1 /* op.c - relay backend operations */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2004-2009 The OpenLDAP Foundation.
6 * Portions Copyright 2004 Pierangelo Masarati.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
13 * A copy of this license is available in the file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
18 * This work was initially developed by Pierangelo Masarati for inclusion
19 * in OpenLDAP Software.
27 #include "back-relay.h"
29 /* Flags for handling result codes and failures */
30 #define RB_ERR_MASK (0x0000FFFFU)
31 #define RB_ERR (0x10000000U)
32 #define RB_UNSUPPORTED_FLAG (0x20000000U)
33 #define RB_REFERRAL (0x40000000U)
34 #define RB_SEND (0x80000000U)
35 #define RB_UNSUPPORTED (LDAP_UNWILLING_TO_PERFORM|RB_ERR|RB_UNSUPPORTED_FLAG)
36 #define RB_UNSUPPORTED_SEND (RB_UNSUPPORTED|RB_SEND)
37 #define RB_REFERRAL_SEND (RB_REFERRAL|RB_SEND)
38 #define RB_ERR_SEND (RB_ERR|RB_SEND)
39 #define RB_ERR_REFERRAL_SEND (RB_ERR|RB_REFERRAL|RB_SEND)
42 * Callbacks: Caller set op->o_bd to underlying BackendDB and sc_private
43 * to Relay BackendDB. sc_response swaps them, sc_cleanup swaps them back.
46 relay_back_swap_bd( Operation *op, SlapReply *rs )
48 slap_callback *cb = op->o_callback;
49 BackendDB *be = op->o_bd;
51 op->o_bd = cb->sc_private;
54 return SLAP_CB_CONTINUE;
57 #define relay_back_add_cb( cb, op ) \
59 (cb)->sc_next = (op)->o_callback; \
60 (cb)->sc_response = relay_back_swap_bd; \
61 (cb)->sc_cleanup = relay_back_swap_bd; \
62 (cb)->sc_private = (op)->o_bd; \
63 (op)->o_callback = (cb); \
67 * Select the backend database for the operation. On failure, consult
68 * fail_mode for whether to set/send send a referral or error.
71 relay_back_select_backend( Operation *op, SlapReply *rs, slap_mask_t fail_mode )
73 relay_back_info *ri = (relay_back_info *)op->o_bd->be_private;
74 BackendDB *bd = ri->ri_bd;
75 int rc = ( fail_mode & RB_ERR_MASK );
77 if ( bd == NULL && !BER_BVISNULL( &op->o_req_ndn ) ) {
78 bd = select_backend( &op->o_req_ndn, 1 );
82 if ( bd->be_private != op->o_bd->be_private ) {
86 Debug( LDAP_DEBUG_ANY,
87 "%s: back-relay for DN=\"%s\" would call self.\n",
88 op->o_log_prefix, op->o_req_dn.bv_val, 0 );
90 } else if ( ( fail_mode & RB_REFERRAL_SEND ) == RB_REFERRAL_SEND
91 && !BER_BVISNULL( &op->o_req_ndn )
94 rs->sr_err = LDAP_REFERRAL;
96 /* if we set sr_err to LDAP_REFERRAL,
97 * we must provide one */
98 rs->sr_ref = referral_rewrite(
101 LDAP_SCOPE_DEFAULT );
103 rs->sr_ref = default_referral;
106 send_ldap_result( op, rs );
108 if ( rs->sr_ref != default_referral ) {
109 ber_bvarray_free( rs->sr_ref );
115 if ( fail_mode & RB_ERR ) {
117 if ( fail_mode & RB_SEND ) {
118 send_ldap_result( op, rs );
126 * Call operation handler func(op,rs) with op->o_bd = bd,
127 * or if func==0 set/send results depending on fail_mode.
