Back to index

openldap  2.4.31
database.c
Go to the documentation of this file.
00001 /* database.c - deals with database subsystem */
00002 /* $OpenLDAP$ */
00003 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
00004  *
00005  * Copyright 2001-2012 The OpenLDAP Foundation.
00006  * Portions Copyright 2001-2003 Pierangelo Masarati.
00007  * All rights reserved.
00008  *
00009  * Redistribution and use in source and binary forms, with or without
00010  * modification, are permitted only as authorized by the OpenLDAP
00011  * Public License.
00012  *
00013  * A copy of this license is available in file LICENSE in the
00014  * top-level directory of the distribution or, alternatively, at
00015  * <http://www.OpenLDAP.org/license.html>.
00016  */
00017 /* ACKNOWLEDGEMENTS:
00018  * This work was initially developed by Pierangelo Masarati for inclusion
00019  * in OpenLDAP Software.
00020  */
00021 
00022 #include "portable.h"
00023 
00024 #include <stdio.h>
00025 #include <ac/string.h>
00026 #include <ac/unistd.h>
00027 
00028 #include "slap.h"
00029 #include "back-monitor.h"
00030 
00031 #if defined(LDAP_SLAPI)
00032 #include "slapi.h"
00033 static int monitor_back_add_plugin( monitor_info_t *mi, Backend *be, Entry *e );
00034 #endif /* defined(LDAP_SLAPI) */
00035 
00036 static int
00037 monitor_subsys_database_modify(
00038        Operation     *op,
00039        SlapReply     *rs,
00040        Entry         *e );
00041 
00042 static struct restricted_ops_t {
00043        struct berval op;
00044        unsigned int  tag;
00045 } restricted_ops[] = {
00046        { BER_BVC( "add" ),                SLAP_RESTRICT_OP_ADD },
00047        { BER_BVC( "bind" ),               SLAP_RESTRICT_OP_BIND },
00048        { BER_BVC( "compare" ),                   SLAP_RESTRICT_OP_COMPARE },
00049        { BER_BVC( "delete" ),                    SLAP_RESTRICT_OP_DELETE },
00050        { BER_BVC( "extended" ),           SLAP_RESTRICT_OP_EXTENDED },
00051        { BER_BVC( "modify" ),                    SLAP_RESTRICT_OP_MODIFY },
00052        { BER_BVC( "rename" ),                    SLAP_RESTRICT_OP_RENAME },
00053        { BER_BVC( "search" ),                    SLAP_RESTRICT_OP_SEARCH },
00054        { BER_BVNULL,                      0 }
00055 }, restricted_exops[] = {
00056        { BER_BVC( LDAP_EXOP_START_TLS ),  SLAP_RESTRICT_EXOP_START_TLS },
00057        { BER_BVC( LDAP_EXOP_MODIFY_PASSWD ),     SLAP_RESTRICT_EXOP_MODIFY_PASSWD },
00058        { BER_BVC( LDAP_EXOP_WHO_AM_I ),   SLAP_RESTRICT_EXOP_WHOAMI },
00059        { BER_BVC( LDAP_EXOP_CANCEL ),     SLAP_RESTRICT_EXOP_CANCEL },
00060        { BER_BVNULL,                      0 }
00061 };
00062 
00063 static int
00064 init_readOnly( monitor_info_t *mi, Entry *e, slap_mask_t restrictops )
00065 {
00066        struct berval *tf = ( ( restrictops & SLAP_RESTRICT_OP_MASK ) == SLAP_RESTRICT_OP_WRITES ) ?
00067               (struct berval *)&slap_true_bv : (struct berval *)&slap_false_bv;
00068 
00069        return attr_merge_one( e, mi->mi_ad_readOnly, tf, NULL );
00070 }
00071 
00072 static int
00073 init_restrictedOperation( monitor_info_t *mi, Entry *e, slap_mask_t restrictops )
00074 {
00075        int    i, rc;
00076 
00077        for ( i = 0; restricted_ops[ i ].op.bv_val; i++ ) {
00078               if ( restrictops & restricted_ops[ i ].tag ) {
00079                      rc = attr_merge_one( e, mi->mi_ad_restrictedOperation,
00080                                    &restricted_ops[ i ].op,
00081                                    &restricted_ops[ i ].op );
00082                      if ( rc ) {
00083                             return rc;
00084                      }
00085               }
00086        }
00087 
00088        for ( i = 0; restricted_exops[ i ].op.bv_val; i++ ) {
00089               if ( restrictops & restricted_exops[ i ].tag ) {
00090                      rc = attr_merge_one( e, mi->mi_ad_restrictedOperation,
00091                                    &restricted_exops[ i ].op,
00092                                    &restricted_exops[ i ].op );
00093                      if ( rc ) {
00094                             return rc;
00095                      }
00096               }
00097        }
00098 
00099        return LDAP_SUCCESS;
00100 }
00101 
00102 static int
00103 monitor_subsys_overlay_init_one(
00104        monitor_info_t              *mi,
00105        BackendDB            *be,
00106        monitor_subsys_t     *ms,
00107        monitor_subsys_t     *ms_overlay,
00108        slap_overinst        *on,
00109        Entry                *e_database,
00110        Entry                **ep_overlay )
00111 {
00112        char                 buf[ BACKMONITOR_BUFSIZE ];
00113        int                  j, o;
00114        Entry                *e_overlay;
00115        slap_overinst        *on2;
00116        slap_overinfo        *oi = NULL;
00117        BackendInfo          *bi;
00118        monitor_entry_t             *mp_overlay;
00119        struct berval        bv;
00120 
00121        assert( overlay_is_over( be ) );
00122 
00123        oi = (slap_overinfo *)be->bd_info->bi_private;
