1/* op.c - relay backend operations */ 2/* $OpenLDAP$ */ 3/* This work is part of OpenLDAP Software <http://www.openldap.org/>. 4 * 5 * Copyright 2004-2011 The OpenLDAP Foundation. 6 * Portions Copyright 2004 Pierangelo Masarati. 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted only as authorized by the OpenLDAP 11 * Public License. 12 * 13 * A copy of this license is available in the file LICENSE in the 14 * top-level directory of the distribution or, alternatively, at 15 * <http://www.OpenLDAP.org/license.html>. 16 */ 17/* ACKNOWLEDGEMENTS: 18 * This work was initially developed by Pierangelo Masarati for inclusion 19 * in OpenLDAP Software. 20 */ 21 22#include "portable.h" 23 24#include <stdio.h> 25 26#include "slap.h" 27#include "back-relay.h" 28 29/* Results when no real database (.rf_bd) or operation handler (.rf_op) */ 30static const struct relay_fail_modes_s { 31 slap_mask_t rf_bd, rf_op; 32#define RB_ERR_MASK 0x0000FFFFU /* bitmask for default return value */ 33#define RB_BDERR 0x80000000U /* use .rf_bd's default return value */ 34#define RB_OPERR 0x40000000U /* set rs->sr_err = .rf_op return value */ 35#define RB_REF 0x20000000U /* use default_referral if available */ 36#define RB_SEND 0x10000000U /* send result; RB_??ERR is also set */ 37#define RB_SENDREF 0/*unused*/ /* like RB_SEND when referral found */ 38#define RB_NO_BIND (RB_OPERR | LDAP_INVALID_CREDENTIALS) 39#define RB_NOT_SUPP (RB_OPERR | LDAP_UNWILLING_TO_PERFORM) 40#define RB_NO_OBJ (RB_REF | LDAP_NO_SUCH_OBJECT) 41#define RB_CHK_REF (RB_REF | RB_SENDREF | LDAP_SUCCESS) 42} relay_fail_modes[relay_op_last] = { 43 /* .rf_bd is unused when zero, otherwise both fields have RB_BDERR */ 44# define RB_OP(b, o) { (b) | RB_BD2ERR(b), (o) | RB_BD2ERR(b) } 45# define RB_BD2ERR(b) ((b) ? RB_BDERR : 0) 46 /* indexed by slap_operation_t: */ 47 RB_OP(RB_NO_BIND|RB_SEND, RB_NO_BIND |RB_SEND), /* Bind */ 48 RB_OP(0, LDAP_SUCCESS), /* Unbind: unused */ 49 RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Search */ 50 RB_OP(RB_NO_OBJ |RB_SEND, SLAP_CB_CONTINUE), /* Compare */ 51 RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Modify */ 52 RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Modrdn */ 53 RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Add */ 54 RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Delete */ 55 RB_OP(0, LDAP_SUCCESS), /* Abandon:unused */ 56 RB_OP(RB_NO_OBJ, RB_NOT_SUPP), /* Extended */ 57 RB_OP(0, SLAP_CB_CONTINUE), /* Cancel: unused */ 58 RB_OP(0, LDAP_SUCCESS), /* operational */ 59 RB_OP(RB_CHK_REF, LDAP_SUCCESS), /* chk_referrals:unused*/ 60 RB_OP(0, SLAP_CB_CONTINUE),/* chk_controls:unused */ 61 /* additional relay_operation_t indexes from back-relay.h: */ 62 RB_OP(0, 0/*unused*/), /* entry_get = op_last */ 63 RB_OP(0, 0/*unused*/), /* entry_release */ 64 RB_OP(0, 0/*unused*/), /* has_subordinates */ 65}; 66 67/* 68 * Callbacks: Caller changed op->o_bd from Relay to underlying 69 * BackendDB. sc_response sets it to Relay BackendDB, sc_cleanup puts 70 * back underlying BackendDB. Caller will restore Relay BackendDB. 