git.sur5r.net Git - openldap/blob - servers/slapd/back-relay/op.c

   1 /* op.c - relay backend operations */
   2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
   3  *
   4  * Copyright 2004-2008 The OpenLDAP Foundation.
   5  * Portions Copyright 2004 Pierangelo Masarati.
   6  * All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted only as authorized by the OpenLDAP
  10  * Public License.
  11  *
  12  * A copy of this license is available in the file LICENSE in the
  13  * top-level directory of the distribution or, alternatively, at
  14  * <http://www.OpenLDAP.org/license.html>.
  15  */
  16 /* ACKNOWLEDGEMENTS:
  17  * This work was initially developed by Pierangelo Masarati for inclusion
  18  * in OpenLDAP Software.
  19  */
  20
  21 #include "portable.h"
  22
  23 #include <stdio.h>
  24
  25 #include "slap.h"
  26 #include "back-relay.h"
  27
  28 #define RB_ERR_MASK             (0x0000FFFFU)
  29 #define RB_ERR                  (0x10000000U)
  30 #define RB_UNSUPPORTED_FLAG     (0x20000000U)
  31 #define RB_REFERRAL             (0x40000000U)
  32 #define RB_SEND                 (0x80000000U)
  33 #define RB_UNSUPPORTED          (LDAP_UNWILLING_TO_PERFORM|RB_ERR|RB_UNSUPPORTED_FLAG)
  34 #define RB_UNSUPPORTED_SEND     (RB_UNSUPPORTED|RB_SEND)
  35 #define RB_REFERRAL_SEND        (RB_REFERRAL|RB_SEND)
  36 #define RB_ERR_SEND             (RB_ERR|RB_SEND)
  37 #define RB_ERR_REFERRAL_SEND    (RB_ERR|RB_REFERRAL|RB_SEND)
  38
  39 static int
  40 relay_back_swap_bd( Operation *op, SlapReply *rs )
  41 {
  42         slap_callback   *cb = op->o_callback;
  43         BackendDB       *be = op->o_bd;
  44
  45         op->o_bd = cb->sc_private;
  46         cb->sc_private = be;
  47
  48         return SLAP_CB_CONTINUE;
  49 }
  50
  51 #define relay_back_add_cb( cb, op ) \
  52         {                                               \
  53                 (cb)->sc_next = (op)->o_callback;       \
  54                 (cb)->sc_response = relay_back_swap_bd; \
  55                 (cb)->sc_cleanup = relay_back_swap_bd;  \
  56                 (cb)->sc_private = (op)->o_bd;          \
  57                 (op)->o_callback = (cb);                \
  58         }
  59
  60 /*
  61  * selects the backend if not enforced at config;
  62  * in case of failure, behaves based on err:
  63  *      -1                      don't send result
  64  *      LDAP_SUCCESS            don't send result; may send referral if dosend
  65  *      any valid error         send as error result if dosend
  66  */
  67 static BackendDB *
  68 relay_back_select_backend( Operation *op, SlapReply *rs, slap_mask_t fail_mode )
  69 {
  70         relay_back_info         *ri = (relay_back_info *)op->o_bd->be_private;
  71         BackendDB               *bd = ri->ri_bd;
  72         int                     rc = ( fail_mode & RB_ERR_MASK );
  73
  74         if ( bd == NULL && !BER_BVISNULL( &op->o_req_ndn ) ) {
  75                 bd = select_backend( &op->o_req_ndn, 1 );
  76                 if ( bd == op->o_bd ) {
  77                         Debug( LDAP_DEBUG_ANY,
  78                                 "%s: back-relay for DN=\"%s\" would call self.\n",
  79                                 op->o_log_prefix, op->o_req_dn.bv_val, 0 );
  80                         if ( fail_mode & RB_ERR ) {
  81                                 rs->sr_err = rc;
  82                                 if ( fail_mode & RB_SEND ) {
  83                                         send_ldap_result( op, rs );
  84                                 }
  85                         }
  86
  87                         return NULL;
  88                 }
  89         }
  90
  91         if ( bd == NULL ) {
  92                 if ( ( fail_mode & RB_REFERRAL )
  93                         && ( fail_mode & RB_SEND )
  94                         && !BER_BVISNULL( &op->o_req_ndn )
  95                         && default_referral )
  96                 {
  97                         rs->sr_err = LDAP_REFERRAL;
  98
  99                         /* if we set sr_err to LDAP_REFERRAL,
 100                          * we must provide one */
 101                         rs->sr_ref = referral_rewrite(
 102                                 default_referral,
 103                                 NULL, &op->o_req_dn,
 104                                 LDAP_SCOPE_DEFAULT );
 105                         if ( !rs->sr_ref ) {
 106                                 rs->sr_ref = default_referral;
 107                         }
 108
 109                         send_ldap_result( op, rs );
 110
 111                         if ( rs->sr_ref != default_referral ) {
 112                                 ber_bvarray_free( rs->sr_ref );
 113                         }
 114
 115                         return NULL;
 116                 }
 117
 118                 /* NOTE: err is LDAP_INVALID_CREDENTIALS for bind,
 119                  * LDAP_NO_SUCH_OBJECT for other operations.
