mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-01-12 10:54:48 +08:00
more new API ...
This commit is contained in:
parent
8ecfc4e1db
commit
09b92f0aeb
servers/slapd/back-sql
@ -20,17 +20,9 @@
|
|||||||
#include "entry-id.h"
|
#include "entry-id.h"
|
||||||
|
|
||||||
int
|
int
|
||||||
backsql_bind(
|
backsql_bind( Operation *op, SlapReply *rs )
|
||||||
BackendDB *be,
|
|
||||||
Connection *conn,
|
|
||||||
Operation *op,
|
|
||||||
struct berval *dn,
|
|
||||||
struct berval *ndn,
|
|
||||||
int method,
|
|
||||||
struct berval *cred,
|
|
||||||
struct berval *edn )
|
|
||||||
{
|
{
|
||||||
backsql_info *bi = (backsql_info*)be->be_private;
|
backsql_info *bi = (backsql_info*)op->o_bd->be_private;
|
||||||
backsql_entryID user_id;
|
backsql_entryID user_id;
|
||||||
SQLHDBC dbh;
|
SQLHDBC dbh;
|
||||||
AttributeDescription *password = slap_schema.si_ad_userPassword;
|
AttributeDescription *password = slap_schema.si_ad_userPassword;
|
||||||
@ -41,73 +33,74 @@ backsql_bind(
|
|||||||
|
|
||||||
Debug( LDAP_DEBUG_TRACE, "==>backsql_bind()\n", 0, 0, 0 );
|
Debug( LDAP_DEBUG_TRACE, "==>backsql_bind()\n", 0, 0, 0 );
|
||||||
|
|
||||||
if ( be_isroot_pw( be, conn, ndn, cred ) ) {
|
if ( be_isroot_pw( op ) ) {
|
||||||
ber_dupbv( edn, be_root_dn( be ) );
|
ber_dupbv( &op->oq_bind.rb_edn, be_root_dn( op->o_bd ) );
|
||||||
Debug( LDAP_DEBUG_TRACE, "<==backsql_bind() root bind\n",
|
Debug( LDAP_DEBUG_TRACE, "<==backsql_bind() root bind\n",
|
||||||
0, 0, 0 );
|
0, 0, 0 );
|
||||||
return LDAP_SUCCESS;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
ber_dupbv( edn, ndn );
|
ber_dupbv( &op->oq_bind.rb_edn, &op->o_req_ndn );
|
||||||
|
|
||||||
if ( method != LDAP_AUTH_SIMPLE ) {
|
if ( op->oq_bind.rb_method != LDAP_AUTH_SIMPLE ) {
|
||||||
send_ldap_result( conn, op, LDAP_STRONG_AUTH_NOT_SUPPORTED,
|
rs->sr_err = LDAP_STRONG_AUTH_NOT_SUPPORTED;
|
||||||
NULL, "authentication method not supported",
|
rs->sr_text = "authentication method not supported";
|
||||||
NULL, NULL );
|
send_ldap_result( op, rs );
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* method = LDAP_AUTH_SIMPLE
|
* method = LDAP_AUTH_SIMPLE
|
||||||
*/
|
*/
|
||||||
rc = backsql_get_db_conn( be, conn, &dbh );
|
rs->sr_err = backsql_get_db_conn( op->o_bd, op->o_conn, &dbh );
|
||||||
if (!dbh) {
|
if (!dbh) {
|
||||||
Debug( LDAP_DEBUG_TRACE, "backsql_bind(): "
|
Debug( LDAP_DEBUG_TRACE, "backsql_bind(): "
|
||||||
"could not get connection handle - exiting\n",
|
"could not get connection handle - exiting\n",
|
||||||
0, 0, 0 );
|
0, 0, 0 );
|
||||||
send_ldap_result( conn, op, rc, "",
|
|
||||||
rc == LDAP_OTHER ? "SQL-backend error" : "",
|
rs->sr_text = ( rs->sr_err == LDAP_OTHER )
|
||||||
NULL, NULL );
|
? "SQL-backend error" : NULL;
|
||||||
|
send_ldap_result( op, rs );
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( backsql_dn2id( bi, &user_id, dbh, ndn ) != LDAP_SUCCESS ) {
|
rc = backsql_dn2id( bi, &user_id, dbh, &op->o_req_ndn );
|
||||||
|
if ( rc != LDAP_SUCCESS ) {
|
||||||
Debug( LDAP_DEBUG_TRACE, "backsql_bind(): "
|
Debug( LDAP_DEBUG_TRACE, "backsql_bind(): "
|
||||||
"could not retrieve bind dn id - no such entry\n",
|
"could not retrieve bind dn id - no such entry\n",
|
||||||
0, 0, 0 );
|
0, 0, 0 );
|
||||||
send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
|
rs->sr_err = LDAP_INVALID_CREDENTIALS;
|
||||||
