1/* $NetBSD: translucent.c,v 1.3 2021/08/14 16:15:02 christos Exp $ */ 2 3/* translucent.c - translucent proxy module */ 4/* $OpenLDAP$ */ 5/* This work is part of OpenLDAP Software <http://www.openldap.org/>. 6 * 7 * Copyright 2004-2021 The OpenLDAP Foundation. 8 * Portions Copyright 2005 Symas Corporation. 9 * All rights reserved. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted only as authorized by the OpenLDAP 13 * Public License. 14 * 15 * A copy of this license is available in the file LICENSE in the 16 * top-level directory of the distribution or, alternatively, at 17 * <http://www.OpenLDAP.org/license.html>. 18 */ 19/* ACKNOWLEDGEMENTS: 20 * This work was initially developed by Symas Corp. for inclusion in 21 * OpenLDAP Software. This work was sponsored by Hewlett-Packard. 22 */ 23 24#include <sys/cdefs.h> 25__RCSID("$NetBSD: translucent.c,v 1.3 2021/08/14 16:15:02 christos Exp $"); 26 27#include "portable.h" 28 29#ifdef SLAPD_OVER_TRANSLUCENT 30 31#include <stdio.h> 32 33#include <ac/string.h> 34#include <ac/socket.h> 35 36#include "slap.h" 37#include "lutil.h" 38 39#include "slap-config.h" 40 41/* config block */ 42typedef struct translucent_info { 43 BackendDB db; /* captive backend */ 44 AttributeName *local; /* valid attrs for local filters */ 45 AttributeName *remote; /* valid attrs for remote filters */ 46 int strict; 47 int no_glue; 48 int defer_db_open; 49 int bind_local; 50 int pwmod_local; 51} translucent_info; 52 53static ConfigLDAPadd translucent_ldadd; 54static ConfigCfAdd translucent_cfadd; 55 56static ConfigDriver translucent_cf_gen; 57 58enum { 59 TRANS_LOCAL = 1, 60 TRANS_REMOTE 61}; 62 63static ConfigTable translucentcfg[] = { 64 { "translucent_strict", "on|off", 1, 2, 0, 65 ARG_ON_OFF|ARG_OFFSET, 66 (void *)offsetof(translucent_info, strict), 67 "( OLcfgOvAt:14.1 NAME 'olcTranslucentStrict' " 68 "DESC 'Reveal attribute deletion constraint violations' " 69 "EQUALITY booleanMatch " 70 "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL }, 71 { "translucent_no_glue", "on|off", 1, 2, 0, 72 ARG_ON_OFF|ARG_OFFSET, 73 (void *)offsetof(translucent_info, no_glue), 74 "( OLcfgOvAt:14.2 NAME 'olcTranslucentNoGlue' " 75 "DESC 'Disable automatic glue records for ADD and MODRDN' " 76 "EQUALITY booleanMatch " 77 "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL }, 78 { "translucent_local", "attr[,attr...]", 1, 2, 0, 79 ARG_MAGIC|TRANS_LOCAL, 80 translucent_cf_gen, 81 "( OLcfgOvAt:14.3 NAME 'olcTranslucentLocal' " 82 "DESC 'Attributes to use in local search filter' " 83 "EQUALITY caseIgnoreMatch " 84 "SYNTAX OMsDirectoryString )", NULL, NULL }, 85 { "translucent_remote", "attr[,attr...]", 1, 2, 0, 86 ARG_MAGIC|TRANS_REMOTE, 87 translucent_cf_gen, 88 "( OLcfgOvAt:14.4 NAME 'olcTranslucentRemote' " 89 "DESC 'Attributes to use in remote search filter' " 90 "EQUALITY caseIgnoreMatch " 91 "SYNTAX OMsDirectoryString )", NULL, NULL }, 92 { "translucent_bind_local", "on|off", 1, 2, 0, 93 ARG_ON_OFF|ARG_OFFSET, 94 (void *)offsetof(translucent_info, bind_local), 95 "( OLcfgOvAt:14.5 NAME 'olcTranslucentBindLocal' " 96 "DESC 'Enable local bind' " 97 "EQUALITY booleanMatch " 98 "SYNTAX OMsBoolean SINGLE-VALUE)", NULL, NULL }, 99 { "translucent_pwmod_local", "on|off", 1, 2, 0, 100 ARG_ON_OFF|ARG_OFFSET, 101 (void *)offsetof(translucent_info, pwmod_local), 102 "( OLcfgOvAt:14.6 NAME 'olcTranslucentPwModLocal' " 103 "DESC 'Enable local RFC 3062 Password Modify extended operation' " 104 "EQUALITY booleanMatch " 105 "SYNTAX OMsBoolean SINGLE-VALUE)", NULL, NULL }, 106 { NULL, NULL, 0, 0, 0, ARG_IGNORED } 107}; 108 109static ConfigOCs translucentocs[] = { 110 { "( OLcfgOvOc:14.1 " 111 "NAME 'olcTranslucentConfig' " 112 "DESC 'Translucent configuration' " 113 "SUP olcOverlayConfig " 114 "MAY ( olcTranslucentStrict $ olcTranslucentNoGlue $" 115 " olcTranslucentLocal $ olcTranslucentRemote $" 116 " olcTranslucentBindLocal $ olcTranslucentPwModLocal ) )", 117 Cft_Overlay, translucentcfg, NULL, translucent_cfadd }, 118 { "( OLcfgOvOc:14.2 " 119 "NAME 'olcTranslucentDatabase' " 120 "DESC 'Translucent target database configuration' " 121 /* co_table is initialized in translucent_initialize() */ 122 "AUXILIARY )", Cft_Misc, NULL, translucent_ldadd }, 123 { NULL, 0, NULL } 124}; 125/* for translucent_init() */ 126 127static int 128translucent_ldadd_cleanup( ConfigArgs *ca ) 129{ 130 slap_overinst *on = ca->ca_private; 131 translucent_info *ov = on->on_bi.bi_private; 132 133 ov->defer_db_open = 0; 134 return backend_startup_one( ca->be, &ca->reply ); 135} 136 137static int 138translucent_ldadd( CfEntryInfo *cei, Entry *e, ConfigArgs *ca ) 139{ 140 slap_overinst *on; 141 translucent_info *ov; 142 143 Debug(LDAP_DEBUG_TRACE, "==> translucent_ldadd\n" ); 144 145 if ( cei->ce_type != Cft_Overlay || !cei->ce_bi || 146 cei->ce_bi->bi_cf_ocs != translucentocs ) 147 return LDAP_CONSTRAINT_VIOLATION; 148 149 on = (slap_overinst *)cei->ce_bi; 150 ov = on->on_bi.bi_private; 151 ca->be = &ov->db; 152 ca->ca_private = on; 153 if ( CONFIG_ONLINE_ADD( ca )) 154 config_push_cleanup( ca, translucent_ldadd_cleanup ); 155 else 156 ov->defer_db_open = 0; 157 158 return LDAP_SUCCESS; 159} 160 161static int 162translucent_cfadd( Operation *op, SlapReply *rs, Entry *e, ConfigArgs *ca ) 163{ 164 CfEntryInfo *cei = e->e_private; 165 slap_overinst *on = (slap_overinst *)cei->ce_bi; 166 translucent_info *ov = on->on_bi.bi_private; 167 struct berval bv; 168 169 Debug(LDAP_DEBUG_TRACE, "==> translucent_cfadd\n" ); 170 171 /* FIXME: should not hardcode "olcDatabase" here */ 172 bv.bv_len = snprintf( ca->cr_msg, sizeof( ca->cr_msg ), 173 "olcDatabase=" SLAP_X_ORDERED_FMT "%s", 174 0, ov->db.bd_info->bi_type ); 175 if ( bv.bv_len >= sizeof( ca->cr_msg ) ) { 176 return -1; 177 } 178 bv.bv_val = ca->cr_msg; 179 ca->be = &ov->db; 180 ov->defer_db_open = 0; 181 182 /* We can only create this entry if the database is table-driven 183 */ 184 if ( ov->db.bd_info->bi_cf_ocs ) 185 config_build_entry( op, rs, cei, ca, &bv, 186 ov->db.bd_info->bi_cf_ocs, 187 &translucentocs[1] ); 188 189 return 0; 190} 191 192static int 193translucent_cf_gen( ConfigArgs *c ) 194{ 195 slap_overinst *on = (slap_overinst *)c->bi; 196 translucent_info *ov = on->on_bi.bi_private; 197 AttributeName **an, *a2; 198 int i; 199 200 if ( c->type == TRANS_LOCAL ) 201 an = &ov->local; 202 else 203 an = &ov->remote; 204 205 if ( c->op == SLAP_CONFIG_EMIT ) { 206 if ( !*an ) 207 return 1; 208 for ( i = 0; !BER_BVISNULL(&(*an)[i].an_name); i++ ) { 209 value_add_one( &c->rvalue_vals, &(*an)[i].an_name ); 210 } 211 return ( i < 1 ); 212 } else if ( c->op == LDAP_MOD_DELETE ) { 213 if ( c->valx < 0 ) { 214 anlist_free( *an, 1, NULL ); 215 *an = NULL; 216 } else { 217 i = c->valx; 218 ch_free( (*an)[i].an_name.bv_val ); 219 do { 220 (*an)[i] = (*an)[i+1]; 221 i++; 222 } while ( !BER_BVISNULL( &(*an)[i].an_name )); 223 } 224 return 0; 225 } 226 a2 = str2anlist( *an, c->argv[1], "," ); 227 if ( !a2 ) { 228 snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s unable to parse attribute %s", 229 c->argv[0], c->argv[1] ); 230 Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, 231 "%s: %s\n", c->log, c->cr_msg ); 232 return ARG_BAD_CONF; 233 } 234 *an = a2; 235 return 0; 236} 237 238static slap_overinst translucent; 239 240/* 241** glue_parent() 242** call syncrepl_add_glue() with the parent suffix; 243** 244*/ 245 246static struct berval glue[] = { BER_BVC("top"), BER_BVC("glue"), BER_BVNULL }; 247 248void glue_parent(Operation *op) { 249 Operation nop = *op; 250 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; 251 struct berval ndn = BER_BVNULL; 252 Attribute *a; 253 Entry *e; 254 struct berval pdn; 255 256 dnParent( &op->o_req_ndn, &pdn ); 257 ber_dupbv_x( &ndn, &pdn, op->o_tmpmemctx ); 258 259 Debug(LDAP_DEBUG_TRACE, "=> glue_parent: fabricating glue for <%s>\n", ndn.bv_val ); 260 261 e = entry_alloc(); 262 e->e_id = NOID; 263 ber_dupbv(&e->e_name, &ndn); 264 ber_dupbv(&e->e_nname, &ndn); 265 266 a = attr_alloc( slap_schema.si_ad_objectClass ); 267 a->a_numvals = 2; 268 a->a_vals = ch_malloc(sizeof(struct berval) * 3); 269 ber_dupbv(&a->a_vals[0], &glue[0]); 270 ber_dupbv(&a->a_vals[1], &glue[1]); 271 ber_dupbv(&a->a_vals[2], &glue[2]); 272 a->a_nvals = a->a_vals; 273 a->a_next = e->e_attrs; 274 e->e_attrs = a; 275 276 a = attr_alloc( slap_schema.si_ad_structuralObjectClass ); 277 a->a_numvals = 1; 278 a->a_vals = ch_malloc(sizeof(struct berval) * 2); 279 ber_dupbv(&a->a_vals[0], &glue[1]); 280 ber_dupbv(&a->a_vals[1], &glue[2]); 281 a->a_nvals = a->a_vals; 282 a->a_next = e->e_attrs; 283 e->e_attrs = a; 284 285 nop.o_req_dn = ndn; 286 nop.o_req_ndn = ndn; 287 nop.ora_e = e; 288 289 nop.o_bd->bd_info = (BackendInfo *) on->on_info->oi_orig; 290 syncrepl_add_glue(&nop, e); 291 nop.o_bd->bd_info = (BackendInfo *) on; 292 293 op->o_tmpfree( ndn.bv_val, op->o_tmpmemctx ); 294 295 return; 296} 297 298/* 299** free_attr_chain() 300** free only the Attribute*, not the contents; 301** 302*/ 303void free_attr_chain(Attribute *b) { 304 Attribute *a; 305 for(a=b; a; a=a->a_next) { 306 a->a_vals = NULL; 307 a->a_nvals = NULL; 308 } 309 attrs_free( b ); 310 return; 311} 312 313/* 314** translucent_add() 315** if not bound as root, send ACCESS error; 316** if glue, glue_parent(); 317** return CONTINUE; 318** 319*/ 320 321static int translucent_add(Operation *op, SlapReply *rs) { 322 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; 323 translucent_info *ov = on->on_bi.bi_private; 324 Debug(LDAP_DEBUG_TRACE, "==> translucent_add: %s\n", 325 op->o_req_dn.bv_val ); 326 if(!be_isroot(op)) { 327 op->o_bd->bd_info = (BackendInfo *) on->on_info; 328 send_ldap_error(op, rs, LDAP_INSUFFICIENT_ACCESS, 329 "user modification of overlay database not permitted"); 330 op->o_bd->bd_info = (BackendInfo *) on; 331 return(rs->sr_err); 332 } 333 if(!ov->no_glue) glue_parent(op); 334 return(SLAP_CB_CONTINUE); 335} 336 337/* 338** translucent_modrdn() 339** if not bound as root, send ACCESS error; 340** if !glue, glue_parent(); 341** else return CONTINUE; 342** 343*/ 344 345static int translucent_modrdn(Operation *op, SlapReply *rs) { 346 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; 