1 /* op.c - relay backend operations */
2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 * Copyright 2004-2008 The OpenLDAP Foundation.
5 * Portions Copyright 2004 Pierangelo Masarati.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
17 * This work was initially developed by Pierangelo Masarati for inclusion
18 * in OpenLDAP Software.
26 #include "back-relay.h"
28 #define RB_ERR_MASK (0x00FFU)
29 #define RB_ERR (0x1000U)
30 #define RB_UNSUPPORTED_FLAG (0x2000U)
31 #define RB_REFERRAL (0x4000U)
32 #define RB_SEND (0x8000U)
33 #define RB_UNSUPPORTED (LDAP_UNWILLING_TO_PERFORM|RB_ERR|RB_UNSUPPORTED_FLAG)
34 #define RB_UNSUPPORTED_SEND (RB_UNSUPPORTED|RB_SEND)
35 #define RB_REFERRAL_SEND (RB_REFERRAL|RB_SEND)
36 #define RB_ERR_SEND (RB_ERR|RB_SEND)
39 relay_back_swap_bd( Operation *op, SlapReply *rs )
41 slap_callback *cb = op->o_callback;
42 BackendDB *be = op->o_bd;
44 op->o_bd = cb->sc_private;
47 return SLAP_CB_CONTINUE;
50 #define relay_back_add_cb( cb, op ) \
52 (cb)->sc_next = (op)->o_callback; \
53 (cb)->sc_response = relay_back_swap_bd; \
54 (cb)->sc_cleanup = relay_back_swap_bd; \
55 (cb)->sc_private = (op)->o_bd; \
56 (op)->o_callback = (cb); \
60 * selects the backend if not enforced at config;
61 * in case of failure, behaves based on err:
62 * -1 don't send result
63 * LDAP_SUCCESS don't send result; may send referral if dosend
64 * any valid error send as error result if dosend
67 relay_back_select_backend( Operation *op, SlapReply *rs, slap_mask_t fail_mode )
69 relay_back_info *ri = (relay_back_info *)op->o_bd->be_private;
70 BackendDB *bd = ri->ri_bd;
71 int rc = ( fail_mode & RB_ERR_MASK );
73 if ( bd == NULL && !BER_BVISNULL( &op->o_req_ndn ) ) {
74 bd = select_backend( &op->o_req_ndn, 1 );
75 if ( bd == op->o_bd ) {
76 Debug( LDAP_DEBUG_ANY,
77 "%s: back-relay for DN=\"%s\" would call self.\n",
78 op->o_log_prefix, op->o_req_dn.bv_val, 0 );
79 if ( fail_mode & RB_ERR ) {
81 if ( fail_mode & RB_SEND ) {
82 send_ldap_result( op, rs );
90 if ( bd == NULL && fail_mode & RB_REFERRAL ) {
91 if ( default_referral ) {
92 rs->sr_err = LDAP_REFERRAL;
93 if ( fail_mode & RB_SEND ) {
94 rs->sr_ref = referral_rewrite(
99 rs->sr_ref = default_referral;
102 send_ldap_result( op, rs );
104 if ( rs->sr_ref != default_referral ) {
105 ber_bvarray_free( rs->sr_ref );
110 /* NOTE: err is LDAP_INVALID_CREDENTIALS for bind,
111 * LDAP_NO_SUCH_OBJECT for other operations.