NULL, NULL, NULL, NULL );
|
send_ldap_result( op, rs );
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
backsql_init_search( &bsi, bi, ndn, LDAP_SCOPE_BASE, -1, -1, -1,
|
backsql_init_search( &bsi, bi, &op->o_req_ndn, LDAP_SCOPE_BASE,
|
||||||
NULL, dbh, be, conn, op, NULL );
|
-1, -1, -1, NULL, dbh, op->o_bd, op->o_conn, op, NULL );
|
||||||
e = backsql_id2entry( &bsi, &user_entry, &user_id );
|
e = backsql_id2entry( &bsi, &user_entry, &user_id );
|
||||||
if ( e == NULL ) {
|
if ( e == NULL ) {
|
||||||
Debug( LDAP_DEBUG_TRACE, "backsql_bind(): "
|
Debug( LDAP_DEBUG_TRACE, "backsql_bind(): "
|
||||||
"error in backsql_id2entry() - auth failed\n",
|
"error in backsql_id2entry() - auth failed\n",
|
||||||
0, 0, 0 );
|
0, 0, 0 );
|
||||||
send_ldap_result( conn, op, LDAP_OTHER,
|
rs->sr_err = LDAP_OTHER;
|
||||||
NULL, NULL, NULL, NULL );
|
send_ldap_result( op, rs );
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( ! access_allowed( be, conn, op, e, password, NULL,
|
if ( ! access_allowed( op, e, password, NULL, ACL_AUTH, NULL ) ) {
|
||||||
ACL_AUTH, NULL ) ) {
|
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
|
||||||
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
|
send_ldap_result( op, rs );
|
||||||
NULL, NULL, NULL, NULL );
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( ( a = attr_find( e->e_attrs, password ) ) == NULL ) {
|
if ( ( a = attr_find( e->e_attrs, password ) ) == NULL ) {
|
||||||
send_ldap_result( conn, op, LDAP_INAPPROPRIATE_AUTH,
|
rs->sr_err = LDAP_INAPPROPRIATE_AUTH;
|
||||||
NULL, NULL, NULL, NULL );
|
send_ldap_result( op, rs );
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( slap_passwd_check( conn, a, cred ) != 0 ) {
|
if ( slap_passwd_check( op->o_conn, a, &op->oq_bind.rb_cred ) != 0 ) {
|
||||||
send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
|
rs->sr_err = LDAP_INVALID_CREDENTIALS;
|
||||||
NULL, NULL, NULL, NULL );
|
send_ldap_result( op, rs );
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -115,17 +108,5 @@ backsql_bind(
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
|
||||||
backsql_unbind(
|
|
||||||
BackendDB *be,
|
|
||||||
Connection *conn,
|
|
||||||
Operation *op )
|
|
||||||
{
|
|
||||||
Debug( LDAP_DEBUG_TRACE, "==>backsql_unbind()\n", 0, 0, 0 );
|
|
||||||
send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL, NULL, 0 );
|
|
||||||
Debug( LDAP_DEBUG_TRACE, "<==backsql_unbind()\n", 0, 0, 0 );
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
#endif /* SLAPD_SQL */
|
#endif /* SLAPD_SQL */
|
||||||
|
|
||||||
|
@ -14,7 +14,7 @@
|
|||||||
|
|
||||||
LDAP_BEGIN_DECL
|
LDAP_BEGIN_DECL
|
||||||
|
|
||||||
extern BI_init sql_back_initialize;
|
extern BI_init sql_back_initialize;
|
||||||
extern BI_destroy backsql_destroy;
|
extern BI_destroy backsql_destroy;
|
||||||
|
|
||||||
extern BI_db_init backsql_db_init;
|
extern BI_db_init backsql_db_init;
|
||||||
@ -25,14 +25,12 @@ extern BI_db_destroy backsql_db_destroy;
|
|||||||
extern BI_db_config backsql_db_config;
|
extern BI_db_config backsql_db_config;
|
||||||
|
|
||||||
extern BI_op_bind backsql_bind;
|
extern BI_op_bind backsql_bind;
|
||||||
extern BI_op_unbind backsql_unbind;
|
|
||||||
extern BI_op_search backsql_search;
|
extern BI_op_search backsql_search;
|
||||||
extern BI_op_compare backsql_compare;
|
extern BI_op_compare backsql_compare;
|
||||||
