2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 * Copyright 1999-2012 The OpenLDAP Foundation.
5 * Portions Copyright 2001-2003 Pierangelo Masarati.
6 * Portions Copyright 1999-2003 Howard Chu.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
13 * A copy of this license is available in the file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
22 #include <ac/string.h>
23 #include <ac/socket.h>
27 #include "../back-ldap/back-ldap.h"
28 #include "back-meta.h"
34 /* FIXME: need to remove the pagedResults, and likely more... */
35 bi->bi_controls = slap_known_controls;
46 /* this is not (yet) set essentially because back-meta does not
47 * directly support extended operations... */
48 #ifdef LDAP_DYNAMIC_OBJECTS
49 /* this is set because all the support a proxy has to provide
50 * is the capability to forward the refresh exop, and to
51 * pass thru entries that contain the dynamicObject class
52 * and the entryTtl attribute */
54 #endif /* LDAP_DYNAMIC_OBJECTS */
57 /* back-meta recognizes RFC4525 increment;
58 * let the remote server complain, if needed (ITS#5912) */
61 bi->bi_open = meta_back_open;
66 bi->bi_db_init = meta_back_db_init;
67 bi->bi_db_config = meta_back_db_config;
68 bi->bi_db_open = meta_back_db_open;
70 bi->bi_db_destroy = meta_back_db_destroy;
72 bi->bi_op_bind = meta_back_bind;
74 bi->bi_op_search = meta_back_search;
75 bi->bi_op_compare = meta_back_compare;
76 bi->bi_op_modify = meta_back_modify;
77 bi->bi_op_modrdn = meta_back_modrdn;
78 bi->bi_op_add = meta_back_add;
79 bi->bi_op_delete = meta_back_delete;
80 bi->bi_op_abandon = 0;
84 bi->bi_chk_referrals = 0;
86 bi->bi_connection_init = 0;
87 bi->bi_connection_destroy = meta_back_conn_destroy;
101 bi = backend_info( "ldap" );
102 if ( !bi || !bi->bi_extra ) {
103 Debug( LDAP_DEBUG_ANY,
104 "meta_back_db_init: needs back-ldap\n",
109 mi = ch_calloc( 1, sizeof( metainfo_t ) );
114 /* set default flags */
116 META_BACK_F_DEFER_ROOTDN_BIND;
119 * At present the default is no default target;
122 mi->mi_defaulttarget = META_DEFAULT_TARGET_NONE;
123 mi->mi_bind_timeout.tv_sec = 0;
124 mi->mi_bind_timeout.tv_usec = META_BIND_TIMEOUT;
126 mi->mi_rebind_f = meta_back_default_rebind;
127 mi->mi_urllist_f = meta_back_default_urllist;
129 ldap_pvt_thread_mutex_init( &mi->mi_conninfo.lai_mutex );
130 ldap_pvt_thread_mutex_init( &mi->mi_cache.mutex );
133 mi->mi_nretries = META_RETRY_DEFAULT;
134 mi->mi_version = LDAP_VERSION3;
136 for ( i = LDAP_BACK_PCONN_FIRST; i < LDAP_BACK_PCONN_LAST; i++ ) {
137 mi->mi_conn_priv[ i ].mic_num = 0;
138 LDAP_TAILQ_INIT( &mi->mi_conn_priv[ i ].mic_priv );
140 mi->mi_conn_priv_max = LDAP_BACK_CONN_PRIV_DEFAULT;
142 mi->mi_ldap_extra = (ldap_extra_t *)bi->bi_extra;
154 metainfo_t *mi = (metainfo_t *)be->be_private;
158 not_always_anon_proxyauthz = 0,
159 not_always_anon_non_prescriptive = 0,
162 if ( mi->mi_ntargets == 0 ) {
163 Debug( LDAP_DEBUG_ANY,
164 "meta_back_db_open: no targets defined\n",
169 for ( i = 0; i < mi->mi_ntargets; i++ ) {
170 slap_bindconf sb = { BER_BVNULL };
171 metatarget_t *mt = mi->mi_targets[ i ];
173 struct berval mapped;
