and value return on search - added hasSubordinate operational attribute on demand - search limits are appropriately enforced - function backsql_strcat() has been made more efficient - concat function has been made configurable by means of a pattern - added config switches: - fail_if_no_mapping write operations fail if there is no mapping - has_ldapinfo_dn_ru overrides autodetect - concat_pattern a string containing two '?' is used (note that "?||?" should be more portable than builtin function "CONCAT(?,?)") - strcast_func cast of string constants in "SELECT DISTINCT statements (needed by PostgreSQL) - upper_needs_cast cast the argument of upper when required (basically when building dn substring queries) Todo: - add security checks for SQL statements that can be injected (?) - re-test with previously supported RDBMs - replace dn_ru and so with normalized dn (no need for upper() and so in dn match) - implement a backsql_normalize() function to replace the upper() conversion routines - note that subtree deletion, subtree renaming and so could be easily implemented (rollback and consistency checks are available :) - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 16:54:08 +08:00
"error binding dn=\"%s\" parameter:\n",
dn->bv_val, 0, 0 );
2004-10-02 20:05:42 +08:00
backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
Final run of changes to back-sql; IBM db2 support has been tested. Now related ITSes need be audited and possibly closed. Enhancements: - re-styled code for better readability - upgraded backend API to reflect recent changes - LDAP schema is checked when loading SQL/LDAP mapping - AttributeDescription/ObjectClass pointers used for more efficient mapping lookup - bervals used where string length is required often - atomized write operations by committing at the end of each operation and defaulting connection closure to rollback - added LDAP access control to write operations - fully implemented modrdn (with rdn attrs change, deleteoldrdn, access check, parent/children check and more) - added parent access control, children control to delete operation - added structuralObjectClass operational attribute check and value return on search - added hasSubordinate operational attribute on demand - search limits are appropriately enforced - function backsql_strcat() has been made more efficient - concat function has been made configurable by means of a pattern - added config switches: - fail_if_no_mapping write operations fail if there is no mapping - has_ldapinfo_dn_ru overrides autodetect - concat_pattern a string containing two '?' is used (note that "?||?" should be more portable than builtin function "CONCAT(?,?)") - strcast_func cast of string constants in "SELECT DISTINCT statements (needed by PostgreSQL) - upper_needs_cast cast the argument of upper when required (basically when building dn substring queries) Todo: - add security checks for SQL statements that can be injected (?) - re-test with previously supported RDBMs - replace dn_ru and so with normalized dn (no need for upper() and so in dn match) - implement a backsql_normalize() function to replace the upper() conversion routines - note that subtree deletion, subtree renaming and so could be easily implemented (rollback and consistency checks are available :) - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 16:54:08 +08:00
SQLFreeStmt( sth, SQL_DROP );
return LDAP_OTHER;
}
rc = SQLExecute( sth );
if ( rc != SQL_SUCCESS ) {
2002-09-03 03:39:31 +08:00
Debug( LDAP_DEBUG_TRACE, "backsql_count_children(): "
Final run of changes to back-sql; IBM db2 support has been tested. Now related ITSes need be audited and possibly closed. Enhancements: - re-styled code for better readability - upgraded backend API to reflect recent changes - LDAP schema is checked when loading SQL/LDAP mapping - AttributeDescription/ObjectClass pointers used for more efficient mapping lookup - bervals used where string length is required often - atomized write operations by committing at the end of each operation and defaulting connection closure to rollback - added LDAP access control to write operations - fully implemented modrdn (with rdn attrs change, deleteoldrdn, access check, parent/children check and more) - added parent access control, children control to delete operation - added structuralObjectClass operational attribute check and value return on search - added hasSubordinate operational attribute on demand - search limits are appropriately enforced - function backsql_strcat() has been made more efficient - concat function has been made configurable by means of a pattern - added config switches: - fail_if_no_mapping write operations fail if there is no mapping - has_ldapinfo_dn_ru overrides autodetect - concat_pattern a string containing two '?' is used (note that "?||?" should be more portable than builtin function "CONCAT(?,?)") - strcast_func cast of string constants in "SELECT DISTINCT statements (needed by PostgreSQL) - upper_needs_cast cast the argument of upper when required (basically when building dn substring queries) Todo: - add security checks for SQL statements that can be injected (?) - re-test with previously supported RDBMs - replace dn_ru and so with normalized dn (no need for upper() and so in dn match) - implement a backsql_normalize() function to replace the upper() conversion routines - note that subtree deletion, subtree renaming and so could be easily implemented (rollback and consistency checks are available :) - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 16:54:08 +08:00
"error executing query (\"%s\", \"%s\"):\n",
2004-10-02 20:05:42 +08:00
bi->sql_has_children_query, dn->bv_val, 0 );
backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
