mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2024-12-21 03:10:25 +08:00
Code Issues Packages Projects Releases Wiki Activity
95991161c6
openldap/servers/slapd/mods.c
Howard Chu 5ad51b6150 SLAP_NVALUES tweaks - after input, a_nvals is always populated. If there is 
no normalizer, a_nvals = a_vals.
2003-03-24 01:56:56 +00:00

818 lines
19 KiB
C
Raw Blame History

/*
* Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
/*
* Copyright (c) 1995 Regents of the University of Michigan.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and that due credit is given
* to the University of Michigan at Ann Arbor. The name of the University
* may not be used to endorse or promote products derived from this
* software without specific prior written permission. This software
* is provided ``as is'' without express or implied warranty.
*/
#include "portable.h"
#include "slap.h"
int
modify_check_duplicates(
AttributeDescription *ad,
MatchingRule *mr,
BerVarray vals,
BerVarray mods,
int permissive,
const char **text,
char *textbuf, size_t textlen )
{
int i, j, numvals = 0, nummods,
rc = LDAP_SUCCESS, matched;
#ifdef SLAP_NVALUES
/* this function is no longer used */
#else
BerVarray nvals = NULL, nmods = NULL;
/*
* FIXME: better do the following
*
* - count the existing values
* - count the new values
*
* - if the existing values are less than the new ones {
* - normalize all the existing values
* - for each new value {
* - normalize
* - check with existing
* - cross-check with already normalized new vals
* }
* } else {
* - for each new value {
* - normalize
* - cross-check with already normalized new vals
* }
* - for each existing value {
* - normalize
* - check with already normalized new values
* }
* }
*
* The first case is good when adding a lot of new values,
* and significantly at first import of values (e.g. adding
* a new group); the latter case seems to be quite important
* as well, because it is likely to be the most frequently
* used when administering the entry. The current
* implementation will always normalize all the existing
* values before checking. If there's no duplicate, the
* performances should not change; they will in case of error.
*/
for ( nummods = 0; mods[ nummods ].bv_val != NULL; nummods++ )
/* count new values */ ;
if ( vals ) {
for ( numvals = 0; vals[ numvals ].bv_val != NULL; numvals++ )
/* count existing values */ ;
if ( numvals < nummods ) {
nvals = SLAP_CALLOC( numvals + 1, sizeof( struct berval ) );
if( nvals == NULL ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ERR,
"modify_check_duplicates: SLAP_CALLOC failed", 0, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY,
"modify_check_duplicates: SLAP_CALLOC failed", 0, 0, 0 );
#endif
goto return_results;
}
/* normalize the existing values first */
for ( j = 0; vals[ j ].bv_val != NULL; j++ ) {
rc = value_normalize( ad, SLAP_MR_EQUALITY,
&vals[ j ], &nvals[ j ], text );
/* existing attribute values must normalize */
assert( rc == LDAP_SUCCESS );
if ( rc != LDAP_SUCCESS ) {
nvals[ j ].bv_val = NULL;
goto return_results;
}
}
nvals[ j ].bv_val = NULL;
}
}
/*
* If the existing values are less than the new values,
* it is more convenient to normalize all the existing
* values and test each new value against them first,
* then to other already normalized values
*/
nmods = SLAP_CALLOC( nummods + 1, sizeof( struct berval ) );
if ( nmods == NULL ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ERR,
"modify_check_duplicates: SLAP_CALLOC failed", 0, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY,