extern BI_op_modify backsql_modify;
|
extern BI_op_modify backsql_modify;
|
||||||
extern BI_op_modrdn backsql_modrdn;
|
extern BI_op_modrdn backsql_modrdn;
|
||||||
extern BI_op_add backsql_add;
|
extern BI_op_add backsql_add;
|
||||||
extern BI_op_delete backsql_delete;
|
extern BI_op_delete backsql_delete;
|
||||||
extern BI_op_abandon backsql_abandon;
|
|
||||||
|
|
||||||
extern BI_operational backsql_operational;
|
extern BI_operational backsql_operational;
|
||||||
|
|
||||||
|
@ -68,15 +68,10 @@ sql_back_initialize(
|
|||||||
bi->bi_db_close = backsql_db_close;
|
bi->bi_db_close = backsql_db_close;
|
||||||
bi->bi_db_destroy = backsql_db_destroy;
|
bi->bi_db_destroy = backsql_db_destroy;
|
||||||
|
|
||||||
#ifdef BACKSQL_ALL_DONE
|
|
||||||
bi->bi_op_abandon = backsql_abandon;
|
|
||||||
bi->bi_op_compare = backsql_compare;
|
|
||||||
#else
|
|
||||||
bi->bi_op_abandon = 0;
|
bi->bi_op_abandon = 0;
|
||||||
bi->bi_op_compare = 0;
|
bi->bi_op_compare = backsql_compare;
|
||||||
#endif
|
|
||||||
bi->bi_op_bind = backsql_bind;
|
bi->bi_op_bind = backsql_bind;
|
||||||
bi->bi_op_unbind = backsql_unbind;
|
bi->bi_op_unbind = 0;
|
||||||
bi->bi_op_search = backsql_search;
|
bi->bi_op_search = backsql_search;
|
||||||
bi->bi_op_modify = backsql_modify;
|
bi->bi_op_modify = backsql_modify;
|
||||||
bi->bi_op_modrdn = backsql_modrdn;
|
bi->bi_op_modrdn = backsql_modrdn;
|
||||||
|
@ -17,34 +17,106 @@
|
|||||||
#include "back-sql.h"
|
#include "back-sql.h"
|
||||||
#include "sql-wrap.h"
|
#include "sql-wrap.h"
|
||||||
#include "entry-id.h"
|
#include "entry-id.h"
|
||||||
|
#include "util.h"
|
||||||
|
|
||||||
int
|
int
|
||||||
backsql_compare(
|
backsql_compare( Operation *op, SlapReply *rs )
|
||||||
|
/*
|
||||||
BackendDB *bd,
|
BackendDB *bd,
|
||||||
Connection *conn,
|
Connection *conn,
|
||||||
Operation *op,
|
Operation *op,
|
||||||
struct berval *dn,
|
struct berval *dn,
|
||||||
struct berval *ndn,
|
struct berval *ndn,
|
||||||
AttributeAssertion *ava )
|
AttributeAssertion *ava ) */
|
||||||
{
|
{
|
||||||
Debug( LDAP_DEBUG_TRACE, "==>backsql_compare() - not implemented\n",
|
backsql_info *bi = (backsql_info*)op->o_bd->be_private;
|
||||||
|
backsql_entryID user_id;
|
||||||
|
SQLHDBC dbh;
|
||||||
|
Entry *e, user_entry;
|
||||||
|
Attribute *a;
|
||||||
|
backsql_srch_info bsi;
|
||||||
|
int rc;
|
||||||
|
AttributeName anlist[2];
|
||||||
|
|
||||||
|
Debug( LDAP_DEBUG_TRACE, "==>backsql_compare()\n", 0, 0, 0 );
|
||||||
|
|
||||||
|
rs->sr_err = backsql_get_db_conn( op->o_bd, op->o_conn, &dbh );
|
||||||
|
if (!dbh) {
|
||||||
|
Debug( LDAP_DEBUG_TRACE, "backsql_compare(): "
|
||||||
|
"could not get connection handle - exiting\n",
|
||||||
0, 0, 0 );
|
0, 0, 0 );
|
||||||
return 1;
|
|
||||||
|
rs->sr_text = ( rs->sr_err == LDAP_OTHER )
|
||||||
|
? "SQL-backend error" : NULL;
|
||||||
|
goto return_results;
|
||||||
|
}
|
||||||
|
|
||||||
|
rc = backsql_dn2id( bi, &user_id, dbh, &op->o_req_ndn );
|
||||||
|
if ( rc != LDAP_SUCCESS ) {
|
||||||
|
Debug( LDAP_DEBUG_TRACE, "backsql_compare(): "
|
||||||
|
"could not retrieve bind dn id - no such entry\n",
|
||||||
|
0, 0, 0 );
|
||||||
|
rs->sr_err = LDAP_INVALID_CREDENTIALS;
|
||||||
|
goto return_results;
|
||||||
|
}
|
||||||
|
|
||||||
|
anlist[0].an_name = op->oq_compare.rs_ava->aa_desc->ad_cname;
|
||||||
|
anlist[0].an_desc = op->oq_compare.rs_ava->aa_desc;
