diff --git a/CHANGES b/CHANGES
index 1206b77ddc360a09b44cb9086477b7f94884f5c4..22a787a3d9f8482ac92c81a143e062c1920c0653 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,18 @@ OpenLDAP Change Log
Changes included in OpenLDAP Stable
CVS Tag: OPENLDAP_STABLE
+ Updated README, INSTALL files
+ Updated Linux platform defaults
+ Updated FreeBSD 2 & 3 platform defaults
+ Added SCHED_YIELD_MISSING flag
+ Added LDAP_ALLOW_NULL_SEARCH_BASE flag
+ Added core removal to tests/Make-template
+ Fixed slapd/acl debug trace problem
+ Fixed ud/auth.c bound_dn problem
+ Fixed back-ldbm/idl.c CLDAP include <sys/socket.h> problem.
+ Fixed Makefile $(CC) problem
+ Fixed LIBEXEC/SBIN creation problem
+ Fixed gmake RUNDIR not defaulting problem
Changes included in OpenLDAP Stable
CVS Tag: OPENLDAP_STABLE_980929
diff --git a/INSTALL b/INSTALL
index 191693492b6bb5d8194f61cf46a8be780710500d..39eeaef1605dfc246d5e2ef84de84507e0353ace 100644
--- a/INSTALL
+++ b/INSTALL
@@ -12,7 +12,7 @@ these steps:
1. untar the distribution and cd to the top:
- % tar xfz ldap-stable.tgz
+ % tar xfz openldap-VERSION.tgz
% cd ldap
If you are reading this file, you probably have already done this!
diff --git a/clients/ud/string_to_key.c b/clients/ud/string_to_key.c
index 1d6649c0645a457de92c20b471dbcb7c220d340f..f1adfa8f0adafd7a2dde41d93bdd31bf30ef4cbe 100644
--- a/clients/ud/string_to_key.c
+++ b/clients/ud/string_to_key.c
@@ -1,7 +1,7 @@
-#ifdef KERBEROS
+#if defined(KERBEROS) && !defined(openbsd)
/*
- * $Source: /usr/local/src/ldap/clients/ud/RCS/string_to_key.c,v $
- * $Author: lsloan $
+ * $Source: /repo/OpenLDAP/pkg/ldap/clients/ud/string_to_key.c,v $
+ * $Author: kurt $
*
* Copyright 1985, 1986, 1987, 1988, 1989 by the Massachusetts Institute
* of Technology.
@@ -24,18 +24,24 @@
* spm 8/85 MIT project athena
*/
-#ifndef lint
-static char rcsid_string_to_key_c[] =
-"$Id: string_to_key.c,v 1.5 1995/11/09 20:29:55 lsloan Exp $";
-#endif
-
+#ifdef KERBEROS_V
+#include <kerberosIV/mit-copyright.h>
+#include <kerberosIV/des.h>
+#else
#include <mit-copyright.h>
-#include <stdio.h>
#include <des.h>
+#endif /* KERBEROS_V */
+
+#include <stdio.h>
+
/* #include "des_internal.h" */
#if 1
+#ifdef KERBEROS_V
+#include <kerberosIV/krb.h>
+#else
#include <krb.h>
-#endif
+#endif /* KERBEROS_V */
+#endif /* 1 */
extern int des_debug;
extern int des_debug_print();
@@ -46,6 +52,7 @@ extern void des_fixup_key_parity();
#endif
#if defined(WORLDPEACEINOURTIME) /* Use original, not ifs version */
+#ifndef KERBEROS_V
/*
* convert an arbitrary length string to a DES key
*/
@@ -132,6 +139,7 @@ des_string_to_key(str,key)
*((unsigned long *) key+1));
}
+#endif /* KERBEROS_V */
#else /* Use ifs version */
#if 0
diff --git a/libraries/liblthread/Makefile.in b/libraries/liblthread/Makefile.in
index 47a810bd62d9b6275ba2a33fb26040af233263b5..bf75f2db020e79f0dc3c8a9a0b31de0204788493 100644
--- a/libraries/liblthread/Makefile.in
+++ b/libraries/liblthread/Makefile.in
@@ -4,8 +4,8 @@
LIBRARY = liblthread.a
XSRCS = version.c
-SRCS = thread.c stack.c
-OBJS = thread.o stack.o
+SRCS = rdwr.c thread.c stack.c
+OBJS = rdwr.o thread.o stack.o
LDAP_INCDIR= ../../include
LDAP_LIBDIR= ../../libraries
diff --git a/libraries/liblthread/rdwr.c b/libraries/liblthread/rdwr.c
new file mode 100644
index 0000000000000000000000000000000000000000..137c9934350494f8c8aca4b9e3ae1efa6fa3499b
--- /dev/null
+++ b/libraries/liblthread/rdwr.c
@@ -0,0 +1,116 @@
+/*
+** This basic implementation of Reader/Writer locks does not
+** protect writers from starvation. That is, if a writer is
+** currently waiting on a reader, any new reader will get
+** the lock before the writer.
+*/
+
+/********************************************************
+ * An example source module to accompany...
+ *
+ * "Using POSIX Threads: Programming with Pthreads"
+ * by Brad nichols, Dick Buttlar, Jackie Farrell
+ * O'Reilly & Associates, Inc.
+ *
+ ********************************************************
+ * rdwr.c --
+ *
+ * Library of functions implementing reader/writer locks
+ */
+
+#define DISABLE_BRIDGE
+#include <portable.h>
+
+#include <stdlib.h>
+#include <lthread.h>
+#include <lthread_rdwr.h>
+
+int pthread_rdwr_init_np(pthread_rdwr_t *rdwrp, pthread_rdwrattr_t *attrp)
+{
+ rdwrp->readers_reading = 0;
+ rdwrp->writer_writing = 0;
+ pthread_mutex_init(&(rdwrp->mutex), NULL);
+ pthread_cond_init(&(rdwrp->lock_free), NULL);
+ return 0;
+}
+
+int pthread_rdwr_rlock_np(pthread_rdwr_t *rdwrp){
+ pthread_mutex_lock(&(rdwrp->mutex));
+ while(rdwrp->writer_writing) {
+ pthread_cond_wait(&(rdwrp->lock_free), &(rdwrp->mutex));
+ }
+ rdwrp->readers_reading++;
+ pthread_mutex_unlock(&(rdwrp->mutex));
+ return 0;
+}
+
+int pthread_rdwr_runlock_np(pthread_rdwr_t *rdwrp)
+{
+ pthread_mutex_lock(&(rdwrp->mutex));
+ if (rdwrp->readers_reading == 0) {
+ pthread_mutex_unlock(&(rdwrp->mutex));
+ return -1;
+ }
+ else {
+ rdwrp->readers_reading--;
+ if (rdwrp->readers_reading == 0) {
+ pthread_cond_signal(&(rdwrp->lock_free));
+ }
+ pthread_mutex_unlock(&(rdwrp->mutex));
+ return 0;
+ }
+}
+
+int pthread_rdwr_wlock_np(pthread_rdwr_t *rdwrp)
+{
+ pthread_mutex_lock(&(rdwrp->mutex));
+ while(rdwrp->writer_writing || rdwrp->readers_reading) {
+ pthread_cond_wait(&(rdwrp->lock_free), &(rdwrp->mutex));
+ }
+ rdwrp->writer_writing++;
+ pthread_mutex_unlock(&(rdwrp->mutex));
+ return 0;
+}
+
+int pthread_rdwr_wunlock_np(pthread_rdwr_t *rdwrp)
+{
+ pthread_mutex_lock(&(rdwrp->mutex));
+ if (rdwrp->writer_writing == 0) {
+ pthread_mutex_unlock(&(rdwrp->mutex));
+ return -1;
+ }
+ else {
+ rdwrp->writer_writing = 0;
+ pthread_cond_broadcast(&(rdwrp->lock_free));
+ pthread_mutex_unlock(&(rdwrp->mutex));
+ return 0;
+ }
+}
+
+#ifdef LDAP_DEBUG
+
+/* just for testing,
+ * return 0 if false, suitable for assert(pthread_rdwr_Xchk(rdwr))
+ *
+ * Currently they don't check if the calling thread is the one
+ * that has the lock, just that there is a reader or writer.
+ *
+ * Basically sufficent for testing that places that should have
+ * a lock are caught.
+ */
+
+int pthread_rdwr_rchk_np(pthread_rdwr_t *rdwrp)
+{
+ return(rdwrp->readers_reading!=0);
+}
+
+int pthread_rdwr_wchk_np(pthread_rdwr_t *rdwrp)
+{
+ return(rdwrp->writer_writing!=0);
+}
+int pthread_rdwr_rwchk_np(pthread_rdwr_t *rdwrp)
+{
+ return(pthread_rdwr_rchk_np(rdwrp) || pthread_rdwr_wchk_np(rdwrp));
+}
+
+#endif /* LDAP_DEBUG */
diff --git a/libraries/liblthread/thread.c b/libraries/liblthread/thread.c
index d4fea7e477e640f12aab3b173b82fb1c1f666ab8..8e4e4995bec00ec1ce8255e1b407b19b83c1d3d7 100644
--- a/libraries/liblthread/thread.c
+++ b/libraries/liblthread/thread.c
@@ -504,6 +504,7 @@ void pthread_yield( void )
{
sched_yield();
}
+
#endif /* HAVE_SCHED_YIELD */
#endif /* posix threads */
diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c
index 6c3b22ee857b04b4f34b74b385891a2a84a66fc9..a5fd38abbdb3edffb99493c1ba321efd0526566b 100644
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -6,15 +6,11 @@
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
-#ifdef sunos5
-#include "regexpr.h"
-#else
-#include "regex.h"
-#endif
+#include <regex.h>
+
#include "slap.h"
extern Attribute *attr_find();
-extern char *re_comp();
extern struct acl *global_acl;
extern int global_default_access;
extern char *access2str();
@@ -26,7 +22,9 @@ struct acl *acl_get_applicable();
static int regex_matches();
-extern pthread_mutex_t regex_mutex;
+static string_expand(char *newbuf, int bufsiz, char *pattern,
+ char *match, regmatch_t *matches);
+
/*
* access_allowed - check whether dn is allowed the requested access
@@ -51,15 +49,57 @@ access_allowed(
int access
)
{
- int rc;
- struct acl *a;
+ int rc;
+ struct acl *a;
+ char *edn;
+
+ regmatch_t matches[MAXREMATCHES];
+ int i;
+ int n;
if ( be == NULL ) {
return( 0 );
}
- a = acl_get_applicable( be, op, e, attr );
- rc = acl_access_allowed( a, be, conn, e, val, op, access );
+ edn = dn_normalize_case( strdup( e->e_dn ) );
+ Debug( LDAP_DEBUG_ACL, "\n=> access_allowed: entry (%s) attr (%s)\n",
+ e->e_dn, attr, 0 );
+
+ /* the lastmod attributes are ignored by ACL checking */
+ if ( strcasecmp( attr, "modifiersname" ) == 0 ||
+ strcasecmp( attr, "modifytimestamp" ) == 0 ||
+ strcasecmp( attr, "creatorsname" ) == 0 ||
+ strcasecmp( attr, "createtimestamp" ) == 0 )
+ {
+ Debug( LDAP_DEBUG_ACL, "LASTMOD attribute: %s access allowed\n",
+ attr, 0, 0 );
+ free( edn );
+ return(1);
+ }
+
+ memset(matches, 0, sizeof(matches));
+
+ a = acl_get_applicable( be, op, e, attr, edn, MAXREMATCHES, matches );
+
+ if (a) {
+ for (i = 0; i < MAXREMATCHES && matches[i].rm_so > 0; i++) {
+ Debug( LDAP_DEBUG_ARGS, "=> match[%d]: %d %d ",
+ i, matches[i].rm_so, matches[i].rm_eo );
+
+ if( matches[i].rm_so <= matches[0].rm_eo ) {
+ for ( n = matches[i].rm_so; n < matches[i].rm_eo; n++) {
+ Debug( LDAP_DEBUG_ARGS, "%c", edn[n], 0, 0 );
+ }
+ }
+ Debug( LDAP_DEBUG_ARGS, "\n", 0, 0, 0 );
+ }
+ }
+
+ rc = acl_access_allowed( a, be, conn, e, val, op, access, edn, matches );
+ free( edn );
+
+ Debug( LDAP_DEBUG_ACL, "\n=> access_allowed: exit (%s) attr (%s)\n",
+ e->e_dn, attr, 0);
return( rc );
}
@@ -75,15 +115,17 @@ acl_get_applicable(
Backend *be,
Operation *op,
Entry *e,
- char *attr
+ char *attr,
+ char *edn,
+ int nmatch,
+ regmatch_t *matches
)
{
- int i;
+ int i, j;
struct acl *a;
- char *edn;
- Debug( LDAP_DEBUG_ACL, "=> acl_get: entry (%s) attr (%s)\n", e->e_dn,
- attr, 0 );
+ Debug( LDAP_DEBUG_ACL, "\n=> acl_get: entry (%s) attr (%s)\n",
+ e->e_dn, attr, 0 );
if ( be_isroot( be, op->o_dn ) ) {
Debug( LDAP_DEBUG_ACL,
@@ -92,55 +134,73 @@ acl_get_applicable(
return( NULL );
}
+ Debug( LDAP_DEBUG_ARGS, "=> acl_get: edn %s\n", edn, 0, 0 );
+
/* check for a backend-specific acl that matches the entry */
for ( i = 1, a = be->be_acl; a != NULL; a = a->acl_next, i++ ) {
- if ( a->acl_dnpat != NULL ) {
- edn = dn_normalize_case( strdup( e->e_dn ) );
- if ( ! regex_matches( a->acl_dnpat, edn ) ) {
- free( edn );
+ if (a->acl_dnpat != NULL) {
+ Debug( LDAP_DEBUG_TRACE, "=> dnpat: [%d] %s nsub: %d\n",
+ i, a->acl_dnpat, a->acl_dnre.re_nsub);
+
+ if (regexec(&a->acl_dnre, edn, nmatch, matches, 0))
continue;
- }
- free( edn );
+ else
+ Debug( LDAP_DEBUG_TRACE, "=> acl_get:[%d] backend ACL match\n",
+ i, 0, 0);
}
+
if ( a->acl_filter != NULL ) {
- if ( test_filter( NULL, NULL, NULL, e, a->acl_filter )
- != 0 ) {
+ if ( test_filter( NULL, NULL, NULL, e, a->acl_filter ) != 0 ) {
continue;
}
}
+
+ Debug( LDAP_DEBUG_ARGS, "=> acl_get: [%d] check attr %s\n", i, attr, 0);
+
if ( attr == NULL || a->acl_attrs == NULL ||
- charray_inlist( a->acl_attrs, attr ) ) {
- Debug( LDAP_DEBUG_ACL, "<= acl_get: backend acl #%d\n",
- i, e->e_dn, attr );
+ charray_inlist( a->acl_attrs, attr ) )
+ {
+ Debug( LDAP_DEBUG_ACL, "<= acl_get: [%d] backend acl %s attr: %s\n",
+ i, e->e_dn, attr );
return( a );
}
+ matches[0].rm_so = matches[0].rm_eo = -1;
}
/* check for a global acl that matches the entry */
for ( i = 1, a = global_acl; a != NULL; a = a->acl_next, i++ ) {
- if ( a->acl_dnpat != NULL ) {
- edn = dn_normalize_case( strdup( e->e_dn ) );
- if ( ! regex_matches( a->acl_dnpat, edn ) ) {
- free( edn );
+ if (a->acl_dnpat != NULL) {
+ Debug( LDAP_DEBUG_TRACE, "=> dnpat: [%d] %s nsub: %d\n",
+ i, a->acl_dnpat, a->acl_dnre.re_nsub);
+
+ if (regexec(&a->acl_dnre, edn, nmatch, matches, 0)) {
continue;
+ } else {
+ Debug( LDAP_DEBUG_TRACE, "=> acl_get: [%d] global ACL match\n",
+ i, 0, 0);
}
- free( edn );
}
+
if ( a->acl_filter != NULL ) {
- if ( test_filter( NULL, NULL, NULL, e, a->acl_filter )
- != 0 ) {
+ if ( test_filter( NULL, NULL, NULL, e, a->acl_filter ) != 0 ) {
continue;
}
}
- if ( attr == NULL || a->acl_attrs == NULL || charray_inlist(
- a->acl_attrs, attr ) ) {
- Debug( LDAP_DEBUG_ACL, "<= acl_get: global acl #%d\n",
- i, e->e_dn, attr );
+
+ Debug( LDAP_DEBUG_ARGS, "=> acl_get: [%d] check attr\n", i, 0, 0);
+
+ if ( attr == NULL || a->acl_attrs == NULL ||
+ charray_inlist( a->acl_attrs, attr ) )
+ {
+ Debug( LDAP_DEBUG_ACL, "<= acl_get: [%d] global acl %s attr: %s\n",
+ i, e->e_dn, attr );
return( a );
}
+
+ matches[0].rm_so = matches[0].rm_eo = -1;
}
- Debug( LDAP_DEBUG_ACL, "<= acl_get: no match\n", 0, 0, 0 );
+ Debug( LDAP_DEBUG_ACL, "<= acl_get: no match\n", 0, 0, 0 );
return( NULL );
}
@@ -161,31 +221,40 @@ acl_access_allowed(
Entry *e,
struct berval *val,
Operation *op,
- int access
+ int access,
+ char *edn,
+ regmatch_t *matches
)
{
int i;
- char *edn, *odn;
+ char *odn;
struct access *b;
Attribute *at;
struct berval bv;
int default_access;
- Debug( LDAP_DEBUG_ACL, "=> acl: %s access to value \"%s\" by \"%s\"\n",
- access2str( access ), val ? val->bv_val : "any", op->o_dn ?