"modify_check_duplicates: SLAP_CALLOC failed", 0, 0, 0 );
#endif
goto return_results;
}
for ( i=0; mods[i].bv_val != NULL; i++ ) {
rc = value_normalize( ad, SLAP_MR_EQUALITY,
&mods[i], &nmods[i], text );
if ( rc != LDAP_SUCCESS ) {
nmods[i].bv_val = NULL;
goto return_results;
}
if ( numvals > 0 && numvals < nummods ) {
for ( matched=0, j=0; nvals[j].bv_val; j++ ) {
int match;
rc = (*mr->smr_match)( &match,
SLAP_MR_ATTRIBUTE_SYNTAX_MATCH,
ad->ad_type->sat_syntax,
mr, &nmods[ i ], &nvals[ j ] );
if ( rc != LDAP_SUCCESS ) {
nmods[ i + 1 ].bv_val = NULL;
*text = textbuf;
snprintf( textbuf, textlen,
"%s: matching rule failed",
ad->ad_cname.bv_val );
goto return_results;
}
if ( match == 0 ) {
if ( permissive ) {
matched++;
continue;
}
*text = textbuf;
snprintf( textbuf, textlen,
"%s: value #%d provided more than once",
ad->ad_cname.bv_val, i );
rc = LDAP_TYPE_OR_VALUE_EXISTS;
nmods[ i + 1 ].bv_val = NULL;
goto return_results;
}
}
if ( permissive && matched == j ) {
nmods[ i + 1 ].bv_val = NULL;
rc = LDAP_TYPE_OR_VALUE_EXISTS;
goto return_results;
}
}
for ( matched = 0, j = 0; j < i; j++ ) {
int match;
rc = (*mr->smr_match)( &match,
SLAP_MR_ATTRIBUTE_SYNTAX_MATCH,
ad->ad_type->sat_syntax,
mr, &nmods[ i ], &nmods[ j ] );
if ( rc != LDAP_SUCCESS ) {
nmods[ i + 1 ].bv_val = NULL;
*text = textbuf;
snprintf( textbuf, textlen,
"%s: matching rule failed",
ad->ad_cname.bv_val );
goto return_results;
}
if ( match == 0 ) {
if ( permissive ) {
matched++;
continue;
}
*text = textbuf;
snprintf( textbuf, textlen,
"%s: value #%d provided more than once",
ad->ad_cname.bv_val, j );
rc = LDAP_TYPE_OR_VALUE_EXISTS;
nmods[ i + 1 ].bv_val = NULL;
goto return_results;
}
}
if ( permissive && matched == j ) {
nmods[ i + 1 ].bv_val = NULL;
rc = LDAP_TYPE_OR_VALUE_EXISTS;
goto return_results;
}
}
nmods[ i ].bv_val = NULL;
/*
* if new values are more than existing values, it is more
* convenient to normalize and check all new values first,
* then check each new value against existing values, which
* can be normalized in place
*/
if ( numvals >= nummods ) {
for ( j = 0; vals[ j ].bv_val; j++ ) {
struct berval asserted;
rc = value_normalize( ad, SLAP_MR_EQUALITY,
&vals[ j ], &asserted, text );
if ( rc != LDAP_SUCCESS ) {
goto return_results;
}
for ( matched = 0, i = 0; nmods[ i ].bv_val; i++ ) {
int match;
rc = (*mr->smr_match)( &match,
SLAP_MR_ATTRIBUTE_SYNTAX_MATCH,
ad->ad_type->sat_syntax,
mr, &nmods[ i ], &asserted );
if ( rc != LDAP_SUCCESS ) {
*text = textbuf;
snprintf( textbuf, textlen,
"%s: matching rule failed",
ad->ad_cname.bv_val );
goto return_results;
}
if ( match == 0 ) {
if ( permissive ) {
matched++;
continue;
}
*text = textbuf;
snprintf( textbuf, textlen,
"%s: value #%d provided more than once",
ad->ad_cname.bv_val, j );
rc = LDAP_TYPE_OR_VALUE_EXISTS;
goto return_results;
}
}
if ( permissive && matched == i ) {
rc = LDAP_TYPE_OR_VALUE_EXISTS;
goto return_results;
}
}
}
return_results:;
if ( nvals ) {
ber_bvarray_free( nvals );
}
if ( nmods ) {
ber_bvarray_free( nmods );
}
#endif
return rc;
}
int
modify_add_values(
Entry *e,
Modification *mod,
int permissive,
const char **text,
char *textbuf, size_t textlen
)
{
int i, j;
int matched;
Attribute *a;
MatchingRule *mr = mod->sm_desc->ad_type->sat_equality;
const char *op;
switch( mod->sm_op ) {
case LDAP_MOD_ADD:
op = "add";
break;
case LDAP_MOD_REPLACE:
op = "replace";
break;
default:
op = "?";
assert( 0 );
}
a = attr_find( e->e_attrs, mod->sm_desc );
/*
* With permissive set, as long as the attribute being added
* has the same value(s?) as the existing attribute, then the
* modify will succeed.