00124        bi = oi->oi_orig;
00125 
00126        /* find the overlay number, o */
00127        for ( o = 0, on2 = oi->oi_list; on2 && on2 != on; on2 = on2->on_next, o++ )
00128               ;
00129 
00130        if ( on2 == NULL ) {
00131               return -1;
00132        }
00133 
00134        /* find the overlay type number, j */
00135        for ( on2 = overlay_next( NULL ), j = 0; on2; on2 = overlay_next( on2 ), j++ ) {
00136               if ( on2->on_bi.bi_type == on->on_bi.bi_type ) {
00137                      break;
00138               }
00139        }
00140        assert( on2 != NULL );
00141 
00142        bv.bv_len = snprintf( buf, sizeof( buf ), "cn=Overlay %d", o );
00143        bv.bv_val = buf;
00144 
00145        e_overlay = monitor_entry_stub( &e_database->e_name, &e_database->e_nname, &bv,
00146               mi->mi_oc_monitoredObject, mi, NULL, NULL );
00147 
00148        if ( e_overlay == NULL ) {
00149               Debug( LDAP_DEBUG_ANY,
00150                      "monitor_subsys_overlay_init_one: "
00151                      "unable to create entry "
00152                      "\"cn=Overlay %d,%s\"\n",
00153                      o, e_database->e_name.bv_val, 0 );
00154               return( -1 );
00155        }
00156        ber_str2bv( on->on_bi.bi_type, 0, 0, &bv );
00157        attr_merge_normalize_one( e_overlay, mi->mi_ad_monitoredInfo, &bv, NULL );
00158 
00159        bv.bv_len = snprintf( buf, sizeof( buf ), "cn=Overlay %d,%s",
00160               j, ms_overlay->mss_dn.bv_val );
00161        bv.bv_val = buf;
00162        attr_merge_normalize_one( e_overlay, slap_schema.si_ad_seeAlso,
00163               &bv, NULL );
00164 
00165        if ( SLAP_MONITOR( be ) ) {
00166               attr_merge( e_overlay, slap_schema.si_ad_monitorContext,
00167                             be->be_suffix, be->be_nsuffix );
00168 
00169        } else {
00170               attr_merge( e_overlay, slap_schema.si_ad_namingContexts,
00171                             be->be_suffix, NULL );
00172        }
00173 
00174        mp_overlay = monitor_entrypriv_create();
00175        if ( mp_overlay == NULL ) {
00176               return -1;
00177        }
00178        e_overlay->e_private = ( void * )mp_overlay;
00179        mp_overlay->mp_info = ms;
00180        mp_overlay->mp_flags = ms->mss_flags | MONITOR_F_SUB;
00181        
00182        if ( monitor_cache_add( mi, e_overlay ) ) {
00183               Debug( LDAP_DEBUG_ANY,
00184                      "monitor_subsys_overlay_init_one: "
00185                      "unable to add entry "
00186                      "\"cn=Overlay %d,%s\"\n",
00187                      o, e_database->e_name.bv_val, 0 );
00188               return -1;
00189        }
00190 
00191        *ep_overlay = e_overlay;
00192        ep_overlay = &mp_overlay->mp_next;
00193 
00194        return 0;
00195 }
00196 
00197 static int
00198 monitor_subsys_database_init_one(
00199        monitor_info_t              *mi,
00200        BackendDB            *be,
00201        monitor_subsys_t     *ms,
00202        monitor_subsys_t     *ms_backend,
00203        monitor_subsys_t     *ms_overlay,
00204        struct berval        *rdn,
00205        Entry                *e_database,
00206        Entry                ***epp )
00207 {
00208        char                 buf[ BACKMONITOR_BUFSIZE ];
00209        int                  j;
00210        slap_overinfo        *oi = NULL;
00211        BackendInfo          *bi, *bi2;
00212        Entry                *e;
00213        monitor_entry_t             *mp;
00214        char                 *rdnval = strchr( rdn->bv_val, '=' ) + 1;
00215        struct berval        bv;
00216 
00217        bi = be->bd_info;
00218 
00219        if ( overlay_is_over( be ) ) {
00220               oi = (slap_overinfo *)be->bd_info->bi_private;
00221               bi = oi->oi_orig;
00222        }
00223 
00224        e = monitor_entry_stub( &ms->mss_dn, &ms->mss_ndn, rdn,
00225               mi->mi_oc_monitoredObject, mi, NULL, NULL );
00226 
00227        if ( e == NULL ) {
00228               Debug( LDAP_DEBUG_ANY,
00229                      "monitor_subsys_database_init_one: "
00230                      "unable to create entry \"%s,%s\"\n",
00231                      rdn->bv_val, ms->mss_dn.bv_val, 0 );
00232               return( -1 );
00233        }
00234 
00235        ber_str2bv( bi->bi_type, 0, 0, &bv );
00236        attr_merge_normalize_one( e, mi->mi_ad_monitoredInfo, &bv, NULL );
00237        attr_merge_one( e, mi->mi_ad_monitorIsShadow,
00238               SLAP_SHADOW( be ) ? (struct berval *)&slap_true_bv :
00239                      (struct berval *)&slap_false_bv, NULL );
00240 
00241        if ( SLAP_MONITOR( be ) ) {
00242               attr_merge( e, slap_schema.si_ad_monitorContext,
00243                             be->be_suffix, be->be_nsuffix );
00244               attr_merge( e_database, slap_schema.si_ad_monitorContext,
00245                             be->be_suffix, be->be_nsuffix );
00246 
00247        } else {
00248               if ( be->be_suffix == NULL ) {
00249                      Debug( LDAP_DEBUG_ANY,
