usr/src/lib/libnisdb/db_mindex2.cc

root/usr/src/lib/libnisdb/db_mindex2.cc
/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

#include <stdio.h>

#include <malloc.h>
#include <strings.h>
#include <string.h>
#include <sys/param.h>
#include <sys/types.h>
#include <time.h>
#include "db_headers.h"
#include "db.h"
#include "db_mindex.h"
#include "db_pickle.h"
#include "nisdb_mt.h"
#include "nisdb_ldap.h"
#include "ldap_nisdbquery.h"
#include "ldap_map.h"
#include "ldap_ruleval.h"
#include "ldap_scheme.h"
#include "ldap_parse.h"
#include "nis_hashitem.h"
#include "nis_db.h"
#include "ldap_glob.h"

/* Pass through configuration information to the table */
bool_t
db_mindex::configure(char *tablePath) {
        if (tablePath == NULL)
                return (FALSE);

        if (objPath.ptr != 0)
                free(objPath.ptr);
        objPath.ptr = strdup(tablePath);

        if (table != NULL) {
                return (table->configure(tablePath));
        } else {
                /* Defer table config until we have a table instance */
                return (objPath.ptr != NULL);
        }
}

/*
 * The noWriteThrough flag is used to prevent modifies/updates to LDAP
 * while we're incorporating log data into the in-memory tables.
 */
void
db_mindex::setNoWriteThrough(void) {
        ASSERTWHELD(this->mindex);
        noWriteThrough.flag++;
}

void
db_mindex::clearNoWriteThrough(void) {
        ASSERTWHELD(this->mindex);
        if (noWriteThrough.flag > 0)
                noWriteThrough.flag--;
#ifdef  NISDB_LDAP_DEBUG
        else
                abort();
#endif  /* NISDB_LDAP_DEBUG */
}

/*
 * The noLDAPquery flag is used to prevent recursive LDAP queries when
 * satisfy_query() is re-entered as we add an entry from queryLDAP().
 */
void
db_mindex::setNoLDAPquery(void) {
        ASSERTWHELD(this->mindex);
        noLDAPquery.flag++;
}

void
db_mindex::clearNoLDAPquery(void) {
        ASSERTWHELD(this->mindex);
        if (noLDAPquery.flag > 0)
                noLDAPquery.flag--;
#ifdef  NISDB_LDAP_DEBUG
        else
                abort();
#endif  /* NISDB_LDAP_DEBUG */
}

/*
 * The initialLoad flag tells us if an add or remove is done as part of
 * the initial load of data, in which case we should use the initial TTLs.
 */
void
db_mindex::setInitialLoad(void) {
        ASSERTWHELD(this->mindex);
        initialLoad.flag++;
}

void
db_mindex::clearInitialLoad(void) {
        ASSERTWHELD(this->mindex);
        if (initialLoad.flag > 0)
                initialLoad.flag--;
#ifdef  NISDB_LDAP_DEBUG
        else
                abort();
#endif  /* NISDB_LDAP_DEBUG */
}

void
db_mindex::setDbPtr(void *ptr) {
        dbptr.ptr = ptr;
}

void *
db_mindex::getDbPtr(void) {
        return (dbptr.ptr);
}

db_table *
db_mindex::getTable(void) {
        return (table);
}

static void                    setOid(nis_object *obj);

extern void     db_free_result(db_result *);

zotypes
updateMappingObj(__nis_table_mapping_t *t, char **objNameP,
                bool_t *isMasterP) {
        zotypes         type = NIS_BOGUS_OBJ;
        char            *objName = 0;
        const char      *myself = "updateMappingObj";

        if (t != 0)
                objName = t->objName;
        else if (objNameP != 0)
                objName = *objNameP;
        else
                return (NIS_BOGUS_OBJ);

        if (objName != 0) {
                db_status       stat;
                int             lstat = LDAP_SUCCESS;
                nis_object      *o = dbFindObject(objName, &stat);

                /* If not found in the local DB, try LDAP */
                if (o == 0) {
                        if (stat != DB_NOTFOUND) {
                                logmsg(MSG_NOTIMECHECK, LOG_INFO,
                                        "%s: DB err %d for \"%s\"",
                                        myself, stat, NIL(objName));
                        }
                        o = ldapFindObj(t, objName, &lstat);
                        /* If found, refresh/create the local copy */
                        if (o != 0) {
                                db_status       rstat;
                                rstat = dbRefreshObj(objName, o);
                                if (rstat != DB_SUCCESS)
                                        logmsg(MSG_NOTIMECHECK, LOG_WARNING,
                                        "%s: DB error %d refreshing \"%s\"",
                                        myself, rstat, NIL(objName));
                        }
                }

                if (o != 0) {
                        type = o->zo_data.zo_type;
                        if (objNameP != 0) {
                                *objNameP = sdup(myself, T, objName);
                                if (*objNameP == 0) {
                                        logmsg(MSG_NOTIMECHECK, LOG_WARNING,
                                "%s: Unable to copy object name (\"%s\")",
                                                myself, NIL(objName));
                                }
                        }
                        if (t != 0) {
                                if (!setMappingObjTypeEtc(t, o))
                                        nis_destroy_object(o);

                        } else {
                                nis_destroy_object(o);
                        }
                } else if (lstat != LDAP_SUCCESS) {
                        logmsg(MSG_NOTIMECHECK, LOG_INFO,
                                "%s: LDAP err %d for \"%s\"",
                                myself, lstat, NIL(objName));
                }
        }

        return (type);
}

static __nis_table_mapping_t *
mappingFromObj(nis_object *obj, int *statP) {
        __nis_table_mapping_t   *t;
        __nis_buffer_t          b = {0, 0};
        char                    *objPath;
        const char              *myself = "mappingFromObj";

        if (obj == 0 || obj->zo_data.zo_type == NIS_ENTRY_OBJ)
                return (0);

        /*
         * Convert full object name to the db table path used as
         * key for the mapping hash list.
         */
        bp2buf(myself, &b, "%s.%s",
                NIL(obj->zo_name), NIL(obj->zo_domain));
        objPath = internalTableName(b.buf);
        sfree(b.buf);
        if (slen(objPath) <= 0) {
                if (statP != 0)
                        *statP = LDAP_OPERATIONS_ERROR;
                sfree(objPath);
                return (0);
        }

        t = (__nis_table_mapping_t *)__nis_find_item_mt(objPath,
                                                &ldapMappingList, 0, 0);

        sfree(objPath);

        return (t);
}

static __nis_table_mapping_t *
selectMapping(db_table *table, nis_object *obj, db_query *qin,
                bool_t wantWrite, bool_t *asObjP, int *statP) {
        __nis_table_mapping_t   *t;
        __nis_buffer_t          b = {0, 0};
        bool_t                  doLDAP, asObj;
        int                     stat = LDAP_SUCCESS;
        char                    *objPath = 0, buf[MAXPATHLEN+NIS_MAXNAMELEN+1];
        const char              *myself = "db_mindex::selectMapping";

