1/* translucent.c - translucent proxy module */ 2/* $OpenLDAP$ */ 3/* This work is part of OpenLDAP Software <http://www.openldap.org/>. 4 * 5 * Copyright 2004-2011 The OpenLDAP Foundation. 6 * Portions Copyright 2005 Symas Corporation. 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted only as authorized by the OpenLDAP 11 * Public License. 12 * 13 * A copy of this license is available in the file LICENSE in the 14 * top-level directory of the distribution or, alternatively, at 15 * <http://www.OpenLDAP.org/license.html>. 16 */ 17/* ACKNOWLEDGEMENTS: 18 * This work was initially developed by Symas Corp. for inclusion in 19 * OpenLDAP Software. This work was sponsored by Hewlett-Packard. 20 */ 21 22#include "portable.h" 23 24#ifdef SLAPD_OVER_TRANSLUCENT 25 26#include <stdio.h> 27 28#include <ac/string.h> 29#include <ac/socket.h> 30 31#include "slap.h" 32#include "lutil.h" 33 34#include "config.h" 35 36/* config block */ 37typedef struct translucent_info { 38 BackendDB db; /* captive backend */ 39 AttributeName *local; /* valid attrs for local filters */ 40 AttributeName *remote; /* valid attrs for remote filters */ 41 int strict; 42 int no_glue; 43 int defer_db_open; 44 int bind_local; 45 int pwmod_local; 46} translucent_info; 47 48static ConfigLDAPadd translucent_ldadd; 49static ConfigCfAdd translucent_cfadd; 50 51static ConfigDriver translucent_cf_gen; 52 53enum { 54 TRANS_LOCAL = 1, 55 TRANS_REMOTE 56}; 57 58static ConfigTable translucentcfg[] = { 59 { "translucent_strict", "on|off", 1, 2, 0, 60 ARG_ON_OFF|ARG_OFFSET, 61 (void *)offsetof(translucent_info, strict), 62 "( OLcfgOvAt:14.1 NAME 'olcTranslucentStrict' " 63 "DESC 'Reveal attribute deletion constraint violations' " 64 "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL }, 65 { "translucent_no_glue", "on|off", 1, 2, 0, 66 ARG_ON_OFF|ARG_OFFSET, 67 (void *)offsetof(translucent_info, no_glue), 68 "( OLcfgOvAt:14.2 NAME 'olcTranslucentNoGlue' " 69 "DESC 'Disable automatic glue records for ADD and MODRDN' " 70 "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL }, 71 { "translucent_local", "attr[,attr...]", 1, 2, 0, 72 ARG_MAGIC|TRANS_LOCAL, 73 translucent_cf_gen, 74 "( OLcfgOvAt:14.3 NAME 'olcTranslucentLocal' " 75 "DESC 'Attributes to use in local search filter' " 76 "SYNTAX OMsDirectoryString )", NULL, NULL }, 77 { "translucent_remote", "attr[,attr...]", 1, 2, 0, 78 ARG_MAGIC|TRANS_REMOTE, 79 translucent_cf_gen, 80 "( OLcfgOvAt:14.4 NAME 'olcTranslucentRemote' " 81 "DESC 'Attributes to use in remote search filter' " 82 "SYNTAX OMsDirectoryString )", NULL, NULL }, 83 { "translucent_bind_local", "on|off", 1, 2, 0, 84 ARG_ON_OFF|ARG_OFFSET, 85 (void *)offsetof(translucent_info, bind_local), 86 "( OLcfgOvAt:14.5 NAME 'olcTranslucentBindLocal' " 87 "DESC 'Enable local bind' " 88 "SYNTAX OMsBoolean SINGLE-VALUE)", NULL, NULL }, 89 { "translucent_pwmod_local", "on|off", 1, 2, 0, 90 ARG_ON_OFF|ARG_OFFSET, 91 (void *)offsetof(translucent_info, pwmod_local), 92 "( OLcfgOvAt:14.6 NAME 'olcTranslucentPwModLocal' " 93 "DESC 'Enable local RFC 3062 Password Modify extended operation' " 94 "SYNTAX OMsBoolean SINGLE-VALUE)", NULL, NULL }, 95 { NULL, NULL, 0, 0, 0, ARG_IGNORED } 96}; 97 98static ConfigOCs translucentocs[] = { 99 { "( OLcfgOvOc:14.1 " 100 "NAME 'olcTranslucentConfig' " 101 "DESC 'Translucent configuration' " 102 "SUP olcOverlayConfig " 103 "MAY ( olcTranslucentStrict $ olcTranslucentNoGlue $" 104 " olcTranslucentLocal $ olcTranslucentRemote $" 105 " olcTranslucentBindLocal $ olcTranslucentPwModLocal ) )", 106 Cft_Overlay, translucentcfg, NULL, translucent_cfadd }, 107 { "( OLcfgOvOc:14.2 " 108 "NAME 'olcTranslucentDatabase' " 109 "DESC 'Translucent target database configuration' " 110 "AUXILIARY )", Cft_Misc, olcDatabaseDummy, translucent_ldadd }, 111 { NULL, 0, NULL } 112}; 113/* for translucent_init() */ 114 115static int 116translucent_ldadd_cleanup( ConfigArgs *ca ) 117{ 118 slap_overinst *on = ca->ca_private; 119 translucent_info *ov = on->on_bi.bi_private; 120 121 ov->defer_db_open = 0; 122 return backend_startup_one( ca->be, &ca->reply ); 123} 124 125static int 126translucent_ldadd( CfEntryInfo *cei, Entry *e, ConfigArgs *ca ) 127{ 128 slap_overinst *on; 129 translucent_info *ov; 130 131 Debug(LDAP_DEBUG_TRACE, "==> translucent_ldadd\n", 0, 0, 0); 132 133 if ( cei->ce_type != Cft_Overlay || !cei->ce_bi || 134 cei->ce_bi->bi_cf_ocs != translucentocs ) 135 return LDAP_CONSTRAINT_VIOLATION; 136 137 on = (slap_overinst *)cei->ce_bi; 138 ov = on->on_bi.bi_private; 139 ca->be = &ov->db; 140 ca->ca_private = on; 141 if ( CONFIG_ONLINE_ADD( ca )) 142 ca->cleanup = translucent_ldadd_cleanup; 143 else 144 ov->defer_db_open = 0; 145 146 return LDAP_SUCCESS; 147} 148 149static int 150translucent_cfadd( Operation *op, SlapReply *rs, Entry *e, ConfigArgs *ca ) 151{ 152 CfEntryInfo *cei = e->e_private; 153 slap_overinst *on = (slap_overinst *)cei->ce_bi; 154 translucent_info *ov = on->on_bi.bi_private; 155 struct berval bv; 156 157 Debug(LDAP_DEBUG_TRACE, "==> translucent_cfadd\n", 0, 0, 0); 158 159 /* FIXME: should not hardcode "olcDatabase" here */ 160 bv.bv_len = snprintf( ca->cr_msg, sizeof( ca->cr_msg ), 161 "olcDatabase=" SLAP_X_ORDERED_FMT "%s", 162 0, ov->db.bd_info->bi_type ); 163 if ( bv.bv_len >= sizeof( ca->cr_msg ) ) { 164 return -1; 165 } 166 bv.bv_val = ca->cr_msg; 167 ca->be = &ov->db; 168 ov->defer_db_open = 0; 169 170 /* We can only create this entry if the database is table-driven 171 */ 172 if ( ov->db.bd_info->bi_cf_ocs ) 173 config_build_entry( op, rs, cei, ca, &bv, 174 ov->db.bd_info->bi_cf_ocs, 175 &translucentocs[1] ); 176 177 return 0; 178} 179 180static int 181translucent_cf_gen( ConfigArgs *c ) 182{ 183 slap_overinst *on = (slap_overinst *)c->bi; 184 translucent_info *ov = on->on_bi.bi_private; 185 AttributeName **an, *a2; 186 int i; 187 188 if ( c->type == TRANS_LOCAL ) 189 an = &ov->local; 190 else 191 an = &ov->remote; 192 193 if ( c->op == SLAP_CONFIG_EMIT ) { 194 if ( !*an ) 195 return 1; 196 for ( i = 0; !BER_BVISNULL(&(*an)[i].an_name); i++ ) { 197 value_add_one( &c->rvalue_vals, &(*an)[i].an_name ); 198 } 199 return ( i < 1 ); 200 } else if ( c->op == LDAP_MOD_DELETE ) { 201 if ( c->valx < 0 ) { 202 anlist_free( *an, 1, NULL ); 203 *an = NULL; 204 } else { 205 i = c->valx; 206 ch_free( (*an)[i].an_name.bv_val ); 207 do { 208 (*an)[i] = (*an)[i+1]; 209 i++; 210 } while ( !BER_BVISNULL( &(*an)[i].an_name )); 211 } 212 return 0; 213 } 214 a2 = str2anlist( *an, c->argv[1], "," ); 215 if ( !a2 ) { 216 snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s unable to parse attribute %s", 217 c->argv[0], c->argv[1] ); 218 Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, 219 "%s: %s\n", c->log, c->cr_msg, 0 ); 220 return ARG_BAD_CONF; 221 } 222 *an = a2; 223 return 0; 224} 225 226static slap_overinst translucent; 227 228/* 229** glue_parent() 230** call syncrepl_add_glue() with the parent suffix; 231** 232*/ 233 234static struct berval glue[] = { BER_BVC("top"), BER_BVC("glue"), BER_BVNULL }; 235 236void glue_parent(Operation *op) { 237 Operation nop = *op; 238 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; 239 struct berval ndn = BER_BVNULL; 240 Attribute *a; 241 Entry *e; 242 struct berval pdn; 243 244 dnParent( &op->o_req_ndn, &pdn ); 245 ber_dupbv_x( &ndn, &pdn, op->o_tmpmemctx ); 246 247 Debug(LDAP_DEBUG_TRACE, "=> glue_parent: fabricating glue for <%s>\n", ndn.bv_val, 0, 0); 248 249 e = entry_alloc(); 250 e->e_id = NOID; 251 ber_dupbv(&e->e_name, &ndn); 252 ber_dupbv(&e->e_nname, &ndn); 253 254 a = attr_alloc( slap_schema.si_ad_objectClass ); 255 a->a_numvals = 2; 256 a->a_vals = ch_malloc(sizeof(struct berval) * 3); 257 ber_dupbv(&a->a_vals[0], &glue[0]); 258 ber_dupbv(&a->a_vals[1], &glue[1]); 259 ber_dupbv(&a->a_vals[2], &glue[2]); 260 a->a_nvals = a->a_vals; 261 a->a_next = e->e_attrs; 262 e->e_attrs = a; 263 264 a = attr_alloc( slap_schema.si_ad_structuralObjectClass ); 265 a->a_numvals = 1; 266 a->a_vals = ch_malloc(sizeof(struct berval) * 2); 267 ber_dupbv(&a->a_vals[0], &glue[1]); 268 ber_dupbv(&a->a_vals[1], &glue[2]); 269 a->a_nvals = a->a_vals; 270 a->a_next = e->e_attrs; 271 e->e_attrs = a; 272 273 nop.o_req_dn = ndn; 274 nop.o_req_ndn = ndn; 275 nop.ora_e = e; 276 277 nop.o_bd->bd_info = (BackendInfo *) on->on_info->oi_orig; 278 syncrepl_add_glue(&nop, e); 279 nop.o_bd->bd_info = (BackendInfo *) on; 280 281 op->o_tmpfree( ndn.bv_val, op->o_tmpmemctx ); 282 283 return; 284} 285 286/* 287** free_attr_chain() 288** free only the Attribute*, not the contents; 289** 290*/ 291void free_attr_chain(Attribute *b) { 292 Attribute *a; 293 for(a=b; a; a=a->a_next) { 294 a->a_vals = NULL; 295 a->a_nvals = NULL; 296 } 297 attrs_free( b ); 298 return; 299} 300 301/* 302** translucent_add() 303** if not bound as root, send ACCESS error; 304** if glue, glue_parent(); 305** return CONTINUE; 306** 307*/ 308 309static int translucent_add(Operation *op, SlapReply *rs) { 310 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; 311 translucent_info *ov = on->on_bi.bi_private; 312 Debug(LDAP_DEBUG_TRACE, "==> translucent_add: %s\n", 313 op->o_req_dn.bv_val, 0, 0); 314 if(!be_isroot(op)) { 315 op->o_bd->bd_info = (BackendInfo *) on->on_info; 316 send_ldap_error(op, rs, LDAP_INSUFFICIENT_ACCESS, 317 "user modification of overlay database not permitted"); 318 op->o_bd->bd_info = (BackendInfo *) on; 319 return(rs->sr_err); 320 } 321 if(!ov->no_glue) glue_parent(op); 322 return(SLAP_CB_CONTINUE); 323} 324 325/* 326** translucent_modrdn() 327** if not bound as root, send ACCESS error; 328** if !glue, glue_parent(); 329** else return CONTINUE; 330** 331*/ 332 333static int translucent_modrdn(Operation *op, SlapReply *rs) { 334 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; 