1/* op.c - relay backend operations */
2/* $OpenLDAP$ */
3/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 *
5 * Copyright 2004-2011 The OpenLDAP Foundation.
6 * Portions Copyright 2004 Pierangelo Masarati.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
11 * Public License.
12 *
13 * A copy of this license is available in the file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
16 */
17/* ACKNOWLEDGEMENTS:
18 * This work was initially developed by Pierangelo Masarati for inclusion
19 * in OpenLDAP Software.
20 */
21
22#include "portable.h"
23
24#include <stdio.h>
25
26#include "slap.h"
27#include "back-relay.h"
28
29/* Results when no real database (.rf_bd) or operation handler (.rf_op) */
30static const struct relay_fail_modes_s {
31	slap_mask_t	rf_bd, rf_op;
32#define RB_ERR_MASK	0x0000FFFFU /* bitmask for default return value */
33#define RB_BDERR	0x80000000U /* use .rf_bd's default return value */
34#define RB_OPERR	0x40000000U /* set rs->sr_err = .rf_op return value */
35#define RB_REF		0x20000000U /* use default_referral if available */
36#define RB_SEND		0x10000000U /* send result; RB_??ERR is also set */
37#define RB_SENDREF	0/*unused*/ /* like RB_SEND when referral found */
38#define RB_NO_BIND	(RB_OPERR | LDAP_INVALID_CREDENTIALS)
39#define RB_NOT_SUPP	(RB_OPERR | LDAP_UNWILLING_TO_PERFORM)
40#define RB_NO_OBJ	(RB_REF | LDAP_NO_SUCH_OBJECT)
41#define RB_CHK_REF	(RB_REF | RB_SENDREF | LDAP_SUCCESS)
42} relay_fail_modes[relay_op_last] = {
43	/* .rf_bd is unused when zero, otherwise both fields have RB_BDERR */
44#	define RB_OP(b, o)	{ (b) | RB_BD2ERR(b), (o) | RB_BD2ERR(b) }
45#	define RB_BD2ERR(b)	((b) ? RB_BDERR : 0)
46	/* indexed by slap_operation_t: */
47	RB_OP(RB_NO_BIND|RB_SEND, RB_NO_BIND  |RB_SEND), /* Bind           */
48	RB_OP(0,                  LDAP_SUCCESS),         /* Unbind: unused */
49	RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Search         */
50	RB_OP(RB_NO_OBJ |RB_SEND, SLAP_CB_CONTINUE),     /* Compare        */
51	RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Modify         */
52	RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Modrdn         */
53	RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Add            */
54	RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Delete         */
55	RB_OP(0,                  LDAP_SUCCESS),         /* Abandon:unused */
56	RB_OP(RB_NO_OBJ,          RB_NOT_SUPP),          /* Extended       */
57	RB_OP(0,                  SLAP_CB_CONTINUE),     /* Cancel: unused */
58	RB_OP(0,                  LDAP_SUCCESS),    /* operational         */
59	RB_OP(RB_CHK_REF,         LDAP_SUCCESS),    /* chk_referrals:unused*/
60	RB_OP(0,                  SLAP_CB_CONTINUE),/* chk_controls:unused */
61	/* additional relay_operation_t indexes from back-relay.h: */
62	RB_OP(0,                  0/*unused*/),     /* entry_get = op_last */
63	RB_OP(0,                  0/*unused*/),     /* entry_release       */
64	RB_OP(0,                  0/*unused*/),     /* has_subordinates    */
65};
66
67/*
68 * Callbacks: Caller changed op->o_bd from Relay to underlying
69 * BackendDB.  sc_response sets it to Relay BackendDB, sc_cleanup puts
70 * back underlying BackendDB.  Caller will restore Relay BackendDB.
71 */
72
73typedef struct relay_callback {
74	slap_callback rcb_sc;
75	BackendDB *rcb_bd;
76} relay_callback;
77
78static int
79relay_back_cleanup_cb( Operation *op, SlapReply *rs )
80{
81	op->o_bd = ((relay_callback *) op->o_callback)->rcb_bd;
82	return SLAP_CB_CONTINUE;
83}
84
85static int
86relay_back_response_cb( Operation *op, SlapReply *rs )
87{
88	relay_callback	*rcb = (relay_callback *) op->o_callback;
89
90	rcb->rcb_sc.sc_cleanup = relay_back_cleanup_cb;
91	rcb->rcb_bd = op->o_bd;
92	op->o_bd = op->o_callback->sc_private;
93	return SLAP_CB_CONTINUE;
94}
95
96#define relay_back_add_cb( rcb, op ) {				\
97		(rcb)->rcb_sc.sc_next = (op)->o_callback;	\
98		(rcb)->rcb_sc.sc_response = relay_back_response_cb; \
99		(rcb)->rcb_sc.sc_cleanup = 0;			\
100		(rcb)->rcb_sc.sc_private = (op)->o_bd;		\
101		(op)->o_callback = (slap_callback *) (rcb);	\
102}
103
104#define relay_back_remove_cb( rcb, op ) {			\
105		slap_callback	**sc = &(op)->o_callback;	\
106		for ( ;; sc = &(*sc)->sc_next )			\
107			if ( *sc == (slap_callback *) (rcb) ) {	\
108				*sc = (*sc)->sc_next; break;	\
109			} else if ( *sc == NULL ) break;	\
110}
111
112/*
113 * Select the backend database with the operation's DN.  On failure,
114 * set/send results depending on operation type <which>'s fail_modes.
