1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2015 Gary Mills
23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 *
26 * Copyright 2019 RackTop Systems.
27 */
28
29 #include <sys/types.h>
30 #include <time.h>
31 #include <sys/time.h>
32 #include <lber.h>
33 #include <ldap.h>
34 #include <signal.h>
35 #include <pthread.h>
36 #include "db_headers.h"
37 #include "db.h"
38 #include "db_mindex.h"
39 #include "db_dictionary.h"
40 #include "nisdb_mt.h"
41 #include "ldap_map.h"
42 #include "ldap_glob.h"
43 #include "ldap_util.h"
44
45
46 extern db_dictionary *InUseDictionary;
47
48
49 extern "C" {
50
51 typedef struct {
52 db_mindex *mindex;
53 __nis_table_mapping_t *t;
54 db_query *qin;
55 db_query *q;
56 char *dbId;
57 nis_object *dirObj;
58 int isDeferred;
59 char *tableName;
60 } __entries_from_ldap_arg_t;
61
62 static void *entriesFromLDAPthread(void *);
63
64 }
65
66 int entriesFromLDAPreal(__entries_from_ldap_arg_t *);
67
68 #ifdef SET_ENTRY_FLAGS
69 static uint_t
entryFlagsFromTable(uint_t tf)70 entryFlagsFromTable(uint_t tf) {
71 uint_t ef = 0;
72
73 if ((tf & TA_BINARY) != 0)
74 ef |= EN_BINARY;
75 if ((tf & TA_CRYPT) != 0)
76 ef |= EN_CRYPT;
77 if ((tf & TA_XDR) != 0)
78 ef |= EN_XDR;
79 if ((tf & TA_ASN1) != 0)
80 ef |= EN_ASN1;
81
82 return (ef);
83 }
84 #endif /* SET_ENTRY_FLAGS */
85
86 static void setOid(nis_object *obj);
87
88 /*
89 * Retrieve container entries from LDAP per 't' and 'qin'/'q'.
90 * This is a helper function for db_mindex::queryLDAP(); see
91 * that function for details of the parameters (except doAsynch).
92 *
93 * If 'doAsynch' is set, and the retrieval is an enumeration
94 * (qin == NULL), the retrieval is performed in a detached
95 * thread. In this case, the return code just reflects the
96 * setup and launch of the detached thread. Retrieval will
97 * complete asynchronously.
98 */
99 int
entriesFromLDAP(__nis_table_mapping_t * t,db_query * qin,db_query * q,char * dbId,nis_object * dirObj,int doAsynch)100 db_mindex::entriesFromLDAP(__nis_table_mapping_t *t, db_query *qin, db_query *q,
101 char *dbId, nis_object *dirObj, int doAsynch) {
102 __entries_from_ldap_arg_t *arg;
103 int stat;
104 db_status dstat;
105 const char *myself = "db_mindex::entriesFromLDAP";
106
107 arg = (__entries_from_ldap_arg_t *)am(myself, sizeof (*arg));
108 if (arg == 0) {
109 freeQuery(q);
110 if (dirObj != 0)
111 nis_destroy_object(dirObj);
112 return (LDAP_NO_MEMORY);
113 }
114
115 arg->mindex = this;
116 arg->t = t;
117 arg->qin = qin;
118 arg->q = q;
119 arg->dbId = dbId;
120 arg->dirObj = dirObj;
121 arg->tableName = t->objName;
122
123 /*
124 * Check if an enumeration thread is running; if so, then regardless
125 * of whether or not the current operation is an enumeration, we
126 * just return success, and let our caller get the data from the
127 * existing (deferred) DB.