|
||||||
|
anlist[1].an_name.bv_val = NULL;
|
||||||
|
backsql_init_search( &bsi, bi, &op->o_req_ndn, LDAP_SCOPE_BASE,
|
||||||
|
-1, -1, -1, NULL, dbh, op->o_bd, op->o_conn, op,
|
||||||
|
anlist);
|
||||||
|
e = backsql_id2entry( &bsi, &user_entry, &user_id );
|
||||||
|
if ( e == NULL ) {
|
||||||
|
Debug( LDAP_DEBUG_TRACE, "backsql_compare(): "
|
||||||
|
"error in backsql_id2entry() - auth failed\n",
|
||||||
|
0, 0, 0 );
|
||||||
|
rs->sr_err = LDAP_OTHER;
|
||||||
|
goto return_results;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( ! access_allowed( op, e, op->oq_compare.rs_ava->aa_desc,
|
||||||
|
&op->oq_compare.rs_ava->aa_value,
|
||||||
|
ACL_COMPARE, NULL ) ) {
|
||||||
|
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
|
||||||
|
goto return_results;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
|
||||||
|
for ( a = attrs_find( e->e_attrs, op->oq_compare.rs_ava->aa_desc );
|
||||||
|
a != NULL;
|
||||||
|
a = attrs_find( a->a_next, op->oq_compare.rs_ava->aa_desc ))
|
||||||
|
{
|
||||||
|
rs->sr_err = LDAP_COMPARE_FALSE;
|
||||||
|
#ifdef SLAP_NVALUES
|
||||||
|
if ( value_find_ex( op->oq_compare.rs_ava->aa_desc,
|
||||||
|
SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
|
||||||
|
SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
|
||||||
|
a->a_nvals, &op->oq_compare.rs_ava->aa_value ) == 0 )
|
||||||
|
#else
|
||||||
|
if ( value_find( op->oq_compare.rs_ava->aa_desc, a->a_vals, &op->oq_compare.rs_ava->aa_value ) == 0 )
|
||||||
|
#endif
|
||||||
|
{
|
||||||
|
rs->sr_err = LDAP_COMPARE_TRUE;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return_results:;
|
||||||
|
send_ldap_result( op, rs );
|
||||||
|
|
||||||
|
Debug(LDAP_DEBUG_TRACE,"<==backsql_compare()\n",0,0,0);
|
||||||
|
switch ( rs->sr_err ) {
|
||||||
|
case LDAP_COMPARE_TRUE:
|
||||||
|
case LDAP_COMPARE_FALSE:
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
default:
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
|
||||||
backsql_abandon(
|
|
||||||
BackendDB *be,
|
|
||||||
Connection *conn,
|
|
||||||
Operation *op,
|
|
||||||
int msgid )
|
|
||||||
{
|
|
||||||
Debug( LDAP_DEBUG_TRACE, "==>backsql_abandon()\n", 0, 0, 0 );
|
|
||||||
Debug( LDAP_DEBUG_TRACE, "<==backsql_abandon()\n", 0, 0, 0 );
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* sets the supported operational attributes (if required)
|
* sets the supported operational attributes (if required)
|
||||||
*/
|
*/
|
||||||
|
@ -984,7 +984,8 @@ backsql_oc_get_candidates( void *v_oc, void *v_bsi )
|
|||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
backsql_search(
|
backsql_search( Operation *op, SlapReply *rs )
|
||||||
|
/*
|
||||||
BackendDB *be,
|
BackendDB *be,
|
||||||
Connection *conn,
|
Connection *conn,
|
||||||
Operation *op,
|
Operation *op,
|
||||||
@ -997,50 +998,54 @@ backsql_search(
|
|||||||
Filter *filter,
|
Filter *filter,
|
||||||
struct berval *filterstr,
|
struct berval *filterstr,
|
||||||
AttributeName *attrs,
|
AttributeName *attrs,
|
||||||
int attrsonly )
|
int attrsonly ) */
|
||||||
{
|
{
|
||||||
backsql_info *bi = (backsql_info *)be->be_private;
|
backsql_info *bi = (backsql_info *)op->o_bd->be_private;
|
||||||
SQLHDBC dbh;
|
SQLHDBC dbh;
|
||||||
int sres;
|
int sres;
|
||||||
int nentries;
|
|
||||||
Entry *entry, *res;
|
Entry *entry, *res;
|
||||||
int manageDSAit = get_manageDSAit( op );
