Commit cd9a9c62 authored by Pierangelo Masarati's avatar Pierangelo Masarati
Browse files

frontend stuff moved into a database structure, essentially to allow overlays...

frontend stuff moved into a database structure, essentially to allow overlays to be processed before database selection; passes all tests (ITS#3080)
parent fa880d42
......@@ -35,7 +35,7 @@ SRCS = main.c globals.c config.c daemon.c \
oidm.c starttls.c index.c sets.c referral.c root_dse.c \
sasl.c module.c mra.c mods.c sl_malloc.c limits.c \
backglue.c operational.c matchedValues.c cancel.c syncrepl.c \
backover.c ctxcsn.c ldapsync.c sessionlog.c \
backover.c ctxcsn.c ldapsync.c sessionlog.c frontend.c \
slapadd.c slapcat.c slapcommon.c slapdn.c slapindex.c \
slappasswd.c slaptest.c slapauth.c slapacl.c \
$(@PLAT@_SRCS)
......@@ -52,7 +52,7 @@ OBJS = main.o globals.o config.o daemon.o \
oidm.o starttls.o index.o sets.o referral.o root_dse.o \
sasl.o module.o mra.o mods.o sl_malloc.o limits.o \
backglue.o operational.o matchedValues.o cancel.o syncrepl.o \
backover.o ctxcsn.o ldapsync.o sessionlog.o \
backover.o ctxcsn.o ldapsync.o sessionlog.o frontend.o \
slapadd.o slapcat.o slapcommon.o slapdn.o slapindex.o \
slappasswd.o slaptest.o slapauth.o slapacl.o \
$(@PLAT@_OBJS)
......
......@@ -112,6 +112,12 @@ do_abandon( Operation *op, SlapReply *rs )
done:
op->orn_msgid = id;
if ( frontendDB->be_abandon ) {
op->o_bd = frontendDB;
frontendDB->be_abandon( op, rs );
}
for ( i = 0; i < nbackends; i++ ) {
op->o_bd = &backends[i];
if( op->o_bd->be_abandon ) op->o_bd->be_abandon( op, rs );
......@@ -129,3 +135,4 @@ done:
#endif
return LDAP_SUCCESS;
}
......@@ -224,7 +224,7 @@ access_allowed_mask(
/*
* FIXME: experimental; use first backend rules
* iff there is no global_acl (ITS#3100) */
if ( global_acl == NULL )
if ( frontendDB->be_acl == NULL )
#endif
{
op->o_bd = be;
......@@ -312,20 +312,20 @@ access_allowed_mask(
#ifdef notdef
/* be is always non-NULL */
/* use global default access if no global acls */
} else if ( be == NULL && global_acl == NULL ) {
} else if ( be == NULL && frontendDB->be_acl == NULL ) {
#ifdef NEW_LOGGING
LDAP_LOG( ACL, DETAIL1,
"access_allowed: global default %s access %s to \"%s\"\n",
access2str( access ),
global_default_access >= access ? "granted" : "denied",
frontendDB->be_dfltaccess >= access ? "granted" : "denied",
op->o_dn.bv_val );
#else
Debug( LDAP_DEBUG_ACL,
"=> access_allowed: global default %s access %s to \"%s\"\n",
access2str( access ),
global_default_access >= access ? "granted" : "denied", op->o_dn.bv_val );
frontendDB->be_dfltaccess >= access ? "granted" : "denied", op->o_dn.bv_val );
#endif
ret = global_default_access >= access;
ret = frontendDB->be_dfltaccess >= access;
if ( maskp ) {
int i;
......@@ -496,7 +496,7 @@ acl_get(
if( a == NULL ) {
if( op->o_bd == NULL ) {
a = global_acl;
a = frontendDB->be_acl;
} else {
a = op->o_bd->be_acl;
}
......
......@@ -1573,7 +1573,7 @@ parse_acl(
#endif /* LDAP_DEVEL */
acl_append( &be->be_acl, a );
} else {
acl_append( &global_acl, a );
acl_append( &frontendDB->be_acl, a );
}
}
}
......