335 translucent_info *ov = on->on_bi.bi_private; 336 Debug(LDAP_DEBUG_TRACE, "==> translucent_modrdn: %s -> %s\n", 337 op->o_req_dn.bv_val, op->orr_newrdn.bv_val, 0); 338 if(!be_isroot(op)) { 339 op->o_bd->bd_info = (BackendInfo *) on->on_info; 340 send_ldap_error(op, rs, LDAP_INSUFFICIENT_ACCESS, 341 "user modification of overlay database not permitted"); 342 op->o_bd->bd_info = (BackendInfo *) on; 343 return(rs->sr_err); 344 } 345 if(!ov->no_glue) { 346 op->o_tag = LDAP_REQ_ADD; 347 glue_parent(op); 348 op->o_tag = LDAP_REQ_MODRDN; 349 } 350 return(SLAP_CB_CONTINUE); 351} 352 353/* 354** translucent_delete() 355** if not bound as root, send ACCESS error; 356** else return CONTINUE; 357** 358*/ 359 360static int translucent_delete(Operation *op, SlapReply *rs) { 361 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; 362 Debug(LDAP_DEBUG_TRACE, "==> translucent_delete: %s\n", 363 op->o_req_dn.bv_val, 0, 0); 364 if(!be_isroot(op)) { 365 op->o_bd->bd_info = (BackendInfo *) on->on_info; 366 send_ldap_error(op, rs, LDAP_INSUFFICIENT_ACCESS, 367 "user modification of overlay database not permitted"); 368 op->o_bd->bd_info = (BackendInfo *) on; 369 return(rs->sr_err); 370 } 371 return(SLAP_CB_CONTINUE); 372} 373 374static int 375translucent_tag_cb( Operation *op, SlapReply *rs ) 376{ 377 op->o_tag = LDAP_REQ_MODIFY; 378 op->orm_modlist = op->o_callback->sc_private; 379 rs->sr_tag = slap_req2res( op->o_tag ); 380 381 return SLAP_CB_CONTINUE; 382} 383 384/* 385** translucent_modify() 386** modify in local backend if exists in both; 387** otherwise, add to local backend; 388** fail if not defined in captive backend; 389** 390*/ 391 392static int translucent_modify(Operation *op, SlapReply *rs) { 393 SlapReply nrs = { REP_RESULT }; 394 395 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; 396 translucent_info *ov = on->on_bi.bi_private; 397 Entry *e = NULL, *re = NULL; 398 Attribute *a, *ax; 399 Modifications *m, **mm; 400 BackendDB *db; 401 int del, rc, erc = 0; 402 slap_callback cb = { 0 }; 403 404 Debug(LDAP_DEBUG_TRACE, "==> translucent_modify: %s\n", 405 op->o_req_dn.bv_val, 0, 0); 406 407 if(ov->defer_db_open) { 408 send_ldap_error(op, rs, LDAP_UNAVAILABLE, 409 "remote DB not available"); 410 return(rs->sr_err); 411 } 412/* 413** fetch entry from the captive backend; 414** if it did not exist, fail; 415** release it, if captive backend supports this; 416** 417*/ 418 419 db = op->o_bd; 420 op->o_bd = &ov->db; 421 ov->db.be_acl = op->o_bd->be_acl; 422 rc = ov->db.bd_info->bi_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &re); 423 if(rc != LDAP_SUCCESS || re == NULL ) { 424 send_ldap_error((op), rs, LDAP_NO_SUCH_OBJECT, 425 "attempt to modify nonexistent local record"); 426 return(rs->sr_err); 427 } 428 op->o_bd = db; 429/* 430** fetch entry from local backend; 431** if it exists: 432** foreach Modification: 433** if attr not present in local: 434** if Mod == LDAP_MOD_DELETE: 435** if remote attr not present, return NO_SUCH; 436** if remote attr present, drop this Mod; 437** else force this Mod to LDAP_MOD_ADD; 438** return CONTINUE; 439** 440*/ 441 442 op->o_bd->bd_info = (BackendInfo *) on->on_info; 443 rc = be_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &e); 444 op->o_bd->bd_info = (BackendInfo *) on; 445 446 if(e && rc == LDAP_SUCCESS) { 447 Debug(LDAP_DEBUG_TRACE, "=> translucent_modify: found local entry\n", 0, 0, 0); 448 for(mm = &op->orm_modlist; *mm; ) { 449 m = *mm; 450 for(a = e->e_attrs; a; a = a->a_next) 451 if(a->a_desc == m->sml_desc) break; 452 if(a) { 453 mm = &m->sml_next; 454 continue; /* found local attr */ 455 } 456 if(m->sml_op == LDAP_MOD_DELETE) { 457 for(a = re->e_attrs; a; a = a->a_next) 458 if(a->a_desc == m->sml_desc) break; 459 /* not found remote attr */ 460 if(!a) { 461 erc = LDAP_NO_SUCH_ATTRIBUTE; 462 goto release; 463 } 464 if(ov->strict) { 465 erc = LDAP_CONSTRAINT_VIOLATION; 466 goto release; 467 } 468 Debug(LDAP_DEBUG_TRACE, 469 "=> translucent_modify: silently dropping delete: %s\n", 470 m->sml_desc->ad_cname.bv_val, 0, 0); 471 *mm = m->sml_next; 472 m->sml_next = NULL; 473 slap_mods_free(m, 1); 474 continue; 475 } 476 m->sml_op = LDAP_MOD_ADD; 477 mm = &m->sml_next; 478 } 479 erc = SLAP_CB_CONTINUE; 480release: 481 if(re) { 482 if(ov->db.bd_info->bi_entry_release_rw) { 483 op->o_bd = &ov->db; 484 ov->db.bd_info->bi_entry_release_rw(op, re, 0); 485 op->o_bd = db; 486 } else 487 entry_free(re); 488 } 489 op->o_bd->bd_info = (BackendInfo *) on->on_info; 490 be_entry_release_r(op, e); 491 op->o_bd->bd_info = (BackendInfo *) on; 492 if(erc == SLAP_CB_CONTINUE) { 493 return(erc); 494 } else if(erc) { 495 send_ldap_error(op, rs, erc, 496 "attempt to delete nonexistent attribute"); 497 return(erc); 498 } 499 } 500 501 /* don't leak remote entry copy */ 502 if(re) { 503 if(ov->db.bd_info->bi_entry_release_rw) { 504 