- op->o_dn : "" );
+ Debug( LDAP_DEBUG_ACL,
+ "\n=> acl_access_allowed: %s access to entry \"%s\"\n",
+ access2str( access ), e->e_dn, 0 );
+
+ Debug( LDAP_DEBUG_ACL,
+ "\n=> acl_access_allowed: %s access to value \"%s\" by \"%s\"\n",
+ access2str( access ),
+ val ? val->bv_val : "any",
+ op->o_dn ? op->o_dn : "" );
if ( be_isroot( be, op->o_dn ) ) {
- Debug( LDAP_DEBUG_ACL, "<= acl: granted to database root\n",
+ Debug( LDAP_DEBUG_ACL,
+ "<= acl_access_allowed: granted to database root\n",
0, 0, 0 );
return( 1 );
}
- default_access = be->be_dfltaccess ? be->be_dfltaccess :
- global_default_access;
+ default_access = be->be_dfltaccess ? be->be_dfltaccess : global_default_access;
+
if ( a == NULL ) {
Debug( LDAP_DEBUG_ACL,
- "<= acl: %s by default (no matching to)\n",
+ "<= acl_access_allowed: %s by default (no matching to)\n",
default_access >= access ? "granted" : "denied", 0, 0 );
return( default_access >= access );
}
@@ -198,76 +267,78 @@ acl_access_allowed(
}
for ( i = 1, b = a->acl_access; b != NULL; b = b->a_next, i++ ) {
if ( b->a_dnpat != NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "<= check a_dnpat: %s\n",
+ b->a_dnpat, 0, 0);
/*
* if access applies to the entry itself, and the
* user is bound as somebody in the same namespace as
* the entry, OR the given dn matches the dn pattern
*/
- if ( strcasecmp( b->a_dnpat, "self" ) == 0 && op->o_dn
- != NULL && *(op->o_dn) && e->e_dn != NULL ) {
- edn = dn_normalize_case( strdup( e->e_dn ) );
+ if ( strcasecmp( b->a_dnpat, "self" ) == 0 &&
+ op->o_dn != NULL && *(op->o_dn) && e->e_dn != NULL )
+ {
if ( strcasecmp( edn, op->o_dn ) == 0 ) {
- free( edn );
- if ( odn ) free( odn );
Debug( LDAP_DEBUG_ACL,
- "<= acl: matched by clause #%d access %s\n",
+ "<= acl_access_allowed: matched by clause #%d access %s\n",
i, (b->a_access & ~ACL_SELF) >=
access ? "granted" : "denied", 0 );
- return( (b->a_access & ~ACL_SELF)
- >= access );
+ if ( odn ) free( odn );
+ return( (b->a_access & ~ACL_SELF) >= access );
}
- free( edn );
} else {
- if ( regex_matches( b->a_dnpat, odn ) ) {
- if ( odn ) free( odn );
+ if ( regex_matches( b->a_dnpat, odn, edn, matches ) ) {
Debug( LDAP_DEBUG_ACL,
- "<= acl: matched by clause #%d access %s\n",
+ "<= acl_access_allowed: matched by clause #%d access %s\n",
i, (b->a_access & ~ACL_SELF) >= access ?
"granted" : "denied", 0 );
- return( (b->a_access & ~ACL_SELF)
- >= access );
+ if ( odn ) free( odn );
+ return( (b->a_access & ~ACL_SELF) >= access );
}
}
}
if ( b->a_addrpat != NULL ) {
- if ( regex_matches( b->a_addrpat, conn->c_addr ) ) {
- if ( odn ) free( odn );
+ if ( regex_matches( b->a_addrpat, conn->c_addr, edn, matches ) ) {
Debug( LDAP_DEBUG_ACL,
- "<= acl: matched by clause #%d access %s\n",
+ "<= acl_access_allowed: matched by clause #%d access %s\n",
i, (b->a_access & ~ACL_SELF) >= access ?
"granted" : "denied", 0 );
+ if ( odn ) free( odn );
return( (b->a_access & ~ACL_SELF) >= access );
}
}
if ( b->a_domainpat != NULL ) {
- if ( regex_matches( b->a_domainpat, conn->c_domain ) ) {
- if ( odn ) free( odn );
+ Debug( LDAP_DEBUG_ARGS, "<= check a_domainpath: %s\n",
+ b->a_domainpat, 0, 0 );
+ if ( regex_matches( b->a_domainpat, conn->c_domain, edn, matches ) )
+ {
Debug( LDAP_DEBUG_ACL,
- "<= acl: matched by clause #%d access %s\n",
+ "<= acl_access_allowed: matched by clause #%d access %s\n",
i, (b->a_access & ~ACL_SELF) >= access ?
"granted" : "denied", 0 );
+ if ( odn ) free( odn );
return( (b->a_access & ~ACL_SELF) >= access );
}
}
if ( b->a_dnattr != NULL && op->o_dn != NULL ) {
+ Debug( LDAP_DEBUG_ARGS, "<= check a_dnattr: %s\n",
+ b->a_dnattr, 0, 0);
/* see if asker is listed in dnattr */
- if ( (at = attr_find( e->e_attrs, b->a_dnattr ))
- != NULL && value_find( at->a_vals, &bv,
- at->a_syntax, 3 ) == 0 )
+ if ( (at = attr_find( e->e_attrs, b->a_dnattr )) != NULL &&
+ value_find( at->a_vals, &bv, at->a_syntax, 3 ) == 0 )
{
- if ( (b->a_access & ACL_SELF) && (val == NULL
- || value_cmp( &bv, val, at->a_syntax,
- 2 )) ) {
+ if ( (b->a_access & ACL_SELF) &&
+ (val == NULL || value_cmp( &bv, val, at->a_syntax, 2 )) )
+ {
continue;
}
if ( odn ) free( odn );
Debug( LDAP_DEBUG_ACL,
- "<= acl: matched by clause #%d access %s\n",
+ "<= acl_acces_allowed: matched by clause #%d access %s\n",
i, (b->a_access & ~ACL_SELF) >= access ?
"granted" : "denied", 0 );
@@ -276,22 +347,49 @@ acl_access_allowed(
/* asker not listed in dnattr - check for self access */
if ( ! (b->a_access & ACL_SELF) || val == NULL ||
- value_cmp( &bv, val, at->a_syntax, 2 ) != 0 ) {
+ value_cmp( &bv, val, at->a_syntax, 2 ) != 0 )
+ {
continue;
}
if ( odn ) free( odn );
Debug( LDAP_DEBUG_ACL,
- "<= acl: matched by clause #%d (self) access %s\n",
+ "<= acl_access_allowed: matched by clause #%d (self) access %s\n",
i, (b->a_access & ~ACL_SELF) >= access ? "granted"
: "denied", 0 );
return( (b->a_access & ~ACL_SELF) >= access );
}
+#ifdef ACLGROUP
+ if ( b->a_group != NULL && op->o_dn != NULL ) {
+ char buf[512];
+
+ /* b->a_group is an unexpanded entry name, expanded it should be an
+ * entry with objectclass group* and we test to see if odn is one of
+ * the values in the attribute uniquegroup
+ */
+ Debug( LDAP_DEBUG_ARGS, "<= check a_group: %s\n",
+ b->a_group, 0, 0);
+ Debug( LDAP_DEBUG_ARGS, "<= check a_group: odn: %s\n",
+ odn, 0, 0);
+
+ /* see if asker is listed in dnattr */
+ string_expand(buf, sizeof(buf), b->a_group, edn, matches);
+
+ if (be_group(be, buf, odn) == 0) {
+ Debug( LDAP_DEBUG_ACL,
+ "<= acl_access_allowed: matched by clause #%d (group) access granted\n",
+ i, 0, 0 );
+ if ( odn ) free( odn );
+ return( (b->a_access & ~ACL_SELF) >= access );
+ }
+ }
+#endif /* ACLGROUP */
}
if ( odn ) free( odn );
- Debug( LDAP_DEBUG_ACL, "<= acl: %s by default (no matching by)\n",
+ Debug( LDAP_DEBUG_ACL,
+ "<= acl_access_allowed: %s by default (no matching by)\n",
default_access >= access ? "granted" : "denied", 0, 0 );
return( default_access >= access );
@@ -316,14 +414,26 @@ acl_check_mods(
{
int i;
struct acl *a;
+ char *edn;
+
+ edn = dn_normalize_case( strdup( e->e_dn ) );
for ( ; mods != NULL; mods = mods->mod_next ) {
+ regmatch_t matches[MAXREMATCHES];
+
+ /* the lastmod attributes are ignored by ACL checking */
if ( strcasecmp( mods->mod_type, "modifiersname" ) == 0 ||
- strcasecmp( mods->mod_type, "modifytimestamp" ) == 0 ) {
+ strcasecmp( mods->mod_type, "modifytimestamp" ) == 0 ||
+ strcasecmp( mods->mod_type, "creatorsname" ) == 0 ||
+ strcasecmp( mods->mod_type, "createtimestamp" ) == 0 )
+ {
+ Debug( LDAP_DEBUG_ACL, "LASTMOD attribute: %s access allowed\n",
+ mods->mod_type, 0, 0 );
continue;
}
- a = acl_get_applicable( be, op, e, mods->mod_type );
+ a = acl_get_applicable( be, op, e, mods->mod_type, edn,
+ MAXREMATCHES, matches );
switch ( mods->mod_op & ~LDAP_MOD_BVALUES ) {
case LDAP_MOD_REPLACE:
@@ -332,8 +442,10 @@ acl_check_mods(
break;
}
for ( i = 0; mods->mod_bvalues[i] != NULL; i++ ) {
- if ( ! acl_access_allowed( a, be, conn, e,
- mods->mod_bvalues[i], op, ACL_WRITE ) ) {
+ if ( ! acl_access_allowed( a, be, conn, e, mods->mod_bvalues[i],
+ op, ACL_WRITE, edn, matches) )
+ {
+ free(edn);
return( LDAP_INSUFFICIENT_ACCESS );
}
}
@@ -342,14 +454,18 @@ acl_check_mods(
case LDAP_MOD_DELETE:
if ( mods->mod_bvalues == NULL ) {
if ( ! acl_access_allowed( a, be, conn, e,
- NULL, op, ACL_WRITE ) ) {
+ NULL, op, ACL_WRITE, edn, matches) )
+ {
+ free(edn);
return( LDAP_INSUFFICIENT_ACCESS );
}
break;
}
for ( i = 0; mods->mod_bvalues[i] != NULL; i++ ) {
- if ( ! acl_access_allowed( a, be, conn, e,
- mods->mod_bvalues[i], op, ACL_WRITE ) ) {
+ if ( ! acl_access_allowed( a, be, conn, e, mods->mod_bvalues[i],
+ op, ACL_WRITE, edn, matches) )
+ {
+ free(edn);
return( LDAP_INSUFFICIENT_ACCESS );
}
}
@@ -357,48 +473,95 @@ acl_check_mods(
}
}
+ free(edn);
return( LDAP_SUCCESS );
}
-#ifdef sunos5
-
-static int
-regex_matches( char *pat, char *str )
+static string_expand(
+ char *newbuf,
+ int bufsiz,
+ char *pat,
+ char *match,
+ regmatch_t *matches)
{
- char *e;
- int rc;
-
- if ( (e = compile( pat, NULL, NULL )) == NULL ) {
- Debug( LDAP_DEBUG_ANY,
- "compile( \"%s\", \"%s\") failed\n", pat, str, 0 );
- return( 0 );
+ int size;
+ char *sp;
+ char *dp;
+ int flag;
+
+ size = 0;
+ newbuf[0] = '\0';
+
+ flag = 0;
+ for ( dp = newbuf, sp = pat; size < 512 && *sp ; sp++) {
+ /* did we previously see a $ */
+ if (flag) {
+ if (*sp == '$') {
+ *dp++ = '$';
+ size++;
+ } else if (*sp >= '0' && *sp <= '9' ) {
+ int n;
+ int i;
+ char *ep;
+ int l;
+
+ n = *sp - '0';
+ *dp = '\0';
+ i = matches[n].rm_so;
+ l = matches[n].rm_eo;
+ for ( ; size < 512 && i < l; size++, i++ ) {
+ *dp++ = match[i];
+ size++;
+ }
+ *dp = '\0';
+ }
+ flag = 0;
+ } else {
+ if (*sp == '$') {
+ flag = 1;
+ } else {
+ *dp++ = *sp;
+ size++;
+ }
+ }
}
- rc = step( str ? str : "", e );
- free( e );
+ *dp = '\0';
- return( rc );
+ Debug( LDAP_DEBUG_TRACE, "=> string_expand: pattern: %s\n", pat, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, "=> string_expand: expanded: %s\n", newbuf, 0, 0 );
}
-#else /* sunos5 */
-
static int
-regex_matches( char *pat, char *str )
+regex_matches(
+ char *pat, /* pattern to expand and match against */
+ char *str, /* string to match against pattern */
+ char *buf, /* buffer with $N expansion variables */
+ regmatch_t *matches /* offsets in buffer for $N expansion variables */
+)
{
- char *e;
+ regex_t re;
+ char newbuf[512];
int rc;
- pthread_mutex_lock( ®ex_mutex );
- if ( (e = re_comp( pat )) != NULL ) {
- Debug( LDAP_DEBUG_ANY,
- "re_comp( \"%s\", \"%s\") failed because (%s)\n", pat, str,
- e );
- pthread_mutex_unlock( ®ex_mutex );
+ string_expand(newbuf, sizeof(newbuf), pat, buf, matches);
+ if (( rc = regcomp(&re, newbuf, REG_EXTENDED|REG_ICASE))) {
+ char error[512];
+ regerror(rc, &re, error, sizeof(error));
+
+ Debug( LDAP_DEBUG_TRACE,
+ "compile( \"%s\", \"%s\") failed %s\n",
+ pat, str, error );
return( 0 );
}
- rc = re_exec( str ? str : "" );
- pthread_mutex_unlock( ®ex_mutex );
- return( rc == 1 );
+ rc = regexec(&re, str, 0, NULL, 0);
+ regfree( &re );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "=> regex_matches: string: %s\n", str, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE,