00250                             "monitor_subsys_database_init_one: "
00251                             "missing suffix for %s\n",
00252                             rdnval, 0, 0 );
00253               } else {
00254                      attr_merge( e, slap_schema.si_ad_namingContexts,
00255                             be->be_suffix, NULL );
00256                      attr_merge( e_database, slap_schema.si_ad_namingContexts,
00257                             be->be_suffix, NULL );
00258               }
00259 
00260               if ( SLAP_GLUE_SUBORDINATE( be ) ) {
00261                      BackendDB *sup_be = select_backend( &be->be_nsuffix[ 0 ], 1 );
00262                      if ( sup_be == NULL ) {
00263                             Debug( LDAP_DEBUG_ANY,
00264                                    "monitor_subsys_database_init: "
00265                                    "unable to get superior for %s\n",
00266                                    be->be_suffix[ 0 ].bv_val, 0, 0 );
00267 
00268                      } else {
00269                             attr_merge( e, mi->mi_ad_monitorSuperiorDN,
00270                                    sup_be->be_suffix, sup_be->be_nsuffix );
00271                      }
00272               }
00273        }
00274 
00275        (void)init_readOnly( mi, e, be->be_restrictops );
00276        (void)init_restrictedOperation( mi, e, be->be_restrictops );
00277 
00278        if ( SLAP_SHADOW( be ) && be->be_update_refs ) {
00279               attr_merge_normalize( e, mi->mi_ad_monitorUpdateRef,
00280                             be->be_update_refs, NULL );
00281        }
00282 
00283        if ( oi != NULL ) {
00284               slap_overinst *on = oi->oi_list,
00285                             *on1 = on;
00286 
00287               for ( ; on; on = on->on_next ) {
00288                      slap_overinst        *on2;
00289 
00290                      for ( on2 = on1; on2 != on; on2 = on2->on_next ) {
00291                             if ( on2->on_bi.bi_type == on->on_bi.bi_type ) {
00292                                    break;
00293                             }
00294                      }
00295 
00296                      if ( on2 != on ) {
00297                             break;
00298                      }
00299                      
00300                      ber_str2bv( on->on_bi.bi_type, 0, 0, &bv );
00301                      attr_merge_normalize_one( e, mi->mi_ad_monitorOverlay,
00302                                    &bv, NULL );
00303 
00304                      /* find the overlay number, j */
00305                      for ( on2 = overlay_next( NULL ), j = 0; on2; on2 = overlay_next( on2 ), j++ ) {
00306                             if ( on2->on_bi.bi_type == on->on_bi.bi_type ) {
00307                                    break;
00308                             }
00309                      }
00310                      assert( on2 != NULL );
00311 
00312                      snprintf( buf, sizeof( buf ), 
00313                             "cn=Overlay %d,%s", 
00314                             j, ms_overlay->mss_dn.bv_val );
00315                      ber_str2bv( buf, 0, 0, &bv );
00316                      attr_merge_normalize_one( e,
00317                                    slap_schema.si_ad_seeAlso,
00318                                    &bv, NULL );
00319               }
00320        }
00321 
00322        j = -1;
00323        LDAP_STAILQ_FOREACH( bi2, &backendInfo, bi_next ) {
00324               j++;
00325               if ( bi2->bi_type == bi->bi_type ) {
00326                      snprintf( buf, sizeof( buf ), 
00327                             "cn=Backend %d,%s", 
00328                             j, ms_backend->mss_dn.bv_val );
00329                      bv.bv_val = buf;
00330                      bv.bv_len = strlen( buf );
00331                      attr_merge_normalize_one( e,
00332                                    slap_schema.si_ad_seeAlso,
00333                                    &bv, NULL );
00334                      break;
00335               }
00336        }
00337        /* we must find it! */
00338        assert( j >= 0 );
00339 
00340        mp = monitor_entrypriv_create();
00341        if ( mp == NULL ) {
00342               return -1;
00343        }
00344        e->e_private = ( void * )mp;
00345        mp->mp_info = ms;
00346        mp->mp_flags = ms->mss_flags
00347               | MONITOR_F_SUB;
00348 
00349        if ( monitor_cache_add( mi, e ) ) {
00350               Debug( LDAP_DEBUG_ANY,
00351                      "monitor_subsys_database_init_one: "
00352                      "unable to add entry \"%s,%s\"\n",
00353                      rdn->bv_val, ms->mss_dn.bv_val, 0 );
00354               return( -1 );
00355        }
00356 
00357 #if defined(LDAP_SLAPI)
00358        monitor_back_add_plugin( mi, be, e );
00359 #endif /* defined(LDAP_SLAPI) */
00360 
00361        if ( oi != NULL ) {
00362               Entry         **ep_overlay = &mp->mp_children;
00363               slap_overinst *on = oi->oi_list;
00364 
00365               for ( ; on; on = on->on_next ) {