*/
/* check if the values we're adding already exist */
if( mr == NULL || !mr->smr_match ) {
if ( a != NULL ) {
/* do not allow add of additional attribute
if no equality rule exists */
*text = textbuf;
snprintf( textbuf, textlen,
"modify/%s: %s: no equality matching rule",
op, mod->sm_desc->ad_cname.bv_val );
return LDAP_INAPPROPRIATE_MATCHING;
}
for ( i = 0; mod->sm_bvalues[i].bv_val != NULL; i++ ) {
/* test asserted values against existing values */
if( a ) {
for( matched = 0, j = 0; a->a_vals[j].bv_val != NULL; j++ ) {
if ( bvmatch( &mod->sm_bvalues[i], &a->a_vals[j] ) ) {
if ( permissive ) {
matched++;
continue;
}
/* value exists already */
*text = textbuf;
snprintf( textbuf, textlen,
"modify/%s: %s: value #%i already exists",
op, mod->sm_desc->ad_cname.bv_val, j );
return LDAP_TYPE_OR_VALUE_EXISTS;
}
}
if ( permissive && matched == j ) {
/* values already exist; do nothing */
return LDAP_SUCCESS;
}
}
/* test asserted values against themselves */
for( j = 0; j < i; j++ ) {
if ( bvmatch( &mod->sm_bvalues[i], &mod->sm_bvalues[j] ) ) {
/* value exists already */
*text = textbuf;
snprintf( textbuf, textlen,
"modify/%s: %s: value #%i already exists",
op, mod->sm_desc->ad_cname.bv_val, j );
return LDAP_TYPE_OR_VALUE_EXISTS;
}
}
}
} else {
#ifdef SLAP_NVALUES
/* no normalization is done in this routine nor
* in the matching routines called by this routine.
* values are now normalized once on input to the
* server (whether from LDAP or from the underlying
* database).
* This should outperform the old code. No numbers
* are available yet.
*/
#else
/*
* The original code performs ( n ) normalizations
* and ( n * ( n - 1 ) / 2 ) matches, which hide
* the same number of normalizations. The new code
* performs the same number of normalizations ( n )
* and ( n * ( n - 1 ) / 2 ) mem compares, far less
* expensive than an entire match, if a match is
* equivalent to a normalization and a mem compare ...
*
* This is far more memory expensive than the previous,
* but it can heavily improve performances when big
* chunks of data are added (typical example is a group
* with thousands of DN-syntax members; on my system:
* for members of 5-RDN DNs,
members orig bvmatch (dirty) new
1000 0m38.456s 0m0.553s 0m0.608s
2000 2m33.341s 0m0.851s 0m1.003s
* Moreover, 100 groups with 10000 members each were
* added in 37m27.933s (an analogous LDIF file was
* loaded into Active Directory in 38m28.682s, BTW).
*
* Maybe we could switch to the new algorithm when
* the number of values overcomes a given threshold?
*/
#endif
int rc;
if ( mod->sm_bvalues[1].bv_val == 0 ) {
if ( a != NULL ) {
int i;
#ifndef SLAP_NVALUES
struct berval asserted;
rc = value_normalize( mod->sm_desc, SLAP_MR_EQUALITY,
&mod->sm_bvalues[ 0 ], &asserted, text );
if ( rc != LDAP_SUCCESS ) {
return rc;
}
#endif
for ( matched = 0, i = 0; a->a_vals[ i ].bv_val; i++ ) {
int match;
#ifdef SLAP_NVALUES
if( mod->sm_nvalues ) {
rc = value_match( &match, mod->sm_desc, mr,
SLAP_MR_EQUALITY
| SLAP_MR_VALUE_OF_ASSERTION_SYNTAX
| SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH
| SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH,
&a->a_nvals[i],
&mod->sm_nvalues[0],
text );
} else {
rc = value_match( &match, mod->sm_desc, mr,
SLAP_MR_EQUALITY
| SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
&a->a_vals[i],
&mod->sm_values[0],
text );
}
#else
rc = value_match( &match, mod->sm_desc, mr,
SLAP_MR_ATTRIBUTE_SYNTAX_MATCH,
&a->a_vals[i],
&asserted,
text );
#endif
if( rc == LDAP_SUCCESS && match == 0 ) {
if ( permissive ) {
matched++;
continue;
}
#ifndef SLAP_NVALUES
free( asserted.bv_val );
#endif
*text = textbuf;
snprintf( textbuf, textlen,
"modify/%s: %s: value #0 already exists",
op, mod->sm_desc->ad_cname.bv_val, 0 );
return LDAP_TYPE_OR_VALUE_EXISTS;
}
}
#ifndef SLAP_NVALUES
free( asserted.bv_val );
#endif
if ( permissive && matched == i ) {
/* values already exist; do nothing */
return LDAP_SUCCESS;
}
}
} else {
rc = modify_check_duplicates( mod->sm_desc, mr,
a ? a->a_vals : NULL, mod->sm_bvalues,
permissive, text, textbuf, textlen );
if ( permissive && rc == LDAP_TYPE_OR_VALUE_EXISTS ) {
return LDAP_SUCCESS;
}
if ( rc != LDAP_SUCCESS ) {
return rc;
}
}
}
/* no - add them */
#ifdef SLAP_NVALUES
if( attr_merge( e, mod->sm_desc, mod->sm_values, mod->sm_nvalues ) != 0 )
#else
if( attr_merge( e, mod->sm_desc, mod->sm_bvalues ) != 0 )
#endif
{
/* this should return result of attr_merge */
*text = textbuf;
snprintf( textbuf, textlen,
"modify/%s: %s: merge error",
op, mod->sm_desc->ad_cname.bv_val );
return LDAP_OTHER;
}
return LDAP_SUCCESS;
}
int
modify_delete_values(
Entry *e,
Modification *mod,
int permissive,
const char **text,
char *textbuf, size_t textlen
)
{
int i, j, k, rc = LDAP_SUCCESS;
Attribute *a;
MatchingRule *mr = mod->sm_desc->ad_type->sat_equality;
#ifndef SLAP_NVALUES
BerVarray nvals = NULL;
#endif
char dummy = '\0';
/*
* If permissive is set, then the non-existence of an
* attribute is not treated as an error.