+ "=> regex_matches: rc: %d %s\n",
+ rc, !rc ? "matches" : "no matches", 0 );
+ return( !rc );
}
-#endif /* sunos5 */
diff --git a/servers/slapd/add.c b/servers/slapd/add.c
index 027e40a8e4d2af935172366a8266aeb7a7bd41ca..93cc3cdcd3b3c74e7eab51c8c35d54632fc5bb19 100644
--- a/servers/slapd/add.c
+++ b/servers/slapd/add.c
@@ -53,6 +53,8 @@ do_add( conn, op )
*/
e = (Entry *) ch_calloc( 1, sizeof(Entry) );
+ /* initialize reader/writer lock */
+ entry_rdwr_init(e);
/* get the name */
if ( ber_scanf( ber, "{a", &dn ) == LBER_ERROR ) {
@@ -117,21 +119,25 @@ do_add( conn, op )
*/
if ( be->be_add != NULL ) {
/* do the update here */
- if ( be->be_updatedn == NULL || strcasecmp( be->be_updatedn,
- op->o_dn ) == 0 ) {
- if ( (be->be_lastmod == ON || be->be_lastmod == 0 &&
- global_lastmod == ON) && be->be_updatedn == NULL ) {
+ if ( be->be_updatedn == NULL ||
+ strcasecmp( be->be_updatedn, op->o_dn ) == 0 ) {
+
+ if ( (be->be_lastmod == ON || (be->be_lastmod == UNDEFINED &&
+ global_lastmod == ON)) && be->be_updatedn == NULL ) {
+
add_created_attrs( op, e );
}
if ( (*be->be_add)( be, conn, op, e ) == 0 ) {
replog( be, LDAP_REQ_ADD, e->e_dn, e, 0 );
}
+
} else {
entry_free( e );
send_ldap_result( conn, op, LDAP_PARTIAL_RESULTS, NULL,
default_referral );
}
} else {
+ Debug( LDAP_DEBUG_ARGS, " do_add: HHH\n", 0, 0, 0 );
entry_free( e );
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM, NULL,
"Function not implemented" );
@@ -141,7 +147,7 @@ do_add( conn, op )
static void
add_created_attrs( Operation *op, Entry *e )
{
- char buf[20];
+ char buf[22];
struct berval bv;
struct berval *bvals[2];
Attribute **a, **next;
@@ -155,8 +161,10 @@ add_created_attrs( Operation *op, Entry *e )
/* remove any attempts by the user to add these attrs */
for ( a = &e->e_attrs; *a != NULL; a = next ) {
- if ( strcasecmp( (*a)->a_type, "createtimestamp" ) == 0
- || strcasecmp( (*a)->a_type, "creatorsname" ) == 0 ) {
+ if ( strcasecmp( (*a)->a_type, "modifiersname" ) == 0 ||
+ strcasecmp( (*a)->a_type, "modifytimestamp" ) == 0 ||
+ strcasecmp( (*a)->a_type, "creatorsname" ) == 0 ||
+ strcasecmp( (*a)->a_type, "createtimestamp" ) == 0 ) {
tmp = *a;
*a = (*a)->a_next;
attr_free( tmp );
@@ -176,8 +184,12 @@ add_created_attrs( Operation *op, Entry *e )
attr_merge( e, "creatorsname", bvals );
pthread_mutex_lock( ¤ttime_mutex );
- ltm = localtime( ¤ttime );
- strftime( buf, sizeof(buf), "%y%m%d%H%M%SZ", ltm );
+ ltm = localtime( ¤ttime );
+#ifdef LDAP_Y2K
+ strftime( buf, sizeof(buf), "%Y%m%d%H%M%SZ", ltm );
+#else
+ strftime( buf, sizeof(buf), "%y%m%d%H%M%SZ", ltm );
+#endif
pthread_mutex_unlock( ¤ttime_mutex );
bv.bv_val = buf;
diff --git a/servers/slapd/back-ldbm/add.c b/servers/slapd/back-ldbm/add.c
index 3dacd6da3dba445dece437a7eff58708971c2e65..797398ad4b5cd72d14f409874fad2dd7752bae2b 100644
--- a/servers/slapd/back-ldbm/add.c
+++ b/servers/slapd/back-ldbm/add.c
@@ -6,11 +6,11 @@
#include <sys/socket.h>
#include "slap.h"
#include "back-ldbm.h"
+#include "proto-back-ldbm.h"
extern int global_schemacheck;
extern char *dn_parent();
extern char *dn_normalize();
-extern Entry *dn2entry();
int
ldbm_back_add(
@@ -21,27 +21,30 @@ ldbm_back_add(
)
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
- char *matched;
char *dn = NULL, *pdn = NULL;
- Entry *p;
+ Entry *p = NULL;
+ int rc;
dn = dn_normalize( strdup( e->e_dn ) );
- matched = NULL;
- if ( (p = dn2entry( be, dn, &matched )) != NULL ) {
- cache_return_entry( &li->li_cache, p );
+
+ Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_add: %s\n", dn, 0, 0);
+
+ if ( ( dn2id( be, dn ) ) != NOID ) {
entry_free( e );
free( dn );
send_ldap_result( conn, op, LDAP_ALREADY_EXISTS, "", "" );
return( -1 );
}
- if ( matched != NULL ) {
- free( matched );
- }
+
/* XXX race condition here til we cache_add_entry_lock below XXX */
if ( global_schemacheck && oc_schema_check( e ) != 0 ) {
- Debug( LDAP_DEBUG_TRACE, "entry failed schema check\n", 0, 0,
- 0 );
+ Debug( LDAP_DEBUG_TRACE, "entry failed schema check\n",
+ 0, 0, 0 );
+
+ /* XXX this should be ok, no other thread should have access
+ * because e hasn't been added to the cache yet
+ */
entry_free( e );
free( dn );
send_ldap_result( conn, op, LDAP_OBJECT_CLASS_VIOLATION, "",
@@ -61,6 +64,10 @@ ldbm_back_add(
Debug( LDAP_DEBUG_ANY, "cache_add_entry_lock failed\n", 0, 0,
0 );
next_id_return( be, e->e_id );
+
+ /* XXX this should be ok, no other thread should have access
+ * because e hasn't been added to the cache yet
+ */
entry_free( e );
free( dn );
send_ldap_result( conn, op, LDAP_ALREADY_EXISTS, "", "" );
@@ -74,17 +81,22 @@ ldbm_back_add(
*/
if ( (pdn = dn_parent( be, dn )) != NULL ) {
+ char *matched;
/* no parent */
matched = NULL;
- if ( (p = dn2entry( be, pdn, &matched )) == NULL ) {
+
+ /* get entry with reader lock */
+ if ( (p = dn2entry_r( be, pdn, &matched )) == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "parent does not exist\n", 0,
+ 0, 0 );
send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT,
matched, "" );
if ( matched != NULL ) {
free( matched );
}
- Debug( LDAP_DEBUG_TRACE, "parent does not exist\n", 0,
- 0, 0 );
- goto error_return;
+
+ rc = -1;
+ goto return_results;
}
if ( matched != NULL ) {
free( matched );
@@ -96,7 +108,9 @@ ldbm_back_add(
0, 0 );
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
"", "" );
- goto error_return;
+
+ rc = -1;
+ goto return_results;
}
} else {
if ( ! be_isroot( be, op->o_dn ) ) {
@@ -104,9 +118,10 @@ ldbm_back_add(
0, 0 );
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
"", "" );
- goto error_return;
+
+ rc = -1;
+ goto return_results;
}
- p = NULL;
}
/*
@@ -116,9 +131,10 @@ ldbm_back_add(
if ( id2children_add( be, p, e ) != 0 ) {
Debug( LDAP_DEBUG_TRACE, "id2children_add failed\n", 0,
0, 0 );
- send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, "",
- "" );
- goto error_return;
+ send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, "", "" );
+
+ rc = -1;
+ goto return_results;
}
/*
@@ -131,7 +147,9 @@ ldbm_back_add(
Debug( LDAP_DEBUG_TRACE, "index_add_entry failed\n", 0,
0, 0 );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, "", "" );
- goto error_return;
+
+ rc = -1;
+ goto return_results;
}
/* dn2id index */
@@ -139,35 +157,44 @@ ldbm_back_add(
Debug( LDAP_DEBUG_TRACE, "dn2id_add failed\n", 0,
0, 0 );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, "", "" );
- goto error_return;
+
+ rc = -1;
+ goto return_results;
}
+ /* acquire writer lock */
+ entry_rdwr_lock(e, 1);
+
/* id2entry index */
if ( id2entry_add( be, e ) != 0 ) {
Debug( LDAP_DEBUG_TRACE, "id2entry_add failed\n", 0,
0, 0 );
(void) dn2id_delete( be, dn );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, "", "" );
- goto error_return;
+
+ rc = -1;
+ goto return_results;
}
send_ldap_result( conn, op, LDAP_SUCCESS, "", "" );
+ rc = 0;
+
+return_results:;
+
if ( dn != NULL )
free( dn );
if ( pdn != NULL )
free( pdn );
+
cache_set_state( &li->li_cache, e, 0 );
- cache_return_entry( &li->li_cache, e );
- return( 0 );
-error_return:;
- if ( dn != NULL )
- free( dn );
- if ( pdn != NULL )
- free( pdn );
- next_id_return( be, e->e_id );
- cache_delete_entry( &li->li_cache, e );
- cache_return_entry( &li->li_cache, e );
+ /* free entry and writer lock */
+ cache_return_entry_w( &li->li_cache, e );
+
+ /* free entry and reader lock */
+ if (p != NULL) {
+ cache_return_entry_r( &li->li_cache, p );
+ }
- return( -1 );
+ return( rc );
}
diff --git a/servers/slapd/back-ldbm/bind.c b/servers/slapd/back-ldbm/bind.c
index be453f8e5dd8f47c2e944d2cf66889a0956e765a..66dfddbceb55fff38dc5908f1f2c953635238a09 100644
--- a/servers/slapd/back-ldbm/bind.c
+++ b/servers/slapd/back-ldbm/bind.c
@@ -6,6 +6,7 @@
#include <sys/socket.h>
#include "slap.h"
#include "back-ldbm.h"
+#include "proto-back-ldbm.h"
#ifdef KERBEROS
#ifdef KERBEROS_V
#include <kerberosIV/krb.h>
@@ -32,7 +33,6 @@ extern char *crypt (char *key, char *salt);
#include <lutil.h>
-extern Entry *dn2entry();
extern Attribute *attr_find();
#ifdef KERBEROS
@@ -140,7 +140,10 @@ ldbm_back_bind(
AUTH_DAT ad;
#endif
- if ( (e = dn2entry( be, dn, &matched )) == NULL ) {
+ Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_bind: dn: %s\n", dn, 0, 0);
+
+ /* get entry with reader lock */
+ if ( (e = dn2entry_r( be, dn, &matched )) == NULL ) {
/* allow noauth binds */
if ( method == LDAP_AUTH_SIMPLE && cred->bv_len == 0 ) {
/*
@@ -153,8 +156,7 @@ ldbm_back_bind(
/* front end will send result */
rc = 0;
} else {
- send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT,
- matched, NULL );
+ send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT, matched, NULL );
rc = 1;
}
if ( matched != NULL ) {
@@ -163,25 +165,32 @@ ldbm_back_bind(
return( rc );
}
+ /* check for deleted */
+
switch ( method ) {
case LDAP_AUTH_SIMPLE:
if ( cred->bv_len == 0 ) {
send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL );
- return( 1 );
+
+ /* stop front end from sending result */
+ rc = 1;
+ goto return_results;
} else if ( be_isroot_pw( be, dn, cred ) ) {
/* front end will send result */
- return( 0 );
+ rc = 0;
+ goto return_results;
}
if ( (a = attr_find( e->e_attrs, "userpassword" )) == NULL ) {
if ( be_isroot_pw( be, dn, cred ) ) {
/* front end will send result */
- return( 0 );
+ rc = 0;
+ goto return_results;
}
send_ldap_result( conn, op, LDAP_INAPPROPRIATE_AUTH,
NULL, NULL );
- cache_return_entry( &li->li_cache, e );
- return( 1 );
+ rc = 1;
+ goto return_results;
}
#ifdef LDAP_CRYPT
@@ -189,16 +198,18 @@ ldbm_back_bind(
#else
if ( value_find( a->a_vals, cred, a->a_syntax, 0 ) != 0 )
#endif
-{
+ {
if ( be_isroot_pw( be, dn, cred ) ) {
/* front end will send result */
- return( 0 );
+ rc = 0;
+ goto return_results;
}
send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
NULL, NULL );
- cache_return_entry( &li->li_cache, e );
- return( 1 );
+ rc = 1;
+ goto return_results;
}
+ rc = 0;
break;
#ifdef KERBEROS
@@ -206,8 +217,8 @@ ldbm_back_bind(
if ( krbv4_ldap_auth( be, cred, &ad ) != LDAP_SUCCESS ) {
send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
NULL, NULL );
- cache_return_entry( &li->li_cache, e );
- return( 1 );
+ rc = 0;
+ goto return_results;
}
sprintf( krbname, "%s%s%s@%s", ad.pname, *ad.pinst ? "."