00366                      monitor_subsys_overlay_init_one( mi, be,
00367                             ms, ms_overlay, on, e, ep_overlay );
00368               }
00369        }
00370 
00371        **epp = e;
00372        *epp = &mp->mp_next;
00373 
00374        return 0;
00375 }
00376 
00377 static int
00378 monitor_back_register_database_and_overlay(
00379        BackendDB            *be,
00380        struct slap_overinst *on,
00381        struct berval        *ndn_out )
00382 {
00383        monitor_info_t              *mi;
00384        Entry                *e_database, **ep;
00385        int                  i, rc;
00386        monitor_entry_t             *mp;
00387        monitor_subsys_t     *ms_backend,
00388                             *ms_database,
00389                             *ms_overlay;
00390        struct berval        bv;
00391        char                 buf[ BACKMONITOR_BUFSIZE ];
00392 
00393        assert( be_monitor != NULL );
00394 
00395        if ( !monitor_subsys_is_opened() ) {
00396               if ( on ) {
00397                      return monitor_back_register_overlay_limbo( be, on, ndn_out );
00398 
00399               } else {
00400                      return monitor_back_register_database_limbo( be, ndn_out );
00401               }
00402        }
00403 
00404        mi = ( monitor_info_t * )be_monitor->be_private;
00405 
00406        ms_backend = monitor_back_get_subsys( SLAPD_MONITOR_BACKEND_NAME );
00407        if ( ms_backend == NULL ) {
00408               Debug( LDAP_DEBUG_ANY,
00409                      "monitor_back_register_database: "
00410                      "unable to get "
00411                      "\"" SLAPD_MONITOR_BACKEND_NAME "\" "
00412                      "subsystem\n",
00413                      0, 0, 0 );
00414               return -1;
00415        }
00416 
00417        ms_database = monitor_back_get_subsys( SLAPD_MONITOR_DATABASE_NAME );
00418        if ( ms_database == NULL ) {
00419               Debug( LDAP_DEBUG_ANY,
00420                      "monitor_back_register_database: "
00421                      "unable to get "
00422                      "\"" SLAPD_MONITOR_DATABASE_NAME "\" "
00423                      "subsystem\n",
00424                      0, 0, 0 );
00425               return -1;
00426        }
00427 
00428        ms_overlay = monitor_back_get_subsys( SLAPD_MONITOR_OVERLAY_NAME );
00429        if ( ms_overlay == NULL ) {
00430               Debug( LDAP_DEBUG_ANY,
00431                      "monitor_back_register_database: "
00432                      "unable to get "
00433                      "\"" SLAPD_MONITOR_OVERLAY_NAME "\" "
00434                      "subsystem\n",
00435                      0, 0, 0 );
00436               return -1;
00437        }
00438 
00439        if ( monitor_cache_get( mi, &ms_database->mss_ndn, &e_database ) ) {
00440               Debug( LDAP_DEBUG_ANY,
00441                      "monitor_subsys_database_init: "
00442                      "unable to get entry \"%s\"\n",
00443                      ms_database->mss_ndn.bv_val, 0, 0 );
00444               return( -1 );
00445        }
00446 
00447        mp = ( monitor_entry_t * )e_database->e_private;
00448        for ( i = -1, ep = &mp->mp_children; *ep; i++ ) {
00449               Attribute     *a;
00450 
00451               a = attr_find( (*ep)->e_attrs, slap_schema.si_ad_namingContexts );
00452               if ( a ) {
00453                      int           j, k;
00454 
00455                      /* FIXME: RFC 4512 defines namingContexts without an
00456                       *        equality matching rule, making comparisons
00457                       *        like this one tricky.  We use a_vals and
00458                       *        be_suffix instead for now.
00459                       */
00460                      for ( j = 0; !BER_BVISNULL( &a->a_vals[ j ] ); j++ ) {
00461                             for ( k = 0; !BER_BVISNULL( &be->be_suffix[ k ] ); k++ ) {
00462                                    if ( dn_match( &a->a_vals[ j ],
00463                                                   &be->be_suffix[ k ] ) ) {
00464                                           rc = 0;
00465                                           goto done;
00466                                    }
00467                             }
00468                      }
00469               }
00470 
00471               mp = ( monitor_entry_t * )(*ep)->e_private;
00472 
00473               assert( mp != NULL );
00474               ep = &mp->mp_next;
00475        }
00476 
00477        bv.bv_val = buf;
00478        bv.bv_len = snprintf( buf, sizeof( buf ), "cn=Database %d", i );
00479        if ( bv.bv_len >= sizeof( buf ) ) {
00480               rc = -1;
00481               goto done;
00482        }
00483        
00484        rc = monitor_subsys_database_init_one( mi, be,
00485               ms_database, ms_backend, ms_overlay, &bv, e_database, &ep );
00486        if ( rc != 0 ) {
00487               goto done;
00488        }
00489        /* database_init_one advanced ep past where we want.
00490         * But it stored the entry we want in mp->mp_next.