128 */
129 (void) mutex_lock(&table->mapping.enumLock);
130 if (table->mapping.enumTid != 0) {
131 int doReturn = 0;
132
133 stat = pthread_kill(table->mapping.enumTid, 0);
134 if (stat == ESRCH) {
135 logmsg(MSG_NOTIMECHECK, LOG_WARNING,
136 "%s: Enumeration thread %d not found for \"%s\"; exit status = %d (%s)",
137 myself, table->mapping.enumTid,
138 NIL(t->objName), table->mapping.enumStat,
139 ldap_err2string(table->mapping.enumStat));
140 /* Reflect the fact that no enum thread is running */
141 table->mapping.enumTid = 0;
142 table->mapping.enumStat = -1;
143 /* Cleanup deferred mode */
144 if (table->mapping.enumDeferred) {
145 dstat = InUseDictionary->commit(t->objPath);
146 if (dstat == DB_SUCCESS) {
147 table->mapping.enumDeferred = 0;
148 } else {
149 logmsg(MSG_NOTIMECHECK, LOG_ERR,
150 "%s: DB error %d committing \"%s\"",
151 myself, dstat, NIL(t->objName));
152 }
153 }
154 } else if (stat == 0) {
155 logmsg(MSG_NOTIMECHECK, LOG_INFO,
156 "%s: Enumeration thread %d already running for \"%s\"",
157 myself, table->mapping.enumTid,
158 NIL(t->objName));
159 stat = LDAP_SUCCESS;
160 doReturn = 1;
161 } else {
162 logmsg(MSG_NOTIMECHECK, LOG_INFO,
163 "%s: Error %d looking for enumeration thread %d for \"%s\"",
164 myself, stat, table->mapping.enumTid,
165 NIL(t->objName));
166 doReturn = 1;
167 stat = LDAP_OPERATIONS_ERROR;
168 }
169 if (doReturn) {
170 (void) mutex_unlock(&table->mapping.enumLock);
171 sfree(arg);
172 freeQuery(q);
173 if (dirObj != 0)
174 nis_destroy_object(dirObj);
175 return (stat);
176 }
177 }
178
179 /*
180 * If we're enumerating (and hence expect that retrieving all data,
181 * and updating the local DB, might take a while), create a deferred-
182 * update table that clients can use while we are updating the real
183 * one.
184 */
185 if (doAsynch && qin == 0) {
186 if ((dstat = InUseDictionary->defer(t->objPath)) ==
187 DB_SUCCESS) {
188 arg->isDeferred = 1;
189 table->mapping.enumDeferred = 1;
190 } else {
191 logmsg(MSG_NOTIMECHECK, LOG_WARNING,
192 "%s: Unable to defer updates for \"%s\" (status=%d);"
193 " updating in place",
194 myself, NIL(t->objName), dstat);
195 arg->isDeferred = 0;
196 table->mapping.enumDeferred = 0;
197 }
198 } else {
199 arg->isDeferred = 0;
200 table->mapping.enumDeferred = 0;
201 }
202
203 /* If enumerating, perform the operation in a separate thread */
204 if (doAsynch && qin == 0) {
205 pthread_t tid;
206 pthread_attr_t attr;
207
208 (void) pthread_attr_init(&attr);
209 #ifdef FORCE_SYNCHRONOUS
210 #else
211 (void) pthread_attr_setdetachstate(&attr,
212 PTHREAD_CREATE_DETACHED);
213 #endif /* FORCE_SYNCHRONOUS */
214 stat = pthread_create(&tid, &attr, entriesFromLDAPthread, arg);
215 if (stat != 0) {
216 (void) mutex_unlock(&table->mapping.enumLock);
217 logmsg(MSG_NOTIMECHECK, LOG_WARNING,
218 "%s: Error %d creating new thread; using current one",
219 myself, stat);
220 stat = entriesFromLDAPreal(arg);
221 return (stat);
222 }
223
224 table->mapping.enumTid = tid;
225 table->mapping.enumStat = -1;
226
227 /*
228 * We're now returning to the caller, who will get data
229 * from:
230 *
231 * The deferred DB, if an enumeration thread already
232 * was running, and deferred mode was on, or
233 *
234 * The original DB, if we just started an enumeration
235 * thread. In this case, our caller (several levels up)
236 * is holding a lock on the db_mindex/db_table, which
237 * means that the enum thread will have to wait for
238 * our caller once it's done the LDAP retrieval, and
239 * wants to update the DB.
240 */
241 (void) mutex_unlock(&table->mapping.enumLock);
242 stat = LDAP_SUCCESS;
243 #ifdef FORCE_SYNCHRONOUS
244 {
245 int tstat;
246
247 stat = pthread_join(tid, (void **)&tstat);
248 if (stat == 0) {
249 stat = tstat;
250 logmsg(MSG_NOTIMECHECK, LOG_WARNING,
251 "%s: thread %d => %d",
252 myself, tid, tstat);
253 } else {
254 logmsg(MSG_NOTIMECHECK, LOG_ERR,
255 "%s: pthread_join(%d) => %d",
256 myself, tid, stat);
257 stat = LDAP_OPERATIONS_ERROR;
258 }
259 }
260 #endif /* FORCE_SYNCHRONOUS */
261 } else {
262 (void) mutex_unlock(&table->mapping.enumLock);
263 stat = entriesFromLDAPreal(arg);
264 }
265
266 return (stat);
267 }
268
269 extern "C" {
270
271 /*
272 * We use this 'extern "C"' function in order to make sure that
273 * pthread_create() doesn't have any problems trying to invoke a
274 * C++ function.
