1 /* init.c - initialization of a back-asyncmeta database */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2016-2018 The OpenLDAP Foundation.
6 * Portions Copyright 2016 Symas Corporation.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
13 * A copy of this license is available in the file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
19 * This work was developed by Symas Corporation
20 * based on back-meta module for inclusion in OpenLDAP Software.
21 * This work was sponsored by Ericsson. */
27 #include <ac/string.h>
28 #include <ac/socket.h>
32 #include "../back-ldap/back-ldap.h"
33 #include "back-asyncmeta.h"
39 /* FIXME: need to remove the pagedResults, and likely more... */
40 bi->bi_controls = slap_known_controls;
46 asyncmeta_back_initialize(
51 /* this is not (yet) set essentially because back-meta does not
52 * directly support extended operations... */
53 #ifdef LDAP_DYNAMIC_OBJECTS
54 /* this is set because all the support a proxy has to provide
55 * is the capability to forward the refresh exop, and to
56 * pass thru entries that contain the dynamicObject class
57 * and the entryTtl attribute */
59 #endif /* LDAP_DYNAMIC_OBJECTS */
62 /* back-meta recognizes RFC4525 increment;
63 * let the remote server complain, if needed (ITS#5912) */
66 bi->bi_open = asyncmeta_back_open;
71 bi->bi_db_init = asyncmeta_back_db_init;
72 bi->bi_db_config = config_generic_wrapper;
73 bi->bi_db_open = asyncmeta_back_db_open;
74 bi->bi_db_close = asyncmeta_back_db_close;
75 bi->bi_db_destroy = asyncmeta_back_db_destroy;
77 bi->bi_op_bind = asyncmeta_back_bind;
79 bi->bi_op_search = asyncmeta_back_search;
80 bi->bi_op_compare = asyncmeta_back_compare;
81 bi->bi_op_modify = asyncmeta_back_modify;
82 bi->bi_op_modrdn = asyncmeta_back_modrdn;
83 bi->bi_op_add = asyncmeta_back_add;
84 bi->bi_op_delete = asyncmeta_back_delete;
85 bi->bi_op_abandon = 0;
89 bi->bi_chk_referrals = 0;
91 bi->bi_connection_init = 0;
92 bi->bi_connection_destroy = asyncmeta_back_conn_destroy;
94 return asyncmeta_back_init_cf( bi );
98 asyncmeta_back_db_init(
106 bi = backend_info( "ldap" );
107 if ( !bi || !bi->bi_extra ) {
108 Debug( LDAP_DEBUG_ANY,
109 "asyncmeta_back_db_init: needs back-ldap\n",
114 mi = ch_calloc( 1, sizeof( a_metainfo_t ) );
119 /* set default flags */
121 META_BACK_F_DEFER_ROOTDN_BIND
122 | META_BACK_F_PROXYAUTHZ_ALWAYS
123 | META_BACK_F_PROXYAUTHZ_ANON
124 | META_BACK_F_PROXYAUTHZ_NOANON;
127 * At present the default is no default target;
130 mi->mi_defaulttarget = META_DEFAULT_TARGET_NONE;
131 mi->mi_bind_timeout.tv_sec = 0;
132 mi->mi_bind_timeout.tv_usec = META_BIND_TIMEOUT;
134 mi->mi_rebind_f = asyncmeta_back_default_rebind;
135 mi->mi_urllist_f = asyncmeta_back_default_urllist;
137 ldap_pvt_thread_mutex_init( &mi->mi_cache.mutex );