135 slap_mask_t fail_mode )
137 int rc = ( fail_mode & RB_ERR_MASK );
140 BackendDB *be = op->o_bd;
143 relay_back_add_cb( &cb, op );
149 if ( op->o_callback == &cb ) {
150 op->o_callback = op->o_callback->sc_next;
153 } else if ( fail_mode & RB_ERR ) {
155 if ( fail_mode & RB_UNSUPPORTED_FLAG ) {
156 rs->sr_text = "operation not supported within naming context";
159 if ( fail_mode & RB_SEND ) {
160 send_ldap_result( op, rs );
168 relay_back_op_bind( Operation *op, SlapReply *rs )
172 /* allow rootdn as a means to auth without the need to actually
173 * contact the proxied DSA */
174 switch ( be_rootdn_bind( op, rs ) ) {
175 case SLAP_CB_CONTINUE:
182 bd = relay_back_select_backend( op, rs,
183 ( LDAP_INVALID_CREDENTIALS | RB_ERR_SEND ) );
188 return relay_back_op( op, rs, bd, bd->be_bind,
189 ( LDAP_INVALID_CREDENTIALS | RB_ERR_SEND ) );
192 #if 0 /* Should not exist - see ITS#6133 */
194 relay_back_op_unbind( Operation *op, SlapReply *rs )
198 bd = relay_back_select_backend( op, rs, 0 );
200 (void)relay_back_op( op, rs, bd, bd->be_unbind, 0 );
208 relay_back_op_search( Operation *op, SlapReply *rs )
212 bd = relay_back_select_backend( op, rs,
213 ( LDAP_NO_SUCH_OBJECT | RB_ERR_REFERRAL_SEND ) );
218 return relay_back_op( op, rs, bd, bd->be_search,
219 RB_UNSUPPORTED_SEND );
223 relay_back_op_compare( Operation *op, SlapReply *rs )
227 bd = relay_back_select_backend( op, rs,
228 ( LDAP_NO_SUCH_OBJECT | RB_ERR_REFERRAL_SEND ) );
233 return relay_back_op( op, rs, bd, bd->be_compare,
234 ( SLAP_CB_CONTINUE | RB_ERR ) );
238 relay_back_op_modify( Operation *op, SlapReply *rs )
242 bd = relay_back_select_backend( op, rs,
243 ( LDAP_NO_SUCH_OBJECT | RB_ERR_REFERRAL_SEND ) );
248 return relay_back_op( op, rs, bd, bd->be_modify,
249 RB_UNSUPPORTED_SEND );
253 relay_back_op_modrdn( Operation *op, SlapReply *rs )
257 bd = relay_back_select_backend( op, rs,
258 ( LDAP_NO_SUCH_OBJECT | RB_ERR_REFERRAL_SEND ) );
263 return relay_back_op( op, rs, bd, bd->be_modrdn,
264 RB_UNSUPPORTED_SEND );
268 relay_back_op_add( Operation *op, SlapReply *rs )
272 bd = relay_back_select_backend( op, rs,
273 ( LDAP_NO_SUCH_OBJECT | RB_ERR_REFERRAL_SEND ) );
278 return relay_back_op( op, rs, bd, bd->be_add,
279 RB_UNSUPPORTED_SEND );
283 relay_back_op_delete( Operation *op, SlapReply *rs )
287 bd = relay_back_select_backend( op, rs,
288 ( LDAP_NO_SUCH_OBJECT | RB_ERR_REFERRAL_SEND ) );
293 return relay_back_op( op, rs, bd, bd->be_delete,
294 RB_UNSUPPORTED_SEND );
297 #if 0 /* Should not exist - see ITS#6133 */
299 relay_back_op_abandon( Operation *op, SlapReply *rs )
303 bd = relay_back_select_backend( op, rs, 0 );
308 return relay_back_op( op, rs, bd, bd->be_abandon, 0 );
312 relay_back_op_cancel( Operation *op, SlapReply *rs )
317 bd = relay_back_select_backend( op, rs,
318 ( LDAP_CANNOT_CANCEL | RB_ERR ) );
320 if ( op->o_cancel == SLAP_CANCEL_REQ ) {
321 op->o_cancel = LDAP_CANNOT_CANCEL;
326 rc = relay_back_op( op, rs, bd, bd->be_cancel,
327 ( LDAP_CANNOT_CANCEL | RB_ERR ) );
328 if ( rc == LDAP_CANNOT_CANCEL && op->o_cancel == SLAP_CANCEL_REQ )
330 op->o_cancel = LDAP_CANNOT_CANCEL;
338 relay_back_op_extended( Operation *op, SlapReply *rs )
342 bd = relay_back_select_backend( op, rs,
343 ( LDAP_NO_SUCH_OBJECT | RB_ERR | RB_REFERRAL ) );