Final run of changes to back-sql; IBM db2 support has been tested. Now related ITSes need be audited and possibly closed. Enhancements: - re-styled code for better readability - upgraded backend API to reflect recent changes - LDAP schema is checked when loading SQL/LDAP mapping - AttributeDescription/ObjectClass pointers used for more efficient mapping lookup - bervals used where string length is required often - atomized write operations by committing at the end of each operation and defaulting connection closure to rollback - added LDAP access control to write operations - fully implemented modrdn (with rdn attrs change, deleteoldrdn, access check, parent/children check and more) - added parent access control, children control to delete operation - added structuralObjectClass operational attribute check and value return on search - added hasSubordinate operational attribute on demand - search limits are appropriately enforced - function backsql_strcat() has been made more efficient - concat function has been made configurable by means of a pattern - added config switches: - fail_if_no_mapping write operations fail if there is no mapping - has_ldapinfo_dn_ru overrides autodetect - concat_pattern a string containing two '?' is used (note that "?||?" should be more portable than builtin function "CONCAT(?,?)") - strcast_func cast of string constants in "SELECT DISTINCT statements (needed by PostgreSQL) - upper_needs_cast cast the argument of upper when required (basically when building dn substring queries) Todo: - add security checks for SQL statements that can be injected (?) - re-test with previously supported RDBMs - replace dn_ru and so with normalized dn (no need for upper() and so in dn match) - implement a backsql_normalize() function to replace the upper() conversion routines - note that subtree deletion, subtree renaming and so could be easily implemented (rollback and consistency checks are available :) - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 16:54:08 +08:00
SQLFreeStmt( sth, SQL_DROP );
return LDAP_OTHER;
}
2005-07-26 06:11:09 +08:00
backsql_BindRowAsStrings_x( sth, &row, op->o_tmpmemctx );
Final run of changes to back-sql; IBM db2 support has been tested. Now related ITSes need be audited and possibly closed. Enhancements: - re-styled code for better readability - upgraded backend API to reflect recent changes - LDAP schema is checked when loading SQL/LDAP mapping - AttributeDescription/ObjectClass pointers used for more efficient mapping lookup - bervals used where string length is required often - atomized write operations by committing at the end of each operation and defaulting connection closure to rollback - added LDAP access control to write operations - fully implemented modrdn (with rdn attrs change, deleteoldrdn, access check, parent/children check and more) - added parent access control, children control to delete operation - added structuralObjectClass operational attribute check and value return on search - added hasSubordinate operational attribute on demand - search limits are appropriately enforced - function backsql_strcat() has been made more efficient - concat function has been made configurable by means of a pattern - added config switches: - fail_if_no_mapping write operations fail if there is no mapping - has_ldapinfo_dn_ru overrides autodetect - concat_pattern a string containing two '?' is used (note that "?||?" should be more portable than builtin function "CONCAT(?,?)") - strcast_func cast of string constants in "SELECT DISTINCT statements (needed by PostgreSQL) - upper_needs_cast cast the argument of upper when required (basically when building dn substring queries) Todo: - add security checks for SQL statements that can be injected (?) - re-test with previously supported RDBMs - replace dn_ru and so with normalized dn (no need for upper() and so in dn match) - implement a backsql_normalize() function to replace the upper() conversion routines - note that subtree deletion, subtree renaming and so could be easily implemented (rollback and consistency checks are available :) - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 16:54:08 +08:00
rc = SQLFetch( sth );
if ( BACKSQL_SUCCESS( rc ) ) {
2002-09-03 03:39:31 +08:00
char *end;
*nchildren = strtol( row.cols[ 0 ], &end, 0 );
2005-11-24 09:10:05 +08:00
if ( end == row.cols[ 0 ] ) {
2002-09-03 03:39:31 +08:00
res = LDAP_OTHER;
2005-11-24 09:10:05 +08:00
} else {
switch ( end[ 0 ] ) {
case '\0':
break;
case '.': {
unsigned long ul;
/* FIXME: braindead RDBMSes return
* a fractional number from COUNT!
*/
if ( lutil_atoul( &ul, end + 1 ) != 0 || ul != 0 ) {
res = LDAP_OTHER;
}
} break;
default:
res = LDAP_OTHER;
}
Final run of changes to back-sql; IBM db2 support has been tested. Now related ITSes need be audited and possibly closed. Enhancements: - re-styled code for better readability - upgraded backend API to reflect recent changes - LDAP schema is checked when loading SQL/LDAP mapping - AttributeDescription/ObjectClass pointers used for more efficient mapping lookup - bervals used where string length is required often - atomized write operations by committing at the end of each operation and defaulting connection closure to rollback - added LDAP access control to write operations - fully implemented modrdn (with rdn attrs change, deleteoldrdn, access check, parent/children check and more) - added parent access control, children control to delete operation - added structuralObjectClass operational attribute check and value return on search - added hasSubordinate operational attribute on demand - search limits are appropriately enforced - function backsql_strcat() has been made more efficient - concat function has been made configurable by means of a pattern - added config switches: - fail_if_no_mapping write operations fail if there is no mapping - has_ldapinfo_dn_ru overrides autodetect - concat_pattern a string containing two '?' is used (note that "?||?" should be more portable than builtin function "CONCAT(?,?)") - strcast_func cast of string constants in "SELECT DISTINCT statements (needed by PostgreSQL) - upper_needs_cast cast the argument of upper when required (basically when building dn substring queries) Todo: - add security checks for SQL statements that can be injected (?) - re-test with previously supported RDBMs - replace dn_ru and so with normalized dn (no need for upper() and so in dn match) - implement a backsql_normalize() function to replace the upper() conversion routines - note that subtree deletion, subtree renaming and so could be easily implemented (rollback and consistency checks are available :) - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 16:54:08 +08:00