|
int manageDSAit;
|
||||||
BerVarray v2refs = NULL;
|
|
||||||
time_t stoptime = 0;
|
time_t stoptime = 0;
|
||||||
backsql_srch_info srch_info;
|
backsql_srch_info srch_info;
|
||||||
backsql_entryID *eid = NULL;
|
backsql_entryID *eid = NULL;
|
||||||
struct slap_limits_set *limit = NULL;
|
struct slap_limits_set *limit = NULL;
|
||||||
int isroot = 0;
|
int isroot = 0;
|
||||||
|
|
||||||
|
manageDSAit = get_manageDSAit( op );
|
||||||
|
|
||||||
Debug( LDAP_DEBUG_TRACE, "==>backsql_search(): "
|
Debug( LDAP_DEBUG_TRACE, "==>backsql_search(): "
|
||||||
"base='%s', filter='%s', scope=%d,",
|
"base='%s', filter='%s', scope=%d,",
|
||||||
nbase->bv_val, filterstr->bv_val, scope );
|
op->o_req_ndn.bv_val,
|
||||||
|
op->oq_search.rs_filterstr.bv_val,
|
||||||
|
op->oq_search.rs_scope );
|
||||||
Debug( LDAP_DEBUG_TRACE, " deref=%d, attrsonly=%d, "
|
Debug( LDAP_DEBUG_TRACE, " deref=%d, attrsonly=%d, "
|
||||||
"attributes to load: %s\n",
|
"attributes to load: %s\n",
|
||||||
deref, attrsonly, attrs == NULL ? "all" : "custom list" );
|
op->oq_search.rs_deref,
|
||||||
|
op->oq_search.rs_attrsonly,
|
||||||
|
op->oq_search.rs_attrs == NULL ? "all" : "custom list" );
|
||||||
|
|
||||||
if ( nbase->bv_len > BACKSQL_MAX_DN_LEN ) {
|
if ( op->o_req_ndn.bv_len > BACKSQL_MAX_DN_LEN ) {
|
||||||
Debug( LDAP_DEBUG_TRACE, "backsql_search(): "
|
Debug( LDAP_DEBUG_TRACE, "backsql_search(): "
|
||||||
"search base length (%ld) exceeds max length (%ld)\n",
|
"search base length (%ld) exceeds max length (%ld)\n",
|
||||||
nbase->bv_len, BACKSQL_MAX_DN_LEN, 0 );
|
op->o_req_ndn.bv_len, BACKSQL_MAX_DN_LEN, 0 );
|
||||||
/*
|
/*
|
||||||
* FIXME: a LDAP_NO_SUCH_OBJECT could be appropriate
|
* FIXME: a LDAP_NO_SUCH_OBJECT could be appropriate
|
||||||
* since it is impossible that such a long DN exists
|
* since it is impossible that such a long DN exists
|
||||||
* in the backend
|
* in the backend
|
||||||
*/
|
*/
|
||||||
send_ldap_result( conn, op, LDAP_ADMINLIMIT_EXCEEDED,
|
rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
|
||||||
"", NULL, NULL, NULL );
|
send_ldap_result( op, rs );
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
sres = backsql_get_db_conn( be, conn, &dbh );
|
sres = backsql_get_db_conn( op->o_bd, op->o_conn, &dbh );
|
||||||
if ( sres != LDAP_SUCCESS ) {
|
if ( sres != LDAP_SUCCESS ) {
|
||||||
Debug( LDAP_DEBUG_TRACE, "backsql_search(): "
|
Debug( LDAP_DEBUG_TRACE, "backsql_search(): "
|
||||||
"could not get connection handle - exiting\n",
|
"could not get connection handle - exiting\n",
|
||||||
0, 0, 0 );
|
0, 0, 0 );
|
||||||
send_ldap_result( conn, op, sres, "",
|
rs->sr_err = sres;
|
||||||
sres == LDAP_OTHER ? "SQL-backend error" : "",
|
rs->sr_text = sres == LDAP_OTHER ? "SQL-backend error" : NULL;
|
||||||
NULL, NULL );
|
send_ldap_result( op, rs );
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1048,10 +1053,10 @@ backsql_search(
|
|||||||
srch_info.use_reverse_dn = BACKSQL_USE_REVERSE_DN( bi );
|
srch_info.use_reverse_dn = BACKSQL_USE_REVERSE_DN( bi );
|
||||||
|
|
||||||
/* if not root, get appropriate limits */
|
/* if not root, get appropriate limits */
|
||||||
if ( be_isroot( be, &op->o_ndn ) ) {
|
if ( be_isroot( op->o_bd, &op->o_ndn ) ) {
|
||||||
isroot = 1;
|
isroot = 1;
|
||||||
} else {
|
} else {
|
||||||
( void ) get_limits( be, &op->o_ndn, &limit );
