1 /* op.c - relay backend operations */
2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 * Copyright 2004-2008 The OpenLDAP Foundation.
5 * Portions Copyright 2004 Pierangelo Masarati.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
17 * This work was initially developed by Pierangelo Masarati for inclusion
18 * in OpenLDAP Software.
26 #include "back-relay.h"
28 #define RB_ERR_MASK (0x00FFU)
29 #define RB_ERR (0x1000U)
30 #define RB_UNWILLING (0x2000U)
31 #define RB_REFERRAL (0x4000U)
32 #define RB_SEND (0x8000U)
33 #define RB_UNWILLING_SEND (RB_UNWILLING|RB_SEND)
34 #define RB_REFERRAL_SEND (RB_REFERRAL|RB_SEND)
37 relay_back_swap_bd( Operation *op, SlapReply *rs )
39 slap_callback *cb = op->o_callback;
40 BackendDB *be = op->o_bd;
42 op->o_bd = cb->sc_private;
45 return SLAP_CB_CONTINUE;
48 #define relay_back_add_cb( cb, op ) \
50 (cb)->sc_next = (op)->o_callback; \
51 (cb)->sc_response = relay_back_swap_bd; \
52 (cb)->sc_cleanup = relay_back_swap_bd; \
53 (cb)->sc_private = (op)->o_bd; \
54 (op)->o_callback = (cb); \
58 * selects the backend if not enforced at config;
59 * in case of failure, behaves based on err:
60 * -1 don't send result
61 * LDAP_SUCCESS don't send result; may send referral if dosend
62 * any valid error send as error result if dosend
65 relay_back_select_backend( Operation *op, SlapReply *rs, slap_mask_t fail_mode )
67 relay_back_info *ri = (relay_back_info *)op->o_bd->be_private;
68 BackendDB *bd = ri->ri_bd;
69 int rc = ( fail_mode & RB_ERR_MASK );
71 if ( bd == NULL && !BER_BVISNULL( &op->o_req_ndn ) ) {
72 bd = select_backend( &op->o_req_ndn, 1 );
73 if ( bd == op->o_bd ) {
74 Debug( LDAP_DEBUG_ANY,
75 "%s: back-relay for DN=\"%s\" would call self.\n",
76 op->o_log_prefix, op->o_req_dn.bv_val, 0 );
77 if ( fail_mode & RB_UNWILLING ) {
78 rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
80 } else if ( fail_mode & RB_ERR ) {
84 if ( fail_mode & RB_SEND ) {
85 send_ldap_result( op, rs );
92 if ( bd == NULL && fail_mode & RB_REFERRAL ) {
93 if ( default_referral ) {
94 rs->sr_err = LDAP_REFERRAL;
95 if ( fail_mode & RB_SEND ) {
96 rs->sr_ref = referral_rewrite(
101 rs->sr_ref = default_referral;
104 send_ldap_result( op, rs );
106 if ( rs->sr_ref != default_referral ) {
107 ber_bvarray_free( rs->sr_ref );
112 /* NOTE: err is LDAP_INVALID_CREDENTIALS for bind,
113 * LDAP_NO_SUCH_OBJECT for other operations.
114 * noSuchObject cannot be returned by bind */
116 if ( fail_mode & RB_SEND ) {
117 send_ldap_result( op, rs );
131 slap_mask_t fail_mode )
133 int rc = ( fail_mode & RB_ERR_MASK );
136 BackendDB *be = op->o_bd;
139 relay_back_add_cb( &cb, op );
145 if ( op->o_callback == &cb ) {
146 op->o_callback = op->o_callback->sc_next;
150 if ( fail_mode & RB_ERR ) {
153 } else if ( fail_mode & RB_UNWILLING ) {
154 rc = rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
155 rs->sr_text = "operation not supported within naming context";
158 if ( fail_mode & RB_SEND ) {
159 send_ldap_result( op, rs );
167 relay_back_op_bind( Operation *op, SlapReply *rs )
171 /* allow rootdn as a means to auth without the need to actually
172 * contact the proxied DSA */
173 switch ( be_rootdn_bind( op, rs ) ) {
174 case SLAP_CB_CONTINUE:
181 bd = relay_back_select_backend( op, rs,
182 ( LDAP_INVALID_CREDENTIALS | RB_ERR | RB_SEND ) );
187 return relay_back_op( op, rs, bd, bd->be_bind,
188 ( LDAP_INVALID_CREDENTIALS | RB_ERR | RB_SEND ) );
192 relay_back_op_unbind( Operation *op, SlapReply *rs )
196 bd = relay_back_select_backend( op, rs, 0 );
198 (void)relay_back_op( op, rs, bd, bd->be_unbind, 0 );
205 relay_back_op_search( Operation *op, SlapReply *rs )
209 bd = relay_back_select_backend( op, rs,
210 ( LDAP_NO_SUCH_OBJECT | RB_ERR | RB_SEND ) );
215 return relay_back_op( op, rs, bd, bd->be_search,
220 relay_back_op_compare( Operation *op, SlapReply *rs )
224 bd = relay_back_select_backend( op, rs,
225 ( LDAP_NO_SUCH_OBJECT | RB_ERR | RB_SEND ) );
230 return relay_back_op( op, rs, bd, bd->be_compare,
235 relay_back_op_modify( Operation *op, SlapReply *rs )
239 bd = relay_back_select_backend( op, rs,
240 ( LDAP_NO_SUCH_OBJECT | RB_ERR | RB_SEND ) );
245 return relay_back_op( op, rs, bd, bd->be_modify,
250 relay_back_op_modrdn( Operation *op, SlapReply *rs )