}
} else {
res = LDAP_OTHER;
}
2005-07-26 06:11:09 +08:00
backsql_FreeRow_x( &row, op->o_tmpmemctx );
Final run of changes to back-sql; IBM db2 support has been tested. Now related ITSes need be audited and possibly closed. Enhancements: - re-styled code for better readability - upgraded backend API to reflect recent changes - LDAP schema is checked when loading SQL/LDAP mapping - AttributeDescription/ObjectClass pointers used for more efficient mapping lookup - bervals used where string length is required often - atomized write operations by committing at the end of each operation and defaulting connection closure to rollback - added LDAP access control to write operations - fully implemented modrdn (with rdn attrs change, deleteoldrdn, access check, parent/children check and more) - added parent access control, children control to delete operation - added structuralObjectClass operational attribute check and value return on search - added hasSubordinate operational attribute on demand - search limits are appropriately enforced - function backsql_strcat() has been made more efficient - concat function has been made configurable by means of a pattern - added config switches: - fail_if_no_mapping write operations fail if there is no mapping - has_ldapinfo_dn_ru overrides autodetect - concat_pattern a string containing two '?' is used (note that "?||?" should be more portable than builtin function "CONCAT(?,?)") - strcast_func cast of string constants in "SELECT DISTINCT statements (needed by PostgreSQL) - upper_needs_cast cast the argument of upper when required (basically when building dn substring queries) Todo: - add security checks for SQL statements that can be injected (?) - re-test with previously supported RDBMs - replace dn_ru and so with normalized dn (no need for upper() and so in dn match) - implement a backsql_normalize() function to replace the upper() conversion routines - note that subtree deletion, subtree renaming and so could be easily implemented (rollback and consistency checks are available :) - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 16:54:08 +08:00
SQLFreeStmt( sth, SQL_DROP );
2002-09-03 03:39:31 +08:00
Debug( LDAP_DEBUG_TRACE, "<==backsql_count_children(): %lu\n",
*nchildren, 0, 0 );
Final run of changes to back-sql; IBM db2 support has been tested. Now related ITSes need be audited and possibly closed. Enhancements: - re-styled code for better readability - upgraded backend API to reflect recent changes - LDAP schema is checked when loading SQL/LDAP mapping - AttributeDescription/ObjectClass pointers used for more efficient mapping lookup - bervals used where string length is required often - atomized write operations by committing at the end of each operation and defaulting connection closure to rollback - added LDAP access control to write operations - fully implemented modrdn (with rdn attrs change, deleteoldrdn, access check, parent/children check and more) - added parent access control, children control to delete operation - added structuralObjectClass operational attribute check and value return on search - added hasSubordinate operational attribute on demand - search limits are appropriately enforced - function backsql_strcat() has been made more efficient - concat function has been made configurable by means of a pattern - added config switches: - fail_if_no_mapping write operations fail if there is no mapping - has_ldapinfo_dn_ru overrides autodetect - concat_pattern a string containing two '?' is used (note that "?||?" should be more portable than builtin function "CONCAT(?,?)") - strcast_func cast of string constants in "SELECT DISTINCT statements (needed by PostgreSQL) - upper_needs_cast cast the argument of upper when required (basically when building dn substring queries) Todo: - add security checks for SQL statements that can be injected (?) - re-test with previously supported RDBMs - replace dn_ru and so with normalized dn (no need for upper() and so in dn match) - implement a backsql_normalize() function to replace the upper() conversion routines - note that subtree deletion, subtree renaming and so could be easily implemented (rollback and consistency checks are available :) - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 16:54:08 +08:00
return res;
}
2002-09-03 03:39:31 +08:00
int
backsql_has_children(
2005-07-26 06:11:09 +08:00
Operation *op,
2002-09-03 03:39:31 +08:00
SQLHDBC dbh,
struct berval *dn )
{
unsigned long nchildren;
int rc;
2005-07-26 06:11:09 +08:00
rc = backsql_count_children( op, dbh, dn, &nchildren );
2002-09-03 03:39:31 +08:00
if ( rc == LDAP_SUCCESS ) {
return nchildren > 0 ? LDAP_COMPARE_TRUE : LDAP_COMPARE_FALSE;
}
return rc;
}
2002-12-15 06:25:52 +08:00
static int
backsql_get_attr_vals( void *v_at, void *v_bsi )
2000-03-17 03:08:22 +08:00
{
backsql_at_map_rec *at = v_at;
backsql_srch_info *bsi = v_bsi;
backsql_info *bi = (backsql_info *)bsi->bsi_op->o_bd->be_private;
RETCODE rc;
SQLHSTMT sth = SQL_NULL_HSTMT;
BACKSQL_ROW_NTS row;
unsigned long i,
k = 0,
2005-07-26 06:11:09 +08:00
oldcount = 0,
res = 0;
#ifdef BACKSQL_COUNTQUERY
2005-11-07 07:34:33 +08:00
unsigned count,
2005-07-14 01:43:30 +08:00
j,
append = 0;
2005-11-07 07:34:33 +08:00
SQLLEN countsize = sizeof( count );
Attribute *attr = NULL;
slap_mr_normalize_func *normfunc = NULL;
#endif /* BACKSQL_COUNTQUERY */
#ifdef BACKSQL_PRETTY_VALIDATE
slap_syntax_validate_func *validate = NULL;
slap_syntax_transform_func *pretty = NULL;
#endif /* BACKSQL_PRETTY_VALIDATE */
assert( at != NULL );
assert( bsi != NULL );
#ifdef BACKSQL_ARBITRARY_KEY
Debug( LDAP_DEBUG_TRACE, "==>backsql_get_attr_vals(): "
"oc=\"%s\" attr=\"%s\" keyval=%s\n",
BACKSQL_OC_NAME( bsi->bsi_oc ), at->bam_ad->ad_cname.bv_val,
bsi->bsi_c_eid->eid_keyval.bv_val );
#else /* ! BACKSQL_ARBITRARY_KEY */
Debug( LDAP_DEBUG_TRACE, "==>backsql_get_attr_vals(): "
"oc=\"%s\" attr=\"%s\" keyval=%ld\n",
BACKSQL_OC_NAME( bsi->bsi_oc ), at->bam_ad->ad_cname.bv_val,
bsi->bsi_c_eid->eid_keyval );
#endif /* ! BACKSQL_ARBITRARY_KEY */
#ifdef BACKSQL_PRETTY_VALIDATE