|
( void ) get_limits( op->o_bd, &op->o_ndn, &limit );
|
||||||
}
|
}
|
||||||
|
|
||||||
/* The time/size limits come first because they require very little
|
/* The time/size limits come first because they require very little
|
||||||
@ -1060,32 +1065,31 @@ backsql_search(
|
|||||||
|
|
||||||
/* if no time limit requested, use soft limit (unless root!) */
|
/* if no time limit requested, use soft limit (unless root!) */
|
||||||
if ( isroot ) {
|
if ( isroot ) {
|
||||||
if ( tlimit == 0 ) {
|
if ( op->oq_search.rs_tlimit == 0 ) {
|
||||||
tlimit = -1; /* allow root to set no limit */
|
op->oq_search.rs_tlimit = -1; /* allow root to set no limit */
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( slimit == 0 ) {
|
if ( op->oq_search.rs_slimit == 0 ) {
|
||||||
slimit = -1;
|
op->oq_search.rs_slimit = -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
/* if no limit is required, use soft limit */
|
/* if no limit is required, use soft limit */
|
||||||
if ( tlimit <= 0 ) {
|
if ( op->oq_search.rs_tlimit <= 0 ) {
|
||||||
tlimit = limit->lms_t_soft;
|
op->oq_search.rs_tlimit = limit->lms_t_soft;
|
||||||
|
|
||||||
/* if requested limit higher than hard limit, abort */
|
/* if requested limit higher than hard limit, abort */
|
||||||
} else if ( tlimit > limit->lms_t_hard ) {
|
} else if ( op->oq_search.rs_tlimit > limit->lms_t_hard ) {
|
||||||
/* no hard limit means use soft instead */
|
/* no hard limit means use soft instead */
|
||||||
if ( limit->lms_t_hard == 0
|
if ( limit->lms_t_hard == 0
|
||||||
&& limit->lms_t_soft > -1
|
&& limit->lms_t_soft > -1
|
||||||
&& tlimit > limit->lms_t_soft ) {
|
&& op->oq_search.rs_tlimit > limit->lms_t_soft ) {
|
||||||
tlimit = limit->lms_t_soft;
|
op->oq_search.rs_tlimit = limit->lms_t_soft;
|
||||||
|
|
||||||
/* positive hard limit means abort */
|
/* positive hard limit means abort */
|
||||||
} else if ( limit->lms_t_hard > 0 ) {
|
} else if ( limit->lms_t_hard > 0 ) {
|
||||||
send_search_result( conn, op,
|
rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
|
||||||
LDAP_ADMINLIMIT_EXCEEDED,
|
send_ldap_result( op, rs );
|
||||||
NULL, NULL, NULL, NULL, 0 );
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1093,22 +1097,21 @@ backsql_search(
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* if no limit is required, use soft limit */
|
/* if no limit is required, use soft limit */
|
||||||
if ( slimit <= 0 ) {
|
if ( op->oq_search.rs_slimit <= 0 ) {
|
||||||
slimit = limit->lms_s_soft;
|
op->oq_search.rs_slimit = limit->lms_s_soft;
|
||||||
|
|
||||||
/* if requested limit higher than hard limit, abort */
|
/* if requested limit higher than hard limit, abort */
|
||||||
} else if ( slimit > limit->lms_s_hard ) {
|
} else if ( op->oq_search.rs_slimit > limit->lms_s_hard ) {
|
||||||
/* no hard limit means use soft instead */
|
/* no hard limit means use soft instead */
|
||||||
if ( limit->lms_s_hard == 0
|
if ( limit->lms_s_hard == 0
|
||||||
&& limit->lms_s_soft > -1
|
&& limit->lms_s_soft > -1
|
||||||
&& slimit > limit->lms_s_soft ) {
|
&& op->oq_search.rs_slimit > limit->lms_s_soft ) {
|
||||||
slimit = limit->lms_s_soft;
|
op->oq_search.rs_slimit = limit->lms_s_soft;
|
||||||
|
|
||||||
/* positive hard limit means abort */
|
/* positive hard limit means abort */
|
||||||
} else if ( limit->lms_s_hard > 0 ) {
|
} else if ( limit->lms_s_hard > 0 ) {