        /*
         * If 'table' is NULL, we try to find a mapping for 'obj'.
         * We expect this to happen when our caller wants to write
         * the object from a directory entry to LDAP.
         */
        if (table == 0) {
                if (asObjP != 0)
                        *asObjP = TRUE;
                if (statP != 0)
                        *statP = LDAP_SUCCESS;

                t = mappingFromObj(obj, statP);

                if (t == 0)
                        return (0);

                /*
                 * Should the object type in the mapping be NIS_BOGUS_OBJ,
                 * we need to determine what kind of object this is.
                 */
                if (t->objType == NIS_BOGUS_OBJ) {
                        t->objType = updateMappingObj(t, 0, 0);
                        if (t->objType == NIS_BOGUS_OBJ) {
                                if (statP != 0)
                                        *statP = LDAP_OPERATIONS_ERROR;
                                return (0);
                        }
                }

                /*
                 * If caller wants a mapping suitable for writing,
                 * check that we're the master for this object.
                 */

                return (t);
        }

        /*
         * If the object type for the mapping is NIS_BOGUS_OBJ, then
         * we haven't yet been able to determine what kind of object this
         * is. Try to fix that now.
         */
        if (table->mapping.objType == NIS_BOGUS_OBJ) {
                table->mapping.objType = updateMappingObj(table->mapping.tm,
                                                &table->mapping.objName,
                                                &table->mapping.isMaster);
                table->mapping.expireType = table->mapping.objType;
        }

        /*
         * Depending on the object type (table->mapping.objType):
         *
         *      table           Use table->mapping.tm to query LDAP
         *                      for entries per 'qin'.
         *
         *      directory       Use 'qin' and table->mapping.objName
         *                      to retrieve a mapping entry, and then
         *                      query LDAP for the corresponding object.
         *                      'qin' == NULL means reading/writing the
         *                      entire directory object, plus the names
         *                      of the directory entries.
         *
         *      bogus           Not mapping this object. However, we may
         *                      still be mapping the object 'obj'.
         *
         *      other           Shouldn't happen; illegal.
         */
        switch (table->mapping.objType) {
        case NIS_TABLE_OBJ:
                t = table->mapping.tm;
                if (wantWrite)
                        doLDAP = table->mapping.isMaster &&
                                        table->mapping.toLDAP;
                else
                        doLDAP = table->mapping.fromLDAP;
                asObj = FALSE;
                break;
        case NIS_DIRECTORY_OBJ: {
                char            *sub = 0;
                int             nqc, len = 0;
                db_qcomp        *qc;

                t = 0;
                doLDAP = FALSE;
                asObj = TRUE;

                /*
                 * We expect the query to have one component, containing
                 * the directory entry name. If there's no query, we want
                 * an enumeration of the entries in the directory. They're
                 * stored with the XDR:ed directory object in LDAP, so
                 * asObj should be TRUE.
                 */
                if (qin == 0) {
                        t = table->mapping.tm;
                        if (wantWrite)
                                doLDAP = table->mapping.isMaster &&
                                        table->mapping.toLDAP;
                        else
                                doLDAP = table->mapping.fromLDAP;
                        asObj = TRUE;
                        break;
                }

                nqc = qin->size();
                if (nqc != 1 || (qc = qin->queryloc()) == 0 ||
                                qc[0].index_value == 0) {
                        stat = LDAP_PARAM_ERROR;
                        break;
                }
                qc[0].index_value->get_value(&sub, &len);
                if (sub == 0 || len <= 0) {
                        stat = LDAP_PARAM_ERROR;
                        break;
                }

                /* Append directory name to dir entry name */
                sbc2buf(myself, sub, len, &b);
                bp2buf(myself, &b, ".%s", table->mapping.objName);

                /* Convert to the DB internal name */
                objPath = internal_table_name(b.buf, buf);
                sfree(b.buf);
                if (slen(objPath) <= 0) {
                        stat = LDAP_OPERATIONS_ERROR;
                        break;
                }

                /* Look for the corresponding table mapping */
                t = (__nis_table_mapping_t *)__nis_find_item_mt(
                                        objPath, &ldapMappingList, 0, 0);

                if (t == 0)
                        break;

                /* Update object mapping information */
                if (t->objType == NIS_BOGUS_OBJ)
                        (void) updateMappingObj(t, 0, 0);

                /*
                 * Should check the objectDN's in 't', but leave that to
                 * underlying functions.
                 */
                if (wantWrite)
                        doLDAP = t->isMaster;
                else
                        doLDAP = TRUE;

                break;
        }
        case NIS_BOGUS_OBJ:
                t = mappingFromObj(obj, statP);
                doLDAP = TRUE;
                asObj = TRUE;
                break;
        default:
                t = 0;
                doLDAP = FALSE;
                asObj = TRUE;
                break;
        }

        if (!doLDAP)
                t = 0;

        if (asObjP != 0)
                *asObjP = asObj;

        if (statP != 0)
                *statP = stat;

        return (t);
}

/*
 * Replace or remove the table entry identified by 'e'. 'tableName' is
 * the name of the table (which could be a directory) in which the entry
 * resides. 'obj' is an un-XDR:ed copy of the object in 'e', optionally
 * supplied to save re-doing unpacking of the entry object. 'tobj' is
 * a pointer to the table object; needed for table entries, but not
 * for directory entries.
 *
 * 'ttime' contains the current time, to be supplied for the trans log
 * entry.
 *
 * Returns LDAP_SUCCESS when entry successfully added/modified/deleted,
 * LDAP_COMPARE_TRUE if an entry to be added/modified was the same as
 * an already existing one, and a suitable error otherwise.
 */
int
db_mindex::updateTableEntry(entry_object *e, int replace, char *tableName,
                nis_object *obj, nis_object *tobj, uint32_t ttime,
                int *xid) {
        int                     stat, freeObj = 0;
        db_index_entry          *dbie;
        long                    count = 0;
        bool_t                  valid = TRUE;
        db_result               *dbres;
        db_query                *qi;
        nis_object              *oldObj = 0;
        const char              *myself = "db_mindex::updateTableEntry";

        if (table == 0 || e == 0)
                return (LDAP_PARAM_ERROR);

        qi = extract_index_values_from_object(e);
        if (qi == 0) {
                logmsg(MSG_NOMEM, LOG_ERR,
                                "%s: Out of memory for query index",
                                myself);
                return (LDAP_NO_MEMORY);
        }

        dbie = satisfy_query(qi, &count, &valid, FALSE);
        if (dbie != 0 && (count != 1 || !valid)) {
                logmsg(MSG_NOTIMECHECK, LOG_INFO,
                        "%s: count=%d, valid=%s",
                        myself, count, valid ? "TRUE" : "FALSE");
                delete qi;
                return (LDAP_OPERATIONS_ERROR);
        }