275 */
276 static void *
entriesFromLDAPthread(void * voidarg)277 entriesFromLDAPthread(void *voidarg) {
278 __entries_from_ldap_arg_t *arg;
279 db *dbase;
280 db_table_desc *tbl = 0;
281 char *tableName;
282
283 arg = (__entries_from_ldap_arg_t *)voidarg;
284
285 /* Lock to prevent removal */
286 (void) __nis_lock_db_table(arg->tableName, 1, 0,
287 "entriesFromLDAPthread");
288
289 /*
290 * It's possible that the db_mindex for the table has changed,
291 * or disappeared, between now and the time when our parent
292 * thread released its lock on the table. Hence, we search the
293 * dictionary to re-acquire the 'db', and the db_mindex.
294 */
295 tableName = internalTableName(arg->tableName);
296 if (tableName != 0) {
297 #ifdef NISDB_LDAP_DEBUG
298 db_mindex *oldMindex = arg->mindex;
299 #endif /* NISDB_LDAP_DEBUG */
300
301 dbase = InUseDictionary->find_table(tableName, &tbl, FALSE);
302 if (dbase != 0)
303 arg->mindex = dbase->mindex();
304 else
305 arg->mindex = 0;
306 #ifdef NISDB_LDAP_DEBUG
307 logmsg(MSG_NOTIMECHECK, LOG_WARNING,
308 "entriesFromLDAPthread: %s -> %s -> 0x%x (0x%x)",
309 NIL(arg->tableName), NIL(tableName),
310 arg->mindex, oldMindex);
311 #endif /* NISDB_LDAP_DEBUG */
312 sfree(tableName);
313 tableName = 0;
314 }
315
316 (void) entriesFromLDAPreal(arg);
317
318 (void) __nis_ulock_db_table(arg->tableName, 1, 0,
319 "entriesFromLDAPthread");
320
321 freeQuery(arg->q);
322 if (arg->dirObj != 0)
323 nis_destroy_object(arg->dirObj);
324 sfree(arg);
325 return (NULL);
326 }
327
328 }
329
330 int
entriesFromLDAPreal(__entries_from_ldap_arg_t * arg)331 entriesFromLDAPreal(__entries_from_ldap_arg_t *arg) {
332 db_mindex *mindex;
333 db_table *table;
334 __nis_table_mapping_t *t;
335 db_query *q, *qin;
336 char *dbId;
337 nis_object *dirObj;
338 int i, na, nau, nq = 0, xid = 0;
339 int ret, stat = LDAP_SUCCESS, stat2, stat3;
340 int lstat;
341 __nis_obj_attr_t **oa = 0;
342 db_query **res;
343 entry_object **ea;
344 long numEa;
345 bool_t doEnum;
346 db_status dstat;
347 struct timeval start;
348 const char *myself =
349 "db_mindex::entriesFromLDAPreal";
350
351 if (arg == 0)
352 return (LDAP_PARAM_ERROR);
353 mindex = arg->mindex;
354 t = arg->t;
355 q = arg->q;
356 qin = arg->qin;
357 dbId = arg->dbId;
358 dirObj = arg->dirObj;
359
360 table = (mindex != 0) ? mindex->getTable() : 0;
361
362 if (mindex == 0 || t == 0 || table == 0) {
363 /* We haven't done anything, so rollback should be OK */
364 if (arg->isDeferred && t != 0) {
365 dstat = InUseDictionary->rollback(t->objPath);
366 if (dstat != DB_SUCCESS) {
367 logmsg(MSG_NOTIMECHECK, LOG_WARNING,
368 "%s: DB error %d rolling back \"%s\"",
369 myself, dstat, NIL(t->objName));
370 /*
371 * Had rollback succeeded, the 'table'
372 * would have disappeared. However, since
373 * rollback failed, we need to update the
374 * table->mapping.enum* fields.