validate = at->bam_ad->ad_type->sat_syntax->ssyn_validate;
pretty = at->bam_ad->ad_type->sat_syntax->ssyn_pretty;
if ( validate == NULL && pretty == NULL ) {
return 1;
}
#endif /* BACKSQL_PRETTY_VALIDATE */
#ifdef BACKSQL_COUNTQUERY
if ( at->bam_ad->ad_type->sat_equality ) {
normfunc = at->bam_ad->ad_type->sat_equality->smr_normalize;
}
/* Count how many rows will be returned. This avoids memory
* fragmentation that can result from loading the values in
* one by one and using realloc()
*/
rc = backsql_Prepare( bsi->bsi_dbh, &sth, at->bam_countquery, 0 );
if ( rc != SQL_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_vals(): "
"error preparing count query: %s\n",
at->bam_countquery, 0, 0 );
backsql_PrintErrors( bi->sql_db_env, bsi->bsi_dbh, sth, rc );
return 1;
}
rc = backsql_BindParamID( sth, 1, SQL_PARAM_INPUT,
&bsi->bsi_c_eid->eid_keyval );
if ( rc != SQL_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_vals(): "
"error binding key value parameter\n", 0, 0, 0 );
SQLFreeStmt( sth, SQL_DROP );
return 1;
}
rc = SQLExecute( sth );
if ( ! BACKSQL_SUCCESS( rc ) ) {
Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_vals(): "
"error executing attribute count query '%s'\n",
at->bam_countquery, 0, 0 );
backsql_PrintErrors( bi->sql_db_env, bsi->bsi_dbh, sth, rc );
SQLFreeStmt( sth, SQL_DROP );
return 1;
}
SQLBindCol( sth, (SQLUSMALLINT)1, SQL_C_LONG,
(SQLPOINTER)&count,
(SQLINTEGER)sizeof( count ),
&countsize );
rc = SQLFetch( sth );
if ( rc != SQL_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_vals(): "
"error fetch results of count query: %s\n",
at->bam_countquery, 0, 0 );
backsql_PrintErrors( bi->sql_db_env, bsi->bsi_dbh, sth, rc );
SQLFreeStmt( sth, SQL_DROP );
return 1;
}
Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_vals(): "
2005-11-15 05:47:17 +08:00
"number of values in query: %u\n", count, 0, 0 );
SQLFreeStmt( sth, SQL_DROP );
if ( count == 0 ) {
return 1;
}
attr = attr_find( bsi->bsi_e->e_attrs, at->bam_ad );
if ( attr != NULL ) {
BerVarray tmp;
if ( attr->a_vals != NULL ) {
for ( ; !BER_BVISNULL( &attr->a_vals[ oldcount ] ); oldcount++ )
/* just count */ ;
}
tmp = ch_realloc( attr->a_vals, ( oldcount + count + 1 ) * sizeof( struct berval ) );
if ( tmp == NULL ) {
return 1;
}
attr->a_vals = tmp;
memset( &attr->a_vals[ oldcount ], 0, ( count + 1 ) * sizeof( struct berval ) );
if ( normfunc ) {
tmp = ch_realloc( attr->a_nvals, ( oldcount + count + 1 ) * sizeof( struct berval ) );
if ( tmp == NULL ) {
return 1;
}
attr->a_nvals = tmp;
memset( &attr->a_nvals[ oldcount ], 0, ( count + 1 ) * sizeof( struct berval ) );
} else {
attr->a_nvals = attr->a_vals;
}
} else {
2005-07-14 01:43:30 +08:00
append = 1;
/* Make space for the array of values */
attr = attr_alloc( at->bam_ad );
attr->a_vals = ch_calloc( count + 1, sizeof( struct berval ) );
if ( attr->a_vals == NULL ) {
Debug( LDAP_DEBUG_TRACE, "Out of memory!\n", 0,0,0 );
ch_free( attr );
return 1;
}
memset( attr->a_vals, 0, ( count + 1 ) * sizeof( struct berval ) );
if ( normfunc ) {
attr->a_nvals = ch_calloc( count + 1, sizeof( struct berval ) );
if ( attr->a_nvals == NULL ) {
ch_free( attr->a_vals );
ch_free( attr );
return 1;
} else {
memset( attr->a_nvals, 0, ( count + 1 ) * sizeof( struct berval ) );
}
} else {
attr->a_nvals = attr->a_vals;
}
}
#endif /* BACKSQL_COUNTQUERY */
rc = backsql_Prepare( bsi->bsi_dbh, &sth, at->bam_query, 0 );
if ( rc != SQL_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_vals(): "
"error preparing query: %s\n", at->bam_query, 0, 0 );
2004-10-02 20:05:42 +08:00
backsql_PrintErrors( bi->sql_db_env, bsi->bsi_dbh, sth, rc );
2005-12-07 06:56:58 +08:00
#ifdef BACKSQL_COUNTQUERY
if ( append ) {
attr_free( attr );
}
#endif /* BACKSQL_COUNTQUERY */
return 1;
}
rc = backsql_BindParamID( sth, 1, SQL_PARAM_INPUT,
&bsi->bsi_c_eid->eid_keyval );
if ( rc != SQL_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_vals(): "
"error binding key value parameter\n", 0, 0, 0 );
2005-12-07 06:56:58 +08:00
#ifdef BACKSQL_COUNTQUERY
if ( append ) {
attr_free( attr );
}
#endif /* BACKSQL_COUNTQUERY */
return 1;
}
#ifdef BACKSQL_TRACE
#ifdef BACKSQL_ARBITRARY_KEY
Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_vals(): "
"query=\"%s\" keyval=%s\n", at->bam_query,
bsi->bsi_c_eid->eid_keyval.bv_val, 0 );
#else /* !BACKSQL_ARBITRARY_KEY */
Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_vals(): "
"query=\"%s\" keyval=%d\n", at->bam_query,
bsi->bsi_c_eid->eid_keyval, 0 );
#endif /* ! BACKSQL_ARBITRARY_KEY */
#endif /* BACKSQL_TRACE */
rc = SQLExecute( sth );
if ( ! BACKSQL_SUCCESS( rc ) ) {
Debug( LDAP_DEBUG_TRACE, "backsql_get_attr_vals(): "
"error executing attribute query \"%s\"\n",
at->bam_query, 0, 0 );
2004-10-02 20:05:42 +08:00
backsql_PrintErrors( bi->sql_db_env, bsi->bsi_dbh, sth, rc );
SQLFreeStmt( sth, SQL_DROP );
2005-12-07 06:56:58 +08:00
#ifdef BACKSQL_COUNTQUERY
if ( append ) {
attr_free( attr );
}
#endif /* BACKSQL_COUNTQUERY */
return 1;
}
2000-03-17 03:08:22 +08:00
2005-07-26 06:11:09 +08:00
backsql_BindRowAsStrings_x( sth, &row, bsi->bsi_op->o_tmpmemctx );
#ifdef BACKSQL_COUNTQUERY
j = oldcount;
#endif /* BACKSQL_COUNTQUERY */
for ( rc = SQLFetch( sth ), k = 0;
BACKSQL_SUCCESS( rc );
rc = SQLFetch( sth ), k++ )
{
2005-09-09 04:18:43 +08:00
for ( i = 0; i < (unsigned long)row.ncols; i++ ) {
2002-09-03 03:39:31 +08:00
if ( row.value_len[ i ] > 0 ) {
struct berval bv;
int retval;
#ifdef BACKSQL_TRACE
AttributeDescription *ad = NULL;
const char *text;
retval = slap_bv2ad( &row.col_names[ i ], &ad, &text );
if ( retval != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY,
"==>backsql_get_attr_vals(\"%s\"): "
"unable to find AttributeDescription %s "
"in schema (%d)\n",
bsi->bsi_e->e_name.bv_val,
row.col_names[ i ].bv_val, retval );
2005-07-26 06:11:09 +08:00
res = 1;
goto done;
}
if ( ad != at->bam_ad ) {
Debug( LDAP_DEBUG_ANY,
"==>backsql_get_attr_vals(\"%s\"): "
"column name %s differs from "
"AttributeDescription %s\n",
bsi->bsi_e->e_name.bv_val,
ad->ad_cname.bv_val,
at->bam_ad->ad_cname.bv_val );
2005-07-26 06:11:09 +08:00
res = 1;
goto done;
}
#endif /* BACKSQL_TRACE */
/* ITS#3386, ITS#3113 - 20070308
* If a binary is fetched?