: "", ad.pinst, ad.prealm );
@@ -216,43 +227,47 @@ ldbm_back_bind(
* no krbName values present: check against DN
*/
if ( strcasecmp( dn, krbname ) == 0 ) {
+ rc = 0; /* XXX wild ass guess */
break;
}
send_ldap_result( conn, op, LDAP_INAPPROPRIATE_AUTH,
NULL, NULL );
- cache_return_entry( &li->li_cache, e );
- return( 1 );
+ rc = 1;
+ goto return_results;
} else { /* look for krbName match */
struct berval krbval;
krbval.bv_val = krbname;
krbval.bv_len = strlen( krbname );
- if ( value_find( a->a_vals, &krbval, a->a_syntax, 3 )
- != 0 ) {
+ if ( value_find( a->a_vals, &krbval, a->a_syntax, 3 ) != 0 ) {
send_ldap_result( conn, op,
LDAP_INVALID_CREDENTIALS, NULL, NULL );
- cache_return_entry( &li->li_cache, e );
- return( 1 );
+ rc = 1;
+ goto return_results;
}
}
break;
case LDAP_AUTH_KRBV42:
send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL );
- cache_return_entry( &li->li_cache, e );
- return( 1 );
+ /* stop front end from sending result */
+ rc = 1;
+ goto return_results;
#endif
default:
send_ldap_result( conn, op, LDAP_STRONG_AUTH_NOT_SUPPORTED,
NULL, "auth method not supported" );
- cache_return_entry( &li->li_cache, e );
- return( 1 );
+ rc = 1;
+ goto return_results;
}
- cache_return_entry( &li->li_cache, e );
+return_results:;
+ /* free entry and reader lock */
+ cache_return_entry_r( &li->li_cache, e );
- /* success: front end will send result */
- return( 0 );
+ /* front end with send result on success (rc==0) */
+ return( rc );
}
+
diff --git a/servers/slapd/back-ldbm/cache.c b/servers/slapd/back-ldbm/cache.c
index a9248865ef20182911cfc8bc2388f9887e758085..819b1f2712cd7ea1e7bd65050bafc062c9998633 100644
--- a/servers/slapd/back-ldbm/cache.c
+++ b/servers/slapd/back-ldbm/cache.c
@@ -52,7 +52,7 @@ cache_set_state( struct cache *cache, Entry *e, int state )
pthread_mutex_unlock( &cache->c_mutex );
}
-void
+static void
cache_return_entry( struct cache *cache, Entry *e )
{
/* set cache mutex */
@@ -66,6 +66,28 @@ cache_return_entry( struct cache *cache, Entry *e )
pthread_mutex_unlock( &cache->c_mutex );
}
+static void
+cache_return_entry_rw( struct cache *cache, Entry *e, int rw )
+{
+ Debug( LDAP_DEBUG_TRACE, "====> cache_return_entry_%s\n",
+ rw ? "w" : "r", 0, 0);
+ entry_rdwr_unlock(e, rw);;
+ cache_return_entry(cache, e);
+}
+
+void
+cache_return_entry_r( struct cache *cache, Entry *e )
+{
+ cache_return_entry_rw(cache, e, 0);
+}
+
+void
+cache_return_entry_w( struct cache *cache, Entry *e )
+{
+ cache_return_entry_rw(cache, e, 1);
+}
+
+
#define LRU_DELETE( cache, e ) { \
if ( e->e_lruprev != NULL ) { \
e->e_lruprev->e_lrunext = e->e_lrunext; \
@@ -114,8 +136,8 @@ cache_add_entry_lock(
cache_entrydn_cmp, avl_dup_error ) != 0 )
{
Debug( LDAP_DEBUG_TRACE,
- "entry %20s id %d already in dn cache\n", e->e_dn,
- e->e_id, 0 );
+ "====> cache_add_entry lock: entry %20s id %d already in dn cache\n",
+ e->e_dn, e->e_id, 0 );
/* free cache mutex */
pthread_mutex_unlock( &cache->c_mutex );
@@ -126,14 +148,15 @@ cache_add_entry_lock(
if ( avl_insert( &cache->c_idtree, (caddr_t) e,
cache_entryid_cmp, avl_dup_error ) != 0 )
{
- Debug( LDAP_DEBUG_ANY, "entry %20s id %d already in id cache\n",
+ Debug( LDAP_DEBUG_ANY,
+ "====> entry %20s id %d already in id cache\n",
e->e_dn, e->e_id, 0 );
/* delete from dn tree inserted above */
if ( avl_delete( &cache->c_dntree, (caddr_t) e,
cache_entrydn_cmp ) == NULL )
{
- Debug( LDAP_DEBUG_ANY, "can't delete from dn cache\n",
+ Debug( LDAP_DEBUG_ANY, "====> can't delete from dn cache\n",
0, 0, 0 );
}
@@ -171,6 +194,9 @@ cache_add_entry_lock(
== 0 && cache->c_cursize > cache->c_maxsize ) {
e = cache->c_lrutail;
+ /* XXX check for writer lock - should also check no readers pending */
+ assert(pthread_rdwr_wchk_np(&e->e_rdwr));
+
/* delete from cache and lru q */
rc = cache_delete_entry_internal( cache, e );
@@ -184,45 +210,85 @@ cache_add_entry_lock(
}
/*
- * cache_find_entry_dn - find an entry in the cache, given dn
+ * cache_find_entry_dn2id - find an entry in the cache, given dn
*/
-Entry *
-cache_find_entry_dn(
+ID
+cache_find_entry_dn2id(
+ Backend *be,
struct cache *cache,
char *dn
)
{
+ struct ldbminfo *li = (struct ldbminfo *) be->be_private;
Entry e, *ep;
+ ID id;
/* set cache mutex */
pthread_mutex_lock( &cache->c_mutex );
e.e_dn = dn;
+
if ( (ep = (Entry *) avl_find( cache->c_dntree, (caddr_t) &e,
cache_entrydn_cmp )) != NULL )
{
+ Debug(LDAP_DEBUG_TRACE, "====> cache_find_entry_dn2id: found dn: %s\n",
+ dn, 0, 0);
+
/*
* entry is deleted or not fully created yet
*/
if ( ep->e_state == ENTRY_STATE_DELETED ||
- ep->e_state == ENTRY_STATE_CREATING )
+ ep->e_state == ENTRY_STATE_CREATING )
{
/* free cache mutex */
pthread_mutex_unlock( &cache->c_mutex );
- return( NULL );
+ return( NOID );
}
+
+ /* XXX is this safe without writer lock? */
ep->e_refcnt++;
/* lru */
LRU_DELETE( cache, ep );
LRU_ADD( cache, ep );
+
+ /* acquire reader lock */
+ entry_rdwr_lock(ep, 0);
+
+ /* re-check */
+ if ( ep->e_state == ENTRY_STATE_DELETED ||
+ ep->e_state == ENTRY_STATE_CREATING )
+ {
+ /* XXX check that is is required */
+ ep->e_refcnt--;
+
+ /* free reader lock */
+ entry_rdwr_unlock(ep, 0);
+ /* free cache mutex */
+ pthread_mutex_unlock( &cache->c_mutex );
+
+ return( NOID );
+ }
+
+ /* save id */
+ id = ep->e_id;
+
+ /* free reader lock */
+ entry_rdwr_unlock(ep, 0);
+
+ /* free cache mutex */
+ pthread_mutex_unlock( &cache->c_mutex );
+
+ cache_return_entry( &li->li_cache, ep );
+
+ return( id );
}
/* free cache mutex */
pthread_mutex_unlock( &cache->c_mutex );
- return( ep );
+ return( NOID );
}
/*
@@ -231,8 +297,9 @@ cache_find_entry_dn(
Entry *
cache_find_entry_id(
- struct cache *cache,
- ID id
+ struct cache *cache,
+ ID id,
+ int rw
)
{
Entry e;
@@ -242,30 +309,64 @@ cache_find_entry_id(
pthread_mutex_lock( &cache->c_mutex );
e.e_id = id;
+
if ( (ep = (Entry *) avl_find( cache->c_idtree, (caddr_t) &e,
cache_entryid_cmp )) != NULL )
{
+ Debug(LDAP_DEBUG_TRACE,
+ "====> cache_find_entry_dn2id: found id: %ld rw: %d\n",
+ id, rw, 0);
+
/*
* entry is deleted or not fully created yet
*/
if ( ep->e_state == ENTRY_STATE_DELETED ||
- ep->e_state == ENTRY_STATE_CREATING )
+ ep->e_state == ENTRY_STATE_CREATING )
{
/* free cache mutex */
pthread_mutex_unlock( &cache->c_mutex );
return( NULL );
}
+ /* XXX is this safe without writer lock? */
ep->e_refcnt++;
/* lru */
LRU_DELETE( cache, ep );
LRU_ADD( cache, ep );
+
+ /* acquire reader lock */
+ entry_rdwr_lock(ep, 0);
+
+ /* re-check */
+ if ( ep->e_state == ENTRY_STATE_DELETED ||
+ ep->e_state == ENTRY_STATE_CREATING ) {
+
+ /* XXX check that is is required */
+ ep->e_refcnt--;
+
+ /* free reader lock */
+ entry_rdwr_unlock(ep, 0);
+
+ /* free cache mutex */
+ pthread_mutex_unlock( &cache->c_mutex );
+ return( NULL );
+ }
+
+ if ( rw ) {
+ entry_rdwr_unlock(ep, 0);
+ entry_rdwr_lock(ep, 1);
+ }
+
+ /* free cache mutex */
+ pthread_mutex_unlock( &cache->c_mutex );
+
+ return( ep );
}
/* free cache mutex */
pthread_mutex_unlock( &cache->c_mutex );
- return( ep );
+ return( NULL );
}
/*
@@ -287,6 +388,11 @@ cache_delete_entry(
{
int rc;
+ Debug( LDAP_DEBUG_TRACE, "====> cache_delete_entry:\n", 0, 0, 0 );
+
+ /* XXX check for writer lock - should also check no readers pending */
+ assert(pthread_rdwr_wchk_np(&e->e_rdwr));
+
/* set cache mutex */
pthread_mutex_lock( &cache->c_mutex );
@@ -349,3 +455,4 @@ lru_print( struct cache *cache )
}
#endif
+
diff --git a/servers/slapd/back-ldbm/compare.c b/servers/slapd/back-ldbm/compare.c
index 4757a29b9228684dbfb6e834b74ed8fa0c66e857..b0974ffdbbd396867ad3ff1effc6e3237654d38a 100644
--- a/servers/slapd/back-ldbm/compare.c
+++ b/servers/slapd/back-ldbm/compare.c
@@ -6,8 +6,8 @@
#include <sys/socket.h>
#include "slap.h"
#include "back-ldbm.h"
+#include "proto-back-ldbm.h"
-extern Entry *dn2entry();
extern Attribute *attr_find();
int
@@ -23,33 +23,36 @@ ldbm_back_compare(
char *matched;
Entry *e;
Attribute *a;
- int i;
+ int i, rc;
- if ( (e = dn2entry( be, dn, &matched )) == NULL ) {
+ /* get entry with reader lock */
+ if ( (e = dn2entry_r( be, dn, &matched )) == NULL ) {
send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT, matched, "" );
return( 1 );
}
+ /* check for deleted */
if ( ! access_allowed( be, conn, op, e, ava->ava_type, &ava->ava_value,
op->o_dn, ACL_COMPARE ) ) {
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS, "", "" );
- cache_return_entry( &li->li_cache, e );
- return( 1 );
+ rc = 1;
+ goto return_results;
}
if ( (a = attr_find( e->e_attrs, ava->ava_type )) == NULL ) {
send_ldap_result( conn, op, LDAP_NO_SUCH_ATTRIBUTE, "", "" );
- cache_return_entry( &li->li_cache, e );
- return( 1 );
+ rc = 1;
+ goto return_results;
}
- if ( value_find( a->a_vals, &ava->ava_value, a->a_syntax, 1 ) == 0 ) {
+ if ( value_find( a->a_vals, &ava->ava_value, a->a_syntax, 1 ) == 0 )
send_ldap_result( conn, op, LDAP_COMPARE_TRUE, "", "" );
- cache_return_entry( &li->li_cache, e );
- return( 0 );
- }
+ else
+ send_ldap_result( conn, op, LDAP_COMPARE_FALSE, "", "" );
+
+ rc = 0;
- send_ldap_result( conn, op, LDAP_COMPARE_FALSE, "", "" );
- cache_return_entry( &li->li_cache, e );
- return( 0 );
+return_results:;
+ cache_return_entry_r( &li->li_cache, e );
+ return( rc );
}
diff --git a/servers/slapd/back-ldbm/delete.c b/servers/slapd/back-ldbm/delete.c
index c773929ffb43a64eb73ba3e3b7c28124a5655b08..b6ffa79e0e5b3edae3fb47be86c4af1937d6f0b3 100644
--- a/servers/slapd/back-ldbm/delete.c
+++ b/servers/slapd/back-ldbm/delete.c
@@ -6,8 +6,8 @@
#include <sys/socket.h>
#include "slap.h"
#include "back-ldbm.h"
+#include "proto-back-ldbm.h"
-extern Entry *dn2entry();
extern Attribute *attr_find();