71 */ 72 73typedef struct relay_callback { 74 slap_callback rcb_sc; 75 BackendDB *rcb_bd; 76} relay_callback; 77 78static int 79relay_back_cleanup_cb( Operation *op, SlapReply *rs ) 80{ 81 op->o_bd = ((relay_callback *) op->o_callback)->rcb_bd; 82 return SLAP_CB_CONTINUE; 83} 84 85static int 86relay_back_response_cb( Operation *op, SlapReply *rs ) 87{ 88 relay_callback *rcb = (relay_callback *) op->o_callback; 89 90 rcb->rcb_sc.sc_cleanup = relay_back_cleanup_cb; 91 rcb->rcb_bd = op->o_bd; 92 op->o_bd = op->o_callback->sc_private; 93 return SLAP_CB_CONTINUE; 94} 95 96#define relay_back_add_cb( rcb, op ) { \ 97 (rcb)->rcb_sc.sc_next = (op)->o_callback; \ 98 (rcb)->rcb_sc.sc_response = relay_back_response_cb; \ 99 (rcb)->rcb_sc.sc_cleanup = 0; \ 100 (rcb)->rcb_sc.sc_private = (op)->o_bd; \ 101 (op)->o_callback = (slap_callback *) (rcb); \ 102} 103 104#define relay_back_remove_cb( rcb, op ) { \ 105 slap_callback **sc = &(op)->o_callback; \ 106 for ( ;; sc = &(*sc)->sc_next ) \ 107 if ( *sc == (slap_callback *) (rcb) ) { \ 108 *sc = (*sc)->sc_next; break; \ 109 } else if ( *sc == NULL ) break; \ 110} 111 112/* 113 * Select the backend database with the operation's DN. On failure, 114 * set/send results depending on operation type <which>'s fail_modes. 115 */ 116static BackendDB * 117relay_back_select_backend( Operation *op, SlapReply *rs, int which ) 118{ 119 OpExtra *oex; 120 char *key = (char *) op->o_bd->be_private; 121 BackendDB *bd = ((relay_back_info *) key)->ri_bd; 122 slap_mask_t fail_mode = relay_fail_modes[which].rf_bd; 123 int useDN = 0, rc = ( fail_mode & RB_ERR_MASK ); 124 125 if ( bd == NULL && !BER_BVISNULL( &op->o_req_ndn ) ) { 126 useDN = 1; 127 bd = select_backend( &op->o_req_ndn, 1 ); 128 } 129 130 if ( bd != NULL ) { 131 key += which; /* <relay, op type> key from RELAY_WRAP_OP() */ 132 LDAP_SLIST_FOREACH( oex, &op->o_extra, oe_next ) { 133 if ( oex->oe_key == key ) 134 break; 135 } 136 if ( oex == NULL ) { 137 return bd; 138 } 139 140 Debug( LDAP_DEBUG_ANY, 141 "%s: back-relay for DN=\"%s\" would call self.\n", 142 op->o_log_prefix, op->o_req_dn.bv_val, 0 ); 143 144 } else if ( useDN && ( fail_mode & RB_REF ) && default_referral ) { 145 rc = LDAP_REFERRAL; 146 147 /* if we set sr_err to LDAP_REFERRAL, we must provide one */ 148 rs->sr_ref = referral_rewrite( 149 default_referral, NULL, &op->o_req_dn, 150 op->o_tag == LDAP_REQ_SEARCH ? 151 op->ors_scope : LDAP_SCOPE_DEFAULT ); 152 if ( rs->sr_ref != NULL ) { 153 rs->sr_flags |= REP_REF_MUSTBEFREED; 154 } else { 155 rs->sr_ref = default_referral; 156 } 157 158 if ( fail_mode & RB_SENDREF ) 159 fail_mode = (RB_BDERR | RB_SEND); 160 } 161 162 if ( fail_mode & RB_BDERR ) { 163 rs->sr_err = rc; 164 if ( fail_mode & RB_SEND ) { 165 send_ldap_result( op, rs ); 166 } 167 } 168 169 return NULL; 170} 171 172/* 173 * Forward <act> on <op> to database <bd>, with <relay, op type>-specific 174 * key in op->o_extra so relay_back_select_backend() can catch recursion. 175 */ 176#define RELAY_WRAP_OP( op, bd, which, act ) { \ 177 OpExtraDB wrap_oex; \ 178 BackendDB *const wrap_bd = (op)->o_bd; \ 179 wrap_oex.oe_db = wrap_bd; \ 180 wrap_oex.oe.oe_key = (char *) wrap_bd->be_private + (which); \ 181 LDAP_SLIST_INSERT_HEAD( &(op)->o_extra, &wrap_oex.oe, oe_next ); \ 182 (op)->o_bd = (bd); \ 183 act; \ 184 (op)->o_bd = wrap_bd; \ 185 LDAP_SLIST_REMOVE( &(op)->o_extra, &wrap_oex.oe, OpExtra, oe_next ); \ 186} 187 188/* 189 * Forward backend function #<which> on <op> to operation DN's database 190 * like RELAY_WRAP_OP, after setting up callbacks. If no database or no 191 * backend function, set/send results depending on <which>'s fail_modes. 