* must use the actual size read
* from the database.
*/
if ( BACKSQL_IS_BINARY( row.col_type[ i ] ) ) {
#ifdef BACKSQL_TRACE
Debug( LDAP_DEBUG_ANY,
"==>backsql_get_attr_vals(\"%s\"): "
"column name %s: data is binary; "
"using database size %ld\n",
bsi->bsi_e->e_name.bv_val,
ad->ad_cname.bv_val,
row.value_len[ i ] );
#endif /* BACKSQL_TRACE */
bv.bv_val = row.cols[ i ];
bv.bv_len = row.value_len[ i ];
} else {
ber_str2bv( row.cols[ i ], 0, 0, &bv );
}
#ifdef BACKSQL_PRETTY_VALIDATE
if ( pretty ) {
struct berval pbv;
retval = pretty( at->bam_ad->ad_type->sat_syntax,
&bv, &pbv, bsi->bsi_op->o_tmpmemctx );
bv = pbv;
} else {
retval = validate( at->bam_ad->ad_type->sat_syntax,
&bv );
}
if ( retval != LDAP_SUCCESS ) {
char buf[ SLAP_TEXT_BUFLEN ];
/* FIXME: we're ignoring invalid values,
* but we're accepting the attributes;
* should we fail at all? */
snprintf( buf, sizeof( buf ),
2005-09-09 04:18:43 +08:00
"unable to %s value #%lu "
"of AttributeDescription %s",
pretty ? "prettify" : "validate",
2005-09-09 04:18:43 +08:00
k - oldcount,
at->bam_ad->ad_cname.bv_val );
Debug( LDAP_DEBUG_TRACE,
"==>backsql_get_attr_vals(\"%s\"): "
"%s (%d)\n",
bsi->bsi_e->e_name.bv_val, buf, retval );
continue;
}
#endif /* BACKSQL_PRETTY_VALIDATE */
#ifndef BACKSQL_COUNTQUERY
(void)backsql_entry_addattr( bsi->bsi_e,
at->bam_ad, &bv,
bsi->bsi_op->o_tmpmemctx );
#else /* BACKSQL_COUNTQUERY */
if ( normfunc ) {
struct berval nbv;
retval = (*normfunc)( SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
at->bam_ad->ad_type->sat_syntax,
at->bam_ad->ad_type->sat_equality,
&bv, &nbv,
bsi->bsi_op->o_tmpmemctx );
if ( retval != LDAP_SUCCESS ) {
char buf[ SLAP_TEXT_BUFLEN ];
/* FIXME: we're ignoring invalid values,
* but we're accepting the attributes;
* should we fail at all? */
snprintf( buf, sizeof( buf ),
2005-09-09 04:18:43 +08:00
"unable to normalize value #%lu "
"of AttributeDescription %s",
2005-09-09 04:18:43 +08:00
k - oldcount,
at->bam_ad->ad_cname.bv_val );
Debug( LDAP_DEBUG_TRACE,
"==>backsql_get_attr_vals(\"%s\"): "
"%s (%d)\n",
bsi->bsi_e->e_name.bv_val, buf, retval );
#ifdef BACKSQL_PRETTY_VALIDATE
if ( pretty ) {
bsi->bsi_op->o_tmpfree( bv.bv_val,
bsi->bsi_op->o_tmpmemctx );
}
#endif /* BACKSQL_PRETTY_VALIDATE */
continue;
}
ber_dupbv( &attr->a_nvals[ j ], &nbv );
bsi->bsi_op->o_tmpfree( nbv.bv_val,
bsi->bsi_op->o_tmpmemctx );
}
ber_dupbv( &attr->a_vals[ j ], &bv );
assert( j < oldcount + count );
j++;
#endif /* BACKSQL_COUNTQUERY */
#ifdef BACKSQL_PRETTY_VALIDATE
if ( pretty ) {
bsi->bsi_op->o_tmpfree( bv.bv_val,
bsi->bsi_op->o_tmpmemctx );
}
#endif /* BACKSQL_PRETTY_VALIDATE */
Final run of changes to back-sql; IBM db2 support has been tested. Now related ITSes need be audited and possibly closed. Enhancements: - re-styled code for better readability - upgraded backend API to reflect recent changes - LDAP schema is checked when loading SQL/LDAP mapping - AttributeDescription/ObjectClass pointers used for more efficient mapping lookup - bervals used where string length is required often - atomized write operations by committing at the end of each operation and defaulting connection closure to rollback - added LDAP access control to write operations - fully implemented modrdn (with rdn attrs change, deleteoldrdn, access check, parent/children check and more) - added parent access control, children control to delete operation - added structuralObjectClass operational attribute check and value return on search - added hasSubordinate operational attribute on demand - search limits are appropriately enforced - function backsql_strcat() has been made more efficient - concat function has been made configurable by means of a pattern - added config switches: - fail_if_no_mapping write operations fail if there is no mapping - has_ldapinfo_dn_ru overrides autodetect - concat_pattern a string containing two '?' is used (note that "?||?" should be more portable than builtin function "CONCAT(?,?)") - strcast_func cast of string constants in "SELECT DISTINCT statements (needed by PostgreSQL) - upper_needs_cast cast the argument of upper when required (basically when building dn substring queries) Todo: - add security checks for SQL statements that can be injected (?) - re-test with previously supported RDBMs - replace dn_ru and so with normalized dn (no need for upper() and so in dn match) - implement a backsql_normalize() function to replace the upper() conversion routines - note that subtree deletion, subtree renaming and so could be easily implemented (rollback and consistency checks are available :) - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 16:54:08 +08:00
#ifdef BACKSQL_TRACE
Debug( LDAP_DEBUG_TRACE, "prec=%d\n",
(int)row.col_prec[ i ], 0, 0 );
} else {
Debug( LDAP_DEBUG_TRACE, "NULL value "
"in this row for attribute \"%s\"\n",
row.col_names[ i ].bv_val, 0, 0 );