 120                  * noSuchObject cannot be returned by bind */
 121                 rs->sr_err = rc;
 122                 if ( fail_mode & RB_SEND ) {
 123                         send_ldap_result( op, rs );
 124                 }
 125         }
 126
 127         return bd;
 128 }
 129
 130 static int
 131 relay_back_op(
 132         Operation       *op,
 133         SlapReply       *rs,
 134         BackendDB       *bd,
 135         BI_op_func      *func,
 136         slap_mask_t     fail_mode )
 137 {
 138         int                     rc = ( fail_mode & RB_ERR_MASK );
 139
 140         if ( func ) {
 141                 BackendDB       *be = op->o_bd;
 142                 slap_callback   cb;
 143
 144                 relay_back_add_cb( &cb, op );
 145
 146                 op->o_bd = bd;
 147                 rc = func( op, rs );
 148                 op->o_bd = be;
 149
 150                 if ( op->o_callback == &cb ) {
 151                         op->o_callback = op->o_callback->sc_next;
 152                 }
 153
 154         } else if ( fail_mode & RB_ERR ) {
 155                 rs->sr_err = rc;
 156                 if ( fail_mode & RB_UNSUPPORTED_FLAG ) {
 157                         rs->sr_text = "operation not supported within naming context";
 158                 }
 159
 160                 if ( fail_mode & RB_SEND ) {
 161                         send_ldap_result( op, rs );
 162                 }
 163         }
 164
 165         return rc;
 166 }
 167
 168 int
 169 relay_back_op_bind( Operation *op, SlapReply *rs )
 170 {
 171         BackendDB       *bd;
 172
 173         /* allow rootdn as a means to auth without the need to actually
 174          * contact the proxied DSA */
 175         switch ( be_rootdn_bind( op, rs ) ) {
 176         case SLAP_CB_CONTINUE:
 177                 break;
 178
 179         default:
 180                 return rs->sr_err;
 181         }
 182
 183         bd = relay_back_select_backend( op, rs,
 184                 ( LDAP_INVALID_CREDENTIALS | RB_ERR_SEND ) );
 185         if ( bd == NULL ) {
 186                 return rs->sr_err;
 187         }
 188
 189         return relay_back_op( op, rs, bd, bd->be_bind,
 190                 ( LDAP_INVALID_CREDENTIALS | RB_ERR_SEND ) );
 191 }
 192
 193 int
 194 relay_back_op_unbind( Operation *op, SlapReply *rs )
 195 {
 196         BackendDB               *bd;
 197
 198         bd = relay_back_select_backend( op, rs, 0 );
 199         if ( bd != NULL ) {
 200                 (void)relay_back_op( op, rs, bd, bd->be_unbind, 0 );
 201         }
 202
 203         return 0;
 204 }
 205
 206 int
 207 relay_back_op_search( Operation *op, SlapReply *rs )
 208 {
 209         BackendDB               *bd;
 210
 211         bd = relay_back_select_backend( op, rs,
 212                 ( LDAP_NO_SUCH_OBJECT | RB_ERR_REFERRAL_SEND ) );
 213         if ( bd == NULL ) {
 214                 return rs->sr_err;
 215         }
 216
 217         return relay_back_op( op, rs, bd, bd->be_search,
 218                 RB_UNSUPPORTED_SEND );
 219 }
 220
 221 int
 222 relay_back_op_compare( Operation *op, SlapReply *rs )
 223 {
 224         BackendDB               *bd;
 225
 226         bd = relay_back_select_backend( op, rs,
 227                 ( LDAP_NO_SUCH_OBJECT | RB_ERR_REFERRAL_SEND ) );
 228         if ( bd == NULL ) {
 229                 return rs->sr_err;
 230         }
 231
 232         return relay_back_op( op, rs, bd, bd->be_compare,
 233                 ( SLAP_CB_CONTINUE | RB_ERR ) );
 234 }
 235
 236 int
 237 relay_back_op_modify( Operation *op, SlapReply *rs )
 238 {
 239         BackendDB               *bd;
 240
 241         bd = relay_back_select_backend( op, rs,
 242                 ( LDAP_NO_SUCH_OBJECT | RB_ERR_REFERRAL_SEND ) );
 243         if ( bd == NULL ) {
 244                 return rs->sr_err;
 245         }
 246
 247         return relay_back_op( op, rs, bd, bd->be_modify,
 248                 RB_UNSUPPORTED_SEND );
 249 }
 250
 251 int
 252 relay_back_op_modrdn( Operation *op, SlapReply *rs )
 253 {
 254         BackendDB               *bd;
 255
 256         bd = relay_back_select_backend( op, rs,
 257                 ( LDAP_NO_SUCH_OBJECT | RB_ERR_REFERRAL_SEND ) );
 258         if ( bd == NULL ) {
 259                 return rs->sr_err;
 260         }
 261
 262         return relay_back_op( op, rs, bd, bd->be_modrdn,
 263                 RB_UNSUPPORTED_SEND );
 264 }
 265
 266 int
 267 relay_back_op_add( Operation *op, SlapReply *rs )