254 bd = relay_back_select_backend( op, rs,
255 ( LDAP_NO_SUCH_OBJECT | RB_ERR | RB_SEND ) );
260 return relay_back_op( op, rs, bd, bd->be_modrdn,
265 relay_back_op_add( Operation *op, SlapReply *rs )
269 bd = relay_back_select_backend( op, rs,
270 ( LDAP_NO_SUCH_OBJECT | RB_ERR | RB_SEND ) );
275 return relay_back_op( op, rs, bd, bd->be_add,
280 relay_back_op_delete( Operation *op, SlapReply *rs )
284 bd = relay_back_select_backend( op, rs,
285 ( LDAP_NO_SUCH_OBJECT | RB_ERR | RB_SEND ) );
290 return relay_back_op( op, rs, bd, bd->be_delete,
295 relay_back_op_abandon( Operation *op, SlapReply *rs )
299 bd = relay_back_select_backend( op, rs, 0 );
304 return relay_back_op( op, rs, bd, bd->be_abandon, 0 );
308 relay_back_op_cancel( Operation *op, SlapReply *rs )
313 bd = relay_back_select_backend( op, rs,
314 ( LDAP_CANNOT_CANCEL | RB_ERR ) );
316 if ( op->o_cancel == SLAP_CANCEL_REQ ) {
317 op->o_cancel = LDAP_CANNOT_CANCEL;
322 rc = relay_back_op( op, rs, bd, bd->be_cancel,
323 ( LDAP_CANNOT_CANCEL | RB_ERR ) );
324 if ( rc == LDAP_CANNOT_CANCEL && op->o_cancel == SLAP_CANCEL_REQ )
326 op->o_cancel = LDAP_CANNOT_CANCEL;
333 relay_back_op_extended( Operation *op, SlapReply *rs )
337 bd = relay_back_select_backend( op, rs,
338 ( LDAP_NO_SUCH_OBJECT | RB_ERR ) );
343 return relay_back_op( op, rs, bd, bd->be_extended,
348 relay_back_entry_release_rw( Operation *op, Entry *e, int rw )
350 relay_back_info *ri = (relay_back_info *)op->o_bd->be_private;
356 bd = select_backend( &op->o_req_ndn, 1 );
362 if ( bd->be_release ) {
363 BackendDB *be = op->o_bd;
366 rc = bd->be_release( op, e, rw );
375 relay_back_entry_get_rw( Operation *op, struct berval *ndn,
376 ObjectClass *oc, AttributeDescription *at, int rw, Entry **e )
378 relay_back_info *ri = (relay_back_info *)op->o_bd->be_private;
384 bd = select_backend( &op->o_req_ndn, 1 );
390 if ( bd->be_fetch ) {
391 BackendDB *be = op->o_bd;
394 rc = bd->be_fetch( op, ndn, oc, at, rw, e );
403 * NOTE: even the existence of this function is questionable: we cannot
404 * pass the bi_chk_referrals() call thru the rwm overlay because there
405 * is no way to rewrite the req_dn back; but then relay_back_chk_referrals()
406 * is passing the target database a DN that likely does not belong to its
407 * naming context... mmmh.
410 relay_back_chk_referrals( Operation *op, SlapReply *rs )
414 bd = relay_back_select_backend( op, rs,
415 ( LDAP_SUCCESS | RB_ERR | RB_SEND ) );
416 /* FIXME: this test only works if there are no overlays, so
417 * it is nearly useless; if made stricter, no nested back-relays
418 * can be instantiated... too bad. */
419 if ( bd == NULL || bd == op->o_bd ) {
423 /* no nested back-relays... */
424 if ( overlay_is_over( bd ) ) {
425 slap_overinfo *oi = (slap_overinfo *)bd->bd_info->bi_private;
427 if ( oi->oi_orig == op->o_bd->bd_info ) {
432 return relay_back_op( op, rs, bd, bd->be_chk_referrals, 0 );
436 relay_back_operational( Operation *op, SlapReply *rs )
440 bd = relay_back_select_backend( op, rs,
441 ( LDAP_SUCCESS | RB_ERR ) );
442 /* FIXME: this test only works if there are no overlays, so
443 * it is nearly useless; if made stricter, no nested back-relays
444 * can be instantiated... too bad. */
445 if ( bd == NULL || bd == op->o_bd ) {
449 return relay_back_op( op, rs, bd, bd->be_operational, 0 );
453 relay_back_has_subordinates( Operation *op, Entry *e, int *hasSubs )
455 SlapReply rs = { 0 };
459 bd = relay_back_select_backend( op, &rs,
460 ( LDAP_SUCCESS | RB_ERR ) );
461 /* FIXME: this test only works if there are no overlays, so
462 * it is nearly useless; if made stricter, no nested back-relays
463 * can be instantiated... too bad. */
464 if ( bd == NULL || bd == op->o_bd ) {
468 if ( bd->be_has_subordinates ) {
469 BackendDB *be = op->o_bd;
472 rc = bd->be_has_subordinates( op, e, hasSubs );
481 relay_back_connection_init( BackendDB *bd, Connection *c )
483 relay_back_info *ri = (relay_back_info *)bd->be_private;
490 if ( bd->be_connection_init ) {
491 return bd->be_connection_init( bd, c );
498 relay_back_connection_destroy( BackendDB *bd, Connection *c )
500 relay_back_info *ri = (relay_back_info *)bd->be_private;
507 if ( bd->be_connection_destroy ) {
508 return bd->be_connection_destroy( bd, c );
516 * FIXME: must implement tools as well