        /*
         * Need a copy of the old object in order to log a removal
         * (this is true even if we're modifying an existing entry).
         */
        if (dbie != 0) {
                oldObj = unmakePseudoEntryObj(
                                table->get_entry(dbie->getlocation()), tobj);
                if (oldObj == 0) {
                        logmsg(MSG_NOTIMECHECK, LOG_ERR,
        "%s: Error getting object from old pseudo-entry for \"%s\" in \"%s\"",
                                        myself, NIL(obj->zo_name),
                                        NIL(tableName));
                        delete qi;
                        return (LDAP_OPERATIONS_ERROR);
                }
        }

        if (replace) {
                /* Need the object from the entry */
                if (dbie != 0 && obj == 0) {
                        obj = unmakePseudoEntryObj(e, tobj);
                        if (obj == 0) {
                                logmsg(MSG_NOTIMECHECK, LOG_ERR,
        "%s: Error getting object from pseudo-entry for \"%s\" in \"%s\"",
                                        myself, NIL(obj->zo_name),
                                        NIL(tableName));
                                delete qi;
                                nis_destroy_object(oldObj);
                                return (LDAP_OPERATIONS_ERROR);
                        }
                        freeObj = 1;
                }

                /* Is the new object a dup of the old ? */
                if (dbie != 0 && sameNisPlusObj(oldObj, obj)) {
                        /* Yes, it's a dup, so just update the timestamp */
                        table->touchEntry(dbie->getlocation());
                        delete qi;
                        if (freeObj)
                                nis_destroy_object(obj);
                        nis_destroy_object(oldObj);
                        return (LDAP_COMPARE_TRUE);
                } else {
                        /*
                         * Not a dup, so go ahead and add it. Provided
                         * that 'qi' isn't NULL (which we've already
                         * checked), DB_ADD(_NOSYNC) does the right
                         * thing even if matching entries already
                         * exist.
                         */
                        dbres = ((db *)dbptr.ptr)->log_action(DB_ADD_NOSYNC,
                                                                qi, e);
                        if (dbres == 0)
                                stat = LDAP_OPERATIONS_ERROR;
                        else if (dbres->status == DB_SUCCESS)
                                stat = LDAP_SUCCESS;
                        else
                                stat = LDAP_OPERATIONS_ERROR;
                        db_free_result(dbres);
                }
        } else {        /* Removing */
                /* If the object doesn't exist, we're done */
                if (dbie == 0) {
                        delete qi;
                        return (LDAP_SUCCESS);
                }

                dbres = ((db *)dbptr.ptr)->log_action(DB_REMOVE_NOSYNC, qi, 0);
                if (dbres == 0)
                        stat = LDAP_OPERATIONS_ERROR;
                else if (dbres->status == DB_SUCCESS)
                        stat = LDAP_SUCCESS;
                else
                        stat = LDAP_OPERATIONS_ERROR;
                db_free_result(dbres);
        }

        /* Log the operation */
        if (stat == LDAP_SUCCESS) {
                int             ret, numAttrs;
                nis_attr        *attr, attrbuf[NIS_MAXCOLUMNS];

                /* If we haven't begun the transaction yet, do so now */
                if (*xid == 0) {
                        *xid = beginTransaction();
                        if (*xid == 0) {
                                logmsg(MSG_NOTIMECHECK, LOG_ERR,
                                "%s: Error starting transaction for \"%s\"",
                                        myself, NIL(tableName));
                                delete qi;
                                if (oldObj != 0)
                                        nis_destroy_object(oldObj);
                                return (LDAP_OPERATIONS_ERROR);
                        }
                }

                if (replace && obj == 0) {
                        obj = unmakePseudoEntryObj(e, tobj);
                        if (obj == 0) {
                                logmsg(MSG_NOTIMECHECK, LOG_ERR,
        "%s: Error getting object from pseudo-entry for \"%s\" in \"%s\"",
                                        myself, NIL(obj->zo_name),
                                        NIL(tableName));
                                delete qi;
                                if (oldObj != 0)
                                        nis_destroy_object(oldObj);
                                return (LDAP_OPERATIONS_ERROR);
                        }
                        freeObj = 1;
                }

                /*
                 * The log stores nis_attr information, so we need to
                 * convert the scheme-query to a nis_attr array.
                 */
                attr = schemeQuery2nisAttr(qi, attrbuf, scheme,
                                table->mapping.tm, &numAttrs);
                if (attr == 0) {
                        logmsg(MSG_NOTIMECHECK, LOG_ERR,
        "%s: Error converting index query to nis_attr for \"%s\" in \"%s\"",
                                myself, NIL(obj->zo_name), NIL(tableName));
                        if (freeObj)
                                nis_destroy_object(obj);
                        if (oldObj != 0)
                                nis_destroy_object(oldObj);
                        delete qi;
                        return (LDAP_OPERATIONS_ERROR);
                }

                if (replace) {
                        /*
                         * While the DB can handle a modify (replace)
                         * operation, the trans log stores this as a
                         * remove followed by an add (which allows
                         * backing out the change by removing the new
                         * object incarnation, and adding the old one).
                         */
                        if (oldObj != 0)
                                ret = addUpdate(REM_IBASE, tableName,
                                        numAttrs, attr, oldObj, 0, ttime);
                        else
                                ret = 0;
                        if (ret == 0)
                                ret = addUpdate(ADD_IBASE, tableName,
                                        numAttrs, attr, obj, 0, ttime);
                } else {        /* Removal */
                        ret = addUpdate(REM_IBASE, tableName, numAttrs, attr,
                                        oldObj, 0, ttime);
                }
                if (ret != 0) {
                        logmsg(MSG_NOTIMECHECK, LOG_ERR,
                "%s: Error adding trans log entry for \"%s\" in \"%s\"",
                                myself, NIL(obj->zo_name), NIL(tableName));
                        stat = LDAP_OPERATIONS_ERROR;
                }
        }

        delete qi;

        if (oldObj != 0)
                nis_destroy_object(oldObj);
        if (freeObj)
                nis_destroy_object(obj);

        return (stat);
}

bool_t
db_mindex::touchEntry(entry_object *e) {
        db_query                *qi;
        bool_t                  ret;

        if (table == 0 || e == 0)
                return (FALSE);

        qi = extract_index_values_from_object(e);
        if (qi == 0)
                return (FALSE);

        ret = touchEntry(qi);

        delete qi;

        return (ret);
}

bool_t
db_mindex::touchEntry(db_query *q) {
        db_index_entry          *dbie;
        long                    count;
        bool_t                  valid;

        dbie = satisfy_query(q, &count, &valid, FALSE);
        if (dbie != 0 && count == 1 && valid)
                table->touchEntry(dbie->getlocation());
        else
                return (FALSE);