115 */
116static BackendDB *
117relay_back_select_backend( Operation *op, SlapReply *rs, int which )
118{
119	OpExtra		*oex;
120	char		*key = (char *) op->o_bd->be_private;
121	BackendDB	*bd  = ((relay_back_info *) key)->ri_bd;
122	slap_mask_t	fail_mode = relay_fail_modes[which].rf_bd;
123	int		useDN = 0, rc = ( fail_mode & RB_ERR_MASK );
124
125	if ( bd == NULL && !BER_BVISNULL( &op->o_req_ndn ) ) {
126		useDN = 1;
127		bd = select_backend( &op->o_req_ndn, 1 );
128	}
129
130	if ( bd != NULL ) {
131		key += which; /* <relay, op type> key from RELAY_WRAP_OP() */
132		LDAP_SLIST_FOREACH( oex, &op->o_extra, oe_next ) {
133			if ( oex->oe_key == key )
134				break;
135		}
136		if ( oex == NULL ) {
137			return bd;
138		}
139
140		Debug( LDAP_DEBUG_ANY,
141			"%s: back-relay for DN=\"%s\" would call self.\n",
142			op->o_log_prefix, op->o_req_dn.bv_val, 0 );
143
144	} else if ( useDN && ( fail_mode & RB_REF ) && default_referral ) {
145		rc = LDAP_REFERRAL;
146
147		/* if we set sr_err to LDAP_REFERRAL, we must provide one */
148		rs->sr_ref = referral_rewrite(
149			default_referral, NULL, &op->o_req_dn,
150			op->o_tag == LDAP_REQ_SEARCH ?
151			op->ors_scope : LDAP_SCOPE_DEFAULT );
152		if ( rs->sr_ref != NULL ) {
153			rs->sr_flags |= REP_REF_MUSTBEFREED;
154		} else {
155			rs->sr_ref = default_referral;
156		}
157
158		if ( fail_mode & RB_SENDREF )
159			fail_mode = (RB_BDERR | RB_SEND);
160	}
161
162	if ( fail_mode & RB_BDERR ) {
163		rs->sr_err = rc;
164		if ( fail_mode & RB_SEND ) {
165			send_ldap_result( op, rs );
166		}
167	}
168
169	return NULL;
170}
171
172/*
173 * Forward <act> on <op> to database <bd>, with <relay, op type>-specific
174 * key in op->o_extra so relay_back_select_backend() can catch recursion.
175 */
176#define RELAY_WRAP_OP( op, bd, which, act ) { \
177	OpExtraDB wrap_oex; \
178	BackendDB *const wrap_bd = (op)->o_bd; \
179	wrap_oex.oe_db = wrap_bd; \
180	wrap_oex.oe.oe_key = (char *) wrap_bd->be_private + (which); \
181	LDAP_SLIST_INSERT_HEAD( &(op)->o_extra, &wrap_oex.oe, oe_next ); \
182	(op)->o_bd = (bd); \
183	act; \
184	(op)->o_bd = wrap_bd; \
185	LDAP_SLIST_REMOVE( &(op)->o_extra, &wrap_oex.oe, OpExtra, oe_next ); \
186}
187
188/*
189 * Forward backend function #<which> on <op> to operation DN's database
190 * like RELAY_WRAP_OP, after setting up callbacks. If no database or no
191 * backend function, set/send results depending on <which>'s fail_modes.