Final run of changes to back-sql; IBM db2 support has been tested. Now related ITSes need be audited and possibly closed. Enhancements: - re-styled code for better readability - upgraded backend API to reflect recent changes - LDAP schema is checked when loading SQL/LDAP mapping - AttributeDescription/ObjectClass pointers used for more efficient mapping lookup - bervals used where string length is required often - atomized write operations by committing at the end of each operation and defaulting connection closure to rollback - added LDAP access control to write operations - fully implemented modrdn (with rdn attrs change, deleteoldrdn, access check, parent/children check and more) - added parent access control, children control to delete operation - added structuralObjectClass operational attribute check and value return on search - added hasSubordinate operational attribute on demand - search limits are appropriately enforced - function backsql_strcat() has been made more efficient - concat function has been made configurable by means of a pattern - added config switches: - fail_if_no_mapping write operations fail if there is no mapping - has_ldapinfo_dn_ru overrides autodetect - concat_pattern a string containing two '?' is used (note that "?||?" should be more portable than builtin function "CONCAT(?,?)") - strcast_func cast of string constants in "SELECT DISTINCT statements (needed by PostgreSQL) - upper_needs_cast cast the argument of upper when required (basically when building dn substring queries) Todo: - add security checks for SQL statements that can be injected (?) - re-test with previously supported RDBMs - replace dn_ru and so with normalized dn (no need for upper() and so in dn match) - implement a backsql_normalize() function to replace the upper() conversion routines - note that subtree deletion, subtree renaming and so could be easily implemented (rollback and consistency checks are available :) - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 16:54:08 +08:00
#endif /* BACKSQL_TRACE */
}
}
}
2005-07-14 01:43:30 +08:00
#ifdef BACKSQL_COUNTQUERY
if ( BER_BVISNULL( &attr->a_vals[ 0 ] ) ) {
/* don't leave around attributes with no values */
attr_free( attr );
} else if ( append ) {
Attribute **ap;
for ( ap = &bsi->bsi_e->e_attrs; (*ap) != NULL; ap = &(*ap)->a_next )
/* goto last */ ;
*ap = attr;
}
#endif /* BACKSQL_COUNTQUERY */
SQLFreeStmt( sth, SQL_DROP );
Debug( LDAP_DEBUG_TRACE, "<==backsql_get_attr_vals()\n", 0, 0, 0 );
if ( at->bam_next ) {
2005-07-26 06:11:09 +08:00
res = backsql_get_attr_vals( at->bam_next, v_bsi );
} else {
res = 1;
}
2005-07-26 06:11:09 +08:00
#ifdef BACKSQL_TRACE
done:;
#endif /* BACKSQL_TRACE */
backsql_FreeRow_x( &row, bsi->bsi_op->o_tmpmemctx );
return res;
}
int
backsql_id2entry( backsql_srch_info *bsi, backsql_entryID *eid )
2000-03-17 03:08:22 +08:00
{
2005-01-16 02:43:34 +08:00
Operation *op = bsi->bsi_op;
backsql_info *bi = (backsql_info *)op->o_bd->be_private;
int i;
int rc;
2000-03-17 03:08:22 +08:00
Debug( LDAP_DEBUG_TRACE, "==>backsql_id2entry()\n", 0, 0, 0 );
2000-03-17 03:08:22 +08:00
assert( bsi->bsi_e != NULL );
memset( bsi->bsi_e, 0, sizeof( Entry ) );
if ( bi->sql_baseObject && BACKSQL_IS_BASEOBJECT_ID( &eid->eid_id ) ) {
Entry *e;
e = entry_dup( bi->sql_baseObject );
if ( e == NULL ) {
return LDAP_NO_MEMORY;
}
*bsi->bsi_e = *e;
free( e );
goto done;
}
2005-01-16 02:43:34 +08:00
ber_dupbv_x( &bsi->bsi_e->e_name, &eid->eid_dn, op->o_tmpmemctx );
ber_dupbv_x( &bsi->bsi_e->e_nname, &eid->eid_ndn, op->o_tmpmemctx );
bsi->bsi_e->e_attrs = NULL;
bsi->bsi_e->e_private = NULL;
bsi->bsi_oc = backsql_id2oc( bsi->bsi_op->o_bd->be_private,
eid->eid_oc_id );
bsi->bsi_c_eid = eid;
#ifndef BACKSQL_ARBITRARY_KEY
2005-01-16 02:43:34 +08:00
/* FIXME: unused */
bsi->bsi_e->e_id = eid->eid_id;
#endif /* ! BACKSQL_ARBITRARY_KEY */
2005-01-08 17:59:16 +08:00
rc = attr_merge_normalize_one( bsi->bsi_e,
slap_schema.si_ad_objectClass,
&bsi->bsi_oc->bom_oc->soc_cname,
bsi->bsi_op->o_tmpmemctx );
if ( rc != LDAP_SUCCESS ) {
backsql_entry_clean( op, bsi->bsi_e );
return rc;
}
if ( bsi->bsi_attrs == NULL || ( bsi->bsi_flags & BSQL_SF_ALL_USER ) )
{
Debug( LDAP_DEBUG_TRACE, "backsql_id2entry(): "
"retrieving all attributes\n", 0, 0, 0 );
avl_apply( bsi->bsi_oc->bom_attrs, backsql_get_attr_vals,
bsi, 0, AVL_INORDER );
} else {
Debug( LDAP_DEBUG_TRACE, "backsql_id2entry(): "
"custom attribute list\n", 0, 0, 0 );
2005-01-16 02:43:34 +08:00
for ( i = 0; !BER_BVISNULL( &bsi->bsi_attrs[ i ].an_name ); i++ ) {
backsql_at_map_rec **vat;
AttributeName *an = &bsi->bsi_attrs[ i ];
int j;
/* if one of the attributes listed here is
* a subtype of another, it must be ignored,
* because subtypes are already dealt with
* by backsql_supad2at()
*/
2005-01-16 02:43:34 +08:00
for ( j = 0; !BER_BVISNULL( &bsi->bsi_attrs[ j ].an_name ); j++ ) {
/* skip self */
if ( j == i ) {
continue;
}
/* skip subtypes */
if ( is_at_subtype( an->an_desc->ad_type,
bsi->bsi_attrs[ j ].an_desc->ad_type ) )
{
goto next;
}
}
rc = backsql_supad2at( bsi->bsi_oc, an->an_desc, &vat );
if ( rc != 0 || vat == NULL ) {
Debug( LDAP_DEBUG_TRACE, "backsql_id2entry(): "
"attribute \"%s\" is not defined "
"for objectlass \"%s\"\n",
an->an_name.bv_val,
BACKSQL_OC_NAME( bsi->bsi_oc ), 0 );
continue;
}
for ( j = 0; vat[j]; j++ ) {
backsql_get_attr_vals( vat[j], bsi );