140 mi->mi_nretries = META_RETRY_DEFAULT;
141 mi->mi_version = LDAP_VERSION3;
143 for ( i = LDAP_BACK_PCONN_FIRST; i < LDAP_BACK_PCONN_LAST; i++ ) {
144 mi->mi_conn_priv[ i ].mic_num = 0;
145 LDAP_TAILQ_INIT( &mi->mi_conn_priv[ i ].mic_priv );
147 mi->mi_conn_priv_max = LDAP_BACK_CONN_PRIV_DEFAULT;
149 mi->mi_ldap_extra = (ldap_extra_t *)bi->bi_extra;
150 ldap_pvt_thread_mutex_init( &mi->mi_mc_mutex);
153 be->be_cf_ocs = be->bd_info->bi_cf_ocs;
159 asyncmeta_target_finish(
167 slap_bindconf sb = { BER_BVNULL };
168 struct berval mapped;
172 ber_str2bv( mt->mt_uri, 0, 0, &sb.sb_uri );
173 sb.sb_version = mt->mt_version;
174 sb.sb_method = LDAP_AUTH_SIMPLE;
175 BER_BVSTR( &sb.sb_binddn, "" );
177 if ( META_BACK_TGT_T_F_DISCOVER( mt ) ) {
178 rc = slap_discover_feature( &sb,
179 slap_schema.si_ad_supportedFeatures->ad_cname.bv_val,
180 LDAP_FEATURE_ABSOLUTE_FILTERS );
181 if ( rc == LDAP_COMPARE_TRUE ) {
182 mt->mt_flags |= LDAP_BACK_F_T_F;
186 if ( META_BACK_TGT_CANCEL_DISCOVER( mt ) ) {
187 rc = slap_discover_feature( &sb,
188 slap_schema.si_ad_supportedExtension->ad_cname.bv_val,
190 if ( rc == LDAP_COMPARE_TRUE ) {
191 mt->mt_flags |= LDAP_BACK_F_CANCEL_EXOP;
195 if ( !( mt->mt_idassert_flags & LDAP_BACK_AUTH_OVERRIDE )
196 || mt->mt_idassert_authz != NULL )
198 mi->mi_flags &= ~META_BACK_F_PROXYAUTHZ_ALWAYS;
201 if ( ( mt->mt_idassert_flags & LDAP_BACK_AUTH_AUTHZ_ALL )
202 && !( mt->mt_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) )
204 snprintf( msg, msize,
205 "%s: inconsistent idassert configuration "
206 "(likely authz=\"*\" used with \"non-prescriptive\" flag)",
208 Debug( LDAP_DEBUG_ANY, "%s (target %s)\n",
209 msg, mt->mt_uri, 0 );
213 if ( !( mt->mt_idassert_flags & LDAP_BACK_AUTH_AUTHZ_ALL ) )
215 mi->mi_flags &= ~META_BACK_F_PROXYAUTHZ_ANON;
218 if ( ( mt->mt_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) )
220 mi->mi_flags &= ~META_BACK_F_PROXYAUTHZ_NOANON;
223 BER_BVZERO( &mapped );
224 asyncmeta_map( &mt->mt_rwmap.rwm_at,
225 &slap_schema.si_ad_entryDN->ad_cname, &mapped,
227 if ( BER_BVISNULL( &mapped ) || mapped.bv_val[0] == '\0' ) {
228 mt->mt_rep_flags |= REP_NO_ENTRYDN;
231 BER_BVZERO( &mapped );
232 asyncmeta_map( &mt->mt_rwmap.rwm_at,
233 &slap_schema.si_ad_subschemaSubentry->ad_cname, &mapped,
235 if ( BER_BVISNULL( &mapped ) || mapped.bv_val[0] == '\0' ) {
236 mt->mt_rep_flags |= REP_NO_SUBSCHEMA;
242 asyncmeta_back_db_open(
246 a_metainfo_t *mi = (a_metainfo_t *)be->be_private;
248 char msg[SLAP_TEXT_BUFLEN];
252 if ( mi->mi_ntargets == 0 ) {
253 /* Dynamically added, nothing to check here until
254 * some targets get added
256 if ( slapMode & SLAP_SERVER_RUNNING )
259 Debug( LDAP_DEBUG_ANY,
260 "asyncmeta_back_db_open: no targets defined\n",
264 mi->mi_num_conns = 0;
265 for ( i = 0; i < mi->mi_ntargets; i++ ) {