 268 {
 269         BackendDB               *bd;
 270
 271         bd = relay_back_select_backend( op, rs,
 272                 ( LDAP_NO_SUCH_OBJECT | RB_ERR_REFERRAL_SEND ) );
 273         if ( bd == NULL ) {
 274                 return rs->sr_err;
 275         }
 276
 277         return relay_back_op( op, rs, bd, bd->be_add,
 278                 RB_UNSUPPORTED_SEND );
 279 }
 280
 281 int
 282 relay_back_op_delete( Operation *op, SlapReply *rs )
 283 {
 284         BackendDB               *bd;
 285
 286         bd = relay_back_select_backend( op, rs,
 287                 ( LDAP_NO_SUCH_OBJECT | RB_ERR_REFERRAL_SEND ) );
 288         if ( bd == NULL ) {
 289                 return rs->sr_err;
 290         }
 291
 292         return relay_back_op( op, rs, bd, bd->be_delete,
 293                 RB_UNSUPPORTED_SEND );
 294 }
 295
 296 int
 297 relay_back_op_abandon( Operation *op, SlapReply *rs )
 298 {
 299         BackendDB               *bd;
 300
 301         bd = relay_back_select_backend( op, rs, 0 );
 302         if ( bd == NULL ) {
 303                 return rs->sr_err;
 304         }
 305
 306         return relay_back_op( op, rs, bd, bd->be_abandon, 0 );
 307 }
 308
 309 int
 310 relay_back_op_cancel( Operation *op, SlapReply *rs )
 311 {
 312         BackendDB               *bd;
 313         int                     rc;
 314
 315         bd = relay_back_select_backend( op, rs,
 316                 ( LDAP_CANNOT_CANCEL | RB_ERR ) );
 317         if ( bd == NULL ) {
 318                 if ( op->o_cancel == SLAP_CANCEL_REQ ) {
 319                         op->o_cancel = LDAP_CANNOT_CANCEL;
 320                 }
 321                 return rs->sr_err;
 322         }
 323
 324         rc = relay_back_op( op, rs, bd, bd->be_cancel,
 325                 ( LDAP_CANNOT_CANCEL | RB_ERR ) );
 326         if ( rc == LDAP_CANNOT_CANCEL && op->o_cancel == SLAP_CANCEL_REQ )
 327         {
 328                 op->o_cancel = LDAP_CANNOT_CANCEL;
 329         }
 330
 331         return rc;
 332 }
 333
 334 int
 335 relay_back_op_extended( Operation *op, SlapReply *rs )
 336 {
 337         BackendDB               *bd;
 338
 339         bd = relay_back_select_backend( op, rs,
 340                 ( LDAP_NO_SUCH_OBJECT | RB_ERR | RB_REFERRAL ) );
 341         if ( bd == NULL ) {
 342                 return rs->sr_err;
 343         }
 344
 345         return relay_back_op( op, rs, bd, bd->be_extended,
 346                 RB_UNSUPPORTED );
 347 }
 348
 349 int
 350 relay_back_entry_release_rw( Operation *op, Entry *e, int rw )
 351 {
 352         relay_back_info         *ri = (relay_back_info *)op->o_bd->be_private;
 353         BackendDB               *bd;
 354         int                     rc = 1;
 355
 356         bd = ri->ri_bd;
 357         if ( bd == NULL) {
 358                 bd = select_backend( &op->o_req_ndn, 1 );
 359                 if ( bd == NULL ) {
 360                         return 1;
 361                 }
 362         }
 363
 364         if ( bd->be_release ) {
 365                 BackendDB       *be = op->o_bd;
 366
 367                 op->o_bd = bd;
 368                 rc = bd->be_release( op, e, rw );
 369                 op->o_bd = be;
 370         }
 371
 372         return rc;
 373
 374 }
 375
 376 int
 377 relay_back_entry_get_rw( Operation *op, struct berval *ndn,
 378         ObjectClass *oc, AttributeDescription *at, int rw, Entry **e )
 379 {
 380         relay_back_info         *ri = (relay_back_info *)op->o_bd->be_private;
 381         BackendDB               *bd;
 382         int                     rc = 1;
 383
 384         bd = ri->ri_bd;
 385         if ( bd == NULL) {
 386                 bd = select_backend( &op->o_req_ndn, 1 );
 387                 if ( bd == NULL ) {
 388                         return 1;
 389                 }
 390         }
 391
 392         if ( bd->be_fetch ) {
 393                 BackendDB       *be = op->o_bd;
 394
 395                 op->o_bd = bd;
 396                 rc = bd->be_fetch( op, ndn, oc, at, rw, e );
 397                 op->o_bd = be;
 398         }
 399
 400         return rc;
 401
 402 }
 403
 404 /*
 405  * NOTE: even the existence of this function is questionable: we cannot
 406  * pass the bi_chk_referrals() call thru the rwm overlay because there
 407  * is no way to rewrite the req_dn back; but then relay_back_chk_referrals()
 408  * is passing the target database a DN that likely does not belong to its
 409  * naming context... mmmh.