int
@@ -22,7 +22,12 @@ ldbm_back_delete(
char *matched = NULL;
Entry *e;
- if ( (e = dn2entry( be, dn, &matched )) == NULL ) {
+ Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_delete: %s\n", dn, 0, 0);
+
+ /* get entry with writer lock */
+ if ( (e = dn2entry_w( be, dn, &matched )) == NULL ) {
+ Debug(LDAP_DEBUG_ARGS, "<=- ldbm_back_delete: no such object %s\n",
+ dn, 0, 0);
send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT, matched, "" );
if ( matched != NULL ) {
free( matched );
@@ -30,38 +35,63 @@ ldbm_back_delete(
return( -1 );
}
+ Debug (LDAP_DEBUG_TRACE,
+ "rdwr_Xchk: readers_reading: %d writer_writing: %d\n",
+ e->e_rdwr.readers_reading, e->e_rdwr.writer_writing, 0);
+
+ /* check for deleted */
+
if ( has_children( be, e ) ) {
+ Debug(LDAP_DEBUG_ARGS, "<=- ldbm_back_delete: non leaf %s\n",
+ dn, 0, 0);
send_ldap_result( conn, op, LDAP_NOT_ALLOWED_ON_NONLEAF, "",
"" );
- cache_return_entry( &li->li_cache, e );
- return( -1 );
+ goto error_return;
}
if ( ! access_allowed( be, conn, op, e, "entry", NULL, op->o_dn,
ACL_WRITE ) ) {
+ Debug(LDAP_DEBUG_ARGS,
+ "<=- ldbm_back_delete: insufficient access %s\n",
+ dn, 0, 0);
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS, "", "" );
- cache_return_entry( &li->li_cache, e );
- return( -1 );
+ goto error_return;
}
+ Debug (LDAP_DEBUG_TRACE,
+ "rdwr_Xchk: readers_reading: %d writer_writing: %d\n",
+ e->e_rdwr.readers_reading, e->e_rdwr.writer_writing, 0);
+
/* XXX delete from parent's id2children entry XXX */
/* delete from dn2id mapping */
if ( dn2id_delete( be, e->e_dn ) != 0 ) {
+ Debug(LDAP_DEBUG_ARGS,
+ "<=- ldbm_back_delete: operations error %s\n",
+ dn, 0, 0);
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, "", "" );
- cache_return_entry( &li->li_cache, e );
- return( -1 );
+ goto error_return;
}
/* delete from disk and cache */
if ( id2entry_delete( be, e ) != 0 ) {
+ Debug(LDAP_DEBUG_ARGS,
+ "<=- ldbm_back_delete: operations error %s\n",
+ dn, 0, 0);
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, "", "" );
- cache_return_entry( &li->li_cache, e );
- return( -1 );
+ goto error_return;
}
- cache_return_entry( &li->li_cache, e );
+
+ /* free entry and writer lock */
+ cache_return_entry_w( &li->li_cache, e );
send_ldap_result( conn, op, LDAP_SUCCESS, "", "" );
return( 0 );
+
+error_return:;
+ /* free entry and writer lock */
+ cache_return_entry_w( &li->li_cache, e );
+
+ return( -1 );
}
diff --git a/servers/slapd/back-ldbm/dn2id.c b/servers/slapd/back-ldbm/dn2id.c
index c4116086b00d5aab3d143a14f045956a3737c51d..0a7edac280e7fdb39f8cae9873fa46e4ba828841 100644
--- a/servers/slapd/back-ldbm/dn2id.c
+++ b/servers/slapd/back-ldbm/dn2id.c
@@ -6,10 +6,9 @@
#include <sys/socket.h>
#include "slap.h"
#include "back-ldbm.h"
+#include "proto-back-ldbm.h"
extern struct dbcache *ldbm_cache_open();
-extern Entry *cache_find_entry_dn();
-extern Entry *id2entry();
extern char *dn_parent();
extern Datum ldbm_cache_fetch();
@@ -20,9 +19,15 @@ dn2id_add(
ID id
)
{
- int rc;
+ int rc, flags;
struct dbcache *db;
Datum key, data;
+ struct ldbminfo *li = (struct ldbminfo *) be->be_private;
+
+#ifdef LDBM_USE_DB2
+ memset( &key, 0, sizeof( key ) );
+ memset( &data, 0, sizeof( data ) );
+#endif
Debug( LDAP_DEBUG_TRACE, "=> dn2id_add( \"%s\", %ld )\n", dn, id, 0 );
@@ -41,7 +46,10 @@ dn2id_add(
data.dptr = (char *) &id;
data.dsize = sizeof(ID);
- rc = ldbm_cache_store( db, key, data, LDBM_INSERT );
+ flags = LDBM_INSERT;
+ if ( li->li_flush_wrt ) flags |= LDBM_SYNC;
+
+ rc = ldbm_cache_store( db, key, data, flags );
free( dn );
ldbm_cache_close( be, db );
@@ -58,31 +66,31 @@ dn2id(
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
struct dbcache *db;
- Entry *e;
ID id;
Datum key, data;
- Debug( LDAP_DEBUG_TRACE, "=> dn2id( \"%s\" )\n", dn, 0, 0 );
+#ifdef LDBM_USE_DB2
+ memset( &key, 0, sizeof( key ) );
+ memset( &data, 0, sizeof( data ) );
+#endif
dn = strdup( dn );
+ Debug( LDAP_DEBUG_TRACE, "=> dn2id( \"%s\" )\n", dn, 0, 0 );
dn_normalize_case( dn );
/* first check the cache */
- if ( (e = cache_find_entry_dn( &li->li_cache, dn )) != NULL ) {
- id = e->e_id;
+ if ( (id = cache_find_entry_dn2id( be, &li->li_cache, dn )) != NOID ) {
free( dn );
- Debug( LDAP_DEBUG_TRACE, "<= dn2id %d (in cache)\n", e->e_id,
- 0, 0 );
- cache_return_entry( &li->li_cache, e );
-
+ Debug( LDAP_DEBUG_TRACE, "<= dn2id %d (in cache)\n", id,
+ 0, 0 );
return( id );
}
if ( (db = ldbm_cache_open( be, "dn2id", LDBM_SUFFIX, LDBM_WRCREAT ))
- == NULL ) {
+ == NULL ) {
free( dn );
Debug( LDAP_DEBUG_ANY, "<= dn2id could not open dn2id%s\n",
- LDBM_SUFFIX, 0, 0 );
+ LDBM_SUFFIX, 0, 0 );
return( NOID );
}
@@ -118,6 +126,10 @@ dn2id_delete(
Datum key;
int rc;
+#ifdef LDBM_USE_DB2
+ memset( &key, 0, sizeof( key ) );
+#endif
+
Debug( LDAP_DEBUG_TRACE, "=> dn2id_delete( \"%s\" )\n", dn, 0, 0 );
if ( (db = ldbm_cache_open( be, "dn2id", LDBM_SUFFIX, LDBM_WRCREAT ))
@@ -145,11 +157,12 @@ dn2id_delete(
* entry.
*/
-Entry *
+static Entry *
dn2entry(
Backend *be,
char *dn,
- char **matched
+ char **matched,
+ int rw
)
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
@@ -157,8 +170,12 @@ dn2entry(
Entry *e;
char *pdn;
- if ( (id = dn2id( be, dn )) != NOID && (e = id2entry( be, id ))
- != NULL ) {
+ Debug(LDAP_DEBUG_TRACE, "dn2entry_%s: dn: %s\n",
+ rw ? "w" : "r", dn, 0);
+
+ if ( (id = dn2id( be, dn )) != NOID &&
+ (e = id2entry( be, id, rw )) != NULL )
+ {
return( e );
}
*matched = NULL;
@@ -170,9 +187,11 @@ dn2entry(
/* entry does not exist - see how much of the dn does exist */
if ( (pdn = dn_parent( be, dn )) != NULL ) {
- if ( (e = dn2entry( be, pdn, matched )) != NULL ) {
+ /* get entry with reader lock */
+ if ( (e = dn2entry_r( be, pdn, matched )) != NULL ) {
*matched = pdn;
- cache_return_entry( &li->li_cache, e );
+ /* free entry with reader lock */
+ cache_return_entry_r( &li->li_cache, e );
} else {
free( pdn );
}
@@ -180,3 +199,39 @@ dn2entry(
return( NULL );
}
+
+#if 0
+ if (e->e_state == ENTRY_STATE_DELETED)
+ continue;
+
+ if (strcmp(dn, e->e_dn) != 0)
+ continue;
+
+ /* return locked entry entry */
+ return(e);
+ }
+}
+#endif
+
+Entry *
+dn2entry_r(
+ Backend *be,
+ char *dn,
+ char **matched
+)
+{
+ return( dn2entry( be, dn, matched, 0 ) );
+}
+
+Entry *
+dn2entry_w(
+ Backend *be,
+ char *dn,
+ char **matched
+)
+{
+ return( dn2entry( be, dn, matched, 1 ) );
+}
+
+
+
diff --git a/servers/slapd/back-ldbm/group.c b/servers/slapd/back-ldbm/group.c
new file mode 100644
index 0000000000000000000000000000000000000000..8ada479ea47eaa5a4b1cd40f4b8f0f23a46577fb
--- /dev/null
+++ b/servers/slapd/back-ldbm/group.c
@@ -0,0 +1,91 @@
+/* compare.c - ldbm backend compare routine */
+
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include "slap.h"
+#include "back-ldbm.h"
+#include "proto-back-ldbm.h"
+
+extern Attribute *attr_find();
+
+
+#ifdef ACLGROUP
+/* return 0 IFF edn is a value in uniqueMember attribute
+ * of entry with bdn AND that entry has an objectClass
+ * value of groupOfUniqueNames
+ */
+int
+ldbm_back_group(
+ Backend *be,
+ char *bdn,
+ char *edn
+)
+{
+ struct ldbminfo *li = (struct ldbminfo *) be->be_private;
+ Entry *e;
+ char *matched;
+ Attribute *objectClass;
+ Attribute *uniqueMember;
+ int rc;
+
+ Debug( LDAP_DEBUG_TRACE, "=> ldbm_back_group: bdn: %s\n", bdn, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, "=> ldbm_back_group: edn: %s\n", edn, 0, 0 );
+
+ /* can we find bdn entry with reader lock */
+ if ((e = dn2entry_r(be, bdn, &matched )) == NULL) {
+ Debug( LDAP_DEBUG_TRACE, "=> ldbm_back_group: cannot find bdn: %s matched: %x\n", bdn, matched, 0 );
+ if (matched != NULL)
+ free(matched);
+ return( 1 );
+ }
+ Debug( LDAP_DEBUG_ARGS, "=> ldbm_back_group: found bdn: %s matched: %x\n", bdn, matched, 0 );
+
+ /* check for deleted */
+
+ /* find it's objectClass and uniqueMember attribute values
+ * make sure this is a group entry
+ * finally test if we can find edn in the uniqueMember attribute value list *
+ */
+
+ rc = 1;
+ if ((objectClass = attr_find(e->e_attrs, "objectclass")) == NULL) {
+ Debug( LDAP_DEBUG_TRACE, "<= ldbm_back_group: failed to find objectClass\n", 0, 0, 0 );
+ }
+ else if ((uniqueMember = attr_find(e->e_attrs, "uniquemember")) == NULL) {
+ Debug( LDAP_DEBUG_TRACE, "<= ldbm_back_group: failed to find uniqueMember\n", 0, 0, 0 );
+ }
+ else {
+ struct berval bvObjectClass;
+ struct berval bvUniqueMembers;
+
+ Debug( LDAP_DEBUG_ARGS, "<= ldbm_back_group: found objectClass and uniqueMembers\n", 0, 0, 0 );
+
+ bvObjectClass.bv_val = "groupofuniquenames";
+ bvObjectClass.bv_len = strlen( bvObjectClass.bv_val );
+ bvUniqueMembers.bv_val = edn;
+ bvUniqueMembers.bv_len = strlen( edn );
+
+ if (value_find(objectClass->a_vals, &bvObjectClass, SYNTAX_CIS, 1) != 0) {
+ Debug( LDAP_DEBUG_TRACE, "<= ldbm_back_group: failed to find objectClass in groupOfUniqueNames\n",
+ 0, 0, 0 );
+ }
+ else if (value_find(uniqueMember->a_vals, &bvUniqueMembers, SYNTAX_CIS, 1) != 0) {
+ Debug( LDAP_DEBUG_ACL, "<= ldbm_back_group: %s not in %s: groupOfUniqueNames\n",
+ edn, bdn, 0 );
+ }
+ else {
+ Debug( LDAP_DEBUG_ACL, "<= ldbm_back_group: %s is in %s: groupOfUniqueNames\n",
+ edn, bdn, 0 );
+ rc = 0;
+ }
+ }
+
+ /* free entry and reader lock */
+ cache_return_entry_r( &li->li_cache, e );
+ Debug( LDAP_DEBUG_ARGS, "ldbm_back_group: rc: %d\n", rc, 0, 0 );
+ return(rc);
+}
+#endif
+
diff --git a/servers/slapd/back-ldbm/id2entry.c b/servers/slapd/back-ldbm/id2entry.c
index fbda3c9952a9461766d2f4024e072054ca61530a..38522cb54ac392dba04f87fecc86bf6d7748eba1 100644
--- a/servers/slapd/back-ldbm/id2entry.c
+++ b/servers/slapd/back-ldbm/id2entry.c
