mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
283 lines
6.5 KiB
C
283 lines
6.5 KiB
C
/* $OpenLDAP$ */
|
|
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
|
|
*
|
|
* Copyright 1999-2020 The OpenLDAP Foundation.
|
|
* Portions Copyright 2001-2003 Pierangelo Masarati.
|
|
* Portions Copyright 1999-2003 Howard Chu.
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted only as authorized by the OpenLDAP
|
|
* Public License.
|
|
*
|
|
* A copy of this license is available in the file LICENSE in the
|
|
* top-level directory of the distribution or, alternatively, at
|
|
* <http://www.OpenLDAP.org/license.html>.
|
|
*/
|
|
/* ACKNOWLEDGEMENTS:
|
|
* This work was initially developed by the Howard Chu for inclusion
|
|
* in OpenLDAP Software and subsequently enhanced by Pierangelo
|
|
* Masarati.
|
|
*/
|
|
|
|
#include "portable.h"
|
|
|
|
#include <stdio.h>
|
|
#include "ac/string.h"
|
|
|
|
#include "slap.h"
|
|
#include "../back-ldap/back-ldap.h"
|
|
#include "back-meta.h"
|
|
|
|
/*
|
|
* The meta-directory has one suffix, called <suffix>.
|
|
* It handles a pool of target servers, each with a branch suffix
|
|
* of the form <branch X>,<suffix>, where <branch X> may be empty.
|
|
*
|
|
* When the meta-directory receives a request with a request DN that belongs
|
|
* to a branch, the corresponding target is invoked. When the request DN
|
|
* does not belong to a specific branch, all the targets that
|
|
* are compatible with the request DN are selected as candidates, and
|
|
* the request is spawned to all the candidate targets
|
|
*
|
|
* A request is characterized by a request DN. The following cases are
|
|
* handled:
|
|
* - the request DN is the suffix: <dn> == <suffix>,
|
|
* all the targets are candidates (search ...)
|
|
* - the request DN is a branch suffix: <dn> == <branch X>,<suffix>, or
|
|
* - the request DN is a subtree of a branch suffix:
|
|
* <dn> == <rdn>,<branch X>,<suffix>,
|
|
* the target is the only candidate.
|
|
*
|
|
* A possible extension will include the handling of multiple suffixes
|
|
*/
|
|
|
|
static metasubtree_t *
|
|
meta_subtree_match( metatarget_t *mt, struct berval *ndn, int scope )
|
|
{
|
|
metasubtree_t *ms = mt->mt_subtree;
|
|
|
|
for ( ms = mt->mt_subtree; ms; ms = ms->ms_next ) {
|
|
switch ( ms->ms_type ) {
|
|
case META_ST_SUBTREE:
|
|
if ( dnIsSuffix( ndn, &ms->ms_dn ) ) {
|
|
return ms;
|
|
}
|
|
break;
|
|
|
|
case META_ST_SUBORDINATE:
|
|
if ( dnIsSuffix( ndn, &ms->ms_dn ) &&
|
|
( ndn->bv_len > ms->ms_dn.bv_len || scope != LDAP_SCOPE_BASE ) )
|
|
{
|
|
return ms;
|
|
}
|
|
break;
|
|
|
|
case META_ST_REGEX:
|
|
/* NOTE: cannot handle scope */
|
|
if ( regexec( &ms->ms_regex, ndn->bv_val, 0, NULL, 0 ) == 0 ) {
|
|
return ms;
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
|
|
return NULL;
|
|
}
|
|
|
|
/*
|
|
* returns 1 if suffix is candidate for dn, otherwise 0
|
|
*
|
|
* Note: this function should never be called if dn is the <suffix>.
|
|
*/
|
|
int
|
|
meta_back_is_candidate(
|
|
metatarget_t *mt,
|
|
struct berval *ndn,
|
|
int scope )
|
|
{
|
|
struct berval rdn;
|
|
int d = ndn->bv_len - mt->mt_nsuffix.bv_len;
|
|
|
|
if ( d >= 0 ) {
|
|
if ( !dnIsSuffix( ndn, &mt->mt_nsuffix ) ) {
|
|
return META_NOT_CANDIDATE;
|
|
}
|
|
|
|
/*
|
|
* | match | exclude |
|
|
* +---------+---------+-------------------+
|
|
* | T | T | not candidate |
|
|
* | F | T | continue checking |
|
|
* +---------+---------+-------------------+
|
|
* | T | F | candidate |
|
|
* | F | F | not candidate |
|
|
* +---------+---------+-------------------+
|
|
*/
|
|
|
|
if ( mt->mt_subtree ) {
|
|
int match = ( meta_subtree_match( mt, ndn, scope ) != NULL );