00491         */
00492        ep = &mp->mp_next;
00493 
00494 done:;
00495        monitor_cache_release( mi, e_database );
00496        if ( rc == 0 && ndn_out && ep && *ep ) {
00497               if ( on ) {
00498                      Entry *e_ov;
00499                      struct berval ov_type;
00500 
00501                      ber_str2bv( on->on_bi.bi_type, 0, 0, &ov_type );
00502 
00503                      mp = ( monitor_entry_t * ) (*ep)->e_private;
00504                      for ( e_ov = mp->mp_children; e_ov; ) {
00505                             Attribute *a = attr_find( e_ov->e_attrs, mi->mi_ad_monitoredInfo );
00506 
00507                             if ( a != NULL && bvmatch( &a->a_nvals[ 0 ], &ov_type ) ) {
00508                                    *ndn_out = e_ov->e_nname;
00509                                    break;
00510                             }
00511 
00512                             mp = ( monitor_entry_t * ) e_ov->e_private;
00513                             e_ov = mp->mp_next;
00514                      }
00515                      
00516               } else {
00517                      *ndn_out = (*ep)->e_nname;
00518               }
00519        }
00520 
00521        return rc;
00522 }
00523 
00524 int
00525 monitor_back_register_database(
00526        BackendDB            *be,
00527        struct berval        *ndn_out )
00528 {
00529        return monitor_back_register_database_and_overlay( be, NULL, ndn_out );
00530 }
00531 
00532 int
00533 monitor_back_register_overlay(
00534        BackendDB            *be,
00535        struct slap_overinst *on,
00536        struct berval        *ndn_out )
00537 {
00538        return monitor_back_register_database_and_overlay( be, on, ndn_out );
00539 }
00540 
00541 int
00542 monitor_subsys_database_init(
00543        BackendDB            *be,
00544        monitor_subsys_t     *ms )
00545 {
00546        monitor_info_t              *mi;
00547        Entry                *e_database, **ep;
00548        int                  i, rc;
00549        monitor_entry_t             *mp;
00550        monitor_subsys_t     *ms_backend,
00551                             *ms_overlay;
00552        struct berval        bv;
00553 
00554        assert( be != NULL );
00555 
00556        ms->mss_modify = monitor_subsys_database_modify;
00557 
00558        mi = ( monitor_info_t * )be->be_private;
00559 
00560        ms_backend = monitor_back_get_subsys( SLAPD_MONITOR_BACKEND_NAME );
00561        if ( ms_backend == NULL ) {
00562               Debug( LDAP_DEBUG_ANY,
00563                      "monitor_subsys_database_init: "
00564                      "unable to get "
00565                      "\"" SLAPD_MONITOR_BACKEND_NAME "\" "
00566                      "subsystem\n",
00567                      0, 0, 0 );
00568               return -1;
00569        }
00570 
00571        ms_overlay = monitor_back_get_subsys( SLAPD_MONITOR_OVERLAY_NAME );
00572        if ( ms_overlay == NULL ) {
00573               Debug( LDAP_DEBUG_ANY,
00574                      "monitor_subsys_database_init: "
00575                      "unable to get "
00576                      "\"" SLAPD_MONITOR_OVERLAY_NAME "\" "
00577                      "subsystem\n",
00578                      0, 0, 0 );
00579               return -1;
00580        }
00581 
00582        if ( monitor_cache_get( mi, &ms->mss_ndn, &e_database ) ) {
00583               Debug( LDAP_DEBUG_ANY,
00584                      "monitor_subsys_database_init: "
00585                      "unable to get entry \"%s\"\n",
00586                      ms->mss_ndn.bv_val, 0, 0 );
00587               return( -1 );
00588        }
00589 
00590        (void)init_readOnly( mi, e_database, frontendDB->be_restrictops );
00591        (void)init_restrictedOperation( mi, e_database, frontendDB->be_restrictops );
00592 
00593        mp = ( monitor_entry_t * )e_database->e_private;
00594        mp->mp_children = NULL;
00595        ep = &mp->mp_children;
00596 
00597        BER_BVSTR( &bv, "cn=Frontend" );
00598        rc = monitor_subsys_database_init_one( mi, frontendDB,
00599               ms, ms_backend, ms_overlay, &bv, e_database, &ep );
00600        if ( rc != 0 ) {
00601               return rc;
00602        }
00603 
00604        i = -1;
00605        LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) {
00606               char          buf[ BACKMONITOR_BUFSIZE ];
00607 
00608               bv.bv_val = buf;
00609               bv.bv_len = snprintf( buf, sizeof( buf ), "cn=Database %d", ++i );
00610               if ( bv.bv_len >= sizeof( buf ) ) {
00611                      return -1;
00612               }
00613               
00614               rc = monitor_subsys_database_init_one( mi, be,
00615                      ms, ms_backend, ms_overlay, &bv, e_database, &ep );
00616               if ( rc != 0 ) {
00617                      return rc;
00618               }
00619        }
00620        
00621        monitor_cache_release( mi, e_database );
00622 
00623        return( 0 );
00624 }
00625 
00626 /*
00627  * v: array of values
00628  * cur: must not contain the tags corresponding to the values in v
00629  * delta: will contain the tags corresponding to the values in v
00630  */
00631 static int
00632 value_mask( BerVarray v, slap_mask_t cur, slap_mask_t *delta )
00633 {
00634        for ( ; !BER_BVISNULL( v ); v++ ) {
00635               struct restricted_ops_t            *rops;
00636               int                         i;
00637 
00638               if ( OID_LEADCHAR( v->bv_val[ 0 ] ) ) {
00639                      rops = restricted_exops;
00640 
00641               } else {
00642                      rops = restricted_ops;
00643               }
00644 
00645               for ( i = 0; !BER_BVISNULL( &rops[ i ].op ); i++ ) {
00646                      if ( ber_bvstrcasecmp( v, &rops[ i ].op ) != 0 ) {
00647                             continue;
00648                      }
00649 
00650                      if ( rops[ i ].tag & *delta ) {
00651                             return LDAP_OTHER;
00652                      }