op->o_bd = &ov->db; 505 ov->db.bd_info->bi_entry_release_rw(op, re, 0); 506 op->o_bd = db; 507 } else 508 entry_free(re); 509 } 510/* 511** foreach Modification: 512** if MOD_ADD or MOD_REPLACE, add Attribute; 513** if no Modifications were suitable: 514** if strict, throw CONSTRAINT_VIOLATION; 515** else, return early SUCCESS; 516** fabricate Entry with new Attribute chain; 517** glue_parent() for this Entry; 518** call bi_op_add() in local backend; 519** 520*/ 521 522 Debug(LDAP_DEBUG_TRACE, "=> translucent_modify: fabricating local add\n", 0, 0, 0); 523 a = NULL; 524 for(del = 0, ax = NULL, m = op->orm_modlist; m; m = m->sml_next) { 525 Attribute atmp; 526 if(((m->sml_op & LDAP_MOD_OP) != LDAP_MOD_ADD) && 527 ((m->sml_op & LDAP_MOD_OP) != LDAP_MOD_REPLACE)) { 528 Debug(LDAP_DEBUG_ANY, 529 "=> translucent_modify: silently dropped modification(%d): %s\n", 530 m->sml_op, m->sml_desc->ad_cname.bv_val, 0); 531 if((m->sml_op & LDAP_MOD_OP) == LDAP_MOD_DELETE) del++; 532 continue; 533 } 534 atmp.a_desc = m->sml_desc; 535 atmp.a_vals = m->sml_values; 536 atmp.a_nvals = m->sml_nvalues ? m->sml_nvalues : atmp.a_vals; 537 atmp.a_numvals = m->sml_numvals; 538 atmp.a_flags = 0; 539 a = attr_dup( &atmp ); 540 a->a_next = ax; 541 ax = a; 542 } 543 544 if(del && ov->strict) { 545 attrs_free( a ); 546 send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION, 547 "attempt to delete attributes from local database"); 548 return(rs->sr_err); 549 } 550 551 if(!ax) { 552 if(ov->strict) { 553 send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION, 554 "modification contained other than ADD or REPLACE"); 555 return(rs->sr_err); 556 } 557 /* rs->sr_text = "no valid modification found"; */ 558 rs->sr_err = LDAP_SUCCESS; 559 send_ldap_result(op, rs); 560 return(rs->sr_err); 561 } 562 563 e = entry_alloc(); 564 ber_dupbv( &e->e_name, &op->o_req_dn ); 565 ber_dupbv( &e->e_nname, &op->o_req_ndn ); 566 e->e_attrs = a; 567 568 op->o_tag = LDAP_REQ_ADD; 569 cb.sc_response = translucent_tag_cb; 570 cb.sc_private = op->orm_modlist; 571 op->oq_add.rs_e = e; 572 573 glue_parent(op); 574 575 cb.sc_next = op->o_callback; 576 op->o_callback = &cb; 577 rc = on->on_info->oi_orig->bi_op_add(op, &nrs); 578 if ( op->ora_e == e ) 579 entry_free( e ); 580 op->o_callback = cb.sc_next; 581 582 return(rc); 583} 584 585static int translucent_compare(Operation *op, SlapReply *rs) { 586 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; 587 translucent_info *ov = on->on_bi.bi_private; 588 AttributeAssertion *ava = op->orc_ava; 589 Entry *e = NULL; 590 BackendDB *db; 591 int rc; 592 593 Debug(LDAP_DEBUG_TRACE, "==> translucent_compare: <%s> %s:%s\n", 594 op->o_req_dn.bv_val, ava->aa_desc->ad_cname.bv_val, ava->aa_value.bv_val); 595 596/* 597** if the local backend has an entry for this attribute: 598** CONTINUE and let it do the compare; 599** 600*/ 601 rc = overlay_entry_get_ov(op, &op->o_req_ndn, NULL, ava->aa_desc, 0, &e, on); 602 if(rc == LDAP_SUCCESS && e) { 603 overlay_entry_release_ov(op, e, 0, on); 604 return(SLAP_CB_CONTINUE); 605 } 606 607 if(ov->defer_db_open) { 608 send_ldap_error(op, rs, LDAP_UNAVAILABLE, 609 "remote DB not available"); 610 return(rs->sr_err); 611 } 612/* 613** call compare() in the captive backend; 614** return the result; 615** 616*/ 617 db = op->o_bd; 618 op->o_bd = &ov->db; 619 ov->db.be_acl = op->o_bd->be_acl; 620 rc = ov->db.bd_info->bi_op_compare(op, rs); 621 op->o_bd = db; 622 623 return(rc); 624} 625 626static int translucent_pwmod(Operation *op, SlapReply *rs) { 627 SlapReply nrs = { REP_RESULT }; 628 Operation nop; 629 630 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; 631 translucent_info *ov = on->on_bi.bi_private; 632 Entry *e = NULL, *re = NULL; 633 BackendDB *db; 634 int rc = 0; 635 slap_callback cb = { 0 }; 636 637 if (!ov->pwmod_local) { 638 rs->sr_err = LDAP_CONSTRAINT_VIOLATION, 639 rs->sr_text = "attempt to modify password in local database"; 640 return rs->sr_err; 641 } 642 643/* 644** fetch entry from the captive backend; 645** if it did not exist, fail; 646** release it, if captive backend supports this; 647** 648*/ 649 db = op->o_bd; 650 op->o_bd = &ov->db; 651 ov->db.be_acl = op->o_bd->be_acl; 652 rc = ov->db.bd_info->bi_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &re); 653 if(rc != LDAP_SUCCESS || re == NULL ) { 654 send_ldap_error((op), rs, LDAP_NO_SUCH_OBJECT, 655 "attempt to modify nonexistent local record"); 656 return(rs->sr_err); 657 } 658 op->o_bd = db; 659/* 660** fetch entry from local backend; 661** if it exists: 662** return CONTINUE; 663*/ 664 665 op->o_bd->bd_info = (BackendInfo *) on->on_info; 666 rc = be_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &e); 667 op->o_bd->bd_info = (BackendInfo *) on; 668 669 if(e && rc == LDAP_SUCCESS) { 670 if(re) { 671 if(ov->db.bd_info->bi_entry_release_rw) { 672 op->o_bd = &ov->db; 673 