        return (TRUE);
}

/*
 * Compose an object name from column zero of 'e' and 't->objName',
 * and return the mapping for that object, if any. Also set '*name'
 * to point to the dir entry name in 'e'. Note that this is a pointer
 * to existing data, and shouldn't be freed other than as part of
 * freeing 'e'.
 */
static __nis_table_mapping_t *
findDirEntryMapping(__nis_table_mapping_t *t, entry_object *e, char **name) {
        __nis_table_mapping_t   *x;
        char                    *entryName;
        const char              *myself = "findDirEntryMapping";
        __nis_buffer_t          b = {0, 0};

        if (e == 0 || e->en_cols.en_cols_len != 2 ||
                        e->en_cols.en_cols_val == 0)
                return (0);

        entryName = e->en_cols.en_cols_val[1].ec_value.ec_value_val;
        if (name != 0)
                *name = entryName;

        if (t == 0 || entryName == 0 || t->objName == 0)
                return (0);

        bp2buf(myself, &b, "%s.%s", entryName, t->objName);
        if (b.len == 0 || b.buf == 0)
                return (0);

        x = (__nis_table_mapping_t *)__nis_find_item_mt(b.buf,
                                                &ldapMappingList, 0, 0);

        sfree(b.buf);

        return (x);
}

/*
 * Query LDAP per the supplied (scheme-) query 'qin'. If 'doAsynch' is
 * set, and the query is an enumeration (qin == 0), the query will be
 * performed in a detached thread, and complete asynchronously. In this
 * case, the return status reflects the setup and launch of the
 * detached thread; the query will complete asynchronously.
 *
 * Returns an appropriate LDAP status code.
 */
int
db_mindex::queryLDAP(db_query *qin, char *dbId, int doAsynch) {
        __nis_table_mapping_t   *t;
        int                     i, na, nq = 0, stat, stat2, numAttrs, ret;
        int                     xid = 0;
        long                    numEa;
        bool_t                  asObj, doEnum;
        db_query                *q;
        entry_object            **ea;
        nis_attr                attr;
        nis_object              *dirObj;
        db_status               dstat;
        const char              *myself = "db_mindex::queryLDAP";

        if (!useLDAPrespository || table == 0)
                return (LDAP_SUCCESS);

        /*
         * Instances from the deferred dictionary shouldn't change,
         * there's no point in querying LDAP.
         */
        if (table->mapping.isDeferredTable)
                return (LDAP_SUCCESS);

        t = selectMapping(table, 0, qin, FALSE, &asObj, &stat);

        if (t == 0)
                return (stat);

#ifdef  NISDB_LDAP_DEBUG
        printf("%s: %s (%s)\n",
                myself, NIL(t->objName), (asObj ? "object" : "entry"));
#endif  /* NISDB_LDAP_DEBUG */

        if (qin != NULL) {
                q = schemeQuery2Query(qin, scheme);
                if (q == 0)
                        return (LDAP_PARAM_ERROR);
#ifdef  NISDB_LDAP_DEBUG
                q->print();
#endif  /* NISDB_LDAP_DEBUG */
        } else {
                q = 0;
#ifdef  NISDB_LDAP_DEBUG
                printf("\tenumerating %s%s%s\n",
                        dbId ? dbId : "", dbId ? ":" : "", NIL(t->objName));
#endif  /* NISDB_LDAP_DEBUG */
        }

        /*
         * Do we have any active mappings for this particular query and
         * dbId ?  If not, we're done.
         *
         * Note that we don't care about the return value from
         * selectTableMapping(), just wheter or not there are
         * any valid mappings.
         */
        i = 0;
        sfree(selectTableMapping(t, q, 0, asObj, dbId, &i));
        if (i <= 0) {
                freeQuery(q);
                return (LDAP_SUCCESS);
        }

        /* Is the object a directory ? */
        if (asObj) {
                nis_object      *o;
                entry_object    *e, eo;
                entry_col       ec[2];
                int             nea;

                stat = objFromLDAP(t, &o, &ea, &nea);
                numEa = nea;

                if (stat == LDAP_NO_SUCH_OBJECT) {
                        /* Positive failure; remove the object */
                        dstat = dbDeleteObj(t->objName);
                        if (dstat == DB_SUCCESS || dstat == DB_NOTFOUND) {
                                stat = LDAP_SUCCESS;
                        } else {
                                logmsg(MSG_NOTIMECHECK, LOG_WARNING,
                                        "%s: DB error %d deleting \"%s\"",
                                        myself, dstat, NIL(t->objName));
                                stat = LDAP_OPERATIONS_ERROR;
                        }

                        freeQuery(q);

                        return (stat);
                } else if (stat != LDAP_SUCCESS) {
                        freeQuery(q);
                        return (stat);
                } else if (o == 0) {
                        /* OK; this entry just isn't mapped */
                        freeQuery(q);
                        return (LDAP_SUCCESS);
                }

                if (q != 0) {
                        /*
                         * We're updating one particular entry (described
                         * by 't') in the directory 'table->mapping.tm'.
                         */

                        setOid(o);
                        dstat = dbRefreshObj(t->objName, o);
                        if (dstat == DB_SUCCESS) {
                                stat = LDAP_SUCCESS;
                        } else {
                                logmsg(MSG_NOTIMECHECK, LOG_WARNING,
                        "%s: DB error %d updating \"%s\" in \"%s\"",
                                        myself, NIL(t->objName),
                                        NIL(table->mapping.tm->objName));
                                stat = LDAP_OPERATIONS_ERROR;
                        }

                        freeEntryObjArray(ea, numEa);
                        freeQuery(q);
                        nis_destroy_object(o);

                        return (stat);
                }

                dirObj = o;

                /*
                 * q == 0, so we're enumerating. Update the list of
                 * directory entries.
                 */

                /*
                 * Need to disable write-through to LDAP, for which we need
                 * a lock on our db_mindex ('this'); we're also updating the
                 * table, so we need a write lock on that as well.
                 */
                WRITELOCKNR(this, stat, "w db_mindex::queryLDAP");
                if (stat == 0) {
                        WRITELOCKNR(table, stat2,
                                "table w db_mindex::queryLDAP");
                }
                if (stat != 0 || stat2 != 0) {
                        nis_destroy_object(dirObj);
                        logmsg(MSG_NOTIMECHECK, LOG_ERR,
                                "%s: lock error %d", myself,
                                stat != 0 ? stat : stat2);
                        return (LDAP_OPERATIONS_ERROR);
                }

                setNoWriteThrough();
                setNoLDAPquery();
                table->setEnumMode(0);

                for (i = 0, na = 0; i < numEa; i++) {
                        int                     st;
                        __nis_table_mapping_t   *x;
                        char                    *name = 0;
                        entry_obj               *e;