347 translucent_info *ov = on->on_bi.bi_private; 348 Debug(LDAP_DEBUG_TRACE, "==> translucent_modrdn: %s -> %s\n", 349 op->o_req_dn.bv_val, op->orr_newrdn.bv_val ); 350 if(!be_isroot(op)) { 351 op->o_bd->bd_info = (BackendInfo *) on->on_info; 352 send_ldap_error(op, rs, LDAP_INSUFFICIENT_ACCESS, 353 "user modification of overlay database not permitted"); 354 op->o_bd->bd_info = (BackendInfo *) on; 355 return(rs->sr_err); 356 } 357 if(!ov->no_glue) { 358 op->o_tag = LDAP_REQ_ADD; 359 glue_parent(op); 360 op->o_tag = LDAP_REQ_MODRDN; 361 } 362 return(SLAP_CB_CONTINUE); 363} 364 365/* 366** translucent_delete() 367** if not bound as root, send ACCESS error; 368** else return CONTINUE; 369** 370*/ 371 372static int translucent_delete(Operation *op, SlapReply *rs) { 373 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; 374 Debug(LDAP_DEBUG_TRACE, "==> translucent_delete: %s\n", 375 op->o_req_dn.bv_val ); 376 if(!be_isroot(op)) { 377 op->o_bd->bd_info = (BackendInfo *) on->on_info; 378 send_ldap_error(op, rs, LDAP_INSUFFICIENT_ACCESS, 379 "user modification of overlay database not permitted"); 380 op->o_bd->bd_info = (BackendInfo *) on; 381 return(rs->sr_err); 382 } 383 return(SLAP_CB_CONTINUE); 384} 385 386static int 387translucent_tag_cb( Operation *op, SlapReply *rs ) 388{ 389 op->o_tag = LDAP_REQ_MODIFY; 390 op->orm_modlist = op->o_callback->sc_private; 391 rs->sr_tag = slap_req2res( op->o_tag ); 392 393 return SLAP_CB_CONTINUE; 394} 395 396/* 397** translucent_modify() 398** modify in local backend if exists in both; 399** otherwise, add to local backend; 400** fail if not defined in captive backend; 401** 402*/ 403 404static int translucent_modify(Operation *op, SlapReply *rs) { 405 SlapReply nrs = { REP_RESULT }; 406 407 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; 408 translucent_info *ov = on->on_bi.bi_private; 409 Entry *e = NULL, *re = NULL; 410 Attribute *a, *ax; 411 Modifications *m, **mm; 412 BackendDB *db; 413 int del, rc, erc = 0; 414 slap_callback cb = { 0 }; 415 416 Debug(LDAP_DEBUG_TRACE, "==> translucent_modify: %s\n", 417 op->o_req_dn.bv_val ); 418 419 if(ov->defer_db_open) { 420 send_ldap_error(op, rs, LDAP_UNAVAILABLE, 421 "remote DB not available"); 422 return(rs->sr_err); 423 } 424/* 425** fetch entry from the captive backend; 426** if it did not exist, fail; 427** release it, if captive backend supports this; 428** 429*/ 430 431 db = op->o_bd; 432 op->o_bd = &ov->db; 433 ov->db.be_acl = op->o_bd->be_acl; 434 rc = ov->db.bd_info->bi_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &re); 435 op->o_bd = db; 436 if(rc != LDAP_SUCCESS || re == NULL ) { 437 send_ldap_error((op), rs, LDAP_NO_SUCH_OBJECT, 438 "attempt to modify nonexistent local record"); 439 return(rs->sr_err); 440 } 441/* 442** fetch entry from local backend; 443** if it exists: 444** foreach Modification: 445** if attr not present in local: 446** if Mod == LDAP_MOD_DELETE: 447** if remote attr not present, return NO_SUCH; 448** if remote attr present, drop this Mod; 449** else force this Mod to LDAP_MOD_ADD; 450** return CONTINUE; 451** 452*/ 453 454 op->o_bd->bd_info = (BackendInfo *) on->on_info->oi_orig; 455 rc = be_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &e); 456 op->o_bd->bd_info = (BackendInfo *) on; 457 458 if(e && rc == LDAP_SUCCESS) { 459 Debug(LDAP_DEBUG_TRACE, "=> translucent_modify: found local entry\n" ); 460 for(mm = &op->orm_modlist; *mm; ) { 461 m = *mm; 462 for(a = e->e_attrs; a; a = a->a_next) 463 if(a->a_desc == m->sml_desc) break; 464 if(a) { 465 mm = &m->sml_next; 466 continue; /* found local attr */ 467 } 468 if(m->sml_op == LDAP_MOD_DELETE) { 469 for(a = re->e_attrs; a; a = a->a_next) 470 if(a->a_desc == m->sml_desc) break; 471 /* not found remote attr */ 472 if(!a) { 473 erc = LDAP_NO_SUCH_ATTRIBUTE; 474 goto release; 475 } 476 if(ov->strict) { 477 erc = LDAP_CONSTRAINT_VIOLATION; 478 goto release; 479 } 480 Debug(LDAP_DEBUG_TRACE, 481 "=> translucent_modify: silently dropping delete: %s\n", 482 m->sml_desc->ad_cname.bv_val ); 483 *mm = m->sml_next; 484 m->sml_next = NULL; 485 slap_mods_free(m, 1); 486 continue; 487 } 488 m->sml_op = LDAP_MOD_ADD; 489 mm = &m->sml_next; 490 } 491 erc = SLAP_CB_CONTINUE; 492release: 493 if(re) { 494 if(ov->db.bd_info->bi_entry_release_rw) { 495 op->o_bd = &ov->db; 496 ov->db.bd_info->bi_entry_release_rw(op, re, 0); 497 op->o_bd = db; 498 } else 499 entry_free(re); 500 } 501 op->o_bd->bd_info = (BackendInfo *) on->on_info->oi_orig; 502 be_entry_release_r(op, e); 503 op->o_bd->bd_info = (BackendInfo *) on; 504 if(erc == SLAP_CB_CONTINUE) { 505 return(erc); 506 } else if(erc) { 507 send_ldap_error(op, rs, erc, 508 "attempt to delete nonexistent attribute"); 509 return(erc); 510 } 511 } 512 513 /* don't leak remote entry copy */ 514 if(re) { 515 if(ov->db.bd_info->bi_entry_release_rw) { 516 op->o_bd = &ov->db; 517 ov->db.bd_info->bi_entry_release_rw(op, re, 0); 518 op->o_bd = db; 519 } else 520 entry_free(re); 521 } 522/* 523** foreach Modification: 524** if MOD_ADD or MOD_REPLACE, add Attribute; 525** if no Modifications were