@@ -10,7 +10,6 @@ extern struct dbcache *ldbm_cache_open();
extern Datum ldbm_cache_fetch();
extern char *dn_parent();
extern Entry *str2entry();
-extern Entry *cache_find_entry_id();
extern char *entry2str();
extern pthread_mutex_t entry2str_mutex;
@@ -20,7 +19,12 @@ id2entry_add( Backend *be, Entry *e )
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
struct dbcache *db;
Datum key, data;
- int len, rc;
+ int len, rc, flags;
+
+#ifdef LDBM_USE_DB2
+ memset( &key, 0, sizeof( key ) );
+ memset( &data, 0, sizeof( data ) );
+#endif
Debug( LDAP_DEBUG_TRACE, "=> id2entry_add( %d, \"%s\" )\n", e->e_id,
e->e_dn, 0 );
@@ -39,8 +43,10 @@ id2entry_add( Backend *be, Entry *e )
data.dptr = entry2str( e, &len, 1 );
data.dsize = len + 1;
- /* store it - LDBM_SYNC ensures id2entry is always consistent */
- rc = ldbm_cache_store( db, key, data, LDBM_REPLACE|LDBM_SYNC );
+ /* store it */
+ flags = LDBM_REPLACE;
+ if ( li->li_flush_wrt ) flags != LDBM_SYNC;
+ rc = ldbm_cache_store( db, key, data, flags );
pthread_mutex_unlock( &entry2str_mutex );
@@ -48,6 +54,8 @@ id2entry_add( Backend *be, Entry *e )
(void) cache_add_entry_lock( &li->li_cache, e, 0 );
Debug( LDAP_DEBUG_TRACE, "<= id2entry_add %d\n", rc, 0, 0 );
+
+ /* XXX should entries be born locked, i.e. apply writer lock here? */
return( rc );
}
@@ -62,8 +70,20 @@ id2entry_delete( Backend *be, Entry *e )
Debug( LDAP_DEBUG_TRACE, "=> id2entry_delete( %d, \"%s\" )\n", e->e_id,
e->e_dn, 0 );
+ /* XXX - check for writer lock - should also check no reader pending */
+ assert(pthread_rdwr_wchk_np(&e->e_rdwr));
+
+#ifdef LDBM_USE_DB2
+ memset( &key, 0, sizeof( key ) );
+#endif
+
+ /* XXX - check for writer lock - should also check no reader pending */
+ Debug (LDAP_DEBUG_TRACE,
+ "rdwr_Xchk: readers_reading: %d writer_writing: %d\n",
+ e->e_rdwr.readers_reading, e->e_rdwr.writer_writing, 0);
+
if ( (db = ldbm_cache_open( be, "id2entry", LDBM_SUFFIX, LDBM_WRCREAT ))
- == NULL ) {
+ == NULL ) {
Debug( LDAP_DEBUG_ANY, "Could not open/create id2entry%s\n",
LDBM_SUFFIX, 0, 0 );
return( -1 );
@@ -85,24 +105,31 @@ id2entry_delete( Backend *be, Entry *e )
return( rc );
}
+/* XXX returns entry with reader/writer lock */
Entry *
-id2entry( Backend *be, ID id )
+id2entry( Backend *be, ID id, int rw )
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
struct dbcache *db;
Datum key, data;
Entry *e;
- Debug( LDAP_DEBUG_TRACE, "=> id2entry( %ld )\n", id, 0, 0 );
+#ifdef LDBM_USE_DB2
+ memset( &key, 0, sizeof( key ) );
+ memset( &data, 0, sizeof( data ) );
+#endif
+
+ Debug( LDAP_DEBUG_TRACE, "=> id2entry_%s( %ld )\n",
+ rw ? "w" : "r", id, 0 );
- if ( (e = cache_find_entry_id( &li->li_cache, id )) != NULL ) {
- Debug( LDAP_DEBUG_TRACE, "<= id2entry 0x%x (cache)\n", e, 0,
- 0 );
+ if ( (e = cache_find_entry_id( &li->li_cache, id, rw )) != NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "<= id2entry_%s 0x%x (cache)\n",
+ rw ? "w" : "r", e, 0 );
return( e );
}
if ( (db = ldbm_cache_open( be, "id2entry", LDBM_SUFFIX, LDBM_WRCREAT ))
- == NULL ) {
+ == NULL ) {
Debug( LDAP_DEBUG_ANY, "Could not open id2entry%s\n",
LDBM_SUFFIX, 0, 0 );
return( NULL );
@@ -114,20 +141,47 @@ id2entry( Backend *be, ID id )
data = ldbm_cache_fetch( db, key );
if ( data.dptr == NULL ) {
- Debug( LDAP_DEBUG_TRACE, "<= id2entry( %ld ) not found\n", id,
- 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, "<= id2entry_%s( %ld ) not found\n",
+ rw ? "w" : "r", id, 0 );
ldbm_cache_close( be, db );
return( NULL );
}
- if ( (e = str2entry( data.dptr )) != NULL ) {
- e->e_id = id;
- (void) cache_add_entry_lock( &li->li_cache, e, 0 );
- }
+ e = str2entry( data.dptr );
ldbm_datum_free( db->dbc_db, data );
ldbm_cache_close( be, db );
- Debug( LDAP_DEBUG_TRACE, "<= id2entry( %ld ) 0x%x (disk)\n", id, e, 0 );
+ if ( e == NULL ) {
+ Debug( LDAP_DEBUG_TRACE, "<= id2entry_%s( %ld ) (failed)\n",
+ rw ? "w" : "r", id, 0 );
+ return( NULL );
+ }
+
+ /* acquire required reader/writer lock */
+ if (entry_rdwr_lock(e, rw)) {
+ /* XXX set DELETE flag?? */
+ entry_free(e);
+ return(NULL);
+ }
+
+ e->e_id = id;
+ (void) cache_add_entry_lock( &li->li_cache, e, 0 );
+
+ Debug( LDAP_DEBUG_TRACE, "<= id2entry_%s( %ld ) (disk)\n",
+ rw ? "w" : "r", id, 0 );
return( e );
}
+
+Entry *
+id2entry_r( Backend *be, ID id )
+{
+ return( id2entry( be, id, 0 ) );
+}
+
+Entry *
+id2entry_2( Backend *be, ID id )
+{
+ return( id2entry( be, id, 1 ) );
+}
+
diff --git a/servers/slapd/back-ldbm/kerberos.c b/servers/slapd/back-ldbm/kerberos.c
index d22553c6590591c37486a1205e9a19042d8ee7fe..d07138bed7f6fd5747087fedab09e40914328fd6 100644
--- a/servers/slapd/back-ldbm/kerberos.c
+++ b/servers/slapd/back-ldbm/kerberos.c
@@ -8,12 +8,15 @@
#include "back-ldbm.h"
#ifdef KERBEROS
-#include "krb.h"
+#ifdef KERBEROS_V
+#include <kerberosIV/krb.h>
+#else
+#include <krb.h>
+#endif /* KERBEROS_V */
#define LDAP_KRB_PRINCIPAL "ldapserver"
extern char *ldap_srvtab;
-extern Entry *dn2entry();
extern Attribute *attr_find();
krbv4_ldap_auth(
diff --git a/servers/slapd/back-ldbm/modify.c b/servers/slapd/back-ldbm/modify.c
index 3fa6c61a92cc317e3294b906f70ecaeac9c10002..df9414673648bb609383319d89d8c3ae97c2dfee 100644
--- a/servers/slapd/back-ldbm/modify.c
+++ b/servers/slapd/back-ldbm/modify.c
@@ -6,9 +6,9 @@
#include <sys/socket.h>
#include "slap.h"
#include "back-ldbm.h"
+#include "proto-back-ldbm.h"
extern int global_schemacheck;
-extern Entry *dn2entry();
extern Attribute *attr_find();
static int add_values();
@@ -30,7 +30,9 @@ ldbm_back_modify(
int i, err, modtype;
LDAPMod *mod;
- if ( (e = dn2entry( be, dn, &matched )) == NULL ) {
+ Debug(LDAP_DEBUG_ARGS, "ldbm_back_modify:\n", 0, 0, 0);
+
+ if ( (e = dn2entry_w( be, dn, &matched )) == NULL ) {
send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT, matched,
NULL );
if ( matched != NULL ) {
@@ -38,12 +40,14 @@ ldbm_back_modify(
}
return( -1 );
}
+
+ /* check for deleted */
+
/* lock entry */
if ( (err = acl_check_mods( be, conn, op, e, mods )) != LDAP_SUCCESS ) {
send_ldap_result( conn, op, err, NULL, NULL );
- cache_return_entry( &li->li_cache, e );
- return( -1 );
+ goto error_return;
}
for ( mod = mods; mod != NULL; mod = mod->mod_next ) {
@@ -64,55 +68,52 @@ ldbm_back_modify(
if ( err != LDAP_SUCCESS ) {
/* unlock entry, delete from cache */
send_ldap_result( conn, op, err, NULL, NULL );
- cache_return_entry( &li->li_cache, e );
- return( -1 );
+ goto error_return;
}
}
+ /* check that the entry still obeys the schema */
+ if ( global_schemacheck && oc_schema_check( e ) != 0 ) {
+ Debug( LDAP_DEBUG_ANY, "entry failed schema check\n", 0, 0, 0 );
+ send_ldap_result( conn, op, LDAP_OBJECT_CLASS_VIOLATION, NULL, NULL );
+ goto error_return;
+ }
+
/* check for abandon */
pthread_mutex_lock( &op->o_abandonmutex );
if ( op->o_abandon ) {
pthread_mutex_unlock( &op->o_abandonmutex );
- cache_return_entry( &li->li_cache, e );
- return( -1 );
+ goto error_return;
}
pthread_mutex_unlock( &op->o_abandonmutex );
- /* check that the entry still obeys the schema */
- if ( global_schemacheck && oc_schema_check( e ) != 0 ) {
- send_ldap_result( conn, op, LDAP_OBJECT_CLASS_VIOLATION, NULL,
- NULL );
- cache_return_entry( &li->li_cache, e );
- return( -1 );
- }
-
/* modify indexes */
if ( index_add_mods( be, mods, e->e_id ) != 0 ) {
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL, NULL );
- cache_return_entry( &li->li_cache, e );
- return( -1 );
+ goto error_return;
}
/* check for abandon */
pthread_mutex_lock( &op->o_abandonmutex );
if ( op->o_abandon ) {
pthread_mutex_unlock( &op->o_abandonmutex );
- cache_return_entry( &li->li_cache, e );
- return( -1 );
+ goto error_return;
}
pthread_mutex_unlock( &op->o_abandonmutex );
/* change the entry itself */
if ( id2entry_add( be, e ) != 0 ) {
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL, NULL );
- cache_return_entry( &li->li_cache, e );
- return( -1 );
+ goto error_return;
}
send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL );
- cache_return_entry( &li->li_cache, e );
-
+ cache_return_entry_w( &li->li_cache, e );
return( 0 );
+
+error_return:;
+ cache_return_entry_w( &li->li_cache, e );
+ return( -1 );
}
static int
diff --git a/servers/slapd/back-ldbm/modrdn.c b/servers/slapd/back-ldbm/modrdn.c
index fcd9fcc35a6f6c14ca2444386ed6f2eb48d093fb..26c96709aed041d384cd3dd9a4588f6c5cab1638 100644
--- a/servers/slapd/back-ldbm/modrdn.c
+++ b/servers/slapd/back-ldbm/modrdn.c
@@ -6,8 +6,8 @@
#include <sys/socket.h>
#include "slap.h"
#include "back-ldbm.h"
+#include "proto-back-ldbm.h"
-extern Entry *dn2entry();
extern char *dn_parent();
int
@@ -24,10 +24,12 @@ ldbm_back_modrdn(
char *matched;
char *pdn, *newdn, *p;
char sep[2];
- Entry *e, *e2;
+ Entry *e;
matched = NULL;
- if ( (e = dn2entry( be, dn, &matched )) == NULL ) {
+
+ /* get entry with writer lock */
+ if ( (e = dn2entry_w( be, dn, &matched )) == NULL ) {
send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT, matched, "" );
if ( matched != NULL ) {
free( matched );
@@ -61,17 +63,12 @@ ldbm_back_modrdn(
}
(void) dn_normalize( newdn );
- matched = NULL;
- if ( (e2 = dn2entry( be, newdn, &matched )) != NULL ) {
+ /* get entry with writer lock */
+ if ( (dn2id ( be, newdn ) ) != NOID ) {
free( newdn );
free( pdn );
send_ldap_result( conn, op, LDAP_ALREADY_EXISTS, NULL, NULL );
- cache_return_entry( &li->li_cache, e2 );
- cache_return_entry( &li->li_cache, e );
- return( -1 );
- }
- if ( matched != NULL ) {
- free( matched );
+ goto error_return;
}
/* check for abandon */
@@ -80,9 +77,7 @@ ldbm_back_modrdn(
pthread_mutex_unlock( &op->o_abandonmutex );
free( newdn );
free( pdn );
- cache_return_entry( &li->li_cache, e2 );