                        if (ea[i] == 0)
                                continue;

                        /*
                         * We've got a list of dir entries. In the general,
                         * case, some are new, and some already exist.
                         * We definitely want to add the new ones, and to
                         * that end, we need a copy of the object for the
                         * entry. By definition, if an entry is new, we
                         * don't yet have a copy of the object for it, so
                         * it's LDAP or nothing.
                         *
                         * If the entry already exists, try to update the
                         * entry object. In this case, we again only need
                         * to look in LDAP for the object; if there already
                         * is one in the DB, it's in the dir entry which we
                         * want to update.
                         *
                         * So, whether adding or replacing, try to get the
                         * object from LDAP.
                         *
                         * If we can't get a copy of the object, there's not
                         * much point in adding or updating (since a dir
                         * entry just consists of the entry object and name),
                         * so we continue to the next entry.
                         *
                         * However, in that case, we do need to touch the
                         * dir entry; otherwise, it will be removed later
                         * on.
                         */

                        x = findDirEntryMapping(t, ea[i], &name);
                        o = 0;
                        if (x == 0 || (st = objFromLDAP(x, &o, 0, 0)) !=
                                        LDAP_SUCCESS) {
                                if (x != 0)
                                        logmsg(MSG_NOTIMECHECK, LOG_WARNING,
                        "%s: Unable to obtain object for \"%s\" in \"%s\": %s",
                                        myself, NIL(name), NIL(t->objName),
                                                ldap_err2string(st));
                                if (o != 0)
                                        nis_destroy_object(o);
                                if (!touchEntry(ea[i])) {
                                        logmsg(MSG_NOTIMECHECK, LOG_WARNING,
                        "%s: Inconsistency: LDAP-derived directory \"%s\" "
                        "contains entry \"%s\", which is unknown locally, "
                        "and has no LDAP mapping",
                                                myself, NIL(t->objName),
                                                NIL(name));
                                }
                                continue;
                        }

                        if (ea[i]->en_cols.en_cols_len != 2 ||
                                ea[i]->en_cols.en_cols_val == 0 ||
                                ea[i]->en_cols.en_cols_val[0].
                                        ec_value.ec_value_val != 0 ||
                                ea[i]->en_cols.en_cols_val[0].
                                        ec_value.ec_value_len != 0) {
                                logmsg(MSG_NOTIMECHECK, LOG_WARNING,
                        "%s: Illegal entry_obj col 0 for \"%s\" in \"%s\"",
                                        myself, NIL(name), NIL(t->objName));
                                nis_destroy_object(o);
                                touchEntry(ea[i]);
                                continue;
                        }

                        setOid(o);
                        e = makePseudoEntryObj(o, ea[i], 0);
                        if (e == 0) {
                                logmsg(MSG_NOTIMECHECK, LOG_WARNING,
        "%s: Unable to create pseudo entry object for \"%s\" in \"%s\"",
                                        myself, NIL(name), NIL(t->objName));
                                nis_destroy_object(o);
                                touchEntry(ea[i]);
                                continue;
                        }

                        st = updateTableEntry(e, 1, t->objName, o, 0,
                                                o->zo_oid.mtime, &xid);
                        if (st == LDAP_SUCCESS) {
                                na++;
                        } else if (st == LDAP_COMPARE_TRUE) {
                                /* OK, same as existing entry */
                                st = LDAP_SUCCESS;
                        } else {
                                logmsg(MSG_NOTIMECHECK, LOG_WARNING,
                "%s: Error updating directory entry for \"%s\" in \"%s\": %s",
                                        myself, NIL(name), NIL(t->objName),
                                        ldap_err2string(st));
                                if (stat == LDAP_SUCCESS)
                                        stat = st;
                        }

                        /* Free the XDR buffer */
                        sfree(e->en_cols.en_cols_val[0].
                                        ec_value.ec_value_val);
                        /* Restore ea[i] */
                        ea[i]->en_cols.en_cols_val[0].
                                        ec_value.ec_value_val = 0;
                        ea[i]->en_cols.en_cols_val[0].
                                        ec_value.ec_value_len = 0;
                        nis_destroy_object(o);
                }

                freeEntryObjArray(ea, numEa);

                /* Get list of entries to remove */
                ea = table->endEnumMode(&numEa);
                if (ea != 0) {
                        uint32_t        nowt = time(0);

                        for (i = 0; i < numEa; i++) {
                                int     st;

                                if (ea[i] == 0)
                                        continue;

                                st = updateTableEntry(ea[i], 0, t->objName, 0,
                                                        0, nowt, &xid);
                                if (st == LDAP_SUCCESS) {
                                        na++;
                                } else {
                                        logmsg(MSG_NOTIMECHECK, LOG_WARNING,
                        "%s: Error removing directory entry for \"%s\": %s",
                                                myself, NIL(t->objName),
                                                ldap_err2string(st));
                                        if (stat == LDAP_SUCCESS)
                                                stat = st;
                                }
                        }
                }

                if (stat == LDAP_SUCCESS) {
                        struct timeval  now;
                        (void) gettimeofday(&now, 0);
                        table->mapping.enumExpire = now.tv_sec +
                                table->mapping.ttl;
                }

                if (na > 0)
                        (void) ((db *)dbptr.ptr)->sync_log();

                if (xid != 0 && na > 0 && stat == LDAP_SUCCESS) {
                        ret = endTransaction(xid, dirObj);
                        if (ret != 0) {
                                logmsg(MSG_NOTIMECHECK, LOG_ERR,
                                "%s: Error ending transaction for \"%s\"",
                                        myself, NIL(t->objName));
                                stat = LDAP_OPERATIONS_ERROR;
                        }
                } else if (xid != 0) {
                        ret = abort_transaction(xid);
                        if (ret != 0) {
                                logmsg(MSG_NOTIMECHECK, LOG_ERR,
                                "%s: Error aborting transaction for \"%s\"",
                                        myself, NIL(t->objName));
                        }
                }
                nis_destroy_object(dirObj);

                sfree(ea);

                clearNoLDAPquery();
                clearNoWriteThrough();

                WRITEUNLOCK2(table, this,
                        stat, stat,
                        "table wu db_mindex::queryLDAP",
                        "wu db_mindex::queryLDAP");

                return (stat);
        }

        /*
         * In order to ping replicas, if any, we need to find the
         * directory containing the table to be updated. If we
         * can't find the directory object, we're sunk, so let's
         * start with that.
         */
        if (t->isMaster) {
                dirObj = findObj(t->obj->zo_domain, &dstat, &stat);
                if (dirObj == 0) {
                        if (stat == LDAP_SUCCESS)
                                stat = LDAP_OPERATIONS_ERROR;
                        return (stat);
                }
        } else {
                dirObj = 0;
        }

        stat = entriesFromLDAP(t, qin, q, dbId, dirObj, doAsynch);

        return (stat);
}

extern db       *tableDB(char *);