375 */
376 if (table != 0) {
377 (void) mutex_lock(&table->
378 mapping.enumLock);
379 table->mapping.enumStat =
380 LDAP_PARAM_ERROR;
381 table->mapping.enumTime = 0;
382 table->mapping.enumEntries = 0;
383 table->mapping.enumTid = 0;
384 (void) mutex_unlock(&table->
385 mapping.enumLock);
386 }
387 }
388 }
389 return (LDAP_PARAM_ERROR);
390 }
391
392 if (qin == 0)
393 logmsg(MSG_NOTIMECHECK, LOG_INFO, "%s: enumerating \"%s%s%s\"",
394 myself, dbId ? dbId : "", dbId ? ":" : "",
395 NIL(t->objName));
396
397 (void) gettimeofday(&start, 0);
398
399 /* Getting table entries */
400 res = mapFromLDAP(t, q, &nq, dbId, &stat, &oa);
401 #ifdef NISDB_LDAP_DEBUG
402 logmsg(MSG_ALWAYS, LOG_INFO,
403 "%s: mapFromLDAP() => 0x%x, status=%d %s; nq = %d",
404 myself, res, stat, stat == LDAP_SUCCESS ? "" :
405 ldap_err2string(stat), nq);
406 #endif /* NISDB_LDAP_DEBUG */
407
408 /*
409 * Keep track of the number of NIS+ entries we got back;
410 * note that the number of LDAP entries may have been
411 * smaller or larger.
412 */
413 (void) mutex_lock(&table->mapping.enumLock);
414 table->mapping.enumEntries = nq;
415 (void) mutex_unlock(&table->mapping.enumLock);
416
417 /*
418 * If we get LDAP_NO_SUCH_OBJECT, we need to delete the entries
419 * in the table, so we can't just return.
420 */
421 if (res == 0 && stat != LDAP_NO_SUCH_OBJECT) {
422 logmsg(MSG_NOTIMECHECK, LOG_INFO,
423 "%s: mapFromLDAP() => 0x0, status=%d (%s)",
424 myself, stat, ldap_err2string(stat));
425 if (arg->isDeferred) {
426 dstat = InUseDictionary->rollback(t->objPath);
427 if (dstat != DB_SUCCESS) {
428 struct timeval end;
429
430 logmsg(MSG_NOTIMECHECK, LOG_WARNING,
431 "%s: DB error %d rolling back \"%s\"",
432 myself, dstat, NIL(t->objName));
433 /*
434 * Had rollback succeeded, the 'table'
435 * would have disappeared. However, since
436 * rollback failed, we need to update the
437 * table->mapping.enum* fields.
438 */
439 (void) mutex_lock(&table->mapping.enumLock);
440 table->mapping.enumStat = stat;
441 (void) gettimeofday(&end, 0);
442 end.tv_sec -= start.tv_sec;
443 end.tv_usec -= start.tv_usec;
444 if (end.tv_usec < 0) {
445 end.tv_usec += 1000000;
446 end.tv_sec -= 1;
447 }
448 table->mapping.enumTime =
449 1000000*end.tv_sec + end.tv_usec;
450 table->mapping.enumTid = 0;
451 (void) mutex_unlock(&table->mapping.enumLock);
452 }
453 }
454 return (stat);
455 }
456
457 /*
458 * Need to disable write-through to LDAP, for which we need a lock
459 * on our db_mindex ('mindex'); we're also updating the table, so
460 * we need a write lock on that as well. However, before locking the
461 * mindex, we need to maintain lock integrity by acquiring the
462 * trans log lock. Note that actually beginning a transaction is
463 * expensive, so we defer that until we know that we really need
464 * to update.
465 */
466 lstat = lockTransLog(myself, 1, 1);
467 if (lstat != 0) {
468 if (lstat == EBUSY)
469 logmsg(MSG_NOTIMECHECK, LOG_INFO,
470 "%s: transaction log busy; no LDAP update for \"%s\"",
471 myself, NIL(t->objName));
472 else
473 logmsg(MSG_NOTIMECHECK, LOG_ERR,
474 "%s: Error %d locking transaction log; no LDAP update for \"%s\"",
475 myself, lstat, NIL(t->objName));
476 if (arg->isDeferred) {
477 dstat = InUseDictionary->rollback(t->objPath);
478 if (dstat != DB_SUCCESS) {
479 struct timeval end;
480
481 logmsg(MSG_NOTIMECHECK, LOG_WARNING,
482 "%s: DB error %d rolling back \"%s\"",
483 myself, dstat, NIL(t->objName));
484 /*
485 * Had rollback succeeded, the 'table'
486 * would have disappeared. However, since
487 * rollback failed, we need to update the
488 * table->mapping.enum* fields.