00653 
00654                      if ( rops[ i ].tag & cur ) {
00655                             return LDAP_OTHER;
00656                      }
00657 
00658                      cur |= rops[ i ].tag;
00659                      *delta |= rops[ i ].tag;
00660 
00661                      break;
00662               }
00663 
00664               if ( BER_BVISNULL( &rops[ i ].op ) ) {
00665                      return LDAP_INVALID_SYNTAX;
00666               }
00667        }
00668 
00669        return LDAP_SUCCESS;
00670 }
00671 
00672 static int
00673 monitor_subsys_database_modify(
00674        Operation     *op,
00675        SlapReply     *rs,
00676        Entry         *e )
00677 {
00678        monitor_info_t       *mi = (monitor_info_t *)op->o_bd->be_private;
00679        int           rc = LDAP_OTHER;
00680        Attribute     *save_attrs, *a;
00681        Modifications *ml;
00682        Backend              *be;
00683        int           ro_gotval = 1, i, n;
00684        slap_mask_t   rp_add = 0, rp_delete = 0, rp_cur;
00685        struct berval *tf;
00686        
00687        i = sscanf( e->e_nname.bv_val, "cn=database %d,", &n );
00688        if ( i != 1 ) {
00689               return SLAP_CB_CONTINUE;
00690        }
00691 
00692        if ( n < 0 || n >= nBackendDB ) {
00693               rs->sr_text = "invalid database index";
00694               return ( rs->sr_err = LDAP_NO_SUCH_OBJECT );
00695        }
00696 
00697        LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) {
00698               if ( n == 0 ) {
00699                      break;
00700               }
00701               n--;
00702        }
00703        /* do not allow some changes on back-monitor (needs work)... */
00704        if ( SLAP_MONITOR( be ) ) {
00705               rs->sr_text = "no modifications allowed to monitor database entry";
00706               return ( rs->sr_err = LDAP_UNWILLING_TO_PERFORM );
00707        }
00708               
00709        rp_cur = be->be_restrictops;
00710 
00711        save_attrs = e->e_attrs;
00712        e->e_attrs = attrs_dup( e->e_attrs );
00713 
00714        for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
00715               Modification *mod = &ml->sml_mod;
00716 
00717               if ( mod->sm_desc == mi->mi_ad_readOnly ) {
00718                      int    val = -1;
00719 
00720                      if ( mod->sm_values ) {
00721                             if ( !BER_BVISNULL( &mod->sm_values[ 1 ] ) ) {
00722                                    rs->sr_text = "attempting to modify multiple values of single-valued attribute";
00723                                    rc = rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
00724                                    goto done;
00725                             }
00726 
00727                             if ( bvmatch( &slap_true_bv, mod->sm_values )) {
00728                                    val = 1;
00729 
00730                             } else if ( bvmatch( &slap_false_bv, mod->sm_values )) {
00731                                    val = 0;
00732 
00733                             } else {
00734                                    assert( 0 );
00735                                    rc = rs->sr_err = LDAP_INVALID_SYNTAX;
00736                                    goto done;
00737                             }
00738                      }
00739 
00740                      switch ( mod->sm_op ) {
00741                      case LDAP_MOD_DELETE:
00742                             if ( ro_gotval < 1 ) {
00743                                    rc = rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
00744                                    goto done;
00745                             }
00746                             ro_gotval--;
00747 
00748                             if ( val == 0 && ( rp_cur & SLAP_RESTRICT_OP_WRITES ) == SLAP_RESTRICT_OP_WRITES ) {
00749                                    rc = rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
00750                                    goto done;
00751                             }
00752                             
00753                             if ( val == 1 && ( rp_cur & SLAP_RESTRICT_OP_WRITES ) != SLAP_RESTRICT_OP_WRITES ) {
00754                                    rc = rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
00755                                    goto done;
00756                             }
00757                             
00758                             break;
00759 
00760                      case LDAP_MOD_REPLACE:
00761                             ro_gotval = 0;
00762                             /* fall thru */
00763 
00764                      case LDAP_MOD_ADD:
00765                             if ( ro_gotval > 0 ) {
00766                                    rc = rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
00767                                    goto done;
00768                             }
00769                             ro_gotval++;
00770 
00771                             if ( val == 1 ) {
00772                                    rp_add |= (~rp_cur) & SLAP_RESTRICT_OP_WRITES;
00773                                    rp_cur |= SLAP_RESTRICT_OP_WRITES;
00774                                    rp_delete &= ~SLAP_RESTRICT_OP_WRITES;
00775                                    
00776                             } else if ( val == 0 ) {
00777                                    rp_delete |= rp_cur & SLAP_RESTRICT_OP_WRITES;
00778                                    rp_cur &= ~SLAP_RESTRICT_OP_WRITES;
00779                                    rp_add &= ~SLAP_RESTRICT_OP_WRITES;
00780                             }
00781                             break;
00782 
00783                      default:
00784                             rc = rs->sr_err = LDAP_OTHER;
00785                             goto done;
00786                      }
00787 
00788               } else if ( mod->sm_desc == mi->mi_ad_restrictedOperation ) {
00789                      slap_mask_t   mask = 0;
00790 