- cache_return_entry( &li->li_cache, e );
- return( -1 );
+ goto error_return;
}
pthread_mutex_unlock( &op->o_abandonmutex );
@@ -91,8 +86,7 @@ ldbm_back_modrdn(
free( newdn );
free( pdn );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL, NULL );
- cache_return_entry( &li->li_cache, e );
- return( -1 );
+ goto error_return;
}
/* delete old one */
@@ -100,8 +94,7 @@ ldbm_back_modrdn(
free( newdn );
free( pdn );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL, NULL );
- cache_return_entry( &li->li_cache, e );
- return( -1 );
+ goto error_return;
}
(void) cache_delete_entry( &li->li_cache, e );
@@ -120,13 +113,19 @@ ldbm_back_modrdn(
/* id2entry index */
if ( id2entry_add( be, e ) != 0 ) {
entry_free( e );
-
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, "", "" );
- return( -1 );
+ goto error_return;
}
free( pdn );
- cache_return_entry( &li->li_cache, e );
+
+ /* free entry and writer lock */
+ cache_return_entry_w( &li->li_cache, e );
send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL );
return( 0 );
+
+error_return:
+ /* free entry and writer lock */
+ cache_return_entry_w( &li->li_cache, e );
+ return( -1 );
}
diff --git a/servers/slapd/back-ldbm/proto-back-ldbm.h b/servers/slapd/back-ldbm/proto-back-ldbm.h
index acc69ca33c83c30abd2c4371e85d1d19597539c9..1bc9fdd0e1a686631316c8761af7211a17d1d94d 100644
--- a/servers/slapd/back-ldbm/proto-back-ldbm.h
+++ b/servers/slapd/back-ldbm/proto-back-ldbm.h
@@ -15,10 +15,11 @@ void attr_index_config( struct ldbminfo *li, char *fname, int lineno,
*/
void cache_set_state( struct cache *cache, Entry *e, int state );
-void cache_return_entry( struct cache *cache, Entry *e );
+void cache_return_entry_r( struct cache *cache, Entry *e );
+void cache_return_entry_w( struct cache *cache, Entry *e );
int cache_add_entry_lock( struct cache *cache, Entry *e, int state );
-Entry * cache_find_entry_dn( struct cache *cache, char *dn );
-Entry * cache_find_entry_id( struct cache *cache, ID id );
+ID cache_find_entry_dn2id( Backend *be, struct cache *cache, char *dn );
+Entry * cache_find_entry_id( struct cache *cache, ID id, int rw );
int cache_delete_entry( struct cache *cache, Entry *e );
/*
@@ -40,7 +41,9 @@ int ldbm_cache_delete( struct dbcache *db, Datum key );
int dn2id_add( Backend *be, char *dn, ID id );
ID dn2id( Backend *be, char *dn );
int dn2id_delete( Backend *be, char *dn );
-Entry * dn2entry( Backend *be, char *dn, char **matched );
+/*Entry * dn2entry( Backend *be, char *dn, char **matched );*/
+Entry * dn2entry_r( Backend *be, char *dn, char **matched );
+Entry * dn2entry_w( Backend *be, char *dn, char **matched );
/*
* filterindex.c
@@ -61,7 +64,9 @@ int has_children( Backend *be, Entry *p );
int id2entry_add( Backend *be, Entry *e );
int id2entry_delete( Backend *be, Entry *e );
-Entry * id2entry( Backend *be, ID id );
+Entry * id2entry( Backend *be, ID id, int rw );
+Entry * id2entry_r( Backend *be, ID id );
+Entry * id2entry_w( Backend *be, ID id );
/*
* idl.c
diff --git a/servers/slapd/back-ldbm/search.c b/servers/slapd/back-ldbm/search.c
index 6a53be4f112485ab38b91886aafa8f2f438d941c..19dafe4c017680d060d5da3af5f0a0d04d1c0c77 100644
--- a/servers/slapd/back-ldbm/search.c
+++ b/servers/slapd/back-ldbm/search.c
@@ -6,14 +6,12 @@
#include <sys/socket.h>
#include "slap.h"
#include "back-ldbm.h"
+#include "proto-back-ldbm.h"
extern time_t currenttime;
extern pthread_mutex_t currenttime_mutex;
-extern ID dn2id();
extern IDList *idl_alloc();
-extern Entry *id2entry();
-extern Entry *dn2entry();
extern Attribute *attr_find();
extern IDList *filter_candidates();
extern char *ch_realloc();
@@ -62,6 +60,8 @@ ldbm_back_search(
char *rbuf, *rcur, *r;
int nentries = 0;
+ Debug(LDAP_DEBUG_ARGS, "=> ldbm_back_search\n", 0, 0, 0);
+
if ( tlimit == 0 && be_isroot( be, op->o_dn ) ) {
tlimit = -1; /* allow root to set no limit */
} else {
@@ -139,10 +139,9 @@ ldbm_back_search(
}
pthread_mutex_unlock( ¤ttime_mutex );
- /* get the entry */
- if ( (e = id2entry( be, id )) == NULL ) {
- Debug( LDAP_DEBUG_ARGS, "candidate %d not found\n", id,
- 0, 0 );
+ /* get the entry with reader lock */
+ if ( (e = id2entry_r( be, id )) == NULL ) {
+ Debug( LDAP_DEBUG_ARGS, "candidate %d not found\n", id, 0, 0 );
continue;
}
@@ -152,14 +151,14 @@ ldbm_back_search(
* here since it's only a candidate anyway.
*/
if ( e->e_dn != NULL && strncasecmp( e->e_dn, "ref=", 4 )
- == 0 && (ref = attr_find( e->e_attrs, "ref" )) != NULL &&
- scope == LDAP_SCOPE_SUBTREE )
+ == 0 && (ref = attr_find( e->e_attrs, "ref" )) != NULL &&
+ scope == LDAP_SCOPE_SUBTREE )
{
int i, len;
if ( ref->a_vals == NULL ) {
Debug( LDAP_DEBUG_ANY, "null ref in (%s)\n", 0,
- 0, 0 );
+ 0, 0 );
} else {
for ( i = 0; ref->a_vals[i] != NULL; i++ ) {
/* referral + newline + null */
@@ -200,7 +199,7 @@ ldbm_back_search(
if ( scopeok ) {
/* check size limit */
if ( --slimit == -1 ) {
- cache_return_entry( &li->li_cache, e );
+ cache_return_entry_r( &li->li_cache, e );
send_ldap_search_result( conn, op,
LDAP_SIZELIMIT_EXCEEDED, NULL,
nrefs > 0 ? rbuf : NULL, nentries );
@@ -217,7 +216,7 @@ ldbm_back_search(
case 1: /* entry not sent */
break;
case -1: /* connection closed */
- cache_return_entry( &li->li_cache, e );
+ cache_return_entry_r( &li->li_cache, e );
idl_free( candidates );
free( rbuf );
return( 0 );
@@ -226,7 +225,10 @@ ldbm_back_search(
}
}
- cache_return_entry( &li->li_cache, e );
+ if( e == NULL ) {
+ /* free reader lock */
+ cache_return_entry_r( &li->li_cache, e );
+ }
pthread_yield();
}
@@ -262,16 +264,24 @@ base_candidates(
IDList *idl;
Entry *e;
+ Debug(LDAP_DEBUG_TRACE, "base_candidates: base: %s\n", base, 0, 0);
+
*err = LDAP_SUCCESS;
- if ( (e = dn2entry( be, base, matched )) == NULL ) {
+
+ /* get entry with reader lock */
+ if ( (e = dn2entry_r( be, base, matched )) == NULL ) {
*err = LDAP_NO_SUCH_OBJECT;
return( NULL );
}
+ /* check for deleted */
+
idl = idl_alloc( 1 );
idl_insert( &idl, e->e_id, 1 );
- cache_return_entry( &li->li_cache, e );
+
+ /* free reader lock */
+ cache_return_entry_r( &li->li_cache, e );
return( idl );
}
@@ -295,11 +305,14 @@ onelevel_candidates(
char buf[20];
IDList *candidates;
+ Debug(LDAP_DEBUG_TRACE, "onelevel_candidates: base: %s\n", base, 0, 0);
+
*err = LDAP_SUCCESS;
e = NULL;
- /* get the base object */
- if ( base != NULL && *base != '\0' && (e = dn2entry( be, base,
- matched )) == NULL ) {
+ /* get the base object with reader lock */
+ if ( base != NULL && *base != '\0' &&
+ (e = dn2entry_r( be, base, matched )) == NULL )
+ {
*err = LDAP_NO_SUCH_OBJECT;
return( NULL );
}
@@ -329,6 +342,8 @@ onelevel_candidates(
f->f_and->f_next = NULL;
filter_free( f );
+ /* free entry and reader lock */
+ cache_return_entry_r( &li->li_cache, e );
return( candidates );
}
@@ -351,6 +366,9 @@ subtree_candidates(
Filter *f;
IDList *candidates;
+ Debug(LDAP_DEBUG_TRACE, "subtree_candidates: base: %s\n",
+ base ? base : "NULL", 0, 0);
+
/*
* get the base object - unless we already have it (from one-level).
* also, unless this is a one-level search or a subtree search
@@ -365,20 +383,26 @@ subtree_candidates(
*err = LDAP_SUCCESS;
f = NULL;
if ( lookupbase ) {
- if ( base != NULL && *base != '\0' && (e = dn2entry( be, base,
- matched )) == NULL ) {
+ if ( base != NULL && *base != '\0' &&
+ (e = dn2entry_r( be, base, matched )) == NULL )
+ {
*err = LDAP_NO_SUCH_OBJECT;
return( NULL );
}
+ if (e) {
+ cache_return_entry_r( &li->li_cache, e );
+ }
+
f = (Filter *) ch_malloc( sizeof(Filter) );
f->f_next = NULL;
f->f_choice = LDAP_FILTER_OR;
f->f_or = (Filter *) ch_malloc( sizeof(Filter) );
f->f_or->f_choice = LDAP_FILTER_EQUALITY;
f->f_or->f_avtype = strdup( "objectclass" );
- f->f_or->f_avvalue.bv_val = strdup( "referral" );
- f->f_or->f_avvalue.bv_len = strlen( "referral" );
+ /* Patch to use normalized uppercase */
+ f->f_or->f_avvalue.bv_val = strdup( "REFERRAL" );
+ f->f_or->f_avvalue.bv_len = strlen( "REFERRAL" );
f->f_or->f_next = filter;
filter = f;
@@ -406,9 +430,5 @@ subtree_candidates(
filter_free( f );
}
- if ( e != NULL ) {
- cache_return_entry( &li->li_cache, e );
- }
-
return( candidates );
}
diff --git a/servers/slapd/configinfo.c b/servers/slapd/configinfo.c
index 5599193006cdf4a53cdc6f32354036aaf5ad9d4c..c1719efde8a5d300bfdee1b767756a92e5d9bfef 100644
--- a/servers/slapd/configinfo.c
+++ b/servers/slapd/configinfo.c
@@ -40,6 +40,9 @@ config_info( Connection *conn, Operation *op )
vals[1] = NULL;
e = (Entry *) ch_calloc( 1, sizeof(Entry) );
+ /* initialize reader/writer lock */
+ entry_rdwr_init(e);
+
e->e_attrs = NULL;
e->e_dn = strdup( SLAPD_CONFIG_DN );
diff --git a/servers/slapd/daemon.c b/servers/slapd/daemon.c
index 59c1d2eaf93d1363fb6f18c66fdf7b31e9f47241..c15c58b24a4c89aba1e42001fc11b9ace951f251 100644
--- a/servers/slapd/daemon.c
+++ b/servers/slapd/daemon.c
@@ -198,6 +198,9 @@ slapd_daemon(
FD_ZERO( &readfds );
FD_SET( tcps, &readfds );
+ zero.tv_sec = 0;
+ zero.tv_usec = 0;
+
pthread_mutex_lock( &active_threads_mutex );
Debug( LDAP_DEBUG_CONNS,
"listening for connections on %d, activity on:",
@@ -218,8 +221,6 @@ slapd_daemon(
Debug( LDAP_DEBUG_CONNS, "\n", 0, 0, 0 );
pthread_mutex_unlock( &new_conn_mutex );
- zero.tv_sec = 0;
- zero.tv_usec = 0;
Debug( LDAP_DEBUG_CONNS, "before select active_threads %d\n",
active_threads, 0, 0 );
#if defined(THREAD_PREEMPTIVE) || defined(NO_THREADS)
diff --git a/servers/slapd/entry.c b/servers/slapd/entry.c
index d5ee966b570ad152344a50176022a9083e5173df..72ef4b168452dac77cf2d763c1ad4dbe3bfd487b 100644
--- a/servers/slapd/entry.c
+++ b/servers/slapd/entry.c
@@ -43,9 +43,12 @@ str2entry( char *s )
* or newline.