......@@ -47,14 +47,13 @@ do_add( Operation *op, SlapReply *rs )
{
BerElement *ber = op->o_ber;
char *last;
struct berval dn = BER_BVNULL;
struct berval dn = BER_BVNULL;
ber_len_t len;
ber_tag_t tag;
Entry *e;
Modifications *modlist = NULL;
Modifications **modtail = &modlist;
Modifications tmp;
int manageDSAit;
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ENTRY, "do_add: conn %d enter\n", op->o_connid,0,0 );
......@@ -197,12 +196,45 @@ do_add( Operation *op, SlapReply *rs )
"root DSE already exists" );
goto done;
} else if ( bvmatch( &e->e_nname, &global_schemandn ) ) {
} else if ( bvmatch( &e->e_nname, &frontendDB->be_schemandn ) ) {
send_ldap_error( op, rs, LDAP_ALREADY_EXISTS,
"subschema subentry already exists" );
goto done;
}
/* temporary; remove if not invoking backend function */
op->ora_e = e;
op->ora_modlist = modlist;
op->o_bd = frontendDB;
rs->sr_err = frontendDB->be_add( op, rs );
if ( rs->sr_err == 0 ) {
e = NULL;
}
done:;
slap_graduate_commit_csn( op );
if( modlist != NULL ) {
slap_mods_free( modlist );
}
if( e != NULL ) {
entry_free( e );
}
op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
return rs->sr_err;
}
int
fe_op_add( Operation *op, SlapReply *rs )
{
int manageDSAit;
Entry *e = op->ora_e;
Modifications *modlist = op->ora_modlist;
Modifications **modtail = &modlist;
manageDSAit = get_manageDSAit( op );
/*
......@@ -241,7 +273,7 @@ do_add( Operation *op, SlapReply *rs )
}
#ifdef LDAP_SLAPI
if ( op->o_pb ) init_add_pblock( op, &dn, e, manageDSAit );
if ( op->o_pb ) init_add_pblock( op, &op->o_req_dn, e, manageDSAit );
#endif /* LDAP_SLAPI */
/*
......@@ -382,18 +414,7 @@ do_add( Operation *op, SlapReply *rs )
if ( op->o_pb ) call_add_postop_plugins( op );
#endif /* LDAP_SLAPI */
done:
slap_graduate_commit_csn( op );
if( modlist != NULL ) {
slap_mods_free( modlist );
}
if( e != NULL ) {
entry_free( e );
}
op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
done:;
return rs->sr_err;
}
......
......@@ -126,8 +126,8 @@ monitor_subsys_database_init(
return( -1 );
}
(void)init_readOnly( mi, e_database, global_restrictops );
(void)init_restrictedOperation( mi, e_database, global_restrictops );
(void)init_readOnly( mi, e_database, frontendDB->be_restrictops );
(void)init_restrictedOperation( mi, e_database, frontendDB->be_restrictops );
e_tmp = NULL;
for ( i = nBackendDB; i--; ) {
......
......@@ -357,6 +357,23 @@ int backend_startup(Backend *be)
return backend_startup_one( be );
}
/* open frontend, if required */
if ( frontendDB->bd_info->bi_db_open ) {
rc = frontendDB->bd_info->bi_db_open( frontendDB );
if ( rc != 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG( BACKEND, CRIT,
"backend_startup: bi_db_open(frontend) failed! (%d)\n",
rc, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY,
"backend_startup: bi_db_open(frontend) failed! (%d)\n",
rc, 0, 0 );
#endif
return rc;
}
}
/* open each backend type */
for( i = 0; i < nBackendInfo; i++ ) {
if( backendInfo[i].bi_nDB == 0) {
......@@ -401,7 +418,7 @@ int backend_startup(Backend *be)
#endif
}
/* append global access controls */
acl_append( &backendDB[i].be_acl, global_acl );
acl_append( &backendDB[i].be_acl, frontendDB->be_acl );
rc = backend_startup_one( &backendDB[i] );
......@@ -485,11 +502,11 @@ int backend_shutdown( Backend *be )
if(rc != 0) {
#ifdef NEW_LOGGING
LDAP_LOG( BACKEND, NOTICE,
"backend_shutdown: bi_close %s failed!\n",
"backend_shutdown: bi_db_close %s failed!\n",
backendDB[i].be_type, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY,