00791                      switch ( mod->sm_op ) {
00792                      case LDAP_MOD_DELETE:
00793                             if ( mod->sm_values == NULL ) {
00794                                    rp_delete = rp_cur;
00795                                    rp_cur = 0;
00796                                    rp_add = 0;
00797                                    break;
00798                             }
00799                             rc = value_mask( mod->sm_values, ~rp_cur, &mask );
00800                             if ( rc == LDAP_SUCCESS ) {
00801                                    rp_delete |= mask;
00802                                    rp_add &= ~mask;
00803                                    rp_cur &= ~mask;
00804 
00805                             } else if ( rc == LDAP_OTHER ) {
00806                                    rc = LDAP_NO_SUCH_ATTRIBUTE;
00807                             }
00808                             break;
00809 
00810                      case LDAP_MOD_REPLACE:
00811                             rp_delete = rp_cur;
00812                             rp_cur = 0;
00813                             rp_add = 0;
00814                             /* fall thru */
00815 
00816                      case LDAP_MOD_ADD:
00817                             rc = value_mask( mod->sm_values, rp_cur, &mask );
00818                             if ( rc == LDAP_SUCCESS ) {
00819                                    rp_add |= mask;
00820                                    rp_cur |= mask;
00821                                    rp_delete &= ~mask;
00822 
00823                             } else if ( rc == LDAP_OTHER ) {
00824                                    rc = rs->sr_err = LDAP_TYPE_OR_VALUE_EXISTS;
00825                             }
00826                             break;
00827 
00828                      default:
00829                             rc = rs->sr_err = LDAP_OTHER;
00830                             break;
00831                      }
00832 
00833                      if ( rc != LDAP_SUCCESS ) {
00834                             goto done;
00835                      }
00836 
00837               } else if ( is_at_operational( mod->sm_desc->ad_type )) {
00838               /* accept all operational attributes */
00839                      attr_delete( &e->e_attrs, mod->sm_desc );
00840                      rc = attr_merge( e, mod->sm_desc, mod->sm_values,
00841                             mod->sm_nvalues );
00842                      if ( rc ) {
00843                             rc = rs->sr_err = LDAP_OTHER;
00844                             break;
00845                      }
00846 
00847               } else {
00848                      rc = rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
00849                      break;
00850               }
00851        }
00852 
00853        /* sanity checks: */
00854        if ( ro_gotval < 1 ) {
00855               rc = rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
00856               goto done;
00857        }
00858 
00859        if ( ( rp_cur & SLAP_RESTRICT_OP_EXTENDED ) && ( rp_cur & SLAP_RESTRICT_EXOP_MASK ) ) {
00860               rc = rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
00861               goto done;
00862        }
00863 
00864        if ( rp_delete & rp_add ) {
00865               rc = rs->sr_err = LDAP_OTHER;
00866               goto done;
00867        }
00868 
00869        /* check current value of readOnly */
00870        if ( ( rp_cur & SLAP_RESTRICT_OP_WRITES ) == SLAP_RESTRICT_OP_WRITES ) {
00871               tf = (struct berval *)&slap_true_bv;
00872 
00873        } else {
00874               tf = (struct berval *)&slap_false_bv;
00875        }
00876 
00877        a = attr_find( e->e_attrs, mi->mi_ad_readOnly );
00878        if ( a == NULL ) {
00879               rc = LDAP_OTHER;
00880               goto done;
00881        }
00882 
00883        if ( !bvmatch( &a->a_vals[ 0 ], tf ) ) {
00884               attr_delete( &e->e_attrs, mi->mi_ad_readOnly );
00885               rc = attr_merge_one( e, mi->mi_ad_readOnly, tf, tf );
00886        }
00887 
00888        if ( rc == LDAP_SUCCESS ) {
00889               if ( rp_delete ) {
00890                      if ( rp_delete == be->be_restrictops ) {
00891                             attr_delete( &e->e_attrs, mi->mi_ad_restrictedOperation );
00892 
00893                      } else {
00894                             a = attr_find( e->e_attrs, mi->mi_ad_restrictedOperation );
00895                             if ( a == NULL ) {
00896                                    rc = rs->sr_err = LDAP_OTHER;
00897                                    goto done;
00898                             }
00899 
00900                             for ( i = 0; !BER_BVISNULL( &restricted_ops[ i ].op ); i++ ) {
00901                                    if ( rp_delete & restricted_ops[ i ].tag ) {
00902                                           int    j;
00903                                    
00904                                           for ( j = 0; !BER_BVISNULL( &a->a_nvals[ j ] ); j++ ) {
00905                                                  int           k;
00906 
00907                                                  if ( !bvmatch( &a->a_nvals[ j ], &restricted_ops[ i ].op ) ) {
00908                                                         continue;
00909                                                  }
00910 
00911                                                  ch_free( a->a_vals[ j ].bv_val );
00912                                                  ch_free( a->a_nvals[ j ].bv_val );
00913 
00914                                                  for ( k = j + 1; !BER_BVISNULL( &a->a_nvals[ k ] ); k++ ) {
00915                                                         a->a_vals[ k - 1 ] = a->a_vals[ k ];
00916                                                         a->a_nvals[ k - 1 ] = a->a_nvals[ k ];
00917                                                  }
00918        
00919                                                  BER_BVZERO( &a->a_vals[ k - 1 ] );