489 */
490 (void) mutex_lock(&table->mapping.enumLock);
491 table->mapping.enumStat = LDAP_OPERATIONS_ERROR;
492 (void) gettimeofday(&end, 0);
493 end.tv_sec -= start.tv_sec;
494 end.tv_usec -= start.tv_usec;
495 if (end.tv_usec < 0) {
496 end.tv_usec += 1000000;
497 end.tv_sec -= 1;
498 }
499 table->mapping.enumTime = 1000000*end.tv_sec +
500 end.tv_usec;
501 table->mapping.enumTid = 0;
502 (void) mutex_unlock(&table->mapping.enumLock);
503 }
504 }
505 return (LDAP_OPERATIONS_ERROR);
506 }
507
508 /*
509 * If we have any updates, we'll call db::sync_log, which write-
510 * locks the 'db' instance. In order to avoid a dead-lock with
511 * threads performing a DB lookup (which will lock the 'db' and
512 * then the 'db_mindex'), we need hence need to lock in the
513 * following order:
514 *
515 * trans.log (already holding that one)
516 * db
517 * db_mindex
518 * db_table
519 */
520 TRYWRITELOCK(((db *)mindex->getDbPtr()), stat,
521 "w db db_mindex::entriesFromLDAPreal");
522 if (stat == 0) {
523 TRYWRITELOCK(mindex, stat2, "w db_mindex::entriesFromLDAPreal");
524 if (stat2 == 0) {
525 TRYWRITELOCK(table, stat3,
526 "table w db_mindex::entriesFromLDAPreal");
527 }
528 }
529
530 if (stat != 0 || stat2 != 0 || stat3 != 0) {
531 if (stat != 0) {
532 if (stat == EBUSY)
533 logmsg(MSG_NOTIMECHECK, LOG_INFO,
534 "%s: 'db' busy; no LDAP update for \"%s\"",
535 myself, NIL(t->objName));
536 else
537 logmsg(MSG_NOTIMECHECK, LOG_ERR,
538 "%s: 'db' lock error %d; no LDAP update for \"%s\"",
539 myself, stat, NIL(t->objName));
540 } else if (stat2 != 0) {
541 if (stat2 == EBUSY)
542 logmsg(MSG_NOTIMECHECK, LOG_INFO,
543 "%s: 'db_mindex' busy; no LDAP update for \"%s\"",
544 myself, NIL(t->objName));
545 else
546 logmsg(MSG_NOTIMECHECK, LOG_ERR,
547 "%s: 'db_mindex' lock error %d; no LDAP update for \"%s\"",
548 myself, stat2, NIL(t->objName));
549 } else {
550 if (stat3 == EBUSY)
551 logmsg(MSG_NOTIMECHECK, LOG_INFO,
552 "%s: 'db_table' busy; no LDAP update for \"%s\"",
553 myself, NIL(t->objName));
554 else
555 logmsg(MSG_NOTIMECHECK, LOG_ERR,
556 "%s: 'db_table' lock error %d; no LDAP update for \"%s\"",
557 myself, stat3, NIL(t->objName));
558 }
559 freeQueries(res, nq);
560 if (arg->isDeferred) {
561 dstat = InUseDictionary->rollback(t->objPath);
562 if (dstat != DB_SUCCESS) {
563 logmsg(MSG_NOTIMECHECK, LOG_WARNING,
564 "%s: DB error %d rolling back \"%s\"",
565 myself, dstat, NIL(t->objName));
566 /*
567 * Had rollback succeeded, the 'table'
568 * would have disappeared. However, since
569 * rollback failed, we need to update the
570 * table->mapping.enum* fields.
571 */
572 (void) mutex_lock(&table->mapping.enumLock);
573 table->mapping.enumStat = LDAP_OPERATIONS_ERROR;
574 table->mapping.enumTid = 0;
575 (void) mutex_unlock(&table->mapping.enumLock);
576 }
577 }
578 if (stat == 0) {
579 if (stat2 == 0) {
580 WRITEUNLOCK2(mindex, ((db *)mindex->getDbPtr()),
581 LDAP_OPERATIONS_ERROR,
582 LDAP_OPERATIONS_ERROR,
583 "db_mindex::entriesFromLDAPreal wu",
584 "db_mindex::entriesFromLDAPreal wu db");
585 } else {
586 WRITEUNLOCK(((db *)mindex->getDbPtr()),
587 LDAP_OPERATIONS_ERROR,
588 "db_mindex::entriesFromLDAPreal wu db");
589 }
590 }
591 unlockTransLog(myself, 1);
592 return (LDAP_OPERATIONS_ERROR);
593 }
594
595 stat = LDAP_SUCCESS;
596 mindex->setNoWriteThrough();
597 mindex->setNoLDAPquery();
598 if (qin == 0) {
599 table->setEnumMode(0);
600 doEnum = TRUE;
601
602 /*
603 * If there is no non-indexed table mapping, we must filter
604 * the enum mode (i.e., deletion candidates) array to only
605 * contain those entries that match the indexes.