348 return relay_back_op( op, rs, bd, bd->be_extended,
353 relay_back_entry_release_rw( Operation *op, Entry *e, int rw )
355 relay_back_info *ri = (relay_back_info *)op->o_bd->be_private;
361 bd = select_backend( &op->o_req_ndn, 1 );
367 if ( bd->be_release ) {
368 BackendDB *be = op->o_bd;
371 rc = bd->be_release( op, e, rw );
379 relay_back_entry_get_rw( Operation *op, struct berval *ndn,
380 ObjectClass *oc, AttributeDescription *at, int rw, Entry **e )
382 relay_back_info *ri = (relay_back_info *)op->o_bd->be_private;
388 bd = select_backend( &op->o_req_ndn, 1 );
394 if ( bd->be_fetch ) {
395 BackendDB *be = op->o_bd;
398 rc = bd->be_fetch( op, ndn, oc, at, rw, e );
407 * NOTE: even the existence of this function is questionable: we cannot
408 * pass the bi_chk_referrals() call thru the rwm overlay because there
409 * is no way to rewrite the req_dn back; but then relay_back_chk_referrals()
410 * is passing the target database a DN that likely does not belong to its
411 * naming context... mmmh.
414 relay_back_chk_referrals( Operation *op, SlapReply *rs )
418 /* FIXME: Can send success on failure. Should send referral or nothing. */
419 bd = relay_back_select_backend( op, rs,
420 ( LDAP_SUCCESS | RB_ERR_REFERRAL_SEND ) );
421 /* FIXME: this test only works if there are no overlays, so
422 * it is nearly useless; if made stricter, no nested back-relays
423 * can be instantiated... too bad. */
424 if ( bd == NULL || bd == op->o_bd ) {
428 /* no nested back-relays... */
429 if ( overlay_is_over( bd ) ) {
430 slap_overinfo *oi = (slap_overinfo *)bd->bd_info->bi_private;
432 if ( oi->oi_orig == op->o_bd->bd_info ) {
437 return relay_back_op( op, rs, bd, bd->be_chk_referrals, LDAP_SUCCESS );
442 relay_back_operational( Operation *op, SlapReply *rs )
446 bd = relay_back_select_backend( op, rs, LDAP_SUCCESS );
447 /* FIXME: this test only works if there are no overlays, so
448 * it is nearly useless; if made stricter, no nested back-relays
449 * can be instantiated... too bad. */
450 if ( bd == NULL || bd == op->o_bd ) {
454 return relay_back_op( op, rs, bd, bd->be_operational, LDAP_SUCCESS );
458 relay_back_has_subordinates( Operation *op, Entry *e, int *hasSubs )
463 bd = relay_back_select_backend( op, NULL, 0 );
464 /* FIXME: this test only works if there are no overlays, so
465 * it is nearly useless; if made stricter, no nested back-relays
466 * can be instantiated... too bad. */
467 if ( bd == NULL || bd == op->o_bd ) {
471 if ( bd->be_has_subordinates ) {
472 BackendDB *be = op->o_bd;
475 rc = bd->be_has_subordinates( op, e, hasSubs );
482 #if 0 /* Should not exist - see ITS#6133 */
484 relay_back_connection_init( BackendDB *bd, Connection *c )
486 relay_back_info *ri = (relay_back_info *)bd->be_private;
493 if ( bd->be_connection_init ) {
494 return bd->be_connection_init( bd, c );
501 relay_back_connection_destroy( BackendDB *bd, Connection *c )
503 relay_back_info *ri = (relay_back_info *)bd->be_private;
510 if ( bd->be_connection_destroy ) {
511 return bd->be_connection_destroy( bd, c );
520 * Handlers that slapd calls for all databases are not set, as slapd
521 * would then call them twice for the underlying database: Abandon,
522 * Cancel, Unbind and non-Operation handlers like be_connection_init.
526 * FIXME: must implement tools as well