00920                                                  BER_BVZERO( &a->a_nvals[ k - 1 ] );
00921                                                  a->a_numvals--;
00922                                           }
00923                                    }
00924                             }
00925                             
00926                             for ( i = 0; !BER_BVISNULL( &restricted_exops[ i ].op ); i++ ) {
00927                                    if ( rp_delete & restricted_exops[ i ].tag ) {
00928                                           int    j;
00929                                    
00930                                           for ( j = 0; !BER_BVISNULL( &a->a_nvals[ j ] ); j++ ) {
00931                                                  int           k;
00932 
00933                                                  if ( !bvmatch( &a->a_nvals[ j ], &restricted_exops[ i ].op ) ) {
00934                                                         continue;
00935                                                  }
00936 
00937                                                  ch_free( a->a_vals[ j ].bv_val );
00938                                                  ch_free( a->a_nvals[ j ].bv_val );
00939 
00940                                                  for ( k = j + 1; !BER_BVISNULL( &a->a_nvals[ k ] ); k++ ) {
00941                                                         a->a_vals[ k - 1 ] = a->a_vals[ k ];
00942                                                         a->a_nvals[ k - 1 ] = a->a_nvals[ k ];
00943                                                  }
00944        
00945                                                  BER_BVZERO( &a->a_vals[ k - 1 ] );
00946                                                  BER_BVZERO( &a->a_nvals[ k - 1 ] );
00947                                                  a->a_numvals--;
00948                                           }
00949                                    }
00950                             }
00951 
00952                             if ( a->a_vals == NULL ) {
00953                                    assert( a->a_numvals == 0 );
00954 
00955                                    attr_delete( &e->e_attrs, mi->mi_ad_restrictedOperation );
00956                             }
00957                      }
00958               }
00959 
00960               if ( rp_add ) {
00961                      for ( i = 0; !BER_BVISNULL( &restricted_ops[ i ].op ); i++ ) {
00962                             if ( rp_add & restricted_ops[ i ].tag ) {
00963                                    attr_merge_one( e, mi->mi_ad_restrictedOperation,
00964                                                  &restricted_ops[ i ].op,
00965                                                  &restricted_ops[ i ].op );
00966                             }
00967                      }
00968 
00969                      for ( i = 0; !BER_BVISNULL( &restricted_exops[ i ].op ); i++ ) {
00970                             if ( rp_add & restricted_exops[ i ].tag ) {
00971                                    attr_merge_one( e, mi->mi_ad_restrictedOperation,
00972                                                  &restricted_exops[ i ].op,
00973                                                  &restricted_exops[ i ].op );
00974                             }
00975                      }
00976               }
00977        }
00978 
00979        be->be_restrictops = rp_cur;
00980 
00981 done:;
00982        if ( rc == LDAP_SUCCESS ) {
00983               attrs_free( save_attrs );
00984               rc = SLAP_CB_CONTINUE;
00985 
00986        } else {
00987               Attribute *tmp = e->e_attrs;
00988               e->e_attrs = save_attrs;
00989               attrs_free( tmp );
00990        }
00991        return rc;
00992 }
00993 
00994 #if defined(LDAP_SLAPI)
00995 static int
00996 monitor_back_add_plugin( monitor_info_t *mi, Backend *be, Entry *e_database )
00997 {
00998        Slapi_PBlock  *pCurrentPB; 
00999        int           i, rc = LDAP_SUCCESS;
01000 
01001        if ( slapi_int_pblock_get_first( be, &pCurrentPB ) != LDAP_SUCCESS ) {
01002               /*
01003                * LDAP_OTHER is returned if no plugins are installed
01004                */
01005               rc = LDAP_OTHER;
01006               goto done;
01007        }
01008 
01009        i = 0;
01010        do {
01011               Slapi_PluginDesc     *srchdesc;
01012               char                 buf[ BACKMONITOR_BUFSIZE ];
01013               struct berval        bv;
01014 
01015               rc = slapi_pblock_get( pCurrentPB, SLAPI_PLUGIN_DESCRIPTION,
01016                             &srchdesc );
01017               if ( rc != LDAP_SUCCESS ) {
01018                      goto done;
01019               }
01020               if ( srchdesc ) {
01021                      snprintf( buf, sizeof(buf),
01022                                    "plugin %d name: %s; "
01023                                    "vendor: %s; "
01024                                    "version: %s; "
01025                                    "description: %s", 
01026                                    i,
01027                                    srchdesc->spd_id,
01028                                    srchdesc->spd_vendor,
01029                                    srchdesc->spd_version,
01030                                    srchdesc->spd_description );
01031               } else {
01032                      snprintf( buf, sizeof(buf),
01033                                    "plugin %d name: <no description available>", i );
01034               }
01035 
01036               ber_str2bv( buf, 0, 0, &bv );
01037               attr_merge_normalize_one( e_database,
01038                             mi->mi_ad_monitoredInfo, &bv, NULL );
01039 
01040               i++;
01041 
01042        } while ( ( slapi_int_pblock_get_next( &pCurrentPB ) == LDAP_SUCCESS )
01043                      && ( pCurrentPB != NULL ) );
01044 
01045 done:
01046        return rc;
01047 }
01048 #endif /* defined(LDAP_SLAPI) */