ov->db.bd_info->bi_entry_release_rw(op, re, 0); 674 op->o_bd = db; 675 } else { 676 entry_free(re); 677 } 678 } 679 op->o_bd->bd_info = (BackendInfo *) on->on_info; 680 be_entry_release_r(op, e); 681 op->o_bd->bd_info = (BackendInfo *) on; 682 return SLAP_CB_CONTINUE; 683 } 684 685 /* don't leak remote entry copy */ 686 if(re) { 687 if(ov->db.bd_info->bi_entry_release_rw) { 688 op->o_bd = &ov->db; 689 ov->db.bd_info->bi_entry_release_rw(op, re, 0); 690 op->o_bd = db; 691 } else { 692 entry_free(re); 693 } 694 } 695/* 696** glue_parent() for this Entry; 697** call bi_op_add() in local backend; 698** 699*/ 700 e = entry_alloc(); 701 ber_dupbv( &e->e_name, &op->o_req_dn ); 702 ber_dupbv( &e->e_nname, &op->o_req_ndn ); 703 e->e_attrs = NULL; 704 705 nop = *op; 706 nop.o_tag = LDAP_REQ_ADD; 707 cb.sc_response = slap_null_cb; 708 nop.oq_add.rs_e = e; 709 710 glue_parent(&nop); 711 712 nop.o_callback = &cb; 713 rc = on->on_info->oi_orig->bi_op_add(&nop, &nrs); 714 if ( nop.ora_e == e ) { 715 entry_free( e ); 716 } 717 718 if ( rc == LDAP_SUCCESS ) { 719 return SLAP_CB_CONTINUE; 720 } 721 722 return rc; 723} 724 725static int translucent_exop(Operation *op, SlapReply *rs) { 726 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; 727 translucent_info *ov = on->on_bi.bi_private; 728 const struct berval bv_exop_pwmod = BER_BVC(LDAP_EXOP_MODIFY_PASSWD); 729 730 Debug(LDAP_DEBUG_TRACE, "==> translucent_exop: %s\n", 731 op->o_req_dn.bv_val, 0, 0); 732 733 if(ov->defer_db_open) { 734 send_ldap_error(op, rs, LDAP_UNAVAILABLE, 735 "remote DB not available"); 736 return(rs->sr_err); 737 } 738 739 if ( bvmatch( &bv_exop_pwmod, &op->ore_reqoid ) ) { 740 return translucent_pwmod( op, rs ); 741 } 742 743 return SLAP_CB_CONTINUE; 744} 745 746/* 747** translucent_search_cb() 748** merge local data with remote data 749** 750** Four cases: 751** 1: remote search, no local filter 752** merge data and send immediately 753** 2: remote search, with local filter 754** merge data and save 755** 3: local search, no remote filter 756** merge data and send immediately 757** 4: local search, with remote filter 758** check list, merge, send, delete 759*/ 760 761#define RMT_SIDE 0 762#define LCL_SIDE 1 763#define USE_LIST 2 764 765typedef struct trans_ctx { 766 BackendDB *db; 767 slap_overinst *on; 768 Filter *orig; 769 Avlnode *list; 770 int step; 771 int slimit; 772 AttributeName *attrs; 773} trans_ctx; 774 775static int translucent_search_cb(Operation *op, SlapReply *rs) { 776 trans_ctx *tc; 777 BackendDB *db; 778 slap_overinst *on; 779 translucent_info *ov; 780 Entry *le, *re; 781 Attribute *a, *ax, *an, *as = NULL; 782 int rc; 783 int test_f = 0; 784 785 tc = op->o_callback->sc_private; 786 787 /* Don't let the op complete while we're gathering data */ 788 if ( rs->sr_type == REP_RESULT && ( tc->step & USE_LIST )) 789 return 0; 790 791 if(!op || !rs || rs->sr_type != REP_SEARCH || !rs->sr_entry) 792 return(SLAP_CB_CONTINUE); 793 794 Debug(LDAP_DEBUG_TRACE, "==> translucent_search_cb: %s\n", 795 rs->sr_entry->e_name.bv_val, 0, 0); 796 797 op->ors_slimit = tc->slimit + ( tc->slimit > 0 ? 1 : 0 ); 798 if ( op->ors_attrs == slap_anlist_all_attributes ) { 799 op->ors_attrs = tc->attrs; 800 rs->sr_attrs = tc->attrs; 801 rs->sr_attr_flags = slap_attr_flags( rs->sr_attrs ); 802 } 803 804 on = tc->on; 805 ov = on->on_bi.bi_private; 806 807 db = op->o_bd; 808 re = NULL; 809 810 /* If we have local, get remote */ 811 if ( tc->step & LCL_SIDE ) { 812 le = rs->sr_entry; 813 /* If entry is already on list, use it */ 814 if ( tc->step & USE_LIST ) { 815 re = tavl_delete( &tc->list, le, entry_dn_cmp ); 816 if ( re ) { 817 rs_flush_entry( op, rs, on ); 818 rc = test_filter( op, re, tc->orig ); 819 if ( rc == LDAP_COMPARE_TRUE ) { 820 rs->sr_flags |= REP_ENTRY_MUSTBEFREED; 821 rs->sr_entry = re; 822 823 if ( tc->slimit >= 0 && rs->sr_nentries >= tc->slimit ) { 824 return LDAP_SIZELIMIT_EXCEEDED; 825 } 826 827 return SLAP_CB_CONTINUE; 828 } else { 829 entry_free( re ); 830 rs->sr_entry = NULL; 831 return 0; 832 } 833 } 834 } 835 op->o_bd = &ov->db; 836 rc = be_entry_get_rw( op, &rs->sr_entry->e_nname, NULL, NULL, 0, &re ); 837 if ( rc == LDAP_SUCCESS && re ) { 838 Entry *tmp = entry_dup( re ); 839 be_entry_release_r( op, re ); 840 re = tmp; 841 test_f = 1; 842 } 843 } else { 844 /* Else we have remote, get local */ 845 op->o_bd = tc->db; 846 le = NULL; 847 rc = overlay_entry_get_ov(op, &rs->sr_entry->e_nname, NULL, NULL, 0, &le, on); 848 if ( rc == LDAP_SUCCESS && le ) { 849 re = entry_dup( rs->sr_entry ); 850 rs_flush_entry( op, rs, on ); 851 } else { 852 le = NULL; 853 } 854 } 855 856/* 857** if we got remote and local entry: 858** foreach local attr: 859** foreach remote attr: 860** if match, remote attr with local attr; 861** if new local, add to list; 862** append new local attrs to remote; 863** 864*/ 865 866 if ( re && le ) { 867 