|
||||||
send_search_result( conn, op,
|
rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
|
||||||
LDAP_ADMINLIMIT_EXCEEDED,
|
send_ldap_result( op, rs );
|
||||||
NULL, NULL, NULL, NULL, 0 );
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1117,11 +1120,14 @@ backsql_search(
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* compute it anyway; root does not use it */
|
/* compute it anyway; root does not use it */
|
||||||
stoptime = op->o_time + tlimit;
|
stoptime = op->o_time + op->oq_search.rs_tlimit;
|
||||||
|
|
||||||
backsql_init_search( &srch_info, bi, nbase, scope,
|
backsql_init_search( &srch_info, bi, &op->o_req_dn,
|
||||||
slimit, tlimit, stoptime, filter, dbh,
|
op->oq_search.rs_scope,
|
||||||
be, conn, op, attrs );
|
op->oq_search.rs_slimit, op->oq_search.rs_tlimit,
|
||||||
|
stoptime, op->oq_search.rs_filter,
|
||||||
|
dbh, op->o_bd, op->o_conn, op,
|
||||||
|
op->oq_search.rs_attrs );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* for each objectclass we try to construct query which gets IDs
|
* for each objectclass we try to construct query which gets IDs
|
||||||
@ -1134,14 +1140,12 @@ backsql_search(
|
|||||||
&srch_info, BACKSQL_STOP, AVL_INORDER );
|
&srch_info, BACKSQL_STOP, AVL_INORDER );
|
||||||
if ( !isroot && limit->lms_s_unchecked != -1 ) {
|
if ( !isroot && limit->lms_s_unchecked != -1 ) {
|
||||||
if ( srch_info.n_candidates == -1 ) {
|
if ( srch_info.n_candidates == -1 ) {
|
||||||
send_search_result( conn, op,
|
rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
|
||||||
LDAP_ADMINLIMIT_EXCEEDED,
|
send_ldap_result( op, rs );
|
||||||
NULL, NULL, NULL, NULL, 0 );
|
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
nentries = 0;
|
|
||||||
/*
|
/*
|
||||||
* now we load candidate entries (only those attributes
|
* now we load candidate entries (only those attributes
|
||||||
* mentioned in attrs and filter), test it against full filter
|
* mentioned in attrs and filter), test it against full filter
|
||||||
@ -1158,9 +1162,13 @@ backsql_search(
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* check time limit */
|
/* check time limit */
|
||||||
if ( tlimit != -1 && slap_get_time() > stoptime ) {
|
if ( op->oq_search.rs_tlimit != -1 && slap_get_time() > stoptime ) {
|
||||||
send_search_result( conn, op, LDAP_TIMELIMIT_EXCEEDED,
|
rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
|
||||||
NULL, NULL, v2refs, NULL, nentries );
|
rs->sr_ctrls = NULL;
|
||||||
|
rs->sr_ref = rs->sr_v2ref;
|
||||||
|
rs->sr_err = (rs->sr_v2ref == NULL) ? LDAP_SUCCESS
|
||||||
|
: LDAP_REFERRAL;
|
||||||
|
send_ldap_result( op, rs );
|
||||||
goto end_of_search;
|
goto end_of_search;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1177,14 +1185,34 @@ backsql_search(
|
|||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( !manageDSAit && scope != LDAP_SCOPE_BASE &&
|
if ( !manageDSAit &&
|
||||||
is_entry_referral( entry ) ) {
|
op->oq_search.rs_scope != LDAP_SCOPE_BASE &&
|
||||||
BerVarray refs = get_entry_referrals( be, conn,
|
is_entry_referral( entry ) ) {
|
||||||
op, entry );
|
BerVarray refs;
|
||||||
|
struct berval matched_dn;
|
||||||
|
|
||||||
|
ber_dupbv( &matched_dn, &entry->e_name );
|
||||||
|
refs = get_entry_referrals( op, entry );
|
||||||
|
if ( refs ) {
|
||||||
|
rs->sr_ref = referral_rewrite( refs,
|
||||||
|