112 * noSuchObject cannot be returned by bind */
114 if ( fail_mode & RB_SEND ) {
115 send_ldap_result( op, rs );
129 slap_mask_t fail_mode )
131 int rc = ( fail_mode & RB_ERR_MASK );
134 BackendDB *be = op->o_bd;
137 relay_back_add_cb( &cb, op );
143 if ( op->o_callback == &cb ) {
144 op->o_callback = op->o_callback->sc_next;
147 } else if ( fail_mode & RB_ERR ) {
149 if ( fail_mode & RB_UNSUPPORTED_FLAG ) {
150 rs->sr_text = "operation not supported within naming context";
153 if ( fail_mode & RB_SEND ) {
154 send_ldap_result( op, rs );
162 relay_back_op_bind( Operation *op, SlapReply *rs )
166 /* allow rootdn as a means to auth without the need to actually
167 * contact the proxied DSA */
168 switch ( be_rootdn_bind( op, rs ) ) {
169 case SLAP_CB_CONTINUE:
176 bd = relay_back_select_backend( op, rs,
177 ( LDAP_INVALID_CREDENTIALS | RB_ERR_SEND ) );
182 return relay_back_op( op, rs, bd, bd->be_bind,
183 ( LDAP_INVALID_CREDENTIALS | RB_ERR_SEND ) );
187 relay_back_op_unbind( Operation *op, SlapReply *rs )
191 bd = relay_back_select_backend( op, rs, 0 );
193 (void)relay_back_op( op, rs, bd, bd->be_unbind, 0 );
200 relay_back_op_search( Operation *op, SlapReply *rs )
204 bd = relay_back_select_backend( op, rs,
205 ( LDAP_NO_SUCH_OBJECT | RB_ERR_SEND ) );
210 return relay_back_op( op, rs, bd, bd->be_search,
211 RB_UNSUPPORTED_SEND );
215 relay_back_op_compare( Operation *op, SlapReply *rs )
219 bd = relay_back_select_backend( op, rs,
220 ( LDAP_NO_SUCH_OBJECT | RB_ERR_SEND ) );
225 return relay_back_op( op, rs, bd, bd->be_compare,
226 RB_UNSUPPORTED_SEND );
230 relay_back_op_modify( Operation *op, SlapReply *rs )
234 bd = relay_back_select_backend( op, rs,
235 ( LDAP_NO_SUCH_OBJECT | RB_ERR_SEND ) );
240 return relay_back_op( op, rs, bd, bd->be_modify,
241 RB_UNSUPPORTED_SEND );
245 relay_back_op_modrdn( Operation *op, SlapReply *rs )
249 bd = relay_back_select_backend( op, rs,
250 ( LDAP_NO_SUCH_OBJECT | RB_ERR_SEND ) );
255 return relay_back_op( op, rs, bd, bd->be_modrdn,
256 RB_UNSUPPORTED_SEND );
260 relay_back_op_add( Operation *op, SlapReply *rs )
264 bd = relay_back_select_backend( op, rs,
265 ( LDAP_NO_SUCH_OBJECT | RB_ERR_SEND ) );
270 return relay_back_op( op, rs, bd, bd->be_add,
271 RB_UNSUPPORTED_SEND );
275 relay_back_op_delete( Operation *op, SlapReply *rs )
279 bd = relay_back_select_backend( op, rs,
280 ( LDAP_NO_SUCH_OBJECT | RB_ERR_SEND ) );
285 return relay_back_op( op, rs, bd, bd->be_delete,
286 RB_UNSUPPORTED_SEND );
290 relay_back_op_abandon( Operation *op, SlapReply *rs )
294 bd = relay_back_select_backend( op, rs, 0 );
299 return relay_back_op( op, rs, bd, bd->be_abandon, 0 );
303 relay_back_op_cancel( Operation *op, SlapReply *rs )
308 bd = relay_back_select_backend( op, rs,
309 ( LDAP_CANNOT_CANCEL | RB_ERR ) );
311 if ( op->o_cancel == SLAP_CANCEL_REQ ) {
312 op->o_cancel = LDAP_CANNOT_CANCEL;
317 rc = relay_back_op( op, rs, bd, bd->be_cancel,
318 ( LDAP_CANNOT_CANCEL | RB_ERR ) );
319 if ( rc == LDAP_CANNOT_CANCEL && op->o_cancel == SLAP_CANCEL_REQ )
321 op->o_cancel = LDAP_CANNOT_CANCEL;
328 relay_back_op_extended( Operation *op, SlapReply *rs )
