diff --git a/servers/slapd/overlays/sssvlv.c b/servers/slapd/overlays/sssvlv.c new file mode 100644 index 0000000000..0131c21a57 --- /dev/null +++ b/servers/slapd/overlays/sssvlv.c @@ -0,0 +1,1013 @@ +/* sssvlv.c - server side sort / virtual list view */ +/* $OpenLDAP$ */ +/* This work is part of OpenLDAP Software . + * + * Copyright 2009 The OpenLDAP Foundation. + * Portions copyright 2009 Symas Corporation. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in the file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * . + */ +/* ACKNOWLEDGEMENTS: + * This work was initially developed by Howard Chu for inclusion in + * OpenLDAP Software. + */ + +#include "portable.h" + +#define SLAPD_OVER_SSSVLV SLAPD_MOD_DYNAMIC + +#ifdef SLAPD_OVER_SSSVLV + +#include + +#include +#include + +#include + +#include "slap.h" +#include "lutil.h" + +/* RFC2891: Server Side Sorting + * RFC2696: Paged Results + */ +#ifndef LDAP_MATCHRULE_IDENTIFIER +#define LDAP_MATCHRULE_IDENTIFIER 0x80L +#define LDAP_REVERSEORDER_IDENTIFIER 0x81L +#define LDAP_ATTRTYPES_IDENTIFIER 0x80L +#endif + +/* draft-ietf-ldapext-ldapv3-vlv-09.txt: Virtual List Views + */ +#ifndef LDAP_VLVBYINDEX_IDENTIFIER +#define LDAP_VLVBYINDEX_IDENTIFIER 0xa0L +#define LDAP_VLVBYVALUE_IDENTIFIER 0x81L +#define LDAP_VLVCONTEXT_IDENTIFIER 0x04L + +#define LDAP_VLV_SSS_MISSING 0x4C +#define LDAP_VLV_RANGE_ERROR 0x4D +#endif + +#define SAFESTR(macro_str, macro_def) ((macro_str) ? (macro_str) : (macro_def)) + +typedef struct vlv_ctrl { + int vc_before; + int vc_after; + int vc_offset; + int vc_count; + struct berval vc_value; + unsigned long vc_context; +} vlv_ctrl; + +typedef struct sort_key +{ + AttributeDescription *sk_ad; + MatchingRule *sk_ordering; + int sk_direction; /* 1=normal, -1=reverse */ +} sort_key; + +typedef struct sort_ctrl { + int sc_nkeys; + sort_key sc_keys[0]; +} sort_ctrl; + + +typedef struct sort_node +{ + int sn_conn; + struct berval sn_dn; + struct berval *sn_vals; +} sort_node; + +typedef struct sssvlv_info +{ + int svi_max; /* max concurrent sorts */ + int svi_num; /* current # sorts */ + int svi_max_keys; /* max sort keys per request */ +} sssvlv_info; + +typedef struct sort_op +{ + Avlnode *so_tree; + sort_ctrl *so_ctrl; + sssvlv_info *so_info; + int so_paged; + int so_page_size; + int so_nentries; + int so_vlv; + int so_vlv_rc; + int so_vlv_target; + unsigned long so_vcontext; +} sort_op; + +/* There is only one conn table for all overlay instances */ +static sort_op **sort_conns; +static ldap_pvt_thread_mutex_t sort_conns_mutex; +static const char *debug_header = "sssvlv"; + +static int sss_cid; +static int vlv_cid; + +/* RFC 2981 Section 2.2 + * If a sort key is a multi-valued attribute, and an entry happens to + * have multiple values for that attribute and no other controls are + * present that affect the sorting order, then the server SHOULD use the + * least value (according to the ORDERING rule for that attribute). + */ +static struct berval* select_value( + Attribute *attr, + sort_key *key ) +{ + struct berval* ber1, *ber2; + MatchingRule *mr = key->sk_ordering; + int i, cmp; + + ber1 = &(attr->a_nvals[0]); + ber2 = ber1+1; + for ( i = 1; i < attr->a_numvals; i++,ber2++ ) { + mr->smr_match( &cmp, 0, mr->smr_syntax, mr, ber1, ber2 ); + if ( cmp > 0 ) { + ber1 = ber2; + } + } + + Debug(LDAP_DEBUG_TRACE, "%s: value selected for compare: %s\n", + debug_header, + SAFESTR(ber1->bv_val, ""), + 0); + + return ber1; +} + +static int node_cmp( const void* val1, const void* val2 ) +{ + sort_node *sn1 = (sort_node *)val1; + sort_node *sn2 = (sort_node *)val2; + sort_ctrl *sc = sort_conns[sn1->sn_conn]->so_ctrl; + MatchingRule *mr; + int i, cmp = 0; + + for ( i=0; cmp == 0 && isc_nkeys; i++ ) { + if ( BER_BVISNULL( &sn1->sn_vals[i] )) { + if ( BER_BVISNULL( &sn2->sn_vals[i] )) + cmp = 0; + else + cmp = sc->sc_keys[i].sk_direction; + } else if ( BER_BVISNULL( &sn2->sn_vals[i] )) { + cmp = sc->sc_keys[i].sk_direction * -1; + } else { + mr = sc->sc_keys[i].sk_ordering; + mr->smr_match( &cmp, 0, mr->smr_syntax, mr, + &sn1->sn_vals[i], &sn2->sn_vals[i] ); + } + } + /* Never return equal so that new entries are always inserted */ + return cmp < 0 ? -1 : 1; +} + +static int pack_vlv_response_control( + Operation *op, + SlapReply *rs, + sort_op *so, + LDAPControl **ctrlsp ) +{ + LDAPControl *ctrl; + BerElementBuffer berbuf; + BerElement *ber = (BerElement *)&berbuf; + PagedResultsCookie resp_cookie; + struct berval cookie, bv; + int rc; + + ber_init2( ber, NULL, LBER_USE_DER ); + ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx ); + + rc = ber_printf( ber, "{iii", so->so_vlv_target, so->so_nentries, + so->so_vlv_rc ); + + if ( rc != -1 && so->so_vcontext ) { + cookie.bv_val = (char *)&so->so_vcontext; + cookie.bv_len = sizeof(so->so_vcontext); + rc = ber_printf( ber, "tO", LDAP_VLVCONTEXT_IDENTIFIER, &cookie ); + } + + if ( rc != -1 ) { + rc = ber_printf( ber, "}" ); + } + + if ( rc != -1 ) { + rc = ber_flatten2( ber, &bv, 0 ); + } + + if ( rc != -1 ) { + ctrl = (LDAPControl *)op->o_tmpalloc( sizeof(LDAPControl)+ + bv.bv_len, op->o_tmpmemctx ); + ctrl->ldctl_oid = LDAP_CONTROL_VLVRESPONSE; + ctrl->ldctl_iscritical = 0; + ctrl->ldctl_value.bv_val = (char *)(ctrl+1); + ctrl->ldctl_value.bv_len = bv.bv_len; + AC_MEMCPY( ctrl->ldctl_value.bv_val, bv.bv_val, bv.bv_len ); + ctrlsp[0] = ctrl; + } else { + ctrlsp[0] = NULL; + rs->sr_err = LDAP_OTHER; + } + + ber_free_buf( ber ); + + return rs->sr_err; +} + +static int pack_pagedresult_response_control( + Operation *op, + SlapReply *rs, + sort_op *so, + LDAPControl **ctrlsp ) +{ + LDAPControl *ctrl; + BerElementBuffer berbuf; + BerElement *ber = (BerElement *)&berbuf; + PagedResultsCookie resp_cookie; + struct berval cookie, bv; + int rc; + + ber_init2( ber, NULL, LBER_USE_DER ); + ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx ); + + if ( so->so_nentries > 0 ) { + resp_cookie = ( PagedResultsCookie )so->so_tree; + cookie.bv_len = sizeof( PagedResultsCookie ); + cookie.bv_val = (char *)&resp_cookie; + } else { + resp_cookie = ( PagedResultsCookie )0; + BER_BVZERO( &cookie ); + } + + op->o_conn->c_pagedresults_state.ps_cookie = resp_cookie; + op->o_conn->c_pagedresults_state.ps_count + = ((PagedResultsState *)op->o_pagedresults_state)->ps_count + + rs->sr_nentries; + + rc = ber_printf( ber, "{iO}", so->so_nentries, &cookie ); + if ( rc != -1 ) { + rc = ber_flatten2( ber, &bv, 0 ); + } + + if ( rc != -1 ) { + ctrl = (LDAPControl *)op->o_tmpalloc( sizeof(LDAPControl)+ + bv.bv_len, op->o_tmpmemctx ); + ctrl->ldctl_oid = LDAP_CONTROL_PAGEDRESULTS; + ctrl->ldctl_iscritical = 0; + ctrl->ldctl_value.bv_val = (char *)(ctrl+1); + ctrl->ldctl_value.bv_len = bv.bv_len; + AC_MEMCPY( ctrl->ldctl_value.bv_val, bv.bv_val, bv.bv_len ); + ctrlsp[0] = ctrl; + } else { + ctrlsp[0] = NULL; + rs->sr_err = LDAP_OTHER; + } + + ber_free_buf( ber ); + + return rs->sr_err; +} + +static int pack_sss_response_control( + Operation *op, + SlapReply *rs, + LDAPControl **ctrlsp ) +{ + LDAPControl *ctrl; + BerElementBuffer berbuf; + BerElement *ber = (BerElement *)&berbuf; + struct berval bv; + int rc; + + ber_init2( ber, NULL, LBER_USE_DER ); + ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx ); + + /* Pack error code */ + rc = ber_printf(ber, "{e}", rs->sr_err); + + if ( rc != -1) + rc = ber_flatten2( ber, &bv, 0 ); + + if ( rc != -1 ) { + ctrl = (LDAPControl *)op->o_tmpalloc( sizeof(LDAPControl)+ + bv.bv_len, op->o_tmpmemctx ); + ctrl->ldctl_oid = LDAP_CONTROL_SORTRESPONSE; + ctrl->ldctl_iscritical = 0; + ctrl->ldctl_value.bv_val = (char *)(ctrl+1); + ctrl->ldctl_value.bv_len = bv.bv_len; + AC_MEMCPY( ctrl->ldctl_value.bv_val, bv.bv_val, bv.bv_len ); + ctrlsp[0] = ctrl; + } else { + ctrlsp[0] = NULL; + rs->sr_err = LDAP_OTHER; + } + + ber_free_buf( ber ); + + return rs->sr_err; +} + +static void free_sort_op( Connection *conn, sort_op *so ) +{ + if ( so->so_tree ) { + tavl_free( so->so_tree, ch_free ); + so->so_tree = NULL; + } + + ldap_pvt_thread_mutex_lock( &sort_conns_mutex ); + sort_conns[conn->c_conn_idx] = NULL; + so->so_info->svi_num--; + ldap_pvt_thread_mutex_unlock( &sort_conns_mutex ); + + ch_free( so ); +} + +static void send_page( Operation *op, SlapReply *rs, sort_op *so ) +{ + Avlnode *cur_node = so->so_tree; + Avlnode *next_node = NULL; + BackendDB *be = op->o_bd; + sort_node *sn; + Entry *e; + int rc; + + while ( cur_node && rs->sr_nentries < so->so_page_size ) { + sort_node *sn = cur_node->avl_data; + + next_node = tavl_next( cur_node, TAVL_DIR_RIGHT ); + + + op->o_bd = select_backend( &sn->sn_dn, 0 ); + e = NULL; + rc = be_entry_get_rw( op, &sn->sn_dn, NULL, NULL, 0, &e ); + + ch_free( cur_node->avl_data ); + ber_memfree( cur_node ); + + cur_node = next_node; + so->so_nentries--; + + if ( e && rc == LDAP_SUCCESS ) { + rs->sr_entry = e; + rs->sr_flags = REP_ENTRY_MUSTRELEASE; + rs->sr_err = send_search_entry( op, rs ); + if ( rs->sr_err == LDAP_UNAVAILABLE ) + break; + } + } + + /* Set the first entry to send for the next page */ + so->so_tree = next_node; + + op->o_bd = be; +} + +static int send_entry( + Operation *op, + SlapReply *rs, + sort_op *so) +{ + Debug(LDAP_DEBUG_TRACE, + "%s: response control: status=%d, text=%s\n", + debug_header, rs->sr_err, SAFESTR(rs->sr_text, "")); + + /* RFC 2891: If critical then send the entries iff they were + * succesfully sorted. If non-critical send all entries + * whether they were sorted or not. + */ + if ( (op->o_ctrlflag[sss_cid] != SLAP_CONTROL_CRITICAL) || + (rs->sr_err == LDAP_SUCCESS) ) + { + /* Get the first node to send */ + Avlnode *start_node = tavl_end(so->so_tree, TAVL_DIR_LEFT); + so->so_tree = start_node; + + if ( so->so_paged <= SLAP_CONTROL_IGNORED ) { + /* Not paged result search. Send all entries. + * Set the page size to the number of entries + * so that send_page() will send all entries. + */ + so->so_page_size = so->so_nentries; + } + + send_page( op, rs, so ); + } + + return SLAP_CB_CONTINUE; +} + +static void send_result( + Operation *op, + SlapReply *rs, + sort_op *so) +{ + LDAPControl *ctrls[3]; + int rc; + + rc = pack_sss_response_control( op, rs, ctrls ); + if ( rc == LDAP_SUCCESS && so->so_paged > SLAP_CONTROL_IGNORED ) { + rc = pack_pagedresult_response_control( op, rs, so, ctrls+1 ); + ctrls[2] = NULL; + } else { + ctrls[1] = NULL; + } + + if ( ctrls[0] != NULL ) + slap_add_ctrls( op, rs, ctrls ); + send_ldap_result( op, rs ); + + if ( so->so_tree == NULL ) { + /* Search finished, so clean up */ + free_sort_op( op->o_conn, so ); + } +} + +static int sssvlv_op_response( + Operation *op, + SlapReply *rs ) +{ + sort_ctrl *sc = op->o_controls[sss_cid]; + sort_op *so = op->o_callback->sc_private; + int rc = SLAP_CB_CONTINUE; + + if ( rs->sr_type == REP_SEARCH ) { + int i; + size_t len; + sort_node *sn, *sn2; + struct berval *bv; + char *ptr; + + len = sizeof(sort_node) + sc->sc_nkeys * sizeof(struct berval) + + rs->sr_entry->e_nname.bv_len + 1; + sn = op->o_tmpalloc( len, op->o_tmpmemctx ); + sn->sn_vals = (struct berval *)(sn+1); + + /* Build tmp list of key values */ + for ( i=0; isc_nkeys; i++ ) { + Attribute *a = attr_find( rs->sr_entry->e_attrs, + sc->sc_keys[i].sk_ad ); + if ( a ) { + if ( a->a_numvals > 1 ) { + bv = select_value( a, &sc->sc_keys[i] ); + } else { + bv = a->a_nvals; + } + sn->sn_vals[i] = *bv; + len += bv->bv_len + 1; + } else { + BER_BVZERO( &sn->sn_vals[i] ); + } + } + + /* Now dup into regular memory */ + sn2 = ch_malloc( len ); + sn2->sn_vals = (struct berval *)(sn2+1); + AC_MEMCPY( sn2->sn_vals, sn->sn_vals, + sc->sc_nkeys * sizeof(struct berval)); + sn = sn2; + + ptr = (char *)(sn->sn_vals + sc->sc_nkeys); + sn->sn_dn.bv_val = ptr; + sn->sn_dn.bv_len = rs->sr_entry->e_nname.bv_len; + AC_MEMCPY( ptr, rs->sr_entry->e_nname.bv_val, + rs->sr_entry->e_nname.bv_len ); + ptr += rs->sr_entry->e_nname.bv_len; + *ptr++ = '\0'; + for ( i=0; isc_nkeys; i++ ) { + if ( !BER_BVISNULL( &sn->sn_vals[i] )) { + AC_MEMCPY( ptr, sn->sn_vals[i].bv_val, sn->sn_vals[i].bv_len ); + sn->sn_vals[i].bv_val = ptr; + ptr += sn->sn_vals[i].bv_len; + *ptr++ = '\0'; + } + } + sn->sn_conn = op->o_conn->c_conn_idx; + + /* Insert into the AVL tree */ + tavl_insert(&(so->so_tree), sn, node_cmp, avl_dup_ok); + + so->so_nentries++; + + /* Collected the keys so that they can be sorted. Thus, stop + * the entry from propagating. + */ + rc = LDAP_SUCCESS; + } + else if ( rs->sr_type == REP_RESULT ) { + /* Remove serversort response callback. + * We don't want the entries that we are about to send to be + * processed by serversort response again. + */ + if ( op->o_callback->sc_response == sssvlv_op_response ) { + op->o_callback = op->o_callback->sc_next; + } + + rc = send_entry( op, rs, so ); + send_result( op, rs, so ); + } + + return rc; +} + +static int sssvlv_op_search( + Operation *op, + SlapReply *rs) +{ + slap_overinst *on = (slap_overinst *)op->o_bd->bd_info; + sssvlv_info *si = on->on_bi.bi_private; + int rc = SLAP_CB_CONTINUE; + int ok; + sort_op *so, so2; + sort_ctrl *sc = op->o_controls[sss_cid]; + PagedResultsState *ps; + vlv_ctrl *vc; + + if ( op->o_ctrlflag[sss_cid] <= SLAP_CONTROL_IGNORED ) { + if ( op->o_ctrlflag[vlv_cid] > SLAP_CONTROL_IGNORED ) { + LDAPControl *ctrls[2]; + so2.so_vcontext = 0; + so2.so_vlv_target = 0; + so2.so_nentries = 0; + so2.so_vlv_rc = LDAP_VLV_SSS_MISSING; + rc = pack_vlv_response_control( op, rs, &so2, ctrls ); + if ( rc == LDAP_SUCCESS ) { + ctrls[1] = NULL; + slap_add_ctrls( op, rs, ctrls ); + } + rs->sr_err = LDAP_VLV_ERROR; + rs->sr_text = "Sort control is required with VLV"; + goto leave; + } + /* Not server side sort so just continue */ + return SLAP_CB_CONTINUE; + } + + Debug(LDAP_DEBUG_TRACE, + "==> sssvlv_search: <%s> %s, control flag: %d\n", + op->o_req_dn.bv_val, op->ors_filterstr.bv_val, + op->o_ctrlflag[sss_cid]); + + if ( sc->sc_nkeys > si->svi_max_keys ) { + rs->sr_text = "Too many sort keys"; + rs->sr_err = LDAP_UNWILLING_TO_PERFORM; + goto leave; + } + + ps = ( op->o_pagedresults > SLAP_CONTROL_IGNORED ) ? + (PagedResultsState*)(op->o_pagedresults_state) : NULL; + vc = op->o_ctrlflag[vlv_cid] > SLAP_CONTROL_IGNORED ? + op->o_controls[vlv_cid] : NULL; + + if ( ps && vc ) { + rs->sr_text = "VLV incompatible with PagedResults"; + rs->sr_err = LDAP_UNWILLING_TO_PERFORM; + goto leave; + } + + ok = 1; + ldap_pvt_thread_mutex_lock( &sort_conns_mutex ); + so = sort_conns[op->o_conn->c_conn_idx]; + /* Is there already a sort running on this conn? */ + if ( so ) { + /* Is it a continuation of a VLV search? */ + if ( !vc || so->so_vlv <= SLAP_CONTROL_IGNORED || + vc->vc_context != so->so_vcontext ) { + /* Is it a continuation of a paged search? */ + if ( !ps || so->so_paged <= SLAP_CONTROL_IGNORED || + op->o_conn->c_pagedresults_state.ps_cookie != ps->ps_cookie ) { + ok = 0; + } else if ( !ps->ps_size ) { + /* Abandoning current request */ + ok = 0; + } + } + /* Are there too many running overall? */ + } else if ( si->svi_num >= si->svi_max ) { + ok = 0; + } else { + /* OK, this connection now has a sort running */ + si->svi_num++; + sort_conns[op->o_conn->c_conn_idx] = &so2; + } + ldap_pvt_thread_mutex_unlock( &sort_conns_mutex ); + if ( ok ) { + /* are we continuing a paged search? */ + if ( ps && ps->ps_cookie ) { + so->so_ctrl = sc; + send_page( op, rs, so ); + send_result( op, rs, so ); + rc = LDAP_SUCCESS; + } + else { + slap_callback *cb = op->o_tmpalloc( sizeof(slap_callback), + op->o_tmpmemctx ); + /* Install serversort response callback to handle a new search */ + if ( ps ) { + so = ch_malloc( sizeof(sort_op)); + } else { + so = op->o_tmpalloc( sizeof(sort_op), op->o_tmpmemctx ); + } + sort_conns[op->o_conn->c_conn_idx] = so; + + cb->sc_cleanup = NULL; + cb->sc_response = sssvlv_op_response; + cb->sc_next = op->o_callback; + cb->sc_private = so; + + so->so_tree = NULL; + so->so_ctrl = sc; + so->so_info = si; + if ( ps ) { + so->so_paged = op->o_pagedresults; + so->so_page_size = ps->ps_size; + op->o_pagedresults = SLAP_CONTROL_IGNORED; + } else { + so->so_paged = 0; + so->so_page_size = 0; + } + so->so_nentries = 0; + + op->o_callback = cb; + } + } else { + if ( ps && !ps->ps_size ) { + free_sort_op( op->o_conn, so ); + rs->sr_err = LDAP_SUCCESS; + } else { + rs->sr_text = "Other sort requests already in progress"; + rs->sr_err = LDAP_BUSY; + } +leave: + rc = rs->sr_err; + send_ldap_result( op, rs ); + } + + return rc; +} + +static int get_ordering_rule( + AttributeDescription *ad, + struct berval *matchrule, + SlapReply *rs, + MatchingRule **ordering ) +{ + MatchingRule* mr; + + if ( matchrule && matchrule->bv_val ) { + mr = mr_find( matchrule->bv_val ); + if ( mr == NULL ) { + rs->sr_err = LDAP_INAPPROPRIATE_MATCHING; + rs->sr_text = "serverSort control: No ordering rule"; + Debug(LDAP_DEBUG_TRACE, "%s: no ordering rule function for %s\n", + debug_header, matchrule->bv_val, 0); + } + } + else { + mr = ad->ad_type->sat_ordering; + if ( mr == NULL ) { + rs->sr_err = LDAP_INAPPROPRIATE_MATCHING; + rs->sr_text = "serverSort control: No ordering rule"; + Debug(LDAP_DEBUG_TRACE, + "%s: no ordering rule specified and no default ordering rule for attribute %s\n", + debug_header, ad->ad_cname.bv_val, 0); + } + } + + *ordering = mr; + return rs->sr_err; +} + +static int count_key(BerElement *ber) +{ + char *end; + ber_len_t len; + ber_tag_t tag; + int count = 0; + + /* Server Side Sort Control is a SEQUENCE of SEQUENCE */ + for ( tag = ber_first_element( ber, &len, &end ); + tag == LBER_SEQUENCE; + tag = ber_next_element( ber, &len, end )) + { + tag = ber_skip_tag( ber, &len ); + ber_skip_data( ber, len ); + ++count; + } + ber_rewind( ber ); + + return count; +} + +static int build_key( + BerElement *ber, + SlapReply *rs, + sort_key *key ) +{ + struct berval attr; + struct berval matchrule = BER_BVNULL; + ber_int_t reverse = 0; + ber_tag_t tag; + ber_len_t len; + MatchingRule *ordering = NULL; + AttributeDescription *ad = NULL; + const char *text; + + if (( tag = ber_scanf( ber, "{" )) == LBER_ERROR ) { + rs->sr_text = "serverSort control: decoding error"; + rs->sr_err = LDAP_PROTOCOL_ERROR; + return rs->sr_err; + } + + if (( tag = ber_scanf( ber, "m", &attr )) == LBER_ERROR ) { + rs->sr_text = "serverSort control: attribute decoding error"; + rs->sr_err = LDAP_PROTOCOL_ERROR; + return rs->sr_err; + } + + tag = ber_peek_tag( ber, &len ); + if ( tag == LDAP_MATCHRULE_IDENTIFIER ) { + if (( tag = ber_scanf( ber, "m", &matchrule )) == LBER_ERROR ) { + rs->sr_text = "serverSort control: matchrule decoding error"; + rs->sr_err = LDAP_PROTOCOL_ERROR; + return rs->sr_err; + } + tag = ber_peek_tag( ber, &len ); + } + + if ( tag == LDAP_REVERSEORDER_IDENTIFIER ) { + if (( tag = ber_scanf( ber, "b", &reverse )) == LBER_ERROR ) { + rs->sr_text = "serverSort control: reverse decoding error"; + rs->sr_err = LDAP_PROTOCOL_ERROR; + return rs->sr_err; + } + } + + if (( tag = ber_scanf( ber, "}" )) == LBER_ERROR ) { + rs->sr_text = "serverSort control: decoding error"; + rs->sr_err = LDAP_PROTOCOL_ERROR; + return rs->sr_err; + } + + if ( slap_bv2ad( &attr, &ad, &text ) != LDAP_SUCCESS ) { + rs->sr_text = + "serverSort control: Unrecognized attribute type in sort key"; + Debug(LDAP_DEBUG_TRACE, + "%s: Unrecognized attribute type in sort key: %s\n", + debug_header, SAFESTR(attr.bv_val, ""), 0); + rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE; + return rs->sr_err; + } + + /* get_ordering_rule will set sr_err and sr_text */ + get_ordering_rule( ad, &matchrule, rs, &ordering ); + if ( rs->sr_err != LDAP_SUCCESS ) { + return rs->sr_err; + } + + key->sk_ad = ad; + key->sk_ordering = ordering; + key->sk_direction = reverse ? -1 : 1; + + return rs->sr_err; +} + +static int sss_parseCtrl( + Operation *op, + SlapReply *rs, + LDAPControl *ctrl ) +{ + BerElementBuffer berbuf; + BerElement *ber; + ber_tag_t tag; + ber_len_t len; + int i; + sort_ctrl *sc; + + rs->sr_err = LDAP_PROTOCOL_ERROR; + + if ( op->o_ctrlflag[sss_cid] > SLAP_CONTROL_IGNORED ) { + rs->sr_text = "sorted results control specified multiple times"; + } else if ( BER_BVISNULL( &ctrl->ldctl_value ) ) { + rs->sr_text = "sorted results control value is absent"; + } else if ( BER_BVISEMPTY( &ctrl->ldctl_value ) ) { + rs->sr_text = "sorted results control value is empty"; + } else { + rs->sr_err = LDAP_SUCCESS; + } + if ( rs->sr_err != LDAP_SUCCESS ) + return rs->sr_err; + + op->o_ctrlflag[sss_cid] = ctrl->ldctl_iscritical ? + SLAP_CONTROL_CRITICAL : SLAP_CONTROL_NONCRITICAL; + + ber = (BerElement *)&berbuf; + ber_init2( ber, &ctrl->ldctl_value, 0 ); + i = count_key( ber ); + + sc = op->o_tmpalloc( sizeof(sort_ctrl) + + i * sizeof(sort_key), op->o_tmpmemctx ); + sc->sc_nkeys = i; + op->o_controls[sss_cid] = sc; + + /* peel off initial sequence */ + ber_scanf( ber, "{" ); + + i = 0; + do { + if ( build_key( ber, rs, &sc->sc_keys[i] ) != LDAP_SUCCESS ) + break; + i++; + tag = ber_peek_tag( ber, &len ); + } while ( tag != LBER_DEFAULT ); + + return rs->sr_err; +} + +static int vlv_parseCtrl( + Operation *op, + SlapReply *rs, + LDAPControl *ctrl ) +{ + BerElementBuffer berbuf; + BerElement *ber; + ber_tag_t tag; + ber_len_t len; + int i; + vlv_ctrl *vc, vc2; + + rs->sr_err = LDAP_PROTOCOL_ERROR; + rs->sr_text = NULL; + + if ( op->o_ctrlflag[vlv_cid] > SLAP_CONTROL_IGNORED ) { + rs->sr_text = "vlv control specified multiple times"; + } else if ( BER_BVISNULL( &ctrl->ldctl_value ) ) { + rs->sr_text = "vlv control value is absent"; + } else if ( BER_BVISEMPTY( &ctrl->ldctl_value ) ) { + rs->sr_text = "vlv control value is empty"; + } + if ( rs->sr_text != NULL ) + return rs->sr_err; + + op->o_ctrlflag[vlv_cid] = ctrl->ldctl_iscritical ? + SLAP_CONTROL_CRITICAL : SLAP_CONTROL_NONCRITICAL; + + ber = (BerElement *)&berbuf; + ber_init2( ber, &ctrl->ldctl_value, 0 ); + + rs->sr_err = LDAP_PROTOCOL_ERROR; + + tag = ber_scanf( ber, "{ii", &vc2.vc_before, &vc2.vc_after ); + if ( tag == LBER_ERROR ) { + return rs->sr_err; + } + + tag = ber_peek_tag( ber, &len ); + if ( tag == LDAP_VLVBYINDEX_IDENTIFIER ) { + tag = ber_scanf( ber, "ii", &vc2.vc_offset, &vc2.vc_count ); + if ( tag == LBER_ERROR ) + return rs->sr_err; + BER_BVZERO( &vc2.vc_value ); + } else if ( tag == LDAP_VLVBYVALUE_IDENTIFIER ) { + tag = ber_scanf( ber, "m", &vc2.vc_value ); + if ( tag == LBER_ERROR || BER_BVISNULL( &vc2.vc_value )) + return rs->sr_err; + } else { + return rs->sr_err; + } + tag = ber_peek_tag( ber, &len ); + if ( tag == LDAP_VLVCONTEXT_IDENTIFIER ) { + struct berval bv; + tag = ber_scanf( ber, "m", &bv ); + if ( tag == LBER_ERROR || bv.bv_len != sizeof(vc2.vc_context)) + return rs->sr_err; + AC_MEMCPY( &vc2.vc_context, bv.bv_val, bv.bv_len ); + } else { + vc2.vc_context = 0; + } + + vc = op->o_tmpalloc( sizeof(vlv_ctrl), op->o_tmpmemctx ); + *vc = vc2; + op->o_controls[vlv_cid] = vc; + rs->sr_err = LDAP_SUCCESS; + + return rs->sr_err; +} + +static int sssvlv_connection_destroy( BackendDB *be, Connection *conn ) +{ + slap_overinst *on = (slap_overinst *)be->bd_info; + + if ( sort_conns[conn->c_conn_idx] ) + free_sort_op( conn, sort_conns[conn->c_conn_idx] ); + + return LDAP_SUCCESS; +} + +static int sssvlv_db_open( + BackendDB *be, + ConfigReply *cr ) +{ + int rc = overlay_register_control( be, LDAP_CONTROL_SORTREQUEST ); + if ( rc == LDAP_SUCCESS ) + rc = overlay_register_control( be, LDAP_CONTROL_VLVREQUEST ); + return rc; +} + +static int sssvlv_db_init( + BackendDB *be, + ConfigReply *cr) +{ + slap_overinst *on = (slap_overinst *)be->bd_info; + sssvlv_info *si; + + si = (sssvlv_info *)ch_malloc(sizeof(sssvlv_info)); + on->on_bi.bi_private = si; + + si->svi_max = 5; + si->svi_num = 0; + si->svi_max_keys = 5; + + if ( dtblsize && !sort_conns ) { + ldap_pvt_thread_mutex_init( &sort_conns_mutex ); + /* accommodate for c_conn_idx == -1 */ + sort_conns = ch_calloc( sizeof(sort_op *), dtblsize + 1 ); + sort_conns++; + } + + return LDAP_SUCCESS; +} + +static int sssvlv_db_destroy( + BackendDB *be, + ConfigReply *cr ) +{ + slap_overinst *on = (slap_overinst *)be->bd_info; + sssvlv_info *si = (sssvlv_info *)on->on_bi.bi_private; + + if ( si ) { + ch_free( si ); + on->on_bi.bi_private = NULL; + } + return LDAP_SUCCESS; +} + +static slap_overinst sssvlv; + +int sssvlv_initialize() +{ + int rc; + + sssvlv.on_bi.bi_type = "sssvlv"; + sssvlv.on_bi.bi_db_init = sssvlv_db_init; + sssvlv.on_bi.bi_db_destroy = sssvlv_db_destroy; + sssvlv.on_bi.bi_db_open = sssvlv_db_open; + sssvlv.on_bi.bi_connection_destroy = sssvlv_connection_destroy; + sssvlv.on_bi.bi_op_search = sssvlv_op_search; + + rc = register_supported_control2( LDAP_CONTROL_SORTREQUEST, + SLAP_CTRL_SEARCH, + NULL, + sss_parseCtrl, + 1 /* replace */, + &sss_cid ); + + if ( rc == LDAP_SUCCESS ) { + rc = register_supported_control2( LDAP_CONTROL_VLVREQUEST, + SLAP_CTRL_SEARCH, + NULL, + vlv_parseCtrl, + 1 /* replace */, + &vlv_cid ); + } + + if ( rc == LDAP_SUCCESS ) { + rc = overlay_register( &sssvlv ); + if ( rc != LDAP_SUCCESS ) { + fprintf( stderr, "Failed to register server side sort overlay\n" ); + } + } + else { + fprintf( stderr, "Failed to register control %d\n", rc ); + } + + return rc; +} + +#if SLAPD_OVER_SSSVLV == SLAPD_MOD_DYNAMIC +int init_module( int argc, char *argv[]) +{ + return sssvlv_initialize(); +} +#endif + +#endif /* SLAPD_OVER_SSSVLV */