/*
 * Remove the LDAP entry/entries corresponding to 'qin'/'obj'.
 */
int
db_mindex::removeLDAP(db_query *qin, nis_object *obj) {
        __nis_table_mapping_t   *t;
        db_query                *q;
        bool_t                  asObj;
        int                     stat;

        if (!useLDAPrespository || table == 0)
                return (LDAP_SUCCESS);

        /* Instances from the deferred dictionary should not update LDAP */
        if (table->mapping.isDeferredTable)
                return (LDAP_SUCCESS);

        t = selectMapping(table, 0, qin, TRUE, &asObj, &stat);
        if (t == 0 && stat != LDAP_SUCCESS)
                return (stat);

#ifdef  NISDB_LDAP_DEBUG
        if (t != 0)
                printf("removeLDAP: %s\n", NIL(t->objName));
#endif  /* NISDB_LDAP_DEBUG */

        if (qin != NULL) {
                if (asObj) {
                        /*
                         * selectMapping() gave us the mapping for the
                         * directory entry. However, if 't' is NULL, this
                         * could be due to the directory itself not being
                         * mapped, in which case we must obtain the mapping
                         * info from 'obj'.
                         */
                        if (t == 0) {
                                t = selectMapping(0, obj, 0, TRUE, &asObj,
                                                &stat);
                                if (t == 0 && stat != LDAP_SUCCESS)
                                        return (stat);
                        }

                        if (t != 0) {
                                stat = deleteLDAPobj(t);
                                /*
                                 * If we were successful, update the object
                                 * stored with the mapping.
                                 */
                                if (stat == LDAP_SUCCESS)
                                        (void) replaceMappingObj(t, 0);
                                else
                                        return (stat);
                        }

                        /*
                         * Since it's a directory entry we've removed, we also
                         * need to update the directory object itself.
                         */
                        stat = storeLDAP(0, 0, 0, 0, 0);
                } else {
                        q = schemeQuery2Query(qin, scheme);
                        if (q == 0)
                                return (LDAP_PARAM_ERROR);
#ifdef  NISDB_LDAP_DEBUG
                        q->print();
#endif  /* NISDB_LDAP_DEBUG */
                        stat = mapToLDAP(t, 1, &q, 0, 0, 0, 0);
                        freeQuery(q);
                }
        } else {
                /*
                 * This isn't the way to remove the LDAP entries
                 * corresponding to the entire table.
                 */
#ifdef  NISDB_LDAP_DEBUG
                abort();
#endif  /* NISDB_LDAP_DEBUG */
                stat = LDAP_PARAM_ERROR;
        }

        return (stat);
}

/*
 * Helper function for storeLDAP() which handles updates for objects
 * other than table entries.
 */
int
db_mindex::storeObjLDAP(__nis_table_mapping_t *t, nis_object *o) {
        int             stat, assigned = 0;
        entry_object    **ea;
        int             numEa, doUnlock = 0;
        db              *dbase = 0;
        db_mindex       *dbm = 0;
        const char      *myself = "db_mindex::storeObjLDAP";

        if (t == 0 || o == 0)
                return (LDAP_SUCCESS);

        /*
         * If the object to be stored is anything other than a
         * directory, we can just go ahead and write it to LDAP.
         * A directory object, however, also needs a directory
         * entry list, so we should to get hold of the db_table
         * that goes with the directory.
         */
        if (o->zo_data.zo_type == NIS_DIRECTORY_OBJ) {
                dbase = tableDB(t->objName);
                if (dbase != 0)
                        dbm = dbase->mindex();
                if (dbase == 0 || dbm == 0 || dbm->table == 0) {
                        /* By definition, no dir entries */
                        ea = 0;
                        numEa = 0;
                        dbase = 0;
                } else {
                        entry_object    **tea;
                        long            i, ntea;

                        /*
                         * Read-lock the table so that 'tab'
                         * doesn't change while we're using it.
                         */
                        READLOCK(dbm->table, LDAP_OPERATIONS_ERROR,
                                        "r table db_mindex::storeLDAP");
                        doUnlock = 1;

                        tea = dbm->table->gettab();
                        ntea = dbm->table->getsize();

                        /*
                         * There may be empty slots in the table 'tab'
                         * array, so get rid of those.
                         */
                        if (tea != 0 && ntea > 0) {
                                ea = (entry_object **)am(myself,
                                                ntea * sizeof (ea[0]));
                                if (ea == 0) {
                                        READUNLOCK(dbm->table, LDAP_NO_MEMORY,
                                        "ru table db_mindex::storeLDAP");
                                        return (LDAP_NO_MEMORY);
                                }
                                for (i = 0, numEa = 0; i < ntea; i++) {
                                        if (tea[i] != 0) {
                                                ea[numEa] = tea[i];
                                                numEa++;
                                        }
                                }
                                if (numEa == 0) {
                                        /* No non-empty slots */
                                        sfree(ea);
                                        ea = 0;
                                        READUNLOCK(dbm->table,
                                                LDAP_OPERATIONS_ERROR,
                                        "ru table db_mindex::storeLDAP");
                                        doUnlock = 0;
                                }
                        } else {
                                ea = 0;
                                numEa = 0;
                                READUNLOCK(dbm->table,
                                        LDAP_OPERATIONS_ERROR,
                                        "ru table db_mindex::storeLDAP");
                                doUnlock = 0;
                        }
                }
        } else {
                ea = 0;
                numEa = 0;
        }

        stat = objToLDAP(t, o, ea, numEa);

        if (ea != 0)
                sfree(ea);
        if (doUnlock) {
                READUNLOCK(dbm->table, stat,
                                "ru table db_mindex::storeLDAP");
        }

        return (stat);
}


/*
 * Store data specified by the index-query 'qin' to LDAP. If 'obj' is
 * non-null, it's a pointer to the pseudo-entry object corresponding to
 * 'qin'. As a short-cut/convenience, the caller can instead supply
 * the actual nis_object 'o'; if 'o' is NULL, it's derived from 'obj'.
 *
 * 'oldObj' is used for table entries if the store operation is
 * an update, and the corresponding NIS+ operation was a delete followed
 * by an add. In this case, oldObj contains the pre-delete incarnation of
 * the entry object to be modified.
 *
 * The 'dbId' string is used to select one dbId for mapping chains
 * that contain more than one.
 *
 * Returns an LDAP status code.
 */
int
db_mindex::storeLDAP(db_query *qin, entry_object *obj, nis_object *o,
                        entry_obj *oldObj, char *dbId) {
        __nis_table_mapping_t   *t;
        bool_t                  asObj;
        db_query                *q, *qo, **qa;
        __nis_rule_value_t      *rv = 0;
        int                     stat;
        const char              *myself = "db_mindex::storeLDAP";

        if (!useLDAPrespository || table == 0)
                return (LDAP_SUCCESS);