suitable: 526** if strict, throw CONSTRAINT_VIOLATION; 527** else, return early SUCCESS; 528** fabricate Entry with new Attribute chain; 529** glue_parent() for this Entry; 530** call bi_op_add() in local backend; 531** 532*/ 533 534 Debug(LDAP_DEBUG_TRACE, "=> translucent_modify: fabricating local add\n" ); 535 a = NULL; 536 for(del = 0, ax = NULL, m = op->orm_modlist; m; m = m->sml_next) { 537 Attribute atmp; 538 if(((m->sml_op & LDAP_MOD_OP) != LDAP_MOD_ADD) && 539 ((m->sml_op & LDAP_MOD_OP) != LDAP_MOD_REPLACE)) { 540 Debug(LDAP_DEBUG_ANY, 541 "=> translucent_modify: silently dropped modification(%d): %s\n", 542 m->sml_op, m->sml_desc->ad_cname.bv_val ); 543 if((m->sml_op & LDAP_MOD_OP) == LDAP_MOD_DELETE) del++; 544 continue; 545 } 546 atmp.a_desc = m->sml_desc; 547 atmp.a_vals = m->sml_values; 548 atmp.a_nvals = m->sml_nvalues ? m->sml_nvalues : atmp.a_vals; 549 atmp.a_numvals = m->sml_numvals; 550 atmp.a_flags = 0; 551 a = attr_dup( &atmp ); 552 a->a_next = ax; 553 ax = a; 554 } 555 556 if(del && ov->strict) { 557 attrs_free( a ); 558 send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION, 559 "attempt to delete attributes from local database"); 560 return(rs->sr_err); 561 } 562 563 if(!ax) { 564 if(ov->strict) { 565 send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION, 566 "modification contained other than ADD or REPLACE"); 567 return(rs->sr_err); 568 } 569 /* rs->sr_text = "no valid modification found"; */ 570 rs->sr_err = LDAP_SUCCESS; 571 send_ldap_result(op, rs); 572 return(rs->sr_err); 573 } 574 575 e = entry_alloc(); 576 ber_dupbv( &e->e_name, &op->o_req_dn ); 577 ber_dupbv( &e->e_nname, &op->o_req_ndn ); 578 e->e_attrs = a; 579 580 op->o_tag = LDAP_REQ_ADD; 581 cb.sc_response = translucent_tag_cb; 582 cb.sc_private = op->orm_modlist; 583 op->oq_add.rs_e = e; 584 585 glue_parent(op); 586 587 cb.sc_next = op->o_callback; 588 op->o_callback = &cb; 589 rc = on->on_info->oi_orig->bi_op_add(op, &nrs); 590 if ( op->ora_e == e ) 591 entry_free( e ); 592 op->o_callback = cb.sc_next; 593 594 return(rc); 595} 596 597static int translucent_compare(Operation *op, SlapReply *rs) { 598 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; 599 translucent_info *ov = on->on_bi.bi_private; 600 AttributeAssertion *ava = op->orc_ava; 601 Entry *e = NULL; 602 BackendDB *db; 603 int rc; 604 605 Debug(LDAP_DEBUG_TRACE, "==> translucent_compare: <%s> %s:%s\n", 606 op->o_req_dn.bv_val, ava->aa_desc->ad_cname.bv_val, ava->aa_value.bv_val); 607 608/* 609** if the local backend has an entry for this attribute: 610** CONTINUE and let it do the compare; 611** 612*/ 613 rc = overlay_entry_get_ov(op, &op->o_req_ndn, NULL, ava->aa_desc, 0, &e, on); 614 if(rc == LDAP_SUCCESS && e) { 615 overlay_entry_release_ov(op, e, 0, on); 616 return(SLAP_CB_CONTINUE); 617 } 618 619 if(ov->defer_db_open) { 620 send_ldap_error(op, rs, LDAP_UNAVAILABLE, 621 "remote DB not available"); 622 return(rs->sr_err); 623 } 624/* 625** call compare() in the captive backend; 626** return the result; 627** 628*/ 629 db = op->o_bd; 630 op->o_bd = &ov->db; 631 ov->db.be_acl = op->o_bd->be_acl; 632 rc = ov->db.bd_info->bi_op_compare(op, rs); 633 op->o_bd = db; 634 635 return(rc); 636} 637 638static int translucent_pwmod(Operation *op, SlapReply *rs) { 639 SlapReply nrs = { REP_RESULT }; 640 Operation nop; 641 642 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; 643 translucent_info *ov = on->on_bi.bi_private; 644 Entry *e = NULL, *re = NULL; 645 BackendDB *db; 646 int rc = 0; 647 slap_callback cb = { 0 }; 648 649 if (!ov->pwmod_local) { 650 rs->sr_err = LDAP_CONSTRAINT_VIOLATION, 651 rs->sr_text = "attempt to modify password in local database"; 652 return rs->sr_err; 653 } 654 655/* 656** fetch entry from the captive backend; 657** if it did not exist, fail; 658** release it, if captive backend supports this; 659** 660*/ 661 db = op->o_bd; 662 op->o_bd = &ov->db; 663 ov->db.be_acl = op->o_bd->be_acl; 664 rc = ov->db.bd_info->bi_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &re); 665 if(rc != LDAP_SUCCESS || re == NULL ) { 666 send_ldap_error((op), rs, LDAP_NO_SUCH_OBJECT, 667 "attempt to modify nonexistent local record"); 668 return(rs->sr_err); 669 } 670 op->o_bd = db; 671/* 672** fetch entry from local backend; 673** if it exists: 674** return CONTINUE; 675*/ 676 677 op->o_bd->bd_info = (BackendInfo *) on->on_info->oi_orig; 678 rc = be_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &e); 679 op->o_bd->bd_info = (BackendInfo *) on; 680 681 if(e && rc == LDAP_SUCCESS) { 682 if(re) { 683 if(ov->db.bd_info->bi_entry_release_rw) { 684 op->o_bd = &ov->db; 685 ov->db.bd_info->bi_entry_release_rw(op, re, 0); 686 op->o_bd = db; 687 } else { 688 entry_free(re); 689 } 690 } 691 op->o_bd->bd_info = (BackendInfo *) on->on_info->oi_orig; 692 be_entry_release_r(op, e); 693 op->o_bd->bd_info = (BackendInfo *) on; 694 return SLAP_CB_CONTINUE; 695 } 696 697 /* don't leak remote entry copy */ 698 if(re) { 699 if(ov->db.bd_info->bi_entry_release_rw) { 700 op->o_bd = &ov->db; 701 ov->db.bd_info->bi_entry_release_rw(op, re, 0); 702 op->o_bd = db; 703 } else { 704 entry_free(re); 705 } 706 } 707/* 708** glue_parent() for this Entry; 709** call bi_op_add() in local backend; 710** 711*/ 712 e = entry_alloc(); 713 ber_dupbv( &e->e_name, &op->o_req_dn ); 714 ber_dupbv( &e->e_nname, &op->o_req_ndn ); 715 e->e_attrs = NULL; 716 717 nop = *op; 718 nop.o_tag = LDAP_REQ_ADD; 719 cb.sc_response = slap_null_cb; 720 nop.oq_add.rs_e = e; 721 722 glue_parent(&nop); 723 724 nop.o_callback = &cb; 725 rc = on->on_info->oi_orig->bi_op_add(&nop, &nrs); 726 if ( nop.ora_e == e ) { 727 entry_free( e ); 728 } 729 730 if ( rc == LDAP_SUCCESS ) { 731 return SLAP_CB_CONTINUE; 732 } 733 734 return rc; 735} 736 737static int translucent_exop(Operation *op, SlapReply *rs) { 738 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; 739 translucent_info *ov = on->on_bi.bi_private; 740 const struct berval bv_exop_pwmod = BER_BVC(LDAP_EXOP_MODIFY_PASSWD); 741 742 Debug(LDAP_DEBUG_TRACE, "==> translucent_exop: %s\n", 743 op->o_req_dn.bv_val ); 744 745 if(ov->defer_db_open) { 746 send_ldap_error(op, rs, LDAP_UNAVAILABLE, 747 "remote DB not available"); 748 return(rs->sr_err); 749 } 750 751 if ( bvmatch( &bv_exop_pwmod, &op->ore_reqoid ) ) { 752 return translucent_pwmod( op, rs ); 753 } 754 755 return SLAP_CB_CONTINUE; 756} 757 758/* 759** translucent_search_cb() 760** merge local data with remote data 761** 762** Four cases: 763** 1: remote search, no local filter 764** merge data and send immediately 765** 2: remote search, with local filter 766** merge data and save 767** 3: local search, no remote filter 768** merge data and send immediately 769** 4: local search, with remote filter 770** check list, merge, send, delete 771*/ 772 773#define RMT_SIDE 0 774#define LCL_SIDE 1 775#define USE_LIST 2 776 777typedef struct trans_ctx { 778 BackendDB *db; 779 slap_overinst *on; 780 Filter *orig; 781 TAvlnode *list; 782 int step; 783 int slimit; 784 AttributeName *attrs; 785} trans_ctx; 786 787static int translucent_search_cb(Operation *op, SlapReply *rs) { 788 trans_ctx *tc; 789 BackendDB *db; 790 slap_overinst *on; 791 translucent_info *ov; 792 Entry *le, *re; 793 Attribute *a, *ax, *an, *as = NULL; 794 int rc; 795 int test_f = 0; 796 797 tc = op->o_callback->sc_private; 798 799 /* Don't let the op complete while we're gathering data */ 800 if ( rs->sr_type == REP_RESULT && ( tc->step & USE_LIST )) 801 return 0; 802 803 if(rs->sr_type != REP_SEARCH || !rs->sr_entry) 804 return(SLAP_CB_CONTINUE); 805 806 Debug(LDAP_DEBUG_TRACE, "==> translucent_search_cb: %s\n", 807 rs->sr_entry->e_name.bv_val ); 808 809 op->ors_slimit = tc->slimit + ( tc->slimit > 0 ? 1 : 0 ); 810 if ( op->ors_attrs == slap_anlist_all_attributes ) { 811 op->ors_attrs = tc->attrs; 812 rs->sr_attrs = tc->attrs; 813 rs->sr_attr_flags = slap_attr_flags( rs->sr_attrs ); 814 } 815 816 on = tc->on; 817 ov = on->on_bi.bi_private; 818 819 db = op->o_bd; 820 re = NULL; 821 822 /* If we have local, get remote */ 823 if ( tc->step & LCL_SIDE ) { 824 le = rs->sr_entry; 825 /* If entry is already on list, use it */ 826 if ( tc->step & USE_LIST ) { 827 re = ldap_tavl_delete( &tc->list, le, entry_dn_cmp ); 828 if ( re ) { 829 rs_flush_entry( op, rs, on ); 830 rc = test_filter( op, re, tc->orig ); 831 if ( rc == LDAP_COMPARE_TRUE ) { 832 rs->sr_flags |= REP_ENTRY_MUSTBEFREED; 833 rs->sr_entry = re; 834 835 if ( tc->slimit >= 0 && rs->sr_nentries >= tc->slimit ) { 836 return LDAP_SIZELIMIT_EXCEEDED; 837 } 838 839 return SLAP_CB_CONTINUE; 840 } else { 841 entry_free( re ); 842 rs->sr_entry = NULL; 843 return 0; 844 } 845 } 846 } 847 op->o_bd = &ov->db; 848 rc = be_entry_get_rw( op, &rs->sr_entry->e_nname, NULL, NULL, 0, &re ); 849 if ( rc == LDAP_SUCCESS && re ) { 850 Entry *tmp = entry_dup( re ); 851 be_entry_release_r( op, re ); 852 re = tmp; 853 test_f = 1; 854 } 855 } else { 856 /* Else we have remote, get local */ 857 op->o_bd = tc->db; 858 le = NULL; 859 rc = overlay_entry_get_ov(op, &rs->sr_entry->e_nname, NULL, NULL, 0, &le, on); 860 if ( rc == LDAP_SUCCESS && le ) { 861 re = entry_dup( rs->sr_entry ); 862 rs_flush_entry( op, rs, on ); 863 } else { 864 le = NULL; 865 } 866 } 867 868/* 869** if we got remote and local entry: 870** foreach local attr: 871** foreach remote attr: 872** if match, remote attr with local attr; 873** if new local, add to list; 874** append new local attrs to remote; 875** 876*/ 877 878 if ( re && le ) { 879 for(ax = le->e_attrs; ax; ax = ax->a_next) { 880 for(a = re->e_attrs; a; a = a->a_next) { 881 if(a->a_desc == ax->a_desc) { 882 test_f = 1; 883 if(a->a_vals != a->a_nvals) 884 ber_bvarray_free(a->a_nvals); 885 ber_bvarray_free(a->a_vals); 886 ber_bvarray_dup_x( &a->a_vals, ax->a_vals, NULL ); 887 if ( ax->a_vals == ax->a_nvals ) { 888 a->a_nvals = a->a_vals; 889 } else { 890 ber_bvarray_dup_x( &a->a_nvals, ax->a_nvals, NULL ); 891 } 892 break; 893 } 894 } 895 if(a) continue; 896 an = attr_dup(ax); 897 an->a_next = as; 898 as = an; 899 } 900 /* Dispose of local entry */ 901 if ( tc->step & LCL_SIDE ) { 902 rs_flush_entry(op, rs, on); 903 } else { 904 overlay_entry_release_ov(op, le, 0, on); 