*/
- Debug( LDAP_DEBUG_TRACE, "=> str2entry\n", s, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, "=> str2entry\n",
+ s ? s : "NULL", 0, 0 );
e = (Entry *) ch_calloc( 1, sizeof(Entry) );
+ /* initialize reader/writer lock */
+ entry_rdwr_init(e);
/* check to see if there's an id included */
next = s;
@@ -112,6 +115,7 @@ str2entry( char *s )
}
Debug( LDAP_DEBUG_TRACE, "<= str2entry 0x%x\n", e, 0, 0 );
+
return( e );
}
@@ -187,6 +191,10 @@ entry_free( Entry *e )
int i;
Attribute *a, *next;
+ /* XXX check that no reader/writer locks exist */
+ assert( !pthread_rdwr_wchk_np(&e->e_rdwr) &&
+ !pthread_rdwr_rchk_np(&e->e_rdwr) );
+
if ( e->e_dn != NULL ) {
free( e->e_dn );
}
@@ -196,3 +204,56 @@ entry_free( Entry *e )
}
free( e );
}
+
+int
+entry_rdwr_lock(Entry *e, int rw)
+{
+ Debug( LDAP_DEBUG_ARGS, "entry_rdwr_%slock: ID: %ld\n",
+ rw ? "w" : "r", e->e_id, 0);
+ if (rw)
+ return pthread_rdwr_wlock_np(&e->e_rdwr);
+ else
+ return pthread_rdwr_rlock_np(&e->e_rdwr);
+}
+
+int
+entry_rdwr_rlock(Entry *e)
+{
+ return entry_rdwr_lock( e, 0 );
+}
+
+int
+entry_rdwr_wlock(Entry *e)
+{
+ return entry_rdwr_lock( e, 1 );
+}
+
+int
+entry_rdwr_unlock(Entry *e, int rw)
+{
+ Debug( LDAP_DEBUG_ARGS, "entry_rdwr_%sunlock: ID: %ld\n",
+ rw ? "w" : "r", e->e_id, 0);
+ if (rw)
+ return pthread_rdwr_wunlock_np(&e->e_rdwr);
+ else
+ return pthread_rdwr_runlock_np(&e->e_rdwr);
+}
+
+int
+entry_rdwr_runlock(Entry *e)
+{
+ return entry_rdwr_unlock( e, 0 );
+}
+
+int
+entry_rdwr_wunlock(Entry *e)
+{
+ return entry_rdwr_unlock( e, 1 );
+}
+
+int
+entry_rdwr_init(Entry *e)
+{
+ return pthread_rdwr_init_np(&e->e_rdwr, NULL);
+}
+
diff --git a/servers/slapd/modify.c b/servers/slapd/modify.c
index 6575fe36adbd7a434c772d6ab328acd9fc51ad77..dd7689cfaf9bc23f031ea5607917c4211d62fe6e 100644
--- a/servers/slapd/modify.c
+++ b/servers/slapd/modify.c
@@ -155,14 +155,14 @@ do_modify(
*/
if ( be->be_modify != NULL ) {
/* do the update here */
- if ( be->be_updatedn == NULL || strcasecmp( be->be_updatedn,
- op->o_dn ) == 0 ) {
- if ( (be->be_lastmod == ON || be->be_lastmod == 0 &&
- global_lastmod == ON) && be->be_updatedn == NULL ) {
+ if ( be->be_updatedn == NULL ||
+ strcasecmp( be->be_updatedn, op->o_dn ) == 0 ) {
+
+ if ( (be->be_lastmod == ON || ( be->be_lastmod == UNDEFINED &&
+ global_lastmod == ON ) ) && be->be_updatedn == NULL ) {
add_lastmods( op, &mods );
}
- if ( (*be->be_modify)( be, conn, op, odn, mods )
- == 0 ) {
+ if ( (*be->be_modify)( be, conn, op, odn, mods ) == 0 ) {
replog( be, LDAP_REQ_MODIFY, dn, mods, 0 );
}
@@ -200,7 +200,7 @@ modlist_free(
static void
add_lastmods( Operation *op, LDAPMod **mods )
{
- char buf[20];
+ char buf[22];
struct berval bv;
struct berval *bvals[2];
LDAPMod **m;
@@ -214,17 +214,25 @@ add_lastmods( Operation *op, LDAPMod **mods )
/* remove any attempts by the user to modify these attrs */
for ( m = mods; *m != NULL; m = &(*m)->mod_next ) {
- if ( strcasecmp( (*m)->mod_type, "modifytimestamp" ) == 0
- || strcasecmp( (*m)->mod_type, "modifiersname" ) == 0 ) {
- tmp = *m;
- *m = (*m)->mod_next;
- free( tmp->mod_type );
- if ( tmp->mod_bvalues != NULL ) {
- ber_bvecfree( tmp->mod_bvalues );
- }
- free( tmp );
- }
- }
+ if ( strcasecmp( (*m)->mod_type, "modifytimestamp" ) == 0 ||
+ strcasecmp( (*m)->mod_type, "modifiersname" ) == 0 ||
+ strcasecmp( (*m)->mod_type, "createtimestamp" ) == 0 ||
+ strcasecmp( (*m)->mod_type, "creatorsname" ) == 0 ) {
+
+ Debug( LDAP_DEBUG_TRACE,
+ "add_lastmods: found lastmod attr: %s\n",
+ (*m)->mod_type, 0, 0 );
+ tmp = *m;
+ *m = (*m)->mod_next;
+ free( tmp->mod_type );
+ if ( tmp->mod_bvalues != NULL ) {
+ ber_bvecfree( tmp->mod_bvalues );
+ }
+ free( tmp );
+ if (!*m)
+ break;
+ }
+ }
if ( op->o_dn == NULL || op->o_dn[0] == '\0' ) {
bv.bv_val = "NULLDN";
@@ -243,16 +251,19 @@ add_lastmods( Operation *op, LDAPMod **mods )
*mods = tmp;
pthread_mutex_lock( ¤ttime_mutex );
- ltm = localtime( ¤ttime );
- strftime( buf, sizeof(buf), "%y%m%d%H%M%SZ", ltm );
+ ltm = localtime( ¤ttime );
+#ifdef LDAP_Y2K
+ strftime( buf, sizeof(buf), "%Y%m%d%H%M%SZ", ltm );
+#else
+ strftime( buf, sizeof(buf), "%y%m%d%H%M%SZ", ltm );
+#endif
pthread_mutex_unlock( ¤ttime_mutex );
bv.bv_val = buf;
bv.bv_len = strlen( bv.bv_val );
tmp = (LDAPMod *) ch_calloc( 1, sizeof(LDAPMod) );
tmp->mod_type = strdup( "modifytimestamp" );
tmp->mod_op = LDAP_MOD_REPLACE;
- tmp->mod_bvalues = (struct berval **) ch_calloc( 1,
- 2 * sizeof(struct berval *) );
+ tmp->mod_bvalues = (struct berval **) ch_calloc( 1, 2 * sizeof(struct berval *) );
tmp->mod_bvalues[0] = ber_bvdup( &bv );
tmp->mod_next = *mods;
*mods = tmp;
diff --git a/servers/slapd/monitor.c b/servers/slapd/monitor.c
index 7dbabc93772c071c9c180645aa8cbef8b251227f..a7311989ef4fb086ed8541a5d238e74307f941cc 100644
--- a/servers/slapd/monitor.c
+++ b/servers/slapd/monitor.c
@@ -10,8 +10,16 @@
* is provided ``as is'' without express or implied warranty.
*/
+/* Revision history
+ *
+ * 5-Jun-96 jeff.hodges@stanford.edu
+ * Added locking of new_conn_mutex when traversing the c[] array.
+ * Added locking of currenttime_mutex to protect call(s) to localtime().
+ */
+
#include <stdio.h>
#include <string.h>
+#include <time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include "slap.h"
@@ -32,18 +40,16 @@ extern time_t currenttime;
extern time_t starttime;
extern int num_conns;
+extern pthread_mutex_t new_conn_mutex;
+extern pthread_mutex_t currenttime_mutex;
extern char Versionstr[];
-/*
- * no mutex protection in here - take our chances!
- */
-
void
monitor_info( Connection *conn, Operation *op )
{
Entry *e;
- char buf[BUFSIZ], buf2[20];
+ char buf[BUFSIZ], buf2[22];
struct berval val;
struct berval *vals[2];
int i, nconns, nwritewaiters, nreadwaiters;
@@ -54,6 +60,8 @@ monitor_info( Connection *conn, Operation *op )
vals[1] = NULL;
e = (Entry *) ch_calloc( 1, sizeof(Entry) );
+ /* initialize reader/writer lock */
+ entry_rdwr_init(e);
e->e_attrs = NULL;
e->e_dn = strdup( SLAPD_MONITOR_DN );
@@ -73,6 +81,8 @@ monitor_info( Connection *conn, Operation *op )
nconns = 0;
nwritewaiters = 0;
nreadwaiters = 0;
+
+ pthread_mutex_lock( &new_conn_mutex );
for ( i = 0; i < dtblsize; i++ ) {
if ( c[i].c_sb.sb_sd != -1 ) {
nconns++;
@@ -82,8 +92,15 @@ monitor_info( Connection *conn, Operation *op )
if ( c[i].c_gettingber ) {
nreadwaiters++;
}
+ pthread_mutex_lock( ¤ttime_mutex );
ltm = localtime( &c[i].c_starttime );
+#ifdef LDAP_Y2K
+ strftime( buf2, sizeof(buf2), "%Y%m%d%H%M%SZ", ltm );
+#else
strftime( buf2, sizeof(buf2), "%y%m%d%H%M%SZ", ltm );
+#endif
+ pthread_mutex_unlock( ¤ttime_mutex );
+
pthread_mutex_lock( &c[i].c_dnmutex );
sprintf( buf, "%d : %s : %ld : %ld : %s : %s%s", i,
buf2, c[i].c_opsinitiated, c[i].c_opscompleted,
@@ -96,6 +113,8 @@ monitor_info( Connection *conn, Operation *op )
attr_merge( e, "connection", vals );
}
}
+ pthread_mutex_unlock( &new_conn_mutex );
+
sprintf( buf, "%d", nconns );
val.bv_val = buf;
val.bv_len = strlen( buf );
@@ -141,14 +160,26 @@ monitor_info( Connection *conn, Operation *op )
val.bv_len = strlen( buf );
attr_merge( e, "bytessent", vals );
- ltm = localtime( ¤ttime );
- strftime( buf, sizeof(buf), "%y%m%d%H%M%SZ", ltm );
+ pthread_mutex_lock( ¤ttime_mutex );
+ ltm = localtime( ¤ttime );
+#ifdef LDAP_Y2K
+ strftime( buf, sizeof(buf), "%Y%m%d%H%M%SZ", ltm );
+#else
+ strftime( buf, sizeof(buf), "%y%m%d%H%M%SZ", ltm );
+#endif
+ pthread_mutex_unlock( ¤ttime_mutex );
val.bv_val = buf;
val.bv_len = strlen( buf );
attr_merge( e, "currenttime", vals );
- ltm = localtime( &starttime );
- strftime( buf, sizeof(buf), "%y%m%d%H%M%SZ", ltm );
+ pthread_mutex_lock( ¤ttime_mutex );
+ ltm = localtime( &starttime );
+#ifdef LDAP_Y2K
+ strftime( buf, sizeof(buf), "%Y%m%d%H%M%SZ", ltm );
+#else
+ strftime( buf, sizeof(buf), "%y%m%d%H%M%SZ", ltm );
+#endif
+ pthread_mutex_unlock( ¤ttime_mutex );
val.bv_val = buf;
val.bv_len = strlen( buf );
attr_merge( e, "starttime", vals );
diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h
index a1ff6e5e755cb202ec1fb25028591eb53c45af47..83e4872d1594aba2b164ec68afde89bd9ee46cc0 100644
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@@ -7,10 +7,13 @@
int access_allowed( Backend *be, Connection *conn, Operation *op, Entry *e,
char *attr, struct berval *val, char *dn, int access );
+
struct acl * acl_get_applicable( Backend *be, Operation *op, Entry *e,
- char *attr );
+ char *attr, char *edn, int nmatches, regmatch_t *matches );
int acl_access_allowed( struct acl *a, Backend *be, Connection *conn, Entry *e,
- struct berval *val, Operation *op, int access );
+ struct berval *val, Operation *op, int access, char *edn,
+ regmatch_t *matches );
+
int acl_check_mods( Backend *be, Connection *conn, Operation *op, Entry *e,
LDAPMod *mods );
@@ -104,6 +107,14 @@ Entry * str2entry( char *s );
char * entry2str( Entry *e, int *len, int printid );
void entry_free( Entry *e );
+int entry_rdwr_lock( Entry *e, int rw );
+int entry_rdwr_rlock( Entry *e );
+int entry_rdwr_wlock( Entry *e );
+int entry_rdwr_unlock( Entry *e, int rw );
+int entry_rdwr_runlock( Entry *e );
+int entry_rdwr_wunlock( Entry *e );
+int entry_rdwr_init( Entry *e );
+
/*
* filter.c
*/
diff --git a/servers/slapd/result.c b/servers/slapd/result.c
index cbbf620ada5505deedded7ff8b414a43168b7ab6..620c7ef13c00542c41ca437a374f80d67ca000eb 100644
--- a/servers/slapd/result.c
+++ b/servers/slapd/result.c
@@ -224,8 +224,7 @@ send_search_entry(
Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL,
"ber_alloc" );
- free(edn);
- return( 1 );
+ goto error_return;
}
#ifdef COMPAT30
@@ -244,8 +243,7 @@ send_search_entry(
ber_free( ber, 1 );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL,
"ber_printf dn" );
- free(edn);
- return( 1 );
+ goto error_return;
}
for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
@@ -280,8 +278,7 @@ send_search_entry(
ber_free( ber, 1 );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
NULL, "ber_printf type" );
- free(edn);
- return( 1 );
+ goto error_return;
}
if ( ! attrsonly ) {
@@ -303,8 +300,7 @@ send_search_entry(
send_ldap_result( conn, op,
LDAP_OPERATIONS_ERROR, NULL,
"ber_printf value" );
- free(edn);
- return( 1 );
+ goto error_return;
}
}
}
@@ -314,8 +310,7 @@ send_search_entry(
ber_free( ber, 1 );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
NULL, "ber_printf type end" );
- free(edn);
- return( 1 );
+ goto error_return;
}
}
@@ -393,6 +388,10 @@ send_search_entry(
Debug( LDAP_DEBUG_TRACE, "<= send_search_entry\n", 0, 0, 0 );
return( rc );
+
+error_return:;
+ free(edn);
+ return( 1 );
}
int
diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h
index bf0c9c82970748945a2f863a25cc76ec30779b10..43f1eae8d1e7119572f5705bf74b1450031ab058 100644
--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@@ -6,10 +6,16 @@
#define LDAP_SYSLOG
#include <syslog.h>
+#include <sys/types.h>
+#include <regex.h>
+#undef NDEBUG
+#include <assert.h>
+
#include "avl.h"
#include "lber.h"
#include "ldap.h"
#include "lthread.h"
+#include "lthread_rdwr.h"
#include "ldif.h"
#define DN_DNS 0
@@ -17,6 +23,9 @@
#define ON 1
#define OFF (-1)
+#define UNDEFINED 0
+
+#define MAXREMATCHES 10
/*
* represents an attribute value assertion (i.e., attr=value)
@@ -103,6 +112,9 @@ typedef struct entry {
ID e_id; /* id of this entry - this should */
/* really be private to back-ldbm */
char e_state; /* for the cache */
+
+ pthread_rdwr_t e_rdwr; /* reader/writer lock */
+
#define ENTRY_STATE_DELETED 1
#define ENTRY_STATE_CREATING 2
int e_refcnt; /* # threads ref'ing this entry */
@@ -121,6 +133,11 @@ struct access {
char *a_domainpat;
char *a_dnattr;
long a_access;
+
+#ifdef ACLGROUP
+ char *a_group;
+#endif
+
#define ACL_NONE 0x01
#define ACL_COMPARE 0x02
#define ACL_SEARCH 0x04
@@ -134,6 +151,7 @@ struct access {
struct acl {
/* "to" part: the entries this acl applies to */
Filter *acl_filter;
+ regex_t acl_dnre;
char *acl_dnpat;
char **acl_attrs;
@@ -187,6 +205,10 @@ typedef struct backend {
IFP be_config; /* backend config routine */
IFP be_init; /* backend init routine */
IFP be_close; /* backend close routine */
+
+#ifdef ACLGROUP
+ IFP be_group; /* backend group member test */
+#endif
} Backend;
/*