"backend_close: bi_close %s failed!\n",
"backend_close: bi_db_close %s failed!\n",
backendDB[i].be_type, 0, 0 );
#endif
}
......@@ -508,6 +525,22 @@ int backend_shutdown( Backend *be )
}
}
/* close frontend, if required */
if ( frontendDB->bd_info->bi_db_close ) {
rc = frontendDB->bd_info->bi_db_close ( frontendDB );
if ( rc != 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG( BACKEND, CRIT,
"backend_startup: bi_db_close(frontend) failed! (%d)\n",
rc, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY,
"backend_startup: bi_db_close(frontend) failed! (%d)\n",
rc, 0, 0 );
#endif
}
}
return 0;
}
......@@ -529,7 +562,7 @@ int backend_destroy(void)
if ( bd->be_rootndn.bv_val ) free( bd->be_rootndn.bv_val );
if ( bd->be_rootpw.bv_val ) free( bd->be_rootpw.bv_val );
if ( bd->be_context_csn.bv_val ) free( bd->be_context_csn.bv_val );
acl_destroy( bd->be_acl, global_acl );
acl_destroy( bd->be_acl, frontendDB->be_acl );
}
free( backendDB );
......@@ -550,6 +583,18 @@ int backend_destroy(void)
nBackendInfo = 0;
backendInfo = NULL;
/* destroy frontend database */
bd = frontendDB;
if ( bd->bd_info->bi_db_destroy ) {
bd->bd_info->bi_db_destroy( bd );
}
ber_bvarray_free( bd->be_suffix );
ber_bvarray_free( bd->be_nsuffix );
if ( bd->be_rootdn.bv_val ) free( bd->be_rootdn.bv_val );
if ( bd->be_rootndn.bv_val ) free( bd->be_rootndn.bv_val );
if ( bd->be_rootpw.bv_val ) free( bd->be_rootpw.bv_val );
acl_destroy( bd->be_acl, frontendDB->be_acl );
return 0;
}
......@@ -590,12 +635,12 @@ backend_db_init(
be = &backends[nbackends++];
be->bd_info = bi;
be->be_def_limit = deflimit;
be->be_dfltaccess = global_default_access;
be->be_def_limit = frontendDB->be_def_limit;
be->be_dfltaccess = frontendDB->be_dfltaccess;
be->be_restrictops = global_restrictops;
be->be_requires = global_requires;
be->be_ssf_set = global_ssf_set;
be->be_restrictops = frontendDB->be_restrictops;
be->be_requires = frontendDB->be_requires;
be->be_ssf_set = frontendDB->be_ssf_set;
be->be_context_csn.bv_len = 0;
be->be_context_csn.bv_val = NULL;
......@@ -631,6 +676,10 @@ be_db_close( void )
(*backends[i].bd_info->bi_db_close)( &backends[i] );
}
}
if ( frontendDB->bd_info->bi_db_close ) {
(*frontendDB->bd_info->bi_db_close)( frontendDB );
}
}
Backend *
......@@ -949,9 +998,9 @@ backend_check_restrictions(
ssf = &op->o_bd->be_ssf_set;
} else {
restrictops = global_restrictops;
requires = global_requires;
ssf = &global_ssf_set;
restrictops = frontendDB->be_restrictops;
requires = frontendDB->be_requires;
ssf = &frontendDB->be_ssf_set;
}
switch( op->o_tag ) {
......
......@@ -137,8 +137,7 @@ do_bind(
tag = ber_scanf( ber, "m", &op->orb_cred );
} else {
tag = LDAP_TAG_LDAPCRED;
op->orb_cred.bv_val = NULL;
op->orb_cred.bv_len = 0;
BER_BVZERO( &op->orb_cred );
}
if ( tag != LBER_ERROR ) {
......@@ -238,6 +237,38 @@ do_bind(
op->o_conn->c_protocol = version;
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
op->orb_tmp_mech = mech;
op->o_bd = frontendDB;
rs->sr_err = frontendDB->be_bind( op, rs );
cleanup:
if ( rs->sr_err == LDAP_SUCCESS ) {
if ( op->orb_method != LDAP_AUTH_SASL ) {
ber_dupbv( &op->o_conn->c_authmech, &mech );
}
op->o_conn->c_authtype = op->orb_method;
}
op->o_conn->c_sasl_bindop = NULL;
if( op->o_req_dn.bv_val != NULL ) {
slap_sl_free( op->o_req_dn.bv_val, op->o_tmpmemctx );
BER_BVZERO( &op->o_req_dn );
}
if( op->o_req_ndn.bv_val != NULL ) {
slap_sl_free( op->o_req_ndn.bv_val, op->o_tmpmemctx );
BER_BVZERO( &op->o_req_ndn );
}
return rs->sr_err;
}
int
fe_op_bind( Operation *op, SlapReply *rs )