606 */
607 if (haveIndexedMapping(t)) {
608 entry_object **tea = table->gettab();
609 long i, ntea = table->getsize();
610
611
612 /*
613 * Walk through the entry array, and remove any enum
614 * array entry that _doesn't_ match the index(es).
615 */
616 for (i = 0; i < ntea; i++) {
617 db_query *q;
618 __nis_table_mapping_t **tp;
619 int numMatches;
620
621 if (tea[i] == 0)
622 continue;
623
624 q = pseudoEntryObj2Query(tea[i], 0, 0);
625 if (q == 0)
626 continue;
627
628 tp = selectTableMapping(t, q, 0, 0, dbId,
629 &numMatches);
630 if (tp == 0 || numMatches <= 0)
631 table->enumTouch(i);
632
633 sfree(tp);
634
635 freeQuery(q);
636 }
637 }
638
639 logmsg(MSG_NOTIMECHECK, LOG_INFO, "%s: %d entries from LDAP",
640 myself, nq);
641 } else {
642 db_index_entry *dbie;
643 long i, count;
644 bool_t valid;
645
646 /*
647 * Find the entries in the DB that currently match the
648 * query, and add them to the enum array. Those that
649 * remain untouched when we've processed the LDAP data
650 * don't currently exist in LDAP, and should be deleted
651 * from the DB.
652 */
653 dbie = mindex->satisfy_query_dbonly(qin, &count, FALSE, &valid);
654 if (dbie != 0 && valid && count > 0) {
655 table->setEnumMode(count);
656 doEnum = TRUE;
657 for (i = 0; i < count; i++) {
658 table->enumSetup(dbie->getlocation(), i);
659 dbie = dbie->getnextresult();
660 if (dbie == 0)
661 break;
662 }
663 } else {
664 doEnum = FALSE;
665 }
666 }
667
668 entry_col ec[NIS_MAXCOLUMNS+1];
669 for (i = 0, na = 0; i < nq; i++) {
670 entry_object eo, *e;
671 #ifdef SET_ENTRY_FLAGS
672 table_col *tc;
673 #endif /* SET_ENTRY_FLAGS */
674 nis_object o, *to;
675 int j, nc;
676 db_qcomp *qc;
677
678 if (res[i] == 0)
679 continue;
680
681 #ifdef NISDB_LDAP_DEBUG
682 printQuery(res[i], t);
683 printObjAttr(oa[i]);
684 #endif /* NISDB_LDAP_DEBUG */
685
686 /* Assemble an object from the query and attributes */
687 (void) memset(&o, 0, sizeof (o));
688 if (oa[i] != 0) {
689 o.zo_owner = oa[i]->zo_owner;
690 o.zo_group = oa[i]->zo_group;
691 o.zo_domain = oa[i]->zo_domain;
692 o.zo_access = oa[i]->zo_access;
693 o.zo_ttl = oa[i]->zo_ttl;
694 }
695 if ((to = t->obj) != 0) {
696 o.zo_name = to->zo_name;
697 o.zo_data.objdata_u.en_data.en_type =
698 to->zo_data.objdata_u.ta_data.ta_type;
699 #ifdef SET_ENTRY_FLAGS
700 tc = to->zo_data.objdata_u.ta_data.ta_cols.ta_cols_val;
701 if (to->zo_data.objdata_u.ta_data.ta_cols.ta_cols_len
702 != t->numColumns)
703 tc = 0;
704 #endif /* SET_ENTRY_FLAGS */
705 if (o.zo_owner == 0)
706 o.zo_owner = to->zo_owner;
707 if (o.zo_group == 0)
708 o.zo_group = to->zo_group;
709 if (o.zo_domain == 0)
710 o.zo_domain = to->zo_domain;
711 if (o.zo_access == 0)
712 o.zo_access = to->zo_access;
713 if (o.zo_ttl == 0)
714 o.zo_ttl = to->zo_ttl;
715 } else {
716 #ifdef SET_ENTRY_FLAGS
717 tc = 0;
718 #endif /* SET_ENTRY_FLAGS */
719 o.zo_owner = (nis_name)"";
720 o.zo_group = (nis_name)"";
721 o.zo_domain = (nis_name)"";
722 }
723
724 o.zo_data.zo_type = NIS_ENTRY_OBJ;
725 o.zo_data.objdata_u.en_data.en_cols.en_cols_len =
726 t->numColumns + 1;
727 o.zo_data.objdata_u.en_data.en_cols.en_cols_val = ec;
728
729 (void) memset(&ec, 0, sizeof (ec));
730 nc = res[i]->size();
731 qc = res[i]->queryloc();
732 if (qc == 0) {
733 freeQuery(res[i]);
734 continue;
735 }
736 for (j = 0; j < nc; j++) {
737 int ic = 1+ qc[j].which_index;
738 if (ic < 1 || ic > t->numColumns)
739 continue;
740 #ifdef SET_ENTRY_FLAGS
741 if (tc != 0)
742 ec[ic].ec_flags =
743 entryFlagsFromTable(tc[ic-1].tc_flags);
744 #else
745 /*
746 * In theory, the entry flags should be derived
747 * from the table flags. However, that doesn't
748 * seem to be the way that the DB code has done
749 * things so far, so leave the entry flags unset.