}
ch_free( vat );
next:;
}
}
2004-11-29 17:36:22 +08:00
if ( bsi->bsi_flags & BSQL_SF_RETURN_ENTRYUUID ) {
Attribute *a_entryUUID,
**ap;
a_entryUUID = backsql_operational_entryUUID( bi, eid );
if ( a_entryUUID != NULL ) {
for ( ap = &bsi->bsi_e->e_attrs;
*ap;
ap = &(*ap)->a_next );
*ap = a_entryUUID;
}
}
2005-05-12 08:03:50 +08:00
if ( ( bsi->bsi_flags & BSQL_SF_ALL_OPER )
|| an_find( bsi->bsi_attrs, &AllOper )
|| an_find( bsi->bsi_attrs, &slap_schema.si_ad_structuralObjectClass->ad_cname ) )
{
if ( BACKSQL_CHECK_SCHEMA( bi ) ) {
Attribute *a;
2005-05-12 08:03:50 +08:00
const char *text = NULL;
char textbuf[ 1024 ];
size_t textlen = sizeof( textbuf );
ObjectClass *soc = NULL;
struct berval bv[ 2 ],
*nvals;
int rc = LDAP_SUCCESS;
a = attr_find( bsi->bsi_e->e_attrs,
slap_schema.si_ad_objectClass );
if ( a != NULL ) {
nvals = a->a_nvals;
} else {
bv[ 0 ] = bsi->bsi_oc->bom_oc->soc_cname;
BER_BVZERO( &bv[ 1 ] );
nvals = bv;
}
Final run of changes to back-sql; IBM db2 support has been tested. Now related ITSes need be audited and possibly closed. Enhancements: - re-styled code for better readability - upgraded backend API to reflect recent changes - LDAP schema is checked when loading SQL/LDAP mapping - AttributeDescription/ObjectClass pointers used for more efficient mapping lookup - bervals used where string length is required often - atomized write operations by committing at the end of each operation and defaulting connection closure to rollback - added LDAP access control to write operations - fully implemented modrdn (with rdn attrs change, deleteoldrdn, access check, parent/children check and more) - added parent access control, children control to delete operation - added structuralObjectClass operational attribute check and value return on search - added hasSubordinate operational attribute on demand - search limits are appropriately enforced - function backsql_strcat() has been made more efficient - concat function has been made configurable by means of a pattern - added config switches: - fail_if_no_mapping write operations fail if there is no mapping - has_ldapinfo_dn_ru overrides autodetect - concat_pattern a string containing two '?' is used (note that "?||?" should be more portable than builtin function "CONCAT(?,?)") - strcast_func cast of string constants in "SELECT DISTINCT statements (needed by PostgreSQL) - upper_needs_cast cast the argument of upper when required (basically when building dn substring queries) Todo: - add security checks for SQL statements that can be injected (?) - re-test with previously supported RDBMs - replace dn_ru and so with normalized dn (no need for upper() and so in dn match) - implement a backsql_normalize() function to replace the upper() conversion routines - note that subtree deletion, subtree renaming and so could be easily implemented (rollback and consistency checks are available :) - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 16:54:08 +08:00
rc = structural_class( nvals, &soc, NULL,
2006-11-28 03:59:59 +08:00
&text, textbuf, textlen, op->o_tmpmemctx );
2003-04-16 07:11:31 +08:00
if ( rc != LDAP_SUCCESS ) {
2005-05-12 08:03:50 +08:00
Debug( LDAP_DEBUG_TRACE, "backsql_id2entry(%s): "
"structural_class() failed %d (%s)\n",
bsi->bsi_e->e_name.bv_val,
rc, text ? text : "" );
backsql_entry_clean( op, bsi->bsi_e );
return rc;
Final run of changes to back-sql; IBM db2 support has been tested. Now related ITSes need be audited and possibly closed. Enhancements: - re-styled code for better readability - upgraded backend API to reflect recent changes - LDAP schema is checked when loading SQL/LDAP mapping - AttributeDescription/ObjectClass pointers used for more efficient mapping lookup - bervals used where string length is required often - atomized write operations by committing at the end of each operation and defaulting connection closure to rollback - added LDAP access control to write operations - fully implemented modrdn (with rdn attrs change, deleteoldrdn, access check, parent/children check and more) - added parent access control, children control to delete operation - added structuralObjectClass operational attribute check and value return on search - added hasSubordinate operational attribute on demand - search limits are appropriately enforced - function backsql_strcat() has been made more efficient - concat function has been made configurable by means of a pattern - added config switches: - fail_if_no_mapping write operations fail if there is no mapping - has_ldapinfo_dn_ru overrides autodetect - concat_pattern a string containing two '?' is used (note that "?||?" should be more portable than builtin function "CONCAT(?,?)") - strcast_func cast of string constants in "SELECT DISTINCT statements (needed by PostgreSQL) - upper_needs_cast cast the argument of upper when required (basically when building dn substring queries) Todo: - add security checks for SQL statements that can be injected (?) - re-test with previously supported RDBMs - replace dn_ru and so with normalized dn (no need for upper() and so in dn match) - implement a backsql_normalize() function to replace the upper() conversion routines - note that subtree deletion, subtree renaming and so could be easily implemented (rollback and consistency checks are available :) - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 16:54:08 +08:00
