[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Same old problem: how to univoquely identify a database

Pierangelo Masarati wrote:

I just ran into the same old problem of how to tell that two databases are the same given the BackendDB pointer. In back-ldap, a test

       op->o_bd->be_private == op->o_conn->c_authz_backend->be_private

is used; unfortunately it fails for me, because op->o_conn->c_authz_backend was set by do_bind() to the real database's pointer, while op->o_bd is pointing to an internal instance of back-ldap that a custm overlay is using for special operations. This destroys connection caching. I don't want to use temporaries all the way down to the connection structure just to set that pointer to the right database before calling the private instance of back-ldap; I'd rather use another field instead of be_private, which is quite likely to change when using internal databases in overlays. For instance, if I replace be_private with be_nsuffix in that test everything works fine, but this would be a bad hack, since there's no guarantee anybody else needs to change the suffix between the original and the internal databases, and this would impact back-ldap's code instead of being confined to the custom code. I think we should add a unique identifier to the BackendDB structure. Any suggestions, before I reinvent the wheel?

Right now I'm leaning towards adding a "void *c_authz_cookie" that modules can set at will, typically to a static pointer to their real be_private member, so that the authz_backend check could become something like

   ((op)->o_conn \
   && (op)->o_bd->be_private \
   && (op)->o_conn->c_authz_backend \
   && ((op)->o_bd->be_private == (op)->o_conn->c_authz_backend \
      || ((op)->o_bd->be_private == (op)->o_conn->c_authz_cookie ))

I also played with adding a configurable be_is_authz_backend() hook to the BackendDB structure, but this may not be necessary if we stick with the be_private trick, extended to allow finer grain detection of the notion of authorizing backend when the c_authz_backend gets set to something that is not the actual layer that granted the authorization.


SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497