*/
/* delete the entire attribute */
if ( mod->sm_bvalues == NULL ) {
rc = attr_delete( &e->e_attrs, mod->sm_desc );
if( permissive ) {
rc = LDAP_SUCCESS;
} else if( rc != LDAP_SUCCESS ) {
*text = textbuf;
snprintf( textbuf, textlen,
"modify/delete: %s: no such attribute",
mod->sm_desc->ad_cname.bv_val );
rc = LDAP_NO_SUCH_ATTRIBUTE;
}
return rc;
}
if( mr == NULL || !mr->smr_match ) {
/* disallow specific attributes from being deleted if
no equality rule */
*text = textbuf;
snprintf( textbuf, textlen,
"modify/delete: %s: no equality matching rule",
mod->sm_desc->ad_cname.bv_val );
return LDAP_INAPPROPRIATE_MATCHING;
}
/* delete specific values - find the attribute first */
if ( (a = attr_find( e->e_attrs, mod->sm_desc )) == NULL ) {
if( permissive ) {
return LDAP_SUCCESS;
}
*text = textbuf;
snprintf( textbuf, textlen,
"modify/delete: %s: no such attribute",
mod->sm_desc->ad_cname.bv_val );
return LDAP_NO_SUCH_ATTRIBUTE;
}
#ifndef SLAP_NVALUES
/* find each value to delete */
for ( j = 0; a->a_vals[ j ].bv_val != NULL; j++ )
/* count existing values */ ;
nvals = (BerVarray)SLAP_CALLOC( j + 1, sizeof ( struct berval ) );
if( nvals == NULL ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ERR,
"modify_delete_values: SLAP_CALLOC failed", 0, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY,
"modify_delete_values: SLAP_CALLOC failed", 0, 0, 0 );
#endif
goto return_results;
}
/* normalize existing values */
for ( j = 0; a->a_vals[ j ].bv_val != NULL; j++ ) {
rc = value_normalize( a->a_desc, SLAP_MR_EQUALITY,
&a->a_vals[ j ], &nvals[ j ], text );
if ( rc != LDAP_SUCCESS ) {
nvals[ j ].bv_val = NULL;
goto return_results;
}
}
#endif
for ( i = 0; mod->sm_values[i].bv_val != NULL; i++ ) {
int found = 0;
#ifndef SLAP_NVALUES
struct berval asserted;
/* normalize the value to be deleted */
rc = value_normalize( mod->sm_desc, SLAP_MR_EQUALITY,
&mod->sm_bvalues[ i ], &asserted, text );
if( rc != LDAP_SUCCESS ) {
goto return_results;
}
/* search it */
for ( j = 0; nvals[ j ].bv_val != NULL; j++ )
#else
for ( j = 0; a->a_vals[j].bv_val != NULL; j++ )
#endif
{
int match;
#ifndef SLAP_NVALUES
if ( nvals[j].bv_val == &dummy ) {
continue;
}
#endif
#ifdef SLAP_NVALUES
if( mod->sm_nvalues ) {
assert( a->a_nvals );
rc = (*mr->smr_match)( &match,
SLAP_MR_VALUE_OF_ASSERTION_SYNTAX
| SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH
| SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH,
a->a_desc->ad_type->sat_syntax,
mr, &a->a_nvals[j],
&mod->sm_nvalues[i] );
} else {
#if 0
assert( a->a_nvals == NULL );
#endif
rc = (*mr->smr_match)( &match,
SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
a->a_desc->ad_type->sat_syntax,
mr, &a->a_vals[j],
&mod->sm_values[i] );
}
#else
rc = (*mr->smr_match)( &match,
SLAP_MR_ATTRIBUTE_SYNTAX_MATCH,
a->a_desc->ad_type->sat_syntax,
mr, &nvals[ j ],
&asserted );
#endif
if ( rc != LDAP_SUCCESS ) {
#ifndef SLAP_NVALUES
free( asserted.bv_val );