750 */
751 #endif /* SET_ENTRY_FLAGS */
752 qc[j].index_value->get_value(
753 &ec[ic].ec_value.ec_value_val,
754 (int *)&ec[ic].ec_value.ec_value_len);
755 }
756
757 setOid(&o);
758 e = makePseudoEntryObj(&o, &eo, t->obj);
759 if (e == 0) {
760 freeQuery(res[i]);
761 continue;
762 }
763
764 /*
765 * 'o' is currently a pseudo-object of type entry, with
766 * column zero used for an XDR:ed version of the entry_obj,
767 * column one the real column zero of the entry, etc.
768 * We now need a real NIS_ENTRY_OBJ object, so move the
769 * entry_col array one step left.
770 */
771 o.zo_data.objdata_u.en_data.en_cols.en_cols_len = t->numColumns;
772 o.zo_data.objdata_u.en_data.en_cols.en_cols_val = &ec[1];
773
774 stat = mindex->updateTableEntry(e, 1, t->objName, &o, t->obj,
775 o.zo_oid.mtime, &xid);
776 /*
777 * LDAP_SUCCESS => Entry added or modified
778 * LDAP_COMPARE_TRUE => Entry same as existing one
779 * other => Error
780 */
781 if (stat == LDAP_SUCCESS) {
782 na++;
783 } else if (stat == LDAP_COMPARE_TRUE) {
784 stat = LDAP_SUCCESS;
785 } else {
786 logmsg(MSG_NOTIMECHECK, LOG_WARNING,
787 "%s: Error adding entry to \"%s\": %s",
788 myself, NIL(t->objName),
789 ldap_err2string(stat));
790 }
791
792 if (e->en_cols.en_cols_val != 0)
793 sfree(e->en_cols.en_cols_val[0].ec_value.ec_value_val);
794
795 freeQuery(res[i]);
796 }
797
798 sfree(res);
799
800 /* Take care of deletes if we enumerated the table */
801 if (doEnum) {
802 ea = table->endEnumMode(&numEa);
803 logmsg(MSG_NOTIMECHECK, LOG_INFO,
804 "%s: %d entries added/updated", myself, na);
805 nau = na;
806 } else
807 ea = 0;
808 if (ea != 0) {
809 uint32_t nowt = time(0);
810
811 for (i = 0; i < numEa; i++) {
812 int st;
813
814 if (ea[i] == 0)
815 continue;
816
817 st = mindex->updateTableEntry(ea[i], 0, t->objName, 0,
818 t->obj, nowt, &xid);
819 if (st == LDAP_SUCCESS) {
820 na++;
821 } else {
822 logmsg(MSG_NOTIMECHECK, LOG_WARNING,
823 "%s: Error removing directory entry for \"%s\": %s",
824 myself, NIL(t->objName),
825 ldap_err2string(st));
826 if (stat == LDAP_SUCCESS)
827 stat = st;
828 }
829 }
830 if (stat == LDAP_SUCCESS) {
831 struct timeval now;
832 (void) gettimeofday(&now, 0);
833 table->mapping.enumExpire = now.tv_sec +
834 table->mapping.ttl;
835 }
836 if (doEnum)
837 logmsg(MSG_NOTIMECHECK, LOG_INFO,
838 "%s: %d entries deleted", myself, na-nau);
839 }
840
841 sfree(ea);
842
843 /* If we called log_action() successfully, we need to sync the log */
844 if (na > 0)
845 (void) ((db *)mindex->getDbPtr())->sync_log();
846
847 if (xid != 0 && na > 0 && stat == LDAP_SUCCESS)
848 ret = endTransaction(xid, dirObj);
849 else if (xid != 0)
850 ret = abort_transaction(xid);
851 else
852 ret = 0;
853 if (ret != 0) {
854 logmsg(MSG_NOTIMECHECK, LOG_ERR,
855 "%s: Error %s transaction for \"%s\"",
856 myself, (na > 0 && stat == LDAP_SUCCESS) ?