192 */
193static int
194relay_back_op( Operation *op, SlapReply *rs, int which )
195{
196	BackendDB	*bd;
197	BI_op_bind	*func;
198	slap_mask_t	fail_mode = relay_fail_modes[which].rf_op;
199	int		rc = ( fail_mode & RB_ERR_MASK );
200
201	bd = relay_back_select_backend( op, rs, which );
202	if ( bd == NULL ) {
203		if ( fail_mode & RB_BDERR )
204			return rs->sr_err;	/* sr_err was set above */
205
206	} else if ( (func = (&bd->be_bind)[which]) != 0 ) {
207		relay_callback	rcb;
208
209		relay_back_add_cb( &rcb, op );
210		RELAY_WRAP_OP( op, bd, which, {
211			rc = func( op, rs );
212		});
213		relay_back_remove_cb( &rcb, op );
214
215	} else if ( fail_mode & RB_OPERR ) {
216		rs->sr_err = rc;
217		if ( rc == LDAP_UNWILLING_TO_PERFORM ) {
218			rs->sr_text = "operation not supported within naming context";
219		}
220
221		if ( fail_mode & RB_SEND ) {
222			send_ldap_result( op, rs );
223		}
224	}
225
226	return rc;
227}
228
229
230int
231relay_back_op_bind( Operation *op, SlapReply *rs )
232{
233	/* allow rootdn as a means to auth without the need to actually
234 	 * contact the proxied DSA */
235	switch ( be_rootdn_bind( op, rs ) ) {
236	case SLAP_CB_CONTINUE:
237		break;
238
239	default:
240		return rs->sr_err;
241	}
242
243	return relay_back_op( op, rs, op_bind );
244}
245
246#define RELAY_DEFOP(func, which) \
247	int func( Operation *op, SlapReply *rs ) \
248	{ return relay_back_op( op, rs, which ); }
249
250RELAY_DEFOP( relay_back_op_search,		op_search )
251RELAY_DEFOP( relay_back_op_compare,		op_compare )
252RELAY_DEFOP( relay_back_op_modify,		op_modify )
253RELAY_DEFOP( relay_back_op_modrdn,		op_modrdn )
254RELAY_DEFOP( relay_back_op_add,			op_add )
255RELAY_DEFOP( relay_back_op_delete,		op_delete )
256RELAY_DEFOP( relay_back_op_extended,	op_extended )
257RELAY_DEFOP( relay_back_operational,	op_aux_operational )
258
259/* Abandon, Cancel, Unbind and some DN-less calls like be_connection_init
260 * need no extra handling:  slapd already calls them for all databases.
261 */
262
263
264int
265relay_back_entry_release_rw( Operation *op, Entry *e, int rw )
266{
267	BackendDB		*bd;
268	int			rc = LDAP_UNWILLING_TO_PERFORM;
269
270	bd = relay_back_select_backend( op, NULL, relay_op_entry_release );
271	if ( bd && bd->be_release ) {
272		RELAY_WRAP_OP( op, bd, relay_op_entry_release, {
273			rc = bd->be_release( op, e, rw );
274		});
275	} else if ( e->e_private == NULL ) {
276		entry_free( e );
277		rc = LDAP_SUCCESS;
278	}
279
280	return rc;
281}
282
283int
284relay_back_entry_get_rw( Operation *op, struct berval *ndn,
285	ObjectClass *oc, AttributeDescription *at, int rw, Entry **e )
286{
287	BackendDB		*bd;
288	int			rc = LDAP_NO_SUCH_OBJECT;
289
290	bd = relay_back_select_backend( op, NULL, relay_op_entry_get );
291	if ( bd && bd->be_fetch ) {
292		RELAY_WRAP_OP( op, bd, relay_op_entry_get, {
293			rc = bd->be_fetch( op, ndn, oc, at, rw, e );
294		});
295	}
296
297	return rc;
298}
299
300#if 0 /* Give the RB_SENDREF flag a nonzero value if implementing this */
301/*
302 * NOTE: even the existence of this function is questionable: we cannot
303 * pass the bi_chk_referrals() call thru the rwm overlay because there
304 * is no way to rewrite the req_dn back; but then relay_back_chk_referrals()
305 * is passing the target database a DN that likely does not belong to its
306 * naming context... mmmh.
307 */
308RELAY_DEFOP( relay_back_chk_referrals, op_aux_chk_referrals )
309#endif /*0*/
310
311int
312relay_back_has_subordinates( Operation *op, Entry *e, int *hasSubs )
313{
314	BackendDB		*bd;
315	int			rc = LDAP_OTHER;
316
317	bd = relay_back_select_backend( op, NULL, relay_op_has_subordinates );
318	if ( bd && bd->be_has_subordinates ) {
319		RELAY_WRAP_OP( op, bd, relay_op_has_subordinates, {
320			rc = bd->be_has_subordinates( op, e, hasSubs );
321		});
322	}
323
324	return rc;
325}
326
327
328/*
329 * FIXME: must implement tools as well
330 */
331