|
|
|
|
if ( !mt->mt_subtree_exclude ) {
|
|
return match ? META_CANDIDATE : META_NOT_CANDIDATE;
|
|
}
|
|
|
|
if ( match /* && mt->mt_subtree_exclude */ ) {
|
|
return META_NOT_CANDIDATE;
|
|
}
|
|
}
|
|
|
|
switch ( mt->mt_scope ) {
|
|
case LDAP_SCOPE_SUBTREE:
|
|
default:
|
|
return META_CANDIDATE;
|
|
|
|
case LDAP_SCOPE_SUBORDINATE:
|
|
if ( d > 0 ) {
|
|
return META_CANDIDATE;
|
|
}
|
|
break;
|
|
|
|
/* nearly useless; not allowed by config */
|
|
case LDAP_SCOPE_ONELEVEL:
|
|
if ( d > 0 ) {
|
|
rdn.bv_val = ndn->bv_val;
|
|
rdn.bv_len = (ber_len_t)d - STRLENOF( "," );
|
|
if ( dnIsOneLevelRDN( &rdn ) ) {
|
|
return META_CANDIDATE;
|
|
}
|
|
}
|
|
break;
|
|
|
|
/* nearly useless; not allowed by config */
|
|
case LDAP_SCOPE_BASE:
|
|
if ( d == 0 ) {
|
|
return META_CANDIDATE;
|
|
}
|
|
break;
|
|
}
|
|
|
|
} else /* if ( d < 0 ) */ {
|
|
if ( !dnIsSuffix( &mt->mt_nsuffix, ndn ) ) {
|
|
return META_NOT_CANDIDATE;
|
|
}
|
|
|
|
switch ( scope ) {
|
|
case LDAP_SCOPE_SUBTREE:
|
|
case LDAP_SCOPE_SUBORDINATE:
|
|
/*
|
|
* suffix longer than dn, but common part matches
|
|
*/
|
|
return META_CANDIDATE;
|
|
|
|
case LDAP_SCOPE_ONELEVEL:
|
|
rdn.bv_val = mt->mt_nsuffix.bv_val;
|
|
rdn.bv_len = (ber_len_t)(-d) - STRLENOF( "," );
|
|
if ( dnIsOneLevelRDN( &rdn ) ) {
|
|
return META_CANDIDATE;
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
|
|
return META_NOT_CANDIDATE;
|
|
}
|
|
|
|
/*
|
|
* meta_back_select_unique_candidate
|
|
*
|
|
* returns the index of the candidate in case it is unique, otherwise
|
|
* META_TARGET_NONE if none matches, or
|
|
* META_TARGET_MULTIPLE if more than one matches
|
|
* Note: ndn MUST be normalized.
|
|
*/
|
|
int
|
|
meta_back_select_unique_candidate(
|
|
metainfo_t *mi,
|
|
struct berval *ndn )
|
|
{
|
|
int i, candidate = META_TARGET_NONE;
|
|
|
|
for ( i = 0; i < mi->mi_ntargets; i++ ) {
|
|
metatarget_t *mt = mi->mi_targets[ i ];
|
|
|
|
if ( meta_back_is_candidate( mt, ndn, LDAP_SCOPE_BASE ) ) {
|
|
if ( candidate == META_TARGET_NONE ) {
|
|
candidate = i;
|
|
|
|
} else {
|
|
return META_TARGET_MULTIPLE;
|
|
}
|
|
}
|
|
}
|
|
|
|
return candidate;
|
|
}
|
|
|
|
/*
|
|
* meta_clear_unused_candidates
|
|
*
|
|
* clears all candidates except candidate
|
|
*/
|
|
int
|
|
meta_clear_unused_candidates(
|
|
Operation *op,
|
|
int candidate )
|
|
{
|
|
metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
|
|
int i;
|
|
SlapReply *candidates = meta_back_candidates_get( op );
|
|
|
|
for ( i = 0; i < mi->mi_ntargets; ++i ) {
|
|
if ( i == candidate ) {
|
|
continue;
|
|
}
|
|
META_CANDIDATE_RESET( &candidates[ i ] );
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* meta_clear_one_candidate
|
|
*
|
|
* clears the selected candidate
|
|
*/
|
|
int
|
|
meta_clear_one_candidate(
|
|
Operation *op,
|
|
metaconn_t *mc,
|
|
int candidate )
|
|
{
|
|
metasingleconn_t *msc = &mc->mc_conns[ candidate ];
|
|
|
|
if ( msc->msc_ld != NULL ) {
|
|
|
|
#ifdef DEBUG_205
|
|
Debug(LDAP_DEBUG_ANY,
|
|
"### %s meta_clear_one_candidate ldap_unbind_ext[%d] mc=%p ld=%p\n",
|
|
op ? op->o_log_prefix : "", candidate, (void *)mc,
|
|
(void *)msc->msc_ld );
|
|
#endif /* DEBUG_205 */
|
|
|
|
ldap_unbind_ext( msc->msc_ld, NULL, NULL );
|
|
msc->msc_ld = NULL;
|
|
}
|
|
|
|
if ( !BER_BVISNULL( &msc->msc_bound_ndn ) ) {
|
|
ber_memfree_x( msc->msc_bound_ndn.bv_val, NULL );
|
|
BER_BVZERO( &msc->msc_bound_ndn );
|
|
}
|
|
|
|
if ( !BER_BVISNULL( &msc->msc_cred ) ) {
|
|
memset( msc->msc_cred.bv_val, 0, msc->msc_cred.bv_len );
|
|
ber_memfree_x( msc->msc_cred.bv_val, NULL );
|
|
BER_BVZERO( &msc->msc_cred );
|
|
}
|
|
|
|
msc->msc_mscflags = 0;
|
|
|
|
return 0;
|
|
}
|
|
|