857 "ending" : "aborting",
858 NIL(t->objName));
859 stat = LDAP_OPERATIONS_ERROR;
860 }
861
862 mindex->clearNoLDAPquery();
863 mindex->clearNoWriteThrough();
864 freeObjAttr(oa, nq);
865
866 #ifdef NISDB_LDAP_DEBUG
867 printbuf();
868 #endif /* NISDB_LDAP_DEBUG */
869
870 if (doEnum)
871 logmsg(MSG_NOTIMECHECK, LOG_INFO,
872 "%s: enumeration \"%s\" done", myself, NIL(t->objName));
873
874 if (arg->isDeferred) {
875 /*
876 * Rollback doesn't recover data written to disk, so
877 * we should commit even if we're returning failure.
878 */
879 dstat = InUseDictionary->commit(t->objPath);
880 if (dstat != DB_SUCCESS) {
881 logmsg(MSG_NOTIMECHECK, LOG_WARNING,
882 "%s: DB error %d committing \"%s\"",
883 myself, dstat, NIL(t->objName));
884 }
885 }
886 (void) mutex_lock(&table->mapping.enumLock);
887 if (arg->isDeferred && dstat == DB_SUCCESS)
888 table->mapping.enumDeferred = 0;
889 table->mapping.enumStat = stat;
890 {
891 struct timeval end;
892
893 (void) gettimeofday(&end, 0);
894 end.tv_sec -= start.tv_sec;
895 end.tv_usec -= start.tv_usec;
896 if (end.tv_usec < 0) {
897 end.tv_usec += 1000000;
898 end.tv_sec -= 1;
899 }
900 table->mapping.enumTime = 1000000*end.tv_sec + end.tv_usec;
901 logmsg(MSG_NOTIMECHECK,
902 #ifdef NISDB_LDAP_DEBUG
903 LOG_WARNING,
904 #else
905 LOG_INFO,
906 #endif /* NISDB_LDAP_DEBUG */
907 "%s: %d entries in %ld usec => %ld usec/entry",
908 NIL(t->objName), table->mapping.enumEntries,
909 table->mapping.enumTime,
910 table->mapping.enumTime/
911 (table->mapping.enumEntries != 0 ?
912 table->mapping.enumEntries : 1));
913 }
914 table->mapping.enumTid = 0;
915 (void) mutex_unlock(&table->mapping.enumLock);
916
917 WRITEUNLOCKNR(table, stat3, "table wu db_mindex::entriesFromLDAPreal");
918 WRITEUNLOCKNR(mindex, stat2, "db_mindex::entriesFromLDAPreal wu");
919 WRITEUNLOCKNR(((db *)mindex->getDbPtr()), lstat,
920 "db db_mindex::entriesFromLDAPreal wu");
921 unlockTransLog(myself, 1);
922 if (stat3 != 0)
923 logmsg(MSG_NOTIMECHECK, LOG_WARNING,
924 "%s: Error %d unlocking db_table", myself, stat3);
925 if (stat2 != 0)
926 logmsg(MSG_NOTIMECHECK, LOG_WARNING,
927 "%s: Error %d unlocking db_mindex", myself, stat2);
928 if (lstat != 0)
929 logmsg(MSG_NOTIMECHECK, LOG_WARNING,
930 "%s: Error %d unlocking db", myself, lstat);
931
932 return (stat);
933 }
934 /*
935 * Sets the oid (i.e., the creation and modification times) for the
936 * specified object. In order to avoid retrieving the old incarnation
937 * (if any) from the DB first, we're punting and setting both mtime
938 * and ctime to the current time.
939 */
940 static void
setOid(nis_object * obj)941 setOid(nis_object *obj) {
942 if (obj != 0) {
943 obj->zo_oid.ctime = obj->zo_oid.mtime = time(0);
944 }
945 }
946