175 ber_str2bv( mt->mt_uri, 0, 0, &sb.sb_uri );
176 sb.sb_version = mt->mt_version;
177 sb.sb_method = LDAP_AUTH_SIMPLE;
178 BER_BVSTR( &sb.sb_binddn, "" );
180 if ( META_BACK_TGT_T_F_DISCOVER( mt ) ) {
181 rc = slap_discover_feature( &sb,
182 slap_schema.si_ad_supportedFeatures->ad_cname.bv_val,
183 LDAP_FEATURE_ABSOLUTE_FILTERS );
184 if ( rc == LDAP_COMPARE_TRUE ) {
185 mt->mt_flags |= LDAP_BACK_F_T_F;
189 if ( META_BACK_TGT_CANCEL_DISCOVER( mt ) ) {
190 rc = slap_discover_feature( &sb,
191 slap_schema.si_ad_supportedExtension->ad_cname.bv_val,
193 if ( rc == LDAP_COMPARE_TRUE ) {
194 mt->mt_flags |= LDAP_BACK_F_CANCEL_EXOP;
198 if ( not_always == 0 ) {
199 if ( !( mt->mt_idassert_flags & LDAP_BACK_AUTH_OVERRIDE )
200 || mt->mt_idassert_authz != NULL )
206 if ( ( mt->mt_idassert_flags & LDAP_BACK_AUTH_AUTHZ_ALL )
207 && !( mt->mt_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) )
209 Debug( LDAP_DEBUG_ANY, "meta_back_db_open(%s): "
210 "target #%d inconsistent idassert configuration "
211 "(likely authz=\"*\" used with \"non-prescriptive\" flag)\n",
212 be->be_suffix[ 0 ].bv_val, i, 0 );
216 if ( not_always_anon_proxyauthz == 0 ) {
217 if ( !( mt->mt_idassert_flags & LDAP_BACK_AUTH_AUTHZ_ALL ) )
219 not_always_anon_proxyauthz = 1;
223 if ( not_always_anon_non_prescriptive == 0 ) {
224 if ( ( mt->mt_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) )
226 not_always_anon_non_prescriptive = 1;
230 BER_BVZERO( &mapped );
231 ldap_back_map( &mt->mt_rwmap.rwm_at,
232 &slap_schema.si_ad_entryDN->ad_cname, &mapped,
234 if ( BER_BVISNULL( &mapped ) || mapped.bv_val[0] == '\0' ) {
235 mt->mt_rep_flags |= REP_NO_ENTRYDN;
238 BER_BVZERO( &mapped );
239 ldap_back_map( &mt->mt_rwmap.rwm_at,
240 &slap_schema.si_ad_subschemaSubentry->ad_cname, &mapped,
242 if ( BER_BVISNULL( &mapped ) || mapped.bv_val[0] == '\0' ) {
243 mt->mt_rep_flags |= REP_NO_SUBSCHEMA;
247 if ( not_always == 0 ) {
248 mi->mi_flags |= META_BACK_F_PROXYAUTHZ_ALWAYS;
251 if ( not_always_anon_proxyauthz == 0 ) {
252 mi->mi_flags |= META_BACK_F_PROXYAUTHZ_ANON;
254 } else if ( not_always_anon_non_prescriptive == 0 ) {
255 mi->mi_flags |= META_BACK_F_PROXYAUTHZ_NOANON;
262 * meta_back_conn_free()
264 * actually frees a connection; the reference count must be 0,
265 * and it must not (or no longer) be in the cache.
271 metaconn_t *mc = v_mc;
274 assert( mc != NULL );
275 assert( mc->mc_refcnt == 0 );
277 /* at least one must be present... */
278 ntargets = mc->mc_info->mi_ntargets;
279 assert( ntargets > 0 );
281 for ( ; ntargets--; ) {
282 (void)meta_clear_one_candidate( NULL, mc, ntargets );
285 if ( !BER_BVISNULL( &mc->mc_local_ndn ) ) {
286 free( mc->mc_local_ndn.bv_val );
296 struct ldapmapping *mapping = v_mapping;
297 ch_free( mapping->src.bv_val );
298 ch_free( mapping->dst.bv_val );
306 struct ldapmapping *mapping = v_mapping;
308 if ( BER_BVISEMPTY( &mapping->dst ) ) {
309 mapping_free( &mapping[ -1 ] );
319 ldap_pvt_thread_mutex_destroy( &mt->mt_uri_mutex );
321 if ( mt->mt_subtree ) {
322 meta_subtree_destroy( mt->mt_subtree );
323 mt->mt_subtree = NULL;
325 if ( !BER_BVISNULL( &mt->mt_psuffix ) ) {