}
if ( !bvmatch( &soc->soc_cname, &bsi->bsi_oc->bom_oc->soc_cname ) ) {
Debug( LDAP_DEBUG_TRACE, "backsql_id2entry(%s): "
"computed structuralObjectClass %s "
"does not match objectClass %s associated "
"to entry\n",
bsi->bsi_e->e_name.bv_val, soc->soc_cname.bv_val,
bsi->bsi_oc->bom_oc->soc_cname.bv_val );
backsql_entry_clean( op, bsi->bsi_e );
return rc;
}
Final run of changes to back-sql; IBM db2 support has been tested. Now related ITSes need be audited and possibly closed. Enhancements: - re-styled code for better readability - upgraded backend API to reflect recent changes - LDAP schema is checked when loading SQL/LDAP mapping - AttributeDescription/ObjectClass pointers used for more efficient mapping lookup - bervals used where string length is required often - atomized write operations by committing at the end of each operation and defaulting connection closure to rollback - added LDAP access control to write operations - fully implemented modrdn (with rdn attrs change, deleteoldrdn, access check, parent/children check and more) - added parent access control, children control to delete operation - added structuralObjectClass operational attribute check and value return on search - added hasSubordinate operational attribute on demand - search limits are appropriately enforced - function backsql_strcat() has been made more efficient - concat function has been made configurable by means of a pattern - added config switches: - fail_if_no_mapping write operations fail if there is no mapping - has_ldapinfo_dn_ru overrides autodetect - concat_pattern a string containing two '?' is used (note that "?||?" should be more portable than builtin function "CONCAT(?,?)") - strcast_func cast of string constants in "SELECT DISTINCT statements (needed by PostgreSQL) - upper_needs_cast cast the argument of upper when required (basically when building dn substring queries) Todo: - add security checks for SQL statements that can be injected (?) - re-test with previously supported RDBMs - replace dn_ru and so with normalized dn (no need for upper() and so in dn match) - implement a backsql_normalize() function to replace the upper() conversion routines - note that subtree deletion, subtree renaming and so could be easily implemented (rollback and consistency checks are available :) - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 16:54:08 +08:00
}
2005-05-12 08:03:50 +08:00
rc = attr_merge_normalize_one( bsi->bsi_e,
slap_schema.si_ad_structuralObjectClass,
&bsi->bsi_oc->bom_oc->soc_cname,
bsi->bsi_op->o_tmpmemctx );
2005-05-12 08:03:50 +08:00
if ( rc != LDAP_SUCCESS ) {
backsql_entry_clean( op, bsi->bsi_e );
2005-05-12 08:03:50 +08:00
return rc;
}
Final run of changes to back-sql; IBM db2 support has been tested. Now related ITSes need be audited and possibly closed. Enhancements: - re-styled code for better readability - upgraded backend API to reflect recent changes - LDAP schema is checked when loading SQL/LDAP mapping - AttributeDescription/ObjectClass pointers used for more efficient mapping lookup - bervals used where string length is required often - atomized write operations by committing at the end of each operation and defaulting connection closure to rollback - added LDAP access control to write operations - fully implemented modrdn (with rdn attrs change, deleteoldrdn, access check, parent/children check and more) - added parent access control, children control to delete operation - added structuralObjectClass operational attribute check and value return on search - added hasSubordinate operational attribute on demand - search limits are appropriately enforced - function backsql_strcat() has been made more efficient - concat function has been made configurable by means of a pattern - added config switches: - fail_if_no_mapping write operations fail if there is no mapping - has_ldapinfo_dn_ru overrides autodetect - concat_pattern a string containing two '?' is used (note that "?||?" should be more portable than builtin function "CONCAT(?,?)") - strcast_func cast of string constants in "SELECT DISTINCT statements (needed by PostgreSQL) - upper_needs_cast cast the argument of upper when required (basically when building dn substring queries) Todo: - add security checks for SQL statements that can be injected (?) - re-test with previously supported RDBMs - replace dn_ru and so with normalized dn (no need for upper() and so in dn match) - implement a backsql_normalize() function to replace the upper() conversion routines - note that subtree deletion, subtree renaming and so could be easily implemented (rollback and consistency checks are available :) - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 16:54:08 +08:00
}
done:;
Debug( LDAP_DEBUG_TRACE, "<==backsql_id2entry()\n", 0, 0, 0 );
return LDAP_SUCCESS;
2000-03-17 03:08:22 +08:00
}