266 a_metatarget_t *mt = mi->mi_targets[ i ];
267 if ( asyncmeta_target_finish( mi, mt,
268 "asyncmeta_back_db_open", msg, sizeof( msg )))
271 mi->mi_num_conns = (mi->mi_max_target_conns == 0) ? META_BACK_CFG_MAX_TARGET_CONNS : mi->mi_max_target_conns;
272 assert(mi->mi_num_conns > 0);
273 mi->mi_conns = ch_calloc( mi->mi_num_conns, sizeof( a_metaconn_t ));
274 for (i = 0; i < mi->mi_num_conns; i++) {
275 a_metaconn_t *mc = &mi->mi_conns[i];
276 ldap_pvt_thread_mutex_init( &mc->mc_om_mutex);
277 mc->mc_authz_target = META_BOUND_NONE;
278 mc->mc_conns = ch_calloc( mi->mi_ntargets, sizeof( a_metasingleconn_t ));
282 ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
283 mi->mi_task = ldap_pvt_runqueue_insert( &slapd_rq, 0,
284 asyncmeta_timeout_loop, mi, "asyncmeta_timeout_loop", be->be_suffix[0].bv_val );
285 ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
290 * asyncmeta_back_conn_free()
292 * actually frees a connection; the reference count must be 0,
293 * and it must not (or no longer) be in the cache.
296 asyncmeta_back_conn_free(
299 a_metaconn_t *mc = v_mc;
301 assert( mc != NULL );
302 ldap_pvt_thread_mutex_destroy( &mc->mc_om_mutex );
310 struct ldapmapping *mapping = v_mapping;
311 ch_free( mapping->src.bv_val );
312 ch_free( mapping->dst.bv_val );
320 struct ldapmapping *mapping = v_mapping;
322 if ( BER_BVISEMPTY( &mapping->dst ) ) {
323 mapping_free( &mapping[ -1 ] );
328 asyncmeta_back_map_free( struct ldapmap *lm )
330 avl_free( lm->remap, mapping_dst_free );
331 avl_free( lm->map, mapping_free );
337 asyncmeta_back_stop_miconns( a_metainfo_t *mi )
340 /*Todo do any other mc cleanup here if necessary*/
344 asyncmeta_back_clear_miconns( a_metainfo_t *mi )
348 for (i = 0; i < mi->mi_num_conns; i++) {
349 mc = &mi->mi_conns[i];
350 /* todo clear the message queue */
351 for (j = 0; j < mi->mi_ntargets; j ++) {
352 asyncmeta_clear_one_msc(NULL, mc, j);
355 ldap_pvt_thread_mutex_destroy( &mc->mc_om_mutex );
361 asyncmeta_target_free(
366 ldap_pvt_thread_mutex_destroy( &mt->mt_uri_mutex );
368 if ( mt->mt_subtree ) {
369 asyncmeta_subtree_destroy( mt->mt_subtree );
370 mt->mt_subtree = NULL;
372 if ( mt->mt_filter ) {
373 asyncmeta_filter_destroy( mt->mt_filter );
374 mt->mt_filter = NULL;
376 if ( !BER_BVISNULL( &mt->mt_psuffix ) ) {
377 free( mt->mt_psuffix.bv_val );
379 if ( !BER_BVISNULL( &mt->mt_nsuffix ) ) {
380 free( mt->mt_nsuffix.bv_val );
382 if ( !BER_BVISNULL( &mt->mt_binddn ) ) {
383 free( mt->mt_binddn.bv_val );
385 if ( !BER_BVISNULL( &mt->mt_bindpw ) ) {
386 free( mt->mt_bindpw.bv_val );
388 if ( !BER_BVISNULL( &mt->mt_idassert_authcID ) ) {
389 ch_free( mt->mt_idassert_authcID.bv_val );
391 if ( !BER_BVISNULL( &mt->mt_idassert_authcDN ) ) {
392 ch_free( mt->mt_idassert_authcDN.bv_val );