905 } 906 907 /* literally append, so locals are always last */ 908 if(as) { 909 if(re->e_attrs) { 910 for(ax = re->e_attrs; ax->a_next; ax = ax->a_next); 911 ax->a_next = as; 912 } else { 913 re->e_attrs = as; 914 } 915 } 916 /* If both filters, save entry for later */ 917 if ( tc->step == (USE_LIST|RMT_SIDE) ) { 918 ldap_tavl_insert( &tc->list, re, entry_dn_cmp, ldap_avl_dup_error ); 919 rs->sr_entry = NULL; 920 rc = 0; 921 } else { 922 /* send it now */ 923 rs->sr_entry = re; 924 rs->sr_flags |= REP_ENTRY_MUSTBEFREED; 925 if ( test_f ) { 926 rc = test_filter( op, rs->sr_entry, tc->orig ); 927 if ( rc == LDAP_COMPARE_TRUE ) { 928 rc = SLAP_CB_CONTINUE; 929 } else { 930 rc = 0; 931 } 932 } else { 933 rc = SLAP_CB_CONTINUE; 934 } 935 } 936 } else if ( le ) { 937 /* Only a local entry: remote was deleted 938 * Ought to delete the local too... 939 */ 940 rc = 0; 941 } else if ( tc->step & USE_LIST ) { 942 /* Only a remote entry, but both filters: 943 * Test the complete filter 944 */ 945 rc = test_filter( op, rs->sr_entry, tc->orig ); 946 if ( rc == LDAP_COMPARE_TRUE ) { 947 rc = SLAP_CB_CONTINUE; 948 } else { 949 rc = 0; 950 } 951 } else { 952 /* Only a remote entry, only remote filter: 953 * just pass thru 954 */ 955 rc = SLAP_CB_CONTINUE; 956 } 957 958 op->o_bd = db; 959 960 if ( rc == SLAP_CB_CONTINUE && tc->slimit >= 0 && rs->sr_nentries >= tc->slimit ) { 961 return LDAP_SIZELIMIT_EXCEEDED; 962 } 963 964 return rc; 965} 966 967/* Dup the filter, excluding invalid elements */ 968static Filter * 969trans_filter_dup(Operation *op, Filter *f, AttributeName *an) 970{ 971 Filter *n = NULL; 972 973 if ( !f ) 974 return NULL; 975 976 switch( f->f_choice & SLAPD_FILTER_MASK ) { 977 case SLAPD_FILTER_COMPUTED: 978 n = op->o_tmpalloc( sizeof(Filter), op->o_tmpmemctx ); 979 n->f_choice = f->f_choice; 980 n->f_result = f->f_result; 981 n->f_next = NULL; 982 break; 983 984 case LDAP_FILTER_PRESENT: 985 if ( ad_inlist( f->f_desc, an )) { 986 n = op->o_tmpalloc( sizeof(Filter), op->o_tmpmemctx ); 987 n->f_choice = f->f_choice; 988 n->f_desc = f->f_desc; 989 n->f_next = NULL; 990 } 991 break; 992 993 case LDAP_FILTER_EQUALITY: 994 case LDAP_FILTER_GE: 995 case LDAP_FILTER_LE: 996 case LDAP_FILTER_APPROX: 997 case LDAP_FILTER_SUBSTRINGS: 998 case LDAP_FILTER_EXT: 999 if ( !f->f_av_desc || ad_inlist( f->f_av_desc, an )) { 1000 AttributeAssertion *nava; 1001 1002 n = op->o_tmpalloc( sizeof(Filter), op->o_tmpmemctx ); 1003 n->f_choice = f->f_choice; 1004 1005 nava = op->o_tmpalloc( sizeof(AttributeAssertion), op->o_tmpmemctx ); 1006 *nava = *f->f_ava; 1007 n->f_ava = nava; 1008 1009 ber_dupbv_x( &n->f_av_value, &f->f_av_value, op->o_tmpmemctx ); 1010 n->f_next = NULL; 1011 } 1012 break; 1013 1014 case LDAP_FILTER_AND: 1015 case LDAP_FILTER_OR: 1016 case LDAP_FILTER_NOT: { 1017 Filter **p; 1018 1019 n = op->o_tmpalloc( sizeof(Filter), op->o_tmpmemctx ); 1020 n->f_choice = f->f_choice; 1021 n->f_next = NULL; 1022 1023 for ( p = &n->f_list, f = f->f_list; f; f = f->f_next ) { 1024 *p = trans_filter_dup( op, f, an ); 1025 if ( !*p ) 1026 continue; 1027 p = &(*p)->f_next; 1028 } 1029 /* nothing valid in this list */ 1030 if ( !n->f_list ) { 1031 op->o_tmpfree( n, op->o_tmpmemctx ); 1032 return NULL; 1033 } 1034 /* Only 1 element in this list */ 1035 if ((n->f_choice & SLAPD_FILTER_MASK) != LDAP_FILTER_NOT && 1036 !n->f_list->f_next ) { 1037 f = n->f_list; 1038 *n = *f; 1039 op->o_tmpfree( f, op->o_tmpmemctx ); 1040 } 1041 break; 1042 } 1043 } 1044 return n; 1045} 1046 1047static void 1048trans_filter_free( Operation *op, Filter *f ) 1049{ 1050 Filter *n, *p, *next; 1051 1052 f->f_choice &= SLAPD_FILTER_MASK; 1053 1054 switch( f->f_choice ) { 1055 case LDAP_FILTER_AND: 1056 case LDAP_FILTER_OR: 1057 case LDAP_FILTER_NOT: 1058 /* Free in reverse order */ 1059 n = NULL; 1060 for ( p = f->f_list; p; p = next ) { 1061 next = p->f_next; 1062 p->f_next = n; 1063 n = p; 1064 } 1065 for ( p = n; p; p = next ) { 1066 next = p->f_next; 1067 trans_filter_free( op, p ); 1068 } 1069 break; 1070 case LDAP_FILTER_EQUALITY: 1071 case LDAP_FILTER_GE: 1072 case LDAP_FILTER_LE: 1073 case LDAP_FILTER_APPROX: 1074 case LDAP_FILTER_SUBSTRINGS: 1075 case LDAP_FILTER_EXT: 1076 op->o_tmpfree( f->f_av_value.bv_val, op->o_tmpmemctx ); 1077 op->o_tmpfree( f->f_ava, op->o_tmpmemctx ); 1078 break; 1079 default: 1080 break; 1081 } 1082 op->o_tmpfree( f, op->o_tmpmemctx ); 1083} 1084 1085static int 1086translucent_search_cleanup( Operation *op, SlapReply *rs ) 1087{ 1088 trans_ctx *tc = op->o_callback->sc_private; 1089 1090 op->ors_filter = tc->orig; 1091 return LDAP_SUCCESS; 1092} 1093 1094/* 1095** translucent_search() 1096** search via captive backend; 1097** override results with any local data; 1098** 1099*/ 1100 1101static int translucent_search(Operation *op, SlapReply *rs) { 1102 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; 1103 translucent_info *ov = on->on_bi.bi_private; 1104 slap_callback cb = { NULL, NULL, NULL, NULL }; 1105 trans_ctx tc; 1106 Filter *fl, *fr; 1107 struct berval fbv; 1108 int rc = 0; 1109 1110 