for(ax = le->e_attrs; ax; ax = ax->a_next) { 868 for(a = re->e_attrs; a; a = a->a_next) { 869 if(a->a_desc == ax->a_desc) { 870 test_f = 1; 871 if(a->a_vals != a->a_nvals) 872 ber_bvarray_free(a->a_nvals); 873 ber_bvarray_free(a->a_vals); 874 ber_bvarray_dup_x( &a->a_vals, ax->a_vals, NULL ); 875 if ( ax->a_vals == ax->a_nvals ) { 876 a->a_nvals = a->a_vals; 877 } else { 878 ber_bvarray_dup_x( &a->a_nvals, ax->a_nvals, NULL ); 879 } 880 break; 881 } 882 } 883 if(a) continue; 884 an = attr_dup(ax); 885 an->a_next = as; 886 as = an; 887 } 888 /* Dispose of local entry */ 889 if ( tc->step & LCL_SIDE ) { 890 rs_flush_entry(op, rs, on); 891 } else { 892 overlay_entry_release_ov(op, le, 0, on); 893 } 894 895 /* literally append, so locals are always last */ 896 if(as) { 897 if(re->e_attrs) { 898 for(ax = re->e_attrs; ax->a_next; ax = ax->a_next); 899 ax->a_next = as; 900 } else { 901 re->e_attrs = as; 902 } 903 } 904 /* If both filters, save entry for later */ 905 if ( tc->step == (USE_LIST|RMT_SIDE) ) { 906 tavl_insert( &tc->list, re, entry_dn_cmp, avl_dup_error ); 907 rs->sr_entry = NULL; 908 rc = 0; 909 } else { 910 /* send it now */ 911 rs->sr_entry = re; 912 rs->sr_flags |= REP_ENTRY_MUSTBEFREED; 913 if ( test_f ) { 914 rc = test_filter( op, rs->sr_entry, tc->orig ); 915 if ( rc == LDAP_COMPARE_TRUE ) { 916 rc = SLAP_CB_CONTINUE; 917 } else { 918 rc = 0; 919 } 920 } else { 921 rc = SLAP_CB_CONTINUE; 922 } 923 } 924 } else if ( le ) { 925 /* Only a local entry: remote was deleted 926 * Ought to delete the local too... 927 */ 928 rc = 0; 929 } else if ( tc->step & USE_LIST ) { 930 /* Only a remote entry, but both filters: 931 * Test the complete filter 932 */ 933 rc = test_filter( op, rs->sr_entry, tc->orig ); 934 if ( rc == LDAP_COMPARE_TRUE ) { 935 rc = SLAP_CB_CONTINUE; 936 } else { 937 rc = 0; 938 } 939 } else { 940 /* Only a remote entry, only remote filter: 941 * just pass thru 942 */ 943 rc = SLAP_CB_CONTINUE; 944 } 945 946 op->o_bd = db; 947 948 if ( rc == SLAP_CB_CONTINUE && tc->slimit >= 0 && rs->sr_nentries >= tc->slimit ) { 949 return LDAP_SIZELIMIT_EXCEEDED; 950 } 951 952 return rc; 953} 954 955/* Dup the filter, excluding invalid elements */ 956static Filter * 957trans_filter_dup(Operation *op, Filter *f, AttributeName *an) 958{ 959 Filter *n = NULL; 960 961 if ( !f ) 962 return NULL; 963 964 switch( f->f_choice & SLAPD_FILTER_MASK ) { 965 case SLAPD_FILTER_COMPUTED: 966 n = op->o_tmpalloc( sizeof(Filter), op->o_tmpmemctx ); 967 n->f_choice = f->f_choice; 968 n->f_result = f->f_result; 969 n->f_next = NULL; 970 break; 971 972 case LDAP_FILTER_PRESENT: 973 if ( ad_inlist( f->f_desc, an )) { 974 n = op->o_tmpalloc( sizeof(Filter), op->o_tmpmemctx ); 975 n->f_choice = f->f_choice; 976 n->f_desc = f->f_desc; 977 n->f_next = NULL; 978 } 979 break; 980 981 case LDAP_FILTER_EQUALITY: 982 case LDAP_FILTER_GE: 983 case LDAP_FILTER_LE: 984 case LDAP_FILTER_APPROX: 985 case LDAP_FILTER_SUBSTRINGS: 986 case LDAP_FILTER_EXT: 987 if ( !f->f_av_desc || ad_inlist( f->f_av_desc, an )) { 988 n = op->o_tmpalloc( sizeof(Filter), op->o_tmpmemctx ); 989 n->f_choice = f->f_choice; 990 n->f_ava = f->f_ava; 991 n->f_next = NULL; 992 } 993 break; 994 995 case LDAP_FILTER_AND: 996 case LDAP_FILTER_OR: 997 case LDAP_FILTER_NOT: { 998 Filter **p; 999 1000 n = op->o_tmpalloc( sizeof(Filter), op->o_tmpmemctx ); 1001 n->f_choice = f->f_choice; 1002 n->f_next = NULL; 1003 1004 for ( p = &n->f_list, f = f->f_list; f; f = f->f_next ) { 1005 *p = trans_filter_dup( op, f, an ); 1006 if ( !*p ) 1007 continue; 1008 p = &(*p)->f_next; 1009 } 1010 /* nothing valid in this list */ 1011 if ( !n->f_list ) { 1012 op->o_tmpfree( n, op->o_tmpmemctx ); 1013 return NULL; 1014 } 1015 /* Only 1 element in this list */ 1016 if ((n->f_choice & SLAPD_FILTER_MASK) != LDAP_FILTER_NOT && 1017 !n->f_list->f_next ) { 1018 f = n->f_list; 1019 *n = *f; 1020 op->o_tmpfree( f, op->o_tmpmemctx ); 1021 } 1022 break; 1023 } 1024 } 1025 return n; 1026} 1027 1028static void 1029trans_filter_free( Operation *op, Filter *f ) 1030{ 1031 Filter *n, *p, *next; 1032 1033 f->f_choice &= SLAPD_FILTER_MASK; 1034 1035 switch( f->f_choice ) { 1036 case LDAP_FILTER_AND: 1037 case LDAP_FILTER_OR: 1038 case LDAP_FILTER_NOT: 1039 /* Free in reverse order */ 1040 n = NULL; 1041 for ( p = f->f_list; p; p = next ) { 1042 next = p->f_next; 1043 p->f_next = n; 1044 n = p; 1045 } 1046 for ( p = n; p; p = next ) { 1047 next = p->f_next; 1048 trans_filter_free( op, p ); 1049 } 1050 break; 1051 default: 1052 break; 1053 } 1054 op->o_tmpfree( f, op->o_tmpmemctx ); 1055} 1056 1057/* 1058** translucent_search() 1059** search via captive backend; 1060** override results with any local data; 1061** 1062*/ 1063 1064static int translucent_search(Operation *op, SlapReply *rs) { 1065 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; 1066 translucent_info *ov = on->on_bi.bi_private; 1067 slap_callback cb = { NULL, NULL, NULL, NULL }; 1068 trans_ctx tc; 1069 Filter *fl, *fr; 1070 struct berval fbv; 1071 int rc = 0; 1072 1073 Debug(LDAP_DEBUG_TRACE, "==> translucent_search: <%s> %s\n", 1074 op->o_req_dn.bv_val, op->ors_filterstr.bv_val, 0); 1075 1076 if(ov->defer_db_open) { 1077 send_ldap_error(op, rs, LDAP_UNAVAILABLE, 1078 "remote DB not available"); 1079 return(rs->sr_err); 1080 } 1081 1082 fr = ov->remote ? trans_filter_dup( op, op->ors_filter, ov->remote ) : NULL; 1083 fl = ov->local ? trans_filter_dup( op, op->ors_filter, ov->local ) : NULL; 1084 cb.sc_response = (slap_response *) translucent_search_cb; 1085 cb.sc_private = &tc; 1086 cb.sc_next = op->o_callback; 1087 1088 ov->db.be_acl = op->o_bd->be_acl; 1089 tc.db = op->o_bd; 1090 tc.on = on; 1091 tc.orig = op->ors_filter; 1092 tc.list = NULL; 1093 tc.step = 0; 1094 tc.slimit = op->ors_slimit; 1095 tc.attrs = NULL; 1096 fbv = op->ors_filterstr; 1097 1098 op->o_callback = &cb; 1099 1100 if ( fr || !fl ) { 1101 tc.attrs = op->ors_attrs; 1102 op->ors_slimit = SLAP_NO_LIMIT; 1103 op->ors_attrs = slap_anlist_all_attributes; 1104 op->o_bd = &ov->db; 1105 tc.step |= RMT_SIDE; 1106 if ( fl ) { 1107 tc.step |= USE_LIST; 1108 op->ors_filter = fr; 1109 filter2bv_x( op, fr, &op->ors_filterstr ); 1110 } 1111 rc = ov->db.bd_info->bi_op_search(op, rs); 1112 op->ors_attrs = tc.attrs; 1113 op->o_bd = tc.db; 1114 if ( fl ) { 1115 op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx ); 1116 } 1117 } 1118 if ( fl && !rc ) { 1119 tc.step |= LCL_SIDE; 1120 op->ors_filter = fl; 1121 filter2bv_x( op, fl, &op->ors_filterstr ); 1122 rc = overlay_op_walk( op, rs, op_search, on->on_info, on->on_next ); 1123 op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx ); 1124 } 1125 op->ors_filterstr = fbv; 1126 op->ors_filter = tc.orig; 1127 op->o_callback = cb.sc_next; 1128 rs->sr_attrs = op->ors_attrs; 1129 rs->sr_attr_flags = slap_attr_flags( rs->sr_attrs ); 1130 1131 /* Send out anything remaining on the list and finish */ 1132 if ( tc.step & USE_LIST ) { 1133 if ( tc.list ) { 1134 Avlnode *av; 1135 1136 av = tavl_end( tc.list, TAVL_DIR_LEFT ); 1137 while ( av ) { 1138 rs->sr_entry = av->avl_data; 1139 if ( rc == LDAP_SUCCESS && LDAP_COMPARE_TRUE == 1140 test_filter( op, rs->sr_entry, op->ors_filter )) 1141 { 1142 rs->sr_flags = REP_ENTRY_MUSTBEFREED; 1143 rc = send_search_entry( op, rs ); 1144 } else { 1145 entry_free( rs->sr_entry ); 1146 } 1147 av = tavl_next( av, TAVL_DIR_RIGHT ); 1148 } 1149 tavl_free( tc.list, NULL ); 1150 rs->sr_flags = 0; 1151 rs->sr_entry = NULL; 1152 } 1153 send_ldap_result( op, rs ); 1154 } 1155 1156 op->ors_slimit = tc.slimit; 1157 1158 /* Free in reverse order */ 1159 if ( fl ) 1160 trans_filter_free( op, fl ); 1161 if ( fr ) 1162 trans_filter_free( op, fr ); 1163 1164 return rc; 1165} 1166 1167 1168/* 1169** translucent_bind() 1170** pass bind request to captive backend; 1171** 1172*/ 1173 1174static int translucent_bind(Operation *op, SlapReply *rs) { 1175 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; 1176 translucent_info *ov = on->on_bi.bi_private; 1177 BackendDB *db; 1178 slap_callback sc = { 0 }, *save_cb; 1179 int rc; 1180 1181 Debug(LDAP_DEBUG_TRACE, "translucent_bind: <%s> method %d\n", 1182 op->o_req_dn.bv_val, op->orb_method, 0); 1183 1184 if(ov->defer_db_open) { 1185 send_ldap_error(op, rs, LDAP_UNAVAILABLE, 1186 "remote DB not available"); 1187 return(rs->sr_err); 1188 } 1189 1190 if (ov->bind_local) { 1191 sc.sc_response = slap_null_cb; 1192 save_cb = op->o_callback; 1193 op->o_callback = ≻ 1194 } 1195 1196 db = op->o_bd; 1197 op->o_bd = &ov->db; 1198 ov->db.be_acl = op->o_bd->be_acl; 1199 rc = ov->db.bd_info->bi_op_bind(op, rs); 1200 op->o_bd = db; 1201 1202 if (ov->bind_local) { 1203 op->o_callback = save_cb; 1204 if (rc != LDAP_SUCCESS) { 1205 rc = SLAP_CB_CONTINUE; 1206 } 1207 } 1208 1209 return rc; 1210} 1211 1212/* 1213** translucent_connection_destroy() 1214** pass disconnect notification to captive backend; 1215** 1216*/ 1217 1218static int translucent_connection_destroy(BackendDB *be, Connection *conn) { 1219 slap_overinst *on = (slap_overinst *) be->bd_info; 1220 translucent_info *ov = on->on_bi.bi_private; 1221 int rc = 0; 1222 1223 Debug(LDAP_DEBUG_TRACE, "translucent_connection_destroy\n", 0, 0, 0); 1224 1225 rc = ov->db.bd_info->bi_connection_destroy(&ov->db, conn); 1226 1227 return(rc); 1228} 1229 1230/* 1231** translucent_db_config() 1232** pass config directives to captive backend; 1233** parse unrecognized directives ourselves; 1234** 1235*/ 1236 1237static int translucent_db_config( 1238 BackendDB *be, 1239 const char *fname, 1240 int lineno, 1241 int argc, 1242 char **argv 1243) 1244{ 1245 slap_overinst *on = (slap_overinst *) be->bd_info; 1246 translucent_info *ov = on->on_bi.bi_private; 1247 1248 Debug(LDAP_DEBUG_TRACE, "==> translucent_db_config: %s\n", 1249 argc ? argv[0] : "", 0, 0); 1250 1251 /* Something for the captive database? */ 1252 if ( ov->db.bd_info && ov->db.bd_info->bi_db_config ) 1253 return ov->db.bd_info->bi_db_config( &ov->db, fname, lineno, 1254 argc, argv ); 1255 return SLAP_CONF_UNKNOWN; 1256} 1257 1258/* 1259** translucent_db_init() 1260** initialize the captive backend; 1261** 1262*/ 1263 1264static int translucent_db_init(BackendDB *be, ConfigReply *cr) { 1265 slap_overinst *on = (slap_overinst *) be->bd_info; 1266 translucent_info *ov; 1267 1268 Debug(LDAP_DEBUG_TRACE, "==> translucent_db_init\n", 0, 0, 0); 1269 1270 ov = ch_calloc(1, sizeof(translucent_info)); 1271 on->on_bi.bi_private = ov; 1272 ov->db = *be; 1273 ov->db.be_private = NULL; 1274 ov->defer_db_open = 1; 1275 1276 if ( !backend_db_init( "ldap", &ov->db, -1, NULL )) { 1277 Debug( LDAP_DEBUG_CONFIG, "translucent: unable to open captive back-ldap\n", 0, 0, 0); 1278 return 1; 1279 } 1280 SLAP_DBFLAGS(be) |= SLAP_DBFLAG_NO_SCHEMA_CHECK; 1281 SLAP_DBFLAGS(be) |= SLAP_DBFLAG_NOLASTMOD; 1282 1283 return 0; 1284} 1285 1286/* 1287** translucent_db_open() 1288** if the captive backend has an open() method, call it; 1289** 1290*/ 1291 1292static int translucent_db_open(BackendDB *be, ConfigReply *cr) { 1293 slap_overinst *on = (slap_overinst *) be->bd_info; 1294 translucent_info *ov = on->on_bi.bi_private; 1295 int rc; 1296 1297 Debug(LDAP_DEBUG_TRACE, "==> translucent_db_open\n", 0, 0, 0); 1298 1299 /* need to inherit something from the original database... */ 1300 ov->db.be_def_limit = be->be_def_limit; 1301 ov->db.be_limits = be->be_limits; 1302 ov->db.be_acl = be->be_acl; 1303 ov->db.be_dfltaccess = be->be_dfltaccess; 1304 1305 if ( ov->defer_db_open ) 1306 return 0; 1307 1308 rc = backend_startup_one( &ov->db, cr ); 1309 1310 if(rc) Debug(LDAP_DEBUG_TRACE, 1311 "translucent: bi_db_open() returned error %d\n", rc, 0, 0); 1312 1313 return(rc); 1314} 1315 1316/* 1317** translucent_db_close() 1318** if the captive backend has a close() method, call it 1319** 1320*/ 1321 1322static int 1323translucent_db_close( BackendDB *be, ConfigReply *cr ) 1324{ 1325 slap_overinst *on = (slap_overinst *) be->bd_info; 1326 translucent_info *ov = on->on_bi.bi_private; 1327 int rc = 0; 1328 1329 Debug(LDAP_DEBUG_TRACE, "==> translucent_db_close\n", 0, 0, 0); 1330 1331 if ( ov && ov->db.bd_info && ov->db.bd_info->bi_db_close ) { 1332 rc = ov->db.bd_info->bi_db_close(&ov->db, NULL); 1333 } 1334 1335 return(rc); 1336} 1337 1338/* 1339** translucent_db_destroy() 1340** if the captive backend has a db_destroy() method, call it; 1341** free any config data 1342** 1343*/ 1344 1345static int 1346translucent_db_destroy( BackendDB *be, ConfigReply *cr ) 1347{ 1348 slap_overinst *on = (slap_overinst *) be->bd_info; 1349 translucent_info *ov = on->on_bi.bi_private; 1350 int rc = 0; 1351 1352 Debug(LDAP_DEBUG_TRACE, "==> translucent_db_destroy\n", 0, 0, 0); 1353 1354 if ( ov ) { 1355 if ( ov->remote ) 1356 anlist_free( ov->remote, 1, NULL ); 1357 if ( ov->local ) 1358 anlist_free( ov->local, 1, NULL ); 1359 if ( ov->db.be_private != NULL ) { 1360 backend_stopdown_one( &ov->db ); 1361 } 1362 1363 ldap_pvt_thread_mutex_destroy( &ov->db.be_pcl_mutex ); 1364 ch_free(ov); 1365 on->on_bi.bi_private = NULL; 1366 } 1367 1368 return(rc); 1369} 1370 1371/* 1372** translucent_initialize() 1373** initialize the slap_overinst with our entry points; 1374** 1375*/ 1376 1377int translucent_initialize() { 1378 1379 int rc; 1380 1381 Debug(LDAP_DEBUG_TRACE, "==> translucent_initialize\n", 0, 0, 0); 1382 1383 translucent.on_bi.bi_type = "translucent"; 1384 translucent.on_bi.bi_db_init = translucent_db_init; 1385 translucent.on_bi.bi_db_config = translucent_db_config; 1386 translucent.on_bi.bi_db_open = translucent_db_open; 1387 translucent.on_bi.bi_db_close = translucent_db_close; 1388 translucent.on_bi.bi_db_destroy = translucent_db_destroy; 1389 translucent.on_bi.bi_op_bind = translucent_bind; 1390 translucent.on_bi.bi_op_add = translucent_add; 1391 translucent.on_bi.bi_op_modify = translucent_modify; 1392 translucent.on_bi.bi_op_modrdn = translucent_modrdn; 1393 translucent.on_bi.bi_op_delete = translucent_delete; 1394 translucent.on_bi.bi_op_search = translucent_search; 1395 translucent.on_bi.bi_op_compare = translucent_compare; 1396 translucent.on_bi.bi_connection_destroy = translucent_connection_destroy; 1397 translucent.on_bi.bi_extended = translucent_exop; 1398 1399 translucent.on_bi.bi_cf_ocs = translucentocs; 1400 rc = config_register_schema ( translucentcfg, translucentocs ); 1401 if ( rc ) return rc; 1402 1403 return(overlay_register(&translucent)); 1404} 1405 1406#if SLAPD_OVER_TRANSLUCENT == SLAPD_MOD_DYNAMIC && defined(PIC) 1407int init_module(int argc, char *argv[]) { 1408 return translucent_initialize(); 1409} 1410#endif 1411 1412#endif /* SLAPD_OVER_TRANSLUCENT */ 1413