326 free( mt->mt_psuffix.bv_val );
328 if ( !BER_BVISNULL( &mt->mt_nsuffix ) ) {
329 free( mt->mt_nsuffix.bv_val );
331 if ( !BER_BVISNULL( &mt->mt_binddn ) ) {
332 free( mt->mt_binddn.bv_val );
334 if ( !BER_BVISNULL( &mt->mt_bindpw ) ) {
335 free( mt->mt_bindpw.bv_val );
337 if ( !BER_BVISNULL( &mt->mt_idassert_authcID ) ) {
338 ch_free( mt->mt_idassert_authcID.bv_val );
340 if ( !BER_BVISNULL( &mt->mt_idassert_authcDN ) ) {
341 ch_free( mt->mt_idassert_authcDN.bv_val );
343 if ( !BER_BVISNULL( &mt->mt_idassert_passwd ) ) {
344 ch_free( mt->mt_idassert_passwd.bv_val );
346 if ( !BER_BVISNULL( &mt->mt_idassert_authzID ) ) {
347 ch_free( mt->mt_idassert_authzID.bv_val );
349 if ( !BER_BVISNULL( &mt->mt_idassert_sasl_mech ) ) {
350 ch_free( mt->mt_idassert_sasl_mech.bv_val );
352 if ( !BER_BVISNULL( &mt->mt_idassert_sasl_realm ) ) {
353 ch_free( mt->mt_idassert_sasl_realm.bv_val );
355 if ( mt->mt_idassert_authz != NULL ) {
356 ber_bvarray_free( mt->mt_idassert_authz );
358 if ( mt->mt_rwmap.rwm_rw ) {
359 rewrite_info_delete( &mt->mt_rwmap.rwm_rw );
361 avl_free( mt->mt_rwmap.rwm_oc.remap, mapping_dst_free );
362 avl_free( mt->mt_rwmap.rwm_oc.map, mapping_free );
363 avl_free( mt->mt_rwmap.rwm_at.remap, mapping_dst_free );
364 avl_free( mt->mt_rwmap.rwm_at.map, mapping_free );
370 meta_back_db_destroy(
376 if ( be->be_private ) {
379 mi = ( metainfo_t * )be->be_private;
382 * Destroy the connection tree
384 ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
386 if ( mi->mi_conninfo.lai_tree ) {
387 avl_free( mi->mi_conninfo.lai_tree, meta_back_conn_free );
389 for ( i = LDAP_BACK_PCONN_FIRST; i < LDAP_BACK_PCONN_LAST; i++ ) {
390 while ( !LDAP_TAILQ_EMPTY( &mi->mi_conn_priv[ i ].mic_priv ) ) {
391 metaconn_t *mc = LDAP_TAILQ_FIRST( &mi->mi_conn_priv[ i ].mic_priv );
393 LDAP_TAILQ_REMOVE( &mi->mi_conn_priv[ i ].mic_priv, mc, mc_q );
394 meta_back_conn_free( mc );
399 * Destroy the per-target stuff (assuming there's at
402 if ( mi->mi_targets != NULL ) {
403 for ( i = 0; i < mi->mi_ntargets; i++ ) {
404 metatarget_t *mt = mi->mi_targets[ i ];
406 if ( META_BACK_TGT_QUARANTINE( mt ) ) {
407 if ( mt->mt_quarantine.ri_num != mi->mi_quarantine.ri_num )
409 mi->mi_ldap_extra->retry_info_destroy( &mt->mt_quarantine );
412 ldap_pvt_thread_mutex_destroy( &mt->mt_quarantine_mutex );
418 free( mi->mi_targets );
421 ldap_pvt_thread_mutex_lock( &mi->mi_cache.mutex );
422 if ( mi->mi_cache.tree ) {
423 avl_free( mi->mi_cache.tree, meta_dncache_free );
426 ldap_pvt_thread_mutex_unlock( &mi->mi_cache.mutex );
427 ldap_pvt_thread_mutex_destroy( &mi->mi_cache.mutex );
429 ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
430 ldap_pvt_thread_mutex_destroy( &mi->mi_conninfo.lai_mutex );
432 if ( mi->mi_candidates != NULL ) {
433 ber_memfree_x( mi->mi_candidates, NULL );
436 if ( META_BACK_QUARANTINE( mi ) ) {
437 mi->mi_ldap_extra->retry_info_destroy( &mi->mi_quarantine );
441 free( be->be_private );
445 #if SLAPD_META == SLAPD_MOD_DYNAMIC
447 /* conditionally define the init_module() function */
448 SLAP_BACKEND_INIT_MODULE( meta )
450 #endif /* SLAPD_META == SLAPD_MOD_DYNAMIC */