        /* Instances from the deferred dictionary should not update LDAP */
        if (table->mapping.isDeferredTable)
                return (LDAP_SUCCESS);

        t = selectMapping(table, 0, qin, TRUE, &asObj, &stat);
        if (t == 0 && stat != LDAP_SUCCESS)
                return (stat);

#ifdef  NISDB_LDAP_DEBUG
        if (t != 0)
                printf("storeLDAP: %s%s%s\n",
                        dbId ? dbId : "", dbId ? ":" : "", NIL(t->objName));
#endif  /* NISDB_LDAP_DEBUG */

        /*
         * selectMapping() didn't have the object to look at, so we
         * must check if this is a directory entry or not.
         */
        if (asObj) {
                if (o != 0) {
                        if (o->zo_data.zo_type == NIS_ENTRY_OBJ)
                                asObj = FALSE;
                } else if (obj != 0) {
                        if (obj->en_type == 0 ||
                                strcmp(obj->en_type, "IN_DIRECTORY") != 0)
                                asObj = FALSE;
                }
        }

        if (asObj) {
                bool_t          freeO = FALSE;

                /*
                 * If we don't have a mapping, that's probably because
                 * the directory (represented by 'this') isn't mapped.
                 * Try to get a mapping from 'o' or 'obj'.
                 */
                if (t == 0) {
                        if (o == 0 && obj != 0) {
                                o = unmakePseudoEntryObj(obj, 0);
                                if (o == 0)
                                        return (LDAP_OPERATIONS_ERROR);
                                freeO = TRUE;
                        }
                        if (o != 0) {
                                t = selectMapping(0, o, 0, TRUE, &asObj, &stat);
                                if (t == 0) {
                                        if (freeO)
                                                nis_destroy_object(o);
                                        return (stat);
                                }
                        }
                }

                /*
                 * If we found a mapping for the 'table' in this db_mindex,
                 * store the object.
                 */
                if (t != 0) {
                        if (o == 0) {
                                if (obj != 0) {
                                        o = unmakePseudoEntryObj(obj, 0);
                                        freeO = TRUE;
                                } else {
                                        db_status       dstat;

                                        o = dbFindObject(t->objName, &dstat);
                                        if (o == 0)
                                                logmsg(MSG_NOTIMECHECK, LOG_ERR,
                                        "%s: DB error %d finding \"%s\"",
                                                        myself,
                                                        NIL(t->objName));
                                        freeO = TRUE;
                                }
                        }
                        if (o == 0)
                                return (LDAP_OPERATIONS_ERROR);

                        stat = storeObjLDAP(t, o);

                        /*
                         * Store the object with the mapping. If 'o' was
                         * supplied by the caller, we first need to make
                         * a copy.
                         */
                        if (!freeO) {
                                o = nis_clone_object(o, 0);
                                if (o == 0)
                                        logmsg(MSG_NOTIMECHECK, LOG_WARNING,
                        "%s: Unable to refresh mapping object for \"%s\"",
                                                myself, NIL(t->objName));
                        }
                        if (o != 0) {
                                if (!replaceMappingObj(t, o))
                                        nis_destroy_object(o);
                        }

                        /*
                         * Object now either destroyed or stored in 't'.
                         * Set pointer to NULL in order to avoid freeing
                         * it below.
                         */
                        o = 0;

                        if (stat != LDAP_SUCCESS)
                                return (stat);
                }

                if (freeO && o != 0) {
                        nis_destroy_object(o);
                        o = 0;
                }

                /*
                 * If the entry object 'obj' has the type "IN_DIRECTORY",
                 * then it's a directory entry, and we should check if
                 * the directory is mapped to LDAP, and update the dir
                 * entry list accordingly.
                 */
                if (obj == 0 || obj->en_type == 0 ||
                                strcmp(obj->en_type, "IN_DIRECTORY") != 0)
                        return (LDAP_SUCCESS);

                /* Does it have a mapping  ? */
                t = selectMapping(table, 0, 0, TRUE, &asObj, &stat);
                if (t == 0)
                        return (stat);

                stat = storeObjLDAP(t, t->obj);

                return (stat);
        }

        /* Store table entries. If we don't have a mapping, we're done. */
        if (t == 0)
                return (LDAP_SUCCESS);

        if (qin != NULL && obj != NULL) {
                db_index_entry  *dbie;
                int             i, size, nq = 0;
                long            l, count;
                bool_t          valid;
                db_query        qbuf, **qold;

                rv = (__nis_rule_value_t *)am(myself, sizeof (*rv));
                qa = (db_query **)am(myself, sizeof (qa[0]));
                if (oldObj != 0) {
                        /*
                         * Note that only qold[0] is a unique query pointer.
                         * All the other qold[i]'s are copies of qa[i].
                         * Hence, we only free qold[0], as well as qold
                         * itself.
                         */
                        qold = (db_query **)am(myself, sizeof (qold[0]));
                } else {
                        qold = 0;
                }
                if (rv == 0 || qa == 0 || (oldObj != 0 && qold == 0)) {
                        sfree(rv);
                        sfree(qa);
                        sfree(qold);
                        return (LDAP_NO_MEMORY);
                }

                q = schemeQuery2Query(qin, scheme);
                if (q == 0) {
                        sfree(rv);
                        sfree(qa);
                        return (LDAP_PARAM_ERROR);
                }

                qa[0] = pseudoEntryObj2Query(obj, t->obj, &rv[0]);
                if (qa[0] == 0) {
                        logmsg(MSG_NOTIMECHECK, LOG_ERR,
"%s: Unable to obtain query representation of new entry object for \"%s\"",
                                myself, NIL(t->dbId));
                        freeQuery(q);
                        sfree(rv);
                        sfree(qa);
                        sfree(qold);
                        return (LDAP_OPERATIONS_ERROR);
                }
                if (oldObj != 0) {
                        qold[0] = pseudoEntryObj2Query(oldObj, t->obj, 0);
                        if (qold[0] == 0) {
                                logmsg(MSG_NOTIMECHECK, LOG_ERR,
"%s: Unable to obtain query representation of old entry object for \"%s\"",
                                        myself, NIL(t->dbId));
                                freeQueries(qa, 1);
                                freeQuery(q);
                                sfree(rv);
                                sfree(qa);
                                sfree(qold);
                                return (LDAP_OPERATIONS_ERROR);
                        }
                }

                nq++;

                /*
                 * In order to support many-to-one NIS+ to LDAP mapping,
                 * we need to find all possible matches in the NIS+ DB,
                 * and then merge to produce a single update. mapToLDAP()
                 * takes care of the merging, so our job is to collect
                 * the matches. Worst case is that we need to search
                 * individually for each component in 'qin', so that's
                 * what we'll do.
                 *
                 * mapToLDAP() has a mode that only performs an update
                 * for the first DN, and that's what we want. In order
                 * to make sure that it's the correct DN, we leave the
                 * original query as the first one passed to mapToLDAP().
                 */

                size = qin->size();

