From 1c52b5625a70956ffccdf6978501af5b53169b63 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Wed, 4 Feb 2015 03:53:13 +0000
Subject: [PATCH] ITS#8051 add DN qualifier

---
 doc/man/man5/slapd-sock.5           |  5 +++
 servers/slapd/back-sock/back-sock.h |  2 ++
 servers/slapd/back-sock/config.c    | 50 +++++++++++++++++++++++++++--
 3 files changed, 54 insertions(+), 3 deletions(-)

diff --git a/doc/man/man5/slapd-sock.5 b/doc/man/man5/slapd-sock.5
index 21172e6f38..29a4021101 100644
--- a/doc/man/man5/slapd-sock.5
+++ b/doc/man/man5/slapd-sock.5
@@ -58,6 +58,11 @@ Specify which response types to send to the external program. "result"
 sends just the results of an operation. "search" sends all entries that
 the database returned for a search request. The default is empty
 (no responses are sent).
+.TP
+.B socksuffix	<DN suffix>
+Specify subtrees for which the overlay will act. Only operations on
+DNs matching the specified suffix(es) will be processed. The default
+is empty (all DNs are processed).
 
 .SH PROTOCOL
 The protocol is essentially the same as
diff --git a/servers/slapd/back-sock/back-sock.h b/servers/slapd/back-sock/back-sock.h
index e2c9bb18d3..183a466180 100644
--- a/servers/slapd/back-sock/back-sock.h
+++ b/servers/slapd/back-sock/back-sock.h
@@ -30,6 +30,8 @@ struct sockinfo {
 	slap_mask_t	si_extensions;
 	slap_mask_t	si_ops;		/* overlay: operations to act on */
 	slap_mask_t	si_resps;	/* overlay: responses to forward */
+	BerVarray	si_suffix;	/* overlay: DN suffixes to match */
+	BerVarray	si_nsuffix;	/* overlay: DN suffixes to match */
 };
 
 #define	SOCK_EXT_BINDDN	1
diff --git a/servers/slapd/back-sock/config.c b/servers/slapd/back-sock/config.c
index 8658b4b2d6..00fb06b072 100644
--- a/servers/slapd/back-sock/config.c
+++ b/servers/slapd/back-sock/config.c
@@ -36,11 +36,12 @@ static slap_response sock_over_response;
 enum {
 	BS_EXT = 1,
 	BS_OPS,
-	BS_RESP
+	BS_RESP,
+	BS_SUFFIX
 };
 
 /* The number of overlay-only config attrs */
-#define NUM_OV_ATTRS	2
+#define NUM_OV_ATTRS	3
 
 static ConfigTable bscfg[] = {
 	{ "sockops", "ops", 2, 0, 0, ARG_MAGIC|BS_OPS,
@@ -53,6 +54,11 @@ static ConfigTable bscfg[] = {
 			"DESC 'Response types to forward' "
 			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString )", NULL, NULL },
+	{ "socksuffix", "DN", 2, 0, 0, ARG_DN|ARG_QUOTE|ARG_MAGIC|BS_SUFFIX,
+		bs_cf_gen, "( OLcfgDbAt:7.5 NAME 'olcOvSocketSuffix' "
+			"DESC 'DN suffixes to match' "
+			"EQUALITY distinguishedNameMatch "
+			"SYNTAX OMsDN )", NULL, NULL },
 
 	{ "socketpath", "pathname", 2, 2, 0, ARG_STRING|ARG_OFFSET,
 		(void *)offsetof(struct sockinfo, si_sockpath),
@@ -86,7 +92,8 @@ static ConfigOCs osocs[] = {
 		"SUP olcOverlayConfig "
 		"MUST olcDbSocketPath "
 		"MAY ( olcDbSocketExtensions $ "
-			" olcOvSocketOps $ olcOvSocketResps ) )",
+			" olcOvSocketOps $ olcOvSocketResps $ "
+			" olcOvSocketSuffix ) )",
 			Cft_Overlay, bscfg },
 	{ NULL, 0, NULL }
 };
@@ -150,6 +157,10 @@ bs_cf_gen( ConfigArgs *c )
 			return mask_to_verbs( ov_ops, si->si_ops, &c->rvalue_vals );
 		case BS_RESP:
 			return mask_to_verbs( ov_resps, si->si_resps, &c->rvalue_vals );
+		case BS_SUFFIX:
+			value_add( &c->rvalue_vals, si->si_suffix );
+			value_add( &c->rvalue_nvals, si->si_nsuffix );
+			return 0;
 		}
 	} else if ( c->op == LDAP_MOD_DELETE ) {
 		switch( c->type ) {
@@ -186,6 +197,23 @@ bs_cf_gen( ConfigArgs *c )
 					si->si_resps ^= dels;
 			}
 			return rc;
+		case BS_SUFFIX:
+			if ( c->valx < 0 ) {
+				ber_bvarray_free( si->si_suffix );
+				ber_bvarray_free( si->si_nsuffix );
+				si->si_suffix = NULL;
+				si->si_nsuffix = NULL;
+			} else {
+				int i = c->valx;
+				ch_free( si->si_suffix[i].bv_val );
+				ch_free( si->si_nsuffix[i].bv_val );
+				do {
+					si->si_suffix[i] = si->si_suffix[i+1];
+					si->si_nsuffix[i] = si->si_nsuffix[i+1];
+					i++;
+				} while ( !BER_BVISNULL( &si->si_suffix[i] ));
+			}
+			return 0;
 		}
 
 	} else {
@@ -196,6 +224,10 @@ bs_cf_gen( ConfigArgs *c )
 			return verbs_to_mask( c->argc, c->argv, ov_ops, &si->si_ops );
 		case BS_RESP:
 			return verbs_to_mask( c->argc, c->argv, ov_resps, &si->si_resps );
+		case BS_SUFFIX:
+			ber_bvarray_add( &si->si_suffix, &c->value_dn );
+			ber_bvarray_add( &si->si_nsuffix, &c->value_ndn );
+			return 0;
 		}
 	}
 	return 1;
@@ -268,6 +300,18 @@ static int sock_over_op(
 	if ( !(si->si_ops & sockopflags[which]))
 		return SLAP_CB_CONTINUE;
 
+	if ( si->si_nsuffix ) {
+		int i, ok = 0;
+		for ( i=0; !BER_BVISNULL( &si->si_nsuffix[i] ); i++ ) {
+			if ( dnIsSuffix( &op->o_req_ndn, &si->si_nsuffix[i] )) {
+				ok = 1;
+				break;
+			}
+		}
+		if ( !ok )
+			return SLAP_CB_CONTINUE;
+	}
+
 	op->o_bd->be_private = si;
 	sc = op->o_callback;
 	op->o_callback = NULL;
-- 
GitLab