192 */ 193static int 194relay_back_op( Operation *op, SlapReply *rs, int which ) 195{ 196 BackendDB *bd; 197 BI_op_bind *func; 198 slap_mask_t fail_mode = relay_fail_modes[which].rf_op; 199 int rc = ( fail_mode & RB_ERR_MASK ); 200 201 bd = relay_back_select_backend( op, rs, which ); 202 if ( bd == NULL ) { 203 if ( fail_mode & RB_BDERR ) 204 return rs->sr_err; /* sr_err was set above */ 205 206 } else if ( (func = (&bd->be_bind)[which]) != 0 ) { 207 relay_callback rcb; 208 209 relay_back_add_cb( &rcb, op ); 210 RELAY_WRAP_OP( op, bd, which, { 211 rc = func( op, rs ); 212 }); 213 relay_back_remove_cb( &rcb, op ); 214 215 } else if ( fail_mode & RB_OPERR ) { 216 rs->sr_err = rc; 217 if ( rc == LDAP_UNWILLING_TO_PERFORM ) { 218 rs->sr_text = "operation not supported within naming context"; 219 } 220 221 if ( fail_mode & RB_SEND ) { 222 send_ldap_result( op, rs ); 223 } 224 } 225 226 return rc; 227} 228 229 230int 231relay_back_op_bind( Operation *op, SlapReply *rs ) 232{ 233 /* allow rootdn as a means to auth without the need to actually 234 * contact the proxied DSA */ 235 switch ( be_rootdn_bind( op, rs ) ) { 236 case SLAP_CB_CONTINUE: 237 break; 238 239 default: 240 return rs->sr_err; 241 } 242 243 return relay_back_op( op, rs, op_bind ); 244} 245 246#define RELAY_DEFOP(func, which) \ 247 int func( Operation *op, SlapReply *rs ) \ 248 { return relay_back_op( op, rs, which ); } 249 250RELAY_DEFOP( relay_back_op_search, op_search ) 251RELAY_DEFOP( relay_back_op_compare, op_compare ) 252RELAY_DEFOP( relay_back_op_modify, op_modify ) 253RELAY_DEFOP( relay_back_op_modrdn, op_modrdn ) 254RELAY_DEFOP( relay_back_op_add, op_add ) 255RELAY_DEFOP( relay_back_op_delete, op_delete ) 256RELAY_DEFOP( relay_back_op_extended, op_extended ) 257RELAY_DEFOP( relay_back_operational, op_aux_operational ) 258 259/* Abandon, Cancel, Unbind and some DN-less calls like be_connection_init 260 * need no extra handling: slapd already calls them for all databases. 261 */ 262 263 264int 265relay_back_entry_release_rw( Operation *op, Entry *e, int rw ) 266{ 267 BackendDB *bd; 268 int rc = LDAP_UNWILLING_TO_PERFORM; 269 270 bd = relay_back_select_backend( op, NULL, relay_op_entry_release ); 271 if ( bd && bd->be_release ) { 272 RELAY_WRAP_OP( op, bd, relay_op_entry_release, { 273 rc = bd->be_release( op, e, rw ); 274 }); 275 } else if ( e->e_private == NULL ) { 276 entry_free( e ); 277 rc = LDAP_SUCCESS; 278 } 279 280 return rc; 281} 282 283int 284relay_back_entry_get_rw( Operation *op, struct berval *ndn, 285 ObjectClass *oc, AttributeDescription *at, int rw, Entry **e ) 286{ 287 BackendDB *bd; 288 int rc = LDAP_NO_SUCH_OBJECT; 289 290 bd = relay_back_select_backend( op, NULL, relay_op_entry_get ); 291 if ( bd && bd->be_fetch ) { 292 RELAY_WRAP_OP( op, bd, relay_op_entry_get, { 293 rc = bd->be_fetch( op, ndn, oc, at, rw, e ); 294 }); 295 } 296 297 return rc; 298} 299 300#if 0 /* Give the RB_SENDREF flag a nonzero value if implementing this */ 301/* 302 * NOTE: even the existence of this function is questionable: we cannot 303 * pass the bi_chk_referrals() call thru the rwm overlay because there 304 * is no way to rewrite the req_dn back; but then relay_back_chk_referrals() 305 * is passing the target database a DN that likely does not belong to its 306 * naming context... mmmh. 307 */ 308RELAY_DEFOP( relay_back_chk_referrals, op_aux_chk_referrals ) 309#endif /*0*/ 310 311int 312relay_back_has_subordinates( Operation *op, Entry *e, int *hasSubs ) 313{ 314 BackendDB *bd; 315 int rc = LDAP_OTHER; 316 317 bd = relay_back_select_backend( op, NULL, relay_op_has_subordinates ); 318 if ( bd && bd->be_has_subordinates ) { 319 RELAY_WRAP_OP( op, bd, relay_op_has_subordinates, { 320 rc = bd->be_has_subordinates( op, e, hasSubs ); 321 }); 322 } 323 324 return rc; 325} 326 327 328/* 329 * FIXME: must implement tools as well 330 */ 331