{
struct berval mech = op->orb_tmp_mech;
/* check for inappropriate controls */
if( get_manageDSAit( op ) == SLAP_CRITICAL_CONTROL ) {
send_ldap_error( op, rs,
......@@ -250,14 +281,14 @@ do_bind(
op->o_conn->c_sasl_bindop = op;
if ( op->orb_method == LDAP_AUTH_SASL ) {
if ( version < LDAP_VERSION3 ) {
if ( op->o_protocol < LDAP_VERSION3 ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
"do_bind: conn %d sasl with LDAPv%ld\n",
op->o_connid, (unsigned long)version , 0 );
op->o_connid, (unsigned long)op->o_protocol, 0 );
#else
Debug( LDAP_DEBUG_ANY, "do_bind: sasl with LDAPv%ld\n",
(unsigned long) version, 0, 0 );
(unsigned long)op->o_protocol, 0, 0 );
#endif
send_ldap_discon( op, rs,
LDAP_PROTOCOL_ERROR, "SASL bind requires LDAPv3" );
......@@ -350,8 +381,7 @@ do_bind(
} else {
if ( op->o_conn->c_sasl_bind_mech.bv_val ) {
free( op->o_conn->c_sasl_bind_mech.bv_val );
op->o_conn->c_sasl_bind_mech.bv_val = NULL;
op->o_conn->c_sasl_bind_mech.bv_len = 0;
BER_BVZERO( &op->o_conn->c_sasl_bind_mech );
}
op->o_conn->c_sasl_bind_in_progress = 0;
}
......@@ -367,7 +397,7 @@ do_bind(
*/
if ( pb ) {
slapi_int_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void *)dn.bv_val );
slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void *)op->o_req_dn.bv_val );
slapi_pblock_set( pb, SLAPI_BIND_METHOD, (void *)op->orb_method );
slapi_pblock_set( pb,
SLAPI_BIND_CREDENTIALS, (void *)&op->orb_cred );
......@@ -387,8 +417,7 @@ do_bind(
if ( op->o_conn->c_sasl_bind_mech.bv_val != NULL ) {
free(op->o_conn->c_sasl_bind_mech.bv_val);
op->o_conn->c_sasl_bind_mech.bv_val = NULL;
op->o_conn->c_sasl_bind_mech.bv_len = 0;
BER_BVZERO( &op->o_conn->c_sasl_bind_mech );
}
op->o_conn->c_sasl_bind_in_progress = 0;
......@@ -433,10 +462,10 @@ do_bind(
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, DETAIL1,
"do_bind: conn %d v%d anonymous bind\n",
op->o_connid, version , 0 );
op->o_connid, op->o_protocol, 0 );
#else
Debug( LDAP_DEBUG_TRACE, "do_bind: v%d anonymous bind\n",
version, 0, 0 );
op->o_protocol, 0, 0 );
#endif
goto cleanup;
......@@ -449,11 +478,11 @@ do_bind(
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
"do_bind: conn %d v%d simple bind(%s) disallowed\n",
op->o_connid, version, op->o_req_ndn.bv_val );
op->o_connid, op->o_protocol, op->o_req_ndn.bv_val );
#else
Debug( LDAP_DEBUG_TRACE,
"do_bind: v%d simple bind(%s) disallowed\n",
version, op->o_req_ndn.bv_val, 0 );
op->o_protocol, op->o_req_ndn.bv_val, 0 );
#endif
goto cleanup;
}
......@@ -470,11 +499,11 @@ do_bind(
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, DETAIL1,
"do_bind: conn %d v%d Kerberos V4 (step 1) bind refused\n",
op->o_connid, version , 0 );
op->o_connid, op->o_protocol, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"do_bind: v%d Kerberos V4 (step 1) bind refused\n",
version, 0, 0 );
op->o_protocol, 0, 0 );
#endif
goto cleanup;
}
......@@ -488,11 +517,11 @@ do_bind(
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, DETAIL1,
"do_bind: conn %d v%d Kerberos V4 (step 2) bind refused\n",
op->o_connid, version , 0 );
op->o_connid, op->o_protocol, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"do_bind: v%d Kerberos V4 (step 2) bind refused\n",
version, 0, 0 );
op->o_protocol, 0, 0 );
#endif
goto cleanup;
#endif
......@@ -505,11 +534,11 @@ do_bind(
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO,
"do_bind: conn %ld v%d unknown authentication method (%ld)\n",
op->o_connid, version, op->orb_method );
op->o_connid, op->o_protocol, op->orb_method );
#else