&matched_dn, &op->o_req_dn,
|
||||||
|
op->oq_search.rs_scope );
|
||||||
|
ber_bvarray_free( refs );
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!rs->sr_ref) {
|
||||||
|
rs->sr_text = "bad_referral object";
|
||||||
|
}
|
||||||
|
|
||||||
|
rs->sr_err = LDAP_REFERRAL;
|
||||||
|
rs->sr_matched = matched_dn.bv_val;
|
||||||
|
send_ldap_result( op, rs );
|
||||||
|
|
||||||
|
ber_bvarray_free( rs->sr_ref );
|
||||||
|
rs->sr_ref = NULL;
|
||||||
|
ber_memfree( matched_dn.bv_val );
|
||||||
|
rs->sr_matched = NULL;
|
||||||
|
|
||||||
send_search_reference( be, conn, op, entry, refs,
|
|
||||||
NULL, &v2refs );
|
|
||||||
ber_bvarray_free( refs );
|
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1226,10 +1254,10 @@ backsql_search(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( test_filter( be, conn, op, entry, filter )
|
if ( test_filter( op, entry, op->oq_search.rs_filter )
|
||||||
== LDAP_COMPARE_TRUE ) {
|
== LDAP_COMPARE_TRUE ) {
|
||||||
if ( hasSubordinate && !( srch_info.bsi_flags & BSQL_SF_ALL_OPER )
|
if ( hasSubordinate && !( srch_info.bsi_flags & BSQL_SF_ALL_OPER )
|
||||||
&& !ad_inlist( slap_schema.si_ad_hasSubordinates, attrs ) ) {
|
&& !ad_inlist( slap_schema.si_ad_hasSubordinates, op->oq_search.rs_attrs ) ) {
|
||||||
a->a_next = NULL;
|
a->a_next = NULL;
|
||||||
attr_free( hasSubordinate );
|
attr_free( hasSubordinate );
|
||||||
hasSubordinate = NULL;
|
hasSubordinate = NULL;
|
||||||
@ -1240,15 +1268,14 @@ backsql_search(
|
|||||||
sres = 0;
|
sres = 0;
|
||||||
} else {
|
} else {
|
||||||
#endif
|
#endif
|
||||||
sres = send_search_entry( be, conn, op, entry,
|
rs->sr_entry = entry;
|
||||||
attrs, attrsonly, NULL );
|
sres = send_search_entry( op, rs );
|
||||||
#if 0
|
#if 0
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
switch ( sres ) {
|
switch ( sres ) {
|
||||||
case 0:
|
case 0:
|
||||||
nentries++;
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case -1:
|
case -1:
|
||||||
@ -1266,24 +1293,30 @@ backsql_search(
|
|||||||
}
|
}
|
||||||
entry_free( entry );
|
entry_free( entry );
|
||||||
|
|
||||||
if ( slimit != -1 && nentries >= slimit ) {
|
if ( op->oq_search.rs_slimit != -1
|
||||||
send_search_result( conn, op, LDAP_SIZELIMIT_EXCEEDED,
|
&& rs->sr_nentries >= op->oq_search.rs_slimit ) {
|
||||||
NULL, NULL, v2refs, NULL, nentries );
|
rs->sr_err = LDAP_SIZELIMIT_EXCEEDED;
|
||||||
|
send_ldap_result( op, rs );
|
||||||
goto end_of_search;
|
goto end_of_search;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
end_of_search:;
|
end_of_search:;
|
||||||
|
|
||||||
if ( nentries > 0 ) {
|
if ( rs->sr_nentries > 0 ) {
|
||||||
send_search_result( conn, op,
|
rs->sr_ref = rs->sr_v2ref;
|
||||||
v2refs == NULL ? LDAP_SUCCESS : LDAP_REFERRAL,
|
rs->sr_err = (rs->sr_v2ref == NULL) ? LDAP_SUCCESS
|
||||||
NULL, NULL, v2refs, NULL, nentries );
|
: LDAP_REFERRAL;
|
||||||
} else {
|
} else {
|
||||||
send_ldap_result( conn, op, srch_info.status,
|
rs->sr_err = srch_info.status;
|
||||||
NULL, NULL, NULL, 0 );
|
|
||||||
}
|
}
|
||||||
|
send_ldap_result( op, rs );
|
||||||
|
|
||||||
|
if ( rs->sr_v2ref ) {
|
||||||
|
ber_bvarray_free( rs->sr_v2ref );
|
||||||
|
rs->sr_v2ref = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
done:;
|
done:;
|
||||||
ch_free( srch_info.attrs );
|
ch_free( srch_info.attrs );
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user