#endif
*text = textbuf;
snprintf( textbuf, textlen,
"%s: matching rule failed",
mod->sm_desc->ad_cname.bv_val );
goto return_results;
}
if ( match != 0 ) {
continue;
}
found = 1;
/* delete value and mark it as dummy */
#ifdef SLAP_NVALUES
free( a->a_vals[j].bv_val );
a->a_vals[j].bv_val = &dummy;
if( a->a_nvals != a->a_vals ) {
free( a->a_nvals[j].bv_val );
a->a_nvals[j].bv_val = &dummy;
}
#else
free( nvals[ j ].bv_val );
nvals[ j ].bv_val = &dummy;
#endif
break;
}
#ifndef SLAP_NVALUES
free( asserted.bv_val );
#endif
if ( found == 0 ) {
*text = textbuf;
snprintf( textbuf, textlen,
"modify/delete: %s: no such value",
mod->sm_desc->ad_cname.bv_val );
rc = LDAP_NO_SUCH_ATTRIBUTE;
goto return_results;
}
}
/* compact array skipping dummies */
#ifdef SLAP_NVALUES
for ( k = 0, j = 0; a->a_vals[k].bv_val != NULL; k++ )
#else
for ( k = 0, j = 0; nvals[k].bv_val != NULL; j++, k++ )
#endif
{
#ifdef SLAP_NVALUES
/* skip dummies */
if( a->a_vals[k].bv_val == &dummy ) {
assert( a->a_nvals == NULL || a->a_nvals[k].bv_val == &dummy );
continue;
}
#else
/* delete and skip dummies */ ;
for ( ; nvals[ k ].bv_val == &dummy; k++ ) {
free( a->a_vals[ k ].bv_val );
}
#endif
if ( j != k ) {
a->a_vals[ j ] = a->a_vals[ k ];
#ifdef SLAP_NVALUES
if (a->a_nvals != a->a_vals) {
a->a_nvals[ j ] = a->a_nvals[ k ];
}
#endif
}
#ifndef SLAP_NVALUES
if ( a->a_vals[ k ].bv_val == NULL ) {
break;
}
#else
j++;
#endif
}
a->a_vals[j].bv_val = NULL;
#ifdef SLAP_NVALUES
if (a->a_nvals != a->a_vals) a->a_nvals[j].bv_val = NULL;
#else
assert( i == k - j );
#endif
/* if no values remain, delete the entire attribute */
if ( a->a_vals[0].bv_val == NULL ) {
if ( attr_delete( &e->e_attrs, mod->sm_desc ) ) {
*text = textbuf;
snprintf( textbuf, textlen,
"modify/delete: %s: no such attribute",
mod->sm_desc->ad_cname.bv_val );
rc = LDAP_NO_SUCH_ATTRIBUTE;
}
}
return_results:;
#ifndef SLAP_NVALUES
if ( nvals ) {
/* delete the remaining normalized values */
for ( j = 0; nvals[ j ].bv_val != NULL; j++ ) {
if ( nvals[ j ].bv_val != &dummy ) {
ber_memfree( nvals[ j ].bv_val );
}
}
ber_memfree( nvals );
}
#endif
return rc;
}
int
modify_replace_values(
Entry *e,
Modification *mod,
int permissive,
const char **text,
char *textbuf, size_t textlen
)
{
(void) attr_delete( &e->e_attrs, mod->sm_desc );
if ( mod->sm_bvalues ) {
return modify_add_values( e, mod, permissive, text, textbuf, textlen );
}
return LDAP_SUCCESS;
}
void
slap_mod_free(
Modification *mod,
int freeit
)
{
if ( mod->sm_values != NULL ) ber_bvarray_free( mod->sm_values );
mod->sm_values = NULL;
#ifdef SLAP_NVALUES
if ( mod->sm_nvalues != NULL ) ber_bvarray_free( mod->sm_nvalues );
mod->sm_nvalues = NULL;
#endif
if( freeit ) free( mod );
}
void
slap_mods_free(
Modifications *ml
)
{
Modifications *next;
for ( ; ml != NULL; ml = next ) {
next = ml->sml_next;
slap_mod_free( &ml->sml_mod, 0 );
free( ml );
}
}
Reference in New Issue View Git Blame Copy Permalink