 410  */
 411 int
 412 relay_back_chk_referrals( Operation *op, SlapReply *rs )
 413 {
 414         BackendDB               *bd;
 415
 416         bd = relay_back_select_backend( op, rs,
 417                 ( LDAP_SUCCESS | RB_ERR_REFERRAL_SEND ) );
 418         /* FIXME: this test only works if there are no overlays, so
 419          * it is nearly useless; if made stricter, no nested back-relays
 420          * can be instantiated... too bad. */
 421         if ( bd == NULL || bd == op->o_bd ) {
 422                 return 0;
 423         }
 424
 425         /* no nested back-relays... */
 426         if ( overlay_is_over( bd ) ) {
 427                 slap_overinfo   *oi = (slap_overinfo *)bd->bd_info->bi_private;
 428
 429                 if ( oi->oi_orig == op->o_bd->bd_info ) {
 430                         return 0;
 431                 }
 432         }
 433
 434         return relay_back_op( op, rs, bd, bd->be_chk_referrals, 0 );
 435 }
 436
 437 int
 438 relay_back_operational( Operation *op, SlapReply *rs )
 439 {
 440         BackendDB               *bd;
 441
 442         bd = relay_back_select_backend( op, rs,
 443                 ( LDAP_SUCCESS | RB_ERR ) );
 444         /* FIXME: this test only works if there are no overlays, so
 445          * it is nearly useless; if made stricter, no nested back-relays
 446          * can be instantiated... too bad. */
 447         if ( bd == NULL || bd == op->o_bd ) {
 448                 return 0;
 449         }
 450
 451         return relay_back_op( op, rs, bd, bd->be_operational, 0 );
 452 }
 453
 454 int
 455 relay_back_has_subordinates( Operation *op, Entry *e, int *hasSubs )
 456 {
 457         SlapReply               rs = { 0 };
 458         BackendDB               *bd;
 459         int                     rc = 1;
 460
 461         bd = relay_back_select_backend( op, &rs,
 462                 ( LDAP_SUCCESS | RB_ERR ) );
 463         /* FIXME: this test only works if there are no overlays, so
 464          * it is nearly useless; if made stricter, no nested back-relays
 465          * can be instantiated... too bad. */
 466         if ( bd == NULL || bd == op->o_bd ) {
 467                 return 0;
 468         }
 469
 470         if ( bd->be_has_subordinates ) {
 471                 BackendDB       *be = op->o_bd;
 472
 473                 op->o_bd = bd;
 474                 rc = bd->be_has_subordinates( op, e, hasSubs );
 475                 op->o_bd = be;
 476         }
 477
 478         return rc;
 479
 480 }
 481
 482 int
 483 relay_back_connection_init( BackendDB *bd, Connection *c )
 484 {
 485         relay_back_info         *ri = (relay_back_info *)bd->be_private;
 486
 487         bd = ri->ri_bd;
 488         if ( bd == NULL ) {
 489                 return 0;
 490         }
 491
 492         if ( bd->be_connection_init ) {
 493                 return bd->be_connection_init( bd, c );
 494         }
 495
 496         return 0;
 497 }
 498
 499 int
 500 relay_back_connection_destroy( BackendDB *bd, Connection *c )
 501 {
 502         relay_back_info         *ri = (relay_back_info *)bd->be_private;
 503
 504         bd = ri->ri_bd;
 505         if ( bd == NULL ) {
 506                 return 0;
 507         }
 508
 509         if ( bd->be_connection_destroy ) {
 510                 return bd->be_connection_destroy( bd, c );
 511         }
 512
 513         return 0;
 514
 515 }
 516
 517 /*
 518  * FIXME: must implement tools as well
 519  */