if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) 1111 return SLAP_CB_CONTINUE; 1112 1113 Debug(LDAP_DEBUG_TRACE, "==> translucent_search: <%s> %s\n", 1114 op->o_req_dn.bv_val, op->ors_filterstr.bv_val ); 1115 1116 if(ov->defer_db_open) { 1117 send_ldap_error(op, rs, LDAP_UNAVAILABLE, 1118 "remote DB not available"); 1119 return(rs->sr_err); 1120 } 1121 1122 fr = ov->remote ? trans_filter_dup( op, op->ors_filter, ov->remote ) : NULL; 1123 fl = ov->local ? trans_filter_dup( op, op->ors_filter, ov->local ) : NULL; 1124 cb.sc_response = (slap_response *) translucent_search_cb; 1125 cb.sc_cleanup = (slap_response *) translucent_search_cleanup; 1126 cb.sc_private = &tc; 1127 1128 ov->db.be_acl = op->o_bd->be_acl; 1129 tc.db = op->o_bd; 1130 tc.on = on; 1131 tc.orig = op->ors_filter; 1132 tc.list = NULL; 1133 tc.step = 0; 1134 tc.slimit = op->ors_slimit; 1135 tc.attrs = NULL; 1136 fbv = op->ors_filterstr; 1137 1138 if ( fr || !fl ) { 1139 Operation op2; 1140 Opheader oh; 1141 1142 op2 = *op; 1143 oh = *op->o_hdr; 1144 oh.oh_conn = op->o_conn; 1145 oh.oh_connid = op->o_connid; 1146 op2.o_bd = &ov->db; 1147 op2.o_hdr = &oh; 1148 op2.o_extra = op->o_extra; 1149 op2.o_callback = &cb; 1150 1151 tc.attrs = op->ors_attrs; 1152 op->ors_slimit = SLAP_NO_LIMIT; 1153 op->ors_attrs = slap_anlist_all_attributes; 1154 tc.step |= RMT_SIDE; 1155 if ( fl ) { 1156 tc.step |= USE_LIST; 1157 op->ors_filter = fr; 1158 filter2bv_x( op, fr, &op2.ors_filterstr ); 1159 } 1160 rc = ov->db.bd_info->bi_op_search( &op2, rs ); 1161 if ( op->ors_attrs == slap_anlist_all_attributes ) 1162 op->ors_attrs = tc.attrs; 1163 if ( fl ) { 1164 op->o_tmpfree( op2.ors_filterstr.bv_val, op2.o_tmpmemctx ); 1165 } 1166 } 1167 1168 cb.sc_next = op->o_callback; 1169 op->o_callback = &cb; 1170 1171 if ( fl && !rc ) { 1172 tc.step |= LCL_SIDE; 1173 op->ors_filter = fl; 1174 filter2bv_x( op, fl, &op->ors_filterstr ); 1175 rc = overlay_op_walk( op, rs, op_search, on->on_info, on->on_next ); 1176 op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx ); 1177 } 1178 op->ors_filterstr = fbv; 1179 op->o_callback = cb.sc_next; 1180 rs->sr_attrs = op->ors_attrs; 1181 rs->sr_attr_flags = slap_attr_flags( rs->sr_attrs ); 1182 1183 /* Send out anything remaining on the list and finish */ 1184 if ( tc.step & USE_LIST ) { 1185 if ( tc.list ) { 1186 TAvlnode *av; 1187 1188 av = ldap_tavl_end( tc.list, TAVL_DIR_LEFT ); 1189 while ( av ) { 1190 rs->sr_entry = av->avl_data; 1191 if ( rc == LDAP_SUCCESS && LDAP_COMPARE_TRUE == 1192 test_filter( op, rs->sr_entry, op->ors_filter )) 1193 { 1194 rs->sr_flags = REP_ENTRY_MUSTBEFREED; 1195 rc = send_search_entry( op, rs ); 1196 } else { 1197 entry_free( rs->sr_entry ); 1198 } 1199 av = ldap_tavl_next( av, TAVL_DIR_RIGHT ); 1200 } 1201 ldap_tavl_free( tc.list, NULL ); 1202 rs->sr_flags = 0; 1203 rs->sr_entry = NULL; 1204 } 1205 send_ldap_result( op, rs ); 1206 } 1207 1208 op->ors_slimit = tc.slimit; 1209 1210 /* Free in reverse order */ 1211 if ( fl ) 1212 trans_filter_free( op, fl ); 1213 if ( fr ) 1214 trans_filter_free( op, fr ); 1215 1216 return rc; 1217} 1218 1219 1220/* 1221** translucent_bind() 1222** pass bind request to captive backend; 1223** 1224*/ 1225 1226static int translucent_bind(Operation *op, SlapReply *rs) { 1227 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; 1228 translucent_info *ov = on->on_bi.bi_private; 1229 BackendDB *db; 1230 slap_callback sc = { 0 }, *save_cb; 1231 int rc; 1232 1233 Debug(LDAP_DEBUG_TRACE, "translucent_bind: <%s> method %d\n", 1234 op->o_req_dn.bv_val, op->orb_method ); 1235 1236 if(ov->defer_db_open) { 1237 send_ldap_error(op, rs, LDAP_UNAVAILABLE, 1238 "remote DB not available"); 1239 return(rs->sr_err); 1240 } 1241 1242 if (ov->bind_local) { 1243 sc.sc_response = slap_null_cb; 1244 save_cb = op->o_callback; 1245 op->o_callback = ≻ 1246 } 1247 1248 db = op->o_bd; 1249 op->o_bd = &ov->db; 1250 ov->db.be_acl = op->o_bd->be_acl; 1251 rc = ov->db.bd_info->bi_op_bind(op, rs); 1252 op->o_bd = db; 1253 1254 if (ov->bind_local) { 1255 op->o_callback = save_cb; 1256 if (rc != LDAP_SUCCESS) { 1257 rc = SLAP_CB_CONTINUE; 1258 } 1259 } 1260 1261 return rc; 1262} 1263 1264/* 1265** translucent_connection_destroy() 1266** pass disconnect notification to captive backend; 1267** 1268*/ 1269 1270static int translucent_connection_destroy(BackendDB *be, Connection *conn) { 1271 slap_overinst *on = (slap_overinst *) be->bd_info; 1272 translucent_info *ov = on->on_bi.bi_private; 1273 int rc = 0; 1274 1275 Debug(LDAP_DEBUG_TRACE, "translucent_connection_destroy\n" ); 1276 1277 rc = ov->db.bd_info->bi_connection_destroy(&ov->db, conn); 1278 1279 return(rc); 1280} 1281 1282/* 1283** translucent_db_config() 1284** pass config directives to captive backend; 1285** parse unrecognized directives ourselves; 1286** 1287*/ 1288 1289static int translucent_db_config( 1290 BackendDB *be, 1291 const char *fname, 1292 int lineno, 1293 int argc, 1294 char **argv 1295) 1296{ 1297 slap_overinst *on = (slap_overinst *) be->bd_info; 1298 translucent_info *ov = on->on_bi.bi_private; 1299 1300 Debug(LDAP_DEBUG_TRACE, "==> translucent_db_config: %s\n", 1301 argc ? argv[0] : "" ); 1302 1303 /* Something for the captive database? */ 1304 if ( ov->db.bd_info && ov->db.bd_info->bi_db_config ) 1305 return ov->db.bd_info->bi_db_config( &ov->db, fname, lineno, 1306 argc, argv ); 1307 return SLAP_CONF_UNKNOWN; 1308} 1309 1310/* 1311** translucent_db_init() 1312** initialize the captive backend; 1313** 1314*/ 1315 1316static int translucent_db_init(BackendDB *be, ConfigReply *cr) { 1317 slap_overinst *on = (slap_overinst *) be->bd_info; 1318 translucent_info *ov; 1319 1320 Debug(LDAP_DEBUG_TRACE, "==> translucent_db_init\n" ); 1321 1322 ov = ch_calloc(1, sizeof(translucent_info)); 1323 on->on_bi.bi_private = ov; 1324 ov->db = *be; 1325 ov->db.be_private = NULL; 1326 ov->defer_db_open = 1; 1327 1328 if ( !backend_db_init( "ldap", &ov->db, -1, NULL )) { 1329 Debug( LDAP_DEBUG_CONFIG, "translucent: unable to open captive back-ldap\n" ); 1330 return 1; 1331 } 1332 SLAP_DBFLAGS(be) |= SLAP_DBFLAG_NO_SCHEMA_CHECK; 1333 SLAP_DBFLAGS(be) |= SLAP_DBFLAG_NOLASTMOD; 1334 1335 return 0; 1336} 1337 1338/* 1339** translucent_db_open() 1340** if the captive backend has an open() method, call it; 1341** 1342*/ 1343 1344static int translucent_db_open(BackendDB *be, ConfigReply *cr) { 1345 slap_overinst *on = (slap_overinst *) be->bd_info; 1346 translucent_info *ov = on->on_bi.bi_private; 1347 int rc; 1348 1349 Debug(LDAP_DEBUG_TRACE, "==> translucent_db_open\n" ); 1350 1351 /* need to inherit something from the original database... */ 1352 ov->db.be_def_limit = be->be_def_limit; 1353 ov->db.be_limits = be->be_limits; 1354 ov->db.be_acl = be->be_acl; 1355 ov->db.be_dfltaccess = be->be_dfltaccess; 1356 1357 if ( ov->defer_db_open ) 1358 return 0; 1359 1360 rc = backend_startup_one( &ov->db, cr ); 1361 1362 if(rc) Debug(LDAP_DEBUG_TRACE, 1363 "translucent: bi_db_open() returned error %d\n", rc ); 1364 1365 return(rc); 1366} 1367 1368/* 1369** translucent_db_close() 1370** if the captive backend has a close() method, call it 1371** 1372*/ 1373 1374static int 1375translucent_db_close( BackendDB *be, ConfigReply *cr ) 1376{ 1377 slap_overinst *on = (slap_overinst *) be->bd_info; 1378 translucent_info *ov = on->on_bi.bi_private; 1379 int rc = 0; 1380 1381 Debug(LDAP_DEBUG_TRACE, "==> translucent_db_close\n" ); 1382 1383 if ( ov && ov->db.bd_info && ov->db.bd_info->bi_db_close ) { 1384 rc = ov->db.bd_info->bi_db_close(&ov->db, NULL); 1385 } 1386 1387 return(rc); 1388} 1389 1390/* 1391** translucent_db_destroy() 1392** if the captive backend has a db_destroy() method, call it; 1393** free any config data 1394** 1395*/ 1396 1397static int 1398translucent_db_destroy( BackendDB *be, ConfigReply *cr ) 1399{ 1400 slap_overinst *on = (slap_overinst *) be->bd_info; 1401 translucent_info *ov = on->on_bi.bi_private; 1402 int rc = 0; 1403 1404 Debug(LDAP_DEBUG_TRACE, "==> translucent_db_destroy\n" ); 1405 1406 if ( ov ) { 1407 if ( ov->remote ) 1408 anlist_free( ov->remote, 1, NULL ); 1409 if ( ov->local ) 1410 anlist_free( ov->local, 1, NULL ); 1411 if ( ov->db.be_private != NULL ) { 1412 backend_stopdown_one( &ov->db ); 1413 } 1414 1415 ldap_pvt_thread_mutex_destroy( &ov->db.be_pcl_mutex ); 1416 ch_free(ov); 1417 on->on_bi.bi_private = NULL; 1418 } 1419 1420 return(rc); 1421} 1422 1423/* 1424** translucent_initialize() 1425** initialize the slap_overinst with our entry points; 1426** 1427*/ 1428 1429int translucent_initialize() { 1430 1431 int rc; 1432 1433 /* olcDatabaseDummy is defined in slapd, and Windows 1434 will not let us initialize a struct element with a data pointer 1435 from another library, so we have to initialize this element 1436 "by hand". */ 1437 translucentocs[1].co_table = olcDatabaseDummy; 1438 1439 Debug(LDAP_DEBUG_TRACE, "==> translucent_initialize\n" ); 1440 1441 translucent.on_bi.bi_type = "translucent"; 1442 translucent.on_bi.bi_db_init = translucent_db_init; 1443 translucent.on_bi.bi_db_config = translucent_db_config; 1444 translucent.on_bi.bi_db_open = translucent_db_open; 1445 translucent.on_bi.bi_db_close = translucent_db_close; 1446 translucent.on_bi.bi_db_destroy = translucent_db_destroy; 1447 translucent.on_bi.bi_op_bind = translucent_bind; 1448 translucent.on_bi.bi_op_add = translucent_add; 1449 translucent.on_bi.bi_op_modify = translucent_modify; 1450 translucent.on_bi.bi_op_modrdn = translucent_modrdn; 1451 translucent.on_bi.bi_op_delete = translucent_delete; 1452 translucent.on_bi.bi_op_search = translucent_search; 1453 translucent.on_bi.bi_op_compare = translucent_compare; 1454 translucent.on_bi.bi_connection_destroy = translucent_connection_destroy; 1455 translucent.on_bi.bi_extended = translucent_exop; 1456 1457 translucent.on_bi.bi_cf_ocs = translucentocs; 1458 rc = config_register_schema ( translucentcfg, translucentocs ); 1459 if ( rc ) return rc; 1460 1461 return(overlay_register(&translucent)); 1462} 1463 1464#if SLAPD_OVER_TRANSLUCENT == SLAPD_MOD_DYNAMIC && defined(PIC) 1465int init_module(int argc, char *argv[]) { 1466 return translucent_initialize(); 1467} 1468#endif 1469 1470#endif /* SLAPD_OVER_TRANSLUCENT */ 1471