                /* For each component of 'qin' */
                for (i = 0; i < size; i++) {
                        db_query                *qc, **qat, **qoldt;
                        long                    j;
                        __nis_rule_value_t      *rvt;

                        qc = queryFromComponent(qin, i, &qbuf);
                        if (qc == 0)
                                continue;

                        dbie = satisfy_query_dbonly(qc, &count, FALSE, &valid);
                        if (dbie == 0 || !valid || count <= 0)
                                continue;

                        rvt = (__nis_rule_value_t *)realloc(rv,
                                                (nq+count) * sizeof (rv[0]));
                        qat = (db_query **)realloc(qa,
                                                (nq+count) * sizeof (qa[0]));
                        if (qold != 0)
                                qoldt = (db_query **)realloc(qold,
                                                (nq+count) * sizeof (qold[0]));
                        if (rvt == 0 || qat == 0 || (qold != 0 && qoldt == 0)) {
                                if (qat == 0)
                                        freeQueries(qa, nq);
                                else
                                        freeQueries(qat, nq);
                                if (rvt == 0)
                                        freeRuleValue(rv, nq);
                                else
                                        freeRuleValue(rvt, nq);
                                if (qold != 0) {
                                        if (qoldt == 0)
                                                freeQueries(qold, 1);
                                        else
                                                freeQueries(qoldt, 1);
                                }
                                freeQuery(q);
                                (void) memset(&qbuf, 0, sizeof (qbuf));
                                logmsg(MSG_NOMEM, LOG_ERR,
                                        "%s: realloc(%d) failed",
                                        myself, (nq+count) * sizeof (void *));
                                return (LDAP_NO_MEMORY);
                        }

                        rv = rvt;
                        qa = qat;

                        (void) memset(&rv[nq], 0, count * sizeof (rv[0]));
                        (void) memset(&qa[nq], 0, count * sizeof (qa[0]));
                        if (qold != 0) {
                                qold = qoldt;
                                (void) memset(&qold[nq], 0,
                                                count * sizeof (qold[0]));
                        }

                        for (j = 0; j < count; j++) {
                                qa[nq] = pseudoEntryObj2Query(
                                        table->get_entry(dbie->getlocation()),
                                                        t->obj, &rv[nq]);
                                if (qa[nq] == 0) {
                                        logmsg(MSG_NOTIMECHECK, LOG_WARNING,
                        "%s: Could not create query from entry obj for \"%s\"",
                                                myself, NIL(t->objName));
                                        freeQueries(qa, nq);
                                        freeQueries(qold, 1);
                                        freeRuleValue(rv, nq);
                                        freeQuery(q);
                                        (void) memset(&qbuf, 0, sizeof (qbuf));
                                        return (LDAP_PARAM_ERROR);
                                }
                                if (qold != 0)
                                        qold[nq] = qa[nq];
                                nq++;
                                dbie = dbie->getnextresult();
                                if (dbie == 0)
                                        break;
                        }
                }

                stat = mapToLDAP(t, nq, (qold != 0 ? qold : qa), qa, rv, 1,
                                dbId);

                freeQueries(qa, nq);
                freeRuleValue(rv, nq);
                freeQuery(q);
                freeQueries(qold, 1);
                (void) memset(&qbuf, 0, sizeof (qbuf));

        } else if (qin == 0 && obj == 0 && t->objType == NIS_TABLE_OBJ) {
                long                    i, j, ntab;
                entry_object            **tab;

                READLOCK(table, LDAP_OPERATIONS_ERROR,
                                "r table db_mindex::storeLDAP");

                tab = table->gettab();
                ntab = table->getsize();
                if (tab == 0 || ntab <= 0) {
                        READUNLOCK(table, LDAP_OPERATIONS_ERROR,
                                        "ru table db_mindex::storeLDAP");
                        return (LDAP_SUCCESS);
                }

                qa = (db_query **)am(myself, ntab * sizeof (qa[0]));
                rv = (__nis_rule_value_t *)am(myself, ntab * sizeof (rv[0]));
                if (qa == 0 || rv == 0) {
                        sfree(qa);
                        sfree(rv);
                        READUNLOCK(table, LDAP_OPERATIONS_ERROR,
                                        "ru table db_mindex::storeLDAP");
                        return (LDAP_NO_MEMORY);
                }

                for (i = 0; i < ntab; i++) {
                        if (tab[i] == 0)
                                continue;

                        qa[i] = pseudoEntryObj2Query(tab[i], t->obj, &rv[i]);
                        if (qa[i] == 0) {
                                freeQueries(qa, i);
                                freeRuleValue(rv, i);
                                logmsg(MSG_NOTIMECHECK, LOG_WARNING,
                        "%s: Could not create query from entry for \"%s\"",
                                        myself, NIL(t->objName));
                                READUNLOCK(table, LDAP_OPERATIONS_ERROR,
                                        "ru table db_mindex::storeLDAP");
                                return (LDAP_OPERATIONS_ERROR);
                        }
                }

                stat = mapToLDAP(t, ntab, qa, qa, rv, 0, dbId);

                freeQueries(qa, ntab);
                freeRuleValue(rv, ntab);

                if (stat == LDAP_SUCCESS) {
                        struct timeval  now;
                        int             lstat, lck = 1;
                        /*
                         * Since we've just successfully uploaded everthing
                         * in this table, we now consider our local copy
                         * up-to-date as well.
                         */

                        (void) gettimeofday(&now, 0);
                        WRITELOCKNR(table, lstat,
                                "w table db_mindex::storeLDAP");
                        if (lstat == 0) {
                                table->mapping.enumExpire = now.tv_sec +
                                        table->mapping.ttl;
                                lck = 0;
                                WRITEUNLOCKNR(table, lstat,
                                        "wu table db_mindex::storeLDAP");
                        }
                        if (lstat != 0) {
                                logmsg(MSG_NOTIMECHECK, LOG_WARNING,
                                        "%s: %sock error %d for \"%s\"%s",
                                        myself, lck?"L":"Unl", lstat,
                                        NIL(t->objName),
                                        lck ?
                                "; unable to update enumeration expiration":
                                "");
                        }
                }

                READUNLOCK(table, stat,
                                "ru table db_mindex::storeLDAP");
        }

        return (stat);
}
/*
 * Sets the oid (i.e., the creation and modification times) for the
 * specified object. In order to avoid retrieving the old incarnation
 * (if any) from the DB first, we're punting and setting both mtime
 * and ctime to the current time.
 */
static void
setOid(nis_object *obj) {
        if (obj != 0) {
                obj->zo_oid.ctime = obj->zo_oid.mtime = time(0);
        }
}
Illumos