332 bd = relay_back_select_backend( op, rs,
333 ( LDAP_NO_SUCH_OBJECT | RB_ERR ) );
338 return relay_back_op( op, rs, bd, bd->be_extended,
343 relay_back_entry_release_rw( Operation *op, Entry *e, int rw )
345 relay_back_info *ri = (relay_back_info *)op->o_bd->be_private;
351 bd = select_backend( &op->o_req_ndn, 1 );
357 if ( bd->be_release ) {
358 BackendDB *be = op->o_bd;
361 rc = bd->be_release( op, e, rw );
370 relay_back_entry_get_rw( Operation *op, struct berval *ndn,
371 ObjectClass *oc, AttributeDescription *at, int rw, Entry **e )
373 relay_back_info *ri = (relay_back_info *)op->o_bd->be_private;
379 bd = select_backend( &op->o_req_ndn, 1 );
385 if ( bd->be_fetch ) {
386 BackendDB *be = op->o_bd;
389 rc = bd->be_fetch( op, ndn, oc, at, rw, e );
398 * NOTE: even the existence of this function is questionable: we cannot
399 * pass the bi_chk_referrals() call thru the rwm overlay because there
400 * is no way to rewrite the req_dn back; but then relay_back_chk_referrals()
401 * is passing the target database a DN that likely does not belong to its
402 * naming context... mmmh.
405 relay_back_chk_referrals( Operation *op, SlapReply *rs )
409 bd = relay_back_select_backend( op, rs,
410 ( LDAP_SUCCESS | RB_ERR_SEND ) );
411 /* FIXME: this test only works if there are no overlays, so
412 * it is nearly useless; if made stricter, no nested back-relays
413 * can be instantiated... too bad. */
414 if ( bd == NULL || bd == op->o_bd ) {
418 /* no nested back-relays... */
419 if ( overlay_is_over( bd ) ) {
420 slap_overinfo *oi = (slap_overinfo *)bd->bd_info->bi_private;
422 if ( oi->oi_orig == op->o_bd->bd_info ) {
427 return relay_back_op( op, rs, bd, bd->be_chk_referrals, 0 );
431 relay_back_operational( Operation *op, SlapReply *rs )
435 bd = relay_back_select_backend( op, rs,
436 ( LDAP_SUCCESS | RB_ERR ) );
437 /* FIXME: this test only works if there are no overlays, so
438 * it is nearly useless; if made stricter, no nested back-relays
439 * can be instantiated... too bad. */
440 if ( bd == NULL || bd == op->o_bd ) {
444 return relay_back_op( op, rs, bd, bd->be_operational, 0 );
448 relay_back_has_subordinates( Operation *op, Entry *e, int *hasSubs )
450 SlapReply rs = { 0 };
454 bd = relay_back_select_backend( op, &rs,
455 ( LDAP_SUCCESS | RB_ERR ) );
456 /* FIXME: this test only works if there are no overlays, so
457 * it is nearly useless; if made stricter, no nested back-relays
458 * can be instantiated... too bad. */
459 if ( bd == NULL || bd == op->o_bd ) {
463 if ( bd->be_has_subordinates ) {
464 BackendDB *be = op->o_bd;
467 rc = bd->be_has_subordinates( op, e, hasSubs );
476 relay_back_connection_init( BackendDB *bd, Connection *c )
478 relay_back_info *ri = (relay_back_info *)bd->be_private;
485 if ( bd->be_connection_init ) {
486 return bd->be_connection_init( bd, c );
493 relay_back_connection_destroy( BackendDB *bd, Connection *c )
495 relay_back_info *ri = (relay_back_info *)bd->be_private;
502 if ( bd->be_connection_destroy ) {
503 return bd->be_connection_destroy( bd, c );
511 * FIXME: must implement tools as well