394 if ( !BER_BVISNULL( &mt->mt_idassert_passwd ) ) {
395 ch_free( mt->mt_idassert_passwd.bv_val );
397 if ( !BER_BVISNULL( &mt->mt_idassert_authzID ) ) {
398 ch_free( mt->mt_idassert_authzID.bv_val );
400 if ( !BER_BVISNULL( &mt->mt_idassert_sasl_mech ) ) {
401 ch_free( mt->mt_idassert_sasl_mech.bv_val );
403 if ( !BER_BVISNULL( &mt->mt_idassert_sasl_realm ) ) {
404 ch_free( mt->mt_idassert_sasl_realm.bv_val );
406 if ( mt->mt_idassert_authz != NULL ) {
407 ber_bvarray_free( mt->mt_idassert_authz );
409 if ( mt->mt_rwmap.rwm_rw ) {
410 rewrite_info_delete( &mt->mt_rwmap.rwm_rw );
411 if ( mt->mt_rwmap.rwm_bva_rewrite )
412 ber_bvarray_free( mt->mt_rwmap.rwm_bva_rewrite );
414 asyncmeta_back_map_free( &mt->mt_rwmap.rwm_oc );
415 asyncmeta_back_map_free( &mt->mt_rwmap.rwm_at );
416 ber_bvarray_free( mt->mt_rwmap.rwm_bva_map );
421 asyncmeta_back_db_close(
427 if ( be->be_private ) {
430 mi = ( a_metainfo_t * )be->be_private;
431 if ( mi->mi_task != NULL ) {
432 ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
433 if ( ldap_pvt_runqueue_isrunning( &slapd_rq, mi->mi_task )) {
434 ldap_pvt_runqueue_stoptask( &slapd_rq, mi->mi_task);
436 ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
439 ldap_pvt_thread_mutex_lock( &mi->mi_mc_mutex );
440 asyncmeta_back_stop_miconns( mi );
441 ldap_pvt_thread_mutex_unlock( &mi->mi_mc_mutex );
446 asyncmeta_back_db_destroy(
452 if ( be->be_private ) {
455 mi = ( a_metainfo_t * )be->be_private;
457 * Destroy the per-target stuff (assuming there's at
460 if ( mi->mi_targets != NULL ) {
461 for ( i = 0; i < mi->mi_ntargets; i++ ) {
462 a_metatarget_t *mt = mi->mi_targets[ i ];
464 if ( META_BACK_TGT_QUARANTINE( mt ) ) {
465 if ( mt->mt_quarantine.ri_num != mi->mi_quarantine.ri_num )
467 mi->mi_ldap_extra->retry_info_destroy( &mt->mt_quarantine );
470 ldap_pvt_thread_mutex_destroy( &mt->mt_quarantine_mutex );
473 asyncmeta_target_free( mt );
476 free( mi->mi_targets );
479 ldap_pvt_thread_mutex_lock( &mi->mi_cache.mutex );
480 if ( mi->mi_cache.tree ) {
481 avl_free( mi->mi_cache.tree, asyncmeta_dncache_free );
484 ldap_pvt_thread_mutex_unlock( &mi->mi_cache.mutex );
485 ldap_pvt_thread_mutex_destroy( &mi->mi_cache.mutex );
487 if ( mi->mi_candidates != NULL ) {
488 ber_memfree_x( mi->mi_candidates, NULL );
491 if ( META_BACK_QUARANTINE( mi ) ) {
492 mi->mi_ldap_extra->retry_info_destroy( &mi->mi_quarantine );
495 ldap_pvt_thread_mutex_lock( &mi->mi_mc_mutex );
496 asyncmeta_back_clear_miconns(mi);
497 ldap_pvt_thread_mutex_unlock( &mi->mi_mc_mutex );
498 ldap_pvt_thread_mutex_destroy( &mi->mi_mc_mutex );
500 free( be->be_private );
504 #if SLAPD_ASYNCMETA == SLAPD_MOD_DYNAMIC
506 /* conditionally define the init_module() function */
507 SLAP_BACKEND_INIT_MODULE( asyncmeta )
509 #endif /* SLAPD_ASYNCMETA == SLAPD_MOD_DYNAMIC */