Debug( LDAP_DEBUG_TRACE,
"do_bind: v%d unknown authentication method (%ld)\n",
version, op->orb_method, 0 );
op->o_protocol, op->orb_method, 0 );
#endif
goto cleanup;
}
......@@ -550,7 +579,7 @@ do_bind(
if ( pb ) {
int rc;
slapi_int_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void *)dn.bv_val );
slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void *)op->o_req_dn.bv_val );
slapi_pblock_set( pb, SLAPI_BIND_METHOD, (void *)op->orb_method );
slapi_pblock_set( pb, SLAPI_BIND_CREDENTIALS, (void *)&op->orb_cred );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)(0) );
......@@ -588,13 +617,12 @@ do_bind(
rs->sr_err = LDAP_OTHER;
}
op->orb_edn.bv_val = NULL;
op->orb_edn.bv_len = 0;
BER_BVZERO( &op->orb_edn );
if ( rs->sr_err == LDAP_SUCCESS ) {
slapi_pblock_get( pb, SLAPI_CONN_DN,
(void *)&op->orb_edn.bv_val );
if ( op->orb_edn.bv_val == NULL ) {
if ( BER_BVISNULL( &op->orb_edn ) ) {
if ( rc == 1 ) {
/* No plugins were called; continue. */
break;
......@@ -608,11 +636,9 @@ do_bind(
ber_dupbv(&op->o_conn->c_dn, &op->o_req_dn);
ber_dupbv(&op->o_conn->c_ndn, &op->o_req_ndn);
op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
op->o_req_dn.bv_val = NULL;
op->o_req_dn.bv_len = 0;
BER_BVZERO( &op->o_req_dn );
op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
op->o_req_ndn.bv_val = NULL;
op->o_req_ndn.bv_len = 0;
BER_BVZERO( &op->o_req_ndn );
if ( op->o_conn->c_dn.bv_len != 0 ) {
ber_len_t max = sockbuf_max_incoming_auth;
ber_sockbuf_ctrl( op->o_conn->c_sb,
......@@ -667,11 +693,11 @@ do_bind(
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, DETAIL1,
"do_bind: v%d bind: \"%s\" to \"%s\" \n",
version, op->o_conn->c_dn.bv_val, op->o_conn->c_dn.bv_val );
op->o_protocol, op->o_conn->c_dn.bv_val, op->o_conn->c_dn.bv_val );
#else
Debug( LDAP_DEBUG_TRACE,
"do_bind: v%d bind: \"%s\" to \"%s\"\n",
version, dn.bv_val, op->o_conn->c_dn.bv_val );
op->o_protocol, op->o_req_dn.bv_val, op->o_conn->c_dn.bv_val );
#endif
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
......@@ -704,24 +730,7 @@ do_bind(
}
#endif /* LDAP_SLAPI */
cleanup:
if ( rs->sr_err == LDAP_SUCCESS ) {
if ( op->orb_method != LDAP_AUTH_SASL ) {
ber_dupbv( &op->o_conn->c_authmech, &mech );
}
op->o_conn->c_authtype = op->orb_method;
}
op->o_conn->c_sasl_bindop = NULL;
if( op->o_req_dn.bv_val != NULL ) {
slap_sl_free( op->o_req_dn.bv_val, op->o_tmpmemctx );
op->o_req_dn.bv_val = NULL;
}
if( op->o_req_ndn.bv_val != NULL ) {
slap_sl_free( op->o_req_ndn.bv_val, op->o_tmpmemctx );
op->o_req_ndn.bv_val = NULL;
}
cleanup:;
return rs->sr_err;
}
......@@ -45,12 +45,10 @@ do_compare(
Operation *op,
SlapReply *rs )
{
Entry *entry = NULL;
struct berval dn = BER_BVNULL;
struct berval desc = BER_BVNULL;
struct berval value = BER_BVNULL;
AttributeAssertion ava = { NULL, BER_BVNULL };
int manageDSAit;
ava.aa_desc = NULL;
......@@ -144,6 +142,28 @@ do_compare(
goto cleanup;
}
op->orc_ava = &ava;
op->o_bd = frontendDB;
rs->sr_err = frontendDB->be_compare( op, rs );
cleanup:;
op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
if ( ava.aa_value.bv_val ) {
op->o_tmpfree( ava.aa_value.bv_val, op->o_tmpmemctx );
}
return rs->sr_err;
}
int
fe_op_compare( Operation *op, SlapReply *rs )
{
Entry *entry = NULL;
int manageDSAit;
AttributeAssertion ava = *op->orc_ava;
if( strcasecmp( op->o_req_ndn.bv_val, LDAP_ROOT_DSE ) == 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ARGS,
......@@ -173,7 +193,7 @@ do_compare(
goto cleanup;
}
} else if ( bvmatch( &op->o_req_ndn, &global_schemandn ) ) {